From 05f46ea225acc65a2e8b8701d2c78a0ecf613bae Mon Sep 17 00:00:00 2001 From: John Tobin Date: Tue, 14 Mar 2017 16:22:50 -0700 Subject: [PATCH 01/62] new files --- windows/keep-secure/TOC.md | 7 + .../credential-guard-considerations.md | 47 + .../credential-guard-how-it-works.md | 31 + .../keep-secure/credential-guard-manage.md | 188 ++++ ...redential-guard-not-protected-scenarios.md | 153 +++ .../credential-guard-requirements.md | 111 +++ .../keep-secure/credential-guard-scripts.md | 488 +++++++++ windows/keep-secure/credential-guard.md | 926 +----------------- .../credential-manager-known-issues.md | 17 + 9 files changed, 1046 insertions(+), 922 deletions(-) create mode 100644 windows/keep-secure/credential-guard-considerations.md create mode 100644 windows/keep-secure/credential-guard-how-it-works.md create mode 100644 windows/keep-secure/credential-guard-manage.md create mode 100644 windows/keep-secure/credential-guard-not-protected-scenarios.md create mode 100644 windows/keep-secure/credential-guard-requirements.md create mode 100644 windows/keep-secure/credential-guard-scripts.md create mode 100644 windows/keep-secure/credential-manager-known-issues.md diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 82fea36b85..1f51ea87b8 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -23,6 +23,13 @@ #### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md) ### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md) ## [Protect derived domain credentials with Credential Guard](credential-guard.md) +### [How it works](credential-guard-how-it-works.md) +### [Requirements](credential-guard-requirements.md) +### [Manage](credential-guard-manage.md) +### [Considerations](credential-guard-considerations.md) +### [Scenarios not protected by Credential Guard](credential-guard-not-protected-scenarios.md) +### [Known issues](credential-manager-known-issues.md) +### [Scripts](credential-guard-scripts.md) ## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) ## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) ### [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md) diff --git a/windows/keep-secure/credential-guard-considerations.md b/windows/keep-secure/credential-guard-considerations.md new file mode 100644 index 0000000000..a0a3b104fb --- /dev/null +++ b/windows/keep-secure/credential-guard-considerations.md @@ -0,0 +1,47 @@ +--- +title: Considerations when using Credential Guard (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Considerations when using Credential Guard + +**Applies to** +- Windows 10 +- Windows Server 2016 + +- If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. +- You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: + - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. + - **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0 + - The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run. + - The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. + - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. + - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] + - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] + You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. +- Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. +- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. +- As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malware from taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. + +- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager: + - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". + - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. + - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. + - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. For further information, see: + [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + +## NTLM & CHAP Considerations + +When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. + +## Kerberos Considerations + +When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-how-it-works.md b/windows/keep-secure/credential-guard-how-it-works.md new file mode 100644 index 0000000000..b1e48f5ef8 --- /dev/null +++ b/windows/keep-secure/credential-guard-how-it-works.md @@ -0,0 +1,31 @@ +--- +title: How Credential Guard works +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# How Credential Guard works + +**Applies to** +- Windows 10 +- Windows Server 2016 + +Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. + +For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. + +When Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault which are not protected by Credential Guard with any of these protocols. It is strongly recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. + +When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. + +Here's a high-level overview on how the LSA is isolated by using virtualization-based security: + +![Credential Guard overview](images/credguard.png) + +For further information, see [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) diff --git a/windows/keep-secure/credential-guard-manage.md b/windows/keep-secure/credential-guard-manage.md new file mode 100644 index 0000000000..7f913589d7 --- /dev/null +++ b/windows/keep-secure/credential-guard-manage.md @@ -0,0 +1,188 @@ +--- +title: Manage Credential Guard (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Manage Credential Guard + +**Applies to** +- Windows 10 +- Windows Server 2016 + +## Enable Credential Guard +Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). + +### Enable Credential Guard by using Group Policy + +You can use Group Policy to enable Credential Guard. This will add and enable the virtualization-based security features for you if needed. + +1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**. +2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. +3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. +4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Credential Guard remotely, choose **Enabled without lock**. + + ![Credential Guard Group Policy setting](images/credguard-gp.png) + +5. Close the Group Policy Management Console. + +To enforce processing of the group policy, you can run ```gpupdate /force```. + +For further information, see: [Deploying Credential Guard] (https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + +### Enable Credential Guard by using the registry + +If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems. + +### Add the virtualization-based security features + +Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped. + +If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. +You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). +> [!NOTE] +> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. + +  +**Add the virtualization-based security features by using Programs and Features** + +1. Open the Programs and Features control panel. +2. Click **Turn Windows feature on or off**. +3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. +4. Select the **Isolated User Mode** check box at the top level of the feature selection. +5. Click **OK**. + +**Add the virtualization-based security features to an offline image by using DISM** + +1. Open an elevated command prompt. +2. Add the Hyper-V Hypervisor by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all + ``` +3. Add the Isolated User Mode feature by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:IsolatedUserMode + ``` + +> [!NOTE] +> You can also add these features to an online image by using either DISM or Configuration Manager. + +### Enable virtualization-based security and Credential Guard + +1. Open Registry Editor. +2. Enable virtualization-based security: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. + - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. + - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. +3. Enable Credential Guard: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. + - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. +4. Close Registry Editor. + + +> [!NOTE] +> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. + + +### Enable Credential Guard by using the Device Guard and Credential Guard hardware readiness tool + +You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot +``` + +### Credential Guard deployment in virtual machines + +Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. + +Credential Guard protects secrets from non-privileged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: + +``` PowerShell +Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true +``` + +Requirements for running Credential Guard in Hyper-V virtual machines +- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. +- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. + +For further information, see: [Deploying Credential Guard] (https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + +### Remove Credential Guard + +If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). + +1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). +2. Delete the following registry settings: + - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures + + > [!IMPORTANT] + > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. + +3. Delete the Credential Guard EFI variables by using bcdedit. + +**Delete the Credential Guard EFI variables** + +1. From an elevated command prompt, type the following commands: + ``` syntax + + mountvol X: /s + + copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y + + bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" + + bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: + + mountvol X: /d + + ``` +2. Restart the PC. +3. Accept the prompt to disable Credential Guard. +4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. + +> [!NOTE] +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + +For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). + + +#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool + +You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot +``` +  +### Check that Credential Guard is running + +You can use System Information to ensure that Credential Guard is running on a PC. + +1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. +2. Click **System Summary**. +3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. + + Here's an example: + + ![System Information](images/credguard-msinfo32.png) + +You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Ready +``` \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md new file mode 100644 index 0000000000..70848bcecc --- /dev/null +++ b/windows/keep-secure/credential-guard-not-protected-scenarios.md @@ -0,0 +1,153 @@ +--- +title: Scenarios not protected by Credential Guard (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Scenarios not protected by Credential Guard + +**Applies to** +- Windows 10 +- Windows Server 2016 + +Some ways to store credentials are not protected by Credential Guard, including: + +- Software that manages credentials outside of Windows feature protection +- Local accounts and Microsoft Accounts +- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise. +- Key loggers +- Physical attacks +- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization. +- Third-party security packages +- Digest and CredSSP credentials + - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. +- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. + +For further information, see: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) + +## Additional mitigations + +Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. + +### Restricting domain users to specific domain-joined devices + +Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign in to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign in using devices that have Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. + +### Kerberos armoring + +Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. + +**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** + +- Users need to be in domains that are running Windows Server 2012 R2 or higher +- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. +- All the devices with Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. + +### Protecting domain-joined device secrets + +Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign in as the user. + +Domain-joined device certificate authentication has the following requirements: +- Devices' accounts are in Windows Server 2012 domain functional level or higher domains. +- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: + - KDC EKU present + - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension +- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. +- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. + +#### Deploying domain-joined device certificates + +To guarantee that certificates with the required issuance policy are only installed on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. + +For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. + +**Creating a new certificate template** + +1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** +2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. +3. Right-click the new template, and then click **Properties**. +4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. +5. Click **Client Authentication**, and then click **Remove**. +6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: + - Name: Kerberos Client Auth + - Object Identifier: 1.3.6.1.5.2.3.4 +7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. +8. Under **Issuance Policies**, click**High Assurance**. +9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. + +Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. + +**Enrolling devices in a certificate** + +Run the following command: +``` syntax +CertReq -EnrollCredGuardCert MachineAuthentication +``` + +> [!NOTE] +> You must restart the device after enrolling the machine authentication certificate. +  +### How a certificate issuance policy can be used for access control + +Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. + +**To see the issuance policies available** + +- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\get-IssuancePolicy.ps1 –LinkedToGroup:All + ``` + +**To link an issuance policy to a universal security group** + +- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" + ``` + +### Restricting user sign on + +So we now have completed the following: + +- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign in +- Mapped that policy to a universal security group or claim +- Provided a way for domain controllers to get the device authorization data during user sign in using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies. + +Authentication policies have the following requirements: +- User accounts are in a Windows Server 2012 domain functional level or higher domain. + +**Creating an authentication policy restricting users to the specific universal security group** + +1. Open Active Directory Administrative Center. +2. Click **Authentication**, click **New**, and then click **Authentication Policy**. +3. In the **Display name** box, enter a name for this authentication policy. +4. Under the **Accounts** heading, click **Add**. +5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**. +6. Under the **User Sign On** heading, click the **Edit** button. +7. Click **Add a condition**. +8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. +9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. +10. Click **OK** to close the **Edit Access Control Conditions** box. +11. Click **OK** to create the authentication policy. +12. Close Active Directory Administrative Center. + +> [!NOTE] +> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. + +### Discovering authentication failures due to authentication policies + +To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. + +To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). + +For further information, see: [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-requirements.md b/windows/keep-secure/credential-guard-requirements.md new file mode 100644 index 0000000000..f1d8842363 --- /dev/null +++ b/windows/keep-secure/credential-guard-requirements.md @@ -0,0 +1,111 @@ +--- +title: Credential Guard Requirements (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Requirements + +**Applies to** +- Windows 10 +- Windows Server 2016 + +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). + +### Hardware and software requirements + +To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: +- Support for Virtualization-based security (required) +- Secure boot (required) +- TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) +- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) + +The Virtualization-based security requires: +- 64 bit CPU +- CPU virtualization extensions plus extended page tables +- Windows hypervisor + +### Application requirements + +When Credential Guard is enabled, specific authentication capabilities are blocked, so applications which require blocked capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. + +>[!WARNING] +> Enabling Credential Guard on domain controllers is not supported.
+> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. + +>[!NOTE] +> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). + +Applications will break if they require: +- Kerberos DES encryption support +- Kerberos unconstrained delegation +- Extracting the Kerberos TGT +- NTLMv1 + +Applications will prompt & expose credentials to risk if they require: +- Digest authentication +- Credential delegation +- MS-CHAPv2 + +Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. + +### Security considerations + +All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. +Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. +The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. + +> [!NOTE] +> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
+> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
+ +#### Baseline protections + +|Baseline Protections | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | +| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | +| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | +| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | +| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. + +#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | +| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | + +
+ +#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | +| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | + +
+ +#### 2017 Additional security qualifications starting with Windows 10, version 1703 + +The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. + +| Protection for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | +| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | diff --git a/windows/keep-secure/credential-guard-scripts.md b/windows/keep-secure/credential-guard-scripts.md new file mode 100644 index 0000000000..5d7eb958a6 --- /dev/null +++ b/windows/keep-secure/credential-guard-scripts.md @@ -0,0 +1,488 @@ +--- +title: Credential Guard Scripts (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Credential Guard Scripts + +Here is a list of scripts that are mentioned in this topic. + +## Get the available issuance policies on the certificate authority + +Save this script file as get-IssuancePolicy.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$Identity, +$LinkedToGroup +) +####################################### +## Strings definitions ## +####################################### +Data getIP_strings { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targeted. +help2 = Usage: +help3 = The following parameter is mandatory: +help4 = -LinkedToGroup: +help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. +help6 = "no" will return only Issuance Policies that are not currently linked to any group. +help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. +help8 = The following parameter is optional: +help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. +help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. +help11 = Examples: +errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" +ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". +ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". +ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: +LinkedIPs = The following Issuance Policies are linked to groups: +displayName = displayName : {0} +Name = Name : {0} +dn = distinguishedName : {0} + InfoName = Linked Group Name: {0} + InfoDN = Linked Group DN: {0} +NonLinkedIPs = The following Issuance Policies are NOT linked to groups: +'@ +} +##Import-LocalizedData getIP_strings +import-module ActiveDirectory +####################################### +## Help ## +####################################### +function Display-Help { + "" + $getIP_strings.help1 + "" +$getIP_strings.help2 +"" +$getIP_strings.help3 +" " + $getIP_strings.help4 +" " + $getIP_strings.help5 + " " + $getIP_strings.help6 + " " + $getIP_strings.help7 +"" +$getIP_strings.help8 + " " + $getIP_strings.help9 + "" + $getIP_strings.help10 +"" +"" +$getIP_strings.help11 + " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" + " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" + " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" +"" +} +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +$configNCDN = [String]$root.configurationNamingContext +if ( !($Identity) -and !($LinkedToGroup) ) { +display-Help +break +} +if ($Identity) { + $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * + if ($OIDs -eq $null) { +$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity +write-host $errormsg -ForegroundColor Red + } + foreach ($OID in $OIDs) { + if ($OID."msDS-OIDToGroupLink") { +# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $groupName = $group.Name +# Analyze the group + if ($group.groupCategory -ne "Security") { +$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + } + } + return $OIDs + break +} +if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" + $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*****************************************************" + write-host $getIP_strings.LinkedIPs + write-host "*****************************************************" + write-host "" + if ($LinkedOIDs -ne $null){ + foreach ($OID in $LinkedOIDs) { +# Display basic information about the Issuance Policies + "" + $getIP_strings.displayName -f $OID.displayName + $getIP_strings.Name -f $OID.Name + $getIP_strings.dn -f $OID.distinguishedName +# Get the linked group. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $getIP_strings.InfoName -f $group.Name + $getIP_strings.InfoDN -f $groupDN +# Analyze the group + $OIDName = $OID.displayName + $groupName = $group.Name + if ($group.groupCategory -ne "Security") { + $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + write-host "" + } + }else{ +write-host "There are no issuance policies that are mapped to a group" + } + if ($LinkedToGroup -eq "yes") { + return $LinkedOIDs + break + } +} +if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" + $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*********************************************************" + write-host $getIP_strings.NonLinkedIPs + write-host "*********************************************************" + write-host "" + if ($NonLinkedOIDs -ne $null) { + foreach ($OID in $NonLinkedOIDs) { +# Display basic information about the Issuance Policies +write-host "" +$getIP_strings.displayName -f $OID.displayName +$getIP_strings.Name -f $OID.Name +$getIP_strings.dn -f $OID.distinguishedName +write-host "" + } + }else{ +write-host "There are no issuance policies which are not mapped to groups" + } + if ($LinkedToGroup -eq "no") { + return $NonLinkedOIDs + break + } +} +``` +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +  +### Link an issuance policy to a group + +Save the script file as set-IssuancePolicyToGroupLink.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$IssuancePolicyName, +$groupOU, +$groupName +) +####################################### +## Strings definitions ## +####################################### +Data ErrorMsg { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. +help2 = Usage: +help3 = The following parameters are required: +help4 = -IssuancePolicyName: +help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. +help6 = The following parameter is optional: +help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. +help8 = Examples: +help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. +help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. +MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" +NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". +IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} +MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". +confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? +OUCreationSuccess = Organizational Unit "{0}" successfully created. +OUcreationError = Error: Organizational Unit "{0}" could not be created. +OUFoundSuccess = Organizational Unit "{0}" was successfully found. +multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". +confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? +groupCreationSuccess = Univeral Security group "{0}" successfully created. +groupCreationError = Error: Univeral Security group "{0}" could not be created. +GroupFound = Group "{0}" was successfully found. +confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? +UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. +UnlinkError = Removing the link failed. +UnlinkExit = Exiting without removing the link from the issuance policy to the group. +IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. +ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". +ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". +ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: +ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? +LinkSuccess = The certificate issuance policy was successfully linked to the specified group. +LinkError = The certificate issuance policy could not be linked to the specified group. +ExitNoLinkReplacement = Exiting without setting the new link. +'@ +} +# import-localizeddata ErrorMsg +function Display-Help { +"" +write-host $ErrorMsg.help1 +"" +write-host $ErrorMsg.help2 +"" +write-host $ErrorMsg.help3 +write-host "`t" $ErrorMsg.help4 +write-host "`t" $ErrorMsg.help5 +"" +write-host $ErrorMsg.help6 +write-host "`t" $ErrorMsg.help7 +"" +"" +write-host $ErrorMsg.help8 +"" +write-host $ErrorMsg.help9 +".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " +"" +write-host $ErrorMsg.help10 +'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' +"" +} +# Assumption: The group to which the Issuance Policy is going +# to be linked is (or is going to be created) in +# the domain the user running this script is a member of. +import-module ActiveDirectory +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +if ( !($IssuancePolicyName) ) { +display-Help +break +} +####################################### +## Find the OID object ## +## (aka Issuance Policy) ## +####################################### +$searchBase = [String]$root.configurationnamingcontext +$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * +if ($OID -eq $null) { +$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($OID.GetType().IsArray) { +$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +else { +$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName +write-host $tmp -ForeGroundColor Green +} +####################################### +## Find the container of the group ## +####################################### +if ($groupOU -eq $null) { +# default to the Users container +$groupContainer = $domain.UsersContainer +} +else { +$searchBase = [string]$domain.DistinguishedName +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +if ($groupContainer.count -gt 1) { +$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase +write-host $tmp -ForegroundColor Red +break; +} +elseif ($groupContainer -eq $null) { +$tmp = $ErrorMsg.confirmOUcreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName +if ($?){ +$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU +write-host $tmp -ForegroundColor Green +} +else{ +$tmp = $ErrorMsg.OUCreationError -f $groupOU +write-host $tmp -ForeGroundColor Red +break; +} +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name +write-host $tmp -ForegroundColor Green +} +} +####################################### +## Find the group ## +####################################### +if (($groupName -ne $null) -and ($groupName -ne "")){ +##$searchBase = [String]$groupContainer.DistinguishedName +$searchBase = $groupContainer +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +if ($group -ne $null -and $group.gettype().isarray) { +$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($group -eq $null) { +$tmp = $ErrorMsg.confirmGroupCreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" +if ($?){ +$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName +write-host $tmp -ForegroundColor Green +}else{ +$tmp = $ErrorMsg.groupCreationError -f $groupName +write-host $tmp -ForeGroundColor Red +break +} +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.GroupFound -f $group.Name +write-host $tmp -ForegroundColor Green +} +} +else { +##### +## If the group is not specified, we should remove the link if any exists +##### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" +if ($?) { +$tmp = $ErrorMsg.UnlinkSuccess +write-host $tmp -ForeGroundColor Green +}else{ +$tmp = $ErrorMsg.UnlinkError +write-host $tmp -ForeGroundColor Red +} +} +else { +$tmp = $ErrorMsg.UnlinkExit +write-host $tmp +break +} +} +else { +$tmp = $ErrorMsg.IPNotLinked +write-host $tmp -ForeGroundColor Yellow +} +break; +} +####################################### +## Verify that the group is ## +## Universal, Security, and ## +## has no members ## +####################################### +if ($group.GroupScope -ne "Universal") { +$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +if ($group.GroupCategory -ne "Security") { +$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +$members = Get-ADGroupMember -Identity $group +if ($members -ne $null) { +$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} +break; +} +####################################### +## We have verified everything. We ## +## can create the link from the ## +## Issuance Policy to the group. ## +####################################### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName +write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Replace $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} else { +$tmp = $Errormsg.ExitNoLinkReplacement +write-host $tmp +break +} +} +else { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Add $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} +``` + +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. \ No newline at end of file diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 5fdb54b819..2cc6cd8b31 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -1,7 +1,6 @@ --- title: Protect derived domain credentials with Credential Guard (Windows 10) description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -16,7 +15,7 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. By enabling Credential Guard, the following features and solutions are provided: @@ -24,929 +23,12 @@ By enabling Credential Guard, the following features and solutions are provided: - **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system. - **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. -## How it works +• How to prevent credential theft +• Virtualization-based security +• Credential Guard Design -Kerberos, NTLM, and Credential manager isolate secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. -For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. -When Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault which are not protected by Credential Guard with any of these protocol. It is strongly recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. - -When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. - -Here's a high-level overview on how the LSA is isolated by using virtualization-based security: - -![Credential Guard overview](images/credguard.png) - -## Requirements - -For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). - -### Hardware and software requirements - -To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: -- Support for Virtualization-based security (required) -- Secure boot (required) -- TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) -- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) - -The Virtualization-based security requires: -- 64 bit CPU -- CPU virtualization extensions plus extended page tables -- Windows hypervisor - -### Application requirements - -When Credential Guard is enabled, specific authentication capabilities are blocked, so applications which require blocked capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. - ->[!WARNING] -> Enabling Credential Guard on domain controllers is not supported.
-> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. - ->[!NOTE] -> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). - -Applications will break if they require: -- Kerberos DES encryption support -- Kerberos unconstrained delegation -- Extracting the Kerberos TGT -- NTLMv1 - -Applications will prompt & expose credentials to risk if they require: -- Digest authentication -- Credential delegation -- MS-CHAPv2 - -Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. - -### Security considerations - -All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. -Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. -The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. - -> [!NOTE] -> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
-> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
- -#### Baseline protections - -|Baseline Protections | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | -| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | -| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | -| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | -| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. - -#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | -| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | - -
- -#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | -| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | - -
- -#### 2017 Additional security qualifications starting with Windows 10, version 1703 - -The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. - -| Protection for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | -| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | - -## Manage Credential Guard - -### Enable Credential Guard -Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). - -#### Turn on Credential Guard by using Group Policy - -You can use Group Policy to enable Credential Guard. This will add and enable the virtualization-based security features for you if needed. - -1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**. -2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. -3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. -4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Credential Guard remotely, choose **Enabled without lock**. - - ![Credential Guard Group Policy setting](images/credguard-gp.png) - -5. Close the Group Policy Management Console. - -To enforce processing of the group policy, you can run ```gpupdate /force```. - -#### Turn on Credential Guard by using the registry - -If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems. - -#### Add the virtualization-based security features - -Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped. - -If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. -You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). -> [!NOTE] -> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. - -  -**Add the virtualization-based security features by using Programs and Features** - -1. Open the Programs and Features control panel. -2. Click **Turn Windows feature on or off**. -3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. -4. Select the **Isolated User Mode** check box at the top level of the feature selection. -5. Click **OK**. - -**Add the virtualization-based security features to an offline image by using DISM** - -1. Open an elevated command prompt. -2. Add the Hyper-V Hypervisor by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all - ``` -3. Add the Isolated User Mode feature by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:IsolatedUserMode - ``` - -> [!NOTE] -> You can also add these features to an online image by using either DISM or Configuration Manager. - -#### Enable virtualization-based security and Credential Guard - -1. Open Registry Editor. -2. Enable virtualization-based security: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. - - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. - - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. -3. Enable Credential Guard: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. - - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. -4. Close Registry Editor. - - -> [!NOTE] -> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. - - -#### Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot -``` - -#### Credential Guard deployment in virtual machines - -Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. - -Credential Guard protects secrets from non-priviledged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: - -``` PowerShell -Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true -``` - -Requirements for running Credential Guard in Hyper-V virtual machines -- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. -- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. - -### Remove Credential Guard - -If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). - -1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). -2. Delete the following registry settings: - - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures - - > [!IMPORTANT] - > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. - -3. Delete the Credential Guard EFI variables by using bcdedit. - -**Delete the Credential Guard EFI variables** - -1. From an elevated command prompt, type the following commands: - ``` syntax - - mountvol X: /s - - copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y - - bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" - - bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - - mountvol X: /d - - ``` -2. Restart the PC. -3. Accept the prompt to disable Credential Guard. -4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. - -> [!NOTE] -> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS - -For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). - - -#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot -``` -  -### Check that Credential Guard is running - -You can use System Information to ensure that Credential Guard is running on a PC. - -1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. -2. Click **System Summary**. -3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. - - Here's an example: - - ![System Information](images/credguard-msinfo32.png) - -You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Ready -``` - -## Considerations when using Credential Guard - -- If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. -- You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - - **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0 - - The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run. - - The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. - - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. - - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] - - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] - You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. -- Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. -- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. -- As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. - -- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager: - - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". - - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. - - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. - - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. - -### NTLM & CHAP Considerations - -When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. - -### Kerberos Considerations - -When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. - -## Scenarios not protected by Credential Guard - -Some ways to store credentials are not protected by Credential Guard, including: - -- Software that manages credentials outside of Windows feature protection -- Local accounts and Microsoft Accounts -- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. -- Key loggers -- Physical attacks -- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization. -- Third-party security packages -- Digest and CredSSP credentials - - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. -- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. - -## Additional mitigations - -Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. - -### Restricting domain users to specific domain-joined devices - -Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. - -#### Kerberos armoring - -Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. - -**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** - -- Users need to be in domains which are running Windows Server 2012 R2 or higher -- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. -- All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. - -#### Protecting domain-joined device secrets - -Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user. - -Domain-joined device certificate authentication has the following requirements: -- Devices' accounts are in Windows Server 2012 domain funcational level or higher domains. -- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: - - KDC EKU present - - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension -- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. -- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. - -##### Deploying domain-joined device certificates - -To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. - -For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. - -**Creating a new certificate template** - -1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** -2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. -3. Right-click the new template, and then click **Properties**. -4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. -5. Click **Client Authentication**, and then click **Remove**. -6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: - - Name: Kerberos Client Auth - - Object Identifier: 1.3.6.1.5.2.3.4 -7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. -8. Under **Issuance Policies**, click**High Assurance**. -9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. - -Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. - -**Enrolling devices in a certificate** - -Run the following command: -``` syntax -CertReq -EnrollCredGuardCert MachineAuthentication -``` - -> [!NOTE] -> You must restart the device after enrolling the machine authentication certificate. -  -#### How a certificate issuance policy can be used for access control - -Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. - -**To see the issuance policies available** - -- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\get-IssuancePolicy.ps1 –LinkedToGroup:All - ``` - -**To link a issuance policy to a universal security group** - -- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" - ``` - -#### Restricting user sign on - -So we now have the following: - -- Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on -- Mapped that policy to a universal security group or claim -- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring- -so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies. - -Authentication policies have the following requirements: -- User accounts are in a Windows Server 2012 domain functional level or higher domain. - -**Creating an authentication policy restricting to the specific universal security group** - -1. Open Active Directory Administrative Center. -2. Click **Authentication**, click **New**, and then click **Authentication Policy**. -3. In the **Display name** box, enter a name for this authentication policy. -4. Under the **Accounts** heading, click **Add**. -5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**. -6. Under the **User Sign On** heading, click the **Edit** button. -7. Click **Add a condition**. -8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. -9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. -10. Click **OK** to close the **Edit Access Control Conditions** box. -11. Click **OK** to create the authentication policy. -12. Close Active Directory Administrative Center. - -> [!NOTE] -> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. - -#### Discovering authentication failures due to authentication policies - -To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. - -To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). - -## Appendix: Scripts - -Here is a list of scripts that are mentioned in this topic. - -### Get the available issuance policies on the certificate authority - -Save this script file as get-IssuancePolicy.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$Identity, -$LinkedToGroup -) -####################################### -## Strings definitions ## -####################################### -Data getIP_strings { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targetted. -help2 = Usage: -help3 = The following parameter is mandatory: -help4 = -LinkedToGroup: -help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. -help6 = "no" will return only Issuance Policies that are not currently linked to any group. -help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. -help8 = The following parameter is optional: -help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. -help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. -help11 = Examples: -errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" -ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". -ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". -ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: -LinkedIPs = The following Issuance Policies are linked to groups: -displayName = displayName : {0} -Name = Name : {0} -dn = distinguishedName : {0} - InfoName = Linked Group Name: {0} - InfoDN = Linked Group DN: {0} -NonLinkedIPs = The following Issuance Policies are NOT linked to groups: -'@ -} -##Import-LocalizedData getIP_strings -import-module ActiveDirectory -####################################### -## Help ## -####################################### -function Display-Help { - "" - $getIP_strings.help1 - "" -$getIP_strings.help2 -"" -$getIP_strings.help3 -" " + $getIP_strings.help4 -" " + $getIP_strings.help5 - " " + $getIP_strings.help6 - " " + $getIP_strings.help7 -"" -$getIP_strings.help8 - " " + $getIP_strings.help9 - "" - $getIP_strings.help10 -"" -"" -$getIP_strings.help11 - " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" - " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" - " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" -"" -} -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -$configNCDN = [String]$root.configurationNamingContext -if ( !($Identity) -and !($LinkedToGroup) ) { -display-Help -break -} -if ($Identity) { - $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * - if ($OIDs -eq $null) { -$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity -write-host $errormsg -ForegroundColor Red - } - foreach ($OID in $OIDs) { - if ($OID."msDS-OIDToGroupLink") { -# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $groupName = $group.Name -# Analyze the group - if ($group.groupCategory -ne "Security") { -$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - } - } - return $OIDs - break -} -if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" - $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*****************************************************" - write-host $getIP_strings.LinkedIPs - write-host "*****************************************************" - write-host "" - if ($LinkedOIDs -ne $null){ - foreach ($OID in $LinkedOIDs) { -# Display basic information about the Issuance Policies - "" - $getIP_strings.displayName -f $OID.displayName - $getIP_strings.Name -f $OID.Name - $getIP_strings.dn -f $OID.distinguishedName -# Get the linked group. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $getIP_strings.InfoName -f $group.Name - $getIP_strings.InfoDN -f $groupDN -# Analyze the group - $OIDName = $OID.displayName - $groupName = $group.Name - if ($group.groupCategory -ne "Security") { - $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - write-host "" - } - }else{ -write-host "There are no issuance policies that are mapped to a group" - } - if ($LinkedToGroup -eq "yes") { - return $LinkedOIDs - break - } -} -if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" - $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*********************************************************" - write-host $getIP_strings.NonLinkedIPs - write-host "*********************************************************" - write-host "" - if ($NonLinkedOIDs -ne $null) { - foreach ($OID in $NonLinkedOIDs) { -# Display basic information about the Issuance Policies -write-host "" -$getIP_strings.displayName -f $OID.displayName -$getIP_strings.Name -f $OID.Name -$getIP_strings.dn -f $OID.distinguishedName -write-host "" - } - }else{ -write-host "There are no issuance policies which are not mapped to groups" - } - if ($LinkedToGroup -eq "no") { - return $NonLinkedOIDs - break - } -} -``` -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. -  -### Link an issuance policy to a group - -Save the script file as set-IssuancePolicyToGroupLink.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$IssuancePolicyName, -$groupOU, -$groupName -) -####################################### -## Strings definitions ## -####################################### -Data ErrorMsg { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. -help2 = Usage: -help3 = The following parameters are required: -help4 = -IssuancePolicyName: -help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. -help6 = The following parameter is optional: -help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. -help8 = Examples: -help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. -help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. -MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" -NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". -IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} -MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". -confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? -OUCreationSuccess = Organizational Unit "{0}" successfully created. -OUcreationError = Error: Organizational Unit "{0}" could not be created. -OUFoundSuccess = Organizational Unit "{0}" was successfully found. -multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". -confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? -groupCreationSuccess = Univeral Security group "{0}" successfully created. -groupCreationError = Error: Univeral Security group "{0}" could not be created. -GroupFound = Group "{0}" was successfully found. -confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? -UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. -UnlinkError = Removing the link failed. -UnlinkExit = Exiting without removing the link from the issuance policy to the group. -IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. -ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". -ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". -ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: -ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? -LinkSuccess = The certificate issuance policy was successfully linked to the specified group. -LinkError = The certificate issuance policy could not be linked to the specified group. -ExitNoLinkReplacement = Exiting without setting the new link. -'@ -} -# import-localizeddata ErrorMsg -function Display-Help { -"" -write-host $ErrorMsg.help1 -"" -write-host $ErrorMsg.help2 -"" -write-host $ErrorMsg.help3 -write-host "`t" $ErrorMsg.help4 -write-host "`t" $ErrorMsg.help5 -"" -write-host $ErrorMsg.help6 -write-host "`t" $ErrorMsg.help7 -"" -"" -write-host $ErrorMsg.help8 -"" -write-host $ErrorMsg.help9 -".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " -"" -write-host $ErrorMsg.help10 -'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' -"" -} -# Assumption: The group to which the Issuance Policy is going -# to be linked is (or is going to be created) in -# the domain the user running this script is a member of. -import-module ActiveDirectory -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -if ( !($IssuancePolicyName) ) { -display-Help -break -} -####################################### -## Find the OID object ## -## (aka Issuance Policy) ## -####################################### -$searchBase = [String]$root.configurationnamingcontext -$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * -if ($OID -eq $null) { -$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($OID.GetType().IsArray) { -$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -else { -$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName -write-host $tmp -ForeGroundColor Green -} -####################################### -## Find the container of the group ## -####################################### -if ($groupOU -eq $null) { -# default to the Users container -$groupContainer = $domain.UsersContainer -} -else { -$searchBase = [string]$domain.DistinguishedName -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -if ($groupContainer.count -gt 1) { -$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase -write-host $tmp -ForegroundColor Red -break; -} -elseif ($groupContainer -eq $null) { -$tmp = $ErrorMsg.confirmOUcreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName -if ($?){ -$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU -write-host $tmp -ForegroundColor Green -} -else{ -$tmp = $ErrorMsg.OUCreationError -f $groupOU -write-host $tmp -ForeGroundColor Red -break; -} -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name -write-host $tmp -ForegroundColor Green -} -} -####################################### -## Find the group ## -####################################### -if (($groupName -ne $null) -and ($groupName -ne "")){ -##$searchBase = [String]$groupContainer.DistinguishedName -$searchBase = $groupContainer -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -if ($group -ne $null -and $group.gettype().isarray) { -$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($group -eq $null) { -$tmp = $ErrorMsg.confirmGroupCreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" -if ($?){ -$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName -write-host $tmp -ForegroundColor Green -}else{ -$tmp = $ErrorMsg.groupCreationError -f $groupName -write-host $tmp -ForeGroundColor Red -break -} -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.GroupFound -f $group.Name -write-host $tmp -ForegroundColor Green -} -} -else { -##### -## If the group is not specified, we should remove the link if any exists -##### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" -if ($?) { -$tmp = $ErrorMsg.UnlinkSuccess -write-host $tmp -ForeGroundColor Green -}else{ -$tmp = $ErrorMsg.UnlinkError -write-host $tmp -ForeGroundColor Red -} -} -else { -$tmp = $ErrorMsg.UnlinkExit -write-host $tmp -break -} -} -else { -$tmp = $ErrorMsg.IPNotLinked -write-host $tmp -ForeGroundColor Yellow -} -break; -} -####################################### -## Verify that the group is ## -## Universal, Security, and ## -## has no members ## -####################################### -if ($group.GroupScope -ne "Universal") { -$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -if ($group.GroupCategory -ne "Security") { -$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -$members = Get-ADGroupMember -Identity $group -if ($members -ne $null) { -$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} -break; -} -####################################### -## We have verified everything. We ## -## can create the link from the ## -## Issuance Policy to the group. ## -####################################### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName -write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Replace $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} else { -$tmp = $Errormsg.ExitNoLinkReplacement -write-host $tmp -break -} -} -else { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Add $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} -``` - -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. -  ## Related topics - [Isolated User Mode in Windows 10 with Dave Probert (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/Isolated-User-Mode-in-Windows-10-with-Dave-Probert) diff --git a/windows/keep-secure/credential-manager-known-issues.md b/windows/keep-secure/credential-manager-known-issues.md new file mode 100644 index 0000000000..dae1ef2c13 --- /dev/null +++ b/windows/keep-secure/credential-manager-known-issues.md @@ -0,0 +1,17 @@ +--- +title: Known issues with Credential Manager (Windows 10) +description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 +ms.prod: w10 +ms.mktglfcycl: explore +ms.sitesec: library +ms.pagetype: security +localizationpriority: high +author: brianlic-msft +--- + +# Known issues with Credential Manager + +**Applies to** +- Windows 10 +- Windows Server 2016 From b944919155996e949ef81e6902a067aafa9595a1 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Wed, 15 Mar 2017 13:28:53 -0700 Subject: [PATCH 02/62] Added topic descriptions --- .../credential-guard-considerations.md | 13 ++++---- .../credential-guard-how-it-works.md | 6 ++-- .../keep-secure/credential-guard-manage.md | 10 +++---- ...redential-guard-not-protected-scenarios.md | 21 +++++++------ .../credential-guard-requirements.md | 28 +++++++++-------- .../keep-secure/credential-guard-scripts.md | 3 +- windows/keep-secure/credential-guard.md | 30 +++++++++++++++---- .../credential-manager-known-issues.md | 1 - 8 files changed, 66 insertions(+), 46 deletions(-) diff --git a/windows/keep-secure/credential-guard-considerations.md b/windows/keep-secure/credential-guard-considerations.md index a0a3b104fb..2e8153173f 100644 --- a/windows/keep-secure/credential-guard-considerations.md +++ b/windows/keep-secure/credential-guard-considerations.md @@ -1,7 +1,6 @@ --- title: Considerations when using Credential Guard (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: +description: Considerations and recommendations for certain scenarios when using Credential Guard in Windows 10. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -35,13 +34,15 @@ author: brianlic-msft - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. - - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. For further information, see: - [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. + -## NTLM & CHAP Considerations +## NTLM and CHAP Considerations When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. ## Kerberos Considerations -When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. \ No newline at end of file +When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. + +For further information, see: [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-how-it-works.md b/windows/keep-secure/credential-guard-how-it-works.md index b1e48f5ef8..bf5aa31aae 100644 --- a/windows/keep-secure/credential-guard-how-it-works.md +++ b/windows/keep-secure/credential-guard-how-it-works.md @@ -1,7 +1,6 @@ --- title: How Credential Guard works -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: +description: Using virtualization-based security, Credential Guard features a new component called the isolated LSA process, which stores and protects secrets, isolating them from the rest of the operating system, so that only privileged system software can access them. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -28,4 +27,5 @@ Here's a high-level overview on how the LSA is isolated by using virtualization- ![Credential Guard overview](images/credguard.png) -For further information, see [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + +
For further information, see [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) diff --git a/windows/keep-secure/credential-guard-manage.md b/windows/keep-secure/credential-guard-manage.md index 7f913589d7..588d7e00f7 100644 --- a/windows/keep-secure/credential-guard-manage.md +++ b/windows/keep-secure/credential-guard-manage.md @@ -1,7 +1,6 @@ --- title: Manage Credential Guard (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: +description: Deploying and managing Credential Guard using Group Policy, the registry, or the Device Guard and Credential Guard hardware readiness tool. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -34,7 +33,6 @@ You can use Group Policy to enable Credential Guard. This will add and enable th To enforce processing of the group policy, you can run ```gpupdate /force```. -For further information, see: [Deploying Credential Guard] (https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) ### Enable Credential Guard by using the registry @@ -47,7 +45,7 @@ Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). > [!NOTE] -> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. +If you enable Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.   **Add the virtualization-based security features by using Programs and Features** @@ -114,6 +112,7 @@ Requirements for running Credential Guard in Hyper-V virtual machines For further information, see: [Deploying Credential Guard] (https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + ### Remove Credential Guard If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). @@ -185,4 +184,5 @@ You can also check that Credential Guard is running by using the [Device Guard a ``` DG_Readiness_Tool_v3.0.ps1 -Ready -``` \ No newline at end of file +``` +For further information, see: [Deploying Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md index 70848bcecc..240fbc29b5 100644 --- a/windows/keep-secure/credential-guard-not-protected-scenarios.md +++ b/windows/keep-secure/credential-guard-not-protected-scenarios.md @@ -1,7 +1,6 @@ --- title: Scenarios not protected by Credential Guard (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: +description: Scenarios not protected by Credential Guard in Windows 10. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -37,9 +36,9 @@ Credential Guard can provide mitigations against attacks on derived credentials ### Restricting domain users to specific domain-joined devices -Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign in to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign in using devices that have Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. +Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on using devices that have Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. -### Kerberos armoring +#### Kerberos armoring Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. @@ -49,9 +48,9 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, - All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. - All the devices with Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. -### Protecting domain-joined device secrets +#### Protecting domain-joined device secrets -Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign in as the user. +Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user. Domain-joined device certificate authentication has the following requirements: - Devices' accounts are in Windows Server 2012 domain functional level or higher domains. @@ -93,7 +92,7 @@ CertReq -EnrollCredGuardCert MachineAuthentication > [!NOTE] > You must restart the device after enrolling the machine authentication certificate.   -### How a certificate issuance policy can be used for access control +#### How a certificate issuance policy can be used for access control Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. @@ -115,13 +114,13 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" ``` -### Restricting user sign on +#### Restricting user sign on So we now have completed the following: -- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign in +- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on - Mapped that policy to a universal security group or claim -- Provided a way for domain controllers to get the device authorization data during user sign in using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies. +- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies. Authentication policies have the following requirements: - User accounts are in a Windows Server 2012 domain functional level or higher domain. @@ -144,7 +143,7 @@ Authentication policies have the following requirements: > [!NOTE] > When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. -### Discovering authentication failures due to authentication policies +#### Discovering authentication failures due to authentication policies To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. diff --git a/windows/keep-secure/credential-guard-requirements.md b/windows/keep-secure/credential-guard-requirements.md index f1d8842363..88c7586bba 100644 --- a/windows/keep-secure/credential-guard-requirements.md +++ b/windows/keep-secure/credential-guard-requirements.md @@ -1,6 +1,6 @@ --- title: Credential Guard Requirements (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +description: Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security associated with available hardware and firmware options. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -15,9 +15,11 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so application that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, see the tables in the [Security Considerations](#security-considerations) section. -### Hardware and software requirements + + +## Hardware and software requirements To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: - Support for Virtualization-based security (required) @@ -26,13 +28,13 @@ To provide basic protection against OS level attempts to read Credential Manager - UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) The Virtualization-based security requires: -- 64 bit CPU +- 64-bit CPU - CPU virtualization extensions plus extended page tables - Windows hypervisor -### Application requirements +## Application requirements -When Credential Guard is enabled, specific authentication capabilities are blocked, so applications which require blocked capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. +When Credential Guard is enabled, specific authentication capabilities are blocked, so application that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. >[!WARNING] > Enabling Credential Guard on domain controllers is not supported.
@@ -47,14 +49,14 @@ Applications will break if they require: - Extracting the Kerberos TGT - NTLMv1 -Applications will prompt & expose credentials to risk if they require: +Applications will prompt and expose credentials to risk if they require: - Digest authentication - Credential delegation - MS-CHAPv2 Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. -### Security considerations +## Security considerations All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. @@ -64,7 +66,7 @@ The following tables describe baseline protections, plus protections for improve > Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
-#### Baseline protections +### Baseline protections |Baseline Protections | Description | |---------------------------------------------|----------------------------------------------------| @@ -78,7 +80,7 @@ The following tables describe baseline protections, plus protections for improve > [!IMPORTANT] > The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. -#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 +### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 | Protections for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| @@ -88,7 +90,7 @@ The following tables describe baseline protections, plus protections for improve
-#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 +### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 > [!IMPORTANT] > The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. @@ -101,11 +103,11 @@ The following tables describe baseline protections, plus protections for improve
-#### 2017 Additional security qualifications starting with Windows 10, version 1703 +### 2017 Additional security qualifications starting with Windows 10, version 1703 The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. | Protection for Improved Security | Description | |---------------------------------------------|----------------------------------------------------| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | +| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volatile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and executable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | | Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | diff --git a/windows/keep-secure/credential-guard-scripts.md b/windows/keep-secure/credential-guard-scripts.md index 5d7eb958a6..afa388bb8f 100644 --- a/windows/keep-secure/credential-guard-scripts.md +++ b/windows/keep-secure/credential-guard-scripts.md @@ -1,7 +1,6 @@ --- title: Credential Guard Scripts (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: +description: Credential Guard Scripts listed in this topic for Windows 10, for obtaining the available issuance policies on the certificate authority. ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 2cc6cd8b31..4648f91a82 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -21,13 +21,33 @@ By enabling Credential Guard, the following features and solutions are provided: - **Hardware security** NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials. - **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system. -- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. - -• How to prevent credential theft -• Virtualization-based security -• Credential Guard Design +- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. +## Topics in this guide + +[How Credential Guard works](credential-guard-how-it-works.md) + +[Credential Guard Requirements](credential-guard-requirements.md) + +[Manage Credential Guard](credential-guard-manage.md) + +[Considerations when using Credential Guard](credential-guard-considerations.md) + +[Scenarios not protected by Credential Guard](credential-guard-not-protected-scenarios.md) + +[Known issues](credential-manager-known-issues.md) + +[Credential Guard Scripts](credential-guard-scripts.md) + + +
For further information, see: + +[How to prevent credential theft](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=CAgzpKJyC_304300474) + +[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) + +[Credential Guard Design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) ## Related topics diff --git a/windows/keep-secure/credential-manager-known-issues.md b/windows/keep-secure/credential-manager-known-issues.md index dae1ef2c13..b7dc37dac3 100644 --- a/windows/keep-secure/credential-manager-known-issues.md +++ b/windows/keep-secure/credential-manager-known-issues.md @@ -1,7 +1,6 @@ --- title: Known issues with Credential Manager (Windows 10) description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. -ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library From fc6a72fae0dd5198fd712abf4967db86c84046f0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 12:53:07 -0700 Subject: [PATCH 03/62] content for experiment with custom ti alerts --- ...dows-defender-advanced-threat-protection.md | 2 ++ .../images/atp-sample-custom-ti-alert.png | Bin 0 -> 18015 bytes .../images/atp-simulate-custom-ti.png | Bin 0 -> 144904 bytes .../images/atp-threat-intel-api.png | Bin 0 -> 219888 bytes 4 files changed, 2 insertions(+) create mode 100644 windows/keep-secure/images/atp-sample-custom-ti-alert.png create mode 100644 windows/keep-secure/images/atp-simulate-custom-ti.png create mode 100644 windows/keep-secure/images/atp-threat-intel-api.png diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md index 47189ede43..dcc7ec8191 100644 --- a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -27,6 +27,8 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee 1. In the navigation pane, select **Preference Setup** > **Threat intel API**. + ![Image of threat intel API menu](images/atp-threat-intel-api.png) + 2. Select **Enable threat intel API**. This activates the **Azure Active Directory application** setup sections with pre-populated values. 3. Copy the individual values or select **Save details to file** to download a file that contains all the values. diff --git a/windows/keep-secure/images/atp-sample-custom-ti-alert.png b/windows/keep-secure/images/atp-sample-custom-ti-alert.png new file mode 100644 index 0000000000000000000000000000000000000000..e536f6f4cc936fc55a06851b5c4db85e685d394e GIT binary patch literal 18015 zcmd3MRYM$2&@Kr9f;$9)1b25?2=4A4f-deZA-FE?u((TbcXwIb-QAs!_q#YZ=lpVcM(%Se4GBHdVrM#Bih(Q;tt|jQT~{ zm5$j7g+~5aikx&m-4XVH7ELuXW@dS{$7Xe1)luA$yq z>=_vueIg3H{oe1lJpuddwBPp0Q-7LV!zQj^waS+#yUQ1ZIp1~0f5Y_t&u7OxzS$&Y$92~WY{wE8XQwEiHpL212C_F|>;u@U&LrZ02{Z(up3~3pR^XVY zi0p25Eh2x3Iko6YTVTQg!}t;_vpSeM!Qi|yC|Na71`H&OXB@3fxU<=ovtP}%@qf`k z{A~@j(epwrx4gTLIBV$Y`#$mR(qZ+D&Rv9$mXww5COEI4Zz8JT^kg z$EgH({y4C-*4w6K%(QNa5aqhhOKRA^_6|@rw`bQ3?c73CIA-DZk4HE2zWnf7Xy9@_ z!joW9$qMEEmUGf)QeQpoT8;4XIrXmjgfkp(Y52)PuySBGo*0E30MA6+M?L03O}KUp z?UwGsO*1J~k<|KGfX|7b1wz{8N)Z&$S_uRX0ONC>9Ei#HMx$?B_`G-&k6w>kFF3mK zjC~Vc8ZO;+QJ`UCzT+nWe8}sBim#q(%cl0LVkq>Ci;;Qx(i!*b_Ff)661te*OeX8} zcXJ5^s(h!?9WLMzpY<#TdPEfY)knB=&MXmyX{|Ld=wz^JlFui$*H-yxkbJ@Uy_E$2B!nOFIWgN zXlV6j=ti$1;iboI$bqOn4@YNlfA4;H)DvWvYb2`oKiV{6K*#_#Iq?ofJJgS>CqU+W9nPzVwE1gDpmre=eS zvYPm3$5!Vj!lNWqXdL#aJy)<7wzG1ctJ(sl_RMs5Z}Sc3f(+Jp87rhx5f?b}2N9NJ zuNl@E8K>pYgJW!ua3{I@nDgk5@b~WzuWj);L7OaCawZUjf@6%|BRW+N+y0MJQF{gB zF@aIZ*QJ z6Ca&g*_?vc^AAqcVJvN%+sgCHYivIazjhMdHjjRu?iclSlyEiEv78uOL1(hl{svYP z7m~YosdII5scisRNB7RjoEjRK3h#|@U=h`DuFlR)Px&uo4>G)oHb#*0TR0yloBWO1 zoVo^~*4xJ;q60mvahv^5{lhgA_hvEuCaf{GG^m<&vX>|MT0{1~{}hAYklCo=IA!~{ zZ$K$-%1%tnMA&+2hAt?I6U8FycYe5>S`YsfvP+{78(U3FJIt0#Bw9E>nrWFmINF<5 zf%M8q-+ZOzynVgbTwvHM>8x~xy8g1SlO6g9GZuneGE7ZAF}ItSPl2nh8lO-Q04Prr zjBTs-BL;^ytYJOtNm}VIUhnU!Ap?%t{UPLQhqUsck#d3ZDc_0l&@)!s8Q49U084FW zbaFCT0FLyYijwr!^zNnp=IL50RDVp%#PJ(W22a}~EsF;YgV*J@qP(1(dOUhe55)$% zs*s$3fnuP$qH?DA7r|j0gZ$?f1~<8z*{JG(qJ_V)S0z_h)e#H9>+ffvZ1)hA0i9Hr zK^jYF4i;3K*SECu-?8Dxsb>E^Q`gR9%GconLVc7KHQ%mG3>}o+>{NHZgxPvOvog)r zu2wxg1h2oH9iQi5TpP?x5QNHlJUaB`wg{m*j9B0w9cSX^3!=1Rt1q}x|4}&kO`iz! zil)pf&Em;l5}yB*6Ms{yOD!T@V}wE558^&ojo0ielq>dq+HOn6WjZ=CNX+m1vX1Pd zyR^8hrlX~bVtX#9=hN@K^9p7rDx zP+8RO1`-=~w12n>H1W3lD+4gh`*Ah?8lN7v*WX-X);EM|8%RFOs1m6dYP?;UAimlR z25qGAC!vg+&c>~;dL-X$nRuUu?@zGi3jY;mYxyV4mM&cx)w&42=B6Yo&B`g`rr;;9 zFY-(>gAwA`;F{RCSSmHDm@DYRb~!K3=4mm{W!w~!MUN%AxT!19=v|X(xXa?9*wGgs zXdgYd8h0=`$p{YIcFGvY)n#gWp6GZdaSY2t{sQEjbLfMFoajgN6SK7(sN`?D3YRui zlu)zZIMQll`R==~(yv&3eVwm7Gpi*Wd9}GtF%Q25kqAYqL{64zL`q-F}8&uBMcLg z75&22`i4oNBq$0n*iBhwTwA&x%xb)9Vgt}4wtVK&etBJgA9&XCFFe23`3FP^3MZXL zz%BMUd>~*YAZ0r+T)75@O;vh9n>8^$Jugo=e{a3NyVJVd7E>w?gnSvBZIxgG?Gf}b;1^cv zfeF~kqkFt7fAEO!^*M~OQTxeN=B5gTozK`MKi2d9{QkNcmuk(Z>u1}h>2`Sm>T>U) zQU`zN2Bt_96ow4bF4v*LUR1Nd)kw>g4V|?ydZ-Pqelv@uTnhPk079s(ZjN~^ex!VW z4mIjCNsd*R$1YG3l9Ihn)nG-<)b_WonM#O-<61NYWl6Pk7Qr-A!sk}xh(K|E{0yncqV2YaIDa~d2|V!i;M{g3l5e=5RxX9!A7sz=C)RfTN@%|zq# zYWYPq9<1)ofqXwCHity6r;BKZ`byPj#y@_~IcUXKHZq7s-|4N+Vl~1`>5}y`g32043rL zB3WFSU7%r#-a)DP(==_zf`v>Jyyv$Rb@e5HZ})u1JlulWUilokfTa1-SAzbZ>ptku zg@Qr7Ni$vhrRC-BF}DwE=N+NNI+#r-0VI-;s*G>csV;cQMQgbEQZzifa@K8t$UsBi zw>=?&EvzWQ*~Y1vfWhI*+)_rWmAZlf*LNpDn!@S|l;(&fT(#XxA>Stz)z@ww=K_*D zA?@Y2V_wIGFY5^}XlI9)J{`a`Sb!o{Vmg;EtgG9<5y|pJlI%bLd!zZ+jf9Ll%D@#F zps<0Uk?uANaU_-)`K~;;r~>CpDjMHJ-n;@?`fAc;1DSL%o+A0kx*PiCj}nV8*d~R6 zK4fh1z#w5y4R(1V2ll)BCA4zV-$wf8Ue{q~N7D48V^0fkoB1`W?_~p`sbyhb5z6&V zJs1J%pKNlPXlZy#^D3HJ8g3W2`PNtDPpR-~Pi9v_h%t_F^3T~xbZLLc2}=1^iTi`? zezd|m_`dZlOUa2gtro8MvlF`H1K~W|u7GZ)sQp+)3HFz++L*$BWulGSezl!lo(jU4 zV9m47w0kM3+;3^w-(*yF_}qB;U;CkuLv`AQPE6P8NZ}88y76&mS38*g{P$ zYZG1Xudhp;@vHyTF_#=14UR5oU{6xtGS|PDcV(m14u*a9^!(BM6x1J+R)`TdLM@X&95@Ygw}mHV{x4VrCLuoncFx}1+x zpcwr=nd|d@wsvyaE>*d^A?wGr$7O9<{&P46?}Ik)TXvN?1QFY8I4hWCP)4@f%mEyE zcnH!L;xYxBs!EX2gepx?fhuVMqG{y{XR8P!ciEF)Z=C9TNCYrO$jjfw=Xty?z9>|LRM@D^c{{4e={E^jM_Y@gMe;A$R-DOJTpy zU;_tc=%=6;ZxJ*hO(Y6OxT+fNwx&PjTZy&#MeYm&2PD&rBECiyt)saSu0$qPHFSXJ z@c5KE8S50Oq=kve8^8xhE4MELLWiemm1!@ZANY3iRT(qkp5#1{&Ai=F&+}@dv7%f# z^kUFc*P3v@(HuECG^B153s9%!eG-G_xA-qMJpzfdKlBQ6Up~HjIKGML=nhk+YkVRY?}6(W_B98&HvF z`)0=kZI8mI=*^vug{jXW(kh+m&!2&N$6RG{KXxZmxqN)vR9m}Q=6MfUt}6K{?M=HS z*-z|C9KWdG)sfm?AauJINWNFe{F0p`*F2T%CU|p5t>oBNtl+~QkMBfP;j`P89jM3- zNPcD(z&)&F@wtw9V&v_uQ~S|fHSLue=7)C4GjOe zTdgE4&3LZ&wx{#uJuvx;Eok#)jg0Ao5;$~lp7uRK$NLk>RtHuALrLiG4;?QC>y-Cs zYqr8p--p;Hdd>q9NbfXB1G{WgG8y6}1dwFPQv^FUzCIvzn_8-Cn*Z+m{Cqk+2#TxI zCG!O#owTxh^}G&)4N{I^?7Mv1 z8;1>r-X%+_UWmWCkm`FmEREen2;bNdJGwVigE%xgqr@^<7qjl9@$ncHYNT=!kcFME zHEYz-|6z15VSjn%!vmx_p@0>%Pu*@NKK!stVv*&44(IuSO*5%Z&qBX%FNnfncHf4c zIG>VpZfPe^L$g`L*m^DHjzdp@>+dWDC`=8{JAC=*2J1t3clS5H7_s}_(dKI%X9Ye1 zQ`^)rFIO86;Nq%Eq=|`OZyFKqs7GU!& zW#ekMgDQ11@dSz4^G_vWet+TSq7tOyqodjHn}j7q5NdlO>#bR!QV3SalKAu;)t}lM z1O1koB)7G>ysC}ai<9(iWMNNYI~W>ci*!`7j)0)r1-P^7h~&a7ziXiIx#Ua zJT6anEHoAWW;fltdd?Jy5GE--GD=rcR$g8@28xKNOy+;@lyn41{W%+rXucLvoePhF zW;9j-9hg@!GLX{pkhBz0QwVU-G}zz1@bde>wOIIOQ9qr5$zq2kPy#61tny!hztz^8 z*#9*pw5-SDrRcKt_zkn7m+;U~=G(^@U50SN4nsu1J3BjjJCqWF<)T)~&U3C9W(m

vXhLvS_$~s@Ebb0w26KESfT+g+e@z`#>K^zk(qu}Qj-su=pvB?et4tI?Cbln~d9l^Lo?Dt6wN6#8ok z19bJ1#YoNeaOW>|Gkm?mM@aXT$F;f}TI{&TNRQT@wq}k5v~sG7dCZCu0-Kr^o0@jL z!ycR?Z!K5UvB54bBs1**%`u}*Os=H8=$gT%rhGuPA{;IqQK5P-H(xG7W$I8X&LxkF zqp5=zFnBOtn_QPSgJNd+mFRMjoqu}#Xk`XJktFahzndc&I6yxW9H^hpF?NUZ}}GU2lz|{p{iD z69N7wcz_^ZM~F$0wS1EFPYMwpw~Q&G(jXa%m_=p8c=ohZ8377MY#h);@izFZ^6A>% z$32ePLt~1WC@p4!JNGKVuZn{xJWPTIU^Y~lsqbaukHou%r{T=uvzBeV)exhyjhLoc zGDyE&bBGl6^wg*ymmHy=k(QDo#CU@4hCjGQlyUG^dYf9#&#*`!NotgvY#Qd`)b*fo z2EtZ9x_77NQBFJF_ZTSYs;97BXYr-BMkR3uZDBUo1igNLKWq7quI_4nh;8pLH>eG> zy_!@sgUdvJfggDt(!XA=6h;S7p8B6OM2ZAMiBpzPPwvigCM02NHwz25#~1`_=R5Xc zAKs*S1zPtY3U_abw)BtT!H@25JfEPrLWm22{{j6k!ccM_d4SGHSabXj(uVyf*FrRsdFkjZT|St%@-V~ zH`oV$n~Y>fAqtg4q_6mq!e)qp%59pRNfr!io$5&fm1>oVL$l(ZzdrbS=zGlPIGqVC zmUvE9X3fA=x^`#4fc3NMS9)cYZ=hY2@H8h? z*>&Taz8_+Waz(xP9J$S=>kX+x>4PvP^;rEvXHHhB7&>!mTD4)i0S_Ekm3}E)Agi7{ zaRj;nRX0;1FiA+bPdJK_brmO3?_5tQgzw5G|udT$0o~xU=qk>`8FU;U5tZ5RRh;7HZr#)Wdm<>sV>|B+9?5K zSSdF3GwC>MG&mACiyME3j5r4SltV{51$)Yv=*!OIG?ig*w|0_AXM~cB)nypR?KWjllb)X5B7XTE!_UwE*4H?@Oh$S$S5yJQ5IyMAAS8mybmT1#XKUxDbXEWr3 zp;2Bd{CTNq0}{FQh(PnDSvIKk&ZAqS^5><=6Z_6BS;zz^NykT{Z-V-$@yfxF)5~v7 zjm2j!y*N6%7asibUmq0TRx3I0-MxvDe5-nTHBYTiGN{5vFBaDpdL7$FI3}fd_5-Zx z<=^(EzX#9T>_jt5n0*dMOs%1L6dgqmEyjg}7Tr3}u&8DIf*gF|m&@ZQ&c~X5!iUIM5isR9!4d((;QN~B2tOc#{JAABE;Zqm^98r z;Y><(Z}oNaakKkN27f@+7#h@CJ6iozU;Nm2==}M6SSJ$z2b-v_R%E9`4Ycjp(r7$= zHZ@c!2ANFIUBdDry$d0=U*y1GJq!7qATA&ICrU6IQB)b$#>n0Aedh(Mqout$h*Ik2 zg7IU^o9$E0)(#ZoDl+S&6=6yaep2B>{*9nJFZ64u9K35D;>vM)osw@wYU*l&vp74+ z9?*~2C{e?3E2n~ZtcWzYQ~K5Nm18&G*&mKP^QqbPa~=V$kF61~y`#9w+XbAnr`ab>Rrzi58myme8~e6?P5jt(D}%vsv}4>8l_@Q z*Ct2wOp({ifaFC7h#_CBNC;b6!pUm-J_~@D&_?Ri_xIQ2p`b2uA3~1{y!8w9CHrh_ zv*8I6X16(q&7*UtMC-R|2$3%<3YgkZ5buo%d1j`S)wESP{@K}A@k~8b+avVNET`Lm z6nc2m4+u2@&TcOp7|a5dGV%lE@=moK)O0kq#C)VD)={@)F5_5?T)JwT9Ee}TMf};| zNNXlKmxOMj&Z7egk1_p?blA&pj6E$p0)OzYiQgy?Oz+AMb-7I}aEh3@j@YSKx5=o6 z%KpK#Jl8S&zE%u<(FlWufiIy5vu8^gU7!`os8YyfvgQttCoAlH~@~i`Taj~h{_{f?vO``bQiGc>GKYquSy%| z_R*qUf}Uab6{9oFVEH_sIFlq|pvh!J4{tefJ{cBt5QoO_FfydCPGwFZS8I(3lMPT7 z#9)Tllc#38RJ%w#QK1|l6hd)K^E3}JyEC=X&OI%BbAapM4@(AYwR;B&G@@j<3at%b zV(FvabaY<*x4*YCHlv2R>Eud93kRqa*-z_=VIJB}Gsvp{$QxpWB85(ws7-}>dQxNE zT^uC;+&zA+Tl|mleX|d#ov@Cd1l6n0DdzbqnDI(N8k;H-$5Y5EgiBSVic2$g)iTod ze+Qb|)@HXlN0hVkT2o@5o7*&IXM6gSnf@|sUJ`dT=3Q13DUk85pS;@Iy}*GKkuoCB zak^%M>Rk(#wBa-+nxr$v&0SNz1O%?tx4Vb+R%F>A*P=3J9IWVH4ypT!S=iG#fRAtV zrstoRf+kg)L?Xm%o#alY64Wbue(-&>Hb1vE*CC}Fvkgd8e6djseSGo9+&bGFMo*%M zP5oSIL!=K{HD*sfeT(fqu1!ONMSRiSa7nF2DAonee7B;En?*?w7ARCJj1Che4OOjR zT@aj6{z&%w!1@r$iTt!r70;j3(tFRetX{eoHZ>VGE zsAE^Kb%2p5D)yTTTAHiydjtdym2VS(W^grb<&3z+-_Z#ukH)PW^~6MU9A!ja!~L+s zRDto?5;_Lz3F@5Api{jAC)PV@12uQPEhuL*KyjMr76`&{TYpbDgj1}fI`|VNZ(~L6| zR0p$QT7fS^Gz*;cb>Pn&#iKFKH0@!dDQb33gMwi1Bge&= z-#Bp$iujeY2i17_t>K9Hk#uNMv!=em2EqD_zZ3^mVKpioJ=$#IVh6S^u%t7jN?DT2 z>>6x9V_Ax{$T+xV6h(tm=GoDhXY<)O_9^t)bEnS7Uq zT+4bmfBi5e5B4i|a_>kFYoTzy@gm-w6!%{4dFAd_D#jk`(`W*fBflr{%CcZ_KOD2? zhb#71m5q8Ot{}eeI)xxnZACG}kKd*Kr@;4%K;?2?jMT2hbzy7DmydDZ0RL}a>=8-s z*?{A}l8!$HD1&V`3Ny9y$81_ww2?yPFqp}mUnrShh2us}0aS552fBeKG{TT88_6iS~Fu?Qs%#UUGU^&G1y6;&Oeroe> zZTbz%r_F{xrJ9d&zCd~LK*{;WaLY34mO2W|HN_vKhufcOJXF83q<3}pcO6JkIrP&)1Ru%!LqT0i|ht$pEoSJ82gFY4#)lNF*?tg1|n#hEs? zX_wXE>zHNCoFYq`Py%Vw$@!27>puk@l4TbAs{hK5IvUzuz-0;Vkwyn}U?mLAUAXC5 z>HNR7)JY>G1|q)id(>D6#j3-QEi)$$MSFx+&R8vWE<$P_k$>GNR#?{-%$a3qMDH@p{N;KG?YTBi;Y=nCaYmy1N z%;2^h0+lJZ6fZnmT8du%dwRTQI1$1N_5N{NaY|6DNs`CTr`|2r=H(}rbnnc}aA$9=nahaYv0qHATHC6Ex|&q_B-j}=OBH0Ktd=oS1*@|Uo!Z+>pB8SaFrlFY zF|rPsVih3l{zLI}Gq8cleyJAJ?oZ^LcS^dy#mAU~7@a?uhryzwo6&B=ai~|$_y7H? zW$bqiUw+{Tgv>~0z@l!vNL|F9n;>Y}in0xVNi2Wr@WvGJ3l>#rtvDMNTiPvtAVF9j zwnavKXxcHgtdtuT9uYo1PF(b3wV8>Bla-y@RdlY}unGMfom`8x^w}Yci?wOi#wC|w zlk>HX=4Y|2dwmaUg#IZ3{K#B*4vh{KpqhiEXAv}g3<*Y+eDv(px`1q1M)xI$?Tc#u zNX}N~7K+jV8La~H`%9HoLk+WFp|8PbS9+F_g*^YZ*B%wWPiuWZ)r)*(fz$W^zLm^U znT~fk-C5Q>VVh6bikzhvITfk{Wz%t{K5p7>x!_3Ck5I}OB=a3N~)xix| zSJ;Mi1JQBq(XmmOU1 zR(_~)pc&^ZHPMgCpizTDV&7E9EkMQ~P@ZS%1ge}qkg|Mbsy3Q-l(y)1sgHS`RcL=I z^nFxu6W_*H1GX<6PM7Zf5-(wMoW>*;l$x;BX=HAUhXYW+H2HtaA2H$9u_zssmmHBC z4?v))AMX}-HNnNg+Q-$v+0QQwSbyv3@Ok~w;(i#)fTUOVc zc6i)c%jmnFKoVs4QX8wR=Wwk{i(bzX0|N&xt;N)3e$F&C9CO>K+LAAbazMWy@NkA| z04UB7j-lW)iVT!81QAPop-4ii%nVU7;z)q8SBPc9sLtd-=2Y9I;QuHnnDdmxwqUnt zLJBKF=4{ZAOaE?VNl4brZxam9H?2EA)7CRnjAbhdnb+*=Z8xie0eokr{^If-uVr;& zq!f)0H{!bOFz6}uY-lQF_$9r%%ehe}Tasowqp}`=tU!C9D-efwGCx%-*U77`C!C>V zp4Sw#axClFU>C0w9+QNqa#S4u~ytMf~~tNBHfAZ8< z{Fa)RV;b?bV*8@_-s3t>o9i<+JyfRx%7?ZdDm2&5$NbvFI;?D|q@*=p-)S;Ommpm? zRDf%666tg!ORT4P5({~JYp&m{+Z~$f4>NPl2#4GE$~ZB$_*aT6ReN#wgm8_xG#3~R z*EaXso_bWUmRd60Jf)YZOO{+Y<|E)isx+d>r{|nuX&fY5s?-@7Z4nvePjpyRekw-C z!JF{}VQ-@dPA|@7oGn;G2xp>ZpkW&FOpVcAZ4pw^Tzu|f$`mKZon=Dbp+t6X=FKj$ z&v-jpuREUxCMr*EpY8?*_BDknWyABVO3-e8%0ZZB2YS|V3Q}-0wl&t~HU6NYs?7TC z-nw$ndgy*$JPCVhy+O|f@K)xdn*7Tt+BpF|d1D){;I-aI1=JqHzM8#)GzG=RN2F@i z4|^Xnf9u1|^Tx`lsweU@O|z~_;W~5)Y1L9yjg-^#hS|tAa{t6%@G?MU`y3|y2 znHwo~Y@0Ab8=a3&;6mn@Q+1WiWo#tnt!}UNj_SmA96Savv@NU7rKJYt9wq^(sq^NG z?}Jh;@SE%3V++K3*RGOV&yZ7|ucpWK&&R??fPgHa>?VAKKDoJ{5yy()@mY#}Ra8Sp zNk=BkFddhN%3OoW1M@6?nmYF=@>x0*I9iA5B}I(0HAOMt<^epgGjC)xR=k}{59A8ZrH2*N15c5Dam;Uk+@bbidI(Mxw7ag*B z7>QZ&2?b)sdi2)ad$BQiGY78&EjXvY?TBwI+x<395?W}l=MniC!vcuKvLN^;SzB<= za&ym1P(CC2Zz}jF(vLk?DdAT&?|i*Jer*B?q=}Pg3QA2Ml(+yP?w_ZSFWR|(syPH% zxY^lxIR$tC4b_20#TgpwvfyRv{ESTn_a&}UnpIc8m_EC(nO=u`r(*TE0N4MPYnks%ftJ-F@ z`pc&geu|VIIDslC2HRI#I-S-NtzZH$6CrOu@^0uQdJci*}{5eqaoy?J&~;`uV+a=L0x(N z=j?X$1t+FbeXIY9*m#bxdJ{)77=ud*3ol{Szjq5%e^gB-Q#fJ$;~(sYEDW=sa)_W# z?-ql={O&K*v=w#-nx-t&_d%tI*K8`kdqi>_TN>Q!|1c3cERFv%@fvjX4WUl{A+))+ zDCy%gSw7fU*c7;1?noXw)Ulec(z8lbG&~_K7asW)-sc6$KF{u1wk$I0Z{EYhL(xU@ z%~FbEV00CSe$vgw92ZGKTwxBI)A>mE&FIO>Xne52`-lc=*#2T-scpf0|4JFt1T_(# zv)=KPjw51ZXb0VCFDQU^^(&KuXva#Ky+kaeTAjv@4A)d>_>x2*Br zTIQXS^VJEp$?2dGZm_>(`fo||QuAHtqlll{NH;yx4;F&l`{`jZP#u7do{^EpbFE4e zt>n?nk}TXjbJ*4$q!pIop|v{M^iPD_Amc1e5FKvV3TlIDQzIV;R*51ZQl-n7gNI=f!wrHEmV$-gKo8aNVz}ZbFiN8>4YjXWd#Fd+jp(L~1i6eQmU21TiHF9nF}lB7}b6x0e*rstM95nw|R&3%c!!v>HXK z2>HU4*xiq08YKzR)P>vxnUV#{r8Cljx{Qbs?tTKD;0?bpMYL0c8+`MjQj<5(q%ScM z{n>SMhJ4}km6@(5ag7=lME|0TKJ_6m{=GZc?7ETiWY!iFWHWo6TCVMd?Yw}euBJ6~jW|Du6 z1j%dhS(6b$>8xl^9$)z6q(C*Eo6%fQSaP-;@q!F^$f6K|!XtBPDppS0*w15lQE-k% z)5GE#G5&p^ZMIB~dt_9(GIR=;N;UC?ba5N741?c!W1N6WMsz$|2w&eFAToqbYexi8 zPa@+myQ+yy$9%MZ8b?11F@0V>jW!ZAct%#N8|z;mAo#v%I9*dQB!?lW=zq-!CXyS; zv-4)*$CxtaOp_CDQ-?oR$)EZzOPQ-w2{E6cO%R706D~#OtwXq@t;N?aR12^2G&8-c7c6>Ij99I<0apVL+4QQCkPGE6GKNzSb>2*~0l}yVTYZ!6+u6#CVteRCArc@oRf!BD z9LJiHRx}>5)3J+_4U@Wqo-X9AY!>hL#$hrO9ON(5-9+G}Tr0y4=W|v@slw7lje) z(Bw{%9uK}I@_uJ7H_2+=us0WiW%p zr(J}mwgd7Ba7>GLEQcr5kW;F`R6$3Xt%lRp_0#9(_20^wNby*oE~7%|$kDRDGZK)O zg0jjY)1=*r=$>NTpFL8go25i0@Knz8n;y>ua~nxFDzKT4gK<|H!n@?^OCc3(seL1 z9<=lZQ_DkuJITG9UQX9|N`g;GV|$1avH&*1;f-NK1td;#aGvU4_hf zLyQdh9SOL;xiiThO;7x9&C*F;9b9zOjLQg^VJTL`sWq+BVH zAkOpbn3nq+_mR|gGZsd=T{$T!ZIiXkRA zo}9swTCjf#dex%})_T5#|KUWq91}i)ZH2saF~PR*WozbC%y$B9*3mYihLeF)=8-#C zM}H#9J0fb5^04tcjXlbNXWBS_Qbb-B#q4W*@Ujh7b~B{gU&Zs^m4=?4ZhUBA42iPt%rBYS6z$tLS1|EV~Ztx~0Qb3%V~*?N~l)sdv1heAe)&-HvdR`vGG?JO3VV za|=oLU{WZekFjba6CbiRW*D)qf4kO}8X>^JO*%M9T$S^|uRd?dl!pkJ>3`*+!o-Fb zG7JnMqrA2AfvO4-(6${xY6nd(Mh!Q%n=ORSOBEOrheUkOh%s@ z?o!({(WMg^P$=VxCXW_a1c~V^I=~7)flM8UgNi}%IBkx=B+I_!`uK~G zoMJ?3b+zBmHN>LEBq75xU28wZOjTu_jO`?acfaUcst~wf_ZHx=N7U_#`Mi%cWYcIZ z;=zL)EUDyoI8XbOdms|o*)cIOQYIp4^zWWi5paN^E<**lOYQso3@#NM?DSc`Yt)}U zW1gw)H}1$~8JVpEhN#^{fUpT0U2;5KftCmJB31@ketQ0=DacX^8x9;K6Z5js!S340 z=pQ8=0|(FLW$waFs#N;QRsxu@A)%Lw-<=>Xdc9eCmd|>p>gr%HqCdYbf%yFu zo9QQ`6Qh-eco&UKm2&cc70u+#)XeqH$rllV6APTfhh);AXEDB7ud7RVJfGJ*F?oPy zT1v96=76G!`hm=WV%5Z@nHkcjYb5_QU0rR>bP;(4`rNNxjk9Cf#suXPWAs*-U!MMi z>RGJOobBjlIX*G2QWD_>=OT`tw_=`p%k^+O>2{C5u*aJ>lQQ3Q8O1B!tDEkt-xt}H zWZ<9SMcI)kANDz|EUh3p0dyJ>o3I6%wWI}g(^8W&m-$T}Wne1hfAaB=)R-WALT+h- zvTkj39#z!0rZ*!fXBd^8C_4d%L3@X;Z|8o1syp)xt2hZe|Wo(N~3HG|KRf2JiVc9 zQZ1SM#(;qS{Fj2YbC#JgTpqr|NZZU00bovcP{hczqO)kyuuLd$Aj=r8P7)YZ*}z+| zr4H(eGWfIpkE>QnMWmp?vNsKrtmaz``mk%T5J`e$f=BT3u@cx?;TAMbRO}>P3V~n$ zN_|qle4@z81ei=YAv({W2P%np4swWp_hKOejhM20ck;me-oVAd8IFCVrys0T$fCX3 z`xB--UareXBS`x@U%|eTD6N5EwU)JdoP6%ofh;V;OTSftRa5~YZ`hVgbRFCW zwx!^JmYL4R6WS-9s6jLyrd8M}yt|EnkvMp%qA9<`@u}Huw&G})_O?cDuCQ-s2j7xK zr&Mi_LB8X^i@a^1gB$th7ME7}s$A%e(;RuUzugdpfkz|+q@m0>Fb31NYkSO zqU&{OaeRnHwzO5PuJ()-3???{QyK3BsdPO~T(0I`6bD99>kl~!mUh{xCkKa2T30N% zXfKW-WFm??z7Ep3ThW9cWp}jAi8y;)s33VUoXQ{{ZoU==+G*|tc7nb5zL;rL9C6RI zR6b9%W6}JzEK_18Ir$$!`%2dknVK3t?d$Ls^3nd2n}^QHoh<>qETv!3r@Q$Hay>OQ{)A(FyG+YwlMzM)V9Gr$FBd#} z*Rsm|Cfuq<1r^_uBts~uuUUuSZ{YcgBm{Ti{7207zc*Z)MhQgnrC&P$GmDd44I)_D zSr1zF)h&%tMhlF3!{Keaz@4e3tJ@ zXYq!+!`jH9@t`w%EIkkV2)#@lgQb;B5yrAp$nMj8N8o{D7|MQO(!`?T!x?8RZnH(| zvzfwyZj(Mm7ADJajgj}Oiq1YStczojnfYdby`N6TDPHo*4@c~WjNEb+f;4{v{BH#M z%YsJ#9xx)2ePW@Y1U~-PWBYX^Md1i=S0q0V=`!pW|M6Q=OM(dn5bu zUlB7Sn%Mj`^~sp;8#p;9&2&`S>X^R6qGOVIpIUp%X!5@!)rECmGPS`{ngSgV8$wsp zBx--`aWRj4=W~>SKttzZrtM1~G|Iz!8`%JTj(^#k8rp+P@Ab65%%sd!w}yG_d|JP8 zp=cgpTmWb2@|zra3lv5*^YYgI#O{uSp~S`m2y!ef&Zw^Y^-^OK96fdON;w`X#n^|_ zdE%ND`ulpd`m}ZgW%>_ehQTi2UEuwf=k(HrXt<3|Lr&d$C#NwmS^_EU_@mtpmf7MQ z$t&her@uzwm<3U0X(l&THP^f6{b}*B9OTRWx-$+NR4V~k=SjvBE!%wbS~`y5gUB~aSFmAO%$`ihy3?{cKvSu)0~~CG z?M+OB>%@Y(o5;fyz2c=^&P&dio0lfs;Bx?){v!EkrH92JfG4a`tJ6@?BwXu zA?bW=s=Kazm`D}qH44u0_WZ!$%=#f|V|H|KbO}!*A8(Hg4Xof<7dYb9$?=8YbbS=j zk6gpjnF6swP2F8z#V~mi(k`NN2#Fz*&W>jg154Xj=HBY)@a*mx{%E7CxdE|^GZ^4s z87J?I_jV#S@N$0}qT6aZUYr_V#S5Vz*QKLv_P(enZ=F5hU2HD)_lzu%8En2prm;92 zLgL2g$mk|lWpSwR8=a*^O-rXjA$7B_s*+FY7l z+7}xp4 z29-?OpYCg)MDav4!tBJ{p~USJp6pFbt)FRaHv0a-1_5`$I+^Y68(QB#XLAHntquHk zBH$AMn*JjBn5GR-j5*WS*W2CG(>=C~V=8TC5pi>*r@g0dczSMO3&$g2j#ekST6;zp z_ULjU=X7PLv!k!Gx37C}Vw<3FxOGhCF`2AzIc1c?ss85H?q2vE-&Fi5{z9&EI?UwF z$^M?!*6xAfWvs$rb83WWWPfLOKVoEfb_+v3lW}$zh6nn(hh{cTIohk1Opn9H#OyV$JwhvfBlh5Ze@{hN-Po!F>&#jYS7KZzK`uh7uk!yQYwOYtJ*uzjYUYCkVM(-22 zMyEq`c7|s%^-c@>V0oakzO8>`agU~Xw<{q4@Bx6Pzer$B2iq$DJKKx@(OU6eJBEJ$ zj;7sCn_lgIRh?X^Gx=Zn>UCN5@O$jEMzhuKblXe@jY29_sEszaOG!IGPE4*b7-FST zV}LujL7O}64tPhO$6c*Qx#8`wW)XLqZ@q+HE$w>-tTh9=p|Kw)&glJT{{SIv$iDoduG(7oJyZjBquI z%VD)z;e&Wxc8kU8bi?QOI;{rPRjTZ8sP1t>2X?{-hEfiFgs;KlH0m^Oy$Tk(7@O4w z_v?cPu-L6uyW5{QpTn$E%aux%!ECcR;Q=!Kqe0ul2lMwdbUPgOtG zYHtAGuLCswCE~NF9EfkNMgN7Z?7y-W{GGk)AG`)pVBL?vV-Qk~j_?vNiYc0D}V zbUud(S`t_V003?npQ>rE*K06Y<)Y<)it?-g}w*eEF!1TAD z9Inf=GxDcuTB|dOBua@)4JI&w2~1%6WhSfLLpnYG)JhMp*XM!pf(cAu0uz{inaSt7 zq|@o3ZW;gp0B$ZHubbBCbZ`g_0001hUmQrkABm=UJl+8S0002~ra-0+NZHR@ng##> f0Km=S^78)&nnF_m*zC?i00000NkvXXu0mjfX$hc< literal 0 HcmV?d00001 diff --git a/windows/keep-secure/images/atp-simulate-custom-ti.png b/windows/keep-secure/images/atp-simulate-custom-ti.png new file mode 100644 index 0000000000000000000000000000000000000000..2828654c79c253f3b1ab27563ae427ccd0895f20 GIT binary patch literal 144904 zcmeFZWl$Z>7A}mtyGw9)_u#I9;O_431cC&D>qdjSyUT`+L$Hmz1$Y1QzUQ2}|GujG z|5o+%Og+6;*VO7&J>6?PJ<)0^vZzQzNDvSZsPb}B8W0fB9}p0batLsL5jYK%hQBvN z7dc&b2ne*He=f*WCN$!|AiRgXvNZfQGzK;^GxqD3s(&HruO1Sf9yZQy5al%!a(^Kd zkH3(VrMtPCt&4}Pvl9e1A|=&d9O)li(%Hq=&DPq+1ELCjLhvt&_AlyYY5I>Sg@>)9 zB?Qj{I^y3J#D7{eovl2)P2DUZ3|&6{5l8;Fb6aASLA?`lHPyZ(->Fnre>Er=%Katk^7lZppOv~28!4jhEe2xwR zf&xNbNP?6F__yJ2CB;P7-}}F&S&;lC+kcflH@RWGBLA<8 z>YV?36@yd6_hy+=tRp$3>bu|$?hiTz-yE*baVm)q%0F9)M_n;Z9(X(5p+i!;NH;ZSS*tn0t0Fo86o$0t=3=U#dB zz46xQ?7h*v3XKO+F77-e^ZFnSI=?@%`LYU9CCqGd`P_w}O+3|*&^eiBY;I;R5`9vy z!~F^uX_{|943G;Q+<3ThJ}fj}&+u5o3G)0b7UsUxz%ckQ_^g4nFL?BoB#8)WQFZZn zx;W)CUGlMeH7bhnsjqC4GdH-gfFalER45p0%wts@FY@kUt@lU#gZb?ccH8NJDN32a zSfRp=F_8fiU37ejIMZe3roALcCEpw^V+6gXU|raw3*Fktmv<@Wh>l955Bv#vq0lHr z_h)?wxMPg$A@MTW!!EMSdKuwa<^A$A;)XZD3Zi)gF- zW>HYndvG09)9GhwI7E0TQMJyCRs~-hA=quH8(+ENi*ZrxBI!X5kYuO4jY8Oc_^@cJ zP%(~RYM7kx+r{V0mj~Kn2M=MyL<@IA{t$G_Pz{xvUbeCI{nZ5{luP0ltwXz|UI_;A z&{|7E5)Xc~s{=>i*{$(Qwe~HZ!9NbR13WWF*xeqMb-R9oCKT#oSpiX-`1v@+Wfh)H z_ytfBLy>tI`qSoc0BdnShqhZX>pg(0{<3f=z* z`n-^W;^axk)|x^EjGaojk0c8uGJPZyb`GL1&*>^h*{WU=PgTMJ<3FKgIIDwkEyqb* z9{6LlVxmj)Mu#ZZj}vXT9+*4|LkF7e+YeJwe_n~P>xtVpZKBJP0=p$0d)`hz9i;Ql zGy##5gC_UPZepgT5wOtl$NL8s*&< z8evXPkfF!Ln>%A{A_K0?r=rhAmfwN1%IY0T z1k>fc1gc9h$`ip>qU2BW{jD1ET_)r2C`rqecXc3z^Bu3l_MNZ zy#}1ku~D(RZBp505lrds55~y#q}@yRg+-ViO>~;9!YSqOFe@C+u#IBta_Tcsj)hvm zQ@yTO<{j{(?6|C$NMiaUbj~c+x-Uwb02OGuRH`uYTMJOzc*`*nXL;67WAV9{E%+f=^h0z!D^ z9lrc@Y$SPhd;ss*?f=2@P~hpe7qa{7)LDlR>nH<&#(IYHn`h4R62mGtkiVB874~lS z);sA~WhSrCfSA-?-MPb8P?Ecy>HF;1-ud&2Zq(RCE1_lS-0I2`;J^=R&Xb^VHrnFZ zKx*fx?S~g6;9UB5%SP$-yZN!&>P?6Ht1Zxd;fj=Cd6sgYJNS?9@f+>hLCbPO^)G*a zPwr5aX5nBm!OZh7ODgW&)L1NFJrcm>OfJ;muxpZ3q5RIIM6;X5|79&syrhnE3XgiyRJ?V(3Mm8oDX7fp! zJ2xzC2|DDA{a|#k{dpps-$MMS3v(2!A)VXZzO4JT5Bj)LD_wDpM|YD$!q~bqR?iZe zS@c03H5hVPcbZJE^57WjSRJ)vcpM>B;mnDy6AYTN@9-twtdyh+Bm=-u8}M6TEluY1 zMJOQ?71iBrG%oQ$knvN3y@>_{xM*Ec7BePU?D2s#zuQUSRSEhL=nS`hhlC3}gdH1j z)MFbql6G~kDR?qUclL+#KhF`a1@Frn{C%w;&#P^vR;ACAKQHfeDJiR_o9Y2||Z#GHg1R=LKu` zrEfr&GhOVq*Axz=hIwGotWWtpipaHG&Bs1JE&AA}KjTGjl(Mcj#hUyzy|J9!o#^v4 znBzr(rS%4`SC~rPBKN#1QuaSIVyLDBGns+{k#qpAI7@k4(T(Wm%B{cV10eA95)Rs^ z0-DBVhs+t^NZ516gM68-RZjq9u>UR|W`Gs*R`t)<oOzJBP_-gO@kffSO5bclVtDF4^~M#NDI2BtppcVLByCC^e4lDkC&G2M@C|~c zN&WFNTd_=soYou3H0#)8E!}P_n}Dv8D0h&BEjCn&35;3PW6JB{@3VLSoPh zdg1i1P!cRRMB?^10b8hCTa#Zz8NC$|StInzkPU(!)_Y}6O|1sPXFI&wH)9}$KRzVu z<;d&)o|Yc^Vg!Puq0;tGKDLZ;Wkf6c#m~5j}3-oXG?+Pj5q_VN?ZrXtjB2c zJ15SsB%k#cjxJ+(IEzdlFxAS}@q6X$6%52V%inU5a6~J1*7FQ>$xehAHPye`@>5vq zo#I4FsGQ#IdYF{A+eI%42}V>$I6^`ju(%h4fzV4VVZZrvpDXY+Pd4_>UwU_Miratg z(iIufLc^h#Dm%dA_6OaL@myvjGA`jH_Oiq;74cEQ!$zl8?RSy}i5Dg7-V!b*Z}_5W zIWU=-8}c4}Hzir6iYVxx$#NMMOv7K)-27b_)(i)fXeIBX99*4Uk7)>yWcViC{1Xrx zeB=^;MkeJ?G^nWFY)NI$m=tkFp2=uJRM!!aL@G&`WjWWZ%4${nmXU;6demuV_Y7Cg zW+=-EMqtSP@y@z2&EdYWTGrjoa~}eeg)`TSlwFWQhGBpy?*DtHt9LYDAU+^00xs?o?PyzlPRwisw9h0zC z)m&;SNVN|^Bx|jx>z`@${D6aURuxw+rbrWzEivTzSGU!vLX$-z9yo3Ghz_;cD z+Wa??#-tRC@nbhqT|=@qtjK#SIPuRzvmD~QcTrg}fYhxh{Zam}Fh?@r`HIcSl< zyP79*pNaq!;RQzs_(Z*%e-ve^rSWx6&assQ4xRXO?Nw&m7(2}udG-fRDQ$m@(f$lS zR(#Z^vEEZyGN$Un22ElV_Xp@dHDm@$p#?yqrN1{cylQVKPb+Ueh1r4?OM6oJ@vDZ$t;_sf<7mhXZ+yo! zp{OCwaE1>~x}jjAzM%B7mg5$mVcbq}K%*UebU3ZcnC+lIr!g9s^H}(v{=KUgj;}vn zb;;#N-dr7_F~k*rO^`Qt;pLatGwjB+QFdl)G?A0BVS7I z1bf9&tvE(tf|&YL4BO`ZDG#a%y@!zyc!EDwAN_PPF%xY;H-ysr!@B3t?a@=` z=JUtdYcp?pi#D9*^Wiowi{&C9!Tqj-(je#z@%H0c-YE~?TG1ExOSAd_2R5@gd1Mw- z%69k~1sDy3y}$0Wg{8G*Jh|Ll&nkqI{~m9AO;C8k+wSso9&k$(@0)7Z#N-2;^{&7~p}&2K%vs?A25XlU?V;CGj+mH1-w5a}^EMmVr`9@#RBw0Rlcsiy!|7>W zN0H~A2@EwoId#==wURTQ<6}Fl~yLRE(ot{wxgiVCllsaN@4c%ObucLt{lyvE~y%`hx zhos7_Uq!$XDgqp2VlN46?NAPU(T=Frpdllr^VPlCO&A~DyzxrR@YZq*_%>p+L`-mq4vFYg@aV`p@=c-%ip!cPp{xjw}bS|qkF)S zNB_ziUx~;d6dJ0dTRmv8?r2(-^JWmjH&AuAxHJ+IMb>2p1Jt;34RRpUZ;Kg*rgML( z9y~USM1b46L{_ngv;LV%f6%@pX1Whn7zMw)qE{;i5DMJpvgbgj7S@-??dYZds^)mb z!~M2Dv0(sp=H7qDZZ9&?CYf9;ulMKfM=A)R-uyk_JX0vjAAC=Bu~zw2%r}8emsTH1 zF(YrYPggR2>p5C^;?8pCz4uOS0H!I`S98(YK)|QX_krwgn`oV zysy*#IL7|Rn_9D0C_FuKvAGJ80=>7umY#u510R|$`sz%lstPdr+tr-i=!H`RbqL1M z+I3l%s_h&q_SOXVYc+dunH)^Dql(rQf${&ez^ZU|P&4IA?%|e58 zzD+}*MBs?~nCFuF-9*5_ROX~Dx+BG)0;c@?Xi+vCGwj=2gjPn(aF7Q8wx8Vh;0qF# zX$7cK?weh?lR{X5S6~U0L~eF-;(V=0&Q$ndovp~TZ0DqxyCZr>6#xC=M$>9rNKkJ; zY)qD56Don|=zTaqv9({*=eW6OG}oOlnOt5&gEJ+Yyfb86g+RQ`1d}cGmz*ibR*sSp z|D#p1lRwS>2&0TA=G#+v2E_?btO{2>{M4kA@$4ZmTAp1x}2<NJ|fZ?JvBwlQ}+!7uFLm6jelfQN7DX=g2kaPiB{kFCH-Updt7|BBwCz@(@0E=eifJU%o`v8ipmV)p+aLI_vR;N5}2K zSCRqnCS1DFPR7a1{&u|eRO;3&AYYhBu$>a?NPj83W)U{x62@=h4|D_N^YY*19wu4$ z>{ka+z0LJCsRcm`qqBC#!eX|z15w$g9b(&`O`ZI_1lU+P5eXP}%7fi%+M%XB zztizlOxNG~A7Y`k7vbY?1`F^3IAb`5Pkp^NbPRZ%5tz_=;<&ipM-`P>uf_(CSDPcH zogGXUW1ur1v*&#~fq3Txfo$ITNVEncn`B)ft16Ar_DvL* z^FdiP&kzbaE&2HIQVyum5B8AsN|+q(jk@L;^>jL;Kl8@O1;9A-zXqO z@j@iRnzf1+*ZtT{+?p}(BW{z_7oD8kL-?Y{pJ+Z$D76baS5kE^ zGF9K_5%C-GtvLDgd@V`;atvSF+eG`T<)j)KK`@bXcK`|-`5Wx~dTge@nX2373)TDw zcOILd>h5=a*1em4M7$LUhELlBJrPm63~H<`fP9V|YAfipZ%>ukU%6O@H*5SNVtdxa zx7F!f-WPy3Gsj%~Z#S(R=Op46*OqaeJ1p9c40P-3juNuaEu#I8u7oZ(fE4odt@fL| zz3o&QZkRWdOak5a?x6#ulqf)*JQ0BZxw?~|^{2Giwln`rVs$`|$}YnZ(rp3p` z2L88g%(&6Dsm;7f%d1vei;H3wyC2t26imnf+)tj_>gQi91(5G=>G!ozJ?S=)ML` z9KUW@W3X*bSbMLH#Z5DlOeg3)csq4$kp_{*&iaEaYC7&{cj$0$&h(c!pVY-#8q+6c zbK$bEZ_mycCT?{kI+n_&#t&4o%ZY&fv?v5W|@8iGzU(x&$s#RIPAQ>#6@$S z(#Kctg=E`+-)xpUesoGgrl=O+SDBq2Br1^z#;JtI&?^ts-T2MFWt=WA zI+1qA2Pcn|P&3lOB+~D$!t>Y4!b7cK`&h2SaObB=$j~cUa!R|bVdl6F>UIT*|6HCD zm<080T+&7v@I-xGqu@3Xld)uAY&_9zpzPaXfY&skDFdfafIYYa-TY_T?R8Xo9`RJV zd=6>33u4IVi!cZAf4Q#1ceU?GZcN@JR%>5MY`ZEQtw$OYz&YknN2^3#cEY3WEruu$ z7t*}GkCwL4%_q2#wiODUfgg|fY-kgHh~T|No%8<(yoi47JUbYi?=p*;kBop5#{985|;FFil) zY`d;6ehrK!e?_wVdX(QQFxWeA{el4ZhM`nDRR3U0P0P3}F7fV9;{NDQKRA@>28$fz zk6*if3z06?mE)ZTH_s+$h#&05TPpktp&D1UAMKuZFveqN-b!ijR(rJsCrY+Ya_BA(U6Ep2 zTM1&2*y;ZA3H3P z@Das-Wo7C1TJNnnFlMq#W(54) z{Gp+_8fywqiV||@+xE-9-Vh+FhI^~oW5x53>kF&8XK7CAiD?}8%AO4{BkOd+n`UFq zryk6ksxn@eI=PZ|2)5_s^B?yejn$kY8-KR#mJRbnP5UM`|0${W=hDZeaIb!{?B{={Ze%fnJ zaadOrJN zXGC8U<|E6udoNmPO%tKE8W~-@NZTzitw2AC-`NFlYU-dpy4Gd3l=VlsM}J^if-tG+ z?ouOR;4XgCxRQ6f-F{+4!km-QNFkU{5do30+0M4WC@3wMb`=KV_E@%`y0PuqQ~6@9QfS*PS?uj4xBEVgxe_hk=G znVV>-B{~!B{3XF{Ie@(U5#ikLl9>!}$K>>JYnU5+e<9pbVyTsp3;l7kYl^-!d%XGT zf=E0?J}{$FG&;ouUrPk28~X$PVZ7$am2d|hYMbBuWulK-o;FVDM+R=`pFPfj3=K4V z=760lh`aEokAg#b+5zB4FSS};Z?F1#E!rxz`Qnh?yv%-VnJSTTCb`P09zc#$W3Y2{ zh$xR`?8o&!J6A1#MJO(lyF?Msv z6AMF?eXn7VKd372EU$LU^=*(+Mlcl$2)hrRhdwy>;v>qvRbZcRI3_SJQ1#3cp^!2&SF&33#r=hcj@_cyOKlz|wfVQs z?->rJY!byQ8jO!98g>dyiQsEtWX3=bp?8@ev1&TWhLcOXqN5QTcf9L^i%ztS%iZ?< zX#cM-{mpAG&+J_`C;r)5JrDs;Iz81|aU%I_)+q7eMK(<$=bLym){j0l&HYss)*rcN z0?eIZF=savblFsq-bHqrn9cfP`>&a;H;=C}Zc(0QmnN|L%FD>Sn)?@hp-~BzSR{d0kXBc z!9ZGpNoVx{+C8g745XIOXO|mampL}wB>Apr&8L0MhsOJ}N}r?jz$-lqYao8#Z`~$x z0^spXGV6N$_CAvzhMf`QfRGss6)~|5SmX0v^U~AcS!3It5P5ji!y)~dDgE#Ta#q>s z*|0RUBU}j*y`iDh$_S|zu9ilv7n^^p{f}$FU0l>Xx1exNr_n34qE7b|^kCZ6z}XUq z1-M$Nv91UA;LqE~4%YrkPrSir@52*T*c30ngR)O!P zhB7ljoP=_DI2GaahXhk(nb8U<7_&}(Upr5e5Q4{7jRX34 zZonK@1H^6KO3%31)9IS}xe}Yn{z*KeMM1jH{EWQmYKDjxOM+5ifDCpbFx;uB1z9p1 zvG_yVD#D+6Lb>Ytz{FoCP8IXgQ%0j(fJHK4h+0I>m8W zV!y?1K!RLT_U>0lUCzh=+tb2=xBK)ak{YxhyIV#&T1#r!PjoK6*q|#M8A%u-^P>oW z5veI#%JqyBR#qWK^x!4r?NO2}z3%t)GRW1?9_VA2F}5eeT7`3=3$`lbc7T*54BJ6y zky`wZb8s?Q>l!HO;o_jkAH6Uz{+rjl<$TKzG}(Lx8OZ_3-9)>Xxfz1cGI%GHeSy8E zGpW*kKtW5`iE=YH7!v$ot9r;|d^x({&3WF`nc*=enG?J^9`I#f{dsaQ#}D}8z-$Xe zCtoX{{J5@|&|tAhBOKtz`Q}#p1fGwUdiF!4iw2W{J>|Hi=9#F5c=U+3xG`B63Id++ z>`(|?w|&s;mijuxr0dOjhv?h~$|zCXkXKsls2&41J1aam#~=^$#@(GoMh3)G_ZtSy ze8%wdWDAc*5Qa!Kz=O&qHg?~|`Que|kAAxZJ?wBODTz!QvIPw^-el#oLPq~q&6WK( z)x2o3`6Ak!H&LZ@9S4yKi5;-`;I9HOfFlviv`!#XmDCl<<+RB=EpmJmD%pIX96sKL z{K&@^=-$iJF&uj9eG(CJ>WD+0ZjbC$F1K`F{$xR0_Lo9neg5)YI*4f@1Seb4OY~@C<00EPFW;$>Nj9uAdte`2=qOd`j4ykl3adc{!~2 z>DO7iZY2`*TFILa3glTb)`RjHGUF|Rqs@GA6_{qZ39Su{@icZjs|^9dm= zU7qxTNv21yK-m2++J1M4+>{2W$OFro%5bCfT@`*P}RS@5q9KoGF7>>&TPQC#Z#}6arR>v>km?-6M_1m~=KK z25gDjPsV%$x?C`8h4YjTCW_iF>ftlB3TNnFGdZ+BwxNv-n^JiS$O(DR89i)c+R|a$ z8M;W3%NeIj%GW95;?k~*=eRA0GG0!YJkS6mPjp88Igqk->)ae6ChLAGy+x3D`)bvG zZjbecR~s;~UMq$I^bNUOWCk*UnlV*>l&%{ZN5?($T`2QDM6%g{IpcQ^UnAZxNm_%i zF!_wI2Oihyo&4-DfVK8R*H4!krV4l>{g$<2)7DfqhgFTN`>9uS8fhrA&GuB5HK79% zR}AD%V&92@#{KrSZCZ}JM_PJO^CIC6c~HQDot07n)?KJvfGaFHIku^LvIP5{MrROo z?E5V)bWK}CC2P&VZ?xIA$(bGr?P~g+&?hTFU7NYk-Wrpe-$fbEGd!=|qB6_)re}1U z*E@=v4Whfi$O9ptXs263;l$4KBgNHUBd4M%(DueV@%Y-8vwr9(3FqsAE@!v1x6Z~u z!dAnn?I7d;3A5~tt>cHqt0zuW!c2=F{2?6hPZZ`15_ySanb-;QZ*|c*K|9p(=Xe8u zz)?=RF`7nCEa6w`jqjFZxy_-i=~cfjBFx*bu8nWrkNlV$NsGRYHYc#{chiA` zI9dJSwBp#l_x3{IEI#R-;67N1x~C+R8k;}@DpSHY1{!oUDK}is9k%z%VJ?v6h(=1v zT5kvGjW-k{URs{dT8V(~E~ZU){kig6n3(Vdwn~gIGfKvu9ySJMMFJjQZuhrD1@-`5 zSZqHCWNjrm#y5hp;RB-F51Ld^Vw87v_*8aonV|L_iyZVjVywxZk}N4V#YBexT_o=G zX8y|r%v!aey4FM~Ih)C%tbSi_ zx@m<%C}-Kq-xNy)0!=C=qy4Afzj@Vk4T15b`&GI+GIvwr)5@4EEN0^|3lq9csbL@+ zL0fI)NJ}g>=U+ENWpKwDN$2c`U!}PG+9YcXxwJglkAqO{k3TybHfb3)d6;|rReLBIXeYf)$O$^ zq(z)1wcke)obnA_F@=$WEiwaII(%wh3X7%P_?w3&89l@ZXQVC;;vMljSmX*b` zGa+IuM5HArv;Gq-A~P?)&10?v+iypURQ)^NhnH(~#4Bn?SXW^Ll-N}wt7o~~HrRP$ z;ZEz&)I=%UKgoCwd-39F|1`G5tgf|QY4{P)T8tM?BVOwRZ}aqQOZkt@{IH9s5MmQSV-fJGwmFeP=9Gg)mr4%_@V<`OkG{k z!YQ$`a>LDIT~RO%40|3y(q{cS=6?#3_l1j&QD{k9RLAowOW@I1 zSxc*61nJh*q(r*Fj_WvD?k+MKuuZg(+GoCPe=>Tu5u*RLyX;`p`^|Y#OG9HNg0#j= z(Kn?5gdlX?TGvw_8S|qVhnE{OUe>0<@mE(#VoZge7tTSWn=7J_9kv4ls;2hp(Bc9n zhzaU;dGnXo27Xs#b$sCoJurp?(FCzys&|g}@3mfQpP!Wkv zsI->2HPrQ0<<()cmr@&esIa-fa-PcAp31H*Rr=%E?n`w6fx_!n!suT#B&E$spOlqT zmiW~5HOCiOiXE7%3i_YxU!jRSLe#AA3_CmiZs0VVeW}O;`P1Q&cIIQU&gCNTz6N%1@ z9DtW*iDheJu~6}OF^ylv3p~|=}sa;XwtMP1?Tjc%d(Q;^u=r=>%3Gn`3 zV$GHIqLkThZ9cUwM=C{RM=c{+@KZlx6a&}@w4;iD4JKC9%{m^Glz@kB^+87N0Uc%+ z(z||;IqERvSS0PdV)eZE@#NK1S^9S)%J}{IQhIJ!m&8GIbMthN?HSNqAGhO@0%}k| zYH_eO1j*X@i^eYUY8c=a^z?*+vIJY4nXChYV4DvT44D3%2dg9g(z;hm8Il!Nd=hcC zqVmZHU*8QBi*s%dr>0!^0Db7=1EXvDGJh`SulSdp{8*o+`q$H7bs@cK)_&zs8x26} z6pv%w@>mzY8%575d)^B9!Yu(fVkpP|2DOV|Q(%?8OWEdr&pR(bedGwot2zD5oi;`D zlU4co<|p}JFIR1dj6I#mtN#)!4?S`iZ3e3pw?#w{JDoNIK3i&7+3Kg80yrk<&mT6V zeyCsx)wT##XNSR#){Xt`R$ld_%g`3eBs=vbS_{}Y!co^N4c=pqLza7UI0{KgP-w)G zLF9qpz4d1o>v|ke;}sTzobP0|n#mL8U=$|~W2#c{dGYBq!r4@3e#$`X@chdx!)g?OYGV4`lgec3Z8 zjBx9v*W!N3W;#?Z2`?FFYjh437JBO&KhlpN9{J6bzUwOrNoq}kxO--k3~$*LlW5`C2=BEzB ztpl06@8N>3%E|e#?59`?=EmC!`n8Yk>)J)iEk23x{N*Uj3SBS-A;<>%Ou`5Fuj%~d zaIX}y5Mf+Oj3zwycb7`DFriP&ODwMhI`p6*l+=2s3^Y1^rwLkKtTO2!5k;+8UDI9; zB(1o;IMup&y1I8bVgVAJbgoe|*e=#dRS^pHvZCl@&Arz*z8k3{*w{=iz86#2_U|I`%nL$ziX?61^-W{Fg5xAsr=U% z|GyUd2u{-A6(o|Db!e(o`#6R|{GSE=>w>1zQyZ?#c&SCySOyFR!>S-6w|AtIxAZVj zOdfgkKDwaFEuh$rCDz2xIX){T}0S~$El`|}e97S<#Sso1dW zyQvRDnf>%0w#t6Ro7ir9RL_34rS6dubbx3IqC&e5B7PU1X)5@sJv^Rv>nDSOyQ?hG zd8PH_Qg->+q&P7x$T`fuNRtRklpPgiy1&tI1`dWL19u z4mPw$^>-R{4qfO%h2(CHN^Z2>xBTh@MM zB(8AJUwv2Vy5)AdSQQVH#_3e`2BRF0ZDp~yI+oFpoeW3-U&H)s>|`C)QF-1sP|!S0 zJX#6(g!Mu95g-2H`u{cBPVhe-F$Cv!r))0JFu1xFJYOmNWW;Ncd0YiqBE7LCit=Y8 zoRyGaM}?Kt?`(R;m6CIU`bY7wgQJ#@iqJC(sK_urx_n;3jS;V;rYmX32S1VwXW-PN z(2TXm$?&hQ1iMMXm5<0Q;_(!My{zSQV)t4YL4}ArgzZfinTq&a5}pz~xM`5z3n|*t2rsC0N=I{mL`UdH=5!lRGEz637DYeCh|_`q+Vv>35_dUM`WdINm_j1P z(_QMo$URsH@m+y-kCR-*bTr!XXIh1rQ(Mk^8s{)Ldy!h>JC5MWnqM7%qkijtWUA}@ z8Bwa}uD6;JU}dqWR&><5s|_Ik3)^X#=z&IV+Z&8ZXLsoEVNXB2A@F7tJA73C8V6|b z0=pVlZt&EHa-JI`$XEM;ogP%x&t|QFaP_g=IZe-0@yB#`y4=P6kk%vFeM%r4;ZqDf zBOKfyLX0a3Fvk;RHv^bM#mHDjAU;NcAUD-+n=cO-{DC|5vdtTlcrP~9b&|8G*Nx|~ zRITrMa%q$452!uYF z<(%v*Cbu@6%jROm9E$bk`snX$H>r^+yykam?-ncai>po;aOS8Z43py?jdBC`q2Hf%5v|ubzT-tLxoqRkM}x5%G<#9Gi(_Hz z7N+;fr`LwBjyaSV5G@f~M4wsF-|T6fhYUv@<#zRJte-H@zi@>5x5YIWkXsse$YoZ2 zo2m1qIuCwEi~J=u`;9_~XX3XIo%`lqaa9@-<1@URxTW`09(yD_s~pwE&2-z&>(V3h z@WTz8kX!ivSc1<8Hw6`G7>7qN!?p_?qF!iw9v7SyX4x{ZRMDf*iRh{e39lxGy~JD) z2-w*#ibLa`0j+Rai*(GGdXq_4-q4?`C#;c?ZqGNr4kQu86w?2v^y>0d-Pcma@d&>z z*jW+Kx!r_2yKL>o`UV-0{E9C@v|4jx0tkr>taB+W=RI&FYzW6!wP25t2C*GZ@zxnY zzP|`Mv|3@xQX_)zg~l%zQ6Z%2zoQ+dU43*AZ!sdp-^V zKciw<4hQVaN5@=^m>kUT6y&Rs!Ax;;bxuz$t9~eA~b!9b({WzG*jxVy8#=D!F zvN&)h(uD+ZZ3bA39sJ=h***ac5?tUZ8LhXnHp8?%h;P*Xx>comh zc*DNGk+=Ws6@!XU7A7lBLcmo=K26_S@mGq#_}+$E>QOvQ_(RUPJwDUBc4U{&CJ(Pq zQ+)u%A*P$ip^UnoSB86C)`}Q)_LCe@D$c~h_w>xIbs2dF^nGnX+j0SFWU2q!J*M!L ztB!``t!42~jJ+_oEG%k5}apiSb z`KwgehH(lGWd)<_bVmfx`3P9~y{P8MYaQpyi8Vhq4%g=8rI#v&jCh*yN^5bvti2_if2j-A8f%u97`p(qU_un$dKVPQl*-oLy^V%X@Ve3d7xFH>sSR=is1YBpz%^PjTp z@~{*->3V_G>Eh4Rg~;l2rO9S8U;Z&Ku(2S3;mu%AI%IP}qlQb@Fez;%RsPd<55?tj zs=>tBowEy7?oQi6V+O#2>pOGz_^Z zB~BiBB>eQyvRZjlQYgo%M(O2r<{DLn{4Dt$R_ihu6nm`B7NG*(O&a`yEQJZfUzDWm zLP%C=ikq-N1EVg&zUFMq>Zh0mJ5DfJ`7j3>%umAT}B>rHlQ7sayhk{k7YP!S57S0H^#9dkQb?7QA{o?WjoQ&K<+9 z(7PM$dZ%r@#h~VJ$rq+sPh2fp8kb5zu4h%9>vtgE_1+iBBP@B6&hFeQr@JLb<_E*I zc-q>)QLcnQ5U>+DdYJjUz>s6Qt#K-rV&(MMy5p-81GlQR34HjQ(7o%aHQq?qBT#h?<^yG3&g!=-l-V7tm3E z4p$*IX}5j*akOthcM+5j=DtZ(n#ajp8m6P(T$MGS3h83n)bZ)pE@UZJp~#0y)!2B{ zqs3A>I`k9qbUjKpqQydqtl^wy*ySiLff{G~XDS? z)r9!FW60?2#Q{5!dFd!N6XmmInyPcZibBn!X=bwOk2f#RTW9*7w zUBnx%=rdp`Pn3m-^Rn$chux2&6tzk=vNmOy_+DKLuXy^q=J9F|1C`9}!H&D&tj8IV zsE-qCts|T4){KW*u#ER)v0+|M&TJF=Kc{_|e| ztY|9&4}b@QD!EP+xP_wI-XHFVNIX|0cd@S(jpAaux^G)V7cYRn(%by`?sQm}YIXj0 z%ZpZwBYE0eOQJ1I1U{QHKuM^>!)7`}^MzB`k*{*|<9n1fX$kk^4Y1&Uqj&AEF}Owk zGr!axMnsTuP@K;IYg=UE*V&H+g1r%Hcc zX=2^&+>u)i4|oRjm=I^9@7*k%KzaFV+RT>l+IGa7`XH3ZFf8-uwOZ9!`F=xd2=P=z zQ@3hc4kBIu&F%@k&S>r252;n`548?xVU_my>_gcRmc zQ=FadI7tuiWHcF|Mz`XYjB&crh{~a|jzKH77&Gvc4&8g+UT|lj7M>~sM{}eROFyh@ zklvmH3;PK~4!%w0bRd(( zum8yc5k(`8jjfx!^YRGt|4Y3{*bu({6Zifr z^!X}B&-yQtDu0>h3(HU`MMC}Gr~Wq7uitderuP>Dzj9=#k|zni201YQcM`>vQoeir zlzx;df@OyiRh3LQpRd%Hq-z_{>6!5*#BEFHz7&=hLQ@6B_a!&Qz9z(0OH#%xE;~o@ z<4EXE)cx!Hqiu;;tP{OnK5;d^D4j=2=SU9;bF;d2+T@>HB>{(?;}$V$+uRS&7VBlxjHo&QEOdLu`{!IM!`J8QgzOKe=M0dU~=x#orO| zlds|u(JcI__ouVOLS*{2=@z5x3c95JtJ#KwvG;9EpAmyvYlj5HI15%HJp;6CSW0K$!abJ-`2h1J=uxUErAFR;1}}NZS^fd-FyM@>I+2@ zM;k3DPJhL-TKLEUT2+C&5G1)M3Y#$|`U@)+={~TqmGS_g28>sDPf7X~oVdtX$1ANcIK&e+4MBp4{qMAA_x5n)mU z$8bqav~0Ia;6d2+e)}LpBAqP@TqF5=Zla`Z7-e5VFfH1s?24YSftqWe#LM%5d~C>N z;kCBJA%==)hQ!)HLym)eNcsJ)T1bzBU@}_W-Iyi`*S$ZzuMOLX9zH_9u-QueTcNC{ zILV&gnE?RQH*4{XuGJp1!q%`wz5iX9AKz0Hrj!61*?}uiO=Y{7<~X|4nt3n8UGmXK zBE(|hf2|>JxsZ~0#rvw<$+&-6C3R+8G#s_|{zlQ&AvPH2x;GVRd%D9LFq^oxP}pTa zQDshdyeJaf{+>6obe$;TJ1udgBL6Q>O_yrb=yJ0q60+P*%msHubu^qZuQ6l&BZ@O+ zF{{>Bn`udX?4G07NN6skkit=J6&JhYw7~MU8U>wUvoAZ}P8=jsBj$eKsq20R1jZe` zfs!G+ch?EKnErb3`byvNrUR()h_RNxn+V>QJM34=mDX6f411$ZRk(q8!oiF{xZaZ- z2ng%846Q!`0o~S!`X(PC-K_`b-9j{`;_gsg;9U36%goUr7x-lfWI5iCpoB4BVw}in zhSgqJv<9Os8EosN#LYtBLHx~Rf^516uefPf&JzQjftqQI(`q2P?b%KZ@@P0MdziJO zj|_nwul#ymo#(Ac^mFj0!@!u`qs@gx3A@RVv3ioF1*RKvem7@6mp7;j!E!G0=Xs(T zMMO9am1b`+*5Yd8pfTWa8gv!B4$=J8 zQO8v;B1yvR{{Dhyt)~jTYPzYt&KvT}$qAoe>MO}NO^ozMwV(ptJdY(Pa(a@=>%rIV z-G`>rI@}Kj3;#dPjPjd|4epC=?uCWq25H-g$MJpLzl^#(BB(}2qrM+hFIi9=;>k%_ z>c#prEPv_I23s4#Zmnzxk+9!VC>~+Gxq^g}y1rtyizrv&YzpB zid#zy#`QvK0os`0InYe7lSt zcSlJ%bUR$?(Zj|`z1;d8SbhRz2bh#RpV6FP1{0?YL3>8I2Wklw;2A1F4R`!FB7v^a z8KhqwX7?Q`BF9HAF-+Fean>bhT%|WChid##l#v%;5~_K6v(d>`$Xt~WuYo&XeGuwK z&sq2rg}9?Raeq&Fqz01JTr&DY_up*}(!`mdWI!P4bUTthS8RNdnK%!rNX`{*Q4nF_ zD>*is7hGkejs7hn!U@rz!g{_UUv8)dQM1WbbX}{-%Swj@=u}JT&<$fg>k@*qVp!|y zNmybP*cNv$b`+vY_icdgbY__8setD*&B(-&u0)-~@;WD6P`ffa`%`1njEn17orTCQ zs?F%~dbZ^$Pb~&3K>od*dU*?YOi8H~Mf9?8)zZdZ3->%K<`boXt8fnBd%N&3w#5-& zvYUcxPrv{gU9t4rryO~tD>K*|NwV?CfRF#bhU zZ|2F=*1k5`O@o?uxB2sY)BwmV*VJ1|?Co;mO8=`pbXcx;9QY!P#GCZYAhg*R!$p&U zpN_j_yJ#xNP}^<%!^XE z;OH0vv`UO0r)V}3VPIgvC2NI3n#Ym9x+Bn+qY25WqXSL_43#CoOII1#3sR}7sAgvT z(P+VYjH^dLli_=9lSfBustp<5S$94fxh>7fVGex5cCEnjK&aotA6!lo_3HE>6oHel z4_-K5@5x}-X3AURF27d|ZGR^=1R@tu7`&a~Cub~b14*%MutWFaFnF1`^=U$akSbO$ z3_PJ$cO1&ldl;&SkmJeb>0YMjN~(c2-u$hhBdAGc%A#*{iR$UFXItI=7o#;MufP4< zBa4O~Z@fNxcK>L_Qx@M_05QZTAWimTw!-MSvySDXox1Du-EsO;-8nY30v`#3STl#k z5~+CO*WHK+gY)Ra+gus6zxNX~{`&`|o@PV#+aBYvBSZV;ao?!D<9rvRaejCFs&>3# z#51AiLfL)B_&0V&sLgg)*7`;8rT*Xa;Nyl1g?Cm?dK2QRqQehX;xHgX;r3`HBjmc1 zV#lYJ7Fol`T^!?TkDTyh8}s2EAgwSf+lv3aQcQg3VKexp?Ep=E#GLfJW}FNtoj+d< z^TqFurGb1AyP+nx$;{rfweD@kKNchuNoXP!(2}>m1YvW+gCgMGD>nbmB-{kusJlAS`O<$% zG~=Y|)qtpdLS*6PSZ+&02@m<4z?1%h`1qN05b_-ke&>2@0(*kQvNYB|)9=s4i6~Nl z^5Wxf`$TN=EFEFXnb*uQiV-#KWXx_d)CA+_YAR}kZc<9;WVw;E&MT|kU(@K{U9$v? zR`h3mn?wc^Pl}y$14F+jwi{SM#S3yG?2(9|-J|R%%XW7RTJCc7hhOxL{3R1sFa7$@ z34YsEeo*sQ9(??mQvpP5Wa4hs2jWod^ksXioN*q*$@U_eG!EnA59I6Q~5)r)to_S80PK6t1 za|Vl$Pwvm7!ZTf;93N|A3_t(nkYaL~l$Pzw{BAH$CN$J+L)(1)h^Vqy@de@Xr7sq` zp*i(jF6V96RaWIscO+pb){KXa(Lp*SPypnL5af-DiCBq{hS3;n)Q0WBA_Km#ey<{m zTAY?KcwUHQMFe0NT8#JglBa_N+F^r%cscn~LEy8<&ZB2LBm#YA7Yd&Ww3ZX#>|nMW z5VE0eFC`n35)LmR#fg9$sNZZoVtaIr+wyKOAXbz<8i1+XEz1vQpNj~H|6>3fvPrjm zI~r0^KD%U*LJgoRuuE8aC-<_%s`>+qkZ~u%>%C`^mr?Hgq(6I@Iq4;|rA+nxpO^}m ztu(y7AtWhoJE@~^xKE%p(L^I%U~0Z*opGq7ofhdpC@9=Z$ePFW*HVcPPlU#?q%a;s z#R(ac5?#ZMO+1l4e}&sHhj7%vs6JnK?dX$(pI>7fizOp8B(a4=DmeRBqUdjsW8pw} zpn&<44=oFe(&?N*c4L^wC147Hs&$RK7VrE!PmjJ`kt-CMX|ZM1GrNEr75PJ{o;B89V%x>yx|5`AG`c6Ff7TuhzK zjnz)rs)+v<@^r-2EbwG@?Mj5HK!}RI;M7+N5qcXZ)UoCTnJ=jOw=FxO?2F^f(1GXP1iIo~@TTB@)`rsGg3azJye4_w z3yeX}1zTYoUF2L(mO|WP(Zp-JEu}~rqwA+m|C1g2`F!-LwRJCt2G8UWDVx71bbj`9 zs?C2)l#;%?uUZ{L$-nXWIX5v^2j z#nr0Io0+N4I|z6nFar#Kn_PuBrTHNnKLCufOuX(mxy#B)Rsp`ah`aPiEx}c$2XtR4 z?z^7Z<+21nuds&{HpeqIntn+nASL=4?;!07@Vn6#X{SC(Gq=?(uD!Zn$65+nom zRw=bOb5Bm{j5q$>b-BLeQ@N1UlFXlHUv?hAr}g~BZwxxL-5HBbz78qBF&O|*aG^#T zd(0zFovcW3G!obT2xsi!vv{FHElODRN&GwA_Z0pYRyB9QW-u3Q-#8nR(m{mKM|mf2;EoiKh#K5IHN3;fIwWaBdKU&9KW8 z9D^h7JY4hQcztB(f+~FNcFlW%hwv+`|AqwV5%uwOyxCh$5c)-;T|IZ08YkU=J1 zOCdlc^KlJN0N&kvg)737a}bzIAU$5uk*SSlQ~KaQsbMxdtK%GJ05Xw0m^h0 zMK*{DYl(R@>q7UkLIRuQF9MU7J*Q`LRzriULntV)tO#d|ZG1O$HRWrzJ~!kJ@dpIk z%KSgZQRk*e4Mr`O)a7$9^JVP>C$|VImmiV;RHRGx`ln_}B}8%?+1@Ut*M^LgF#WJm z8SrMhpV6=VZe?1^uq1he#%FA8XdNRqu{qiMA6c`SEu`^!`{qc6n>Zhz=v%@Mep`a* zVAxwxKVcsw(M)P|o!z#savztf9dtC?WXVS%EVxFfr#3hq=}CtSjoS)#;tJ#qid~K| zlrdutt=98*3q!kAZ;ld47)2XzgE=I+LBMC3EjITEJt{);wBQwqekXE63a}Fx|Fu|c zLg%U^4+Emmnz-hJT<_rsgYqa4B6&CEzTEA~5BdY;=#Resbg@v${u>R?V7&!q=-aR| z=s!<_6E{lm!Tv}CBe7ft6srLgtF^Fm@F6dop+^HPj&wL%_IglZ7<-jF5=&BQw!tQ7 zK16+v$yA?ysB&#>Of+x&5~tj+Q-_-)`{S%WRDHje-HE_nqx*6t%t`DjaX?01z7Jjix+aPqyQ8xA?$rHo&xaci)UBXNk)(*;E-6WU+F~jWhWbcvlsB#W70k%IL~kQ&yw=KR}~j zJ2pC?id?ruTlW)R@;M0pk_t%sDBF8qU%hk)%XhX^m#*}f)@%^2D z$SL_ovZ^p~s0_ghX6NJ)hfg9WgH8dMvDPU$NV37p)L|zom2D{lRPLc^-OFqUY>6)> zKRjzZoR2kh>~0Fl>3??;B_DV{dPbQbPUvri-G5VzO39Pyejgj(e3ZzRYJO-f-4Cs| zw`L49uK73AhKNd|##4l|=YnAF5wjnwqck1bThOb{h7x>i^Bv2OS;k_|Q=Zm;8&HWI z-4Vpp*sNv5W$J-&uhFl~D@R2|ud5f`*`8=dTAR;Tm_oP;Ga=wnlK0+*f4uK)%D^oW zwt5;bT%oj}{r-e8rg6N2J7<$4)2%BxRip|pk{B5l(_-e@ZO%ehQvGi?_~zL$X5(%i z+meD}`3hAQGA0X)0s{^e>Jt)#|5!0xx6CW|E@D#heoNF~3#krx=KvBuvn+XMvl$(J zW81i)`sNcR6eemEfq_flcT93;p8@v?bvY-qI5%vobBIs8PP>jk~q!gU1J7CkDQq*$FKEDYU z_VeigTkTI0;IJoC=C}h3HYtOw($D|7Tr~eVIU?AD2oUXn2uvZg#3E7_`8wo;=zfg> zYuJ?;6(b_VB<5KTHsj)~74KPI}?hc41NuCj9ppddv6n47Zztor2x#5OwyFwD^&*y#eJZLt2 z-L@LjR0SWxG8`25#va<6BN*;`l4NoUBGKv&m{;*iEUP;fSTSGyJ zjeNA?tS!4zY}4lrv;Z1Sh=xURwcLvahZa3}Oz~@8VhyHGJC>fUH0U$@atEW!9|nx; z99N@&GDw5N{4j1;@IX(UU!`h&P3Re>f3co!W_{#!L@zcLbE1S))V@;+v4H-*1_Zg% zls6ThpysFxM5T=HAespp?@BN@-88XyTB-o~{mCsx3x~iv_1p2_&rb-(cTHj=ng%k} z-x(PiU3nO%W&n7pe1D^24A8Yd&NQ{1U!otbLEB6ZK@*r9G*@BWM+mXbC@Glw2kSs$ zLG`n7G&!2Yq%-*BjjmoF7`Os2kOH?s8FQuQHO0tC&0rz(nhDJ6Ck8S`bNSp_db!Bp zCnEvEHZ-*q`9rF%@rT8(dXA?%_4j8|`wwpnW1(_HgB(}`kH&7q2Z-0ZMS1-Mx(Ql; zO6iiX+Y_qd7aeqZFxYS+mKfU3>hhgco~*^{%kb>U?lfW?rliauKe0nZc=0K4o$Gag zAkWJ7pK_xUnU!>X@dfcK%jyCxiCu886K`E}0>U>fvJ)?~xMO`KAzTsE31?FbqO>p~2JEM%c?lYz({C~v&{ zduVz(P1!ZYqfVb8sBI4|ggxH*hh=C&NC=~dH4151WZlz}arU^z4X;sjn{Ezwm8fmP zP&S=33Ud7Uex?eJA5GSt?y-oA@G8AxsCL(Q#ith>m=2TD&jhvq7J7H5;6K9`?R=@K zHKFtJVZXpSM#&oeQE%dWVtOxv7KAV!#+Nznx8N0=4^SUG4<>)zwvD@v+;6V#u?e*q z;7OI&<(-s4q$LCJ9x}$c>^BY8cYV8OWg+;!ufYMDD4HvI+WKt)IN@u&Z*vD*fDJ2V zm+yMBwcY?`1(X94$s75kK^E{@Yl_u%5!Y~J zP|I_P8kuxS&n5QVoZ>(;i?%pW=SWlDF{#(N7VrCuO z6YmG0IluLdCxR}-fNOA;_M(x$mxq9lXEX!S{EkUckRohm9FO@8oQcQ(8M z8OpeEeUkOl9q!Zm(`S1L8PBizN#CKUS zgtKOo!^(r()J2eFOA&xMfLt(Zi1-^BH>JKdNcn-OD=@8oK$iytoMs)t-;O zQ%BgF5CC82aE3#p}N z2Co5LCD+lCGBm~I&lp*y;@%{OH+sb)X|p^duIF*IqIercL;g=K!1(n=i-Ast%!8li zqqa!{*=`}T9>l4ESi}a(D2$4lo_rUjybdX4JWPm-BMLH%%!Jgh^!nz46dwfyU6!V^ zL+ROhv&z2pbF0SfxDU)`>%SGqn}3%O=qT`i+-?t5 z>mF=Wo#lD!XwqHpnmFcD@GCzuUrx=O?9N4K95blgHi7A#_B6#TC zd>B*|{F5Xmi+_Dg>(6Q3r6<;w%-WVaxC!Kf$1510ADXr?h3|V*ziXZUfH7S$E2tEX zgIIi6TH2$IHWThO2gRe`!+1Cgg}ZNEZer+=0)L2`TAoyLt@RbIl;vYP|;m1P|y%l$%knW}EJ&)wS4q<{Cy1O1{%(nn_ z-G?na!Q=MsB|T)35_Bk?Cr+QvG8x@Pzou{Y#TV~N@`h5dd@an$S(f<1SD4QFv3%aw z)wJMlMoW{$7mxcWrfQt|Pg)Z^rihRA_%h8gY>nkQZp!PD(FSc7(i2bercldG_Qh$b zX$CHJ9SG99un!C}AtI%nAmGgaq2^2t?T|#I%F_GV{3efllk4paPBC!6ff1_zj-QLZ z+va)w-4J>rg7K6WPUU#nKVeV{FBoTf_> zYAN;CKa4P0DASLwrvAFw97`wQ8$-J(SKXaM8M~2KsEuX?FxsH#>#XOP5lND|NOQ;? zrM{Tm4e$yKToB9Q&2&a7DAzvlc{nQpotN~tNzw8&@M{tUt|`fv z{6w*^O@KDGgwrhpt{iaMib$b_4T;3Mm>dR_S7;D%~!l?_0!wHz@x$#_oL(#IS`~ z#XHGkPdBUB_P}kab~6j~vSiwI`3ge?7hPrJp;eDAH@y>FQ-gLgGYzmEo)zV9)$d#J z2%(UYr`OD?(#mrCckX!;nQ^>Ci{b5gjPUPDf;&Tfq`Z}r~GiS{t_ zAvyHUcNz@awmIWTm>2POyyGI9>b1qX@Q&ZR`_Z-`{r;Wj-IS2}MlPg~Q`D_`S?fUM z=fKgAs&LRw4~^c<8$>xz(gU`Fdg&XRQ)*lV<)Hi!DoB ztiV{^S;%fFO>V!irKGYSURHNISeYDHnHE$B#Vg@w#oy+ID4RV#cVrlPY3<$78 zj7z>0rr#9S4@jG-0&pqfHZ2H?$>EOnn~9HQy~0~rtP&Sqe&_LcgZO9Oqa(VV&K59r zpLN;OsoZ4DmSa^eJxfizK-<8f`#v&tn!W7JVz`+(eCpC>amSB$@_FPizDe#2gDOyE z@8r#Zh9lGuSxMK`inJX?<;h|Tqz)61Heu|$b~+Zhqu2TH=4zXA%y9by8IR_TMvW8P zr>Q5rHmD$j>}}LL;v))tv4t&XJTMT97o@GTN;?0Ew)eWj&TaRUb>C3!>idjOZD?l} zwbc*m_5>fl1kIe{mO67FKe@@A5vemhZg20( z$-NT4UsVZrn(qViB(OE}9Zck9ti_vt?(K_Z7#h2A1zB}}m`5LX7x+xd=b4GmiTiJ~ zXyRKHUL84%(IwWS87hYnvvTYv>}#$E!#pQ9*8LrV-@}UE*{!_kSTO_L_-hKh_~Z7t zs&kGGhexe{3roiH`7JYr{aR)e71Gfu8RFlJ@pZVP1#5z}*J(=KMqju+gQ3D70vC8; zs<{qC^LRV?>@mal)Z?VgY^ibt__I0U7^Y@$L8#t!06@GqC+^|IS%463p1%R#=a2*bEXXK0lG-^>;B zb-rz3IQGzK%aRX^s~#V#RyWs?A+a&$=*55PBb8~w<%+@%NU*HXc;w&`4FwK9_Qot% zMuOR4h%l_|`s7LM;q~O>!cY^OX8^B#udF}EdqSeCa(yV5Q%v7)yt!3i4@+zQN8P&C zNr~_9;D2`LR&d9`8EQNEp{-W}_8@ zs-Hcx?QS`8<;Gad3vNB0Rt{I*&R)94Q%I4h7HDX%9gtQDFXI#Z+7OCOutwx9+1C_5h z?_38_^sLQsa4isxn7P!#XSSB>r6eLGogQb2vuozBL^KIDt}iSEKFo$HRT4b%1Y2py zMg*`h9W2x-LA|OFPZtEEXTAde{-)w@MdVkf$({095M-~^9sR{v6|#aT!LiZph^Z07 za=~5*%cJ_x;P6Mtr$r2s2rj@dJik3dkcMb3_zv(|T5KAx$q$o=UM$KL^`Qg`R1nX2 zd*jCUw?yz>u%Xs^F%kUUi8+4*zOf4!iWi#{Cbeh1(i}b6q@!dgeuDNrT~ga`lQ63b zMlvnQBDdti!(#UkNc5jE-B{oqShqxC?rncN3PZeI$kxAmU>T5LZP)5&Q8lFYtA8McM%cx`Q_*!}xuIy?>RRXA)U z6g27VH8?*!oSc&vFMndnuP-7?5832j#R+0fX%9=yuGPCJLNaXro)dPwakKWy60KDA z&RjM>S28tO&m*A)78NG&>TH(m>C#S(O#OU4E@YUO)CMQ9fUsm-YInOMSbde5RUKK5 zaIZic=1X52+ARpn^?xt*_A=0r#ZQ(i$`mvz!ej!@c_6y0cNq|R7&d~0i3^-=NihK; zEn=*6vG~g7dIM$5hi^Z+NQZ|T{6T2pYZk+VEZ`G5Q(~pKJ!H{adj)i0+o-0K&1gQ| zXN)e_k_D{tsTYdf0YK9Zlo_o7?WMy=EKv9{$RlJ%!Q^1ZR^G^aDD0Vfmm8X_wVaY) zkK4TUwiulN@@;K!#sNAu8<32P<}=>Fp$9;GR%7wRozxeOA(FcQyF#X( zfRm~fo}@H*A66*o2^hSI#l^~tRirl=PcQADAjzQ99#x;`4vaW^+12YSE`JA%g>%}X z!#VaHZDmPZh7yn4ED$0W**XH@FZ-2q84jW7vKlUH0FV<%s*Rq$sB}TnpL!``$3tQ3 zSDJ^67UHQqP^ttFoR)OtYl?>EbEy|+IEDenKl%3*_TpsFb2hZru(Q3lMDy&LOJ~dx zk>By%4{=RJ+&JGaIhj1Iw)z_j-e|x)K|w*_OKY7Lmr>oV8pgDdbXh}~+N^F3(P%<~ ze+qt`(Yj)^v~HH??h-g-p#K6Bx%c+neS7a0a5J09xu4qdoLQ{3nXH(X@$?qMa_-R# z&0PLs!7+chWF=e-C>xHXfN5YsV6JXZh-b7D0nHZS5)C%&Fj--G`BdiDya#pWk${GW zHD0RS&#okjK`J>}S=2}?s*JUmC%~{6nEzF&Y~PFL585~S-)4?@%QE4=vP6`2|28s+ z>3h3}%ha64knSg9`!_vi)>{EAseLtiea7E^}8ag*Sr(WDeQ?3R`%(1;k18&q%Qv0@%b zIp9YjMf)5VSPp4vU@b1FIT8h!fhd_A03Yy;jS#mUSL@wcW{#2j`-j_~W>;n=k!I4D zECHL2R{aMJ4tpbR;PAH@-74i=r;|tGOx8%LEDJBV>_4My^l?!bZa0%&UvH)WFSTi^ z!7Glmoeiy?Xn4ah#WjXx(q1O93V#mq{IxWH-lTxrxZbwVgnt>VwSbhS+Du@%wDf-r zCYK%i3|;SgZX*Luc&97r&fzWv`Zgr_Hd=k|P68;Eynl{+2ZvYf?+>w#$nJ2wxWnVm z!^>EM)_Ku{VUdtQB1NOPsTX30Op)K-@CetTfTaw}abZBovnO@4j4nm>lg1>u^m`t- z^?N!%TfgyYQg4$UOhtVVb;ezZnG7BE&sm&twBh5^J6uFO?+KNQ-Pxf+7W}ghVz}q{5?mR;-j*4Sl|<&}h#p z@6AB4-57ksU~$~i~%F-TK1SUlMDAsSL27 zcbOu)dm5ecE`@-A-w(kVb^egUV6Fh*kpsUFxO8kFS)yjH)I@@dq#bFlQ0RiHF`T+T zLiecQ2$%B26ajhCjh-SguaE0KT%8!|_>S1&bmK&N&3P7Uf^As)vE-@Hv&xk+v%=6I zRHRwt^I93WljqD}AI~NJ`FS?dCn)f1tgNg`df7sf0$2C`kg!G~oCjMf9u7MErpf%r zjm~-|`}8SpzopI9R z7cx|$AH`P@{>nP)x>e0tpoSmd$u@^ahWRc^3KoVz=VeNN`8aYM{%Ji{yA;VM5d79o z1h+aY&!(t_Z$9uioHJjCDDj9hwoz(%e6^e0?XN95Ga)AH1AJ*r<|R0YtetO3)a@QN zHB(q-X~A4YOB0BMqWiJ}CvgW@63ba~MtaHTim)IZFh7D&5;3GeT~af7_1QNngX7Lv zwC9RB^Gc{gXG4OQ`9ak?V*f5tf~PW}6t-M$cCv`bB?PnKDG<{ERubo&{)NV#EzPE@mXirJdNWam~rOPy}+9twHYb&&8-;e}~ zF0!#^E(hDP)6nHe(SuN2*O>ln-N`QXc~^^H?v=X>hcrAUgljFS~5j-phJMQUo+C>1z^cc~j9dXS z+`+~%NOI*xZ__R}1j!66}Nq z%O4zy{Q1=Je9|*#Ap!*KBn6X^m2);>XGdp_ySm=r#LlQo+9X)oyX60 z;R*JVOu?mCQlDx*{>U^Gg@Q{ndJTjtT8hmG+OygXrdFM0iRtyIk}bkV(U zISswqP(+d0@{33^$qhOQAggYYBgw3!Q^&bL9)8rjm)mLl2l9LU5Au7+DAoBq+1azc zf$_q-&L5nRFGo%7XU})Mw79s)fWt_2yH z=;OOvB9u4~4-*A+V#(o5rhl^jD_wejD>PAn(Zn|%*chuE{NLYepipX;eO@Z zIk#iFxeEmY1x|W{AeJznAE5qXZwi9s`Q==r%nKDD$DCI{v}eGjjSAfnCqtZ8KxFw1 z5}X5Mnru0d0PVit_VV2)C0%fVh5q>oTP0w!c;nx9Sx_{|r`~wqq?Az`eUbL?Tyf%2 z`X_SZmSIe$9>@6CaK7V9>BZV_Z|v1PUzFK=FJ1(cDRTB%&sZW3KbiC4a*z7u*e&-F z%`VU7bq(qHW;dcb{zvmK%o%VBks_u@Q=YYfYz~^#BBC^MG9c!mEEEe%$W8E)VAC=S z3+ZGBQcm{$ObM=$?!cEB?s$rLgaju+M9tr``LhoceB(FefZzkX@$lB`Nn=Dfkv0%M ztH!%UOJ3i8XWl~1+og0L$1%;A&%x9#S~5e;*;NL)!&+~0W}3S7ClKXGQuwe)%T7WU z(Y8ESnlk6JP}?`3`%hWy+PM;O`Dx*iZH`R!-CfaM;}4W*G7DL=WpyG+ie%Oy=ABL_ z4)k$V^1Cvy*vjKS;Rs9U3m;3y9;a(Y_|hGeg^F&VEClbUb-&9hSNz2h9toX}PPzcU zqq1J902f=Mnl51!FT#`cukjqtR`sZmdJdEv&&&~;FqP}16X_3^d-jRY=Xz3tpVmD( zS_3GboF^Q?*)BQ~{?;=^A#5zK! zjP6lr4I*d%!w8e#Tah8{s7mN(l#A9s8b8rHVIz_5Q6@EV#70qbvjaCH7g3=V8$d~@ zCVM+$!8OyHiQ%z3T<*P)#AvQB@j4d$x*Kcay}gU(<=w}}=RdLQ>5we8yJr5wp4vcb zY1|Hy5)5-}6w{L;)%rA?;m1-g&=UD(4N~7UQON(l))|1rr?Ba|Ee2)sysP%p#<;08 zpHF6ar0YIK^LRXUQq&rx@lo4V^kEZW&^DeS_|HG1pWWAY=Q3|f)CcJs0@$MwTq zw`E7zjLum5X3y+q?_syZlWyHE);+MA*3Punb`Z`uuvO#w(TKI3mHl4_F^OdmQa+;q^7ZWrUap>fTSI?|81uF6LgWYIPGfO*e-m#lqR4vVdi9(NOGu9B} zq|=i>=UD7({pGo~^)s3IqJwk#Wo;f{cNTThPSo1V-?^fkWINc&PcuMyRFtJX`=xNH zn3ruz-{~iSeGnHX!&*}c2h`R^H}UD1e4?O?~4Pe zo5@OhT+NRehaU8qm;iIiM7xBlh<+ZzCe6K7wHM;xdCLbp|o1OE| zaT|LS$B2Hsh&`y9xxmezA?S)AD|Gev#F-Bsbb4t=pU} z-o0=CI|-N2ZYpmtcmF?o`@4sMbbq%l0%cg3B=vhi^ePS`_1H!W`j zf~Cs;B%yF5w`DGmv(nUK_@PSNQI>Zug#jwCb+^)8SllL4wzEota{-D#l`WGBgt%Mp z_;3QH1R{^qQ~v(=EF!>)2&A%#C`CebvfI~S8*TI@3;$rC!iegt?n#kqL$e!Ne9cM` z5(7?JXu$>=9po0XIe-a?D4K^u^`J(rNw#x5qJ)H? zbG=*-1K5M^m4)&@VW2<;8YS0ZK)A&PMVxJLX+)AE6b%CU$aA0nh+_i7lN3m$>S(|r z{y0Nq&`D{UR7roLuW#S?7q29H#CALI+52g)4Z*OlUv{P8aQh~Mfh_L2z^LYQt(PVo zfrfk+oCno>G0IX_$ErXlaBZA~DkV}0qnhDAwE)^{!M>2LW|HBIz`rsz$gI<*k1kA+ zp(vO7d^tO^g}lzV(W|#aMUptIFF+l zbJJ1P^=EGJA33=F@wrq^w*YnM$ZN0o8_6x5a1 z&G~Zt(BAlWXl$r5fg8Chkl=X6WFUpD09by~n-U3ym98qJjdJqot8B{#g>_HUi48a{ z6o(PheNk11dgrL(f*E?@De0ueF9Uk6ZwGoFy1uYwbT31E zvB^JNpFM0-H0l~wqd3TRe=^)C@~8MP-2WBiuv#0}jKPjFo~$??AK+-HAzaT>+|9iW z+w^>M)qWLbg?%C($5<=;i(GT(y}jn`Q8jquG5=4%=I8%r@6=n;)5x&PQqAuf2Yu-p zrPH#jw`OsJF5lj_%G$4^j;kZV)(?KgK|PDw9wE(Bun3DF6am(x;UmU>$z6)k3RJ@& zw73G0qY+>%&NzxQ6aS9cX0wI3%s?BZLuLjGZnoN5ED;N7ltzpk{w3|EnWa(^kTgUP z4pi7PF=81`9Ihq^`1IZo0gVt#vj_;F1D%vo+)O7S9z1HXl3jg{mnvy+-dwD44s{UQ zV;Q!HHkWwE2GB&AgiTUMAmdjzAYWqnOD=g+SZGd$#4@5}LbFM2VW(ZpOx7^z#Mbk{ zf$oQJi?UbsZ|@L#!+*h(cIz9JWcH}UKGtCT{&i-T`9GNBc`6Q5>et%~PjNx^#_jV6H9(f#YB(xBjvq3lWp5E%!B~fg(Vf#13 z`VJ>odjfs8&Ul{Ba8AO zqxbSRXd8F(xTwnGW5*ohM+ob%+FIkT|C+~VYbN_s3%2CR2pk*nm)PrXLWeVRI8M@W z92x6wIRSXr^JGjK+a2LPVTI}C7UW7Pq)g3cJRy3I+1px*-TOY0vBUjf@w3f=epU0s z|8M2-4%AZrxT~obfI}RMh&Fv^QrrCFPyCnDwZN-0b(OYrI@(8P zvW(l-a5OGN|Cvtgepj&|K`iBY43g`!FKXvO97r`u>T-oD(^){STZDudo~ZdQkM}l( z{b{HM-rFS50qL=6U6&5EWZ&+>qEt3EC2{qAx zWp+ACZ!aLt{MJLyUA}g=4g)z;%wfTn{B~Z{BiZ*8b5-vXD(^JdO>WFcmB`ln#W-B0dQ_z;;8OqM%4R;4kdp0>cr8Kz#g(N6ffDcy@U{V_h;? zQ)KaWnngW?mI|7B>d{)*OQFxbD_L!(xQ8O2cVD`*SX__<+?F@GIP9I((hX7p!@=fx zH@i7fM}`}UD_<04(Vx2wT3d|pxl=~u^z}{zog9Z9vI{I(5f=!wtTT3wydW;k>hHo- zOK9hUoY^t`)CNZlcCi?g&l+cattXm(JDS8}4W-RAU~wFQ+oB4Eq+1^A zR$Ywbz(f42xjnY5x2pw?2Q)Nc1J)G%-eF>5yQ3Z7GGqk$B(VS{Nv@%et8%2#M~&I3 zwx66nw3BzKzW-N}&Ec7}1)Zf_BK(S3F5-uD`_6^jhqUaJ5tdlWv*)JLb|wIUXNlT& zZ!jItJrlp)9oAjxj68U=qP;^i$i%aKxqdQV#d|wFSd5j>j5kEfU2yJ2qGgpq&aE1* zTZ5ex0~jvGsWY6__)^q&#st4+$($~lwwkT%#=*%OaY1c1o;wXv2 z(|K%^PBHepUZ+2)Y&$^PhUrf*PuXUw`A$!qZi~3oIiGotdTl)^B51V~>;+S6I7laV z7}piZ?>2>JzmdsrhB=KpT92U%Pp&&h5GqovjaQPY^N(1edRQI0RV;S47hr#($F{~4rpc5-vpUi?1<%>VqJp03r% z+i)K*+Wq|v_1v4FXo^@w#b0=ejgz1Zfq?iM%*D0q2KIu#8?%xbiZ)Hk-jg9EOUPGM zauS;B(h9y%DomK8eT+b6I4Xt(cQz2O7^Dc@!;2WMNTaqjJjf5kN8*pO)2?X|Mht)nMx zB#ImZ3nwQa-ewzK7EX$zgCa*JN|Qi_oQ5!NroKA_{dzg#-_6PM^Mdbw;~If0uY?Ty z@BI@(QtnWR?qiAEo6{cn5o?ms9DiUtr|Y*KU_KsVMS5j2ciXFb$mr0VnfF5>eW z7+7fi6F74u92~At`uKrIzc(|57L+|p@h9z1Ip^^=eUA=7BIFj_Hbt)|&n`awo7L6O zR%30flq^yL5^hLIW5y?Hyptp1H~@q&5vxM#-~<37X!;r*M8!?FF%*m}LCU4(OOrWu zi9{!zkW?Xn)V_!_g&k^P4V!<5?Q=+|$9QXk%~|~a`;6n}at+#&{bu4>rauB#)uok& zV)vfaN}@jt0$;e%@~2tGbX`f(;w*=@DD`i*!cbw>?KuwVua4dT#wIIl*Wz~2aRsW_ z7}4x&O9}hHhvFm}C@_kwLS?-jz~A!>3;QgDRRIvUwB%%^ER-<_;w75^K>=Y8Ft0{Y zFlPu<;=4-n)RaL@WzpK9B7%&~jY~>Iel3dpqtf1Xr60)^fLwGJTLr}b)*avc@g0Pj zA}OIvc9LASF_I-q8z%^HqPY~Tfe^djVdx%d>rBNasA2?G1gGwZjrU1vgL{|k(a`OFlgpKBg*?zf1a>*KP$5r#( zXkg2?h$kSKOOjMOtjawxM4!)+M2I+J$ZyIp5~wvpMq?v}5~6qqf~-gYg2+3I9!FPP zTMs)l#~C!1#I^eMrY*9MS50_v_}_Z)%ig}1OzkAlZ3?*A^^G#ue@(O;3F>%(A7h|M z1#7}D5{J!~Z_d_C>NEN06_vrUEi{G9k%3XmnrFXK3W>Xx)yi3w&isc=x$@zB%?Ds% z6qSed4%cj1^xSpSzQb3=nhV3V-4#;B7$}jJU-~!A-H+-Rw*!G&t z3cY4c%U$OJgk@c)+#7pD8vs#QDPCEG>RLb;W;q#bi8R$Ey^|wAO+n-|8`JxBMBV#t zRHZkYA;!M6&Qv)jmad15RahKZo3=^Yo)9q@0{k}uO&&pdq<}9#%5xd+lh@yjCVLn_ zEYF3|&*NO`U#|nk*V2j|Wv`S(v_G66FihR&5#Ga_cz&{Up*LQhOzuz`vN^MbW!>&5=X21Dz@&dw%qh#3N^-GXg*oO$rime-Op^3%^t(fC`Nuy4G z?9*b}c!q58X$?%7Kq0Y7ru7hw4Q;~#d!RAbI}n*LpRt!Ba#z6czD5n7$S=d~Wso&KQKbR{gD{@4k)OTm8~U zUGo%Axco)b;asgx?q2$44`wVwblgW6x4hlNRkogMe*U+s@Cx6q{{)8!5jsLWS)fvr zJnm9{liuv@_MXw?xw6=LiG!8V+U?)hmFBpqR;IWpTWHZn2fEXFhvCn%M(-Oddvct$ zR}W-ui8Q6JEB=lbEZ=p>|Jv%9)?!W@%kzv`GbMK%5 zLcyo4K8-d8bG$yTH?fJ1R~`AYOMmd?(c=B_UADEf&r#d)%=67OY@*ylf`LRLh0f&T z8abmC-d!G))+!%hh7cP(!RP`c?x_DHx6G%=Qvydm$_6eXc_`r#lZ)7)U@0+W`70GT48$TK1hpS^Gd$pD%@vX% zkIf_cTW2=^TZ|x%#S_f)b_i=Jl1-RNmzFEs8zy6`)*P^Z}u%fD_gchrXud!JPGX7NGYt&1i0m3jk9woK$U zK{$-%O=pH)d3e+NaQYfY3zZQf!4AAV|ojsEL%BRG;2UNZV9kabS7b^(3qP=JR`Nj&44; z(Z>7xza@lu+k(h~zn9y&40~E@j*ZnSt@(2!)=DxZmD)0~^u5KBUgOE-dG{_vIE7D? z_EJ}uh~{MmOG&CrGp}ew$EUL`-F3B8YIj$(WKvaxD5+NN#5?E1>p>XCrJ2u^5OrX} zYHBR$uX$82s;-pN#GfRZH&0IND)l>CWkB9gmty@JxX0;$$41KT$LF%{uKHg=La}Z{ zvCRYz8U4h3JVe4SSuhKG(_RnyYG7Mn^qTTV?Y3 zrOU>jGr=1;+q0E|@Yx(KMVr+|k8Mvha_93s8?)JBQW^(TwPJs_1eE0{bp~ruR%~Fh zSQ>L=(W6UJ7rWief4Y$q)*4fltXY~%<;1>*aP2>??S}V}wj%l28M`#58-Xz@XZ-k0 z^d%%^uGB)Rmv7$BT2z;b2(zT*RFJE71}BfIpZU`C!TI&!v1+^}59&;Rba7(>t~b;@ zns02B8jL8J(^eW83j*fnV-RYzxvRA~;_6a6i)9*2x09`jifqsS%v)}C{?PpMGl2c| zQ4^o@bX#Mq;d0#@KNMrER))j9WV_p*#8MIsak<(FEfnFrRI4-hP{!c3nb%Tju=-Zo z$?AwT85QGzb2%6MG5m1e&j-4HxYX!u&t_WBguC8cVAYxnR7FirEkSsP3!ZSa+$~9u zMU0UVhU&5x_iUpsRhFdQ0H?}mY){>2DY2=QuUE1jn*XPJzD6bFbgqNvy+^&WNhil5 zHZn-IG6LHPYc;pm%89~See_kPf1II(8vh3)+zxnS7J$$ey5}8|a zn`lsjfM&M~fDjn}h39LH1-F0-JV^gm!%!KUSLH*-0~G^_3lcyLI@gh-1jh$QLsEhR z35u*ShgGRS(X@qpv;ydc;Q$v16fd=xCh^t^fDvE_fuYt~3vPkX0ue@(a&nx*qyq&S znkabK4Xa_LxV5TTCt+cLF_H8n2C9LjIJJ^EivxB73gTw7nD}=y5X8HIv6~7L02l&S zpwueG%Xl2lx*-!o3;-xq@}6dVQ;S1jvzrQO1t9ucIHVbWt1>~x28RdyWp$w0ia!3L zWp6KW@*gjDlsygs19`%4p%0G0ZW3hHs*X!L&TBuPunk9(sueONAq9Tfe;1!KxoI17 z-oiGVeq5OWBm}9o^Ql#Dr3*N^r;m#lpPIXE~TXUFQ3M_`&6Bv!BJUlJv|^m2*`Z~5I0)*f_mAl z<{Te16bamD2BPv--Mo0f&{!ASI(|&_M*w?6!{JHePDq`9(!fOjht1B68RV&E8&L!g7c z+BjhA$UfumudXUse&t9?SZojJ@xNS#WklWQ$LFMie}q+|AQr+(LMMog&QdT6LbOc; zfjVF!krWQRX1pZaaEsXVdqQ1YI~AL%LCaz{2#8oE;`IReX1u45UQNe z=$sjN1d$86T5BO1Zu$$zjpWxmVbM|n7#w&GHdiQNu~)B8YYqimBV||m%h{khM83+_h!O@^v0GN=kroZ&U|5?7KuakXqbr9&sVh|W( zcYmpSD7E-Qu=DgML+>$)yXHUghuRN2b+G!pBdd0qT1jd?9GT%JRT*AY@Otw3z1kKR z5Y7;jV)EuruE~3kzOwh|)$@~~2N3pab=UgRgsXm>_yAJmmM+^5G5-7&@JyXK34+YK zJGoc^0T#dgKz}YgJh5;8$ndDX;Ea5b!<$UO1!-wuVJtzMfkm1~zWcAz0v^l zFGGA2=a2Q^{11sI0GqwZ(h$00 ziV-YVAha)cydfuYhjYwU!$BR63IWI$++plx?D1!8lE>jC%B2;H5Moy6qSYkOqVtPf zS`3WDeMS8TyVx;%L}2_;x*7~(K?k>{$_9m?B< z5HcmTKBYY%?&8h~yB-VSRPBEFggN1Qs+P@SG2LjIgA{k1$pCecm^}>A1dR4yEfeU@ z?hGaQlIKgHmcNmwZi$F1RYPQ9QGhaBY20zDKbG^fDp8Dq#Mq8=!yWu9n?AIw_ZknH zP_F)!&w*diZ3RI^z|;0;>M8l&KLEy3PY{kfD9f$2b0o^(r-OdGPZzp{Q6&~IQ$Jzg|JG5b ztAYQs*F+*fSQ>FRd7LjWd_3WdNsi%3SeC-R`+6}qPf`8*{QBtTD`O=(Eo0#dX#^J0 zdOB%;h&@jAJ^nmwXzO^m22*;%k|4nFcL0b+c%K*UD7J?)qy#`;wJ|!+Ryv{E67d%MeMYiSwGSybGu_&g@ zl>W^JwZzsD`cc+eQqYpM+ZtW~u6F=j>dhNyCLF?4*~(eks68qH*FPqf4b#EB(!=2` z#V7ul-tYMM9?bjBfcFrD*z5S}LOYDbAHU6o%>6jT=DGiiH4ZPV0L(JJy&x6>M5x#k z=KSmndK7mx+RG_;|FRp`bVIdQAKzbFXL9cat+8mxFUP?kV^bm7tjo9Uc}#$9MWNdj z34i*Rhy}ZC+h7#tMr8K@pi@DkK?;ptXH-3k2I%W~zxkUD*3OITM4N@CmLvnY^vR!R z8WlU8%aqi#b1PyTQiS5@NsF1G`C6<9C%IPmv>=+h8Mg)|pfo^JcQVa+wZTRf3kE&7 zcr%?5XPs9_1uA$x{*K9PT7Pz$m22eVX676m1;GhLs9i%Ydr=;Z(O#G~B>_MPx+oeU z!2&?nCS%0*-4MJm_&si~umN|Rnf3s6D*e_L)Ron7oVMV)_lwgsPe^D|lrn1VeWaV` zw^UyY9*lM2E(bUMI7Lhy+^lA}OlRBIJ~_Ub88_ZwJQ?S6SthKz6sT?I6i`UhP?dJK zl;V_y#BOMc!TW!N!q3fToyzwga+KvCov#)`M5#hG?@@hytp5I8xWn$vIO2LwRAv3& zgs?tJ0W_*)kRR}nP5VoK+F!nv_{LF)p0WB9R9}(V7f5v9;q!e|!@=<~#=maTK{j0u>lMSCS4nLxY1G%`2!}kiQBJxCi|nV%_)r13 z)4D&6Umw0c=2KmHc>HkVR>>qRxfL}43oO%9vMOv%6PJ7u(A%m^CCI}%_=_!d%i{q6 zfeWBjh=LH8(&4a)Na!1fVQdqlSL%MgPPZae)M3@OCm%ZDcl^A=7KmUc8{y zo9rom{`>b2 zHq18^=5VxwYk|%Nk?eBv*Z?Y_lSp0V;WcWOY2=>uzr^W}@tc0d=Lgi+kFN;F;61rH z!&|@J)@v3))=tjcV_ILxAW(9=!h9-TO&|u6{5lFyMdDu-^utOu5SOITOw%I}(DUdm zw;>6sahJUcfd8}r#f;>BqxgOr6EZU<$~Gu3yr0;ya;|p} zv0pKQ3e_jE7f50!kiI(-RfI80d^y}nfw|%juZZdob^F+B9Brw)eB{5GtBN6`$#dun zO+yfNoLB7KjLn%TQKgPM_~-|vRTS3o9RK8b;)MJ!iAukcqWGkK$;jKS*WSnMTe`HJ zCrE0jK?0Ja&;hw61#^ejd=Pp451=+4oRUq_q7Hh@m#q!$yx}VJ6a>F_Jh|^vqtxo1 zyoAHK;}Y<=lakJoXpQXB-?Gtjk(Niv9rJMXS%|M8aNGK}~Z`Ns){_Tze+ZpcJ z{3VDUr!Ir@=XLgz2T+v}3j5b3kR9(e!GSfp<5c&Kj>GD5G`-F+usC0TPmCpwtosgf zCYWx%=YAN^?IIYNILq`S0p9mVMz))oAJ^|(Ch{bqxp`*GpsO$nI_4vF#ssOcp6R6Q z%fk?>m$TrbvKeL%=j}M6&XOghyv{Ab%d9o%XoUCY7bcJE8_i11dh~WxxG?u<`rE#C z_Wc=rxke88+?(NWqrCgo!K(XL_QUHTYti}pb{LN51ULd~YcL$dw%_IZe+n=8Q@@h? zn+HFDlKgh|oO@Rtk_2DSM;z3E3^*$KXr3!?vaQ7|JVjU?dCb|F>eCtaG=}eGlv?U} zAj59|+v|7%B&XiF)8;t*!#nSQ0vr>Dv}vj&4X}G+uD(k&!d_3TG#O@zNQy#&s(e!> z3J@%^3E8QR=g&Wo6fukGlA1Jv!z>M4ZDgJb>Recce;wuP&)9(iqH0(us0ne;Kq_Gh zR+Y6skj7$W&3d6P3@rHT%Bf(5cl&?CY*UYZLW$*XhD&ew_mCZF;G=Yz7b^`=7@e8w z-Yf$*G!UEhq?A3WsIBKptm_U96M~}Y4@=BlFJ|G3YBa~aj)BPit`U8QD|V8Dk(kNnXt=~>2J~(fv zb5yp57lF#NAw2f|+vEU&?}@_0?{21Z|Knfg{4n+3Ufxs-WwNqzac9TJW%SZ@gf4r< z9nU#(I_thC^o6l54#zn5lCBSDY^PlSalN7o*&G2r;JAPbdLZqntQ+Q9Z8=d~$B)1L zvPa5aX`cBmRn=&%=Un6T#!bONeib6&1X+%<$X6PI$cg?1f|J}8B@22|<1E#umtOx& zw$uS-!m35}_BrT?E_ic=Bvc4C`?e|2G3Hs-YUG(X^@ehInP~DJX^rZP5xTN-WIgmy zIz^5^%ju~PPn<`MdtO1%^Srq_lJvqZv>-0R19c9n)bF>R`iQ@7b9i{JsN~@JW}@tf zpEl@h)UK-0p-cqClaPW%KuFqa({5)KDL|Ci=mW;T!KGNqjgl?6APNK^SO{OXqU85U zu~2B=^GSptKqjj`{V#KfNHdMH+DU%9plAOt&YypGIJkMUDMfiFDJqfFKhGTMf7l_e zMu#B@=VPwMwL0C}t+M#c3@}>??ea45|R*-Rcvz77rkg%BdI5bLQ zI*#)~EU6rbivB}^L+_`HzhMG)fJSrfm>=I zFguPyWRp!7|5`ZOTP9}j481*4WfeL=EvE~SE>bM*xG@`efzss@uBs=bw?<}e&BE}X zYb3@%UUia9zhjsQV~x2W4hm|9prGsb7gzY1U7N2ux_)>^%6P5*trLiM7*Xo=yV84) z`9emQeP)`oKaaI7N~Dy?Ai)KlB+QX8BxTN*QMq@h#bXb39BUI(WfhWHM8TE_8w9A; zl%v_n%BtlEF&1+XS7jGc4s;pUJLh!6+DLs zXA$I*);G{}Tj#oNJ$)IQrh_gtDwKTnx%qg)O6d6W&u2sDgy%GSj`C7S?u>)$=-Oax z1M>VaKp$E-Ko;^!-L0WZ6Iu)>ZSbKo{{RHe`fm!4J*KJlk7P$rB4vr7)-!Jod+eX^ zaE?Z*fasEbCkq6)`8vgPm36q$RCVJN*8)ct8I3lHVx0P(AeANlen~*k<3ps$Q}K(LXWUZfccypMM zb==#0doN|kI6OOy9#$;|I=enAocOr}Y&8YN$bY5~L;DSxr{&E>I}(>icVGa9+#fr? zo?7GIy4*?C>f@R3E1uRH95@`L3M*BP_dC>fNQy@LM0Ne#!vKFf@G{T&MTZFURMMo> zs|{qY@*g*FGIl$JE3o)O`hzTyAi*Ls0SBib^?rFW_4UE&d0*(H%Hk%|C6r~9kLW)f zX)|MRTVh*aW$yUT(q=9OqsYR*UX$C>Mxa3;#9)Z1KvO-}Gt&{`1pJC#!eh5h=v3YgkIqfqm$U`6@hXxWd00}e^Jp^&V zm4!^i4cMD&&@K_9Kq3=gW>AH+Ac&&e;K^;;eWykKc?FTSdz9#uwLsUK(!TMY0ahky zRUcpT!Xtm3pV@Ms)7S8>5f{2RB5Aw5T9fy%`o_~s*Bu!MF%x$!JQnk zk2MsDh(v(3P-hN_%B44Y{sl^%9w=&i>RAUOQDRkYagxkPmpILR69=t8iKwdh*C*0s zjicN5Sw`n>q$`LRBh#23;qw%mtHAD(od0((+Z73SJAJpq&JzZvObCrwso^flT1WA1 zjV6^0D<&k&m9=YH!TBSDq1c^p2QB4y#D%x`l<#ORccm(j6doE0pc=oSJKT9(rJ;ct z9IMMwpTuw{0ECAq1a+Xtan`_XuE}& zT-=x@vn7@`Hfr;q16T`Wk=@2<+hr7G8rY!4_#X1+5?40dkeH%^5w~W$6ZI6kS`ZQu zg4IMkp@&EgmYR1@(4c7!)uKAyOiiE;z8ckK1j9zwG0k(hrklTaq zQ*5`}&rWXEA7uz@Hh+vRQCAJN<>2j#jYIX-%gCGNJ*PJENXo|X`6lmH}2f;*$ zPESy3b(@3i)>VSb^UYu|7+ay$_oUOhNrl}TL04kU7xUS<1z1q#HKrl8f`@R~YqY^V z?!3F#G$kxs@t;E*j!vgEGUtSjC&l%g%S}+n`J&zpGtoJ?R`IoucLi)1tH0ng1p!eH#Nlc z!C~gw@$vbX;d^l_V$#NC@sxjdQOs0Ut0Cq6=VXM zX-y&@wHlQ6AQ({lWvzL|WQGO#07D$^jL-~k~5>QHC`s_Z3bbs09gn<0iJ?0%bd`0W_Fxa1>?jmgi$ zSdyp*Vf_toFjKUeO02{+{_q{2vahLo7)qO77Wa#{7pH+|@cbTK+XCN2rPxcD8(;=^q=3isqeyVAEfTWK*mS)XFO zgo2Yh2ka1tXmsTT3TuVFWzDkh>19ot-}!@UcyztR7xl6ipU;h^ zidXeF>9hUR_bJX9*ME1GAAk4tg%d=PQ3jNd*M?pB1~;Iv(t>KQW9^^34v@ey!(Sg* zpL37)+Ls=d*Sru@!7e!*->DQDtG-c&z+5UATI5cIrYND3;TsujBUNHYwty$`wv9!TH;Z$YCz z8xT#~c^a^};ARN5eL0-OS@Tr+@knGF|3te#N5i&m55ORP+VEP?R9;Mvj)~n5{;`>m z@_@h@J>X#-B~*<#r@4 zwXAxaWmI&t5fASyg7y(qM%F?(@ao8af5LX$@G_IsUhca;u`8;$C<_W6aNz0rz(N-k zW=Qp5bs^n&*;agg?l?d9#s1%(XRa^M{__Jzs9l0S5)osh8B=`0ZVE(fi#bcQN{Vnf zCg3-jZ8w);{e9FH#)l5T!N5M_lu#8nRA;8St80;0Uf3OoIML{fJIUkU=pT1d?nisi zpCxR_*}krXTj8|2hy}mD>s!vp4HWu40~7Go0vLS`7{C62m__df&r07-?h=-PJXsNW zFT|IJW$j-%LMQePXPizLFFU_o4D`=v1ANW#ejooFDXxsr;-C{~CT9OyQ>J{H_t0@e z(weI$U@pjNLj&);3aacXq=qR?25*Y*s&6!d-T`2br9T>0nU?44) z;LMO)_D|tHyn)b)(Ti z?tnj6iKyTPgqvfq$fW+rF+9W(W1s0k-bNwMBN@E>XKEeM$v{ldDN)e+*-)L~dCs*Z zrh)*42-T|N?nB;fe^pexCRDMEg4o@{UtsDWRIyhKbLImsYZWN*elUu58T>dzR+T*>s7`Cu{tgL=_Eqs)9bN->(i#Q!L`2;S~5kS{=?U)tMxkEJ}uj zRt0!U-63`KZS*M+<`BC0_t?v9@90;0s$ft3LkeYxF|@oPo^0U<%&iFao5qvP&Q zyfY?yIEBnoM9m6*!R^^maJ0=bw(H0U^IGqI9yQ6$YR( zC@kYxD*+ef)Y<1}9$Ay|pN*jRjW*%j1`B^xuIFYe$9$*mmZU!>J+^oSLTls20}#RH zWpfq!Uj?;H!GSWR{Z7w0c`~LDgg8o&*j7d=CMHy# z5Zxk)K7*bru!CZyMnO^0+8=5v3M>#95F>)4Hub7NhRFMC#g#_qjd@z7MuN5t5c>xs z%qfU6#9uxtD)k5L%3};h6|rP?nm{Wkf9 zmo493@FH}Bvn3{Xwm47OQr%=DDeya^$Lu*``rE(ROS_AO^5Flve^}slU-86wTeBzc z3%XyO@a-@bf{#v?W!Cz4Zesr1Oy-9F=T)Q)7U?Xx`rJd+!|^6>gT)@77i!)m@}d47%%zdOLar zGqHwJY9Ak_EA3{CV*l=lp3wvf220Z!3L|gJ*VF(MCC%I#O>Zl^T`fVAfR|q??|s!O zg|nB^P^Z-6Ni`>{H95He-~jV{HQVL?qkxM|<-(45w8Mkba1SbznfTp}Fe zw|GrcpSS8))bY3$&0d=yxaYYtLCn+P`|VNDQYtWDV>weF=(>?n$Y@Y zX6?u^9CcE2veto-V~pB3b8HJsy4mlJclY&73sVd4L5WaBuscAU#$t@a!n!d#KePPv zwPqgVNOy37pL1?NhNP;p%HJw&B$HfBIG^-WQflhB{3{Sn zwPKfMpvgilpV(;AYEN%=S~+tSot|F~@g;EWaEJ6OM_S0^-|@r2ZGpIEL4Nu4dUI)y zDyh19duP`3vnE^`M)=p!!adq8nT+p@2aH7tg3SGPc1-W_=iRDx9H%g*>!FNs=sXWt zh+;fbw)=a}eJA&H{`^WX+fR*~qLs5#I+zxkoQe5|Cf2?rK9ez4oxH|iMGpBcNZvUB z0jPqq-0I8Wexv2!Amw<$^o()Kb4k$!(tWK~+Gv$3xBV_}T83-b6lgu4yGM>cV@%#! zNTkzU;_onj{EOgvTc7Mx!;&&F<6R z9=fiuoLhyDGh43*YmpC$qFd1Ez?d`|dzuk5cKdfXbfL)dR}cVpAG^!=JQ*c<;m9_t zJ-h@jXXHCBKyZhI`+9v%?r_mh(Y2d1$$dj(AhsqV0k7E*6{Bq&A1?esOle<=v_YoO zD_1X0cd+o$mRK`v>GiDYGF7IBDGA%Wo&4`D5j>B^=nD++PKr;zFKo%H?c^*q=B?i? z91}~e2`E#YJ>TH&SDxo$URL0+Mi;Y(2KgfyBldq-z`UQE|G)f$N$^dvKe+LGOYHpv zdrYG&0`C~4Xy0`;R^YVDDJqdI>sR3Jv(&+ZFJYF<810@ z$K^*%!p3AD1K2vl*Jz?-!t=sUr*=YWd<1tkHUu%bq(IyDNX>F*PDapyXHyg;k{MMtB2nE%{XT z;LhKg^UH_lbh#b}5B+I4w+6R~5vZpG27k)W7t4oCQ^Vb4_Lg8C#6G>7*qZRJY}*ff zh%IWOFj}!~(%5U)s0EhQUOax?fw52t)N4rZg5SgZCe+a`d8?Q9=r(5EwC2HTvye+u z2)xdifj0b|9~Mwv#IuoI9r(*6))P1{0F^OujCSV9l_;3be`181UsAr-6fwsS+sHE? zLk({o*=5I=lsZDus;Z-r~h2_h+&HFG-~GKxMG3lBy*Ea<%R|uJS6{0jrhNHzoPqD<|bicSFV>Bsf-n zM1z}kv<_Z5llf5l^wvl2Qt@}Ew{^~8G&!RQmN2v;ap%p9oV8vvV0zjOfvH?vO!qCw zEhlr(OFg~*Mn&>pAAH+zAFepZDyi~mSVOfN15->1b8_as?6FGX*ppD@dxLYTQu>cjGe#MR$Y&P(5O_t2| zeD6#-cHD8NqrsX=Ny4`|@E%t0Z8EJg3_mHH&;PgUl03xz;R_=fWT|-VPLELs;ar7j zZ1RNGhJq%XC-|Mi_d!^NqaxTv*b7iWktvHVk)}Pdg)gFlV^!URxBz1`<<~DS6rc%t zT5wYPGfR|?U)ry52eFth>dzL&t&lOsX`VN%s(IPIUlQl;CJ3V>CB`!o^e<*95ZEp8 zs92Kc?UQCu3!F=DC-zx$#sbHU5gd0W1>L1Tx9@idF0cSIemT1-&U);iLt7)kWV|@w-#sGjrxWa+s5$D`?$)}=uD;2+MVtK^CMUb+TWBoY~)B)$wMRwEgtH768YXiLE#y=&E0pL zbGjnTlEqwW=g<4&toJ@f7dgoSK|zq^%Q7ge@%u-um-Ajme=nKwL!4s#HF2aUPfjE)|2CQ)}k z*YOhY;_l(d!7DBlP!9<>k)1+%KyaqT)spW96GOy@#~zTV zDoAxwZ7%7s%j3nJkzXk$AcLfGZ@I!Mb7{e7YApj%0YS(BNAZtxQ4zN@sQO~kl3izb zWJZn2cF?^0c}C7k23IzrJT$^^EJJfWWLFo%bk*xJ)*OvQ5ChX;Ia%nBm6c#%cBE`mcB2-&rG_@;l zbyBiFpNq3=&JUlC_DCBXW*`640^oHjobR+#pYCqPUCeAs{)Ny&btj?bIiQrRt#A?) zj>)vec6aN5#G()+{p#XL5h7A>kVvsTIX3SdRdF?55r#xo{kxYmKMoK7Vwx;g-a=aximvY>ZKubgXV7F9;8Hz&o*DL-THi`L7%wnjYM zB@{F?pwkYv??V2@nEQE~@e77Q4HhDM+K*-30e;z=>c!|GFnS6ouLG zA8kZUMTj%+ww`QLJ7O>pA`ojHw=~oyy8)!>Q1ZgRHYZUNV6x!lXR@T=)h6!q90XpA z1b;DFjOe=9QU!d`f`PpoI+AmQoiPJKm)JzAy0KPd>5X^P5iRg4(HH*_BF8Lf;Y^e- z;Br(caz?R%L0IBBj*-EElX_NIkg;0xnGdc~Q_$GUw>f~Svf^1O2~Ng7&N5bPbYM(v z0E7O9G16#i3Kse$6MIP}ubMNps?&qv>;x~Y#uOjk|Lf*-g!GDBZE}c;4Zj$V52X@F z2mBogHUV7}^VHP`iR=iGG*)M%+!s`P#~DeIAdJr)D`d29q{s+d8FM()_niYa7aRB8 z2c^@t`wmRF*Y;Y z9VuAih7khr4n@x+I#VQ3^@eYP(q1hv2~kNI2I4Zm`iR{;X1DGKXb=$Myji9%;8Dk6 zu>#7gqHr)05nYieA=IFRARoyNgQ##LIax|g6z85h{Rn)}a-UDx2p^5iies2f;tE4z zq`08Em`HPIG`lvstB^R&yFN-b1#jHN&t-c!i3@~P>yL#l33bV4*0YGikWY-7UzN7Oe5SJo|k z$DG)^x|S9kvqi_j8G z$U*bRsMDlA24o5YV`FmA7aoI+S{bnl_{63nd`@aVbRA8-lRfzZCX;;}5w#)7Ha_tl zgA)Tb=C4A7m7i9iLnVF@={$lm0Sw~dLu2gW&o?Enw}(1XFk7}7nD#x1FIe(*Fa8?Df;F0Xoef%R3^k(z6 z3Yq(b-PaBY%+_si=uR;zAQklYqA{_5&W;`OQKh+V7QplHH%$tKOGfiP&xSf3z!4TJ|=sd)6?>s`oQL8eH`hs_%ggDFc z4>1)T{74LNyWj5Iemxwv6@9kV1aalLo!vTF!G2lZK^dmLwk|^&{svZ0jE>fPrpe*C zhBxmc?LGC7;D_pL4G+RvYratyf4>U2I@!jKO@gek+_)>3>whdG>32ML*Wu%J7LC8kff&52oFM<()FWRcsm7JJgX2-a znO_eq@kgh!H{*{1cl?dt4B+sqv$b{s`sW0{UDZ(XWMouf#93jbkPf(*-a{qO9CnxJ zkmNMcx!WKU2p6K!#Se43uSk9!9w6H#ODQUgEqrTeXk@`NOF-KY>JTPAr93~%TsrX~ zdIa6Y`r%QO25Z7+bFjJf;udhBBU5u#!^>|nzbVre# zlcH}E(>Nv>L^YWDS7lU=n>~jN$HdNZ%iK^X1mt*+&bXZL#5l^L91di)QlLKH6nKQt_Tz77v3v$v0CFwa}+^@y&yCd(N z3H@b+bc;JzCV|P*2cj%#_B+1$pxqUZC)r#f6V=v0IJi#1%ZkH?mI1LW`S>49ic9=I zFanXoeYCa%BwKu%bip@{Vf55^%M(^$&WUas_4d^a;_jIg=iFWk1;`dxG&_Mx5A<1t zlqGP(js9(bS{0J(hR}&B)_%T9 zJ@=y@`Av@Rnn%TL2bF$qF*!yiGVF*!^4*PkyG zUaHjdb-+dIeFy{{RFq96%G?pqn0LJoEg|%SOrICiJs(9Xt}Sy{jn#n`7hQ3G^0k!p zp!(5kGuGwvT~n>mlRT9Q<&<%l=#$mKb}d*Js6=@vySl-giPX!N(nfc44%hPxG+Ecs zmS`_1@Iftyj!1PVIp5RdsQ}v9w%=?2{c;Vf!HPM^XqU5^zks-GyCPwv)s@=017tW& zX0T7F^P!8Xs_xG{cQrm=XZqfDVRwFK+CG#U**URtpayfatMUXhmf3~2djemKrMag? zmF1rqaMELT{dhV}(w*-kujpuNzyW*~aB=B%=Q0U;=PeLwB}^AeF8V2&tJ3=up3D$x zm0pL(MHmLU0l8eZs@1%J-CK25!xVv{()N4LHiCw?PuzO77m;+`u8*uX(tq#O2wlC! z^=wY{z=g&8<^9|cfAFV`5Ot(fsLR|L;gGy4q9c?dJ$OTYAP*sf=cU4L! zeR8puC(jp(4x?~X>2tLgaSg5;Fhjt9lOJlan(W*7D{b08CSrwT`dld4sx_uW8^pF8 zRhd@%Z7yy7d4vLairQPzFM_7Dwd6hC#`8ctOB0N9&0_N40BCSHGbaxRLO5m`NsGFu zh1f#O0G62(<#eW3g*_K-Hn60h3-)Em9mSK7P3Rt;=>i(#bidItNh&<-NO z@#O)1&=6jFz1f5+KKe;h^Wo9kH22JV5pxP#q zx7(MVZ*>@FLJs)a(>6JGDd{i5>L?kqi0j5dMvlIE8o^M=7pK^J92A#Mm5uaQEZiyr=(XHmE>l!RK&V9iB#vh)BsHZu$zW2%`7h6mDop_ba059G$lRi-@eUW_f3S~+PLII zeI&)g3*Y*U5R693WPOE7gk^(%pNbbkc~{FBbdVd%pr(q$r$Z<>Ceav^3M+ynF2Ra3 zhmhE+(nN*$Iii4wsxXU*i1vT2M8m>TPDzBzjnoL7V?p$UXRsns3zZzT{1m%HWN{sj zG%j8%#mP7}3ili8x5bA(u@1(T*;$PUy%ge0Pwr+LM#FqBObiZA(ZJ-BJM3Weh$4mg z@3XGKj?$2HiW;azRInjp5DEwiMQi&joDmh|uo8x0Vj=gds$pQ)j;fgT>7j+^dNx6h zzXEH_R2}C5(%-3MOrexzQyd2e7a{fMNfYX%%}5#Nw;sKX{c{!QjS{4TO3uW8Q~tPk zGGmPh0intuO>nFS2W7ZCT z>kbF$qO*&OD?yXQ%QRAfu9pieS>C}PW%06(Ys*;ejT4-?p0@;q@2`Jddm5IxMlx5O zu36i^MXEBnbP7O3r-p ztf$g3@ajtws}J<3E_L<(q}>e%2AV&1op0;@$_aS}{2u~JUS9v#{Kxl;)md~l-*Sf1 z6hpbv;mCiH?Z z%l;!Ng()dyE{K@a+|bOl(r0smswjUwz=RHT076YlWxof}m?|{QQFsg=5a8d_{V#;~ zOPUhiKw$JJUV>6BBmQ2VzeibkLFL;)KtK0~Oi>!+g*oVsD^9E5`!4DU4#Yq>%kIzE zrY866m;I$=jgk*&{$tb`+Wg0OMc2vI>D81_`pqh`CO<_Hh{^7NccLux6EDj?keslb z(fSznZ$lJjoyk}=#$y$BRW-8@unUi?4}005Q&zf-zi^@=wN#2O)(rk{*?FHvZ+SIe zJwn!$-x95i_AMwQ&zQ7(5olAY;AFf3C& zVk-?XXE8rL`QJq_9pyE`(aqjYjLcVvEiJ_dGG*TdlYRB>dGf6%Ar!p#pW{(!KkGTTGElntxd_AUlZFF?kba( zSy_ojb-E;+W<}D&JJ--X@`wUbNr#X|LUz@ynN8=C_d*SZ58t3O=eUpI>n`xtxIom_ z=U%3cVVbjzLu{;`s(6&yNE!TFY*2h|sl#4Io9;!^p|P-M*`OLkCr8WZh5Mchr)ZM; zz0m;SDNnfVOR|@?V!;}?NTj(;_nY$IF%%=^1I&j7W_2aCY{y%c86P+;!oai! znU(xg-oC(}@u(S)o}4$yIuG|C(~!ornwGhuhq6t=cAVsmca^du4pIjuXg1yBJE z(!9=BZt56Qv#>PV?T9zYuS`V>((zyckMM&GoNKb>WWAdR^}oxh57OvZ1sUZi|CF7yEM=w z5Z=_{!W*3@yCw9hEm3<8Apf8no}S*I|2xlu1_WjM4l1;|_;;%Ia9>DlYU#*Z*?acR zTcZZ;??Yeim78SE@{-4Q4b2?_)kqagHaJ5K0T2^PXahD9<{ zWKl)$Bxv?*Pq|U5?xTKbc3U;RF03dk3k2cRnE%yt(P|th0!$1X)2OwfN>2I40z*W# z&J8E4Yn`^TemufjPCH(u{5{3^};Kgwtq1Qs+ zV64OIGyk!A3t6sBh|R4(%oIG+oj;Do;NiEz3GOA%Ggz&|vdFVnn$yIU;{MJwC~A#V zgDaXEQF|JE>4{b>y3>NUsomFiG!Tk`Jy*7yb|S$-;nI z{4z$PoAdI!&KES8k5MvtS!K8V8%>ty8pgY6Kmwy>0eR?N&wgm-$8=PC0TE{x0p3az zPJ8S6bgGfp$rQL)!_I|8+tHN6lVvmU)u_GhP3c+NSccew+_2FaBl#}A(^xUT;Hl$y zsegZ&Pw$}R$}g8Z-{{h~Zz!r7P0Ad=OV1psk!d4m#bb-;#{VDjdxw$Ka~^J=9O*(^)G zr?}{kbG6I&7e7UwSCv>F7e0+?_u;s<;KHy?X<*XFWKLtN>bxU7yt&{+0(kAgs0tEm z{Z~X(UyQEQ8Q#U`Y2bTYpF{I_k!#|9kmSwrg?F&E8=q3jmU}GBM3XCue-57mUJta@ zo!hM=-JeTaOzQRpHXj=<*0S$8cpC^?i^Bab!I){~_%!$ay!``DqHWX@6-VyeZ;3ns z7LNwvOKf7POYjuY`|*`w=Q8g0m5R%Ra3L7&3uaUP?!tOnU{zNdJuW09ew5@;yp*3I zzh+!0uI@_Gr%tV>HZUmFs&^pxrPsRo?Tfi$9=>nM1nGiJqw+~&@5~%pgAH=4QG+6}jUpF8jBi znz@KOTRe~2_D@HWJ=!P*2HG4n8dS&+%%q@~*s~FT6^z&K=IwM1`N;7&N~P3-=OH2Q zEZc(}{MUkdw2S52Tq)1~YQ{UVJ)dSKPCqlzn#dK$gy&o9z-A?4vT)>d1VSlxW$y}b zrohUW$?pC=n9|uMl<7=;=O*=lHc-e=uu1^$=+BXp<*|3=tFeur@I>ObLE4(u`7?wx zW2RF)t~taa`33p5%Bbxz>K|^V@4WJd5+~N~&I-9GhJG=Or=g7riWYokeo3)E7~2Zy zr{bGfE}-7#jy_+B6q(Xl`1rYCUJ&U5>CDD3u6!)?%zd zOiEfyA8<)30~gkTi&PnCIHGJcd?U?1HLrR$=8zDJ&9^x!j8{FVuP>o_ly9x!|PdGY@38?%u2c&LjmEIIe;sp>%)!L#{Yq>Al{ zO3)gGuwY%}X2oW|!Al^I_B4pqb0XzT9Uvn;EUalq8UV`d`{kEyeiRiYN`vYPRp! zc*9d0qmjPgQ*JVU$;)XmwPGMU5{yS8QLSZF^LgqjBb_Hml)Di~Tm|#EQ#5#RJCda# zA`elRHiu~SB+6*JrwN86N?S=DZUDY@4e{A~P%e_a!_==)$X`1qyfE(_9M*8fFAe%5 z64!>xVJgCD>NqzW%RuVWgJ8|x2?s4;JD4S*EFzK=%w7% zGB)0;E-MY4aJ-=`v2aOxT}c;e5Tt4}N^@@V1w{fIvb?fgm;Ny5Q{?$8IFO%BMm4Z~ zgcBy~_EBoM@caF7UOq|-(**ossSeT-lW2gxF;vTRvjtmlCqoDoWVp558^X3J)uJ>6 z0n^avleT#J+NFsVPW`0AChkTgP4@7H>IqLLXOvVjBx`VCYF62Tfj>Crgh=_+)%%IZfbHcwW7a5{&x1J}?X=T~)-oC>Djm>;tgyWNG$oa*{g? zep^1m)!EXmN%VNlI$pahcx_IxS-ZO)hB=+XiS0F6H@-;hAs9ETf^~P@=#J|<^J#Y+ zHdkr1pgC6x1jok#nV3H}!5!A^7 zert$b63VWn`xb?*LM@+`7-JMp#2tC)wV?f90L9JCv)TV{dJ;kEsBYuzxqbtO;}c;{ zOG8i!J`P6Oe~8a1S2UVJVd3S{+5O>MYOf|7rg0?0{V8mDyom=oG?lr%7_VmL=2lN2 z#3)sEC+AGXU<42Y+C~H!F!QaqUn-UT3{89~I!b#UBC4;5Un8f;mUZR%zK)MxQ9eudp z{tZ&dTfq5-M>@vR`_s*1hWo^3XO7v4gf|96QRGhwOnMZ#b3K!oVM|nnMJ;9nIrh}D zx#i!+QIVm);KYUFDHT@xRa+i6Iz1e6GJvlpj09wqEWPpB0HAK3)Zu0Zo5kU##Z30h zkqf(T5VQBW+F=)0)CetO{sz1Suv2Hj)Ge;TaTxCVyBp$ycW(a-mEtajK{^)KGfXBb zAfn-R8LR7B-pAkTLyPg<4pF0d?sOqD^H10j z48!Ef{bmVFRB+K@f3d^jvt3!4u@cN5QO?-@5A~x3g2T}#Qb9XZ7T1o7nd_6#6S!<& zls=#~1Ob6bo;CHRz%J0|{SAaJ^It50)wyoBNU$q@z5AC?oR7badYR)tZS##GKHI!8AKMEb8OK(6T7S@r>pgVa!50T(0nBx-;Gr^kbU!RdO2L^=*Gkbjx zCivq7Im&FVU5SLmg3q9Od2+WFt?dkOU2{HJR3L`qW9cA?bTPC%&^cFJ5PB+MaHCQ2 zGtR==6>lro1nJ_S+d|yoMOne@1oOK?oQN3BkF-A5tcfeAffaxjFz>wKBg%bma2=xkXsAP6OZerG_2MDw zdZzhHs3&I0pw`^WilEWPC4+g_G4>S8bj{*yrNfpc3J+q6;MIBl7fCeXYLZI$gQ@r@ z|M?dPz5k1vt!>918igZN&on}~nuQ|f&DIbA&0BhS<9JWJNV~n!h7|7<$tQ_|{ zoZW$P{TVESltz->;-vHSthLyn0r}s>l^LxavDGRLoycICty%zNLt!kUC3yY4P>D5a zyZgcn-jmetoJ@K$Rv#de1Z#N%;g9BbvzyUEO#(ry-aYya3J4z<5-R8tD#=$l$lcTG zb0y;z9A?yI-yxPx?X1y+x{x< zg9(JpJlv&J-E^N2Wuur+iI*j@^O)&(DuMM!Q@G@w*2g$NK%+-fNNcMJ@dR5Zzzg;8 zRg;=v*BhVo34!%DvEc4OMg_Ex*k7%-&Jr7X86A|P7ZKDdy>;G4RC--3bXkMsn)rdGD2y{jy1f$#@kIEIH|34#+!S?p<^h-|jr>mMgz#5sDBO z(-N$E@I;$uMj7^BZ38ku^;-lw%*+%7x!NU;v0E(+V!?@~G64;D`Jz)1;GIBvT~%>^ z{fXte%nD{Ij)1x3jr03a2XJ~=W`rQE`+U`)c%_T{uSxnRqV=JHO7f>}hs+<;_^&Pv zV{BxM=KmI$9PlgiS@Ua|BoM5a(3+m*sHw|^)SsaBNrS4Ml`QAoszLvK$Jd*nx^tKoIU59W=!X>dxo{qxpCpqU*Jsu+*T9R0PpJ~*n_y;Rt`+Ycl! zfV(B%pA|c{1bLncq90?vgub=-^;a*hTWnZd-zT4vBwZ%+DLKDvJT)<&k@@C# z3Btvo5Vn_t4ytsz2Jw7>8#eH70$&hFT_>6&q{-4{Dn~t$vj+;_m)1Bh6KzIOkAyku zB*xBkG$e)+6Xd2;S-~e)Sf<`qSca`qLXdyr{3n`w4CcN)lf*L;g&tOdqSF(O(Eh_& zthsX!QgwaGuw{0t?p@$&)4aKIRMsJP)J=m4PIxEgP{*pG&b21wtZRAzK7Sq5cAx-@>AFYQ(smpwBnmvfZoHlJGN{C~Hv_}lfz?ABh~#U#;3(c{gUH$Yb{=8Vlf^c|YrlviQrdH{QcM?AKiq)4pEn$L#I*2sk&Z{f7> ziDqRGz`k<^i2Z2`Z%`GwL~&46-h3kD&mE3&M?Mp~w@)-JBXlg5mjGq|?#^kyKD-Jw zH6cdiicR(S?MrDcq{(XaM}MZmQu5iwD9&mMSpyn<`8`{S1&o|;Q`~0g}1}tKZd5O(Bh+t=v|+bm5M*x%dLa z(Ff9w_?fLtX8JOTTCarP&M_&s+{&b(a5fmESrhWxeQ|)YkmVu4-#Xc-je*%Qws&XTfpvE4v3e&Ph2Ub~PPDY++HE91XM5hIq+$BT)AY^FbZ|+lneV~u z+g|Z6PdIYzA6PN*wB_4xjVYhLJ5B^E0mGFR?z%om3E!U${XJA*O)zJQmy|)3{}-Uf z1BAer+wI$aze%~^k4}}on`tuh^k$#5_Vh(Z!q_`q+MgB4=@y8TGU{Ff>Do%L>A57T z%0OJ!NCkavm2_XRguYLs=lYv--&g>M!ww7XkL5oN+1T{`k}3^0218sF_x=j{J2#Ra zl8m?ktShie@~L_Zczk3(;~!G@f)L;5|pg+E}cc!{2Vka(^H z4HGnW)H~goMsF>84vMLb&upjKrT{HNVf=wj3w2W0K7w>#B&KFK#UXj2=goWqye5si4kVZpV+um9D5S z^81N4ihDa^oHtJ@Tr6*sd^jHgbmchy2wWbg!zAS}OJnrB`#5)7FNhmdo0D-zTqyi^ zs){$^H=W>Zr%yY&t8R1wU3-ALJV!pUl9YL2JQl0lR%oLAs(PgBq_lCGO6^HJBz^H- z6aee?F(3CQc$%lGSeg}B_psA1y?*H4p2Q%FY18)OKOsIyVq6@K6qdN+WbDaHC|lnr z9$xl6uw&$;A9gbH^ai9HHfAcZ?h2gdY-_xXX+-jZ$S4eKYlxSuur1tAMYn$PE1v2N zV))%U`T4(?qJC&x_x^jFibI{W&^b+X2{5kpSJ*1DFnG9+2%}`*Uo_3*DZgWf@!U7v z#m%~!5Q+uRJCz0_v!t$b#qedFS#D+yQ%B6J)7KY6`4fHra~E5n1MwyZlL-TFI$z=< zd<5`=j|dlA2d-STLxUg~F!%j%^(M6>m#8u(1LV9ykwV&Js@cX3!%ClM6d`FrDAf7~ z;@qJvvL|MS{gIShV>#VV@_b7eyQ7L=0EOr=3{hh8OwQ}>40+nRB7b>Aa`JrShvSVs z`0HlU#?d&&jK4mIEPeWvP5E~^ed4|M4ZXwNSW<)TB#0)vDMr8?BnJs$_6hLp`=!x} zY#q+w!(-!ctbl~|ZQ*Br#0fvrpoM)x$-O!wragXcH%fzrC+&2vxo0=!1b+ZNQ@ zd(R5!+ZOtWr6X$3nean2YevaFWVMBTRZ3U>=Qj2!XnkFa&klj?Lhi6c;b|#OrN}*h zF!f8$kF66U;qlPXFEh-Q;GBS{iDEuAAC}!^=KWIJ*M4hH_T&->s$dBb64UtXaQAxi zZFQGMUJnGdlR{Lj_2b)kmo}j=j~8IGn*_>qsorywPCoOAvXg0-DujFqx0J_{<>Tr? z`DYEDsWyx3(d0oX;5~H4#qZb?1zb@LTtSV}xh100l>9 zbI|kNH1g2x(L-gl)@FrQ1TrAr*mT8?$5b2=I30Gf=J_Rm`BdqA;#C#$99RP!o$|PC zD&7+(a~0Yl_xFBg`Bq-O&8VP8^7&6H_=LcCsKw`ZMIePWj+?S@BaIud@5$APiaOB+ zghV%ykg@z)YvM`lPawXZ47P| zjnzSv0;OI!y3^hM1-pG&zP%d7eHN{iwRA88a>j84ft!$f%Odi%S+cqn<`7!Lv0yt6 zd(tun8crS=3#6x*A3wXFe_2Fc!1-ofDpHp=D32ZobCE{(EJtpeQ;Dt}7>UUPaaO{X_nZ@Rkxm5?J{Aue9|B16Nu`Ct0?L?WRF z3Nt0av8$`@NFt$I`02Rjx%Eam0^_r%Yo%JCWiU}=WnOj_y?mZ98fsCH5HdN}nv^n@ zaAcG2P_+%IFX!dAl20R44Hbk^W5lber}$D#^~Se|Ql9%^InU>ZPVPIn@WbRVp=9H; zJ0&lFk&w(P`kyQQz97=q&#)HIuutEx9fWc@-x2igG}4jB3iV}5Z5|CN z^_a`diuw+4smn&xz>8k+vAr!$Jhdr7=%MAGD1Y#@3UsD3X-@8i9yP+~dP4MeU8%fe z)6GIymP|aH1Z-=Df}y}9qBSuW-$@?#5x4Vjf)0?bKk&rSpGb@tp|xMk=|`_sm|)1t z8vn#c2$>aOGJ9#6x>Ld*( zH;x6rSY2=tH+Vrmnr|}8)r8+(la7~WY=6a)KS@$(kxy9bq#JsWG#BE?8Tp|Ab2d7M zbsY}$nWdty10ofaw#PDUd4=K`#08za9$m@(uM(BufjK4(*v|Rv#VeqOmW2_HQtdXv z%c?L*X6LAHZV9@L^ls5ytSe|rJit3c=18$EQ<_J$E2!v+7;mPaPv^-49NL*Cok{(o zzK_XzUfWguzQjFPEJvy_1UTblc5o9|GX@i<(@2?Gw5|C4`*&``sbq`oMt|l!uWTiL zS&gZfM2NIs@@)mwIPKYrzJ}CT2kT$E^1|Q637NHjSv>SG+(fra62)aXfd{t=RrbFY zC>NHeIBcu!O)gR;$7%7XD{IUK#;dDpZHnif_()Df4c9o=TL0Gjy76c?Sx%f>v3?r(kKR$p;G)Uw+Epi~{#9-*4!d2I zY)Jt$SOFzd9m4h3fP${|F=fz3psWxp>?gsPyQ-$Th0z5f*(!)FwZr}7p>RpU5;~b$zQ+D ze!~JNhzx=TfY2l8$?XlQ#s4KamRew2xvXf~YE-ibM~7aixBT^>t3F$V!*Ip9BcA z3^3`IVNkI#S+ZY6p};eEAcEBzogjA8tS(l@FR}$NQGZAL7es7CEAo>n#Bx49!J^h3OCPgSNz5UGdk#w7}SjOmQ}!^kBZ& z<5}{-l|g0&kgkaN>OVb(?J~}~24c^;_HawkM%x-cZOZ)L|IL9YUpbI^+<#0fyKtH> zDM|@XD!||;I~d>GpG=&EwwG#RZZHMSiG7-XGDe^9e_CBDOe7HYtgvJ3ohg^#Y#=>) z5@4TrGAG^`2pk9`dQ76ipZ?#W;#Gg1HAqQ_D*z)g{E>*Ehu>(0Vr%^;aW0J0H-GDR}&iQopn z?L1(v8n!k#nIpzh}mg?X23uWXd3V0>2|egWXlcv7#84z>Am7fY$$Q z&x07leJOrZ(Vln8u1A;d7r5gSKmdBeyM6vT^3rSn$;f@_ftZt4ll6sB@6vtT9<%V! zt0h`@sByZUNsQgQ2euOa36qwJ&GV+n>+z)d^zi+)ZRer#v2(ARf<|o1w>3LF*?sKa z$_|4Qwczoj{P70BDmS=;uE64#nVR?UEZ0QwLpuqOlMRh-aa#8}x*jvIKWeA*5uW_u z!oMfl+o1Y9y?Q2;8eOM*t%N24ML-qW4+RjG_^zleGJ1y{QXsLuYL2*wvpWR>Y=nAs zpeH;u{@bPu&irabAogVH>-}I}Qu|&Y6`bz!`NUR3QrS8Qgm~Mt&O|<+XoK=$ds;4qCs(I$^$yl{|40lIX^ei9NdYx)$q?uNs58X(jw8`t`zcR_l5zCo2Kip1NSV3&cP_ zt{{zcvi~qs-g9)C`QLm<1Pw8<|MiHc0Z_@EQiL;8jZh;{$^>Q z9}?0*kG7<1Y8Z^*&9wzO_KiXConb;Cuqy;2w~e8byX$BOA0s~`en1k3oOM%~2ips` z5IG5xrK7XX!+8g0KX{=(LyQf7cO)n>y2M|G-Pvv_Chj)j0Y#8UW3VLM`wF+9WH9~& z8O*hgX=3^C z#v>KqBDfQzza$dpuP?zvz!R{YxP)I7A&aIUZY&o&HTwmbLjfMKAQ{>jr1>J_V^u#5 z6EI~?$94L!etub8j|`d3zfK=h#=E22`_`>eSV@0fnyy1wX2TlWN0J(;{= zYdkJ#KHEt~9u@DeWFcXD1-LpiN4tV$78ZdS@uG*r;xe+gkmi73{{`jWPK=i&-K%L$ z3@s?+v&t5SD?$`OTQ!ak$#%au-d}Dj|86NuHh`H9MZW6jmShyZzr)F3d=J30)YXtO znMDE>3Ym2HnBFB`;AuMJkL|p|69c#*IW4)S*$F5btqu*en+o$Bu#IQL+z{nB7yKtp zj`w|yFH(ZT&%PL?e)BZC0oES4L?3KQy&sT7fYzWI3n)COeq`jhh0k5Nc6V16Juu!5 zd9`L+LWh~B=nRY;m=G$bwI)XPo|cSkHR$xuZ@!=ke3?ZQAygpEII5oGJQv>jp?6L<9>YDj5cVF*35nX`5Y<|LYFYc zO{MRGVd3U*_*ndtRF0KL%EF`qoC@hKDN?drUno55LsypnRJbXE(PYG_?^z8yEsxS{ ztx3aSyS!7-y#6Adoq|<=bk-@{X_KcLRx_3L=p)W^VR5B0WW%1dvFf3I{bms4h3Iei zKqL55Y4#`)R167iBD=l*kOb0<*e`Z_JE_>-7w!_ml?>y7;Ruepmx-bEhknVnV_ALN z94Y4^7kQuF$ob}X?7LuCU6-07^BaS9goAI<5^=w!2N6hB>j(n~!kF$(>>*Ss!-uc$DjFT&d z!>Jirl+*}zw#UoOZu7Oap&V+#4{kziLll~v8M|8B-|ZYR+<_V1U$=##lrF(;o~uX~ z?uuY>7ZFR!gp`?^votOgB{5o*Lcd2w-KSBU>`eyAqUNynUeEB}!9w;`F&_I<>S>{F za2^`GwUnmj#k$*=G*9zlF}b)1UB@3-9g7rJwlJ(8(bEukxGOD2g1v7*O5+5~jyFR% z3nHFmCkZG~v{6&KC4-rrQz84o6k!uI2`a^%T{KDNa%rj^N~`s*Ae`2KKYU5khe2$e zj!y*}Rz&kpJ3JN(kH3=Y&M{l6vj^^Hs>3aa!RpVhcy57)o#nJ7s1Yu&YWS8E0kzY_qV}c z4ozbq-1%v7uU(=^Rj@j7{w+veV9(Ln`>xP^>BnKK+wZF{NtR$CNxKc*ig9b|zWk$t zoa>QOYC4BP+7h(dho6d2xTQY2jPU8bb|w#l2I7Aa|l=Z1l-dv3$Ne@djW6f;XlZ8i3pRQ6$n;1vp%F)2HxmW z{2ssnPVgqX-I*12m0J@~~U zf24QkN1vY)Q+-@}+SAe;ygYKLVMd6t%FhUrwcYL;h2X&@Jo^99Icy#3l0!zJ9j`#y z;9cmQ{dtJl;!smGU1wEo4++7#86ks}J02IOh-{@hKy?PhS*(RF%}p9uWuWtFu8(aF za$0xX%n--Z-;Gi9OLzW@9D8}E>90mcqAWF*${G3kP@0atwA5Tx+cZ}=r7qF5F}#A> z+6-Q(bTLArK|%lG$ zx?{9n@}tF0X*NVmK`dnWr)VS<(a>{nrgn!fMb7{w3w3A2t!sQjuu0K)<&*89B<`oa zio{6Rx$bSOKrB!audXH9${}rjopc8T>eId<22t$AWv5uJ-B1^4eDgCqB`kLK+p6`# zpc>fDD)Qy{b{{x*X+V7 zZu3i^Inbk``^xvKAP1HLx2($6P%TNMp(5q2}xum-Lyp1draer(g#yllw5c@1%5bEE+M-58Z} z-0{=89?@GR)tV%e_OViLAJ~|HS;J1c58Es9XF8KID;jV630UcQ90>p_1jEtQll50+ z9y~eu(FWm#n|p@sV_@lRmS771=MM^-tU`4UtAoV_DW}D22K;(chAcFi^)iLN2BoK! zS|QS_VfU_p6J|+Q{fSDZ-Vw4CoiTw=T*Y%F_)E{&yuk%&0kof02lE9sn!_;{;*6b< zlPBhpw<|VU-{-_*ZVddZ_87UNYg~j%s;DRP%Pm+2KeDOvGRAiG zsaQUiQHomA>dz0b+Ao4Rxog2oHw3aPDZBf9CL(#xpVWA+LJ)1=?`o@-l_fj-@g;4B zvb~3>FLkvfv`z4RtCQ_@#~0Xsz=8I@w?ea(fVs8 z63rOGPkUlff77FZ_6I7obYhF!-P`IaEuxXhi)kk{D95dn3(xnL*7g89I5wsSD12DD1@qI6c|IOHh}jNfstY)% z#(zJA4M({?P9t z{V7fL)PFHBNmG&bA`oVQj8A%*vC!HEw$Vbf{w|6E8II)kJ)UtN`bhpDaSk)D_meBN zW=j%lr|@WyjQg^r5Sw+!DEF->!pmF}N)Z+~79MaAD}^c2LKIDZcMSpu2Rzm?G_KdF z7gPui3A1d@XOywg$>tmx!T`h1Qs-B+`9p$gXEwIL)IiP?_ErzhQ*j8M>$yvJ$ao_% z3N{hwHPax>)^2m1;EFZjbsdpGZ?Fo{C;vm(|Nk*{7Hn|^UA86!cXw#q-Q6v?yIUZ* zI|O%kcL)I*cXti$4vo9JT<*-BZ|)!Hr=PQ{&Z)g>?e!uBkcjb=Ma2X(G`!1>63BmJ=ep z(T}EWJ#5ocL7RtMa)Cuz=?ZvG{k^NFg-gN1CpuRhbjSUDubx;uyE@M|L5N~C9||0k zCG)j~T#v9%Tgw6%@9*= z@zSfh4M+`*WTwS5)!N37Ea=bQSV*;wp0NJfobghj(YvLa@Xrw|A%=u`vI}d~w?49D zqm^LBD+8-cTvrcwwA8ec{+)q!YcI1bOG96+A{ir3%*@9*z4wu;!7F+25wS2-ZygK{cmb}N zIV3Sx@+j(76_O~c_zWhQrD0>XrfhQ^=bl)S9i?lpgn08+kAD4+M&4zhk*+nqZw^Lm zftUtXZ+rk!OBXTE3JI;vcVnt}(fl&g2Aj2kub@P^IdU=>>uYdNqAZg%pBM;M`jS8c*u~-bcyiGs{RmjH>Lo>4ugKrFnUx(fH zTqz#`W&b)6=FKn63}4lAQi(5@6~QBpUp@j&mk;$xT4S0GZFfvn^J`ykg}*687Uzf} z-LnQ2M?C_T2Hn1qi&~-G<>Ya{t?IDTZAh7O`|=<$Vey`Muvd-#bEH%!1zGDOmRi2>AE3G$|@V}DYlv%Jm!Hm zQx}~y3=rscSM@)AnHh@MP%%x4|&KHOR10mTnDDNflt%Mmx+m$}+ z6R(Wu{suTCTxygJDFV-+T4C>Byc1MqsPy6}Xo$ogbB#=>c<4!nTfqdHO#4z=pm4U~ zf`n5g41h~Dm5d^RlK32Sclat~3^ zSPom<(`OSq6S%^HDJaN7OPg?VaT*Sy2`I%k3P3^ocLhSndkI){b=TJ$56dtV_Ri~( zAO2(e!?^thjHt#^nC=Iaj0}82j(+elcd>h}js-H>vgwXE*pl6mj={MC$&>8#? zi_>Jg-b2w(57QnJy|*xE&$^t6>@smuW*^Fr{NsCD=9UWFX9=H&zKV&L4S>-+YIMhr z6IRDNzF*g|y$kQT1SzXbRFMcshN$xr(eF{FoC_4Y#3(9wNrXzwfhc>{5{o1a2z8}) z7jVH!;?;qOH#nE+$Z$7twJ~`320DN*o@ahzjJ*3U{^d|zxaQ@fb<+m!>Xel9cyA0VhS^M2sL0?=ty&5_C@g8>9)mfxwrfOj~ z!lC0G0$x6Fg%jy(nr}XI720>vpnqi9OIqEu5NTXj`rLo2^e|3`9 zYyV=kuNikZTQCZ=2a`}mtD_7})VX01p>NgLUxG2trb-LQ#i7g9ImrbZ8=ZiYK=v`C z7W{r38|x7D3kH%r;MJVjf0Ca4T&Q#+dOCM=qRJlIgCnY&~e3Qcq)iBq?7qO zu-qO9jkcvR9;W^9u3lN{76WS%TLt8sQj7bKUja+3@?~N3=#B4(AoSySQbbIV!{PyS zLilt{!5QXW-z!e-_PLVYeO%X0*ROlroMH+8VG05ICQ*swn+Qc)b6`Sld*(a6C9wHQ zf9{kP9jSLm3pFp)uCpRrHUhOj&by|vmpK(|Na^4y8h5grAl+Oo^$cI zDZ7##rghyu(=g6CBB$#Q4}ZtBtnFo9IxMnww<2G>2LiliwlZ-?^(K zm)Ow4IggAZvo-0X6j*769tcpp4t*uXIDHw1FIOUVBtmM;F=a1&qe&EPN=5+(>=2<% z$;ezbKXqrA8Bh6=>z#vY);gQWh6d&N$OBgh@FsU0=D^1L8uSQ$3S#GYA?iyRD6}VN zD)EnbHv$}K&Z*Y>mUYv}2=SMY=FAg&Ed4PwiJaLV<>-Y6+=~}HD%^?*vd(smgPr-j zwmfBjZV_j_yJVukbo)GIuceR7jZL1DVUU zBkk3oD=*6zjn8tXZjUVY162Pes3eC&m^U>r(`h~_+|MlMQyM@55l(L9jw+PtPES#m z+jqvLNJ$b%&e_#FH`O^{YoDt6xMtiTrF6e4p)NyvHOWUfJoLeoIl$+Fe087X|c}XmaKCOW~KIj931`seDc>(CnIAqTnEg6rE$9W_F3Or@L>4&ils1U?Sgb zm+f#3$?yGu%l{+sU>5W3EKKn_)gPBD7rAzLYVY9H9+caj*diLHC6JZYJzg_ry5i&Z zb6xWilyjp#k+U{J$&zyD=PY38o;BJ-xA{%~YOPrY$N$ur|9ZLF<4J_Dsw7x((?3V` zay9${FnTMcYtv?ji)oG5+r2hbh+>rf#9+GQdCWT$drIw!QdPWh%-?B(gDl^X_be4? zZKdY_1pdfSX~6^4HF1*^YPHKIa>N_jY6@t-53@6RMxZBo@L{E6tzTA%Ts?<(%t^+6 zcOZV0(!jdi%I&S1fq9f`576xvOtz+g+2~>L3@?K*J`=p?Jzz6+`*&~Q5N1P6_(aD|y$hu2J%LpKD}O%d{_|leitNhq z^_T+J57rvkzolfksvPZjI5W$2eJ3BcxSbr2b6Cj(H?ja0lzN8o8BvN>nCYIL60n^f z+6deu+hl{QASdYDLb$Jg(!~9P6Wwkv)%E5)v`5GcJ`*}&Dkk{izk(o4PYaQekgzIt~GSR}Eb{@ArxwnMIjV4YSn(f8nZYY>oFVnS`_BdrB z5gT%_JaA%N9vwgjxs3GT5Z>qJ8Qj6{DO|_{D^sEKMZb!t)ZU?AZG_J+Lu*iDpSdFJ z`zWzZ)WxA>S_&(HWhYml6_NKuuaeeVBdzx3gj_K|gkq}iBgwHWnV&4wlqTCyQ*^bC z6sHwt=93#XK{v6r`TOf0Sj3dI8wkcDh$s)^Fx$|`UMFDOC&5+!oX(N$zd_%%JPRkd zaq9lXBML}JlXCAC6EkN+UF(HCoMs%BVn!`$>WXPO5Fi_&wUJVu9+-s?{m!>4>Ps)N zo+l>7(3_e`9Wr=6T6bD50|E2%`Kru>oqZtO8k__I!uePuKk2VsDMUgcdl%Hq|!e@+`QvNRSe%q^THwg207-#NFX^ z0kL%KmTU~Fbhb;Pv_9biY;||ZxzYZu-;;$SQ1I;9Vir>+ zX>~icg1`P=AE~6PShUvc`(pHO{oyoe{h)PluMqj@3ExCJ>-C3N6mzSB?o+Z3~o zE6CW1;^^BfH2b)mTX1R+8EEUxbC4PU7HkUQ{SEv&^nE9yA+f#0WwkxxYX&F@oh^rb z!Ff>J;8q?j8F{QR(g3b7D>~@M6miarooh5!935hVCL_+ky`8-1{b(kk-R!8(iH>Z! zI>%B)w^UpQy-Phe`-JHZQ`pPi$VZ|jd?ky?$DSX>=Vz#;ann6x2z`&ugdNrldext< z-(3PqTU(k=)kEjm2VyCp^`WiW+h4S$9YptBc(T2>a%C>FF7^vk8r4c3WiC_Ej+eLL zm=S})cDP$&PfG}J+JSR|k42^4$l-d>C@`v0rL)8c(|VVi7^_6DJ+%o$w3%KC*B6%e@Yqr>)P_nkoj)V?VI-TC`ixty7i2lkGuJ(PqFh~u811})gXU~ zXM51j+ZqoNYj=Fde_{M|Rg#ZCb=5bh*16qTlLB!2i1Ud_ z10hnV^QGe@P+0;UF zea#j;+zb$r*lB*hYIUAEpW9H^SKqk1?V5V+dOhzyw$**ws0RFuK`mUQjzhp@H5-Zl znp;D_&4t2!o{Hc33_^Ds;7gKN0tJ+f+SU%hPi3mfAiXb(u zZ0WI@7p641Glp3$cRccH`?)7*{{Mc8)y%_~MD{6d2NJe?F_YpwFm3JdACmd6$ME>N z@93geXXNw#@X3)S>_c$~8KR`C)ulr1Q9Y#?LFPa=d0ckXf$P(Q}CkL1=N9@cVdsV#PE(9mI@* zGQZ?$Kw?z6R{C`DnS}VO#!e_r4aT77ABJL#PhlH;|NF2$yv%Yx5t#U?B_5-5(r1X2 zV0K%a&1r1$jpj~lZPp6Xogw9n(w@)L1O8QBRxssFbeQps>qI{?xYe$i1m@$3ZSo;2by|- zBo`3`z89#&W$>p6c*CX7AXaYZm>6*@db?xSTQs33Luq%oZMSyto?NfzB(0cQ;16=| zWJStUuCezFRh6{Rf-{>_J!ER-qfjfMik&vq8ILoI6+Ez z2!ltSZ%nLtg4>Q=LL*rRSO&|lL9NtO1WPY}^Ve_Jq z8ygcjbMj%=t(0oE=~9~aD&?!(pZ|9`{=ap3NXI(mABv4Jz$3>v%#!y3vBl>BZrju+ zEn%4jlV#r-2IxFhVRQ&w7^CX5mJm(VBU(Rw9!&|Gz8z<}%9TxXcvbZzzq^>{jX|{{ zsb$y_`W!~#BYF6dbh8n!ciq?HpZC=6 z-=df24XTfrB!BG1+s_z*=39e(cfa4KQ|VKcQr#2BhFwwCc3Fdd)xO`;d{50AgggXP zKlZU5=|CB%D!KQLRS0~{P?IEsNP(cu(dsR(Fe^w2ar~rt-mcHB?yuLkos+@Xos6GwGxs@&-#{2N)oC5cQeKR7TNH$2kl%`-=!Z zF6y~I*Fh^&cXPUk@vF>q)vqYSesguMN`pM$hYokviraltfPwiPl5B1##f{;pO<&B4 zT)ewqDgUWG!j!Jro=`tLT9Zb9%$UNLv4s_>0GA^F0QtL&#FhO{)}@_O*bATj)`S}t?u4w5;&*83B%$0>StO* zLPE3mX%?Ti)3U2xRrj*G19zXRHf=fX9X%pJU{77tBq(}(iEZcX_GxiVVOzjBLyE~a zkRk7tn=bCitp8nBOP@7*o=gQ?tsrk-7PzAht&h(2E1@9isn@mI=pzRCW_q74|I{k7 zJubR#OL_Pt9w_5oEq9AJY#BTUp?4C7X>iTGDYCHY&EVyWEs?(4+ z9{HYMIB#R(oqWKD&zc{FbKU*BVcVX!&&`LLi8RKT_{g@;B=;qI*Grc+zvI7>vxl8i zW!u&v8rI#s|N3lv?bEA{;m_w?(HpK0GY^Y5b<@*RuZ4|qxNfb+ne^#=Cl0R_Y0n0T zzcEzyU*TnGo8y^~e9rTbOre&Bes|-aX5%@U%sxx|HtnBqsfMncd4dK<*}MS&!*|FR zBJR{6D!2MaKEd9F?k{R-oPS(cw+m}ost9RF@}k4uQdi&X8dHJ)OdK^sYk2$S3#-C0 zVJNY9aWKo(3P8Un@%1B0$j5^*Y?44^0L3yST(nYBd=NsvC`W|HkV-%MJLa_U>hZ{a zJWQbq=9rkYC$CiJh3)$1De}#I5TEjFj5yO_WX05BX7>v8 z>UxG3R444C{ccB=73xj1Z^33hYZqVbG(WR3Q4ZW);u4>iq`W=K!GG>Y@09bjLaxr} zOl-^(Ow&hxM`7aqNod`K!>gXcT!Ug6J(n&`CP^X@R=G9d-F;1KU}v{iM}d5$yB31B zamQcI01m+rml?)iFvVlGOK2T21)*n<~Z5yzI9)gKr_)ptd$7UI)5 zAX96j4)=#-ANQ+!lNmY+~;kr?nlUVtXlZYIt`9mZa1T$;5|(R{ri zuCpmS`*bmn@f^MP0K?Z=Uoy<%CV~C0Y>xkYVDR16Z>x2j0%NKN{>ATHf*G2&8^r4E zlyAm>o_k(BUunu5eQepf-&U(?=J>_gZU6Szp?i-UVmjXupBo1xjL^aIC*6{IURJn% z2&$|OXMw_tBgqb{*Y|y6%>H7<<4NcKKrdsf=%2m_HR?9yxmaJiy^cV3 zekrgwz758%->rFcnzP;-;al7q3E=`7<;?GLVg}v^tFY()D7-oSj3g!%4=fulqIi)c zU02E|n4#stEFd6;Quee+(X78nzU4kbgs#8n8h*ZbzpDLQ&RPJ1KSke>f{!gMywcL- z0U^kR)tKDva>nM#9uEXaD+vfpRw93IJaQs5E#$kS`#uT`U<03N##04lKIs&9iXXFw zu#pM2(N6(;vh5*v*pl35N$@y4pCVmPNvLi@)|6CJe*@UK)dU{$@2@em!_ayW)o>9J z7pMrc-&7v_efiL_1t!I?x)O($kuViLA6RDO#Hv zF*Q0-Vz>&1genmRQShKytaX&tyY0;Ui(}XPF{QIiE2! ziior>Mq>?CzwHXk=7Q^6M&?5nW77sjkBGOm-)q~3Bn`Y=BvZN-eA5SiGp>Ki&49w%D8UL6}GGWz0H*NdefiaxX{?dF+3_j7v?|I$$H^ zZ1onVoljN174esdW(NU$u65U0oN0?Hpgo+%*-4>|lr1|}bq0UTLr^X1a;P0KDUs4P z$?e^6)1Ol+8X+k2gjMZ3D2!;*i$aFS|H&zI4Oh!(vkm|ur}xtJxy_eFsYN9nZCT-Y zGh~k{?Ziz~MArf32Mv5dh}1wh2orF z%(b|j2rdPD?AtCoQ{Wk&*vOc8Giw@B3KAHWjX@Pm+?g+NYgD&8Tsu!Q@PT> z412n8x8H+a5Q$VRV_k!q*0gY*4wb_R{TJDr@FTfxac+?XrU)ID?^exLSeb^@v~~eb z%~?AAaVSnCDEeYtYKkYl;PNBe`|}Qi%#&DC(grNi`c4t8Bv?-t;x7GoBEypzAn<6|(%{B%`2NWH5*9KlX?dABJP~U^$^UFB zc(+00(sk_W^G(kXRtnv?p)z`R~8m$gkdy$TV!!-&%$x?%Lpf)}ZO>&(AuD zXzZa5F<-Az#Oon?_KsoJCjQq>`P7!1sJ7<lmZ3FGLv>OB;}u(q^ftP^(gGU*EjC{P@vZd)ySJB{Um%vKcWAsphRI$_|Hq@EZ;#1!mi7y$EiLi?FN(JET8A zd=v2;K|{iimvkh@m$i(rfeoJ1w&<|q_-Nxn)LoNjJJ}z!yRmdtK7LW+{s&U;2*2e6l9o0XoEnmXc`zVir++by>N=n+!%%yHOcLi><075Sp9C{x|k}uwE=`+g4{oBNn*gV3#EuE{fR)>scR8d4HQZEFO0dpkjct)t| z!WrP{U{$^4{9dcTGw(f-jwRrsv%gPpiCR9N_=-4YqRvh2m<&zGjN=a>Y~#Ud!k;(X zCGVNG@J26wXRj~)o}jMOcA*bhznNE*ox-B0GbzKt_9>tE1)-IJoGein?g^#Kptlby z^=jsfRal*Z{`i=2%{s?xv_B0qjowUBdAA0Wyj}po_xhB(sG2`&ra4%Wsg;KZ_Mf@d zn*Rbhyq!O$40^AtTVk#4iHyb_5X%>c!TV4)usF*HlOr8UGMS{(;R_fJ7vS$N8SEP1 z)S+7m8uq766SXb=BV;^TUss}i#CXE0u03b3{%JDh#Btu8zvh!!$h!G$ANM47L)jVh z^WW7}|AR(kT6s}&99eUuuoy|W!;Hnzn)pXa_0Cn1;V7`k`sw-;*iZ0EE9fen;4O5; zCg||odDnfRw`x#_|1+`#Pdh&pk8!57okkA6T)nwBl|b$+PzRE$BexW;25j7$LkBWE>U4n4O1dz~$Qyk@ z4A*II1YcgTtQ-mx2J_GFo`aFbIFnMCXt~3DHZ0Z(Ssd7LYV(!#rOBHaJ2xhw(JG;i zM5!f>HymE*fIv4GNu$-X4ep}`Y*m8QiPcjLhrB%;b@Mz5A_)~{g94=?@3$OCNo$yQ z=H;moC20;g+{SmMF*3}8igQ>$*LO;TRSp^E<}ioE(&VfWj0LeYT`A>3@-3QaIAy#r z$=2{5+Cn(-{qXG>3cbswX}8PE*2`YBBrJ#qP55}GzWETJyL-0uyCY=J*F$>{unM~F z^XJs|{0gR?;a3XG!0NYb>cAaRaT1qcqY~v1V>zX^wDBaa7CpY1b?n<0=eWJ>LAvKh zc)!6Z4Pa;!(or1sW1lM>{iV;nnL;MVKn`8#PPjI`o|5T#-M!wsk+fwPO$u+ptds;T zMj=x6DHv=xIcW_fZ=V3qtw56Fl3}j^HPrXKDd7aMAHlZTuZ6wW7A!TykFGeH6l6W)VX#ySbD>M=I#@F!Oa)_wP9H4-tC}CSFEzObmn~u z0`CLyNV2cJ3nEQbC;K}#c&hT+`1hAMXY1wfY?G@Gkwv1-aix;6)UpPyBQ=O$=A1YM zq^NS)QwFaS`zdT8h!sl?=la%4B6U}UK-Mf@L&3DP3ryCl0iBD^(;tf=F|-gs-Uwgh zj445H7bV@cNT~~h$z4L)wT%C1-{Os>YCwD4_wSw)_$vMXyCSxCy$olDqtaI>T0a}H}SC%{z;Av^X;k}OX#+%_+X4e%8x);ltw zfgREIc8$WYPD$DhH@I()-QCIFelMPzE;*&XD$pV*C#d7zy~Hc|JQjP-s`81^c;5Z7l6C_|sgv+pRy@*82x)ue|={WJM&cfwdj zkdbJR&BkI)p{@gB{a~O@;NBI1ZR?EU3G)p$Bx*>}6}-mzwPQfwz5Rh9#Z~_hf%s;X zv;)in?D-?FWd$i1j{KPW$$CE0dbZFVLRYOn>53oaa@h@#I$sx|$?Q*_%Tf` z%Xu?0>J@hrndpm)+JfV@YNH!V;MCU!vmyCd{0;C$T=D8H2q$Ho6rJt?LVHaE?i{Y>_BwOw3+-wh`m53?sjnBqKkQw<%@ZRvak zk-&a2-;gTs-m3{Z>tLVSx23voym6oQ70(6)&8&3n$p3WufSto_yIAr$C>_?y9*3L# zAE})6t@G+DD}KoM)0MLRYlsus5D#UZqiecA2P(pA%K?7j^Mr|lB%<59}}y8N}Q{tUkx)X!FS zmEvqL{L?$KMTe<%%)+i~A4%}x{%d48I#7ka^Ya_gzkfgXZ}3X$3j4J}s}#VSRk5o@ zApHm>!9|etEr$^+_dj02i2&u>v~aY9%*LouVLORgLIb*o-I3LP#*|TluX%c!(dms1 zK{B?q{MU3B?MH%}#f*n-=u?NUe}m0Y7PP-Iehmhfux<0*MZ@Ph-yB=_5&3M*W2g%) zAtZ>Df5>$KJW6~#+T1pa#_1jp35Po)xu$6ANO6pO4O3dHdE%lJtxZ9BcH1CB{XWUE zauz}xWZU;ID(VBqcoa!J_TDl(&H&L~F|MW|0#?Ab@(c88IU@WX`2742>7UY{+vw|c z`)<6F4BwlDMyl=kA?mMCHs9>2t`v@c_N%%(s+*Iv>s^^l3R?c=$byOpl^S)Iz@X!i zN#Ra6UQaI?0N>6>Q?87;3DpnvFwu?(Kql&?a%Rg=#uG>8A5d>*+*jN(24a-j|Dc;Oawd5B7vh&dUtz|wc7C^M|Val$LP{R4z<*$J>) z?@MYq`v=%{Dp$eR>MbeL?`_1Byd{Z#sQrkb(&8ArnU37#UMFjO2>P}N)bA~fv8~i= zO%a?+B$@muoK`CRIo})I z-RXD7W-Fcdvx8~4=xwdFvYYLBN)C34XwA@}Hm%8^*`T%)?qM-DP|eq-gU&+}=oa5k zH8=N7ZQN+wVA5vSmo{NZtrDts=%kd6ahLk#1mIdTA)C`d_* z6xK1hV?7&~e)hWO6JwU{NGtavK?Ri`7x+!Rh6iSCdNqulIIv2iR+-@6~ED&oU;Pj^WRwoabA}s`Hy_Y-pyjW?5KrP%Lfs?_3 zd}?Cr)W;ZaXd!!$?Y7rY5IqqCkWHC?YlT%vpx_974E@$p(^F8`^;R6-{0zs#`G#I- z3%0nU2U!W3LNyXbocc!xs!Sx1TfDb0rJo1XZbpa!t^}u!ZkUk&WnV<9m#+J$kYr8_ zza>FKQ>=vH&YJ@>^&$O1Yh?Z5MFBnblnq0Plon3@uvx*aS{M`I^VWfYuxgpz-)!8l zB?JU+zhYEh4>?7g>*Jk^RyzAtol@J44>>Dey|W-Opfc9EzD5F$z`#?y_Fze|{yMhT z78@jx3nhCADM4X!COPkCZ!uYs2}-@AIK~L#BqhF4IY{rlWpdyJE% zH*(c%^ws~7mZ>{d0gD-1B$;JusI#d7Y&!mY^VC-2?_4APyzpv&BOJNPw!(GYeyw(2 z`>Nhlp3`7`D2x~=Y@g>{r`sY zi!$*%j-F#$MyX((W2^><8Dr*y&aNmGn2!kNv#I2C#7Km#Ae$n!qGm}7>9)a>;eGMP zhJx!`r%3PdsVKvDVN0=+=cv;XD=R$ql7$o;3^;yAOy!{5fbCfUD7Sp{VvE zFzsEDP3{SGp`-cUE_A$bRhOw;^eaI*A_A#5r%4lnq*2fxdtr`R7_b9zFlvADQZ9eI zxMX+y14jyrpb}R~jQ=!~1mPlK(B3I{l)n^6zCJlqzy%HQhH(Q(3zB0aDhECXTZyAR z$buo&Rde5li@S+1l1Z1Z^IvWwzoQ!k)^r`9^hOZ7YWwZMcEd62pyK(na8%SfnnQ23 zNLt0zp)UUwN`pl;6%I23C;#giB zbZArUKcW&YEBh6_+2+VVSu+4--@SmcRZA=M1B?zX-OJroCB1=9$$x zmsntw0(#X6!%@NuP(-wOe$n1k2#|PAk~D>?^W#Sk z2r=LbEL8X_xN+dNNL7l*2~5V+^|!>cD;bANJQ)mlrFhG)f6c}SIw24NlrRYDwc^TS zr&}G|yN*R&k`bgzfk^D%GBYuYX;G*Hm5LfEMNQqOgR}l~c;ESCbnBSU`)!1Zy_0kX zdGsW)@fW3xU>8j>-#Mq3Ss7!C@LV|T>lnCZ!#D>L|*M=YvW3aF^yGdhV* zS`oCi_^yXNUNk3cx=#wmcPdKrcNO9mtyjxTaVrSf zlKH8TUy#aDUl=OJE<EnB}DZnXf)5+Nv{D|Qp z?b(i_W6fa_`De4Z+-d$p#l(q=elAjzQ&!NkdNEBdn3mD?mpd9I(yN)%5r>V;y^xd39? zZ*uxR9wJN=W&SncKjk3lpW9v;d_#^Cb)E0VfaX!+Ax3_-qfRyv#rno^8BZ2RDlYEe z8kiEFQVh-R`Q|u#<#U`aPT@LZ%H$}Dfnh*YDPG`9?s%r2Jb$?do@j_TDBRcmQTpu- zKkl>pH}4Ks#Qq$t$Rdl#L$FRn)DL5N`m|)A*q`x#m`3u5W*8QPBi$VjU<#hc{BR`; z>wd55dLHs2eInKSy46|#6pZnGb%_pUPXPz9VO}gymCi?6xw$A0$-)pNYS|TXN~Bs; zwRZ*_FN`02C7_r4C)Z`-u44&?dF!>MCC~MA4a7ukp&^mVnt=I_u_q29d?-99jJM~U zinwyo!9YB#=**~ydaUG!rA_|HYcrlDv*PO}gpjCySPVwa`4$g7>3?#+2taG=JDG!= zqaF+GxwPYH56iN*@8!GSPhL4Wu(l==RU+BX&|DW3=Mu^}PkUi%9sBWFeW`r@Bt`jC z=}_t$mW_hoF!ANHqw+#jE;B_78e)fK@#Lep?x@M6`H@HMw-TPb&xd8RqelH``6*>h zGXGN=W9XWoTz_agPqIGK(4M#_AXk%;@lI~$anB@~qLF5d zbyF7NpL5>J79{#Wmrq8rV<3{&l8`K{?Xk{6fmM&$PiR*R>t;t|N)~g@2l1oLZaIAn z;BXH`HW%q}yPl6`s8n_wtBsP4tWl|tca54T)hbivMlA~md-RvJNHzw&RFk`qETBr5 zY+K?8qw@)Gw2;?+gAtb7U{3r`4M_SQ{;$?hM^%>VNBR>mJ#I*3FzlOkJ8@i@pIq8x z67ORRCzF!!i(;}1=%8|&ThAOm8X9*$7@-&%8>9yz5yFWinH*P8h3ha>0izdu1ST2; zM^>zHjk`=1l@5-vmLQ6M^i8cXFpc_jStQGY*4)PqrQ7f))Ng+bh~i!U2F)1hK_fa6 z+7S}SkQTiAvoqJH7MrVQ@*ZQo@G7ho+Z`Lq3Uj@8knGbK@=~9|9Be!9A3+Z??DaOx z*f+5D&tW=GWnjb}e#U88p(JV{X?B0;nZ|gzI(s0dVOLF3%e&-SbOBq=*9^rb7Jz=&Abd3 zotd&n4H|d3Eg&qH0FqwSLcus~)U)Y?v4NJEqf)utw!nW5j}u|SXesRw7MhnOguvJp z-Pc@<^VRlEidqy;x8drkp{B3LF4I^6r08h< zUb$T9k(b&_Y*G5nL>g>@^6FFtmE2&CIVkl*$!LD;LT83a}fHH?T0{L*o%i(-{$qRi9%UH+9|DLnl!1xqCOg;aO)4>s9 z@iOeS3G*a}_6>liY{%$5?Syn3j37bDY)mv#J4zr|058r`0)Q-)-w@ zmUy|n3Pm3ocH9l$NH0J8XWrK09(T?CGbCIkdoC`#uupxhlaccjm$EaaYq7*ZrXWl-i~??0RfK8CUfl1Tfp5=(>&XL-$%#KB^pE4FA$NE}o06s^aW-6Bo~|qHsVP3{?gW zRv*0ku!@OaaIanYcX@a!o%k+ad@?p7+@F;sph^Yb< zI#2M|#lPuwTlz9zMOWok3GnEshPsw@_@6cv0avF6)TUe|%x5!ce50-gl+hYdoxna` zv`r@B&%X2pVV(&cmicUF`x|e*-7deb^J#aUD$~FA5n7G%6CXE}gX;B?x7k;Ud0fze78pqXSdnQi5lSNXk=XJi#FU{~s-{y^7`GVSQ> zBN;UTd=|&4&i4K)2b%Z~Qr$CB^o(VNOq7GhnvJ-CfUUJ)d- zx4W>KJc;O*p>ST$<)u2l@c4K$dvX~A2n~G$s+D3+&ctD8nVF1z{49$Wuy zW{9!ZeXVR7o=!3=MLCor!K9sD|K+qHud6#=@V^%_BUkLpjyFuHu4LwINCLU=)i1bf zMBUj1Yl3~VpKruehYZ>LA=u{|Q!lbqbtj<&4FY{bC%)^`-7!Y91P0i0Mv;UPQ1*wn z*n+(&T-rp2UhwvUhqu}ObJV4V>FlU>&;K~05#m%3NH4k^*_QM;Ma?af^TGF_FD=$y zLMGa7#@9baAbp+&>~Orm*IMb$=a3=Ch!dD9_KTId!A{mIdVwa$B{KF=qcI~b{FYKj z%Ax1I$S(O}qH_@%WJeK?j-$ol-DrtS0nwHBv zEobia97R(u^_~oUp4OuBSy6vsIR+|&>tgpO0-R?hNMw=TxtlkAIk))erj!WHObz^tRH?ep^Ws zz!4)JET3dyZ8hPEtv5?K!!M>(&r>CW&3O8W zs}SW*(f|80Waa8~12Q>cjn3x7?bRf@4pzq*qJyc$Ew ztXioe^60yE?*X63Eq>YzXJeGurW=3R=i0N+-uZazv%lRTp^!e@b7nQT(RU?BfirO= z!fqRT#gHuOV0@-M+K-e@z0ZH)Wnk<9V@Yg;YQKzy{ zr?mXxWj{bkt|%aCNk&&(BygS7?l|2jV=jBu^tm{U6Kw?Z6oE$Ka8@+yu77^e{+4vv zn$DH;iSwwPuWwo_k9#_N4rE^xF`>q@e}C%4V_duLto^8@9bL@hWi<{ZoxOtKTEBNC z3;6pOL1`)yG(g3`Rd}3Ks~WSIIr8wJ>CVe3=!;n11rN#<&iu3@-9q!;z;`#fy$m%J zFt3zOvPn6kxUaBDH&C%10%V1Gy?I_QWjyT1aYz^2gfd{~5S1)G+Y+66;WI@2c}AEn zzKEaaAy-BvUo0`REglp7|F&EWA%B$13@T5GRH&3zy%$3iz&~<0wGtGej(;2nLDZU2 zP?fV6w<bd+YrQD>ZyBiv{CIyWICZgdK9GndXS>1t>(nH(^ zpYtBEISHX=f+Y9<^gUNs)-I0bUuplDbzF4X^HvRjCu;GiRQuyqQ!QlP7M38>wwAGi z%>LKAM%W)q_2w+9YfOsXuMoL$K0OmMgA^4&ivgW>)u<@Y^97X)TN2{mGG9$o*{o@3?QZjB#Q&y^fc2pm=UQ7m_NsA?`swPnmIFp_4Of~1zA zYS?#F+6bgU`S6JC6jjWSAwz}?88T$ZkfDwpm;JXr#czLq6U%C=dHAVzsD?;e1!et< zX`315z8h}g;^}*EDl8(y+hE%OtlLCb*_m#Y zqsLY-Ho%IDS-M6kjW&29h6C~Hg6++-#DuRw!l}!z>wG>Tcw-jVcqXKAh-&>DUM=Aj z5NQ{BELCsynvXeS+KACicAt(cYL$5RJ>yhpl6o0+LYtHr6qhE_H^D*rzF@lU8t;YT-!mL!P2w`G)Xf^hYGiFVnrP+?r^lhDlk9TzI zmSi!wxSyIN?|{_R39YTPES~L7RkAKJWXO;qLxv0)GGusWC^i4I9eR5VOrDw@h8j>Q zfC*4tf_4s#!`K=%-Gv=k0b-%8$7f%!SaMxE!{#TcPMQv*o1teKxm-7PWEkfvC{c75 zcBgOiI_OzJZgdhsZG=)@AuT_$N~Agybcj*X;~nW(wF5)Vu>))Sv26yZLZJ;r;hcarh^v9EBGEA2g-$}(yo2R_ppL0 zLN3Trax*CwClM3^B=3-74ha>wVYGr!=g``}+>1y|9BGkar{%+n)3Q?)w$@%f;vHouz#3B}J!CG$+&^kUeS;Y;4 z*szbJh+_Ps(rvUV4N}BWYftvAlbEg6tODOZ7ok*u(IGeu5@+jIZv4}=5dZqjwpw*E zWXO;qLxv0)GGy2R?6Buw+W@Bp2_yf~=?vN_wD|mek@AVy8oF!&?PA4iOt^HMkPk(G z7r;j1OY#LOht?rN6`_J9_P)ox(`d8=XbBPJaLVF{5UBwUtpbb+>g2`=_5P%3R+Dg8 zRGfH>h6hg?@781ewM{3AKW60r8Buqy3TQ92uY0aj&QH+}bS#Zl8j;we+Y~b%OX0N! zEhycE^sa;`f?y)l$^_jz5!E)s#*I*%N$2z)oUSrbDL06{)+jVuX#zBY!-~b?02}vL zqn#ls%~qGZ1Bi=>r^1ASvl^+zQ8e}IXsjS_$4HCT$Je2Y7;u5_qOqW254^Kr48{a8 z*=-)$rgN$~y{0amhdOai6`!kn{3ZUZwMJ=!b&*%_h(h7-+4?kSL1~Ax)aOTOg;E+< zC##7&-Jy;5bW2q8*O8FooFWMQwYZx2=HkSG7zJ8k90XQl6nkc5+f#0HOKO<8=TRp5;P1pZk@ zEsmb>9{=X&R9bh?Fg}gx?=w7xWSsDTreuM2RfQU39Qj9KY#*PazKAepG}H^_Ngh8l z|B3VTHzOJU7tEOdbMX(mFa8Sr)B85wz1-A?_azYf(c?G=PyAJ zA{EuWWs>rmC56ROzEYaC{HYi1!~rYGk<^cD7!7#-%-{ht-T^b3}OR+4YAQf>f@QH4xY|~FXLGi8sjy_V3Xc4 zd4426I&RYekvC=p0YreU0$@ylQi`f;*h`h9{s&bLABejZD`BLm3PP&^Vmnt?FCn?z z9scQ$wAMa8XZ=yCX`27p*Zu79{2_jSHJ%4+?S%xDE_KTDYrX!{`_^(VkL|<%2lvZA z0^=y(o}-2u(Q?muThDJK_s;Y0`d|3>%(HrzQ0kfYd9M5LPr#0s`pXAM!J;dI*;XVd zchlWoBpTXCO|K=GJcB^z(9WW@pq2Mx3L!c$m;&g~zZ0VrH4J6Z)WjhY`IuN+1y>`I z8akJU-45oMkDSjv-}zVGKd^zxCW`0D0#&rLgpna%3ousuoLXqagmr?atwl){R0Y3- z#)-iZ;FLyO%*UrKLJ}tMm8{UxBuY6?_b3ei!bHzTQA_JAK8PQ!c`~@1KT$6zVCjO zMR#39|HI#)^ze^a_PICluG(5;#cEvOV9g4w9i)5m1d7fePpyS*o1okUH4vk5O5vO* z`<|#Og3u6#1|mzX-w_R$ag{-GvWgD91x-i}C}<%Na8}_&BSCk4V_okeX+K(*9Qtvp0zD_B)P zw)9f$*$vwA*gz1Y@C_Oe6JLX{%gP1V|Hs~WM@v;DZU47V>UjI+K+aht=O8Fi0Z|lD zQ88f7Gmbjy7-w{huZ~&F7*G@wN)QQ35RfQ2-N?=Pc06H!f1D;bqcb|;8{f6wTC0J} z>F#^Z-nDD*s(R|FlV|bBg2yS}_AGl=+{d>0*YNQl$J5SRj_R0@v;h(m+mYB(L6HWU z^r1)9ML0Ux1_%S8X(+-#wY{je2O)G9oq&bzL{X)Q%NwGA6sT$n zifBW>6DPBN$@|o9ewpa|Z_>2>PA=`O<83G>AuTtEWD8UwQB?~R2S~h0|k3tq4wJsDPQ?G1+Se$YQR9+4zelCxbtVQ zX#VZIG`k%#YW>?S0DurSGLb;WETr>SO)I0ldGP6nIP~2s)USVmy0s6p;(;lQ4kvy( zVDV3gj3*d&!*wiL^aAzkU!s2N917mQlBWhokg)_Z5=WXxG9Msp8ySluW9HxCemU;@ zrF7pPIr54jqbAal|KfqlLPoL}F#IBxe0C=v%#I(8rTsfaI5sjKN5-w6^}N4SWGu#@ zYp!AC{NHiMv~I|z#J~TS{5vF(Kt>Zt$4wmw;UKMqJC`b&!?^zdoGT7W{>xZ(pQl!yKCSJjJSuhH-jB^xwKJez8QO$Z=D-<=tm+w!B2u z`WGl%d>@N$aPaB;kO%fZC6i*O8d*#^8^84~c|(Eq)4CgR()CH{gW)77b zU!;2d3)HXp9XB^iCBw9lmi4#mCT9JwmS4&3r#DB2 z|1*2;FOvi^(w+fBZe-okTX^Xt)8%dYUpD?S9O1&-ZeYXeH)z`M0@WLzWcw?Za$C&& zVW2P(L$)2tIS)Qb)vDhz?~(}e-!KhF5}ki|=?M<3eVO`=FHp1XaaP?pj`RN8cKbN_ znVEkFB0ad{!7&Voe8p>Te$7XFedM%ETmF=|ZhF1EKklRv1Y#^NGN1 zrIj3pzlvD?pZpSW$5J{`q#Z|5{AePGjl>oaByq4+uyqtwLD3YXB3+U=j^F8$_zgRT z)mX<#(@jQq+{yCi*YL;(JF(4DYRpVDAu)9?xq)2dhGjgu=o>yM1-r45ShF@<{-^u7 zvPYQZ)9>WrvKZz2^JzI@EVo{H8$)Y$bN^LySQC&)Jqu|$$7<}0kuJddqTvUsqqv{HZE0!Zv5}?7Iti>eDTF^Ez|U%m2fy<`pctYCcbvM7ivb zw=jEb7mRQf)v*Yv{v7;zlszBa#Z|8~aj2+{3D?iynls1JJ3S3Yk0Y!GtVkvA%zTkY z_8g#Y(llI&$2k9~jaZ5wJQ~Tuf4jOXSaF@Xa=S!DL0#=SQfTwgNV6$=om@jJs-NQW6=OYVksuJ7Diy8I0je> zwyl6|Aan~=Gf|`$)pVWigqi>)hK`ADM~N$boMefEDv~E)rI9@cHgoyad+-}k!e?K} z$L#|23U*?d8l_%Fz|p}}P&J9BnZzv}(A~_xrlJUm;zSWv983e^I*uX1kVq|AhIK?e z|3(Z5>}JUqW$gG)A-!2krd)q9*Jk)oj{+DZ9>1UL%n(fh?LTDXOq_-xTyo1urgqrD z!WTc{g6^)@BGZ&K}4)IRU)?_LGOimywOX;!~b`eKW6r=fP*z zQ<-Rn|BkEqW|(06i;r^q$}op(;>f-u7&Chkk9rUB>a16I(r^6a;a-|1XgW7O^9bj6 z^Ab`)s2-Hc?|A;L#XS065yJoTyX*dqI0}ZxPgYh4Bk&)XBr}fFX*3sHJeYH$yLkJ~ z1-u>f{(EEHQep&yWM>9R@#(+5lcnPz{Q;EO*Yee{IPc%}KJyNgQl03-_!%d2?c^#} zzw$AUXI;lv*R&y9#%YY$NUx7jhRvaO7PI2L-DEy_2d8JmkXSS|#<7GKpI5`@^$;&z z&(aT{=cajng#HuvVL6ZyL|!zSQ}gPWck?@ZSRJO$BZwcarZnLB|2iyxBOVWYyOOyF zzhkMAL5J?cx$F1c$qD|eL9SmQstTXJ&#h~8?u@tOv>B&y`Gj<`0`iy*^90Ds3Sk)< z#(zN9WU^Fl^qseHPy2H2d};}+HkTs2KX08&%fg?X&D1+@;g0SGx*|}dLfM8Fd1&5x zKHC@oCjv$aTzv~G$K{at?g?&wqm1o^8bT(J?Yq$S!t?m@-a8PY1{N@pEn|qKAg**A?1g=VJm{4N`RKQ=^Q_N6b7GWKhpBF;r^Q**x%R?woZVW(wj{zau?jaZxC;6RG*>*u6Xb zs&=AS+d(KKR6jJB5DU8stvZN<_1Nt*(X=ka>(@iH9+Uw1(;&qMjTI0EBgIcb^+9bt zan%7!=Wv~%Fs2bo&&1Mf*Fmg21fFy(EkI+m3REB7W_dW_atIfInF(4d(p0hQDj=ZZ z&uc*>9zip}D%c7c?OkWSz7~S1q=&rJ#^cA4jva{+iDOXXv(>0pMTc{?=x$m%jo zD}oYA#cP{H$__)THefbDQy2mgd>%K@m25S4wA28Ol@Ev`oCLxp^%N>JDs<7ITcFYcwPLl347Z%1cekZsW>(v%=yE!s%_>ivuv+nuq3;y9qI;5=ei5hI4OTKpM6rrw?>S(OkknXw7n7O zZx8Wmuq^~G7lI=!RH5VdHm9*_8`NjhD=UUoR?LcJ+c~t=fUFQiEy&1#cms-Aj-zFP zHx(2USzk%QtVOnMjbF*6zHl>WF;I1+S&8NIA~L!ljZ`Sxg=`35`blEci03ZNK zL_t(3#LEwoNXvm}7@Fb)vs)qX(`eU#$HZ|w(0Bkmo!!8xV?kLRcsZm#p!{}tvy}`l^{4k><9S6&DNF*$1XhJ4jRu)1&muON5oLC%U@neuE zp}N8Abi3_gj9P-&udNZPQ`pH>!H?08Y-mvKxv|IZyklPC^WWV z*GVy~tiRWg@}C#!K%%~w-Me?PYn>1LfIonD)iO3rypnS+pU&#-^LTN48wOuBnj2bJ z?0aYxi;SN*83=)lMoG=gn9u@fgIMW4fUG!Kmh{J?nAXx6bU{lb+jw|^|_ClJEKi6tQ7B(Z}66b*t#lIYXHiN+yj9~~c8SG<5g z+BTNub`C+fKNF6+dgBYYD7~oVI+$J^#j$YWafk~@^&vz8*~E zle{#vYQun@5x({6=#C9`kgS~6^gY2tg*QxM>vA6bO8|OKvXXMD z8|(4D{4Se34wluC>uw*%3E@w8{j&qCJm|w?R#1G%`0<0L5D3%6X>5d0CPPomC0P9( zkF3~4L0O}FU=8`fuR=6}OaMLs(d0g*>fkd_bOme+ClUXl9;gNc3{)q99k-J7Hg1XA z(eFWnfcqUksVjpn1TrB`c(aJGZgK zF?|;zd7nC}oxqNnZYP~1&!D(=M+kvZTEw2B1k{_f8(dG5ojk%FQ3A)tvK(wHPBsN!-L{e-L2h>;Y4k>OpWCC8-{yb0%i<({B;C)4De|XkKiN(o|df{&{d*gLQMlQ z==Rh{(p418q-OMFZW}d?-|cs(+F47aU6Pq@Fgz4z#Uu0hQdNofpTvXXCvex^GX7YznN5e=)2Yt{?wZ{K zb@`jz|Gh!usndD%lruSR?Z=etI>h1p8fs!Dg;p4{Wp^sQ*@Bk4}8r6zXzXmaGENJC2W_Y$xh%z&0}4alDZ@U8bVk&jd3?| zh;%ui$VO-BTcqu(i`QAk+F^ikCyD#xI#5m#4@yZR{iaxD|8JfKmmYf$Gt)Ez3Q( z+ebboAm{^KL6HKSAF(~UAABmR6UUBO?tLrHv9+zbc0p0Z-+u-n5Q#WW%yj4AXhute z6fZ(msVpd>G8%!J401-sFk2lfcm)vgn7bD1ny4x&pi1bF5<>ANS)Q80Aho0|O?HQ~ zEO(z$y+`lUi9}pIl1KDFgA@-!Lh6gzRKYt4bfQ3eI&e*{hU&&tnt{-uFqC5Xpu z5{(I{v#4$|h(ry{s27A6VvVE^>%)1&dNVv*(4II)X{ z7cZ*nqqd}ktslM0`@6wbZF0w+#MvjbreAA8L`f%@7Xaxcp=gLk8(G_mDOXKpOs_Tw zwT?*bLAI|iW$xlIdZ;ItUe%nyuC2s-jih5v7J=Gwwyoa9m#gyGmC+2V)d}2t`6x1) zHwQcf6OC+J`5gjbJBE!P%7hUitZiYw z`s8bhbOL+5{O{~q(K$u{pgQKEn zNrahf*{LeYKwQk_3UKoH&3&hlZDBJluJM>Ys&uv4q(zPsIv5Up^UZmzi^^=3>@m;$Y|X%n zz)sX+TMj5b%(#cttS($}l)l85H-=eO6fC2A(ACp0iLP$a?hbf#Q;DZ{eefQhgy!lmEy z?yB8v*xBR;8x4cW*I&t~);c}`is~U&xP*5X)(}oeY)i+ZcjeN1#?d>~LN=ANXzm8S zIaEc1ZXt~fyu(i8?y1d4wcU2SWn1U-^4B#KRe0S1z)y{fw6PKiq6rK0NA@})VmLLe z=sKbw7tCl$mTh6%al!>Vx#iU@NZUd-rPJf&zMOe#M_L&Y%Q9&w-Ot>oR`I>#;2b@y zIS^?=&u-0GH(bq#jCu}z{vJ=)4`b@+W@LZ2l`p^E%g(G8)i$JqLMz&N>c+jDJmaBw!|p#^N+KMyP8DLp(x5Q=F*jU?vi< zeTnISL~_;?9xr3#5CCto^}X0@AGyktF#*0~2q3=fL_ zBlD1m<8X!Zn>fsh zg(d^fXhue?gy%lq%IquILsC@{s)2M2d>)l!97#u}H;j|sjou^sF>6o;UdP6^ z!jx_QhWkG(LplyJ(m+a|{)`_th?ARX2pgnh5iMNDeedk0K4UOvpW2mC?R}`GgH4>8 z;v&9z;wzQ~bu3LsXabqgF?0omAHnT93F@+YbNcL_oIfZFPeln^wryn2mlX)r#A!2v zS*LfVe={$-kR)mgShIQ~?|fN{2x-X9Cv(-QZRwuvK@$qPh;U&2Hs1gAAcsd!;l2sk zbnD{9^0nlqtIucZ*)cq^!>n7skyn?LBMg`P)j8!Ug6=cGYapb9Y&VJvFPO-9WiQJ#Hl&3pD&+U&Wbdj8|-N@ zh$$0$Fs5Sw1BoC`ZDAQ7zZ&C|$2yYPD~~)y$A8`w9vwQ8hzPUq`|UjP!9KLXXL9$c zxnvm*@tB~Y;2V~%-Nn~?4213=9RcBi%)X-+J+m|n0ZKy&A1~X&!exg@X_v=@%VyB2 z<{P%Bp2XmmUeY~{?EYv2%f8yfj&$#j?@|BMTuF#UpzUZbo!*s^sWrT}@H-YR+l$gX zmqD{GWL8H5TMDF8&4y=|vAC#)QbU3#o0Op=xNA}#LCZn0ZAv!JLs>EJKev|e z9gBpnBk&+SI-b8quviw(=!sl0xD7)xBn=6Z+Jbzxtz5|m2X(+<%9R(=SJ}tAU+rP{ zp%{obY0YvOKV<@4;~RKr-XY@UHT0Tx29pPOq^;k=Nk=G9hUr*&iYh2y!VU6isN zB^22nI(G?@TB$&TiPVEkIAapGP1LBZ3A3ZJIo*2qWY`ItDc$t}U)T5NjOkMtRMnBv zsKe%}_VgRpn?Ws9Hh;buEic3=)2DLdDUzjYwosLTlu!yjpMiAZNykF_kzqLw1#sL? z|0lmdg!_jOn%nwK29b4Hj6G!vcb=b1*_R*k*-KlYRd=`U|M=eL;1Zw7Bnm@H?1To1 z7~W`@3_XLWZn(S=S_)Wh4LvwmShyVi0+Outs%at1s#yERM?8G`G_IaHhRa(DKAu01 zd%xU5X<8miv=T=P;55{^pA&|gMGrTT+p-U*O&JYa-{%jnZ9q>CVtKu8Ext%WYBs8w zMy}GFUY%n!)Mb;}lpuFlXU-X&K&e^8_gm@-_2|W!lSgsel|5OtdMiq;MD^K33=K{7 zpo&z28LeqGG(oczsO;L2$?ZB*Q&GV)`__@)syS^=o51B`+u$kPNlHd8Rn5CF`#cjT z@-=feH&N?oxZzm`A*5RdBi)+xqjBq_Y;(fRdLY0TM5GEf7uJxI;$z79C-QZ5I_BYh zG~_kM?^SS|YIjUBLl|BU{+LZi(E(CpSRw>6!R|#>lyq#tgfk~&`Z`m2U>EOxTj*w+ z(rh@moa*YCbUkenv$LAhW`7yGKHS09)J71wnBh9G9mJ185T!!UA0)-^L)E~NDu%~L zy5ZnB0a5}wsx+B)!BkEPbf%`El)VQe-A?Sy#4JC7Pj|6djSw2vlDjWIi~3#LXsC_R zsb4Qn$!Ya0^EA#1$cJvU~N+?P9K;`QKA&9Wk*^RM(~#`V{v&49N|myhgiwX z|54_UWVBa9CT)uKi3in9u$pZ_4}|m|@*0>HK9A0zUhUD!^O2TCyw70HJ-sd2@fg2Zzn=P5S&W-Bo;xoe zgR$;A_E|Qj?#1wH7^)=Z*eKp~TJ@UD6{^bK(oRe|%SVrJF?DYgvnJY{%wfa0_>3Wp zZ#>8bAuu}(X4ZgO5~VA6KEH|@k35z=J0e0!b}0FKGa+#zA=>mC#Z?z{Wn%vdRPZK9__W36>*c+y7 zTRsQt{iJjq!pw<5%D0kD5jscbc!5$8>SlWVB3+cRur8b++rMX%{zgvUX8 zHB>6;6+scRVO3hBWge> z;l-mm5X`03hzZ;?Gr)JP%Sk9@6!ag)WkP57!9uogOe3e)a4w!biVHIi^3_2F$LY@5 z7dOKUKg<1Ud-|US%8P{b{T=f$3)`)9@2BQ5?xDlf!DJjNrM^`LX=D0w`iTk~ zzxa%;W;aG(G=*#X*AuR8U|)4>`uFR>@SYxu%iiOg;&g^hKZDyQ#n`s>Fom@ezu!kn za^8jEC6waBuesA`6i zb)&iNFyN#h`JXT2h2^^`uxjC}kND$41H7Yn?=lDFIOklb3U%dmY$~pTPypg_GCHQw z!WXBoz@)5N18+I|_pRgU*E6|z`lZ|){hrzr5_~#;1#j;-OxV!=duLk5fgz(A)jfzk zZw;S(y`R$TG!*st^&xQ@+R^L6iCjN9M5ja<>r1j|p4EqG!&50Jdzty`nlb+LQ#q@7 zInmO5cGP8~`ulP2gf66f|1Ed!5IFH}Og(EXr+CBEY&t|idI}5}$oXShvT4H(mK7#Q z8#uP%h6Nvo} z_FJpS9CHrWb@H)w?kn7Q&uR{wFp1yJY0nK_8;`9*_ul;e(b4qV_9(wuu${%l6PW6m z!j029@WhNDCq5gYtTv9w$z<(=Z*bFlS@fULhLhVLq{3s9;*>CCNDlQyTlo0nwQSnF zi5{%B+qR2JlqxRSo0~E77lomnt7zO?$=cm@ZuDBqL~)vsb~Fh`R$QRF zlpqC`qa)B!y$OW&2~U4NfwL}bLAUUJmThTZ^L_d=5sh4hpY@RqfpVGNeP2cz^1-KJ`YWq%e;x_Gw-p1Tzo<^ zwk);D@79f(GpBN^y_SprJdd*Mfs_sE$c$OzIrZymR&3uywd#N)5K=|eEHuT$vQ;cw z=SUbUiTro}t+<&K#}R0%!}t3t$Zg8z)IoWibI@kXk`lbLvWdj25d?5eNEB6xdnHY8Y#>q=0gBJRNaGAs<`)tyP;+_Z+$m_PJ2J%Pk&m$(qbQ? zc`CBO!J~MHm=T<`W;mbCIpYgYh4EeegLR{x$%f zBc%iXeFk_T90=~?{gwHgd-6$~=sC!?Zz}j|jTiD96y2bCuby;IRZ)(EAjhf>p|-T> zuRAn0M#&F&(S+o0sO(fhxGBv0@2{ZtZ~=ZNPE#z0?j1WaB0Y~$F^#ny2Jze5&ZG0b zw>j&oc`S=0(F2+WR$GR)m*{>CZ0XYo&?U`KAt%$AL5`5jdJ;RzC$6%`hv_w5?HXo$=N1^^nkrwz);M}VR zGPT2Zyn54P+_NYP@&@qS;+uHlhM{cvHb(zh!#K4|C37Etg}YxWg05}2;nk=4pSvgV z!kYbHJ0wg=Zi`NwHEj?V4vDksg?qU59WQtdIN2oL6rmw*VG0*XW5*)YH6(}thy;xd z7QwU{JkNZcYQx@o3$(%K>k-WO5mtLdW`BzW+Xve2FYn2K(BZH zvrdx7gR*}YTmQ74$*tOQ@za0e>C|n^yyZN{3^QsHjag(Ho0)ytT)sN9 zlEOX}l$19?)(MOlHIiF87xUsp_w)PBK8TIs#no4G{dv9kZmULp!shV49enc2XXM=a zA{X`ho-_U@56^XJbkj82BiZxMK8I~Wvk_c9r6;4qi@5ieIlR8RIW(Wlvi0Zk#HGtv zwKbo%XPv|Kr?n+9XD%1t_z`Q;lAWSd1H39!t>>Es2HPEr18OEGbQg5#+lv#f=!&vw zwOjJ>cc)om%K)9T_VCo7U+4DXZ2JA_YQApYomt`wZtOIPznq;$*<(*}_1x|3%|DT$ zS6s-OkDkoqGgmR-!5IB}rxR#c%jaLNWAU3(qjGXCe1L z{01wQA95kk$HV@mgq_>?Y*7O}qkGwXIC{)UlM0HO%SopUreB6ehtvihTU|<7ewaK} zqfB>^BATxLs7?!2K?)5VNmj4k+T9K}-(`S5N_ANoD_2%?-lPo9y5$On zSlhVj&O_`dY;a-l|1FU~GZoz%qjA4Nyu^U4zbZ|V7PKD2@27R7^RBtv{=kQPy0;yv zea>X@vI#tM*-{p7lhoHW!HEHimVCn>|6Ig@_LuY3g7%D?26yiUlLU=*Cf=bD_P_Kw zx4v9U^;Ori`PSC_zQ1H;K`IlkxP%)ACV1Ra72m!?=4c^Tb7anfY`P;U<%4 zMmx&i{|%Qu7UZluZseiq?dW(~OL%M#1pmePlnzqyp|tGD$x|kCVek-d{q7y!*j0|B z2k16!3Rhe)mGNaOIr+WiC`g7kJCO%xkEY+Ay?n7NkJHbe$h{p3d1Ll6Uh#W~56olq zEz`NA`(9QzhN+DyP+ddG$8)%N&SALZ5A?gMKR1o}i1m9i*p=IozFmB%N6Lke2s^@_ z@A4_KED}5SvZc6$7vr^T)pN+pN@4KCE}Sw=kg`isS@w6HPt#Bqf6Nn~grRmQ<8PS3 z(>Gg0lO(J{5q$j0LZ?8n^Sn<2#6Y^0?}@tC^Owo2Or0 z&TGpLGhoDEZn*9YX5HAI+b&$juig9q1?)qDJdZ~B>jnJzPaiPnI~{MIAw2c+J>)7a ziG&O2-%g=I^)qDJIL4h8BrUGd=oGPkrNdxvj6$U;f%(t?03ZNKL_t)9>|s}P_n0p9 z^+hSOK*Z~?Ef1ksDW{E1BN*Po17F$f^y{G3uy%C?myL{3m*zzua4J4eBayBb@Y@F> zTyIDe(L`O5${Kp0Dkkl+)7ib`J|0<9Nxi?4WuI?lnbicT4tR2S@RQxl7@f^y_xy&& z)pK}wQ8DlB3=@eIxSQ&c7IVpG{weUu|7HJwi5%-qtqKi8^&y=GoQx9QdTl*#y$JZz zFq-#qGpCx0qN;99s6%o-gqyJzAQX*^L4Ek$jooRj?dSeKe#$4`)DX&QMc7o`no${X z*Ip8FASKBfBNeH5uu_{rs3q4lvuIV2g3Jq&)-ID!W;TWuBPHnPobx9!s;h&~G|{6L ziqE2GVX;go^5Y`h!IaCk?sRqarrQUX&9PD#ldZ?e&qq?<+gxjCR$@E`9>-AGQh}C z9w(<;IO-7Yd3^+i7R8BGP!*0)e5e8~9EHpv!UUO!AVmySQ?PJ5VaQ}Dh0AR2b{kNI zOSTwS!1h4K(jpr5Y|Qi8bIPH8%zfKp;ORPMB8*UUKmn0JQ6#83arH>1L%20uIp6TY zOuG^Oo}3vh|e1c8D8r2 zr7Ze9LO7=xo!h0bPo{vWqp2E*1WppMB3!jU*6!tqO>qREAymyJWpp}{9vn+vu$J$a zyp7(fJ3%9jPx4JJiq$YpI;`lgQ9er&$Zz1w2R}o}>5O9wh%1okhqy_((u)40PGi~G zUdqb>#Y>h5^S$l-7!dYvL}&)0W;b7bxq=55`0%yfO+}+aEDIpMDJ|U! z*_mK?SiYu|!xP&v^dt|>o>|Y@Pg^i>)*!Ba=LE)X-^^KeeSs>Y6jjBr{eDRI;`ay? z#lRN`LR#Rb3D5qXEpa4A7q{~73>pZeoki-f95Q3|UjIW-ea^gJ5{w4mnuJutcajR(%QEK7E)w*QZ0U(uJp65Q|B&TY4DM zF^KTC;N<6i!)OJt62wX?C`hTNzHes+4nK<*r)5IaPL?Vvq||I-;?3_+ZT=*4Bv>{K z?m%WomGJro4lYfDJOv}TldlfdbMAnSjM9VjN=+wHw3hM%<&c{O9)l-7W)1%3s~TC4U{0P(3z#Kl_ZOyAF`Z5$MV) zzAqWU7&VilCoY+6dz#c0@r&Th5-g*hbz$>oazzS^Km)6OzkvBm_u=$zP3Ul#>NX}3j{>uskrgZFqi+@J zBUzBMpQyQp{WX`Z z;<<;;$M=W1Jn`WUr1CQeB>$!L^b;b0h>c}xcrpb>NVm-wl+|QL8B?KWp9RO=-A#A&N=@~CQldOI9Tx#HW$Sh0_cO&$&!UEm>*~F?hxd8 zeh9Nq)sSA*Ef4YeNKH?nJjppA0Sq6)@E}zmK3zHXn2rM}K9rH2$(4us;!Q7FJPmS7 zIMi^EO$}Y?pV@)2vJl%bY1sB27rv&Fh!x_9T59S;Nj{0A=?3JH;I5(^t?v9eB5fNP z$RTh1H7v{CMd!0$V_!uAastrUh8CVSoS3eldV2H0v%OG-z>Fm*Evds>V=<|nk3MYz zsHtrk|H3VdJF*8AR#2D|B@t5b+I8&T_&sx;IRx1m@Olvi*LR~!j!j&4;^b2%asQ1i z2sD^DLV$EoBL{hK)+@|yY$TCyFz|*+++07<&h**onw<`(UOI`Y}>YN z+qSxFySi-K##^>+cG*UkZF_1y+_*C*@(-MdeNOJkTjE4 zRh_HP43eDeQj%jVu@67Fzz^?ZgECPzxQUx04;I3*#LU9oAIX0yI$34-Su&?BOhwyw zKNs)qEB(y@;!pvVx(sDANX&C~KLPzoxbLuWw8y)Q+f4evXXA{CEMx4|0%du1NkfoO zA15pk+|SD1`lQSd(u-{#fq>M+wEnUhqy4b@vZ~f)lY)`(1m+)7PZtkM$0ob(>*U7f*ULU_;UxpN>{nzEcP~9x2P7UX z)@Tcvazwy7E}xvlg3Ww0ya^4o4hb1$tj;qeh?beku+ z!nPL}iH>jolAjg`mnWs$!wCbLgf=+&u6v}ak_n3XIKFVvvE!&En>VKsRrSpEpxkjR z;a0`*(eZsbzf1ZC!xxC0oavRhErb&YVl83!r(z8ryt&Km&FJrJo_+KbbzA^Y86-vY zBW9jD3Xhi6j=t z*1!WNWu|yIDr5IQ1ma*p1;It8@+WY?C})euN|(<2UkyEw<n9dyxYGIHYOVMpuxV|Q1f)#gAhDx5fP6cjf*g$DTOXZ5MvFHrxujp7?|}zsp$I85yLU|oIn0uMwCO+R@BqN z^ri}RP$Y$qDu|}gFAD4mg@Z~xRsERM{)B0%tA20iRjls@%P;WpaWNrbCYpevDIzHX zNd-n@36b851X6NA5)(p7A|_A@{nZL2WHiA{$0ApF2IOAlp1QmR<5gS{G|!w~K`~N3 z^I!Ye*B*1>P0Ke|s#jN}^i&!#UO3N70w{xifhWr%D3>JsMD|8BEiQ7q682Z3yBvU& zjmJYpiq;T@H*nJEZk|2@N@cQJ;uT*cXT;py452q1{|SXTEC})Ox*yKGJUuSmR4;gZ z-Z_@ZrQAedY`E&(0HG=;+F%1mI*QWr;Zmq&BxN)SXQX=zB~}s*5qr;@}`itHX zNZLM$uC|RRdR!L2aQD$(j$da~PA-me4YJ4iK)RGyv%gO_8kf?6%gc>94>tG__)%x| zN5oMH!v*7v2f_zEp8$qcUH29}PL>RMI(UOIY1cy-J`seXS-b)GfoV0x;BpwM(avb5 znv%(B;27bifl)^9Y|(_UFilgQIZ5z60bwQr=aCIPhfYM@8)_LrKW6htwkVL`u< z-@l}&vkFVdWeN_Gq@>V z9IN}(@dAt=O^6fjJhY3=@q*vft#Dtq+q!mdUn~Ti;l0@~iUMYI-a~X9J*O9Oq2wNb zw8y%SQxJTINi<}8`~zj2;;Jqw02UKNq1{6m zMI7iAAP{_4c2}TN25REE_09!ofS1N}p(33H0lH?F2ah4%fAKaHjeT|9a9Y_Fd0h*t z%veGPK|%^8>MMHJ5Qc1wT#h;q||{CVet{duS13Y)A?O)-#U<_+5%_s246-xGSB^9a9I{(k>2 zDU7M+JMhsU{$_!f@edh`8n%1dMK>z&u_TN_qL?GzR%oj;5&S_&I!N5`2@ZsJf;0eT$kY68JLy+)ec$e= zrG=5(AiCBgo#A?a1$p$}2Z|m0#olZzu~XbmUFV0Ih!W9P<8@+7n%K@@ULBR5z9Dh) z3j2V!2%GxCn4FQ&kB_pcvPY41ZH)!)(u|c<^Vd6H1LK1iaY$)53@nd>b!GrtvXNA? zN|Rw?I^ZCWXu2J7*u=^u34v2 z&C&2YsTmq+t~H?^+%9%Bl{T2{Dr$gl+$al@K5sDiCy5=GBWXLv)zQpuGw$pIZ7b)7 z^99G#KMo!a<9XL1TbcrT7}sXS1^@AP6IqZP0W*mnvBKL|T7d<@gw$Ic*P?$qK62mkS@r&eJGCa8hhH9)~Aj}ZzFITpTT4ejqx2$BASh64>I4@0y}t^waR zRl2e?J0iaisl}7MUMD}XJzl(JyU2m}WMut#H=S**FY zai9EG{dbOAV-3tHiyPZJ0_BX9`cQx@q?G?(ifNREjQz}ultG|3{t60i#|)-;vij{J z3Rz~U?PyJsM1A-1!s|AVuGfG)=C=t%Gh7zY4<1$Qj8!cL-*ulPDiLQmuYlYGmM`gb zjmn()&oW$>dw&4#C)d&xTYbOdZepjKd6XK1!?u8d(TLo&XeYVZJm+2d8JGT~U78^itnMTe}SHG3q&9I}%ssbTL^ zNHTbT)$Q32!Tz7wFlJD!(fh@LF)oDJwAosx*y8k~jgJYG6BQ}XeGb)9x+%e(hXaB_ zjdlo&m-UD}2b5RTB4?mXE0&PiF!D5v2s(Azh&RlNt}j|=?&q(N9C*WBItZcP)=4Cw z7f3*M<7KsUc0A0XGQe z)4bY(<0a?ztMr`w)(0*J=%+7ks&8zHlUZ$@Uo$U$&f0w?irND*wl4gOa)$SFxNYth zgZqPnYmNgBku-T`muFm(hdyuJUn+NGoAuF$jkuwgx-%MXl!86*{ks>;LJdY&K|{sI zo}RBx{L^+baZhUz2A7(3XvBr9Ei0HMD64ME`DMi<6#}g?RU`vca0MQ`KB&- zC{LkInkn&!OUsR|E?8*d5xVE*n9Sh5ZqNz>e^B%grv6dWIN&Z*1W~<$908m>;9d7T>YKw-$Fbr zhIG5igxg^+o9%&_QdhY|9+b)JNMSa{HJDISQqWT}dyF8loG=kx0zjm5GzQ&|35I&a|?wxHV znNqQXV~o-VL#1P2WCfLJFQ?BLX*k2N6ha;KknNVpGR>ZCkU>~Ld|impK}FIIAN3uY;id&lbtOP#XymoFJK*x z;3`k167!JY#n5F+ivFtgRHU_pmpLo$PVK((0cQ?lRXoTd+uO8nb;x(ask>7VZ&R^FIW^)iLceMo9 z(?EF(zGf;GD4)W>h4Kwx5Z)0ig&62q*}1q$R=CoaMOb^%`tO%1xLVv1GO=$=ad>{9 zmB3*Y%7PjTR@3}XpjQHx^fLk3BSh_WBj(DqxdqNZOXWnZy5xI#-{2?fQm02e3@7vc;)%KNnqgYs52mLMH74)2 zC>}dZ7Xg^|g78f7c;F&9wa37Hh3;$tJ;k``$9&gRmuuOYKMwF|^jU#-owVrM22&Z| zws_y)*lO9N$^S zQfeaiczwg*Uo-?P-%8hTk~_groW5ru-)Y~gb-`9qxGBb^yd~^HY3T=2Sm>h z-SwtKJx^i1dZWp5%*PuC-pO+O~j(5zPf@ydWE7WzVy{b!thU424hfd8l3AL z-Vn=X5zR9?W2qHo#(l_M`UC}pOQN+;HkXQy%f@1vAqe8>7shHNh+0fEsviz#T?=6)EG zOoq0&>+Y7+Shs*88BDPH{RbUE(tn6JU|S4~05fYZak+v@Gb%+=*1-H^i56PGwC!+4 z3k3N+($EyzQ%80t&kH5wrvwp@Mkf^;1 zP4yIwF}sY3bJ{l8HhF@HV>vz-I2>Ks>h}eU$D^a2;;36NP}r|%wA&x(G{5VjKvLc- zUNB+CPvOo4$DJvr-cNcmA**6ZkyoM9n^&XSep|?EqkklkfB$>hgm-J)L~^shmHTxB zw>h^c|GXV`AH?E*u&NZe6d?2xs$3A$OYrbZ$o{vA;NpE(oeQtQ-Sh52l>6aLqaemc z#_Rk2%V}d~&3tKwcJ(Ml)>C8R@qgX7kv-e7zvQ&IcBI1ERdL0UI~C(~_R<-iju z`raK1-a|oOzsa@W3BMVr+7k8?)Bba#)2=YCyIGF5gQK0hZu8nho*~fr;+ol^=2n4z zt(9rO^XrDE>&US8IR{7GjckBcXC_*L$lFj+o0DYf#EiGUO6)7!rVEq6>&hc;s1Ogo z)sjrM^AfEYI@wy4!bQrC&YEK+s@-^)>Gj>FEz>)gz`yc+d-ElvCteCVO|S15UGJ4F z-Uia*KGII9nG!fi5Hv9vnmO-Wy3jV0_Q8P zTBi-U9n(Xc&f6=tW5-3~)|)$?qE**kmGV^wjR`oXZgJj{w1mi9lfwW zt5RK`0$FqE3H3a?{IrGgKTefo2M~Q@KKpDN%IpKzhTQj&QLk@A$ z?OXI}3OjZ3wMxz{`>*uV0G23+9wrS`#1e(kKm`uoc@@zL!kCuQe`GczdV4}w&38(GHG^epK z$dCdn54^3JuaF6RzwAzN`@!WMfk+BpW@ruvOAFcE*!K8RHw-{$n!{W(g2TCY*v zq^Ki^-$dO&M}^c(9aWetznxieU+G)3pLLE}zoHv^{*bPGTxMk}#ZwZyjCxP=?U`L& z`UL0gXb%$jIx_lsUv%m&?(d!YZ)W)!KUWfa{lTkfu&m$8ge zO}a&HC%jdms$hoCZTN;sDec_f!F|k$;C&rC>}shcrZ2`iZFYJNQefIYYiE^Bm*h?= z;l3n=2M;>;OwF6H=J3BMtCmklVX~xB%wkQm&7&MGtr#Cfa1Nf)o55)1j?#$Z&C3Xz z-anwh-(CM>aDd<#ar2SHb>A&;uL2@2$y^xHIo+LB`E|>Tuv76We=3R3bqTNjNvIX1 z96H>pKOM0}=C%Ap*qT1MQqz;R#BXxOm-*$we@v&-U!?#_q5f}j_iW7>t9?}C^$-ig zX?D)jNYCUHcMt=iBjEVcne$9p=%(U7T7dP#F1{82c+QCI&EG~*O6oP{-t!f`OmjfD zKpNg{BqTlTDJomdydN+7EpMRyG;Mo;#@V#IDTSF&wCmh0IeE&ivb3c}1H;OF{1%|Z zyb@vTw6iJ&HhfEo-7f-GJQ$|e8##~6eo!{q&8`5e-l&$A=Bg`DgW_~fM;6tZ7*81; zDsSsco2MPxKw^clVByBgH}R`h86Tr!zRBc%ncz-Wp9^wi0#0;@Zd zPz@PgxMEz;k^CIu_Bix9(UR~=71%t@L6hE4Sa`BxB*y?{9hz%)9-AIp5Ie@ab{KA| zgGvWgbX!~_5=WLux>g$ie^&F6yfNekM!kh8N2QnbUrMPmnP6^N?otNAA9S+w8I00` zAkYbz7MK#q{z#nB`k0lMw)*{5;4ml^L6*dJX?i@Rs%9?-A!7%|!q$j_9dDY!6{NfV zJ!IPU1JNQ*nN^>LrLx751A=IfV2{e&Y z`0vR!qG(E}R60$uM*DmT%}V<~4oGAoVp&vSdpw;h=1fC<(Tg@n0hx|jc@<|E0*1I- zWwq!vC(@!u{M<;&YPgdcb%2l9W>aACy@qlX)@U$Zn9{XLKB;3i?(24(W>c9cC5Q3e z0e44cr-gl5av|_SYXuqX%IxNrkhubd@S-A%6+{UFQk!GA5?Qv3=}ZDXm8C>)_hgjNK6xq6!R@WOUh1d^#5in1EnzRp?A)WQ`}X~$v1cqGp>VN3eQd) z>8KaDNKR;rNa!2=aGQf6v6vkzrz{`fV9@DGNicw^qFK{b;Z^a?t0&5ATMR|@*ka~? zeCDR7)adl~h1M>i<@;xn4CA*2WyVG#Xu}~iw-pVGu?mf5wkR@btwP#D*`b_CP1A`@ zw@?q8(nFQY4IWw;dga>WvbYk))Q-vr9hPX86_upBiE6CX7lnFI*{YGd`=gBV zPd872>;q%|vE>A8iS;5X$;&Nww|BtfYSDSz2?bto&RLzOr?iTER-9Qe1b-E0@?(gg zy|iB4P-H@c;xMNc6Plx?XqxKF5tItTj@+}ft|*OwhKNo_45P8QqLr{hlELvHT-fN0 zrZdCydHjVLY+mW$xn8q$8ExQuKei1#E0jC8eoOzmaAZu&?tpl&&i>mzy4gR-b}Bbx zPMh+wZkp!291rm_LC4_m>})wkT~=uvRZYRnYH_^OZfjv1PcE*3P~bZW*&>}{VXr@) zE#E$8j%AyqMq$I0qQurBiz57QNGwyMg{ik3gyWLQZX7k#oHQ4C%p1YFDQMiQ&6-D( z-5rdEFKwzNeY}i1MCWNajazedb1IW?VsT1Y^in3hTiVD4Es33A8nH3+NNuah4coyd zyP#;*(Ho7*(zG^SQL{UHxU$27ZVb*|I(o$942#PM5(S4BkepJ{DjeG6H#@Yq4cu+W z_DB-OWNU>+Wvf&$nA_aN-MTfN)K_Xa$w(esTdW=MlP}g2^-54>62qt(hcgP`mXbKf zPNiq~r}i@suMSnZ9&+Je*eg;Kvl@~8eR0Em_7T5bLu{?hCL#{AJgq&w_hGpCJj2j9 zJWtVfUhmn}#U4U%thLaR8J8I;Rc;^DZ(N%cyT50@QunXE_r7StjHrSi%wzyl5n4RX z^q5<2A`o5uFbcFJbR+>T+8*{qb8cMO9=9`EVLxMann+^TOVLJa@b0xz>q?WKsU(w1 z2ey=5`|o@T*Sd3}oTDPP@z1Seyuqe?1{sRu_otGRFm`Qsnw?iG%7M%HwCiQP?nz#U~CB5~2E8SbEKlCM2?UyNGA5wRUAV-#UMubdsYBn$bQ!Td4X3UjZ zf{z6ilGV63I%-ZmfxF$5QZ@<>glgANGnuD0yI&?_|swmOd4N^1#OSIByL&~IJ zy7_L^VHLbg@afMtztJ}Yju0XwLDsRMal5?-9B;aJL{f%PO>3|uB@?F5(vmBM(iq+x z_3A)&QWij^v#f;IRPSvHQT+pgDSYt9522iO1RSIZJ-T$iX8W~!G#hdF3-bKopn$TKZ zx?bZRfW;a~pL>js>eQU;N-XKp;j)tk5}}a){c*!xp=a%YOin!Jdbhr*E?a}KN9^LA zgkrxIN3hsELpQoPHPxKaGkU;C^S8oceopn6#nY z+k+mSU6pD&MNkIkhzxEXH2~5!8jOJjS`_`mD?Ue2*IFsGI8Lv)o@l@>@{Br6*gl{P zm14zn)z)P$@a7#{7laQxu^Gg&ibIjhBbJ=<5C!)aK`~#jl0~*?GAiL12)yJ<=v9cA zA~J_wj52=$J<@5s6LN7G=`Wjn8Fnv|__u{$hX%=gs6t-qNDN$xE{d^HQo|NGt(6go ze@z1U4|{P1=@>i0p|~+SxBlwhpI@$8+2lU!YxgC(=j}#H?2y&67cF*YI)6EG2oP*b zOX$$Zbh5a7-{axGor8S%2t%iu#%I9Bo)^g_Q0^EyCw|ZZD)IqH2`!!vriTWrybJ@7 zE*40eGGscIeF|Do6h_JOL-qBB(aNjWe5QV*OcpWwkcy#{$cR$mbWZ$s{YRJ92-5s* zYKxR{n#ZS?rwz^p@|rT<{bCQ|qC&u`TWo z*g;j@ev2U7b&!u*2)YD@x;p%Hw5v~}=o|r6K@Wo9T&ndLba+M#QA#bSFp|-37ma(k z2g|E>I%*;gxN(e-pz1tB7ff@mI{_4`_he8uf{Ho0PPEI!aM}-3tec+LPNOV3hS>PpCcn` z+shh(qDUKy+8jsS*n-Bu6WYEf%xZ4at@x!fOC|i`UBO0xRi{q_-WcskI*5XiE$+ny zP}l;j>OndG(Ew0S7@NEed_xhRUj3tmT^0#wo3GnWo_n>f@qgYgiSzBDd(~MR&38(& zC0kqKF_u5lccT{-iqtA)%=sYdk@r zyvoKmbf@!0nd@au(BgegE#I?8hM$|)@{Vvw%C=PB7l7h+d=Z7P7yhKR>2nC8TTfd> zX`Lr6IV zM3n^i8JC?8c_i@)L~Kd;bR($12z`QKnF@erfXr38zelipq?yV<-Sao6;ckuKHo>FcBp{aW5kVgB&)V10zLmhi*NsFr7Ql4#6F^!X#uDzXwHc%!1I>%Q%#UXqS*&QT2ytWMQShF=Kw<=k z&xWjCIr2hKxf1_@^~hC|puVHh&m&NQ>OEmrXxQBsE{aMRj;OflI->#6<|^IPH$8Ma zG(##uwD%{NIG2d;5^11^5F%F4t6Uy}k8S0m(EW+{hHKAanf6J7*k(X1<)4aAYoduH z?0bp;Mk2T7Ax>Buf4c1W2>!Kmnq`i&x54N?=sUz!>X);C&Oc)qwmAT^1eITW9I(#n zi|jZ6gVs)1MURP7so^nTgnlY2Z>5Bl_qg5KtE++IDbH*UfoTVpuDseRpCTnKI&L~* zDPW!lMWuWz+4AiKa+arX-)a0c{wUJmGaWtP(eq~w>ccAR+2d`Q;$>=w8zexrT7cP;A@? zW#pJXRpCT5%q$&Q6AZ?Tau)*ALo#OIE?P;rdg7AF3-(rNXei$iFOH;H-CZqf&1k{% zU$)3#6i};|f0~8ZzI!QvUes?fprfrR%CkJ6WF^5anX%r+k3=5G?l3RN^-QcZpO!at z-;dp%){1f~a{XJjQ4MJshX|E5s^kmM)Hxxf#AtS!BZ&{q15`s3QHbZkPHam~ zU&%hcGCU_|Y~j`i)zF0`F=yA&=LY>%2dIlif|6sv60AqG{yaB9SIx$3-{bk&Wim_p$gtA6;DA*|0(UM4iV#R)8xP>%j zmEZ9WW1Cr>RT0OK$ASdUVvfe*oc6rp4jLn89&OVE zF@>dWaF6iL9wU+ua7^~8NuacR6{mqZRS?Xe+i(x|U*raI7$MXx9S}*Gvg*B$W`Z1* zs#9fm`18{`oH({aV|E79k*(L)Ei0hMSX=8Jy7g11^(J-gbDZ%4?7Z?Q2rTw;Rx-z4 zmu#wtC&2$IP5K>SeYJVhCRwA#LWC^oHKnPFapBF<7u&4O$pPS=><{r!Xu}sNVv_2a zO^S{sB@sUS{&5=Cx_1LH8}^a#7kr9S2Y*XlTQiCiLKp+oFgM{?`}`fYfV#*5 z#xWM33U|88e*zk6`+V{??5~VY&Xy(_)J2*bdz40?Y0{VJM&1P5%W z9$bi<2KLw8GT{p55x!sICgB_vYyK`I?zUd3Gx7W-G%3-@f3%GTqnQ--c9)ifcprOo z_;I+Lv3Va`cyf=`G7SAef8@uSbZ)0Jcv2Nq%Eo*FU|D8omgP#tV1L4&7ka_jMIk}* zef_M0@X^aF$eT=Rq08gtfM{{wDnBA*XHBC%ALTy3`{ij> zrCcF%u>DG*L6`G4ispXkN*p#A$13d(yozbWb!Atl(b2boV%4*Ss0WVBY*(VoLx&+` z+AK3vRjb$wWu5&W5_Ng{L&SApNYAb9 zqnT?`wsrx%7)ro5hUd8JufUF$+&^>vjh}x~zTDGCT0y9&)+vXZighp@j4>PmTBo|x zeUCM@RTCA>2X=5jWR3?67$Kr*5Rm$V8vUiaj{#RO;PeogG(ut)x`Nbu?P?wg)0#+r zz+r-)i%J(1*;crcG4WR<8F-)xhLYt%A3qi=lnu0+VnR}OXCy^-L+L8;JCw1IZ&iO; z?M}5IO`QDzTI?^1pi?cVEwOW^RD3`Krz<~mAfly+y|8UwK!6K2vz934zI04#en>y5 zZG#7b7$}nPyX2+eEN1z8vbzlqU9B{%QlJbaqcCBxtP?AWFB`bAQRRg?^fFnk1>lo} zYX=G1pxpvU%qaRNXNr?sbieTS;`J~`gbSPKlx9N?xrjI#CotNkM69)84ypkHmtdw@ z33>#xiQNJ(U`|q^09VYSsk()bOj;`*3s1}f?{SJP!$Ufz;nV)d6KWDJxQ~oNVfqTY zDvg~O*&nBiZvrjL&}OMfr96-yOuVR>-_fAN6rsrY>HBn>d>I~@Aph{5qe&i9wiw+c zj1z#v!zqp=DVL1t@s?^B0ZWo?1hg~d&-#EW6E7D;6=)Db<2~RVr-vIn5Pru=4n9R% zEKEAT;5!aZODztrk`VDJ<4Mlzo{)vwd?eqXXz}k&x5Ub?(b)w)2q8_XbseCmET=7zLjP6+a~Zl@KxLM5+!e3{S|IwbuHxeOK{pffc0t&R+glx$-X?6j=2^ZhN# ze$iW11dSt>dJ9n{;6yy1t*i-HFy7%RN_3g8!8gJ7$0q#G}j&t5${j!IANMMR4>vE_9BqW2n z7(?~tbBPI1CBe#Cg+VK-M z*$c_~p4R$rBQF8UFjzEHnTMsLpeI0A>bDWj9X;&4g*B0=A>+x=AG+Wu23=OB`UvF1 z=@QcL)ll5i)p14=GHz*`N9g24LhoRQSw|$4l&S!#*o*g0{N-W#i&BD(3P4syz-|2m#DZDvFAk&n)~BNa#4ne!Wi zETZ&QEln`G<-pKeQ7KEHDOZL?>B-#$lT%Lk54RpNz_2(`CWwq%7)XJOz{msBfyV+( zM^=F{23%3V_@`08`BF!5LE7>g+Jpia^F}w!7~nDKEEt*!ut(x`UXdm=VAj2S2DVMv zi3^l_YqEjT#<1sVA9lDe*;3l)4BVckaEMT$A$FJN8LLvO$t_q#PQGs7(3zuk?HL>~ zRdZP+f6mu`>p`mNui^J+itf3$LYI2sPHW*e_(~?Y=r@k)Q@0P!zlH@r9}uDMiMQ+U z_iN|(E!79AQ=el5Mk!LH6p$clYPNuPfqLZewD=`b9rfKi$_&n13D6XvSf9sK26LhJBHF(Chf>h8U`<>5XY#iG-t!{HrwQp4)$>bS?&) zyrFC>2 zk{H++QsjK8RVn~|bu53bL-cZ%NcUz%;Kt{Xng`E|i@;r6Q7?)qkrQ1ooDoTT)S`%S zppk8LA_aC2lPDSNtDXshy_6q*7BDwlFS}!?aMkN6W47(Zit)KnTux`bu}|h1UV+PJ zNIRSM3ouk=W!h=%J8nOn3uNCj1~jT4<)RDIR>(#y6~~lJJ%=jZL5O^4ps64r1*ahb z3}0pp6MFnh*_aaKfs@cAkBMZZ!}3(kF&i`RQH->ocHh(R~Q^W%>khA9}LwHn^z7ai5`gGPh`>9A)1@76XCb zfhR2I8Mdu?F?r;+c*Cz>Or`aAByB2|CAU-&!B{3#Pm*1-`9%9!eZj_$;8aw zY62a);?!gHtq8g2YiJK*3v*@T?#`z?R^RiJK|-{gWHvNZnor*##`JEzK*t!v_2Byo zUY}#XFg>Kk?18wAG%*dBikIXoM7a%M2=0J-z69$vWlLoA-jjF*O9TNjh`UXIh8(r!T|bc?{XX&mhsU`G6$f6)6GCU|K_B z9qlnmW283MU$H_ZDEZtdM#TA`7N*@t%n`EjU}MLS*5vUKP5||8xZyrx)J}dO)!;FT zR58G~mcwSEFa`{y1W`AlvB?0H4<>G*{ho5hEeP+`daMd2B3%y1L?+kiEDsf@mNXxP z(+>#i@Pjcga-V}dW^>F)XCSr~m1oc5|S zyM~LpP|F(~xR?;NZbZYVa>8lKHL`U*Sv19v^8Q^DoVj)oa zgG6M)46c_v{oFD)%7Kv^F182HZuHIf{QlT*-RKIi2vM+mCA0x4IAMJsw)Rr ze;&HMU93VoRAFif{?Me&WY6HR@efEw%SRK1f(i%*o`5-}QwmD}i$sqV_8RWWPy?3>_?WIJO0!CR3_ zu{wI}HRy*rjwvPE5`WBu>S~@q;IwK5Hoszz2D8p;|LosyJKg3xjaVs^g(6|?z|{jx zAn_Ikp4IzqCJ4d=go8l-(Ii`_tN5kk3v2MgY@CH-(cKI4!F18|=mt2Z`#1fY?4H|5 zy=!(lw$pB+fTYA(_t|=LHNC|WS3a0v7yxK#NppIL1d4|wQkusWD|FHhZ9+m$kG&RZ{fg;r(NOB$CoQq% z2&#F%`aul2o6Qhh_w@@*)-mf2$+hwiuFcFG+_3l#&~IHk4e~W=X<3LiyEEFm(jCmh zR&V9re={eX)^7ICY}=Wep1Vx*SZnzD&Pp$bqpQCUt{InFUg$0jEKq!A!t}he(7!z$ zWw$KhY(8yz`?}sPc$;o8I2|cS%zn(;>T=Xd#vM1hX;Dn6@!P=~+M9@6km%^oER$3N zmEufdLmInW1cb-SV=Dl{3;hL;q0nW`u7lk60rq03c5fgCpZTI{m$|y0pRm3>@AUF{ zI={z)YwNC~wL8AQ&=m~cK>b#q1#32}d5d6Tk!8) zr#mfJo3CREZ?7a?w<>4q-qQ1&{ypJ0en0ZA@Gnc3l=PjcS#qo7%<4>JYC4VQT7Es8 z;QGEChv42O)jI8Q_zq{e^G;{YX$L0}BO=p{L)&2?ZSPT6o%2Cd?ZpXN>cqLVCdD2F z*V_DTvefDz@XfjReP&&0<`DKlxYtfq;VX{a>HuQ^zkD(NS;?;TK{Ct?;i(HPxHLfv zqTNJw0~)Yb(tO5y!2yC$4gf-F2h#Bb31z5cWyuwxv?eecT8+ARspc?ELfnWV&;<6A zF>G~5WMg>%Ej+N8w@SXL77SjsC8m1JEtulwKUkdqcRq!v7tC)yz8RjTc_wQrws)?z zt*?E~CQZmQ9>gu6*!&;#(b@vRc-TR40t3G;^dGbp73=(=iJ`-Ze;%qTB)xTY_q6BqvCb5_0LAXJBdjmmZ?>=MHD%dR z;u@xAKbZvnmniEXRo0kVI4{H5IktV#!Sf)Hpw^zHClZtv{0ugPuAi;*FU&Jqkszfq zE6|FglF@hROu%r_4WuZ{_~UAuBNlgLB7dF~&zPXdx#Yp0nO(l5$jz6Ootx287?(8Y zrYn||B>rv)d%w}Fm(#d+txjJsTO2dTLlEosquQBxej`?iJjkT1&T?LsESt5(|_W*l$S3!J~7`7CC(|JHPNO@=l| z{Bh5H_jRJt;AM&fyF72ZDYKMy_gAw{?`(<)`09Rr2-DGQJb|+7EcI7_VKt8zT$sGY zbzV2j=CN}33L*|E6Sk)Ry_GF+|BjbuL?zd0-R@Xojamwh@OX@To& z=rex!xa~3&$MdRoiZ+)!_u1QyGzlEk=~Ot^V0{#jv^~PKuuzpQkoEr6050AU@7RAH z201@PqWRv3xA}e!(N=1UFkTAl;56|SJ?A&T1Vn@d&Q_e7Xw{lvb)b|8D!L@7W!+i2 z-vD`zQDvgu9%rtBKcN4LmHpC>ahlDMx5LYxskZVFVsQD4wEda_!&$XC8p{4R_w_J& zK&t7A4MiO_LItV}>iNt(Uy>Mc&nE*l7?n^gc!X3y!`GEyN`zRd{X(`>2p-GD#HEdL`Nh`wQJ>w_b zJ<9&K*Ad@NuV|$=(mrKzz3g-5grnOnoILqMVU(+AAL^%d_)8DCl5#%f!VV`f+OKlXRt5? zh%>36I7s-Lc{x>nn1BUuzh*F)z8K?s#5QUq5Y{1Dro0vlscp7Us`XHDoakIySnV9=RMuDtogvKC6x}N1=n{?j;>&90-hJKyw*s5&`|1C@-cdLOZKQ1}KF3 zDJ~V@5J5tj%b4FoCgGVw`2-ZVUB|FiE7vuYQoM_MGqi0og+#=DEI%9i;ULnY&bU_! zi>P_1P-N2wp~D)g<#3Tt%WgIeQ-;m@+Z)-q_=hUf?_bw2MPg|(o-jKE7^EU_O-t;? z{DWMV)QZhex`Gxu8{v{k*TZc;?XMW=iGc?v5HVN4e#$r$W&JKxqs?r`OYJQ@cvJf` z?=cJ#7zvpu^aX&1_k9rk9dh01UQ|`qSe1Ym)~TPym>tnEnfsdoW2+_F2O+5by>nWy zM9(5oza4_6AT_Ejbxs$+8``%Z+&N=AmR$;jO@jnaf`OLmpe#c!pHiR?AS29sM%ciY zGTHI~HdgD{*fr(gpYMT(QR(@AICQY2H~24v{;(K`cz{UuzS>4(}nt zaOuXxUw3t09P1AVa7cwc0D9Y&K`zi>8JYJYSv z!9=Zk@$fZ3MojV<@-fs14Rr6vjjORTpbys9P4oOtVKh?*^Wu?S(UAUu!6}vUpv@?X zPo%><_;_zQ?auX}(@yVY!T9!e>b%wrMiqPv)u8u88N^z==8ECzkPAJaV5`S9b4pe6 z1nXi&2ZbTg043rrWa8}>Fl3>DMZ&>S>dI-gS!j@7$|NoIW3xxx`K$NS`iunE`4Z-QJWMff+jvG;PKf@9#=j_H>vXb*bih#m6RsvKS@{;qSFe% zIz3Wn){>I!K_}89QM)5!lY0sdR;*prjTrXwrZZG+OO8KXG&``_`}^>6IZaolwmy5b zDf4iDVadY^Wc@`X11-G-^POm_Qn%N6ezwtGbSF3+93V35;sudLAyvvbZAinj@f2#@ z9$0_7O+JYKLG#FLX)#oLOytE{J!kY<db-E+3*rvI6Pg>4S;xw3RlM;L?jSt0kpQ~rJ3NM9#Q&m zvz>>ao&c}7ti50@?*JLAM_^_0Qe90cyP{Ik90 z&UeB_N6=wTl#+)xCu}JznJU>TeOy+ch|o@J`5BAY42s#_4ffy;TuNf3MrUbya?(As z{S4fj?;ux9>r-up`xMin27S&IZrZ49`5+@Tz!9L@yO2(r04L(i9UL=FLk)Ygm7Fv^ z!gAuU(m`-HD3M3`X zGdg{qG#Kk0-&|%o?bF3V;OyBoYfjF#{;GQ?o2)!7o+A{J_>2k5A6%_^Z@Bk|lqZ4u z@9&gdPxd}-IBr&WvasvFtIF<88!{O*VP*Tzkk8q!p9PW8%p?3%r z@LeIwz$)KPqAYWFkik_x9GHX=M#vlj4by-3x@@Pw`FpuS-u#xvmNG~t;B-a);t*6M zxGG^DVXl`jp}04o?iV1+*YrAj{V+7*!?*nflnTtJi^5$WUSMiZX;ie@yVQFFqrMzT z!^vRU>l8p3c!NLZiv$zHMBy)wFFFbm!T@ZTr+q6m|M7|q6AEGP48N+sYN>y1KlnNJvz1Bg}i5e0QHixX;VPULVBb#gp}BMwN{U9mK_YQ zw#<%4LWvP`Atecg8!!n82u}EM&<)k`dZ>6knA|bms2~`0uI+H{<9t1&SV?~NDNPgWK9QNM@dwrhA$I>-HFbG2L{j2NUy^1+&h zq0xsJoOkN_szCbQUC+aOYH{_BAp2^c317V{wuD_wSd@R=&cr>vX?NX__v0zG(?EJG zIsLPk)A`n5BvGEmQSN}-L1`i&8c`Xpu~AO)90IdqipO`mvN&8FPCs@_afWL0=B@T&jaHRgKT$&b`0)G%TCmfEbYaZ{utSnxY(FBOZED(r z-$QfY9(ew8@~yI|I`pMPlqNA-GMrwSCX7JTT)WP7OY0W|LH6KRzNP9o(L6{A4^`aM zvwZcE2ahINIbVdxWa~VOZjqL}F!^7>tVA-2;V-%^UL4g3p|_c3CFMF0!g|{KLOc#n zficgt-=2nV?rt~0q*;?vIz9u7s9*j?$UBf>qZ{hP&&o!n!#v>>8*)57CFG%^tYapa zyeTdvo1b5w`K=xDg-M}ZHubRIgJ9ZACCSvHk%IDu@fmG?UAtp0R;}=wj+~N)JY`#W zb7{S;q#QGWB*;|KO3a9DpGF2Oo{x!}xBf1t%q5aWOM1D&lyO!D#j9Q-Kz2_}e&m|I z#?lGb{nMva!VL;ym41+RD`yX9=H0jW7j=KE2<1&?97R+`atEWAGq3hgUL3Jig5Bj4 z;^kYF4l-inpfG93sJlzzq{nEZaL3ZtfEvh4EMZq8B`as zMRpX0W5+ob7)wb|3Web+;-s$#+zAFwR*0nm(GOIi4xSd53tN!{lyf0*Xry?(oiUSt z&74&c3mpRn&&kg{tdR)838KH~J+JvzZp3n!6xi$u5|{jwR|z{871d~&fBC`rtdYGW z>DDOY|B_XvNj4|?lGQN`(SMfuKcMb{d0$Fo4ys^=epE>9~?CEqA>zA+8 zrQmE``Gemou4Rx-=6Pq|v6fEm6EkJMR223H$GP`=?EYnG&%pMbt18HZgYS}c-{;9O zORAofARHq^>bQxE07Mg{gn%As#MfPdB;y}9s6+x5ZYAx1$iYOwrd4$i=0Fb&`=MmV zEKKRkgoCNqqkP$c=rTR>A&Ss(2$XCQQ=xnw6Yhf-p^1x!vS5x0Vlk0Zi_w}Z#Q?w? zk%fscBLoOZ1;u|Ztw;rLlP7rLPV&USF(X6?qpO!-t8CJQ&x0hIaL^5%fr#2hO71WY zojk@nq|p*1%of#VTZcJ9xZ3KQRma;GOuD1N=e&tVTA#T@e#G-*>CTz zCeq+C`4(;yFWv5kTl_+f1OurOq-H@D56Rx02sC$|%V$&ppjYLBP`b^NJpCQn{ldRdJe%90xziWVj&Y}vpfzm!Pi6)0Da(D+e&M6bqpXY8mX(k|?Z zcwfluH;h%05`u&yHB`1`uh%^kng7KH5nYeBHKs4OvNzV`1B@}2^XhuIM0c1WpM-`L zQ%~*4f{hXV<$JCf2(nuf)cxfs36&G?{DrhMT6q2w>k{=uPkR%DN8F-@p%y6YfkrD+N ziwQPe@}rLNlPO1!JfC)1LaIwa;72NnSXXlw(Fi=_;oLTJ2BxP3`w==JFc^$u$ifsA zCSC>j10X=hXQ)HN0U4C^TFD}WC-Aj~t*pVb_8k}1IY5s*u_-Zr&}>mpnwpg49fSO}gDwv(5P9hRQ9vHh^pezAG>+Pr9+}O}( zHW!H+o>`mkjv9i~i#FB&qn%Xdir|w@db3@E`j0n@G=WFbdKpQCTK|L8`?L6K3yiIp zIA;JJB+|x_2t9Uz2>G_FhJ^q223G`41hXc`9Ud8UrASltW=YmiW^b|@UD?8~=I0zjxpy7_`y^7G zNXySr8qrce3;OP#FnsoofcS1Tp%Ap693_dldE`+FeEZYlGy%>~;Ayek?gxZIn5>9U z9I@)DPm=xZORppx*0|^srKCU!Zj!`52O2k$JPKMu{%AZ6m^qU)6rc!qy#Xi{5;1G` zux?-;ATd(vu5O!#gbc}tj8OQ?Iq%ZwG{BgwJm2ynYW@~L1o9dwl=;MrxD~4LU#o25yrjMqW}rpd}&-GjXAO=1iku9V~$<$~Z~*6C#vvyuv{GA zzp`@=M~WOnr-TCIE4C9lRI7aXBpnpNUbI6Z#&+l&A9yIvi-G~)HIlo6L`JjK!Wi=- zkqnS;Z2S34gd_@DBF6;-pYo^3XKJiRFb*^t_CS+bH!E0xCRhc5G}9fq8=!L{d2GnA zCA{OLbS51|oE81t_)p252A!kiUeMT5pv094z4 zuIC7^74&WY++5~oMZy{gK+9c-lOd6FL~$78jE;w_`FKx`6m<2;G8Z!X_S3J0`kL2l z(Vp584|B|rMRy}hWs++5O3!}$_V=&QaV&Fcs6ouMat8^SjwsZbEB%|##pZKFk^2H8 zv9>;eC+TZLl8V{AJM#+PzgchX`Hk*Rsq+Z$f~2C@>(vsUvMp1EQ?2tUcqqd4!|%0? z7^ScB1NvX7z+w@9yNsX{EK;Jv_w|u*a<_qg`BRr=y}B>`L)6;^2AOiNPeH+ctb1a= z2PCkR{h0cokiz%iVk zRpLuHKW=SGPL&W_O8Jj^FZ?5Bc-e2cgDJuJK$W~#GLgar$!~=3Nxb7EQDN8bW!aKc zmTj8eF{PCrx3!`R$+OB~a(Ez#2Pnrwq~JkGvzZ*xJbegBHU6797y0?`y|j2m->Z6o z__}f~1Vsk)WYVfRcNs{^KduUZXlldaU=K3*!2;$tAv9#NQ|i?J6dSQ3O*D{HU##-p zXftkzy=v|&xw~s5t8ump9e3E|%O3~EUVKb=p@m@$*i}lnz*-b!eK^iQ|H&M_0wpf0 zZX9|2Euck(=rE)MPHp%Md|VzC{I5WYFtIK1sGg8`gs|YicqsBO-QnlqF`WeX&>*VI z@oy#~bH&ykucZ-#zrwJ@zURne2$Gj3*qhA(4|DOxv4f5wMFg8<9Hz=-vM%WFv5 zBNv1%YLc=tb+%tQ=tj|%e^KSGgjM`dcmhdEb6O=SQ@MN5>zrFW1dp<(`Je> z^~z!)ggNuUmHsf(K!z&ySqa-Al1`MJiwhKr)HoS{3*Bi(>&sT36UTbh6cve}d`AbaNVu=z6)nYHp#m?2T((Z-#@dMy4C4>1ifEGS2-En>;2?@f8aPXV`)|{j`$=5DdPmWn zgS;qUOnW}#zoO5utgk1KlcAod@A;v)RMoTKRpfK6FG&Gp zs&TH;hCCw-HK5QoVWk74fZY^p+DE!4QmlKE@=-}6&8MMmmt*Ud0aF%YrWC=&Z@q=F zc#HQ0!-6Y6gRbNWEFH`3`N1^3&+P2sGkWY{MrfNF*g^GD2@)W?A4J!4VK7^cPSqDx z=M}#~JCZ7uS}jF;A)>Q9l^6EE^3#j8t;?e|*a@ZolI+}Ltjtz@t;QM>>S+=7u`Xg% zu(~d5&9SnI(;i6SihxXwl2(m%jhjmhFb4KR__hg@80%7%$^j$azwd~hFYfW~mHqCzEj7{2EXM*WteC&@`a!E^D_+uxQD;;PRFCKO@_jaZ2r3 z&I-%Zs|VrZ^{2ScSltsj2F_J~9ncgspWLJpD6oVs^*F%yrM8?xD7yQ8`;@jwm2({M zjBNG$bZKGzHYgTU4@fwA#fxPHsJ5%N5s&2{riFM|8?=|M3eC<>Q%wA}bS|li6q+T& zZD2mJZodCzLG$fi>z^zwi*^7X}jlg=jrYQpqCpJaA234T)IyI)8iKO8{gAF2j& z`fVXGdL2WatR|73oKRBAIJ;HuM&$c-x&4(?!tlDt)a#6O8^e+1ImrLAI>3f1&<7&! zB)V#ycA5)rb9@n#XbyoaM*Yx6uJXNyz}DtLWX0XW3Jy1`-P^5&^Iu31zM6o^fd(@C zcF+@e`8m`4vNBZObWbX98DJ-BWz}xjf&MWqBQ|D4PnvWJM^fNbYuLq}FtY0p1pSQr z92CbWJRIQD&)VXH@hTiKnG9f14j@%=Q1jrU!YkCa8LiJQgKDB0JmP8o)-GaQ@n9+;Wpoyv^*b?3)w-;S3t=Cy|6dc3NhB}SeP@Hpo7OpG(vTOWopNg)M#Vzi6 zd5HSF$e>=oo}v;Wt6xR5Wp51s+$~6r` z3vIjvo&w34%t6YiIzyVzS!24`D?RnLSr9!XjxeQImG2`1+*W<4T>Ayv7TKQA=Pw*P zZdNAqtps8H_G7rJ7sT&m183Kt(x`OAmY1t`M*Ms~P0Ra>@(cdeC|(kbPy2Y$fAL)? z3Id@nB@9CVAK}`=L!Vm;`>=)UkbT+#=szE#B${LLGC)I9?{B-+bYf|04CU!VER%^t zEoqFzL*s7|NIhR8T~)|Q4Ls&yF56d8Aur3#X_POqG|XLCKA6 zER7GHE;5uQZGw%?b5)}8+JMsPJ9* zLvC~P7Fn@S@=dOqR8C;%vPzO-cB0Dis)b2Fft*=O-qXv-+S?`aw)`}-ANvMtTkabT zcjc2zzMNf(fek992Rib-b&4AUp4j}oxF}(`j&&C z(iTY#eT$AdIo+Esjx1mIVGT{*yLf05bWDDuNS3>>mkY+!xsT6&&}4k>h9y`)QkLE* zC3^ZP+ftXdz1~UP3Ukf%&h)xc?SNeFmD)3-M4bP3l8--PVRfYFSfP z5|2L_O}+4gj^jK0gVFwFtsebG2!77&y6pa9`}X&9>Ek+Pq)$C03KkOn@eU5`k}Q{m zcH3^*Ug+p6>JP((g8L2d3mXcVGD^g3&h}eK#+PB} zI7M<$%C8@*c{s*%L)zHCMG;?ZSQ2ZSNVWCT%h(UPV67%$N18vhU}i|MpKT z6Nt8jiCFvmE)8GHWvr?9j#2z8qhRO6tTkaWK-W-FwxGK_wcm&J3TyPtn0+o7wuZ3LHe$1;#rpwkN{|6RZDDBBFucOg^MHe}W1R z7YUS+lIFsx@}GZATzh8_c#Ee!c`ROcdL&2mcpMbFtf?w|PBs)fIHhuE7P!y0f7jZ4IP|5B6$pYMrJ~Ot@d0G+woGJBD`bLJuD8rJT{m$KiyGlB#jt>%e@dofs{!L;bODkqCgb#sL$I4GdH#x5_XCZ3~Y-g z)@*c$RxI(P(;x}z)4yV5ZDQKAx_I*YMvB+XX!v%p8aZjSwLkN7v7FGI@CCyMkIRbT{ z&96~blGfLMtMgVr=WY63^H#n^!Q)fuGKp^57qtGo|L1%sEkt}&a1^Cv3T+oP@@9XE zs%gJWQyokQQ6ZM{1)#8WP~Fh!rwwr#Ngo0Wc>r<&=!%QMoUyJR?stgVKF{>pb{OaU zw-gy`Q2hLwM1OZkP_jltGpP0|wL{&MlGtK1Wn}9hJ2i4Hw!G)zB(I9X$M|^7AQk!A z@#;{eaJW4P6($FtwQ`Mv~;a-a4RVXe7yE|^K=5P}+YWxtotl_hKH z>is}EED@tvMfYnrz@pO*|3se0{EO!~LCHA?gR0?6YS>i~ zEMG@KWbvI~j2CKp_f#w6Mp{=u4)Gxec_u;bc~3mN<5MpBq30FunU^tl+46J~s~G;I z3cLHlabVRRH0N!g_18B^3I9wryPmmJURH<~S@2!b)QwieK?Ta%JWbgl_p)xs(|Lni zCIfuE(bn<&xnQ{#dq!*R{oe@EX{mC^u7BF-SC+U%4-1JqXD$E0(tW0>LkoE^;)Pj3J3%X4lD%y}#@90Vv zsKdwhe$9Uw*di*ZBzfXl`u#h|YX78v;r$vd$=Nku9pivOj?zZg*kS>??VxT0vEIe~ z-oA5AOP4awpcMIl;HKW;1XO$x-dI;F;DpGj{YECYLM(@K&jtSr7O$*%94P4*=^S(`nHcth0IdUx_aAKn#o2W`S5evun&C-?O8UyoDy4>G#I_e(6s%w4z!Vv3MA$G+f{%B8iElAk=ZGX;=>t>}~`d_26 zdMBDMKd18wj6!U4zg*xF_~c09FqqxdjNODu*EMn-AUnA`i?W@z(|H)YvGR1Y-;|q7 z$zHp+*s(vZ3G4}Q$A%ImU@U)*%9!l$ZKzK4isXBpR{3_9gj5qUP@a|7CYXlb`3xn~r{Woa(v*ga_S=`Uzx0gjQ@NAhLG@!aYPRSCZ&Om5x{9kHe|w+ z9`R)J@s)RAO(xJ(bY9?zuk-b)%H4fM?LrmU6vq+guoa{E`3@y=5NL^7ObI*ZXv-sl z2+2r7Kq8c0B2cPM`@+C0O12!W(Cef9s#nCyWf6`RCoV}Yw zY^yIfVxa9jzSOoqTF>XQVD~}3glH~sGva-_l2y5}boW2MD0*Kmk1Vaffp|y8_wUYcQltBG-lt%7kww>geIx#D zqlfhT=6|me4Ck6f_kP*c!?TWA7AV7=$M8ySL-@Wf zZXW%KJPZl&Nv01($P<`zw3NI70He8{{u^Fnjo|P2%|_Qs$6R**$~pER6m#-Bbxch2INrtEav zH#=Kz`XH%y#c%yJlw>zkGm6`_`$T=glF_8At%0Fu&C#eY&R?!>u01YlTdS?UDSv-J z74SRFU%5RnHI~qX_W!4X)@SI^!yqTD{Y+g0!vT;qbr4Q!^JSz2<7 zvCosD(lXFIJx$^0sRExBy%e+>->t$>$Q1ZrAq0MRZazMrZzQ`h<T3`c@66O2lP2LJyRlouRVvK z*d62`#I7n67d4O43#f_N*Q8OUe^!H%FM$;U6={@)7Kmo>#NEcl5U8DPtP_%oI1h!^ zKu!c}BUG~?>LZbV=b!!~VJi5Hg!<-#95qP7AFlbzipp3nbpGc3Fzb{0LFHMo`@ik4 zZWI297m^2Op@^Ecxrq)=jC<7k9lH`;_*{?A9}jyx2F?603GT<+arM57bI*y4B$mo0 z`jqQ6C&8b&r~ah6H$UX1WH z8lwBC7F92g>TplpTpW}OnCdnOZktA#)G=+=ZFAWrA7*4k9O$-0J-@Xi-ZqD+ly-+; zpYND0xcs(mh9;6`Y!Wq9W24S^RJgO@;4%=RJTN-Tuew<2j<&wT$oo!Vdlc`z!?2CJ zPfGypQK{az_{aD{=w=ZGgsurbwYP8mD;eNe`Y zn(tcWBKAvrn_V`$4Ffspa=?W#{Usr4JZ4I%$9FX$x4z<@Z!fj~`Z{_$r4KN-i;5gH zWg%DDQ9&cc(B*(1!v#aBW(+?Ix^kF(FgfQGN6wvySlLp{q+vTf(lK4F?*2a4Jl}W@ zg}cFg)|kw-u)`fm{1lk=yik2`eXMzr)OZn44 z$$HSeLG~wxs5nN`iBf_^fsjLma7=}O{k*>NGL&yE?pcVsWN$yAKE)i@EI>Xxig>}y z+->Y!`m9{;9zXW4)LXk!N_Y&?dO2=|j_=f>!!Oc{JT2cFpU(pB+CBW4-W=J|(;F!j zzVy3E$F2sceyl;z!)j1tINjvPhbQa*J+g7_33@%@5|gyhcg|fYR9JjSQ>DRqB^a}ZvW&8yW#OHqEQaF zJjbz8jL3@$L@Gvib@2QDbH^hWD*tu@a1Ty+pAW`f_sz?46{{FJRTTgw%t=WRF5!o7B6K|w zVy}Zy`BA9#Mg@J_c(<;OAEy~6u0&Mfv_CC@j3J`_;IsVnxwi}fp`<1jP0vge&808R z&W!A4zp*AilWIGELiKiL=b07@)R2q88K`sfPT>`xXu6NGYOXV4t0K5?Wqj{u$?&ib zf8^Aiz@*~5d69>)M4P$ii;`7L8ht-y;y(MaZ?HGebSas@#cxz1W^=OIg18?|xY68N zwK=mOvfqu2Q4ii@Cp-OMB88H&=csjj6v@&_H5%(icII|W*+-B&=5k#UcicK-EFF(- zt7$;ZU>Idp={}+4yLL|*cuKHM$||nfm2?vr zhPEoIUSA`0zLOJ6Dud@@cj2FSZ!L`U+OO}<0@Y?MO1(d0+DHx@zR&);Pj9NvVsSWk z-6TunlbinoLSwbKV&EPu2ARtxW|*+sgnB0(uNjBcQOv0s99G;r-J1DLd||*96M#1e zlcpt@%Bin65KHL64Q(Wi2t>DS0dKEFNrRd;HwPx_X zU5mGAW4$*gYt|ppa5Q=qtj^IdJy0|<3WQZx^%2n~;^&Zt+_;$X&4#_7lblkcp&ZFP`&G`%n51@nUb$% zJP8H4&v|@bHpss1v~kLP@ibB+sNaMNBSiEI^AbJ+IJ|$&us2I3?|j0neCmH3&2Z(- z?mWU3Q~l*@jiDdI6RXw1j_k4QLU2_%kh+j4p|SaYfz+Bl66ZJ`sfb)56g1>+mwpu0 zM}u194;YC_TgNH_o!ZHjXQV^tH7YA*`#rM(G1V{t8+qe%Zy1#;6ZVv9?0!`3TK{?M z;LQH<)0f1^S&x1qV<|;?VMW-Fmk75w7!YtaNaoQo>@DAh{JiK$4^9yuu6tG=^3Cke z9w864K`oI7Z)7bv`gx>LxL*k%%Z9yHA0E#JGV?O^LpI%}OVWel1_OIO1vekuFd818VT2;No_*e6}X>-h^o!V}EB z_rWut3mOI;6eq)>=NqJL^V`JBPM;h>J%q6%x5N%VpCklhipi+17dCO~^`|r5cWioh zUh~edb^6043i~`$*VSX2m#s9#+y${}Nb%TQpSceet5cCIdzEFJlTLEDJo}IOzsOjV8FDyWhq+krhM@z~41Oew~UGVg%7w5}(R`|IZyJ!G)|I#mFE*4p~a<7mE@L39sg+Czbqn&xLlk9mIfe_$uNc*IMPRiqr9 z9j<+t?AKq$qVAB|k2!zaTTr(*V>t5-`T5vDb4HD^b>Gw)8wFQJ^h6&*ntBZ>!E;=e zjZ|)KezK|a+-OScenP=AMKaih?Qn3QmS26PKUQ1L%2csmsL*C-3hs3OQdVngO~XuD zWQ5D~_U0+Tc-*Rf zT`BFshi$A#Z6!wZReQXq&*Z7C_3?`H`;cWc3rRt)TOS{hjxOm{24@_H3#nkN;Hv@p zb+!v_`I)|M|MI0pw0V!R>i3kiW8-g%oHt1ybO>w++sVw(CI>XE8+)l)L%$xEg&qCaxn_dcpaR3}e3D~Q=P+8hoav2E z1uL$JjTdwWUHob z&`lS*J`{~OvX%MPWzml7!1H++khFy$(5}mcWE+L)T<{N!$sNzujQ2TPD_e&Jx*}gg zSRs?($i&&H$T(lTU0Y#h(kjYcc{``$`cJ>T<%J28uc}AL#{Xu>A4W(@F;Ev^>lZd| zaBC7VW}VAtkswKgf84=j(0Cg(dhz}m-iJRjnIu_|akP1BWz2>o9Ylk1cr)3FjY77M zO~9YoDG0lQPWa-e-fbsopH_=FBZmEJO$>>C}=c0!dXV zcvekgU4vm*Ilq)TI5}Z~Xc<}8U*-Royj8!X|3>GZK$5^0vQ|&QuNbP2(Vq?b(EZjo zk`xrjC1$8udU6mAV`i(#9O9;Nxt&o(0f4_iXfy;(iRt3ow3?ca@JJCV;T)LRxcTFJ z2`_E+YC>}^?CQ@Vd!^*(GWtL7rm;qX)H;{Vf>P?7Cii_a;uNfa9YNsJZ?WRJT)6UD z&*`K#weFBo&q9LfePu}WdW`*W7J#0rgb>2ZK7#*qGBnk07hmv|1ChAtM{{SVzg`wE zW?d-PruNyxwp)tNxuT}?Oe^>Epes$t`w{5hek1+I3l6Y>=bI=FSM*3FZ}_&1-!8Ra zN9ZxOu|e3@NgnOQtKS3qyU%g9uvPbq0)|GUh_@b^rO|Z_18?sGXusWsQ^7`a(5=&x z_ub=KrY%ZLDyaDw0i~TT&#{+#<*LHxVK5Q4Jo=kGwOv6BLel&CnvSH_*9uhP_wld1 z3dG~Nt*xTsF!UJsz1?T?R@%pS3wM7#kbAADKL>`>kdTlt5Qg$)oMo2nJr4*ZdRFB; zyhT0Y_T(C!*Q<{<&*KVMjX&~5!+q^D8yd#3EH3cnCj`2A~S=`BPsO^d|UQ zkah3HSU|DHL+C-1s^VVot1MkGAm%2>oOBw67C1ss*a$(hh5Z)lM=x+yID$|6R1|Fb z3meXly^~{EP~pXvUe>YKEi@o0n@gp3Y^0|_#O>nOlm&@i(KF&&w1mHi8+N=rdzSNgFNCdhoqYV(bN%^P^6E`GXx?pK)#$ zpP348I5Pg_RfJ?Rj*x9gZoytByCC8f^PdGgM*fZ5c;CNM>o2#crTLyW^X3nY4zWPv%AAcut6Zv!f|$|6sS zR2gdj-2n{o$J)PUq_w74Y}eakqve(PntYLWI(XCFm#)kG@_)G$e$27$v7Dt2VQ{R) zCW*p17!QnhsX(+D2PR1p4V7{enLal1-Oob_Jhs5pTmgOX<8c9TYvrV;WsR5PiA+m1 zbqJ2NQ*25mD{o3jfC`f%Z1l+^C^g^C7|cKX&4iQy!lhRwMxwtdxvyy6_d{xHFTWrH z_s-If;6|S^ywZ_&n}~XvuGhQ;bZVm9ijv7j`Nv&K|9gCCBCbLkCj$LwUBtM+i2}I7 z*Tr;D<~*B&61orWU+9vl&Hs`LNwdf7FD~B)lFux@uPB2NsV}?9*Dr?l9n7-=E(lWY zDJMFho*PHDyAUNWW3yIMSxtzvA{$xEzQW{|d93;oz!mrJ2W)ac2@ax|j*%MnBTKR1oWkK2p? zg|;yExMibBYCxQ4E!I@)ePSIk^Cs@ox1-6Y%HV}Uu)S!;*AW`d7H0bc+Kj0$_-uP5 z@smwq$##B;*D>ueoA(n%mCN?J9$VUHe1*^yYPgMpSi}=U`3}WIH-f*I_&wRlM{a!u zEb@UQKD~{0j;Dv5td^cs`4fV{%LC5ADecbl`w3rLIM9-k2DXul$Ct|jWWlEOIJC3_ zcf12n|Irg5%$%p+|Iowpj_(1RC_GH`E{x@+cEa2i9*kmJm#BHaI%tvoq(-gsC;7%l zd!Xm?Wi`-o{rWc{>UuJXkWBb-OX(>DAL{ZHV8^)jsJ+pH3Oa4oQ-Ddqrl(xm%`wG+ zL|u<91U?8aW)=Y6F88)zja_@d-6=TjF;({Uf&z<@5f#E^9;HNI_iVhHNzvj?vnTA$ z{%&X>s3VR#u!8zFr=m3jksH~bz4!0_M_f^piajUXnG>kV1Su_cvDU4^FBQh7%K@E^ z79M27O*LWU2{&8Cw$5T8HOX-(3S@sshZbz-;=%>^2h-{tZK1FNNqQidHskF1*heUE z>XKp7AZfa-@MM+u?GO5j9&#nrN%xT*=av?-hC_u1xl3-kpr@y zqI6=aEJ{!PSq{qTBpS)$8)V z=J(e{P3+A-3+!~baR{}Pp8bon%5RQ$WDn|z>-faD6NN5~{m!-@lp8ThH8zN~3%x-3 zWe58Kq-mFMRn^hFK-P$1!ml8af6jAaXMv#01rxYSk&5&%5LXECwP9!td~vCRPqsFW z`h~C?D=oKF%&8NSRQm-CAA>3aJtJ1jUSLI@;QRS7+f=Aahz)!c^d1WaK1|`b)KJ^r2#5~0)QR}CxQ+b=x=OS^T%NYb!301V?2h&l7I1jQh+?`zPX>y_$DYue!JnDF7xnC{9rZ=WcodQWkR&v- z*yFW%FANAc=ZbT76?9ky`*&d9-@S8%9B(W$S~K0#vIAg%a1Sw}=b+F@YR>Ly%43b+ z9D&S!Pq=Xn^0vha1orxFE&UBF=VQ%sY_~plZsPsuBrdmTQvWsS7;s3Xbb%du#V^CdjIqR{jqr8NzIL%6w$G?r#K}l`mRB?0T#X@FqR*3qw8nQ4 zGI=cUO9ilm-*>0UzWf6~%XP@YTr zg{tCkv4Mr(i9U`No)lB6pO`FSi$L*F=eh5BE(+GR3B4e~?H3u=CPBIkaF z$Q*3=EQ2OIEoyKT<+9@N($1$$74E@`2|nfdMFn$EiU8^8B`pZCqey|2SZd?@@VttK z@Yc(b)*uVqCU1Z8@e&9Z3ruUlnFHao(Ir?BH>IM}_0Jq%9hTFT1qX<7ZyyLOJC7_`4Ljg&jrt?jAhJp)k`e1A|R!6EzJlSD%RV!7`fGp@X{FB>?Es^8G87AHV z*%!n=Wr{Jh$ASavkL#^x+ngji*yIeE24g3^ve zqD97HJwHr8EB4TlGxuzD!Dy11u~~sPAttAP0;k=D#chjs0Q`XB@4H$zkBxv&ZEZP- z^3U1hi4!dj{a>lJ&+5Y|MG8WZp_Yp!Wy8;#d&xLrAn5p`4An!LQ2>|q#s!(`u|^1Ul|qG(l(0) z9~dCG4Nh=(26sy!xVuYmcL)Rs&ftR+5TAYU4BLA)|Ph3%f1-F#`VC@bJ>Z*^HGn=OMx6l&;xWdrpK5cM9%SYTLefX%P zlH})TMRMw5;WAGPiG{koq8@}wDotPP^gBxQISxyIvj&<@%QT-RG z2o}TCgJ385r$^Q$08U?}!D!K%GZCZ1G_IU=jsy+8iLRv?U z>N>~xYTd)%O(-XuaEObq&bObG^K$_SJ^7s?0_;z0O=8^}hOxh8%{mzX>rxb>$vX;ZJCX2t_g{z^GZLXicKX z*-1oZ=_pj5M&)yoR5?V&Ctwo?RpTCHcIK*2-0WyYpV2af?%4wN1<sZIzmoE*~}!}6D??W~PhxG=dYIBR!| zqSJO1U{=`)lAXL+{d62Xe$mb*a66;#-F(3Z{{EZprzz>!v4wiQ6KC>i2gI%PGiV-y zVoW}~x6)*>8CLwE?TB>6_v}+;E;%xJ)Xm1pr&70rz`HF})ZPZpyFxX=oyhS-Tidm- z>lJ8HL@;XQ3FhK&T(SCEihtD%M?6)Nq@75c4cvvDSEh5_7v*5kaii0C4un0KpN$uP z8+=SXz}RBGG|LUFG+yF_nGU%_fW?JRA7?$u-v1T45qqHb3QWfeF`j1*LgSmJ7?hc% z>@g&?R6kpPTiLOtQc{ExNKf?RWu~S^bb=-M{a~mG+`8~!IsI0S3nxaEW9NO)a_>Ce z;oQd`Qe3JR`BF{S{WaM-;Fyk_E1`R-o4;$FEF?N>hwzt4O(N%~4UOAbAZ_p`QZJ90 zv!d{@6BC#O0!`5ekt_0C|8qwQJ)kt-pmfVMK^o<3x``+&?&&;T}&3`0Czlg zztM-D5X8*)Eo)-R=;VDNhM9?i<{~$uqS4lA5ncCyOumfZ zxoP$2%ORV7P=@)g46JKA^qfvcD80~60y=MM^s#mhuK$#i+^AtS9#|6iHd$npT`fF5 zxnSAq56eMTWuQj8$sI4-m+fmFPR2w?`C*IDQu^%i^&xA4)4D0t`j)s!Z2T$rJy1Us z3Mb{ds3avo`@VC3cUigm!6NrwKp_l^1XcyTX65M?RWt8mP*blz_xODxmL}X>gvb2O zt)%gC-#CX1@^yda*KoL#6`uVb&j@Yd-H;6x}Xvig^5`?JB%6nvH53H)lO zN}p>PQygio?=D1Y7tGf7CUr9A*ZQfz!QjzIPHJ<2amP6o6nT8({0Wl}{Nja7?n~wK zV5~gMx!LHfPF(BGtp*LEA(w3(u0xlY9BC0)j~%w*Swlx&;)t+@WK9$h&(9jkbtNcL z2%X#MT?vGBidl1245N;ToWIACzqJTQxcogY{eUw2e&$LUtMZ#j{@t$?|h3dKxH>8fka8O$ni7rp2vL6orZ}ebP0^05Mbnnw{2K zu!uz;CcgU;QyOrk8Ci=Cku7jO!juFjQGw_|{i{`Nsbc}`pws4tM%PrSu)KDfsgBs| zom_3UjcHlDrl;;?w7QPy^;x!oV?Pk3ffG%2)BP&8+f=?FOXI_bNbJ^dD=GHkDTSAv zrBcV%&!;6*UD{`Rp+evJ$F~+bRwY(~FZTTph7EYBFn64%Q2ybv&i#IB)4ZrI6|PrL zHC9b=E}0bN`|+0hU#haDXXo|fodv$T)28UVx@n-6Yd|g9hJkct6=a`a*7=EA4PRS~ z)5nr2D+cNno4o&^OJ}5#L*mUhKaXxFTWa=O{5l3MnB4eAqf8cOL zfSgHxM)Hyk+v0ap9zHU&Xb78Fu^-M4Fulq;t@Z4awb&;}BdoUy@UX^A^z{k3R49jb z_o=a&ZqAS-p~P?fo?Ip_xfAgC^EMUfo1)@b(p!k;hqj8)gFG|^Y!!YNv($3v4K+I< z`PhdL)Ya8H);HuoZ31)%Bo}||JjVP4nS~JML_Et+5t6 z5Qp!tN4dwEqSa(8H`hBl`ldAalSYQ6F>HH(Ge^(LDBP~meSgPVk>{HQF99I4NypjB zlpwcV5$Ff7FL(P?Dp6OVEt8`0Z8;XR^G<6K{@m-iVXPD)T~FiK?^FLSH^+0pHgO4U zn=n?DjLgTu1=kM=-)cf4aLk-O7(tA?A;PxDt?dqQUiH(m4#E=jq z%pYGL=ZNlyjhxBVs-{%;OYQIT_tSLE14#~bC{$eTy-L&Zd-I1|r_kTu?FtruN0;bc z-H`|O1it_OpfF`MvF(eNhXze;AdUt->&8!NJW(x$t_{}m3iMFOR`t(FxAmF|orfoC zireyZr#58Qogo!Zg(!NCY#}YjN~#Z=QogZqKMp!MaGK+nZmDLC#Nr<@a|+{Epu;DP zF?h17me;eV=eOk?1)s2NLumC&1N)gTzU$y|PZr1HRTbAUMq2XF^|+QTX{9IvOSFM% zS|73|=6TDSw6#Z;`hL9A)5l^(c@Ml1{HU}|H31-R1A`JGu}Z#j@D$O&gL?n7`T%^>qM+QSK01ay`ej-SFauX?1Jj*sd9eJowV(st2;`t8piueL~}R6 z^F$)s^D@u?ys4k7#}P8izdCX?fVuOmra#%_g>pYfnsL4-X-AIO<|Nu+{KDaExo0y# zJ|y_k_~j?N!H~J}i1lMHJ`mL`^D3IDxR-;60}ze{OAH6Zo!Ev-ucNd1Ie{~GaS|xL zM*Z|CE7H9%a`#I92uYy|MHr2FU#B9jy!a`ID!_sZ{*#zyAp5c;UPt>Q1;UPu!_2L1 ztV51$)mKh}lyLD?%W-uW{b&)D0zoeguo^C;iA}M>aiX@Z^AahLR)@LpFv zas~k@^&>-oP&f%F*4-sW;->nDwt`zy+PwG{hLTTHi0|+%%7g(ENHP3lbI?0my;BBJ zN-7;0Ho?(*GAmK&0Gkp~v{u`U+s{fj#_N4c;VB|(DD$RWEGj!sw$=<$|CmvS*rsHu z7~sJ{*DRlUGxh5}@M9|fKf|aay$$`DR|>e;8oCel?+>>$MLhtbQe!3zU6TbUJNsH! z>@+Fh-Q8-&%g{8t-utZ0b7o8HG5yV)Kus6gL&&!U%0H9;^cV3!ldydOFo1OjV*eFhhE^jJ~8de}FIzv3io^nF6v!z+{1(el~VT7;>BK zbUtYgm*dV!Qlg;^a(?ied^jDU9X9ySK$8f7v>u6}IUloq;h+heh?m?sScU&E8Gz2C zp=L?0{prQX^{-iuz}dG-GO&R7cG55Z^DeU)q}Z3H9b?7llEX`p0Ho2^JCmlrqeeUa zc&9s)dGjOERddnd`iHB}Z>F_vxgFQ;(Xhs~1H`?#`lRkYC7=BVA)8b{#rY@tfUe#m z#2BSH|KCF*Ua;qEoT~L0FGw{n2uM`)n&Y9Ipf`!`y~bzEH}Db}#}`&*qaRdMU}*vU z%x;Ay_Q5E=!p-%E@zLVk^R%8UWfr$Am;ra`sb??-0$|u9nF|I z)$Z9Z_2F|QnqTzp!?yCWeYgiCk=5~b$}#1% zbkN&gztEZYJrg{!_jKI8Pgg{~Nwd2tlO`Q$WK%SdDsYtvYXuI?SF?}y67zmBXAY!A zYM>55Ll_rOlSHy^qn1rKJz7OMDQPh1`1s!1Zc_F;?($y7I``q?o$_<-+iuyXu*^4t ztJQQ|=@f18>vOSQI)=LPnwg2;znSPny|?=!Gl6SSV!hrdu7b4xri*7%QpoSVUEyEh zW$=|x<3~k8C@TFtsEjQkOH^ZDz%ptk`zZyd!j0JD2z5!8K1b*mb-H|^M8~Fp+nzQp zmrAGv#?+jsPMUgwtx&*M;oL5%FH{*IJyNOxHnXQl1H~N_I25gsou*GJO;2@+2Cg1> z1T5_Iz&fBO>mpzIZkUYH?RYuWlF!x95q53GAcqo$X0?}g~kJ` zIRqaah($z%V6bT2M~MINr2+tf3MR2d{F073J8rd1X-+a>lpjRkK#M>Oe~lE$CWF)_ z4)I3^`Yb?@s73yd%nh-w2yeegN>7A_+$4p&ScSK(yinc{XcJwr^c3%XuD=K&uhXE! zAKtg#;95Dt*W1xKoR@f3bR4N+nDr{Ty`wahJJEPqlWSS0w-1EOjDs9q=y-cUj9!e?9=dt_7Z>jcUTZ}D>3=_b-%?D zaz@2A2*N!kpq(d}MMX|_xZ_i;XXWf6pd#mB={ChsLKPXNCF80N&q9Ajq3p?l@P&S# zk9}~b`=j|O9KQWHlr_jS(T{S6eJlABi6IHa7**l;Zep!$D|y`nJhM@^K9t?Or%qRS zFS9T8N%m||Gh@U#LFz0$Eu1i@-ySN<=s-%#ygUH&;8~_6t3@RV#s@Krjxj znz`knGwPKOl3W>d7W}2WzArqwy2%89x2yGd0Ac+X)X7zU z?&^Rm3_m4g@2O*+Bl{DS!t|b7i)(#~*c~V;Q1%2@xsRLQSRRbMqEu=;9wtyZ?%q#W zz7gY{&AQF$30=+l(lhHzJz;J(o{Q*``s^ZafjB%nX8zbMkV;x8KfeBON|3CnugbC? zmM`VQdDyPsHLD*}R)-lSJQ8R{QgwAG*MaE!soW}wc=gLSX7k4lMS?N?v6(A4{S4vZ zBKm{sCKn8h9c_&^UaUxDNl>xcWbL-UmZ7vy1%RpZ79KF7uEnO`X&ux3c63!au?a<^ zCPMr^DO8t~kpz|%7Dm!j+{tC`aC@nA((K0t3c?|dh@2EDx8N-?41eq=_PxvCjrUYSF_CxRw0F!Eb`kJoooQ2bj zrdouX7&0J{rz9r-JIuMt?80hJaskO~Z zNbHL4$7b|nBQ$N^tdrpwnY~`;HY9^FDU7z6jQp+vxj)Gl9F}{%E?(EI3M%!6 zR9!d6FG{qo$4p>;B@ReH*FX*JT`5KHpRo81rhQ!98$dkx0XLp~2w~OaFq2oAk=Hg2 zI=XhzoRsm+w7+-UXRV7ksvPJ|0fQveNr>kbZ}u9ZH+0;{FLpk}w|}-G@6(m5-#njM zSSygKjbz0b_A$32HWs-P@#W|x{_I}jRZ4J~C`4`4{l!_y=OK$LypnS}Ot&>*KBrK~ za|_0{obQSEvxCiaqnztt_UIq#=QlJHc&xTiI46mUB6bkUL1j{4D~6>Q?zkyz6kzI+ zn3?(Gk2Np96bNrEX8Kg+SZ>PEQY7*BR{N$KdSz3aM{5POM*wrXRNOHyHq z=2(qN-9~TvY^JtbRQZJ;=BAJDDox?Qiz^n{OKqU+Ujq&YZald{+_%R3B)Ge3Cs=eT z>*y0tu*Z5}8te_YMs~Wf%GAl?a|i>-YD&jFXJ?M2Nnjh~aFuYEgkKNb*I#HFkDXZu zzj<7@GX`5F;OX{U#jEYCIR)mM{`k{b6=O#b8*GT7VSPyX&KE?^6Vl?3FtEazlM(YBXI<k_*(^8#r{f5Mcx3d%UJ8*Ds zQ52*lKK?(kAO%_!8nmq@3kr|4Eatk}^qZ@UzfppWGk3fj<>270p~)z@^fwsTWcZH9 z^lzwS{?>i@+v!!MibiS-wk*&UGs^w@K%WSs!&&8gA?+PoQ@;!N>wx0?(Cer0q)wG@ zH2v=w1zU+fo!?RhUW8$XyPVNn9Xd4xG4ND(N3FFBQxV69Z64Rk>MEsfDRSTF0-0z& zbShW)t?b(W4JdM!%E8X(NIyaqi8#}+Z`}mz*ha0rsC;A%kB8Q2*f%1YzS6b4CxI+u zIE2}wwrw8m4`%3Usw@j1*p6@dWM>4A$Y6vf89=Nen1~HRV$|kh*(0|4myfIu)e-bT z3b>-%4GDT_d6EJDD86?U#GMqeU+!;fo@3h@Nu}=jKpI3yyz*KOW?h#rXA_soXEzpN zFInXk#iQ@c1-;}+o2~5R%S@Yol|KdI%z}lnO`n@V9~GmW_F~(gU6Etx9v{N+%NNL` zjug`FL^r6G9bC^*J{`9K%AWSfbM?30o5y^F)kYK-+teIqlN(EUr;R?mXaX+H4IWC60?67Qw2^weOkAC^|~lj1h!jqAB_mN2=rW z@XF%@4L@|w|414ISb|C25K$ST#Wti*1d0G{uB=5`1DVl3)6W(R+U?VIp>rSp)8wm6 zu?vkTv+FS_Ib&-cb|-k+BT~@-)_X3MV!JM1kyykR__#>qX8I0ZqG`-M?NWF%#AO|e z7`(7O11O2(X*Lz~DBNBx#sRdYC5J?$N;(}C*`qR=Z?)+>TXlg$v|PB0KC$28+z(1U zl=!alLIvQP6w`$wkOpWlsJ zCIH#RKa7YQ;#AyP=d^pja>O!{+a@TaZT@0E;F_&7_#?ipKY*KG1BXu`_2K74H$BYl zO!#K!Y^;d~V;@BIp(!!-hjxv(8?x*-oCnIOFD8?|NdWysXtHW#Y_)A40YPQF$ty2X z#@geKMISYlWFAkZx|qx7>%eV4Q*LP#lIBYet7D)+*-o~$-NP-QW7e&+!?U+PA39pd zTz7m!O3+fbzZ%Si)z0_!$ zkFxRRd+l9`Ky#AU&WfVXpT>yM$+nXM>ei%p9~tqC9QO}`_iZXc9gCdVzV#8sEh+3- zgl6h)gUzngmVuTD)sTs{P`MHC6{|9xbx~G8+TcZ ze3#Jq1~}U8?9q!Ge>6`r>Ndfnk_+$kok%hc4!G4fKorW+o@LSYroRBT0KYeuZQ~nV zi>hlyKd^Ti`PvpsBt zWvzr9JYa*vW1v~Xu^ek~Kg~eg_I6@ww%d?5*cGA9HX}^as2iCkUJGK_KTKXYv1HW+ zsQPD&Onq)v{X+tv`nnT|0OSB;vqu0*D0 zAg)2#+~0{3tK+W?g_A)K9tO`>$I`^b?{xVQUYt8Kmj3O3KrUNd*>1<{OS6qh#Sucj zo><2uZ*(3e@I{D^R89j?xV}54zn4z}uOT^|&;qH)&I!}FyyD^y9|Wj#LQpO@Dy4iU zdEXZJB%>OWc`@u(R+TK7QzDIFN&9l$Z*eZU`4Y$&t88>n^>YiFV?&5;>D`YN8$^oXmd6;ZV>h4bnyQK9T=cjx4|+gMIkncYID277|d z#TT99NTL*Awt(H+@%B%or$&O=AE>*c9J&@31kxz;FI(UWV8Mn6LH^jbZ_vm+aHhUa z=y-20WA1rTw8@H&@~-|e8~irx6hH{!nnXyXx9GB3)y}49nMV92+4La3Odp^k~)Gp)IY+^Q9Ce z<7Okq!1GKr`)ZJhPpe}4$1Z!`K#2Baz+7DRqf_|#x33W@c{13USsw_%{#4{&eIQlL zZu6(mCsZr_D<8N(R(Rj=T9_pIL4CEIKET6IBYEXwZScd=)f!;L=Tv9RrX^|ID7*Kk zzH678>9bbaZJfa4tt{pd4DPr{t4{3uJC$$=UuF|ygV6shPL#byagQyZppQLjJNY4{ zCW5Ifnb%ZpY`IaW879GxOC_u35ZC#=dLDO2kCv%;#E`x*^71FxD;f0KMa=ou-r4F8R+}*d+9&Y@j9< z#Y4|r)NGVjB(N-}>d(jY_Y+J_L_T!hPm!3QbBuhHeS9x2hlj9?E~y7JooVpE4W|%i z*6WNp9ohJbmeg9QG_Nk2mW$?0$#&lW%y9Ew&v5oxf2Xb_4nyz*=XY`dH=!2OF=*ew z3EY)p(E~>0y$RaJ>t~B;)TJV$U4~9pC+UY7-p$b(I;u@L>welLzlr|ExCM_9N1A8O z;XI0B3UloMb0Vzp^*dre2MG-s zE-(ODbo}q%AZi;(8Q^6xqv-m@UP<5)Tk=+ZK z@9r<8G&qFZfN-gSLn5cx?|h$KCh_H5lw|Rho>>Fko!|Ypuw@)C*9F11BVWg|-|g)4 z`v}g3{a6vm>M2xkL78aNq=B`uI?UH0*ZZbu?o5If2Yw!&CAr->1n|~s+QS};{U1iP zM;NOIo#&Fo_qm)NwglT5VYa^0qav=#_P&;yRLq5g3q-w+NtIhq#Q4*74t@CTv>oLn zdVKUE)vPMX+YUKxHV{I%7L*DxOk=4M*|2PSTJpRSEL{kkwz}ai*C#F3z#gn@cSX8M zX-tCuBogv6WQ|&gCM|eURbHKS4Q)&z@maBwj+h5#gA0sY zJ0TN{b7YnWH(-EJgT?eW>hJX_?|+u1WU3TTYtnbA&@JLc6ja6!Azfs6j$Sb@jlW378u1S3rl zY-hpHt`C0W=0Ob6$&-AxT1Rguj`;Evn1^IUtL?Iq6zOj(Eqk z(jPDspt~;h{*89>XH%PQI4ieBkrPMIlVophM zYptZ(GSQE2l{}X=oR@sEU9lHnfT!jfz#Vq`fW{}%5TrAXaI4_jdsJBV0&WznbNG|kKKj#U&v1dZ64b{yXb2yByi&gl4j%h0!xhZRW==Ow2+w})8u;Z-*cKhp;r^JIJrAF%|6~m=d z%1yhtPhGTE`|A{@B-m)Qnv>qd@YOW2k#YwR$1go0%ol&))6Piv(0^0~UW;VqD`rMC zK`Xj^cf03U$>gZ~uml(BL~Yi`vP_0T_BgtFaTR2=n+Z^{O)Dv+n#7FT+fhgV@|v9d zo&tiegf60Bz@KkIut}lQQ=~$gL5UUWgjc3Jc5xGD9`Mth3!zK|nU~rA-33ib#eJr} z6FX>?168+d2ESRs)t)ut7k%Te-n6luKi1|%O6Nm7v)CMX6KIwLKV~cHNUfB~TSc7cmd3)_aFzTz8CeI6d)= z2P|oai5}qegaqX7Xp-Sv~|IxN;rJrpN2FT_gzEWlqF4J~MQ z$qx-FwCvj50VvBPk(-hbMMDm92!+b+QaBP%v&UB-uIW<6f_oadPW5x!cQ95M%ZsUP z@|v&$yOFg|L?VeRPay&V;+>Khd$+leW(u6(>Y8yF9P0YU0J*$;wP#bVXpKE3Ivjun zkJX~&9!N-BqajE|TgH+EkHPxwN2l?BChlxetmjlQ1Z-l*{;tB$u9F$dHV4Aqw}aAe zR>3cCz1VSklY}zsv6HWv|6TbQJN%e#Uy^aU2h@ZT<~%$@f=y7B|LW79YX4*4l=%=? zdi{MGdj7yr99fM}W{Lb?(J$RAY4;lcefM@7Tkg%v|K6T6l!pE{v0t|l$r@c9|91SB zg2$nu+#8ZW%0YUg?0?EurQ@_PEbCv|-j-20L?neeODEK2)!?I0t)_MiXvWba49)jz-cJHLJn{FU;*|2~u&`s~@W zs3>Yyg07L#*kw~4t#%5rxy~6wsXG@R=P|5{?NC2qStj_OpBo_a^3|(EtqYefO?J-Q z)R2~uiES8JTwKiQ-5u}d?H#YqbMD+Z%d!Ik?ZvMB_wV1w*9ZT){rpB|roFSX^Qlt} zoijT~udS5n^4(M1T-jFTYfB(RlYP(|R5UtC!E$FmIqQGi!j`8M3vWVWrO#o56Cw%e zeL=jN-sLB>U+nl0yp1iIVrxZ_BauL;5}l1Hui0t{RQZ2z@#Ypc87ax;@y)jz|G6&z zTBQ$TVd^}W92|BiD<@?^Mj+Ly0i_s59-*N0gW zBqSsP0|P}8rUnPC&!1OGZ@*G>?ht*1O$epUR}eXhiucX8>f3=YQCZ`-zwrp8t*QI&f_rX>2GdzO=v+rE9fqGDxz z3|Hlqr59;wB(G1%ieU``C~d`9_3rHcukCfg{h67YZzCnu($X67C^Zl;baxRK;*Hm! zB)eWzw7fDmjBEehUrE==&GDam^{-Faq<--5Aq54++RDnV2-UBQwg;`&-)Qlk&okD4 zrge=v_V%s+*@&$x)6>(>bW&aH?Zd6R4ka=QCp5YrWSjW-pV#%z9nT%cj(zX$ZcbI~ z@9Hw#U4@GciqBC;AE0A&${>A+1O+08n#a~k90oUWgwV( zmj7NOiEf(ce;+&I-}X&TP7c?{gr|Ibar2{Sc#7UB?pSs1*eiXyj2x`#yCN3k3yo;L z{hfMGu+Bu6c!pX#7=m<&CAP6PfvgLj8}y9UqSxk$B*ydzjHpdHT1Tn zA<*bITp|7YeExqIQI~^@i|hRP^Moo(SraQ3WSF1h;|`9FJ$-#G!*e&3_Y1>*$2A1A-nwPY5~1qh=9XJn_$n)_ z;p4~WuU?T8@FuJScdVJ2+4QepfdK(23V|k;mNC}G_WZ09A1$|2gba?3er<1`n;&h= z=}pK9DJv_(eZ{IfIXHa$_;E!n8k_aDq-1t=9f|C42RG@QtLn*<_0`qav@^F6aI`GX zoS7^1zwv)V*K!XIft*|!-uUDRccRvEVOfaMIv2L)+qZA3+;fKyYm#2Ga&U04v#T9j zu&fN~{rp*(cPmv$i#t}7rm?B%UW2WfNM~>FMqjzVUe;o;=E-MzSu-;;Ub5wRc}I>O z)#rbkq>=Hqv@|O#>+6>W+%U92W_kcKGfb~Oi4*8cImycJl%bjWSfGcij!o|`}fz?($8cW5Uy(RIyyTG z3krs)$ZxTCITgjl#VPIk*xKsqXLJE!@ zTRVk>gpf8FT~B2h;3^)*#dTmqDEEqqi<{-y)FKK76%!6yRyg+*=@={i-}AISHM_7N zcV%%r?|l9J!C*QcAi4`?ULe(ma#wr_cqZInYw z;A4nPOk_=Je*N<0ddWi1K}6?pU9{;N+X(y&&9AMkH77~^?#dh1m$;#lp(n$BJ0-;e z1>DYV^ia-L;~qA)w;rP!8KH%Rg_Y~`jfX4OKex5bX0bgyYTtrA!}VH}U#YbfTbQ3$ zFl^pIxSElX5gU6(Tf1e9v-J4Cl8i1nQ`Fb8%dV(;EREm3d?8y3&FRev7QA%nl9`AR zckIaMXkl@2(!+;XVJ0S~&7<}!?Gs)oTPS8?i9)gJYU>!}Ll3!?DQfFB z-v=wvq2Xbi_Uj=btts+`0OKe=Bz`aBXpJX=x`7je(I-J+q{w zq{UmWiHVL(85tR_?!T>dA0qZ#p7~K~T@!XXNist9NltHa@SeAC-}3VE3OqEy!QqYT zZf`$hZXRv@;O=c20&a&TEdJiTl9H0HuCAvU8Q!#~HW3-Z!ou~pIS?7=^Si^s!oGg} zx+1_G>)_%-`SY=1*|Ue4nfcJ6%+}7CdK^Vgg#cp{lSsi= zXV0GPDR%v{wA5R0vEyfR(pJzOaW?1KfojAIr>K>ZzyDucV0LzP&-d@*;^JDTPxt=# zf%Li=B$zzWTlQ!9SC9O$V`pEPEFmHSZu3@%>SZwy?mT+*C^c1Q-!23lPEb@-A~D^J+kD6frWSeB)h$g&KsOnrOx>C-2=loW z4O$LaaS@T*)mAUfO6RdED;~gEh>a}$%-1G`lc`J(h$XYH4{7VV>Ihx!=g)dNI&_nj z!RH<*?Yq-3g5$_Z_0jgt_3NZaorojjUt4!>3(-f2n3d$Z538L&KYX#{*{|<~)Rq}( zX}dW&wbR>0X^u)rEX~hfnIEC7xc?6xYOsAXGGa@5t?kPfasTD%oV@LpdwkQLK7Fc{ zBzf9>^&Y=I@9Br)UgK?7uM*gznds@~kN;K%yd1YdR8&OXTtC+Wkpc*X`6 zxI;QYwVVP^o;@q_n)p0BJ3H2z+F#-hc%)`&8C-Rh1Y8Dx`8m^DR`#fMGZnx=PFfnJ zVMvpV^tgsbqp@@6PMk3xAD_0r1?A=P2M?a$jvZ(w zCnFoMye^jbvWzbB>eZ{!d!>+`y^%#U9!_syr}`^{amw+s+KCexnVEt?Li&6RbaZqS zAtYPp^z`(Mjk|ikzkK=f;X}57SGRB9j*HVbG-Uk3g&ayCAUyf``875cXJ^|G&%sfu zPo!M?ZmM!)$L#Ix#S*8-$H#yFrc)Wt&(F8sx+wlIJbb%Cj~u|vsSxg6I|BbM*PftB z(_Q)5yth{WRAvWqh=VxWy1klOSme+xR9pPMmmoP|WNb{3Hkbc(t*DT^yt(@){-kCf zH#a_EVP_{NFL(EAuZ+%~eQ)J<`SNAoYS1>L9E-rkvHh{?$a=hS4KJoR!TH#tmvzI` z(!I0xscbgNiruImmXVcR1{Ve9S&`RCZ-4jh9f1I_g7Zn-TtKR0o@AueO-)UJmDtHI zS^8V7yC;Xo*MBMmZ?2CvCLmrrUzv_gP08Vm37Zx@x3Ko~JX#RHBA{Ju-nT7v7t$u{ z(F+7ZONx9{6qxtVpFe{&9qctVql|^_H;$%$@TzTUa%z8a0;d8LFE%zdhD-6R8B$pp zDtcwVMnXYR5ug)_-mV=A`g<(NsY0)Bnd|Ajap{$1ijwe~w;h+<{BzO8<$i;$P2S2L zHoJXp0~_Ro@%;gWf6^w|5cR;wNI~FVAF;$^=j&){{fa9$*QS!?F5}j@n3;Zi!owS@ml;mV(ozl=SDZjFW8X3Gkck;l2bY$P! z+S=xa5>YjS0R`zZV^-sBX$wD_|NbiO=RR;??(nm1+i9nNlpf{f{kb&NiO^VoE5H5{ z$B|Rcr>VP})sj12!|0{4`*hclbvfW}zJ2?wfT-Bm*xXK;n6QN^$7*EE+8|Mv_|Dm2 zXY}+wKRFR)l?Q$;;rQ)deEhH8vd-#i5|Xpn4nO zYI^!`hGqg1Hf}B#_lxttjewm6Txm^~3$G7jW@JR#aYdoWKGfCKnMdx$jhYl*`id2K zEO(=*s3;+UdD>V-B}A3Gp{2zl|3Y&^+#&ncl=2JBYykyTO-(|4d=9wulJ@E-=EF~( zJVAju5UY;Z;nhib=iDRtt{wOYbz4wEg7K3BCnqQKVGI20G54Vl4<#I>*=Y$^TgSq~ z!!66NFkYetMBZ~qdwn#)a(0-Ku!EXf4!;Lj_p>#Xj_^ROGk%G&d2G*i4!Q9 z&$N?YNE@z=x2G#^tsfP+?&#p4m2zw~!7}JffLRmp+~P#X?0ZQmDLPu(z7qEX6_We+ zTLT%fva-rs^5CZT@86I5UZ22&v~lvJy`5ddsE4Lzj z6CcM>_%qWhC?vGL`SG zWW%hvW1klk7`W4zA+t9(zk2yn=$OF=8HKzqvU0AN++=EvJwTkAV7IXZ&Wc7iC{*&)%r&npDfsBM>7&&?ikx!sX% zbeJ}L+i&X#)%U}5vYnKKtCH((Cr3PFnmoI{eY;>~g{)yPR}+1Y|ZS=rfBBO^fW)H(AK8>qqn5n`+!;pZc~T8zjcddrQ-vBT3T*5 zj-qe_Z~pov9Ir8`vr~E!r5|V`#_YXaprHwYjF zgSrcL8-?d{hb@#QF&sN;_gb2CNtm-}~~`-1C-&H?U!qoxwXANA_x zOBybpZ=IdRg@qaI4!NbkSvaEteMz=r-F0;oYi!kQ;8cjfE55-;6SW*2!PcEuMs`Ql z9z1w(cJlpHL2?>E+EX@`EEdmjU(5CJ-ha(sW zib>1QXrtF=d2imBAcF$P@1du!2>9b5ZgS;{tXBUMDjJI6DeZklKnri)Tyk+?imC-4 zG&1`0IYX0?kx@-etu<9~I{^r78v!9NVe?@}gennb=O`F?e|dfeZ+{<3tA?-(3d*0tzSUGtE zT8N9w^6acSeomj>7>-fI(MU?_0T=f>W}&A?FGP_ZK|&BTdVMP*Vt-ux*JIqVEcEm^ zA#RJ~XRaw(UARyL`Ui?vt*(G-cl2mJ@-G6+GHCUnxOf3j&8+?j6_o=bA}&9h5|Q~q zt!L94zJB#?xOj2~_{D4xK>*^|H z=mBc^%=~B=o&z&h+qdib_3NmihQ`J>gXdA8MJy}UaU8&umgnZ&-P{J|e2;PJh$Lh_ zeTtpsjVpyJb1IH^bZksTSR16^+sku6^>MtXQDp(_pzL<%oj>W~BEm`SWNXW?XU_r@ zrKTn=ywh{6g>nz?z@@8@j(?PTTJMx!QAJ?>?#>@ea;>P|=?MT=TzpwoRn^v(Cqngm z+2!94j-2=K^h{HKlAT>KwFt1mX_Jvf&wzaz5DkyGCqqi z*wfUc9P@jBtC=F3sygzK$fjw^Y4iB9O^ak>-g<+5rB75Y2U<+`%0^ro)fbfg@@?e$ z`1EVj@U2%Oq=R%MiOaj|zd-j9h=;17v`SAVJA4y-TKLD9%eqmv-Q<_j! zRW$%i#1dv+;zq)$`(O`cP44sOe8zQX9PlwfxBBy|=TBYq-Zp!V8c~ql$uImUVzmms zSFTu;`J8r7;8F-+VPLoc9b&x`GzVCWl8m(W{lvt?9$u}hv0K0_$iD*dVWFXeril+9 zf;QAF+&ui{+c#}>^(s-Cw}ZLHFBt{Tic3ieehXMzoZzH22O>B^GgV#f*_CVUQM%q+ zb{R*`jWSmKk*KvYD2t6CvWt(G7a2iXRux>mM@?=^<*$MH#)QMenipCg zMOb&Gsf0t813eI>3DNNj4i0`d0<~<`kxubA3Q2qV$@utqmN0Mad5XOPLPG4aUJhe{ z;1d;YgQQ{Bkt)IRN<8$a-*j9GFH7=W`ztnP%6_9$VwDJ*Si_VcVt!@f^TFD?;8?&7 z6a+GI^6LFI$T+?kgXgbeUH3{lUA5bX@{eOyr{4|msoXqQ&lUWm++Rv)4;NR?CyT|Z zkFf_rLPF#!e;e|Mh|t#Lo`_=N7v2KsIzkf_9UZ!b19T|N8r&K;7A}8SNa#j{+Bu%jbFA9Nc1OoI~A{*!uiK(ZiqpNRyiPG=qSE|cLlxK01jGCO%Zc2HKgsW+3gF1>E zPrF!YYVO{>JCII6uyS?|L{h6QM3zcROIu+OFgNdovf_K+9msh2=g)7wb7OAOro}F= za&nA*j0{wVpmyaFqH3w==vo^a^@VcnTRB(MSmbM|SG#>52I-I~m&e{HtrQz896|x?;8hC6@ctsZ;X4LNqL* zk4s8cLU>aIK0|=4Rd1zx-`iXM{JBFw>sYJjw}O-YMU^_ zJ!$YXAD`uZ8D421e^86Hze@om$|@>Q({8iNkT#2i(Qy$)RzpJxmmkvanvg2=EiEgt z1T1IJ5+n&p{Px zG&?{4skJo+5_U{XePs-`m?xnz{mB!CLr;})3rR^y%pzvb#RDHTUr@y5Elqw!lTbO0 zhld9!&ezwsst{3yo@0N&!cM}~n!#hfv-@~>$TV)?NR2J5;$I^Bm-++$n5(MZxPSkw zl9H0X{+^in8sQ^|KaitPcw(5X?hK65TlI7C=kjJVY^Iv{xAYh(rMRH9^ zS6{!(Z{dQuIY&ZcZIYXp*N=C8`LA9H6Rc2CAnIu>#3TNJy`v%{*Z%ybOF(V1C~-S3 z#N^ujCR97~D9bJXKQrifpg%Wg3eDd2djX|D8t4p;Ccd`Kf{|e5FRA3r&+jbC)bFGd$I6Qy&@Ox9@(NJY;A0Nq}`!ej>Ha1Uik;N_?U!Dz| zL5Bk}zKGE9#Kbu>Ga!P+9@ol2vG3I(+iPvy6Aqa$ezf&KJ;APkQC|L;Llmm;m)}21 z570+^@9DuGJl9v|Ksv z?@=yMkFHxkco9jFto3-8pyAHqYdje+sJy$dTUf^Z3RitAUc zAKbtH4MlUrV-?9oPhTH;3^2{fXf|?ByHBI2r3<%j(>_;zuK@@TX=LW~wu1pE&5oTS zwBep}L$&DALnd1N`&TDbq5Rb==j!X^1On-`f$?$Q@wWZU%n87rojI1pMMZ3^tbV?} z>@pr?>xqrD_q{wkWZj3z5*i^4`7KQvIywp_YfBwD!U}~BLDBj0Tt2=;A$1G<0Lhz% z^B9X!Aq1mnCF>1n4tL2X!0f>^Si6G4;~l*%=W?sU>B$wpy{({0RUkIuFUQyC;=;q zi+hc=B%`0$oo`Q0PVP|(`S~q&bz^O*?8=gW*1K=r7uZCM7L~7S1_TDy-(uB2caE|q zd}?ZHP=cU&KR%vA#^XbKdwWMmoLV~YCL=Sml$4a>mBpKlqjeuX00)S%&;;n3;P5Ln zLy4f;ZW5oHmp8Y(3`I(Swy3P6WV*ky60j517zCXmiWpp2IV4jcu1xLZ>vEsb2~BT* z|Ni}RgGtmC@W$liWVl0&jg5g=ot&J`oN0$h3a2G$5z8EV|y zi;5)i?_6A|B_+~giSL3ouJA3uo`9wuzy7laiHUX>E`TRp_N%Lu)#BX~bY?*3kgxoW z8#j zh7BZN2mk>Jm5(1QLG;C%QZor5X0P?YM6!rCBC9e`*+CL>W8W*u!NzvU$?4HQ3MzSd zHhL&@oX4cmwn3NV-aUpi-H#XYalZh5$WDVby1a2{g6U^{fp!Hjmm=f&EInOCN2e9H z0kH%L7)w|;{0yuG!rm>&R;Z>pCujH=K$#%n?%kV&Zs<8vQ$R&uhC?`j9g6F-Drl2nA2c;ISZM01u5GK_+VtPECl2Xs43-rreH|TpTB!XH zky;y6JBzGt5#H%APP}6miMW0Hf>;@zDHeef4$mDT24--cTbHdXo9Wn z)7P*20G4tr6<2nXouIg>H*iQRXmfEwf5m(o0XmfC>C+NNj+`s?u+z|>67s?K`Yrqf z*cM~CC1RdwJ(&+&T0NjxB6{SAJJLT|fec3!l#RZY`H4tuJX6&`*P7Zd{| zkO_AIg082hXRrtvTRE+*t}aYF6T&*OWt&3*0K3wDQV$5GEA_ZvEI2XW=Kw@mmU|RiYwq z`{r}R=17%@gt#~Z6O*j8w6C9E#?z;e%c(+@rFSM*Te0ljD<>mUSX6{wk{8FVmv?i> zNj@IAV=h<`*ROr{_*}E&ott*X+OMSfE0dopuU@B!pxHK%f3bl+g6F`2^Ju_Br7Afi zUhu2Z=hs8n0QmXQdE%14vWSvQARq$?F-6r6^RM;1zk0a#lARc9NVTYh1QFJF(W2x+ zBk4z9F>OJNaJ9i!ij6=9C_4us9XU7>$os<2WG|CX%ETDe*gG!{9mo|5En|kqM#6jeFZq2C6Pzo zMaKs0mrL5s3jN&K%V8-geSm3$cr z0IEJucs+Q=%9JE(4K|1r!zJ#}_R6$)Kv_zvxT;ENC1B#sHds&^Y*BTx?@FD6s16W? z3W1cd0sfXM?@vK!!}21Pp{JpCo81rI4(TlvKkPHiJttLFtK9ryK0^itf$jbJ)$ruW zLnt>wLQXi$0Pp)^)lc4Lzov1Ja8)Ct<)MV2v~&r;05-x+jgqjBo7)BriSzZh%RNS^ zesCmeJwtX)PxqYooPkvoNU6w)8uD-X{MiFqQh(52;nddf9Ie^0afZdG7VmtIY}ybJ zFM};CIJEUm1Ok*%1-F4JgfukVD~L#>w$it6-)rpyFj3dix>1V)j*rr}u;655^xj@>0z1h>*3=!rr* zsj1KHZ;kh?t->NR;18M#+7h{DW ze*P`=$p|iz!-o$uMUfwF#Ib97B$HoW9*7VDMGQHAl!Sx?lp|T%eTdkAg^h=iQNpP! z7kb9g#3m#_zS|YgJ(vYkEJYIbqQ3@qv+}esFE1h{=Fh@{X+?mai3yvF+rOP-?FV)J zCaeX-BUGW9MYi0zDYBnFf|i!nR!l}pirJ_eog}8i7G}D-ZCza@kUWuQ!DS)UVqJT{ z-J!TWl<~ZP##pDszOdJqlPPIv7U$+7qN8htNw(tP8^Kkuusj!^SO!>`{Zo{cbrCH} zn$`E6KFOZ9wCcvx_Us^|k9eA$9i`(3}Tm;T7+2q?(AK~)hniPDJnRzn3 z-HKLLBterm4lU!D{#sS;-M=e!`CbC;q~32U&xL;4=;W%qbe;1>)8V$1C}olyt)=}wW274-Q*P)LvQjoFfahZyLd6nSV;Ty>CgjAxvpR&zn`L3 z;#yCij=rmC4OJO`2n`Jd#W`_;{MOkY`Sv<~eyhZ@-Pm}7`wY&$sc90j9^T^ZE#b04 z2_F<($$)TSD!j=tJW;i8^78lv1m0IZV+5K7wat3@a@x!p9fpdE3N$9bK&L_f()6-s zAHYl|me_P5zuQSN8>>CF8{fq6ToBe!kT@DvJZ6vt8H53R9&b^Py*!zTQ4py zMm&S!qa&rKch^{`C^y&5(^FGh`$C>E76-TkX9`&oK^7XAj{+*na*Q(vJrQ&|)Y8!z z1Tn{_N|WA)XD@{LR^-P~j}mHIu~P5~>;Vw7B@Vg8<0nsSkno6--Jx2glO`pUW~9F| zPitwxf|Ktxp%-Av8B+|GA?OPK>F4~y!o5Y#dljzeo0|v1r19VZO91IjSQx=$fru{u z`X2f_-AqI=XuTvldgmiU5@xI%R&fn^q~sMlmU`$B6y2H5ftdTqqsQ^8aFeOa_5d4P!~j4l_)O4RZtG-TYzyQ+%+2;5aN*Ennyk0 zbKs#rWo5N5RJqi9ib+9jI{_Zfs?=^}5b#<@6wol<=s5V}TEEJ7G&uGBxdq7c@e57sP5D zFdnvUiuKY?Vsn98jPMxdgFpSjsbY4K`T3r>=0Vz_pz6pD6?S%ZoPVCU2EetOg7Ji_ zxMoQ5==&kFvQK_=yYmyI8(S*svX~vRaZz6)V8xAaH9r0;`l{hHtfXUm2A}W*Y(sD5 zgqqq=j=Zq&E2I{^tS=}!1Ni0vv{MeK-Fk4;o>n1!=i3|GLa7NZnrXU4F1?YO&k0vM zGIfAj#h?rIGf5JAbuc*);Pr)?8mnG_J+7@EfQk%#S^*VWx@@~8CxlJkOLybqpy^nD zq#;y6xM^*rBjkEdogJ5>@cX+gd`pV!hz(f*A?oH$U7Gzm8X6B_f7b=aMhh#ngW%c&Md~ZKxM$N89co8l1B*Ad zr(h~W1j1~3t>1EGX*I2?aR7QLK$oBb^L|CeU^v3y48&OrqnP=38%tgn@YBFx1eP3t zb2|f}N136AR+PQAN2qFOYA!4;0yhxtLTEUQO-{->e=mR@TeD*njvJM5+S7?*cKA^6 zUKEk3p5ouAzi$n4DrC(>{`~!2+1k=__Lk;`&Ja4h0QP9JJ$y*TNRLAX{Cli7770pe zpYD-AC7;9nTCe0qF7bV;5a5PELyXm{>uTDa-mg%iS!u$atnYjq%M7a>&Y&)zL1YhO zgsR&U(Soq5%cYIxSGN>BMs8~HCZQkn=o4k!E*FUWsA%RCmHJr*T?KbjMCc<176VsK zZ{Mi|kUj2o#mkFmBqCU0?cibMf$fqF>I{du56o+CYpI$6=hsm{al@*Ha)QNe-H z=_Bar=>ewCJ2>oEIEk>h3ewh4 zeU^^_78D^#NhU=F1}b7t?Z5$*GpyG>j?RNzz_X_8&m5r&^OJ+Kv%L4@7kKHUIphu= zw1e4&IJJ;&0f_)IU4ll2?g@C1h_+22BPcDJnH{ZJ+zl*cH zeIH%cgZ{n`b|g>Y3Zed(PrkD{VwJLOyShT)TplogBDKm!`; zGAM%Hk6fti2(va1GSXDG+3y2x(z&iIVaFRevHXB5&q1d~u+U#SjA2L(08m2u-bqcp z7uLMg)YOcO(MU!?mQhd}_`pskHR zDUDu!trzU<0CwIZrNKaO`t+;x^pKiCtp}ncggX#Tdm99DvWl!qm_r zzzq;vDK2PM!MucI{KE{M>f(X|zKvOWs!&L?IGQCJXA@$AP%%-@@{FDA?K8U~Lqo~e z_XfvSP0gZw4DbFt}pE!-uJ%0BfU>gZ!~5sCeYa8Fx~c(c)lzB`8hIfODAbg{oEM_gOW$^7t|Z(vRFT?2JCOuxuH2PYW<*h3!#z?i zpa;0KIoR2)6t~l`!1(Z`t?lsxO8wpFa03(CKRLoelkpQOrPB=3Dexb59<>$87PnTr zFzM5P(|*|etu6Ym9Xg6I)esRrS^|;tQjeCpVZpThxNF^0i~9_D ziM6uw_0QKdw6q?<)YH_n>MnsvAh!){fJi5H!*VfnJO^wNXsDr~p{;}<@ZLP=BynEEz+h!%1w@9AVhlzUQxg+-k7`yl z87p0GbI4Kr5<^u)*GB5nm*=p3!ADiS>j>#J5SrNo&?ik`Fc}&`i}oeUDlEt7s`tSo zejta0KuJld>xsKuBi83zEO{_<5ruTLL;#eL>P5#A^>#uL?v-&vn-UjNy*QEFDJda= z^o{;t|HqFzVyJI?T}HmIsMw^oZ#R&?&srmzs8wf^2OE7aTrp|7#%IqGEf}3jym2u9 z;B>Y_{3{uhDi&Dqpav1Ih%sxf#lIeDqn z41B3&(Ctw&YH<=Mf~lb)xv<^TV9#Cy>mr$po5zgTP z)BU!N6rULu7ai0AU^PX9&w1btABoif;MqZ0rFzDm?oOA8nD8XZrg_JjwuARBY*Sq@R(Hwarm%U_?Ecep-0Cc zzSw`PCx3z7x1j8iEtQeCjLpBN<g9HYa!!BD?lw53&RpBBFv&I{G$!P`mCp30D75y{YAq15KwMJMtzQNYlXz-B- zN?0HV$T@1VY#C4XLwg;bnx`IG@n8HnY-A{|8izHEu$&5=C!Mpeq$DS;hB$!|4>p2n zwp+JuO-@arT#+fZ!#el5qoW?ODl##S0wi(pr59o`+phGlXIwN$xa*!UR?;}fC6-8Y zpx3G?0EI$XS=qqg9^^;l6SVVq=o?TDF{=XshZWszdU~Qd4XF>j4{aE>v+y^Gq8pkB z4#6f46Q47XIa+1LWj?|#SO2EzW_|g`B5mbxG^+OcnILR3(NoS0Idy!{kgWNOf7jWD zyK1#%d5s5N8pynS@%Zros&J$vt=o2xf5!8i_+S6q#?!aKG9a^#;9Mbn-PrTcs!TNL z(Psj4w3;A4|KOZ2^lyk3Y~zb&!S>M=3%t1}*6050hI)*Gj9pk=S;67!#s2V~cn5Lz zauNeGvtrPSi|CJpd5U;3& z;E}(kr!hwJccE1g%{GjkyeVrRh88zF>&EgCjjdzE!JwLOZ1^I2SBRn9dCY;JT4YqT zI~1UN@_9egl+CW|H6Kep`UEw7h2pqE*uRL+COup9&&f#v1}Y?)xCak>A)lfd1M_8C z+7YlE@EhO?AJ)D(yQ=hi22UHc&RJ5>M=*d;va`Q~eLXg|ThTWCx|%&2(?n4E(`6)z|+Z~!NjQ%l^k#E6fP*)%^e;ivt$AgS8 z4iXQMRm*?#@{I&K4BmHkb~cXAS2BDOr9ldsUtC0I3Hlrwz;_#LZN<(_#ONf)Tnb>X6xqOSogy zM6iBLo`aknp+N?m>i(j9!fGd!K_^L5{-&KK0Ylr)wRtAj48jpANNz$(z(6uA%$x}V z361!D072-CG7x8R9H26x7i0nb6*@d|4sdyy7m};zYZ3xR)p*%4WpEQj2&;6RoSJBV zbf;hj)uY_G)7jB6#Qm8~9*aV$*wLfJ0VTQ@pf%ObxN`-s9+B$6xx#`1hQhtrV7CFK z+Pkx4j0_BL-RI=3A=>Cu|MYI}zW$Mj40s3PiBmCxD0FX#+VG*k3@7}?>)~ymIuWoHU2)XbOD&X(m ziU>_~vMbq3U%h@!98EZM>Qd+E?W&RsiCTbOIU2sT39QQN`wYB3Mh-m2DU|Gw9w}M*#`a)B|U*MNT!xVV|8V4Fbz;Rp_7r={a^5=ZOTCVHRXZVx! zRkm$otH)*`mt;|N-3bk?Ma^dvoSUDAOiPj+w(H-m-+PbS9nezmdgr$QiiJA-50D7V zJe~9no&g?ucsVee{P515*+QBCYc{^^+ry8CP(bwsX~o1S_#2EJGZnlzp_pZ@{G@Xk z$4}qF64jP%jS-Wj>kF-#_l3?Or9`V`L(10g#t<_K8xCz+_`G7hJRQLbldqGLM7M=c zqTzI9xUo=$$7p1Dcs=;El?XRYjTH@RT*D2;PKchcr`;y@K)WLV9x$8$@_=c{*$B)@ zL)J7uBM83}kw()nPnq4SwgT}uwjQO$d-?Tt5d(ewn#0rh08Ux29fx=A-c1tU58nv_ zmQ~~(Qe|ptKUM*si2>CtWM2<7fexIk@LS*o-~obZY;=Tc67mcNkUwm@<>BE`wRwm#;4T(ZZ;|l>GYF=%*y8%?0$MG? zCIveV>z+I3hi0wxC!imse`)Z|2aNpk@_|hcjv!q^soY6NXY@$N?Ce<|;3;He5b;>` zMMz=bbss;fzx$31fc99;k7LB&2OKMLvxe@hr9~rDH9V({u}rkR%uZbEJ$q~u91@=Z zd)FYE+OsuuidCTy!GI$eB2?jAz`H4_sZBAJ^TIHD;5&>`Snb|Y&+V_v9W>q3JU^P8>0AG zX6B!@B}ZwgG>q86?2Gbv63E|6ZUs;{?4#lwu-nOo@? zx4Q^emynP_xjEq~Dra=`X?^{;Cz`Y?p0~BoTQX1w7zACS*vVGl(EbGXI=nqmX&*+U z!EkXR6YkwZrm%;F1u2@FFv_v!;k}6(AcAg`uO1 z0WIRidK>VY3;pyW8h5(>! z$Y5A%<`Nhv|Be(RKEUkO_Am!XI)BHQ$wsqOzgNP=Yt>dr(gWtib|3_u?X>LAb8_fZ zSO&~$0am0dN&4a2Xnp_wNp9{gZ5JppA+4+#59~_ZaM=)#ZlqhH(Rl0_`;|gL(ws32 zKSM!X4_8QPw#c=*hBg5>slh472qog!{!lQJnQF_YPbL5k_e`YOTTq-uX#lPLV6IG{ zy=F-ht8Q@S%x;W8!OVzvzBViMfN+4*@vPm!yrt~=p1ic+-h|)6gaOD|aH+4Xj-^5x zvT~UOAjP`C!oj+CZ%qs>ZTKEERncaHKLq*wl}RC0Sjnb}n~x7{7uu&zRR?lxEtr*G z!5mOCI=r&``k~fiiy%4-FRZR)Iw&inE05mj^@cylcz6>ND{EqM^3KW+s{xx3Cj5@2 z3`uF5m^{QptBpt;yi?d|CT8Xu8Vm()5llCjtNR{} z6s8?y2y9Fs+jG%y$MWsk0sAS~#CeDej~=}=Uf7Bxj<*9@A=jT1VoGgQgg^MR)dj<^ zTlIZ`^(WkaZE-2)mwn05P*P>^f0^f)oACThdMPiPgu|CRU2zUy9O$Ek)pFYRp3klC z^RMnZ5&ih4F~PrD&GmE9*5(8MKgE{1s^qaFOX~+>L@|TZZGCP;-dJ5i2Gpg zhpc0Xhi7PHe9yHG@rw^ZD8r;hlvnXtm@YV0`x|r>9(Yjvi^y7Nz^-n8qm?Mu@$7U@ zp<@EOjQ~R=4z=;Qb6DNqS%tTROUufnoWC1v2FGiR{`v)P%SW^Wrk2(Wv(GlC$oKr1 z$2gRSO^H?YbpV7<$K#dL#=G*)1AD{081GNAJs$-Cc&hl)*Gs^Z&TIZNQH1qDR0 z+QL{cdbSO%E$Vj-aJ9fXkoJg<9LymAIqG8HB=rU$bkYnO)lLF)BIkt8Hoth%|O;6dphf#1z1V z31vTSE7JD`vOK17U*S@&lyBlnzFaE2%hRwFiWU=GlPUG8!%L#Yr)n@gRR%tFTdZm>u?Jy1)>6wggFl2>@Z3=magl^_JQLSJCd>yHQP_ z8|T@;(~aH(Bh?Aafk7Vt#)?)OK9m|j&&GD;XA=PT7i3$k*GNi`$ky;<>^EpP5MrX4 zUOIvbKWgbm_U)_kASXWOPxI$48E)?P^QmrVhR;{V_L1Rh@GZ6Qso{oyjgCsdK7pM{ zmGR`|<{mo7xW#h{#%4%}IeyRIK%)_{c()Qlr$7`y%6?Z&{r=6x#B?7Hg3(Wm3%1vB z^%#U)z;5EvE_{6Br7_Lr7l>(Kc{ylXYORpLwQJYrQ^zi-gwZs#s|7vn@rW87io-r( zh%j~3BCcT(`?Zdy#{IoG7?)ND3L9+kK%LumA7ZHMKg##;6<%o<$^c30f2t zXiK4q^Jbhynl7BVV?i&~`dskDsbb9iCCPffz@Q)&Ovt_+1>5_`^WiGK400Wk2mj2`1*lLPsM(!E9u! zBv*H|(*N}NAFluV7w{j3@aEyO`RjF;K0j?hD)pE~3x#-?VPU`IcVG$<8`9neP6!xE zA(|eIL_ttWCo|qPWXFCX`(E4$qz)fQI>gMBt&tcS7WOcTp>fOQW1j5`zcMfaKOPt* z7w6|Mb-wOJ1!-=EK2L0uK~?Z<1g(aKy0)@X;L`j3O~$SvtgNNTet04Sx_Fi7d_tB)*DM(i z8bG1NH!5I<{hCjC(t#(=?-5ttk)ek+jl=678)0`cKPeQy4qZ2I>2<;dqcCm_hI1j_ zomU;Z9K>In7PmY~{nV<{4bN1cS2qFxaRW&loDe_ueJ-LbM4Q28)jgf$zfXPvE+84E z2L6A{ooP6hYxwTpW@)lYWt9d}NkUQ~R4Pgn5~WhA)jXnPN`+<$Au@!7BpM`T2&<6F zDoGlYOra1dL$QC)s@C2g_Hpd}VSm`~@gG{e-uHR#=f1Duyw2;qz7}!rDC%!24nBK! z)BfSQI&rY7JkDu1?9JT)i4ank=H8FXV8ZaS&IP_;1N4%CIb(itfj^)aN<5FQ#c;EY zDfR^En2_bEkI1tzu=SUZ$v^_c-43C8UoHfvg8ysiF$W?b^j^VKysp`ZdeaN7KGRXx z;8KwD`4g+`m>&iTBRmyye$XtP=65b^n}B|2>TCtIw1$9ejRySekSW_XwM4^#if3I3 zJUXm5ctQ;r+;CZa89z!NyqR9%N7cS)j8ldOR^PgtBV|YxiWGFQ-@Pr?$Mm+l7gHk&kF}vKv2O{rS zd}Y-%yYQ8wne8WfI*+BIBr8h-I;djYtE8cGy~?VpHmgX%of?y8`*33=F(i!;zFY4H zgqJxRcw8>50kTcuoS~OM;v!vBs!bakkZ!~Gme*B64VSPM)(!^Y^^{GoNRip?ZYiW(aAX7nmeZ=+fVIg*>yhU!`;93Jl3~6OsadMHP%bY8# z*KOSBSGxBz2?o!k6dUiOu=D}mY`rQv0m2(!-+JQMZ!GC4Ef~IT%8H3Alq7|Y1i`bW zkW0W2A{BekC{H+`7#=3bec|yT0TKRqmnx)KbP&97|L1ltx}TK=D|#f*)v4Uk4&-nk zPuL_14T@$9pVl;CNwIAp$Pwi~j%_Wx!Y6E{$N=Q$8|PyY=ghw`9~07Si9h~SS#y`v zrM9Fb)HJ3~_gTmT(0N$2!@!4|JTNiuY`j*E``Sn+tq60dVwXp z>)nCBa#;~fC+s#H=L)40>+DQGxhV6aD+Uy%IHD+f#lC&bLJKWLENokL;(AvJifddh zY(`w|)YaZ>3g@py8$o7FV+sgsBlBsq>ejvcj+Zy)?P%m02yTh=%Wf4lQZ->YxSF%$ zj}!1+UUlbrPEIt|O59DByhc`5SIqPDX_f6S)sjxbs7#?8XAzf|ovjXs54KtPI;xAb zT}r~38tD_z3k@x^zS8PzlD?KM5emLMCJlv{Z0z>l%E!Yn5!viL}G!Hhh+s`J18xVfhcTW(qxE>O*@Urp$p)Q(T?;dgUh>^b}vcnr7S03rv74 z2A9|Zh<4-pbqHSOu~P^WRaAEI(5*1Bx3Js~zTHchJ1>#CY&Um1AgQBcc-gBctj?kVoNVCGfK^qDZJnEM!S`!x#FH}2bPk6LuRPUFO(%aRRuNb#~ z+o!KiTc?h{*O+J9ZnU>;dR@Pr?=?f+&nb-fq^$K|$L)Fx)0;-}A#axbHOedeURYn< zyb(DwJdrX)uFo6X4z^X<=FZt^Y`0rUNn}sQoWn{YKEbo)bh3$^Cyl+1b=Nh%x)ymK z{l)>_%9nVmIC+7buPtN630|t;Q$9OnFtjClkZ%zPI3P~gaOtC4B*~Lz(Bto2%jU-z zhGwvDF*hs2X7_ASzKCaf>^~_I%SfRt4bMYVZt=O(UYXhW3y|*MX-Q>nHXmO+K@yZq zYjKd$R|Uc`3HS!z0v3oYR`HaCb{CBJ>&-677cBU*f#O0~Uasns_sOtt5Y~#e^~Rrd zhYwBm)FnuBe=MmO)n(rvY+%FJuaEP@9SHJ8#S)r9JJ{c3*5e0F@^q5`_-R;j)@_*V z;PaTfQ*1dt9zy1$2M;vu8p?zc#pA#h!fpzDc5Ka^AGh`A6q1{5^a<%+Um*YkkYxg< z?hJM?xVCbp#r|unBaF+Pb*`;6EMce6bqNp9ab$?3sNo)2CqXuu8N34c({r??g==cT zIr>U(eUV(Es;b(stXu2Cy)d+M%RMlV8!g<*-4ke4w7xo1bk8$=&5PT6VmM29qlIIZ zcnnE??_9G#MIIR}2O}M;^&&evf~rfVv6oB~gjAUzlm$luD>14E?YY8B#&sVl96l3T zhL)Dr7kj5#`K0rwM|H{0C2P5}Ie!dYGcvPnY=rdrtAfvCQL?z5zd^8OSK+UhX*#zj z`}q~(zNr0dQjrp`Qf&FL;+g5_@{OL_GOpq7x?Zla1`qON9Xhs$7a(?&Xx!?iqAFt;fx0e*TO00#-IY;~7 ztG# z7tj{}_qA^vj)B8bP-TOO+G}e&b%?uO_~(IbCi0RM?~k`!xf zW3rj%XbXb&B2j&!Pf!p|zxVlogdJ~MgKUezCZ5zZDVt4PF0|1Z1TC`dXm>)7E?v_> zRBx}f|GPR0k@cnve?BO}WIPgHs=Y9+T?jSksU^)(k?P%j)_&cd05M%PuyYu3LN9T2 zT$-8&mSyunfzzE+qXgx7UhRLtyh1+BD8j%8DCQYH%_Q0wL=#Y8^EDJ8741R|<>lsi z4OkD&k!S-oEY2YQf`;nof-OmZYN-DFB+>WS4>q?+`gqY!M!IyKV2vVvO@%p;72 z*cjyIk=hXVMUnYcHdt~n8@9U;UEq_gZRVne`t#+ySTF_79jOu&8^XbWA%$#7K%;wk z@TNe#02e~tFgSQWXf45_R?G;t_Rm){1ajf!P?b5bo4Vw$pWc1j@4pKjsoW8>)$*_L zXKrSkSA3eTbXEM$!3-7&f zWAcTB>eq8DRVAAY|NZcNPFSucYzt|2*zmcjD7Z$O+}kkj;*A?>L5s|ug=fc6LgE!R ze9nI2OF7DkQTm0$d~uOq^E++OV0O4grR68PU@->uRA@0n%y`d?O)#E!|KGj&#H9mm zll*62)SIjO;?r{zM8(Z-otcBI?H&pEv= z_T5pxW1(lPi~(VZ@H(*e(s}FkpF6_KLZ>S^N{49ee85+2`JZ1kajBTbwbSA23o?&< zp5?q!Vt}7kM`e1`&;kEl%vBS0jcY1-1|B0cEseH0THP%>*fgX-!ahjlkN@7Y+jx`4 zwdU1l9H;Mn*ROHi0I$l0!%S*|9%QVS{hwEILB)E#jH_HvnfKmLmGs_BSn?oNx5&#Y z>~!Am-6L;!DdUqxWa7=lANSMdzughL-#_uM%JxaRa}UY?`SXTE$4_OPwAo|7bz03I z?W>M7efm=471Zcg+kebVT6BKC?#&O4xUHFz5Zffy(eKDtr;fM15|x+TULrqGH(K#> z{=es#cZ%zmlw}KVdvsL!cHd90J{QiJHdyh^xHAU2zs-fbhj^$?gY&F1rCDuz1Cutj zeUG@~dR*eaYl%7Z*t3t`w1hWiT{Lqic~&aFnWNF`*Hy?r7r$}EEq&AWb(8D!`_5|J ziEp-MRgE_%Sfu#<_sQ+u#ntpp$K_ADc5%V#adPus znD?5ekp1}grOydHUo&dHSA61xcRK(5EOJK8e}}1kZ#JaLpD#NZAxQoARpuuB``S!)ZZMer8E?HA&p1f@xMJM!j zpYinEjn@RHfmrb0m9?LcPKuZJc>wAcQy`Qtae{-ZljPu}=CP(; z9g$I4!q^*L-v?`0$&j=*AedWanI>en%^^$9RZ5;k&A3>~u?~$~SF#ilVX=r4JL>Yzxg!>*r?;GuAC7L9{p8%vF zSrV%2MnwPW^+?KEWVZws{Dt6*<*09z5{v4J5gD#ty_%|?bt$nNpbhvu`Y7o5R9Bmm z3X;E8N?Dtmza-bDX9k`T1RjAyM-h$pvGw?KAidoCxOYMuWZ?$rlBEjtX7;T{XG52C za6Deip@HyT8KC{Y30h#F4n!*@CFRtq#l_|7U+e{4jS=V#mE{cZ&LLogx|+-Gh%gu! zVZ6DB6>xQP%P~WxAgZ96)T;2((wgWu)i#>eiC(BiULs94jWM0jaYA;BS^(X7e9}l% zgKN|C^RI&-(t(jQ^ewts1mqJYJX)`sGXcN3-A-GGTByl#^I*L_Wr$vYg2uX@mdgP^ zWzSiiBU6c?atG9w<0KwyO0VTT@(Qz9^MVF1J$-$O2lpL?ZdQ6LVFOsiq1HUw;7pWh zYyeTc&g#iOA8Gr+Y|mbvWZ4#ResVdqI~0c%)+Bb-vj>Vh zWrR?wWDSHe1PFPBJMdnW4)^c@Db3TSxf6o18ShR0PqXR5fa4& ztQG5^puy>{2dg!Wvv`v{aoRKoXoCPKATbnmBfNJT4N`tWja z86Y^Snl??W_CmnydLcqXiN+5aAvj38ue3gh2yCp<39_2lVlZgLQ`5Dj1 ze=7135JRj;0+Nn+zT(

EC3_li8h}%Dj$~#K9y$z7rD6KkT&86l+`bIO&CBrZ6B{wEZ>^&5@SYjlwwnP<+Py# z228@waJ1~~?UBJwBW(g7V}oNFsk``2Kxz^8tNMnAQk3S39qNS2`{Tz-YxW9&h16#XLga9%{fVHtsYPF0oW~2G&`T{{P`v|_>VN^E~{PW@$!+fT#tEP6l^6j zii?Y_?l_(?j^^5h2ISH6s@cdmcRDGlbOKWe$AqN<=M5*pZ?S9nwVxto^pzAj$0SbB z>!Qr!xU!UuN%JF&-!RUAzu?@^suw2RE5I+CT2C=3AXO#2`PVnLZ&TW8?=*a69fVe- zmp3-E-kbk9e=sgC&OG*OqwqR$>=^O^B*5&nr5?w7z%=|5pAQBIqB)WOWiREtqENPx zTZT!2A)*)lu4nScSB(l^v1-n&;6ktbnOdMfE0<~-Y-}3I~*(sQ* zhj<7;^&;2{9M}L`0e0j$V+1|Z7A#ssZ|6r&_lg^vJ_CS4XqZ`iCBI6*dSG$V16fbP z?zypz0zJq(p1ZBN8I^}d@5MS3ZHG!rE1Gr7Irn6f7A0XGIPgcb$X9|2E zrw>=-S};8)hfaNrUW(As(4()7wY9gco2#oM+n&CAp)?COuwcs`RtpB~R<$7rut7R~ z&WG}pr`xKu4CYV>fNc4Lg~3{at*`h*)D)n$`6*8J{;3hGqm4)BW+2)qybhe)^Hp5v zQ!n@9iP6Q?(f%zB6K9De0mO1U->3y%a^X*;1`OcQ`tuFvDt+Nw^pqh8q4cvK-v%fS zhvgq>*HQqVvm)``}_V-W1uFzfsr1_ZHTL1pVn>QS? zw^U*1?UPQ)$v25xb!Q3<64pl*T~81GETCmrD*7lf3{$W!xoah9QWNknc(71C{}?#X zr*w2yRu*P=KQ*-qiREHO+%FXpKxG6^V1s5PYinrO@k`F%ho=#_6oeFKt(Te2`Ovia z@UFCU)ap+_^xNOuP5=g^fN(@(wy$y(TLvs4Fd*PI8hN48-abA9hYV40MXKKAFD`r&&IFVGXf>i54%jUPpDo~?Z=E|*G-eOdRon4; zAE%m_fqa^~pSpAL{Q1P(x?=8njjuhEPjk#z1zxXeDG7o(N>RpES@`; z?lDjF>*Fmmt(2Qll%|P$E|v!Nq_pSfCG7isoF772I3l@5BbSMleE6WwTfB4VYhg~1 z|GJ&{7-D&^b?bnzFrAP<&7nz@?#U@T_LOM)1yULws|e}^u-j=al{pZK(~$574cbsF zzxpW;6_o|etoQphUZ*)T_n?K^hd@@CR+sF(j+$o*-NooYz|f%D<|YC7G`0U35hVhJ@>h5C6p$TbUOizb18dHGKH#g^Rz^1{@xgMxdVHh_1 z80Mm!^6n5Ysv(>Rp`16mP_ZD&C=(qfL^iB4>XuLv1NdP#6Ks6@@T4?)`z5nD28Nu4 z*a43;w+s9eka6p**LZP0UVz%EQeQIEDu1*DZjylE!VVv9!K#(%-qj%5b+ESwNOVab zxfA|5nVDYrRc^Mz=ST49F=NJ{;>^uqrk%EQ0W&30gZ}p*|1^~~3?F?Tdsq@e%{OSk z*0o#H*SPap6hja+;egSWpxA5qGDI%;Z6fRn?Crx|!_BSs?iG5q-6Ti?9iL20c4c!_ zoPEB1!@702yJ0eaW3PgntbW>%`o(%qWo8hZ0NE*^PsrM(D@KHmY&sy~zjPYIZKgo` zNs2C`V@=0z3<6Q7wgH#s+d)DY&7egVg-Uf-Hzx?)@4aNyhCE{F0IO@KutE@K2w8M= zij$wLQ6V;mrd_ckBq(UufC1~cH3&MSZCXtiINA~&wm0J(x8z>x>sywBHNyln_~M(; zJ0ZrmxUAd{o~PxbbW?M|LD=50xg zX>4V1?q#AQ2Dg~Q>7qV#$EK+#*7One}&8XXP;oqnF{me|^Udwqu-@9Nb* zbV*6dS4A<5BK?}m=Oz9Qy$INP_RI;7Afa0sRHUU#YXTY6^n}GUZ4%Kh3Q!wYcfIn1 zN|tY=SK;RYx>OjMFh{jfYtN9KwK6?rkOSj3ee@?$k!T!<#zf$h?Ey@o0o`XFg5cgM zgE^y%1Wn))G(77(c~?YVTNxVh`pp}DJxmbPl%l|!iIBTM8VO7rFDZ`H2wZcFIBA*M zsbY)8HsjO&3@(pO{0%+)sbSSgNRFM?X~a8h5#OfjUzYHWu19QmHkH>NM;-U+_v?$8JZ3| zB`861Onb?&ZT!5v8md!rmYzeA)|&xqqS67R6wzn}l25>6P(0l?h9t*e{vXUfkgTr|ce7T-qO3PQ?>ujfq^(wg6&Akd@wxC(t0_$az! z7&s0b^+a0wMt7`Y&XI=V{^~E5NmJ%R#ZU6R5y63{;;^yF5hJ^CRTvW$T9yj^RfNbb zBPRTO9_=#Oo^KWT2{CvIi$HeYu<2sKmd5-Q$f_uqUKZdG!of8Aow`T4cN?aMO`2p) zT?l*CqE$Ty0nE16RvHrYX3rKB2QQ z_A(gs$z=O$R0&>@ve6K>;{2?djus!Pwy7TN3!%_X z!7(?e{^ErTh&io;9`8Gpl`1nYz|B9>K0!-U1CjSBcXxpo?Qw#fpq;!yJI3akgl=TM zfJ(t|U0`5v?e%^PHSw6Xj!r7h08H^gTf$E){$0qi*6f{wFlq3qy7uT1x9sYB>O;!1oP$}{pw!wsh zj>SI26<&g9`FhrZ1rOQMh<^iO5IQ*|MVva7$59nl1{M;m5ePTF2BN%qqKi_&4=zT^kCztC!D zv$AYu-~vi;vm^7%gDcM+VL*<|Y|zN-Lx?m87pcEHfgfcM3<3nud*(1N8c>j~G>HpVs&@(b`^7wCMhWxL>B#ih1BxCR|*4=|NtoX=%^ zG}j|+8`3i#^aNK1IC*Pq70ecm9BH)s!kYzGn_VnF&zPeMYgVAD@<<|6Won*9PqP2A z$xT^3wu@336s@66(-)ZL{RP}9B^&M|k%XU@AIYYWenj4nk=y?i8VY4y0 zU<#Wwgs?=&X@M196IgL#%SRRz7pDS9answMU-pLu_WCJY0ouDjjG)kg!p9ZHm?+>5 zNx#Xe=S0}IFLnh^Lmq;m@*2`mc904yEm%WY!^ zJH{H&tcq>rsZIZu_>i8@_kSN_=iX+Dw_dpC+YJ>dL~gW8Tv>j-0_y`opig%fR)CBW z#;ef5KxLad=eY{4fo5^3doV zZA-#S(kw2JqMfYvd@JLr^|4D|=07spK9&NVSa{AE|7bf&Kbwm0OFzpkdGSgt;@ZgW zz2DtS#=LWuQT~`veema}oWEtCAiX?hu)R~vUU&1!SBlachK|_zO}cGF*66$yDRs}1 zj-Ed~*L#ujW${g|lMXmGHZ_g@RX4mFv(IgfSzO}HtF0F{zS5Z9awkdsuBHFrJ`QF(H0&#%_9^)&KW?CT?2ZRgiLSEkQzfZnDzdV}-9g;SrK3#d;cioJ*#b;C6|0&MTxNm-D z*Pt=^FX}3LLH0?BznZ%HM{#qG^KdcokZDyXuDaaO-WMnlzv)i=&9&v)KNm|RuVkT> zH`)J;!C!4R`$X=4)mD*m_KzjL!!)f-)nD{Xv5@KwX~^4LJ=%@hva5SS{B>=+*7rxF z=f@S>tFPPk_GaB=5XX%53iW2ciew`B-pawFYQC86ea;d++oZNI;JQxp!@pLHZ91K& znNk>f)llJ{_X10m?;&3e+ziJp4op@rnZDJ>;NHo))*+*1z8v28rSGq++jl*AjmI|C zo)KYNy2V`@n35S@d!?V&=#zS=%iheHmh1e({(JrK*y647lE(u#U(=OYu(mSvx_EL`mO8U zT-)v5eBs&TtzU;4=errpEO`Gk!C}R>pqz(Kb&k&;GP!>Bia{Q2_A>^D7X0W~o@3xP zamAgEWy_4W=q0HRH+Ww3i<)p??R&Szm2SG%t|#2QX54pZ!|osVCl3^#Cog$>+rqn- zQWmSKDz8eJy6g4#H~Nnk4tWx@u%=bK%DHL$m+sT_+v0RO?iQ18yfjc~9{k_4kW?0q z)R>fF!`l~D+&!cGD&f-DoOxI0x#|~dv=&AvZ66w(vhT-r<;b@l9zkkhg&nJn7w_C< zwI^UwiM6fSSeNv$milH^b>ZD^m154Xjd z#;m?tKG)>$?Urgi=k@oJ&|P`-miFhwJ#aHR{Oj$|=zYC%m~-pxNF%Y(sbW5|HS;PC zO>Rptce<&!ajouuA2>ky?5OdQMdqur-D-k|kM7=ks3{&{{Gqp(`<}eVj|^_92Wt(E&aZJhv^?k6GdApbjhZWfQGWdq8j@?A(Qt%f9W!_B(rtzwX2B(HB(NU zC_SxHw{gQ}(;eCu3#(nxCQ3=kE>Ztrxmp^}hw|ryN{qpnLZ3i0nJl^Ilz^DrNep{o=;ByRJKM(1^O}9r^uosImBYU4)ZE(iQbc}#MQ_i6e6xJLI}s{iV1 ztgyg7)62&J7nGK@|EA0undE5rKi|&_B z4gGFZ?ftOl^+F}{;qoR53cslrGbT0|Ymi|?NZNm{tacjWe#JrmZAfbS-|JPkPm^$* z@?Ec^cDtJSn;&QY_I2N4V;2`H@xH!le$C#l6IQ2~EsKfT^lRlr_j0k&x?(=YQVV0u z>R#>n@UcF1*myI=H#e)MjYzAD$*(E+dh`1J56*R#-y0t3?|8lchEjc5O3jmuVqdFY zj!|UzFeuz>tvPQj%bqb2L`gS&@x-4$5+B_2H)C+5^8cR078a`Uy1A&><)tl+5Aj#g6pvg2XR60N}8SXh_ zk%{yw8rG;gKwc$Z6p|LIfyerf22eO*zjDq<*z=?b#M*Hk+N*Cskx1PB>MKM=s$46U zFE8)73${zGiA;)2Mc~=+J3u{QDspn@pu?~@(dMe)+kq1(@Xyf>)Wz;n`-%t3Nd&?R zY03Yg2<{1&8^}X`$;Fd$^YXUu1TaTIilR9@q6~*b2$9?AKv}O!rL^LWDq}3j`ssS2 zzb6U)D?Dw&ZU3xZ$eK~sb7n;7l5;}m5%2>sFg5IM^@4Gz7YF>JmixeWLX1MSr%2wH z&fip6Mky9?#?h?i9?exed5JL4aeBl8v>o;$Ge+tQNZ6~)hSH8O%!96~cj@S7 zQ7x}Q@)pl}K3At~;{@-17ck%i#l7L!}N)@b0;1dcCady)Hd*$9Sm7?$LdFlrHp z0bLq8)ZzW#JxPtwn-PiCrF zrkVbbK};`XYZzR17ZlK$QYh_w0d*2!l2mn-$hIM!=pN;v2pxkEM&M+CC~|$(U>xn% z>)}f^PJP*+`=iTb>h+}E4NINEKfbwRCiVmnS2v&om55e`fReF2&B>{9>ubaC+1w{ESmph(rmsj_F*$zf-1Bxzx9!uhk+TaONF_#z~S7) zb@#D8zDlbCe0-W{r{DkOi9T!V`L;WN0{D0 zON%dwu@T4`ov%8HSB;|;Sx@rV;zy*)0-y)R*n8-d1!9)lw+o|~zGWJ3Nw8=0(9PRW zBT&Ub0H{UEPIol|BxWd#_BS&Hc7?@QJdbiX{XOiOLAon}>PfIaK8wzGZf_i6XNE{F zVo5{Xf!vkfbWqtAiUCqm@|EKdSXi$*(D*`>p**Y7ioK((QC7U-C-+b*5dzs48W?Fw zZjR{qupMYEFgDpA+rm^%c9$*i3qwa5|5l4I9yjkP)gs{M6*2-VO$XT>p|cO-K2vgXr0%3V6$Zos zEC~pE%IlIi*?(nY8j}vL+C8>1JFa~<1Z_0@1R@f23v?hZL`Krx6;-fBV|Fn%g2Fap z8IxeTG|B+tNUN@A#@J%4nVSTB6@IeqS=19YFdg8d6S=NOOUA247gXa4*eDEmO@fsq zfAXzwIW zhK7&OJ3T#;3hdpjvpjmg^8reh>V23$Z5*WWVE3Lqf=nAVwKuKp^igc@@uTu{PRp)(+4|W{sOy(z(Sw# zgQrb{J>suXdFxwpnNS>S|>PS=@CbOL`43=AyJ_iAZr0ZoFaxy!Brsu%54&$diHlF4Tq#T4-9 zT}kQ%rDq1LitfIAsY&G(tE%7w?}&B_b^)LnWh|TxdptUJ2gSS}8ciKoZAK~QDhphiR3t3wx;;j0o??**yow@`BNc&5mlP;A zeOp<_SwZ6q9l-qja|}hHJ?yRbpQ4f8=tw_hK3yjf#SIucOxb0rfv?S1502b=Q0N$UY&Hyk zVi;|Lp`wd7NX&<44WQk1=02@po**B~iy8|W5O#KUNLb)~7!DbdH+9ma@yg18l;{=% zr#>%;WJWmMJt--}L=uAsf2(-JfI;YlUv55*Fpc3}=-fYAs(va9>HXt|@{Y8_@7t$t za~j$&iUV{`9%xv&d2pm3x5hB`GRF4j??yivGBfQnuA*I!N8q2vihOp*iN<39Lmj1m1v z`@o`M3|x+jE6mRyI(f^PMRi?7gnJ-`;+ZNqH$*;HTw}i1xcD)&Q zH~ugVq}(cr^(L4SJ9IZ@D8^&K7y+k5=vObi2sE0AbnLe|m%2s-tm4K+3@>aNO3-B1{n8Nzgl1EtMuQ;DwW zDwoma6G`x*u0_=m;XBQs+RDlve#_TL`O-V|?^HJI*+t`M)VYbJy7gE_KQ?n>!o$}w z+9+s|5DOG-`-+_;Em0fNM+9gx{P4H;>Wug{MkG^83RB1QBBCiO2VEAP2Bu_y7B#t& zKapw<2nc}K)o+BMFx;c?FH1{&dT;fXFYpd2%Zw7sSbG(FsYb)9&ZDCvvjObkgRfh= zRwVi-xw9aLTB3Q3BIH*=mKirF5ORnEYAP%BBlFW*Duxmg@qml%Y@R$|gfrBCRJLc! zYQQmqz$Q9?2WG4qJ3DRF2+<6Nl1q<;m%=t?+>O{F7`SssN|02br?)x5oC)N-zk19I z#>o>MT`(R;Uz?2$lOXC&mdueTUF~Q@B|*v3MD^g5y;Fs>_~Vb z5=EO3W-Nu^{`&RGSkr05?68ZZvl#IX#{yYH3~Q_8QZqAKj8k)G8oE*CPnkrpUQX_U zyl_T_P}Ixcq$YTA;AJibAGX@WM2*LdPW%w}Dg1*hi%5TW(#ozgA=u6gHAFa+0$nE& zW&+P@dA&&JxPy+c@3ZW&*{v1lc4Es=q=m3UbdOo+aYWXml+ul7Zn;Rror88~d{&ke zM`RZ!EN5|vnHiRv+6Y48YnCD;#Q79eKq6&q-60^`rgw!`wMod1Wphj7;jB+=;Kr$y~d3kk~`ryHImJJIaq@onl z7~Xj1%o&a*xet{rL3V_4b5W`#Ic3`mWMo$|RprbX#yKMkh@i%B%H0@qYPULsIk3S=yAc{nJAL|YxfL4@tB>jw6=m1~OwJXk{gmGj+ADbZvX!-_ z?UN5aSb*v%>@ti}81uHMzVp0Mp6|Oofolb-5M*hQFpnI;hf(QsM&YwZj~?A!j8?Av zSXxR|uA#teHD&*v)!9t3LCuq}wc+#Uamq0L9g|FB5@d+J7L<$xgX`9a@c$lgUd8 z(8npK+3Y980i{3H*ACaPTF(|mta!(cS}OYxeD(KTq5FfHFI7ecW$V=-zj@`#qA}i( z<(Rh4Nq({kel+CnXH2gh+Cdh`!GycWgg}A)KxPj00uL_Hb*4la{vL|g-aUK%Qjvlk zlutiK+lOr2C0RKQ)Mt(y>EV*Tk5FRy@*?OUTo~I1#+qpi*Hykt-8}YY-a%CKH4)SE z^BWwrhVAEyq< zoadrD3mIR)bEl)AuHLf$G1st7Ot>}q+NL#6qN|`*MVd#?Hr82D@ioJu4qNV=pU5ua zi2~_0G&L3AdUh5wCWnZJxMv~bVje#ZW(s0m_zm+LjY2-^7->fDCds@43>BKs{yN?<(Mh^+2&DWunl;@nr4dP3dva&}d;N!Oajm#2|75Sx-SPJ|e;`uQFWzCBYDf873}T;|!i8 zFgZFqj7-vN?ggCruB4S$mnD-8py5uy%-n2FF~dB&cJF=@o0gCuBgW{1QH1 z$CTvceOeauk}#f-@Bx*vch3M0b3o4o^2+n)QxFnDjsmm8*O7m*xC9;u@gKeS9?}V; z%<#^~XNNJFKv#dv$e*v~@OSFL-rnopP3iW+y~oYc_Rx;yCu^sEToPg6K0rd^OBftU zm_=fTzPs<)*ZL*e#bp-wfl>s141zy#06so_H<1XF+6zhQqoU@H@rJ-{1%$&u>V6e<|&?m=m6YkT_nJJCdnE-?>LAGn%!u9EJJdQN#*FzD~q*x2NF7Xmj|3CzH)r9me`8?2bGyDx?7AcDVrm_YW>6F<7a z=)1u*+~2)YuD_7E>gi#Cj@^3?SBc01j+Nx_r4atmxUYXVlemKs>t~zco8G>2C-cFV zPCJh5fi)(bmDW}}jZO0GnMw1~?b~C?Uf?m6WFd(SB?01VG_Ec>8X$Z-#%$-{W)cN> zcg?m&M)VyN;m3AKGxZHYQyu4aEss)o71!e9>G~YwQ3~{V;N<|V3pjNWUKyEAGf(3J z2z(g4SE`;$K+)Z0A}H1Io`vuW-+rqVotGmMNNYB5B9+ zC7V@kE-ShmuTb}Zi?xISB0$CQ^~7aLes_@hOstFMxejT#J#OxAE&w{Y zi~ipIofL`@gxH$l#2m0uEY~_X++o4NICo30W{@B)J;{Nbce3E5l^&(d@KE8;0+;QQ zMsk^WirdIqnX4qx&iQmIi?VO$P%OZ?|-a+GZ~@R-h5nm>>{G zz=AzprV)9iq^ue#0TrwJ#gSs~%gWH}G*2*hFKx!yfh+okJ}fvO;K6!T zBDm-$n`pw@yk?EWz=1SRS#CWW5TKhNne~~?wCehYWaiZSl*vM@btE4W?*bmD|5 zi(p!BO0P}@m&82@Zhj!AqL;Wh_fHdCrvW|&nCuHDPV{n=qOWt3|AKvU=g;pYX<71t z3GQ?Yci?g-59#9})OHvvvg;PRqxQ8%|6^wY0^s@4ltTg{aP-pppSVXj#@p&=yeMVJ z5)#;%@vyhAFT0FM%!oU0eGea7lEt`7V6zuKkjCk+Agh`wF=|vePd!5mY|uBi9M>=6MJXwUMcH&3;GniI-CSZCT?YCqTFFij2DyFKxfPO zG{p%MU_ZUxv0XX~#Nh0Li?uUt8!Hy7SD>mz4B@A^Jj^)SzLJU&M`Z$&bVk7ICm4JA z;ziVxO*$=Q1BST!o;@p;W`1XH?6G6>tgWw;>?5c~)bmji+eIV#hU<_4d#!5JrJRRD zR9dlN16s;}C>nhjEAvD=$DV;?_8T0JjO7|gZ#YAdb+d}O@jO%l8 z=@R&`#)S@G4eN^l%@~s_8Nf*dvTm)nf`Z-#bY$`zv7>8(>eQ*u_3t`)l(JfI z5aHO~-JQ(XA_QE)6{zvBOreIohiR%QD)u&gSXelCL+0-9JWL3l2l{a#RN07ZyHv`s z4MJ&+bJ+U&_MY5~jLtg6v`I2U8Dz-PQpTf{Ged!k*eGN7cX+p46hTdVpPg@RH$6`M z?W#sL&$(efVP(GF-=pwMj{C~2DDAY-4KEVeXlg4eex&S2luAs-Ke#|#%$9@zg9vnm zP`++xXwa!0gy)t&&WdE75Gs$oyC5iIKt<-7el)5z~IX=FgK7K$l zxO@PF1U*WA@ZB)_j5V=$a0r1H85%k>!q`%(`>6IC=CS6nG%1R^z5lTx6^cAohiV1E zTqn^NMx_zSMnrTIjU03$!93PD+EoLi4SWG~j(I&elCBXF41B~8_rrSODV36ngJN#n z_<}uxuI6GP4CxS>grK5HbnPT6tElKKLawlxmTu7uq7>>McpgJTO1mzN9Gi=$?Jk65$4qfNv`g8y*SU7oPT=ijlykMdS+K%#b~(h;T6s{SWu%cjRT zFu>!Ip*(TmCw=>thC9K)E)xjc9>n~M%(Ebomntu zR$^B!!t#YM*r0fa;VLH@KXgOiStY^jK4L1j>mld|=YqTj_=rF^W9ci7H)6KTVESz-|B+pjiKv?Y{1G(XKDpJGmM@bJNdr;_rX?d+Z$ z`sclApx@{bGNR`V-A%OF8LC%w67gVJl^G6Ff#=Sg>H3I0CjbJZjaV-l8IdiBGO4Ca zWtm|4t{yvW`6Y@Y${^=jU%RpOZ^whixNRhhy%iHvLkW#(2XLGL6ThIJd^eD)2*FeX ziAM31YkWFV=UUF~j@z~=y6a``c7%QSPanN#lZJiCM8`OEpqjM&j;V|@pq$Axkos_R zuE-mhBk-iCh>^wsImg48GXLVmt#3xMo*%d|N}f;lj8JrhDvjS`;~imss5L+kwKlRW z#u6Rb(VK1AT_mXar>BRK#MSGbzf$=6b?=4qMIx3Sz`>=Qmi%=*IUopOK9P6MN+po4 z^7+cRUz~h4+1G{!SAnx*^iTX;zmP?d@PBWjY!4Y&>M+x7)<`{n z`Em=J-f|hP9}!b=YXEl4as?P2#*daRF>&#y{wmyTmo0ak6d1Qc)WzsAA`v6Wr7;DP z;t1iV>p;q3M$fjQ9*sncjC{-j~8{F3E~QKH`3bRj}!Ogk7xLY>cq-P ziW3q|`s;z@o6epjPJHFz1!KnhJb=e4)!o9xWVWm)Zg9p(b((YtGf5a!db=neD$cX+ zoq0Z_pIXrjBQ>yQN*Yd@-M*?Gw&Wo{cwmsIa#SxIR2*UcJ;VjK9TW&68APAj)kyNM z>qV4#5AD#BI!u>Y*Hi!qRd+pz60Zs7sacey%=rDP*B@!KzH{e8{rY*}-Ir84UV5?# zR8u#U0hvNGeE;ZMx1{zLP%=7wS|TXF#zFiUx%Ifg^*vP7{yJRw^ph!L4oSk_U2{6S zcH_pu0|sQ4eiopyoo`dI|1@q<2~1kqzJK1gpn^45m))NHO#V26@j5zEr)z6>gc`nJ zGUmWejNJP3PYn*PbXKThgSDajnVUDKjPZ{4{v={{pL=G>-O&$qL#cBKma3=AqDW_0 z)+C53rXKg!R$b^5YuYQO@cDCQje;kNE zlIzcC9%8nn#5tm%MSgSTz$$Rl3&vcJh@jm-KiWjlw_uS0MsToXBmamjVOI#9F+l#r zx6@lcgd@cgR2%KWg-a^Y3QBabVv7IFn}o#DfUb|;Tzrc92zU!aR+tLy#}4Qw_f$FhOWA_$D)9P*2Cl15<*}X zclGb~J#m-ba1c$iQ@Yf2dMQl-}s?# zSJ8~|QbA1`q5}pI_-C>a{{?zX7FG0ptQGWV!>omU_Rp5+syR2=>1s;)ZfWydA6j*3 z3{VT;7{ELzM!kMRe$|)aA<~RY^7Ptysv3wFq=cs4jG?iSkw?QE>l#Wbg;CUCO{@xJ&qbCVtmut1sfJFbSHpV*Rwb>zO;9r zK9;>o)vr9+v}XP7+GUb+#z{UfTkW)mvH@G|`Lkza*e7wlk1s+f=wD1Cx|zHKSkGz5 z08Jbc)6#zZH43a5ryNcN)l>OM0+;D7s3}$`GHHyTJYpV8qn;H5E8X=N1E`{OCokos<=Gh{4=hrQ9|g}#h#d>Il$;!V zB-1YPW^oUM1q-%N9&`v9mU@6fImINn6N-wi;Hi5!qazO-QMKy4 zc`S2Z(n0BjAF*2FB#%SVsM>pkimE|Gd*GR($hA(c3d{O1^h)M-9N7{B6Q%(m>Wofa zVq3dP$0eP38`79@^t1Y>ZHA}(+WlpSX>-{ z@?)EF3y~dmhxWN$oz&U$H=hwslQ+2$YqcfcAWtRb;m^n_634YWM_5&JP=rEwSgLlJ^8rn<2f}rR`8IB1g z$yVhC^tO;?>pTxjaTt`fTXIgDjoQOB_+j)xeNa7Vxr~~=QgdS73;0X&l2gt(QJ55@ zzo*&u?Ryw7fw@lUE&XnlhbyHqJ~Z0f>45nDy4D#fy)~~?r+Vdda#O5~X;nn6T32Re13J|7YqVJOe(1+xgz z%yhV5YY_72&i=luj_$4thl*hu^J#)2^XTAO+?gSr#Z7V+cKqe?FaL*WSKPabj<$k= z_~XCt+5<)`V{G;Su;U-C3FpqOsMB-#CYfAlZ}zJb3QbvzFQg8yt5nIZ2eT_v|!Gw6zOG-yh{N#AxzG^AnC&4D4LT%8t&4yDpH;ztuyF}crbL#jK@h%WXmbvRB>+5&#sH!R6Xg96jp^?lG z{^W2_FC2-0TR!sK2Q6&H%IP}gnZ*-TR9+yg%t^$?;8Ac{g7mu1l1o4P$@sr%$85hZ z8{ItO0=YldnhKAz?HsZ8M^PpUV0_Nb9q8ysBOo+}eMzid_vs-u4h5fTo8oUBGd{VK z$D&3>-H6zFLG-0d4{~xmbJo+Q3mCL(aT>>^R(}t zLM8%8AFj=lDy9KPKs|luCmT_X=g=WT_CGe79aAtw zN{ZfmDkzI@hw|K+*h`sk7qhNKR73NGe)YGhoEbzasOW)opw7nFY49tihk;%!7;^&U zfklfpTwO*53z-~-rh&fx%81%uV+VL#8o~6$+P}W6;dL>Mvz-V^!n#s71^d& zo&bT9^xV>t77=F@KYiNyUJ;?_(R(0$Z7?#OsImW((b>XCK#M6esGZ7k8QL$SKV$?( zh5??vnU>m?*?F`IU0;l}d*goE+Z$>|ms`bYwgZHDrz{jT7a-jDctgcOl=p#0B)hND z+5i1ka`MW^Vcv7)4$cq_wWN@YL8hqsRQnpCDaFIDq{(dWZ~gRw!(<+qQDCuW_q0;U#X z9cd?wItG^QAwtzgecZTtRKu4p?K46ra8cw=RNnmr(PBayClBU}Gn-umH&hMdfsB7o+SF4#~4Y&@r4>q5E2G7A( zka|k#7rrT#VmWQ?A3siP+pi5K#?Y!@sZkwC;bL`Yw~cI~fij@n}p;uS`gp z8#ZlvL3xj|RnXWs)4fS%AT%RoF>9-C=R>Qpb|74lk@|j}hxISHX{0hI!kDN^YD^Ld zEdN8-WS{oV0y=qGW|mFuX-%Fyb_eESOLf8cTeHmTBHsR!B5A<$Fp!t5o-NC+hjHnM z?giKgX@6G{(}o$PLO7Z+B8(ynQp)I;xeQN0L)1-`oTwSmmvHpMy8P&2;{$EWu!=@e zvZ1lVH>(W^H57}nq(Qv0(v})}w_by|a*8F8C;q}Q?TQ>FngL@1)*wYBNpZI;5=@it zf9!m7=MLYT^&77hDTGbQzhkH0@mLx%Swyms+R^Udt~Y7TT^OGPNvL#@z?D=x z9GiWOs{im)49YY&GJ;t)8M#88tFF6_R!d90(|@ziW%9wdbUz>%m}vz4M7Y66mZvY) zN=RLt;A5~jWemp`1tzrIsNyBkvQJC@o_+uSPO@gdrCkL^xq-PxF4tzDuj8! z|IpdvqN9&xm2zUMrPncH1#A!esc+VOy6P<(yZ7h;#9$2@4D}Y`y8pq{cYtHrzH#41 z$X?kQk;tA&c9|h$C1q3+6^cSx**hviWra{#MMOwN*$FMPtWl5!Ol8FV^ z&P}g(-~bMqo+COKxDEjUl*FjsfYg#u3jdA4woJ`>pg4GII8!A#0R6Y376lXEMW-Wr z4W-J(3qx?-qfX+KvSVjq0c(Ntj}&bP2`_FYoa9B7m3`1WR9B~UPBfkQ?8yhcPKtqu zYJADlr@Y$C1NvpQ^zn=hL8p&j{PA(qo;h^y!0xV$w*(ZSs6e{?Dz*a*vbdR+mM!Lw zQVb7$cw{7W+tv1r@fUq|B^Zdjz0Hz9y~482AjJd0i~^c!>C``G82<_rKebo$<^YoN6KU~j?xL*m;Cu7hOF znkxgcuU;-okE6R(%XO4&sFEPw3wBxayM)r+7&hVrrjG>%{|=J9cr@f37necF<6c3o zsR&q@QXA(xwgN0TCIaHA8csRMil5+&AeVh)+CEg6MFL%US1FesP0HZUS-a(>q7SYuhItM3vzOD zlu3J3RZ)c_#SHlO$4|=~&Jg`VBa&o*-3Or#Qj(Ixv|djf1^k6E{^K)d=`_jWfkRl8 z*f}x+9;LOvf1%DA76(O-MdAb-)c5bkc@|KrQj%-Kp@XdtYQt<}m(!=)#?HNTmJ4m< zl0R-R<7xWjCHCr@$Z)tK2r~-$Us+$~CRq%42VVH3`x;QHM=!t5`3?>aV#flvgKZz> z4d!$M1HiKa{i*gRV3LG3| z`x*S!$w@pR7}tj?7=;E>Mo2Yud%I3{S6dsYo-=dr>Hhrrw6n83nz|=p_K_%cz=9SO z6rdf9$w6G*^m##oc$k4%w_QK_DWS_i5l3_7QB@TkC26iD)uv6=H8q$_EKGw>g9SpO z6DPt2qj0BAi($9K)_@y=20hyh)9w-MLYgLKn}ufM&Yh#UJ{(;@+me!4kkhxcgiNOK zbJbldkHIYz7suk{wy&0#l)Qhy%A7r%;y!ecHKt5x=GO_DD**FlFi8jN<>kw8o$T4) zmqWBetCe1lh30c`e|rLbK5rhV$+iUv;e4tVHs(Vsz!ZyGBaR&WCY`o%|Nk9 zryh22=$u%965PO`1qkY}zvn+nyzbs!)M2D-R*X3N`qdJvrneU;6A50$O!k0)fcJ5L z5b<6>TgTxup4|x|v-X}wm8Rlerp=qto#~ptYiJPMxznhM{YY*%P&=rG=X`4+(Z;T$ z5(D!ENTM-FRVF5yM?AqcB4h}A$8Nra$jC@giB?uyYT3}9{J3!raiXCc`Nk@`L}QxBuez$WlIP>cC)wwJELDO7nkI{GyXPHUAv zPr15sA;=eq%iFix*lE#{;jCxW-+G!f_$e|htaht8^8F^EeVbS~eE2ZBFTU?GS&Ke-e*%zg* z2%=@gW&`e^xK~w0B`h*BBR!qeYn$S!M^<`pNpf&70f29E8dVgOL?CO17-!lsJX%~F z0a&z;UcHh+@s#L$n0h0XmOg911A-B*(-Gdf@*GnaH5-Q$S^e zPi*hry&9QJ&Gi5hb`4!V=I9ulGYP#HXgE^dwFdt*9(fp4oy(p)cwkc88whQI=Oc91 zIbz@7dtqfIcZjOtj0EcZFB0+6*$d>Tb@34t001U1xd*6~e|;a6QfL>#bezEM$K>EJ zgBOGzi>S1;K^D)M8lJYUu2MXN*rf0QU?%~8()=X=Hl!{mDgwe84P?CB<5b|H$Lg)N zAMEZ%{W&%=lHHRua>o~I3}gXzMS3a-$hP8|u^n|KsYy$lN^&&m%Mp&)k35giL^y#^ zm|dgs@e~jcxVI0|T{yF#(V6_Un-4QfflsCd0;1j>>K zEFQmwh|Y<yDrzb%BOzYF>XX9 z#@Q|Ymz%YAffnKz>Yvk>$?P=IJly(GKQfJeRp#XS9@n#HkD_Ts{29nLd;vFTajC$< zhH(khD~5q1nsdS3UT{Mi{rdRK3<>8N;BmULL3`KY6f7>7@qLM-ll3nhX<(mbP#~0g zD1|qE)-eB##F8iG>;qN{Eh;7D41}uK6@lnL*6i?wWuud< zc@8aqr^X*i3{}(nu(4_7_wTX~m|^BIt$acFKX6)br9V`#1?6(+l`9&bnW)(F%nBFs z_sy7Gj%*Y9_Om+UFu5%K-vIM#L5RS10hfzQxC5#YRN^1W>;I&#j|Y(8FwIE4T))37 z*o~Cv=iNL!B7c#;&|BD$|9b8>Kx~X{&)TDp?hQjrQIb2>Zy3QddKYgaAdrlJNP>li z5{F}0l=1B0sh>aBXFgtm4ge*Qs-mJdYGl&zI&=}4s!k=AJ4wauOi$)Q?vDSxi;D|n zKF2@5Z*zS8{mD=Mmz8&8jly{dt$YiO4EC|_T|o!tALpl-5(f1n?#((^H@F$$<6p8{Q`JiW|8yT_CCWx3EfZy=d;HVv&BXxY!Q&Sa=#aByyeP=Mmg0}MXc%sKRUE=M| z7mvhNsGss~oPFUu2LTs|CKwr3V?)5q;%LER{g0kXmQve{eJcW~AV{yO+I2+`K=S+Y z6Z_$^3fF={Aa&2nDuzx(BKHR2IX04E^r-^iRExrAYz_)9yR}%oP;2NWTD6M9&){DI_p54 zW(*Q0Bq_;!rcQAq*3-vl0P1iD&uz*Xx36DcSb8Dw_SUEM>FUr)Qs+ycW|;JXcsjfgx9Yd z8?|%00e@iNBca<3RvpgY5l=C8BZx;Z#u*Nwa2-;IfhBwK`+G1aH2jGL7KJ1h7s5Fd zY6;v55w8(0e}P}s+Z8PZ$}$XqfMN%ZyW(PZbYUnXAQ?nS)(}*SyafB^`Ah1tU$|)(4RCG|PnwaGE zOaX7jCCl!(B1jt!>Y0O+6FrbK7s_e0nAsTCgFAxH4Js-K^B}zh3E=~v2#gd|^|699 zZNjY4VDw=eZ7YH204ny=AINo)^aF<&A}lYRfmCjR&5 ztV6p%Uy@H_OMbwWB&m}xBCYzX0xpR#uo-SR$jWafRJY2y1})ZZaA8IY#0G%E>h?cD zpqY^oZS=lx-@n5vF2x=W^-g9dpgqWgC+jleQGlaQvMvtyS48Ps@u9{8NMCAexX>%E z2rElV=*N-N3g_8VMidM7(wu=WWaC=Lo=>{a#Neo^0V;pO~zk6RWM{jlJ0NZYUAj3%kJ z_v}G25W6o2t9c{!Y=`OpZv21W&DzX2dw)IJ*is-fQ1Z}ylZxK9YXJj4QiE1mqW94* zU5usWAtxqN#F^Pobh#ec_PSOkk^FuM%ZnfxR8vr(k>VYYuunRhFH5Ah`dG-^FjA70 zMb`){89(B|2@~v4WlI;Clnm_TVS-U*Wpe;pf=)27P~wmfmypN+l>pq`$r+Ch$iTt# zs{d6=|NoyfznQkikE-Qv(CKM-{^Cf;3O1$!tsP2H;IUODU}5FJAq4qU&wTZfy28c# zt!L_8lji5@jVF^1Y7}!=WLJ#DO^B5}e0%^#B6CU(4BB+zV>0+w~E8ifLA$Z8wa@{&X5> z&FTY3+Ko|vpIgiF^T**)3xd?F^Tb)e6i^^QrWVvA4zvO3o|$;dPbC0x7vpcS7&m^h zuB+kYP|3k>I2;q^usO3+6VVRX{2GEjPN0MdvfH|0iboEam#{YsO)VU?x4#T76#B2B zBY`M$0CfWWS=ZXS5p>V82oNZ=&6tS9WHny0Ls<9=fp-2uuskQ9MFU!Kr{C;yDmhS z*tWM|@X4=2xVhm!V@WgqHBG06pmIpKNCCkYLN?Aqn1)jp&Gvj%Vp@KnSBxe(54%E{)YG-XU~&$RcMaf$W%CYM52K#>#7%DkhSgH_YpdR&@#*F4piK6 z;hgEr`JP=9LS8Rvi{1gtqMc{83IQSLFzKnk8Lb1S5{Zk)6$Y&e+6cNd;ajD zwCmpc1qIMlzQYsAry2Me-n8as>Lyu@%pe?8*pP;Y9p!(gX1sj=-WT!#c=GHJ#)uLO zWCwyDaXvy*g;fYS)nG~lrWm1uw=Tw@QjCg%?h7OpYJ0Hokaf&zqprt-qQAap%G)0> zA)E}_+KrqJm&-6?5XBtWH$>@TtOLS0zTe(n8@T2VIs>~54Fkj4(nJ8N5roMjkOBgU z4Y@k#dkKBzQMidqpF9P2%j!y;TNAcpZ%qDqpm_1rguvItUt@8L<9}Zk1onhq zt|@4L9;YncGMsvTIp>k~<6*5oWm~K}`r>j_d&^7GT{;y6e$J1~Ox7pwxbfzMgHphJ zpT1H`>$pbe^c>SY$bRT6tk(O-%Zp z^*G1tJe34Nl`TX8SzKAu;vsr@LU7{7s86wIU+OWZeW!o##St^xKd0~gPmk1n|Gn}v zS+AKy-vXMeuY>oIpB8oO3Xx-QHP7nnIHEQ;+lPr~#q}D0O4#9S_f`#n(DtqB!ETbPprbQc7jOwg1RQRdokhb zw`(n9=ScBR6AOT${Xlq0r^X7R@a#m;1^`3>MMG>tO;8x194nAhAb}-a!Y1 z1&mq)c3WG?2*2S24uy-m^wpXFCZhO3dB40kb+F9#w2KQBAqLb`QWCu{TV91+&}<-91{v=ZwAm z{TtUrXHnfE@rD}^+NG)J1es?m+f-FQLR_^Lj$K3*G>E+X+m4Q(>L2hq09=i15=t_t zsV5`&7*C?oRO3HTH8ZUlkKz|o$6!bS@xIiT1P#k7#;*X&{D)*j!QBnK=UVtfKc{R8!Qn&lxKnbA5ysvgrmOXEJ;~| z(JmnS*3;PdXCn7)o0^^mxb!W4}S(4ANsS)Z`PhWsr1JEKp_kNX{sNI z8khaA+qyk#(@Io3dvo2P#E9<1WS)KDCqi#FGe3s*uIop(w7Tt5=V*8dt-PzgRO}Re znM*wMSpTy{wKJq`Z2yDj5tmD!J}%pvF_+Ukkiz{nhnmPbXy{MH&bZL| zZE{}J=R)($RCqysej)g^UX56VG! zhP&5VsMy7-S5@UxWy`z>a74Os5(Pc6SBQ{1+EtgVCNop0(yVEq?A z6{f&a7nADzpLLzps;`iTNP)=+m!YNr1}~^X7VCQ;gT65W;Z)fDvxZ5u;E-7h`zrqo&(J36n&aMkK8Q9?8ip?7tQL(XmAFjfYg?&!(fV6b# zCtNkEOg!cUK^nM*kTd)Zte}P>tdPV61m19zPlNOcHO}nvGBtrY4XdEycy^x?u`ARd zsXO?Zv7Ihu77x{L;%f$0vy|CB3vd!`9)7Q0BC`&CQ@RKDsEP(u39vX`cIwc{X4YAm zxvvQv1BQ)1&;8~$c3pM}O3G>cIK<2L_Fetuu}A**)oI%#m5yKM;#vs`TYmXWQ}~yc zQ{vQ;W_dyYzp8NEq~}_Z+^>!EYULlbWOmzWDtz`I&b+=oY$LS($e`it?bOrGeNU7p zl5U^o$`B1YH}g$Fi(Y=!Vr=@&p!$Zx?$GBhP7`;;N@~rhACIkXgy=Ia4*zxE@|%6< zix)YQtB=2IWlp3Q3TBq&-Z*$knEOP;%gAri56`=I2wzey3tTBr2uvwC>{Bju>gmLU z-`4}##k;De{|0?LGg=?vCO21ZFf-cPOtd_ZwVQ7-=38*>-1DU2LkYv-yxjWTmi1rC z-<2@@nGR7Vmp;40xpci*_2DKdS8Y1GS@XZGYVt29Vny}CdE&!zL)#M`&(ufl<V zNE=TnXk2kJK5l(#gEl%2`BsbVyN3RrA@w@w^q%;sTzicKCy&tzm?H3ek>bHxwQv-J z<-e?W9v$3x{~8$qfMe+EMBNER)KfU1Hy(^hxrS^<@&~*Y3pfkTyf1C!n}p?$3#3ci zcTa#rfS!RaT-`_LnnP35`R2_PW(=L7eWnT-O+pax47wQ+!$F+j z`0X%jj4u3!UQ;@iGCJS z+Pb7d5rr5q;74#AgZ17Gi*db=cO4WX;JaPZkw}6rk%@)|-dMBd-eLlCnQ=h z|I3L5*eUgLtMQ}ARZ48;#ehz1lx+{MiNUrhlwZVK7oayMS;` z6gwa^%55dVTw;4fBLi{>YYp3T&Y60MvT_@50lr3$!ot$%QbDq1f)rDvho~q1!a8K0 z50BQxTu(ql4D0EMGiTNyTS3Q6PT6hX`1;O^C$&Sop6Pw?YJk{Y;WI+FSJq zA}@5!aaDlDSZOE$=tf0HH_CoTQHm#IWp%oQ4wABqbG}BPN|nio1i%fzUd7bP(GynA6yoJUHeGE<8Z~TK8FP80Zmq zh{UKVCF79mAXskb+p@z~Xh>>e1WcJlgvjxCtO;ejXlDD+T}pnlk(hM4K;~ zoAG{tkK?9}Uw-sYJcK_O(5~ZQ%txPIh=1vfZ6vDs3xWo40z=78Xd$=+T^Q{32QbBL zWCZMgzL^+&2HlV|Lnex>qKXgSQNO{S_2O2wpBxyVAK;S?9r}O|L27H7VKQpGlZJ-T zM@#T&!sfM%YG5}Xqpmsp)p)cK8wol9Z%ynRI0Kz*u3cyOGCTXHmr%KGiG4`~Lv4cr za=n+`D0NnFK;vkA2Ql@tfWsyIiM+cQ8SY@)fv}4RuCL#K^~d}xdTvlJ%#Oao;9@57I6%9b!)f;WO^Xb3Tw?=+f|nb0#GRM0|VEw@&FXEadJj}A&sKj z&1Y(5)eA(-L=-}OE+EagTN+9`#bW&N0HKrz9t9f&4ARe#v_KV_n6VB0^uIF#kf7lA z1b|p?d^vnWu;%$242~E?Glh4EkB@XcD)bQ9x95k3tyRj zZX<|$i{3iv9}S4ZLU)dyhJ(XHfBoviD;0@1Hd*P3CWNmnL{JBnW@=xZJ@jmSlx=%# zNZn4Q%Rzd4pA$X}-e`An+PO6@;J)O2WjR-_$tGQ@T{~YNmQf;?mhLxuY*Ahy6W(dadfMVx>+*p8=;0ZyFcPRKu=M2lo1|g^Mmf2ocP# zpkQm3<)b#{yUK3xrhm&jE^5kW7ejk9hDY|CD@=YaH+j4{Zc=p7(^0*pJAcdMW*S@K z*LSff8rFBMuZIM7R7G@mo1s3Qk?MyBoA(bWD&egKU*@p4x|ly*HgzK{50x?d2o8naY)%mB!p! z{nJbG3|&vYhSaHIVr^!JarD`&>isk|>`I$?P3O}zd?!)m_ohwl9R zGsH{ny=7K~D>Ync=WDtHH~hx*lwpe+rJojMpPS{`?6-VFui>Ro*zXe&8n-EN&Z%W^PA^9 zJy!*_W$Nn_;;ofgH&5|wD1V74i8-~4gRipL}0P0xFy^#@NAVWJ(LLQdGu&D~=jxiL|s_cBP&wC4X-gfhbp zV@cffp-JyA?!<35qkQcsze9iNM^C$^>aUKvNbUy5o9Y)W7Z1?M20vI|THX*AIfp_r zhyh_5oHUdU=eGU9egzevRB}3!#(?9+CXy-^;O?k^E^7=W|Es(2}SmV7DVB`GQWx&~73p1BU>#NyuD8#RG-m##~~M;_iOL zt{g4Vgy|bE#!deU8iPc>-Q_5LV7~|MfLv=ifE8`RP;-+)x}lH3i*8F2WB>@klVpJS zG#}NihRLXTplVY|z$q(psC=JvDvskDIrrdRKXLLT28ulgCW;yd?HM`~CVG0*GBACB z-GZjm zLK|g))T5}v2sDHoU_PtZjW>|IL3IraJm?N2WJ4zfM;ah)LrD%{w?JSeToGQ?pKEK? z;IVg`qnZ~QBG*-1mY)Gu+!Swkud1rMwk2tGl$JBkmGIl?-GBb%W5!Wi2`%biCsE!RK<&4&Y&c&M_vTMER!0sKXgqdzK(1yu-{ z9{d;At{ntujwsdS-5P%L7-)W^%sJem5OT>ZF(bI7p^)Sh|5$d6+N1}C6#5WSEHsEr zTpZL%3{*`cO_54G?O4uG0rR{^#Adq-FFh3o^I~Qe>>)xINXcmkw?nOzVsdhK1`^be zPhEo=82@S0kiY?`0iobAJfuF@!7^@WkY4udD*#1P1fJ|xKz*45F$=$909+9-f>Tv!8u{M`J! zyoVH$(X&or#gWFK$#UWCAWrv&(e|)Xc+GCi|a3C43Pvgq3Fv>+!VmVVEfu71c1i8gCHwY>EV;L3+`f;X%IAXOW%{!2zfU zH2x>#)9`E{7!sK=`t(i6UgP2C|2aBZ4iXA;?iauHPGfnXjAEpvb;Gd4#AawO(S$t5 ztgZybpQMonfE+-wML&~nV_aj`b zVKQc{(S>>9Q$#Y;z|$%i%n(7>IpOiCQc7ByQECr*B8VMQzU@VHNM&V8J_Z9?9Xtqc z09HQG5>(O98t!L)LAs7FD`;B9V_>b#@j7DTDibb$>pl+aEzIvQl*Bp%(w!M=OzH{s^=^v``kx*5w zfht4bNT6Xd3Gn%MVnOSdIZO?}J%sfkX#Mv|1PzH^JM>S8B>UE_;4(hJ4uqWwL%^Kb}?g%;#^uU(vAUqM~6vdMSJTN4nzKcz5?bw1 zCZ1ee*go+h&no}yx?0e#1Y6Vfbu+n>_kKLK^vU9Vs;$jmSD;e=QK`1a;erm$b-N-{ zQwv4Q>8YJ^BR|@l9l08`+{&I=>v_9ka}v2Qc)je<`+Lmh@nN@u?%ipp419RY^eEqk zGGBbix{&o{@k3kq#jd`In*2kn%*NZZU*zDyKWE=04ka`d+z zH?ynEuwa=x)YYSEb@BfN}@OZ&M3(~bHe8@?moMu#GD-@PqP*kx~Q z9?!_~+Vc3(c*6##n;)AV7w|rK^5mlX1)tmE2GL*xe(-z%zC?ev6Zc zYg)RUPwmLLB7aLJmf%u*ozF(*88NzhbM6`{zizPpM1o&Rx!2uKno&BIaJJ&z`rZk2tm( z%N*2{c{h{(<9PlZsY_p9@~WqXn@pX&akKEyllt{3_kpzNO3-+)E}dQ1 z6^=*44&-67;^ME1z8oJ`;_yva-?6TyM;0m6a8{O?(Xom*)yA?{%>2=hWrk8-HTNa5 z(C*`ktgV4+WVg0yW!wvro){16XgYGKqnkIb6h&+Z26mr-rra=jV=V_8D4K0jBtqd^ zG|I<4JnBz&^3#j}9m4L0Q;%9mEnxK#M0yzc8J7cU31(&_zCrbi@wyMn%ils{uclTD za?0-x0??2FiXc1@e+Yo{4Me`-g!1=S4U^rmqZzSNIO&<6qlm#gScZ+ zT%-Rdx0^J3ap~KZFt}?GM{p0SPP`y|zbHhYl#bs$k2GtN1fIlUT|hC5#CX@hJrImQ z(2=tNT_^wrlm|Apwoy8$uXeE0qTHksLRPmJfjL3tIXUDyzQE)VqlaIqREFz6hcp40 zoNxy!A7L_Y9rJTo&%lHfV~|o^I&{7O+TaiYWP_RA7-K*P)p~t_%7M)-3`NG~aGmo$ zsMRpLmYav?V^^2wzxmxLE_3hTczuirKLnkJd7>~yd88HJb9VqWR}e-3FCuaCltyN~ z*B8A-Ti{WEIpN>}3DRn*XhIrh3c)QzaN)>X+>RUk?3o6HmZ;ESu~JZA(?ML!w=Z8R zV2HzDAY|tssdlMIq$v0s@)Pt7b@SXQo;G^#gbIFwF?gH3YK;WZTVo6%TzV2%TX3&KINuOb$$y}Ix4VEB3KM@$8aVPs=2e7LF*p|2DVn~rlzDo_L!s6E(aAp?g&~C8liKO$|p78 z7Xp}xct#phg$qruSp@TQ#IB(BVfnppFAe_0JxfYSK_b2Ch3_O}^?|hnM=Y4{Cy2Ym zDDb4Dk@4|LNIz(t0A?W-4+py0M-&DSjgeIA0e?~iqi~&_X$sA!kHQFo3aHm@3HT{; zrGcO`H}ePxz$Ic{A+mitl8@Vvi+WsMn+AEbv~+YnssqR`BPGk9w+4bs3L7;Vq(spJ zjW5`21)g}gCZW4mN-Tzh6MFA#@y$Xgj0OEB{MXj<=^z2=(&FR@YTimxo;^eX zkYnUe;T}QQhOrUe9TYk$z!pK9XE03m7WV_GM6r`+1q2>WlJOkFWIhy`@L&OZ!y1N5 z7wSQOA1DFfMZWb>Pe+BEQK4SfFGWxLJr9K^SH%B~va ziILh%+`&6)e&j-G5CEmNLcX@IWYIqWIY21D+dtrE&w~I%)JAm@Gswj!VA&ZXE3i=5 z5laENIH9)o=7RW7p$9?Tea5f#b2>M;>^PwF)?da zebynSf;Nk~A9r&+7<;v87({EnRC(l9K0EL>OYrYA@!O?!uWp4-+q@JGD$3WCtk>4| zZIhmQa!>MsEtAk)!P-@OtL@55w&sH#XEw#$-}N@5GkR-2$95Ojojk@J3bB!A{Wr*# znZpSyat?07c$ zV|xDI5eoUk-{`i4mD(B4zQR<^JSyeAH*R{Snb-bZ`J<#<@?0?8Z1R`ST)ZWI=BT!c ziOkPuqj(vg@DR<1UG8UJU+cGH_nX)f{i*+@OzdD{n9oU`TPN8kthjjCzh-|b|4d6k zE3kCl=ab)dD`&Pa*$QKsTV`C#--V~GtkVWh+0EU|EEWpm&h!6yle}d2_GoS%nvqXb zxdUHwqD-uqpZ_%q#kXBbTjFV1dmjz_wfIx0%b6*@q__I1X-WB7jI^5h8>O$`4l-DO z8BEpPd-H03$4-UoecVg~DcRCjiwslKwhM23|Ll?Y&aX{e+hsa#@na9emF`WzAt%oS z<~90zlgZC`J>=N;Y-;h$A^&JbotrkNO7GaJoUxIL`7NgZNAT$sd%~rBb`!DM>v!dw z%QEe1=Z~u!cJp>9&Np+^ioMmQanF0vp6W(35?)|*`D@0t<*)w2>K8ZmFt7WM{&K5} zj$nTHr!GnJ;p~dQxw@oPp-L9|pz|W;j6!!^{agLyG{k16)gJ>L$kRHxE6;U0e0fN3 zz2#l0KIfxM8-LBi6hdu*?xkBDWW6pigw4Koe=u-;+sudUOyxrt7yDwJORDpxw$Gd# zsu|+_Ucf$JYSaHZN;rCcSMN;FL(`21m95F;Z}iy0W=9qBmhL`xm$7V@`u*jGo?@A& zllRuJS^uJR7OO5Nr>P#&+R@FvqgmrP7_uz<*E8qyDLZq!GDe+y-3RG%r^z`|Z`59L z`26CB(m?&C!yjC0R_$N%Se43Evgr7Jd&ZZz^S#$0JcnKf67;uxeyK|<&=zYJO3`GT1uD_29B zk)mr1_susI%t#o}t}}n4*|uPl=_V*fBh)6fOHHOr)aBk`6PZEJe6kZhyAFox*M0EP zeOt={{JeG|#q`gESB^Oz`9+jpXgT?ddbkFI1|Mkj4$Boh%6da1ba}^)Z9(_X-Lm%H zbA&?3-lwQBz}nDlq&aoyA612GV-N?WHa323nhl1R67&>08d+iyO6OnO2!Hge;nPU9 zwKkJmm~LtM#NkLBu26Rw%5DvAa+}+CR-0~p8P);Bp?F_<&nXI-HL|x*8iAjflvE(H zNb|4}w_#|=LK_am3^*2;BAmzQozE=rVbqPTISh5`Iy3<9a0+2>A|tR}<1_(OL|g?Z z2I(?p1wc5rmj;$u3wqaNAzgEDrbr7ic=fKaaiqB9nO*g{6G-BEQ?c7DAZfeXW1dav z#-bSED4(|Iub$X^35he-)_o|O+KnCq6T&9f+0ud;9Q5Ejg!K>z$>E`I zYu5n2gg2etG!F{|3Q8gvM*$3=Kz9)IfSD}-K7a&PRu4YZ%gq*}-Cf5@=>>@iln~Ok zr9>TUa<`zMz+Cs_l$5@F6W;ShVA1i9FxZ1n)w{(}R+cLc6f{m#U~tsb$Q47S1l^Y) zp@n-2eh+ST1XkD9)`}Y6yb37q)~&efY+Uqu7|D~En0T}V&doG6zw+uN($C7vi^b@; zA>alIGuY9SUpk|FZF5x|{YM=S|B0DdFk^BC6!7gg$O%U-y`DwPwY$n^1h57Q(EUb6 zf?+6jkW0R2&n4(C4d}Ij6RJLmzLfR)xU+oPx$4h-eJMF&x!s5d*#HtjPN?va1n9cD z;nm!GyeAz~dg2ok5j70F#ef|qgqWA303vY5V6{Kt;sQTOl*nu3cjk6S9cMEg8GnmM{5hp4kLARM4!AI%&K%)G8a6luE9atIM3WOGXm9RM=aqL>YJNY{r zeD+mkWpWaO@Nm~c?hIfSHX;~cCnla&SDzWIO%tR+)>@JQDWm&%AJAM>bV;A};m<~D zFIZWie@`*4FGMT2_9huISsR3m9r#sYIeHV*?y^7cEf6w~`nAf}>SXx%p*^TyUoEbv zP#_!;8~`i_i2^M>+|6F$I&+XxXaCVb0{yOwKke_blhwBga5t4g=aQaJMj#Rq8Ur*5 zSVyE#_FOq+x}Y#nG;vqt!F&{~juHpW7iw?7j~+N6BEYhB>zNdk8JB*c$^+JQh4Lse z;H%DVP458chbjn_>?aH*FvJk|gOVJOo98C|+MW-sA3h_%z2Mm)nIXmg5RT$6w0jh< zy~aZ1P;D9k!1UwC5i_$a>*A6lPZ5@b0FP*Ae?Px?0nK&PV(h((*X6XCAqx|!@kdv76J&R0EVv#BDRyf!kBcztr02sS4gIBI&m#Wk)iWl@MLLzw-p1UgA9rgMwLV{8;Lm-6a(!F4hX#PKg_XjZ`Q8vm4ZzP2DG%4abcHLGuPEZaU$5*#GG9*>1qT)Az1Ow zcDrb;U0HqNmc2BJR7MZ77j`lzQo1x+ux$pt`s`X#eTVnA!2~*@fsCtXzoo=>P1Pzv z;xxzj&xSV$p}w?NS$?15-RVCSzvPuR33YLwf_LbOnwP`KOyiMVKkF(b6XQM7zsp|Q zc)DjQ-KkM0CPL%k_q35df~aHhf9z6K?h-d84kJh0qu8xI25;NmR`wa>+8FaKx;E2Iw@?$;YZbQE7chHqGo5?Xe^7~@&*1p+wLJ&z zlijAhn{}Jcuqh~U-Vqb$F*tFzk2o(8cZSc_NQyzoY+BR#HMRPF3O;J5t(#Z|C<%fn z`}Od&x^@rqUG{IiRQ}!vl5&+O2uF{Xwj3v_g!JeoKc=)c?tJ;Rk@Ca)L2I_X4+w&b zNE#S=Iw{T5p^+|Da$1Dljz{=ZdIUk_r6}JNG@%HOASc)@c@LP38!%p{H1!eh4Z~D6G2bMB15e>&3f7tJqad2NAxE@c>!Z5j*=iJBDAV|qYP?6s; zw(L@z{L$<_kXv}GCOXVI;XaVUtE`K|(tp>g?mBO=k`V6HF#k2vrZ3FbT zC2>kX>~T>1c7k|8Ff^3@e6D?a6F~@ZE-#PvNf?BuI1e`%G|V2o5_0=D5j<+wbK5)q z>ZYG{Z|wsfy2xvJ#T(jr_@@`}@=Mw?J6*e)A6+MNvdrs2ivNz>@{^W4d6SQt}Y8dla~T{(h4)voLqfOyEB) zfVWY)lU05vsZG9lDY5lq$_lLc{-}(Cux`^QZEfMLe z2X`=aq%1hIZRTOWYrg+P3fH0@57FZ7m@q9>K91D#Mh$x^iXNUxp3PqCY3Dp`M&8I> zFyQz$4g7I2g1IrMx8zB zmd{xFbGnm)C_Qx3-uQIAnF>Yu|}G*V1^gs(KTy@9qGywZy}B#V$X0XnISub65k zS?C#}<%rygdv2}8?5p9MM7Bb2 zQxgaQBplNeGcz5qr+s?t9x0}~U$6oVB<#tOy^hd89W8 z|G)ug$ul(q{BZ`r>q8p+G(8>3!29cW?00&qz2HyLgQ5m#3jyk1+>1k?^(NkK%Xe@^ z?5Mv|VQJ4YYGjhh5~k59?oAd!%zE(kU3`3eo_t8rf@390G=dpHAsI4S(0`)z!Nmw0 zvM!0ozSOz0gj zjT%WKQ|Qe>5!N(nR>NeJbPV01Fiaz1>)ykMdY85!GaEu1RE6?s-=S^-6~`I94`y4P zuQRDLV>dB6td0KNNj<@B>Y#$Vq5uHcVhU7AiN}IdAD>0xBka^Ep^>d)9#fnx{b3~CTylmb%eQ8Cl{-2uQQNa)08BiYY~;08x!?KpC1@S1n?^BKA2MF5NaX5GOW4c(tC z7t}i#*UMv=EGZ#TQB|cMwrAx$Phd8IFav{iE(ZG0#^4t3^VZBd$R7|0T!AF)4Dd+k zu7Fj<$Hc6*&C?0(OL&h`$5qL-x2PBPI^-~bsD&61Qa9+D+8kx^VVQ~jy}pt-rsihB z7vV(Scxh(^f*~DcA$rO_AVA+l#l(*QX7^U6+;I+Pu84h_f?<%=iU}xo$kAt@q6F6; zCW~-LIXOHWeIGs?D(OGS{&K_<^~SMdxuC8Z9U+AmId$ete183QE|uZ(Qq|qBT>_Jh zTpYDtG?NkRn-0=0>X92*9*@7?Ks3n7o)3QPE|HQHW|LX0V8mc^r})pRmyf7{Md|A; z$5p5dcxuJE(r5(Dla*M>HwCJ9eH=(T;Wui3G8k=chjN=-o#r{E%<5gTv+JCp(OExq z<7RfK+V8i15PM2(!(g}jJrm2Qd#}%UP_ao_TkxAoR(#%>5PJ4ZwH}*Tu|l@K=$8_U z`@T=2mY>B65tN(b^JPA6a~{6=yMR8d!9c4g^ADp+g53IP4mPr0|MX}lU8R}jW42tj znmuxg!7}}3d!!9LT<$%s8nYn86xrFDHG1?jxYT9PkT}?UPvI?lSX7ZR=U3O4 z_f8A;#4bHdkmR7axl2~Mk&U=8+>X!LV4#wdXbP5SA&$lz^M#b z?)QIbcusxiW=96_4&-`YZmsKV%7VtGse{9+&*;R%EU{N?h+{6WK&Y{Mz>F&8dWu z+mt7k^7q;tmwChR5|FPnrR<8f>gwON!7;Ht=4YhH||)w-b=nX z)12{?!oA5RVe7}zVhz1_>o+tRzil~w`xY1Xd@3P#jclJipH-${_Mky;>t-^}y}u;4 zp6c(rZL*gjUOBHl4(2g*-6lwxb=0)4weZxMp9vM0p>}*i;0|GP9u}sJv$xiU&t4G~ z?KNnj-ffqc{C6#6)Gs^XWy4P1s3N0dPLEmUTDS=I&Ad0*DYMQ<^d+9R%l^c2m_$uv zZQ3ZAotbN4e>q(0lECZeA*|**-ceeb6>xamnXATjhIY8}Y76B18+LH*qV7hgGKsCl zp+)#0`w7HhjEp#4_@YE%t_$QAULsVTNU9XB(J1y)oE?$5tiXAUYLpz~JSr;((HH5T zuxLjR3hLIHZVW8GB8aV;=89QyZ%W&hqb0l8m=#Tqak*4d>O@_3WQlb`KLcB3V9)S@ zBF63~$qYrqMA+@ajPT%k_AYKxBCTnBrHJ`|7iJPh<713 z1;uVr2OA+yW@AydvYeK(B$3y!{{Q^=csf_=Z?}=qWjAkliT*K9IKFNTVrNE5-KpKq zr_w9i*qXgswNLzh14BA=jV*qCap=gg^NE~@c~;e2E!Itmro`)b!II3DVTBI zEcBys!i0C6>FK3akop82rmRu!y0rz)9E+(XeDkC8Y^vMOZc4-fsC zI_dcAqzv|PQ1R%#RBtCBpsA+j=o8Ouzkb1q6JZc`vrxi0C7F6Kv=I)t}mMvU#}OE2%+3W>z# zE3z}pj$F{iM&3G^@hRBVwbdr&F;&ppNs~c1cOirbM^g!<@)M+8qwmqINX|XP!N+$Q zc(G^+#yQl0H$kNVUZkH0Mha%uQ?hoey|>AQ6uIdA>jv94W!T&pHyQc*^@XD>hoo(= z^<5e2H)Jet_!uW9GJ_DrQE`G236XG`B0?VPUHI(>YB)t-oeGbs&v5J%@}44hikJW6zOb^3$X4+@sqk+EhW?F6$9apY5vdJX0fr zo4;Fplc^CHRtaVv=Av2rD$nh>N=)aO3w(9lEX~XNS@){Bo7UY7Ze}7h+C_oemBx&D zGM*XJZG+oi=DUsp8e!jYb*M-L3xe19S~sM0f4FqJ?A z-zebi(6r7D6Z2t9SU>3MOr=Xf#i;6c?qNYul;)>C$15`X=}jt+2vVLFeRbm4Vq{#A zk^Y9adAiko&8K}nu2;3Pv!6dJ*>)-_`6f-&mzgtP$~{FHA4SyLW#oj|@2!3>hsrvB zC#~JhW+$hl#^)`LBOjXIJfV)!?OxI}t{hSvqX;-o6C53^HyXgh$g7aVtaSgWuzNpW z!A1FVKcXWtM_(*g{PuD`lA*}*w{#Z^L%TCUkZqD{^-POc_0`8tTKctZBvOig$V136 zWsVFDr=FQ?OXS6Kr+PLmd{uvWXMgfg%G3LN$C!xsekL{QN8L;loE%mwoZFb}o4MFE1_lm#T z=kW7=+BBN7OictsNUl=PhloQ$qD!JJ$2NNN**B$ado?bekh#3oRJ?1zxMy*?rK-yL z-D?93R5+Y}O?~0D`@lVBbdF61TGX7se(rwo_v7Wiyd9kUyl!x|VE6u8fUUch{ZUng zor;vs!*`Bc7lxbtjBj=8Y^%b?uHOam5B6%(4h6JiyaBR0&GnVg{8Rg{&^I2J|9}Yt zQ#})qB0{dH8v-;CL9VBjGelm)~`ojep*ow$gIW;kadLexYS6Ytb&#hkX079(gHUIrXUarse3ui*b)GgAuP8V z8zB@_7{k)i-mY7M;g?rOi?*MM3^uri86se{ZbLG)2>=`DUC=#CKL>b;E+o2SoB2X5 zj^Yuq7T5())Pd-J(b-wDxhJH-rJ}p~++q+|aXr0P7zEw*38^V?4nQqvJJ>-@xMC*( z7zlahiC_BAZ2BN9rc_WmBe>BKK`BT~L8=47u~Ji);Rv{SN}MtB+MPQ{Er{C&##a-B zIt_Cm4_;S7n7s=r}+!rZtf-k1=fgk1~0VP--v!_=M0MyM%{;*pMJS zp5(=c>0G<|$6ABFg+)XlZGQjJ??8E>7(}f*X{x52aYm5`@p{OoW_c~a8r^mKh=c75 zee9Jc$YS*Z+6;Xa8!Ky9u641AfdL%#m`oa!Vdd!P2qQjd>#i?IE&#yC95hgPa0kF4 zq^iIEevy>$bL|?1#>i6QBSwUhD<~)=8L1Fi09{eVV;992RGUgq4M=YgUcdjt-FwGl z+4q0Ino238Yzo;FWs8!ml#J|gWoBoV-HtM{LnyK`v$vLPLPAz{c6RpjKCk<_?)&%r z`TYBwulx17FRAl9&g1xw&-e3Q`?XzhXONtUIv-{Z*je$SKj-EI6+YsRYEqf1?O9dk zQzu^CBQ%3|5g+nUf3#PtCpQA$RaZyL?fK*Q1`bi!UC>Z& zoTA3vUjkAI#sK0n**+eCkvcLna5;k9DjGILLWI0;tVAR2Nn_kj`dJmdsFrwE^YZr>END#9|8PW;T~_kCJ2uSZJsg8%*6l$$0a zoigXw9YnVdlCi3fqpioSJDPWT@}lwJ^Plk@7VKH(VBniHPRY z{N!wFAN8!93B9)~V+XC&7{|uSUq8<$B$Kl4CUROHJvh!)wx$)SzvcCTGo62Pj)cMf zj~<)sk!j23siEf5xodMAng@uE%ij^bbdpc_mX-+7`%gh9fBuBLlP+}j$;h-*W19p+ zcIUI4haY50#RZ6WlkoMc^)$OxPKADtbik=dC-=&3&w)r)^M`Or+W+NbYU|Ub@Y*HW zKk@R1PiUQM8TdmH@nTk|+M`3vHe>Ramxi#x+qP{#B{eeAs=)iTCKJvR;Ge$PzkHjt z>!0q}?K!(YICDJs6eY>lP}P#8@>WmCYWI1EW4!;N=kG$P4M8En*d9froFDbQogmP| zDiLUewLm0-!3M9B?tOp&I%Xn3IKXt)mb>lHq5(YL-a`boYc1rJ*f5V#Qod=o#1anameD;# z4}g+g4O%+5Nd(p}^pXhe;^VW${s%%yw1_>kkvXJSKR~f~8V|E{BpCaFQ}J3Ffi#g; z#}!oBLL&DIp1J1iCp!fBH@0&*vd`FUs{Lpld{)J#YM`Zs1d;}VhxmCI1z|lV0G5%_ z(7F~j!%`Li8+3Zxqm6Vx7t+&t!W6-u=VLu_KeJXftsNp(Xfscr&IZ}ap|}i0uPYlj z$O(LH@N>YpMp#pxTU?qLRp$AXOkjWlOjS@@^@$iA^l^_bA7rY2it{K6lt5iki^ zA^~K<;pxfa$IN@KFC5xIbUs4^6l@r@!&3~QCIsF$J_j;r;HwN`PUrQaksCO7hamZS z$^mvVm^qgkiaz{x+PnyU-iVHaPWO03I~@FR@N$87pF$#>o*`f_#|46V-Vi1D46^U; zjjy_I($M;ZRTxwP1XJ*rA}R(3Fi-VS(nspb!sChW8QnO&!fc9~KwzebZ?{BdRHWiX z<{_VTIP62bTULGAqV)~_JuVU3a#wdZcbFnjOZ3`>K)(r> z9fDnZe7q5yjnKo&@2R;^m~z79=$xTh5=^g=tM6wAd_8H-@iFXJ03c_Is{*_^CSLx-6 z`~VR13Bj_6EF7-Iw%dyeLWfJF-XsSP0Q_t;AnW^RK;yv|M48folH#nrB-adbqM#tK z%*3{j1{=4CNN4)Q-Sfe3^!NyDZU^%U5Zn=r0Fu~;fm=yRk@M)Ff@Xz0O=hp`>};~y ztjQ&}FvUkC7)ZVU@vW~wC^akj5hf-n_zL17!{D&pGE6bCO9J9-;L~8q-RvuKt?~VX z`WI(tyPQeb%I3fgoM1GdmHob{iBDJ#YO-pCk;q}WCnRDl<+O8H2q zyC*DMP4)G)<92h>8sSfVI{@`hl~p8XfWliiizS&2YVe5gZVbHkHtBhj z^^wkJ)b|*BCOO|~2>GF?lH{|Fj8fekUs7s2|2olWb~EX<^il`6JGn8C#UFc(dX(D_ zFx%|debh+W>P_`x4lP+tWpI4ot&%zIfU7q5xp*^9yz<3XO1Hzd>eFGp2!-qFAj03h z>dmmq&dITvdo%dHYWUlc^nFh_+CQG)I(}Q|nhMWP&Q~v) zNm4kdP9&(W6V^}~i!Qw?YOBlR^`r*iw{N*yBVhm8G#KJf~7 zvPNHidhi&#KGj;!(-NyVk-0+25AA|m4rxxBmCpzEB$-R4)A6S<^XVsug)_Z&1c6;vJ=?LJDNo7<@(8toKotTnAo-q`^lK+iC~FivM+ohddgr8i!BJNu-7mQ#^w7Z)d$>FxUbD}7%oh!(ouh(%KxQ6%}3R3>~B zADo+yc7O7+U{6KgY{32_BhMavPUSu8nd@IKX+uW6R3qfGvp8DsK5OpYWc9J;f{&S%~k&9%~P>!mRYMN`hRWjw|llPtd+L(vTkqru8XmoDYoCHp1xGqzjEbg zsd23L!92?3NqvK^w&5oC4W%4Kjbv7mo}wKe5})WDE_WN9^yD+j8+vj3R)zgd^R~v` z2gkB(MD*!y9!cgCAIw*rYME?W_0X#9$p2Njq%Yv4ozY}LsverOy+Z74XP3QHbN0{9 z^zVGDiO9;qv zlH^&HL!)5FpUo{6xd0J*bbHBRxD8Kp^g!x!=ouLaByMbP0$;F^qbT~1l>oTm5KSRh zgW-@I26in4c->$(~%(|jsy2_O}MwXDdkT1d#A0hJX<0C3Y)=`&HQMqT6QMwpos6dDX7Cj=j_-@-0Gy8@JSSmymi9mHhxjlM@@wqT{Ez9itsDvvhx`(xMR7E1 zP@6$Kf-8U>BnP=G#v4u#7@0ivcx=HEAXy9GhRe>%DB-0&}sDW;trbgHT@QYJxE6wOF zK}wL&lA@aW15XdV&V^%hYJE~ylhsmBz)SDL{XKP(NOXbEg;!-IKpWdaaryxFnPR#9 zvSEj16XOn(6DW%KAEuzjOfCA4$x4x}oun*K7NV~8A3?d6kNQ15T}jj!0uNv@r}V~n zLCYe0h@{R=>jI1(E>dC83(*~eomyxFo1maGPH0$jEQVD&({yw>@1oHT3o+!ay1tLK*E2$%t@Mjm9l{%-k>3X{o8?yI-SB-TUAK)(xx$ z{xPcfn^3i8qR91~z_i5*9s{k&nRfA4$Te9OdM#cjNpNT*&!6o3$J_3OWYg2h_r$N zjo>$OjIONs69nhEGRexxL08Fb`dcCnJl7X5Qp()*`82^jg`#BBYa5CP%x^;TIcfWn z#+IOxqN1v8lmM)63}j?JqY|HXDQzB`{ErtH@}zKpn|4`8)73(f(SSIq{k@ADeEW~_w%9r(PkCZ z^b*#KOg7}c@+Teie@t9#jPIzXeVNnT>}EzcJ3$q%woooW>U?Ni$@4s$trnHq1^0_L zq9n@`Wmz2d*enSZ>Zvh(wOVD2e9ULFbS&iOT+ZI)sl(Zl#b4fSN;gH5r>fYW6Qd68 zO~2|(_2-7Z63zY}8Y&Z=*TOWa+Pij&F?g>KT~9nZ)baFxBwt3~x z$#L9$iVaw&^kncq)bdgK!m?7YjtKUn5y`;I5N(DD#J)_F|zLScOP)!@9^VqK^u zb8E`#2Bpo_;Q8lmsl^{%N@kh1-oF|Nj&J9RO?#)Ha*SVGA-U~V?~lnd6wO{vDVH*h z>Ga3c8OSXJJro|FU>TSy>=hI2uM9~oF?j1Ne<*^|n$mWbp_NN9j6Th`z-Oo2k_+cq z`J!AydByaSq8Q0jTu7$5iO!%qVugQfH zr4KZ!#!gPot2(hU^d~&H!0T|2DEG(kx803Wc893$O!R#qvmqA^2sUc3nkIes+9;aZ zIgb8QGzGaknSG1SQBL z?>{ooethf(vz%V(ohyY0FB%IQJW%)*X(1nQ{YlirL3(3-&sR++$MdBxL=D{Xmy(dD z?;F`ro+3+l-YwgGjVZ-h!MA0?Z@0e&`(n-4QXFH1!9naqwo z@R#-|Qv9o7)Y!)8Y(|3jujcnY4YIFUKRrK|d_#sU_bW@=b9zS?;_~p>(0JUxGZTM~ zmw#neI$1Lu#3`x~)2pNV)xc1ny}i`r$z?^$*TsqM*Q`^X@(U3Ao;yRTz;DS+lH*e@ z;O`s6B}-{d9%j(qa>B@q_@d1N^|8=A+KSUxyt56S9wH}p5unNQs5a48_xUwfqfw|t zLHDi8!?WXfMwGFi5%YDt8Tp5JRo81io!s?bxfB^}$PeTkbUu`d4)CpdPWz}2u1TNe zuY0|1N~h9e>>3SUk`Q)zo+$Ukag8O;;`v$n-WI7h7Y9W}a}2n(?mzl0?`#`d zM|7Lqlw5ew<_=?-P%q$R9|}&i*~N zoc~jVScAE1fiAn3WyfPa&qkj%`!pI4=6Oi|?;z%g`(Yjc8DeCy~Q?nuE zzDz#k@lF@^W5o`gzl9DaipGlZr0CGpQg3aYjO7o+OcGg~5=0xZE({Cm-}bJJQTx`6 zm^XW>vn#w&VtkTR@niOoe7cCfvW!dMMr+hwg(Meysfzg>_~^~}tr{6t63Y9BWbo6i z0Kh9?NuvVi>J{p9o6G>A-@tu3-=CE9Cl{RV8C{2i2*D>@Tu=Fz(L_B=BVd9Ssek?R zEkRBjg-oZTMBWzt;U%-{&ExKw@5tm#tIO!>C6u>#2R~-gX4^(M4pc7*QxTIZ69>3; zM3ht?E?8__z3lyX7t#BX_2SJSZ}VS)2XFCfmPrW^y}y)yvqf6_elxc3m?rGFSK}o0 zwQnBEw3KKD#*!#n)HV*yfgaMlU1MPB>E+E_3p``<)F|G)n!;7;O!KWVuLw4yqNbdcM9u47@DBj#cVi9iA)3~ZqJXTe8-YI>#5ebymBm2JVG zT_nKDix}#i+%EXX1kSjw!tee#S<%}u`(6LOhaT_OjzLZ1d>zz71W+C6kT%ezf?|qV zxTc{&!mbdTX1!0j}9>d}eS%Fu`%12#<1KT}c3$$$flLmN(cgsP19SpD1UX;UtxvI({I^@M`W z)zlj1jwqVZ{G_jb^zb1eOm?P6+m#?pfKmA+Q`3{x_Ne+u0nQU+0nVeYK5c?^;!H0te% z6@qb?6h?Cz@(l3ZzG$HUN4X7oca_nJcy#3<KV_ipSo>jqzQF80g5Q<`eL}5NSPns8YmmAn&?lB=ZJleKI zf#x*XzB1f+Nd7kfsR+`N8vF4J!G;H2{>#CO7?BOwSAb{TKmNxPiHY=MxwjiYEp3H#OL1>gl+82u*NlGubRx0bRX>BbQdY9{oS z8}YVK=frckNiZq|V|9=~6TvhOU_M~8ErKt6q*4w~_w+K5ttX6bzhLT@mXSf2I{5un z86Z%n2r{Sr7VU4*#*Y%QH-hg`8~rMdUV)Nph}=QnMk(qnC;9{>C2sIlk~s?lQP@X? zMMNk^3XD{4Z)Wk-=kS#3WrDc@Hk+3A#x-sE-}q!r+lcPznT{-`|E=JECeH_KOk#4( zmMsKmq?My3;KPB_wuHn6=aO45S|Uy`HH`A9|so~Ei!kS z7w|D;4+)JQ;BB}g=)+(R;`rn>k(vxOKTehtPGZRXTY^;%bjngIJ&u@SIXoTTzk`)C zq6Z&Vd9k)uahxM4v~39{>d=*CwObN!hTgMnwN%|=b* z9(${b%8+1-g*nay4}Ji`N0cRQywf5~JOE6>EyzOq%E+tK*Mjjz@K(2|B^emy6^Iqw_ZHLW0qp)ucTfNW>#At#5Zx2gt zz~jILyd88xw^zKklbtwe&fY}sVev~xLjC#oYeV$7+}2U~U_7QI5UNmsa_9oQ?%&>8 z(KK)!LFudEFpN%TVZWC+AKwfnij|u+YGpWw8vFTR_k`#KMspRg0T}7R8-Vr?;uyY# zAq^ZOnxI(iDsy%GyCKpDR-A9mxD(ep){1@7h<>49K0@BSfMJTgExPsE9V}v~#E}%a z;Ce!U9BERcpAJi@r>e(!%-3SS2wSc4s_eJSho9DTZ>caYC%0L05);JOC;gkpWJV#t zYW3oW&s6JB`M7Es7$Df*(qDD~lPpu~owO*PhNB2QNV;g(z-7c4TOVugQ*AOQF}r_PEw*9LRaefnHNZ zfqFa2bjHIv| z-&J2tZ2`NTuvrCtHDJd#Z&<&)XdXkHD2zA87&=9^OdX2#aH~*q5b8Krc7iR7fZ#gl z0wCxS{No6wiG(&=R%Yh0OYi0sy$jACN01D<_hCCJ&e|y6c?g?95?`N9pL& z+Qw0Km7^XTt_dRed4mnSYwy8dn0*92X7a=T7GWFXCon8uLZpQ8Ynkr`EyZG1@S`b;Td{l-3t?f8hw zaWbuZ%XWB!Gr&R^%fvZ!9I<<1S;K~)WW1JobM4x=(*+s&YK7ooC$T*jif-<$qt5NJ zhL#ABc2LKp4bSy(Q-4{I47~-daQ=Via3;yVk6xTv9i?WCw9$=1aBD_G z*PgzbT5Yf%v`*XxI|P^?(mCl zI4Y)M0PV6M|#$Fg*WY~Mi|0hz9uxjSI1 zVC%qwPkWod6Y=#K^WJb){~l4_*odAkszM-F;&xAP(O^grlJlpWVef=p3Y#JN+#_Yl(1XDD8jbpS zKtPh)8w-U!4)uha?>51ip%D#t$%R$;C(ffVpgs6F=|Xa?Ny$jKE}^Qx{)nij`Nwp& z*9w5hfFMNJtgycnqMvT+iaUjF`=&y>tc;8ws4HFOafHkrXyKq9!#Dt_g*+LgLN0X} zZr5>V@#y5$7`+4FLcH@HN<*AyAVFOI)xyHYHu_!HE(VM&cs;<|n~IJOLFL)75`^z* zYn7P1p5nD@U!6Pj3qex?GYr>)^9Vpm7#?6jLby))n>U}Wg}?^|ZEFSB(THg6v@~5< z7l5Tjy7%IcHp0-W?Qxz$=__c=gNH9F>I#?5Qz#2ioy-&s9b*20F$x34-4||F#NreJ zKdzfNIigl9n)^ZrW^kjKE_QA#cvL)E@2S_Dy|<2#lea+nmZ71G4GWi!l>*20IH$4y z&2NKB9yv3=myGkoK0aP&FPX^D2Pv|a&s5*8Py`-=FLOEg8_uBz;vk^GV|#hlqP29k z0#M=`KuDMz%F#m8I0KU&I>Z)_5jhDTeW~qLW$0^$RN^_n?(Q-XK!tpeQ9^`=N2v>` zYH%4?hEIe8j%%~!E3t}+mR&g`Skeij2qpr|Mt;S5d~wZVPGWR&;&usL*4VV-tA|{N z{Dr?~>LVC_YGvIuwi30ytRFSD6y&~7VLO+=yoLWp4$u1LR#8!r9FwOy=U+J6V%Nt3 zt`0>;+F}Kgycngt2u@5kLfwfos>jK0mG)xA^4A5D1$0sr+bfoMDOOgQVAjh1evCsr zbutw_y&jZa0yuA@Vh12ga-WQfN)waUwpT2oKGE-aXy{o~yKr4X^~lV_V~xKE?mb~A z!KSX6t~Cea%z24^ocVELtHhwFvwSEsys~~$LDg0>0XGhThef?Jgyr|aVM%~H23Zk4 zwzyNMoKYg7Mnj##4j3w}-Ay7E!3mgepfk?R_p|@IC=qGq8$M^LSISUX8t>wKeMzKw zLF&h=2$o=z)tWgqE1{|9J1O*+7u%%-0*0_uquKNL5QAF_!;bL^FSc9WDeNN72G4sM>mipOHbaf-n55^bw|`LZq!2N2O1Xlh~^hQJko zEOu!%H8o#($||G~aCFlhMwyQ^hZf6xl$>?pxOVec*Cc>=cy1~>mdFrAMe6T^>K3yL z_&W9^2#&;J#}eY>F@Z{)#^dSfU>A#e4<|E}sjHh_&#DMs!=StbR<~hRT<%ST6$FU- z5?oww?Vr_}tW`^GwEzhO{Ym)j*?srPjvj4?jtbTz%&p^2!hLrVt|p7$`gyl)+|S2{ zgNFy30ioUlHZLHJx()P2>`*Y7gZ`oQtq6jGfjxrnnVy#W`FAcB#H`D+q)#Ye{r0>c4b#8 z-?^xcEE^ivZJP&t34#CZ-w_dQ+}miSkMy|{aNv-Tki6=GsDu3TpmnuHng8={my1o< zN&b6L2oDMP?^h=xYP|UW`e`+BGl<4mz?gJN=xx4GKU4Ad2B}zVz5n3?q@eNf#cP1( zzbhCT_KOD`Od`AJ`NBB%MlWu=O}PZtU;dbAE=PM_G@S?;V%)>u2f+yDClccmW3g|S?wu0_BX4&p~KXqV$r=}k>St#2V7?6#nfxOYMV`>+u8+$;yHvf7H{nd zp}rw2@V?z*I^S4wf8B}E%GO8k<0zB8)+z zeWoup>V^CPa{lFz05)c>tn{utQz`q!q2AK~OcXzDP-ce=m;HSeEb%|N^>_dC7G#?Z z&da;+QR@~gdb8F_t>o>baW=nb`tJt-M%lHlEh<26PajEIX$i-Qe_y}l9u`pi`vVct zSNh?a{|`UiS{m}%5D+~{a(a+&jfW*!X6xBG_f_g3IkpHHiuFAS8v=@?5hbmLXVYbD zeTTVkTm19hzlqrl#&;6^%z8q;YC`goPWvgnh3lFtf08DjlF+h(P+4hxLE6WQgT?#P zlxKQ=oPL!tm*5#-7bvDsRyNx#5>LdErNk^p8_Sy1vF~Ee{rJX@rKM9N`H~b~RrD)8 z3vQ+)r(5Sg$GMY4(&T;oI`!(?zNOMqYw`NtHzkYt9OK2BY=X*`nZx2LFH{UZ6p;7k7vsNkXm|Ni) z=YWpLyt1|R8i!5tF}i44`Gs6B)&b*QT{^avecWkF(_*6)$K}i}`Iad3ewxs0EhJ`$ zSbsGaXzwZ_KZEiU; zJ@T4K$1_g9wz{d|H~OZ%GPj{iFJLOfkz%nUPjGAY`9k#Qiiyeh-$P==a?$FB4305x zi?w8$$VJ~6M2-$>teJ}2lm?c1-$^WUs66PXa=$74XsBjxA1`l@x_A1=i?os~SHsg9Da_ZUFS=UzmX+<1X zO%>Q?Pp;_{ZTj&$Y`>{ECMn7-E1qWf`K~(4Dm8hnpEYA~)5+CD!~A3!HGwlXSGVgA z#A;E{QoRxLt}8gN5qQ>0zj0WweKN2_f#s}lXx!1lR^{oV2BELiChV5;zWofE>`^^m z@i}piR=3vl=iqGI$jsTljy+^s2=cU+ac{#P6&(+&=Pjnc7eq69=~H~0?#)`xk zk$t>1EAybJ!#a)VPIF_u5iMpC55wYl^N}fuAmyzS(l!$0a>K^MA>JYhQ7oj&jH74v zSq5e05WkJt;h?~JOX_UUPmyG0uiM59uB;@gL06Aw$w-*2}WG|g^&q9BbAKH`N zrZS7Xt0xY}EQ)RBu!hv1+SaH=6xQFb4Zi2N8%N(`%en8olctJEhwqP;WuBSIW7kQA zKtrPrm(%W>=^rNy-*tFpw_ap!UeMcCa_px}&>1fCD%keBUB&1g)~>ABzbC8bglxze z0WoH+k)_1%*2PLpBokB8)si_EcKk9>`vD`BvQ-zT(jwBDqYMGlh%DQ!;7_9wiccF z{Xrdl9#+*q8*ch*b4#2%J};BuJ#O1w_$1mX@prAK>z)Q6h&wQ_~DD!)HbvoyL*p}D4tn<*UTawtK>G7-nl`3g^>)+LUjaJ> z7WPn+ubv#8=Qq4d&SH4}kT6N%@b0RIDZ2!EfAE`ZJx^)4!%&=9Kpy42d{9?}r^KA@ zK|RfH#fIs9!zafL>1fn?>VCdmqAC>FFu&tu8z1m8Sew1akW!4JaoAzE-l0^xr#C)4 z|K)c_|2=o{rjpTT>V-d%^{0r39UX5m(Y-K>`f)~rSNh`B;-WAwow(l-S^k{z-%2Mo zPG*oEcp~e3P&L`0IyS4z|-=I2jd~C z)$HBrLRpI+g_kZD=$w0^?~!L##V{vqPMpzWA?{VjjZ~6_e)`+}>jv%jE;iL1`_WKpM!?glq`JNy98QP7sT)r-|WHKdfTK*w* zpK^=oO!FV8be}%cm&uwyO_4Mz@>DQw>-JaCnHa9XbGLqwZ{Equ_M#bOAdZprjVZYN z+RbZ-ze7B({dqvM(%0t76W>qeMn|ZJhKq@Xi%QY=8aZtH*xSYBU0$rcFxEC{wPO7) zSh?cH&2O!A#_lG28#iBB%H>N*$|&tu+g|WCKNL}1!y4P>_<$u@*=5xm7eDVvrUD+^y!m1WY?8CsCk6n7%wMWnUI4U@cj_Wq5v z+KZ+E1>H9Fvek_=jGo<-M+=^@ee915Dsym1(HRy^Hp~P0@W%s4G3d2GXqTA&g>hYJBK6?5tJeG+(>!JEWEIBN8 zr_!)%WXoX2_g(Bgl&>ZAr`?^O34S|1Ts29X+^8rpv?!e=wAb)1<97PmFgexu!|AZt zPtFyK`}}Lu0zrSxcy|mwL)=RTJ zyFbHrl5#5I#bb5~*JlRT4!nHtctY&n!JWSJ`eH*PqRjEa1-ggBOF2|?XY=gj64}q_ zbTjK+*=eV~AY=0Fw+W?hil(@+i{G*#-Nd2k+z^$X%KEJ@E>*71T3T0%2)L+UD6P7B6 zdQO|g!oz-bieFuKPW{|p_}<>~UR$aNHdQ0P4GQ>6YF7D5R8#Yts)#c)qulg^tAmNm z5t57B;YVfsJ}MbW`@HQtNlfg!Ol!Dcm^nw^F1AY}P=;BKf<;zf{e*|c0d{~R)YK#PFHx%cK-gK>vUg6StA-5sqF2pUz=+BHk)|Lo_hXo?-Peqt0f z)^s(0Q*!t6o*I*5j68=J!Wd9hP4}F#vUw6yc*uVyDkb7n&^@kb*R2hSFc!3iHgg(T zLf*Hx|4H)Fas26*)ps)JR#Owb992`&(K}bI)2DmPX@YcqHqm_^G8e*KRHiSl>^88- z>i7EAey&Pn_Qwmmz|z?}xkmlA>+cN)%70Mr4p1XG=9(F)w<7Itx^F|2z4Dj(&!nZY z+%9Ldj{n>pBE4w>JcEA1SVJU>LU8{qJM#rHW)>EB*n<%3RT_fO zo^zl8(E6JJz3}d$FHTRlhEpu$ZonMq@Q;gKHyrAZ{kSongpxQgOXLz)Q)}JV;>0GF zm@9gwvJ!GSK`e1fIW|{0dTX=Dc=5)L(Fm^>mgzk{+a9`=8{X~alXG>SkBmQhk$rh% zawwwo4Gr;|sIAftuk~p5$w?2^`Qh-#P6wuYR68>Aw?fL7Cuo^i21Q7|lbBF?zj&~5 zx&9xX(OoGr;Jo+I^dX2kebC^iF$NOrgA^EKg02L5Zwv{GS%A_{pity?!F6bZE@m+B z6lmh34Us@4L7-FY*eOLS$9l%{xBT$Fm(x}s$o1dQeA3?8+%7VLD!O1GDm*A^$TZ+S z&w{_US?P+k(o}>=K*Hpi#>vB?febDu3tRft{#woaSnlxT`uOU3nVr@A5sTCNoBuFx z#qx!hv!DBJ$wX6iWA%ijZ$^*l`VF(Qv%t+?N>K+;O7e^`IjA(kQ%|_6WM+!=G?NYE9)y;Vz5)fj-9H19)-nHCLOFZEM z@AGr#FL0>}b}+97i#V)BD*n6^P{VjU1f5gTuV);=u`f{WhA5H)plYmnKtK(JwbWq-3-wW2u z-7#0@y4u>vbM8Xq?ccx8fEol;A&TEv7P<=reA(HnLTaOsHvlAM&YmtU+8w428=(J%F7%tZ%^_^Kp- ze_VL`hsOS%>QZY@wS$LU4m2LtWH0bBRqcpp%j6S105HraAPWdr3X6>eXs~kr_;1LI-6diP zZeZg(2bAj}&n-6ysr|g|C-}qbon3_Ymcq3|{M*XnenZqM<+_sBrqi4ib}-xBb={TT z$2%=Co#rBcU1;0fG?Qh?i$Y{j&jrkPw3CXR~HT<6#` zb`%Eg5osC?>gzZ5_Ad0F>k(~x?bL+bKPjlD9}Dk_RqHzy zSTcDo=Sc#Kb4C6W{bYKI{q!tv9WNU)Iof6Z7Gc#eC!I=JuJwEIep+fs-130By1Q`P z@_zabt!DSqX=mHWIlbwwUAg4}6Mo;`O(e9U$M&929gCr_CAO6ZYb?l~~_h-f;kN^NR147ctH6vZwtkVFZ zi55SII;(*5Gc+cVz0qh!NWk9wLT5LHNHOqN&`W0_@E8CG+V)rUPP%c_#hBqYc#+CFCjz^{r)WbC(y%WXuXS1Pxs?LcI+6S zMZ7>=1Fg^=dm_l5AR2MGbDfI;cL}VaH0#u?EN^fXSQTgi>Lt?hWohS*0)8s!vW74Z z0xUqFkki1j4UkkxuPqZqcHn}9okIXk0ZhffDa3^U4f23?4!9r>C#NUFvvNOhn*0vAqq6G+U@pQvfsO~_8eFUa^43&Sfj#X#M4!?&9;J~3`8VJY zI3DSQo5oz#1Q&sL^W}j7t zu#PE92LIilT(3GR_h!VG+|@+Y{*6-8h>wS#hd`>Usw3rJ!(q){11B9mlmFc|v>y(s zZT8u&AU)l3lK6y}IXyFlNb7H^@zj<(uW|yTSfp5dgC1)J8_l1Y_cFA(8>6;*DJzsk zb>YpRkB^7IYG;=}J?ELAW+5tDomdCwbOi;2$PK?d3C_k>o>NoK{LHe$Ve)LP^KU*6 z)-}nz8Ev|1Y1<=xGnmko;&w8io2uxXcEl~LxQ6!-ukm}m~W@{tCPqI zota^0{P&1knRNbmHYi0OKT0p=|H*(;;1?;~jPLjpSeu3^3flIFXorJKYF9S*1$-+2 zYh@sm`SAw~fu)JeZqU{M!@+J&7yuMN%p_3 z%PFf1TmkC+cH|ThL)ESS>yc#{_&_1=^X7T9RY)_GL8?S$NvpC3fWxrFCZYNnNM9>Zdt~pZuvm6%D zqrm1yGUrcMNlD3ApF6REzP_BNPI-fxnOVO40~uSu*1@O*wXz(u95T`FR~H_D=m_>O zI5(grq=Fg?BoZ1)Om0X=D(!>q5CeeUV-Uo>cyR|t5MRGuJNb(>9?&hpaYnar=3O-- zjA%kkUBO0znFk6jmpDmJMDPfJVT$F4LmXO0usA6YVbg_tn^xC^vNAoghd?(cmev+B zFNKdFUqLBaCLb3@47KEeI7=Z)^EC56- zipGKGmb1J!)8OJGB&3nhLe>Hxo51o1n+KeG=xdGy0m|32$j-@`2YU+M!_5c^h(W;9 z$~vUU1ceV!ddj0mFUiSqKM0M8NPhDMj0^d!4m;cuM2LgxAPoi@I8!_Cy$92mz!Rcq z0i&|Nz(zM<2r3cYr_AIGfbZ`SGm2nFfX50?>am5@ip}NjZS&cRq4=WZ?YX$F3hNsY zC1-c2knavM*sZd!^Q+cZ%6BsUv?0-Ewwa@BvUVl#!+a!qR{*4*%Tjzg?~{j zjIQ_3c8ShsgSlg(a=>5K5%enX(|rFxN2sJhKGQ`4~h=|LB zZs_E+h@t@0hl^ola4#d!MBtNxT(!T<%?t6S&`d310AT!d!l3lty$@g?*Ieovwn1)v zFGT4H2`sKf$UT7l9`vA)XhWxpjnme42Kal57~QGz#n$)l--CYvdT#+j5puR*%7mOR zx?*XX6Bq|_SAviGfUX5UXYjv`Q7?Qu?&;|XI-94P+nQBYxoi_S0;X7s@#gzpgJ2JR z2thmw5jUoAV`C%!YPoEJZ$JRs?3qUg+rUkrV_<+ewowj0I467&+emE14Tq6Pl2If;_D037ue&$0S}W9W>GXJWXK-sWQ5DJA_|82qRIW^U+3Ke*XF^O{sUqVcytO|@?2qTCr={m0n+^tmTN~4qDs*4 zLXTZryNWSg!_;y!4`zfgH3ee{ex;!9qhlIELqh}lqcymznVGSoj%Mf#sHl)jr<9f= zUasxS7dEgj1`b$TS=Bc*XbuExL)Vco+)vQ@ zMPR87dLu&KOq2!Y86l@T%FOaGJtKpV(~Dvsy5zlk_kvVAC_*sdd-{~batjpyYg}RA zW_?@QyL6^>)Arm48|LTLTJ`pbkRjEe1Q!1j`07!&Vl9YXb9VtcoNfJZI=1aqE}Q9 zY%bvyK%RlBBsbT}&W`F?m4~D^ZaWG@xd3`7u%V{9o%*SEOKEgF>ljbW)!X*=Cn79X zmX}e4Ae9>~49N1ZOcji7ba8Ni8syvYz?X~)Y#}&^FE1_OQIMY7x0Lk!q4bF*7TkAu zM)2@3G8%G)fvpVkl758;44zbmKtP6BK=riJzW)vL_l88nHJ^y8aXV2kVxiQ1NaimK zdLl;9(x=`ODR@K`>opm@g8@{f)41xJ!V0bAwxHL^*El>-T!YzF4l)&imV~K^fnqZD zL@vC3ggFS(4Sx*OZ`X#GJrRm{0y&kZC`nMigei_7?qwR$EBg8@%*?PAaE3)1n2`9z z?Cf^Ufp6nZ`(9&30EsoUOzUk-^-xf%u(VH=QBYc##n~UPzWuqe`+}3RGx_d&Ln5xi zkOD%DG5qV7d@slS<2TRJ7Q4KV;1ms!`)FU5oLv3!qY<DsaCAI(W3UIfQwI=8Z2r~*0n;mh1VLi5UB>EiO%fiY! z9OU^zX%w?^&&~@52C>qw<>lpnBWuat-nEE5kdSX&>Npng?%mvw?3uG?UqaVnY&?X0 z9z8x(cn`_&d9Z(iX&MwnZ(hG1K&8m&%A>s&c{Mr2RE$x9FT#7NUDGmu4g67G@GP-* z33nwNRJ23(GHze7UMA9h;+hNd^E2MQh4CCp2G<_W$86A@+Soup!o$N8>q^EK@r;bw zO79>ug)b7IF#9mI<6J%d_xOpn{BE9d+v&{!Wx+LdvE8t>oSA{owyK&Ms7OoRp~1nb z8XB@&U3GQ;4_j{@&~y5||A&Tf$Gv=-cK^4rM> zPD6eD(+GBBWBas*+_=#~`x2vq@I^sinZI!MY@yd~sC?&0bN^BOCT)}1^1W||w{d6B zg-xR+em%8qo!vf#ILYun2M)7eMQ(!F3zrzF!1VU^c7iltq}ppXY%mw=>Hh%TG~U>y zXd)SL;Kcu_1w7DxoRgEo6jnXGX8M$(#;is<&2u+KWjAeFHc6zUDO&Y6Z{{cDv!$$$ zXy3H~-2nBeK-f`ZXI=QxW- z(v;Id(2$~;=1=fHA)4cEM>?73){Gx;RE5v;swT2njKfaw`Y02Q>MS8@)_(qM@VP{}{jrXObQZZHCl%j##mTeo=Z{D|4L;sO_`Ef!>yKXPSGD5|W z5V7LQymoWN{om*X;&+ion*@tFBgOrzd`Xn>IL|a8uriSZ6T2`=Vgcvl$x-o^cX6aZ z#8i=80jnW{PA&cI*b^Rr51;~l z+@cr~JrCb!EcokcJ%E53`+G(|mcc3Y8XhC*MT+_k?p1pn>q zc0jFfH%!u(WJ|N_JWFd*t*oq2_hv1<+~W$SxHTLPn6}W>As4jk$x?b)3^g<|)6)E^ z)uaRa%IiPN%Nroy)*1Mj=L;}1JvL{Z;Z_Q1ikT6%b(ZVM_l|brjB$b?)zL;)&=A%bPTV56~jFs#6J@7=%V)3(ypND^mt1Z7Y zcjRWxckxBn*DQX1daB@UMEMYSBHL-YySqEmRA#tETKney(~Tt};;T0=QP7}kYfFAD z?AEC^<1V(m|9rjc``bUAlt2G?(sp@Sqm32Po7g%dH~$h13V*e2S^bZ%g=%7X7ft6C zb>49uoqMu1-B6)=j+(rMn2Pu$dFe$Dp8EKX3l0uuO+#~S&h7utHWm>v3M>h!{@O=* zhgj4H_hpOCQlrw_!)Gv?VItyY&;Tp0y^(fArGsM`e0z`!#E}zDTaUYCl%R z_;;6Abql(Fk3ndR@n=!s3FcP)_v@YP_*ua)5&<(jHf~w}^z>PS`}R_clMUid>WoqO zbT7WbIHIe|^45LZ<}B-RNB+ZN4ebeH@p(r-U9)_;@TqaztgeeLODb5p{rB_upLs#%?sYGh{Rp*f{A8KX&-9Gi zh>?!j?H^*!u8tZ$TjR%!TV|Pdb^Mm@Sll$} zy!j9d)h-XTBj>HH-?Dkh^v0KcraAd;I%pZYu%rIOtf3c_hjf$e+0RrValz2V7c>ra z%edOUxad*%49Cm~a`OMXQoir>ek3oOaijZZ|9<_)-Sobuc>UzeuWH@2o>v_>r8KH4 zbKBaB=a;4)?%(_*a%_X8Z}9YqMqfIIExhldcI89al{aJm4DaD(*m`T+()VF1T~%Ir z_Wk!O=(u-cvw?P``Dp3hn+I%Nt)SzleL8<{+Jin(!y`>hL|0tdZ9VLdgoT|&^-(jN zCOM8#6+8XWLUf|SklK=kPZ7$7C%_03BNSdc=GZo{n zdC~FT-!uo#Nin_>yTCHWB_%CZMS50o%mgEe=T&JBPt{HBzbI#+g}C7r?FjQ!Nz>~R zQvdRfK&aZ^>ydnf^{lT6#%&E}?S{tN~zDbUo7~uv#C#iwe4{UsgLG7U<*CH zzM%DD{#u@3m|V=6==Meh69U4z);jz||Mj)a<=Y_xon0z&iDxb>c@oD6gZJ}eK9At# z_Wfea(|+(QBuc8Esdwk)%^AzG4OYF3Nc+4$r6vB0&*I7J`|q@#qtQcKZmEX0&DTDs zV?U^k>7RS@?7zc+NL%jstp}&2N^XDt+-Ga8Nq|z`)!PI0YTElQoaolaRA$kr{ldhk z>70}c9G@r7xSEzXd#p z^^=)8wXjz8uWu#^S37_7@w*i1?K5$e^rBIH)795c^$x7fAAh}Mx6HcJ>08fueSUlW zc}eP;f*Czm4e3^|pSpG6zaEB&$cgY}MIVB#Ckr{lOBwzE{eY^9veXRMa|9g`|8-DB^@W~=; zy26`|k(Mu&!=zUz^$O{cx4Y$hcGSP)xX5kg6z|KoI)5KrdvRs;+pk&AzZD0YxdjCT zls^p`*40S9^G>t+|9OIydh&%@vV(^fZ61{RwPRT`%kr_6*?r^kpWj|n@v^;A`Cq*Q z95yBwUG{FQ(oI`BcrgDcy69MOn`_M$zh^_|FTPrna&o)mfBRsChtTnO*T~Y?7m|Sy zht_@CDpyldYqrob>&;aYMbrP?u9pYBJP=}^-}xx3dw9nmeE8Qxi*C75O!ZF-)Xx)_gQyT!oFj*gBL0f~t< zB+?9YIBlbGc=+71cki@63rG`ohdJ5VftY~z>?!+|p(y|T`hIMu{3aR9Ed^Eq%iow> zn;_B|b#+(T*mKJFjUPXrqk83v74;1bFly&bqxCm@b|Beh1X1s-5Rx_p8JQ{XGbtvh zhR_Q1+ha!AO<^b4uHU+K3rzHcMeun$%^4?*B90tk?2od=zk-VMD*f0&LSQPMEX37HO6ymmQ zOrMzS=%wF({OIiX_wy0iIf3f~Uog$g$XG`6rpzveSIRHbiC_qym-VuW#ul2*a#qx- zOo@F?C)`_l&*}2A^DyEuwNHLlR8$1UD7B{oex*0vaDy-e+_h2ygG;<`lngx8!_-2v z54a5erzb>2B&R3f%)`t~4Q=hZ$vI^$W%XWs3@!b6c};7!e&2G}QA_D&PVN2oo_KhJ z$SCgoMS=;hRT1IFrQE7@q7x5%3Ta-yaie?D&9IzGMn-%E9R)94oaDgh!i#sl%9(y7 zKL-fb3g3wB&Wg|(6o<4Tf2gUsL+2#Tn(&@C&z-Z3wmI*VQvBe7 zs%zkI>(()>M0eb{L8+IJp@BfE`oTysnYWB02$+C2w{gsIkuw2fgE78wLsmsyQp|MH zB!H_-B?<`ohw;G#pk)x$!-o$g#KmP~WUPR+NZ<3szynx|6b7^7?ITg-x&&}5%rEKBzg=Gk;2=0i|0>1aO?Fx!);1wk!FJ{#UUBZg{hlXY`V29fqsGu<3 zvto*$jkos?I7Bpco02~y+i3z;F*W)J(20S3uxDl_kfD*Xo?Tt|L z7y;_M;W;_(#rh2!+;oq^aRLSuzJ7hG^QB%fW|h{~AXlSy-v0qF1kEq@Qa1YVIlO%4}2Hy(nZOP#zcFF zq|bPT3>|6_ZNoFjdfxy(kd|f^VfB?KrRK*Bb2{9&U^65gn7;J#o7b-yg)r3W2yQ6f zE5Bd=Z-nG@&-h8<=tS&y{M{<<#q{aZ2lko_IZTO6RKWrX_Q%(U_$jr=6;z1Jnyndz z`hdw~kAR<3T0RW&J7A}|+Rd$%0v4;ISF1K`-P)dlsSeDJnYlTL`m^PK#l3deZyh&H z{UA$<`-h~Xf)4TS#sb+uNQv6|Ro3(@?c7xDmaz>i037(2(Geaoe9RbOYs>5scs(7R z=P(lZ+PJL}Je*>{EF6Xp>0u#O?`0&O%Ahmn6)T9APFMf>i@(n$usnKX8TW#>BPT06 zD#A)YHGV!vu9~8kb%_N_xqfj`(Q0SsZIacWKeM~HRz_~b3zbNLbH31-i7XG?GF zPaC2TFrDQ8Ot!#6w7;m!>eY!%p%)i-U{ZJXWWb8o?AopPpaOrvOa@U%n#aT^CPEw) zz?V!`&3zO$EGx3-DDi}g7oD!Inv2CMGmWNA`vJQ_KfN%MVA7;i;stO$Z($=(9mWEB zi*j9FV%aO9G4Q`%9qIyuAhXLw2Kk7Y{XFIQpbbbhrZvP;`HmSQj1$btPiA#6-0qG~ z`^|)ePe=hWSGT@e^_A#A|7zAGkkzkWiau3UO}#5FCZ;iB1XR@l!cjeKW zH{&>N2|CpLaAicu*7E+M6Rm|mWkc`Cjz{RDwUV77MdOhu6u-~03w^@A{q zRkhg}i;}qP!zWI#p6=zhJm?%){ z`1RETBGk(DttHbyVaK``TNUSkR5{-EVn$a3AP2`i7cxlq{uTxinjef0un(^_vFPpFyCiorIBy*n zBO!a}98JTZW{GH__nr4W)~=0_VB#cbnxI5Fe_otpsN_CS zqL}}KxtEvjNna$MdcvcN{=c4^@8HgGHTO3SeMba8Q_?#-+3@&KZRb%DBR4DVH@~oI z{o1uZ@Jz_EVG>I((XQ>rGP^>Wl_X7xwXa?su{z$|1CH;2Wo$(@mjTYJg~RgY%XIt) zrk6c^YAqM^(AnsRl&4|j1*M$;i}Y?kb#Zn+dE>?=hJJ7`?vxlsxLB^6m*&%#Z_0N= zi@+SKu&{i!ADOPnY%G>2Tx_73D!tpDYR1)H+Tj!ZB}wl#f42ZH3#vPTxBaXii{!g|M`Gb^Bj)`uy_@?nM=K`X6*3F4jK2 z%isxO;ONsKPIgO>zx*+JqNJ;>!E%2+fhbq=#xpOf$n%&n+&D9;SJSs|C@MBH=R@GCas6RXO;FJEHEZgRVGB`_kefBX zNxdEGnv^Kfi67S)CR_G21&v$IKfpHthw*Wn8eBP=@eYS=|I^*Q({FSa5u;;FTOkJ! z90nTZ_kQOhOy+Vg-nVzJVD(i<;15GGLRP{)Y)yaq>vr!sb#u)~-8K9}op@Mab4b9n z*yn=7^s86$hU+pPKHSxo3(FJbw4^Vy-musUv&0x8&M9P4qW##hW0`Hb$81N_gTiIE ztRk&5Ty>aVWT%;b@>JGoC^r-sghcE*_nj+$%i-#gqcUW|m#YQ9n01Bt3~e$h#;^N? zb}+dYuOnm+ER-=<#{P4{z74 zTR%EI{~Y-Y1p*`o#{=xIc%ME>Up&Y_FiK&T5v5Bm|scLhY6sqWdguZ`m6 z8^WoXmi+m6WMuO=RvY9TI~_PY zd2+lRk43WTw+z>!p6#ufJImJh?i~o4jj0l&d{#id*m)DY$OSO)P?y?c8ZEQv1oZRI zp+M|7Kgobph+_OmVCEU_vw2tV&g@UMwKJd{t*nNl+N!Qzq%E_~@J>pK(@$3v{ID+I z6$17`mS;vdd!BKL{jDRtGb`RgsB|?(TgJ8nglRpyZ)`#Kgr<`;7NZ;W!4I z=2v{sm_}t&BQKGWnfWokxV4g(zHRtyB{?}kbf&V|GWI#E7G()Z1ALN6O-U#P+>^(T ziFq-}?}qa2&aSSfJIC*zID&!;fnsJ>7Ul+wE%$w0-?=Yyn)Qqs3{9t;5crwY&TTLA z@{Tih8=mjnn$vcgEn7OMO)8%pyXH}9DiJX0suK<$2-wCIBRw#-$5HSp zCk9p?NzV6o@XXHIontOKqz|w*Gry!X|4i4;mNsgj!e!YQG>K{P;;C>fYe z@Wvadbu9{o7Bndg?dqVDA?DJhXN(gr?|Dm1XnNQD9f;Tid8%2eC0CbR7Ar4U`F!%NLcLhQ0uo$Q+ynP6_dbn-$C(Vx=t@(qtN&Mtk6AD4ZUQPo@T713;xNO1_lrs5SJ* zJAJLttfrx(&ra4DAP7Chq7e@ZzDud4%dgB++<%RUOQcK}=3UW*XCy_{(hA1CdC2*4%jCQ z7JERE1sljL&5HRanJb|=aFbZ`U7H~B?vsXuhJL?Qa>I_Js~e6<7MqVkR%DevdU2nO7@&T z93j}PU}c7(Zqk;P28+X2mBmblOJgh)bnZ@hRTUJYFe;lG7-oyyy0a$jSCsGDizx5x z;=+4Pd{Nas{krSPrK?tLd3Uc14xA&pEY^v@Xeim=KOI&s{wV@-QbqNYj3>_8sAgHl zxhUL+4d@jz1(5`*)iK3&$CED36Vduae~a}-}b6U!+h5Bu%p&S#J;rcfYf>3kWbZS=sKTv zu4#05HiuDscz8Hv{rVMrADANXLs%n6fby!pe8CgiYRFouNoo@+n@L7JeJ62_>u>pf z3HS-SCJx3%k7r|;=~kI^U8-$=Pk&SCK#&HK4s8is(JB0P-j`{*_Cjgz6!k@y3sZe+ z`j&g%(3Pv%6!qTy6sOjyQ#+n49qDjsf>t;x4T__q5fL++hY1_c-*jU8%H^w9DyGn1~0*}uKF6$3pV#aKW#P`)5on+mLOw6ER*Y= zyMJQyFxquwKBjCrGDUqJjR&bg%wve}GFg7sV$4BQLTP*Y_n2I< zQ_i>1ej9`*0#33tv?GsCjQ`Oy{1CHS7_5WKe7393m3dEGbeVsw87*7xrlh1?yg0I11wdjteH>9aQ3h+z`1}86 zdKPmTN8sX93L(jWT4%zNf36U`(=?^iZDZLS*Z_Y4sL z=2@eV-Ky9RIhS8eIBTPpBosp5r!Nvx^GL(yQcX$9Y-(G6u3fu!PU1XczqBSQLTWScPek-{Q1wHKB2P#OXA4PYxgxxN)p75057qcwQ7EcESa*sl(EIO z@uzc_6MIk`bIuZszSh+}^XDbi*V zc9sX4i@ZEt{FF;a4n8mz{Lfx1yj=fjc|C)Kx^?RozyFg^A5c=^;^X%`S-M!}jE#o2IDIXyf4apdL)-`x| zcs2x>?cBNXHX5K?S?}w}QN^Oc9I&uG(CQo$A74cT=X(iwuB2TZ?Ep={ykuJ_`x2^lD-FJSIn(j z$1=*vm_Qz@s{W7;%zCUfdUPYXGMJLgE&x1i@}vR%0`Um8>>kKfk=XLr91--ED2v70 zxh-F=K{~s844W1e+{lspmBkDriwg?k>@>6PWGc33WnjLxem$y}9m>yNyg+FOA`%xj zbkj``H;_K=3YF?!GgZ$Oab~JnPo6ADT9jVC_m2Wn`0?KM%t;mP8fhJV^eB*SC2im3 z<&zX2xaweWhD&cJNPnrm@Y8HGxGySGCcJBKA8R=2`}Oay7BU5XM+h50y0WrWwY4Lq z_R!ype$d{==AN@QT#P{ioldllhg_3WIduH^ZCVA69+lgn46f?rq_oQgkG&}0jvG67 zc59hBl{G#^9jjzEhTD~+7>)k;VWMSm7iBX(g&2ui6(1)h#%9nzwRGKv4d{>a^7DDX z4Uu<%6$Bt~ot~OnISOj2J!Z<1j2b&IIe^aNtc|D7ovS9wvmI>X?S@OEag`S&pd3Y$ zd{oNU})Ge(F*Apj$$ys3bpFWN{bJfJY@DLes<7# zqjYsii}<=u1&4l!%P=33LIgqHhxnXNU@R2BvQGHf8UxT8fq6|eNgaU+C`Notf3nlm z)7DmwT1!4p1|FjHZb6FAcs9C;38ms785xZ*2o(o=`>%lJwzVDQP0h^%2Mk~j07!F= zqVxm&LD>uuG~OlH%387Ae$>{#kKOO{(Ey3m?IVgkGXUP-n{A)N9ml<}q8rIyfJxn~5BV8F5*s9^<$el6sde9)y$Ul9N4! z5wB;aj~+EDceyT$hp0`IV5tB=ck;}bT*Zf%c-M|cq$;05c|xnqo8n^Y;7hC<7U&$O zt$OO}eovP2=BZC5@i+;<`hUN;wal*NCq_M4- z%0jok(_c7qX1(A)ZsK!1qnw}qh=RVSKPVNKjJtAT*Zq!@>?IS|(kdu?s zkkG>7V!^qX7y9b;>$|Ph2^F{I&YQPavXzzx0-nCSwXbg{wekhW8=er5xFZM2=~Yvk zZJarCCR7PSsRhkwu)?&s7f`2)-((KlN}8#ZaG>{bN_sF7P9HeltWpmmF&4QYhYu6B zuX2J!+X(y%y=*-DrLL~Gxm^-45}CGn=0MVdSu)SXd()<^RA9VTo+3M$?h&d1;ZW%) zD~pCR37KLx!n2e?{Duusek@AY@>Pf$MZ$h*UbY>G5!;*Gg5u(qW>XK7BgF)<78X2C*)Cwe{~#rEMwNnGDs*VFCv2 zlF0IThwWdQvX=A0QYRDUQhV@L}oXNib z7aUutV`ohbjfp9zxqyZc^RTC0$Ls3qxJ_7sbCVPDd6kF4!bl8>9J*u1u&WLoKCCtG zua7hoo|djgC_w(_Fn@mNr`^mu;Xwh>dM@Y9;tT4bz|D48lny<cR7v16Gx!5+dMnUWmQ31@K!N?0I2B&u&E4)MGXA3RuAU44`O zJtZZj_W2=feMiT(3WEk^)CBAzRJ>4f5dCqlX-Z)(#ysW|j&F3GDF#N(l8!nT%|w}k z*RSQ2lzicq>8cDFE1PJK&P7x3`n3Su$Ips8m@=0zejRcS;JAm|v>op+n)~wQ25$Vo0m*Z!ooY+yRJ(Q!R3s#QAr%K@u+VWZdNd#O z-6Qz1v-a6!ZPFZp@3OR1ofasrx%HQh!grYfGM?xMXSfRT0(!#}aMh;q}WsUF9=Ii8t2Q=U$8)4^;&4J5XBs z>Xj>fM$HH^FMsz=5`l1H8VVBP0U?!l?Y??-*c5dVNK$dvmIducvT}3R&@l{WpL z>)1?39TSt38#m^n*lYLw5AWaS=jC0$af6trxSv$+(9xqe zo$q(`oH#hl8I%`-*ceIq;KAusT3e1O-f(qr^7S>DC@DIT%wc8_SM2Za&j}2axzl(W z%UDB8t2o8imydszs_NIh&otHFE2?Y#RxDlmp{(rSkt2-hnQHGfLCi%4PKoMAFx$3C z*hbOIm|0F+BqRgd{SyF#Xb2!x;)tpEG5N6kAJnzr81C-j+3(39FuuMrPt#%Orzy&Q ziYF>UmBn_XFY*rvnC0HZG?Nqh_3N9YRdI0^odY}SvXwngw`vM(4_bT}-G2a4j} z(f2qyj{)3$zU;oIY)qkbn2<>y>#s6$TDmPYfr1K++SH+xPn~*PTa8F%f>c zPg66{A|L{UBgH6D(&Ec6qZ|?68UI#(A4;^&3&(^WD$Yo7FL~dHK-bLo2vo@UC+&ojQaJa5*+qS_Y8F~8gLczs) z^a#jEyn=>@Yy^P^2WD%_JTR$Ale(Es5y)%mIglkmPsIo;PE0TQDZhU|5Y|J|lyeN` zx}7|X4&b8a&&!Bd94jsl{7M`>+A~|gXc7DbtbFRJFHeo36+YkARtm)Nm_c(YAOO8p zgkSg5^h#@8V{Js+*i80ZBTtreyQB3R+$sG_aWBvnO#bt_#q{gsH~aQv9R`RekCXoW zcQ_v849}M9Hr#=1%<-6{*fV1d+|I=8dB1h-5}v)9sl*BSlawyl#`C^t*>rJB3tXQQ#s(~~pk2;E8l6=G>sS2@{}lTF2%zkcP>+sgL;sZF7Ig#JeIENm8bQF2aDMk;}5 zDf3yO$&@~%Y|LHZ*%lu6wy^WX_6dh-Pi(s1Zfq_=0}rN;j>&`q7p64hsG8Tg(=q7jBnAr z@nJKz-mQgAp~~(Ga}TtZM(N0i6A@v?3JSi78zeKOAvsyDDL8cHsrcoJDt_hqa}Rnw zi-$P3)4b#Pey`6R2_TbFkF$ej+u8jE4@r|OK@cSgk|WO>Z`rYkIy*izG!C_p#Hu{z z<%3ys0?KKb`tjtiqj-Q9eumQ&nwTmNWWP^#7~ZYh&gkq7eJ3(SPWLFSNyf(yOKkqY zqr0)fl?D>T39k+0C3fCd9{Vvy4&vO`UK^79{ONE_8J3P4KRXdf0BMLN;=|bM5OJ=9RI7^>YckV z8S&m|8X2LC1jvloD={6(*KI0;-3v!++8YHpcSw*CA%MlCYc`l|?o@(RVpol@7muMJGbmj~e z>zaBAbqM;c%>JeNWRT8FmJF1YU9ouaXpN$W+WX%AkWf(%nIe##q}FT&ilSvpm(oo; zXwab0*uAKg;1ezEZRxoFPje-Emlm1L=fV;zR#)Ml^5x5!UZZAZnhqxBdcXEMdh>Wj z*s7Pjq+?GM4^3g&+Qxsbso|({|MO4dkLJ9NhC&j9-?UL5$jvgIjeCj{63F5?O7Sn&JF1r7xe5b|(7N_eISsy?IOLhF&ZaeQk zb2509pFi8){^6n|c%8FCzcydAE;=p|J<%sLtD@eEp8zn>>Mio=BP^t#^$@VZ1G{xWZjA2^hGrNdHxvJem;e4;>?*{ z=cia-Wg6R0*$ksnd^@M(T=cH7g$E-f?T->aUjFMZ*UN=m8!2=_XJFY>YWm3GKI3V+ z3^2KO9n~zuCy5F)S2l&;_K67ZRe~yU)hQ7lInVCH8o~ zhZCJs7d6l*B_ybq3$e8$JI!0V2y~hBnpJz;no(dVd9NeG5u#UO+L$9YX- z$A(uc{|7={xX_q+6I6v`P;RHCQIJ*Vr~o*E0#rl+X;AZ6v}aP9zkDg3stwPv^fGUq z1MzJB8Pn)z`T1xYs@L6AdD)p3bb|qd&O6L~c@E%fq@oqm#8cs5imqqfy!1;8aBCxg zYoRA#F4AkNsrJ9@lqD|}u8OraXgaYyMR<})4z0BcrkOlNWaZ3v0eWbyAvr=1&3nw* zVhCiq#|$)b?U%O()vIfudyu z2lTpg`!@Pgklhu!M=7KowK`D%kk0v;me$!zdCdc?ab!T;EBx zN@(AXHiXx_g>NLvLIoE}2xHeE#t(v57v^jrV>@_IS1#!C<n`m}aci@4AqNl%|YPyMCOk#@3 zhmARlQ+7W*dt>UKA6kC*)~|egJYtqp6O|QATlI zQzBCVB`522-w90LGf0hIR^sfBRy3t!{z^w`KH1Y#C&H>2la+*ny-bJ9IB`BMZjOV4 z7xnI`Q>y&4_wSdux;AZy+#Q{mh-*n1$gkj8;fnm>vG|84SV{;;5E{^BkB@W_xgfLV_*v6v&LawLBSm-WQG%%ZoVNhAB%b_3h*MQMFC1~_VT(HR`m9*pg2T{uBa#>q8u_sP|rcWp^t}Z z`4A3;VyLSNp7U-7mKl|e_`7gec;=$GRhHDah$MqQ0aUv>EXl!0SJ%(qWHGK55&;zD z?~d{=VAXOed;IoWQHrn9nPx=vbfWala&2JmIWPKaj^2*_`=M56Q2TgzXwwZ4G6i9W z_UO@c^W57jB66wlGeDLhEeS}@MvUlVIAnCh;~B;+qI=^wCc)Td&zdFVC?2I<&&$x2 zZ{m9w`K*XDtqRz82#RaOoJ6$yzB?QM^I+g{!#J6gVSCH{IL+3!J?QPMzl;wHkFXM=EMQ7r^h z4o)z(kg|8=r#@Mf5L8edX zUgvci9Se9dhvGC#OBRy0LWE_kY3*l0-h69ApK)ukU129B8Pdz372f;BWKE^vj>bkt z`$mi%JzCJbgH2MJZb9rqf6x9ovu8IqHRa{zb`jAZHx36weH30}$9}_o?VX8%6nhM} zIPE_dT8P|(w&a4*HTCRP=d^IUbsRYuxENMRzHCUgIxP!cUPtabw=Fd@T6L#jeyrNB zZ6cP|IY!^#G$b;TLp#GY)IwR(ck4;R#m>%k7UQnn?a4L4Sm7UFIcGqx$viG6Cts^W zpE5J2xVWg~T|R54`M92Oz35cIa_G}wqR*2jU@vIuI3Ih6h>7l?fJ9);x_$3F`}*z6 zm$5VIe)u^K7|e%`wM|+;*i!|LeDI*_tiCEaQ6`K`%X|6q>gCHwcs!yVhWjAaf@L>T zRgn}U#{hxFR~xPXld%rG6c(00*M^gBs+y&7m|Pw7J>G7fgTvXFn8p07s@NBV8A6}ckjwmf{`_OSul704 zr+A(_cLn=|(RJOdSzU0a1S}j9zBfE|(YVI-X1SWFQX}HvR`l$dWPjPD=X8y+AVJg| zwJs(m4wl-({T`Xtz?%bEqBK>P>M5QOkW@T!7Cw_8VPC$0OZEP73SbIS<@$B!C%=iH zEF*(2Z)_nYJF@tSY4lk@rsd0J6cqS8NCUrdT|~tD_7#@u*RQ4nWxmGa#jteF0=D*? zIhCcQ+x>^8+*Ths@**Vuix;zQG$6X6lp$g8ym8!Wh%lcpH@BWS;7kk_M3Kn!w*OXx z+M6rCa6xO2S=StSQZh27&v`YN*9;qmM3Y2gZgov{HB-*_J{$|uK`qm&GCLD+ zHQ5R+$!_n!#^dCGzzJ=A)xs=Im}-dKC_OWeqf9#WWQTCL{XC%fPyGy$7a^S!YFJz* z2raH&#a)RuKwdY#C4dPg7tHuxuatWpOEtsJ#l;1fxu%(H2OdFS!B(W=Qdj+FCyRD1 z-~T)Wnex*UK6T0zY{eKD{^}s_0(zfg9b$IQrj7qSVZ}ttqOz1uso^3im|OB{ zP1@>qqDcr2w#HbFIJL>>L`cX?3@PC4!9CRWnk!50zE%#Y0T9FFwY(QEc%Q&cgiX$H zwhdKN65WB9hwYwldl@m5g^m+f%!LbxCe2jIY-S?fVdKD*gNt>1?nP7Qug6(7GVMn} z2zV|2vvg!4BrC0~>>+}xWp_}J-ssUZW(wFZ&w-B=Y$_`iiD4W zb+{2xu#surKmRB3QHqq01%cKFMV*L9Xc1CqWSmc*Jn3`e!oMEBX~ehl6<|_i{LI$_ z!J5#|Kt;uca(hwIcc>L;<~K}ZWA#Cg;1E*mo-3>YE%w@RT$_Jtso8qm5a$v37Lue2 zsle}1t|;}p&zIsn}jJk$J)Pe0pMk8if|mH&F3k9sif4k(=zqZ}qA6RcuXWSm* z+tE^qMJn&K2ab0dhdNV4R0S#>V38zMWE*m_Lx%V?jdTWt zfU9h+&ijK{1pwL}Xf*_?x6I=@^fx3lt=H7nF`57KIRA4u9n!a>yed$p{I)lf&k$tp zha0_aQ}cG;sS=*e=fQAta)5vfpu#s>t^c2ESYEs{SbVZ8=?+m@BQVoZ>lu8~>^Z$HjTjHi;UatP8KlKd;o}!yohrOB0)*3$i zGljR&x{n8tApJVC5P*u*2M-X0 zLBqW@0Kif50CT-Y_TI5wHQ7dknt|_eyySeJNuU(jB)$qWdR)PD@&Y#Nbz2qgB=jv#0zjWEMv1e?6 zG0~Skd&XSBXV1K57vXlrmrp?{U=__4hq7EdCaUjKL5 zEUUk@-gV%>Fizk<(ee|GF(f>g{hnH!mBVkx(S&U>9nTByfS%v%d-s%iJQVZp*OBtk z6+U|DV;hN24-aIy(x(6R?QL|1`ug7iz!uvJ$}zYM)a17DwVOpcM{uQU~gUmonT`S&$f|rG1WrYFOJUUm9Vq8z4FOzm3!ZMz2 z2d13nMAV764fxL%zNRH7Lev0IqO(J2UGeVW)zOnKdZ70U4oPJx+WGHbw0H@S8tn^S z=yfa;XndsCH#}p{ocTb*8-AtaA#n)_m?#MdC4zL^v8XP+<11xQK%!Yj8WJBH+x*2F z=$MRH@SMGS*9V72zBpB!Mr#FnjU$7`(hr&kRC#yWwXB*pY4nKFPhY;i<9%)K-bc4; zu`oqx1NO0{wJNT5Nq|sIZ3K%!Wkk9EVEN8YIU~i9`uYyDXRikYsg3=}o&tQJ)gM{M zWgalrsW3-m@?@$Mf#6hv#Qs+JFMQ$qu)13%RS+yGDV-?&pGKLakWV0CkIAJEmsIOV z-vJ11II1Za7A$CgGTC+aPi*C4EA3Fpmo7mjGa@n$F^pZo!6I{BA(8^5A zepk%nq>_AG>OrX)m@d5FQao^B@0l%&FfW=U|;e5}$K}2pqJ#EO&G3DsnnDHgUnN!{#xGb1wtt zzGrRHU%=WvVuEi0Yhr|^rktYU!}5AQEBo+>wHr4Ebk`3DZXD=Ry7yRN9}%a^-^0M^B=kC`Z6 zNMzA&;Y!R-+>-BxryXJnF44!w2Zf}80UoI^mUm);hY#qbWaMRIZ;v{m!DoF1W!8}+ zGG1#t`uErl8bNeI--ma9H=0dKZf%-4QBcX@tXVSC!iOcq%3H8Np$$dxZnH8pQkZ$~ zNDRe%qONojWsdKe;5KH4YlZXd65``!fB&6TSn=u8k1vJ|OkXGCZf|SrP*yM)HtZ8> zC>EdhNW%u013Eyjxn@bxBS_g|9F>A3J4(4t;7^FR$z5b@T?61O`8T?}-+k(i2ZQ z5=>h6sEpCi(tk+oBqwyTx4>4CB>8ku&=UkW+eQo!6Qu_PdKVo@7m>{Oo`~v@PfLp2 zE3YRS(4d7mWmDYjzq7Qm8ShsYUy8S@W~zO8X=(1OS7IXCqejsgha2|hlJ!5lPZAAk zY7|i1GvS=Xi`08#$xw*^8b!Kpe^U{9cbHs>5Vy6#T+Qr-uQYzGH zP(IPY;=X*NzK%{Z%>$ZYS26pWJXvqd7|a;0wZdWU0X6NSZD5nJGLV-T3u-BH5Ag)o z?os}*4TEl2~`Cd z9qh8F{&Bzv#5rBJUxIj!u)2y;0qpARgKy2vpnNHK?9zF}N+g@FlV?F>KYhAXCxR78 zat26*%yin};oA*8DaQr7eJLr(RhZAHoZ3&Hyy+)HS$YM_#aD~4o&mLhBB16&=Rwfr zrCz#J$H!Bl))p`6v;sI+?AI@v*Ew7kITTz2PR$$hLRidj|A@=U>bi+2OYNa<&^B&Q z1WdpM9DFnFc4o$J0jY56d^nPzjB;7=?m_0jmbJFJA`_-huVFU!AVo#{r#7t%x5?_& zd)=mOFY2rs(<$&5_V1z7LIBk|YP_McqdALqW51 z8l@5SnKq~`9Or~+4-$1kg7?ThhUD0=0b90i?KBUrS!cLFD?D{pD_Lw=V~hKm*OYt2 z6)b-rWM}t2x4wsjJW%zK=oj9+_um$VU3BWRu(#kh(f;Zy5sgnl^eryptSzH2|E15x zdWu-8aE_tQ;``+(%Dw!%jw#qXa9D9$&E#ksEXJ8#wuMVfk)1F>HH13>*pdkFu59fX zBeh3ePcI+00U)Q^WTkjJ`2E-9h&be<+mM&Ah{@&qi{EQ_87-vko+qA=FwCf=xIOx- zCO`q`8}oQ*B3$TWf}ap99ah$x?(8-)G(39Xz_Wq^JaDcSI4SV2i7ZbK&}9fzPtGoK zGA?c-s=1V>1Fns_H`SD9NHWL^f8}tLeypaCGq-LXza`-FmoE}nJnS+1sYd;{9NYBF zOtI%7|EYJ{7H`U)(x;by8R%S1O}o#^#*Jp2M}Z^nX6EE{k`&WkG4`hk>E4pJD8=8^ zf1l$&77Yk&PiU5X;=J`}DcCmjijv=cF98c9=F;&_n>s1EoPw;+o5isQrl_;Uw6)&> z%8>HYX7KEp2iu#Pa5x+j`~+&-R+(_L@FuRhmt5c&9MFq& z5nzKR<6y<{k4inz)d~VAaCoXi|NG7Wid6LMHI}T*4eT*^_?fN^^ubbN(Y$k(?cwJ3 z`uTI%s*z52S5djBhVVq$aT@_b5IIu>jK|uCR%!aOzBM!$ZuzbqVI@EV@7|r{0Rq8uI(~YjZa8eyllu-8w8n;A6(m({ho)2rs}L(>a2E!bjKq-8*`GUs)S~N&(&_d zMjsJC3m@i#AL_TgyyBn{HFZY>2NEp$eQ39o;U-i}V(07C+ z2$|wH`atoP1h7XMLrueKM*6eaOryQN9Ya>Vg&W{}Lu2)u$h}gJy0_lpM|yVME=kko z#f$p~KV((0LHCQj7$UVt2)Ic}u+lBro%D~nH*}pbB$ReYNJ~~n$A)}%^DBjpkzxU< zS(%yWT50A*ftO)=kkSPw{IO$8F1d7bJQW??Z@>Uo1S6|o>vrE+|E2uV-$jM5Q^&N0 z>pN55)q6xNyAoAMC z6Y(9rN#=pkvVi@L#TmgoW;LhC6!p7V7JA*=Br!-9^yn@($gjzL;DnK(@S3)Vg!DU9 zjWlqn!Vhc+&^n`xgJ-ddI?8+uAbiFViHm&v{24%X@fo&h072*)=y+YOfDi)&0)jP-9tYV-Nefcmq-hY_n49Q z(d@Rl?fWS5-lU|tH`o0!X6Id!94t*tqYq?Nup#ke(Wt#dzats_*s*go!+fwu2YeC4 zo4IuLts%XkGFA=2R2+4~(Fw}8JCZ4NfH&ASw()rsv;<0yHj=)WmKpZHv;c*Lg}gEC z=LVF@^p-<=Qnazb3=QY0hA>-j*!c00RNo73UA=W{&_ho|E`ENZ1j~;fuhYi;c(odI z3olw-YAWqDyeeu+B;>$Jj!{Gu@^-?ahyHPV6mW<4N~(DOp4@AOx)iY&{tMIMb*=Qm zleo`xbo^Xf+gELrFa{WF#xQbjl0_@8~Z1Hqr|2i8)$ysaJR!e7?VC(yN=d zZh`hwjYn90pah^4o*v6V&l6&ui*|LPrhnGb|E8fmfM+Xl% zJyM9DZP~lh8)=SGdv!N819x+d}{~ZQ)AdR`Vd`aKF zeOV~+cAHVP^PXw>NG;`YxH~%oF_9W(S2j`~5{M)WOk`mB(XV;ZbD4aki-#u8A z#IyQM?>fg7V=|=nFcB%WvXPx++}`wJO&_dB0?53{1}PrN5IJ!gM9^T_o0>l0*bbQj z79VNi>%*m*nVHR+1vk}-aTTx|J>qYX*T~B5nXAb4^$t!fraZ>kh(>>hN>hL(x!-^1 z4BnPnO1VOJ+D<*Ww{!)DOi;#XXUBbK0b~Ld4@hNX4B}Q$5Ay9VUph3y*r^@(Yr(40 z{G6H^bNTYD88h6GM_x+*Qj!uC5dphRO3zcI^}CD6b=q9Ky>G#(vBSmjfiEe) zgioa+r30qFm>&_4F+zRr${aWGExvc}B-|OyABu#WoLX$ZAc3?mY@qiD5h=(IYI1%x zQ>`c2L{~^ocnpl20E#66k0s195^xuCh?&_}_{l5-g!^MRpRpR218 z{#V!35Rzo}kuL0)mEQ3!h`5EufR=N?o{y6T7=e5o)_&TwPxNNdnWPy;4}`dcgg`ZX z_|V{GMD>08t!uQ6%zy#ZSA{TKMMX7O3oMAkj{-FXQHdQw?(LVs^vgB+Z0`kjb_2q* z^8s!e8g`@}KY)T8CQU)a+0D(+{0_|moQv?(BHK85!VVpRVbC`;wAC1}$E<-yOPv1b zdqb3jUx18In4vX;Yc5TqLGZzxM_5L|p4`jsa^a8AEEG9RtB9U)lq{a46nQlDEx8YJ zJ@T;l3l|tHbcUBV%xNwSSEFb;{q_w%n46oM&&9@~!-rNL8ez3-&anL%SSD4FmY^r1 z5N6%dYBmmBC1eU25>AQ`;<%TwXdaHwFYUdI=4|XQ0Qvj6?<14qSS+pgBH(!#iiKv; z@2&S%9VNr~@udBuBdlaJyR03^XYzmgPDqJ~K*iC+Z&$qEPSfA%$C2F>HaZbxTdWD- zDZ_OipRs>S1Elw7>>P#|?0U`h)nX!EtxfS0l!ZHz8F7yx6ZxBY>iQY0{c~@ zQjrXx%7-fmr3I)E(D^ttaQEPZzuJEVxg9X!BghBqIW9tV}GPfB}?$P+p=J z)#Rc5O0@i+;pgYKd4GgCBEHcCj}kr+Cy@dsbajdH@=hVF3!0)JhhGpIY$E|$hb{^5 zWbX6lehvG)jkl2iyg-#4uat$J0%ZiwNK~1)Bu}nz%@nc3Euam+{cSfBqzyeDPXLFB z-5DZ)2J2st>G_>Y$G6VQ!;xc?XT4O17uOLr3V=5lRq0FUp>4q;0d$8_=ZXd<#?0t{ z9+%|iHpe;2L;C`PgYt4u%tnJ$SdhLM8yyt=^72_|{DF<&>%dt66!|j)6A9of7o4BG z@dN{YJl*&+!;7dAKtUQbta+e8LL)xd0`aVpQWL(dJR7!c0|$pW)C~xjKrsi#7P}sJ zK^Q^My(TsD^6*HyPBB{LB9!9J9TKQxj0#Y?KBxw}1923ZT3kb5$LP(8f>Z1csP;nZ zjRX?#9AcRS?=S!=hmQFLC`JGh1qG0y1_bXviM)-Z({Z$=V7hRtHJVHl@F)@g8=sJvQ-b+dvxkAY61ArV{h7eR(w7Q_` zuU+%+w#Vli__4KF5*|*G)QnaJPbDn4fGqLd(e=+90F5V*;I+1BjgwtC3EC!nFm$V= z41=i2!31;_?IyvI28IKCG2C9$KY!Mm7D3XLAAIaRuzRct?A1+8_nS>ofPh!T#)n`W zw8;(dh~|aa7f1! zFvSa96fLc(kr93$_BQwcr33|cl019)avi=KQAP^Mw?IyCutz+20KnSK5())8f1f|| zLwSGZ4D}mg^dqh@mJuFXY|Nm3@q*GE@-OTqsBG}OAch0dU)(&0VMtW(&mE%+u4_i> z8@6yPZfuG*HGZ-gP+v@7`XATHlSR00Mcr^xB8a*R-zR_b?p{#fGiVn;0STi*WTYU@ zR{=MR$5l82G#VNwTx>u}w4qQWE~1ye2k=zK2MPzwam8xG7KUwn zIp|IXf&k2hJ*M4pe)<)5dHi&Hv$>Y{ryrH5VXEB z-!v`F&x0W*;c{#$sgfuSx<7w@c#id+TqY5}A}7Zvxw=JE6ci-Dr2t3hAyE#YT;LW# znPV$M+Zf;tqbK68oi|pUNl4OKai5-CeU4uOjV{#9Xam4Kq78WW?hbOjfmDc#pNI$~ zAptlHT1!ulndBT7jb63S25J+qNA>maobSS9xTjC+YP7IJpP(B;#<-2rujk{*8*fYdfNnxoIdmC2X+uEe#l?1d%RHZIUj0u4Gg(u~?dNQO5zeMrus+qrdX7>QTg&%1&M z#Rk?1Q6kba3>g4vAt)0TKyAe2TY20pjCJK&WE(fcF?j z_#nX4cqH6&Tjj#g09eZF|x_*L)p<=Em;HA=* z768?Vl|`wKGG%MEvpW6cvwwL&RJ$PC0ZHSbfPTc%62kQqe#7lCqR{0b6%PF|Xk-BE zNWUDk!;SlAG!azy_~YfXz?pwdPWB<-Y_N70=x>Y)^{X)eWI`}0geKph>Mg>H;5nV8obN(91-=lsK!7d4?Wr<<2i2H!C z2n_^=kzj8$t z0!Wm48W_l(oy`$;;hLJ7CIW$!D;EH@VIFR+f#dLFRV5`4xYVE-FtFlFYTm>ih44Y< z2xQbD(2~gTf}q|;0>{D+fGGb;*ice}NmXX0ME||NPb>bE_6O6VK`A`c%u-&ZAjdhP zL)_DikK;r}7QlxO7wA&SNbDRO=%ale{*%y)g@}R{c9`uXum)r-(J0p)k5mX}6g$Yk zP>$gH(;eyn;*jtpY5#NQ--GD55GKe9NN#9$hGP*RV4bigJ{bxWG$jD(kd1@k=m-_v zQ6~(Vhp4*4njt3-!`3^uvQE?yQ9MSuj#w8oOfQ~2K4J-w)S6w;snU1LXLL!Hm6D%I46r(}Xgh~*iZ`cVk=ozqgZ8$>svBG(I0(e9fuO~< zGfGtEAta&NcS|bS{}45Gk;S(YUDI}Um&(@CMbP%Y3<)875FK{!9zsx;JF7Q$89x+b zY{6;(LyH{FZBNah_`)*d<{aEfVju!M=qTOdzE>YeNceMEHfLdV!5)UIjjxM-9R4}lv1}8(FB{;*9v9cs! zdUDzPZ{pX}{Mn{h=KMTr?&smZ!)AT^T6p&<8Z*8ABnORas9;f~!Qfkl8Rf*S$lM%M zGTeE1iHO034Czcv?9Wcv*ki^I_~QB8Qk_fNQuLYkCwlDJBH=Ui`rCF9dl|kU?mjv_ z;@+66(^`=~(6oUwiiwdiok#X*I|^v**H|K;p>f%`X_~O1Jh=)5 zm>DWjKz0Cu;yyuZ1VJ`om|vCBrVyj#mYKj6bz8YWW(1(7G_Lz|wKfkepZ1&m)O^5# z@oeLmrsdTcg#r^jDLxf$jI;9sw6dsjpu8ieplBL)fO7OSH4Pva%(hJbjJ+WJJv3PQ z|Ac6~_1W+kJ(CW$e_{e}`O0h22orE&*_-Sx+H-#&78}BFt^pD$Y+*o5Swez4vNF4z z@~XQ)8bJlns|~#5{CWSNpbxMa)*At_$CZIu2WOkH6H+pNg9QgbilUn24q8*l)Bvy| zt_K$a)b1e7-ckW!17UIT`_6lA;D?P6qGfCxjk*HL25eBMyTL!Mu;3HM(!W3MMH^80~{ZnYn_A!^!)%IuW+F`1Ej8B zXhJq|*h)`0o`4LyM`0Hf6+_;w}-Tu z2#r9=4r&1^YlMw|`1qWJ1RVjYX`oQ(?LkJkjr)5hVb~>ySH1=h{tQ(KMRl$L5>IWdrfQNq@u=;tmIWw9T8UQiGz$A;Abj`32~RlqmH4jJK}OpBl=i3i?wg$v}v=_%)( zerGsABl)b)UW7^o{Zp7ku(yfHPSeMM(x|skF!EDtzyyR(Q&AylrklCWh#+dDsMLKR z!-_>N(9Y>hbT@cR034x3gixJkZx+CNbg#HI2ourbdiM$iFM{W=gisx#%7bbg<-6e! zZZ?pono(1b496@6ZvgTjHg-U*U{%1p)6jY}i%6H3W2^a%=2Dr1IyC@LEkw9@_I7UH zCd}j2WDMyE8i#nuQh70;L;;+<5O9-68(&e^0hUHC%64yOM91TPL%9n1$qros(C=DW z-$7p!)pz|BxEu=XUx5D0$oK)}@H+=sEhrfE6RIVHXQk-;pf*Fk$~jh1u-B!PP(}Z8 zC_{-5T91zdPc9rnkJffZH-Z5P+`S8R6`DW5diSf1k?%aS8x#rrYZMK#2*Y4JMMBcm z({t_l*QqHR6hHsS)euY|hH&?~K}>pq91h(STzwf{)qzWUu}&@)8Ibrv&Rmg_18g0~ zi5#1o5+!K>f^lkn?M0LE^aaXNp(0%)I!;i5BEJaPI$AGe7=jUDJ4#8O$BnB4i(25! ziGh{h0|O+}ei)L1HKfV}wFeq6j_8^dxS5V&uQL%?ft4NC9@Q-5^@L$Cygz4`J0&&I zC`UA4i-ZN`!-NoyZ>+CD18qp5fEwX?5{ZsIS`eODTc09!r7*4-rrP3kfZPqlR-;LF zRu)7d2CfIOTLF1{_Sf+2$-0wG1WBY-k8Gyk4-Llu|GZ&*t>1IP!54V3%ltV}BhFh2JhKCJuhSpssE zPX90+LMehZi{}j9SE8M=t*rpCd3>Gi55A@!JNV`7Ar$ESbRC#hSCIWBp(Z3gU80)+})iT5m&#-MyYJK;lUT{l$_w< z>Ok6t@5Z=39u44&aAxCB=NA$2o&5=_B?!YfzYakyh7@O?c1Oy+iwang1dAMxJ#ox6fy z(5^1nfka_ogl-X?FE#|^9W)|f5AugkLDx?lk|@dG-4Ow=kIKr|K!-ZQ_Gb$0fZK_< zETn?z_1KXvqN#FrM!<&1gTp5gO8Vddg6)HCp4goq9*jPHp8LwpyT0e!?BF5nDsD9` z!V{-I^%C0%7GlPguFs!Qm*9BELI&{yYO;CQ0cG)xml~&Yw@ne=)x9n%I?2U_6!u9R zjh2?$sK;ZK4iTlefJo^ikx&62hB4Bna{{uA5j2f12fzy7Wf=gBSEj*FT@eOj?8k(g zqRJ7CJE;d(7v!N17haxrMdO6g+8I`1xZ6*za(Co3RUvGKm}rHyEt`@5@+EQHGBV*l zQ6L-?5Ft8dd=l(*s0j5d-265$&-J`6**fR+Fm@pw*^DbOET_?zfX6po4ZOkyICb7DRdXz#;kx%5zXY_bJE~qz2O5pNRa#i(gTtb07wVO$QqlQ0pe|9 zOn^bxZ%Ycy+q$+wIq>Z}Jb+mmR%IGI!r({4d*MQz8JU^kCouq;^+={2a!Kq+IC(Mx zf{%#4Yr*#nG|I)H`RdiFiZ0BLz=Hu`(u(?JIYt^GT-nGd6YCv-yWcsYvd=aBuwFI9 zkB><9T3h&>v4+E=t+TU1hX*PoLF+sI#YpfhxPX5hYki}Sr{xCI{TA@t3q%; z8mn}pak$oSoVlZSTM+#l|)fa=DI_##k)vd(OuTP zmk!=IkIOAZh2044Etp>a8Ys&1s!zRR!aVM6+5+O@N*vKpx*-qW%nYj>w0Z)dVG@#v z2KWFe>#WYu^@;+52wV&)(_1R zr$C|jpYH(@U=$eygcv)-=c_a7w-nhAN~ImB4jhO=fd|RM@T-B7Yo$~sGt|h@LN*N^ zAyg!_FXc!`GOoB`D7iqwe)7GaJ-1kP#wsDpp^2;+^Rgb(-w%Q)A0k#_x(TcfsP_<~ zf$>M#@b1y+(nXkcQ1UaF{$wssOC(vap2D*9PdWTVO1vz2J}FtSNgTN@Pg7MzAy?!dOL zwOkOw_WRt;`0i>f!;uU0M%<}-yY?r)&d=9C;S^&Gn-XdQkV=3maRwl)7$q;_TRx21 zUwK34D*G4D9-3XGae~;#7DaK96vt)s-3M5$FzKt}_JqE6$MW(9 zwgX&VYA79Yq<3+dW~J<%pI!y4%wF zfjtW~KgUgXvb5Gfm@NCkNnj0FPzK{Yc4vkk=4H!-okWi+ci#{GGTL75n z*5lp7KR@ui=M{wbHa=|Mz-reGxVj+U!Sic6h$G@N>+) zROB{4T~osD^m`~`l~^eUqQ5sZ;6g2cEudfGBQn81MPz=L1 z<}uW+=|#Z;8g82}umeEjNX^LM49b{M4ow>}CY~KbBpa}YDz7L1QNfYM+@97w z!puy}bO96qMJfU84i0h%<7XfzKqCeH!Ptv8@K&PU_^e2M5aEYVib*FmcwNUe!0&+n z0R1UyK;=^#$1tb_=Puw9kotb+mvI(VFaO*p8Yalf$_i&Teg_hfyQ&~Gx@Br;SO9?m zkckNR6Mexe# zrT(D6gV91;SGN)mHk>#J*&rH=0O`XFkSt=$EVyufUFK0zQY%mqoZ=dHOR+?-6w#|< zV}KkAO>lHH80)t{5dPIQ;gX_P!KR47`BF4oYk+|bQ$=p2C*PMJto$Pf*(R!fsPd7c z{^%iqQ^1LJoi~|H$@Y* zRfs2kZAKiN*GcSYF!K}G>*^}-J|ueXAi;IT#s(Nai>DjgC*(<}bxBA{b!-6ELuOVw z=*EABm`0SZ;}QXRErQjHv=A8r-UR9z;Burd3M{_mAfI<|b{UIDJOu%aX)s7oQ}5^` zx{LVu_K-k#&ErP9UabrC4D+iNa0!r`fY#nDeFE-`f7F)&$H|lx6zD|GKqPR5RvA4e zT!f&0fH$hJMe0#UzsSrKK=lfke_|cmK{cLsxb@4+B`AW+5n`cS(b3(#0_{EB5c)F+ zZYVm5>*Am2wY`kC{|>vwR^AYF@&mNwUL4WxIHvs0-AQ0QSvP2hiqL64vXnrQg=p{u zU8RXs0A9dz>Qta5Y7ivOB5N*GDN8BqDp*9=0k{&8h6?%$N(L@YO?4aIN8yNI`2|2e z|2IzjR!nK-=8ja#!lmZ_jM1aTuU?Vg_yR($#sD0%L8kCJM8@alQ4zJu#s;^JAdDD2 zT+Qqq5ymd)nJlfXQPT%WjL(JYT`+&@pNu7% zH$Ca;ti16OQKd9}touT7gA^2SgE+V6ta8vKJvd^xYwHL%-p}J(zaCMdj9^CewAeWY zqHte<`a}PRs3HuJ75%EFsY&L@Pk}7ra1|DEg0{p|D#$|Atwlxi zz$*%hc%`MQ(apEE=3xjLoRWd?2pDQ;(0Q>M*_HKz<3vmkw{x+b>?ppeu`%h>cc?tq`P7SX zt!=xw*<_!Qu?Iv21Uw8l=fM#@=15rCus0Fj{eV^WoYeGTUw#O|#Fl=yD9$T>Do7he(k!H?wxv)YY*#``t%UfO9!(r%@sw)(x}UimX?+wi~wpSh(`_ zlMmUV?bDv-+274BSA8ZghStJoquU=mlmUoZVa=LNVt% z7CP&5jHF(aNux*f*gSdi%8w1jvQc-N={8};gI=r zLP&@>%nyEGO&CjJZ|dPVG%xAdxH(aHrpcy6BBcde65xw!#Ec_G-V;(aG+U}qiBCfb zd0{XV9WJV{;Ml?0flQ%Qh!CJ;MZ%J?krA`|uSj6OJyybRFo`BHyI>0y2P8nd_R&hN zO%xH|PD_hEiF&R@V%lWmNZ18qXgNT0g@%szl;k1POjT71aelAO+cl_7-f+|Yc$V|s z*_HGtb42h$T60rVB4T?k@l`slO_p$Sa9~id3?;~?o zCjfn+@iKON?P@g0kzC4bRx4Lagh$FJW7u|XlywPmEA$>2`I~pv#!=m#?ETE^IRLGbi`dO@yZ$NVRmB#uDJv4m`qmV`5CEEi$9 zMq`3^5s{GEoNto;j%A9CAOB;ikiaWplh%Pt{kpVt89Idrp`r60m8hg7TZ`UZR|g6A z6|7_)#uN;dLb692`0(-YJa$vx6@q?+o-K+F3yVKE{<^z=I*E7lcV!sZwm=AQ`Ru}1 zRERigCg2pt)(mAzVcsh7i6&^ zn5Rj!4B|nk8p}?CoEH493P-!HYhQi;!*ZsbF27mUq=<8|P%?XipaCfXj{e?oK@f}#lw+DOvv!BA&Tc3m|Q`wIWcIUdcqu0J=`;-rsyJp4xo+|%5^o|2xI~DwPxYKC!*?BDfb~kjWmiPDIW`kw<|y*wfN|AT zC74-Rndo|#hetDdM;0=bVb|#14FT7Q`$nM2aL2nO9`xDV_D*hWqu@scnjlmY&mpEIcn{%0RRUxdpy&gYq2K=wSiVF$Am(3WP6z1 z2EJS7S=-wBj%CGzM>}@k2-^jI6)}XaeXL7}(WU$>Bnz0biHe|NB-N7_qg%CYE1mIw zA|&TN;>LlS$u`f)(eqyT_OhwUGHvG@LSi-&aB)Hrliv{wfEnNj!^RUiDlEKJRdfs^ z0(}vJ19;yJp9QoXK&IozZ(*3ng#6b9F6U#UwQx>Bx$lCB5-6pmX5Q_v+Q?P!pV)z+ z1iJS1htMDMRm^N(%SpNl?}(3;hLs>axMV5B=-^fZ3rDLV&KRD{Vu4$klDt`I;Cf_# z5GpST#&9TBK}yEQd;yk?mIsq@Pv(|pf-=S3f)&C+JmqDb0O4~mIm05TPU6trR&4rM zg>O{{8tL1M^j~YFjpx=u)j9E2P%#RqPa&#d?4^*gATVSa&0oWl)wss ztJ`2Oe0r<1m1@zqq{mvAIB(W8sd*6x)+q#kN3oapwY2z#5AEJhXNOa;0!NH%ul*j+ zvmTZGw^QAN7`=<;B9a%T3{=!|D;Kqjx38;3uhNIMR+~Ob@;|itDUrX;_ysD!oN!3f@%ym7w+6MFw7D|guAP}J>fIS zv5Y~&91}m8ybohaE!mzd)YY>P2_ zDIcpK9s^1Pad6BRl*wTKtB|se?Q;&?5OL`1iyWdC3sOonAi~t~TV+sbKmb1CQjQ86 zWS%lNaX2l8TPA6yT9?76gYXGfR)b$3BjGqe-Re}{_xM5>a#sz;ml^6kB$-o3a0&)d zF#So(#aViohGyBT3UhT~&@?@y);XHFKP?xBWJ-=c! zfrff~>j;r4X&?L4*f{831>TSb(Wc76#EHoT4qEE!d&ueE>#;(bJcJEmb!j>+DoU0V zNJ|&44i5Ae7hMpZM<5Pw?U@9=2moW@viNnJE*R&QlEOqwo1J5U->9x0o0EgtDL5X8 zs|`3cZ~274mLnPlxDxVjs&x8LAbX zH~n0w^-5O+rxGv%BIp=e?|?;#k_Ypg3XZ*_xQXd5N0E|PZW$T^d)5TxP=`Xv>G)ZZ z>STGwNLB$4Ed&V>jAB1+s~^V12x63ijWMnKX$gs>4QU>pmzIa`;v0bG0Gi_B136(Vd$AgB8jaPMaFdIwCrFau?609FM z2wy|qmDG&F2c$pI=1}F`o#YG52Dl-(_HHqKJw2NOjolQCANR(gF;~;mYY~pcJap-A z#5P@(uER154;7SDFu-+P5J6#p04&f7F<*LnbwJ9_x`7++-T~oKIe@^$BlMUo;P6Xf zaWBprJ}B6&tU#&4c4UOZ8_A787LFkC_^YB6{c@Kiw0 zQ_xM?-I>+kZF%bC$sV}qv8D+GW9J6=sUYe%ly8Qtyidz;8DJWb<1T)lAZY%j&-Dk> z!Gm+}sW0byRL?ltJfLJqvOLbg;lOwkIM&sx zwN=a=;|uY69^4Ewz*G_6fuzi?mCqO`fwLbv0O1Nq{%)K;MGD>)_6$qFM{tj!0$uPp zyOwXtmxdM{J26X%Puyf-n^`iPKy79wdGsCk-odMqG>D~%St^iYzn@HF88^WRMl(jOu=YecP&?-Xzvz0#pta#CIm zTO2Z!5l+9JH;OG3Z=atlgD&#+Y!(jzmk9_b`~|CJ2RrV% z7@l7N%!2^GvvvdL!iTzwnI=9(vYTVXNkh0w`)ib)h_j7oID_g9iv^^4g7;oKMot0} z;Hk2l@Yk$pOEJI|yUSKhUS8hqJf=lmsc{u$((X6b3~Sy3D5Ee+%c2;id$Nk{$8gMZ zwYn;?rO<1$gj2t^t_};J&&Cz&0p;@e%)o*N4(6^;j1x>&FtSZ(Wga*1bgQkltq3|lhn|9wK279 z6^u+SgZEfTVXv8Zp;Ham5F{WXWn8tV7Cg{mVvz*xKXO$|D~GEI^LgKHP*&rd@VX+op*{>)toe(V*yx1Ic5@m2O z5$%IXvkr+53kkPV#cV`0L_0TzShm2<5vQ1ScOKxhfh8P59889c+8RGyy@a7gVIut+ z(2;BpFS-Gx&}7LEDd1f_urBZ9yhO6xhtTVI9S36eJG0O7U_bLdVimA1;2Zv6^P`;> zF|rR5Kd{wek=%rB@A6;*)Q3(WvZiG+OvA z?b>NC;eFm#6ZkXqXd5EL(W00Hi)NZlF6hVEyv}ma9=_#{@@kt9|Dw|qe$GVv{mJKj zUdmKWMs`X{g*~KB+{ixsQAxpV#xbIoU6CtMY8*k@M1?t$T5+a~xZ`~wszuN(Jny}Z zt!J0_9T|A?sQEYG8)7s1@!`>!FJM#;&Ut`DNUGCaBm^7XnQ5m z5HeFDCbh_$*Xh}tUH3VZo}OL`(~n`PEu=UEl`C_ zG6J6^&T%LsQy|{VftL%$`k`Y*n;qs$2R)LdFShPw&U=1YXS`)8ENIHH`+T0Ijg1e= zexlS$Gp_r(SYkHL`iWNj2Gr-Csr3x1RI6I+ym%fl5cL&fgPPKU$HuP1Is>-5D5@F$ z&H1?T!Wli&%hs_*K(2Ehm2d^{#7|&e6@r2+@SQ~+TbS`Tu_xbn5!*L`>@@U(o~{Zc zw;%8jfOVP7-@}5>)0Y;OhYST5o%-$4#Z;*+OhujMX^Hfijx|qOsxp&VG?#zHtuT+%kzkf2Yw0C}j zcwPQ|o%?4T&Hvy3^}e6^o!GhYQM-zj6Kd+U$6SK-9+&mKonUOwI^*fd`rlt?*Dn*k zPIyKb(<(^*C_oi}1)p5~xRn7R{LiaJ^w&quJ0mN1&S6+d`OfenNAVKn%&dOq zz5o3i$ruWi#-1~4b2y{&?0!-GD<_n`8nDMWFwTCwuKvHF^d#>Rf*4oW?e4z}xbV7p z@ST9N)NmL3mZRmO~$GY>h zK(bF_Af?{VxQ(RYkN^E!B$eC6<`f6-WzVYap<>T`UU`;Il;x3VUXmS`?C$^kr91ua zmlpr`1H@$+^nc%xgv4WxVWBuZ;G@7Sw_H1EmNf4#(OP@Cfe^imJ9l>c-;a$v`N4M4 z#gi=S@duO33`x{Sm>Fpq-`NLT{psW>VHK`BER@E>XZKnor16e$-v8&vlCKdW)x$nE zjkakP@v=ymU%&C=7oF1c2F`0rVzO>}pU34&8eG50AG>MG<32TfnXG}Ta!Q0=?El^& zne6GqV}!j&fAve`z8y|fH240wIFVPrIW^MLBhILoU=d>{$9d0BCi}T@P_IMtlaR*( z*P=7id@VI^4IgC-;ZpwZbs!-Ty}ACKQBzG+X1V8>$i`SusGv&u65n)gU+D{{2B}Q7 zTKo57N4HpBwEapNSFn=Iw=|IQu5139@I?X&ZEz>ve4wSG@RRtH6c zvn#LWLbItX_h|;w1}gP43=8`myrB{eRT8LliH|)%Z#ums7j0WFF5s zcu(f$P4(*K;mhL;JvOCAI;I{1gQBvd_HPdS-+SGTj&6?R&R~~1Vb%2LsCqH^mS$Dt zs2m$<-;FPVIp)&M_r$_S-`{UKAF8*W*O;#FHeWAZ8UBnoVDP`M78lNhV=u1X{_?}= z+fFr_{w;^f_MzjwWVSMt_i|3@R#ui38-M!jx4o6xL+{r|#)gDX9GB7+Y4A7_PIC>r z_gfj(trbV}rhcBkB15yoU-?2bne*s>-<)J5F8Tq5kV;->7|ZF>$L%YPh1=O)V3qe= z+L=1)BgOuWYt{`*Ui9bU>IqAFfj#W<0lU75^#xq5O{puIv}e4{PhbAKuEAy8OtN=* z@sjTgX^oBGB-=|Yk^z*mt%)SMU&gc&>7|!P=2LEre{=l3beTn&`z%x4nZ*6K$}j2r zx~REqew6NaiO=CWE4i=1-osz*>9PB=Iuy4%&jegOaX+)|<+Mk~6(yR4{6UU)Xvk4hHuK~(FfA)^FjTXY;dqLXgiR}=QcjKBbjZ0=`9z+0h51_Q5NB;6 z8=cd>-#ROeb9b|YZpf<F7CB9ECci1F|0XiL*_`RitvzMTahc^&f+NRy6Iw?{Mtd>c23;9S`KNVNKSLw5 z=@~w#rlbn<&+iQ8RE$#PYb^Xd@1bhtol#siR(?pI`@YxE$- zscC>aH$?w#M3gPu%}$SGLRV(mk>fw{SD*dBKtG z;X_EE+yMmrCQ~5wMsIopw8$>X&d{a8h*Ksm{J4`?*AkwN{D4So+Ie?sz?C zwusD_{Hh}tqRU3AXvI^mx4Zp{cGW+5@>FiWzDuK!2nIY}SvBV6Q4Nl+iI!;K!Xrm7BL6J zFixVdK{Es#W8+&AM!1^^?#1G&MUmoDPm7)cY&+U8LL~I_c=;^2y*()3X0ocdb~tr} ze7Aol7h?n2UFZ{#Iu>+*MU^z<-aR4@1ij8~Kq4+m;zfME|G5iyesnx9em`9LTev4N z?0BcX)D%lZzthrB*L_udbFKL!v4_~~TBY3yX*S9Iz26JGtdFYG)TG}YZm9M@sHU!_ zY)Wu0;i*_|8h7`L_pY+7Ui~F)TP-{mbuzbnm?BOfIOyU*S)o^l=N#0cUQWJZso1>R zXjC61_6RP2F}=y?N~^ zrUt5}Z_LlEY^*+38+g^H>i+PVoyB#F9Ar_R69Z|CXO`hsF@>Z@@!L@IxSm zERDQMJLW_H)6s&j5iE_onufd`gpi0<2fnDn-G_$)VlHBHhnX%LOFtkbDf&%^Iu!o7 ztLm{=>6w_kf$Jay1r087=yepk8Zm{LI}21}V^foO_xT$8WS*_%y~`AQ z;g%#m8?!fhMKfiG^becma3~rnn>?GiRuXsJ;*VJG*Sq;;LpzTOA9c5D`TQxlSEjqH zt$>WNAy8h9yyZw@LXwE+Z8KS=gWB=yUAJlt$OL!qOxV6%Ww(D@HB;)yscjrZ_3vjZ z8m;y&+e?YdY6NCCnve+=Ts)$}k$QODczL#;-aKMgWJ9TWTY$QAQi4 zch0pPG@uEmHNPK)_uJm}c)PNP|KO8MLB*KFB>Ji?7flVhuPipnPeth79P-K&!Et^~ zz21uK)2C*-$b*G+3hOF6J4h&{3myxwu_>yzJ1u^I_XfI# zJb76KSXPO4Z^f%f|7AQ8 zyGLTZ<%kmiPZ6YK?`3|pi4PrdS7~QYNqxnw7{x}aWwfY35(4x5uz5H7?GBk+{;V+keKJJqUm9%+UW7c#; z*kbii(RTmyf+|Cz#2@`LoEAIX|INI}fiXTgQFvkQMNu$?t%d0N@A)mB-q-yj3yjat zy0sr~C(H78oVP6-&&ajrl2h#L|MK^HQQm7|A)PZzi+%}ZuT;qMs#Xe{O)G!pj4w@o z*DQ6fY#k@xPf=#K`l&HqPe!P?(5kg4;)mXj^*7i0QndHoJzsabS(o2nhEle4 z!_)QD+OLi8e@-YB&wLzhqt4djUtv=dZEIJ4dYIt=%lAT`=9z-S;dBz_e*?^SjaT)( zH9UW#-%eh=vCYtt@u_)EkG!Of$Tz`D55>fU!VW2Ibx0d7?{X>c8=3|2KkD=r)(i|M zg1ha6v~(IJ+x^TM1E4^}>6S<3@;ZHyCWbTQe9->3@dc=0z?UZ^Bw*<{y@eA7jW}W) zS4%#vD$s>N0`vhy9t56xu6@oB^MgciDbvA-dIV-8rD3-}u>sDjm}>$TfmC3;zUJ6b&t{u*t`V*w+B00mXo5 zKCwB<^(VU`0B{1{m@5l@djxhq?K(yOpG|FG!aho@@Lid1|A8tEX%64d6`Ii_(-O~C zX)>e#Skg1EHC$vIw5f3Ly6*O{{#om2ny8K21>>TH)$)j-kCKv39O>=kNo%4M9YV6}+ly#DzO3G}o^!-fyX$S9?4&|=s`ngtL zNflCaOY_9anbzVxC$<(x`|5i{a7xT)4vfCG)+ov}nx5K|>eF(N@@vPJzb%ATpM}|S znWKZIq4kE-y`?U$0M`mwb&<5BJ&J zta)o|nX`B~*}ja6%qHG)JZO3`j^^79^{-5ll$3NPMQ@4)g{Dq+%W$Xo)W_=Om1O7C znos`{wJ34E9y=YTs9-eQsNIpLSvcyq`u)$dE;r4%OK)uZ|8D$Qefvjy%41Z{BEUU$ zsr0PpB^Obq@QI9LY?)%5kAKq6uz_?}qJr4H8<=2G5_En4h%p@)M;1IlRch=pk)Z^I4_5@hb}Wv! zX9L+4fuZAt)Rg_Cq^tq?I*%x$Vq#uHs)r-fEYY;2$32xZz^zhG>3Qb5Xyh>oZaFn8 zWB}RNq+%rd3##Al2#jzBH9X;0$a8>>KOO5Z0I(wqu+ix&v!UzypUe^w>jl>rhIH#_ zX<@9Q!q;Q}X*u6be^C7WQ8I7!mpa3x?-CQ&8h*(I?Gj=%KhD^i`RiiZ+P$kD?dsH| zM+Y;mo_AbZaFwpMS!kowydmem*{{t@M#}HK{2{(D^Wdgek%m3D zMxN)))#cdgt*vFY_WO=US=s<>nD;VsGZ~6JPuN-;be^ZBI3g}^f}`qj<;D-&Dvj5- zhLR?^M#3)7D4(XdXYA6ljjNR@M)^ zsM=g4Y<+q=9Iid>&b4)SHi9pinx1MUqC_eqMr*tOb@h!gLD!fO_oCyhto#Zz$Cb!h z=lx`A0v^Ww{vg4uC&_wDd(r*osf`K!y!DOw1O15}-Lc%>Ytr-I*9e>Q{d1S49(j$a z-_#M&rp$WswTe90LVt7I_zlH)bZccB=c$yD!24&*H)p?Y=zFjCcX7w>Z=(Mj%ALnG zM$yTvQ?y=G`u^8GzSQUD?7~O6*?Ej^w$WN@zi6})v$BxOqyn9amzU(xfLrDJv#vjFpOw7K{Y|jhN*H4!(Prkn zJUeUe`~Ia%X^*5cN+qbE0=um+hXhh1v><1f#uOK$FGmoH0)`Tc#DsVed6cI z+-o#hmJzz5uR!kf*|at_8C@GByGu+Ef)WLLL_Sb1nzYu28*#U~hi3C9K=H!#_u?D< z!Gp4-YU56BlxyUmAWB*f1mRukBS-2YnD>I0lBLXxgTlUC|28~7#$NfPopVvKuiCXWJxQ z?>gDFlIB`%Yim9=k>7EHg*D(~p)&WZdq~41M}S4*Z)n;ZW*-@Nu`eUl`?F9pyoEKD+b3O{320ly;bvf7#Bz1u5xmwiy ziD>Du?k>!F^(u^!JQTcj6o^`fG8p_%kji4bq~$#wP0ca{nM0@WFP6cJKui56wJiT!?Nz-e;48?ko@wihcXw>$?Z~UR8C`qY}tRQMVO}^}Y@od3&TjLqGsU zvLkdTE{9 zRpDJ}+0U(ZDLsF3MozAt>;9+Nik@Lfhf&rBD$m;&oo^ixTjiIb{IZ)uRblFJ`?$n+ zZT+o=_N0zi;yO2RI@2Fvn11bgP&VKi?_b)TGGE3<+qPep6;<4dZgZ)hPi~mBkh+>@ zZsAyGXsNv~i8A6K+x;&Cy@rEoZPj#-6~&*wdF#^$`s?h}lAdniU+HN}`dIch)8d1& zCkRV7;^H~kv-1P447kPjXgV5HXXo7I(&e}R6L?tvw9{YFlqc6>sI3vu0RJYkb<7~N z-lR;RJP3N$sw*F@b#gMJ8qIlGS!CrP+2hvJc2GfLKI_YfUm-S7_w@3J4=OJ&tf{!m zDPoSMnA!x*bHk9KdgcAh(mtDr25RVYAzcOCSh>)ljaanF$w>@oYa14r30dKc;mXl2mLq3VrdFYB|(>$DW4M;^|fS+~uFJm30;1|$@lB?=<~ z3IY~XzFW};W$|EnwDWOrm_pu7Ok#)F2S!gOir}8fs+rn-NNiWYMpZoi7@9wT14Q2m zQ3CXA^*sacf1&Z@Kp)-kPgG5|-(OpHq+HVT_!H;(TTlF%{?EfdY`lm1hUMZySlv>X z+2-C4a!87}DQs!qRw*<3{_)vNx;)?J(zgRQn)Ft@_C+Sx48P;a+AyDd!m;MX*h($S zmBn0wqdlaZuX;7RXS8jh+eO(llrX3Edr16NFzLwV2cPvY;F&x~->}7H8LR^l;uZCZb4u(Upe>FDE`tUi@r1c01 zOzTsx5|LzUnsjh+d0lkhS&j1X&_V1H9p3Z9$$M&RnrX?4EcoQkeZhE0x3eWNnslb2^kc%`J4{QUFIcOAv>OHMRY-s zYa1g-A(IQ>3H*(QOeZj2Ch)M{$IKpx7>l~S#$S~bhQZtm?OqXV-6=iryx>PATQADV zt)U z$R9_DJ1OZSh)4@=5&pM1Jk;;mc5Z+y@(dR^Nfwvtr~blh(p} zEDu?H9nWOD>v-nsp2bVgp4+CL9vNeKGvV@GSB`UIZn4!iF(>iVHh;&tLz*t%C&lU< zyrgO!bW=H_!tDaC-|Vo_DXKLS&=;9*A((E+TqA9WVUJXp= zY;1D3vVHvnkU9{B{4Hzm=*F+k0evqa<;&o? z=M*cF=eT3pxy6coHRP_h{bs?pcdU7@7(gk*&ScGGS-q0;CcaNp4olW+YNX#+I`MKc1vyE21t%AALRzOldQb^_7^=7junn1bw_o|Ov z#&EJOHQ#25NRm9pAr($pYj1LMuthg8DX(I%BXy)J`md2=d!#x+`qH2F=|4#}`^fgq z2KQf}rjpZ5d+nz_?CEOrL(rzlB;1a%!94Mg3spo<*z)qrtQ-_K3m)Z{C!d)o;@{S3 zpTfoa?<@JpQ{iJrTB#mam1Q^&XJj*#AE;OyEZIi;xceCnAFhSQ`-DkLvx2EpdB<%I zoMvcwQMRBOIWZp?ba8Vq+dc1W`DjA$VLhi6A#4eHC7$S3Enb{t*{Hr5wfdJu$j72_ zk+a`xb4z`iZ%DN8X=%RM`~eV48VUTT6P3Nce0kBdRQdOlF;!bZ+@17Gd1ZcAJx+83 znD(pjJ92(bUHz2ClJylct_-K;u86iLw--VBZ z`x&4=fYhwuTRBwJow}|mn9v@p_FwAmU7nqVn1JzTD%nH^tt3l^dlwqF1eC&O7^&Qh zK2sIVinwJK!4J8xQqgDO!<}Ul-)=ZPA-+o|K5%aXl}bC~qN>cge!-het_wvgInw<< zoy(=yW}0tqETiKcNAly@O+xX#dz`A zVs+A%_EUna5_fCp`MHZK70YweRhtf%6%Es>cC3;EioGVP<(Qi z49)S=QqNn99jC7x3LIruSBF=j08o>z|@`228U zJu)%dMz=bMvt|Bd?{VO*+jk|BN!u>8Q5&Jl?V%{UVIqx};yuB;nd2G2Sx6wij{_?`6B_ z1`mmT>*w~tLFvjQN+PORN-By-2uVmP*(C`{Qc2mATA%A~ z`aQof-tn$6-e-v7b=XoCIaURFoz`)%D4@Hz*v`HPjD`Mix zs{O0wm8yx|!AfUw+~lWWon=2Z=y(=?%FZ2%&> z;SZz-4je6RP}{TL@8{Lk!2=>*E!L>hS8TjgI^&4>{)&CWPY;$%Uud=L z$J2n6{1M{Yo-H|fNb6H+p1YCxcm?(L#+qT?guf5)Q{Gg?I<>fNV%qeT$#`X|? z{Hu4zIa*Qiw<^BG2i~l|dZw`Yt1elNc=4_%$)ud@A#2S;?n_5}8oDMnb>+@}ZG*ke zRV#henLa8oM0;v%+^wp04Z3U7K3E>s`ZW8qXXBki7RHZ{sfK(Ss#aNFqP<}7jNc54 zt@dy8gZ=hglU{cyzq;N%a{k`ahf?N$tCU_3FdLScx_R4umB0k8j2UMoqKm5QJ^gg- zY?kM=SvfECP&jC|X@K~Q2@k5im(9$0)sj2iH{*cC$3}18aogqKJq2y*nJ^iEw!@A|vXAXYg60@7cB zA&&~Ae+11C&l&oB`}k>6{%O*#8cj`Fzn9zVtFVif)#+Bcho>jj*0^2w+HN86kZygG z{{2rL?SZExYvR{3gAe>%Q*hmD`ck|3D$(=*#P;Z)*K+ywZ~ILh>3(I`oZ&;>7yo5{ z`gw$Olx$7AEqz58$Hgx?q9w!Yd*}AYK3m-+P9+et9-K8A z)c5Y+|BB%S5^2VPx=qhT)B@B?bq7c)nk#T@rRuA(^W}Bi<9oJHfV}?tMr(hC)-*|R zC3IY9VllQ>p>?*{^`fnw0$g=dG;+N^xVhoYg+TyjV=+iWKX5iHgr&DgZGnM7hkrP8 zS{>_lcI6GPADcRIm_NQf$qF)L-;`d59@9Can|(1YtrxVwO98nIH&8Gia>5esEV*Bl ziiHVk2wU_cm5rDCOc5?m?6r@-h~4%2zIIwpKuI-nziwAb8P!GfmHCiTg%rOw-<{cG zu_c1r3}^`POl{)CCs_vcxzKxi0rVlhO<*n@I51TlWvO^ns(SXk_@V~Rh-jb(VmVlo zt*vYN3%K`Rz4ZoKLfc08E;rY4mgpM9G7Ll@(7N~M6=YOfcMEo~6N&n!4fo)<5W);Fv*Mu4-dbbqPvB&`EbkVUK_+ma6zo zdiW4$8GmHj1h5?y5rMCM;At3NFSc2jGv!WR7S|pp{QuY;??oC+R}DXCESi1-14}A- zF=j@Sr!KH&Lgtrb9)_*0E!}=5kNu`eqJj$$&mY2R)!JXExv%mE?II?Z8+82`g#l_| zk`1b}71yA(Zt%#F#<7KTi!PUb#*|G?Vn^YXO3@XpTho369)&|<=G9HfKB>g@qQ}0Y z1Ni5bdY_k$jHa*#2T6E&RI)Fk9a2(7FJG$WjmvMKRU8liTQk}Az0#jMGFmVv@TdPSf86}tf32I-&XtnBg?E-u<@HtjjF(4NDELOf-Y zxd{L*EMK?fb!U^3Ht9q#v=pLTC4;T7@Orqm{rr0x6aHdW!p9HaCraG$F-O7D4>?yY84xXi{%>fO^T z-Fx)tJxFI+>N6BHHm!>4Df+-iJw*rI*730`gZ31T89UYux^kE8atx4 zbB6m8?F;&$OZ)ZtMtXk;mq%zAt@0f??T}BUn(6)aHx<3J-hZ&7`2GLF@A_=sEGD*Y zcGQeUAzD9_zgi`_H`l#-@D*F+xFAAIIu-%zVs;Pl-6V=xTO0bcN_W`m@TX*_X_DTX zr9@Z2f7T5@IYl^Z{&{`vB)Uug=XYZN1$V;mQ_UZo_AGqNWZ#1)MXAKc%k}9q7DXI` zyG&${=Kw>@iRnTGt#ylEUUGvel2zV-zR9_T=_qQeiv(O;8BZm8TbPKOOA#oY7?|fk z%PJrLJ6SoN&e3>1X~DdC4UB;bT6h}^jCAvXHCJ(bQM>_lu}&$Dqf}_t31cRsMtv+< zEp$X+4=`_2>v80P^JsN-P;lqAB<6RBN{lK6JqP<{)QTB+=BqsKZT`{r>`GGQsE4|3 z6@%tj^qLVoxQB$evA9Nvq;?O9E-&UyzIZ||zsP<~aqGa%R~BwgPF*-KK4#ICc_*H^ zD_2|>8?yVP*f^7!;x^rGADkEI>noGF!FN=r)eEgd#@3c}F0RxroiioY$o#|Uq-*Vo z@%6L&TlX z)8|{dUtSazV;piuB{1)uZL%=F#rcn=vmM7fawV7qGO~7U$?ZTd^?&w5U+r;Qy#_K_ zK5!s&*xxLaKp5?l7KEIkEndX1-3$a@iSSG#DE8Wk4G+3{N_i>t)i17um4W5aBc^tR z2-?UHmBB7X_R!owwMNk9O;JUNTkyET)Qf)S#OkpU**bHjqBAnQ@xW#FnmF8keu{~y z@7mHNc0UIukf09&dDg~8`zj>vOP%~g@!V}~pklhh1eY$l%Ic7b;GK~z_= zHBjV)=cbnTh56mfK0m(DsK0<7KR)2a#V%oKi~-X^V|YyQfI8mPNB zbVe5q#ex+@wcntzU0I~oJU+3D)a+R1#4Ztkm>L$0P?*k-i$kOU-5o-i_svuH2@0)8oF^oFpXM(a7E_g>AGEUl z?KB4R{C+T_%B&OmU|88BFZ*5pi1I;WBz3V0{aKwfOIQ!*stNRH(xj+{$GAi|4=Xa* zC9}wpBtEAC^WM&t?QbWxWsKPU8R*t9N(Vmz7S^{d57Xnf2T1bMqLaTrt7#0AfA^SY z)>HC7TDtnjX1M_ae(*V%mZdVPrsypiS`iaFVW7vg&9x+1_Q2MZQEP>u*i)ybg`8QZ z)lxa74O_pm>c;L$787n8>{>Ris?mG=xN$JO-ZpykR^wSlJZN}}jEg@Tv9NNX`UJCi zQt!OBj5(2EXx>`eRfx~{2k<4zl9%o*9{o=fLY;Y$>$;a0okPvttneXo@JI_8nYZ}1 z5m}*8qg)}8ecsmcXpD>ObX93|6%ffM!y(5NmkxyiN5{6dUac(q968tj5CciOKx zzjf}SzV9uPDz&5PAE&%|HKpz0yEDZj>)L+&@{P=2U||sz|Is2*>6mFR2?_KQ&*r$H z;KT5zmi&pMM=?Ok$FsXr2Ob~elklGmb|oi|%_>{_E{nvJ1GHepMjxM-_zu2%XB_gi zC~uvXu9lXHf1P*clU=w@m@%iz%64+H$*K2z=^Ct*x1Q9FN77fXohh(2vRk&snwOW5 z<>>V>_>ZfSmXGlEUe7&F4phy|?ZO)JPv@ zt|ethTK47Af4=#Lr^|nr`HOe{YqaIR;+HcPe(WsfInwBK!PLQn^S)T9cM_AfB&Uq2 zFB>6TT$22?J{>d^VR}jL8QDFnQ0#U8A;7w-jiZFWUEGbZacAn-g9f@Wu&2~yjEzA%1fCr#Gh@=NPz9-_3s{^6D3*KdJBo$ z)&Nvkp)R2x7Dj3w7=nZaBKB*--mgr`OuLXL?1QbfqNe}(^YnCeBG89J18ZhaBB4F+ zMlNWui^H&Xd_E&|B(@34wxRC`$(ZHlmakJS$`DS2*Xp9QPkOtfY=|-*b-bpZHn%J3 z_!n}Qm#}=H{j?=$58Prbys(KB&Fv2}Mtg@bM&lvD?I6^7@%DF_GgwlvVe(#tT)v>Z zfRH}H`=Df0Lc*%g!?thV&a{Kt5nPS|&yREBI>fA3h=RnPl}igb~lLqnEugWM!zaDm4wNY3B_Gmv3 zabG1nT~jUs<@139uWYECts>?9aT$Z)U<3G&-;cxeV;!!v_$E0xWU-slUu+RnC(_q& zSgg?0;Y?%b+FBKJ+AMxLGGFjO!hGe#3H@>7&^tb8Iy})!@UO|%m~Ux!GDv`eUPn*Y zBb~i&VGDkNa-3NqYIE|kvPTDvU5MgygTXT65W-(Y{dXAId-m)ZW=z?yy}4->^U+RD zWC|JQmODF7)YN=iSvf0YzP-IK=@D}z@KW@AzMs#^@*~-bk59XBL3T$0-gO&wWWHt# zU)a;wT)2Sqhlmm-)p%H5&>5buHw~9dWq-+hpV5-y==oWXO`fn2B@pGl1ow|Y!NP(( zB`7-~Wm8aKZdQ2JJ}JL4^<%Km6H7@!&FF+{oG92xi`H_a|NK3>V=pbj1$0^1`|)M{ z4d_cxb_#X!YRXMfjdcbXAc5SW0#AaV)`Z1Gsn{odLq^2vkZRr+P&zJT!UmXWe7nJtPq9~?ESmQ`FRIhd zpXW5UI=5&*P|h%8X0{oT@qQoUg-Y=_{B`g%kBC>bvb=cy{M-=bBY78DFp%D=6N@}e zIO}mSP8`&tt1!nkU#~hk?_G$K_W1D!2Q_i$#GZ=wzO}WGUDR9WKqDa2%b#30+`&U9 zf(tyhmhe1(cm2z5W`(HwZE^1W6&<$@e+e_|^1XJJ3gDZVC@*98>&CcD9}caM zf1Wy^nm1*Q-TC4n+W2~>4?UOQ_Xg4C}wP9tXAk>KL z)XwZ+oDj732urulf{YQ|(u+hef7Nm&0kmlP)bpG0R@W6W>xBOcFOT-R`G5JB7ozRO zwjK!q22oM5{%FaDLesp9`srp(@3{_uFWF57AUlct83DNh;1(cX-{mq+cZ zUv~zsJ=2BA0syrh77oEyF#NmfSx`|wGvv@rWjsv4W#(I0jMLZ0)NbU??0W2s-ZRTn zDoRtt#HNf9uIw%a7L0ZdPolz$+6}E}Lvf`klsIsJAfxX#WWddSbInCB^^<@9{Q)Tr zn*Ea}H+Qu|&H5)kIv7f2QK6`-*P?k5(U$WQE)A*A$T8KMFxcoZi{i8_N zVAs^aivtp$D3i)=7~%ISF)Q`po$*Oqg1fDLcx+I8xW^%d_Q? z%$X=o_Am`m&MNamM9*3kS-E?tvUJ^kgEOJ!S6SOH&LMP1aMPp2YvT`~^)3oIBWQQO zyj&QTg(f)FOp5Bj9l;1@v1)j}pseUj-l=d)f1!uW7?8Z-kn(TM7^6(akf-zt2BFHv zB+*H2(WOVF zr35QV9fX1|o+0VtnWn!O)IFfZH|tzAaPMh zjWs`J3^KjWvu5pyaS>`vH8p*39L624wUx{kckDlCbl@A0D{#ePT;k3kY|U%&M5j0z zvZp5Q6fU`7KCELr!;t7?4oI{K&~lB9iAgAw$Ucfjt-SmqPzque+B8%jNa>X!%}D^k zwMbVNQhW~elSzV59{TjOKD?~u{erBY#rU+Laz)bwi8aW1+W42!Rrprsmv!}O3vacB z-%&vl8A&CRlKd(oHUX(})$BUcLU~2SHe^1Y78g?mopbp0alu*?B>`I4`9q8?aF8c8 z#x4UTTVy2zB+&;chHLd{`Qw6udV~m38b#-_SqSL2mppc`or$8KFcDS8ycM!#pb4Xl zv5BVRl$Kw)8A2ZRgrw_083|rYwJPd)zg?$=heO-f z7d1gVPWTFP;+@dYUeC^9bnq9eo2V(+k>*rH;#thKl1U6R7V1e9`jR==jvb>VGr4p&7C{f!eYso z$K{B@?MG524Hw{1145lHU%G^VrbEWYDvm~w`1p8qi`JlFWLeBHh>{-KS&0+`jix>{ zlPeLU6!H_ebeIb9U8#|fKxR=mroXV8J6A(b?-xLZ7lzfdV+$+l5%YGUe;MOKe#u5m zkBVACF@Sn9NhftkdU}bsA$?3*N&FdE8J)sjJG0-dp8#g2soC;K{dkNE$r5W?QOc-~ z0V1D^i7o$(fo!d$tD!OHuc?ShxicGw&QOetcc#5v$-H+L@|T4<4+)ku0Mytgt|Vmy zm`UCD*uncd{!D1>OLQS8@41pg3?4b0QZ(vqW-Ir7_wJol-w45E#-=OXFCrSMV%GRW zDjRdjh}lkQYnXzGy{6m*v%-&+8qN7qHlf+&=U>!NM@AP9wJy9sU+&2htE{pl0b?Su zwW=-$w?fu4u;Nhv(N>2JAKrpg4Jnt7&-Zn-axraDkzzdbS81&;9v%RPKYZ4tztE6S z^3SQ@vV)b4%@3h4M$H6naW};Wu_<(Zr26+K!f-PAA*jQoSYTg?E|!*N!w(vW#}>NS zHE+3_a@^aHvL4AR;RGEx5Px$94C5->+vyrI0?>)oQ||TaQ*{;6-P#SQ)vx^|( zHvJmC5Tx$*J?WKKbXU%}^eo|xO?4-;!uKZz8$ZUnY6=2|=xWnrygq6dld#AM22p?` ze%TDlEoj=sz0kXz(fBDhF}TRXBlXX^%gqH?*S4}JY4~176>v&R_LQqcad6x55~l${ zsWYEwQ=ct5$GT?8JgYxfQVsX7cbDyfQP>b*)M8|g^0>Kq0muyArHLyOw|(ZM0pz)w zKW@|N7?+GiYNLUmr0=6WoRC26%Hf|6h=2~1m#Sz>zqXvdUt;kI>|mEBKV?xeggeYQ z#0k5PYV>u0&}ftcA(7AU5}KUWs*>VoLY~#`J(_5;&^TnqjzxO|W3+X3UzQ0= z+p=#so)n^Ox@_2~Cu`O|xnPyIheF=k`VtR>4|BlHIjsE4yFA+7Y^xoP_pcfLob@ZE zuw&!)`=Ui>yY?;o8fR zlI3B}oYmZ7vMf@PCCN`;7V96bL?AW$`5~Gm!b@&n=%GUp&QFn-;Mejb9+g1nn$&Ma z5@9i3nXkZ12*8wXqh~N|)N^MxCil36MZQH&|`vF5#c)rVyXNBtd1PQqkBO?^Di z&zvzVX)L-JcTmV;bacGEy%VH!t*U!BsILfX-&TJM&^aY4>j;^Ii|dVNkvy`>P!Rpj zzCb(4I_@*NykPaj^u$9GhYno|AcBBwK~_s%mOK*-e28W7eDm|Fc~-*`Vq8$v7$;GI zK%`(bts;f2z7C!k^f&I_-4&%Wr&x+71bV^o@Z(o2N`DZ(sy*PDP#d=(*w4Vb?4_MgBj`uHiAFLV4*JWRE-wmZq6zQ(@I8z^$weidE=I3v^QfjaZ zvBPR}pY@8QOEjS&q zCsG^##x@JH77M8`s$};N`|y$3bKAJ z_ft{pcICvWStI4t$Bh2`tD$z$>>LaA&fmM$H~%7l1ul{K@r2GsWdkB2vC+{Fgo@m% zV^<=8M3-N_SuSB~(ifJvXKPUMZ?v1E+?N!a#i_H}+4+vEw5oB4a^B z;v&hxgdMd1twY}-L0G8y=c&2Q&N12Lk_HHfTGyx&vGVd#GnN?&xGi$?pFOTrUNhCB zRX1Q|v%aYKUcSYhAbjhV|HaWKv&-*3e3)iCheMKNvS{L_9gfz$AJ`hZKJs2-we$m5 zcqFfXubq4f{=s?gyx*75Ju;g;+txiNbpe@~hAaseZ~i3c57R=4P91`0-f~?<`Z{mI z^RSp`k7@11q$Ih2q2lY8y&jh4|GSaw+hn0V?$^I)ZU5Oi|33*2{M(PUBLyUyJnj@# z^+p4+#pdtczju{u+ae%%b@$2#Dv32H`Qxh|c(Ybh%rih-$zO6-rl|8}-GK`8y>X}$ zkiTeQ*?0bb3+w(3aBJ7gq;_?Jn&2BH^aozQn<}u9&Yx#$i5H=6l$JCAU>cSn1l!=@ z0+ju|N`$spTZ21N)I7g9dh+Cjbk#ydSo3A~>QI+3rsR^RUppvyQ}aR5EF<%4l>x#R zs@v9%J%>iAWSpyf_l`{z-G!r!3g`*c9)Cef1S5dRTbd8pv97CD-M@#3A{wm%OG8V( z#}#kkUD~lMd8?82;B1KsGGQ?^7glIepA{o7*{mQ##{K!@$H(qla7tx6g`A;G1eG%! z(oTk0+@~E~I`K?TZNBAUr^^^@3tdXzU(j^&_l7k8{K$$MYG(1}0iN!|7?>3(r}*=Tp{Abo|)Qy(G1QE!h=&k4w>fLOLB zy_trs!7d`)l>YCj6v;3^HRkVPJ7<^Av>fuSv9T1DP5K{!Ll|<1hfW5{mzCAVk5PpC zva`P}3~wH!=dDS8i##9|U-JG$bq^4fAwxscROSc^?0TMm2z;Ndw?oMxb5c|> zZDm){i{xOQtMaud*EeeliWB|6>qqmg0k6Yi$e>=|4Iat|QN(4!$kSDrB(W6E6576v zYeb&YrYce(Ux>A1K{QSx+cy9E_e+IUMVf)4n4{ZK1om3QCnU7oR`;#Xb7)2C^iFrb zNFAl%naJ{1+Px|(Q_uTC6eM#H>|$zPMbOyO(vl6z>2Jgg6T|&v`*>AMnzV_>$e{P8AB0O9hzsF|m8aJ{JUwcq^4Q+Lh9DZYV{L!`PR zG9R0K)H%xW+M7nwB_r%u&_eH2ra0 zDXT@rbIycC0t~(tRW>$^YL~M*Pk%Oat@qBnvG_a`K957H{^uV%2IU+aH9GCi>4Lvs z)XWaZV+r>kot~Bkwn{g{tnm13gqELBonnhZB98t-&U4;W?COwzHqqf9!~4=Ebgn)B zO%E>#o-i!~$dLgCO4%9`*(*qjF}<9AnvP-J51+X7u<&pJa6!c!S4&QvC46Q1UO*-@ zmFbeaUVoW7Kk@D*Ix@B2g7)p>4k8CFrYOivUeE8eaJ}$VR4pxgW@~M3A}=Udf$n`} z<22vlbbs2%6gO_#)Vo(N+kiX4Gv6Z5Nyi=y(q!udf+rf^R#L;{_9@V_J$Z6!p{9Vd zj2Sgb(2d8CQ8kZV6GL^N3P|kH7^R^dGU4;jO>Vu8l;QoA58#v>iLA_ zC!7ndZoXR&8;?7d_Cjgp(5F!@Wql#%f~%)zpla8?u$;{w->u{vZz1b$zf-Z%cQ zCC?%B{ypxR1x3Q%*(zdTZ4DrkwJ5%(0Gqf^P)_CN@a3|18q%I0RE8k=?2r0Y8Rx1q zTCes9kR(aB+TU`B+-K_Gb#L$Xi7ot5swfzS~P^kDLsZ zX-c?uU+Av?D5?p`J>wF_LRUMoryZvE`RC}EXJaGu@AJn@52g5$0+4#J$KiOCN?45E zhK`wN(l&kj)8vjjLgVKIz-0Irh>C%M?tTz;b} z>dnmBCtTd?%G{W>DLEC#GRtXr&>?6pkgIEtI!LUB{#!`6X1Fu?QIi^gD<$c z=(Tw4+q_FoU$Ef6TYZ%K^Op&8==m=A15`;9A5xKIrgacZBH~iPeS3{pndM>GwS^a)WCtOVqN;+J00< zcJ1&N?jGsryN8^iAxK96;fBp&FY~)c?HYgrU#;H6>A`edL4kkE_X@Klt6 zRW{hT-wRPD_aP@g8|vlidatqp5lx@r(&eK`Zw=PcuM6| zoZmh@o40Ub^|xlKX~^1~m1`f^SXiXcS|y%>Ma9^TT4?cCN^vJ`atGIKx)Ub!-!~mH zLSh4ni_|bUk=f-e9TLy8#bB{k`TuOQmbpT=XcyYmDk@q)^KhBgkzRp|tW>-T8I8|g zSg8^iRh=PpYOzvyO_SK~XJI51FJvYJgk#C7h>>|IQ7XbdK5;KN@u`k`nB+~Jv|cBk z|EYe=lxIi&OW0f3{0VEJ>Yq3D+F_Ngkz>=2cc?QUyeJ!kd;pvvT}TZGndRZVdq92r z42LlH&Wqeo?MR-E7lm}zj|XdC@r;?M`QE?g#J>0S-}6XnnoCH`{Hg?2Z^0z+9NrGBP9j z?&h%opLP!b`+#zTCu*FFEt!s{9Ja=3cd~xGA82ImFPU1)^fZeG^hH>-T(*C9xc~}f z`EKExu-8bV;SOLCkB?LmS(s!0Ag7j`}wTPa}s5LN%Yl){LOF(dzd^J%)E(?=j;=@ zII=kGFgOLa4=6Rvdw%<=qdv(-ya1=ouWQ?$DF)8E+46aGsG+94t<}rs%CgJHR~_u! z;zuP>*}$BDZn24{o9qsJ*qv(~0JJn@i`+|VJbEZ~_-ku%m35(JP|nc2^&$qza~1V5 zV;;C_D*1~C80>HaS5Sd$VEeHGVB74?I<5HvIPMap3?LOJy#vi;q}%6j~_75)Ek0$`OS7oDZxicx8i5HhLjXLk`b zeZWmPmcK}eB}pk6+S{KvS3N6JQn+gCRYH;fr+BdG@R7z{>P*TN^@Kl8QWe6oa$bsR z-alvn*|wJN2qF6xUjKWkdLmLDgvk3Gi`g0>xo4%!gkT@$SC2wig*sIAUJB zco87U$v#ww&}iOXA|w?J7A~q~nP^l`HGy#M|1`_bj~pRN#j58Q!~&Tg36SK(C>w7= zUt_o7O&uVDLQT68nRTVY&(_IsAH>9Z%o4H&RKDOeN#4|uDAWWy2IAhZA=M=eJ2j5S zlqxrF7EQ4Q4qGN@YcrCjY`oiW2^|-D#I%g|d>0MSU5#qL-(bwQsh1=+Ps0meVw4IRmq}4Y*o}sF0 zjI`o~evX6{@`^d`#BTS{*E`k?@*kB%Pxi;>uD zj~<;DRtMtB;R@q`V|&k6RpAL-)jb5Sg=-j{14@&8u9~Q9zLw`EaOmE)qkiizpU}31 zMa9=go=?b0K3}OlM^h9?c|nprRgJ-}by_c9ya*@Tf|KFU@&-I6LVwHi+HXnL$%3=E zhX-siV+&n{Nc{F5Jb=X0R>&(X%j655cV54rj4F)4WmDt z))NzliKs|*rlJKm%h=MAn7vWQ-OkV6dR2d!{6XoX_S0~-up1}h>r;mxGqp|i;^;@R zxiAI*0gAtI2v2?cjguE`%07Hp!H|@zh^gz@PIQ}dbNs<2#vw1)Yy!y4smQ-FH}qX> zhY!!@byKoXPh2|s{42k{sMD zuVdc6VajRCGH%NDJe9c zd9D7bF08Sw?VQs`{*ol#vJwQ1O839doAZc4777a72*c=*ioz+tHfU+#4I)2&eGoze$N580CXpWPChKRkOl`=WlC`EsNXdH3h-~4X?l`aV3dtEssw}^WFh` zaaIUvGA(-%O&=Z$QQA`Kwx*e-C25zs!!`MR)17R{W1eSj-W31!64w|T3!gFu)yMWB zuvP7-O9Gt=(l|~y;}8x2N`vqBKTA(6Pl<6MIfm6c(QLeX%HfuKDZ0&xMVI&lvqHL* z?sn<#lY6PAsM5Hyww^gpaHUPSm!8r8P~ouHe7SgmK$+@q^rO$WD}|bHR35xr|6t#4iiuL1 zV%0y(vv-!R`4;3pgCB%BAX@KxmU{&439z!a7p6>>I~S5A!-?1trP6EXQa5Q~mB42e zs_eRkW&QdAZQS3VEBtt!X@046`#dkdqY@PUkXJjSul<+*&LkJ6MGpQe8fH%spxSd@ zFYf&20*Kk$hytH*-1iSCa}lfSE;?z!#6{SE+7Tu?R>Up%Lu?QAVYI!dB2g8}zJ_VE z358eP$Jd)4|Hdf(`!IgdS`b~(|JSaeJtwi}44QuW3H{8Ovu5=(@XvM>op;d0A&1VI zwc$$XtShrc*DrRzw=k_T-i(OYi~(%Fe*H4e&`St6U!0XE7Y=G+4`ZTZ29#)M$-i&NHjHAZn zwyyy(-|pQ1`|}(e%3>pZF_n2jC3Q9)T8^V*xx=qw2jh^U!a_{QRr5lWyD0%u093o% zg`A;R(QBuW$2c!rhCZn5bmhLmPB!A?z{_kN-n~n$E*jdhz(5#R{$BxChgq79O%M$@2w7@)d z_4V}?dLbB7_Wir3t!-FNh0V+5BD`Fz?x0Y&>XUXodW2>Oyb&v_mB+TMy37sBr7AzJ zg^*Jy40eX5biKb~WYt4SfNDNH8;?_F!3@P?!m$ke2=oE@x#h{iweFiX;paW^m}wg2 zOk*R6#AYhuC(u`#8XF_@HhZ|bnuI!;6@nQGF%8U;*5O_Vj zQ`1d2R)_-|IlGPqq4P_Mm1Ki%dDw)eMZ6PJp1wVz)bBk9~rQU?TNM<2e& z%2Lqt-dOuePhY>4A7Quw?)V$6&!mK;u8KMvRU+H`A{P`F7avh~cv7`-!~6S=HWPJp zYzIr?IY*oN&dZlR)OACGKYXvRARC~vR?R!1>-G56D_3kx==9&j}Bmx~{o4t9SSAa$}eHSGD&$xrg?n<`gDNiA_x^ z*&shcs=G@=pfuP%Ld_kfQHvsiz;tEJr%x+#&m&zodUQp@58K3v%F1Vm2}6SKk_V|s zK^23j5j@jSyu9HDe|X`s&Dr8nQr($tKQ(v7+O<>g#DMk1d>bR#NYI^EMWO*95pEkf z4=?Tg1GUzj+_`h-Ol2YOTd_iAUmB*_PvYi{I5pSW#>PcMR({Z+>W?206Q`QDgBl3e z%h7RKbws$SXeIEU*U{U)=!kjBspdWQxWjDow}ewU8hdBQ&WoE5(u5cL2>(aZrNRC7 z50>8JqCAEY-{6$h+303T1Fiil$JwG|kIK2Qy!!MhARUDfN<)JI_{)oY;q8z)KVBMf z{5Y%(5-8@%4NSrh|gJRE|F+HmB zmy-?IGQ;dRTFXgvp}Sw%038NuF&^;>;hP4|i7$3#dNS7Z*c191x z)V^!jH>szRI*aM{r0>b}-Q9Oz$geKiu6_wr)4#h>!|THpTER1yX~^QTOk0zKO}vvy zv_)*;#p93lC$^yq(LG>WP6e>X%6o@K0s!#=Da;JSVX|(y5gJ|6TonKzK~*3u?C0wn z9V?PY9gfd6HX33M|BaR`3E^(T3*)<#?zFO)(zx%RgIDZ(*Qw0C=thI72!%jpq@T2S zr;c4D2KyI1dGhM=hMcmpvfHD% ziX_fmWYe{AreqviP(Nwaw6j& z*QiE$aa6#}{K7uOkAogAhNW-UUuLxfHw@Ci3z8}f0F6eU@)$n_%@vYLx1gV~Eg_-_ zJNmx2HH{P^82mv^k&A)^;LVy?@}s|(+~d^$|Jo5R=n zVy)9@BoKn^?Ce~|m&x3|aDKsH$w!u-P&N?|3s(B`@NMr?MF(DCOtz1HR_;Up1H-cr zv6SnX;|52^^O$_j0EsRYS`3vujop@JFmX^;u8_=%cY2VX?jkfD}hM(M`i%S}wZ zW5n!D+Z4^n9;~a%H%qat=<5+wdih6^zvQX&RWdW_iYV@MUH|Fe z@MkTmb96%A7X=OaEjIOf*kA6VDVX-}dve%+ByeJ4|MkCXk67RH4Mz7r~Zfj*v-~(Mf zTBRgxQ1-Y@D&$jj7QYde{Q{2_KiDbs$flT&|bY5bCJSJZ#FL-&BK z(^&ID#=L#Mv^;Q((A#?C#I&~BCCfr3J1SjmJET1DYuhhtdT?80cR1Qu4VJ9))V*k1 z%BiUK zVUp4)+YsH5OB=To9PB9eea5L|ICZKuZZ|3$dUol!FNCqlF1-~#y?OKH%+kX|fVivc z-vydP6At8aa^HPHznC0xtVDyndi%<=Cqn?JF|&0aF>KSW;Ya2> z33q>FCp+OTXmb}ElFE9E^`}T!&Q=*k3x9>f?6pl$3`z7)+GKl$1biOYOs8Ml;z_DI_#DMh%X#h+-Emy$47g^?cr0}PxS>|$Es#972%7i(CPhO2cE zMhV#$Y>TT!5;_(q3Ce_Vk!JczmQ~8Nx^5r$hAd<4ZgW|=6!EK2CzRAw zq)=cW3=vrF%pe>i=#-i|{(+xafw*wkWAS-9{8bjQLmqRSJTt}^it&)oy|1c!es zUe?XLdgj9c7QtUT4DTXV7XqKN8P|90)Ded|U04Onxau@a?{UZOmzLTMmeg&kW6?sc za{uti5mF7u>= z^ss!ynJ+vGuuWv7=4(U4_+ITBWihDU^;vOVW5)#@xHCh!wnK3Lwz94rMMuP-9gg39 z^p)NQom(O!FTZNd8hbhxXUaO`Gk!;7FYn~osZi|sVhs(6KRd333mh@Kz{+-i+f0;(O*uz+zhF;$j16GicBQjlGN1(vy>2UUj|PnapqQsKY|94v*f$hx;q} zS6pIh=(+T>l9EaAPxSRk(VJBBUS+uNAseO9swz#ozP|z_?n6bzQ0YC$CjbUO^>JzI z9_mCD1D|@nX!AT05pqzh=oBY;Jug;gpR&(1spm0@Vm*t`occMod9=H7!{B;3gO|;E zM}GVv*3z+&?2F9oLijDX%`gfTUrdV%2$d0>Ww3*3t*V$wx*iM&{QRoZfk3 zG44Be9O)X;`*3AgiWO;Dc%|~T69!z_3I=& zKSj%)1#vUaiaoyCcmL3!XDbH#j~F~*fRJ9aO28lJIWEVI%sMKHyfZ3Sf7~(C*v(63 z{j{eJ;c|a${d$T?rpL#hZ=Bqpm9%>Guctc!?xE1qpCADhUMm2=wjK$}5gRw5(d{p{ z9+$FQ*^cUpyA3UDYzFk}S9tYe=Nvbb0LG|#lo;Gt->~=T*Ha?~$;!xJsn@MrJK<4G zYz%-yUEd{l6X*Q+!{~2f ze!_qq1IR&LlFi%uz+3yYzoB2si2nLRr-}Y>YgzBM-==YV<*lJ2f~V-~|Bt^Dl%)PA zX%A1N?hsu~@lMt;-Nft_z5(_1;3n@b$e$ewa2Ck_D*S$y2BPYCRqt40hkVYEJ#6`B)wvJ2vuQ?uj?n z(H6(T!xvgw8u@`jsEr(1uJt)+|LM6ZG;FACBA4{aid>|YpPTEoBj3f{{bGIRj_TVf zlj)vNH0zf(x0Be#Y`22(o|sOGZ(wi}6a+9Z+QP-eLvSwuK4uO0jCAE>cf>^DI+S)&Wyvwd^Qdd$QIWms- z+9N&YvFk;@jmO!sJ!Lf(vzF$J-C2h6{u(CYg)wlej)+m6oYBAD7J+?VaP$k=$deUd=y zd?wSf53@e*rr=POn!2*}?<-d}&z!jnux;Mn`)Fv-I~-f@YxzZFy;03~ ze4hUZbP4VSg`?BTm7|a3L0)0TuG0A6aDno}nXc~b;kSuF2%xu@G(DOdtH0eWD{5bn zZMqyKuU#bMwKPVK++6|Aa0&T(;i`cm{3Uld0*z|zhai#fcPA25h_q8~`|L1Hm&a#} z{ha@1*o(2&MO2Z`%<4umN%Y{@_~q?0KC4?lL>ciIY`<1v#CkuV8PV04*CutZVDSpAW27V3{n;gKOOy(qK8uTrtcN(NG@s$86%rz={XEhbjU?c0%4 z;RP90TU)P5YSiITLx=u(witwfoR7l3&>tI%n6xyip~Jn-TEu}xRvl#?i4t7M@DPz& zzuPd%A`a3IXb6Uj5fOIG?2)JvJprpBPP|8;qo!s|-`%G9_5{Vbb5E93|M0oSzs=0l z6D-XT5fC@=B7CXba|8m=jM-NbvFT@i%Z3 zk!sG}SS;B+ptZHN@9r}Q&<`6HFmdqyprCJcbt{VF4_8GHcgM;~sHv%S_-kskh12ro zqYs0`f*QOmEe+qGC5s<1PDa!0rPZ89{?Ymo!@`{JX?IE zXl`;C=~l?rtzs0?Z?7e*F0`{-eSGx>iV%`V-bHfB%9R5pC8wq@m_Hv^gbf=SK7MqC zE8KT?hmIX@FG;SSsvqgVowu{Asj3(t(1Mu}GdQI(dh}A8CnT7VyN}KTgvE*@+QL|zq?+lUsHDH!bt4US0cBu?k~dO2 zF9od1=@~<*UZ~J;n1t(Z$*7MoYMueKR4Ai;m{ZTr&P+TR?N@Q}#Wq&4g?ganckb+% z{dBR$uG?=IYtx%(4JmDus_L1f0W)Ug46mIqkNF+yFMLb`ZgMNg?nSnV$X%?!En>t7 zJi;c*S_uO7maSH$!e%xNgY3+Nx zPKtu$dZa;f7tP#O${PD5hQ-^EOg$tNb`o^*C#;0{L<_bBT>=o%MER@g)2EmG1qnW)y2qw3=8!Gr-}6>Kf%qRiI?o^QBTVHn z16epx?5|p@9T5O@6sm-&3_0LGD28C|5t0@(A?X3YoOa3-Ml<#5dhnV}k1J;c0LSWp~bnya5{R+tvKHg4xR8Ny+q*NemmDMjV6#(#ky#`NQ7+A*Q1{S)re(+C}R{Age~I#DrD;xb-2V8c`sZ%j0Tv9FC!4| z*wIC99mDOyG`Hp(Wnq8Q=ulmBsg98BU9oS{2f=^Q0gWjFD7;P06GllTOv|fTpGTcy zrmA#FNlB3GSX#sVsoH=hgwbpw+*}ogB(G7momjdH^nAU=Dx`AeQUXtK$OwJTRP z7cX#dXL29eK;~=EbQ*MM!a=I#NdF(p+!I&Bli=iuAW5P>(WVQ*w+_CT27dw+kx z{))HjwYL~~ZQfkHF#`z=<|&yW?PIV}r<8pzjOEjdKyCq@jd2nO8C(-*9BmI~!%Tjg z{^{XLCuw>93Fbx~xnAU!(_bQ|pK(y-*ohC@d+V=QwTe=lV@I&qVIR4<)w9&F5L_{R zEu+7z!9O~75f8YDHV^<0zkd7vJ%X3O$@}RGanb;qBMFPJz>7<6Lsvf)6hngaf3Dzf zpyFojUA}6?itiZxkmcUe*lQB~5iMDU>}@Z)_J_BKUkRNF&M4dinZ^b77AUZYB5-@@ zVtgcVGBoUztpVM5Ur-Rr7_6oq(yG=e%XYKD%ip)R0jBn-OOF(*`($HnEvOD9C!3Et zOyw{^OUskf5bmaJq6fcVrT@b74k(+!h@U*wrl#WJ1hh z{BJB?5n@FV7V31-wg#3V^55%F%Yfp7nj&3GQU+O}YeCbBBS6sqJ#0c^;zf^&Z^94I z;#v=>8qC0W=FF$*Ya?BD-FJHlNNK>oZ5;<_R_hu#W|~6S|ST?#7uM z_{|0A)rmYd*; z9KsWhgco2yOqg@q+0ZNwH8@QbmpCTn(Q;=LE!ZTQ1hvCogZ1<>z3#=$A4Qez^RXxn zp^}+IgZVlu9-SmvEW6~kUGio{J?oU_8{2gFVH3QHQt2!Fl%$J;h;T)9b$Dp#bO#sC zExc|H4mbOVHcr)UfTIznN9pBnL5neNzBj5Gd^?}I8(mrY)OpH%Bc}LWV=sTTByB=K z$IiwkuB3Vr233ftd6#`S2q>#&fAtdQKj-Ed_F8l_UAZ;I@s_O3Ilg6*e@#6Q5s|sE z>M;kfK&ZbXd930RiDN+tINWm<2SPZCefpd#c3rw;i8JE|DAIa|G6^zg;X zWt^8}Js-29(# z{9!NVElc63geF9bJk zTHD*t?#d)oV?zUU-=L}iD4n&`AX|d)2cHcU@cnaV^?s1>tJO%LV0bMX6h z(R6q-av}mk2OLdDhOUi{me&1<$>~som@Z^fa6kv{+J$akh+9uea^dy;w2%a(jyRHs zn=+@=ZH>K2Nwxmn`cbZ-O~cGK+<=0_g_C;p*dy`@`-$T%@vERH_X7cCbJHiA3o8m3 z5*VBv2fiOOmx{Hqp-d@Ti<03WY`O9VBCz~B_^xk4=d6@k3>{)P70aal;QFoz(L!tMUMaG3N9#~!; z3GB=7zhpS%2jUP^u@5!wbKNnsBfN>u!r1c;F%tJkpD(-j z?3sm^AMH#ymV9cCI zUn=yXqWMq(i(NN={ZNnG)uRROjL49-;6p%{cRTsXgUBi5;{_YN3uDZBpl2*>j|(nC zrMg!IF#o^<;FVT)2Ly$(jDnHMe^QN#g|)S8|Nf244Z3KCvFs>?(1dQN%tw*`k?R_6 zytgz((od(YQwJk>zP(G&u(3-KTXK|j=J-`mP{7LkL2412As1YWM-I8s0|r%^Y(2gG7w5OiEIkySdva+&m0qz=a)AuN9(uhBIJV}0XI>ae6CyyagnhR z+zGy>NemeGmdPGcZ7^=;gimk!bNE4yI-dJgW4BDJvxjFYv%0vUTn1nIblErLsOg)i zavAVqxs0JhQT_-!5g}>d@RqXr3W0@|DriREzJ0;u5MdF>{5CevZvJXV6}C#B6uR@9 zDa@!onW1RCmy%#QeC3K2uj@T&xN!Ud`)fKck;R?b5O79e_P{D~!p~VJcI8(dIdq67 zIJ1>Gw{H)~`BW4KV}87>1ULRp=%tOFQz@tRP3MWYM67Kv-IrfUw)K-UNvO<;F~ZPM zMa99$NC(uHs1Bjb23a+xs8-k3s`uSZSfW07PJDYBJ~g~gKf&dY2s&iwP~zld194_W ziK;#I!lYy-oti(2RJxhzOOTe=?0f=f4Koo3ol{7gftlB4HijmjK1Vf1J>9TUe%!K| zXhaj7en2-ei_|a8&(Eg>!YtzX^T+xf55dI{{NwLk*u9SZ%5|VcM1&r&W8~=30`PAV z?aIl*i9nvBLry`ZO^V%nO3Q)#O6tusB59(qCPQbNCon!AJQ#!NW=za*Ev=_VPp~+j zKYgkhxtghDPAevC-S&_ikVFv2T!NedW!q|=zZE!Fesi5=okK`_k$zKojMy5&~g0hU4u00DE z)ue;bAF2LXk0hAysmC+)h7G&T{b74v68`_>NfUF?EdRIlo>ZSPo!@h^TyXq)a@zK* znVISw(9+T#6z1D+XgJ?LIz0LVWV%c$V-9}8*;V5AqepWG4ulF4MiR-Ke}P&tI|%N> z*ItF{{XaCT0NSCAL*zy4#52dVvRiww@{p(o!{>yc{H;GselPG6^L7nU#k z^jAs00TMep_mK8MAIMB0>UM0*@=C3TvIh#%WX-;eb0v#JFi#in8oINLgQRgyN|t6VQWhpjVi+zs;|0yNy}L&ZvPra>r09ih1v$NdQBni8q05ILzHmTobemXMDk3rn zyJL_M+eH|1;MtIzNg8mto`{T`qbM++2m%NuaVkRca48Xwwy3JE-b{my)GMr)FFDlk zRLpIHA`)jRyY^Kh&rY;L?<-$JB4S~K%))*wsm8iG+75T`-4ik{DyQ%n89w?B91>lA zcG>>d6Ssj~C+YRky8<3#IK(AoNBGpi^jJWH3GHKjkJLGU!yU}Mh7jOITRp#4AGk*3 zI(-cY^QOaJkbe>T!{se#C0^bDKd1HCg-Jb>Zar0d=BW)MC(#NK_X+;i3luE;DkV;XB22I8iMS~_wlhPnjLQ*ofnp21dAz7#_Nh(P)RT@Z0YDq#ur9vb_ zrtf#Mp6}h>zrKIoZ`;1l_H55mao^W{UFUfo$FcAGu^-_N3JHax%}Q~V&DYnHi9h6$ zc#%wNG@2_*o%t)PVeGP~Rf_*?i@9t)>gUVnGn88{Jg!~lF)!ugcZ*+KsnN;l{=g6j zZ!Nz2edWigwmWyuqKIF<`~{vYkHIsyJUuPk8o6tPRCWrXCux-;!`GJszP4)RG3Iu(xmCBzF(aytV}l&6zPj3Cx#lA5)^Vxip!ILPl2cBdMPE7^z#zMUkw*Ds zoHtet>)(I#`SptzOQzrCgyEJq)bN%Z$1ui9z9{ftJgWCEnQ0KbRB`R?t8}V?1`&}) z9YhMpeWe)7ITr?-frns!ZFLO|goS`_9;2lP4Voa`V@NI_Fa4x1D%kZje+jtdhPK~= z#fyK`);iO)3V?|^e}snPMUHsqFy-vbA^LC^BTmt4S SbJ?CjL#{D}mN!u5-eETh@Qt!Wg z+k9r_di@0pu0%zd01B*+!mj6*+1U>}B_$;}m%)J=zoqnnN}z#IPl9cCaFycvXfqFk zuv6(}kMA8VnF&<=@%wJoz*UO9d-M>|7Ucv&n0H^kEQ}xAU;Al#I!B!O_U#LEkK%>+ zyQGUf#!k6@X{7QH z#)u#}@s*_{7&TVC7agq~;B9QImd(4_s(4ehs2dx< z6^@n&vAM6)+$Pht8X&yuVz!-G6Iq8Jr>AEU7O14cRAOuB21ZIT{*1++aQvt^BiF?E zBkyDTlE@zJJ$!*goK5iqY68$MRgf7H?Pvbej&I3hbHo|9-tRU-@6rpZCG>x8T>Ikp zYuW__FNsuMS;PTuwFbXNneD+a^uk}zzM=^4uMMG=&7&tuCVtOkOTEqGj?>4y!NS6i zBjxPb>D&KNq{oaxpXM(bhSr=~_**RkVwJdUZfGxEdt~Ea0vdk_oy7+uY5!B| z1qD6N76jrodFU;RW7&i|tL@v>s04BD80rH8-q6^%4qr*YsqVdcsqgu^ipf(X(B+oI z=<4A!w!QotWegrVK~nt&4`v_?xG#5uJFW_1i5glI))gJW>6;q8D*Lo>im~IS*!?M_ zhT#$?N!>bKman z)YYGxvPJ9&ixLafKdI9Yd=WYM=EX$LL_k0;ef3S#?gck-J{|H4n7B_ncO*`8ia*YA z183(13uQBbke=I;M}r-*j&o8k0IA9KvJE8YX%kdR-GCc6Z;D4cAPUxw*Cwm34F<^| zDI)^`&Q-r1bPQaE_hxh*41sPeP@`YrFNZhcoca;3GvjmFIXP1qNS7(r1EE{Av{Bnj zj1*F=`g+cjU10cN;ggX9JEpP}2)C3lVwYW%>@oln=Bt|6d@vuD1$WO}TM^5A2hS3L z*S@>=i{qo|AioDsavnsQBqupE9VJf! zo2`6(9>gwt|(Li6{`Nbp`S6Fbn%L1X*nGDH<~s?4fZSv2@N#~=$|K> zD|PMC9~aikoq3!Q|3{|Bx=qV++VXx)cm_z*AxREUQSY+12d;`*n1FJyY5|Xi$&^yz zR3*2ylB%`+h;q|NiPPxc^}t4uBSJsB+|kmeaS4K|=1}n7OM1p5Ir5(E<4aYhLq{n97j#jFg*-t6Q(Z-$LYT2GjKd zEExc^rKPDeeagC3HC2a8?(qDXQkbpT?&O3>c7{lLJIzjY8zMP0zI)rqt_R?qKaw(C^K2KYq+ADl!RPI(X>7p_om%Vj)Y@&#L%6J9vyHsc$>Z$#-7b zZl?R%Hn!i9f6K(-we9V<9e>(a)G;Ej<4>J#{kKtY|HnTioVc|H9}6py;~s&X13@-n z;8^q4A6Z72pPoHygghohzC*;9`;TjrSNrXVhyr0d`NVS$bj2}q{`fQQR>*B& zbb#j7=@L2~m|yj9(zDI6w21@hr2!8~EoUTxpC3ZLme(4b*U)|l)Y=}b)>Izifu;o2 z>{l-ta`JPKMmgoJUoJ2WNwKxPla@Db2s+sI;xs(gtt5hGMs`K zlk{!V$2zB@IwA6p{Dn^hpRo{kVeM2!+c;xcsasYB zZ>X>C%;l`r)$Jl$7L;UV_hq%!cUuE0;^?R$#Wb{c5|j#zbNOTZA5bxfKY@@a0hxr7n)=s( zr!XxF3VNfw)$6)GEvo@#q|%*q0z^ybR?Zdn*Vbdj&6)Gd$cJy=CXgoq6wtv$Ku4gk z@f@>44{sF2d~>tTsJDr%yi7*~_a>$|Tk-L1)+#^euSf5g&3Enwy)arl(I(Qo0ry ziCN!WFE6j4pdfwnB=Ca%6I z2alnmQcGga;&-ly$(0y6{>*1W;Lz!o;AQq2=M7uWL2lN9mQxqHB`+%b1hVyiFcc6I%wJVt!yi^cRq;EBQ z6JS_|tL-_j?yy{OAYh#VYnn(!c48an%;F~X3fs#5&)ydE_*0%Cs3fN=)LbsUL!=>5 zl!bufJYV4*1TUmppIvT8GO9^i(eB+pC}D`sv2@%}Lb4#}vEui`-f5=9mcSX-bcU@>*t-+t zdiHDzm4tahEJ4QU!W=!YKfK6E5SD1QFntbX2gJnaQKO94ts~Kk!G@PYiTQiJ=@6R> zBaPyr?-2rM>j{(^E93?Ks@H+gb(#*89k+J?xo8J|M45AAiVHGZ-I z4}Vah-=jv!%WnnFp(Y;UVOIX)5@#ezh(k0s0ib#fo26aP5@msSc?Xl;r`J0~hAcvM(VeqK>2IGiTfC!y6X`3{`1-rKcc`rhs5Y+B16EwB1NeMDk*tBs;QbL{rz$4@eEuJ=nsR1y$~ho>i^jD-dUmrp?rQ#fI?=)2$&jcx#I z!X68|^HKed0g>QGQt|E`qp5|LITB{DO7N|ry$-WQh7sQ=Bls%4sC)SA!nfw6>Wo~1<#PuZ0edxiM`FnBxDsnJS(%wANH684DE~(bKy^|Qf(8@q z2!=9WARUt zNyj-0V#uIDTYvs5qwI9gafyMQ+icfn;R)1gzdbYm@dw(nHRiNMXM?&rkaV(;_mGG z<+sa=1LnoD(Zqqt(FCh>+37=BSs>~Q77i@_sDr2_xtv!td_)@c*H$t~GNz`aCUvwp zC>3cGaQd{41d0*(`e48C#6%bJ3w{0WJ7oGX=RI_OpTir;6Y1{#?bl!7aGA2Wok;re zJHurP*l*d9`0iq#VadUMDLoi|~F=}P4X zk_`5H!OD*%##*Ba3wgDT=8vGPC3<=yTimeW9bi9svSim3wkyFM4r6hU7)*~W?vQph zG-G1T(+LMp3JLk4Lu2ISp&73$Zii=Gy7b$(;<=#HxM=l%)IP6^*yJ{j0iOG`#&AJ& zpN1QH{yz1v6>H;|r)MR61SVrA;`QbF`7NsB!P854ZlJ7I_+US&O_K%#4beW-LO(5t zNKQGzYw`~eehyKKtB5_hO!z$u#En?ai6i+k>nFp zN{ydC^4(Sb(kmPjh)(v#FByzi@rD3??E&ZKzej6L3%N45M1eC{E z)3lF-JFz8~1x;!~Ma+|8)aThWQ|TEPvDp7l zdLMQU(=Z-?=4qL&f71%u#8XmAkUG#CdujVnblJgdOHM4bnxhWVlFS#6Oqk`n2Hq>F zCig*M3*vZxgN?22l!{|>)HIJAIwXKJl4GETR;=I!*5qvVZY4jwH%o2wnqrpZ<=ih8#S^!jkPW)%a5#O^3GHCuqbE#&LXBEJmtBlsZXxF% zf4ew#;icuYML*loeI$*)O49U_Po#Q8yL=t<<%gqo>PnJ!tQVMjQiJIn4%=V&8`#U-8pHqG zy>QVY-aPK{xvat6U|^Z=G83ke3f=CwK^Qs|o~`K2JN}5YSy|cZ@}CHW*%Y_x>gwU> z)n$}9vk)GSKl8%FF);}T%uCB1936WcdVrwp_j;k3rC*37rl!W-(^F~u_>g=)kxN^v z%bRP#U3#Vb{pz#)m;(N5IR2+OETx`aDp{RJ7|Oc@`>ORQTm5etf2*s*kvM_5ikml& zPW%&ulR=2VGw#27^@ox#BE%u}%5aO};gcorFSdwTgVG+w-09QO{?qzv6J0^61FA4P zV!BK{SqjwO87UvgX!6+kbe_|8oa06!6lkzj)dRu=_2-kq&YPW1g3AcL0oyJb*(Q?7 zEiy2uB-5i?Z=!q=SQaq67DqfGmUktq2CSqj1l-2)C?*Qy$1~w)$z9V9tusS3i;H(c z>ypzT?3p%sG8xijxM^_B8;n11|GF3Srz2eGikY4(#uG{(-0BenEI>&_p1c-AOr23E z0vbtnQ29M4_(PU%d~i@iMACl{Ig%reQBq~g_4Zd^ZQC-%Z>P6v;(BEmEz?=Ru%w!J zZf!&Gaqy(bGOu43GcBP7Nf(-US%^_G#4`)Z*cocOKdT_ML5G6csGj9R&gM!Y3){*R z`%?qHDWESnm1h2olMS%G1+`+=E?pXb{=6F(=T`}#nLg4t1GWKAZ*+^tw2AjU3pfRadE| zd1XpfTidLhsrqA2oh%&Lz5B>6{Ul@;8%obnyehe6;$L4XHxI~7a*D4nq+BZ;f33yL ze&Uz8T_$Y*Wy}I^|Jf39CkvgdPc2gZSpUS~tMkV}raC%vTr}Fg{j&Aiu64P7zke$x z@9;%f#fNYJ7)x$=q%6e2l`d!NXTfQmK5dt~&K}O!CAqDo3jNZ8Ia2E#%FX~gI#tHa zckL5s5azrPqf3J@>J)q2ZXqB=5S~B3Y?%6}QKQgnF^ww#IF9wBlvw*hOq7WGcp+z7 z3=aq26;}M3+m?Q@PRCYm+VmcmSK-PMNUsN_O>DuQeBPZ1b1m+}5Z)OHa9GZ`*oC+A zEa_Ch`o{k4&L?EdmB0}!FCnsUpKwhTOtTE-9 z9zX!c2M(p0APn~H+egaOp)6!wt>69X4=~;MFW2Ies-4=6tU4tPD4W|y<0S=F-G>8v z!q!SP5C6+sYI2&$gVsfEtvw9wOYXzKD&LNL`YIO?B0lXMKWC#%7a_iMQ zDWOo)vfX&&JCuS1290m`e&aJ7k(CHhpaCTu?|KsDGyPxpRJt=eG~3v@`jKtu`Y4Jr zGNcmRc5Q&KuYKmMk8)$jW}+;=e*GJFApho;g;>JDDLGWeecYzvzbkXr z6VoY)1YnH2loS=8F+GxDMPco|Amr~_xC9A3A@P911=$4YDT3O;^*Rt{++cPg$)V@* z;|OgKd!?}{DH>p4|tE_YrN4ui|QG(pZw#KAH_1_#JeBND)h`??=c=VEF)| zin^c>d2)cizgS%A>gP|NMsF8#^ypFO0%TE**`%1FR*blI_i3>W3HLK|73$lWROC_z zImxJV*cb4@RQ8m9=+bwRYOlR*Ns5J<#ofybXA)fE)Pbw%bLlci4@X50j~3`Yt(Mvx zGO}mqXHCVro+5}$V*Hr}VL4*V8c(^$q4ywn>#uK^gLPtp2at9kOPfsTdv%dYX!h&8 zJdvkkX=p$SobWx9ysom?igbCXz zCje8Enk@=#(j-r_xlWOzAgts8dMqP7TWh_e;Zq8@pPAr@z&adP01)c`>AuiP#j_ID@`BLc>XA z#WY5yh)UUG-l>29Co}twhBup00F(Phyy>Z&u#^c!SsL{c`>)g6Koc1>=rpQYb+J6nByb%JQ?RX90ZSe1xn`k8M_-aKL`tP^RpfLY_+wfoR=>PA% z@ZXuWT{|@^IH=3`rjK!d?^h_{`d&^S@p6wYT0c6APw;LL_seFy<@Ee_?_|qmlE6gd z6%`jn8((YeF3wfPz5 zs11EjemBA=THmLwF=hUFas$ihYa{;w&5JbpBLDe}eUpcpv~G5>&AALSeIMGacB|qW z!5^9)HzrqT%VUDEV|xClPq>&FV%j9KbA|@u&k(aF!z_AzR38b6hWpw(+V70bKjMDg zCI!JGocWr?Hq2*o4pi?^4EJ93j)v4xxq<=WguCufu7#X?B=AN7?Y9#G2V0V;D#Ncrpu()DXk>?0DoT- z$yqfmAcMjPo)egoY6ba!2D#0%XUs`1+Gf`ATyt2s@2*}p9A98%PX)+<1rDK`Z5EwZ zQP&Epw7&LjorJFRw!Df#eXYt{g-=6puozY|TX(6RFR`R8J&Jh&K z_t>et6T{|`oZ!TS#IkYqC!JXPJ$sn5t%G@ekfsK%SSV+<#XR+{O;hjKvJH*&8r#(Q zG}Zlsde+d;6zS2{txoC}{`~V#s(4bcL8B3;#67w$D`A`5GcGY|*lec=yRwb8-%TF5 zr7Ab}R&)K$R!ee@l;QX@#*!^DQI5WKkE2*7*icO9vH#uhaT5FA9%Dkqp~HtW17<8y z+IaRzV`f#8`4j7!?Sp)pTpO32Il>@Wub$p5)*U;( z`4%f`rqj4HPw^2#E`wGcnfoluX@h$~#QDmlmDwUWiFgGnEB7%Ba$)AoRbe@RNB$XR zjX21oQ6h7g;`i&XzhW8jq=YlvduV_95%ERODK8yt|MoMckgOcxMJsdQK9k22%da@g z6;PNKSozB7M;ZzJWarN46PQ4;&_@Mb=8G4j^nEY{AAg2LFg;+gROe;V$i+8o_zT5; zoG~-(*w&LKEv55K2(_M>edpDj7t-Nm?c3{+_QolGo+f&zNGs|vD?5@h^5a+XT5dmP zSFzoWY6lO7<{La%s`EzLMdIRC7cN0A&E!B)U@Nnnhcv42dtOtlnFyXJ{ow753`Ii%pCRABZt4-0}kIPC5i( zX$9!A<*9Uhfs*?s1PUb1l>cQb5t;I{_cu%m$RJ+_l38%c*7(KeJ@K$PWp(%0L>gr- zFY`BECXGY&Tcy=fow>T`JX%YzqoIB$z-q{3QK>sP#KAi}d!`bQK|S49ce1SPJ<}-` zF>mOz1H+_lr=|AzqbZvo_hLlfx^>}(YZT8?ZdX=X5yp#(2+*cQ9|o`~l9Q7oBNzKz zB&&cfWKIn5B^p0eEYF{dyRTZn+kxzpLm(@0nSEvfjgMoB3SnUJm_-*K#79t) zx!T&uTl-2$*?=NL9&k5M(9r{HXn6YExtY5@EDFfrz(Ge&w+X2g8Wf%z4Ut7~<>2A5 zx!-oo9ohV`a{?H-{qEhOSDGrF8)jS7t7>pqj!-wotijt3iw4E{&wS+mph*huFduwp8?cfhS;OFvkKPo;F zPp$(1;BO;l%th-iYaZ#P+8!P|ZFPUY$Qm~|W=v3te>}g-v%pG#y)02aV5tr2J2(+E z{U(~DGcBhhH;pgQR8_@wjSoi&tg5C4;YKt`GX?4E*{4rcdHIceT6fE#Lu?HqbH8vm zp8UAV4%=p7(Y;3x8hP;_yqRao8l(*2X!SJ0@mhBoXEK0zuim{;=nw1+*R@Eh^Q>=Y z*x^;%>0Ouy1^8CABPo5cEx?u!nj1$sl3+UR>A6ndp~NvESg1E| zAh+4aa{3%~uoHYyf7y=cbt>)RQUypU>U;(+Ap;M{AYAU3?IkH0S5V1{B5cIjcATm zo~1#f*@}o)Nz>v)Uh!$IvZ9H%+r$xHw#KZXBr2U8qQGrBQ;JorzhKDCt>t zcmRJ*83)tZ46X^5g0Lrj*n%Ys!}X z5tbAFYTF_0WlR*__@Fa!IE&dhj3ZP(5L>^K2T9Qh2aK(MN-<-yn;(~ymk#89rm@q( zROlX~9hT12LU)U*Nmbgo%vV}jP7mM(j1v@1s&j6?H%+a_VvGidr&}_~7JTF&w0GP= zM#7it8w!SZU&rM3?$fK+sz@Ub!3~mE=2>F6i%K$cNtZcTG;*90WC;LC>DYmG>xQEg z=@Zj8=}wZ7skE8NLT3;tY3bVWW0%LAj{hJH%TCJqXV(E_PNfGASPg{p()x$nV)oeEckA34isWb2v7O9` z6{&y3E5wg{V!AMlB3Sjf{x9zE!)j>60`Okm!b%^~QN&_BJ)V94v5TO!;gW}VT#kwP<67w%C!M`+69@H9f6^k^s~0x1oW8Iq zPdnAxv66k!`+c;liQAha*-Xw=-AaDe=S5d5F%Pj>ouc{TBJ4 zuGOgb`@|*wG@`|h5 ztRp-V$jXNO&WU*9%QQxO1Fz7&NUgyHroO)EXK*V|N(>}slAU3}M$36PQ!8S->$qHZ{fQ;X~`CPr1w88uQ zd1q(FF)oLTN500kI&V%WBe|wM$TqIjx7IOn*cb-3F7z>6xsuIMx=&M4@$1VT=i9T* zdtTlO`Y%uloNf7_dn#|F-q!638+JV$^Wp6RGB)^UyBpiSpsAU8{{bcbCy8ksU{mA>VCtllf9 zubLCz5!F6=64k;fGmxH!C|oG_cqeb*BL{2oFV1o=YdERtieLr>sTTMZ{%dOFD)C?H zv;T>U{QnP!`G5V2Z{=J*_a7}l`;+eU{~_*WxYhBuPBxD@f#`0*(SjqbTbC|@#7jmnrs$3bsIMJXdjp|&tlyNn$0=FR1_Ir+#*?3dFgR?5lAVOvTl2PajxO ziY4%Tq*ztfS)^+)Bu*vo-^(CABq^`59@+i|`$kOTa1Wag&7)EO79*jZ=$qQI+M1V` zn}4d_jF{f#$#8oFEqXq3`aby;Mheo%IfT9=CU^bN{{2Vyp$jCAmnKBF*7zo4hjGDN zSKo&mfcANgYuYTAY|O%%2_QQvcY?G^6Vbo)ELJBVqj%@BZOH@g2x_YiCo z{HWUiaF>NYZj&6X@AIT&R{h&uh|4CL+*qY3P<%nLeK~*ec>raQNkMplw!>@lM)E_xf|4Zv0~)>FsbY+; z@e3SP3JO{x2ZG9w`7m_H?(T{r)y!M__I1+K>3Bigmmq`Jh;o9qojx6v((b%1zAn{| z265dKjPee)fkqMd#ato(nmJ59F67ZBTJM>R^tqw}(<}ljGOGT%@Q}DVq^VuyLx+XY z_`bjgkF#D~=MqB+Vr^+WJ$?<`0SOadWydK(S%R^#xy3fAJ7x%f0;jGU2!;p-uq5|6 zd6Hp=xvySriOrujWHE`-wry98B7Uq3;gg1jrfj;w{I6_tIwYyGT$T(`zmQ)+xpR61 z2COUxhN%*OnJ;F#WlN)GjI0ErcCbL|r83(tojX%1JB`qhI!GHVX&^bAzrU)wI$lNQ zvH7pI?cT5fHRp%wd`8|-@__}G*@hclLD-2N)4CC(7ITD91y;flqQELDA|iT~A{2=2 zlWoy?Z=XMhPLgZ;Haje5OuG{2X+0fB(|Mg~(-5nGX@HuB!%%ja_#!_rS5clK_?h9kpk}q!qNN@F1I$Obe$tri5^`{bKEZr zgocr95_^tLnGr`Q|aBkUKBcnV!+@F-SUdnJb~u{4E6| zsH@E{MZR(YND5WLZr+XZs?1j3$8hOV8`O(gep5v;DRmIVkeGT1RYl(w{_tBdexo8R zu<~+uU&Am6E}W_$aUtFT*7*L3_WaOLA326s0yYd~NKMFbC8iebmnE4~uSo?-9F0_4 z5X9Fv&ZQ_tPGTKbb`~rYUbmhGZHO~qSgNgX!wYbR$t@Mu$n%xl-_r)!!Wr^}9ry5| z;BTUsk;|FNxg(UI=_B5gyun#_Oz|D(HW%tk>F%cxT!|2HrBy_8(8)M{8W~^U%AH0o zCk!0u0p=PX(`B%v=1T`+lhjwN5gnh4)WIEW7bj_t{WxRLxU-DJe$5(H1YXwX=V*pz znMJ3K`%YPUahp5A@m~%y+y5c zGnPpYnz-il`SVweBDhv?)LJ|@RA$U*Ys_*xyTaAsHz3!dw$^%Xk?x>%U`rsu1~u^= z3&o(TSSS~xqO8F{2&Nk*%A`pg-Z9iCtFOM@|*M5c&3mK&X#mNqL* z*JEA@Q`V2~;)p@}aV;W3jpM+zG2O(`WFpP35a%c6l|;rCIu`8C1;%LnNe5gU2ZGR- z@Py!X3afqOV1Zx;G+7;jR98^=b~tsv>@b>PpjCl^M9ZIY{MRXso7lBgZf#BI2{5=; z#NRFH@8#h%-bCGb?;c-yccD@_?O)DcZ#==V?alM&vL90k7Nja`+2YXFim`{U=UH;d z5u4>5Un3Ssq}!2_T&NItj$w z;f!1B_n<8G?~6E<*<^r(o##+Z1O^6jVeF0{i)R#+R-Bkjor-D@<0?zg!9uSOtP*v= zIjUSV$Mh1>Ihw%DU-)e&x5vopYuSxLlK^$j{L#}< zSkl0P^AyozR308`H8@wdV>LM2pO5bLPR)YWS@3jx$c)#Hm%wY_0ag&kN+LFc<~nyf z4(hgvO(!%4^l+fQ(IPsa5wArvK-7R5`yP4r_9{hAKxy5g$4`meY+F#wLB=-sr{x-# zNP2gfbLZXup4T}3_|!zY;NX#sAyip`ObPxZ?r?&`ckYhMT+`!^mSfYDmq%mJ0_&rS z62kd_DaJx_?eCv32-OuAh>|MNW#rh!{&wuGnSsc=GvNm3NR`g(&lBdIYX%1ztX#VE zU4HW3^Qii9D^yx@%bXZjcu+-Fb^|jU(LeC~3%!xt({9Irz?KYa*ODD~fbtPX@8_eT z(;_WO8w6R1dX#Nlyra7BkRhrx{Gq%+`0ilMier~BE&#=1{0tp1YBnu+C;1T>K+S+d z+S%;?LWhrdK0J<1wB@r%&UpJ*PB|^*=}(`MhONSV(;clU5NuLa0M31hqa+?6`KRFp z*~<%b*l%K&x^Qg3?E_YmexXSHVf7b%fP|^L<(C5_I@tOK&847sFY_#KlLEupG}^>n zxFFN$$SDi<1nb0$I+v`BlN6`YPafhz9}Wl54`4GSC^xsgx`J-ID(Mn&jRyo0gOrOL za%U8FGUzdGwI{a&@S5Kb$8*()jhLK-dYn$=w;Y(ZyLzn#PXb%Kzd?*-y0Q6)oPJ@q z@~SE(Ws-@hy)L$CkjaooxCDywcX)XDr%!q)KNz!0%O@uVk~p!mp+l{Miu#i-b6w~? zypOvjlIYXCFsEsvI&0q!RZ| zqv2WOjz7Y!i0WlRP;@L(6Us!BJ$YLOt>0UG=frDZ+;fY@9=QK4CL>fs#>-kZ0-dp= z3(J^}b`G`mu=5ZD8z!YXNp-$ou?K(@Qe#B&ABVI@iqeTGF^q8w54!-#kQ9OSW|89S zl4`2H6ALRQ4opYRw%)l~_ecuUG&LC81vlvRWCeXc*A}$sFfh*g%ho7X8xQF0*@4k{ zU*mrn|L=+x>XVtf;qmBt0YzoUeqUUzv&_=kx(E!B|KT%4@A-HWV9JU;SkBncfK!xn z7R)-of)cOfr(CMBlJBEUa7;dZo}7w$`1tYD`K9Qf$IY7Mz_U#19u8Y!u0qQ={Y>@$ zj80b^c-*>D(LKc4(PxL3n)};dhxMIvI)NpSUd%xdTc&`Z{oOUIel76 z-*!|8_beE<`A!;UYB=T6TsQNc8C8j>wCM2SeqRdo0>a3L$P>GNSn<>9@PgIZE)xbb+FeJ7$8&k(}L<*f8U*O-l7>I^g#1y_08Y zWo>OAUy$@iKI|9UBxyiAORJ=sEVSjrjO5>an=kx|PSibQO=K&>S^X|tsC2t-oc`5G zq;`>!J9xd7>vo^9pK2T1qbMugDQdxwwx)V-w&u)Xyc|79!&aVo%dwrE4Y>L>zvg{| zWc$wCmveMiU8nOQq~f@Ik@HgS4sY9LY55fcR}xU1?h;3V|jFJtAohqBCz3_Y)_CMy-Eg1L_aTIc=6-aKWRxp4H)buAeni4f)Om~1;lSft$mNt1 zzG>^}=~-D_Q*dXkiER&ci0dwC2T~F_eUg0ANSWV%Urmn(gSyhH9QX+;C2Sdz=7qxd zf#%=2GjsCf>?LykK|#q}D&Ak;kR&o~m$w6$xOvl-u!;yF)=ig}Ak}Z+DT`Jh8LzD< zkwlezfuKrqhp)hA|LxaiHAapdGiKttyS21-h$#-*!Ks*OMFex>F?n*!n3nt2E@!c; z6;2)am7*VNqz%C=>%v5RVTciHnfKmK^~o6-6i`Dw9+TnD)6o%4J4_*d`0&{Uji&uQ zmG%M`t#>RRb1F@mxn4^Z&KrD`M?}g4BUv}zTYQLMDBm`-eR02w7jmNUlzEzTqQfsS z1O}KcYIy%agJ$3lLa`!pH`)pKl*KmS2W~q)ZZe@}va>UcG-|S*aW$u$vk7m?Bo;e~ z53osdrG4_+M91CRwtdFH0sRX3Up<34*CR0sJdR$Bq|`dTV!CzB1ZBCPHVQNP4O{Aq zl=WZmlcHP!6R_?OjEa@A;1W&1QRoQ9+B-3>mT^01jlbPCIyqv8altib7gN)RmebR- zHcj#S2cInLi?*u_IiwARiz|!uo#Mkgvu{Vyd5Mi1ymLiCd_4s!pgSu%EN9)W3_;>k zE)*rU41+dOivN0(>I!?;W=1?8Z+>U{TpdEjdY5Tfjs^2-%)Z}gO|99D7!I0c0=-o& zuaHz`Qqg>S(6eUQpWG)Hv|e4SEE$Q*21dx^lZ?+?GqH8m~3_&AEP{Id)(aPGqM5b@w zoxpg|f}CYPNBCh?NrEtNzyNBkA-xV`5Z~xXT0Nqz;R*L70W`_fl!jp}k`T<4bL7`n znD-qpAcmBa*4)r+1rwT`-QNA#4MwdiBL#;HK}}>h{uM&qARnKb^wkv>u5VW=ks9Oo zIgoKIGBQd<=U}v0{U^S3o@gQ>1KKVj7)?1B~$xXEfHL0l<6$N z3X-JgE?v8>w=dYu_caEL8$j>_MtRe%t(Bq!E6%D^+-Rs9cVLt;Z0JzDNO{ScADp0^ zW)qZ^msAQHKT2o-YkDGWt9lb%d-hZVDS?u%XV{wf3Jd)2blnB(q>>ZYXTA5?{MkO~ zV$QZChe_X}5vIX>VkYi#N~d|zxkZ=f%Q%z*GBtcLY5N&D#Hiz?&O_WIF;cNEREG`Q zH{uf4$=Qf@f}YE%iG$jI>RbQ$3`yHM4TO=yJ13{a=|)7vb~M}6Ca7@==Sg+ESW*9< zqkp@%Iuff5o-f8_6qvpNie8?cR(Ute=s!TiBRtSqKz@ZC@OQ&8MoaIDUc)Sk`x_bv zN=P&)gJdPzJDbFsqMvRZK)+w1Z2Oxulz03B5sq>XZ(!1Lvm2{A&!H;_;T^f1Xmao? z?9i|_tmZ)57wtbU6klV$v~q@a=Lv#!6c!df0Ux6m`E2NmocF*%KS4sC zzka>?LHW$y;a0pV{leTPrm;bzg?_w#2$6z#&Xcz{;yX?qtSKIlH{b|Lk<`OmCk z>BSdF7GR0~qD9i3H}LgLvXS_IT7C%+ zZrA69GDm}G6<<+nI&H=bHylVQG@dS`(@F_qQn8{S#jZcGV2J+Autf3-IGKW zL?r=McP;SbF1q7LLD#|Wv{iW-gnidsi0}XbwstT`E4>*D_4FkA^l7v5s&SbdkO8J- zLLaV}TwtC(s%k1a1~C^Knyhs^qE-5_=rQ%6&j?bAAe(-5bu=|h5(>zvcU{CDZRko< zfr0m1rMo3a+q3!UgeZu^twAnEQk^MjlRZFm z!xH?6lg@Ah%89i;=SQdacP;UnZIDNijmD?>?XIlhL8F0<3C(`;Q`6WKm>aZk4!Y*Q z8l&H@^F|P+qPoW;Uch=#a-j97W-GyTIDEIdwEXwMgYS@T(fq$$>L3xe?PpZm%{7q% zDU|Fwmj_}H)}*AhOx(kLBLrl-f&&~cp_VTsrY1D@)rS~GBx23&e1tBXzZq~N{fPRR z_=8gL_#<0{s;E#vz>JN7iK#oO!3Xy1H>!wS;U*f{fDA-TT+_%w)w}KN5Mh1#@iQq& zGa$og=~8n0d(196v`2#G1rdx`!@V0FS@) zd^V->cCcj_IMx>tYb7if4T(Td$b)(KWqabs=(`^~HV))hvbEHb473)pF2@%4I)J(p zttr(C)-?+5r03}QLA}TT0dn~xuZjCG3iB~zwy@>c6jBFKVqpV8uyPMM$4x+ohco!P zOIXM9io7nhUWfus?1SdJFq^J1QKw=n5KLV%) zAYvt=i^a;4bZOP9nUf~{WjJ0?bX85|ws9QIxrK$Oy*oPFY8_j6eBe(2oP2{OA59nP z}S)@c1Rb*mfcS@!5lRML11sz^MoB3m}x^%s~|E z`2LPPrSEf*WAXT-eo|5=p}d#3B)ctyMHZMhs&r0S&Lp;(-hu@+t}&(FsN2#qGiB=K zFOgaR3B!}@mrbBtM)%blnL)TA%Zum3%VQ;_uI@|;T4=qJ)rJa;B7Au`JIst(40mSn z+W0xbsj&`GXJx5XsWzvQj>bO0(>)SZ_n1L8(I9|YmSwU_g6;esUVw+u12H(*>oWfjUBmM4Z+=<}qrCVGutdVnG3MxDe(a znQfvls!ymU(Vk~#cPram7`@iPc1cT{#^yIQHLbk5N=R8?h_xVq5g_7C33neKpT8|e zv-bI1u!yRPik6RBZL4uZ7&It1Cx>xxj=aiGGjAvx084;{@Nha~aJS>032P7j(zXuy zpC~I}hBZ`Ge{z`BXp@TXiPu0+F=M{W;K6$_G~y1Q^YMA{&p#jb#EX;&)P0!x-fy%w zio@TyiVF6EOI;qlCjvoXRR#y&Z*Tj={M?jtv0b4k_u{@o0VKf7}+6w z5&W4w=nv08v|e(AQ|_IZx7o#|Ww`y@8=x(y1TL{a>0fVGiqIs#ho2|O;|mOtGY4VP zj2ZQ~z=;fyw#`^vMPb(MX@zCEVD&2fh#*62J>r>JG(2EENtt48Zcc@TrxYh67qbRe z9l(dGp`T_1Pl&ZW?StD& zLu>Jst5=!K3gX5F;wZ#12hB3+JN@z$IV=gp4L5G=gbF2X6A%f9%_*D*usBv3!k7)B zXOP2(-=p(}5rtQ-j0KoDBIBr_uAY#TB&H^yi>9Xq!w4~)oCGusj01!aDf+RHy%;o} zN~67|V(30$lSiqq1(Kpg<%>6A8_ASC#~i)pfRai|m7hP~<*7sPQH`(-fS2&*sMzD= z>e^bIa)ieqFR}mrhMCR{Hn23vG8$qkhL_qF_^x*p{WXFQZ#Or69n{vm^~?fBSC4H| z4-F392zlQ&!l{0Ek!f6;S6fmvF;vy(wtoFzPQJHKd)yqRAThq%qtIT1M)f}X>wd?F zyRZE9Zs+iB`#=6QOd)l7o#I5h?8E@ii}8LLNp5b&MW^Pwb&2SvHUH&z$JSS4?XNZ6 zo&WT}%0dT|DSlUBvB~Wj*ucy?Mj#OHz{UXtPz4v=*%=C&tuqQuFxzoYybA<0tJZRQ z{N>ALoNK*Os3V@M>`)nk(XbrW<^&~NR-7CiZR6fvzC4x*@Dyr3OZFZ9Ooq^Ya9Y6y z2=`nLqK6N4mXCLxNUNAx^s)mT>iJ}4w07_2kx9Xxk%wUV?meIS4)lN1{pp-GM$nb~PYqR8h3Q$UlmP-^F1CV{8T)Q{AXCOMu1|Hd`{V8Cx6xk8^~U ztgROu%-9+nUx)SN=p{f3Pf0&|_g|(r;vsfcNbklh2j@s&!nYt6K(M@r7|w`CtAaaW z2MdLKOti#8a}N=ojgf1ZvD<}_PWYJjq zIfSl*c4~^h3v`ULjD32|P*%2P0g0A=gD~Q!ZSI!-h{>6z0o)u%Z1|8BWF4DdL}kd+ zLigqKB9(85J8z1L+|b8ij0foE=qPZ|+}l5}umKgKoBkqZb$OPqbcpvEHgopp{bTwa zi zG-7u2HI=S+1Ph=?4SR|Kev24-`Gb-Q#iA3504R3lAm$kHg|pHNv*<*Q4(;IUiHQZp zHmvIeF)ej#79I=h!2zhZqi^1%mmi``BY0^8tL9r{GZZ}zdlc&StM1)3P3w1fBauEH zVWqc_s%(He7Q-no)jmiCgeN* zn6!jxwdjXtQAOGE4C4^ign>LvuKPVe&Zg#d@0m-M^fgziNqz|4Gf3vE!+|nws8b;3hZ3I z95YJ($Jxc)lYda{kvxjfE^2R9F3r+7=zT3OZ)ADtYq_Iiz~YS;YZKGFm=V{wCIyMW zPxLsj^u}vPy3&P6|5uIVK6q}}tLQv+mH7jE94eJYqeAvCdfC?X?l9T>7B8HTtPZA` zf+6AHUU@fxhXktp+VVEZE@mvaHeaJAAcLx_W1>Pp2&Lv&(8Luh$dKiZKl1VRo=nH8 zdk8BT8D~ugXir}>IS6?MF9IP4+m59T$QGPLvCTp4;CR1Iy35$LGlqEJ65)|vb|o@$ zOtG?GKzbQHfTq#h0)|!jrvKohPwJIZSZFnAFotMR8l&hXvQw4p`dd&|GC(yKc)__w z-`?UI27R>WF)JL_e&(>=#~-OW*8YuTlkyy;2zx!vl!sRGy%C@RL`7vW+Cqvm-Uwms zsWdyhuo-aW9r8ElHps825%~~KP75!+pi*H11b$Nf58tQIAAfkG;=rD|%Sg#FF}(Bf zf|K6o1ke56sCU+NB1aq=amk>N7g?neeJL|^e8tLV-Cm-S0} zzt{llaq0<8tn@?zOzTg(wcygI7FA=Vl{!T|0MPrFfRB z^tPLZFT{iiUvQp#-fm?`<|D;vf2Qubj!_fhqTNSEoj2IZoB-Cd-pC!aNHc|(?v~ISNC>7)d$sP43&D_d`h?1i zJC%p%Jd;blpy}d&xttyCv%UxT4^Lh=iqrS`e3&0SGBn9;m?R;n8H?C_{nUlaPGh`y z{J7e#552~Hj|vY57JDi@`s`HW_=hKIxJ$z#9A3A=cHN?}r<(5Wb#S1;G^jKIP>#q` zy6)bj6SHN{F}ka}67T}O##)#S5n#O6*~Go&zl(`*#Jz#X%gA=g1MuvBv)gI%;|L} zXEdxQ-n!7hjuj-_7qQ0w>lnaUe0FF+Lfs;*i$xYwqDZA{rdJ`ov9cPgwmZ%kxUXlU zjvVfYER`01farBFHUTMb2a1XYfwtL!@(PZD`dK*l_O?K{a$*3l$K0k5_J;^WKJUb%RO zF^Yu(oGqJDOoCPE8rtyhFV-GOVGJPY z0$EV%Hfv)gdtg#BbEAke506*=@eT;$(WW>nqc58IbkmW7(-bh+aX{)axP6Ye6?7_( z^8WkPHmbv54|BH$c~n>{tB(MGRQWKnQ- zm3pH+J9$!AY9mT^r3536Uv%Px`?+LL<>)3`H}?{onRO#lMX`MJQWXIq-MN zOyW2~?3TLZfpJr*Y8sqfxqVIZ1{~9=tmW}zc42bI=1+C>7^%6^sogrwO~0GA(?kYG&@-pSsBFQ#tsnK4(uiUdRwJT;3;fDN0zioJK;M9RlYl+|13)qidbec{1 z3LJmEwt`edT32%66LWvuvicoE+ba`?HdV+1$fEFuWE+npTYmCEUwg*#*PkxDM%WP+ zCSTr5tyWR;6ln=TS@36^6PFY|Q$ZmE2v&erUK9CGu-|1hPq~sl3(p>@*nio=H~o=W zwEn_VWGJUPf3XrcN@Yaqxm?dBy_b$X<^BHo#@~06%LzOjU4tvUCkZvV4Qi^9qfPAp z?t6LhGLZ$YUXj^yy4@)vclbf$IrUElkPpB8Rwfpm8?Hf|R7u&|6mjN0Y zU34v1jrlLt`Vtd}2sN#p2d~gzTR~Zg}IJ_I1fmpeDi7Fwb7}JImYE{SqEzHda z-?pbk_{;(@A$^?yW=w+eV9E!Ydvi|vux|Z@3rEkoNv;8V$!L2a+jME#bKw5$u_kNQ zELgtTJp_~xJwM>Cm&=l%tdGol=fsFJ#ud4SoSk?8!RBf6X1<5;R9AQ*yr746>$jY_@uW0|O^bRQ+W(~FjIZyh&4kkMD_3mi7pp8LLfLn6EI8?3 z8pa)BXX1}gI)}DlQm_2{rp+tgY9ytZ4jD3SxioDyoD4MPV8*|zwb`KtN3@}FmDp+2 z9;UB$qLPw~zqS9OvG$G)r=~qBoqCuX%;SDj@L5bxW5?%4ri|JBi7;E5%k>|)k2S`! ze)0L1x1n&Jn%>-gV3~Uek@fxt*&}J2Zd_BF(cWZI!Msji-;cd*@XaWQNlQU>SRdCi ztIJCr%+WFBVXSY{W*^FD(mx;=`tgx$yf|OXNz0O$8x@E$t8sa&od4w?jvBLKA-_}> zW5r+8VhJc>Z$D#qMu3Zg&lwyZ*gbKx+u=?@(s|> zY6a<5Xr#&|<{Yfgz1*&8Oob|>x(0$8ZP}sEv*{l!L!P~q?q@)*JM1##Fx!b{auaB- z+I(Xbk4st?A6Z(!H*%2Df|Q>hPuCX`e4sMQ5QI#(9A)QnL{pXLlv8foqx>dq#OU&~=!pX~ z3e6roa3ICXOL~=okT?GEf_bQ#nyqM?1R9G7g!5>!X-J z4N9%G`?K^osU(|XZH|SQN2z<_*G1)?+Wf!Td;6%I)3)!snP~>2Q9}|^AqlDEr6eV9 zg_L(8nwmsjk_JWTFpNw>(vYN@C`}rYq!L1NP?HKtQYnR`^deOB@_hC(*Y!O2v#xcY z_gc^Stb48dI{rA%8Ka})*nj)JZ`=0$ez)(oR7=sH<{R(Bu0a8o{tb4dJCq-jJ8~ldG#9T@-|8jp+=tL3dYIT|Km9q!u{Weu_EL zjha`llnq=|()HlA2bmeE^lDPY(3$i2LLdb^Xsk7olaJr2z-<1PkM03+lOl&UZZZF$ zA6z38DX(4~H{3jA;?n0a)bOilqUlmpP!Iq9dzlc2T3eektePwd>(-@At3#EFsOI8M zs=et$gvJ;x-h~LC+WR}RmT4=g`cpJs1+Za4=xDmniNe>fuhLesGdOnezyXBA0?32q zrob?Pmmn4cq2iVSXotL$vhFE~^t4g$O4#A#F%0Vn3k(!?2v`(7(kJVDz2yoV87YP! z=7~dOyOfr4=`cY*u)j2l290FS6(k%;<}l~+Rv)L!PnzNuoRR&~d*t}>!Vs2Xv}0Yo z4La=pKFmX35$`a=%gYPqjs=)LB*5R_8gx@4F?E(sIdqLhKsmrDHK-}oC&LOI;z3)h z!`8S}FV|MmN6nW(DU`Ia=orN#ZlqLk-XPTgT_j%AyQJ?zp=7Hwe9z%6Si3;NyiLe- zq#H(&;_!Ct@G(6g&4qlXgh?HkN#%rw6=5BBCz$AFMpclM{rYQnAA59ypKfoH zf8}aO|KLB)^XDExkowqztBICYARR8X7cXBjxCXZq@@@2A9$>x<|$$SQE6a>B@kw}_;fej-42IyzH zy16-|-d%pptXa;eI^pluuViGFMkuFE3+&hsMUCarh)LojGuJ6h_AUP{h2$llA2S z(PhwhJWq@72|hr3UWT(R)|Zx+auZugHIRz+KHUG{%uSo>xE=wbSpfc-ITDzs9zM)m zi(v}gG3RD7AKW?*$J*MONW6YM>c|0;wrxQ66O<*qLY$p_8IqQffgFQz#Eb^v9su&@ zx#A`~W(+QX%u(W3;6sdA7jZQ>c-9V={q=xuK?!}H_S~~BdiHy^Jmw_7P+KuWELePC+8T` zLY<(zaU~BQA{%7QeRA$>n82e07X%n_TYcw1|7mB;T=?$~FI>=5@*8$^c7LD2Sx!X1 zgV?cWJCQO4>f{TX;LJ>1PH3tqC@^3GbY9-VxB`4&9G#r@OC2y3R8ct@7KT;!gWW6a z=KZ4uc<=z+o-&19J3ES@>GNXqg<(rm6U;TAjzseL=v=+KB(HtH-P_s2gWn5>>AA_n zsx2dru0w~x2r%|E5C%y-OvJEh93upkK704la&|ak?Fnx*(Ix8}zUL~R9rczAMD@w` z;E(PG{`f*OY%Mnb1eP-{<|a7g+VSMj66IAX`c9_>nWV?Gux?;iRkd`Q($OBhdYzdy zy6BDnro501ijAj76%{)wg^V2cd;7y}Uv%`_d0MGVekQ?nz^Y$*$#g8myZux zDZevaxw@CjF~PfmuRw5>B4yn4!L}>+Zl9;p%bY6?oa>%ie;Jwf=#|%YB%VKisC7e9 z5$dVgXU)GK(s2wNBz2$^k8X&s!;c;qxPMkFN`6>-1Jzzfo&aQ_;zY}wwi2l$S@3pT z?;`IQv~~{r^$0lQ9JQc@R{xL9&BZmdy56KUK$w{B>L6^0mw~5JeYlty0FUAF zLHqMp-S@lcKL)A%$$|gJq^SRefBWU9gyDQ%NgRn>r*rp=he+9lIe0bmW;ET#^}X&y%_i(DYC0ICCj|M|bsAy)K;c_w%OgAfWA zd#>_E(~zOm{?E{6u3+5Qritb{BSvh09TSZV_U*^&IFL{~dw=u?{8cM_Gc7godT%}W zJVPW-&_pmYqyKS`tq<8NaOHUm7v`aGLa8L$6}?*Al&U-4XVSy41Dcl>w5o7RJwOOT zFxLr@s3Y$hZZX^*AZW4q%NHyls&Yw%WMlbgJ$Ei31#Mg^IcjgLZ8?(g1#58H#k%Azs-Br#;$(qO{Nv z)G>~jdgjz02v=af^>J2WgsCD3PeLJO{hnBSWTx` zXfFaWQfOEwI&zuIfNAy4kC!?XE#Ocqug0@B5bsPN-?GJV_39ZjXOg;*WRT?q zSbur@(4bL*N?OUBFmy-3mgEIQc|$`(qLxPQm7X~$X1NxT5iQeRLdFWo2dCiq;m?~t zC{NnXd+Ky4CtnKo6b}Q#n0eAf5gV(_N;Dh;N9B1epD&;c2q5QoyN}1A+=~xdzzDOeSG6N^T{B4hSHGqFc6Z zC7}`%VChYIRf~8Dn??#M=M%k9-sj{n<3Mo+gucEUbuq*X_Ho#u!lP}q9ubmVTU`y^ zX+!XyqR!I%dg#!$;aSK_IFkU#XR5e^fR)`UnZYV0*5WdPVcVx@=0&5+7@pZmnkz7b^Fl{Go$3$@SUJzH)`54I`q$@)VjE#-y{%0#en3HY^lI~GK0X?c1#zCm@4cMJt47@>9 zgV6xFuwV!uotravE>)|9A_vDmV4=m!mc`^%QM>?si>WRl+3*OY1Dhs7$;JsQ@M2qj&b#8E0gn&48p2K3Qq~cXL5<7Oxo;bwVG;Y>;Y5*c6QKk( z&!D+|>GpUbzj?zsVg72DkE6EID4twwKE`=$AQ&|gBIo^$_uc-xP*F- z?`a4t1M^Fli)f^gH?E%ogotEsw9=ey+diP`LkZ@Gr3!hglHX#c2hc$b>N$4E5GKw2 z0KCsAGMqV4hk8Icab9K~8~~|zBruTXSwUpOO3l-PxI3gWQFNhDr13AbJHb8k?Qh+h zsuSe7@lb0nT3XZFwJc@Mb(Co*Hk) zxR#J?jv*x@ZjN5BBKB!oodmv1r9`F5qZ{*x*Y3CC+ksEB^A^OsLzi?nH17giv~q#YJtKq5lU;n=ozPXxD91KEHZAGJY)(BKKf97{kQRVRB34c*wSZck19-m zM6a=uU&n`}G|22VAdwWXg$S}C428g8fo?0mM5q%dOxR`2d(EM_EIg_0`xSJ>s#PA3PIH5DS zK;Hql&H-eLr~bhB$qA$iVvhS+)C1>jm(d>swn;p|@|+R7os!xZpBw?QB4hjr>N5N6 z9y_dJkiBbaYU(iG{`Bbza5>(E6FWLxkLJfEF^ja7*1NjSi&-R^b=B2>M}&sc0Z&K0 z3Nh#~dxP-YH3@~Vw6GlTiv3koiZ3|_N*zQ~BFsG#v3~TQe3_Fc$OY~o7;99SqC&+> zb!(O|{-Q21Ir2e>_mEs6JrUDxXUrGv9G5pNv$EFsZxre@7YLY=V^6J|PG$j@DINXth^naQe@w^xoeV&7LUv)PR|P5$CU^afDLS?3{dL8fJP}P<>L+8DCiMa z(*JT{?IwbI>Kl8*d=VMI*4h}3J;s6O54Zuy#0fxm^L07w>2 z(wdqtiJIPo0?_VCw-j380#IJ=KXuY7dTPXRQ;A8;5dl9yz7Si8w)=GA?&uwWj=@)H zgbuT5W^+_#&;FZbdb4d(P!_)JG)bi*Mgz=1^T>`?MYl@6SsnHVJ%0HQABwQ=WrBLJ z6kq8rM*C0UFxKCPei+BG%${{i!5ntRd@Q_}U8SYSRsMnUUvUOxCsOFO<4*ALP+!n> zqqhFJusa}sWAFT&%P_=m@Omz&&fLkAOi#Yj0>v45TWCNhWM^9X;I>W39TIIs%o;iJ z?8S>mwx~0ejBI7F`$a?=+`(KI4+;wzmE>8HncPi|lWgkU+P$c&VvuR|62)M@!HI|I zMDm~f;qgN2$#6vdn0=l%&UY@k#Nv^Co!hHlx}}^y_y8#=BpG3O{(Ov5qtKZ@D+a`m z>{}z*Z?B9##APwUK5+WHsv2Tzbv60`u5q0pznaxVLw?0HJF634tI_TNTce>dJvRS} ztqw%|{k0JDtnsM8Odl6g6i_Ey9kq`?blT^yQPwmy4L2U5=1kaVxVHVuC>ccx*m;tT-- z6`cmm_|2lx<0>@=_Kg9770;fH8P~jRJ(G<`kDlyN|9jzvV_7dy)vQ zKJSxVc6jN_w3bqDAh~#n>K9k(ufO~`uPRdO@6ysV`dYw(v{S;tL6bfp>QH``2+Fk+BPc3*`WkC1D@8LF zckz=q+k!1$R#Z%T@GK&D5Un&{Crs-$czzW=O;_nLS&xL=PdA6gci3jyr$b3r@E!y1 z;6*o5E2#%4O$+~L$6VQ2p8HfO7>7*i?K{2KzC9<`++8J z`tCV)fUq+n`zB>f5WR~I@g_tWv;%eq^M@4#sQd~_8kB`Yh`0-Ue9{zW1iW<&%Gz3D z#+=S~Rng%LaB3#4I<2*i#EcX5)25cd=!e$|FPK|Q(N^f5G320&RdgU>#!v+p?=40Q zY`N$8!`fA*8wx%@>a@SCAFlaArqzy+JBLd-Ba@%%2eQ zhMBZ(DJREGI^%rew;l@>qvmP#?$bxK+JsIr|7P5PgABApxb~{HRydWQtMPs&hsSqN z5FK8BgLllCJv(C$ZC_mCkqJMqfR@R0JTdX7Gf?XJ>#lh;oLUu!RthqcxX&1Zkvck> zD=>UV7xc@%eOQ;0DjZVGrR>7Xj0uj?+qa4K5FLjPLhK-bMxjQzz9g0f%VKgTtt6vH z;T{UO%7sYD#IhgFdO@%)P&$9nM*H-Ai;K6AK=aIbXUxj{j8_l}Xsrwl9UWi+ujJgP zfn0@BPT#-)HIT2goUTlk#C|w^9wCd$+BNo0#Tk(%8DVoh)|Gj5ftk;@7@0Cs7Z`~& zf4)ZVov8Au4jpq)``2axuLvFC;lnh_?CU#8zAr_Kipo_?z(364OLNSYG@9=^&q^eA|Js++uX`cvK%l%Hn9YHZ;h8oRo?zJar;h@j6yDTUg zc*pZvN;;ZIO}9l-I@4NKur4vp>oZeK7n$Y-VK@)AZM`H^Bo?hKG%aJn$Sv`IN8vUQbU|Y#zF4{)I;D ze~iKTfhB(Y#;qV0GYm?$O%>ND<7R?e&utCj4Yr(j=x;7W4 zXel1KEY+9`T~-@DLQv#P6D*{ShkVO`IojMu)Odsmj3SZ8cf7)e4eg5bU1|W;i&P=#*fDPq5AX%(@(UO4 z<>u<*F4j3*>Osz@CzJFhP5Ok&i$aNBWL&~x{`jMw$*)amoeXg8j%U?j57w`labh{z z5oXn3n#V_`*fW{f4!}rsCxJ=a$qN*{n^RG~#vA$FFVvgRxclkRA5zjZMEo z_AEcgI(9@hH<-R~HAJ`uV0G{1Eyi|5%!7{vb;Lu3CKHX}!?~dO+xhFbpb2=!^#5Iq z=fHA!=p?PGnjf=B++tN#q`g2f2?>E`s^F0)nV5i1ka7|X<*FSllWlcS(e&>hjIWW4 z9jsd90%tVconYjIkb`$BRy#WKi;=#;hS79~hUL(qUNMV|NJ3fah#yBP?gx~>j{Znu z84xI=nt$V_S`b6~F74dpK|H-qepc8&!O~`AD15sYXbo;!OVR4M-e5+zs;jFH9vpH0 zypEIyrqp0WQpoEys7MM{EuqW_u$Z3X z$kH$hnkhlJ>&`q4jgR@`%IjVem&InUOT-fjjTbN<3_eiN#p6$jrC2A*ee+fD$aFp7 z*LCpVu+h7yOrfb}Nf_*7rluCoGWOwt13qoqzgKM;Ck_Mx? za)q`>Mg|cnxKcRrL0L0gqCp5b;Ye8|HmR@4|5I#N@s@>!{jo_xe#?sy+`*O|xn|&qPTcyS*KGTE8%in&;(ej;wOzACh< ze?aC3<)AE(WF-|9%dtY8lTxHsdd8qo>-PIR-D@MXCoEn&r7h;om+iS9Uyi@g(f!)0 zxK8a-VxiKFP18|X-rUm-6ypusHDq#^V+o!Cx%A?5Q__YJA$YjfegQ{cU=@`e_RsLW zV#7`%&~BWeA@Z#AE609zF_G~$zmTIUenP1Ab1PF*RX^ABH|o9@gASW@AyR~Fchf&y zpG;XlGrO+&q@5X)au4zM{(1fPzx|)S68Uy#Fa4th5Nq-8*%6ga)(qbX>ZBkdoIg5Q z%eI$M*>#sy>D8Y2IVvRw*PH$%ll(nO@U*mW=`HsGWodX+LXu;v)Ag8=Q@Z}jxVaef zJ?W-L{0(+h3q5(-95ImI7)YOrTtC=i-kiKk^R#};dchTGU@)7j7nq(q zFDt9s^q~7h6)VUL^x70BP{=J)z}b*jz$8JOgoppk=QYw z5tuIC25Aa|*k;Z0T@uTp!JeG+?u7Zy#~QjnLE7^qKw#>uG6^#d@sD4)A%56wr~(gOSvg$EZ&0spL0Pmq(7*nJo}Pee zuyO;v1cPE&U3E1bT>L&9u^GSO>6rwe-_*1a6zvis#H<&+eQBb&79S6{47iz4s2!BW zlxk$iR?&c8;8zI3va(?I*;ekqSx)#PE{>u{2iv{~+^&mqbFFoP5J{jshQ@ZV3$Tb> zG;+p}`}f99b1EXW!DqGitSM7=O&@|E5JiAfLhu=9XmaRA5}IDc^gGFZNm?Z6Tps3! zhKBg%=Xe}z$Ke2yP-yva-{G;lv_7A_GKo^x3MLe?6ucX<7s_+Q@YnW-X1y4)Y&bS9 zhAI?_WUV0AF^d?thEoYy(I=)1UA~O##^w~;y;IHJ7P9Q57Eck{Q#iAZxAe$SLhAE=cNvV8>5|{yl_Lmx?tA^)>^5juM`UbZ~-y&I1SWV zyf{?&WTHBY8+Og)N@^XcCOOLdpcr;JS67Xk)# z_c`NCYg67hu%_))X^=rBw!6ozQTIJd8yOW0+DJSzQ4i4=$eYiK?M8E9Wo6Lu;}(}` z;isb>@h$&=L~(JwwuAwa=uf0mUMQ_XAY>U8PXd;OZ3^%z;asi}duW1<8iLu6ta?TkEw7=j*R z2p;Q!&@png`J6d(%*=k~MtEO!JZhx z1q%T@Lfi_lP*hZ8>PYb&#^^HU(@{V8{@Uk_ExZu{$WcFF4a4H{*HQe@H!*JK_5MKv zK40+OeFT40mw#`Y5|^$^Qq%kQm;+Ipp>e!u#{F&;eOe1J8rs>%-eUCF8S}Xd@hx|V z2brUycobS)SEr_|{JYj!_5h7xXPlY5JZ`|OXJg;jZEeYjGggg*pE!G#nY$EcTms*? zTW`?fC-W}d`~iyzE;ynQm{-lmD@F1^gDqYrF==OgV^2^w7h8me_1FxXEUCZL_+}}}#~S*E z8pc;{-f%}VeoRQeU$Y&is83P8ci`nKr4*}-0wrF$!V9v!>8p~#9jj$A0%(CPMCsAFPM`{=S~h=b`y`l!{^gr6^< z+K_{dnhd=gz^aO=h^n zk3Uv`Ot5$%A)|as%J1%{eJdw77aSs~YwQlK&>v8Z5QFJ&7EWN>TYyVVKYlSb*wQ52 zlvRV=L2n3o&Z}*x!9Oxf&W0ln^!kYS%@K zGEOcpZOL(m=6-i~PF+rR<({&ND;3&7ac5&%?IcZ6(}%Qwvi7k)$OGgB8~y9#%S{;| z40t^_O!hcu*ejWxiW)5>TSud8(MZG}D6Wt3chR8{D-a|w|2D-I%`xMYVej>WwXGC{ z{Ws0=wU@q2zd$VQ983?k$yZc#m+e=%oLU8DgYd3CvMY&3DdGWRXNC z$dV-!CQlAUVwd?Ggq{|z#ZU*im3}2D$<5_5uLxR5b@2#4aRRe^-1SkF)3qF(hbIhT zOkM9|q*7R!L2CQh$LH|m=_jr`r0>}`hr2(s*gTm?7nHU0Qm#(%wr3}c z&W~37mLw@TB-!Kb#^}*rkIT(hc=)YYikqL`oR!J58Zv*8j`=%j0t zQoBA;IUuJLKBF&}%gCPv+*PTnzh5EM-M{$Vp{102d&l}sQ*|j(yy|*uW7E|)mnMa6 zuO5~Z){$E4ddI}GXrrVcF)6h5exAw4``!g5E<5j-x(2XxH=_4dc8MJoW^|S9>ia2P zc}-Cq)L9wq(lY82pU>aoDE?gL)GJi)yr$36{_y3lZVQxsm|Y*g^yYB8heC(ObP_vl-dLugYkX-S>&aKeTv#)r!V)>WiB9@W) zU;iBUyM{CTdg{O5;NP+at?`swcKEwsJ-UG6-*(wo|5Na@yz6X{&LWj@wiZu zy!l7eSQwNp;6&Ec*#32t)-5#@8C^D9_t&gKD;yQHiV|l90{pgRqF3a`SJ~c-oWj?Mkk zF3lUO9<&Rv$piZLCxxlnvIF9Xo2F;bFZRl^H=!qRdAon_-UYO69>&7HN^!jh&^#@? zaEZd32{?F*5npL1u2YLfzDE$piabqH6Nm7|sRZ$zNz5VN@lO<=nQI(c-h+@;K8FA- z!3RjFt1}(>!u#8r7!4<^%<0q&MX>+rlTfEkjc~0my9o={fKCk+1cEZtPldVs01sNy z;Ae+DVc%S1bSJE&aKWQ(i;4$jGgdssSB^09Zgv#HIc`Hoec$QjybE%;Vg@%Hh7=37 zB$@Tcx{A=Pl&d?T8p|pi!d{Ycff;ytwdNyvpeq;nBVyiTL>b6Mz4-XlLMT0hXtivm zw~=s83zm?T!qt3gJuM(bo9Q2he&t?=c$Y?Tf>hNO9^@y)hsYeoxF!S>lJ~K8^zC_n zDk@!tT|4#Dm@?5M%tMjj3|LxR?8PJE6Ty(+(ZcPtvoWMpZg&~&njIfDb+8+#eNm#n z_wQ)-XHPNCfuAMYL)+bM*OqUGM07nWU{q3%jv@>&#axW`9{9``cI_|hzAu7g9Ca@`^1iW>Ubq!#2=fLqFp8vSx@6z#I{?d9dely+0&KpY?_Y<%KhK z|A7Nz&!2BE%=Jd+bKWk^1m22~6$~+%9kmK!CEle(b_(chC-Ug0*e>hIsWF9)U0n1C z_yR-vmz9-!)Q>YSg*36YR*WiafSY;5=m$(xFrC8Wj-7~i0SSLvTT$BRUNOp0W=woQ z*oVNfpX^O2JRa(BO-*d;evE&Ns*c`(-RdOLoGj$qChd_T+9(ARPNFzc*r4fS#l%zs zL`_|7R8H(hmVx68E)caKDa;gc#eoY+s&eUi%=gQy>O=&%kd`t^0~G*zi@2R{)kXH6CZZAf-H4D5}N9o8q}doycAhQ9-svmRVRzd-y{S)Z9ur^63}mY5i5vpx#|v%PUp@iH)N;Sh|!4K;s1T zC?^2*XKSmMW}wgzU|_)AAr*&{O<=ElWY<=O2*)eL z)>Wg+0tQ?RU@1+L{P2T%_ua%>Obs>`Cy(jA+g67LnI-e*b0Hn#v@%CK<@LBAwN!t)Kl{|QG#3~wioq&9q2g@{B3k}4f!k?7) zCG$t81!x$(Acme5K0BWU1ey*;Q558I2d<&Q0O`{Vq=SrUIvfpQbmyqgIqJUKQ6EI_ z3Kb^{x*`ac85<7tTr4c=D8l+vh;sis^ke7;i+%?z-7-b4lgpUsWoR>*MaU0=D^t30 z18~$t3BKtP%Yt-+P7Y89J{H(GMQC{lQmSaO0DedGz9baXSOcy3q=6B&|PKBwXTw)A(l zLwr9OTymu&N;nAav zHgp1=@JrSc0N~*^7OLqH+I6x$CI36IE}M~E2-PD4n&Owz1zi8B&|gl*brZIHJW@^u zB4u3_TTUn^`6+sUuE*LjxC#50zW^PSeasYyUSybu4jr0)ORbXM;vR+ z^{SWs?HT&PDo8~--MW{P?GlAS+Pw>2AgQ_nN(9soCkJJwAWOc-m4vcI)LO1;&C;)A z%GyWdB-b=pfDU7IIw5>g;S>-$hyoF=A}JHK&+y>D(9n;Q2y&AH20eWgKuQW8*3hs+Z7T>NZvu6~ ze0HPmyUD@DRC8=}z^Z(w4+*sz9+*jd0F`1ABP~NH<=75HYkGs5AQ&%SK9g5P!9*K4 z<9tg$JYpSYh-GkChoxN3#b2ckU=V7!k!mS^yLZyI=X!FW5GZ&VG`h_A0f{$I9#TPD zoqm2&rg*GdxBPJyIqpjq1W4~3K$gKD2U<`7?3p#)Y!R0yXsSmMlf?8wt!TKQv9kEI zKL^hEUh7%5csv+Qt%q^2B}r$$)AfVmSUe2;dYY5RV}@zi+fS-g3x0Uq3K%RJYzu3Aw&I*k61jm=UWt$Z1H|Ly^M!j(bKEHAH;j;2cHZMPT8uqIbzZPM1d^i`qrd+zpH{YJYJmihKFpXR}rKb%>TdldCO|2sywvmwli_}k)0wL9g zuUKPSj91}x@~x{^Tdm)(Vq?(2jC#GBZSiXaTs$CN^ltS7%Gp(#6$f?NlzVQhPHiHG z%Jfr$DdtUDCMW8a@TI8PNbI=0-?S~`!_-g7{T5Oj^@@ugv0h;i345^Obz z0qeHQTJ=-F&#B{R+{B&`JO}oH_9dFX#h?P>xC15|5s1_3BI4}IIAXj^Ss;6$c0tz>#l%ZEVvF&GqD>ZkH5+%R z4nkHjtOv0%Q?_F`)%*fS{bkrXWICR*79(0HSNYoSoJlM3x(T*?`hG{}Q!l)mDATS* z(J9rXRzv%LtARFV#ynx-!&wrR)<7J@P!Bw<8(UgY(|S_9V7G^j3qxP zgr#X87kA#IqO(20X|95-=wsxcNz-;SJW(B~-;GDMujwL)?!mx6eL5|=1*f-n~MUIjm9pBL9*SehS z?Uglq`;u&6Nx6!}$5exxHs0n>%rv|2=Fj7Bo$zk`v$F*EZOgc!7L|O^KrWq@Bd!FX z3RyF~apT^dR%?4jZ!jfq%%a!*(we2zS$2yTCvGUbh?xylA%;>57Kj$BHZi*akp^i8 zgc6mMyremuypDRs%Y?~wxwLyDWNEKiV@mrm#dRgD302>2bz%-s3C0>zshi-0xP#+C zU$DB;{uA$pE#!wt`w=zc@kGxxdRAtUf2y*U4Di7L%6!(WOl$AAfz&)-cOkD0C&%ziuPA!+;P3RfucfEcuXUUCjtfNa;Ij>vy@ln!s zEb^~hxpMteNgXl=u^uRwA*gVd*3T6`sAsmC!~P&We);=Hbt*rK};88 zym;;myC);$QgLOP6R;msTO2xtLGKrm;0x$@v9{T`|($mYAkskOwgP>B7 zWu1sxG^T?)nkoEt>=@ZeRZ3-8>W=s8@WJJj5mKojO;IodH*k{B2Xd05&Y!QP$(aoY z0ZOIL6#)$&l8tu(g8Ob}Af{wueq+TQC}R>sG|}mM#|*Mgq#=AN_CpPOr;X9W6X~gH zY@w#))*xq8?@lhv*J1JxsDMi<9l6VlLUp`pW~0pLg810iqM;2?gY;mNcVmc{E#K?T zW1b~2X1bnst&h&%m5q$4cT0Jd4~}!>NXMGv*5YmUt9J+X6S8rRClI8uX@G_HpTn8P z4Y^K^;pC(#mkw38XyjsJRRW`nsOsu{$*v{8mAjMz+u^tIf&)Zpu;QZQEH=xiQAJed zLmE0-&CeV^TIYd!iJ_5O@w+WdsJ#3WO>6wFZFEhRw!Spr`I5x+oEE%k@|#B&Tkls8 za!HRK9Zc`a9s(>t)P0^|afeg}H=TEhaXXn8nTW0cB@!Dzw7i{jpTzb&m$l?DchoNH zuW}2&YL|Ub^^RO>VE7+F$QGN!Hlz&UPo3zE#m@! zi8AmY7BT@=(c#1oQd_2c!B3Z7KG*Ed?J~k;aj)IK!_;29_!eB6mze@#OW0_js3Xfl z4#YQhcbC-u6fU-FPu;6rk&vW<4%Ifq2d*b`RDlGZyCuy9!M#4~4J(kOWT>{*lvAtz62D}F0hvAEKtN%%N) z1I8k>g7=46_C|rt*Rs8SNb)+(ArGgO01;g}Z9aRz1@oZ&jxVTvcK~iKp zf$hL0aUGHOlBiRO0|AK+2V_RHa^U52DKW9+qwiBmN1J;0TY4MFFTQz!hnQmcaefMG z^u^1U8!;Y?3XM&myX>My_uWO;SL&IVc+;QH_u<~61sv3tx8op086I$80t9)DnZg0u zO0IguH=7Z_NR9-oPR9S>0S;WEj4aOMDTwf0zb+Q0S%cf; zGYE7@PX2=QO(zoMb#e3-$Hspb7y6%I5ETDsFv!$inJQ3P(I8#L4Su8T4D8I096lh? z$iGURWlUz=(nFJQPbBr$g9r6b#+>QT$jIsD-pOA#%ly|g^S_+k zisY1CQ_Rx@D$#?j^ONp3zoiGdPy&xf?b*+LBfm=0y|eVX!iXj)Cawa4fKo5U2Z*^S zq&cGBY{+>^kTUrQu!7i(6GOzNM-pTNAd6(eL0hXHNOH2vYpFH^*@esgf#@%E?_gY&%1#YbP zhiL}(*ez!4&?W;5W$V;-$eD-;kD&9jMzJz9U|s=V39`h{RFX7z2Ws!D26cP5HTE| zj-K7f2l`#VPFf5MOr40?@S#D_{x1b==f=ba3eqT#{%uE%( zVMcQ4!n=>6jOqZTZ&O7#E@9(&ls~&Z5w(fe^=|-#I``8+Rn=bU^#pu^Ve0!%%VuMv7}~UW>fA9H*Q^|zpwc;8wYLo_P&1h>}&VF zPpKz3u#;iVX0A{U^lB03kMx!pf-uzHi2GJX zMy)5?;?SLiG4wP&th;h{o)&kKLoXdXCX=>RB1Pw|?Ya~;lp#|i>UsOW9O9|gsjRri zs9fG1>I+S;E{?IuOE3cD#$>Op_k;G!KMH}Zdw<^xjZ3g4{p1d_Nw#{BnIgLwDs&JDo3gU zRvuUehUrZbne(j%?pxgzm$d^kI}-qKU8VCM-)xeE@L{2E6IA{{E86abjs^g{)| zD12@EhaoaIuCb7$FD+!)5Px9n?2+mZ&q_%NYZJoTM5475`W74!$()|tJ|7>thRLU} z%XmgQ3S|qr$3Z7nvM!fkbC1s6Yj1;$ZrQRHJPG@Cvx6b3D@+)Ue`lSo*ORBjS3$V! z-NU`37S(y1pmPEOJT4%g-zl@mnSp!&Ux$ZzI3R>a;O*f^s1WtE)Pa?Q*kOjz;)W=+ zPoPd0J*+mLoIzTKwaG0#{t9cu3iV84^Nk)g3dtR5Q`iM=py}d?)t)0^G<|^^bG&ucP&KP&BeaplrjSc0rlkG*C0#>O zh;^ex_vyHh?5CSINU54DD=P_{gRLKfxSXmY5;a+GzAYtZ-u&vXbL9;l2*CgNqj}-A zrJahv)E`4kcD#E<%%tj~K-)MLz`NeF^XIw%A1+Z{?*>0E47JfxqBt24|IBsRv}Oz^ z_bY+qG&}A;9#YJ1fAGL9yntV9oNRntNJ;*MFmlAE=4%=GNIf|)PKUTJ%dUTmW+{jt zy Date: Thu, 16 Mar 2017 12:53:19 -0700 Subject: [PATCH 04/62] new custom ti experiment content --- ...ows-defender-advanced-threat-protection.md | 150 ++++++++++++++++++ 1 file changed, 150 insertions(+) create mode 100644 windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md new file mode 100644 index 0000000000..7646225ba9 --- /dev/null +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -0,0 +1,150 @@ +--- +title: Experiment with custom threat intelligence alerts +description: Use this end-to-end guide to start using the Windows Defender ATP threat intelligence API. +keywords: alert definitions, indicators of compromise, threat intelligence, custom threat intelligence, rest api, api +search.product: eADQiWindows 10XVcnh +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: mjcaparas +localizationpriority: high +--- + +# Experiment with custom threat intelligence (TI) alerts + +**Applies to:** + +- Windows 10 Enterprise +- Windows 10 Education +- Windows 10 Pro +- Windows 10 Pro Education +- Windows Defender Advanced Threat Protection (Windows Defender ATP) + +[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.] + +With the Windows Defender ATP threat intelligence API, you can create custom threat intelligence alerts that can help you keep track of possible attack activities in your organization. + +For more information about threat intelligence concepts, see [Understand threat intelligence concepts](threat-indicator-concepts-windows-defender-advanced-threat-protection.md). + +This article demonstrates an end-to-end usage of the threat intelligence API to get you started in using the threat intelligence API. + +You'll be guided through sample steps so you can experience how the threat intelligence API feature works. Sample steps include creating alerts definitions and indicators of compromise (IOCs), and examples of how triggered custom TI alerts look like. + +## Step 1: Enable the threat intelligence API and obtain authentication details +To use the threat intelligence API feature, you'll need to enable the feature. For more information, see [Enable the custom threat intelligence application](enable-custom-ti-windows-defender-advanced-threat-protection.md). + +This step is required to generate security credentials that you need to use while working with the API. + +## Step 2: Create a sample alert definition and IOCs +This step will guide you in creating an alert definition and an IOC for a malicious IP. + +1. Open a Windows PowerShell ISE. + +2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. + >[!NOTE] + >Make sure you replace the `authURL`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + + + ```syntax + + $authUrl = 'Your Authorization URL' + $clientId = 'Your Client ID' + $clientSecret = 'Your Client Secret' + + + Try + { + $tokenPayload = @{ + "resource" = 'https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + + "Fetching an access token" + $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload + $token = $response.access_token + "Token fetched successfully" + + $headers = @{ + "Content-Type" = "application/json" + "Accept" = "application/json" + "Authorization" = "Bearer {0}" -f $token } + + $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + + $alertDefinitionPayload = @{ + "Name" = "Test Alert" + "Severity" = "Medium" + "InternalDescription" = "A test alert used for demonstrating the WDATP TI API feature" + "Title" = "Test alert." + "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was riggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled" + "RecommendedAction" = "No recommended action for this test alert." + "Category" = "SuspiciousNetworkTraffic" + "Enabled" = "true"} + "Creating an Alert Definition" + $alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + "Alert Definition created successfully" + $alertDefinitionId = $alertDefinition.Id + + $iocPayload = @{ + "Type"="IpAddress" + "Value"="52.184.197.12" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + "Creating an Indicator of Compromise" + $ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) + "Indicator of Compromise created successfully" + + "All done!" + } + Catch + { + 'Something Went Wrong! Got the following exception message: {0}' -f $_.Exception.Message + } + ``` +4. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. + + Example message: + ``` + Fetching an access token + Token fetched successfully + Creating an Alert definition + Alert Definition successfully created + Creating an Indicator of Compromise + Indicator of Compromise created successfully + All done! + ``` + If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script. + + ``` + $webclient=New-Object System.Net.WebClient + $creds=Get-Credential + $webclient.Proxy.Credentials=$creds + ``` + +## Step 3: Simulate a custom TI alerts +This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert. + +1. Open a Windows PowerShell ISE on the machine you onboarded to Windows Defender ATP. + +2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to the demo IP that will raise an alert based on the custom alert definition. + + ![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png) + +## Step 4: Explore the custom alert in the portal +This step will guide you in exploring the custom alert in the portal. + +1. Open the [Windows Defender ATP portal](http: /securitycenter.windows.com/) on a browser. + +2. Log in with your Windows Defender ATP credentials. + +3. The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack. + + ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) From ac3f9a8101203d80ab5d9407336bb7712707117a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 13:30:33 -0700 Subject: [PATCH 05/62] add experiment topic to toc --- windows/keep-secure/TOC.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index 82fea36b85..0d74235cc1 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -778,6 +778,7 @@ ##### [Create custom threat intelligence alerts](custom-ti-api-windows-defender-advanced-threat-protection.md) ##### [PowerShell code examples](powershell-example-code-windows-defender-advanced-threat-protection.md) ##### [Python code examples](python-example-code-windows-defender-advanced-threat-protection.md) +##### [Experiment with custom threat intelligence alerts](experiment-custom-ti-windows-defender-advanced-threat-protection.md) ##### [Troubleshoot custom threat intelligence issues](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md) #### [Check sensor state](check-sensor-status-windows-defender-advanced-threat-protection.md) ##### [Fix unhealthy sensors](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md) From ca0278ee922d1632d060d7115b54294e5366b649 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 14:47:47 -0700 Subject: [PATCH 06/62] change code block --- windows/keep-secure/code/example-script.ps1 | 60 ++++++++++++++++ ...ows-defender-advanced-threat-protection.md | 72 ++----------------- 2 files changed, 65 insertions(+), 67 deletions(-) create mode 100644 windows/keep-secure/code/example-script.ps1 diff --git a/windows/keep-secure/code/example-script.ps1 b/windows/keep-secure/code/example-script.ps1 new file mode 100644 index 0000000000..8fb4bf9dbd --- /dev/null +++ b/windows/keep-secure/code/example-script.ps1 @@ -0,0 +1,60 @@ +$authUrl = 'Your Authorization URL' +$clientId = 'Your Client ID' +$clientSecret = 'Your Client Secret' + + +Try +{ + $tokenPayload = @{ + "resource" = 'https://graph.windows.net' + "client_id" = $clientId + "client_secret" = $clientSecret + "grant_type"='client_credentials'} + + "Fetching an access token" + $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload + $token = $response.access_token + "Token fetched successfully" + + $headers = @{ + "Content-Type" = "application/json" + "Accept" = "application/json" + "Authorization" = "Bearer {0}" -f $token } + + $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" + + $alertDefinitionPayload = @{ + "Name" = "Test Alert" + "Severity" = "Medium" + "InternalDescription" = "A test alert used for demonstrating the WDATP TI API feature" + "Title" = "Test alert." + "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was riggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled" + "RecommendedAction" = "No recommended action for this test alert." + "Category" = "SuspiciousNetworkTraffic" + "Enabled" = "true"} + "Creating an Alert Definition" + $alertDefinition = + Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) + "Alert Definition created successfully" + $alertDefinitionId = $alertDefinition.Id + + $iocPayload = @{ + "Type"="IpAddress" + "Value"="52.184.197.12" + "DetectionFunction"="Equals" + "Enabled"="true" + "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } + + "Creating an Indicator of Compromise" + $ioc = + Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` + -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) + "Indicator of Compromise created successfully" + + "All done!" +} +Catch +{ + 'Something Went Wrong! Got the following exception message: {0}' -f $_.Exception.Message +} diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 7646225ba9..661720f446 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -43,73 +43,11 @@ This step will guide you in creating an alert definition and an IOC for a malici 2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. >[!NOTE] - >Make sure you replace the `authURL`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + >Make sure you replace the `authUrl`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + [!code[ExampleScript](./code/example-script.py#L1-L60)] - ```syntax - - $authUrl = 'Your Authorization URL' - $clientId = 'Your Client ID' - $clientSecret = 'Your Client Secret' - - - Try - { - $tokenPayload = @{ - "resource" = 'https://graph.windows.net' - "client_id" = $clientId - "client_secret" = $clientSecret - "grant_type"='client_credentials'} - - "Fetching an access token" - $response = Invoke-RestMethod $authUrl -Method Post -Body $tokenPayload - $token = $response.access_token - "Token fetched successfully" - - $headers = @{ - "Content-Type" = "application/json" - "Accept" = "application/json" - "Authorization" = "Bearer {0}" -f $token } - - $apiBaseUrl = "https://ti.securitycenter.windows.com/V1.0/" - - $alertDefinitionPayload = @{ - "Name" = "Test Alert" - "Severity" = "Medium" - "InternalDescription" = "A test alert used for demonstrating the WDATP TI API feature" - "Title" = "Test alert." - "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was riggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled" - "RecommendedAction" = "No recommended action for this test alert." - "Category" = "SuspiciousNetworkTraffic" - "Enabled" = "true"} - "Creating an Alert Definition" - $alertDefinition = - Invoke-RestMethod ("{0}AlertDefinitions" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($alertDefinitionPayload | ConvertTo-Json) - "Alert Definition created successfully" - $alertDefinitionId = $alertDefinition.Id - - $iocPayload = @{ - "Type"="IpAddress" - "Value"="52.184.197.12" - "DetectionFunction"="Equals" - "Enabled"="true" - "AlertDefinition@odata.bind"="AlertDefinitions({0})" -f $alertDefinitionId } - - "Creating an Indicator of Compromise" - $ioc = - Invoke-RestMethod ("{0}IndicatorsOfCompromise" -f $apiBaseUrl) ` - -Method Post -Headers $headers -Body ($iocPayload | ConvertTo-Json) - "Indicator of Compromise created successfully" - - "All done!" - } - Catch - { - 'Something Went Wrong! Got the following exception message: {0}' -f $_.Exception.Message - } - ``` -4. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. +3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. Example message: ``` @@ -129,10 +67,10 @@ This step will guide you in creating an alert definition and an IOC for a malici $webclient.Proxy.Credentials=$creds ``` -## Step 3: Simulate a custom TI alerts +## Step 3: Simulate a custom TI alert This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert. -1. Open a Windows PowerShell ISE on the machine you onboarded to Windows Defender ATP. +1. Open a Windows PowerShell ISE in the machine you onboarded to Windows Defender ATP. 2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to the demo IP that will raise an alert based on the custom alert definition. From 4a7ca91fc8ba1a531653325e03fd128207f5a690 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 15:17:50 -0700 Subject: [PATCH 07/62] fix broken link --- ...ment-custom-ti-windows-defender-advanced-threat-protection.md | 1 - 1 file changed, 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 661720f446..2aa8d53372 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -45,7 +45,6 @@ This step will guide you in creating an alert definition and an IOC for a malici >[!NOTE] >Make sure you replace the `authUrl`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. - [!code[ExampleScript](./code/example-script.py#L1-L60)] 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. From 8735a59010cc2fccf0d21ffcccd0a3ba61c1eeff Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 15:18:00 -0700 Subject: [PATCH 08/62] fix link --- ...ment-custom-ti-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 2aa8d53372..ff7fa5b330 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -45,6 +45,7 @@ This step will guide you in creating an alert definition and an IOC for a malici >[!NOTE] >Make sure you replace the `authUrl`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + [!code[ExampleScript](./code/example-script.ps1#L1-L60)] 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. From 3df9bc81a261878c2cb9709197d92eb3c81ee952 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 15:33:14 -0700 Subject: [PATCH 09/62] remove fetching tokens block --- ...m-ti-windows-defender-advanced-threat-protection.md | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index ff7fa5b330..b02f51a68f 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -49,16 +49,6 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. - Example message: - ``` - Fetching an access token - Token fetched successfully - Creating an Alert definition - Alert Definition successfully created - Creating an Indicator of Compromise - Indicator of Compromise created successfully - All done! - ``` If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script. ``` From 90a9d652034f99cf8fc9f164a7fc9c74fbf2da9c Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 16 Mar 2017 15:34:46 -0700 Subject: [PATCH 10/62] minor update to code --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index b02f51a68f..016f35c526 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -43,7 +43,7 @@ This step will guide you in creating an alert definition and an IOC for a malici 2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. >[!NOTE] - >Make sure you replace the `authUrl`, `clientID`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + >Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. [!code[ExampleScript](./code/example-script.ps1#L1-L60)] From 35974267cf300268d9c4f18fa80618c600656625 Mon Sep 17 00:00:00 2001 From: AssafKr Date: Sun, 19 Mar 2017 11:52:50 +0200 Subject: [PATCH 11/62] Update experiment-custom-ti-windows-defender-advanced-threat-protection.md --- ...ows-defender-advanced-threat-protection.md | 21 +++++++++++-------- 1 file changed, 12 insertions(+), 9 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 016f35c526..68d97e6aa9 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -49,20 +49,20 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. - If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script. - - ``` - $webclient=New-Object System.Net.WebClient - $creds=Get-Credential - $webclient.Proxy.Credentials=$creds - ``` - + >[!NOTE] + > If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: + > ``` + >$webclient=New-Object System.Net.WebClient + >$creds=Get-Credential + >$webclient.Proxy.Credentials=$creds + >``` + ## Step 3: Simulate a custom TI alert This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert. 1. Open a Windows PowerShell ISE in the machine you onboarded to Windows Defender ATP. -2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to the demo IP that will raise an alert based on the custom alert definition. +2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to a Microsoft's dedicated demo server that will raise an alert based on the custom alert definition. ![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png) @@ -76,3 +76,6 @@ This step will guide you in exploring the custom alert in the portal. 3. The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) + + >[!NOTE] + > It can take up to 15 minutes for the alert to appear in the portal. From 99a646f91dc2c671178b84c92b9eb7118faf21cc Mon Sep 17 00:00:00 2001 From: AssafKr Date: Sun, 19 Mar 2017 12:04:29 +0200 Subject: [PATCH 12/62] Update example.py --- windows/keep-secure/code/example.py | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/code/example.py b/windows/keep-secure/code/example.py index 7bf906738c..6203b5230b 100644 --- a/windows/keep-secure/code/example.py +++ b/windows/keep-secure/code/example.py @@ -2,11 +2,9 @@ import json import requests from pprint import pprint -tenant_id="{your tenant ID}" -client_id="{your client ID}" -client_secret="{your client secret}" - -auth_url = "https://login.windows.net/{0}/oauth2/token".format(tenant_id) +auth_url="Your Authorization URL" +client_id="Your Client ID" +client_secret="Your Client Secret" payload = {"resource": "https://graph.windows.net", "client_id": client_id, From ae90129d2faeb60696b173ef07db2d96d30b47f0 Mon Sep 17 00:00:00 2001 From: AssafKr Date: Sun, 19 Mar 2017 12:05:50 +0200 Subject: [PATCH 13/62] Update example.ps1 --- windows/keep-secure/code/example.ps1 | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/code/example.ps1 b/windows/keep-secure/code/example.ps1 index 278824d13a..6941c80627 100644 --- a/windows/keep-secure/code/example.ps1 +++ b/windows/keep-secure/code/example.ps1 @@ -1,8 +1,6 @@ -$tenantId = '{Your Tenant ID}' -$clientId = '{Your Client ID}' -$clientSecret = '{Your Client Secret}' - -$authUrl = "https://login.windows.net/{0}/oauth2/token" -f $tenantId +$authUrl = 'Your Authorization URL' +$clientId = 'Your Client ID' +$clientSecret = 'Your Client Secret' $tokenPayload = @{ "resource"='https://graph.windows.net' From 85953f874e3e864b42ff27ffb8649651847cbcde Mon Sep 17 00:00:00 2001 From: AssafKr Date: Sun, 19 Mar 2017 16:04:54 +0200 Subject: [PATCH 14/62] Update python-example-code-windows-defender-advanced-threat-protection.md --- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md index 6e63d9f1b5..d162c44a38 100644 --- a/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/python-example-code-windows-defender-advanced-threat-protection.md @@ -37,7 +37,7 @@ These code examples demonstrate the following tasks: ## Step 1: Obtain an Azure AD access token The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token. -Replace the *tenant\_id*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: +Replace the *auth_url*, *client_id*, and *client_secret* values with the ones you got from **Preferences settings** page in the portal: [!code[CustomTIAPI](./code/example.py#L1-L17)] From cd3e2c3cfb547e9147d11b1967c560b9abf32bb0 Mon Sep 17 00:00:00 2001 From: AssafKr Date: Sun, 19 Mar 2017 16:06:32 +0200 Subject: [PATCH 15/62] Update powershell-example-code-windows-defender-advanced-threat-protection.md --- ...-example-code-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md index 5574319409..c30415b0fd 100644 --- a/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/powershell-example-code-windows-defender-advanced-threat-protection.md @@ -36,7 +36,7 @@ These code examples demonstrate the following tasks: ## Step 1: Obtain an Azure AD access token The following example demonstrates how to obtain an Azure AD access token that you can use to call methods in the custom threat intelligence API. After you obtain a token, you have 60 minutes to use this token in calls to the custom threat intelligence API before the token expires. After the token expires, you can generate a new token. -Replace the *tenantid*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal: +Replace the *authUrl*, *clientid*, and *clientSecret* values with the ones you got from **Preferences settings** page in the portal: [!code[CustomTIAPI](./code/example.ps1#L1-L14)] From ea7a31af76629f23eb224a7be9c54ee370ee9f40 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 17:35:01 -0700 Subject: [PATCH 16/62] remove note from step 3 --- ...ows-defender-advanced-threat-protection.md | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 68d97e6aa9..21c1334a1e 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -49,14 +49,15 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. - >[!NOTE] - > If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: - > ``` - >$webclient=New-Object System.Net.WebClient - >$creds=Get-Credential - >$webclient.Proxy.Credentials=$creds - >``` - + NOTE: + If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: + + ``` + $webclient=New-Object System.Net.WebClient + $creds=Get-Credential + $webclient.Proxy.Credentials=$creds + ``` + ## Step 3: Simulate a custom TI alert This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert. @@ -78,4 +79,4 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) >[!NOTE] - > It can take up to 15 minutes for the alert to appear in the portal. + > It can take up to 15 minutes for the alert to appear in the portal. From 962c7972a40bf735e6ce8a83454579043c813ce3 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 17:36:31 -0700 Subject: [PATCH 17/62] add note --- ...-windows-defender-advanced-threat-protection.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 21c1334a1e..b2255384e5 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -49,14 +49,14 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. - NOTE: - If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: + >[!NOTE] + >If you get the exception “The remote server returned an error: (407) >Proxy Authentication Required", you need to add the proxy >configuration by adding the following code to the PowerShell script: - ``` - $webclient=New-Object System.Net.WebClient - $creds=Get-Credential - $webclient.Proxy.Credentials=$creds - ``` + ``` + $webclient=New-Object System.Net.WebClient + $creds=Get-Credential + $webclient.Proxy.Credentials=$creds + ``` ## Step 3: Simulate a custom TI alert This step will guide you in simulating an event in connection to a malicious IP that will trigger the Windows Defender ATP custom TI alert. From 64dc3057b92b6bbf6242f58f406c1077a8ddf405 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 17:37:32 -0700 Subject: [PATCH 18/62] remove > --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index b2255384e5..6a96701a1a 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -50,7 +50,7 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. >[!NOTE] - >If you get the exception “The remote server returned an error: (407) >Proxy Authentication Required", you need to add the proxy >configuration by adding the following code to the PowerShell script: + >If you get the exception “The remote server returned an error: (407) >Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: ``` $webclient=New-Object System.Net.WebClient From 02f8f7201d3eed4b60a1c7370ff38ad2f0c0983f Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 17:50:16 -0700 Subject: [PATCH 19/62] add screenshot of running script --- .../keep-secure/images/atp-running-script.png | Bin 0 -> 9560 bytes 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 windows/keep-secure/images/atp-running-script.png diff --git a/windows/keep-secure/images/atp-running-script.png b/windows/keep-secure/images/atp-running-script.png new file mode 100644 index 0000000000000000000000000000000000000000..ebfdebadc55c8c4b0d41e4a45516575cfbf26793 GIT binary patch literal 9560 zcmb`N^+QzAxAq4?DM1?PknV0Ihwkp~W`H3FB&1V78l;{NDTC z`v<%~05fa$oWt3B?X{lgb54wgnmiT;DFz4x!ctU_)dGQ@fPvR8XwQJ(Hqt{xz#nuE z1w$_o2zvnWgOtvSO$G!}y%kl#s6UViK|D`*=3~qMg}?^hQa;`e?hsH#?U(`(dhQK` zWNp2yA&ws2j_z(Cd~}*uKpX=RmvQ&-hdA0hc!R26jEMkI?0->+ttDb8wYQ_IEr|d6 z1v>BvI^q*;cRO!iONcGV)Z-B`9P{779lfkwEP^Gfc+a)z#L`8+0}Hz88o+Lk!b#^mefYeLR_A1c9hQin3BV ze!0haAs&Rb*{8iGG^{zYT}X5|b7S=VmkcRrTGl%wLI;-msVpzH3nZS-|=VG(GuKdn3O_A8a>xUvw7n)p@+>Xz+DJ6}P`kZ4g;Bl|D zbK_)ot$Z>`GB`*=_dQ+SN$`64Mr!b%*ORwF^6?`qaH0qtX*8Pt+(&3B7B%8E3EK0K z4^}gBJa>7c5AAoeVzG(eZSdq$C=2jP9Oo}=`?{s(TH#Ug7D5fXdpfLOuPEt z1r9YwW!ZflHP86URD{?#NAJUC5Pr|&l=EKnq?+=R2VI5p>;AWjVSA6ll4vv$bQn<| z6bgCkp9zWwkL`T?Gs8NHlYxFbd=w}^-5boSw`*Dx#MvM9NskKjp}c$g48oQgq9$U# z9hk1`!16MQ4kRf^N-P!{Wvp_|_tbHHl;x zhJ01J9@|0OsKFb8uJxyK+T)M&MYABSU>ypxKYiv)BAk1|1k5yR;Eh7NJ@Qp$hI%id zb9sTJrCChd0)N|K#cfKA02|v~`=4`8N}0NJ$FEsu#0dkD(%T(`HLtkVuBrbNc5#KI z6H1o~eL8U=Wk`gG?x<@Tw<|TZ7G1KcOcX@LKEJ$iP~q&xR9w+_yh<3!f7{~bl%M#3 zn$M;Kn|=d>Ia+nStE)SnI}*6j#(2qRzLWKY)^%*&K}e89xj?_xRPVIkRs434SLb0i zeDev4(sA9P?11p5Vf-gslAB+I^9Az`l-kiRpdYOle(UKKcIx=&N4^=cQvs3hf`A#Z z0v}1G>_UT1JCuc{+O$!4#&24!%`G7l-5h3OPun;ToxGn3tn^w8R;ECX1;~%!q!o@N z3cl7kj+c8=6_h3_6mj24+A{@@d$%N#s0IW)t9Q1EyiFipnuCe132>$ULT&Lj2O&43 z1fk`(waUew_s3hW%thMdo6v6vh9_Y)RNAm^SgP%Eda&r*zYF*2nX-6((#)3Y>ppds%;WdD)tTYBctsr8gbRz*OZxv7?M> zo^%(k?V5=eJOH~l&aiCF9ewU5buz|Y0WIjC3aCCIsOqlE77Vr1~ zN9LA0aQJ0c&rH%rH)rWFZTwfV3|pYgM6x!NPllat^-szR&p9%2Iy=i&j^7GBIAnd= z=Ny2wcmpM6a`)A&t?D%5LJ8oQ3#|&~i~}6DPpi()jA?N+dloccrU$J@Uv9)H(EU1hnW~Cml?7@GHm*OS96OD_5wE zFRHdoiM+h<`2acTrR_flEgMnIsqP<2Zkza|GhwZ7>+Zp%C01wGqfg}m==DWqsw{p$kx11Yb`awASDQ)j{d0<~N)IYhk+3sx@JwsM|zKg-&7 z`}i#s^0>ZWblm%j)8_J&T|933YPxLTxQvxUp6O;w-e(( z*ys-&ku8MO5(t%V)+ZQsvvF$b0jtMIJ~WH!*4JdD*^KD}4Hw@6bJE6nVM#E;|B~MT zJ>f8c9A+dzJ=>l?7+Ekoso&d!A8JupCgOe(qnWbqr-CiZx!Kpl3wrowS&s)5a20!% zxcvjO=DZC;HJRcQAm~tjZmFMJTe~h4&-}#)Ym#az?AWIN-fjNYqT;%HdN9+9W=x-D z^d;|=h|g2T2ppcJ7;zXwMeaAwvKLU$M#vt1e^RAXBCRD2jFXj4>(ywxazQWE3T1%m z-_Q%=1}HpuY{Izoo0*u81W%rK>%jtbw_5tfUO%Q6`wYk6Hd@Wx@s*yQr`g%0BTO^(}h6aJ(oc-Fs{tb3i#JfO^alPO8 z@yNCoPURvN-Uu(Xi3QHu8tA-XhP> z?>r>pE;0n%$Ew~5%84puptNolEDKtMBi`)4jl&l>4ourHUR%=50cv`J}|Bs@BO7e9Y|SQ(lzW601uV;PE^9kD9)^ z^sg$jId{34NnLi6$Q#vSL=u?anM&I%7#qG#GKMMepr+|#oI7d$CMPgkiNP|Vr;SLa zQ6FOkN2y(IT2&T7+$32%P8{6_ipMuL*Hz1Ewxtc40f7X_1$apQ9+U)}gu{e&JnZtf z$3Lk(fMg}{`_s@@yPmjf4kj8_FV6=Iw9MY~^&c|-M~N)Q^ha)qm8pB)tuDUg{cZQn zxt%Pv$rS04rDQwZLd}a4;)3GNDLCph?OT6GRJ!$7xE2prdZeCu=fgh-tKeDUf(E+!<%kNGy{r!s7d30{gTw%jiXB%A6LyWgt%7 z5%J74$)Q9behaMgPe-95mLx3!z#XJ`@L{R3mxFc+MK24Wq@fq7 zW2iLYS%8FUI&;0H6dQj7Xy!;P8SS0$R7VsD07A zDg{{2B7)FAD4CmRI^#vza}(Ky#38@OqXiBk_$G+kEuCHmz8v|!J>%h z4P5mtQA2SHas_84>a^BWYVg+hI80nw1nIEyU*sZgE8mMbLy`Vdr-37D8(mq@9MCw(~$XRS5s{4 z;wLp*+3)^l)fQg5KrA!JLhz)~+O3ur2-3v^FnK0VhVRSFcS486XBHjL#IqAa^0mX# z=mV!|e8b+)?P=?fMENJ}Q&fj1WELvPuzin9EKw2rBm17=R%05Tu9+x<7iDU2;~WBqN(aTVXKoGi_p5%k(7cjXq(%!R7Zw-qWwXKoD)*x93p}{MrmJ>+3!7P;_@hKj9FkczJJM>=!hC$29TSZpBb3621MPz0VXKkAnlNl9}ZlZVfqdGba^J0O=KSe0A`af!((gRJe#$0J29rNshVvAegyZsc7%tZHye2I=8iaDbi z&KTi(&JcCQsd96HqfFfv`OAp^70`VKr#=r&GJ9{XN0-2WA*NX>nOv^-xRl?E*2Sg7 zo!c8UUmd=RCdmFL=N}aOoLF%Awl)&K`ba)S6RRVhm;1S+SfPM%|Mbwfqz>Ow@Avax z7Yh91PI>bNWRF=M7cH20JBL3ZE}SouCa>Lw4^n@x%!e>ZgFd#I39t$ZxtHV$D?CdiUF5(af{P z>5k+5dKl=9i3|JafUwuS-We?D<}Xu?44H@`2E4eH5)v&vBQ3MxPYlbjo>ui|I^OGG zV+uYeHze*qCl!&+UDV4I2{MKzXFQBpT)Rn+STJ0r)5fOZ@%Tmim?9I3;-%HV- zu_1MWeV^oU#r4D$!}dq?#qobVIsP zc7Ec3mA_hS{%LP-{8nX<%aA_S2O9@-b<7#4`a7~_%tZ?O^~B6R1gHFQr`ZLm;Y{_y zdByoTCi`yKFDHEQUSY$+u6sPWHL4CtPgwP2CIlUO&Jl|30-ve5>6=TdFvT`g8k_iV zy}e67By`b-yDmL_y}u&?5O?W`1Ci|wd~Ukv*Xf^o|J(yT=M9c$X*6wVzj29!IMZ_r;(0#vi4;vHGYwwE~#M)+4Xa{cXJ4d7jS z{J#+H9uCun#`ldq&&c}u6LNF@z#{&*x08>D^F5dINk&5f-@(@Vos3m(Q~!k!%#99P z=@Gxz!QQUr3^uv%80!Rf5CZY=@Y$=$!w0GTr-TBNb9`o7YR_bW?2Pi#kWHCkB5|TE zm6mM1zrLwh!)&fYPRATn?sdbO+3uq!)!YP>1%!Q!b%;&G9@%v%_zaW%>=IsPF=Ke& z^Dz)vmC+Ph{~F==9or6>eaFe!k1t5wnK2r`wwY2XMa8xATg-PAA`yi_NhOZgO#>$r+j`m$E77z z?NZxVGALKbfwG0%P5!VJ)i3?8c*8wz3?|Ap6=$qp;h`_R5#jGI35jys4zaS90UXE0 zCo?Q-C#;WIy(s)n_vSp$M%*-PTbP<5L<{SGNGaWz`(}MhHqW34k@buLTM8Gfg!=TJ zMXS;w!dAVDBuj|M)`Gwhd(Rb1tGS~>%r}F``jc~v22pz6!pF|au5>_*91NeX`!>AW zKVt(Ga%b=pHSxabwhT=qpxLvx+q4wk}Mj@ho$mKCar)h5+HqO+0&2vji-+`@rB?42(Cf@T?il) zSrPunyKfAa77u!qmeFze^*NklyKFJ*O*-s=%6{w5wDZ1)h5qQzYqyHivXU3avhQ`x zjm!H+S%_XvaKrye!AZu2b`;Gd`b(-fGFy|y?MHH5UimF9XFx9@zswPQ%c9jWAzk9l z5F7M@HpDt2{r!I%;i@U)%3$p^T>S6#Zyrs_(TMgdh|f=G86y-b%sb2Hat6QFvcie0 zvz?~2rQLj^=f^gp9aULN_|m&>* zB6vlFM1r;EOA7NSM)E8usaqpiiiu2p(dGpXz|MEA95gy6i|rm| zNrA@?95^~i$f6!%bin&*e=hXTB6h3 z$G@BSwnV0k>IW#8pyysv2GR;4+6Xwe*Z0W@v8_VK>+vJ#BTOhS7~T)*Pys2elll4; z(BjcPQ>zy+i`YYU?Vd<}m%7kwGao$=EEc?p-%hM4lt-vW1}Ih+P0Shk_t;! z=bXgX@jK5iE=?k}T!E@kdB33!P%Syi_D|dmM;B+YEg=SXTSBO+MAW9>#^*c|bHKv7 zsVwP4tbB;Cx(;CteE^{Gru{+FOnza9D~vHrP@KB<^e&5gqPqeOc86uRDnMC)y0E$J zsczx3-de=Dl!VoTQILv#ZbUs<_c0$ISPfbi=h#uo?x$Jy*IU7}m}}HOWB6_;Rfi=e zao1{Xr6$oZ_R$2aB3GG36>&S`tCMRhM~y!=R?z`WKxANtuH z0q6^Ps{I3+dc+MswdeE>oPHD5?9`4nR87k>VD&JT{oE|V`!UJernb5wR+b@u_ky|4 zF>>#(S_$yVr_)*}ffQu<%eF_?RCJt<{aT zs9~QEr#wN)C&r^WXcEc`UvuY_>B%$oKM7keKLz9nGH0gV+htkFUsfvnsoXo``T*r7 zy)ny6m`&ohprZTyCa2(I8 zNU?SqtoP3w(01^oNBV{sm>MpImBh#BRq6em!w1{yUhN4G!B~yMtk!T7?f4`&m5I?~ zP*@(s_9yNGQry8~134-FTnt`FLi3n0pytv7rx4nB$Dh9++H2tc2m7yMlK*NP7>rR8 zU#)%Aa5{%Hv^cT{D9e*Remq-!gRaPDA&5shWV9^$9dACq$@~= z%czMEqCgFdkt&;=SHx%gx1K1n@|{yYiY2HuiSjRJ?Wfn(QOHv?U#la~zaZ6taNL^d z^!gHWV(X5kjg$SS^X|ZY0aLEAqIm5$!?A&- z)EakE#g-3a2p2r~`V?<9Y&DA!Cs}tC>3U^=f^Y`m)mVUsU1T?c;q{T(AFlk$9gxZ+OnsrH|Zl> zez;(tk-mZEfpSuk?0f&dK za4f2WKUeiZL1L@ynh4PEtivDP|BWs{n1pzVV?g0YBuh>HN78@oT?G_<@(=7;dqj(( zY0KT`WoZo`J=W7`7Z)Jt#k&5x^$!yJLj;pBaL|-?n@K}Bv+DkS$A+FV*tBsS&DiS` zu(aa8lhiRJDpoVLL9hwdM*=c-8}CBLLU1ON7dj0xWz>i0(c_p%;JD8@x1lGJ%GB5t zLqKK|k%!S<)>WXev^p>LkdGd3U9JlwE49PAY}Kh4y|=G)8MdJgk7bZRZS zL9Z7#>hsCj?^FlvRCm%3J#-<~*|$UIs^>C2?tA!MjQfLfUp851Vf{~9enKLY;?vp^*^V>q8sB?@4ZCb4APBiG|N8XPtkB0UW~2>#LbJo$b#Q#>TX?co99r2L?9k znR~-&cS?Dz3sY2njz)Weh zQ-sU3n`Y%aet!tOn-jQnkU&l2Zr#fGX#!>dzu-bn2)qzx_3mFSTy8;C#|#-gA3n?p zQ?$RlEjq#CYo9NSE7{+PK5LopLTdi|{U%K}d0ULZzB6Lo_=>GMq3YH@4BhRsL`zbi z_eQu}1#w%dGtf6(03?t-dMu*jmh|>P+f9FG=kKeA=ouDkIe3lSKAA}$@p3P_mSSyf z%~E=$QkR1_a$i=c)1 zL5-g)wM!Cl71*%Jj;0AvS#`(19O0uGAP@>M;#mO1sUw0hfP}yXb^;Wx-ELa4>~g;! z&tsR`R%8kGsRrzsCU93AHk{hS>V&CxRQrVkP|)V6&}WmI z!S2GZR|=16F>f{ok&eAAn+=oyq(u zcbCYVJry%*3lMahkCItQme{vDICz)>HA-kS;n_%r+Q5wlWD@u7pgX25<*v>|B;Y#H zM}q)Ns(c}rhS1734mg4Eu~pq=4GHUY9;!MzFz^t=ZE`b=X~YOooouM_0^us&j-O5x zs@+NxKe1kb3fstOQXv8eR2wP45k@;LcI;Yp{QF-qlL;T;2M_WlhnwXR21sPE!sz1^ zu9{o79+7T1k3UwJzG<#8#J6*~A^oOQ4HnHq5$CtkZ36E7NRND=`>CY)eJ$0~?Nr%M z^LR6WB%TK|;WZ>k>>-08CpoT0RpNcevkZ#~s&~I{I4b;2APjflR}F<4s;7!Z;1m>b z1Sa8O^Tdw*e;{sFq|FT5bEvVCam!dymS;1B7*(eoW%BrD-6!Ls_A?ssHlN_{R9hKZ z^nfQgGo<(8N{B-JoQ{0f9&pno`EW_ilDgZMQOa=yBysN_jy73j1&>k8$`kwBG>JX9 zRMb`Wc!ew9b>dzitip)LfacEDzUYv(OQYfskzKQ2TNqG@e@>l*X!KnA>uo@JDj`-4 zfa3B*g-~0mucOeLG7)ne4!XTCM1Zf%xxS1e@UQ_H_gDmtES-C9q&yF(B~pR461ykq zg#?xDNB2Jn5->RHcY8UKKAjkrkC=6mPfIA^_9dgV7%#gPFWh7Y@V9%}KJ%o-N!7^S z3Zm|sq#vE`529BU{9u4aeR+(#B7-?N*MQxf+1J~EM@8Cjo;>| Date: Mon, 20 Mar 2017 17:50:24 -0700 Subject: [PATCH 20/62] add image to step 3 --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 6a96701a1a..cb99281b6b 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -49,6 +49,8 @@ This step will guide you in creating an alert definition and an IOC for a malici 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. + ![Image of the script running](images/atp-running-script.png) + >[!NOTE] >If you get the exception “The remote server returned an error: (407) >Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: From c0a7ad5a50c5cee6e753c7a2aa7ea6adcef84e57 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 17:59:52 -0700 Subject: [PATCH 21/62] fix note and spacing --- ...custom-ti-windows-defender-advanced-threat-protection.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index cb99281b6b..b553018087 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -42,17 +42,17 @@ This step will guide you in creating an alert definition and an IOC for a malici 1. Open a Windows PowerShell ISE. 2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. + >[!NOTE] >Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. [!code[ExampleScript](./code/example-script.ps1#L1-L60)] - 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. ![Image of the script running](images/atp-running-script.png) - >[!NOTE] - >If you get the exception “The remote server returned an error: (407) >Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: + NOTE:
+ If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: ``` $webclient=New-Object System.Net.WebClient From c5440ec945ad137ad3c3b091d21fdc3b7396659d Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:04:20 -0700 Subject: [PATCH 22/62] update wording to code --- windows/keep-secure/code/example-script.ps1 | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/code/example-script.ps1 b/windows/keep-secure/code/example-script.ps1 index 8fb4bf9dbd..e6563c2378 100644 --- a/windows/keep-secure/code/example-script.ps1 +++ b/windows/keep-secure/code/example-script.ps1 @@ -26,9 +26,9 @@ Try $alertDefinitionPayload = @{ "Name" = "Test Alert" "Severity" = "Medium" - "InternalDescription" = "A test alert used for demonstrating the WDATP TI API feature" + "InternalDescription" = "A test alert used to demonstrate the Windows Defender ATP TI API feature" "Title" = "Test alert." - "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was riggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled" + "UxDescription" = "This is a test alert based on a sample custom alert definition. This alert was triggered manually using a provided test command. It indicates that the Threat Intelligence API has been properly enabled." "RecommendedAction" = "No recommended action for this test alert." "Category" = "SuspiciousNetworkTraffic" "Enabled" = "true"} @@ -56,5 +56,5 @@ Try } Catch { - 'Something Went Wrong! Got the following exception message: {0}' -f $_.Exception.Message + 'Something went wrong! Got the following exception message: {0}' -f $_.Exception.Message } From 659764aff7bf0ee8f8e9799d74a8eacee2faa17f Mon Sep 17 00:00:00 2001 From: jcaparas Date: Mon, 20 Mar 2017 18:05:15 -0700 Subject: [PATCH 23/62] Update experiment-custom-ti-windows-defender-advanced-threat-protection.md --- ...ment-custom-ti-windows-defender-advanced-threat-protection.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index b553018087..0af9bbd37e 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -47,6 +47,7 @@ This step will guide you in creating an alert definition and an IOC for a malici >Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. [!code[ExampleScript](./code/example-script.ps1#L1-L60)] + 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. ![Image of the script running](images/atp-running-script.png) From 7341365ab52be71e54e37746177eaa24f7f83565 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:13:16 -0700 Subject: [PATCH 24/62] fix note --- ...stom-ti-windows-defender-advanced-threat-protection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 0af9bbd37e..6f82717c6a 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -43,16 +43,16 @@ This step will guide you in creating an alert definition and an IOC for a malici 2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. - >[!NOTE] - >Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + NOTE:
+ Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. [!code[ExampleScript](./code/example-script.ps1#L1-L60)] - + 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. ![Image of the script running](images/atp-running-script.png) - NOTE:
+ NOTE:
If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: ``` From 21115fb9340dfe47d3deb0efa8f92ff54486fb5e Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:21:22 -0700 Subject: [PATCH 25/62] fix alignment --- ...ows-defender-advanced-threat-protection.md | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 6f82717c6a..76916835f4 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -43,17 +43,17 @@ This step will guide you in creating an alert definition and an IOC for a malici 2. Copy and paste the following PowerShell script. This script will upload a sample alert definition and IOC to Windows Defender ATP which you can use to generate an alert. - NOTE:
- Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. + NOTE:
+ Make sure you replace the `authUrl`, `clientId`, and `clientSecret` values with your details which you saved in when you enabled the threat intelligence application. - [!code[ExampleScript](./code/example-script.ps1#L1-L60)] + [!code[ExampleScript](./code/example-script.ps1#L1-L60)] 3. Run the script and verify that the operation succeeded in the results the window. Wait up to 20 minutes until the new or updated alert definition propagates to the detection engines. - ![Image of the script running](images/atp-running-script.png) + ![Image of the script running](images/atp-running-script.png) - NOTE:
- If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: + NOTE:
+ If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: ``` $webclient=New-Object System.Net.WebClient @@ -68,7 +68,7 @@ This step will guide you in simulating an event in connection to a malicious IP 2. Type `Invoke-WebRequest 52.184.197.12` in the editor and click **Run**. This call will generate a network communication event to a Microsoft's dedicated demo server that will raise an alert based on the custom alert definition. - ![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png) + ![Image of editor with command to Invoke-WebRequest](images/atp-simulate-custom-ti.png) ## Step 4: Explore the custom alert in the portal This step will guide you in exploring the custom alert in the portal. @@ -79,7 +79,7 @@ This step will guide you in exploring the custom alert in the portal. 3. The dashboard should display the custom TI alert for the victim machine resulting from the simulated attack. - ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) + ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) - >[!NOTE] - > It can take up to 15 minutes for the alert to appear in the portal. + >[!NOTE] + > It can take up to 15 minutes for the alert to appear in the portal. From 37ce2c4265dad0ea790f0b117aa1fddeda4d4195 Mon Sep 17 00:00:00 2001 From: jcaparas Date: Mon, 20 Mar 2017 18:26:17 -0700 Subject: [PATCH 26/62] remove space --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 76916835f4..55ef7e06a9 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -82,4 +82,4 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) >[!NOTE] - > It can take up to 15 minutes for the alert to appear in the portal. + >It can take up to 15 minutes for the alert to appear in the portal. From 0be4746072b8a9ec824cfb064c2ea414c2cbb114 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:32:58 -0700 Subject: [PATCH 27/62] note --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 55ef7e06a9..76916835f4 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -82,4 +82,4 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) >[!NOTE] - >It can take up to 15 minutes for the alert to appear in the portal. + > It can take up to 15 minutes for the alert to appear in the portal. From 7e3be9134c86040c678a895c4d839030d1fbe257 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:44:06 -0700 Subject: [PATCH 28/62] note --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 76916835f4..a434d3dc8f 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -81,5 +81,5 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) - >[!NOTE] + > [!NOTE] > It can take up to 15 minutes for the alert to appear in the portal. From 36e430e88ac4273f40c7f72fd8d9971745abd813 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Mon, 20 Mar 2017 18:49:15 -0700 Subject: [PATCH 29/62] add syntax --- ...ent-custom-ti-windows-defender-advanced-threat-protection.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index a434d3dc8f..58b80ff78d 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -55,7 +55,7 @@ This step will guide you in creating an alert definition and an IOC for a malici NOTE:
If you get the exception “The remote server returned an error: (407) Proxy Authentication Required", you need to add the proxy configuration by adding the following code to the PowerShell script: - ``` + ```syntax $webclient=New-Object System.Net.WebClient $creds=Get-Credential $webclient.Proxy.Credentials=$creds From 8f10d00c003431113b81cd6daa0221623e9bdde6 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Tue, 21 Mar 2017 10:19:59 -0700 Subject: [PATCH 30/62] cred guard edits --- .../credential-guard-considerations.md | 10 +- .../credential-guard-how-it-works.md | 18 +- .../keep-secure/credential-guard-manage.md | 45 +- ...redential-guard-not-protected-scenarios.md | 21 +- .../credential-guard-requirements.md | 16 +- .../keep-secure/credential-guard-scripts.md | 2 +- windows/keep-secure/credential-guard.md | 924 +++++++++++++++++- .../credential-manager-known-issues.md | 2 +- 8 files changed, 987 insertions(+), 51 deletions(-) diff --git a/windows/keep-secure/credential-guard-considerations.md b/windows/keep-secure/credential-guard-considerations.md index 2e8153173f..01b80bc01c 100644 --- a/windows/keep-secure/credential-guard-considerations.md +++ b/windows/keep-secure/credential-guard-considerations.md @@ -15,6 +15,14 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 +Prefer video? See: + +[![Credentials Protected by Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + +See also: +[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) + + - If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. - You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. @@ -44,5 +52,3 @@ When you enable Credential Guard, you can no longer use NTLM v1 authentication. ## Kerberos Considerations When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. - -For further information, see: [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-how-it-works.md b/windows/keep-secure/credential-guard-how-it-works.md index bf5aa31aae..480d0af052 100644 --- a/windows/keep-secure/credential-guard-how-it-works.md +++ b/windows/keep-secure/credential-guard-how-it-works.md @@ -15,6 +15,19 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 + +Prefer video? See: + +[![Protecting against credential theft](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=CAgzpKJyC_304300474) + +See also: + +[Credentials protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) + +[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) + +[Credential Guard design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. @@ -25,7 +38,4 @@ When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos Here's a high-level overview on how the LSA is isolated by using virtualization-based security: -![Credential Guard overview](images/credguard.png) - - -
For further information, see [Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) +![Credential Guard overview](images/credguard.png) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-manage.md b/windows/keep-secure/credential-guard-manage.md index 588d7e00f7..a2653dacf3 100644 --- a/windows/keep-secure/credential-guard-manage.md +++ b/windows/keep-secure/credential-guard-manage.md @@ -15,6 +15,12 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 + + + +[![Deploying Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + + ## Enable Credential Guard Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). @@ -85,7 +91,7 @@ If you enable Credential Guard by using Group Policy, the steps to enable Window > [!NOTE] -> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. +> You can also enable Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. ### Enable Credential Guard by using the Device Guard and Credential Guard hardware readiness tool @@ -110,7 +116,24 @@ Requirements for running Credential Guard in Hyper-V virtual machines - The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. - The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. -For further information, see: [Deploying Credential Guard] (https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + +### Check that Credential Guard is running + +You can use System Information to ensure that Credential Guard is running on a PC. + +1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. +2. Click **System Summary**. +3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. + + Here's an example: + + ![System Information](images/credguard-msinfo32.png) + +You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Ready +``` ### Remove Credential Guard @@ -168,21 +191,3 @@ You can also disable Credential Guard by using the [Device Guard and Credential DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot ```   -### Check that Credential Guard is running - -You can use System Information to ensure that Credential Guard is running on a PC. - -1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. -2. Click **System Summary**. -3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. - - Here's an example: - - ![System Information](images/credguard-msinfo32.png) - -You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Ready -``` -For further information, see: [Deploying Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md index 240fbc29b5..c6b43cbd64 100644 --- a/windows/keep-secure/credential-guard-not-protected-scenarios.md +++ b/windows/keep-secure/credential-guard-not-protected-scenarios.md @@ -15,6 +15,15 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 +Prefer video? + +[![Credentials not protected by Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) + + + +See also: [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) + + Some ways to store credentials are not protected by Credential Guard, including: - Software that manages credentials outside of Windows feature protection @@ -28,11 +37,11 @@ Some ways to store credentials are not protected by Credential Guard, including: - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. - Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. -For further information, see: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) +For further information, see video: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) ## Additional mitigations -Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. +Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust. ### Restricting domain users to specific domain-joined devices @@ -50,10 +59,10 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, #### Protecting domain-joined device secrets -Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user. +Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user. Domain-joined device certificate authentication has the following requirements: -- Devices' accounts are in Windows Server 2012 domain functional level or higher domains. +- Devices' accounts are in Windows Server 2012 domain functional level or higher. - All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: - KDC EKU present - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension @@ -131,7 +140,7 @@ Authentication policies have the following requirements: 2. Click **Authentication**, click **New**, and then click **Authentication Policy**. 3. In the **Display name** box, enter a name for this authentication policy. 4. Under the **Accounts** heading, click **Add**. -5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**. +5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**. 6. Under the **User Sign On** heading, click the **Edit** button. 7. Click **Add a condition**. 8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. @@ -148,5 +157,3 @@ Authentication policies have the following requirements: To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). - -For further information, see: [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) \ No newline at end of file diff --git a/windows/keep-secure/credential-guard-requirements.md b/windows/keep-secure/credential-guard-requirements.md index 88c7586bba..4d095e5eab 100644 --- a/windows/keep-secure/credential-guard-requirements.md +++ b/windows/keep-secure/credential-guard-requirements.md @@ -15,7 +15,16 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so application that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, see the tables in the [Security Considerations](#security-considerations) section. +Prefer video? + +[![Credential Guard Deployment Requirements](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) + + + + + + +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). @@ -34,7 +43,7 @@ The Virtualization-based security requires: ## Application requirements -When Credential Guard is enabled, specific authentication capabilities are blocked, so application that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. +When Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. >[!WARNING] > Enabling Credential Guard on domain controllers is not supported.
@@ -56,6 +65,9 @@ Applications will prompt and expose credentials to risk if they require: Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. +See this video: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) + + ## Security considerations All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. diff --git a/windows/keep-secure/credential-guard-scripts.md b/windows/keep-secure/credential-guard-scripts.md index afa388bb8f..5cb5a2404a 100644 --- a/windows/keep-secure/credential-guard-scripts.md +++ b/windows/keep-secure/credential-guard-scripts.md @@ -11,7 +11,7 @@ author: brianlic-msft # Credential Guard Scripts -Here is a list of scripts that are mentioned in this topic. +Here is a list of scripts mentioned in this topic. ## Get the available issuance policies on the certificate authority diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 3a6708c194..48a4a133a8 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -1,6 +1,7 @@ --- title: Protect derived domain credentials with Credential Guard (Windows 10) description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +ms.assetid: 4F1FE390-A166-4A24-8530-EA3369FEB4B1 ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library @@ -15,41 +16,936 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 -Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security (VBS) to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. +Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials. By enabling Credential Guard, the following features and solutions are provided: - **Hardware security** NTLM, Kerberos, and Credential Manager take advantage of platform security features, including Secure Boot and virtualization, to protect credentials. - **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system. -- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. +- **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. + +## How it works + +Kerberos, NTLM, and Credential manager isolate secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. + +For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. + +When Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault which are not protected by Credential Guard with any of these protocol. It is strongly recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. + +When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. + +Here's a high-level overview on how the LSA is isolated by using virtualization-based security: + +![Credential Guard overview](images/credguard.png) + +## Requirements + +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). + +### Hardware and software requirements + +To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: +- Support for Virtualization-based security (required) +- Secure boot (required) +- TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) +- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) + +The Virtualization-based security requires: +- 64 bit CPU +- CPU virtualization extensions plus extended page tables +- Windows hypervisor + +### Application requirements + +When Credential Guard is enabled, specific authentication capabilities are blocked, so applications which require blocked capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. + +>[!WARNING] +> Enabling Credential Guard on domain controllers is not supported.
+> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. + +>[!NOTE] +> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). + +Applications will break if they require: +- Kerberos DES encryption support +- Kerberos unconstrained delegation +- Extracting the Kerberos TGT +- NTLMv1 + +Applications will prompt & expose credentials to risk if they require: +- Digest authentication +- Credential delegation +- MS-CHAPv2 + +Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. + +### Security considerations + +All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. +Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. +The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. + +> [!NOTE] +> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
+> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
+ +#### Baseline protections + +|Baseline Protections | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | +| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | +| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | +| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | +| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. + +#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | +| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | + +
+ +#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | +| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | + +
+ +#### 2017 Additional security qualifications starting with Windows 10, version 1703 + +The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. + +| Protection for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | +| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | + +## Manage Credential Guard + +### Enable Credential Guard +Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). + +#### Turn on Credential Guard by using Group Policy + +You can use Group Policy to enable Credential Guard. This will add and enable the virtualization-based security features for you if needed. + +1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**. +2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. +3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. +4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Credential Guard remotely, choose **Enabled without lock**. + + ![Credential Guard Group Policy setting](images/credguard-gp.png) + +5. Close the Group Policy Management Console. + +To enforce processing of the group policy, you can run ```gpupdate /force```. + +#### Turn on Credential Guard by using the registry + +If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems. + +#### Add the virtualization-based security features + +Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped. + +If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. +You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). +> [!NOTE] +> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. + +  +**Add the virtualization-based security features by using Programs and Features** + +1. Open the Programs and Features control panel. +2. Click **Turn Windows feature on or off**. +3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. +4. Select the **Isolated User Mode** check box at the top level of the feature selection. +5. Click **OK**. + +**Add the virtualization-based security features to an offline image by using DISM** + +1. Open an elevated command prompt. +2. Add the Hyper-V Hypervisor by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all + ``` +3. Add the Isolated User Mode feature by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:IsolatedUserMode + ``` + +> [!NOTE] +> You can also add these features to an online image by using either DISM or Configuration Manager. + +#### Enable virtualization-based security and Credential Guard + +1. Open Registry Editor. +2. Enable virtualization-based security: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. + - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. + - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. +3. Enable Credential Guard: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. + - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. +4. Close Registry Editor. -## Topics in this guide +> [!NOTE] +> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. -[How Credential Guard works](credential-guard-how-it-works.md) + +#### Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool -[Credential Guard Requirements](credential-guard-requirements.md) +You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). -[Manage Credential Guard](credential-guard-manage.md) +``` +DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot +``` -[Considerations when using Credential Guard](credential-guard-considerations.md) +#### Credential Guard deployment in virtual machines -[Scenarios not protected by Credential Guard](credential-guard-not-protected-scenarios.md) +Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. -[Known issues](credential-manager-known-issues.md) +Credential Guard protects secrets from non-priviledged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: -[Credential Guard Scripts](credential-guard-scripts.md) +``` PowerShell +Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true +``` +Requirements for running Credential Guard in Hyper-V virtual machines +- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. +- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. -
For further information, see: +### Remove Credential Guard -[How to prevent credential theft](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=CAgzpKJyC_304300474) +If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). -[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) +1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). +2. Delete the following registry settings: + - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures -[Credential Guard Design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + > [!IMPORTANT] + > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. +3. Delete the Credential Guard EFI variables by using bcdedit. +**Delete the Credential Guard EFI variables** + +1. From an elevated command prompt, type the following commands: + ``` syntax + + mountvol X: /s + + copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y + + bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" + + bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: + + mountvol X: /d + + ``` +2. Restart the PC. +3. Accept the prompt to disable Credential Guard. +4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. + +> [!NOTE] +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + +For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). + + +#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool + +You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot +``` +  +### Check that Credential Guard is running + +You can use System Information to ensure that Credential Guard is running on a PC. + +1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. +2. Click **System Summary**. +3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. + + Here's an example: + + ![System Information](images/credguard-msinfo32.png) + +You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Ready +``` + +## Considerations when using Credential Guard + +- If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. +- You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: + - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. + - **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0 + - The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run. + - The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. + - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. + - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] + - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] + You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. +- Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. +- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. +- As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. + +- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager: + - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". + - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. + - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. + - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. + +### NTLM & CHAP Considerations + +When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. + +### Kerberos Considerations + +When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. + +## Scenarios not protected by Credential Guard + +Some ways to store credentials are not protected by Credential Guard, including: + +- Software that manages credentials outside of Windows feature protection +- Local accounts and Microsoft Accounts +- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. +- Key loggers +- Physical attacks +- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization. +- Third-party security packages +- Digest and CredSSP credentials + - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. +- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. + +## Additional mitigations + +Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. + +### Restricting domain users to specific domain-joined devices + +Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. + +#### Kerberos armoring + +Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. + +**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** + +- Users need to be in domains which are running Windows Server 2012 R2 or higher +- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. +- All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. + +#### Protecting domain-joined device secrets + +Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user. + +Domain-joined device certificate authentication has the following requirements: +- Devices' accounts are in Windows Server 2012 domain functional level or higher. +- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: + - KDC EKU present + - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension +- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. +- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. + +##### Deploying domain-joined device certificates + +To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. + +For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. + +**Creating a new certificate template** + +1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** +2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. +3. Right-click the new template, and then click **Properties**. +4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. +5. Click **Client Authentication**, and then click **Remove**. +6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: + - Name: Kerberos Client Auth + - Object Identifier: 1.3.6.1.5.2.3.4 +7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. +8. Under **Issuance Policies**, click**High Assurance**. +9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. + +Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. + +**Enrolling devices in a certificate** + +Run the following command: +``` syntax +CertReq -EnrollCredGuardCert MachineAuthentication +``` + +> [!NOTE] +> You must restart the device after enrolling the machine authentication certificate. +  +#### How a certificate issuance policy can be used for access control + +Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. + +**To see the issuance policies available** + +- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\get-IssuancePolicy.ps1 –LinkedToGroup:All + ``` + +**To link a issuance policy to a universal security group** + +- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" + ``` + +#### Restricting user sign on + +So we now have the following: + +- Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on +- Mapped that policy to a universal security group or claim +- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring, so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies. + +Authentication policies have the following requirements: +- User accounts are in a Windows Server 2012 domain functional level or higher. + +**Creating an authentication policy restricting to the specific universal security group** + +1. Open Active Directory Administrative Center. +2. Click **Authentication**, click **New**, and then click **Authentication Policy**. +3. In the **Display name** box, enter a name for this authentication policy. +4. Under the **Accounts** heading, click **Add**. +5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**. +6. Under the **User Sign On** heading, click the **Edit** button. +7. Click **Add a condition**. +8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. +9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. +10. Click **OK** to close the **Edit Access Control Conditions** box. +11. Click **OK** to create the authentication policy. +12. Close Active Directory Administrative Center. + +> [!NOTE] +> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. + +#### Discovering authentication failures due to authentication policies + +To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. + +To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). + +## Appendix: Scripts + +Here is a list of scripts that are mentioned in this topic. + +### Get the available issuance policies on the certificate authority + +Save this script file as get-IssuancePolicy.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$Identity, +$LinkedToGroup +) +####################################### +## Strings definitions ## +####################################### +Data getIP_strings { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targetted. +help2 = Usage: +help3 = The following parameter is mandatory: +help4 = -LinkedToGroup: +help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. +help6 = "no" will return only Issuance Policies that are not currently linked to any group. +help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. +help8 = The following parameter is optional: +help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. +help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. +help11 = Examples: +errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" +ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". +ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". +ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: +LinkedIPs = The following Issuance Policies are linked to groups: +displayName = displayName : {0} +Name = Name : {0} +dn = distinguishedName : {0} + InfoName = Linked Group Name: {0} + InfoDN = Linked Group DN: {0} +NonLinkedIPs = The following Issuance Policies are NOT linked to groups: +'@ +} +##Import-LocalizedData getIP_strings +import-module ActiveDirectory +####################################### +## Help ## +####################################### +function Display-Help { + "" + $getIP_strings.help1 + "" +$getIP_strings.help2 +"" +$getIP_strings.help3 +" " + $getIP_strings.help4 +" " + $getIP_strings.help5 + " " + $getIP_strings.help6 + " " + $getIP_strings.help7 +"" +$getIP_strings.help8 + " " + $getIP_strings.help9 + "" + $getIP_strings.help10 +"" +"" +$getIP_strings.help11 + " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" + " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" + " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" +"" +} +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +$configNCDN = [String]$root.configurationNamingContext +if ( !($Identity) -and !($LinkedToGroup) ) { +display-Help +break +} +if ($Identity) { + $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * + if ($OIDs -eq $null) { +$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity +write-host $errormsg -ForegroundColor Red + } + foreach ($OID in $OIDs) { + if ($OID."msDS-OIDToGroupLink") { +# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $groupName = $group.Name +# Analyze the group + if ($group.groupCategory -ne "Security") { +$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + } + } + return $OIDs + break +} +if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" + $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*****************************************************" + write-host $getIP_strings.LinkedIPs + write-host "*****************************************************" + write-host "" + if ($LinkedOIDs -ne $null){ + foreach ($OID in $LinkedOIDs) { +# Display basic information about the Issuance Policies + "" + $getIP_strings.displayName -f $OID.displayName + $getIP_strings.Name -f $OID.Name + $getIP_strings.dn -f $OID.distinguishedName +# Get the linked group. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $getIP_strings.InfoName -f $group.Name + $getIP_strings.InfoDN -f $groupDN +# Analyze the group + $OIDName = $OID.displayName + $groupName = $group.Name + if ($group.groupCategory -ne "Security") { + $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + write-host "" + } + }else{ +write-host "There are no issuance policies that are mapped to a group" + } + if ($LinkedToGroup -eq "yes") { + return $LinkedOIDs + break + } +} +if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" + $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*********************************************************" + write-host $getIP_strings.NonLinkedIPs + write-host "*********************************************************" + write-host "" + if ($NonLinkedOIDs -ne $null) { + foreach ($OID in $NonLinkedOIDs) { +# Display basic information about the Issuance Policies +write-host "" +$getIP_strings.displayName -f $OID.displayName +$getIP_strings.Name -f $OID.Name +$getIP_strings.dn -f $OID.distinguishedName +write-host "" + } + }else{ +write-host "There are no issuance policies which are not mapped to groups" + } + if ($LinkedToGroup -eq "no") { + return $NonLinkedOIDs + break + } +} +``` +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +  +### Link an issuance policy to a group + +Save the script file as set-IssuancePolicyToGroupLink.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$IssuancePolicyName, +$groupOU, +$groupName +) +####################################### +## Strings definitions ## +####################################### +Data ErrorMsg { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. +help2 = Usage: +help3 = The following parameters are required: +help4 = -IssuancePolicyName: +help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. +help6 = The following parameter is optional: +help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. +help8 = Examples: +help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. +help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. +MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" +NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". +IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} +MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". +confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? +OUCreationSuccess = Organizational Unit "{0}" successfully created. +OUcreationError = Error: Organizational Unit "{0}" could not be created. +OUFoundSuccess = Organizational Unit "{0}" was successfully found. +multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". +confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? +groupCreationSuccess = Univeral Security group "{0}" successfully created. +groupCreationError = Error: Univeral Security group "{0}" could not be created. +GroupFound = Group "{0}" was successfully found. +confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? +UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. +UnlinkError = Removing the link failed. +UnlinkExit = Exiting without removing the link from the issuance policy to the group. +IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. +ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". +ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". +ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: +ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? +LinkSuccess = The certificate issuance policy was successfully linked to the specified group. +LinkError = The certificate issuance policy could not be linked to the specified group. +ExitNoLinkReplacement = Exiting without setting the new link. +'@ +} +# import-localizeddata ErrorMsg +function Display-Help { +"" +write-host $ErrorMsg.help1 +"" +write-host $ErrorMsg.help2 +"" +write-host $ErrorMsg.help3 +write-host "`t" $ErrorMsg.help4 +write-host "`t" $ErrorMsg.help5 +"" +write-host $ErrorMsg.help6 +write-host "`t" $ErrorMsg.help7 +"" +"" +write-host $ErrorMsg.help8 +"" +write-host $ErrorMsg.help9 +".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " +"" +write-host $ErrorMsg.help10 +'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' +"" +} +# Assumption: The group to which the Issuance Policy is going +# to be linked is (or is going to be created) in +# the domain the user running this script is a member of. +import-module ActiveDirectory +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +if ( !($IssuancePolicyName) ) { +display-Help +break +} +####################################### +## Find the OID object ## +## (aka Issuance Policy) ## +####################################### +$searchBase = [String]$root.configurationnamingcontext +$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * +if ($OID -eq $null) { +$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($OID.GetType().IsArray) { +$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +else { +$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName +write-host $tmp -ForeGroundColor Green +} +####################################### +## Find the container of the group ## +####################################### +if ($groupOU -eq $null) { +# default to the Users container +$groupContainer = $domain.UsersContainer +} +else { +$searchBase = [string]$domain.DistinguishedName +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +if ($groupContainer.count -gt 1) { +$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase +write-host $tmp -ForegroundColor Red +break; +} +elseif ($groupContainer -eq $null) { +$tmp = $ErrorMsg.confirmOUcreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName +if ($?){ +$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU +write-host $tmp -ForegroundColor Green +} +else{ +$tmp = $ErrorMsg.OUCreationError -f $groupOU +write-host $tmp -ForeGroundColor Red +break; +} +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name +write-host $tmp -ForegroundColor Green +} +} +####################################### +## Find the group ## +####################################### +if (($groupName -ne $null) -and ($groupName -ne "")){ +##$searchBase = [String]$groupContainer.DistinguishedName +$searchBase = $groupContainer +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +if ($group -ne $null -and $group.gettype().isarray) { +$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($group -eq $null) { +$tmp = $ErrorMsg.confirmGroupCreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" +if ($?){ +$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName +write-host $tmp -ForegroundColor Green +}else{ +$tmp = $ErrorMsg.groupCreationError -f $groupName +write-host $tmp -ForeGroundColor Red +break +} +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.GroupFound -f $group.Name +write-host $tmp -ForegroundColor Green +} +} +else { +##### +## If the group is not specified, we should remove the link if any exists +##### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" +if ($?) { +$tmp = $ErrorMsg.UnlinkSuccess +write-host $tmp -ForeGroundColor Green +}else{ +$tmp = $ErrorMsg.UnlinkError +write-host $tmp -ForeGroundColor Red +} +} +else { +$tmp = $ErrorMsg.UnlinkExit +write-host $tmp +break +} +} +else { +$tmp = $ErrorMsg.IPNotLinked +write-host $tmp -ForeGroundColor Yellow +} +break; +} +####################################### +## Verify that the group is ## +## Universal, Security, and ## +## has no members ## +####################################### +if ($group.GroupScope -ne "Universal") { +$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +if ($group.GroupCategory -ne "Security") { +$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +$members = Get-ADGroupMember -Identity $group +if ($members -ne $null) { +$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} +break; +} +####################################### +## We have verified everything. We ## +## can create the link from the ## +## Issuance Policy to the group. ## +####################################### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName +write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Replace $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} else { +$tmp = $Errormsg.ExitNoLinkReplacement +write-host $tmp +break +} +} +else { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Add $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} +``` + +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +  ## Related topics - [Isolated User Mode in Windows 10 with Dave Probert (Channel 9)](https://channel9.msdn.com/Blogs/Seth-Juarez/Isolated-User-Mode-in-Windows-10-with-Dave-Probert) diff --git a/windows/keep-secure/credential-manager-known-issues.md b/windows/keep-secure/credential-manager-known-issues.md index b7dc37dac3..bf01f06ded 100644 --- a/windows/keep-secure/credential-manager-known-issues.md +++ b/windows/keep-secure/credential-manager-known-issues.md @@ -1,6 +1,6 @@ --- title: Known issues with Credential Manager (Windows 10) -description: Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. +description: Credential Manager - Known issues in Windows 10 Enterprise ms.prod: w10 ms.mktglfcycl: explore ms.sitesec: library From 8d5c15e875b4a4fe90040b641137f68b29d26986 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Tue, 21 Mar 2017 12:27:02 -0700 Subject: [PATCH 31/62] multiple credential guard edits --- images/mva_videos.png | Bin 0 -> 140500 bytes windows/keep-secure/credential-guard.md | 921 ---------------------- windows/keep-secure/images/mva_videos.png | Bin 0 -> 140500 bytes 3 files changed, 921 deletions(-) create mode 100644 images/mva_videos.png create mode 100644 windows/keep-secure/images/mva_videos.png diff --git a/images/mva_videos.png b/images/mva_videos.png new file mode 100644 index 0000000000000000000000000000000000000000..52ec8ee035068def0fc0ca14d2c8938cfeb89af9 GIT binary patch literal 140500 zcmX`yV{~M}+9=?T?MWt@*q+$7HL-2mwkNi2Ol;e>ZTse&@8O{< zm6aBOgT{mg003}eqJr`O05C8B0K^UX^$DYZ<5ysfRqVWHX+8OHprzoC-sih%+=@9|y>k8C=t|(X=IXLUu z83HtIKL1l3=D$B~YOimh`&HBq(AZTU{S}7%Pgq&k&dSuv7|?}v5d0N`_`mxd?eq-+ z_n-c!-^B#1EiDbL8~_hviJf0D@c$H3GiUDD6mPpdpn9dYhB zcQfoO+P#zPYf!Xzp5pWmn+C-MY*09$q|^(5kwJxgeZnwJ2=R%w1OmzUcO-c56hmn> za(+>Q2V7o`=twl8?Y5=?SAaicFhPK zC)h0-^NMihjZY4ce{1{n&$gBF3b7>~KglHEMYN?R$ArQhALI3_Z%Qy2hvdg=YLCc{ zCHk#O2NdClPun&G;@c4eW>xrS+v<#0@YGb^%1; z+bI@5sys{_3}~t!N^)iY9OAhJvG%xlaN*3npzYcHy!QSmq4l7AXa7q7|I3SKc&9za z-W4Yh#B9)@n8kBbhtT>NFhoUIQEZg816ZK2>4CmjXmaHG^wj*N>}&iy!1)4i4os^n z^fOZ6PJcfr|1a6mv@k?x04rMfPwd;KVSZuYT%<$=27Vfb zIPe~`WSVHhcuKTtC1hckV_Ro2BgVXC(4lr1l|>rov%LVpjjnYdwwBf{8(#c&;3+O9 z3lHYG$i8O>wWQa^&huvP50Q`IU0t{5{iMwosmrIe!_J$m&xX%~ac7gc^YiWJLmV9Vibr_#fY%~t?dOq#7{FKi@P8Ib zKue4=v#`w0EqRa0ryt`OoVS#tdU7d{~(G{nRekH7>6Dc6N`UT*10W|$`;c)d740LU1KcoC< zst$rP7%(xH=Y-yH+Kwm9&FhS=B;T~z%g&e1_V=RCjX~~vIBU0Cn9Y}pyNOhNlOvU6 zWF_+o-{d0GRAY0Jp>naKb`U$|;(MzOQ7Fgzjm7!aR*4PGP*^qP%k{;E*3;VZ(Un

5mD87R zi^qbDXaroI$Bm?qDT^{Uo-qXN=aYSxTTwTcCeI6-TUb+Z*L+H(iC<)8{=i)G=yr@# zT48qCeHVW3=HAyvE4!NQS}J^w_lzKMAT*t#NhRyvvn-wO)SFLFF3B>FFi&s(gSaVL z?o#JN$0n8=R}GfJ#i1B$-?mPse-!Rpe;On4c_Y zvJ=>`LD_lW*W0OpOkw?gvOHW!T(-B8a*3-rkZ-`XR@*2U zb$?rs76P>0@8|C=tUX87J8n5T^HMtA_N&^idcp_OWN@P!qXrm3;P96KptuLbOK`Gg zI00iA@juZ8k8rO>wow>oA4o(w-8^2`ZYRh7-d})1`PVflmoufUFycnqJ2#Q)3qYm+ zpeIS~S1fw}Iq-&p^~Ye_jklgM0(YppYus--brUrz&qD1+D+byQG-e#U1B+!QOHVRy znkvAo4p@?bm*jBd)sArSd9dy8^o}uRMZZ}WKO=QM^LY>vdeMS(5d$C_$V4ISP<5t- zO2NGTmjvAFU*RaDGklwU_`ap}`9;UaoZMj3a|J|Vr^f~ed*|WVd=NnR`r*ZZ8Yl_4 zNfLO*VZ8#hZ&BIfJmL3XAId2=KLr*)k#Apny5?1khQa4{vbKjp= zHlJBnYi)1Gw{6xS=-OK!O~K~qUx1~*ySPcVs7?pWHdI}h(uc3RLPHCpYpnmBa~BMO zE>BSh5_xI+twUS$0QfCaw_OSS+t7rpgWalOT^XuhyaZ#2m4>oN6$A%@>_;T<>q z-}^EAn0|5*{W{~8@e9YS;htD30WO zB^9}xaq|$$iu5gdt%5MNXgylNpkMa0k<2}XX+IHnVqV*(*%SW;OQnyvOaGD{kS)Zg zfi4@?!=4$Z5RP-?%BdeQ(-{wbN z8<7y@M=Xiz_u9SB%=J$S*Bw}CS#W}{X)>xNwL;RE|Ktqulf$c6og;BZpaFMGfePbw z5$wlnB3y$s-h}csI}Z&3iMFxCjDSTuFX!!&Yas{fw6hjYEkT&f74&}8(|uRD2hOKV z&9`NH;DK8TY?_as{I;OSL?JNC4GKt9OOm{Bwd&T#XxcIdS1E;oB~-0ViG8CeP-sx_ zCEykq>q2@q0Pbh%q`B8y7KJ0VC=yn;U}cTl>q4B5HOA7;P`7L7;AoLgrIOM->heilEDMe^4PwJQRn`&wSDbk@BCGGB`0*J*mv4nO~Gq zBZAdlq-X zKt95;bOM)}0kA5|t)eaFn(YnX$QkkWf;@P93sdV*Zbk#lHRaU$PoSa0V()QIg%Vwu za_jhBFoz%}HhlC;25_QMt9%n%KSf=rRzs<&TL>#xpk^M51m|1qcSi8GwlNnp#9L1! zst5r7o(OD7NCS3Mqs5^Zc;6OD4Nbr5SP9NR3GL))<(L){OpOPF)WEeHA7@-h&d_=&bIHmvG}^)O6YyA3wPKqhxiAW2 z@`SZ$A$ov{{I-!+a!31*YQ_0)@*Cp~ckpR+pM8GtOZ{*H=Ivj@A45}07P z-xw2JIOZUQ+7vlx5eV(VZ>EBlCGaVow7fw?CI9|{4|X*>p-Iy9YsLS$JY|;w*7euF zfR!9FS9SMvtSftXs2a_g20C%?+d@*yU(_+q?Uskjt9pIjq4fLH z22K$+T;Mpirweo4NVRF*8kWn+dCa2m>UW%-;0zF%aq%1>Xnx9imUM&mFUywZ=9HCs zjYP-uS&Lz@y(Md-ZoV@Xj6fNZz$i6fwVU8--R;AMY9Mm5Z6-)x5}Zsh-f7#_gwSR>h$z z+95&Mh$L6h&Hu=W!DPes8ew79-j{w`KyU3l{zkWgrMP6?>KK|Zf^xnk%VQxy34O{J z{5@AIY>+a)2=qC%3>t$B8RAQwrY_6u6CeaPchDSUMA5^69onww5xY#T`jnFdnV6+yQbIcwgIG5xszZLdE+Ft@Y%DO3lup*HiMg41Pf&3;+l|U#;$8=>w z{FgY!a+b-U>pvs9;H_|)BKL})YJ^y+1b7C}BPQc&=FBqGanQ4KQNejB?*pXHMtC-4 zjxJL)^ze8`MU5B1VGnrgA&b}>HTnKnYxmb+t^9~}cH#g`M$oZmlX=B&? zM0AjxvGfI(5s}AYoK@k^3^qrGA8g=+;NL<1l=9apYkLBh1J(^Kz22U#IVX#5pY2rP znFo0z(e_&Cy2r;j&9(M4=_HD!t$xX>gL24bxBh@CYp5!z$^=S4@)6TT(m1*>e`KPE z^!y?IL!jz;ZX^NW(k^;s+INhXxKZUumX0zfJg!Awf`FI!)A#BJY*|%V%j#NaLTyP6 zscX(n;Q7&XiFG0NTHEfrnDXgk`btReCacZdmmm28aS1iW{?^I zsR;XWH@wsMRL!&Gc%igNzKtL&SvHC=&whsYw}r3=ODXf9PvwyonZE$BLka3)Q##w> zkU0?)MUg%TEQup2s4E78vETSceZEE@07JZnagSiX3R0Psa)nB< zps72dxM3ogJE3XPKRn=TRT#lszvi^Ux&nDhTWk&n^@9XcO}uF6wJnL{!us-KeGvLm zj##-VBRy7U15slXgFp>`eeu87DTC34rUc7{M)k9^uPL+B@MZ33p|NtlKS+dl5ytN; ztcsCsV@8v~lp8Fn@ll7JduYS&f-s;YxGcXaD>rM~_Oda4$z!#H<|vEztvb}i?V3eu z;j&uVp=sv9F`ZPbXtIS_g_IL3b`RCvhBw{eiqE&jP0?p`21|^#8X`NZ@YJMTfGK{Z zQ-SY(bA0T^Q@9~hzY;nc%lM2R+MUh&w+9MR;K zX!?@ny(WIY*uOMsC-1RaAuc^G#!!%2SyI}; z28l+Kizl>N3_di4$l(^=ai_jz{na(aYU1yl!vI00FjG1vNp4^+Jc*d)4+K-hDHTM* z`p7>-pyI?iW7$n3gHiVpJn#%zKF%4475Rn8+@hk@-xdMmnq_<0nCz=yE!i17FONKL zC7UVg=GLCKEbX_Jm*#b88K%Ik+w!9Z90^1FNB%8F!D(2Ms%m{{QLh+FeQ(=EBLp_Zd?QnV9bSD7Ien-K;VOe<@n zU0$s3%WKUu*Zx6<&5uAF4HBrsbPl3sYwE}_!8)@u2Zvb9=>7Ei`R+>JU=ei0TTxs;s?I^=f1?*K{j zNFzas8L1yd;8Hf1(QdBlb_t*DJiIOcxbcd)FG}N(^tknzSIJfyq`58@Pkb90#p^R! zQB|be`SO~j{yL*+bU@bW7~w9N_A&QP`}yR}_-ni!i~M3D{@dd0%>d{E2S-fX)~%m1 zDn2>sUS4;fS>k6|+$-jVuxbwyyBH}jKiGmjx|k-zDFj%0ciE}sW^tl33Pm991m92P zlDt=$&x+3GQs?KoNv_YeUF)Zlq)Z*(aHGGZpkT_??OOrZWi9nVSmD6d^gV$MZjh?o zcpH8evq>3(iB}@`4oIH(e+!g>EmS|VqLP}Z)dIuhtW=5UEUKp#)as7A&l&!5wYl5D zD+EI-J0ZZ@(hkHn2FH$Dq>e$JdZrqyG2gLrwz#X9g;StIp<0b2*8K7bQR7GvkwGA+ z&ACzrIA>u757h&v6aAfa%@$IH7O31|nCo!+1PJ+%IP=dwI8Y0}EridrRkahXUlSX- zy&k$bHm=9poq=WFKuc*|?9RH3oSZDD|LKAS8xql|3*u$}HA=Ez+~J)+D5El7320=I^GRecgfqVgayZ zBs|4b>Ul!&CKy8EV4vD>0I!P1&~Wi1Sv0;2G$i?m8So9Yt??WQVeOx!TSLvoUQRHp zHSFj?<~(|?|~Teossp-`H8D7kg)SW*$>F(G%~>5dN)JF8wBvQjY& z;EHqYjQELieoSM&>`!`iWBi6rDW6^ud=7($Nd2827wd#m%7(_bVgVR10sfVc%%#*i z2AyYOHrIZkVF6x)A=%75x~*ly%S`5S;GF@1jQ}1qT9!oH@zzX+lq4v$;l~FSY%36R z)aD*plx;}5xSume#fmKs$lKCHN9l2jPPRnueaof1FP*uadCA!wQBh#W)782S(#HUc z^DJm6`L${vjl;#TiAfFVHl$@kiO2qdvXG|Akd``b-Jy3`?=#+=X5`Dd(2h+Pc%eM4GZMOos7rd?x%u%G5= zt^CRQvDt-6tCEOwOSO}e>3KvZu(Hcb#ZV4CRLzuw{p!K+#pH>E^CQ8Hm;e)`2Y!Na ziQyhR{Toxc#2Ob_o2;!*=_&>epM@+HrE?IT0oi5B8=I2DC|Z&xby6X#4J1yjzUvP| zs{oqcs9>OJKL;VJa^i@4yM9z2D!Dh!DA%NIE9=t*mQKpW`Rp{4nfb^$#e!D|;eJ~@ z<-;EG?S~pylU=AzxGX2s#;ZOlIH{qMV%@JnQG&S_m|GQws?o}P96i44Z@y&ye2p_? zTn<3Fj}~gD?~-d)VNe`n?M@h2@Ix(W2)F^5OVo$}wHR`$^!|l+5H{a+O9VFv$jAp; zpjtUX&&aX;D^9I5q!L&4HdscgmFcTsC>G%MXu^=3`-q}KcsqYKak<#hQU!x{cycDK zy|lQnxbc%JV|`oNxg~YrVekiGxrx=dR7QLXOSz!4xDJEqmE zbxi}%bdhYfyWYi+Hwr~geJ97IvgM-to zQ1bN3wL}+<`d&T4vm%vay_+d$&@{&t2Uzl6>`$ez^rMnSm8%eAdwU%fE%^u7%kJvr z$8&%#O88S0qCx}rHxMBfrW{|cM7)J)D*kCq6=K<)tdFPu4pTK>7$S2K!b0|1maH_9 z9lEz>ZU|ife60?+FIM|Yri6NBg*fz&G|y4B2I!e>%L-E!Jz7;TnU_k6>7a-ccj23q zfD?RMq~ZC74MUn$K%L+e5e6JuG)K{xGUidV(5zEBC|#h5Xom=@>^;v)=leq--!g)n z*hLJa%BnXLJg4KQaWBN>&ZzG-R^sEYx5S&BJCFciN?~?Z^c>=L8glN!CM?& z799UlEDYk* zVTnU5xBDX;+%0_SrzAw^l~RtF;HbH8_IJ9x`zU5EHKhlgvU7;PF0AecGng%J+4$`g zY(O399viO?A%@dp;lP56$wKyoDf89T{A){YtK)IKqy)?|D!@P_sD0$o(I%NfdiI^pigtj_hu?j@X+4RJ0zeFrOdZZ`*wbzm|i{vEdtwkEHpS{Bn{~3;^4RC2xCegSjE{X4>PG2Ej zkdbAodfI-A2HNAaXI7kSf2{=`@8oWC?Phg>vDnNF9=dY)4-NB+6V0@P;Cxh-*J9Z? z1Zh6ubP6cwrLk1wBY^-anL*pjU-DQ{%kUm(~y}X3|P#?`etLrnbdB6GTbhi2qW6tdLLk9W^*q?Ym4d=l2EZ% zX;7GGqZ!|+9+dC_yEX0U(zP|EZW#p;7@8pJf~Q2JxI{$dh;tRX>N-Xh-24;9+K!+C zZ%pt!Psf7OUHxBPh}ENI5)_8o=E^nuFJS)DxVJ$I-By}AwimDfD<7q}JS=inbB{+D z3-<5TYUg?0Z+miUrb-&!*`Q6j-M3@Q`Wmg@>@~E$zRs?%YdUvo(6m>Lwv?M|)12;m zs3zXqX-y;^IyO^X-&~x|XsRX6x0b;Jjk;O>fRA{}(N0sZR^sC4>Bszy zfkCO40s<8r;peSu4NjvnsYbxkALaWOE;2xfjQHkbguz9nS}P_iRLSqEe&y~8|F1Qc z&JfB56+OR^m!@PoX#`0p?92wMT>Kak5{IBJF?@9;kA()c5WauuAT{rot~0+8A}X=HW?6XqU|2wo4At0>5I9p$uK1O> zz(^`VSrUvqucVI#n3MQjQ#2uWhmgdLvCZ4xmLD)CuC%H@2`|xe<@YD}(|~*IH-m`D zrS`a`5OcEFHzaisglWX6SlUZ3h-&+{^~pi;e<-GUAS5wJd!{CP5We(apXh>sqHu-5 z`B__HKnM!{CYC+|(%KaKU)#CwCxE<$-Tgr`no2LW!Rh7TabT;S1W4RYPGzEV=IUxj z%YnC%q*t&nj}INwSx^uL_bF%>w>A=4iY*sIPmss(ISRQLZ2&ovJ14x{=1k$c+DI}C z)q{0*O=@*dci-=Dir#IRTPGZf!(Lzabkt51I(<1{;eI6T{KTyZ{-I;3ru2H<`KJ9g zap>)wpqCbt=wbBfNu zHN?qddy4#GFKxmMbip3%wKFqN$hjURew2|jr%8LO_Z^D0>Np`X0iGlT@AAqoj~)Wb|=`%NYD zD2Cb+FBbxzkeO zK((u~M`**nT;lQMb;Z0qAgW9dJia zDTX_2S`2vHzPE@dGixzk{qb$q>syi6EsFO|wD%;>2k8eW=%v-dMV6M=u6~y5`SGur z+mr~1SxFsw96U)Kcq&G%NEt?oB36{0GT+tqrp1Kf070Zu%2+Cf zt{fdIU(uPG6yIpiokp#84v_Rh)!BBtZwuy0g}D@AF!MVcK@_z#HJihQTpH9{MyWAS z?@=D9fJQsCa@Dj#i&>rRij>$)raJJvq-T6y^GGR)%hMG|KItrLD>|tKlSI`^^eLM8 zcv8_|2u7)G7R4H%B@>if6QzPRY-!#$|C}OTiSW=m>S3S?-JOWEom-CGbih?Z=LznU zQ4lq~-Y=5{X5^wWiNDw|c8a}#e3}-r-&qtfMeKrUHka#IErZ8M%oMSLPR_xtl$fVn zJuG1(b5=)1udiD3R-?5x?C6*ga2pdzP93spm=~#8W4b7|tYZivg%QaDSX$c@SE%L2 zAw(!4PUG^}gKIeerGEB;@iEXNm|j!vxW{jc&P{Wla{|j!X8l!9tGcmbLEC{U`Drq~ zb^qnPB?(goUiq2~O!XIpRkT9Kcy~ce1#J;nej(D3oJqMC4dXxgcq)A;p>qdj(nHLQ z;%Mjl%^$mUOY+8SOm=j*#MX>zOXW))1HGHionFtQw4KaS!J;j~u)MLfx=mn?=mu|? z+o}fZ+9Y1oZ&yatsoCWz-8!ZUgwlq>X~PlB7)1*z5C~~Csto3Uv7_ls)A6ANHPnM> zP&@d+@*P*ea3(nT4QmS9WQxk-AGrp-g|VIjliTa=H>@g;?MK{o&de3X)X~}Z8 zK7K(^NRewu!!f5}1H4F18)IFAJa_6@&rg@cu;_mVUwM~jBKKhaxw?=bFBkBVY%Q48 zX0uWAE%;3Pu;Ma>s4#?Q5ze8sZmjIBYkO=5B6NJ>rf!W#jC*Y-@!WA}KkX1$&;Gc6 zClfQzyP%>*NwWG&bYi} zz5Q@_F6n%9?z|hJtfW&x>Vcl%Gcfan84<}ZSo#4F?zC=+9?pq5BM%$i;iHRjzQp)k z*jRS>^Co<;?l~?%nkdTgHS2FR$u;Yv01wxixi0DS}Csl$aF%~Bi-cO zNj1sib~Rv(GkJSm`@}d|Z|aEYV$asO_5N<{vbNAl%U$PnAoV`aGAYs8{yB5~$ZcD@ zkMG9of3M}TEGe&#-G%IsF!V7@T@o;{-!?Y59BJ+*MAfw3q|PQO`$X)@NyNfS<5Vm) z$omhvwqP6*i-k(2g?t!R_%C~DM%7GBM6IV5$2Qsaa-DC!&bDj9D8Za@m^bX>Z|P|2 zUD+&}BOFm0$Wr~&ve)GPm!3{}U5_y54e3(7ne)Dywvuq(G!oZ5jNe?ZM^ct>U{>v7Y0H}Y>5G8FX)-&v?ta<+xTxiB zsY=8A%N?=shB@v!qFouM3VoPT4Q$SjQE*V#qdJCwoHz7e{a=?vscyX6{+Gc{$KOl_ zJn2qafzkioH>jqJz%yO11_q;XgZr<~j!L4>T^CtjQN%l$4AQah`y?JS#fl?l)dW*w z00Y1q<4oc)KVpuYxU*~zAT~cm7WM^qrwgM$Mnt?nlDzNdTW{+od3dDkPsB;2?1l_C!nksM5rP0b`3*G4g6QRB@JJ7XY%v(vOyx_+v4-4vHf-R^8RbX*D25S z;>W<`+fEhdXQZ{)Ajbv<8r4EK6$hl8t0sRW(iuJN*wu!Asc5&%tQSH6@Q#kmTo@>$ z_5I3_g)xl|cWERd9p0upBX%-lD>Ten3UN8P#$RIq|A7`5Jus2BBTt$fT(-pEZcQ1r zaS>ydG%eTb)nwZp^~W7d=l#O$Pwy?bDvv{k(YH72_p@W`HwYf*I!>>E(GI=m)#eNh{J0a4?QOK)VdA@gEy02Z#~EzFPBo*UCuO9Ko)h?T0D z7@i_E>%pF}?&%D$qp`=tT_EShD<<;}yVaCkKv$i>y280mS8T<`h>eEBShpm1BAnO8 zV+peyF%$(soa9C~eO@a2p%!VI*XP0jl6#NNTBe8VuL66U;W0}c{%t|MwbbnE?|qi> z-YxbeE$DyFO#b3P*TotrW7{SIQB7s+s=i3pvaieDv3-q|>3tQnyJzh-ySlig9 zUMf$fI$XJ8A=^uX3-Hyj8o-f7-xy^yl!%c7N|niMd$}8C!-ZS+{P*n3mHyt%(tfPI z@wjm*O7r&zNeKDh%{uX;SOkO-;V#ZGCA=Ofoa|U^9bC(C^vU9j!Eq%o^26d-B?SzUlTe?#AA6zCAO>=7Z;>a3RuvZ15Kd3y$YSP%@6a zqrI=(?(UrJZl5=uceEeRxNo~Wch>J|-rLmH?yH^emv30OFP(9qfo$IvJP)f`ALpMJ zU)OMX+&tK{<7U79fxElo_49M;@l5V^_lN7<(&Uce_}X)>^#(e{EeTW=@DQ3j68gMANk4^jh;b6Z?-g-6Q$wqTQjW32RI z*IaY7x0hJi_kenEadzHpoizA$le#0=Hykv7tT}`gTFV|pUSj`CVMsII3zU(NIteU+ z!>;yR*A?28>>W~U{??I&B4XrM+_9{3CD|e#Fh?4ON)8S)XSdtm7+7IqeoKf?P_A?{B}hSl3)m zACuw3%6BDVs5NDB;UH*mQQ(gdDZ}=rC{igE?J)eA5V(wbcU=g0JrWzhqx@fcQ5mA> z2;l-6&gof}?6`MFWDrtvNbaD^=EfZ>+-`=kj)8i)y{R!_{0{<B~`_xx}sva0@? z;|Z^=CjI`)KVS9H?7csze>?Aod2T!}TRFBMK8~F^ z9}jpQe}3+0zkH3tmKpJZ@f?dig;DLw{9lXVy{iV?U|W#okx7V5)|&iQCUm5wWpib! z153tf%d&au7Q0kQa-zDW%)c!Z*?$f5YlaDo{;h?## zv7bNbRO=hxZ`2^br|ho)?j>y@R7IqdKKb*N&EhU@G-@6y#}-S z6!h5kyo>wVH0^ap`&JDkbKvax)kA&ne5?9+#Qiw*vT+MR@ZJfhZ9kOid>GdDz7M}n zS^u^eo;77B^H&k?Uyel}E`au-G4=}C&FqF0w#Uy{&kbA+6fmp>cm6qnet^HfF0TI% zKK9zxDy3^Y1NTpUchaprMinj5Ql_o;Qlc4QwUDZ@(kV#st?cX%iex5&;NScxYkuRz zg@0rfw^Pxrk200PycI;^7x}I(Qs$M2QNpC$GtbjK`*TLA4nqKQgsi_77_rdB!6--& z8KdsS-En1>P>%Jm{p0Cy!I=P*nLU#HBaq_zt-)Ck-SfdQ49YG7d9|QnYjL8c=O_!K z{5#vd5Y+Fqj?c5LuaY^WII{|jjSAT#S|k_hPKHWk))pF1fXX8!2~30@>}t1k3oZ3w zHIK2BZ;QR2ML1>_(2)^e;NQ0 zk4SeVdw5yY&3jJ{93)cD#A&s}dk5~*X`-Q=-En*hCITh-=ygay(I29pi3zZ(`oAR0 zPcH35Gk4^VAR;~kW}doKA-^_wp0Ej}ERSECZ0*;Yq<0dL$*AZkC9#S+03FHVm}&v> z6X`0N&OzP{2pGl0%le(P1y9SCTlVvNa~>e{V;u6m5x%!(s4F|KO1CHxSC5<*V-kBQd*3tW zzTIhVNecM3aNm4R%X(Qm?}cEQT+<>6K3k`4e_Bi1d>WqgYH8*9Otel$m=)oE-xrC- z^Vg@z7I$>%siDNLC@K!bWkB$2RzeXY; zh6~Uc54+0b2IB_ApMyQm)k=~%NaD49?3^L8V(?9VFuk0wJgWA2Bc}%bHMSz{9 z9NVW(dUwMyeV@Bf`w!b+Xe9Ta;|4(ykA3ood@2ULk z{v&5r^@;p}|C{66rAxC|?`E~$Od73a+&#ZuDi`unnK^cdLS?9n-~jEI%O!_u6yd}R z)XPSo4)>vi?6ZLrk1t@o>0&B<@%?dy?@~Nai2Oi=P3)@g|L3Xp93eP0A9nYohCv{v zF-@n{?eVa$MI*ePEzK$7DLv>?>tvhWYNoj^rL~>19p9x{AcZiXe)(9iKqZ{{>gK1DW@ZB z-VqN$0bOYj)q8^QcU}-#Zs(!@8*LRK(M_M{n!JsBHqa`boz`mZ4o$YImKI6FQ4^@! z?Oh$@d2aleR9510dswFRc$WC;d#2%Xx!uigexBq(M1M|&)4tzrJ}*ytJvj5+m&klx zMZeWO78P~AnB#tYogI79_P$%(e$)3pi+-Q~JR>!ExEo%de4C@~d<=YS*saLA981+R z-ZAJEWCg)6%^!h_K*a%sA^WK?!-t0R3RTOYwuX&}TymEK7&KUx^fPSZ>dO&zipZf( zhV+*5Z3J+0bn}N2jkwrO9=c+6?vC@oNhb)UGtA^-V1*6zh6`G%t?3UGc|Eqk#OXbY+~jM zu9Ub0XzfCw??V80hErR8nGBfS9?mCrnXbx{lH@;1_5*0HC8(vL^oNji@K#XJ^Q|cr z=9lKyvkq-+4;x9N1jDU^gr+c?k@*~rhokvuey((J1FghAhjxF%95WB*XHM`FWKAMo zgGN+duv*Hz2(OikmyQbO z`@nY3eyiR%@H=XTVb!zsxp z`gHeed;I#l^$uxDQEdI^9nV{tpUKHVQH=)&25lh@j|X9J~-RB#CYvT}vb~37+4E8{%WO?~#(Z=?Kc* zczVasadN3_L=1kZ!~?R7Qj%ZW!Tirq{|iCh$O ze{P6Ai}F*_(2EktM=*aR`{BE#|NJ{lYGlmkk@F+?V^HU2&bJQ&G3He?u9SHi96y>V zWN^H7P~m2*w1Q&v;8&Cuw8{bgdmD znkCpKHBBm8lZJ9x5u2G%!4uaX1NqOPI8rNw&0wZ_I>DdmFhLjzTG>38AbRIUshA#& zn^@ywF>p%bxitz*)@INBr>Hnto$#2p4XmZ|AV!0l4oX9-DToW2O;GzuS0Ew=8EC~W z&Y(y3eX*30;sTC~iwQrmlZ(OKZJUq0mZWcsWVO05`$#QUeE$^+mg*fFS5Z`$^{~pt zruxQy?9w`G^ID_xi;Iuiaukj=rsIQ$LaB3y=5*SmUdEgWzUvmke{uOwBS3GG#A*j&b%@u3KcU>o1Djzex%&8#~a`Smo(w-@wVv73GYAqPVmAhbETQa zms{NGpsWHmT)Hmb-!?xeJ0HU7*D9;H**`Y~+Sc-CkByEeaSDSWzypi?ujdXYSfN&S zbhfN;7-iw5;dGpHFs4C$3x!weG2Fo+DE;cnGGWgDS#(QXaN#-9>Ij)o-J3$1kvp!a z`1v^Fw%@JEYwk>~Y5tmiSOKL_U6rPcZ-hk_|F-xnGat$cf3~^H5yKZWh0aC8l}|10 z^Dgwt@d%unAKKq@{;dx~*l`)!bAspONLZZR(k*Eon;JtC0m9gJkl6o$RA(21iUE~8 zeig;2#}BqBc`(sqk6CI#kT`Iw3qB2%ZZJ1UE-OhonzF&al^(redOj8imsCnb=!_CZ zr7;(MUz&gA64NyN+ERI|>-BU61nJzcu*I1%(VGB;!wLED?=%k_|1F?rtG4_%0@eY$ zJw(5d^W8r|JL42E(>?8fIwUoeS({PA5i;j+{41|(6;HDhute?Uf7<19`34C*VrTL^ zBfCj%QAw%TE7eMC5tJVY9VzxnmC2~OPg+{b_+9G0En1_6Y)!ex279~x#B4zX=UIhc z++!MZJWXkxeAl@K$FN{i*_i7hw%BmkY#1*o$E~cb)Xc+h=&;}if*{r1P0D?5$go47 zBe)IDjS9$b8!}!>YH?ETM(>0FIaWo*-H_NFQyhnEBjSCQ(9T1`S;AJ7^X*YN_dR=mg-AKRSIo87-p~g;CL>gqT=Esj{-*ef$D;mMA=Ok z@)?tD2_?VIH@T&SBd+4RT@m0;ND1~-_4r%ymD{0ip8+r?Y5TA?Rdk&^hd-rnGolf| ze3Aw^o>7!AM`S=K#Qk0`%0J)kN8D$h&B@2WD5PdCBK>Vq%%G~~x?kE~0^)u;A)a#^nS0V&2$*G~>d*yB_4Gqj9K7vX8EsfIC12|6)RrZ}RP5;mmH z1_l_hp{0=1ZZjf6LE$exWsdfZ3F7$sN*BBV_g*c|rd(>%uE)G>*1bCvF@K-=J z%V z6QMlU+||W+y7@9HS=%_o%@fcLFG#~M3+BYF(>3~V>+B2$I?&vWFl*$to;(iwdVD)i z?Qz!lVf@h@xsm(5V@=5(cOIPR;9cLn8D(5JIiW2lN@CLgjZ-BBcaf6N;d!G1G{c{&r0RYP^-`%6IL}$-hD%9)YGmC3C z6B*v&Xy&s)I?GTUNSynnj>gon>K?k%Oxvy7D4u!Uol4Gj22F9oJ|ug56;*9XF5r{r zV1)JlB%7FfXovQSv*_M;S0?TRGUH}Ui9LMU7>d;-_v(hr#-s9`7YrO_>Rx0oax($e9qVS7(_jw{kF--Gk|*&Ry(LsF^C5E<30s?l=>@4*B6;qSqys zaiJlLR}TsIRJ9D3XWD<#`O!76tZFh@WeAe_Go#A}t>o1x7=nPGz_#8qK}hK@l~M9+ znaR7(Pk^8O^25jPZ)keexh9EXPO{Z>aS~FTxs)b7`g$^GO2yDk-f~VZNS29@pMW4X zib}(Qp;NiRzTQi>RSK)y=g|Mj;u8Ei;>=-kvEj~xUFe$mb`i40SoUqH zj`K#ql%^b)CxK8d-CV35*(-HNRPNQPR9Ojp!1*)4=PYm3z+m9NDjx&q2(hq=)OMe`Z@RIch&ep?=@vX89$)LX9uD z>8Jhp9V1p_La^l9r#6+tU5t=59qJpw#TgO@#ldE7m%eDC+OD#l^i3pO*QT9%5~I)V zrNw?N|BG|tpRWNg`6%x6<^Vibq}4twEGJ)^F@d`;?EIL*KMZ}}W@4C#AT){mnR#VT z&(Hn!+i@u}m-!XL_^sSWX^=DVA4V9Ue^_nG$1MFM7Nf38X=)1|sWWojNNd_$&-)SX zT=H?{X*b^XFuKpGsA{BTb-p-}NS?2%*1U3JBO8=TlgOv-C2|`PRa`e$9=z32`026n zKW%^g%Sg1C#7O^AfVcANYvttJtISR=#hUEhc?_u7m zn+i<|wOv3a9EH1HmI9g0fGZ|qKM~57)fDuX;{FCjyuU$(@tPK08;sB4F09Rt0fgO_ zzgg|pSQuzIKfJ3}!l0ywD;=wyE=g*?+=Out_|a4#{zN9q*0)<~(+g{jvYDvI`4Va= z_*ghW4WlK1O8Nd3_A9Fkoy?69K5yuJwP^c#Ax!)4{6b6;P5bF)!@Jb1%vAO{wR#Y3 z!O`n9rR$&BQ^^T0WWFp34^93du+X?BEC|vDyW#<1VjT_bodO5vJ?RVm>wbRX_(AUX zpvB3}e=MSZzRW&-<4si-!{ZEdF1$CV!+~x=C@UCYhQ3pdluC&B`Fo{T%@=zRJuT=e zZJvg%%Q+tu5j*MNlCk~%Sis4~^a}~Dd=6Tj&5?%h5^F`t#sJaAMik>EkyH4Ciw^TA z{GUTTcZXi2YL`*p@xqV5Lb29?T!TN*CiW&z1GTtRD{`W*lwz`IJ^kBL>l&NlkfLF2 zWZ#9*nJNFf`yKN_1Df!$%qiUvq6JBVmAHKskJ~0`-#dBT!pKUI3zD7`8?l1$Q=6f@ zX5ozvORblYc%HFCCdB#2K;T+~xyL)#tdMO|w0LolxzIq>rq zk`MNpiAhr=90v)Z&xBdmP8EP(%^{qp$~70ua<)dL4h_5jUg z;m5TKP;qS0!yL_+K`+TzpAm#K=w+jqMoDDq6cEs+x4>PjvQnZUc&#qel*SldSWmsW z>1ChW`tosa-Tf~v*0e5iq`S_MvocOM{xFW{ljO^pI9cIPoW^qECaAZ^5V(bjHWg!V7v?>rG26-IOn$ z4xxw_j`Xlydhum73!b_kV;Yh^} zlLxQHkO2wgnY|t-Fz8!&k{4L6o}cLdDFQzaR45a}zV{j!XZ~$j6c}zU?Gn!Vkfp0b zY-tW3rnew3;PvN=v@RZJg};AvSD-6bc6vU)Z|QBNyHr;&p|qj+HDJ zE_)ktaMqHII@w%e4p-aA-BbbD$CqbYhF3m zV1{&w8g3F3!!jkwT$HsA0`iRdTIItuwn_1tQe0qdpf*EpDg@r$3q4YjClSnu`egu6 zSRjv<_*n$7CRzgbf`L_!bTD1*z?dn${6Q5?P-EiT+23P_jts?CoK)H#mPu!2+u^7^b#90uy z;ZX?Bk~;kD#ggOz+&ahm|1?(Lm-JhG<{QMDSp&Nkdts&jZh{Mn>15Id>RsFAGR-S9 zgp#sJb$Pk2dN>j$!I3bmD*ce^<+o|Xz+#hP(=iCgN+qHz%W7X_X@|%g7{DMwi%52k zELnr2i24z@Q5Yv;o_|`0GZ{;QaO)dp^(zA>R52p#n#|1HOqnZaaA>Y?{{X3%x?nzK{rl1*B8!!HW1czf4?)6;24^8FB_(F9kNrzq zDD(&eU6E#seVmwedfdlEh_foO zL(2@66`*+b>GRL-l{!D3gjoG=K60IvWr}miUn%m;JF1gXQi5JdJbr4F`&869oAL|$ zi5q)&YjVp{qWAn<@dWQoUvP4kU(w}a6ujWU!Qu-r;usa7UrB>xs1WdL_S&wUo0<&3 z_rN~44mD78H$nv-$!AT^PvHrA1O_0|;}fzB-DA$vd9c~{Xh`Tt6!Q&|rm#`X3v^IG zqc{u*V?}nX1>SNqIDfcZMV>y8ETeV1VE2WIi$s_Ums5n3S3w#P^RMw>k*<}Y%tFJ^ z(-mF~Z+l=_&?(dE8p4pI=`Fk+n~>yW!7b0NVup6bsUYLmVb5$6{mF(~@M}b*cgX?A zETU&ih$kX5j~ZC5)MIfk7cAx&x%pQw21#xUhOAAR%oS5dcZeW2$M8;uzl2zE`VJI$ zRB1ByDfkUG%<~a^&rO0zg~c<_-xuEPXH>Sh0zLdjU>YRDsxYcc%bgz8fRc=8!8vHd z6JTXa&i!^xNP!v{qthOI4BjK@R$d^JS% z@U(MLrxDjRX7g_{6atePo5h}w^2l4_%0Cvc!6cZM#U~{czv8sUAOXw_(0h+XaM)hR z=rn|&)Ix?x1eGMEf)H2(04iESjPAD%P!PWq5DL=6n4F*IRqH6Z*|D>D58j>z3nS379f&8tw@sN4XXwfi-d6CCg27==#E=o&bK z&73%*xK}ClY0fB#o3#Et=jqG>2@1IYDxc~K?`~YXPFWB*T0GcX|sU5LwFrMNK zl4n2=aDMh8d>3OXj<`7kCx_TdCNGkKod6e(m~J#-3(m0Cuw4qbn(8+oasX6z)>DO? zZQk2OI4UC@#R&|AAFx2 zR=b)~G09sOi8NlQTG7u=mcvNXybj3qRF14t(i><9#g`-%1OzHL7F`Zu%c~&lRpUiq zRW%`!Vwo$5H{W0RaN{84m?9g3M*U%2r z>QZK#MIU9xkqyIWAW4y9;@TnXOBn36I+BJ(%&cJGPJ7x$GlMZe#YQo^_4>+T_+;$v zN}!@H|qct8D1^ zyP`0>;|_3thK=UaK#G(U@#=}ANzV(3&`Xc?{mLPkrD3@{$VIhv5Gh7$6*D@C)WOlN zj_|2}GD?ALy94t)P6&#nQ$m8{`hK1I9G+ChB>jRYrt^;lz4rJBdXVpTf7+Zs)KN$~ z#Ef2&$ESA@8or}l`*jqZ16fcvOi8r?B*`EFFcLJcSVCn3NS=o{BE8`yF6rqWO-^BgSa+b zE}5mQ!@s{%Nd2J;O@ak(^`}=i)=V1&l6Ye=lO;5z0r~&l0%1`rE9%o4<#Lc{%+f9& ze}{vCk%p&!h0@QTz8u7;_N-8<$>{1Mg-dsKabw<;2m>6YJ;p0#Z@ zza+I5M(DrQL^(mnb7$ZDu$qN0`U4FR^@7v*!9T=hM!6Hd{g1`rnkPRPU{k2ZF4a8O zGORfFdba}&E1!S3@oOwYZr3rzoBX0kNJ$?)MN72=kfAXg-*hA?Z9)`Nx6O3TM!pv?J;=qN zqJfH+C&Ar!jLp1YUvA}~^h}J9kP~s_6KY}U9?-zmnVISIVPG0=*+dek!Uh!a02t^$ zaK!Cjb>L}+0Q-2wx^y<0b&QX-qq%T2@<>q?=n3MCo)eYO1ZqRWuva8BOH*LMNC-Rw zbaJS=IIiMju-laZsziANZW#XIz^XK2akIlB%GAxIIHmW5J|+8qEYM#Wl5dRFiXo+W z7g6RyBAqam5O5l?wdrV2213rRz~mS^zX;PAZuLG8n_G8JV0eO@G!^q@>~c@D0iIu} z{!k#Gk!t0mBu*#R!orQ&k#j4d9v1L0gW`cGA{JoG7)ELuj5e|6tL%tmY1QChcC((W z-{q*}XHm=%dL5EgXn`it(0Ffz{WX~Rx{=Q|U zOmLg?6A4z>A;ef6I|FP6rs0>0TnuF?Q46^<*)>Mb%ra@C2=2beA^c;3if=1G9tQLU zfCS8-C)WeDM;aPeB!0KmD8n^eBk_DQ2lfGiY>MT3XXMeUkY#+pz<>W$T~0TmQnrKa zS;-c@iY8-dE zcXdn862qdM@Vz0xXu^G8@2WJ5VD4v8FEPyGc934xk$!y+2aoSmr%Pvp)Q;rgDJ@RJTS zsoY~-g08Lbzr$G&6pC8kb8%3?QKaGeSbwV?P}4m}6`BPC+vIZzXQ4{|n~yv%AvL*zjT{!uS}YXIj2L zlyBr?ZAa9W7{c|VCY7M@c9v@g3vs;Dzo=t;gif-HY?_7rI49ZnQV3aShkvzcjW8lF zUaXi#>KvJ*$0GfDFmG2^9B7a&y<#vR)vT>iDwYxWfIzoQLv8|$*k}YBOu+sZ7i2P& zC7MtK5np-;hEtk|n1)J^7ok(a8v0n2JyLdaqu!uE33C~{64C5FStjM;-_=3I4rT$W z=IkcciR`$FoZ`@PS6j=ZBqlUB42sf7ftF_1EzF8aj7X$TlJ!|MzaqxA;I%?)E5ot$ zL$Jw;*?YBcC`vG}t}7rL2TyJn0mPwFUvy!V5OGP^anwrD$cyH^9#>77=Y~>=V#G@! zZNYW8P1}5UB@|Q1x;ib;cXiR4&_KQI1amjo?A&MbU=eum#d1*n%Dz|%tC!lNBS6w+ln)&2wc8EDqGz!Lfv-*>mj<{|<_=YqeTDQ@t~u6h)Bjkw z?b`C~SaBoW%-AO!hW%8CBMAg#Yr~Bf)?C7M(ieq+lP_-Wm$AmY8w+PVTrWG9dZ84&9#Sqab35&Cx+i(8U z(zs|VrkVpIga^QE7|VE}U;F*qA-aDqpsLW!hvJY_*GZ;pX?%NPFNVcor^0Dcz-C3M zKW6-H{dd<`i&j7!35;3Syvg6TLq-H_t`r&RH?D~^Z67LbY1E?;PVBP!mlnvD=A(-$txlT_xU<#oe55OLKViSC~^TNwc_G=4v}5gC+wP++#)NeYwoXvFprrd&7U+e^Yu%D6;>ad* zei}lhWqWNGM|ABFpeBh}6HoLY6m1WM0`Mt4wx_?Z!J|@8mO`k}2M7IxoN$fF25!2E zPW|VLqVR##C<|x-eOgKKz{15uj})@YAfjOo_~*T*C}Kg-5TR+01Md4x3ZuUK2AzP< zz2xZBMX>lqaR&8YbLFzYK$FkK$wfBL?a2@AW)ktULuh; zNkg_rEzjMTV+o9|gujCJixZ`KEaxXbDiJ41mRt&5<3K^?P8nzLu{ z0uKj(T)FQ_B%Mq&dgziIMO2g-B(Dw@L<>i^Ch{Q`=;I<3s2XxQ+8ts6fzp5sB^z|b zEYjgdvf*c5o&k_iqoXSeT-_zko1=sb`mTd8JS;;cJ2VuRPDR6{@>giL>JhQMntemNlA4P+D+5I6r`HQ43u6V5qS6`s4TQ-LGwwEZlV;Q)exkjUQVq`QXtr70yF29u!<^tTH%s zq|eaSkv_+gZ2wpg1{_}&P*sVu6fjv1>K?2xwcREuR0^8{oa%V^ZZnLfl@2I@%P5}~6NouT+6x9Y7 zu}ok91!p`ti$gU%2&)oo8CH%WhX68&kQt|_KBYK9KHwHjoft49Ph>Q$B2kvZjkxy*CwABFl$Y ziXtT+!mvHd)m}Y1O2G# zh~UN+yz3L5{L1{L2$+FQKg_25e=>aL60q)qgAo6+kS^v%#7UeE3vC0cYyef>)7rXfBnW*QunTY9e~ocaDv%eJhHyTC^J3^6t?dlnYam}TDjjK%CoLc<=(l7y{@*& zFT)lCzUj?-O()INh*lbqnurT)rt>g5==1uUR9oC)q5=b#D@GC^@0kI-3n}!WosdSm z*7s#NH~?CA{`$nO8n5p+4o#2oQAb(v=t=?!5ckuE$RtKZcqaP{T*h7=_vK_^EnQM` zR$Q?vvAqN?oNKv(WVf7{7MXrcKkTa=YC@v=Ie=7VZw+qXn2jK%wJ{_zd-j?tU%2TobLYm zs`95(Un`Xm@dZ{Wk_UG5iu-rJGuea@;g)IMrxv@mjnUC9%AJR6)$fVP;Qqicpl_$S z#rLlmF;5q#WHLlj!PtCSHPjaUB&Fi2t0o!vw^(yqmdR-xXfrc#@hQQ&1?>|6YAl%O z;cZpe4ajI15%B(==g@Y1d@`z0I!}9e*p}Y?yx)B{@FT}()Q+Vt}WVA@AU zx~qc0+o4=C$z{D0?jUodyY`t{YOW?e8hG~3HZ$5!jwS_ih4-hXHtnO+jSgy71%I7KklJmE9Z$U*7aL3qmxmCR z#*qn>p(&4E0TGc0PO&mT+YiC`Ta}$=2jd-7i;M|AGyHkUzXr^1Q6B6Wm03lUvJ8!T z7K{w_qOZcI-WN5unJ$RmYfkL+N_8}yIQ^lD7a-=W~M?k_m#6%L-#uU%ut76fTsUj@n zHWlr1p#xJn@j^d@VIj0wDlas13hoH(4FPFsgQ|PieN!b-U_i@a40`6SwvnwaRRh5fa$M^9=!CHG(EkQWL*H=Qrw-pXM zoyNwqmaZp6O~bqKPRrc;Pw7D|jWKJ`g<<1WeY~GTkxL3D;}j6uC6InJx?@Z(GqXWV zKYD#K;M|t!<&R~@Uh3-mnd{lz-5pogdy^D0ao1U?(A)T??{4?UODgiYkWExtBa;5Q zegBF7?ww}9VVlo+2N&1<^{C-<5O(hDMgMC~6w<%Am=?QS4tP437iwL_&dc92RDAw%QnR&VBv^BOqSFi0Vo(+UKC-ysv-u!hDDAi)8?|J3;w&JC@ zsY>2)%)#V7KK9V%Fj*ZEn@lGnWwQRFi zo>jKJ^^N|*S}8t8M+xw78Qjw#qz)H&KMwVXTD>M$Q7%E=ayTZpStZVCl&O&9Sx{X z6$qTTvSK&>db`zNXRaLvoZw+=T8V1e=?kf2t>+AF{mo$QEscI=BxL`yhcstX_ zL;re|sq?Sbq~012350f$~lp-&|JM5PbA2) zq(@!Ye&J*0#!d8+51I09B;Ts?N;L+yNT&ugj92mUHUj97n3W58z1CLC^?fG~3 zQ0QvByS~nE(eZ5<=EJ(NqRa~RRZLu540`VR;OLJwr?z(N-{VThj~?AgA^XhlGU1zdBfhqyAh$6n{H|c+~DBe}5zad-&n<;o zuVTCJP8|IP(TN3tLap|lvksl_42NCU>634}LeG7K9zrQiGMi~h(hQ<1lhHhALL~VRiZ=;|nJkhksDQXZb@fG3?dxLI zA9Hc4DE=e-WQLL8>J!S`;shXh-)icgzQN$I+d&y_4?@yk0k*)?GvU( zkDf?V=c(|roh@CvLA3!sx0V6d##=6HF+~2C1(P4Mj(X2QhimSuo1KSm7kT<2TwOV8bBA>%ti-xKpb{&D2Me$#9IX@0*H z>71+DF2?lsqf_$($Kh=_w)^IQ%i!7f@ytX2t_a`J1L^&2v+K4#;I-TTMqaV={Dq5C z=kGwC5(QV8u@Z~9927E6^BKq^V5`kB;N-c3rpu%MDDQD~@pWe350>-486wk1W%v7E z-HrRMhpvn2bp7TN{q7I0em8>ZYM}=&?AN>t&z)`qj>k*G_ip(=6U%3-7J~Q4j(#tE zhBpf>?@%DTbb-I=jif|AJjVIuUe~2USSqI*ng|cRGdiPjz4<-%0+ZeW83vLr-|v6G zAQdsU)A%Es%lF2R2wutncS~vwuXJc!ub;gK+!^4H>Az{{}-o~M) zlb30>||=nzQztc^h<+!Qn!RH`9jd|hzDEfspIB8+v7f0U)DA3`eo6-1TYcb>FaBo|6)^Tmx5k?aEq_;YTMn?2k!S2=qQk~SKMmC{81!` zk%sKriWgL90!LclL<~l7N-|%3#Ucj>!<&X40*Qj9FrkC4Ccw>H5COvWgXGXjY5#I$ z(xs{i@D7zsZFG4tx{HQS`>lPs6hROG6L?8aL3O>)Sve)S5_iWx%aid3nx9|P2Ld%=srqkzF zaE;@y|^|BH@Jr{_$*V+%Q|An`E(o0AbCH|Nw@-#pi)N0*yvcc*Q0 zkN;RXVcAULkJ|3E;cA{nXi%+e;6Yl$S|HmAHE+s>A;}4(n7J`tG ze=L?hGy`16|6uocDSC^}&PCY3OU}jlG*lu8RtrZ5kdUH2%P|7NP`>q)$@AR~nSv1L zF@C_O5$IHBGGZK&I}tRxp1yGN!cG{M0;I^dGUg4Azpn6FR^R-gfBmt*Gdj`GIH7IH zP-kkn%(3vyMcIZ~yb9gGhQOnQWR>0DCSsXL$lB#+`zd9E3xpkrQ+!0Ud&=f=Y1d0{MXE zSf!;`Z|p*jsSv2nuh1Q+<`f#7>!g8e`12L=i9(uWdw-akfN<>S5CKqZ->rxnLOOU{{ebSojoQWIsGa&Lm1H7Js%OfD*phc_C7_TY9zfvp=q)I!GoRF;-#Wr(^m}yNOh)AfMFu~e8G&6p zs58p${$mk7Xp7*qRUn3o0Xd*8MTL(@CADa5?Ss!Ig!2{Rz^dNJf~353GQ#S_yLrVPzE2PALF>Mr?<)mf}|lAr2eAgf?zII4VC!Vptvc978Z>hkn=^vv@N0r zz#HlpCML$SU&J4;H8lny7SG4{PBPZ@0!IBjgtYqM6@*MDt6SDp&Ag0+ZJMr{Nr;D0 z*PzNQYyc9l(Ks5OhKf_g9J4Ced$o+XgJLH^4*VZxuz;Bf9ks|u^Qrph z$?S6jwEuJh?(v9QxD?cw%cy)VSl>Ux8|b>rCL4i@FPXo#7b=hEQl>!9I;oj=AJJ%S zBQ*QDI;Vt6)rGlk=ogv@jmOrJ5JarAxLSUFONA%3>YP&Nt@r$i3L-^kyJ&wMjtj&s z8tD+M`kvaAQHBEXZVIaSL~RwCYID?8qOnPNAdQ^Xl9!s)o?<);kJk4)7FsToX>3n! zBECc55>L8iD+@F#KE4a~9g_D@2!xF^2#110OkhorA0DiiM|7yw|45d}>#ow^r_ZK} zdUb6Law9*Vv&sHa;;ydZ-IWz&nyaWKzT)1zCp(+a zrrLa)Cqlf@zqrt^u4r>Ou5cJ|YpPrFnrO_MY2PitckJw3J(9ya*_G+{Kk;suY(`}C zvn6~MTV2PyFNiFG3vifoj3A>c8`$Br^0O9Kd-mDGu*-~!!xlFf86%&?>G5b zo|=Q2U}NC<-97)YVC5`)#fT^J__#T_>xV&7P17B(vGmFwED)w*1Kcf<;b0ZeLFISI zQ;o73qHXdlI(V!Aq>zXwX)M#ca7G4-BB3&J^6o%OC(#I>U1eX&(BaT1DN-`bWhSOD zq+F0nXHD7FU?P~JbE~ip&KSImwZTu@Wld5?rCj7`y|JyL12TAx6(tEm6w@AjNJ6a@ z1tp_g;HO6!kcX3J0lx9(CnX0SW4Vm}ci za9c#-xcfd!fh)|~*QW`Dsv4r2b&APo^6+>@VxeA;kK$(g&!1ZAyG4UY#6s?7+)GP( zhWHM4I6dC{?&_)drV(-mKP{diKvzycZOKg9QMAPCzPaRz+3|^`mfgqe;~ZpyDymeb zN>Q`y#=d^_PLn%ix+*w{zru=Cl72Mnme2{O6A7PdGspAFq$%E`w4BYp)L>*X&@e(s zMYImvNVR!oXJmnaO+ji9BmUb^m81e(Fn~N1S0gO2_(MjF{9H%Oe`=g`L;2VqY zLG)lep{}9+G9>)RRqDl>&qqPwDJVX`X^Q=>i>(E{N71qMge~vAf!4Chog6?V=J0ag zN|3*3gX<36!%E)n-_qy?UE^)nS>Ht!{;aKrZZ6;$2F#?+s^znV$k(=>#Uim#^1 zi7j8v?0kR5-+X^wKgtD#d8m0YE@cxUP(C}AW{tVSKvVxZY zCVs}LNUBDY3kNHgalp94?Z;PW@-HsLt&Pu4eDkL*Jc`G@W)i?<2w&3rj?I?lQoP6x ze^oXOLKldYa8JC>Dpo@T2U=+Mf+=%BUs}*9Zb44`3j5x>@MpryGRJ+POTY0=AuX$r zMlOvb&ek@bNma5)1B{1*n)CDehD9mPOgbvt>(P%!|)Zd?!^RsH$!-*SjK9&QQ+g)2yTav;! zcBYutN@hnKGvz4nA}rl!uuUFvB(#?u#kVP8$x zo&H)pXCG=|Bv{(^EI1o9k2c6=Uo5eBOf35#5or^}QSAuY8qG�@ixGbl2 zhQo&R$Z>aEa8fx?x?)!f?7_5{zv8YyB6AK@Z@Py(>fRzqHq<2UuRu)x!J-fYe;q|= z1Jbnm64`r(jesg15&_-AEjtfsEj^)~%YSxc`F0fUzkd#KS+3|;KCkn*9q)hb%QyRm)no$6wgUEmr6H*V_+2 zUi)kD)h^?S-@r{^tRsLE+RbZOncXK7;r>p19oN@~cNSaiTs;sEf(vJi1cEL*^=_W; zjd}M?bTy+^M9i)=nRDcwRo?SM-Z{u|u(nnwzrW@tdlHfuMWg zVphOT*V6!|R618Yqa%^wav5RLur0|6?Si%$;jw1 zg5)M|r&YWCc=#@fL)uEd1W=6;e3Q=@xa!Ngy%{#!$u<=p#6tbNR0)~l)&>{f4~D&$ zhhazb>kBUSVqA65&URi|7-ektbe45wUc-rlW{XAp{_7tLHa0rC%F)4e%NI5uMInaK ztDeAcE)7kMcp`niZ`$Gj6XKSqS zUe9H?F{+TGh1p}l%d%_hM<;~TmS4bSEgd!0+xtS^`)QZ0W7uN%(b#_fWarbsD$e?B z?tQW5#|UNKYx;%3P2Ohv&P~hfa(nJo7+3fG?8j?sZxo2@{U3_~qrD|{RN8;g!1c^mGE?duR6-@|8j0BLD$hdG^{ z^n5qE2M;-&5A(I_nN8aQ7o83tMWbgLwKh~Kfj1NCoXx{EuLBIkk8hS*p!nC_yNQE{ zKPxMHvW8x#Ikl@#Bbpss$CWj;bhZ%zN9Ih&ci4hAtxT#Lu$S^Qg24mz3yM&*r}0Ao zGhl2L8ibnqdLHcx6e5h<{1V;!Su=9STRBs}@(;uJz5p%g!Oyd;`E6n~*X=BR`yGae zp+OKH35DvczWbUYo7WPL=x{pxhO#E3X|S}p?_Q2TEJ`U~I>Y=Qi#>AipFx7eN2CS1 z2$pME!P-R-JD>V{932yH)xp~*^^BmdF9aYFDu7A4F`H`JS@ilDe03{hn?-d^Lu+WO zd#QLbSc5%PO}*_XwMKlNliO?zm&duj-de*vPX&X(?Pc#S-AOFl;3C!M+3ZNL5N6Xi zh7!b1WOPtb0U>ptrlJv84$id4WlG>;#wREtlS7jz=1itSG#G?l=Wap{FEjXc6EW%Q z0Is|Dv8s561${XubL>oi7p=@9nM~v}Hb*PQ;wU0`c!4m3G8hIK@RzzKRe^e@5L#wM zMYd~1rt1XBJ}#~pPHA=pX`7lV77c*XygsGiVUUgV!RKt9Z@!N8zuirT0q;+fOU?Er z)&u?9B%^Zb^DsyRr*3Vl%}gvy!7s>2Tnm-4cP|dD`$K*YD|fM+O4f3LS}2*@AYfJ- z6>B3^ZB?~~COui46gnue>7;1bLLZxr?Q|`Uu=I{MTG8)%8CmFB%REzF_%Xi6Z{GC3lT@O%u2o%AQl zRfp*H0;C(2hPjI1!B!N#0BO{b7kXWviKQ_Z|+9ogM>1(WNvi&=ecM1}>O4&ndhOAL-6|sfxGxpD3H@B7b&_+z`(TZo z?K8RlaCc~Fa9wdWsIe_Z{EXu?LDoqaT@JWgQ|xc`{5$XSspYU@g?(t*js5bEMcQw* z2--$i2ICQCG`^$j z8e6{a80J0}dh!HyEVuwNT+4FygQ{5trfU;FSHe@XpRIC`)e47&mS?)!>m4t-;m_*^ zEvaV#cCDf?xcjZ7qPF;(*Y2#Dk0jLQ9yWr;852@{p3QS6p;2u?0-~7(6-dMN2W9A< zl5pNk4Bd&RkU|r+iJ8~8{{6eCVA*p?MB>)7)ky`vtK~4U)F)pDq(s>6kRgqdx=N3x zuDSOWm3M%aiD*3H@}IMBXNKSj^MMp|W1twZ%#l{HSTy zH6b9)XiXS3Fco4&Bfe{tiHahGsnGnSUkyjD?Rq23V}(Y*6GwB@$Zjmd{Scc(KRU;_hS+D z>i6frb`v+f;u+wsmsRkCw*%j#;)rx;%hoR#>Y;>LOCG2LUOP>t6!!KJAV{%_jPGka z4EXS3!v2q^bMUJ4{rd3fWS?wKO}5=M*|s@ZldZ{~Y&X@(c9X5i_GDYX-u15e{tMUI z_w(HN>}x|(*RJwfl+Ln0l=!^~b-BIP<#_a{@UG2sa1lQzzB|sYx$&=_-G1u*Dm?Z% zaX*OUYRrXVwxU|wt zPaf}IU8KkHkL$~H=dwVFT-|&{ONVyH_C=s1&#zKIVD4X>QDK~S-jj&Fop^+_`jTPy60>s^7F`>lV>I zRNGF!Y?0a7w2^b};t7jNjEls@33D7Yd@+?Lae%##jnkCr@w6R;O2X&1u{{C4=30BI z3mPmVpG51?Mg&Yas;P~|u}3C5_meHt%yrHh{KiZO!V!gol|Xj(tkEww0CIRiMK1j+ z26jM3M6htA@9NN2-|DFJQxrM~SbbsPKp8+**RLX!4(<}&hSFj*&9xE3ODyvMiYWk5 zuJ-Pv*Z;974o>f*r08q4`cd$aryG6dzb0P*aifU2CbR*9Re9A+i?#(sy=SaaI^5{;sHLmI4CI!4wPEJZB92;?gqr!sJzj*y!BV)*OaeTU}!-KOdJ4=Gt{m{drI5 z9SIQ%vhj{HDQIb#6zO#YHokwxSJ|R$m>Xddg2I4A6P2pYo@k)++NP8@OBqcfrAB<- z$(@(4FEX~n7O}@9`fe6G_=aP$}E?Ji*Uyrx&3|V z_UvgXp6~qShne_*ew6`sk<8Er>awA=Nz2>h`D%Zs3p;5%%~fq86FT0(%W{6t1cOlf zU~0vj6(3CXAJ*%pRR{)mN-7J?7i?b(**j%q^aRzX7`58c2Lkt>59XEqI+h z1a;)Z4PK8>yY5K1Oz}A6c4!wE+fI!KI8gp9V)e&t$Vd3=^Uy}rlB7oEt15{0U~$`0 zg;n7)ZBNoQ4E|%Gz}Sy~+*61of80r0i&*^jK%rQ<>%GPH>xFbc3d**o%;-~qGaC1{ zRN4xwwasj zUu<8xDT^bI9jgCGW?*Jca7>`*GwE`II_n$ zcVts|RWdc6D3wrVdiMt^#T+}zxXC&fKwg^)IuXcN0R-|-ou)%L!o4WCQcC}0=Ynx5 zOeQC#mjMUZWbUoquzXB5C13X*l!JkqWq8iYXR;Xzh;^E7)G1y`A6=IT6pQag3<_+ z{FPtfA+c{RS4uCCUbekfTH%22Uo+eD*Jyy3w>hdd2$b^ojv>t|EC}pxyPCT=stiiS zf8oUqZ8s6FNGDBo-BpGa%8DN5dHY~aWnrJP#^y45TWOJ^LNh8WrMolzGfx{w+81bQ z^Ud^7f9=`Sb+%6b88so{>Q>ZF$UAfM-!RHV|I+I;#G>D2KQxenFfMz7pg=-iEs9g zb1&Y$%Az6ekMs?B^qpTxzGbIK(pst9yM|5i-To?bp#EFXp ztND94e*^?tR?uZLdIuI669RdWRQ6L|otQ%fv?}^{Z~*E=%dmS?+De1T{h^neIgGmc zJWRp#%f}tBkn_vpbS-_|*q__rxFt^O!H+n+d$r1Lqz<;5ok3>SAvy18v;rQ~@uF01 zg$p(S87*iy%F!Pw^^>h$s*nk5%lTB^upwZAXMyyO0{3-&+qsXsNnlhp4$n85cU5IO(sk)ChsGD^CC3iWIxW%+7a)s9qV$Lig6Y4&Q?VEpqY50l&!=L`me+-?-GHHV>_K? z)`j!2JFhHtx=B{r+KM4Gq7Y|}oPR9TcFe1l?kt+<$Ih2KqfuLz*2lJBW7m8pU%eDo z)=qED4?IIr1lyV0xEIbBi(Mxm986A4`KJRQf@W*ONuAiwvh5l~jBe`>anSSp1EaUo z#G-5aca4lJcC1P)h>LHL`>5R^F|vsXVPFsev&H})YD0bk{p&AgId6u4vE^&j04zAv z+c74JIX_acfEn!TGO*&m>eJC}-~fNv?by?~X%J$}wBo*qI831LUV$|~u|1FjSEieT z!;F_mCnsHVyx%aAllRp%V&%%<`4)~{kB1A>qjbR7Xv+h5g&!g4PtW%Y1xkL;^F9ZH zMx)!ASyAPeAbQ7HkhXCBP%0UsQVH=t7HB|=G2tlL;GZmb=E9_d)%FK54dXpEudy5l zg5h3rr{a9B<5{o40!?d=-vo#k62o1T?G?C~GM}601Y79MrQ9LoQU{FP!>L`kedzD-ixgu^)ZeUyqy+HR18aj8j)w=7lzlZaDj6yrDowd z^nh;%08MbNM0%3KQq8~x5}fbn3ij)Fb+EOyMC62NUx{=Y1dd_R!l?0nc{|ZU-ChQo z{On*!{4GMI+3Qs|1Btzvn0?$W^GWXq8)2DI#BJ|AR`RK$=I){#k6(eXgqk#_EEF+0 zIfEn#mSbk0jW}B6R&kW_LY!8wt7Z}^OZq<+O!ul0_6{QJeD2Dft1S;1E}fMm5HX@2>V6wcHCiX@}Tm=B$Z$ z1(@?7;h2FKE-u@(9D~J=Z8!%$1BpgbmZ7byc}_!v^8~Jy z6&Jo7@EG+tjW`Di^fv~PPYnv3xuQU=ySp9CvSb~$@TFU;G)yAag2Hl=NEe|g|HIm- zOUod^D))?Bibpo3L2BkNS@AY})m9zpK7l1iyOB`Cd#7hR=h_#S46P6)^`_JrRrZ7h zAng6d4+AwiQNxx-_KCJuIyzOn+(tE0pJ=x1AB&wj!_P^8^~vAe<1aSP6?J#2iApM5 z1zXK4$Bo+kM@IxWA_j*>yJ-HMJNbjqMzb99J6cnmBYr%hGdi)hvntWRSsO zToh2`>@c!FK07C058Tzg-01P0^L>AK$otyy$TO-|zDbqYasM#l&Riy^k1~)rZTj0E zek(U0xocHWDaH(6X-wi(o=d}(VGrR=-pB-x<1d5$@6M3q2t`@eDR23>`}h1>&OxII z-*E_V8BDw{=8X7n#P7(U-w9fdK&M4-F;WOTY8TcZ1CQOfRVXoal=%~(_ud0mm0b_I zo8><$`AD+_CH~vY1sw?`)Jj7u@8oALd#7)Q^KlCQSg=A#rQ9Bi!u!FPA>q^cMclHE zeDX=}93AdDqQuIKf}qIF)=;;GAL5HZVb%)prv)A-yt5cnE0cRumzjl!#RcIjN(0IA z0j`Oy8MDT1e{mk?ThfSh zaIkUAuaVHeO|>$gqjM1&;S7mX=cq?LvnIT&R)$M8%vZ2+IJrVUkCv64jo&!$e+osl zTWk2ZGAga9tYm;gx&DbuR%cM5C`FyX6N)!vWR}!pMBuGjSZz%8q1QK>z zCdu(n!TpI?{#9J;T?&bl9Qb%N>;XyMi$VBf1dGBNo9Q15?p+||s`_4lZ$y4a#4y#A z^v|yzDxHLHWP5&=g}yZFS>CQ!aU@sL@R7 zh{){M8#_J&o|>_k!Gg=flJoH>%XEA|7+fk^EKkL>i$E)8|)4-h)~sIeD=rJ>I&HDA}>+-rxBCtd(oqy>GQG)n?|tzQr5oSJlh7 zF}v=EjRUsVPPjp(_u`2FqWn0Vbd#+r`UFxS7D^jFrvP)ZyP!{i|dUvBDD9A+sx?lfqcx4-p~h;8bL?!MY;`n1ty1Cum$9D7UTV^)0{Uc0Q|3*mVlE6>Y4ya5vR6uUMvd z#9QE{t%CZ2TtI#QKbK$TzI`i~s!BRvYq51^)}$P1W0RY!u(!bmC!26z{Qackc4BjT z0MK1ycbUZ{hhNgDj7;Aj9`4gz@{OPY<{%;_Gr}J0z0Mm{vHtfTfqvF|pv=@4z@z@H zCS(F&_(H-(b|R(;tz-o;J1IXw0Jn~6_5?b+<<{JH)K7g&VEj5I`I7%=Goyk-}~_rfYD91@W`er>V`1Xrk7ir{Yq%+>XDryrjOkM=A0C=-{3ho(bE$cI7x4% z9nD`jmjApn{Y`Vh1(uX;$&}r}g$)m7ptr}nYvJsB>eBoKXL6i()=Mrf8G8P;(-b7g z;I0~mG!YVyf^9ZO3!jNTR^qsv?llD3zhY>`jBe$_L8Gzy2aDQ0mRtH8ed$rWQ8CJ7 zoFaNaJ*1i62%G?4GRNIEoz1Y+b7?)cBGUsW1nKvq$JRz?Wsb45!hdU|PllMB2M!hZ zH7snru;N*(@;F>%vm>hv6Cj}-imbR;noK(m1s!nHYw4Fw@{g+? zLdYJP)C4ij*~C-`k&nLeTwL@Cm(~1BxyUB>YX^(1>Z4Hj)tDCMRogVrTCHfG zeLnChVqJ-?&SIwv3s)-MNCfLBn?Y4CDDF=Ngm7XSKa=)nI+{^@LuJ1Ie0LF~xWR#jMQCf0ehr{>WGp2yST5DL_o9Na~+`>qVXGWNi@*Km7?XbiX zMVS7>Ik9vEGxo&>hz5d(DB#8wlz5kUIMqo@QWY zb;nq6#8_sJs~ZZ&8(ftP9C~;rkbm?>%ePe=56^=m*Yv$u@uS5*9q5|ZMtw73hgm_I zpSMwCV6Z#9e?G~r!3OvgIgQ%j*(gE`;gVyTiT z2+kZ)7ss1(5vb6Gk0+@oBO}a|;OPbJ!}ts3iLy($h&I`iEu%fpa-g&Hv$>qO*vm zwOLet!hDP6)Eq$&hAZntDvm{~mz#~iJ^b_C$=cju{jpVG%ygUWB7}}8=U=IuFxEtz zV*1g$kL#k!GAmYm&N*tg@rhFz9HHYwq2|-dPXxWw4o==4W_CuLbP>0=bC2WEEew1| z#lHwf*O6!k?DlRk<%=Ytd4gx1aEc9(TD4VA-Ra0?%C0-~)LfBcS*t;1d)XG<4e9U$ycfe$JzLQ%bRvfhbFm{gFikK0b?< zZWa*ZPfwRJ*?v9eZ+BuOkD)r1@6$xZCt-KpQJo`nq~xl%7xip+?FXki#Ju&-JwX!M zW-EN|J$y2YSU(2eNj_Y2-KZdpWpo*c1g&c%N#NN|PYJCBHK?9}12MbH`I?o)oJWp6Ge^mqDzLl1B+_$W? zCr)%6WY>i*m#c$sbxfi;_szFSJojuB-m?WFW&GiSh`3!zymt$7I^N^iNR7LnT6#6h zW9zHg|FJN)oH(bVMGK#Ea@5{nA%x4JBv?i89R^yny@B1{hp2=u|B|%d$38hDZr-K1 zi3hNaLXpFZhUSp2rmfDiAsGgJFVD@jzyx%4wQz+%D!N$PdRp?Kb(3xU%+N~kJ!cMG zC#_#WP9Fl>GC|=klH-T-W<?+?Mk@z8te6Ok z*^(OOEbubiSi7qUMDKhn*(}TYPS7k!ib6FG`7y=u`4g-+X8!%w3>hQFH!Mat#XNc( zNwGd=t903aESB+bCRVTrE)vOfixgflQ?PH^PJ)hDx*zA6%;?x{69F>1)oEPzn{81~R>XjIZ`AMQ)Lcc?bo!>stTsqng8}QzuK6t9A)Ousz{HT3uD4hN z@4eC1_nVHYnE&<{l+VLLFJs{<2f~{@kg!$FFGJi+MNw0~qCim47Uw{XtVnuTERZA` zzG@IAUBDhy}AatNb@?!8_%|_cW z7x|o=OBy0$quM$cbdG`M`82Iz8~$n`C>>}Sk|vU6+#X5unLRQg)E>b_BB(Q;4&1qAec4vqpbgU4I?Hmh@llRTZ{wIk316XB zmZnH_(Ic8cCv;Xf(ayXYPB4X$AQnzoye5hwB9(@vSa?__^4huXHJ-(KWo3o0S4w?1 z7ykG50T0rv{F%UAFXV)OsFh|k&+s?}?E0Sv^kh0~$xJ94UipG}% zJ3m!zM5XG|+VJbJWTK;uS`-NYNE#F{4Lv6ozLsti{31$LCb!AxsP3{@GzR%@^$I)mCE>QiBy2!KFnUz=u5QNyqykE2kwsu*f3QRmqgJ(I*MK1kQEOLV z0w#(c4CSc%|A!&bdbuNYj{p4oeEt_!`_b-_wPd@^>wSa;6Ba{F9{Rn9%>96*gWnh)r1 zo>O)#9971FW@UpzqhhsmWIm;Ej+g8HMmD9$NbPFk%3lB~{lhyMhgYa7Rkpo|4ya~C zpbUnZ@~{Joi6#}2OFZMU{Hu$Iw9~u0M*@4#$J46dt`|gSU-s0jwD%^z=NX)?o9G_b z>|!FQ7{K@VM4B|IA!@sZOjB&->J>+5YhFHQ(SzRds^$Ca4X=ryl1+>Cr=}7G+Z0N+ z>WIEbD8C~N#HUg2CJ8WnunYcE!fyP3M69nT_5wd3?ox10L+Osve;m3 z(*XLq+vXlEjAC|iiSAOg4hffkEXb|d$q>nixY|0B>S;nSPhG8Pq#9wrn&U=)E|Je} zKU$Wxwg$T}_U2l$&`)lnUA9)mhvEEYAF?VGG~JOtPC~y4RlIRcJeO~0l7x-BFz|3Q6OryAa&7T+K7-%iHr zZ4%_fKe3wOhpVre9}Q6_IL0z2iSd)9v5nKX*ZP;nwP6IPLR z*c4#NKdjj|X9dPq=D_$8BqFvFaf8Ceyud#%tcou+g41Ec4 z^|IcX*U5<_e_TE2a=Kf6Tw1ytpKN&?!lvh{hP${%* z*+e4nHgt$MNYn-=+B1(?(Em6Qy&&MSaWt~OKe2HBGBH4!!fM0{dpA)_Gg#1*m~&M) zHz$xmpyTFqybhjbmfI z)@u9PTGw(PBio(n!AbODX#^Td0BD6&%cmAqF|Bx?sOuKe`qRT>&iho_?2fzzS$vGl z6#T9hn4Y8>WOp0$ZRNW{)2x^^Z%A}q}Y4Zhke zo)*n*=8^)3+Ey!W!u**CtG{5&e@Ya+V%k@Zv%4TeziCkYVFr@&bAq6J4BX!pacIW! z)B?0qlY=BD2?hA(Be@1DHGluP-)>jMH0P_)i-_a^0697w5G+aH~-l$wCwOgPJMVFFBb(q!$n8;lST1gQ$W zS;-oY+uO_U7w>E{Yn=It6AUysCnHT8Rhqf-YV;tEG<-mkwKb`1@H@frcw)KO0o{n} zalci~v)EXG`rqNbpkX6!!Z5r)VH$&Z?cK;O(#XM%uw;5dayv@B&w5H5YgIphsZab- zRROLglfQ^j{0SiEv{SSpDU!iv3Gv?rCwL(X9ZNtZ5P)+;6LZrDDE>?Mlq&jLxtd|w z`M-!b6Kp#ts}+?;p7YxDDBlZ44b$9?Bkw^8#u#9|$i&{d+>#(O8M&{fSOLRzxt0hRC79araN z_b+E=!k%)J%2nqRJZwN3g-F^dp@8S+!p7s(8B#@6Z>NBl0>9_2{p&szvG;CN%_GzM zNUQ~hr1r(`v7rT^JknuM!~W^RlLXn(GI4$vfy4KY#hZZ;dm8{@v#Vq05q)c6;}Sd` zjd3V9TLpk>wk9}K|<6@$QE>Y+S6}mFg0}v3*OESnY17y2$;GmsH#h(4A z<=%cewDr*iXEiI45*F&l0kBdY2h^j>9lLGFc5VWi{;|l{Dv+&A{D})lg`>pHN)f}R znwF(Hy>0t=a<8sSqKIFi7=*@y%2!2LlfMo-N#Dz>7iSZhiAdB(RTUXC1sj@@evX7Q zw55t^bIe2?)E0vhf#boCPT@W6nTW9w6Qu~gmvtH%M_nJ2#^mbrqMW83#tc@LQ!~hl zoTHkH01Jq|&1fn>t6(&$VQqaW@=`B1uYN3(nz*&$@I>%QS-LAe6I*{T_RBrIL~S%x zft+K4#r6r1Nm30dtR-@p}*!r3?fDNI8FPs%!5h%&n%d=2_Z_|^G|MKPeoh{({^ay|(n zyDc+-M$|Ubsb61r%d3eXhcj6Vy$+62zw;`IrEm)oAWo*Z<-(=wW(TB-$-xv^QqDCT-!3qlo|FkHVZe}BZ;@ZIeRC3zfK z=zLW9h%hsCU3Rw#K0F9{?WaJhp#_q%24IQ8;7WAM{8O*|v#KL>f=3A&#Wyx*;cG-PBu-T1wcOnSU# z_-^ZUU3YT5{|@ziDY5r@bAIl6JDaqxNE$qAdFPpIJ-nd*?xmz2g<{|`cmL{eKlyI= zDkOLxV#E4zP4IkV@Ydo(C2w$h>Gz71U-gb;wV?E~Vc5>+j)4GR@OqWy_=gf`itca2 z0n7yj`x~whT?XnHIa_qShN1(Mge^aFt$RPDZ9twso2+WD_-@G0 zST$@nb=~51-5ob|e1xm(ojnhh394R(NwnM_Q8!!%7q-Zv{{FY`)X5R_^L_pEHoE_| zJ83Y9_Ht_=RNdL>dkj|aTk-1>u!N}jI3k9p`NPxc@ELwB^>b2LboeCbX1UdUBL9n% z4`B%WyI*b2nusd(ceSQe)DH+W!7@<Oaf-rEr=F$iFqxTqcbwp`Hzk zI)evS+Q^Il!-B1IyP5%QPfOo&$qKPo4=#V}DYcgG6J<1!Tifg2-cs$@6}?KWK$@(- z7TjS}?XanFRO39pN!YNhQ*J{Hd6A6I-3c`L1fuiNjaJW8gai99&i;XR)>)?y?2aTd zF5=He?v>@mb>bM$YsA5l>9doM0B^0J2i`q^3iqYMET zB_t2eS+*H+u6ECF2dfS|?RN))uJ;;emQ4q4;z2^*8_xz;CtPdZqYZ<^&Cf3O+%Mr( zJ+SXL_KDxo%$_Ig`ELS*UXR|rpBbnf`IkKBtk>z$-kw+99>#usX%n~xf2dYoH=YNo z-bdsV+K;A)Hd+%YDIFEv*Zq{$I+elWI3F}Tbp0jpv zCU6RrCg6DdjaJU?CbBo)E=isT8=Ngn@RIg6QGGv#GF&D!5qF#o4StveLCp7>D-FwH z!4%k`jENTWM$L(c(-ttKYt|CZ9h?Ncq|%5PK}hke{vrn=(3r^oVhz(T2C{O(nR4=%!#mcpXZOBRbi5Q9K+L{IVH#6yjy`I3^Qe*AEWu`_MzYIk|E zblY~$<2n~lm-9ZRGePM0_vY`3St#oGjRi0G=e4o|>rApt`iU&>T1e0Q!^5YN%C@)G z$Cf=dDw2;jtRlw*r^4-|{t$UO0iUZ~Q+}8*X*uV*td^yT9SayJN#ubGYmS?7_>Z9M zf0@R}i4498qoA{&Fc8eRP@5*9-Jqia+C357NeRPxz zNY-J|FpFM~BWer8`Vm{RIZwQYl8wuzzfu@i{U!?_o5kQ{`HuE2>gBWjGb#n}g^Db~ z5uLvmZ^Qr?{kHQyggr6bfhMTk;S%#RceFa@7(!P=^KuL0E^T_c1{&nzFd>$NG&G;> zD#j`lrwUhBHFb{M%q>=)QS^DbWZ06$@*2M0nER5u{We8VHB}bypvwlKOinI&h#pR+4rUvi#M#Nx=Q^$5PFnAD z;-~O0O5!nJvui^1?|PaN%0DEXO04pjk+J__@B*&l_ufcbI-}KL8*Y5ts(L?kY3dlp zHx^%r9sLE-bXDAg!^3fE<}wtHTK;S1Y+beaCh&l?ir@`Uy6c{lxLZ-Il!9|0x!|PcnV7e$v9peiepH0{!)6=VaW-S)cm7+pE29-E z_~YA~c5R)}TO;D}?Y*bND|w{`*cf=azbyXIy>eec3S7C`JR+tYGtCT&>$ZXYWIH** z*#A|b+vFb$U^fV3{*Y4*$ff=@)X)?5;v|HEYe-Azs6OoA7XmnPPF(K5YFPcwTa4E# zd%5t`t%LYP9TM3YD$t~pm6Wz5HOJnbKvh3%SuU6?Tu{=X6e%tabXuncIR0%}`bQ9w z9Q{i-)_RUoGQKW8UyyP{v25bgC|M zJR>emno-McMgw>P&ns88d9QJ#oNov<)i0hmF!>EI5F8(T-jPaZ1m(?I-tuLAjFG`d z;p@;!ghzw<#{%qvDdx|UHtZ_(HO%6tND}NUA4E>-5e&lT4b6 z<~NU;k35`={}$)pncOf%!}3{j|AUSjD?<=EZVxbX{iF1S=5um50KKPq=p#v1l9I82%s;$%2mzi=rgi+F5E$Y!H@p zJOY%@%BcP8mWIJ>1~gtzVK8pD_E*`>ED_Z$9w@_s-;4C2X<}hN|Mc}`*7N4Pj2)bL zxaZL~GR_{L|6`$lU3ReUfb7pMj13Vr?LT&MLWd2c55T0hm16(U9#r{E%VfJf?oDMt zqy<7yN1N};x7GDHY^|D?&n>O<`aMK^#ox?(Cb6WnH9?AtR!fMk1$N`h$jVQJibnk4 z*kphN=Df)GQ-G$6X!3B@$?L_C-y|y^i)Y{)D83DWY`pb681Mr3!Z!=tRJ?IhmneB# zfzZqYntIYSV3r-@8M_ikLM;>dES@&kw?K~M=y7omE$pRl$~ObN8GYYo-D_s;`W-Q8 zSXRy(p4mdolIr1-j6_Gpl*Y!t2aru(Q%GqZFQw^Mt#!uXSkff{wN!Y9U6g((dYl4+ zb4N%iR8)t=RA&FNIL?PZW1@U-c^std>b9)Q*f=VtZcv zIdwufb#-yPO{9a&o7s>@h1O65(V!5{$LqjyruML@;5G`)zKfh!rJ~SqRl);yE`!73 zmoz`_rj-GKEaLqs?6d;TF3SuBG6hr%{Ey3aRAj8e;xsITC@ZJQWUK>l;RVwUtZ6^Z zXo7`LcEyq{63KHmDL&~ zwsCHjs4HdZLM*e`#$TWuPYs*`tJD8XP;Q;)w@gm}_4bh3x`o@MM+ne;w4bfdtN)^o zNDNkz{fx20=}{sS^N$4;l2#zn?u=Jp!+wpIp~PJaUxN>cssprsH_o%HmORH*??6ME z-csX=Aghfmsw8!=8wV)wIR9wu*>INz%jY$Q&)_xzXXE><3(0%QWI-4dLSSw@VQ3q} z8ACOtc&+HbVne_~zk&D0U3ayjKOC?Kv@?C7HR*`}q;NdR{fN-jB7`9RvbM(CvNmWs z_qcynTecw6JA}}QkCwq|DihnZ@gR4?Qa;h%54YkYN%3T?0h}7_kE3>d|#5F za`Sy&Oq(s4pC|s%W4(BYQsl?!*rYCLANw=IGjeP=+dR~-czNB^3qC!dh-Oh+ZMba= zd!6}^5*Re^?GwzdCmsA_Vb|_DuX(!Puib0<#XXY|Q~}Ybjc|?FbX=l)JI^Oinq@qYttbh!&1?DGqDc5WUAPUw5i8VZ27Z$oerXmCjQl|i4PxyVTBi4@WcBG$dEfB;~MLdY6RH9lnEwuKW|yqkI`F7?C&= zl~uMjgsW{99>vx_RyZ9YM2z_m(j40%<9jswxys(6% znA8iwF8YOGb}Ro8F;**j96p!1IrqG`W|2af*)?!jH2}fF><_U$(q5%66{`g$rr9Cy zK{FP0;ZNoK3x$GI+9AZw%z6y3Fw{n z4^s@|pDdteyvnCXoJntxry$nU)73f&%F+~2ovGJ$vh=X?bu==vG_v#kA~}rYFH+XL zcFM$9_5HbnTOF*vY9}EDWm7l&jle&FBANF8mWR9YkPT~%x--}uD79FS1nnEpH=z z4}UK)o}a5%4T@?oTOrL>kmfE#XkyX^auG5XbkNr_w8{Vk0C9OnEJ^Yfci zf@!vgS%`ZMSwF1n9clUej3v$bNO5z|Znv{BDcLlQO@{EWg@d~pi-!QqKVMts%l&NL z3UWd=ybrwIci1+3H`izTQ$OBq=E;NX^DSN{%wjnEK>epoK92-?{y6;ac#XK^mWJOb zvz9(KBo>0vI(?N}7%ajSP_>wqd1?RFh*%@A!f@6yh;pd5CrM%TeR+kCYl#oedApqcLG0lUk6b;<5FF64O44Smf&4`|=o?BIInv;DxgW_xJtw1gB9{1P zC+tjNsKzyUnUp<>QI?2FTN^>&r!fb9Vk8(@C{byI#^j1KH@-kyPC{Z{2h#BEo;&$? z9P|+DV^(6MMSL<+dDZ;Bk>9#}G2Bc)=h+BQLY?d>b4^u|IE0*iV+R=I0> z{S14IF(p)U)@*cie)G_EEj{i~YW|AU(<>)AHC9s5{Bkpxgvc4%e-lA7>%PKDQ^&)k zObay%>od87Ci5XvqbfvqN)Lqk>#+Z4nd9Yub%6$r@I~#^OCS$Q^!Gtd>z=G=@(^pC zFwb&Y`%c#T`4O4>VB6d5Y__M1!ci&VuoHXY1&2brO>u^%$trbNkM^1Cf#4%k4gqBQ znM>7b+Z5Ig8me1z>+~s;*L1*~kDK3fk3C^1iSHanC2#vkB64~K(^%=k+sCvK{~8&3!4usk7L%Wn)oAI^p6Pc7$9?F@Rxy8$0cL-*>PkE^W&mscEfMn`1>Fp;^00Y( zP%-9&kO-$;KicnaUYG<+=9s*GZ)`+ z`|md*mRf0lgb%Cn{BWw!^(N{!WbUj+mZlSJi**C{fQLRp%u@u%kBM)lTH z56T$&NrR5s?}m=y44N9#`YJ5^k_{bV7rOwW;}PY?(yql4Dle-N_3Y%N44IoCzCe?lD2kWG%da4-k#0w9!NWn>IPFJ@`)&gAHW{T4r9S%JiV)v0T!&PlsLUD|m82Li3ejg4PXPWzSp*UlWdv9w zV)g!h8Cz;Fvecsa6&)+-@fc&2F5>(1JP)UNP$dmd%dr2~zq*L)b~ALqP+6M8g1S^e z7rZZ#Uy9nwK8q27Tc}^!2pVc=>+#?3(4l3QHIe}r`rPZ?cbxjYFEX|7J^LNJR(bpt z)a+7}#yS=72Q#+6c6skUEDb6`uzmxIOD0T&4}LtjRPy_f93M z1U=_`?ggqXTyCM6viW=wIxiZkKwp-DKMlh$%+2eQ3!1YetLaTwpXS%@I}Ss$AInHO zY`qE|78LyE(F*~jiFG)Qoey#k0V{2>f-ea>v02{hk@|2;-#`3A|L@m&t-xt$0+_C{ zM$uaK1EOYlHhAcfVFL1>V>VtA1cFE_8Yygdkcg(Z}lFSKzcayBI;% zV`&BCJlzcF=(jjLf4J>GI;0DPnhqH3efIc;^T;A*2V-)w0qrMdO#F|FQU$l=e!CL- z4;|N#02!NbHF}61&94+IrxQV_{CAg3y#yat@1;bGPRBt#;A7*8!9#(N%g#r_A|^_Z z6$zQEJwtk7a!@PfL@f|NHkAW<;~7?_4B|n7x4Xhe(m$HR#7wF#oq4btsF=>Rps(DE z#Q~9vNdBZ}r*MQCvm`v#tYhYbq&=J*#|fH_QnjVwgP*vyFedZ$mC^pkLJ7kPF&SPI zzg#qz7}Y%S+iiqTmT$>Ic#-ssI-Q(K9tAM1T@~ml^(V#QVJe_R@Ue`aZn@ayXd2N~ zcGrjvCIwNJr>mV5Oq@^CknycusbMy5c`i-W2MgW79p`r!#gFUXZH^>>^YU9-&ajVO z_VCsCtJ^BSS6IOd2*9^nRB@$~E;wU+Mj%8b5cEYA5}tB!J$?t(>AVc2DCe)3iOVim zuvOn>{TEFiYpRvQyg-z&)rKRyNLaYr*MQ1^LI75?btlN5SW(|5%(p>brS3 z)~p?g(k7IGg0H-;0;gS1f472I)zO%-5{FG$St^s=`HjA+6IfSV+leXB2aD!`;#2Ep zh=qJQNwxL$4sTjXp@OE;Lm{2F|AbU9vnm@^J-{qljaW`fsp^zO2{OdeHR)e;>GiS1 z5H$Y?1r@i?Q^O(IXwyg=)mGFK4oZ=*IC+ip)sPr}wIg5^zM;#+3lkpsn-@y_oT9Md zXv7z9Np)77Hg_-7`exyGxny!L1Y}(%zW7kZ5B*ZHrvCIfO4aE=Z{zLGXJ=_|lu2mj zbd1t%wc*w4{Pkg2#X9S3^>T-*>tb(5rd)y7slKbZ>OQ)y$@ksI&&!VCQ_X*wMz6^a zl>^%%O;nHH`-{eB*LSsrab4$~nG>huI)lZhSyW$R?io^1LZa5=N(@vXch(4PBw<;{ z^vn+C4?~VOU&L}Ou~7DC??;F-P2hQ!$>;WAe*(@T#`|g3O^)^HDeHcMe*NN#MAPFA zF&pHPfB(``0=r*(zWVy%SrOvp>zdNzxk*#-v*4x=R>V5Q6(0HK#r$;BwZX9k$>eQ$ z{>Zd?ABaQZu^w5~zAfc!(1x*oovo0`!zQW2X7C}b>hI<1+D?*TdRss4y2n!Ryx?AS zoASe71KCL{;I0O}j3Nm~_2%z(O}ipA@_X>g=C;EQF4sHN3Ysh|>(R-WL>nuXn?p zl`vsF#=q$67+z(Ce2oKW*5QfgOPYj`4Rj3^&TFc+Od%XMfKCYRP`x%EAFm-S!Ton$ zhcW_3*TG_VL)LFrXK%c*ZX>4{Mci{GXg5xMbM`TI^N`7*>2O2O6FTE8pD#?WlxY#UtxtZFD$&Zmx_q0R>q1uv=G8Y*8k>j= znOuCyBYyFZz9JJPD0351ZvJFz;ei;TA?akS_r}q=)sQ8L9!k=l(vdzTSIKV%8}8xx zRPZa2Et9d;{OG^CBHw);UA9YoJas5cko2a};{5HySXjwcQ&ODmOSYv>P8+TMFufH_ zB7U+;>DrjW7)hKU9oLY}<%5B%8i~F5!1{h(+=yjBz_@$AkO!b>wopxu?*fbUJ+tHq z7Z5&JNsYFEKwwGxFv9n%S?P7U!of!=_>0Hhl<5M9hVnK*=L|jBxgD?8N#C96bWA;# zgt(F$-{ICv$Zb=TDgEo>m^x`S0f0nF=hae%!s5q?JIk7-QliSVi8Mired<#XIsym* zQ-q^S=^#O?(aJcj#H7Bgb%nGv&EO3~F~0(a2y{;O=gc^#!Q0&&OX-xBr0@~=K(Hw< z9tSO(abrpoJORz}zq1o&WXok_^o@;euG}q;Xmo7V)Wc$gS7HAZ)L>4H@Fg$2si~=@ zv-9~SfsfXX5yCnaCrM!4;QeOZ!?>`P~JXOTM4I_#&Od!0>h|3W8=Sz@tKL1u? zBAxkR0R6B{%I+2?sbupS6+-T13F~i_mXhPK!bd{dNOHjr@}%-uS*z!!LF}$2LJF09 zbAD06bhGpD^K@za?XMog`>X6F>9JM8NG41X66%+_ zJqCYAZq7Y;k&fcm*5#{`^wJ0Cx&emUTD+%tVmE2h8af`V3Y|Bt3qQZJXi4LS>~15S z$KoRvb8pyNsG~X5YH`Zrg-HGi_P>=;k<@rOE4--yLVRnv1?O+_A<*Rbeg2pdjZAsG zHzlQ!lu9g-H@C4MugIBo?8$WT+y>0Qx$!P}s3zYf^me@gDm z4%B&F_KAi>W)NnO`H~A1kvjk19Nh3_Kf}=QHuhGbk}*CV$gFR@un`wo@^jIgfC+`R zsV=t!L|-OOZBd(qp{~VkdEH$L)GF_2?_^Z`IGCc%;k%UgPQkz3jh*luBXkfbQnNTv z-4JL?rIQ_3`VHSk0-&yy<9O`OSw0?Qh3r>Qg}k}kC|vJNNkA?>7BA25`qFca}7-h z=X;~P;yWIS8Ty8m7z0Cx-A!ZQzq9jUqmxHguuQAeTADeUgaoP0iA2QpYOL400CB|2 z!OKX`Iz|iYHT4fw;ilV##=juA-C{~p(9aQYf(66T>PC2+%E5%d^Q1eqfgqFE-*uNi zoBjUsfKqup*;>C#UwY*fIeBvgC}?H|A%En?4O;Lv?sL*zYe$D1$Vif%9WheL)HWl| zHv=QK2c<4uIdGvG%lk#;qKP;hpW#Soc z@2N2D9OU@%MlZtuA!Wq=EI8)7_P77?etji;#8)EgGv*}3{E51#_>P3us#l*+y9$Ny zi@v{BRh70PGUYM9uWo$OV}H2budo|<*rUt~ME)HOHxdfysmYq6sC%dG%Gs5EUK1QpwN!~f0<<^~>j8gEOoZQTU9`;x>9nJn?po zd_ze2){V!35DdZtolg`Uyb3|1k8m&G_bMAOJKX%L2*hI)I7zHt*4^U)5EP$=!S_F7 z69d(Yy*q)3rg-iCy&q`$Z`pC73Ptp`hf|`MqI{+>1b8vEd+s6tC>Ytg;|vzpvfDrg zm`)F9{6duw4}r!D*)3OpUcUBX&Ohtf^a#sb%*<|+62T;1Itd{#!FJ+12&NK z-0bz%@*7rX86wu7o66lCxw$PEQt#C>4VwS+aDOt*xQ@oTHa;Y%EYfA={C#1hNNH`un99!QZzD;EaPzb|3o}$wIAnNm&ESs?O<-CSSU-?Q`J4aLOVifyJ z?jmJWmai5lV4`&0BylMZK$pQ$+^(R8zS|$cBhhLpBX!(45Zt3vZ zVtHI2Rv$UeLmt@#Y5w_LNYlV^+RZIL(7{gVZdTxSW)2(6>7fTA7Xrj9OH=S9Jemi| z0Qi{U&K2acZXYg26l$2+*hyeo8VO^m1CqmT|8$|lG<#bk#$~}`=LFZw^tJNw@${TO z9_vb5B*=-5E!H#9Ymj-PX%ASXA*sD(eiP5f+cuZ~R?PLfX}vR|m_3uc$B6i|-Y#+C zSgnqYnb(fNrhUbQvyGpPkW&Rcjl!g4u(){!-n3+9=ZDju6MEnb1$!y@f-?=Axy%OR z+Ds2%?LJmdXR^>Ok=cZJ!J~ubiPDO9oO4Qw)wo%At2R^lX18iC8jH57x#4Bk@OL?w z^&YAB2kyWJCZt9yz7l35d_feiOR67s0F`xtVRfX+l4M)J;eh$wbTn7`~4vGL9>J5 z^t58ql~gI`Jk^Sut(+XmC7yk(~3*LsLbzA_#UC^Tk&Jdz}qF2 zv`1}-h!`qijl}hb;IlKL^I(8CyB?NiTHiZW2pY*RcB+3Y1i`}ZZo59ecgB*swI}#5E&z{se!{kbzY9E4?x{UB*>Ev}{z(V-*mzbB6KGLK4e=O=Y?sS~@4 zq{{aa+|oa9p@JrqOlUuXO_K@5Cy*p30-khk9icQBS}%1x`VzrCB-@0xTb7zko1u!Er$1j=`cSmunGs+TG~#KX zL+E_W;93MUZcw8O#AF@=1@3Z7Q}9o}zq|}X*eQahAi&Ng`v5`TJ$D_^MVf%V@fy$o zD^gC4i$DRXPy_KBUZTC@2Y`Z52mF6Wqlij2HBN<9@?&ORDVI?PuoOH2fYkz2b&@|T6Q#;$53 zYk6o}Yyw6?p;fwwsth>wuh~ajNRr`b@P&daYVo7<`c#R4hP6}lIwajAek%ZNJt98= z@q<~n4|)+*g=9oMGWMHazfLgC*_r+K9>0(ZpZu*b0Iy17k;+1SM$h@F-{T@|4^wj% zl37ceq%{)cJIiL~)JP*SsL9|~5R6wX`*M<0(;K{fn@IE1uXd7O=+D=ii@VzM`tG(( zyF@x4le3T88oWHk)aHh1<;+t(>>13(R+2B>?2BH1zs{<@MfLm7w@fm%`V#AD=S0IC z_JwFn+pN*J=QYJ*#o|R%0qZI`SsP22me^lfo-;ne?DE82k+erc>yL^+CY)tydvF8Y z+CzS(f5#Y?4k`~eiq{{>T?_I~NEO1B#aAkhGR07AJwqJlTtNUzQLC53Dk)VNR%Z*v zXMu1yKtaAq>+oS{Yo=)WXQn=dd;~ZKnu(X4&1{n@tf5iJJvKKxPg84oF%-d_@ZHh8 zmLaBi#h#>=t4%sb&n_vXcBPA33FT`{^@oO&J<;j`J*uQ){ZPi4yqn8o$W|6RkS0 z`+@@f38%hP4nu@-e47M@0iT?_xA>__bvTovHfR0ZbKMa8>whc|xD1d` z9O8D2-Y$*F5mI)ag!KB|r zB;zTdwcn&6INr-x5T^+M1)X8KTAUZ;gAAXy{P$w$@~di=Z3+#sXUa*g@H9k%qcP|P zq%rV^svH78n?4(79vAk$X$(0_mTamJyXl^>eJ}UY=OzkG4DHFQrwBY#F_RB_%loIs zbi7%U;4m8*m=)bz1Ma60geAv7X&S(5Bw}BA2@uqYozeyZsuiV08QhgDtXhDe)eYhK z)<(;0BtS!JPX~8}Vm!b~9SSCC%h+^tjOPf3S*in4UuN&qiyIy3m+Nvk-X;H7bVsdY z#1TUZERS4m6_o2#O9<4Nlr^lfpPHW+38d9qYIHslqlqKzZ9H1ry{r$F5g-~kATu(g zt?HAF!|`DRUl|2*HJHH8?>=UPsSjXxDJwQBRJ#u}emPjccTz}OwdD^U$2jUtO7vFz z6;^wHD2|Maj4z-+kUmwJ&%Q{hk4zU@3S`qKcgK2D%_W2i_FWT=K#HE~|JtDA`Ml@m ztQL1}Q=>cPoP#p(>Dpm=_h7kku+ILo&LxLGA9oN&b)e9oXj_X?NhvofV47&T|jJd&(EWOo~O{|tv^zu0A|GvRL z-Z@!a>7My}_q6!7(f;!8D)k+TL4q72^E_0OcpWqi!1-Cfjj6PGTe)PMFeWJJV*qLN zX*tI_9c7!FZ|%ChpX2#Rs@wV2#`ODKJg-8eGCjM=HO!rTqH!_uRcWcLptOaHp?8`z zNG}GQa7o8RI`F1cXk%N31TYx1mG;Z5b>Y(UEP_HcTVaJH@HI)5!-|fxrmw2d-X8_0 z<@|OMupCOz?H;2{bRBtCvw^()>G`Cwe1Mw1f&!S&aFRpoQ8&-C}g{{ljO{p54FAwIu}F%fNm>+CYi9v zA434j7w~a+u<&T%00$id)35dJr zuP5Hhpg#^|H2JZ^fKqdQB$D2s(&^x@`TXiFPbCR~ZhrC+kRRiiaS8aF(_E~h5OJvY zj|AI478~ybDAU#PkH=yiod-Nl%)`WaUlDK2;`wfdc5H2>Ly_W}+!ac21r@N0h zE>(VtuEIo0np@&nk9_qCR_PdOz{nn@rFdfaeC#)e-g|-l)S*6@SThjWQDbSX^OrSMT?REa=ZfUtNy49QYrs%i^Co#R zNR#*itZ57nYi5<0reXIysZnN=+OD=fU#bP*&Q6Rd=Oq4yw+m3%8DXMN3Nvf@kewg& zYne)kzS!2{)<|$uQ~jF}srsRNEP;MbTr+B-2s;^}{s)$N=5JyRFUCR{q2WnejWiUi zrq*7M_G3(51-z!N&>x;lO`|8D@hLk`{8DCX)E6uDZ zkr7_u$ef>a{f$ranh*JUrv?PAOFY>7V%}cc+i!~YQG-UCJco9x7yc;%6*L?P859Ly zo!sEeiU+>p5BG8S^tG!_xBZpmCMq32J(G2@TKhS*t8G33DTcP-@GPf!Nt$Km$NfUs z8>GC~c&rEYKMl2BS~y*NBXdl%-%vtPlt~M@%om@3me{xm^m|x(n)x{_8E{(Gu*9)Q zuq#Sn(dg4R>qQ4{IM5}F$C=Zl!J!cd=-JeH6Yo$FJ}0lpQBq zbIIo}N<{ly!Zo-5SOn6|VaC(rF5p=Z&b^9VU;%wRU?;Ri`$pE$gz~rq%W6tw{9{`h z$xDx}ykr&=4p9vWcoS8&U0rh=EyDNg=kze*4kiqyn%#w`B8T1T z*ScKImTU<$IH!fV2HMt~(j&}Pg*L;oO$^^~O@613mOYsK>DsjHgn1hO3KIVEBo!?| zQ#jj?4sb+xC%;eMUoy4H3bXR^wYBlKfwZ?SUrx3cyDJwePHkPy90ScFcl^Gd96Ehz z3~zh8d#$cchJlXg@Beb3YuhxEd2}k}WaKN=9T;2HtKzc|0mUEjp3m>JxKvv=>`gGi zwdRQ^og!~9G5%V(ZUBM@x`s7DM)U(ta+m{3hhf7Id9*=4H=nA<8d8fg#6nKKDzvK2 zVTuJ=${zYE^U)8r&ouc=@ZL?X35SnZq*pUuNy1r?AKw2V)%#0+i05%JAW;YHkfLa2E zTgyVPLZ4iEX+N@QWFwPl6=HtU_4S#et}R30#g{qLzjt_m%HRFHxhwB)qgf01Y*1bG zbH}FRHrLP6J9W04|JBp@%0FFX5y-3K(M*)mINGf`qFS{ZPoiG#5`BI5 zc_KQskF~p`OiSrENF;O^W0)axuhXij<4i%+?U%EZzen5af*viD=El+Rka4lJwOd6+ zC?#Ry=J0^)&AxiFn7ns}60XfvIoh~G<;EA37Z;ZohPrOyV2(~DWIHr<$5yM`uU{Vg zekLGv(tq~K7e%q;o-eu_iByMBXn$?s=A608ICmkK-T7da=ps6_^IlpDI0F)zLr$}D zH}jp6weL{?qT&w9hmOKJDy#q72gi=voQ~@}OZ-%|pMjizFTBJp>NbYfYUAECpVg8T zm6H0!=hHC>QQSvjr81Jri^qvLYW1u*Wxu2{f3FDx4E$bq?ew?0d$pV1Yv;G+b*d`! z0vJi_>#c*aTp%j;;mI2Y1Tr!s--Ej~3j&+jn@N4j{YiVSa5)%2+_I)M(kKt-_UQM+ ziOKt$^~}I~zQB`j$GvB!E}LH7&fC$<)4k7LewXuns>Z#4ww6>~y11&0xe7>5lF$|k z8(nt#Eb@BaJ-B+i@F9y~>r19;6}GNCv>{7K;!jy4PI+MVgn2b4bGrZS7lTfgq{yV1 zg->xqa;Ui^KPXA_%u2>#O(X>o*wg*f1#c4@`kX)k4o!DzIgpECSyXu;%R9+T%YpJe zHw*|0mOTlYBauc@{yZ<0ObwT@QsdO4ok;urD`nAfF{*ePk2b?c-%g|Fnmy*@2Pi`~ zhs6=U$!YR`<4R_>zCWcUR>&%2qvFNBf4)Kp zrFMQObJ@oIi%J=E)vBmS7ZT5vUJW=s{Pyk7w(M4OG-z`Wf`?hGHK)_OaX);xpr=C`$SQ?^EX<_j#i4T>B$J;t<22OrtX36 z>m~_EaCFcW7$?L3?zrk?l{?!-^>I$Odeof`sb!Varl$I_ZPT%0ry;TVU7l@`|_M;hX9`-O1s>M2p$^>%_K^hY&o1{ z2eg${X-V@|8C(oZ%XG5Q2WB#Z1aQt<`kc({P!JqnLUn|9t=w)In(RNrW(d|O4ChJ7 zqa{!K$tJfd$DuN9>`L(YDxxiV5QD0ZNHUdZMfx{B?uF=yPraCA~0oxK(^maKUU?xOnsoeUX{C*P} z-+O7$@a@u@;%FN~W&|;g@`RhtIDD8(fBqtGfQ`rQolLxDT$$Q)3uz`~NHYg9=u=UH z_p-Loh!OlKCsI5qt0+!9Vss6o_TOzVzYkp z`nw7`oCq`G!(X55ubT{9qIROdbk)iSGcRY-+Z@;b?hpg^H_~5jGO$U)2HL7#cXyjB zad-SZR2MdKPMAj-?rGq-=;m+sds1|8x*o1E3x zv=!69>UR#`ITUBg$`rW6K@prKBV_A@mg1o`JrdzaP#{O4oKnKgJ9_Juq2+IAvXg`8 zK1%M|wzQ0EU}@AejVNww+QYl4F0p)CF2>s~z}x|GIZ)@SOgJD>c=c!!&ue@cRT4Y%otXmp5Bq<*K&kCrjCHNs&nQO0kWw`t zB1MPmKgS^UOY2Ue@iE|))2P@RyZn*y`;lB#ihAgQ%w2e~lOthts-q1y}|oVlH?AcWFbTg6XNx5ZU@T zv-8wYs^SPMDLG;tOj<^LQVX@m3~4KF4uP^21PPykyWQwVhxh9BnLgcxrxGj!H$y~$ zJ39JlHBLN*4K?EAns>N}2#1U%p>K!x!f-U+Oah`{vO&Q&|5&8eoKI;_GVe_Q5fGL= zFKW)aLbCmSC|jXYMnK-bYE<@9bzZF?Lxl=}+6`KFq}GrfszIxA$M2SERTBSB-S_$h z*@UFEf9F}%nPdv(0E>rt)jPYgva~um)V4OqkVz+)+x9hEB7tMTXcNJ^?~hit!@}}= z%K#lyK39`kbyZbWP>kRatko`OTMGg}!`Mrz3$Dfv7DD0!DTx=|jBXUkSZAshahYbu z5ytIlS!QO{`;pKL={Syp(5yB=c}SLJBDDuk=bQ9Iw9?n|K2sbe!1xc2+9H~Jy2^mb zyW&GgGh*oo{l`OGIgWB3;UxM<>Xh<^?5s4CWq%A8@vp-3)h|;q~Gz~1{YeW`GKKu@tKTf%RdPRS73&?JoBSxs19fvX_d>0SJ%qtvj!&6v zZAqE}p*IST7bBRp#StLn1>X8y(aQ&Eq#5Z>v^8g=T$Yny^NB)NGVq8RpYuz1b?k;V zA+emwC^1wvfuj{}#sN;Q<+*e8@^9nR-kv!@Nb>3;kCdQ#q>5Gk7!DWz)nT7B6qTaJ zkU8NJX*D|)?huz5Fr$_U>+Cxkr^*GL0_9p<%*;ggEgHX0gP?ttVu&-|yHtl2Kbknju20@KYOmYAkfEK%; zbx!|;?2X0ueEo2JGy(S`GA`Kb1amCVdfSDucC(yQe)YHBZk){vdvBY*?Kn||W8wzfwR5B(ZI zz&pIyek46fQpUaryVDzSgg7}19K|9n`zqy%nDZ7i$FoO8fL2dN ziZqYFk~&7g!1p-2Wl(V8FRBK91F+C_5%rmgspOPpX`CL=1PJLxOpp^;fl?_Y9`Ze> zJoDQ5Yiv?x5DPffCZnryFo2yvwL!FH8Z|)A^iXQgl%?>gS}um^2#e9zxVY95+;&34 zn5D1ow40iBWt2s`GA%i^Q;U{v@sS8D2&R+>2N)+H(ojqsLKx@Dw^_e?mmML$@$?9+ zlR;FJx*P-0LJDq85+m5wdeu~0z@d6ME*J}9N*3z+GXTg*0{Y|=`utB9vD2fhAmhI_^@iGNmZ>x4GrHbX;=4e3UeO@ABRnyce z7+K%{_$QGTpAJ`0`5e|1UTz)AkF^9)sD$Cd;q;PFB^ZaC*!z&k>_JIm-LWKC0wk11 z5e0^o!d2e%3K+G6Px4|X6NSMz$8@w=$l9xC&)#iw-<|c;R{3_{1kjy(Qj!R8LV0G% z?2bl%N3jK7Y|o25?|Z0@eZ?lRa6EfPp8-)tp;Z>Mth73)k^x|jA){RXSXfj~A%x(F z#MV#5}qrJxL-e(ZC zV|Z>J2MtcC(3zTIIJf`thR`!^DlOeNL!Uf%q0CAI+pt3TPjF=K*NH)y*Na+O?-fEBGM=1wP7?z`ek_ToBC^qeJ@=YB~rO>FH znfv`rRRmeB3Qi@c%Eq$1La$t^*1!IGwcRZsqbyYh$5mLjdYC&*bBPB@J-kFNJZ~4> zmlzE2K!PpH1zRQtiK;J|#CG%jE&iGD6%DZ&j8R5M;+6?WT3}pBpFPd}Z#SMZ%WevT zJOdXELrE+$4q?=KHi(IYnW`MB`+FW;O=GVg5X)&o5Mpx17I<)1QQuqNB;x84&$F7$ zV~Iw>KQ@AAL2M2uCXVw=my+DQ=WsuRjt>PZy*{%)wr}@nczULMzBcUtJ3f6h*R_q1 z3=b!sB<4gJ0B7g%@SUkM?`s!(GqTEy^QTgHp3;Hm#+$cv(eEnA!UcbxZ9dSW=7NtkkDJu=w{!w5iI^)3Qn6V z6chv`krrm0l-5Ar)mGqAjpQ+=irDBG4W?BghNDLh!sZ9k(keY)^yZB|d-qQlg~%2I zas-GA9roS=x$`;Yb^MZR-ZNzDFd1DQvL&64&7yNjN?Tt17SG<#&Hx=OppCIHS3$wDZ!Rc+y+pqCBu}*01Nwt#g4_ ztqX_CQO7WJ_7&Ht7$20Rf0VJ}ZPuDwPRjbNpHVl2T}Z6hsD_i=NT)iKNg$$TCtpf| z!7{_t9!zaFqpy~lt9e6eL;C7t8AkNBJ1dQpe8Q*0*-=M00jpL9Ih_k3k#^R9UR?x2 zLpm-;;6$`Wc6F7IbQDzVhB%5G)hb0ay)0bdW6tTJWAWXJ}GWjkfGu*-{7sdfU5e^EuO<2*KC=y`u8B70k zA-~)shY<%8-L08ewqOkkHo6AtIcLjx<^XVkT;IXCK(m3Z3VSU?q(R*A(r`P$ovc>f z4~|+86$4kTC$wO-Rj!Y#=34jcU<{Zt661#&?uXFMdNavXb@s(-5(Gd3UR0m1qlJU* zDt~Beh;8!3LXWf8>*oB?8GQmX-Oj+T`j*7PxV3Y9p4x_-Qey7{C@p@7Ld|y{h!5C* znW1sWSY%D0?Bahi?}Ux$y6imNvHcb+c>I)TEUAg+FIp=LucC)P(fgnaP=wvoO>A|nudLVG$Mf- zr-^$8%&QMz{fY*^J_2tMFI!Dj**OG)>zV^%@{tZsSS~FtMiV4ZO^2?3RA^RNqA8?{ zsnZ>8{;q70p)gf0O2&gp+bQT{ow5|v!u(y|N9wFp1Bj>7?A0)@^p>-&G>k?cWGBa# z^FTi^kfNCm5|`AJH_m+Ira6!P@#%9JUUTsrc!1`us7G3y1iy?E7#|@bSlBj#!2If4 z`hR!JK8)btmM_(|wF2TlUw&STiaP$D%^F_$T6^~w2il^d(;~s3FKylc02%HA`#ltk zGaS;8Xf{zfPKF&SQRCnM3i-_4^8WZNG3e~z?|ngFJ^(GbL`*nKcU5l_tf8Q^&{XBt zg0HRMp6j<~890!0ucviD&!)lL_9XH%JVp&|oxynyOD{mPORD zz?G8PB6j&ZeZ35F$$j!{CA3)hy^vq`ZB^4`ndiaS%5(3q{;jn(n+GEfE=0frG-4o$ z|H|&`KV5*J<{6+cc5f%X>fEBMNHa7DTzn0CY;OV8A)kX#mLyV7n?IM2BeJSaGL8qc zsONWnJO7_g<6@74icdm9(;c?Qc8CtK02C^@y{vM0axn}SF9fo%9aSy%JC!ZqhWhBw1k>ytaDWg=w9Vh@iPCV-l4HF=sva_XB5my|ka5-PBNOA)S zTdtDzzquB*594wzG9b9}NK#)84JoDTArVW30ac|_*mi`!w$^;w=1nED1W*p+y)T7$ zpWOzVyy2t`k(dqSnWuWe(0Pt|0DSQi!&#tF?|j=CSE8G1>8V1Zc8G zRDu?iT}3_66A4$z%u)hy)lT_mLiU62cXH8i1VOlM98fzSzh~7^onhnLT0wnTqzw zZUKD)f^)25IV`hlYV+ib+iV)Ca6pq^1CmL=*I~Bao7Ly~pxc$B9nsjoe{g!WI%P0{ z+J3PtLKxKlbU}@hfmccM#&tsqD&dcD=X#o--1*wW88px-+tk2LFbsq-g`}?ye;$?1 z?9Tb1aH^3-Ro;gw?+?)YP33{AJvkGHz^sG>LCG>e)MaI>+vZpDD@?paT=$ZqakFfC zq6nsU;T4$FlHi6_wwvupajpe4J;rm^Rrrs%b)G!TM^O`+$4`drtG^oMS5giqMu4(< zpWO%S<=c51A%vyehkqa5i`uylz*5)C^Bi8l52bu8x)N|l&f~Trhcp_|X2T=~jVb5f?O!cECmQV3eM6~&q z>vGLhe+YlOc$_7YdwRX~%zZ}(LxS`w5aH#m6-MH ztRmTi^BUxnuovDbY_QW*VTURRs+Uy8=m6}h^Kge(K%l$G%A-=25u|ZM;Mh=|@KB8p z6c9R-=idg7d0Eo1!dGB-nWoLIsHhhINk|?1IzgJrKB%fxn%Mn@$oATZT;kyrSzP0f za22jvUIf)zCWh`mT^u9eD=fdlp9u`=7wpoy6L~ZBj4vl$h-6r}FkkbY-VOnG@pQg9 z&sctD{f&qLONmw5_{RZlilRK~V(+xyuV=tBfqr-2{dZiuAz8D$n_kypIAoG!kD_A( z5IEdpRp7whhFM~IKnc+5IoC0zr}!Ev%OYHFp7E=W-bLVViz^W^pZ9HN{z!%=+C}Tw z2*DgAhcIQf!FSvlMErcCZkCkjoutlEL@(tzrFddl3|>g8o}B&~j>6lWTo4bDv22=#8vnPdj`eNe9NgMVF2QxuQuW!kgBa*Tv5zIVId4Y zyx`JqyypJ0j)sM2vD>z)*1e7OY&!94aQ@f>m)Mum0*QUbP%2@;ch@Cx{^z~*ssV2H zybTl&`;p>p_w&TKOW%2C1&$XHs?hE85neU~wh&L9CE$vsE_`s~b3gtz@F>2!0@u-a zldd3es^jcu{?ptFoEq!=4kZ|*d>ztRpKAbXyYSk41O+1-9TEFG4ts6m;gV#tFdB|O zEHY;#&|@@s-Kn0x5Ey>*mm({O&!O6{5sF?}Ri*0|Ri7PKed~%dB z;D7-s#Sflp`z~`lw$Omk2blnSkd#izoGMn>#hP2IuUD{=_0g>^>8i}k~o2d_iLkv_BJ9Ap!`MQHunj7Ec-L@i`!xYSVsLaJKeqf@T$@NgCoR@e2!SK>MELlF z)`7+awo=N3+{evz=(RLYQt<1gAu7|!#{HQe9E$IzHl};g=tn7ArgaR&Q7TLZYFZal z7%n3n4G56gN~DABbE!CrIl^gXd50B5Gth9=iPhjE+Fm;9ORZAv@=pqnUP~BU`kM1O zeGV3Jx8(^CG!G<#WV7oTQUal0h=mp>HIh)q%oVx842q!J9>27QM%VkNrr*}bz z?>k>F-s-CDBfJO!8HZX4DpkaF_kS#AAR}JaqB**|9p3kU^tpBgM8t$P1U`%L8`ZYw zI<@!j0@QY222-orJhC@tre-IvrLH#Xc7=NU-?=V$oAvH^^ zShjt3v&2=`HASF9sr?`vHMEant?wG-+Ra;C zkhGW%`83C+)Uir8@QaWD3Y%g+^HBl+Sg^DWn1f0yGR++&I559gQ-7UL%I(MFMX>W}O~B$=C3t(2*tQ=bigMYDlL6IK=0jK$EMh>)k(w1-~EpT>k#~dsmUmI!7dA zij4@v#Rb37Ot7|R7#vdDzXuP2d`gKXhl_rY^V0@lzhPfzn-oyg)0U>a&DH==Q7>i= zeKja9LhmacVS0mqn!Nl~E|1NjG8iCI;4|} zW6JmQPvgA-2nzMq<}T)7Nm1X`{G5;jGeRT?P;@0Ijxk6Vww;1LXy_2thXX0*xP6%0 z_Pb|$yFq8s-6tiby^SQ+VvLG~qq>Ur{&{M!+_>NKN*xOl?YdzQ2ROOi_N3blyr`9% z^P`Mld)tR)o1m)lC>jo`^&H;o4g|Q1UR!g41zwv)<4{nD@r%+OfZzf$(MliA0Fkip zfflE3AJ-kP**{-~c;skVvbIcUWsWWVGJE#_v8bl?toa%@8Z#rAv&Kl&vrtz$WB_0? zhf`2c$|j)yf}#TFO(l}#w$&71OTPiOABivxV(n2UzVb>IA3A=rgB~yI%!qIiD8_El zF{_-@2}A;baQY+FlTlhy24x()>}0tD&vy@*74sq6`^{6|ML!gxX@3ozbZ7(~`bJi`OzHNGGhX44r>pu`b>E5-2Qb{$zty}&*+jq)5C1Od z1P;Qt1s9{Ga(Ehtu_x=hY-GNDNZ?%xX`y~;a?zF9&w3!lE&BXcP{xX#?sI{araRl0 zAzST`;3Pofh?!r5(9>7ho!dd2-goa>JY2C?4$1zp;1?3>eI8}|bE>&kV0`)Q_vO{| z&pW0yqUJFGORj*vuJ&Dd?dth0ap;I`{&qHtCe179Jz}toMJ-JXN6+2YKRACz63I>a zn@)MBoS-lC(^^c}!|OOLM4RA5-Eq-(mSTXKMW4A7&3uu|UetC#kO4UW zg_$3q$#WfFAN16EwMBZt4zM$eIo4t0Z%$~j6z2eRFa&ghuzVqs);p7Od zw!S#-aoE3E@2cDS^ac1{zqSpU48Z=>Q+MxuKge6Z{rhsPIe)Xr#n@O|8J}b|mlXr5 z4>>lj0zP|Bq#buYxL{#hv`l}*_M!Lz(qmLn6C~cTqWq+n`0Xlh_4qPgrDCl#$ zJw81xXl!Idu@^DZfAy;g>;Ob^9K$YAb`G=`a38kztXF#wmC z=E$Z>0?jT8Wfax;)B23!UNmP6(noyxrg|eYNjedik>+{ zyW#?zz?iZ9q*$lq5Pr{mDM=?%lq8*Xm|w83koh0*31S9e!8Y5+9b!DsOsZg-RCn%M zb0oQtq~bw<0yo0S9VhLr90etbQ${h%okWuq_=Nx1TS{SYPyLR7es1#D(f0=;c_C0U zdkj_p4uE;z@oqIgx8P~Z1*lJ*il|c9tLCOv{-}1gIQg<5x=XaFoFE9^G?&wJPoT~u zg+KsN4aOJT$M|ADllyP^g3hwNjRZw|*IIK^qkgZ{|JL6{UF%>{-RcPP|C#yL?}3W) z5rB)^#KqgNtUc@zy@NQeuT8=|L7yCkB>7S&UnMB#e=t{Z!&Uc>MeY6b^}X2B2co%l zCX4*$F~OH^pVWuD6W;oOTEAcJ9;e#{&rd-fE}g#%{;mZ*m(>SO&%HKvvP2JQt$lAG z6c@QHRxVfj(~KkgyMwA@ev5TF^SR_FD*@agVSatA+sBo3gwZ&9?Wv^4uGnBNxI$fq zqZ=(r!3fH}a5#$TK5uA`C7pxke$wpyXwzdX<1jO}6&eVbB=?toG?YQ9P_!(W7r~y% zC!IM9jRh~1Mrv&CEML)2_9-^3d1atA{t83N$cVab3HYMt25Mw`moX(Rnxr}02Ddu+4@olY*{YRUih_~;vsB3^a` zI9&7+#lthysIAG-In5B%PvpxbPgVHqx@KydofX%8p-}bYG|t`eo?l#) zrodEe+lfXr8G>YZ*N`+If@GR^kr^6z&EalpTIc8q*Q#iED^nM$iht*YO92|=!6q%7 ziY4&~$I-MxD2^;dRtpEQ0K@B`e~T#nuh{;S%=i68RNd|WyRG~7`S!VFczZj)KIl$$ zwK~0?;ms@0_Sh(wzD} z^8`B*TfWu~?~#+x0TAhlovoNw0nxA#NX0Q5`tw8{M$)Uswo4vX-ej^F3mJT4%ido< z`*D}su1fKtCSjiMERU?>HM*({CpJx zbFk|)a&BWuzA&KG%r7Y5(>B&O$gj_*vWaV6CDqg?BDvh^54s;jC&tefLK7l%`p1HD z;XklEV%Y8!pa9c-u@xBTS1RIhB4 z`E;A)^&Z7>*!RkIy`A$t;{SL$>$j-8CX6q=Ah95^AYCHT4FXGd!xECx-QAK)gVIPN zogyF&(k)%m64Jdi@4i3y>_4#A^||JJ&zzaL@3A_dK}DC(RAQ{;)Q9E0ZS<$xUXD2r zQYz8v&i=3GLqHaY1?Y}1^K!O8h1G*^vzgvj{uW}UB;c8u9*`;ys_ z-Y8NqH8_YBd?V=Z0K$-)U8E_srD(s;nK!9&&Le?(!QUdH2TKN|3p(KGvtmhZAd@QU zk-7#A3Z2W)WNg$^!wk=wloC z1ujT*bQ(CiRuG9fZ;K&GPYDU_G+3WN(a;Cm0$bmjazpXtUb0F~R2cczFPz8y>sB2C0_e4z6s+71JR{l%U9ylH$b)L-$+3$X6LYS8N9e)L!I#2-FApWCt&dHv_%Pj`E(*U75i={i#IA)D9G#`=B7 zi8xEXywG4IFc=E0nX}t9+pgqf6w!o2!N1@%G9NzP`fmjA-=v=paF^kLH|EaTF^IDFX=ZD%u{{_l+5>{-fd z_q9e2Q9#Uq)7g&6kN;Rm?q#*)f6pzZQW;laGwd{&Fj#I1v$T%1RUd<=NhZLlzVMFO zFW7%3cO9>hokaZ}^Nn*7WeAonuno1JDU74-Ldcwe;g#RBBKsExsVC_aBgmi>lGPCd z?pq6So9_tx->e{iRtCV5&led*)MR=2Hunc1sG5Dr!;1?#xV4Fugn)@BR@!(nEA8Hf z{@CNivScJv1yX7S2X6v>(yMr19r4eaNz~~EyUC{If5jv?A{M{}U*t31M-;igZQ$hk zz{2=B)pWpzg`r92a27y{jb*Ct25bga|000i?e^vdX|;V9C-C> z_^mA)i&Y>0yzaP8Njq5)4BUR_G?TKtsHYV{ONvGx=}RN$&IHRhtuOzFZ`U z#Kg=eFtu0@x!wZC#3;FD0nt@xjRC{Y)qB&==v4Tn)mbeWkxa;ls!B&wYv=Dp5r~Le z@%wQvR$2`7h^2*Qx4CqtUyiM_<q<<{(e@GCBnm31jvSepLWin5cHa+e6^+sfXb~GbW z0+V?!B8l#@hbfk0cnjQ;+#B^N_RrrrXdVdx6diM6I#h)(Y83gaIr4c$VX(>Q_@w*e zgM-rFU9kN*eV5klFze0S*SJsz*kQus0p69*v%> zUJgc18qAW%$_!a!$;v3enVg{z*+|rkey=e|yC&|Gry@Zo!jv=&M)d@7ls>>WTMLAE+mb-&jPXd4Owl6gN>mYUadu zqQ3JcA!sA$mg;%&Y;hlP&*uc}-*tC)f3snsmey;r)YkDhDmWe5e`wPWI2;JtGt0gC zsNHxl#_T%Epi*YbtT6AnaD6pSIpcQPeV6!(XEr|ZWF??o$jABbkk`}e=i7;=nUbIz zc*iM8?)}3_=k<mqKE zKLtWoDS+z;Kj>XI&MzYo+e4(uHOGqY7OXUd4 zzA*{V#^;FTNlH#0ldN}XY3Y~!M!BPK?0;`|il5DGF3&sJ@0zl!b`V)AV_5xaq{DnP z3@;RX7{Fgc?#5#dP6z3kE_;NbgW_C%a!!7&cFK0+L^Ve(7+m0q0Y^5z@=x6QT>skf zHwb+#a=4}VTU^|``W+Lmj(0Uf>z=?QeQF+SkoUXG5TN;iZ^!S&nyltJB5rL*bkn8- zTrp423Ww!7F&GQLs>Et88nMa zg8EDcG%(~-B~|)tW3?t`i+D%}UO?+u1rUEql&@6(oL-M@_W6_GCk3x@gvFeoN|!r% z^oHjLoZTDS$%(|e4mFMdj9+mg`BG%=QGcIfeC1OS4wv!3#6~Mx`k&-joO84$*qleC z_;k^_)H;;L8h1_Rt>#<{w_l6PX}7fT2~Z`i0nEs!%RXZhofk{5pZ5m>*9#GDj*1gH z7-<01_0^#xM1A@;?rM=W492qzX_IIadMC14sTy*UWWc>#Q!bNkg?qf})12Xz``8M( z($BqL!N5zviRQHw&CPe-`a&Ho*#zOn&21Ly9ew-ndvO-;)$yFIliTdMn%(%w*PrMq z%r7N}jvA2IXG-()X#clIl{{KM7=SrAhU?@4P?acY<85_qLQ?>n?iI`jCB|E%`cG@P=a1SS#H%L&VUL`P;2m?_^;Xt1eNG zdY}}kZylBl0~fw(dilpTz9|uz5i~|TaRsG3IbVE(0L+%)*MQG8TrY-6=9n+Y@1|u@ z4X^bYlol~QF=!_74#sW_YpSAR9ULukU6Qq`zMvy>zjT^ju{LfWSQZ z^XdpCW63AUEcyDW)v$BAq@wzD0a&77y8`NrO!e(AoB97(+=k@IAe?LI?UsCygwXG9m&pqy!Bt?iCLP3S&h&B6!8AL;;c)h{CG2fEa1*m0}>oH5YD&?Si9%pRbs1a)zx|Fi?l<{rIew8gC!25f#YQ-v&Yp!xW#+74$YHqXSI+!lOZ# zQmD$1LapW5q-s_?Qz-kGn=7YpV4Y**3ud9sUFG&@%VjxM{Kw*l03i^WQS$Kz57uzP zTgg}7&KMLzPKs}AOye&lR#F+#ydi_$D5rWWHd7YoZ!917UEMotv*{;N?$UBr$< zH!%I0oHtRNnvhOCg19T_G+^SP&W<^Fi_j5U!) zrdD~y<3s!VfnPW)#J~715D(JAy?Y<&wYy=G=gWjAYPqW@)u$>%f@1twHSu_7+tA{+ zd;L{Ww*QCn+L6JM-|oE;Q22Mt)m=xnVc?w!_ZN6a47n*b0bK!*RDv5DB~S7jPcEL9 z<65hmSDk^Dhe#GLlsvDxYxX`37cMC*0)YhG%pI%aIXZc+i&=pFvG{xH^!#8IwEsHj zrYUGwHE?_FX{X7kHS~|c3hEa*1HMZQ-?YtJrg@961_p6`_*j{8d7mMR1^L!Q89DLW zR76-z+vc~L50oWpdX&?-5@(E$g)*F3>6pW1#d!JW7-V}toGsKMA`^mAd6${An-{pk zTVrYH-eFv<^z`}qDWs-4ZXiYiOzi9q${i4^p`QHt{ANV`-Oo#Nbg}}K?fcxe$*FHZ zm5SS2_OWQF@rQyQn%4kAGlkM`%Z@!D7%lg_$Lv)oRU0Q`KL>WtH_t9t&qmr6b_mH>?{JYnCYl zVCnBe{ry`;Diw;GnABb!fOK&tc&0UqwP?f`T`HAMUWA4hxMAHHO2tShi9v|*Q}W!2 zhQ8DIy=Txlh86WACuR^G;I^0Lk{xLC_hmBmzHJ@@_l5##1Qg5kL*U{XW^R@cR4NH^ zA3%(?e{h%01s_V@?0DgNp{>Z5w#0a?>o0Mbt%>b=f?CCF)J*+~E_BKAQoUao<8{eF zHdr%E!3D_TR6uU+w7hY1EDd{PTDg-xO^uhIkPkp8yKv?v*C8Qhe{m6v#kK`j zQbN~?A`q_)(@y_+J@nS^#OKT~_vtd>p|>Qc>yQ%p3*a}J$(p083S~}?u)PkRO2SFC z3e{!6J7a_LeZvFG{$GWDcy}EY<+t749%iM>U;OX4=SAT)fwz0kCsQvcE}#AsQa%4V zns@5BOEWgEnxjFTURbfipn8~u>%6#Yn0Vg*i#SA%&)ZM4i!mnw&m8VFs6%KMi9#gy ze9O0{s;H9#?QiEBm-%Fz8{^f-$H(KoZjZBR5d~`zMLQqPM*v0vwMGVl52I`M38EL= zxesG&H`774osat?H62k}diwZ3LCD*48fc`NMbr!~=UaPtf(b@~A2%UjN6g)SEOxRb z&yW|0&BU?ZXhJr^F`Kjnv2d*ExvY(`Fvq_JHN zCXJfQs*=KG3!?#P4CjjXf)TmVm_H*j4Qe#KJ!0K>JI3;rFWeAe7V6<`@luPU=^u+U z?4GW&@ZVvqqKv45iMsSk6<-PFqRB2YoGNgT)a70Uz19i&B*#noHE*W(ZDBrDcT-GNCm#W$hYC`LrwHALtA1it3 zyJ)Oh=mf0*z&Lr>Pf?l38);90>m;zbGhQ3HJ?KrBvEa~jlaEp`? zG#PJHBjb%QQ7|x_At~J|;;xSNr$zr+hAu#=N2Ve-fQ3wleK;ZL_zP~ej0o2 zl_5n$)?>%si4Ck6i$-}^mko4=+Xg(ZvTlquRJ6wU1YBI{fw>mUx;!=RU_1Xp4#APa{r9vk0hs0NCwhF9acHs1KX{yo9r#X=`4MsGVxiCez$w)h(^=d+)-1y+2x1& zMUFFnufW}_R)cO+nS3gVQ_jor*;TxhDvguoWEKeaDs|N9dH^AM44|0m!PLlaf;yDu z8f8N91_0c-Of3?Fq~TQxbYEUhh9R5m}a zUz?t+FKI?P1@2-?Myy1Ub;?1-@BhSVX-KonrqqjzkqwWAq#4k{NNV`DF~XZFXfz~B z9#EJ6#l;8TJWIB%Qb$IDcbrDarqtguc?GSEzB3EN@TGYYYKTsJr}K#`9dtSG-uWTH zXMh?8zyzTc)>VHC1_Q$ceIeBNq|-l`1*eAu@cFSvO#w*3s5sH$4uNRpa_occwv@BP zW%4CcLEXt3^gebL5~J8+^}915d1A5aoAN#bvb3GiU`z(~&iFsV9@jKT@?!<{fx{6x zs5IU2U!}Q1z?uQ}gjA-S(rVTU1eht|qWv2(Q%G`RKwMh*!1KBlUO5bM(L-sj})F0)-k;L|@A4F|G490DWe57Y;5RVi4ncY1D%@mAt?tBrk3J1=$z5{`LzDJfXJ;KbD- zN0t^V*l`S~l5$d`Ka3naJ#pha09~Upy+>3F)f5qG6Q$KwG&f_{!l)BJN0UHR4a)7h zY+mJ-==DGjz;{52=gBE|&^t~`GVhC0HX-u%2YKHCk&yFG z)77s?TcnBjf-NzKzCsGxlhr1*5|aN0y9SpUrgvnPf21Eqw9IPf*$uF%n<74bTcG~S zoU!zVqfWD=oIW4Bl*{LEX}IXJYi3K-fysP`TAu!S^FAj=03g5m2^BF>kjULXwSKRt z6Tjrx+EZeZ_>YBN)wFi}@{y;L6;)ILo~4SYuf*?b3S=SuK9EKyHV8&8F5o>e%8AaA zyu?MVF^?CKm~B_?TUS5bzzR16vLKrq^1I_VQ+Ti3c`S!=UaV}}3mPA?fYw)6{6>8F zy{io*rB?CuyNYu##g?ylxQ8ac@GW7}U`w9-(lry7lAx!Su+MCv@NrYBNWkBi z`daAFdeyxp+;Jgt^26`mE~`2@9Q2(6%eW;hZJTem6H9^d^KkCJk1RkTi5F8C@Le#`? zoC3gS8VR~?M;p_BEE1dQCgTEhgEiUWhp)`uZoAkD`*4f~l6+Zr^L!DT$xRd1QK;lU zSg@7KOHr<#)3E#}aGTXFUAdD;uJ!Sc?zTCWtAuY`Z_NZhVk<*O@Q3fA@U>k=L_S< zhP7KftL1#xS&)x=n8}%5c_Lw?1*swUIV(J`_8$AFuX0qK_X~J?dwBHrEm%)Jr>yRc z+L>HxR!26anw?Jn2w^f+!^m6v!6c*u>gMvRiX$`BKK}$WuKF# ztOh($R4P+3kHnXx_=oo&_5$XwMSFckmqix1Q%z$hWj~yLY&vr8aMW3@rVyT;H4TEV z4}Z1eugrRjM5aC(TikHt#N}uS(Ws z!cSiVYt}1*Xp3a9)X3L;QcSN~Om5}bdDYd);%}dC)Hg5Eqp)u|KPBvOuF!1rzJ4Pk z)b!~YW9e^>qFitaG+y+XXX~?ED;r1nl-53?CE*-Hhzq<=q#jS2qP8%Bx^ z(qxo_Vb-T6T4Qpeg|&2xbUEI47<*9qojfPiz;t88rObCa;i48+4%tih&)js}blR0y zRbC|hF5m=7;fJfW$FT#r(_P*3!z<(Go6iYGfu|cyoi`1}_gBW9KG$t010PQLh~i8X z96wE;&3N_nZCgZZM|I;#&TAS5Dg0wWbq&HWs?n(+Dn+Jw$@$6*`{nK%4YjUW-zK9Y zv1Sp^o)!JQVDD1Azr8)Dk^neP8uQ?wtO3l}LG<%_~PEGKSg;jBR;8P5H(8Fh{R|7^e-5fV;z4-XjMO1h6 zxvkZBG!dmxXsAT2Iz8?dh@to)+l4%RNH7wxdjI$sFyFwQ13{!hbBohwH+QoY!=ySc zz(To?#2F_fgraTnxFSt zCv-ph7n!{CIR*a^z&|@=Z79uE6&6hW&ZBVU>eAwO=dInlcDsJ^`|Yj1fwqZ(_ax(_ z?iBY6&{SlNG2fp{j=ye(Euge%wLkD)-tl9dR6UYiBL584uChjo(&C)Md~0T(aE~4Q zms>$(6dW7BR-e01o*RNL@t&)$kJAgLyZ*6Y?|3-(8ztKmh+TPnT-GsudU!f!wdRTK z2Yn`x>0u@yth3d|8jOg`Z*6Uo>z_TCwViFce_VN+QfkddGSN6ckz~JyGth&i9_fA8 zPm=pQ()qkx1^ad&)VX5tTiEaEd`q?Cwu&8l_I}w63hn2hCD0(G7^rRi;aaT$RVR(; zI8ll03Fz#^kn-efXQs(VrlrHjN6BMyf8>Z=ZE0CFtl~?HFa#o-;cX$A00fX8fa|ix z5B((1M?sIdk9M8#EDragGFO=#PQymboKtT-%P@(qm%b9c-?J!Za7GHpfTu~yR?XrU zOFbDeH>3KGU2WWJ^olp!uid}tq{e;QF-7{%Bj!PYgeM&?h8_zmYfCM)gq7!&5dvPh zrdBc7l~q@?G#)?=b)fZ*&N#V&Pe_6$cK(;6$4^Qay;Vk^dMWAh~(=He!>0uHSx>pX1qRteXR^NYX}%CGHuBt^Na|Zyl|5+s7x#gL?vU}6DldX186 z?+z+C4IyD5-Hbu7Dc-tS?YMTzJCA{5_jAreHg>*NoL3k7vu{s&?%CHmf3*Fovz==g z%o*&Ka0(L?$B+Js8ttT(_TrIx#~X<Jm7pTotO2$r5io`zY2S0SX}XWK zVWvr7ZO^Csvo6l#;|R$$)l+1Uz+G-BCG%U(OHN!)Im7ut^5YYucLU1xd_`gS@*oRx zk$M-8?4L}a$@@W151%V+@zstey|rVnv@}3$)?LtD z?(-1;(^?wIyZahM+uxqAB6XC|!x|?r|_aBR$xv)*i-}dYWmaLx+zZsbl zCNcR69cMSBD^!o`Qgc%9#R4V=7Ca4CJnXn&z18El-kha@&BF1;Gorb~aEbw+VzI zSR;C$HO}PWDlL-7V(9!)9x$42&nO?Ep)HNdbEU2!Q=1w`bAS*JKs6oa#w^?4SCwBC zBmCr97qey8OVwF56Xk}$}&C8IAfj~NJtPeM8t)qizCZ?i-iR-#BPb$j1lnR6X z+aX})esxiSP}+hV{eY#Es{mdY*AET_(r!K?9xjRN&H~s0L63))t;_LS&VE5U^H(u& zqe}j)$pp~fP1lM$w^76X3n8M14ue((_Ynn4BVhxAm9|-uq6X(i37R#AuPirWje4f# z?cBGR=Xrk(vO#;U$u=l^W)YYiB7ZYHtcjJ~9K(cpgjEXJC_Qj@U;q3=Fc_%G#89hI zMI#|KmHzsaW`r&FJZd@n$U4(2A+>k>i*YLQDM?m>zsG+&y|fxey+x18t^~8{&i#A_ zWJS~5^3P65q~w0syHb>_7Sdpu<0wty5)$kB*u=k@F72i508)#uBmz>BQFSaB2brS+`? z_BHI4g+p7Z*vVI0Un-E)O=CHWB8;+0ud z^rsLxb4JA4Tj6!gU@_87{Qb0`OWEgr2;w=gix(7l&ot}8`SV{~BwI30{5;%M{S^G} zC5csxp6C4ZWfK30>A;?=r0Do7Zz)#1r$AGE+XJlLW2UwAi~|FIzEg*s73ab2Q# z3pSK6nN~(|;`Y?89A!f5A>?;1KUz9Eeza-LK0Z;#E%IH>UOC!Ih)ni>68w6^`;syz zJ2QE(B&yV)v#TOJx`V*sXHkx*IIp73B}c7G3#Mp`DyzmV7Q!qRDI(YG)FL)(%nc@HA|>LY z%D03UU2Td~oMA&ZY;0^VzEH35_K?JDXrOGUIW)!oWKuSgi_A_A7`xov6$o3$9Jw? zwf8KqT{fH_BNG$fDldEZ!Dtr60zjX&bqlClKCfUuIl0#1pO8w{#iSFz8TSgjrF!rS z3Tjv(kH;9;L3H4I1aP-%>pjT_K!p|MTGOlwFan+mv9eVqV7JbDe05yM5f^Kpqt6yr z;K<>G%u=T9K*h@swd2SI@pN+)-yZ?Ei0}GlYv-L}&~^KB)qAHN#G_33y&~`l^?t-t zUnq`PxKjW;9xTt8dD}}XUM%iG`}Hfht8d%bML16W8@qBcJ+vVqY#7zUOlR!Qv}x5r zCrt-Yh-g^htMHiR;iU}|h~KJ({C>PFfg`dRKcOS|{q+oPk3hWWc!=(Qz2zIVJCV?Y zDT5P7BVi1>+`wx+2yV%AnazI3i6q4KEQD@T;1XrpQis=r6>&fv{C<+S`vlxxH^Ab% zG1xn*4`|{`o~#Y0dEOF2- zE5GeCm+zM=toS8?B~Ra*7aZA}f~^@Mx)jI)$RE~Yc_RYIS)g+WxjuoZlt%38OEp`P z!LG6sU+g4c9Ixc*9JIf=$;m0{><%&D<_H#|8bA!CJ7yNUOc)vHr@67@=_XH@-h8{} zQwQeMth++jKE7p4)nlQ!7)bC4aUF;%C3rP0EjDRx8d%DlT;KVL5Ce6|?q6Jxw3^() z!qY^)_X=OJeHID<9L(-7*7J(Xu`&U;-PsL$)jr;ds~mA|h-Zx2)n8xji7BV7F&1YB zep0OgpSavP;v?tWz8QU?ZR^gW8I$Vj+8j9jyQ?sz_qL8C&1SewaWg{!{-^gt0gG?E zifSZxxl$WvNe^*UBpLPb^AY5Z-_ddOLlE-SDhiD^gi9YOIc$d)9ddazNrpy>P@Nh; zae9EJjaeh*?=h(OmWcrU3()a(Ppiro3e~nCo4tXnKDT)ucF5x6DMk>&$zOkqIs%^4 z+zHQp!03Ez?Ibe!O?6^=sxGUqW9$!aZSrbDMBwCl_yTkAPDEJq>jVaA@sxioL76g7r_i9Dl;>Ly!UdyxfR`Vnz2O}d6&}DEB2kz0|)9dS_NBA*bWY5vj zQJKSiAaJ$BKK{=iB_>IY1|@niA&(N(wV;#DbJMlevVJIH%x`;u^JZN(LGBHlf(Z00 zK{T4oE(!=T#Wp+inm|;J;|pzH7%n3tQ~N@2B{8soMVS_UvG`peZqA7FY$uz4EYewD zNSRk6sU>yIN#PU-;r1j1-F=>SGM@KnXl>DT;9ps8>d&k=sJQZ6fumq6gv|+gEHq^& ztO{DOybR_H%j=E=BMn^!OpGEL`2cAcS1+Yh73Zk^0(eKqI1sVGqi(fwz(s4erR-oy z&k81}uyCa9vDNZfBVG)ni~A{-w1Lfm|Gjnq(pYX@6GpPypj)(GR&^Ial{R|1MDXhl zp0t7YSTTLdR)Dye&&6JY0+%+NDXZT&hP+0C`@CVL$WlL6t5^M=MKBGqX@a8inkU(4 zO<~CQ-Of$D*Qz#1yB9pN;<@cAcK|ov%U&(3iRe@}%1#Tt4xi&4-Pi${Hs7D=|MgRO zQdC>vpJ@cD5F&q-TFEf2A|oO#N!SaoY2o>8RhDvPVh)&G`QzVfosP3Zyr=c1_!9o$ z5Uec@zPN*>YEG3TDP-<=GIfTqk07;hOpunT8X8x%o}2`gkM{UoE5bT|;ZdfokW|?eg-nPR*K@ zN9gEK3okU8fJiwB=WoqW4%d|}8USs`5V%9HOEkq7>a>a%TaCPYPi-%Hq@2$RnF-Rzc*E%2Y7 zeLLkV7pM9Nii1gGEh2fVHc27&<{U;=E~f>G-&{_U z7va~Dj|cNk$H&J@(?j=@_tYAvx<2LDIEn*XLpYIP;@b!r1Ii5er)B%`o#>SUc_hAu ztdax(#;MD77O7B$DZ%8iPt1%v+c&OeX^=*bcOdXw@Abz68c4`uHK01{(cQxUb(*8VZK{RF#8!0-fCldwFM3kAUK(LeaK!H z!vHzZnsoejOe|AA4YrtIRS6(`ak(Dx+1Il_g(Q=h<&pnKoAr=hbT5l9;Y+IlKrjrZ z;OLyad#jYbeTx(>FR#S`6g_@^>bw}>=Z7vIVM384K~m+FIDzzySl|$nGt{CXU8!JT zz*^kaU~%1SdHKG1LK+x=TtGl-hEosorGje3)%Cwum)>mAGd3`Iy1@uiU)+x|?z2_- zPuqW=Y8?zy)~wrLa$TUBZ&mcX8cBe}(b8bia%622%W2R=1u>J(M*)i0ga4r7r{A&X z(GW)&zLQ#`K{ds7kxFXOd%S!N(ZY#1TJWOgi2v5?`-Bm+>-10`^aKHAMZWJsL6$`o znPAan!s4c6UVo8RzWqrer)bpmiyaDH_p~6Nl3lJJaP$Kf5Q{8!5^t^5|F-*j@#3y0 zp+>q#HR$e<-)XhY=kd;4I6MCJNdU|xY4nqLWU5a@+t!=eb>c~IVR>|L0yB^ua{Egb z;@eq0H;$O_jauqxu&?4>ki`A~jsQut=*-SEy2_Ps#z#5^Rn40ak@9CbB;Ul$cY@PD z%%l8^i-AeqP%MXe$9a85?V5D`DusPE48#CkrH-U(iKO{RmzqCJYvt>g&f(~V(ZJGm7E4JiMYb67W_rGc!syGM6Z8zen%PIyZkcd z|CQ1?P?!~E6=~*!1T)&BuyDl!TghGPMV{NGc;jvG{`Z&TIabUQ*MtK>cV!?nLd*l` zY-QG7lIB@rSYCZjmVvS9kzC)%{V~a7#foSDMIQrpaCFNc`@7FbikOj$)JbrSCAj9- z#J_shqEY`?L~}{E{8%$~v{9_;eBB=+Phg!%Xc&>8B^WOr^S^EFykF_) z%vx%V+7!4e_k_dmEiI;S+Is6?+5xqiA} z%Yn&3%geC>V>!v}?mE00D$pyaw*vY`J)yi zV@G!QfFDRLG0>X5@m)$XRD}!;2>qC@)Hk~{XD5rziEf5dQ@K1NfhoIw?K=O8KuTN< zdSKsP9R&m|fCw;4tIEr54FV1$ae>JIZ2VW!v*60D`~*?#UUcap5Vs#ytjC;|L7iK* z>#@h$tC4w~3HzhW;<5v*&rg-=vw+eDcbDdfwlqL-CiaE!!6#P&$k?39pa5Hi@$QR9 zBLA(8rUEYB|8zwODzii5b?c)oH}LL{c!_T}i`@1eoYMn-kV355xk%|1f>oom?nnM~ z&qQX!;&_=@iVtHdYiw zYiWJ;W*d?Eb%8g_%ics|!z>B`&x z;(U8{*Er}l=y?clkXL$Bl%+>4^|jMSj26l-CwWoZcKFBuHLjjvm0S|$Nq@%h`YG4# zkVyASqDvTcQNF9X*<0HFb$G{fyN+>(5QVCod93nkBTJTAv=i3LDOG<+-4jS+IoL6t>Z*4M?F|!)C&p#M+zWH zoGM-=J%4K(53)wGhMQX-vzfjh*^tYQ$k6GUC3Ry^(SOP>cX6~>R6h*KlOm{eI`633 z7|iWpA93b*dxy*$Y?$EL5#f?fsYrM_PRK9kajugr(v3m+T!)AUCZ4H`vYA$a~W1*_NvKN!?9y~5w=`8faFPckrV zINT>D#h~?(NyxX;;}`bPzwd?Z{^OHLIs@uYo}seMCQ4jCb!oo2St&vWdiiY7#-U{< zqnKMbA%Fr=yvG=^Y+oeZGL;jNnQX>NM+>2qPwow)-_aK4cy}t!+jR7nm<{@iNwbi0 zls43LBcgZU3pYTVo{TugFr$0HLnyZla zyO~h8=bdpqbF+4M|0lA5hX1@kI2oe_VwPjF>tsyH2V8=FcRs93BC;WooOqq<^ZiW% zr0aXLc^t##mLpsuGmySM5|XspB3~-Dbc(MgRqJ%eN>*H1CUax{iM~`NbJMD00P0^q zF{uJVBauGJdYY{t@1fA6@+B8r`OPU1nO0c^qli#Zq+hoxD+`|MVOBytNKYUUnG{V+WemsuEt!x%qsTy+rr>sykrz)qjenghIwd<@>&-xOrdWVOQU|KUMQ6!KQ{dI>9;AZ zW-VJPt>RiKfmtGx{nTYDj7f?JlXK>Z?9~FV%s&?5P!tK&E~cpj(Tzlq3@uMTEoYs0 zLExThNukH9#Esi}#h%?b1BIWERNL4S=Ju~>7leSO+FjxsHx)E14&dv~PsqYp;KvH8 zmqGZ!d7$*8y#bfgH!|Eu%}nPzW6RYCZFn&2s)jkeEHO9ch4%06Uss@eoM}IMCL>iL zx6T30fBgrP!UNI7%wjR^9T4`VM=jO*PK`YRFuCXxgbbqk;Ci7PVXu0$aBO66?Elzz z_A6&KXDLZr*^Gs*4Ay8k5+=9Tj>n;W&`^Q%PC~Mu)UvT5hAiR(jI(91D1Ux2)to0Mt+Js9DXSJ zNvi4Ve`_Xled>*HGadI+U{A-;W1@H|*8P)D(;lH=YY>Ry~3q;G6BG^68C6D0z$#LU?|=kw}p zYmz*t^%OYLiobO!?q3YfSLA z?@kDlH{GHu#M+8XFE!O~cV$YwMKwDihM8Ha%(0{BX7f@`?h;XCe+*0r_Aso`K4@|L zQW0BM7R!n(&gF_i!$m^}W*jkJ6yQp!i}SGK-O=y7b3l?`1yA;w%U8=2(i<5XQX~v? zoM6gB+wow33}$(hH5d!=4Cm1>|8!M($3E6U;y-BHTKreb0VVhRb+(5)c!B#@1qbX6 zjs|J z=TkOA90P4-he~lqYE;QVU~Io007k1$%SGD*_SMuoktO1^M||h%3!^Q)^i0!f^UIGs zn=+l+q{D@ zvSeHbvTBmk@Ytt@dg{_k7yWK;ki9ut6Rg^_CQvf0KB@nUi!e;V)M-Y+j6tdTh)`Is zL9ZhL%C__q7kkoht>Yi3r|Zs{2Crmat)fO!n|-7gOLQlQTv$79YeCNp*q!ir=51p3 zrJ|~VQ)&!7AHmM%{QpYbg)5gfE*KwRqV0gW752{BviVdb%=H zhf@Kjj`b!texMrBK(olMpW}Q*A7V;N(-<9Vo7EW<{Eb$Af|aw+GCCC|{ETVtK1Q8(kZ}jg{MIE6-{jf=NG8OGq)A zo=?7rwjJ7xnpbluYMR`(PgNu3iLHT8mzK*r9QXnC+(}K28pQQT)HS$T-PSIChT+e;Ub88TvO)VYPqPI z9W}98aN&-OiNYdZ(!LBnt;^HPbRd!`aP@yYomEs+Zx_ag9(w4MZjerC7?2oB7`hv2 z>F(|>kq|+K6r@{98l*u&B&87;ns2@f|8vO=YyH-H-m}lM_kNxf1_EFxAr>HQDLFEB z<{t~V^E*67ga}d0?~h-cEoLJ`VU^^?{=|&hBmHx+NwxFU(D|RY_k9>sa%Zz(b;H|% za9Z`d+tTbH=`Y(O7<%1B&i(=#MO`Xr*j)QuZL~xe9A~cK_Ntg4f&7(S`GKr+f}D;u z@u)?DV#n>1uf~Qze1z=j$k?ECi(0}%yWdNq{K-r7Mlu;HE!$hC@m7}`w^yg3NVHbz zZ`!azY9So#T{2+2`+k>>s>H6KzYA?Jg!+E!WTUq_|F(+(ob=-)Wv%jcZ+m6c3g&n6 zp?UAFj-NtR{vD<$G8^#8Hdt+SW3vjHtx(hs-(Q#m@UycxRA@n1jYy8Von8@1#?mmH zcJU5VleKVLhLK-ce2ecoNv{ZKDQhWy4x;c5`tXl_eyvoajbk}!cW_PG<^#Nu-5OVr=`}b!9U0{ zRVzua(1Fk{+4APoY0WMdn3r~)BmV$|B2J@eTd>Bf(=T}E?P6hB{TKu1`i@ihAYggt zb9-?lJGf3C^Fwdr@@)nF-{tc@WidLJ(sIlvi10BXtu~><-%t7^X;mkeOAJX{f^Z}P{p!T zV7kL4N?NpJpglL1_$*K{dyx!CtueBB`_(w-mgi*-CO^UZ=Prq_iAK3rE({&M29PM( znkJ?A#OlOY218ip%%#zKOD^o1@v{uInQ=$Ym3YrWvl$^0VI>$9P@G8uexH=7#SotS z+x)wU$y(y?SfFzNaH%#p{}*xlN=6G*tIe*HWY zKW#gJd2G6)6Vn)9@|qJ*iuMxaFind^sg!jI`SUO=7-+`vkt@Gqwu9pmW*{jgQ341r z@-gwp*6bW*(~oH$L_)3#?CCwFj$w1e{G1V3rEf@aYQ7BrPD^vCbu|sT{Ug=|zn(Y_ zSe!}{f||ItbXZWY)OPfARXL-{fa{f=a^-m4SvlTcEpfecLzWSM z5`*%QK#;@+@}s}b;0Cg+t9Qq22dsB;C%895L!FBRAeVFDx_sk5gO zGdZz&xZO+aIOKMh^jXXeOPHvD+BQsFSO)${es*LLlw8i}%j&+}SbJ|5J3+ISbTaYF ztV}A!6Xe=pVp#YP-VG@dM;Joj@bKxt!zP>Ip(GJTeuF5o?Rmu#!5KGgmP*#xv(%W*#$bpd1 zWfZ>U?Gi)7VsYO!=uFGu#xwBwTjAJJC}n67^A0vNz9oMp zW+?=@A)MT^<@Ya17$itha^+Vlh_Z8FyAI)&jw+2KzsWml>ki}d0A*yErue zG~g=a=??@PWSXIb>O@0zLg~)`49<^fNQ*WNvl0Ad(Tqbj$m4uE%U#YEDwk}UY#(i< zeHz5~UL+F|Gt#qOdbN?}X7P^&Hqd#s*;zdKce$yVv8kZfEKLXbmTgC6>nob%-nZ0@ zjC{IkFR4kOI-^@*UME|YJ`yi9hGz$NqH1ooEJZFOXotFKWA{(45%WoFSIiW`Sw_wa zt82oG+2*A(GQA_?Q;EPx)cDY9FyXulHBk~{UQ>;3R@Kk7Rm8v9x!Un>v2a{+{{hhX zF*(N`Z$<*PY;?(oUR`_XJt*ASXV$9_ch1QF{Rv>IeT8#IOHVM5yF(!eRQN+a=N zV=4jR_G1+`+fk@WQzCKn%J`EH-`) z`_z|ZOQ9Hwo-yd~Bg4j@r4zmMAB&E^z~o4V-O&Ptcl%pK#=$OI_kP=*z-20wF_}`X zyD`q9HMh5dI^@FR1UmSn71RdbZS3OsxUmO~T?CF7m+{0lUY$ZvV?RG`+&*rY3B|HO zyqjs6QWHQCIc(9gT3T^=rL?m1Vm_iYE6pM2PYErqr?s`U8Nt$d@?YHq*gx_Ku+f(b z;;9%a!sLHjO#>AmYz*--XJIu05Oyq5GIr8ZN~`f;B&8=D>q#NBM82(~1J6Gz+KXP3 z%X79!0N5x&-;$4-HtQ5SGdIg91RN;(wbnFgy$UNsd6#IM5+kwyAR`5Fb$H)qm{F%D zO?nt*GxfB8sB=x*Y>(8(UfHL9H}H>zbk9?t83nP8eunLlg<6S|kjf^?sooBFm$4q54#AiM5sw>u3o_8C!*?0QeY8oK5^9JG6?l_M=9#{;afXuB1qo@~>vzA^kSSy~?Bve0SWLh@akZn1=dlY|Y>8WB3eF zqd?p1@-1-1tU#F>5{%sx9SKSFz9v&xLy zddo~4wK{pd7y82Q;(qdeYW8;3E?Dx*vmdYKJmJ%4nPNbAJdjBy)H)GOZC(Jk%sSi& zTZK=Lj&jdV7BzG~reN%kNXT!a{(8G1)H|XgrCK^g)Gc>vnb1%$s^E~Qw}}z-`s8{a zHq>q#B5Go4D&KG|qqsw~5X#_5ECcPA^7-#QBA*zmtz0Zv2(m;4$f1V#X<1~Cb$1?DWyx+M!ae4@Zu$dR@0LVv(nPh+mG`Td#% zu}WV#;>V!Ssb;#9*X#&-n}X4xXWbp`zE8Jyw2zy^&*Qt*k+(%(cRBb^D-gjyD^Z@e z7Gfl<5J~wSE;X-}vfB=fmj@Y&>7sq8rrGdC579i*Jk;|gZ>6PbN~Q7wVt)w=?sWO` z&mzjdKMH1f5}{q9~AOsJ^1!x(bGeW zbez=E3VZmM&W@iHW3tF%-NEi2?tZ@@Hd}zK|Mo{_41|YIcn7-MKKo2Hdpk1@(IElZ z1Wx&XmtDaS`$oTcFP&K#kQ-K=b(5+bSDh9+_Vmi#%iqnz92Uf=zb|CtI;*$T`W5!K;~xh4tYb*_hyA4H1jd)$>QJB#0Xc^w?7rKsG<+irJJq)P3>p8wJUiD6YW1x>kfzhPWZg8^9Y1 zXJL-_%BJH++EY(a23S-6I=@x~-hI^RD;@||H(vknUr(Uc0rFim7w>IccQQuZ{t7?&lW z@?y$<#8`16!k=0m$0UGq7zybV9&>#1<9>!x7meVm@+bVw{Ky|_q~du0)7PgJJam`> z`NsQE$UyCxAu!j7q=9Fq#5@CGI6l3~yNEJm?N47b>E$9pR;$enTko~w78<;$`}M^b zEvRE?2z0{jd81dGUj%tVXRjouI)n|3wcS(`-36(;Z?5;~qznw|?ezrug66-N55f|Z z*<4^gq!pnUv^;~o;Lt`^^*!kiqPz}uN}=V47|_qJ+Zz7c;jY3WuuRml#A;Ki>+~(E zJo4&x;B)1WIdH_{y*YnOS>KEADAA~Wpgt@R-7xmT12o*Lt7`wAn;$b+ZT&O6@hp3` z4sCYf&|8F>bifD+&?@zkEXK^=H_7-PrIha`*pbO;8GI+uM3>d3v|3pm%AfG&EIqDN zy&ne|3!d1v1V0Z>jHQ?bUoNv+e>M;y)61!?jg8Brr?+8Huwijb`VyV{otF;@nZj~R zMur8WeopNp?7si$&oZPf=F1sqAQaYZImR6^RsIJ9 zlYDSLbGGtV@;%wQsCKh`u|u|TzRkJ|IUmF zZBtZVPpT|Qf*-eZUme&&OO#69y)PGbFapln5kXP7L>tvRnnA?G>8dU-UtST-zTv`6 zIQV8`&aV(QV%bf0H8HT6oUWjbzO;cDkK z&wYvN&IhZ+!Gz){2BCOsRag22K{Th_xMBCDY7vvwBJ~<~?- z1pN?lW*N}vF7ET#*R-lLd@`NYXL%lR_S#q20aTM*Nfe-EQs>@nfDIi)fh9Iv!-f7I3xd4r#vw{8 zwT&x;gNd;jmXc+hSTv7X_`YZ&dzFDD zMl&7EdOV1{G89=Q_7J5=h;{t8KBW<_KyRLxiZ$$4T2nN-Irvg*ujU!Y`r1TC3NSnh zJi9Y-3oZ-Z2N#jyVbU8FrMu-aVgTT?>j3Bb9P@9>D*UFZZ8J>l2tXw^paKM-q_CX1!762sHK@&99iG(tBa zHTaba``wRC$xuRiTR{4_ccs$f`{Vf7HcE5;5ByYC)lK6p3Js7uSz=830dk!zV8%(h zt1Jj1gm0XllFX5x+`H_HgD`_TyMjn*RIR1T&yrccG3~6FG7H>XDvfie4q9@ivig4iAUu?7u@6Q4{+UHAvs!)`r6f215lHZ9B^ZFERQkn*(vcbv z3kJw;AM`a;YZA{GUxWEwR24C7vG}fo1t-zs;`j48*qas04%>stzpJw%E5`1m*^P$QE})Cd`dw*G{be=l>P8Y$j) zrWQBvUt8m7r$g3MY0GqZt-9`f60M7unTCo*=AHx~LGjRpSkCqM3VbdC(#)}W68Tk% zh0%;$+Lsi5(2S}`ej8gVP*y!oAsVK2#gN=3Hw*fC*u6L5N~$*|aeU0kbK0cY3zmN@ z7J%6Hs>Lq9C=Fm|uO5w5)F258Htw^G*&1=a={u#H@`euU1$j}PXKn{z_W_corl1-iR~gG1oLib6x|=EO=t z4uXB!%9!%JUE#6OAWRCuRW?~vXoayGi7W$JDqAdh1U|i?Don}RiCg5wM<6FVqm0fx z8$$mB=<-L?tGtCMM#gm|T7^g)6+i_N4}br{BR)Ajxv%w_EFR@ezJENw*bP#+=wn4v zO9X%vfFvV;*c3h_@vNEr8_tb~qoSvgqKq%9EGA0F%F{0g1W%uKy4+;3Y+?xL6SmHmOiWyiZC0B#;yeZ*kjBsgpD}P= z#zVx{2n7;Zna$(F4%fhYD(Qy<{0`x(2hMa2w1%c|%kdyi?WDL%RUi^5ZDbe_DW#}D z=a?wK2e#Ikqfef%U8!E|OZj0CZ|u+%<($};VygWbHIm7cf9V^s4>j~FY;AByVYMk5 z_Y0=|-SqQ=i*&4TN1;u_g5h3jYG|Uen7f#{AY6xDE=h?_i--<0>T3G|3#{q;xQk0y zD?-KaMw38IR>EZC6pq1UShKj?I#32H-RgJqYwYlEeq2sT;qV(}NeV8HjjAt_>2m5U z`Nv|z(q_+WQhE3NQG6K3ON(FnVw6FCqk>Nm6D)&69=#opOTHFkYEcIsgpI4x^R0Yu zRHpBqzCNl-vocay5)bde44_ygw&Bc{T?Xj}dzFgY%$I^Nt5;v{WY+J-jh}Y%uB?n* z=B@jMOeDlLS9;nw`zsrY7=xEz)?|Z~pF9`7akwQB7AXN3NWV)#id1^5#z&@S^NsvY zLn`FyB7!Oo4zx!MFM~-eKZcGFql{qG78fswrMbN-bm10>{o2zJaQX;04Y_Tv)GH;2 zW~D9xinj^XnTyI~P_=OB7n0;P<1B#60;vN&NDkDJm4vdWd_$BAwa31W8Dm^(<}0*s z8)*Nr(1k(r^_4(c&(8vITeWnik-Vjfx4W;w*0wfK+S%dp%W*e!giFu}333A`Ag2td za2@t+9`$Ww*ym(cDmB66O+5gef!GZI@}ON4STmXTvbCi?aj_l65E2maNl6@i<)6K< zwoE{C;@w751gor!ntpK&np3kOvLmqC$6pt6+3$W>tJt{Nq{3hKGuM~vdA=CqIqC7R z$c1;TB~%^nM8KrMWEAg2?K3V zV_*8!jmb?j9RH(8JJLox7hr(_>d2Y zuVe~G80Z%Nu@GkWP<%klYmKt2>?>J*%vCpNTXEkmWWrI1t0`sV9C63ZmLB?>$rAFW z@T78-Cj*x?DJQ*!{)+f7g}IC|dmA1}tDab3dy z#%&)@WO1?T%3!0TmR9h0fp=)S7zLKZ0XmOtE-oE|MbCy$3Fdu>NR=W zeTw+j1y0`99tOVIT~^ajy07As%Q$wq-yX>*D5zn<6dtD+6}fcQMw5QnvXc&e*dH6E zbgY5@a`F(qeAG+nUU8b7nmiS+U}Z%gOosUD z`E&8vv+Yxy;B>dG`0pWEIDQu&Yld-r_7sL7MgncMp;>R7<`L_xh-l9~aSQ?zd`*Q~ z1Lp9Y_R1Bg;~$u5lTW?7xo^MCkv{#i10pSWdl{Rx6+|o@$4@vP>75B)w%{>SMNvUh!=Q=v|ek3)GDF*uhVsT zKIFlDtaAT&~0LwxlEE`Dw4{**m~v&1-G2Ypf5=LK~`E*kz?YHM5>cx8H8+Ate*O zGKuH~cr3)5_eeXn^!qo_M3*?%0N=yGM_sF@aH$*UDrG;&KGSUyT_X(K8CuYeH)&$h z)!Nq9OhVPDpuyhwkHwEp(U^XV`33l?nZ(`2ERVFv+OP6T90Dlx@%B`zWjpuA&I~avt_6pkjd22Hjv{_c`I0EhHENwcz|?w z)-3pL5(6&%u-T8;aqB)@ffnRi4rp@RHXZgQ_{grooh;3RTTVOwHd|UP`x6E74(+21 z;9y$k=34YFfChT!e#&eX{#D0EiA!)J1P|ang5>BFJ6sN%>HCfIN_?96tFA_Q`%6wc z3XUft)T}OlN?iT8-1x^rO*aKqEIf6;IZ-rid`QP_-QtY0M7H;@-PGdYe86cJeCw9P zsCh`Y+0t@C`-Sn@jJndBqVn zt=DvC$Cw2^ZI5V!U!$&vJU=D`z;%pCF}V}EvF(2n@sX{$zivT|qZB|!mZ4jxBvN=E z{VSb7`AK-+G{ds)-TSx68I`1fN>wG-A7ArrL{tj%xwF^N!?;nHau0;^A!flqsn0%U zo&^QFMGIP}pt#7Ob@keN=lpj6 zyKTgxx^6*IMf?&LsM7_Z4AWPc9aqG9)-E0q0M~hOW-WS%P-&@&nsBLz{@6Mv5`@+K z0m(pQ!+q9qBT$8%5{0Psh9d?%*inH_M{no7A1!)TU*N?w*W^vS?P}|8Ke_wm)P*O% zaq4<)r0U%0a=52apNv^wtcfO!Ew4~&4YhppDvU~kz{v4F7?eiW+PGqn)r0i_^{4(FEl5D!v`j>Td@>_F6F2Gr?R2(o&rIu($ve5eOslID@ zy=PH3>qT_L9~@h(ErW>AIaA$#EX4NwYM7N)a8LpMieFfEK$t&tCMK@D7f-t%M_Ssu z5AjU2^)kbU!+j=`98o6yPCIvRE~S=6YjvwCG>T~PVuH#4l-E>~?3n;Qz5ESW+UFAj zqB;U)mp}*M!pI(IGVpSFI@5>Exk=nDXXjNf$HenKPRol)c&*5{^_auML;UV5t=VQL zoC{<j}z zuF0YGv1T!3)pS2R{H1-m!mq1y{mK(TC3Sc6`}x}JvC6Y^vGsxvkJF3Gubs(@-(W5h za}gOV_v3N%e&gYxrRc<4+)~w?KBCtgo7@stkw5+eflcU1=_W)lRPp}Jk2ZGe_))3- zRp4)`X)MOqui*)iGC;}+!l_B3bE!lhepLF}Va-4_dYr0k>6^2)z86cokkV2N1Aju{ z_HBmmrMjrZxqahmMnty-hh&EnZ8elhA-H`Qm>^8bJY~q+G6GC{H>t>a!4@1+=ozx-Ud+{hemVV{5i}JGxa;@xZ=s7#LZtqr?Fpu6k-dpm zZ$ItXAViI3+eWd~Q#|@&SUwC!EB$bBu|5QU_xR8Te|k*m77`URtBW9$S*qu|Ew&#q zAMrbt|6Ij#A0uD9)=e}`;2Bm8t6+->{ra++sr&Z#;9De>*mOF%;AS^0H3A%x#nF|V zS8|-z!hII|g)~J~bcU7}?2*O8_#+LC?q&u@o{5PlTA|g#Rjz?&Njx+`PX%TncTe}H z(B_rnYp6{%-!cJl3-Jx8b5V#4iZY-BB|!~Zbj;__l`bT(M3;4cMTGg9OpTuh5Gr)` z!Ak#2J~EP68L2FCWEBic>Si;kX}#msaOA&d(#t|;oY(3Wnx#o{JyAg zqvQ4XDo^O#cdtdl?l*LKxy>N>;b~8ZW(XP|FIBt0$5Ji6K|M8`YWS3FVqu6JteCU zifVYSFJpc=J2eSIrXDhg>BEbyLJi?8MQeWGxxI`G= z9AI#%qZYR>yvK+^MAt2TlsEo(Z%3C6dXDq>)c0gc+{VrxaOw<&W|7o!erZ@U^;%nR zL)rwHC&dYKd7N2728RT_IDZ^o6nrT^ycQAZU%vH&3Jp;bxVwO8nQ4)-nxHlvwTE{l zwNzH)wv84t;1d&LiMuUrhUH_I+FH}Vhhx_l?Y|x#K3H(d`cU(}))vd_L5=l2<+Q4S z)-r+KO4K|741s=jB{tEU8Lw#sc_Jzd5iH%qNMJ zjZE+PsS7M#bK&vTT*RFr&6nY@DVV?r-kru{P%qJ>pm$sWSBU`@U;(Ncc_*US-6j1V1L2Nd{ay^++$Zue>i>6E`ND zv2FY^q}T!gqS~I|cXB+s-TjzP1fdPFX#2CEp9tB zH~l`6(4n&_@aRNA4}FW0N#Q8ZMoM(GSFm{y({+Y;*D=NVNDkS2=OuEO>*4M%vZ5xT zFeZCLLEq3&DegDmWr|07j@k@3y9*XQZZ3qXU{VX1!zkNZwvmp=y6#zfT3?;aX*eV<%fA%Q!UoGrsF>mRhxTt)tkVk=v-v~|#kiO12q;2#TbQ~VN42Cp?GNFWE`=k$F^ zU6l$vCTa;uuK4knxwCyf37?TwS8Qyf*L*Fk_7E?oP^P*jcZ3qQ948BeY$(NQuuy$3ZZe`dfa3q%IC6~ON%XHj>IMV@o93i+O<{%{Mapnle_hR zkmhBHfV-b0kuQ7}qYlF~c6J@uxU!Z}Os&ZJh zkLep05NaBo|4I(aDc(BYwBQ1z)RDLl0Xg5QmrYeFa!&9+7BI^h+(^sJt#noijb!Ue zaGb_gv=B&!Ug@+GPQ%cL5vv(-W!tolaOi5RqY1e>xj&tUek$SHiij*uw!w9~mMW~L z>PJ{FB-)ByJ=IIz^qqRI!q-DuobwT8{EZ7d8&`(-6#wCGTpjRV zqgDkl4Sfa1C$rcEj7~@=nYd%>T4EmwVUZ_hHL{QgT7Y z1Tl0kkY9tN2lWwp-y<)1d5N@WOe%jpJLaDbAOrDbVeir?W%j0ay2VAr-v|+2Io=`L zC^hp5F*?2}wha1Mj9fN-)liTA4+gmq6DrC?{0O?wW{&eZM(HKumk86mq*{T1J!Rkh zyMFKC-Uy%dy4An)clRX-#i513#joi^~l@?|8gOp zn|$}U=}#8!OZf3<(io9h*-VEXn4A&zxibGD!a=SRKU*|%Gg>y#m?-C~>+*`q)ZhB7 zngW;$%of_8`Zq%Hq&1lQj)q}8dISUaqZ~5>{W1ohNi-ZNtG04-SKqVV+#LM0f1vUF zixu_B^=Vr}>TdV7bt~;%36-(Pk&k%GVbN(3NMECE`SiL&zJ?k0?-@D1{6Xj=9J9YA;H#F{{Bs>K9kJbr_#wV_7^m6(QyTe!~X5 z=Vq`D&2f;cv@%K2N{|w>EY>?dSs*UwQukf&_WgDn`L*6kZ@T7r>}PdiEzCNM8*skP zB07oVyMb5IDs5U*h=J6o=O!l?(!-1##sTubTZ0Ky#xc`W@}+wx?;xkJ)xkz?CDnI) zUtg6pC7S%0tDL0sI!9$7^rf)k_PBJ*q#c?1Hp8hXN6PSY8hqKp5u2w5{7H^|6j4ui zkjN)Z^0sl!RQg^cj_HkN9l=*$_x@+y~de(vBj0|tTwhwd#p)+AdyKg0gG?R%Mz zqn@|_DM-u%b)`A@-o}s{D%LkS=uMQY)(Ic`H@O_DFda3|!5^oOb6B4<|FH;IEm=!ZDnn!!|7PUPe@o?-K&_6~KD!^9&O~>2x$Sc!W%- zGhM6@9lfjTdVKn?UfPQ!dd78>&7`P^C=duZnu1;;;NkN8_i#X}x@AJ-*T)Ab+N2oF(^#ug%)% z#=``D$j#!josId+c@jj1N;4u~_CsOQA+*C#$ZOEq@o=`|sw{;NY!)*IT2G zw-YJP8!Z9T0$-K|UHR)DR{P+77%g-Bcq$2_HQIJb-vayXo)wzenmX1@!* zakY-Y8@RduahLaNqIkBYCuNLLMx!;LD zip_oSbw0pa?zpu}E!<4X|Ki-|IpJzBVx8biWkEU2u^;D0>&vx$&=4b=<&Rg;GkSaU z1-f(e_)wPZ+@k7V*x|3QOI~ldgw4FRAuv(S+tM7M*Eq`o**cZ`}wm0lSnNC3xq-m?CfdqqMVS)4*R++zQ}R@`^51F`RG zIxDYeXG%=Zr9nZ;^Y6l&^uvqha46GD z!%q(EFpXBF%`WV?I#SEvtTmlE{R0jJA{5rd_&gn5Wo0~?E2 zERTqVc=RLJI8$lgw8FR6OZBaHHs{8IL2TOiX{{25NRj4893WgIc~+4aI-cvu@5ldT zlCPVQxeNg&?s~yYL;LD}4cXOEKFPVkm$T1TM@J9qgI)9f(D`QPg7Qk?0_f`89@!rJ z1o1^0;)?jAwm^b~gQH_BtV*b+0N!(6=(7>fYirXtWGLKjM~f0*W$xV1l0OI}#J46y zC9p-g@Qh#W$W=Y3AFV6KkrQ z_?BD2dOoSC7fL&`R$H92vvUrK_@lxv*wWM*sF`hwIjYw>zZc+yr_(eJihLTpq4!%= zv=!|JQ|pyBQUqX66H+)R^g||gqMf?d)_suldv&RvCkyV?S@v>siKVh{bNI6vv>{&TbUs7*cT#o} zeKFz>YyoEq8Rv1cD@7U0%Znj)z$E&6+)!>5SFZkm2SieBh}RFZ%kj{EwmHJ5z_!V- zhC>?~<_B8F*N_Uh$>@0=wkwkSbN{Qc;AspYB;c4-hzH}}Kh;ZL#;6B^Xlp*@BBDwt z9as&C2 zwfBjM-1N0soJ}H}S>4)0VH`|M4&h)o08x|El&qTJ2?q|uK1I$lf@vo!oE>vt>*$XY z&p#IK3dqXynf&Y-HY|A*2HCbp_L=rcI;quCg>+rpllHiGAzp#tP7qltc0XFFEbl=h zS2S-o2k`@@j7)gEuRQQHLoh~$FrYp*x=Ur8D<`s$hH^*t3`D>r5CPP1^-mj4eLW&p z6GRkEZdJ`}g)1<>pg*Rj?W{Y2kd>rYt5^K@;m0sU53Sj-$!@P;9)`&1>S$dOR3i$P z@I5PbK7=(a2u5?T%r(*frk5n(^FPH9MopLDMpi>eev?;SDOEY!xi19_%8Q=1hf$iJ zu>Y~hIqm+75pp^8UC^$;15{O?GP1%DjK|lSRIH3AH;t(?6%P82;l5S)H$T?mD<^iQ z@l9lUZ`KbaLBsx$SE-kLkD@sn2RWCPWHFlAa0T@5v$y-XtBnPgr4-&!euC~ya=G5lrl5C&OCkZq~j{O_uWPJ9m zS-ngm#(8lj1L~y6ehgBaMk5g>{({w_mX=6O2H5w0YG)VR5LL<`hMkWMRQW@f-)?s2 zpoq)S(#gp$Nq2NN9AC}uEs88oNk7Nub@Z34UZwQ-|AcoP#<=(ZxlzeF?SUD)gUn&% zxC$lz?FpE~Koa{0==6noo!{J+I>_f(s$#~2*WF#8wm%^se}ON5A>w=G$(Oe!&gW!_ zYGCooy6eq?Ff3B;)%Kxs`Y?&1;U)h9HS-ks9K1-W^Pm;^@jEBB`)-uEB~5-RvBi2A z60*eFCr-tG=OXSeUCKIAs4+Y>;(J2tB^sTLN>g;wuTev*wptE`Ij^-jZ-fQ&%Ij%rm^{-XU7IHS@i2GITML4~_u+BW9>~c18)xG+)yL&!+ z_!e zWMa!I<9t{2TmT7TFL9bFH!viBM#}TeeB)T5Vj2!mO1UBT7s07@rm{=|K?=SHnqy5L zB`KgOHvoU!WdS>tI^K#DG-dRE7%S@NVYIjQkEyzRQH+N;FiIy){dh{PJrOO@)u3z|%1)|h9oEkz3{rZAuP%J6bFcvL~uZk|f{Ck9fzi;-ZRy$*5^_s)j z?`iVojiuXlx9Uts_;fZ|-?tbSIt95#C#UDi&DOOAHKOLm&~%Dt$aSG=qFwB$HsmpZr_k?|Hu&ji>tbE}wA;tK`%CuWsIC_j@ylzkt(ixe z4o4**eN7YkB|8Z->~Y#_%@iEH?%X0?7%y?0-s)V&R(i3MEMV5n5hQ$2BnK{b+ zc3JUBTM1W@c0%?ai(&{Uoj|)pm9QWQT$~>o=S$w+eTryo*K+P*1o@0Z)=_8(^|mbq z$=H@dZjU%|&2bPdN!{J5*HbMW$2*S!1rzz?lem3o&Bm+wkvJJ2+;;=KYT|A1hGPG! zt^MrqIo}=|J|pzEOBF5_Z8b^pXLgf6y5MsF`ko8vq)Z1!l)V)FVs*l znF`0!dWJkMLC$o_m``tnUryi?3E2Em1zO|J1z$uw|M`E(B3t~|VJ>ZD?cou>&g|&J z@I>menVF}V^qzUm)jt+tkm7go;m(4PDll}vU!|G}F`B9vKFUy%y?M%tb#@Xgid2Q97hd__uVDI2&hl00Vri)oM zh#X2p;aICzRckKa1zOtGZG2VxDPr(t{OGmq2)f-|8auPEmUY=Nv7SKwBBQDr zt#YHm8F6SOrKlXI%D3f%9M?Fy5X<|ta(PUom|AJ+|KCsh#-K>Lg?cJ*IHM(Q3YKyn z-6+?LJuv};HbGS5->a*Ms}gbJ^`4(jxw1hVOe9YYy?*J(?PEj`6ao#gl zb=m*OY1avvmqnjjNy0CN{nuv)A&!UELn|dCx;eNN|^=ldDT~7h~k%<4JwT?dkKS*~4}W-qven z;g=4YIIyUx$i-0hcS_dhl0l#MRb;go$79*pAcl#W@>m;VGp1_Qk=B6_>(%e{8OoSj zK_DPs1(yeXm4@|8a?Yvea;<}l=)?f0(CuOQk#x)s(v?0{n`wSpx`=@!UdHO~kEuZp z>^44ethO9>2=n1qPpgi{(gDXmiy!lOt9#S1#O zEZ<;j@i8f+B{73}nY409ZSu9*o>DY_DkwWlsvNzYR3#G0$-uS<+0Si*ae#M@ge>{K z?-O%4EiEb2MsHHkooy0uPYQSYz;*ZF+>>zw_;_76ru(4IOQVqe>&M_0+W!mngI9kK z3+xuxe(_!+verayHoGE0or1>BMJ8Ro4~c9gf7pr{mds1ztJt^&d}G(g9uy9^O8eXi zu>|D=)tUthzb2YGP~u31y~DP65ng^mxLqe>s=Tnuzf_bu{B<{dmGLrS5`e$O$>4u>6KaCHOE+Bn}WZ`>p=3{KT&R(Dtk7*rAwUwm#qRl+d zsBwURFid}4;r+BdI{U}>ncGPkuK)(&s*%zEwh&o0)plyH+#DDb#Ysm!)Ad zpMThSBBg4x8C;B3_$8GDuP`e%msO~#91s&Cfg*Dqk_y6g?g5AV6GN%1%qqkc5-+l3yIhi%h)N(K{F!l#qtS@9v##SLn^thjx zTajhfH{r zVAEDiTJ>xeAzRWFw?14@lVh1Dq%bQmg!Dv}r3f?mqIs(+O(wB~_oztn&Lk<=d1v}c zPoqd0e)4zfe>|OKP+MIPh64mGZp8`i?ryT4B?!K@8<6(LJ9p_F+8$)qmRuzyw0rBg|7uk=lR`lWVngt0# zVTZ|koLWAIJ!)T*;wDVnRm#%S@K_kVJaz@6arg%_6UK8s9lf%+skY->xJhzXJSwl4 zEXYgFAVM8krM%49uCq@zRdPJieQOHSR!$qmjhI9CH7M&*8h7yB1|t);`fH*w1q`e( z`m4aZudQ*4chzX&rol&H&6*LBGNX#SO~wR7I}RM}*H)8;0^k}(c{HGDvsfXa84auq z^l+~F8$di%u+dV$pUw5N=gn@|#wph0rVOaqlw9w##eiGrqIJuT|C{<}IK1aelpI1W zG?Vsd-2^`f-g!*lG;MhaQP04lbCbm7=b!nx`Fi)u*U}TzL0XD&H6SNA?#gJ_@s;|eDa!PRHS{UcsKhdwRzubMhbYLs`KDRPH(KMLpZi}~knDG>HA>?! z@fOv)^!sM%jKNaQbI5FS00>p#g;*47loF@y;y};{NR0OGD+9hddk6qK5{`7635p~; zzO0$0g&{&WhNB^T`$PEy+R$&~Y4ho!r#Zu1XT-~ONm>f;&n5p3wQeciq0@afuab5| zU}_M)GP6>BRR1={WN+e`n>ME;z2uRwvt8I~I(pDX*#Zv4FH1(Ol{^OV(?yX=Iiu2F zAmV7)d(jidM`j!B+=B%sM*O&Y+t45+k2Ybm4{GYF$4e2>UM07oW_K8|PvfgGFZVYt z9i~*KaRLJS5cnDewhEMxJgo{k^XSz-V@6}EbA(?t9Q!3(TxRgk+Qh5bURnH%a*A7Y z&W7Xaa9&l?xT7RT<0f%$Cr~EUk;*pK?rL}RAX;Ne z*br5xfc|S<`a)c>WYHwfKE)vqHNiT4jr{Yh^0>L7hr(*temr{@I|De%K^Og%1(@~^ z6ng0pw^(fv@E#YRYlNh3UxRl*B)(bnE|Le2c|XhqK_DE7I{jxZ`+Ks?NOP@}(NDMY zhpyYbNe>%E!b1A*evBnGTZ@*y9oI5)G7tJOnEXghwa#kS2|S0xPLiZb2p5454U|q` zzvn;cvGA)zwt!+qh(p&;chbA>=5$!h@OU%$l9KT$hLocuhg8DSvN*#a!*eOIJ6Rz8 zI#=aL)p(>BRWjo?Zt4MEQ>_dE)d)%Gvi8(VCrnqp$I?j>6W{hhX%&a;5&i}>sbOTp zwu7c<7k*+x3wH<4MuO}xd=h2q*J!KZl)&|k-W3aX6B@efckF>O??UvqsJs3=pc2LKA<+b z(mCLtZtGf@HY{$HxA*rkx#ji1R0sJ0Y*2IV)*)*TI5S)SJ&~?seTbt$CI#2_gRRyV|O@@C{FC@5i>L)%R=s$!IR$7u}@W1$TV+ zOfgE2ae1rpbcDhv?$M_+LYWi;4S=Ju0Xj&EIteYk$F9W{z%|JX|4w1=$Q=q>i|;ed z3UldF^bwChC8&*;to&Gd!_h>_DR4jL-?s-+}NeTeLzce3tuB|;+f{y;pgMAy;7C*?XZkaFUrp6(+KwyJ#Yj07lvFZ1Mz4lYMWff{n0b=f( z+R%?#h?xh0VG-75NAPcAjQuB%7+T`+yTe1RqmUKZeg+elrS459QD$JW|Dp}UO5)On z1W^+sk^ATf)oO+8MmMlH$Q`z}c>HTrK;;!EwDbokE`$+qEW8 za4qAM2uJ(MqUXw#Q{wqbMx9S{DfACRZtOz5Ygem2GcvKt>;N6AKUKt->_XD{ENy0} zB=2S_;ipCV5U8KAa)EHDWLE2%&efU!b=z@E0?66?aTxrp!JLURFxy3zS@nJ=VUEOT z@tZ}YUit>LOj_E_N0`_5boqQE@f&9T->^@z8faUA`ZEB}q>lkWSYTOci7n#^towXQ z8k|oAD)3JNs|dA$S9p1Ah4oQes3Q{}T<3$iwiFEu=hpoSm-D$kF`auW14tyZ`dD`c zpst^MPD7OwqSU!EY_?BZX^7e#UfjV>r8}KupT_FE%i+}~lqv!0u;G>|cli#x3@?GD z{o||Q*1UMpR~Bbt6-+mq9bMPrf@d`aRV1r5;@2U3G%b1lZ-$2y0D7yU0WRKkCo#1p z0LlcH{Jz$CF|+LAFNNSlO99|5eu-kkZKk_azwnqs;rA5(VsBe6bSA>Ky$l6SYFCWo ziJ+MV-{zkE_j1TknhnPV5?fJiM5MPGbE2f{2w!#aW|a2xoFd=^|vetF^UC?lLV z#)uM|<7N1vx|qpf#y(pS2{gUC2!a3hMGZIRr63>3aPz}rZOYkuE8VyOkP?mhV~d}XRdi1RgNAewKZE0jTB zB2nWup7T3d9d^E|jm?t>-)<~|E$Q1tHieBA&{N=O&BAp0SQ2SZ-cG9;NJw`=p4~)c z1oc-VH#DQxS!X-h2^FYtuFi}3_U$^a_4QUrWrAIPCJfa0DGuXTy<9yCXE8Y{jVU4I zHAtWdk^elfOAcaOVW~>i!aM2GL@*fg`qfR#b z4R6!T4tQ}OX-D+jqft_LWuZ5$$-`F5GJt@d8;H@ezkwr;P+W&T9mEaAb`ct zt7xit~a^}?|9eK>e{CL_fZ6`FH1mc)S4FrMV z(SpR@hqLxl{Q$|Ymopd}`t)nSx2gnMW=q_b#&+RTrC!Bd zWGjGcn!I?^(u4~_wfrG*?_OC9gzMJTYdQ`P*b!ThCm=jHIdKj@TbNT7JsHYcwWEq@ zqPM7UZ<8wo#lHl3+`BU1m3M`p!AP!18Gp1 zx=9T!>XKzqJ9?*-V*E(3DosxG@#yY1b9u#TD=9`Uh-c(j<8-LEoqEX?Ubsv6wNgL* zXSxZ|XX-wbB6);p%PLT3SsuHvzi218OLM8Isrgt~to%2lWtTP{t5aU&efyVKE=#$< z)uTl1xPP9DGe(=wNnf2BLN;j}URiv0GSAfNG=fd*b$mV2GBT^A#plUXlV>}JVvHS7 zM{O1#lFw%@qT-VWkr$UzXsAT?qukxsotWdhsP_GqA5K>zCcFOmb{;4FrEBBI_U&`6 z*MZ6y%jf~IoG$LQGMfEe?E7~)!!@%8XN`+TnZOn?=|h!0F&I3{_aoC}AAmx%tbC!8 zdl4*{uLH1z*sO7sZhP0Pxc)}XevU|%X#27)l7?kDG2H!r{#N8Ni}S za>Nf*gndW|uRcFRJmBaRXmnAJyaDk~!8_@CR<6*_1Ulg-1#^qqL?c6ZQLgvBRBI##%lxjRYs`a;4liQ z(5Wf@hP7Kp7H8PH!?vtEG3K#~=dy{q*`C%Y;rTFZG-pDz&_B}Y5NfS2t z=VSGAm}H2DH-SwOXUlbA|NFAF{2@7C5-(HWD+^@;^04m%(o9x4eD4qnFGJ+^KcYoZ zU@Vyl-Z>oE&(Wjfycrs<|DBE6i$}PoG@dPbPrrMR&HnS8P1JepVi3RE;=7xCP}lEe z`xH9MX%<>BqiT9LxklWKP)&vedNDy`jsu5Aa!7La-bT@R5HW7ljuIH3cBiob&ys0S zgZMAbSj-2j-%>~aur$di3XUYfft(D@jT)>+!8N3e46~5_!i!AzpBA&l-wZ)uUwttx zjPpP>6wQ8=bZif0*C!9>fto!!J@&fi>VFnY&hcqWX$0fNna27>e@iw`>%)oTCql)` ziV7-d%?nzOKjSCy=#wRD4-Ye1n=#q2Ef95dhB=iJh8t~+%_KJLK3$r3r+(fD#($3Bs@wual6 zbI?BrozmUpt00Wl>#Uvqfo;4p?T##|V?)=7W7lWX1fM)IvYf8XCMT59+{l76^c;Jw zX5rtb(9o;0)M3`h{DxlS{!P{Q4v*-2Fc<9rg_uX;0Ua~EgL)szOYaKqg*atxtmY8S zx)&Lf1o=wJjf1w$U1N&k&5+`pt@cn*UWRUn{tUJkQ+L{xp|EZob$o}Qn$>g{L9;KO zhex`#(vOQ~?OzUV-gk+W)QV{?F;&wU`tcn4eRly0f6!i8oCj^s4b*(^mX;2)Q4_Iu zow7~Y`5<^uW)}#}XrgF(Pp`*lMoyigrW)_^Ba11}M)}7m(25_Jra?%?Rb2nUMo!Z! zz@cT2JfL}%oU@pZ=0Q*cM=l&=5OHMT4qbGuRC z`@Yzo0j+vI%SPdW@>;9j55C{&G|I9DCPssbOawx*+^tO^D75VJLtBZGYJOoLUMdiXiir!R z`5gQfxOl9HV=!{Aa1*Ebi)p=>Qeyilgq5!7a^X6HR(F$f5g!$(^@pfO zuthKQY_SIz#!9m^Fto#KA~9!p;c=lrF^c*E@iF+KwIbY9Bn0%}z>MO1E!_0CI8LSe zTNU{`{M@-z=Pl9K<5_Bk0ZgX3ty`r<5AGOVvx#(>X*z?NiYfSh2G^G-I9w(OBnC#_ z^YHBm#u_12K|8C6MU7)~ndafSby!f+Vtfsn^I(O7(CQ!*Q*aM&`z2FWRv?Nl3RN3e z^RGsbjY+UYU$VEqMULd+M=0cMv#cs(;M25n$H~@G_Y+ z&p!Pmfa7skYaVLUzNA@rf_t*Yhe zX_36A>S^G6;bs%5PuxbD`dQr!B)-Y6@~59zN*m9t(OuJ}*8SB|#=y!TsyKOr{RmtO zNbj4-^g>O4cxO3QJlU_3x?Dh73iCXeKpoiaEr<|Gk*`$|)SULN7(4&3E@B|IG?)pj zhfIrCpxdXkK~rbg(RGN$=u6gNG&DL!!IgogkWE0?Uis8_zVy(GSF1~H7*3Csphy{xH*#D z8Mr5~piyynOgI(8v~knjB=t% z$iS6L-j$0P5vo~?Vdu?JOTNQrBA@3gNZJPm(3Gv&czpU6y8Lmbn5)6N4DK5v-LqpE z|8dthIo-#Dez|h@EsYJCv2^vgs3N&$ri?gHlSXWO1{|%>hoszEMSA%no=g}97{9BU zt(L948>iovIzs~k_B?fTaX}sBtx8RKy3 zy;%{q;bjF{{EU9Njk{O4E^^T|u!xz~M`=(>p+xXXL`1{9m=^wRXoh526>F@^8psMY z2oY3YfGs+5>@B<5IsG)ZEIu@X7QZRiq!ST``n$}8zlsWkzwL@#F~t0PHj6Cq|EGuKsc9tDF4hog}sVU)Ao7vS{R65b*yLcQeyu{ORW`9O&Cvh}IMrLZq z(YJ2OWj3d3meoZ_>!n;@jO`nlfLVWHgDZ@vr9x?)zA7hwbt`-`hdu3$B*_vm^@qL^^R+-cyj{MML5;qOPWCBnBlNWgV>*AkL zk~E0Ts3qOoZq4^+#`Vj3IwGt30qt1wzI?$!ZGzNLt~qUNv_xUF5k$ziqaK&CXG0*4 z_QdcQWBZ4zJnUb5q3$?r3uZ)tdAkuPfnZ6vXZ!AZm>RKb$%&-;3T^5YuPg=E|7R^v zfYB)!y8Ep&@*1eFYl6%)tTN#`x5^2HXD_}3`Qo2XjlM0us8l@m5|IYW!2S{t zqJRg8ihFdTxby42&QI2t{M+5QDQ5f=N;V<@TUSlv;Jvp}lkmo;VZJ1Gi7&BaeB?sk zKR(L-={JmwI{>v-e1;CtAfx=Dsu*O|{K!U)N+sDqfh#3<&wA=yvcr&65qlXZA7e<< zo*Zq;8B<#y`QP+rdZgOVJUk$SEH&pRkD0Ln|xh(Pdty`__3f&(M1L z8W)vwvn~ccm7D%_$!<*cX_K9ES0ZU0>Ra^$OdI@jF*u23!J}At{8G@7m8eWgG2fk> z=cns#%C`4Wmde{Vi^T=8o7uRuagfjT9x+M#G=&+A^vPozBivZdTDi?U$E`J_qhy9+cUY{#I^6nUGypCE}km} zi!}JAU*0aB0Pvd?99tf)PS>uJL~J$RVSiW>{7H0{`caRT78ANbT6C~0U#4lgQ%uF5 zzrXj&0&(U+27X}voKbRJs_I3jcm{7rioTdCe7DV1vJ$CTK%}3aNwSmYiEb+Unx|V{ zmv^hJ^|vIbwd;)(3eMa0I+*tD{%XeUmFIGor%&bB?VWA~t97))!Ta8u{^@0XgZRu&*`)i}I1f(E5P{8a^DLg-adZkDMZtc@2wiHvPX5`_uA z{eYCNH2C+Q_YO^f#NFkqRxcBNFuZ00mh4kvCMMDSdq1Y)U-iOFR$AXcNE!t2IH<+& ztRKT{z9$Pxhz9)oJ-84(rhQy?6++tXc+i1-CW?aF?s&HLr;4|%UBVz%p<`aHB37h+ ztD3#CEa#O)+Pp^>vkl9!pIDa&#^LGIl%9F+P)9>V29Dvr5q5zgGcHIW5Om6z)^|~C z@s4&yW;7f+d=~3iurrsqLyrqr-V~zX&HE0a`~Kv8eAT|KzBv!oj}bf>U$f6Nc<#nI zfC2RihpDp1G$rHp_E_Vyr>9f@RU=3L`0aG?B*`d{_N%*$>S*wC`6B-hp)i5rePf2IR)z-#Ek(xQr z@2ni5SQ-|;K!ZiPy`OlK{7g6J+`ntQvHSC3qeAarDEFGyN$QctOUv%gOq>6~ar^Dw zJ*7lzE4fT1*(-|=?{s1wD4)-NMnk6Q}O%jXES}=@jb|E_fy*;;Bbrt%g#An{97`&ae`HJJazcFTpX;_)tDFVD0pj399n?sgTpV1Oy%%|hKN)Cde+5zCR@$-kJD}nASmCw7VBX3VpN=4ym^F$LU zCHS2Nktzn`6}OedAEkTM;h43ycshZlSL&~QuO27U4{LlXmpZ}dboebXk z{Jf?D_Lr?;`n;WBrzT<62?uraDvqv}{#$BhGwz4^mxjlA{(d(Zy?QEPg!M9HXe2ursX}9obc#9XoRZm6y%l4TjGBEW+3a+k^oG_d$H|l&s?HfW0 z5+w^60NYZb-&zl+c7e-2l|e$Jg9ew&J8vKEXE9nZp4n^nKacGG zscriF^X+z}WNT$gUYx1(8SMV__SOf*mL*D|ERaji4NMo7z%UWYOs%7SB;@Kos*Np= zD&hf8g{qZBb7iiD^YdoT;z@LR{2W(0%luLQb@tAH<14-5UgOuWm`Vz9zl(+U)8-_G(kns;+bQYY zn^KQ>GId;wqZ2Na7^M>U2xRUwdR^fk2}2V8Ik~J9X;Vns0_g>ufkV~R`P6`kGbpY^ zY)8OIQmZ$o3tC2J@ytZgGdt25EF}8TpP{P##Hj0%@8>#2w|STs#}7%SDv_H-)~*3Wc&o4Xt2VJthd@Lz~&jh_*sB=yZRM zo&H&&sEYM488(Jx&r&Rw;5Dp1t3PzK%b2t(K6kvFzFi5PZjg<%h*p!+Sym2<<$bE@ zkdnni+JO-ShJu7|+n2$h#2Ma6&fjdaz70N?f41JfsKAV?1RQtXtC$}L<{o`Ov%~-7ojoWGxN!~BGVnp*Dg$U0( zan$4810)Nb0q7<7*+Dmx`FV)@r`NckKnM4bT)$0b>G7T;!LE^gl(s6ffj}nvZ zam(*-SE8)-7FbeY6d6H17X>Q@capd}4-XIPUK>|aT1C}4vpk9KPZtt3Vg%lH+fP_3 zXt=~;iERFv(!_UDB5AYTQpt5X{T)8NH5~EA$XOiKjfMZO5i>i*Oq8VVnle{KI~%XiS_*kHlTj2?09Ghl z>`{Q>rN|_0YP#yu9ps-Toy%aR)6aScsOw@+S09DUU*}szW{ymK^@}V_Lwjx({t!>O z0ZHmus-QxU#3^)Nk(%e7YTLb~Rf5Bz^}C#vKfbCuzLSPM2K?@{Z8RM8;B5C=AZ|Y^ zsNRAo1X`fZn3x3txvfx4Vz>r|5SHsktr@Vs_M}hOg*14FH;HqI%(?~`aG0Gv69EC!OND5ewz*dy%1Edq;$SQ$wj=R5Zw z{L732{)xqEsD- zrEOKXyj7EM^2uU~DP}HhW=;+ezyq3WO|;BRsh|A_-}C)D{w3H7D?9T5m-OHq!k3G^ z!y36d{J}Iol3B-0HPN1GtGWQ}*G^32+i2{&E`cV^M8}*9u%*QiPA$m7;V-iJS3?Ad zRA++l)Z(kCG_9VfR_8W~D0ZwXYNgUwb|j%G;x1#nvWPtk!dTs9Y93VZG6euYNvQSq zl5TVpx3}=5-^#-tgPWVqRaZT>fn@I6!dNq>o01Kl)_s@ zAX_Up7KZ3b00Oy?y0N17u+h;HNmVa?+HjD{d_We|8xFYkMc=894himOl5AZHl~S2Q zdzlwKlFk*~I-aH)F%TewpG@Kvk_IhziaTNaLTeQIQH|QDlVDjn_oGIyp^s4^nRZ+= z)iyuS#>~~Vitptemoy>;GDaoQa^2CT#_Rbs0|ii65?)zAiH5n3O>U8f{Vy-@RGZXl z9DA#)WS{hz4aYddF0iNYRlAYe)5=9a3d$}i1u#oZBmuRs_T{8vq?%JU+u zpN1oAhXece{#5kt4sUQ^!=oZ>YA_20n{|P2fJ=e_re^ob;_s;<49@|5$wk8x8+tMZ-W*PkOj4EZ@+SyQR zU=#v4G)NA?1t7^No6DU9ezN|i&5&zH%cHHHA)DQ&AM$1SwL2Ag3tBZ=_`xdAQ{h~`$lf1{E=(Q z$l}jmqWlNy9FtTtN9reWKh$!)Aqt?<0*%)T#+8?q3AWQjNkZ_Y6(XhKx2x0G-vq0( z>?*Lp5!>n+bejj@pce{d2loLLMw!|Wkcc`xv!tdpSOcWo^Ipc-NOOB4+An&tB(g@L z&%le5Sx_i%);+Ms`FCV4KkaJkp{Er@1ZsR!A|wsQ23{RzgaT#Dl1U@$f7E(RmiV%hR&FLHps1ptpr9WO)-MS)z6KP4 zn7CM?eml-H=?ykLh$Vg3`;+5~|G-~ILBrI5LaauKIyAUDF7W^Lk+03e^P16q7J^!# zW(u=*bUa2=IdGt&!Yd7YKGI2EEr>0cQ{D#vnB{i*Hiwfz?jI5ZVF5{#zQ+ub1Yr)C z6%bG7E$~Xqq#e>K&eLXRWMtWSlH=>p>n<>3o#Ss7N*Rh22+Mq0Vnx zI*pd9-Bx?z=tO5?!#`~h$RKi;h9+nbVeldsG1~ENx8lgV(4h3S&f4&2<*GvT_mdq( z!L{U}=u85i`Gyx9z6quurXX4mNJ&{tkBPYSk*k1dse@Qk7&c1(*Bax+FToCPE`!l* zw4tjS?||SnpEA%*o?Huc_D0M9R{8uw^zWH0Ry~Rky$~1PK6S@-V*5LMpNgGFmTak7 z64@AO$P5NZQmu&arPjmH!ch9u?Zx=`793l`u*-8j?_M?nfR*0j3#cS3y{wW-&8m4@ zmeM)i$Zet@gmt^U=xn*Vx)cumq`BeN=lcWfX?RnpR%nH9+1=`uz^7(K6ko|?F4A2Tw7(TqRP7JvbrgdzOMdH5uM4;<;kSpjA7yqg~CnaOytC`);M!`Ft(VTo^NQ_Oqu!0R6?0%j-8n5(rE};fj(8 z!bf!NeP}DsfpMxNMV_B;74{ZK3{M#~xE|JP5wa0=o^5;*kZ3_gux(#(h=I69F=+Zb z+A$QQ{YeG?vi0h}%ULqV-v4A%xx;_zz1~LE>h$Mf-f<9e;u;c2h0EjY2I0k&on&X#==kDDIUIC(1G?ML*iY6(@i| zf%RTr-`>FulHkC>o^2d6FK9PtVz|t9BYGi(%+9iFR7CrKBl8%!e~Ako{D4#y;r{Dspep`wFQ!F##sb=yB(fUn@bNQKHSxn`$p;Vyq zl=@|WR7z4bnaAr(=4~m3{D_XU?RaJx)ln)_s7sd%?Ic@Lp(vf{>WXovD$&&}s`m{)vTO5g*q=9$EfJFJbdk zmc!9Jea||zSQtlX0@aWU=S&O|5(xr=N@)YFZEmysx#HjbLDR<1t5Zub-$B{^{GZVN zVmxyV*1aj>jTY;cw)z@1SDpKcw7w^1-Z49tNBrZU>n0TZ;q#Y`_rs?}`BxU$T#C4E zR}qJ*MBxCFv<6MR)Sy)Ls((0_0~#+k))#S$z9!DF4gg=7d@bXFrkUoy@_@zC-Kt&<~DvN^l&AhJaJ%}{Y4Tn~z za&9#8V0~K*xj$OOKeCbFP-2CqTGPfPvpOF^P-J9eOmg80hZqTJ715#``Xp{5G7@a* z65A}R%tec9B1M*CO|$EV5wB@#(N@w;(cx`TlOg-R5>~R;Hn}_vM~UF8y8rufvdk6o z*a&{0%DLo}5(5yWu)|HWn5Y6rYUD3$e(ggQ-r!|O*}G*UqRd#RQV4H_jrq+-lT@W-OMg@G?Ax#;Pk+yrSihsnA zxL^xV6BmG$8!mf-`dQLAL>vyyX6znDEE;CLkDXwaTMx6GDIBneHSqDs@-h{ZB?!TT z%tj-r(jK*X>DRaVn|S0-!KM=_gAP88Y#~umn9Xd_`T4m_1ZJu2SY}QiBH)K9# z7>-S9FigbSm3O844|A;qVNWE^HSx4|nq{Vra0n}&Vh7*5lw>%#Fl-24?6%V8Yg{zy zxX@sRV6SJcKa6D1Af-fqo6_n3$SjA6>^d8?cKB7js^eC10=q;xQT7k zUYv8P<*x1h7R;)Y3Q?@)RYDKPF4WYw-OVWCM2cv|Dbw4Q=GnFHUB%lLG;Xp>{gyqE zV)^pTs&*t>+NN3RSE@2_d1q8ATaJxXF^}hTA*NaRzR~4+D#?B$E^@#|aZpx2d?cQy z%_6Q7eY^Y1?WXY9+&(V(jk}ctAgaj5eFOIS(=|)#pbJ^JX#%q*+6)kJ?6H;F&F%l% z^6xy1gvE+fZiHBA#@a{)fbFM~Z_yhW9CAE#I-@}9S~w#UK~zn=#I|=t6M4XqUTn0& zT}A@w0S#WkWildYL|XeMiH1~He7tDhm7;B5(_22l)U?#Cv2MeCQWnbKaZ zd5%}ieqHaqq0iyYPHUpr(fe)p$|yp*ch&hMaiv@Bgg&azIf31>;0CKnJO1p|7N-~e z#dn03Wk0b`K`7XDB!H<0ev!~xoi{|dpQ5xN#_deTgO0gA3id#VaP9;r4iniz0|pwd zrs9Dv`kTHPrPG10oWQq&z2n2ZI zF>=Btdf-Zj_16Sy^kPo*eoi~^`DRbx(%VV#=D8@SCZ4nCWIgX{*XR3zft!QiTm55R zl?Glu-*Bn-2twJ~&K1Y0T#dzB@{@Aia2$v-0rn3A^xb2kX4gI^%JD1SNB|WTl}uZV z5NtrOB(7N*KDA9bG^zAVj^JAs8Jtb&jB%w3JREi-J#F;!fdhlkH~}=UptIF>Bs9oE zUx@3KMfgN14_I4R7UtYL(kWR6#0zEv-?V8Dfz4>FwK>)!NQ$McQQ1NcU7uOla^d|KNR7kiT(`?NJ0?N(vDG z`b!WcxUP=N4W)u~pEE4>aEKGZy|7mquC^&rM;W7(9MP<+0ZJ5J7*D!2n?zY%W(I&tzwmSn$^pSkO{Yp?X9xu>wrR_ z?}JFLdB{30I$u?a^f?K!Vg~NHXmr22KVTQavyZj_sk*v<&+IIjRv8(I8p1CHnrBsN zP$q7U2!u~u6XQWqAmPJJz)wn;8O$F;^aDqNPYK*j@MI*Nl~VhYe+tWj!B%hhtr7n2 z@pA+BBwtxrPe<`G)ix;a7YE)R0$4m$W8%wgn>~)36BD->(UNErslikmepd#VzgIsw ze+*a)lw*yMm$RYA^MoSbqTP0hVuzg}V1Lei-(PBjFzA3$ zT<{J<-0`iTc-U_u5~?4J-kS&M5lq(=|Hx*!v8w6ns4n=tDI_8R)Oa8bRdV5 zPeXY4lU{fKYf1qWjwjk~34vnZhFnP?sHApW@8d^r(_uXfbSZ3Iio#l(j56j!_nI&A zp{l9)nh>fG&`auGfYNWWn#Pu5DTO`cf-g5a)6PwVTd?8_a~4vLsK-(kt@u*Y zVn(<8-RUsDckAl?q}Ct`*T7eaQG-yC#M0{?cYEZ>U;|5HVou8lVa{iYWH^D%Sw%R- z6DP~zIvI4xI$<-a^E>OKYUJ>sBK$$E0eC(QNEWb&-u1e!-4YCh59So~-kg~|kF+YD zwQC9u1h5+qy~YJ6I)E`jIH71h&-ZpWJ)PYEW<70;?|c7`96$@?-sbtcb!U}@s`TaF0O^fBO4HmXdZKs^s_cwSQt)8KLwkH;`yefRQk|@DFjZ`y9oqmbB zEdlb5fC8BR1GMndlu&|gdVuV=aCk|XKW(Oixa3ObIVKK2i;D!}lVdJqX8cmfln+h_ z8P`5u!Vs~qI^Dwh@W>x9uzQ>R)Im!5cLqhNC- z^y(hZ1R>m)a;AfzoGAUAF~x#$zvPNd0|d7BBze$^3x#B)Ufv*WC_xB!D)C2w-&87d zI@PH!p}ej-*SPLzt(Qid%d3()28fj@(HNQNEDHTsuLh#-3&!3|HDSMYeiQ$EBFor4 z02zclY-Zr$0Hv^Hxwi2EVH!3Feu?WR*E|+7aC(LUR^YEC2p}YBn`)74pQJrG9QO=! zWH=n9FY+FWDa!yopWY`F_G7``h(-!hQXYAyoCWyCGSzZAy3g15*G=Us9oMHBJi@qg zt|lg&D8Z^paW08BuW^yKB0=SzSzKRe31LEnBoyLRoQE1|=n()RHPE+z?i+t^wn`2N z#ziu!X!#SQc)smx)MtwipsQQ&H_?SU8ediS_=D0tb#7s zIHdqpfZ(-eoZ2*dwh4{aPfM4`tqQOF2sNznM8mXpm^$c3ST7Wq{HE%|fcXc^e}?%9 zSdzjY_pT&T+aHRqyoS*acrXqtlPD$oTzrJ+j$5_nqnz3jMgh#662t-#azHmji=FY z!uuX3j4O9}`IAlDntteEK{jMHchjek$CGiWR6QTkCvMojxAP?4i@@Pm*GEl9dp8W0(y=(}y^ z9lZ!OAv3CHZP<6@O`I`}!PCmEqtW8-+uAA&i5QwwK35UMgm}QL20VOB{h85nP(TV3 z6@B8#=_Ih1ejNYzHp<=q*GDjNJoULhJS1S_@yeDRgyMmuvQ0_Ligbd zZlYp@51d(7wiOI>yB~cU>_A9X+R~VpkQwYslW-!AcY3=*%iSyG))xz4q}8hpGAbWN zp0~a;1rNKdJt2prxUhnUfukF4$~F4bU@t__@`;&R!YD;0!Y99s5n?M>Oe#Q1B@7%G zb3Tsi1B8Q@Ey5FEPs2fp&gWyCM5S&e&?a~z>PZFP-l5pIC_SbQ0f4*vx61h5Mb*1k zt#gyaQGQ?w#pXr{<}7ye|L__Y=r1=yU{icqmtwA&k3$;YKVpJizLVKt%FX`nm7=mF z0&dLe+2>ki3bCZqAHJLm^SrlRs7c6k173;-9>Te_iuJs?IXTKn+GvH1I!wfvppr`{ z1NLM*gS#n_mENA%`9*4HH&+L-65jbfs!127c`-H%07PtNkvFO~cw+cD) zQtqE!KnV#i8BeDB>h{)Lou-P@lpI{GK;9ssY{Yt27x`xa7 z=eyV$l5RYijMZeSPcss5PwlYijwS@>#2!iC3G0GJ`@yR3Hi3Vc-BtQbnNeA-jubVn z@vly+u!%jPP?+qCo%18(5%AO`h*-z@Q`wGdE%v4?+?#MJ?NdPkb6F&XHwk| zHkFaM2nunjN)9=TE@VL((4q7U4D|FvzXS>Y>Ev>Ar_NMIIf!|OOR)5cS)^#b=+~_~ zhL}_37<<`&0kaFWaX5pm4?QC?wmtv92X8)RbJSha+Gc|=#l|O44Li<%?c!{qzmP*V-i&jN7deI{DIw@X_o-4%|` zKKbg6 zgHRzM*1l%w{UO(nrD!4p4vh>}glsY%Nt|nCi&5yjurhtq-*M4-+{FG!l#mF>$WDtuUb1vDn^+by`H6H6 zmqN@G^lgeQ%FuC7zL|Wiw26Nw6LJ4pKshe?Q&>YI_MEMZIltSEQtTM|-p^I!robKo zneSl%gC5_rtTEZeEU(W%t(p*1)uomE{x5x|TPjji$S6YY=Y2y##DL1UPr*|VSrqw`wXEDX zJ-LGHoVUN|kN=>K5#fe)hYqh6LyJw*;N#%jM-DMaeIuOtPw%(RTw0otpU3-tAcpO0 zgXKcCM?Vt2Z{mm^M!!A*-j`AVxmbMKl^jAT$i6c>W z1ZULeK{UH*ji)Eq6~AHdp$qcP4R=g?8P5^Cs{$gy(}I1&+!Asat15Qzjq+*Jg^Va;QTfvJA_`M8wJ)Fd9U221bH>-e{kW%=vUO_Z$#8_z9 zXiu8^&#yS-7~^PlqUE#E&d}%;-gtZgUt$F<40^`=Si8p(ixMCyC$!OX{mQCoW3qrowh*c zQ7dZDmesQKlTWgpIHEZaHBWujP&{#-48xcIXbo!g*nl!0Oe#MqthbZm6NMb7l7m1o zb6{;{yEnXpE5*rX&#t5lhwV6Z<$Z{lcf9(#k-c-dCebJicI!yYkv~K3{dR4+Vx-Y< zwEWT`hZ3V3E`7@tOBwInsnIz<5;Kd30_pcd$ov*R5XFBynMAxQdP1%2&pQ^L>+>c{ zmDvfWf?Ts5q1Ycg9&8d7F`4*w>aF~l+sS-}R@@+De9m>3BLawNnX0K>?>ihw>^(c+ zqWZXO(#`+6d2%@eC0xo+%zh4eIowZ!xnPCdo3BY+qw#D6Q(;Q#JnMa(EQu z6d^{yNWW93MI?XRi#FpeO?MFleZUYSL52Dt6#+IbrU_P^G;9hkrz55O+7h#YL6-#r z-T+%z^_`+gBZ2n)q8H5=;J_duMjg<2wc8i@hn?LhG{cSnsY?iw3}IWS2A31h@8_7{ z)ARjAF5hBVk``a%rz1Fo)q9Xoo`X#pS~Xrgi)Mkym)uBP9m=u~$er}a#A$^ZvI$`K zEIolmG`)NG{q2v+V%A<{Q{1;FOZ_K&IZym>Jv|HthniMLp33oAPL>_T;8?0@+5?=C zvj|j@PFN))w4bD4CjLa>+7|{%{7lrWy!*puZ9(d*zzXW1Y})=qmL_-70H=j~NZ{~p z7u<|CNd;7@l%%T6!y5Km8`~a~uc>1)63{U&3#;yNQ(0tI!|ZC_AMx)`^3vvWK0ba6 zAQ8hB=von$>3dnaz;15<2e)FfY|o|YSc(a1=FZ}Jg06q|&8A#vY3Ubzl{E7v!5;qo zn9OJ{7O|yfp+Lh*PbMWN2E4H-=fCVPDfA`W=n;9>;jgWv*#7of3!`;Q5Qe2Y$xj97 z$+2Vr>FM4vL*;3?lQ91Dt(c?s+^-&~5 zpyf$~CH+CEeN{SHKdHbc^H^rAUFKiOKsY8QKYnto|M{?)SC)WDkdu59f|Z>v5rIXo zVj2C8#b>zz&v?j`A;S+==U9RRU4+J6u^hhOK^R#e)XTUP=(RvGpJxOR7z{MbZse$9 zaw`ofY~D|n@SF|x?hy%5ILii2Gs=Z}BY5yY7LvWX;ja;&QNe}$sOYVb12L#>&(=7Z z1;7%vPt+w|rc*$2MRd|rB(RfgS8VXf7bS^V4(6ItQQY~vp|IkXyHq-wsVH6C5wqit zNC;d_TE+FXX_8Vokf~)b_NlyTu_lCZ5udvBcgvDy^N1nKFvB|}x@xfySTy)zL1n{M zU3u)VG3ei#VJwAM@PC|6V>jU-5!iP(AoLhZEu7#q>!{UleB-pfafOB&m0GLNjA=M4 z&z(Ht7ktO!A|8oeftOr%08Y@cr%TqnoQ?O=2G=k91^jO#f&2!dZV{mpiHAG9yt!3w zT1tt>F)FFeNA_i~iDk#IP^wQ{_+}qirGB5b8GU3^mq-TVq2ByItJkr&r>1fQo-c_ zG=u&!z%vV@1nLt=AfiHcSrUEu0K0pyV|`%w)51Y)^bt8gm9%rrZf^vq2vq;8U*XizyQb{~ld)3Lu4 zC7^*}M=3mN$bwf|y$T@NU7F@WY{U^XzcD6Hn2i!4 zKi1RkvEV_6lUrSuCyl{*WDkQ6oA!wSs$0H@@u3M^Y*Np(1zWOANb_-rN>8yQMkm696KC#@3iN5-!%c@bFIFiGZ`4$MwwmK2$WKE{sk%wo$s8N z82<36hmFFbF(dC-Ab`}8tSY(!OvpR%g&q5!I`P91NWMI<)ZgSFs_WCDhJOF%04Wxl z7bawZE#VJ4&uI#ae(@Syr##dU3{!Y91hLa;0Qd2{bi3$JNk5`mY zZ*eg-RdLYkAYhKp{XJotLaP?UiiO)NZI)o9zIaeOX=!dgsMRzQvjj0h0iB+OMU@}O zjSK0f-=^6iUyo07N7a2%aXsV7@%y+pF}537snkBGu0M-jeeBtd*}z$iaY`8`kn%GX z*d>&W=-h)VT3=R0oioOuAw2Q-=#M|KJ3LFjpnm|32MXz7fLCf{6prao+Xf=HmLC!O z#f5oBFDDy%EWo1%OeuQ56%^L(-$U>q6OCeq#|p4i!uiKyp0p~j&5Ki0o^e~8(+$Eo zB9ZAQme;s@;PzH zYYa8M1aM16zc`I(jr~$)A}RQcT~k=Ok9uf1n)EziPE8aO$`2AnGOk~cZV{`@Ytou0#pC*m z#hw6yURNc$+18Ye$v7$|_$Ocw6RcrIi6GJ5l$(V2LV*eCEU6;d)v;ArOvvnplr(Q# z%q*pTNz#HaSQsOSx>)?=tJZ%zR)uNLi9tUC5xySD6dEE~n~G~#ILtGCo&5AwqpV1! zWahLM4clkXlL-v

%H2R16YDy&&)>`KEH$FS9tGA942@-!}(7GtfaYpOLf^!VHIn zYO;DEdh>&P8=Yp4sc=eE3HrTbY*X7{hD&j+*)N-XJ}3oTlP`=@Irq&BVnRfRrz!lL zP|#-jB2aF8M4Hq>pAy^ngiW_Pzev~#E^9$QwYdbVq6J0akM?l$y}I>|k~i5`M^N|; zNfQ$GJA>#I@7O+~Vm*f#2<5w$VNBiFeNfeU^XCjO?n6en!sNf2p(rgyuqO*NCEPf? zfvK~efMOx6FmxV^5m|$I-&12ps|n1zU8tBWcOoJzGmig;PutyO$ZfW%9Ybsa`^st z!%ica^8-c@ToMgDBr0k?QwaY`ZQ@*;rY?s}@WSFxG-0^hb2V{EQ@<`9PsGIr!T~0v zPw>QHrq(Gga8(K1$G&(lER5-_o8KGjR;VUFMf8OVfag*(LS;9y=Ve(wMD5w%Zbb`v zue$Alb)1*#qeJoPRs=0Dya^|!fqxT&#!EeLG_eQ!%WhU?AE57T-8Z6#L|)kb^2yPp zQ|h7REnl9i%1ol{dS5%N^SonPc~_|P1<1|8nAmCBOLXKSO!&b?=CGU;hkw%S><6gbixs>?@yLEgU>zpV@wXAa@c-Hx`VULNmEH7)&SNq>#u9mQgunBgxgH( zY$<>QgG4~3^EI=AlXjGOQ+E@hx9awL+A=4LfCh~eYnk@BESa~&Rz$&27d(X=D7r1nT@+dz_H@W#7c7!i{Osw|3aQ7dcakFp+G3dhqz z3YLV_C&CCp5xVE6Q1>2kLV7$U))gnoewoNZ5Zxo>it( zg0~=I>kdlY_S&>}*XLF`q82!jfQfeSbEQ!%o*MT8n(gzv#|fh^_d3&$((&O5ES^tV z*ZT^=a}ZJM(;x%F%BD88%y32$<${?5s?|5JG&)2*Q$6{|bCv|ss5Yzi`>RuK)Zwgh zL01LOPNxcZq$K4Qybp-keBiwwNUblf-9SQmG74OSHjQFm!yr1)Yz#|FI$*W8ewwIo zV0k#+2$B$9*%#YG(PTW*S}RL4Zrv>qH238**-yn!y<;)zt?gu1vSy46jt%zP``U3T zRJc(|TZ{DBXt2r;vvcrT@qqDw*CtDe(={)t zxSuh_)UP-a);F~Q+6I3Wh=C#+5o=C6Oz!^8rrAMBIv=GV=t{XZNurUtEG_s-LAh

Z7F&63%@e&PqcXo}s25m$ zizf9pP-o*yj2)E;&Fvi)^;e`@)n{VYV&$vYdRJ<{>e_1dGDQnWQ06TR%Z zBe?-S`11N|!V%>v*z3D%zhI+)(luFwq-dn4JSB`> z)Ffh#;kTFZ{Why~*7C+%Oq<({Tj91$g!NBotQnYQze}5E;I;dPDj%IQE1lJay~t&c zxx)=y9BEtBp5>lu*EG~r&QhLiihXZ0d^HExsfy!TJ2Tm$f4je90d<~$);yK-y()V% zin(y5RS{XKXLGdd;ipluEdxUSXMQd?%|>>OMES5%wUMa(nSuVg(psW>Tr^0NTE`qQ zByGa4S6NNuCiw?&@ee@x>jFFBuWCf3#w0kS@kWcQT$GEVKdqYnMp-{tyy#ptrG#^j zw)Bg;m)^06CR@mi19ix>hsX{oyzLYhD5j~+BoY^_i-^&5OXiY5TY(vj$KexLfj@_P zzSsO9NoWXtf@)K}NV(B^3k-5PE%A)pzM`FmKPqPUq3Si$Sy|n}(tHTR9*t@l?>>ke z!X-t9x&vt5c?ZVGW{7xe* zF=6aRa9dLJfW7UniUHNmxP6;JNo+iR;NU|r!Adxjn<)xd$>wP7hh|SwstEN7TVre? zo2P;Up`=r=kKrxYtOe`+q8C!qNdsQ=WsJ%0D|63=gnh%SOEfi;_l z{sy+Um=@)=$$lnC)gjg8#5D!HhfSDj+|wYROP`J@LL}>;oJ5&N<5ezE!npJui;x~7 z(czwZeB~=Yeu^%Ik5CWfOTCQwkcr5yeGOP3E?&`g=%zXOtX_VlW^V;z4C0RB_T6hN zgQ%O=7?@RvJ}j>h-zzgZ)R=?M)zJ*9ls(}%E13H&^HnSvM9SECt4(#s{-~Jdn*p4F z!cu%z+bS=X|AB|b?#8Lbh#XfblUiJ+27^!xD|CS{7omRl24BQcF-lpFKStcoec^7(i)DAf~78penHart#uU zOWola54C367k5nOqCetk=uSFT2k?o+JS<8JSsmHg*--FU2uMiB%Z(Ou<-c96h~BYC zr)#N_4ko$tjb~lgVB3?!X(>e_UI^{yP7y(!M?(#^SA|Qf`Q&mnETD*r>Y%sKmsB>z zDnBRI8NVj=<@5SbYO6BEU7c=0FcA-?ASfi$KbeeTSJmiM`%eE}hbiEwBjTO>t zmlnjxHD<;D8=_Kz5{(vW_zJPbDLwTBs4=T6;X?!Z#;ZILRR|oWJ^2iWvV!vbCXH-y z_G|oEm<(lTyfQ9>FVE^|u7hHcTDB<^F15|aGqc{~4er_n{B_IRA1P4;qXPSF5L29= zZwbJ!(v2}^?Pp^P<-Cueh?~G4hEq#WuR(eb;X6rMo`1=cw5ow2+3al6YE=?bmS7Xq zcP#R+@9*zLk@>H$GArIjUD`^NcIh>Ori20g9#MrD`XO*xRHp@!SQQR6HJQC37U8O0 zbfZ}pQ?ToOheme23 z;AFx#Qg%tj#9T+{n$RnU8}|z@8yB@J^!iD59fKieM?Fo2YL!!%D#}6M_P~{dgGjJN zSC7!OpbPo(K95rV<~5ITfY~l-;3Xn^(sk?0WkLm+;@8&*-8VU?&uQP*J^!^hlz|bt zmTD$Bm{C>))g?N!nqm57s*2)IFFR&2A`Az79mc~A>#EdIp{qPEC);1Fv#@D8C{V`V zHmZBaqC}<9VNy)&a}*Jv=P=+81&;u2n$-4kV&n6Al_?urTmDokb(%})d@PA@JdXl` z7tu5*oOdw6DZF|4!PZM1Q~~>SFkb@?RytESGG9 z<#M@!@-Z0DxW?I9duENFx;~CDGnt(qTO;o8$>5!#r1rO$GoP0uU1G@2?djF4JxIo-0rP97QmrfjR+zAtU&5&2BNPb%U=OIgBSSX{3HzSK;$=*8aT1 zHgY+-<8So>d8e0Q$}6#Jz@gd(h$DW>VT2i`Uf#8Sak?zkX)D@a9~EW!*%i%S z;*M)?@u3`%#ggyq_&=G%Khzh zBjYclnJUSiZ+RXj%1wXNZQ28k2ftbV&uF3@l;Tv>F4fC@^L}LT9&K>loH3Kct#Z$5W7bVOiJC|RTm!pxL>0wYPnVzXniNt#+S-KcVqR&>Y8Ip{<6mqboi;_;I{gY`3DgHy{D0e8y46%k3W_aMIp8F#lwh* zGkjdLv&{{=)lE_6Wu`iZ!1fiij7Fv2#9zv>41V69mmQq}_?d3To}MlDDh&k|93YGS z@Z$VPVzB8-KdLTu2isLof{e(oAsUK~dW?~Tze$*te#R*8aS)dtj=2zq&oFHy9K6Wj z+>wZ1?T+w1Y{xzN4SMGzuQZK$?y?G_ zSTEKd1Q0)aIT-R{WHGXGeYbaH#)PymNQ!^(K1cSZlk5`ULOR~95juU@8?+_x;epmr zn4l;Tb1*L3gEMoPK+8fFFV>_T_+plB+v&Gau`@0|r@)Xdhoz+tLGXya^>qG}m@@%go94jz#)hxkjD&?eW5H7bsK5b)z=~5I)H8XlpeY%OES`zZI)% zA`0LOxBZK|xvYy_GK%K#c|xr2&g{;j!LrlIcRpda14s04 zv313W2&6Ap)R}`gk~*V zwjso+%yJrxTQh1dr9KXWcGGpFjpr6{1va@}024E#9x|0KYpa>h_mqOJ=P*Z^TDk$(ZmHU7h%v+4 zeW~6m1erK$^F9xV;Jhc-@C<+SM$;BR=VdltPk=&6NwdqD^G|}U{n_?D65UEzMz0#J zyCZv3tfqSNRVj4$L*|zNA9>yeH-pI^F!y8vdYY>+6+EsGRrC?i_2NIUv>is+Z9JZq zOc0UJ7Hal_uyy8}Ahu4U-m!2xD%WmaJh^Rgy8?6+`x^Jsnt@XY`y2L|*zFpB?cN92 zyHx`#KoUQSfIem^es=lG54@{Jui<8AW>3TEI)K!Y*RC;*JOcAMx{B^Io%g+qHQ$Cg=yQ zo;%N{C7@~7n2Wbb3}W!;#`ivIT6?V1<#l*_g~)u~rp)lP_ewNsov`hrK|v*vKyA4- zcnEIz8&r5cW!~zz2Jy7t)?7{bs*Ncn!>I+eYL2B5v(*HbL)Ek$EA?7&R3T`!P~A`L z^9*3$7mSF{lP=?=X}U9*z`1POZIq;455%AfuM^_7hY_DNtl)5QsymG0O20IeAo=@6 zrz7h>8^Nq&&vl6S-WMk}Yc=}a!TcV#OxDnlD3F)eQ)BmKN9E0rhb8@eeQh^@iCswP zUh{vVajfA`ZU|*A(=&g^0`MYAo0f|{-m@0qso==q`06Y$xgaV$A~4$<&5E|$MT@1A zTR>Zgxc&KZsOL0t2yw^F5Yv%?ju*(>=8hL?#`vy==UR+!8qOLirKfbZBAyE^zzai@ zKaH%`{uGfU4Pwe1_96W)ueeoxAEpd(-}7Yb&gSPNC?^kXIpK{Ye-{|_avPbHp`ybj z&*O)Gkuh`Q`bB&|D!NG}bOu~mz?LjV&ln*O-dWG68U%udhW0u0c^$K;@Y>7ZZ+^S` zEclrIbjs`LTAHf#$7v|heXsgRVdK2 zH4~gnEI|>NFH;0V>-A)+_2c>e{{D)~+m`NguP$(3m>C#!-7Pj|gUonr&)2)7`JS(* zWGgi44s&$dO*@~VWchD^UAc&d%3=!=y1j2QGWHzf2*Z)NiG3og*_+^mcm$98Z?C}5 z+!tK&x@)~#DU7Gl1A)+hqKo3Ie^e4?l7c$Hc#4ku0lCAb<elpax z0SvbkN}to*{n=s_e)`%w7L;91b!?_>bC?B+{*Vu*(h$&FU=KFO6Jv{Jj!X${o6Kn2 z8X~$p zA*l{Y7^)bpW94y2fD|Nzu_11QuzEhLcbzvm*x3cs-lXOyfiBB0{Vl3HO7-`7j_#z_ z*8p)E5KjL^YPsvw+4JaGL^ScsCU*OM2Ly87SB10yJcX+vU2C7$hdte!V)AzH3GuHf z*2{llBE|DDw@G%&Rz0%bv1k*{c>SXP_2)xa&V9}ghNg>P{Co@-fO8joyAqU@k%1%q zQ^DY~5Y7s8|5JD)adulVHAG5LhcRcuk%D8vEVUbpIpq!$1JC z!2H)(x*?V$f#P}b9?LtBskuGP&?FFaTUY@{1duy$jD6Oh=*c|eVp6U4ylean4xa9F z%ZPDE?`fY3$4wvy>eQTL3yJ%!6e_yz?fZ6}fO7xX9d6};hb}XNb-JL6s%)=eB2Vb{ z^>c+qC+!jSPxP;0ziX`Du_(UVWHN#sc)Ml9(iV7_f5;9TL|#}6s$vjelnJpZV8VT{ zT%fen@k2Rw6kTcVMLm0gAfiZ`gR(g?sg_$xU3*Rho}hQ(zvzj}e0$bCS*`n_thtnS zMA!k8K7UN^GHO&Zon{wIS}WbIUSFQ1fXB}=!$QM3=h6Q-<%g-HM^^aMsJRy3?dkhm zG1vP%)7Q1-Pz6r}*)>hasf}NcB2T3l*!dX5P@z!_ zj{IuIShrT^FqcSQk>}RPtZSNoMSPb1*Ju9RBR(}P1t^R2zNUoHH6S`; z%dMUV53%HXU*{5^F6)m(&0zkdb^^@Q=LSdycTe2Qp4z9y314fm%kn|VL`zh4eRy#+e|0Tj2f-hT@s4#p-%U+ z2uPD#`GC=4!m*7?)}b{Cq**2P(^j6(+w6u`T-qc zdt+fYvALX@rG*6gk~*msOe#nx1TWjU(@vq|u0qVO5J3G(0>(02kybx4HGV$cxR=4p zV{@JQb{{Rv_X_ETbhJuDK%nsm6dA@205au6ZeG!XulL6>3qJQDKCZ7vqdwakKvm7X zDdc1**V_r#Q<@108vqe7B*SZUy4-lT;DO$eBY65LWH*)|Bgk*2T-%~$>ZbPTc%IblXXH-w9oTa$(Y8A?Ax_$ zNFP#_%3&h*F58SvF@!Hw{CRA~+&Yc>-1zvo+g^G|=#kH>gLFz*tdSFQc#hFfqSvWI zX7g@}MQJ-8I2U8OKO8KqZwOMP)naW}sLox}9GGiSO#@mul06CjXwy-X!^(z;?S}A1 zp+$2Yrb|Gi>ZGhy0*ek2{R;}F(dSe%)!?_IUXx~FMU>Mt&!6!8DPN963XI9weL{?s z#E?#QNIt^Fj0S|>i!El-4a2*-I#)0`AzTf7l&0-llv zEnz=18CIZ+w0B3_>rI8tYRiMPjr&wlVa8$b;7|g$3I>|mM7w{ASc>`|`Lg$ohL#(L0&eed^cEg@1jC%kBsXyBzd~V`zCDcj0M6sgLpT6s0PWf4 zs5Lil;CUYtat0Vl&8WZ=Vv??mPQh(Y;3d0e9X%--EXa=pCBhD-w^+6P@p6dK=VB+R z?P}$$HVz3;NL6Wmd3ic(e|T$qczSbwOXGGxP#>+foGOsce7r7vz5StU*|0Ra8wiYn zz7n6cc|2V1oc-A)6o`9)y$uL0&T#r~_b%uADhEa(ibm8uMfFqn4mlamL0;VMa5^tH z_rtg-@~gj* zz)V1Lt{#t7g*x|tM9i3_^#jR? zsouFe`Q-T$L1C25dVg!CWtHsb?MztgVv5MwuiHz%>-xbc@Y;ip9%rmOflltRwLX|Y zYty=u*bF41Aw=#2Y4hzsTG?Q;_WHcLH!@eGauoBK*b7kj_Bh<^1rn8b3sO~q`_5xH z3XCR9PCqsVe$nCd%w}kELif|8-Ln37yD(e4^dEG8@Dak6l{qD`z2@&$g0BR~hS7bht)+M|Y3LX!MS`?Y+1Trjk1yO6?e z;&Y_ARxNAa%ExILI~C`3v&{w*$H~IN!p>gj`Eco$o4fY1dRK3`03NDwa~Te!YhDjS;;v8R zR-Luvk`~SrIpQLrtsZyv8uWuzS>7qba#0ZxT23>{xw*MMFLORGfF0p$#~u=l0gQyO z*iaJV8S?#>?Ax0@=nZNz;)}cWCzf|C)Ec^!)w55vt+A<-T(F>NTDvKy_~=R11f}1S zq`JGi0il;gAh`qB;cZVT(EL3o4D{+nluOH**BLKhL8ninE_w05@0G`}T4}mz1^!vv zWu;EP8~P)Tz|}Bo2oj-2t2^*s?NR%q`S`?Jv3Q|o3a2hC*cBEQQYil=#0^kch9FA| zLO}%F&)z{NX(ea6IAj#eOpnOO$w(zJ5E5sqHCY~HS5*N^EYc>?Vs9lWt$+~%3Wo>4 z$dG=1I9~gQD_t18F|9U(-qCbk-8#pE&H$JOt0m)%d^2FG_+mRw7TATjdpxQbt3I}Q zyR`xN!gevW+;9G{`Ll7O3nG2TB3So%^8m;RFG{?(Xeuw!3Ak(lRzdn`wrtDFZshx- zQj?9|BgrLYrY8%CfZx5g{n5&t4X?su^D}vGIVF-xX6)W=R_|Vp_01c8`m%;Dh z99>*&^WyS|nP1_3Q&QnJVllku^LFRc{;->x>3R7TH2=qL>t;?D8H6lwzdkS!`sU7O zrqMH0BnSrPbyK1X1)4f_n$!N5@~wDYjl4`RK=_;j!Nj7X^%lpsLb_qu9v%d+KbhR} zn6m|dbke_?*wxkbqDD0vll_r%i^!VJ`8@zG~ZLf=Q;A z^UdLm2k>DVY>1`Ql9S%C0R6)UU=0MeB3NBtRz9^5nSDo!8V+*1x=QpL)G7!u7=0xb0Z=fc;q1KRx{^lDL4)kEyz1Op{3wWzY<;TZcUg z;80&4#xfVHjo^LQTu%8&&pZ4e=orr~kGUPXNS51uGRGDg9p-?XtkQTSCFgcgTKP0Z z=cZUSxw}TQ!Fr{|ttL4=5}(t&4DiXP^KNAHiKo@OHs|J-I{;VE`67^!2IE`10=N8G z%hf1Ax$#||e?%61u1wB=fI+fc{&NBNN9Nz37(AMKH7}u3fSd%lFHpe_E7ikw1JmR| zz@-Y4yR-4(9g9)Hw`T=4Rht%G_iHLtL?om{gwPhXo3d)=%6mr%p;wp91Hia+fzQ_D zbOglB;8YS*)W>F z-u>qA<>@Zd{jkVkcbHjLvuw8BYUv+u(n7*c9Zmvkkyp#qBUO$z_bkKYB2cd>1fpc@ zYGw_E0R%=O?Yk6}63|~4h71xF?UpAHm**4s_h&ThCWYPNwg1iatYqNx zEY3R?x-aHBt9eF4G9G(%XMA_d4z5mSDG|}pN&XH>Yh^G&Zf42ikRV0HIKXzC6AJM; zEblL(ed3J{{^cRjKw=5J9vVHI3!I<#u_1Bu)hI7O6X2i--(a;Rz|;x` zOZO6|7I4BPD3r{Q<@~|%%zeA=L6-#ZNR37&xI9h3{XPWcTSRb#;vY3dmbv{&9T z?dDmMQgW$&jGhrLnl7T1fHyEUKPWRtdC_KF3-PqRfg7;$&ru?S&k z+(ygo{P*S1>&<6v&C|^Q^KlAPOR!|C&P!H5uo-p!*ly$}>A-m^WmX*WBUU37Q@zvY1o@SBG#V7O%P+#sWB;(!1;aOs%*bfKo7 zPov540Ps2B1nU7OOP@P`oNI5(drJpEq=c*oGN(7d4R3S-&OtJ_f=;u3n3hUHod_5A z!hIO{HY`RR1Q6$%=heR-0q{@&FPf!v1th{QTaldQnhm3s$v{256yI`CkUCqc&gyci zH8nNneOm*>+@XIC2snJ1W`hn;XmHZH%ICaevEn#o)v&U=^r##y`p_1CpwPU6)D3LC ztCU~{>&JddJ8jS?qY8I#S(R02y@v%CiWNyzr!n`(yIbWv#Z}JYNXTFLbl}MI0i@y{ z@^$iS?5MJ;_QO;ATc@H7cklLSGV7l9nfqMx>J0;_So6w7!Xr%$8m(*_$B>+cexJ7%rAGPtFP!aFU;xq>ZP&M;6Zdv(7>z z5CCTcL<+CAOQ7?!{;$gOxvj~JjC6{$HJAjt68Z6f4?lm)=BZawK#G_;@u@+{0D=^c z?5K6)P9hM7M$dWxJD&NnxtHnl3W3ZA0#Qh8V5(|ulqFJl9Z2co0b7LUA%X=^C4k+pJ!{+JKVx1LJ(&U+wda4QPT#N!4%!_a z^;o^iunH>vF9-klISOUsA2R}QCI4>qr?oe45Yy%x;EDoQ$zu_~`Ks6SwRcSsx-2tu zaqahSAiu67NBI!MD*)|`IE4&A4R;Fe(vD!wuAflwX<-aF?X-Uk3y|%tRvE%%mP+K> zZ4bn3K~fLt9g}>E+B>3(5P}AQ%p}*IRBi_X4&(D(A4|jyL77iMucs^O7HABAzR_`~ z_h$?#T3os&Z38{M&bNwI2W0cZ#n*eJuV29PpljLuB;|?f_~L&fxZ2C0iJ+0#&YDPse0t)mt{Hnht(#l4IC2~rq3;exyt+bH6g=E_1;|;- z1j+n`Z=o+e;C{YicUV7qb#!zdOfI7dxEH6V#ahX2Y|earK>}+zWBEvBnWdj%wxwlo$aNdp4|8JVaTnJH5?nuI}gN}1`o zITwo>0K1;vUb{xEU8Z7HQc=0k!Xd)+(Hy?{(CFxP&j*%QUK$!24i2olMs99y*J;e# z@9#d+(gNrk!DBOM0aZim-6}jHB0U3xwYj+gG(GT)>PeiefO@<4%P(d_fv00ujoM&Z zsszc&`+<>>-hk`0Gy+el+h{9G%buO&Sr9HcyZ7@wU`eE+!RxVVth>X>4*B9wJ zPiJ=gdL;%x%LA~zm)%qw6cLxRRU@5=lbi9`SrvKtiN!@8;7x%#jk2kO^HgeT>Oa2G z(XtvEi$Dq9V{noCIl8!{M4W7*%CJ8|Vk-idRVGs)5?L5FC?rHGfAaCsJr&y_f`Y$u z3%zVa%l`R@ejVXr4>ss`DOv#-0^F=?9`DAtr?~UpH67XvJ@`=yskWJ(ZSxjJ1P+fgJ zj~sU*5#nX}U$H4ZqOs04Mu0}>MiwkBFZaG0;Vj#&6o>u$y&6cWfo@%UY3a9$IbN0? z6)FrsjeGX!hE}DNB-L2fZq7EN6s~v;XS)+AIXO9rQMbPR)CS-%Oh(g+ii)aQM_m8Y z#K!!%o~)M}a!qP@UhP?3b@N+44~XdQwykAwK_ZNd6+mYHYh;&RvwnUu!R>0dOskQF zmX?;2v!SdEk+jzFU@|y37@*(+9QhbDYE6N>nkE4bW{W3MC~%lU=2CJsFj=Be}!}hT1&?n77%SE|Djn4b}_ZC2if02~r0qENz z#X{3wSa2vvNZ>QIz1(UN5~c&S$;DORHq644ehMUZ6~BMm+7?gr_nQDEk4W}8K(<8vO>tTl$iH%&q5X!{h!EvV zL?Bl);@BGS8DVx0f^J}N(0=gsta~$svWrrS~$;DzsB; zl(2agOmj-yoTjesJOobmTYZrq&?$QQ`mnID1YFO3RWvH*hy|VrMS8{^)GLkOeI&aZ ziRiih(%ERPRbB=I2ZzgU6H-@KcTmKFvh%hlo!3PpC3S22vZcjyc?+44hmDTz__(nK zpe1r%A2nl)znOfV!iLrNuzG-9}j>lHSX6h*URm{ zIXPr=tv#^W5`^vo)3oM;kG+;I~zdSCj~%@_e;m(`6L$9F8gQKYh4 zB7|`1Ve{^kz?`t*FptW74oX9FYhn5%6a8cMBD>(s4%E8!lR-- z8yU?3sW&=r)i!^cZyP*i(M{Rq6F~o0s=VAaiYbSxd#awWZ}b zKS?4#FVD1Yu{$Ih2f=-4YRN2Q`;q25M{0T%^f!t)$$SlfbPyBk0lKv=CyPcieGTlo zJ)ijaJOKqeZ*Onl5Qgig$u9DJr;wmEP^y0U8Z4Q_qTmK9yuyW*T6$0FYnXA4f&37!8nRVMOXQyCJ zqYN+5YinyUu(102`T*bmQaJSj#DCcA>1m}tt#ByGoe6+hazF_WjY#8lDgXQZ@#W6{ z(401kn9|h3s@Z$%ak@y+cr?uk2r844lR)9R$p)7m&5P*nWoS4zHnFha2Cyfao3t$I zs`17S4p-+J-M~-~BMK})o+zlRA2>P_n3RGA{+uwKKDr4D3j@NkNOomy?exKghpnxx zySqCOhXFzmD8s(Mvs?&ed{TnK1zAqsSphD99}^P;xb3EWqtDBYYO3guFcc9gW@bAe zNTP*p14$MgEv-ZD|BAcPcqrTNKSPG>dMu5E8O8{1#cDbokDwy21 z!Rw;6_2jqt-VP}42cwNd!%zD{`nNP*THjDF_-hmA^Tl^;x-5bvmNT_CIU&KmT|H

+fGP-@eZT;hKz43(QN35T}QG@pwG&G4R#vkd?N!wSApwc2?xi z`#T~${6%;7=*WmYEDi8Iz#)LU8}cyVlfOrD*i|}Yd!FPcOOyFK z-ZY#k#O~SRjXV!;?x{-wX4Vtv%>DO@bF&%aYT+Dg?aYPvw6Y-aI&wj57eU2 zAYp_^{0hr^YHG^I$}l!<%IgV?s;YChOmeGo52Lw?Czkqqewc@-Q?HsWf?V{(hyoow zy@dpM=eI*}&b2O&p~Z)?cF$09T3TAQaQ0uLPrfS6JnURh&uIq*1^L>(b1BO^teo3QC`f*P2Ldkfke;u!X9 z5!>=I@Jn5JONO6|(U~QAsmi;dZ0t&%l44?Fs;Z&jk)3L`pp8gRPmhI#1;n}KXOpT1JjlthGBD_W+Z})Q>{-g3dSiEA`q3Pj2w(6Gu-nVZ$_NBP>o4M~S9+(5 zj`1d5enyCmh4T)2SKv*!?3^n?r_9aGT@-EhvzB12Un3$Y3Js`BS;%!4wWvmFn52q| zb;+=~rDX-#quvHQvG=D0WcnFy7=nU=0RCV>fq$F-2AmgAfq8RtbJQoa)16Mo)YFjT zYk}We3twimaN)5vU|D(RS7~TH0}l@mW)>D$Iun4&HWzjdUAwzyixNJ;HwL*w5$>#3 zC+^sD{S$WehsD)?-3uGuFNO>+Y#-HqH6N$lwoEY#3|xoV6En^~BgQS_?&c;gB{fJS zc7$zs$c`Pj8cXc~Bk%&x<393^>!=gqBuFzD*;P81;0thz`a@O>W8tX?=4 zFet1#|5hywCer@tghxFj8DQkFHmaMVp=bthp06e*tVGgT51+czJD-)E4NOx*U7dN! zFze%Hf={uGBRv`?J?Mx$hhmBrrY({$>NH=H$ujJ5l27dgfm@;R!^(<^Ps6{eruQ?y z-G>j^AHgYNni=KhBU;C%lSqFrcij}#*WE%>IpVrj@o!%mQBjw%N9Ubt4jxm5l}>h3 z^a-Z7p2?(WK?23W%$$&vw7#}B|1AU+gQR76YAFV?VSMf&lguR!%RB88Tm<1JBLjoK zO8(~NW^bwx3mz+&Izgq{15~rI30wZB9+=_husUu|JINwXAXJzv4o-eC2_QWD!mIz@ zT_euNg}^7HAL@9Ve(3R`YF)ek3|(D(N5^ipWA{s^nvM=ls@asAB0npt^@FyZ9VLd5 z1C_^s=~?3!m@Q7T6KdNHC`}aRj6&Iu|8*DTC#9^}&}lp(SZVgDi&(P3su_{0b{XL; zcaRm;O}n|fys5xp`l!mUQzIWk!+i=WS$zfwQ%cr&tlD+mUlr9QEF;z->yl)+Ei*O+5))dIGme%?X0V}z0@x~Z}L!K6W{ zWcrSKU%VfSzG*;FEUSIp3zDXC8EKzskr5|t1Do-Fr z?bpv->aUDsUDw3%B2q|7ua|-k4Oo=%ff$x|_g7)^vuP`}wKktz&7r` zP_-Ip)_1#1fR7IxAB?}V47sq7$G&;}+R()0VRjb-H!}lP95QQ3Nl#jP#2DR{cq>H` zdqyntva9Qfr&;OgM>6|!uNWH|J_~a7h)POg1xmrJeC4c>tLu9>I}r2+y6v?$cXtXc z={jAje;Zqm&`vTmvGm>;h}w;L{_fD$#}Y4Nfq%K2)YCg#^FZhTooH8V%6dpyN=Yf` z^JI%2Gx~oI?qwbfN9{$`}7N7d^0F9bL^(Bk4y zA0!@3x7=svahz0fBm7))jAqM)fM zw6yQWF=1gsK?Yh$R@S#SiB7qN;);rd`~@qCtVwU-^fNX#Hn|Kg zC(zV|JP!}izyFNmS+6T9DqvdAie^B>V?d!s1X$a&8s# zaaG3VT%$RVAnB(Hdi(lnhORy^D>pAU2e;3ATL&5oFD@=ZW;`%7M16L7;02zA?4gA1 z!^wS~ZY0uZHz9;G<3)gGg1lBDOF}{6g6M%#U>8O!%q0TqQi|C(dcTNU3%Cix36PVkuXAygQr z_3pPNobx0sImfvV8eO`wbQtl`neY}#&tU6L_fs(bno#Yon^r>v;iiB10inC%q_a)b zmY=~H6}>WZf>TboCS+T3fwG=yz|2uoI!~1XJc^)YUAFbLp;SKD;iLXc^)l=F21cm+ zbE}sUwzB7Ow#%_X5+hq+n0b8R#kcJJk>p2BJ~U(`wfmD?_Kzdi^wsukky3SgqA-Pm z=#;1nx!^I=i+FbWc{;K&@XN{rdrt_Jt`oNl-*#gZ-|d%L^`)0IcRvO88<_hFt= z(YKH!*-3Zure<^lbJHy{>V4GC!N~|#gp}~w%g}#nnM0&B0ye{N&jVr-oAf(Z>2R3Y zD53-@XOh1!`1%;;^LQuFC@g(a&ME3^b*$$Rv%-Rqg!&!E7!}-d$![!WARNING] -> Enabling Credential Guard on domain controllers is not supported.
-> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. - ->[!NOTE] -> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). - -Applications will break if they require: -- Kerberos DES encryption support -- Kerberos unconstrained delegation -- Extracting the Kerberos TGT -- NTLMv1 - -Applications will prompt & expose credentials to risk if they require: -- Digest authentication -- Credential delegation -- MS-CHAPv2 - -Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. - -### Security considerations - -All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. -Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. -The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. - -> [!NOTE] -> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
-> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
- -#### Baseline protections - -|Baseline Protections | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | -| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | -| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | -| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | -| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. - -#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | -| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | - -
- -#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | -| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | - -
- -#### 2017 Additional security qualifications starting with Windows 10, version 1703 - -The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. - -| Protection for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | -| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | - -## Manage Credential Guard - -### Enable Credential Guard -Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). - -#### Turn on Credential Guard by using Group Policy - -You can use Group Policy to enable Credential Guard. This will add and enable the virtualization-based security features for you if needed. - -1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**. -2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. -3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. -4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Credential Guard remotely, choose **Enabled without lock**. - - ![Credential Guard Group Policy setting](images/credguard-gp.png) - -5. Close the Group Policy Management Console. - -To enforce processing of the group policy, you can run ```gpupdate /force```. - -#### Turn on Credential Guard by using the registry - -If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems. - -#### Add the virtualization-based security features - -Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped. - -If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. -You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). -> [!NOTE] -> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. - -  -**Add the virtualization-based security features by using Programs and Features** - -1. Open the Programs and Features control panel. -2. Click **Turn Windows feature on or off**. -3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. -4. Select the **Isolated User Mode** check box at the top level of the feature selection. -5. Click **OK**. - -**Add the virtualization-based security features to an offline image by using DISM** - -1. Open an elevated command prompt. -2. Add the Hyper-V Hypervisor by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all - ``` -3. Add the Isolated User Mode feature by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:IsolatedUserMode - ``` - -> [!NOTE] -> You can also add these features to an online image by using either DISM or Configuration Manager. - -#### Enable virtualization-based security and Credential Guard - -1. Open Registry Editor. -2. Enable virtualization-based security: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. - - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. - - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. -3. Enable Credential Guard: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. - - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. -4. Close Registry Editor. - - -> [!NOTE] -> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. - - -#### Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot -``` - -#### Credential Guard deployment in virtual machines - -Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. - -Credential Guard protects secrets from non-priviledged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: - -``` PowerShell -Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true -``` - -Requirements for running Credential Guard in Hyper-V virtual machines -- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. -- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. - -### Remove Credential Guard - -If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). - -1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). -2. Delete the following registry settings: - - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures - - > [!IMPORTANT] - > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. - -3. Delete the Credential Guard EFI variables by using bcdedit. - -**Delete the Credential Guard EFI variables** - -1. From an elevated command prompt, type the following commands: - ``` syntax - - mountvol X: /s - - copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y - - bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" - - bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - - mountvol X: /d - - ``` -2. Restart the PC. -3. Accept the prompt to disable Credential Guard. -4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. - -> [!NOTE] -> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS - -For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). - - -#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot -``` -  -### Check that Credential Guard is running - -You can use System Information to ensure that Credential Guard is running on a PC. - -1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. -2. Click **System Summary**. -3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. - - Here's an example: - - ![System Information](images/credguard-msinfo32.png) - -You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Ready -``` - -## Considerations when using Credential Guard - -- If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. -- You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: - - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. - - **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0 - - The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run. - - The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. - - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. - - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] - - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] - You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. - - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. -- Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. -- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. -- As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. - -- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager: - - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". - - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. - - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. - - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. - -### NTLM & CHAP Considerations - -When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. - -### Kerberos Considerations - -When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. - -## Scenarios not protected by Credential Guard - -Some ways to store credentials are not protected by Credential Guard, including: - -- Software that manages credentials outside of Windows feature protection -- Local accounts and Microsoft Accounts -- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. -- Key loggers -- Physical attacks -- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization. -- Third-party security packages -- Digest and CredSSP credentials - - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. -- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. - -## Additional mitigations - -Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. - -### Restricting domain users to specific domain-joined devices - -Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. - -#### Kerberos armoring - -Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. - -**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** - -- Users need to be in domains which are running Windows Server 2012 R2 or higher -- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. -- All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. - -#### Protecting domain-joined device secrets - -Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user. - -Domain-joined device certificate authentication has the following requirements: -- Devices' accounts are in Windows Server 2012 domain functional level or higher. -- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: - - KDC EKU present - - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension -- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. -- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. - -##### Deploying domain-joined device certificates - -To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. - -For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. - -**Creating a new certificate template** - -1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** -2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. -3. Right-click the new template, and then click **Properties**. -4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. -5. Click **Client Authentication**, and then click **Remove**. -6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: - - Name: Kerberos Client Auth - - Object Identifier: 1.3.6.1.5.2.3.4 -7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. -8. Under **Issuance Policies**, click**High Assurance**. -9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. - -Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. - -**Enrolling devices in a certificate** - -Run the following command: -``` syntax -CertReq -EnrollCredGuardCert MachineAuthentication -``` - -> [!NOTE] -> You must restart the device after enrolling the machine authentication certificate. -  -#### How a certificate issuance policy can be used for access control - -Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. - -**To see the issuance policies available** - -- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\get-IssuancePolicy.ps1 –LinkedToGroup:All - ``` - -**To link a issuance policy to a universal security group** - -- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" - ``` - -#### Restricting user sign on - -So we now have the following: - -- Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on -- Mapped that policy to a universal security group or claim -- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring, so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies. - -Authentication policies have the following requirements: -- User accounts are in a Windows Server 2012 domain functional level or higher. - -**Creating an authentication policy restricting to the specific universal security group** - -1. Open Active Directory Administrative Center. -2. Click **Authentication**, click **New**, and then click **Authentication Policy**. -3. In the **Display name** box, enter a name for this authentication policy. -4. Under the **Accounts** heading, click **Add**. -5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**. -6. Under the **User Sign On** heading, click the **Edit** button. -7. Click **Add a condition**. -8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. -9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. -10. Click **OK** to close the **Edit Access Control Conditions** box. -11. Click **OK** to create the authentication policy. -12. Close Active Directory Administrative Center. - -> [!NOTE] -> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. - -#### Discovering authentication failures due to authentication policies - -To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. - -To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). - -## Appendix: Scripts - -Here is a list of scripts that are mentioned in this topic. - -### Get the available issuance policies on the certificate authority - -Save this script file as get-IssuancePolicy.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$Identity, -$LinkedToGroup -) -####################################### -## Strings definitions ## -####################################### -Data getIP_strings { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targetted. -help2 = Usage: -help3 = The following parameter is mandatory: -help4 = -LinkedToGroup: -help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. -help6 = "no" will return only Issuance Policies that are not currently linked to any group. -help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. -help8 = The following parameter is optional: -help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. -help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. -help11 = Examples: -errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" -ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". -ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". -ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: -LinkedIPs = The following Issuance Policies are linked to groups: -displayName = displayName : {0} -Name = Name : {0} -dn = distinguishedName : {0} - InfoName = Linked Group Name: {0} - InfoDN = Linked Group DN: {0} -NonLinkedIPs = The following Issuance Policies are NOT linked to groups: -'@ -} -##Import-LocalizedData getIP_strings -import-module ActiveDirectory -####################################### -## Help ## -####################################### -function Display-Help { - "" - $getIP_strings.help1 - "" -$getIP_strings.help2 -"" -$getIP_strings.help3 -" " + $getIP_strings.help4 -" " + $getIP_strings.help5 - " " + $getIP_strings.help6 - " " + $getIP_strings.help7 -"" -$getIP_strings.help8 - " " + $getIP_strings.help9 - "" - $getIP_strings.help10 -"" -"" -$getIP_strings.help11 - " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" - " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" - " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" -"" -} -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -$configNCDN = [String]$root.configurationNamingContext -if ( !($Identity) -and !($LinkedToGroup) ) { -display-Help -break -} -if ($Identity) { - $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * - if ($OIDs -eq $null) { -$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity -write-host $errormsg -ForegroundColor Red - } - foreach ($OID in $OIDs) { - if ($OID."msDS-OIDToGroupLink") { -# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $groupName = $group.Name -# Analyze the group - if ($group.groupCategory -ne "Security") { -$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - } - } - return $OIDs - break -} -if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" - $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*****************************************************" - write-host $getIP_strings.LinkedIPs - write-host "*****************************************************" - write-host "" - if ($LinkedOIDs -ne $null){ - foreach ($OID in $LinkedOIDs) { -# Display basic information about the Issuance Policies - "" - $getIP_strings.displayName -f $OID.displayName - $getIP_strings.Name -f $OID.Name - $getIP_strings.dn -f $OID.distinguishedName -# Get the linked group. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $getIP_strings.InfoName -f $group.Name - $getIP_strings.InfoDN -f $groupDN -# Analyze the group - $OIDName = $OID.displayName - $groupName = $group.Name - if ($group.groupCategory -ne "Security") { - $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - write-host "" - } - }else{ -write-host "There are no issuance policies that are mapped to a group" - } - if ($LinkedToGroup -eq "yes") { - return $LinkedOIDs - break - } -} -if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" - $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*********************************************************" - write-host $getIP_strings.NonLinkedIPs - write-host "*********************************************************" - write-host "" - if ($NonLinkedOIDs -ne $null) { - foreach ($OID in $NonLinkedOIDs) { -# Display basic information about the Issuance Policies -write-host "" -$getIP_strings.displayName -f $OID.displayName -$getIP_strings.Name -f $OID.Name -$getIP_strings.dn -f $OID.distinguishedName -write-host "" - } - }else{ -write-host "There are no issuance policies which are not mapped to groups" - } - if ($LinkedToGroup -eq "no") { - return $NonLinkedOIDs - break - } -} -``` -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. -  -### Link an issuance policy to a group - -Save the script file as set-IssuancePolicyToGroupLink.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$IssuancePolicyName, -$groupOU, -$groupName -) -####################################### -## Strings definitions ## -####################################### -Data ErrorMsg { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. -help2 = Usage: -help3 = The following parameters are required: -help4 = -IssuancePolicyName: -help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. -help6 = The following parameter is optional: -help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. -help8 = Examples: -help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. -help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. -MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" -NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". -IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} -MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". -confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? -OUCreationSuccess = Organizational Unit "{0}" successfully created. -OUcreationError = Error: Organizational Unit "{0}" could not be created. -OUFoundSuccess = Organizational Unit "{0}" was successfully found. -multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". -confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? -groupCreationSuccess = Univeral Security group "{0}" successfully created. -groupCreationError = Error: Univeral Security group "{0}" could not be created. -GroupFound = Group "{0}" was successfully found. -confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? -UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. -UnlinkError = Removing the link failed. -UnlinkExit = Exiting without removing the link from the issuance policy to the group. -IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. -ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". -ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". -ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: -ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? -LinkSuccess = The certificate issuance policy was successfully linked to the specified group. -LinkError = The certificate issuance policy could not be linked to the specified group. -ExitNoLinkReplacement = Exiting without setting the new link. -'@ -} -# import-localizeddata ErrorMsg -function Display-Help { -"" -write-host $ErrorMsg.help1 -"" -write-host $ErrorMsg.help2 -"" -write-host $ErrorMsg.help3 -write-host "`t" $ErrorMsg.help4 -write-host "`t" $ErrorMsg.help5 -"" -write-host $ErrorMsg.help6 -write-host "`t" $ErrorMsg.help7 -"" -"" -write-host $ErrorMsg.help8 -"" -write-host $ErrorMsg.help9 -".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " -"" -write-host $ErrorMsg.help10 -'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' -"" -} -# Assumption: The group to which the Issuance Policy is going -# to be linked is (or is going to be created) in -# the domain the user running this script is a member of. -import-module ActiveDirectory -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -if ( !($IssuancePolicyName) ) { -display-Help -break -} -####################################### -## Find the OID object ## -## (aka Issuance Policy) ## -####################################### -$searchBase = [String]$root.configurationnamingcontext -$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * -if ($OID -eq $null) { -$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($OID.GetType().IsArray) { -$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -else { -$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName -write-host $tmp -ForeGroundColor Green -} -####################################### -## Find the container of the group ## -####################################### -if ($groupOU -eq $null) { -# default to the Users container -$groupContainer = $domain.UsersContainer -} -else { -$searchBase = [string]$domain.DistinguishedName -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -if ($groupContainer.count -gt 1) { -$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase -write-host $tmp -ForegroundColor Red -break; -} -elseif ($groupContainer -eq $null) { -$tmp = $ErrorMsg.confirmOUcreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName -if ($?){ -$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU -write-host $tmp -ForegroundColor Green -} -else{ -$tmp = $ErrorMsg.OUCreationError -f $groupOU -write-host $tmp -ForeGroundColor Red -break; -} -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name -write-host $tmp -ForegroundColor Green -} -} -####################################### -## Find the group ## -####################################### -if (($groupName -ne $null) -and ($groupName -ne "")){ -##$searchBase = [String]$groupContainer.DistinguishedName -$searchBase = $groupContainer -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -if ($group -ne $null -and $group.gettype().isarray) { -$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($group -eq $null) { -$tmp = $ErrorMsg.confirmGroupCreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" -if ($?){ -$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName -write-host $tmp -ForegroundColor Green -}else{ -$tmp = $ErrorMsg.groupCreationError -f $groupName -write-host $tmp -ForeGroundColor Red -break -} -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.GroupFound -f $group.Name -write-host $tmp -ForegroundColor Green -} -} -else { -##### -## If the group is not specified, we should remove the link if any exists -##### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" -if ($?) { -$tmp = $ErrorMsg.UnlinkSuccess -write-host $tmp -ForeGroundColor Green -}else{ -$tmp = $ErrorMsg.UnlinkError -write-host $tmp -ForeGroundColor Red -} -} -else { -$tmp = $ErrorMsg.UnlinkExit -write-host $tmp -break -} -} -else { -$tmp = $ErrorMsg.IPNotLinked -write-host $tmp -ForeGroundColor Yellow -} -break; -} -####################################### -## Verify that the group is ## -## Universal, Security, and ## -## has no members ## -####################################### -if ($group.GroupScope -ne "Universal") { -$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -if ($group.GroupCategory -ne "Security") { -$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -$members = Get-ADGroupMember -Identity $group -if ($members -ne $null) { -$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} -break; -} -####################################### -## We have verified everything. We ## -## can create the link from the ## -## Issuance Policy to the group. ## -####################################### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName -write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Replace $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} else { -$tmp = $Errormsg.ExitNoLinkReplacement -write-host $tmp -break -} -} -else { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Add $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} -``` - -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.   ## Related topics diff --git a/windows/keep-secure/images/mva_videos.png b/windows/keep-secure/images/mva_videos.png new file mode 100644 index 0000000000000000000000000000000000000000..52ec8ee035068def0fc0ca14d2c8938cfeb89af9 GIT binary patch literal 140500 zcmX`yV{~M}+9=?T?MWt@*q+$7HL-2mwkNi2Ol;e>ZTse&@8O{< zm6aBOgT{mg003}eqJr`O05C8B0K^UX^$DYZ<5ysfRqVWHX+8OHprzoC-sih%+=@9|y>k8C=t|(X=IXLUu z83HtIKL1l3=D$B~YOimh`&HBq(AZTU{S}7%Pgq&k&dSuv7|?}v5d0N`_`mxd?eq-+ z_n-c!-^B#1EiDbL8~_hviJf0D@c$H3GiUDD6mPpdpn9dYhB zcQfoO+P#zPYf!Xzp5pWmn+C-MY*09$q|^(5kwJxgeZnwJ2=R%w1OmzUcO-c56hmn> za(+>Q2V7o`=twl8?Y5=?SAaicFhPK zC)h0-^NMihjZY4ce{1{n&$gBF3b7>~KglHEMYN?R$ArQhALI3_Z%Qy2hvdg=YLCc{ zCHk#O2NdClPun&G;@c4eW>xrS+v<#0@YGb^%1; z+bI@5sys{_3}~t!N^)iY9OAhJvG%xlaN*3npzYcHy!QSmq4l7AXa7q7|I3SKc&9za z-W4Yh#B9)@n8kBbhtT>NFhoUIQEZg816ZK2>4CmjXmaHG^wj*N>}&iy!1)4i4os^n z^fOZ6PJcfr|1a6mv@k?x04rMfPwd;KVSZuYT%<$=27Vfb zIPe~`WSVHhcuKTtC1hckV_Ro2BgVXC(4lr1l|>rov%LVpjjnYdwwBf{8(#c&;3+O9 z3lHYG$i8O>wWQa^&huvP50Q`IU0t{5{iMwosmrIe!_J$m&xX%~ac7gc^YiWJLmV9Vibr_#fY%~t?dOq#7{FKi@P8Ib zKue4=v#`w0EqRa0ryt`OoVS#tdU7d{~(G{nRekH7>6Dc6N`UT*10W|$`;c)d740LU1KcoC< zst$rP7%(xH=Y-yH+Kwm9&FhS=B;T~z%g&e1_V=RCjX~~vIBU0Cn9Y}pyNOhNlOvU6 zWF_+o-{d0GRAY0Jp>naKb`U$|;(MzOQ7Fgzjm7!aR*4PGP*^qP%k{;E*3;VZ(Un

5mD87R zi^qbDXaroI$Bm?qDT^{Uo-qXN=aYSxTTwTcCeI6-TUb+Z*L+H(iC<)8{=i)G=yr@# zT48qCeHVW3=HAyvE4!NQS}J^w_lzKMAT*t#NhRyvvn-wO)SFLFF3B>FFi&s(gSaVL z?o#JN$0n8=R}GfJ#i1B$-?mPse-!Rpe;On4c_Y zvJ=>`LD_lW*W0OpOkw?gvOHW!T(-B8a*3-rkZ-`XR@*2U zb$?rs76P>0@8|C=tUX87J8n5T^HMtA_N&^idcp_OWN@P!qXrm3;P96KptuLbOK`Gg zI00iA@juZ8k8rO>wow>oA4o(w-8^2`ZYRh7-d})1`PVflmoufUFycnqJ2#Q)3qYm+ zpeIS~S1fw}Iq-&p^~Ye_jklgM0(YppYus--brUrz&qD1+D+byQG-e#U1B+!QOHVRy znkvAo4p@?bm*jBd)sArSd9dy8^o}uRMZZ}WKO=QM^LY>vdeMS(5d$C_$V4ISP<5t- zO2NGTmjvAFU*RaDGklwU_`ap}`9;UaoZMj3a|J|Vr^f~ed*|WVd=NnR`r*ZZ8Yl_4 zNfLO*VZ8#hZ&BIfJmL3XAId2=KLr*)k#Apny5?1khQa4{vbKjp= zHlJBnYi)1Gw{6xS=-OK!O~K~qUx1~*ySPcVs7?pWHdI}h(uc3RLPHCpYpnmBa~BMO zE>BSh5_xI+twUS$0QfCaw_OSS+t7rpgWalOT^XuhyaZ#2m4>oN6$A%@>_;T<>q z-}^EAn0|5*{W{~8@e9YS;htD30WO zB^9}xaq|$$iu5gdt%5MNXgylNpkMa0k<2}XX+IHnVqV*(*%SW;OQnyvOaGD{kS)Zg zfi4@?!=4$Z5RP-?%BdeQ(-{wbN z8<7y@M=Xiz_u9SB%=J$S*Bw}CS#W}{X)>xNwL;RE|Ktqulf$c6og;BZpaFMGfePbw z5$wlnB3y$s-h}csI}Z&3iMFxCjDSTuFX!!&Yas{fw6hjYEkT&f74&}8(|uRD2hOKV z&9`NH;DK8TY?_as{I;OSL?JNC4GKt9OOm{Bwd&T#XxcIdS1E;oB~-0ViG8CeP-sx_ zCEykq>q2@q0Pbh%q`B8y7KJ0VC=yn;U}cTl>q4B5HOA7;P`7L7;AoLgrIOM->heilEDMe^4PwJQRn`&wSDbk@BCGGB`0*J*mv4nO~Gq zBZAdlq-X zKt95;bOM)}0kA5|t)eaFn(YnX$QkkWf;@P93sdV*Zbk#lHRaU$PoSa0V()QIg%Vwu za_jhBFoz%}HhlC;25_QMt9%n%KSf=rRzs<&TL>#xpk^M51m|1qcSi8GwlNnp#9L1! zst5r7o(OD7NCS3Mqs5^Zc;6OD4Nbr5SP9NR3GL))<(L){OpOPF)WEeHA7@-h&d_=&bIHmvG}^)O6YyA3wPKqhxiAW2 z@`SZ$A$ov{{I-!+a!31*YQ_0)@*Cp~ckpR+pM8GtOZ{*H=Ivj@A45}07P z-xw2JIOZUQ+7vlx5eV(VZ>EBlCGaVow7fw?CI9|{4|X*>p-Iy9YsLS$JY|;w*7euF zfR!9FS9SMvtSftXs2a_g20C%?+d@*yU(_+q?Uskjt9pIjq4fLH z22K$+T;Mpirweo4NVRF*8kWn+dCa2m>UW%-;0zF%aq%1>Xnx9imUM&mFUywZ=9HCs zjYP-uS&Lz@y(Md-ZoV@Xj6fNZz$i6fwVU8--R;AMY9Mm5Z6-)x5}Zsh-f7#_gwSR>h$z z+95&Mh$L6h&Hu=W!DPes8ew79-j{w`KyU3l{zkWgrMP6?>KK|Zf^xnk%VQxy34O{J z{5@AIY>+a)2=qC%3>t$B8RAQwrY_6u6CeaPchDSUMA5^69onww5xY#T`jnFdnV6+yQbIcwgIG5xszZLdE+Ft@Y%DO3lup*HiMg41Pf&3;+l|U#;$8=>w z{FgY!a+b-U>pvs9;H_|)BKL})YJ^y+1b7C}BPQc&=FBqGanQ4KQNejB?*pXHMtC-4 zjxJL)^ze8`MU5B1VGnrgA&b}>HTnKnYxmb+t^9~}cH#g`M$oZmlX=B&? zM0AjxvGfI(5s}AYoK@k^3^qrGA8g=+;NL<1l=9apYkLBh1J(^Kz22U#IVX#5pY2rP znFo0z(e_&Cy2r;j&9(M4=_HD!t$xX>gL24bxBh@CYp5!z$^=S4@)6TT(m1*>e`KPE z^!y?IL!jz;ZX^NW(k^;s+INhXxKZUumX0zfJg!Awf`FI!)A#BJY*|%V%j#NaLTyP6 zscX(n;Q7&XiFG0NTHEfrnDXgk`btReCacZdmmm28aS1iW{?^I zsR;XWH@wsMRL!&Gc%igNzKtL&SvHC=&whsYw}r3=ODXf9PvwyonZE$BLka3)Q##w> zkU0?)MUg%TEQup2s4E78vETSceZEE@07JZnagSiX3R0Psa)nB< zps72dxM3ogJE3XPKRn=TRT#lszvi^Ux&nDhTWk&n^@9XcO}uF6wJnL{!us-KeGvLm zj##-VBRy7U15slXgFp>`eeu87DTC34rUc7{M)k9^uPL+B@MZ33p|NtlKS+dl5ytN; ztcsCsV@8v~lp8Fn@ll7JduYS&f-s;YxGcXaD>rM~_Oda4$z!#H<|vEztvb}i?V3eu z;j&uVp=sv9F`ZPbXtIS_g_IL3b`RCvhBw{eiqE&jP0?p`21|^#8X`NZ@YJMTfGK{Z zQ-SY(bA0T^Q@9~hzY;nc%lM2R+MUh&w+9MR;K zX!?@ny(WIY*uOMsC-1RaAuc^G#!!%2SyI}; z28l+Kizl>N3_di4$l(^=ai_jz{na(aYU1yl!vI00FjG1vNp4^+Jc*d)4+K-hDHTM* z`p7>-pyI?iW7$n3gHiVpJn#%zKF%4475Rn8+@hk@-xdMmnq_<0nCz=yE!i17FONKL zC7UVg=GLCKEbX_Jm*#b88K%Ik+w!9Z90^1FNB%8F!D(2Ms%m{{QLh+FeQ(=EBLp_Zd?QnV9bSD7Ien-K;VOe<@n zU0$s3%WKUu*Zx6<&5uAF4HBrsbPl3sYwE}_!8)@u2Zvb9=>7Ei`R+>JU=ei0TTxs;s?I^=f1?*K{j zNFzas8L1yd;8Hf1(QdBlb_t*DJiIOcxbcd)FG}N(^tknzSIJfyq`58@Pkb90#p^R! zQB|be`SO~j{yL*+bU@bW7~w9N_A&QP`}yR}_-ni!i~M3D{@dd0%>d{E2S-fX)~%m1 zDn2>sUS4;fS>k6|+$-jVuxbwyyBH}jKiGmjx|k-zDFj%0ciE}sW^tl33Pm991m92P zlDt=$&x+3GQs?KoNv_YeUF)Zlq)Z*(aHGGZpkT_??OOrZWi9nVSmD6d^gV$MZjh?o zcpH8evq>3(iB}@`4oIH(e+!g>EmS|VqLP}Z)dIuhtW=5UEUKp#)as7A&l&!5wYl5D zD+EI-J0ZZ@(hkHn2FH$Dq>e$JdZrqyG2gLrwz#X9g;StIp<0b2*8K7bQR7GvkwGA+ z&ACzrIA>u757h&v6aAfa%@$IH7O31|nCo!+1PJ+%IP=dwI8Y0}EridrRkahXUlSX- zy&k$bHm=9poq=WFKuc*|?9RH3oSZDD|LKAS8xql|3*u$}HA=Ez+~J)+D5El7320=I^GRecgfqVgayZ zBs|4b>Ul!&CKy8EV4vD>0I!P1&~Wi1Sv0;2G$i?m8So9Yt??WQVeOx!TSLvoUQRHp zHSFj?<~(|?|~Teossp-`H8D7kg)SW*$>F(G%~>5dN)JF8wBvQjY& z;EHqYjQELieoSM&>`!`iWBi6rDW6^ud=7($Nd2827wd#m%7(_bVgVR10sfVc%%#*i z2AyYOHrIZkVF6x)A=%75x~*ly%S`5S;GF@1jQ}1qT9!oH@zzX+lq4v$;l~FSY%36R z)aD*plx;}5xSume#fmKs$lKCHN9l2jPPRnueaof1FP*uadCA!wQBh#W)782S(#HUc z^DJm6`L${vjl;#TiAfFVHl$@kiO2qdvXG|Akd``b-Jy3`?=#+=X5`Dd(2h+Pc%eM4GZMOos7rd?x%u%G5= zt^CRQvDt-6tCEOwOSO}e>3KvZu(Hcb#ZV4CRLzuw{p!K+#pH>E^CQ8Hm;e)`2Y!Na ziQyhR{Toxc#2Ob_o2;!*=_&>epM@+HrE?IT0oi5B8=I2DC|Z&xby6X#4J1yjzUvP| zs{oqcs9>OJKL;VJa^i@4yM9z2D!Dh!DA%NIE9=t*mQKpW`Rp{4nfb^$#e!D|;eJ~@ z<-;EG?S~pylU=AzxGX2s#;ZOlIH{qMV%@JnQG&S_m|GQws?o}P96i44Z@y&ye2p_? zTn<3Fj}~gD?~-d)VNe`n?M@h2@Ix(W2)F^5OVo$}wHR`$^!|l+5H{a+O9VFv$jAp; zpjtUX&&aX;D^9I5q!L&4HdscgmFcTsC>G%MXu^=3`-q}KcsqYKak<#hQU!x{cycDK zy|lQnxbc%JV|`oNxg~YrVekiGxrx=dR7QLXOSz!4xDJEqmE zbxi}%bdhYfyWYi+Hwr~geJ97IvgM-to zQ1bN3wL}+<`d&T4vm%vay_+d$&@{&t2Uzl6>`$ez^rMnSm8%eAdwU%fE%^u7%kJvr z$8&%#O88S0qCx}rHxMBfrW{|cM7)J)D*kCq6=K<)tdFPu4pTK>7$S2K!b0|1maH_9 z9lEz>ZU|ife60?+FIM|Yri6NBg*fz&G|y4B2I!e>%L-E!Jz7;TnU_k6>7a-ccj23q zfD?RMq~ZC74MUn$K%L+e5e6JuG)K{xGUidV(5zEBC|#h5Xom=@>^;v)=leq--!g)n z*hLJa%BnXLJg4KQaWBN>&ZzG-R^sEYx5S&BJCFciN?~?Z^c>=L8glN!CM?& z799UlEDYk* zVTnU5xBDX;+%0_SrzAw^l~RtF;HbH8_IJ9x`zU5EHKhlgvU7;PF0AecGng%J+4$`g zY(O399viO?A%@dp;lP56$wKyoDf89T{A){YtK)IKqy)?|D!@P_sD0$o(I%NfdiI^pigtj_hu?j@X+4RJ0zeFrOdZZ`*wbzm|i{vEdtwkEHpS{Bn{~3;^4RC2xCegSjE{X4>PG2Ej zkdbAodfI-A2HNAaXI7kSf2{=`@8oWC?Phg>vDnNF9=dY)4-NB+6V0@P;Cxh-*J9Z? z1Zh6ubP6cwrLk1wBY^-anL*pjU-DQ{%kUm(~y}X3|P#?`etLrnbdB6GTbhi2qW6tdLLk9W^*q?Ym4d=l2EZ% zX;7GGqZ!|+9+dC_yEX0U(zP|EZW#p;7@8pJf~Q2JxI{$dh;tRX>N-Xh-24;9+K!+C zZ%pt!Psf7OUHxBPh}ENI5)_8o=E^nuFJS)DxVJ$I-By}AwimDfD<7q}JS=inbB{+D z3-<5TYUg?0Z+miUrb-&!*`Q6j-M3@Q`Wmg@>@~E$zRs?%YdUvo(6m>Lwv?M|)12;m zs3zXqX-y;^IyO^X-&~x|XsRX6x0b;Jjk;O>fRA{}(N0sZR^sC4>Bszy zfkCO40s<8r;peSu4NjvnsYbxkALaWOE;2xfjQHkbguz9nS}P_iRLSqEe&y~8|F1Qc z&JfB56+OR^m!@PoX#`0p?92wMT>Kak5{IBJF?@9;kA()c5WauuAT{rot~0+8A}X=HW?6XqU|2wo4At0>5I9p$uK1O> zz(^`VSrUvqucVI#n3MQjQ#2uWhmgdLvCZ4xmLD)CuC%H@2`|xe<@YD}(|~*IH-m`D zrS`a`5OcEFHzaisglWX6SlUZ3h-&+{^~pi;e<-GUAS5wJd!{CP5We(apXh>sqHu-5 z`B__HKnM!{CYC+|(%KaKU)#CwCxE<$-Tgr`no2LW!Rh7TabT;S1W4RYPGzEV=IUxj z%YnC%q*t&nj}INwSx^uL_bF%>w>A=4iY*sIPmss(ISRQLZ2&ovJ14x{=1k$c+DI}C z)q{0*O=@*dci-=Dir#IRTPGZf!(Lzabkt51I(<1{;eI6T{KTyZ{-I;3ru2H<`KJ9g zap>)wpqCbt=wbBfNu zHN?qddy4#GFKxmMbip3%wKFqN$hjURew2|jr%8LO_Z^D0>Np`X0iGlT@AAqoj~)Wb|=`%NYD zD2Cb+FBbxzkeO zK((u~M`**nT;lQMb;Z0qAgW9dJia zDTX_2S`2vHzPE@dGixzk{qb$q>syi6EsFO|wD%;>2k8eW=%v-dMV6M=u6~y5`SGur z+mr~1SxFsw96U)Kcq&G%NEt?oB36{0GT+tqrp1Kf070Zu%2+Cf zt{fdIU(uPG6yIpiokp#84v_Rh)!BBtZwuy0g}D@AF!MVcK@_z#HJihQTpH9{MyWAS z?@=D9fJQsCa@Dj#i&>rRij>$)raJJvq-T6y^GGR)%hMG|KItrLD>|tKlSI`^^eLM8 zcv8_|2u7)G7R4H%B@>if6QzPRY-!#$|C}OTiSW=m>S3S?-JOWEom-CGbih?Z=LznU zQ4lq~-Y=5{X5^wWiNDw|c8a}#e3}-r-&qtfMeKrUHka#IErZ8M%oMSLPR_xtl$fVn zJuG1(b5=)1udiD3R-?5x?C6*ga2pdzP93spm=~#8W4b7|tYZivg%QaDSX$c@SE%L2 zAw(!4PUG^}gKIeerGEB;@iEXNm|j!vxW{jc&P{Wla{|j!X8l!9tGcmbLEC{U`Drq~ zb^qnPB?(goUiq2~O!XIpRkT9Kcy~ce1#J;nej(D3oJqMC4dXxgcq)A;p>qdj(nHLQ z;%Mjl%^$mUOY+8SOm=j*#MX>zOXW))1HGHionFtQw4KaS!J;j~u)MLfx=mn?=mu|? z+o}fZ+9Y1oZ&yatsoCWz-8!ZUgwlq>X~PlB7)1*z5C~~Csto3Uv7_ls)A6ANHPnM> zP&@d+@*P*ea3(nT4QmS9WQxk-AGrp-g|VIjliTa=H>@g;?MK{o&de3X)X~}Z8 zK7K(^NRewu!!f5}1H4F18)IFAJa_6@&rg@cu;_mVUwM~jBKKhaxw?=bFBkBVY%Q48 zX0uWAE%;3Pu;Ma>s4#?Q5ze8sZmjIBYkO=5B6NJ>rf!W#jC*Y-@!WA}KkX1$&;Gc6 zClfQzyP%>*NwWG&bYi} zz5Q@_F6n%9?z|hJtfW&x>Vcl%Gcfan84<}ZSo#4F?zC=+9?pq5BM%$i;iHRjzQp)k z*jRS>^Co<;?l~?%nkdTgHS2FR$u;Yv01wxixi0DS}Csl$aF%~Bi-cO zNj1sib~Rv(GkJSm`@}d|Z|aEYV$asO_5N<{vbNAl%U$PnAoV`aGAYs8{yB5~$ZcD@ zkMG9of3M}TEGe&#-G%IsF!V7@T@o;{-!?Y59BJ+*MAfw3q|PQO`$X)@NyNfS<5Vm) z$omhvwqP6*i-k(2g?t!R_%C~DM%7GBM6IV5$2Qsaa-DC!&bDj9D8Za@m^bX>Z|P|2 zUD+&}BOFm0$Wr~&ve)GPm!3{}U5_y54e3(7ne)Dywvuq(G!oZ5jNe?ZM^ct>U{>v7Y0H}Y>5G8FX)-&v?ta<+xTxiB zsY=8A%N?=shB@v!qFouM3VoPT4Q$SjQE*V#qdJCwoHz7e{a=?vscyX6{+Gc{$KOl_ zJn2qafzkioH>jqJz%yO11_q;XgZr<~j!L4>T^CtjQN%l$4AQah`y?JS#fl?l)dW*w z00Y1q<4oc)KVpuYxU*~zAT~cm7WM^qrwgM$Mnt?nlDzNdTW{+od3dDkPsB;2?1l_C!nksM5rP0b`3*G4g6QRB@JJ7XY%v(vOyx_+v4-4vHf-R^8RbX*D25S z;>W<`+fEhdXQZ{)Ajbv<8r4EK6$hl8t0sRW(iuJN*wu!Asc5&%tQSH6@Q#kmTo@>$ z_5I3_g)xl|cWERd9p0upBX%-lD>Ten3UN8P#$RIq|A7`5Jus2BBTt$fT(-pEZcQ1r zaS>ydG%eTb)nwZp^~W7d=l#O$Pwy?bDvv{k(YH72_p@W`HwYf*I!>>E(GI=m)#eNh{J0a4?QOK)VdA@gEy02Z#~EzFPBo*UCuO9Ko)h?T0D z7@i_E>%pF}?&%D$qp`=tT_EShD<<;}yVaCkKv$i>y280mS8T<`h>eEBShpm1BAnO8 zV+peyF%$(soa9C~eO@a2p%!VI*XP0jl6#NNTBe8VuL66U;W0}c{%t|MwbbnE?|qi> z-YxbeE$DyFO#b3P*TotrW7{SIQB7s+s=i3pvaieDv3-q|>3tQnyJzh-ySlig9 zUMf$fI$XJ8A=^uX3-Hyj8o-f7-xy^yl!%c7N|niMd$}8C!-ZS+{P*n3mHyt%(tfPI z@wjm*O7r&zNeKDh%{uX;SOkO-;V#ZGCA=Ofoa|U^9bC(C^vU9j!Eq%o^26d-B?SzUlTe?#AA6zCAO>=7Z;>a3RuvZ15Kd3y$YSP%@6a zqrI=(?(UrJZl5=uceEeRxNo~Wch>J|-rLmH?yH^emv30OFP(9qfo$IvJP)f`ALpMJ zU)OMX+&tK{<7U79fxElo_49M;@l5V^_lN7<(&Uce_}X)>^#(e{EeTW=@DQ3j68gMANk4^jh;b6Z?-g-6Q$wqTQjW32RI z*IaY7x0hJi_kenEadzHpoizA$le#0=Hykv7tT}`gTFV|pUSj`CVMsII3zU(NIteU+ z!>;yR*A?28>>W~U{??I&B4XrM+_9{3CD|e#Fh?4ON)8S)XSdtm7+7IqeoKf?P_A?{B}hSl3)m zACuw3%6BDVs5NDB;UH*mQQ(gdDZ}=rC{igE?J)eA5V(wbcU=g0JrWzhqx@fcQ5mA> z2;l-6&gof}?6`MFWDrtvNbaD^=EfZ>+-`=kj)8i)y{R!_{0{<B~`_xx}sva0@? z;|Z^=CjI`)KVS9H?7csze>?Aod2T!}TRFBMK8~F^ z9}jpQe}3+0zkH3tmKpJZ@f?dig;DLw{9lXVy{iV?U|W#okx7V5)|&iQCUm5wWpib! z153tf%d&au7Q0kQa-zDW%)c!Z*?$f5YlaDo{;h?## zv7bNbRO=hxZ`2^br|ho)?j>y@R7IqdKKb*N&EhU@G-@6y#}-S z6!h5kyo>wVH0^ap`&JDkbKvax)kA&ne5?9+#Qiw*vT+MR@ZJfhZ9kOid>GdDz7M}n zS^u^eo;77B^H&k?Uyel}E`au-G4=}C&FqF0w#Uy{&kbA+6fmp>cm6qnet^HfF0TI% zKK9zxDy3^Y1NTpUchaprMinj5Ql_o;Qlc4QwUDZ@(kV#st?cX%iex5&;NScxYkuRz zg@0rfw^Pxrk200PycI;^7x}I(Qs$M2QNpC$GtbjK`*TLA4nqKQgsi_77_rdB!6--& z8KdsS-En1>P>%Jm{p0Cy!I=P*nLU#HBaq_zt-)Ck-SfdQ49YG7d9|QnYjL8c=O_!K z{5#vd5Y+Fqj?c5LuaY^WII{|jjSAT#S|k_hPKHWk))pF1fXX8!2~30@>}t1k3oZ3w zHIK2BZ;QR2ML1>_(2)^e;NQ0 zk4SeVdw5yY&3jJ{93)cD#A&s}dk5~*X`-Q=-En*hCITh-=ygay(I29pi3zZ(`oAR0 zPcH35Gk4^VAR;~kW}doKA-^_wp0Ej}ERSECZ0*;Yq<0dL$*AZkC9#S+03FHVm}&v> z6X`0N&OzP{2pGl0%le(P1y9SCTlVvNa~>e{V;u6m5x%!(s4F|KO1CHxSC5<*V-kBQd*3tW zzTIhVNecM3aNm4R%X(Qm?}cEQT+<>6K3k`4e_Bi1d>WqgYH8*9Otel$m=)oE-xrC- z^Vg@z7I$>%siDNLC@K!bWkB$2RzeXY; zh6~Uc54+0b2IB_ApMyQm)k=~%NaD49?3^L8V(?9VFuk0wJgWA2Bc}%bHMSz{9 z9NVW(dUwMyeV@Bf`w!b+Xe9Ta;|4(ykA3ood@2ULk z{v&5r^@;p}|C{66rAxC|?`E~$Od73a+&#ZuDi`unnK^cdLS?9n-~jEI%O!_u6yd}R z)XPSo4)>vi?6ZLrk1t@o>0&B<@%?dy?@~Nai2Oi=P3)@g|L3Xp93eP0A9nYohCv{v zF-@n{?eVa$MI*ePEzK$7DLv>?>tvhWYNoj^rL~>19p9x{AcZiXe)(9iKqZ{{>gK1DW@ZB z-VqN$0bOYj)q8^QcU}-#Zs(!@8*LRK(M_M{n!JsBHqa`boz`mZ4o$YImKI6FQ4^@! z?Oh$@d2aleR9510dswFRc$WC;d#2%Xx!uigexBq(M1M|&)4tzrJ}*ytJvj5+m&klx zMZeWO78P~AnB#tYogI79_P$%(e$)3pi+-Q~JR>!ExEo%de4C@~d<=YS*saLA981+R z-ZAJEWCg)6%^!h_K*a%sA^WK?!-t0R3RTOYwuX&}TymEK7&KUx^fPSZ>dO&zipZf( zhV+*5Z3J+0bn}N2jkwrO9=c+6?vC@oNhb)UGtA^-V1*6zh6`G%t?3UGc|Eqk#OXbY+~jM zu9Ub0XzfCw??V80hErR8nGBfS9?mCrnXbx{lH@;1_5*0HC8(vL^oNji@K#XJ^Q|cr z=9lKyvkq-+4;x9N1jDU^gr+c?k@*~rhokvuey((J1FghAhjxF%95WB*XHM`FWKAMo zgGN+duv*Hz2(OikmyQbO z`@nY3eyiR%@H=XTVb!zsxp z`gHeed;I#l^$uxDQEdI^9nV{tpUKHVQH=)&25lh@j|X9J~-RB#CYvT}vb~37+4E8{%WO?~#(Z=?Kc* zczVasadN3_L=1kZ!~?R7Qj%ZW!Tirq{|iCh$O ze{P6Ai}F*_(2EktM=*aR`{BE#|NJ{lYGlmkk@F+?V^HU2&bJQ&G3He?u9SHi96y>V zWN^H7P~m2*w1Q&v;8&Cuw8{bgdmD znkCpKHBBm8lZJ9x5u2G%!4uaX1NqOPI8rNw&0wZ_I>DdmFhLjzTG>38AbRIUshA#& zn^@ywF>p%bxitz*)@INBr>Hnto$#2p4XmZ|AV!0l4oX9-DToW2O;GzuS0Ew=8EC~W z&Y(y3eX*30;sTC~iwQrmlZ(OKZJUq0mZWcsWVO05`$#QUeE$^+mg*fFS5Z`$^{~pt zruxQy?9w`G^ID_xi;Iuiaukj=rsIQ$LaB3y=5*SmUdEgWzUvmke{uOwBS3GG#A*j&b%@u3KcU>o1Djzex%&8#~a`Smo(w-@wVv73GYAqPVmAhbETQa zms{NGpsWHmT)Hmb-!?xeJ0HU7*D9;H**`Y~+Sc-CkByEeaSDSWzypi?ujdXYSfN&S zbhfN;7-iw5;dGpHFs4C$3x!weG2Fo+DE;cnGGWgDS#(QXaN#-9>Ij)o-J3$1kvp!a z`1v^Fw%@JEYwk>~Y5tmiSOKL_U6rPcZ-hk_|F-xnGat$cf3~^H5yKZWh0aC8l}|10 z^Dgwt@d%unAKKq@{;dx~*l`)!bAspONLZZR(k*Eon;JtC0m9gJkl6o$RA(21iUE~8 zeig;2#}BqBc`(sqk6CI#kT`Iw3qB2%ZZJ1UE-OhonzF&al^(redOj8imsCnb=!_CZ zr7;(MUz&gA64NyN+ERI|>-BU61nJzcu*I1%(VGB;!wLED?=%k_|1F?rtG4_%0@eY$ zJw(5d^W8r|JL42E(>?8fIwUoeS({PA5i;j+{41|(6;HDhute?Uf7<19`34C*VrTL^ zBfCj%QAw%TE7eMC5tJVY9VzxnmC2~OPg+{b_+9G0En1_6Y)!ex279~x#B4zX=UIhc z++!MZJWXkxeAl@K$FN{i*_i7hw%BmkY#1*o$E~cb)Xc+h=&;}if*{r1P0D?5$go47 zBe)IDjS9$b8!}!>YH?ETM(>0FIaWo*-H_NFQyhnEBjSCQ(9T1`S;AJ7^X*YN_dR=mg-AKRSIo87-p~g;CL>gqT=Esj{-*ef$D;mMA=Ok z@)?tD2_?VIH@T&SBd+4RT@m0;ND1~-_4r%ymD{0ip8+r?Y5TA?Rdk&^hd-rnGolf| ze3Aw^o>7!AM`S=K#Qk0`%0J)kN8D$h&B@2WD5PdCBK>Vq%%G~~x?kE~0^)u;A)a#^nS0V&2$*G~>d*yB_4Gqj9K7vX8EsfIC12|6)RrZ}RP5;mmH z1_l_hp{0=1ZZjf6LE$exWsdfZ3F7$sN*BBV_g*c|rd(>%uE)G>*1bCvF@K-=J z%V z6QMlU+||W+y7@9HS=%_o%@fcLFG#~M3+BYF(>3~V>+B2$I?&vWFl*$to;(iwdVD)i z?Qz!lVf@h@xsm(5V@=5(cOIPR;9cLn8D(5JIiW2lN@CLgjZ-BBcaf6N;d!G1G{c{&r0RYP^-`%6IL}$-hD%9)YGmC3C z6B*v&Xy&s)I?GTUNSynnj>gon>K?k%Oxvy7D4u!Uol4Gj22F9oJ|ug56;*9XF5r{r zV1)JlB%7FfXovQSv*_M;S0?TRGUH}Ui9LMU7>d;-_v(hr#-s9`7YrO_>Rx0oax($e9qVS7(_jw{kF--Gk|*&Ry(LsF^C5E<30s?l=>@4*B6;qSqys zaiJlLR}TsIRJ9D3XWD<#`O!76tZFh@WeAe_Go#A}t>o1x7=nPGz_#8qK}hK@l~M9+ znaR7(Pk^8O^25jPZ)keexh9EXPO{Z>aS~FTxs)b7`g$^GO2yDk-f~VZNS29@pMW4X zib}(Qp;NiRzTQi>RSK)y=g|Mj;u8Ei;>=-kvEj~xUFe$mb`i40SoUqH zj`K#ql%^b)CxK8d-CV35*(-HNRPNQPR9Ojp!1*)4=PYm3z+m9NDjx&q2(hq=)OMe`Z@RIch&ep?=@vX89$)LX9uD z>8Jhp9V1p_La^l9r#6+tU5t=59qJpw#TgO@#ldE7m%eDC+OD#l^i3pO*QT9%5~I)V zrNw?N|BG|tpRWNg`6%x6<^Vibq}4twEGJ)^F@d`;?EIL*KMZ}}W@4C#AT){mnR#VT z&(Hn!+i@u}m-!XL_^sSWX^=DVA4V9Ue^_nG$1MFM7Nf38X=)1|sWWojNNd_$&-)SX zT=H?{X*b^XFuKpGsA{BTb-p-}NS?2%*1U3JBO8=TlgOv-C2|`PRa`e$9=z32`026n zKW%^g%Sg1C#7O^AfVcANYvttJtISR=#hUEhc?_u7m zn+i<|wOv3a9EH1HmI9g0fGZ|qKM~57)fDuX;{FCjyuU$(@tPK08;sB4F09Rt0fgO_ zzgg|pSQuzIKfJ3}!l0ywD;=wyE=g*?+=Out_|a4#{zN9q*0)<~(+g{jvYDvI`4Va= z_*ghW4WlK1O8Nd3_A9Fkoy?69K5yuJwP^c#Ax!)4{6b6;P5bF)!@Jb1%vAO{wR#Y3 z!O`n9rR$&BQ^^T0WWFp34^93du+X?BEC|vDyW#<1VjT_bodO5vJ?RVm>wbRX_(AUX zpvB3}e=MSZzRW&-<4si-!{ZEdF1$CV!+~x=C@UCYhQ3pdluC&B`Fo{T%@=zRJuT=e zZJvg%%Q+tu5j*MNlCk~%Sis4~^a}~Dd=6Tj&5?%h5^F`t#sJaAMik>EkyH4Ciw^TA z{GUTTcZXi2YL`*p@xqV5Lb29?T!TN*CiW&z1GTtRD{`W*lwz`IJ^kBL>l&NlkfLF2 zWZ#9*nJNFf`yKN_1Df!$%qiUvq6JBVmAHKskJ~0`-#dBT!pKUI3zD7`8?l1$Q=6f@ zX5ozvORblYc%HFCCdB#2K;T+~xyL)#tdMO|w0LolxzIq>rq zk`MNpiAhr=90v)Z&xBdmP8EP(%^{qp$~70ua<)dL4h_5jUg z;m5TKP;qS0!yL_+K`+TzpAm#K=w+jqMoDDq6cEs+x4>PjvQnZUc&#qel*SldSWmsW z>1ChW`tosa-Tf~v*0e5iq`S_MvocOM{xFW{ljO^pI9cIPoW^qECaAZ^5V(bjHWg!V7v?>rG26-IOn$ z4xxw_j`Xlydhum73!b_kV;Yh^} zlLxQHkO2wgnY|t-Fz8!&k{4L6o}cLdDFQzaR45a}zV{j!XZ~$j6c}zU?Gn!Vkfp0b zY-tW3rnew3;PvN=v@RZJg};AvSD-6bc6vU)Z|QBNyHr;&p|qj+HDJ zE_)ktaMqHII@w%e4p-aA-BbbD$CqbYhF3m zV1{&w8g3F3!!jkwT$HsA0`iRdTIItuwn_1tQe0qdpf*EpDg@r$3q4YjClSnu`egu6 zSRjv<_*n$7CRzgbf`L_!bTD1*z?dn${6Q5?P-EiT+23P_jts?CoK)H#mPu!2+u^7^b#90uy z;ZX?Bk~;kD#ggOz+&ahm|1?(Lm-JhG<{QMDSp&Nkdts&jZh{Mn>15Id>RsFAGR-S9 zgp#sJb$Pk2dN>j$!I3bmD*ce^<+o|Xz+#hP(=iCgN+qHz%W7X_X@|%g7{DMwi%52k zELnr2i24z@Q5Yv;o_|`0GZ{;QaO)dp^(zA>R52p#n#|1HOqnZaaA>Y?{{X3%x?nzK{rl1*B8!!HW1czf4?)6;24^8FB_(F9kNrzq zDD(&eU6E#seVmwedfdlEh_foO zL(2@66`*+b>GRL-l{!D3gjoG=K60IvWr}miUn%m;JF1gXQi5JdJbr4F`&869oAL|$ zi5q)&YjVp{qWAn<@dWQoUvP4kU(w}a6ujWU!Qu-r;usa7UrB>xs1WdL_S&wUo0<&3 z_rN~44mD78H$nv-$!AT^PvHrA1O_0|;}fzB-DA$vd9c~{Xh`Tt6!Q&|rm#`X3v^IG zqc{u*V?}nX1>SNqIDfcZMV>y8ETeV1VE2WIi$s_Ums5n3S3w#P^RMw>k*<}Y%tFJ^ z(-mF~Z+l=_&?(dE8p4pI=`Fk+n~>yW!7b0NVup6bsUYLmVb5$6{mF(~@M}b*cgX?A zETU&ih$kX5j~ZC5)MIfk7cAx&x%pQw21#xUhOAAR%oS5dcZeW2$M8;uzl2zE`VJI$ zRB1ByDfkUG%<~a^&rO0zg~c<_-xuEPXH>Sh0zLdjU>YRDsxYcc%bgz8fRc=8!8vHd z6JTXa&i!^xNP!v{qthOI4BjK@R$d^JS% z@U(MLrxDjRX7g_{6atePo5h}w^2l4_%0Cvc!6cZM#U~{czv8sUAOXw_(0h+XaM)hR z=rn|&)Ix?x1eGMEf)H2(04iESjPAD%P!PWq5DL=6n4F*IRqH6Z*|D>D58j>z3nS379f&8tw@sN4XXwfi-d6CCg27==#E=o&bK z&73%*xK}ClY0fB#o3#Et=jqG>2@1IYDxc~K?`~YXPFWB*T0GcX|sU5LwFrMNK zl4n2=aDMh8d>3OXj<`7kCx_TdCNGkKod6e(m~J#-3(m0Cuw4qbn(8+oasX6z)>DO? zZQk2OI4UC@#R&|AAFx2 zR=b)~G09sOi8NlQTG7u=mcvNXybj3qRF14t(i><9#g`-%1OzHL7F`Zu%c~&lRpUiq zRW%`!Vwo$5H{W0RaN{84m?9g3M*U%2r z>QZK#MIU9xkqyIWAW4y9;@TnXOBn36I+BJ(%&cJGPJ7x$GlMZe#YQo^_4>+T_+;$v zN}!@H|qct8D1^ zyP`0>;|_3thK=UaK#G(U@#=}ANzV(3&`Xc?{mLPkrD3@{$VIhv5Gh7$6*D@C)WOlN zj_|2}GD?ALy94t)P6&#nQ$m8{`hK1I9G+ChB>jRYrt^;lz4rJBdXVpTf7+Zs)KN$~ z#Ef2&$ESA@8or}l`*jqZ16fcvOi8r?B*`EFFcLJcSVCn3NS=o{BE8`yF6rqWO-^BgSa+b zE}5mQ!@s{%Nd2J;O@ak(^`}=i)=V1&l6Ye=lO;5z0r~&l0%1`rE9%o4<#Lc{%+f9& ze}{vCk%p&!h0@QTz8u7;_N-8<$>{1Mg-dsKabw<;2m>6YJ;p0#Z@ zza+I5M(DrQL^(mnb7$ZDu$qN0`U4FR^@7v*!9T=hM!6Hd{g1`rnkPRPU{k2ZF4a8O zGORfFdba}&E1!S3@oOwYZr3rzoBX0kNJ$?)MN72=kfAXg-*hA?Z9)`Nx6O3TM!pv?J;=qN zqJfH+C&Ar!jLp1YUvA}~^h}J9kP~s_6KY}U9?-zmnVISIVPG0=*+dek!Uh!a02t^$ zaK!Cjb>L}+0Q-2wx^y<0b&QX-qq%T2@<>q?=n3MCo)eYO1ZqRWuva8BOH*LMNC-Rw zbaJS=IIiMju-laZsziANZW#XIz^XK2akIlB%GAxIIHmW5J|+8qEYM#Wl5dRFiXo+W z7g6RyBAqam5O5l?wdrV2213rRz~mS^zX;PAZuLG8n_G8JV0eO@G!^q@>~c@D0iIu} z{!k#Gk!t0mBu*#R!orQ&k#j4d9v1L0gW`cGA{JoG7)ELuj5e|6tL%tmY1QChcC((W z-{q*}XHm=%dL5EgXn`it(0Ffz{WX~Rx{=Q|U zOmLg?6A4z>A;ef6I|FP6rs0>0TnuF?Q46^<*)>Mb%ra@C2=2beA^c;3if=1G9tQLU zfCS8-C)WeDM;aPeB!0KmD8n^eBk_DQ2lfGiY>MT3XXMeUkY#+pz<>W$T~0TmQnrKa zS;-c@iY8-dE zcXdn862qdM@Vz0xXu^G8@2WJ5VD4v8FEPyGc934xk$!y+2aoSmr%Pvp)Q;rgDJ@RJTS zsoY~-g08Lbzr$G&6pC8kb8%3?QKaGeSbwV?P}4m}6`BPC+vIZzXQ4{|n~yv%AvL*zjT{!uS}YXIj2L zlyBr?ZAa9W7{c|VCY7M@c9v@g3vs;Dzo=t;gif-HY?_7rI49ZnQV3aShkvzcjW8lF zUaXi#>KvJ*$0GfDFmG2^9B7a&y<#vR)vT>iDwYxWfIzoQLv8|$*k}YBOu+sZ7i2P& zC7MtK5np-;hEtk|n1)J^7ok(a8v0n2JyLdaqu!uE33C~{64C5FStjM;-_=3I4rT$W z=IkcciR`$FoZ`@PS6j=ZBqlUB42sf7ftF_1EzF8aj7X$TlJ!|MzaqxA;I%?)E5ot$ zL$Jw;*?YBcC`vG}t}7rL2TyJn0mPwFUvy!V5OGP^anwrD$cyH^9#>77=Y~>=V#G@! zZNYW8P1}5UB@|Q1x;ib;cXiR4&_KQI1amjo?A&MbU=eum#d1*n%Dz|%tC!lNBS6w+ln)&2wc8EDqGz!Lfv-*>mj<{|<_=YqeTDQ@t~u6h)Bjkw z?b`C~SaBoW%-AO!hW%8CBMAg#Yr~Bf)?C7M(ieq+lP_-Wm$AmY8w+PVTrWG9dZ84&9#Sqab35&Cx+i(8U z(zs|VrkVpIga^QE7|VE}U;F*qA-aDqpsLW!hvJY_*GZ;pX?%NPFNVcor^0Dcz-C3M zKW6-H{dd<`i&j7!35;3Syvg6TLq-H_t`r&RH?D~^Z67LbY1E?;PVBP!mlnvD=A(-$txlT_xU<#oe55OLKViSC~^TNwc_G=4v}5gC+wP++#)NeYwoXvFprrd&7U+e^Yu%D6;>ad* zei}lhWqWNGM|ABFpeBh}6HoLY6m1WM0`Mt4wx_?Z!J|@8mO`k}2M7IxoN$fF25!2E zPW|VLqVR##C<|x-eOgKKz{15uj})@YAfjOo_~*T*C}Kg-5TR+01Md4x3ZuUK2AzP< zz2xZBMX>lqaR&8YbLFzYK$FkK$wfBL?a2@AW)ktULuh; zNkg_rEzjMTV+o9|gujCJixZ`KEaxXbDiJ41mRt&5<3K^?P8nzLu{ z0uKj(T)FQ_B%Mq&dgziIMO2g-B(Dw@L<>i^Ch{Q`=;I<3s2XxQ+8ts6fzp5sB^z|b zEYjgdvf*c5o&k_iqoXSeT-_zko1=sb`mTd8JS;;cJ2VuRPDR6{@>giL>JhQMntemNlA4P+D+5I6r`HQ43u6V5qS6`s4TQ-LGwwEZlV;Q)exkjUQVq`QXtr70yF29u!<^tTH%s zq|eaSkv_+gZ2wpg1{_}&P*sVu6fjv1>K?2xwcREuR0^8{oa%V^ZZnLfl@2I@%P5}~6NouT+6x9Y7 zu}ok91!p`ti$gU%2&)oo8CH%WhX68&kQt|_KBYK9KHwHjoft49Ph>Q$B2kvZjkxy*CwABFl$Y ziXtT+!mvHd)m}Y1O2G# zh~UN+yz3L5{L1{L2$+FQKg_25e=>aL60q)qgAo6+kS^v%#7UeE3vC0cYyef>)7rXfBnW*QunTY9e~ocaDv%eJhHyTC^J3^6t?dlnYam}TDjjK%CoLc<=(l7y{@*& zFT)lCzUj?-O()INh*lbqnurT)rt>g5==1uUR9oC)q5=b#D@GC^@0kI-3n}!WosdSm z*7s#NH~?CA{`$nO8n5p+4o#2oQAb(v=t=?!5ckuE$RtKZcqaP{T*h7=_vK_^EnQM` zR$Q?vvAqN?oNKv(WVf7{7MXrcKkTa=YC@v=Ie=7VZw+qXn2jK%wJ{_zd-j?tU%2TobLYm zs`95(Un`Xm@dZ{Wk_UG5iu-rJGuea@;g)IMrxv@mjnUC9%AJR6)$fVP;Qqicpl_$S z#rLlmF;5q#WHLlj!PtCSHPjaUB&Fi2t0o!vw^(yqmdR-xXfrc#@hQQ&1?>|6YAl%O z;cZpe4ajI15%B(==g@Y1d@`z0I!}9e*p}Y?yx)B{@FT}()Q+Vt}WVA@AU zx~qc0+o4=C$z{D0?jUodyY`t{YOW?e8hG~3HZ$5!jwS_ih4-hXHtnO+jSgy71%I7KklJmE9Z$U*7aL3qmxmCR z#*qn>p(&4E0TGc0PO&mT+YiC`Ta}$=2jd-7i;M|AGyHkUzXr^1Q6B6Wm03lUvJ8!T z7K{w_qOZcI-WN5unJ$RmYfkL+N_8}yIQ^lD7a-=W~M?k_m#6%L-#uU%ut76fTsUj@n zHWlr1p#xJn@j^d@VIj0wDlas13hoH(4FPFsgQ|PieN!b-U_i@a40`6SwvnwaRRh5fa$M^9=!CHG(EkQWL*H=Qrw-pXM zoyNwqmaZp6O~bqKPRrc;Pw7D|jWKJ`g<<1WeY~GTkxL3D;}j6uC6InJx?@Z(GqXWV zKYD#K;M|t!<&R~@Uh3-mnd{lz-5pogdy^D0ao1U?(A)T??{4?UODgiYkWExtBa;5Q zegBF7?ww}9VVlo+2N&1<^{C-<5O(hDMgMC~6w<%Am=?QS4tP437iwL_&dc92RDAw%QnR&VBv^BOqSFi0Vo(+UKC-ysv-u!hDDAi)8?|J3;w&JC@ zsY>2)%)#V7KK9V%Fj*ZEn@lGnWwQRFi zo>jKJ^^N|*S}8t8M+xw78Qjw#qz)H&KMwVXTD>M$Q7%E=ayTZpStZVCl&O&9Sx{X z6$qTTvSK&>db`zNXRaLvoZw+=T8V1e=?kf2t>+AF{mo$QEscI=BxL`yhcstX_ zL;re|sq?Sbq~012350f$~lp-&|JM5PbA2) zq(@!Ye&J*0#!d8+51I09B;Ts?N;L+yNT&ugj92mUHUj97n3W58z1CLC^?fG~3 zQ0QvByS~nE(eZ5<=EJ(NqRa~RRZLu540`VR;OLJwr?z(N-{VThj~?AgA^XhlGU1zdBfhqyAh$6n{H|c+~DBe}5zad-&n<;o zuVTCJP8|IP(TN3tLap|lvksl_42NCU>634}LeG7K9zrQiGMi~h(hQ<1lhHhALL~VRiZ=;|nJkhksDQXZb@fG3?dxLI zA9Hc4DE=e-WQLL8>J!S`;shXh-)icgzQN$I+d&y_4?@yk0k*)?GvU( zkDf?V=c(|roh@CvLA3!sx0V6d##=6HF+~2C1(P4Mj(X2QhimSuo1KSm7kT<2TwOV8bBA>%ti-xKpb{&D2Me$#9IX@0*H z>71+DF2?lsqf_$($Kh=_w)^IQ%i!7f@ytX2t_a`J1L^&2v+K4#;I-TTMqaV={Dq5C z=kGwC5(QV8u@Z~9927E6^BKq^V5`kB;N-c3rpu%MDDQD~@pWe350>-486wk1W%v7E z-HrRMhpvn2bp7TN{q7I0em8>ZYM}=&?AN>t&z)`qj>k*G_ip(=6U%3-7J~Q4j(#tE zhBpf>?@%DTbb-I=jif|AJjVIuUe~2USSqI*ng|cRGdiPjz4<-%0+ZeW83vLr-|v6G zAQdsU)A%Es%lF2R2wutncS~vwuXJc!ub;gK+!^4H>Az{{}-o~M) zlb30>||=nzQztc^h<+!Qn!RH`9jd|hzDEfspIB8+v7f0U)DA3`eo6-1TYcb>FaBo|6)^Tmx5k?aEq_;YTMn?2k!S2=qQk~SKMmC{81!` zk%sKriWgL90!LclL<~l7N-|%3#Ucj>!<&X40*Qj9FrkC4Ccw>H5COvWgXGXjY5#I$ z(xs{i@D7zsZFG4tx{HQS`>lPs6hROG6L?8aL3O>)Sve)S5_iWx%aid3nx9|P2Ld%=srqkzF zaE;@y|^|BH@Jr{_$*V+%Q|An`E(o0AbCH|Nw@-#pi)N0*yvcc*Q0 zkN;RXVcAULkJ|3E;cA{nXi%+e;6Yl$S|HmAHE+s>A;}4(n7J`tG ze=L?hGy`16|6uocDSC^}&PCY3OU}jlG*lu8RtrZ5kdUH2%P|7NP`>q)$@AR~nSv1L zF@C_O5$IHBGGZK&I}tRxp1yGN!cG{M0;I^dGUg4Azpn6FR^R-gfBmt*Gdj`GIH7IH zP-kkn%(3vyMcIZ~yb9gGhQOnQWR>0DCSsXL$lB#+`zd9E3xpkrQ+!0Ud&=f=Y1d0{MXE zSf!;`Z|p*jsSv2nuh1Q+<`f#7>!g8e`12L=i9(uWdw-akfN<>S5CKqZ->rxnLOOU{{ebSojoQWIsGa&Lm1H7Js%OfD*phc_C7_TY9zfvp=q)I!GoRF;-#Wr(^m}yNOh)AfMFu~e8G&6p zs58p${$mk7Xp7*qRUn3o0Xd*8MTL(@CADa5?Ss!Ig!2{Rz^dNJf~353GQ#S_yLrVPzE2PALF>Mr?<)mf}|lAr2eAgf?zII4VC!Vptvc978Z>hkn=^vv@N0r zz#HlpCML$SU&J4;H8lny7SG4{PBPZ@0!IBjgtYqM6@*MDt6SDp&Ag0+ZJMr{Nr;D0 z*PzNQYyc9l(Ks5OhKf_g9J4Ced$o+XgJLH^4*VZxuz;Bf9ks|u^Qrph z$?S6jwEuJh?(v9QxD?cw%cy)VSl>Ux8|b>rCL4i@FPXo#7b=hEQl>!9I;oj=AJJ%S zBQ*QDI;Vt6)rGlk=ogv@jmOrJ5JarAxLSUFONA%3>YP&Nt@r$i3L-^kyJ&wMjtj&s z8tD+M`kvaAQHBEXZVIaSL~RwCYID?8qOnPNAdQ^Xl9!s)o?<);kJk4)7FsToX>3n! zBECc55>L8iD+@F#KE4a~9g_D@2!xF^2#110OkhorA0DiiM|7yw|45d}>#ow^r_ZK} zdUb6Law9*Vv&sHa;;ydZ-IWz&nyaWKzT)1zCp(+a zrrLa)Cqlf@zqrt^u4r>Ou5cJ|YpPrFnrO_MY2PitckJw3J(9ya*_G+{Kk;suY(`}C zvn6~MTV2PyFNiFG3vifoj3A>c8`$Br^0O9Kd-mDGu*-~!!xlFf86%&?>G5b zo|=Q2U}NC<-97)YVC5`)#fT^J__#T_>xV&7P17B(vGmFwED)w*1Kcf<;b0ZeLFISI zQ;o73qHXdlI(V!Aq>zXwX)M#ca7G4-BB3&J^6o%OC(#I>U1eX&(BaT1DN-`bWhSOD zq+F0nXHD7FU?P~JbE~ip&KSImwZTu@Wld5?rCj7`y|JyL12TAx6(tEm6w@AjNJ6a@ z1tp_g;HO6!kcX3J0lx9(CnX0SW4Vm}ci za9c#-xcfd!fh)|~*QW`Dsv4r2b&APo^6+>@VxeA;kK$(g&!1ZAyG4UY#6s?7+)GP( zhWHM4I6dC{?&_)drV(-mKP{diKvzycZOKg9QMAPCzPaRz+3|^`mfgqe;~ZpyDymeb zN>Q`y#=d^_PLn%ix+*w{zru=Cl72Mnme2{O6A7PdGspAFq$%E`w4BYp)L>*X&@e(s zMYImvNVR!oXJmnaO+ji9BmUb^m81e(Fn~N1S0gO2_(MjF{9H%Oe`=g`L;2VqY zLG)lep{}9+G9>)RRqDl>&qqPwDJVX`X^Q=>i>(E{N71qMge~vAf!4Chog6?V=J0ag zN|3*3gX<36!%E)n-_qy?UE^)nS>Ht!{;aKrZZ6;$2F#?+s^znV$k(=>#Uim#^1 zi7j8v?0kR5-+X^wKgtD#d8m0YE@cxUP(C}AW{tVSKvVxZY zCVs}LNUBDY3kNHgalp94?Z;PW@-HsLt&Pu4eDkL*Jc`G@W)i?<2w&3rj?I?lQoP6x ze^oXOLKldYa8JC>Dpo@T2U=+Mf+=%BUs}*9Zb44`3j5x>@MpryGRJ+POTY0=AuX$r zMlOvb&ek@bNma5)1B{1*n)CDehD9mPOgbvt>(P%!|)Zd?!^RsH$!-*SjK9&QQ+g)2yTav;! zcBYutN@hnKGvz4nA}rl!uuUFvB(#?u#kVP8$x zo&H)pXCG=|Bv{(^EI1o9k2c6=Uo5eBOf35#5or^}QSAuY8qG�@ixGbl2 zhQo&R$Z>aEa8fx?x?)!f?7_5{zv8YyB6AK@Z@Py(>fRzqHq<2UuRu)x!J-fYe;q|= z1Jbnm64`r(jesg15&_-AEjtfsEj^)~%YSxc`F0fUzkd#KS+3|;KCkn*9q)hb%QyRm)no$6wgUEmr6H*V_+2 zUi)kD)h^?S-@r{^tRsLE+RbZOncXK7;r>p19oN@~cNSaiTs;sEf(vJi1cEL*^=_W; zjd}M?bTy+^M9i)=nRDcwRo?SM-Z{u|u(nnwzrW@tdlHfuMWg zVphOT*V6!|R618Yqa%^wav5RLur0|6?Si%$;jw1 zg5)M|r&YWCc=#@fL)uEd1W=6;e3Q=@xa!Ngy%{#!$u<=p#6tbNR0)~l)&>{f4~D&$ zhhazb>kBUSVqA65&URi|7-ektbe45wUc-rlW{XAp{_7tLHa0rC%F)4e%NI5uMInaK ztDeAcE)7kMcp`niZ`$Gj6XKSqS zUe9H?F{+TGh1p}l%d%_hM<;~TmS4bSEgd!0+xtS^`)QZ0W7uN%(b#_fWarbsD$e?B z?tQW5#|UNKYx;%3P2Ohv&P~hfa(nJo7+3fG?8j?sZxo2@{U3_~qrD|{RN8;g!1c^mGE?duR6-@|8j0BLD$hdG^{ z^n5qE2M;-&5A(I_nN8aQ7o83tMWbgLwKh~Kfj1NCoXx{EuLBIkk8hS*p!nC_yNQE{ zKPxMHvW8x#Ikl@#Bbpss$CWj;bhZ%zN9Ih&ci4hAtxT#Lu$S^Qg24mz3yM&*r}0Ao zGhl2L8ibnqdLHcx6e5h<{1V;!Su=9STRBs}@(;uJz5p%g!Oyd;`E6n~*X=BR`yGae zp+OKH35DvczWbUYo7WPL=x{pxhO#E3X|S}p?_Q2TEJ`U~I>Y=Qi#>AipFx7eN2CS1 z2$pME!P-R-JD>V{932yH)xp~*^^BmdF9aYFDu7A4F`H`JS@ilDe03{hn?-d^Lu+WO zd#QLbSc5%PO}*_XwMKlNliO?zm&duj-de*vPX&X(?Pc#S-AOFl;3C!M+3ZNL5N6Xi zh7!b1WOPtb0U>ptrlJv84$id4WlG>;#wREtlS7jz=1itSG#G?l=Wap{FEjXc6EW%Q z0Is|Dv8s561${XubL>oi7p=@9nM~v}Hb*PQ;wU0`c!4m3G8hIK@RzzKRe^e@5L#wM zMYd~1rt1XBJ}#~pPHA=pX`7lV77c*XygsGiVUUgV!RKt9Z@!N8zuirT0q;+fOU?Er z)&u?9B%^Zb^DsyRr*3Vl%}gvy!7s>2Tnm-4cP|dD`$K*YD|fM+O4f3LS}2*@AYfJ- z6>B3^ZB?~~COui46gnue>7;1bLLZxr?Q|`Uu=I{MTG8)%8CmFB%REzF_%Xi6Z{GC3lT@O%u2o%AQl zRfp*H0;C(2hPjI1!B!N#0BO{b7kXWviKQ_Z|+9ogM>1(WNvi&=ecM1}>O4&ndhOAL-6|sfxGxpD3H@B7b&_+z`(TZo z?K8RlaCc~Fa9wdWsIe_Z{EXu?LDoqaT@JWgQ|xc`{5$XSspYU@g?(t*js5bEMcQw* z2--$i2ICQCG`^$j z8e6{a80J0}dh!HyEVuwNT+4FygQ{5trfU;FSHe@XpRIC`)e47&mS?)!>m4t-;m_*^ zEvaV#cCDf?xcjZ7qPF;(*Y2#Dk0jLQ9yWr;852@{p3QS6p;2u?0-~7(6-dMN2W9A< zl5pNk4Bd&RkU|r+iJ8~8{{6eCVA*p?MB>)7)ky`vtK~4U)F)pDq(s>6kRgqdx=N3x zuDSOWm3M%aiD*3H@}IMBXNKSj^MMp|W1twZ%#l{HSTy zH6b9)XiXS3Fco4&Bfe{tiHahGsnGnSUkyjD?Rq23V}(Y*6GwB@$Zjmd{Scc(KRU;_hS+D z>i6frb`v+f;u+wsmsRkCw*%j#;)rx;%hoR#>Y;>LOCG2LUOP>t6!!KJAV{%_jPGka z4EXS3!v2q^bMUJ4{rd3fWS?wKO}5=M*|s@ZldZ{~Y&X@(c9X5i_GDYX-u15e{tMUI z_w(HN>}x|(*RJwfl+Ln0l=!^~b-BIP<#_a{@UG2sa1lQzzB|sYx$&=_-G1u*Dm?Z% zaX*OUYRrXVwxU|wt zPaf}IU8KkHkL$~H=dwVFT-|&{ONVyH_C=s1&#zKIVD4X>QDK~S-jj&Fop^+_`jTPy60>s^7F`>lV>I zRNGF!Y?0a7w2^b};t7jNjEls@33D7Yd@+?Lae%##jnkCr@w6R;O2X&1u{{C4=30BI z3mPmVpG51?Mg&Yas;P~|u}3C5_meHt%yrHh{KiZO!V!gol|Xj(tkEww0CIRiMK1j+ z26jM3M6htA@9NN2-|DFJQxrM~SbbsPKp8+**RLX!4(<}&hSFj*&9xE3ODyvMiYWk5 zuJ-Pv*Z;974o>f*r08q4`cd$aryG6dzb0P*aifU2CbR*9Re9A+i?#(sy=SaaI^5{;sHLmI4CI!4wPEJZB92;?gqr!sJzj*y!BV)*OaeTU}!-KOdJ4=Gt{m{drI5 z9SIQ%vhj{HDQIb#6zO#YHokwxSJ|R$m>Xddg2I4A6P2pYo@k)++NP8@OBqcfrAB<- z$(@(4FEX~n7O}@9`fe6G_=aP$}E?Ji*Uyrx&3|V z_UvgXp6~qShne_*ew6`sk<8Er>awA=Nz2>h`D%Zs3p;5%%~fq86FT0(%W{6t1cOlf zU~0vj6(3CXAJ*%pRR{)mN-7J?7i?b(**j%q^aRzX7`58c2Lkt>59XEqI+h z1a;)Z4PK8>yY5K1Oz}A6c4!wE+fI!KI8gp9V)e&t$Vd3=^Uy}rlB7oEt15{0U~$`0 zg;n7)ZBNoQ4E|%Gz}Sy~+*61of80r0i&*^jK%rQ<>%GPH>xFbc3d**o%;-~qGaC1{ zRN4xwwasj zUu<8xDT^bI9jgCGW?*Jca7>`*GwE`II_n$ zcVts|RWdc6D3wrVdiMt^#T+}zxXC&fKwg^)IuXcN0R-|-ou)%L!o4WCQcC}0=Ynx5 zOeQC#mjMUZWbUoquzXB5C13X*l!JkqWq8iYXR;Xzh;^E7)G1y`A6=IT6pQag3<_+ z{FPtfA+c{RS4uCCUbekfTH%22Uo+eD*Jyy3w>hdd2$b^ojv>t|EC}pxyPCT=stiiS zf8oUqZ8s6FNGDBo-BpGa%8DN5dHY~aWnrJP#^y45TWOJ^LNh8WrMolzGfx{w+81bQ z^Ud^7f9=`Sb+%6b88so{>Q>ZF$UAfM-!RHV|I+I;#G>D2KQxenFfMz7pg=-iEs9g zb1&Y$%Az6ekMs?B^qpTxzGbIK(pst9yM|5i-To?bp#EFXp ztND94e*^?tR?uZLdIuI669RdWRQ6L|otQ%fv?}^{Z~*E=%dmS?+De1T{h^neIgGmc zJWRp#%f}tBkn_vpbS-_|*q__rxFt^O!H+n+d$r1Lqz<;5ok3>SAvy18v;rQ~@uF01 zg$p(S87*iy%F!Pw^^>h$s*nk5%lTB^upwZAXMyyO0{3-&+qsXsNnlhp4$n85cU5IO(sk)ChsGD^CC3iWIxW%+7a)s9qV$Lig6Y4&Q?VEpqY50l&!=L`me+-?-GHHV>_K? z)`j!2JFhHtx=B{r+KM4Gq7Y|}oPR9TcFe1l?kt+<$Ih2KqfuLz*2lJBW7m8pU%eDo z)=qED4?IIr1lyV0xEIbBi(Mxm986A4`KJRQf@W*ONuAiwvh5l~jBe`>anSSp1EaUo z#G-5aca4lJcC1P)h>LHL`>5R^F|vsXVPFsev&H})YD0bk{p&AgId6u4vE^&j04zAv z+c74JIX_acfEn!TGO*&m>eJC}-~fNv?by?~X%J$}wBo*qI831LUV$|~u|1FjSEieT z!;F_mCnsHVyx%aAllRp%V&%%<`4)~{kB1A>qjbR7Xv+h5g&!g4PtW%Y1xkL;^F9ZH zMx)!ASyAPeAbQ7HkhXCBP%0UsQVH=t7HB|=G2tlL;GZmb=E9_d)%FK54dXpEudy5l zg5h3rr{a9B<5{o40!?d=-vo#k62o1T?G?C~GM}601Y79MrQ9LoQU{FP!>L`kedzD-ixgu^)ZeUyqy+HR18aj8j)w=7lzlZaDj6yrDowd z^nh;%08MbNM0%3KQq8~x5}fbn3ij)Fb+EOyMC62NUx{=Y1dd_R!l?0nc{|ZU-ChQo z{On*!{4GMI+3Qs|1Btzvn0?$W^GWXq8)2DI#BJ|AR`RK$=I){#k6(eXgqk#_EEF+0 zIfEn#mSbk0jW}B6R&kW_LY!8wt7Z}^OZq<+O!ul0_6{QJeD2Dft1S;1E}fMm5HX@2>V6wcHCiX@}Tm=B$Z$ z1(@?7;h2FKE-u@(9D~J=Z8!%$1BpgbmZ7byc}_!v^8~Jy z6&Jo7@EG+tjW`Di^fv~PPYnv3xuQU=ySp9CvSb~$@TFU;G)yAag2Hl=NEe|g|HIm- zOUod^D))?Bibpo3L2BkNS@AY})m9zpK7l1iyOB`Cd#7hR=h_#S46P6)^`_JrRrZ7h zAng6d4+AwiQNxx-_KCJuIyzOn+(tE0pJ=x1AB&wj!_P^8^~vAe<1aSP6?J#2iApM5 z1zXK4$Bo+kM@IxWA_j*>yJ-HMJNbjqMzb99J6cnmBYr%hGdi)hvntWRSsO zToh2`>@c!FK07C058Tzg-01P0^L>AK$otyy$TO-|zDbqYasM#l&Riy^k1~)rZTj0E zek(U0xocHWDaH(6X-wi(o=d}(VGrR=-pB-x<1d5$@6M3q2t`@eDR23>`}h1>&OxII z-*E_V8BDw{=8X7n#P7(U-w9fdK&M4-F;WOTY8TcZ1CQOfRVXoal=%~(_ud0mm0b_I zo8><$`AD+_CH~vY1sw?`)Jj7u@8oALd#7)Q^KlCQSg=A#rQ9Bi!u!FPA>q^cMclHE zeDX=}93AdDqQuIKf}qIF)=;;GAL5HZVb%)prv)A-yt5cnE0cRumzjl!#RcIjN(0IA z0j`Oy8MDT1e{mk?ThfSh zaIkUAuaVHeO|>$gqjM1&;S7mX=cq?LvnIT&R)$M8%vZ2+IJrVUkCv64jo&!$e+osl zTWk2ZGAga9tYm;gx&DbuR%cM5C`FyX6N)!vWR}!pMBuGjSZz%8q1QK>z zCdu(n!TpI?{#9J;T?&bl9Qb%N>;XyMi$VBf1dGBNo9Q15?p+||s`_4lZ$y4a#4y#A z^v|yzDxHLHWP5&=g}yZFS>CQ!aU@sL@R7 zh{){M8#_J&o|>_k!Gg=flJoH>%XEA|7+fk^EKkL>i$E)8|)4-h)~sIeD=rJ>I&HDA}>+-rxBCtd(oqy>GQG)n?|tzQr5oSJlh7 zF}v=EjRUsVPPjp(_u`2FqWn0Vbd#+r`UFxS7D^jFrvP)ZyP!{i|dUvBDD9A+sx?lfqcx4-p~h;8bL?!MY;`n1ty1Cum$9D7UTV^)0{Uc0Q|3*mVlE6>Y4ya5vR6uUMvd z#9QE{t%CZ2TtI#QKbK$TzI`i~s!BRvYq51^)}$P1W0RY!u(!bmC!26z{Qackc4BjT z0MK1ycbUZ{hhNgDj7;Aj9`4gz@{OPY<{%;_Gr}J0z0Mm{vHtfTfqvF|pv=@4z@z@H zCS(F&_(H-(b|R(;tz-o;J1IXw0Jn~6_5?b+<<{JH)K7g&VEj5I`I7%=Goyk-}~_rfYD91@W`er>V`1Xrk7ir{Yq%+>XDryrjOkM=A0C=-{3ho(bE$cI7x4% z9nD`jmjApn{Y`Vh1(uX;$&}r}g$)m7ptr}nYvJsB>eBoKXL6i()=Mrf8G8P;(-b7g z;I0~mG!YVyf^9ZO3!jNTR^qsv?llD3zhY>`jBe$_L8Gzy2aDQ0mRtH8ed$rWQ8CJ7 zoFaNaJ*1i62%G?4GRNIEoz1Y+b7?)cBGUsW1nKvq$JRz?Wsb45!hdU|PllMB2M!hZ zH7snru;N*(@;F>%vm>hv6Cj}-imbR;noK(m1s!nHYw4Fw@{g+? zLdYJP)C4ij*~C-`k&nLeTwL@Cm(~1BxyUB>YX^(1>Z4Hj)tDCMRogVrTCHfG zeLnChVqJ-?&SIwv3s)-MNCfLBn?Y4CDDF=Ngm7XSKa=)nI+{^@LuJ1Ie0LF~xWR#jMQCf0ehr{>WGp2yST5DL_o9Na~+`>qVXGWNi@*Km7?XbiX zMVS7>Ik9vEGxo&>hz5d(DB#8wlz5kUIMqo@QWY zb;nq6#8_sJs~ZZ&8(ftP9C~;rkbm?>%ePe=56^=m*Yv$u@uS5*9q5|ZMtw73hgm_I zpSMwCV6Z#9e?G~r!3OvgIgQ%j*(gE`;gVyTiT z2+kZ)7ss1(5vb6Gk0+@oBO}a|;OPbJ!}ts3iLy($h&I`iEu%fpa-g&Hv$>qO*vm zwOLet!hDP6)Eq$&hAZntDvm{~mz#~iJ^b_C$=cju{jpVG%ygUWB7}}8=U=IuFxEtz zV*1g$kL#k!GAmYm&N*tg@rhFz9HHYwq2|-dPXxWw4o==4W_CuLbP>0=bC2WEEew1| z#lHwf*O6!k?DlRk<%=Ytd4gx1aEc9(TD4VA-Ra0?%C0-~)LfBcS*t;1d)XG<4e9U$ycfe$JzLQ%bRvfhbFm{gFikK0b?< zZWa*ZPfwRJ*?v9eZ+BuOkD)r1@6$xZCt-KpQJo`nq~xl%7xip+?FXki#Ju&-JwX!M zW-EN|J$y2YSU(2eNj_Y2-KZdpWpo*c1g&c%N#NN|PYJCBHK?9}12MbH`I?o)oJWp6Ge^mqDzLl1B+_$W? zCr)%6WY>i*m#c$sbxfi;_szFSJojuB-m?WFW&GiSh`3!zymt$7I^N^iNR7LnT6#6h zW9zHg|FJN)oH(bVMGK#Ea@5{nA%x4JBv?i89R^yny@B1{hp2=u|B|%d$38hDZr-K1 zi3hNaLXpFZhUSp2rmfDiAsGgJFVD@jzyx%4wQz+%D!N$PdRp?Kb(3xU%+N~kJ!cMG zC#_#WP9Fl>GC|=klH-T-W<?+?Mk@z8te6Ok z*^(OOEbubiSi7qUMDKhn*(}TYPS7k!ib6FG`7y=u`4g-+X8!%w3>hQFH!Mat#XNc( zNwGd=t903aESB+bCRVTrE)vOfixgflQ?PH^PJ)hDx*zA6%;?x{69F>1)oEPzn{81~R>XjIZ`AMQ)Lcc?bo!>stTsqng8}QzuK6t9A)Ousz{HT3uD4hN z@4eC1_nVHYnE&<{l+VLLFJs{<2f~{@kg!$FFGJi+MNw0~qCim47Uw{XtVnuTERZA` zzG@IAUBDhy}AatNb@?!8_%|_cW z7x|o=OBy0$quM$cbdG`M`82Iz8~$n`C>>}Sk|vU6+#X5unLRQg)E>b_BB(Q;4&1qAec4vqpbgU4I?Hmh@llRTZ{wIk316XB zmZnH_(Ic8cCv;Xf(ayXYPB4X$AQnzoye5hwB9(@vSa?__^4huXHJ-(KWo3o0S4w?1 z7ykG50T0rv{F%UAFXV)OsFh|k&+s?}?E0Sv^kh0~$xJ94UipG}% zJ3m!zM5XG|+VJbJWTK;uS`-NYNE#F{4Lv6ozLsti{31$LCb!AxsP3{@GzR%@^$I)mCE>QiBy2!KFnUz=u5QNyqykE2kwsu*f3QRmqgJ(I*MK1kQEOLV z0w#(c4CSc%|A!&bdbuNYj{p4oeEt_!`_b-_wPd@^>wSa;6Ba{F9{Rn9%>96*gWnh)r1 zo>O)#9971FW@UpzqhhsmWIm;Ej+g8HMmD9$NbPFk%3lB~{lhyMhgYa7Rkpo|4ya~C zpbUnZ@~{Joi6#}2OFZMU{Hu$Iw9~u0M*@4#$J46dt`|gSU-s0jwD%^z=NX)?o9G_b z>|!FQ7{K@VM4B|IA!@sZOjB&->J>+5YhFHQ(SzRds^$Ca4X=ryl1+>Cr=}7G+Z0N+ z>WIEbD8C~N#HUg2CJ8WnunYcE!fyP3M69nT_5wd3?ox10L+Osve;m3 z(*XLq+vXlEjAC|iiSAOg4hffkEXb|d$q>nixY|0B>S;nSPhG8Pq#9wrn&U=)E|Je} zKU$Wxwg$T}_U2l$&`)lnUA9)mhvEEYAF?VGG~JOtPC~y4RlIRcJeO~0l7x-BFz|3Q6OryAa&7T+K7-%iHr zZ4%_fKe3wOhpVre9}Q6_IL0z2iSd)9v5nKX*ZP;nwP6IPLR z*c4#NKdjj|X9dPq=D_$8BqFvFaf8Ceyud#%tcou+g41Ec4 z^|IcX*U5<_e_TE2a=Kf6Tw1ytpKN&?!lvh{hP${%* z*+e4nHgt$MNYn-=+B1(?(Em6Qy&&MSaWt~OKe2HBGBH4!!fM0{dpA)_Gg#1*m~&M) zHz$xmpyTFqybhjbmfI z)@u9PTGw(PBio(n!AbODX#^Td0BD6&%cmAqF|Bx?sOuKe`qRT>&iho_?2fzzS$vGl z6#T9hn4Y8>WOp0$ZRNW{)2x^^Z%A}q}Y4Zhke zo)*n*=8^)3+Ey!W!u**CtG{5&e@Ya+V%k@Zv%4TeziCkYVFr@&bAq6J4BX!pacIW! z)B?0qlY=BD2?hA(Be@1DHGluP-)>jMH0P_)i-_a^0697w5G+aH~-l$wCwOgPJMVFFBb(q!$n8;lST1gQ$W zS;-oY+uO_U7w>E{Yn=It6AUysCnHT8Rhqf-YV;tEG<-mkwKb`1@H@frcw)KO0o{n} zalci~v)EXG`rqNbpkX6!!Z5r)VH$&Z?cK;O(#XM%uw;5dayv@B&w5H5YgIphsZab- zRROLglfQ^j{0SiEv{SSpDU!iv3Gv?rCwL(X9ZNtZ5P)+;6LZrDDE>?Mlq&jLxtd|w z`M-!b6Kp#ts}+?;p7YxDDBlZ44b$9?Bkw^8#u#9|$i&{d+>#(O8M&{fSOLRzxt0hRC79araN z_b+E=!k%)J%2nqRJZwN3g-F^dp@8S+!p7s(8B#@6Z>NBl0>9_2{p&szvG;CN%_GzM zNUQ~hr1r(`v7rT^JknuM!~W^RlLXn(GI4$vfy4KY#hZZ;dm8{@v#Vq05q)c6;}Sd` zjd3V9TLpk>wk9}K|<6@$QE>Y+S6}mFg0}v3*OESnY17y2$;GmsH#h(4A z<=%cewDr*iXEiI45*F&l0kBdY2h^j>9lLGFc5VWi{;|l{Dv+&A{D})lg`>pHN)f}R znwF(Hy>0t=a<8sSqKIFi7=*@y%2!2LlfMo-N#Dz>7iSZhiAdB(RTUXC1sj@@evX7Q zw55t^bIe2?)E0vhf#boCPT@W6nTW9w6Qu~gmvtH%M_nJ2#^mbrqMW83#tc@LQ!~hl zoTHkH01Jq|&1fn>t6(&$VQqaW@=`B1uYN3(nz*&$@I>%QS-LAe6I*{T_RBrIL~S%x zft+K4#r6r1Nm30dtR-@p}*!r3?fDNI8FPs%!5h%&n%d=2_Z_|^G|MKPeoh{({^ay|(n zyDc+-M$|Ubsb61r%d3eXhcj6Vy$+62zw;`IrEm)oAWo*Z<-(=wW(TB-$-xv^QqDCT-!3qlo|FkHVZe}BZ;@ZIeRC3zfK z=zLW9h%hsCU3Rw#K0F9{?WaJhp#_q%24IQ8;7WAM{8O*|v#KL>f=3A&#Wyx*;cG-PBu-T1wcOnSU# z_-^ZUU3YT5{|@ziDY5r@bAIl6JDaqxNE$qAdFPpIJ-nd*?xmz2g<{|`cmL{eKlyI= zDkOLxV#E4zP4IkV@Ydo(C2w$h>Gz71U-gb;wV?E~Vc5>+j)4GR@OqWy_=gf`itca2 z0n7yj`x~whT?XnHIa_qShN1(Mge^aFt$RPDZ9twso2+WD_-@G0 zST$@nb=~51-5ob|e1xm(ojnhh394R(NwnM_Q8!!%7q-Zv{{FY`)X5R_^L_pEHoE_| zJ83Y9_Ht_=RNdL>dkj|aTk-1>u!N}jI3k9p`NPxc@ELwB^>b2LboeCbX1UdUBL9n% z4`B%WyI*b2nusd(ceSQe)DH+W!7@<Oaf-rEr=F$iFqxTqcbwp`Hzk zI)evS+Q^Il!-B1IyP5%QPfOo&$qKPo4=#V}DYcgG6J<1!Tifg2-cs$@6}?KWK$@(- z7TjS}?XanFRO39pN!YNhQ*J{Hd6A6I-3c`L1fuiNjaJW8gai99&i;XR)>)?y?2aTd zF5=He?v>@mb>bM$YsA5l>9doM0B^0J2i`q^3iqYMET zB_t2eS+*H+u6ECF2dfS|?RN))uJ;;emQ4q4;z2^*8_xz;CtPdZqYZ<^&Cf3O+%Mr( zJ+SXL_KDxo%$_Ig`ELS*UXR|rpBbnf`IkKBtk>z$-kw+99>#usX%n~xf2dYoH=YNo z-bdsV+K;A)Hd+%YDIFEv*Zq{$I+elWI3F}Tbp0jpv zCU6RrCg6DdjaJU?CbBo)E=isT8=Ngn@RIg6QGGv#GF&D!5qF#o4StveLCp7>D-FwH z!4%k`jENTWM$L(c(-ttKYt|CZ9h?Ncq|%5PK}hke{vrn=(3r^oVhz(T2C{O(nR4=%!#mcpXZOBRbi5Q9K+L{IVH#6yjy`I3^Qe*AEWu`_MzYIk|E zblY~$<2n~lm-9ZRGePM0_vY`3St#oGjRi0G=e4o|>rApt`iU&>T1e0Q!^5YN%C@)G z$Cf=dDw2;jtRlw*r^4-|{t$UO0iUZ~Q+}8*X*uV*td^yT9SayJN#ubGYmS?7_>Z9M zf0@R}i4498qoA{&Fc8eRP@5*9-Jqia+C357NeRPxz zNY-J|FpFM~BWer8`Vm{RIZwQYl8wuzzfu@i{U!?_o5kQ{`HuE2>gBWjGb#n}g^Db~ z5uLvmZ^Qr?{kHQyggr6bfhMTk;S%#RceFa@7(!P=^KuL0E^T_c1{&nzFd>$NG&G;> zD#j`lrwUhBHFb{M%q>=)QS^DbWZ06$@*2M0nER5u{We8VHB}bypvwlKOinI&h#pR+4rUvi#M#Nx=Q^$5PFnAD z;-~O0O5!nJvui^1?|PaN%0DEXO04pjk+J__@B*&l_ufcbI-}KL8*Y5ts(L?kY3dlp zHx^%r9sLE-bXDAg!^3fE<}wtHTK;S1Y+beaCh&l?ir@`Uy6c{lxLZ-Il!9|0x!|PcnV7e$v9peiepH0{!)6=VaW-S)cm7+pE29-E z_~YA~c5R)}TO;D}?Y*bND|w{`*cf=azbyXIy>eec3S7C`JR+tYGtCT&>$ZXYWIH** z*#A|b+vFb$U^fV3{*Y4*$ff=@)X)?5;v|HEYe-Azs6OoA7XmnPPF(K5YFPcwTa4E# zd%5t`t%LYP9TM3YD$t~pm6Wz5HOJnbKvh3%SuU6?Tu{=X6e%tabXuncIR0%}`bQ9w z9Q{i-)_RUoGQKW8UyyP{v25bgC|M zJR>emno-McMgw>P&ns88d9QJ#oNov<)i0hmF!>EI5F8(T-jPaZ1m(?I-tuLAjFG`d z;p@;!ghzw<#{%qvDdx|UHtZ_(HO%6tND}NUA4E>-5e&lT4b6 z<~NU;k35`={}$)pncOf%!}3{j|AUSjD?<=EZVxbX{iF1S=5um50KKPq=p#v1l9I82%s;$%2mzi=rgi+F5E$Y!H@p zJOY%@%BcP8mWIJ>1~gtzVK8pD_E*`>ED_Z$9w@_s-;4C2X<}hN|Mc}`*7N4Pj2)bL zxaZL~GR_{L|6`$lU3ReUfb7pMj13Vr?LT&MLWd2c55T0hm16(U9#r{E%VfJf?oDMt zqy<7yN1N};x7GDHY^|D?&n>O<`aMK^#ox?(Cb6WnH9?AtR!fMk1$N`h$jVQJibnk4 z*kphN=Df)GQ-G$6X!3B@$?L_C-y|y^i)Y{)D83DWY`pb681Mr3!Z!=tRJ?IhmneB# zfzZqYntIYSV3r-@8M_ikLM;>dES@&kw?K~M=y7omE$pRl$~ObN8GYYo-D_s;`W-Q8 zSXRy(p4mdolIr1-j6_Gpl*Y!t2aru(Q%GqZFQw^Mt#!uXSkff{wN!Y9U6g((dYl4+ zb4N%iR8)t=RA&FNIL?PZW1@U-c^std>b9)Q*f=VtZcv zIdwufb#-yPO{9a&o7s>@h1O65(V!5{$LqjyruML@;5G`)zKfh!rJ~SqRl);yE`!73 zmoz`_rj-GKEaLqs?6d;TF3SuBG6hr%{Ey3aRAj8e;xsITC@ZJQWUK>l;RVwUtZ6^Z zXo7`LcEyq{63KHmDL&~ zwsCHjs4HdZLM*e`#$TWuPYs*`tJD8XP;Q;)w@gm}_4bh3x`o@MM+ne;w4bfdtN)^o zNDNkz{fx20=}{sS^N$4;l2#zn?u=Jp!+wpIp~PJaUxN>cssprsH_o%HmORH*??6ME z-csX=Aghfmsw8!=8wV)wIR9wu*>INz%jY$Q&)_xzXXE><3(0%QWI-4dLSSw@VQ3q} z8ACOtc&+HbVne_~zk&D0U3ayjKOC?Kv@?C7HR*`}q;NdR{fN-jB7`9RvbM(CvNmWs z_qcynTecw6JA}}QkCwq|DihnZ@gR4?Qa;h%54YkYN%3T?0h}7_kE3>d|#5F za`Sy&Oq(s4pC|s%W4(BYQsl?!*rYCLANw=IGjeP=+dR~-czNB^3qC!dh-Oh+ZMba= zd!6}^5*Re^?GwzdCmsA_Vb|_DuX(!Puib0<#XXY|Q~}Ybjc|?FbX=l)JI^Oinq@qYttbh!&1?DGqDc5WUAPUw5i8VZ27Z$oerXmCjQl|i4PxyVTBi4@WcBG$dEfB;~MLdY6RH9lnEwuKW|yqkI`F7?C&= zl~uMjgsW{99>vx_RyZ9YM2z_m(j40%<9jswxys(6% znA8iwF8YOGb}Ro8F;**j96p!1IrqG`W|2af*)?!jH2}fF><_U$(q5%66{`g$rr9Cy zK{FP0;ZNoK3x$GI+9AZw%z6y3Fw{n z4^s@|pDdteyvnCXoJntxry$nU)73f&%F+~2ovGJ$vh=X?bu==vG_v#kA~}rYFH+XL zcFM$9_5HbnTOF*vY9}EDWm7l&jle&FBANF8mWR9YkPT~%x--}uD79FS1nnEpH=z z4}UK)o}a5%4T@?oTOrL>kmfE#XkyX^auG5XbkNr_w8{Vk0C9OnEJ^Yfci zf@!vgS%`ZMSwF1n9clUej3v$bNO5z|Znv{BDcLlQO@{EWg@d~pi-!QqKVMts%l&NL z3UWd=ybrwIci1+3H`izTQ$OBq=E;NX^DSN{%wjnEK>epoK92-?{y6;ac#XK^mWJOb zvz9(KBo>0vI(?N}7%ajSP_>wqd1?RFh*%@A!f@6yh;pd5CrM%TeR+kCYl#oedApqcLG0lUk6b;<5FF64O44Smf&4`|=o?BIInv;DxgW_xJtw1gB9{1P zC+tjNsKzyUnUp<>QI?2FTN^>&r!fb9Vk8(@C{byI#^j1KH@-kyPC{Z{2h#BEo;&$? z9P|+DV^(6MMSL<+dDZ;Bk>9#}G2Bc)=h+BQLY?d>b4^u|IE0*iV+R=I0> z{S14IF(p)U)@*cie)G_EEj{i~YW|AU(<>)AHC9s5{Bkpxgvc4%e-lA7>%PKDQ^&)k zObay%>od87Ci5XvqbfvqN)Lqk>#+Z4nd9Yub%6$r@I~#^OCS$Q^!Gtd>z=G=@(^pC zFwb&Y`%c#T`4O4>VB6d5Y__M1!ci&VuoHXY1&2brO>u^%$trbNkM^1Cf#4%k4gqBQ znM>7b+Z5Ig8me1z>+~s;*L1*~kDK3fk3C^1iSHanC2#vkB64~K(^%=k+sCvK{~8&3!4usk7L%Wn)oAI^p6Pc7$9?F@Rxy8$0cL-*>PkE^W&mscEfMn`1>Fp;^00Y( zP%-9&kO-$;KicnaUYG<+=9s*GZ)`+ z`|md*mRf0lgb%Cn{BWw!^(N{!WbUj+mZlSJi**C{fQLRp%u@u%kBM)lTH z56T$&NrR5s?}m=y44N9#`YJ5^k_{bV7rOwW;}PY?(yql4Dle-N_3Y%N44IoCzCe?lD2kWG%da4-k#0w9!NWn>IPFJ@`)&gAHW{T4r9S%JiV)v0T!&PlsLUD|m82Li3ejg4PXPWzSp*UlWdv9w zV)g!h8Cz;Fvecsa6&)+-@fc&2F5>(1JP)UNP$dmd%dr2~zq*L)b~ALqP+6M8g1S^e z7rZZ#Uy9nwK8q27Tc}^!2pVc=>+#?3(4l3QHIe}r`rPZ?cbxjYFEX|7J^LNJR(bpt z)a+7}#yS=72Q#+6c6skUEDb6`uzmxIOD0T&4}LtjRPy_f93M z1U=_`?ggqXTyCM6viW=wIxiZkKwp-DKMlh$%+2eQ3!1YetLaTwpXS%@I}Ss$AInHO zY`qE|78LyE(F*~jiFG)Qoey#k0V{2>f-ea>v02{hk@|2;-#`3A|L@m&t-xt$0+_C{ zM$uaK1EOYlHhAcfVFL1>V>VtA1cFE_8Yygdkcg(Z}lFSKzcayBI;% zV`&BCJlzcF=(jjLf4J>GI;0DPnhqH3efIc;^T;A*2V-)w0qrMdO#F|FQU$l=e!CL- z4;|N#02!NbHF}61&94+IrxQV_{CAg3y#yat@1;bGPRBt#;A7*8!9#(N%g#r_A|^_Z z6$zQEJwtk7a!@PfL@f|NHkAW<;~7?_4B|n7x4Xhe(m$HR#7wF#oq4btsF=>Rps(DE z#Q~9vNdBZ}r*MQCvm`v#tYhYbq&=J*#|fH_QnjVwgP*vyFedZ$mC^pkLJ7kPF&SPI zzg#qz7}Y%S+iiqTmT$>Ic#-ssI-Q(K9tAM1T@~ml^(V#QVJe_R@Ue`aZn@ayXd2N~ zcGrjvCIwNJr>mV5Oq@^CknycusbMy5c`i-W2MgW79p`r!#gFUXZH^>>^YU9-&ajVO z_VCsCtJ^BSS6IOd2*9^nRB@$~E;wU+Mj%8b5cEYA5}tB!J$?t(>AVc2DCe)3iOVim zuvOn>{TEFiYpRvQyg-z&)rKRyNLaYr*MQ1^LI75?btlN5SW(|5%(p>brS3 z)~p?g(k7IGg0H-;0;gS1f472I)zO%-5{FG$St^s=`HjA+6IfSV+leXB2aD!`;#2Ep zh=qJQNwxL$4sTjXp@OE;Lm{2F|AbU9vnm@^J-{qljaW`fsp^zO2{OdeHR)e;>GiS1 z5H$Y?1r@i?Q^O(IXwyg=)mGFK4oZ=*IC+ip)sPr}wIg5^zM;#+3lkpsn-@y_oT9Md zXv7z9Np)77Hg_-7`exyGxny!L1Y}(%zW7kZ5B*ZHrvCIfO4aE=Z{zLGXJ=_|lu2mj zbd1t%wc*w4{Pkg2#X9S3^>T-*>tb(5rd)y7slKbZ>OQ)y$@ksI&&!VCQ_X*wMz6^a zl>^%%O;nHH`-{eB*LSsrab4$~nG>huI)lZhSyW$R?io^1LZa5=N(@vXch(4PBw<;{ z^vn+C4?~VOU&L}Ou~7DC??;F-P2hQ!$>;WAe*(@T#`|g3O^)^HDeHcMe*NN#MAPFA zF&pHPfB(``0=r*(zWVy%SrOvp>zdNzxk*#-v*4x=R>V5Q6(0HK#r$;BwZX9k$>eQ$ z{>Zd?ABaQZu^w5~zAfc!(1x*oovo0`!zQW2X7C}b>hI<1+D?*TdRss4y2n!Ryx?AS zoASe71KCL{;I0O}j3Nm~_2%z(O}ipA@_X>g=C;EQF4sHN3Ysh|>(R-WL>nuXn?p zl`vsF#=q$67+z(Ce2oKW*5QfgOPYj`4Rj3^&TFc+Od%XMfKCYRP`x%EAFm-S!Ton$ zhcW_3*TG_VL)LFrXK%c*ZX>4{Mci{GXg5xMbM`TI^N`7*>2O2O6FTE8pD#?WlxY#UtxtZFD$&Zmx_q0R>q1uv=G8Y*8k>j= znOuCyBYyFZz9JJPD0351ZvJFz;ei;TA?akS_r}q=)sQ8L9!k=l(vdzTSIKV%8}8xx zRPZa2Et9d;{OG^CBHw);UA9YoJas5cko2a};{5HySXjwcQ&ODmOSYv>P8+TMFufH_ zB7U+;>DrjW7)hKU9oLY}<%5B%8i~F5!1{h(+=yjBz_@$AkO!b>wopxu?*fbUJ+tHq z7Z5&JNsYFEKwwGxFv9n%S?P7U!of!=_>0Hhl<5M9hVnK*=L|jBxgD?8N#C96bWA;# zgt(F$-{ICv$Zb=TDgEo>m^x`S0f0nF=hae%!s5q?JIk7-QliSVi8Mired<#XIsym* zQ-q^S=^#O?(aJcj#H7Bgb%nGv&EO3~F~0(a2y{;O=gc^#!Q0&&OX-xBr0@~=K(Hw< z9tSO(abrpoJORz}zq1o&WXok_^o@;euG}q;Xmo7V)Wc$gS7HAZ)L>4H@Fg$2si~=@ zv-9~SfsfXX5yCnaCrM!4;QeOZ!?>`P~JXOTM4I_#&Od!0>h|3W8=Sz@tKL1u? zBAxkR0R6B{%I+2?sbupS6+-T13F~i_mXhPK!bd{dNOHjr@}%-uS*z!!LF}$2LJF09 zbAD06bhGpD^K@za?XMog`>X6F>9JM8NG41X66%+_ zJqCYAZq7Y;k&fcm*5#{`^wJ0Cx&emUTD+%tVmE2h8af`V3Y|Bt3qQZJXi4LS>~15S z$KoRvb8pyNsG~X5YH`Zrg-HGi_P>=;k<@rOE4--yLVRnv1?O+_A<*Rbeg2pdjZAsG zHzlQ!lu9g-H@C4MugIBo?8$WT+y>0Qx$!P}s3zYf^me@gDm z4%B&F_KAi>W)NnO`H~A1kvjk19Nh3_Kf}=QHuhGbk}*CV$gFR@un`wo@^jIgfC+`R zsV=t!L|-OOZBd(qp{~VkdEH$L)GF_2?_^Z`IGCc%;k%UgPQkz3jh*luBXkfbQnNTv z-4JL?rIQ_3`VHSk0-&yy<9O`OSw0?Qh3r>Qg}k}kC|vJNNkA?>7BA25`qFca}7-h z=X;~P;yWIS8Ty8m7z0Cx-A!ZQzq9jUqmxHguuQAeTADeUgaoP0iA2QpYOL400CB|2 z!OKX`Iz|iYHT4fw;ilV##=juA-C{~p(9aQYf(66T>PC2+%E5%d^Q1eqfgqFE-*uNi zoBjUsfKqup*;>C#UwY*fIeBvgC}?H|A%En?4O;Lv?sL*zYe$D1$Vif%9WheL)HWl| zHv=QK2c<4uIdGvG%lk#;qKP;hpW#Soc z@2N2D9OU@%MlZtuA!Wq=EI8)7_P77?etji;#8)EgGv*}3{E51#_>P3us#l*+y9$Ny zi@v{BRh70PGUYM9uWo$OV}H2budo|<*rUt~ME)HOHxdfysmYq6sC%dG%Gs5EUK1QpwN!~f0<<^~>j8gEOoZQTU9`;x>9nJn?po zd_ze2){V!35DdZtolg`Uyb3|1k8m&G_bMAOJKX%L2*hI)I7zHt*4^U)5EP$=!S_F7 z69d(Yy*q)3rg-iCy&q`$Z`pC73Ptp`hf|`MqI{+>1b8vEd+s6tC>Ytg;|vzpvfDrg zm`)F9{6duw4}r!D*)3OpUcUBX&Ohtf^a#sb%*<|+62T;1Itd{#!FJ+12&NK z-0bz%@*7rX86wu7o66lCxw$PEQt#C>4VwS+aDOt*xQ@oTHa;Y%EYfA={C#1hNNH`un99!QZzD;EaPzb|3o}$wIAnNm&ESs?O<-CSSU-?Q`J4aLOVifyJ z?jmJWmai5lV4`&0BylMZK$pQ$+^(R8zS|$cBhhLpBX!(45Zt3vZ zVtHI2Rv$UeLmt@#Y5w_LNYlV^+RZIL(7{gVZdTxSW)2(6>7fTA7Xrj9OH=S9Jemi| z0Qi{U&K2acZXYg26l$2+*hyeo8VO^m1CqmT|8$|lG<#bk#$~}`=LFZw^tJNw@${TO z9_vb5B*=-5E!H#9Ymj-PX%ASXA*sD(eiP5f+cuZ~R?PLfX}vR|m_3uc$B6i|-Y#+C zSgnqYnb(fNrhUbQvyGpPkW&Rcjl!g4u(){!-n3+9=ZDju6MEnb1$!y@f-?=Axy%OR z+Ds2%?LJmdXR^>Ok=cZJ!J~ubiPDO9oO4Qw)wo%At2R^lX18iC8jH57x#4Bk@OL?w z^&YAB2kyWJCZt9yz7l35d_feiOR67s0F`xtVRfX+l4M)J;eh$wbTn7`~4vGL9>J5 z^t58ql~gI`Jk^Sut(+XmC7yk(~3*LsLbzA_#UC^Tk&Jdz}qF2 zv`1}-h!`qijl}hb;IlKL^I(8CyB?NiTHiZW2pY*RcB+3Y1i`}ZZo59ecgB*swI}#5E&z{se!{kbzY9E4?x{UB*>Ev}{z(V-*mzbB6KGLK4e=O=Y?sS~@4 zq{{aa+|oa9p@JrqOlUuXO_K@5Cy*p30-khk9icQBS}%1x`VzrCB-@0xTb7zko1u!Er$1j=`cSmunGs+TG~#KX zL+E_W;93MUZcw8O#AF@=1@3Z7Q}9o}zq|}X*eQahAi&Ng`v5`TJ$D_^MVf%V@fy$o zD^gC4i$DRXPy_KBUZTC@2Y`Z52mF6Wqlij2HBN<9@?&ORDVI?PuoOH2fYkz2b&@|T6Q#;$53 zYk6o}Yyw6?p;fwwsth>wuh~ajNRr`b@P&daYVo7<`c#R4hP6}lIwajAek%ZNJt98= z@q<~n4|)+*g=9oMGWMHazfLgC*_r+K9>0(ZpZu*b0Iy17k;+1SM$h@F-{T@|4^wj% zl37ceq%{)cJIiL~)JP*SsL9|~5R6wX`*M<0(;K{fn@IE1uXd7O=+D=ii@VzM`tG(( zyF@x4le3T88oWHk)aHh1<;+t(>>13(R+2B>?2BH1zs{<@MfLm7w@fm%`V#AD=S0IC z_JwFn+pN*J=QYJ*#o|R%0qZI`SsP22me^lfo-;ne?DE82k+erc>yL^+CY)tydvF8Y z+CzS(f5#Y?4k`~eiq{{>T?_I~NEO1B#aAkhGR07AJwqJlTtNUzQLC53Dk)VNR%Z*v zXMu1yKtaAq>+oS{Yo=)WXQn=dd;~ZKnu(X4&1{n@tf5iJJvKKxPg84oF%-d_@ZHh8 zmLaBi#h#>=t4%sb&n_vXcBPA33FT`{^@oO&J<;j`J*uQ){ZPi4yqn8o$W|6RkS0 z`+@@f38%hP4nu@-e47M@0iT?_xA>__bvTovHfR0ZbKMa8>whc|xD1d` z9O8D2-Y$*F5mI)ag!KB|r zB;zTdwcn&6INr-x5T^+M1)X8KTAUZ;gAAXy{P$w$@~di=Z3+#sXUa*g@H9k%qcP|P zq%rV^svH78n?4(79vAk$X$(0_mTamJyXl^>eJ}UY=OzkG4DHFQrwBY#F_RB_%loIs zbi7%U;4m8*m=)bz1Ma60geAv7X&S(5Bw}BA2@uqYozeyZsuiV08QhgDtXhDe)eYhK z)<(;0BtS!JPX~8}Vm!b~9SSCC%h+^tjOPf3S*in4UuN&qiyIy3m+Nvk-X;H7bVsdY z#1TUZERS4m6_o2#O9<4Nlr^lfpPHW+38d9qYIHslqlqKzZ9H1ry{r$F5g-~kATu(g zt?HAF!|`DRUl|2*HJHH8?>=UPsSjXxDJwQBRJ#u}emPjccTz}OwdD^U$2jUtO7vFz z6;^wHD2|Maj4z-+kUmwJ&%Q{hk4zU@3S`qKcgK2D%_W2i_FWT=K#HE~|JtDA`Ml@m ztQL1}Q=>cPoP#p(>Dpm=_h7kku+ILo&LxLGA9oN&b)e9oXj_X?NhvofV47&T|jJd&(EWOo~O{|tv^zu0A|GvRL z-Z@!a>7My}_q6!7(f;!8D)k+TL4q72^E_0OcpWqi!1-Cfjj6PGTe)PMFeWJJV*qLN zX*tI_9c7!FZ|%ChpX2#Rs@wV2#`ODKJg-8eGCjM=HO!rTqH!_uRcWcLptOaHp?8`z zNG}GQa7o8RI`F1cXk%N31TYx1mG;Z5b>Y(UEP_HcTVaJH@HI)5!-|fxrmw2d-X8_0 z<@|OMupCOz?H;2{bRBtCvw^()>G`Cwe1Mw1f&!S&aFRpoQ8&-C}g{{ljO{p54FAwIu}F%fNm>+CYi9v zA434j7w~a+u<&T%00$id)35dJr zuP5Hhpg#^|H2JZ^fKqdQB$D2s(&^x@`TXiFPbCR~ZhrC+kRRiiaS8aF(_E~h5OJvY zj|AI478~ybDAU#PkH=yiod-Nl%)`WaUlDK2;`wfdc5H2>Ly_W}+!ac21r@N0h zE>(VtuEIo0np@&nk9_qCR_PdOz{nn@rFdfaeC#)e-g|-l)S*6@SThjWQDbSX^OrSMT?REa=ZfUtNy49QYrs%i^Co#R zNR#*itZ57nYi5<0reXIysZnN=+OD=fU#bP*&Q6Rd=Oq4yw+m3%8DXMN3Nvf@kewg& zYne)kzS!2{)<|$uQ~jF}srsRNEP;MbTr+B-2s;^}{s)$N=5JyRFUCR{q2WnejWiUi zrq*7M_G3(51-z!N&>x;lO`|8D@hLk`{8DCX)E6uDZ zkr7_u$ef>a{f$ranh*JUrv?PAOFY>7V%}cc+i!~YQG-UCJco9x7yc;%6*L?P859Ly zo!sEeiU+>p5BG8S^tG!_xBZpmCMq32J(G2@TKhS*t8G33DTcP-@GPf!Nt$Km$NfUs z8>GC~c&rEYKMl2BS~y*NBXdl%-%vtPlt~M@%om@3me{xm^m|x(n)x{_8E{(Gu*9)Q zuq#Sn(dg4R>qQ4{IM5}F$C=Zl!J!cd=-JeH6Yo$FJ}0lpQBq zbIIo}N<{ly!Zo-5SOn6|VaC(rF5p=Z&b^9VU;%wRU?;Ri`$pE$gz~rq%W6tw{9{`h z$xDx}ykr&=4p9vWcoS8&U0rh=EyDNg=kze*4kiqyn%#w`B8T1T z*ScKImTU<$IH!fV2HMt~(j&}Pg*L;oO$^^~O@613mOYsK>DsjHgn1hO3KIVEBo!?| zQ#jj?4sb+xC%;eMUoy4H3bXR^wYBlKfwZ?SUrx3cyDJwePHkPy90ScFcl^Gd96Ehz z3~zh8d#$cchJlXg@Beb3YuhxEd2}k}WaKN=9T;2HtKzc|0mUEjp3m>JxKvv=>`gGi zwdRQ^og!~9G5%V(ZUBM@x`s7DM)U(ta+m{3hhf7Id9*=4H=nA<8d8fg#6nKKDzvK2 zVTuJ=${zYE^U)8r&ouc=@ZL?X35SnZq*pUuNy1r?AKw2V)%#0+i05%JAW;YHkfLa2E zTgyVPLZ4iEX+N@QWFwPl6=HtU_4S#et}R30#g{qLzjt_m%HRFHxhwB)qgf01Y*1bG zbH}FRHrLP6J9W04|JBp@%0FFX5y-3K(M*)mINGf`qFS{ZPoiG#5`BI5 zc_KQskF~p`OiSrENF;O^W0)axuhXij<4i%+?U%EZzen5af*viD=El+Rka4lJwOd6+ zC?#Ry=J0^)&AxiFn7ns}60XfvIoh~G<;EA37Z;ZohPrOyV2(~DWIHr<$5yM`uU{Vg zekLGv(tq~K7e%q;o-eu_iByMBXn$?s=A608ICmkK-T7da=ps6_^IlpDI0F)zLr$}D zH}jp6weL{?qT&w9hmOKJDy#q72gi=voQ~@}OZ-%|pMjizFTBJp>NbYfYUAECpVg8T zm6H0!=hHC>QQSvjr81Jri^qvLYW1u*Wxu2{f3FDx4E$bq?ew?0d$pV1Yv;G+b*d`! z0vJi_>#c*aTp%j;;mI2Y1Tr!s--Ej~3j&+jn@N4j{YiVSa5)%2+_I)M(kKt-_UQM+ ziOKt$^~}I~zQB`j$GvB!E}LH7&fC$<)4k7LewXuns>Z#4ww6>~y11&0xe7>5lF$|k z8(nt#Eb@BaJ-B+i@F9y~>r19;6}GNCv>{7K;!jy4PI+MVgn2b4bGrZS7lTfgq{yV1 zg->xqa;Ui^KPXA_%u2>#O(X>o*wg*f1#c4@`kX)k4o!DzIgpECSyXu;%R9+T%YpJe zHw*|0mOTlYBauc@{yZ<0ObwT@QsdO4ok;urD`nAfF{*ePk2b?c-%g|Fnmy*@2Pi`~ zhs6=U$!YR`<4R_>zCWcUR>&%2qvFNBf4)Kp zrFMQObJ@oIi%J=E)vBmS7ZT5vUJW=s{Pyk7w(M4OG-z`Wf`?hGHK)_OaX);xpr=C`$SQ?^EX<_j#i4T>B$J;t<22OrtX36 z>m~_EaCFcW7$?L3?zrk?l{?!-^>I$Odeof`sb!Varl$I_ZPT%0ry;TVU7l@`|_M;hX9`-O1s>M2p$^>%_K^hY&o1{ z2eg${X-V@|8C(oZ%XG5Q2WB#Z1aQt<`kc({P!JqnLUn|9t=w)In(RNrW(d|O4ChJ7 zqa{!K$tJfd$DuN9>`L(YDxxiV5QD0ZNHUdZMfx{B?uF=yPraCA~0oxK(^maKUU?xOnsoeUX{C*P} z-+O7$@a@u@;%FN~W&|;g@`RhtIDD8(fBqtGfQ`rQolLxDT$$Q)3uz`~NHYg9=u=UH z_p-Loh!OlKCsI5qt0+!9Vss6o_TOzVzYkp z`nw7`oCq`G!(X55ubT{9qIROdbk)iSGcRY-+Z@;b?hpg^H_~5jGO$U)2HL7#cXyjB zad-SZR2MdKPMAj-?rGq-=;m+sds1|8x*o1E3x zv=!69>UR#`ITUBg$`rW6K@prKBV_A@mg1o`JrdzaP#{O4oKnKgJ9_Juq2+IAvXg`8 zK1%M|wzQ0EU}@AejVNww+QYl4F0p)CF2>s~z}x|GIZ)@SOgJD>c=c!!&ue@cRT4Y%otXmp5Bq<*K&kCrjCHNs&nQO0kWw`t zB1MPmKgS^UOY2Ue@iE|))2P@RyZn*y`;lB#ihAgQ%w2e~lOthts-q1y}|oVlH?AcWFbTg6XNx5ZU@T zv-8wYs^SPMDLG;tOj<^LQVX@m3~4KF4uP^21PPykyWQwVhxh9BnLgcxrxGj!H$y~$ zJ39JlHBLN*4K?EAns>N}2#1U%p>K!x!f-U+Oah`{vO&Q&|5&8eoKI;_GVe_Q5fGL= zFKW)aLbCmSC|jXYMnK-bYE<@9bzZF?Lxl=}+6`KFq}GrfszIxA$M2SERTBSB-S_$h z*@UFEf9F}%nPdv(0E>rt)jPYgva~um)V4OqkVz+)+x9hEB7tMTXcNJ^?~hit!@}}= z%K#lyK39`kbyZbWP>kRatko`OTMGg}!`Mrz3$Dfv7DD0!DTx=|jBXUkSZAshahYbu z5ytIlS!QO{`;pKL={Syp(5yB=c}SLJBDDuk=bQ9Iw9?n|K2sbe!1xc2+9H~Jy2^mb zyW&GgGh*oo{l`OGIgWB3;UxM<>Xh<^?5s4CWq%A8@vp-3)h|;q~Gz~1{YeW`GKKu@tKTf%RdPRS73&?JoBSxs19fvX_d>0SJ%qtvj!&6v zZAqE}p*IST7bBRp#StLn1>X8y(aQ&Eq#5Z>v^8g=T$Yny^NB)NGVq8RpYuz1b?k;V zA+emwC^1wvfuj{}#sN;Q<+*e8@^9nR-kv!@Nb>3;kCdQ#q>5Gk7!DWz)nT7B6qTaJ zkU8NJX*D|)?huz5Fr$_U>+Cxkr^*GL0_9p<%*;ggEgHX0gP?ttVu&-|yHtl2Kbknju20@KYOmYAkfEK%; zbx!|;?2X0ueEo2JGy(S`GA`Kb1amCVdfSDucC(yQe)YHBZk){vdvBY*?Kn||W8wzfwR5B(ZI zz&pIyek46fQpUaryVDzSgg7}19K|9n`zqy%nDZ7i$FoO8fL2dN ziZqYFk~&7g!1p-2Wl(V8FRBK91F+C_5%rmgspOPpX`CL=1PJLxOpp^;fl?_Y9`Ze> zJoDQ5Yiv?x5DPffCZnryFo2yvwL!FH8Z|)A^iXQgl%?>gS}um^2#e9zxVY95+;&34 zn5D1ow40iBWt2s`GA%i^Q;U{v@sS8D2&R+>2N)+H(ojqsLKx@Dw^_e?mmML$@$?9+ zlR;FJx*P-0LJDq85+m5wdeu~0z@d6ME*J}9N*3z+GXTg*0{Y|=`utB9vD2fhAmhI_^@iGNmZ>x4GrHbX;=4e3UeO@ABRnyce z7+K%{_$QGTpAJ`0`5e|1UTz)AkF^9)sD$Cd;q;PFB^ZaC*!z&k>_JIm-LWKC0wk11 z5e0^o!d2e%3K+G6Px4|X6NSMz$8@w=$l9xC&)#iw-<|c;R{3_{1kjy(Qj!R8LV0G% z?2bl%N3jK7Y|o25?|Z0@eZ?lRa6EfPp8-)tp;Z>Mth73)k^x|jA){RXSXfj~A%x(F z#MV#5}qrJxL-e(ZC zV|Z>J2MtcC(3zTIIJf`thR`!^DlOeNL!Uf%q0CAI+pt3TPjF=K*NH)y*Na+O?-fEBGM=1wP7?z`ek_ToBC^qeJ@=YB~rO>FH znfv`rRRmeB3Qi@c%Eq$1La$t^*1!IGwcRZsqbyYh$5mLjdYC&*bBPB@J-kFNJZ~4> zmlzE2K!PpH1zRQtiK;J|#CG%jE&iGD6%DZ&j8R5M;+6?WT3}pBpFPd}Z#SMZ%WevT zJOdXELrE+$4q?=KHi(IYnW`MB`+FW;O=GVg5X)&o5Mpx17I<)1QQuqNB;x84&$F7$ zV~Iw>KQ@AAL2M2uCXVw=my+DQ=WsuRjt>PZy*{%)wr}@nczULMzBcUtJ3f6h*R_q1 z3=b!sB<4gJ0B7g%@SUkM?`s!(GqTEy^QTgHp3;Hm#+$cv(eEnA!UcbxZ9dSW=7NtkkDJu=w{!w5iI^)3Qn6V z6chv`krrm0l-5Ar)mGqAjpQ+=irDBG4W?BghNDLh!sZ9k(keY)^yZB|d-qQlg~%2I zas-GA9roS=x$`;Yb^MZR-ZNzDFd1DQvL&64&7yNjN?Tt17SG<#&Hx=OppCIHS3$wDZ!Rc+y+pqCBu}*01Nwt#g4_ ztqX_CQO7WJ_7&Ht7$20Rf0VJ}ZPuDwPRjbNpHVl2T}Z6hsD_i=NT)iKNg$$TCtpf| z!7{_t9!zaFqpy~lt9e6eL;C7t8AkNBJ1dQpe8Q*0*-=M00jpL9Ih_k3k#^R9UR?x2 zLpm-;;6$`Wc6F7IbQDzVhB%5G)hb0ay)0bdW6tTJWAWXJ}GWjkfGu*-{7sdfU5e^EuO<2*KC=y`u8B70k zA-~)shY<%8-L08ewqOkkHo6AtIcLjx<^XVkT;IXCK(m3Z3VSU?q(R*A(r`P$ovc>f z4~|+86$4kTC$wO-Rj!Y#=34jcU<{Zt661#&?uXFMdNavXb@s(-5(Gd3UR0m1qlJU* zDt~Beh;8!3LXWf8>*oB?8GQmX-Oj+T`j*7PxV3Y9p4x_-Qey7{C@p@7Ld|y{h!5C* znW1sWSY%D0?Bahi?}Ux$y6imNvHcb+c>I)TEUAg+FIp=LucC)P(fgnaP=wvoO>A|nudLVG$Mf- zr-^$8%&QMz{fY*^J_2tMFI!Dj**OG)>zV^%@{tZsSS~FtMiV4ZO^2?3RA^RNqA8?{ zsnZ>8{;q70p)gf0O2&gp+bQT{ow5|v!u(y|N9wFp1Bj>7?A0)@^p>-&G>k?cWGBa# z^FTi^kfNCm5|`AJH_m+Ira6!P@#%9JUUTsrc!1`us7G3y1iy?E7#|@bSlBj#!2If4 z`hR!JK8)btmM_(|wF2TlUw&STiaP$D%^F_$T6^~w2il^d(;~s3FKylc02%HA`#ltk zGaS;8Xf{zfPKF&SQRCnM3i-_4^8WZNG3e~z?|ngFJ^(GbL`*nKcU5l_tf8Q^&{XBt zg0HRMp6j<~890!0ucviD&!)lL_9XH%JVp&|oxynyOD{mPORD zz?G8PB6j&ZeZ35F$$j!{CA3)hy^vq`ZB^4`ndiaS%5(3q{;jn(n+GEfE=0frG-4o$ z|H|&`KV5*J<{6+cc5f%X>fEBMNHa7DTzn0CY;OV8A)kX#mLyV7n?IM2BeJSaGL8qc zsONWnJO7_g<6@74icdm9(;c?Qc8CtK02C^@y{vM0axn}SF9fo%9aSy%JC!ZqhWhBw1k>ytaDWg=w9Vh@iPCV-l4HF=sva_XB5my|ka5-PBNOA)S zTdtDzzquB*594wzG9b9}NK#)84JoDTArVW30ac|_*mi`!w$^;w=1nED1W*p+y)T7$ zpWOzVyy2t`k(dqSnWuWe(0Pt|0DSQi!&#tF?|j=CSE8G1>8V1Zc8G zRDu?iT}3_66A4$z%u)hy)lT_mLiU62cXH8i1VOlM98fzSzh~7^onhnLT0wnTqzw zZUKD)f^)25IV`hlYV+ib+iV)Ca6pq^1CmL=*I~Bao7Ly~pxc$B9nsjoe{g!WI%P0{ z+J3PtLKxKlbU}@hfmccM#&tsqD&dcD=X#o--1*wW88px-+tk2LFbsq-g`}?ye;$?1 z?9Tb1aH^3-Ro;gw?+?)YP33{AJvkGHz^sG>LCG>e)MaI>+vZpDD@?paT=$ZqakFfC zq6nsU;T4$FlHi6_wwvupajpe4J;rm^Rrrs%b)G!TM^O`+$4`drtG^oMS5giqMu4(< zpWO%S<=c51A%vyehkqa5i`uylz*5)C^Bi8l52bu8x)N|l&f~Trhcp_|X2T=~jVb5f?O!cECmQV3eM6~&q z>vGLhe+YlOc$_7YdwRX~%zZ}(LxS`w5aH#m6-MH ztRmTi^BUxnuovDbY_QW*VTURRs+Uy8=m6}h^Kge(K%l$G%A-=25u|ZM;Mh=|@KB8p z6c9R-=idg7d0Eo1!dGB-nWoLIsHhhINk|?1IzgJrKB%fxn%Mn@$oATZT;kyrSzP0f za22jvUIf)zCWh`mT^u9eD=fdlp9u`=7wpoy6L~ZBj4vl$h-6r}FkkbY-VOnG@pQg9 z&sctD{f&qLONmw5_{RZlilRK~V(+xyuV=tBfqr-2{dZiuAz8D$n_kypIAoG!kD_A( z5IEdpRp7whhFM~IKnc+5IoC0zr}!Ev%OYHFp7E=W-bLVViz^W^pZ9HN{z!%=+C}Tw z2*DgAhcIQf!FSvlMErcCZkCkjoutlEL@(tzrFddl3|>g8o}B&~j>6lWTo4bDv22=#8vnPdj`eNe9NgMVF2QxuQuW!kgBa*Tv5zIVId4Y zyx`JqyypJ0j)sM2vD>z)*1e7OY&!94aQ@f>m)Mum0*QUbP%2@;ch@Cx{^z~*ssV2H zybTl&`;p>p_w&TKOW%2C1&$XHs?hE85neU~wh&L9CE$vsE_`s~b3gtz@F>2!0@u-a zldd3es^jcu{?ptFoEq!=4kZ|*d>ztRpKAbXyYSk41O+1-9TEFG4ts6m;gV#tFdB|O zEHY;#&|@@s-Kn0x5Ey>*mm({O&!O6{5sF?}Ri*0|Ri7PKed~%dB z;D7-s#Sflp`z~`lw$Omk2blnSkd#izoGMn>#hP2IuUD{=_0g>^>8i}k~o2d_iLkv_BJ9Ap!`MQHunj7Ec-L@i`!xYSVsLaJKeqf@T$@NgCoR@e2!SK>MELlF z)`7+awo=N3+{evz=(RLYQt<1gAu7|!#{HQe9E$IzHl};g=tn7ArgaR&Q7TLZYFZal z7%n3n4G56gN~DABbE!CrIl^gXd50B5Gth9=iPhjE+Fm;9ORZAv@=pqnUP~BU`kM1O zeGV3Jx8(^CG!G<#WV7oTQUal0h=mp>HIh)q%oVx842q!J9>27QM%VkNrr*}bz z?>k>F-s-CDBfJO!8HZX4DpkaF_kS#AAR}JaqB**|9p3kU^tpBgM8t$P1U`%L8`ZYw zI<@!j0@QY222-orJhC@tre-IvrLH#Xc7=NU-?=V$oAvH^^ zShjt3v&2=`HASF9sr?`vHMEant?wG-+Ra;C zkhGW%`83C+)Uir8@QaWD3Y%g+^HBl+Sg^DWn1f0yGR++&I559gQ-7UL%I(MFMX>W}O~B$=C3t(2*tQ=bigMYDlL6IK=0jK$EMh>)k(w1-~EpT>k#~dsmUmI!7dA zij4@v#Rb37Ot7|R7#vdDzXuP2d`gKXhl_rY^V0@lzhPfzn-oyg)0U>a&DH==Q7>i= zeKja9LhmacVS0mqn!Nl~E|1NjG8iCI;4|} zW6JmQPvgA-2nzMq<}T)7Nm1X`{G5;jGeRT?P;@0Ijxk6Vww;1LXy_2thXX0*xP6%0 z_Pb|$yFq8s-6tiby^SQ+VvLG~qq>Ur{&{M!+_>NKN*xOl?YdzQ2ROOi_N3blyr`9% z^P`Mld)tR)o1m)lC>jo`^&H;o4g|Q1UR!g41zwv)<4{nD@r%+OfZzf$(MliA0Fkip zfflE3AJ-kP**{-~c;skVvbIcUWsWWVGJE#_v8bl?toa%@8Z#rAv&Kl&vrtz$WB_0? zhf`2c$|j)yf}#TFO(l}#w$&71OTPiOABivxV(n2UzVb>IA3A=rgB~yI%!qIiD8_El zF{_-@2}A;baQY+FlTlhy24x()>}0tD&vy@*74sq6`^{6|ML!gxX@3ozbZ7(~`bJi`OzHNGGhX44r>pu`b>E5-2Qb{$zty}&*+jq)5C1Od z1P;Qt1s9{Ga(Ehtu_x=hY-GNDNZ?%xX`y~;a?zF9&w3!lE&BXcP{xX#?sI{araRl0 zAzST`;3Pofh?!r5(9>7ho!dd2-goa>JY2C?4$1zp;1?3>eI8}|bE>&kV0`)Q_vO{| z&pW0yqUJFGORj*vuJ&Dd?dth0ap;I`{&qHtCe179Jz}toMJ-JXN6+2YKRACz63I>a zn@)MBoS-lC(^^c}!|OOLM4RA5-Eq-(mSTXKMW4A7&3uu|UetC#kO4UW zg_$3q$#WfFAN16EwMBZt4zM$eIo4t0Z%$~j6z2eRFa&ghuzVqs);p7Od zw!S#-aoE3E@2cDS^ac1{zqSpU48Z=>Q+MxuKge6Z{rhsPIe)Xr#n@O|8J}b|mlXr5 z4>>lj0zP|Bq#buYxL{#hv`l}*_M!Lz(qmLn6C~cTqWq+n`0Xlh_4qPgrDCl#$ zJw81xXl!Idu@^DZfAy;g>;Ob^9K$YAb`G=`a38kztXF#wmC z=E$Z>0?jT8Wfax;)B23!UNmP6(noyxrg|eYNjedik>+{ zyW#?zz?iZ9q*$lq5Pr{mDM=?%lq8*Xm|w83koh0*31S9e!8Y5+9b!DsOsZg-RCn%M zb0oQtq~bw<0yo0S9VhLr90etbQ${h%okWuq_=Nx1TS{SYPyLR7es1#D(f0=;c_C0U zdkj_p4uE;z@oqIgx8P~Z1*lJ*il|c9tLCOv{-}1gIQg<5x=XaFoFE9^G?&wJPoT~u zg+KsN4aOJT$M|ADllyP^g3hwNjRZw|*IIK^qkgZ{|JL6{UF%>{-RcPP|C#yL?}3W) z5rB)^#KqgNtUc@zy@NQeuT8=|L7yCkB>7S&UnMB#e=t{Z!&Uc>MeY6b^}X2B2co%l zCX4*$F~OH^pVWuD6W;oOTEAcJ9;e#{&rd-fE}g#%{;mZ*m(>SO&%HKvvP2JQt$lAG z6c@QHRxVfj(~KkgyMwA@ev5TF^SR_FD*@agVSatA+sBo3gwZ&9?Wv^4uGnBNxI$fq zqZ=(r!3fH}a5#$TK5uA`C7pxke$wpyXwzdX<1jO}6&eVbB=?toG?YQ9P_!(W7r~y% zC!IM9jRh~1Mrv&CEML)2_9-^3d1atA{t83N$cVab3HYMt25Mw`moX(Rnxr}02Ddu+4@olY*{YRUih_~;vsB3^a` zI9&7+#lthysIAG-In5B%PvpxbPgVHqx@KydofX%8p-}bYG|t`eo?l#) zrodEe+lfXr8G>YZ*N`+If@GR^kr^6z&EalpTIc8q*Q#iED^nM$iht*YO92|=!6q%7 ziY4&~$I-MxD2^;dRtpEQ0K@B`e~T#nuh{;S%=i68RNd|WyRG~7`S!VFczZj)KIl$$ zwK~0?;ms@0_Sh(wzD} z^8`B*TfWu~?~#+x0TAhlovoNw0nxA#NX0Q5`tw8{M$)Uswo4vX-ej^F3mJT4%ido< z`*D}su1fKtCSjiMERU?>HM*({CpJx zbFk|)a&BWuzA&KG%r7Y5(>B&O$gj_*vWaV6CDqg?BDvh^54s;jC&tefLK7l%`p1HD z;XklEV%Y8!pa9c-u@xBTS1RIhB4 z`E;A)^&Z7>*!RkIy`A$t;{SL$>$j-8CX6q=Ah95^AYCHT4FXGd!xECx-QAK)gVIPN zogyF&(k)%m64Jdi@4i3y>_4#A^||JJ&zzaL@3A_dK}DC(RAQ{;)Q9E0ZS<$xUXD2r zQYz8v&i=3GLqHaY1?Y}1^K!O8h1G*^vzgvj{uW}UB;c8u9*`;ys_ z-Y8NqH8_YBd?V=Z0K$-)U8E_srD(s;nK!9&&Le?(!QUdH2TKN|3p(KGvtmhZAd@QU zk-7#A3Z2W)WNg$^!wk=wloC z1ujT*bQ(CiRuG9fZ;K&GPYDU_G+3WN(a;Cm0$bmjazpXtUb0F~R2cczFPz8y>sB2C0_e4z6s+71JR{l%U9ylH$b)L-$+3$X6LYS8N9e)L!I#2-FApWCt&dHv_%Pj`E(*U75i={i#IA)D9G#`=B7 zi8xEXywG4IFc=E0nX}t9+pgqf6w!o2!N1@%G9NzP`fmjA-=v=paF^kLH|EaTF^IDFX=ZD%u{{_l+5>{-fd z_q9e2Q9#Uq)7g&6kN;Rm?q#*)f6pzZQW;laGwd{&Fj#I1v$T%1RUd<=NhZLlzVMFO zFW7%3cO9>hokaZ}^Nn*7WeAonuno1JDU74-Ldcwe;g#RBBKsExsVC_aBgmi>lGPCd z?pq6So9_tx->e{iRtCV5&led*)MR=2Hunc1sG5Dr!;1?#xV4Fugn)@BR@!(nEA8Hf z{@CNivScJv1yX7S2X6v>(yMr19r4eaNz~~EyUC{If5jv?A{M{}U*t31M-;igZQ$hk zz{2=B)pWpzg`r92a27y{jb*Ct25bga|000i?e^vdX|;V9C-C> z_^mA)i&Y>0yzaP8Njq5)4BUR_G?TKtsHYV{ONvGx=}RN$&IHRhtuOzFZ`U z#Kg=eFtu0@x!wZC#3;FD0nt@xjRC{Y)qB&==v4Tn)mbeWkxa;ls!B&wYv=Dp5r~Le z@%wQvR$2`7h^2*Qx4CqtUyiM_<q<<{(e@GCBnm31jvSepLWin5cHa+e6^+sfXb~GbW z0+V?!B8l#@hbfk0cnjQ;+#B^N_RrrrXdVdx6diM6I#h)(Y83gaIr4c$VX(>Q_@w*e zgM-rFU9kN*eV5klFze0S*SJsz*kQus0p69*v%> zUJgc18qAW%$_!a!$;v3enVg{z*+|rkey=e|yC&|Gry@Zo!jv=&M)d@7ls>>WTMLAE+mb-&jPXd4Owl6gN>mYUadu zqQ3JcA!sA$mg;%&Y;hlP&*uc}-*tC)f3snsmey;r)YkDhDmWe5e`wPWI2;JtGt0gC zsNHxl#_T%Epi*YbtT6AnaD6pSIpcQPeV6!(XEr|ZWF??o$jABbkk`}e=i7;=nUbIz zc*iM8?)}3_=k<mqKE zKLtWoDS+z;Kj>XI&MzYo+e4(uHOGqY7OXUd4 zzA*{V#^;FTNlH#0ldN}XY3Y~!M!BPK?0;`|il5DGF3&sJ@0zl!b`V)AV_5xaq{DnP z3@;RX7{Fgc?#5#dP6z3kE_;NbgW_C%a!!7&cFK0+L^Ve(7+m0q0Y^5z@=x6QT>skf zHwb+#a=4}VTU^|``W+Lmj(0Uf>z=?QeQF+SkoUXG5TN;iZ^!S&nyltJB5rL*bkn8- zTrp423Ww!7F&GQLs>Et88nMa zg8EDcG%(~-B~|)tW3?t`i+D%}UO?+u1rUEql&@6(oL-M@_W6_GCk3x@gvFeoN|!r% z^oHjLoZTDS$%(|e4mFMdj9+mg`BG%=QGcIfeC1OS4wv!3#6~Mx`k&-joO84$*qleC z_;k^_)H;;L8h1_Rt>#<{w_l6PX}7fT2~Z`i0nEs!%RXZhofk{5pZ5m>*9#GDj*1gH z7-<01_0^#xM1A@;?rM=W492qzX_IIadMC14sTy*UWWc>#Q!bNkg?qf})12Xz``8M( z($BqL!N5zviRQHw&CPe-`a&Ho*#zOn&21Ly9ew-ndvO-;)$yFIliTdMn%(%w*PrMq z%r7N}jvA2IXG-()X#clIl{{KM7=SrAhU?@4P?acY<85_qLQ?>n?iI`jCB|E%`cG@P=a1SS#H%L&VUL`P;2m?_^;Xt1eNG zdY}}kZylBl0~fw(dilpTz9|uz5i~|TaRsG3IbVE(0L+%)*MQG8TrY-6=9n+Y@1|u@ z4X^bYlol~QF=!_74#sW_YpSAR9ULukU6Qq`zMvy>zjT^ju{LfWSQZ z^XdpCW63AUEcyDW)v$BAq@wzD0a&77y8`NrO!e(AoB97(+=k@IAe?LI?UsCygwXG9m&pqy!Bt?iCLP3S&h&B6!8AL;;c)h{CG2fEa1*m0}>oH5YD&?Si9%pRbs1a)zx|Fi?l<{rIew8gC!25f#YQ-v&Yp!xW#+74$YHqXSI+!lOZ# zQmD$1LapW5q-s_?Qz-kGn=7YpV4Y**3ud9sUFG&@%VjxM{Kw*l03i^WQS$Kz57uzP zTgg}7&KMLzPKs}AOye&lR#F+#ydi_$D5rWWHd7YoZ!917UEMotv*{;N?$UBr$< zH!%I0oHtRNnvhOCg19T_G+^SP&W<^Fi_j5U!) zrdD~y<3s!VfnPW)#J~715D(JAy?Y<&wYy=G=gWjAYPqW@)u$>%f@1twHSu_7+tA{+ zd;L{Ww*QCn+L6JM-|oE;Q22Mt)m=xnVc?w!_ZN6a47n*b0bK!*RDv5DB~S7jPcEL9 z<65hmSDk^Dhe#GLlsvDxYxX`37cMC*0)YhG%pI%aIXZc+i&=pFvG{xH^!#8IwEsHj zrYUGwHE?_FX{X7kHS~|c3hEa*1HMZQ-?YtJrg@961_p6`_*j{8d7mMR1^L!Q89DLW zR76-z+vc~L50oWpdX&?-5@(E$g)*F3>6pW1#d!JW7-V}toGsKMA`^mAd6${An-{pk zTVrYH-eFv<^z`}qDWs-4ZXiYiOzi9q${i4^p`QHt{ANV`-Oo#Nbg}}K?fcxe$*FHZ zm5SS2_OWQF@rQyQn%4kAGlkM`%Z@!D7%lg_$Lv)oRU0Q`KL>WtH_t9t&qmr6b_mH>?{JYnCYl zVCnBe{ry`;Diw;GnABb!fOK&tc&0UqwP?f`T`HAMUWA4hxMAHHO2tShi9v|*Q}W!2 zhQ8DIy=Txlh86WACuR^G;I^0Lk{xLC_hmBmzHJ@@_l5##1Qg5kL*U{XW^R@cR4NH^ zA3%(?e{h%01s_V@?0DgNp{>Z5w#0a?>o0Mbt%>b=f?CCF)J*+~E_BKAQoUao<8{eF zHdr%E!3D_TR6uU+w7hY1EDd{PTDg-xO^uhIkPkp8yKv?v*C8Qhe{m6v#kK`j zQbN~?A`q_)(@y_+J@nS^#OKT~_vtd>p|>Qc>yQ%p3*a}J$(p083S~}?u)PkRO2SFC z3e{!6J7a_LeZvFG{$GWDcy}EY<+t749%iM>U;OX4=SAT)fwz0kCsQvcE}#AsQa%4V zns@5BOEWgEnxjFTURbfipn8~u>%6#Yn0Vg*i#SA%&)ZM4i!mnw&m8VFs6%KMi9#gy ze9O0{s;H9#?QiEBm-%Fz8{^f-$H(KoZjZBR5d~`zMLQqPM*v0vwMGVl52I`M38EL= zxesG&H`774osat?H62k}diwZ3LCD*48fc`NMbr!~=UaPtf(b@~A2%UjN6g)SEOxRb z&yW|0&BU?ZXhJr^F`Kjnv2d*ExvY(`Fvq_JHN zCXJfQs*=KG3!?#P4CjjXf)TmVm_H*j4Qe#KJ!0K>JI3;rFWeAe7V6<`@luPU=^u+U z?4GW&@ZVvqqKv45iMsSk6<-PFqRB2YoGNgT)a70Uz19i&B*#noHE*W(ZDBrDcT-GNCm#W$hYC`LrwHALtA1it3 zyJ)Oh=mf0*z&Lr>Pf?l38);90>m;zbGhQ3HJ?KrBvEa~jlaEp`? zG#PJHBjb%QQ7|x_At~J|;;xSNr$zr+hAu#=N2Ve-fQ3wleK;ZL_zP~ej0o2 zl_5n$)?>%si4Ck6i$-}^mko4=+Xg(ZvTlquRJ6wU1YBI{fw>mUx;!=RU_1Xp4#APa{r9vk0hs0NCwhF9acHs1KX{yo9r#X=`4MsGVxiCez$w)h(^=d+)-1y+2x1& zMUFFnufW}_R)cO+nS3gVQ_jor*;TxhDvguoWEKeaDs|N9dH^AM44|0m!PLlaf;yDu z8f8N91_0c-Of3?Fq~TQxbYEUhh9R5m}a zUz?t+FKI?P1@2-?Myy1Ub;?1-@BhSVX-KonrqqjzkqwWAq#4k{NNV`DF~XZFXfz~B z9#EJ6#l;8TJWIB%Qb$IDcbrDarqtguc?GSEzB3EN@TGYYYKTsJr}K#`9dtSG-uWTH zXMh?8zyzTc)>VHC1_Q$ceIeBNq|-l`1*eAu@cFSvO#w*3s5sH$4uNRpa_occwv@BP zW%4CcLEXt3^gebL5~J8+^}915d1A5aoAN#bvb3GiU`z(~&iFsV9@jKT@?!<{fx{6x zs5IU2U!}Q1z?uQ}gjA-S(rVTU1eht|qWv2(Q%G`RKwMh*!1KBlUO5bM(L-sj})F0)-k;L|@A4F|G490DWe57Y;5RVi4ncY1D%@mAt?tBrk3J1=$z5{`LzDJfXJ;KbD- zN0t^V*l`S~l5$d`Ka3naJ#pha09~Upy+>3F)f5qG6Q$KwG&f_{!l)BJN0UHR4a)7h zY+mJ-==DGjz;{52=gBE|&^t~`GVhC0HX-u%2YKHCk&yFG z)77s?TcnBjf-NzKzCsGxlhr1*5|aN0y9SpUrgvnPf21Eqw9IPf*$uF%n<74bTcG~S zoU!zVqfWD=oIW4Bl*{LEX}IXJYi3K-fysP`TAu!S^FAj=03g5m2^BF>kjULXwSKRt z6Tjrx+EZeZ_>YBN)wFi}@{y;L6;)ILo~4SYuf*?b3S=SuK9EKyHV8&8F5o>e%8AaA zyu?MVF^?CKm~B_?TUS5bzzR16vLKrq^1I_VQ+Ti3c`S!=UaV}}3mPA?fYw)6{6>8F zy{io*rB?CuyNYu##g?ylxQ8ac@GW7}U`w9-(lry7lAx!Su+MCv@NrYBNWkBi z`daAFdeyxp+;Jgt^26`mE~`2@9Q2(6%eW;hZJTem6H9^d^KkCJk1RkTi5F8C@Le#`? zoC3gS8VR~?M;p_BEE1dQCgTEhgEiUWhp)`uZoAkD`*4f~l6+Zr^L!DT$xRd1QK;lU zSg@7KOHr<#)3E#}aGTXFUAdD;uJ!Sc?zTCWtAuY`Z_NZhVk<*O@Q3fA@U>k=L_S< zhP7KftL1#xS&)x=n8}%5c_Lw?1*swUIV(J`_8$AFuX0qK_X~J?dwBHrEm%)Jr>yRc z+L>HxR!26anw?Jn2w^f+!^m6v!6c*u>gMvRiX$`BKK}$WuKF# ztOh($R4P+3kHnXx_=oo&_5$XwMSFckmqix1Q%z$hWj~yLY&vr8aMW3@rVyT;H4TEV z4}Z1eugrRjM5aC(TikHt#N}uS(Ws z!cSiVYt}1*Xp3a9)X3L;QcSN~Om5}bdDYd);%}dC)Hg5Eqp)u|KPBvOuF!1rzJ4Pk z)b!~YW9e^>qFitaG+y+XXX~?ED;r1nl-53?CE*-Hhzq<=q#jS2qP8%Bx^ z(qxo_Vb-T6T4Qpeg|&2xbUEI47<*9qojfPiz;t88rObCa;i48+4%tih&)js}blR0y zRbC|hF5m=7;fJfW$FT#r(_P*3!z<(Go6iYGfu|cyoi`1}_gBW9KG$t010PQLh~i8X z96wE;&3N_nZCgZZM|I;#&TAS5Dg0wWbq&HWs?n(+Dn+Jw$@$6*`{nK%4YjUW-zK9Y zv1Sp^o)!JQVDD1Azr8)Dk^neP8uQ?wtO3l}LG<%_~PEGKSg;jBR;8P5H(8Fh{R|7^e-5fV;z4-XjMO1h6 zxvkZBG!dmxXsAT2Iz8?dh@to)+l4%RNH7wxdjI$sFyFwQ13{!hbBohwH+QoY!=ySc zz(To?#2F_fgraTnxFSt zCv-ph7n!{CIR*a^z&|@=Z79uE6&6hW&ZBVU>eAwO=dInlcDsJ^`|Yj1fwqZ(_ax(_ z?iBY6&{SlNG2fp{j=ye(Euge%wLkD)-tl9dR6UYiBL584uChjo(&C)Md~0T(aE~4Q zms>$(6dW7BR-e01o*RNL@t&)$kJAgLyZ*6Y?|3-(8ztKmh+TPnT-GsudU!f!wdRTK z2Yn`x>0u@yth3d|8jOg`Z*6Uo>z_TCwViFce_VN+QfkddGSN6ckz~JyGth&i9_fA8 zPm=pQ()qkx1^ad&)VX5tTiEaEd`q?Cwu&8l_I}w63hn2hCD0(G7^rRi;aaT$RVR(; zI8ll03Fz#^kn-efXQs(VrlrHjN6BMyf8>Z=ZE0CFtl~?HFa#o-;cX$A00fX8fa|ix z5B((1M?sIdk9M8#EDragGFO=#PQymboKtT-%P@(qm%b9c-?J!Za7GHpfTu~yR?XrU zOFbDeH>3KGU2WWJ^olp!uid}tq{e;QF-7{%Bj!PYgeM&?h8_zmYfCM)gq7!&5dvPh zrdBc7l~q@?G#)?=b)fZ*&N#V&Pe_6$cK(;6$4^Qay;Vk^dMWAh~(=He!>0uHSx>pX1qRteXR^NYX}%CGHuBt^Na|Zyl|5+s7x#gL?vU}6DldX186 z?+z+C4IyD5-Hbu7Dc-tS?YMTzJCA{5_jAreHg>*NoL3k7vu{s&?%CHmf3*Fovz==g z%o*&Ka0(L?$B+Js8ttT(_TrIx#~X<Jm7pTotO2$r5io`zY2S0SX}XWK zVWvr7ZO^Csvo6l#;|R$$)l+1Uz+G-BCG%U(OHN!)Im7ut^5YYucLU1xd_`gS@*oRx zk$M-8?4L}a$@@W151%V+@zstey|rVnv@}3$)?LtD z?(-1;(^?wIyZahM+uxqAB6XC|!x|?r|_aBR$xv)*i-}dYWmaLx+zZsbl zCNcR69cMSBD^!o`Qgc%9#R4V=7Ca4CJnXn&z18El-kha@&BF1;Gorb~aEbw+VzI zSR;C$HO}PWDlL-7V(9!)9x$42&nO?Ep)HNdbEU2!Q=1w`bAS*JKs6oa#w^?4SCwBC zBmCr97qey8OVwF56Xk}$}&C8IAfj~NJtPeM8t)qizCZ?i-iR-#BPb$j1lnR6X z+aX})esxiSP}+hV{eY#Es{mdY*AET_(r!K?9xjRN&H~s0L63))t;_LS&VE5U^H(u& zqe}j)$pp~fP1lM$w^76X3n8M14ue((_Ynn4BVhxAm9|-uq6X(i37R#AuPirWje4f# z?cBGR=Xrk(vO#;U$u=l^W)YYiB7ZYHtcjJ~9K(cpgjEXJC_Qj@U;q3=Fc_%G#89hI zMI#|KmHzsaW`r&FJZd@n$U4(2A+>k>i*YLQDM?m>zsG+&y|fxey+x18t^~8{&i#A_ zWJS~5^3P65q~w0syHb>_7Sdpu<0wty5)$kB*u=k@F72i508)#uBmz>BQFSaB2brS+`? z_BHI4g+p7Z*vVI0Un-E)O=CHWB8;+0ud z^rsLxb4JA4Tj6!gU@_87{Qb0`OWEgr2;w=gix(7l&ot}8`SV{~BwI30{5;%M{S^G} zC5csxp6C4ZWfK30>A;?=r0Do7Zz)#1r$AGE+XJlLW2UwAi~|FIzEg*s73ab2Q# z3pSK6nN~(|;`Y?89A!f5A>?;1KUz9Eeza-LK0Z;#E%IH>UOC!Ih)ni>68w6^`;syz zJ2QE(B&yV)v#TOJx`V*sXHkx*IIp73B}c7G3#Mp`DyzmV7Q!qRDI(YG)FL)(%nc@HA|>LY z%D03UU2Td~oMA&ZY;0^VzEH35_K?JDXrOGUIW)!oWKuSgi_A_A7`xov6$o3$9Jw? zwf8KqT{fH_BNG$fDldEZ!Dtr60zjX&bqlClKCfUuIl0#1pO8w{#iSFz8TSgjrF!rS z3Tjv(kH;9;L3H4I1aP-%>pjT_K!p|MTGOlwFan+mv9eVqV7JbDe05yM5f^Kpqt6yr z;K<>G%u=T9K*h@swd2SI@pN+)-yZ?Ei0}GlYv-L}&~^KB)qAHN#G_33y&~`l^?t-t zUnq`PxKjW;9xTt8dD}}XUM%iG`}Hfht8d%bML16W8@qBcJ+vVqY#7zUOlR!Qv}x5r zCrt-Yh-g^htMHiR;iU}|h~KJ({C>PFfg`dRKcOS|{q+oPk3hWWc!=(Qz2zIVJCV?Y zDT5P7BVi1>+`wx+2yV%AnazI3i6q4KEQD@T;1XrpQis=r6>&fv{C<+S`vlxxH^Ab% zG1xn*4`|{`o~#Y0dEOF2- zE5GeCm+zM=toS8?B~Ra*7aZA}f~^@Mx)jI)$RE~Yc_RYIS)g+WxjuoZlt%38OEp`P z!LG6sU+g4c9Ixc*9JIf=$;m0{><%&D<_H#|8bA!CJ7yNUOc)vHr@67@=_XH@-h8{} zQwQeMth++jKE7p4)nlQ!7)bC4aUF;%C3rP0EjDRx8d%DlT;KVL5Ce6|?q6Jxw3^() z!qY^)_X=OJeHID<9L(-7*7J(Xu`&U;-PsL$)jr;ds~mA|h-Zx2)n8xji7BV7F&1YB zep0OgpSavP;v?tWz8QU?ZR^gW8I$Vj+8j9jyQ?sz_qL8C&1SewaWg{!{-^gt0gG?E zifSZxxl$WvNe^*UBpLPb^AY5Z-_ddOLlE-SDhiD^gi9YOIc$d)9ddazNrpy>P@Nh; zae9EJjaeh*?=h(OmWcrU3()a(Ppiro3e~nCo4tXnKDT)ucF5x6DMk>&$zOkqIs%^4 z+zHQp!03Ez?Ibe!O?6^=sxGUqW9$!aZSrbDMBwCl_yTkAPDEJq>jVaA@sxioL76g7r_i9Dl;>Ly!UdyxfR`Vnz2O}d6&}DEB2kz0|)9dS_NBA*bWY5vj zQJKSiAaJ$BKK{=iB_>IY1|@niA&(N(wV;#DbJMlevVJIH%x`;u^JZN(LGBHlf(Z00 zK{T4oE(!=T#Wp+inm|;J;|pzH7%n3tQ~N@2B{8soMVS_UvG`peZqA7FY$uz4EYewD zNSRk6sU>yIN#PU-;r1j1-F=>SGM@KnXl>DT;9ps8>d&k=sJQZ6fumq6gv|+gEHq^& ztO{DOybR_H%j=E=BMn^!OpGEL`2cAcS1+Yh73Zk^0(eKqI1sVGqi(fwz(s4erR-oy z&k81}uyCa9vDNZfBVG)ni~A{-w1Lfm|Gjnq(pYX@6GpPypj)(GR&^Ial{R|1MDXhl zp0t7YSTTLdR)Dye&&6JY0+%+NDXZT&hP+0C`@CVL$WlL6t5^M=MKBGqX@a8inkU(4 zO<~CQ-Of$D*Qz#1yB9pN;<@cAcK|ov%U&(3iRe@}%1#Tt4xi&4-Pi${Hs7D=|MgRO zQdC>vpJ@cD5F&q-TFEf2A|oO#N!SaoY2o>8RhDvPVh)&G`QzVfosP3Zyr=c1_!9o$ z5Uec@zPN*>YEG3TDP-<=GIfTqk07;hOpunT8X8x%o}2`gkM{UoE5bT|;ZdfokW|?eg-nPR*K@ zN9gEK3okU8fJiwB=WoqW4%d|}8USs`5V%9HOEkq7>a>a%TaCPYPi-%Hq@2$RnF-Rzc*E%2Y7 zeLLkV7pM9Nii1gGEh2fVHc27&<{U;=E~f>G-&{_U z7va~Dj|cNk$H&J@(?j=@_tYAvx<2LDIEn*XLpYIP;@b!r1Ii5er)B%`o#>SUc_hAu ztdax(#;MD77O7B$DZ%8iPt1%v+c&OeX^=*bcOdXw@Abz68c4`uHK01{(cQxUb(*8VZK{RF#8!0-fCldwFM3kAUK(LeaK!H z!vHzZnsoejOe|AA4YrtIRS6(`ak(Dx+1Il_g(Q=h<&pnKoAr=hbT5l9;Y+IlKrjrZ z;OLyad#jYbeTx(>FR#S`6g_@^>bw}>=Z7vIVM384K~m+FIDzzySl|$nGt{CXU8!JT zz*^kaU~%1SdHKG1LK+x=TtGl-hEosorGje3)%Cwum)>mAGd3`Iy1@uiU)+x|?z2_- zPuqW=Y8?zy)~wrLa$TUBZ&mcX8cBe}(b8bia%622%W2R=1u>J(M*)i0ga4r7r{A&X z(GW)&zLQ#`K{ds7kxFXOd%S!N(ZY#1TJWOgi2v5?`-Bm+>-10`^aKHAMZWJsL6$`o znPAan!s4c6UVo8RzWqrer)bpmiyaDH_p~6Nl3lJJaP$Kf5Q{8!5^t^5|F-*j@#3y0 zp+>q#HR$e<-)XhY=kd;4I6MCJNdU|xY4nqLWU5a@+t!=eb>c~IVR>|L0yB^ua{Egb z;@eq0H;$O_jauqxu&?4>ki`A~jsQut=*-SEy2_Ps#z#5^Rn40ak@9CbB;Ul$cY@PD z%%l8^i-AeqP%MXe$9a85?V5D`DusPE48#CkrH-U(iKO{RmzqCJYvt>g&f(~V(ZJGm7E4JiMYb67W_rGc!syGM6Z8zen%PIyZkcd z|CQ1?P?!~E6=~*!1T)&BuyDl!TghGPMV{NGc;jvG{`Z&TIabUQ*MtK>cV!?nLd*l` zY-QG7lIB@rSYCZjmVvS9kzC)%{V~a7#foSDMIQrpaCFNc`@7FbikOj$)JbrSCAj9- z#J_shqEY`?L~}{E{8%$~v{9_;eBB=+Phg!%Xc&>8B^WOr^S^EFykF_) z%vx%V+7!4e_k_dmEiI;S+Is6?+5xqiA} z%Yn&3%geC>V>!v}?mE00D$pyaw*vY`J)yi zV@G!QfFDRLG0>X5@m)$XRD}!;2>qC@)Hk~{XD5rziEf5dQ@K1NfhoIw?K=O8KuTN< zdSKsP9R&m|fCw;4tIEr54FV1$ae>JIZ2VW!v*60D`~*?#UUcap5Vs#ytjC;|L7iK* z>#@h$tC4w~3HzhW;<5v*&rg-=vw+eDcbDdfwlqL-CiaE!!6#P&$k?39pa5Hi@$QR9 zBLA(8rUEYB|8zwODzii5b?c)oH}LL{c!_T}i`@1eoYMn-kV355xk%|1f>oom?nnM~ z&qQX!;&_=@iVtHdYiw zYiWJ;W*d?Eb%8g_%ics|!z>B`&x z;(U8{*Er}l=y?clkXL$Bl%+>4^|jMSj26l-CwWoZcKFBuHLjjvm0S|$Nq@%h`YG4# zkVyASqDvTcQNF9X*<0HFb$G{fyN+>(5QVCod93nkBTJTAv=i3LDOG<+-4jS+IoL6t>Z*4M?F|!)C&p#M+zWH zoGM-=J%4K(53)wGhMQX-vzfjh*^tYQ$k6GUC3Ry^(SOP>cX6~>R6h*KlOm{eI`633 z7|iWpA93b*dxy*$Y?$EL5#f?fsYrM_PRK9kajugr(v3m+T!)AUCZ4H`vYA$a~W1*_NvKN!?9y~5w=`8faFPckrV zINT>D#h~?(NyxX;;}`bPzwd?Z{^OHLIs@uYo}seMCQ4jCb!oo2St&vWdiiY7#-U{< zqnKMbA%Fr=yvG=^Y+oeZGL;jNnQX>NM+>2qPwow)-_aK4cy}t!+jR7nm<{@iNwbi0 zls43LBcgZU3pYTVo{TugFr$0HLnyZla zyO~h8=bdpqbF+4M|0lA5hX1@kI2oe_VwPjF>tsyH2V8=FcRs93BC;WooOqq<^ZiW% zr0aXLc^t##mLpsuGmySM5|XspB3~-Dbc(MgRqJ%eN>*H1CUax{iM~`NbJMD00P0^q zF{uJVBauGJdYY{t@1fA6@+B8r`OPU1nO0c^qli#Zq+hoxD+`|MVOBytNKYUUnG{V+WemsuEt!x%qsTy+rr>sykrz)qjenghIwd<@>&-xOrdWVOQU|KUMQ6!KQ{dI>9;AZ zW-VJPt>RiKfmtGx{nTYDj7f?JlXK>Z?9~FV%s&?5P!tK&E~cpj(Tzlq3@uMTEoYs0 zLExThNukH9#Esi}#h%?b1BIWERNL4S=Ju~>7leSO+FjxsHx)E14&dv~PsqYp;KvH8 zmqGZ!d7$*8y#bfgH!|Eu%}nPzW6RYCZFn&2s)jkeEHO9ch4%06Uss@eoM}IMCL>iL zx6T30fBgrP!UNI7%wjR^9T4`VM=jO*PK`YRFuCXxgbbqk;Ci7PVXu0$aBO66?Elzz z_A6&KXDLZr*^Gs*4Ay8k5+=9Tj>n;W&`^Q%PC~Mu)UvT5hAiR(jI(91D1Ux2)to0Mt+Js9DXSJ zNvi4Ve`_Xled>*HGadI+U{A-;W1@H|*8P)D(;lH=YY>Ry~3q;G6BG^68C6D0z$#LU?|=kw}p zYmz*t^%OYLiobO!?q3YfSLA z?@kDlH{GHu#M+8XFE!O~cV$YwMKwDihM8Ha%(0{BX7f@`?h;XCe+*0r_Aso`K4@|L zQW0BM7R!n(&gF_i!$m^}W*jkJ6yQp!i}SGK-O=y7b3l?`1yA;w%U8=2(i<5XQX~v? zoM6gB+wow33}$(hH5d!=4Cm1>|8!M($3E6U;y-BHTKreb0VVhRb+(5)c!B#@1qbX6 zjs|J z=TkOA90P4-he~lqYE;QVU~Io007k1$%SGD*_SMuoktO1^M||h%3!^Q)^i0!f^UIGs zn=+l+q{D@ zvSeHbvTBmk@Ytt@dg{_k7yWK;ki9ut6Rg^_CQvf0KB@nUi!e;V)M-Y+j6tdTh)`Is zL9ZhL%C__q7kkoht>Yi3r|Zs{2Crmat)fO!n|-7gOLQlQTv$79YeCNp*q!ir=51p3 zrJ|~VQ)&!7AHmM%{QpYbg)5gfE*KwRqV0gW752{BviVdb%=H zhf@Kjj`b!texMrBK(olMpW}Q*A7V;N(-<9Vo7EW<{Eb$Af|aw+GCCC|{ETVtK1Q8(kZ}jg{MIE6-{jf=NG8OGq)A zo=?7rwjJ7xnpbluYMR`(PgNu3iLHT8mzK*r9QXnC+(}K28pQQT)HS$T-PSIChT+e;Ub88TvO)VYPqPI z9W}98aN&-OiNYdZ(!LBnt;^HPbRd!`aP@yYomEs+Zx_ag9(w4MZjerC7?2oB7`hv2 z>F(|>kq|+K6r@{98l*u&B&87;ns2@f|8vO=YyH-H-m}lM_kNxf1_EFxAr>HQDLFEB z<{t~V^E*67ga}d0?~h-cEoLJ`VU^^?{=|&hBmHx+NwxFU(D|RY_k9>sa%Zz(b;H|% za9Z`d+tTbH=`Y(O7<%1B&i(=#MO`Xr*j)QuZL~xe9A~cK_Ntg4f&7(S`GKr+f}D;u z@u)?DV#n>1uf~Qze1z=j$k?ECi(0}%yWdNq{K-r7Mlu;HE!$hC@m7}`w^yg3NVHbz zZ`!azY9So#T{2+2`+k>>s>H6KzYA?Jg!+E!WTUq_|F(+(ob=-)Wv%jcZ+m6c3g&n6 zp?UAFj-NtR{vD<$G8^#8Hdt+SW3vjHtx(hs-(Q#m@UycxRA@n1jYy8Von8@1#?mmH zcJU5VleKVLhLK-ce2ecoNv{ZKDQhWy4x;c5`tXl_eyvoajbk}!cW_PG<^#Nu-5OVr=`}b!9U0{ zRVzua(1Fk{+4APoY0WMdn3r~)BmV$|B2J@eTd>Bf(=T}E?P6hB{TKu1`i@ihAYggt zb9-?lJGf3C^Fwdr@@)nF-{tc@WidLJ(sIlvi10BXtu~><-%t7^X;mkeOAJX{f^Z}P{p!T zV7kL4N?NpJpglL1_$*K{dyx!CtueBB`_(w-mgi*-CO^UZ=Prq_iAK3rE({&M29PM( znkJ?A#OlOY218ip%%#zKOD^o1@v{uInQ=$Ym3YrWvl$^0VI>$9P@G8uexH=7#SotS z+x)wU$y(y?SfFzNaH%#p{}*xlN=6G*tIe*HWY zKW#gJd2G6)6Vn)9@|qJ*iuMxaFind^sg!jI`SUO=7-+`vkt@Gqwu9pmW*{jgQ341r z@-gwp*6bW*(~oH$L_)3#?CCwFj$w1e{G1V3rEf@aYQ7BrPD^vCbu|sT{Ug=|zn(Y_ zSe!}{f||ItbXZWY)OPfARXL-{fa{f=a^-m4SvlTcEpfecLzWSM z5`*%QK#;@+@}s}b;0Cg+t9Qq22dsB;C%895L!FBRAeVFDx_sk5gO zGdZz&xZO+aIOKMh^jXXeOPHvD+BQsFSO)${es*LLlw8i}%j&+}SbJ|5J3+ISbTaYF ztV}A!6Xe=pVp#YP-VG@dM;Joj@bKxt!zP>Ip(GJTeuF5o?Rmu#!5KGgmP*#xv(%W*#$bpd1 zWfZ>U?Gi)7VsYO!=uFGu#xwBwTjAJJC}n67^A0vNz9oMp zW+?=@A)MT^<@Ya17$itha^+Vlh_Z8FyAI)&jw+2KzsWml>ki}d0A*yErue zG~g=a=??@PWSXIb>O@0zLg~)`49<^fNQ*WNvl0Ad(Tqbj$m4uE%U#YEDwk}UY#(i< zeHz5~UL+F|Gt#qOdbN?}X7P^&Hqd#s*;zdKce$yVv8kZfEKLXbmTgC6>nob%-nZ0@ zjC{IkFR4kOI-^@*UME|YJ`yi9hGz$NqH1ooEJZFOXotFKWA{(45%WoFSIiW`Sw_wa zt82oG+2*A(GQA_?Q;EPx)cDY9FyXulHBk~{UQ>;3R@Kk7Rm8v9x!Un>v2a{+{{hhX zF*(N`Z$<*PY;?(oUR`_XJt*ASXV$9_ch1QF{Rv>IeT8#IOHVM5yF(!eRQN+a=N zV=4jR_G1+`+fk@WQzCKn%J`EH-`) z`_z|ZOQ9Hwo-yd~Bg4j@r4zmMAB&E^z~o4V-O&Ptcl%pK#=$OI_kP=*z-20wF_}`X zyD`q9HMh5dI^@FR1UmSn71RdbZS3OsxUmO~T?CF7m+{0lUY$ZvV?RG`+&*rY3B|HO zyqjs6QWHQCIc(9gT3T^=rL?m1Vm_iYE6pM2PYErqr?s`U8Nt$d@?YHq*gx_Ku+f(b z;;9%a!sLHjO#>AmYz*--XJIu05Oyq5GIr8ZN~`f;B&8=D>q#NBM82(~1J6Gz+KXP3 z%X79!0N5x&-;$4-HtQ5SGdIg91RN;(wbnFgy$UNsd6#IM5+kwyAR`5Fb$H)qm{F%D zO?nt*GxfB8sB=x*Y>(8(UfHL9H}H>zbk9?t83nP8eunLlg<6S|kjf^?sooBFm$4q54#AiM5sw>u3o_8C!*?0QeY8oK5^9JG6?l_M=9#{;afXuB1qo@~>vzA^kSSy~?Bve0SWLh@akZn1=dlY|Y>8WB3eF zqd?p1@-1-1tU#F>5{%sx9SKSFz9v&xLy zddo~4wK{pd7y82Q;(qdeYW8;3E?Dx*vmdYKJmJ%4nPNbAJdjBy)H)GOZC(Jk%sSi& zTZK=Lj&jdV7BzG~reN%kNXT!a{(8G1)H|XgrCK^g)Gc>vnb1%$s^E~Qw}}z-`s8{a zHq>q#B5Go4D&KG|qqsw~5X#_5ECcPA^7-#QBA*zmtz0Zv2(m;4$f1V#X<1~Cb$1?DWyx+M!ae4@Zu$dR@0LVv(nPh+mG`Td#% zu}WV#;>V!Ssb;#9*X#&-n}X4xXWbp`zE8Jyw2zy^&*Qt*k+(%(cRBb^D-gjyD^Z@e z7Gfl<5J~wSE;X-}vfB=fmj@Y&>7sq8rrGdC579i*Jk;|gZ>6PbN~Q7wVt)w=?sWO` z&mzjdKMH1f5}{q9~AOsJ^1!x(bGeW zbez=E3VZmM&W@iHW3tF%-NEi2?tZ@@Hd}zK|Mo{_41|YIcn7-MKKo2Hdpk1@(IElZ z1Wx&XmtDaS`$oTcFP&K#kQ-K=b(5+bSDh9+_Vmi#%iqnz92Uf=zb|CtI;*$T`W5!K;~xh4tYb*_hyA4H1jd)$>QJB#0Xc^w?7rKsG<+irJJq)P3>p8wJUiD6YW1x>kfzhPWZg8^9Y1 zXJL-_%BJH++EY(a23S-6I=@x~-hI^RD;@||H(vknUr(Uc0rFim7w>IccQQuZ{t7?&lW z@?y$<#8`16!k=0m$0UGq7zybV9&>#1<9>!x7meVm@+bVw{Ky|_q~du0)7PgJJam`> z`NsQE$UyCxAu!j7q=9Fq#5@CGI6l3~yNEJm?N47b>E$9pR;$enTko~w78<;$`}M^b zEvRE?2z0{jd81dGUj%tVXRjouI)n|3wcS(`-36(;Z?5;~qznw|?ezrug66-N55f|Z z*<4^gq!pnUv^;~o;Lt`^^*!kiqPz}uN}=V47|_qJ+Zz7c;jY3WuuRml#A;Ki>+~(E zJo4&x;B)1WIdH_{y*YnOS>KEADAA~Wpgt@R-7xmT12o*Lt7`wAn;$b+ZT&O6@hp3` z4sCYf&|8F>bifD+&?@zkEXK^=H_7-PrIha`*pbO;8GI+uM3>d3v|3pm%AfG&EIqDN zy&ne|3!d1v1V0Z>jHQ?bUoNv+e>M;y)61!?jg8Brr?+8Huwijb`VyV{otF;@nZj~R zMur8WeopNp?7si$&oZPf=F1sqAQaYZImR6^RsIJ9 zlYDSLbGGtV@;%wQsCKh`u|u|TzRkJ|IUmF zZBtZVPpT|Qf*-eZUme&&OO#69y)PGbFapln5kXP7L>tvRnnA?G>8dU-UtST-zTv`6 zIQV8`&aV(QV%bf0H8HT6oUWjbzO;cDkK z&wYvN&IhZ+!Gz){2BCOsRag22K{Th_xMBCDY7vvwBJ~<~?- z1pN?lW*N}vF7ET#*R-lLd@`NYXL%lR_S#q20aTM*Nfe-EQs>@nfDIi)fh9Iv!-f7I3xd4r#vw{8 zwT&x;gNd;jmXc+hSTv7X_`YZ&dzFDD zMl&7EdOV1{G89=Q_7J5=h;{t8KBW<_KyRLxiZ$$4T2nN-Irvg*ujU!Y`r1TC3NSnh zJi9Y-3oZ-Z2N#jyVbU8FrMu-aVgTT?>j3Bb9P@9>D*UFZZ8J>l2tXw^paKM-q_CX1!762sHK@&99iG(tBa zHTaba``wRC$xuRiTR{4_ccs$f`{Vf7HcE5;5ByYC)lK6p3Js7uSz=830dk!zV8%(h zt1Jj1gm0XllFX5x+`H_HgD`_TyMjn*RIR1T&yrccG3~6FG7H>XDvfie4q9@ivig4iAUu?7u@6Q4{+UHAvs!)`r6f215lHZ9B^ZFERQkn*(vcbv z3kJw;AM`a;YZA{GUxWEwR24C7vG}fo1t-zs;`j48*qas04%>stzpJw%E5`1m*^P$QE})Cd`dw*G{be=l>P8Y$j) zrWQBvUt8m7r$g3MY0GqZt-9`f60M7unTCo*=AHx~LGjRpSkCqM3VbdC(#)}W68Tk% zh0%;$+Lsi5(2S}`ej8gVP*y!oAsVK2#gN=3Hw*fC*u6L5N~$*|aeU0kbK0cY3zmN@ z7J%6Hs>Lq9C=Fm|uO5w5)F258Htw^G*&1=a={u#H@`euU1$j}PXKn{z_W_corl1-iR~gG1oLib6x|=EO=t z4uXB!%9!%JUE#6OAWRCuRW?~vXoayGi7W$JDqAdh1U|i?Don}RiCg5wM<6FVqm0fx z8$$mB=<-L?tGtCMM#gm|T7^g)6+i_N4}br{BR)Ajxv%w_EFR@ezJENw*bP#+=wn4v zO9X%vfFvV;*c3h_@vNEr8_tb~qoSvgqKq%9EGA0F%F{0g1W%uKy4+;3Y+?xL6SmHmOiWyiZC0B#;yeZ*kjBsgpD}P= z#zVx{2n7;Zna$(F4%fhYD(Qy<{0`x(2hMa2w1%c|%kdyi?WDL%RUi^5ZDbe_DW#}D z=a?wK2e#Ikqfef%U8!E|OZj0CZ|u+%<($};VygWbHIm7cf9V^s4>j~FY;AByVYMk5 z_Y0=|-SqQ=i*&4TN1;u_g5h3jYG|Uen7f#{AY6xDE=h?_i--<0>T3G|3#{q;xQk0y zD?-KaMw38IR>EZC6pq1UShKj?I#32H-RgJqYwYlEeq2sT;qV(}NeV8HjjAt_>2m5U z`Nv|z(q_+WQhE3NQG6K3ON(FnVw6FCqk>Nm6D)&69=#opOTHFkYEcIsgpI4x^R0Yu zRHpBqzCNl-vocay5)bde44_ygw&Bc{T?Xj}dzFgY%$I^Nt5;v{WY+J-jh}Y%uB?n* z=B@jMOeDlLS9;nw`zsrY7=xEz)?|Z~pF9`7akwQB7AXN3NWV)#id1^5#z&@S^NsvY zLn`FyB7!Oo4zx!MFM~-eKZcGFql{qG78fswrMbN-bm10>{o2zJaQX;04Y_Tv)GH;2 zW~D9xinj^XnTyI~P_=OB7n0;P<1B#60;vN&NDkDJm4vdWd_$BAwa31W8Dm^(<}0*s z8)*Nr(1k(r^_4(c&(8vITeWnik-Vjfx4W;w*0wfK+S%dp%W*e!giFu}333A`Ag2td za2@t+9`$Ww*ym(cDmB66O+5gef!GZI@}ON4STmXTvbCi?aj_l65E2maNl6@i<)6K< zwoE{C;@w751gor!ntpK&np3kOvLmqC$6pt6+3$W>tJt{Nq{3hKGuM~vdA=CqIqC7R z$c1;TB~%^nM8KrMWEAg2?K3V zV_*8!jmb?j9RH(8JJLox7hr(_>d2Y zuVe~G80Z%Nu@GkWP<%klYmKt2>?>J*%vCpNTXEkmWWrI1t0`sV9C63ZmLB?>$rAFW z@T78-Cj*x?DJQ*!{)+f7g}IC|dmA1}tDab3dy z#%&)@WO1?T%3!0TmR9h0fp=)S7zLKZ0XmOtE-oE|MbCy$3Fdu>NR=W zeTw+j1y0`99tOVIT~^ajy07As%Q$wq-yX>*D5zn<6dtD+6}fcQMw5QnvXc&e*dH6E zbgY5@a`F(qeAG+nUU8b7nmiS+U}Z%gOosUD z`E&8vv+Yxy;B>dG`0pWEIDQu&Yld-r_7sL7MgncMp;>R7<`L_xh-l9~aSQ?zd`*Q~ z1Lp9Y_R1Bg;~$u5lTW?7xo^MCkv{#i10pSWdl{Rx6+|o@$4@vP>75B)w%{>SMNvUh!=Q=v|ek3)GDF*uhVsT zKIFlDtaAT&~0LwxlEE`Dw4{**m~v&1-G2Ypf5=LK~`E*kz?YHM5>cx8H8+Ate*O zGKuH~cr3)5_eeXn^!qo_M3*?%0N=yGM_sF@aH$*UDrG;&KGSUyT_X(K8CuYeH)&$h z)!Nq9OhVPDpuyhwkHwEp(U^XV`33l?nZ(`2ERVFv+OP6T90Dlx@%B`zWjpuA&I~avt_6pkjd22Hjv{_c`I0EhHENwcz|?w z)-3pL5(6&%u-T8;aqB)@ffnRi4rp@RHXZgQ_{grooh;3RTTVOwHd|UP`x6E74(+21 z;9y$k=34YFfChT!e#&eX{#D0EiA!)J1P|ang5>BFJ6sN%>HCfIN_?96tFA_Q`%6wc z3XUft)T}OlN?iT8-1x^rO*aKqEIf6;IZ-rid`QP_-QtY0M7H;@-PGdYe86cJeCw9P zsCh`Y+0t@C`-Sn@jJndBqVn zt=DvC$Cw2^ZI5V!U!$&vJU=D`z;%pCF}V}EvF(2n@sX{$zivT|qZB|!mZ4jxBvN=E z{VSb7`AK-+G{ds)-TSx68I`1fN>wG-A7ArrL{tj%xwF^N!?;nHau0;^A!flqsn0%U zo&^QFMGIP}pt#7Ob@keN=lpj6 zyKTgxx^6*IMf?&LsM7_Z4AWPc9aqG9)-E0q0M~hOW-WS%P-&@&nsBLz{@6Mv5`@+K z0m(pQ!+q9qBT$8%5{0Psh9d?%*inH_M{no7A1!)TU*N?w*W^vS?P}|8Ke_wm)P*O% zaq4<)r0U%0a=52apNv^wtcfO!Ew4~&4YhppDvU~kz{v4F7?eiW+PGqn)r0i_^{4(FEl5D!v`j>Td@>_F6F2Gr?R2(o&rIu($ve5eOslID@ zy=PH3>qT_L9~@h(ErW>AIaA$#EX4NwYM7N)a8LpMieFfEK$t&tCMK@D7f-t%M_Ssu z5AjU2^)kbU!+j=`98o6yPCIvRE~S=6YjvwCG>T~PVuH#4l-E>~?3n;Qz5ESW+UFAj zqB;U)mp}*M!pI(IGVpSFI@5>Exk=nDXXjNf$HenKPRol)c&*5{^_auML;UV5t=VQL zoC{<j}z zuF0YGv1T!3)pS2R{H1-m!mq1y{mK(TC3Sc6`}x}JvC6Y^vGsxvkJF3Gubs(@-(W5h za}gOV_v3N%e&gYxrRc<4+)~w?KBCtgo7@stkw5+eflcU1=_W)lRPp}Jk2ZGe_))3- zRp4)`X)MOqui*)iGC;}+!l_B3bE!lhepLF}Va-4_dYr0k>6^2)z86cokkV2N1Aju{ z_HBmmrMjrZxqahmMnty-hh&EnZ8elhA-H`Qm>^8bJY~q+G6GC{H>t>a!4@1+=ozx-Ud+{hemVV{5i}JGxa;@xZ=s7#LZtqr?Fpu6k-dpm zZ$ItXAViI3+eWd~Q#|@&SUwC!EB$bBu|5QU_xR8Te|k*m77`URtBW9$S*qu|Ew&#q zAMrbt|6Ij#A0uD9)=e}`;2Bm8t6+->{ra++sr&Z#;9De>*mOF%;AS^0H3A%x#nF|V zS8|-z!hII|g)~J~bcU7}?2*O8_#+LC?q&u@o{5PlTA|g#Rjz?&Njx+`PX%TncTe}H z(B_rnYp6{%-!cJl3-Jx8b5V#4iZY-BB|!~Zbj;__l`bT(M3;4cMTGg9OpTuh5Gr)` z!Ak#2J~EP68L2FCWEBic>Si;kX}#msaOA&d(#t|;oY(3Wnx#o{JyAg zqvQ4XDo^O#cdtdl?l*LKxy>N>;b~8ZW(XP|FIBt0$5Ji6K|M8`YWS3FVqu6JteCU zifVYSFJpc=J2eSIrXDhg>BEbyLJi?8MQeWGxxI`G= z9AI#%qZYR>yvK+^MAt2TlsEo(Z%3C6dXDq>)c0gc+{VrxaOw<&W|7o!erZ@U^;%nR zL)rwHC&dYKd7N2728RT_IDZ^o6nrT^ycQAZU%vH&3Jp;bxVwO8nQ4)-nxHlvwTE{l zwNzH)wv84t;1d&LiMuUrhUH_I+FH}Vhhx_l?Y|x#K3H(d`cU(}))vd_L5=l2<+Q4S z)-r+KO4K|741s=jB{tEU8Lw#sc_Jzd5iH%qNMJ zjZE+PsS7M#bK&vTT*RFr&6nY@DVV?r-kru{P%qJ>pm$sWSBU`@U;(Ncc_*US-6j1V1L2Nd{ay^++$Zue>i>6E`ND zv2FY^q}T!gqS~I|cXB+s-TjzP1fdPFX#2CEp9tB zH~l`6(4n&_@aRNA4}FW0N#Q8ZMoM(GSFm{y({+Y;*D=NVNDkS2=OuEO>*4M%vZ5xT zFeZCLLEq3&DegDmWr|07j@k@3y9*XQZZ3qXU{VX1!zkNZwvmp=y6#zfT3?;aX*eV<%fA%Q!UoGrsF>mRhxTt)tkVk=v-v~|#kiO12q;2#TbQ~VN42Cp?GNFWE`=k$F^ zU6l$vCTa;uuK4knxwCyf37?TwS8Qyf*L*Fk_7E?oP^P*jcZ3qQ948BeY$(NQuuy$3ZZe`dfa3q%IC6~ON%XHj>IMV@o93i+O<{%{Mapnle_hR zkmhBHfV-b0kuQ7}qYlF~c6J@uxU!Z}Os&ZJh zkLep05NaBo|4I(aDc(BYwBQ1z)RDLl0Xg5QmrYeFa!&9+7BI^h+(^sJt#noijb!Ue zaGb_gv=B&!Ug@+GPQ%cL5vv(-W!tolaOi5RqY1e>xj&tUek$SHiij*uw!w9~mMW~L z>PJ{FB-)ByJ=IIz^qqRI!q-DuobwT8{EZ7d8&`(-6#wCGTpjRV zqgDkl4Sfa1C$rcEj7~@=nYd%>T4EmwVUZ_hHL{QgT7Y z1Tl0kkY9tN2lWwp-y<)1d5N@WOe%jpJLaDbAOrDbVeir?W%j0ay2VAr-v|+2Io=`L zC^hp5F*?2}wha1Mj9fN-)liTA4+gmq6DrC?{0O?wW{&eZM(HKumk86mq*{T1J!Rkh zyMFKC-Uy%dy4An)clRX-#i513#joi^~l@?|8gOp zn|$}U=}#8!OZf3<(io9h*-VEXn4A&zxibGD!a=SRKU*|%Gg>y#m?-C~>+*`q)ZhB7 zngW;$%of_8`Zq%Hq&1lQj)q}8dISUaqZ~5>{W1ohNi-ZNtG04-SKqVV+#LM0f1vUF zixu_B^=Vr}>TdV7bt~;%36-(Pk&k%GVbN(3NMECE`SiL&zJ?k0?-@D1{6Xj=9J9YA;H#F{{Bs>K9kJbr_#wV_7^m6(QyTe!~X5 z=Vq`D&2f;cv@%K2N{|w>EY>?dSs*UwQukf&_WgDn`L*6kZ@T7r>}PdiEzCNM8*skP zB07oVyMb5IDs5U*h=J6o=O!l?(!-1##sTubTZ0Ky#xc`W@}+wx?;xkJ)xkz?CDnI) zUtg6pC7S%0tDL0sI!9$7^rf)k_PBJ*q#c?1Hp8hXN6PSY8hqKp5u2w5{7H^|6j4ui zkjN)Z^0sl!RQg^cj_HkN9l=*$_x@+y~de(vBj0|tTwhwd#p)+AdyKg0gG?R%Mz zqn@|_DM-u%b)`A@-o}s{D%LkS=uMQY)(Ic`H@O_DFda3|!5^oOb6B4<|FH;IEm=!ZDnn!!|7PUPe@o?-K&_6~KD!^9&O~>2x$Sc!W%- zGhM6@9lfjTdVKn?UfPQ!dd78>&7`P^C=duZnu1;;;NkN8_i#X}x@AJ-*T)Ab+N2oF(^#ug%)% z#=``D$j#!josId+c@jj1N;4u~_CsOQA+*C#$ZOEq@o=`|sw{;NY!)*IT2G zw-YJP8!Z9T0$-K|UHR)DR{P+77%g-Bcq$2_HQIJb-vayXo)wzenmX1@!* zakY-Y8@RduahLaNqIkBYCuNLLMx!;LD zip_oSbw0pa?zpu}E!<4X|Ki-|IpJzBVx8biWkEU2u^;D0>&vx$&=4b=<&Rg;GkSaU z1-f(e_)wPZ+@k7V*x|3QOI~ldgw4FRAuv(S+tM7M*Eq`o**cZ`}wm0lSnNC3xq-m?CfdqqMVS)4*R++zQ}R@`^51F`RG zIxDYeXG%=Zr9nZ;^Y6l&^uvqha46GD z!%q(EFpXBF%`WV?I#SEvtTmlE{R0jJA{5rd_&gn5Wo0~?E2 zERTqVc=RLJI8$lgw8FR6OZBaHHs{8IL2TOiX{{25NRj4893WgIc~+4aI-cvu@5ldT zlCPVQxeNg&?s~yYL;LD}4cXOEKFPVkm$T1TM@J9qgI)9f(D`QPg7Qk?0_f`89@!rJ z1o1^0;)?jAwm^b~gQH_BtV*b+0N!(6=(7>fYirXtWGLKjM~f0*W$xV1l0OI}#J46y zC9p-g@Qh#W$W=Y3AFV6KkrQ z_?BD2dOoSC7fL&`R$H92vvUrK_@lxv*wWM*sF`hwIjYw>zZc+yr_(eJihLTpq4!%= zv=!|JQ|pyBQUqX66H+)R^g||gqMf?d)_suldv&RvCkyV?S@v>siKVh{bNI6vv>{&TbUs7*cT#o} zeKFz>YyoEq8Rv1cD@7U0%Znj)z$E&6+)!>5SFZkm2SieBh}RFZ%kj{EwmHJ5z_!V- zhC>?~<_B8F*N_Uh$>@0=wkwkSbN{Qc;AspYB;c4-hzH}}Kh;ZL#;6B^Xlp*@BBDwt z9as&C2 zwfBjM-1N0soJ}H}S>4)0VH`|M4&h)o08x|El&qTJ2?q|uK1I$lf@vo!oE>vt>*$XY z&p#IK3dqXynf&Y-HY|A*2HCbp_L=rcI;quCg>+rpllHiGAzp#tP7qltc0XFFEbl=h zS2S-o2k`@@j7)gEuRQQHLoh~$FrYp*x=Ur8D<`s$hH^*t3`D>r5CPP1^-mj4eLW&p z6GRkEZdJ`}g)1<>pg*Rj?W{Y2kd>rYt5^K@;m0sU53Sj-$!@P;9)`&1>S$dOR3i$P z@I5PbK7=(a2u5?T%r(*frk5n(^FPH9MopLDMpi>eev?;SDOEY!xi19_%8Q=1hf$iJ zu>Y~hIqm+75pp^8UC^$;15{O?GP1%DjK|lSRIH3AH;t(?6%P82;l5S)H$T?mD<^iQ z@l9lUZ`KbaLBsx$SE-kLkD@sn2RWCPWHFlAa0T@5v$y-XtBnPgr4-&!euC~ya=G5lrl5C&OCkZq~j{O_uWPJ9m zS-ngm#(8lj1L~y6ehgBaMk5g>{({w_mX=6O2H5w0YG)VR5LL<`hMkWMRQW@f-)?s2 zpoq)S(#gp$Nq2NN9AC}uEs88oNk7Nub@Z34UZwQ-|AcoP#<=(ZxlzeF?SUD)gUn&% zxC$lz?FpE~Koa{0==6noo!{J+I>_f(s$#~2*WF#8wm%^se}ON5A>w=G$(Oe!&gW!_ zYGCooy6eq?Ff3B;)%Kxs`Y?&1;U)h9HS-ks9K1-W^Pm;^@jEBB`)-uEB~5-RvBi2A z60*eFCr-tG=OXSeUCKIAs4+Y>;(J2tB^sTLN>g;wuTev*wptE`Ij^-jZ-fQ&%Ij%rm^{-XU7IHS@i2GITML4~_u+BW9>~c18)xG+)yL&!+ z_!e zWMa!I<9t{2TmT7TFL9bFH!viBM#}TeeB)T5Vj2!mO1UBT7s07@rm{=|K?=SHnqy5L zB`KgOHvoU!WdS>tI^K#DG-dRE7%S@NVYIjQkEyzRQH+N;FiIy){dh{PJrOO@)u3z|%1)|h9oEkz3{rZAuP%J6bFcvL~uZk|f{Ck9fzi;-ZRy$*5^_s)j z?`iVojiuXlx9Uts_;fZ|-?tbSIt95#C#UDi&DOOAHKOLm&~%Dt$aSG=qFwB$HsmpZr_k?|Hu&ji>tbE}wA;tK`%CuWsIC_j@ylzkt(ixe z4o4**eN7YkB|8Z->~Y#_%@iEH?%X0?7%y?0-s)V&R(i3MEMV5n5hQ$2BnK{b+ zc3JUBTM1W@c0%?ai(&{Uoj|)pm9QWQT$~>o=S$w+eTryo*K+P*1o@0Z)=_8(^|mbq z$=H@dZjU%|&2bPdN!{J5*HbMW$2*S!1rzz?lem3o&Bm+wkvJJ2+;;=KYT|A1hGPG! zt^MrqIo}=|J|pzEOBF5_Z8b^pXLgf6y5MsF`ko8vq)Z1!l)V)FVs*l znF`0!dWJkMLC$o_m``tnUryi?3E2Em1zO|J1z$uw|M`E(B3t~|VJ>ZD?cou>&g|&J z@I>menVF}V^qzUm)jt+tkm7go;m(4PDll}vU!|G}F`B9vKFUy%y?M%tb#@Xgid2Q97hd__uVDI2&hl00Vri)oM zh#X2p;aICzRckKa1zOtGZG2VxDPr(t{OGmq2)f-|8auPEmUY=Nv7SKwBBQDr zt#YHm8F6SOrKlXI%D3f%9M?Fy5X<|ta(PUom|AJ+|KCsh#-K>Lg?cJ*IHM(Q3YKyn z-6+?LJuv};HbGS5->a*Ms}gbJ^`4(jxw1hVOe9YYy?*J(?PEj`6ao#gl zb=m*OY1avvmqnjjNy0CN{nuv)A&!UELn|dCx;eNN|^=ldDT~7h~k%<4JwT?dkKS*~4}W-qven z;g=4YIIyUx$i-0hcS_dhl0l#MRb;go$79*pAcl#W@>m;VGp1_Qk=B6_>(%e{8OoSj zK_DPs1(yeXm4@|8a?Yvea;<}l=)?f0(CuOQk#x)s(v?0{n`wSpx`=@!UdHO~kEuZp z>^44ethO9>2=n1qPpgi{(gDXmiy!lOt9#S1#O zEZ<;j@i8f+B{73}nY409ZSu9*o>DY_DkwWlsvNzYR3#G0$-uS<+0Si*ae#M@ge>{K z?-O%4EiEb2MsHHkooy0uPYQSYz;*ZF+>>zw_;_76ru(4IOQVqe>&M_0+W!mngI9kK z3+xuxe(_!+verayHoGE0or1>BMJ8Ro4~c9gf7pr{mds1ztJt^&d}G(g9uy9^O8eXi zu>|D=)tUthzb2YGP~u31y~DP65ng^mxLqe>s=Tnuzf_bu{B<{dmGLrS5`e$O$>4u>6KaCHOE+Bn}WZ`>p=3{KT&R(Dtk7*rAwUwm#qRl+d zsBwURFid}4;r+BdI{U}>ncGPkuK)(&s*%zEwh&o0)plyH+#DDb#Ysm!)Ad zpMThSBBg4x8C;B3_$8GDuP`e%msO~#91s&Cfg*Dqk_y6g?g5AV6GN%1%qqkc5-+l3yIhi%h)N(K{F!l#qtS@9v##SLn^thjx zTajhfH{r zVAEDiTJ>xeAzRWFw?14@lVh1Dq%bQmg!Dv}r3f?mqIs(+O(wB~_oztn&Lk<=d1v}c zPoqd0e)4zfe>|OKP+MIPh64mGZp8`i?ryT4B?!K@8<6(LJ9p_F+8$)qmRuzyw0rBg|7uk=lR`lWVngt0# zVTZ|koLWAIJ!)T*;wDVnRm#%S@K_kVJaz@6arg%_6UK8s9lf%+skY->xJhzXJSwl4 zEXYgFAVM8krM%49uCq@zRdPJieQOHSR!$qmjhI9CH7M&*8h7yB1|t);`fH*w1q`e( z`m4aZudQ*4chzX&rol&H&6*LBGNX#SO~wR7I}RM}*H)8;0^k}(c{HGDvsfXa84auq z^l+~F8$di%u+dV$pUw5N=gn@|#wph0rVOaqlw9w##eiGrqIJuT|C{<}IK1aelpI1W zG?Vsd-2^`f-g!*lG;MhaQP04lbCbm7=b!nx`Fi)u*U}TzL0XD&H6SNA?#gJ_@s;|eDa!PRHS{UcsKhdwRzubMhbYLs`KDRPH(KMLpZi}~knDG>HA>?! z@fOv)^!sM%jKNaQbI5FS00>p#g;*47loF@y;y};{NR0OGD+9hddk6qK5{`7635p~; zzO0$0g&{&WhNB^T`$PEy+R$&~Y4ho!r#Zu1XT-~ONm>f;&n5p3wQeciq0@afuab5| zU}_M)GP6>BRR1={WN+e`n>ME;z2uRwvt8I~I(pDX*#Zv4FH1(Ol{^OV(?yX=Iiu2F zAmV7)d(jidM`j!B+=B%sM*O&Y+t45+k2Ybm4{GYF$4e2>UM07oW_K8|PvfgGFZVYt z9i~*KaRLJS5cnDewhEMxJgo{k^XSz-V@6}EbA(?t9Q!3(TxRgk+Qh5bURnH%a*A7Y z&W7Xaa9&l?xT7RT<0f%$Cr~EUk;*pK?rL}RAX;Ne z*br5xfc|S<`a)c>WYHwfKE)vqHNiT4jr{Yh^0>L7hr(*temr{@I|De%K^Og%1(@~^ z6ng0pw^(fv@E#YRYlNh3UxRl*B)(bnE|Le2c|XhqK_DE7I{jxZ`+Ks?NOP@}(NDMY zhpyYbNe>%E!b1A*evBnGTZ@*y9oI5)G7tJOnEXghwa#kS2|S0xPLiZb2p5454U|q` zzvn;cvGA)zwt!+qh(p&;chbA>=5$!h@OU%$l9KT$hLocuhg8DSvN*#a!*eOIJ6Rz8 zI#=aL)p(>BRWjo?Zt4MEQ>_dE)d)%Gvi8(VCrnqp$I?j>6W{hhX%&a;5&i}>sbOTp zwu7c<7k*+x3wH<4MuO}xd=h2q*J!KZl)&|k-W3aX6B@efckF>O??UvqsJs3=pc2LKA<+b z(mCLtZtGf@HY{$HxA*rkx#ji1R0sJ0Y*2IV)*)*TI5S)SJ&~?seTbt$CI#2_gRRyV|O@@C{FC@5i>L)%R=s$!IR$7u}@W1$TV+ zOfgE2ae1rpbcDhv?$M_+LYWi;4S=Ju0Xj&EIteYk$F9W{z%|JX|4w1=$Q=q>i|;ed z3UldF^bwChC8&*;to&Gd!_h>_DR4jL-?s-+}NeTeLzce3tuB|;+f{y;pgMAy;7C*?XZkaFUrp6(+KwyJ#Yj07lvFZ1Mz4lYMWff{n0b=f( z+R%?#h?xh0VG-75NAPcAjQuB%7+T`+yTe1RqmUKZeg+elrS459QD$JW|Dp}UO5)On z1W^+sk^ATf)oO+8MmMlH$Q`z}c>HTrK;;!EwDbokE`$+qEW8 za4qAM2uJ(MqUXw#Q{wqbMx9S{DfACRZtOz5Ygem2GcvKt>;N6AKUKt->_XD{ENy0} zB=2S_;ipCV5U8KAa)EHDWLE2%&efU!b=z@E0?66?aTxrp!JLURFxy3zS@nJ=VUEOT z@tZ}YUit>LOj_E_N0`_5boqQE@f&9T->^@z8faUA`ZEB}q>lkWSYTOci7n#^towXQ z8k|oAD)3JNs|dA$S9p1Ah4oQes3Q{}T<3$iwiFEu=hpoSm-D$kF`auW14tyZ`dD`c zpst^MPD7OwqSU!EY_?BZX^7e#UfjV>r8}KupT_FE%i+}~lqv!0u;G>|cli#x3@?GD z{o||Q*1UMpR~Bbt6-+mq9bMPrf@d`aRV1r5;@2U3G%b1lZ-$2y0D7yU0WRKkCo#1p z0LlcH{Jz$CF|+LAFNNSlO99|5eu-kkZKk_azwnqs;rA5(VsBe6bSA>Ky$l6SYFCWo ziJ+MV-{zkE_j1TknhnPV5?fJiM5MPGbE2f{2w!#aW|a2xoFd=^|vetF^UC?lLV z#)uM|<7N1vx|qpf#y(pS2{gUC2!a3hMGZIRr63>3aPz}rZOYkuE8VyOkP?mhV~d}XRdi1RgNAewKZE0jTB zB2nWup7T3d9d^E|jm?t>-)<~|E$Q1tHieBA&{N=O&BAp0SQ2SZ-cG9;NJw`=p4~)c z1oc-VH#DQxS!X-h2^FYtuFi}3_U$^a_4QUrWrAIPCJfa0DGuXTy<9yCXE8Y{jVU4I zHAtWdk^elfOAcaOVW~>i!aM2GL@*fg`qfR#b z4R6!T4tQ}OX-D+jqft_LWuZ5$$-`F5GJt@d8;H@ezkwr;P+W&T9mEaAb`ct zt7xit~a^}?|9eK>e{CL_fZ6`FH1mc)S4FrMV z(SpR@hqLxl{Q$|Ymopd}`t)nSx2gnMW=q_b#&+RTrC!Bd zWGjGcn!I?^(u4~_wfrG*?_OC9gzMJTYdQ`P*b!ThCm=jHIdKj@TbNT7JsHYcwWEq@ zqPM7UZ<8wo#lHl3+`BU1m3M`p!AP!18Gp1 zx=9T!>XKzqJ9?*-V*E(3DosxG@#yY1b9u#TD=9`Uh-c(j<8-LEoqEX?Ubsv6wNgL* zXSxZ|XX-wbB6);p%PLT3SsuHvzi218OLM8Isrgt~to%2lWtTP{t5aU&efyVKE=#$< z)uTl1xPP9DGe(=wNnf2BLN;j}URiv0GSAfNG=fd*b$mV2GBT^A#plUXlV>}JVvHS7 zM{O1#lFw%@qT-VWkr$UzXsAT?qukxsotWdhsP_GqA5K>zCcFOmb{;4FrEBBI_U&`6 z*MZ6y%jf~IoG$LQGMfEe?E7~)!!@%8XN`+TnZOn?=|h!0F&I3{_aoC}AAmx%tbC!8 zdl4*{uLH1z*sO7sZhP0Pxc)}XevU|%X#27)l7?kDG2H!r{#N8Ni}S za>Nf*gndW|uRcFRJmBaRXmnAJyaDk~!8_@CR<6*_1Ulg-1#^qqL?c6ZQLgvBRBI##%lxjRYs`a;4liQ z(5Wf@hP7Kp7H8PH!?vtEG3K#~=dy{q*`C%Y;rTFZG-pDz&_B}Y5NfS2t z=VSGAm}H2DH-SwOXUlbA|NFAF{2@7C5-(HWD+^@;^04m%(o9x4eD4qnFGJ+^KcYoZ zU@Vyl-Z>oE&(Wjfycrs<|DBE6i$}PoG@dPbPrrMR&HnS8P1JepVi3RE;=7xCP}lEe z`xH9MX%<>BqiT9LxklWKP)&vedNDy`jsu5Aa!7La-bT@R5HW7ljuIH3cBiob&ys0S zgZMAbSj-2j-%>~aur$di3XUYfft(D@jT)>+!8N3e46~5_!i!AzpBA&l-wZ)uUwttx zjPpP>6wQ8=bZif0*C!9>fto!!J@&fi>VFnY&hcqWX$0fNna27>e@iw`>%)oTCql)` ziV7-d%?nzOKjSCy=#wRD4-Ye1n=#q2Ef95dhB=iJh8t~+%_KJLK3$r3r+(fD#($3Bs@wual6 zbI?BrozmUpt00Wl>#Uvqfo;4p?T##|V?)=7W7lWX1fM)IvYf8XCMT59+{l76^c;Jw zX5rtb(9o;0)M3`h{DxlS{!P{Q4v*-2Fc<9rg_uX;0Ua~EgL)szOYaKqg*atxtmY8S zx)&Lf1o=wJjf1w$U1N&k&5+`pt@cn*UWRUn{tUJkQ+L{xp|EZob$o}Qn$>g{L9;KO zhex`#(vOQ~?OzUV-gk+W)QV{?F;&wU`tcn4eRly0f6!i8oCj^s4b*(^mX;2)Q4_Iu zow7~Y`5<^uW)}#}XrgF(Pp`*lMoyigrW)_^Ba11}M)}7m(25_Jra?%?Rb2nUMo!Z! zz@cT2JfL}%oU@pZ=0Q*cM=l&=5OHMT4qbGuRC z`@Yzo0j+vI%SPdW@>;9j55C{&G|I9DCPssbOawx*+^tO^D75VJLtBZGYJOoLUMdiXiir!R z`5gQfxOl9HV=!{Aa1*Ebi)p=>Qeyilgq5!7a^X6HR(F$f5g!$(^@pfO zuthKQY_SIz#!9m^Fto#KA~9!p;c=lrF^c*E@iF+KwIbY9Bn0%}z>MO1E!_0CI8LSe zTNU{`{M@-z=Pl9K<5_Bk0ZgX3ty`r<5AGOVvx#(>X*z?NiYfSh2G^G-I9w(OBnC#_ z^YHBm#u_12K|8C6MU7)~ndafSby!f+Vtfsn^I(O7(CQ!*Q*aM&`z2FWRv?Nl3RN3e z^RGsbjY+UYU$VEqMULd+M=0cMv#cs(;M25n$H~@G_Y+ z&p!Pmfa7skYaVLUzNA@rf_t*Yhe zX_36A>S^G6;bs%5PuxbD`dQr!B)-Y6@~59zN*m9t(OuJ}*8SB|#=y!TsyKOr{RmtO zNbj4-^g>O4cxO3QJlU_3x?Dh73iCXeKpoiaEr<|Gk*`$|)SULN7(4&3E@B|IG?)pj zhfIrCpxdXkK~rbg(RGN$=u6gNG&DL!!IgogkWE0?Uis8_zVy(GSF1~H7*3Csphy{xH*#D z8Mr5~piyynOgI(8v~knjB=t% z$iS6L-j$0P5vo~?Vdu?JOTNQrBA@3gNZJPm(3Gv&czpU6y8Lmbn5)6N4DK5v-LqpE z|8dthIo-#Dez|h@EsYJCv2^vgs3N&$ri?gHlSXWO1{|%>hoszEMSA%no=g}97{9BU zt(L948>iovIzs~k_B?fTaX}sBtx8RKy3 zy;%{q;bjF{{EU9Njk{O4E^^T|u!xz~M`=(>p+xXXL`1{9m=^wRXoh526>F@^8psMY z2oY3YfGs+5>@B<5IsG)ZEIu@X7QZRiq!ST``n$}8zlsWkzwL@#F~t0PHj6Cq|EGuKsc9tDF4hog}sVU)Ao7vS{R65b*yLcQeyu{ORW`9O&Cvh}IMrLZq z(YJ2OWj3d3meoZ_>!n;@jO`nlfLVWHgDZ@vr9x?)zA7hwbt`-`hdu3$B*_vm^@qL^^R+-cyj{MML5;qOPWCBnBlNWgV>*AkL zk~E0Ts3qOoZq4^+#`Vj3IwGt30qt1wzI?$!ZGzNLt~qUNv_xUF5k$ziqaK&CXG0*4 z_QdcQWBZ4zJnUb5q3$?r3uZ)tdAkuPfnZ6vXZ!AZm>RKb$%&-;3T^5YuPg=E|7R^v zfYB)!y8Ep&@*1eFYl6%)tTN#`x5^2HXD_}3`Qo2XjlM0us8l@m5|IYW!2S{t zqJRg8ihFdTxby42&QI2t{M+5QDQ5f=N;V<@TUSlv;Jvp}lkmo;VZJ1Gi7&BaeB?sk zKR(L-={JmwI{>v-e1;CtAfx=Dsu*O|{K!U)N+sDqfh#3<&wA=yvcr&65qlXZA7e<< zo*Zq;8B<#y`QP+rdZgOVJUk$SEH&pRkD0Ln|xh(Pdty`__3f&(M1L z8W)vwvn~ccm7D%_$!<*cX_K9ES0ZU0>Ra^$OdI@jF*u23!J}At{8G@7m8eWgG2fk> z=cns#%C`4Wmde{Vi^T=8o7uRuagfjT9x+M#G=&+A^vPozBivZdTDi?U$E`J_qhy9+cUY{#I^6nUGypCE}km} zi!}JAU*0aB0Pvd?99tf)PS>uJL~J$RVSiW>{7H0{`caRT78ANbT6C~0U#4lgQ%uF5 zzrXj&0&(U+27X}voKbRJs_I3jcm{7rioTdCe7DV1vJ$CTK%}3aNwSmYiEb+Unx|V{ zmv^hJ^|vIbwd;)(3eMa0I+*tD{%XeUmFIGor%&bB?VWA~t97))!Ta8u{^@0XgZRu&*`)i}I1f(E5P{8a^DLg-adZkDMZtc@2wiHvPX5`_uA z{eYCNH2C+Q_YO^f#NFkqRxcBNFuZ00mh4kvCMMDSdq1Y)U-iOFR$AXcNE!t2IH<+& ztRKT{z9$Pxhz9)oJ-84(rhQy?6++tXc+i1-CW?aF?s&HLr;4|%UBVz%p<`aHB37h+ ztD3#CEa#O)+Pp^>vkl9!pIDa&#^LGIl%9F+P)9>V29Dvr5q5zgGcHIW5Om6z)^|~C z@s4&yW;7f+d=~3iurrsqLyrqr-V~zX&HE0a`~Kv8eAT|KzBv!oj}bf>U$f6Nc<#nI zfC2RihpDp1G$rHp_E_Vyr>9f@RU=3L`0aG?B*`d{_N%*$>S*wC`6B-hp)i5rePf2IR)z-#Ek(xQr z@2ni5SQ-|;K!ZiPy`OlK{7g6J+`ntQvHSC3qeAarDEFGyN$QctOUv%gOq>6~ar^Dw zJ*7lzE4fT1*(-|=?{s1wD4)-NMnk6Q}O%jXES}=@jb|E_fy*;;Bbrt%g#An{97`&ae`HJJazcFTpX;_)tDFVD0pj399n?sgTpV1Oy%%|hKN)Cde+5zCR@$-kJD}nASmCw7VBX3VpN=4ym^F$LU zCHS2Nktzn`6}OedAEkTM;h43ycshZlSL&~QuO27U4{LlXmpZ}dboebXk z{Jf?D_Lr?;`n;WBrzT<62?uraDvqv}{#$BhGwz4^mxjlA{(d(Zy?QEPg!M9HXe2ursX}9obc#9XoRZm6y%l4TjGBEW+3a+k^oG_d$H|l&s?HfW0 z5+w^60NYZb-&zl+c7e-2l|e$Jg9ew&J8vKEXE9nZp4n^nKacGG zscriF^X+z}WNT$gUYx1(8SMV__SOf*mL*D|ERaji4NMo7z%UWYOs%7SB;@Kos*Np= zD&hf8g{qZBb7iiD^YdoT;z@LR{2W(0%luLQb@tAH<14-5UgOuWm`Vz9zl(+U)8-_G(kns;+bQYY zn^KQ>GId;wqZ2Na7^M>U2xRUwdR^fk2}2V8Ik~J9X;Vns0_g>ufkV~R`P6`kGbpY^ zY)8OIQmZ$o3tC2J@ytZgGdt25EF}8TpP{P##Hj0%@8>#2w|STs#}7%SDv_H-)~*3Wc&o4Xt2VJthd@Lz~&jh_*sB=yZRM zo&H&&sEYM488(Jx&r&Rw;5Dp1t3PzK%b2t(K6kvFzFi5PZjg<%h*p!+Sym2<<$bE@ zkdnni+JO-ShJu7|+n2$h#2Ma6&fjdaz70N?f41JfsKAV?1RQtXtC$}L<{o`Ov%~-7ojoWGxN!~BGVnp*Dg$U0( zan$4810)Nb0q7<7*+Dmx`FV)@r`NckKnM4bT)$0b>G7T;!LE^gl(s6ffj}nvZ zam(*-SE8)-7FbeY6d6H17X>Q@capd}4-XIPUK>|aT1C}4vpk9KPZtt3Vg%lH+fP_3 zXt=~;iERFv(!_UDB5AYTQpt5X{T)8NH5~EA$XOiKjfMZO5i>i*Oq8VVnle{KI~%XiS_*kHlTj2?09Ghl z>`{Q>rN|_0YP#yu9ps-Toy%aR)6aScsOw@+S09DUU*}szW{ymK^@}V_Lwjx({t!>O z0ZHmus-QxU#3^)Nk(%e7YTLb~Rf5Bz^}C#vKfbCuzLSPM2K?@{Z8RM8;B5C=AZ|Y^ zsNRAo1X`fZn3x3txvfx4Vz>r|5SHsktr@Vs_M}hOg*14FH;HqI%(?~`aG0Gv69EC!OND5ewz*dy%1Edq;$SQ$wj=R5Zw z{L732{)xqEsD- zrEOKXyj7EM^2uU~DP}HhW=;+ezyq3WO|;BRsh|A_-}C)D{w3H7D?9T5m-OHq!k3G^ z!y36d{J}Iol3B-0HPN1GtGWQ}*G^32+i2{&E`cV^M8}*9u%*QiPA$m7;V-iJS3?Ad zRA++l)Z(kCG_9VfR_8W~D0ZwXYNgUwb|j%G;x1#nvWPtk!dTs9Y93VZG6euYNvQSq zl5TVpx3}=5-^#-tgPWVqRaZT>fn@I6!dNq>o01Kl)_s@ zAX_Up7KZ3b00Oy?y0N17u+h;HNmVa?+HjD{d_We|8xFYkMc=894himOl5AZHl~S2Q zdzlwKlFk*~I-aH)F%TewpG@Kvk_IhziaTNaLTeQIQH|QDlVDjn_oGIyp^s4^nRZ+= z)iyuS#>~~Vitptemoy>;GDaoQa^2CT#_Rbs0|ii65?)zAiH5n3O>U8f{Vy-@RGZXl z9DA#)WS{hz4aYddF0iNYRlAYe)5=9a3d$}i1u#oZBmuRs_T{8vq?%JU+u zpN1oAhXece{#5kt4sUQ^!=oZ>YA_20n{|P2fJ=e_re^ob;_s;<49@|5$wk8x8+tMZ-W*PkOj4EZ@+SyQR zU=#v4G)NA?1t7^No6DU9ezN|i&5&zH%cHHHA)DQ&AM$1SwL2Ag3tBZ=_`xdAQ{h~`$lf1{E=(Q z$l}jmqWlNy9FtTtN9reWKh$!)Aqt?<0*%)T#+8?q3AWQjNkZ_Y6(XhKx2x0G-vq0( z>?*Lp5!>n+bejj@pce{d2loLLMw!|Wkcc`xv!tdpSOcWo^Ipc-NOOB4+An&tB(g@L z&%le5Sx_i%);+Ms`FCV4KkaJkp{Er@1ZsR!A|wsQ23{RzgaT#Dl1U@$f7E(RmiV%hR&FLHps1ptpr9WO)-MS)z6KP4 zn7CM?eml-H=?ykLh$Vg3`;+5~|G-~ILBrI5LaauKIyAUDF7W^Lk+03e^P16q7J^!# zW(u=*bUa2=IdGt&!Yd7YKGI2EEr>0cQ{D#vnB{i*Hiwfz?jI5ZVF5{#zQ+ub1Yr)C z6%bG7E$~Xqq#e>K&eLXRWMtWSlH=>p>n<>3o#Ss7N*Rh22+Mq0Vnx zI*pd9-Bx?z=tO5?!#`~h$RKi;h9+nbVeldsG1~ENx8lgV(4h3S&f4&2<*GvT_mdq( z!L{U}=u85i`Gyx9z6quurXX4mNJ&{tkBPYSk*k1dse@Qk7&c1(*Bax+FToCPE`!l* zw4tjS?||SnpEA%*o?Huc_D0M9R{8uw^zWH0Ry~Rky$~1PK6S@-V*5LMpNgGFmTak7 z64@AO$P5NZQmu&arPjmH!ch9u?Zx=`793l`u*-8j?_M?nfR*0j3#cS3y{wW-&8m4@ zmeM)i$Zet@gmt^U=xn*Vx)cumq`BeN=lcWfX?RnpR%nH9+1=`uz^7(K6ko|?F4A2Tw7(TqRP7JvbrgdzOMdH5uM4;<;kSpjA7yqg~CnaOytC`);M!`Ft(VTo^NQ_Oqu!0R6?0%j-8n5(rE};fj(8 z!bf!NeP}DsfpMxNMV_B;74{ZK3{M#~xE|JP5wa0=o^5;*kZ3_gux(#(h=I69F=+Zb z+A$QQ{YeG?vi0h}%ULqV-v4A%xx;_zz1~LE>h$Mf-f<9e;u;c2h0EjY2I0k&on&X#==kDDIUIC(1G?ML*iY6(@i| zf%RTr-`>FulHkC>o^2d6FK9PtVz|t9BYGi(%+9iFR7CrKBl8%!e~Ako{D4#y;r{Dspep`wFQ!F##sb=yB(fUn@bNQKHSxn`$p;Vyq zl=@|WR7z4bnaAr(=4~m3{D_XU?RaJx)ln)_s7sd%?Ic@Lp(vf{>WXovD$&&}s`m{)vTO5g*q=9$EfJFJbdk zmc!9Jea||zSQtlX0@aWU=S&O|5(xr=N@)YFZEmysx#HjbLDR<1t5Zub-$B{^{GZVN zVmxyV*1aj>jTY;cw)z@1SDpKcw7w^1-Z49tNBrZU>n0TZ;q#Y`_rs?}`BxU$T#C4E zR}qJ*MBxCFv<6MR)Sy)Ls((0_0~#+k))#S$z9!DF4gg=7d@bXFrkUoy@_@zC-Kt&<~DvN^l&AhJaJ%}{Y4Tn~z za&9#8V0~K*xj$OOKeCbFP-2CqTGPfPvpOF^P-J9eOmg80hZqTJ715#``Xp{5G7@a* z65A}R%tec9B1M*CO|$EV5wB@#(N@w;(cx`TlOg-R5>~R;Hn}_vM~UF8y8rufvdk6o z*a&{0%DLo}5(5yWu)|HWn5Y6rYUD3$e(ggQ-r!|O*}G*UqRd#RQV4H_jrq+-lT@W-OMg@G?Ax#;Pk+yrSihsnA zxL^xV6BmG$8!mf-`dQLAL>vyyX6znDEE;CLkDXwaTMx6GDIBneHSqDs@-h{ZB?!TT z%tj-r(jK*X>DRaVn|S0-!KM=_gAP88Y#~umn9Xd_`T4m_1ZJu2SY}QiBH)K9# z7>-S9FigbSm3O844|A;qVNWE^HSx4|nq{Vra0n}&Vh7*5lw>%#Fl-24?6%V8Yg{zy zxX@sRV6SJcKa6D1Af-fqo6_n3$SjA6>^d8?cKB7js^eC10=q;xQT7k zUYv8P<*x1h7R;)Y3Q?@)RYDKPF4WYw-OVWCM2cv|Dbw4Q=GnFHUB%lLG;Xp>{gyqE zV)^pTs&*t>+NN3RSE@2_d1q8ATaJxXF^}hTA*NaRzR~4+D#?B$E^@#|aZpx2d?cQy z%_6Q7eY^Y1?WXY9+&(V(jk}ctAgaj5eFOIS(=|)#pbJ^JX#%q*+6)kJ?6H;F&F%l% z^6xy1gvE+fZiHBA#@a{)fbFM~Z_yhW9CAE#I-@}9S~w#UK~zn=#I|=t6M4XqUTn0& zT}A@w0S#WkWildYL|XeMiH1~He7tDhm7;B5(_22l)U?#Cv2MeCQWnbKaZ zd5%}ieqHaqq0iyYPHUpr(fe)p$|yp*ch&hMaiv@Bgg&azIf31>;0CKnJO1p|7N-~e z#dn03Wk0b`K`7XDB!H<0ev!~xoi{|dpQ5xN#_deTgO0gA3id#VaP9;r4iniz0|pwd zrs9Dv`kTHPrPG10oWQq&z2n2ZI zF>=Btdf-Zj_16Sy^kPo*eoi~^`DRbx(%VV#=D8@SCZ4nCWIgX{*XR3zft!QiTm55R zl?Glu-*Bn-2twJ~&K1Y0T#dzB@{@Aia2$v-0rn3A^xb2kX4gI^%JD1SNB|WTl}uZV z5NtrOB(7N*KDA9bG^zAVj^JAs8Jtb&jB%w3JREi-J#F;!fdhlkH~}=UptIF>Bs9oE zUx@3KMfgN14_I4R7UtYL(kWR6#0zEv-?V8Dfz4>FwK>)!NQ$McQQ1NcU7uOla^d|KNR7kiT(`?NJ0?N(vDG z`b!WcxUP=N4W)u~pEE4>aEKGZy|7mquC^&rM;W7(9MP<+0ZJ5J7*D!2n?zY%W(I&tzwmSn$^pSkO{Yp?X9xu>wrR_ z?}JFLdB{30I$u?a^f?K!Vg~NHXmr22KVTQavyZj_sk*v<&+IIjRv8(I8p1CHnrBsN zP$q7U2!u~u6XQWqAmPJJz)wn;8O$F;^aDqNPYK*j@MI*Nl~VhYe+tWj!B%hhtr7n2 z@pA+BBwtxrPe<`G)ix;a7YE)R0$4m$W8%wgn>~)36BD->(UNErslikmepd#VzgIsw ze+*a)lw*yMm$RYA^MoSbqTP0hVuzg}V1Lei-(PBjFzA3$ zT<{J<-0`iTc-U_u5~?4J-kS&M5lq(=|Hx*!v8w6ns4n=tDI_8R)Oa8bRdV5 zPeXY4lU{fKYf1qWjwjk~34vnZhFnP?sHApW@8d^r(_uXfbSZ3Iio#l(j56j!_nI&A zp{l9)nh>fG&`auGfYNWWn#Pu5DTO`cf-g5a)6PwVTd?8_a~4vLsK-(kt@u*Y zVn(<8-RUsDckAl?q}Ct`*T7eaQG-yC#M0{?cYEZ>U;|5HVou8lVa{iYWH^D%Sw%R- z6DP~zIvI4xI$<-a^E>OKYUJ>sBK$$E0eC(QNEWb&-u1e!-4YCh59So~-kg~|kF+YD zwQC9u1h5+qy~YJ6I)E`jIH71h&-ZpWJ)PYEW<70;?|c7`96$@?-sbtcb!U}@s`TaF0O^fBO4HmXdZKs^s_cwSQt)8KLwkH;`yefRQk|@DFjZ`y9oqmbB zEdlb5fC8BR1GMndlu&|gdVuV=aCk|XKW(Oixa3ObIVKK2i;D!}lVdJqX8cmfln+h_ z8P`5u!Vs~qI^Dwh@W>x9uzQ>R)Im!5cLqhNC- z^y(hZ1R>m)a;AfzoGAUAF~x#$zvPNd0|d7BBze$^3x#B)Ufv*WC_xB!D)C2w-&87d zI@PH!p}ej-*SPLzt(Qid%d3()28fj@(HNQNEDHTsuLh#-3&!3|HDSMYeiQ$EBFor4 z02zclY-Zr$0Hv^Hxwi2EVH!3Feu?WR*E|+7aC(LUR^YEC2p}YBn`)74pQJrG9QO=! zWH=n9FY+FWDa!yopWY`F_G7``h(-!hQXYAyoCWyCGSzZAy3g15*G=Us9oMHBJi@qg zt|lg&D8Z^paW08BuW^yKB0=SzSzKRe31LEnBoyLRoQE1|=n()RHPE+z?i+t^wn`2N z#ziu!X!#SQc)smx)MtwipsQQ&H_?SU8ediS_=D0tb#7s zIHdqpfZ(-eoZ2*dwh4{aPfM4`tqQOF2sNznM8mXpm^$c3ST7Wq{HE%|fcXc^e}?%9 zSdzjY_pT&T+aHRqyoS*acrXqtlPD$oTzrJ+j$5_nqnz3jMgh#662t-#azHmji=FY z!uuX3j4O9}`IAlDntteEK{jMHchjek$CGiWR6QTkCvMojxAP?4i@@Pm*GEl9dp8W0(y=(}y^ z9lZ!OAv3CHZP<6@O`I`}!PCmEqtW8-+uAA&i5QwwK35UMgm}QL20VOB{h85nP(TV3 z6@B8#=_Ih1ejNYzHp<=q*GDjNJoULhJS1S_@yeDRgyMmuvQ0_Ligbd zZlYp@51d(7wiOI>yB~cU>_A9X+R~VpkQwYslW-!AcY3=*%iSyG))xz4q}8hpGAbWN zp0~a;1rNKdJt2prxUhnUfukF4$~F4bU@t__@`;&R!YD;0!Y99s5n?M>Oe#Q1B@7%G zb3Tsi1B8Q@Ey5FEPs2fp&gWyCM5S&e&?a~z>PZFP-l5pIC_SbQ0f4*vx61h5Mb*1k zt#gyaQGQ?w#pXr{<}7ye|L__Y=r1=yU{icqmtwA&k3$;YKVpJizLVKt%FX`nm7=mF z0&dLe+2>ki3bCZqAHJLm^SrlRs7c6k173;-9>Te_iuJs?IXTKn+GvH1I!wfvppr`{ z1NLM*gS#n_mENA%`9*4HH&+L-65jbfs!127c`-H%07PtNkvFO~cw+cD) zQtqE!KnV#i8BeDB>h{)Lou-P@lpI{GK;9ssY{Yt27x`xa7 z=eyV$l5RYijMZeSPcss5PwlYijwS@>#2!iC3G0GJ`@yR3Hi3Vc-BtQbnNeA-jubVn z@vly+u!%jPP?+qCo%18(5%AO`h*-z@Q`wGdE%v4?+?#MJ?NdPkb6F&XHwk| zHkFaM2nunjN)9=TE@VL((4q7U4D|FvzXS>Y>Ev>Ar_NMIIf!|OOR)5cS)^#b=+~_~ zhL}_37<<`&0kaFWaX5pm4?QC?wmtv92X8)RbJSha+Gc|=#l|O44Li<%?c!{qzmP*V-i&jN7deI{DIw@X_o-4%|` zKKbg6 zgHRzM*1l%w{UO(nrD!4p4vh>}glsY%Nt|nCi&5yjurhtq-*M4-+{FG!l#mF>$WDtuUb1vDn^+by`H6H6 zmqN@G^lgeQ%FuC7zL|Wiw26Nw6LJ4pKshe?Q&>YI_MEMZIltSEQtTM|-p^I!robKo zneSl%gC5_rtTEZeEU(W%t(p*1)uomE{x5x|TPjji$S6YY=Y2y##DL1UPr*|VSrqw`wXEDX zJ-LGHoVUN|kN=>K5#fe)hYqh6LyJw*;N#%jM-DMaeIuOtPw%(RTw0otpU3-tAcpO0 zgXKcCM?Vt2Z{mm^M!!A*-j`AVxmbMKl^jAT$i6c>W z1ZULeK{UH*ji)Eq6~AHdp$qcP4R=g?8P5^Cs{$gy(}I1&+!Asat15Qzjq+*Jg^Va;QTfvJA_`M8wJ)Fd9U221bH>-e{kW%=vUO_Z$#8_z9 zXiu8^&#yS-7~^PlqUE#E&d}%;-gtZgUt$F<40^`=Si8p(ixMCyC$!OX{mQCoW3qrowh*c zQ7dZDmesQKlTWgpIHEZaHBWujP&{#-48xcIXbo!g*nl!0Oe#MqthbZm6NMb7l7m1o zb6{;{yEnXpE5*rX&#t5lhwV6Z<$Z{lcf9(#k-c-dCebJicI!yYkv~K3{dR4+Vx-Y< zwEWT`hZ3V3E`7@tOBwInsnIz<5;Kd30_pcd$ov*R5XFBynMAxQdP1%2&pQ^L>+>c{ zmDvfWf?Ts5q1Ycg9&8d7F`4*w>aF~l+sS-}R@@+De9m>3BLawNnX0K>?>ihw>^(c+ zqWZXO(#`+6d2%@eC0xo+%zh4eIowZ!xnPCdo3BY+qw#D6Q(;Q#JnMa(EQu z6d^{yNWW93MI?XRi#FpeO?MFleZUYSL52Dt6#+IbrU_P^G;9hkrz55O+7h#YL6-#r z-T+%z^_`+gBZ2n)q8H5=;J_duMjg<2wc8i@hn?LhG{cSnsY?iw3}IWS2A31h@8_7{ z)ARjAF5hBVk``a%rz1Fo)q9Xoo`X#pS~Xrgi)Mkym)uBP9m=u~$er}a#A$^ZvI$`K zEIolmG`)NG{q2v+V%A<{Q{1;FOZ_K&IZym>Jv|HthniMLp33oAPL>_T;8?0@+5?=C zvj|j@PFN))w4bD4CjLa>+7|{%{7lrWy!*puZ9(d*zzXW1Y})=qmL_-70H=j~NZ{~p z7u<|CNd;7@l%%T6!y5Km8`~a~uc>1)63{U&3#;yNQ(0tI!|ZC_AMx)`^3vvWK0ba6 zAQ8hB=von$>3dnaz;15<2e)FfY|o|YSc(a1=FZ}Jg06q|&8A#vY3Ubzl{E7v!5;qo zn9OJ{7O|yfp+Lh*PbMWN2E4H-=fCVPDfA`W=n;9>;jgWv*#7of3!`;Q5Qe2Y$xj97 z$+2Vr>FM4vL*;3?lQ91Dt(c?s+^-&~5 zpyf$~CH+CEeN{SHKdHbc^H^rAUFKiOKsY8QKYnto|M{?)SC)WDkdu59f|Z>v5rIXo zVj2C8#b>zz&v?j`A;S+==U9RRU4+J6u^hhOK^R#e)XTUP=(RvGpJxOR7z{MbZse$9 zaw`ofY~D|n@SF|x?hy%5ILii2Gs=Z}BY5yY7LvWX;ja;&QNe}$sOYVb12L#>&(=7Z z1;7%vPt+w|rc*$2MRd|rB(RfgS8VXf7bS^V4(6ItQQY~vp|IkXyHq-wsVH6C5wqit zNC;d_TE+FXX_8Vokf~)b_NlyTu_lCZ5udvBcgvDy^N1nKFvB|}x@xfySTy)zL1n{M zU3u)VG3ei#VJwAM@PC|6V>jU-5!iP(AoLhZEu7#q>!{UleB-pfafOB&m0GLNjA=M4 z&z(Ht7ktO!A|8oeftOr%08Y@cr%TqnoQ?O=2G=k91^jO#f&2!dZV{mpiHAG9yt!3w zT1tt>F)FFeNA_i~iDk#IP^wQ{_+}qirGB5b8GU3^mq-TVq2ByItJkr&r>1fQo-c_ zG=u&!z%vV@1nLt=AfiHcSrUEu0K0pyV|`%w)51Y)^bt8gm9%rrZf^vq2vq;8U*XizyQb{~ld)3Lu4 zC7^*}M=3mN$bwf|y$T@NU7F@WY{U^XzcD6Hn2i!4 zKi1RkvEV_6lUrSuCyl{*WDkQ6oA!wSs$0H@@u3M^Y*Np(1zWOANb_-rN>8yQMkm696KC#@3iN5-!%c@bFIFiGZ`4$MwwmK2$WKE{sk%wo$s8N z82<36hmFFbF(dC-Ab`}8tSY(!OvpR%g&q5!I`P91NWMI<)ZgSFs_WCDhJOF%04Wxl z7bawZE#VJ4&uI#ae(@Syr##dU3{!Y91hLa;0Qd2{bi3$JNk5`mY zZ*eg-RdLYkAYhKp{XJotLaP?UiiO)NZI)o9zIaeOX=!dgsMRzQvjj0h0iB+OMU@}O zjSK0f-=^6iUyo07N7a2%aXsV7@%y+pF}537snkBGu0M-jeeBtd*}z$iaY`8`kn%GX z*d>&W=-h)VT3=R0oioOuAw2Q-=#M|KJ3LFjpnm|32MXz7fLCf{6prao+Xf=HmLC!O z#f5oBFDDy%EWo1%OeuQ56%^L(-$U>q6OCeq#|p4i!uiKyp0p~j&5Ki0o^e~8(+$Eo zB9ZAQme;s@;PzH zYYa8M1aM16zc`I(jr~$)A}RQcT~k=Ok9uf1n)EziPE8aO$`2AnGOk~cZV{`@Ytou0#pC*m z#hw6yURNc$+18Ye$v7$|_$Ocw6RcrIi6GJ5l$(V2LV*eCEU6;d)v;ArOvvnplr(Q# z%q*pTNz#HaSQsOSx>)?=tJZ%zR)uNLi9tUC5xySD6dEE~n~G~#ILtGCo&5AwqpV1! zWahLM4clkXlL-v

%H2R16YDy&&)>`KEH$FS9tGA942@-!}(7GtfaYpOLf^!VHIn zYO;DEdh>&P8=Yp4sc=eE3HrTbY*X7{hD&j+*)N-XJ}3oTlP`=@Irq&BVnRfRrz!lL zP|#-jB2aF8M4Hq>pAy^ngiW_Pzev~#E^9$QwYdbVq6J0akM?l$y}I>|k~i5`M^N|; zNfQ$GJA>#I@7O+~Vm*f#2<5w$VNBiFeNfeU^XCjO?n6en!sNf2p(rgyuqO*NCEPf? zfvK~efMOx6FmxV^5m|$I-&12ps|n1zU8tBWcOoJzGmig;PutyO$ZfW%9Ybsa`^st z!%ica^8-c@ToMgDBr0k?QwaY`ZQ@*;rY?s}@WSFxG-0^hb2V{EQ@<`9PsGIr!T~0v zPw>QHrq(Gga8(K1$G&(lER5-_o8KGjR;VUFMf8OVfag*(LS;9y=Ve(wMD5w%Zbb`v zue$Alb)1*#qeJoPRs=0Dya^|!fqxT&#!EeLG_eQ!%WhU?AE57T-8Z6#L|)kb^2yPp zQ|h7REnl9i%1ol{dS5%N^SonPc~_|P1<1|8nAmCBOLXKSO!&b?=CGU;hkw%S><6gbixs>?@yLEgU>zpV@wXAa@c-Hx`VULNmEH7)&SNq>#u9mQgunBgxgH( zY$<>QgG4~3^EI=AlXjGOQ+E@hx9awL+A=4LfCh~eYnk@BESa~&Rz$&27d(X=D7r1nT@+dz_H@W#7c7!i{Osw|3aQ7dcakFp+G3dhqz z3YLV_C&CCp5xVE6Q1>2kLV7$U))gnoewoNZ5Zxo>it( zg0~=I>kdlY_S&>}*XLF`q82!jfQfeSbEQ!%o*MT8n(gzv#|fh^_d3&$((&O5ES^tV z*ZT^=a}ZJM(;x%F%BD88%y32$<${?5s?|5JG&)2*Q$6{|bCv|ss5Yzi`>RuK)Zwgh zL01LOPNxcZq$K4Qybp-keBiwwNUblf-9SQmG74OSHjQFm!yr1)Yz#|FI$*W8ewwIo zV0k#+2$B$9*%#YG(PTW*S}RL4Zrv>qH238**-yn!y<;)zt?gu1vSy46jt%zP``U3T zRJc(|TZ{DBXt2r;vvcrT@qqDw*CtDe(={)t zxSuh_)UP-a);F~Q+6I3Wh=C#+5o=C6Oz!^8rrAMBIv=GV=t{XZNurUtEG_s-LAh

Z7F&63%@e&PqcXo}s25m$ zizf9pP-o*yj2)E;&Fvi)^;e`@)n{VYV&$vYdRJ<{>e_1dGDQnWQ06TR%Z zBe?-S`11N|!V%>v*z3D%zhI+)(luFwq-dn4JSB`> z)Ffh#;kTFZ{Why~*7C+%Oq<({Tj91$g!NBotQnYQze}5E;I;dPDj%IQE1lJay~t&c zxx)=y9BEtBp5>lu*EG~r&QhLiihXZ0d^HExsfy!TJ2Tm$f4je90d<~$);yK-y()V% zin(y5RS{XKXLGdd;ipluEdxUSXMQd?%|>>OMES5%wUMa(nSuVg(psW>Tr^0NTE`qQ zByGa4S6NNuCiw?&@ee@x>jFFBuWCf3#w0kS@kWcQT$GEVKdqYnMp-{tyy#ptrG#^j zw)Bg;m)^06CR@mi19ix>hsX{oyzLYhD5j~+BoY^_i-^&5OXiY5TY(vj$KexLfj@_P zzSsO9NoWXtf@)K}NV(B^3k-5PE%A)pzM`FmKPqPUq3Si$Sy|n}(tHTR9*t@l?>>ke z!X-t9x&vt5c?ZVGW{7xe* zF=6aRa9dLJfW7UniUHNmxP6;JNo+iR;NU|r!Adxjn<)xd$>wP7hh|SwstEN7TVre? zo2P;Up`=r=kKrxYtOe`+q8C!qNdsQ=WsJ%0D|63=gnh%SOEfi;_l z{sy+Um=@)=$$lnC)gjg8#5D!HhfSDj+|wYROP`J@LL}>;oJ5&N<5ezE!npJui;x~7 z(czwZeB~=Yeu^%Ik5CWfOTCQwkcr5yeGOP3E?&`g=%zXOtX_VlW^V;z4C0RB_T6hN zgQ%O=7?@RvJ}j>h-zzgZ)R=?M)zJ*9ls(}%E13H&^HnSvM9SECt4(#s{-~Jdn*p4F z!cu%z+bS=X|AB|b?#8Lbh#XfblUiJ+27^!xD|CS{7omRl24BQcF-lpFKStcoec^7(i)DAf~78penHart#uU zOWola54C367k5nOqCetk=uSFT2k?o+JS<8JSsmHg*--FU2uMiB%Z(Ou<-c96h~BYC zr)#N_4ko$tjb~lgVB3?!X(>e_UI^{yP7y(!M?(#^SA|Qf`Q&mnETD*r>Y%sKmsB>z zDnBRI8NVj=<@5SbYO6BEU7c=0FcA-?ASfi$KbeeTSJmiM`%eE}hbiEwBjTO>t zmlnjxHD<;D8=_Kz5{(vW_zJPbDLwTBs4=T6;X?!Z#;ZILRR|oWJ^2iWvV!vbCXH-y z_G|oEm<(lTyfQ9>FVE^|u7hHcTDB<^F15|aGqc{~4er_n{B_IRA1P4;qXPSF5L29= zZwbJ!(v2}^?Pp^P<-Cueh?~G4hEq#WuR(eb;X6rMo`1=cw5ow2+3al6YE=?bmS7Xq zcP#R+@9*zLk@>H$GArIjUD`^NcIh>Ori20g9#MrD`XO*xRHp@!SQQR6HJQC37U8O0 zbfZ}pQ?ToOheme23 z;AFx#Qg%tj#9T+{n$RnU8}|z@8yB@J^!iD59fKieM?Fo2YL!!%D#}6M_P~{dgGjJN zSC7!OpbPo(K95rV<~5ITfY~l-;3Xn^(sk?0WkLm+;@8&*-8VU?&uQP*J^!^hlz|bt zmTD$Bm{C>))g?N!nqm57s*2)IFFR&2A`Az79mc~A>#EdIp{qPEC);1Fv#@D8C{V`V zHmZBaqC}<9VNy)&a}*Jv=P=+81&;u2n$-4kV&n6Al_?urTmDokb(%})d@PA@JdXl` z7tu5*oOdw6DZF|4!PZM1Q~~>SFkb@?RytESGG9 z<#M@!@-Z0DxW?I9duENFx;~CDGnt(qTO;o8$>5!#r1rO$GoP0uU1G@2?djF4JxIo-0rP97QmrfjR+zAtU&5&2BNPb%U=OIgBSSX{3HzSK;$=*8aT1 zHgY+-<8So>d8e0Q$}6#Jz@gd(h$DW>VT2i`Uf#8Sak?zkX)D@a9~EW!*%i%S z;*M)?@u3`%#ggyq_&=G%Khzh zBjYclnJUSiZ+RXj%1wXNZQ28k2ftbV&uF3@l;Tv>F4fC@^L}LT9&K>loH3Kct#Z$5W7bVOiJC|RTm!pxL>0wYPnVzXniNt#+S-KcVqR&>Y8Ip{<6mqboi;_;I{gY`3DgHy{D0e8y46%k3W_aMIp8F#lwh* zGkjdLv&{{=)lE_6Wu`iZ!1fiij7Fv2#9zv>41V69mmQq}_?d3To}MlDDh&k|93YGS z@Z$VPVzB8-KdLTu2isLof{e(oAsUK~dW?~Tze$*te#R*8aS)dtj=2zq&oFHy9K6Wj z+>wZ1?T+w1Y{xzN4SMGzuQZK$?y?G_ zSTEKd1Q0)aIT-R{WHGXGeYbaH#)PymNQ!^(K1cSZlk5`ULOR~95juU@8?+_x;epmr zn4l;Tb1*L3gEMoPK+8fFFV>_T_+plB+v&Gau`@0|r@)Xdhoz+tLGXya^>qG}m@@%go94jz#)hxkjD&?eW5H7bsK5b)z=~5I)H8XlpeY%OES`zZI)% zA`0LOxBZK|xvYy_GK%K#c|xr2&g{;j!LrlIcRpda14s04 zv313W2&6Ap)R}`gk~*V zwjso+%yJrxTQh1dr9KXWcGGpFjpr6{1va@}024E#9x|0KYpa>h_mqOJ=P*Z^TDk$(ZmHU7h%v+4 zeW~6m1erK$^F9xV;Jhc-@C<+SM$;BR=VdltPk=&6NwdqD^G|}U{n_?D65UEzMz0#J zyCZv3tfqSNRVj4$L*|zNA9>yeH-pI^F!y8vdYY>+6+EsGRrC?i_2NIUv>is+Z9JZq zOc0UJ7Hal_uyy8}Ahu4U-m!2xD%WmaJh^Rgy8?6+`x^Jsnt@XY`y2L|*zFpB?cN92 zyHx`#KoUQSfIem^es=lG54@{Jui<8AW>3TEI)K!Y*RC;*JOcAMx{B^Io%g+qHQ$Cg=yQ zo;%N{C7@~7n2Wbb3}W!;#`ivIT6?V1<#l*_g~)u~rp)lP_ewNsov`hrK|v*vKyA4- zcnEIz8&r5cW!~zz2Jy7t)?7{bs*Ncn!>I+eYL2B5v(*HbL)Ek$EA?7&R3T`!P~A`L z^9*3$7mSF{lP=?=X}U9*z`1POZIq;455%AfuM^_7hY_DNtl)5QsymG0O20IeAo=@6 zrz7h>8^Nq&&vl6S-WMk}Yc=}a!TcV#OxDnlD3F)eQ)BmKN9E0rhb8@eeQh^@iCswP zUh{vVajfA`ZU|*A(=&g^0`MYAo0f|{-m@0qso==q`06Y$xgaV$A~4$<&5E|$MT@1A zTR>Zgxc&KZsOL0t2yw^F5Yv%?ju*(>=8hL?#`vy==UR+!8qOLirKfbZBAyE^zzai@ zKaH%`{uGfU4Pwe1_96W)ueeoxAEpd(-}7Yb&gSPNC?^kXIpK{Ye-{|_avPbHp`ybj z&*O)Gkuh`Q`bB&|D!NG}bOu~mz?LjV&ln*O-dWG68U%udhW0u0c^$K;@Y>7ZZ+^S` zEclrIbjs`LTAHf#$7v|heXsgRVdK2 zH4~gnEI|>NFH;0V>-A)+_2c>e{{D)~+m`NguP$(3m>C#!-7Pj|gUonr&)2)7`JS(* zWGgi44s&$dO*@~VWchD^UAc&d%3=!=y1j2QGWHzf2*Z)NiG3og*_+^mcm$98Z?C}5 z+!tK&x@)~#DU7Gl1A)+hqKo3Ie^e4?l7c$Hc#4ku0lCAb<elpax z0SvbkN}to*{n=s_e)`%w7L;91b!?_>bC?B+{*Vu*(h$&FU=KFO6Jv{Jj!X${o6Kn2 z8X~$p zA*l{Y7^)bpW94y2fD|Nzu_11QuzEhLcbzvm*x3cs-lXOyfiBB0{Vl3HO7-`7j_#z_ z*8p)E5KjL^YPsvw+4JaGL^ScsCU*OM2Ly87SB10yJcX+vU2C7$hdte!V)AzH3GuHf z*2{llBE|DDw@G%&Rz0%bv1k*{c>SXP_2)xa&V9}ghNg>P{Co@-fO8joyAqU@k%1%q zQ^DY~5Y7s8|5JD)adulVHAG5LhcRcuk%D8vEVUbpIpq!$1JC z!2H)(x*?V$f#P}b9?LtBskuGP&?FFaTUY@{1duy$jD6Oh=*c|eVp6U4ylean4xa9F z%ZPDE?`fY3$4wvy>eQTL3yJ%!6e_yz?fZ6}fO7xX9d6};hb}XNb-JL6s%)=eB2Vb{ z^>c+qC+!jSPxP;0ziX`Du_(UVWHN#sc)Ml9(iV7_f5;9TL|#}6s$vjelnJpZV8VT{ zT%fen@k2Rw6kTcVMLm0gAfiZ`gR(g?sg_$xU3*Rho}hQ(zvzj}e0$bCS*`n_thtnS zMA!k8K7UN^GHO&Zon{wIS}WbIUSFQ1fXB}=!$QM3=h6Q-<%g-HM^^aMsJRy3?dkhm zG1vP%)7Q1-Pz6r}*)>hasf}NcB2T3l*!dX5P@z!_ zj{IuIShrT^FqcSQk>}RPtZSNoMSPb1*Ju9RBR(}P1t^R2zNUoHH6S`; z%dMUV53%HXU*{5^F6)m(&0zkdb^^@Q=LSdycTe2Qp4z9y314fm%kn|VL`zh4eRy#+e|0Tj2f-hT@s4#p-%U+ z2uPD#`GC=4!m*7?)}b{Cq**2P(^j6(+w6u`T-qc zdt+fYvALX@rG*6gk~*msOe#nx1TWjU(@vq|u0qVO5J3G(0>(02kybx4HGV$cxR=4p zV{@JQb{{Rv_X_ETbhJuDK%nsm6dA@205au6ZeG!XulL6>3qJQDKCZ7vqdwakKvm7X zDdc1**V_r#Q<@108vqe7B*SZUy4-lT;DO$eBY65LWH*)|Bgk*2T-%~$>ZbPTc%IblXXH-w9oTa$(Y8A?Ax_$ zNFP#_%3&h*F58SvF@!Hw{CRA~+&Yc>-1zvo+g^G|=#kH>gLFz*tdSFQc#hFfqSvWI zX7g@}MQJ-8I2U8OKO8KqZwOMP)naW}sLox}9GGiSO#@mul06CjXwy-X!^(z;?S}A1 zp+$2Yrb|Gi>ZGhy0*ek2{R;}F(dSe%)!?_IUXx~FMU>Mt&!6!8DPN963XI9weL{?s z#E?#QNIt^Fj0S|>i!El-4a2*-I#)0`AzTf7l&0-llv zEnz=18CIZ+w0B3_>rI8tYRiMPjr&wlVa8$b;7|g$3I>|mM7w{ASc>`|`Lg$ohL#(L0&eed^cEg@1jC%kBsXyBzd~V`zCDcj0M6sgLpT6s0PWf4 zs5Lil;CUYtat0Vl&8WZ=Vv??mPQh(Y;3d0e9X%--EXa=pCBhD-w^+6P@p6dK=VB+R z?P}$$HVz3;NL6Wmd3ic(e|T$qczSbwOXGGxP#>+foGOsce7r7vz5StU*|0Ra8wiYn zz7n6cc|2V1oc-A)6o`9)y$uL0&T#r~_b%uADhEa(ibm8uMfFqn4mlamL0;VMa5^tH z_rtg-@~gj* zz)V1Lt{#t7g*x|tM9i3_^#jR? zsouFe`Q-T$L1C25dVg!CWtHsb?MztgVv5MwuiHz%>-xbc@Y;ip9%rmOflltRwLX|Y zYty=u*bF41Aw=#2Y4hzsTG?Q;_WHcLH!@eGauoBK*b7kj_Bh<^1rn8b3sO~q`_5xH z3XCR9PCqsVe$nCd%w}kELif|8-Ln37yD(e4^dEG8@Dak6l{qD`z2@&$g0BR~hS7bht)+M|Y3LX!MS`?Y+1Trjk1yO6?e z;&Y_ARxNAa%ExILI~C`3v&{w*$H~IN!p>gj`Eco$o4fY1dRK3`03NDwa~Te!YhDjS;;v8R zR-Luvk`~SrIpQLrtsZyv8uWuzS>7qba#0ZxT23>{xw*MMFLORGfF0p$#~u=l0gQyO z*iaJV8S?#>?Ax0@=nZNz;)}cWCzf|C)Ec^!)w55vt+A<-T(F>NTDvKy_~=R11f}1S zq`JGi0il;gAh`qB;cZVT(EL3o4D{+nluOH**BLKhL8ninE_w05@0G`}T4}mz1^!vv zWu;EP8~P)Tz|}Bo2oj-2t2^*s?NR%q`S`?Jv3Q|o3a2hC*cBEQQYil=#0^kch9FA| zLO}%F&)z{NX(ea6IAj#eOpnOO$w(zJ5E5sqHCY~HS5*N^EYc>?Vs9lWt$+~%3Wo>4 z$dG=1I9~gQD_t18F|9U(-qCbk-8#pE&H$JOt0m)%d^2FG_+mRw7TATjdpxQbt3I}Q zyR`xN!gevW+;9G{`Ll7O3nG2TB3So%^8m;RFG{?(Xeuw!3Ak(lRzdn`wrtDFZshx- zQj?9|BgrLYrY8%CfZx5g{n5&t4X?su^D}vGIVF-xX6)W=R_|Vp_01c8`m%;Dh z99>*&^WyS|nP1_3Q&QnJVllku^LFRc{;->x>3R7TH2=qL>t;?D8H6lwzdkS!`sU7O zrqMH0BnSrPbyK1X1)4f_n$!N5@~wDYjl4`RK=_;j!Nj7X^%lpsLb_qu9v%d+KbhR} zn6m|dbke_?*wxkbqDD0vll_r%i^!VJ`8@zG~ZLf=Q;A z^UdLm2k>DVY>1`Ql9S%C0R6)UU=0MeB3NBtRz9^5nSDo!8V+*1x=QpL)G7!u7=0xb0Z=fc;q1KRx{^lDL4)kEyz1Op{3wWzY<;TZcUg z;80&4#xfVHjo^LQTu%8&&pZ4e=orr~kGUPXNS51uGRGDg9p-?XtkQTSCFgcgTKP0Z z=cZUSxw}TQ!Fr{|ttL4=5}(t&4DiXP^KNAHiKo@OHs|J-I{;VE`67^!2IE`10=N8G z%hf1Ax$#||e?%61u1wB=fI+fc{&NBNN9Nz37(AMKH7}u3fSd%lFHpe_E7ikw1JmR| zz@-Y4yR-4(9g9)Hw`T=4Rht%G_iHLtL?om{gwPhXo3d)=%6mr%p;wp91Hia+fzQ_D zbOglB;8YS*)W>F z-u>qA<>@Zd{jkVkcbHjLvuw8BYUv+u(n7*c9Zmvkkyp#qBUO$z_bkKYB2cd>1fpc@ zYGw_E0R%=O?Yk6}63|~4h71xF?UpAHm**4s_h&ThCWYPNwg1iatYqNx zEY3R?x-aHBt9eF4G9G(%XMA_d4z5mSDG|}pN&XH>Yh^G&Zf42ikRV0HIKXzC6AJM; zEblL(ed3J{{^cRjKw=5J9vVHI3!I<#u_1Bu)hI7O6X2i--(a;Rz|;x` zOZO6|7I4BPD3r{Q<@~|%%zeA=L6-#ZNR37&xI9h3{XPWcTSRb#;vY3dmbv{&9T z?dDmMQgW$&jGhrLnl7T1fHyEUKPWRtdC_KF3-PqRfg7;$&ru?S&k z+(ygo{P*S1>&<6v&C|^Q^KlAPOR!|C&P!H5uo-p!*ly$}>A-m^WmX*WBUU37Q@zvY1o@SBG#V7O%P+#sWB;(!1;aOs%*bfKo7 zPov540Ps2B1nU7OOP@P`oNI5(drJpEq=c*oGN(7d4R3S-&OtJ_f=;u3n3hUHod_5A z!hIO{HY`RR1Q6$%=heR-0q{@&FPf!v1th{QTaldQnhm3s$v{256yI`CkUCqc&gyci zH8nNneOm*>+@XIC2snJ1W`hn;XmHZH%ICaevEn#o)v&U=^r##y`p_1CpwPU6)D3LC ztCU~{>&JddJ8jS?qY8I#S(R02y@v%CiWNyzr!n`(yIbWv#Z}JYNXTFLbl}MI0i@y{ z@^$iS?5MJ;_QO;ATc@H7cklLSGV7l9nfqMx>J0;_So6w7!Xr%$8m(*_$B>+cexJ7%rAGPtFP!aFU;xq>ZP&M;6Zdv(7>z z5CCTcL<+CAOQ7?!{;$gOxvj~JjC6{$HJAjt68Z6f4?lm)=BZawK#G_;@u@+{0D=^c z?5K6)P9hM7M$dWxJD&NnxtHnl3W3ZA0#Qh8V5(|ulqFJl9Z2co0b7LUA%X=^C4k+pJ!{+JKVx1LJ(&U+wda4QPT#N!4%!_a z^;o^iunH>vF9-klISOUsA2R}QCI4>qr?oe45Yy%x;EDoQ$zu_~`Ks6SwRcSsx-2tu zaqahSAiu67NBI!MD*)|`IE4&A4R;Fe(vD!wuAflwX<-aF?X-Uk3y|%tRvE%%mP+K> zZ4bn3K~fLt9g}>E+B>3(5P}AQ%p}*IRBi_X4&(D(A4|jyL77iMucs^O7HABAzR_`~ z_h$?#T3os&Z38{M&bNwI2W0cZ#n*eJuV29PpljLuB;|?f_~L&fxZ2C0iJ+0#&YDPse0t)mt{Hnht(#l4IC2~rq3;exyt+bH6g=E_1;|;- z1j+n`Z=o+e;C{YicUV7qb#!zdOfI7dxEH6V#ahX2Y|earK>}+zWBEvBnWdj%wxwlo$aNdp4|8JVaTnJH5?nuI}gN}1`o zITwo>0K1;vUb{xEU8Z7HQc=0k!Xd)+(Hy?{(CFxP&j*%QUK$!24i2olMs99y*J;e# z@9#d+(gNrk!DBOM0aZim-6}jHB0U3xwYj+gG(GT)>PeiefO@<4%P(d_fv00ujoM&Z zsszc&`+<>>-hk`0Gy+el+h{9G%buO&Sr9HcyZ7@wU`eE+!RxVVth>X>4*B9wJ zPiJ=gdL;%x%LA~zm)%qw6cLxRRU@5=lbi9`SrvKtiN!@8;7x%#jk2kO^HgeT>Oa2G z(XtvEi$Dq9V{noCIl8!{M4W7*%CJ8|Vk-idRVGs)5?L5FC?rHGfAaCsJr&y_f`Y$u z3%zVa%l`R@ejVXr4>ss`DOv#-0^F=?9`DAtr?~UpH67XvJ@`=yskWJ(ZSxjJ1P+fgJ zj~sU*5#nX}U$H4ZqOs04Mu0}>MiwkBFZaG0;Vj#&6o>u$y&6cWfo@%UY3a9$IbN0? z6)FrsjeGX!hE}DNB-L2fZq7EN6s~v;XS)+AIXO9rQMbPR)CS-%Oh(g+ii)aQM_m8Y z#K!!%o~)M}a!qP@UhP?3b@N+44~XdQwykAwK_ZNd6+mYHYh;&RvwnUu!R>0dOskQF zmX?;2v!SdEk+jzFU@|y37@*(+9QhbDYE6N>nkE4bW{W3MC~%lU=2CJsFj=Be}!}hT1&?n77%SE|Djn4b}_ZC2if02~r0qENz z#X{3wSa2vvNZ>QIz1(UN5~c&S$;DORHq644ehMUZ6~BMm+7?gr_nQDEk4W}8K(<8vO>tTl$iH%&q5X!{h!EvV zL?Bl);@BGS8DVx0f^J}N(0=gsta~$svWrrS~$;DzsB; zl(2agOmj-yoTjesJOobmTYZrq&?$QQ`mnID1YFO3RWvH*hy|VrMS8{^)GLkOeI&aZ ziRiih(%ERPRbB=I2ZzgU6H-@KcTmKFvh%hlo!3PpC3S22vZcjyc?+44hmDTz__(nK zpe1r%A2nl)znOfV!iLrNuzG-9}j>lHSX6h*URm{ zIXPr=tv#^W5`^vo)3oM;kG+;I~zdSCj~%@_e;m(`6L$9F8gQKYh4 zB7|`1Ve{^kz?`t*FptW74oX9FYhn5%6a8cMBD>(s4%E8!lR-- z8yU?3sW&=r)i!^cZyP*i(M{Rq6F~o0s=VAaiYbSxd#awWZ}b zKS?4#FVD1Yu{$Ih2f=-4YRN2Q`;q25M{0T%^f!t)$$SlfbPyBk0lKv=CyPcieGTlo zJ)ijaJOKqeZ*Onl5Qgig$u9DJr;wmEP^y0U8Z4Q_qTmK9yuyW*T6$0FYnXA4f&37!8nRVMOXQyCJ zqYN+5YinyUu(102`T*bmQaJSj#DCcA>1m}tt#ByGoe6+hazF_WjY#8lDgXQZ@#W6{ z(401kn9|h3s@Z$%ak@y+cr?uk2r844lR)9R$p)7m&5P*nWoS4zHnFha2Cyfao3t$I zs`17S4p-+J-M~-~BMK})o+zlRA2>P_n3RGA{+uwKKDr4D3j@NkNOomy?exKghpnxx zySqCOhXFzmD8s(Mvs?&ed{TnK1zAqsSphD99}^P;xb3EWqtDBYYO3guFcc9gW@bAe zNTP*p14$MgEv-ZD|BAcPcqrTNKSPG>dMu5E8O8{1#cDbokDwy21 z!Rw;6_2jqt-VP}42cwNd!%zD{`nNP*THjDF_-hmA^Tl^;x-5bvmNT_CIU&KmT|H

+fGP-@eZT;hKz43(QN35T}QG@pwG&G4R#vkd?N!wSApwc2?xi z`#T~${6%;7=*WmYEDi8Iz#)LU8}cyVlfOrD*i|}Yd!FPcOOyFK z-ZY#k#O~SRjXV!;?x{-wX4Vtv%>DO@bF&%aYT+Dg?aYPvw6Y-aI&wj57eU2 zAYp_^{0hr^YHG^I$}l!<%IgV?s;YChOmeGo52Lw?Czkqqewc@-Q?HsWf?V{(hyoow zy@dpM=eI*}&b2O&p~Z)?cF$09T3TAQaQ0uLPrfS6JnURh&uIq*1^L>(b1BO^teo3QC`f*P2Ldkfke;u!X9 z5!>=I@Jn5JONO6|(U~QAsmi;dZ0t&%l44?Fs;Z&jk)3L`pp8gRPmhI#1;n}KXOpT1JjlthGBD_W+Z})Q>{-g3dSiEA`q3Pj2w(6Gu-nVZ$_NBP>o4M~S9+(5 zj`1d5enyCmh4T)2SKv*!?3^n?r_9aGT@-EhvzB12Un3$Y3Js`BS;%!4wWvmFn52q| zb;+=~rDX-#quvHQvG=D0WcnFy7=nU=0RCV>fq$F-2AmgAfq8RtbJQoa)16Mo)YFjT zYk}We3twimaN)5vU|D(RS7~TH0}l@mW)>D$Iun4&HWzjdUAwzyixNJ;HwL*w5$>#3 zC+^sD{S$WehsD)?-3uGuFNO>+Y#-HqH6N$lwoEY#3|xoV6En^~BgQS_?&c;gB{fJS zc7$zs$c`Pj8cXc~Bk%&x<393^>!=gqBuFzD*;P81;0thz`a@O>W8tX?=4 zFet1#|5hywCer@tghxFj8DQkFHmaMVp=bthp06e*tVGgT51+czJD-)E4NOx*U7dN! zFze%Hf={uGBRv`?J?Mx$hhmBrrY({$>NH=H$ujJ5l27dgfm@;R!^(<^Ps6{eruQ?y z-G>j^AHgYNni=KhBU;C%lSqFrcij}#*WE%>IpVrj@o!%mQBjw%N9Ubt4jxm5l}>h3 z^a-Z7p2?(WK?23W%$$&vw7#}B|1AU+gQR76YAFV?VSMf&lguR!%RB88Tm<1JBLjoK zO8(~NW^bwx3mz+&Izgq{15~rI30wZB9+=_husUu|JINwXAXJzv4o-eC2_QWD!mIz@ zT_euNg}^7HAL@9Ve(3R`YF)ek3|(D(N5^ipWA{s^nvM=ls@asAB0npt^@FyZ9VLd5 z1C_^s=~?3!m@Q7T6KdNHC`}aRj6&Iu|8*DTC#9^}&}lp(SZVgDi&(P3su_{0b{XL; zcaRm;O}n|fys5xp`l!mUQzIWk!+i=WS$zfwQ%cr&tlD+mUlr9QEF;z->yl)+Ei*O+5))dIGme%?X0V}z0@x~Z}L!K6W{ zWcrSKU%VfSzG*;FEUSIp3zDXC8EKzskr5|t1Do-Fr z?bpv->aUDsUDw3%B2q|7ua|-k4Oo=%ff$x|_g7)^vuP`}wKktz&7r` zP_-Ip)_1#1fR7IxAB?}V47sq7$G&;}+R()0VRjb-H!}lP95QQ3Nl#jP#2DR{cq>H` zdqyntva9Qfr&;OgM>6|!uNWH|J_~a7h)POg1xmrJeC4c>tLu9>I}r2+y6v?$cXtXc z={jAje;Zqm&`vTmvGm>;h}w;L{_fD$#}Y4Nfq%K2)YCg#^FZhTooH8V%6dpyN=Yf` z^JI%2Gx~oI?qwbfN9{$`}7N7d^0F9bL^(Bk4y zA0!@3x7=svahz0fBm7))jAqM)fM zw6yQWF=1gsK?Yh$R@S#SiB7qN;);rd`~@qCtVwU-^fNX#Hn|Kg zC(zV|JP!}izyFNmS+6T9DqvdAie^B>V?d!s1X$a&8s# zaaG3VT%$RVAnB(Hdi(lnhORy^D>pAU2e;3ATL&5oFD@=ZW;`%7M16L7;02zA?4gA1 z!^wS~ZY0uZHz9;G<3)gGg1lBDOF}{6g6M%#U>8O!%q0TqQi|C(dcTNU3%Cix36PVkuXAygQr z_3pPNobx0sImfvV8eO`wbQtl`neY}#&tU6L_fs(bno#Yon^r>v;iiB10inC%q_a)b zmY=~H6}>WZf>TboCS+T3fwG=yz|2uoI!~1XJc^)YUAFbLp;SKD;iLXc^)l=F21cm+ zbE}sUwzB7Ow#%_X5+hq+n0b8R#kcJJk>p2BJ~U(`wfmD?_Kzdi^wsukky3SgqA-Pm z=#;1nx!^I=i+FbWc{;K&@XN{rdrt_Jt`oNl-*#gZ-|d%L^`)0IcRvO88<_hFt= z(YKH!*-3Zure<^lbJHy{>V4GC!N~|#gp}~w%g}#nnM0&B0ye{N&jVr-oAf(Z>2R3Y zD53-@XOh1!`1%;;^LQuFC@g(a&ME3^b*$$Rv%-Rqg!&!E7!}-d$! Date: Tue, 21 Mar 2017 16:08:37 -0700 Subject: [PATCH 32/62] Added text to video --- windows/keep-secure/credential-guard-manage.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/keep-secure/credential-guard-manage.md b/windows/keep-secure/credential-guard-manage.md index a2653dacf3..fad37e27fc 100644 --- a/windows/keep-secure/credential-guard-manage.md +++ b/windows/keep-secure/credential-guard-manage.md @@ -15,8 +15,7 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 - - +Prefer video? [![Deploying Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) From 9d071059741629ed02dfe04783cce3ee19fd581b Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Wed, 22 Mar 2017 11:49:07 -0700 Subject: [PATCH 33/62] removed blog link --- windows/deploy/mbr-to-gpt.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md index 5775e4b633..e0c160b723 100644 --- a/windows/deploy/mbr-to-gpt.md +++ b/windows/deploy/mbr-to-gpt.md @@ -378,7 +378,6 @@ In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is ## Related topics -[Using MBR2GPT with Configuration Manager OSD](https://miketerrill.net/tag/mbr2gpt/) -
[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx) +[Windows 10 Enterprise system requirements](https://technet.microsoft.com/en-us/windows/dn798752.aspx)
[Windows 10 Specifications](https://www.microsoft.com/en-us/windows/Windows-10-specifications)
[Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro) From c5e034295647514b65c0ad4a7dc5c5e9688059d0 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 15:25:07 -0700 Subject: [PATCH 34/62] fix notes and warnings --- ...ows-defender-advanced-threat-protection.md | 5 +++-- ...ows-defender-advanced-threat-protection.md | 10 ++++++---- ...ows-defender-advanced-threat-protection.md | 6 +++--- ...ows-defender-advanced-threat-protection.md | 11 ++++++----- ...ows-defender-advanced-threat-protection.md | 6 ++++-- windows/keep-secure/images/rules-legend.png | Bin 106071 -> 77031 bytes 6 files changed, 22 insertions(+), 16 deletions(-) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index fba8ebda15..f84fd32b24 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -68,8 +68,9 @@ The following steps assume that you have completed all the required steps in [Be - WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\ - >[!NOTE] - >You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. + > [!NOTE] + > You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. + 4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. 5. Select Type: **ArcSight FlexConnector REST** and click **Next**. diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md index 18fa8ef5d5..4a9f7a07c4 100644 --- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md @@ -42,14 +42,16 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. 2. Click **Search & Reporting**, then **Settings** > **Data inputs**. 3. Click **REST** under **Local inputs**. -> [!NOTE] -> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). + + > [!NOTE] + > This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). 4. Click **New**. 5. Type the following values in the required fields, then click **Save**: -> [!NOTE] ->All other values in the form are optional and can be left blank. + + > [!NOTE] + > All other values in the form are optional and can be left blank. diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md index 47189ede43..c16b46561f 100644 --- a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -31,9 +31,9 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee 3. Copy the individual values or select **Save details to file** to download a file that contains all the values. - >[!WARNING] - >The client secret is only displayed once. Make sure you keep a copy of it in a safe place. - >For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). + > [!WARNING] + > The client secret is only displayed once. Make sure you keep a copy of it in a safe place. + > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). 4. Select **Generate tokens** to get an access and refresh token. diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md index 5746ab6157..4ed9bd223b 100644 --- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -29,13 +29,14 @@ Enable security information and event management (SIEM) integration so you can p 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant. - >[!WARNING] - >The client secret is only displayed once. Make sure you keep a copy of it in a safe place. - >For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). + > [!WARNING] + > The client secret is only displayed once. Make sure you keep a copy of it in a safe place. + > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). 3. Choose the SIEM type you use in your organization. - >[!NOTE] - >If you select HP ArcSight, you'll need to save these two configuration files: + + > [!NOTE] + > If you select HP ArcSight, you'll need to save these two configuration files: > - WDATP-connector.jsonparser.properties > - WDATP-connector.properties > If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**. diff --git a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md index b8021ab337..800e25a7e4 100644 --- a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md @@ -23,10 +23,12 @@ localizationpriority: high During the onboarding process, a wizard takes you through the general settings of Windows Defender ATP. After onboarding, you might want to update some settings which you'll be able to do through the **Preferences setup** menu. 1. In the navigation pane, select **Preferences setup** > **General**. + 2. Modify settings such as data retention policy or the industry that best describes your organization. - >[!NOTE] - >Other settings are not editable. + > [!NOTE] + > Other settings are not editable. + 3. Click **Save preferences**. diff --git a/windows/keep-secure/images/rules-legend.png b/windows/keep-secure/images/rules-legend.png index dea7d1dc70983ccaf16b338622b5b9c5eada2c43..a48783c6e33ee023672a8f540bcf22cae7b240e9 100644 GIT binary patch literal 77031 zcmYg&2|Seh_rKdlDoUs;Tav_}gk&wDEZGNRE&G-&`x;U=LdXa)Au)q2W68c<>a_GNE zz^in>Uv;&7u=iF@H`|AnRHAG2N8u+&_kN=7WaZ}hz}1q<*m-yF?Z!m-FABT(9+S3YV`}c z23|X|_ck3{HwR0qthsNOsHixpl;m&ec)gkF*L!ph|0Tq?3 zY+PJi(9O4LX>!HJ+SSu-ZFKdhKRCl*3e(pGMBtx1!&1x31~%pLZpFYus%2Dn#jp6^b5t&-q;BeLX^A0N6z&sj*s7a@r7O0&EM-Kk^!NRG_%;7?t zzcMH}X}q#u?*I7#)y(4s}=*RGX{z5fRP5%FGdhNES7Byd-@^T1oSQ;;1n4B!0!L9{!~_UUi&)|I-KZ zVwx7&CPEuv&V(Twz=l&zIFbnvkcs7uIEUzAhKu zNp80uoH)6Ey+hmH-F|2VHKD#B1x-ZbsCMtSQ(?PB2D6fp)B}h64>Q+<-8m$9`yGb` z%4&1z&ix01yLbJ*P%ikkS)$&{>f}@2VFLya?nlJqwaI^{tWDX(78BTx*AD!p7 za~Qr;`wW+J1wGidV`!pD2wd#p+(~cTWec{7Q7_UIqxdp{2@^{ymc5aGCZG| zpT88VRM9`TMEPQcS4>a+X1=4&vcJv?S0xj6j>u~=qR_<#0=tS*ajneZ3b#(``=WMQ zJ&|cmmns*`&B8-86DIf_|LT%IW|VNPFQFuUkQj9jtJ6C;$ic#rn3QC1YfI^$53nva zIQ+py-Ww^r|M`AT)DRed_it{_&iO?}ZeCum?{XIs9R%Y~D|FnyayCK{Pc+ij);2Yr zU-Vk`k!HwVBlTp|>Ys8;)%ZuA%l`Ml67e3pcQjk!v2$k#zhuc71Iig%!U@NZge)yB zDW(@_@P73`CjGM}vX_y5AL|-#RAmTxKJRE}!Wu{F>gqnr0 z8K`~4@sU5srWbCU>-uhgKIEsAFn!tXF`Zf-`gOP6~uz2{ak4WMN7&6W@y zaMF|y#j@i=vNu^GKHa~fk6^|VzkIXPVg9p0=c%z6Qs0>`t*!l4zMgJwBCK?Vxj&vh zJyO~?>nsk}GB-E3x>|xDG+PL>(q(o|wzMeA>&>fpe`p!J6Xy7+%t(Z#%SPn6e6XBH z*Dc;L18iQQj817`X%)}F74R;IngJFn!vz^SSka~UO+0&=hl<_1Z!R{YFesp(t zcXc6QMVBaK$`+YSuCJGqV(*?_5saU{5O`tdpeA2jWNum!hK5V(DN^2K?s&q9 zb+mtxxsS#C0mJx}{sT6$eV zqP)16v_ug!t@fjkEz>(b2WrM}M>VBOFb3n+{^7x_yoBX*yFFQRBqSBLcZ7LZ6 z3wfD)?)}1usZbAd$*IOaX^f-Hv(*~a^Y6g8mA5v6xv#HJo3U|XiLxDl6gOlaz|tL_ z59JN>OFtT#-eI$D*wBkBJlEv$Hf~Ucy!m-8fuwD)QKrLp^v>xOlc&`C7tIlTItznj z(iEon$;1ZtuJ+Iy0&4@a5OC#e+y-S%u6?=fgr~z_^pFp->Ew#*h zQ?oKn@w>aNsL!CB?NGI&LCh%la3JrI;IQb2$i_K2;w$p}Bu9ltk3C&TV8DRoYz|rG zT+aI1y-h0(?E}ekyW1Y03lZ$zYqICR-uh+ZbgHc|XDj#5g;8-t?%l49!YTGBbQm9V zIK|H-ZcsB{e}LhZco+tD6<=J8CDBGCQI$s~cl4mJf~EyZjhg}XOJ4W62t}nBeK#a8 zsG7mE@fLzjuV~O zM`f(xcSKntxRqw)(|B775ze96P)pF3s{$xA#qHbuE3Z{~SW;_4Uz8a|D(dqx@`iu6 z5t%`VT#-;H&{xgS%Fudl6(UBq>AjY4+?Y+aUBs(A)vxliqCVVdvqgcvNK&g}dbA^R zzfk!}mLtZY9X1xnqN@;NOp!YbH_yxTcRGkA5lDw_eVty3;bsbNRON|nw&1NRHOOTS z59JX{P~{6t>z=m#6zPA!wg;=jhiO-du@FvhlSsz7mPl1v-O-j-bIXX~{`>e5iNw15 zLp7fR>@865Da{j0g^13r{HBKcSMn>4{|TK!2pvoP7R9=ky4hWJ#glFlED?~BOU`9P z_$gf&Bt9;z)WV8LNlD4d%3itR47p3D%F@)DGXMGW=YRi|MJ2R)Jr(3PACG#@U z`fsmv7a{@|8_yIM7e9OU43celcsMmRHPHe6^j-HfKOf)J^mIjexq*Q}jxK*j_RI@@ ze*Oy=E(CKfudW_B5M(4+`thTcYap4n0N6CAG3^jc;edu{w5cZf+hPVhqo@W0lI;bQ+Be4f`Oweg6)L znmGH9V*0gf*C6{RB_$Q;=jbE8?Fhz)zt1Qrh~`q!WW1gF_4=S+EP*7mIfH-t^eMRl z(`pqTA3rfZE+!^sR-iAI)H<;wqQD&9IJzhzBI4%m-qqDr;8ai{L?DMy(?b#!GA{q# z*H?kZUz3)us;*YM#z`nN$txu~0PagqPtVRKIF@#nK1r87l3$nKoOuYt^aib*vADRH zknlHzl&77qudl1C>%)fvnD!*q_d!8H_T3*ksy+tp23$ES<-6(-7`R(dCI0Jmg6jB> zTtm2(6DLk&s$)K6XUB45E7>czhR+;2AAJ`gC@6?PI5;>wkxMlaycCuOS(WJESXz;n zH@`gDsl(b@&h=Gxba8!VW@c+^Yi`bwEBf=qQihgN3^$aQB}y;kw7x#ufc*#?y6s^` zK^zl7y);0fh+n_v7wjF2Ta-uf1d^KsfuKU%nVGim@!1$}O|rr#kWsxsRRwKcOKAU|DQz{wW;S-~}|W7gv>)Z`3j`Dy0?vbP&t#uwkX6R`}rW?=O~gFSAqA z!2rPw1&u>C;Ei$y)Q(j+*48l6zRVGd*!7NyCDM|203AIYU5d2t>aUJ;5{abBbAk1u ze^H=};_?u0bwZOBRJTFX&lcU+*>ztjf=S+huo|7r`9v)@+h@Jx&>^ zqa&WI)|+yd8|s?t{6H0amXTm)hfP+SNSyM~;QY!;)mUv!&0F|W;f-^HHIOYgHaE|m zJ4cL2e<#cyrLLw%M^E40+N!`6ZB~%gIhoanQ_JLM4o~A%yLa!QgM-mW=hW2HI=kX; z4=zt5;*{GlvVjXjL5*ew2DwmAVb4L;pF7o0YQZ8eW3+D1mWx@Ny+5*>6;9;)b1QRS&J5&DDvAJY#ukKqxAPe%^4>M=IX zufdH4czW&yj8ovIp;(f1;Evy;NBFw?8psRe0v2EO8XZ1Oz9t#7OIlS|)aHG(f9je{ zyjIT8)zb^98=CDaZ5VboHa0dlH~06i>UUJmiW^7B7{Jm=scr%JmWD zMjv1^dRGnTBVdgX%*P~+#aXN2Hv20)>FMd&=$dM4Z^8vP3~Ml6JbPU0;S9h>Y*1}& zEmhYRZSYG~9>9`&h>Jq;e%9c!Izx<%q)YDrI18}~Hx3m7!K{+m>6T_AA|WHQ(|UdI z%a<=bv#a4}ggiVvv=}S$^RHaHb~?PVe)x)IlLMbk3F>C^xD-o-jPL3UY&*zp63HJ5 z3OeT3HuoTeg67J|$Vg95PfJV7r%#{8$HybiT^BT|HN({Aouh@=}Xf>0TAL< z7H3UKOoRs)NFIC6Ndq`2H@DRaUofM!g6If&*EzX95yt-7L9C*z%-h-dWKUsIo2&o+`=rB0 z3VuUfJ*wYPkI~ZKKbiJJdIzs%@qTt%2$Br))9s3k-5zq2*xcBF-F_kZ^VXIhJf%>% ziMC{WM@J|<+XJI#j~~Gk5lRd-^rpv}f35fcWRP6qP>Rvf)GR0|*-Hiht+Ts&zkT}# z`R~UMT~kwaUs!#y>(}8K%feMSIH=}zOD3zyU^1-U4m*3fxLi$EJ9qqPTU#5{H~0-c zPNqW-prTn>jqhx40^a?bjSX<~tOqpoxP}Zg_DIP21l76uc>s)PG&)-^&!p0;ps-Ll zo?t2bcZ)TX066L9zJ{+%&GC0)0MM72M4bwsOIF57ZzR~(1y61`&nkXJ*AhN zoV=_FX%)81m9uUY{ad|`2Dv}X3i3;5l(0I=+zh8rpDuOmPki$Ru+H}Owsm_-ZeE@> z=}R!D$o1=by1J1O5%*M80nGnvR^U}N(A#SOu-Z}3GCejnRwu;|t{{ckM5ZUGlBN!;PLfpYLZ18y zk?{4JxoJ3@W_H(anl}s)*3-n-WdzX}jTn!O$Jc2iT6y`3GL(ZJNSeKnfAo#Taa`PqjsAm@|W4PTtJ@2G<=p)3gUcD+U?LYn{0gYzfS-h|QnV{Rmpb*WY z%-9G|#i-INy4VidIlmn2lv=Hj{HGF)TUQOKU(j3F`j%U{3k;j);g83YtE?zL$fo_3TRf zsE-^eFE6)A#hVLp?8l7^??&*RS;pn1sd z`X(Ns2>Br$Cx^-dD!`{}?48zSgSTIxzHA4Sn>6I$%fR{bI0wGg66vo5(F7U z%=WgwU0Ze@GRJCMP#nT1slK5(RE|2kx~- zkl}`%_0g6kuNnNq3k3q0c!CI(>%sB{*TNWXBfGenu1F-e?dx*pK9Z`6I;jOT2oTk@x)3z9$#JECQ+r8gW`+B zWoH9ixh!Q#LUY5$fRy0qs2n3Nw6cV6F-?TKhMHh&+cCWY$y`!W((MK`x-svd0fVG? z%&)2~LM1~Bel+a-am(@BAzX_rVO~Wr-q6%EGkzLA_+U^ie+u=jlXmv@(9a>539GAO zl0ugmX`y8U`Yby;92XT@*lSnOKhV*kiA2T`NLO&tq=hl6`RS?N?o-o*<1JSM*!=Dz#*ZuED|f_)AMQ2ZA}*{i>le z3kwU=;Qg0JIflE+#1z0thYeTs{SfcQC;Qx3E%mhV5^C|TH`k~6^v+3WI30g}TvXp( zR`1R;^{nWJzSA^tdnIspEpV{f-`Czgd=Mp$GiW8bLX%jcO-Bg3ijx0qB4^!``iq8% ziRrrqy7w|;xI${qIpCaSFnMKVL@RuT78XJe?Wak4PaxUZ*ev)|Ib3P!AZu^A048&H zFD8)q7-@%{Uz6}62LWL_mg32Z)p}I9n~cYgm>0b6oSd1Q#D4e?&{$MqB#3FZzH%0J zy@#jgWlV-P0U|S59WNW`W`B4R1-i) zSW7tLuN1Q6lD@)~W0-&>X?e$MI{#H|JW)s|=9myhQQAc`{L>V8%F zr5W=w0vA(v|JU5y`y+KiqpoGp*-s`|(7&s@pRbR2E^p@O=;-b)8c(Piq1n%Kdw6T- zh@a$vAp27UJyETaF4*5+zkcoQom$((NO>0mQWX|1tf_%V%B=((&J5cY8F$-5zxrm( zPV*EqawY0jUI$rO=S6c`Il20;BH`B!!=EjLfsF}`d-anz>(RCF>WpD@j9lt{;RIH? zJHiQHCYJm@0&vUieaF{tsRx)Mxb8krEQkaI0s%0@R4^+4vmo$58sU%i5xTsLBa7m# zHINc#W{gZtG0Dl>eSU2llz&!us-JuUh}Q0% zeSyCI9lh#&owyMGuo$(>($doOj;t;_*m$d6Qd_NN@$GYJSRF{K@Em0@PLS4}oP-#j z>*(nGa+4@Gg`M-^L)-kCO3XW24gnnly5Nwd=r zE(Hbpgr?U}FWkGW4L2_Ea{8l*A6GTZ8vivjtGCu*;!dp$v~ooZ01uGMJH( zp~1@?#zlAl8$dl-!X2pc;$ruSHZ~L*&`iH0bVK)(L!;xbw!5RrL6q-yp8XFaIb?rr10EQ6^DrkeD+qIoVY+O>%I}pEB7^@|t zk`YbH%K~ZwVDf4|*%>W-OCsGQPl!33F}uKDUh@@qGnDuc%@ZNBIbC)al|~xOlsELX zHGe!rN1b9)c&?ZZ%K*I?OT^Cn?oM8_#Yoar*q!-a?Mg!gvw4BO3mSluHmCsY5y9}1$GnOR_94b&XSv2FD+$^k5>#sb~!TpW(ZCzPj z{(9zEXs}|si#RLYvk=k_X-U;vLf{^7H2Us*lA#M`DJo0vJ12WEw7kxlJqANQXBJAe zhQ2-OQVi(7=JP~9{HVum+cbS;6?|z`RTYpFsyv<^9@QID*>|GY3+!K6qGGsxK4m$U zYVf|(!rF)ce98tMaEv`_qElU#>CkYWQ%%NP5r7bBX=!L?;iBBSbtvNd8_zEvl$_Ow zdQKcSBC1?`{U6PVQW|3h zKo0iyDxb>bR)X5YC?f-{2GkRPGXO^H>~QcrGcz+Gi#mwmuL9d!Gq@XWx+Rz06&V#p z9a5K&kZ}LX$D$(n%MU@)?6A?XY{m6O-{pqlH?sI~a2_5v;#>w{;+Pu6*II-{fLR5r zleSYfJ3D)z`*YX*D_MnJOh58p_ivax*-#!6*`Uz5*={*D$uw*U3<9@4P?PfVuAe=gBLz%*2fk@HBk0rQ+9t%#FB%Yk%F8!e;`q~e zfqVh13Bn8H3Fx+qN=w%uZ+mzY${Fmh`Fd^gO&NaHxD$mEcX~eq9I*4b>4Jo4gx%a| z269g?wAh1#*3>#JKd8;AtxuiXehaL>Wlqbel?01|l@^21-1qBt& z0ugkmqnn5F58gQQ(Aav-q86N~DS8chBfd(&n}J)S98is4r6Y5n6uygD&8%0AZT^?m z_o9;B!-qhi&i?v!7HAj)gI*#Lx=Y|==#GSRe=we&oy{mpJlqm=v(~ZHbB}Mk*9vWE zUY@$DD)2slWSR?qc6T>5<&0=vKPq-SyirS2GquZZi6Z4ojd7%nFh$;MwR*wRX(5b4 zFiUWT=TiuXzz;O7$9IR03OyagT`RnbPwz06T&+9#k;}-#S&V+B`s-EfC7}~Z(l=&q zq&7W`K&M$NXi7*(?2t@%GTy%*@98LfhEAcaGI0`4SRZ7=w0n+zihybb^^iiL6c>w@ z+XEd21sJMD*M+nDt1hEDpV&^mbtzPvt8_{_TxRkD+Pgyr_zgIKf-p1V+M{7zc0SXV z=ET+>e&wg45oFJ!Lao!)XD5*J&xbc z#F76cA23;@nN3j3oQ&`-5o476$mgPK?4Y0!N+3a!D!Qrr@Zs$AKuCJMNx6wq%#6oo zZSCWR;a@W|pd&&92NV-MyVTtbEod(B_*i%Pw?0U_%IQTf&^MvGh)1J&E?wFqB3rFM zs(><4B`U<~erf2DYE)BaN5|q&U5JAiVeT!C|A47NHmkdCMAK*tx9Iijr6nb>7d_4c zifQj8{v@wODr7U7;@U1&uE$gDpf%mpuD>$foVG-^`|%${<`ZPhW{<63S?lrAVQd7Z z92R(S(FJtIGcRiB5}8-0N1erw966HpII+JN=shU;%@#l_B&$tKbFl8O`9OFq7IQHt zf7#MKht&0IS-85Tg34G|W1aaOg= z*!k?Yv^j)JO_OdL+X3N?F{(Vk&k;9g@~+M19ErV{8pB;&w0D3I2GBUKW@n=n_UI!67naI$UtX3Yp7Gp>fi|zWo$msd38|@~f?r7sx*T)!3$wK>2eLMr(VjQ%dl#*nojzV&|7sUC zRL-=tl8ZArJwv?z2&66uAQ_Bxcw7gTa`rl=eMz(%Cv1)TV7a^OQw13kt_u_sfbgJe znx@Zmd6sRZL31`Zzee%1ZhJ%g`EzS3JI`^Tk}_0xFjp5s<^QY`e(RA@$4ohn^*>49 zNu8N>lGz%$EdoSS_tHfrzIiTOmmReI00l-y%*2vNHH2ytUPh>ldt8_u?$^sU2zm%Q zSjEY8M5Q_MWiTgWcq3d8h$IeT=V%VWwzMhZ6I++(a&dMBj(~EC>@?WvViS?4!v}rZ zR)B2rUzTzBSDe{}Dy#0lg#duRA}swqJs_+@D9$QLv(gwwg!#9$A598Oe1s?dBog-; zFo-wc2J`dt@p$bN?!v#Xu|z($dn$Cs9-k`Ml9g9U}vo`2Ff(5+z41GhChv z@&oXI395>`D$i_RLet$GdkK2S`#%$+~hdKg%2+$h1VyhNCn?eEzkMJviXVZA$ zhNutx^I_F#VCHlindBD(ddx(d$qGsm9DKh>%F30**=-iG)p3R#pb2SVP0@ z;jGiae3Cp++Tj{HY`)KW80PBk3~k*z_3-dYny! zVmg8VOgd!2oYX7Z@uEnYP`SNjFf=@^5Iz5f5M>${Vqa{K)QVQi#DXa&P5;%G-8tT{ z80CzSMK6e9C&8$UTG*~^Y(NTLh$k#|{o2n)3w1tVe<3OREul)7(Hj<)sXYS&12Z!Y z+zg9eQc!#cJ0WKK=e(qyKJG-rb8oTE>vjWf&U?WXTOaQZ~Kd6O_9tFAr5I11S?Cfkq z1B0KA*ZG$$>Nqf**$3py$Dr+sZ7zZ~=jzqE_?vc-UuD6X0Bk$#Ouo3ZcQLsy-h4eaMtX>K^M7`PvBl) z4}JV-bLA{#XJEzF|H4x%xijU=3-sMJ?*tB}YNtnY@y<|<%Ei)_a1~d!q$vqjx};VQ zFRzbriG3dLJY0)m1vKFj~qyU{+JoE8yVRV5$H&dRcJbo3Bs1qi*YUl^qmZ;D_B zsDqA=hdbtqrr~GMGv<_K&(#Gyij?;LvkyYt4{Tdgb}|o?ihT#Ro=kQXj0e97Bo*K> z9TKo!QtY&$uyh>KJ|e$KX?XnoKYxCSRJxc2ywV=Qn3(9Z{408|*>1movm5$yW z`>PPR&!0aB;u%;#XosVk8eFfkd;#_L8eBtZpODeVufX}-=E}J`S8&0Cm9A-MXb1=y zQ1O6NFEV(juCC5`a_HRir*a^3DQSk>n z;+0=kme4+d@&Sb|$hHNo4fd2_=Qq;6VvMxX0b5>fZr?40Ptei9qbN5L^mqyODkxZ$ zm6atW;4$1&C+9)VX#4roC{@D-4qMv?fhwS$L-GQi537TF|Ng0{#*zPa>SKCh#W+4^ zB#J(jxAEAK5L5pZAhOw+_I4DQnO?V!gMI*j9%81ku@OL@k)S7(3}7w~ANXtMbI{Ep z;9a3XhQzlv*H5s*L)<`Gj^PG2??qIUY~YR*dz7zKiagh;s3zOgE7j#1Xp*1IylWXS zO29OO@>=-uqZja-K>zCK=^YCOb$StGZeU#iU*d^=pn1UAx}ZoLejb+gYh?ra{L(&u zXXl0W#Ze7jK>ghiF4RXu`=Zwtgc3+08BEO}ia}cf<^tdg->6wb z3k5*3-?0mMH%7W;MM#yAlZcaC}#xGBQhY_d5AE#Utb9Qh%4l_ocqb9}I>fy*(!H3b@*y7@qg#~Bm zo9*qVS7-Ycy(*!dEhx~8c~?~>jbl{H>;xheV4uog0hV}hMhpb&YBH7+CfyPZSbu_r z4SuaY^cV>8B3%H6V4Wbmpsc{3VY9#jeV@C1@(D0oH9ISLP;mekLBU$qi;(BqqxRu` zK&1(9{04c1Y_wkw)?X&y+(r!Q#^t4D=uM6;dWo}|n3w?$^#BsuIN@P z=pju_2mdEdoH%lDFtcmed5=eDXKyL2tf<)R(lb3lPY-Di?6UxiqMCpqg-C_9Qp@yR zUw9y#pi@<(M#*U!E%T!kcGzr&wDLiw+|hLwy>- z7S+{auzc{?M{Hx=(9nGu42X76cz%0EvO$M~UIgwjsr6~Yu$R<_4jZTrAVBbzG99Xe z=vmnSz85NaRn_+Lq&Dp)qXNM87ma3+7+`5{fZEeEnwn=*+$)!Qlm9V9rv{tjZ?9zZ z-G662FwoM2W(bI!L7l~JGg@OT$J?N$zCJ^_Xhi(?wKe{Yr-{a zDRxMiAirG}m{hzWBruBp-BwZjL7jjA1$(7g0c4D*hzQ{7=uVu_?68+ehOGKsGqt)p z04Or>9%YPyf`TT21?(<2^O-Y1b||KUtqRTuHwb+NxM`|gNwgJ&{kU5=zh}dp@5b`I zJ8|d$CSU{GJ$>Rx$g9@Sh6g{ozJoJ^O9xI4QO($;nXNl)<9<1>+jnQnJH12v>Qzvc zJ>bN@MYR`-<{+ejC8;Z04<7Ck#qT%059QS19^Y_QXI7(`t-XDA-X5LC91b1=M+XOu ze}Hd-{ru?B5(G_S_!%s_F0bL&=R1=tKHC9-*47haV`E^}yaLL0$akqAJ}w{*_ADkW zELr%!2CaWMmR=VT(eV8%%rP|m=1ZQ4V1>jl&_bAQjht~T-Gu4^X*c?=g{>{X+YYcb zsBoUNfu47A($>+@Dwm#*pC3LD%paDPBq#~MF>h>0Fzxovu0}>ig47Bw*-xJo(Rv%( zJA`e1I!e6?mPp+DEC)JhYiRRpeY#%p6P2N>xv}=b3*dz#4ODj5hF>*Yo*@DaumLh5NW%bm zr*wx`K+yBO93vwo1wLm`-_p{8lY1S+z!LjubP*Eh52hgLvmO=OkdS}V{_SmTfEh9} zF8*k)vk-=-2`%dJFO=4**F|L))$JSar}BLEG+OK@7)6fWFbO(?o;p$X!LrpMIQU8F_l*JoU&I+~g`t|G3gjosy&2s)?6nNfd zJ@EFY4h8X9Pa@#Sn&idTYlAga#l3(tYSxIC(Z=mIKLGR#3`i-64`6s` z8eR0M0ykLy;n-$a1P!o`b#|VHmL1D@A}P)JS;MeL1$crg1Qj%;*xTX4!9+ya2ID5t z0g^gMf(~juY%XO+foqRG(W!c9cQc^#8fdd9?ZT_f3dp=%o=So&f zpB292r3qzoZ-(dh!SV78`YsosEN~}QR3w>r?V2Dk0?grlDBuAC@7*%|Y^NRAlXnSZDKrh6pi&M`S2&Ff~x*M{OrcR;yt zyW!?O(vkK^q`~iTTNK`}4W(@$Q%-YH#R)MUQDQ8_?0&>tsttTroLOisP zuXi4j#5$?W#*s2}$+@hg;kIB0xEv7tbZlinVvh(CS*P_~23uX#9ucD#2 zsUe(Ek~*65`gQU@5h!mLQGp%DYQ!_kQv!h^T~F|N`DSD06JfG4lAMDN(KT8D=*Z+S zvUy?WQK4oJ>|*c~3-L{UPR$l^yz~`^u4oDQ@<@nz^~P(fsEaFGFP{`veBnT2mORzb zf3i!Hn=mEE*+||nMGhCk!(4-lY_PU_C0+3Sd6Xx1JUYXmK75fCq+TF)NI2Y+@JJN9 zJo(&ZMEc8Ub>bmG8QoB`G~Vj8L?luiOM8{bsdDF+M$^-{CuB>RdR^mx_$n+q8=)Sb ztA4?EczojJi6~i~id*&Jhd-O4vJV9~kS;N`r0}jr<2L`=Wm+ApMC33kL~k6=s@K?Q zM$iX`7FM*Y(@DBh4z|A!uQBOrXqd{Qs1sMo%P3KYuJ-*su`n!I;J4bN+&~UQUwTJs z8V=O84969z4e<#Q`bt1M3Rz+bCrymdw`sMJYr#Lac+12)f0McAZvuVegufiIsB(s( zg`Qj(fxEfj{vpGUY`UtRI-^)))^1L{mH22g>{wtj)|Xhk@Q7S^K5lo(ebsMerfQ_3 zN#;C>`bKmU!~T^7h`>}qfRpli;gvZiY^<}&CVK}%+I?UV*xa+L^2RTHX=DoGfCCY|BP8ty(M?HS;t)%IaOkO z@=#_cv_Lx`9f1$CroZm+t%c2PkmiNrl%eI*&5o0)=TqIkG^&NUfL@^06pC`d6Z%98 z%N>^1Ik`n92r(%{b3YegSxs!R*nJ54`{s678rVmY)h>l`^|t*PP^*2uZaaa;#nmw? zT#i$Ih0!{8Aid)*raB;tkKl^c`DRzVECA%7k{O2VlD`l$SNiA7RC%MB$?dekH>Dqh zru*rN3x@fphv~@#3B&=md9HR#w5&e-9+TSKpJ5=Xq4XuVO%x{q3Z&N2nu%#^td5ro z^_V$o`OTlnx5u$7@TSmoXY_XLH)Kh4+>h#=zfdd$y-^%9hdG9;;Q!uPx(e?^7GRx= zgwGEC^LUn$*fiF6MkAI;rg^<0Ena88zi+7?N42U;Vk~=F?tf2wEQVITxQboqJte>~ zkMm(!uoVjA`g2#0OBW7~plFyP+4oXgWdr*tBB-zdir6`tR* zk?i}t>enfIKR>TBr{RcX@q(EQVP~OsZEpXvAFoXxnzBZcyc{Tq>TUkb1p1YhN75yI zhGT9pv{bAR*Hs;DUZce>Q+U>(_!36DGt=qRGd4rYdf4!`jm}ZdJ}(E_=0VTltXuh0 zHnQDeZRBaK!=3d>6Zo0<@S4LU`lEq%U7hQK*%SLqTH7qq42A_7{;)LNY)cmg{+Em& zB~Yn|4+26Twq6zlYlJ;TxeEj;6vgyRn;r{186ZsgyeZJ)s*XnH(v+SI)5osty91E_UJJ5G$MO~(g>7xXR zo_lV8lxF=kNQs6f=RaG&s&_dYLpq#Uuld1k<_-rBvog+AX}HneJAG`CsjJXISAC9l zfc@B8iU1Bnp$xC-b-C|+i9wC`Ozg5%&@P;Atalu4yrY2NSJ6Wf3a@SX0y1@k%cKStTwVt88iNk%rm+vL7ve>uQBHK@0v54GE99ekjEzp3gV=fYU3H zwZQ3hQw$V_bGfb{V>QsLWPZu2!Deq%!ZnOWw!~Q)q1EF1)S4^K>sJ+b%{7r)onw_M z+XzfKIdjPKtv0JsKf&o{T1LS}!;mSA7F!6qu^KYwb>UW+M+ zeE3DZn7wOe;6k!*bH z;z`?Ti>LCPje1%g>-fJJ?w`j?Xh0NWso+g2d&hTP%hJ0(9ErxYe8ng~`S(M3dt&IB z*rw|O35-!_^hovvq9U-CzAtQ$6B#aKmj@tHXJofz+k_S>o+MFkdB3%OtYuq{!f|iR zvLD|_F!fYJw&l=1pvb>AeRdDIcw+yY^NmWY*ENte8#$kI zh1VV>d;j<0;9@(i&+($_Q`^X0E-+^qsvU* zSi9@a{*DS@04IX3ltGp9$wMFmzz&Iu>^EhENhdt$33&Vkn&82CCmWl$^7H*oOXkWv zv0%jqzThOy_a8q%*+e!yEmf&DSL_&Qb|j zu-Hkb+IX#&!Z+>Ux0YI|dv|>s#jb~7h9;`+J_xr!%X!WZAQ?%$#r9BK9mICWlrN`u z{4(7k#{*+2RJ}g3u`&&2i_FgFKYQ=hCyhmgr2%Hr!oKUWn-nkFzMXWMnE?Hc-IJEE zP@>AVLj|y|nP9-84dzs080?ViGGCK6{z@M#dP*>mN?sFYk~a6eNW6?NXLPN!Z(D+b zFwJf&`MQWD2yD8?THau!?FTEHm)AOQXb}++aPA>97gA$r?|u{w`QIqm!6V-E4-5eR zm4d<0hsynSZvzQ%>m=Yg8H_qlEHsgDWn54^p- zfh*A91-9SgH@OSM2T08*G|(q|%<+z!`~0?R0OuCtA}Kp84P2_g%6=~V`SmMUxdxUW zs{%9G-*0SW^g=NmI&t6#;ranWl$5*NNW;ycm@e?Urg!$Zq+XEdy`rYM@ zX|*CU`B@h=}}c|ZawP${@0534NXRvq<~5N%ueugYw&`_ynO=r<^p}4 zs`2(-(>D%NYl(M8^@@BOQ%$Pq59bW}N|ew~Z{F$~bW6?G!pe8@D#iSsNk)?_g#V6E zgb__i#7g{EyJE0@&J7x@M6c`eot+MKG1XG0Ymqb*scqF6)N`+Ve9uv6^}GZ(l^ z{)>NSEw#b`m?`?Lo=dUQ_c>lU3uYpdyc*}>dTWfoqG)O`Cpf&vTyM~3g2M+KiChF% zFbmoht7YPGxE3qC=A6Z+6Z3 zvBsR@9dHPNHUIk)m~xe5jl|*jGCSc}!K4R~2%-Z|tWtIt*t}t3Vw>edUjil7Xy)SX zz5-GhP`HrXAhN>JfV&4;2~01yPFkQ~t{h(9lIjFYq8c^Wzm_R}IvxL;cLO=IZgBZ+4!StoJVEdVGV2*Z*MO=UJoq~&qIQ5fl~x&9IpCRAKY~*@KazO!R6$@ya6y=K$l0~ z{rX1xoYAe5U|2HFYZ%V|Js@o0?eLpEg!3wB0)?lK04i+RucZ(~$qUi{)ZK?E5-3ez zhSK4Kxk1QXMuOI*eZZvIGoN}c53@?QQ%^<^f!^H?0GVqB6TChtuuJieTl=q(s%;wj zmrRU*U@T;dbaR}KOWOSG#g3P_X9f0;~`|@RLvu1a5YfCEB z4T5H(9RpiUPFp)xH~U_O77#mCP(y((1@`X|SPgboOKURxJb;|83!#P)MHsTU|5>Cj7$K?hTuni)^PRu^)um(VDUu|KthIt=&%Y5 zHzZ&fbXcp|t?HYF;o|E~1AfcDI^YWx)G`SZOK|Gl^{8E-`6!XJuJ@Qu zFH#E=xO~W{@*d#i_jFG%!Gb4v9x50}ZM(o;K5cjaO3Lpq0eJ;Uit)PR&-GD`UC`8t z-SEXD83}+lV6+pIa}#4@0Y+MgG%y;0ryr06sA2F$JK0@xv$GvpptCAA2Y~Pb1a1H* zGh!2vUf`k=-n@ZXm*t5QfWm;pAb*ND2ZJx-w7i5fr{T6XqaZLq2${+n`fZEHb~I(E z#2=xihSA}@*(y-`f#a9m8m3<+@P>^5Y}(x(+y#DjX`&t8^6fbIU-POrU?^RL;W^D- zu7M%Z&|_x;wx>-cliQ30*I?cdrYc}mlN!Dn0AlaKgJIY)5V#OnaJO&$V3hqhJ$)cN zW>~-FB;d7WwwF6W%!Z+#Rj*Fu!b*OQ6IFmKk0>1s02>!vD&Q#)pFz2i zNQUn#fC2>W3@a-ua09rwbU*=>zgrBN%kv+Ff$Iyyz&d}MbOYu*jTf>VJOoGwD_&CI zU}n_#R@*}l-|+xSsJAx}3Q}?#U_Efo$jCVE`F#l>>w$9)zGH^xU>dKMb7f&68B}?Q z%Fu>kIDJSRc*<@oq(j(Ex&aK+;9Uld6NT>U?S=FT2I9V1x0muovCXQgsx-mQ+Z*oLU67L@yR(CHMOqqW-asDt z`t4f`fdmOO^Zk1mjy`)9z6=3^4DQB%YuyDF&e0KYF_cP2$2l18WDX|*!iGAW#tZ5) z3~Xyg?+qUlNHN^DAf7uosGfWRhymyG{z;VvFNj01L18!nh5DN|6yPs`1m<&?ZaW<4 zH_k*GYGrK=r-k9(uDf={yO^t%czRRi4|Feh{2K zf4+;=A$v(7Fl-zgQH^HHG$34o@VGY#eUiq_(-XdlMu)HX zve{9YY>YqbCa6{5!#{lMZJ&sY%$%D9e0N8)1>6~gF$^a_ZU#jY1f^AGNv8lLOaJYl5KyPnA zqg*c48B#)i{>`otHxpg+ww)gUTw&qBQh7sC621(8g=I%}wM|4Za zKP|SO5t_OwT#T z!|?YdjNgGvkRV_cKA6_fiIqjkZ16HlS?e1k%t}vA zYIwsQ9~ns-oZs_Hm`6#!=WQu4ZyNBOuY$}5*yaw0zfR0M_#O(+0q=>auIvhrS)Y;T zmq1{Ii3^#ng$AfM#^r9dFff9{rAT^y0QGlbX`6!C1?okT=KN3x+BbNfp7-Bub`k7 z6hAU_5b}$Piy?@?1Rgd#{1h0ihDb!_0b$K%w%Xj+_X1+sW6US?kfq8je7sW zU0=eL+t8ck_@nq;}X}zha@ca2X3@9AHniJY?;RQ+N}3qXZ#Q``O#}FYSKq zY(wxUJ-1trVHUgHxR%4NTPM~F7ljKy>c!~8$LNiohrhOckDGx~0Bd!?u6_ZQoDm(? znKiHhZYc>@+0H?rEh=Tvih9v4FA<){RLM?pZe6Q$`sgl1rVPs*peMA!4?$E#f6oAG zJp~t=PnNPev0++J0FJID(OCn(>*CM$<#*8wQwKe+2M;ib8=w;aL?sO8?iX0*z?>kr zZ-FOhsMq9-QEEbya01k9KoN-I`hn-M4n7of!STRzKv;jkgcY*&E5a8_=sOk0q~Pw? z{%3w0?hnYJ6uu`*P#xk+0Gj~82m=8LP}&>h6X{NJI{(IB+iBB!ry-?c!#@WEQ79lg zRuB=`@8GfDii05dpIjhDxW&b50KY88ArpG2t9R;=5acsOX7)X+B@5+#@Zjvv!etw9 zm)idP4$>@wc$yz4^1$!n92mt=sQ8HF4z6-1<9O5JKU~VxVMh^%VbQ-|@hvYl4zwpI z_%JptqZB@bBDv@a}xO1RJQ4i_PqG?bN;%+}jeo_p>riYrVM6%_%8p|8Kc zCXJo9uf<^dI%z9E^UqJfVu6egf8Y6#Neihv9~u}3L0I8LIAO5WcM;DV zZyHtrH~17m&ebx3j#T_93w&{MLKXd^35=B>U4hTh_AxM9I<|n32pAp^%t}k`W~)(c z?t9QQnxXY;yd^qs3fv!&q06)Wa&X`bI00HvWL|V^tVExpk`lDxfBzgK*z$*mV485B zAmYvg=bs1>!Mk@MJFxw=6($g@KJZdem=IF{S#Vj|X6FscmdlGj;=y3kb_}gBw4|Uj zh9CfAxvRu1oDCi5Kb~V#IV9!XwbhUEOJa!y@ZRCUz^jJl@V9>b>(@)bPlPX6j}U$0 z*EHVNwzPPIy}+NNE#L#;eS~lfdJUj?!SX^5xE7uRu?32O<8NN}z_+IES=+~#fDi5n z{j#a_@A2YM0X!9;)wKZouGho^qA{h% z3jUka$UF!*Pz{6m#>E(NvYK+aN6NK%;%}%?y~zAy5Wa<6H{E}g6oX=VDW-Y5?GHS0 zDAu7CjEss}B91@wPy}P3H>r!YMo_*1whDWgo}L~e8!39fkvT4>k)fd>=&R&ov9xIZ@YO)09S8%@(2@5;-8&wb5sHmKMk4nTJe@)02+T@bEYj#A)RcJ5U{ zMuqwlR33m0!fivz8ft8nsiC5>J7XGWJKscP0?s0^BY@8b{WNURcqx-Hcql;Alq+=B zkCV<99-({3wtvu_ss|i2$d&-Y#}i$@em#CELb8hs8@;%pp#j7{jg7Z^v?XNVuAn0Z z!!qD^?(A@-CjjUTjVsU;ftTJOuRaNG5)c#g8lB96;=JV=v~3FQ0fgAFu%&8uVH{i` z9v&WHVLbzbZ{U5Sq5^oq4GsnHpI~HQpvo8XMg2##gDSc~@X7epvhv!gtRr)4k@aH8 zt1F=dzPEYDkqJc{V}^X!vHvFd5+m0+KvO`YTz8g`%q(J#bb@yL;r=l1*9vsO*=wRT znMKeK0-IGLyn6}EmV&+rg0`!nK?WTJBVaZ6^#n)t9%T60*%Iq7;OGS@)8JynpBskh z(|{Qo8XEbvZ@N+XAEV0|PVmhrjx0I&>v6~eGgeRVPO7;F3`dNO1BCeew@%y{9PC?y z<6%%DD!MQ>20#$ROwj7Pxd}+#jp_wEJxLmp+U>p?%D^Nk9VZCiT_Wk*u%0R zy6zuNtz$CA=l#div1FrYrS4SVnyl0WAJ?nvQn<-fC%4{bX|dH+R$kM14@?4!nt%gd z0Rf1jV4}pQ0Nih=SxcV&0zS8W>mkSr-n@C^zFwGybN2xXegL}5>W36qV-Uk|KM0b= z1mdc3I7ce-Qzv8=L8$uuJx-M3?p<|4sfqW4gM(UZXwu#eHx2Rb#z;eH1s+^LgodQe zq2ELpAt|Pjm7X5n|9uggB$+Cz7sMo>66SQH zl?TxP(A#^yq;x}F=R8UC{-;1{6a#uOf%jT$J8Z8^f-+@MIo~TIN$!#)n>2h|a&T}= zEjYIQ-o;e-bmBdLFyK^EU0i$vTW6_x0IWJz8rKUyx%dE$-Of%?eKIkTfZM^{TS}$p zX@pLxd!ai4%V1Kz5WIMsR5wd16Yi9Rn>mUuVL8#6@I|GJY6l(1y#2x>Co#QLevePIwS7GMzcE>Z5U<#Og+8 zdmWv1xw8mZC=qAq&LCNcB>w=-H{cY&Gp&FB9@u!q@QSZEvfl3JaR<=LQO-l97Y2XA;0+Aw zPNPq2`<>N3&GR2glgw{>H)hH!NVQ^ooY^{p^><4G>@~m~1>()<%lpth@F_gEwMEse z(<3NMhGb|Di5hh3&dvugT7tv`H32L@0MhokZ<*5;0fk? z{!b`iKap~7-VQx??QpbN%FM*%h?SoFY+1A!HA z)C%Y=Yr_k(2O~pJomf^_tfu65#Em~_m5=TX!2&?p@xI=gW5}F(uN{qr|2X>@O9Mq!o&%cF!J(U^{9e@)UHgv}tD`!UL?bx#j(?{m{H*!p`zD5?akZ7H+v(*LiX)3!e zcmisfEkBA#p%Z#Cjo~VV9{82ap(&OMy*i?knm&*!1bzBLUTbSf{^Rw-jq#sv2;8<(X^2Sz6+`WWOce;a1`&d}C9tG{qn8x-=bG6*MmnyM_2!iUUJ#6J05puUl*@038 z-jlFh)ztR8usD-bQxo6ofGOyvtI+wgDlO=Zq3Z3%6@}S=FE~Yk%Uj`sS^bM6Pl z($c_VEkHv7Yzw3C43A1AjzZO|Zko4ip2xvVmiDr} z`9A#Iz~|wRAl22yDNw0Lzwd6sVzjb)16y4lKPoa3-ZBEf1^r#Z0F<2_e;D0?diCy= z9U}oo(l0r5Svmqd3)mdf8}!y=EOX!D&184b-XZ`K16792NGzZ5{D%W zor96AY($YYCG_S18uz+6EPLSOk;mcKFm@gyxs$A(2?|Q%QL<3P1*HOgyMyWh9=h<+ zjOh(rieP-)&tN+Z1_amO*vO;$b%@(=={g*^YfAA71Vc_DbmUf8K*01 z0D=zrVXdBEDM*?@x)>1AgA_=enjj?Yhgc@kve4}8@? z6aNMx)w_29uk-^N2<5%eAI=kX!gQ*e5XwT0qoboiDp+|t_-_4EbwC<55zP6|-*^3= z>A~*S(-Y?7JAe^GN@{A?Z~5SO2+Q!6c?dBBjz$W(lPJ~O{O8SbXhnEh;wxFnM42(0 zcQ#?}1+r0!I7{eD!f+`=hoEyu{YCK<_tPUrMn)*8-G4(*1Tzc(G08)#%!g7Dhz=V+ zwyB9ZmNT4t@b8QO6BBp$bVFGFfNF>e3R>070t^SBZ>zyJtU≪E3`O6RodCvs|xg z)}{p$aB08<+=YL`==eh!^Q~&BXH^Z2?jIB~G{)OJD!-<%D{MQUlF_@fGFX#q8OY~} zu=b&50Cpih3-(PRHy5h$pXj9m*kIR?T341 zO8oRj$mA!Su>7K;zEvlXWf?X&Al0oPW1ykjO%MJw98(JQ7DSVUZSeC1!59oe0p~>M z%76bh(9>IStuQ*oP+CIRL~H(&$Us{TZw@#bYsY`6wcLq02E{Kw_+afY!Wb3YjLggm znw#gI)k5TyO>EFblUoP)v)2Ua7I<5|rZf-aL`TQe@DB2u^!nY%NQxb(_2c*tEG1~Q zL0!>t7{E3JsSB_*D9k`91XFkfFgCFc5E`ORbNNMRM%CcvAGS)NaVFi*KvNX^DzZNFt&uYP{_u%+A$jKAxV`vq)UZk4ej)ciJAXWP9 zz7I*U2_&HL5`|a}GC#NyD3-y#NH%ftFMKR)N}$``xC!oxh(Rhy=%BlVIUalt%&>u> z0w51)3E4S0+t+fu7C$^?F^84t3rb?xmsMKWu4y#E2$R|Td{bvo007 zPiUw7#`=+Ey+{{vyd#W+v;OKt91Q?TV%-^(c0lq1Xyk+p=}%UKuJtZ?BYk!G2Cyrj z)P~jd_U*>oinc)Spp8z>;5;SXrP;l7~W zXJ|4CgUg203IMD7a!&-91i<_nfCHEZ0|W(_TKu1EMN7Crs4HO*Ple|W9`c<%L1$u6G4yUP{c6_^`}Aj_NH0) z&twIgzP`uh9w$CcOdL7LF_w5OO&0#zIlkac8^BDCnY4T@gtYsa?pMHD<;sYt{_j+d z;|B&uR8Ip^0B6{G{U{7Da=3w9eJ}tmC_qUqe_IM58lX(xToiG+_g@s%)PRjB8lrt~ zDhK*okoiKnels|V0OIPnIm6xd2amb{ZnC7r8lWSiivF!T=Gq*rtS|rqy$gV~-iMQ# z`Wz&t0P@-Z2+`ah;s9me=5-hn!H5?|NA$91VElW5!0Q3sq=>s=)&L+?agJvxwA=*k zphU0L=~PU8#2gZG3Nv@;U;%voQez47Y4AYV{Q1*=^;;qxNQoiYzjMKKi>6&SoTBrV?Tpd;(@XtUBUyOyjPUjF_)R{*x8>YMt%m-Sx7ux-vJ^KYJ$%@t^aKOGD z9yDlH-PU#ip#GcE(k}o90*s)AOu>G?E=ozh5xIZVJ!V24#A z6z6_EJ`bOENz$ljYg^aPQQr{b0-8PP?c4XAR%BrAxUd~3Ndt4LF)P9rVi0x$4G*Ri zqQp@!q&R?$fe;d?99dUe3%L+68G<1P1VqJRwba#!2n?`$kY@ll zW|kC)xlj?#L8SpeH57A4htr0zCT5%zRFd_ZT|4Un02BhoVKo~k8{3Wvf%e)AVKWUR zAi|gBz##p4b1|MkJYE82cnpAypO=3{R|oK)^EEj-$_8sSH$`8bidyD)SDz?deqMJj zpZN5Pzq;xS90e8~uD!(de?C+g&YlW)0zRQ!QMc;5OW(a~1@Hl+k&6X$TY%Yz!SX-f z9|c)2^mG{1gJ$EPmb`Z_AYJJG{n_bh0TB_LA7Oy7!94(y2_Y2Rs(`Z?C%hM4WDQff z%Jy3W-Vnl9ouopVkmWMyWPRH&bG&}vCM6Yo@nd*qhBRFkl!u`5rX#?pWTX$)dN&25 zkQp0r8Q@W_g~A(B6-*(3v&Ih-qx<(U(267T9NbVKG{d+L##sSkVg~`&$UQ)_3le5X z6d*SA4~8LGW>J8>V8wJZTo=3yC}49&y-^=L?GdA@H0{Sxm@x995AWSLgw^13HN$~- z6|h=jOd6SIv(Prb>J*?jy|93L6lz!R1)&4RCvFp#YPhqbK=(`n*Uu;ah13(cl;>8(~9E5=h^yq8*FeaBxgm?h$ zmr+QYV3~1-(0u10JPzBrIx(tiku4MJC=oS)!8iN+d)C5W&^@kN|5cy}0?!2ZTCnzp zF@OhX^HbzHf4D>H1;i3k{VPReXxe~wN)`k0El~f3t}gkTVW>NSp<%S6hz?lLU`!F=r z$z8$g*T@e$ZUPiqTH(Jn`}NK8JuuN2Agoln>T7HI{vH;4`Ua82ENE&Uyd=* z$AX{5$>8?!i$mhncrc&$5T@X=rwazC3zi8N7mVmTZfb%UAJR1}iXv-(+u@}_gz-ha zEQR>Rk%lEN*=gMYtP^mGPXjeASf4@q2gb6{?x2|yaHD`ZLlz_9tUSCZ{JN>>%d=Ye zROnNJz7Rp*$jCsAsASvQDW4j}XLySk0t8KkM->bs9`K%Hja1dq`E}^omdfZK;2yjpAzuM{Uisr8L4=qxz%Wqk zG&H1}{pJHNTA0Uzs~`0pb#=hn8n=E zgdq!_EYyCGI6KfZT410CB4UXTot+_|I#r*vs1Y{?Q+epp5#I1H5&}92)R$DMynUdF z1;na1&l`AG3m$8CB?ch-!?FQhY4|prC{a>^v4ZK%F|9{5VjX=SmJkn*NzE)wPCDOs zn3>TLMEGwT4a~U9~c%;_Lzr1aR;rzIytQ~;lPAt5ZB@Y5E68a$ny zpH916+39zv3R1-3Vq*i<254ugt`Qp!g5cIEC51X_tfmVl9*Fkr@naw<3g;JDLro04 zYe;Evq8BHy)ZZ{g7Fk1D_-8f(0&o?=;t32F19f#UA>MVTx(xs`ux?;j36@fYt-k@s zgYgzLjuIZXL&qR$^YNj`qW-Z`S5F!QiZ9q*`@3-^$cW(td9b;S0QPU7saaggQt(n0 z>@jYx4lPi9BqKYR8z(~Aoo~(#`3e=E6K#6Y#<;ZNG*b7H%o3vbTbT;{SNu7cJrETl zzwG7w%&KYUgS%~w2;?r&4fw5GKz&9wJ zgaAIsy;#qknw(s18Rm+v|K_;?xs@OLI}|;>zZ=)Y?g${Al@0c?B;F*EUmATmOB5lA z7(yb#GjY^I_#J2K!ML36imhBFs|23eqt5jQfm8$Y*KnBeQJ9reGb&$a^^d+@FkJpX1 z_ikiQjp*6QvHLn>y5)qjY&BAwK>}oxO=~?Da6NV{H_hqxVMVOxs@$@rXjX2z3`5c^ ziL<@;$0)%(!i105dcGWEULf)emxqJI4L{qe3}; z-i)YR87f;VTfIq-?cl)aW zlTF#BHp-w-<@*;f(K>1jO!5|Bkw9;FNFUsh1E)E`nJh0gBXf-HhiV9k^RC~NKtI7i zGFpR!8|oSwNWt8DS8#Lt@%URu=0fiYewxkHI_u$756u-VL(KxddmaWJA$WUBk`zu>hIdJbnj=#OoYpDGAYUP96 zah&h_9K6q1B*fpmM)#JZIMUww^Q(yY5HoYZ6MDJpW`#i7YRs>k?CWO zJNTP>S@W@n&`L9yYJjE8qv^N%g$F!p{iD;K!K5X_3suV7jU}J{!KJUuJY<+PHP8&a z*w>V#7XFsoj^;F8?uy!JKZlr?F6}mQsJAxA5ZJ}pX-9` zos)1C=}^0%1L!Q5L82!?FfYMI>nvnr@}VMevP4ZDhpI*B4h~|bN3_Wyg`$vJF~OPa zc6iivsBLFA?BXC|0)rSx9U{4Ls^CFNPd2zGvBapko20C@@|IP{+{j1m-@V8o?&a*; z@g3k(-1n=#D{Lj??(lmxEh&v-{%N|P{$o6pS*j`Ff&$lO!O&=*^Qx)2C+I4azFOAL zX@i+;ZOhyL&V9PPSP)3L0_2>&`*R2EW-Tx!3_J*O@?8`9*EZ%^vwzga*!jmZI zqm!FX)#aRxxBT~XwD@9~)9%AG(m#wQ{2ngzR-7o#jgr{d)AmcRZ>5hHeA42$wv-;$ zp4eZy)_kufT~1$SK6WJbFK42NGo6=?540GWaQQuDv_yGfeCD-))qbRNFz=SX z-6r&>oARSC(8+oJBq@EfNlcdMIT^9XbR0s30lQG@AvW`57-i^nm6xal#Y&GCyl=(6 zJO0)j8oY#P2J9uL54G4Vyw6JBx83b3ng8v3YAzwOyfXOH-mm#0ST@wy`^=h+__|-Z zo5-6{8dS7nZj$f@1BBMAm$zMJXm(@&K~zYcMBbHfoR%vU=m z(Qt~lAlmQ3<785k1h9Um%>J%r3<>m20*{)j9>yNJJ}`{=Gx>G{yZ^A>4~xI%_2nPG z{R9pP^eV$vGMq3NM7AM+RsPhDq-x~j+xaj{{}Sw##g za;eewuTSp_c}exxX3@?~&l1Vv+(2C0i{0sVi>mbRAtZY#{68bXEoI>ju6TTx$-{}m zowpSP5~|tR_x)DwET`)nY^yI!n$?dpOco%x^&Y)9!YjRJpXNeV#JkcZsHu-?A{c6>XWkL;z zNizJ;bIOZ7Jyjn*Bu}8jxmx3UQf;4OY(95~b&_~2ugLnCnb`(hJx%pbE)OZFHCL#-L6dy@A+VwITi!F0eAa z6G&Ww^7-yDzkBCoU9#1Iq(ztT>!;R9FXvQ>1Om&iMh-QG0=!zpD}VX&Ja>ueT8}pj=H5JgD0r$raY7*yGEh%epuZ z1N*#2%SJz78L>}@;1Q+B4Q^C2D&tbt-4&KW&-iBdgk@aev6ZpleDD>{a;n%RbXzLni3HrH0RuHpT<0!}U3ewy#c2$kVAg-68vL8jBx z*emgZzGR95@863O_YF(tdqK%n`0m}xbbH-h!O9#iM?`j)6EmgMIPm}+Vdym$|GYMs%}UY@zQ0{PPJEJ5n!GTeb4HF#Gj4y zzrXI^oN!FFA&onCY=9BH%XW4eM1R)WrPnAJ4Phat8EN&WgKQ~0Ff`8J|jxAj9SFGzWSl6>Q4xjuM zQ_hvbB%gS2Hp%&jKbCxWNx_JJNZV4=8H?!^3~=ynk?*3)5L)Kjx7`+Xwb6flRUy(* zuDHoC+r3L_ac1^7tzJvfM5ji4^m(_a-rN`Ce;>@%sYFEdZpmQHtu6n3ExyDL0}pdr zVe)Gwc{I-h-rzyJLJuqpIdqn)4@LfU_1=#;#is5G8JX%y$Q+CabX&i69l1gy={RkE z#`8FyIm7?$jGS`4{QLY5PZ**`)d*B&8LHOM^R5y2kdgw)n}eEea?E(HHEZ)5`^7UL zm`ntS+^emVx~Ajk_}a!d=!^|&NFA*gn$AQ2xxdrwawyYs{=6KC5`6M6zA^H9%4D4E zJ^5r=C_nvP00&WVYD0%gBqfU)B;b|5;?NN=K82?7{(jY6Vf5xOdc_>QERifsG)S1} zZfOmor2pTCWR|Nn&mXpKJ38`%C9Vg)CC0zC)FX|{Jl+0`6hQ?j3#OCRc&olp$DTN) zyUj#{6V_&%HTf*102xno%ooTjX6$TkQjcQ=^T+10@9>69Lbx`e;hb=JR`2C^re>GO zb-Xu}XV~Quc(sLFDs!j{SN2PAg~iav(9krVErCAZkPi3iqk!sGS_-FpmHc{UsW~09 z@Md&4*wDwN&=9iE(1=A62?rjc^1DZ8U)uC#)v2UZ2k()_XG@ruOm$_#;(TO$wK%md zNvKp_PCk}~mn%hidr))l-xK7Vx?ixuO6O#EDYbQ!Cwlopa0(4=Dqi?%Wnd<&g2|Ip zW6|;N$>!!&@^2X(>De*B_GBUP7s+aIFg_g85HIFyakKAO1+^k-)e6?*Nf;tN4{(!O zYV|r4Dr*cYA5a%WwE7G^>t|mi7ME>G^G$!WpQi~&*8GbXr=|}d$(g$HJMPilK|Gzz z#g8c_t@#FOzcJ4LndU2=8fsJXi8f{I%XV`}8W=kq4;4P;Po7+x}To z-3!aPG{X<|fBv+7oT<$gdZ?gaP@$-Bu+D2+l#G8@zD&mm&{=gCW$uf0wIZ%;6q9vqJ7eeKlHcxdG|3~0W!gve~ z@bbO0D9&f?fAkMOe}1Rbrz|_TSl>4JX$A(>Fw-$+KkBNw2kWG%12H4NX<|EZ=;FJs zjd2y(ZJ4eGlCO}u1A)lUr?mh-X}eWZl;4&0)+bE^k+U0q;B01SVBp(Ndh2H}mjsa_}R(!ZQ>e&*x^gK97VZk}&5mX(B-6`RyF7_VHCtFKxeLpBkHZFx+@Qn#5{ zC;IzZqN3_~5`0!yyBE$hd>%alGx)hJ4MNnyTPU-4WD@CyfR##3JalLjkAvHsKc<@- z{W>x6g2dp>eD$g#**3f(8-B#|m06NthNEd!2;WY^s6$43b{KrIe7~8HlHYatYO-!+ zm*aP~4$~HB>EilLYjp%l!A8S)q%FCKbnJG1uuMF~JePE67$9hH1?$hQB2C-vD#uZ~ zpWCU3hcx%E6ZlPV^=abQW8k!^TF~ZYu@hn&uyWK54-@u&C;yyD8XWE33M4#L+&f@r z%gV_K=jOO6?@QgL4d#x(m(5GY%UkdJDP!kDJVFWm`rfrda5V%euCi*V`k}MsS}Lz4 z%a0!gF%e@_W}i1&>-^e_Yh9kGt3yKrr{DczK(9Vs9Kk9Cp$I$$bf8WT)jlsRvUUFK z7*+UuD0PN5j_+H*cYP?KM$oU23M;0<$UIP0gBZ8;m%ECJq50~`Y|TwLT`_M=xXu)f zdLO6%kX_fr>sTWt4O|!ia4ep%h67mZPMabsnW-Zs(eWwfiprR}^F$EKlB}rDC#BAJ z-wna|VYu1=PRIUNfDM^d50LFZhZ&X+9uF7(%XctODlMJ9ftI24Dv!Ux+i?;EX*Gc>}Bn77ki)im7#G z(MFRoX*BnYvv{ic4DB==aRlzG6YB`Qdf3$gJs|%usgfB-J3ad%rub6ub?Gml<;t)9 zOZxfo=C_Y3oCWUyQ)v5`(@jdZ4mib2a0Nj-$Ur`DlAk?uM zR{$gvP~ zG8>dDJfZPz#}%Cnr;sp{N&?+fUa5PIqpc^mD4>e9vQd})YOC6zUJZ}&ugbOmT!sx! z&lEQG)k6B}iGc9v+W-AE#}!0Gm4#;W0qO|^Xoh?BNr>OZcOm!x{>P7mE3hEtMmLSd zv*6Mfa0Zt7-OVA4*U8Ef7}O}(BaN;1fmehbSC5{Bj3WM9eyU=WN1C+Gao|B`4goxi z-$--b@b0+n;6Y_pM-M>2Nv~?Nq{E6H@s^YzsU&`b;~wbaCv!7@R;G z9V7n$1tjG!kIqmjT_IQI2o9~UUv$+)PyO4**sV^f+tG9YW8Vy5-D1K@&^L_ zwn(nf=2hx}A0Y&hi0`gX3%JO6xiq*L6$t;Gq^3iPm;%4fmP9i@WMZtNho+uIfBror42g}TXf@IW5EGB8r} zhZ<$z>@T?ydDse48NBTO-s{loWc)64?RTr(O!Pn1P{sN0%@9(dJB20QxU50(9xx^k zE5q7^s!9AeMdiq2ycJ?veChO0duBc~CSC3D#x$-j2!|f`s3ut1=KKG152{Sm@HW}* zsz`*>)d@%Aq3M!*tD~bqcY4xMbPeE;q{D4oY4kcr8Ica1VEEW$e_IiFE{V~^A@~xV zW0PF`mLa%P@y!xJ0;h9krxGc*5`!?Rb4px;QHD>F+&i~}P?Z;ofRe%}0 zUtOD``TQB1VQRSToob58Vn~mTULE|D;_Gn)#kZ0e=(}GZ8fC>%4ZI7%mu5;ZlQ5GNR$?xcPzzG5NI0*S6X+v}E#NHZ zIz5=ZbIjWpO&*ykm#o?cFQM>yq4IZT>R{47RWc^?WL3G_rbC9(8Syy2uD4pK;7Mm; z72Q%`NX9>{Y5Q3*%6>5NTv0tV*Q}H`$O>H!z4p&YGovP`nhxOFI2c=}C= zP_E4O(;H0v%nC}@(ZA44cU%;73Q_j*M^)wMA_(L%#ObUX?<&Q8cZ{KdNP|RL$|K!K z)HUw6PQ0CEXK5{jYDKTG9DHI~XP4l^t#mE&4!To)CDQd$^2@-sb1At*cazlZkkApX zo(c_CvOtWaOP4|lxOJ+NzPRUs2@?W(?nyEH)K79Jh6B`m6~DfEVO{no#-at57n1)u z`gd-Ib$Lar(3g4D^5&S7gBg-$G%67U5uP zA0ZzxyjSAOBhiSCb;&D1`dYs7BrL=;Sk+pVR6o&z*D284n{uc)hLiM^K#op3k3iEx zKr0t!3ST5s4^`}JZ()33|15uG4K<~+K4Y|OHFj}lWDus|u~TH%a^OvFzFRQJIoKi? z7JVf%Slxg;1pmx3S~l^$v$n|Lw@S-T;iIW?KYQ6-0 z*xg3KGRdk{>Ely}Y~3f0llB-6ScNUo?nwBgOojAKq4j8MT6N*MzVg`rexx4PUqw=b2a*r(E8zL!~Fk%sW5u;$az2`w4vi#k$Wj$k1 zSMl|_cn_+M#QZ=8%3pw3^atNt(!`|i_7jx0|e57ZPwxzeHx z%Iw$EvJ1%RY3iugX}h_wyI*Cn^ZN1A>fQgxJX_5#Top=&7~2E@f?Ep%PeaG`?|4@cY9g5 zzg22QQw`WY*2&c5`H*hIb(0|!PU9FOxEN#! z=zBi7=));?ueHz0n0E?SeI3S=A4g~K#nKUrb z$prHgUln+IJUOd#tpYynZ3NZ|D-7(_1v~BuEQYo6vba+sd9vM`$Fg zowBpNE4TQZ_nt?Qp83%(p^5efyt?<-h|GLbQ~xrhr8h3-d<>%>%Scl!*QtMb&EQ#Z zM}K0pjr>}{>y2nU?Zkrj<+gI{quu6PiYLSpytj-C7MyooldxrZURal~1@Bm&Md4Ol zPgK5c{p0(7$Ib3*0^C3|L6SIo^wsH%+SUY3CXtGsm*S7=jxv?aEG;R~h2F=d0~!-q zcePZ?V9M^49otWYW$96~jlJWiVlPtMrPqrMZST)FN$8mMg}>Q;GOpVC!FxiXP@Y${ z_UT+&m+aa{C)6kPnhtkcp11VveYl1Tb!hnpn60}Fy(|yYb5~gVwwHf@1%PFHL*MCA4*fM`0u?%w6jH6) z+fQkNWuE3mlhIvjphe>a-H^l3cFJcYyBrAaAS8^|vH$dXD&|qm#jyG7p*M@BT#q@- z_}os1=+immk_U&muuVvlxzcmXPh!|d&uk2|h=qD)E2zlE`5YK@|NL0qOcYM8dr!ou zWskAtkCn?pKrT!SRJ&ZpYrrP%4=iSIiY%`v=9 z^uG3_I2KOQiA}t(&9S0ukf__&?O{qKx{-4sFZJj>k3noyTH33Y@PMqyAQJNZL`%D+vOpMUOsZ@)OT9Mm>mVteC(Q7g z9G|E~U}2?|hI|d?UF5aNq2#relSR#Lt_CRw>1tGrIlQM%+?_4!BTSF0s=1|um%mqK zRi_ymIsDC5^)+H4lffWFd3wLHq%eJ`vg|_~7c`+7|znk&03BJKbPbM|Lg4Qco8SrZ$Tf#F_0v%fYjv)-Y2tzYFEKKiEqBTiM5zNFDiL3Y+|aY~pz2Yr(%i zj?>MMFDyf4t;v$wkySX8P`ah1!)>axs(&15lgZ(%r&@d@NK<`+jz6^$c*i1nS~anrov2_w=f)QU?imdT;4v7dIZb z4LtOXdD&PI%bbAsa-EUeYe_1}JcHZ9%=4F#^)zNOC9g$djzak1v)TPeMKdF}hI`Gq zZO;>2^wZ2|51d;hGPetp``H~|^JYs8(L}}DsNfP|xs@oAp{0|*Xuqe72{t|6@&=C} zk`=0k^EOjR&&VWhR|$W>be3naVu=p-Jc>F*W{?@VM^$RsBJo!Tc|n%*oP zXvneXFcoNRRwjBK?LHg6&Q~qsNnMYc$y~aJ7I|z^G(I?c-@-8TKPDUXx203hi95ay zl%ZA&H+i>u*!@{Ntz%sL(QxZfI~{m}7!$(UFNGrHh~;qX}hd{#gW^%*1itCi}bp&fDmp?&Co%CFbekr?vZoD z^5lqVvm5lGHIX_j(l`0#ZetE%PVdt!e#uRyf1J6eTt>>^5@8-GJ|yBg5m{g@m#bgf zBRt5ZFjAdPT=SF=UH%v2NcHiGeWx5xz=`tgeQD;9!i879k%>vNFNr2b&9&ilzU*9Z z5a?PyGM7IwK%N#W$n)VCQEisd@EP(&+0_o;!8B_(6vlkC<7&d9k@)tA%=%vZ^bNJo z!u^XLjWdr?<+UY)GdX30Rc8;V;<*gMCJqCNvLBhX=*^DcYYO*1zBNIm6Bnrxo|1Ya zX9DG3^Ro!b_-ah>vc$j# zjilv6He2D|VkKZI5=4N`cyLhmN=!;91-5)+R_{T-3WRn5j*N|sotzR?flt3&UbQmN} ze|_Ih%1v}p##u={ACd1d1R5F~ZVQJA&24dTasu96^8)aN@7 z+{6o4)~vDT3yI%n+zkQM!_}z?!*DRzyd7YLr9`Zg^nIkGx08;8Hp68s)VUwhwyPw6 z>5U$-eySL3V@OXaW6_+PEs=OSwPvuCz@N8vgF)c#fUUT9{^{*1m3#N5m-Wp;DqjDK z)bQU^iHqGhKbr^l?%&Ulp$qJ!8qlrB7l|1yxfxMop2Sc0@e-^c4E+8c3Vd@1dCXfN zFoMfK4@eCZU&3RAqYmL*60iZf-08*zawxqlCJM4*F>i4uZKS!0bJ2ZK%_#YG?saDP zKA?QA3?_kmPTb9{eqx=CnYjuK1NWu?w*%`85ulg@VHIBj9BF{rXB=*>bF{0~GxOr( z{iQ&VJs=F>fXfdIIsg~pWW4gh#?XgrpPzni1pU76e%8VrIF1y-ean`iL+B1^AIHK9 zZO|(hqcW<}a$;a>c4)jwrUx!fV8L*5G-nUSJ;1(BMu;m6%DWt5fWZhVoh48>o&$NB zHbKVJ6s)XhGJF{o0`HFSy~tnY7hgX-Wau0!n6l1f$lT5RvBTCnV^}uGK(1P~N#)8k z`|`)ANi1x+iDD%L6Byvf;CKM`)&35acL?9)Qwtw0XOVQ@*4VWctCloKLM=RzPT!>W zD0o^~MyMtTb|_~X6>wQy&uaJTAIZNSyh}$H1QPdmSW(OZK7s+{pk#zIb{70D|AIx( zo6;{|zuK_i?@I5w_`d<^?f#UmJuvWr7A~bS>?_KHm6?mbAjf^ZSF6WK;O@k*#@N%& zlgBvRN0STB6Ro{JutuaWfwvsE_FN#C+M=R{dV1KLwdv$VI|^|OZF{o|Uh=gxmeLWL z)$&7Di6L4T8LxP1-jgyKbn{F=Cr&WfDmvy=V9-K3isG%Eqw70)Vp3Q$_qP7EqfNF#Gmif3nf!-kiz5YG zVT6St(}Tuee)?O)QO)cJWNI_eD8SMK9xNQ*4o5O?AFIh3+tv!=u9@7Src02)#=*%E zbX*4O3qWQojYn-GutzF8l&p@olsG+F%r+Dehy+m9@AHu zMsT|UcfzJ}I0-khC|}q^dP>8d?%i>Ok~lNC_X0y66tJ625H7%ajgm4AVbD_6((?6L ztz04ya6z+JWDVYGLLY{6R4lV<9O*-_%4Soeh5bybW2(i8P;HVQ50i{7a`dM zreAuEG(&r!Tj`ai66(DFg#V98(p1JivYMRyZIiQzevV(yX9J>s)ECVts3#Y4x3-@n ztKH*GdFuLus-9Hs?vVDKPoYuvG={^*@c#a@;?S${At9DoKN}&1vs%xO{VtC|J_Qo9 zi^1IU!N11~qZNea$SU)|Ap_Z+5F9c-`OIf2gal*`jbc<(vf}~QZ#e5~6875FGbYLQ z!3Zj(B+c5kOjg5a{co~NYMTWCp(MRTvcySlWL|Pg%0mcWxWYRyW3sD%TMF*Y2(iwU z(dfmaFdSG`4dWIy;E45h5(pfPon&{y6XRtE7IE;Lp4o;PgB|6?Z0_F-V^VngHcmB^ z8D@bM*{vF^PXaKp$N4v7byFbX@Eat7{}G0O`Q+uHYHS(W#W z<&7c@>|619{`y=3>YTK+G=$g(n8(WmdoPpx%5gI#h`T5SLOYgI41aPQ+SAMcQrC>CfKH{BJ<$%_n25PWyYLRU+%qs zJz?BSR{ZXOfm=IfOIw5vf$Wo~@vW?~0dMP70TkJ7$r{0&k8{Mqv*9Y0bgm%?deIeQ6DL5jBGd zOASuvU8Q(t`yFDuQaHlw=a`9H_01L82NQOyO&61_1sF2vMb>mRdrul&3BEg|G2Az7 z+T6Y=ut!Wq9yvplsiPtx11BKr>49A5Jc;5muN%c}r3If~|XkPt(vNs=u|ma$8UBzr=LQkEoSUqiBmNZFEvY$=jGNfMIEld_a(ku9?KUeoXV z&UxSS_Sf^A7Bk=PXSwg|zLs;3pvu|KO%q`j^tP9D8JOlGA`Z^?EyG%3^a7bM-(U1E zi%B13euqD0M7g%~_h-PV^MYon^AkFIJy{afLv3H#Z__@~uAizi|9*q=(b=;_^JW+_ z_We9}sI%JJCTjZqi(HD#(U8bn@=m~Ke;*?;`fv;DD0rBVh?dkxkP z4_wMx&K%=m56%iTr6MT}ez^X(XpSNb+J|7wuLVQ_8tVU;TkW|B1^uo_y<8ZdZyXzP_#Fy*i&PDwddJCD%4 zhtEl*ut&8Nny?!QA|cUUrh9s54L?plpYA(!`VkuHWD){+GVWCNOWM95wg_$Byy#yK z`>?|WFs*siYw#TArPktmZywgo>oM3Cw&Mar2sPih zebm#sh)zR0uLr_Ccf~6t_?p9z%(F&F+=KqsRoY-r`9|l+S>*k9=eFbsksv~S%Uf|+Y1 zNQ4{&u>A{fduHQdHaxosszIV&V>!JSJkRmLm2O6!g8w!x+c5L@zN z&Ywxjy$kwlY^$xmIz9C!qwxoi4>C78HD2#pa8DA?F-b6vx4RBr0E+Dzp=+CzxvvC_ zf8qDEcMP15`d==91>a+(?0Kw&(>D0&m~q1FUNX7;-%vYyt!A@ix`BorNrP&Wswa+c z1(7-)SO@2Y{*G+5PrT#8pJU`QG=h{u*b61V?B0ue{DS{8kHOCK+qWH;-KZ^14;VzQ3No*@M#=117QJ%GvwgFq zJG?njYr}&a?jlg3x-SfMzxcUGbmLVkwdg!;TA9&T?6jxo-+xZF23}c^^ia*-&ld}e zjE2F|-fwzI@MMMF5sHjXCps06%ThXpF|8vrGc&N~c=YHIvW>C4mRBL;g=WR&^y!R@ zjQ<7);X?zrrr_Jh26zmo?!s0ZE>RGD+Da1$2Vu$#1uw3T_Sqe8*g_Hfgz6OzIevA4 zwzkgf|paSYI%RG?75L2zFGzEA*!zFI0A^T3J}Y zLKOn>5UMRy)-b*RAttSZUi`avZNtJyEN*Z=KP)NK3(ucFhaEHWpf3~-Y2wi#XZP#a z7`;CZIpjK^b#`$00wFJKAn?yY@P|W`M;k_O^}e&)vbq?5@kMK)$F-IMy);mE-@ckh zkN&i&t;vuGMm$)X5Nmn=c)P375q`spLWZ}Lv1Q;r&U98k(r)NTSwrWjCu}CrWVtKd z?0$;Wiu`;>eCNu_quY|pCE>zc_V_WoSf$&iC!kH37F~eAN}Ri-xR?;p3~?yVHn>Z< zo;xSS!!8;g+BAf>fDei$G>ImAdg&mGlNJx9u?*U5NYxPYX;ZpU^r`ffPN(JZy!dL% z7I-tjcUE=ZzL3}Y;z`iR!FCJI>ST`XI2I%kA`T~)Q>R#^)#KabU`VB;1Z(#7MSZB* zPSpF?R8&C6NT<7jJwoBeS;UVQ6zCT9i5yTbxM0x2n3rj0_Upd`sZldd`kd~l# z8lComZv@s1f*ko`=?%Qm)?}@G*&YlldNj#c8Ti;O!_p7P+DFg>Kw&QWX5V`}O1uyd zZMw!7GhewX!1x^s5$w{JDPcFDy@xT*+|t~cn};t#p$*t++!gjCC#-Fgf+Rt zPZypi3F7JP4%SldAbcF4_R3HFfFldu0tyYf(YumEWq1TDi|65FEiVA#P0KLyE#TgQ zC8MAJdh!oyVzgB=i!1mms21S#5Y`mDjus~aBWY#WVuXh1=by$Og2~kQc;kAell%CI zks6{=EjcCk?mkda+S#e+8?VAKAA!iM1yIr=xc02V2R!5WHY;mu|J9`` zcz~S7Q4Ap<+(^$kJKOTZU_w$-5-AACB97C+MTScl&VO(xg8vqt9*{QpYKwEL6Q&ne zK%u*_*A4cO$Gk*C$pGA7HVitJPTnRVp`Q~I`4o1RZ?9fm)yRQ}R(R7U`rWi_a7cm& zVW7{)#|LX+n7_b;t=t^270xB7)z6(i-5j+O>*YkyDw<7}yKw1fw#wGudD#B+{NBC9 zSDqVDZ@`Z9YS-A9XH8Cy==D8DzA}xUrzPCItBn~?o%w&x(u{zH`7N!dYHnm9w%ofG zkO`6~@O>Z+RTT2BvBtUL&iF}k_`PPTBT_7+(imrUXi)wUf{hDtC)hLu)**zq*9(ym z32$Or#aIrJPriqB3?#|HFU=`D*hKJvMQQNc-rOOWvhE{{^dMJ11NE#9B&A^_(0t&| zg#Sc~x-FTlyOBzkR#7?B`@pnlbaoMV6yPF6@t}|}=%=$sg@S8%Y8^%M-_0i+uS?-U zhzFtvy=zhb(C#}EFoYBLo4k!cicor1)V)6>&OM;%igbNJ;CF}`e@NS;bVtV-9|^oQ71F;W~f-xMA{xbS^$iyvO3-K&eM zYg%GW6|iI{hj%AsUOP9HhGz<2B}5@-iv#DtvxWVFnHlt{w~Y&>Wjl^>L~t;Q?|yDM z5Bmgsxll4(B6vK5g8o7Y{`PbgFa@NPB)2Ds`@-?u-@n+nFnH7YQGaY)yn4u9tfg2@ ze#6e>%NKFnZ?k{ka_i`*Ey*Vsr!)Qqf^tA$@xm$yVK7${ClQcHkM?NjAQPWebE9>`M?l%1+zwL+TweHVj~^=q zKMC=!gBk0?hq!=4zC)FZbz)O0A}DyYs1Js*A|hQcUpDSz?@kVRakkt%nSs+`WU8icYAd{*Uv zC3ztZ&DT%##2HTNmY8DmFv0=501R=+rm+Y3BM}86egIH)|HQn%YN=@vZ0h+VVF!<5 z0KY^D&Cc>L4MxzZik0?8BolCosDg$Fqfr75tkFNqC@4@48f?Sai*K8v4@EYPBX>nS zb2$DKAmuaId* zA79(-W?SU`YR~eI4^~YU;b?4>l$FCbY!r@%WhUV;KV!wzMM*8IGfn?jt(ejGv%#?} zVeRVeTCKj#k{X2JV~QQABESEfQq%E&*bGl}@;P+pt_r>KDr#!ry+VvT5G?0t=bxH; z7l&Y>$r5~Iu~E_u6yW?b@gFjT_-GMpJZ5w}>s}6L+mc1`_u(Fn>IjZ)Fm?g108@q> zBOjQ5MMknbrGIx#-x2O+z2C0rAU9&9&I9SkKl@kZKZ z+_*tA>WHxjCxyj!}eM!NEZzrwp|R3~6Q4UBPrl0dVOOjHBSI z975f-Q2=KoN-9)ua3RIvgi4EUHpC_bHbyr5CIULjugz@d>a{SK!YPVJ{#VPPLM9eZMGaRrA8T|boea6AF` zc5sr_M*NjObEeUw5AesohzyKE6ZmIfo9tIpLp&Znm?7yYuq~uwkhcqxoP3pU;rm!~ zN^Dru=>7ft`DGJ{RUq#OZa``SvL{eHgDFlW!}mF8Wnp@F*bYDfK9626;2E4K7M7L> z^vQLxEHr`tNObGS=?N23@%ZFq!=*p>t))1b7=o61v#=OJ?R_>ji>EdGp+?drIFdf= z(6(gsvWR)YFZPHLfYP`mae3iBw7YID>5b#C#~I-^r)1M{nokD(U4~yL7Wvz^Z&3@m zD=Oo<+rPg<`X#&$+nzlmAui4h)d(zxQ4o68_@iKjYZBh**zEA(TYBQSK~bX7jXb@n zoT87oDrDyE(L8dkYYcAO$Q`1Y<8O$5nx`8NqfVr_G&P0bt{U><50ljO3~&34w<8>X z5dbMn46ci}+e$ACH8G}jz<%ijqQnIEo})W@qwVvBix&rL&g&NRqGv}TxZp)+prne-Yc*+ux7lfZhBH-W$HGf`S5|58_^6D`LBdEq6`s(d_iRyn_80 z`9fM%P*pUkYr`c3E!?4Py}*r&%t~QEsFx(f&tHvqtdoa?K_7%I;VxfWQ>D8`4FK{_ zE3nR-k>e-AEeA&)tcze+h3W$aQ*<6|p=692-H&4p;&A&gARM zkEGHdq(_Dxw#U04E*UVX00;zc<20$`_WVv*gLudIPFMoC@$z~acTx}DHj(&P?U7eo zE68Ju8{?L;Z_?ocv{r0&=m6$n+JN1opFe{N7p=zjH8Fw)g$H4@HxHxsKqSjc4!Swi zw~FDx`{|d`^z+e0V^vN~!D?IM3UhZ6t+B)c#Ad4Ohe-xDEiEA7=j0^k`t@;FuE4=5 zl;shsCW(}8KBn!XJm*zEJ9e(Uc$QlE_!wic{Gpb_m+(Nb-XtK9)b3!uFI;iA{?Y&c zh#d@hS^s0($jWHL=h20DuB?bdT;iY6H{l5)22CObrd>6Kh0)^eaLR+Xd|C&r-pVy7 zBbNaq12e@L@bMfh4vh*;(9DwP1UaJADWp>lkw2+-GbsZo`_G=;n%oZWMJ!l^*dZTe z1v?WjR6$lYblSqF)VL5|36|REC$qH)#w7$%iVa|&>N#6!3W$yw< zeATT}R>eYufc0!p&ewkb zK`cvz1qB(W2%=0p&$k=i!U#4jj4`Z<&Ro2M%Tk-*QuQC65`xAMFjqY?y9ifV^kQ%j zLW!Bi|9o_Wer4j%GVl-N-MRSL+cS{02Slh+eDWgHU3M2Q0;PfDCNv)>PKXegkZFYd z1K)Ib7^5g5X<)x04~d5zE1CW+EGHeREKyS6%oa<8{XElolqXqTQJF4ciG*&ep+o(J%fD<=mF=7H5xHdq-8Q%(&roR;EO%N!|c_8 z3KZ@z7!~7DAa!9Q`xES~^73IXC8VwZ@1XBx@_3EP-QArooh7ICesM8YIhy~$`T)Ue z^tiO&oSvfvjo^*ot)tdRb;Lk%Nct;|LmU?j=c;T<4GVe^VfV4Wf0M8<938uVD+`w* zp#fJvespWnMt+46?;~iH%gyoc!GD~IoftxG9Cp{se+@?_H1GMwaQB4IUS@6P&71U- z<~c?g)=JWXH%NMv6t@~Wbr2gDNw$Q}##EHo{ztzAXNj@n5v-{aS z>tKt6x~OKuEYNR13f+T)-wj%7-e^pqK*tJ zx!2lWDP@@mh-W!R3Z7(te@&%yaoxFu{l?XMhc;-%w}mm9E-f#Y^X*z;+Tb!>E~PYC zA${Gd=LK(sdghu@Ku|=g#$4W~zKBmtn*Q@Erd;Qxboo6FbJcGSdln^P-FFoR7Aue4 ze7B{p4!@{qsH&?rU#$IP^$(y7+EaA>*WlbAkd5jURST*rY!jTsq;bp6t0BLwN#Ptjf`_t(gvoKa zp8R_nGlCz25TqxHJDy!|5^YP5vvWoy&w=W@Mu&}r-~5=9>~NAzcUPowc--B|e6c9w zp4xkebAt^+HoIp;39ewZQrCMQu_aGbgYWfub*XLH)iaC!X!$>U09wcXJk+uTGe9h) zfyeW14HVuQE(()R5l6+^X zEGZJon@*XJ9RBXJWjzByQET&m8w0V1;7-3OQbr(-A%qO9TQMJehGvR2cq;YC;?b^Iv1C4^(#jD^4Se zIQrXi*l`}0;jM`DL<}>yqXC@$Q=kEJ8XB@aeth!)E*NYqRPCBMM)Csdqgvqqm%W|t zaXUE(hbLrhT4G>P0J1z?rNmEsEq_*;pKL4g9Zp(5U}*KM`w70)=_(Xwfej+Jtn2g{ z=~?S+a0e6WxW2D{<$|0C%rb#I5txv#=kG5xqsqlZA6=6T_90q;Y}p*sBK&ar8XcMq zH?=FT=Ppe8Zrgyr0rHS=eEij`fk?nIe?b3RC0p=wGm3tcU`wlOu$L@8i&2Lxj!6vj z;WsyQIO7g_0Z|}io?r^mDMVZg4mQ=K zJ~E;>SSY0E5C8UawFuUhNWt_l#|YpsE=BDl13h6Pn0EU_R3#wZ`_FsB)$z!TQ~t1XfH&XAK)0+0?F---QXuAJd_cR z|J-zWnfp*LUXy7NnsO5f-Z&k*!yyNlWTgPx>ri+?Yk{q}o4x}lNSc3UQCT`j^!RNm znUbPEluOS9FbHRL=Z(FnSl-7~3e|14PRd}K;I#88G#Xa0t`+W21%gH+m*hX2d4s|N%c=lI#>^WP_S?D7xQR>kBfjV~jZrZZpfQp>*297Lh zYwgI|_ozny@P^P!a!L(yQKwAPYL=`>tk2i@95(TtWQw}AGNC6Q__bDv`fn<;dZD;k zuA!s+^Zpte4$n`X`*a5O_gAp^wQ7>umhIlXSZzNcdvR#TmHk%3v3J?yO6anuy%;w( z%$k&r94z8gq=AvEhH+F!ogGIG?b=GB|63k(ej(NNz{96vsZ{ZUWWJ5*Tg|mdghVDW z{z%dHV(O&J`J|)vTnETWy00%g>POfYKIN9rbq>8vY7sM85e(|#v_)snC$b%b&6XBT z(hE4j(n%D-|F_@u`YOOKxs`Fsqj~?!&LgR*9S*Vyh5+6d$HxiA zujPoJ=loQJ4N?8KzU7!)1v(zC{9(d7zHI}M1@xfsWZk?Y@V7T+!2mI@hmM8*JxFT7 zlg#c+PO_J6fVoXIkeZNj?J*_UcsaP=V@&TU+cQ?Z-)JgO`=iydFMsgp(Fufm`4sxd zMJldaN8ShsgnE#kpFy5aQ?E>=Nbhp^PQG`X{>*QrA8;M&rGfC))(#e_chGR0cXw}$ z=uoFKfgCiOY47^IMcmn`C`H>o(|_HWqCc&``NNaJR5(rtzUja!q|fh&fm1I^SDm~> zM~f=U02n^PeypZu5mO-#gkXs8K+w#PXrG|Ao)G7_+~vh)3xq$@TN~#a51-&-5>4x1 zW>5#Y@f1-v?}be+IKT@}u!2cyzmLkNjh9(>YZ3=C41vM@r}^IZ@g1)?hu zO}Jw48}G2a>3)wXjK{gz+CB9{TlL1AVKP-P<-l7WZTc#q-LaT5o9&~&C&nF(EZ+Cu zyqbq_GvX|EmJemvO_X{f6{U4v{t&z#F=Yv}rfVGatN~9JypaB?1qf=X5@DJRU zoSu;Z$KQ}s&574diz2K~xmx@{b_S|D%!C)@gO4II8t$=J0@<(V_x|xwUN8tfLsy64 ze7QM{A~$pBN~8dKB#0uVUO(TnCbMOjOkfCmGgO!@f$0O<8M$;~=7DexQ5Y1AZB@82 zaY}7@lS2Z!^#8&C@URBhLVu*6*`FZNoE`8t>GA4($rcTQj&8X*lgyc^`)HekE#lXe zcz$@`$9m9R@u54zi&ppk*)~sW;>N!#CCjJ10_+{`P*tcB&^SChg zvdXWR&4bSzlT4=$u)Sj2^zO*{9s~bVty+zq9QW%hAB?Z4%dYK`5J}jO*(-bh(pWv$ zvCb<42VzDuO}WSNL#Eh8ybTq(bHCQ%So)h-PT+D~bn7GkwA#IPERK3vT`M|UU$T9R zx$uD`@uq7=h2|P}^~%6j;1||TVA4+Du@d8wkd^EpbEo*YM%z6X(jXq>V|%DaV%AEO zjJIVMw_?~n_h|L;`UBdeeufa~@ek^ELg>|yUuKN=GT5m_9d7I%NA;=KlMbd(X6nV%S+Jr1?4^6}|v+ zfYCa9q?alIo#ie^n$XOf^Hxl2#dJaR4POKI2NDAJkPDh@NgE`%G?3FQm8SW-&O~A} zl4LihZnLT18 zF^vrKpU!T%(J^W(XYKLz<;PBq5k)cs4)Jk8-a{=FuBus4D?a>lEdJ{=h#T+N`!Y>Q z(HTz_;QQNloO`r^2^QWU%wyNw`sQ7WnP9m&j#4_~lQVAko0bvVHCea3$nC1m99Z2a zB|a|KsFGdEKFILnxrqcyfd}xRt*99Jvy21gKoaIhGabW@Qbu3O44B?ciLU?cA4&$l zMo-G*L9Lcp&o?g|a-~`psS$>eT%FQDi$XGokY@+?$C-q%UmB_vZhO?WwE4gFz^*8ylnH*`OEb=^H7!XA<-NES99|ijLJzl#8 z7|X*L8t5x{!9D`|i6UW&RA)2z>C>wUS2F4S;2;PmV6k8BOrb z&~Jj`cVJ)6K2U~?3%|^JN7{`{SAUpbxv#Y5pV#yL?b|z;k5`3Ul0DQb5C?w24D4f2htZzI=W{t>5h@*i8q z{Tf5o7Vc==2xS6_!ewsE1*hlLWbWFHzn6Z`#X7m=1y!xS`7ASk1I}IkiZVGg9RG-y z$OngWdyBrUtu3AAgTA_TwHu|SdZK+;)34R$w5qk$bDaA;QsXx9dVsU(@6%muR!&Fk z-1*K=)LgW`h|sa%vHQk_FfaDj<=ri&c#pyQJKx2~dqY=;85*;CoDqZ#nhdS%*E_Q5 zl?9U@IViwb-<0~&xFFn+{CMRV=S7Ci>T~{ID z9rc(T!F+DRy>%@YZVhCa8LWTlJ6!yIvc%_bt7}9%-&6yC{%C64CB{d&YiHKey1wH7 zJ}F#Tn;*wmLNszKT6a?Gc2bsu-tVjrZlSxRFWdXbYbb}CCw<|PZ2#Le>J%-;A7dA* zy)DXzC~CVSRrI;o!EED1CwBi_t?U{@Te@ae+m z4AB=F>lfIcSmqnU^E>#b(4}G2Fmte+P+h-=+?T-}8@!xiha> zg9QGBZ+at)+K9wmvu+1WTJ6g;irIM~_^DFtqB8qkpi3u_T8 z`X#lGa7Tk|i;z>qXn^q)r!!lbwMvw_Us6KfvhkUTwwdnO`oqrVsi<*+B~hkUS$=%~ z{&ISW5hJk$*SF%9kPGujis+LvFv?S@kqf#lg^2 zckf2g*7)W=^YZGpKW0}(*gb`Ogu_XcIz-cDrn#aGl&41{EP7N-qV}j_I{5&6^Z`Qy zhs`cUw+iVDNlRC^ZDGL&AT>B6%F5R|MuXqQYULVis{{!N@(-}Az&a0Fhzg?H6#+yD zg=9FXvC61Cc*yJlx~6-jr6K|Xr(sEYUUtD;H48J-64RY6Yzz0D&i4rWi-An2C$&*_&#&H0a+SDc5`Hw;Uf^}SmRG?{lAV7*M}6#~?w)0vViO5)EAjhSx<-+rik>Py*2#`7sw5$& z^XKKhRE6C@sY)IkLcrWKV0i?i@ZUl$G{owD#ka$g|4q)k7Jpf8*!0Su znEG(VlOi{>Hq~^nnCRHn_}`7`zilpwW*D*?a5cWqEdfLXZW+eS(Q#xU!fa?nW-RaO z6l;AE_fRZKUd%i&{DMpihdb`A-16={Z#~_{u{T>nEpqaU=ke%SY03)oz_vfcT6->InIO@t`%A7zcl%nftmyn= z3cr`SSF5kR->Tecg*v0WtC04O4VIJ>(QL&_Oh4zI&9W91ZhtLlL0)7|GL+qF@^TCg zmp;l`1h%IMmmT!@%88oS^n?!@U)Ex>cfO-nu{B9@^|;gmt=Q?Pz`%3Z9ZL~+T95M= z&wUB6^pfP$4df58hBaYa65j^qNpM!gtKGkAZt!{CN^H{JH$6aiURdi7S~fKCG+GnJ z8YQhoYx}8Y(OM(p<6tQQqs69z0!U9B962xtm4%}SKzY`;U%p;3ypLGV<-V8f_F6tJ zhx+T%;A7FJvy?{?xQIHPGzmD!z#8#V5>4ZXv?N8H(9C32;X3v3Yki&lyKqIT9lySA z(0?^H3obD*U`zqf%>+TB6wLAi5IGK~Zq7}SO#;Zg`Un zYFVTn2rBP>fQhD`kE7u6$6pZ<%N}Rtf?C~U_SirfmR|UQF68okd_hU zw_hC)OzgI5S>W}EV3JA$vjb#=d}FrzR1VGO^~_sYS;a^MT=X{0rY5$`9YjGZRsRvs zKT|IRH6Qpq$dxt6oF6LLupxP@^#i1h|hxuJaIb6Pzd<*>v*`4vhd&8tiMmn%jum3 zMqGuj&t?WBfHQUnkUhqt)<+1g)_NQ#a22EP1VOxl>z;`OaEZ!(aDDYSvobS*2{3L= zZTk#6ZO{k+;H@oB2FLW@YQ}gx+t;$Y%ZYDUvIkH>SMzev^(` zI2s6qN?;~dQNhqY+P%1NQHmIIv2`d7W9Tnm9B?pR;kj&C_Ae-ebhZqTDm?OqU2JWs zC8lPR&uZRpwT@C1;fOktei%%2%aZ%0rF;2_yp?Q6F4Q+qZ0BXnQtWyj8QZsthAGFC zcs@z9W9zG|pPu`c-EMB1QVOvWK1V;*>wXO11H%S@f^j-q_+n*vVn0OG`rI|IsjI3f zdZ*Tx@=WDT;rd6kzD?~emk=G#3V)jKi<<(~7e@~1x2omL76g|`X=m01@Aq&IGM9t90?6IHhJ2T}1Pey2dJ*?tz%y!(WW9p`A!@q;-MmaHlN0M@?;cKnvU9zrR zT#_0L427-APYbx)HDoPpkryDgynp-{usnYjDvqRLlFub~_o)K4Rh%5Vq@?graqInB%NgO} zx~WT%e$bZrPBm;lxZkElD%d}YiWprCMt6<)YUdl{l!|KM;)nwELVC_bqVN6t>n+3A z)6)TIAaMx9CY^|)YwVmM29CrQEL_szV-hLB%tI3!{`8p-rC2FQmGT{%82I8@V_e8I zFOtU4;>j;_S3+4NOqG{z>qZqj3x%w%^Fhpx&nowj7(+{aGBN*icy32uT`2c_o|v6Kv72+g48(kDin6e$jZd;9rUe z;$I>2KvLYBcki}@W3-6zv%3#Sq99n}TBeen&zu20lj*xsi!^p(LGJN?BC%kV z{daeAyFYd*W)5CX6W+`J#1iF}CFHKhNZF{ZUAG|V#aU=_S~eZC&W6RWAQd98^l;Lb z>FH_YhoPRr6tUAO?7>NNPN42^M4j~W%edoWtFm9{Dh7SfVIVH?`Lp?nYPNe~H_V7C z*2B`aH9LLW8Klh#p}}127G>Gu0G*!m)Ys(h*bxKz^Ea>mCja1~3u^*!&cpyxENENM z*?`oRlS4mb;w%Z~go(x7aE#G{5AF0O@KWS_zG7N}LA7`7U`&^16mR`qBML(MFf;{Q zv(^6kP8DRQ;Mh=6K{zIs_-{Xz=jIz64@;?&zIh2uS-3w}-00YPsrQ?FRu@>aXnWH( zVc`jxR8DpPnnSQS2;Fkh<8^lp;#=Lt_nNZ&w>PT`n&_gwjKc*vM*yOai&J=FFeH^D z&VrzVTGt>0#Mq`-dLpyNiO_TgQacz{NO#HVV*Nhl{^q~;?-dadg7U4+Nir&Mo%X$P zIqRaS#ewy59yV{{FUje!lTIB7o*Y)9kIB8F^BJ5Hq^*QRUClp!FFt6>SM$QDulM1c ziBTDr2UxW%VRjf-i#a)GfZb7sS15VkM55+c$O|u@UvlLq0?tI(e!edvam(W0yiYCR z*vV^sQn8~(q^X-v?u92WWR+cvs1hoU=w3W8d7o4FnECdf-`okzBR{=9ediziE>Y8a zG{Wk>6q{0m#d2ztS;rc!YFk#bmlV@u=n>Cli;U+_bvUS;Ya+HzTReMHk_}#ns$rMNWZ*&UJ_1imqnt&TmGC> zGxp~bMarS*cvVr+8Px4N%|anT2T@Ylcg6v^Ft*aRkHto)F2ok9smSxA;d>P@X98`d z*X6x6_^W!$klUE2?%^jQ(Fp0m-@FhR(SZLg+fH9^14_!NQ`^gAdlu6TB~m~iH{!vp z@I~r|whc@qczR0pv5j+7H%k8v)n*teacgXOHVf>OMJ0n)C57mr6sK4_!VWimtIEn{094 z-xYGcLJE~MfDqkm?Hl0KgkjcC{Lxxu$|Z2OK>xUIYW+n(RGf$Xg3?VY899Gp z-Ct3hQuXqB#=#GN`O-ilC6^*`qm$vqAQmuEVNCWnKCd?X@$DN{1uhkSn5YN!gBl2q-Pn+ZW2+U3p6UBt z)1u8HB5F!Xo=P{-r?di~(*P3&-v~oRWMYBKx))5LP;p>}Y-jX?KLCyaYDK<{yyV9+ zCdZ}HaDJokiajkuOzs*36fADuayCx!$MHzJ>?oKyfKL7S^GPEan-eFX1)}leU0k?g zTTzOE4~J<*)~#Ew9Ap7rXLXep7t=YhAL+s%(aVb#)8t=osJ6(SedOVoOFSJF*~i^s>HCke8LSTuxO%TQq%$QYpbernKn;zNE8e{x*q{9CK3iO{!gV ze-4wvwZvRpT@e@*nJjlj2A?BZ3!E{$qNh8lDH)w#K{dpUh!+GQlf_p|a+@wR%0b09 zGGb3A1-}Ek1#=86Z{UBD!7URn_uL(4m5sD(Gz>iml!i7QNrC&eA}8H2SMEzS6-3UV zQTXryf-W+JNVoG-gha{%eHA`jpY8lUeCsz)@y;x`nm% z6)iE#lDDo309`3Oz?yLBLCvI*(+$242FY4tz8l3BZ?f!dsjpKq-1x3>bHKp?%8|qE z6hvIFS&Z=ZNj#PF*}c*eY%*<`lPXF=+u*SdaaYqz3jJcRIB|h4YY0Tx0w@^xw>L% z_$o8aV_}{_dTfjAzk%d&0d@)m(QgkHhB^0ac08J&lpyZ&bnqB^sK{Y<$`+bS zMk=Eih0bIJ8v?iy3WvzeiI_Die>E-Q4Grq?)r!ug0DG0@$HO$D6qlAp4Qy<+Kayhv z56D2A%4_T*-!^EgC+MURdjs}i*W zPB>O4NPgy)%-HbTyTpiwLp#H}pUnn+kk@{zScS%I1gxcSMHNNhrA=@D7j z*tOF<0fcIlHCbJ?*7va=%_YJ3g$swlHaw@MVATQQX2H@%DDP0xSfoNVwQvD+S~TEb ztHIU*1T}>lIO+RNGrJ326pq%)efI-%OER-@p_j8WMIbIo+}F#C=|5%+KEx8i3HgN9ARoxg!Rk8!e<1bYdvPfN^L*;|l>gLl#_+ zgAnyb5XDfTyBm~rcd&mUKp-6{#GUIPy9ox#f0hsCbCcC^5!7G$BlT8YK_E^f;5U~# zDQKZZ1jN?)`T3#Q3rZj31ozSimVB`rqM72`z%hXUMoy>y;`YZW?G7wqIY5<1h(o#7 zQhRT78ucxhbxSGTyPEARY8YNc!s({jKK?;el0I zisp(WwPI$?7Yn4o&L2^UG-UYjL99WcbliWo(t1g^|B-fqc~A#F*K13qou9UV;0-Cq z5CS364&p4-o{I9hE=cyPki=l4NwdQ7qd{XCB_{NVHxx%80J|#ue1U=WnKMNiIY{t* zTJssv<=7-xt7z3%1Jw{YN7Dr7BF_GG5N`HIA5`SzPCokJk*W>w157Ac+2*s`47L}a zE6fPk%_67=u=CvyJU?ahZSQ`R4@itWEo@Anw>c%rhuly4#s8qId3*r;10jyE#}5t{ zAl2$mMgLD+CrwRF5P87v=5WDhzmrdV@pz@uen8#i?&LoDf>%)`^pVJBT4JiRlhaqE z>jEwL@{UUbJ#QM5aiq}R-3z?o zA~K_2jxQ+iOS)$=8b86^>!i7oes>^U^bO-3!EC{kb(csoQKv9d1W_qki;e=*DBQ3s zoDu~)!)0x&H%)n2YpjSGiLdPRvRN;Zvban#Y|-Ajc3P#3*24dFY~g^IhsrNooPOwVce>Y1|$NnsH{*-hP>GbBS+#VylJy`UvS2l*U46NV#j^PS) z#eW%}af`=q)q5V)d6FyMmYM0Gk+SNE#u?}G;PJgvGgrul(r(Rn8@VM9aNpHRoq1v` zJk4Y*I!GyqEE%!eaQwwsW{&Ygamli+^b%rES5yuNt>{f#gpyGwglo`pgQ38@@b*HY z9ul}9g#w=vt8mhv-DhehSPG{SwEHJcaQ24j=Rdyi<860$Lcc3ysliv9?sV9fV~ih6 z#H3D~8xuP=aXwuF{gz@Fgh=w4W%79@)*{dr!uwt?{F9L$V3phTe(LU~>!v%9(aUtBNP!N)VB1l!86uB*Y;Dv! zSJ@AVFc>uM`#=Qk?j|KfLe32;J*d98S|~iq!fx*FMtMC{CZzwIptqb9CtbX+M<6TgigByr(;nyn(x9I!q|Z?7Khs1U1qE@Y)qkGJCkG8w--?E zH8f2#NpV+2bmiL?&UUXE+9 zIDi@p$Nc9jcC>>Wr8)b7i!BHPXD#@f)G-Rqwsn$#kTQtr&>j<6?CN%s z2v|~XZo3`g3Mlxy1CKB4ym{D4lFwY}8X9tfj(eWtvWF&N?#~|#_)*0x z+)!7KaO}rB0N4XR0(fJ03gm@^wu+A;l6N&tBIxC_`gs``7c93m4 z!c=XKoj*MU_XtoT$hOYKsBotk%SM1kpw*$-Jam8hg!1d8ngVug>GJ;T|uiqPK0rW$1r0E?0^FaHFCpHKziaxt29cfjE9n5gvX+khjT^}Ac{Z5BTOu3?J) zF-bo4hXBy(QFx^2L*UFDrryYRASpaqI>8QT6=Z;5DDtp#F%8f8iKzPHFx1i21$L*A zL-+A)={qPSpbR9NFlTw@%)B`v$p`K@3VmFKLe5Rn;TosqGeAydk1)kAGc$aLruHYk zvrbT!;~}~)0@v2bOTT`dUr0!caMsmTa@Q_+V}z50?9gGtRwS(hi~l(@b-o8>6&8=; zF$f&+DWOYrKTIoUa@!MfY@nOWdX#y+|@FO(b!YXbWg&DcG@?M-`5Q7f2iW(WIDVXYSb+a}84Khbtj9NpCwx2?H2ZZuQ*5|K4jP|n zC7nFr_SImLX2m9qr7ZpL2>;2R;A=^+Av2c*@d~0CywDFHicBQz)FEYn%K|hJqBgAj zYG`b*lYK54)s-5EbK}**l_0P|4R_SfA?VrwVS4gi&3lkyF=U1Rx+yO|%^`&!sGJt>l2Xea6_KN9n2iHRz-a*L~` z=VkD3ZVy7*G5oZFUTFN3sGL&i z@2A%`Y&fR%XDG?+4X2gDuTJxfvd5Xk?L`I`(sL%NLyz+AF**_)^U7$N;?K3EnU{C& zZHD@!^Yr&v^3)5*Ia9R_4T;MW1EC(hu?4)}eTOyopq1Ogt5U|S#@0<-1#?Gg7&Y_l%z}0K29BzDUzgZta?YXuk&op-?cUVMaO7yM3M{JKe`j`Ms@JeKSBhZe&)8?+ zHEb3V!rebUAFUHg74UyZ0X)DCV zc(hlqa%9}0Ilb*}SdoPSKzcp|D6{wK@Co{gY6XZ5@^4Fum)P(#6LwnR%(r0)}Ut6R?5{T1; zQ&<_qtnCB_IU5`aG|exj11IY_<}W~J4(RI}#xm^=Fmj7O_wjMWtZ{P&M2*l=Q^`|{ zV_6M8(_%1sF~sD6lJWxj;~}hvs097+Zag>)6{t1_WD@nVCM1v`+0&#!WuCI>OpZYf zgMTr@a&dA3n7XnuruMhfEfDr6?%H^j7-*K2P0frROzUV(Jy3pKfN{%Q;UBf(hI*k{xBlXp(jklbAVQdC-;|Q-*S8t&M<2wCR&+9;NNv z_Ax}wGI4db?|pCL{G6UXKN&I8O1Jnj(LM92euQM0UcPzv?XQLk2WtNYT{^Y&@mb={ zRjWGN?Sx=)LU7U3W4X@yJlaR)w|=O2mR!DF?z6)-k+0$+gK9rj_8s_|>7U*%KJAmd z)vChuwCL7Eo<9Ms>OZNw=K`yp>PlGjj?9Qz)Hj^`5ghmH`*-H!#|=OFoqKu8`Pr1~ z%)Gs~=vJAigGtoh**iIM^ZH$;Ux+gTdk-lN{#;aB%`wlv{bLDNkF}H;gmh;|&Ex~$ zM)u{ro}W28VJY(Z;!nD`?Bf5-Ewha%;Z7k+8igxnra3#;J$&J~{_~4_sR|9=KOWik z?3w>?^VoEG;Y-Iy{~6YnfA@H+^m99B$Y^uQahr$kH*PuaUs+XnbT8a-_v2%^6_!I* z$0jRkDJ3;?uXvbKf0di`@96Vz{d23t;f5D;sw~!Twh@)$}jkzV+Ty z{*v+9=&FQwu(8u}um6ANYkn%_uR9yfK_dE9-FM?Xb#|-J)QyS*nfd!ARQg7wJNV8B z3X`fvFYSnTEoU?G6m_*MsdD(BzS*C{&M;4T!6mYC_`UGkvz&oK7CWz8DEp;1{vRvn zlVL+m14h=40IT^2bd91SuO1e(iN;4Pr8 zBMrF}=l+n+y)04C$ZLs(JR2}q{S@`~g!8v9@R^`09@dHhk@3-k2bXW?6aQmo2!R?G zwJ895xLl;9@Md<0v5X=i`{u<@>WtHR;uYBNNF@JMdvP~+^a@A@_X-P9Ct&AYoc#3h z)2I36)hjZ+^0>hPZXN3NM}G|55}MFcPEPeJGaVSmVUqUpVjF+Qs3*4Bc<(A4SFwK$ z4GgU7{4m3SSMitUiCg#!;*-yxuYr}EvfuA9`uLZ@FB+0^JGR<2Py?gM9?|IaI{KRMW<mp9x74dM^v$FQ@3kPjdn-uI`P^QRzwf043N(TeNO0??O%h9ET{IkclL zxTMTkhrUtz3O+V%ZhXV79-2kS!-4Fzj9dCYIVq<_dfG*w9Oe+}kkM$c-eiNxO~E^b zE*bl3cLvxAXxI5XtdS;pSL8DIj-`FdUuU_-L1;;HJ~bK4k%ZPHXFPCjJv!EB3frww-NayGcmC=$A`@nhK8k z&$nt6me2nwuE^f=(#TmUHz7=$-N#abJEr8A?1trLzf>oIa^YB8wdnAPL-Ksn(T-IL z=h*TpC3HtL3rS%`Ic8KBo}4+`MH}}b{;hnM9z^o}_lmeXdZOx?XX>qEE0wNVmG6aa z@fntw(My(|cw6M6!f3ze!#;Jcx7((MA5Hx}bnZi1)!Gy5FI5wdtqczqHl9++f5`Yi zSm47t`k}4d;+2$FBVPwfZ&eQnxW<+SJiIbC^2fe*YxWmiOTQ;&X?tE-YL;K@9a%i1 zqW$o+RgiU=VM6_!gw#SP~uFLx2&(>KC_@%!Pmb|27|KEIGjFflCkw|9;$p{A#2gBoMA{Z@`wUqx=1>3HykWwI!Gr#A z!-3>CET-|-FDa)zV6=Q37%0AfUuWm}-=Sb4ufi=GWimz{K;S^j!U==*Y-EJ7l=H9f z!}V{C?qJdZ39gr*V$hnuH2+JdO0bN1*lDvU=aFy)UHEMEVMjsk`wnw=kR{dB8lF6{ z{^!H@mx$}mref($1)lxCCW?X8e*VA-|E>Hh;kV00&4Jw0ch#R*nOqD5P6QCra@ljwp` zAL7IQ&&I8W-{@ve9GfTwJv4s@E&>7oM=LEg6}H~4s(}j*E%Fc17{LXco-SK+X)G&9 z6{niXMbe_ZKx-#5+h|rb9;~hVymPS^J$g8GuTDg-Cs&L9!Y;5WjOrs);gRj-RkDv ziu_&BUC$tuN7|&9lIz4|;3#XhiN{Oz;g)YgJoyVwb^hDF%Kz3c z?G=?#=pOnRr?hGBpS47?)$%w5fuqhM`=sq&@qxNl|qO__7)kS zKCb_L|DWr5yn0>tb-8t%^ZR{&-|y%1UZ1-?yz`$`u0OXn2-%nPP&mF|ifv!lcZHCR zdw$lWN(HgR%@Hzc`9Au$NX@c4y)WUF5!|=-Q$^~YhdpKK5_Zy>$yaoGa?TRZ0sJcq^$t1fR{6SmJpJTK6s?NEkUsA;jW`6kVM zkEV^J4t((x^&7lmDR+^}OnRy9m+rx&x!?y5*9IT3C`~_qVUfKeRW-<(TH;0#-J@!8 zv09(0Fw?ZOHQiT#s;On?ULlfq?&r9p1vmTl{0N&N8Vcpx=foVEj@1)084K#1`jhjC zdr-YgDk<`z?C*Owe*1b_{jGY`=E;&#yXN#)o@H%fT#dNC#bohizF>3NE~|r5GvAI07yUgvS6m)u4nhX>V16I`csjRk^&JSNXKfc z%Z8Y*_Re+#BO^>`1mggd#NAuiVjxB9d2@O*n53s40Mx2x^JaF61`HrXq+EJWnkCNq z?;@`ULDS~w+JpPPa3K}qA9QT3q>v4OM8vjcBqx*A!2S1iJbVbU2|EL6b6004uA5^* zZU4ylII4gdm^j+nA`YFmK~xAZC;WQUP7>bq@fAsKNSl6RxCNt;&!)fu2QqN>Gwl(P zXuv?<0k8lZ2B)T_wQ2HYVc`{|tK$IH($YeI3e-ABcN`KefITQtu)7>~=r#>Clhe(q z#jB&gaFy!8?%dXPOU-YCr^24V_8ly{L^I!2MA@qdh0{gds&Z96qu@*%C3Wz7vBmDE z#>QetT7GTie!f-ah0pWT!gf6xAAc^}b)IADToF3AZ<3(aCuP0fT7;1$tG!|+ExD=F zGcPeB1V*zJg)T`+A-~65bC|A1Y((l}dpD#WBeWA!iEpEv= zMM}q$qe+`)jNL#ib3$BVfa$%@mYHu-++N=b!WO!`UJ3kY5HOg3_Aul6pm3*Qutf2JB5$WMk>gG^lf%Bn z+oB3-G{EJ%wHT@J7@7@)>a0ib)JMcmc1_%=HiwCH&^btNi}{we`+|H+(R76G-xyBi z%H_nkH83#RX}+lSJ){I#pHU;NU3}hYHw^Re-_7|aJM5@K&#^5gk(cpZ5E>-z@~1Y z>VsH&7_f*pRDv)BxCL5Sl+|2vnB9)Z@O@|DiGZA!n!QMvL5dkaKNfJh9$!u)2CL%0 z#T=Kur>Pe(HAGGAwuUp81wPj1ycJqCf&y#R?6u2ZX570+Tnq4=6cqGTYPHWD*`=YS zm4`yUyc~g8$S2k~S}nRce2kXxJ+takwOtU!Hd?i2&>5hFDZ5c@4cqM#b{8%n&a-7C zKbb);4FxGE%;ry@=J3>mapk7v$nxsTXc=)`Uuqx_WxvV92-Gx`65vN{Y%rBLk5Y>0 zX_wL-Jocz}@pyA`axM;kkA-l*??OT3&RDB6q|J}jhj5nfkn;+hFYR?)#HAUYSKoN? z+G1w*rN4}gPk5pp&{Y0ite=VNNn3OHHR&1;jiUy41DPkYuB@Wyy08$J28 zCQkHTtnO&NpOKU`RZvlqyYGSE1{F$^fyL+at0ZlK`H=DK`QaNRfj!^STcfM*u-vmy zk*}C7;)^i))47msmw)X&7I$w?PjBn(>^BS&t&tin&`N_5X>*m8eb44UCrA*&E%Q6 zv&ZG3OH}QHi%X)XKe`ybzFz3*zwGjAr~Bti)%5dINpBk1#g`4`_w{)w?AK~6uIz1g z^TwbEG)3qwu<9WWiTcCTrKZ-(%gg%*Nu5AD4uAE^LmVyY1~_wGn^M_YsP}a5sKs(B z^tB0}8?(7r+YgDLruL!7>bSoKPYA%!T{)v4?vGH&# zV7&6fUPs+f^tS>-LAEL`)}73I}mddl)E4BFuoNL6?53i?HW|a z9&Smt%8aJu+;8J8eDQsk{8kM=$$}sDQVyBp&hJfG)^L!y2t(}s%*Og}@^;=k_tQU6 zma+Wg=eSvyIiC!vJ2sg&6naD6-^zQJYk%74MO%jJ<$1Hw0}~#3ovQr3F9KPYf^?P# zkM6&{%g3gC!G!C#y|2x2A9AmxP)vWz6$ZAi!JYB83a$woed}(F6}FE76lJETh4mgs z9Ecg>!Uay3*`*bz@w&UY3Aj$!dd&vTj%>U3*7^L{SMv_|*rDGZ=AVXR32_rLh(9AT z&o3+>yj?FsldQN#i+N_f@XzSA4ZH9V91l0Evjlgn%f*e%KiEqvSdBQ= zuy{-WLMxYs%@^sb3A9+K;jKnLfb%-h; z;=cCUbkF^Ym3wXZJF~Y~gt$o93x?Qe&s?9=C0lerN<=2gIQ3P1`}V{(2HBX!IGT_E z1k@9K`GFYXwOz)nEES7io`;Q#RG3^C7&jJ-vPWNDVn4jTNg&K#gyMhQMen@o`3lwB z(G>c!nzVudZkkBxq!b5q&Y$KlwCe|-=KWdrTAM4%@&Yq+4Oci%V@JJw$yE3`&3M7> zeR((Yv!C~{Z#2ox2%p|=GJMLQv?Z1H!A4ivBGvH$UAoKZ`{d90Q%4NU{PJIVO+L#d zUDxY~0OUwum~a;RGg&EY01goVj*b+ZiUdry0G9`)ASjI z)Kr8|ef;zZuEhZaJ>%I!K@_#3pWj0TXnp@I!BnBGt$p$&BSYdFoE83{GN)w z&}+)H@r1#m{P>iUn6&gVHdQYq1jf$de`f)lcDNL}t&AAn%3LAF_`m?E=$=SEj>AvW$E6 zt6C)V40LC%WJzKzDXeg?Ic0U6gMkTkh>iX8RQ_N;^N+3lGoU|Fj~Ez)&^$-$K^>#^ z2W4DkZFJ`~P&*kW#HYti0UE z+1VK#Hlo9kfrK>t$;msRp_qSVnWvX9g!n6?_76rht%0c8vE9IZG@ozfF~YOMfW-NA z_6Vy}N?Mwd*G|j-XaUmDDYuGEptr^^D%f;q$WW6*%x8@s$QCsFXZiQJt|z@ChhnR* zdq;kt8pyPGuye{hVipu;&?LDBt%^`$ zaDsqt-oIB{bu(%zZD6=gEvxHL##s6I7>7MWsSK&3u5?LBCIZ0?h4zoLWWRxiEV6#x zL0Z*anE4RiFRAZTR$QD{xdkH? zkQPI}TkIZ`nw+em?S{V#pxM~SNYUcBau|LI?4IZID7JWe7}E!-Ga~zaAe?7nVj>`$ z3&l8~JdjRTt{nc(4IK{hio@$VVp*FR*beR#N+{fWZI=%{hhj=*=H=2JXoKwR1mH>v zqD@YGmm8`>7dwkx+N&7|5<Ums6w6=Ssqiu@u?k4d~B;+7xXS^e4;mg&m ztgI$an=qb{5}_R<$fv6ENp2cKF1xtFt=v8m!LiXw@6L&*=nQa16lp{ZLdVX`a7b;_ z{4kd27qWv$cs=h>g)456s8-@?e2CIJS9AEQ8 z8ii^+l9oByzIi|21ojVJ{o}M}WgwsfliTsE-pCd&=PP!=C@G&6clbVrW>+g#+v+FO zlVNyxxUrF?rpv+J9?DdZqXCtWcg5MM1Rr8KtN8#e4WfR~=|hTT^2)~>X?s%(^|_(u z=BG~8FHgPl#l$IH()Wes9C~eSU?PZmukB|`(c~8pKyo{17>v0=sfaCN%XqIeHw%tO zz?9+sE-(#z{ruSj)iOfC5F)=_`@CL6Wv?UZ+4)3HYS1uZHD{mo3N=5@&dqHZbWX5N zOyr|}uM3h`FcjdocRn`0)LrB>^+i_LYX9aC@Y}E8%ht!UsHay9wgPpHrQW=|3~ujz zrK+*H#7E$xaF-EYgRQL$#y-THv!i5t>Yupy0w_+af&CCG{PU zg$xV8vF3IiZO*$r6PH8kpYa8^k8Pl*OQ4UTl>TwXGz4mhL{?OQ$&@|Qd zdte9s;yIRq>}fkIa{p&2Zct?Ku$z0}ym{WbI;jkdzurcLpYKm?c%8#Z=ZB)`OmH+M zx@icDcCrMEc0P)`;u|w_w95vL)_ay(7Tu;{eOe9YUtLa6m`u}h-Q+;pQXX6Xeu_hZ zR#9_H%a5cr$9nDgNOLD1hT7&@SvZ_y%uEZlBk-2#Y|hV0lw(>RzT06Fba-mW^GOJo zZ=2q>HVGyN-riYUgZBuuYQ=N}ERP0{f#aFvu9>fMA2u4;^4J%_{lsB+i}HHorS zEF(2lg)c8V@)K@ljk$1Ey8*zf^*0HKAB5lN)mID|$cc2vu`a9>ns5Ta`>0!z-O#+4 z_b^vt0wA1kuU>uqp4I;4%b!PIS87IF`&PW2j-!Hu{0<0+nHh49h_`wdmg)Q}U_X5K zZvCXb<^$LyVBJO;i0LYu*RMINl(UWd_6Y!O+S-`yIaR(q36O?|{q+&S(5q6H$BCQI zoI6)5iJ*TddxoL5o}ARt26k~7^|`63pNoTwx8mUr9QaVCF@J0k+d#mXk58DOk&L$r z#O`n!9ygPfzAfklVY5n}fFBy)p(c#$l6FWsBki7CgHS|p(p?iL1PKCqnwn17rZC*| zScd}iQB+zK5;Nd?cwD}=;k8enzKh;*$!iZgxEt!$O0)p@!n)S65yoo_t^xAS?`4FN z6)X%y;Y~x}HA=58U|`hf$cQA!i_h7gQAGp=1)+2Z4i3iP&?noPus47fKyB-|QYZEv zpAx&cR75D2z_-#f9)L@JWn~5B0;V>sP2IP)@5L=Tr3xNX<_go;>j^GeksP0=Tnf)h zFWc#vbP!&W%QC$WU21R`S|9UWlZR0>MA5>GDU*w#wPPfzmux{P1glTdPTRnceQL#v_05ukiDab@3ti_ z_u6aOjou&JjKZEdN{p|D4V^m0q)%gdlC3}NO|K(pFOg_io1i(-*8aGNc*YHttZbA3 z`hEIovk1_Ya2x%IQLX8lriHJi*cdLze5{ z08JfY1o~%UC0)J)hH|%QW3$<9fcab~CTxw5d(PkvVyQv*QXct7nq$3DnY(7FSiGbQ zrLeGlEAu{MH?mqWsUDEFwC7L0ucy}VUJg!i&Xy}$DE#8dq}83A3d|kjC#gX6F2mSO z%sr6qFS556;tT|aeY%KLpWMVi>km5z5)25eGkMRN*y(5bD@wS~L z-dOJV!XAr%QrErqCrIG2j8u8iskk9L28e|h(fp`VY$;hC>W%IuxSPvu)Fr$U7z zt9WiV*^ewG>OGM4cDpm59rHG2CVfYflQP57q4jY$&uPUg+P}OrrMtB&FSzoK|0lj9 z>3&&r0be6u?4=(pvoon+%t*Jre&}uF$_4-lYiUi`k3R}DPo&uH8Q3&y^0XtM#0;lG z(iw^^!ekPJ(<*x_8UuN~S$&gr8t=LH#_AkE zs4yKClmzitNq+uW(q_zhX&+O}dgLzSgF+2E4*@1p=)rMEA$-8r`DU_BMNMr(aDh;y z0Fl`|a15PFOUoH;?S~Xw>_8BwdU$w1IR8+^2qBD*PN|Zx$Pi@0*8v4#AmTyk+ten0L|go%||XPg}qVT5M`?rmN2&T(?KY@>nDuYKL+=Ch?@}& zucVb&#wczOV+eH#8jGQ1P?j=o8fLE5e05zkQcGOBS(Wg|b8zidw>dp`sksRE{&u(R zU6SC@uZ;T%1#^x!J(xV2FMNIXUL>9X#IC4#)6vXVsNIOV zE4d4@-SXyJlQ=3REbMPf(Kj&AjH#;Fqo@gv0Sdd1A0GgZ728n#*-P$Vy>o&_wpyJ` z!xuf}8g*f|+O`u+X@)t15A14zqM^&d-Qx{^{Zk}%7S%pg>Wv8l`1<+t?74FWJ(uby z)nmE6PUWzi>T1gu%AuIPNV0hG>95~m)--eDl9g|DCzc26U*b6vw+7OPd%(##l>}kKAypekPoW0;$*}S76co5 zz659yoOq+M7bk7QPc&9mF=%aY2FdvTS=n}}%q%ZU(eYj`f&c_fn(MpzXArkoN|6D&)eB_a@E{iLK=hMHwoJ4%3n%gG1ga^;IhZLg#1>C?zT8<<^!3k~)gaE1gj z^Rb4V)hAuiGGWU`;4F?H03xR^Wwm#q>cBFA%>gGRy0zHf&B&I(z?{ZLb^G!I(}BB; zud0T-XoXAirB?Bn=2}K!d8F9S)KQAl4&)t}Q;xlUz~eD{_`YN2ynGE0h(n=VEL?th z#YN@e?@tPFYM)^$NmaR3)6mZEIj`MjopCuwXTLwXOei3MR-2L`HH76?>+;%}=<#+f zsg?Sd8S=d1TRw<&BuPH=vQPU2s0&aYQZ2w+s>jKU%(#CWapem*7>=c~%UJaIrckzA z!aY@9Bub)cz!~pmgwaY-(gws?z?x_tJY^7!D5mBj^%%7b#OODg%PTT7%#I&@JP=V8 zcXS(PX}0)acUUBIX&*qP_v7QFws@C24h2+~LC=&=0B=Fx_DZQ7j;qUk-j$T|!RvLe zSZA=0SMRO-(iJ&pMRA=}*Ngt-IsQgoWxTy4$W1w=+g?r7?UdOpAP##VQlmykFJMTg`91ciwq|@%E!f}E%>u{)lU9vonVng!wt>Hzalx__LI=wza+VC;nu7w@ zVeV*4JIV-p1{yuY{R6i-cMf?@s3jo=q&Y5LUsgF@a+WpUHnMHw(Na>zD?Y|eUS>zh zm1Oe#`c2hk=#o%|2pC*jYo6QIEcI%La7t%vcZUj}tkBq(i!G^Y&u%@hO+9s(E$N|7 zh18Bq(j_fd#ON^nNu&xMIHExkE6Ef$~uYoVMhf3vxwGIOTM-$DVEx!$APH1bRL6zX%ywB7x!zPFv zTwt$R5P@IRzL^*2F-17jsZ#97U|0iBG~M{<`u6C=ZF0(VH5*!OogdN-QD|aa))7pe zscD(#IvmY?;*>XRTGHUkFz&`~-HQjdx=gV_Z}(aCd{OYRP&`ft?Q%6j)aBo-zrV8V z#g`#-{*v0HFD>5mNRPG<3gq@oBfLdT%#kdeDi_#l`)B+2&vm)!si{2hCZ4)+JNuY* zBrhJ_z;>eDkVdPRUc_B)$rhM(EGT!fEtDs%R*PfHY~GJ zBQ;n*GB9#;f@$Z8iy1HNR=AlNfZZYT17_4ip&XCttA)}t7uo{bTSgTmb2>_{4aq@espV2AG5y8K)3^%u-<_uhQjAv~5jlP5U(&eKNcMUVb5gNO6d#&~N} zk=IYYVo8xP*T|SV5PbLKyz6;;fr96IhPq=|tM$LnZf`Q~Wjxyz!PO=1cI>0dS%$ke z4JZx|GS@xmyuZu%io{SDkAP|fQPl5|rzYe1WPXB$eq1zf`1aHWZBquvR{H3=ummTq zev$U5J&!`88HO184I_w=%;8+zuA7d~t~qk8olmhNEv?DC^482=9TXXGqe^hAKiAU! zbgcZ^Q-x*Fz#`Ecy9>qXKL1Yj-^tQ(pHzi+6pX>pvNe17Kek=Zs~Qd@U-=pTj-yK0`Zsi}bdv2Ey*&d2alGQ+I6O!#?}MVKqM zD%ok1Pe~SSvI~){mOs^cPhYwuI1vH-ufCcTRJ5>JNoe@UK2foX9A8-S+y1a;Ca5yps#0yNuw-Xs&~*!PBGjnf^siH0ygb%^``o$s z>VWc0#4+qfx;it^KvWYznC5HKGp^}wm_2kV3@7Hb*H3tqfo)h>S)uEWZ+b+Ll$VDQ zGAlK;eT-B10G`5VRdc2RY61Lvs-?yhv* zXJ(!MA2V0&Z|(Mq=}CQLas;yO}>9- zQIaQq7zVNT#b^1Vau_P0zc2}4t_|Ig9{u&#RK4z(FBA%IVb}Zl^N!#aCm=fl))(vY z&pel))!;M3s4|QrfzGQ0$lJ{+S2>}?;0hfa}Nc@4p z%rGY7|3}ybvWk+oBFzJ~x}f9scSg*=@6t#+L4`97HMKdPf0%yh+JPmu<1X4sYH~n- ztD8~#911?9d6<=4s6l`MP92H6a`%-Qnwo$EyUREbZ>6RtZVR%~mk*Krb7bNm6&(dn z$X`K242~*0n?6us;xLeY^OC^3^4nJhGg8+E_85$DrYzoliygwb5do=G?KftaMn`k0 zwUW16@`hui^VGsqHJZy6z_T&_%o!u!421$-=He=&6JD*lFh5(-S2gUJy*RFtfu^Rv z9Zu8ka_{AkgXK~2@mZOf;%Y9yoNa9pYJ|~J=1<0OdO}S}_2wXp2K&I>S_H5FN&WS! zcL5C@O|UqtR!EsvjZ_q z#e+&p@I*;HuF*RPZ3cSZ)m$(r0e~5iHXouY2e9_4%|G-yA}RIh@B20e&_oPTr9cGo zr;byyhSVAXe-=l6{Jl+_|K0g(#(HV=_vmOIHUel;v5Y{^V4!` zzURKu@d&F{F{fTEPNK!D-xHUBSn2a|P#sKwf_-MHx0GZ8Ci?yT@T(MTvk)Qog=V9MNA%q)8=iO7r+=fQXX7?f7( zP5$I!XwyH^Dtr{wJ=8a^tqlVZRVeZgj==x0#jWT2h2vUF)YCd%GHUl$LUYg;h@PNL zo}a%E14li!K{KMn5JCzQ^#lo~qhyFTSQII?uyMO4TZbl?2u9q^d|_h}azNQh@=!T- zVN?HjO_i1W!m{}V#s<`LpQ{vZru^bJx|*ofk>{AwardspJ5!@}tOnRivBuDV!%IZh zkfCW{z(j!X&wX*ax49WJZY}s9!la2vA6&apI4%iB?NDQbD!~M!-&cGWuK2F>@BDB_ z99ED18LWP6s+dw~+esaB2aIvMG_||lz`~L!XpcrzW`{h$(#|gc;}NxiJq29{O$Cle zT)Q`K01dsDo+@+s-oQl|o|r(o2Gt*hcZg>QAxZ-S1NcP9CqmRLwyNol58}PZ0NQhk zGBKd>7g_$01V80d!Mr(`D3I=ra|Yo+jViA%skOqWvGOU)=LOPW!_{4lYSmB(qOSAy ze%Ul+U}AF8PNtIVYJ|=XdJ$cWT9a}cxylIZYFp%FLoAfB_^vW zhuuMK_3`74;AbSNKnx!WPYCJ=O^#MEupj_Q!H7VHhKOYhe`kngprxrHmTVySQEY8? zBL&ClAh>xd-wKI&YAQlvB6zSHxHSIu@m(Et8vXb&e4!1NBEX%YE?Zfe#UkWujG@3D z>oxF}4LwYBZSxR@W1IGZezdg>5=NMSUydXJzLjQCv#VF7F>-Bn4kvSb zr%(GK3Bl4P@9#Yc5QbtKoQP_;p)QDA1H2j*kmk2aJd0UFF2J7FWRg@bhQiaFmb{6T4xNM!a-t@6-RRzm+3piN8pMeWZnF+&Nl?=!tp-tIeVcOx^{$B=Zt-4Kl<^ zy_Q63{?_!*vJA*byfraIp zH)fcL=KjIIOpfdfNbRTZ2O{dI-$XLvy?k!VwLU_x$5X8#S9?&e-c)39Mv zGLqilDACe)N8XGCH=HY8US(jVpyP>rI(JcK$Aafe;@;39`eWB$^%w73Jq^T;N^-X9 zINl1LGq7_BGI{teJ$Y3BrhZzg!LOl>SC0SpL5uZJysp5bjJzfkK}b=!aAAF(yKM}j zV4WcZ0Vapg4D%eD7z(K#dMMOy_m$u^M}l3XphkpMzE`!ouAwf7BuEo*TH=$IUYSCU zO{Bx{!ZMD2e2=-Z$oKCb_#yEy5-P;rqcovP3^3MNTRT4)rVK<<97gwaU+IQ0Dw4vY zBHaQVhr&_{<(9BGPIg(@$4x^trU2)_{50b2?G9Yg+L z^V@DOQZx4ub-e5Z=!Mlbc@KOLr+Ixe{ZXX&yZ?M#)~}Dx9rl6XXdVOyUK@uK)i4Wu z7w<>>5%d(;NY8RqQ}r$Hi9m0$ZNefD6BV^s=(}8qged~WHZ^tYTKYRXWII7TI2VJ> zc+)!#;t0;-GHB)3(xY?+bPGum{)`E3avG&nkyABc(fgAY%`+YI6qm_>|$LTE9C||M6K9+ zP$&>LN<3D_Y;e|_U+$@ zmbv+Ihv_a>_x{_5QGkkVr5X--S&wn)x6gszg7ht<8sCRQq-khVxNwH-nI}S+9YsHr zcf5m5cT4Ar*-dHI2aCIbQ`k>h>1{4PcFN-Xnx;n{q13&R`ls(6N+;526j*xXW}`Td zR!uBT`#MF<|3{G5b5U*<=oys5z}GcBmWD{?MOj&F{a`jdoBWuolv5Wh*g9v=B8_d^ zE&tKyiF`#FNUSh4tXeVZI1DNjngdk`fbZx5oh!M(=-LjqoQ>uoG+XsMD@F^18% z_svb*6eNhmH(dc96%(^Hz6rO$DhA9eh!WP?!ONvs+d#L77Ayfz)6(k6p;&d8;y6|U zfdZ8Y+(aldz9hC)@rn^&o%YeyMRV*%`1tD#vys9u9=%$LoEt69Do>rNk6!Ry#qo9p zo?AnO0zMb+jQbVV>&yK%VQfD^U;{hX_U(|#OkjTRBbzZRr?(zAtt^aH4j(YkA1Sa} zaC20fU!Eu5Z0%P5&!)S29itt|Tx7!H1*yNjQ%RIUCQfxz_NdrL-4FZ^gjM+^ByF+H zmzRrGFz% zRsVahK06X>Xr@g{3HAP31LLRHj(kr0&q+qzTUI|bfyzMs=f76}rHorCp1RBaUw_;s z@5!C|_g|fH-sQcD7X0sz^$i|@F!5hMR#or+bCv7;-&YHaq#MCV&42yaLB|)FuTL*H}mBQ%# z*fZZ8+4KM0J>#`CufLu5SFSjFI;o0r>the2Fplu+jYUGjt<4+Mtal0P^@h6CXmar= zPS*O-L=mK>uL=40+NbMW4_J6dqAMO;ywH<@X;|ZM?DW z$s>pBj~ogsr_RuP^IIJBp3}RmyG5_&$cevt1P!Z{mYvfc8yY2tDkK?e=0lx?jkuP! z{d*OJyrBU$S66(XZkM#5|2hW7dj!jSmIM}d$8WJtLE)?mBH!5k=tF4&Z(Lkv$e2uP zdY8K*vuxRR`rVfTuPOO(x_9{xr2o4GuC9o3rm%Ip>bWZj$LJarA~+N+{leyHdDO^$ z%Av8=zFr-LG^r(Ze%FuDD(fs5Tru&68Xonu^<;<(KA>YGPmpq$*|ZlXa(46k)qy2L&TZKVJ8D(0Y(3YYGWT*;x51i$n7 ze*?+k0^A&?s)vJfEyWKj7Hf7~nh^Pwp2$ZaLNIN$JVpU)@YOIcCl GYySsN{@f%0 literal 106071 zcmZVmby$`A^F0o4x}`RabZtONKqNQaNU9($NQjh#gmi9@l9q0;C?%vMlu%kFL=cb? zBm^V`e#7(q{NZ^&=kj>qBJTTs&CHs$*35lk_4U-rh#83y2n3m?hKeBqK_CGi|0KkQ zzun@@kKsR9_YKvR5HALqSK$*}2Sr^)1fnL9mN&1 z(bhlTxc%L*ZTu06eEftGN&2cAtF6ArXEJ|e9|;%5cC#_%C*}*^Umnc4djHO^mL~Pz zOV?}Zqip{DlZlz5Je^EQNoj0s9AfyNuL+0${PL2HhUQSV`U1=Md|e%#U3=Sqe;Ph+ zBYk1sH2=Fp`awkSzFY7ylc9ryg8*rl$iII+D5z;__ATcJpMGgS{j?nFy>;_!o%6=D z*uUQd9}o3kK6d#1`}f1;|M|j)*|;*Nq4oUM;Ip>Poc}xlebixq&6(hTFR0VgaccTM zPlE|Psr#Q_OM`Rl@IMdDkH0_kKeuH}x}IZ=D*d%xNC^UMy71X6Y$@HvY%*pVG}F*kUR3D1-{r^o?AbC65lRwj?ss50WKA z{slUW|31qS_d?ULgYFntJ4@4k$!08eV?;>&?hjPtyvJ_tWg6UU#HG@zsv9crlq6n1ezvuPaut-kfOt2}d*Cg5&aka#~B!tvR44s^M zvAnm44^vg8flk(mL|;XlZBuAu3kdvkrwq+E?a zYR{rtP(_Q5D**|=7$2vuAX)&Ul$%ri=>5BY&(`nIFX7bGI^BOhWcSMC3*J!I0PDig z_;NdBhlw;cCe=o3$QbE}J&7j2LSVsd7tp8SrxohPRw1=MCsT7$SFdEwh>KNwDfd5- z78V`)qClcErozy%`lPtnRk)(wNbaH*IiJjLj?j;hZl6ZN2o;*Hx>xGZ5^*2A!+x^3 zwDhgT?{{Y;$@cbkPft%w;RA+_hgdjMeg7s^W(LDX&w+yplcz!&)(tGbUm+VMRC;oA z+6MicoLO`Tvj|25X*-Y9OR7$UT0|=;Etrt4CHXsj8&`z+ zVev*%Ol)U&bd&#v^4M2zlWD@y;f0CF>m%lDJZn- z+~Q=Y4QRDwrrhrd;#72KbN}ACGE&SW=^_<)ur)qzjEU~)ZK1+A{97KDw)M*!`FQef zW6GyIskzC?H4l&X3zehs2?!b-M~a-r%E%bSE3Ddsiq#%vi#t&vkw_L6mWvm2Gcwdo zS!g?3=vgMiBHk}F`D{$BPu7h%e|&Pqsx8pZ+1Z)lOi+KLq4oQU%vo6xUw=;=9j|Wo z;_~tpkNNI5zMF=BsRcj$Tb3=)S_sdcQI}J%O})DNdwIz1%L|LgJi6F8ILCiBSy@=l zpQq{m@T=Iys{-x97*)GWYxrD`wPTXKoWT-w;pRhUS?6cwP#^>U9^%k!^S8rpw; zW*QqCd!#&FUi6gxN7weOxOGHkW+psW;ZSjx%t;**F(~q%`l2$zIyLPQL8|tB_+Vb| zXaKjc_WAkr(;F{;3}obAz0V^jchSjx4}vY@`^)@|&jx&SEl)NpIa!fKVE>j0;kdK^ z>aPlF!cg6r2t(cACVzqKC!nt8Kw)5`>#DB|+w6$%rRm*!1k_ol>ygU@2A zdA~K?kDkw!WT#Gk9%%62!tDLMH zd0Q*u>FBiF+}u0iA=4ZC7S{ZP_1QLW9CI&RXV~&@&C1I1@bI_-_W~!Fz2ouIjxtgH zkM6!~k=y(3Zk;T#o}nSPzX#ii)3a!^Y2U&B1SVeA>db{9k)_~ZAVWBj`D(4}OtX!R zO~9XDdkE!(@Y-j6@9t%0gOi9m^5WP<#|ARZRer*uR&|h0aEYe?tb=3Rv#~f@>oR^xVymnf>oz6Wi2}Qo z`lW%qL)e}Mt5Qcrc`?SHd|lrkC|&D6;&VP?L@ZxaZpX0Y549PDh z4Hk2%C)D5l@&Znnnnx!lF0NPuyRUaveUK*$k1bvsQ-q|YRU(*5rA;11MTL+mUoc!+ zUWP7CheSSTwL}p+8Jnnbz2G35_wZ^m_w)0ExHB*?0EXyZyVmZzX{o1op}*6lKPI)8 z?^C!=1r|FOGk1DwDjU8M+jl4?3T!7stWjNOLJGA@N!(Yi&=DsMN~sFcvl1R}EbXPItzGP_gjI_`q1ou{yD72RnVqbK za+LHuJVf=9lXY}GDZ+V@l#)`k$`O&d83mVB*wLaC7s7D}6=n5CxY<}=y`v;%lM@fs zO~RLm?9|{9&=#|&M3jq2)hj(uP7z{v|Iwe;_n5cA`I9ps#&8Z*MqdI#Fji?K*ji{M zDK#~sTS|3xI5b7mPHlzrvet2j)Hu1lz~z4{&%S2X$1lPjC!l}1REXFBcTho5`?NH^YEy(y@_8` z#tzXT#L5t|=82bRju)4nrIR5k%DZWQ^ktZnN?akJv=)`;m?T zhdcIFsM;h2gFAwPg0epA^i{F(6+E?bQl5(%jxq5oxR6z;$)n55%lYyT{o!!oV#?kH zYFRc_}E<#Q2 znzlUHej83;gQcaD#Eekhm~J3{ty(ChtE)TH9(-1$8mIP%F|zs3`XsgIyM&7*CPO(_ zjr8@=lLimb#7WFVwiJmhO5f~q=3`n!PCq}t1%R58nfYL6u@8@gwxEp)1( z1Bt$^D1U@+s6;@|>fGT7eZZ{Nt`9m;Ql=s1Xd*XX&m+L_Y2lwD&O++W!EgfdC}#2D z!{5uL5C3hjnZ)V=&`^rU3pItfaBXdEd2}-Mp=-e1LVUk}YYnJhd;EfGC$)AArElU5 z{fdl9(!9nNuV>hVD?D&qUAn5pa`Qvh<)_!5Pu1Lh4+#cGZzK!Qa2L9Owe=j_QEhGQ zYnMqe>kb6;63DUR!$Uk=+>fOL;N|7z>iQy8hgr@anexVK6;NEd zcNXBY!l0O~&b01M1szdn-Xo?f7cN}Llk%`NHa51jWD!@f^!%Qdn!5hAsSaQSqLwLU zPduJ^#f=4dcce%actHVzV{B|}V>Hmt!GTrU%Mr>fX|f;R{`*9UCUvUnRG$39=86gp z`kL{p37i;tpY@5kx8a2>NM$X@n3mp{F~GV@7R|;l?4wc~?UCZP-GpK!qaEi-9co(u zfDLfyy++H*ny6uH<-_AlS5#fS1qF8b&IdH3BgsYg2=SE=%v?;oT)=+B1t1OgrEB~2 zSrQ5Ml<>YhGrbSt&1`m?Z4+S>Q@Su7j-FtsN?^M33y4=z2!HX@0uK8l^1g1$f-i-S z^(i&t8S(J&$e5)lc1A9Zs21KDE7LW=C04TH_#;}|ampve!O=;3h?f-WiIv;A1YrI5 zU?Fj&+hH)LkY={ge{by*P>Z(*x8KDlpPEj37m}MX$Pt^UU95aqsa{yNLc{03yD~z- z_eQ*SqGzr8ax=pVjv5#H35Hh)c6N3WIw2iBy)yHEu}3GeSk4V-QQdfQ_T$I*q205{ z`5Qwr+?#$aaQzvCFX~TWz6#X##wEPAY zVbdUaZ%V%j$^(;-AP+q8Xz%Co{>H5a*BKt&?06Qr?7-Asr8_79Cigi65^VwG&|xT# z?6CJ0Naw5fmq?i;Nwqq!X9!!Bg;j)FQ&enhZYF9EGvkHY52PzzKt@rNmkYDAV0Vz$jLqZR+*as5 z9UUDCXNN-o26>YA%)GqncTKK_;`S?@XIQ>MJAegbU=h8!e#T#8ThVVHN|LYX-z>Zf>T(VjK3(eKU%8o6&unC z#j8To?ERCLk#PzT4X&U_D0XCc^SYVY6m$r7Txa7K=6+jqZwIZ)l)K;;T%Z>zuz2J1 zd|jgY%u=y{M?DSUvGvIw&zpIEzE0 zGf%^NTTRWY_Y9Kj=FJHVjliPJB%7?L=r;7tq}L8ZESZt>$-WRXP&DL(gqd)I@DYl| z?#`W}f=^FxXj@$lZE5x2Q&JVOY|#+)DP{oR5E<`H<{ar?6hCjA#A(yIA;8vE)YO#x z94{CtAHuapuGft-kEe=QcSVtn*g=^*5xtGyTr}{5g9v;8Z);jR_1SZ9mF&?6xdIU9*2JYYF=Rs zfDhH1C+&@?SH(6{hzrX(HAP%?+=gQ+4r|0D)C3-SPK}0AE&ljX$O|2nI{leJG5#}5 zI%K#Pjfon03Eo^%@Q;3)O8V|18ux*7p_S~*@UKcTVwY7v6FjWy=xP(OrdPAIoreR2 zVpKR>d>lo_bb(pQ{rA#G;1%gCnpr7}!zgU{^zP?pll^G|s3`Q27+$i`OTc|NRN0`v zjrZA|AuY~MPlAu9XRkju^Zt-2+L)b}r>B7VQ(8^J&(9y`q?X8H0ZDe=H@`L}2Nmh% z$okbn)w4d_HGnW2?XK2&|Gds;rAC;l4(-xGU+WR0#5u+RjKQ%qS5>W@o*WlihU1f2 zhXRIzhLRilhMS&LWG?gt&P$(||AGN@4`uIO3qD0ffR$V+4~~+^sHk6)b?VI}ZZplF zS_6EMH30G;UpvK+{?vhnd-{P(K7q_8U@cCTK&+RNcvir_1{ z@zN6H(x?K7^$UP_Gf5?^P8LG0)>wPGd9Z1 z8{NN0vj!dfdb8>C^E1Hxy~efOE$ou3KI=E3^V=)~Z0E`N4*I^ue~5DrtKW-?Xr7aU zBm0V5f+6<$3@ICy86?0c7vw?_Wum2{!J6 zm-|1zkYALLl{I%QN26H@%dZQJ-TN>1SyVl6c(_bnShWUt;JYy;0qqZv9QxNK5fS(K z?pVMG&|?{{s9q2M&q;T|qJbjI_~}5zg*Hu%a(^=eUA_Xq;Lop_YdKN|?-XRLJ3?kp z_Zu3Uf$)?wCG_v)PFS`>YDY&#n!L1p2$`d)sX1y&WaPCn{2gr9@EwZzukmSK`?(YC zF$xclyp{)Z0lcK4Pl1|!%!@4A-N!)R`=C=CE z!n3l=+*N^p4?G;F8$E7MIi;>&JH871N=#Zh+fY6WNLh4LR8&NS%k*pAqd0@4y02md zeSkt3!NI}Q$B*kEXF@^{D>x_6Bv(_ns_OwS_rRQiTn7k{3D|!o{Mm;?_-6H7IJx}6 z0_&L+1i9&yuHcuUo|@V_pzt=O5Rr}xNKG~}!%oK3JhZGTN5}%)`pC=Et!M?%jK4ZU zaXdYQN>h<^bl0-QD@~qWCqH(;!Zs{@_Dpb>VK)cTe_*f9(aQ^wBI5d0YT5bo`1rVL z9PJ^nMLfLcR_&Jj2sY{iJwcLpg%{a#2AW6SL!S?8Ip<$KT*UusRuL=3yqCeR3<>Fd|0}YWM-O%{N zPJ}Sw31)U~h024pGpJQhNlTM(8s(b8!7?f4enCV;lq=)wI$kjX3_91c{k_LxFXal+ zIV($L!jmc_o+sSn!|yMS0V*RcGdA;kbMJho+3b#~_8@Em@6Ls*d-2B#RRHg&$P&bX=gb^G>C?+6^U?N&!42?~4VMqa(yLkMTjp7rV%h{8m z(x2N8%C6-D0oel}9I(ou=6eC%j-od3a0k+_TZ7#`#{+GU3MV{DvI{&(@JpYXy83y4 z1!e}#;jv6Z3ijf0F?}B(JYXFYK%{LC@lJoC)Oa(TXT8)FPR?+{bV_V806AziU7ekf zQOZs%1Y$4DUJ=Ja&cXNj93=-B8XC3-oyec;8Zi(2-O5KR;^r2mg1{ZGG9f9G0pfVo zkH}GV4Xc*EhnI(k!^6?B;(l;=eSJN2fzOpj4pa3`_J3RWp2nw92nhCT5tcHbM-_YbOcL{~I`bhwNZ^(^e?r=foD?7T~4CAaSlzjiP5DRiIWKjGi`byQ-{ zF_|>x7NWJY^02GXTqrf+SM(rf#x@)Si>k7H>LGS1MlT_? z9j?)ad(%E2vnBfa`jCFmU%)$3 z?gP5mFNa3aC4|@#nwUUgjDgDlRP2&jeN04wii*$bXsO@tCAgOirGk`ac#VF)dHBP` z^{s(y11ifrJQ6qVq|A}_CVmuV#O%==e0EC7sU{BP06Y$?g);7^larGobZaDUMw-oT zvR%GBw%Vy2TiXVRU*V*op#f(N?89fSBNU!_jJDNK05=KGq+kpj_O8K-izi=MZWxFg ztCBW}IRz7S;}91}@h5YzlU>)+)MSuwM(*Y)1k3v~_W8b<$$z-dkeYSH&C=CXsFauO zZRJ(*91$BOs0J`yVqA5F4Cb`&DT^X(>`Lf&MeA={TU)!kZ-H@L`Z9+~AB8kBHWml7 z_5FqdNo1++&d!eYJwD}WiQ)8%8l<<26vM;9c=U2K9wo$!d>JWLhn70*Q?Udt@Nn&T z<4WuJS4XKgAFpk~eM5nWoZAu}i4&znZc;;V6pr`_ST-@2>MyV-{P&#sK3Cgx4G#~4gn4dSw*=Q4ycd}3t)ro_GWAMe zbnM791~kTJ&>Ya(L-;vUB8m?ywApkfvGlO8V^l@}h?Jl1ZA{bA@a}ze^##`iBp=*+ z^g0)7l6d(Nn0L^*pI?8@IQ0{Bg7HK2DoQ8PkUn`)FEZ9zD6}ZKY&Vbzs$k z(eMH?ekBWubCE5YO3G+yX(@qTbpG)*dBr#R3c;4H(t&$xCcEzSQ{YEbx^YtBo7dVA zeb{@ia7rmz&Vvsoh~kqX37cEi4SopQ;e_DB0V|3LfX6h#u|ihJFiQMrtYpd=d|GgH zQd}e|dH<#9zfI5q-;RgY_D7X?8&&i~nNi$|8H8q{fN*2k5_drl{e@9g8_8?ddwC~8 z)es7!cqAN0N}s|l;7CFi&CK$F6NgkHQ;8B>T(}ZNnPNc#R2&%@MV|raAvK{vJXs_k zO}r?B&%T%s9&@>pCSd~AO@t_>2sA(e430LYUfrs;#=7d)r=XoT3o{gLUSa#x?-dn% zC6(q)p73QEpLHqd^#Dx!D7^2dl7v9^nBIfvyOt?p1CUYu#7ngJ8IWZ_UVJCBSI&4i zMZ*9Lz*s5O3Z5GfnR*!-jzV1Z&7Vl#8>WTf5C8$BO;?)04eMK4oYe29Hwly(cZN7l zfk}ZkbGSQp&4!ykC#7(vkZ6w>qZm?PRPFggYh0X-&HC2rbl)%qw7<|n=wPMd8sy>1 z7u@$tK|?}A{8V9pL#vDfD%Vh!3c=q?#F2cFh%Fk18(d=jdU}0)IvQus%oPM8$0|u- zFcZ&wm5MfmY=m|^cbKD^^xluqI~?V*UQ)iln6rzWKUICIGWq$fRi>F(f^P-*iW!4a z0h8Vc4VGSV5SVMCqM~|an_rv4EitY+mB?obLYy4;Y^a4=8q4MY+qF4A5r zNk;c}hG6nnjKr{C%l|+^ab5clLe6i;4mcMWM(3>m%Mgo<4`~X7tP%QlYAUinfzyK9 zT}!FOQrLL}I0mxW{ku}r**dTQ%1KZt+}i2Adv*5cRfz6$!%|`-3?oH$VAw_AOab;Z z%+2-Kc?ARnczNId@YJkBI2!8fyMqk{2JY_9FGI7ltV=x}kgs$?=35VBhi6UkZ~;vr zGwVUuoewH;aXZ$bO0r-$$x+#6D6ccs^=%gYOM!`%71;i6mB~{M!!}ovRfD_eNz^FO zybT62=#|^-DUi1ME$VD#V?esn;PmRfJ#Tglil0AQ%>G zpj;ER_5*-&3-ZxFa=rhZYuWJAZuqsc#$z|P_EM^M(@P=~jk?Few3ICSKYp}maJ7h| zy~KFMwZ&sW4THPr4QGRTVHlrEM1hYace=my;oK#HNdl1QrN1^oVJEl$hJ=KytT=Kh zlkRY^{pLVpuOj=Dl$8Gd{R?iiGE)?G?>clHN5>UF-p7w0Cue$oPtotBjWjZ*z-pLo z1w1`hP1_uWdmTRC`*#zqb9@HN@oow6G>!W04TVTKdaaFcTdvitO5WQPBdXdOZ4H@xHHDl$|(=WiJOM^dWCENBY#QDR( z;IXa71$1~(u+lAzu%IBbLQo)>Ek}Pgh5zKMW`mr}*dF3IH$9uZpl=j3-B(WBL4U$Z zQWhmFF78}!^es?^WMj`Vd;Z}w*}u$92d}7=9t@S|y>WIj?*mClbA>K7^Vfkx1A_}0 zDJhsV9eGv?qWdT79Im)bxC1s=zWlP9SXp~cm7x^-}Q;m?$FRseH1Tm^n7tqku*5*fZs5f*KR=Vj2iGOtEXZ|-l}&z=ZL+% z8nx_eZFj#2o%@D6jeB)TkF&Fzoj>vOQ7|%sm1{a1>4~OML`kJEMpUQTbjX9tkqc%a z5M`K`GqJFoHqNjhY-L%lnVU1m&z5LDUiOdNil8`(;HPt}-XI6l( zKuJmIDR8qJ=T@Y!PJ~FR3MKGs1`%rnW}?x9(*iFh+TU>(MkD(1mxUF#S0vA^JA-01 z@QkkI%Uj$zGu1+6f0m5FCDO-jHbtX5x{il9LO+BV`Qw>FlPV-_7UIy9+Oyl$#O32` zCcYHA;Q%G{ny%v$L=DFGO_0SfR^vSr49S7rgW}kcTHF+APRp>mpS684zpWWM{?*w)!Oh|ek%ynQ*_Mx~FG}KUqA7BdP6e+w% zU>?bgyCO_xXU7cQVCdQnSp4V+!8#wx=mw44hFK|sd*Hy~EilMR^^aMX->+^Hi0O0= zptloSR0;-Qg!gF}y*!lvr{_OAMl_H1%}?s=hc`anG$;{{43BQrhS?`j42Yfyr1|HU zR-19JP8=bFUc$PL(7kUhrfqw1m;#aBzP?FN(I5)oI|KICymwa&4y*W*a&o?cQ}|~# zSV3Ie3nD#O`bxiRb#tJ<-wbdYjYb1%q+hzF7G%O9E!_-E^W5A7K1t3jh3E;SV=;UO zW6SA=mtY3Mr0I!5aFCiBzQvw@D>V1w+6DhfepwriZ zE4#Z_*IiaTNJSYX(ffRB^e8s>C+*S4bF%A$AZz5;5NuwX!l&Vtbm#FF6oYgkd( zY35)c{q@Yi$7dh(6wE~uSfuQFlf+IZ0ms2A@&}_*@65%;WgQH!^F&$OoNaH{Nepv$ zxI_^i6nSKrpXx82d{l6^@RRjT=m=jsk$wM~SH@DXaiUGXf26x3kes-hoX`~AbWYMo ziou~~0C0mGvwF7S3FB6EhzW2b$2h}TyjyL%h8E3UPQwL?;L6&-UX~;uVl;`^(8ExuZEHB_$uSB}h`j!^3koZ338KvjB#KjuX{33^!Z?17&r_ zq1?gHIw)FK9j>r`pKuXEJqz%(EYzW=P32esnWg9gjobR#^3axr5ZzQW9J=S3Dbd=G zXBS&ppMhYj*UK_58Ye=9QZI5)sA2mn(C^B^f>~ECbDzfY{QSJc-Ot1FE#S;Q{CaCf zFJFEJx{<=^b|MJ6i&s6lQVU;wb36f?OD9+Q6D%E_+s-n#L#|uGt`$hr;bO3n@={Y5 z-)tqRGi4Vvn8QpFwji31Stp~3roO(0NQu1sN|O06C8~6S$>x{f%e13&Ral^R1M%H78Vv9 zh`N8%GNKU(1!&|uLwOs^%YVKFY(9jYvXk{IJ2KkrXX|e^+iv|oM6pnr! zJV8KIFhM~md<5o6MNOS+*|V~;a^a#hjIWyDETMd1Z$jD@NYb(wUWyourCxwa0{G1k zG{vrIyZbuW2YeuqSHxsw7T~xuTw}dDLzpq(J>N~lX9PG@@4nRDMBmPsL~H3bY1O=UV+VLahUkY~L;&nxgQqO6x6Aj*Sj zy@l(}p5d13ZGM|+!ovGkARE=d9P8Pt`(Vmh3|a~>7c3{>_~$ciASlqf z!B=>kkwM4A6aZ5&P&{NTvW*a2z`e5k-!d~VlhU6&34oZx)xSWVL)JqwDFp1hT)$3> zj7vcy$eoj5+V&fF?gqsSEDKTEU0`6Tq`hGUVxd9pd3XC_OqfjP|;pX$NM0P zA*#MVKa){`OqT@G9ua{%-eZ~!tcOj}+L~<#WKTT+1{5|(yU4WKd-}OBI4Mp5(7!uc z(gz&+eA3{R<0qR3NvZs4Zf-7;gih;BFfFWD@B-Gj|4^RX`SjGZt_-Fgum_}H3FfXL zy+r3Kz`T;OGBgcQ*e7Y472pSCssgxvyHqg_cLm&=gqRqfH(D?z!XNO$qV5h^i9!0~ z{jz$Pa%rav!op=C$LQGDh#{w1JbJ9&b%v3+ytLH7AJk+2pvqBko5&I{b9|C>$Uk~{ zvnEWo$I)ZOeS5wqCME`UTsl+0NmP6KmPaUqgiO~HK?*K?iI|K9q6EvBqEubryjVfB z*8h0=HJJ9s2$K^LKb27lb@!MWt)uR)&?*ggUx$#2oysE^UP0;uoekJUmqf3E#i%Yv z@hHJ4HK8rE|1%UQ>~R5$iWFPSS5;gYg^Jn#{rmorLnWcAfqPsbPM5hx2!ipVk6J)z zcXu~rMZp!Hm0_&sA(GIUGR%F*2FC711`w<2KUI{ky8Qp9X5wz&0)co@D6RfSp2Hf@ zw@re_376*HSet^FrH4fs7^a=WFYrNF*&t&Ovx7DOlGO>Od%)8?`etW?fyEmb7}Q^V zW|aEkCv5V;Ht!0Q08rXn;DZps))C89&qZj2V6uIMql4b73ghOv{IkEy02Cm)`*NM% zLS~*1qrzYgp~W%^MDgJ85L_7vZ5sUt&g46c;Z-(zq?EngSnD zY61mGL`)2{fKEJgN1sPrydJIsfzO3~HNXf*2OMK8Z^e!cA9WQKm_uF29&W3DZOv+I zl&T%8=P*XE z+lL$N#eTwxC9cv{*b4Fvucn$^5V6qZRs9#_+`vI478jcbbZ^iXnxYXaWEbcp6CCY( z1J6$Wj1c4i&*QcUM4PeK7$mQc2xNk~JCP=&!RteQjB>@fAhVk-(0>r+0Vp!!* zI7wz^(t+t#&kwL#qc7ZzvqRFgUav+ENmg(^|9%CH!cn4x^@=Mq22Hz5>(vRmub7%v zTJp&HKbj+bc_rW5cH$}BN5dOtckV2KA#!IhXA*YjK;Gly;k|+tFbEcSM_W*~BqU5? zcIW&~7}l*|jjpMHk4uA1b)(MoWmEMPuN$gJ2E=trG^Qf-0JF@PM~%ZO`pm5Gt|B zrO*`!=aBg411(!yj!Ko1vNEM*IHICUNu;q@{4`WlVZA`6xYJx8@oNJbvlDO#UK6F@ z`-v?kCI+k9*AmuYYI~DD#Y2U@6jqB|AZvyn(`IoLUw-rDCp2f#Y!~R&VpK%^NG#YQ zfDQhz@bLGEtij(q@tp2w8hEs{lQ2-KS!P{SQzHRZLdRh9T`WKyQKCYN!s73F{~kcv z4<5UA1gbeQ3Oy!h(Tv3J`}i?ZYy}_of0G6}JV5D5Q-Kxc2Gi8hM|$4u4=L1!RIdCQ zDUNP$S0IhdBVuDUQO-~%2uT^Y;gbo88{|YT>?TxJ!D1OT9i1<@ZXkirH~63w&+!D>D^v{SeehuG>&45Jsj2#<7TC7( zPB10FdF&G7tCjQ=JQH zJfF#R81I6_14W_-ez72ec#h9IBo7j411cU~X8_>}4hpf7g+67~KqwADg-~T>rDrmy zqEZ3*qE(Y89v(L@?;CTWoA}o|O+ua`%B7^A-?(`*hPcR5J%L%V2M}Me=ld=g+et=c zg1sMxhOTL9LQe{n7on`}xZX=LR_K^H)fA44iTYvFEVgRU4}c?V+42C^l`2UmabbL3 z%%mu=I$2`Yi_7-q8~dM$n%mW+-JOGm_ZPjL_54tzY+Um4r{}1Ib2sT`Eh%;?Jyu9R z2lo-;8AhIG4_PK?5i3YdEv3qZEiwYi+&U>fo|OLU;2#7m&f?IMm4zreUbfF9EU*Mu z0EU*5G>_0;UgCnNv{1%s9Dg=Ol7^67^#%Tjs zy?LD_v=UnY{3Dpfa)l-Sr8K`kp#yAAO<(Pn{|F}NUGcJDXY2YwAdMh?4;B0K^Cj5o z<>864%_GHd{>j?>x&#jg#sK8;3@FbW*RSeIlYMWNcek&G`Y%S)e5%tfNkt}dLIV8= zU&jwzPQ@15uta73j%mo&@Fo}tq(3RlC&R+@;y@t=Ai5-bb`CA8$188#ps$g0+&Jf!~FHUUp z6lWt_^bc%5t=N2Gs;5f4h(nQ>c9n?}%-IQ{X@E zNCfVUa;9yOPsr`_;M)e0u^>itPW2iZl@Q2_as~E7kn&Cp8XAhJ8n9_C;Q{FdNlkR&0=(RV-6Qo9 zJBQbj4UndMsJX*X+OpePI+qrD20EFUlN!U~_?qL6eA&ifF~y(vxFM1B{feh0)%5 zL@9etk$I)A9apYalC~u_p@Lwv`yCbfRL#|KVjDjUqO@E@mC8$#>(buZ zlxmvy=6_tG^OpnafFTeNI;q_5six|xUFuh-Xa4#TPI;KYHe z4$FcoasGr3{vk%#MSM%JI0^@_3QSlkfuaGk*B7C zm_B~@Umle%C-aM{M2XeYGI=YF1GWBq8>fKy{dvWE5T%y%1LFT zC49MG!*5N+5_|CJ-~;_7!z?4Ntz21LZv3|U1Z^aeNob2mbi6R-f6-$O-d7YLt{aa< zJv8jJGGWw%*(tPCM@Pr2v*bLXxG|;f#>T0;LwD@#^tsabNdD&~Q$J?m=fSkH>%82F zm#}MUYG7fUkdQFxcqpAU1p(27U)2Cj0XXFUA(p_Mf!o!0vsYq&3B>vyq7P+=$zdtm39S8kO5}hoC$CCJd!)Iab zvY&A>eG;yT3438lN%zk^rDrW#sDG6KR8U_0KGmk1^~6tD-O#11Zhd8cCHhjkIt`Vv z$*YHTO0~kTk-dcv-iYsy{wMQDe#@Mcex$;6!PlF0iBz=CP}~K*JIa&EBv=95FU-`i=TT${ZG8Vd(#-c;aG~6Z zyouUhX47d$E+iH|j!YMo4r~+zd!CXDjr`A>x_(^3?SP?Wi#PUE(}cXZ`!|dB?D_B* z>@A6Lx)s(N{`cE6G225a0%N|0@_7=ixC~Ch*sGUS<9AZjWg}D8qSBlZ3pVzh83Oi5b*c{uX-W5hl>=eaYb=7+l9dwwNg)S`M(n({mr*7 z+IeMg#Qi(H7)AHvRXXzbLsBI4r6+wPo7Yj zE2Y1;c*x&-i{}j~=UlundE$qiUJYawAMrh3G*QUbf_z)qwYg-5d&xtBYkoLsB~`D( zu$#HId(z7k{T*6Jr*;4QxpH!Y!n9KCIm+xyLh^x7D!Bt~Zy}l?DFlPB!HMIQX3LV1 zaj4$mo8r1^sqK5KEX-))CN(Rrj`o#HpTs|ny77t6XUt5qkEz(ObP0;;1blIsp=e&| zDf=br9uVt^n#`~e?-CIv{@O<0F7e@|*UL(OQe6Wbi<)SLnNvjkj^&L0mc{MW%o5{X z^_6XkHfiu$18-A|iGCb4mKB*Y5{XZwFV>x*=z4t+qd^&W$bMp^$g0CAQOK$%5^K_v zL&?Y)L(Ws9kE|Na|LZ5>K>v;)3a3Y0?!lBe&BvYj&>Ib;vRHB3q^vj&55$COwvgu8 zr`mX&DRN<1%~f|brTkFLIaFWzE{5#VVknrz!mbgC#b zD0ie)@nuize{EhfA+@Mk zZf6v-Ve9C4>BOS@o{MG{QR+HPcTy-?N&0^Q=y;}WL`IVsOJ5**_KxsTmK45cKs7C^ zsBv7ds9W9H@M*`*qcHiXJC)g$7y{gvPK~70>PCX1TV|PWrnHpQjS+j4b(&DmOtMS- zWviW+%U4YV8=U+kw2Rx<2xlv*ZZ!{x$9Wmm$d%ek^08X9$0xdGR@qe2JJMKq|IGe^ z97rWaCRSF+y6@0++?Tz0>m6r2>UM>c%)Lk~JjcFjBWlAGP&?g(oGj%U zq!bAI-E#k{b?wZ({stkPcA;X)ZKOX!#FVf!SCGax`fGwQX75}k~pFUTZYa!?C`jzYB{DePlfCQF{R)w{<5WaIa9{oUH6Q36!x8tM8U(CI3 zaHyc!`mTTjFI&VoHMy=~3In#c>{cm>EVNh;7m{X|{BzN@=xTDm*R2#fwBFf5g8#*oS1M?mFvT4i5n5Img z)4<5AfXepkI^RW}-NF!zy%WP(jXR#Z)&2AqH_L#9?L<2<&8g`zaanRz>${F`*jR~_ zvdx!Cf8)_pl2Q+~*hYqACfSM`c-2^I(kU=@97MD0t-o@3pep9E78r6upm1=F=JY0M zg*Y#5zqN)0vd4JKUGTN@wi1@A1d=AUJGBX!e@cTJb+Y^;{}N7>^P7;itx;@-cP6W5 zDXWw|jD$AJt2c7QvWta6oQdr^GUiRuLMiwqxVLWhFh!3e+I~m7Tb5Q+GhEv*9Lu0L zrhXJty!jQMCRnOAhmccVBa34NIY(7m{y=79z-@~dr)-Zgioi;PCE)ur_aw)dx)~mE zraxv?9JFI8n~MW~(PabQ<_J8F;}ult9lUEcikwDLcJdTTrS-uVkIE5S|8lX9p!rTG*O6U)w||V?1Z=W zZ+gPHY&pdFyIM3PQO-IfJ-_g5nfOJ8FG~b82>cc1af*417TPbY8ZNEOWSpN?X}sgT zQi*xVcuXF=ANVQAdRT=F>G>Ag@j*v~vCGpRG(o1*bOL3S*+sXRDV3S!kPFI}jRGkC zj>;QK;S0#(EtqDq1QD6q;M@8Pl}(#b7`|F!&s1O9pY zf%#MlLzZ8Xb*Ax3^Q=Eh5}S@W&r7Pn?!UdgnXVQ0pH zK?;>@!+dLl>(AKA>$X)M0+YF!`kpd+x_bJ*Yvr1kBm}p8b?`7sxAT{PsI+!$2z;Kq zJzUcuQr(VNZ(x~YX)tbxJlw{i{){;~9~)zTAd;BbopO6WvawOt{oc}9joNdYzZixUSP%@=KUzn*g)!D@0`t^MB~8ZmtXDNvk~DeF#5o{kKEKSVAJviGQD#kN%3+ zSkUbo2BAT`BaPl;F^LkcysMQcGtZ)Qq}39`{^rTo+QcibO4?UZHCoPw9?s4N&KQEB z8I2~KU~?c zX;ev0rPseXuYE)nN-TZ%5htE|-;0_M!*psZmRrayMl6harY%AbC6{DV(#@@PjZjgz zc+!g0PL4Oz>bB)iN_7i`px%`k6Y?FS@V{vV=)mzgMCOyZDr${Qeu{qABK3ieC7tMDT2s|DOuKM?=~58YLvYcXaIP zH#$np9+{E`?Yrx~(9eHdUnIX9AiQm`y)rLJ`oV$BL$PP%HX}>m$Q*-Gos~5Zcx7wm zE>dGbY6^v=&gwhY5Ispnci&%Nl55U74f01bT@pc)5Rc;E>~=`n=i8hWUb}m#x|Aoc z5vNu0-uB28e%3vlj|FVVy6-(N$8>!n{lXuV`i z&+vx$FV4HT}}h=$x>hO(sKUOd{!fQg`&Lp(V}aPBk!$tmw!9TUDbTAf;TI3?eDw7x^NaKpcV8%T}7_t*+O-e`J`;+@NZ;ijyzOV9>DoN?=88;J?ehF^?y4W$5WomQTeM z+&nz-mSa0>WowcW4Uy3owlQ7-O~Rnb9?`$=-WSBy{(Fee8To+ux~^`%!tCE=)`hH8 z7LDyK?ZgVJc>-+qth`zeO!VC&w)pq=Zj@^M8ZCOYZ)4^!jU00c&UFnaLaToK|9Cp@ zc&r=t{o8x*B%7>^B9Xn5y+>s4$d)Zamn~b_dxY#AkrCOEk<1VY+3R~=_w)Mw{&=2$ zDz|if&d)iH<9*2FemdA6K@(|L5Fe1_{>{lJB2AF~$=ejMG*%7PJUJyYm;C1Jk zUj1!#26|#Bib)>-J3U4XlpRcK4jv&^j&QP%jN|MW??v}|JDwz!J}7&%aFa1{T#TGm z8V@x-I)C>AVeh#bJ;t7ry2jnte3%D3@tgiwlr!dpZw&W-TaGNh8jQP6@8Ie;S7zw> zDQkXadP*kwb(b~iWffa5k=>4LyS=@Sm_`piZ*P_Q_HYOwwa(1_tb60E?IY|>rWRV} zp3!CqYnur486T2g<`Y+_b7v-B=LPMDT%{5p#&Ioc7XmAwbZgH{tcNvN;qg;U`c>Ri zcyF7cQGDULf2VOKLP4d2-94JiZ0u7a9b@6J;4HLbv{+rSx}^4T4mSPcw%3 zaoZcC?1zgNU2%Vhxaadnel1atH2cgJVw;{as*H5|kg)&a5vOPk4HdVyryqK^!yx=7 zstCUhn9ato%h7$x+L0P3f2_D=E#uiP*}@ zN<~FQS{k)i@`loLyaF1$Bvkv+o4}NCgDVp#Zn*H+BRV>%ekMBIMZ9=RvOe(9c|2T- z`pR&4Qf%Wl!u~~SrN(t<5cyO2sy2uAvuB(4ddE(O_tpa6CLStR`Es{2cf2>PEb!P_ zRaSM4>a;RK@ctkR*E`k?h3<-yrdA+&g`FzMWsk^J#(^841?#>sjQy#d~oajubG?umMPC2I0 zFfCAzr0P^|)m-A!v6c{+*)Bz=%KY!z z1N#!cp~;Q;XnL>QKHP^bt;}AYZ8l(nYd>SKyKojZ;nhCOfrrVz_WnlIJoc=3KWVd0#=O_S}Yjb zcvH)JVBs7h@8;$Pr|DTxNWe~zCAd6ZTNCT76)q=V!A^~ijt&@yP=4CXGDf=lg;{)b zoPTxVRWvE$`q0ml?md2mve0wzE&to+Wioj!`RA+;8EXRge7+PUxpfR4Ubg0n4$cmU zGCzki8|)onr3_|6&kYd}cE)SsF+ImS-QedJ8dB3IRZ~;T5^_udIRr5H5C{axBZr@n zR@KcUR@uvTk1etY?WJTqEKEKT(7Ee3+B8$&nZ8o>XDUrL6)^SdJ^AW5dvkFr@Gswb zXPf=yL0koc|MbP5)a#m#W0T+Kl64)|e4o8LiuHY8v7eoBCqKC*bMR(Gpqnehu!5%d z1n*GyC42~O9QoO_v9seY8|!krmOIP+{KLyNst`T-^t55llrMO$Gw-5Sr{u0vT5I)a zOoYGR8-}y-y{RtL|NkMV5zgNn<9E2ZeCt{tT|Hp9DNsxayL?Zq#wFSec@N(EIQ!~=6YM3 zQC3^Z{YQL7Q@Ax zvrj?eL4Qpy{Uin9@6Jx&a=qF5xxDJiKBVK#)K~ z+0`!n-Bo#y??%I;jtv5o`tUJ0O1*UMv>RidcWiEM?wA}Qs(6=}2$GNl(6oRO>SI=9 z*rSz|l?cL{M_t$qKku_%SJd&BGNIqidcnROept`5P_WEU6^?s+$=q)Chiq-}+N4QQ z;P<5-+fM3rrN?fLYL&;JZ}$AQ{;e(M{|>^qM^TDqV04ug~^_ zkaL@6Wy4YB?x^!ajT}~<2a=mcxHdENE;Wz2^?V$L`Jd|Z&qP+Ko(mDsY_-!5m!~e7DBFnj`G z*4CaPRGs$F9TRsR)?W46w2`hUH~aH8v2pQeHpsu5(eiR%U+B4CuN;$9A z=3@BDVyeVIE~>QD9Z&h*xT2a~Ha5p4TtiUN(q4f?FJK^%4S6Xw(*|o47|%duTnH5f zRBK)K;BA9XW-VZNKLy0E;g$Y?p=fJ>q*t#SHEjz}; zcQBN-g_%X)>%oc%_Yp6j5tV9eqpz3Sqe`@;%ay3I4j$GBW!Qb5V-gB zX><+E+W>||jVGcW6Td=ep87ug;e9sRM}1wJZB!McNVIUq@Z$~`*+v9&)21tLm=3Aw zV)PQVw0t3Xqf0O?W^s>TrKgTxkS61OCc?r@YwPn$QQ6x3NUNlK%lS@YZ^2|BW4*(- z`+OHu1%0}@pZW^oE@vFa?o|a8^eyo%fANxL_e7t9rF*h!@oKEX26=>cd zg7L1Q4k<&W5i<8|q5qRO8dcn#famvMr z`_cP~2V^vPrl1-%2F@es&vgz>dV=XpM!J1!L!BVS7j z&nxvIgG- zfma2`81*@00WrqeSBCCyXCdVeUJ0)5zmrVpW8)?#4xwDmFK&^PepJR&=*ph|n8NZY z=`#eEk62b-ccNeKk2&w!iQ>TZ%j4`ZfBg#O5@W^3P2sf6#Iy9Z?t-tAB7Nk>vGPm1K3QpX*kt?S_Lzz+S!vWmB~F%&;~#Ij zh)^%!RoKRH{Gw;cO(sW6Ghm++_>f;m)nNkVt}x%qg?oOW--^FWwNQA zDazri4oy|+ReDeeRs?#7bc8&nMm?s=laqW9_))bBS(8K274~nEv#%)B z^Z$ja<(rC&3rI`+wWRBE=M}#Y?V~{G?>xS{cMlbJ`JPSN>DIA^s5lXIJz|& z#RW?L$H0B@fSYPTC-6!^K^*@RZv3E{b3c=Mr@{I`Y8|w#jO5KIZn=>F$H<>dO#)X4 zNZCMO$7lEfW1o`@o-aVA(QfAAM!x_h@bAWD-URrf zAQPPfu^;Gqx+uUc$AMo^T+Bi!hz(!k1o?lghqlav9Dc6M#6+~; z(%3i=sG8qFM=s05CY3K$4$?4?Gz((45N;FHGNN1pLox^Jk?gJ9I|PYINf?SCB<5Cs8PjOaUk&~9MpJH623f%nzTyc{v5K15O^UDR9b3sh+>iD9Or4E1ZZeG z_BnC0pr>qhR4=K|$iVTzzO&f0`iZEM~XwFeQw&kMWN3t?9AWsy2 z{_`V9X=P+*u?4R;9dwHmw99n{&fjFeNa6D)n(Zhx*^Gb8 zK>Ow$i^%ESjU+N{u>sV`1jae(sLl-E5B~nGau*-LE^otZ6+Ko~bDLUaA*z^&LcC zAg*i%`4>*Vs*N%7I5yl6wS^o;7pJnNQN;B*P zTA~KId}y{v^%<^gDJoEBPy z@b-_76?ecgnvk36qcrKG+bRc&|8FA6;v42ZvnH)04gGUo6Ld0ks199 z0?`trPS%`GhtPp>+R!f_<*tMjO`Ozp)l(?7$lnASVq8a-A1iyXY(X-c`#ZpBy6;9s zMFnCPcy= zlK8v9^#STQZ3@ich-I@Sz##J6z3T>*ee@zO=wbyBLugAN9wdPwjkI`L3yld{q2NOe z)zz1%3G@hXGissf&=uuZ#*8h42MiAfN9wnRE0_v7IXH5XCfNYs(F7h8q@LI%{%~{x z?0|8+((fXqGI;^cN@xPcW2osY0?J)6D8`yELCYsaga}n;#cnVHOVdznIsY~Y#(xcG zVz1;kgYGs?%Z#Dtg{S@N-&Z*a{NKBg9=bLLhKUPc*u1-%v`0&SzEnnvfq5fKp)Z#Hv4xZKEe zV*$M(Ifw_9#tQgdVG7@y-EEDGXb+|4_cwH4DhfkGQ4Nl^_ix&j>J)>(wH9^DX zIKL|1;kdsr@%LX8QpeuxDK6-t+sgs;ba`g6`e*9-k*{AlIo<3LyXr(A@ZwfWacRO! zah~gMQ7K@_>-UH?735T(WaSmHv#k?t*tYS08yWAjqt2Tj`P^6`o}+O;TbL?=xX;Y0 zfVeRAC&hvJCSQC!1|H36vrR-b9|8=`1EBBYi1G z6Cp~%gK>*g{J2lvcu~s}T7SaTb%MB3xW`;XV={z>qoA}gSg4h(H0zT_9rR|uw=?TT z39WXPbSw{7tU(A)6lR+CPU?tJMd?#*rSN`c7W?2QIGkS|eln2|B8`X6gG=50M1DP9 zdR#JUBp~Q|?$^j|N^09*Ym}6fO9StUiUc3lAGB-KQEz5@X8E@N08bLgv1?#Yi}OH# z6;%D;_F)G1FIepWu^@xwgTSK&zUR-13;|*Pkb>r^_zwjIt01n11_PL65-)7P%m~_h z8d_SUit@>;0PyqjJ4|v&N=hb8frl6*=)i(B19?2i4M~9MRc}ARZZrlah#(52-H}VT z42WNAut@|rWC4E$_UpoZ__so09soK6hB}xQLfv4QWC&FY=nKea{S~t+$k0Is|9i5u z)@RRRU+o8Mh{1yl20>`Hpey6PE5jX@s|B*{({Ru<>I2a(@+F!ERtDJ717IsPN_bcX z#SF$0YU)YTo;N>Oq4BG>PJz-`jG_Se5{Y}8tg8%F^yf2`Q1v9dY1;^{6bjhGA z_>qq#ZIIdZK=J9kzB;#i2~8*f8LOdHi$oTQmrtnqOba^Y8Ihb;Fl8bG3!r_i(>Mb+ zcL=Ix0-#lfvc%5;qNt=Y_}EPLpZE-hL;MQ8SEwp{fAWE%96{SN0)lK65k4F$_rt7n zuv)NrLfIMZp~T7U%E;!6n5l2kkYEbIJ57Vy;Vw*NNE1ntlCvuZuBP3qzki<_M33jl zYH@2&zf_sT5deqNhS^4h9S_AGtj7FLmLi%EM4?o2eWA}A=bkNIp(Tc^y|j6GX^#EY zwAG974wxmTpseMm$`~i1F_B;fl;8~72{-Z6o{_a2gJG_ua1_IiN9Q@bH|$(JkP7@f z(Wcx{!DLuxj10Wj+DqKpAjk*jkvD|6i#N%DlndP1@p6G$PfvM z%E`;g^()-IrzNFFqKEk*J-7{#AI<5Gh%S+Ft>Nb5ldR9-;641h@ONNK9h~eVQA;XT zQdEz}RO3$WlWSWME^;}$p&||Wslo}Mx zjfp%cEKOV znlc^2>yqVfR&{0pE=o&A#=%vO%Sl8)ZueBY4-nb1s?q>n!3n(RHZ#KI9=x4fUkPGl)A_Vy0gTH`v14=Yn_QM+vmY z2n0$gR_-ou2QaEGs zSrfRvpwIwbWw0LXIA6bf2}OfR7istg9t{*S=nho%p;i&vb2NhKwW(|_)~xhCDL``o z{tUk7&!0at;}3#1y)--fDYS~YtUb)CMn*>98-=kj?y=n_Ov5nBg2@ap$Wm-d{X;|Z z;8-^>Fn~D_U<&G;Ut%L8OH5jit}jNeJ^sv}LIpN7+_>G$k5eY;v7uon1bxC}LR%n| zW$?cOuksuCP&f2{k-Y4o_jAGiUcP}71;%lGtsfqw~e<4zSlj zuO~GKfF|(H=X+{&K{FyHOo3PXi5AH4xp-hm+`t0f1hj{MU&ueBqNaXq%McO`HX>LV z@IS1GxC(ZVc>`Z3w{i^Ij%f?H@4$IDES9`1g&GO7q=fH34iBkfd7)g&=r{?fZ(y^* zw)pYl*R754a!BIfXV35h^DYSv69*d5Fy&3m1nmIw;;TdV4)J!|41UU^ zFw{p9S)C{3l8K^wJbvO%HikvHzy5cuM&gngDF zkOPnhu|j-(wI``A%LtF}gV{*YxVA9uJe7h2ito9&EgsH4E|V_0XOik3zUfYG?EDLu zL&puGYo0YyN6X$t{8x+u*3<`21!|50=Q zbA-?Ms-6`8^|`LNI{W>--ER>Qqsqn8L!CJPt9-~{5L!vXu8(ht^BHV>5lf!jr>`)* z58TP|@Dq=3alAKGCCd6{>|%7VZtlPlSRc&EBthfnd9L4<;*gG*Y5B%=v?ZUhbze|5 zddEVG>$BSu%I6*`k#-A-*J!V9>dC#UG;na$r_xv2fK*!HHu&C|m4M|<~0_r*C| zFI%@{`S$~DfsMHpNo4-k3lsvJBOYxbia0HuCvQ`|C51W}@3U=w?b$24eDGu|yVBgG zN$Q2pWA2(sna6h;JmiPOc2EcD^GPTUbOmP2oX9QTvVE3nv~N~9cTsEN_$)#irPN5m zJ}%ZPnK@Ua+Pyh}dwP2Op%yIW^UlIqXZ8+8Ob6ptVL?j1r=ghv+bnb` zkmr!#CjA8o#0O^dU=k-BRe;a}Bq3N?5#i$_fs$*OfUf~_{pNi00hk%#!Fp)k9R}wc zAT@L~E5tQfU%Szf<%D{;g#f1k?m0qm9EAF4N7JKJkJ=5q$-1BtzQGRww#ab+XKpw# zLzZ-fm2N&Orcd`Y>ZYV2dBR@oxCDPAq%Od?4*lN(d^6BaKobt&i2BZU52Tl~ZYu@) z+cY3P!oeGyk+_bGHsCA=ka+b+U&4GvR9bFCJ*BISSAVZ`@ohM(>{ipAPH`kedL{ zo(aafR|3~CiAsxqe=$l2Z=BFanh7u>e!K!09aKi}b8$v%Yqh*V!ISZ1dEdoKs!qJe;2DuUG zX_y_b_95j1bDRX1CFeI(yaOP6FMQRfij*(TyF;22$M=mYG7}9An#Ou)-QSM4V=~eO z(97rdi3mMgX5BSb-ycEf5?kE%OtOoTfptt@Ple&o zvQW+MSl+li$Tu*+<6< zj!TGr1_M*uzoau;!cXO`CRuG4=k_nYyPh7q>@Mi*3~y#%)(8dhvWI7!IHtGnl}pw3 zpb1QAwTEwgBaE~0<+o`i%$IB8?#Z6%$v)koY*>D^o^ev18LK(xB@vHiF<)<+bTaKV zkKnYuaqTov74+tVzqO2)ns1w|J&1PgdA9kgD6!ZNL4cWmbAW^)+UDpcu6X!~VJVGU z4?AC)m#=5EpGB~2U0&oR1%KI6#)`Lz`oEF&lhfXJqLitrsjw`A{>kDRBfF@G@-CnJ z80BvE!Ut>oQ$cW-MFUO)xZyCP0#>Jfl{z#8fHB1?>Ep1>f-dma>MArbkl%o$6Tuo! zJn-Uy+H1H7v$(+ei;Bm9gpv{_A+CN@7%?JaVpLt*I5%MPhkV8WwGTD&dGZIKOSr>= zO#>iIzWtB!CM-jB=%upT+S&>VSo@I_F>qLi6Wmz-rw=dQMra6EcUqv(z%?8CnYCZP zu+ur%BqSsNItIQs&yX_c2w}38JZ;FBc{sqFK4G7nnfVZ)L_jUL19Q2E$c;i4G6h*H zn4(*}cZqK1QKZSYoZ=MEj=BSyoxc|eZSvJ1K&4eh6*a|K|7KR!M#{u&xM1A8tVJXD=G!Bz#*_aGvLQB*Xe zg*+B|*2xc%VHQfkWXC`oBJu|`0Q@ik_XYTsN2{nFFK2UOfl|fdcl${lrrKDA25h@b z5y*m>6E^J1pvfA{Vb5KH@g|mDoK^^l5)gT1u9Zf#fD%C2Nc?O{87K-EgfTbqJQYne zcw4XskzoY0{T(7?X5x{sinN1`>|o(n##W3n6hd=44?n?>17d=W^o_ix@0xrblu7vZ z@dVs4w;nb`2Q>g@F1{0B+N&}y41hVV%K&f(C&4>c*8;30x%TI~KU1Wo?HJS0ZWP8* zqW=bg43cq7ihk<~Y`6XRH}e!WST|HE=?@}oF)KRD=qzw%MLsn(EJFT<;zC{w#eKH_H&qcWd7uk&v#u;oJolAAJ*h;ILq@8vtagw5y@l&f#dQ_c;Jg( zkG0K@fiDAJhB#!AET@U!WIqjCK&&(h_K z^m64r{r$FKvMV2OJ~?w=DoVBqa#~_yO6FK;D*~He3Vi8dPDD z891DP_5l{O{(rl$A=xnvILy#Y1B9yvc4Y9|FtD*9JnFDs*st&INgN>-xDB@ zYdUPsm4n<q8WJ-(XcCJaw50*mlEV*V}=zN)F5Vv4?6j4ZbwE!f($k=_yEH# zcy+(S#sw{MpuazuZiaz!d#XJ32@g*pfU`7i-hvx$@&c^%K+2Qz!fA7^1!Wmoc;|oc zpsnZCXM6Ge^$dOa@+ERdbGM%(RZ!FgtN7|CTz7%BxdBMd=H1`3nI+5*Clwl5ubp7x zg)Z}LeEiQZmb=<2H#I(P*NuCDhHcUT_KL2e*tx`aXy5Uhqg8}lQ2}*C%Pb6<){osA ztU2%_)h*MJHY|ClizogJCVr*hB02JW#a#Tcv+sF%%q4{QIqFDCZ#4QlsQ_1QEt&un z!dckcx7;y*QAf>%*=uKO9-oyJ`xSR#bZ)G^|H%WH2dkr{U)Ekqk3Q2-^&r?ES>A%B zAhd}lRi@$|SWM+fP~Y-Lp?Ce7Ey+L_VKsV+-2C0GrYuu%=pFbsKVEa6O0Fv@*t!X%pXFf zy++1kaWu7}P6kVimccL78Kc$7Tg)y>0nUqaG#`tYKAIVM$@vL7gi2;L=O$O#v)wJ3+B(KU5X3T(oTYd8WcQ> zgYevinvei%Se)U&XbfXOFpI04-m-Q$qTaJ^V{0|f z-Ov5EDPUL2``fa4Rz|RS8Un?;a3@=rFmBEr7R)QA-zw+ZZce}dv9oZHaAim!k_Hmd zB1E6B-%ZN7PJ}BKdTzVh;#GZlS*hs)VNKc^0wcwu6k$~16D8Jyo&Sb;9{niJIDzmK z%0&BgeqT(v{))T%uC>kbL+Yn=H1F-7)ZYVxkAEn~O7?I^cIMlFT?J>g?)M9)x@Ci1 z6Tauq9LHp$6D=_At6)xOR!wubzR>B788g1u^K_V>Vh+8@fjK7EfPP^g@w$9wOiCV) zV6(`A3t^P!M=^0M#?0;!e=c|Jv{x16?zj0N^Tx53`v0ds0u3h@we^l$saFW5N85|c^ge`pzt{<)!^Qc{ z9bQM6>mE8Frbj85H03Nua|<8)@bn34O;axXWo9*f!cmmeWZJU(ZQ`OqpwJUdiQ3pnjV zSYE^v=&n8`pn<#?<`%(Cf>D`CrP13G5`i$Bz@wm;3*#dDhzs;m5|Cd6Ia~3@Tkz^z z%{GA|0-GJA78I@wNR+fS%pp0p@q~j=y^!E8U>hT%qU`&^q0ljixbcJQ|$ZF=sBb_PKY+hi z&K&nN~8^GpVID0k$SSV%UmAFunAa|6Nr!D4oF7*1D#~LkR#O{ z!@}7moYm6Gmw!jPEr9yd4&;yJv5|ySokU?Sf+%Bj>m~Y-tR!m1dG=tdJjVITCdGIg zK*L%2?~mk-js225-@b=nHM=1w2e%cw;wZ@XN{ZrL$dN`@l2Vkv`Q00MO}XVCXD5?% z=pa96gWz&!Iu)uZ0~d~mSsLwqIr5Juqjv-Z626TrZ>YS!3T^rH6DjBfX3^b$Go2S} zd`hp|P#og#@;^Ac;}k`Teo3_x8>@^JK}S$gBC(&RV5cZZzWur*Mnb#Q>se4xkRWp~ zolb-U#@f3e3Z}P|a)2_dG*_UrX2lGCcNC({>Zf;I!KIhi>^Tv*7K#Y!-N&waHDkdh z^7X-sAu<1cv4F2iEi4VRepJZOj8CYE8;H}~7qvIi_r8k=zyF-HH({WuS=aS_)Qtw9L~CjG+7;WLBCfhrD@C;#;! zDyKdlC4cXq+E)Fty1niHQPQ#Fut6j!_fp&BF{R}Glu&PFa??Cw`7?@BTys;Hrcr&L zDbsghixtb6-QY=ry>9**<{rlvf(aUo>>f%+MAzFf|NbRyt02?YwI%E{I8%eZwRwyQ zo2FaTclIOV3~;&UtIBd;2u|fkSvy-)3=Zb4DD04Nj zFL>0vSZqfl5_0K%KEFx<6B`U!EFf2eP62w6M$c^*6nT(ML)4Bw2*N>cfDH2P2zdBE z&MfRbka?1xnU44C;-n$2(v69)=qf&L8@9BdNC4f!A?U~7!|VeecqkgsV^~1D0Qbnk zwi1?D;M=OGssa*;)tf+wSPIa}v4K45=Ui~O!^~r5W`>fa3+n*bwGb9}vU`y-$H4J?0$B$rOx=-?~hc-a9C6iDzI zLX-X8U8Z!1G~lYi&ZOhbC2b)vr9rU%$d=%Xm{Ap_hwHauj(7(Tlv0%-|_U*a;W($bx<(?z${D zNlOJOE^C%FXJkCGL?2+UtI5i!Eo+YP9C7vs5>ah%ad3je`H57#A@!9k*0c`ryB@Cr zgP8Y_$p$VDcFts&;Dmtu$a^}~a3v_g!CQdriD+CiLXOSHwsS~!nd-LCEQd94Cp8EL zQg}_2+wq5E^2T0P|Al`WP?Unw1@=$QhJTrl(bc#+1p)xd+^6qG z`(P4$a23G@F9ZZaO1Ec1)OCi6GWGms&ZnFKGr|q_=^C_xRC5Xp)zPH{tal{dbj+^F zRPSNYO|6%g83l;~&!O*3l4JPN-!D}QT@E*j<;W|q(u(^EssR)j_E{2C&E%qGYtvzqtCF3q?_h6xJ6MYsJWHDqKtV#7LFYOLOn9@hQMgPLTi{44~@l*`+ z6qnAO#!|Z!^>c_ zWqTunM6b<}_3Yu15pPHc@$)e~>;72Lw0v0$(}OFov8)d?4m;b06(Bzdjv>Ll3BcfJ z2FVVXejaptp^!mj0TR6K7_09oo(>;(crB7O!$6;rl5!vVeprb@Ea!Ei<+RT2qtvuu zK}E-Rl0o#FaJKn`6nSMOcD;l@748i0*`gMy2NpmkM#chq_z90N$%X@#^EsTYRyqAx zOZe_oi$gw#yC#!W-nUVI7@0U@k3B@XWQoQhOYa$!3x1pz8KWPqvyi`rE&`8ZzUK$n zw<_V*ek7{jQ6*D|rE4Au43)fV+VmWC5Ts>RK+h~8eS`uhE%@|41M;=V^k2$$APE~# zs;)ng#McGcP_R`s9IpD5*yi3!wC3_jX9H6dro?`RU3Av?j1>sHhE@TRtZ&JK$|H0< z7>e1)ZVnHad|n(~)xz8T68irEM-}@~tJQtkWF}S?7Ibk3C|=NUy@xaq9`>ErTnu79 z)u3u<3fp3&_uPc35XvmvGga*eQS3nnhwS`}sO}di^-EhpC1k|giCl(?j`#)vK%8ec zA?!RO)FA>TmOrQNk(?X`PdFl{n2GEK7;UhUA;Zs_uif!FZ*g(46Bh1JVP0||uvy7b zDLg>+m4FPt zJdZxJk`$exeK)nv;R)_8;cO8XS$*9g5iJU+R6vvQ_8Os9TPv=D|Xa;9@#K}wTT%(_JXIez7STW?X{9r|q{0s~g1;emf| zqxUNe*3%z;x#t~w*X4bOT}^#JL^??XYMIBjtl?1>7R^0Dfd~IVw$=?#yCog3|1k+) z2M)4a)?S|#i8!KS84Oxwl-VGJmm=E)&syDLM&dRdskZQow(i-|OxPISv$^?Deal;p zonWYJW>BI2_ycKZr?|}A_0OPHYTJ|Ju`9#ls-SoOa)R`<`N^p){yWKAeyrB|ENSd@ zSurAMtPL5G>HH{T{#5R=w^s7jg@mR8DX8*w{sbIsleU`#pA9Gsw zp&+v-;1vSfnr7D(EG?j_0g1N&8WuPfb-}YYP~{6cZ`c-0RvJTkOra9GMp$QO5J;1N z^9lMDQdw(hS;Ik)Mj@*ah!J5w{P5Tx#wJ{1Vi#z^VGRs9PtjzLm6b>R;;9c`l0+)2 zt1D)}a!5*i2Cs~nC3f5MgwJ2YZa!&iagv~My#$NSQ!uX|a$RxG` zGRqPk`MElKSw}NXYLGi$@v*+Kd0K0u3N3t&h(|b@64pEOCD4F|kP{o;o@dg<;mnWn~iRL)*M|XtnaF6N;0? z*7;i(66H6zs>M7)1CY8*BjH+M+M;q~lErNO@9V4G>u%@%S4R2ypd3TFbyzzhA&XY_ z@CK?PMcDoBgyn(64RjECN|QnvlFxsWtuss2?g+KG1P#V?wh5+SdN=rKfL06^VCj=rj zk+*`L4ca>z^1EZ6=EiRSAaOZJ0Uy3HIj5#;^uvuXP=BODJg_qxh40^=(yaM0*5>MI z)cL4qG%eVZQUn>n9*hBI#w8&cdCdt4ULnXlJ!QE7&91m-AP|0KipQP%dhGjX!f1%4 zrKLGxp3_ zDc-Dudhrf1IKIBIymbeUl)q+luDB%E&8-q7qH>J&zCaV`Nr`FGB-DuiydX(Dte>RAiay2+l-?s zRGls)q0t6{+(#Te6B1ef?&#k8W3@5oy|wd@=K2)>5PR{!|N4CEILNI1P`lih(D9E7 z_Z`!U-_*U4i#g^TB$8iySu^y$$)K%w!SO}(SokB(_FG300F=?&0<|u^iz9+b=fpq& zz3#d$ML#|}cfea@&>Xx0m9k_KBlrMG`&_pPnlBy}|E zwOGHMnb0CT@E_wEl!ORQ5HYUo?lREPMF&q%r~fbA10HlFlN@S?4&7Zij5xv_Cfk31 z0QRZ<_LfFyVVKAqnx(|so(04%30^8Ij*f-oE;p6){4+~@19k|-V+yu37YrgrO zmRgqBDeP9N10i<}<{Bsc=c5`o3ow9A4>L%VdpkX+3ylIq6Ts(R6D}2=pePUF;Shv0 z*8DgLU*KaaMAIa^c@z2%$i8r#xrR74coW9)^xuSV^70GhZl%&#c+vu*HekyOnW675 z1g@a^!XaY;ZqX3ZUaZP!-t`g_hOZ+1oACc|5f6Yb5wV%G1G|r0bc{SIDAj-`e#j&H z=N{dFIX0#eq!j8viWTH^pyPjfz>mf}hR(R^-Fa>TR~x2#+}u$gO3Hk9W`)v9;5`k? z@!*CM7Z7oiz;$^IMk_d&Z+f+kDL~P#f{iwmF3@>PVWQHIJPYxeJcc+iwQHVD^wW}u zf>m0D%2HA&VV`JAQawU6?`XUNF>CHT^o@{TLc0^mQ(_Mtnz>h+2W+55LrhVos?B9- zNL0}e^0YQA`5$zb_?T{{bd)?8Qu>UH-f@b=(4c=N3PN?@U@G^qmEH6GXZIw}O`iIO zC`AB)i6AfU*EP2;G$_|)`c?EQVc)Pzc$EE*7rde2flPzI8EnMi_IGm6x3Gh5VSB{R zLQ=v$MFGK@sE03wo>wi6gKA2HdWIw=>9@*QD;4jPNGdr}CG{5xX|WhiK5#z-ErP5t zjvOYefnUA%gCOKd9Ksk=xnt50`d3`=@vwz+9dwcqMuimhL(O8&B_N1J$l|2kwZ`tffQ8@)_Q^0%bXJGtXdE z)MT7%0EfhQ6~SMlxsa>$Qg4(_oMEj4)UZKU2ifrAe56i8PNi_W=Xoi|Ns$jMXj-eQ zIc^IJp9Xdfuh!MQUIKk{oMwB**>vq{OmAaC|I4}Vp1SE28^gh2gWZclUnS}T@7>?Y z9V}NmCp#{Vhg%Ni`kApz%L7tG65-`NG!orD$?)JGXzjlWqC(e|)*Nde+75$Na!_mH zSb4;se-P9h8Q6N&Fj|!V8eGWzgVsV<+=9GTeC98}^*x!_P?UtUI4@2n!2C zILT}Km1%fzml6RC0Ut7?4n=<()RA8^g{xq2g1!%#%&3e5sSTHKKz=WIqQz6{@8)** z12i*Kn+Xp;}6-nq!5*jDgv^~gf(_{_V=K=XJsvb>%Ln;(GUnX?;@p_6oom1qhgSF3C}LS z1e;VcF}+x18+1}(;+$kT9gkCa<;9fSp#7tLw`@*muOes-`Y+YJ+$yhR=U-K+<$-KqVb*W4gj8Y@MScAUgZY8gi4FAG@69D`mns+zY`BXHUE zB7sa=Z#PK1`f+mNlZJ0XUCC~eS3<$Vv%`q4LCM({eIqobdlOoBND+#482{RvgcUAN z+0RMr{)l@_m+@0mqbq~7I|mk<>r+^F`+|#kl*D{f0J{XaQ%|r#3cp+tZSb0d6cjU+ zf4q~oD6yLiM=QSG3Pe>dkYOUvfRJ{SW;3ms7-tT6V|$;SV7tS1j9PsTpR> z`3r~ixAUuQFEa;9tuJbQk$a@i7NPu0ha5cB&Ohqd!;N<@zx%Fb#~YmMv0WM`M^7(~ zI!x*5SMcBMm}xv7ka{2ycQg_RL6FFD^*1<(>fq;4->GdV+ECpb%`1WZ$U@`r+{jJ> z!=mZ@XFrxpH5E^<;-XywM$S^N?*|^fzxsMj+j)|FSS3m2{+;1+rp#!>sO4)v=iiKO z)nMtdQSlbT{kRibfs)w)hTuLx5u5t*556vCzu`YHo~aGFECyl=L3dq-7075m8yB`(*dr^9}Od_k2Rr*o$i<=zQ#0+AM-Cv-0Qmi zgRM_|)52XUy2vN`jzD{FxN$EiTXyg8WCz{Y;f^6bHTkO@0e#!Tuh-Vr9uYInqM#uSCmW+ooUC9!hNjG|+4@Ef z*@ur5Nl42J^hBNhr+1O=ecLwi8c8XCN>owoNEJ@-rxTMPFd!r%_$RWZji>1 z{m`4JUJ4D7WJn@Kl}03rPJ!_TI?cyNCOS7_BHKov*kF%hU`dNP5L!xns6t;vKgg4!T7K$9 zU;=nO@*7inSY7oSXlpYPBA zUVFWs=k_?~Jf7!dl3Twz-Z&M@O#2;p`IK|vsO8F?i%Z7xDnfZe0;azOubn$Cqzhd6 zss7;hJM^2{e$4^(i1TX|6@V_T>3_#Kq15vp$Oa%S0DuYDpV0`UcZ3PKs?cu|q1so&suT8*9;rx-Z4)W9(jwGunOC8yamC?e9p*@B zWUHD60vxj?L&67MFwpxh_vrpps>50@b0Z}G>o++CNiiWY z%KlL5HbgyEdHQRE019(~1y!=f{rFL`h+ z2_o(1UZ0=;Mj<#gJu|-Ax=}{2FLv0_!1lFH`y!Hl-Ch%8ym_#N(J0qKmb;5a8wxUF zxHIf#xLT!>=uZIVphuWbFsXmVpIGqRVG;j)fX+N8+4**^<&*HiWusHTz`1{NW7K8A zzU{deIJsj+$`=-_bsLkE!b)sG?5s;tAF7=LWHY&;makTftvIk*bH=c*ero^m zW4kBAdb5+Fo+MEx0hZ|Sq?GCm+eq-~>Pt8UeAnh`|E1Xeq_N=5l6iUS>x>i)U{4_x z+W|ZQSZzaEfRt|;B|_wZ^8a4{Eug4!c#92K4`$z$xUlftX7w&lBtU&W%fs`>gZM%+ zbKd?kL+Tv0?@Q-xyX1}T@m*WNHeh|^Xn8K6|9}w#sX@!JI%13N3G-u*N0(tunLdpD zwS~cx=QHU*aAI4cHm?%dn zSs2?dWA~V5iypJ7xm-j6LEhb3QI&Z&p~)0Ceg>Ih7C<+xK4(XHQE6d63u`YLa(q>u zd%K%k*6xhtc{!e^EazDTy6`YP;_%u&um>I#bJnOD_t|CX%mxcEkVyHI{EKLquw!cE zdzynF9!5r!?c8S7VyodBKb-~2-wr=+vl*4b?{M0!K0s)yR~j0JTIB^z37~xMXDZyK z4#~FTCg@}_lO^{>8~KR~GS-41GGvE-FGfWWMq9(ueYxrmTqjc+TX@e zrbDZ2$reU4hZq4W%fw^7+N`PY1ZnZaN=hKA(ud(Eso5yl6LzWN?Rg*FQWHgD{=gj2 zuD&BzcOlr7FS<-T(u_$`iz}s5Eojnl`W`JsFo;3!om0k1h0qi!z=$=$C(2wI{YFyp zw#5a)TsJS))4JuJ`}F7nH`A9bgkC0JVTT*T3u< z^yg*Oe@=nYfx5H6uEbf4cdJ;Zl{$962u{}Y4c&Z>jj+p_;v3|O>lwkxVHn4%HA9K} z)j`9csxU4=ph4WDd#{dG`C8M$8y;}9^QsB=)-zVSB*~HBxmUyRi=tg~QFf)4>GC6< zFuR*A^YwmPiD!RBcd#LX41A_S70wS>849Dt*9yI3ZGr-)ITp9E{c5R)!93*iS-Zva zv`U`OWM!zWOltgVqiU)4{&ve=HtSe4PmpeONgmURhx~AL`U{=c0p{Et)4>7^mixdX`XVvll5e_2dGWI%BesFsfGOVV!!56NwxGa*$zkV_ZS>w1 ztYlInv?RCZR%wC7sZ-5ou6A9IFg01NxgX`Q0qoCk;2!mWI{-w%kXx5jUS0zLIzXZY zhBnm!h0ObN>qlSO{KoG6UIxn46Tm$jpo{|$?9Ixmdz>_{#TAplX^ z0u!cg(FttR1j-5m!L01hHIH7+UHx(N%$eR9p7R*UW9xq+7%~hg_M)(C^2q$~o8#jZ ziaH?~o!65rQ^C9V?d=sQk|BuEfOCnM!ikJrJt_!@>a*f zXoEpZn3BFDi}cbUt@@Ec>-yK;kB)8WT;;B7^JJ~7xo}88*unz{+Y0blT5MZL+Xhgq zOMO0z!z;5@kHnc-PUByVkL>z{S2$p1I9m45x8&-O4~pI&_qJdzz$8=*5})a#(`4rn zdpS}DxDKgcT<-k}&@SWOUwwd!cGrL{y?q(CHbtBQHgX+6lcs;x-)RN_@&Jrv9hkfV z+(E_b7X6vN^3uA|knKp?I751aNf(XaMlZJ-rRork;gZ-ML!vlxaIa zt-|*o;pGPxF@9f#nIa5R95%7S@%Hc?BDOKv=s6c&d~Z*nyfVeUBjbAbu~=n@DSE5E z!JCbk01je4RK`z<-5|;2PUhpqPA#CAiP11gwin+D;1^}U;xgioH+^CosX^rvSEl!b zBSlKTJszvqETw0E@S2app~mCBYGb4y^VSlR7G=#tnl^q@ISV@OBMt~Aw+1|n(Q+u|4+IxbdynisozymsgN)sCw| ze?^lG+%im=e(nn}76|#ZDZko(8orx|Z47(Y2$TxXrUQdz0M?``YGdMPJ*~}p_b9Oy zsVJ8=aFYFuXu2+6a$+K|xsD&WI|-~H0}56zPxj7|gYYcxuGq4CA-O~qVb~%J2LSUF zJ})|&X4$x_NvW&xIw?e&@}_?i7_|tcu@O-=6ca>tshQJsgSJ!G$wNkSenBJMT>9FB zhYfe{#(MVJ^13kehv{P_wC6G%m(rGmT~lG&E6@11q0sJ-HO>_jra}~3lfWu>Z_H9K z?NrAtWBEt-A4MIuzD{q&zLPgrxDju%$-^iy6Wy6tt`78Z^c-5lyf3bQ|Gv`J5kgAS zl6R3RmqN`M?YL9IcA?S0Ors^maK(diy`FF~fg*YAMWG zDc*YyafIqv)|7T0dkzntcYpRw%TH619Q|>A4_q7fYsNf3`Vu1Xy>i37BaAKOIfKVg zc!BJ#V*CEdA(x8+y6sg@8vpsdv-}NMx`VczfwW9TK-kX&EKG@9`Shy)=KPV&>+#35 z!UIXK^uoZe{;|Ebs=Iyp!R=wu=hvAs3T?FSWx8EEt*Vv_z-SirI>UG(?vBMI^N!s^(RoMGsz!^3;>UZ2pqzdqo;|58I`BC$~=i2j5e(OEmJn5j) zXKAz*zR|-BBJXcMAlC{m#CD?={duWh*o8SK!X)s*l(mHI~_svQ2ZH{kVKak2IFE*I= zNdyuxO}H>UC?>gXqiXldtNdjb2LwX|66P3cHDVV0P?l@CeVQe*bMV6K`!mqkJIjZS zTcp5C?N1{d+DpA!m$g*5GB0N})}vqc*j@H%j(n~aeKxWtJN5eaZx3P-=q+xI4RuhF z@T(T=D(t=%zm46lioATVN&CvRrrj6kD@j<601M@<8R~M}NUz0E>`-@a&*?5x{eQ`3 z*l(EE3CW9`4Mk=G1M@YL5Ymg|v1-Y9B|X$LXIt^)H%z9oz-?Au%wFhn0J%KqDN*9TwYJv&t(;M;^?#DCIRlcTEN(F;(2M(pWvRk(BGtR~1UB%w#Op$CFqEKYckwIda(8eO|B&>5i)t)-nibvrw3z?H~77h*MHB7*Phs!}Se<{j*ZZb$A6 zD3g`kdXBTkxqY%|)5*7UA@@R+&}2B-hG>~7X120pw$xWlx!%~KDyhTi-S+x#w47P| z?e<5ef>=<2I={z8y8R%_eED`8un6a)`#sh3TRqR!+t z@IM#Alo(R0&qoAK$YZNj^U9u$yTG#4-D{kjLmCq3`~E#?~iIvmP7yzEKyO_6@t}Lcen2k@XEs=J1K_K`2RZ5d}G`>y9uTP%azr_GvS_ zS9ee1w82hI^<4ae8ffxj^WkYkiYo(3J4bD9!wpUE`@8k2sR1N0i`el5h2hG%O? z;M13Z^-z=525@El(wuobjayW{Jg-L?X&HXPl6cS(lAAyxNOpi2F#rl#VeAP`Gblck zc<4eX4NMy%n&I})K(3xnr2QuRwgz$K2e-3`zi8cgn@UlBnu=svFwIXVe4?Ba_Tv2c z|?04XL;a?e&3KhLu*0K)~oN{w51Impv89D>0i%=l_CsJwS`!{e}jubmP?lrD6YD={TqH*3%ypiR5UKMe;iJ=o!W#AthB7DCprgu>?hg zBsX>!VknvX{ZthzcT;nA7YABQDWDu=%WPSkU{svYU?d{jf(z37U^r}}aYNa)LXGG9 zz2dnMD_fbL!29i;dZn=zGMcNZbLW%&?Z)k^8ZvBKPoApqe006m`bz&baq`3K=9BgJ zX3pIgo;kno+iH5gfqQn>f7byV+!u%B7Hav1i+7Lett{*vKGKCiHehJ{Kx5x!*;_J` z0%)3+kqo0G^#s5%%e86YO??w2zZmV{BHwonGVifeMZdevIB41%_b(Ns|Ju*1sP}KkYfA zZeh_V?_WToQhG-)z*JoBj@2*D&(IUoE4P&!7x(jriO|=dZ~;sFK3&XPHA2&_PXi~D zO*vcZkT3rN=}X`LY`z5EGi|uU9ik@2tSs+2hRxxbE1P;5$2(7-xkAR#t@oC(jUa|H zZ4Jijfyrl3EeRO<oCm3$2Pt*rnNoP`-_%t^zpE6}!(1j05rfb){`??LpZ4o30{;SJe_F}e z3(xbW+P{Uz!(E~aic;BPX0@x!+IeQ}nuv5Hsvi|MLjUQEcUT*f&BE(8XClp#C%o+{ z+^!|(qzPD?J_4&1&Y%4&y2wDSw$!~Fj1uxN#)5V6eVc8`i5+YJ8`6uItl^SFA2x7w zc3|FLhQVH1GHbahY7F!I!Ue48@!Jt$)78UTW)Z1jmIC9PnzhEE`MOw%|3eIbMu2l8 z?HjJhzYFkfM+7sVJJZL$N6-IYXx9)OaG9ZK)lMp`b!=&CEIG91`IrgUyVKnXOn2_# zna;7CWfErn^!A@m&ju!}z58y(Nac)X`1CE~DRfv?km_lVBSKF0Ld6&fHua&yzbVB5 z+6xD@N$X^8RRfq;>G+KKCA@{e;T0{l~^FhPoCeCts z!v8xga~^EKcUwOmHNE2U*g*X!&Ucw+&K8H|?-3rO&tIEBzIrQn>`t8RhKS_%q1~6? z5hh~uW@E|KEfSYsJ-qSq=B2AgOJpzSt=;aAMZ`CNR>(yS*1jj!ymr;eGO*UNtniIm zgH`fNHeZzEtn=@dP+aKrMn1hIMBG2-7qya?*T#8rlMdYI&RTW-(kcU+(EO7`8%r~S zwiyvaDdQNj-U(aWUKV3dh;G-}#N8L%mqh}WmIgEOD74(N+5l~*(!%C7pJLy-0iqAQ z@B)iv5Yz;?PCjpUx4kEQ9Sg6ewG!*NW##6i%CjEmCfEvigcb*nSQr%gO+ycq641DV zan+ZpcGMTt*HdK|6|5)+_or@z&AUvyXEsK0@RpBhPx=+HeMVHT0LKEH%Rl$HuiOmT zrn|Z@PAr`iY&&ZQ9bT6YvvYou`-V09Vb13fn>EYpt&~E!x2h(au?lY!FtL`rpfQ#=MiB>b6i%mZ+Ua6Oe{&k12l8nD`$;} zSZ7DakfdzeMLmkckR&&TLG+DT9NKHrUpToVgMy8gwjjIHzYx-?S;W^$bR?~k!k~py zL5zVw>{MAWgRs}@Va3>u-{F#;WKdmjZ%J8iIqL45sSUmGl9vyzm1r`{bzkdO6Pad? z3aX47Pa|)@rVl@`mi?U!stUB?GBpleZuHpTe*BkRo%)hwqbeDhi%JY^u*~6_JBSRnV&IBp(TNh*157N4vII>gSA66 zbAO!JrLpA>fA1!UGO3;Dvo{%WzpPqviUX8K|2TY^ELP53-smBx@na@ooTjOs=puzT^)2LRfRRJ!`+ z*hA<6&D=fJ8ZhS-UpNTjL!BgKQ0-x;><+_>l^^=X&{V6(bI1~7+#|-#|Jiguy`-MQ zgb3^P+o$%@(-!>$K0SSOSF)*ih?Ol)CqcsJu(3G_rF2U@w|jaoecpv+^s< zZJs5a>1mQ_0IfGdhhO5FD1jI{hsJ#2O(MVl?)vh2W>AZ7cAGhFW~a7^u+^x68d!4L zC?>`z4!f_HOz+c6!Z5ERBRjNT|LI?)Rx({IMAZzY!a1%#_4z#IXHv*{`xB#`JbM#7 zcMqHQFzey@$>}=Z=)tAqq1Q6f8rx&f!B_S!@ z9tX{Dqss`PO74Z75l4NA4~xJ+i>U8kJHH|LPNugBq57^}?OEs`2GUYIu_m;7HjO3ZzmOxz`hMnizo0)f zc_lJLq<7vpy%M4yDu5dKJyTZQz&n_K$E%hb>9dO%iX(NtK6GWfM)S!yk6)CNHZN43 zb>>4{XCf{Ud`Adhj)^MWdvhG~@VVFNx8heG7awnoKZD=i?}g;?Q)`06h8z6XAR zF%lS}DBvz0x8wjWiyoAKY#~Xemhi;C&)XfmTz`W~FTu`l7J>LShN)_Ag`x&5=QoFf z!DitudQVQ0PScYo21VNFSUm~&i zQh(3j(!VEKHkV9sfCaRC{xnugg46ePr&N6&8>}LD=3kT(eH3@6*un&_v&$;Cvctyn z6xaQlCRM$0-KB_$`RZURp!yvpkn-P$Gd-5yDxg*p)Ms#*dJw`^y4-9n8ZOuoA^@A1 z^`Ed;HE|aN%Pk80*1MzbzDTa0g2V$wm-WpXH#23(fwIRWCgFVgoaJPCNo1tf7GU@X z)JjM-$dX7I38JyNV+LkX4TCmbXIm}_*p#*o%y_~>P%cO^Q}k#hxy!C7Z~<$LpwZ#yTw!nk<*Q zt~Dj~eh39z=<19^-cv~FT=J~2T`cIgI|#{NkN$glksYQyfBoM&y`*ymN!eXdBlKCW zeJ;ZEdIpAegx)X}_SJl|%`FPreL+H=&&>X)uyT4VcuaZ6Bk9$D@*n+I{?4rP+PEzl^RIsT?-4R& z&ZBm^EqKaUQ&^O>x<+@C@H49&$=HChFrO>!Zn>>%MLu=>Z!J_y)S`BMbXg8fnKN zPMhC36D?7QoR-8^)=h?qX(uU_-I8l`kD8kJHRJEiCyjUiKfgZ?0}rBLVydRYdy}I< z>h6W{ms_V~P}OgF=@Hn?CNCVg*WXNLzMUC@iU-%V=C&lkjqD}vOWgS{8ppG8DtPRN z$_Z|VA3|Es;>RwlU3UcL@+OdIE*CM;hFa_GTZ1cY>iU@OpKL{)g;_8~KPi?8&q0?~ z@KdoF_;>dwZiDV^fxgbGON760_QjFkc!e>T$ikW8)r#ZYaT3ZH{c2aGHy7pOXRgVT z{%789f6cp=T4}|4Ngp*d!O&qFz@}qkojI z==IXD2J?SLE$9I?kuLbssXt6^<0GGbGZ1j?^-#lp@jI4RtS>dse`8YXT-PnQ@^zJy%Lm9E_c%TS&f>Vlebc{Byutl%)PA{j zPA0Ph$5cBAOXl^D)p(PVa@zgc$rwVse%!mf|CDv*r2(LiEw9hwM+0_z7vGx~sd01AlVb*`8E$)>|8;jATR-)0g5c7_$ z$_ut^L=z9mr+Nl6Bsl8QO`67uvmF6jug43(HdeP0SmI-k+n240l)+tfcG>*K3sKETJ890{8mIP@_Z4FG=zKdum>zFeLJdiWM)g5r=h@kVi-@pv1`T7 zi2*v?hHjX1Kluf!HC+y2U04Rq99a%RgcT0_eeB4w-w`uk!^FKUcN}D)(KPcnnc7p! z-Z2t3w;%gwoNFDVm5k)0Ikc`liDy5Pcqmu^5t{NHdNzA#O-(^TNtIe4vM?yp zWa=~Y!bNUr-w`XD6@Jk0R_}Lu395bMRIr*K{#SEbe?rb&0=$c`&-@o0wIBb~91vA9 zvE+FZfk5a+#~ADCmRTKK_V}SIUamI)re?DH60dn=fk9MN8l(ZYY!p8L zHx{mOe4Ivu*y*+sr^;LFL6+1N#zXV^1s#aHyVFB^b8~Aq>EWP3Nq1{Pr|PL<)ln^J zAdf+vNc||$#)EGNhIy1??I^V;C*HP>M|Tk>`=j5^B@D*#Aq1U^h5cf37x~kcqDO z7K!~zyhG={b9;>|z|WOJTPM(6@knUWH`m#umen_#{qW7`Gy<+*pv1?JL>r^WVB=^0H)@BtkU^(L zYF88w9Q&)?4hGv8FYknt{%|@SFZ>VdJeOM!JJx*RhPoofK~fT4DJe16Ki^*vTS{x@ zQ12KxWA#zZZ9D*5L^CgY?~aTKwnx^#Wm?ZokEpFZ1I&Lw)pV%S**ZZdvS7Zb-KaNN zP3J%G>y$~!NJ(Bp${;F7F5*7d7I5m3J{<+D3<@m@_8{N=FtO}6G_fLqkc{q%{w%2@ zW208O&>qxUIf{BwmUHrwl#KfMP6*sM(#3B@GxMo?5|zJ?>q$c*H|LLl?$ z$K`#a_MV|zfW4%%BhkPA7zyrr4}!r@@LWkY;u89kjpdu4 zOxoNyZvp?pSkJt{t{z#j{uK;Jg-NwnBpbP>E%IP)K zS89-18@J?6%UYXI!_Z0($~wvqpkYb1u9_i+CSmuT0?qG(lgdFWa0;Azs>olQhna^H zs3}Y;J=Id$4fXAaDg1)(F(%K)nl^pvTBnQzhjyU9jyK&1vlWu#u}^#d>kny+e>yS< ziRf6DC@txgk$q4sp`(YrmbO_l-w9H3*THoB9$EZt34q8SR(~KV#qV|(J%{QV*$8A5 zf&JFE5dxx&5-+eqh2p$x9FGKAP8#k9AZsZcok^T{t|ikarZ;Y`$#AgR&L4X&6(dsn zWiamx?87chz_VyHCY1S-%zudJ{ZrQ~OmD;;gLJI?RW4Om`?ll3;`pQ#g>wqiybg?6 zj@q##X$yx5?Wq)v$E2}<(A?HqX?Msw@B8dg!3XJO(A~&YEH8Inr%~UfhX`qLiC#&h zM44NWU$9lx_wncgIg3DrBZtM#V~?zpM`WTZvkTDmRrSJ{3gPnl{keA5x^SD#gU{nI zk=5JNVKmyUTd(i*GNZ7>C-EEJxw65>&-q>7Qlp*d!WwqaS5ccbVYlf0`GcFAw)5&X zf0N~T#L0LZH%poZS?rVsYy$6IR9w;}d5!k1=w{f;Vzf#8Ih1|WAf=VK7e_NEzm~O2 zIkNjCL(vaBC{t<~+GdEySsdiuA@^K7-qf*DX+_{?bx)am7ld;2XYBY}$u6`Qk}w#3 zb2KmwSylV~dIi9s(hhI!C2Orwi>9U!s@#Xc`)n9y zXl`!K#%nR!7q30O4`?-M{h|(o@Eii?pv&IQ zfitwqMS4lG1N4TNTh98V|Lo@~)4hazu3LW_I(J6?@l>KUY$n6BM_ z%AR%_uj&^Fr9k6AOQ@o~`OM-^-Sezl6*@Z6F}jj)7rqP`J0BDEh|b@+7oyD%CC-+b z(4%)WVggUOIjD+gVuJ*J$s(ypDf)nUJOc-V*$4HXE3_cK`i0kZ&TAp-$00^W$%ZCb zsmV!<;TucwLsYf}O0Y*EJ397dteci_%g>6mDke2y&P(|C_vbTkyD!2?2U7lpBJm(D z3cb8`vtlw~t}D&C;d5;)sl&kZjI^P04PoQUtIMu$ZOJGO=1cnjllRq+wY)d$ri<%9 zmS$#IkIm?s!07kEhinYkIE-_Xwg$neq{|AO-Ru11I+@kB`{JsH?HiE%@ASk4 z^e&nj;V@;xNX{jh*K|Re6sAE*hEJ?ht*szN5KH8=$K_s@s@Wj9O%KtpKuT5j%IPPQ z->wx~-}v}Ae6xa(2#;hnJ$KzEuzj!hJEeJ$zWRNM){cLDy_ad--Fv@P7_Hq=e3|j|5D!W4R2aidb128md-|z$+GufG_f)2G#Pi zU~C6y@;ov4O7fYDCu`0Lim(m(g|}JGZx0Lc-V+isOJurvf`iKNM2&MR7458pu1*Nc za&tN)nhcZ1jIBBvqu=H|wlC0q&y+BFu z9F8AAC=(qnDvTu%pd~#>A$iT@%1_ zx6OAZNOZC4M!Pt}tz`rnM_K z)WIMgmCS0z>ipyPo!Z;ED+i1n9+fgk9QdFa53eW+6|}9k{Z*_=a)EV?z_GT-u|{B9 z>yKSn;U%mLPmSb8p)AFS9${;H<0Exv;5Z4(s%ykCRs04iF(>*>;~PT7QSH!(&iTCK z%9v($=K{da*Zx_&>hC85!_NARuOJABZb?Z=<25q3(VPN=Z|(p}*fV#Ju$Er;1ntEl zD~|5H5Go!oMr(SJIb3ep##*eIUI@wx>$h5<(w7BUPjKkhhTO`}Y0Rsts;{rl&Tjs> z*03+C_m4^o5KTikzh*)4N@t5kYE@ROt9^anu5~q55ZV%=tMt<0!0M<7z4@$O^1Psm zn{Fv6{9)?x1i3FLeWO#tLQaY2JBEy3M8)sYJxwpWqZ|zbmptZMugG3Vad*SY9-7S$j?mhi?*6bpEoaPDQ6sr(nmAD&?;iE|9< z8u~Q~D;1aR!Agn8cK`g5Dql+123=qGCvHq-YYgG#*Bgb%A@}A>J-5zPdnU$wv|?rJ zbSzDx9qM%=49qT}zDF?hbRXcsCNr8xl-*^A5dq15b8O=L8nf`^t(Fgcmi>eQ+7 zPg%p#P5w+r&%RjT2)i}AiLZ)2_4oZrU}i&X`}pMO=*#^kG9=jTF4#OU(C^uD(!pFF znGY`Dy6oX~B74F|n{@=kKx`!~SvQ~>{D{CfmF0>1c~gsH)l&^V4IZ6-xISyNwdz4b z&7BvX=!=G)R6p!6|2n^_dV^o!Q1w&ph3U%fx?q$Y#eHPqCmO~`VSMx2mBVsNFQi2aiN@m>Oy0cU#Wfn}Y+wrgve}^orkp zqYP{o-a#`j#CGz2Nu2@!UBatz8UG+Yii7okeS^=)hTcQ9sxFi41%CPP`E48-+jnA7_f7(Cn=bREWPzkwFR-)FFSM;@@cHA7l zqk^|M>)1*@Gx+E*%VC;4Rrv^jb)`iT(&Cab*Tf&fiyB`p-|0ih2BU$W`W{!@bf2{o z6E;G{V0LhUg&g~#TOXGw7#|wlU;hsWW{W^&G~*a<>Vr-oIw}^yJV`=pJRhs4Qv#(aI5uAi5$g5D3ME%iu5!Mf919Mav zPMnym3#GXLz4sGDEPVj*bpgbKa3Uj&$e1TKK^q5XRMjbedY_Nj*gk$d3T)Fl4wrV)B(D-=M1d(0m;P*)Tly*uvD@%p%p$h$kg2QE^$ilLF0oldd@& z;p}r(#kwQY;fyg?%QTn&F1jO5{>V;xe$zhWR={fOo1E3jgNpvm{r#YIU3GWz65H-Q zfxPzD5LsnJ+3kTej+d|d-B(XgW6u!$R{rgDh6q1+%9de8tnz}^loeIoXlj(YrQYN? z`J92G4+RzPUMjBeaoj8qKMA%s7qJ%s5Bd5vkm%;~Mxl00ipGbZ_iALtzfMiYA-pm> z2VGE9aUGSXR$j8d8PQ!Aej*qRkNFGqK03Z48+bO|XdomIy4n5ht3C$|$5 z5^|!)EgB|f@j=GKa?@a5=Q`i*GgW*xSw-2|Ug@tI#E~g`%bs<7lk3d!o$F*zAjdpi z5XO^07GMN7X`m*Sz(h?)EhB1$2Kj4Q=bBxFxjj<0SgNb2Cq|bcN9k2=!X0F_WneSA z?gV%6YlP+33QJ;Yt4iQCeb4;stp(=!oShkim#c>!#iWhsb_{ew3cFqWi(@orrbpI> zaVG|VnWVe-SjM#-gWx+3{2#{0>k~GkW1~0odbS(C_^e_MKqLO>`TahBKJ=DsHEz$3 zhB@$Q^=A~%sxqEX*NB4$TbM!G7HSPgUs}wA?mKjXLPtnzP@fP=@CPWhjE2KlQ#^2G zK>EUq-tuTab|ODRCBwwr%FN2d5<-OgAY4BE{&1VG>_k$i@!#C+$fT<(-+>Idv{WUf zp`=U*)2LDhU+==#HgenS0OSCI(l(#;K?e>I#&xyf*rG7*dHpf0EDtoFO7^(WxN9_* zB)JTJO*3zpS~rrFJH3iMXZc`-B^N-4_$X{?migAXBU8Q~BD;dz+nl4jC4FML&Ufn= zqdee&e}p)dgg8+{^b%Ki+Oy=ht(Rwi6u_T{+TICga;xMjnl;7zuu@W%0g2?^#MI_h z!268nNs0lJ0>R;^>}LGz=3SpW@F8?#O-&?R34@p(W7Ms6z_6{JywDntJZw2~lp^VtAC2xAka-R)-dP^2p1Eoy#LG29>WIqr?Cd&T6(!&!4 zI#HZ;46=e3E&U@Z; zUUAlyl(?>|Gv8l1r{rNEpdjS5(M^)&KyS>k7G{MK7QWKOn741;`a1GnEGR3Wap}EA zJS-pwrWu<4dVfcCF90^s6a-tJqC8<}7M@@`m{~p|s7Bpx=Y~W>eFHZ8-&Jj;Y0dAmm!u;zge? zG>X`Yu%JZPVqKo3X+Kav?(TMRIjPG2Z}8@PJ3=JwUV;FelAXaiE3luouUlwfpdKXf zzO9=VVP~isdNL$?MRa>v`FVPR8ps8Ild)y`MVGrRCC@$usE8$*B;AtWpSFPE)^d)& z^|YAzOEp39g><+$SZk!T&fm~DA$nN|T4T_n;_>hVJp;4%M?x*kG`zATM+tcuB<(>R zK2XN>gptP*g$zW|ax+~6G}+Sx|Mj2rCD`i7rMzt`o?jGOoJI=s4v4Y+Y9Ku8rsB-| zN&_|(#;O80EKqc|xX>sogWD8AfK*Ur_jCN+t<)R8&b`Xax544aJr-$l+QXSdb*As406 z@hZ3O51}X6`9Z#JvW|g5#>yP_ z$MqiC2ks3WAIiT^w)d^}^9c9)NeXTfNa7q}?2q^)nsBk%ijQ=B#VQ5NQ9 zSHchRZo9&W(p0{hAg8u^d^z70YrgdZuXFm2lOa&hXhtxdy_W&PzU$0xOUR$ zXC2aeR-J2J?VPITblyztF8}D0FYn6S!RB0g-YuKjD3*`zPuSI8>XeUXv- z;{?LyTt!CDfuy*T*!ek%4Z4;(`6aWH-DA8`%#WI7uj(g@tG*IM9Uih&LXKCswGU@9 zuQ{@hS9@;_C#4S~M{7dc>EQ@=qB-ZX%?LQT>}56+cGpc&Ba`wa!N-tj{9dg53spMmkpoZ!PZrDHnXi19ckDVjx4@Rv6{-=0n|Y+#Kf_JoES{Qh$c@3ATiwev9d`TeKK-fkx; zZo*V4%z-qj7ic%U^kF=eJYKMyy&}_8zuC1_oI>J*UewS$8Nl zVYW{fPGHAmPD4nu-^f3&pq``4uXyzI9mqGF>R1;K^6?wwOY>J2KHn~zGi-eyAK_(%w;K zR{a7W*^5Ax;J*2iYu5PuiIcvbjAmf!vDJH3Semzp>J@2_ET*Woq@<)Gr?Eb#vCDPd z_uXVVt7CuOGEpC&1kO+5$c2&Cc%dA=QNC@-k_Nq);cZc)3$il^FH({=R?=cldQD~tEWr{7!2ch4jc#WtYimf=`@xHH9;C*qQs>W?ItG?LM zhpi@}7__|0Xu;~UbcHC7pFHSWZo378pVBL}Jbv<5i%`kE=DiQDpkBm{Co4MN9e>C9 zJ~!vQR@pngn*B*hNdxxs%pmcDT?JhZb#;HLf`XD7ZD(8zXL0MP(R0knZmQmC7p1fd zL;gBF^PjI!V{OKvt1Wa7nXr)lO~~gKs{V&nkQ@Fpu>|_8qhqPijrWF2=hy$o)LTbY z8ExIew6uV9cXxwGcXxLjI;Ew%I}Y95U80oaK^i2aq(jO;1^jLAz3(@^=MTqlj3aXP zv({X5#a{E*vl5J#JfD1zRtShS{=3HKeKvQd1)(QdhUm!my{*_9jlx$U-^R)!6@FfbxB8qnW07??nsvG9!Ok2u>zOx|Cm|*zt|lZlCM0Bo z^(1J~-L;=;Yd@Vp_1f6LX5K;H$9^mmLD$Vbo4H}c*i@kJ`2+Thh|Bcp+AAn1NEwf# zT~HJ3jkCZ}R+?2;`9jE+d!Gq~{@Ob{xI1nx6bt!!U8XbegKE9i+5KYNHN8QI%c3nr z>mZ?TW^~7_-R0wAYicQj)zvmF2X;vZebC3nYmphG2V4Km$qCdN%Gr4##_LoqzKNaTW+h_+GbB@hgX_5&z0-sco zVGmi-_FBy7(8=u3$!PC2OM0IXbZWh|zC@HtA>QG)^T*@|x#7U;tAyEs5d(Kae1b=F z|NAX&0vqtV6~aAz-LLA%WiM(=?gXPNuLq zj6_pnf)0AfVS9E1?OKyrm+PO^!C0`-!t-JhY`Wnze+R@}(h|Cq;N;`CpE4_BUrXyVlb6N8l-W(LvGwgK`?~^XqliCbr8tvkGezD- ztTpKS$0{BZA_docs&{T57YVM|Q}PDsyZcUx7}`2=#$kq}uU@yguF`Hce(26qv4)IT zbbG1a_XlVd5N>p{x4W7V5AeBs8P0yA-Xw89JU&V!NHx&;{XX`k`uLS-X6JEa*5I*r z^bbj@%CF)Dq+8<}3Ipmj7ve8^4!yVfGfx#>s5G3DhrHi8y@$PfUM-IB)h{3z%v79u zZJwVyv$4%2CM4Y6qIOmr2nl#5wBoLZe02 zS%uj6Bt%%gOvftaa(yU~__>$2M3h4HGWdS}=J8MJ*Y(#9KR-SW_+AJ&?4(e<>2cre z2;Te(sdOdp0plRS&-E_011xv8>0+_phF+Z1E!BK96Andg$iQ1#((d5n^J?$7^=j=? z;sZwH{YS^#%`?Q@F~rT$S6>SfXzrx!D;>1)ArY-c!%R5v;M==b3Vtp-@9plIvCeyd z!_Wx&+JQwHs<4FA(i4J(ZoMA)+q=bj;!P*H-pDS7N}Dcc3l%<~Swz&reG6 zkPBEq7heHBRqpgY4IiBZ(EvK# z9FIG;{V;|kcSN?JT)?pkNlZyeiBDnNXh}*gbD_R%i8Jd9T*>!wUUUD{>Nt~gIp9Yn z7IbnD|Aneh!jIue+1Oaw4I&S}DlK9p*SG$mvz)r6lKMS8m&P+!wR|@s+7a7h!Yab7 z>f^&>`x*=7N%P=#|MfD2%`(`@&kj0u+t|Sp+?x=6*v(r3h4wXaMH5fv&%XQ}BrJeQ z-!Ck;+SKh$Xpg2;vrA<4dRuIjo8=O^JX&s#XLcA+72&?QzN~%Jq4m|k+!VK(s=i4S zO0sBg`{gj&%W%FEMd(gGAiL1}paCS+jXb&!*~& z#2-Pu{_b1tk2hA&UeGmSVntK#?tM zYI&`zx2l)5mW6NNfl*MDT~eG=lu?)th34awkW=N-9qqh#z!$iy+snI~SNB>6%+ym&Vy)Hk-}N5+=r1&{8MSfu;HztBIGa&! zK*vzdyNJqXqhhS1iv4IR9I$_}P{9P$e}i_1Xi}(@z&@~F#GO>4f!AU4xM0`2jjlo! zRpFrj-b3sd?f&z`U;E`=u+hnwKqA2bv$Vii8d)~#>{VQ#PON5Ot^G5W5}`CL%IzzG ziVEx9T>|ir%uL>1FpkOc1j~C3HjqjL-GAB}Rd`N8`-yU^=kL&V@UtJ6uUg%A!XN)& zr;z$C^x+-=x(3)M_Vu=^ zw{ooWTPJxVD_c`@lP6A38==>y>_fb^l>~9HtQgRmw@SXBQH3U!SYurjuX_30OmqWN zvwwXyAo8)uTeFdKYsv0=)USLVr*=6&dw26`Yr^J^(jtA6JZtTx;GecnN#<>igEor< zay35^ltb9X$|i1~4{-Gn_wSlcZt+prm$*orKmO>z_Q`MSSxPc1f?T+XZ!CF^Z(}bt zb+(KqJr+SIG4p)ry?^}qd|Z4Xae33Ho;|WE<_xpqk zakkgZiwQ2msV$R^i!cqDUeOvqRe3*?z`0LvjV2n}omT8Ex4zDO{bhvAg)hAJuNGK8 za(?r&h%)xGnSp&vb3GeZ3o8p~8ZdvHV}s3daI-KmNwBdA@$uD=u(0tFburJ)utfpX zOh{ConPz2Ub3St-BgbyuIJ=_wHz-Aa{VQ)7sqlB8f{%}xkt0J{%uq&tetH%Zk1E&y zm)F*>JEFOwfuS41lSPgN5e$;T*T=Q{`_Xr~oEH6fR3%x3uv_sLeCQY|sA0tV7WNa0 z-xtvTbAN}O)O{!@%B?4LpuOMtjh&pDrzgozmoZgZdu!|4SgLU#a6;1W5q=W57y0}n zc(>|t{N(oujaI*^Wz)~iku{|`a=9$x6IB!ysl98eYwQngkBJC#^mTRD)&rQt`JbcW{&Ih_g24g|%Uth^1u-p0o#%Rkcd zTyu{3>AK8|SGHq_tjDBg+Hg>p+44 zu`?;|*ipNlm*;1spl#2})&O2I*cK1Q5E2uVBhVmx+FGUP-$i2gwOO-UZgdUSR##VT zGH!l(Ckc>R3#$F|V}9N;^S@VKWbifbKuXow+4yf^EfcUHHV%$g3=G*TPxfl;7c_V* zERLtAc}7Me0RhO-(I2Yp4v~iP^EYBpUdrQ9wj`IJcnkmg1r5TI2F8Y5=^eqCws-&8 zIaz&!Ge|>#*vs7=hL_hZ>gT$;)2XRCO>J%TG68Y%1!a$245KgCYLl1?Qc);QWup7O z5Qt#eOCh26rKM>D3eAjoJ$*F{-WXQh0x>2gHA=Tm(9_cav#MHJRqy)DjX01x`un>B(2DdU zWG;PtfCpm7j((y+yO{eOL0St=j0@d!&Tc!6FB|P8xYOt6UfaNgs+(<)m7Rr8L`ZmW ze0+Fx)V}*(4v19^5=iq38Q`L=-Z7@zHC_S&rmPGqxHD|dz{1YY$x~2Zbc*%073|Ne zheD$N6W5gDaqPE*@H&%A?YCs|%Lcl0$hwuK{Tv;Yw6xlO2dTJ;(_5{RLKqg6$=`i1 z4W{Fb2msq{!KOGK&wf#&dS6u*wfG?QkTflW1}1L%p_#u~WMVBwE(i8(ZbPSFCIFHY;UDTa-)f>@EL-upkjb47I8DYVA=+vPv2W`apzR``QpZ9N({=Rxy24#I(K~ITwD?z&U)t$~nw85*xh_}!vl1*4sRBbkHDZ^f z?X5~&cIWf6`s5QcBYk}uS=*fV@7nRmGb7sFWRpjfw~cdb99f7Gl>@Bd>g(#7o0^V9 zBb0<->vT&6WIIRw@(!hsYsA%+1?kk zeK`UR{Y+yS)3SJ^3kw`8fNb_*g%B#QJ}`9k+3*nH%lICt8R9Bu-i zAt2C&gO>B15!Se|A*yL%apf&~5ZjPyc&sAR*tGPYmqUV!*n$-a`6d`**|B-~eVo(P zOie9}Ubr9>m*Lw~M0eTo?@((!fDQ(0nilRtsALDJlm~n3VZ-6fu5A*%KL6;ESiDcs z#Fg*;W7@HU{P&J?UP|+yU*_PSs$AdhD6lxEMdXjJ=UY?WX9Bzp2BR`R5yU;+#~c^dBwFAohk zoMD}cZNKL6WFxj#A4U1CsQjT%`=QMA6I8l3v#rlXGen_)))`TPq0aUEWJI0kLlYgk zF~=NbPY?It;^kk}_s-UFEdDuJ&ub_uED z-!L|>;|Wj~&Y^~jlH%?PN(*NYEKB}l-03H0PDXfcEkdm?oZOb%H;$Q8=XMb4F2ha2 z1F3hy#J<@{x6>QQZn@=Nh)cFF3t_$^6^oY1$&KpzcU+6#80hG>kkb=F!a0m%XYBk$ z$xuti)M?N@j+a=ORcYXN>ah$wiq_YDxTo3q;w`OP&q+o6#rGvyiAb*#ldLGt;J-X^ z6GtcG4|DF?*Y7XihRh9r%MW+%xH8Gw5TvcKQBB_nO`1LD< zjet}=Xqvb==&FCQ_?9_&^l3Kd^K8zF0BeV{Zj97vnO0uW3S#}QqKe!6n%#NKMJ4<0e40L@f3v6`%J7i_Ca zl_yaDWRY(q*AfgaG!CuZ<2Owld;U3aP8GM|8mjORsD75r^e@Hie^mOa;2v#zr-Or< zx<;Gk7rAvLS6Y3(zk%WeAPqxS%4$OS$av!u@!=%LdQ;j~Q!qcwB2bYm_2?P35rRzG zk~86tw7%}=yn3LY`L6(@p8TdrEuNV9y-nX|auK~mhwsPJ!&)2kxYV91l8f`z`2C;F zX%@Nrh;(}*ll#UQWXxB5ie`>XZusH)W%=Fa z1fg%-)D?c_`g#s7UeRYd#vVTx^Hk{DW}dz>o<8z|L}^!%w2i`K{bi2v%0f4ub?MJG z?E~Wn-YFk1ahl9K=3Vf0=6SknWn4UCq2<^-ojt9=-r<@9CvSZh`Yvrs#cFLj16z9% zrOFoiGz|_D&KCum{&d>vF1z}8#uCU~mf!A(YGxS7wEPPJPINhWTPPOJ#i8t|+ zdrqU?Sd02jMoR+fmH$q$G9;`&2NUNgNilX(@16DZW5X0?xwBn_bPr``og9HwY8zUEqBlC`yXlOTmzZCOsS{ldZ2Vg}{^3L6)cKE> z!68KOUo7P>m&k67qwS*`Ck2>m&ZlAXpJ3_>c{Ez<;r7O^MrGq|Mj#SW;AJm~unN&D z4{k|nb!uYc*E5@Fsbb@UlNS*!uz9U@?C_nt@oj!-`m+6WY082KMMVc0OGC#EZtKtt zPSRWi$=t8)xQK#ZEX+E=q3nV+YPP=Tho?F}2nZi2e%cS-GU2(o&FHxpP%}_Bjr})% z%BxwS2+@5sBj9nfY6*~UWHI{d)EK~0TTYhQZupPV>i#Cy?06(p++S=;OW>0qLKC~Q zqAvi zmKSsN3eJ1a43i~~`WH+{t3Z_8jJcmX{V7vSN76OdI2Y_408vy`&;3+5|EZCZjkkXs z;@xTI8wa}}&s%3;rRy}RQ_+RQwTY17)or^sn2VD!WL23rl`_kub5ta9u;~tdrEVZ$ z(RIZ+CjQfOMq)0vU?gp(n|z8=<SW(5G%c{t(_k7;i81QiLNnT#5`2o4#%+yxN;OH9qn;Qys^uID2|u& z=j67Lm!zugw&C3VaPkZFm>(BUWNtFc|ct>B~o!&XhH~%gW?J@ZgPE%=!1+7W2 zd1!Sg&R6Ag9XWtTF;?x^yzNkcLZo<bvqk zXCbZ1;vgrGKXw5H`b6X+{oNLZFxn{p7BIuClk;AKNk8=B@(tmg}sX2DA{ z+NzBYMWo#QR(~WP%Idkte_OSzH&q&;R>zZTBUv+yMof1pfD}c)CibX^_scn<_COC_ z5lvBT@l&;&Dv!+Kwb2l-h&ch@qH??^lD2Go9xowYnx=I!Z-$@-^2mEu>hENyVJ%5I z;c+ZZ%XBy?g(yhu8<^b@d3GcCFZ$p}rq$Yc3D~U-mI$?-lGUFnGkR<)bA)$F$;W7o zXu62cJJoBwBuZvXbA}*8lSfuN%bi~%lJmJELJt|mr`GurA(bA)u z$p+=>{sk2x?biaWaAFy&+zzfc!HHfQQOCY<(>gmJ5>ySyD!Ln+c|^=?mfxTp%p%Up zl`V*TE`L3saO~TG{KFnmqg%et-bZGc(=}hJt}w@NxnhNd&e`Qaf-srD~S9;f8R z@Q4g*16M3E@|vaf`S~Ho(t~6gJ1mM}lp(ET%!@y@{H{_R=NlV{i&QTlo_2l65T9!) z$&D~>27{=>ELvJ6<6x)dy`hh#?O~?CxHHir7Rlv0rjD1VaXk`Pom1lyRUaWzI+XC# zfxC$kjvXFI*Xcad$fOt%>WJmZ)GEsvI7RZWl6Mr_99{%Wxz^XP=-R~?JLB%fg~4I> z$?F-I*k|=t6SAPb5IL-sAKmr9S4!tuk{7XSMa5V;FtIx83v}{0(3Oe4&j56yRYx;q9$Tp0?u-c^maJ;w~Mk$nK-Tq zE6^MrT)2!CC_lQ8ez;g`v9hsxq^~qkxu;1UGS>& zRzWH6zfZ5)(0(MMH-FP!-S-dAxu#C>^IqT;Ev@H#)*1|@?lAFI_xnCy8;BU@qtkA5 zayEdB$qO|oQNc>W5%DIWzYRCv>IwLRIWE4AII26hJk$q%Phm6{g z#I^Xu-at*L-X4Tdh^jDz@Yyk}b8^&*CHie)LaVV#8>X{q2HFljTugg|O5h9bY*Cpq z#ro_*cotf;X*$LN?<_o}1vo{vyzxK+(%i55aY^JW5-6GuhO_8e;p8%hddz$B)%bh5 zcn4?}IBEP|as|>~DA7@~+EFp0xc0r2SyD2_MHZ2Xr|R&Z>$rD|ej);*M zAWqImLAoRqcqi6l^lGbmBo*>?x~2T2L7vqf&C_I}YCM@#Stv(!wHdUP*;w+)^=IR4 z@QNxdBH8;=nt@np=&huA_~}SESmBxSi1!vy^5pzTKN4BP?6=)(5%g;6)IIUJ`0S4D zx>Wq4YEXKl)lP!xnPi=8ozZRQadS;l9=!Uz7*{WR5^C}nh57QeuSY}R9YwMkk%W`= z8ng+YPqG9pX0SOfU@F>Vbp5)7(wzT8oXU)S@L9WThA9&FWI22Olps1MvC|L-$?j76Arw)>M( ztsyip*mI^z#H@Tdv#DKTQ-qbRRpO1$-)~n+?F_#~E)oP6k4*;3(@qKn_tsN6=bp;H z&b2?KN4FKWOJ?|_51I0*aB>@{=`-%)Tj2=1M^ww@Bf!_;$8js5qhvF1)R0eU#|Y-z zPND!DsVFoqYiGZdR$a~Xa*~cGN$WI9r>_)NP=fB_lUON}D(0Z+jcX6o5~O@zR!!7U zRKaD#R2xP?ML13lqjPFPlafT>XR%YBW&uXY{VN^``Y08%XrII`p`xt(c0q)TG=|?Qu#3*Gh_RrD5>u=^3oLZSqQ% z_*j@Odt|@h6>q4KZb@m#(ZRO0p?tf;XW{JO0$7-2dWjKZVN)~)wlGkou_D9`P!fu! zA%LsDhI;E$58&Fy&mkTs<0!FUG}b_>yt1P5P$r?DIgBLR;T&ZSSF~8slHW_f-u1dY z%R@W$1a^z1xZ{rs?xg(h2{PY(mrcOr%|G~b`du!SUC-j=%*!WKu*2Egx96mA&M{Pf zi6}HwKS#culQ&msw_k;kI*1evrkxSy9v8$~ivFr`TDHa`LY)D=RZ7qTrX6EuP!fg+ zzu=6UC6}+QmK&k3qFCT$g-)d?g{K`A#p39Nljf}xCx!rFd6D7FsGFUfO)BS(`iZ>a~0~R!rI5{xo)0UOxgkG))w+6Zi-3qzWXqVaK~ zAtS8p5{mBASa%=@_>-~ia z1&u;sTq>%PjEsMJqCg|itkI_0O>N<;ft*;Q`kos ztg*gc8ciQwCtFJfZUjDV?^S^MQdXs|l@-lkOdT2;T9PWCN+~-~h)E(`Sor2IBNKU0 zUSeAJAzzS2br12I=F4m^dMqYt`*h4gGH!G;pCWo$%u;wo>1A{#MP6p2xUfmoM#ltd zQ&Uq_6;EC|r1$Y*S|>4*9T&7yb+rgytT>0(k(H51szV9|!U_Be4NJlZby}=)@=)zU zByy{1mJx)-Z-| zBerj|b94FJ@=%fB+u?#bvhup?v)gM&#FAiBQ)O8P36=D4yq`3h3t0)0({vUhNy?>! ztFa165Ao@-c3^lO32%i(6k)0b!A^h~p(_<2D-{%dSjcK=YGSZmFk}>1(yV{MAc;ro zf`BzSFWRn%sI!fqrh_*EPm6+ZjG}9W=%tLSWd}i%KvnB#B*%lSpuDt9k`$&zYpjuS zjJk;tmPPl#y6*0B>H_M z8beP{544t{!k)A>1AbRvZ%MW`qioX&zee^CMm>y)e3Z%$^e-|FJ%ksRmVkn6EG7vr znA-u;AlX@2X>3)EwT+EHVe?O~=a+xVmf%lJLM*8PN?ObVd}xh)m$E9JlWa&q4asDNA7#h>-sNc|}D?m{U?>0i@$7DAbm6*p0kS7a3Hs zvK*J`@@MxE)E$Yat&~Aej8fFwVJr@JF%npwLngcBSz}9!Lej_J-={S@Z>|O-A`oy( z3AGfBS&<J7HW8gX(3lSD@gn5wC{6vd@ zi|q~9p&DX%A!#T4;I$^{=MOkvZ4%0F)lR7Ru4~DQTuskiz)~Y=8v#efa|7)(!~fI}P1dX}N6)6zLerl`yE7MG*Ci3h~;H=1TtlK5yYN>AtuIwmA1E_rbl z(S}Lp$r~sdkI{3WiXwMXD3s}ca|q&03)y3K6cG>!!?qS)Fd8|?>cm9B)wFA-zyrg% z|9eVa_O{uzA)G$0Z)U!uzY>BAe~k#VKowFcKLh1dFc>g1Jsss}CXU9;pt|cJtgWq0 zOGo$S$HlLcid3LZ9dtOI4J0)RB|@KoG39WY<)@`-0t9>UB2p4)X^oDK-re0HCSb-< zdgr5s3mD*WGf*J$so+%;s|*(wlIQaQ2_zs{1Y{jCV>d5<05zmVAU-%dJ6pAxHa61Q z+6rcMfB>Q6-bnPKFECwhpL$Vt!L%IGaN9gbFQu`G383n?n=G`Q_L=a3vFd;sN2vo} zQdLZK0|)IIKqZh%>`bRqXtsD?{83p&<;~r!5Kyy@+L$+^H4 zlmhxTH5w(wBCi>%n~l5BXN6hm=pxhMK)Zj&QOp!AbLr>y8+TwT3kwUMENkD2(!)Ak zqVj$>IePKLSFo;slEmF*9-=h$1M>9sGao;RmeQ0<8mp^eNiHLZ5J1Tf+OVQK z<7oBY(Ga&v-GlwUm`OlsmroElj<&8Y{R1^M7i6-oZlY7|J}gFOz=#OdmLJ|oTi=%1 znj)4_77pnn*`{@NXSI@{hUYC%9yIQDnbMt|nW4j|W*NeD4!>r=u#6{0ti^~kR)S_s z4y7+GE^0%pfzF(9kDD3}PPHVu7r^sfeCUR?jSU*tmx)w>fQPzzj`%z;R{5(MC5tOq zsL8{xt5A&=neWNv7Nc0)5v;`Mk^3q%oKz(l!doq(1v& zXx|EMX)Q+%(r^sOwBe&O7`XGoym2z4h?PdB58{leYev$Mxb5g^(A8!UmJ=YET;$Zq z@Tya^96^~j${B?G*$1fH8SldC>KE?CEPq6MXNGlBd$_?&ZRyn_%;~U~f~%AC48iu_ z|2|)Q;d=VF2BiZ-fBdNAn)*2$u__0qVcwipq$DAd`0lq?~*Q%nq8kFR+NIEX|%DXcwBxhz!Q;2m_Be2LgehZ_pX~ zH-wZn)jNSF_zxnA`p8HWg$A|J8l~v&{5X(v8o*`_J z4dGK;Rg<74#ZFL#7A~ml%gd}8)1z8v=Q+FD;6(6iDt8y=-!_pidLS@SQ31dP^6uV1 zmAAaS{Ny)W53a-bMztW4lna~?uFaMkP|5*f&oneNvXO8gi>&+LAm!X);mU!gzB)j zWMA`1yTD~sYm-oBI7=fTO;TIp_m7KZQVG8&yq=QlJ0)bZ%nwRG(AB$Megr2(Lmi1s?gjRQl+Z{I=)Lbu%z%VBMKZ6JIvH{;qYj&RRU__Z> z*F3QxsR{&6o{vDb){1m}nNPp;_=rx&^8O25VSHF;$`=LJx44y!TAK>G3aLq?0ts=y ze{8y2y!Gc967cxE(K7RpWZ6}Mq-U`2JX#6lVfO9c(O{ zM}}~vmFhGiMoQ)bx}l>(S3`@Lmj3R@VLCGnJ~GS$%v$~L5m)fonKonn@7ul=lVGd) zN0y#b{!{7&5$US`yg8OC#D6-Ag^1I%H3V)tY6>8LnBUi}gQ-jaFMwC|+D>IeMMZ6F z7^hC?=f5pDH%h|E%FE}cp0?4;u=DZp0rf~=H4F^Vw6{3SNAP&d(h+nj zy%`yJU>`oRozWl|9LUYh1p^>CIXU^&BkZiKtjx@kB9|jm_`@jdV21Ez=#!Y*n~S!I z;@}_aK&ji}T@c9|%>k#CdLnawE1=tsLC9W8V3=K4n4}aC5YQ=2nC6his@ian#qVQh zYfG(B2dt*CkzLrjQY?#A<86Xa>oaUZh`oJHRh3rM*}?OksY87CQY1!7c@bn!jQYu{ zwodhK>!qb7fF8?(Z+^DfOz;-sgej4|_VSvi&MA%R*G$3lWDzeL^v6s~oP|os;g3NY zOkg-KX=$`+)M#7$OF}nlYkE#ZmK4!>9HUqpJ89_%!D8x`WD5Z{Zt zsmUO3JzA$zGoC~uvxM@TlAMBKHmGcG(J73iudlCDywz!wj*PV>^sqFBL(1cMmN*m)NvJL92YI!RU!iLoLX@&thH_1#tFng>4I zOw2wSE$?HADf#$oY^nQHvM@9aNlcE7kMr7-q#Zr6524vw#rSK(s(q*A3LMGCZTg^5 zP)uSmy1qD`T}O(qBkC!-39MpD7KwPC2-H$iH{HTWbT?$=^*M2}>;7N(;=R*kDeDv^ zJzd7{;NHwj8sys)M2yBh2Ulp$P22~4fOfl+R7VodsX%9$PJglX2z~ex6kj-MoR;o2 z5?L*RB~868R4eL7`3r_gotGK+Q5C&JJR6)T$orfP#|vR5a0FAD__6arZLv~pMc6M? zY0c!{{o$%WiZ zYt)MR=zATT_BThg#u1X|Nz>4ll5 zrsQUutR#mQ{`?RDoBpmSX+#V#8OO8bIshkOCB?<+nf9~!(L8{70GI}`bY$fYXwbcS zBRFmG=CaGaB-r=&>_~UkO#~e<`#69&}}J^Q%cCt^8V>}27`)viFh)P^#f3!2C&=~^vkPY_QyDx z`}~41jx(rSv{?>Ew6=1uo60CTIGiA&Z1lKmJmWCy$3Oh@<8t)LZztG5)F5XbxGB&& z&%TO@-(l1!cKH#v3nY$vkz;LEUeCRn&@2-T9Q#IJ52rS?CliYef&fQkLOl;69UUz# zHzrTeq;@EnSG>>bAKUXMo>=@)j&5NzQLj5ZwApHfs5Z{W9~;r~?l%9sI~5 zv!;Q;gul%eHo0&b4=n1#6wH)d(QiqfoHjTC9wc?6J)O9R#PW!qUh?uWwRk`bZh^vf z51urdjTjEo0EJ`KdaqioK=T7MT`GkqIy(BL??q`U5JDOn;sh&zwuur|7 zbW0N#Qd=p9)pN*6QL_a?d@&@5{=}}rKL50qq;_ zc6I2feqoY9TZxF=+82A2N@l4hX0ecmdjJ8^JV;dK~%@BL1xfN{H7s%PmvQD+f8u`q=yngmd+7E7AKJ4%(-x^fs1(W)Lw9F7b zBLXTSAN+C}uX-f^|HtGUK*{wf>yPPwF(!Ja1WOvsOai71B83ph^gv|lpuSqFdCq3_ z+An@Zm;--OG{Noxq*xXKhuPh(o8ZL{{@e-uJNjG#_B+qFEV(Nfi0J|mFd#NP6X*iy z4zuk0hjd|;mcqiqDwSOEI~X4#3g*eq`@dgOB{=_tH6C|#bTkccM^si;=JDD8I9oaY zKxDDi_qvAL^GgG;=NgH}I*`F`_P7%OwEO$(?ii#i zn`JW3&N8sMh6bP~{y2ic<^6T**Jr<-4`B}v4}eq9#Vkon zOFR4lKD*ZCY>-4E=<*31#mMMr8@WPsOw9fqE}eYgOTUjn^d3MVGpk&9nkRBQ{c&Ar z+dnb^+={wh1g91Y-&yXy^A3C$=g<8Dj?km0kL7ZS4!Qs@xiOWDr`t)c78D%DX>!38 zLq$cXs1IxY4P4P?yPe90KqL)8Gv8!4FYptG1h9@Tc8z?%6-|t2WqwBOKEM#P4 zfJ$h$-$dT#XTaehjJ|nAQ4(iTU(d=gzDoZA;~k& z+G8UArs%OmGfTZAAsDF?6(#Bd29Oc49GwV7?M$IfVtX4-91mhMOj7=bz2gk138A9i zXPO#MC}z^kqSEK{P+qq_)J9q%MXi~?!SdrUe+$jytjNmY9cEE~LxSn=Ga7@nXq431 zvlCL#8finKh@|JjC~w6|K|w~QB4sRV6jn#9+N^5tQrdFL?uc(D?_ZY7((Zd{>`5fJ zYo1g|t%jpiI0ZN4(udBy+qY#&_O3kKn|7QVvf5~*<0iK95k^b6fU^}xoLR&QCK6CY0>gCckq1&A5b*g?O?Lp&HhBG3xBr#F>MQQ3@XW*PR0IJIK})U59R%C}{ne|9mt zBnq50armJ58zkk5)AjqH)8YOasQ1lT&vnd+&)kYLGR6oeUw;>m%yOVqmEOA63q>qr@KWw_eY+CDp`n&lSJgY_WJx^?0I? zDt0>w65QyiGr;t}0w$T7n5d$vS}5ph3{cNJ`1=aD=z3Pw42sR?0CsHZH25@%#qu&U zGfPTRtsejURL}r?;2%M0GU@qO!3ELupMdUi-4bxi*^j(x2%u&LSmB$;?`weQ#2K3^ z$k>K% z0EA}f6u_e6$5N?Cj|;%DM6%Do;k>}Zla|8!CKnj^8*r^k{L2yPdoUN3FXX-rFpn5) z9dHl*k}Tx#bT=oF8pdqY@6F=#_|@@m(=oraq^>oY#GX4K#4PkNR}x(t0x|?F_Id~)JAlWMkl&7hFW%eP*)0@&W6AfF z^Y-R{f;VV39S#{sL7XBsHJ~ahZ!sDLG_4)5h?cjv%DTGvjAb>gtvHW#@<~G+0QFu4 z|K=|q9_`IqNTj+(Ax~0>=O=_ZW`RuD>D$RdXY@A^oJgwpk+4^$o(3-1QHAZeZA2=v zo)|nYKD8lZ5PDy3WJ@XTEO;Q9auT6z`K+0}|Gm;;9&{r&j@SXW2^Hrs>6R5q_7Nrr z9j9Ay3(_vzDLhQLe>GWv!EOpxE-vh&K7XGclk~RUL1sxuoh0ax)*kOCBtq`@V)GD2 zwg&vTRO>4exh&qfbgUECzJL1O;wddFixjiRTo1wCCo#2s^6clI{ibAWyaB>a$X&rs zCy=iqPCOHdk<#IuUw=PN41jwPIuDFw`$45(uJ?7cn`kcm_J++-p|>a#lp zU)UP>{S3TgK1d4XtA5aQ7^fjzMDHhdpLZ%$YT0Y!MZ{E$VR(EQ^59R3U2;Z@*8B78 zz!hYKw}v|gZKk%AlaV(Qzrd66HK7gky#sgXh!s=~bm2m+IgWV5(vp&rDxF9bGaZRO zig@lLA^iO8N2L?l4P2o(BFW_3FoOo(;p5=X?LSK;Pg(JjCUG>F{)^r}K|o1JJi&*m z^8d~c;SpliQbYulnFk~V>|?|!%fPrzOp^`Lhbj4Y;rG$V8yPTa%8*_bsWZu;E`Jla z%MTyxjnL>FBKs7UdBdS@^H1p;+BQ7Klxxn2&ZBX|%3&>tOHAdz8!qv%_dE%wKVAhc zG8{T3Onwzpo0%ke>>OB%6yeHrm?z^t+>KaGgKD8XErB%*cRviK9|m~=MS?vo-oKRT z4W9jFsK!Y>Io9g8Zc{K0iHDAeHy{KUJs}1%D%H~ zlYI*#^4)L|Y&YC>{oGGL_xCvTsRp1R$hRCgnVG3`tElU1bC-ZWb~~?q%{DMkmncAP zYik3ru?&>e!9`1E@~jrK0YW{%{sL}35NWYBOkfakVp52H1IZ-mOW#IECdNE$DHnh_ zCp8>L&20q0RX=3D3j79@2o*=!O^%C;o1fQYEx){nCxMMmfNnm`^DP?-oZRsr4A zCDHl{pI+l9C`CXZNGf&exak3X3w(c5dQ&L!dYW`6C#(bj3COYW%3=d|{J&tu{48*P zM?yu##jEQFGJ}6Hd3R@4tWB62BBxZ>6@deX(97Y-)p9>(VD!Y=af>G>O2BpK?$?JIGqj#tTUNR2qc3z z&bb^Wj2g1j%~YdGws45W+U-7y4S5|fmUUcl-wWs@4i#}S5Ck`je#*57At{2*suc+G zBshG3dG*$YG>Hd<3nxHXv1@9grVOngMy(!T#ji}pt)!(9AUZE2aSmyxt|3U}gjkAr z8pPX30F!4qXoBM2v=wfPd7t2@R};lxk^R_>d@lZU|E2Tug{Krv2W}&n=LnWH>6n{9HG>bHn z*_5Rv>Jg(@Mej_JP=S2p`c(I8#YS6Xb<#(!o@XOMw}=Q^THMj0Heoaq-?IXUzGc=J zZM{WLgVTRSA4ONgh?(vT^_p(0dy6M&3Xq*-h=`uuhyXxi9rWB8yeCPK@CYHRxZfR+W;O>QlRnjn}|9ew6&NU)!Oz$y)72b9x?4IthiVQIR#T zOgZ1n4c?blK`w4BpDrd`PR-~R`@to*j>B)@{sW;*-P=-QH;vyJK~zadDnBd0P3oI* zvc@T+s2NUrh1FvKp;4m=W`YiIGfetlR#jAtjMn!*BvOSw+<@Ayl>QSp==Xq15bN{g z_U@MYdgJ#Yk3#@sFo|1N{cA2kMGUmp7D4y|T}LiX&gN~n3{YzZxb^=yy6$kQ+c(a! zS2oAUCfl(xO7=dstdPAo2`PJz?7errl58SdW?3PX?2)pPRMPK0zxTS{>*}9|bH3mE z`P`rND9nDuuMqwo64k%9wnivu-W2`r64pF`k$+%rwSr)(oh$6WJt+g60bnG+c0$SK zoqmq@?n%nR(KZ9S0#FSTEV!OTBqW0wpuao>%qT(NWM%aUNVk%ZFMNzmE;AhO{jq8C zCEZN`DuPMi_Wb#>Whbr{v;s#&Hen||U*Fg`zII((*oO9Z_p#Kcy5T(F4GO0JGZk4* zjX9@gcrP^Y4`8SDr}I6oXm~@c7`1WkU%y4#5%%vA-Y@y%A?l{)qWpaDWW~nLKJ3V< zDW}jAYrskw!0Gr2gsa=tgw^SDm)b-v||++aiUAH9Y$G zLzN!e-&9sQn-Blt6bSv8w+2b%Kn1`}OaNd-W3644T?16pnx%*-ROsZx0$l$a? zqB`#XI@vOdkByHf{AC+O>B7j?E3EIf+~Rurq}7UNTJMQE>%*)Fhl9-ZBKW!u=p9`J zuM%gj8xM742-oaCDPEYlO3L+{WUw)_{7u#M_A@N6*Hsu{0;vt~EVI;qw;r_pYuwzL zY>1YhKyy0z7(ThjS}Nn%{2mqCnanR}tD$e%_GfC05LtRke;uPp0t+#Dt0ICF`8|ao z+*N=n-fSR9P5zbA2W4`(XwB*o(^YiYT^rdn&GFD&PZx$U2hnHoLA&jh?6R9?R*?RCDV#QdH5kVPyv2m{HUpMSEVH$5ltckizv+*DbwrJ=n3F7@u!o@4K zM+SkcsB*gq=g*qUp3g{6r-V(A7VWbw7CZBBu2#=kYc>&w;L7M%{Hm?L{K>o{_{06# z0;YLiC$r$(X3R~jB5E<%JNx!w=51a-^68+42j|xox9Sy6UtnB8AzdRIkuO(32(I)g zb(3+qteQD7g!u4?S#qSSCtO^rNEr;(8>eQVWEiJNy0yyeXY)&XiIP`39*LkB7)*gF z{dq`AA;hqm%&lgsQ1L=IqDZWv%FSRRT>>reTF^x-hST+&LnIX2yn;Z(if1&E(=m$8 zoF=P@Ip%RpGCI|dzwyf&FHuC^e2eveq~rMmPPCC_Av*dLJcP5Zcw$-H=Vdw326ue4 zWB6Q~Tqwi+t^R+9&!tzIf&-cUB3W#>;CT&~D^Z9ae@HmjC^t#oNgqEBS4#$}c@=9d zFRh-9$Bs8nZ+YHE?Abt(g$$RphO-o&ioT^OALET)$P!%Bnb@nPq>tf7^uhj$!-OF}p1v*!dqc@E*_^fjIY1 zm(7~GRkINVH7Ez4d*vtoz-g}~Y$GRc(-#hGsxL4^w^I(~tJ9rM=^NjaN_ktulycli zh#{UlJq@7SVIL_acXo1`MgRK#0mh~m$~wFQq;~+SFaj;kG|eADW76f6)Mp3Z%iP|J zY9Oy_Sl@9^G@;C3(gK@z2|8ry&0wlxdr+ugU(qTFS|`d6OMEc&2Stn`NUo(htI!J+ogu6mcknR92u2DRF-wnz``ZnE#kwoZD3zdQZ52pn^L z0{~9Ou}6nK87UeW@*2Jd*IBNv9{@bzhn)aP+DGInacQaodjdS|^sk!UVd3K%ri@NZ z6uNeMA>YoqG2nm>YRvvnWzkIAR$O;?;TaQtp5CV9?TJx`rPUlb$vEDQx-K?cZ3Xdk zojE=IGFze&BQ2j-RUT7zW7Jr1n!$h4>bO{yj&F)&q#0UI3yc%7{%SAIMNQ<2)b8)8 zI5C`ojb*t@AcE__@ghyTVm`5D8Lzr7H8nLu3s5>ieatPVV#@BoHlWw`=4uNU zX8B-R!Li3kyCxUX4eLlUgXQ>Fo25B3v}3eHibqGT`Qs__n@4@c_g4~L?jr2US|7hD zkrQ|%9rzWQomiaF`rxOR+9k})RdMG%nlFygg*_waEZj#<(cLHG0;5AiLlp5xg;P%A zcvxiJp})i)_J{Weg$5mblySlx4C;@>Gszsn_stzs7cU9^@y?Xt-jK4bn7I$NODl#UI*1?q@! zIldx~0C{hSc_a)z`GSMD#IUz((RR>8fGB5wvm_46e`rv6jhTdx`G3P*n&u+}EH5Iu zR)RKCVDc8k_w#a?QQko%qi(@o7^?A+?dt~iJ}W_94=16IWC6L@SH;zf%t(WNY3GBe z-oM|xEw?&C`a!(~a_Va>eKLQ5bw8D>X7wV{=t5)fnijbopGJ~#idtj`kVP+S1G=DY| zbJc!A_C2w3Mbk?Kou@B9?P{M~nseNZa#WAu1o>`5E+Vk;jftk;}VgJaOuER19 zbNU~!>>Yqe!9=Gl^q4_`XwPe8LI9AgYOm#kNk;RA-t+Y&@IzUG>^qb|Z9e<9P|6!n zi%8Gu>~y&@X1ch|*8%>V;|Qr(ITxh84vO1Dpt_pmC*0D8|AD8i{!cU5RA9-^i(`QM zL$iz%kNtPvc*6W}0|EYAaZ$Bt^H&p;y1|*=OfgIwAp9!hn>MLgqYd`*$;k-}(~zGB zf9H+#)`(})ii_nyeEe{~FTf z;H_-&8$hG>*FLGxPyYdWvqGIEc#|?Xu@lrFUV>!iV0vfRcLP}8rLf2`irm|s#{OP| z&dn^W&w-Ra*rSlg7Ksj-Ev97E;E#ZBtX3@j}}wXCL64EE2WHkBYX9s+w|o0K@D>=34Z!$uo;jVgLSiq^}tm8@GUx*%j*w zL-U{}Jq4TR?b{Xj0sj5z{glyBhPsSK6cXCv}#FrrHzMx-u@$04)10`j@ z#vr+q>b4CCT1>ZI8%(+kA$P#%Cx|m*8|+YcI-Ep5X4g0E6JRLWCK{GsyRbrO6Rx1k z7un9BftEEgD=Aea`sAF-orlKdpz=@jjcoLILlt&}6-Dt@ybfsvo&v5bRU~;LCy(F& zk$9SC*OJA->?Qvj9J4#VRO$Bq&`D$ZVKmz*s?q>&83+O3xqZ64Ki?v? z|BY&Cv<2FHdqlMC@$U4?gRZ1wLI0tm87^cZ6fn`55+a5#9$EI=4B|J?p9;?9u#qAg zNQv-KoMEGB?4+1=V3wDkJ2WOPZtjM0bnfomWCwjwxvh5A`PpY3F$qym2vOz8Xr%XL zbZmG*gHDOsjEnH;L?ESPV!VILzu)tchyX>j&X(=fFKb|uy6=5FDsXF-ryR^k2|8^SI(*iZKX6Zzh z{U=1a)$!@9b=pr!G$asLnlt_jgXqB^)Eg0tj%7sF;A<9!exE1KQ{4B7AoQ=g+wq+} z(U9{8@n;$ycBcuxw2y51#0+kt+_uDV(f@aD-7?Y;G-My6qQZWmF$=cZ^ygUWN}}lh zsAl*OCRb2NX|diFu8Mr_TR7=ig15hh)KckcV%bSc{o8)hm$iwUc6Yf>?O>pym2ll= ziq* z1WB6zt*IYAxIFA;zzUlMe;{4h__}-! zkci#@dIhBWav|usFiTo*%a#c*}{ep8$hj)5wU?*j)1u9`@ICY)^;_(hLbtqSJ|5Sjyi#28OWm(!b~;NPdN z0f|^_?5=bSCI1ILnl)aD>1Hz*8pAS<-|_Vf;!g2@!wuKhy1HZ;xOi1? zgoX#;3`FOlB4YLVIXDJBa;6m`H3yR=SyD&r&%uiG=KR{to0iup@JQj-Wte*Pze2Dj zJU(^(__b5&oV7jz2?s{qTJo#1S=-Z;hIDLimz2?MUw!GV^l;*UTCB&Obo!kp`QXgs zz2!(Ov@6Gy#Wk2#7rrk0h_LXx4n`aVCR(5IO6sU)zO18}&W#$-CO}6AS}Y5u4*KFA$vh zlo-hha4stQOss`Y#M&bzVtzpI(Lv`<-h31GwFRoMJT~NDU92AbK|`6M_9Lk6>UyGB zIdh33T(x!H`icpM8WNXVWVO96(r~i|u2-z675agWCO&x|Rw~UJZ)oB)t`m0U;zwSG zqx)ax6Ref9WuE1^laeOec2q>HDKeK;9^-tvM(GWYJ6ex9vK72hq(U{~u`}+I^!PGw zhT5e|eMgaHoP=7=Z;HwV%fm->3$LfRD)HLT*>nfcDaUk%lYZ(yXZM(u<+)mm9GP^q zoS~m*X_43NP{^>1twuX%QE0|{CriZ&la-U8CIbjp6V(nWjD4j|W;TJKTV-_;y;XjP z$T9g2z8j3N%YNggRSK!RhtVY6{b?Id`w5+GD6rvbbR-9@)0|tk3MHw1s)le+lw2Q@ z4_hNgtvNikh9ocJKhx(|NJuK1kzXur_wa&MSH)DZKhfmLMUM|G)7M;z+lnk+6QMKpl$ta&8fN{T zv5YmH;8ktWU~_b$iEW8hl79`va}!gtjBECl6CcFu&yb5$x1W1$NnwKuviCYgT==`Ji?d zJ+3kGkjM(ap@5qf$k@6phT1whjt_N@;icV%Qns7+LW}L*cTFyVfD_{5vuzz&k1%>K zL33M?aNZ$2DFr1CsQvEI)DU&iF249$ zbnBt4q_qUg9LDz3U=tIoRDc!=3ew)#4}omb5&Pt|l(+pP)N5dF+E~K43QafKGtBP) z*qd_(gD?p6m4OaNSmO{+LP8)hGxPg)q4%sK1R!#tuHm9TieQ7`JxL|2x%fmNzjelK z4oNU0&pw2SazJYqv{AQ{(rYI5vmAV`2})e_LKZ4QzP`THJm_7w3(B6(YCr$!jjUlV zLFeKOXtRQCAHh`ILSnp7b{C=jzuP zkMQkrczWy)-iq0gkdOdTJD67ahu8g+>aeQ>vAF&t0L9CZVY`fUOT}c3CC&)3T4V$I zKR89i*nB78ATiMXc8bX_72J}aSYo>Ffqa&;;MTXk<_f!jW&vILKAfZ`HS@FwUQtNgMU~XP~Qhw#?i_YeGiiL z9Ckl~$|Zg{d8rhO4<^uuE8W2hWE~*+_rMDD_||V;WyI@&Zl5(oreoPLTc>1rnN~?| zDTwl-bmZNzLd}m}^!RNhzIVg_4u8PAOx;ZhgHIvoowtgFRp1qF4;tbo^Hh|s|X^^?InK!Te1xfs7b zw^$3tzgqKo<{z*lHsZtiwWn8qyN0lyC(Pvdlaxs>6qHd4C1#gB@Frseh&b5XF&hMpP$ro zZJ9i)&PP(1T*X)h*R}(%y6EDH{?G#jJ;KYKNy+jFgJ!*x1}>*Q?Or+Mmr z)il_pHX56P0s@(LU+3pZXUYtuP&DVcM~e;c4$N2-wFD;~8>=X#BATr!GbPl;wWTp> zx>CMLm%;Q^PTRz2T#j@~WaOd>{~FF1!cQxQ*gqwtoIbXD11 z(Xu<|Bsn*px&Lp z#k!)j(T`WsWxiFOEUVJDCh-wkrGE&sI?H4d3wfsXjjDKMIEU7F(Np7Y>|b-cpFo6} z8#H@CP4MoU;u~PYL4Aec1*4$~5-99{e^itl0R4O=bU}u_` zy|Uq-@-wZ%ANW6vMf32{&zGQ0$?@@N3Y!Yz)#?=T+%Y}5sK2SOT&u@QY7K8FvF*aU zch9U|o@s8(T?nd7#c+%Riv9o=#l$;5ouStGkqq%&pRY@z%PSyD5zht|$pCc=W`#GU z^72ALWN%7ayxS6IO70OHgt^gekI$Z@gF;_m8I(~}zuM}9}_oX^II>ip5 zLqzhBIBa$U3f68SN9c3#&Q<2fn`dz`F=PB83C9MK?@MC_m1aJEsGtR>cL1xC{EvAf z`jnq<{a&)Yy*KMlW1D{stu{O%(wocx@N?qrTW8J5qrO3;x7Rhi{@uj?toen7oj%1o zE$m=ssVI&MWtv36o_<$USDk?aZwL5yx)QSgVPr8Gi@SF*0bK|;wt0Vk1Wxm%gvQe( zb3W=Rr{*s}c3En1rEciEPIY=E$0%oe?oaYj@5Ppg zMB*bAp@tC~>9C6pR`W;VO1oFGP+~6C^aG!Y+Jo@>z|2Eqlj1K-z)O z?AinFx?F9~XmSK+Uea!e@cR$?AR=viQe?RN69ftN*`O_p=<})Ck_111%;aQbj!*57 zc1;g--%T3ns*-wRNhXsLQkOAns_{4u`zZ+cNX`+Pl2HGb2VSgJPJ~9*4LH-LUVmL$ zG9$W_*!*a z;o|*7E?h@g=&xDpq_pcoYn07 z&;r2#u26{=Sq!#+d$7wW{tJJ{mEwdw81*0<<3rZnJP84p)Mw{#>&x$@|IpHi$tesE zi(;^6CbDE6gI|VCB(w308I?eQ4MSa!l%8J2$(GSYsb{{t$ti!_xuEVzs?}h5R5P z1Or_kjhq64Q|DEJE~X0GDI)qRTWxf4P5SG}9!d&*+fU&%amtbUJlG#;NDPIUDU64o zX|LdF7~Y_lp2MQ9NZ}-GOm4fQ2N3x3jg7S!W%-A|u(l*2DK4>Q{~$N1J0XYJGCd{^ zaZ6%%)E(L_a^4Gx-5WTF1IZm+%D5T6jNGS{6`S~CJ3dA9yLghjajko;%zETeYJETa2#RvYXjM>HErn)O2!m6bqS zo1evj`-)NhJ4pOygUuaww%5TDM27_M%i?|yZ71|vD=LZNHrB=o4c3ow)*o=;SlI6k z)_)oUmLo=VZ$!d=Y11?bMhxN|f|V0Y_d^+&WjqqqN#_OLlHiTz)u#8LklLE)q^GC% zg#3uq%yjh6{Gxx$b6H}cR3a|tsax_kj;6mk@T;L{G-)elVch_V7XaxE+X39)xv{Kr zAprpK&IwvOR9UjW%~q4#es12ZmQ__-3y3b$I%qxNnwc$e=5Y4S)!6Ut*I#7?g639N zao%9{vXPye+YwBf7#%`;4ixS+Gmo-fC>(hF-gqco;+3826rUHSykQ1Bu^64#vx%jq z8Z71lrVYR*+k=nlSRUQ2&N{BJIQGH2R8tLU(hk6=!24We`ijd!5)a z1Z-|yRACq|I!Nvr+KMK7r-TSJt}l|(dNt%Mkr%LCYwT@b|NEH~qS`b@z5JzfE( zdIek!Bcu%&uPM@s`H5;`Wt^HOqYc-DDVOinp2_%O(h%IgVShe+c42E9YpY~*$caSd zGoFMa&sKXN>5gv(Pr=@E(BbC-LxLe^Mh@O~*eD?DIe=BkhBN5YY;aY0c#TxUc+7r- zh8bY&B{oc~u-Wt2*$>{mI^J5A(Jb{&xu&&jAS}{eX)2qmKQCmkw!#FD;VM z7e4SrU}6j~lmTRC|GWtzj>T_d1)M4DWcj_R(#zA@_!Ok5-SPUc@$tePZ&6WSUEsWl zVXfInk)M1$hOx@Qin6kiC49br_aAsI+;v}2?4Xu?5rcV}ahh0}yZhkF5cLcEx}-=M zE1?|!N*9eDifHPI7s!h}Jp>jE1lFhrqBd}{tKf$O19>#r{~27mr)4VaYA4{CW4Jga zxxH#T`3U0qFYoP-d7DeKBs;%vjIeANF zdx%%;sw19PzsH4ITtQ)HawY*w(CU-g60y5lN%&9gZKg@kdeRuW>FKOB#=aqr6Fzef zX5O4N0`WbaLGi&c)+6bAU$TkDtm!JRrW%bm9eKDFM z!dK8f)*wYxB4?#snZdsI*Od3JAcsuK_}G}DeA|qX*a==x)Y3qGZRMU8pRNEB3H#*M z$%sp>H0=!KI!AsRbN+U`t&Cg@elRKP^e56c|IQ!(D|?5gu!Y8f*j=44N}u?g0Et$L zEFVFm*brc38` zh_3A31XSxfja5@T^3D3F<0~-j(;ip-#vmT$S05e2oLY{4W*X&)2LEt z&i9kWvN-=~bTO0phve2uEw@^uKJ_*$jFL8|fVlFy@7E8XeKB0kh*6wbW*ntOoX(oY zBI3`{W1=buiZ|+ru|lMc3$a7OG4s}Z^m|@WvA!N`FI6@8?L2HOsLZkt!C`IM#wLq( zlPqnME28gvOdSG~#@tx*Ke+|Ju@~?g(93<8XViY9;iA>^*HsTZa*?-($dV6|vhv0~ zsn>g73f++4uk{QHq`z~vYZbgNLd&Wx&|WO?D8ycO;%M?p`uozmm0sDexc)Rlk3)Uh z-ABK+z&_G=PUIkg_`dM`?%Rqka46Nk0IR{OuA+IV|9HX8n>UN@Ns^p^Ko4??_C9bq z%{fkE#X#34y2BuO%b=ha94y0Vrs%oUxCVKkufWp6UU>t#yWA?koWp$5Qqv_NX{|je z5!i%p|LteqvGX2Bf+%QQKGS_v25k)}F-WO6a^(QQ*dMxl3{4<{Y_=E`WY@OmKIA@0 znZz7M!7Q)pKc1XxVdoGScm`fFsD9D)^}jKh`1|*7cmrobPaExUF;;z)O&@Th%vT6< zCt)95V_3+ngG!CzWlT0P&eS^C5r*_EM{r$ED|g2B75k77S+d}hv1=IZD?~ldWl+ha zTQE(G~0i(b}Sw;F_VS6|T24NC|@*FU&nYcwE;tmlsD& z>DID>F+bUl^d+pl%pTghx+5Mr{eb4>d&I$I0ms~o^}-j8*-jYL@o@h3InSh89OK-! z#~DL$7H4fAOnPJApUfszv_E}0p_oF%WJ>LvvF zSr5lE`EX7P-2RshLFPb5Dg?vmfIWl`6?Z7p4mj@Rz0{P(5_$1~0 zhIu43O_>YMP*Jye-mWNoF~2&>=M}6!#V%Y5f})-b)%Bgkv4qq;{BtHzw4&0Stfod& zqL{4N1Mc8SoAGH$jax^3kTZNcVHA`s{Pph3K%v_knq5KAr2|jn*H15{=F&PMK0{q+ zq(v7IS-62j;8!y@#T|HpD9Z#lqKAP0$!|s`Uz527fKg%-lM5r_r5Ekv8umVCuy=4k zJnbVTt%*3fF%El}3nh;AnKPfuk38CwD$FND^poni@5{UYT=6`ieyRe+_vXkZ1Vbo8 znzu-dbeB)<>NmS-st2xDOSmGu8JNtdSXuR2`nAQK-`xCszF^apU>p8O0V`c}WYTW6 zzuW*Vq1IunHNa8JNY!EIEmsv zrXT-=q{{8>NSVGmjV~3PXm4uex+IS8g5Gs()09*Uq-bZJcob3XNe#_5r45Jv)y#Os zc>5>u3&r4Bz#jC-Hi^gj9=XTHg0% zJt#mnP|-5<)NN^zA+;w}DtK|S6?Ip|!uC1p4DoD>a5IzA2d&6lpG1~Vd?GxfhPpMb zZ`^h^?2=-WY0=7x4pq{MQIT$^Ou4iznv_%ygaQv*DCHeNps*iFrVXx!r71dUFgfUh}^vx|Z0~5A;*{8?H)|O^uFn zn>lE3;!HOsk zbXhlq+%#&Y9W_c6lo$KIF0|C3GW`&Ph4-oBiHA2;|}MH^)V`jzrQ_IWZ=?6 z*CoKq1^vkMj#qnKeaTF|oV}QGrPvLX?NcjL<}<~67QPQ{&EGAMPvCotxL&oI9WhyE zZ|k=A(3HC4^frF;psoHufY^G)r0Lcx;pW+V6HDsgnySOD41xjT59-^oD`(Hk{$_NC zVWuRU!;U>F6jD(yiM)<6WbRuqB<#TpV)@R-Fp)weS4y{&bUFv*01UEdZRcGZhwP20 ziAzV6gz1$9?cMi44}-GpmL0fpm<|@RtCW-wphheh+W=myp9IXR&G)pD_z5VU^YNO3 ze`aE_QBS09-Fg&gC5PLA7%mrOP+t@K;f6)B|C7+~Mb53=GpNH;Xxix9s za*Q_>W!efk@3}OV@0)=NX=8nYvLd3oI0Ib~#mciKpU7wSgKu%|#v!`SAp3}KND zI$5L$93}8pz1UnIgmWyfkkL3LecdeQCCAtodQOA*eQ8y8_jw3s7vBud*q42z7QQkB z#so6wbqW)&Agq6@!4B)|>y2?&l=4Wf7hr>@((o$%y+Pd88~IQ=q31%QGw7uI;vdWc z4eJgc#S7BLGoWYzWmg$;9plHRrjDSR^yA;dT_Yq+{jx>YHG$)a*ymbQSUj(`&Jdr) zZtYAJ#_28(Kg2heh-gD$)g`^->$~Xz7b>CDNr>1s)M*eG$#Il5Z1Ks-Lqc`cg16Ei z2r5vf6PV>?WkqA189gB-wTS-7%fiBUf)O2Ym(WC$R0Iy zPE7%ujNz)jOqY>Nj^tJ|m*)4=vB%PMJnBWUVGebuI{nc!W%7o!J7~Vt_I#26+yVYj zK?@otrU~N=O9gxGbU+Q3nCyvIfShO?Kk{Ej(u4f_^N7qgv%?bXcSPvkndYFv*f|b= zd{O*H3g=lfOPzN#<#&&$W}^B@<4Wvu3`qR3?WOH#=cr4kLp}OZRIbhLI!lZCRvC5? z4NmLLXP9zhwNNTMM3NW@viDosd|hL>c`*>tAo_#c3GExaWlT9i0+$L(OYQ?SN^?R;1=hJpRJftcM; zJcN)BhVDxe@29Rx{(rGR9AZmcE ze-qll$^@lwTyW6XdC!^pG=#a6)evIhF({6i5+b-M3|b`Mgy+44<;Ng8m`gMzB!5OC zpC4Idc>)^s50F#fc%>rOPosz+72;rD6y$e2^W7g#D*+34hBWRJAizQ~$8lh*8NO{A z-cX(X17Ba|NK{~6S)^eF*dxeT&&iMb% z3p=b#rmmFF@`YEaia+z!bYu$kYCD*a-!XZq^TH)mBco+J zm$R`Lny^&sPk2}pZiM6_S^^Jm#)FR3jfaq`alOke zor}jN`SxR5Z7dh+m>Mkf>;Pq7x*&G#CPLsdKOL7h;+CCM)7@~aPG+dQP17no@y6Y( zcCE2>TIW&dQ!xr&BhY26z1Ar93~Vie>R&m(vH#pgFqX1FcT&B#`ChBX`x98J6Co^@ zn#yu3Gze^jz)=l{oC9Q6jwJQqLUvFc|bX7O_~Q*XRfQUXan2052ji1K}UdEfcdA1F%!Zn*Hr7tks&f?@HEYhe!~ zTU)lkuE>T7pax4kf}KZjdH>6ox}*?RaOPRS78WDNC=H4L82jRj>-%KBy>H%u_%ViM zVsR_~MJ{(b4gML-I{4*_+t>elZ#ThosIIEIW~c>?_pTsA@m2};MT7x=x+NzA#+;4q zv?iK<7K;?yb5`iVfH2pAt!}ZbYOVgn-=CjFSk%T6X)$-Tne{=HO&Kf>Kmlc{-dcvm zQ{?$SHQL?zC)6X;o3Q!O#|$al)KomC^4$B-F2Z=kay8Dc$OljaGsntxr;^AbH_S9p zV|zo9LSzJkbDIh$erZS;1^B~Jwlijj6WQnqV3tDVp3AMNgH6Z zB>ZEk+{ranD*yQ+->8q9PfqS3_`ksvN<~k?82Q|107S`-3IkV+BX=V+vax@PFW|=E z+rSpume%Z+$NYpT8i$nm5JGr21((j`FK}~kO2~#CovrKS68k4<`#rtNWN0aJDCo_U zbG*AAos*Q=^Yt@dM z;fTOq=3^4j@%N^r$?8JvNQE1OVHt|3&qjPzi>Y`dE<4oLQ*RE9U(c|(r3}2Ll!Eo|NkyIv=m>Rsr68Vg*SYnlX!Z9R z9DRjdFUEy572AyFMB&}SzSUIk+GzVn^2f@Mb|hrs#uGzVyD2Lc_?e9x`Kk!dHO3yR zq{;DmxUD@?AdW1|<3dDaK6c~j)WPF=I_)#dT-{Y;hdAeOMWoUY6)|-f_zD!{bO|?- zkwkIvJxG#^K^uvVSA6FrgFZ}7t?>LSVAe}5P+I&@Ltb@DGTE(Ar*PyR`@|x67=T>H zphrum@OPX^W1#&t<2nv6!67YwdHfjjbpQLk*o$f2AZK9128s=P7PikUA?=|@KmNPh zb2LDrnZmk{sTR0#UwD~CvZU0J$SswjIn2Dseo*}F&B1{O>Ki*8c%<@dt_wTfJwNCK z40DcMU0vhB&(;i^J%&v)dmv)ogz3!tc)z-)2Ee8*_=fZTjte|*v`_;l)jfd4&g?1a z#wtQEl{7|1Mw$Xj;oODH8p!WGkXXxkU;n^7Xu|I&9K{klz<1BVJBP6^gQjnI2CHwj zqYRN?IW4T`>FvRoq;~ZUM>t?H=?Z}VUnMV95-g5x!z^ouzJ3u;xOMqyCc zx(xFDPbi|bM=7%SXbBE;2}^B%_NHv_^zm`!j0JT|R7~syV<)g$it^-8wzjp67ZYNY3|!)^_focu`C7Y4WO0%-(BhQk>iTJLT$`u*Pk!GY&VEJF1>aAS~HcwGxJSqA+a_E}pJN)E} z|CXaQ5j7gb(2#wdAgV8mplS*iT|J@k5tq>H2jOdDM7=peSC!3YWt38mYtl%QAX*SF z;z&ko08C?udNuvDwj0U!ANaZv$D`7WsIePjycdMg;_R-PShE~Nb=o6HHqWdM3l)dW zEEOYBP@Yl07Gqq}7V;^0P$V2!k@Fm2b00`IR21{85;SLiW^R%?Mo{&vHr!~Qc#|ex zjst6wAI&3{G3_GUSZALt4WR;XYgEA@2SL?(@kQWPWse{l1%(=b73_Tel6 z++oTC!U#MAGQtvl7P%kcjKyS?!ywN;wHUy~#g)eW_;W`5o_vA z3O&eusju~DkNm{%hd>424`^Zomu_SyR$T0865DP)psMcfn-&rFu7cm-bSN)wA-TnF;%%kZP`?8gpB30{P;`R! z1T_R!W5YIgMp!z4_Jf9%JT-b2C)t6h_y}_No4t&*KV=5inccJ z&sR*o92}$yC_nPVZ6S`ey~X(Po}Hc&+=*uXSB?!~j-OUJMf^ZPbVACfyp z%zepH`71NE4(l#RE~Js;Lt}64dTY+<2p>rCANKrZuuQiG!t)L(Fz^biMK2u*LYR=iCx%z_HOyQvly;2$>p?x{6jzpJP zK2#>VQAO8b1ypg9C@H@FczMV^#|wIh>&j{IMC3N%8jTg!X@r@umnvQw0x48w ztzfC1S*A%fdu=U#&4+lGCjJ}YGpu{q+RY3SGma6C843|yST8PjiMv)S%0;+xu2e)s z8yP+lv6EyTo})m$ry|q&9lojH!m*nb&S)h%KjU!VoS$L7c$$!gtBD}a)}Cdu7|C!tJGO|VKbwM^Jew^cybQs8EL zP)Hw~D7GVTJjHYUJN$P^p1uYq_fsc|z;(i_*cuf3P{VW%n1GCwlt%2~>4l(@$&DK~ zaEky;44RVr{YGmNJj~YG0xPyjgC$>;`LTK7<#(#T1hJ{{E0o1hZIF|dWwQ;`g(~w6 z=m!S&-{6!4bqbF+${D?J_EPFyxO%j&E>XW^Ig@!iMRx6&FH*fd+GDoU2AAI`;v?aD9 zBZ>R#t>IlWwkJJ7#|UM6HhKBpIC9nu3f9-~!_FMT{**_`buL>~UCrM8dP_;;^YpaO zzsrY{WNxr*Ri9$Y&m#^_#UG!$pqxWP&2lp{=RmF>A0O9v*44#WnuLa4&?}FAAADQM z%ijAl@>vpII?*Mn7eCDJ+<9)%`n07b>&y(Sgk*8+ySqV<4M^n{$-}N`@bP-`1hBJpRBAb7Z>hzC}>d< z5eToP4s^x-I=Iw#$HD?7kTiPXZ3Q2ckFW3h?qGk==5Ai;z83h%Z15%?=hE2=4v$Va zl8(fn(mM|)(9dJI5h7Oz`Q7bpd~el%(P}ncNAA!f^RdM>^XPXm&2Tx=zd+>jV}mPe zz1IUP;~Pi%i_R{4|G9sCb-KCr^lMG$Q?>nQe9g!==H^MXW5)OdbKjdeM;PyKi9kT` zfxE{-bfcqDaltNK(Pl3`O_^E&ZgHaL<@I?I{o<}nT-tM_?A3B2^!G>fJ7$b4&MFG^ zu_o-#6l%kDeTT}{O%V5#q^pT3YOwX`(b#Uo>AJ&tFAExr3L~1#N@=i)sid!#^I#FF z)&6?y^-#p&+hW#}Y?>iLrCIi^ndE7%1T(0OQ>f)E<9Sg$Q#N)Xdbz&-ID8WkiE9=8 zZY=}_%fdSo z-l@$GKQqf}lqAxhBUF=0S%}81q3BFG-$o?ie=jWqPgz}^3wXE)A5&`1;%E^%LJ#sD zJtb7%P_l8wRM1k1KIKdFMtcVf`|YjE>?Cw7@z-*&poLYAvKP@1NJz zNr#@Jwwx)mlv2rQ{EoxEt5v46&{)Bll~y`TKz8*)3QL1Qz0>j*tjy8RpfBs-~asb{_}HF3d$U1GHiJ@#U;UyB@kF)4@yl)z;t&&2n6id4vvnk zZtwUl38JUKePY(`brt_pt9x!*z=#<%*drPJU-@p}b0K*J1xej+!ot9VcEiFBwYIia zPzZjT)@^!2g+bZnoG4lxji-uHQUl+cHeb4?P6(vC|7&HBfWA5|tsMo}{M5&ixB1O6}9 zHN{8=LpfGIzK{f=L5DvZy7cYu)Jze)+=V#Ki=PAcqvPU8!qOB8nT&OHQws~30_8i{ z*X}h8=pX{WLY~jYKg!Xp&y2#(KAH*qCHs&_Z9F!7M5nWK6H?kRtzXdE#|^CrXO4kZ zaT+2=rY^iEb)c}?4ZV1X`w8}rj@&m%ELqgz5@98T-pB7CmMjnh=}l_B&KW zB4zaLvVepxe{u7k>zur({C}BGPIWcacCzqaSA`JV?&+}<(XP8^GT&84+K>>Up6%sj zxL;qD+NqhsZc4gS(%K#L{?m+;l%V6MdnX!|+Nhb2 z5L2Rci&50@A-*+m9@H0b@3KJrAN88R2&%N;-+B9F_q$`MpVYI*2S59vwHxY2sG=+R zv-u??=HI;Wg75hB(%jT^(fideCqPq#(y%>)+h>1$or;z=X7mVhyO;_sA|mL{ONaZ7 zr7<@R1ne2I%WEG>m9dJ;1Rb#2s`6tH)T%bRL$Jlz{0# zMp_!G6xgT^zJ8sYgvN%`)8k`JJw5tM8VPxMd1-0n0CacQUvlAo`t(Vwn#xb56O+^$ zpsbUUkWhddElA2cGBc@__F1QTU$+8qSDDW$RlTYczXPr^l^Ti{P+ijb@}>Q^Q!|s> zx8K1tQ)T!>T0V)m;T!mkDZg_TJvu(P-{XsiV!%BD-;*k@aJq(vr>AcMSj!XknUP2h z@^-sl9aVXE;O?5Q(|2dq-Pqb*cdV?ebZn=jq(IsFxk`@6T_C-<9eDft`mk~sC@8`o zAAI}Kf4XV_x@X?Vd`Nxwyvn>yff^?@gE}_<#VJSp*VO*M z#@;*}>%IFPN6IWSg+fxvSdu7n$Pgk^Wy}~MLqa4&%G4pD$V`%uOqDXL%rjBO%tbuaVc z78UIe#ndAN!;<_`WC)TpuFbm6zA~@lEWt!y`}-C$wl91}Pxr-9 zAzG_ItxMdGH#h^GoM}C&DSvDUS2LMuma)cuvX%e#6XRU zlmd;WA}wn)bj`5jG4S9dwc5kU`F(UWfbVBjy)NP1xtd0lxs1~;U9fjGG&E$%x-qW& zw(RDbyO)>OO!?eCUe+SMnUtOYtQn8E$!46Ip1yr(&oK(2jFc2}FtxBDDE~@MCU?_p zmk;q~eQoUy<9iQHn=m+SYkSC+WCqq zdx;{vEDDjw8Y*?Fq>x1}7#hmanuP8*(A^cZVh|MYo4q4+;5U0uHnq$7MHgmCTko*c zx3%XD$Dcnfh`Ew}&0pQt^{m+E>`-yaQ%ris;%U*x^o!hz-+LaNb1!-Ey>W%?QU&Xy zvFcsciK3E+7KKy`%j6w0JI?4TdF=U!?jEFhXGwPjoa-ms*iQOm)U~MVkx$f)I*%b)9@Gqe1g7~kr7J@GqeuU zm5hy!a;Xz;w0R9dXM$vmoNrgS3S5h&huAiQKE@kN@+14xA7o)+K}jIa#bp}W++4W@ z|IxytBJo$M>E{*z-&2OZM3_*Ob1~6vtS&E`3NU13X1;m-+WhlV@~kte$M?Oe4XC+p z?^(7dBvOUf&(Dt_x(YyR#M;{Wj>N83sg3?mI7e7&s#GCQNl8g(A>%Q3>pAyD*0z|~ zJtX!(C_@`NhJQCl(h6OIQ5(;9bXm zWDROlCSFsl7^<^#OX|^3VTeIF*auw_Y@jO;Wi;TDX1(|Vn;Y=oEu@z(Z>+D+*$y)z za>kz6Frpo|#&_DF29Rx0 za6b!tLqSPd`85`!T2Wg5&a>PCm`YMNdY z6fhpW;pnpj{lLV0r@o1q%$<6^A#BJU5=HkqoGQ3pMIMFDBj0iBx}R&-oD5-Y4>C^N zU36iX;$So`Ib_Fi-c!o5>f&jC#ZKNcc17peI2a4LPtdSFaqB89duHQvGiR(*qfyqf z-t^Ll>C(uH`we_&EaD~>C=JifMpzC98?b6$H#g^@HrHAW6PESuvU6|<+uvW} ztl;6(_3s7El~#ujX9J8!5+nmo=bh!~?g2~icGxZA-k|AmIwW9V zl3!5p5(Ixd-;a0wxs}78+2!AaYe2w{GREq!->wr>qib$n<}5vSv?6*#aa)ER%26X9z99 zaq9~gE6zruC7fgx*R&r)6s#BSI8f`X8c5XSg~vzh+-HDl22nJ<$w z9HIWzI#_?|$FBlO!;}iqbh$?zBKl@dx;B>>-IksOm44cBw_ilR(>$U7#DV-9mhK9x zzl0p>*d6+&e`&t%zG!P4*B-n4w5;exQgXV?w6n5}QbEGok9wVU*I(4|_exyIir&l$ z*=-R=zG65;+xH+sY+JFI%?{>xN{zIoH%Y7{JEo|{6`7xn*l4fHJ|=bBWu{CdAG*J! zDqkTgEnI@+rKZKrcnw09k7MKFAY`hII9?w0fK()_V6+;)s0zbF?T&#nMxHJd+26pz z_P~|j@96rU$oTHzgn5mVClnEH-@e6eCD4N2Yu}448k#A8>iv6P zU0q!)m{*b`4G$+bq%U{uE6T~s)AC57&@NWwk?Ww;82Vk|G~foxA>fC&xH!rs1F8;K zrA=;7keB-3zAbV=@k{JU`zCC)LAN(JDk?G(Nl*fF`<|q+^92arsmJ%&e|~kwql;NP zUq1Q%$IG#H@b%<1U>#dWH%b|mks!FH*ex_oM93~?LsiQYL5XY+QBe__uE#E+3{R|w@Rlvnt0YT`>ySSe0jgk8LNtvw#3MNTd^BgSC=#*51VB`Qv=4ge$)|lQb6I? zvtuZ^!|qt=o=^ily`UV1A4E^KudM?l<^MF_8L%(u%krz01B||_lLuVykQzs9CODGj z-4#5A;9gfp_IN6olsIg7Xo$F&$LBpU3yCJ#niFwPe9ilvLEkwUJmOn%mZdc{HD}u9 zt}b-%Au`^nzb(8EX<_qG0E$g9-@EJ2Q&qpG6Whw6Z?FitM5>lJB861?}YR6 zWxVO9#C}^U8Qys@U08Hw+1$`kc zEyjg`X6czxdsOM)1=(9)mg_z6ak_e!zhs1U&!PPkopmIVOTT}QNPNyPC1v2q zW?*8GUYz35o^Yaema)70h)>v}78YrUK?z)kUFmewZL|J0b#?XMu92oQ+`SBNE}0-C zBQwz0=z#fI9ObNM&tBhL6YqfGg!}i;ZrA}z}wg-T>5)u+z;_`=0WVRiiG=j=SC9<52n*-lxID-o$A>Sov$HqQF+cC<>eAznzS@(QTvEbjHisp0 zs88rE_N`~s8TnP1s%U7y;+8w8cDo;`{th{5tH+U%ZTF79%`6g3F|Lm0a8+Uvwc7$kn zxHdg_OR>H5slL9x#eupXuO0ftXU2nxlR*gS7#NVB5WuQx#!XuB_mDcnmuQbM(HpU% zD{<;UIcsRd!Vy(cd^9waI!tNX&g~;a59RdrW8{->DH!IPpN3t6Q4Zf4Nsm$fM~l>; z4Pc!MX=B9`2u$Vs(8gxIAhcmdO8gkZc|j57@dP=dPhllg`yvl>bA{veGgpdvh=r&w zihGmAYXc5b02J8-ZBnin@*lBG@PF(6Lf$%Cq-TG}nc*vG*TMu^=_1?XFLmi{y;Sc0 zDfxY+{AIk}8^wf6DP5|)A_u;GYwK?cu`CPI*q~YbGQQQx64}eIbL`WD-TKi+86DwU z`YmSz)&=OMMzfs)uF%IP8rF~|Yzj@NH8-b(8($_A z1@Fe-E>Zb1Cnlw2oyzBxf4~I~Ik}puDr790&CNUprzhT^=tkKLc~5FOD2PJWK#l=}PkO-?LaR%ut_@h;QeYemsCL<*c{kdZ3ahZss)asU3DBLRpa&bxI zw8|{%Xi4*fQ?R;BWc9Zu2wPUkO7+ZtV~QTCeh}fIXOAu zf>80YAj(mlg z5vHHn-7x0mK7yq}W^aNDqEvY2EZJzKj@rZFl7*Gk;#YuF`N4#Q1iBZfVu6f$ibYQy z5gG%UA!tERgTl|PW@l9;MI;@F)j_gW(t=pD{_4Mf|2|YuyWH^`DQAvW*?c zvbcFi=4-5iHOSP_RaX=;8ie9_9;}o)$}YX#PUa|xO=NlPX5^LjySK| zLb-3^wq9EW!)t6M0_EVNa8{p)#WaeA`~;H|rDa8M9;tx>Ba1Rl#5P)}Pn&lvB_cj!{+f*J&fJ`n1lLUG?l8V1M;Q7R!KF+j zetKC@FqFK$v4L&MCRkkE(qbyMdnlsiS^MPRv%JU9-^iKpM`P>=6{>l?;K75is0l19 z+d#DnNFauG6#8BinJmoA+m&T62o>plPS1BBSr(=yO@vW&m>-v)<#H|-npEwM-_gDy(Mr zVE^%tkyDncIb!dun&Md9DRWG$T;|*NxTz%;ybr~(Lte?hj~rXUoV_kL^MQyS>LDuW@%+E%XS8$nf(rk15685k^2bsn~< ztnc~!`E1;gn(l7aYk4r|8yp-&VGlzZ51}$+&D@t8Q`xzB&6$~*`(E4I*{Pm6^K)V0 zfoi&(74}R~`v$y2A<8-HQ-6hYf|-p?0>fd;%gcU##451Jgg@1s$=0F?ic4rm0uQI{ z?W}$PFDp<0AuFa$u_rQ$;rYaU0c##Fy;9|6IB?*A0Noel0MQ|WRIO5{+?8Hya%SeO z>ttj^L_~BnbLgw0B1+0rr%pY%$@2Bmwxql1Kp;Tj712@n0`}6p3mK7?2}y}QwD>ZO zFY|$wb+q2YIrFRDVGi-1rAj4#B!2el6ts;n5o)%7g53MzNrSsotf1Y zD4g=b;^K(?S~r9*(-}0$a4gjH+jyFP5E#|XSE&nX+5X}MFgxx#S}w)K`guW%ByFgV z%wmP3gj#3)xqH-9RDjC9fU&sUP*Nh{U*Yua6Ek2Zp^8UclaVn7vy}zq3^lBKfov^B zgM)rA&ogyZRioFglL%7U$4j@a-`AH zI=k%{M;Q*@$&(Y`vz5a+C*8b>0oTLL+tIg9pifsHe6LiUDV2#!@tz!K@;W`p(4QAfb>+94M=2 z&k!;3&^g zJWF-5dy2u)>As84l8cG=jb?grkNG_2cvc=t_l)VYr2 zfwBa1hwU>WW>ec`S!lG$Wr~rK5K=u|IJh25v>p1B=;FAz(tb}sNW)HVkD;c@CREGn zkHrNM`~7TCsHS`ZElJz@(kMsCJJ@vDck8#WFN}ga9${%~;Ko+guGQ~~3pMXD(cRrCzw6P2v7X-2*W*3r0tQ5L^a~Mx ziO8?raCFQy&aFEL0*E}$nbL6?7K3<~e;JxSX-Yt^3u7we!Vd$FHE>+1C}}Bmn`U`k zE)W)+5O<4jtao5w04p6YU80c*Oo|qFFpv#gm^@_UVRj^tGDB`pSZ(EBVt_#8b2&9J z6qfyC)|UJUmu`3Q6*Wm4e~)|mBrzo}=6UoXF?WiLn1B>0aWWi)Plz9}`xQ0{_%8_Tyx-k)LQt)SaG%8joM@YhMj>6KH8 zQyW{zsFT`l>s2kR)twj+|90)fusTC!h7%{E5ZhSD_GC_Z)lbck!Wg8VgJ2&{xLBgV z{(A?xxr>X-rHdB{3t&;$@GvQk&P+@!|9-#q1-KoB+Sji>@L$F%*?VYpWBfihcedwO z0gsbb`UYRii`toV(b#r%cMJYybxogqsv2pgInr-PMfxp z4l3DTozU$kCh0m9m7m4dvS_d|u$OC*Fo%ud?+DA#ICss6+*jB#WRPU#>Bz?SX>~}=O{cZIh z?}$9KjiME|zSU|Q!Xlf^rOXN01(~f+KN=C-b79pndn_-GTYvMMmhitRpAa(@sBd2A zl2R*|9`kg;oqr>Kl%;P}{O-kBkBrZv@0yGa9W(7-X&*BuYN} z2~xTn?sn(S$;(HLtZMduns$8+V|Cyu&`4iVas-GR-i)c*nVytn3LsC;3AlPigiVF~ zF_TZrKT)A&uP!={UHE$X`lL>rSOGS3sx!(dLa4)+gDJ`dAAj`nyTPq9Gnc-8y@~C2 za&mGAL{%HN5)!_E7)Gf<&&W73KK?s-rFY<+uWS@ig8bg=$7JauTj85y6DX)4;{;0`bSTr?uW~>>Q2}t zUHxHAoVhQ6&t>e#ZH;7}gZBeu6BYniHU;viTHP<7*m6tq*U)@>C9F)?_T1aM_fD@$ zKi)c2%`OnevnS?Oe1}TZ*(_U9t>rMiAhTNXcW0KLC5Mg=kVWx_xiE(vNpHP$UP{w= zk}LNw-d+38EHd2qelgJfs=0rv>Tylu5rJH{``vwqjnXo%H+A*y?@-k>2rj9vA#QvNML-n%0>(bcdws`jm^{h>)TULb=mkd9+|0ho(_YHYkYKY9jm8EpRgJm&8A?%I{r zK6x)B1lR`vso0^<9p-_Ucab=80@D~We0+S|+yvFOPKNr=U%$Lo7Y_9b3k%D5FXt)p zfJpX2&!fBlH#zAs-LLGy^5)`8Qe8^Z_elX)?zOV0kO++P2++(v(z-EwkLXyO+m^$f zvsqNZ@q67SO1jz8@8kq+>@2*3>OU+XTi_Ha=au`jDJCpTn+ap`4uCjWyuu z{rhJr7}}m3>f-fx<>xvW%+1|P&rU4QXsB>nR*S85dnilFSr!!`S&cL>YkSQ;JczF; zwtf0EqxrXdd+_@6GWn6TwiDS4zE^#^jBWGuJL`3otkb)+jV*-r)fj2o6jRII>hb3m z=ue5BVNI{qPIlH}<6sJVN$Rg~F<~;NkiYEEHmcG?ZWj)ure{s1sTS%Q*01z7lPx(n zu!HafSbN$zg$`Dj63pPS)QX$b0;EoJeSK<7_bqU80O&b-hiw4XDjAcqa&vQmyimKN zOoz7xh&ip6>BZq=MTLbxe96MHI$mB<8-?3f7}_SMrsNq{Ne;p$K2_hv<*0cjrYdlA z@r|1^iOKa03}}{#DA?$Mr8<9p2%H zq9q|Ni_X1&kcc*6P_8b2G|(I5h0bnn7+p9Rf6QoT0jY~)&mLnVqelq|-=Q(Iuqd!? z=j-30c=|LX8?x6h3IU5S1Ga?3n#Lgf1QlKat5!y~E__TBKn}keJO*>`CvK$FlYVR_ zX?T;IJOsrBrY8)o_#o955NJRG?C!pfR=K>7I|>JYP|83OGXq&!B9fe>q$E&+I#!H_ zC9!V>?H9V6#H5ZQg;0z@eWmrHAT@O#H#afoq5Zq*>Hoq6a?f*MUzH~LU)VxmBR>F2 z30+8TQ-x4gR@P#82p%|)i7JIhH6Dv6paRk5KM$XyRd;vyG0;1k6SvEE*5dzoPj?Bv zJY!0Mssq5XB0m2Gpa~|(m=C*Mzg{PL>eQw6_2+D8lKi1=QR;(<8C;nBT`_v?hQ0j^ z;ve?U6}gO`#TkG&>iQOZMOqv$6AW>inwk(4r6r}M_xKp{M}O|=DIZ5DWqId?R>jKtKDo0d$%!=+LZ8Eo%_?4GffbvWncH{X=zYvTrflxpdYONWkAEz2 z{TxN6@Ao6lK6{^+mYzU?gO$UOB%oamfh4n{D(s!)Ea58(nF`XWfw6;wgSvVHjK5XL z{JJobck1NHwzjsZsVP-eRXR(#@QGGzeft(jE+`|jg`S*Js_4<9F2Kd0Zrxm6 zU7eirii(z&mXy}{c$J`{ygKl%40Rof=}(uBgu?9!Y4=u=(2*n88Xp~-IA-~Y=~bl! z$ynP{Pu9Ua|?^$m$KzTt5eVSo1=gV{xStO89LYC$LwjL>6` zf&(PHb$=^YCYjFqKNRBbxhEz1ekMT|?s$cTg!mt>OCVaeh5U70_$)r(*1*=9uhWLp zySZls=O?sJ;A)&y1X{3UWNRgH%Mb7aqq^@_`UW<~W@mTKsuTP|2($OLRv^|FM?W$) zH50yI{2ICU{;baul^`RpjN09L6s?eqfHE|G=UocHLLIg%WWZfz3r)Y^jFYEMLACS=L+0EG#k8g|+IBYy2M6IJn;dZ(Ko89bO2SvR?SuW$BY=!`ljK|%j+eU1-PYdjTs((e zM*~~%1%0=g25N)*6JzsL?-2doO^xC0J!%=@KZh zXUkj{`15M1t3nwiWTcu1(E(f~rnK;Y4UdltA3Yj%B+{`#=2s#5qwMUDK^UOvgs6DR zd)W!h2JR7p2+H=fAE1{o+azxvq@tePDL+40;g7I^PRKx+SB$IErMwg#`x&RC``3r`Q$W&%T7mcjbP#d3Ir#1r;Sy&<(n!kly^cf zDb9{}zx~b?vE2}axFgtNVuhKB33cjx{Q&R`A-6kkhl=0^I;p*wFN0^7q7L#1h#;@^ z<@|Ir4>r*@G`UeI0~L!j<52YX_hXLk(Am`1x1NiXW*5$%XOiU!z0h=a;k!QARmp69&xqCzsCMBl**<#0zp}3;>8Yg?$Tg=Eg3e+Dpr^h)W z;eObPX5a~?sJO$4uCwNC+frk38Yksck;V0UY_eJMhp)vYUY~UGagUFoh)jgmZVFSi zEJ7FA7#UOBCk1G#st^?^11p=Gg?V^V(9g>6!W-)U@&#HkXt`h&&tz+bF9WkZTd
z1ITENKHte>z5n2li`VPs?k#2^Pfz4p0tw{KWkS`vW!Lc1nTxU;LP z;umDY-rikqx-b)X+G&S*VVAWf2ZLWff6{*ypTpy!d{9kqLwW_tcKrD93C1IF_E=;M z?E++Cz=$GK*sa1mU$Cz&^+Dp|(voq3l?EsT3bT`9VheS9ed9$ff)M{9qPug4EU0{8 zW@ZMGO5=+cL&Iasq0zu#^m%P8~yZ`(;O zV{>9od4*qnx?<__g&<*r6iX>sACdIcbW7)XTG#t=HDNh`qy~nO0TmqAAXv%wzKn3 zL>5%saCrywV`D3_HP;PP2FjO^B-_zcO-$5uln)LGSu3}=I^gexT?E3w_sDB*L%5&V^X?~#Ur?CfbwFC!4UI5|PD@Dv_*I*OH)cOnR;bK@es6S6h zx$QGn-`)nvU?RN42+EV<*?S^JmvYo=PRiWVNN9rcgEAh z!?bMppR9PREsJ#OK|J&PGx2K)@bO3wd!M>YqH>9Il}f1B?(fe%sUAdjdBWx^EkliVDBs zxOQAzyzMfqopGv(5xRhTX0XbRj}Q6rCwu5%R2f4BD{s+kf!ENF`!(CDbVFgh>z!;b#il~ zf#zLJ4T1`V%bnfbWSl#9MnG(UitM>jA?25~wY98Sge@q@ZLO`9WdwrqF}`hNYgeEl>V@r^$qIMI;L*C+ZDP?6Q1~!98np*H zTE5VLveBv$iG+j$iD>!YK3Q$AZ=u+^Q<<@xG_RJB+YMh<*VkV`2!jw0;{99Ek4PGS zpCbMHLXpq;KhWK9&=1zD#4Oxik_Q$w^gp~zO^Fynz6$H)>(U2U{k}5)o=@RFp~Lz= zZ|Whw8q8|)M^E9q$7C0@&;%tC;4)}CaCzB!+4L9x%1}!E*w_e2F0~nsVgbYX=Dpw( z(s1>n(51phWn^?gazs)XY10~b{#>9(Sy&8>at1dQpwO&+KL;zeEu6C7A&I9i(L)Jf zlXAc;Dk^Fxhr})CU*HydFHncwfK|BJCaL77Z}X_GsWfZkGl9h=ZBQo~czd4|FcI~) zgw!8OxxX?bY)E4C?WGtVEp^fiZHS?HHZJI zTrvF55B>AUk`!+4DkalhTX0ecdX|MqYu&{M~A!_oqv|i_ER1o3tma;#<{a zF1^{GduA)^SAjy6Lhc>o_j`7G`)}>_v1sc2r?mUe8J}e1*yFQd)d%P#!w&c6lXb&r$ zdPM7OPz6x1s=Lx#T;)hM@NT!a)ST5sC*5WNo9CC~Ed!nHUpm9u+IzpWcYf*nqL7~Z z=FR&|ucSKHQS?g*cgYEe=JCUii%p)A-`5vBWxa69 z@nU4g;(IMtrx&%tXEha z=*3qv9iO5tMroNftBJ+O$rZ&JuQnd*=aLzj6xq4H-d*^5>a@mb%f*l>{Ju-q&ehKC zX3pz;y)Whe_f-Er9#zav;V`?x{EXLnIWKZLk4byBI(_$Xu*&CKdnY~Zb7`q;s{VKO z%X{_0Eaxw-TYpb~6V$+PQ!hWL-uiHF&2DcF){yCQ_xR6UJ-IpFEG)V98WXi-Ccke! zTc63B4BX)u6lC(A)8~}fy8B$Csh73aO$C3w%-r?~yDNomM*eyx5h?AR(=-~M3jg;+ z|NRQ3Urs!B{p^`gYtwQ3IQX=pclM4B)Am=V?4HeDJ+dU$eO+v~5qqf36g#LA##U>0Slq0u?;1+>!`oV_N=$TcbS#dKxa<4gjis>L@hkN^pAEaY#q#V5 zVh*x_*oa(i4sQp$;s5&P{(YkQx(5~A{@WaPc#)YbQosGNm(5d3WWC7IBk#ILp09_K z({f|q&~Zm~-=ES8pBH}rP{=J=r}*}LdZ^e@qq&ea&W8gOK=qn6g!%&GzPGr434bgD zq~bVo%6QG{!+hVh|2Z;$|HUgM=BoqKL&@EQ(|BWXX|cSo`+@gSW|w{YzZpM{EX>&Z zYkYo%>gKuJua79%ICifNuG_n~{K^(Z!P?T@-QL~zWne&R?%Dg|+}xb9FQ)cSvsxeM z>&8UCKX^EIbLGb3NaEqWTNf8!sc%3a{J+Qc&og+t-q6$gy>9sB*Zk+q=IqV$dfKbc zr_9pFoTGm_TaJv}tIdqAeaY`&X!))A8|EjopPcWAQxlA7K0oCn)GZ_E=wZ~lJQw%l zOld~y@AF>z-DIQIAR&?)|36^?2q@EIc`kYXw!_1xR(c_l1KBdrcK5#mFCo&cSoD{9 t73b%-M*1=TeDXg56lKH5U3)gSB;IR8X%|I@5aFLQr_Uk{{Vn;(FXtk From fd2fc7a44fdb967b1db2b8ef9ec8b5b5eb08bea1 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 15:35:54 -0700 Subject: [PATCH 35/62] remove note and warning style --- ...rcsight-windows-defender-advanced-threat-protection.md | 8 ++++---- ...stom-ti-windows-defender-advanced-threat-protection.md | 6 +++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index f84fd32b24..1caaac34e0 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -68,8 +68,8 @@ The following steps assume that you have completed all the required steps in [Be - WDATP-connector.properties: C:\\*folder_location*\current\user\agent\flexagent\ - > [!NOTE] - > You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. + NOTE: + You must put the configuration files in this location, where *folder_location* represents the location where you installed the tool. 4. After the installation of the core connector completes, the Connector Setup window opens. In the Connector Setup window, select **Add a Connector**. @@ -175,8 +175,8 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a A browser window appears. Allow it to run, it should disappear, and the connector should now be running. - > [!NOTE] - > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear. +> [!NOTE] +> Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear. ## Related topics - [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md index c16b46561f..e83fa5ae63 100644 --- a/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-custom-ti-windows-defender-advanced-threat-protection.md @@ -31,9 +31,9 @@ Before you can create custom threat intelligence (TI) using REST API, you'll nee 3. Copy the individual values or select **Save details to file** to download a file that contains all the values. - > [!WARNING] - > The client secret is only displayed once. Make sure you keep a copy of it in a safe place. - > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). + WARNING:
+ The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). 4. Select **Generate tokens** to get an access and refresh token. From d00f46bc1e48c2b9ed96760a38524caffc883c05 Mon Sep 17 00:00:00 2001 From: Kirill Nikolaev Date: Thu, 23 Mar 2017 01:43:09 +0300 Subject: [PATCH 36/62] Corrects default notification values In modern OSes they have been changed to 5 days --- ...ompt-user-to-change-password-before-expiration.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md index 3b6173cf5c..e188c2bed0 100644 --- a/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md +++ b/windows/keep-secure/interactive-logon-prompt-user-to-change-password-before-expiration.md @@ -43,10 +43,10 @@ The following table lists the actual and effective default values for this polic | - | - | | Default Domain Policy| Not defined| | Default Domain Controller Policy | Not defined| -| Stand-Alone Server Default Settings | 14 days| -| DC Effective Default Settings | 14 days | -| Member Server Effective Default Settings| 14 days | -| Client Computer Effective Default Settings | 14 days| +| Stand-Alone Server Default Settings | 5 days| +| DC Effective Default Settings | 5 days | +| Member Server Effective Default Settings| 5 days | +| Client Computer Effective Default Settings | 5 days|   ## Policy management @@ -74,11 +74,11 @@ If user passwords are configured to expire periodically in your organization, us ### Countermeasure -Configure the **Interactive logon: Prompt user to change password before expiration** setting to 14 days. +Configure the **Interactive logon: Prompt user to change password before expiration** setting to 5 days. ### Potential impact -Users see a dialog-box prompt to change their password each time that they log on to the domain when their password is configured to expire in 14 or fewer days. +Users see a dialog-box prompt to change their password each time that they log on to the domain when their password is configured to expire in 5 or fewer days. ## Related topics From 45cbd98322f0621775ae96c87e505cf6a7957faf Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:00:52 -0700 Subject: [PATCH 37/62] fix --- ...ndows-defender-advanced-threat-protection.md | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md index 4ed9bd223b..126b68196b 100644 --- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -29,17 +29,18 @@ Enable security information and event management (SIEM) integration so you can p 2. Select **Enable SIEM integration**. This activates the **SIEM connector access details** section with pre-populated values and an application is created under you Azure Active Directory (AAD) tenant. - > [!WARNING] - > The client secret is only displayed once. Make sure you keep a copy of it in a safe place. - > For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). + WARNING:
+ The client secret is only displayed once. Make sure you keep a copy of it in a safe place.
+ For more information about getting a new secret see, [Learn how to get a new secret](troubleshoot-custom-ti-windows-defender-advanced-threat-protection.md#learn-how-to-get-a-new-client-secret). 3. Choose the SIEM type you use in your organization. - > [!NOTE] - > If you select HP ArcSight, you'll need to save these two configuration files: - > - WDATP-connector.jsonparser.properties - > - WDATP-connector.properties - > If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**. + NOTE:
+ If you select HP ArcSight, you'll need to save these two configuration files:
+ - WDATP-connector.jsonparser.properties + - WDATP-connector.properties
+ + If you want to connect directly to the alerts REST API through programmatic access, choose **Generic API**. 4. Copy the individual values or select **Save details to file** to download a file that contains all the values. From 0712779aa1b7d33a9e50dcf6426867b4fddd5067 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:08:37 -0700 Subject: [PATCH 38/62] udpate note --- ...-splunk-windows-defender-advanced-threat-protection.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md index 4a9f7a07c4..a965bf4ebf 100644 --- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md @@ -43,15 +43,15 @@ You'll need to configure Splunk so that it can pull Windows Defender ATP alerts. 3. Click **REST** under **Local inputs**. - > [!NOTE] - > This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). + NOTE: + This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/). 4. Click **New**. 5. Type the following values in the required fields, then click **Save**: - > [!NOTE] - > All other values in the form are optional and can be left blank. + NOTE: + All other values in the form are optional and can be left blank.
From aec485291e4d69bfc122d606e95ac7bf26deda07 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:14:56 -0700 Subject: [PATCH 39/62] add related topics links --- ...-mapping-windows-defender-advanced-threat-protection.md | 7 +++++++ ...arcsight-windows-defender-advanced-threat-protection.md | 5 +++-- ...e-splunk-windows-defender-advanced-threat-protection.md | 5 +++-- ...egration-windows-defender-advanced-threat-protection.md | 6 ++++-- ...rest-api-windows-defender-advanced-threat-protection.md | 6 ++++++ 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md index e242add755..d551629b2e 100644 --- a/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/api-portal-mapping-windows-defender-advanced-threat-protection.md @@ -71,3 +71,10 @@ Portal label | SIEM field name | Description ![Image of machine timeline with numbers](images/atp-remediated-alert.png) ![Image of file details](images/atp-file-details.png) + + +## Related topics +- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) +- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md index 1caaac34e0..21b8b172ec 100644 --- a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md @@ -179,6 +179,7 @@ Windows Defender ATP alerts will appear as discrete events, with "Microsoft” a > Verify that the connector is running by stopping the process again. Then start the connector again, and no browser window should appear. ## Related topics -- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure Splunk to pull alerts](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md index a965bf4ebf..f40c7d579d 100644 --- a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md @@ -134,6 +134,7 @@ Use the solution explorer to view alerts in Splunk. ## Related topics -- [Configure security information and events management (SIEM) tools to pull alerts](configure-siem-windows-defender-advanced-threat-protection.md) - [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) -- [Configure HP ArcSight to pull alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md index 126b68196b..a645f8ccad 100644 --- a/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/enable-siem-integration-windows-defender-advanced-threat-protection.md @@ -49,5 +49,7 @@ Enable security information and event management (SIEM) integration so you can p You can now proceed with configuring your SIEM solution or connecting to the alerts REST API through programmatic access. You'll need to use the tokens when configuring your SIEM solution to allow it to receive alerts from the Windows Defender ATP portal. ## Related topics -- [Configure Splunk to pull Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md) -- [Configure HP ArcSight to pull Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) +- [Pull Windows Defender ATP alerts using REST API](pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md index af7b7f12d0..670143cd10 100644 --- a/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/pull-alerts-using-rest-api-windows-defender-advanced-threat-protection.md @@ -187,3 +187,9 @@ HTTP error code | Description 401 | Malformed request or invalid token. 403 | Unauthorized exception - any of the domains is not managed by the tenant administrator or tenant state is deleted. 500 | Error in the service. + +## Related topics +- [Enable SIEM integration in Windows Defender ATP](enable-siem-integration-windows-defender-advanced-threat-protection.md) +- [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md) +- [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md) +- [Windows Defender ATP alert API fields](api-portal-mapping-windows-defender-advanced-threat-protection.md) From 4a2a65dda158e6baee8b3ec152848b9244327865 Mon Sep 17 00:00:00 2001 From: John Tobin Date: Wed, 22 Mar 2017 16:19:03 -0700 Subject: [PATCH 40/62] added don't display username at sign-in --- windows/keep-secure/TOC.md | 1 + ...logon-don't-display-username-at-sign-in.md | 86 +++++++++++++++++++ 2 files changed, 87 insertions(+) create mode 100644 windows/keep-secure/interactive logon-don't-display-username-at-sign-in.md diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index f46902d45e..6609d4fa48 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -574,6 +574,7 @@ ###### [Domain member: Require strong (Windows 2000 or later) session key](domain-member-require-strong-windows-2000-or-later-session-key.md) ###### [Interactive logon: Display user information when the session is locked](interactive-logon-display-user-information-when-the-session-is-locked.md) ###### [Interactive logon: Don't display last signed-in](interactive-logon-do-not-display-last-user-name.md) +###### [Interactive logon: Don't display username at sign-in](interactive logon-don't-display-username-at-sign-in.md) ###### [Interactive logon: Do not require CTRL+ALT+DEL](interactive-logon-do-not-require-ctrl-alt-del.md) ###### [Interactive logon: Machine account lockout threshold](interactive-logon-machine-account-lockout-threshold.md) ###### [Interactive logon: Machine inactivity limit](interactive-logon-machine-inactivity-limit.md) diff --git a/windows/keep-secure/interactive logon-don't-display-username-at-sign-in.md b/windows/keep-secure/interactive logon-don't-display-username-at-sign-in.md new file mode 100644 index 0000000000..db24fb9fca --- /dev/null +++ b/windows/keep-secure/interactive logon-don't-display-username-at-sign-in.md @@ -0,0 +1,86 @@ +--- +title: Interactive logon Don't display username at sign-in (Windows 10) +description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting. +ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd +ms.prod: w10 +ms.mktglfcycl: deploy +ms.sitesec: library +ms.pagetype: security +author: brianlic-msft +--- + +# Interactive logon: Don't display username at sign-in + +**Applies to** +- Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8, Windows 10 + +Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. + +## Reference + +A new policy setting has been introduced in Windows 10 starting with Windows 10 version 1703. This security policy setting determines whether the username is displayed during sign in. This setting only affects the **Other user** tile. + +If the policy is enabled and a user signs in as **Other user**, the full name of the user is not displayed during sign-in. In the same context, if users type their email address and password at the sign in screen and press **Enter**, the displayed text “Other user” remains unchanged, and is no longer replaced by the user’s first and last name, as in previous versions of Windows 10. Additionally,if users enter their domain user name and password and click **Submit**, their full name is not shown until the Start screen displays. + +If the policy is disabled and a user signs in as **Other user**, the “Other user” text is replaced by the user’s first and last name during sign-in. + +### Possible values + +- Enabled +- Disabled +- Not defined + +### Best practices + +Your implementation of this policy depends on your security requirements for displayed logon information. If you have devices that store sensitive data, with monitors displayed in unsecured locations, or if you have devices with sensitive data that are remotely accessed, revealing logged on user’s full names or domain account names might contradict your overall security policy. + +### Location + +Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Security Options + +### Default values + +| Server type or Group Policy object (GPO) | Default value| +| - | - | +| Default domain policy| Not defined| +| Default domain controller policy| Not defined| +| Stand-alone server default settings | Not defined| +| Domain controller effective default settings | Not defined| +| Member server effective default settings | Not defined| +| Effective GPO default settings on client computers | Not defined| +  +## Policy management + +This section describes features and tools that are available to help you manage this policy. + +### Restart requirement + +None. Changes to this policy become effective without a device restart when they are saved locally or distributed through Group Policy. + +### Policy conflict considerations + +None. + +### Group Policy + +This policy setting can be configured by using the Group Policy Management Console (GPMC) to be distributed through Group Policy Objects (GPOs). If this policy is not contained in a distributed GPO, this policy can be configured on the local computer by using the Local Security Policy snap-in. + +## Security considerations + +This section describes how an attacker might exploit a feature or its configuration, how to implement the countermeasure, and the possible negative consequences of countermeasure implementation. + +### Vulnerability + +An attacker with access to the console (for example, someone with physical access or someone who can connect to the device through Remote Desktop Session Host) could view the name of the last user who logged on. The attacker could then try to guess the password, use a dictionary, or use a brute-force attack to try to log on. + +### Countermeasure + +Enable the **Interactive logon: Don't display user name at sign-in** setting. + +### Potential impact + +Users must always type their usernames and passwords when they log on locally or to the domain. The logon tiles of all logged on users are not displayed. + +## Related topics + +- [Security Options](security-options.md) From b5d7af8a9f9a29128209fd95c874abe6c0bcda01 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:29:25 -0700 Subject: [PATCH 41/62] update image to reflect machine list --- ...ows-defender-advanced-threat-protection.md | 2 +- .../images/atp-machines-at-risk.png | Bin 34864 -> 38446 bytes ...ows-defender-advanced-threat-protection.md | 4 ++-- ...ows-defender-advanced-threat-protection.md | 4 ++-- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index c2c75d2d52..8bac8bef95 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -62,7 +62,7 @@ The tile shows you a list of user accounts with the most active alerts. The tota ![User accounts at risk tile shows a list of user accounts with the highest number of alerts and a breakdown of the severity of the alerts](images/atp-users-at-risk.png) -Click the user account to see details about the user account. For more information see [Investigate a user entity in Windows Defender Advanced Threat Protection] +Click the user account to see details about the user account. For more information see [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md). ## Machines with active malware detections The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender. diff --git a/windows/keep-secure/images/atp-machines-at-risk.png b/windows/keep-secure/images/atp-machines-at-risk.png index e733606c0cfe7d8c626962cfe2795ee7e428f0bd..219e958d7d49b64f8352e8aabaf5dd0cdc10b25e 100644 GIT binary patch literal 38446 zcmd43byQSe{4P9%NQpEEC?MTPH%NC6ozmUiq9CnEryx0WcSuT?bc2K-Al<{=eBbxC z-u3={*ShP@f;GdQ!<=*W{_IaY&-0lGRb`oH=p^V62;`ZZtfV>wg17*IAW)zpf{`Z< z5@Fy8%~@904FbXHdHh94WWpi^gHPS%l%$@nBM}mjuxdrCpZ_-`rQ`nA!`<4+6;fP2 zEDMG(-NBHgg`1hHjkCLrlOqHVjgktCqd$&II63>c+E`h;LrR|y3xH9q|3+OcOdk)W zaJO-=fN)S_Tobbfd|9OJ(aw{bJGHwA~fLK-@2enl|qC7LcOD zNjeCG0wO2*R?|D<@3NP-CiLd%zsn__Hkwp-R5ZC=r9AB?I0#Rk*qazj{b>Kxl4Llf z;;t)M_5O)LBJ{_5g=AV(c{OnvTw7UM;ZzZ~{p))d3Dg`^#?((oJM&iA3|@yBO?XYK z{5!%sxbh4XAF#zyd$GRL%a<+&gO@p?-R_-c zYh3Z&*H#><_B^DNAJj?EKZ@t5mg;}NwzX#-YBpd^vN&%^n3M>|vaqno#FwGZ4-xA$ z=a_Z~#}@A(Qp1;0D{UEKpA(E4&yIq@0y|dCIbOu{HRr7#dz19xKumOJ{goDSrf}Zg4N|wZA$AY!PV}nNKVyikoSzL|99!ceK`MjJrnJtJWi?- z_7iU8>gPp>rDz{|bQ*SEhr1wy%NHO(m_aY)o*B8S>HIV7vt_Zz`@NTc6H66O zeX!WTh8vM_p$mnUY1tJjXTJZj#=GkOH8pj<&Cd(6J6E-N_Gik@*4A=3W!<%@FZQKf zl@3Y6I$d#TX$G%T7PVZ%vZwyLjcms)k+^ zhqTmGpQHwQR@T7H7+!p-7hKlkV6s(~J2#INGX=O=SPo|No$ft8R^_N#cZWS&clJKp zohZzTqmk2VcK-u|mV`Yg51fW--$&l}tFjZ{{jC}E{5$6|#M0otKXXvK2rkTHe3^OI(=F0yOnQOn=e*aZP#AYH_YIyVK&G~*ZtDyk6!g9lwtf7lsddHR8QVINn7*k%f3SSJM7`~vA2u7eN77YNIktWk(&r0};fZr_aJ=%}%>njw za}Ni1b(5cLG+86->3P9+m~AoN*vKcPc5%3Tdw;oldAQsHuK_k}H(MSP7uTRyMzm{h z%TDarc0M!2)*(biwJHAhq4oF94x3(Wk<)7XPGj4$W44gb$xE-L32>hn3+&)Rf-I}z zsC>6S#l?vZ@nD5hkzoXC9#aTJTMQ@($HMr!>3EMXXB{8 z$eNF&afgUe(9spX?H|4l{LsuRaITwVQB(c+2t0=e$dei@^# zKa(HTZENPSUI|^D46)tb2kItOG;Tx!Gld2XfK!NEt%Xi}mw8UiZUP(tx&Obnaj%5! zc@|~J1E^8O#l^c)-k6;+8ZLvaU7(Wf$WHwF%g-XU?_dj+h`vJqC~|)`1$@G(5P6KW zOf<0zu<@)Lp9aTe0lOJyzE|gcapbEN#vR};gRa)YTRaaCgCDI3EL{iuW*@BW-VK|O z_rJAp@<3oQf=L#lw|{H2%Ji1~j@p3Z0$$?JLBr}wm6;4gr^$6|smX1`vL=^4*}!$+ z>Uh&9tD@s8u=BBWUa+k(cg})(-bDp-{)NDGU%-~kIOrOU9$IPn9;*Z_r)u#fMBo#+?w+Bv_ zr1x)7Zh`xFyxY4w|F_tqyit%~YB?Jl8?(M>1_lP*7SA&HHyBL6!4cRCa7PuQiW-`l zXYkvj7K3u&3ZqH5Bh_yf>?(lUkPo_8`w@yqt4PnrM$TzDJXd9=UvGcC87ErJY{x}% z`FH+wJ)GRq(lYi1C#|61?N+iee6OV9Oxs5&D_s)2zJ_($NT z4P6IlzRScZD=D$i)AOBo6XN6hpA69X_Dt-M312R`k@7k!%F6@m(&>+ViAD)Nr*S=u zbfMP9ZO>(;)@CaD1t*Wg0@u5qPm~g2a|ai~eix-WRk<*jJaqbU#qa2R*4Sye`FwZc zdreKvb22_v4GoQ1I&&_PHlriKqt+Vd^)6t7JYTRtAhET@Pb^<}rB_4MQcvwJj{ZgEsR=k!=^UY66$|~~S-ky}#Y+}tg>KHkRPAeD1(UHi$6h`yt3`5Wv3IY( z4!EC=@EUt9dyJ&>s;H=lt|sqiBG1pyV}+X?t+d^QCMG5_X_Z<}@7W zk1Q6fP_6y^q-70)n5E@5u+9hY`yA{Uu&Y!=@433!*;@a-H$vsG9;b-w$BU6h5K~LQ zdMU63%oHUw2ZXfMpoe>H?M7PG4-ySqrSy`ozSl%CoJtI9iIk`Fe!|A*x7S~^6Ig(}stl((%;n(b*RB?`K zk#R>Li1 z)4SeCur#MxeuopHY~rYfim^#UEpd_ILwNx*J>EpTm7x|+IajA|CM+!-Nq<{sI`ZkU z2DMKFjZ?i5n~cAbk?wopg9y<-p~@~lm7z)#%o;!;8mInlpPktXDCq<=8pVA*YMo6*1-`H?3#Tu+=`y7S{N0uhteQN0X|Kk9)$^p zAC=ga8)YGzj5lO7H-bs|IrH`0$Y2%vPeoknkL~Oo)iC*W%-@l$GafD71O$VV=Ws3} zuQ64t;aCR9o!Z8y3G3G1@d^-=Ka=?n@XL;;n8eP@9zVH85BLCVvV{g4M9u zeXi0J3WWlH4Yq)Rudna@#Ow5tnI^X#Fy#yy1)p;1<<#l%LCy+UJN5={n$u!1p*dGG z^vCDaR9zh%@b2mMNceMd;4mSb_B;(XQw1Pykzw&#M`XnSr>3qQo}Qjw0`hu#X6CbN zf8Z3$mK~o$vUWhMJ^6@11h%64(aN%I-S*bjpC?UPCFiv?6s*ZZTdu&n9M#PlMM;1E zB1=t%r4XMd$`qL!$TjNzO;Qa+;{f2m_g+zc*d5^^#stBPjm>FiG!w*MPLddq4?-YN z=($7t)kYMz-OQ3J$Rkz*1ubztj7$Bo{&+XJ1I;(ecjN573HU;=D2}5xq=?J2BLi7G zGQ-19l$Ml7Mebf$N?b9g6D){p>!cDsSL^-4(WKypWMyKW7|F5hrKqT~7L9rB@5a8; zS8rpfb7JNUM|lXo*gm@WkbRxk#mt_(O>&AQEs=Y%Q5KOHxD|DTgo&V=kHLeyVZY>% zEGS}l^x&wH7l6)&ASqe))($OLjsk=Cx?`E(&-~!oJjz4i{(a`ulhD+dPh5;@QaLzk z7}Cl$GtyL1E@Y;}Vc4z<=;InTY4v`WhfeL+wEXSN}}!i{HOTOdr{H=ZXG&gKzN`Tai{{ zd1u4N2wy6DY}Uj~IQAF$tI1h|39e_5*jK_NG168bih}&{etvLpP?cU&P3=p3{K-$M zxYq0Kbl+Dbz=hgy&abrj?F^@CsH%=Pd+dLql6l4F{O#K};8NU#RDGMGU%~diTFl$l ziNLQmLDrig=AD#n zCFT3o?KNSi1R)WD!!K&baY3r>_n%XYnGMs-{P+4kNa??)fu0<`cKLzwu%?{kmE>n9 zz918%bTBc941orE{F(VCS~`-J5|7)zd=a@L7C}Au>m4-~rv$1gF+0ZZ96N)r6;VN3 z`+H-&DD8`QE5^+2aF6qjhj?lRcdx3mF&~2ag*2u+`RcEk*J6>&?l*fFG4JI};xp_& z8VC3l&mOE5tfo&ghaf@1KMn}uznodV*sXJk@x@l5>vPGgu2#qI1^I$X2H!CeuNL$% zdhnzl{QA1ZHW}1TM@^0SQotSDJ$c~O`rdTO?b)BN@$u?fS_MwsE(X-N*Beo6ARA%_ zX=l1)^T2^8xuECYDHYLaVn_ctsoBPQ&-H6P>1_^W|;-N_DW&&xBvyE^vusbIy8U^Z&?UT*dP z`{%aNWivw=>@qF%S1W!F?;I;gD5n#!WR zZqBi%r#J8Zb5R-iu}g1VTWP4EJ}QD-POkeax=$E%NiM&^bp!J}^KFy&EtEAT`fxX?z*Z(&`C3jL1TqHn{^f=y@ZeDB^ttGVO4am*<%#>m6l7NusS`()?j$%wM|VEeVMsYy9GI9b^zLbWEgY zaMPLE1z|gUu4iO~eZS50EQpgtriR}Mxmeny{@qJ5OXFzp|AirSiRE#>A3Mbs^ODde zBQao|kQcIaceJr@%zX2&!bVOx)(UMb^YX>I_$OU526}q$<6femn?Hq|BU-{N@_(L- z-m&{#*tcD|cLpQuT)~=aY_znrfH8tX%y%nM8$_oXILb}Waza7^C?dedsPZ`lQDqBw zM@tIqab7zRGr$^&fXsV%STP{d{_Wcz7YB=v(a|e5o?lIg+f(gE{o9cEuGjE~}A zP5kbT`;Xc#S3p(b-WUBMMHX9}h+GLtt)N<+6kjqGMgj>o!pfaosKiCJ6D5=kWd4-b z=OVT~Nw&E-WXsXMCVg3jA%rH$C6~jDaG$NOn-ee2@I)#ZmsG7v+S!l5k^5&tVt58qxMRj{SJWgw7xLlPq&PmS9335NW2>>3bTA|k2iXOn;9lD_Rpb5&(}1*G+dQfCVrZ)8J}m( z1$(|qABl?L{-9#fulGNjkSSEjhR>PB)!EOht0kDQ&vgU^h5o?CL;+5$ z(tH57Wf?#(bCNci8n*fGr2U$$9Mq%K^ycJ4lh6z3$xO=Y$juPSNH<&u8h@oLjm%Y)cMt0aKEw=(pkOcSt*18G2wlK=1GX^ z{*xV~ir(AbU1!8_4-9ODDs0)W7p`EzHy7_=&y)Pp3rWM=tN2(-L+F^1AZwMCYN^$j zI?;;nGimZJQ2G(Y4jjV7Ixdn(Zx&aL*YC~C;?{q5Vr?@C=o31k-!%%BM%D(YEY@t| z?eTJt4ssw9BWmGI4YS~DGvKWrWLPrF%CT@+YFx12e-01-Dm;nI_1+z)RKo}E>Wm4Ah=Aawkhdzn zRQgC#Ru%|t4jiejZf@tv3h@A@lZHaMm1^|LfT?k(k34zu1P0sw{d+fDxr0!J9^ZDp zI)B-*0tREGrw5ggl&fp??Ec8un2NkSEIn)U^!nuV5zyMJ?gc(LmW)4l)>(%+2^4xg zy}eIDf85>O?d{n@z9sNDt=uW9l@=Azi;5bn;fHsBNl5s8dQFBEE`osqLC3%V6(7Zr ztFp3kX#QKo5D+b%4qLhb-?Y482}&R)28Mx=kvbjb>+9?M{CwZ%^6%cg1AfIP>-k4< z;E&!B(=stBJY0d70-(YHSj7HJ+4*%JDy6#%w#6QXoe%~qQ%Ofc*=Z*ECeH5=|76m}ej>tH$dDI+Y0R^&%5tEq3gDf!Z zkpxU<$5E%S(qA=E?eTNP+PhK!BpoMLw%_WDR-J5(jW^*f$#A642i}FBCSSEWW|q^lTZc<$k=+@d_%r_^};9hh&-V zA0!a=^bwTM^{xi=$2$*tEi`s}51$h8NK@BRnqqbK12au|R_K-#9Kvb$_!{4gSmyui zvq34Kp}yIq^>6a~o>_z3g`GHB`a4SKk3a4LnWK%3jR17Ny1LS7zybHhMxS!OJ~|7x zfD{I5qXf;=@zw?HRg_L(FNRIiIi(aF!pWj97H;1Kcf4av=cX@+v6X!$f;?zRK?s42 z2g{iaYoIL(^^G)ten%z)sFt^H-v$N-g8GC$GM>5^2D2gQW+&?hED3w`h^5^$4C?9W z>FX=d&mD31xEh)`DmGgyZPM&}UNoO*Jw?zH`s$(2R9D}OoZ`LdpI(Xarc}pUq|FTT z4Q5;n-c6OGDJ7>M*`zfzsS;`diC(!;TQdmlBryOS0(As{kCQAI^3w_;a*J&A=<#92 z#q;d}egNbB_BPa>M;~)B8k|&-IAjOHHy$(NZCq zT8vrjOd2MpNEF~AW#5jZGzD-j0ID<(4$4EuZ^ieV#84+5vQ3F0pDlFpdqL^^H1r2k zMeF2&XMf)OqbW6Gzr&W{Qd$H-dN7d*DFiZ9?R&x}*ftA@q5Ip*s9bN5LKPGi@``KV z02}#*`fmK%?cdrDP&^|eBE)Wv(nS55kQe}-5`ZUvPOn)FF#bC(g+wq`Q(N0J4Z5&As#r{vemhYF7ljJW zMsg><&s8g1nK{4IXkpURhs>@q+<(LmMzp__tjN&dyV=Y|f=)KI9)&OZmlcv5)Qiql z3in?wtsxcluL4AE{K<4tD0gJ;Uw{{YG}l+^XX@_G2TqTSN@gZGbr9Os)zv{+$to+6 z9`;P;bsQ@z>GbGLj|E!CQC3OU-dmMgp*)C~g^uuUgjU$7;G%;Fp^u}-)(?&^&d3n4 z5T4?&AS~tGgm*%>7{<%0_ZNM(VN`lLezx8lEXjNjlZ6}DgTFD7_(8HVY7PmMVfbZw zbAv&~u>(P69h(*E1U;1IpscERK+Dl7)ta|bZ7buogpcaHFue zG^VWk#k1o3nqi0-0{ld3pf5YL=VuY){lC82tP!OhzfWMxW`38Bp;~u-oZTdgB#W`y zm;##*pKG3Puw!aKp>-BRNdQvL6rR7!frclReOx~r30(gRXIffb_Au1f&-nNx7){u~ zY+-R@*y>JtG;gkud6m5N9=9JUU;_X&Daf?T#~49s6%M8F{>kcal%BXllOU_FmpM;f zK^nJk`&kUhBx+d10BswRnLn98V?l<2_;j|m&Qn434~0-`k^O1aC#VT30^V4PcUR`3 zaY!c)HgRn6{r-)w@!B;s@vWSnqqn+aE(E`N;|b&nF8e!zV2kFh$KLb+3*J=+SeSdY ziLS-TmVC3HXHQFDFaX&n zefe_S!lg1@B#!_gMzn9^%e$P$gCtS*kG&H^pnrn+O&z9Yf>w!HyoiRdHjg(lL%++G z0F__Qv)aGVxb#dwd}4xXjc=aF0g#o~#R-(EUbtm;>fQI)-|+Dht1&AvC-z=V&`*fY z9t-nDM|aa__}>2ATc{vMf7bc)jYE8NriKb$3K#m#TnxPZhO|PIEUUi!raa3<1ivj9k@>^1Q%Pg8G;g^y z7kw9e2r2@!#KGtuY5Ln1Ccn)!5;}WOVUTgt*?>~UyDq(K9qmIIpHQo67~LYbVcx$+s&ZPhtF;q;W&7axvKK#3t>79TS8nb9c7WZ z_yh#pWErA9NB}$soFUk_*<)TwEC|7-#A^7$uf~pWW$FoJobF3?w7@imEzL|{_gEaS zd=dxJ-kW<>UaZ}W zkc}G|`afELwZ+hNhM~dg4dkd!`=zaHuATrewUb?wti{skm48%IaM?*x=vWmRtG>R3 zY;Rp>>FQqp-a2kD-n-))yZk#iScuZQIy3E4uqlCHbYH$#RtJqvoi)M+ZDVE4I=UV8!@AL3MU^Cij(=`v*K#%O8Er^ea&jm zMgS%NO4(d`b$OW>5)S~xr78wRJ1+N;{`qXt)ZBcdNGYL)pFG6v`dhYST2DiRYUpG> zlny8x80B^}JH0*iW2MRiJH{Qh2%}Z9g=y>DBC9y^G-Ya^K4{_c}KyZD6>*E^9X>uzz}ZYLOya@lii@Umyq8XaZG z!Jov111+}G2I;gk?*e2u-XH(*I(JvPE!fCrVuEy%LowuY^F#1FNT+em#pKS4v=1kS zxh!N6yF35Q%slbpX{jj0gAo2bdDzeZz%Gst8HxE_K+RWLDS!y)q)W%A8xUwij^W!uU%|v9So>vQFY1ZK! z1VRRjce-;rb}M0W+TYY;XT868HTqdGG`GN33_>5Ar`~p(GrEA3Qz>cuBK2;%?2oor z<-L{LNaP&_!2dT(Jz`ZMFiwLu@07lIQ@J_RjbWy;KJ79_SJu}Tm0q3?e+O}Wb0>3{B zx;$9)T50tm54v-q#*Of38I{|-|24(MLX6qg{PVP6^MRCy-f=y@>_YtuJdA?KQ^qlT1a<>@U6F+oLTP8nW0f9cTR<%J6g z3H9-5zpVES|E*VwD1lr6|B2O)jZF-3CQj9oLqYufZd0J(1;Sbj)w&#pg5QpwrD3`~ zP6`$SN=F{t&JcQpS<~HPolvjLu{1uh@@5$of*(wOcB7CvX1wm1Iu~2qxA)0&F(``n zRgA&v#Ap>Va+sCuvS5}#XU=!X&?ypz=T$aI2D^pH`_A~8h_1}#3>R8YJGBI})EE1( zmDN4ycfBLBA90W5GSK_j=@63n`UO- zw{!l?CpR~+;_mpv{g?f?-mE_iUux}?6BVOCu<`4VId8ktU z^nXx1jn9^N(9z{z9Bhc*0Y0xuK$IF4lWV$N_XB*q)#wO7J>92wm8RWEtcEvHTcK~N zJP-70=7j(h2gmkn#%~RWyAW( zKH7*sPlgv)Z+^V>ZK4f?>g_^tM^(jOP7I9rkl&kAig7+$=-HE1;S)Wax#GGgY5X6Z zWrerDx^4RChK8`P2*=L0*(RuG4S3A*ph5InJ}Nd;HnFP{YR3F+dbKVAJ=tkNWWYL% zB#X*|ASdO`@j*bSxd(sdSy!VN|2^rbEr*RWjS+wOMKhgZVv50-FK0}2AVi|Zzfr74 zMqAHV%7OfIK-kq69k#mjFFU){_%D_aZ_lzwlj-cwyG;1C;Qa%c<|23QSMIa}LV;J= zqh`G9WnVuyJrBRntuItme=%8?D)-Q6ndL73Cin~V?1v4-O0etaMHPeE2 zZb~}2Q{i;W3)47iy9%pXhUY74R4S#?^-@CQpNqmY0&$ulKqs*Zzu=AC#3JLX^uIo- ziTl;x1HiCHbQUaNgY^U=1eFq?F!w;~(6(aSB-!<`5|G~D0gz11=j60s8F+cUKwPon zKjmSFAp&Zn_s;e4a^k3Cr!oFtgc9F}SZ%P-^}he4Ske{Q-DAmj<*TobBqNy^Mk5ai z7Q1)V?#f8W*;}1~3=6#>BhOhQ#Q*7T?z@Y*Uq#|{Yz%SqY4Ub)I`?B`hy;AEf7xBc^{UBDFVLagG4#K) zQ=_J~b%@7&hAxks^vn4817x=%KS4l=S)UEg{=3IZB7_mbW|Zh{CL;)GW#>9pjcEl4 zh^n!+TcOW8mD#!jdrG)XCBfk zn*jnH&XME@G;uM2{=%k%K3jm4)l`nDqJiWof+|BL^4@j=kL*9I!Bb>0ew#~dC_QB- z?wanq-zto&YGZdLV&C!Um&OO)R26E(aR@0W3Po^Mt-eG<%3xj1@K1q0QxxJ?*x)Bn z=tGcXNuhf4i3!?R*QLzsvGVfPvh>Y?w};fEUf<+7FsSJ@mn?}{AkaRh~%B;*bzLZfRR4fK`D@BZXd4hbi*DB%CsF^Lab8NX&esA}* zXK86^7Y;6f908zuw74>NfgKapr9r+*ii*E|0%yw&0p_n1l%%woSY6G$@5~q2PoeG= z(ze>g$c`v;ks!4XXZnU;ipUAeoF-Qb;`7aoE8)o7)|Nep$2|D@tXh67MMT+j<7fTG z?!(1QIdXH2r2n7A!5>XYI1Z(`^4}x1UX=<@5oyXljGU6j?Ys=J7(VZk&xqiBfhzIM z0r;!x$Dc%f>%-q=DBHiVyKxcYwFpFxhvDddRAbzw>iGwJ%cH^&#I%HhbnCBGn;Kg* zOZ`-{ZI&qRHN!M1dQ9IbAV!MjnbVPcwI_qvGsV6t|MDb>p2VE*iMVXUgXB-aZD<;Q zW9iib-UFCqLz<10iwnZ?Fc)(;>%+qZ%F)5PZL<5M1{q~|Nq)20m6@73s7@BmC19DH z$JDqJdoXu~&URNE@kk^3uLMr2TzVv>+A?G_m}EG7;wo_Wv5N8~9pcm_(ei7yGT3|U zX8J#~85Iwx{Vq3&ztWUHOj=RQ21$0{M$t!F`O1Br^mh5Ma}5w5w|Vsro{{;639gu( z>(xM;)ota&8?5>x^sYE&)~KJqHnp?h1@HR2reA7Azf_OOK0NDat`c}XwVb~p5j9Bt zG1k_K+gUPSY`^SfdBuU6*LES~hGXZ(kZR0ZzDLFDii$&cJJA?kzPF=Z6@*a(HBq-W zNXFkx_Co}igp~P>hKu|17(!C9Fp)rX^cO0cK$_Qf)$&g*Qy*M>x`KGLI$GNqUr&8f zT%9*K?TK`~XHhX6%HXXgcP#hWYT5gwsQnUExCO@1+xN`gW}P_K7Si7^yBo1sxS>1A zvi!IDn611_@5GJ$_0$tVB(DIqG-HPLi-7Zv_A-Zoza!igs-gu|*>p2KR5t$0iL118xcMV4ep85i37$A|zE500!j* z)?z#*lpC|#+|qKvo(I&H7b3V)YJtadYVrr3en5icWDk9x>bJF*$5dU0w@t)$%U{H( zX=>v7aOM6~^kMt#L0{wgE;6zqs0imfBU7bQwBoDjQFI7165`mea|3qF6z_ua%3uU` zm*{nGy6`;PR2ylzX@N1mBGrHL3uei^qI0}hkOf-wF@yE2f6#$Vg+U`d-4)hluKE%; z-M6YiHnUutq9}AiZF#My3Z?gfB-M^_$Nn5qtj;)Vj`#3K`>`Wuy7?CEWn568$JWp1=r3X}2J11c%}NNN z5ccEW#@)CUF)I&EJ913gFVx|0_|^{(N1I=8#Y>k-&kSa7k4b124fGJJIMR1RBz^|- z@WdIvI1bEtYceQ4SXxzVCOAioh*UkyDNQY0-FTN27sX%RZk$O8jM`uqvWb)wq9tVd;&qP-ECp%;Ctd&8>vJEpdiq3`O_poob4Xon+C6b_)x zsNP47Y?iR!9-ipw>FE$)Jl%K4txv^*)TE{RfUIC&Wnb8N4MLfRR=(z{7qf6}Uo*eZ z;PlY_Tr{KDALw9J>1&zo`eP>o#mph zlO(n;xjv#cuoa4T230CU;W@vmxIjovx*K3Q=*Qr1$xrtb$zgVIy#U_(iH7-<+Mprqx=Lb z*|4Yz(ez95P+a%|8|#E?n&=Q6N}uTX;`CZEYjGce7dNl7q=+Ma20s+BiH&gn8 z&)EdZ~U=fIj=~dMDf1_fLLLPmd1oK?awnjS-;vfPNn_ zBpA>*8X-S*rETf+6D9%84ajf(vKfq-;nf%;t=tTYuHlb4+8=)IaGE*V%iMMnZhwVE z(Cc6--tYHPd>H@O%^p2r{rkG$%FJXq)05S-twsS3Z;?_M_$zkj1D6I#{2Hzpj z%w`LC>?JU0pi+utJMH}{25aFUaL;QsJ7+}_y9wUIkC6t+P>Icgk5Wudf^FKiGanF< zT`rbLlRWJXP8C&?nY89>Yu@sQy~G{1o->{1VjbW+2`>S{Vx@S$;fwEsoEdfM|eT%Y=l;tyu zu4;RrCj>J*0c7>7BE1bRwF(^mUQW`RY}p=4r20S1EW>d&pNQ{1m%#o|AXH6(+QmQm zJcbfz7LmJ`nm#Fswhox@%~k+e+ayrEw;EN5sLz?it1l-owjCyJHiE_lrt-$uKr0s) zF9i`Zky9*3u)`sa`WMbG4_FfT?{`{+ou~efqB9K*ufwI(p+w8u@2 z4i46)-|@r4!=gPNkG(&X?ndu)^JP(8nhXMfMs=y_6l?$>k<-)DBSA&ZohSlJB9O_N z%*4vd3RLUd+ytSZcY)HqD)K%LEp`)-$jgpnBO_3JsVT0up2SDGNH@vhchue^msj+K zJCU<3ux+)*_=MZ zv6O5~RT*#IqR-ml(n!-eD>3s-*nY#!XpAJrh(3M2`}ULcchJ~G7}aZ8^M`0g4SEg~ z@VkJiA&1w18?t@PSMsrj=NzLRC-f!eh4Bh&y(}454(cp1>&YlNxM5W8fd5^xQpp;s zB@c+d1a)}^2s@?(Aj(8%lq3KrI>e=>-b2q{l|^si9l}kLK7;sOJ^?lvA+^DPy@ITW zCqRk_8D|%}FL}-Zm^ZKI;$N>2spSBL$M5?4Q~xF!GUB>($|fkz_`4dQ zF34P8W-IngIrqe?pDm{lmnXEURe5fhn0H@1(uE91>KG{LMd4T9`#04d#a>EN^!XpK zb)L(40Yeg4`QJwD;0SX8ti$LYO4Vo+(bkc6lQvrQB7U9f{(JAg=jEaF1=H%N!`2vd%sZ#vF za1@eu$e5(BIt2ZM^oc$`~Kay%%My#WMqGc-{_HCRhqByF*1(|vZH7yRNhj+d%>n|E{8Bx&I$EACa1B8uG0TFum?+w1dRynd=k_k` zXE*WS96)1)NyhhYBMXVSgbRNfIX2~4hnubc1L;u$uY6Ye=eymaMlWsehYQPrhvnqE zf7~us3q}dWyx(k*i6Nn#e8Y;%A*;sJN?989W-4=8ouVSNfzC1thCLRj&ddmqs4s6$ ztZoZ5W3--fN#$cAd=GI+Q91RIN)3CR*4slId$iY&G$FIf#3V!#qk_AV@_DHwW`Jns zb*?nSKQg(>?1EV(b!*vQ#NwsWT^z`eT-<=G+kDp z`_i&X-_%}l@KGPvY%cn9(f$4@?0Gwk&>#bU+Ccg6!O_Kddb+Dha(ZpkDWJsj!%D_y zq1G0U3l67_`S4DybR^9f6baampY1+QlRvZSIS-80cS|j}otVof%o*jmXuf0zTD@EK zv@9@!sB+&d6(%|b865ZF+3-Gh-i;eJ(yF;Fx`Kxm2P~wON?UHO{9J`=1eWUj#Zm(Yz7zcoH_ zTOJ9bDa(d-hkyC?R_1WW!|XYjr6i!)!V-=!lEmNiSGQW8cSynM z_kk(X_Xt(uXY=y9-zu|BBCY!{SC-9A8cGGc;%5FqQz*!4qY-}b%#Z5pPLlAkY46|L zuZ!HGRjNM*4{}syZ|z`PyT{+v*1qr@#QiQnOWsbweYrGA9(p;(I3oLdM|7E)Dk2CN zh@de`)kEfsU-RmhKd3*JFW@kWkSRI44jz~KeUseapDakFWQg_KxVd^-?m697Og)ue zNJPFxF*<`>a)=|on>$(Lk_R5Zov@10M{c+_mA4!Uv@Dm$b@_vi6VSz^1?A@F_W>Ep zdkSoEd?{TZbo~+fbU&Qeloy7iJs_Mur5di0&>_vSRe2T*()Ro(c!AG!t*A($q|%g&4}T=po&~Q-gb< zMDgNCI3v^<#IX^BV5k12m7e(4D!opO8)=&*KX3mogOCu&SrbL1)IuoNDywNjAi<^M zVw#(}xoW5%HPaKh(W$X#FcH->QKh)VgLgg+4enCmC%l&rDI8zBu!%XaBb^>9c>WFZ z!1lgL*7tYY$$js;)%xx4TdwrE2;;fvG!p~8i*tF6ctL8nQN5LtN3C6{sXhDT^|U&R zJH1udPCGg%fvmVd{_HfbNW9P+|9b=IISI4|A2PJ7Hl1r(V`b6r{ms7BN}DdV!W-~D zS<4J<6)DCb3hUA8#+V-`naIW53@#5W>!(82CcYf&U&sIx_Z;MCJ}8C1DGbm(pZY<+ zv*ArhjFQW7{_&TIq!}u|7DFMOa|Bj7ym79Dsa5~BMlZovc%nUy~O90s+}s(u~)+_QW68rO*65~Y86@U zgL@*W%p9OUY@Nr~k335h$*-0^R&d|=*NC%R`gMi%_(t&I#(zi9R`tM(0BAN=s9`)VnOH519{NF6Bkxb|jR) zk80%269X?YgU-V`=W<4goD?*Qs-o2IPAY|o}4{EuZC&Pcl5qk)E`$BobvAc9 zgWJ%9hu_Aswt$MCGl^!ojuIwzB}q!1VE6N3)^kl+63QT-rba)%)0)kt15R7co*Uuy zOD*r)2JUCOCMXc8e9*jizwltINCu${`E=3caJcxCU*0w$-gaw}?CX%aV9(T>?#`;b zJo$-!Mfy&C1v{pF^v!+_kpWL3Ol z6?9FWuTE=~Oj}3KI}yvpgSw~veb|U49`bs!@e~)A5!n}uro6llGx}L^n|u|sEkLj7 z%vTEA17!e^dxB&9tmcQ2^+{1cD`?xteK9!p?;O!R=j4nL4*l z4JX&dL#*L+x9{JlqyM7?;5p5rHkS4C`j~9-P2iide~J4@`S|8{yhE}LJ_AP46Qg;m zqr@k#_wK1SxX?e!e9tMmxbwcWc**>AC!ym^t~bNU*72`XkiYv~q{9zE%LFbr47Q~W zEiP5fD-$)Px5Yx2M}J;&Jd0{TKFVA-)lCVs%FP>R%qEGn^*D%-uU#li@|jM*Su9kN zzaApZ=RI!_^{ZJlH^EOF)%_FjcVrT6wpXd06`r0gjYh2%_=aYzW>-$&QVLs^q2eZTnB;(3R@B@cUp!S*Lvy%?2eQTUM8xMeN( zQS=|1BPzVJa`%n^9wK6H*B}Aj}Onhu^?E<1EiPI zuUc3SV}B@%i;1R`O+HCZV0G+&dz`to5^^x| zQjeJDFUJ0Dhu^2~W*F=34e|$;+vk4qi#)tS>@8>E0TbxidS1jxlx1CoA861a@#3qx zMk8;WkD%ooP8KUaim0cI%9Jp&6@yGX=QqlJG|=UrIhuLuDF2SVY(EB#k~c@c&u0E8 zS-aSMVAbmF?FF3}OVt)p)3z467l$oJuLRt!zv_kEo`UuW&=Qk7K|gj1H2=UeoqeX1 zIQz)>*g*}N-9R^Kk3A0%Mj{}gD5kJe0#)iUULt)YND;R|l}jKMA^Dn0IvU891v5sc z9)8)|k{k_{D?C5%pcKw*G++(yp6CdA=;{)W>qmlAGi%77qiZEu?3b5ZwhUc<0`aqr zdY0=lNAtTF?#q8&ERIt7q!(dCaO_66Pp4HAF3b`j&@u(dH9Oi)L^|a7Rk$J`m<&J- z%PuiJsxf{3k<7+FgL{rV({NJa`j_VrHnC-L8bt%4K;}Y^DDFbiZb9*=hjebeWC;+^ z7r7k;&4nZH%)QG!Bg11&gSS43@ZcYpTThFsWqQ6qF-4ZX}4 z*(#1>3Nw6Hl|KI|&oIrdIVYQC0(zTio68f}xIaL;gpx%q(1a#o$aEqu`Zp??ba#!o z%USYaVvIx8>-H~wCukF1(a~IHm>P#a%nKg>pmgrk)Va z?(erc9AG(GY8t*CT~rQ>wNlH?T-WItr~ffJr$oo3i=`F0YJdKG-*Vi53i3I9IN&~6 z^8*FGn#Bt*SxXu;@?ydxV$&A8yo2+x{Uk>W9n7;F#`RO~SH0h@%W>XzO?B9)YTo^N zHYzdwj?1N|=sT`G<`6~f+X&CTci*Hh*x?QI>>h7JyCp4XE1gE23=Hu68glJWTr${sijBMi!buxbRH^_3it_h_aq9=B=Ji^wU4K^IeHF5u_=w15rFY zJb+1AT3BoWs71i*@NPneyzTB}2(%7?CR+!G1vwH@(uaTHqTq`fo>HEHFBfS8EsD%T zvBYoQ=N17>%>#7IK7J9v{yCt+Z+5@Ond=7rt?CEOCQPK)K(oWDQ)vQ#2GFDeBorCK zemoE%z?^qPI&PQI$!J1>w4#bCZSCjS82Oub$ldI9b#+6@Y})uVJWbS`oNgfF01mn#t}OTzSkSEg?dmeqJoztx{X%xNp}WOR=F8v3@>Ms+4gq_o%} z^mGPv<+Q!znqSFEOXQNE->{1qQ7NbY7ini1Rb}@@`$I@~NehBB(%mT_b?EL65d>)v zL6DXZq`SMjOG>00q`SNC=KYWR^?tbyzsNWq&Us=#Yp*%yZ*4&NbN?2iJe;17dZFUO zm1K>rCRl0PX}q523t!eIwnm{7ysO&MlI=K~zDs?q#=!Epq_H$cB!kGX_Y$%q$O=m_ zmCljPxU0GOs;GF7&I<;JL63`nrn<&+8YADmP)DP$gynoOvb3(o=HqI-Ci1iw)ivPK zRlI_P03mzVagxijg!$Mw6%ug||30Q0Zb)o`zf0GZ@c_?_iefF>M*^?=7+ulJEXqFNg-yRbDa4DuS8bU zyV(!KcB5t}BN?8{B?N^N%x_jOALnCNjXsc@Sf3Y#Yat_RMLT}e9r$jUMO^)2?=q+p zHkI|a2}f;wnK0al@=HrG z5d4AC<I@iFVWc+P(n*n1>Gy-8pOw)fyevt;Z8R;w^mn2 zDdI1ueT9~dt!)jzfjyRKan2LqnSg-PJ&0$sFflPPGR9ET)6#DBk~lE2uoyNv7f>K= zjlX|{O{c@6);m%)LF6MyxQG?W*5FRo6N?h382FXpC$Qqc`?MWJ;a_ZY5HHmG51B#m z-40(!2G&TX6`@=Y7J=hF8WE$08X932oaX$K;8I3|ycV$|lL_5*D{p=ZA3<^IYiBjI z%z$D3#9W`i4G31$anjjdp0CE$R#VKQbID@NOrxd!U}=X5x61c&5EZ%v1+uc&eW^fqx)P-WmC6m`1i)@(Bt_t60j^c z--%{Ir%&C}>B^Ijxepk^?L=Pd%?@g9;5tN)mUU`c1oEUtRy79j5;G0Ycp{=}MJnk57eO16zAbZo z@x-a8ZACmjf8DjDEZNz&kV&Hvp%z-zcD1XdR=KU6y#+lNr~gc|Bt1RxzCxQA8@mdP zU#KilI^Alr{PmO*!k>ZVNt~D&yH^ zy;T)U#D+2%ki4D>JXqNdM8+3AWmW?4RD}_?is{J6yH`#AvfMO(I`7?^&nj$5D?_-J zM;2UKMZDGS;&oRKiOsq83R?QU&4fx*7t?9Q$Yq9EmL99|$eG?HN}sbfA2+$7rPB@b z>`d_#MNG*&`MhrM&5K*6A`a!gtBaNVKxQIaU6aMh5AH8HQ&Uq32?-sY#7UcQ48UxW zpcp8puOdhv~%Nd%&ST}6KWZ=0G3 zVlFwn9-vDl4qF`1$VF!}H@p-|&dfI?#~f5#KWrPj9C1i`JT@4P6~JwVahYN$8<$_? znBy8AHz+X*md8nHRcY1RevGXc^Vu5hwo3ZV)Y2qn|?tx%I%IZ zsTpEea(1b*=CDc`}2rDV5cV<+OA&-&|ho{6=~EHWUe)>rby5SF+aR3%C)=pkM?D zwD)U(X=JI>d&rEV%{?PeLYDfB4$fippW*p`X$_rla%a#ZuW>W(^u608n13~8du_|a zZcit%1`Yg)UuTR$w3YgCxOeFk!s%_!6sE}Yb9CVbYY{&Xne@M36E--!IYnGfp(=hj zJNJkfOVinu1|MmklY_}0BC4V@*S2PrJxUe1V`{h3Nr{CN56fICHtxJH7=mRZqD@5% zfCL~&9nCZdIR;AAb0&UL({K{!RSj9^%5kxF6%Zq*LH%u8)>3<6>upMfNj$edyL7ld zYbC_j$tv&U#NNdUTGlMu||6{l2`pZH6KKcJ#T%753beq%I73E564@w~ab z&J!snyUD9e>YXucqIzr{{oKC2p=9$^)sKmit93qst_b;iLML<>J4f)sU+mqM1)J?v zQ0r|6W3Y`h%GK@xvJRvtJ1=HUyDAj{@@Z&qyx^(;U6`w1=HcM|RgvK&Ph^PAmE!I6 zp-eeZ0kuHZnwqeM?90>~e(F!7b!CoER=V~v_x*L@X=RsML+5`>1O2&mMxYR*iHy3J z+$~M{*sQ<8CboPPni?Z_&hRDYu|DJbv- z)5H|m+lPM3%+D7Bar*qh4UfH&I*{W5*=YobpXfh8wJ-qd14v4H&fC{X!6}sl6G(r@ zf29*{1Jc@aZMN``AJno?$2>YYQ0sbm-S3=~hl|l_A&=2`ac{Qh^`%q+$7^rNyIxMj;_x zuQv&^72HBlu%YHw*~2yrf#360kal?0^k~A;R7T&#q+P{VD@#ft5fT$AIp&GUD8C_M zWH@G8)uNWs>dUms3>GOKK-tvJmU_*KU?>A+g?!-tnGuz_`u%$r0;D~;rd1$MQ{+?D zSpu>mv=a|DRce&=$0p7{qHcD&TYhSjNJG9i%kXf0lvGMkq)ahf`{ax$Xb@e%>*x@+ z?U|S(nX~b2-a;vxlHye(Ep;^`tL_RJDBC-#I5C~o@=aG`B0PJ8F<9*mY~(X06KjP? zaY+?y*wh@(pm$o`(P3SebSQM488mjW0j6db(eORxJUtMW=F9*x~ab6h{JyR z*n%lXKKVyaEwXzf6)FMzz~T#dVM;0dHRArC7m0A_dw9SkLK0N#XegY3(1GSn)% zx&Slntd}l%D)vdeW^D@T*r9b)pI60F_zN# zImX-apO_UWvr2PlA#0m~S0CrDAn&ub)icZ5v{u~jKJj$dYl$icU2?bZvkBLB=D$b` zq9RC@x=+w(H_j*EIWse_xe%NhG`BJfY2d(f8Bq9e5}XW276dWz=3_1qN_qfW3>8tR znvG52@{x$gc|OfMU=h{Q(D)1z_PIGZH8n27NM9*JGH2}~K4@ra($df*%G0Q;=P9N6 zfXyekSy&3;<^n(y19*6VK>;AXQn%j70$_m=I2?1`>Yre$3rRER3W0(RK!u=F790lX9u#I403Z(Q5J;1N&@rLSJXuS5tO)`J*@?x%jjfWN9rLN6c= z%_o6{g_(4Jz;zCy5+xSxEZH@AvI_F7XdsHdySG=fJ>*VaGzrPe$w4RMufDL&e;ao1 z{9)KOVVhLH>n-~9Iam0h`TDk@p9vKfQUF+_fZtyAJ(ihvEqZ*q02Nx7ARt>P37!Ph z%8ol%m&gD|6iMimVQYl(FThY>zzNnXULBvxwjV$Q-r&;a(}9h_cuzrc z5W!o>lpNHTLIQ$)IJr>c13aED4vJqZ^H(yoaKcO}B>2uU#MCWQfwWqlKQt^>i61mw z7}2__i$b!`@`ekE&Q4E(0sxd)VAiirb+lBaPP81d;{3cjvGc4J&mWZ7(gTPf`0VfB z>vC(#$jdih&e?+Sd^t$+NA`gr(T>6+eTa!RHyfKHV0?gW*mX_yCr~ZGgUji$+Odo_ z&=>^;1)!+_77jFob4v_yoBU_({s5eZoLmU^yZ^oPm?TSo=mcD_>+5EgmTTh#hQao~ zKywDX%?gif(+?_QNq6v%&N5>4IDE*9M9peVQK(dby#ha62)q;gx&@V31VrPHyQuCL zsdj7#h!x|tcaCUFJ!;AdL{ov!B6_XfC9ofN?o4hsmkTefuOe7owVd#qFp{)E#?=JI zxC2w~j!`NjMr`;+w)$?NXkOY6nl^16mtkV?e<|(*J1R37oc572twQWA+dS2YCVpKs zutJ7mZ5&*1aQ^+8!w7(AeYt$I|Mtser3L!)A@k{?2+U3RJQ1)qq>QF~;CpE5`!Kh* zHM(?8@xLSb#P^-_f8YLZFBYHpe_u8uoYE=a`FO*NlSr&1{qKd`fxoezKLr+&JzCU% zUxor}j_~!n=VL5NQOzb9@!#PVwKAQ9TJnowQOl}KZr0W#Q35VQYUE`(?ep7tO52^H zD4=h5W9p+Z*w${ZCLh?$5|i3MIuIv<4=V~o!cN+W<|p#Um2KHD(ya6&vCBn!o@(Pu ztnU&G;xy_<@HI&8)=`d>pG0(#K;% zT^f-bxV&2WuX$(sF}KZE{3X*hCB_vpdj|1!Ba-}0wZSh~d>@z^&s^+n)lp;HskC(9 zeiz$Q@`thyi#rE#bML8)^*VJQUA=ty@@S?atD*vXZF4fF<|R_b?d>fn1_9U6(#-4} zz|B}#lyn_~o)69embwOD?}}M1!9#y;e0nv8kk9@bmd@lXmnpeYOW#ur77J2MuLSc0 z@{vT>IoSF=pA#@G0WSb4zcZ3)vAeLz6DF-QfP#RY41li+e%{vtL3EI}n@^AjZy!(v zjQX&mv=#*LoSAcmfv+>am?$FH(&g&+L@SEIu|k}OECe`DO~$w}Lo(^WZWqL|07n7_ z5|W7}p4VqmEe3uZf+JOtpKk>qZ_g|BJ zFDo-_aLS=E`QM4Y=eF`U3Lo5fW+^`Sh+J@_xXnER>l)}n0Hczy@Z%Wa^?V<$#)40e zbtV}?BYp7%Vk|GN{q(qq_qsI_d+DjH-}eDly5RwxYgOU#z#n6TD$zq>2@bv(y8m5B zBs!kaNZ-Uk7t5#Z>FXdMvVO3#qGMo)rruedn_5B&-i<=2c>D1Lx5I+KonJxtI#MAV z)czVudHsmX%M;EpTTys|p7E~7h<&}oK=E*}aaBiU{(RjQ9_~IK@pkDbk_^vGPlbg$ zFqS}IkU@Bk;;=AeKmYkJ=eH!+@4wxAQ_8a#Dx3J7vc=RUR8Jcg#LQjQ&EBb-8J1A= z-50#2uw82^qIyRn=|wJU1S7`m7%EWoTA=W?r%eE{@7?>3=S6mzu4I?2gYXsa$A3WC ztY9P7j?3cW!jl?xK67xEf@bo)=2Up6Pp?DX58M*tS<0^Q)jKyKdCw+OCvy5(VRboy#3=wsnofoW8B-=>xO&QAKu@h;SdY zH9g=BnnNUrvL=1A#DYw`SQprw+-F8jV3My<@_8t{_Pm{SK`T5N#AJ4|XGA9ocNSHK zK*!5un{%sV`;yPcBZ4pU$Zx(-R;-tO6kax`q{Ep7w69<0b?= zbwh0f5MMT?>gmLrZy{LhCUp)7Jr&FvlHA-bh576>%A)FHj+9l9BqX6SJq zk5VNp8xXmF%-Hk0nOt5-5T>607*V$tN(auMBC$~<&lpE22w!aaI9V^|@x0mMZ$NDl zd0sGil|XCHD2$PT0g!9|Nz#{P(gA{D<6dc%789iX>>e=hS^@G#l){KR=@|kG{7wk4 zFsWN$lhOztdf;mM*$y~jiyz_#0gc)TIy7%c8z32mb<8Qp%7#os4B7RUt5L#HPlw10 z{`_Em!36u|Oa9cg8CfXoS7HLTkxWiT+ezq~52Gw}XyWu5G#%X#QORC>^8VaBdk-6j znsf*&UiQ3Jo*x3FEnUO?OP?_X?8~RQavBil1(h_JqpJdlicKD9lb?!>9Q@MaVg{bSJD%W zUq~IY?LGJ}FZd3Xax@Du>DYS(C0sr_c@RuqZ#=w(fke1xAKnK@`h zv2mYOYbtN!7Mi*$nE9r-J&86Y8b2atx4aU(w`G+nz z(nvJB(vZEhj91H(_p5Ss0&eVrYHRWO2C^{V3v9s~eDW0(5PZ9f;9lP5tu1@pSNVfh ze4zfhR)`+=aFWF90Sl>=ZkSa$)BMB)CxFmEwr8uhK$mLga}%)3lDvAA79U>+l8m4q z1qeRXhHXBe#R!)DU~(C#8Z{1Z9^P&^N%kC1zCH2})hn=&*7&F|(^3@aa$DbxQ+M1M za{Kd*pBV{mM83}p5v~cgg0{unyy>6cK0IbtnhLTE@V?IP^FD3ywl_TuS7I*7V!QU2 z8QKafroB*Or}Q=?6RK^l{`~%v#v_096NxNZI}1#-BFB zpXo##zL8I@H(Z9xaW-JB(wr_LjEjeNB}ZPI8M)luzAg_~)?Yr}O$_8j9iN~^|IOje zPC09w?n{Th$W_L_*qJ*!LuK9(B;Duw(TT?!s*W|H9e&PMN1bmI^X1j6RX4jIU71;} zGdtdHQMR{S!I9{nhn9A{&7$^FY;j+at@ExuV4F3!3Z4&DHWqpStm*>ghLS&NB&H+N z!j|t=5Q2Ko+10J@!b`W)f$Mos?X9DW2bTt29JM09OuK7rV2ni)D3P9pVZ((xX$Y-#hm6DV!jj>?!K8`aeNXYtp7Z9qN&le+{BGc#p*PX zslPP$qw-&CSSRPhs`q1(1=$wiZWl>379^jSn+w+zg3t495_ysNXffJp{N+zqJe|C7 z1xY0FXns@gwdMFp1@ffpb>*!Pi4K7+wMT2&1H@@sC=yoSYT|E&#oov`7v>UaJNW`H#t%hq_s{P4OxU1w)7NE|Km4RDQW2Lv@vRe(+*gi^s(Y9@ zNY

s}(@L1ZRokV94cJrF;(?Orj1D9if0|`OsY-i^r=+wz^YPQE0nfO;2Jnee5Cn z#dbqO+%bw!L7xrz>dM0{8_mC$JApy1B0-_&0d`A(IPP=&PYht{gC#$-JzSDFG(+#^ z9B7MmYHUEVUO_=Ya70s6)6iv7J%&bM3`Ow4=Ls}A+U^boQnw^BlmQCTG*V~^P!Fvb z%!$&*r?RPK^9eHq7UCR^D+|cS+K4 zivA&BdJR`XfWTAG^9n`zevs5#b`}axXZ`tVarkr?=4q}H9Q*I$6~WO+esOkw5JD8l zm&`A@U&N0kthaBD7H|>yQ^_~8vBUZ~T0LAk_YaovgZwR0!Ra$kxFu;!ur8cMPnX+G zfjdyba2!Lb++SGqwnI~}FAMq2kZb)t*IBa6O&Xr4Oc1BoI@*AUOr+31N}82vK7D!= z)PD>J5z-J*RZ&$6hU=y-u{tFmW3`2HQn>Jc88DYkh%@FZdH!UXUk{kLTYHMrQ8Ps3$)AnGVyGS!J3^%;p4qQ*A=O^w6e_??eBs{-Tf;j*=2IaA< z7u2OMdH11ab-6T5iJfC$XE#`sLQf5BhC!5M_v-Gs7Y4{UVSwcf@*UtT+Jc^iF#z=f z#QDf-Pv|p>-ZItQ;$n9apcyKbj}X7`0W1i3Z~@5~sF%K=$?7G%{EYF2LPu|O&<62t1-{>1FZfNW|2LC*?#`ln@kVx$A z z@$)Fvd96H6Tkt`mUg@M-jQbA8Mq zd{QcGs)}#nKwOTplsffz@7oqe?;~73)lwyoEzhg!8gyf15zh9wj3vpW?agbdK|MawfISzMb^C3~+z50a5KuM9Jnh!A3Sy))w z&i)7hjEgvQ0>B4B2I0M&+?+a3&~qaTbY7-kb4`O-4gijUoItj@L|kkvnE3#-wrJyD zpmmBy!d+ZkERQN!Lt{`@2R4-8V$jys#*;E=d_>(J7vm?K- zkWLN+#6S&HKsNw-apu~a?mmCh#Q^mA7nm|KxUmZ=ByiDHfdmvf33q$X=O0FpIO$x~ zBxibt?;(Yj^m%^4i!tKqCZrDyq$y@eS>%>&lA%|_<4CM=>hhH7f9dzI%JZgTdsAb? zk+48{@Khm~A5QTCM)7!#f6q5bswmNE+I%?IfWDM?O z>RU_?Ex9qBZ+ti^x08rV*&xD;s~{b3mF)SI7o`EG_ezaie_O|!nwM8s#6@15lkr=I za*U?OqX18z=-E6Qn~oP zImN|8M^~2S=GIQ@tKyVcW;Kr!8m0&sZwQGTwCEjhV8Z4o!j-i;`QzA6VxI(Iu`1$` zzVp%*N=Lv#w0ru5qM`2u&^fT&SKH&s57fIDD`2vbd3lN$Eb z@nD7I6=CD|G4S9^$aE4(2SzrmDrH(mMTjYq-0ck0cU7V@1ZuV5MJX*I!i5&|7j{x{ zNhQAcT5OW`WyBI&E>+ATmAyAWpGlAmYx0NNsnJ1W&)b#ycjS|!yp1s@dnSu7n_5zF z<55Fwtg~V_{;h^POUSr`V)Fs!DGztNH~ILzH66oe{(33bY<%hy2H^q`#lF(K6}5gT z3aq#M7Z(?xu?f^4fbS)#n6(4fH~`mQdbHTv&d(m-c!7B%py{oXxeX?P$i07GL;uW} z2P}1B5g#vb&KPyo4Gl-myzEdu>ggpj4GO1~Nny+0WnX;d;#5eIr}-{R0R7L@4$L{= zxtYpgsYs0zWv+ephcdt|bviMEE~L|O;f)UW$cJ=Ln)jY6>!-VGd_u%`kZh@FCncB! z&#+e90aHsC(4d%M(Vymuik~=3H0KIqn$saqY#Gn9FXbb?oiDsCI#Vz`Q(*6{48fcX z6@$L`0_W2CE-5LqA4^cekrTf~F*oJ?r}8GoE*R+K0t2P2knWZ;G3AdFKYp=2`$D7Z z3{K}}S>hxIdDhWU(J`gy1EY5?oEn}v`jgna8ORLHD&FPhN|O5Vu-eC7`MaaU4M);!!yXl&1jmw5p=45O9cKH}gGq({>Me8I+EIttJ{U}e8)xcPp zq9@ti!!;bARM%IxD|0*|k)n@#v$IFCb#UVCWci*M7P6z!OZMYx5@l{)3^FOK9XdgJ zCbJqWu!cL)QUg2kn(7^cE$9`4q?NUeP38PS1s8=!ivd=^Wx_dVLN0lo4TIH5KAD$| zkBLfHx%r)IBej6rFa^<)csS z7{bo%(ZY_#rmGMWgrbNr)W&&NMU50^a=W;|1S!Nu(q_rbnqfPpP3YfIRQGhy`n0cI zHpFmr6bZtIak(ov4r==?&3Xs=ayvnC;Y|YSz-T-)NH7h}V()%_nB7~AV??eR^`(O*Rf)0m31uqJ2lfN)H-eIwxg8Say&!(OiG%5-bl5!e{V znZiS4dnpR%)TuYt_c)xi16x039$vg6wu1K_I}h6H#;oODob0<46-g>K;oB5O8~RJj zR}VG?*#F378)uuE-%Mi5XA#iGN(OKpYD1Pi={a~%J=h?>5g4u^`SkSl~Sjfu9>sL?L zeIPNq1cYXwk3rlH8@3*=`$QCzxJ$r*l9HVmu!8q&RFmX$5!*k3UReLY003ddOc|<= z<3d0T6((a*>Q}w?U^gEb3C>3ZKPa;fBNiJrxqZlAwYY~5*e}=pMeNT zN{8xwVqY_mgT-b#Xr#PBNA~h&J6O>|4BY;Zkm|n9!Z3UYwprfHYtn z=0H!xp!(W4S`Ev~B7N6G+t+UpVS_CYARf8L0w#zepCNQu6t&syu-OrnE#D7AMxyYn!@`t4>^nxTn;2@#69Df{f!Hg^CAucd6c zoXAdBRO7phh4f^*ec=()kB1SIMUSC_ix|_N%{MWROt=P=N)VSXsIR{UgLIC-JS6T` z;1&bqv_-Hyfe7QYG?)z427Uy_IAj2le2I3^kRy0{R1kx~3Pxe`+3VM^R+DN|>+9

sWGEbYPF>S2zk%;Hcr6_w~N$IU3`y&nQXkc zrt6{gVP|yzWlK%a#uPaLB>!9vKYWb7fs#=7+_}`BB+gVTCC2gAUD}29(Ca*QFXG6C zeEEV_PovJcZegs&+%omv?XYNGMQQmaVrfdiLwDqJ;a4-Cj_&I5zC42z){EV$T1w&= zOX3*Uz_NzvQaQJSLT+0FNs4=iXfWWe%5nq@h0;({<4sY7fSL&0U4~9hPE9(s-e8C0 zdp8f@?}InAVpuTj z<1lVMmEJ8!w>K5-Qr41hvR36emIvdjjb6HwT|l#hxY6IlfX zeUPyQG5s=wmbtmo7&{P#2Y<&0r*5U*xN&e%iF5B%ZQ&k>rqL zFboh3$3n)XsjkF$o<#`At)S8^T5Jb|h~UiYzY>_%!g-fUMFY=sD{D2&3=lC$fiBhd zWsHj1=GkWp40@M_weS#Wj0=Tv*9eCL=ihEr<5cg{jH#@D!NX>>fES%is49U8UuWR! zN+SW`tL3;86`0}e?WgIT0h1v!(**2&p=sW9cmTK%4-VodFi-&)4tqjh`huxakRPBC z0`efW{g|5ohDjMV;FS`A$)-VI zI}L0C4)$E0e>y-T2H?*zYisadij(}t4#@t(TN`sm8GhdnP8N8$Tl&XgZN{({2? zTmhed+A4t43L4n);}!ruii3*_&Q3~dYAeXE*3FXzOX^flO?y;Me$ zl5c4cTFu;H+zw-9;HU>f3VV&ul z?=3N;ygp$-aQuIN4D1n|Bj|R9LxLOAXj8@diIRVDJ6wk>1I9s6=}JMtGk^H%?tgC5f2%1a^{sC$_$L*xwDt7l zm*uWDcU;?i0cU14 z^@?|Y#o;#k(8F|IXA+j{*pjIP-V6o;c`?ctd-Gn>)y}l)?Hh3Ff%OK&tD4LQ2_pL> zplWKNl3+$4%ootC26E`u*4F&NWi4yW^OYrn-t(6e@?v<^KajPj_91d9?k^fEfBMa) zf;8emzxz0v3Cs?}TAJYt@0Yl6PcZX=58MF2_zA`miI0QPba}SekaRi}Q$0=1 zIxrUputPy;<~1078Rm%tF87RZF(jCDTwGdMl)1HOE|6Lv&P`Z26s3Li|MjxXd`=qd zz$!t05UAqcGr`ena0Pq=&Tuw><*>K0A?C7C19Fb+zrg2@8?cOK|1Sd=N&&EvQL{9b zdgosKh4^>lU!eUCX2To;F*qbsPlXB~AfAsYamfKtiNWLF0oaTxq&T<0*dM_C0Lu}c zlnb!GsAyfciT>0S-X*A9t9K^R-TC=`@0%TM{D(Va9(B*GPO6_=vNtDsUw3H9O_j9x zwh2h!*!!TMvitl%|N2_SUu!MC>CGu~@AI$wYg1kOJjM%5(@uK^Tvh9CaPQi4R+rP_ zWPZQn$sG{8n)sciSo*<=H2fS*9B&|U3r9g-MkSQtb!xddRr&T#r&>y|?NUv%EQ14< zKYN@y8X+ADe(ttPNuHpSKp|D-*Cy&?n%0~AO6eV~7{ciCY!mxzr9|OLr$EGus)MEe z_ckI)zdYV$94s7NRgo?AGcM5cH>#pM&HY4XHtS0g;r42-aGZV6*4!ZSJ)OdSUcFTQ zf+w>2Bsk3mu-GOzTsgNMDCw}%M=J)a~z=lN+* zAwOQ7-8x5jW=Ga~L`BH~Yk{{)lIqFw z;$K!%7jMPNKgQWGaFF|l!T^o|>_F*u6|@UnOcj06$Htj>8}s;upK*J<{^h3Dl2v$% zkL-KT&=B7sjh|G0qDJ7WR5GQNN~x*;q?SGV{Oo=0ChR)|j?_M`kvE(Qi2fbGCU>0CB+zp9hIjU0n)_2cH3E zBM2ye`oYP~4P1)AdvotJuZ9M8%ido@Am>a!_snXpWwf)L%N4)V{X!@w**@%VR(}U4 zDj_p#NUP=6$d-NmIwUo#@y#hc0kB%+Q|6Z=fi7)?A_nCCtBxKOwe~h1M^hm+1(gvt zUiLP-Jrktff51SKy6ca$Z_V`ey8nj^3Rzl)>$_+O?2I8T)55`E$d*UWHUv=j_6Eg` ziK+-2b9XBb>?X(=m4LZqli*a+%;`|F zWV^(l;oc81JOgBEainO@@~enuyI(UKOBhV5fNm`aq1OE+3rD&a@r~ydX5=tWKf?#K zg3m%d$=11bJNYE2%nxJdX?ADd2k0ABJ7(HdEcakPRzn4qnPrgVN!9n_XH`dh@(q|A zk=bFX-lGq*Z4*`((Ntz|X6Ij9WpP>t)lsNx{>oHkU4r5}-k7~;w@y#$MDZ*PHFqdc z-X*|?w@7Ui>^qLZAbei2?!|#`;diB;x_VBHPb5ZRVF(u3$qWn)k+K@KgRz)dbRl2^ zJDwLgYbT9FAM&5W{uG4SfI%0XHXBU}`jtWtkMA}8^(zwMw1?7C&q{;X399fh`4-S6dHiVaKmMmdP{jxKY6O{n7UME#?BDQH zp__@>LUl!OB3tOy9l#d~d75~Hd`oB>4`stsm$q44b@?`BK+o?W>FzG|5G0ja8tmng z@*}1=>7gkWjijkn(0M+2R}wcRzMW?R6z_Pv+&MHSMphicjQQ!yRFw)j6{lvd)emE$;jfSyQ{dq|E>-B zz9_o)%i`dNNvP$5-^$ax(j!_r#F%tdwA$H4o)d4c>eMm;M=qRK8q^a3&{xmYuQ zV%0se#hMQW88rQW;q^^lzljs)Z@e)^dGF?6zrG?>8Ytbr^Y3y>I<-acFqkp|Kj>@d z)h!i{uoi7|Q|n6OVH_uF)w$8Xlbjl4QuDfU7cp%WR^QA$1!c9XDHPX{qNuKr;eo@F z@aE6vo&NE&E|zNQU@cmO0#cQM0R{wE?$gsn%N%yp?P)o=xIju2_$O!VxFH`K^g#U> zF8O-Y5Gpt_&Iw{w>>M0fiVqrDwY8U^K8~h#B%KCx8M3oON%z{Et5Zp#cs+X;y%ARS z{{RZ@Gr)lvg#nXU@2_0zw2?e|%;%Ohkg_!my_O!c4yVy3>|Cc^^4p<4jDyVlah&$@!YeFF1XCI847LTvDI) z_jdCaJj4ox5k&pc8Y)g&ko&LBE9?utFPysfNQCOAEyi|o{BF;Xi#*Tkh!9y!!GL`F zd}D={`sIG;cfIHBOk(H2+VWIuQ?BrMuP|HpXtIk~);4~^8Il)gU~J7sM+AN2;|>C( zd}oJ~v8s|<`DJVk8Akm#l)4}LMh{=bsn&z(WTY4|UR>$I7x^8==Z;t9@d}yY*VRj^ zY60Jv-}h5c#C+G~+{+i!MiBCc{L_kYKAN5k7c)P3#qRlLZ}aFvq&0i$D28*or_$f= zZcEcrpkV{k+$C%cc&6?;U0rrGE_aOoD4r|`o!OM`o84}q%UYx+R?T0nM>l?@_PH!6 z(EfbsKddmqQg-%DeHgCNsLXdPGjXZlcJ|65TQ}kEQT5@vuEtv9^0t&_m5LJUEjHmA zfV_R0L&wWfO%Z(0KgU) zh%lU`1brTH2pA);9*=_%$=%X_ZpgT}Ts${!}1bpt@(uBRq-PfbQ4z-Fuc^(%; z!n}kH?W94!4KV0;d>T7#%83DkDMOI>;e$4it(m8>FcxO`XrPg$Pc4TLn1OmHKJK(rhQzsb_gf& z^sKW>Dl+77+dieCVkab`S2lhYro9__qEXAXut4;NsfcX+qD&uunJohD%Uk4yfTh|u zi1&K~T^RE`J<$`0(N$LlUCef0O|q4?Nl@~Uj!xGNLWmX{IPEsXJiN4Hk228bJrE=D?8ZrM z`ZcwoSxH(@1OEla3_r+xa!57w>IN?JbaN6}`!fLq+?&f@ zg7@xG?>t#w9-J{UcsWa`H2#G7a11~H7axv8l9*XqF_z|>NywXDi!yEe~H$;(G< zl4vLH(T`B)o}R8yG)u0G)3*#*79T$%QSXP-S!)o(IV(+Bt1?0I3E|!m&BVA4mFBS@ z?2~JDlc`;wy@w6&A%Xfbq3&qKlBl`}axY6RC*Iy-Ua0z7L0%Y+_AE426*NO}@E16w zu67jY=RQpO+>G|rlrfcYoJ@fB`T4$f*%F`M-A6Ac=QEbUJp*l>qVZASoA&_*?Cd-m}ie>uBQTB?t*4 zWLpK3O#x;RD0-3+)!9-NXb>ynvoP;fbM4RkDIg4b;?bgGfBc3G`AY_r^KK;|CEaLf zl&-e$g{>`u5vljfQDry;2pX>iZdzlzDC!ZM1Wdk`3LAI=C}L|@OuoKWlgjKt;f@Oe zZXf%A7xlUETz!9R$niF+XWlW*B_c9>u%36X+;Ov7F<4e7Q>ef}hm;O*NYA_Mmtt=c z+%?ji?&MkY&!U3UW2cP#96+M_^;7-U((- z{HiQ-W0E)BP6_A-jv zdZqIlgcZ2dvnp!t2$>C<>nkc8K?iFT35;GC0Gn`g?GNVf--b=aP$6Zc<$S^xe}?&R zK4V@LLX%4!eBN@tz?LmRPd>HQc2SE9w?|=oN8G(lAwijzPV7Eloc{3jmgB8oI$JSk z0N%45Rjk)j|LgcrwyriLEI+1_hG}KZfIczv_~~HL`y=jF3gYo{sfI(*PqV>j``Oc` z7u*O*ziD`3Far~R(fqTW6BuBf{@Ad@sh7ti@8Rq0(c)bCiN$w)lO`j@nLmDLA$vof zqorwqOPLNC`9&T~bZZz0oDplZQ*MY)Q3iJFx!FEnJ<&Q>u3-?eCYrW|WMsyoy>lspcZ3Jm* z+?l1$Y9P=HJtaNz_m7iV4TpSfrflV;65liqBc_<=6^dp12>GPTs7$N`qvdkES2K&1 z<)F)%nLmuS4CeLqV$u>^R;$jC2LIM5%gNtCVsPjSlKSMJr=)>Am$7d9^_*}&&_R6K z-{1e+w{INF|4KA$fr{nq)`GB!OwKfk!x;7RMjk_!|0B)M$u1#cuH#7Rrgl#7{&<(@Q^qHI^3JpKAy;F_x;|1D6bqdFJ@+Mb#b(@kn#IIA(EJW zVkxTKPEN|thM`40g~72-Hmt;GIXaB)br%|W?!I&vK`Zr*=bDuKj&E)q zDQ4B|{&4N+H7m;hKJvnW`toy9wm!(lu0}V$&FeHqlFp`z7mhT4$U^p&N%s7xN3f{H z>te%NxYWWMCwOM9)=2b@f$TQw<8Gbx$l0ijm$Q?*R~`H_@VG`)9scV~Ws(JF5H#?uf69l^hE zjfjv?OFj@ZyRhKPraeLX$h~eh#ynxIeqmvOg}1Ph^Z~PW{o#BfysTySDT#%T)?}yf-(l28RDAv3DiP?gwUc({2=yY$+@y*XA+ zw`Xx?C_NhmNv?c>Q8=fgeg!6sFT-S6Qd*&O+x!~HlGU9B%i0bC#~s~uPj|O5MFEc$ zX1vjf(X!#FIefQV-vXDtaoi8Ol+9a>Q~K`L$iDfG^4(jebSd#{MT%|v(x*Jo=Di7kx(R7B^EGkWji<%||D%_JV7Y;OFYFyAfgzCRw`Dk|cR ze9^I!FK=v8F3y$j%P=Dms0wxky9SSxyf{f|EgH?Pm8ND!Zr7HD1o^oW3O^FdWV~$Z zefm&TwaBp0WB3xX5XUqaO>JJitMQVPsqAfhhtcu>>FwJ8ncn~SPAa(+3Tean9*W84 z)I=hD%cZ2zqMI(RrOd3-!OW$|+&Lp6w4-&7vZ2(F$tAgtcH+2C91FR3vtcghwe!RG zPxyX*dHwL-`|*B#UXRb`vF-JGUI4dg#o*5b4Xu{X$#7EbmpomW4nULaU?B7T8&y(- zFe<|9xg6AHP_KRu4PW|Q^IYb9=<5bA0H`sOTF!b(AuBJW=BtD4BR`7U!qm5knbKIukl!U#iI z%+Mqke_VUc{QRlbHN(c)ma|CPUbg+9IEOD{Y?}St*F$L|UEATrnRL_eFjc!IG>H=x?=51;PsT0M_^X5JO@(2)DyJ+q&ulJJGm=rE z2UNw#XE0v%C4n% z8EE~^*^L8Yw{JM}qF1B~O}py?ynHhU{u)J{Z(THIG)7pfb{c#SN&YNQ_l<$}_FodK}Hi-WeI**^!nOH$J|($3{=_78|`fo9Z6(-l)7E+r1j2FCXz$f{K0T+=8LA z{lCapkL>DSLk$1m!Ew{ta>PtCrNL`*eSGEYA?3T@7t?+RdYV)vLn4~t@wnki1(G^{ zQ{QR4#eo9`yqkFZX7!~j;AMRFxtAT8Ob#{P$BAzK{P`I=;a>OXan%OUd2+7`p^sg- zM<}odRPk&Vt`MHqfgvM)$cZK#H7Bs^mzo{gqO8=_#qpV*ZdK%(FMs@uJWF%QJuEzw zAZMU@Uo|yZ^7sARNw*P2!wa;?ArqE@Bv^ZKSq+Mjx;DzbLn{8be~#6x=^Ve9Y?*yZ z;No!EX2)7Rbd+x$DSE~{-CPmA`ogxv+G!#&z-QM`qltPBO3)}{Jcq{T^mL5nMLK=u z8OHovQq`XHrd~U6d|F)HMeM7r-L{op()%5ReD{9ymknx9N4Xg;cK5A}{aB)+U2^Wa zKUOWwv4OPIDO3A;;e1sLn*?s zMsquYARrjNcui#^d$L}dn4L2%=l5c(=2B~xx&O)TNGW@=(AuuHCA$5kVwwp8;{xYA zLI(v0OTw&lCMPC#Ad&r`a*RvR1x`DtF+uy<4WFz`aB)cogyi%z=w{-wj{`-D%cTN& z-My;tCyP?#5e=FF77NJsd}&P$mW!t6kFAk9+7o z_>(8mMU|KLiWa7+VLT6#IpUy4cZvH@e}5>LXzPIL4YY2GfcnP`D(V(KaMz({<>t1X zwWPvaw7R+)hPr+svp-|8QaNU+U2I<;uv%c=0(R}++Kl-a&RCg3OHlr=P6foPS1Z8L zsk!-R1Aai9Ed{E#)Cq35 z_RcnaCuIWs-tTm_E;@DS6N&QrgGeMw%0_VqKL7($AYjjA&;c&-0z+M1xIs{z4_yI% z|J-%6eVTl&_rC@7`EddU%4T4E`e|aKB}?}e#|QVcX9`BhgB=}@T5yHj6M4Q14R1!b zi1}m3cw?=jH{uY83r0OJ_*SfWwEAUur2@G<`~SU&xQB{R-+m79emAoMg?y_rpO)Ny z#ZfQ)O!0+yd*v1Y-DMr~j#7zyeaKRFFW1nt_g` zIsTE6r~Krz`5QCHir!7zgB~I)&FT*3Ib7kQ@=qd zr<1Ao7gsLrBpr?Q+Ad~qWghcS%bFkyj~%p4domL@mVca%JM_5hPY9H6A{m7n>k)|A zo;VsA0vL0LZ$~EX&!&C(gmE;*J+-;Y%=Rh_!;#$gkvYu(`(ZN{9 zE4Mbh#T0DbFt<)OVdQvpkV6_RHuj>?{k|mZacQ=fK%^)bCMPK^vzWO;eSRF$;K@CC&4CkI%Wxo!35`z!?VZQ3Sbzt)MGO zZ|(+rNW}2k2AXG*y)Lgba9a!8>`f`Va{`o36k@i+;%)99XnAX*DXqc7B5zyI7J)0P`tPY5AH6--KAJ5Zo##?#ogWA{p|LAzkBbm z`|pf%GDbs_?AU&uwbop7&Xr(!S#dOE0%RB%7&J)<5eN(n>>>=zD=I`-;2yQsEPLS3 zD+h?U5KP%0qCMaSys4m!APh`pB+8@yYv4ALt%SM*49wfkzyDtK+7uYUzyx(miU=yX z>KvuLb|n;lzM0A!az3g-9jUapLC2josVX)WpEloSLsHkYj#DQB716~lLOE;ih z?^~2D#Qyp5ZgNuT(|_*eMZmJZzx=8Letx`=d!$74BSZANmC~c_kdibu&Si}TZjvFc zryEqyNr3RtuBK`Ybe&2Ee{=Ji+07U5T zvjWJ-{tv#)>IpTKNwwS4{Z%ZDTsoguV_jWcWaLP9DBj(d|9tSF6&WxK3yb^BF)<-w zlg&!2e&=_m<3%o3*4Pn>e_#LiV`&a>F&fJf#io%pI*5wFp;M`#|IgF^tboCzwcbzn z+V!@ttaR$Emof$YGpRjE{+*4E?Gp;BGJUM3rS!D4r8*m38=DiU1jaNjhwaC^i-v{< zPp<#GO#g~Fc$OLI5$?d_=GbaHNAl))$>(k>q1I~QPb$}hC405Oe@-~|Pbo=JQBebf z^|=EKJiH*ScXS|-dX-Us7(VN)4tLsdM<5CUI*H{}k@847Z@0lGsh47b7cp`1puoVb zt*tZ37yjtDxIhPS^v4&sd*C&@7|0z#{UakUM|CUnH5N1X8lNqu4{ug{#4E$X!bp7{ zD^<&NyuH1PRZ0yW-n@Q|M#`s^JytP%5S^67Wjp{y!lpi4Y0Hpn#OhL-^q>FY9fhF% zI3dShW3`}Cs&XM|Ezn$Rvl1bExKI}<*XZ-@Eu(g$<7QuUg#h0kEhQEbpWx+hHo1Qr z_q|X87UC;Qxbsh6$8-8)X*TkC412rZOwCBw-d|v@oDQbt(Yzn-)#&333JUO9O>Xb*&$?>wV!3u4e{+cQQqtF(nLSyvlgc7Y-o;pEb{6=TBi_q33sp4$BNa zFEVTju`q#nDez~4;cu_tY{?GUEN3ftJ+3Pp#bjmw%vKsk2eOP7!Xdof+}gT2m_gsd zJQR;42`_2&dT88k{dRkM8%-ge&S?jGVD>uz37g$!IgHrO@f~mvxkphSu*u2I-+ytn z1EWb?v zGmI+BueqJ?FZT#JtQV_{Q5w4!7I;`$FHYAwIahLWC{?yce+sv_UkSnKeW*4aVWg!M za%qr4Vt;yi8ar=PCI#~A!;gwm(QLdOlTFRLBXerT5sST8#tG%q1((=QQudm1BN9zT zXg(i&ut6Y3MiPGSM?786cI%bX!n!v(IqKCWKg#Xw>{h%VtfZw;rF#3V7ivr0F1A}+ zTY)9Amqe289vno`cU@`q;&C~C+=%2~{fszd$wbs**c*Z2*CN}|*$D>=i;RMT`Jli> zNyg1hu*Yip=ka`yNr8XC0!R=iEjP;padee$+3p@MM%wPS2}wyw&Dz(yL&x5HgblsF z<*ZNzHjx?}EF2smyCtHO0PZ79&o_D^Sas$w4LE+(Kp|f*8kyt(7MKJ6$5XgJy!`y6 z@!u}*uMUC&0x~64S6=+?){N}PN2w)nEPISt)@(Dp@AoPVdq)kW;_3HBf5N$=vUPsZ z)7ZuEG);sG%v`!ZK|zYEyt}wL7gt#Df{#98G(Jl~ZH17D+tGt{*DB+Uj2`mX@RimS zBAL%N_Y-EnX78+CopMBDrHXlaJ_4blkLo$j00;Uy{|mHkW^K(#&PeH>Ylz(&D3%GM zh0vZZiPT{$Bn0bSWzgT>FO&Sa{a9_r>@%>Cey#N;L7AG-h}z$vWLV;&qLmS1uZRv3 zbiI9%^)CL#wa?R4qtih}MD;iApCk#`CE8864Hr8jz1(lng5G~J2pBW#%9}D5brgSK z(rrymPDXC>W9D*MPY-R_ULr>%dh9W%tQbbYV-)zNMf=@Q5Gre2^_=*X_h39jI02gwl>}aB z_mAnZu`!csd^B50Bnl=b^gLK&;KZR@8Ul4gA}loY0oWpjhKB0+c)Pz|!My7k`a7oLXI6u(NF#q$dp;p9&WF1T_*0t#)#th+S zGiJAQqtu$VHlN-I;_B+^HBun6rAUESB{zD)52lJ|fXsDsvJ&|*LOT&!qE?v&0F|1& zM40PKw2n55-K>fV+l~MvVs1x04&%jKc&~`}q?nj%^nG>!n2|t|MLTfV9=cl(WpcmV zZKn=|`FtKL$LEW`N)b>}5gi89FWr$LGR=+N$X*>Y)_GEFY&ZmiIR6wdQjY0R;wSf( zbh)DV7y$op61{cAG2EBA#U$GxJI z(^hdUhpJ)ZiT**=rs1T~&q*9j7gdoXIVXDhsI>o)kKx1i3v zfyO+IPl1UQgO8vG)4yh-XV1*7sL! zZa?!MgRQGhtwawZ@Rvz)EKgF}w=-Q!|M)aSl3NP5-(!Ej`CdTHFj5WWc_U`p!Y{&R zDvpVjA}1B9dX^5ar*!gEbk9JYUmq}$;5#q&=p5k;d zd*ye0I9ENFhUY2g=z2TBid$s6*&?FIWftP<@MP-XLEQr^IQW31o-F^+oQBK(3=m!{Vf-CbT? z)l*qj$uXKNPyk@1C!_{iZ&I42Ia&mi)DEFj#r%n%R#B8@S^yl-sIw*}B^?0+d3}*d z3liV*QfxlkoH~w-;Agjxw8!*F*>s5dxLkQR@=VX~n)F~u4TN%l?GA}@XgjB;;>_3eVq(eIgUS9tc-zS5JV+x(;jNvU z#WyUr3NBI~`aZYZa&k${)~AxahV-hfpgTHYXgR-FO1w?r4^J*grx+7-4yVQ>1XVNY zVp<@VHsvDn-thBjObmnvi=U)O%;3;&qndxvIdvnS$`R#{B{x;+sF4K^YqpCkuIx{X zsN)O$eJ1e&wg#0SGfl!ubJi4}oPK2HiWDln#b<$^IRk)}z)&mbhack3$CX^EgoELb zdIA^FD?CQ6ZxJxJXiaF*v9X;w@L>JV1T@l#-<&St=$LRr?L^o|VF?9Xzn53gh>)Sdy+Qr0&b(*$N*tfZnZ9K3%6Uz1^#UgydZIV ziq&;ST%c|GX0ru$ec|fWGx*2rLF75DS=;)?v&~-#9s_MDnNv7wJ{buYQxf4{4nhRi zb=K5%Bd33pRCtSN+;79=&g^?44v)HVF@o-Pm_pFfBHAggUUdk0~iBiHM1Hcqa+~*c6SB{m>tsPp@fbd%Ghm zQ@$+ds~v6%yOlvCJWz|5w81^$gfn?Egb7g3t0`6BY;334m`ft<8$rku20gA1gL~@N z-90_Oq~u0NMO9eNv9N2yU7-WO{M`3Vg#oH(^2PS>!)B~p;&g#hQM*4v+w=Vau&ibb z?l!<9z_LbR{le!}lmhE1nEpxi6#-hL$y^=)>;02I_s|q@fzB3wOZHb9g_dR7|1LSS=`r87q?`Ai4%mI} zMs(6hznV!rME6$A)w;`+0X8JmDDpWSTq6K}GyJDkh5P$(d321bj{=eGsYc=Xu+7((3TqL~B*$zF&{ z^;s1vP6(gk+J=XHp^u+3nsPgGHse}Dyb^AEVS5;dy?!Pu9 zgt7)IggP8JL3QLOBPO2-kw?>exh3n;*_D;-W$=k&pT zh6Z%SoX&^uhu*wi#g3xQ$;r#hl2x5)|4@O_!Rk?k_lacK1e0LPZs1l40KTYi;6wsM z9p7}kjAe_@eb9rmT+9L*Lq0x|;8mbEc|snRwj?fm7Qh`_GInPV9 zgR7t&O@96P#!uSAT>_Ck!noJ?2H4u2weQw!bn z@{bCR>-n*d*w*P}lWT##F4muMta!pPwa48=*1-+b0gzWRmU=Y#pk*BTml3okRxIR| zh3vb#
kX@rQBSlE~Pgh_v#U&3OiiJKY6?L;Y2}dj2v2+{Q%Ho0; zTpmHSmZ7Xx?dSQJ;gvi^>&nIp3O=b{PXe(BYs+8HI|wSMYo8DDSo z$CsA;;lxgE-xo*%qKVxDFI?Gzu755AU7u~YaPI3KvurAU-#mvcUEt(-#S{p z|HqN8mkZTnYrleK-M;{?aM$wf@ID zVmSS1*Bdpj2@DLZqoi_fBF^2iZwUJ@r5p{;HLtl>$qiU)1&9##|B}fd4AfE;4-W^h zmMGFcl5;;KBm_Bm7yKVmTn?YtOZXo_jPZYzAbySl*x9m)z4i5VfU~Qz-x>h0M44Kp z0g#w_BS`_?k(Qo*bMWtq!irVePQ}adFFk#QtF?T%ybviD(8MS8hWEP~8LfJ~0xi8w z*TsF#knsu_!A7l(QDA?nV;4r*86Ps)->AsFaJyjz7|!asQ~)H{ZS?f@^<`#eCb62{ z-`={qxvk}wm)q#+>Dk(zE;cxzlk$~JnJ=aMJzI$3IeR}*M6=?udS|QDC_@gOQc8b? zjo`k)@eotw4w~fGIi0uLph-wtnc99UI@bMicCgv#0GMhDmYd^rk#xv+<-Vq8S=j3djubdEerrjn^)*!KUT2@5q)|vRc z%Uq>JhomcM-d+|J2?E#XLUE=OC-)+Bez%1Gb84+Xp9sP~efq>fLY>6tbsruMpZP5z zVFn-|kDPgQuU4Yd3}Vf)TyGn2ghgjtuXi%25Rg zxmxDCg?P@)fYa0l>_N#FZ)-_*K2Bv8dsRk@IM$5LDN64J<;V+DQL2^nz1iC%?!yj`X$~!sc}w z5+}MNWn=&FXa*46=9o`Yz0XKuOu3>-c+KPsos1m&Evpr@G1#y+5E4-wjRieu`GB1d zb7$DC6*iX^YH)yc_bSe_`e;yn|C)|PPnJHA?1zQ@4#aPzP4yAE6=g9PN(R;_Rp}aT zTI%D8#`=sNE~0p6_2B~cS+~yPwyt)o;Dp~q}Xy!UbL2b znmet3ihJ$b&^tfmn^Mi6%9ui|dYM1%$2sp~sL~d$PWpy!tdGg0aE9jmD6+-Um0zi5 zotz`mDBQtoE0=H>)Ltl(M%#rshI4`d(qxiKz*EZPAW0>+vuO@h)EK;x8n?~Ux)bPL z9iH2BryHk`#R;JXtLPLpc(5D^q(6+lrU2zX@>jD}ga;H`zpdVT=GC7jmE+YyXr-CFT3V$$4AW8Z%%B;sW{%K#`fRvso$A=7Fadq2t?N zT&;xCYu1(k3J@`m^C3XqPoL~lDxd@EE}$m?e6_Y5+v%(7X!Pu{#I&^1iM=RSI1mu& z?s|Hw!Pqpw@_xI(&n>?jz?_Y#8q_D`HDK*M{=-09^HTKzTXnOuc8APMGh}axd5RzI zUFe9zC(DcykE|)6czK7_ALu|$meYk<;?z>GsSbjSCh;xU zMeatP=ACz62S*MRl>5#)dZ~XTC6JYc_T)vZ#17VU_IEgROQ<{Q*nF%O&!F|REy`iq zAEKYYug{DyyB}8qCB$fxI5(f3eTA%0EGjsMNR29uiJTQ^H%K;CX(>`Y!lhjG*Knn$0&t7)N2|H2Epbw>&tJzWTb4TuZ|eL^A%3o>F)zq|rN5$<@(!7bQ<96} zB;(*`6<#*3dHeGqa}m|)cVqX!7I|N=SnlV?i(iKcGQz@z?}|ihSdd6iWFMwc@eHc&~9G4n6(m^;UP46LuGn6HAxfI>uG}aeD^PY>k za{h5{Kh5@C@{RSM=b(%ZrzQl*`PZC#NhS~>AjjEzTm*hCM*vZ|ZP79AktR__a4PgI z_82(nxs3I_`$)}>U^(C(96NSdZfe1Ytk_Cga@Yn64d12b)O;LrbjyDIb$t;zb#L__pLG&qwCkk9v)nmB}DnvKpk`(3Vb(ESB)%r8~cqrTNA|1kqAJ*MoHQ7-BSkpfYs6u+mKVtsZ#O z?%9-$T=SEpKGZDL^^Qt7b^5#@!EyJRXr?P#?Oi%$l7d$T;wtS+8pc+gLrnu!tug07 zsbp}`=)9)_!8>Gd7mae~a1=uo_+nt}11AQ-sHH;kAmzK)I75a75C=%zPT?h>j(%M!`l@K|17S><+Vmv0ft3 zS2lyhK%tX>Xr7r#rs@ea2Rko-cHbF)22duhi@`njisH^#VrNej> zU+6}16Nr7G($UhqzX!V{!(ZDueoKLpeQU_stRXW_m|AQMMO$pak+ke!%Q3p^J^&-R zh?~T~j=7}b1+9s>f0&i*#T(c_ zm^&(Dls>HDbp1_Zp#lR|5tU62qK1kIsWY8;Fu)XSyrhPwj zDVz$eAGu5PYD5GLGEMfaoDu`cH;yQ3#ybx2eOp3`Pot(rYV2G2YDYeFp4cl^QXz>Rx&>W2n@|fbhew?&-QQvhW+HVIrc`B^Nj z`$7Rynf>c{m$qO$gXVV=sa%M+CJds5Z2$gL@ftpde7FY_70u`PpgeHzQQ;V@yp}oP zFRq8Ay(;A?n=zO@cZ*ojuk{tJIUBiMQ~>3*C=OoC-Mk_*M%ZZ#jY~j9myQu&$rOq7 z7+lOX>JJwOQ-i;s^x^POP~ob3zt&KOSg+8~`9do+Sy6Ssi(+6hDxe`~O)u^Ly!;*7 zcTU@ylJCW& z1W%W02JIe`*iD){0fZp6bfUbP>k^Wiiys2S@5fw~vDD|Vm9io~Q8uf2$B8@{#ACp{ z6aFm+o?*7ZfyOhdEQj*r$KA<7MbD#jdrGPCZo zE_<7erY61)%gH4)Boh@l?JjSJSTj1h?N&)WQ~ zm7Jfw7SHJDv(P6M+hIBZJ$7{2_^wpO*8OQTmyq9F!%9H22L?6prMUG zg`3hHp58@WTp}NHJ;U8W#rn2%>KpQ%#ztxj(jkirG)%?^Vao^Aqn$K0xSj}$gsUz& ztC&oC@$WX$_*G;ud~BY}AXO&A$=}fk8>Ns8jDdaK8%`K>J3uo9B9RD=jFbbcU%+;I zd43vBW)t3!1ef_PS+_avVR^3SLHuxcHaGPydZ;=(J5M~7Xjinj^c1JD6?3v(w&FF2 z)qB9@aCaYiQ6?^@0f3#60!qPA4Y-7+o{OQ3>m-6qt4XgVq%!Gaug@U%LRM}@1UK@i z3(cw8&m#h&DO-C$weaMVy7>JAs&h~!FZX?U-iE?u=J$$Q=MUb8`$g%y^Uyb&9h4+Q zDfc;%VZ8b7+@+VK-sc%JCh;0aQT{B&6t`;atg)1sG$;!12eTZy4{^t>kvOQF15(N} zi-PjO8R@iw@5Cjwo;t&q5g`>EB^3MFXnh^`L_6HrP>U*UEkA4@8j-+iG3AsP=_ht$ zsf)oe*4>ZOSdN1i%i}#L6XRFY0M@YZ4S5+Fqcn;eyclfLjbS86Iye4B(D*GzxNhsq z359>X9`F80N4}SlS=a$61)ofU$xjv4R-2kL~OpG-qAsdC+LyrxZCRw*8swXSO09+%{& z8sRA(VLXl!5`GIc7wtgFig52mn1!yaE2Ao=(5glGQf`taa1pT;9|c>!mrBx!-Wfgv_w|X5jRQg6A-A_5uOO- z>RlC(qKH-GNg;vn?nmhK&HM|SHv9C^*!nCy-2NT2^xc&u8o2eCE(mHV!BTZsi}D9o zSbcW4&vVCpXb&i9Z;_>LIfbr9lC)HtS!B4s`jB9mW>HP#?0%+aa&u^jHr-A~?fH=P zya{`!=^Ns6H|SA1V#&>q_8kEvXvKNfu34p<6j58KllTFJU%fB6>wOK~4Nw<-i=Wxi zfI`)T=YPCjmzFBS^h6I{aug(xy|CIDl*lBO8aYVXTHTSYM9Szs*j;8m#<^lh$m8eG zuFajdL}sY1rDIvP-R9#^4k4cF1P4L4BPk|r?(HUAbWUT0@GpjI&F#n$*Bc+Tb2kAS z5`$)KSVV-Fv@r<4a{+l|`zyJ11#VUM$SJC7Y;g-?-qd1cPQ^?5g%#OW$0)3C9`l9adf*vxyG$=;EGG3y!bWQVdK}4qVbUq(oJNCD1ZyA&>TTw~gRb^j<(p4oXI$ zXHO-L2;?54IaXe$5FRxCL+@Etz~3ow)CtKrJVT`&yAh6)ZCMIb=1NJ%4?JLB5uma~TeslTtk@S#n4{ZmH_ z*0*K#X4f;cH&QUE056-eQjdIyVmDW5C@$I0R+b<5Cg*SY&sSEJc5FeY2rgqqp8@^{ zx){OrS*3d+(^9U6r@goC6G_~W0+`~(D4?7IZpK=(F$2I1BovEP;eNFb`1wv&+DP?r z&VlksqeZyV!o2AVB}1@O^?MQtBxZtez@IIK z0`L;E0JRIS(kn-8V-8J-vS65G`}0l7_dQ4MNUSkGe*DOl2>mLjVqNH-o_g00#%qKP9RP|aCI%~e>_>*0c=l3?_+ME8|G#846ZEf%f89IiKX3FO zIpz!X9Fsw%#4n9YR86vvruS&rsnA10tE4-%ue1Df24@}})XM|^6aYozwb(e(a_$75 zS=1G7OJu$i@9+PH0P4km2=A15t_NSqHMhr4$$fEpzOnO*jS-Gz_`sAP=F^8OwOh8W&Z%}@PK|O6T+;d~Mo}3=Z?$gwPI=Cu=&)f*>Xm!KNMpwTw(*5y8ju|)ky+T3d8w_R z(=UWzPxilZpXK2e4vtv%lv$BZ*dl2w=Df|>0L!t=1rD`0h(meKVm(vdR;`GLx~@BH zd8_)^^cWrF>j!wg(s^6}Yp@l7vNS66+GD7sY5_eQaL5Dp=;r1xpTn5`X+SuVlYX-a zI`fa?L6+(_<8*l9GBt5$YvN=|L|35jN7cFJ@>vMMRhdj{0w6xIPkbB5x}gnyInv^* z!(ZUCBmh=LY!~8Z65MU@L&Db9RzToedHD%2HIOHl5s{&G}M+f7LS+~g`}L`v%8_$ zjMa0a0(9H_fWHO~?p*t3Dj*KHkAIT!@$n6b{swB&95Mu^Dhi8$pb_wBSI-Td$o<`l zVbE^{x#S8ZyP~!9cvCz)wmGXgMlYP9FB7?#HkI92rzJ8~X@9?$;mknC4sGbNBV+j- zDjG36RfY>c1z;ucWz=nLcHDy`BBa9c|0L#sF<(DABF4a|0IYRkVW_RRzz!FZ_@CgD z1_O*gV8cwy{=hMY>5@tPu?^7vQd5aq$^Rb5{6EKufgQQEm6YBA?G%SK{vq&^Ee74l zjgbyCP)*`)s#+F04w_}JCDtM1YfmrZvet3)rkU77ncV9yUdHJ^tJdGnM>>pfC~e~^ z&mRhTNPHtZW|aW%BgbGxc#u&67kT9ONH+MuL`r02TiXj@tbV?hL!sz77-pApTjGDi zZXA{;fuCOXgMdU_4H=2W(3dbBg_10EYL(X7SLOK;W|1>uX+iaPK~zJ z)i_M?7sgY@eP8}muOgb8J!>iaDZvM-%;}wxaxu*ma`VvVlFn+!;F1o~l$ZNC_Ps?- zA5ipB|EuEF<-%WO@cX3m8g$ZqS7gyz1ak|39UXrOow+22c)~@{XfD6Vuvs~gv}wC6 z#zPYakN7I@Y@B0TI7F^Ybh{HMJ~#bIP~t`qwY;W1VY`cTieuy{2=covqjNnmBp`?-Ndr*Ift1=e zGaw*9gcAt`<>KN(m|PJfM_f#doS5!U60loL`@G^rL%HhL*BqIC z25RSMwZnFKfHg}~T54ufBaKZPuBnCA(P9moI5(On#6Fa+t}E%8O>NHBfS`D^`}sD; zC8$8;3Oj*#y!u^X+2h69zD=(MD{?*4>2fI5391TvO0u(#N=Wt%>Y!(B(4(#2+*64j zKYx%(2m#fLM-H|6;0(W+^K~qLKO=3uZZb3Bv}>)=rY51xcq^AcbSCa}xso3SJtdXX zYe}TurFg6ctv@6%Ce~|5M`%ZYWdN|10xn_q7H?pTqXLbIsXQ?;5s0+-^o)!)^Qj^Y z7f*Q;z>t-cl;k<(BJDdCudJ4&+$AG#yYvYp3}x8Hst%m- z8o9)s)rTKe^~KHIlvgzFV<(nEYu_A+e|LJEO*b+n92$E9k0SCN4?&p+?#GchyV^Og zr{qkx<2ogiqmNiM2|b6PjiQ?fmxgyMc1>Ba>_z!9fvhjRlNlZQ)1k&7#}MmJ>i<(UwrVo;cv@~YR2jCa@k zSH8H!_QX=d8m=c}*+>FlQhy%%GcMz^?!Tjm=vNO^&wopz9fw7nE5 z0|Pa+_oy4^TZ3i=85tQs834GKXc8i#FD}PgYAEnq`zd@MK79B)6lKxIYAgBF1Jmu{ zuY7_k-#jh1hMf{AB2uCdYOiaz9O>FrzV5%GL>KvfHubx3!Z2X(s!fmfJ-se}4#9Kp zZ!tvq(?9skBi6a(zYBVyVu>vjGuODA$)5B#F+Sonb*~OW4RURX^z8D}+Q#-^gf`D= z9@qVZIS5l0M`OB-Icid>;$MC=SKWgnrUY!o9_9I-1K?xow;j*t!uJUtg9;-S+Q!1$ zn*u3O5!XJaO+~qK?ir^gH;v#mwBDE@o3~2NXERSkF?TxruL_V+JunTn=#u*X z(FJ*5_xVUK9Jbrc-zPh~ZZ3L^5Zita>AA_)JqD78A_S~l~b*n`#_m{4`d*lcZ;+<7!T>nAB@P&!) z$pn=HVt-rJP~Y_(w=rZ`OY_v$bdO+X4TihcKjUq!5%WSg?nCC>oSaia8kQztMFX<# zvqyao&O-tz`Vg6OJK-fJ7CKLh56=1!KkP5bM$e}%);XIczuw_o zhYq+`_&d(HdFQ~FOeU{rHcJ z9Ru_H;)(w7lH#MSY5z8-V(A(-P`bbMLSldcPN4Y!xSm>IJ`ix5H@TcRN6I*bnnJ3a zkLJs?n}Eix7T5==c=lrQW=GB?(-Ru-}^CFp^Q}>+1u`;<$MYR&dwINaRHPe!_64s!EBP z-Bqg-6&02?mx1O*;aAJPS7bd2@eAnMjDlgLEHn#Faf>hL$wI_$>vhhQHR4fuk6m;N-3)qQu0EW z?p`Y}^esnYNAq2C-^kiMcXj#Xa*W_k67aqqdn6+h5 z{Q1fZEhQj2-qeay;bD)|Je8WRGs;Nm(e&3g!pUVAtT#K-TMZK@D36WD79p)aJIn^IEhty$g;oG&$9|NPl5jVbB25wbf*{=&@0g1 zRtB0XM`D37wu%ZdTl1vU+Y90HedH1fyluW|+4F4yDn2$(9oFgXm+U&vCWlrAK0%3K z3whJi)I(GEK7Dq}Sl<(vl3f5>l@-ze$pblEQc_1}xj-Qs<9uU%9iaXE{QZHc!W3X@ zoXt6fn?kU#u^moV1=$PrfP!tdw$>SR^rtxf#}C9!6Jz5K762;`j1l_R)w$^Fe^?k} z{Sq6qySoeU$~wSo^pVJ@<#Y*tvxvOSC}25wA1>x;d2Hb8q^r9!oWha)5LGPyan!2} zR_*NkT%+Dr-`cuNiMG_~A+IcF)2L|c=b!Q5!E)D*ZmsS24a^9Y=1WM+lmaTzIP<=P z?sj5#Yw#Ds#8iij=$s6dtL7ehj_eB}zlCQlb_QGAaL4YK+QB7FIrwygZ}&*em;|As zyc|(6X**J6R2xM!jb%Jv-_^uQtEDF>Y85)j`XDVqKAJO#ec_{E@H(fN`ytAvXrOTW zGh#gHz}#F`KB1lDnL|g@tg4jLvR)em=nDsO@0W=(UFSe*(o;}%95iY(e*B`=oaXg} zKdDQi=)V#eXEhCXZ!;_yt4HRPFIz7_DM0ZeHA@;e#&3rqL$kTuvd(B((&RH&IDYB* z`hiL;l$iGdA~#pdnkrq=i|-V}$kT=1qSdp9s_4TZNH?!uYFbSjSS32 z$lv%F){s8t0oY#CYv@#niOX^b(*AT03`3?Jy*@2m^XH3m@4jG@=RRa{)QMP@-k^lH zBXp&v(yX%V4aEP!(MR(l0y@ zSI-03{cM$BRWmDAil^aM1C-&4U~b7gRVgGP0@ww#oE(SWIORR!o;WqwHjfjolw*$) zriBS9PBTgR zdc}4D0#VpQoR>e<692l<|CMuYzdhSRN-{Ui4y$n<*dpc&_Nr<%henK@m0D?2~$O0v2dmxVZH4t$1^vmMoZ zY-WQH7{=SH-B2EGpCfL*DQNeZ7sBfzcV^l-nSrjl;s3pV54nUPFE@K4f--S#c9t#I z=(Z!Zw`m|^H1;>VU5YCi)sJ-`kN#K(W(w(Zfe9C2>ip^9MqFMG=fH$7|T`&;PnvITyI^}W_62B3`U?1O3O|D7wcc$fH$7_Fr7=T>D)Ked% zT^bJhF{6}?o|fs3(%Qj=Wqy*u7CD=FkZ}`gmx-V)ZX#urYaIUhz!aEQdv1+Qmh-f& zB=8;|JA|zv=W42Rt~b#!*D-~~7ok%1x8dD-wFxSmC2 zuP;hdKvUE4a=s89!&2Po;`QuMstCt{n><)nZ`+Uu&6Jum(!U8(F)7u{ zq5Sj-GXim$GUAmI6rW$<&xa zr1Fx#J6_c%+68IoH_lzF6xEfrI+%|%&pS8L)8Q&L<|1Sq7%1YoKga|HVGqk^@nI%O zt7GW45taw$F@v}q=N>(o8Z2_)-&{ntp1)F1w~TFPyus|SknHbK6dQ|N_Z?F&YhVez z#^axq+^=i>rao3G)nCK|ON1P*tuJfr0+4R-iJn6{N{I7W; z?1Y`*f=>KV1nGkH0nGn3zdOG{gAmrXvadIOZ$K_d|s!^WOAAS#DJ38sBBg-RUDAStbW5j%bazThch{Nt-}^mh zj5EghaL#%6H}@C|7SHqC_jAvAUDt1VsWqS?g4^aXH{qpbn-IbdTVBIZX(^jag%mhu z3JMCE0!gRfhzt80c->p{3Nkn7>qPPC)enJ>(V4)TF!6HhKHO=YyKm((2QCc&(2MQ% zhXa(5#bW5WF>HBk-N2N1^gsf++1J%&zA~7to6p9`h@-_X`kc$AC4{1z+s4Gez`(}F z1~?V8REIdvh;?dZ;9bk0S@~;d9f9d6r?|j9B{|5-#RPju7J{^pt;^M!Uom(OBX^hJ zeXC&uKG~UG!FSO&+fmKYf^lgn| zGP7)qH0GQc`T`#_FW44WhRf2-RmGF+EZ%;B{#9Ug=R=LV=OPT9cZ$EDa$oyI7B{GhcB@qMsN%Xxi}vZdLk`aAz3J* zaBb-Qh?982ZVCERiU+5M*Wq+zcZfDZ`K6Lkx?i~Rq~3p0K>SX_i!DB6vh17xco4Li z2mK_vVpwy9eDU2vaHvJ$INOdzM&i8F!3vt1&F!z4ahQ5Q3n6}C+#e@B3va_a_^_bY z=qXMPHax?!v})p$=SHba|>TwUt4{XfW>C%wvuz?U*924gX1> z16PHr9p9O;tVml6OG`MhWM8W{gDZXZ+*N{*9eiy}yYq*rU@_4fgLgm4}v&D>*SK_UR!B zk<}AQlNKTS?-+TB(LQf=X@!a3vRW>j!7N#i=2P{J)m4M!y;4QnD_;9oKX#RDZuZxq zL;Gs%#DF#IW^qFzWuq!s(yThj?7WD4n7Z1KI&E=jLQ6Eea=+$|i zzYzUoQ?!#AY>b&;BAdtg@PfH|QmgEkda84-XuB!2Z}iCEdqLTe{s}{rWx>X--1JMQ zsz4N+1;UvOp^Z&iCyqnEVM?ACvB4+UQr!dQx8>vQMj!IuDfxsUngW;nQH2XnPt>)fub+s!|R4gE2Bbn<}l z(OO1^Mui=J$e;ZV+k9nO*eh)9vF{KO5iNsd#p|JvB~Qq``}hAK4ap*>>eyRRCjaFU6d_v-`8pR;gFdKbcHu=cmo9_HBvN^sw(_HKaZBTo6=SlRJ4hAxD3d4nHn(V;Ua-mK#0_w}lh2g0ahzlgQ@O1R z?O5O%2AjBdeKN7IRnnLkT`5i=^NIn#)bx-@ws%hH=qYTk=3E-P*`J%xthRPLbVU|_44}aox_Tv#pC1wkfNMAoGVop zSI4xyscWeeW~+T8BbDC0E0upbzk>Hn0?Bba6@H=0`oZxywGZ!}hIwmcRpUk(_vlZ$ z8fvJa4eJSthLZv<0Nww_3M=w9$c*v3^Wrpa-1G!h5B?bh+ zmbOnKd5K|AUQeWKm`sFxr+2MNNE+C!*w!Aq2`5NuWAd`>nrG^Yzp3p4=KEQL^blFG=$wDqtWb{rgUkFFdOuAmS|`AA1I1DxfhiWImA30X|v zogP}Ay2z)?uZ@+Ea=m*-7#kPYaebPW?72NoGPpj8=-JpxA+85;Sz*+L_9#>ZflM?! znrl=Pe~7=&`{2=xi}08c+pS=zIxqHlt>2v4^)YXLbF6XntDReWOr`H3YM9R0`k!z& z_<|*$z)hSiy98Av96p=DWIR2?^ZfbN`X^a&4lDs7(*xS>VVt(UK4koA8xUEQY1wd~&XI&~WUfSGj~OWb2`!3?JLKtkANisTHjR z8w#!RSBMMwpao9ID5!QyCQg@Z;D!H)7JGOp)1n8apphY?V#&<5#OyJ;7Q$+uDert} zl-;Q$nV}@~3j5tweR$)h@D#wN!jdFP>e|$BT9pDc zy1C5Dz?(-yoM;R8Hz~^U$+uh)I3LN?5m$la1-Ibl_3JZ~1srj+(eE4`XAMO~e?bF9 zz02=1J0|dN-lQ2Gtz8hYA!Sz2j)H=6nuFqwNfUV=q-@C6 z0ZIvM-D9p402Jbg>#PcfpXl-I5h9&N6v=k}6rlrDjuQpUWfjUxAs79h&%0*-<+dHX z5M%m@?=6@qC|#iMEoxKV^$OCX@xc)fZbyEuY{zeF7kN8F=M=A<_h3{BpG#5Y@b==i zo21s1j@%~1x&F~$1y~GQj#;P1_ZJ9EM-CUpwq~78^_>pyVh+x_q!jYftL@UMAs3yD zNsxOa8Xb}B~<~6py5crFP8z(0UXHjz~JJBtK1UU>ZXF_kOr$&^qN8{L$(J zAX#Gm&(ygc*nH`ssD_;7t;dW&ba^l!VP9|F{^j?^#%)e9$VkVbUTV>NA!m>AeFaSf zy9)H9L~T+pEZ~+`KgXYH7XPVf=-ap<7W3|50@Z!fCaLgG(hB%h3+kHr56&0=Bi-_g zdm~d+E9~fsex{JUx@WKa*vi?-33Ochwb7J;bK-M5Ch#&$h5X-%wr`T>=-p7$2bRBl zxt~g2>8?&{K=mpV_Og2MRlBR_QE$LGaxwMK!@cewHthw74P}tV=?J~C!7TdGbg6txu)TW8a%AjmllQwbBu`6=6yo{X%$R zD*7{(R<9k_?q&)2O3J*_DSsMA=2b)Sk7~jl1fBHDoWvM0xh2NQ@zK%RM8%Nt87CL1 zEh;UZoxYBcrdS7typl%(E$&&woTJCRitc-#lBPmY0`T*)#_El&X{)|p7=D-switF+$rS9pp~^dcHL2_mV&6*#oHM8(>lzVsYk zRpRmtH~&Gw(U!Il@eQ4)IOF|Yo`COLa{zYP&2%P1-8kvJ?Ti;$ZW^z|tgINdHm1VP77@9}{_D?uz>({Taz@qyDkcGr^1;9E=f%+($0y~v(u-*U#%`hkzG$B9l5u33Jk ziM*lDVrk~konMbZ=}j(;S0IS)p*v!s|YLrAt~^_lj7ja zY~vVV$OiEMqpG%+&pxn@!>1AWcUADKBO|>ieVaG39bqq>zPXnw>K>qBA4V~4^wEfs zS5}v{Si3$&_^?3k5h?ip5Pw zKHA5RANL!-7{!pF?3-_kba!_LXQnn40)a5Hfj*I#SPQTX0BJW-g{BWSzwq$z#vzwx zubo!QvcP8%A#(9b^;2xr&&D9pMbFW^Gk*;)Me#hTEV(|1`uneE$`DG~;#hCGO8+OA zzAd-(JB{QoTI&hxx&e0NLd;vQibz|1HbDVJ6`j2}Y`HRxXr%!4A6UEkEXiSEV|Ojd zrEq!JgnCV!7aDhE-#&NE%@|)0ZT%e`{gsC1dk)4L|BlV))*{`N#-d)@*C~yyDSA;) z^Jg3VWQ#~8ZHq~>g)(z?KjvxgomdQ&1HNnp9h@sYlgAj7zn&sTU`Ov>Ub$rcx0A#| zvJsRnV+2o~7O*A_WFEurJODhM*6gq7_KvoF zPD^X!xusM^n&f0q?$n>7{^T*=c@gD~iup+M-HZ}cT!zC|_W**t=_+Z(?XbYz753<^ zr2dU-G^FuQiOcB>(;9Xmsxk`(cc!_uh_pp^1yq(z#k_(YAHR8mJ#)6(ThdxbUHKe; zZdsM2Mhk{g$n7s$u2~f9x{)AaLi{{&7lxemlwDm?PhY!!8saxQ$8fXxm5(B*-@nt! z{AN*sgM|r9@N+`EM@l`>`!u$sT|ph}8XovOOXMe0M3UgYC-wY3i6zU$`f}Ydx%N+3 z8sw|)CL5l$yt#_PHE7s8KrKMmN<%CXws6teQ@Lz<;ahE0Lw>FMtAnAhWh$f{D(9Mu zEn2Q|-=Jlw`>=CHHA<9v%&2;%>9sww#7Iejc|^O+z@|h?7`aSO!E|f!rQDAvL!zj& zrtcBuyE{fNB)n2$+o+uxBnFJ%ynmB&7P!VPEfpDO^YG#iNv7jSZj-h;pO!_ym~7cG zjcF{)3yrY-g&XTO@lo_@mSX0`12{OHB0ULHoqbQ=fTPVUiZeLm^wcT;o_hM^0Ky$) zugm(*@(o?Es2<~koTQ^0RQSHvI)rCaWZ!6NcI4Uwf;rGn_?tSti1_Bc6{iesP(HqN zEC4^YRNNaoSt5?Z7L=4f{O{0Z_g6>U1BphT>(qO|LVi63-rdp-PUqv@+S*#cu5A`O zUKi;9{ABjE+>@X7b7apR;Xa!A97o*{Zu9d<6|?Tt`h7CZ^`|b%Apt8^bGo_iR)t0q zt-PmmCO9|PDZ;sRZM_P*y26f#>G*zYgy8g`ZF$A9Q#&9sS3^aMjci)&cZvuYk-@$z zdl=2B=LL`2bc@L)d?QxK*Y;k5DHnHt?J+THvPTr5wq&8z><$K21$Qk7>$xt3(OEJ{R}%qEuy3s@@rYHicBa6+Y{iurL+H<=BhhFpd2L z_UJ{!Un6IPc^s3Qv4N`>3&xw?yP64ms$aL=au!xNEadS0*1jD3j4{7T0n;|=7upeq zS<3X)FbJuAKcz)NUj4K1jQhKH(KaQJI^+U`CBX{~Vf!zn|`|OFr3@K*F*80N71MfD3{W0i;x7`ecpUA0MlNFD7vWlDMb8 zJxS4T5y98?c-Lyh4Fz7$%3i6i2&o%@hRAgn=H@V$1B;*+yqVvTz&oXnM<1IChdJ;G zB9X`dBKDd2`A@g+(}{_SDwkPNv@-+0hIp;oTtiGu*KVZkeEUZm)8Shx%>1#q^4bPB zxGLxGgSIi$zo`+&hWUvT7qQ3a6D!3)^olcUnx^b4jbokC$HR>s|lix~?dKgmoXfzsSujQ^^xdfc?E?cCsM9 zqO2}CZU#rxJ7EVw@@E3VyL*&K3nN9GuV0KLmL*frdN&O|%oB@3qY-6Y{E1*c?bb;;No01+;E!LX?xt(G@2A+T=VykzP|V}O&n2RLL6WGtEm zMmH%o+`X>|-Lj<%q^7HedF>SuehsDM*)c$uX9nelE>~Hn|z`1 z@znd=v0aq8Ur(EZGcE}i7&K{XT^Cbabh{=!>}QdM{d=#ObxYn*Ljav?fr9%L9mOHh zSs*SK=gV6RTnTlqnPWM>-Ze_!vM&Eh)3`LP+$9k?5ZLqddg&N*X%Zi5-XRI%U7g6F zMYZC(1Qq6tBCJ{H;$5!h3R*O!#Nk*V{%DkY%TZY)Egpdn!ZBUmXAjzbw#)ru0K%p% zA~LY>EX0OBihEr*R59QHSE?jsGLQg_Clg~1CZ8)^eMkr-1cyR!44%M?zpcH!A@O$% zoXek8fC>Q>KAn2$9sTKKeBXKK+KhW4HKwZBbAE6w(8VlOB4(3nO;@UTb_T9obE8j? zR|ronVbO}+SN$-f{vHvE6DbkfZz0=z!6Cb?8dT7>OjCUiUfoGpGZ1v{chB5UHfB~HL6l;ysax=0!2TGgdylYI%zNzT&&n`1!=z_-+<60DIX@SV z(UqNuiA}cv&Ua{1o(%=!hW%l7qW~tYWszK`iBzv z0SkMop-0;{94f*etnV0d=Jawi^6X7?FY`1kd8B_f?da?tI^R2J-Y4pLm+uIO!_v#% zYR;0oo7-s7o6wMudRgEOd)*}mhWpy}9b54@=)5XHpaI^=gLi)b5H1S#R$I@XAAOBQ z6?Aoz3cq?n8xQ(q=G|XEo;>XOmXs9D@-{;@{qXHovaB&yYQ(z8qG~14*wQe!%ua#Ff+6t2 z*gzI#3|=*QStp_`XwP@3@Dnw@KJ919hzOIw?Xq}?V2_kJR?Nfs9IT`}+w|H@63Hwy zNE(q`ga2LIW!mLc-iuE$a`nlAGFO~?s)@52J}T39+Voa)$-BrQ9#oSrUej`j{juQ7 zYGp|8(XMg*!SF#HLRRrn!=LBo=_W}u?@Q-Z)gG&AKI>z;pAHz&io=*RNm0?csoOjI;6$G=V)neF8U;dU_V(2Xxyn4I|Y~ zDr|j75YzB|KXLQV;$Yuz0bqVlDWpUMcv2;z7~hT-fy(w08H9-{)B+6p=`j^`^>!AG zlfm$?CyNmmKef&ijEYyDPdgRTjmdk{SfTB8X4>W`rEP?SadB%*T5C`a9NxR9k+}IRabX8&Z`6<(&AJNb9Qf5PGtSVrJyLb&jS;^;D>S9M@7HAS+Y z+H~5|x68z^zF=N^5Ly29SmM!xgwL5IU#P2>VsWx~7btws3%$gogBu5}ERQjMXFx4U zB$u+1V))9RMZ9kcOQyi_`PJr9CLi_=-&r5=V~jLWT?XssZH_Np9j4(!EI7|#QN5I- z$U!iYwJEodAd!7)zdzC5O>k^h;MiSGFv}3U)8G%S)j6vpU;r?ijkBr8ZHpb!JvY}Z zH0V&y%CKI41*Zxm^i`{YQ3*R=9xhw!LPrc#DpQFsJ%Nq$*oT6W@^O5D`la*Z4!(|+ zad9+Q%7M(tP;Lo!LHpq^9D?uyD^?98;an=g#&9=iB!5TqqYGBkd&9U3TaIoZC0 zt@EU-Gw9}Mtp9Ftq`&#KOdfyv4P5K(3UOV5U!+Rh*Y>`&`u#cFQSD^nb5dl_IdN4E zSyyK`af(<-ltGm8@x~~YtLYk-lC7zbBKmGA$Ow6cKS*jB=O&!9%6CXAos>s73R6DH zJe?I)2)*{kuo&O=uD!L6T*y{Rdha=;XrIuM+b@tcJa+c{5)*N9@*{eS1Z|?ZGI_7b z+MD`;ZN?wSa+@z2cO_es(%07*Nf-}ft;c1&x|byqTRC%55+?=l){Ckl!s@E_*R1CrQ1p`c?OLnQm-n_ZmA;OMEE3lr+nAlhItr3FC>Z zDi^#$Dz_EI`?S6w0=;K%U48A?DDD#~fY0N*`MzB!x@V{}PE*Ok2@1YjE)n98Sz=EGw>LaHLO<4C*v0~Ba%2@T`r@5M%TcOK zF6!xrkIXeFmI2&l?)Q)4cl?RFZ^@slcr34sL{ktP=A+$7P#M&$uZu~#~P1OBJ3P` z+@18~)`W{bx-MPYM3B+xV`PV!8=qDliQ_zRglg<7HC0-%#nHgo&(s)iTL#%EmhyT} z2Tc7>By--TrjJ%SYz+t! zP_yb5GA|PW0pxRVaPV`Z?ynFqtdQ2_wq3^c(*yN0N84w506Y}nIp)Mlg$#K@!qjcv z)9Lg6E~ti}Mrt*fy^f|MhGh)%QsS($Jch6jZ0(gfET;5UuBf7lj1;}Or15Qe&TwqqmBbSN{u=R;=t%I#!5 z@U8*n*@83?3k&Pxv$DXr(|JsBWVf7E+4xzVw!y>VQUiQ(JrH-gqL>!xCEIh(Sw(h`hU8Cig>@D7sIe6pQo zh3K!3B&6pOYI`q1{-)mLl7ctf59P!BflJDS>F_fk&^kx7ufaS#_-%)K9fsGOtygR)LZ)#V?P)ihhSfh7I&=R-MO+0yhWTjG64-{jZ>YCJeMF32 zyNHEaCx%50NIq}xviGO6ina84Q3IJug}H84xbkb+LDr9>CZE_iuS9F!%)^+Emv+01SWP z_lo*QxZ$7(eh>x&Gag;fQYnEi_Vq_d?+G(cfu^P=0R}UZ$_Bt6Ui#rw`KuBFK#|b~ zXwm@=XoKUg|LS>y2%Wjb#a!k5dT=SHqi+xoU0p}<7XA%wnW>a?Y50Z>!~*|hfW-f5 zf1u4_V`IBp0L3xio3i*r0U0(86o#N2yR~j|-h)q|{M)^~l>Zt4sx&-23@*HD7#Js- zuspPkjQ#-ErR43{=f3HKOF|+V)<4;*jT8@^k})PGCOAD+fpuVFK-(EmjbJNtJ1%Uy z{4#rF|D^+7e)9ZZ`R}iA=h6H`^0o>YPWBz{)(D};GU~ZnpzBt6#yAV6@H6B!a#h9C z?U_}5?|5zcnI-(%Z3TRu4fXi^r5d~8^*@bNC?Eexa(<754Zhtwgp6$2H?^I0t3!M(vp%L zU0ot$hs1EfG5JH7$xRbQi;%l$Y9P9$o!r11*TR})>Sa7j>(T&>jqO--ml-oY< zhhGa+#6SO8R;k@LWIv4SGcZzTEmTF$oEXOB%lVGUX2s z=^YZpd9b)((u*X5;R1=>+L5c|XjBv@&8nyIPj9-0(&1kinufgnD;ieF z^FElaO=z$477>CA@xXA)wVZi|?uRl;e6iS%zlhOQRh2_^{hpZ4`4=&XkHlIu&@eb$ z&ns(cc;(%d0%NYe*xKI@@bd#^bN#xL5d35h?SCFp(DNWD4f^+o4Ho3z#%5UiDv$G3Z>wSRIH?Rc#8~Xne_d7~%Ng&uYn+{vW_{x0=})Ld zM|AXsky2~99l2_SLbGxQZSAKZ1;zin`@BWukF5bQehX5E!=m@0qX0lJ5KE^4GFqS} zD{G#y3mxxMyNP_n$nX=@!i9pXD-T2cBn?aeE~27HM{gLuryi-|8d2`z_nFQdgGT6^ zERV13MSAgE%v&Ce9bUgz1A&81xEW64;tQ@twXd2UHkERhCEZ1Ae9kB(HZ&n@A0m<8 z{K%V@jDyZ}(v=kHJWuM8NpCQC+DTYQBLeili8~Y}Lqulm>Qzc~Zh-^>Sjh2jq<6g_8Pb(?rT2bEm1S zP*G8bK-#Hmxtt&X?^f7FK)$ZX^aEoOhFlDXi4{b`34%*u65!kLy*1LNqYFl#>7hZ-I7^4qg4sT>SZ()C)w0$+PgW*`kzE zVTNK3yOb}l2F&si+3!(As-r5{XI!oYb_ax^6yC&>8VNm_#uWnw+Zc|2Wadvhu}{u5 zekQ%^xS^?Eay^Tw5EWcJg{Eq5{2@x3>c%f$H#p2k28FawaIJiceX3}w> zmQp7!DI1kG~OuWSy{U?f8+-j zx?URJ&UfHbJoPCcUi6DbHIOb-5oZN8C}}^uL%2v{ZyHX zG%Thq_IgN=28*52dMHl;`c9u>?9ew>z)vA7P_yd|eM0`ExI8SJmR*NYD{9q!DqT7$ z4?Z2qgNFxpyXx`?t zovD~V=;gho@W{*`IF$>ms}T`il-^S}<(%NW&kQ_=Jp_rW_O|`Z-NJo4@ixN3 zyeP$aZpd7A3_EB$(tc+&S0#V5n=kMt>v6^RZc0uPQ%;yy4`hQ_Ti7+jJ)_CkzVU8R z0mTslnP~g^OL`)Mgt62SNdLe$`tF!0 z%EWsm_x95zy}C20LsRI5|*uG8&t%3gWvc2M~+Ig3^3 zxL)FDC^#d^bH`dT96+ZDQI8yXUwsVerY!nB@__LWW4Vrgkr4@`OxF))_Ji){Ixa8o zG)R`+yPTBcb$1%tLiV=Cv&2X-@J2Z~Rcdy18ML*uc>DTtTFw2+Hr}v@DWYh|ci0OOu`PwvUKTPYWJogjBhxHb&zPJhz zh!_rAW5`HUqg|T3ImSNWVc)pH1wDSPinM7rm-CSspqM%ZTF8(_9(KD4E$(u>oL`j5 zh&-E%2`P)Y>p<~?#Ds}7_Hoo|ERm1VQ^L?~;UKHrtmLBJt+7GVoN zlD1|Zsj)>0lmZlpoG`ri9Y5g=v#f>C`E+T201eY_3d=7KBOEQNO9-ZH_m!-T$jJVf zr%}qzC#j|VEN1rWOraEQ^j2kyjIEQmy*ty=Jd@G zG=9z}=Iw6Mg7Gug+qva#1p6Ep8cY<=-lQ%VexJSgS*+90qDB{Jcr0yhv#ZyxqoPB}>++R2)%)wq6~%%q?&GR#a_l6DaPDUEL? z{u}*icNHy7_VB1)^?sH1{Jd$-W(00uOy>w)Oi1a-Gqq4jhW4N{`+(23jI43`N$(nk zI+eOB7Y$n-v)dTi)B18iKV;RIw5Y~kYo_F3Ts^FPg7t7ih1mREugIvLj_PM?srBg& zl|wcbsu-h6&}grLFZZ_v6fOC1V1_YU8)z#&X{ws>)Q0`hQJIddWbL?cy>_BO9!3Kw+ru?GsVm&|Wt zi6Yw#c7T07(O3_A1uZQt1g0q{uFXUxBy5zI{cN2s4D|BiV|W=`RaK?Ii9$(1B^5hu zau5cV4{6CrTa9nCC7Iq;rhM|&SXYAxWN6$j5s1{_q5)0UKk>tLy5q zcR4+VT5TQx*oLS0I}RvOH%Ywei>X(FGk_9f8xlhT_UF<~?Xnfea^;E??z%K*Ff! zCDnX3st%6;Rf1E2}^lc!h zKo-xZfJM~aE|Epb{k{kS0Ht}X_stl$)-@lKAwDt*xJ)#nXj?-l8dNy|J<-$B+9X)I z(dNDBqb%Z~q(on#jgx^`8&K_xGWwmfP{=~|CW1bBmDV}nb&3wD#V|-Y(!Fw^|90c* z>PJM#8;rv$K<7$>N=7hZplf%eR@Z7r!;}|badN5a7@JL8oB3}2IdvHVkc)&N6 zi?^s!|9T?UWgDd?D`EPe2%*NzVcX-to%KfsjI-QI$E|uTyDwkdKGy6GcOgnVwu(?S z{I2d2{4lVL4)Hu}#C0rU$K&>*tW!wn8KZUIr#DlbJx-kBYtGMVfOdboEHR9xT0kYW z)y#x35f^lR@$45bZz+k3(QTG_2|vLgq4^+s2JWblsO@{vgi)BBGF}mdi=VYUx=wxx zNaNhS}2WYs6n;Q4#)D#W_ld${){rnni*%IdNf>2bH4y_dETi8ypK%iX~gokD0ZT&bh+P^Ra zx{@oVcE1K>QD%L8d;}O?Cgr;1ih-m`pH2#pRJQhs3QHO7g>^abtnu~F!Gy=&-9h}I zkSmQNyRwuN^igbBh^>gdsbAt^0(M6+b*=kmvTiHp5skyKrnvqDxqhrf3ek6WQp?3! zmfuNHehD)rh#|2F4cYUK4XeaUJ_Q+5jj*fFPC5N0Gj|TlOQi5xMpTSdahQ64xC>6= zF&8pU=exS)iEM$E=Jst~b}0|Zr7Ft2=M5*IW{fC>e{AJLK$o#Ku0-iRYk0`Fr#oto zkfpezT|FEg?abtOWk_pwdU49! zRN;&5(`W-fk1&bZl;nYJzh)|*n&^(9J|q6o+rGVDDVf2!TXIR_yzj9hD=3$*+%5}_ zGq5E)?*93xbxxaNR`!#f0)|;t#6x|jC`d2rEkQXO%GHR9P=PS7JNnJ>DOy5e;t7z% zi&ZTs?Q=k@!12d7q;H{Gj%`cr?6J$$V7lJ*dm@Kc%tl?P}3x?qD;5WS^ zoe$#tBwp*E-M{HZU%&jQ@vSJQp#kDQfe`q#-2uHrnII5nIN7Cy@0NwuBzKA0&*=l!v z95|Bj^HBovzP=n}Pf2#nS{LFi>wkOtvvE}LTSZurM)1~cULj*M$(E^-`Tm%Osp>by zv}gX>DeD=Lm3PrBX+Vw~85x1AM98RzS+P`Gi}wcl;j^HHtZ~e*i(wIt!})}hl=3PF zZla>1&|42{jn;+p$lKw(-$y%(pLRS=uU(2|DT8_nO)pZ=y!rY07dzwNAe8;A>p3TFeYBkU(blWtM7PLHqs1)K4uScRu^2hs{85qh_Qpp)Qu`&A zu0-q7jMffXON6gQq}Dvl@UiZU7aLMzFbvN>O5Dtg61gro+wdH=v;kSS!5L;6({as1 z0?Ulex|Wc-m_ixU1N>3T^lsV+-{Zgd&G<@0RA`9U$u?P}=`uYk_s@9i1%n^uVqzDP zDoI!&*E-W1_@cG8253Qay{B<89Is)Xf!o_;#jk6pk`p5e_XHIL{V0k3K51TmQr<~t zRcaJhkjSLsI2z4|5cbkYa8vHV%-+=GWS9pGff2XTkqiZz1Iu98Z4w{C`ygPtlj>{$ zd^;9oPCh~2F!ImqS1h|V#Ok3Xq&{Av5ug94<-S$crjV8pQ1Y8&6HU^FpAd%6^j>RV>Or$S zSoY3|WNd@uv-uCUn=6!4y^1BK*?7@0K&EHr#mW~FWTmX*;+R@Fki^W4mA#hF63RVW z$UX3cFyVMb(Jbzx=#4}Ni^{{aVTmxJ8qT3Nyi49A;|FBR^1()WNH6Q|Pmb3{e&O!F z+uW<|nYyJ|eK(oSeqJxQ_Vu-@A;Ux$+BGG;Qur>zhhlZl zKTdIFng-evt5rp5eY7_h(zt(<$2d?Yti+k8XR&jBsHD#(1LQrjh#P9@141hS4Qn5yi1L`~N z3A`7cq%LgM3pZ*s(#9ze{Fo~vg^TbC%CD!IfMtqRuM5e~7lb!!{AtEeF~}%j#xrgw zDjOsjKD2^!;fr0Vwk%39bn-35E~nZ2ZCaDETg^qwx}iYJ%YM5yoD-(ata}GKjG{ju zh3y_=F4kdqb$qr?GH&VSYvwZ+1F@Y$DXv@^p$~@AV{UV?+W>_9J&=3+3ePg5Zo!%l zIqW#-9Ej`0D$=K&gU@M}?XrjnT2uo6+lb!B{fd!jKyD|J19NsYGrrADc}%x@ze2Ql zC8y(gamt$_bjf3S;XbQ3=rMNhdA=2$wca>zq{+wnoaU4aI^s79>Je&T&UfNJO3TlN zGY5Ki-*y`0*&5w!E2n%F#q+SByHeG)5>oj1n(P=P*4#6YrMYo^7XE)iu zOz9T~ym`#`7Pzwc&OHP7_7@747@7wnz|i~Z&QKxmvoxtpo0~F>!b}GC>&eaz)E`<^ z))D?Gj;01Li5f>*;K;eC6o?M1`!%fYI4Rb5o6}RS7u*biq>jQ*u47>>K@&di2D^HP zMo0(*kpT1kRcbQ+8l>_jkukjIVDj|c{;6ENh_J7Bp=3;_c(5vb!($zo zNfxoQC)rrfu#u1ZQsf%urnGy5oUn?73{@7$B9Qi)s%C=k zm917%?{jBRgGm%luhkdljtBXnHJ6Ie`|DMxV;^KUU1V<3>P3%fm0Y#Bo2;&Z14#gQ zcoVpL=q<=7VD11X$71BT_?NIlqRRcL^D0VMAveGE-&`~?i5Q6v=CoGd;JH+bo?jM2 z&tQspDM0pql!3QdeQIO0*!S%qyZuWfP$>Zq?Rkq>Rq63OphcbRm;09jdC&Q#n<-IT zAxe9Cdb&Po@`sC08T1b?2!Pc+y^?#s#2ezT9=lM&JNefy2na99_07}8?uf5bv@t9} zFOssfs>}ldO=h!EVbC(3CUAsz+HZOecby`IV=e<_D1O4TU`qH(pfnX( zhA@qUaR`$~s7eRuknfnfslqft(ow}qBxha7t=NqHN5}Qh zc9q`JQx=Mgb(q>c5WQgqR$geZ_y2x!AA~GO0K5DOdIXS$=B}iqhun%skz|6Gt!=he zaQ*4rFL|K}W)|jE&`a?X(@7z`bCoLs*s8?Hma4kfh`Ve8VK|>Pb3ME3yujLT#-YdP zd~5?pCKw$CPv}5PpCUXlf^q*s=|GSI+8Pv_UI780Ex=%m$NPwsp1AB z$ac^`{0$iW!!fK8MBX>j6%eQg7>qqAsV-;7a0%Bza)rYo^wI`wE@L|XCfZyR|C31L z{7;V;1pj!mm>57TZL|6_f}EJM&4A&D(x$7W z9GQF*1I^T-b>n`WDPpR>FDEmmCP~S2n68dRjv?kvko5!Y5(&HEjT!9u^#^|iwEu?m z8617#67t`1`#+4|3;KJZ&>q40;ZkC9y8~S+_{jhJw}}_U+PA#??P&b{2#escP#k~Z z(3luC(ZBysCJm&|%mL%9@sP0LwSDjb`T6->-a^P^aa?l?j*0@CmAZ^fUBj%fEXp*6 zzP`Re;fTOLpXGao6c^W6x4d`xd~f35)=U5MNe?V^J$IF6$-iPEEa*wTze&J59%TPD z`>#I&$MEsr%hI65=N|@uF;#HU|NYy^*4cxC2od1@kh&aBhv|0cD=IFYnUQhq`ZZp8 VGL5|f;|lyICL|@8BcSc}KLEQ-qa*+T diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md index 76dd0c900d..60ad8c3cfd 100644 --- a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -1,6 +1,6 @@ --- -title: View and organize the Windows Defender ATP machines view -description: Learn about the available features that you can use from the Machines view such as sorting, filtering, and exporting the machine list which can enhance investigations. +title: View and organize the Windows Defender ATP machines list +description: Learn about the available features that you can use from the Machines list such as sorting, filtering, and exporting the machine list which can enhance investigations. keywords: sort, filter, export, csv, machine name, domain, last seen, internal IP, health state, active alerts, active malware detections, threat category, review alerts, network, connection, malware, type, password stealer, ransomware, exploit, threat, general malware, unwanted software search.product: eADQiWindows 10XVcnh ms.prod: w10 diff --git a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md index 0d15caf8a1..26459e371e 100644 --- a/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-file-alerts-windows-defender-advanced-threat-protection.md @@ -130,7 +130,7 @@ For prevalent files in the organization, a warning is shown before an action is 1. Select the file you want to remove from the blocked list. You can select a file from any of the following views or use the Search box: – **Alerts** - Click the file links from the Description or Details in the Alert timeline - – **Machines view** - Click the file links in the Description or Details columns in the Observed on machine section + – **Machines list** - Click the file links in the Description or Details columns in the Observed on machine section – **Search box** - Select File from the drop–down menu and enter the file name 2. Open the **Actions** menu and select **Remove file from blocked list**. @@ -175,7 +175,7 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure 1. Select the file that you want to submit for deep analysis. You can select or search a file from any of the following views: – Alerts - click the file links from the **Description** or **Details** in the Alert timeline - – **Machines View** - click the file links from the **Description** or **Details** in the **Machine in organization** section + – **Machines list** - click the file links from the **Description** or **Details** in the **Machine in organization** section – Search box - select **File** from the drop–down menu and enter the file name 2. In the **Deep analysis** section of the file view, click **Submit**. From 0a24c5ea4f27dd2fdbfee2b276bd883cf6f79486 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:32:10 -0700 Subject: [PATCH 42/62] update to machines list from view --- ...-windows-defender-advanced-threat-protection.md | 2 +- ...-windows-defender-advanced-threat-protection.md | 2 +- ...-windows-defender-advanced-threat-protection.md | 14 +++++++------- ...-windows-defender-advanced-threat-protection.md | 4 ++-- ...-windows-defender-advanced-threat-protection.md | 2 +- ...-windows-defender-advanced-threat-protection.md | 2 +- 6 files changed, 13 insertions(+), 13 deletions(-) diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index 8bac8bef95..e3d266a5d3 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -55,7 +55,7 @@ This tile shows you a list of machines with the highest number of active alerts. Click the name of the machine to see details about that machine. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). -You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). +You can also click **Machines list** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md). ## Users at risk The tile shows you a list of user accounts with the most active alerts. The total number of alerts for each user is shown in a circle next to the user account, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label). diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md index 2c68fb6704..e69c2a864d 100644 --- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md @@ -25,7 +25,7 @@ localizationpriority: high You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints. -For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. +For example, if endpoints are not appearing in the **Machines list** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps. > [!NOTE] > It can take several days for endpoints to begin reporting to the Windows Defender ATP service. diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md index 60ad8c3cfd..7b317f1430 100644 --- a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -11,7 +11,7 @@ author: mjcaparas localizationpriority: high --- -# View and organize the Windows Defender ATP Machines view +# View and organize the Windows Defender ATP Machines list **Applies to:** @@ -21,19 +21,19 @@ localizationpriority: high - Windows 10 Pro Education - Windows Defender Advanced Threat Protection (Windows Defender ATP) -The **Machines view** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network. +The **Machines list** shows a list of the machines in your network, the domain of each machine, when it last reported and the local IP Address it reported on, its **Health state**, the number of active alerts on each machine categorized by alert severity level, and the number of active malware detections. This view allows viewing machines ranked by risk or sensor health state, and keeping track of all machines that are reporting sensor data in your network. Use the Machines view in these main scenarios: - **During onboarding**
- During the onboarding process, the **Machines view** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis. + During the onboarding process, the **Machines list** is gradually populated with endpoints as they begin to report sensor data. Use this view to track your onboarded endpoints as they come online. Sort and filter by time of last report, **Active malware category**, or **Sensor health state**, or download the complete endpoint list as a CSV file for offline analysis. - **Day-to-day work** - The **Machines view** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them. + The **Machines list** enables easy identification of machines most at risk in a glance. High-risk machines have the greatest number and highest-severity alerts; **Sensor health state** provides another dimension to rank machines. Sorting machines by **Active alerts**, and then by **Sensor health state** helps identify the most vulnerable machines and take action on them. ## Sort, filter, and download the list of machines from the Machines view -You can sort the **Machines view** by clicking on any column header to sort the view in ascending or descending order. +You can sort the **Machines list** by clicking on any column header to sort the view in ascending or descending order. -Filter the **Machines view** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria. +Filter the **Machines list** by time period, **Active malware categories**, or **Sensor health state** to focus on certain sets of machines, according to the desired criteria. You can also download the entire list in CSV format using the **Export to CSV** feature. @@ -71,7 +71,7 @@ You can download a full list of all the machines in your organization, in CSV f Exporting the list in CSV format displays the data in an unfiltered manner. The CSV file will include all machines in the organization, regardless of any filtering applied in the view itself. ## Sort the Machines view -You can sort the **Machines view** by the following columns: +You can sort the **Machines list** by the following columns: - **Machine name** - Name or GUID of the machine - **Last seen** - Date and time when the machine last reported sensor data diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md index 7262eeac48..e5d4a325c6 100644 --- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -40,7 +40,7 @@ This machine isolation feature disconnects the compromised machine from the netw - **Dashboard** - Select the machine name from the Top machines with active alerts section. - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines view** - Select the machine name from the list of machines. + - **Machines list** - Select the machine name from the list of machines. - **Search box** - Select Machine from the drop-down menu and enter the machine name. 2. Open the **Actions** menu and select **Isolate machine**. @@ -102,7 +102,7 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag - **Dashboard** - Select the machine name from the Top machines with active alerts section. - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines view** - Select the heading of the machine name from the machines view. + - **Machines list** - Select the heading of the machine name from the machines view. - **Search box** - Select Machine from the drop-down menu and enter the machine name. 2. Open the **Actions** menu and select **Collect investigation package**. diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index e95197be01..1b14b394b5 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ Deployment with the above-mentioned versions of System Center Configuration Mana If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint). -If the onboarding completed successfully but the endpoints are not showing up in the **Machines view** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. +If the onboarding completed successfully but the endpoints are not showing up in the **Machines list** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur. ## Troubleshoot onboarding when deploying with a script on the endpoint diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md index 23bb45e5bf..e614c969ca 100644 --- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md @@ -45,7 +45,7 @@ Topic | Description [Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses. [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain. [View and organize the Machines view](machines-view-overview-windows-defender-advanced-threat-protection.md)| You can sort, filter, and exporting the machine list. -[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats. +[Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines list** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats. [Investigate a user account](investigate-user-windows-defender-advanced-threat-protection.md)| Investigate user accounts with the most active alerts. [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert. [Take response actions](response-actions-windows-defender-advanced-threat-protection.md)| Take action on a machine or file to quickly respond to detected attacks. From 33b484a6093dceacc093098ca1471c6885e9ad12 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:34:44 -0700 Subject: [PATCH 43/62] more machines list updates --- .../dashboard-windows-defender-advanced-threat-protection.md | 2 +- ...alhty-sensors-windows-defender-advanced-threat-protection.md | 2 +- ...view-overview-windows-defender-advanced-threat-protection.md | 2 +- ...rtal-overview-windows-defender-advanced-threat-protection.md | 2 +- ...achine-alerts-windows-defender-advanced-threat-protection.md | 2 +- ...ot-onboarding-windows-defender-advanced-threat-protection.md | 2 +- 6 files changed, 6 insertions(+), 6 deletions(-) diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md index e3d266a5d3..4aba77f8b3 100644 --- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md @@ -97,7 +97,7 @@ There are two status indicators that provide information on the number of machin - **Inactive** - Machines that have stopped reporting to the Windows Defender ATP service for more than seven days in the past month. - **Misconfigured** – These machines might partially be reporting telemetry to the Windows Defender ATP service and might have configuration errors that need to be corrected. -When you click any of the groups, you’ll be directed to machines view, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md). +When you click any of the groups, you’ll be directed to machines list, filtered according to your choice. For more information, see [Check sensor health state](check-sensor-status-windows-defender-advanced-threat-protection.md) and [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md). ## Service health The **Service health** tile informs you if the service is active or if there are issues. diff --git a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md index 01eaa034f6..225527fdbc 100644 --- a/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md @@ -36,7 +36,7 @@ If the machine has not been in use for more than 7 days for any reason, it will A reinstalled or renamed machine will generate a new machine entity in Windows Defender ATP portal. The previous machine entity will remain with an ‘Inactive’ status in the portal. If you reinstalled a machine and deployed the Windows Defender ATP package, search for the new machine name to verify that the machine is reporting normally. **Machine was offboarded**
-If the machine was offboarded it will still appear in machines view. After 7 days, the machine health state should change to inactive. +If the machine was offboarded it will still appear in machines list. After 7 days, the machine health state should change to inactive. Do you expect a machine to be in ‘Active’ status? [Open a CSS ticket](https://support.microsoft.com/en-us/getsupport?wf=0&tenant=ClassicCommercial&oaspworkflow=start_1.0.0.0&locale=en-us&supportregion=en-us&pesid=16055&ccsid=636206786382823561). diff --git a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md index 7b317f1430..73f0e86007 100644 --- a/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/machines-view-overview-windows-defender-advanced-threat-protection.md @@ -37,7 +37,7 @@ Filter the **Machines list** by time period, **Active malware categories**, or * You can also download the entire list in CSV format using the **Export to CSV** feature. -![Image of machines view with list of machines](images/atp-machines-view-list.png) +![Image of machines list with list of machines](images/atp-machines-view-list.png) You can use the following filters to limit the list of machines displayed during an investigation: diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md index ac785c854a..c6d0f9dd37 100644 --- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md @@ -1,7 +1,7 @@ --- title: Windows Defender Advanced Threat Protection portal overview description: Use the Windows Defender ATP portal to monitor your enterprise network and assist in responding to alerts to potential advanced persistent threat (APT) activity or data breaches. -keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines view, preferences setup, endpoint management, advanced attacks +keywords: Windows Defender ATP portal, portal, cybersecurity threat intelligence, dashboard, alerts queue, machines list, preferences setup, endpoint management, advanced attacks search.product: eADQiWindows 10XVcnh ms.prod: w10 ms.mktglfcycl: deploy diff --git a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md index e5d4a325c6..3918964ff2 100644 --- a/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/respond-machine-alerts-windows-defender-advanced-threat-protection.md @@ -102,7 +102,7 @@ CollectionSummaryReport.xls | This file is a summary of the investigation packag - **Dashboard** - Select the machine name from the Top machines with active alerts section. - **Alerts queue** - Select the machine name beside the machine icon from the alerts queue. - - **Machines list** - Select the heading of the machine name from the machines view. + - **Machines list** - Select the heading of the machine name from the machines list. - **Search box** - Select Machine from the drop-down menu and enter the machine name. 2. Open the **Actions** menu and select **Collect investigation package**. diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 1b14b394b5..3a2b9f8868 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -119,7 +119,7 @@ ID | Severity | Event description | Troubleshooting steps 1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Download the [Cumulative Update for Windows 10, 1607](https://go.microsoft.com/fwlink/?linkid=829760). ## Troubleshoot onboarding issues on the endpoint -If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines view an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent: +If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines list in an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent: - [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) - [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled) - [Ensure the service is set to start](#ensure-the-service-is-set-to-start) From b302fe5e403efb30ddc2626a1a5964f2e761c356 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:38:48 -0700 Subject: [PATCH 44/62] fix advacned file names --- ...ced-features-windows-defender-advanced-threat-protection.md} | 0 ...notifications-windows-defender-advanced-threat-protection.md | 2 +- ...eral-settings-windows-defender-advanced-threat-protection.md | 2 +- ...erences-setup-windows-defender-advanced-threat-protection.md | 2 +- ...view-settings-windows-defender-advanced-threat-protection.md | 2 +- 5 files changed, 4 insertions(+), 4 deletions(-) rename windows/keep-secure/{advanced-features-windows-defender-advacned-threat-protection.md => advanced-features-windows-defender-advanced-threat-protection.md} (100%) diff --git a/windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md b/windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md similarity index 100% rename from windows/keep-secure/advanced-features-windows-defender-advacned-threat-protection.md rename to windows/keep-secure/advanced-features-windows-defender-advanced-threat-protection.md diff --git a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md index 2ad2430c0e..c4a85d0274 100644 --- a/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/configure-email-notifications-windows-defender-advanced-threat-protection.md @@ -64,5 +64,5 @@ This section lists various issues that you may encounter when using email notifi ## Related topics - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) -- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md) +- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) - [Turn on the preview experience in Windows Defender ATP](preview-settings-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md index 800e25a7e4..d53c76fc27 100644 --- a/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/general-settings-windows-defender-advanced-threat-protection.md @@ -33,6 +33,6 @@ During the onboarding process, a wizard takes you through the general settings o ## Related topics -- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md) +- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) - [Turn on the preview experience in Windows Defender ATP ](preview-settings-windows-defender-advanced-threat-protection.md) - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) diff --git a/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md index 5d51de963a..1523930b5c 100644 --- a/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/preferences-setup-windows-defender-advanced-threat-protection.md @@ -27,6 +27,6 @@ Use the **Preferences setup** menu to modify general settings, advanced features Topic | Description :---|:--- [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) | Modify your general settings that were previously defined as part of the onboarding process. -[Enable advanced features](advanced-features-windows-defender-advacned-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products. +[Enable advanced features](advanced-features-windows-defender-advanced-threat-protection.md)| Enable features such as **Block file** and other features that require integration with other products. [Enable the preview experience](preview-settings-windows-defender-advanced-threat-protection.md) | Allows you to turn on preview features so you can try upcoming features. [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) | Enables you to configure and identify a group of individuals who will immediately be informed of new alerts through email notifications. diff --git a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md index 9304e0ab7e..f1e4b41964 100644 --- a/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/preview-settings-windows-defender-advanced-threat-protection.md @@ -27,5 +27,5 @@ Turn on the preview experience setting to be among the first to try upcoming fea ## Related topics - [Update general settings in Windows Defender ATP](general-settings-windows-defender-advanced-threat-protection.md) -- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advacned-threat-protection.md) +- [Turn on advanced features in Windows Defender ATP](advanced-features-windows-defender-advanced-threat-protection.md) - [Configure email notifications in Windows Defender ATP](configure-email-notifications-windows-defender-advanced-threat-protection.md) From eabf6114be9d8c01d1b972350834ca27e30b829a Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Wed, 22 Mar 2017 16:49:43 -0700 Subject: [PATCH 45/62] fix title typo --- windows/keep-secure/TOC.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md index f46902d45e..fe68a6ecc9 100644 --- a/windows/keep-secure/TOC.md +++ b/windows/keep-secure/TOC.md @@ -788,7 +788,7 @@ ###### [Misconfigured machines](fix-unhealhty-sensors-windows-defender-advanced-threat-protection.md#misconfigured-machines) #### [Configure Windows Defender ATP preferences settings](preferences-setup-windows-defender-advanced-threat-protection.md) ##### [Update general settings](general-settings-windows-defender-advanced-threat-protection.md) -##### [Turn on advanced features](advanced-features-windows-defender-advacned-threat-protection.md) +##### [Turn on advanced features](advanced-features-windows-defender-advanced-threat-protection.md) ##### [Turn on preview experience](preview-settings-windows-defender-advanced-threat-protection.md) ##### [Configure email notifications](configure-email-notifications-windows-defender-advanced-threat-protection.md) #### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md) From b96ba3aadda068c2ab0793a1e2a8064957269f41 Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 23 Mar 2017 11:48:56 -0700 Subject: [PATCH 46/62] fix note --- ...t-custom-ti-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md index 58b80ff78d..e840000672 100644 --- a/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/experiment-custom-ti-windows-defender-advanced-threat-protection.md @@ -81,5 +81,5 @@ This step will guide you in exploring the custom alert in the portal. ![Image of sample custom ti alert in the portal](images/atp-sample-custom-ti-alert.png) - > [!NOTE] - > It can take up to 15 minutes for the alert to appear in the portal. +> [!NOTE] +> It can take up to 15 minutes for the alert to appear in the portal. From 2deeeb7b18116bb5825dc0f9e6fb78c1ddf9d6c2 Mon Sep 17 00:00:00 2001 From: Justinha Date: Thu, 23 Mar 2017 11:59:49 -0700 Subject: [PATCH 47/62] moved videos to subheadings --- .../credential-guard-how-it-works.md | 32 +++++++++++-------- 1 file changed, 18 insertions(+), 14 deletions(-) diff --git a/windows/keep-secure/credential-guard-how-it-works.md b/windows/keep-secure/credential-guard-how-it-works.md index 480d0af052..aeea399333 100644 --- a/windows/keep-secure/credential-guard-how-it-works.md +++ b/windows/keep-secure/credential-guard-how-it-works.md @@ -15,19 +15,6 @@ author: brianlic-msft - Windows 10 - Windows Server 2016 - -Prefer video? See: - -[![Protecting against credential theft](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=CAgzpKJyC_304300474) - -See also: - -[Credentials protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) - -[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) - -[Credential Guard design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) - Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. @@ -38,4 +25,21 @@ When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos Here's a high-level overview on how the LSA is isolated by using virtualization-based security: -![Credential Guard overview](images/credguard.png) \ No newline at end of file +![Credential Guard overview](images/credguard.png) + +## Video: Protecting against credential theft + +[![Protecting against credential theft](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=CAgzpKJyC_304300474) + +## Video: Virtualization-based security + +[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) + +## Video: Credential Guard design + +[Credential Guard design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) + +## Video: Credentials protected by Credential Guard + +[Credentials protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) + From 1ddb7e2c32cef689bc666a5cc5ce031d1e2a3cd0 Mon Sep 17 00:00:00 2001 From: Justinha Date: Thu, 23 Mar 2017 12:06:09 -0700 Subject: [PATCH 48/62] moved videos to subheadings --- windows/keep-secure/credential-guard-how-it-works.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/windows/keep-secure/credential-guard-how-it-works.md b/windows/keep-secure/credential-guard-how-it-works.md index aeea399333..77569973b8 100644 --- a/windows/keep-secure/credential-guard-how-it-works.md +++ b/windows/keep-secure/credential-guard-how-it-works.md @@ -33,13 +33,13 @@ Here's a high-level overview on how the LSA is isolated by using virtualization- ## Video: Virtualization-based security -[Virtualization-based security](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) +[![Virtualization-based security](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=1CoELLJyC_6704300474) ## Video: Credential Guard design -[Credential Guard design](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) +[![Credential Guard design](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=mD3geLJyC_8304300474) ## Video: Credentials protected by Credential Guard -[Credentials protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) +[![Credentials protected by Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) From 7e0ced22d6bd5070fa5dcc23ea87917833396455 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 13:43:02 -0700 Subject: [PATCH 49/62] added whats new deployment topic --- windows/deploy/TOC.md | 5 +- .../change-history-for-deploy-windows-10.md | 3 + windows/deploy/deploy-whats-new.md | 83 +++++++++++++++++++ windows/deploy/index.md | 3 +- ...with-system-center-configuraton-manager.md | 6 +- ...0-with-the-microsoft-deployment-toolkit.md | 4 +- windows/deploy/windows-10-poc-mdt.md | 2 + .../deploy/windows-10-poc-sc-config-mgr.md | 2 + windows/deploy/windows-10-poc.md | 2 + 9 files changed, 101 insertions(+), 9 deletions(-) create mode 100644 windows/deploy/deploy-whats-new.md diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md index b5049f3c39..fbda4e7ce2 100644 --- a/windows/deploy/TOC.md +++ b/windows/deploy/TOC.md @@ -1,4 +1,5 @@ # [Deploy Windows 10](index.md) +## [What's new in Windows 10 deployment](deploy-whats-new.md) ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) ## [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) ### [Upgrade Readiness architecture](upgrade-readiness-architecture.md) @@ -26,6 +27,7 @@ ### [Build a distributed environment for Windows 10 deployment](build-a-distributed-environment-for-windows-10-deployment.md) ### [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md) ### [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md) +### [Perform an in-place upgrade to Windows 10 with MDT](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) ### [Configure MDT settings](configure-mdt-settings.md) #### [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md) #### [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md) @@ -48,8 +50,7 @@ ### [Monitor the Windows 10 deployment with Configuration Manager](monitor-windows-10-deployment-with-configuration-manager.md) ### [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md) ### [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md) -## [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) -## [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) +### [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) ## [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) ## [Convert MBR partition to GPT](mbr-to-gpt.md) ## [Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md index d2629f839f..73511978ee 100644 --- a/windows/deploy/change-history-for-deploy-windows-10.md +++ b/windows/deploy/change-history-for-deploy-windows-10.md @@ -14,6 +14,9 @@ This topic lists new and updated topics in the [Deploy Windows 10](index.md) doc ## March 2017 | New or changed topic | Description | |----------------------|-------------| +| [What's new in Windows 10 deployment](deploy-whats-new.md) | New | +| [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) | Topic moved under [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) in the table of contents and title adjusted to clarify in-place upgrade. | +| [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) | Topic moved under [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) in the table of contents and title adjusted to clarify in-place upgrade. | | [Convert MBR partition to GPT](mbr-to-gpt.md) | New | ## February 2017 diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md new file mode 100644 index 0000000000..ca4b1049fd --- /dev/null +++ b/windows/deploy/deploy-whats-new.md @@ -0,0 +1,83 @@ +--- +title: What's new in Windows 10 deployment +description: Changes and new features related to Windows 10 deployment +keywords: deployment, automate, tools, configure, news +ms.mktglfcycl: deploy +localizationpriority: high +ms.prod: w10 +ms.sitesec: library +ms.pagetype: deploy +author: greg-lindsay +--- + +# What's new in Windows 10 deployment + +**Applies to** +- Windows 10 + +This topic provides a summary of many new features and changes that are related to deploying Windows 10 in your organization. + +For a detailed list of changes to Windows 10 ITPro TechNet library content, see the [Online content change history](#online-content-change-history) section in this topic. + +For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index) + +## Deployment solutions and tools + +### MBR2GPT + +MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT. + +There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. + +For more information, see [MBR2GPT.EXE](mbr-to-gpt). + +### Microsoft Deployment Toolkit (MDT) + +MDT build 884 is available, including support for: +- Deployment and upgrade of Windows 10, version 1607 (including Enterprise LTSB and Education editions) and Windows Server 2016. +- The Windows ADK for Windows 10, version 1607. +- Integration with Configuration Manager version 1606. + +For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/en-US/windows/dn475741). + +### Upgrade Readiness + +The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. + +Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. To use Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. + +The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics: + +- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) +- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness) + +### Update Compliance + +Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. + +Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. + +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md). + +## Testing and validation guidance + +### Windows 10 deployment proof of concept (PoC) + +The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual environment and become familiar with deployment tools such as MDT and Configuration Manager. The PoC guide provides step-by-step instructions for installing and using Hyper-V to create a virtual lab environment. The guide makes extensive use of Windows PowerShell to streamline each phase of the installation and setup. + +For more information, see the following guides: + +- [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) +- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt) +- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr) + +## Online content change history + +The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10. + +[Change history for Deploy Windows 10](change-history-for-deploy-windows-10.md) +
[Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md) +
[Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md) +
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md) + + \ No newline at end of file diff --git a/windows/deploy/index.md b/windows/deploy/index.md index 0bf5f91e98..1b0542594d 100644 --- a/windows/deploy/index.md +++ b/windows/deploy/index.md @@ -16,13 +16,12 @@ Learn about deploying Windows 10 for IT professionals. |Topic |Description | |------|------------| +|[What's new in Windows 10 deployment](deploy-whats-new.md) |See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. | |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. | |[Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | |[Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides: [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md), [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md). | |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). | |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. | -|[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) task sequence to completely automate the process. | -|[Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md) |The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. | |[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) |This topic provides a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. | |[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. | |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. | diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md index 1739910931..4df01c9022 100644 --- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md +++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md @@ -1,6 +1,6 @@ --- -title: Upgrade to Windows 10 with System Center Configuration Manager (Windows 10) -description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a System Center Configuration Manager task sequence to completely automate the process. +title: Perform an in-place upgrade to Windows 10 using Configuration Manager (Windows 10) +description: The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. Use a System Center Configuration Manager task sequence to completely automate the process. ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878 keywords: upgrade, update, task sequence, deploy ms.prod: w10 @@ -9,7 +9,7 @@ ms.mktglfcycl: deploy author: mtniehaus --- -# Upgrade to Windows 10 with System Center Configuration Manager +# Perform an in-place upgrade to Windows 10 using Configuration Manager **Applies to** diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md index c3f69f25b9..4deadb668f 100644 --- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md +++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md @@ -1,5 +1,5 @@ --- -title: Upgrade to Windows 10 with the Microsoft Deployment Toolkit (Windows 10) +title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10) description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460 keywords: upgrade, update, task sequence, deploy @@ -11,7 +11,7 @@ ms.pagetype: mdt author: mtniehaus --- -# Upgrade to Windows 10 with the Microsoft Deployment Toolkit +# Perform an in-place upgrade to Windows 10 with MDT **Applies to** - Windows 10 diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md index 78b5aa1d76..e42cec7206 100644 --- a/windows/deploy/windows-10-poc-mdt.md +++ b/windows/deploy/windows-10-poc-mdt.md @@ -5,6 +5,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy +keywords: deployment, automate, tools, configure, mdt +localizationpriority: high author: greg-lindsay --- diff --git a/windows/deploy/windows-10-poc-sc-config-mgr.md b/windows/deploy/windows-10-poc-sc-config-mgr.md index ff0b497b45..b7c115e44a 100644 --- a/windows/deploy/windows-10-poc-sc-config-mgr.md +++ b/windows/deploy/windows-10-poc-sc-config-mgr.md @@ -5,6 +5,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy +keywords: deployment, automate, tools, configure, sccm, configuration manager +localizationpriority: high author: greg-lindsay --- diff --git a/windows/deploy/windows-10-poc.md b/windows/deploy/windows-10-poc.md index 74b8d0f352..3db31d59c4 100644 --- a/windows/deploy/windows-10-poc.md +++ b/windows/deploy/windows-10-poc.md @@ -5,6 +5,8 @@ ms.prod: w10 ms.mktglfcycl: deploy ms.sitesec: library ms.pagetype: deploy +keywords: deployment, automate, tools, configure, mdt, sccm +localizationpriority: high author: greg-lindsay --- From 22304107412b80f9f12f4bf10317aab99f3fc687 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 14:31:15 -0700 Subject: [PATCH 50/62] fixed links --- windows/deploy/deploy-whats-new.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index ca4b1049fd..a4900203fc 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -29,7 +29,7 @@ MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Tabl There are many benefits to converting the partition style of a disk to GPT, including the use of larger disk partitions, added data reliability, and faster boot and shutdown speeds. The GPT format also enables you to use the Unified Extensible Firmware Interface (UEFI) which replaces the Basic Input/Output System (BIOS) firmware interface. Security features of Windows 10 that require UEFI mode include: Secure Boot, Early Launch Anti-malware (ELAM) driver, Windows Trusted Boot, Measured Boot, Device Guard, Credential Guard, and BitLocker Network Unlock. -For more information, see [MBR2GPT.EXE](mbr-to-gpt). +For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). ### Microsoft Deployment Toolkit (MDT) @@ -49,7 +49,7 @@ Upgrade Readiness helps you ensure that applications and drivers are ready for a The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics: - [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) -- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness) +- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) ### Update Compliance @@ -68,8 +68,8 @@ The Windows 10 PoC guide enables you to test Windows 10 deployment in a virtual For more information, see the following guides: - [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md) -- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt) -- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr) +- [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) +- [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) ## Online content change history From c08b8ae236a800abe911a4abca61778558839c3f Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 23 Mar 2017 14:33:40 -0700 Subject: [PATCH 51/62] fixing typo --- windows/manage/windows-store-for-business-overview.md | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md index 81941f86f8..927169f312 100644 --- a/windows/manage/windows-store-for-business-overview.md +++ b/windows/manage/windows-store-for-business-overview.md @@ -23,7 +23,7 @@ With the new Windows Store for Business, organizations can make volume purchases ## Features -Organizations of any size can benefit from using the Store for Business provides: +Organizations of any size can benefit from using the Store for Business: - **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate the Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts. @@ -47,7 +47,6 @@ Organizations of any size can benefit from using the Store for Business provides ## Prerequisites - You'll need this software to work with the Store for Business. ### Required @@ -78,7 +77,6 @@ While not required, you can use a management tool to distribute and manage apps. ## How does the Store for Business work? - ### Sign up! The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization. From d6cfd431386cade50250ba4686c58c05a9b9c562 Mon Sep 17 00:00:00 2001 From: Trudy Hakala Date: Thu, 23 Mar 2017 14:44:22 -0700 Subject: [PATCH 52/62] branding change --- windows/manage/windows-store-for-business-overview.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md index 927169f312..a3a565c261 100644 --- a/windows/manage/windows-store-for-business-overview.md +++ b/windows/manage/windows-store-for-business-overview.md @@ -18,7 +18,7 @@ localizationpriority: high - Windows 10 - Windows 10 Mobile -With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. +With Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. ## Features From 5fdaaa86de5319ac00d6b02a8703a35faf0c0286 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:05:37 -0700 Subject: [PATCH 53/62] minor edit --- windows/deploy/deploy-whats-new.md | 22 +++++++++++++++++++--- 1 file changed, 19 insertions(+), 3 deletions(-) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index a4900203fc..aa67b0d325 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -15,11 +15,13 @@ author: greg-lindsay **Applies to** - Windows 10 -This topic provides a summary of many new features and changes that are related to deploying Windows 10 in your organization. -For a detailed list of changes to Windows 10 ITPro TechNet library content, see the [Online content change history](#online-content-change-history) section in this topic. +## In this topic -For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index) +This topic provides an overview of new solutions and online content related to deploying Windows 10 in your organization. + +- For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index). +- For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). ## Deployment solutions and tools @@ -40,6 +42,13 @@ MDT build 884 is available, including support for: For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/en-US/windows/dn475741). +### Windows Assessment and Deployment Kit (ADK) + +The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics: + +- [What's new in ADK kits and tools](https://msdn.microsoft.com/windows/hardware/commercialize/what-s-new-in-kits-and-tools) +- [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) + ### Upgrade Readiness The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. @@ -80,4 +89,11 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra
[Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md) +## Related topics + +[Overview of Windows as a service](../manage/waas-overview.md) +
[Windows 10 deployment considerations](../plan/windows-10-deployment-considerations.md) +
[Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info.aspx) +
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications) + \ No newline at end of file From 7214ffd98f23162efd3ba510f5c163f14eb13918 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:22:29 -0700 Subject: [PATCH 54/62] added enterprise upgrade --- windows/deploy/deploy-whats-new.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index aa67b0d325..74efbdc977 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -23,6 +23,14 @@ This topic provides an overview of new solutions and online content related to d - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index). - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). +## Windows 10 Enterprise upgrade + +Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features. + +For more information, see: + +- [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) + ## Deployment solutions and tools ### MBR2GPT @@ -80,6 +88,10 @@ For more information, see the following guides: - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) - [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) +## Troubleshooting guidance + +[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and information on how to interpret and resolve specific error codes. + ## Online content change history The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10. @@ -95,5 +107,6 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra
[Windows 10 deployment considerations](../plan/windows-10-deployment-considerations.md)
[Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info.aspx)
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications) +
[Windows 10 upgrade paths](windows-10-upgrade-paths.md) \ No newline at end of file From 174cb780cf6e02a8a030195cbbfaf9682e384aa3 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:27:45 -0700 Subject: [PATCH 55/62] switched topic order --- windows/deploy/deploy-whats-new.md | 38 +++++++++++++++--------------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index 74efbdc977..f907c91bbe 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -33,6 +33,25 @@ For more information, see: ## Deployment solutions and tools +### Upgrade Readiness + +The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. + +Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. To use Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. + +The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics: + +- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) +- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) + +### Update Compliance + +Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. + +Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. + +For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md). + ### MBR2GPT MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT. @@ -57,25 +76,6 @@ The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can - [What's new in ADK kits and tools](https://msdn.microsoft.com/windows/hardware/commercialize/what-s-new-in-kits-and-tools) - [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) -### Upgrade Readiness - -The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. - -Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. To use Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. - -The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics: - -- [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) -- [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) - -### Update Compliance - -Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. - -Update Compliance is a solution built using OMS Logs and Analytics that provides information about installation status of monthly quality and feature updates. Details are provided about the deployment progress of existing updates and the status of future updates. Information is also provided about devices that might need attention to resolve issues. - -For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md). - ## Testing and validation guidance ### Windows 10 deployment proof of concept (PoC) From 9f522b5e3de784d4d92e6351ef7186dea866f480 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:30:30 -0700 Subject: [PATCH 56/62] s --- windows/deploy/deploy-whats-new.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index f907c91bbe..8c6180ae0e 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -90,7 +90,7 @@ For more information, see the following guides: ## Troubleshooting guidance -[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and information on how to interpret and resolve specific error codes. +[Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process. ## Online content change history From d78a90d541737679b334663a95c0aa5854fcef07 Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:43:03 -0700 Subject: [PATCH 57/62] s --- windows/deploy/deploy-whats-new.md | 18 ++++++++++++++---- 1 file changed, 14 insertions(+), 4 deletions(-) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index 8c6180ae0e..24a3368a4c 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -23,13 +23,13 @@ This topic provides an overview of new solutions and online content related to d - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](https://technet.microsoft.com/itpro/windows/whats-new/index). - For a detailed list of changes to Windows 10 ITPro TechNet library content, see [Online content change history](#online-content-change-history). + ## Windows 10 Enterprise upgrade Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. With Windows 10 Enterprise E3 in CSP, small and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features. -For more information, see: +For more information, see [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) -- [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) ## Deployment solutions and tools @@ -37,13 +37,16 @@ For more information, see: The Upgrade Readiness tool moved from public preview to general availability on March 2, 2017. -Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. To use Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. +Upgrade Readiness helps you ensure that applications and drivers are ready for a Windows 10 upgrade. The solution provides up-to-date application and driver inventory, information about known issues, troubleshooting guidance, and per-device readiness and tracking details. -The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. For more information about Upgrade Readiness, see the following topics: +The development of Upgrade Readiness has been heavily influenced by input from the community the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled. + +For more information about Upgrade Readiness, see the following topics: - [Windows Analytics blog](https://blogs.technet.microsoft.com/upgradeanalytics/) - [Manage Windows upgrades with Upgrade Readiness](manage-windows-upgrades-with-upgrade-readiness.md) + ### Update Compliance Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date. @@ -52,6 +55,7 @@ Update Compliance is a solution built using OMS Logs and Analytics that provides For more information about Update Compliance, see [Monitor Windows Updates with Update Compliance](../manage/update-compliance-monitor.md). + ### MBR2GPT MBR2GPT.EXE converts a disk from Master Boot Record (MBR) to GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. Previously, it was necessary to image, then wipe and reload a disk to change from MBR format to GPT. @@ -60,6 +64,7 @@ There are many benefits to converting the partition style of a disk to GPT, incl For more information, see [MBR2GPT.EXE](mbr-to-gpt.md). + ### Microsoft Deployment Toolkit (MDT) MDT build 884 is available, including support for: @@ -69,6 +74,7 @@ MDT build 884 is available, including support for: For more information about MDT, see the [MDT resource page](https://technet.microsoft.com/en-US/windows/dn475741). + ### Windows Assessment and Deployment Kit (ADK) The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. See the following topics: @@ -76,6 +82,7 @@ The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can - [What's new in ADK kits and tools](https://msdn.microsoft.com/windows/hardware/commercialize/what-s-new-in-kits-and-tools) - [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) + ## Testing and validation guidance ### Windows 10 deployment proof of concept (PoC) @@ -88,10 +95,12 @@ For more information, see the following guides: - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md) - [Deploy Windows 10 in a test lab using System Center Configuration Manager](windows-10-poc-sc-config-mgr.md) + ## Troubleshooting guidance [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process. + ## Online content change history The following topics provide a change history for Windows 10 ITPro TechNet library content related to deploying and using Windows 10. @@ -101,6 +110,7 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra
[Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
[Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md) + ## Related topics [Overview of Windows as a service](../manage/waas-overview.md) From 0f53fef51c1df2804285309038ba05cebb5ca32c Mon Sep 17 00:00:00 2001 From: Greg Lindsay Date: Thu, 23 Mar 2017 15:48:55 -0700 Subject: [PATCH 58/62] added link --- windows/deploy/deploy-whats-new.md | 1 + 1 file changed, 1 insertion(+) diff --git a/windows/deploy/deploy-whats-new.md b/windows/deploy/deploy-whats-new.md index 24a3368a4c..9d6a1b0d15 100644 --- a/windows/deploy/deploy-whats-new.md +++ b/windows/deploy/deploy-whats-new.md @@ -118,5 +118,6 @@ The following topics provide a change history for Windows 10 ITPro TechNet libra
[Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info.aspx)
[Windows 10 Specifications & Systems Requirements](https://www.microsoft.com/en-us/windows/windows-10-specifications)
[Windows 10 upgrade paths](windows-10-upgrade-paths.md) +
[Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md) \ No newline at end of file From f442663dab8f2b1752da5f90da95fe7e7558fa02 Mon Sep 17 00:00:00 2001 From: "H. Poulsen" Date: Thu, 23 Mar 2017 15:52:30 -0700 Subject: [PATCH 59/62] Update upgrade-readiness-get-started.md Correcting the first step for customers not currently using OMS. --- windows/deploy/upgrade-readiness-get-started.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/deploy/upgrade-readiness-get-started.md b/windows/deploy/upgrade-readiness-get-started.md index 9f9abda9b2..4829baa632 100644 --- a/windows/deploy/upgrade-readiness-get-started.md +++ b/windows/deploy/upgrade-readiness-get-started.md @@ -44,7 +44,7 @@ If you are already using OMS, you’ll find Upgrade Readiness in the Solutions G If you are not using OMS: -1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process. +1. Go to the [Upgrade Readiness page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **New Customers >** to kick off the onboarding process. 2. Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS. 3. Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**. 4. If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator. @@ -130,4 +130,4 @@ To ensure that user computers are receiving the most up to date data from Micros ### Distribute the deployment script at scale -Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). \ No newline at end of file +Use a software distribution system such as System Center Configuration Manager to distribute the Upgrade Readiness deployment script at scale. For more information, see the [Upgrade Readiness blog](https://blogs.technet.microsoft.com/upgradeanalytics/2016/09/20/new-version-of-the-upgrade-analytics-deployment-script-available/). From 0175321036696e1afd1958ae3ea8cff8da359984 Mon Sep 17 00:00:00 2001 From: Justin Hall Date: Thu, 23 Mar 2017 16:58:02 -0700 Subject: [PATCH 60/62] Revert "V jotob" --- images/mva_videos.png | Bin 140500 -> 0 bytes windows/keep-secure/TOC.md | 8 - .../credential-guard-considerations.md | 54 - .../credential-guard-how-it-works.md | 45 - .../keep-secure/credential-guard-manage.md | 192 ---- ...redential-guard-not-protected-scenarios.md | 159 --- .../credential-guard-requirements.md | 125 --- .../keep-secure/credential-guard-scripts.md | 487 --------- windows/keep-secure/credential-guard.md | 922 ++++++++++++++++++ .../credential-manager-known-issues.md | 16 - windows/keep-secure/images/mva_videos.png | Bin 140500 -> 0 bytes ...logon-don't-display-username-at-sign-in.md | 86 -- 12 files changed, 922 insertions(+), 1172 deletions(-) delete mode 100644 images/mva_videos.png delete mode 100644 windows/keep-secure/credential-guard-considerations.md delete mode 100644 windows/keep-secure/credential-guard-how-it-works.md delete mode 100644 windows/keep-secure/credential-guard-manage.md delete mode 100644 windows/keep-secure/credential-guard-not-protected-scenarios.md delete mode 100644 windows/keep-secure/credential-guard-requirements.md delete mode 100644 windows/keep-secure/credential-guard-scripts.md delete mode 100644 windows/keep-secure/credential-manager-known-issues.md delete mode 100644 windows/keep-secure/images/mva_videos.png delete mode 100644 windows/keep-secure/interactive logon-don't-display-username-at-sign-in.md diff --git a/images/mva_videos.png b/images/mva_videos.png deleted file mode 100644 index 52ec8ee035068def0fc0ca14d2c8938cfeb89af9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 140500 zcmX`yV{~M}+9=?T?MWt@*q+$7HL-2mwkNi2Ol;e>ZTse&@8O{< zm6aBOgT{mg003}eqJr`O05C8B0K^UX^$DYZ<5ysfRqVWHX+8OHprzoC-sih%+=@9|y>k8C=t|(X=IXLUu z83HtIKL1l3=D$B~YOimh`&HBq(AZTU{S}7%Pgq&k&dSuv7|?}v5d0N`_`mxd?eq-+ z_n-c!-^B#1EiDbL8~_hviJf0D@c$H3GiUDD6mPpdpn9dYhB zcQfoO+P#zPYf!Xzp5pWmn+C-MY*09$q|^(5kwJxgeZnwJ2=R%w1OmzUcO-c56hmn> za(+>Q2V7o`=twl8?Y5=?SAaicFhPK zC)h0-^NMihjZY4ce{1{n&$gBF3b7>~KglHEMYN?R$ArQhALI3_Z%Qy2hvdg=YLCc{ zCHk#O2NdClPun&G;@c4eW>xrS+v<#0@YGb^%1; z+bI@5sys{_3}~t!N^)iY9OAhJvG%xlaN*3npzYcHy!QSmq4l7AXa7q7|I3SKc&9za z-W4Yh#B9)@n8kBbhtT>NFhoUIQEZg816ZK2>4CmjXmaHG^wj*N>}&iy!1)4i4os^n z^fOZ6PJcfr|1a6mv@k?x04rMfPwd;KVSZuYT%<$=27Vfb zIPe~`WSVHhcuKTtC1hckV_Ro2BgVXC(4lr1l|>rov%LVpjjnYdwwBf{8(#c&;3+O9 z3lHYG$i8O>wWQa^&huvP50Q`IU0t{5{iMwosmrIe!_J$m&xX%~ac7gc^YiWJLmV9Vibr_#fY%~t?dOq#7{FKi@P8Ib zKue4=v#`w0EqRa0ryt`OoVS#tdU7d{~(G{nRekH7>6Dc6N`UT*10W|$`;c)d740LU1KcoC< zst$rP7%(xH=Y-yH+Kwm9&FhS=B;T~z%g&e1_V=RCjX~~vIBU0Cn9Y}pyNOhNlOvU6 zWF_+o-{d0GRAY0Jp>naKb`U$|;(MzOQ7Fgzjm7!aR*4PGP*^qP%k{;E*3;VZ(Un

5mD87R zi^qbDXaroI$Bm?qDT^{Uo-qXN=aYSxTTwTcCeI6-TUb+Z*L+H(iC<)8{=i)G=yr@# zT48qCeHVW3=HAyvE4!NQS}J^w_lzKMAT*t#NhRyvvn-wO)SFLFF3B>FFi&s(gSaVL z?o#JN$0n8=R}GfJ#i1B$-?mPse-!Rpe;On4c_Y zvJ=>`LD_lW*W0OpOkw?gvOHW!T(-B8a*3-rkZ-`XR@*2U zb$?rs76P>0@8|C=tUX87J8n5T^HMtA_N&^idcp_OWN@P!qXrm3;P96KptuLbOK`Gg zI00iA@juZ8k8rO>wow>oA4o(w-8^2`ZYRh7-d})1`PVflmoufUFycnqJ2#Q)3qYm+ zpeIS~S1fw}Iq-&p^~Ye_jklgM0(YppYus--brUrz&qD1+D+byQG-e#U1B+!QOHVRy znkvAo4p@?bm*jBd)sArSd9dy8^o}uRMZZ}WKO=QM^LY>vdeMS(5d$C_$V4ISP<5t- zO2NGTmjvAFU*RaDGklwU_`ap}`9;UaoZMj3a|J|Vr^f~ed*|WVd=NnR`r*ZZ8Yl_4 zNfLO*VZ8#hZ&BIfJmL3XAId2=KLr*)k#Apny5?1khQa4{vbKjp= zHlJBnYi)1Gw{6xS=-OK!O~K~qUx1~*ySPcVs7?pWHdI}h(uc3RLPHCpYpnmBa~BMO zE>BSh5_xI+twUS$0QfCaw_OSS+t7rpgWalOT^XuhyaZ#2m4>oN6$A%@>_;T<>q z-}^EAn0|5*{W{~8@e9YS;htD30WO zB^9}xaq|$$iu5gdt%5MNXgylNpkMa0k<2}XX+IHnVqV*(*%SW;OQnyvOaGD{kS)Zg zfi4@?!=4$Z5RP-?%BdeQ(-{wbN z8<7y@M=Xiz_u9SB%=J$S*Bw}CS#W}{X)>xNwL;RE|Ktqulf$c6og;BZpaFMGfePbw z5$wlnB3y$s-h}csI}Z&3iMFxCjDSTuFX!!&Yas{fw6hjYEkT&f74&}8(|uRD2hOKV z&9`NH;DK8TY?_as{I;OSL?JNC4GKt9OOm{Bwd&T#XxcIdS1E;oB~-0ViG8CeP-sx_ zCEykq>q2@q0Pbh%q`B8y7KJ0VC=yn;U}cTl>q4B5HOA7;P`7L7;AoLgrIOM->heilEDMe^4PwJQRn`&wSDbk@BCGGB`0*J*mv4nO~Gq zBZAdlq-X zKt95;bOM)}0kA5|t)eaFn(YnX$QkkWf;@P93sdV*Zbk#lHRaU$PoSa0V()QIg%Vwu za_jhBFoz%}HhlC;25_QMt9%n%KSf=rRzs<&TL>#xpk^M51m|1qcSi8GwlNnp#9L1! zst5r7o(OD7NCS3Mqs5^Zc;6OD4Nbr5SP9NR3GL))<(L){OpOPF)WEeHA7@-h&d_=&bIHmvG}^)O6YyA3wPKqhxiAW2 z@`SZ$A$ov{{I-!+a!31*YQ_0)@*Cp~ckpR+pM8GtOZ{*H=Ivj@A45}07P z-xw2JIOZUQ+7vlx5eV(VZ>EBlCGaVow7fw?CI9|{4|X*>p-Iy9YsLS$JY|;w*7euF zfR!9FS9SMvtSftXs2a_g20C%?+d@*yU(_+q?Uskjt9pIjq4fLH z22K$+T;Mpirweo4NVRF*8kWn+dCa2m>UW%-;0zF%aq%1>Xnx9imUM&mFUywZ=9HCs zjYP-uS&Lz@y(Md-ZoV@Xj6fNZz$i6fwVU8--R;AMY9Mm5Z6-)x5}Zsh-f7#_gwSR>h$z z+95&Mh$L6h&Hu=W!DPes8ew79-j{w`KyU3l{zkWgrMP6?>KK|Zf^xnk%VQxy34O{J z{5@AIY>+a)2=qC%3>t$B8RAQwrY_6u6CeaPchDSUMA5^69onww5xY#T`jnFdnV6+yQbIcwgIG5xszZLdE+Ft@Y%DO3lup*HiMg41Pf&3;+l|U#;$8=>w z{FgY!a+b-U>pvs9;H_|)BKL})YJ^y+1b7C}BPQc&=FBqGanQ4KQNejB?*pXHMtC-4 zjxJL)^ze8`MU5B1VGnrgA&b}>HTnKnYxmb+t^9~}cH#g`M$oZmlX=B&? zM0AjxvGfI(5s}AYoK@k^3^qrGA8g=+;NL<1l=9apYkLBh1J(^Kz22U#IVX#5pY2rP znFo0z(e_&Cy2r;j&9(M4=_HD!t$xX>gL24bxBh@CYp5!z$^=S4@)6TT(m1*>e`KPE z^!y?IL!jz;ZX^NW(k^;s+INhXxKZUumX0zfJg!Awf`FI!)A#BJY*|%V%j#NaLTyP6 zscX(n;Q7&XiFG0NTHEfrnDXgk`btReCacZdmmm28aS1iW{?^I zsR;XWH@wsMRL!&Gc%igNzKtL&SvHC=&whsYw}r3=ODXf9PvwyonZE$BLka3)Q##w> zkU0?)MUg%TEQup2s4E78vETSceZEE@07JZnagSiX3R0Psa)nB< zps72dxM3ogJE3XPKRn=TRT#lszvi^Ux&nDhTWk&n^@9XcO}uF6wJnL{!us-KeGvLm zj##-VBRy7U15slXgFp>`eeu87DTC34rUc7{M)k9^uPL+B@MZ33p|NtlKS+dl5ytN; ztcsCsV@8v~lp8Fn@ll7JduYS&f-s;YxGcXaD>rM~_Oda4$z!#H<|vEztvb}i?V3eu z;j&uVp=sv9F`ZPbXtIS_g_IL3b`RCvhBw{eiqE&jP0?p`21|^#8X`NZ@YJMTfGK{Z zQ-SY(bA0T^Q@9~hzY;nc%lM2R+MUh&w+9MR;K zX!?@ny(WIY*uOMsC-1RaAuc^G#!!%2SyI}; z28l+Kizl>N3_di4$l(^=ai_jz{na(aYU1yl!vI00FjG1vNp4^+Jc*d)4+K-hDHTM* z`p7>-pyI?iW7$n3gHiVpJn#%zKF%4475Rn8+@hk@-xdMmnq_<0nCz=yE!i17FONKL zC7UVg=GLCKEbX_Jm*#b88K%Ik+w!9Z90^1FNB%8F!D(2Ms%m{{QLh+FeQ(=EBLp_Zd?QnV9bSD7Ien-K;VOe<@n zU0$s3%WKUu*Zx6<&5uAF4HBrsbPl3sYwE}_!8)@u2Zvb9=>7Ei`R+>JU=ei0TTxs;s?I^=f1?*K{j zNFzas8L1yd;8Hf1(QdBlb_t*DJiIOcxbcd)FG}N(^tknzSIJfyq`58@Pkb90#p^R! zQB|be`SO~j{yL*+bU@bW7~w9N_A&QP`}yR}_-ni!i~M3D{@dd0%>d{E2S-fX)~%m1 zDn2>sUS4;fS>k6|+$-jVuxbwyyBH}jKiGmjx|k-zDFj%0ciE}sW^tl33Pm991m92P zlDt=$&x+3GQs?KoNv_YeUF)Zlq)Z*(aHGGZpkT_??OOrZWi9nVSmD6d^gV$MZjh?o zcpH8evq>3(iB}@`4oIH(e+!g>EmS|VqLP}Z)dIuhtW=5UEUKp#)as7A&l&!5wYl5D zD+EI-J0ZZ@(hkHn2FH$Dq>e$JdZrqyG2gLrwz#X9g;StIp<0b2*8K7bQR7GvkwGA+ z&ACzrIA>u757h&v6aAfa%@$IH7O31|nCo!+1PJ+%IP=dwI8Y0}EridrRkahXUlSX- zy&k$bHm=9poq=WFKuc*|?9RH3oSZDD|LKAS8xql|3*u$}HA=Ez+~J)+D5El7320=I^GRecgfqVgayZ zBs|4b>Ul!&CKy8EV4vD>0I!P1&~Wi1Sv0;2G$i?m8So9Yt??WQVeOx!TSLvoUQRHp zHSFj?<~(|?|~Teossp-`H8D7kg)SW*$>F(G%~>5dN)JF8wBvQjY& z;EHqYjQELieoSM&>`!`iWBi6rDW6^ud=7($Nd2827wd#m%7(_bVgVR10sfVc%%#*i z2AyYOHrIZkVF6x)A=%75x~*ly%S`5S;GF@1jQ}1qT9!oH@zzX+lq4v$;l~FSY%36R z)aD*plx;}5xSume#fmKs$lKCHN9l2jPPRnueaof1FP*uadCA!wQBh#W)782S(#HUc z^DJm6`L${vjl;#TiAfFVHl$@kiO2qdvXG|Akd``b-Jy3`?=#+=X5`Dd(2h+Pc%eM4GZMOos7rd?x%u%G5= zt^CRQvDt-6tCEOwOSO}e>3KvZu(Hcb#ZV4CRLzuw{p!K+#pH>E^CQ8Hm;e)`2Y!Na ziQyhR{Toxc#2Ob_o2;!*=_&>epM@+HrE?IT0oi5B8=I2DC|Z&xby6X#4J1yjzUvP| zs{oqcs9>OJKL;VJa^i@4yM9z2D!Dh!DA%NIE9=t*mQKpW`Rp{4nfb^$#e!D|;eJ~@ z<-;EG?S~pylU=AzxGX2s#;ZOlIH{qMV%@JnQG&S_m|GQws?o}P96i44Z@y&ye2p_? zTn<3Fj}~gD?~-d)VNe`n?M@h2@Ix(W2)F^5OVo$}wHR`$^!|l+5H{a+O9VFv$jAp; zpjtUX&&aX;D^9I5q!L&4HdscgmFcTsC>G%MXu^=3`-q}KcsqYKak<#hQU!x{cycDK zy|lQnxbc%JV|`oNxg~YrVekiGxrx=dR7QLXOSz!4xDJEqmE zbxi}%bdhYfyWYi+Hwr~geJ97IvgM-to zQ1bN3wL}+<`d&T4vm%vay_+d$&@{&t2Uzl6>`$ez^rMnSm8%eAdwU%fE%^u7%kJvr z$8&%#O88S0qCx}rHxMBfrW{|cM7)J)D*kCq6=K<)tdFPu4pTK>7$S2K!b0|1maH_9 z9lEz>ZU|ife60?+FIM|Yri6NBg*fz&G|y4B2I!e>%L-E!Jz7;TnU_k6>7a-ccj23q zfD?RMq~ZC74MUn$K%L+e5e6JuG)K{xGUidV(5zEBC|#h5Xom=@>^;v)=leq--!g)n z*hLJa%BnXLJg4KQaWBN>&ZzG-R^sEYx5S&BJCFciN?~?Z^c>=L8glN!CM?& z799UlEDYk* zVTnU5xBDX;+%0_SrzAw^l~RtF;HbH8_IJ9x`zU5EHKhlgvU7;PF0AecGng%J+4$`g zY(O399viO?A%@dp;lP56$wKyoDf89T{A){YtK)IKqy)?|D!@P_sD0$o(I%NfdiI^pigtj_hu?j@X+4RJ0zeFrOdZZ`*wbzm|i{vEdtwkEHpS{Bn{~3;^4RC2xCegSjE{X4>PG2Ej zkdbAodfI-A2HNAaXI7kSf2{=`@8oWC?Phg>vDnNF9=dY)4-NB+6V0@P;Cxh-*J9Z? z1Zh6ubP6cwrLk1wBY^-anL*pjU-DQ{%kUm(~y}X3|P#?`etLrnbdB6GTbhi2qW6tdLLk9W^*q?Ym4d=l2EZ% zX;7GGqZ!|+9+dC_yEX0U(zP|EZW#p;7@8pJf~Q2JxI{$dh;tRX>N-Xh-24;9+K!+C zZ%pt!Psf7OUHxBPh}ENI5)_8o=E^nuFJS)DxVJ$I-By}AwimDfD<7q}JS=inbB{+D z3-<5TYUg?0Z+miUrb-&!*`Q6j-M3@Q`Wmg@>@~E$zRs?%YdUvo(6m>Lwv?M|)12;m zs3zXqX-y;^IyO^X-&~x|XsRX6x0b;Jjk;O>fRA{}(N0sZR^sC4>Bszy zfkCO40s<8r;peSu4NjvnsYbxkALaWOE;2xfjQHkbguz9nS}P_iRLSqEe&y~8|F1Qc z&JfB56+OR^m!@PoX#`0p?92wMT>Kak5{IBJF?@9;kA()c5WauuAT{rot~0+8A}X=HW?6XqU|2wo4At0>5I9p$uK1O> zz(^`VSrUvqucVI#n3MQjQ#2uWhmgdLvCZ4xmLD)CuC%H@2`|xe<@YD}(|~*IH-m`D zrS`a`5OcEFHzaisglWX6SlUZ3h-&+{^~pi;e<-GUAS5wJd!{CP5We(apXh>sqHu-5 z`B__HKnM!{CYC+|(%KaKU)#CwCxE<$-Tgr`no2LW!Rh7TabT;S1W4RYPGzEV=IUxj z%YnC%q*t&nj}INwSx^uL_bF%>w>A=4iY*sIPmss(ISRQLZ2&ovJ14x{=1k$c+DI}C z)q{0*O=@*dci-=Dir#IRTPGZf!(Lzabkt51I(<1{;eI6T{KTyZ{-I;3ru2H<`KJ9g zap>)wpqCbt=wbBfNu zHN?qddy4#GFKxmMbip3%wKFqN$hjURew2|jr%8LO_Z^D0>Np`X0iGlT@AAqoj~)Wb|=`%NYD zD2Cb+FBbxzkeO zK((u~M`**nT;lQMb;Z0qAgW9dJia zDTX_2S`2vHzPE@dGixzk{qb$q>syi6EsFO|wD%;>2k8eW=%v-dMV6M=u6~y5`SGur z+mr~1SxFsw96U)Kcq&G%NEt?oB36{0GT+tqrp1Kf070Zu%2+Cf zt{fdIU(uPG6yIpiokp#84v_Rh)!BBtZwuy0g}D@AF!MVcK@_z#HJihQTpH9{MyWAS z?@=D9fJQsCa@Dj#i&>rRij>$)raJJvq-T6y^GGR)%hMG|KItrLD>|tKlSI`^^eLM8 zcv8_|2u7)G7R4H%B@>if6QzPRY-!#$|C}OTiSW=m>S3S?-JOWEom-CGbih?Z=LznU zQ4lq~-Y=5{X5^wWiNDw|c8a}#e3}-r-&qtfMeKrUHka#IErZ8M%oMSLPR_xtl$fVn zJuG1(b5=)1udiD3R-?5x?C6*ga2pdzP93spm=~#8W4b7|tYZivg%QaDSX$c@SE%L2 zAw(!4PUG^}gKIeerGEB;@iEXNm|j!vxW{jc&P{Wla{|j!X8l!9tGcmbLEC{U`Drq~ zb^qnPB?(goUiq2~O!XIpRkT9Kcy~ce1#J;nej(D3oJqMC4dXxgcq)A;p>qdj(nHLQ z;%Mjl%^$mUOY+8SOm=j*#MX>zOXW))1HGHionFtQw4KaS!J;j~u)MLfx=mn?=mu|? z+o}fZ+9Y1oZ&yatsoCWz-8!ZUgwlq>X~PlB7)1*z5C~~Csto3Uv7_ls)A6ANHPnM> zP&@d+@*P*ea3(nT4QmS9WQxk-AGrp-g|VIjliTa=H>@g;?MK{o&de3X)X~}Z8 zK7K(^NRewu!!f5}1H4F18)IFAJa_6@&rg@cu;_mVUwM~jBKKhaxw?=bFBkBVY%Q48 zX0uWAE%;3Pu;Ma>s4#?Q5ze8sZmjIBYkO=5B6NJ>rf!W#jC*Y-@!WA}KkX1$&;Gc6 zClfQzyP%>*NwWG&bYi} zz5Q@_F6n%9?z|hJtfW&x>Vcl%Gcfan84<}ZSo#4F?zC=+9?pq5BM%$i;iHRjzQp)k z*jRS>^Co<;?l~?%nkdTgHS2FR$u;Yv01wxixi0DS}Csl$aF%~Bi-cO zNj1sib~Rv(GkJSm`@}d|Z|aEYV$asO_5N<{vbNAl%U$PnAoV`aGAYs8{yB5~$ZcD@ zkMG9of3M}TEGe&#-G%IsF!V7@T@o;{-!?Y59BJ+*MAfw3q|PQO`$X)@NyNfS<5Vm) z$omhvwqP6*i-k(2g?t!R_%C~DM%7GBM6IV5$2Qsaa-DC!&bDj9D8Za@m^bX>Z|P|2 zUD+&}BOFm0$Wr~&ve)GPm!3{}U5_y54e3(7ne)Dywvuq(G!oZ5jNe?ZM^ct>U{>v7Y0H}Y>5G8FX)-&v?ta<+xTxiB zsY=8A%N?=shB@v!qFouM3VoPT4Q$SjQE*V#qdJCwoHz7e{a=?vscyX6{+Gc{$KOl_ zJn2qafzkioH>jqJz%yO11_q;XgZr<~j!L4>T^CtjQN%l$4AQah`y?JS#fl?l)dW*w z00Y1q<4oc)KVpuYxU*~zAT~cm7WM^qrwgM$Mnt?nlDzNdTW{+od3dDkPsB;2?1l_C!nksM5rP0b`3*G4g6QRB@JJ7XY%v(vOyx_+v4-4vHf-R^8RbX*D25S z;>W<`+fEhdXQZ{)Ajbv<8r4EK6$hl8t0sRW(iuJN*wu!Asc5&%tQSH6@Q#kmTo@>$ z_5I3_g)xl|cWERd9p0upBX%-lD>Ten3UN8P#$RIq|A7`5Jus2BBTt$fT(-pEZcQ1r zaS>ydG%eTb)nwZp^~W7d=l#O$Pwy?bDvv{k(YH72_p@W`HwYf*I!>>E(GI=m)#eNh{J0a4?QOK)VdA@gEy02Z#~EzFPBo*UCuO9Ko)h?T0D z7@i_E>%pF}?&%D$qp`=tT_EShD<<;}yVaCkKv$i>y280mS8T<`h>eEBShpm1BAnO8 zV+peyF%$(soa9C~eO@a2p%!VI*XP0jl6#NNTBe8VuL66U;W0}c{%t|MwbbnE?|qi> z-YxbeE$DyFO#b3P*TotrW7{SIQB7s+s=i3pvaieDv3-q|>3tQnyJzh-ySlig9 zUMf$fI$XJ8A=^uX3-Hyj8o-f7-xy^yl!%c7N|niMd$}8C!-ZS+{P*n3mHyt%(tfPI z@wjm*O7r&zNeKDh%{uX;SOkO-;V#ZGCA=Ofoa|U^9bC(C^vU9j!Eq%o^26d-B?SzUlTe?#AA6zCAO>=7Z;>a3RuvZ15Kd3y$YSP%@6a zqrI=(?(UrJZl5=uceEeRxNo~Wch>J|-rLmH?yH^emv30OFP(9qfo$IvJP)f`ALpMJ zU)OMX+&tK{<7U79fxElo_49M;@l5V^_lN7<(&Uce_}X)>^#(e{EeTW=@DQ3j68gMANk4^jh;b6Z?-g-6Q$wqTQjW32RI z*IaY7x0hJi_kenEadzHpoizA$le#0=Hykv7tT}`gTFV|pUSj`CVMsII3zU(NIteU+ z!>;yR*A?28>>W~U{??I&B4XrM+_9{3CD|e#Fh?4ON)8S)XSdtm7+7IqeoKf?P_A?{B}hSl3)m zACuw3%6BDVs5NDB;UH*mQQ(gdDZ}=rC{igE?J)eA5V(wbcU=g0JrWzhqx@fcQ5mA> z2;l-6&gof}?6`MFWDrtvNbaD^=EfZ>+-`=kj)8i)y{R!_{0{<B~`_xx}sva0@? z;|Z^=CjI`)KVS9H?7csze>?Aod2T!}TRFBMK8~F^ z9}jpQe}3+0zkH3tmKpJZ@f?dig;DLw{9lXVy{iV?U|W#okx7V5)|&iQCUm5wWpib! z153tf%d&au7Q0kQa-zDW%)c!Z*?$f5YlaDo{;h?## zv7bNbRO=hxZ`2^br|ho)?j>y@R7IqdKKb*N&EhU@G-@6y#}-S z6!h5kyo>wVH0^ap`&JDkbKvax)kA&ne5?9+#Qiw*vT+MR@ZJfhZ9kOid>GdDz7M}n zS^u^eo;77B^H&k?Uyel}E`au-G4=}C&FqF0w#Uy{&kbA+6fmp>cm6qnet^HfF0TI% zKK9zxDy3^Y1NTpUchaprMinj5Ql_o;Qlc4QwUDZ@(kV#st?cX%iex5&;NScxYkuRz zg@0rfw^Pxrk200PycI;^7x}I(Qs$M2QNpC$GtbjK`*TLA4nqKQgsi_77_rdB!6--& z8KdsS-En1>P>%Jm{p0Cy!I=P*nLU#HBaq_zt-)Ck-SfdQ49YG7d9|QnYjL8c=O_!K z{5#vd5Y+Fqj?c5LuaY^WII{|jjSAT#S|k_hPKHWk))pF1fXX8!2~30@>}t1k3oZ3w zHIK2BZ;QR2ML1>_(2)^e;NQ0 zk4SeVdw5yY&3jJ{93)cD#A&s}dk5~*X`-Q=-En*hCITh-=ygay(I29pi3zZ(`oAR0 zPcH35Gk4^VAR;~kW}doKA-^_wp0Ej}ERSECZ0*;Yq<0dL$*AZkC9#S+03FHVm}&v> z6X`0N&OzP{2pGl0%le(P1y9SCTlVvNa~>e{V;u6m5x%!(s4F|KO1CHxSC5<*V-kBQd*3tW zzTIhVNecM3aNm4R%X(Qm?}cEQT+<>6K3k`4e_Bi1d>WqgYH8*9Otel$m=)oE-xrC- z^Vg@z7I$>%siDNLC@K!bWkB$2RzeXY; zh6~Uc54+0b2IB_ApMyQm)k=~%NaD49?3^L8V(?9VFuk0wJgWA2Bc}%bHMSz{9 z9NVW(dUwMyeV@Bf`w!b+Xe9Ta;|4(ykA3ood@2ULk z{v&5r^@;p}|C{66rAxC|?`E~$Od73a+&#ZuDi`unnK^cdLS?9n-~jEI%O!_u6yd}R z)XPSo4)>vi?6ZLrk1t@o>0&B<@%?dy?@~Nai2Oi=P3)@g|L3Xp93eP0A9nYohCv{v zF-@n{?eVa$MI*ePEzK$7DLv>?>tvhWYNoj^rL~>19p9x{AcZiXe)(9iKqZ{{>gK1DW@ZB z-VqN$0bOYj)q8^QcU}-#Zs(!@8*LRK(M_M{n!JsBHqa`boz`mZ4o$YImKI6FQ4^@! z?Oh$@d2aleR9510dswFRc$WC;d#2%Xx!uigexBq(M1M|&)4tzrJ}*ytJvj5+m&klx zMZeWO78P~AnB#tYogI79_P$%(e$)3pi+-Q~JR>!ExEo%de4C@~d<=YS*saLA981+R z-ZAJEWCg)6%^!h_K*a%sA^WK?!-t0R3RTOYwuX&}TymEK7&KUx^fPSZ>dO&zipZf( zhV+*5Z3J+0bn}N2jkwrO9=c+6?vC@oNhb)UGtA^-V1*6zh6`G%t?3UGc|Eqk#OXbY+~jM zu9Ub0XzfCw??V80hErR8nGBfS9?mCrnXbx{lH@;1_5*0HC8(vL^oNji@K#XJ^Q|cr z=9lKyvkq-+4;x9N1jDU^gr+c?k@*~rhokvuey((J1FghAhjxF%95WB*XHM`FWKAMo zgGN+duv*Hz2(OikmyQbO z`@nY3eyiR%@H=XTVb!zsxp z`gHeed;I#l^$uxDQEdI^9nV{tpUKHVQH=)&25lh@j|X9J~-RB#CYvT}vb~37+4E8{%WO?~#(Z=?Kc* zczVasadN3_L=1kZ!~?R7Qj%ZW!Tirq{|iCh$O ze{P6Ai}F*_(2EktM=*aR`{BE#|NJ{lYGlmkk@F+?V^HU2&bJQ&G3He?u9SHi96y>V zWN^H7P~m2*w1Q&v;8&Cuw8{bgdmD znkCpKHBBm8lZJ9x5u2G%!4uaX1NqOPI8rNw&0wZ_I>DdmFhLjzTG>38AbRIUshA#& zn^@ywF>p%bxitz*)@INBr>Hnto$#2p4XmZ|AV!0l4oX9-DToW2O;GzuS0Ew=8EC~W z&Y(y3eX*30;sTC~iwQrmlZ(OKZJUq0mZWcsWVO05`$#QUeE$^+mg*fFS5Z`$^{~pt zruxQy?9w`G^ID_xi;Iuiaukj=rsIQ$LaB3y=5*SmUdEgWzUvmke{uOwBS3GG#A*j&b%@u3KcU>o1Djzex%&8#~a`Smo(w-@wVv73GYAqPVmAhbETQa zms{NGpsWHmT)Hmb-!?xeJ0HU7*D9;H**`Y~+Sc-CkByEeaSDSWzypi?ujdXYSfN&S zbhfN;7-iw5;dGpHFs4C$3x!weG2Fo+DE;cnGGWgDS#(QXaN#-9>Ij)o-J3$1kvp!a z`1v^Fw%@JEYwk>~Y5tmiSOKL_U6rPcZ-hk_|F-xnGat$cf3~^H5yKZWh0aC8l}|10 z^Dgwt@d%unAKKq@{;dx~*l`)!bAspONLZZR(k*Eon;JtC0m9gJkl6o$RA(21iUE~8 zeig;2#}BqBc`(sqk6CI#kT`Iw3qB2%ZZJ1UE-OhonzF&al^(redOj8imsCnb=!_CZ zr7;(MUz&gA64NyN+ERI|>-BU61nJzcu*I1%(VGB;!wLED?=%k_|1F?rtG4_%0@eY$ zJw(5d^W8r|JL42E(>?8fIwUoeS({PA5i;j+{41|(6;HDhute?Uf7<19`34C*VrTL^ zBfCj%QAw%TE7eMC5tJVY9VzxnmC2~OPg+{b_+9G0En1_6Y)!ex279~x#B4zX=UIhc z++!MZJWXkxeAl@K$FN{i*_i7hw%BmkY#1*o$E~cb)Xc+h=&;}if*{r1P0D?5$go47 zBe)IDjS9$b8!}!>YH?ETM(>0FIaWo*-H_NFQyhnEBjSCQ(9T1`S;AJ7^X*YN_dR=mg-AKRSIo87-p~g;CL>gqT=Esj{-*ef$D;mMA=Ok z@)?tD2_?VIH@T&SBd+4RT@m0;ND1~-_4r%ymD{0ip8+r?Y5TA?Rdk&^hd-rnGolf| ze3Aw^o>7!AM`S=K#Qk0`%0J)kN8D$h&B@2WD5PdCBK>Vq%%G~~x?kE~0^)u;A)a#^nS0V&2$*G~>d*yB_4Gqj9K7vX8EsfIC12|6)RrZ}RP5;mmH z1_l_hp{0=1ZZjf6LE$exWsdfZ3F7$sN*BBV_g*c|rd(>%uE)G>*1bCvF@K-=J z%V z6QMlU+||W+y7@9HS=%_o%@fcLFG#~M3+BYF(>3~V>+B2$I?&vWFl*$to;(iwdVD)i z?Qz!lVf@h@xsm(5V@=5(cOIPR;9cLn8D(5JIiW2lN@CLgjZ-BBcaf6N;d!G1G{c{&r0RYP^-`%6IL}$-hD%9)YGmC3C z6B*v&Xy&s)I?GTUNSynnj>gon>K?k%Oxvy7D4u!Uol4Gj22F9oJ|ug56;*9XF5r{r zV1)JlB%7FfXovQSv*_M;S0?TRGUH}Ui9LMU7>d;-_v(hr#-s9`7YrO_>Rx0oax($e9qVS7(_jw{kF--Gk|*&Ry(LsF^C5E<30s?l=>@4*B6;qSqys zaiJlLR}TsIRJ9D3XWD<#`O!76tZFh@WeAe_Go#A}t>o1x7=nPGz_#8qK}hK@l~M9+ znaR7(Pk^8O^25jPZ)keexh9EXPO{Z>aS~FTxs)b7`g$^GO2yDk-f~VZNS29@pMW4X zib}(Qp;NiRzTQi>RSK)y=g|Mj;u8Ei;>=-kvEj~xUFe$mb`i40SoUqH zj`K#ql%^b)CxK8d-CV35*(-HNRPNQPR9Ojp!1*)4=PYm3z+m9NDjx&q2(hq=)OMe`Z@RIch&ep?=@vX89$)LX9uD z>8Jhp9V1p_La^l9r#6+tU5t=59qJpw#TgO@#ldE7m%eDC+OD#l^i3pO*QT9%5~I)V zrNw?N|BG|tpRWNg`6%x6<^Vibq}4twEGJ)^F@d`;?EIL*KMZ}}W@4C#AT){mnR#VT z&(Hn!+i@u}m-!XL_^sSWX^=DVA4V9Ue^_nG$1MFM7Nf38X=)1|sWWojNNd_$&-)SX zT=H?{X*b^XFuKpGsA{BTb-p-}NS?2%*1U3JBO8=TlgOv-C2|`PRa`e$9=z32`026n zKW%^g%Sg1C#7O^AfVcANYvttJtISR=#hUEhc?_u7m zn+i<|wOv3a9EH1HmI9g0fGZ|qKM~57)fDuX;{FCjyuU$(@tPK08;sB4F09Rt0fgO_ zzgg|pSQuzIKfJ3}!l0ywD;=wyE=g*?+=Out_|a4#{zN9q*0)<~(+g{jvYDvI`4Va= z_*ghW4WlK1O8Nd3_A9Fkoy?69K5yuJwP^c#Ax!)4{6b6;P5bF)!@Jb1%vAO{wR#Y3 z!O`n9rR$&BQ^^T0WWFp34^93du+X?BEC|vDyW#<1VjT_bodO5vJ?RVm>wbRX_(AUX zpvB3}e=MSZzRW&-<4si-!{ZEdF1$CV!+~x=C@UCYhQ3pdluC&B`Fo{T%@=zRJuT=e zZJvg%%Q+tu5j*MNlCk~%Sis4~^a}~Dd=6Tj&5?%h5^F`t#sJaAMik>EkyH4Ciw^TA z{GUTTcZXi2YL`*p@xqV5Lb29?T!TN*CiW&z1GTtRD{`W*lwz`IJ^kBL>l&NlkfLF2 zWZ#9*nJNFf`yKN_1Df!$%qiUvq6JBVmAHKskJ~0`-#dBT!pKUI3zD7`8?l1$Q=6f@ zX5ozvORblYc%HFCCdB#2K;T+~xyL)#tdMO|w0LolxzIq>rq zk`MNpiAhr=90v)Z&xBdmP8EP(%^{qp$~70ua<)dL4h_5jUg z;m5TKP;qS0!yL_+K`+TzpAm#K=w+jqMoDDq6cEs+x4>PjvQnZUc&#qel*SldSWmsW z>1ChW`tosa-Tf~v*0e5iq`S_MvocOM{xFW{ljO^pI9cIPoW^qECaAZ^5V(bjHWg!V7v?>rG26-IOn$ z4xxw_j`Xlydhum73!b_kV;Yh^} zlLxQHkO2wgnY|t-Fz8!&k{4L6o}cLdDFQzaR45a}zV{j!XZ~$j6c}zU?Gn!Vkfp0b zY-tW3rnew3;PvN=v@RZJg};AvSD-6bc6vU)Z|QBNyHr;&p|qj+HDJ zE_)ktaMqHII@w%e4p-aA-BbbD$CqbYhF3m zV1{&w8g3F3!!jkwT$HsA0`iRdTIItuwn_1tQe0qdpf*EpDg@r$3q4YjClSnu`egu6 zSRjv<_*n$7CRzgbf`L_!bTD1*z?dn${6Q5?P-EiT+23P_jts?CoK)H#mPu!2+u^7^b#90uy z;ZX?Bk~;kD#ggOz+&ahm|1?(Lm-JhG<{QMDSp&Nkdts&jZh{Mn>15Id>RsFAGR-S9 zgp#sJb$Pk2dN>j$!I3bmD*ce^<+o|Xz+#hP(=iCgN+qHz%W7X_X@|%g7{DMwi%52k zELnr2i24z@Q5Yv;o_|`0GZ{;QaO)dp^(zA>R52p#n#|1HOqnZaaA>Y?{{X3%x?nzK{rl1*B8!!HW1czf4?)6;24^8FB_(F9kNrzq zDD(&eU6E#seVmwedfdlEh_foO zL(2@66`*+b>GRL-l{!D3gjoG=K60IvWr}miUn%m;JF1gXQi5JdJbr4F`&869oAL|$ zi5q)&YjVp{qWAn<@dWQoUvP4kU(w}a6ujWU!Qu-r;usa7UrB>xs1WdL_S&wUo0<&3 z_rN~44mD78H$nv-$!AT^PvHrA1O_0|;}fzB-DA$vd9c~{Xh`Tt6!Q&|rm#`X3v^IG zqc{u*V?}nX1>SNqIDfcZMV>y8ETeV1VE2WIi$s_Ums5n3S3w#P^RMw>k*<}Y%tFJ^ z(-mF~Z+l=_&?(dE8p4pI=`Fk+n~>yW!7b0NVup6bsUYLmVb5$6{mF(~@M}b*cgX?A zETU&ih$kX5j~ZC5)MIfk7cAx&x%pQw21#xUhOAAR%oS5dcZeW2$M8;uzl2zE`VJI$ zRB1ByDfkUG%<~a^&rO0zg~c<_-xuEPXH>Sh0zLdjU>YRDsxYcc%bgz8fRc=8!8vHd z6JTXa&i!^xNP!v{qthOI4BjK@R$d^JS% z@U(MLrxDjRX7g_{6atePo5h}w^2l4_%0Cvc!6cZM#U~{czv8sUAOXw_(0h+XaM)hR z=rn|&)Ix?x1eGMEf)H2(04iESjPAD%P!PWq5DL=6n4F*IRqH6Z*|D>D58j>z3nS379f&8tw@sN4XXwfi-d6CCg27==#E=o&bK z&73%*xK}ClY0fB#o3#Et=jqG>2@1IYDxc~K?`~YXPFWB*T0GcX|sU5LwFrMNK zl4n2=aDMh8d>3OXj<`7kCx_TdCNGkKod6e(m~J#-3(m0Cuw4qbn(8+oasX6z)>DO? zZQk2OI4UC@#R&|AAFx2 zR=b)~G09sOi8NlQTG7u=mcvNXybj3qRF14t(i><9#g`-%1OzHL7F`Zu%c~&lRpUiq zRW%`!Vwo$5H{W0RaN{84m?9g3M*U%2r z>QZK#MIU9xkqyIWAW4y9;@TnXOBn36I+BJ(%&cJGPJ7x$GlMZe#YQo^_4>+T_+;$v zN}!@H|qct8D1^ zyP`0>;|_3thK=UaK#G(U@#=}ANzV(3&`Xc?{mLPkrD3@{$VIhv5Gh7$6*D@C)WOlN zj_|2}GD?ALy94t)P6&#nQ$m8{`hK1I9G+ChB>jRYrt^;lz4rJBdXVpTf7+Zs)KN$~ z#Ef2&$ESA@8or}l`*jqZ16fcvOi8r?B*`EFFcLJcSVCn3NS=o{BE8`yF6rqWO-^BgSa+b zE}5mQ!@s{%Nd2J;O@ak(^`}=i)=V1&l6Ye=lO;5z0r~&l0%1`rE9%o4<#Lc{%+f9& ze}{vCk%p&!h0@QTz8u7;_N-8<$>{1Mg-dsKabw<;2m>6YJ;p0#Z@ zza+I5M(DrQL^(mnb7$ZDu$qN0`U4FR^@7v*!9T=hM!6Hd{g1`rnkPRPU{k2ZF4a8O zGORfFdba}&E1!S3@oOwYZr3rzoBX0kNJ$?)MN72=kfAXg-*hA?Z9)`Nx6O3TM!pv?J;=qN zqJfH+C&Ar!jLp1YUvA}~^h}J9kP~s_6KY}U9?-zmnVISIVPG0=*+dek!Uh!a02t^$ zaK!Cjb>L}+0Q-2wx^y<0b&QX-qq%T2@<>q?=n3MCo)eYO1ZqRWuva8BOH*LMNC-Rw zbaJS=IIiMju-laZsziANZW#XIz^XK2akIlB%GAxIIHmW5J|+8qEYM#Wl5dRFiXo+W z7g6RyBAqam5O5l?wdrV2213rRz~mS^zX;PAZuLG8n_G8JV0eO@G!^q@>~c@D0iIu} z{!k#Gk!t0mBu*#R!orQ&k#j4d9v1L0gW`cGA{JoG7)ELuj5e|6tL%tmY1QChcC((W z-{q*}XHm=%dL5EgXn`it(0Ffz{WX~Rx{=Q|U zOmLg?6A4z>A;ef6I|FP6rs0>0TnuF?Q46^<*)>Mb%ra@C2=2beA^c;3if=1G9tQLU zfCS8-C)WeDM;aPeB!0KmD8n^eBk_DQ2lfGiY>MT3XXMeUkY#+pz<>W$T~0TmQnrKa zS;-c@iY8-dE zcXdn862qdM@Vz0xXu^G8@2WJ5VD4v8FEPyGc934xk$!y+2aoSmr%Pvp)Q;rgDJ@RJTS zsoY~-g08Lbzr$G&6pC8kb8%3?QKaGeSbwV?P}4m}6`BPC+vIZzXQ4{|n~yv%AvL*zjT{!uS}YXIj2L zlyBr?ZAa9W7{c|VCY7M@c9v@g3vs;Dzo=t;gif-HY?_7rI49ZnQV3aShkvzcjW8lF zUaXi#>KvJ*$0GfDFmG2^9B7a&y<#vR)vT>iDwYxWfIzoQLv8|$*k}YBOu+sZ7i2P& zC7MtK5np-;hEtk|n1)J^7ok(a8v0n2JyLdaqu!uE33C~{64C5FStjM;-_=3I4rT$W z=IkcciR`$FoZ`@PS6j=ZBqlUB42sf7ftF_1EzF8aj7X$TlJ!|MzaqxA;I%?)E5ot$ zL$Jw;*?YBcC`vG}t}7rL2TyJn0mPwFUvy!V5OGP^anwrD$cyH^9#>77=Y~>=V#G@! zZNYW8P1}5UB@|Q1x;ib;cXiR4&_KQI1amjo?A&MbU=eum#d1*n%Dz|%tC!lNBS6w+ln)&2wc8EDqGz!Lfv-*>mj<{|<_=YqeTDQ@t~u6h)Bjkw z?b`C~SaBoW%-AO!hW%8CBMAg#Yr~Bf)?C7M(ieq+lP_-Wm$AmY8w+PVTrWG9dZ84&9#Sqab35&Cx+i(8U z(zs|VrkVpIga^QE7|VE}U;F*qA-aDqpsLW!hvJY_*GZ;pX?%NPFNVcor^0Dcz-C3M zKW6-H{dd<`i&j7!35;3Syvg6TLq-H_t`r&RH?D~^Z67LbY1E?;PVBP!mlnvD=A(-$txlT_xU<#oe55OLKViSC~^TNwc_G=4v}5gC+wP++#)NeYwoXvFprrd&7U+e^Yu%D6;>ad* zei}lhWqWNGM|ABFpeBh}6HoLY6m1WM0`Mt4wx_?Z!J|@8mO`k}2M7IxoN$fF25!2E zPW|VLqVR##C<|x-eOgKKz{15uj})@YAfjOo_~*T*C}Kg-5TR+01Md4x3ZuUK2AzP< zz2xZBMX>lqaR&8YbLFzYK$FkK$wfBL?a2@AW)ktULuh; zNkg_rEzjMTV+o9|gujCJixZ`KEaxXbDiJ41mRt&5<3K^?P8nzLu{ z0uKj(T)FQ_B%Mq&dgziIMO2g-B(Dw@L<>i^Ch{Q`=;I<3s2XxQ+8ts6fzp5sB^z|b zEYjgdvf*c5o&k_iqoXSeT-_zko1=sb`mTd8JS;;cJ2VuRPDR6{@>giL>JhQMntemNlA4P+D+5I6r`HQ43u6V5qS6`s4TQ-LGwwEZlV;Q)exkjUQVq`QXtr70yF29u!<^tTH%s zq|eaSkv_+gZ2wpg1{_}&P*sVu6fjv1>K?2xwcREuR0^8{oa%V^ZZnLfl@2I@%P5}~6NouT+6x9Y7 zu}ok91!p`ti$gU%2&)oo8CH%WhX68&kQt|_KBYK9KHwHjoft49Ph>Q$B2kvZjkxy*CwABFl$Y ziXtT+!mvHd)m}Y1O2G# zh~UN+yz3L5{L1{L2$+FQKg_25e=>aL60q)qgAo6+kS^v%#7UeE3vC0cYyef>)7rXfBnW*QunTY9e~ocaDv%eJhHyTC^J3^6t?dlnYam}TDjjK%CoLc<=(l7y{@*& zFT)lCzUj?-O()INh*lbqnurT)rt>g5==1uUR9oC)q5=b#D@GC^@0kI-3n}!WosdSm z*7s#NH~?CA{`$nO8n5p+4o#2oQAb(v=t=?!5ckuE$RtKZcqaP{T*h7=_vK_^EnQM` zR$Q?vvAqN?oNKv(WVf7{7MXrcKkTa=YC@v=Ie=7VZw+qXn2jK%wJ{_zd-j?tU%2TobLYm zs`95(Un`Xm@dZ{Wk_UG5iu-rJGuea@;g)IMrxv@mjnUC9%AJR6)$fVP;Qqicpl_$S z#rLlmF;5q#WHLlj!PtCSHPjaUB&Fi2t0o!vw^(yqmdR-xXfrc#@hQQ&1?>|6YAl%O z;cZpe4ajI15%B(==g@Y1d@`z0I!}9e*p}Y?yx)B{@FT}()Q+Vt}WVA@AU zx~qc0+o4=C$z{D0?jUodyY`t{YOW?e8hG~3HZ$5!jwS_ih4-hXHtnO+jSgy71%I7KklJmE9Z$U*7aL3qmxmCR z#*qn>p(&4E0TGc0PO&mT+YiC`Ta}$=2jd-7i;M|AGyHkUzXr^1Q6B6Wm03lUvJ8!T z7K{w_qOZcI-WN5unJ$RmYfkL+N_8}yIQ^lD7a-=W~M?k_m#6%L-#uU%ut76fTsUj@n zHWlr1p#xJn@j^d@VIj0wDlas13hoH(4FPFsgQ|PieN!b-U_i@a40`6SwvnwaRRh5fa$M^9=!CHG(EkQWL*H=Qrw-pXM zoyNwqmaZp6O~bqKPRrc;Pw7D|jWKJ`g<<1WeY~GTkxL3D;}j6uC6InJx?@Z(GqXWV zKYD#K;M|t!<&R~@Uh3-mnd{lz-5pogdy^D0ao1U?(A)T??{4?UODgiYkWExtBa;5Q zegBF7?ww}9VVlo+2N&1<^{C-<5O(hDMgMC~6w<%Am=?QS4tP437iwL_&dc92RDAw%QnR&VBv^BOqSFi0Vo(+UKC-ysv-u!hDDAi)8?|J3;w&JC@ zsY>2)%)#V7KK9V%Fj*ZEn@lGnWwQRFi zo>jKJ^^N|*S}8t8M+xw78Qjw#qz)H&KMwVXTD>M$Q7%E=ayTZpStZVCl&O&9Sx{X z6$qTTvSK&>db`zNXRaLvoZw+=T8V1e=?kf2t>+AF{mo$QEscI=BxL`yhcstX_ zL;re|sq?Sbq~012350f$~lp-&|JM5PbA2) zq(@!Ye&J*0#!d8+51I09B;Ts?N;L+yNT&ugj92mUHUj97n3W58z1CLC^?fG~3 zQ0QvByS~nE(eZ5<=EJ(NqRa~RRZLu540`VR;OLJwr?z(N-{VThj~?AgA^XhlGU1zdBfhqyAh$6n{H|c+~DBe}5zad-&n<;o zuVTCJP8|IP(TN3tLap|lvksl_42NCU>634}LeG7K9zrQiGMi~h(hQ<1lhHhALL~VRiZ=;|nJkhksDQXZb@fG3?dxLI zA9Hc4DE=e-WQLL8>J!S`;shXh-)icgzQN$I+d&y_4?@yk0k*)?GvU( zkDf?V=c(|roh@CvLA3!sx0V6d##=6HF+~2C1(P4Mj(X2QhimSuo1KSm7kT<2TwOV8bBA>%ti-xKpb{&D2Me$#9IX@0*H z>71+DF2?lsqf_$($Kh=_w)^IQ%i!7f@ytX2t_a`J1L^&2v+K4#;I-TTMqaV={Dq5C z=kGwC5(QV8u@Z~9927E6^BKq^V5`kB;N-c3rpu%MDDQD~@pWe350>-486wk1W%v7E z-HrRMhpvn2bp7TN{q7I0em8>ZYM}=&?AN>t&z)`qj>k*G_ip(=6U%3-7J~Q4j(#tE zhBpf>?@%DTbb-I=jif|AJjVIuUe~2USSqI*ng|cRGdiPjz4<-%0+ZeW83vLr-|v6G zAQdsU)A%Es%lF2R2wutncS~vwuXJc!ub;gK+!^4H>Az{{}-o~M) zlb30>||=nzQztc^h<+!Qn!RH`9jd|hzDEfspIB8+v7f0U)DA3`eo6-1TYcb>FaBo|6)^Tmx5k?aEq_;YTMn?2k!S2=qQk~SKMmC{81!` zk%sKriWgL90!LclL<~l7N-|%3#Ucj>!<&X40*Qj9FrkC4Ccw>H5COvWgXGXjY5#I$ z(xs{i@D7zsZFG4tx{HQS`>lPs6hROG6L?8aL3O>)Sve)S5_iWx%aid3nx9|P2Ld%=srqkzF zaE;@y|^|BH@Jr{_$*V+%Q|An`E(o0AbCH|Nw@-#pi)N0*yvcc*Q0 zkN;RXVcAULkJ|3E;cA{nXi%+e;6Yl$S|HmAHE+s>A;}4(n7J`tG ze=L?hGy`16|6uocDSC^}&PCY3OU}jlG*lu8RtrZ5kdUH2%P|7NP`>q)$@AR~nSv1L zF@C_O5$IHBGGZK&I}tRxp1yGN!cG{M0;I^dGUg4Azpn6FR^R-gfBmt*Gdj`GIH7IH zP-kkn%(3vyMcIZ~yb9gGhQOnQWR>0DCSsXL$lB#+`zd9E3xpkrQ+!0Ud&=f=Y1d0{MXE zSf!;`Z|p*jsSv2nuh1Q+<`f#7>!g8e`12L=i9(uWdw-akfN<>S5CKqZ->rxnLOOU{{ebSojoQWIsGa&Lm1H7Js%OfD*phc_C7_TY9zfvp=q)I!GoRF;-#Wr(^m}yNOh)AfMFu~e8G&6p zs58p${$mk7Xp7*qRUn3o0Xd*8MTL(@CADa5?Ss!Ig!2{Rz^dNJf~353GQ#S_yLrVPzE2PALF>Mr?<)mf}|lAr2eAgf?zII4VC!Vptvc978Z>hkn=^vv@N0r zz#HlpCML$SU&J4;H8lny7SG4{PBPZ@0!IBjgtYqM6@*MDt6SDp&Ag0+ZJMr{Nr;D0 z*PzNQYyc9l(Ks5OhKf_g9J4Ced$o+XgJLH^4*VZxuz;Bf9ks|u^Qrph z$?S6jwEuJh?(v9QxD?cw%cy)VSl>Ux8|b>rCL4i@FPXo#7b=hEQl>!9I;oj=AJJ%S zBQ*QDI;Vt6)rGlk=ogv@jmOrJ5JarAxLSUFONA%3>YP&Nt@r$i3L-^kyJ&wMjtj&s z8tD+M`kvaAQHBEXZVIaSL~RwCYID?8qOnPNAdQ^Xl9!s)o?<);kJk4)7FsToX>3n! zBECc55>L8iD+@F#KE4a~9g_D@2!xF^2#110OkhorA0DiiM|7yw|45d}>#ow^r_ZK} zdUb6Law9*Vv&sHa;;ydZ-IWz&nyaWKzT)1zCp(+a zrrLa)Cqlf@zqrt^u4r>Ou5cJ|YpPrFnrO_MY2PitckJw3J(9ya*_G+{Kk;suY(`}C zvn6~MTV2PyFNiFG3vifoj3A>c8`$Br^0O9Kd-mDGu*-~!!xlFf86%&?>G5b zo|=Q2U}NC<-97)YVC5`)#fT^J__#T_>xV&7P17B(vGmFwED)w*1Kcf<;b0ZeLFISI zQ;o73qHXdlI(V!Aq>zXwX)M#ca7G4-BB3&J^6o%OC(#I>U1eX&(BaT1DN-`bWhSOD zq+F0nXHD7FU?P~JbE~ip&KSImwZTu@Wld5?rCj7`y|JyL12TAx6(tEm6w@AjNJ6a@ z1tp_g;HO6!kcX3J0lx9(CnX0SW4Vm}ci za9c#-xcfd!fh)|~*QW`Dsv4r2b&APo^6+>@VxeA;kK$(g&!1ZAyG4UY#6s?7+)GP( zhWHM4I6dC{?&_)drV(-mKP{diKvzycZOKg9QMAPCzPaRz+3|^`mfgqe;~ZpyDymeb zN>Q`y#=d^_PLn%ix+*w{zru=Cl72Mnme2{O6A7PdGspAFq$%E`w4BYp)L>*X&@e(s zMYImvNVR!oXJmnaO+ji9BmUb^m81e(Fn~N1S0gO2_(MjF{9H%Oe`=g`L;2VqY zLG)lep{}9+G9>)RRqDl>&qqPwDJVX`X^Q=>i>(E{N71qMge~vAf!4Chog6?V=J0ag zN|3*3gX<36!%E)n-_qy?UE^)nS>Ht!{;aKrZZ6;$2F#?+s^znV$k(=>#Uim#^1 zi7j8v?0kR5-+X^wKgtD#d8m0YE@cxUP(C}AW{tVSKvVxZY zCVs}LNUBDY3kNHgalp94?Z;PW@-HsLt&Pu4eDkL*Jc`G@W)i?<2w&3rj?I?lQoP6x ze^oXOLKldYa8JC>Dpo@T2U=+Mf+=%BUs}*9Zb44`3j5x>@MpryGRJ+POTY0=AuX$r zMlOvb&ek@bNma5)1B{1*n)CDehD9mPOgbvt>(P%!|)Zd?!^RsH$!-*SjK9&QQ+g)2yTav;! zcBYutN@hnKGvz4nA}rl!uuUFvB(#?u#kVP8$x zo&H)pXCG=|Bv{(^EI1o9k2c6=Uo5eBOf35#5or^}QSAuY8qG�@ixGbl2 zhQo&R$Z>aEa8fx?x?)!f?7_5{zv8YyB6AK@Z@Py(>fRzqHq<2UuRu)x!J-fYe;q|= z1Jbnm64`r(jesg15&_-AEjtfsEj^)~%YSxc`F0fUzkd#KS+3|;KCkn*9q)hb%QyRm)no$6wgUEmr6H*V_+2 zUi)kD)h^?S-@r{^tRsLE+RbZOncXK7;r>p19oN@~cNSaiTs;sEf(vJi1cEL*^=_W; zjd}M?bTy+^M9i)=nRDcwRo?SM-Z{u|u(nnwzrW@tdlHfuMWg zVphOT*V6!|R618Yqa%^wav5RLur0|6?Si%$;jw1 zg5)M|r&YWCc=#@fL)uEd1W=6;e3Q=@xa!Ngy%{#!$u<=p#6tbNR0)~l)&>{f4~D&$ zhhazb>kBUSVqA65&URi|7-ektbe45wUc-rlW{XAp{_7tLHa0rC%F)4e%NI5uMInaK ztDeAcE)7kMcp`niZ`$Gj6XKSqS zUe9H?F{+TGh1p}l%d%_hM<;~TmS4bSEgd!0+xtS^`)QZ0W7uN%(b#_fWarbsD$e?B z?tQW5#|UNKYx;%3P2Ohv&P~hfa(nJo7+3fG?8j?sZxo2@{U3_~qrD|{RN8;g!1c^mGE?duR6-@|8j0BLD$hdG^{ z^n5qE2M;-&5A(I_nN8aQ7o83tMWbgLwKh~Kfj1NCoXx{EuLBIkk8hS*p!nC_yNQE{ zKPxMHvW8x#Ikl@#Bbpss$CWj;bhZ%zN9Ih&ci4hAtxT#Lu$S^Qg24mz3yM&*r}0Ao zGhl2L8ibnqdLHcx6e5h<{1V;!Su=9STRBs}@(;uJz5p%g!Oyd;`E6n~*X=BR`yGae zp+OKH35DvczWbUYo7WPL=x{pxhO#E3X|S}p?_Q2TEJ`U~I>Y=Qi#>AipFx7eN2CS1 z2$pME!P-R-JD>V{932yH)xp~*^^BmdF9aYFDu7A4F`H`JS@ilDe03{hn?-d^Lu+WO zd#QLbSc5%PO}*_XwMKlNliO?zm&duj-de*vPX&X(?Pc#S-AOFl;3C!M+3ZNL5N6Xi zh7!b1WOPtb0U>ptrlJv84$id4WlG>;#wREtlS7jz=1itSG#G?l=Wap{FEjXc6EW%Q z0Is|Dv8s561${XubL>oi7p=@9nM~v}Hb*PQ;wU0`c!4m3G8hIK@RzzKRe^e@5L#wM zMYd~1rt1XBJ}#~pPHA=pX`7lV77c*XygsGiVUUgV!RKt9Z@!N8zuirT0q;+fOU?Er z)&u?9B%^Zb^DsyRr*3Vl%}gvy!7s>2Tnm-4cP|dD`$K*YD|fM+O4f3LS}2*@AYfJ- z6>B3^ZB?~~COui46gnue>7;1bLLZxr?Q|`Uu=I{MTG8)%8CmFB%REzF_%Xi6Z{GC3lT@O%u2o%AQl zRfp*H0;C(2hPjI1!B!N#0BO{b7kXWviKQ_Z|+9ogM>1(WNvi&=ecM1}>O4&ndhOAL-6|sfxGxpD3H@B7b&_+z`(TZo z?K8RlaCc~Fa9wdWsIe_Z{EXu?LDoqaT@JWgQ|xc`{5$XSspYU@g?(t*js5bEMcQw* z2--$i2ICQCG`^$j z8e6{a80J0}dh!HyEVuwNT+4FygQ{5trfU;FSHe@XpRIC`)e47&mS?)!>m4t-;m_*^ zEvaV#cCDf?xcjZ7qPF;(*Y2#Dk0jLQ9yWr;852@{p3QS6p;2u?0-~7(6-dMN2W9A< zl5pNk4Bd&RkU|r+iJ8~8{{6eCVA*p?MB>)7)ky`vtK~4U)F)pDq(s>6kRgqdx=N3x zuDSOWm3M%aiD*3H@}IMBXNKSj^MMp|W1twZ%#l{HSTy zH6b9)XiXS3Fco4&Bfe{tiHahGsnGnSUkyjD?Rq23V}(Y*6GwB@$Zjmd{Scc(KRU;_hS+D z>i6frb`v+f;u+wsmsRkCw*%j#;)rx;%hoR#>Y;>LOCG2LUOP>t6!!KJAV{%_jPGka z4EXS3!v2q^bMUJ4{rd3fWS?wKO}5=M*|s@ZldZ{~Y&X@(c9X5i_GDYX-u15e{tMUI z_w(HN>}x|(*RJwfl+Ln0l=!^~b-BIP<#_a{@UG2sa1lQzzB|sYx$&=_-G1u*Dm?Z% zaX*OUYRrXVwxU|wt zPaf}IU8KkHkL$~H=dwVFT-|&{ONVyH_C=s1&#zKIVD4X>QDK~S-jj&Fop^+_`jTPy60>s^7F`>lV>I zRNGF!Y?0a7w2^b};t7jNjEls@33D7Yd@+?Lae%##jnkCr@w6R;O2X&1u{{C4=30BI z3mPmVpG51?Mg&Yas;P~|u}3C5_meHt%yrHh{KiZO!V!gol|Xj(tkEww0CIRiMK1j+ z26jM3M6htA@9NN2-|DFJQxrM~SbbsPKp8+**RLX!4(<}&hSFj*&9xE3ODyvMiYWk5 zuJ-Pv*Z;974o>f*r08q4`cd$aryG6dzb0P*aifU2CbR*9Re9A+i?#(sy=SaaI^5{;sHLmI4CI!4wPEJZB92;?gqr!sJzj*y!BV)*OaeTU}!-KOdJ4=Gt{m{drI5 z9SIQ%vhj{HDQIb#6zO#YHokwxSJ|R$m>Xddg2I4A6P2pYo@k)++NP8@OBqcfrAB<- z$(@(4FEX~n7O}@9`fe6G_=aP$}E?Ji*Uyrx&3|V z_UvgXp6~qShne_*ew6`sk<8Er>awA=Nz2>h`D%Zs3p;5%%~fq86FT0(%W{6t1cOlf zU~0vj6(3CXAJ*%pRR{)mN-7J?7i?b(**j%q^aRzX7`58c2Lkt>59XEqI+h z1a;)Z4PK8>yY5K1Oz}A6c4!wE+fI!KI8gp9V)e&t$Vd3=^Uy}rlB7oEt15{0U~$`0 zg;n7)ZBNoQ4E|%Gz}Sy~+*61of80r0i&*^jK%rQ<>%GPH>xFbc3d**o%;-~qGaC1{ zRN4xwwasj zUu<8xDT^bI9jgCGW?*Jca7>`*GwE`II_n$ zcVts|RWdc6D3wrVdiMt^#T+}zxXC&fKwg^)IuXcN0R-|-ou)%L!o4WCQcC}0=Ynx5 zOeQC#mjMUZWbUoquzXB5C13X*l!JkqWq8iYXR;Xzh;^E7)G1y`A6=IT6pQag3<_+ z{FPtfA+c{RS4uCCUbekfTH%22Uo+eD*Jyy3w>hdd2$b^ojv>t|EC}pxyPCT=stiiS zf8oUqZ8s6FNGDBo-BpGa%8DN5dHY~aWnrJP#^y45TWOJ^LNh8WrMolzGfx{w+81bQ z^Ud^7f9=`Sb+%6b88so{>Q>ZF$UAfM-!RHV|I+I;#G>D2KQxenFfMz7pg=-iEs9g zb1&Y$%Az6ekMs?B^qpTxzGbIK(pst9yM|5i-To?bp#EFXp ztND94e*^?tR?uZLdIuI669RdWRQ6L|otQ%fv?}^{Z~*E=%dmS?+De1T{h^neIgGmc zJWRp#%f}tBkn_vpbS-_|*q__rxFt^O!H+n+d$r1Lqz<;5ok3>SAvy18v;rQ~@uF01 zg$p(S87*iy%F!Pw^^>h$s*nk5%lTB^upwZAXMyyO0{3-&+qsXsNnlhp4$n85cU5IO(sk)ChsGD^CC3iWIxW%+7a)s9qV$Lig6Y4&Q?VEpqY50l&!=L`me+-?-GHHV>_K? z)`j!2JFhHtx=B{r+KM4Gq7Y|}oPR9TcFe1l?kt+<$Ih2KqfuLz*2lJBW7m8pU%eDo z)=qED4?IIr1lyV0xEIbBi(Mxm986A4`KJRQf@W*ONuAiwvh5l~jBe`>anSSp1EaUo z#G-5aca4lJcC1P)h>LHL`>5R^F|vsXVPFsev&H})YD0bk{p&AgId6u4vE^&j04zAv z+c74JIX_acfEn!TGO*&m>eJC}-~fNv?by?~X%J$}wBo*qI831LUV$|~u|1FjSEieT z!;F_mCnsHVyx%aAllRp%V&%%<`4)~{kB1A>qjbR7Xv+h5g&!g4PtW%Y1xkL;^F9ZH zMx)!ASyAPeAbQ7HkhXCBP%0UsQVH=t7HB|=G2tlL;GZmb=E9_d)%FK54dXpEudy5l zg5h3rr{a9B<5{o40!?d=-vo#k62o1T?G?C~GM}601Y79MrQ9LoQU{FP!>L`kedzD-ixgu^)ZeUyqy+HR18aj8j)w=7lzlZaDj6yrDowd z^nh;%08MbNM0%3KQq8~x5}fbn3ij)Fb+EOyMC62NUx{=Y1dd_R!l?0nc{|ZU-ChQo z{On*!{4GMI+3Qs|1Btzvn0?$W^GWXq8)2DI#BJ|AR`RK$=I){#k6(eXgqk#_EEF+0 zIfEn#mSbk0jW}B6R&kW_LY!8wt7Z}^OZq<+O!ul0_6{QJeD2Dft1S;1E}fMm5HX@2>V6wcHCiX@}Tm=B$Z$ z1(@?7;h2FKE-u@(9D~J=Z8!%$1BpgbmZ7byc}_!v^8~Jy z6&Jo7@EG+tjW`Di^fv~PPYnv3xuQU=ySp9CvSb~$@TFU;G)yAag2Hl=NEe|g|HIm- zOUod^D))?Bibpo3L2BkNS@AY})m9zpK7l1iyOB`Cd#7hR=h_#S46P6)^`_JrRrZ7h zAng6d4+AwiQNxx-_KCJuIyzOn+(tE0pJ=x1AB&wj!_P^8^~vAe<1aSP6?J#2iApM5 z1zXK4$Bo+kM@IxWA_j*>yJ-HMJNbjqMzb99J6cnmBYr%hGdi)hvntWRSsO zToh2`>@c!FK07C058Tzg-01P0^L>AK$otyy$TO-|zDbqYasM#l&Riy^k1~)rZTj0E zek(U0xocHWDaH(6X-wi(o=d}(VGrR=-pB-x<1d5$@6M3q2t`@eDR23>`}h1>&OxII z-*E_V8BDw{=8X7n#P7(U-w9fdK&M4-F;WOTY8TcZ1CQOfRVXoal=%~(_ud0mm0b_I zo8><$`AD+_CH~vY1sw?`)Jj7u@8oALd#7)Q^KlCQSg=A#rQ9Bi!u!FPA>q^cMclHE zeDX=}93AdDqQuIKf}qIF)=;;GAL5HZVb%)prv)A-yt5cnE0cRumzjl!#RcIjN(0IA z0j`Oy8MDT1e{mk?ThfSh zaIkUAuaVHeO|>$gqjM1&;S7mX=cq?LvnIT&R)$M8%vZ2+IJrVUkCv64jo&!$e+osl zTWk2ZGAga9tYm;gx&DbuR%cM5C`FyX6N)!vWR}!pMBuGjSZz%8q1QK>z zCdu(n!TpI?{#9J;T?&bl9Qb%N>;XyMi$VBf1dGBNo9Q15?p+||s`_4lZ$y4a#4y#A z^v|yzDxHLHWP5&=g}yZFS>CQ!aU@sL@R7 zh{){M8#_J&o|>_k!Gg=flJoH>%XEA|7+fk^EKkL>i$E)8|)4-h)~sIeD=rJ>I&HDA}>+-rxBCtd(oqy>GQG)n?|tzQr5oSJlh7 zF}v=EjRUsVPPjp(_u`2FqWn0Vbd#+r`UFxS7D^jFrvP)ZyP!{i|dUvBDD9A+sx?lfqcx4-p~h;8bL?!MY;`n1ty1Cum$9D7UTV^)0{Uc0Q|3*mVlE6>Y4ya5vR6uUMvd z#9QE{t%CZ2TtI#QKbK$TzI`i~s!BRvYq51^)}$P1W0RY!u(!bmC!26z{Qackc4BjT z0MK1ycbUZ{hhNgDj7;Aj9`4gz@{OPY<{%;_Gr}J0z0Mm{vHtfTfqvF|pv=@4z@z@H zCS(F&_(H-(b|R(;tz-o;J1IXw0Jn~6_5?b+<<{JH)K7g&VEj5I`I7%=Goyk-}~_rfYD91@W`er>V`1Xrk7ir{Yq%+>XDryrjOkM=A0C=-{3ho(bE$cI7x4% z9nD`jmjApn{Y`Vh1(uX;$&}r}g$)m7ptr}nYvJsB>eBoKXL6i()=Mrf8G8P;(-b7g z;I0~mG!YVyf^9ZO3!jNTR^qsv?llD3zhY>`jBe$_L8Gzy2aDQ0mRtH8ed$rWQ8CJ7 zoFaNaJ*1i62%G?4GRNIEoz1Y+b7?)cBGUsW1nKvq$JRz?Wsb45!hdU|PllMB2M!hZ zH7snru;N*(@;F>%vm>hv6Cj}-imbR;noK(m1s!nHYw4Fw@{g+? zLdYJP)C4ij*~C-`k&nLeTwL@Cm(~1BxyUB>YX^(1>Z4Hj)tDCMRogVrTCHfG zeLnChVqJ-?&SIwv3s)-MNCfLBn?Y4CDDF=Ngm7XSKa=)nI+{^@LuJ1Ie0LF~xWR#jMQCf0ehr{>WGp2yST5DL_o9Na~+`>qVXGWNi@*Km7?XbiX zMVS7>Ik9vEGxo&>hz5d(DB#8wlz5kUIMqo@QWY zb;nq6#8_sJs~ZZ&8(ftP9C~;rkbm?>%ePe=56^=m*Yv$u@uS5*9q5|ZMtw73hgm_I zpSMwCV6Z#9e?G~r!3OvgIgQ%j*(gE`;gVyTiT z2+kZ)7ss1(5vb6Gk0+@oBO}a|;OPbJ!}ts3iLy($h&I`iEu%fpa-g&Hv$>qO*vm zwOLet!hDP6)Eq$&hAZntDvm{~mz#~iJ^b_C$=cju{jpVG%ygUWB7}}8=U=IuFxEtz zV*1g$kL#k!GAmYm&N*tg@rhFz9HHYwq2|-dPXxWw4o==4W_CuLbP>0=bC2WEEew1| z#lHwf*O6!k?DlRk<%=Ytd4gx1aEc9(TD4VA-Ra0?%C0-~)LfBcS*t;1d)XG<4e9U$ycfe$JzLQ%bRvfhbFm{gFikK0b?< zZWa*ZPfwRJ*?v9eZ+BuOkD)r1@6$xZCt-KpQJo`nq~xl%7xip+?FXki#Ju&-JwX!M zW-EN|J$y2YSU(2eNj_Y2-KZdpWpo*c1g&c%N#NN|PYJCBHK?9}12MbH`I?o)oJWp6Ge^mqDzLl1B+_$W? zCr)%6WY>i*m#c$sbxfi;_szFSJojuB-m?WFW&GiSh`3!zymt$7I^N^iNR7LnT6#6h zW9zHg|FJN)oH(bVMGK#Ea@5{nA%x4JBv?i89R^yny@B1{hp2=u|B|%d$38hDZr-K1 zi3hNaLXpFZhUSp2rmfDiAsGgJFVD@jzyx%4wQz+%D!N$PdRp?Kb(3xU%+N~kJ!cMG zC#_#WP9Fl>GC|=klH-T-W<?+?Mk@z8te6Ok z*^(OOEbubiSi7qUMDKhn*(}TYPS7k!ib6FG`7y=u`4g-+X8!%w3>hQFH!Mat#XNc( zNwGd=t903aESB+bCRVTrE)vOfixgflQ?PH^PJ)hDx*zA6%;?x{69F>1)oEPzn{81~R>XjIZ`AMQ)Lcc?bo!>stTsqng8}QzuK6t9A)Ousz{HT3uD4hN z@4eC1_nVHYnE&<{l+VLLFJs{<2f~{@kg!$FFGJi+MNw0~qCim47Uw{XtVnuTERZA` zzG@IAUBDhy}AatNb@?!8_%|_cW z7x|o=OBy0$quM$cbdG`M`82Iz8~$n`C>>}Sk|vU6+#X5unLRQg)E>b_BB(Q;4&1qAec4vqpbgU4I?Hmh@llRTZ{wIk316XB zmZnH_(Ic8cCv;Xf(ayXYPB4X$AQnzoye5hwB9(@vSa?__^4huXHJ-(KWo3o0S4w?1 z7ykG50T0rv{F%UAFXV)OsFh|k&+s?}?E0Sv^kh0~$xJ94UipG}% zJ3m!zM5XG|+VJbJWTK;uS`-NYNE#F{4Lv6ozLsti{31$LCb!AxsP3{@GzR%@^$I)mCE>QiBy2!KFnUz=u5QNyqykE2kwsu*f3QRmqgJ(I*MK1kQEOLV z0w#(c4CSc%|A!&bdbuNYj{p4oeEt_!`_b-_wPd@^>wSa;6Ba{F9{Rn9%>96*gWnh)r1 zo>O)#9971FW@UpzqhhsmWIm;Ej+g8HMmD9$NbPFk%3lB~{lhyMhgYa7Rkpo|4ya~C zpbUnZ@~{Joi6#}2OFZMU{Hu$Iw9~u0M*@4#$J46dt`|gSU-s0jwD%^z=NX)?o9G_b z>|!FQ7{K@VM4B|IA!@sZOjB&->J>+5YhFHQ(SzRds^$Ca4X=ryl1+>Cr=}7G+Z0N+ z>WIEbD8C~N#HUg2CJ8WnunYcE!fyP3M69nT_5wd3?ox10L+Osve;m3 z(*XLq+vXlEjAC|iiSAOg4hffkEXb|d$q>nixY|0B>S;nSPhG8Pq#9wrn&U=)E|Je} zKU$Wxwg$T}_U2l$&`)lnUA9)mhvEEYAF?VGG~JOtPC~y4RlIRcJeO~0l7x-BFz|3Q6OryAa&7T+K7-%iHr zZ4%_fKe3wOhpVre9}Q6_IL0z2iSd)9v5nKX*ZP;nwP6IPLR z*c4#NKdjj|X9dPq=D_$8BqFvFaf8Ceyud#%tcou+g41Ec4 z^|IcX*U5<_e_TE2a=Kf6Tw1ytpKN&?!lvh{hP${%* z*+e4nHgt$MNYn-=+B1(?(Em6Qy&&MSaWt~OKe2HBGBH4!!fM0{dpA)_Gg#1*m~&M) zHz$xmpyTFqybhjbmfI z)@u9PTGw(PBio(n!AbODX#^Td0BD6&%cmAqF|Bx?sOuKe`qRT>&iho_?2fzzS$vGl z6#T9hn4Y8>WOp0$ZRNW{)2x^^Z%A}q}Y4Zhke zo)*n*=8^)3+Ey!W!u**CtG{5&e@Ya+V%k@Zv%4TeziCkYVFr@&bAq6J4BX!pacIW! z)B?0qlY=BD2?hA(Be@1DHGluP-)>jMH0P_)i-_a^0697w5G+aH~-l$wCwOgPJMVFFBb(q!$n8;lST1gQ$W zS;-oY+uO_U7w>E{Yn=It6AUysCnHT8Rhqf-YV;tEG<-mkwKb`1@H@frcw)KO0o{n} zalci~v)EXG`rqNbpkX6!!Z5r)VH$&Z?cK;O(#XM%uw;5dayv@B&w5H5YgIphsZab- zRROLglfQ^j{0SiEv{SSpDU!iv3Gv?rCwL(X9ZNtZ5P)+;6LZrDDE>?Mlq&jLxtd|w z`M-!b6Kp#ts}+?;p7YxDDBlZ44b$9?Bkw^8#u#9|$i&{d+>#(O8M&{fSOLRzxt0hRC79araN z_b+E=!k%)J%2nqRJZwN3g-F^dp@8S+!p7s(8B#@6Z>NBl0>9_2{p&szvG;CN%_GzM zNUQ~hr1r(`v7rT^JknuM!~W^RlLXn(GI4$vfy4KY#hZZ;dm8{@v#Vq05q)c6;}Sd` zjd3V9TLpk>wk9}K|<6@$QE>Y+S6}mFg0}v3*OESnY17y2$;GmsH#h(4A z<=%cewDr*iXEiI45*F&l0kBdY2h^j>9lLGFc5VWi{;|l{Dv+&A{D})lg`>pHN)f}R znwF(Hy>0t=a<8sSqKIFi7=*@y%2!2LlfMo-N#Dz>7iSZhiAdB(RTUXC1sj@@evX7Q zw55t^bIe2?)E0vhf#boCPT@W6nTW9w6Qu~gmvtH%M_nJ2#^mbrqMW83#tc@LQ!~hl zoTHkH01Jq|&1fn>t6(&$VQqaW@=`B1uYN3(nz*&$@I>%QS-LAe6I*{T_RBrIL~S%x zft+K4#r6r1Nm30dtR-@p}*!r3?fDNI8FPs%!5h%&n%d=2_Z_|^G|MKPeoh{({^ay|(n zyDc+-M$|Ubsb61r%d3eXhcj6Vy$+62zw;`IrEm)oAWo*Z<-(=wW(TB-$-xv^QqDCT-!3qlo|FkHVZe}BZ;@ZIeRC3zfK z=zLW9h%hsCU3Rw#K0F9{?WaJhp#_q%24IQ8;7WAM{8O*|v#KL>f=3A&#Wyx*;cG-PBu-T1wcOnSU# z_-^ZUU3YT5{|@ziDY5r@bAIl6JDaqxNE$qAdFPpIJ-nd*?xmz2g<{|`cmL{eKlyI= zDkOLxV#E4zP4IkV@Ydo(C2w$h>Gz71U-gb;wV?E~Vc5>+j)4GR@OqWy_=gf`itca2 z0n7yj`x~whT?XnHIa_qShN1(Mge^aFt$RPDZ9twso2+WD_-@G0 zST$@nb=~51-5ob|e1xm(ojnhh394R(NwnM_Q8!!%7q-Zv{{FY`)X5R_^L_pEHoE_| zJ83Y9_Ht_=RNdL>dkj|aTk-1>u!N}jI3k9p`NPxc@ELwB^>b2LboeCbX1UdUBL9n% z4`B%WyI*b2nusd(ceSQe)DH+W!7@<Oaf-rEr=F$iFqxTqcbwp`Hzk zI)evS+Q^Il!-B1IyP5%QPfOo&$qKPo4=#V}DYcgG6J<1!Tifg2-cs$@6}?KWK$@(- z7TjS}?XanFRO39pN!YNhQ*J{Hd6A6I-3c`L1fuiNjaJW8gai99&i;XR)>)?y?2aTd zF5=He?v>@mb>bM$YsA5l>9doM0B^0J2i`q^3iqYMET zB_t2eS+*H+u6ECF2dfS|?RN))uJ;;emQ4q4;z2^*8_xz;CtPdZqYZ<^&Cf3O+%Mr( zJ+SXL_KDxo%$_Ig`ELS*UXR|rpBbnf`IkKBtk>z$-kw+99>#usX%n~xf2dYoH=YNo z-bdsV+K;A)Hd+%YDIFEv*Zq{$I+elWI3F}Tbp0jpv zCU6RrCg6DdjaJU?CbBo)E=isT8=Ngn@RIg6QGGv#GF&D!5qF#o4StveLCp7>D-FwH z!4%k`jENTWM$L(c(-ttKYt|CZ9h?Ncq|%5PK}hke{vrn=(3r^oVhz(T2C{O(nR4=%!#mcpXZOBRbi5Q9K+L{IVH#6yjy`I3^Qe*AEWu`_MzYIk|E zblY~$<2n~lm-9ZRGePM0_vY`3St#oGjRi0G=e4o|>rApt`iU&>T1e0Q!^5YN%C@)G z$Cf=dDw2;jtRlw*r^4-|{t$UO0iUZ~Q+}8*X*uV*td^yT9SayJN#ubGYmS?7_>Z9M zf0@R}i4498qoA{&Fc8eRP@5*9-Jqia+C357NeRPxz zNY-J|FpFM~BWer8`Vm{RIZwQYl8wuzzfu@i{U!?_o5kQ{`HuE2>gBWjGb#n}g^Db~ z5uLvmZ^Qr?{kHQyggr6bfhMTk;S%#RceFa@7(!P=^KuL0E^T_c1{&nzFd>$NG&G;> zD#j`lrwUhBHFb{M%q>=)QS^DbWZ06$@*2M0nER5u{We8VHB}bypvwlKOinI&h#pR+4rUvi#M#Nx=Q^$5PFnAD z;-~O0O5!nJvui^1?|PaN%0DEXO04pjk+J__@B*&l_ufcbI-}KL8*Y5ts(L?kY3dlp zHx^%r9sLE-bXDAg!^3fE<}wtHTK;S1Y+beaCh&l?ir@`Uy6c{lxLZ-Il!9|0x!|PcnV7e$v9peiepH0{!)6=VaW-S)cm7+pE29-E z_~YA~c5R)}TO;D}?Y*bND|w{`*cf=azbyXIy>eec3S7C`JR+tYGtCT&>$ZXYWIH** z*#A|b+vFb$U^fV3{*Y4*$ff=@)X)?5;v|HEYe-Azs6OoA7XmnPPF(K5YFPcwTa4E# zd%5t`t%LYP9TM3YD$t~pm6Wz5HOJnbKvh3%SuU6?Tu{=X6e%tabXuncIR0%}`bQ9w z9Q{i-)_RUoGQKW8UyyP{v25bgC|M zJR>emno-McMgw>P&ns88d9QJ#oNov<)i0hmF!>EI5F8(T-jPaZ1m(?I-tuLAjFG`d z;p@;!ghzw<#{%qvDdx|UHtZ_(HO%6tND}NUA4E>-5e&lT4b6 z<~NU;k35`={}$)pncOf%!}3{j|AUSjD?<=EZVxbX{iF1S=5um50KKPq=p#v1l9I82%s;$%2mzi=rgi+F5E$Y!H@p zJOY%@%BcP8mWIJ>1~gtzVK8pD_E*`>ED_Z$9w@_s-;4C2X<}hN|Mc}`*7N4Pj2)bL zxaZL~GR_{L|6`$lU3ReUfb7pMj13Vr?LT&MLWd2c55T0hm16(U9#r{E%VfJf?oDMt zqy<7yN1N};x7GDHY^|D?&n>O<`aMK^#ox?(Cb6WnH9?AtR!fMk1$N`h$jVQJibnk4 z*kphN=Df)GQ-G$6X!3B@$?L_C-y|y^i)Y{)D83DWY`pb681Mr3!Z!=tRJ?IhmneB# zfzZqYntIYSV3r-@8M_ikLM;>dES@&kw?K~M=y7omE$pRl$~ObN8GYYo-D_s;`W-Q8 zSXRy(p4mdolIr1-j6_Gpl*Y!t2aru(Q%GqZFQw^Mt#!uXSkff{wN!Y9U6g((dYl4+ zb4N%iR8)t=RA&FNIL?PZW1@U-c^std>b9)Q*f=VtZcv zIdwufb#-yPO{9a&o7s>@h1O65(V!5{$LqjyruML@;5G`)zKfh!rJ~SqRl);yE`!73 zmoz`_rj-GKEaLqs?6d;TF3SuBG6hr%{Ey3aRAj8e;xsITC@ZJQWUK>l;RVwUtZ6^Z zXo7`LcEyq{63KHmDL&~ zwsCHjs4HdZLM*e`#$TWuPYs*`tJD8XP;Q;)w@gm}_4bh3x`o@MM+ne;w4bfdtN)^o zNDNkz{fx20=}{sS^N$4;l2#zn?u=Jp!+wpIp~PJaUxN>cssprsH_o%HmORH*??6ME z-csX=Aghfmsw8!=8wV)wIR9wu*>INz%jY$Q&)_xzXXE><3(0%QWI-4dLSSw@VQ3q} z8ACOtc&+HbVne_~zk&D0U3ayjKOC?Kv@?C7HR*`}q;NdR{fN-jB7`9RvbM(CvNmWs z_qcynTecw6JA}}QkCwq|DihnZ@gR4?Qa;h%54YkYN%3T?0h}7_kE3>d|#5F za`Sy&Oq(s4pC|s%W4(BYQsl?!*rYCLANw=IGjeP=+dR~-czNB^3qC!dh-Oh+ZMba= zd!6}^5*Re^?GwzdCmsA_Vb|_DuX(!Puib0<#XXY|Q~}Ybjc|?FbX=l)JI^Oinq@qYttbh!&1?DGqDc5WUAPUw5i8VZ27Z$oerXmCjQl|i4PxyVTBi4@WcBG$dEfB;~MLdY6RH9lnEwuKW|yqkI`F7?C&= zl~uMjgsW{99>vx_RyZ9YM2z_m(j40%<9jswxys(6% znA8iwF8YOGb}Ro8F;**j96p!1IrqG`W|2af*)?!jH2}fF><_U$(q5%66{`g$rr9Cy zK{FP0;ZNoK3x$GI+9AZw%z6y3Fw{n z4^s@|pDdteyvnCXoJntxry$nU)73f&%F+~2ovGJ$vh=X?bu==vG_v#kA~}rYFH+XL zcFM$9_5HbnTOF*vY9}EDWm7l&jle&FBANF8mWR9YkPT~%x--}uD79FS1nnEpH=z z4}UK)o}a5%4T@?oTOrL>kmfE#XkyX^auG5XbkNr_w8{Vk0C9OnEJ^Yfci zf@!vgS%`ZMSwF1n9clUej3v$bNO5z|Znv{BDcLlQO@{EWg@d~pi-!QqKVMts%l&NL z3UWd=ybrwIci1+3H`izTQ$OBq=E;NX^DSN{%wjnEK>epoK92-?{y6;ac#XK^mWJOb zvz9(KBo>0vI(?N}7%ajSP_>wqd1?RFh*%@A!f@6yh;pd5CrM%TeR+kCYl#oedApqcLG0lUk6b;<5FF64O44Smf&4`|=o?BIInv;DxgW_xJtw1gB9{1P zC+tjNsKzyUnUp<>QI?2FTN^>&r!fb9Vk8(@C{byI#^j1KH@-kyPC{Z{2h#BEo;&$? z9P|+DV^(6MMSL<+dDZ;Bk>9#}G2Bc)=h+BQLY?d>b4^u|IE0*iV+R=I0> z{S14IF(p)U)@*cie)G_EEj{i~YW|AU(<>)AHC9s5{Bkpxgvc4%e-lA7>%PKDQ^&)k zObay%>od87Ci5XvqbfvqN)Lqk>#+Z4nd9Yub%6$r@I~#^OCS$Q^!Gtd>z=G=@(^pC zFwb&Y`%c#T`4O4>VB6d5Y__M1!ci&VuoHXY1&2brO>u^%$trbNkM^1Cf#4%k4gqBQ znM>7b+Z5Ig8me1z>+~s;*L1*~kDK3fk3C^1iSHanC2#vkB64~K(^%=k+sCvK{~8&3!4usk7L%Wn)oAI^p6Pc7$9?F@Rxy8$0cL-*>PkE^W&mscEfMn`1>Fp;^00Y( zP%-9&kO-$;KicnaUYG<+=9s*GZ)`+ z`|md*mRf0lgb%Cn{BWw!^(N{!WbUj+mZlSJi**C{fQLRp%u@u%kBM)lTH z56T$&NrR5s?}m=y44N9#`YJ5^k_{bV7rOwW;}PY?(yql4Dle-N_3Y%N44IoCzCe?lD2kWG%da4-k#0w9!NWn>IPFJ@`)&gAHW{T4r9S%JiV)v0T!&PlsLUD|m82Li3ejg4PXPWzSp*UlWdv9w zV)g!h8Cz;Fvecsa6&)+-@fc&2F5>(1JP)UNP$dmd%dr2~zq*L)b~ALqP+6M8g1S^e z7rZZ#Uy9nwK8q27Tc}^!2pVc=>+#?3(4l3QHIe}r`rPZ?cbxjYFEX|7J^LNJR(bpt z)a+7}#yS=72Q#+6c6skUEDb6`uzmxIOD0T&4}LtjRPy_f93M z1U=_`?ggqXTyCM6viW=wIxiZkKwp-DKMlh$%+2eQ3!1YetLaTwpXS%@I}Ss$AInHO zY`qE|78LyE(F*~jiFG)Qoey#k0V{2>f-ea>v02{hk@|2;-#`3A|L@m&t-xt$0+_C{ zM$uaK1EOYlHhAcfVFL1>V>VtA1cFE_8Yygdkcg(Z}lFSKzcayBI;% zV`&BCJlzcF=(jjLf4J>GI;0DPnhqH3efIc;^T;A*2V-)w0qrMdO#F|FQU$l=e!CL- z4;|N#02!NbHF}61&94+IrxQV_{CAg3y#yat@1;bGPRBt#;A7*8!9#(N%g#r_A|^_Z z6$zQEJwtk7a!@PfL@f|NHkAW<;~7?_4B|n7x4Xhe(m$HR#7wF#oq4btsF=>Rps(DE z#Q~9vNdBZ}r*MQCvm`v#tYhYbq&=J*#|fH_QnjVwgP*vyFedZ$mC^pkLJ7kPF&SPI zzg#qz7}Y%S+iiqTmT$>Ic#-ssI-Q(K9tAM1T@~ml^(V#QVJe_R@Ue`aZn@ayXd2N~ zcGrjvCIwNJr>mV5Oq@^CknycusbMy5c`i-W2MgW79p`r!#gFUXZH^>>^YU9-&ajVO z_VCsCtJ^BSS6IOd2*9^nRB@$~E;wU+Mj%8b5cEYA5}tB!J$?t(>AVc2DCe)3iOVim zuvOn>{TEFiYpRvQyg-z&)rKRyNLaYr*MQ1^LI75?btlN5SW(|5%(p>brS3 z)~p?g(k7IGg0H-;0;gS1f472I)zO%-5{FG$St^s=`HjA+6IfSV+leXB2aD!`;#2Ep zh=qJQNwxL$4sTjXp@OE;Lm{2F|AbU9vnm@^J-{qljaW`fsp^zO2{OdeHR)e;>GiS1 z5H$Y?1r@i?Q^O(IXwyg=)mGFK4oZ=*IC+ip)sPr}wIg5^zM;#+3lkpsn-@y_oT9Md zXv7z9Np)77Hg_-7`exyGxny!L1Y}(%zW7kZ5B*ZHrvCIfO4aE=Z{zLGXJ=_|lu2mj zbd1t%wc*w4{Pkg2#X9S3^>T-*>tb(5rd)y7slKbZ>OQ)y$@ksI&&!VCQ_X*wMz6^a zl>^%%O;nHH`-{eB*LSsrab4$~nG>huI)lZhSyW$R?io^1LZa5=N(@vXch(4PBw<;{ z^vn+C4?~VOU&L}Ou~7DC??;F-P2hQ!$>;WAe*(@T#`|g3O^)^HDeHcMe*NN#MAPFA zF&pHPfB(``0=r*(zWVy%SrOvp>zdNzxk*#-v*4x=R>V5Q6(0HK#r$;BwZX9k$>eQ$ z{>Zd?ABaQZu^w5~zAfc!(1x*oovo0`!zQW2X7C}b>hI<1+D?*TdRss4y2n!Ryx?AS zoASe71KCL{;I0O}j3Nm~_2%z(O}ipA@_X>g=C;EQF4sHN3Ysh|>(R-WL>nuXn?p zl`vsF#=q$67+z(Ce2oKW*5QfgOPYj`4Rj3^&TFc+Od%XMfKCYRP`x%EAFm-S!Ton$ zhcW_3*TG_VL)LFrXK%c*ZX>4{Mci{GXg5xMbM`TI^N`7*>2O2O6FTE8pD#?WlxY#UtxtZFD$&Zmx_q0R>q1uv=G8Y*8k>j= znOuCyBYyFZz9JJPD0351ZvJFz;ei;TA?akS_r}q=)sQ8L9!k=l(vdzTSIKV%8}8xx zRPZa2Et9d;{OG^CBHw);UA9YoJas5cko2a};{5HySXjwcQ&ODmOSYv>P8+TMFufH_ zB7U+;>DrjW7)hKU9oLY}<%5B%8i~F5!1{h(+=yjBz_@$AkO!b>wopxu?*fbUJ+tHq z7Z5&JNsYFEKwwGxFv9n%S?P7U!of!=_>0Hhl<5M9hVnK*=L|jBxgD?8N#C96bWA;# zgt(F$-{ICv$Zb=TDgEo>m^x`S0f0nF=hae%!s5q?JIk7-QliSVi8Mired<#XIsym* zQ-q^S=^#O?(aJcj#H7Bgb%nGv&EO3~F~0(a2y{;O=gc^#!Q0&&OX-xBr0@~=K(Hw< z9tSO(abrpoJORz}zq1o&WXok_^o@;euG}q;Xmo7V)Wc$gS7HAZ)L>4H@Fg$2si~=@ zv-9~SfsfXX5yCnaCrM!4;QeOZ!?>`P~JXOTM4I_#&Od!0>h|3W8=Sz@tKL1u? zBAxkR0R6B{%I+2?sbupS6+-T13F~i_mXhPK!bd{dNOHjr@}%-uS*z!!LF}$2LJF09 zbAD06bhGpD^K@za?XMog`>X6F>9JM8NG41X66%+_ zJqCYAZq7Y;k&fcm*5#{`^wJ0Cx&emUTD+%tVmE2h8af`V3Y|Bt3qQZJXi4LS>~15S z$KoRvb8pyNsG~X5YH`Zrg-HGi_P>=;k<@rOE4--yLVRnv1?O+_A<*Rbeg2pdjZAsG zHzlQ!lu9g-H@C4MugIBo?8$WT+y>0Qx$!P}s3zYf^me@gDm z4%B&F_KAi>W)NnO`H~A1kvjk19Nh3_Kf}=QHuhGbk}*CV$gFR@un`wo@^jIgfC+`R zsV=t!L|-OOZBd(qp{~VkdEH$L)GF_2?_^Z`IGCc%;k%UgPQkz3jh*luBXkfbQnNTv z-4JL?rIQ_3`VHSk0-&yy<9O`OSw0?Qh3r>Qg}k}kC|vJNNkA?>7BA25`qFca}7-h z=X;~P;yWIS8Ty8m7z0Cx-A!ZQzq9jUqmxHguuQAeTADeUgaoP0iA2QpYOL400CB|2 z!OKX`Iz|iYHT4fw;ilV##=juA-C{~p(9aQYf(66T>PC2+%E5%d^Q1eqfgqFE-*uNi zoBjUsfKqup*;>C#UwY*fIeBvgC}?H|A%En?4O;Lv?sL*zYe$D1$Vif%9WheL)HWl| zHv=QK2c<4uIdGvG%lk#;qKP;hpW#Soc z@2N2D9OU@%MlZtuA!Wq=EI8)7_P77?etji;#8)EgGv*}3{E51#_>P3us#l*+y9$Ny zi@v{BRh70PGUYM9uWo$OV}H2budo|<*rUt~ME)HOHxdfysmYq6sC%dG%Gs5EUK1QpwN!~f0<<^~>j8gEOoZQTU9`;x>9nJn?po zd_ze2){V!35DdZtolg`Uyb3|1k8m&G_bMAOJKX%L2*hI)I7zHt*4^U)5EP$=!S_F7 z69d(Yy*q)3rg-iCy&q`$Z`pC73Ptp`hf|`MqI{+>1b8vEd+s6tC>Ytg;|vzpvfDrg zm`)F9{6duw4}r!D*)3OpUcUBX&Ohtf^a#sb%*<|+62T;1Itd{#!FJ+12&NK z-0bz%@*7rX86wu7o66lCxw$PEQt#C>4VwS+aDOt*xQ@oTHa;Y%EYfA={C#1hNNH`un99!QZzD;EaPzb|3o}$wIAnNm&ESs?O<-CSSU-?Q`J4aLOVifyJ z?jmJWmai5lV4`&0BylMZK$pQ$+^(R8zS|$cBhhLpBX!(45Zt3vZ zVtHI2Rv$UeLmt@#Y5w_LNYlV^+RZIL(7{gVZdTxSW)2(6>7fTA7Xrj9OH=S9Jemi| z0Qi{U&K2acZXYg26l$2+*hyeo8VO^m1CqmT|8$|lG<#bk#$~}`=LFZw^tJNw@${TO z9_vb5B*=-5E!H#9Ymj-PX%ASXA*sD(eiP5f+cuZ~R?PLfX}vR|m_3uc$B6i|-Y#+C zSgnqYnb(fNrhUbQvyGpPkW&Rcjl!g4u(){!-n3+9=ZDju6MEnb1$!y@f-?=Axy%OR z+Ds2%?LJmdXR^>Ok=cZJ!J~ubiPDO9oO4Qw)wo%At2R^lX18iC8jH57x#4Bk@OL?w z^&YAB2kyWJCZt9yz7l35d_feiOR67s0F`xtVRfX+l4M)J;eh$wbTn7`~4vGL9>J5 z^t58ql~gI`Jk^Sut(+XmC7yk(~3*LsLbzA_#UC^Tk&Jdz}qF2 zv`1}-h!`qijl}hb;IlKL^I(8CyB?NiTHiZW2pY*RcB+3Y1i`}ZZo59ecgB*swI}#5E&z{se!{kbzY9E4?x{UB*>Ev}{z(V-*mzbB6KGLK4e=O=Y?sS~@4 zq{{aa+|oa9p@JrqOlUuXO_K@5Cy*p30-khk9icQBS}%1x`VzrCB-@0xTb7zko1u!Er$1j=`cSmunGs+TG~#KX zL+E_W;93MUZcw8O#AF@=1@3Z7Q}9o}zq|}X*eQahAi&Ng`v5`TJ$D_^MVf%V@fy$o zD^gC4i$DRXPy_KBUZTC@2Y`Z52mF6Wqlij2HBN<9@?&ORDVI?PuoOH2fYkz2b&@|T6Q#;$53 zYk6o}Yyw6?p;fwwsth>wuh~ajNRr`b@P&daYVo7<`c#R4hP6}lIwajAek%ZNJt98= z@q<~n4|)+*g=9oMGWMHazfLgC*_r+K9>0(ZpZu*b0Iy17k;+1SM$h@F-{T@|4^wj% zl37ceq%{)cJIiL~)JP*SsL9|~5R6wX`*M<0(;K{fn@IE1uXd7O=+D=ii@VzM`tG(( zyF@x4le3T88oWHk)aHh1<;+t(>>13(R+2B>?2BH1zs{<@MfLm7w@fm%`V#AD=S0IC z_JwFn+pN*J=QYJ*#o|R%0qZI`SsP22me^lfo-;ne?DE82k+erc>yL^+CY)tydvF8Y z+CzS(f5#Y?4k`~eiq{{>T?_I~NEO1B#aAkhGR07AJwqJlTtNUzQLC53Dk)VNR%Z*v zXMu1yKtaAq>+oS{Yo=)WXQn=dd;~ZKnu(X4&1{n@tf5iJJvKKxPg84oF%-d_@ZHh8 zmLaBi#h#>=t4%sb&n_vXcBPA33FT`{^@oO&J<;j`J*uQ){ZPi4yqn8o$W|6RkS0 z`+@@f38%hP4nu@-e47M@0iT?_xA>__bvTovHfR0ZbKMa8>whc|xD1d` z9O8D2-Y$*F5mI)ag!KB|r zB;zTdwcn&6INr-x5T^+M1)X8KTAUZ;gAAXy{P$w$@~di=Z3+#sXUa*g@H9k%qcP|P zq%rV^svH78n?4(79vAk$X$(0_mTamJyXl^>eJ}UY=OzkG4DHFQrwBY#F_RB_%loIs zbi7%U;4m8*m=)bz1Ma60geAv7X&S(5Bw}BA2@uqYozeyZsuiV08QhgDtXhDe)eYhK z)<(;0BtS!JPX~8}Vm!b~9SSCC%h+^tjOPf3S*in4UuN&qiyIy3m+Nvk-X;H7bVsdY z#1TUZERS4m6_o2#O9<4Nlr^lfpPHW+38d9qYIHslqlqKzZ9H1ry{r$F5g-~kATu(g zt?HAF!|`DRUl|2*HJHH8?>=UPsSjXxDJwQBRJ#u}emPjccTz}OwdD^U$2jUtO7vFz z6;^wHD2|Maj4z-+kUmwJ&%Q{hk4zU@3S`qKcgK2D%_W2i_FWT=K#HE~|JtDA`Ml@m ztQL1}Q=>cPoP#p(>Dpm=_h7kku+ILo&LxLGA9oN&b)e9oXj_X?NhvofV47&T|jJd&(EWOo~O{|tv^zu0A|GvRL z-Z@!a>7My}_q6!7(f;!8D)k+TL4q72^E_0OcpWqi!1-Cfjj6PGTe)PMFeWJJV*qLN zX*tI_9c7!FZ|%ChpX2#Rs@wV2#`ODKJg-8eGCjM=HO!rTqH!_uRcWcLptOaHp?8`z zNG}GQa7o8RI`F1cXk%N31TYx1mG;Z5b>Y(UEP_HcTVaJH@HI)5!-|fxrmw2d-X8_0 z<@|OMupCOz?H;2{bRBtCvw^()>G`Cwe1Mw1f&!S&aFRpoQ8&-C}g{{ljO{p54FAwIu}F%fNm>+CYi9v zA434j7w~a+u<&T%00$id)35dJr zuP5Hhpg#^|H2JZ^fKqdQB$D2s(&^x@`TXiFPbCR~ZhrC+kRRiiaS8aF(_E~h5OJvY zj|AI478~ybDAU#PkH=yiod-Nl%)`WaUlDK2;`wfdc5H2>Ly_W}+!ac21r@N0h zE>(VtuEIo0np@&nk9_qCR_PdOz{nn@rFdfaeC#)e-g|-l)S*6@SThjWQDbSX^OrSMT?REa=ZfUtNy49QYrs%i^Co#R zNR#*itZ57nYi5<0reXIysZnN=+OD=fU#bP*&Q6Rd=Oq4yw+m3%8DXMN3Nvf@kewg& zYne)kzS!2{)<|$uQ~jF}srsRNEP;MbTr+B-2s;^}{s)$N=5JyRFUCR{q2WnejWiUi zrq*7M_G3(51-z!N&>x;lO`|8D@hLk`{8DCX)E6uDZ zkr7_u$ef>a{f$ranh*JUrv?PAOFY>7V%}cc+i!~YQG-UCJco9x7yc;%6*L?P859Ly zo!sEeiU+>p5BG8S^tG!_xBZpmCMq32J(G2@TKhS*t8G33DTcP-@GPf!Nt$Km$NfUs z8>GC~c&rEYKMl2BS~y*NBXdl%-%vtPlt~M@%om@3me{xm^m|x(n)x{_8E{(Gu*9)Q zuq#Sn(dg4R>qQ4{IM5}F$C=Zl!J!cd=-JeH6Yo$FJ}0lpQBq zbIIo}N<{ly!Zo-5SOn6|VaC(rF5p=Z&b^9VU;%wRU?;Ri`$pE$gz~rq%W6tw{9{`h z$xDx}ykr&=4p9vWcoS8&U0rh=EyDNg=kze*4kiqyn%#w`B8T1T z*ScKImTU<$IH!fV2HMt~(j&}Pg*L;oO$^^~O@613mOYsK>DsjHgn1hO3KIVEBo!?| zQ#jj?4sb+xC%;eMUoy4H3bXR^wYBlKfwZ?SUrx3cyDJwePHkPy90ScFcl^Gd96Ehz z3~zh8d#$cchJlXg@Beb3YuhxEd2}k}WaKN=9T;2HtKzc|0mUEjp3m>JxKvv=>`gGi zwdRQ^og!~9G5%V(ZUBM@x`s7DM)U(ta+m{3hhf7Id9*=4H=nA<8d8fg#6nKKDzvK2 zVTuJ=${zYE^U)8r&ouc=@ZL?X35SnZq*pUuNy1r?AKw2V)%#0+i05%JAW;YHkfLa2E zTgyVPLZ4iEX+N@QWFwPl6=HtU_4S#et}R30#g{qLzjt_m%HRFHxhwB)qgf01Y*1bG zbH}FRHrLP6J9W04|JBp@%0FFX5y-3K(M*)mINGf`qFS{ZPoiG#5`BI5 zc_KQskF~p`OiSrENF;O^W0)axuhXij<4i%+?U%EZzen5af*viD=El+Rka4lJwOd6+ zC?#Ry=J0^)&AxiFn7ns}60XfvIoh~G<;EA37Z;ZohPrOyV2(~DWIHr<$5yM`uU{Vg zekLGv(tq~K7e%q;o-eu_iByMBXn$?s=A608ICmkK-T7da=ps6_^IlpDI0F)zLr$}D zH}jp6weL{?qT&w9hmOKJDy#q72gi=voQ~@}OZ-%|pMjizFTBJp>NbYfYUAECpVg8T zm6H0!=hHC>QQSvjr81Jri^qvLYW1u*Wxu2{f3FDx4E$bq?ew?0d$pV1Yv;G+b*d`! z0vJi_>#c*aTp%j;;mI2Y1Tr!s--Ej~3j&+jn@N4j{YiVSa5)%2+_I)M(kKt-_UQM+ ziOKt$^~}I~zQB`j$GvB!E}LH7&fC$<)4k7LewXuns>Z#4ww6>~y11&0xe7>5lF$|k z8(nt#Eb@BaJ-B+i@F9y~>r19;6}GNCv>{7K;!jy4PI+MVgn2b4bGrZS7lTfgq{yV1 zg->xqa;Ui^KPXA_%u2>#O(X>o*wg*f1#c4@`kX)k4o!DzIgpECSyXu;%R9+T%YpJe zHw*|0mOTlYBauc@{yZ<0ObwT@QsdO4ok;urD`nAfF{*ePk2b?c-%g|Fnmy*@2Pi`~ zhs6=U$!YR`<4R_>zCWcUR>&%2qvFNBf4)Kp zrFMQObJ@oIi%J=E)vBmS7ZT5vUJW=s{Pyk7w(M4OG-z`Wf`?hGHK)_OaX);xpr=C`$SQ?^EX<_j#i4T>B$J;t<22OrtX36 z>m~_EaCFcW7$?L3?zrk?l{?!-^>I$Odeof`sb!Varl$I_ZPT%0ry;TVU7l@`|_M;hX9`-O1s>M2p$^>%_K^hY&o1{ z2eg${X-V@|8C(oZ%XG5Q2WB#Z1aQt<`kc({P!JqnLUn|9t=w)In(RNrW(d|O4ChJ7 zqa{!K$tJfd$DuN9>`L(YDxxiV5QD0ZNHUdZMfx{B?uF=yPraCA~0oxK(^maKUU?xOnsoeUX{C*P} z-+O7$@a@u@;%FN~W&|;g@`RhtIDD8(fBqtGfQ`rQolLxDT$$Q)3uz`~NHYg9=u=UH z_p-Loh!OlKCsI5qt0+!9Vss6o_TOzVzYkp z`nw7`oCq`G!(X55ubT{9qIROdbk)iSGcRY-+Z@;b?hpg^H_~5jGO$U)2HL7#cXyjB zad-SZR2MdKPMAj-?rGq-=;m+sds1|8x*o1E3x zv=!69>UR#`ITUBg$`rW6K@prKBV_A@mg1o`JrdzaP#{O4oKnKgJ9_Juq2+IAvXg`8 zK1%M|wzQ0EU}@AejVNww+QYl4F0p)CF2>s~z}x|GIZ)@SOgJD>c=c!!&ue@cRT4Y%otXmp5Bq<*K&kCrjCHNs&nQO0kWw`t zB1MPmKgS^UOY2Ue@iE|))2P@RyZn*y`;lB#ihAgQ%w2e~lOthts-q1y}|oVlH?AcWFbTg6XNx5ZU@T zv-8wYs^SPMDLG;tOj<^LQVX@m3~4KF4uP^21PPykyWQwVhxh9BnLgcxrxGj!H$y~$ zJ39JlHBLN*4K?EAns>N}2#1U%p>K!x!f-U+Oah`{vO&Q&|5&8eoKI;_GVe_Q5fGL= zFKW)aLbCmSC|jXYMnK-bYE<@9bzZF?Lxl=}+6`KFq}GrfszIxA$M2SERTBSB-S_$h z*@UFEf9F}%nPdv(0E>rt)jPYgva~um)V4OqkVz+)+x9hEB7tMTXcNJ^?~hit!@}}= z%K#lyK39`kbyZbWP>kRatko`OTMGg}!`Mrz3$Dfv7DD0!DTx=|jBXUkSZAshahYbu z5ytIlS!QO{`;pKL={Syp(5yB=c}SLJBDDuk=bQ9Iw9?n|K2sbe!1xc2+9H~Jy2^mb zyW&GgGh*oo{l`OGIgWB3;UxM<>Xh<^?5s4CWq%A8@vp-3)h|;q~Gz~1{YeW`GKKu@tKTf%RdPRS73&?JoBSxs19fvX_d>0SJ%qtvj!&6v zZAqE}p*IST7bBRp#StLn1>X8y(aQ&Eq#5Z>v^8g=T$Yny^NB)NGVq8RpYuz1b?k;V zA+emwC^1wvfuj{}#sN;Q<+*e8@^9nR-kv!@Nb>3;kCdQ#q>5Gk7!DWz)nT7B6qTaJ zkU8NJX*D|)?huz5Fr$_U>+Cxkr^*GL0_9p<%*;ggEgHX0gP?ttVu&-|yHtl2Kbknju20@KYOmYAkfEK%; zbx!|;?2X0ueEo2JGy(S`GA`Kb1amCVdfSDucC(yQe)YHBZk){vdvBY*?Kn||W8wzfwR5B(ZI zz&pIyek46fQpUaryVDzSgg7}19K|9n`zqy%nDZ7i$FoO8fL2dN ziZqYFk~&7g!1p-2Wl(V8FRBK91F+C_5%rmgspOPpX`CL=1PJLxOpp^;fl?_Y9`Ze> zJoDQ5Yiv?x5DPffCZnryFo2yvwL!FH8Z|)A^iXQgl%?>gS}um^2#e9zxVY95+;&34 zn5D1ow40iBWt2s`GA%i^Q;U{v@sS8D2&R+>2N)+H(ojqsLKx@Dw^_e?mmML$@$?9+ zlR;FJx*P-0LJDq85+m5wdeu~0z@d6ME*J}9N*3z+GXTg*0{Y|=`utB9vD2fhAmhI_^@iGNmZ>x4GrHbX;=4e3UeO@ABRnyce z7+K%{_$QGTpAJ`0`5e|1UTz)AkF^9)sD$Cd;q;PFB^ZaC*!z&k>_JIm-LWKC0wk11 z5e0^o!d2e%3K+G6Px4|X6NSMz$8@w=$l9xC&)#iw-<|c;R{3_{1kjy(Qj!R8LV0G% z?2bl%N3jK7Y|o25?|Z0@eZ?lRa6EfPp8-)tp;Z>Mth73)k^x|jA){RXSXfj~A%x(F z#MV#5}qrJxL-e(ZC zV|Z>J2MtcC(3zTIIJf`thR`!^DlOeNL!Uf%q0CAI+pt3TPjF=K*NH)y*Na+O?-fEBGM=1wP7?z`ek_ToBC^qeJ@=YB~rO>FH znfv`rRRmeB3Qi@c%Eq$1La$t^*1!IGwcRZsqbyYh$5mLjdYC&*bBPB@J-kFNJZ~4> zmlzE2K!PpH1zRQtiK;J|#CG%jE&iGD6%DZ&j8R5M;+6?WT3}pBpFPd}Z#SMZ%WevT zJOdXELrE+$4q?=KHi(IYnW`MB`+FW;O=GVg5X)&o5Mpx17I<)1QQuqNB;x84&$F7$ zV~Iw>KQ@AAL2M2uCXVw=my+DQ=WsuRjt>PZy*{%)wr}@nczULMzBcUtJ3f6h*R_q1 z3=b!sB<4gJ0B7g%@SUkM?`s!(GqTEy^QTgHp3;Hm#+$cv(eEnA!UcbxZ9dSW=7NtkkDJu=w{!w5iI^)3Qn6V z6chv`krrm0l-5Ar)mGqAjpQ+=irDBG4W?BghNDLh!sZ9k(keY)^yZB|d-qQlg~%2I zas-GA9roS=x$`;Yb^MZR-ZNzDFd1DQvL&64&7yNjN?Tt17SG<#&Hx=OppCIHS3$wDZ!Rc+y+pqCBu}*01Nwt#g4_ ztqX_CQO7WJ_7&Ht7$20Rf0VJ}ZPuDwPRjbNpHVl2T}Z6hsD_i=NT)iKNg$$TCtpf| z!7{_t9!zaFqpy~lt9e6eL;C7t8AkNBJ1dQpe8Q*0*-=M00jpL9Ih_k3k#^R9UR?x2 zLpm-;;6$`Wc6F7IbQDzVhB%5G)hb0ay)0bdW6tTJWAWXJ}GWjkfGu*-{7sdfU5e^EuO<2*KC=y`u8B70k zA-~)shY<%8-L08ewqOkkHo6AtIcLjx<^XVkT;IXCK(m3Z3VSU?q(R*A(r`P$ovc>f z4~|+86$4kTC$wO-Rj!Y#=34jcU<{Zt661#&?uXFMdNavXb@s(-5(Gd3UR0m1qlJU* zDt~Beh;8!3LXWf8>*oB?8GQmX-Oj+T`j*7PxV3Y9p4x_-Qey7{C@p@7Ld|y{h!5C* znW1sWSY%D0?Bahi?}Ux$y6imNvHcb+c>I)TEUAg+FIp=LucC)P(fgnaP=wvoO>A|nudLVG$Mf- zr-^$8%&QMz{fY*^J_2tMFI!Dj**OG)>zV^%@{tZsSS~FtMiV4ZO^2?3RA^RNqA8?{ zsnZ>8{;q70p)gf0O2&gp+bQT{ow5|v!u(y|N9wFp1Bj>7?A0)@^p>-&G>k?cWGBa# z^FTi^kfNCm5|`AJH_m+Ira6!P@#%9JUUTsrc!1`us7G3y1iy?E7#|@bSlBj#!2If4 z`hR!JK8)btmM_(|wF2TlUw&STiaP$D%^F_$T6^~w2il^d(;~s3FKylc02%HA`#ltk zGaS;8Xf{zfPKF&SQRCnM3i-_4^8WZNG3e~z?|ngFJ^(GbL`*nKcU5l_tf8Q^&{XBt zg0HRMp6j<~890!0ucviD&!)lL_9XH%JVp&|oxynyOD{mPORD zz?G8PB6j&ZeZ35F$$j!{CA3)hy^vq`ZB^4`ndiaS%5(3q{;jn(n+GEfE=0frG-4o$ z|H|&`KV5*J<{6+cc5f%X>fEBMNHa7DTzn0CY;OV8A)kX#mLyV7n?IM2BeJSaGL8qc zsONWnJO7_g<6@74icdm9(;c?Qc8CtK02C^@y{vM0axn}SF9fo%9aSy%JC!ZqhWhBw1k>ytaDWg=w9Vh@iPCV-l4HF=sva_XB5my|ka5-PBNOA)S zTdtDzzquB*594wzG9b9}NK#)84JoDTArVW30ac|_*mi`!w$^;w=1nED1W*p+y)T7$ zpWOzVyy2t`k(dqSnWuWe(0Pt|0DSQi!&#tF?|j=CSE8G1>8V1Zc8G zRDu?iT}3_66A4$z%u)hy)lT_mLiU62cXH8i1VOlM98fzSzh~7^onhnLT0wnTqzw zZUKD)f^)25IV`hlYV+ib+iV)Ca6pq^1CmL=*I~Bao7Ly~pxc$B9nsjoe{g!WI%P0{ z+J3PtLKxKlbU}@hfmccM#&tsqD&dcD=X#o--1*wW88px-+tk2LFbsq-g`}?ye;$?1 z?9Tb1aH^3-Ro;gw?+?)YP33{AJvkGHz^sG>LCG>e)MaI>+vZpDD@?paT=$ZqakFfC zq6nsU;T4$FlHi6_wwvupajpe4J;rm^Rrrs%b)G!TM^O`+$4`drtG^oMS5giqMu4(< zpWO%S<=c51A%vyehkqa5i`uylz*5)C^Bi8l52bu8x)N|l&f~Trhcp_|X2T=~jVb5f?O!cECmQV3eM6~&q z>vGLhe+YlOc$_7YdwRX~%zZ}(LxS`w5aH#m6-MH ztRmTi^BUxnuovDbY_QW*VTURRs+Uy8=m6}h^Kge(K%l$G%A-=25u|ZM;Mh=|@KB8p z6c9R-=idg7d0Eo1!dGB-nWoLIsHhhINk|?1IzgJrKB%fxn%Mn@$oATZT;kyrSzP0f za22jvUIf)zCWh`mT^u9eD=fdlp9u`=7wpoy6L~ZBj4vl$h-6r}FkkbY-VOnG@pQg9 z&sctD{f&qLONmw5_{RZlilRK~V(+xyuV=tBfqr-2{dZiuAz8D$n_kypIAoG!kD_A( z5IEdpRp7whhFM~IKnc+5IoC0zr}!Ev%OYHFp7E=W-bLVViz^W^pZ9HN{z!%=+C}Tw z2*DgAhcIQf!FSvlMErcCZkCkjoutlEL@(tzrFddl3|>g8o}B&~j>6lWTo4bDv22=#8vnPdj`eNe9NgMVF2QxuQuW!kgBa*Tv5zIVId4Y zyx`JqyypJ0j)sM2vD>z)*1e7OY&!94aQ@f>m)Mum0*QUbP%2@;ch@Cx{^z~*ssV2H zybTl&`;p>p_w&TKOW%2C1&$XHs?hE85neU~wh&L9CE$vsE_`s~b3gtz@F>2!0@u-a zldd3es^jcu{?ptFoEq!=4kZ|*d>ztRpKAbXyYSk41O+1-9TEFG4ts6m;gV#tFdB|O zEHY;#&|@@s-Kn0x5Ey>*mm({O&!O6{5sF?}Ri*0|Ri7PKed~%dB z;D7-s#Sflp`z~`lw$Omk2blnSkd#izoGMn>#hP2IuUD{=_0g>^>8i}k~o2d_iLkv_BJ9Ap!`MQHunj7Ec-L@i`!xYSVsLaJKeqf@T$@NgCoR@e2!SK>MELlF z)`7+awo=N3+{evz=(RLYQt<1gAu7|!#{HQe9E$IzHl};g=tn7ArgaR&Q7TLZYFZal z7%n3n4G56gN~DABbE!CrIl^gXd50B5Gth9=iPhjE+Fm;9ORZAv@=pqnUP~BU`kM1O zeGV3Jx8(^CG!G<#WV7oTQUal0h=mp>HIh)q%oVx842q!J9>27QM%VkNrr*}bz z?>k>F-s-CDBfJO!8HZX4DpkaF_kS#AAR}JaqB**|9p3kU^tpBgM8t$P1U`%L8`ZYw zI<@!j0@QY222-orJhC@tre-IvrLH#Xc7=NU-?=V$oAvH^^ zShjt3v&2=`HASF9sr?`vHMEant?wG-+Ra;C zkhGW%`83C+)Uir8@QaWD3Y%g+^HBl+Sg^DWn1f0yGR++&I559gQ-7UL%I(MFMX>W}O~B$=C3t(2*tQ=bigMYDlL6IK=0jK$EMh>)k(w1-~EpT>k#~dsmUmI!7dA zij4@v#Rb37Ot7|R7#vdDzXuP2d`gKXhl_rY^V0@lzhPfzn-oyg)0U>a&DH==Q7>i= zeKja9LhmacVS0mqn!Nl~E|1NjG8iCI;4|} zW6JmQPvgA-2nzMq<}T)7Nm1X`{G5;jGeRT?P;@0Ijxk6Vww;1LXy_2thXX0*xP6%0 z_Pb|$yFq8s-6tiby^SQ+VvLG~qq>Ur{&{M!+_>NKN*xOl?YdzQ2ROOi_N3blyr`9% z^P`Mld)tR)o1m)lC>jo`^&H;o4g|Q1UR!g41zwv)<4{nD@r%+OfZzf$(MliA0Fkip zfflE3AJ-kP**{-~c;skVvbIcUWsWWVGJE#_v8bl?toa%@8Z#rAv&Kl&vrtz$WB_0? zhf`2c$|j)yf}#TFO(l}#w$&71OTPiOABivxV(n2UzVb>IA3A=rgB~yI%!qIiD8_El zF{_-@2}A;baQY+FlTlhy24x()>}0tD&vy@*74sq6`^{6|ML!gxX@3ozbZ7(~`bJi`OzHNGGhX44r>pu`b>E5-2Qb{$zty}&*+jq)5C1Od z1P;Qt1s9{Ga(Ehtu_x=hY-GNDNZ?%xX`y~;a?zF9&w3!lE&BXcP{xX#?sI{araRl0 zAzST`;3Pofh?!r5(9>7ho!dd2-goa>JY2C?4$1zp;1?3>eI8}|bE>&kV0`)Q_vO{| z&pW0yqUJFGORj*vuJ&Dd?dth0ap;I`{&qHtCe179Jz}toMJ-JXN6+2YKRACz63I>a zn@)MBoS-lC(^^c}!|OOLM4RA5-Eq-(mSTXKMW4A7&3uu|UetC#kO4UW zg_$3q$#WfFAN16EwMBZt4zM$eIo4t0Z%$~j6z2eRFa&ghuzVqs);p7Od zw!S#-aoE3E@2cDS^ac1{zqSpU48Z=>Q+MxuKge6Z{rhsPIe)Xr#n@O|8J}b|mlXr5 z4>>lj0zP|Bq#buYxL{#hv`l}*_M!Lz(qmLn6C~cTqWq+n`0Xlh_4qPgrDCl#$ zJw81xXl!Idu@^DZfAy;g>;Ob^9K$YAb`G=`a38kztXF#wmC z=E$Z>0?jT8Wfax;)B23!UNmP6(noyxrg|eYNjedik>+{ zyW#?zz?iZ9q*$lq5Pr{mDM=?%lq8*Xm|w83koh0*31S9e!8Y5+9b!DsOsZg-RCn%M zb0oQtq~bw<0yo0S9VhLr90etbQ${h%okWuq_=Nx1TS{SYPyLR7es1#D(f0=;c_C0U zdkj_p4uE;z@oqIgx8P~Z1*lJ*il|c9tLCOv{-}1gIQg<5x=XaFoFE9^G?&wJPoT~u zg+KsN4aOJT$M|ADllyP^g3hwNjRZw|*IIK^qkgZ{|JL6{UF%>{-RcPP|C#yL?}3W) z5rB)^#KqgNtUc@zy@NQeuT8=|L7yCkB>7S&UnMB#e=t{Z!&Uc>MeY6b^}X2B2co%l zCX4*$F~OH^pVWuD6W;oOTEAcJ9;e#{&rd-fE}g#%{;mZ*m(>SO&%HKvvP2JQt$lAG z6c@QHRxVfj(~KkgyMwA@ev5TF^SR_FD*@agVSatA+sBo3gwZ&9?Wv^4uGnBNxI$fq zqZ=(r!3fH}a5#$TK5uA`C7pxke$wpyXwzdX<1jO}6&eVbB=?toG?YQ9P_!(W7r~y% zC!IM9jRh~1Mrv&CEML)2_9-^3d1atA{t83N$cVab3HYMt25Mw`moX(Rnxr}02Ddu+4@olY*{YRUih_~;vsB3^a` zI9&7+#lthysIAG-In5B%PvpxbPgVHqx@KydofX%8p-}bYG|t`eo?l#) zrodEe+lfXr8G>YZ*N`+If@GR^kr^6z&EalpTIc8q*Q#iED^nM$iht*YO92|=!6q%7 ziY4&~$I-MxD2^;dRtpEQ0K@B`e~T#nuh{;S%=i68RNd|WyRG~7`S!VFczZj)KIl$$ zwK~0?;ms@0_Sh(wzD} z^8`B*TfWu~?~#+x0TAhlovoNw0nxA#NX0Q5`tw8{M$)Uswo4vX-ej^F3mJT4%ido< z`*D}su1fKtCSjiMERU?>HM*({CpJx zbFk|)a&BWuzA&KG%r7Y5(>B&O$gj_*vWaV6CDqg?BDvh^54s;jC&tefLK7l%`p1HD z;XklEV%Y8!pa9c-u@xBTS1RIhB4 z`E;A)^&Z7>*!RkIy`A$t;{SL$>$j-8CX6q=Ah95^AYCHT4FXGd!xECx-QAK)gVIPN zogyF&(k)%m64Jdi@4i3y>_4#A^||JJ&zzaL@3A_dK}DC(RAQ{;)Q9E0ZS<$xUXD2r zQYz8v&i=3GLqHaY1?Y}1^K!O8h1G*^vzgvj{uW}UB;c8u9*`;ys_ z-Y8NqH8_YBd?V=Z0K$-)U8E_srD(s;nK!9&&Le?(!QUdH2TKN|3p(KGvtmhZAd@QU zk-7#A3Z2W)WNg$^!wk=wloC z1ujT*bQ(CiRuG9fZ;K&GPYDU_G+3WN(a;Cm0$bmjazpXtUb0F~R2cczFPz8y>sB2C0_e4z6s+71JR{l%U9ylH$b)L-$+3$X6LYS8N9e)L!I#2-FApWCt&dHv_%Pj`E(*U75i={i#IA)D9G#`=B7 zi8xEXywG4IFc=E0nX}t9+pgqf6w!o2!N1@%G9NzP`fmjA-=v=paF^kLH|EaTF^IDFX=ZD%u{{_l+5>{-fd z_q9e2Q9#Uq)7g&6kN;Rm?q#*)f6pzZQW;laGwd{&Fj#I1v$T%1RUd<=NhZLlzVMFO zFW7%3cO9>hokaZ}^Nn*7WeAonuno1JDU74-Ldcwe;g#RBBKsExsVC_aBgmi>lGPCd z?pq6So9_tx->e{iRtCV5&led*)MR=2Hunc1sG5Dr!;1?#xV4Fugn)@BR@!(nEA8Hf z{@CNivScJv1yX7S2X6v>(yMr19r4eaNz~~EyUC{If5jv?A{M{}U*t31M-;igZQ$hk zz{2=B)pWpzg`r92a27y{jb*Ct25bga|000i?e^vdX|;V9C-C> z_^mA)i&Y>0yzaP8Njq5)4BUR_G?TKtsHYV{ONvGx=}RN$&IHRhtuOzFZ`U z#Kg=eFtu0@x!wZC#3;FD0nt@xjRC{Y)qB&==v4Tn)mbeWkxa;ls!B&wYv=Dp5r~Le z@%wQvR$2`7h^2*Qx4CqtUyiM_<q<<{(e@GCBnm31jvSepLWin5cHa+e6^+sfXb~GbW z0+V?!B8l#@hbfk0cnjQ;+#B^N_RrrrXdVdx6diM6I#h)(Y83gaIr4c$VX(>Q_@w*e zgM-rFU9kN*eV5klFze0S*SJsz*kQus0p69*v%> zUJgc18qAW%$_!a!$;v3enVg{z*+|rkey=e|yC&|Gry@Zo!jv=&M)d@7ls>>WTMLAE+mb-&jPXd4Owl6gN>mYUadu zqQ3JcA!sA$mg;%&Y;hlP&*uc}-*tC)f3snsmey;r)YkDhDmWe5e`wPWI2;JtGt0gC zsNHxl#_T%Epi*YbtT6AnaD6pSIpcQPeV6!(XEr|ZWF??o$jABbkk`}e=i7;=nUbIz zc*iM8?)}3_=k<mqKE zKLtWoDS+z;Kj>XI&MzYo+e4(uHOGqY7OXUd4 zzA*{V#^;FTNlH#0ldN}XY3Y~!M!BPK?0;`|il5DGF3&sJ@0zl!b`V)AV_5xaq{DnP z3@;RX7{Fgc?#5#dP6z3kE_;NbgW_C%a!!7&cFK0+L^Ve(7+m0q0Y^5z@=x6QT>skf zHwb+#a=4}VTU^|``W+Lmj(0Uf>z=?QeQF+SkoUXG5TN;iZ^!S&nyltJB5rL*bkn8- zTrp423Ww!7F&GQLs>Et88nMa zg8EDcG%(~-B~|)tW3?t`i+D%}UO?+u1rUEql&@6(oL-M@_W6_GCk3x@gvFeoN|!r% z^oHjLoZTDS$%(|e4mFMdj9+mg`BG%=QGcIfeC1OS4wv!3#6~Mx`k&-joO84$*qleC z_;k^_)H;;L8h1_Rt>#<{w_l6PX}7fT2~Z`i0nEs!%RXZhofk{5pZ5m>*9#GDj*1gH z7-<01_0^#xM1A@;?rM=W492qzX_IIadMC14sTy*UWWc>#Q!bNkg?qf})12Xz``8M( z($BqL!N5zviRQHw&CPe-`a&Ho*#zOn&21Ly9ew-ndvO-;)$yFIliTdMn%(%w*PrMq z%r7N}jvA2IXG-()X#clIl{{KM7=SrAhU?@4P?acY<85_qLQ?>n?iI`jCB|E%`cG@P=a1SS#H%L&VUL`P;2m?_^;Xt1eNG zdY}}kZylBl0~fw(dilpTz9|uz5i~|TaRsG3IbVE(0L+%)*MQG8TrY-6=9n+Y@1|u@ z4X^bYlol~QF=!_74#sW_YpSAR9ULukU6Qq`zMvy>zjT^ju{LfWSQZ z^XdpCW63AUEcyDW)v$BAq@wzD0a&77y8`NrO!e(AoB97(+=k@IAe?LI?UsCygwXG9m&pqy!Bt?iCLP3S&h&B6!8AL;;c)h{CG2fEa1*m0}>oH5YD&?Si9%pRbs1a)zx|Fi?l<{rIew8gC!25f#YQ-v&Yp!xW#+74$YHqXSI+!lOZ# zQmD$1LapW5q-s_?Qz-kGn=7YpV4Y**3ud9sUFG&@%VjxM{Kw*l03i^WQS$Kz57uzP zTgg}7&KMLzPKs}AOye&lR#F+#ydi_$D5rWWHd7YoZ!917UEMotv*{;N?$UBr$< zH!%I0oHtRNnvhOCg19T_G+^SP&W<^Fi_j5U!) zrdD~y<3s!VfnPW)#J~715D(JAy?Y<&wYy=G=gWjAYPqW@)u$>%f@1twHSu_7+tA{+ zd;L{Ww*QCn+L6JM-|oE;Q22Mt)m=xnVc?w!_ZN6a47n*b0bK!*RDv5DB~S7jPcEL9 z<65hmSDk^Dhe#GLlsvDxYxX`37cMC*0)YhG%pI%aIXZc+i&=pFvG{xH^!#8IwEsHj zrYUGwHE?_FX{X7kHS~|c3hEa*1HMZQ-?YtJrg@961_p6`_*j{8d7mMR1^L!Q89DLW zR76-z+vc~L50oWpdX&?-5@(E$g)*F3>6pW1#d!JW7-V}toGsKMA`^mAd6${An-{pk zTVrYH-eFv<^z`}qDWs-4ZXiYiOzi9q${i4^p`QHt{ANV`-Oo#Nbg}}K?fcxe$*FHZ zm5SS2_OWQF@rQyQn%4kAGlkM`%Z@!D7%lg_$Lv)oRU0Q`KL>WtH_t9t&qmr6b_mH>?{JYnCYl zVCnBe{ry`;Diw;GnABb!fOK&tc&0UqwP?f`T`HAMUWA4hxMAHHO2tShi9v|*Q}W!2 zhQ8DIy=Txlh86WACuR^G;I^0Lk{xLC_hmBmzHJ@@_l5##1Qg5kL*U{XW^R@cR4NH^ zA3%(?e{h%01s_V@?0DgNp{>Z5w#0a?>o0Mbt%>b=f?CCF)J*+~E_BKAQoUao<8{eF zHdr%E!3D_TR6uU+w7hY1EDd{PTDg-xO^uhIkPkp8yKv?v*C8Qhe{m6v#kK`j zQbN~?A`q_)(@y_+J@nS^#OKT~_vtd>p|>Qc>yQ%p3*a}J$(p083S~}?u)PkRO2SFC z3e{!6J7a_LeZvFG{$GWDcy}EY<+t749%iM>U;OX4=SAT)fwz0kCsQvcE}#AsQa%4V zns@5BOEWgEnxjFTURbfipn8~u>%6#Yn0Vg*i#SA%&)ZM4i!mnw&m8VFs6%KMi9#gy ze9O0{s;H9#?QiEBm-%Fz8{^f-$H(KoZjZBR5d~`zMLQqPM*v0vwMGVl52I`M38EL= zxesG&H`774osat?H62k}diwZ3LCD*48fc`NMbr!~=UaPtf(b@~A2%UjN6g)SEOxRb z&yW|0&BU?ZXhJr^F`Kjnv2d*ExvY(`Fvq_JHN zCXJfQs*=KG3!?#P4CjjXf)TmVm_H*j4Qe#KJ!0K>JI3;rFWeAe7V6<`@luPU=^u+U z?4GW&@ZVvqqKv45iMsSk6<-PFqRB2YoGNgT)a70Uz19i&B*#noHE*W(ZDBrDcT-GNCm#W$hYC`LrwHALtA1it3 zyJ)Oh=mf0*z&Lr>Pf?l38);90>m;zbGhQ3HJ?KrBvEa~jlaEp`? zG#PJHBjb%QQ7|x_At~J|;;xSNr$zr+hAu#=N2Ve-fQ3wleK;ZL_zP~ej0o2 zl_5n$)?>%si4Ck6i$-}^mko4=+Xg(ZvTlquRJ6wU1YBI{fw>mUx;!=RU_1Xp4#APa{r9vk0hs0NCwhF9acHs1KX{yo9r#X=`4MsGVxiCez$w)h(^=d+)-1y+2x1& zMUFFnufW}_R)cO+nS3gVQ_jor*;TxhDvguoWEKeaDs|N9dH^AM44|0m!PLlaf;yDu z8f8N91_0c-Of3?Fq~TQxbYEUhh9R5m}a zUz?t+FKI?P1@2-?Myy1Ub;?1-@BhSVX-KonrqqjzkqwWAq#4k{NNV`DF~XZFXfz~B z9#EJ6#l;8TJWIB%Qb$IDcbrDarqtguc?GSEzB3EN@TGYYYKTsJr}K#`9dtSG-uWTH zXMh?8zyzTc)>VHC1_Q$ceIeBNq|-l`1*eAu@cFSvO#w*3s5sH$4uNRpa_occwv@BP zW%4CcLEXt3^gebL5~J8+^}915d1A5aoAN#bvb3GiU`z(~&iFsV9@jKT@?!<{fx{6x zs5IU2U!}Q1z?uQ}gjA-S(rVTU1eht|qWv2(Q%G`RKwMh*!1KBlUO5bM(L-sj})F0)-k;L|@A4F|G490DWe57Y;5RVi4ncY1D%@mAt?tBrk3J1=$z5{`LzDJfXJ;KbD- zN0t^V*l`S~l5$d`Ka3naJ#pha09~Upy+>3F)f5qG6Q$KwG&f_{!l)BJN0UHR4a)7h zY+mJ-==DGjz;{52=gBE|&^t~`GVhC0HX-u%2YKHCk&yFG z)77s?TcnBjf-NzKzCsGxlhr1*5|aN0y9SpUrgvnPf21Eqw9IPf*$uF%n<74bTcG~S zoU!zVqfWD=oIW4Bl*{LEX}IXJYi3K-fysP`TAu!S^FAj=03g5m2^BF>kjULXwSKRt z6Tjrx+EZeZ_>YBN)wFi}@{y;L6;)ILo~4SYuf*?b3S=SuK9EKyHV8&8F5o>e%8AaA zyu?MVF^?CKm~B_?TUS5bzzR16vLKrq^1I_VQ+Ti3c`S!=UaV}}3mPA?fYw)6{6>8F zy{io*rB?CuyNYu##g?ylxQ8ac@GW7}U`w9-(lry7lAx!Su+MCv@NrYBNWkBi z`daAFdeyxp+;Jgt^26`mE~`2@9Q2(6%eW;hZJTem6H9^d^KkCJk1RkTi5F8C@Le#`? zoC3gS8VR~?M;p_BEE1dQCgTEhgEiUWhp)`uZoAkD`*4f~l6+Zr^L!DT$xRd1QK;lU zSg@7KOHr<#)3E#}aGTXFUAdD;uJ!Sc?zTCWtAuY`Z_NZhVk<*O@Q3fA@U>k=L_S< zhP7KftL1#xS&)x=n8}%5c_Lw?1*swUIV(J`_8$AFuX0qK_X~J?dwBHrEm%)Jr>yRc z+L>HxR!26anw?Jn2w^f+!^m6v!6c*u>gMvRiX$`BKK}$WuKF# ztOh($R4P+3kHnXx_=oo&_5$XwMSFckmqix1Q%z$hWj~yLY&vr8aMW3@rVyT;H4TEV z4}Z1eugrRjM5aC(TikHt#N}uS(Ws z!cSiVYt}1*Xp3a9)X3L;QcSN~Om5}bdDYd);%}dC)Hg5Eqp)u|KPBvOuF!1rzJ4Pk z)b!~YW9e^>qFitaG+y+XXX~?ED;r1nl-53?CE*-Hhzq<=q#jS2qP8%Bx^ z(qxo_Vb-T6T4Qpeg|&2xbUEI47<*9qojfPiz;t88rObCa;i48+4%tih&)js}blR0y zRbC|hF5m=7;fJfW$FT#r(_P*3!z<(Go6iYGfu|cyoi`1}_gBW9KG$t010PQLh~i8X z96wE;&3N_nZCgZZM|I;#&TAS5Dg0wWbq&HWs?n(+Dn+Jw$@$6*`{nK%4YjUW-zK9Y zv1Sp^o)!JQVDD1Azr8)Dk^neP8uQ?wtO3l}LG<%_~PEGKSg;jBR;8P5H(8Fh{R|7^e-5fV;z4-XjMO1h6 zxvkZBG!dmxXsAT2Iz8?dh@to)+l4%RNH7wxdjI$sFyFwQ13{!hbBohwH+QoY!=ySc zz(To?#2F_fgraTnxFSt zCv-ph7n!{CIR*a^z&|@=Z79uE6&6hW&ZBVU>eAwO=dInlcDsJ^`|Yj1fwqZ(_ax(_ z?iBY6&{SlNG2fp{j=ye(Euge%wLkD)-tl9dR6UYiBL584uChjo(&C)Md~0T(aE~4Q zms>$(6dW7BR-e01o*RNL@t&)$kJAgLyZ*6Y?|3-(8ztKmh+TPnT-GsudU!f!wdRTK z2Yn`x>0u@yth3d|8jOg`Z*6Uo>z_TCwViFce_VN+QfkddGSN6ckz~JyGth&i9_fA8 zPm=pQ()qkx1^ad&)VX5tTiEaEd`q?Cwu&8l_I}w63hn2hCD0(G7^rRi;aaT$RVR(; zI8ll03Fz#^kn-efXQs(VrlrHjN6BMyf8>Z=ZE0CFtl~?HFa#o-;cX$A00fX8fa|ix z5B((1M?sIdk9M8#EDragGFO=#PQymboKtT-%P@(qm%b9c-?J!Za7GHpfTu~yR?XrU zOFbDeH>3KGU2WWJ^olp!uid}tq{e;QF-7{%Bj!PYgeM&?h8_zmYfCM)gq7!&5dvPh zrdBc7l~q@?G#)?=b)fZ*&N#V&Pe_6$cK(;6$4^Qay;Vk^dMWAh~(=He!>0uHSx>pX1qRteXR^NYX}%CGHuBt^Na|Zyl|5+s7x#gL?vU}6DldX186 z?+z+C4IyD5-Hbu7Dc-tS?YMTzJCA{5_jAreHg>*NoL3k7vu{s&?%CHmf3*Fovz==g z%o*&Ka0(L?$B+Js8ttT(_TrIx#~X<Jm7pTotO2$r5io`zY2S0SX}XWK zVWvr7ZO^Csvo6l#;|R$$)l+1Uz+G-BCG%U(OHN!)Im7ut^5YYucLU1xd_`gS@*oRx zk$M-8?4L}a$@@W151%V+@zstey|rVnv@}3$)?LtD z?(-1;(^?wIyZahM+uxqAB6XC|!x|?r|_aBR$xv)*i-}dYWmaLx+zZsbl zCNcR69cMSBD^!o`Qgc%9#R4V=7Ca4CJnXn&z18El-kha@&BF1;Gorb~aEbw+VzI zSR;C$HO}PWDlL-7V(9!)9x$42&nO?Ep)HNdbEU2!Q=1w`bAS*JKs6oa#w^?4SCwBC zBmCr97qey8OVwF56Xk}$}&C8IAfj~NJtPeM8t)qizCZ?i-iR-#BPb$j1lnR6X z+aX})esxiSP}+hV{eY#Es{mdY*AET_(r!K?9xjRN&H~s0L63))t;_LS&VE5U^H(u& zqe}j)$pp~fP1lM$w^76X3n8M14ue((_Ynn4BVhxAm9|-uq6X(i37R#AuPirWje4f# z?cBGR=Xrk(vO#;U$u=l^W)YYiB7ZYHtcjJ~9K(cpgjEXJC_Qj@U;q3=Fc_%G#89hI zMI#|KmHzsaW`r&FJZd@n$U4(2A+>k>i*YLQDM?m>zsG+&y|fxey+x18t^~8{&i#A_ zWJS~5^3P65q~w0syHb>_7Sdpu<0wty5)$kB*u=k@F72i508)#uBmz>BQFSaB2brS+`? z_BHI4g+p7Z*vVI0Un-E)O=CHWB8;+0ud z^rsLxb4JA4Tj6!gU@_87{Qb0`OWEgr2;w=gix(7l&ot}8`SV{~BwI30{5;%M{S^G} zC5csxp6C4ZWfK30>A;?=r0Do7Zz)#1r$AGE+XJlLW2UwAi~|FIzEg*s73ab2Q# z3pSK6nN~(|;`Y?89A!f5A>?;1KUz9Eeza-LK0Z;#E%IH>UOC!Ih)ni>68w6^`;syz zJ2QE(B&yV)v#TOJx`V*sXHkx*IIp73B}c7G3#Mp`DyzmV7Q!qRDI(YG)FL)(%nc@HA|>LY z%D03UU2Td~oMA&ZY;0^VzEH35_K?JDXrOGUIW)!oWKuSgi_A_A7`xov6$o3$9Jw? zwf8KqT{fH_BNG$fDldEZ!Dtr60zjX&bqlClKCfUuIl0#1pO8w{#iSFz8TSgjrF!rS z3Tjv(kH;9;L3H4I1aP-%>pjT_K!p|MTGOlwFan+mv9eVqV7JbDe05yM5f^Kpqt6yr z;K<>G%u=T9K*h@swd2SI@pN+)-yZ?Ei0}GlYv-L}&~^KB)qAHN#G_33y&~`l^?t-t zUnq`PxKjW;9xTt8dD}}XUM%iG`}Hfht8d%bML16W8@qBcJ+vVqY#7zUOlR!Qv}x5r zCrt-Yh-g^htMHiR;iU}|h~KJ({C>PFfg`dRKcOS|{q+oPk3hWWc!=(Qz2zIVJCV?Y zDT5P7BVi1>+`wx+2yV%AnazI3i6q4KEQD@T;1XrpQis=r6>&fv{C<+S`vlxxH^Ab% zG1xn*4`|{`o~#Y0dEOF2- zE5GeCm+zM=toS8?B~Ra*7aZA}f~^@Mx)jI)$RE~Yc_RYIS)g+WxjuoZlt%38OEp`P z!LG6sU+g4c9Ixc*9JIf=$;m0{><%&D<_H#|8bA!CJ7yNUOc)vHr@67@=_XH@-h8{} zQwQeMth++jKE7p4)nlQ!7)bC4aUF;%C3rP0EjDRx8d%DlT;KVL5Ce6|?q6Jxw3^() z!qY^)_X=OJeHID<9L(-7*7J(Xu`&U;-PsL$)jr;ds~mA|h-Zx2)n8xji7BV7F&1YB zep0OgpSavP;v?tWz8QU?ZR^gW8I$Vj+8j9jyQ?sz_qL8C&1SewaWg{!{-^gt0gG?E zifSZxxl$WvNe^*UBpLPb^AY5Z-_ddOLlE-SDhiD^gi9YOIc$d)9ddazNrpy>P@Nh; zae9EJjaeh*?=h(OmWcrU3()a(Ppiro3e~nCo4tXnKDT)ucF5x6DMk>&$zOkqIs%^4 z+zHQp!03Ez?Ibe!O?6^=sxGUqW9$!aZSrbDMBwCl_yTkAPDEJq>jVaA@sxioL76g7r_i9Dl;>Ly!UdyxfR`Vnz2O}d6&}DEB2kz0|)9dS_NBA*bWY5vj zQJKSiAaJ$BKK{=iB_>IY1|@niA&(N(wV;#DbJMlevVJIH%x`;u^JZN(LGBHlf(Z00 zK{T4oE(!=T#Wp+inm|;J;|pzH7%n3tQ~N@2B{8soMVS_UvG`peZqA7FY$uz4EYewD zNSRk6sU>yIN#PU-;r1j1-F=>SGM@KnXl>DT;9ps8>d&k=sJQZ6fumq6gv|+gEHq^& ztO{DOybR_H%j=E=BMn^!OpGEL`2cAcS1+Yh73Zk^0(eKqI1sVGqi(fwz(s4erR-oy z&k81}uyCa9vDNZfBVG)ni~A{-w1Lfm|Gjnq(pYX@6GpPypj)(GR&^Ial{R|1MDXhl zp0t7YSTTLdR)Dye&&6JY0+%+NDXZT&hP+0C`@CVL$WlL6t5^M=MKBGqX@a8inkU(4 zO<~CQ-Of$D*Qz#1yB9pN;<@cAcK|ov%U&(3iRe@}%1#Tt4xi&4-Pi${Hs7D=|MgRO zQdC>vpJ@cD5F&q-TFEf2A|oO#N!SaoY2o>8RhDvPVh)&G`QzVfosP3Zyr=c1_!9o$ z5Uec@zPN*>YEG3TDP-<=GIfTqk07;hOpunT8X8x%o}2`gkM{UoE5bT|;ZdfokW|?eg-nPR*K@ zN9gEK3okU8fJiwB=WoqW4%d|}8USs`5V%9HOEkq7>a>a%TaCPYPi-%Hq@2$RnF-Rzc*E%2Y7 zeLLkV7pM9Nii1gGEh2fVHc27&<{U;=E~f>G-&{_U z7va~Dj|cNk$H&J@(?j=@_tYAvx<2LDIEn*XLpYIP;@b!r1Ii5er)B%`o#>SUc_hAu ztdax(#;MD77O7B$DZ%8iPt1%v+c&OeX^=*bcOdXw@Abz68c4`uHK01{(cQxUb(*8VZK{RF#8!0-fCldwFM3kAUK(LeaK!H z!vHzZnsoejOe|AA4YrtIRS6(`ak(Dx+1Il_g(Q=h<&pnKoAr=hbT5l9;Y+IlKrjrZ z;OLyad#jYbeTx(>FR#S`6g_@^>bw}>=Z7vIVM384K~m+FIDzzySl|$nGt{CXU8!JT zz*^kaU~%1SdHKG1LK+x=TtGl-hEosorGje3)%Cwum)>mAGd3`Iy1@uiU)+x|?z2_- zPuqW=Y8?zy)~wrLa$TUBZ&mcX8cBe}(b8bia%622%W2R=1u>J(M*)i0ga4r7r{A&X z(GW)&zLQ#`K{ds7kxFXOd%S!N(ZY#1TJWOgi2v5?`-Bm+>-10`^aKHAMZWJsL6$`o znPAan!s4c6UVo8RzWqrer)bpmiyaDH_p~6Nl3lJJaP$Kf5Q{8!5^t^5|F-*j@#3y0 zp+>q#HR$e<-)XhY=kd;4I6MCJNdU|xY4nqLWU5a@+t!=eb>c~IVR>|L0yB^ua{Egb z;@eq0H;$O_jauqxu&?4>ki`A~jsQut=*-SEy2_Ps#z#5^Rn40ak@9CbB;Ul$cY@PD z%%l8^i-AeqP%MXe$9a85?V5D`DusPE48#CkrH-U(iKO{RmzqCJYvt>g&f(~V(ZJGm7E4JiMYb67W_rGc!syGM6Z8zen%PIyZkcd z|CQ1?P?!~E6=~*!1T)&BuyDl!TghGPMV{NGc;jvG{`Z&TIabUQ*MtK>cV!?nLd*l` zY-QG7lIB@rSYCZjmVvS9kzC)%{V~a7#foSDMIQrpaCFNc`@7FbikOj$)JbrSCAj9- z#J_shqEY`?L~}{E{8%$~v{9_;eBB=+Phg!%Xc&>8B^WOr^S^EFykF_) z%vx%V+7!4e_k_dmEiI;S+Is6?+5xqiA} z%Yn&3%geC>V>!v}?mE00D$pyaw*vY`J)yi zV@G!QfFDRLG0>X5@m)$XRD}!;2>qC@)Hk~{XD5rziEf5dQ@K1NfhoIw?K=O8KuTN< zdSKsP9R&m|fCw;4tIEr54FV1$ae>JIZ2VW!v*60D`~*?#UUcap5Vs#ytjC;|L7iK* z>#@h$tC4w~3HzhW;<5v*&rg-=vw+eDcbDdfwlqL-CiaE!!6#P&$k?39pa5Hi@$QR9 zBLA(8rUEYB|8zwODzii5b?c)oH}LL{c!_T}i`@1eoYMn-kV355xk%|1f>oom?nnM~ z&qQX!;&_=@iVtHdYiw zYiWJ;W*d?Eb%8g_%ics|!z>B`&x z;(U8{*Er}l=y?clkXL$Bl%+>4^|jMSj26l-CwWoZcKFBuHLjjvm0S|$Nq@%h`YG4# zkVyASqDvTcQNF9X*<0HFb$G{fyN+>(5QVCod93nkBTJTAv=i3LDOG<+-4jS+IoL6t>Z*4M?F|!)C&p#M+zWH zoGM-=J%4K(53)wGhMQX-vzfjh*^tYQ$k6GUC3Ry^(SOP>cX6~>R6h*KlOm{eI`633 z7|iWpA93b*dxy*$Y?$EL5#f?fsYrM_PRK9kajugr(v3m+T!)AUCZ4H`vYA$a~W1*_NvKN!?9y~5w=`8faFPckrV zINT>D#h~?(NyxX;;}`bPzwd?Z{^OHLIs@uYo}seMCQ4jCb!oo2St&vWdiiY7#-U{< zqnKMbA%Fr=yvG=^Y+oeZGL;jNnQX>NM+>2qPwow)-_aK4cy}t!+jR7nm<{@iNwbi0 zls43LBcgZU3pYTVo{TugFr$0HLnyZla zyO~h8=bdpqbF+4M|0lA5hX1@kI2oe_VwPjF>tsyH2V8=FcRs93BC;WooOqq<^ZiW% zr0aXLc^t##mLpsuGmySM5|XspB3~-Dbc(MgRqJ%eN>*H1CUax{iM~`NbJMD00P0^q zF{uJVBauGJdYY{t@1fA6@+B8r`OPU1nO0c^qli#Zq+hoxD+`|MVOBytNKYUUnG{V+WemsuEt!x%qsTy+rr>sykrz)qjenghIwd<@>&-xOrdWVOQU|KUMQ6!KQ{dI>9;AZ zW-VJPt>RiKfmtGx{nTYDj7f?JlXK>Z?9~FV%s&?5P!tK&E~cpj(Tzlq3@uMTEoYs0 zLExThNukH9#Esi}#h%?b1BIWERNL4S=Ju~>7leSO+FjxsHx)E14&dv~PsqYp;KvH8 zmqGZ!d7$*8y#bfgH!|Eu%}nPzW6RYCZFn&2s)jkeEHO9ch4%06Uss@eoM}IMCL>iL zx6T30fBgrP!UNI7%wjR^9T4`VM=jO*PK`YRFuCXxgbbqk;Ci7PVXu0$aBO66?Elzz z_A6&KXDLZr*^Gs*4Ay8k5+=9Tj>n;W&`^Q%PC~Mu)UvT5hAiR(jI(91D1Ux2)to0Mt+Js9DXSJ zNvi4Ve`_Xled>*HGadI+U{A-;W1@H|*8P)D(;lH=YY>Ry~3q;G6BG^68C6D0z$#LU?|=kw}p zYmz*t^%OYLiobO!?q3YfSLA z?@kDlH{GHu#M+8XFE!O~cV$YwMKwDihM8Ha%(0{BX7f@`?h;XCe+*0r_Aso`K4@|L zQW0BM7R!n(&gF_i!$m^}W*jkJ6yQp!i}SGK-O=y7b3l?`1yA;w%U8=2(i<5XQX~v? zoM6gB+wow33}$(hH5d!=4Cm1>|8!M($3E6U;y-BHTKreb0VVhRb+(5)c!B#@1qbX6 zjs|J z=TkOA90P4-he~lqYE;QVU~Io007k1$%SGD*_SMuoktO1^M||h%3!^Q)^i0!f^UIGs zn=+l+q{D@ zvSeHbvTBmk@Ytt@dg{_k7yWK;ki9ut6Rg^_CQvf0KB@nUi!e;V)M-Y+j6tdTh)`Is zL9ZhL%C__q7kkoht>Yi3r|Zs{2Crmat)fO!n|-7gOLQlQTv$79YeCNp*q!ir=51p3 zrJ|~VQ)&!7AHmM%{QpYbg)5gfE*KwRqV0gW752{BviVdb%=H zhf@Kjj`b!texMrBK(olMpW}Q*A7V;N(-<9Vo7EW<{Eb$Af|aw+GCCC|{ETVtK1Q8(kZ}jg{MIE6-{jf=NG8OGq)A zo=?7rwjJ7xnpbluYMR`(PgNu3iLHT8mzK*r9QXnC+(}K28pQQT)HS$T-PSIChT+e;Ub88TvO)VYPqPI z9W}98aN&-OiNYdZ(!LBnt;^HPbRd!`aP@yYomEs+Zx_ag9(w4MZjerC7?2oB7`hv2 z>F(|>kq|+K6r@{98l*u&B&87;ns2@f|8vO=YyH-H-m}lM_kNxf1_EFxAr>HQDLFEB z<{t~V^E*67ga}d0?~h-cEoLJ`VU^^?{=|&hBmHx+NwxFU(D|RY_k9>sa%Zz(b;H|% za9Z`d+tTbH=`Y(O7<%1B&i(=#MO`Xr*j)QuZL~xe9A~cK_Ntg4f&7(S`GKr+f}D;u z@u)?DV#n>1uf~Qze1z=j$k?ECi(0}%yWdNq{K-r7Mlu;HE!$hC@m7}`w^yg3NVHbz zZ`!azY9So#T{2+2`+k>>s>H6KzYA?Jg!+E!WTUq_|F(+(ob=-)Wv%jcZ+m6c3g&n6 zp?UAFj-NtR{vD<$G8^#8Hdt+SW3vjHtx(hs-(Q#m@UycxRA@n1jYy8Von8@1#?mmH zcJU5VleKVLhLK-ce2ecoNv{ZKDQhWy4x;c5`tXl_eyvoajbk}!cW_PG<^#Nu-5OVr=`}b!9U0{ zRVzua(1Fk{+4APoY0WMdn3r~)BmV$|B2J@eTd>Bf(=T}E?P6hB{TKu1`i@ihAYggt zb9-?lJGf3C^Fwdr@@)nF-{tc@WidLJ(sIlvi10BXtu~><-%t7^X;mkeOAJX{f^Z}P{p!T zV7kL4N?NpJpglL1_$*K{dyx!CtueBB`_(w-mgi*-CO^UZ=Prq_iAK3rE({&M29PM( znkJ?A#OlOY218ip%%#zKOD^o1@v{uInQ=$Ym3YrWvl$^0VI>$9P@G8uexH=7#SotS z+x)wU$y(y?SfFzNaH%#p{}*xlN=6G*tIe*HWY zKW#gJd2G6)6Vn)9@|qJ*iuMxaFind^sg!jI`SUO=7-+`vkt@Gqwu9pmW*{jgQ341r z@-gwp*6bW*(~oH$L_)3#?CCwFj$w1e{G1V3rEf@aYQ7BrPD^vCbu|sT{Ug=|zn(Y_ zSe!}{f||ItbXZWY)OPfARXL-{fa{f=a^-m4SvlTcEpfecLzWSM z5`*%QK#;@+@}s}b;0Cg+t9Qq22dsB;C%895L!FBRAeVFDx_sk5gO zGdZz&xZO+aIOKMh^jXXeOPHvD+BQsFSO)${es*LLlw8i}%j&+}SbJ|5J3+ISbTaYF ztV}A!6Xe=pVp#YP-VG@dM;Joj@bKxt!zP>Ip(GJTeuF5o?Rmu#!5KGgmP*#xv(%W*#$bpd1 zWfZ>U?Gi)7VsYO!=uFGu#xwBwTjAJJC}n67^A0vNz9oMp zW+?=@A)MT^<@Ya17$itha^+Vlh_Z8FyAI)&jw+2KzsWml>ki}d0A*yErue zG~g=a=??@PWSXIb>O@0zLg~)`49<^fNQ*WNvl0Ad(Tqbj$m4uE%U#YEDwk}UY#(i< zeHz5~UL+F|Gt#qOdbN?}X7P^&Hqd#s*;zdKce$yVv8kZfEKLXbmTgC6>nob%-nZ0@ zjC{IkFR4kOI-^@*UME|YJ`yi9hGz$NqH1ooEJZFOXotFKWA{(45%WoFSIiW`Sw_wa zt82oG+2*A(GQA_?Q;EPx)cDY9FyXulHBk~{UQ>;3R@Kk7Rm8v9x!Un>v2a{+{{hhX zF*(N`Z$<*PY;?(oUR`_XJt*ASXV$9_ch1QF{Rv>IeT8#IOHVM5yF(!eRQN+a=N zV=4jR_G1+`+fk@WQzCKn%J`EH-`) z`_z|ZOQ9Hwo-yd~Bg4j@r4zmMAB&E^z~o4V-O&Ptcl%pK#=$OI_kP=*z-20wF_}`X zyD`q9HMh5dI^@FR1UmSn71RdbZS3OsxUmO~T?CF7m+{0lUY$ZvV?RG`+&*rY3B|HO zyqjs6QWHQCIc(9gT3T^=rL?m1Vm_iYE6pM2PYErqr?s`U8Nt$d@?YHq*gx_Ku+f(b z;;9%a!sLHjO#>AmYz*--XJIu05Oyq5GIr8ZN~`f;B&8=D>q#NBM82(~1J6Gz+KXP3 z%X79!0N5x&-;$4-HtQ5SGdIg91RN;(wbnFgy$UNsd6#IM5+kwyAR`5Fb$H)qm{F%D zO?nt*GxfB8sB=x*Y>(8(UfHL9H}H>zbk9?t83nP8eunLlg<6S|kjf^?sooBFm$4q54#AiM5sw>u3o_8C!*?0QeY8oK5^9JG6?l_M=9#{;afXuB1qo@~>vzA^kSSy~?Bve0SWLh@akZn1=dlY|Y>8WB3eF zqd?p1@-1-1tU#F>5{%sx9SKSFz9v&xLy zddo~4wK{pd7y82Q;(qdeYW8;3E?Dx*vmdYKJmJ%4nPNbAJdjBy)H)GOZC(Jk%sSi& zTZK=Lj&jdV7BzG~reN%kNXT!a{(8G1)H|XgrCK^g)Gc>vnb1%$s^E~Qw}}z-`s8{a zHq>q#B5Go4D&KG|qqsw~5X#_5ECcPA^7-#QBA*zmtz0Zv2(m;4$f1V#X<1~Cb$1?DWyx+M!ae4@Zu$dR@0LVv(nPh+mG`Td#% zu}WV#;>V!Ssb;#9*X#&-n}X4xXWbp`zE8Jyw2zy^&*Qt*k+(%(cRBb^D-gjyD^Z@e z7Gfl<5J~wSE;X-}vfB=fmj@Y&>7sq8rrGdC579i*Jk;|gZ>6PbN~Q7wVt)w=?sWO` z&mzjdKMH1f5}{q9~AOsJ^1!x(bGeW zbez=E3VZmM&W@iHW3tF%-NEi2?tZ@@Hd}zK|Mo{_41|YIcn7-MKKo2Hdpk1@(IElZ z1Wx&XmtDaS`$oTcFP&K#kQ-K=b(5+bSDh9+_Vmi#%iqnz92Uf=zb|CtI;*$T`W5!K;~xh4tYb*_hyA4H1jd)$>QJB#0Xc^w?7rKsG<+irJJq)P3>p8wJUiD6YW1x>kfzhPWZg8^9Y1 zXJL-_%BJH++EY(a23S-6I=@x~-hI^RD;@||H(vknUr(Uc0rFim7w>IccQQuZ{t7?&lW z@?y$<#8`16!k=0m$0UGq7zybV9&>#1<9>!x7meVm@+bVw{Ky|_q~du0)7PgJJam`> z`NsQE$UyCxAu!j7q=9Fq#5@CGI6l3~yNEJm?N47b>E$9pR;$enTko~w78<;$`}M^b zEvRE?2z0{jd81dGUj%tVXRjouI)n|3wcS(`-36(;Z?5;~qznw|?ezrug66-N55f|Z z*<4^gq!pnUv^;~o;Lt`^^*!kiqPz}uN}=V47|_qJ+Zz7c;jY3WuuRml#A;Ki>+~(E zJo4&x;B)1WIdH_{y*YnOS>KEADAA~Wpgt@R-7xmT12o*Lt7`wAn;$b+ZT&O6@hp3` z4sCYf&|8F>bifD+&?@zkEXK^=H_7-PrIha`*pbO;8GI+uM3>d3v|3pm%AfG&EIqDN zy&ne|3!d1v1V0Z>jHQ?bUoNv+e>M;y)61!?jg8Brr?+8Huwijb`VyV{otF;@nZj~R zMur8WeopNp?7si$&oZPf=F1sqAQaYZImR6^RsIJ9 zlYDSLbGGtV@;%wQsCKh`u|u|TzRkJ|IUmF zZBtZVPpT|Qf*-eZUme&&OO#69y)PGbFapln5kXP7L>tvRnnA?G>8dU-UtST-zTv`6 zIQV8`&aV(QV%bf0H8HT6oUWjbzO;cDkK z&wYvN&IhZ+!Gz){2BCOsRag22K{Th_xMBCDY7vvwBJ~<~?- z1pN?lW*N}vF7ET#*R-lLd@`NYXL%lR_S#q20aTM*Nfe-EQs>@nfDIi)fh9Iv!-f7I3xd4r#vw{8 zwT&x;gNd;jmXc+hSTv7X_`YZ&dzFDD zMl&7EdOV1{G89=Q_7J5=h;{t8KBW<_KyRLxiZ$$4T2nN-Irvg*ujU!Y`r1TC3NSnh zJi9Y-3oZ-Z2N#jyVbU8FrMu-aVgTT?>j3Bb9P@9>D*UFZZ8J>l2tXw^paKM-q_CX1!762sHK@&99iG(tBa zHTaba``wRC$xuRiTR{4_ccs$f`{Vf7HcE5;5ByYC)lK6p3Js7uSz=830dk!zV8%(h zt1Jj1gm0XllFX5x+`H_HgD`_TyMjn*RIR1T&yrccG3~6FG7H>XDvfie4q9@ivig4iAUu?7u@6Q4{+UHAvs!)`r6f215lHZ9B^ZFERQkn*(vcbv z3kJw;AM`a;YZA{GUxWEwR24C7vG}fo1t-zs;`j48*qas04%>stzpJw%E5`1m*^P$QE})Cd`dw*G{be=l>P8Y$j) zrWQBvUt8m7r$g3MY0GqZt-9`f60M7unTCo*=AHx~LGjRpSkCqM3VbdC(#)}W68Tk% zh0%;$+Lsi5(2S}`ej8gVP*y!oAsVK2#gN=3Hw*fC*u6L5N~$*|aeU0kbK0cY3zmN@ z7J%6Hs>Lq9C=Fm|uO5w5)F258Htw^G*&1=a={u#H@`euU1$j}PXKn{z_W_corl1-iR~gG1oLib6x|=EO=t z4uXB!%9!%JUE#6OAWRCuRW?~vXoayGi7W$JDqAdh1U|i?Don}RiCg5wM<6FVqm0fx z8$$mB=<-L?tGtCMM#gm|T7^g)6+i_N4}br{BR)Ajxv%w_EFR@ezJENw*bP#+=wn4v zO9X%vfFvV;*c3h_@vNEr8_tb~qoSvgqKq%9EGA0F%F{0g1W%uKy4+;3Y+?xL6SmHmOiWyiZC0B#;yeZ*kjBsgpD}P= z#zVx{2n7;Zna$(F4%fhYD(Qy<{0`x(2hMa2w1%c|%kdyi?WDL%RUi^5ZDbe_DW#}D z=a?wK2e#Ikqfef%U8!E|OZj0CZ|u+%<($};VygWbHIm7cf9V^s4>j~FY;AByVYMk5 z_Y0=|-SqQ=i*&4TN1;u_g5h3jYG|Uen7f#{AY6xDE=h?_i--<0>T3G|3#{q;xQk0y zD?-KaMw38IR>EZC6pq1UShKj?I#32H-RgJqYwYlEeq2sT;qV(}NeV8HjjAt_>2m5U z`Nv|z(q_+WQhE3NQG6K3ON(FnVw6FCqk>Nm6D)&69=#opOTHFkYEcIsgpI4x^R0Yu zRHpBqzCNl-vocay5)bde44_ygw&Bc{T?Xj}dzFgY%$I^Nt5;v{WY+J-jh}Y%uB?n* z=B@jMOeDlLS9;nw`zsrY7=xEz)?|Z~pF9`7akwQB7AXN3NWV)#id1^5#z&@S^NsvY zLn`FyB7!Oo4zx!MFM~-eKZcGFql{qG78fswrMbN-bm10>{o2zJaQX;04Y_Tv)GH;2 zW~D9xinj^XnTyI~P_=OB7n0;P<1B#60;vN&NDkDJm4vdWd_$BAwa31W8Dm^(<}0*s z8)*Nr(1k(r^_4(c&(8vITeWnik-Vjfx4W;w*0wfK+S%dp%W*e!giFu}333A`Ag2td za2@t+9`$Ww*ym(cDmB66O+5gef!GZI@}ON4STmXTvbCi?aj_l65E2maNl6@i<)6K< zwoE{C;@w751gor!ntpK&np3kOvLmqC$6pt6+3$W>tJt{Nq{3hKGuM~vdA=CqIqC7R z$c1;TB~%^nM8KrMWEAg2?K3V zV_*8!jmb?j9RH(8JJLox7hr(_>d2Y zuVe~G80Z%Nu@GkWP<%klYmKt2>?>J*%vCpNTXEkmWWrI1t0`sV9C63ZmLB?>$rAFW z@T78-Cj*x?DJQ*!{)+f7g}IC|dmA1}tDab3dy z#%&)@WO1?T%3!0TmR9h0fp=)S7zLKZ0XmOtE-oE|MbCy$3Fdu>NR=W zeTw+j1y0`99tOVIT~^ajy07As%Q$wq-yX>*D5zn<6dtD+6}fcQMw5QnvXc&e*dH6E zbgY5@a`F(qeAG+nUU8b7nmiS+U}Z%gOosUD z`E&8vv+Yxy;B>dG`0pWEIDQu&Yld-r_7sL7MgncMp;>R7<`L_xh-l9~aSQ?zd`*Q~ z1Lp9Y_R1Bg;~$u5lTW?7xo^MCkv{#i10pSWdl{Rx6+|o@$4@vP>75B)w%{>SMNvUh!=Q=v|ek3)GDF*uhVsT zKIFlDtaAT&~0LwxlEE`Dw4{**m~v&1-G2Ypf5=LK~`E*kz?YHM5>cx8H8+Ate*O zGKuH~cr3)5_eeXn^!qo_M3*?%0N=yGM_sF@aH$*UDrG;&KGSUyT_X(K8CuYeH)&$h z)!Nq9OhVPDpuyhwkHwEp(U^XV`33l?nZ(`2ERVFv+OP6T90Dlx@%B`zWjpuA&I~avt_6pkjd22Hjv{_c`I0EhHENwcz|?w z)-3pL5(6&%u-T8;aqB)@ffnRi4rp@RHXZgQ_{grooh;3RTTVOwHd|UP`x6E74(+21 z;9y$k=34YFfChT!e#&eX{#D0EiA!)J1P|ang5>BFJ6sN%>HCfIN_?96tFA_Q`%6wc z3XUft)T}OlN?iT8-1x^rO*aKqEIf6;IZ-rid`QP_-QtY0M7H;@-PGdYe86cJeCw9P zsCh`Y+0t@C`-Sn@jJndBqVn zt=DvC$Cw2^ZI5V!U!$&vJU=D`z;%pCF}V}EvF(2n@sX{$zivT|qZB|!mZ4jxBvN=E z{VSb7`AK-+G{ds)-TSx68I`1fN>wG-A7ArrL{tj%xwF^N!?;nHau0;^A!flqsn0%U zo&^QFMGIP}pt#7Ob@keN=lpj6 zyKTgxx^6*IMf?&LsM7_Z4AWPc9aqG9)-E0q0M~hOW-WS%P-&@&nsBLz{@6Mv5`@+K z0m(pQ!+q9qBT$8%5{0Psh9d?%*inH_M{no7A1!)TU*N?w*W^vS?P}|8Ke_wm)P*O% zaq4<)r0U%0a=52apNv^wtcfO!Ew4~&4YhppDvU~kz{v4F7?eiW+PGqn)r0i_^{4(FEl5D!v`j>Td@>_F6F2Gr?R2(o&rIu($ve5eOslID@ zy=PH3>qT_L9~@h(ErW>AIaA$#EX4NwYM7N)a8LpMieFfEK$t&tCMK@D7f-t%M_Ssu z5AjU2^)kbU!+j=`98o6yPCIvRE~S=6YjvwCG>T~PVuH#4l-E>~?3n;Qz5ESW+UFAj zqB;U)mp}*M!pI(IGVpSFI@5>Exk=nDXXjNf$HenKPRol)c&*5{^_auML;UV5t=VQL zoC{<j}z zuF0YGv1T!3)pS2R{H1-m!mq1y{mK(TC3Sc6`}x}JvC6Y^vGsxvkJF3Gubs(@-(W5h za}gOV_v3N%e&gYxrRc<4+)~w?KBCtgo7@stkw5+eflcU1=_W)lRPp}Jk2ZGe_))3- zRp4)`X)MOqui*)iGC;}+!l_B3bE!lhepLF}Va-4_dYr0k>6^2)z86cokkV2N1Aju{ z_HBmmrMjrZxqahmMnty-hh&EnZ8elhA-H`Qm>^8bJY~q+G6GC{H>t>a!4@1+=ozx-Ud+{hemVV{5i}JGxa;@xZ=s7#LZtqr?Fpu6k-dpm zZ$ItXAViI3+eWd~Q#|@&SUwC!EB$bBu|5QU_xR8Te|k*m77`URtBW9$S*qu|Ew&#q zAMrbt|6Ij#A0uD9)=e}`;2Bm8t6+->{ra++sr&Z#;9De>*mOF%;AS^0H3A%x#nF|V zS8|-z!hII|g)~J~bcU7}?2*O8_#+LC?q&u@o{5PlTA|g#Rjz?&Njx+`PX%TncTe}H z(B_rnYp6{%-!cJl3-Jx8b5V#4iZY-BB|!~Zbj;__l`bT(M3;4cMTGg9OpTuh5Gr)` z!Ak#2J~EP68L2FCWEBic>Si;kX}#msaOA&d(#t|;oY(3Wnx#o{JyAg zqvQ4XDo^O#cdtdl?l*LKxy>N>;b~8ZW(XP|FIBt0$5Ji6K|M8`YWS3FVqu6JteCU zifVYSFJpc=J2eSIrXDhg>BEbyLJi?8MQeWGxxI`G= z9AI#%qZYR>yvK+^MAt2TlsEo(Z%3C6dXDq>)c0gc+{VrxaOw<&W|7o!erZ@U^;%nR zL)rwHC&dYKd7N2728RT_IDZ^o6nrT^ycQAZU%vH&3Jp;bxVwO8nQ4)-nxHlvwTE{l zwNzH)wv84t;1d&LiMuUrhUH_I+FH}Vhhx_l?Y|x#K3H(d`cU(}))vd_L5=l2<+Q4S z)-r+KO4K|741s=jB{tEU8Lw#sc_Jzd5iH%qNMJ zjZE+PsS7M#bK&vTT*RFr&6nY@DVV?r-kru{P%qJ>pm$sWSBU`@U;(Ncc_*US-6j1V1L2Nd{ay^++$Zue>i>6E`ND zv2FY^q}T!gqS~I|cXB+s-TjzP1fdPFX#2CEp9tB zH~l`6(4n&_@aRNA4}FW0N#Q8ZMoM(GSFm{y({+Y;*D=NVNDkS2=OuEO>*4M%vZ5xT zFeZCLLEq3&DegDmWr|07j@k@3y9*XQZZ3qXU{VX1!zkNZwvmp=y6#zfT3?;aX*eV<%fA%Q!UoGrsF>mRhxTt)tkVk=v-v~|#kiO12q;2#TbQ~VN42Cp?GNFWE`=k$F^ zU6l$vCTa;uuK4knxwCyf37?TwS8Qyf*L*Fk_7E?oP^P*jcZ3qQ948BeY$(NQuuy$3ZZe`dfa3q%IC6~ON%XHj>IMV@o93i+O<{%{Mapnle_hR zkmhBHfV-b0kuQ7}qYlF~c6J@uxU!Z}Os&ZJh zkLep05NaBo|4I(aDc(BYwBQ1z)RDLl0Xg5QmrYeFa!&9+7BI^h+(^sJt#noijb!Ue zaGb_gv=B&!Ug@+GPQ%cL5vv(-W!tolaOi5RqY1e>xj&tUek$SHiij*uw!w9~mMW~L z>PJ{FB-)ByJ=IIz^qqRI!q-DuobwT8{EZ7d8&`(-6#wCGTpjRV zqgDkl4Sfa1C$rcEj7~@=nYd%>T4EmwVUZ_hHL{QgT7Y z1Tl0kkY9tN2lWwp-y<)1d5N@WOe%jpJLaDbAOrDbVeir?W%j0ay2VAr-v|+2Io=`L zC^hp5F*?2}wha1Mj9fN-)liTA4+gmq6DrC?{0O?wW{&eZM(HKumk86mq*{T1J!Rkh zyMFKC-Uy%dy4An)clRX-#i513#joi^~l@?|8gOp zn|$}U=}#8!OZf3<(io9h*-VEXn4A&zxibGD!a=SRKU*|%Gg>y#m?-C~>+*`q)ZhB7 zngW;$%of_8`Zq%Hq&1lQj)q}8dISUaqZ~5>{W1ohNi-ZNtG04-SKqVV+#LM0f1vUF zixu_B^=Vr}>TdV7bt~;%36-(Pk&k%GVbN(3NMECE`SiL&zJ?k0?-@D1{6Xj=9J9YA;H#F{{Bs>K9kJbr_#wV_7^m6(QyTe!~X5 z=Vq`D&2f;cv@%K2N{|w>EY>?dSs*UwQukf&_WgDn`L*6kZ@T7r>}PdiEzCNM8*skP zB07oVyMb5IDs5U*h=J6o=O!l?(!-1##sTubTZ0Ky#xc`W@}+wx?;xkJ)xkz?CDnI) zUtg6pC7S%0tDL0sI!9$7^rf)k_PBJ*q#c?1Hp8hXN6PSY8hqKp5u2w5{7H^|6j4ui zkjN)Z^0sl!RQg^cj_HkN9l=*$_x@+y~de(vBj0|tTwhwd#p)+AdyKg0gG?R%Mz zqn@|_DM-u%b)`A@-o}s{D%LkS=uMQY)(Ic`H@O_DFda3|!5^oOb6B4<|FH;IEm=!ZDnn!!|7PUPe@o?-K&_6~KD!^9&O~>2x$Sc!W%- zGhM6@9lfjTdVKn?UfPQ!dd78>&7`P^C=duZnu1;;;NkN8_i#X}x@AJ-*T)Ab+N2oF(^#ug%)% z#=``D$j#!josId+c@jj1N;4u~_CsOQA+*C#$ZOEq@o=`|sw{;NY!)*IT2G zw-YJP8!Z9T0$-K|UHR)DR{P+77%g-Bcq$2_HQIJb-vayXo)wzenmX1@!* zakY-Y8@RduahLaNqIkBYCuNLLMx!;LD zip_oSbw0pa?zpu}E!<4X|Ki-|IpJzBVx8biWkEU2u^;D0>&vx$&=4b=<&Rg;GkSaU z1-f(e_)wPZ+@k7V*x|3QOI~ldgw4FRAuv(S+tM7M*Eq`o**cZ`}wm0lSnNC3xq-m?CfdqqMVS)4*R++zQ}R@`^51F`RG zIxDYeXG%=Zr9nZ;^Y6l&^uvqha46GD z!%q(EFpXBF%`WV?I#SEvtTmlE{R0jJA{5rd_&gn5Wo0~?E2 zERTqVc=RLJI8$lgw8FR6OZBaHHs{8IL2TOiX{{25NRj4893WgIc~+4aI-cvu@5ldT zlCPVQxeNg&?s~yYL;LD}4cXOEKFPVkm$T1TM@J9qgI)9f(D`QPg7Qk?0_f`89@!rJ z1o1^0;)?jAwm^b~gQH_BtV*b+0N!(6=(7>fYirXtWGLKjM~f0*W$xV1l0OI}#J46y zC9p-g@Qh#W$W=Y3AFV6KkrQ z_?BD2dOoSC7fL&`R$H92vvUrK_@lxv*wWM*sF`hwIjYw>zZc+yr_(eJihLTpq4!%= zv=!|JQ|pyBQUqX66H+)R^g||gqMf?d)_suldv&RvCkyV?S@v>siKVh{bNI6vv>{&TbUs7*cT#o} zeKFz>YyoEq8Rv1cD@7U0%Znj)z$E&6+)!>5SFZkm2SieBh}RFZ%kj{EwmHJ5z_!V- zhC>?~<_B8F*N_Uh$>@0=wkwkSbN{Qc;AspYB;c4-hzH}}Kh;ZL#;6B^Xlp*@BBDwt z9as&C2 zwfBjM-1N0soJ}H}S>4)0VH`|M4&h)o08x|El&qTJ2?q|uK1I$lf@vo!oE>vt>*$XY z&p#IK3dqXynf&Y-HY|A*2HCbp_L=rcI;quCg>+rpllHiGAzp#tP7qltc0XFFEbl=h zS2S-o2k`@@j7)gEuRQQHLoh~$FrYp*x=Ur8D<`s$hH^*t3`D>r5CPP1^-mj4eLW&p z6GRkEZdJ`}g)1<>pg*Rj?W{Y2kd>rYt5^K@;m0sU53Sj-$!@P;9)`&1>S$dOR3i$P z@I5PbK7=(a2u5?T%r(*frk5n(^FPH9MopLDMpi>eev?;SDOEY!xi19_%8Q=1hf$iJ zu>Y~hIqm+75pp^8UC^$;15{O?GP1%DjK|lSRIH3AH;t(?6%P82;l5S)H$T?mD<^iQ z@l9lUZ`KbaLBsx$SE-kLkD@sn2RWCPWHFlAa0T@5v$y-XtBnPgr4-&!euC~ya=G5lrl5C&OCkZq~j{O_uWPJ9m zS-ngm#(8lj1L~y6ehgBaMk5g>{({w_mX=6O2H5w0YG)VR5LL<`hMkWMRQW@f-)?s2 zpoq)S(#gp$Nq2NN9AC}uEs88oNk7Nub@Z34UZwQ-|AcoP#<=(ZxlzeF?SUD)gUn&% zxC$lz?FpE~Koa{0==6noo!{J+I>_f(s$#~2*WF#8wm%^se}ON5A>w=G$(Oe!&gW!_ zYGCooy6eq?Ff3B;)%Kxs`Y?&1;U)h9HS-ks9K1-W^Pm;^@jEBB`)-uEB~5-RvBi2A z60*eFCr-tG=OXSeUCKIAs4+Y>;(J2tB^sTLN>g;wuTev*wptE`Ij^-jZ-fQ&%Ij%rm^{-XU7IHS@i2GITML4~_u+BW9>~c18)xG+)yL&!+ z_!e zWMa!I<9t{2TmT7TFL9bFH!viBM#}TeeB)T5Vj2!mO1UBT7s07@rm{=|K?=SHnqy5L zB`KgOHvoU!WdS>tI^K#DG-dRE7%S@NVYIjQkEyzRQH+N;FiIy){dh{PJrOO@)u3z|%1)|h9oEkz3{rZAuP%J6bFcvL~uZk|f{Ck9fzi;-ZRy$*5^_s)j z?`iVojiuXlx9Uts_;fZ|-?tbSIt95#C#UDi&DOOAHKOLm&~%Dt$aSG=qFwB$HsmpZr_k?|Hu&ji>tbE}wA;tK`%CuWsIC_j@ylzkt(ixe z4o4**eN7YkB|8Z->~Y#_%@iEH?%X0?7%y?0-s)V&R(i3MEMV5n5hQ$2BnK{b+ zc3JUBTM1W@c0%?ai(&{Uoj|)pm9QWQT$~>o=S$w+eTryo*K+P*1o@0Z)=_8(^|mbq z$=H@dZjU%|&2bPdN!{J5*HbMW$2*S!1rzz?lem3o&Bm+wkvJJ2+;;=KYT|A1hGPG! zt^MrqIo}=|J|pzEOBF5_Z8b^pXLgf6y5MsF`ko8vq)Z1!l)V)FVs*l znF`0!dWJkMLC$o_m``tnUryi?3E2Em1zO|J1z$uw|M`E(B3t~|VJ>ZD?cou>&g|&J z@I>menVF}V^qzUm)jt+tkm7go;m(4PDll}vU!|G}F`B9vKFUy%y?M%tb#@Xgid2Q97hd__uVDI2&hl00Vri)oM zh#X2p;aICzRckKa1zOtGZG2VxDPr(t{OGmq2)f-|8auPEmUY=Nv7SKwBBQDr zt#YHm8F6SOrKlXI%D3f%9M?Fy5X<|ta(PUom|AJ+|KCsh#-K>Lg?cJ*IHM(Q3YKyn z-6+?LJuv};HbGS5->a*Ms}gbJ^`4(jxw1hVOe9YYy?*J(?PEj`6ao#gl zb=m*OY1avvmqnjjNy0CN{nuv)A&!UELn|dCx;eNN|^=ldDT~7h~k%<4JwT?dkKS*~4}W-qven z;g=4YIIyUx$i-0hcS_dhl0l#MRb;go$79*pAcl#W@>m;VGp1_Qk=B6_>(%e{8OoSj zK_DPs1(yeXm4@|8a?Yvea;<}l=)?f0(CuOQk#x)s(v?0{n`wSpx`=@!UdHO~kEuZp z>^44ethO9>2=n1qPpgi{(gDXmiy!lOt9#S1#O zEZ<;j@i8f+B{73}nY409ZSu9*o>DY_DkwWlsvNzYR3#G0$-uS<+0Si*ae#M@ge>{K z?-O%4EiEb2MsHHkooy0uPYQSYz;*ZF+>>zw_;_76ru(4IOQVqe>&M_0+W!mngI9kK z3+xuxe(_!+verayHoGE0or1>BMJ8Ro4~c9gf7pr{mds1ztJt^&d}G(g9uy9^O8eXi zu>|D=)tUthzb2YGP~u31y~DP65ng^mxLqe>s=Tnuzf_bu{B<{dmGLrS5`e$O$>4u>6KaCHOE+Bn}WZ`>p=3{KT&R(Dtk7*rAwUwm#qRl+d zsBwURFid}4;r+BdI{U}>ncGPkuK)(&s*%zEwh&o0)plyH+#DDb#Ysm!)Ad zpMThSBBg4x8C;B3_$8GDuP`e%msO~#91s&Cfg*Dqk_y6g?g5AV6GN%1%qqkc5-+l3yIhi%h)N(K{F!l#qtS@9v##SLn^thjx zTajhfH{r zVAEDiTJ>xeAzRWFw?14@lVh1Dq%bQmg!Dv}r3f?mqIs(+O(wB~_oztn&Lk<=d1v}c zPoqd0e)4zfe>|OKP+MIPh64mGZp8`i?ryT4B?!K@8<6(LJ9p_F+8$)qmRuzyw0rBg|7uk=lR`lWVngt0# zVTZ|koLWAIJ!)T*;wDVnRm#%S@K_kVJaz@6arg%_6UK8s9lf%+skY->xJhzXJSwl4 zEXYgFAVM8krM%49uCq@zRdPJieQOHSR!$qmjhI9CH7M&*8h7yB1|t);`fH*w1q`e( z`m4aZudQ*4chzX&rol&H&6*LBGNX#SO~wR7I}RM}*H)8;0^k}(c{HGDvsfXa84auq z^l+~F8$di%u+dV$pUw5N=gn@|#wph0rVOaqlw9w##eiGrqIJuT|C{<}IK1aelpI1W zG?Vsd-2^`f-g!*lG;MhaQP04lbCbm7=b!nx`Fi)u*U}TzL0XD&H6SNA?#gJ_@s;|eDa!PRHS{UcsKhdwRzubMhbYLs`KDRPH(KMLpZi}~knDG>HA>?! z@fOv)^!sM%jKNaQbI5FS00>p#g;*47loF@y;y};{NR0OGD+9hddk6qK5{`7635p~; zzO0$0g&{&WhNB^T`$PEy+R$&~Y4ho!r#Zu1XT-~ONm>f;&n5p3wQeciq0@afuab5| zU}_M)GP6>BRR1={WN+e`n>ME;z2uRwvt8I~I(pDX*#Zv4FH1(Ol{^OV(?yX=Iiu2F zAmV7)d(jidM`j!B+=B%sM*O&Y+t45+k2Ybm4{GYF$4e2>UM07oW_K8|PvfgGFZVYt z9i~*KaRLJS5cnDewhEMxJgo{k^XSz-V@6}EbA(?t9Q!3(TxRgk+Qh5bURnH%a*A7Y z&W7Xaa9&l?xT7RT<0f%$Cr~EUk;*pK?rL}RAX;Ne z*br5xfc|S<`a)c>WYHwfKE)vqHNiT4jr{Yh^0>L7hr(*temr{@I|De%K^Og%1(@~^ z6ng0pw^(fv@E#YRYlNh3UxRl*B)(bnE|Le2c|XhqK_DE7I{jxZ`+Ks?NOP@}(NDMY zhpyYbNe>%E!b1A*evBnGTZ@*y9oI5)G7tJOnEXghwa#kS2|S0xPLiZb2p5454U|q` zzvn;cvGA)zwt!+qh(p&;chbA>=5$!h@OU%$l9KT$hLocuhg8DSvN*#a!*eOIJ6Rz8 zI#=aL)p(>BRWjo?Zt4MEQ>_dE)d)%Gvi8(VCrnqp$I?j>6W{hhX%&a;5&i}>sbOTp zwu7c<7k*+x3wH<4MuO}xd=h2q*J!KZl)&|k-W3aX6B@efckF>O??UvqsJs3=pc2LKA<+b z(mCLtZtGf@HY{$HxA*rkx#ji1R0sJ0Y*2IV)*)*TI5S)SJ&~?seTbt$CI#2_gRRyV|O@@C{FC@5i>L)%R=s$!IR$7u}@W1$TV+ zOfgE2ae1rpbcDhv?$M_+LYWi;4S=Ju0Xj&EIteYk$F9W{z%|JX|4w1=$Q=q>i|;ed z3UldF^bwChC8&*;to&Gd!_h>_DR4jL-?s-+}NeTeLzce3tuB|;+f{y;pgMAy;7C*?XZkaFUrp6(+KwyJ#Yj07lvFZ1Mz4lYMWff{n0b=f( z+R%?#h?xh0VG-75NAPcAjQuB%7+T`+yTe1RqmUKZeg+elrS459QD$JW|Dp}UO5)On z1W^+sk^ATf)oO+8MmMlH$Q`z}c>HTrK;;!EwDbokE`$+qEW8 za4qAM2uJ(MqUXw#Q{wqbMx9S{DfACRZtOz5Ygem2GcvKt>;N6AKUKt->_XD{ENy0} zB=2S_;ipCV5U8KAa)EHDWLE2%&efU!b=z@E0?66?aTxrp!JLURFxy3zS@nJ=VUEOT z@tZ}YUit>LOj_E_N0`_5boqQE@f&9T->^@z8faUA`ZEB}q>lkWSYTOci7n#^towXQ z8k|oAD)3JNs|dA$S9p1Ah4oQes3Q{}T<3$iwiFEu=hpoSm-D$kF`auW14tyZ`dD`c zpst^MPD7OwqSU!EY_?BZX^7e#UfjV>r8}KupT_FE%i+}~lqv!0u;G>|cli#x3@?GD z{o||Q*1UMpR~Bbt6-+mq9bMPrf@d`aRV1r5;@2U3G%b1lZ-$2y0D7yU0WRKkCo#1p z0LlcH{Jz$CF|+LAFNNSlO99|5eu-kkZKk_azwnqs;rA5(VsBe6bSA>Ky$l6SYFCWo ziJ+MV-{zkE_j1TknhnPV5?fJiM5MPGbE2f{2w!#aW|a2xoFd=^|vetF^UC?lLV z#)uM|<7N1vx|qpf#y(pS2{gUC2!a3hMGZIRr63>3aPz}rZOYkuE8VyOkP?mhV~d}XRdi1RgNAewKZE0jTB zB2nWup7T3d9d^E|jm?t>-)<~|E$Q1tHieBA&{N=O&BAp0SQ2SZ-cG9;NJw`=p4~)c z1oc-VH#DQxS!X-h2^FYtuFi}3_U$^a_4QUrWrAIPCJfa0DGuXTy<9yCXE8Y{jVU4I zHAtWdk^elfOAcaOVW~>i!aM2GL@*fg`qfR#b z4R6!T4tQ}OX-D+jqft_LWuZ5$$-`F5GJt@d8;H@ezkwr;P+W&T9mEaAb`ct zt7xit~a^}?|9eK>e{CL_fZ6`FH1mc)S4FrMV z(SpR@hqLxl{Q$|Ymopd}`t)nSx2gnMW=q_b#&+RTrC!Bd zWGjGcn!I?^(u4~_wfrG*?_OC9gzMJTYdQ`P*b!ThCm=jHIdKj@TbNT7JsHYcwWEq@ zqPM7UZ<8wo#lHl3+`BU1m3M`p!AP!18Gp1 zx=9T!>XKzqJ9?*-V*E(3DosxG@#yY1b9u#TD=9`Uh-c(j<8-LEoqEX?Ubsv6wNgL* zXSxZ|XX-wbB6);p%PLT3SsuHvzi218OLM8Isrgt~to%2lWtTP{t5aU&efyVKE=#$< z)uTl1xPP9DGe(=wNnf2BLN;j}URiv0GSAfNG=fd*b$mV2GBT^A#plUXlV>}JVvHS7 zM{O1#lFw%@qT-VWkr$UzXsAT?qukxsotWdhsP_GqA5K>zCcFOmb{;4FrEBBI_U&`6 z*MZ6y%jf~IoG$LQGMfEe?E7~)!!@%8XN`+TnZOn?=|h!0F&I3{_aoC}AAmx%tbC!8 zdl4*{uLH1z*sO7sZhP0Pxc)}XevU|%X#27)l7?kDG2H!r{#N8Ni}S za>Nf*gndW|uRcFRJmBaRXmnAJyaDk~!8_@CR<6*_1Ulg-1#^qqL?c6ZQLgvBRBI##%lxjRYs`a;4liQ z(5Wf@hP7Kp7H8PH!?vtEG3K#~=dy{q*`C%Y;rTFZG-pDz&_B}Y5NfS2t z=VSGAm}H2DH-SwOXUlbA|NFAF{2@7C5-(HWD+^@;^04m%(o9x4eD4qnFGJ+^KcYoZ zU@Vyl-Z>oE&(Wjfycrs<|DBE6i$}PoG@dPbPrrMR&HnS8P1JepVi3RE;=7xCP}lEe z`xH9MX%<>BqiT9LxklWKP)&vedNDy`jsu5Aa!7La-bT@R5HW7ljuIH3cBiob&ys0S zgZMAbSj-2j-%>~aur$di3XUYfft(D@jT)>+!8N3e46~5_!i!AzpBA&l-wZ)uUwttx zjPpP>6wQ8=bZif0*C!9>fto!!J@&fi>VFnY&hcqWX$0fNna27>e@iw`>%)oTCql)` ziV7-d%?nzOKjSCy=#wRD4-Ye1n=#q2Ef95dhB=iJh8t~+%_KJLK3$r3r+(fD#($3Bs@wual6 zbI?BrozmUpt00Wl>#Uvqfo;4p?T##|V?)=7W7lWX1fM)IvYf8XCMT59+{l76^c;Jw zX5rtb(9o;0)M3`h{DxlS{!P{Q4v*-2Fc<9rg_uX;0Ua~EgL)szOYaKqg*atxtmY8S zx)&Lf1o=wJjf1w$U1N&k&5+`pt@cn*UWRUn{tUJkQ+L{xp|EZob$o}Qn$>g{L9;KO zhex`#(vOQ~?OzUV-gk+W)QV{?F;&wU`tcn4eRly0f6!i8oCj^s4b*(^mX;2)Q4_Iu zow7~Y`5<^uW)}#}XrgF(Pp`*lMoyigrW)_^Ba11}M)}7m(25_Jra?%?Rb2nUMo!Z! zz@cT2JfL}%oU@pZ=0Q*cM=l&=5OHMT4qbGuRC z`@Yzo0j+vI%SPdW@>;9j55C{&G|I9DCPssbOawx*+^tO^D75VJLtBZGYJOoLUMdiXiir!R z`5gQfxOl9HV=!{Aa1*Ebi)p=>Qeyilgq5!7a^X6HR(F$f5g!$(^@pfO zuthKQY_SIz#!9m^Fto#KA~9!p;c=lrF^c*E@iF+KwIbY9Bn0%}z>MO1E!_0CI8LSe zTNU{`{M@-z=Pl9K<5_Bk0ZgX3ty`r<5AGOVvx#(>X*z?NiYfSh2G^G-I9w(OBnC#_ z^YHBm#u_12K|8C6MU7)~ndafSby!f+Vtfsn^I(O7(CQ!*Q*aM&`z2FWRv?Nl3RN3e z^RGsbjY+UYU$VEqMULd+M=0cMv#cs(;M25n$H~@G_Y+ z&p!Pmfa7skYaVLUzNA@rf_t*Yhe zX_36A>S^G6;bs%5PuxbD`dQr!B)-Y6@~59zN*m9t(OuJ}*8SB|#=y!TsyKOr{RmtO zNbj4-^g>O4cxO3QJlU_3x?Dh73iCXeKpoiaEr<|Gk*`$|)SULN7(4&3E@B|IG?)pj zhfIrCpxdXkK~rbg(RGN$=u6gNG&DL!!IgogkWE0?Uis8_zVy(GSF1~H7*3Csphy{xH*#D z8Mr5~piyynOgI(8v~knjB=t% z$iS6L-j$0P5vo~?Vdu?JOTNQrBA@3gNZJPm(3Gv&czpU6y8Lmbn5)6N4DK5v-LqpE z|8dthIo-#Dez|h@EsYJCv2^vgs3N&$ri?gHlSXWO1{|%>hoszEMSA%no=g}97{9BU zt(L948>iovIzs~k_B?fTaX}sBtx8RKy3 zy;%{q;bjF{{EU9Njk{O4E^^T|u!xz~M`=(>p+xXXL`1{9m=^wRXoh526>F@^8psMY z2oY3YfGs+5>@B<5IsG)ZEIu@X7QZRiq!ST``n$}8zlsWkzwL@#F~t0PHj6Cq|EGuKsc9tDF4hog}sVU)Ao7vS{R65b*yLcQeyu{ORW`9O&Cvh}IMrLZq z(YJ2OWj3d3meoZ_>!n;@jO`nlfLVWHgDZ@vr9x?)zA7hwbt`-`hdu3$B*_vm^@qL^^R+-cyj{MML5;qOPWCBnBlNWgV>*AkL zk~E0Ts3qOoZq4^+#`Vj3IwGt30qt1wzI?$!ZGzNLt~qUNv_xUF5k$ziqaK&CXG0*4 z_QdcQWBZ4zJnUb5q3$?r3uZ)tdAkuPfnZ6vXZ!AZm>RKb$%&-;3T^5YuPg=E|7R^v zfYB)!y8Ep&@*1eFYl6%)tTN#`x5^2HXD_}3`Qo2XjlM0us8l@m5|IYW!2S{t zqJRg8ihFdTxby42&QI2t{M+5QDQ5f=N;V<@TUSlv;Jvp}lkmo;VZJ1Gi7&BaeB?sk zKR(L-={JmwI{>v-e1;CtAfx=Dsu*O|{K!U)N+sDqfh#3<&wA=yvcr&65qlXZA7e<< zo*Zq;8B<#y`QP+rdZgOVJUk$SEH&pRkD0Ln|xh(Pdty`__3f&(M1L z8W)vwvn~ccm7D%_$!<*cX_K9ES0ZU0>Ra^$OdI@jF*u23!J}At{8G@7m8eWgG2fk> z=cns#%C`4Wmde{Vi^T=8o7uRuagfjT9x+M#G=&+A^vPozBivZdTDi?U$E`J_qhy9+cUY{#I^6nUGypCE}km} zi!}JAU*0aB0Pvd?99tf)PS>uJL~J$RVSiW>{7H0{`caRT78ANbT6C~0U#4lgQ%uF5 zzrXj&0&(U+27X}voKbRJs_I3jcm{7rioTdCe7DV1vJ$CTK%}3aNwSmYiEb+Unx|V{ zmv^hJ^|vIbwd;)(3eMa0I+*tD{%XeUmFIGor%&bB?VWA~t97))!Ta8u{^@0XgZRu&*`)i}I1f(E5P{8a^DLg-adZkDMZtc@2wiHvPX5`_uA z{eYCNH2C+Q_YO^f#NFkqRxcBNFuZ00mh4kvCMMDSdq1Y)U-iOFR$AXcNE!t2IH<+& ztRKT{z9$Pxhz9)oJ-84(rhQy?6++tXc+i1-CW?aF?s&HLr;4|%UBVz%p<`aHB37h+ ztD3#CEa#O)+Pp^>vkl9!pIDa&#^LGIl%9F+P)9>V29Dvr5q5zgGcHIW5Om6z)^|~C z@s4&yW;7f+d=~3iurrsqLyrqr-V~zX&HE0a`~Kv8eAT|KzBv!oj}bf>U$f6Nc<#nI zfC2RihpDp1G$rHp_E_Vyr>9f@RU=3L`0aG?B*`d{_N%*$>S*wC`6B-hp)i5rePf2IR)z-#Ek(xQr z@2ni5SQ-|;K!ZiPy`OlK{7g6J+`ntQvHSC3qeAarDEFGyN$QctOUv%gOq>6~ar^Dw zJ*7lzE4fT1*(-|=?{s1wD4)-NMnk6Q}O%jXES}=@jb|E_fy*;;Bbrt%g#An{97`&ae`HJJazcFTpX;_)tDFVD0pj399n?sgTpV1Oy%%|hKN)Cde+5zCR@$-kJD}nASmCw7VBX3VpN=4ym^F$LU zCHS2Nktzn`6}OedAEkTM;h43ycshZlSL&~QuO27U4{LlXmpZ}dboebXk z{Jf?D_Lr?;`n;WBrzT<62?uraDvqv}{#$BhGwz4^mxjlA{(d(Zy?QEPg!M9HXe2ursX}9obc#9XoRZm6y%l4TjGBEW+3a+k^oG_d$H|l&s?HfW0 z5+w^60NYZb-&zl+c7e-2l|e$Jg9ew&J8vKEXE9nZp4n^nKacGG zscriF^X+z}WNT$gUYx1(8SMV__SOf*mL*D|ERaji4NMo7z%UWYOs%7SB;@Kos*Np= zD&hf8g{qZBb7iiD^YdoT;z@LR{2W(0%luLQb@tAH<14-5UgOuWm`Vz9zl(+U)8-_G(kns;+bQYY zn^KQ>GId;wqZ2Na7^M>U2xRUwdR^fk2}2V8Ik~J9X;Vns0_g>ufkV~R`P6`kGbpY^ zY)8OIQmZ$o3tC2J@ytZgGdt25EF}8TpP{P##Hj0%@8>#2w|STs#}7%SDv_H-)~*3Wc&o4Xt2VJthd@Lz~&jh_*sB=yZRM zo&H&&sEYM488(Jx&r&Rw;5Dp1t3PzK%b2t(K6kvFzFi5PZjg<%h*p!+Sym2<<$bE@ zkdnni+JO-ShJu7|+n2$h#2Ma6&fjdaz70N?f41JfsKAV?1RQtXtC$}L<{o`Ov%~-7ojoWGxN!~BGVnp*Dg$U0( zan$4810)Nb0q7<7*+Dmx`FV)@r`NckKnM4bT)$0b>G7T;!LE^gl(s6ffj}nvZ zam(*-SE8)-7FbeY6d6H17X>Q@capd}4-XIPUK>|aT1C}4vpk9KPZtt3Vg%lH+fP_3 zXt=~;iERFv(!_UDB5AYTQpt5X{T)8NH5~EA$XOiKjfMZO5i>i*Oq8VVnle{KI~%XiS_*kHlTj2?09Ghl z>`{Q>rN|_0YP#yu9ps-Toy%aR)6aScsOw@+S09DUU*}szW{ymK^@}V_Lwjx({t!>O z0ZHmus-QxU#3^)Nk(%e7YTLb~Rf5Bz^}C#vKfbCuzLSPM2K?@{Z8RM8;B5C=AZ|Y^ zsNRAo1X`fZn3x3txvfx4Vz>r|5SHsktr@Vs_M}hOg*14FH;HqI%(?~`aG0Gv69EC!OND5ewz*dy%1Edq;$SQ$wj=R5Zw z{L732{)xqEsD- zrEOKXyj7EM^2uU~DP}HhW=;+ezyq3WO|;BRsh|A_-}C)D{w3H7D?9T5m-OHq!k3G^ z!y36d{J}Iol3B-0HPN1GtGWQ}*G^32+i2{&E`cV^M8}*9u%*QiPA$m7;V-iJS3?Ad zRA++l)Z(kCG_9VfR_8W~D0ZwXYNgUwb|j%G;x1#nvWPtk!dTs9Y93VZG6euYNvQSq zl5TVpx3}=5-^#-tgPWVqRaZT>fn@I6!dNq>o01Kl)_s@ zAX_Up7KZ3b00Oy?y0N17u+h;HNmVa?+HjD{d_We|8xFYkMc=894himOl5AZHl~S2Q zdzlwKlFk*~I-aH)F%TewpG@Kvk_IhziaTNaLTeQIQH|QDlVDjn_oGIyp^s4^nRZ+= z)iyuS#>~~Vitptemoy>;GDaoQa^2CT#_Rbs0|ii65?)zAiH5n3O>U8f{Vy-@RGZXl z9DA#)WS{hz4aYddF0iNYRlAYe)5=9a3d$}i1u#oZBmuRs_T{8vq?%JU+u zpN1oAhXece{#5kt4sUQ^!=oZ>YA_20n{|P2fJ=e_re^ob;_s;<49@|5$wk8x8+tMZ-W*PkOj4EZ@+SyQR zU=#v4G)NA?1t7^No6DU9ezN|i&5&zH%cHHHA)DQ&AM$1SwL2Ag3tBZ=_`xdAQ{h~`$lf1{E=(Q z$l}jmqWlNy9FtTtN9reWKh$!)Aqt?<0*%)T#+8?q3AWQjNkZ_Y6(XhKx2x0G-vq0( z>?*Lp5!>n+bejj@pce{d2loLLMw!|Wkcc`xv!tdpSOcWo^Ipc-NOOB4+An&tB(g@L z&%le5Sx_i%);+Ms`FCV4KkaJkp{Er@1ZsR!A|wsQ23{RzgaT#Dl1U@$f7E(RmiV%hR&FLHps1ptpr9WO)-MS)z6KP4 zn7CM?eml-H=?ykLh$Vg3`;+5~|G-~ILBrI5LaauKIyAUDF7W^Lk+03e^P16q7J^!# zW(u=*bUa2=IdGt&!Yd7YKGI2EEr>0cQ{D#vnB{i*Hiwfz?jI5ZVF5{#zQ+ub1Yr)C z6%bG7E$~Xqq#e>K&eLXRWMtWSlH=>p>n<>3o#Ss7N*Rh22+Mq0Vnx zI*pd9-Bx?z=tO5?!#`~h$RKi;h9+nbVeldsG1~ENx8lgV(4h3S&f4&2<*GvT_mdq( z!L{U}=u85i`Gyx9z6quurXX4mNJ&{tkBPYSk*k1dse@Qk7&c1(*Bax+FToCPE`!l* zw4tjS?||SnpEA%*o?Huc_D0M9R{8uw^zWH0Ry~Rky$~1PK6S@-V*5LMpNgGFmTak7 z64@AO$P5NZQmu&arPjmH!ch9u?Zx=`793l`u*-8j?_M?nfR*0j3#cS3y{wW-&8m4@ zmeM)i$Zet@gmt^U=xn*Vx)cumq`BeN=lcWfX?RnpR%nH9+1=`uz^7(K6ko|?F4A2Tw7(TqRP7JvbrgdzOMdH5uM4;<;kSpjA7yqg~CnaOytC`);M!`Ft(VTo^NQ_Oqu!0R6?0%j-8n5(rE};fj(8 z!bf!NeP}DsfpMxNMV_B;74{ZK3{M#~xE|JP5wa0=o^5;*kZ3_gux(#(h=I69F=+Zb z+A$QQ{YeG?vi0h}%ULqV-v4A%xx;_zz1~LE>h$Mf-f<9e;u;c2h0EjY2I0k&on&X#==kDDIUIC(1G?ML*iY6(@i| zf%RTr-`>FulHkC>o^2d6FK9PtVz|t9BYGi(%+9iFR7CrKBl8%!e~Ako{D4#y;r{Dspep`wFQ!F##sb=yB(fUn@bNQKHSxn`$p;Vyq zl=@|WR7z4bnaAr(=4~m3{D_XU?RaJx)ln)_s7sd%?Ic@Lp(vf{>WXovD$&&}s`m{)vTO5g*q=9$EfJFJbdk zmc!9Jea||zSQtlX0@aWU=S&O|5(xr=N@)YFZEmysx#HjbLDR<1t5Zub-$B{^{GZVN zVmxyV*1aj>jTY;cw)z@1SDpKcw7w^1-Z49tNBrZU>n0TZ;q#Y`_rs?}`BxU$T#C4E zR}qJ*MBxCFv<6MR)Sy)Ls((0_0~#+k))#S$z9!DF4gg=7d@bXFrkUoy@_@zC-Kt&<~DvN^l&AhJaJ%}{Y4Tn~z za&9#8V0~K*xj$OOKeCbFP-2CqTGPfPvpOF^P-J9eOmg80hZqTJ715#``Xp{5G7@a* z65A}R%tec9B1M*CO|$EV5wB@#(N@w;(cx`TlOg-R5>~R;Hn}_vM~UF8y8rufvdk6o z*a&{0%DLo}5(5yWu)|HWn5Y6rYUD3$e(ggQ-r!|O*}G*UqRd#RQV4H_jrq+-lT@W-OMg@G?Ax#;Pk+yrSihsnA zxL^xV6BmG$8!mf-`dQLAL>vyyX6znDEE;CLkDXwaTMx6GDIBneHSqDs@-h{ZB?!TT z%tj-r(jK*X>DRaVn|S0-!KM=_gAP88Y#~umn9Xd_`T4m_1ZJu2SY}QiBH)K9# z7>-S9FigbSm3O844|A;qVNWE^HSx4|nq{Vra0n}&Vh7*5lw>%#Fl-24?6%V8Yg{zy zxX@sRV6SJcKa6D1Af-fqo6_n3$SjA6>^d8?cKB7js^eC10=q;xQT7k zUYv8P<*x1h7R;)Y3Q?@)RYDKPF4WYw-OVWCM2cv|Dbw4Q=GnFHUB%lLG;Xp>{gyqE zV)^pTs&*t>+NN3RSE@2_d1q8ATaJxXF^}hTA*NaRzR~4+D#?B$E^@#|aZpx2d?cQy z%_6Q7eY^Y1?WXY9+&(V(jk}ctAgaj5eFOIS(=|)#pbJ^JX#%q*+6)kJ?6H;F&F%l% z^6xy1gvE+fZiHBA#@a{)fbFM~Z_yhW9CAE#I-@}9S~w#UK~zn=#I|=t6M4XqUTn0& zT}A@w0S#WkWildYL|XeMiH1~He7tDhm7;B5(_22l)U?#Cv2MeCQWnbKaZ zd5%}ieqHaqq0iyYPHUpr(fe)p$|yp*ch&hMaiv@Bgg&azIf31>;0CKnJO1p|7N-~e z#dn03Wk0b`K`7XDB!H<0ev!~xoi{|dpQ5xN#_deTgO0gA3id#VaP9;r4iniz0|pwd zrs9Dv`kTHPrPG10oWQq&z2n2ZI zF>=Btdf-Zj_16Sy^kPo*eoi~^`DRbx(%VV#=D8@SCZ4nCWIgX{*XR3zft!QiTm55R zl?Glu-*Bn-2twJ~&K1Y0T#dzB@{@Aia2$v-0rn3A^xb2kX4gI^%JD1SNB|WTl}uZV z5NtrOB(7N*KDA9bG^zAVj^JAs8Jtb&jB%w3JREi-J#F;!fdhlkH~}=UptIF>Bs9oE zUx@3KMfgN14_I4R7UtYL(kWR6#0zEv-?V8Dfz4>FwK>)!NQ$McQQ1NcU7uOla^d|KNR7kiT(`?NJ0?N(vDG z`b!WcxUP=N4W)u~pEE4>aEKGZy|7mquC^&rM;W7(9MP<+0ZJ5J7*D!2n?zY%W(I&tzwmSn$^pSkO{Yp?X9xu>wrR_ z?}JFLdB{30I$u?a^f?K!Vg~NHXmr22KVTQavyZj_sk*v<&+IIjRv8(I8p1CHnrBsN zP$q7U2!u~u6XQWqAmPJJz)wn;8O$F;^aDqNPYK*j@MI*Nl~VhYe+tWj!B%hhtr7n2 z@pA+BBwtxrPe<`G)ix;a7YE)R0$4m$W8%wgn>~)36BD->(UNErslikmepd#VzgIsw ze+*a)lw*yMm$RYA^MoSbqTP0hVuzg}V1Lei-(PBjFzA3$ zT<{J<-0`iTc-U_u5~?4J-kS&M5lq(=|Hx*!v8w6ns4n=tDI_8R)Oa8bRdV5 zPeXY4lU{fKYf1qWjwjk~34vnZhFnP?sHApW@8d^r(_uXfbSZ3Iio#l(j56j!_nI&A zp{l9)nh>fG&`auGfYNWWn#Pu5DTO`cf-g5a)6PwVTd?8_a~4vLsK-(kt@u*Y zVn(<8-RUsDckAl?q}Ct`*T7eaQG-yC#M0{?cYEZ>U;|5HVou8lVa{iYWH^D%Sw%R- z6DP~zIvI4xI$<-a^E>OKYUJ>sBK$$E0eC(QNEWb&-u1e!-4YCh59So~-kg~|kF+YD zwQC9u1h5+qy~YJ6I)E`jIH71h&-ZpWJ)PYEW<70;?|c7`96$@?-sbtcb!U}@s`TaF0O^fBO4HmXdZKs^s_cwSQt)8KLwkH;`yefRQk|@DFjZ`y9oqmbB zEdlb5fC8BR1GMndlu&|gdVuV=aCk|XKW(Oixa3ObIVKK2i;D!}lVdJqX8cmfln+h_ z8P`5u!Vs~qI^Dwh@W>x9uzQ>R)Im!5cLqhNC- z^y(hZ1R>m)a;AfzoGAUAF~x#$zvPNd0|d7BBze$^3x#B)Ufv*WC_xB!D)C2w-&87d zI@PH!p}ej-*SPLzt(Qid%d3()28fj@(HNQNEDHTsuLh#-3&!3|HDSMYeiQ$EBFor4 z02zclY-Zr$0Hv^Hxwi2EVH!3Feu?WR*E|+7aC(LUR^YEC2p}YBn`)74pQJrG9QO=! zWH=n9FY+FWDa!yopWY`F_G7``h(-!hQXYAyoCWyCGSzZAy3g15*G=Us9oMHBJi@qg zt|lg&D8Z^paW08BuW^yKB0=SzSzKRe31LEnBoyLRoQE1|=n()RHPE+z?i+t^wn`2N z#ziu!X!#SQc)smx)MtwipsQQ&H_?SU8ediS_=D0tb#7s zIHdqpfZ(-eoZ2*dwh4{aPfM4`tqQOF2sNznM8mXpm^$c3ST7Wq{HE%|fcXc^e}?%9 zSdzjY_pT&T+aHRqyoS*acrXqtlPD$oTzrJ+j$5_nqnz3jMgh#662t-#azHmji=FY z!uuX3j4O9}`IAlDntteEK{jMHchjek$CGiWR6QTkCvMojxAP?4i@@Pm*GEl9dp8W0(y=(}y^ z9lZ!OAv3CHZP<6@O`I`}!PCmEqtW8-+uAA&i5QwwK35UMgm}QL20VOB{h85nP(TV3 z6@B8#=_Ih1ejNYzHp<=q*GDjNJoULhJS1S_@yeDRgyMmuvQ0_Ligbd zZlYp@51d(7wiOI>yB~cU>_A9X+R~VpkQwYslW-!AcY3=*%iSyG))xz4q}8hpGAbWN zp0~a;1rNKdJt2prxUhnUfukF4$~F4bU@t__@`;&R!YD;0!Y99s5n?M>Oe#Q1B@7%G zb3Tsi1B8Q@Ey5FEPs2fp&gWyCM5S&e&?a~z>PZFP-l5pIC_SbQ0f4*vx61h5Mb*1k zt#gyaQGQ?w#pXr{<}7ye|L__Y=r1=yU{icqmtwA&k3$;YKVpJizLVKt%FX`nm7=mF z0&dLe+2>ki3bCZqAHJLm^SrlRs7c6k173;-9>Te_iuJs?IXTKn+GvH1I!wfvppr`{ z1NLM*gS#n_mENA%`9*4HH&+L-65jbfs!127c`-H%07PtNkvFO~cw+cD) zQtqE!KnV#i8BeDB>h{)Lou-P@lpI{GK;9ssY{Yt27x`xa7 z=eyV$l5RYijMZeSPcss5PwlYijwS@>#2!iC3G0GJ`@yR3Hi3Vc-BtQbnNeA-jubVn z@vly+u!%jPP?+qCo%18(5%AO`h*-z@Q`wGdE%v4?+?#MJ?NdPkb6F&XHwk| zHkFaM2nunjN)9=TE@VL((4q7U4D|FvzXS>Y>Ev>Ar_NMIIf!|OOR)5cS)^#b=+~_~ zhL}_37<<`&0kaFWaX5pm4?QC?wmtv92X8)RbJSha+Gc|=#l|O44Li<%?c!{qzmP*V-i&jN7deI{DIw@X_o-4%|` zKKbg6 zgHRzM*1l%w{UO(nrD!4p4vh>}glsY%Nt|nCi&5yjurhtq-*M4-+{FG!l#mF>$WDtuUb1vDn^+by`H6H6 zmqN@G^lgeQ%FuC7zL|Wiw26Nw6LJ4pKshe?Q&>YI_MEMZIltSEQtTM|-p^I!robKo zneSl%gC5_rtTEZeEU(W%t(p*1)uomE{x5x|TPjji$S6YY=Y2y##DL1UPr*|VSrqw`wXEDX zJ-LGHoVUN|kN=>K5#fe)hYqh6LyJw*;N#%jM-DMaeIuOtPw%(RTw0otpU3-tAcpO0 zgXKcCM?Vt2Z{mm^M!!A*-j`AVxmbMKl^jAT$i6c>W z1ZULeK{UH*ji)Eq6~AHdp$qcP4R=g?8P5^Cs{$gy(}I1&+!Asat15Qzjq+*Jg^Va;QTfvJA_`M8wJ)Fd9U221bH>-e{kW%=vUO_Z$#8_z9 zXiu8^&#yS-7~^PlqUE#E&d}%;-gtZgUt$F<40^`=Si8p(ixMCyC$!OX{mQCoW3qrowh*c zQ7dZDmesQKlTWgpIHEZaHBWujP&{#-48xcIXbo!g*nl!0Oe#MqthbZm6NMb7l7m1o zb6{;{yEnXpE5*rX&#t5lhwV6Z<$Z{lcf9(#k-c-dCebJicI!yYkv~K3{dR4+Vx-Y< zwEWT`hZ3V3E`7@tOBwInsnIz<5;Kd30_pcd$ov*R5XFBynMAxQdP1%2&pQ^L>+>c{ zmDvfWf?Ts5q1Ycg9&8d7F`4*w>aF~l+sS-}R@@+De9m>3BLawNnX0K>?>ihw>^(c+ zqWZXO(#`+6d2%@eC0xo+%zh4eIowZ!xnPCdo3BY+qw#D6Q(;Q#JnMa(EQu z6d^{yNWW93MI?XRi#FpeO?MFleZUYSL52Dt6#+IbrU_P^G;9hkrz55O+7h#YL6-#r z-T+%z^_`+gBZ2n)q8H5=;J_duMjg<2wc8i@hn?LhG{cSnsY?iw3}IWS2A31h@8_7{ z)ARjAF5hBVk``a%rz1Fo)q9Xoo`X#pS~Xrgi)Mkym)uBP9m=u~$er}a#A$^ZvI$`K zEIolmG`)NG{q2v+V%A<{Q{1;FOZ_K&IZym>Jv|HthniMLp33oAPL>_T;8?0@+5?=C zvj|j@PFN))w4bD4CjLa>+7|{%{7lrWy!*puZ9(d*zzXW1Y})=qmL_-70H=j~NZ{~p z7u<|CNd;7@l%%T6!y5Km8`~a~uc>1)63{U&3#;yNQ(0tI!|ZC_AMx)`^3vvWK0ba6 zAQ8hB=von$>3dnaz;15<2e)FfY|o|YSc(a1=FZ}Jg06q|&8A#vY3Ubzl{E7v!5;qo zn9OJ{7O|yfp+Lh*PbMWN2E4H-=fCVPDfA`W=n;9>;jgWv*#7of3!`;Q5Qe2Y$xj97 z$+2Vr>FM4vL*;3?lQ91Dt(c?s+^-&~5 zpyf$~CH+CEeN{SHKdHbc^H^rAUFKiOKsY8QKYnto|M{?)SC)WDkdu59f|Z>v5rIXo zVj2C8#b>zz&v?j`A;S+==U9RRU4+J6u^hhOK^R#e)XTUP=(RvGpJxOR7z{MbZse$9 zaw`ofY~D|n@SF|x?hy%5ILii2Gs=Z}BY5yY7LvWX;ja;&QNe}$sOYVb12L#>&(=7Z z1;7%vPt+w|rc*$2MRd|rB(RfgS8VXf7bS^V4(6ItQQY~vp|IkXyHq-wsVH6C5wqit zNC;d_TE+FXX_8Vokf~)b_NlyTu_lCZ5udvBcgvDy^N1nKFvB|}x@xfySTy)zL1n{M zU3u)VG3ei#VJwAM@PC|6V>jU-5!iP(AoLhZEu7#q>!{UleB-pfafOB&m0GLNjA=M4 z&z(Ht7ktO!A|8oeftOr%08Y@cr%TqnoQ?O=2G=k91^jO#f&2!dZV{mpiHAG9yt!3w zT1tt>F)FFeNA_i~iDk#IP^wQ{_+}qirGB5b8GU3^mq-TVq2ByItJkr&r>1fQo-c_ zG=u&!z%vV@1nLt=AfiHcSrUEu0K0pyV|`%w)51Y)^bt8gm9%rrZf^vq2vq;8U*XizyQb{~ld)3Lu4 zC7^*}M=3mN$bwf|y$T@NU7F@WY{U^XzcD6Hn2i!4 zKi1RkvEV_6lUrSuCyl{*WDkQ6oA!wSs$0H@@u3M^Y*Np(1zWOANb_-rN>8yQMkm696KC#@3iN5-!%c@bFIFiGZ`4$MwwmK2$WKE{sk%wo$s8N z82<36hmFFbF(dC-Ab`}8tSY(!OvpR%g&q5!I`P91NWMI<)ZgSFs_WCDhJOF%04Wxl z7bawZE#VJ4&uI#ae(@Syr##dU3{!Y91hLa;0Qd2{bi3$JNk5`mY zZ*eg-RdLYkAYhKp{XJotLaP?UiiO)NZI)o9zIaeOX=!dgsMRzQvjj0h0iB+OMU@}O zjSK0f-=^6iUyo07N7a2%aXsV7@%y+pF}537snkBGu0M-jeeBtd*}z$iaY`8`kn%GX z*d>&W=-h)VT3=R0oioOuAw2Q-=#M|KJ3LFjpnm|32MXz7fLCf{6prao+Xf=HmLC!O z#f5oBFDDy%EWo1%OeuQ56%^L(-$U>q6OCeq#|p4i!uiKyp0p~j&5Ki0o^e~8(+$Eo zB9ZAQme;s@;PzH zYYa8M1aM16zc`I(jr~$)A}RQcT~k=Ok9uf1n)EziPE8aO$`2AnGOk~cZV{`@Ytou0#pC*m z#hw6yURNc$+18Ye$v7$|_$Ocw6RcrIi6GJ5l$(V2LV*eCEU6;d)v;ArOvvnplr(Q# z%q*pTNz#HaSQsOSx>)?=tJZ%zR)uNLi9tUC5xySD6dEE~n~G~#ILtGCo&5AwqpV1! zWahLM4clkXlL-v

%H2R16YDy&&)>`KEH$FS9tGA942@-!}(7GtfaYpOLf^!VHIn zYO;DEdh>&P8=Yp4sc=eE3HrTbY*X7{hD&j+*)N-XJ}3oTlP`=@Irq&BVnRfRrz!lL zP|#-jB2aF8M4Hq>pAy^ngiW_Pzev~#E^9$QwYdbVq6J0akM?l$y}I>|k~i5`M^N|; zNfQ$GJA>#I@7O+~Vm*f#2<5w$VNBiFeNfeU^XCjO?n6en!sNf2p(rgyuqO*NCEPf? zfvK~efMOx6FmxV^5m|$I-&12ps|n1zU8tBWcOoJzGmig;PutyO$ZfW%9Ybsa`^st z!%ica^8-c@ToMgDBr0k?QwaY`ZQ@*;rY?s}@WSFxG-0^hb2V{EQ@<`9PsGIr!T~0v zPw>QHrq(Gga8(K1$G&(lER5-_o8KGjR;VUFMf8OVfag*(LS;9y=Ve(wMD5w%Zbb`v zue$Alb)1*#qeJoPRs=0Dya^|!fqxT&#!EeLG_eQ!%WhU?AE57T-8Z6#L|)kb^2yPp zQ|h7REnl9i%1ol{dS5%N^SonPc~_|P1<1|8nAmCBOLXKSO!&b?=CGU;hkw%S><6gbixs>?@yLEgU>zpV@wXAa@c-Hx`VULNmEH7)&SNq>#u9mQgunBgxgH( zY$<>QgG4~3^EI=AlXjGOQ+E@hx9awL+A=4LfCh~eYnk@BESa~&Rz$&27d(X=D7r1nT@+dz_H@W#7c7!i{Osw|3aQ7dcakFp+G3dhqz z3YLV_C&CCp5xVE6Q1>2kLV7$U))gnoewoNZ5Zxo>it( zg0~=I>kdlY_S&>}*XLF`q82!jfQfeSbEQ!%o*MT8n(gzv#|fh^_d3&$((&O5ES^tV z*ZT^=a}ZJM(;x%F%BD88%y32$<${?5s?|5JG&)2*Q$6{|bCv|ss5Yzi`>RuK)Zwgh zL01LOPNxcZq$K4Qybp-keBiwwNUblf-9SQmG74OSHjQFm!yr1)Yz#|FI$*W8ewwIo zV0k#+2$B$9*%#YG(PTW*S}RL4Zrv>qH238**-yn!y<;)zt?gu1vSy46jt%zP``U3T zRJc(|TZ{DBXt2r;vvcrT@qqDw*CtDe(={)t zxSuh_)UP-a);F~Q+6I3Wh=C#+5o=C6Oz!^8rrAMBIv=GV=t{XZNurUtEG_s-LAh

Z7F&63%@e&PqcXo}s25m$ zizf9pP-o*yj2)E;&Fvi)^;e`@)n{VYV&$vYdRJ<{>e_1dGDQnWQ06TR%Z zBe?-S`11N|!V%>v*z3D%zhI+)(luFwq-dn4JSB`> z)Ffh#;kTFZ{Why~*7C+%Oq<({Tj91$g!NBotQnYQze}5E;I;dPDj%IQE1lJay~t&c zxx)=y9BEtBp5>lu*EG~r&QhLiihXZ0d^HExsfy!TJ2Tm$f4je90d<~$);yK-y()V% zin(y5RS{XKXLGdd;ipluEdxUSXMQd?%|>>OMES5%wUMa(nSuVg(psW>Tr^0NTE`qQ zByGa4S6NNuCiw?&@ee@x>jFFBuWCf3#w0kS@kWcQT$GEVKdqYnMp-{tyy#ptrG#^j zw)Bg;m)^06CR@mi19ix>hsX{oyzLYhD5j~+BoY^_i-^&5OXiY5TY(vj$KexLfj@_P zzSsO9NoWXtf@)K}NV(B^3k-5PE%A)pzM`FmKPqPUq3Si$Sy|n}(tHTR9*t@l?>>ke z!X-t9x&vt5c?ZVGW{7xe* zF=6aRa9dLJfW7UniUHNmxP6;JNo+iR;NU|r!Adxjn<)xd$>wP7hh|SwstEN7TVre? zo2P;Up`=r=kKrxYtOe`+q8C!qNdsQ=WsJ%0D|63=gnh%SOEfi;_l z{sy+Um=@)=$$lnC)gjg8#5D!HhfSDj+|wYROP`J@LL}>;oJ5&N<5ezE!npJui;x~7 z(czwZeB~=Yeu^%Ik5CWfOTCQwkcr5yeGOP3E?&`g=%zXOtX_VlW^V;z4C0RB_T6hN zgQ%O=7?@RvJ}j>h-zzgZ)R=?M)zJ*9ls(}%E13H&^HnSvM9SECt4(#s{-~Jdn*p4F z!cu%z+bS=X|AB|b?#8Lbh#XfblUiJ+27^!xD|CS{7omRl24BQcF-lpFKStcoec^7(i)DAf~78penHart#uU zOWola54C367k5nOqCetk=uSFT2k?o+JS<8JSsmHg*--FU2uMiB%Z(Ou<-c96h~BYC zr)#N_4ko$tjb~lgVB3?!X(>e_UI^{yP7y(!M?(#^SA|Qf`Q&mnETD*r>Y%sKmsB>z zDnBRI8NVj=<@5SbYO6BEU7c=0FcA-?ASfi$KbeeTSJmiM`%eE}hbiEwBjTO>t zmlnjxHD<;D8=_Kz5{(vW_zJPbDLwTBs4=T6;X?!Z#;ZILRR|oWJ^2iWvV!vbCXH-y z_G|oEm<(lTyfQ9>FVE^|u7hHcTDB<^F15|aGqc{~4er_n{B_IRA1P4;qXPSF5L29= zZwbJ!(v2}^?Pp^P<-Cueh?~G4hEq#WuR(eb;X6rMo`1=cw5ow2+3al6YE=?bmS7Xq zcP#R+@9*zLk@>H$GArIjUD`^NcIh>Ori20g9#MrD`XO*xRHp@!SQQR6HJQC37U8O0 zbfZ}pQ?ToOheme23 z;AFx#Qg%tj#9T+{n$RnU8}|z@8yB@J^!iD59fKieM?Fo2YL!!%D#}6M_P~{dgGjJN zSC7!OpbPo(K95rV<~5ITfY~l-;3Xn^(sk?0WkLm+;@8&*-8VU?&uQP*J^!^hlz|bt zmTD$Bm{C>))g?N!nqm57s*2)IFFR&2A`Az79mc~A>#EdIp{qPEC);1Fv#@D8C{V`V zHmZBaqC}<9VNy)&a}*Jv=P=+81&;u2n$-4kV&n6Al_?urTmDokb(%})d@PA@JdXl` z7tu5*oOdw6DZF|4!PZM1Q~~>SFkb@?RytESGG9 z<#M@!@-Z0DxW?I9duENFx;~CDGnt(qTO;o8$>5!#r1rO$GoP0uU1G@2?djF4JxIo-0rP97QmrfjR+zAtU&5&2BNPb%U=OIgBSSX{3HzSK;$=*8aT1 zHgY+-<8So>d8e0Q$}6#Jz@gd(h$DW>VT2i`Uf#8Sak?zkX)D@a9~EW!*%i%S z;*M)?@u3`%#ggyq_&=G%Khzh zBjYclnJUSiZ+RXj%1wXNZQ28k2ftbV&uF3@l;Tv>F4fC@^L}LT9&K>loH3Kct#Z$5W7bVOiJC|RTm!pxL>0wYPnVzXniNt#+S-KcVqR&>Y8Ip{<6mqboi;_;I{gY`3DgHy{D0e8y46%k3W_aMIp8F#lwh* zGkjdLv&{{=)lE_6Wu`iZ!1fiij7Fv2#9zv>41V69mmQq}_?d3To}MlDDh&k|93YGS z@Z$VPVzB8-KdLTu2isLof{e(oAsUK~dW?~Tze$*te#R*8aS)dtj=2zq&oFHy9K6Wj z+>wZ1?T+w1Y{xzN4SMGzuQZK$?y?G_ zSTEKd1Q0)aIT-R{WHGXGeYbaH#)PymNQ!^(K1cSZlk5`ULOR~95juU@8?+_x;epmr zn4l;Tb1*L3gEMoPK+8fFFV>_T_+plB+v&Gau`@0|r@)Xdhoz+tLGXya^>qG}m@@%go94jz#)hxkjD&?eW5H7bsK5b)z=~5I)H8XlpeY%OES`zZI)% zA`0LOxBZK|xvYy_GK%K#c|xr2&g{;j!LrlIcRpda14s04 zv313W2&6Ap)R}`gk~*V zwjso+%yJrxTQh1dr9KXWcGGpFjpr6{1va@}024E#9x|0KYpa>h_mqOJ=P*Z^TDk$(ZmHU7h%v+4 zeW~6m1erK$^F9xV;Jhc-@C<+SM$;BR=VdltPk=&6NwdqD^G|}U{n_?D65UEzMz0#J zyCZv3tfqSNRVj4$L*|zNA9>yeH-pI^F!y8vdYY>+6+EsGRrC?i_2NIUv>is+Z9JZq zOc0UJ7Hal_uyy8}Ahu4U-m!2xD%WmaJh^Rgy8?6+`x^Jsnt@XY`y2L|*zFpB?cN92 zyHx`#KoUQSfIem^es=lG54@{Jui<8AW>3TEI)K!Y*RC;*JOcAMx{B^Io%g+qHQ$Cg=yQ zo;%N{C7@~7n2Wbb3}W!;#`ivIT6?V1<#l*_g~)u~rp)lP_ewNsov`hrK|v*vKyA4- zcnEIz8&r5cW!~zz2Jy7t)?7{bs*Ncn!>I+eYL2B5v(*HbL)Ek$EA?7&R3T`!P~A`L z^9*3$7mSF{lP=?=X}U9*z`1POZIq;455%AfuM^_7hY_DNtl)5QsymG0O20IeAo=@6 zrz7h>8^Nq&&vl6S-WMk}Yc=}a!TcV#OxDnlD3F)eQ)BmKN9E0rhb8@eeQh^@iCswP zUh{vVajfA`ZU|*A(=&g^0`MYAo0f|{-m@0qso==q`06Y$xgaV$A~4$<&5E|$MT@1A zTR>Zgxc&KZsOL0t2yw^F5Yv%?ju*(>=8hL?#`vy==UR+!8qOLirKfbZBAyE^zzai@ zKaH%`{uGfU4Pwe1_96W)ueeoxAEpd(-}7Yb&gSPNC?^kXIpK{Ye-{|_avPbHp`ybj z&*O)Gkuh`Q`bB&|D!NG}bOu~mz?LjV&ln*O-dWG68U%udhW0u0c^$K;@Y>7ZZ+^S` zEclrIbjs`LTAHf#$7v|heXsgRVdK2 zH4~gnEI|>NFH;0V>-A)+_2c>e{{D)~+m`NguP$(3m>C#!-7Pj|gUonr&)2)7`JS(* zWGgi44s&$dO*@~VWchD^UAc&d%3=!=y1j2QGWHzf2*Z)NiG3og*_+^mcm$98Z?C}5 z+!tK&x@)~#DU7Gl1A)+hqKo3Ie^e4?l7c$Hc#4ku0lCAb<elpax z0SvbkN}to*{n=s_e)`%w7L;91b!?_>bC?B+{*Vu*(h$&FU=KFO6Jv{Jj!X${o6Kn2 z8X~$p zA*l{Y7^)bpW94y2fD|Nzu_11QuzEhLcbzvm*x3cs-lXOyfiBB0{Vl3HO7-`7j_#z_ z*8p)E5KjL^YPsvw+4JaGL^ScsCU*OM2Ly87SB10yJcX+vU2C7$hdte!V)AzH3GuHf z*2{llBE|DDw@G%&Rz0%bv1k*{c>SXP_2)xa&V9}ghNg>P{Co@-fO8joyAqU@k%1%q zQ^DY~5Y7s8|5JD)adulVHAG5LhcRcuk%D8vEVUbpIpq!$1JC z!2H)(x*?V$f#P}b9?LtBskuGP&?FFaTUY@{1duy$jD6Oh=*c|eVp6U4ylean4xa9F z%ZPDE?`fY3$4wvy>eQTL3yJ%!6e_yz?fZ6}fO7xX9d6};hb}XNb-JL6s%)=eB2Vb{ z^>c+qC+!jSPxP;0ziX`Du_(UVWHN#sc)Ml9(iV7_f5;9TL|#}6s$vjelnJpZV8VT{ zT%fen@k2Rw6kTcVMLm0gAfiZ`gR(g?sg_$xU3*Rho}hQ(zvzj}e0$bCS*`n_thtnS zMA!k8K7UN^GHO&Zon{wIS}WbIUSFQ1fXB}=!$QM3=h6Q-<%g-HM^^aMsJRy3?dkhm zG1vP%)7Q1-Pz6r}*)>hasf}NcB2T3l*!dX5P@z!_ zj{IuIShrT^FqcSQk>}RPtZSNoMSPb1*Ju9RBR(}P1t^R2zNUoHH6S`; z%dMUV53%HXU*{5^F6)m(&0zkdb^^@Q=LSdycTe2Qp4z9y314fm%kn|VL`zh4eRy#+e|0Tj2f-hT@s4#p-%U+ z2uPD#`GC=4!m*7?)}b{Cq**2P(^j6(+w6u`T-qc zdt+fYvALX@rG*6gk~*msOe#nx1TWjU(@vq|u0qVO5J3G(0>(02kybx4HGV$cxR=4p zV{@JQb{{Rv_X_ETbhJuDK%nsm6dA@205au6ZeG!XulL6>3qJQDKCZ7vqdwakKvm7X zDdc1**V_r#Q<@108vqe7B*SZUy4-lT;DO$eBY65LWH*)|Bgk*2T-%~$>ZbPTc%IblXXH-w9oTa$(Y8A?Ax_$ zNFP#_%3&h*F58SvF@!Hw{CRA~+&Yc>-1zvo+g^G|=#kH>gLFz*tdSFQc#hFfqSvWI zX7g@}MQJ-8I2U8OKO8KqZwOMP)naW}sLox}9GGiSO#@mul06CjXwy-X!^(z;?S}A1 zp+$2Yrb|Gi>ZGhy0*ek2{R;}F(dSe%)!?_IUXx~FMU>Mt&!6!8DPN963XI9weL{?s z#E?#QNIt^Fj0S|>i!El-4a2*-I#)0`AzTf7l&0-llv zEnz=18CIZ+w0B3_>rI8tYRiMPjr&wlVa8$b;7|g$3I>|mM7w{ASc>`|`Lg$ohL#(L0&eed^cEg@1jC%kBsXyBzd~V`zCDcj0M6sgLpT6s0PWf4 zs5Lil;CUYtat0Vl&8WZ=Vv??mPQh(Y;3d0e9X%--EXa=pCBhD-w^+6P@p6dK=VB+R z?P}$$HVz3;NL6Wmd3ic(e|T$qczSbwOXGGxP#>+foGOsce7r7vz5StU*|0Ra8wiYn zz7n6cc|2V1oc-A)6o`9)y$uL0&T#r~_b%uADhEa(ibm8uMfFqn4mlamL0;VMa5^tH z_rtg-@~gj* zz)V1Lt{#t7g*x|tM9i3_^#jR? zsouFe`Q-T$L1C25dVg!CWtHsb?MztgVv5MwuiHz%>-xbc@Y;ip9%rmOflltRwLX|Y zYty=u*bF41Aw=#2Y4hzsTG?Q;_WHcLH!@eGauoBK*b7kj_Bh<^1rn8b3sO~q`_5xH z3XCR9PCqsVe$nCd%w}kELif|8-Ln37yD(e4^dEG8@Dak6l{qD`z2@&$g0BR~hS7bht)+M|Y3LX!MS`?Y+1Trjk1yO6?e z;&Y_ARxNAa%ExILI~C`3v&{w*$H~IN!p>gj`Eco$o4fY1dRK3`03NDwa~Te!YhDjS;;v8R zR-Luvk`~SrIpQLrtsZyv8uWuzS>7qba#0ZxT23>{xw*MMFLORGfF0p$#~u=l0gQyO z*iaJV8S?#>?Ax0@=nZNz;)}cWCzf|C)Ec^!)w55vt+A<-T(F>NTDvKy_~=R11f}1S zq`JGi0il;gAh`qB;cZVT(EL3o4D{+nluOH**BLKhL8ninE_w05@0G`}T4}mz1^!vv zWu;EP8~P)Tz|}Bo2oj-2t2^*s?NR%q`S`?Jv3Q|o3a2hC*cBEQQYil=#0^kch9FA| zLO}%F&)z{NX(ea6IAj#eOpnOO$w(zJ5E5sqHCY~HS5*N^EYc>?Vs9lWt$+~%3Wo>4 z$dG=1I9~gQD_t18F|9U(-qCbk-8#pE&H$JOt0m)%d^2FG_+mRw7TATjdpxQbt3I}Q zyR`xN!gevW+;9G{`Ll7O3nG2TB3So%^8m;RFG{?(Xeuw!3Ak(lRzdn`wrtDFZshx- zQj?9|BgrLYrY8%CfZx5g{n5&t4X?su^D}vGIVF-xX6)W=R_|Vp_01c8`m%;Dh z99>*&^WyS|nP1_3Q&QnJVllku^LFRc{;->x>3R7TH2=qL>t;?D8H6lwzdkS!`sU7O zrqMH0BnSrPbyK1X1)4f_n$!N5@~wDYjl4`RK=_;j!Nj7X^%lpsLb_qu9v%d+KbhR} zn6m|dbke_?*wxkbqDD0vll_r%i^!VJ`8@zG~ZLf=Q;A z^UdLm2k>DVY>1`Ql9S%C0R6)UU=0MeB3NBtRz9^5nSDo!8V+*1x=QpL)G7!u7=0xb0Z=fc;q1KRx{^lDL4)kEyz1Op{3wWzY<;TZcUg z;80&4#xfVHjo^LQTu%8&&pZ4e=orr~kGUPXNS51uGRGDg9p-?XtkQTSCFgcgTKP0Z z=cZUSxw}TQ!Fr{|ttL4=5}(t&4DiXP^KNAHiKo@OHs|J-I{;VE`67^!2IE`10=N8G z%hf1Ax$#||e?%61u1wB=fI+fc{&NBNN9Nz37(AMKH7}u3fSd%lFHpe_E7ikw1JmR| zz@-Y4yR-4(9g9)Hw`T=4Rht%G_iHLtL?om{gwPhXo3d)=%6mr%p;wp91Hia+fzQ_D zbOglB;8YS*)W>F z-u>qA<>@Zd{jkVkcbHjLvuw8BYUv+u(n7*c9Zmvkkyp#qBUO$z_bkKYB2cd>1fpc@ zYGw_E0R%=O?Yk6}63|~4h71xF?UpAHm**4s_h&ThCWYPNwg1iatYqNx zEY3R?x-aHBt9eF4G9G(%XMA_d4z5mSDG|}pN&XH>Yh^G&Zf42ikRV0HIKXzC6AJM; zEblL(ed3J{{^cRjKw=5J9vVHI3!I<#u_1Bu)hI7O6X2i--(a;Rz|;x` zOZO6|7I4BPD3r{Q<@~|%%zeA=L6-#ZNR37&xI9h3{XPWcTSRb#;vY3dmbv{&9T z?dDmMQgW$&jGhrLnl7T1fHyEUKPWRtdC_KF3-PqRfg7;$&ru?S&k z+(ygo{P*S1>&<6v&C|^Q^KlAPOR!|C&P!H5uo-p!*ly$}>A-m^WmX*WBUU37Q@zvY1o@SBG#V7O%P+#sWB;(!1;aOs%*bfKo7 zPov540Ps2B1nU7OOP@P`oNI5(drJpEq=c*oGN(7d4R3S-&OtJ_f=;u3n3hUHod_5A z!hIO{HY`RR1Q6$%=heR-0q{@&FPf!v1th{QTaldQnhm3s$v{256yI`CkUCqc&gyci zH8nNneOm*>+@XIC2snJ1W`hn;XmHZH%ICaevEn#o)v&U=^r##y`p_1CpwPU6)D3LC ztCU~{>&JddJ8jS?qY8I#S(R02y@v%CiWNyzr!n`(yIbWv#Z}JYNXTFLbl}MI0i@y{ z@^$iS?5MJ;_QO;ATc@H7cklLSGV7l9nfqMx>J0;_So6w7!Xr%$8m(*_$B>+cexJ7%rAGPtFP!aFU;xq>ZP&M;6Zdv(7>z z5CCTcL<+CAOQ7?!{;$gOxvj~JjC6{$HJAjt68Z6f4?lm)=BZawK#G_;@u@+{0D=^c z?5K6)P9hM7M$dWxJD&NnxtHnl3W3ZA0#Qh8V5(|ulqFJl9Z2co0b7LUA%X=^C4k+pJ!{+JKVx1LJ(&U+wda4QPT#N!4%!_a z^;o^iunH>vF9-klISOUsA2R}QCI4>qr?oe45Yy%x;EDoQ$zu_~`Ks6SwRcSsx-2tu zaqahSAiu67NBI!MD*)|`IE4&A4R;Fe(vD!wuAflwX<-aF?X-Uk3y|%tRvE%%mP+K> zZ4bn3K~fLt9g}>E+B>3(5P}AQ%p}*IRBi_X4&(D(A4|jyL77iMucs^O7HABAzR_`~ z_h$?#T3os&Z38{M&bNwI2W0cZ#n*eJuV29PpljLuB;|?f_~L&fxZ2C0iJ+0#&YDPse0t)mt{Hnht(#l4IC2~rq3;exyt+bH6g=E_1;|;- z1j+n`Z=o+e;C{YicUV7qb#!zdOfI7dxEH6V#ahX2Y|earK>}+zWBEvBnWdj%wxwlo$aNdp4|8JVaTnJH5?nuI}gN}1`o zITwo>0K1;vUb{xEU8Z7HQc=0k!Xd)+(Hy?{(CFxP&j*%QUK$!24i2olMs99y*J;e# z@9#d+(gNrk!DBOM0aZim-6}jHB0U3xwYj+gG(GT)>PeiefO@<4%P(d_fv00ujoM&Z zsszc&`+<>>-hk`0Gy+el+h{9G%buO&Sr9HcyZ7@wU`eE+!RxVVth>X>4*B9wJ zPiJ=gdL;%x%LA~zm)%qw6cLxRRU@5=lbi9`SrvKtiN!@8;7x%#jk2kO^HgeT>Oa2G z(XtvEi$Dq9V{noCIl8!{M4W7*%CJ8|Vk-idRVGs)5?L5FC?rHGfAaCsJr&y_f`Y$u z3%zVa%l`R@ejVXr4>ss`DOv#-0^F=?9`DAtr?~UpH67XvJ@`=yskWJ(ZSxjJ1P+fgJ zj~sU*5#nX}U$H4ZqOs04Mu0}>MiwkBFZaG0;Vj#&6o>u$y&6cWfo@%UY3a9$IbN0? z6)FrsjeGX!hE}DNB-L2fZq7EN6s~v;XS)+AIXO9rQMbPR)CS-%Oh(g+ii)aQM_m8Y z#K!!%o~)M}a!qP@UhP?3b@N+44~XdQwykAwK_ZNd6+mYHYh;&RvwnUu!R>0dOskQF zmX?;2v!SdEk+jzFU@|y37@*(+9QhbDYE6N>nkE4bW{W3MC~%lU=2CJsFj=Be}!}hT1&?n77%SE|Djn4b}_ZC2if02~r0qENz z#X{3wSa2vvNZ>QIz1(UN5~c&S$;DORHq644ehMUZ6~BMm+7?gr_nQDEk4W}8K(<8vO>tTl$iH%&q5X!{h!EvV zL?Bl);@BGS8DVx0f^J}N(0=gsta~$svWrrS~$;DzsB; zl(2agOmj-yoTjesJOobmTYZrq&?$QQ`mnID1YFO3RWvH*hy|VrMS8{^)GLkOeI&aZ ziRiih(%ERPRbB=I2ZzgU6H-@KcTmKFvh%hlo!3PpC3S22vZcjyc?+44hmDTz__(nK zpe1r%A2nl)znOfV!iLrNuzG-9}j>lHSX6h*URm{ zIXPr=tv#^W5`^vo)3oM;kG+;I~zdSCj~%@_e;m(`6L$9F8gQKYh4 zB7|`1Ve{^kz?`t*FptW74oX9FYhn5%6a8cMBD>(s4%E8!lR-- z8yU?3sW&=r)i!^cZyP*i(M{Rq6F~o0s=VAaiYbSxd#awWZ}b zKS?4#FVD1Yu{$Ih2f=-4YRN2Q`;q25M{0T%^f!t)$$SlfbPyBk0lKv=CyPcieGTlo zJ)ijaJOKqeZ*Onl5Qgig$u9DJr;wmEP^y0U8Z4Q_qTmK9yuyW*T6$0FYnXA4f&37!8nRVMOXQyCJ zqYN+5YinyUu(102`T*bmQaJSj#DCcA>1m}tt#ByGoe6+hazF_WjY#8lDgXQZ@#W6{ z(401kn9|h3s@Z$%ak@y+cr?uk2r844lR)9R$p)7m&5P*nWoS4zHnFha2Cyfao3t$I zs`17S4p-+J-M~-~BMK})o+zlRA2>P_n3RGA{+uwKKDr4D3j@NkNOomy?exKghpnxx zySqCOhXFzmD8s(Mvs?&ed{TnK1zAqsSphD99}^P;xb3EWqtDBYYO3guFcc9gW@bAe zNTP*p14$MgEv-ZD|BAcPcqrTNKSPG>dMu5E8O8{1#cDbokDwy21 z!Rw;6_2jqt-VP}42cwNd!%zD{`nNP*THjDF_-hmA^Tl^;x-5bvmNT_CIU&KmT|H

+fGP-@eZT;hKz43(QN35T}QG@pwG&G4R#vkd?N!wSApwc2?xi z`#T~${6%;7=*WmYEDi8Iz#)LU8}cyVlfOrD*i|}Yd!FPcOOyFK z-ZY#k#O~SRjXV!;?x{-wX4Vtv%>DO@bF&%aYT+Dg?aYPvw6Y-aI&wj57eU2 zAYp_^{0hr^YHG^I$}l!<%IgV?s;YChOmeGo52Lw?Czkqqewc@-Q?HsWf?V{(hyoow zy@dpM=eI*}&b2O&p~Z)?cF$09T3TAQaQ0uLPrfS6JnURh&uIq*1^L>(b1BO^teo3QC`f*P2Ldkfke;u!X9 z5!>=I@Jn5JONO6|(U~QAsmi;dZ0t&%l44?Fs;Z&jk)3L`pp8gRPmhI#1;n}KXOpT1JjlthGBD_W+Z})Q>{-g3dSiEA`q3Pj2w(6Gu-nVZ$_NBP>o4M~S9+(5 zj`1d5enyCmh4T)2SKv*!?3^n?r_9aGT@-EhvzB12Un3$Y3Js`BS;%!4wWvmFn52q| zb;+=~rDX-#quvHQvG=D0WcnFy7=nU=0RCV>fq$F-2AmgAfq8RtbJQoa)16Mo)YFjT zYk}We3twimaN)5vU|D(RS7~TH0}l@mW)>D$Iun4&HWzjdUAwzyixNJ;HwL*w5$>#3 zC+^sD{S$WehsD)?-3uGuFNO>+Y#-HqH6N$lwoEY#3|xoV6En^~BgQS_?&c;gB{fJS zc7$zs$c`Pj8cXc~Bk%&x<393^>!=gqBuFzD*;P81;0thz`a@O>W8tX?=4 zFet1#|5hywCer@tghxFj8DQkFHmaMVp=bthp06e*tVGgT51+czJD-)E4NOx*U7dN! zFze%Hf={uGBRv`?J?Mx$hhmBrrY({$>NH=H$ujJ5l27dgfm@;R!^(<^Ps6{eruQ?y z-G>j^AHgYNni=KhBU;C%lSqFrcij}#*WE%>IpVrj@o!%mQBjw%N9Ubt4jxm5l}>h3 z^a-Z7p2?(WK?23W%$$&vw7#}B|1AU+gQR76YAFV?VSMf&lguR!%RB88Tm<1JBLjoK zO8(~NW^bwx3mz+&Izgq{15~rI30wZB9+=_husUu|JINwXAXJzv4o-eC2_QWD!mIz@ zT_euNg}^7HAL@9Ve(3R`YF)ek3|(D(N5^ipWA{s^nvM=ls@asAB0npt^@FyZ9VLd5 z1C_^s=~?3!m@Q7T6KdNHC`}aRj6&Iu|8*DTC#9^}&}lp(SZVgDi&(P3su_{0b{XL; zcaRm;O}n|fys5xp`l!mUQzIWk!+i=WS$zfwQ%cr&tlD+mUlr9QEF;z->yl)+Ei*O+5))dIGme%?X0V}z0@x~Z}L!K6W{ zWcrSKU%VfSzG*;FEUSIp3zDXC8EKzskr5|t1Do-Fr z?bpv->aUDsUDw3%B2q|7ua|-k4Oo=%ff$x|_g7)^vuP`}wKktz&7r` zP_-Ip)_1#1fR7IxAB?}V47sq7$G&;}+R()0VRjb-H!}lP95QQ3Nl#jP#2DR{cq>H` zdqyntva9Qfr&;OgM>6|!uNWH|J_~a7h)POg1xmrJeC4c>tLu9>I}r2+y6v?$cXtXc z={jAje;Zqm&`vTmvGm>;h}w;L{_fD$#}Y4Nfq%K2)YCg#^FZhTooH8V%6dpyN=Yf` z^JI%2Gx~oI?qwbfN9{$`}7N7d^0F9bL^(Bk4y zA0!@3x7=svahz0fBm7))jAqM)fM zw6yQWF=1gsK?Yh$R@S#SiB7qN;);rd`~@qCtVwU-^fNX#Hn|Kg zC(zV|JP!}izyFNmS+6T9DqvdAie^B>V?d!s1X$a&8s# zaaG3VT%$RVAnB(Hdi(lnhORy^D>pAU2e;3ATL&5oFD@=ZW;`%7M16L7;02zA?4gA1 z!^wS~ZY0uZHz9;G<3)gGg1lBDOF}{6g6M%#U>8O!%q0TqQi|C(dcTNU3%Cix36PVkuXAygQr z_3pPNobx0sImfvV8eO`wbQtl`neY}#&tU6L_fs(bno#Yon^r>v;iiB10inC%q_a)b zmY=~H6}>WZf>TboCS+T3fwG=yz|2uoI!~1XJc^)YUAFbLp;SKD;iLXc^)l=F21cm+ zbE}sUwzB7Ow#%_X5+hq+n0b8R#kcJJk>p2BJ~U(`wfmD?_Kzdi^wsukky3SgqA-Pm z=#;1nx!^I=i+FbWc{;K&@XN{rdrt_Jt`oNl-*#gZ-|d%L^`)0IcRvO88<_hFt= z(YKH!*-3Zure<^lbJHy{>V4GC!N~|#gp}~w%g}#nnM0&B0ye{N&jVr-oAf(Z>2R3Y zD53-@XOh1!`1%;;^LQuFC@g(a&ME3^b*$$Rv%-Rqg!&!E7!}-d$! [!NOTE] -If you enable Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you. - -  -**Add the virtualization-based security features by using Programs and Features** - -1. Open the Programs and Features control panel. -2. Click **Turn Windows feature on or off**. -3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. -4. Select the **Isolated User Mode** check box at the top level of the feature selection. -5. Click **OK**. - -**Add the virtualization-based security features to an offline image by using DISM** - -1. Open an elevated command prompt. -2. Add the Hyper-V Hypervisor by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all - ``` -3. Add the Isolated User Mode feature by running the following command: - ``` - dism /image: /Enable-Feature /FeatureName:IsolatedUserMode - ``` - -> [!NOTE] -> You can also add these features to an online image by using either DISM or Configuration Manager. - -### Enable virtualization-based security and Credential Guard - -1. Open Registry Editor. -2. Enable virtualization-based security: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. - - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. - - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. -3. Enable Credential Guard: - - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. - - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. -4. Close Registry Editor. - - -> [!NOTE] -> You can also enable Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. - - -### Enable Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot -``` - -### Credential Guard deployment in virtual machines - -Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. - -Credential Guard protects secrets from non-privileged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: - -``` PowerShell -Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true -``` - -Requirements for running Credential Guard in Hyper-V virtual machines -- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. -- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. - - -### Check that Credential Guard is running - -You can use System Information to ensure that Credential Guard is running on a PC. - -1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. -2. Click **System Summary**. -3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. - - Here's an example: - - ![System Information](images/credguard-msinfo32.png) - -You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Ready -``` - - -### Remove Credential Guard - -If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). - -1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). -2. Delete the following registry settings: - - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity - - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures - - > [!IMPORTANT] - > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. - -3. Delete the Credential Guard EFI variables by using bcdedit. - -**Delete the Credential Guard EFI variables** - -1. From an elevated command prompt, type the following commands: - ``` syntax - - mountvol X: /s - - copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y - - bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" - - bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO - - bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: - - mountvol X: /d - - ``` -2. Restart the PC. -3. Accept the prompt to disable Credential Guard. -4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. - -> [!NOTE] -> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS - -For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). - - -#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool - -You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). - -``` -DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot -``` -  diff --git a/windows/keep-secure/credential-guard-not-protected-scenarios.md b/windows/keep-secure/credential-guard-not-protected-scenarios.md deleted file mode 100644 index c6b43cbd64..0000000000 --- a/windows/keep-secure/credential-guard-not-protected-scenarios.md +++ /dev/null @@ -1,159 +0,0 @@ ---- -title: Scenarios not protected by Credential Guard (Windows 10) -description: Scenarios not protected by Credential Guard in Windows 10. -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft ---- - -# Scenarios not protected by Credential Guard - -**Applies to** -- Windows 10 -- Windows Server 2016 - -Prefer video? - -[![Credentials not protected by Credential Guard](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) - - - -See also: [Protecting privileged users with Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=JNbjYMJyC_8104300474) - - -Some ways to store credentials are not protected by Credential Guard, including: - -- Software that manages credentials outside of Windows feature protection -- Local accounts and Microsoft Accounts -- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would when running Windows 10 Enterprise. -- Key loggers -- Physical attacks -- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access to high value assets in your organization. -- Third-party security packages -- Digest and CredSSP credentials - - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. -- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. - -For further information, see video: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) - -## Additional mitigations - -Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also must be deployed to make the domain environment more robust. - -### Restricting domain users to specific domain-joined devices - -Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on using devices that have Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. - -#### Kerberos armoring - -Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. - -**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** - -- Users need to be in domains that are running Windows Server 2012 R2 or higher -- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. -- All the devices with Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. - -#### Protecting domain-joined device secrets - -Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user. - -Domain-joined device certificate authentication has the following requirements: -- Devices' accounts are in Windows Server 2012 domain functional level or higher. -- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: - - KDC EKU present - - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension -- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. -- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. - -#### Deploying domain-joined device certificates - -To guarantee that certificates with the required issuance policy are only installed on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. - -For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. - -**Creating a new certificate template** - -1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** -2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. -3. Right-click the new template, and then click **Properties**. -4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. -5. Click **Client Authentication**, and then click **Remove**. -6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: - - Name: Kerberos Client Auth - - Object Identifier: 1.3.6.1.5.2.3.4 -7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. -8. Under **Issuance Policies**, click**High Assurance**. -9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. - -Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. - -**Enrolling devices in a certificate** - -Run the following command: -``` syntax -CertReq -EnrollCredGuardCert MachineAuthentication -``` - -> [!NOTE] -> You must restart the device after enrolling the machine authentication certificate. -  -#### How a certificate issuance policy can be used for access control - -Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. - -**To see the issuance policies available** - -- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\get-IssuancePolicy.ps1 –LinkedToGroup:All - ``` - -**To link an issuance policy to a universal security group** - -- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. - From a Windows PowerShell command prompt, run the following command: - - ``` syntax - .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" - ``` - -#### Restricting user sign on - -So we now have completed the following: - -- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on -- Mapped that policy to a universal security group or claim -- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies. - -Authentication policies have the following requirements: -- User accounts are in a Windows Server 2012 domain functional level or higher domain. - -**Creating an authentication policy restricting users to the specific universal security group** - -1. Open Active Directory Administrative Center. -2. Click **Authentication**, click **New**, and then click **Authentication Policy**. -3. In the **Display name** box, enter a name for this authentication policy. -4. Under the **Accounts** heading, click **Add**. -5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you wish to restrict, and then click **OK**. -6. Under the **User Sign On** heading, click the **Edit** button. -7. Click **Add a condition**. -8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. -9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. -10. Click **OK** to close the **Edit Access Control Conditions** box. -11. Click **OK** to create the authentication policy. -12. Close Active Directory Administrative Center. - -> [!NOTE] -> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. - -#### Discovering authentication failures due to authentication policies - -To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. - -To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). diff --git a/windows/keep-secure/credential-guard-requirements.md b/windows/keep-secure/credential-guard-requirements.md deleted file mode 100644 index 4d095e5eab..0000000000 --- a/windows/keep-secure/credential-guard-requirements.md +++ /dev/null @@ -1,125 +0,0 @@ ---- -title: Credential Guard Requirements (Windows 10) -description: Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security associated with available hardware and firmware options. -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft ---- - -# Requirements - -**Applies to** -- Windows 10 -- Windows Server 2016 - -Prefer video? - -[![Credential Guard Deployment Requirements](images/mva_videos.png)](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=sRcyvLJyC_3304300474) - - - - - - -For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations). - - - -## Hardware and software requirements - -To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: -- Support for Virtualization-based security (required) -- Secure boot (required) -- TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) -- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) - -The Virtualization-based security requires: -- 64-bit CPU -- CPU virtualization extensions plus extended page tables -- Windows hypervisor - -## Application requirements - -When Credential Guard is enabled, specific authentication capabilities are blocked, so applications that require such capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. - ->[!WARNING] -> Enabling Credential Guard on domain controllers is not supported.
-> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. - ->[!NOTE] -> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). - -Applications will break if they require: -- Kerberos DES encryption support -- Kerberos unconstrained delegation -- Extracting the Kerberos TGT -- NTLMv1 - -Applications will prompt and expose credentials to risk if they require: -- Digest authentication -- Credential delegation -- MS-CHAPv2 - -Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. - -See this video: [Credentials Protected by Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474) - - -## Security considerations - -All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. -Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. -The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. - -> [!NOTE] -> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
-> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
- -### Baseline protections - -|Baseline Protections | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | -| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | -| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | -| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | -| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | -| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. - -### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | -| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | - -
- -### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 - -> [!IMPORTANT] -> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. - -| Protections for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | -| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | -| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | - -
- -### 2017 Additional security qualifications starting with Windows 10, version 1703 - -The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. - -| Protection for Improved Security | Description | -|---------------------------------------------|----------------------------------------------------| -| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be executable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volatile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both executable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and executable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | -| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | diff --git a/windows/keep-secure/credential-guard-scripts.md b/windows/keep-secure/credential-guard-scripts.md deleted file mode 100644 index 5cb5a2404a..0000000000 --- a/windows/keep-secure/credential-guard-scripts.md +++ /dev/null @@ -1,487 +0,0 @@ ---- -title: Credential Guard Scripts (Windows 10) -description: Credential Guard Scripts listed in this topic for Windows 10, for obtaining the available issuance policies on the certificate authority. -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft ---- - -# Credential Guard Scripts - -Here is a list of scripts mentioned in this topic. - -## Get the available issuance policies on the certificate authority - -Save this script file as get-IssuancePolicy.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$Identity, -$LinkedToGroup -) -####################################### -## Strings definitions ## -####################################### -Data getIP_strings { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targeted. -help2 = Usage: -help3 = The following parameter is mandatory: -help4 = -LinkedToGroup: -help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. -help6 = "no" will return only Issuance Policies that are not currently linked to any group. -help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. -help8 = The following parameter is optional: -help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. -help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. -help11 = Examples: -errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" -ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". -ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". -ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: -LinkedIPs = The following Issuance Policies are linked to groups: -displayName = displayName : {0} -Name = Name : {0} -dn = distinguishedName : {0} - InfoName = Linked Group Name: {0} - InfoDN = Linked Group DN: {0} -NonLinkedIPs = The following Issuance Policies are NOT linked to groups: -'@ -} -##Import-LocalizedData getIP_strings -import-module ActiveDirectory -####################################### -## Help ## -####################################### -function Display-Help { - "" - $getIP_strings.help1 - "" -$getIP_strings.help2 -"" -$getIP_strings.help3 -" " + $getIP_strings.help4 -" " + $getIP_strings.help5 - " " + $getIP_strings.help6 - " " + $getIP_strings.help7 -"" -$getIP_strings.help8 - " " + $getIP_strings.help9 - "" - $getIP_strings.help10 -"" -"" -$getIP_strings.help11 - " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" - " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" - " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" -"" -} -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -$configNCDN = [String]$root.configurationNamingContext -if ( !($Identity) -and !($LinkedToGroup) ) { -display-Help -break -} -if ($Identity) { - $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * - if ($OIDs -eq $null) { -$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity -write-host $errormsg -ForegroundColor Red - } - foreach ($OID in $OIDs) { - if ($OID."msDS-OIDToGroupLink") { -# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $groupName = $group.Name -# Analyze the group - if ($group.groupCategory -ne "Security") { -$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName -write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - } - } - return $OIDs - break -} -if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" - $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*****************************************************" - write-host $getIP_strings.LinkedIPs - write-host "*****************************************************" - write-host "" - if ($LinkedOIDs -ne $null){ - foreach ($OID in $LinkedOIDs) { -# Display basic information about the Issuance Policies - "" - $getIP_strings.displayName -f $OID.displayName - $getIP_strings.Name -f $OID.Name - $getIP_strings.dn -f $OID.distinguishedName -# Get the linked group. - $groupDN = $OID."msDS-OIDToGroupLink" - $group = get-adgroup -Identity $groupDN - $getIP_strings.InfoName -f $group.Name - $getIP_strings.InfoDN -f $groupDN -# Analyze the group - $OIDName = $OID.displayName - $groupName = $group.Name - if ($group.groupCategory -ne "Security") { - $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - if ($group.groupScope -ne "Universal") { - $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - } - $members = Get-ADGroupMember -Identity $group - if ($members) { - $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName - write-host $errormsg -ForegroundColor Red - foreach ($member in $members) { - write-host " " $member -ForeGroundColor Red - } - } - write-host "" - } - }else{ -write-host "There are no issuance policies that are mapped to a group" - } - if ($LinkedToGroup -eq "yes") { - return $LinkedOIDs - break - } -} -if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { - $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" - $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * - write-host "" - write-host "*********************************************************" - write-host $getIP_strings.NonLinkedIPs - write-host "*********************************************************" - write-host "" - if ($NonLinkedOIDs -ne $null) { - foreach ($OID in $NonLinkedOIDs) { -# Display basic information about the Issuance Policies -write-host "" -$getIP_strings.displayName -f $OID.displayName -$getIP_strings.Name -f $OID.Name -$getIP_strings.dn -f $OID.distinguishedName -write-host "" - } - }else{ -write-host "There are no issuance policies which are not mapped to groups" - } - if ($LinkedToGroup -eq "no") { - return $NonLinkedOIDs - break - } -} -``` -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. -  -### Link an issuance policy to a group - -Save the script file as set-IssuancePolicyToGroupLink.ps1. - -``` syntax -####################################### -## Parameters to be defined ## -## by the user ## -####################################### -Param ( -$IssuancePolicyName, -$groupOU, -$groupName -) -####################################### -## Strings definitions ## -####################################### -Data ErrorMsg { -# culture="en-US" -ConvertFrom-StringData -stringdata @' -help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. -help2 = Usage: -help3 = The following parameters are required: -help4 = -IssuancePolicyName: -help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. -help6 = The following parameter is optional: -help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. -help8 = Examples: -help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. -help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. -MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" -NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". -IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} -MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". -confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? -OUCreationSuccess = Organizational Unit "{0}" successfully created. -OUcreationError = Error: Organizational Unit "{0}" could not be created. -OUFoundSuccess = Organizational Unit "{0}" was successfully found. -multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". -confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? -groupCreationSuccess = Univeral Security group "{0}" successfully created. -groupCreationError = Error: Univeral Security group "{0}" could not be created. -GroupFound = Group "{0}" was successfully found. -confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? -UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. -UnlinkError = Removing the link failed. -UnlinkExit = Exiting without removing the link from the issuance policy to the group. -IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. -ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". -ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". -ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: -ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? -LinkSuccess = The certificate issuance policy was successfully linked to the specified group. -LinkError = The certificate issuance policy could not be linked to the specified group. -ExitNoLinkReplacement = Exiting without setting the new link. -'@ -} -# import-localizeddata ErrorMsg -function Display-Help { -"" -write-host $ErrorMsg.help1 -"" -write-host $ErrorMsg.help2 -"" -write-host $ErrorMsg.help3 -write-host "`t" $ErrorMsg.help4 -write-host "`t" $ErrorMsg.help5 -"" -write-host $ErrorMsg.help6 -write-host "`t" $ErrorMsg.help7 -"" -"" -write-host $ErrorMsg.help8 -"" -write-host $ErrorMsg.help9 -".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " -"" -write-host $ErrorMsg.help10 -'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' -"" -} -# Assumption: The group to which the Issuance Policy is going -# to be linked is (or is going to be created) in -# the domain the user running this script is a member of. -import-module ActiveDirectory -$root = get-adrootdse -$domain = get-addomain -current loggedonuser -if ( !($IssuancePolicyName) ) { -display-Help -break -} -####################################### -## Find the OID object ## -## (aka Issuance Policy) ## -####################################### -$searchBase = [String]$root.configurationnamingcontext -$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * -if ($OID -eq $null) { -$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($OID.GetType().IsArray) { -$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -else { -$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName -write-host $tmp -ForeGroundColor Green -} -####################################### -## Find the container of the group ## -####################################### -if ($groupOU -eq $null) { -# default to the Users container -$groupContainer = $domain.UsersContainer -} -else { -$searchBase = [string]$domain.DistinguishedName -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -if ($groupContainer.count -gt 1) { -$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase -write-host $tmp -ForegroundColor Red -break; -} -elseif ($groupContainer -eq $null) { -$tmp = $ErrorMsg.confirmOUcreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName -if ($?){ -$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU -write-host $tmp -ForegroundColor Green -} -else{ -$tmp = $ErrorMsg.OUCreationError -f $groupOU -write-host $tmp -ForeGroundColor Red -break; -} -$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name -write-host $tmp -ForegroundColor Green -} -} -####################################### -## Find the group ## -####################################### -if (($groupName -ne $null) -and ($groupName -ne "")){ -##$searchBase = [String]$groupContainer.DistinguishedName -$searchBase = $groupContainer -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -if ($group -ne $null -and $group.gettype().isarray) { -$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase -write-host $tmp -ForeGroundColor Red -break; -} -elseif ($group -eq $null) { -$tmp = $ErrorMsg.confirmGroupCreation -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" -if ($?){ -$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName -write-host $tmp -ForegroundColor Green -}else{ -$tmp = $ErrorMsg.groupCreationError -f $groupName -write-host $tmp -ForeGroundColor Red -break -} -$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase -} -else { -break; -} -} -else { -$tmp = $ErrorMsg.GroupFound -f $group.Name -write-host $tmp -ForegroundColor Green -} -} -else { -##### -## If the group is not specified, we should remove the link if any exists -##### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" -write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" -if ($?) { -$tmp = $ErrorMsg.UnlinkSuccess -write-host $tmp -ForeGroundColor Green -}else{ -$tmp = $ErrorMsg.UnlinkError -write-host $tmp -ForeGroundColor Red -} -} -else { -$tmp = $ErrorMsg.UnlinkExit -write-host $tmp -break -} -} -else { -$tmp = $ErrorMsg.IPNotLinked -write-host $tmp -ForeGroundColor Yellow -} -break; -} -####################################### -## Verify that the group is ## -## Universal, Security, and ## -## has no members ## -####################################### -if ($group.GroupScope -ne "Universal") { -$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -if ($group.GroupCategory -ne "Security") { -$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -break; -} -$members = Get-ADGroupMember -Identity $group -if ($members -ne $null) { -$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName -write-host $tmp -ForeGroundColor Red -foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} -break; -} -####################################### -## We have verified everything. We ## -## can create the link from the ## -## Issuance Policy to the group. ## -####################################### -if ($OID."msDS-OIDToGroupLink" -ne $null) { -$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName -write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline -$userChoice = read-host -if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Replace $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} else { -$tmp = $Errormsg.ExitNoLinkReplacement -write-host $tmp -break -} -} -else { -$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} -set-adobject -Identity $OID -Add $tmp -if ($?) { -$tmp = $Errormsg.LinkSuccess -write-host $tmp -Foreground Green -}else{ -$tmp = $ErrorMsg.LinkError -write-host $tmp -Foreground Red -} -} -``` - -> [!NOTE] -> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. \ No newline at end of file diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md index 9361bddbf8..dab9e6eabd 100644 --- a/windows/keep-secure/credential-guard.md +++ b/windows/keep-secure/credential-guard.md @@ -24,6 +24,928 @@ By enabling Credential Guard, the following features and solutions are provided: - **Virtualization-based security** Windows NTLM and Kerberos derived credentials and other secrets run in a protected environment that is isolated from the running operating system. - **Better protection against advanced persistent threats** When Credential Manager domain credentials, NTLM, and Kerberos derived credentials are protected using virtualization-based security, the credential theft attack techniques and tools used in many targeted attacks are blocked. Malware running in the operating system with administrative privileges cannot extract secrets that are protected by virtualization-based security. While Credential Guard is a powerful mitigation, persistent threat attacks will likely shift to new attack techniques and you should also incorporate Device Guard and other security strategies and architectures. +## How it works + +Kerberos, NTLM, and Credential manager isolate secrets that previous versions of Windows stored in the Local Security Authority (LSA) by using virtualization-based security. Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using virtualization-based security and is not accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process. + +For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment. + +When Credential Guard is enabled, NTLMv1, MS-CHAPv2, Digest, and CredSSP cannot use the signed-in credentials. Thus, single sign-on does not work with these protocols. However, applications can prompt for credentials or use credentials stored in the Windows Vault which are not protected by Credential Guard with any of these protocol. It is strongly recommended that valuable credentials, such as the sign-in credentials, not be used with any of these protocols. If these protocols must be used by domain or Azure AD users, secondary credentials should be provisioned for these use cases. + +When Credential Guard is enabled, Kerberos does not allow unconstrained Kerberos delegation or DES encryption, not only for signed-in credentials, but also prompted or saved credentials. + +Here's a high-level overview on how the LSA is isolated by using virtualization-based security: + +![Credential Guard overview](images/credguard.png) + +## Requirements + +For Credential Guard to provide protections, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally Credential Guard blocks specific authentication capabilities, so applications which require blocked capabilities will break. We will refer to this as [Application requirements](#application-requirements). Beyond that, computers can meet additional hardware and firmware qualifications, and receive additional protection—those computers will be more hardened against certain threats. To keep this section brief, those will be in [Security Considerations](#security-considerations). + +### Hardware and software requirements + +To provide basic protection against OS level attempts to read Credential Manager domain credentials, NTLM and Kerberos derived credentials, Credential Manager uses: +- Support for Virtualization-based security (required) +- Secure boot (required) +- TPM 2.0 either discrete or firmware (preferred - provides binding to hardware) +- UEFI lock (preferred - prevents attacker from disabling with a simple registry key change) + +The Virtualization-based security requires: +- 64 bit CPU +- CPU virtualization extensions plus extended page tables +- Windows hypervisor + +### Application requirements + +When Credential Guard is enabled, specific authentication capabilities are blocked, so applications which require blocked capabilities will break. Applications should be tested prior to deployment to ensure compatiblity with the reduced functionality. + +>[!WARNING] +> Enabling Credential Guard on domain controllers is not supported.
+> The domain controller hosts authentication services which integrate with processes isolated when Credential Guard is enabled, causing crashes. + +>[!NOTE] +> Credential Guard does not provide protections for the Active Directory database or the Security Accounts Manager (SAM). The credentials protected by Kerberos and NTLM when Credential Guard is enabled are also in the Active Directory database (on domain controllers) and the SAM (for local accounts). + +Applications will break if they require: +- Kerberos DES encryption support +- Kerberos unconstrained delegation +- Extracting the Kerberos TGT +- NTLMv1 + +Applications will prompt & expose credentials to risk if they require: +- Digest authentication +- Credential delegation +- MS-CHAPv2 + +Applications may cause performance issues when they attempt to hook the isolated Credential Guard process. + +### Security considerations + +All computers that meet baseline protections for hardware, firmware, and software can use Credential Guard. +Computers that meet additional qualifications can provide additional protections to further reduce the attack surface. +The following tables describe baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017. + +> [!NOTE] +> Beginning with Windows 10, version 1607, Trusted Platform Module (TPM 2.0) must be enabled by default on new shipping computers.
+> If you are an OEM, see [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514.aspx).
+ +#### Baseline protections + +|Baseline Protections | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **64-bit CPU** | A 64-bit computer is required for the Windows hypervisor to provide VBS. | +| Hardware: **CPU virtualization extensions**,
plus **extended page tables** | **Requirements**: These hardware features are required for VBS:
One of the following virtualization extensions:
• VT-x (Intel) or
• AMD-V
And:
• Extended page tables, also called Second Level Address Translation (SLAT).

**Security benefits**: VBS provides isolation of secure kernel from normal operating system. Vulnerabilities and Day 0s in normal operating system cannot be exploited because of this isolation. | +| Hardware: **Trusted Platform Module (TPM)** |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.
[TPM recommendations](https://technet.microsoft.com/itpro/windows/keep-secure/tpm-recommendations)

**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. | +| Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)

**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots. | +| Firmware: **Secure firmware update process** | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).

**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. | +| Software: Qualified **Windows operating system** | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows Server 2016, or Windows 10 IoT Enterprise

Important:
Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.


**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. | + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. We strongly recommend meeting the additional qualifications to significantly strengthen the level of security that Credential Guard can provide. + +#### 2015 Additional security qualifications starting with Windows 10, version 1507, and Windows Server 2016 Technical Preview 4 + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Hardware: **IOMMU** (input/output memory management unit) | **Requirement**: VT-D or AMD Vi IOMMU

**Security benefits**: An IOMMU can enhance system resiliency against memory attacks. For more information, see [ACPI description tables](https://msdn.microsoft.com/windows/hardware/drivers/bringup/acpi-system-description-tables). | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• BIOS password or stronger authentication must be supported.
• In the BIOS configuration, BIOS authentication must be set.
• There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system.
• In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.

**Security benefits**:
• BIOS password or stronger authentication helps ensure that only authenticated Platform BIOS administrators can change BIOS settings. This helps protect against a physically present user with BIOS access.
• Boot order when locked provides protection against the computer being booted into WinRE or another operating system on bootable media. | +| Firmware: **Secure MOR, revision 2 implementation** | **Requirement**: Secure MOR, revision 2 implementation

**Security benefits**: A secure MOR bit prevents advanced memory attacks. For more information, see [Secure MOR implementation](https://msdn.microsoft.com/windows/hardware/drivers/bringup/device-guard-requirements). | + +
+ +#### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016 + +> [!IMPORTANT] +> The following tables list additional qualifications for improved security. Systems that meet these additional qualifications can provide more protections. + +| Protections for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **Hardware Rooted Trust Platform Secure Boot** | **Requirements**:
Boot Integrity (Platform Secure Boot) must be supported. See the Windows Hardware Compatibility Program requirements under [System.Fundamentals.Firmware.CS.UEFISecureBoot.ConnectedStandby](https://msdn.microsoft.com/library/windows/hardware/dn932807(v=vs.85).aspx#system_fundamentals_firmware_cs_uefisecureboot_connectedstandby)
• The Hardware Security Test Interface (HSTI) must be implemented. See [Hardware Security Testability Specification](https://msdn.microsoft.com/en-us/library/windows/hardware/mt712332(v=vs.85).aspx).

**Security benefits**:
• Boot Integrity (Platform Secure Boot) from Power-On provides protections against physically present attackers, and defense-in-depth against malware.
• HSTI provides additional security assurance for correctly secured silicon and platform. | +| Firmware: **Firmware Update through Windows Update** | **Requirements**: Firmware must support field updates through Windows Update and UEFI encapsulation update.

**Security benefits**: Helps ensure that firmware updates are fast, secure, and reliable. | +| Firmware: **Securing Boot Configuration and Management** | **Requirements**:
• Required BIOS capabilities: Ability of OEM to add ISV, OEM, or Enterprise Certificate in Secure Boot DB at manufacturing time.
• Required configurations: Microsoft UEFI CA must be removed from Secure Boot DB. Support for 3rd-party UEFI modules is permitted but should leverage ISV-provided certificates or OEM certificate for the specific UEFI software.

**Security benefits**:
• Enterprises can choose to allow proprietary EFI drivers/applications to run.
• Removing Microsoft UEFI CA from Secure Boot DB provides full control to enterprises over software that runs before the operating system boots. | + +
+ +#### 2017 Additional security qualifications starting with Windows 10, version 1703 + +The following table lists qualifications for Windows 10, version 1703, which are in addition to all preceding qualifications. + +| Protection for Improved Security | Description | +|---------------------------------------------|----------------------------------------------------| +| Firmware: **VBS enablement of NX protection for UEFI runtime services** | **Requirements**:
• VBS will enable No-Execute (NX) protection on UEFI runtime service code and data memory regions. UEFI runtime service code must support read-only page protections, and UEFI runtime service data must not be exceutable.
• UEFI runtime service must meet these requirements:
    - Implement UEFI 2.6 EFI_MEMORY_ATTRIBUTES_TABLE. All UEFI runtime service memory (code and data) must be described by this table.
    - PE sections need to be page-aligned in memory (not required for in non-volitile storage).
    - The Memory Attributes Table needs to correctly mark code and data as RO/NX for configuration by the OS:
        - All entries must include attributes EFI_MEMORY_RO, EFI_MEMORY_XP, or both
        - No entries may be left with neither of the above attributes, indicating memory that is both exceutable and writable. Memory must be either readable and executable or writeable and non-executable.

Notes:
• This only applies to UEFI runtime service memory, and not UEFI boot service memory.
• This protection is applied by VBS on OS page tables.


Please also note the following:
• Do not use sections that are both writeable and exceutable
• Do not attempt to directly modify executable system memory
• Do not use dynamic code

**Security benefits**:
• Vulnerabilities in UEFI runtime, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware. | +| Firmware: **Firmware support for SMM protection** | **Requirements**: The [Windows SMM Security Mitigations Table (WSMT) specification](http://download.microsoft.com/download/1/8/A/18A21244-EB67-4538-BAA2-1A54E0E490B6/WSMT.docx) contains details of an Advanced Configuration and Power Interface (ACPI) table that was created for use with Windows operating systems that support Windows virtualization-based security (VBS) features.

**Security benefits**:
• Protects against potential vulnerabilities in UEFI runtime services, if any, will be blocked from compromising VBS (such as in functions like UpdateCapsule and SetVariable)
• Reduces the attack surface to VBS from system firmware.
• Blocks additional security attacks against SMM. | + +## Manage Credential Guard + +### Enable Credential Guard +Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool). + +#### Turn on Credential Guard by using Group Policy + +You can use Group Policy to enable Credential Guard. This will add and enable the virtualization-based security features for you if needed. + +1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard**. +2. Double-click **Turn On Virtualization Based Security**, and then click the **Enabled** option. +3. **Select Platform Security Level** box, choose **Secure Boot** or **Secure Boot and DMA Protection**. +4. In the **Credential Guard Configuration** box, click **Enabled with UEFI lock**, and then click **OK**. If you want to be able to turn off Credential Guard remotely, choose **Enabled without lock**. + + ![Credential Guard Group Policy setting](images/credguard-gp.png) + +5. Close the Group Policy Management Console. + +To enforce processing of the group policy, you can run ```gpupdate /force```. + +#### Turn on Credential Guard by using the registry + +If you don't use Group Policy, you can enable Credential Guard by using the registry. Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems. + +#### Add the virtualization-based security features + +Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped. + +If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. +You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM). +> [!NOTE] +> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you. + +  +**Add the virtualization-based security features by using Programs and Features** + +1. Open the Programs and Features control panel. +2. Click **Turn Windows feature on or off**. +3. Go to **Hyper-V** -> **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box. +4. Select the **Isolated User Mode** check box at the top level of the feature selection. +5. Click **OK**. + +**Add the virtualization-based security features to an offline image by using DISM** + +1. Open an elevated command prompt. +2. Add the Hyper-V Hypervisor by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all + ``` +3. Add the Isolated User Mode feature by running the following command: + ``` + dism /image: /Enable-Feature /FeatureName:IsolatedUserMode + ``` + +> [!NOTE] +> You can also add these features to an online image by using either DISM or Configuration Manager. + +#### Enable virtualization-based security and Credential Guard + +1. Open Registry Editor. +2. Enable virtualization-based security: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\DeviceGuard. + - Add a new DWORD value named **EnableVirtualizationBasedSecurity**. Set the value of this registry setting to 1 to enable virtualization-based security and set it to 0 to disable it. + - Add a new DWORD value named **RequirePlatformSecurityFeatures**. Set the value of this registry setting to 1 to use **Secure Boot** only or set it to 3 to use **Secure Boot and DMA protection**. +3. Enable Credential Guard: + - Go to HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA. + - Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it. +4. Close Registry Editor. + + +> [!NOTE] +> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting. + + +#### Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool + +You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Enable -AutoReboot +``` + +#### Credential Guard deployment in virtual machines + +Credential Guard can protect secrets in a Hyper-V virtual machine, just as it would on a physical machine. The enablement steps are the same from within the virtual machine. + +Credential Guard protects secrets from non-priviledged access inside the VM. It does not provide additional protection from the host administrator. From the host, you can disable Credential Guard for a virtual machine: + +``` PowerShell +Set-VMSecurity -VMName -VirtualizationBasedSecurityOptOut $true +``` + +Requirements for running Credential Guard in Hyper-V virtual machines +- The Hyper-V host must have an IOMMU, and run at least Windows Server 2016 or Windows 10 version 1607. +- The Hyper-V virtual machine must be Generation 2, have an enabled virtual TPM, and running at least Windows Server 2016 or Windows 10. + +### Remove Credential Guard + +If you have to remove Credential Guard on a PC, you can use the following set of procedures, or you can [use the Device Guard and Credential Guard hardware readiness tool](#turn-off-with-hardware-readiness-tool). + +1. If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -> **Administrative Templates** -> **System** -> **Device Guard** -> **Turn on Virtualization Based Security**). +2. Delete the following registry settings: + - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity + - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures + + > [!IMPORTANT] + > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery. + +3. Delete the Credential Guard EFI variables by using bcdedit. + +**Delete the Credential Guard EFI variables** + +1. From an elevated command prompt, type the following commands: + ``` syntax + + mountvol X: /s + + copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y + + bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi" + + bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215} + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO + + bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X: + + mountvol X: /d + + ``` +2. Restart the PC. +3. Accept the prompt to disable Credential Guard. +4. Alternatively, you can disable the virtualization-based security features to turn off Credential Guard. + +> [!NOTE] +> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS + +For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md). + + +#### Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool + +You can also disable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Disable -AutoReboot +``` +  +### Check that Credential Guard is running + +You can use System Information to ensure that Credential Guard is running on a PC. + +1. Click **Start**, type **msinfo32.exe**, and then click **System Information**. +2. Click **System Summary**. +3. Confirm that **Credential Guard** is shown next to **Device Guard Security Services Running**. + + Here's an example: + + ![System Information](images/credguard-msinfo32.png) + +You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337). + +``` +DG_Readiness_Tool_v3.0.ps1 -Ready +``` + +## Considerations when using Credential Guard + +- If Credential Guard is enabled on a device after it's joined to a domain, the user and device secrets may already be compromised. We recommend that Credential Guard is enabled before the PC is joined to a domain. +- You should perform regular reviews of the PCs that have Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for: + - **Event ID 13** Credential Guard (LsaIso.exe) was started and will protect LSA credentials. + - **Event ID 14** Credential Guard (LsaIso.exe) configuration: 0x1, 0 + - The first variable: 0x1 means Credential Guard is configured to run. 0x0 means it’s not configured to run. + - The second variable: 0 means it’s configured to run in protect mode. 1 means it's configured to run in test mode. This variable should always be 0. + - **Event ID 15** Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Credential Guard. + - **Event ID 16** Credential Guard (LsaIso.exe) failed to launch: \[error code\] + - **Event ID 17** Error reading Credential Guard (LsaIso.exe) UEFI configuration: \[error code\] + You can also verify that TPM is being used for key protection by checking the following event in the **Microsoft** -> **Windows** -> **Kernel-Boot** event source. If you are running with a TPM, the TPM PCR mask value will be something other than 0. + - **Event ID 51** VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0. +- Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business. +- Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN. +- As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running. + +- Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager: + - Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed". + - Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials. + - You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials. + - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported. + +### NTLM & CHAP Considerations + +When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections. + +### Kerberos Considerations + +When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead. + +## Scenarios not protected by Credential Guard + +Some ways to store credentials are not protected by Credential Guard, including: + +- Software that manages credentials outside of Windows feature protection +- Local accounts and Microsoft Accounts +- Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise. +- Key loggers +- Physical attacks +- Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization. +- Third-party security packages +- Digest and CredSSP credentials + - When Credential Guard is enabled, neither Digest nor CredSSP have access to users' logon credentials. This implies no Single Sign-On use for these protocols. +- Supplied credentials for NTLM authentication are not protected. If a user is prompted for and enters credentials for NTLM authentication, these credentials are vulnerable to be read from LSASS memory. Note that these same credentials are vulnerable to key loggers as well. + +## Additional mitigations + +Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust. + +### Restricting domain users to specific domain-joined devices + +Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used. + +#### Kerberos armoring + +Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. + +**To enable Kerberos armoring for restricting domain users to specific domain-joined devices** + +- Users need to be in domains which are running Windows Server 2012 R2 or higher +- All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**. +- All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**. + +#### Protecting domain-joined device secrets + +Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user. + +Domain-joined device certificate authentication has the following requirements: +- Devices' accounts are in Windows Server 2012 domain funcational level or higher domains. +- All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements: + - KDC EKU present + - DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension +- Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store. +- A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard. + +##### Deploying domain-joined device certificates + +To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates. + +For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template. + +**Creating a new certificate template** + +1. From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.** +2. Right-click **Workstation Authentication**, and then click **Duplicate Template**. +3. Right-click the new template, and then click **Properties**. +4. On the **Extensions** tab, click **Application Policies**, and then click **Edit**. +5. Click **Client Authentication**, and then click **Remove**. +6. Add the ID-PKInit-KPClientAuth EKU. Click **Add**, click **New**, and then specify the following values: + - Name: Kerberos Client Auth + - Object Identifier: 1.3.6.1.5.2.3.4 +7. On the **Extensions** tab, click **Issuance Policies**, and then click **Edit**. +8. Under **Issuance Policies**, click**High Assurance**. +9. On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box. + +Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created. + +**Enrolling devices in a certificate** + +Run the following command: +``` syntax +CertReq -EnrollCredGuardCert MachineAuthentication +``` + +> [!NOTE] +> You must restart the device after enrolling the machine authentication certificate. +  +#### How a certificate issuance policy can be used for access control + +Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet. + +**To see the issuance policies available** + +- The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\get-IssuancePolicy.ps1 –LinkedToGroup:All + ``` + +**To link a issuance policy to a universal security group** + +- The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group. + From a Windows PowerShell command prompt, run the following command: + + ``` syntax + .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”" + ``` + +#### Restricting user sign on + +So we now have the following: + +- Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on +- Mapped that policy to a universal security group or claim +- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring- +so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies. + +Authentication policies have the following requirements: +- User accounts are in a Windows Server 2012 domain functional level or higher domain. + +**Creating an authentication policy restricting to the specific universal security group** + +1. Open Active Directory Administrative Center. +2. Click **Authentication**, click **New**, and then click **Authentication Policy**. +3. In the **Display name** box, enter a name for this authentication policy. +4. Under the **Accounts** heading, click **Add**. +5. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**. +6. Under the **User Sign On** heading, click the **Edit** button. +7. Click **Add a condition**. +8. In the **Edit Access Control Conditions** box, ensure that it reads **User** > **Group** > **Member of each** > **Value**, and then click **Add items**. +9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**. +10. Click **OK** to close the **Edit Access Control Conditions** box. +11. Click **OK** to create the authentication policy. +12. Close Active Directory Administrative Center. + +> [!NOTE] +> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures. + +#### Discovering authentication failures due to authentication policies + +To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**. + +To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx). + +## Appendix: Scripts + +Here is a list of scripts that are mentioned in this topic. + +### Get the available issuance policies on the certificate authority + +Save this script file as get-IssuancePolicy.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$Identity, +$LinkedToGroup +) +####################################### +## Strings definitions ## +####################################### +Data getIP_strings { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to retrieve all available Issuance Policies in a forest. The forest of the currently logged on user is targetted. +help2 = Usage: +help3 = The following parameter is mandatory: +help4 = -LinkedToGroup: +help5 = "yes" will return only Issuance Policies that are linked to groups. Checks that the linked Issuance Policies are linked to valid groups. +help6 = "no" will return only Issuance Policies that are not currently linked to any group. +help7 = "all" will return all Issuance Policies defined in the forest. Checks that the linked Issuance policies are linked to valid groups. +help8 = The following parameter is optional: +help9 = -Identity:. If you specify an identity, the option specified in the "-LinkedToGroup" parameter is ignored. +help10 = Output: This script returns the Issuance Policy objects meeting the criteria defined by the above parameters. +help11 = Examples: +errorIPNotFound = Error: no Issuance Policy could be found with Identity "{0}" +ErrorNotSecurity = Error: Issuance Policy "{0}" is linked to group "{1}" which is not of type "Security". +ErrorNotUniversal = Error: Issuance Policy "{0}" is linked to group "{1}" whose scope is not "Universal". +ErrorHasMembers = Error: Issuance Policy "{0}" is linked to group "{1}" which has a non-empty membership. The group has the following members: +LinkedIPs = The following Issuance Policies are linked to groups: +displayName = displayName : {0} +Name = Name : {0} +dn = distinguishedName : {0} + InfoName = Linked Group Name: {0} + InfoDN = Linked Group DN: {0} +NonLinkedIPs = The following Issuance Policies are NOT linked to groups: +'@ +} +##Import-LocalizedData getIP_strings +import-module ActiveDirectory +####################################### +## Help ## +####################################### +function Display-Help { + "" + $getIP_strings.help1 + "" +$getIP_strings.help2 +"" +$getIP_strings.help3 +" " + $getIP_strings.help4 +" " + $getIP_strings.help5 + " " + $getIP_strings.help6 + " " + $getIP_strings.help7 +"" +$getIP_strings.help8 + " " + $getIP_strings.help9 + "" + $getIP_strings.help10 +"" +"" +$getIP_strings.help11 + " " + '$' + "myIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:All" + " " + '$' + "myLinkedIPs = .\get-IssuancePolicy.ps1 -LinkedToGroup:yes" + " " + '$' + "myIP = .\get-IssuancePolicy.ps1 -Identity:""Medium Assurance""" +"" +} +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +$configNCDN = [String]$root.configurationNamingContext +if ( !($Identity) -and !($LinkedToGroup) ) { +display-Help +break +} +if ($Identity) { + $OIDs = get-adobject -Filter {(objectclass -eq "msPKI-Enterprise-Oid") -and ((name -eq $Identity) -or (displayname -eq $Identity) -or (distinguishedName -like $Identity)) } -searchBase $configNCDN -properties * + if ($OIDs -eq $null) { +$errormsg = $getIP_strings.ErrorIPNotFound -f $Identity +write-host $errormsg -ForegroundColor Red + } + foreach ($OID in $OIDs) { + if ($OID."msDS-OIDToGroupLink") { +# In case the Issuance Policy is linked to a group, it is good to check whether there is any problem with the mapping. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $groupName = $group.Name +# Analyze the group + if ($group.groupCategory -ne "Security") { +$errormsg = $getIP_strings.ErrorNotSecurity -f $Identity, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $Identity, $groupName +write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + } + } + return $OIDs + break +} +if (($LinkedToGroup -eq "yes") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(msDS-OIDToGroupLink=*)(flags=2))" + $LinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*****************************************************" + write-host $getIP_strings.LinkedIPs + write-host "*****************************************************" + write-host "" + if ($LinkedOIDs -ne $null){ + foreach ($OID in $LinkedOIDs) { +# Display basic information about the Issuance Policies + "" + $getIP_strings.displayName -f $OID.displayName + $getIP_strings.Name -f $OID.Name + $getIP_strings.dn -f $OID.distinguishedName +# Get the linked group. + $groupDN = $OID."msDS-OIDToGroupLink" + $group = get-adgroup -Identity $groupDN + $getIP_strings.InfoName -f $group.Name + $getIP_strings.InfoDN -f $groupDN +# Analyze the group + $OIDName = $OID.displayName + $groupName = $group.Name + if ($group.groupCategory -ne "Security") { + $errormsg = $getIP_strings.ErrorNotSecurity -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + if ($group.groupScope -ne "Universal") { + $errormsg = $getIP_strings.ErrorNotUniversal -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + } + $members = Get-ADGroupMember -Identity $group + if ($members) { + $errormsg = $getIP_strings.ErrorHasMembers -f $OIDName, $groupName + write-host $errormsg -ForegroundColor Red + foreach ($member in $members) { + write-host " " $member -ForeGroundColor Red + } + } + write-host "" + } + }else{ +write-host "There are no issuance policies that are mapped to a group" + } + if ($LinkedToGroup -eq "yes") { + return $LinkedOIDs + break + } +} +if (($LinkedToGroup -eq "no") -or ($LinkedToGroup -eq "all")) { + $LDAPFilter = "(&(objectClass=msPKI-Enterprise-Oid)(!(msDS-OIDToGroupLink=*))(flags=2))" + $NonLinkedOIDs = get-adobject -searchBase $configNCDN -LDAPFilter $LDAPFilter -properties * + write-host "" + write-host "*********************************************************" + write-host $getIP_strings.NonLinkedIPs + write-host "*********************************************************" + write-host "" + if ($NonLinkedOIDs -ne $null) { + foreach ($OID in $NonLinkedOIDs) { +# Display basic information about the Issuance Policies +write-host "" +$getIP_strings.displayName -f $OID.displayName +$getIP_strings.Name -f $OID.Name +$getIP_strings.dn -f $OID.distinguishedName +write-host "" + } + }else{ +write-host "There are no issuance policies which are not mapped to groups" + } + if ($LinkedToGroup -eq "no") { + return $NonLinkedOIDs + break + } +} +``` +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter. +  +### Link an issuance policy to a group + +Save the script file as set-IssuancePolicyToGroupLink.ps1. + +``` syntax +####################################### +## Parameters to be defined ## +## by the user ## +####################################### +Param ( +$IssuancePolicyName, +$groupOU, +$groupName +) +####################################### +## Strings definitions ## +####################################### +Data ErrorMsg { +# culture="en-US" +ConvertFrom-StringData -stringdata @' +help1 = This command can be used to set the link between a certificate issuance policy and a universal security group. +help2 = Usage: +help3 = The following parameters are required: +help4 = -IssuancePolicyName: +help5 = -groupName:. If no name is specified, any existing link to a group is removed from the Issuance Policy. +help6 = The following parameter is optional: +help7 = -groupOU:. If this parameter is not specified, the group is looked for or created in the Users container. +help8 = Examples: +help9 = This command will link the issuance policy whose display name is "High Assurance" to the group "HighAssuranceGroup" in the Organizational Unit "OU_FOR_IPol_linked_groups". If the group or the Organizational Unit do not exist, you will be prompted to create them. +help10 = This command will unlink the issuance policy whose name is "402.164959C40F4A5C12C6302E31D5476062" from any group. +MultipleIPs = Error: Multiple Issuance Policies with name or display name "{0}" were found in the subtree of "{1}" +NoIP = Error: no issuance policy with name or display name "{0}" could be found in the subtree of "{1}". +IPFound = An Issuance Policy with name or display name "{0}" was successfully found: {1} +MultipleOUs = Error: more than 1 Organizational Unit with name "{0}" could be found in the subtree of "{1}". +confirmOUcreation = Warning: The Organizational Unit that you specified does not exist. Do you want to create it? +OUCreationSuccess = Organizational Unit "{0}" successfully created. +OUcreationError = Error: Organizational Unit "{0}" could not be created. +OUFoundSuccess = Organizational Unit "{0}" was successfully found. +multipleGroups = Error: More than one group with name "{0}" was found in Organizational Unit "{1}". +confirmGroupCreation = Warning: The group that you specified does not exist. Do you want to create it? +groupCreationSuccess = Univeral Security group "{0}" successfully created. +groupCreationError = Error: Univeral Security group "{0}" could not be created. +GroupFound = Group "{0}" was successfully found. +confirmLinkDeletion = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to remove the link? +UnlinkSuccess = Certificate issuance policy successfully unlinked from any group. +UnlinkError = Removing the link failed. +UnlinkExit = Exiting without removing the link from the issuance policy to the group. +IPNotLinked = The Certificate issuance policy is not currently linked to any group. If you want to link it to a group, you should specify the -groupName option when starting this script. +ErrorNotSecurity = Error: You cannot link issuance Policy "{0}" to group "{1}" because this group is not of type "Security". +ErrorNotUniversal = Error: You cannot link issuance Policy "{0}" to group "{1}" because the scope of this group is not "Universal". +ErrorHasMembers = Error: You cannot link issuance Policy "{0}" to group "{1}" because it has a non-empty membership. The group has the following members: +ConfirmLinkReplacement = Warning: The Issuance Policy "{0}" is currently linked to group "{1}". Do you really want to update the link to point to group "{2}"? +LinkSuccess = The certificate issuance policy was successfully linked to the specified group. +LinkError = The certificate issuance policy could not be linked to the specified group. +ExitNoLinkReplacement = Exiting without setting the new link. +'@ +} +# import-localizeddata ErrorMsg +function Display-Help { +"" +write-host $ErrorMsg.help1 +"" +write-host $ErrorMsg.help2 +"" +write-host $ErrorMsg.help3 +write-host "`t" $ErrorMsg.help4 +write-host "`t" $ErrorMsg.help5 +"" +write-host $ErrorMsg.help6 +write-host "`t" $ErrorMsg.help7 +"" +"" +write-host $ErrorMsg.help8 +"" +write-host $ErrorMsg.help9 +".\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName ""High Assurance"" -groupOU ""OU_FOR_IPol_linked_groups"" -groupName ""HighAssuranceGroup"" " +"" +write-host $ErrorMsg.help10 +'.\Set-IssuancePolicyToGroupMapping.ps1 -IssuancePolicyName "402.164959C40F4A5C12C6302E31D5476062" -groupName $null ' +"" +} +# Assumption: The group to which the Issuance Policy is going +# to be linked is (or is going to be created) in +# the domain the user running this script is a member of. +import-module ActiveDirectory +$root = get-adrootdse +$domain = get-addomain -current loggedonuser +if ( !($IssuancePolicyName) ) { +display-Help +break +} +####################################### +## Find the OID object ## +## (aka Issuance Policy) ## +####################################### +$searchBase = [String]$root.configurationnamingcontext +$OID = get-adobject -searchBase $searchBase -Filter { ((displayname -eq $IssuancePolicyName) -or (name -eq $IssuancePolicyName)) -and (objectClass -eq "msPKI-Enterprise-Oid")} -properties * +if ($OID -eq $null) { +$tmp = $ErrorMsg.NoIP -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($OID.GetType().IsArray) { +$tmp = $ErrorMsg.MultipleIPs -f $IssuancePolicyName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +else { +$tmp = $ErrorMsg.IPFound -f $IssuancePolicyName, $OID.distinguishedName +write-host $tmp -ForeGroundColor Green +} +####################################### +## Find the container of the group ## +####################################### +if ($groupOU -eq $null) { +# default to the Users container +$groupContainer = $domain.UsersContainer +} +else { +$searchBase = [string]$domain.DistinguishedName +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +if ($groupContainer.count -gt 1) { +$tmp = $ErrorMsg.MultipleOUs -f $groupOU, $searchBase +write-host $tmp -ForegroundColor Red +break; +} +elseif ($groupContainer -eq $null) { +$tmp = $ErrorMsg.confirmOUcreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adobject -Name $groupOU -displayName $groupOU -Type "organizationalUnit" -ProtectedFromAccidentalDeletion $true -path $domain.distinguishedName +if ($?){ +$tmp = $ErrorMsg.OUCreationSuccess -f $groupOU +write-host $tmp -ForegroundColor Green +} +else{ +$tmp = $ErrorMsg.OUCreationError -f $groupOU +write-host $tmp -ForeGroundColor Red +break; +} +$groupContainer = get-adobject -searchBase $searchBase -Filter { (Name -eq $groupOU) -and (objectClass -eq "organizationalUnit")} +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.OUFoundSuccess -f $groupContainer.name +write-host $tmp -ForegroundColor Green +} +} +####################################### +## Find the group ## +####################################### +if (($groupName -ne $null) -and ($groupName -ne "")){ +##$searchBase = [String]$groupContainer.DistinguishedName +$searchBase = $groupContainer +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +if ($group -ne $null -and $group.gettype().isarray) { +$tmp = $ErrorMsg.multipleGroups -f $groupName, $searchBase +write-host $tmp -ForeGroundColor Red +break; +} +elseif ($group -eq $null) { +$tmp = $ErrorMsg.confirmGroupCreation +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +new-adgroup -samAccountName $groupName -path $groupContainer.distinguishedName -GroupScope "Universal" -GroupCategory "Security" +if ($?){ +$tmp = $ErrorMsg.GroupCreationSuccess -f $groupName +write-host $tmp -ForegroundColor Green +}else{ +$tmp = $ErrorMsg.groupCreationError -f $groupName +write-host $tmp -ForeGroundColor Red +break +} +$group = get-adgroup -Filter { (Name -eq $groupName) -and (objectClass -eq "group") } -searchBase $searchBase +} +else { +break; +} +} +else { +$tmp = $ErrorMsg.GroupFound -f $group.Name +write-host $tmp -ForegroundColor Green +} +} +else { +##### +## If the group is not specified, we should remove the link if any exists +##### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.confirmLinkDeletion -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink" +write-host $tmp " ( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +set-adobject -Identity $OID -Clear "msDS-OIDToGroupLink" +if ($?) { +$tmp = $ErrorMsg.UnlinkSuccess +write-host $tmp -ForeGroundColor Green +}else{ +$tmp = $ErrorMsg.UnlinkError +write-host $tmp -ForeGroundColor Red +} +} +else { +$tmp = $ErrorMsg.UnlinkExit +write-host $tmp +break +} +} +else { +$tmp = $ErrorMsg.IPNotLinked +write-host $tmp -ForeGroundColor Yellow +} +break; +} +####################################### +## Verify that the group is ## +## Universal, Security, and ## +## has no members ## +####################################### +if ($group.GroupScope -ne "Universal") { +$tmp = $ErrorMsg.ErrorNotUniversal -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +if ($group.GroupCategory -ne "Security") { +$tmp = $ErrorMsg.ErrorNotSecurity -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +break; +} +$members = Get-ADGroupMember -Identity $group +if ($members -ne $null) { +$tmp = $ErrorMsg.ErrorHasMembers -f $IssuancePolicyName, $groupName +write-host $tmp -ForeGroundColor Red +foreach ($member in $members) {write-host " $member.name" -ForeGroundColor Red} +break; +} +####################################### +## We have verified everything. We ## +## can create the link from the ## +## Issuance Policy to the group. ## +####################################### +if ($OID."msDS-OIDToGroupLink" -ne $null) { +$tmp = $ErrorMsg.ConfirmLinkReplacement -f $IssuancePolicyName, $OID."msDS-OIDToGroupLink", $group.distinguishedName +write-host $tmp "( (y)es / (n)o )" -ForegroundColor Yellow -nonewline +$userChoice = read-host +if ( ($userChoice -eq "y") -or ($userChoice -eq "yes") ) { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Replace $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} else { +$tmp = $Errormsg.ExitNoLinkReplacement +write-host $tmp +break +} +} +else { +$tmp = @{'msDS-OIDToGroupLink'= $group.DistinguishedName} +set-adobject -Identity $OID -Add $tmp +if ($?) { +$tmp = $Errormsg.LinkSuccess +write-host $tmp -Foreground Green +}else{ +$tmp = $ErrorMsg.LinkError +write-host $tmp -Foreground Red +} +} +``` + +> [!NOTE] +> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.   ## Related topics diff --git a/windows/keep-secure/credential-manager-known-issues.md b/windows/keep-secure/credential-manager-known-issues.md deleted file mode 100644 index bf01f06ded..0000000000 --- a/windows/keep-secure/credential-manager-known-issues.md +++ /dev/null @@ -1,16 +0,0 @@ ---- -title: Known issues with Credential Manager (Windows 10) -description: Credential Manager - Known issues in Windows 10 Enterprise -ms.prod: w10 -ms.mktglfcycl: explore -ms.sitesec: library -ms.pagetype: security -localizationpriority: high -author: brianlic-msft ---- - -# Known issues with Credential Manager - -**Applies to** -- Windows 10 -- Windows Server 2016 diff --git a/windows/keep-secure/images/mva_videos.png b/windows/keep-secure/images/mva_videos.png deleted file mode 100644 index 52ec8ee035068def0fc0ca14d2c8938cfeb89af9..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 140500 zcmX`yV{~M}+9=?T?MWt@*q+$7HL-2mwkNi2Ol;e>ZTse&@8O{< zm6aBOgT{mg003}eqJr`O05C8B0K^UX^$DYZ<5ysfRqVWHX+8OHprzoC-sih%+=@9|y>k8C=t|(X=IXLUu z83HtIKL1l3=D$B~YOimh`&HBq(AZTU{S}7%Pgq&k&dSuv7|?}v5d0N`_`mxd?eq-+ z_n-c!-^B#1EiDbL8~_hviJf0D@c$H3GiUDD6mPpdpn9dYhB zcQfoO+P#zPYf!Xzp5pWmn+C-MY*09$q|^(5kwJxgeZnwJ2=R%w1OmzUcO-c56hmn> za(+>Q2V7o`=twl8?Y5=?SAaicFhPK zC)h0-^NMihjZY4ce{1{n&$gBF3b7>~KglHEMYN?R$ArQhALI3_Z%Qy2hvdg=YLCc{ zCHk#O2NdClPun&G;@c4eW>xrS+v<#0@YGb^%1; z+bI@5sys{_3}~t!N^)iY9OAhJvG%xlaN*3npzYcHy!QSmq4l7AXa7q7|I3SKc&9za z-W4Yh#B9)@n8kBbhtT>NFhoUIQEZg816ZK2>4CmjXmaHG^wj*N>}&iy!1)4i4os^n z^fOZ6PJcfr|1a6mv@k?x04rMfPwd;KVSZuYT%<$=27Vfb zIPe~`WSVHhcuKTtC1hckV_Ro2BgVXC(4lr1l|>rov%LVpjjnYdwwBf{8(#c&;3+O9 z3lHYG$i8O>wWQa^&huvP50Q`IU0t{5{iMwosmrIe!_J$m&xX%~ac7gc^YiWJLmV9Vibr_#fY%~t?dOq#7{FKi@P8Ib zKue4=v#`w0EqRa0ryt`OoVS#tdU7d{~(G{nRekH7>6Dc6N`UT*10W|$`;c)d740LU1KcoC< zst$rP7%(xH=Y-yH+Kwm9&FhS=B;T~z%g&e1_V=RCjX~~vIBU0Cn9Y}pyNOhNlOvU6 zWF_+o-{d0GRAY0Jp>naKb`U$|;(MzOQ7Fgzjm7!aR*4PGP*^qP%k{;E*3;VZ(Un

5mD87R zi^qbDXaroI$Bm?qDT^{Uo-qXN=aYSxTTwTcCeI6-TUb+Z*L+H(iC<)8{=i)G=yr@# zT48qCeHVW3=HAyvE4!NQS}J^w_lzKMAT*t#NhRyvvn-wO)SFLFF3B>FFi&s(gSaVL z?o#JN$0n8=R}GfJ#i1B$-?mPse-!Rpe;On4c_Y zvJ=>`LD_lW*W0OpOkw?gvOHW!T(-B8a*3-rkZ-`XR@*2U zb$?rs76P>0@8|C=tUX87J8n5T^HMtA_N&^idcp_OWN@P!qXrm3;P96KptuLbOK`Gg zI00iA@juZ8k8rO>wow>oA4o(w-8^2`ZYRh7-d})1`PVflmoufUFycnqJ2#Q)3qYm+ zpeIS~S1fw}Iq-&p^~Ye_jklgM0(YppYus--brUrz&qD1+D+byQG-e#U1B+!QOHVRy znkvAo4p@?bm*jBd)sArSd9dy8^o}uRMZZ}WKO=QM^LY>vdeMS(5d$C_$V4ISP<5t- zO2NGTmjvAFU*RaDGklwU_`ap}`9;UaoZMj3a|J|Vr^f~ed*|WVd=NnR`r*ZZ8Yl_4 zNfLO*VZ8#hZ&BIfJmL3XAId2=KLr*)k#Apny5?1khQa4{vbKjp= zHlJBnYi)1Gw{6xS=-OK!O~K~qUx1~*ySPcVs7?pWHdI}h(uc3RLPHCpYpnmBa~BMO zE>BSh5_xI+twUS$0QfCaw_OSS+t7rpgWalOT^XuhyaZ#2m4>oN6$A%@>_;T<>q z-}^EAn0|5*{W{~8@e9YS;htD30WO zB^9}xaq|$$iu5gdt%5MNXgylNpkMa0k<2}XX+IHnVqV*(*%SW;OQnyvOaGD{kS)Zg zfi4@?!=4$Z5RP-?%BdeQ(-{wbN z8<7y@M=Xiz_u9SB%=J$S*Bw}CS#W}{X)>xNwL;RE|Ktqulf$c6og;BZpaFMGfePbw z5$wlnB3y$s-h}csI}Z&3iMFxCjDSTuFX!!&Yas{fw6hjYEkT&f74&}8(|uRD2hOKV z&9`NH;DK8TY?_as{I;OSL?JNC4GKt9OOm{Bwd&T#XxcIdS1E;oB~-0ViG8CeP-sx_ zCEykq>q2@q0Pbh%q`B8y7KJ0VC=yn;U}cTl>q4B5HOA7;P`7L7;AoLgrIOM->heilEDMe^4PwJQRn`&wSDbk@BCGGB`0*J*mv4nO~Gq zBZAdlq-X zKt95;bOM)}0kA5|t)eaFn(YnX$QkkWf;@P93sdV*Zbk#lHRaU$PoSa0V()QIg%Vwu za_jhBFoz%}HhlC;25_QMt9%n%KSf=rRzs<&TL>#xpk^M51m|1qcSi8GwlNnp#9L1! zst5r7o(OD7NCS3Mqs5^Zc;6OD4Nbr5SP9NR3GL))<(L){OpOPF)WEeHA7@-h&d_=&bIHmvG}^)O6YyA3wPKqhxiAW2 z@`SZ$A$ov{{I-!+a!31*YQ_0)@*Cp~ckpR+pM8GtOZ{*H=Ivj@A45}07P z-xw2JIOZUQ+7vlx5eV(VZ>EBlCGaVow7fw?CI9|{4|X*>p-Iy9YsLS$JY|;w*7euF zfR!9FS9SMvtSftXs2a_g20C%?+d@*yU(_+q?Uskjt9pIjq4fLH z22K$+T;Mpirweo4NVRF*8kWn+dCa2m>UW%-;0zF%aq%1>Xnx9imUM&mFUywZ=9HCs zjYP-uS&Lz@y(Md-ZoV@Xj6fNZz$i6fwVU8--R;AMY9Mm5Z6-)x5}Zsh-f7#_gwSR>h$z z+95&Mh$L6h&Hu=W!DPes8ew79-j{w`KyU3l{zkWgrMP6?>KK|Zf^xnk%VQxy34O{J z{5@AIY>+a)2=qC%3>t$B8RAQwrY_6u6CeaPchDSUMA5^69onww5xY#T`jnFdnV6+yQbIcwgIG5xszZLdE+Ft@Y%DO3lup*HiMg41Pf&3;+l|U#;$8=>w z{FgY!a+b-U>pvs9;H_|)BKL})YJ^y+1b7C}BPQc&=FBqGanQ4KQNejB?*pXHMtC-4 zjxJL)^ze8`MU5B1VGnrgA&b}>HTnKnYxmb+t^9~}cH#g`M$oZmlX=B&? zM0AjxvGfI(5s}AYoK@k^3^qrGA8g=+;NL<1l=9apYkLBh1J(^Kz22U#IVX#5pY2rP znFo0z(e_&Cy2r;j&9(M4=_HD!t$xX>gL24bxBh@CYp5!z$^=S4@)6TT(m1*>e`KPE z^!y?IL!jz;ZX^NW(k^;s+INhXxKZUumX0zfJg!Awf`FI!)A#BJY*|%V%j#NaLTyP6 zscX(n;Q7&XiFG0NTHEfrnDXgk`btReCacZdmmm28aS1iW{?^I zsR;XWH@wsMRL!&Gc%igNzKtL&SvHC=&whsYw}r3=ODXf9PvwyonZE$BLka3)Q##w> zkU0?)MUg%TEQup2s4E78vETSceZEE@07JZnagSiX3R0Psa)nB< zps72dxM3ogJE3XPKRn=TRT#lszvi^Ux&nDhTWk&n^@9XcO}uF6wJnL{!us-KeGvLm zj##-VBRy7U15slXgFp>`eeu87DTC34rUc7{M)k9^uPL+B@MZ33p|NtlKS+dl5ytN; ztcsCsV@8v~lp8Fn@ll7JduYS&f-s;YxGcXaD>rM~_Oda4$z!#H<|vEztvb}i?V3eu z;j&uVp=sv9F`ZPbXtIS_g_IL3b`RCvhBw{eiqE&jP0?p`21|^#8X`NZ@YJMTfGK{Z zQ-SY(bA0T^Q@9~hzY;nc%lM2R+MUh&w+9MR;K zX!?@ny(WIY*uOMsC-1RaAuc^G#!!%2SyI}; z28l+Kizl>N3_di4$l(^=ai_jz{na(aYU1yl!vI00FjG1vNp4^+Jc*d)4+K-hDHTM* z`p7>-pyI?iW7$n3gHiVpJn#%zKF%4475Rn8+@hk@-xdMmnq_<0nCz=yE!i17FONKL zC7UVg=GLCKEbX_Jm*#b88K%Ik+w!9Z90^1FNB%8F!D(2Ms%m{{QLh+FeQ(=EBLp_Zd?QnV9bSD7Ien-K;VOe<@n zU0$s3%WKUu*Zx6<&5uAF4HBrsbPl3sYwE}_!8)@u2Zvb9=>7Ei`R+>JU=ei0TTxs;s?I^=f1?*K{j zNFzas8L1yd;8Hf1(QdBlb_t*DJiIOcxbcd)FG}N(^tknzSIJfyq`58@Pkb90#p^R! zQB|be`SO~j{yL*+bU@bW7~w9N_A&QP`}yR}_-ni!i~M3D{@dd0%>d{E2S-fX)~%m1 zDn2>sUS4;fS>k6|+$-jVuxbwyyBH}jKiGmjx|k-zDFj%0ciE}sW^tl33Pm991m92P zlDt=$&x+3GQs?KoNv_YeUF)Zlq)Z*(aHGGZpkT_??OOrZWi9nVSmD6d^gV$MZjh?o zcpH8evq>3(iB}@`4oIH(e+!g>EmS|VqLP}Z)dIuhtW=5UEUKp#)as7A&l&!5wYl5D zD+EI-J0ZZ@(hkHn2FH$Dq>e$JdZrqyG2gLrwz#X9g;StIp<0b2*8K7bQR7GvkwGA+ z&ACzrIA>u757h&v6aAfa%@$IH7O31|nCo!+1PJ+%IP=dwI8Y0}EridrRkahXUlSX- zy&k$bHm=9poq=WFKuc*|?9RH3oSZDD|LKAS8xql|3*u$}HA=Ez+~J)+D5El7320=I^GRecgfqVgayZ zBs|4b>Ul!&CKy8EV4vD>0I!P1&~Wi1Sv0;2G$i?m8So9Yt??WQVeOx!TSLvoUQRHp zHSFj?<~(|?|~Teossp-`H8D7kg)SW*$>F(G%~>5dN)JF8wBvQjY& z;EHqYjQELieoSM&>`!`iWBi6rDW6^ud=7($Nd2827wd#m%7(_bVgVR10sfVc%%#*i z2AyYOHrIZkVF6x)A=%75x~*ly%S`5S;GF@1jQ}1qT9!oH@zzX+lq4v$;l~FSY%36R z)aD*plx;}5xSume#fmKs$lKCHN9l2jPPRnueaof1FP*uadCA!wQBh#W)782S(#HUc z^DJm6`L${vjl;#TiAfFVHl$@kiO2qdvXG|Akd``b-Jy3`?=#+=X5`Dd(2h+Pc%eM4GZMOos7rd?x%u%G5= zt^CRQvDt-6tCEOwOSO}e>3KvZu(Hcb#ZV4CRLzuw{p!K+#pH>E^CQ8Hm;e)`2Y!Na ziQyhR{Toxc#2Ob_o2;!*=_&>epM@+HrE?IT0oi5B8=I2DC|Z&xby6X#4J1yjzUvP| zs{oqcs9>OJKL;VJa^i@4yM9z2D!Dh!DA%NIE9=t*mQKpW`Rp{4nfb^$#e!D|;eJ~@ z<-;EG?S~pylU=AzxGX2s#;ZOlIH{qMV%@JnQG&S_m|GQws?o}P96i44Z@y&ye2p_? zTn<3Fj}~gD?~-d)VNe`n?M@h2@Ix(W2)F^5OVo$}wHR`$^!|l+5H{a+O9VFv$jAp; zpjtUX&&aX;D^9I5q!L&4HdscgmFcTsC>G%MXu^=3`-q}KcsqYKak<#hQU!x{cycDK zy|lQnxbc%JV|`oNxg~YrVekiGxrx=dR7QLXOSz!4xDJEqmE zbxi}%bdhYfyWYi+Hwr~geJ97IvgM-to zQ1bN3wL}+<`d&T4vm%vay_+d$&@{&t2Uzl6>`$ez^rMnSm8%eAdwU%fE%^u7%kJvr z$8&%#O88S0qCx}rHxMBfrW{|cM7)J)D*kCq6=K<)tdFPu4pTK>7$S2K!b0|1maH_9 z9lEz>ZU|ife60?+FIM|Yri6NBg*fz&G|y4B2I!e>%L-E!Jz7;TnU_k6>7a-ccj23q zfD?RMq~ZC74MUn$K%L+e5e6JuG)K{xGUidV(5zEBC|#h5Xom=@>^;v)=leq--!g)n z*hLJa%BnXLJg4KQaWBN>&ZzG-R^sEYx5S&BJCFciN?~?Z^c>=L8glN!CM?& z799UlEDYk* zVTnU5xBDX;+%0_SrzAw^l~RtF;HbH8_IJ9x`zU5EHKhlgvU7;PF0AecGng%J+4$`g zY(O399viO?A%@dp;lP56$wKyoDf89T{A){YtK)IKqy)?|D!@P_sD0$o(I%NfdiI^pigtj_hu?j@X+4RJ0zeFrOdZZ`*wbzm|i{vEdtwkEHpS{Bn{~3;^4RC2xCegSjE{X4>PG2Ej zkdbAodfI-A2HNAaXI7kSf2{=`@8oWC?Phg>vDnNF9=dY)4-NB+6V0@P;Cxh-*J9Z? z1Zh6ubP6cwrLk1wBY^-anL*pjU-DQ{%kUm(~y}X3|P#?`etLrnbdB6GTbhi2qW6tdLLk9W^*q?Ym4d=l2EZ% zX;7GGqZ!|+9+dC_yEX0U(zP|EZW#p;7@8pJf~Q2JxI{$dh;tRX>N-Xh-24;9+K!+C zZ%pt!Psf7OUHxBPh}ENI5)_8o=E^nuFJS)DxVJ$I-By}AwimDfD<7q}JS=inbB{+D z3-<5TYUg?0Z+miUrb-&!*`Q6j-M3@Q`Wmg@>@~E$zRs?%YdUvo(6m>Lwv?M|)12;m zs3zXqX-y;^IyO^X-&~x|XsRX6x0b;Jjk;O>fRA{}(N0sZR^sC4>Bszy zfkCO40s<8r;peSu4NjvnsYbxkALaWOE;2xfjQHkbguz9nS}P_iRLSqEe&y~8|F1Qc z&JfB56+OR^m!@PoX#`0p?92wMT>Kak5{IBJF?@9;kA()c5WauuAT{rot~0+8A}X=HW?6XqU|2wo4At0>5I9p$uK1O> zz(^`VSrUvqucVI#n3MQjQ#2uWhmgdLvCZ4xmLD)CuC%H@2`|xe<@YD}(|~*IH-m`D zrS`a`5OcEFHzaisglWX6SlUZ3h-&+{^~pi;e<-GUAS5wJd!{CP5We(apXh>sqHu-5 z`B__HKnM!{CYC+|(%KaKU)#CwCxE<$-Tgr`no2LW!Rh7TabT;S1W4RYPGzEV=IUxj z%YnC%q*t&nj}INwSx^uL_bF%>w>A=4iY*sIPmss(ISRQLZ2&ovJ14x{=1k$c+DI}C z)q{0*O=@*dci-=Dir#IRTPGZf!(Lzabkt51I(<1{;eI6T{KTyZ{-I;3ru2H<`KJ9g zap>)wpqCbt=wbBfNu zHN?qddy4#GFKxmMbip3%wKFqN$hjURew2|jr%8LO_Z^D0>Np`X0iGlT@AAqoj~)Wb|=`%NYD zD2Cb+FBbxzkeO zK((u~M`**nT;lQMb;Z0qAgW9dJia zDTX_2S`2vHzPE@dGixzk{qb$q>syi6EsFO|wD%;>2k8eW=%v-dMV6M=u6~y5`SGur z+mr~1SxFsw96U)Kcq&G%NEt?oB36{0GT+tqrp1Kf070Zu%2+Cf zt{fdIU(uPG6yIpiokp#84v_Rh)!BBtZwuy0g}D@AF!MVcK@_z#HJihQTpH9{MyWAS z?@=D9fJQsCa@Dj#i&>rRij>$)raJJvq-T6y^GGR)%hMG|KItrLD>|tKlSI`^^eLM8 zcv8_|2u7)G7R4H%B@>if6QzPRY-!#$|C}OTiSW=m>S3S?-JOWEom-CGbih?Z=LznU zQ4lq~-Y=5{X5^wWiNDw|c8a}#e3}-r-&qtfMeKrUHka#IErZ8M%oMSLPR_xtl$fVn zJuG1(b5=)1udiD3R-?5x?C6*ga2pdzP93spm=~#8W4b7|tYZivg%QaDSX$c@SE%L2 zAw(!4PUG^}gKIeerGEB;@iEXNm|j!vxW{jc&P{Wla{|j!X8l!9tGcmbLEC{U`Drq~ zb^qnPB?(goUiq2~O!XIpRkT9Kcy~ce1#J;nej(D3oJqMC4dXxgcq)A;p>qdj(nHLQ z;%Mjl%^$mUOY+8SOm=j*#MX>zOXW))1HGHionFtQw4KaS!J;j~u)MLfx=mn?=mu|? z+o}fZ+9Y1oZ&yatsoCWz-8!ZUgwlq>X~PlB7)1*z5C~~Csto3Uv7_ls)A6ANHPnM> zP&@d+@*P*ea3(nT4QmS9WQxk-AGrp-g|VIjliTa=H>@g;?MK{o&de3X)X~}Z8 zK7K(^NRewu!!f5}1H4F18)IFAJa_6@&rg@cu;_mVUwM~jBKKhaxw?=bFBkBVY%Q48 zX0uWAE%;3Pu;Ma>s4#?Q5ze8sZmjIBYkO=5B6NJ>rf!W#jC*Y-@!WA}KkX1$&;Gc6 zClfQzyP%>*NwWG&bYi} zz5Q@_F6n%9?z|hJtfW&x>Vcl%Gcfan84<}ZSo#4F?zC=+9?pq5BM%$i;iHRjzQp)k z*jRS>^Co<;?l~?%nkdTgHS2FR$u;Yv01wxixi0DS}Csl$aF%~Bi-cO zNj1sib~Rv(GkJSm`@}d|Z|aEYV$asO_5N<{vbNAl%U$PnAoV`aGAYs8{yB5~$ZcD@ zkMG9of3M}TEGe&#-G%IsF!V7@T@o;{-!?Y59BJ+*MAfw3q|PQO`$X)@NyNfS<5Vm) z$omhvwqP6*i-k(2g?t!R_%C~DM%7GBM6IV5$2Qsaa-DC!&bDj9D8Za@m^bX>Z|P|2 zUD+&}BOFm0$Wr~&ve)GPm!3{}U5_y54e3(7ne)Dywvuq(G!oZ5jNe?ZM^ct>U{>v7Y0H}Y>5G8FX)-&v?ta<+xTxiB zsY=8A%N?=shB@v!qFouM3VoPT4Q$SjQE*V#qdJCwoHz7e{a=?vscyX6{+Gc{$KOl_ zJn2qafzkioH>jqJz%yO11_q;XgZr<~j!L4>T^CtjQN%l$4AQah`y?JS#fl?l)dW*w z00Y1q<4oc)KVpuYxU*~zAT~cm7WM^qrwgM$Mnt?nlDzNdTW{+od3dDkPsB;2?1l_C!nksM5rP0b`3*G4g6QRB@JJ7XY%v(vOyx_+v4-4vHf-R^8RbX*D25S z;>W<`+fEhdXQZ{)Ajbv<8r4EK6$hl8t0sRW(iuJN*wu!Asc5&%tQSH6@Q#kmTo@>$ z_5I3_g)xl|cWERd9p0upBX%-lD>Ten3UN8P#$RIq|A7`5Jus2BBTt$fT(-pEZcQ1r zaS>ydG%eTb)nwZp^~W7d=l#O$Pwy?bDvv{k(YH72_p@W`HwYf*I!>>E(GI=m)#eNh{J0a4?QOK)VdA@gEy02Z#~EzFPBo*UCuO9Ko)h?T0D z7@i_E>%pF}?&%D$qp`=tT_EShD<<;}yVaCkKv$i>y280mS8T<`h>eEBShpm1BAnO8 zV+peyF%$(soa9C~eO@a2p%!VI*XP0jl6#NNTBe8VuL66U;W0}c{%t|MwbbnE?|qi> z-YxbeE$DyFO#b3P*TotrW7{SIQB7s+s=i3pvaieDv3-q|>3tQnyJzh-ySlig9 zUMf$fI$XJ8A=^uX3-Hyj8o-f7-xy^yl!%c7N|niMd$}8C!-ZS+{P*n3mHyt%(tfPI z@wjm*O7r&zNeKDh%{uX;SOkO-;V#ZGCA=Ofoa|U^9bC(C^vU9j!Eq%o^26d-B?SzUlTe?#AA6zCAO>=7Z;>a3RuvZ15Kd3y$YSP%@6a zqrI=(?(UrJZl5=uceEeRxNo~Wch>J|-rLmH?yH^emv30OFP(9qfo$IvJP)f`ALpMJ zU)OMX+&tK{<7U79fxElo_49M;@l5V^_lN7<(&Uce_}X)>^#(e{EeTW=@DQ3j68gMANk4^jh;b6Z?-g-6Q$wqTQjW32RI z*IaY7x0hJi_kenEadzHpoizA$le#0=Hykv7tT}`gTFV|pUSj`CVMsII3zU(NIteU+ z!>;yR*A?28>>W~U{??I&B4XrM+_9{3CD|e#Fh?4ON)8S)XSdtm7+7IqeoKf?P_A?{B}hSl3)m zACuw3%6BDVs5NDB;UH*mQQ(gdDZ}=rC{igE?J)eA5V(wbcU=g0JrWzhqx@fcQ5mA> z2;l-6&gof}?6`MFWDrtvNbaD^=EfZ>+-`=kj)8i)y{R!_{0{<B~`_xx}sva0@? z;|Z^=CjI`)KVS9H?7csze>?Aod2T!}TRFBMK8~F^ z9}jpQe}3+0zkH3tmKpJZ@f?dig;DLw{9lXVy{iV?U|W#okx7V5)|&iQCUm5wWpib! z153tf%d&au7Q0kQa-zDW%)c!Z*?$f5YlaDo{;h?## zv7bNbRO=hxZ`2^br|ho)?j>y@R7IqdKKb*N&EhU@G-@6y#}-S z6!h5kyo>wVH0^ap`&JDkbKvax)kA&ne5?9+#Qiw*vT+MR@ZJfhZ9kOid>GdDz7M}n zS^u^eo;77B^H&k?Uyel}E`au-G4=}C&FqF0w#Uy{&kbA+6fmp>cm6qnet^HfF0TI% zKK9zxDy3^Y1NTpUchaprMinj5Ql_o;Qlc4QwUDZ@(kV#st?cX%iex5&;NScxYkuRz zg@0rfw^Pxrk200PycI;^7x}I(Qs$M2QNpC$GtbjK`*TLA4nqKQgsi_77_rdB!6--& z8KdsS-En1>P>%Jm{p0Cy!I=P*nLU#HBaq_zt-)Ck-SfdQ49YG7d9|QnYjL8c=O_!K z{5#vd5Y+Fqj?c5LuaY^WII{|jjSAT#S|k_hPKHWk))pF1fXX8!2~30@>}t1k3oZ3w zHIK2BZ;QR2ML1>_(2)^e;NQ0 zk4SeVdw5yY&3jJ{93)cD#A&s}dk5~*X`-Q=-En*hCITh-=ygay(I29pi3zZ(`oAR0 zPcH35Gk4^VAR;~kW}doKA-^_wp0Ej}ERSECZ0*;Yq<0dL$*AZkC9#S+03FHVm}&v> z6X`0N&OzP{2pGl0%le(P1y9SCTlVvNa~>e{V;u6m5x%!(s4F|KO1CHxSC5<*V-kBQd*3tW zzTIhVNecM3aNm4R%X(Qm?}cEQT+<>6K3k`4e_Bi1d>WqgYH8*9Otel$m=)oE-xrC- z^Vg@z7I$>%siDNLC@K!bWkB$2RzeXY; zh6~Uc54+0b2IB_ApMyQm)k=~%NaD49?3^L8V(?9VFuk0wJgWA2Bc}%bHMSz{9 z9NVW(dUwMyeV@Bf`w!b+Xe9Ta;|4(ykA3ood@2ULk z{v&5r^@;p}|C{66rAxC|?`E~$Od73a+&#ZuDi`unnK^cdLS?9n-~jEI%O!_u6yd}R z)XPSo4)>vi?6ZLrk1t@o>0&B<@%?dy?@~Nai2Oi=P3)@g|L3Xp93eP0A9nYohCv{v zF-@n{?eVa$MI*ePEzK$7DLv>?>tvhWYNoj^rL~>19p9x{AcZiXe)(9iKqZ{{>gK1DW@ZB z-VqN$0bOYj)q8^QcU}-#Zs(!@8*LRK(M_M{n!JsBHqa`boz`mZ4o$YImKI6FQ4^@! z?Oh$@d2aleR9510dswFRc$WC;d#2%Xx!uigexBq(M1M|&)4tzrJ}*ytJvj5+m&klx zMZeWO78P~AnB#tYogI79_P$%(e$)3pi+-Q~JR>!ExEo%de4C@~d<=YS*saLA981+R z-ZAJEWCg)6%^!h_K*a%sA^WK?!-t0R3RTOYwuX&}TymEK7&KUx^fPSZ>dO&zipZf( zhV+*5Z3J+0bn}N2jkwrO9=c+6?vC@oNhb)UGtA^-V1*6zh6`G%t?3UGc|Eqk#OXbY+~jM zu9Ub0XzfCw??V80hErR8nGBfS9?mCrnXbx{lH@;1_5*0HC8(vL^oNji@K#XJ^Q|cr z=9lKyvkq-+4;x9N1jDU^gr+c?k@*~rhokvuey((J1FghAhjxF%95WB*XHM`FWKAMo zgGN+duv*Hz2(OikmyQbO z`@nY3eyiR%@H=XTVb!zsxp z`gHeed;I#l^$uxDQEdI^9nV{tpUKHVQH=)&25lh@j|X9J~-RB#CYvT}vb~37+4E8{%WO?~#(Z=?Kc* zczVasadN3_L=1kZ!~?R7Qj%ZW!Tirq{|iCh$O ze{P6Ai}F*_(2EktM=*aR`{BE#|NJ{lYGlmkk@F+?V^HU2&bJQ&G3He?u9SHi96y>V zWN^H7P~m2*w1Q&v;8&Cuw8{bgdmD znkCpKHBBm8lZJ9x5u2G%!4uaX1NqOPI8rNw&0wZ_I>DdmFhLjzTG>38AbRIUshA#& zn^@ywF>p%bxitz*)@INBr>Hnto$#2p4XmZ|AV!0l4oX9-DToW2O;GzuS0Ew=8EC~W z&Y(y3eX*30;sTC~iwQrmlZ(OKZJUq0mZWcsWVO05`$#QUeE$^+mg*fFS5Z`$^{~pt zruxQy?9w`G^ID_xi;Iuiaukj=rsIQ$LaB3y=5*SmUdEgWzUvmke{uOwBS3GG#A*j&b%@u3KcU>o1Djzex%&8#~a`Smo(w-@wVv73GYAqPVmAhbETQa zms{NGpsWHmT)Hmb-!?xeJ0HU7*D9;H**`Y~+Sc-CkByEeaSDSWzypi?ujdXYSfN&S zbhfN;7-iw5;dGpHFs4C$3x!weG2Fo+DE;cnGGWgDS#(QXaN#-9>Ij)o-J3$1kvp!a z`1v^Fw%@JEYwk>~Y5tmiSOKL_U6rPcZ-hk_|F-xnGat$cf3~^H5yKZWh0aC8l}|10 z^Dgwt@d%unAKKq@{;dx~*l`)!bAspONLZZR(k*Eon;JtC0m9gJkl6o$RA(21iUE~8 zeig;2#}BqBc`(sqk6CI#kT`Iw3qB2%ZZJ1UE-OhonzF&al^(redOj8imsCnb=!_CZ zr7;(MUz&gA64NyN+ERI|>-BU61nJzcu*I1%(VGB;!wLED?=%k_|1F?rtG4_%0@eY$ zJw(5d^W8r|JL42E(>?8fIwUoeS({PA5i;j+{41|(6;HDhute?Uf7<19`34C*VrTL^ zBfCj%QAw%TE7eMC5tJVY9VzxnmC2~OPg+{b_+9G0En1_6Y)!ex279~x#B4zX=UIhc z++!MZJWXkxeAl@K$FN{i*_i7hw%BmkY#1*o$E~cb)Xc+h=&;}if*{r1P0D?5$go47 zBe)IDjS9$b8!}!>YH?ETM(>0FIaWo*-H_NFQyhnEBjSCQ(9T1`S;AJ7^X*YN_dR=mg-AKRSIo87-p~g;CL>gqT=Esj{-*ef$D;mMA=Ok z@)?tD2_?VIH@T&SBd+4RT@m0;ND1~-_4r%ymD{0ip8+r?Y5TA?Rdk&^hd-rnGolf| ze3Aw^o>7!AM`S=K#Qk0`%0J)kN8D$h&B@2WD5PdCBK>Vq%%G~~x?kE~0^)u;A)a#^nS0V&2$*G~>d*yB_4Gqj9K7vX8EsfIC12|6)RrZ}RP5;mmH z1_l_hp{0=1ZZjf6LE$exWsdfZ3F7$sN*BBV_g*c|rd(>%uE)G>*1bCvF@K-=J z%V z6QMlU+||W+y7@9HS=%_o%@fcLFG#~M3+BYF(>3~V>+B2$I?&vWFl*$to;(iwdVD)i z?Qz!lVf@h@xsm(5V@=5(cOIPR;9cLn8D(5JIiW2lN@CLgjZ-BBcaf6N;d!G1G{c{&r0RYP^-`%6IL}$-hD%9)YGmC3C z6B*v&Xy&s)I?GTUNSynnj>gon>K?k%Oxvy7D4u!Uol4Gj22F9oJ|ug56;*9XF5r{r zV1)JlB%7FfXovQSv*_M;S0?TRGUH}Ui9LMU7>d;-_v(hr#-s9`7YrO_>Rx0oax($e9qVS7(_jw{kF--Gk|*&Ry(LsF^C5E<30s?l=>@4*B6;qSqys zaiJlLR}TsIRJ9D3XWD<#`O!76tZFh@WeAe_Go#A}t>o1x7=nPGz_#8qK}hK@l~M9+ znaR7(Pk^8O^25jPZ)keexh9EXPO{Z>aS~FTxs)b7`g$^GO2yDk-f~VZNS29@pMW4X zib}(Qp;NiRzTQi>RSK)y=g|Mj;u8Ei;>=-kvEj~xUFe$mb`i40SoUqH zj`K#ql%^b)CxK8d-CV35*(-HNRPNQPR9Ojp!1*)4=PYm3z+m9NDjx&q2(hq=)OMe`Z@RIch&ep?=@vX89$)LX9uD z>8Jhp9V1p_La^l9r#6+tU5t=59qJpw#TgO@#ldE7m%eDC+OD#l^i3pO*QT9%5~I)V zrNw?N|BG|tpRWNg`6%x6<^Vibq}4twEGJ)^F@d`;?EIL*KMZ}}W@4C#AT){mnR#VT z&(Hn!+i@u}m-!XL_^sSWX^=DVA4V9Ue^_nG$1MFM7Nf38X=)1|sWWojNNd_$&-)SX zT=H?{X*b^XFuKpGsA{BTb-p-}NS?2%*1U3JBO8=TlgOv-C2|`PRa`e$9=z32`026n zKW%^g%Sg1C#7O^AfVcANYvttJtISR=#hUEhc?_u7m zn+i<|wOv3a9EH1HmI9g0fGZ|qKM~57)fDuX;{FCjyuU$(@tPK08;sB4F09Rt0fgO_ zzgg|pSQuzIKfJ3}!l0ywD;=wyE=g*?+=Out_|a4#{zN9q*0)<~(+g{jvYDvI`4Va= z_*ghW4WlK1O8Nd3_A9Fkoy?69K5yuJwP^c#Ax!)4{6b6;P5bF)!@Jb1%vAO{wR#Y3 z!O`n9rR$&BQ^^T0WWFp34^93du+X?BEC|vDyW#<1VjT_bodO5vJ?RVm>wbRX_(AUX zpvB3}e=MSZzRW&-<4si-!{ZEdF1$CV!+~x=C@UCYhQ3pdluC&B`Fo{T%@=zRJuT=e zZJvg%%Q+tu5j*MNlCk~%Sis4~^a}~Dd=6Tj&5?%h5^F`t#sJaAMik>EkyH4Ciw^TA z{GUTTcZXi2YL`*p@xqV5Lb29?T!TN*CiW&z1GTtRD{`W*lwz`IJ^kBL>l&NlkfLF2 zWZ#9*nJNFf`yKN_1Df!$%qiUvq6JBVmAHKskJ~0`-#dBT!pKUI3zD7`8?l1$Q=6f@ zX5ozvORblYc%HFCCdB#2K;T+~xyL)#tdMO|w0LolxzIq>rq zk`MNpiAhr=90v)Z&xBdmP8EP(%^{qp$~70ua<)dL4h_5jUg z;m5TKP;qS0!yL_+K`+TzpAm#K=w+jqMoDDq6cEs+x4>PjvQnZUc&#qel*SldSWmsW z>1ChW`tosa-Tf~v*0e5iq`S_MvocOM{xFW{ljO^pI9cIPoW^qECaAZ^5V(bjHWg!V7v?>rG26-IOn$ z4xxw_j`Xlydhum73!b_kV;Yh^} zlLxQHkO2wgnY|t-Fz8!&k{4L6o}cLdDFQzaR45a}zV{j!XZ~$j6c}zU?Gn!Vkfp0b zY-tW3rnew3;PvN=v@RZJg};AvSD-6bc6vU)Z|QBNyHr;&p|qj+HDJ zE_)ktaMqHII@w%e4p-aA-BbbD$CqbYhF3m zV1{&w8g3F3!!jkwT$HsA0`iRdTIItuwn_1tQe0qdpf*EpDg@r$3q4YjClSnu`egu6 zSRjv<_*n$7CRzgbf`L_!bTD1*z?dn${6Q5?P-EiT+23P_jts?CoK)H#mPu!2+u^7^b#90uy z;ZX?Bk~;kD#ggOz+&ahm|1?(Lm-JhG<{QMDSp&Nkdts&jZh{Mn>15Id>RsFAGR-S9 zgp#sJb$Pk2dN>j$!I3bmD*ce^<+o|Xz+#hP(=iCgN+qHz%W7X_X@|%g7{DMwi%52k zELnr2i24z@Q5Yv;o_|`0GZ{;QaO)dp^(zA>R52p#n#|1HOqnZaaA>Y?{{X3%x?nzK{rl1*B8!!HW1czf4?)6;24^8FB_(F9kNrzq zDD(&eU6E#seVmwedfdlEh_foO zL(2@66`*+b>GRL-l{!D3gjoG=K60IvWr}miUn%m;JF1gXQi5JdJbr4F`&869oAL|$ zi5q)&YjVp{qWAn<@dWQoUvP4kU(w}a6ujWU!Qu-r;usa7UrB>xs1WdL_S&wUo0<&3 z_rN~44mD78H$nv-$!AT^PvHrA1O_0|;}fzB-DA$vd9c~{Xh`Tt6!Q&|rm#`X3v^IG zqc{u*V?}nX1>SNqIDfcZMV>y8ETeV1VE2WIi$s_Ums5n3S3w#P^RMw>k*<}Y%tFJ^ z(-mF~Z+l=_&?(dE8p4pI=`Fk+n~>yW!7b0NVup6bsUYLmVb5$6{mF(~@M}b*cgX?A zETU&ih$kX5j~ZC5)MIfk7cAx&x%pQw21#xUhOAAR%oS5dcZeW2$M8;uzl2zE`VJI$ zRB1ByDfkUG%<~a^&rO0zg~c<_-xuEPXH>Sh0zLdjU>YRDsxYcc%bgz8fRc=8!8vHd z6JTXa&i!^xNP!v{qthOI4BjK@R$d^JS% z@U(MLrxDjRX7g_{6atePo5h}w^2l4_%0Cvc!6cZM#U~{czv8sUAOXw_(0h+XaM)hR z=rn|&)Ix?x1eGMEf)H2(04iESjPAD%P!PWq5DL=6n4F*IRqH6Z*|D>D58j>z3nS379f&8tw@sN4XXwfi-d6CCg27==#E=o&bK z&73%*xK}ClY0fB#o3#Et=jqG>2@1IYDxc~K?`~YXPFWB*T0GcX|sU5LwFrMNK zl4n2=aDMh8d>3OXj<`7kCx_TdCNGkKod6e(m~J#-3(m0Cuw4qbn(8+oasX6z)>DO? zZQk2OI4UC@#R&|AAFx2 zR=b)~G09sOi8NlQTG7u=mcvNXybj3qRF14t(i><9#g`-%1OzHL7F`Zu%c~&lRpUiq zRW%`!Vwo$5H{W0RaN{84m?9g3M*U%2r z>QZK#MIU9xkqyIWAW4y9;@TnXOBn36I+BJ(%&cJGPJ7x$GlMZe#YQo^_4>+T_+;$v zN}!@H|qct8D1^ zyP`0>;|_3thK=UaK#G(U@#=}ANzV(3&`Xc?{mLPkrD3@{$VIhv5Gh7$6*D@C)WOlN zj_|2}GD?ALy94t)P6&#nQ$m8{`hK1I9G+ChB>jRYrt^;lz4rJBdXVpTf7+Zs)KN$~ z#Ef2&$ESA@8or}l`*jqZ16fcvOi8r?B*`EFFcLJcSVCn3NS=o{BE8`yF6rqWO-^BgSa+b zE}5mQ!@s{%Nd2J;O@ak(^`}=i)=V1&l6Ye=lO;5z0r~&l0%1`rE9%o4<#Lc{%+f9& ze}{vCk%p&!h0@QTz8u7;_N-8<$>{1Mg-dsKabw<;2m>6YJ;p0#Z@ zza+I5M(DrQL^(mnb7$ZDu$qN0`U4FR^@7v*!9T=hM!6Hd{g1`rnkPRPU{k2ZF4a8O zGORfFdba}&E1!S3@oOwYZr3rzoBX0kNJ$?)MN72=kfAXg-*hA?Z9)`Nx6O3TM!pv?J;=qN zqJfH+C&Ar!jLp1YUvA}~^h}J9kP~s_6KY}U9?-zmnVISIVPG0=*+dek!Uh!a02t^$ zaK!Cjb>L}+0Q-2wx^y<0b&QX-qq%T2@<>q?=n3MCo)eYO1ZqRWuva8BOH*LMNC-Rw zbaJS=IIiMju-laZsziANZW#XIz^XK2akIlB%GAxIIHmW5J|+8qEYM#Wl5dRFiXo+W z7g6RyBAqam5O5l?wdrV2213rRz~mS^zX;PAZuLG8n_G8JV0eO@G!^q@>~c@D0iIu} z{!k#Gk!t0mBu*#R!orQ&k#j4d9v1L0gW`cGA{JoG7)ELuj5e|6tL%tmY1QChcC((W z-{q*}XHm=%dL5EgXn`it(0Ffz{WX~Rx{=Q|U zOmLg?6A4z>A;ef6I|FP6rs0>0TnuF?Q46^<*)>Mb%ra@C2=2beA^c;3if=1G9tQLU zfCS8-C)WeDM;aPeB!0KmD8n^eBk_DQ2lfGiY>MT3XXMeUkY#+pz<>W$T~0TmQnrKa zS;-c@iY8-dE zcXdn862qdM@Vz0xXu^G8@2WJ5VD4v8FEPyGc934xk$!y+2aoSmr%Pvp)Q;rgDJ@RJTS zsoY~-g08Lbzr$G&6pC8kb8%3?QKaGeSbwV?P}4m}6`BPC+vIZzXQ4{|n~yv%AvL*zjT{!uS}YXIj2L zlyBr?ZAa9W7{c|VCY7M@c9v@g3vs;Dzo=t;gif-HY?_7rI49ZnQV3aShkvzcjW8lF zUaXi#>KvJ*$0GfDFmG2^9B7a&y<#vR)vT>iDwYxWfIzoQLv8|$*k}YBOu+sZ7i2P& zC7MtK5np-;hEtk|n1)J^7ok(a8v0n2JyLdaqu!uE33C~{64C5FStjM;-_=3I4rT$W z=IkcciR`$FoZ`@PS6j=ZBqlUB42sf7ftF_1EzF8aj7X$TlJ!|MzaqxA;I%?)E5ot$ zL$Jw;*?YBcC`vG}t}7rL2TyJn0mPwFUvy!V5OGP^anwrD$cyH^9#>77=Y~>=V#G@! zZNYW8P1}5UB@|Q1x;ib;cXiR4&_KQI1amjo?A&MbU=eum#d1*n%Dz|%tC!lNBS6w+ln)&2wc8EDqGz!Lfv-*>mj<{|<_=YqeTDQ@t~u6h)Bjkw z?b`C~SaBoW%-AO!hW%8CBMAg#Yr~Bf)?C7M(ieq+lP_-Wm$AmY8w+PVTrWG9dZ84&9#Sqab35&Cx+i(8U z(zs|VrkVpIga^QE7|VE}U;F*qA-aDqpsLW!hvJY_*GZ;pX?%NPFNVcor^0Dcz-C3M zKW6-H{dd<`i&j7!35;3Syvg6TLq-H_t`r&RH?D~^Z67LbY1E?;PVBP!mlnvD=A(-$txlT_xU<#oe55OLKViSC~^TNwc_G=4v}5gC+wP++#)NeYwoXvFprrd&7U+e^Yu%D6;>ad* zei}lhWqWNGM|ABFpeBh}6HoLY6m1WM0`Mt4wx_?Z!J|@8mO`k}2M7IxoN$fF25!2E zPW|VLqVR##C<|x-eOgKKz{15uj})@YAfjOo_~*T*C}Kg-5TR+01Md4x3ZuUK2AzP< zz2xZBMX>lqaR&8YbLFzYK$FkK$wfBL?a2@AW)ktULuh; zNkg_rEzjMTV+o9|gujCJixZ`KEaxXbDiJ41mRt&5<3K^?P8nzLu{ z0uKj(T)FQ_B%Mq&dgziIMO2g-B(Dw@L<>i^Ch{Q`=;I<3s2XxQ+8ts6fzp5sB^z|b zEYjgdvf*c5o&k_iqoXSeT-_zko1=sb`mTd8JS;;cJ2VuRPDR6{@>giL>JhQMntemNlA4P+D+5I6r`HQ43u6V5qS6`s4TQ-LGwwEZlV;Q)exkjUQVq`QXtr70yF29u!<^tTH%s zq|eaSkv_+gZ2wpg1{_}&P*sVu6fjv1>K?2xwcREuR0^8{oa%V^ZZnLfl@2I@%P5}~6NouT+6x9Y7 zu}ok91!p`ti$gU%2&)oo8CH%WhX68&kQt|_KBYK9KHwHjoft49Ph>Q$B2kvZjkxy*CwABFl$Y ziXtT+!mvHd)m}Y1O2G# zh~UN+yz3L5{L1{L2$+FQKg_25e=>aL60q)qgAo6+kS^v%#7UeE3vC0cYyef>)7rXfBnW*QunTY9e~ocaDv%eJhHyTC^J3^6t?dlnYam}TDjjK%CoLc<=(l7y{@*& zFT)lCzUj?-O()INh*lbqnurT)rt>g5==1uUR9oC)q5=b#D@GC^@0kI-3n}!WosdSm z*7s#NH~?CA{`$nO8n5p+4o#2oQAb(v=t=?!5ckuE$RtKZcqaP{T*h7=_vK_^EnQM` zR$Q?vvAqN?oNKv(WVf7{7MXrcKkTa=YC@v=Ie=7VZw+qXn2jK%wJ{_zd-j?tU%2TobLYm zs`95(Un`Xm@dZ{Wk_UG5iu-rJGuea@;g)IMrxv@mjnUC9%AJR6)$fVP;Qqicpl_$S z#rLlmF;5q#WHLlj!PtCSHPjaUB&Fi2t0o!vw^(yqmdR-xXfrc#@hQQ&1?>|6YAl%O z;cZpe4ajI15%B(==g@Y1d@`z0I!}9e*p}Y?yx)B{@FT}()Q+Vt}WVA@AU zx~qc0+o4=C$z{D0?jUodyY`t{YOW?e8hG~3HZ$5!jwS_ih4-hXHtnO+jSgy71%I7KklJmE9Z$U*7aL3qmxmCR z#*qn>p(&4E0TGc0PO&mT+YiC`Ta}$=2jd-7i;M|AGyHkUzXr^1Q6B6Wm03lUvJ8!T z7K{w_qOZcI-WN5unJ$RmYfkL+N_8}yIQ^lD7a-=W~M?k_m#6%L-#uU%ut76fTsUj@n zHWlr1p#xJn@j^d@VIj0wDlas13hoH(4FPFsgQ|PieN!b-U_i@a40`6SwvnwaRRh5fa$M^9=!CHG(EkQWL*H=Qrw-pXM zoyNwqmaZp6O~bqKPRrc;Pw7D|jWKJ`g<<1WeY~GTkxL3D;}j6uC6InJx?@Z(GqXWV zKYD#K;M|t!<&R~@Uh3-mnd{lz-5pogdy^D0ao1U?(A)T??{4?UODgiYkWExtBa;5Q zegBF7?ww}9VVlo+2N&1<^{C-<5O(hDMgMC~6w<%Am=?QS4tP437iwL_&dc92RDAw%QnR&VBv^BOqSFi0Vo(+UKC-ysv-u!hDDAi)8?|J3;w&JC@ zsY>2)%)#V7KK9V%Fj*ZEn@lGnWwQRFi zo>jKJ^^N|*S}8t8M+xw78Qjw#qz)H&KMwVXTD>M$Q7%E=ayTZpStZVCl&O&9Sx{X z6$qTTvSK&>db`zNXRaLvoZw+=T8V1e=?kf2t>+AF{mo$QEscI=BxL`yhcstX_ zL;re|sq?Sbq~012350f$~lp-&|JM5PbA2) zq(@!Ye&J*0#!d8+51I09B;Ts?N;L+yNT&ugj92mUHUj97n3W58z1CLC^?fG~3 zQ0QvByS~nE(eZ5<=EJ(NqRa~RRZLu540`VR;OLJwr?z(N-{VThj~?AgA^XhlGU1zdBfhqyAh$6n{H|c+~DBe}5zad-&n<;o zuVTCJP8|IP(TN3tLap|lvksl_42NCU>634}LeG7K9zrQiGMi~h(hQ<1lhHhALL~VRiZ=;|nJkhksDQXZb@fG3?dxLI zA9Hc4DE=e-WQLL8>J!S`;shXh-)icgzQN$I+d&y_4?@yk0k*)?GvU( zkDf?V=c(|roh@CvLA3!sx0V6d##=6HF+~2C1(P4Mj(X2QhimSuo1KSm7kT<2TwOV8bBA>%ti-xKpb{&D2Me$#9IX@0*H z>71+DF2?lsqf_$($Kh=_w)^IQ%i!7f@ytX2t_a`J1L^&2v+K4#;I-TTMqaV={Dq5C z=kGwC5(QV8u@Z~9927E6^BKq^V5`kB;N-c3rpu%MDDQD~@pWe350>-486wk1W%v7E z-HrRMhpvn2bp7TN{q7I0em8>ZYM}=&?AN>t&z)`qj>k*G_ip(=6U%3-7J~Q4j(#tE zhBpf>?@%DTbb-I=jif|AJjVIuUe~2USSqI*ng|cRGdiPjz4<-%0+ZeW83vLr-|v6G zAQdsU)A%Es%lF2R2wutncS~vwuXJc!ub;gK+!^4H>Az{{}-o~M) zlb30>||=nzQztc^h<+!Qn!RH`9jd|hzDEfspIB8+v7f0U)DA3`eo6-1TYcb>FaBo|6)^Tmx5k?aEq_;YTMn?2k!S2=qQk~SKMmC{81!` zk%sKriWgL90!LclL<~l7N-|%3#Ucj>!<&X40*Qj9FrkC4Ccw>H5COvWgXGXjY5#I$ z(xs{i@D7zsZFG4tx{HQS`>lPs6hROG6L?8aL3O>)Sve)S5_iWx%aid3nx9|P2Ld%=srqkzF zaE;@y|^|BH@Jr{_$*V+%Q|An`E(o0AbCH|Nw@-#pi)N0*yvcc*Q0 zkN;RXVcAULkJ|3E;cA{nXi%+e;6Yl$S|HmAHE+s>A;}4(n7J`tG ze=L?hGy`16|6uocDSC^}&PCY3OU}jlG*lu8RtrZ5kdUH2%P|7NP`>q)$@AR~nSv1L zF@C_O5$IHBGGZK&I}tRxp1yGN!cG{M0;I^dGUg4Azpn6FR^R-gfBmt*Gdj`GIH7IH zP-kkn%(3vyMcIZ~yb9gGhQOnQWR>0DCSsXL$lB#+`zd9E3xpkrQ+!0Ud&=f=Y1d0{MXE zSf!;`Z|p*jsSv2nuh1Q+<`f#7>!g8e`12L=i9(uWdw-akfN<>S5CKqZ->rxnLOOU{{ebSojoQWIsGa&Lm1H7Js%OfD*phc_C7_TY9zfvp=q)I!GoRF;-#Wr(^m}yNOh)AfMFu~e8G&6p zs58p${$mk7Xp7*qRUn3o0Xd*8MTL(@CADa5?Ss!Ig!2{Rz^dNJf~353GQ#S_yLrVPzE2PALF>Mr?<)mf}|lAr2eAgf?zII4VC!Vptvc978Z>hkn=^vv@N0r zz#HlpCML$SU&J4;H8lny7SG4{PBPZ@0!IBjgtYqM6@*MDt6SDp&Ag0+ZJMr{Nr;D0 z*PzNQYyc9l(Ks5OhKf_g9J4Ced$o+XgJLH^4*VZxuz;Bf9ks|u^Qrph z$?S6jwEuJh?(v9QxD?cw%cy)VSl>Ux8|b>rCL4i@FPXo#7b=hEQl>!9I;oj=AJJ%S zBQ*QDI;Vt6)rGlk=ogv@jmOrJ5JarAxLSUFONA%3>YP&Nt@r$i3L-^kyJ&wMjtj&s z8tD+M`kvaAQHBEXZVIaSL~RwCYID?8qOnPNAdQ^Xl9!s)o?<);kJk4)7FsToX>3n! zBECc55>L8iD+@F#KE4a~9g_D@2!xF^2#110OkhorA0DiiM|7yw|45d}>#ow^r_ZK} zdUb6Law9*Vv&sHa;;ydZ-IWz&nyaWKzT)1zCp(+a zrrLa)Cqlf@zqrt^u4r>Ou5cJ|YpPrFnrO_MY2PitckJw3J(9ya*_G+{Kk;suY(`}C zvn6~MTV2PyFNiFG3vifoj3A>c8`$Br^0O9Kd-mDGu*-~!!xlFf86%&?>G5b zo|=Q2U}NC<-97)YVC5`)#fT^J__#T_>xV&7P17B(vGmFwED)w*1Kcf<;b0ZeLFISI zQ;o73qHXdlI(V!Aq>zXwX)M#ca7G4-BB3&J^6o%OC(#I>U1eX&(BaT1DN-`bWhSOD zq+F0nXHD7FU?P~JbE~ip&KSImwZTu@Wld5?rCj7`y|JyL12TAx6(tEm6w@AjNJ6a@ z1tp_g;HO6!kcX3J0lx9(CnX0SW4Vm}ci za9c#-xcfd!fh)|~*QW`Dsv4r2b&APo^6+>@VxeA;kK$(g&!1ZAyG4UY#6s?7+)GP( zhWHM4I6dC{?&_)drV(-mKP{diKvzycZOKg9QMAPCzPaRz+3|^`mfgqe;~ZpyDymeb zN>Q`y#=d^_PLn%ix+*w{zru=Cl72Mnme2{O6A7PdGspAFq$%E`w4BYp)L>*X&@e(s zMYImvNVR!oXJmnaO+ji9BmUb^m81e(Fn~N1S0gO2_(MjF{9H%Oe`=g`L;2VqY zLG)lep{}9+G9>)RRqDl>&qqPwDJVX`X^Q=>i>(E{N71qMge~vAf!4Chog6?V=J0ag zN|3*3gX<36!%E)n-_qy?UE^)nS>Ht!{;aKrZZ6;$2F#?+s^znV$k(=>#Uim#^1 zi7j8v?0kR5-+X^wKgtD#d8m0YE@cxUP(C}AW{tVSKvVxZY zCVs}LNUBDY3kNHgalp94?Z;PW@-HsLt&Pu4eDkL*Jc`G@W)i?<2w&3rj?I?lQoP6x ze^oXOLKldYa8JC>Dpo@T2U=+Mf+=%BUs}*9Zb44`3j5x>@MpryGRJ+POTY0=AuX$r zMlOvb&ek@bNma5)1B{1*n)CDehD9mPOgbvt>(P%!|)Zd?!^RsH$!-*SjK9&QQ+g)2yTav;! zcBYutN@hnKGvz4nA}rl!uuUFvB(#?u#kVP8$x zo&H)pXCG=|Bv{(^EI1o9k2c6=Uo5eBOf35#5or^}QSAuY8qG�@ixGbl2 zhQo&R$Z>aEa8fx?x?)!f?7_5{zv8YyB6AK@Z@Py(>fRzqHq<2UuRu)x!J-fYe;q|= z1Jbnm64`r(jesg15&_-AEjtfsEj^)~%YSxc`F0fUzkd#KS+3|;KCkn*9q)hb%QyRm)no$6wgUEmr6H*V_+2 zUi)kD)h^?S-@r{^tRsLE+RbZOncXK7;r>p19oN@~cNSaiTs;sEf(vJi1cEL*^=_W; zjd}M?bTy+^M9i)=nRDcwRo?SM-Z{u|u(nnwzrW@tdlHfuMWg zVphOT*V6!|R618Yqa%^wav5RLur0|6?Si%$;jw1 zg5)M|r&YWCc=#@fL)uEd1W=6;e3Q=@xa!Ngy%{#!$u<=p#6tbNR0)~l)&>{f4~D&$ zhhazb>kBUSVqA65&URi|7-ektbe45wUc-rlW{XAp{_7tLHa0rC%F)4e%NI5uMInaK ztDeAcE)7kMcp`niZ`$Gj6XKSqS zUe9H?F{+TGh1p}l%d%_hM<;~TmS4bSEgd!0+xtS^`)QZ0W7uN%(b#_fWarbsD$e?B z?tQW5#|UNKYx;%3P2Ohv&P~hfa(nJo7+3fG?8j?sZxo2@{U3_~qrD|{RN8;g!1c^mGE?duR6-@|8j0BLD$hdG^{ z^n5qE2M;-&5A(I_nN8aQ7o83tMWbgLwKh~Kfj1NCoXx{EuLBIkk8hS*p!nC_yNQE{ zKPxMHvW8x#Ikl@#Bbpss$CWj;bhZ%zN9Ih&ci4hAtxT#Lu$S^Qg24mz3yM&*r}0Ao zGhl2L8ibnqdLHcx6e5h<{1V;!Su=9STRBs}@(;uJz5p%g!Oyd;`E6n~*X=BR`yGae zp+OKH35DvczWbUYo7WPL=x{pxhO#E3X|S}p?_Q2TEJ`U~I>Y=Qi#>AipFx7eN2CS1 z2$pME!P-R-JD>V{932yH)xp~*^^BmdF9aYFDu7A4F`H`JS@ilDe03{hn?-d^Lu+WO zd#QLbSc5%PO}*_XwMKlNliO?zm&duj-de*vPX&X(?Pc#S-AOFl;3C!M+3ZNL5N6Xi zh7!b1WOPtb0U>ptrlJv84$id4WlG>;#wREtlS7jz=1itSG#G?l=Wap{FEjXc6EW%Q z0Is|Dv8s561${XubL>oi7p=@9nM~v}Hb*PQ;wU0`c!4m3G8hIK@RzzKRe^e@5L#wM zMYd~1rt1XBJ}#~pPHA=pX`7lV77c*XygsGiVUUgV!RKt9Z@!N8zuirT0q;+fOU?Er z)&u?9B%^Zb^DsyRr*3Vl%}gvy!7s>2Tnm-4cP|dD`$K*YD|fM+O4f3LS}2*@AYfJ- z6>B3^ZB?~~COui46gnue>7;1bLLZxr?Q|`Uu=I{MTG8)%8CmFB%REzF_%Xi6Z{GC3lT@O%u2o%AQl zRfp*H0;C(2hPjI1!B!N#0BO{b7kXWviKQ_Z|+9ogM>1(WNvi&=ecM1}>O4&ndhOAL-6|sfxGxpD3H@B7b&_+z`(TZo z?K8RlaCc~Fa9wdWsIe_Z{EXu?LDoqaT@JWgQ|xc`{5$XSspYU@g?(t*js5bEMcQw* z2--$i2ICQCG`^$j z8e6{a80J0}dh!HyEVuwNT+4FygQ{5trfU;FSHe@XpRIC`)e47&mS?)!>m4t-;m_*^ zEvaV#cCDf?xcjZ7qPF;(*Y2#Dk0jLQ9yWr;852@{p3QS6p;2u?0-~7(6-dMN2W9A< zl5pNk4Bd&RkU|r+iJ8~8{{6eCVA*p?MB>)7)ky`vtK~4U)F)pDq(s>6kRgqdx=N3x zuDSOWm3M%aiD*3H@}IMBXNKSj^MMp|W1twZ%#l{HSTy zH6b9)XiXS3Fco4&Bfe{tiHahGsnGnSUkyjD?Rq23V}(Y*6GwB@$Zjmd{Scc(KRU;_hS+D z>i6frb`v+f;u+wsmsRkCw*%j#;)rx;%hoR#>Y;>LOCG2LUOP>t6!!KJAV{%_jPGka z4EXS3!v2q^bMUJ4{rd3fWS?wKO}5=M*|s@ZldZ{~Y&X@(c9X5i_GDYX-u15e{tMUI z_w(HN>}x|(*RJwfl+Ln0l=!^~b-BIP<#_a{@UG2sa1lQzzB|sYx$&=_-G1u*Dm?Z% zaX*OUYRrXVwxU|wt zPaf}IU8KkHkL$~H=dwVFT-|&{ONVyH_C=s1&#zKIVD4X>QDK~S-jj&Fop^+_`jTPy60>s^7F`>lV>I zRNGF!Y?0a7w2^b};t7jNjEls@33D7Yd@+?Lae%##jnkCr@w6R;O2X&1u{{C4=30BI z3mPmVpG51?Mg&Yas;P~|u}3C5_meHt%yrHh{KiZO!V!gol|Xj(tkEww0CIRiMK1j+ z26jM3M6htA@9NN2-|DFJQxrM~SbbsPKp8+**RLX!4(<}&hSFj*&9xE3ODyvMiYWk5 zuJ-Pv*Z;974o>f*r08q4`cd$aryG6dzb0P*aifU2CbR*9Re9A+i?#(sy=SaaI^5{;sHLmI4CI!4wPEJZB92;?gqr!sJzj*y!BV)*OaeTU}!-KOdJ4=Gt{m{drI5 z9SIQ%vhj{HDQIb#6zO#YHokwxSJ|R$m>Xddg2I4A6P2pYo@k)++NP8@OBqcfrAB<- z$(@(4FEX~n7O}@9`fe6G_=aP$}E?Ji*Uyrx&3|V z_UvgXp6~qShne_*ew6`sk<8Er>awA=Nz2>h`D%Zs3p;5%%~fq86FT0(%W{6t1cOlf zU~0vj6(3CXAJ*%pRR{)mN-7J?7i?b(**j%q^aRzX7`58c2Lkt>59XEqI+h z1a;)Z4PK8>yY5K1Oz}A6c4!wE+fI!KI8gp9V)e&t$Vd3=^Uy}rlB7oEt15{0U~$`0 zg;n7)ZBNoQ4E|%Gz}Sy~+*61of80r0i&*^jK%rQ<>%GPH>xFbc3d**o%;-~qGaC1{ zRN4xwwasj zUu<8xDT^bI9jgCGW?*Jca7>`*GwE`II_n$ zcVts|RWdc6D3wrVdiMt^#T+}zxXC&fKwg^)IuXcN0R-|-ou)%L!o4WCQcC}0=Ynx5 zOeQC#mjMUZWbUoquzXB5C13X*l!JkqWq8iYXR;Xzh;^E7)G1y`A6=IT6pQag3<_+ z{FPtfA+c{RS4uCCUbekfTH%22Uo+eD*Jyy3w>hdd2$b^ojv>t|EC}pxyPCT=stiiS zf8oUqZ8s6FNGDBo-BpGa%8DN5dHY~aWnrJP#^y45TWOJ^LNh8WrMolzGfx{w+81bQ z^Ud^7f9=`Sb+%6b88so{>Q>ZF$UAfM-!RHV|I+I;#G>D2KQxenFfMz7pg=-iEs9g zb1&Y$%Az6ekMs?B^qpTxzGbIK(pst9yM|5i-To?bp#EFXp ztND94e*^?tR?uZLdIuI669RdWRQ6L|otQ%fv?}^{Z~*E=%dmS?+De1T{h^neIgGmc zJWRp#%f}tBkn_vpbS-_|*q__rxFt^O!H+n+d$r1Lqz<;5ok3>SAvy18v;rQ~@uF01 zg$p(S87*iy%F!Pw^^>h$s*nk5%lTB^upwZAXMyyO0{3-&+qsXsNnlhp4$n85cU5IO(sk)ChsGD^CC3iWIxW%+7a)s9qV$Lig6Y4&Q?VEpqY50l&!=L`me+-?-GHHV>_K? z)`j!2JFhHtx=B{r+KM4Gq7Y|}oPR9TcFe1l?kt+<$Ih2KqfuLz*2lJBW7m8pU%eDo z)=qED4?IIr1lyV0xEIbBi(Mxm986A4`KJRQf@W*ONuAiwvh5l~jBe`>anSSp1EaUo z#G-5aca4lJcC1P)h>LHL`>5R^F|vsXVPFsev&H})YD0bk{p&AgId6u4vE^&j04zAv z+c74JIX_acfEn!TGO*&m>eJC}-~fNv?by?~X%J$}wBo*qI831LUV$|~u|1FjSEieT z!;F_mCnsHVyx%aAllRp%V&%%<`4)~{kB1A>qjbR7Xv+h5g&!g4PtW%Y1xkL;^F9ZH zMx)!ASyAPeAbQ7HkhXCBP%0UsQVH=t7HB|=G2tlL;GZmb=E9_d)%FK54dXpEudy5l zg5h3rr{a9B<5{o40!?d=-vo#k62o1T?G?C~GM}601Y79MrQ9LoQU{FP!>L`kedzD-ixgu^)ZeUyqy+HR18aj8j)w=7lzlZaDj6yrDowd z^nh;%08MbNM0%3KQq8~x5}fbn3ij)Fb+EOyMC62NUx{=Y1dd_R!l?0nc{|ZU-ChQo z{On*!{4GMI+3Qs|1Btzvn0?$W^GWXq8)2DI#BJ|AR`RK$=I){#k6(eXgqk#_EEF+0 zIfEn#mSbk0jW}B6R&kW_LY!8wt7Z}^OZq<+O!ul0_6{QJeD2Dft1S;1E}fMm5HX@2>V6wcHCiX@}Tm=B$Z$ z1(@?7;h2FKE-u@(9D~J=Z8!%$1BpgbmZ7byc}_!v^8~Jy z6&Jo7@EG+tjW`Di^fv~PPYnv3xuQU=ySp9CvSb~$@TFU;G)yAag2Hl=NEe|g|HIm- zOUod^D))?Bibpo3L2BkNS@AY})m9zpK7l1iyOB`Cd#7hR=h_#S46P6)^`_JrRrZ7h zAng6d4+AwiQNxx-_KCJuIyzOn+(tE0pJ=x1AB&wj!_P^8^~vAe<1aSP6?J#2iApM5 z1zXK4$Bo+kM@IxWA_j*>yJ-HMJNbjqMzb99J6cnmBYr%hGdi)hvntWRSsO zToh2`>@c!FK07C058Tzg-01P0^L>AK$otyy$TO-|zDbqYasM#l&Riy^k1~)rZTj0E zek(U0xocHWDaH(6X-wi(o=d}(VGrR=-pB-x<1d5$@6M3q2t`@eDR23>`}h1>&OxII z-*E_V8BDw{=8X7n#P7(U-w9fdK&M4-F;WOTY8TcZ1CQOfRVXoal=%~(_ud0mm0b_I zo8><$`AD+_CH~vY1sw?`)Jj7u@8oALd#7)Q^KlCQSg=A#rQ9Bi!u!FPA>q^cMclHE zeDX=}93AdDqQuIKf}qIF)=;;GAL5HZVb%)prv)A-yt5cnE0cRumzjl!#RcIjN(0IA z0j`Oy8MDT1e{mk?ThfSh zaIkUAuaVHeO|>$gqjM1&;S7mX=cq?LvnIT&R)$M8%vZ2+IJrVUkCv64jo&!$e+osl zTWk2ZGAga9tYm;gx&DbuR%cM5C`FyX6N)!vWR}!pMBuGjSZz%8q1QK>z zCdu(n!TpI?{#9J;T?&bl9Qb%N>;XyMi$VBf1dGBNo9Q15?p+||s`_4lZ$y4a#4y#A z^v|yzDxHLHWP5&=g}yZFS>CQ!aU@sL@R7 zh{){M8#_J&o|>_k!Gg=flJoH>%XEA|7+fk^EKkL>i$E)8|)4-h)~sIeD=rJ>I&HDA}>+-rxBCtd(oqy>GQG)n?|tzQr5oSJlh7 zF}v=EjRUsVPPjp(_u`2FqWn0Vbd#+r`UFxS7D^jFrvP)ZyP!{i|dUvBDD9A+sx?lfqcx4-p~h;8bL?!MY;`n1ty1Cum$9D7UTV^)0{Uc0Q|3*mVlE6>Y4ya5vR6uUMvd z#9QE{t%CZ2TtI#QKbK$TzI`i~s!BRvYq51^)}$P1W0RY!u(!bmC!26z{Qackc4BjT z0MK1ycbUZ{hhNgDj7;Aj9`4gz@{OPY<{%;_Gr}J0z0Mm{vHtfTfqvF|pv=@4z@z@H zCS(F&_(H-(b|R(;tz-o;J1IXw0Jn~6_5?b+<<{JH)K7g&VEj5I`I7%=Goyk-}~_rfYD91@W`er>V`1Xrk7ir{Yq%+>XDryrjOkM=A0C=-{3ho(bE$cI7x4% z9nD`jmjApn{Y`Vh1(uX;$&}r}g$)m7ptr}nYvJsB>eBoKXL6i()=Mrf8G8P;(-b7g z;I0~mG!YVyf^9ZO3!jNTR^qsv?llD3zhY>`jBe$_L8Gzy2aDQ0mRtH8ed$rWQ8CJ7 zoFaNaJ*1i62%G?4GRNIEoz1Y+b7?)cBGUsW1nKvq$JRz?Wsb45!hdU|PllMB2M!hZ zH7snru;N*(@;F>%vm>hv6Cj}-imbR;noK(m1s!nHYw4Fw@{g+? zLdYJP)C4ij*~C-`k&nLeTwL@Cm(~1BxyUB>YX^(1>Z4Hj)tDCMRogVrTCHfG zeLnChVqJ-?&SIwv3s)-MNCfLBn?Y4CDDF=Ngm7XSKa=)nI+{^@LuJ1Ie0LF~xWR#jMQCf0ehr{>WGp2yST5DL_o9Na~+`>qVXGWNi@*Km7?XbiX zMVS7>Ik9vEGxo&>hz5d(DB#8wlz5kUIMqo@QWY zb;nq6#8_sJs~ZZ&8(ftP9C~;rkbm?>%ePe=56^=m*Yv$u@uS5*9q5|ZMtw73hgm_I zpSMwCV6Z#9e?G~r!3OvgIgQ%j*(gE`;gVyTiT z2+kZ)7ss1(5vb6Gk0+@oBO}a|;OPbJ!}ts3iLy($h&I`iEu%fpa-g&Hv$>qO*vm zwOLet!hDP6)Eq$&hAZntDvm{~mz#~iJ^b_C$=cju{jpVG%ygUWB7}}8=U=IuFxEtz zV*1g$kL#k!GAmYm&N*tg@rhFz9HHYwq2|-dPXxWw4o==4W_CuLbP>0=bC2WEEew1| z#lHwf*O6!k?DlRk<%=Ytd4gx1aEc9(TD4VA-Ra0?%C0-~)LfBcS*t;1d)XG<4e9U$ycfe$JzLQ%bRvfhbFm{gFikK0b?< zZWa*ZPfwRJ*?v9eZ+BuOkD)r1@6$xZCt-KpQJo`nq~xl%7xip+?FXki#Ju&-JwX!M zW-EN|J$y2YSU(2eNj_Y2-KZdpWpo*c1g&c%N#NN|PYJCBHK?9}12MbH`I?o)oJWp6Ge^mqDzLl1B+_$W? zCr)%6WY>i*m#c$sbxfi;_szFSJojuB-m?WFW&GiSh`3!zymt$7I^N^iNR7LnT6#6h zW9zHg|FJN)oH(bVMGK#Ea@5{nA%x4JBv?i89R^yny@B1{hp2=u|B|%d$38hDZr-K1 zi3hNaLXpFZhUSp2rmfDiAsGgJFVD@jzyx%4wQz+%D!N$PdRp?Kb(3xU%+N~kJ!cMG zC#_#WP9Fl>GC|=klH-T-W<?+?Mk@z8te6Ok z*^(OOEbubiSi7qUMDKhn*(}TYPS7k!ib6FG`7y=u`4g-+X8!%w3>hQFH!Mat#XNc( zNwGd=t903aESB+bCRVTrE)vOfixgflQ?PH^PJ)hDx*zA6%;?x{69F>1)oEPzn{81~R>XjIZ`AMQ)Lcc?bo!>stTsqng8}QzuK6t9A)Ousz{HT3uD4hN z@4eC1_nVHYnE&<{l+VLLFJs{<2f~{@kg!$FFGJi+MNw0~qCim47Uw{XtVnuTERZA` zzG@IAUBDhy}AatNb@?!8_%|_cW z7x|o=OBy0$quM$cbdG`M`82Iz8~$n`C>>}Sk|vU6+#X5unLRQg)E>b_BB(Q;4&1qAec4vqpbgU4I?Hmh@llRTZ{wIk316XB zmZnH_(Ic8cCv;Xf(ayXYPB4X$AQnzoye5hwB9(@vSa?__^4huXHJ-(KWo3o0S4w?1 z7ykG50T0rv{F%UAFXV)OsFh|k&+s?}?E0Sv^kh0~$xJ94UipG}% zJ3m!zM5XG|+VJbJWTK;uS`-NYNE#F{4Lv6ozLsti{31$LCb!AxsP3{@GzR%@^$I)mCE>QiBy2!KFnUz=u5QNyqykE2kwsu*f3QRmqgJ(I*MK1kQEOLV z0w#(c4CSc%|A!&bdbuNYj{p4oeEt_!`_b-_wPd@^>wSa;6Ba{F9{Rn9%>96*gWnh)r1 zo>O)#9971FW@UpzqhhsmWIm;Ej+g8HMmD9$NbPFk%3lB~{lhyMhgYa7Rkpo|4ya~C zpbUnZ@~{Joi6#}2OFZMU{Hu$Iw9~u0M*@4#$J46dt`|gSU-s0jwD%^z=NX)?o9G_b z>|!FQ7{K@VM4B|IA!@sZOjB&->J>+5YhFHQ(SzRds^$Ca4X=ryl1+>Cr=}7G+Z0N+ z>WIEbD8C~N#HUg2CJ8WnunYcE!fyP3M69nT_5wd3?ox10L+Osve;m3 z(*XLq+vXlEjAC|iiSAOg4hffkEXb|d$q>nixY|0B>S;nSPhG8Pq#9wrn&U=)E|Je} zKU$Wxwg$T}_U2l$&`)lnUA9)mhvEEYAF?VGG~JOtPC~y4RlIRcJeO~0l7x-BFz|3Q6OryAa&7T+K7-%iHr zZ4%_fKe3wOhpVre9}Q6_IL0z2iSd)9v5nKX*ZP;nwP6IPLR z*c4#NKdjj|X9dPq=D_$8BqFvFaf8Ceyud#%tcou+g41Ec4 z^|IcX*U5<_e_TE2a=Kf6Tw1ytpKN&?!lvh{hP${%* z*+e4nHgt$MNYn-=+B1(?(Em6Qy&&MSaWt~OKe2HBGBH4!!fM0{dpA)_Gg#1*m~&M) zHz$xmpyTFqybhjbmfI z)@u9PTGw(PBio(n!AbODX#^Td0BD6&%cmAqF|Bx?sOuKe`qRT>&iho_?2fzzS$vGl z6#T9hn4Y8>WOp0$ZRNW{)2x^^Z%A}q}Y4Zhke zo)*n*=8^)3+Ey!W!u**CtG{5&e@Ya+V%k@Zv%4TeziCkYVFr@&bAq6J4BX!pacIW! z)B?0qlY=BD2?hA(Be@1DHGluP-)>jMH0P_)i-_a^0697w5G+aH~-l$wCwOgPJMVFFBb(q!$n8;lST1gQ$W zS;-oY+uO_U7w>E{Yn=It6AUysCnHT8Rhqf-YV;tEG<-mkwKb`1@H@frcw)KO0o{n} zalci~v)EXG`rqNbpkX6!!Z5r)VH$&Z?cK;O(#XM%uw;5dayv@B&w5H5YgIphsZab- zRROLglfQ^j{0SiEv{SSpDU!iv3Gv?rCwL(X9ZNtZ5P)+;6LZrDDE>?Mlq&jLxtd|w z`M-!b6Kp#ts}+?;p7YxDDBlZ44b$9?Bkw^8#u#9|$i&{d+>#(O8M&{fSOLRzxt0hRC79araN z_b+E=!k%)J%2nqRJZwN3g-F^dp@8S+!p7s(8B#@6Z>NBl0>9_2{p&szvG;CN%_GzM zNUQ~hr1r(`v7rT^JknuM!~W^RlLXn(GI4$vfy4KY#hZZ;dm8{@v#Vq05q)c6;}Sd` zjd3V9TLpk>wk9}K|<6@$QE>Y+S6}mFg0}v3*OESnY17y2$;GmsH#h(4A z<=%cewDr*iXEiI45*F&l0kBdY2h^j>9lLGFc5VWi{;|l{Dv+&A{D})lg`>pHN)f}R znwF(Hy>0t=a<8sSqKIFi7=*@y%2!2LlfMo-N#Dz>7iSZhiAdB(RTUXC1sj@@evX7Q zw55t^bIe2?)E0vhf#boCPT@W6nTW9w6Qu~gmvtH%M_nJ2#^mbrqMW83#tc@LQ!~hl zoTHkH01Jq|&1fn>t6(&$VQqaW@=`B1uYN3(nz*&$@I>%QS-LAe6I*{T_RBrIL~S%x zft+K4#r6r1Nm30dtR-@p}*!r3?fDNI8FPs%!5h%&n%d=2_Z_|^G|MKPeoh{({^ay|(n zyDc+-M$|Ubsb61r%d3eXhcj6Vy$+62zw;`IrEm)oAWo*Z<-(=wW(TB-$-xv^QqDCT-!3qlo|FkHVZe}BZ;@ZIeRC3zfK z=zLW9h%hsCU3Rw#K0F9{?WaJhp#_q%24IQ8;7WAM{8O*|v#KL>f=3A&#Wyx*;cG-PBu-T1wcOnSU# z_-^ZUU3YT5{|@ziDY5r@bAIl6JDaqxNE$qAdFPpIJ-nd*?xmz2g<{|`cmL{eKlyI= zDkOLxV#E4zP4IkV@Ydo(C2w$h>Gz71U-gb;wV?E~Vc5>+j)4GR@OqWy_=gf`itca2 z0n7yj`x~whT?XnHIa_qShN1(Mge^aFt$RPDZ9twso2+WD_-@G0 zST$@nb=~51-5ob|e1xm(ojnhh394R(NwnM_Q8!!%7q-Zv{{FY`)X5R_^L_pEHoE_| zJ83Y9_Ht_=RNdL>dkj|aTk-1>u!N}jI3k9p`NPxc@ELwB^>b2LboeCbX1UdUBL9n% z4`B%WyI*b2nusd(ceSQe)DH+W!7@<Oaf-rEr=F$iFqxTqcbwp`Hzk zI)evS+Q^Il!-B1IyP5%QPfOo&$qKPo4=#V}DYcgG6J<1!Tifg2-cs$@6}?KWK$@(- z7TjS}?XanFRO39pN!YNhQ*J{Hd6A6I-3c`L1fuiNjaJW8gai99&i;XR)>)?y?2aTd zF5=He?v>@mb>bM$YsA5l>9doM0B^0J2i`q^3iqYMET zB_t2eS+*H+u6ECF2dfS|?RN))uJ;;emQ4q4;z2^*8_xz;CtPdZqYZ<^&Cf3O+%Mr( zJ+SXL_KDxo%$_Ig`ELS*UXR|rpBbnf`IkKBtk>z$-kw+99>#usX%n~xf2dYoH=YNo z-bdsV+K;A)Hd+%YDIFEv*Zq{$I+elWI3F}Tbp0jpv zCU6RrCg6DdjaJU?CbBo)E=isT8=Ngn@RIg6QGGv#GF&D!5qF#o4StveLCp7>D-FwH z!4%k`jENTWM$L(c(-ttKYt|CZ9h?Ncq|%5PK}hke{vrn=(3r^oVhz(T2C{O(nR4=%!#mcpXZOBRbi5Q9K+L{IVH#6yjy`I3^Qe*AEWu`_MzYIk|E zblY~$<2n~lm-9ZRGePM0_vY`3St#oGjRi0G=e4o|>rApt`iU&>T1e0Q!^5YN%C@)G z$Cf=dDw2;jtRlw*r^4-|{t$UO0iUZ~Q+}8*X*uV*td^yT9SayJN#ubGYmS?7_>Z9M zf0@R}i4498qoA{&Fc8eRP@5*9-Jqia+C357NeRPxz zNY-J|FpFM~BWer8`Vm{RIZwQYl8wuzzfu@i{U!?_o5kQ{`HuE2>gBWjGb#n}g^Db~ z5uLvmZ^Qr?{kHQyggr6bfhMTk;S%#RceFa@7(!P=^KuL0E^T_c1{&nzFd>$NG&G;> zD#j`lrwUhBHFb{M%q>=)QS^DbWZ06$@*2M0nER5u{We8VHB}bypvwlKOinI&h#pR+4rUvi#M#Nx=Q^$5PFnAD z;-~O0O5!nJvui^1?|PaN%0DEXO04pjk+J__@B*&l_ufcbI-}KL8*Y5ts(L?kY3dlp zHx^%r9sLE-bXDAg!^3fE<}wtHTK;S1Y+beaCh&l?ir@`Uy6c{lxLZ-Il!9|0x!|PcnV7e$v9peiepH0{!)6=VaW-S)cm7+pE29-E z_~YA~c5R)}TO;D}?Y*bND|w{`*cf=azbyXIy>eec3S7C`JR+tYGtCT&>$ZXYWIH** z*#A|b+vFb$U^fV3{*Y4*$ff=@)X)?5;v|HEYe-Azs6OoA7XmnPPF(K5YFPcwTa4E# zd%5t`t%LYP9TM3YD$t~pm6Wz5HOJnbKvh3%SuU6?Tu{=X6e%tabXuncIR0%}`bQ9w z9Q{i-)_RUoGQKW8UyyP{v25bgC|M zJR>emno-McMgw>P&ns88d9QJ#oNov<)i0hmF!>EI5F8(T-jPaZ1m(?I-tuLAjFG`d z;p@;!ghzw<#{%qvDdx|UHtZ_(HO%6tND}NUA4E>-5e&lT4b6 z<~NU;k35`={}$)pncOf%!}3{j|AUSjD?<=EZVxbX{iF1S=5um50KKPq=p#v1l9I82%s;$%2mzi=rgi+F5E$Y!H@p zJOY%@%BcP8mWIJ>1~gtzVK8pD_E*`>ED_Z$9w@_s-;4C2X<}hN|Mc}`*7N4Pj2)bL zxaZL~GR_{L|6`$lU3ReUfb7pMj13Vr?LT&MLWd2c55T0hm16(U9#r{E%VfJf?oDMt zqy<7yN1N};x7GDHY^|D?&n>O<`aMK^#ox?(Cb6WnH9?AtR!fMk1$N`h$jVQJibnk4 z*kphN=Df)GQ-G$6X!3B@$?L_C-y|y^i)Y{)D83DWY`pb681Mr3!Z!=tRJ?IhmneB# zfzZqYntIYSV3r-@8M_ikLM;>dES@&kw?K~M=y7omE$pRl$~ObN8GYYo-D_s;`W-Q8 zSXRy(p4mdolIr1-j6_Gpl*Y!t2aru(Q%GqZFQw^Mt#!uXSkff{wN!Y9U6g((dYl4+ zb4N%iR8)t=RA&FNIL?PZW1@U-c^std>b9)Q*f=VtZcv zIdwufb#-yPO{9a&o7s>@h1O65(V!5{$LqjyruML@;5G`)zKfh!rJ~SqRl);yE`!73 zmoz`_rj-GKEaLqs?6d;TF3SuBG6hr%{Ey3aRAj8e;xsITC@ZJQWUK>l;RVwUtZ6^Z zXo7`LcEyq{63KHmDL&~ zwsCHjs4HdZLM*e`#$TWuPYs*`tJD8XP;Q;)w@gm}_4bh3x`o@MM+ne;w4bfdtN)^o zNDNkz{fx20=}{sS^N$4;l2#zn?u=Jp!+wpIp~PJaUxN>cssprsH_o%HmORH*??6ME z-csX=Aghfmsw8!=8wV)wIR9wu*>INz%jY$Q&)_xzXXE><3(0%QWI-4dLSSw@VQ3q} z8ACOtc&+HbVne_~zk&D0U3ayjKOC?Kv@?C7HR*`}q;NdR{fN-jB7`9RvbM(CvNmWs z_qcynTecw6JA}}QkCwq|DihnZ@gR4?Qa;h%54YkYN%3T?0h}7_kE3>d|#5F za`Sy&Oq(s4pC|s%W4(BYQsl?!*rYCLANw=IGjeP=+dR~-czNB^3qC!dh-Oh+ZMba= zd!6}^5*Re^?GwzdCmsA_Vb|_DuX(!Puib0<#XXY|Q~}Ybjc|?FbX=l)JI^Oinq@qYttbh!&1?DGqDc5WUAPUw5i8VZ27Z$oerXmCjQl|i4PxyVTBi4@WcBG$dEfB;~MLdY6RH9lnEwuKW|yqkI`F7?C&= zl~uMjgsW{99>vx_RyZ9YM2z_m(j40%<9jswxys(6% znA8iwF8YOGb}Ro8F;**j96p!1IrqG`W|2af*)?!jH2}fF><_U$(q5%66{`g$rr9Cy zK{FP0;ZNoK3x$GI+9AZw%z6y3Fw{n z4^s@|pDdteyvnCXoJntxry$nU)73f&%F+~2ovGJ$vh=X?bu==vG_v#kA~}rYFH+XL zcFM$9_5HbnTOF*vY9}EDWm7l&jle&FBANF8mWR9YkPT~%x--}uD79FS1nnEpH=z z4}UK)o}a5%4T@?oTOrL>kmfE#XkyX^auG5XbkNr_w8{Vk0C9OnEJ^Yfci zf@!vgS%`ZMSwF1n9clUej3v$bNO5z|Znv{BDcLlQO@{EWg@d~pi-!QqKVMts%l&NL z3UWd=ybrwIci1+3H`izTQ$OBq=E;NX^DSN{%wjnEK>epoK92-?{y6;ac#XK^mWJOb zvz9(KBo>0vI(?N}7%ajSP_>wqd1?RFh*%@A!f@6yh;pd5CrM%TeR+kCYl#oedApqcLG0lUk6b;<5FF64O44Smf&4`|=o?BIInv;DxgW_xJtw1gB9{1P zC+tjNsKzyUnUp<>QI?2FTN^>&r!fb9Vk8(@C{byI#^j1KH@-kyPC{Z{2h#BEo;&$? z9P|+DV^(6MMSL<+dDZ;Bk>9#}G2Bc)=h+BQLY?d>b4^u|IE0*iV+R=I0> z{S14IF(p)U)@*cie)G_EEj{i~YW|AU(<>)AHC9s5{Bkpxgvc4%e-lA7>%PKDQ^&)k zObay%>od87Ci5XvqbfvqN)Lqk>#+Z4nd9Yub%6$r@I~#^OCS$Q^!Gtd>z=G=@(^pC zFwb&Y`%c#T`4O4>VB6d5Y__M1!ci&VuoHXY1&2brO>u^%$trbNkM^1Cf#4%k4gqBQ znM>7b+Z5Ig8me1z>+~s;*L1*~kDK3fk3C^1iSHanC2#vkB64~K(^%=k+sCvK{~8&3!4usk7L%Wn)oAI^p6Pc7$9?F@Rxy8$0cL-*>PkE^W&mscEfMn`1>Fp;^00Y( zP%-9&kO-$;KicnaUYG<+=9s*GZ)`+ z`|md*mRf0lgb%Cn{BWw!^(N{!WbUj+mZlSJi**C{fQLRp%u@u%kBM)lTH z56T$&NrR5s?}m=y44N9#`YJ5^k_{bV7rOwW;}PY?(yql4Dle-N_3Y%N44IoCzCe?lD2kWG%da4-k#0w9!NWn>IPFJ@`)&gAHW{T4r9S%JiV)v0T!&PlsLUD|m82Li3ejg4PXPWzSp*UlWdv9w zV)g!h8Cz;Fvecsa6&)+-@fc&2F5>(1JP)UNP$dmd%dr2~zq*L)b~ALqP+6M8g1S^e z7rZZ#Uy9nwK8q27Tc}^!2pVc=>+#?3(4l3QHIe}r`rPZ?cbxjYFEX|7J^LNJR(bpt z)a+7}#yS=72Q#+6c6skUEDb6`uzmxIOD0T&4}LtjRPy_f93M z1U=_`?ggqXTyCM6viW=wIxiZkKwp-DKMlh$%+2eQ3!1YetLaTwpXS%@I}Ss$AInHO zY`qE|78LyE(F*~jiFG)Qoey#k0V{2>f-ea>v02{hk@|2;-#`3A|L@m&t-xt$0+_C{ zM$uaK1EOYlHhAcfVFL1>V>VtA1cFE_8Yygdkcg(Z}lFSKzcayBI;% zV`&BCJlzcF=(jjLf4J>GI;0DPnhqH3efIc;^T;A*2V-)w0qrMdO#F|FQU$l=e!CL- z4;|N#02!NbHF}61&94+IrxQV_{CAg3y#yat@1;bGPRBt#;A7*8!9#(N%g#r_A|^_Z z6$zQEJwtk7a!@PfL@f|NHkAW<;~7?_4B|n7x4Xhe(m$HR#7wF#oq4btsF=>Rps(DE z#Q~9vNdBZ}r*MQCvm`v#tYhYbq&=J*#|fH_QnjVwgP*vyFedZ$mC^pkLJ7kPF&SPI zzg#qz7}Y%S+iiqTmT$>Ic#-ssI-Q(K9tAM1T@~ml^(V#QVJe_R@Ue`aZn@ayXd2N~ zcGrjvCIwNJr>mV5Oq@^CknycusbMy5c`i-W2MgW79p`r!#gFUXZH^>>^YU9-&ajVO z_VCsCtJ^BSS6IOd2*9^nRB@$~E;wU+Mj%8b5cEYA5}tB!J$?t(>AVc2DCe)3iOVim zuvOn>{TEFiYpRvQyg-z&)rKRyNLaYr*MQ1^LI75?btlN5SW(|5%(p>brS3 z)~p?g(k7IGg0H-;0;gS1f472I)zO%-5{FG$St^s=`HjA+6IfSV+leXB2aD!`;#2Ep zh=qJQNwxL$4sTjXp@OE;Lm{2F|AbU9vnm@^J-{qljaW`fsp^zO2{OdeHR)e;>GiS1 z5H$Y?1r@i?Q^O(IXwyg=)mGFK4oZ=*IC+ip)sPr}wIg5^zM;#+3lkpsn-@y_oT9Md zXv7z9Np)77Hg_-7`exyGxny!L1Y}(%zW7kZ5B*ZHrvCIfO4aE=Z{zLGXJ=_|lu2mj zbd1t%wc*w4{Pkg2#X9S3^>T-*>tb(5rd)y7slKbZ>OQ)y$@ksI&&!VCQ_X*wMz6^a zl>^%%O;nHH`-{eB*LSsrab4$~nG>huI)lZhSyW$R?io^1LZa5=N(@vXch(4PBw<;{ z^vn+C4?~VOU&L}Ou~7DC??;F-P2hQ!$>;WAe*(@T#`|g3O^)^HDeHcMe*NN#MAPFA zF&pHPfB(``0=r*(zWVy%SrOvp>zdNzxk*#-v*4x=R>V5Q6(0HK#r$;BwZX9k$>eQ$ z{>Zd?ABaQZu^w5~zAfc!(1x*oovo0`!zQW2X7C}b>hI<1+D?*TdRss4y2n!Ryx?AS zoASe71KCL{;I0O}j3Nm~_2%z(O}ipA@_X>g=C;EQF4sHN3Ysh|>(R-WL>nuXn?p zl`vsF#=q$67+z(Ce2oKW*5QfgOPYj`4Rj3^&TFc+Od%XMfKCYRP`x%EAFm-S!Ton$ zhcW_3*TG_VL)LFrXK%c*ZX>4{Mci{GXg5xMbM`TI^N`7*>2O2O6FTE8pD#?WlxY#UtxtZFD$&Zmx_q0R>q1uv=G8Y*8k>j= znOuCyBYyFZz9JJPD0351ZvJFz;ei;TA?akS_r}q=)sQ8L9!k=l(vdzTSIKV%8}8xx zRPZa2Et9d;{OG^CBHw);UA9YoJas5cko2a};{5HySXjwcQ&ODmOSYv>P8+TMFufH_ zB7U+;>DrjW7)hKU9oLY}<%5B%8i~F5!1{h(+=yjBz_@$AkO!b>wopxu?*fbUJ+tHq z7Z5&JNsYFEKwwGxFv9n%S?P7U!of!=_>0Hhl<5M9hVnK*=L|jBxgD?8N#C96bWA;# zgt(F$-{ICv$Zb=TDgEo>m^x`S0f0nF=hae%!s5q?JIk7-QliSVi8Mired<#XIsym* zQ-q^S=^#O?(aJcj#H7Bgb%nGv&EO3~F~0(a2y{;O=gc^#!Q0&&OX-xBr0@~=K(Hw< z9tSO(abrpoJORz}zq1o&WXok_^o@;euG}q;Xmo7V)Wc$gS7HAZ)L>4H@Fg$2si~=@ zv-9~SfsfXX5yCnaCrM!4;QeOZ!?>`P~JXOTM4I_#&Od!0>h|3W8=Sz@tKL1u? zBAxkR0R6B{%I+2?sbupS6+-T13F~i_mXhPK!bd{dNOHjr@}%-uS*z!!LF}$2LJF09 zbAD06bhGpD^K@za?XMog`>X6F>9JM8NG41X66%+_ zJqCYAZq7Y;k&fcm*5#{`^wJ0Cx&emUTD+%tVmE2h8af`V3Y|Bt3qQZJXi4LS>~15S z$KoRvb8pyNsG~X5YH`Zrg-HGi_P>=;k<@rOE4--yLVRnv1?O+_A<*Rbeg2pdjZAsG zHzlQ!lu9g-H@C4MugIBo?8$WT+y>0Qx$!P}s3zYf^me@gDm z4%B&F_KAi>W)NnO`H~A1kvjk19Nh3_Kf}=QHuhGbk}*CV$gFR@un`wo@^jIgfC+`R zsV=t!L|-OOZBd(qp{~VkdEH$L)GF_2?_^Z`IGCc%;k%UgPQkz3jh*luBXkfbQnNTv z-4JL?rIQ_3`VHSk0-&yy<9O`OSw0?Qh3r>Qg}k}kC|vJNNkA?>7BA25`qFca}7-h z=X;~P;yWIS8Ty8m7z0Cx-A!ZQzq9jUqmxHguuQAeTADeUgaoP0iA2QpYOL400CB|2 z!OKX`Iz|iYHT4fw;ilV##=juA-C{~p(9aQYf(66T>PC2+%E5%d^Q1eqfgqFE-*uNi zoBjUsfKqup*;>C#UwY*fIeBvgC}?H|A%En?4O;Lv?sL*zYe$D1$Vif%9WheL)HWl| zHv=QK2c<4uIdGvG%lk#;qKP;hpW#Soc z@2N2D9OU@%MlZtuA!Wq=EI8)7_P77?etji;#8)EgGv*}3{E51#_>P3us#l*+y9$Ny zi@v{BRh70PGUYM9uWo$OV}H2budo|<*rUt~ME)HOHxdfysmYq6sC%dG%Gs5EUK1QpwN!~f0<<^~>j8gEOoZQTU9`;x>9nJn?po zd_ze2){V!35DdZtolg`Uyb3|1k8m&G_bMAOJKX%L2*hI)I7zHt*4^U)5EP$=!S_F7 z69d(Yy*q)3rg-iCy&q`$Z`pC73Ptp`hf|`MqI{+>1b8vEd+s6tC>Ytg;|vzpvfDrg zm`)F9{6duw4}r!D*)3OpUcUBX&Ohtf^a#sb%*<|+62T;1Itd{#!FJ+12&NK z-0bz%@*7rX86wu7o66lCxw$PEQt#C>4VwS+aDOt*xQ@oTHa;Y%EYfA={C#1hNNH`un99!QZzD;EaPzb|3o}$wIAnNm&ESs?O<-CSSU-?Q`J4aLOVifyJ z?jmJWmai5lV4`&0BylMZK$pQ$+^(R8zS|$cBhhLpBX!(45Zt3vZ zVtHI2Rv$UeLmt@#Y5w_LNYlV^+RZIL(7{gVZdTxSW)2(6>7fTA7Xrj9OH=S9Jemi| z0Qi{U&K2acZXYg26l$2+*hyeo8VO^m1CqmT|8$|lG<#bk#$~}`=LFZw^tJNw@${TO z9_vb5B*=-5E!H#9Ymj-PX%ASXA*sD(eiP5f+cuZ~R?PLfX}vR|m_3uc$B6i|-Y#+C zSgnqYnb(fNrhUbQvyGpPkW&Rcjl!g4u(){!-n3+9=ZDju6MEnb1$!y@f-?=Axy%OR z+Ds2%?LJmdXR^>Ok=cZJ!J~ubiPDO9oO4Qw)wo%At2R^lX18iC8jH57x#4Bk@OL?w z^&YAB2kyWJCZt9yz7l35d_feiOR67s0F`xtVRfX+l4M)J;eh$wbTn7`~4vGL9>J5 z^t58ql~gI`Jk^Sut(+XmC7yk(~3*LsLbzA_#UC^Tk&Jdz}qF2 zv`1}-h!`qijl}hb;IlKL^I(8CyB?NiTHiZW2pY*RcB+3Y1i`}ZZo59ecgB*swI}#5E&z{se!{kbzY9E4?x{UB*>Ev}{z(V-*mzbB6KGLK4e=O=Y?sS~@4 zq{{aa+|oa9p@JrqOlUuXO_K@5Cy*p30-khk9icQBS}%1x`VzrCB-@0xTb7zko1u!Er$1j=`cSmunGs+TG~#KX zL+E_W;93MUZcw8O#AF@=1@3Z7Q}9o}zq|}X*eQahAi&Ng`v5`TJ$D_^MVf%V@fy$o zD^gC4i$DRXPy_KBUZTC@2Y`Z52mF6Wqlij2HBN<9@?&ORDVI?PuoOH2fYkz2b&@|T6Q#;$53 zYk6o}Yyw6?p;fwwsth>wuh~ajNRr`b@P&daYVo7<`c#R4hP6}lIwajAek%ZNJt98= z@q<~n4|)+*g=9oMGWMHazfLgC*_r+K9>0(ZpZu*b0Iy17k;+1SM$h@F-{T@|4^wj% zl37ceq%{)cJIiL~)JP*SsL9|~5R6wX`*M<0(;K{fn@IE1uXd7O=+D=ii@VzM`tG(( zyF@x4le3T88oWHk)aHh1<;+t(>>13(R+2B>?2BH1zs{<@MfLm7w@fm%`V#AD=S0IC z_JwFn+pN*J=QYJ*#o|R%0qZI`SsP22me^lfo-;ne?DE82k+erc>yL^+CY)tydvF8Y z+CzS(f5#Y?4k`~eiq{{>T?_I~NEO1B#aAkhGR07AJwqJlTtNUzQLC53Dk)VNR%Z*v zXMu1yKtaAq>+oS{Yo=)WXQn=dd;~ZKnu(X4&1{n@tf5iJJvKKxPg84oF%-d_@ZHh8 zmLaBi#h#>=t4%sb&n_vXcBPA33FT`{^@oO&J<;j`J*uQ){ZPi4yqn8o$W|6RkS0 z`+@@f38%hP4nu@-e47M@0iT?_xA>__bvTovHfR0ZbKMa8>whc|xD1d` z9O8D2-Y$*F5mI)ag!KB|r zB;zTdwcn&6INr-x5T^+M1)X8KTAUZ;gAAXy{P$w$@~di=Z3+#sXUa*g@H9k%qcP|P zq%rV^svH78n?4(79vAk$X$(0_mTamJyXl^>eJ}UY=OzkG4DHFQrwBY#F_RB_%loIs zbi7%U;4m8*m=)bz1Ma60geAv7X&S(5Bw}BA2@uqYozeyZsuiV08QhgDtXhDe)eYhK z)<(;0BtS!JPX~8}Vm!b~9SSCC%h+^tjOPf3S*in4UuN&qiyIy3m+Nvk-X;H7bVsdY z#1TUZERS4m6_o2#O9<4Nlr^lfpPHW+38d9qYIHslqlqKzZ9H1ry{r$F5g-~kATu(g zt?HAF!|`DRUl|2*HJHH8?>=UPsSjXxDJwQBRJ#u}emPjccTz}OwdD^U$2jUtO7vFz z6;^wHD2|Maj4z-+kUmwJ&%Q{hk4zU@3S`qKcgK2D%_W2i_FWT=K#HE~|JtDA`Ml@m ztQL1}Q=>cPoP#p(>Dpm=_h7kku+ILo&LxLGA9oN&b)e9oXj_X?NhvofV47&T|jJd&(EWOo~O{|tv^zu0A|GvRL z-Z@!a>7My}_q6!7(f;!8D)k+TL4q72^E_0OcpWqi!1-Cfjj6PGTe)PMFeWJJV*qLN zX*tI_9c7!FZ|%ChpX2#Rs@wV2#`ODKJg-8eGCjM=HO!rTqH!_uRcWcLptOaHp?8`z zNG}GQa7o8RI`F1cXk%N31TYx1mG;Z5b>Y(UEP_HcTVaJH@HI)5!-|fxrmw2d-X8_0 z<@|OMupCOz?H;2{bRBtCvw^()>G`Cwe1Mw1f&!S&aFRpoQ8&-C}g{{ljO{p54FAwIu}F%fNm>+CYi9v zA434j7w~a+u<&T%00$id)35dJr zuP5Hhpg#^|H2JZ^fKqdQB$D2s(&^x@`TXiFPbCR~ZhrC+kRRiiaS8aF(_E~h5OJvY zj|AI478~ybDAU#PkH=yiod-Nl%)`WaUlDK2;`wfdc5H2>Ly_W}+!ac21r@N0h zE>(VtuEIo0np@&nk9_qCR_PdOz{nn@rFdfaeC#)e-g|-l)S*6@SThjWQDbSX^OrSMT?REa=ZfUtNy49QYrs%i^Co#R zNR#*itZ57nYi5<0reXIysZnN=+OD=fU#bP*&Q6Rd=Oq4yw+m3%8DXMN3Nvf@kewg& zYne)kzS!2{)<|$uQ~jF}srsRNEP;MbTr+B-2s;^}{s)$N=5JyRFUCR{q2WnejWiUi zrq*7M_G3(51-z!N&>x;lO`|8D@hLk`{8DCX)E6uDZ zkr7_u$ef>a{f$ranh*JUrv?PAOFY>7V%}cc+i!~YQG-UCJco9x7yc;%6*L?P859Ly zo!sEeiU+>p5BG8S^tG!_xBZpmCMq32J(G2@TKhS*t8G33DTcP-@GPf!Nt$Km$NfUs z8>GC~c&rEYKMl2BS~y*NBXdl%-%vtPlt~M@%om@3me{xm^m|x(n)x{_8E{(Gu*9)Q zuq#Sn(dg4R>qQ4{IM5}F$C=Zl!J!cd=-JeH6Yo$FJ}0lpQBq zbIIo}N<{ly!Zo-5SOn6|VaC(rF5p=Z&b^9VU;%wRU?;Ri`$pE$gz~rq%W6tw{9{`h z$xDx}ykr&=4p9vWcoS8&U0rh=EyDNg=kze*4kiqyn%#w`B8T1T z*ScKImTU<$IH!fV2HMt~(j&}Pg*L;oO$^^~O@613mOYsK>DsjHgn1hO3KIVEBo!?| zQ#jj?4sb+xC%;eMUoy4H3bXR^wYBlKfwZ?SUrx3cyDJwePHkPy90ScFcl^Gd96Ehz z3~zh8d#$cchJlXg@Beb3YuhxEd2}k}WaKN=9T;2HtKzc|0mUEjp3m>JxKvv=>`gGi zwdRQ^og!~9G5%V(ZUBM@x`s7DM)U(ta+m{3hhf7Id9*=4H=nA<8d8fg#6nKKDzvK2 zVTuJ=${zYE^U)8r&ouc=@ZL?X35SnZq*pUuNy1r?AKw2V)%#0+i05%JAW;YHkfLa2E zTgyVPLZ4iEX+N@QWFwPl6=HtU_4S#et}R30#g{qLzjt_m%HRFHxhwB)qgf01Y*1bG zbH}FRHrLP6J9W04|JBp@%0FFX5y-3K(M*)mINGf`qFS{ZPoiG#5`BI5 zc_KQskF~p`OiSrENF;O^W0)axuhXij<4i%+?U%EZzen5af*viD=El+Rka4lJwOd6+ zC?#Ry=J0^)&AxiFn7ns}60XfvIoh~G<;EA37Z;ZohPrOyV2(~DWIHr<$5yM`uU{Vg zekLGv(tq~K7e%q;o-eu_iByMBXn$?s=A608ICmkK-T7da=ps6_^IlpDI0F)zLr$}D zH}jp6weL{?qT&w9hmOKJDy#q72gi=voQ~@}OZ-%|pMjizFTBJp>NbYfYUAECpVg8T zm6H0!=hHC>QQSvjr81Jri^qvLYW1u*Wxu2{f3FDx4E$bq?ew?0d$pV1Yv;G+b*d`! z0vJi_>#c*aTp%j;;mI2Y1Tr!s--Ej~3j&+jn@N4j{YiVSa5)%2+_I)M(kKt-_UQM+ ziOKt$^~}I~zQB`j$GvB!E}LH7&fC$<)4k7LewXuns>Z#4ww6>~y11&0xe7>5lF$|k z8(nt#Eb@BaJ-B+i@F9y~>r19;6}GNCv>{7K;!jy4PI+MVgn2b4bGrZS7lTfgq{yV1 zg->xqa;Ui^KPXA_%u2>#O(X>o*wg*f1#c4@`kX)k4o!DzIgpECSyXu;%R9+T%YpJe zHw*|0mOTlYBauc@{yZ<0ObwT@QsdO4ok;urD`nAfF{*ePk2b?c-%g|Fnmy*@2Pi`~ zhs6=U$!YR`<4R_>zCWcUR>&%2qvFNBf4)Kp zrFMQObJ@oIi%J=E)vBmS7ZT5vUJW=s{Pyk7w(M4OG-z`Wf`?hGHK)_OaX);xpr=C`$SQ?^EX<_j#i4T>B$J;t<22OrtX36 z>m~_EaCFcW7$?L3?zrk?l{?!-^>I$Odeof`sb!Varl$I_ZPT%0ry;TVU7l@`|_M;hX9`-O1s>M2p$^>%_K^hY&o1{ z2eg${X-V@|8C(oZ%XG5Q2WB#Z1aQt<`kc({P!JqnLUn|9t=w)In(RNrW(d|O4ChJ7 zqa{!K$tJfd$DuN9>`L(YDxxiV5QD0ZNHUdZMfx{B?uF=yPraCA~0oxK(^maKUU?xOnsoeUX{C*P} z-+O7$@a@u@;%FN~W&|;g@`RhtIDD8(fBqtGfQ`rQolLxDT$$Q)3uz`~NHYg9=u=UH z_p-Loh!OlKCsI5qt0+!9Vss6o_TOzVzYkp z`nw7`oCq`G!(X55ubT{9qIROdbk)iSGcRY-+Z@;b?hpg^H_~5jGO$U)2HL7#cXyjB zad-SZR2MdKPMAj-?rGq-=;m+sds1|8x*o1E3x zv=!69>UR#`ITUBg$`rW6K@prKBV_A@mg1o`JrdzaP#{O4oKnKgJ9_Juq2+IAvXg`8 zK1%M|wzQ0EU}@AejVNww+QYl4F0p)CF2>s~z}x|GIZ)@SOgJD>c=c!!&ue@cRT4Y%otXmp5Bq<*K&kCrjCHNs&nQO0kWw`t zB1MPmKgS^UOY2Ue@iE|))2P@RyZn*y`;lB#ihAgQ%w2e~lOthts-q1y}|oVlH?AcWFbTg6XNx5ZU@T zv-8wYs^SPMDLG;tOj<^LQVX@m3~4KF4uP^21PPykyWQwVhxh9BnLgcxrxGj!H$y~$ zJ39JlHBLN*4K?EAns>N}2#1U%p>K!x!f-U+Oah`{vO&Q&|5&8eoKI;_GVe_Q5fGL= zFKW)aLbCmSC|jXYMnK-bYE<@9bzZF?Lxl=}+6`KFq}GrfszIxA$M2SERTBSB-S_$h z*@UFEf9F}%nPdv(0E>rt)jPYgva~um)V4OqkVz+)+x9hEB7tMTXcNJ^?~hit!@}}= z%K#lyK39`kbyZbWP>kRatko`OTMGg}!`Mrz3$Dfv7DD0!DTx=|jBXUkSZAshahYbu z5ytIlS!QO{`;pKL={Syp(5yB=c}SLJBDDuk=bQ9Iw9?n|K2sbe!1xc2+9H~Jy2^mb zyW&GgGh*oo{l`OGIgWB3;UxM<>Xh<^?5s4CWq%A8@vp-3)h|;q~Gz~1{YeW`GKKu@tKTf%RdPRS73&?JoBSxs19fvX_d>0SJ%qtvj!&6v zZAqE}p*IST7bBRp#StLn1>X8y(aQ&Eq#5Z>v^8g=T$Yny^NB)NGVq8RpYuz1b?k;V zA+emwC^1wvfuj{}#sN;Q<+*e8@^9nR-kv!@Nb>3;kCdQ#q>5Gk7!DWz)nT7B6qTaJ zkU8NJX*D|)?huz5Fr$_U>+Cxkr^*GL0_9p<%*;ggEgHX0gP?ttVu&-|yHtl2Kbknju20@KYOmYAkfEK%; zbx!|;?2X0ueEo2JGy(S`GA`Kb1amCVdfSDucC(yQe)YHBZk){vdvBY*?Kn||W8wzfwR5B(ZI zz&pIyek46fQpUaryVDzSgg7}19K|9n`zqy%nDZ7i$FoO8fL2dN ziZqYFk~&7g!1p-2Wl(V8FRBK91F+C_5%rmgspOPpX`CL=1PJLxOpp^;fl?_Y9`Ze> zJoDQ5Yiv?x5DPffCZnryFo2yvwL!FH8Z|)A^iXQgl%?>gS}um^2#e9zxVY95+;&34 zn5D1ow40iBWt2s`GA%i^Q;U{v@sS8D2&R+>2N)+H(ojqsLKx@Dw^_e?mmML$@$?9+ zlR;FJx*P-0LJDq85+m5wdeu~0z@d6ME*J}9N*3z+GXTg*0{Y|=`utB9vD2fhAmhI_^@iGNmZ>x4GrHbX;=4e3UeO@ABRnyce z7+K%{_$QGTpAJ`0`5e|1UTz)AkF^9)sD$Cd;q;PFB^ZaC*!z&k>_JIm-LWKC0wk11 z5e0^o!d2e%3K+G6Px4|X6NSMz$8@w=$l9xC&)#iw-<|c;R{3_{1kjy(Qj!R8LV0G% z?2bl%N3jK7Y|o25?|Z0@eZ?lRa6EfPp8-)tp;Z>Mth73)k^x|jA){RXSXfj~A%x(F z#MV#5}qrJxL-e(ZC zV|Z>J2MtcC(3zTIIJf`thR`!^DlOeNL!Uf%q0CAI+pt3TPjF=K*NH)y*Na+O?-fEBGM=1wP7?z`ek_ToBC^qeJ@=YB~rO>FH znfv`rRRmeB3Qi@c%Eq$1La$t^*1!IGwcRZsqbyYh$5mLjdYC&*bBPB@J-kFNJZ~4> zmlzE2K!PpH1zRQtiK;J|#CG%jE&iGD6%DZ&j8R5M;+6?WT3}pBpFPd}Z#SMZ%WevT zJOdXELrE+$4q?=KHi(IYnW`MB`+FW;O=GVg5X)&o5Mpx17I<)1QQuqNB;x84&$F7$ zV~Iw>KQ@AAL2M2uCXVw=my+DQ=WsuRjt>PZy*{%)wr}@nczULMzBcUtJ3f6h*R_q1 z3=b!sB<4gJ0B7g%@SUkM?`s!(GqTEy^QTgHp3;Hm#+$cv(eEnA!UcbxZ9dSW=7NtkkDJu=w{!w5iI^)3Qn6V z6chv`krrm0l-5Ar)mGqAjpQ+=irDBG4W?BghNDLh!sZ9k(keY)^yZB|d-qQlg~%2I zas-GA9roS=x$`;Yb^MZR-ZNzDFd1DQvL&64&7yNjN?Tt17SG<#&Hx=OppCIHS3$wDZ!Rc+y+pqCBu}*01Nwt#g4_ ztqX_CQO7WJ_7&Ht7$20Rf0VJ}ZPuDwPRjbNpHVl2T}Z6hsD_i=NT)iKNg$$TCtpf| z!7{_t9!zaFqpy~lt9e6eL;C7t8AkNBJ1dQpe8Q*0*-=M00jpL9Ih_k3k#^R9UR?x2 zLpm-;;6$`Wc6F7IbQDzVhB%5G)hb0ay)0bdW6tTJWAWXJ}GWjkfGu*-{7sdfU5e^EuO<2*KC=y`u8B70k zA-~)shY<%8-L08ewqOkkHo6AtIcLjx<^XVkT;IXCK(m3Z3VSU?q(R*A(r`P$ovc>f z4~|+86$4kTC$wO-Rj!Y#=34jcU<{Zt661#&?uXFMdNavXb@s(-5(Gd3UR0m1qlJU* zDt~Beh;8!3LXWf8>*oB?8GQmX-Oj+T`j*7PxV3Y9p4x_-Qey7{C@p@7Ld|y{h!5C* znW1sWSY%D0?Bahi?}Ux$y6imNvHcb+c>I)TEUAg+FIp=LucC)P(fgnaP=wvoO>A|nudLVG$Mf- zr-^$8%&QMz{fY*^J_2tMFI!Dj**OG)>zV^%@{tZsSS~FtMiV4ZO^2?3RA^RNqA8?{ zsnZ>8{;q70p)gf0O2&gp+bQT{ow5|v!u(y|N9wFp1Bj>7?A0)@^p>-&G>k?cWGBa# z^FTi^kfNCm5|`AJH_m+Ira6!P@#%9JUUTsrc!1`us7G3y1iy?E7#|@bSlBj#!2If4 z`hR!JK8)btmM_(|wF2TlUw&STiaP$D%^F_$T6^~w2il^d(;~s3FKylc02%HA`#ltk zGaS;8Xf{zfPKF&SQRCnM3i-_4^8WZNG3e~z?|ngFJ^(GbL`*nKcU5l_tf8Q^&{XBt zg0HRMp6j<~890!0ucviD&!)lL_9XH%JVp&|oxynyOD{mPORD zz?G8PB6j&ZeZ35F$$j!{CA3)hy^vq`ZB^4`ndiaS%5(3q{;jn(n+GEfE=0frG-4o$ z|H|&`KV5*J<{6+cc5f%X>fEBMNHa7DTzn0CY;OV8A)kX#mLyV7n?IM2BeJSaGL8qc zsONWnJO7_g<6@74icdm9(;c?Qc8CtK02C^@y{vM0axn}SF9fo%9aSy%JC!ZqhWhBw1k>ytaDWg=w9Vh@iPCV-l4HF=sva_XB5my|ka5-PBNOA)S zTdtDzzquB*594wzG9b9}NK#)84JoDTArVW30ac|_*mi`!w$^;w=1nED1W*p+y)T7$ zpWOzVyy2t`k(dqSnWuWe(0Pt|0DSQi!&#tF?|j=CSE8G1>8V1Zc8G zRDu?iT}3_66A4$z%u)hy)lT_mLiU62cXH8i1VOlM98fzSzh~7^onhnLT0wnTqzw zZUKD)f^)25IV`hlYV+ib+iV)Ca6pq^1CmL=*I~Bao7Ly~pxc$B9nsjoe{g!WI%P0{ z+J3PtLKxKlbU}@hfmccM#&tsqD&dcD=X#o--1*wW88px-+tk2LFbsq-g`}?ye;$?1 z?9Tb1aH^3-Ro;gw?+?)YP33{AJvkGHz^sG>LCG>e)MaI>+vZpDD@?paT=$ZqakFfC zq6nsU;T4$FlHi6_wwvupajpe4J;rm^Rrrs%b)G!TM^O`+$4`drtG^oMS5giqMu4(< zpWO%S<=c51A%vyehkqa5i`uylz*5)C^Bi8l52bu8x)N|l&f~Trhcp_|X2T=~jVb5f?O!cECmQV3eM6~&q z>vGLhe+YlOc$_7YdwRX~%zZ}(LxS`w5aH#m6-MH ztRmTi^BUxnuovDbY_QW*VTURRs+Uy8=m6}h^Kge(K%l$G%A-=25u|ZM;Mh=|@KB8p z6c9R-=idg7d0Eo1!dGB-nWoLIsHhhINk|?1IzgJrKB%fxn%Mn@$oATZT;kyrSzP0f za22jvUIf)zCWh`mT^u9eD=fdlp9u`=7wpoy6L~ZBj4vl$h-6r}FkkbY-VOnG@pQg9 z&sctD{f&qLONmw5_{RZlilRK~V(+xyuV=tBfqr-2{dZiuAz8D$n_kypIAoG!kD_A( z5IEdpRp7whhFM~IKnc+5IoC0zr}!Ev%OYHFp7E=W-bLVViz^W^pZ9HN{z!%=+C}Tw z2*DgAhcIQf!FSvlMErcCZkCkjoutlEL@(tzrFddl3|>g8o}B&~j>6lWTo4bDv22=#8vnPdj`eNe9NgMVF2QxuQuW!kgBa*Tv5zIVId4Y zyx`JqyypJ0j)sM2vD>z)*1e7OY&!94aQ@f>m)Mum0*QUbP%2@;ch@Cx{^z~*ssV2H zybTl&`;p>p_w&TKOW%2C1&$XHs?hE85neU~wh&L9CE$vsE_`s~b3gtz@F>2!0@u-a zldd3es^jcu{?ptFoEq!=4kZ|*d>ztRpKAbXyYSk41O+1-9TEFG4ts6m;gV#tFdB|O zEHY;#&|@@s-Kn0x5Ey>*mm({O&!O6{5sF?}Ri*0|Ri7PKed~%dB z;D7-s#Sflp`z~`lw$Omk2blnSkd#izoGMn>#hP2IuUD{=_0g>^>8i}k~o2d_iLkv_BJ9Ap!`MQHunj7Ec-L@i`!xYSVsLaJKeqf@T$@NgCoR@e2!SK>MELlF z)`7+awo=N3+{evz=(RLYQt<1gAu7|!#{HQe9E$IzHl};g=tn7ArgaR&Q7TLZYFZal z7%n3n4G56gN~DABbE!CrIl^gXd50B5Gth9=iPhjE+Fm;9ORZAv@=pqnUP~BU`kM1O zeGV3Jx8(^CG!G<#WV7oTQUal0h=mp>HIh)q%oVx842q!J9>27QM%VkNrr*}bz z?>k>F-s-CDBfJO!8HZX4DpkaF_kS#AAR}JaqB**|9p3kU^tpBgM8t$P1U`%L8`ZYw zI<@!j0@QY222-orJhC@tre-IvrLH#Xc7=NU-?=V$oAvH^^ zShjt3v&2=`HASF9sr?`vHMEant?wG-+Ra;C zkhGW%`83C+)Uir8@QaWD3Y%g+^HBl+Sg^DWn1f0yGR++&I559gQ-7UL%I(MFMX>W}O~B$=C3t(2*tQ=bigMYDlL6IK=0jK$EMh>)k(w1-~EpT>k#~dsmUmI!7dA zij4@v#Rb37Ot7|R7#vdDzXuP2d`gKXhl_rY^V0@lzhPfzn-oyg)0U>a&DH==Q7>i= zeKja9LhmacVS0mqn!Nl~E|1NjG8iCI;4|} zW6JmQPvgA-2nzMq<}T)7Nm1X`{G5;jGeRT?P;@0Ijxk6Vww;1LXy_2thXX0*xP6%0 z_Pb|$yFq8s-6tiby^SQ+VvLG~qq>Ur{&{M!+_>NKN*xOl?YdzQ2ROOi_N3blyr`9% z^P`Mld)tR)o1m)lC>jo`^&H;o4g|Q1UR!g41zwv)<4{nD@r%+OfZzf$(MliA0Fkip zfflE3AJ-kP**{-~c;skVvbIcUWsWWVGJE#_v8bl?toa%@8Z#rAv&Kl&vrtz$WB_0? zhf`2c$|j)yf}#TFO(l}#w$&71OTPiOABivxV(n2UzVb>IA3A=rgB~yI%!qIiD8_El zF{_-@2}A;baQY+FlTlhy24x()>}0tD&vy@*74sq6`^{6|ML!gxX@3ozbZ7(~`bJi`OzHNGGhX44r>pu`b>E5-2Qb{$zty}&*+jq)5C1Od z1P;Qt1s9{Ga(Ehtu_x=hY-GNDNZ?%xX`y~;a?zF9&w3!lE&BXcP{xX#?sI{araRl0 zAzST`;3Pofh?!r5(9>7ho!dd2-goa>JY2C?4$1zp;1?3>eI8}|bE>&kV0`)Q_vO{| z&pW0yqUJFGORj*vuJ&Dd?dth0ap;I`{&qHtCe179Jz}toMJ-JXN6+2YKRACz63I>a zn@)MBoS-lC(^^c}!|OOLM4RA5-Eq-(mSTXKMW4A7&3uu|UetC#kO4UW zg_$3q$#WfFAN16EwMBZt4zM$eIo4t0Z%$~j6z2eRFa&ghuzVqs);p7Od zw!S#-aoE3E@2cDS^ac1{zqSpU48Z=>Q+MxuKge6Z{rhsPIe)Xr#n@O|8J}b|mlXr5 z4>>lj0zP|Bq#buYxL{#hv`l}*_M!Lz(qmLn6C~cTqWq+n`0Xlh_4qPgrDCl#$ zJw81xXl!Idu@^DZfAy;g>;Ob^9K$YAb`G=`a38kztXF#wmC z=E$Z>0?jT8Wfax;)B23!UNmP6(noyxrg|eYNjedik>+{ zyW#?zz?iZ9q*$lq5Pr{mDM=?%lq8*Xm|w83koh0*31S9e!8Y5+9b!DsOsZg-RCn%M zb0oQtq~bw<0yo0S9VhLr90etbQ${h%okWuq_=Nx1TS{SYPyLR7es1#D(f0=;c_C0U zdkj_p4uE;z@oqIgx8P~Z1*lJ*il|c9tLCOv{-}1gIQg<5x=XaFoFE9^G?&wJPoT~u zg+KsN4aOJT$M|ADllyP^g3hwNjRZw|*IIK^qkgZ{|JL6{UF%>{-RcPP|C#yL?}3W) z5rB)^#KqgNtUc@zy@NQeuT8=|L7yCkB>7S&UnMB#e=t{Z!&Uc>MeY6b^}X2B2co%l zCX4*$F~OH^pVWuD6W;oOTEAcJ9;e#{&rd-fE}g#%{;mZ*m(>SO&%HKvvP2JQt$lAG z6c@QHRxVfj(~KkgyMwA@ev5TF^SR_FD*@agVSatA+sBo3gwZ&9?Wv^4uGnBNxI$fq zqZ=(r!3fH}a5#$TK5uA`C7pxke$wpyXwzdX<1jO}6&eVbB=?toG?YQ9P_!(W7r~y% zC!IM9jRh~1Mrv&CEML)2_9-^3d1atA{t83N$cVab3HYMt25Mw`moX(Rnxr}02Ddu+4@olY*{YRUih_~;vsB3^a` zI9&7+#lthysIAG-In5B%PvpxbPgVHqx@KydofX%8p-}bYG|t`eo?l#) zrodEe+lfXr8G>YZ*N`+If@GR^kr^6z&EalpTIc8q*Q#iED^nM$iht*YO92|=!6q%7 ziY4&~$I-MxD2^;dRtpEQ0K@B`e~T#nuh{;S%=i68RNd|WyRG~7`S!VFczZj)KIl$$ zwK~0?;ms@0_Sh(wzD} z^8`B*TfWu~?~#+x0TAhlovoNw0nxA#NX0Q5`tw8{M$)Uswo4vX-ej^F3mJT4%ido< z`*D}su1fKtCSjiMERU?>HM*({CpJx zbFk|)a&BWuzA&KG%r7Y5(>B&O$gj_*vWaV6CDqg?BDvh^54s;jC&tefLK7l%`p1HD z;XklEV%Y8!pa9c-u@xBTS1RIhB4 z`E;A)^&Z7>*!RkIy`A$t;{SL$>$j-8CX6q=Ah95^AYCHT4FXGd!xECx-QAK)gVIPN zogyF&(k)%m64Jdi@4i3y>_4#A^||JJ&zzaL@3A_dK}DC(RAQ{;)Q9E0ZS<$xUXD2r zQYz8v&i=3GLqHaY1?Y}1^K!O8h1G*^vzgvj{uW}UB;c8u9*`;ys_ z-Y8NqH8_YBd?V=Z0K$-)U8E_srD(s;nK!9&&Le?(!QUdH2TKN|3p(KGvtmhZAd@QU zk-7#A3Z2W)WNg$^!wk=wloC z1ujT*bQ(CiRuG9fZ;K&GPYDU_G+3WN(a;Cm0$bmjazpXtUb0F~R2cczFPz8y>sB2C0_e4z6s+71JR{l%U9ylH$b)L-$+3$X6LYS8N9e)L!I#2-FApWCt&dHv_%Pj`E(*U75i={i#IA)D9G#`=B7 zi8xEXywG4IFc=E0nX}t9+pgqf6w!o2!N1@%G9NzP`fmjA-=v=paF^kLH|EaTF^IDFX=ZD%u{{_l+5>{-fd z_q9e2Q9#Uq)7g&6kN;Rm?q#*)f6pzZQW;laGwd{&Fj#I1v$T%1RUd<=NhZLlzVMFO zFW7%3cO9>hokaZ}^Nn*7WeAonuno1JDU74-Ldcwe;g#RBBKsExsVC_aBgmi>lGPCd z?pq6So9_tx->e{iRtCV5&led*)MR=2Hunc1sG5Dr!;1?#xV4Fugn)@BR@!(nEA8Hf z{@CNivScJv1yX7S2X6v>(yMr19r4eaNz~~EyUC{If5jv?A{M{}U*t31M-;igZQ$hk zz{2=B)pWpzg`r92a27y{jb*Ct25bga|000i?e^vdX|;V9C-C> z_^mA)i&Y>0yzaP8Njq5)4BUR_G?TKtsHYV{ONvGx=}RN$&IHRhtuOzFZ`U z#Kg=eFtu0@x!wZC#3;FD0nt@xjRC{Y)qB&==v4Tn)mbeWkxa;ls!B&wYv=Dp5r~Le z@%wQvR$2`7h^2*Qx4CqtUyiM_<q<<{(e@GCBnm31jvSepLWin5cHa+e6^+sfXb~GbW z0+V?!B8l#@hbfk0cnjQ;+#B^N_RrrrXdVdx6diM6I#h)(Y83gaIr4c$VX(>Q_@w*e zgM-rFU9kN*eV5klFze0S*SJsz*kQus0p69*v%> zUJgc18qAW%$_!a!$;v3enVg{z*+|rkey=e|yC&|Gry@Zo!jv=&M)d@7ls>>WTMLAE+mb-&jPXd4Owl6gN>mYUadu zqQ3JcA!sA$mg;%&Y;hlP&*uc}-*tC)f3snsmey;r)YkDhDmWe5e`wPWI2;JtGt0gC zsNHxl#_T%Epi*YbtT6AnaD6pSIpcQPeV6!(XEr|ZWF??o$jABbkk`}e=i7;=nUbIz zc*iM8?)}3_=k<mqKE zKLtWoDS+z;Kj>XI&MzYo+e4(uHOGqY7OXUd4 zzA*{V#^;FTNlH#0ldN}XY3Y~!M!BPK?0;`|il5DGF3&sJ@0zl!b`V)AV_5xaq{DnP z3@;RX7{Fgc?#5#dP6z3kE_;NbgW_C%a!!7&cFK0+L^Ve(7+m0q0Y^5z@=x6QT>skf zHwb+#a=4}VTU^|``W+Lmj(0Uf>z=?QeQF+SkoUXG5TN;iZ^!S&nyltJB5rL*bkn8- zTrp423Ww!7F&GQLs>Et88nMa zg8EDcG%(~-B~|)tW3?t`i+D%}UO?+u1rUEql&@6(oL-M@_W6_GCk3x@gvFeoN|!r% z^oHjLoZTDS$%(|e4mFMdj9+mg`BG%=QGcIfeC1OS4wv!3#6~Mx`k&-joO84$*qleC z_;k^_)H;;L8h1_Rt>#<{w_l6PX}7fT2~Z`i0nEs!%RXZhofk{5pZ5m>*9#GDj*1gH z7-<01_0^#xM1A@;?rM=W492qzX_IIadMC14sTy*UWWc>#Q!bNkg?qf})12Xz``8M( z($BqL!N5zviRQHw&CPe-`a&Ho*#zOn&21Ly9ew-ndvO-;)$yFIliTdMn%(%w*PrMq z%r7N}jvA2IXG-()X#clIl{{KM7=SrAhU?@4P?acY<85_qLQ?>n?iI`jCB|E%`cG@P=a1SS#H%L&VUL`P;2m?_^;Xt1eNG zdY}}kZylBl0~fw(dilpTz9|uz5i~|TaRsG3IbVE(0L+%)*MQG8TrY-6=9n+Y@1|u@ z4X^bYlol~QF=!_74#sW_YpSAR9ULukU6Qq`zMvy>zjT^ju{LfWSQZ z^XdpCW63AUEcyDW)v$BAq@wzD0a&77y8`NrO!e(AoB97(+=k@IAe?LI?UsCygwXG9m&pqy!Bt?iCLP3S&h&B6!8AL;;c)h{CG2fEa1*m0}>oH5YD&?Si9%pRbs1a)zx|Fi?l<{rIew8gC!25f#YQ-v&Yp!xW#+74$YHqXSI+!lOZ# zQmD$1LapW5q-s_?Qz-kGn=7YpV4Y**3ud9sUFG&@%VjxM{Kw*l03i^WQS$Kz57uzP zTgg}7&KMLzPKs}AOye&lR#F+#ydi_$D5rWWHd7YoZ!917UEMotv*{;N?$UBr$< zH!%I0oHtRNnvhOCg19T_G+^SP&W<^Fi_j5U!) zrdD~y<3s!VfnPW)#J~715D(JAy?Y<&wYy=G=gWjAYPqW@)u$>%f@1twHSu_7+tA{+ zd;L{Ww*QCn+L6JM-|oE;Q22Mt)m=xnVc?w!_ZN6a47n*b0bK!*RDv5DB~S7jPcEL9 z<65hmSDk^Dhe#GLlsvDxYxX`37cMC*0)YhG%pI%aIXZc+i&=pFvG{xH^!#8IwEsHj zrYUGwHE?_FX{X7kHS~|c3hEa*1HMZQ-?YtJrg@961_p6`_*j{8d7mMR1^L!Q89DLW zR76-z+vc~L50oWpdX&?-5@(E$g)*F3>6pW1#d!JW7-V}toGsKMA`^mAd6${An-{pk zTVrYH-eFv<^z`}qDWs-4ZXiYiOzi9q${i4^p`QHt{ANV`-Oo#Nbg}}K?fcxe$*FHZ zm5SS2_OWQF@rQyQn%4kAGlkM`%Z@!D7%lg_$Lv)oRU0Q`KL>WtH_t9t&qmr6b_mH>?{JYnCYl zVCnBe{ry`;Diw;GnABb!fOK&tc&0UqwP?f`T`HAMUWA4hxMAHHO2tShi9v|*Q}W!2 zhQ8DIy=Txlh86WACuR^G;I^0Lk{xLC_hmBmzHJ@@_l5##1Qg5kL*U{XW^R@cR4NH^ zA3%(?e{h%01s_V@?0DgNp{>Z5w#0a?>o0Mbt%>b=f?CCF)J*+~E_BKAQoUao<8{eF zHdr%E!3D_TR6uU+w7hY1EDd{PTDg-xO^uhIkPkp8yKv?v*C8Qhe{m6v#kK`j zQbN~?A`q_)(@y_+J@nS^#OKT~_vtd>p|>Qc>yQ%p3*a}J$(p083S~}?u)PkRO2SFC z3e{!6J7a_LeZvFG{$GWDcy}EY<+t749%iM>U;OX4=SAT)fwz0kCsQvcE}#AsQa%4V zns@5BOEWgEnxjFTURbfipn8~u>%6#Yn0Vg*i#SA%&)ZM4i!mnw&m8VFs6%KMi9#gy ze9O0{s;H9#?QiEBm-%Fz8{^f-$H(KoZjZBR5d~`zMLQqPM*v0vwMGVl52I`M38EL= zxesG&H`774osat?H62k}diwZ3LCD*48fc`NMbr!~=UaPtf(b@~A2%UjN6g)SEOxRb z&yW|0&BU?ZXhJr^F`Kjnv2d*ExvY(`Fvq_JHN zCXJfQs*=KG3!?#P4CjjXf)TmVm_H*j4Qe#KJ!0K>JI3;rFWeAe7V6<`@luPU=^u+U z?4GW&@ZVvqqKv45iMsSk6<-PFqRB2YoGNgT)a70Uz19i&B*#noHE*W(ZDBrDcT-GNCm#W$hYC`LrwHALtA1it3 zyJ)Oh=mf0*z&Lr>Pf?l38);90>m;zbGhQ3HJ?KrBvEa~jlaEp`? zG#PJHBjb%QQ7|x_At~J|;;xSNr$zr+hAu#=N2Ve-fQ3wleK;ZL_zP~ej0o2 zl_5n$)?>%si4Ck6i$-}^mko4=+Xg(ZvTlquRJ6wU1YBI{fw>mUx;!=RU_1Xp4#APa{r9vk0hs0NCwhF9acHs1KX{yo9r#X=`4MsGVxiCez$w)h(^=d+)-1y+2x1& zMUFFnufW}_R)cO+nS3gVQ_jor*;TxhDvguoWEKeaDs|N9dH^AM44|0m!PLlaf;yDu z8f8N91_0c-Of3?Fq~TQxbYEUhh9R5m}a zUz?t+FKI?P1@2-?Myy1Ub;?1-@BhSVX-KonrqqjzkqwWAq#4k{NNV`DF~XZFXfz~B z9#EJ6#l;8TJWIB%Qb$IDcbrDarqtguc?GSEzB3EN@TGYYYKTsJr}K#`9dtSG-uWTH zXMh?8zyzTc)>VHC1_Q$ceIeBNq|-l`1*eAu@cFSvO#w*3s5sH$4uNRpa_occwv@BP zW%4CcLEXt3^gebL5~J8+^}915d1A5aoAN#bvb3GiU`z(~&iFsV9@jKT@?!<{fx{6x zs5IU2U!}Q1z?uQ}gjA-S(rVTU1eht|qWv2(Q%G`RKwMh*!1KBlUO5bM(L-sj})F0)-k;L|@A4F|G490DWe57Y;5RVi4ncY1D%@mAt?tBrk3J1=$z5{`LzDJfXJ;KbD- zN0t^V*l`S~l5$d`Ka3naJ#pha09~Upy+>3F)f5qG6Q$KwG&f_{!l)BJN0UHR4a)7h zY+mJ-==DGjz;{52=gBE|&^t~`GVhC0HX-u%2YKHCk&yFG z)77s?TcnBjf-NzKzCsGxlhr1*5|aN0y9SpUrgvnPf21Eqw9IPf*$uF%n<74bTcG~S zoU!zVqfWD=oIW4Bl*{LEX}IXJYi3K-fysP`TAu!S^FAj=03g5m2^BF>kjULXwSKRt z6Tjrx+EZeZ_>YBN)wFi}@{y;L6;)ILo~4SYuf*?b3S=SuK9EKyHV8&8F5o>e%8AaA zyu?MVF^?CKm~B_?TUS5bzzR16vLKrq^1I_VQ+Ti3c`S!=UaV}}3mPA?fYw)6{6>8F zy{io*rB?CuyNYu##g?ylxQ8ac@GW7}U`w9-(lry7lAx!Su+MCv@NrYBNWkBi z`daAFdeyxp+;Jgt^26`mE~`2@9Q2(6%eW;hZJTem6H9^d^KkCJk1RkTi5F8C@Le#`? zoC3gS8VR~?M;p_BEE1dQCgTEhgEiUWhp)`uZoAkD`*4f~l6+Zr^L!DT$xRd1QK;lU zSg@7KOHr<#)3E#}aGTXFUAdD;uJ!Sc?zTCWtAuY`Z_NZhVk<*O@Q3fA@U>k=L_S< zhP7KftL1#xS&)x=n8}%5c_Lw?1*swUIV(J`_8$AFuX0qK_X~J?dwBHrEm%)Jr>yRc z+L>HxR!26anw?Jn2w^f+!^m6v!6c*u>gMvRiX$`BKK}$WuKF# ztOh($R4P+3kHnXx_=oo&_5$XwMSFckmqix1Q%z$hWj~yLY&vr8aMW3@rVyT;H4TEV z4}Z1eugrRjM5aC(TikHt#N}uS(Ws z!cSiVYt}1*Xp3a9)X3L;QcSN~Om5}bdDYd);%}dC)Hg5Eqp)u|KPBvOuF!1rzJ4Pk z)b!~YW9e^>qFitaG+y+XXX~?ED;r1nl-53?CE*-Hhzq<=q#jS2qP8%Bx^ z(qxo_Vb-T6T4Qpeg|&2xbUEI47<*9qojfPiz;t88rObCa;i48+4%tih&)js}blR0y zRbC|hF5m=7;fJfW$FT#r(_P*3!z<(Go6iYGfu|cyoi`1}_gBW9KG$t010PQLh~i8X z96wE;&3N_nZCgZZM|I;#&TAS5Dg0wWbq&HWs?n(+Dn+Jw$@$6*`{nK%4YjUW-zK9Y zv1Sp^o)!JQVDD1Azr8)Dk^neP8uQ?wtO3l}LG<%_~PEGKSg;jBR;8P5H(8Fh{R|7^e-5fV;z4-XjMO1h6 zxvkZBG!dmxXsAT2Iz8?dh@to)+l4%RNH7wxdjI$sFyFwQ13{!hbBohwH+QoY!=ySc zz(To?#2F_fgraTnxFSt zCv-ph7n!{CIR*a^z&|@=Z79uE6&6hW&ZBVU>eAwO=dInlcDsJ^`|Yj1fwqZ(_ax(_ z?iBY6&{SlNG2fp{j=ye(Euge%wLkD)-tl9dR6UYiBL584uChjo(&C)Md~0T(aE~4Q zms>$(6dW7BR-e01o*RNL@t&)$kJAgLyZ*6Y?|3-(8ztKmh+TPnT-GsudU!f!wdRTK z2Yn`x>0u@yth3d|8jOg`Z*6Uo>z_TCwViFce_VN+QfkddGSN6ckz~JyGth&i9_fA8 zPm=pQ()qkx1^ad&)VX5tTiEaEd`q?Cwu&8l_I}w63hn2hCD0(G7^rRi;aaT$RVR(; zI8ll03Fz#^kn-efXQs(VrlrHjN6BMyf8>Z=ZE0CFtl~?HFa#o-;cX$A00fX8fa|ix z5B((1M?sIdk9M8#EDragGFO=#PQymboKtT-%P@(qm%b9c-?J!Za7GHpfTu~yR?XrU zOFbDeH>3KGU2WWJ^olp!uid}tq{e;QF-7{%Bj!PYgeM&?h8_zmYfCM)gq7!&5dvPh zrdBc7l~q@?G#)?=b)fZ*&N#V&Pe_6$cK(;6$4^Qay;Vk^dMWAh~(=He!>0uHSx>pX1qRteXR^NYX}%CGHuBt^Na|Zyl|5+s7x#gL?vU}6DldX186 z?+z+C4IyD5-Hbu7Dc-tS?YMTzJCA{5_jAreHg>*NoL3k7vu{s&?%CHmf3*Fovz==g z%o*&Ka0(L?$B+Js8ttT(_TrIx#~X<Jm7pTotO2$r5io`zY2S0SX}XWK zVWvr7ZO^Csvo6l#;|R$$)l+1Uz+G-BCG%U(OHN!)Im7ut^5YYucLU1xd_`gS@*oRx zk$M-8?4L}a$@@W151%V+@zstey|rVnv@}3$)?LtD z?(-1;(^?wIyZahM+uxqAB6XC|!x|?r|_aBR$xv)*i-}dYWmaLx+zZsbl zCNcR69cMSBD^!o`Qgc%9#R4V=7Ca4CJnXn&z18El-kha@&BF1;Gorb~aEbw+VzI zSR;C$HO}PWDlL-7V(9!)9x$42&nO?Ep)HNdbEU2!Q=1w`bAS*JKs6oa#w^?4SCwBC zBmCr97qey8OVwF56Xk}$}&C8IAfj~NJtPeM8t)qizCZ?i-iR-#BPb$j1lnR6X z+aX})esxiSP}+hV{eY#Es{mdY*AET_(r!K?9xjRN&H~s0L63))t;_LS&VE5U^H(u& zqe}j)$pp~fP1lM$w^76X3n8M14ue((_Ynn4BVhxAm9|-uq6X(i37R#AuPirWje4f# z?cBGR=Xrk(vO#;U$u=l^W)YYiB7ZYHtcjJ~9K(cpgjEXJC_Qj@U;q3=Fc_%G#89hI zMI#|KmHzsaW`r&FJZd@n$U4(2A+>k>i*YLQDM?m>zsG+&y|fxey+x18t^~8{&i#A_ zWJS~5^3P65q~w0syHb>_7Sdpu<0wty5)$kB*u=k@F72i508)#uBmz>BQFSaB2brS+`? z_BHI4g+p7Z*vVI0Un-E)O=CHWB8;+0ud z^rsLxb4JA4Tj6!gU@_87{Qb0`OWEgr2;w=gix(7l&ot}8`SV{~BwI30{5;%M{S^G} zC5csxp6C4ZWfK30>A;?=r0Do7Zz)#1r$AGE+XJlLW2UwAi~|FIzEg*s73ab2Q# z3pSK6nN~(|;`Y?89A!f5A>?;1KUz9Eeza-LK0Z;#E%IH>UOC!Ih)ni>68w6^`;syz zJ2QE(B&yV)v#TOJx`V*sXHkx*IIp73B}c7G3#Mp`DyzmV7Q!qRDI(YG)FL)(%nc@HA|>LY z%D03UU2Td~oMA&ZY;0^VzEH35_K?JDXrOGUIW)!oWKuSgi_A_A7`xov6$o3$9Jw? zwf8KqT{fH_BNG$fDldEZ!Dtr60zjX&bqlClKCfUuIl0#1pO8w{#iSFz8TSgjrF!rS z3Tjv(kH;9;L3H4I1aP-%>pjT_K!p|MTGOlwFan+mv9eVqV7JbDe05yM5f^Kpqt6yr z;K<>G%u=T9K*h@swd2SI@pN+)-yZ?Ei0}GlYv-L}&~^KB)qAHN#G_33y&~`l^?t-t zUnq`PxKjW;9xTt8dD}}XUM%iG`}Hfht8d%bML16W8@qBcJ+vVqY#7zUOlR!Qv}x5r zCrt-Yh-g^htMHiR;iU}|h~KJ({C>PFfg`dRKcOS|{q+oPk3hWWc!=(Qz2zIVJCV?Y zDT5P7BVi1>+`wx+2yV%AnazI3i6q4KEQD@T;1XrpQis=r6>&fv{C<+S`vlxxH^Ab% zG1xn*4`|{`o~#Y0dEOF2- zE5GeCm+zM=toS8?B~Ra*7aZA}f~^@Mx)jI)$RE~Yc_RYIS)g+WxjuoZlt%38OEp`P z!LG6sU+g4c9Ixc*9JIf=$;m0{><%&D<_H#|8bA!CJ7yNUOc)vHr@67@=_XH@-h8{} zQwQeMth++jKE7p4)nlQ!7)bC4aUF;%C3rP0EjDRx8d%DlT;KVL5Ce6|?q6Jxw3^() z!qY^)_X=OJeHID<9L(-7*7J(Xu`&U;-PsL$)jr;ds~mA|h-Zx2)n8xji7BV7F&1YB zep0OgpSavP;v?tWz8QU?ZR^gW8I$Vj+8j9jyQ?sz_qL8C&1SewaWg{!{-^gt0gG?E zifSZxxl$WvNe^*UBpLPb^AY5Z-_ddOLlE-SDhiD^gi9YOIc$d)9ddazNrpy>P@Nh; zae9EJjaeh*?=h(OmWcrU3()a(Ppiro3e~nCo4tXnKDT)ucF5x6DMk>&$zOkqIs%^4 z+zHQp!03Ez?Ibe!O?6^=sxGUqW9$!aZSrbDMBwCl_yTkAPDEJq>jVaA@sxioL76g7r_i9Dl;>Ly!UdyxfR`Vnz2O}d6&}DEB2kz0|)9dS_NBA*bWY5vj zQJKSiAaJ$BKK{=iB_>IY1|@niA&(N(wV;#DbJMlevVJIH%x`;u^JZN(LGBHlf(Z00 zK{T4oE(!=T#Wp+inm|;J;|pzH7%n3tQ~N@2B{8soMVS_UvG`peZqA7FY$uz4EYewD zNSRk6sU>yIN#PU-;r1j1-F=>SGM@KnXl>DT;9ps8>d&k=sJQZ6fumq6gv|+gEHq^& ztO{DOybR_H%j=E=BMn^!OpGEL`2cAcS1+Yh73Zk^0(eKqI1sVGqi(fwz(s4erR-oy z&k81}uyCa9vDNZfBVG)ni~A{-w1Lfm|Gjnq(pYX@6GpPypj)(GR&^Ial{R|1MDXhl zp0t7YSTTLdR)Dye&&6JY0+%+NDXZT&hP+0C`@CVL$WlL6t5^M=MKBGqX@a8inkU(4 zO<~CQ-Of$D*Qz#1yB9pN;<@cAcK|ov%U&(3iRe@}%1#Tt4xi&4-Pi${Hs7D=|MgRO zQdC>vpJ@cD5F&q-TFEf2A|oO#N!SaoY2o>8RhDvPVh)&G`QzVfosP3Zyr=c1_!9o$ z5Uec@zPN*>YEG3TDP-<=GIfTqk07;hOpunT8X8x%o}2`gkM{UoE5bT|;ZdfokW|?eg-nPR*K@ zN9gEK3okU8fJiwB=WoqW4%d|}8USs`5V%9HOEkq7>a>a%TaCPYPi-%Hq@2$RnF-Rzc*E%2Y7 zeLLkV7pM9Nii1gGEh2fVHc27&<{U;=E~f>G-&{_U z7va~Dj|cNk$H&J@(?j=@_tYAvx<2LDIEn*XLpYIP;@b!r1Ii5er)B%`o#>SUc_hAu ztdax(#;MD77O7B$DZ%8iPt1%v+c&OeX^=*bcOdXw@Abz68c4`uHK01{(cQxUb(*8VZK{RF#8!0-fCldwFM3kAUK(LeaK!H z!vHzZnsoejOe|AA4YrtIRS6(`ak(Dx+1Il_g(Q=h<&pnKoAr=hbT5l9;Y+IlKrjrZ z;OLyad#jYbeTx(>FR#S`6g_@^>bw}>=Z7vIVM384K~m+FIDzzySl|$nGt{CXU8!JT zz*^kaU~%1SdHKG1LK+x=TtGl-hEosorGje3)%Cwum)>mAGd3`Iy1@uiU)+x|?z2_- zPuqW=Y8?zy)~wrLa$TUBZ&mcX8cBe}(b8bia%622%W2R=1u>J(M*)i0ga4r7r{A&X z(GW)&zLQ#`K{ds7kxFXOd%S!N(ZY#1TJWOgi2v5?`-Bm+>-10`^aKHAMZWJsL6$`o znPAan!s4c6UVo8RzWqrer)bpmiyaDH_p~6Nl3lJJaP$Kf5Q{8!5^t^5|F-*j@#3y0 zp+>q#HR$e<-)XhY=kd;4I6MCJNdU|xY4nqLWU5a@+t!=eb>c~IVR>|L0yB^ua{Egb z;@eq0H;$O_jauqxu&?4>ki`A~jsQut=*-SEy2_Ps#z#5^Rn40ak@9CbB;Ul$cY@PD z%%l8^i-AeqP%MXe$9a85?V5D`DusPE48#CkrH-U(iKO{RmzqCJYvt>g&f(~V(ZJGm7E4JiMYb67W_rGc!syGM6Z8zen%PIyZkcd z|CQ1?P?!~E6=~*!1T)&BuyDl!TghGPMV{NGc;jvG{`Z&TIabUQ*MtK>cV!?nLd*l` zY-QG7lIB@rSYCZjmVvS9kzC)%{V~a7#foSDMIQrpaCFNc`@7FbikOj$)JbrSCAj9- z#J_shqEY`?L~}{E{8%$~v{9_;eBB=+Phg!%Xc&>8B^WOr^S^EFykF_) z%vx%V+7!4e_k_dmEiI;S+Is6?+5xqiA} z%Yn&3%geC>V>!v}?mE00D$pyaw*vY`J)yi zV@G!QfFDRLG0>X5@m)$XRD}!;2>qC@)Hk~{XD5rziEf5dQ@K1NfhoIw?K=O8KuTN< zdSKsP9R&m|fCw;4tIEr54FV1$ae>JIZ2VW!v*60D`~*?#UUcap5Vs#ytjC;|L7iK* z>#@h$tC4w~3HzhW;<5v*&rg-=vw+eDcbDdfwlqL-CiaE!!6#P&$k?39pa5Hi@$QR9 zBLA(8rUEYB|8zwODzii5b?c)oH}LL{c!_T}i`@1eoYMn-kV355xk%|1f>oom?nnM~ z&qQX!;&_=@iVtHdYiw zYiWJ;W*d?Eb%8g_%ics|!z>B`&x z;(U8{*Er}l=y?clkXL$Bl%+>4^|jMSj26l-CwWoZcKFBuHLjjvm0S|$Nq@%h`YG4# zkVyASqDvTcQNF9X*<0HFb$G{fyN+>(5QVCod93nkBTJTAv=i3LDOG<+-4jS+IoL6t>Z*4M?F|!)C&p#M+zWH zoGM-=J%4K(53)wGhMQX-vzfjh*^tYQ$k6GUC3Ry^(SOP>cX6~>R6h*KlOm{eI`633 z7|iWpA93b*dxy*$Y?$EL5#f?fsYrM_PRK9kajugr(v3m+T!)AUCZ4H`vYA$a~W1*_NvKN!?9y~5w=`8faFPckrV zINT>D#h~?(NyxX;;}`bPzwd?Z{^OHLIs@uYo}seMCQ4jCb!oo2St&vWdiiY7#-U{< zqnKMbA%Fr=yvG=^Y+oeZGL;jNnQX>NM+>2qPwow)-_aK4cy}t!+jR7nm<{@iNwbi0 zls43LBcgZU3pYTVo{TugFr$0HLnyZla zyO~h8=bdpqbF+4M|0lA5hX1@kI2oe_VwPjF>tsyH2V8=FcRs93BC;WooOqq<^ZiW% zr0aXLc^t##mLpsuGmySM5|XspB3~-Dbc(MgRqJ%eN>*H1CUax{iM~`NbJMD00P0^q zF{uJVBauGJdYY{t@1fA6@+B8r`OPU1nO0c^qli#Zq+hoxD+`|MVOBytNKYUUnG{V+WemsuEt!x%qsTy+rr>sykrz)qjenghIwd<@>&-xOrdWVOQU|KUMQ6!KQ{dI>9;AZ zW-VJPt>RiKfmtGx{nTYDj7f?JlXK>Z?9~FV%s&?5P!tK&E~cpj(Tzlq3@uMTEoYs0 zLExThNukH9#Esi}#h%?b1BIWERNL4S=Ju~>7leSO+FjxsHx)E14&dv~PsqYp;KvH8 zmqGZ!d7$*8y#bfgH!|Eu%}nPzW6RYCZFn&2s)jkeEHO9ch4%06Uss@eoM}IMCL>iL zx6T30fBgrP!UNI7%wjR^9T4`VM=jO*PK`YRFuCXxgbbqk;Ci7PVXu0$aBO66?Elzz z_A6&KXDLZr*^Gs*4Ay8k5+=9Tj>n;W&`^Q%PC~Mu)UvT5hAiR(jI(91D1Ux2)to0Mt+Js9DXSJ zNvi4Ve`_Xled>*HGadI+U{A-;W1@H|*8P)D(;lH=YY>Ry~3q;G6BG^68C6D0z$#LU?|=kw}p zYmz*t^%OYLiobO!?q3YfSLA z?@kDlH{GHu#M+8XFE!O~cV$YwMKwDihM8Ha%(0{BX7f@`?h;XCe+*0r_Aso`K4@|L zQW0BM7R!n(&gF_i!$m^}W*jkJ6yQp!i}SGK-O=y7b3l?`1yA;w%U8=2(i<5XQX~v? zoM6gB+wow33}$(hH5d!=4Cm1>|8!M($3E6U;y-BHTKreb0VVhRb+(5)c!B#@1qbX6 zjs|J z=TkOA90P4-he~lqYE;QVU~Io007k1$%SGD*_SMuoktO1^M||h%3!^Q)^i0!f^UIGs zn=+l+q{D@ zvSeHbvTBmk@Ytt@dg{_k7yWK;ki9ut6Rg^_CQvf0KB@nUi!e;V)M-Y+j6tdTh)`Is zL9ZhL%C__q7kkoht>Yi3r|Zs{2Crmat)fO!n|-7gOLQlQTv$79YeCNp*q!ir=51p3 zrJ|~VQ)&!7AHmM%{QpYbg)5gfE*KwRqV0gW752{BviVdb%=H zhf@Kjj`b!texMrBK(olMpW}Q*A7V;N(-<9Vo7EW<{Eb$Af|aw+GCCC|{ETVtK1Q8(kZ}jg{MIE6-{jf=NG8OGq)A zo=?7rwjJ7xnpbluYMR`(PgNu3iLHT8mzK*r9QXnC+(}K28pQQT)HS$T-PSIChT+e;Ub88TvO)VYPqPI z9W}98aN&-OiNYdZ(!LBnt;^HPbRd!`aP@yYomEs+Zx_ag9(w4MZjerC7?2oB7`hv2 z>F(|>kq|+K6r@{98l*u&B&87;ns2@f|8vO=YyH-H-m}lM_kNxf1_EFxAr>HQDLFEB z<{t~V^E*67ga}d0?~h-cEoLJ`VU^^?{=|&hBmHx+NwxFU(D|RY_k9>sa%Zz(b;H|% za9Z`d+tTbH=`Y(O7<%1B&i(=#MO`Xr*j)QuZL~xe9A~cK_Ntg4f&7(S`GKr+f}D;u z@u)?DV#n>1uf~Qze1z=j$k?ECi(0}%yWdNq{K-r7Mlu;HE!$hC@m7}`w^yg3NVHbz zZ`!azY9So#T{2+2`+k>>s>H6KzYA?Jg!+E!WTUq_|F(+(ob=-)Wv%jcZ+m6c3g&n6 zp?UAFj-NtR{vD<$G8^#8Hdt+SW3vjHtx(hs-(Q#m@UycxRA@n1jYy8Von8@1#?mmH zcJU5VleKVLhLK-ce2ecoNv{ZKDQhWy4x;c5`tXl_eyvoajbk}!cW_PG<^#Nu-5OVr=`}b!9U0{ zRVzua(1Fk{+4APoY0WMdn3r~)BmV$|B2J@eTd>Bf(=T}E?P6hB{TKu1`i@ihAYggt zb9-?lJGf3C^Fwdr@@)nF-{tc@WidLJ(sIlvi10BXtu~><-%t7^X;mkeOAJX{f^Z}P{p!T zV7kL4N?NpJpglL1_$*K{dyx!CtueBB`_(w-mgi*-CO^UZ=Prq_iAK3rE({&M29PM( znkJ?A#OlOY218ip%%#zKOD^o1@v{uInQ=$Ym3YrWvl$^0VI>$9P@G8uexH=7#SotS z+x)wU$y(y?SfFzNaH%#p{}*xlN=6G*tIe*HWY zKW#gJd2G6)6Vn)9@|qJ*iuMxaFind^sg!jI`SUO=7-+`vkt@Gqwu9pmW*{jgQ341r z@-gwp*6bW*(~oH$L_)3#?CCwFj$w1e{G1V3rEf@aYQ7BrPD^vCbu|sT{Ug=|zn(Y_ zSe!}{f||ItbXZWY)OPfARXL-{fa{f=a^-m4SvlTcEpfecLzWSM z5`*%QK#;@+@}s}b;0Cg+t9Qq22dsB;C%895L!FBRAeVFDx_sk5gO zGdZz&xZO+aIOKMh^jXXeOPHvD+BQsFSO)${es*LLlw8i}%j&+}SbJ|5J3+ISbTaYF ztV}A!6Xe=pVp#YP-VG@dM;Joj@bKxt!zP>Ip(GJTeuF5o?Rmu#!5KGgmP*#xv(%W*#$bpd1 zWfZ>U?Gi)7VsYO!=uFGu#xwBwTjAJJC}n67^A0vNz9oMp zW+?=@A)MT^<@Ya17$itha^+Vlh_Z8FyAI)&jw+2KzsWml>ki}d0A*yErue zG~g=a=??@PWSXIb>O@0zLg~)`49<^fNQ*WNvl0Ad(Tqbj$m4uE%U#YEDwk}UY#(i< zeHz5~UL+F|Gt#qOdbN?}X7P^&Hqd#s*;zdKce$yVv8kZfEKLXbmTgC6>nob%-nZ0@ zjC{IkFR4kOI-^@*UME|YJ`yi9hGz$NqH1ooEJZFOXotFKWA{(45%WoFSIiW`Sw_wa zt82oG+2*A(GQA_?Q;EPx)cDY9FyXulHBk~{UQ>;3R@Kk7Rm8v9x!Un>v2a{+{{hhX zF*(N`Z$<*PY;?(oUR`_XJt*ASXV$9_ch1QF{Rv>IeT8#IOHVM5yF(!eRQN+a=N zV=4jR_G1+`+fk@WQzCKn%J`EH-`) z`_z|ZOQ9Hwo-yd~Bg4j@r4zmMAB&E^z~o4V-O&Ptcl%pK#=$OI_kP=*z-20wF_}`X zyD`q9HMh5dI^@FR1UmSn71RdbZS3OsxUmO~T?CF7m+{0lUY$ZvV?RG`+&*rY3B|HO zyqjs6QWHQCIc(9gT3T^=rL?m1Vm_iYE6pM2PYErqr?s`U8Nt$d@?YHq*gx_Ku+f(b z;;9%a!sLHjO#>AmYz*--XJIu05Oyq5GIr8ZN~`f;B&8=D>q#NBM82(~1J6Gz+KXP3 z%X79!0N5x&-;$4-HtQ5SGdIg91RN;(wbnFgy$UNsd6#IM5+kwyAR`5Fb$H)qm{F%D zO?nt*GxfB8sB=x*Y>(8(UfHL9H}H>zbk9?t83nP8eunLlg<6S|kjf^?sooBFm$4q54#AiM5sw>u3o_8C!*?0QeY8oK5^9JG6?l_M=9#{;afXuB1qo@~>vzA^kSSy~?Bve0SWLh@akZn1=dlY|Y>8WB3eF zqd?p1@-1-1tU#F>5{%sx9SKSFz9v&xLy zddo~4wK{pd7y82Q;(qdeYW8;3E?Dx*vmdYKJmJ%4nPNbAJdjBy)H)GOZC(Jk%sSi& zTZK=Lj&jdV7BzG~reN%kNXT!a{(8G1)H|XgrCK^g)Gc>vnb1%$s^E~Qw}}z-`s8{a zHq>q#B5Go4D&KG|qqsw~5X#_5ECcPA^7-#QBA*zmtz0Zv2(m;4$f1V#X<1~Cb$1?DWyx+M!ae4@Zu$dR@0LVv(nPh+mG`Td#% zu}WV#;>V!Ssb;#9*X#&-n}X4xXWbp`zE8Jyw2zy^&*Qt*k+(%(cRBb^D-gjyD^Z@e z7Gfl<5J~wSE;X-}vfB=fmj@Y&>7sq8rrGdC579i*Jk;|gZ>6PbN~Q7wVt)w=?sWO` z&mzjdKMH1f5}{q9~AOsJ^1!x(bGeW zbez=E3VZmM&W@iHW3tF%-NEi2?tZ@@Hd}zK|Mo{_41|YIcn7-MKKo2Hdpk1@(IElZ z1Wx&XmtDaS`$oTcFP&K#kQ-K=b(5+bSDh9+_Vmi#%iqnz92Uf=zb|CtI;*$T`W5!K;~xh4tYb*_hyA4H1jd)$>QJB#0Xc^w?7rKsG<+irJJq)P3>p8wJUiD6YW1x>kfzhPWZg8^9Y1 zXJL-_%BJH++EY(a23S-6I=@x~-hI^RD;@||H(vknUr(Uc0rFim7w>IccQQuZ{t7?&lW z@?y$<#8`16!k=0m$0UGq7zybV9&>#1<9>!x7meVm@+bVw{Ky|_q~du0)7PgJJam`> z`NsQE$UyCxAu!j7q=9Fq#5@CGI6l3~yNEJm?N47b>E$9pR;$enTko~w78<;$`}M^b zEvRE?2z0{jd81dGUj%tVXRjouI)n|3wcS(`-36(;Z?5;~qznw|?ezrug66-N55f|Z z*<4^gq!pnUv^;~o;Lt`^^*!kiqPz}uN}=V47|_qJ+Zz7c;jY3WuuRml#A;Ki>+~(E zJo4&x;B)1WIdH_{y*YnOS>KEADAA~Wpgt@R-7xmT12o*Lt7`wAn;$b+ZT&O6@hp3` z4sCYf&|8F>bifD+&?@zkEXK^=H_7-PrIha`*pbO;8GI+uM3>d3v|3pm%AfG&EIqDN zy&ne|3!d1v1V0Z>jHQ?bUoNv+e>M;y)61!?jg8Brr?+8Huwijb`VyV{otF;@nZj~R zMur8WeopNp?7si$&oZPf=F1sqAQaYZImR6^RsIJ9 zlYDSLbGGtV@;%wQsCKh`u|u|TzRkJ|IUmF zZBtZVPpT|Qf*-eZUme&&OO#69y)PGbFapln5kXP7L>tvRnnA?G>8dU-UtST-zTv`6 zIQV8`&aV(QV%bf0H8HT6oUWjbzO;cDkK z&wYvN&IhZ+!Gz){2BCOsRag22K{Th_xMBCDY7vvwBJ~<~?- z1pN?lW*N}vF7ET#*R-lLd@`NYXL%lR_S#q20aTM*Nfe-EQs>@nfDIi)fh9Iv!-f7I3xd4r#vw{8 zwT&x;gNd;jmXc+hSTv7X_`YZ&dzFDD zMl&7EdOV1{G89=Q_7J5=h;{t8KBW<_KyRLxiZ$$4T2nN-Irvg*ujU!Y`r1TC3NSnh zJi9Y-3oZ-Z2N#jyVbU8FrMu-aVgTT?>j3Bb9P@9>D*UFZZ8J>l2tXw^paKM-q_CX1!762sHK@&99iG(tBa zHTaba``wRC$xuRiTR{4_ccs$f`{Vf7HcE5;5ByYC)lK6p3Js7uSz=830dk!zV8%(h zt1Jj1gm0XllFX5x+`H_HgD`_TyMjn*RIR1T&yrccG3~6FG7H>XDvfie4q9@ivig4iAUu?7u@6Q4{+UHAvs!)`r6f215lHZ9B^ZFERQkn*(vcbv z3kJw;AM`a;YZA{GUxWEwR24C7vG}fo1t-zs;`j48*qas04%>stzpJw%E5`1m*^P$QE})Cd`dw*G{be=l>P8Y$j) zrWQBvUt8m7r$g3MY0GqZt-9`f60M7unTCo*=AHx~LGjRpSkCqM3VbdC(#)}W68Tk% zh0%;$+Lsi5(2S}`ej8gVP*y!oAsVK2#gN=3Hw*fC*u6L5N~$*|aeU0kbK0cY3zmN@ z7J%6Hs>Lq9C=Fm|uO5w5)F258Htw^G*&1=a={u#H@`euU1$j}PXKn{z_W_corl1-iR~gG1oLib6x|=EO=t z4uXB!%9!%JUE#6OAWRCuRW?~vXoayGi7W$JDqAdh1U|i?Don}RiCg5wM<6FVqm0fx z8$$mB=<-L?tGtCMM#gm|T7^g)6+i_N4}br{BR)Ajxv%w_EFR@ezJENw*bP#+=wn4v zO9X%vfFvV;*c3h_@vNEr8_tb~qoSvgqKq%9EGA0F%F{0g1W%uKy4+;3Y+?xL6SmHmOiWyiZC0B#;yeZ*kjBsgpD}P= z#zVx{2n7;Zna$(F4%fhYD(Qy<{0`x(2hMa2w1%c|%kdyi?WDL%RUi^5ZDbe_DW#}D z=a?wK2e#Ikqfef%U8!E|OZj0CZ|u+%<($};VygWbHIm7cf9V^s4>j~FY;AByVYMk5 z_Y0=|-SqQ=i*&4TN1;u_g5h3jYG|Uen7f#{AY6xDE=h?_i--<0>T3G|3#{q;xQk0y zD?-KaMw38IR>EZC6pq1UShKj?I#32H-RgJqYwYlEeq2sT;qV(}NeV8HjjAt_>2m5U z`Nv|z(q_+WQhE3NQG6K3ON(FnVw6FCqk>Nm6D)&69=#opOTHFkYEcIsgpI4x^R0Yu zRHpBqzCNl-vocay5)bde44_ygw&Bc{T?Xj}dzFgY%$I^Nt5;v{WY+J-jh}Y%uB?n* z=B@jMOeDlLS9;nw`zsrY7=xEz)?|Z~pF9`7akwQB7AXN3NWV)#id1^5#z&@S^NsvY zLn`FyB7!Oo4zx!MFM~-eKZcGFql{qG78fswrMbN-bm10>{o2zJaQX;04Y_Tv)GH;2 zW~D9xinj^XnTyI~P_=OB7n0;P<1B#60;vN&NDkDJm4vdWd_$BAwa31W8Dm^(<}0*s z8)*Nr(1k(r^_4(c&(8vITeWnik-Vjfx4W;w*0wfK+S%dp%W*e!giFu}333A`Ag2td za2@t+9`$Ww*ym(cDmB66O+5gef!GZI@}ON4STmXTvbCi?aj_l65E2maNl6@i<)6K< zwoE{C;@w751gor!ntpK&np3kOvLmqC$6pt6+3$W>tJt{Nq{3hKGuM~vdA=CqIqC7R z$c1;TB~%^nM8KrMWEAg2?K3V zV_*8!jmb?j9RH(8JJLox7hr(_>d2Y zuVe~G80Z%Nu@GkWP<%klYmKt2>?>J*%vCpNTXEkmWWrI1t0`sV9C63ZmLB?>$rAFW z@T78-Cj*x?DJQ*!{)+f7g}IC|dmA1}tDab3dy z#%&)@WO1?T%3!0TmR9h0fp=)S7zLKZ0XmOtE-oE|MbCy$3Fdu>NR=W zeTw+j1y0`99tOVIT~^ajy07As%Q$wq-yX>*D5zn<6dtD+6}fcQMw5QnvXc&e*dH6E zbgY5@a`F(qeAG+nUU8b7nmiS+U}Z%gOosUD z`E&8vv+Yxy;B>dG`0pWEIDQu&Yld-r_7sL7MgncMp;>R7<`L_xh-l9~aSQ?zd`*Q~ z1Lp9Y_R1Bg;~$u5lTW?7xo^MCkv{#i10pSWdl{Rx6+|o@$4@vP>75B)w%{>SMNvUh!=Q=v|ek3)GDF*uhVsT zKIFlDtaAT&~0LwxlEE`Dw4{**m~v&1-G2Ypf5=LK~`E*kz?YHM5>cx8H8+Ate*O zGKuH~cr3)5_eeXn^!qo_M3*?%0N=yGM_sF@aH$*UDrG;&KGSUyT_X(K8CuYeH)&$h z)!Nq9OhVPDpuyhwkHwEp(U^XV`33l?nZ(`2ERVFv+OP6T90Dlx@%B`zWjpuA&I~avt_6pkjd22Hjv{_c`I0EhHENwcz|?w z)-3pL5(6&%u-T8;aqB)@ffnRi4rp@RHXZgQ_{grooh;3RTTVOwHd|UP`x6E74(+21 z;9y$k=34YFfChT!e#&eX{#D0EiA!)J1P|ang5>BFJ6sN%>HCfIN_?96tFA_Q`%6wc z3XUft)T}OlN?iT8-1x^rO*aKqEIf6;IZ-rid`QP_-QtY0M7H;@-PGdYe86cJeCw9P zsCh`Y+0t@C`-Sn@jJndBqVn zt=DvC$Cw2^ZI5V!U!$&vJU=D`z;%pCF}V}EvF(2n@sX{$zivT|qZB|!mZ4jxBvN=E z{VSb7`AK-+G{ds)-TSx68I`1fN>wG-A7ArrL{tj%xwF^N!?;nHau0;^A!flqsn0%U zo&^QFMGIP}pt#7Ob@keN=lpj6 zyKTgxx^6*IMf?&LsM7_Z4AWPc9aqG9)-E0q0M~hOW-WS%P-&@&nsBLz{@6Mv5`@+K z0m(pQ!+q9qBT$8%5{0Psh9d?%*inH_M{no7A1!)TU*N?w*W^vS?P}|8Ke_wm)P*O% zaq4<)r0U%0a=52apNv^wtcfO!Ew4~&4YhppDvU~kz{v4F7?eiW+PGqn)r0i_^{4(FEl5D!v`j>Td@>_F6F2Gr?R2(o&rIu($ve5eOslID@ zy=PH3>qT_L9~@h(ErW>AIaA$#EX4NwYM7N)a8LpMieFfEK$t&tCMK@D7f-t%M_Ssu z5AjU2^)kbU!+j=`98o6yPCIvRE~S=6YjvwCG>T~PVuH#4l-E>~?3n;Qz5ESW+UFAj zqB;U)mp}*M!pI(IGVpSFI@5>Exk=nDXXjNf$HenKPRol)c&*5{^_auML;UV5t=VQL zoC{<j}z zuF0YGv1T!3)pS2R{H1-m!mq1y{mK(TC3Sc6`}x}JvC6Y^vGsxvkJF3Gubs(@-(W5h za}gOV_v3N%e&gYxrRc<4+)~w?KBCtgo7@stkw5+eflcU1=_W)lRPp}Jk2ZGe_))3- zRp4)`X)MOqui*)iGC;}+!l_B3bE!lhepLF}Va-4_dYr0k>6^2)z86cokkV2N1Aju{ z_HBmmrMjrZxqahmMnty-hh&EnZ8elhA-H`Qm>^8bJY~q+G6GC{H>t>a!4@1+=ozx-Ud+{hemVV{5i}JGxa;@xZ=s7#LZtqr?Fpu6k-dpm zZ$ItXAViI3+eWd~Q#|@&SUwC!EB$bBu|5QU_xR8Te|k*m77`URtBW9$S*qu|Ew&#q zAMrbt|6Ij#A0uD9)=e}`;2Bm8t6+->{ra++sr&Z#;9De>*mOF%;AS^0H3A%x#nF|V zS8|-z!hII|g)~J~bcU7}?2*O8_#+LC?q&u@o{5PlTA|g#Rjz?&Njx+`PX%TncTe}H z(B_rnYp6{%-!cJl3-Jx8b5V#4iZY-BB|!~Zbj;__l`bT(M3;4cMTGg9OpTuh5Gr)` z!Ak#2J~EP68L2FCWEBic>Si;kX}#msaOA&d(#t|;oY(3Wnx#o{JyAg zqvQ4XDo^O#cdtdl?l*LKxy>N>;b~8ZW(XP|FIBt0$5Ji6K|M8`YWS3FVqu6JteCU zifVYSFJpc=J2eSIrXDhg>BEbyLJi?8MQeWGxxI`G= z9AI#%qZYR>yvK+^MAt2TlsEo(Z%3C6dXDq>)c0gc+{VrxaOw<&W|7o!erZ@U^;%nR zL)rwHC&dYKd7N2728RT_IDZ^o6nrT^ycQAZU%vH&3Jp;bxVwO8nQ4)-nxHlvwTE{l zwNzH)wv84t;1d&LiMuUrhUH_I+FH}Vhhx_l?Y|x#K3H(d`cU(}))vd_L5=l2<+Q4S z)-r+KO4K|741s=jB{tEU8Lw#sc_Jzd5iH%qNMJ zjZE+PsS7M#bK&vTT*RFr&6nY@DVV?r-kru{P%qJ>pm$sWSBU`@U;(Ncc_*US-6j1V1L2Nd{ay^++$Zue>i>6E`ND zv2FY^q}T!gqS~I|cXB+s-TjzP1fdPFX#2CEp9tB zH~l`6(4n&_@aRNA4}FW0N#Q8ZMoM(GSFm{y({+Y;*D=NVNDkS2=OuEO>*4M%vZ5xT zFeZCLLEq3&DegDmWr|07j@k@3y9*XQZZ3qXU{VX1!zkNZwvmp=y6#zfT3?;aX*eV<%fA%Q!UoGrsF>mRhxTt)tkVk=v-v~|#kiO12q;2#TbQ~VN42Cp?GNFWE`=k$F^ zU6l$vCTa;uuK4knxwCyf37?TwS8Qyf*L*Fk_7E?oP^P*jcZ3qQ948BeY$(NQuuy$3ZZe`dfa3q%IC6~ON%XHj>IMV@o93i+O<{%{Mapnle_hR zkmhBHfV-b0kuQ7}qYlF~c6J@uxU!Z}Os&ZJh zkLep05NaBo|4I(aDc(BYwBQ1z)RDLl0Xg5QmrYeFa!&9+7BI^h+(^sJt#noijb!Ue zaGb_gv=B&!Ug@+GPQ%cL5vv(-W!tolaOi5RqY1e>xj&tUek$SHiij*uw!w9~mMW~L z>PJ{FB-)ByJ=IIz^qqRI!q-DuobwT8{EZ7d8&`(-6#wCGTpjRV zqgDkl4Sfa1C$rcEj7~@=nYd%>T4EmwVUZ_hHL{QgT7Y z1Tl0kkY9tN2lWwp-y<)1d5N@WOe%jpJLaDbAOrDbVeir?W%j0ay2VAr-v|+2Io=`L zC^hp5F*?2}wha1Mj9fN-)liTA4+gmq6DrC?{0O?wW{&eZM(HKumk86mq*{T1J!Rkh zyMFKC-Uy%dy4An)clRX-#i513#joi^~l@?|8gOp zn|$}U=}#8!OZf3<(io9h*-VEXn4A&zxibGD!a=SRKU*|%Gg>y#m?-C~>+*`q)ZhB7 zngW;$%of_8`Zq%Hq&1lQj)q}8dISUaqZ~5>{W1ohNi-ZNtG04-SKqVV+#LM0f1vUF zixu_B^=Vr}>TdV7bt~;%36-(Pk&k%GVbN(3NMECE`SiL&zJ?k0?-@D1{6Xj=9J9YA;H#F{{Bs>K9kJbr_#wV_7^m6(QyTe!~X5 z=Vq`D&2f;cv@%K2N{|w>EY>?dSs*UwQukf&_WgDn`L*6kZ@T7r>}PdiEzCNM8*skP zB07oVyMb5IDs5U*h=J6o=O!l?(!-1##sTubTZ0Ky#xc`W@}+wx?;xkJ)xkz?CDnI) zUtg6pC7S%0tDL0sI!9$7^rf)k_PBJ*q#c?1Hp8hXN6PSY8hqKp5u2w5{7H^|6j4ui zkjN)Z^0sl!RQg^cj_HkN9l=*$_x@+y~de(vBj0|tTwhwd#p)+AdyKg0gG?R%Mz zqn@|_DM-u%b)`A@-o}s{D%LkS=uMQY)(Ic`H@O_DFda3|!5^oOb6B4<|FH;IEm=!ZDnn!!|7PUPe@o?-K&_6~KD!^9&O~>2x$Sc!W%- zGhM6@9lfjTdVKn?UfPQ!dd78>&7`P^C=duZnu1;;;NkN8_i#X}x@AJ-*T)Ab+N2oF(^#ug%)% z#=``D$j#!josId+c@jj1N;4u~_CsOQA+*C#$ZOEq@o=`|sw{;NY!)*IT2G zw-YJP8!Z9T0$-K|UHR)DR{P+77%g-Bcq$2_HQIJb-vayXo)wzenmX1@!* zakY-Y8@RduahLaNqIkBYCuNLLMx!;LD zip_oSbw0pa?zpu}E!<4X|Ki-|IpJzBVx8biWkEU2u^;D0>&vx$&=4b=<&Rg;GkSaU z1-f(e_)wPZ+@k7V*x|3QOI~ldgw4FRAuv(S+tM7M*Eq`o**cZ`}wm0lSnNC3xq-m?CfdqqMVS)4*R++zQ}R@`^51F`RG zIxDYeXG%=Zr9nZ;^Y6l&^uvqha46GD z!%q(EFpXBF%`WV?I#SEvtTmlE{R0jJA{5rd_&gn5Wo0~?E2 zERTqVc=RLJI8$lgw8FR6OZBaHHs{8IL2TOiX{{25NRj4893WgIc~+4aI-cvu@5ldT zlCPVQxeNg&?s~yYL;LD}4cXOEKFPVkm$T1TM@J9qgI)9f(D`QPg7Qk?0_f`89@!rJ z1o1^0;)?jAwm^b~gQH_BtV*b+0N!(6=(7>fYirXtWGLKjM~f0*W$xV1l0OI}#J46y zC9p-g@Qh#W$W=Y3AFV6KkrQ z_?BD2dOoSC7fL&`R$H92vvUrK_@lxv*wWM*sF`hwIjYw>zZc+yr_(eJihLTpq4!%= zv=!|JQ|pyBQUqX66H+)R^g||gqMf?d)_suldv&RvCkyV?S@v>siKVh{bNI6vv>{&TbUs7*cT#o} zeKFz>YyoEq8Rv1cD@7U0%Znj)z$E&6+)!>5SFZkm2SieBh}RFZ%kj{EwmHJ5z_!V- zhC>?~<_B8F*N_Uh$>@0=wkwkSbN{Qc;AspYB;c4-hzH}}Kh;ZL#;6B^Xlp*@BBDwt z9as&C2 zwfBjM-1N0soJ}H}S>4)0VH`|M4&h)o08x|El&qTJ2?q|uK1I$lf@vo!oE>vt>*$XY z&p#IK3dqXynf&Y-HY|A*2HCbp_L=rcI;quCg>+rpllHiGAzp#tP7qltc0XFFEbl=h zS2S-o2k`@@j7)gEuRQQHLoh~$FrYp*x=Ur8D<`s$hH^*t3`D>r5CPP1^-mj4eLW&p z6GRkEZdJ`}g)1<>pg*Rj?W{Y2kd>rYt5^K@;m0sU53Sj-$!@P;9)`&1>S$dOR3i$P z@I5PbK7=(a2u5?T%r(*frk5n(^FPH9MopLDMpi>eev?;SDOEY!xi19_%8Q=1hf$iJ zu>Y~hIqm+75pp^8UC^$;15{O?GP1%DjK|lSRIH3AH;t(?6%P82;l5S)H$T?mD<^iQ z@l9lUZ`KbaLBsx$SE-kLkD@sn2RWCPWHFlAa0T@5v$y-XtBnPgr4-&!euC~ya=G5lrl5C&OCkZq~j{O_uWPJ9m zS-ngm#(8lj1L~y6ehgBaMk5g>{({w_mX=6O2H5w0YG)VR5LL<`hMkWMRQW@f-)?s2 zpoq)S(#gp$Nq2NN9AC}uEs88oNk7Nub@Z34UZwQ-|AcoP#<=(ZxlzeF?SUD)gUn&% zxC$lz?FpE~Koa{0==6noo!{J+I>_f(s$#~2*WF#8wm%^se}ON5A>w=G$(Oe!&gW!_ zYGCooy6eq?Ff3B;)%Kxs`Y?&1;U)h9HS-ks9K1-W^Pm;^@jEBB`)-uEB~5-RvBi2A z60*eFCr-tG=OXSeUCKIAs4+Y>;(J2tB^sTLN>g;wuTev*wptE`Ij^-jZ-fQ&%Ij%rm^{-XU7IHS@i2GITML4~_u+BW9>~c18)xG+)yL&!+ z_!e zWMa!I<9t{2TmT7TFL9bFH!viBM#}TeeB)T5Vj2!mO1UBT7s07@rm{=|K?=SHnqy5L zB`KgOHvoU!WdS>tI^K#DG-dRE7%S@NVYIjQkEyzRQH+N;FiIy){dh{PJrOO@)u3z|%1)|h9oEkz3{rZAuP%J6bFcvL~uZk|f{Ck9fzi;-ZRy$*5^_s)j z?`iVojiuXlx9Uts_;fZ|-?tbSIt95#C#UDi&DOOAHKOLm&~%Dt$aSG=qFwB$HsmpZr_k?|Hu&ji>tbE}wA;tK`%CuWsIC_j@ylzkt(ixe z4o4**eN7YkB|8Z->~Y#_%@iEH?%X0?7%y?0-s)V&R(i3MEMV5n5hQ$2BnK{b+ zc3JUBTM1W@c0%?ai(&{Uoj|)pm9QWQT$~>o=S$w+eTryo*K+P*1o@0Z)=_8(^|mbq z$=H@dZjU%|&2bPdN!{J5*HbMW$2*S!1rzz?lem3o&Bm+wkvJJ2+;;=KYT|A1hGPG! zt^MrqIo}=|J|pzEOBF5_Z8b^pXLgf6y5MsF`ko8vq)Z1!l)V)FVs*l znF`0!dWJkMLC$o_m``tnUryi?3E2Em1zO|J1z$uw|M`E(B3t~|VJ>ZD?cou>&g|&J z@I>menVF}V^qzUm)jt+tkm7go;m(4PDll}vU!|G}F`B9vKFUy%y?M%tb#@Xgid2Q97hd__uVDI2&hl00Vri)oM zh#X2p;aICzRckKa1zOtGZG2VxDPr(t{OGmq2)f-|8auPEmUY=Nv7SKwBBQDr zt#YHm8F6SOrKlXI%D3f%9M?Fy5X<|ta(PUom|AJ+|KCsh#-K>Lg?cJ*IHM(Q3YKyn z-6+?LJuv};HbGS5->a*Ms}gbJ^`4(jxw1hVOe9YYy?*J(?PEj`6ao#gl zb=m*OY1avvmqnjjNy0CN{nuv)A&!UELn|dCx;eNN|^=ldDT~7h~k%<4JwT?dkKS*~4}W-qven z;g=4YIIyUx$i-0hcS_dhl0l#MRb;go$79*pAcl#W@>m;VGp1_Qk=B6_>(%e{8OoSj zK_DPs1(yeXm4@|8a?Yvea;<}l=)?f0(CuOQk#x)s(v?0{n`wSpx`=@!UdHO~kEuZp z>^44ethO9>2=n1qPpgi{(gDXmiy!lOt9#S1#O zEZ<;j@i8f+B{73}nY409ZSu9*o>DY_DkwWlsvNzYR3#G0$-uS<+0Si*ae#M@ge>{K z?-O%4EiEb2MsHHkooy0uPYQSYz;*ZF+>>zw_;_76ru(4IOQVqe>&M_0+W!mngI9kK z3+xuxe(_!+verayHoGE0or1>BMJ8Ro4~c9gf7pr{mds1ztJt^&d}G(g9uy9^O8eXi zu>|D=)tUthzb2YGP~u31y~DP65ng^mxLqe>s=Tnuzf_bu{B<{dmGLrS5`e$O$>4u>6KaCHOE+Bn}WZ`>p=3{KT&R(Dtk7*rAwUwm#qRl+d zsBwURFid}4;r+BdI{U}>ncGPkuK)(&s*%zEwh&o0)plyH+#DDb#Ysm!)Ad zpMThSBBg4x8C;B3_$8GDuP`e%msO~#91s&Cfg*Dqk_y6g?g5AV6GN%1%qqkc5-+l3yIhi%h)N(K{F!l#qtS@9v##SLn^thjx zTajhfH{r zVAEDiTJ>xeAzRWFw?14@lVh1Dq%bQmg!Dv}r3f?mqIs(+O(wB~_oztn&Lk<=d1v}c zPoqd0e)4zfe>|OKP+MIPh64mGZp8`i?ryT4B?!K@8<6(LJ9p_F+8$)qmRuzyw0rBg|7uk=lR`lWVngt0# zVTZ|koLWAIJ!)T*;wDVnRm#%S@K_kVJaz@6arg%_6UK8s9lf%+skY->xJhzXJSwl4 zEXYgFAVM8krM%49uCq@zRdPJieQOHSR!$qmjhI9CH7M&*8h7yB1|t);`fH*w1q`e( z`m4aZudQ*4chzX&rol&H&6*LBGNX#SO~wR7I}RM}*H)8;0^k}(c{HGDvsfXa84auq z^l+~F8$di%u+dV$pUw5N=gn@|#wph0rVOaqlw9w##eiGrqIJuT|C{<}IK1aelpI1W zG?Vsd-2^`f-g!*lG;MhaQP04lbCbm7=b!nx`Fi)u*U}TzL0XD&H6SNA?#gJ_@s;|eDa!PRHS{UcsKhdwRzubMhbYLs`KDRPH(KMLpZi}~knDG>HA>?! z@fOv)^!sM%jKNaQbI5FS00>p#g;*47loF@y;y};{NR0OGD+9hddk6qK5{`7635p~; zzO0$0g&{&WhNB^T`$PEy+R$&~Y4ho!r#Zu1XT-~ONm>f;&n5p3wQeciq0@afuab5| zU}_M)GP6>BRR1={WN+e`n>ME;z2uRwvt8I~I(pDX*#Zv4FH1(Ol{^OV(?yX=Iiu2F zAmV7)d(jidM`j!B+=B%sM*O&Y+t45+k2Ybm4{GYF$4e2>UM07oW_K8|PvfgGFZVYt z9i~*KaRLJS5cnDewhEMxJgo{k^XSz-V@6}EbA(?t9Q!3(TxRgk+Qh5bURnH%a*A7Y z&W7Xaa9&l?xT7RT<0f%$Cr~EUk;*pK?rL}RAX;Ne z*br5xfc|S<`a)c>WYHwfKE)vqHNiT4jr{Yh^0>L7hr(*temr{@I|De%K^Og%1(@~^ z6ng0pw^(fv@E#YRYlNh3UxRl*B)(bnE|Le2c|XhqK_DE7I{jxZ`+Ks?NOP@}(NDMY zhpyYbNe>%E!b1A*evBnGTZ@*y9oI5)G7tJOnEXghwa#kS2|S0xPLiZb2p5454U|q` zzvn;cvGA)zwt!+qh(p&;chbA>=5$!h@OU%$l9KT$hLocuhg8DSvN*#a!*eOIJ6Rz8 zI#=aL)p(>BRWjo?Zt4MEQ>_dE)d)%Gvi8(VCrnqp$I?j>6W{hhX%&a;5&i}>sbOTp zwu7c<7k*+x3wH<4MuO}xd=h2q*J!KZl)&|k-W3aX6B@efckF>O??UvqsJs3=pc2LKA<+b z(mCLtZtGf@HY{$HxA*rkx#ji1R0sJ0Y*2IV)*)*TI5S)SJ&~?seTbt$CI#2_gRRyV|O@@C{FC@5i>L)%R=s$!IR$7u}@W1$TV+ zOfgE2ae1rpbcDhv?$M_+LYWi;4S=Ju0Xj&EIteYk$F9W{z%|JX|4w1=$Q=q>i|;ed z3UldF^bwChC8&*;to&Gd!_h>_DR4jL-?s-+}NeTeLzce3tuB|;+f{y;pgMAy;7C*?XZkaFUrp6(+KwyJ#Yj07lvFZ1Mz4lYMWff{n0b=f( z+R%?#h?xh0VG-75NAPcAjQuB%7+T`+yTe1RqmUKZeg+elrS459QD$JW|Dp}UO5)On z1W^+sk^ATf)oO+8MmMlH$Q`z}c>HTrK;;!EwDbokE`$+qEW8 za4qAM2uJ(MqUXw#Q{wqbMx9S{DfACRZtOz5Ygem2GcvKt>;N6AKUKt->_XD{ENy0} zB=2S_;ipCV5U8KAa)EHDWLE2%&efU!b=z@E0?66?aTxrp!JLURFxy3zS@nJ=VUEOT z@tZ}YUit>LOj_E_N0`_5boqQE@f&9T->^@z8faUA`ZEB}q>lkWSYTOci7n#^towXQ z8k|oAD)3JNs|dA$S9p1Ah4oQes3Q{}T<3$iwiFEu=hpoSm-D$kF`auW14tyZ`dD`c zpst^MPD7OwqSU!EY_?BZX^7e#UfjV>r8}KupT_FE%i+}~lqv!0u;G>|cli#x3@?GD z{o||Q*1UMpR~Bbt6-+mq9bMPrf@d`aRV1r5;@2U3G%b1lZ-$2y0D7yU0WRKkCo#1p z0LlcH{Jz$CF|+LAFNNSlO99|5eu-kkZKk_azwnqs;rA5(VsBe6bSA>Ky$l6SYFCWo ziJ+MV-{zkE_j1TknhnPV5?fJiM5MPGbE2f{2w!#aW|a2xoFd=^|vetF^UC?lLV z#)uM|<7N1vx|qpf#y(pS2{gUC2!a3hMGZIRr63>3aPz}rZOYkuE8VyOkP?mhV~d}XRdi1RgNAewKZE0jTB zB2nWup7T3d9d^E|jm?t>-)<~|E$Q1tHieBA&{N=O&BAp0SQ2SZ-cG9;NJw`=p4~)c z1oc-VH#DQxS!X-h2^FYtuFi}3_U$^a_4QUrWrAIPCJfa0DGuXTy<9yCXE8Y{jVU4I zHAtWdk^elfOAcaOVW~>i!aM2GL@*fg`qfR#b z4R6!T4tQ}OX-D+jqft_LWuZ5$$-`F5GJt@d8;H@ezkwr;P+W&T9mEaAb`ct zt7xit~a^}?|9eK>e{CL_fZ6`FH1mc)S4FrMV z(SpR@hqLxl{Q$|Ymopd}`t)nSx2gnMW=q_b#&+RTrC!Bd zWGjGcn!I?^(u4~_wfrG*?_OC9gzMJTYdQ`P*b!ThCm=jHIdKj@TbNT7JsHYcwWEq@ zqPM7UZ<8wo#lHl3+`BU1m3M`p!AP!18Gp1 zx=9T!>XKzqJ9?*-V*E(3DosxG@#yY1b9u#TD=9`Uh-c(j<8-LEoqEX?Ubsv6wNgL* zXSxZ|XX-wbB6);p%PLT3SsuHvzi218OLM8Isrgt~to%2lWtTP{t5aU&efyVKE=#$< z)uTl1xPP9DGe(=wNnf2BLN;j}URiv0GSAfNG=fd*b$mV2GBT^A#plUXlV>}JVvHS7 zM{O1#lFw%@qT-VWkr$UzXsAT?qukxsotWdhsP_GqA5K>zCcFOmb{;4FrEBBI_U&`6 z*MZ6y%jf~IoG$LQGMfEe?E7~)!!@%8XN`+TnZOn?=|h!0F&I3{_aoC}AAmx%tbC!8 zdl4*{uLH1z*sO7sZhP0Pxc)}XevU|%X#27)l7?kDG2H!r{#N8Ni}S za>Nf*gndW|uRcFRJmBaRXmnAJyaDk~!8_@CR<6*_1Ulg-1#^qqL?c6ZQLgvBRBI##%lxjRYs`a;4liQ z(5Wf@hP7Kp7H8PH!?vtEG3K#~=dy{q*`C%Y;rTFZG-pDz&_B}Y5NfS2t z=VSGAm}H2DH-SwOXUlbA|NFAF{2@7C5-(HWD+^@;^04m%(o9x4eD4qnFGJ+^KcYoZ zU@Vyl-Z>oE&(Wjfycrs<|DBE6i$}PoG@dPbPrrMR&HnS8P1JepVi3RE;=7xCP}lEe z`xH9MX%<>BqiT9LxklWKP)&vedNDy`jsu5Aa!7La-bT@R5HW7ljuIH3cBiob&ys0S zgZMAbSj-2j-%>~aur$di3XUYfft(D@jT)>+!8N3e46~5_!i!AzpBA&l-wZ)uUwttx zjPpP>6wQ8=bZif0*C!9>fto!!J@&fi>VFnY&hcqWX$0fNna27>e@iw`>%)oTCql)` ziV7-d%?nzOKjSCy=#wRD4-Ye1n=#q2Ef95dhB=iJh8t~+%_KJLK3$r3r+(fD#($3Bs@wual6 zbI?BrozmUpt00Wl>#Uvqfo;4p?T##|V?)=7W7lWX1fM)IvYf8XCMT59+{l76^c;Jw zX5rtb(9o;0)M3`h{DxlS{!P{Q4v*-2Fc<9rg_uX;0Ua~EgL)szOYaKqg*atxtmY8S zx)&Lf1o=wJjf1w$U1N&k&5+`pt@cn*UWRUn{tUJkQ+L{xp|EZob$o}Qn$>g{L9;KO zhex`#(vOQ~?OzUV-gk+W)QV{?F;&wU`tcn4eRly0f6!i8oCj^s4b*(^mX;2)Q4_Iu zow7~Y`5<^uW)}#}XrgF(Pp`*lMoyigrW)_^Ba11}M)}7m(25_Jra?%?Rb2nUMo!Z! zz@cT2JfL}%oU@pZ=0Q*cM=l&=5OHMT4qbGuRC z`@Yzo0j+vI%SPdW@>;9j55C{&G|I9DCPssbOawx*+^tO^D75VJLtBZGYJOoLUMdiXiir!R z`5gQfxOl9HV=!{Aa1*Ebi)p=>Qeyilgq5!7a^X6HR(F$f5g!$(^@pfO zuthKQY_SIz#!9m^Fto#KA~9!p;c=lrF^c*E@iF+KwIbY9Bn0%}z>MO1E!_0CI8LSe zTNU{`{M@-z=Pl9K<5_Bk0ZgX3ty`r<5AGOVvx#(>X*z?NiYfSh2G^G-I9w(OBnC#_ z^YHBm#u_12K|8C6MU7)~ndafSby!f+Vtfsn^I(O7(CQ!*Q*aM&`z2FWRv?Nl3RN3e z^RGsbjY+UYU$VEqMULd+M=0cMv#cs(;M25n$H~@G_Y+ z&p!Pmfa7skYaVLUzNA@rf_t*Yhe zX_36A>S^G6;bs%5PuxbD`dQr!B)-Y6@~59zN*m9t(OuJ}*8SB|#=y!TsyKOr{RmtO zNbj4-^g>O4cxO3QJlU_3x?Dh73iCXeKpoiaEr<|Gk*`$|)SULN7(4&3E@B|IG?)pj zhfIrCpxdXkK~rbg(RGN$=u6gNG&DL!!IgogkWE0?Uis8_zVy(GSF1~H7*3Csphy{xH*#D z8Mr5~piyynOgI(8v~knjB=t% z$iS6L-j$0P5vo~?Vdu?JOTNQrBA@3gNZJPm(3Gv&czpU6y8Lmbn5)6N4DK5v-LqpE z|8dthIo-#Dez|h@EsYJCv2^vgs3N&$ri?gHlSXWO1{|%>hoszEMSA%no=g}97{9BU zt(L948>iovIzs~k_B?fTaX}sBtx8RKy3 zy;%{q;bjF{{EU9Njk{O4E^^T|u!xz~M`=(>p+xXXL`1{9m=^wRXoh526>F@^8psMY z2oY3YfGs+5>@B<5IsG)ZEIu@X7QZRiq!ST``n$}8zlsWkzwL@#F~t0PHj6Cq|EGuKsc9tDF4hog}sVU)Ao7vS{R65b*yLcQeyu{ORW`9O&Cvh}IMrLZq z(YJ2OWj3d3meoZ_>!n;@jO`nlfLVWHgDZ@vr9x?)zA7hwbt`-`hdu3$B*_vm^@qL^^R+-cyj{MML5;qOPWCBnBlNWgV>*AkL zk~E0Ts3qOoZq4^+#`Vj3IwGt30qt1wzI?$!ZGzNLt~qUNv_xUF5k$ziqaK&CXG0*4 z_QdcQWBZ4zJnUb5q3$?r3uZ)tdAkuPfnZ6vXZ!AZm>RKb$%&-;3T^5YuPg=E|7R^v zfYB)!y8Ep&@*1eFYl6%)tTN#`x5^2HXD_}3`Qo2XjlM0us8l@m5|IYW!2S{t zqJRg8ihFdTxby42&QI2t{M+5QDQ5f=N;V<@TUSlv;Jvp}lkmo;VZJ1Gi7&BaeB?sk zKR(L-={JmwI{>v-e1;CtAfx=Dsu*O|{K!U)N+sDqfh#3<&wA=yvcr&65qlXZA7e<< zo*Zq;8B<#y`QP+rdZgOVJUk$SEH&pRkD0Ln|xh(Pdty`__3f&(M1L z8W)vwvn~ccm7D%_$!<*cX_K9ES0ZU0>Ra^$OdI@jF*u23!J}At{8G@7m8eWgG2fk> z=cns#%C`4Wmde{Vi^T=8o7uRuagfjT9x+M#G=&+A^vPozBivZdTDi?U$E`J_qhy9+cUY{#I^6nUGypCE}km} zi!}JAU*0aB0Pvd?99tf)PS>uJL~J$RVSiW>{7H0{`caRT78ANbT6C~0U#4lgQ%uF5 zzrXj&0&(U+27X}voKbRJs_I3jcm{7rioTdCe7DV1vJ$CTK%}3aNwSmYiEb+Unx|V{ zmv^hJ^|vIbwd;)(3eMa0I+*tD{%XeUmFIGor%&bB?VWA~t97))!Ta8u{^@0XgZRu&*`)i}I1f(E5P{8a^DLg-adZkDMZtc@2wiHvPX5`_uA z{eYCNH2C+Q_YO^f#NFkqRxcBNFuZ00mh4kvCMMDSdq1Y)U-iOFR$AXcNE!t2IH<+& ztRKT{z9$Pxhz9)oJ-84(rhQy?6++tXc+i1-CW?aF?s&HLr;4|%UBVz%p<`aHB37h+ ztD3#CEa#O)+Pp^>vkl9!pIDa&#^LGIl%9F+P)9>V29Dvr5q5zgGcHIW5Om6z)^|~C z@s4&yW;7f+d=~3iurrsqLyrqr-V~zX&HE0a`~Kv8eAT|KzBv!oj}bf>U$f6Nc<#nI zfC2RihpDp1G$rHp_E_Vyr>9f@RU=3L`0aG?B*`d{_N%*$>S*wC`6B-hp)i5rePf2IR)z-#Ek(xQr z@2ni5SQ-|;K!ZiPy`OlK{7g6J+`ntQvHSC3qeAarDEFGyN$QctOUv%gOq>6~ar^Dw zJ*7lzE4fT1*(-|=?{s1wD4)-NMnk6Q}O%jXES}=@jb|E_fy*;;Bbrt%g#An{97`&ae`HJJazcFTpX;_)tDFVD0pj399n?sgTpV1Oy%%|hKN)Cde+5zCR@$-kJD}nASmCw7VBX3VpN=4ym^F$LU zCHS2Nktzn`6}OedAEkTM;h43ycshZlSL&~QuO27U4{LlXmpZ}dboebXk z{Jf?D_Lr?;`n;WBrzT<62?uraDvqv}{#$BhGwz4^mxjlA{(d(Zy?QEPg!M9HXe2ursX}9obc#9XoRZm6y%l4TjGBEW+3a+k^oG_d$H|l&s?HfW0 z5+w^60NYZb-&zl+c7e-2l|e$Jg9ew&J8vKEXE9nZp4n^nKacGG zscriF^X+z}WNT$gUYx1(8SMV__SOf*mL*D|ERaji4NMo7z%UWYOs%7SB;@Kos*Np= zD&hf8g{qZBb7iiD^YdoT;z@LR{2W(0%luLQb@tAH<14-5UgOuWm`Vz9zl(+U)8-_G(kns;+bQYY zn^KQ>GId;wqZ2Na7^M>U2xRUwdR^fk2}2V8Ik~J9X;Vns0_g>ufkV~R`P6`kGbpY^ zY)8OIQmZ$o3tC2J@ytZgGdt25EF}8TpP{P##Hj0%@8>#2w|STs#}7%SDv_H-)~*3Wc&o4Xt2VJthd@Lz~&jh_*sB=yZRM zo&H&&sEYM488(Jx&r&Rw;5Dp1t3PzK%b2t(K6kvFzFi5PZjg<%h*p!+Sym2<<$bE@ zkdnni+JO-ShJu7|+n2$h#2Ma6&fjdaz70N?f41JfsKAV?1RQtXtC$}L<{o`Ov%~-7ojoWGxN!~BGVnp*Dg$U0( zan$4810)Nb0q7<7*+Dmx`FV)@r`NckKnM4bT)$0b>G7T;!LE^gl(s6ffj}nvZ zam(*-SE8)-7FbeY6d6H17X>Q@capd}4-XIPUK>|aT1C}4vpk9KPZtt3Vg%lH+fP_3 zXt=~;iERFv(!_UDB5AYTQpt5X{T)8NH5~EA$XOiKjfMZO5i>i*Oq8VVnle{KI~%XiS_*kHlTj2?09Ghl z>`{Q>rN|_0YP#yu9ps-Toy%aR)6aScsOw@+S09DUU*}szW{ymK^@}V_Lwjx({t!>O z0ZHmus-QxU#3^)Nk(%e7YTLb~Rf5Bz^}C#vKfbCuzLSPM2K?@{Z8RM8;B5C=AZ|Y^ zsNRAo1X`fZn3x3txvfx4Vz>r|5SHsktr@Vs_M}hOg*14FH;HqI%(?~`aG0Gv69EC!OND5ewz*dy%1Edq;$SQ$wj=R5Zw z{L732{)xqEsD- zrEOKXyj7EM^2uU~DP}HhW=;+ezyq3WO|;BRsh|A_-}C)D{w3H7D?9T5m-OHq!k3G^ z!y36d{J}Iol3B-0HPN1GtGWQ}*G^32+i2{&E`cV^M8}*9u%*QiPA$m7;V-iJS3?Ad zRA++l)Z(kCG_9VfR_8W~D0ZwXYNgUwb|j%G;x1#nvWPtk!dTs9Y93VZG6euYNvQSq zl5TVpx3}=5-^#-tgPWVqRaZT>fn@I6!dNq>o01Kl)_s@ zAX_Up7KZ3b00Oy?y0N17u+h;HNmVa?+HjD{d_We|8xFYkMc=894himOl5AZHl~S2Q zdzlwKlFk*~I-aH)F%TewpG@Kvk_IhziaTNaLTeQIQH|QDlVDjn_oGIyp^s4^nRZ+= z)iyuS#>~~Vitptemoy>;GDaoQa^2CT#_Rbs0|ii65?)zAiH5n3O>U8f{Vy-@RGZXl z9DA#)WS{hz4aYddF0iNYRlAYe)5=9a3d$}i1u#oZBmuRs_T{8vq?%JU+u zpN1oAhXece{#5kt4sUQ^!=oZ>YA_20n{|P2fJ=e_re^ob;_s;<49@|5$wk8x8+tMZ-W*PkOj4EZ@+SyQR zU=#v4G)NA?1t7^No6DU9ezN|i&5&zH%cHHHA)DQ&AM$1SwL2Ag3tBZ=_`xdAQ{h~`$lf1{E=(Q z$l}jmqWlNy9FtTtN9reWKh$!)Aqt?<0*%)T#+8?q3AWQjNkZ_Y6(XhKx2x0G-vq0( z>?*Lp5!>n+bejj@pce{d2loLLMw!|Wkcc`xv!tdpSOcWo^Ipc-NOOB4+An&tB(g@L z&%le5Sx_i%);+Ms`FCV4KkaJkp{Er@1ZsR!A|wsQ23{RzgaT#Dl1U@$f7E(RmiV%hR&FLHps1ptpr9WO)-MS)z6KP4 zn7CM?eml-H=?ykLh$Vg3`;+5~|G-~ILBrI5LaauKIyAUDF7W^Lk+03e^P16q7J^!# zW(u=*bUa2=IdGt&!Yd7YKGI2EEr>0cQ{D#vnB{i*Hiwfz?jI5ZVF5{#zQ+ub1Yr)C z6%bG7E$~Xqq#e>K&eLXRWMtWSlH=>p>n<>3o#Ss7N*Rh22+Mq0Vnx zI*pd9-Bx?z=tO5?!#`~h$RKi;h9+nbVeldsG1~ENx8lgV(4h3S&f4&2<*GvT_mdq( z!L{U}=u85i`Gyx9z6quurXX4mNJ&{tkBPYSk*k1dse@Qk7&c1(*Bax+FToCPE`!l* zw4tjS?||SnpEA%*o?Huc_D0M9R{8uw^zWH0Ry~Rky$~1PK6S@-V*5LMpNgGFmTak7 z64@AO$P5NZQmu&arPjmH!ch9u?Zx=`793l`u*-8j?_M?nfR*0j3#cS3y{wW-&8m4@ zmeM)i$Zet@gmt^U=xn*Vx)cumq`BeN=lcWfX?RnpR%nH9+1=`uz^7(K6ko|?F4A2Tw7(TqRP7JvbrgdzOMdH5uM4;<;kSpjA7yqg~CnaOytC`);M!`Ft(VTo^NQ_Oqu!0R6?0%j-8n5(rE};fj(8 z!bf!NeP}DsfpMxNMV_B;74{ZK3{M#~xE|JP5wa0=o^5;*kZ3_gux(#(h=I69F=+Zb z+A$QQ{YeG?vi0h}%ULqV-v4A%xx;_zz1~LE>h$Mf-f<9e;u;c2h0EjY2I0k&on&X#==kDDIUIC(1G?ML*iY6(@i| zf%RTr-`>FulHkC>o^2d6FK9PtVz|t9BYGi(%+9iFR7CrKBl8%!e~Ako{D4#y;r{Dspep`wFQ!F##sb=yB(fUn@bNQKHSxn`$p;Vyq zl=@|WR7z4bnaAr(=4~m3{D_XU?RaJx)ln)_s7sd%?Ic@Lp(vf{>WXovD$&&}s`m{)vTO5g*q=9$EfJFJbdk zmc!9Jea||zSQtlX0@aWU=S&O|5(xr=N@)YFZEmysx#HjbLDR<1t5Zub-$B{^{GZVN zVmxyV*1aj>jTY;cw)z@1SDpKcw7w^1-Z49tNBrZU>n0TZ;q#Y`_rs?}`BxU$T#C4E zR}qJ*MBxCFv<6MR)Sy)Ls((0_0~#+k))#S$z9!DF4gg=7d@bXFrkUoy@_@zC-Kt&<~DvN^l&AhJaJ%}{Y4Tn~z za&9#8V0~K*xj$OOKeCbFP-2CqTGPfPvpOF^P-J9eOmg80hZqTJ715#``Xp{5G7@a* z65A}R%tec9B1M*CO|$EV5wB@#(N@w;(cx`TlOg-R5>~R;Hn}_vM~UF8y8rufvdk6o z*a&{0%DLo}5(5yWu)|HWn5Y6rYUD3$e(ggQ-r!|O*}G*UqRd#RQV4H_jrq+-lT@W-OMg@G?Ax#;Pk+yrSihsnA zxL^xV6BmG$8!mf-`dQLAL>vyyX6znDEE;CLkDXwaTMx6GDIBneHSqDs@-h{ZB?!TT z%tj-r(jK*X>DRaVn|S0-!KM=_gAP88Y#~umn9Xd_`T4m_1ZJu2SY}QiBH)K9# z7>-S9FigbSm3O844|A;qVNWE^HSx4|nq{Vra0n}&Vh7*5lw>%#Fl-24?6%V8Yg{zy zxX@sRV6SJcKa6D1Af-fqo6_n3$SjA6>^d8?cKB7js^eC10=q;xQT7k zUYv8P<*x1h7R;)Y3Q?@)RYDKPF4WYw-OVWCM2cv|Dbw4Q=GnFHUB%lLG;Xp>{gyqE zV)^pTs&*t>+NN3RSE@2_d1q8ATaJxXF^}hTA*NaRzR~4+D#?B$E^@#|aZpx2d?cQy z%_6Q7eY^Y1?WXY9+&(V(jk}ctAgaj5eFOIS(=|)#pbJ^JX#%q*+6)kJ?6H;F&F%l% z^6xy1gvE+fZiHBA#@a{)fbFM~Z_yhW9CAE#I-@}9S~w#UK~zn=#I|=t6M4XqUTn0& zT}A@w0S#WkWildYL|XeMiH1~He7tDhm7;B5(_22l)U?#Cv2MeCQWnbKaZ zd5%}ieqHaqq0iyYPHUpr(fe)p$|yp*ch&hMaiv@Bgg&azIf31>;0CKnJO1p|7N-~e z#dn03Wk0b`K`7XDB!H<0ev!~xoi{|dpQ5xN#_deTgO0gA3id#VaP9;r4iniz0|pwd zrs9Dv`kTHPrPG10oWQq&z2n2ZI zF>=Btdf-Zj_16Sy^kPo*eoi~^`DRbx(%VV#=D8@SCZ4nCWIgX{*XR3zft!QiTm55R zl?Glu-*Bn-2twJ~&K1Y0T#dzB@{@Aia2$v-0rn3A^xb2kX4gI^%JD1SNB|WTl}uZV z5NtrOB(7N*KDA9bG^zAVj^JAs8Jtb&jB%w3JREi-J#F;!fdhlkH~}=UptIF>Bs9oE zUx@3KMfgN14_I4R7UtYL(kWR6#0zEv-?V8Dfz4>FwK>)!NQ$McQQ1NcU7uOla^d|KNR7kiT(`?NJ0?N(vDG z`b!WcxUP=N4W)u~pEE4>aEKGZy|7mquC^&rM;W7(9MP<+0ZJ5J7*D!2n?zY%W(I&tzwmSn$^pSkO{Yp?X9xu>wrR_ z?}JFLdB{30I$u?a^f?K!Vg~NHXmr22KVTQavyZj_sk*v<&+IIjRv8(I8p1CHnrBsN zP$q7U2!u~u6XQWqAmPJJz)wn;8O$F;^aDqNPYK*j@MI*Nl~VhYe+tWj!B%hhtr7n2 z@pA+BBwtxrPe<`G)ix;a7YE)R0$4m$W8%wgn>~)36BD->(UNErslikmepd#VzgIsw ze+*a)lw*yMm$RYA^MoSbqTP0hVuzg}V1Lei-(PBjFzA3$ zT<{J<-0`iTc-U_u5~?4J-kS&M5lq(=|Hx*!v8w6ns4n=tDI_8R)Oa8bRdV5 zPeXY4lU{fKYf1qWjwjk~34vnZhFnP?sHApW@8d^r(_uXfbSZ3Iio#l(j56j!_nI&A zp{l9)nh>fG&`auGfYNWWn#Pu5DTO`cf-g5a)6PwVTd?8_a~4vLsK-(kt@u*Y zVn(<8-RUsDckAl?q}Ct`*T7eaQG-yC#M0{?cYEZ>U;|5HVou8lVa{iYWH^D%Sw%R- z6DP~zIvI4xI$<-a^E>OKYUJ>sBK$$E0eC(QNEWb&-u1e!-4YCh59So~-kg~|kF+YD zwQC9u1h5+qy~YJ6I)E`jIH71h&-ZpWJ)PYEW<70;?|c7`96$@?-sbtcb!U}@s`TaF0O^fBO4HmXdZKs^s_cwSQt)8KLwkH;`yefRQk|@DFjZ`y9oqmbB zEdlb5fC8BR1GMndlu&|gdVuV=aCk|XKW(Oixa3ObIVKK2i;D!}lVdJqX8cmfln+h_ z8P`5u!Vs~qI^Dwh@W>x9uzQ>R)Im!5cLqhNC- z^y(hZ1R>m)a;AfzoGAUAF~x#$zvPNd0|d7BBze$^3x#B)Ufv*WC_xB!D)C2w-&87d zI@PH!p}ej-*SPLzt(Qid%d3()28fj@(HNQNEDHTsuLh#-3&!3|HDSMYeiQ$EBFor4 z02zclY-Zr$0Hv^Hxwi2EVH!3Feu?WR*E|+7aC(LUR^YEC2p}YBn`)74pQJrG9QO=! zWH=n9FY+FWDa!yopWY`F_G7``h(-!hQXYAyoCWyCGSzZAy3g15*G=Us9oMHBJi@qg zt|lg&D8Z^paW08BuW^yKB0=SzSzKRe31LEnBoyLRoQE1|=n()RHPE+z?i+t^wn`2N z#ziu!X!#SQc)smx)MtwipsQQ&H_?SU8ediS_=D0tb#7s zIHdqpfZ(-eoZ2*dwh4{aPfM4`tqQOF2sNznM8mXpm^$c3ST7Wq{HE%|fcXc^e}?%9 zSdzjY_pT&T+aHRqyoS*acrXqtlPD$oTzrJ+j$5_nqnz3jMgh#662t-#azHmji=FY z!uuX3j4O9}`IAlDntteEK{jMHchjek$CGiWR6QTkCvMojxAP?4i@@Pm*GEl9dp8W0(y=(}y^ z9lZ!OAv3CHZP<6@O`I`}!PCmEqtW8-+uAA&i5QwwK35UMgm}QL20VOB{h85nP(TV3 z6@B8#=_Ih1ejNYzHp<=q*GDjNJoULhJS1S_@yeDRgyMmuvQ0_Ligbd zZlYp@51d(7wiOI>yB~cU>_A9X+R~VpkQwYslW-!AcY3=*%iSyG))xz4q}8hpGAbWN zp0~a;1rNKdJt2prxUhnUfukF4$~F4bU@t__@`;&R!YD;0!Y99s5n?M>Oe#Q1B@7%G zb3Tsi1B8Q@Ey5FEPs2fp&gWyCM5S&e&?a~z>PZFP-l5pIC_SbQ0f4*vx61h5Mb*1k zt#gyaQGQ?w#pXr{<}7ye|L__Y=r1=yU{icqmtwA&k3$;YKVpJizLVKt%FX`nm7=mF z0&dLe+2>ki3bCZqAHJLm^SrlRs7c6k173;-9>Te_iuJs?IXTKn+GvH1I!wfvppr`{ z1NLM*gS#n_mENA%`9*4HH&+L-65jbfs!127c`-H%07PtNkvFO~cw+cD) zQtqE!KnV#i8BeDB>h{)Lou-P@lpI{GK;9ssY{Yt27x`xa7 z=eyV$l5RYijMZeSPcss5PwlYijwS@>#2!iC3G0GJ`@yR3Hi3Vc-BtQbnNeA-jubVn z@vly+u!%jPP?+qCo%18(5%AO`h*-z@Q`wGdE%v4?+?#MJ?NdPkb6F&XHwk| zHkFaM2nunjN)9=TE@VL((4q7U4D|FvzXS>Y>Ev>Ar_NMIIf!|OOR)5cS)^#b=+~_~ zhL}_37<<`&0kaFWaX5pm4?QC?wmtv92X8)RbJSha+Gc|=#l|O44Li<%?c!{qzmP*V-i&jN7deI{DIw@X_o-4%|` zKKbg6 zgHRzM*1l%w{UO(nrD!4p4vh>}glsY%Nt|nCi&5yjurhtq-*M4-+{FG!l#mF>$WDtuUb1vDn^+by`H6H6 zmqN@G^lgeQ%FuC7zL|Wiw26Nw6LJ4pKshe?Q&>YI_MEMZIltSEQtTM|-p^I!robKo zneSl%gC5_rtTEZeEU(W%t(p*1)uomE{x5x|TPjji$S6YY=Y2y##DL1UPr*|VSrqw`wXEDX zJ-LGHoVUN|kN=>K5#fe)hYqh6LyJw*;N#%jM-DMaeIuOtPw%(RTw0otpU3-tAcpO0 zgXKcCM?Vt2Z{mm^M!!A*-j`AVxmbMKl^jAT$i6c>W z1ZULeK{UH*ji)Eq6~AHdp$qcP4R=g?8P5^Cs{$gy(}I1&+!Asat15Qzjq+*Jg^Va;QTfvJA_`M8wJ)Fd9U221bH>-e{kW%=vUO_Z$#8_z9 zXiu8^&#yS-7~^PlqUE#E&d}%;-gtZgUt$F<40^`=Si8p(ixMCyC$!OX{mQCoW3qrowh*c zQ7dZDmesQKlTWgpIHEZaHBWujP&{#-48xcIXbo!g*nl!0Oe#MqthbZm6NMb7l7m1o zb6{;{yEnXpE5*rX&#t5lhwV6Z<$Z{lcf9(#k-c-dCebJicI!yYkv~K3{dR4+Vx-Y< zwEWT`hZ3V3E`7@tOBwInsnIz<5;Kd30_pcd$ov*R5XFBynMAxQdP1%2&pQ^L>+>c{ zmDvfWf?Ts5q1Ycg9&8d7F`4*w>aF~l+sS-}R@@+De9m>3BLawNnX0K>?>ihw>^(c+ zqWZXO(#`+6d2%@eC0xo+%zh4eIowZ!xnPCdo3BY+qw#D6Q(;Q#JnMa(EQu z6d^{yNWW93MI?XRi#FpeO?MFleZUYSL52Dt6#+IbrU_P^G;9hkrz55O+7h#YL6-#r z-T+%z^_`+gBZ2n)q8H5=;J_duMjg<2wc8i@hn?LhG{cSnsY?iw3}IWS2A31h@8_7{ z)ARjAF5hBVk``a%rz1Fo)q9Xoo`X#pS~Xrgi)Mkym)uBP9m=u~$er}a#A$^ZvI$`K zEIolmG`)NG{q2v+V%A<{Q{1;FOZ_K&IZym>Jv|HthniMLp33oAPL>_T;8?0@+5?=C zvj|j@PFN))w4bD4CjLa>+7|{%{7lrWy!*puZ9(d*zzXW1Y})=qmL_-70H=j~NZ{~p z7u<|CNd;7@l%%T6!y5Km8`~a~uc>1)63{U&3#;yNQ(0tI!|ZC_AMx)`^3vvWK0ba6 zAQ8hB=von$>3dnaz;15<2e)FfY|o|YSc(a1=FZ}Jg06q|&8A#vY3Ubzl{E7v!5;qo zn9OJ{7O|yfp+Lh*PbMWN2E4H-=fCVPDfA`W=n;9>;jgWv*#7of3!`;Q5Qe2Y$xj97 z$+2Vr>FM4vL*;3?lQ91Dt(c?s+^-&~5 zpyf$~CH+CEeN{SHKdHbc^H^rAUFKiOKsY8QKYnto|M{?)SC)WDkdu59f|Z>v5rIXo zVj2C8#b>zz&v?j`A;S+==U9RRU4+J6u^hhOK^R#e)XTUP=(RvGpJxOR7z{MbZse$9 zaw`ofY~D|n@SF|x?hy%5ILii2Gs=Z}BY5yY7LvWX;ja;&QNe}$sOYVb12L#>&(=7Z z1;7%vPt+w|rc*$2MRd|rB(RfgS8VXf7bS^V4(6ItQQY~vp|IkXyHq-wsVH6C5wqit zNC;d_TE+FXX_8Vokf~)b_NlyTu_lCZ5udvBcgvDy^N1nKFvB|}x@xfySTy)zL1n{M zU3u)VG3ei#VJwAM@PC|6V>jU-5!iP(AoLhZEu7#q>!{UleB-pfafOB&m0GLNjA=M4 z&z(Ht7ktO!A|8oeftOr%08Y@cr%TqnoQ?O=2G=k91^jO#f&2!dZV{mpiHAG9yt!3w zT1tt>F)FFeNA_i~iDk#IP^wQ{_+}qirGB5b8GU3^mq-TVq2ByItJkr&r>1fQo-c_ zG=u&!z%vV@1nLt=AfiHcSrUEu0K0pyV|`%w)51Y)^bt8gm9%rrZf^vq2vq;8U*XizyQb{~ld)3Lu4 zC7^*}M=3mN$bwf|y$T@NU7F@WY{U^XzcD6Hn2i!4 zKi1RkvEV_6lUrSuCyl{*WDkQ6oA!wSs$0H@@u3M^Y*Np(1zWOANb_-rN>8yQMkm696KC#@3iN5-!%c@bFIFiGZ`4$MwwmK2$WKE{sk%wo$s8N z82<36hmFFbF(dC-Ab`}8tSY(!OvpR%g&q5!I`P91NWMI<)ZgSFs_WCDhJOF%04Wxl z7bawZE#VJ4&uI#ae(@Syr##dU3{!Y91hLa;0Qd2{bi3$JNk5`mY zZ*eg-RdLYkAYhKp{XJotLaP?UiiO)NZI)o9zIaeOX=!dgsMRzQvjj0h0iB+OMU@}O zjSK0f-=^6iUyo07N7a2%aXsV7@%y+pF}537snkBGu0M-jeeBtd*}z$iaY`8`kn%GX z*d>&W=-h)VT3=R0oioOuAw2Q-=#M|KJ3LFjpnm|32MXz7fLCf{6prao+Xf=HmLC!O z#f5oBFDDy%EWo1%OeuQ56%^L(-$U>q6OCeq#|p4i!uiKyp0p~j&5Ki0o^e~8(+$Eo zB9ZAQme;s@;PzH zYYa8M1aM16zc`I(jr~$)A}RQcT~k=Ok9uf1n)EziPE8aO$`2AnGOk~cZV{`@Ytou0#pC*m z#hw6yURNc$+18Ye$v7$|_$Ocw6RcrIi6GJ5l$(V2LV*eCEU6;d)v;ArOvvnplr(Q# z%q*pTNz#HaSQsOSx>)?=tJZ%zR)uNLi9tUC5xySD6dEE~n~G~#ILtGCo&5AwqpV1! zWahLM4clkXlL-v

%H2R16YDy&&)>`KEH$FS9tGA942@-!}(7GtfaYpOLf^!VHIn zYO;DEdh>&P8=Yp4sc=eE3HrTbY*X7{hD&j+*)N-XJ}3oTlP`=@Irq&BVnRfRrz!lL zP|#-jB2aF8M4Hq>pAy^ngiW_Pzev~#E^9$QwYdbVq6J0akM?l$y}I>|k~i5`M^N|; zNfQ$GJA>#I@7O+~Vm*f#2<5w$VNBiFeNfeU^XCjO?n6en!sNf2p(rgyuqO*NCEPf? zfvK~efMOx6FmxV^5m|$I-&12ps|n1zU8tBWcOoJzGmig;PutyO$ZfW%9Ybsa`^st z!%ica^8-c@ToMgDBr0k?QwaY`ZQ@*;rY?s}@WSFxG-0^hb2V{EQ@<`9PsGIr!T~0v zPw>QHrq(Gga8(K1$G&(lER5-_o8KGjR;VUFMf8OVfag*(LS;9y=Ve(wMD5w%Zbb`v zue$Alb)1*#qeJoPRs=0Dya^|!fqxT&#!EeLG_eQ!%WhU?AE57T-8Z6#L|)kb^2yPp zQ|h7REnl9i%1ol{dS5%N^SonPc~_|P1<1|8nAmCBOLXKSO!&b?=CGU;hkw%S><6gbixs>?@yLEgU>zpV@wXAa@c-Hx`VULNmEH7)&SNq>#u9mQgunBgxgH( zY$<>QgG4~3^EI=AlXjGOQ+E@hx9awL+A=4LfCh~eYnk@BESa~&Rz$&27d(X=D7r1nT@+dz_H@W#7c7!i{Osw|3aQ7dcakFp+G3dhqz z3YLV_C&CCp5xVE6Q1>2kLV7$U))gnoewoNZ5Zxo>it( zg0~=I>kdlY_S&>}*XLF`q82!jfQfeSbEQ!%o*MT8n(gzv#|fh^_d3&$((&O5ES^tV z*ZT^=a}ZJM(;x%F%BD88%y32$<${?5s?|5JG&)2*Q$6{|bCv|ss5Yzi`>RuK)Zwgh zL01LOPNxcZq$K4Qybp-keBiwwNUblf-9SQmG74OSHjQFm!yr1)Yz#|FI$*W8ewwIo zV0k#+2$B$9*%#YG(PTW*S}RL4Zrv>qH238**-yn!y<;)zt?gu1vSy46jt%zP``U3T zRJc(|TZ{DBXt2r;vvcrT@qqDw*CtDe(={)t zxSuh_)UP-a);F~Q+6I3Wh=C#+5o=C6Oz!^8rrAMBIv=GV=t{XZNurUtEG_s-LAh

Z7F&63%@e&PqcXo}s25m$ zizf9pP-o*yj2)E;&Fvi)^;e`@)n{VYV&$vYdRJ<{>e_1dGDQnWQ06TR%Z zBe?-S`11N|!V%>v*z3D%zhI+)(luFwq-dn4JSB`> z)Ffh#;kTFZ{Why~*7C+%Oq<({Tj91$g!NBotQnYQze}5E;I;dPDj%IQE1lJay~t&c zxx)=y9BEtBp5>lu*EG~r&QhLiihXZ0d^HExsfy!TJ2Tm$f4je90d<~$);yK-y()V% zin(y5RS{XKXLGdd;ipluEdxUSXMQd?%|>>OMES5%wUMa(nSuVg(psW>Tr^0NTE`qQ zByGa4S6NNuCiw?&@ee@x>jFFBuWCf3#w0kS@kWcQT$GEVKdqYnMp-{tyy#ptrG#^j zw)Bg;m)^06CR@mi19ix>hsX{oyzLYhD5j~+BoY^_i-^&5OXiY5TY(vj$KexLfj@_P zzSsO9NoWXtf@)K}NV(B^3k-5PE%A)pzM`FmKPqPUq3Si$Sy|n}(tHTR9*t@l?>>ke z!X-t9x&vt5c?ZVGW{7xe* zF=6aRa9dLJfW7UniUHNmxP6;JNo+iR;NU|r!Adxjn<)xd$>wP7hh|SwstEN7TVre? zo2P;Up`=r=kKrxYtOe`+q8C!qNdsQ=WsJ%0D|63=gnh%SOEfi;_l z{sy+Um=@)=$$lnC)gjg8#5D!HhfSDj+|wYROP`J@LL}>;oJ5&N<5ezE!npJui;x~7 z(czwZeB~=Yeu^%Ik5CWfOTCQwkcr5yeGOP3E?&`g=%zXOtX_VlW^V;z4C0RB_T6hN zgQ%O=7?@RvJ}j>h-zzgZ)R=?M)zJ*9ls(}%E13H&^HnSvM9SECt4(#s{-~Jdn*p4F z!cu%z+bS=X|AB|b?#8Lbh#XfblUiJ+27^!xD|CS{7omRl24BQcF-lpFKStcoec^7(i)DAf~78penHart#uU zOWola54C367k5nOqCetk=uSFT2k?o+JS<8JSsmHg*--FU2uMiB%Z(Ou<-c96h~BYC zr)#N_4ko$tjb~lgVB3?!X(>e_UI^{yP7y(!M?(#^SA|Qf`Q&mnETD*r>Y%sKmsB>z zDnBRI8NVj=<@5SbYO6BEU7c=0FcA-?ASfi$KbeeTSJmiM`%eE}hbiEwBjTO>t zmlnjxHD<;D8=_Kz5{(vW_zJPbDLwTBs4=T6;X?!Z#;ZILRR|oWJ^2iWvV!vbCXH-y z_G|oEm<(lTyfQ9>FVE^|u7hHcTDB<^F15|aGqc{~4er_n{B_IRA1P4;qXPSF5L29= zZwbJ!(v2}^?Pp^P<-Cueh?~G4hEq#WuR(eb;X6rMo`1=cw5ow2+3al6YE=?bmS7Xq zcP#R+@9*zLk@>H$GArIjUD`^NcIh>Ori20g9#MrD`XO*xRHp@!SQQR6HJQC37U8O0 zbfZ}pQ?ToOheme23 z;AFx#Qg%tj#9T+{n$RnU8}|z@8yB@J^!iD59fKieM?Fo2YL!!%D#}6M_P~{dgGjJN zSC7!OpbPo(K95rV<~5ITfY~l-;3Xn^(sk?0WkLm+;@8&*-8VU?&uQP*J^!^hlz|bt zmTD$Bm{C>))g?N!nqm57s*2)IFFR&2A`Az79mc~A>#EdIp{qPEC);1Fv#@D8C{V`V zHmZBaqC}<9VNy)&a}*Jv=P=+81&;u2n$-4kV&n6Al_?urTmDokb(%})d@PA@JdXl` z7tu5*oOdw6DZF|4!PZM1Q~~>SFkb@?RytESGG9 z<#M@!@-Z0DxW?I9duENFx;~CDGnt(qTO;o8$>5!#r1rO$GoP0uU1G@2?djF4JxIo-0rP97QmrfjR+zAtU&5&2BNPb%U=OIgBSSX{3HzSK;$=*8aT1 zHgY+-<8So>d8e0Q$}6#Jz@gd(h$DW>VT2i`Uf#8Sak?zkX)D@a9~EW!*%i%S z;*M)?@u3`%#ggyq_&=G%Khzh zBjYclnJUSiZ+RXj%1wXNZQ28k2ftbV&uF3@l;Tv>F4fC@^L}LT9&K>loH3Kct#Z$5W7bVOiJC|RTm!pxL>0wYPnVzXniNt#+S-KcVqR&>Y8Ip{<6mqboi;_;I{gY`3DgHy{D0e8y46%k3W_aMIp8F#lwh* zGkjdLv&{{=)lE_6Wu`iZ!1fiij7Fv2#9zv>41V69mmQq}_?d3To}MlDDh&k|93YGS z@Z$VPVzB8-KdLTu2isLof{e(oAsUK~dW?~Tze$*te#R*8aS)dtj=2zq&oFHy9K6Wj z+>wZ1?T+w1Y{xzN4SMGzuQZK$?y?G_ zSTEKd1Q0)aIT-R{WHGXGeYbaH#)PymNQ!^(K1cSZlk5`ULOR~95juU@8?+_x;epmr zn4l;Tb1*L3gEMoPK+8fFFV>_T_+plB+v&Gau`@0|r@)Xdhoz+tLGXya^>qG}m@@%go94jz#)hxkjD&?eW5H7bsK5b)z=~5I)H8XlpeY%OES`zZI)% zA`0LOxBZK|xvYy_GK%K#c|xr2&g{;j!LrlIcRpda14s04 zv313W2&6Ap)R}`gk~*V zwjso+%yJrxTQh1dr9KXWcGGpFjpr6{1va@}024E#9x|0KYpa>h_mqOJ=P*Z^TDk$(ZmHU7h%v+4 zeW~6m1erK$^F9xV;Jhc-@C<+SM$;BR=VdltPk=&6NwdqD^G|}U{n_?D65UEzMz0#J zyCZv3tfqSNRVj4$L*|zNA9>yeH-pI^F!y8vdYY>+6+EsGRrC?i_2NIUv>is+Z9JZq zOc0UJ7Hal_uyy8}Ahu4U-m!2xD%WmaJh^Rgy8?6+`x^Jsnt@XY`y2L|*zFpB?cN92 zyHx`#KoUQSfIem^es=lG54@{Jui<8AW>3TEI)K!Y*RC;*JOcAMx{B^Io%g+qHQ$Cg=yQ zo;%N{C7@~7n2Wbb3}W!;#`ivIT6?V1<#l*_g~)u~rp)lP_ewNsov`hrK|v*vKyA4- zcnEIz8&r5cW!~zz2Jy7t)?7{bs*Ncn!>I+eYL2B5v(*HbL)Ek$EA?7&R3T`!P~A`L z^9*3$7mSF{lP=?=X}U9*z`1POZIq;455%AfuM^_7hY_DNtl)5QsymG0O20IeAo=@6 zrz7h>8^Nq&&vl6S-WMk}Yc=}a!TcV#OxDnlD3F)eQ)BmKN9E0rhb8@eeQh^@iCswP zUh{vVajfA`ZU|*A(=&g^0`MYAo0f|{-m@0qso==q`06Y$xgaV$A~4$<&5E|$MT@1A zTR>Zgxc&KZsOL0t2yw^F5Yv%?ju*(>=8hL?#`vy==UR+!8qOLirKfbZBAyE^zzai@ zKaH%`{uGfU4Pwe1_96W)ueeoxAEpd(-}7Yb&gSPNC?^kXIpK{Ye-{|_avPbHp`ybj z&*O)Gkuh`Q`bB&|D!NG}bOu~mz?LjV&ln*O-dWG68U%udhW0u0c^$K;@Y>7ZZ+^S` zEclrIbjs`LTAHf#$7v|heXsgRVdK2 zH4~gnEI|>NFH;0V>-A)+_2c>e{{D)~+m`NguP$(3m>C#!-7Pj|gUonr&)2)7`JS(* zWGgi44s&$dO*@~VWchD^UAc&d%3=!=y1j2QGWHzf2*Z)NiG3og*_+^mcm$98Z?C}5 z+!tK&x@)~#DU7Gl1A)+hqKo3Ie^e4?l7c$Hc#4ku0lCAb<elpax z0SvbkN}to*{n=s_e)`%w7L;91b!?_>bC?B+{*Vu*(h$&FU=KFO6Jv{Jj!X${o6Kn2 z8X~$p zA*l{Y7^)bpW94y2fD|Nzu_11QuzEhLcbzvm*x3cs-lXOyfiBB0{Vl3HO7-`7j_#z_ z*8p)E5KjL^YPsvw+4JaGL^ScsCU*OM2Ly87SB10yJcX+vU2C7$hdte!V)AzH3GuHf z*2{llBE|DDw@G%&Rz0%bv1k*{c>SXP_2)xa&V9}ghNg>P{Co@-fO8joyAqU@k%1%q zQ^DY~5Y7s8|5JD)adulVHAG5LhcRcuk%D8vEVUbpIpq!$1JC z!2H)(x*?V$f#P}b9?LtBskuGP&?FFaTUY@{1duy$jD6Oh=*c|eVp6U4ylean4xa9F z%ZPDE?`fY3$4wvy>eQTL3yJ%!6e_yz?fZ6}fO7xX9d6};hb}XNb-JL6s%)=eB2Vb{ z^>c+qC+!jSPxP;0ziX`Du_(UVWHN#sc)Ml9(iV7_f5;9TL|#}6s$vjelnJpZV8VT{ zT%fen@k2Rw6kTcVMLm0gAfiZ`gR(g?sg_$xU3*Rho}hQ(zvzj}e0$bCS*`n_thtnS zMA!k8K7UN^GHO&Zon{wIS}WbIUSFQ1fXB}=!$QM3=h6Q-<%g-HM^^aMsJRy3?dkhm zG1vP%)7Q1-Pz6r}*)>hasf}NcB2T3l*!dX5P@z!_ zj{IuIShrT^FqcSQk>}RPtZSNoMSPb1*Ju9RBR(}P1t^R2zNUoHH6S`; z%dMUV53%HXU*{5^F6)m(&0zkdb^^@Q=LSdycTe2Qp4z9y314fm%kn|VL`zh4eRy#+e|0Tj2f-hT@s4#p-%U+ z2uPD#`GC=4!m*7?)}b{Cq**2P(^j6(+w6u`T-qc zdt+fYvALX@rG*6gk~*msOe#nx1TWjU(@vq|u0qVO5J3G(0>(02kybx4HGV$cxR=4p zV{@JQb{{Rv_X_ETbhJuDK%nsm6dA@205au6ZeG!XulL6>3qJQDKCZ7vqdwakKvm7X zDdc1**V_r#Q<@108vqe7B*SZUy4-lT;DO$eBY65LWH*)|Bgk*2T-%~$>ZbPTc%IblXXH-w9oTa$(Y8A?Ax_$ zNFP#_%3&h*F58SvF@!Hw{CRA~+&Yc>-1zvo+g^G|=#kH>gLFz*tdSFQc#hFfqSvWI zX7g@}MQJ-8I2U8OKO8KqZwOMP)naW}sLox}9GGiSO#@mul06CjXwy-X!^(z;?S}A1 zp+$2Yrb|Gi>ZGhy0*ek2{R;}F(dSe%)!?_IUXx~FMU>Mt&!6!8DPN963XI9weL{?s z#E?#QNIt^Fj0S|>i!El-4a2*-I#)0`AzTf7l&0-llv zEnz=18CIZ+w0B3_>rI8tYRiMPjr&wlVa8$b;7|g$3I>|mM7w{ASc>`|`Lg$ohL#(L0&eed^cEg@1jC%kBsXyBzd~V`zCDcj0M6sgLpT6s0PWf4 zs5Lil;CUYtat0Vl&8WZ=Vv??mPQh(Y;3d0e9X%--EXa=pCBhD-w^+6P@p6dK=VB+R z?P}$$HVz3;NL6Wmd3ic(e|T$qczSbwOXGGxP#>+foGOsce7r7vz5StU*|0Ra8wiYn zz7n6cc|2V1oc-A)6o`9)y$uL0&T#r~_b%uADhEa(ibm8uMfFqn4mlamL0;VMa5^tH z_rtg-@~gj* zz)V1Lt{#t7g*x|tM9i3_^#jR? zsouFe`Q-T$L1C25dVg!CWtHsb?MztgVv5MwuiHz%>-xbc@Y;ip9%rmOflltRwLX|Y zYty=u*bF41Aw=#2Y4hzsTG?Q;_WHcLH!@eGauoBK*b7kj_Bh<^1rn8b3sO~q`_5xH z3XCR9PCqsVe$nCd%w}kELif|8-Ln37yD(e4^dEG8@Dak6l{qD`z2@&$g0BR~hS7bht)+M|Y3LX!MS`?Y+1Trjk1yO6?e z;&Y_ARxNAa%ExILI~C`3v&{w*$H~IN!p>gj`Eco$o4fY1dRK3`03NDwa~Te!YhDjS;;v8R zR-Luvk`~SrIpQLrtsZyv8uWuzS>7qba#0ZxT23>{xw*MMFLORGfF0p$#~u=l0gQyO z*iaJV8S?#>?Ax0@=nZNz;)}cWCzf|C)Ec^!)w55vt+A<-T(F>NTDvKy_~=R11f}1S zq`JGi0il;gAh`qB;cZVT(EL3o4D{+nluOH**BLKhL8ninE_w05@0G`}T4}mz1^!vv zWu;EP8~P)Tz|}Bo2oj-2t2^*s?NR%q`S`?Jv3Q|o3a2hC*cBEQQYil=#0^kch9FA| zLO}%F&)z{NX(ea6IAj#eOpnOO$w(zJ5E5sqHCY~HS5*N^EYc>?Vs9lWt$+~%3Wo>4 z$dG=1I9~gQD_t18F|9U(-qCbk-8#pE&H$JOt0m)%d^2FG_+mRw7TATjdpxQbt3I}Q zyR`xN!gevW+;9G{`Ll7O3nG2TB3So%^8m;RFG{?(Xeuw!3Ak(lRzdn`wrtDFZshx- zQj?9|BgrLYrY8%CfZx5g{n5&t4X?su^D}vGIVF-xX6)W=R_|Vp_01c8`m%;Dh z99>*&^WyS|nP1_3Q&QnJVllku^LFRc{;->x>3R7TH2=qL>t;?D8H6lwzdkS!`sU7O zrqMH0BnSrPbyK1X1)4f_n$!N5@~wDYjl4`RK=_;j!Nj7X^%lpsLb_qu9v%d+KbhR} zn6m|dbke_?*wxkbqDD0vll_r%i^!VJ`8@zG~ZLf=Q;A z^UdLm2k>DVY>1`Ql9S%C0R6)UU=0MeB3NBtRz9^5nSDo!8V+*1x=QpL)G7!u7=0xb0Z=fc;q1KRx{^lDL4)kEyz1Op{3wWzY<;TZcUg z;80&4#xfVHjo^LQTu%8&&pZ4e=orr~kGUPXNS51uGRGDg9p-?XtkQTSCFgcgTKP0Z z=cZUSxw}TQ!Fr{|ttL4=5}(t&4DiXP^KNAHiKo@OHs|J-I{;VE`67^!2IE`10=N8G z%hf1Ax$#||e?%61u1wB=fI+fc{&NBNN9Nz37(AMKH7}u3fSd%lFHpe_E7ikw1JmR| zz@-Y4yR-4(9g9)Hw`T=4Rht%G_iHLtL?om{gwPhXo3d)=%6mr%p;wp91Hia+fzQ_D zbOglB;8YS*)W>F z-u>qA<>@Zd{jkVkcbHjLvuw8BYUv+u(n7*c9Zmvkkyp#qBUO$z_bkKYB2cd>1fpc@ zYGw_E0R%=O?Yk6}63|~4h71xF?UpAHm**4s_h&ThCWYPNwg1iatYqNx zEY3R?x-aHBt9eF4G9G(%XMA_d4z5mSDG|}pN&XH>Yh^G&Zf42ikRV0HIKXzC6AJM; zEblL(ed3J{{^cRjKw=5J9vVHI3!I<#u_1Bu)hI7O6X2i--(a;Rz|;x` zOZO6|7I4BPD3r{Q<@~|%%zeA=L6-#ZNR37&xI9h3{XPWcTSRb#;vY3dmbv{&9T z?dDmMQgW$&jGhrLnl7T1fHyEUKPWRtdC_KF3-PqRfg7;$&ru?S&k z+(ygo{P*S1>&<6v&C|^Q^KlAPOR!|C&P!H5uo-p!*ly$}>A-m^WmX*WBUU37Q@zvY1o@SBG#V7O%P+#sWB;(!1;aOs%*bfKo7 zPov540Ps2B1nU7OOP@P`oNI5(drJpEq=c*oGN(7d4R3S-&OtJ_f=;u3n3hUHod_5A z!hIO{HY`RR1Q6$%=heR-0q{@&FPf!v1th{QTaldQnhm3s$v{256yI`CkUCqc&gyci zH8nNneOm*>+@XIC2snJ1W`hn;XmHZH%ICaevEn#o)v&U=^r##y`p_1CpwPU6)D3LC ztCU~{>&JddJ8jS?qY8I#S(R02y@v%CiWNyzr!n`(yIbWv#Z}JYNXTFLbl}MI0i@y{ z@^$iS?5MJ;_QO;ATc@H7cklLSGV7l9nfqMx>J0;_So6w7!Xr%$8m(*_$B>+cexJ7%rAGPtFP!aFU;xq>ZP&M;6Zdv(7>z z5CCTcL<+CAOQ7?!{;$gOxvj~JjC6{$HJAjt68Z6f4?lm)=BZawK#G_;@u@+{0D=^c z?5K6)P9hM7M$dWxJD&NnxtHnl3W3ZA0#Qh8V5(|ulqFJl9Z2co0b7LUA%X=^C4k+pJ!{+JKVx1LJ(&U+wda4QPT#N!4%!_a z^;o^iunH>vF9-klISOUsA2R}QCI4>qr?oe45Yy%x;EDoQ$zu_~`Ks6SwRcSsx-2tu zaqahSAiu67NBI!MD*)|`IE4&A4R;Fe(vD!wuAflwX<-aF?X-Uk3y|%tRvE%%mP+K> zZ4bn3K~fLt9g}>E+B>3(5P}AQ%p}*IRBi_X4&(D(A4|jyL77iMucs^O7HABAzR_`~ z_h$?#T3os&Z38{M&bNwI2W0cZ#n*eJuV29PpljLuB;|?f_~L&fxZ2C0iJ+0#&YDPse0t)mt{Hnht(#l4IC2~rq3;exyt+bH6g=E_1;|;- z1j+n`Z=o+e;C{YicUV7qb#!zdOfI7dxEH6V#ahX2Y|earK>}+zWBEvBnWdj%wxwlo$aNdp4|8JVaTnJH5?nuI}gN}1`o zITwo>0K1;vUb{xEU8Z7HQc=0k!Xd)+(Hy?{(CFxP&j*%QUK$!24i2olMs99y*J;e# z@9#d+(gNrk!DBOM0aZim-6}jHB0U3xwYj+gG(GT)>PeiefO@<4%P(d_fv00ujoM&Z zsszc&`+<>>-hk`0Gy+el+h{9G%buO&Sr9HcyZ7@wU`eE+!RxVVth>X>4*B9wJ zPiJ=gdL;%x%LA~zm)%qw6cLxRRU@5=lbi9`SrvKtiN!@8;7x%#jk2kO^HgeT>Oa2G z(XtvEi$Dq9V{noCIl8!{M4W7*%CJ8|Vk-idRVGs)5?L5FC?rHGfAaCsJr&y_f`Y$u z3%zVa%l`R@ejVXr4>ss`DOv#-0^F=?9`DAtr?~UpH67XvJ@`=yskWJ(ZSxjJ1P+fgJ zj~sU*5#nX}U$H4ZqOs04Mu0}>MiwkBFZaG0;Vj#&6o>u$y&6cWfo@%UY3a9$IbN0? z6)FrsjeGX!hE}DNB-L2fZq7EN6s~v;XS)+AIXO9rQMbPR)CS-%Oh(g+ii)aQM_m8Y z#K!!%o~)M}a!qP@UhP?3b@N+44~XdQwykAwK_ZNd6+mYHYh;&RvwnUu!R>0dOskQF zmX?;2v!SdEk+jzFU@|y37@*(+9QhbDYE6N>nkE4bW{W3MC~%lU=2CJsFj=Be}!}hT1&?n77%SE|Djn4b}_ZC2if02~r0qENz z#X{3wSa2vvNZ>QIz1(UN5~c&S$;DORHq644ehMUZ6~BMm+7?gr_nQDEk4W}8K(<8vO>tTl$iH%&q5X!{h!EvV zL?Bl);@BGS8DVx0f^J}N(0=gsta~$svWrrS~$;DzsB; zl(2agOmj-yoTjesJOobmTYZrq&?$QQ`mnID1YFO3RWvH*hy|VrMS8{^)GLkOeI&aZ ziRiih(%ERPRbB=I2ZzgU6H-@KcTmKFvh%hlo!3PpC3S22vZcjyc?+44hmDTz__(nK zpe1r%A2nl)znOfV!iLrNuzG-9}j>lHSX6h*URm{ zIXPr=tv#^W5`^vo)3oM;kG+;I~zdSCj~%@_e;m(`6L$9F8gQKYh4 zB7|`1Ve{^kz?`t*FptW74oX9FYhn5%6a8cMBD>(s4%E8!lR-- z8yU?3sW&=r)i!^cZyP*i(M{Rq6F~o0s=VAaiYbSxd#awWZ}b zKS?4#FVD1Yu{$Ih2f=-4YRN2Q`;q25M{0T%^f!t)$$SlfbPyBk0lKv=CyPcieGTlo zJ)ijaJOKqeZ*Onl5Qgig$u9DJr;wmEP^y0U8Z4Q_qTmK9yuyW*T6$0FYnXA4f&37!8nRVMOXQyCJ zqYN+5YinyUu(102`T*bmQaJSj#DCcA>1m}tt#ByGoe6+hazF_WjY#8lDgXQZ@#W6{ z(401kn9|h3s@Z$%ak@y+cr?uk2r844lR)9R$p)7m&5P*nWoS4zHnFha2Cyfao3t$I zs`17S4p-+J-M~-~BMK})o+zlRA2>P_n3RGA{+uwKKDr4D3j@NkNOomy?exKghpnxx zySqCOhXFzmD8s(Mvs?&ed{TnK1zAqsSphD99}^P;xb3EWqtDBYYO3guFcc9gW@bAe zNTP*p14$MgEv-ZD|BAcPcqrTNKSPG>dMu5E8O8{1#cDbokDwy21 z!Rw;6_2jqt-VP}42cwNd!%zD{`nNP*THjDF_-hmA^Tl^;x-5bvmNT_CIU&KmT|H

+fGP-@eZT;hKz43(QN35T}QG@pwG&G4R#vkd?N!wSApwc2?xi z`#T~${6%;7=*WmYEDi8Iz#)LU8}cyVlfOrD*i|}Yd!FPcOOyFK z-ZY#k#O~SRjXV!;?x{-wX4Vtv%>DO@bF&%aYT+Dg?aYPvw6Y-aI&wj57eU2 zAYp_^{0hr^YHG^I$}l!<%IgV?s;YChOmeGo52Lw?Czkqqewc@-Q?HsWf?V{(hyoow zy@dpM=eI*}&b2O&p~Z)?cF$09T3TAQaQ0uLPrfS6JnURh&uIq*1^L>(b1BO^teo3QC`f*P2Ldkfke;u!X9 z5!>=I@Jn5JONO6|(U~QAsmi;dZ0t&%l44?Fs;Z&jk)3L`pp8gRPmhI#1;n}KXOpT1JjlthGBD_W+Z})Q>{-g3dSiEA`q3Pj2w(6Gu-nVZ$_NBP>o4M~S9+(5 zj`1d5enyCmh4T)2SKv*!?3^n?r_9aGT@-EhvzB12Un3$Y3Js`BS;%!4wWvmFn52q| zb;+=~rDX-#quvHQvG=D0WcnFy7=nU=0RCV>fq$F-2AmgAfq8RtbJQoa)16Mo)YFjT zYk}We3twimaN)5vU|D(RS7~TH0}l@mW)>D$Iun4&HWzjdUAwzyixNJ;HwL*w5$>#3 zC+^sD{S$WehsD)?-3uGuFNO>+Y#-HqH6N$lwoEY#3|xoV6En^~BgQS_?&c;gB{fJS zc7$zs$c`Pj8cXc~Bk%&x<393^>!=gqBuFzD*;P81;0thz`a@O>W8tX?=4 zFet1#|5hywCer@tghxFj8DQkFHmaMVp=bthp06e*tVGgT51+czJD-)E4NOx*U7dN! zFze%Hf={uGBRv`?J?Mx$hhmBrrY({$>NH=H$ujJ5l27dgfm@;R!^(<^Ps6{eruQ?y z-G>j^AHgYNni=KhBU;C%lSqFrcij}#*WE%>IpVrj@o!%mQBjw%N9Ubt4jxm5l}>h3 z^a-Z7p2?(WK?23W%$$&vw7#}B|1AU+gQR76YAFV?VSMf&lguR!%RB88Tm<1JBLjoK zO8(~NW^bwx3mz+&Izgq{15~rI30wZB9+=_husUu|JINwXAXJzv4o-eC2_QWD!mIz@ zT_euNg}^7HAL@9Ve(3R`YF)ek3|(D(N5^ipWA{s^nvM=ls@asAB0npt^@FyZ9VLd5 z1C_^s=~?3!m@Q7T6KdNHC`}aRj6&Iu|8*DTC#9^}&}lp(SZVgDi&(P3su_{0b{XL; zcaRm;O}n|fys5xp`l!mUQzIWk!+i=WS$zfwQ%cr&tlD+mUlr9QEF;z->yl)+Ei*O+5))dIGme%?X0V}z0@x~Z}L!K6W{ zWcrSKU%VfSzG*;FEUSIp3zDXC8EKzskr5|t1Do-Fr z?bpv->aUDsUDw3%B2q|7ua|-k4Oo=%ff$x|_g7)^vuP`}wKktz&7r` zP_-Ip)_1#1fR7IxAB?}V47sq7$G&;}+R()0VRjb-H!}lP95QQ3Nl#jP#2DR{cq>H` zdqyntva9Qfr&;OgM>6|!uNWH|J_~a7h)POg1xmrJeC4c>tLu9>I}r2+y6v?$cXtXc z={jAje;Zqm&`vTmvGm>;h}w;L{_fD$#}Y4Nfq%K2)YCg#^FZhTooH8V%6dpyN=Yf` z^JI%2Gx~oI?qwbfN9{$`}7N7d^0F9bL^(Bk4y zA0!@3x7=svahz0fBm7))jAqM)fM zw6yQWF=1gsK?Yh$R@S#SiB7qN;);rd`~@qCtVwU-^fNX#Hn|Kg zC(zV|JP!}izyFNmS+6T9DqvdAie^B>V?d!s1X$a&8s# zaaG3VT%$RVAnB(Hdi(lnhORy^D>pAU2e;3ATL&5oFD@=ZW;`%7M16L7;02zA?4gA1 z!^wS~ZY0uZHz9;G<3)gGg1lBDOF}{6g6M%#U>8O!%q0TqQi|C(dcTNU3%Cix36PVkuXAygQr z_3pPNobx0sImfvV8eO`wbQtl`neY}#&tU6L_fs(bno#Yon^r>v;iiB10inC%q_a)b zmY=~H6}>WZf>TboCS+T3fwG=yz|2uoI!~1XJc^)YUAFbLp;SKD;iLXc^)l=F21cm+ zbE}sUwzB7Ow#%_X5+hq+n0b8R#kcJJk>p2BJ~U(`wfmD?_Kzdi^wsukky3SgqA-Pm z=#;1nx!^I=i+FbWc{;K&@XN{rdrt_Jt`oNl-*#gZ-|d%L^`)0IcRvO88<_hFt= z(YKH!*-3Zure<^lbJHy{>V4GC!N~|#gp}~w%g}#nnM0&B0ye{N&jVr-oAf(Z>2R3Y zD53-@XOh1!`1%;;^LQuFC@g(a&ME3^b*$$Rv%-Rqg!&!E7!}-d$! Date: Thu, 23 Mar 2017 17:18:34 -0700 Subject: [PATCH 61/62] update note style --- ...-onboarding-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 3a2b9f8868..9cd5cc6d34 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -133,8 +133,8 @@ If the deployment tools used does not indicate an error in the onboarding proces 2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**. - > [!NOTE] - > SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. + NOTE: + SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. 3. Select **Operational** to load the log. From 426357c3e2f934c5339e5c7684b3f87433b692ae Mon Sep 17 00:00:00 2001 From: Joey Caparas Date: Thu, 23 Mar 2017 17:22:30 -0700 Subject: [PATCH 62/62] revert --- ...-onboarding-windows-defender-advanced-threat-protection.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md index 9cd5cc6d34..3a2b9f8868 100644 --- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md +++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md @@ -133,8 +133,8 @@ If the deployment tools used does not indicate an error in the onboarding proces 2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**. - NOTE: - SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. + > [!NOTE] + > SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP. 3. Select **Operational** to load the log.