From f72319bdb18eda7d57cb4f4137fcb2f2c9ad14d9 Mon Sep 17 00:00:00 2001 From: Aaron Czechowski Date: Tue, 24 May 2022 10:54:24 -0700 Subject: [PATCH] general review, update image --- windows/client-management/mdm/config-lock.md | 69 +++++++++--------- .../images/configlock-mem-firmwareprotect.png | Bin 14066 -> 20672 bytes 2 files changed, 33 insertions(+), 36 deletions(-) diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md index be7b22d518..a2167e456e 100644 --- a/windows/client-management/mdm/config-lock.md +++ b/windows/client-management/mdm/config-lock.md @@ -1,93 +1,90 @@ --- -title: Secured-Core Configuration Lock -description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. +title: Secured-core configuration lock +description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. manager: dansimp -keywords: mdm,management,administrator,config lock ms.author: v-lsaldanha ms.topic: article ms.prod: w11 ms.technology: windows author: lovina-saldanha -ms.date: 03/14/2022 +ms.date: 05/24/2022 --- -# Secured-Core PC Configuration Lock +# Secured-core PC configuration lock **Applies to** -- Windows 11 +- Windows 11 -In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with Config Lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds. +In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds. -Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC. +Secured-core configuration lock (config lock) is a new [secured-core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC. -To summarize, Config Lock: +To summarize, config lock: -- Enables IT to “lock” Secured-Core PC features when managed through MDM +- Enables IT to "lock" secured-core PC features when managed through MDM - Detects drift remediates within seconds -- DOES NOT prevent malicious attacks +- Doesn't prevent malicious attacks ## Configuration Flow -After a Secured-Core PC reaches the desktop, Config Lock will prevent configuration drift by detecting if the device is a Secured-Core PC or not. When the device isn't a Secured-Core PC, the lock won't apply. If the device is a Secured-Core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies). +After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies). ## System Requirements -Config Lock will be available for all Windows Professional and Enterprise Editions running on [Secured-Core PCs](/windows-hardware/design/device-experiences/oem-highly-secure). +Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure). -## Enabling Config Lock using Microsoft Intune +## Enabling config lock using Microsoft Intune -Config Lock isn't enabled by default (or turned on by the OS during boot). Rather, an IT Admin must intentionally turn it on. - -The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows: +Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on. -1. Ensure that the device to turn on Config Lock is enrolled in Microsoft Intune. +The steps to turn on config lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows: + +1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune. 1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**. 1. Select the following and press **Create**: - **Platform**: Windows 10 and later - **Profile type**: Templates - **Template name**: Custom - :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates"::: + :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates."::: 1. Name your profile. -1. When you reach the Configuration Settings step, select “Add” and add the following information: +1. When you reach the Configuration Settings step, select "Add" and add the following information: - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock - **Data type**: Integer - **Value**: 1
- To turn off Config Lock, change the value to 0. + To turn off config lock, change the value to 0. - :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1"::: + :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn on config lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1."::: -1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”. +1. Select the devices to turn on config lock. If you're using a test tenant, you can select "+ Add all devices". 1. You'll not need to set any applicability rules for test purposes. -1. Review the Configuration and select “Create” if everything is correct. -1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled. +1. Review the Configuration and select "Create" if everything is correct. +1. After the device syncs with the Microsoft Intune server, you can confirm if the config lock was successfully enabled. - :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied"::: + :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the config lock device configuration profile, showing one device has succeeded in having this profile applied."::: - :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending"::: + :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the config lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending."::: -## Configuring Secured-Core PC features +## Configuring secured-core PC features -Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured. IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune. +Config lock is designed to ensure that a secured-core PC isn't unintentionally misconfigured. You keep the ability to enable or disable SCPC features, for example, firmware protection. You can make these changes with group policies or MDM services like Microsoft Intune. + +:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off."::: -:::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off"::: - ## FAQ -**Can an IT admins disable Config Lock ?**
- Yes. IT admins can use MDM to turn off Config Lock completely or put it in temporary unlock mode for helpdesk activities.
+- Can I disable config lock? Yes. You can use MDM to turn off config lock completely or put it in temporary unlock mode for helpdesk activities. ### List of locked policies |**CSPs** | |-----| -|[BitLocker ](bitlocker-csp.md) | +|[BitLocker](bitlocker-csp.md) | |[PassportForWork](passportforwork-csp.md) | |[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md) | -|[ApplicationControl](applicationcontrol-csp.md) - +|[ApplicationControl](applicationcontrol-csp.md) |**MDM policies** | **Supported by Group Policy** | |-----|-----| diff --git a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png index 1e315bc4b1328c55718d5ff483ec932cd3b75c5c..d134a5fcb25b113909636626189bd1b47e41cfeb 100644 GIT binary patch literal 20672 zcmcG$c|4SF{O_OTLmQHctYufS%Qi!jEyfZ>SxaKF$6$t`QXyNGkX@J|d-h>0+4q{k z$X<+P#ySkfdTyU{&g1v}Js!XFJKu92=lqe9xo6z>eO=f4{d&Eg*Bx$Rq|0)a`|PPx zr&#p$?makliazqxDLRAGOu+wG-=5S3{-X1KpnLaJ$pG&X@C~DrCPeepsq&a}2T%V2 zzCYus_t^W?DZURUf9Pz!a=bZp%H*N`Jxz0e+m%V?QQ?Q_yZhW1OzeMN*SpYtTKqou z54#y@y(^xYE$oKNm(4wG-rj$}=|iNSE%}2G3Aea#N&m+~xv+~#m9J07F*7D*35Q-2 zR6X7aKn1U*)u8r#c2cMR?87q<-|8_K(vS+;=y1<`QUBq?eiDzceq653W>rU=u>J!f z1|9u4;mcQL?#BriI5#UsR=j|#UwPo9I4F|34FaF zXP*GPODr95NZiNsTq62$=Fgk|{|`yIKsQ@Ou(g6@s$)}R9duki=Ch?WK}9mCB^FUL$Tk!Eo20g zQ18d(4s;w!EcM?WFB)^NU%`=E*)%{=dF66b#>7Ni&A5Ag-V_2s+8J{x9WmFBQ{@>p z!)@_Dn?~*wZ%=p+ZehCTy5kFBBahKkBkllet$;q+PV-QHgfnctg}DY5Ex>8xV@fSO z-YXq`Sy=qY=2f>yaY39gi&2~FQ$qxo#S>`WkoTy&jOCEOH}SJYG}%CKwPACB)WR&_ zij5bB`qM1={=?0=%NRMK*k9*UB2?(`B*;l|&~?JIl?AWxVftWR399;xd(+eV)O7y> z5q4-Q)DT0J_lz11+Fwy3^#3C%KmP}&7MKaQ)KQC&ZuCzHT_6%I#qg9Znf1o4umq6X zjH$N3(R%1UdYHg4Ps1fODqIVGHqN{c>O-iS4BAzvSAM3HCCRasgCX!vN{aiHaH@Y|s-MlGT`tmshB!ZT9e1UIH1s+3oD3bpKxbvK2~BWt zFW#8n@5V6*;#`wi)vKhB+ig#mf^tF2GaO>T)rxs)<8C!J<7=`}gUJg&&PgxZ>7F+R zQ_WolRLD+^1!id0WN86bjf3?qtfdED#<3@Xu9peF8@Z-bcep*i-_%674P*@X{jET~*}7dfpW?E&@bpXU09RMc#8sy>SptaG?9_)Z1o5R)lCmdN5fa`$ zWBg3&r3+d`XoVs2bEWb21**aa_r}5I+eF%Lcl*b6$pe0=K4yblDcjm}P*Pj?-iCSydOouBk%BOk$IJ4CJP(!?9&!G`??YgD?lRkN1xE^^i zx<{U2a>zjLOe#Ux8k|&HoZ}Db&%^IS<+5o!rlF+)8`d{>n;2 z!$CbENuX0g#+%nZ64;&NGf-Pe3V9(b{YkCWL`@xVn3lBT0Oi@^T(BMgc>e;tj?g4< zA10HuVBF{yDKvQ=qH#mdI8b9m`{!lKs7nEIj<7jMIc-JrfXj`(F2`>#Q0_Ejj5I_V zjK?x}#^r8^jV*G`7u4s{#3I}iGB#`5E*j)|O}8|y1olcd1(JuGo22IIk<80md!)ir zqghWHF$uk~TEAxN_PtwliRzeSli2a6gU7>gw(<3|whV3BMoe%6^`-klW^fR91xqX& zWNIVYuhRBmlv1)!&en{tYvnJUVvC2cok_nM+x}wnd9RQ&N-+u5%zYdsO-Fkpg{!e_ z$T#K)Y%8l;u9sT5Tg?>0gMNn={ta#ndtt$y4Bt@i+t(QJJ1X?RP6z?1Hr}*GK-M$pMo#s$ugV1)x`CNWNp?z zEUjO~C=7%osjjLLS)Z)R5u+cjJ{KwWN^%u*DXDuw9-jDn{GRMLHWJ#eG!5zx1x~Ax z`b}w)QRMnD+nhC8E{567k0;PLT~#q^^G=BsT>X;V>RE+M_H zfLmxtYGMc6;}PQ*wUtUU?gdLGy1#J-Qjb?^XQL(VfR1)&@vm~63VHJE-@y!pClldH z8W%3KIPrJET;}_}6kBM;?-WJ9rxNU%sNa^OJOUlKV-|v&Vue`*1SY_Jr@Ky{_iANP z%JoWfkG#h2b$@laV$jGT!_BYvR!uH}$D_fEo0(n(aq-NBmRE~;*!3Uh3W2L4`cGto zz_-)M+mn9N9U0T8Y%}9Oo?$c3%T_Vul99sir<0lStw}q{ru-22LxGf|&AK56C2q`$ z&EaO|aaxBdK}3J^HbV#dg*Q*rK17pSDK6tvJB>SevYLW#?lYbZtO-h?rg;zOZ+c-U z+v6U_gn7Qe^%m$=M%Py4+0FS>4|goLN;>~hKXm7(8{1Pp+IwGgC0WpZp=luWZ$`i> z6iea*`#Su>@1vBk5>fRl#Ybz$M{5fF(%}8L+*rqEWqS3kY_>cv>%xwL7jKgg9@dPB zTX#Aja#rqjj@%1^>vKMi_2eJ?LA!rO3R@z`(r40`_C2H~Nkj3zE&p)ldYLuCT!6J7 z;(&Oe_RmwAMp=UUh;yid&TDSyns(!Wz`+c2u|y1bbPV;-|XBLn!B#XYup268^Izd`t6)?zomIK0eE!ddCZ8 zZQHzv#cU{u>zE>a9M>^-Y|%*hyoEVK;~wWx5~(sf+o$rG4QG26bGnw~*sVJIA>JWc z<;73helr7Gr7iV?T1Cz>8)&`x*=s&{`+>#9ujr_&cyc5{|=5>K-(y%Em8 zZttv$ZRnM%&y~e$@D}Cl#Du865q;ytyBzu!CV<@fwWJ8vJ6MoLe-QEyqk4gf!0lF> zsob#tr{WbY*xy(BxZk3Oyi3!8xuAtR3OM70lA=y*;MGEjymj$YU^)ko`zwMO47oovaUo9wdrUJD#Ebwz6Fz@@v zr(>1SC^n9TeR#SvcUR4xAAEWXyT^cYK-438w-b8aXPa+Nj#LFU`a)xcqtcyo9Lhqy z-p%=`c2<3aPzL{wb&5`e;W))v{EhfazjQchVdIrMSroU-y*?`13GBVCB)#J>%3p0d zK04y@V+t`V+j?Fe-FPZj5jH@n3#s*aS<9)*2Q$Y!4ufg4U9*&?O>+w8fh3D#2KVSw z>nIvcYTSLD-z`PQ<2-oCqAZf3Q}w7RmBvAaiEf6*%m|9;G-;X$1`orL&yd)uX01Wx z-co|%d5hl$aiSUeNQPJkIkl_=9VP;`edz@`1!yBUgB4;cLjO~}wLqZ|(3R5#7DWSX zH{#j#)=#ZrrN)gY60nXM zTwbgCn`q@;z^b~KMLJvy4(1jetJXL^*c{&I6tG*VTgZ?&%-kD7KgoT@ep7epIDS7@yL!=g3khP)>3 z$jrT(P74!?&X;Q3{reJ29WfX$1G>i=b#^#k)NKY$#WmXHfgqVU%OhuAaUFW7SWH*p z?)4vc)Hq=NxtqonQ4hgiA#+)!;ZH$)O$BOpd$^Gx!wD*vkqYpX5Ads)VT^{rBW@*E#l#Z4-`&Tlf zP=a0XAzdp28|ahoHP%{Q|Ii%S7gr_ys)ipGHtx1dqulI&E>na`J%C^QNG{8EGsEsr z&2&(J%RuZ#Y)oLTD!HiQ$(kr@kT7x&pJ@cYXG?@#H4PoF65_UXFpW`8{HZhPJMLC2 z!M)aj-$<>dzUQ>nYZ2@;kJeB1XoQo^p7zn}aQpb+^VeNYYR1y>fXgJH8j?HCNjG?M zvnADFSKK7*yF)XN4;F@-4#%7F7^LZrj`r6y=CU@VgJ}lb($%BSphdqI`GiKZWA}jW zWx|f>M5W;Ofy+F|R7BTuO(V{EdFk@ZskRF=&NaW$r=c%X-KwETgSdJBrMx7Zf2{Tu zeTROxlV8P;HHi1xnS1vIDLeKmw^2svDXa~=o?ctObkXG>2rNnypE?dO#3aAyos8;C zD{Jqzm~LRL7Nwq5pqk6L0dg(GajGQ%PpufHQbZs>&A#Q`Xi|QbXIe&_yr=;Tv-Q07AyFH(KHQ zQE~Oy%R8S85vR+@e=Du0^))~yS+e+Dzqd`U@1P1?-TUcP^?$>-Fu2kZUBxddv zq0cby*EAij0F|N#of(7(w&ghQSv(6U){$TmAN9K$Fstye*tzS|Pmg@j7&1}o@vF&k zp%~DE^jAF+-ovscNsCL-uf7`U6LdB9e$hGJS8tQsJ*b~Pbbn%um-9Al+!9Ts=aFiA zp_bZnYEA&ns4oC^Su_`L5cpO|2zTGivb~+)v>Xyk7>W=l?@Hnx_Molju3}5EOhX%! z4XebIvCFuCNf_Z_l8x{0*A2P6zP}xlp7B?@STUJ#rp_(7)%1;WYGp7RYaIH(#-Qjt zWJ#mOs~Z~AH8~T0z;Rou=l#HE^LzutMG~FIOXlDNgVeN$+c8Lq>5=AFsnHI()TE{Z z$KZP2mCk#kD<*nYWco1y34GQff9dvbI8otE%iz@_3b&S#c7l>lMa7{Bqbv7 zV>Mc;MC@q5uQ7gX6XkX;J$gEuu$K_AjX47)`D(mqbdR3pD&F?W7ljDkOLI7C%npv& zj1tgyO7qg;jyJWA(Pa~S(|-5dtpwCUmpHf64LQy(Td(%Z!$6g`Dy|xNQmisB=@A3o z)|+kiYodHE&Ao5<#9`5J>Mm(dAse6K2W<{D2HL+tWV0z#7 zo6>S7R?sF!88wa6;zMHMEHghW+4m;pjhx8(SB?+9DX*e@BUOKu@M4N1 z7R`M{e%WrOcd>1Q>2sTosHFv~!}yCZ#gh@;;q{UDYx|Qxg29|_mO7GbHGLlzvVBHN zB`AlmXWqGO!oS(CWY;s;a8x!8s}QItagUkhirV&44x|>^xnWa6+}jl*6Vv^sR9I>O z*@-864}z7jrDT_)7u1KjkL8^P(qMp~QyfT@mhMZI6@rXAWg>wey&V}+vE+aD*vbqeo^Q*=1x``Oa-x}kgNiy3~VIBX{kM7JElQ2j365qX`lD+CQ#IB z6&<7X9LyfeB9%#|wgUH8lm#_XDTPVMtY~WWxKU!KlcYwQZ`qnsag5J8yb&By5Ru+f zk`6+`3?m%pp%TNxh_Qm34W(;4VXE;2u_^gE%q_nT><~K6ceArv-e)X^40W_cZNhDJ zXmYyWki4w$z%H5j!KcC>7c9<94#4i=eUKdGexyewIRV^h9rFZ38$4xuDqyV+h1cpR zy%qFc5w?jZLiSX&yGq5@Bf_9mMCobz?6(o(15&JAGLjy5MT70UF{}O9mLsTF2g_fmk z4`=gs>V8M^o^jxpiMzUd$2Ac9Ry%}S%|Y7o%6me86|b|Bw9QzSRsETzm~=(@cxP+n z83Io-Zz^Ugp`c4dFSG~s0&&_A!Dta;xlAM#;} zV?;vw8H{3wH?IZTHKAC&b^@_!0aU=XL?I;wl5g{#{#3gi{{8P3KRRa&YB3Fz()wTK zI$_B20#?uThc?Sfkj(eHk@y#ri&gy8vFIB4A>?a(%*>Wc^tIPWg=#Smw(*sHFUhMV z7|R=(szHoC_wDdY@NGW&%ROJEw*QD_2FgV}cAxXhAT&6sJiJH)x8N1My!~86DP?ezecfO;td;3=5x57On)0XthbN-jf4&Aomwq~QiuGGFA|0(SN%dwqV%ZqSX^E^rcSriE~Wp#Bi z`yxA}_|NDs9v1T5Rh25-$TpvgI4 z-cqLcMsa5PN!0g`*VmR@&z3>!lShVJ63KZJofsSL-a~)M$cWeMUSnVIKNb3x`wj$` zheRgd)&E`}b%@E^Fu8C#d&@u}sJyi7$5|-vsO+N1UsG1|CpY}8Q`yIdC89RqN`$dU z1_FS5pQtU75IQDyHw`&Q{Mp72m&;b|%6$=;@3%c4w>SA-8&MZfbZoP+GL;iAN2LbnF|8jtJi77AcikpP+W=k;**Nm`Bo1I469O%{3vEL%6CP7!t*D@L*rR+A;qKWZik(fPdGn6E!X@e*S0%ArOc$| z3={40nE7@8d{IsF3EGGJYjysanXG?RxhoBX@UqEx3YExmWhu++&zCP7=VXuDI|lgB zFKb2fqu2Zbdc+WYi|wv2e_D2$)ZC;$|8^Py&O%4K6-DSouegjQ8bv*+Q3j9rWc>lN zMQ9(o59{&3-XlhRkR~-$S%t$V{KcTf%dl91lms4F<>VWgrVWXEciQ^z!80~hx3SiJ z0>?ytOQ(8j;(3&mZ%8E}Nq6rwqjD__KhCzTJHHSB@k{BD>pn(h#Q(|vx5^-P5R=Sf z*&HENl`1LLD=RmN?bU>FmyydWhBiJ^3d0W- zR*r|{M><7>CerTO{6#8ZZtZORl!}`33T(KFXZBk&4KNYoEXUWkO=@iX{9_GTj>Biu zv~H#*c50czEk)Vta^D=!3LGb|+RtA90$NVec}rYiBf27-71g#=0gdc~9M$HuF+cpn z7Ocl|kwDov^&sf?1(|j&y@G2X#0-!-LdZ_(fk`lmr|nU!pw!61T}%GaZs{^mRNvtD zf@OFt-J*hX}a#gPo8N_<)vAH(O)C8g>VTY5uw#~M0FSuJLol2k8YmoP}_UB z*Lp&mW>S(jNupE=XVb3snDnls^rjJ9CK&@P^B6!tp(#X!Vxk|Qr%)91d3dwekqprY z-VZgaPC86kiMTD2s1Fwa%xZ5i7rd5aTC<|8r{UOwfLe50t%@Tj$+iT%y2%eJ-a0~e z+^~MyhsGTIwOMQ8O#bF8k$zCvm(WlF*pMlMJ7}p&>Z{rBDynOMo@s3RE%PVZSsw@Q`BkQ#wg+t3vqYS1$hHXaQ7RFVfN+~=->7dC$X*a zThIwzvGxB`nNz_*;K}ZqL%gZB;wSvr@bP&oZj^3vRUCwnS_;qp4!faj0*7+tUjo&o z-|zeGY*@E1#rEOvndJkavn))T-yLva6%eZ34sQdOa+xmo8CK=?)&r_Nd*0dBXie3} ztYp!jvjtR%*9z5H)^r7s@9eTy#l!2lrAvc9}sWH$q@|?&=`HrAL1L`rzs3FZz;y zWjYNR;3mvj7lF0owrAJ4CFQyuC$XDt7)5-*>dHZwobUYR*D%XBTnWYR^(yI_7+#1O z4BD<>=utdR+>Np&o2dbTWXs-F3^+RG#lG?->T556zv) zbW!K&=@A=e9*rGZd{-#VKTg`J#e6V*;IZ2dDeEeA57CA`|K)wp_-PPd&DN8r&EgPy zEx2t#?v$t5S!@K=fG3wg&!7W+n{5&6lCqmBzbd})ci*<8HEsx8vgr^!`{dy^*d648 zaW_jL0Bi`yc_p9qMG1b3mUJ>z4K2cwSy+O(vEq^TaX#}|?SU5J76ru#pb9KA5NUu4 zA%*`>d5{f7asGR~$6p6-{(U;a2HrAp`6#T;k>Hw+kSY4nw}`P9;r8ew+oUNblO2%mYBFjBt!z4wvdG}3Pml$aD8`r4r< zL1IZwc{WlWw>xZMS3CeHoR=qY8u??Y;pmYTtBUYHlC>A6`5kW=+f-0O(AKxH81!)*aKAN0?y+>nOa14{404YtIMxR;_ME>1i9S4Im8LSKlyR7h4;_m zcX=xxk5?k@<#QM%kaqrUE1DbscDa%1#4T;y1;shV;hD<>jxFZ4{~9K6MXMs zxE7w#s12GKet>r#^Tf<4f+#!Gn?aOGZ(xxPMyfq_PtXLrnU0v=mfQiHRHIUFLx;va zfOv8qt8M^|eSQiC11Aeof6hg9;W{BBh78&YTKATow?XBM7+&3ono2?8ozj?4V&}J9 zhc_MvosC(;yD%WU7rnZF$-h%uYmkp3v#RgT)Zv=tEU%#Nr}A@6`e0HjaatWtknzFl z@BL}Eu86V|%V-jz$kTg`#eSbcjhz}D*k5bXh#Jo}wDd4j4;AO2R2?03blFu$WvG7= zn_~f&Q4d}OQG6;DK5N_8`vI2yNd0eR76IkFw1soM*9W`hnSPo@A`Y{aVg|e95g)v_ zWaPjkiQc@0+GqoX<^qyv9zsWDSR=wMN9jpiu6rb+nTr{06#5yox0ti^S~ts-?b%() zSpa4;oSjHp+^Uod!@3soylnIqlX=m@%uQ*u= z)e5qaQr`BpU$K&mQaT|#2HJ0X?^V5nT|8JHO+n3Y!oMhlQ#&!I!1qAL_1;RF&7 zkbJ--gQtCLUd+MM9*Btxtw*})Feaqk78_J{ttV*e0iYpOIMvLiZSd+qdGdyg!yX z=S>EL-T~3JJso^JRM?>igPX7~{XwXdEEKX$+=+|0lR;kZ7;|Psv-{{~XdAl(*$}Zi zQ>h)lW>f7v^kurK*>f67>usQ|j-&+A)s`1#j}<5H01%~G4!;aeYnVl9AX5*6l(MfG z*BD!b{bjY|5933xs@yU<#Q}~s72PsoZ>!|_>Zg?PW%r4uv7n&I!HP$4D&=E?jYE_o zPQiUZGYvBkAbq^4aV$^0y9z{u!zZTs7H8;|%)B4c?`dYT6hU}v% z`8FD5)^UU!BkG*F8@AP%e;h*I#iM0RFk?2jcZO5vVKbCpZ%l#yWA%bG))Txy90 zFNEC$=w@t1CoQ3QpK-~$0}6l2r8h6W1qEGTKi^TXaKL?+BmoWsy$ro3b9Bt@b?Z5P ziD;xGsThv9f=vfHlXl?#0<+JB8}HKorb3Edp0%-ltucV~=Wlj5^>q|J*NYQ2p{@Er zkOgKqD{u5?9(-41YxmQ<@3=tk+yLR%B~3%Asm>^QSE2D9pAwIvoJb1Ki_?jtkBr<1 zA%?(}Bfwb(@8=#!)y}-VbU>uDPfJt>f>@j~o9OuA9YGCa05%$_Uu{qSnP6rsnr*w| zKWKxe9va380~4oapFu5UpDV08Xrr?JJUJ=k zniA7Yeoiz=)sjaN5w%FXjx5T2L&%L7B*i?Jc)C9ut3cac=oJ>{>BqlkJY#pfN5JoO zTjB27dLIhz>ZV^%>ijeS(%79sYaA|-4D9wExD5QJd*OO>{OUN+Ue_gO?qA)%pKy}_Zamp5P}sT;fG1MmZGfc3n6h!T zyxCHlrWu`$R7Q64Wlz9+mq;MxKi7J+k9l{Mf6B3KQurEsA>34_z9`1kxcTq}ka0|g zChkIDRb`$U?RyYjm&{J z4`gycoqsWp0pe8Y#jyyO-7_URgOe4NL#+u1dRB+xBRiY}?qA$Fy!HPBaaO|W#R)@C zc_3nexoZ5ML!JMJ7{&ilp!)yHrwnM70LUx}0OO!oy#I^G&`L0nGZzd@zUsYIEJ5lx zi7H7>8vBoXG?uDdA56=*Z1*;DR_xim-V2kGa ztMwi(-xStT6~ZrgMVqcXJt6hXF0_|c#r@k#cS@_loPgHYkoh%Wpj18qIsz-R;i%YU zFO|PxLf=lZo+kh@@ePRA3&#L1`c@&~bdY4EHqUk&hjFgJC)mxRvb*2B3yZ5$TAs0u z`jwx=s^wcx6ak`K;W;y(j|l?#H(cydyqGaiN zMHK`0XW5X8T2M)dIbi?V;rz?nuNXM!$BBM3ZCY{!&;ot5_JGPlTAh^OJV6!LYfyIAT<`o&VjE(0YT zpU=2iGwEw}4B?(r9LM{d(XT*n2tJ@BQ1N)IyYwcIvC|})z6iMDft#0F z5^;E90Xp z`TRH|mg`6yA5`z`zXK0?kg+U(eR>3;UKR~ZhO(w&y54DEy8x3U19i(J(W~ewk6v(T z68ops6K$s<-F(}%`uB?hZ_(+d(Cu@MfPpv@y_TMs)x{oxVQ_+-S$Qyyp?vWo6DCKSzJguhFLimzt&}6}M$T$;aompd7lL{aZ=ex8hfq-jvUrobO)Neh`om-8Yk)C6| z9;iRxPSi<3(fy+>v_{^m$IoN6A3XkqKA}#lP9&Ssq>tHInNi!f*}DAj+~ECgEp;cF zOL5gB7bwGKa>x&W3z#~hEX+V=m4M9zBNLMzttV;_K%6`bdeJR&Sr~x8MO_~me5J<$ z?|U`M)U(vMziQw(IWT>Ew3DDSzi_RGF191tvBHRZ0redNEK`N!9!+56TByds)BBv% zk69TQURc0?mz|Z!1QA--&It!wX#-@jKHr*h;Q*0g02M8LW(TCG3lD-$2nL32K3-t+ z3e*r>l*9miQ3psxXpb@dC6unZF1T^=Ys5ET1~Ij#sH41)jn8c3CscMB%^963eG-Ymx*sPon)N zFZu@MB=%31tpcnAPtL#wk|e%a1k`{6$!F8gGj3Ineyy7O%``snfb&cnWlzVX<+h1& zSFi8xGC&U-jhA(cruIE-oZCME9TGwXj(0opm9~^y(^Dth3z09gLTU^Y#I+vs_Pc0l ze$yPEn_tE@Q0Zkww%;@qha+FFm1Pn;KOx4uFkcU66{+#taY!`JP&go@pWm@HnQ9P| zCb@0f6O7eOH7FQ%a=u5-{4Kjfl7&_2e3q3gOHP5ba#|HIN6@msW}nQhMvqRzHTF$j zpqf;?7)bk_qB%yLqU26sk0FP{nB^WlYYDuBWL5btVmIOe@Po~K6Kv!HQ zcnF_8%%a!IfuLswj7)7F!LN#}124Kc`N zAgFMGq~|2uR?q1ykEYQgD}U8bMgbG3l9FP(z9(Ti)SJbr<>myKL_5{{V!;Q1hWBJ5HH3i*j22v0x>yr@y1V=Qo;w>b6f?1=Ds(O)1_GoQ7*dl zpA!f3+o&J87u|K0Sj?23!6(B)ZlQ0c4)L(hjSoE!VYv;U-h8iJibt2oQ4(|_y?-t_ zoMCZAgU+Wloia)}+sQ3ZCNwSM-*Js?LvBB92)a!5E_GFm!idjv^ z*Yx5DOqZfpc2MF!A;n_AUJ`5a@Ez-%zKzf|)0nHL`PB}UBb%!yUugwSZOuN<#}sgw zq9%_%6-4-SRz*WXY^^#J>~l@gVrQwg98%%}gSJ2k2KEKD-`+SEbEv~xVzuF6k zyBqA-@GWkW($T3!?U*dNHOSxQ`)lVNwfMa@Pk|!^_D4Ha`Sr*^Y5H>k{5}2r3yrns zWmJT4WThQs~%x*oo5{3BNF| zZ!(rJD4T$oR`j@ve_by87WKf-FHI*bi(?HzsDDzbbHy+DYZ8-Eb@Y)7#>X z6s;CwJF9ZX`{((zDWN;_&E3=p-iA#?H`E#BRct>O?7v*z`J@zscTr*cC#GL>xhehL z*xvvMQ+=O%P138om42X*0)7xp#L z2>whzZ^-k~uf;cq!^QE+tXns#;}07oG99|cS^CF2+?sbsY8n-z&LoT-j?Hc`hnaEL zp_npU_CB18$1t9t|xaJ%H!DhvG&W@kw584$%w`@o&B?<%L+r+xFJ+tZY+j zW4{LJ{V+ zwqCj^QJVWR-bl@@+0Vbf)iLxO=WvBPB9%mUP0a!y;{01QNO2R6heB|pL*AD;Z+k-? zTc4g{VO=aLwc(#%%kdJmfk3$i?CY%<+g-KH_(KBwc)n)?{|Xtc9M~N``k>TsJxc6* zt^T#ucahDETOUoD&V1-fMU-7&jss;D7~|2##?xf&QsM;5HWh(%`t8LYT*GXN>o^E3 zU1Ht06a}k8!1@rZ3D(_X;=En}!5oNb!rcdM*q_|u98ecWP@1O}Gkjow!jr%e^qNqk zq{{tQr`-3iF-N`=752SPdF0+H)d^>^c)Ty{?e|>6S=ODFkC@J&N%KJx8D*W)qqF%z z7Vha+GO1-+-gBccHN)%i6lh)IXfoWvZn79470seyW*uOgqdXaKR&Z z-|8io|266356ze|-PVx$O=$YM%#czOtslyF{=`##AOsn+;Ftk%IMN-PXb-)6tAGq3`8C2OLRkG4kv%@rJiE+yT0%{=)Xgb>ze zX4aXXT~)<(Y+o>!5nzGqFa2p2C&J8ZW}bGsDrK6MOwj44=xNZjRcG(qPImJL_A{DI z$*~diWar-uTjzB4^TMxgl(~`wTQq}ogVpjHoO_r@G-LQRbSR-OLQw~2^46*inBf}{ zb_ZYgfXyPAlw8|2AWx0uzZ-cHj~=p}Vp2k^E3@=`nBpRF!4IPS8gdW-|D1{Y;$bDR zvY3}Hbi>r6}BQ_fIHWm%vZa zpG^10n{%xH{vm`E6A~OGV|=6FXGnkmHU9G5mj8!g-TD??b&U;}%TR4xVvq@s`ff{k zM?481)5zJBMUmo(-YF!u)^( zD??tbE;Dz%udM9~5LYU*Ukv$mEMMYBh(mWvM0)($erYkp@6&026YfVxY^pfwv7Nr0 zuJhh39F+R;&MCOo?c@%YWkb;AkJhkh=K*Qs1Ej4~G=6aNJ)LFV`t{luN zzUwHaWV?ptFbMPZPj}=&1f7~R%agh5$9q3Y2T$VBLl%cdFyq-dzRg#A>8HX!D9^j0 z&2r3p$SBMm%wy>&c@28OL*BO2J^GwcPKz*}F5|?0P@jRyC%YjPgnU zRU*TE_^$-EbXKlBWZu@~16Adp<(ZzH4u=7NPSDsRTOUU2u_kZn0fb5ugw~Os+^2OI zC2DzHp%^R=$3Pi$%&rxYp)r9)D!mxqiqc8z1AebK|cVpye9!( z6tQP?feI-$4l{HB zJHL$Ajb3PsTE&T?PP?Wa8Qa7SVfTXdW5!)ho}Qqf&h_u382(=mS@>TK*Z)&{$o@}0 z(&7J#19|d9ivM;Q{^PSC3~hGylfHQesa0SOHKvM37DR%;7+wmT$h@?>h|F*XcGqy0s?(U2XZ9u~L)MpXUoMVXd7BCxtKAxk0{gB?iyZ51*-*v|6d1pBuRZ_-^4I z*8fBXA9ogA5rW(5RwD~MvF?giwQR72S2cDwQcH5m^=WTns5i%Du*U0(AOtji& zO1(~X&EaO{6aY*>tO3HKZ#C}dhqm#6e2d_~@#N;PMKBFLq6WM@yfc|G(z>Fn|JG)T zQ0cA%><@Ub=H#$`9v!g#oV#<0RhmV)Tbg^)$%#hpDMqGM=ZU$4_S^P6zExW~#=cz1 zkp%MBl;O8r8J0Yk1latR{6)o_cpw)1EZ3sTRl zsNMQnT4{*&{KCV}T8U7Freov0ES# zWRoo{2{>p#c8CO!kYI%n350+l1PDpyVoyy?*G$#a{F$0x@6Wq+U!8aEIp00s`OX0H z5$c2YZ9&7F7}NlBSTG<^oTF@!gDUAb#`Q&Ur5oj1+{EhG5#;h;m%@&jke?RN`zAx` zP|#w)oCg*nmO7Lww$yJ$El5E5J9l)$AF2>Oe}|NqyL_YcsA{8^H~>8Ay$I%2_Dmon z^APsf#o5wD-R1me8D=E2wds5GIRO~8QnLRCu=4G5m2~s40CVixgque-RtY6VWyIc7*z+542^EfY-g+I7 zcPirLh)s@tt2N(;2;UyZi$QFrsonvC$Fj(`++6P`G~kf- z|5)t#qAfyPHWnv0cvQPIY@{G!7hzMfn+M`c2s12M!M)$U*$H%J+?5w^KvAov zbGN<8%hyvQfE&7WinNWhDMFEUkB1~8Z8q=$@=6a;0VH}MuxVEIz$ufI^alM3Tog=bgNd) zqBcs|9wS45P$YMQP{?Kl<}+HC9|S`c>xGK)Gn=gRpb_7= z(spAe50mMFVJ-6*`vkS2s+6#4_S`oH$u!VMRrVg#FPx{lFEwfH_)b4>#iC@Z4GKD{ z$Qt-Q{*}gPQ*|)jkYyP?!w9d+7!NA{9H<_YZ;@wvPReDvbtDk%ZVYACYlX)qNN4zM znUzDIqf8{oepf9HeNWyto9y_)N!F`?=FiKl=)Za%53B(bgJ!S!GdlA)?>m%E#Os}_ z3edYIC#e2tu<$aZf%BLnTF(MM;@+t+2iq~qT93sDobZh!WqeAc*0nP(0S`>-Ec|H0 zn$`oMW)HYI<+UzKU@pAP*nk)*2S!W@H2OC=;>-es3oHh8JZ$;7r>oW|ENqM38+q;X zKa^De|8s%=l!5Znf9j(IMEE}de}26!o@ z8ZGbQ6WiCL#2xhN5=lXIeT2BW;KWrybKGk--dQ=5U~=Ih zy0oJqyXoBOtr*2#*J|WSwl#eoLJ6+r_nl*T;65?CND5&NrXm|zgO2Ic$CsaIk*sfJ z@5(*bBdF8_mb+~FUT;Ir4>{HT3U6~(Q{mo`=*IOW!(6*S1IpHU$mqq~rbbU>kB&kp zzsz244VB9K2VILdCj3Vg@EE%WrXN5HI01cBwR%&(^q%mwIdN(O9n;?lE0qXx0Dkjo z{as3mmYiIS?-5p1d#@9NK3x=*?oaK=I3FU>weTp4;`K4mbxQR@v?RJ=VP;G`X#F&L z>5Zc+o4irZKr5*qPhM~G3LRcCyVA}t=f9x(EaI!%A~q6-sbUSAZ=F{CQgr21Y#XfG zUrRZyL>6U%H#baKiS4b(B&i{t6Nr5XOd;?%;{6Ym>bkl z1xNl)KS4}%3quvrrDOH-kG|+K*iu`W5TX9(H)hM5ZewdVH1+tHc?1GBiG@!N1fv}MlgG{T(&}kPF>1;hYTriBijvnMcLo=nyLoIl zkqCd6n<-kvB1;wQCR|i-&pt$zsVQ!?LTf6#;Giv5pxLxd|6HW9(~1=%g?#v=g&}Hx zSD=f7Ki&V#dTOh)Q~q|}W^7Wv=LZx>sQtBlGZXa1+a%L3LbJ9P#nZKC9XX@9=p%$E zap2yj#>m__W1`WQ7abDD;D!pm>(kaZwvfR`#f7U~*B#|>0`Q+(oDHZIR+Hn=TIO4R zIbgdFx}a;0q08J15pQ}cu2wcNwMqENpz`J~&-7CR>ZX=5N_o4D!9rS0NB2}G)07z& zKiHF2LT_C8Inpk7UbPvSIY^$*Ex2hszU;3pQ+;jPG~Xvc1)$$@A18usBdVx++-_FG&piFe)PZu6E& zp>;_Q3*hnTC|v6FM|M*}RLf*;fp?CqU5FaoHxs3U>Lh5J_d(U&BV~GHr$6ClIR{u8 zGAK<*#ZN?gJhA51Ooi-SuSsABC%3`cv9`ahAsPPJZ(h*InI?~_ubUH~`1 zwZK*#_c1z*?Q-8k5$E(w{MC$y=``N*(A=}e>n(6M7g=;Bmkv)y_vYzbk-hV-NK+)d z`5M1VKkk-y&DhSlVKe4(|7zEzwuAw_3o)>G%i)#pa~z1oW_lra8FJeE^v4-UtORx@ z>)>1i=86sz7`9|N_@WH{6b$B|J^7Dq(Er6v4aL_E=)VI{*1>+zZ2%sBAKLeao8ohl aLMh4i07^$wP6Sg2zp%aRU|Dt1C;4wA2T|An literal 14066 zcmai5Ra9Hiwrz2Dr?|VjyA?0)uEn8Pp+K=>#T{DQ-QC??gS!QHc&GRNy^r@8BP1Ck zIeVX#C3CGgcesj@3^D=%!iNtZkmY10)joXqr~z6dsF?V4 z1iXQ=5>piW@S!>e@x=rhcn|L+tK<6N0}j={$45CeO7Mpd+@W%kVqZKB&oUof^%va_ zUKL8Ncy^Ot*f}&FA>+c&#+KwVgVfben8(=SxsSG#EC@>v#5-S_CxxmfZf zV3A~n;`GiY1!@_1{YAPF=W8V5!qBs~ z=^#SI;`|^gQf8I$fl3KIMo7 zZ&Cz5K1*^Hgmu7=U(kEb|G+JgfUK6V$H0V+ZMiaQow(GG`WXm5B+%$(iDA}f$TeE+J+AJSd-<87K~|tc5V8~NO_KtD)-i$X|H5Yu%%a26uK7g z$TohRfm-8)vX!O*Ei!=fpf2LXy-3|@?os%B``&4Ahg#}2pNjj8(Pq0O`V`;6Ccd6K zZGAWR@bJ*r*SEX7J2!__Q+S2DtcUp)UHtZ!vy%UMTNR3>eMU&ye*Fp?CptR%=KeM+ z5~-4rWpQzS{)?7twZ7BM;n@)#J+rBpW+hkJE1RI8AU{99<&P`H<#c$GafRTReKF39 ziql3rL--j{cz1!4&NIQBO{p`|#ww`C$7hlI(gQ;wudDWZP-%JT@R)2&Ow6EY^CoGK z!1wRpXPJ||+XayN!QiRBKHfnMY>l^$w~AppFNNG?8c0aUpr9ZL35gtExrYUNN2ZH$ z!HeqbMg&927K#!DL{ywM+xadDU?t-<#Lm|<*GZw|3a4Ua1-UAfrU#9}LfuptklvolQ2c9xp-$rhbNiTa{k zX1+eP`$VRBg~ScF#a8>D)i0WvnjOU^*L68L+Bf-NS^wr}baZqY4JGkA+}SZJYdxvu zm_-uCoqFi$5j;y@6 zl-R7;`1scep9>Y-s>I>3k)cu7DJ2UF3r|m8r8~E8gEW2j_o#UV%M+O*&zFNF_4N(x zP~Bu?JQe=233wuWT+1Mk-|cnj0gFEE(C8p_HIzVYZS5gDBjf2<>bD)!okbppZ|?5v zO8o$t#-VWs>BrH^%ShH~0E_{bBp2f`UMZppEbM>oLMlRTUM{ zdI$(t-@p5cONeg>TpLPT?yn2Tco^k+LGcR+zz?0DpMyY#>UR_r6me%loH00KuWeX& zIl^e;5!}#Jx`_WAfyPs{wR)sza&-^K-urC#;{7rEeQzz;H9$;^QTJdXyVLDR&0X;f z_3e#hGJ`M3EH+kk;~8}Cu-4|hceUsLGA)uR@VZ~`d^_n34-11sMtNMG^h-)jOpH&zZohbsVd-q^o}#9vemmCc zL_vasLqV`ajk9b7y!d@5=56aVl>=DV`O>*E!) zf{(|_epeTH*L8KAkp(xe+Yu}!^rde*#f1on2u;-7)cb|XB0_@f?83r#H_Go6+{{Vw z7ye*jxsH~anrul`1x8vpm z-pQ!T%ggsGmiOnUWFsJZy=?&d4jY1NBnr8_$P{`$*%0h(sTmoyGtz(FtyNZ6SNDG$ zwZhjq75V;j6Gh0gyKT2vktyPz6)@|9B>UbW-HKXXTi`^tN_V zXf$zPoggZGU|?W>e?KWHsiA>;26EZ(m#wH0 zsQ2v)zx2%b{$T|z=ErB)&#n3-emC94ji45JDlmik9itn+_eM$FITx^!GAm`!vlEKV|kk9$)No8liWm}u` z^}bcINPT`m+s#b)))qQKE|2o7SQ647O%eZdMv3>eN*-gtqVgzRmU>8vEkK=4qRd!X&cw$xufU% zbB?cdpRlpNu9Z(W6&Dwi1y}jo+uD-fjeY6N-QTNid8PDHE&aRlwaBn>iQ3bB*u%R2 zODmnH+=VtN5A)dM`*|>~@B^5_D_rrS;~FKrqOR^{<9+9yPeFkfAD#HE*2*u0P@?d09f&5Y^~qb}FUS9SrK)~@pTjcW5I{fdKZ|F@TB*T}2+QY|CDy*)K6cs;j} zEImWtOR31RB3eg#Yhwsz{WhoVJ9+ZRe-v=)6I zwq#h^uMpJPgoPhx3;hX*i7V`9tvjAda&iJ?rSEQUZ_Rx;=JmK7g?rOeQ`tm{u0g}O zGSdZmmwI?5>mkQWo63P&j^1LJn)N|ClV$;HqaTM;b23l7!iBa>wuXm?&%P36``y|2 zSP{}7A|MENx&-fy?4@=19?45tP!;s|55(qpC7-d?935I0+IM(fntsU>VBqHA>Uf=4 z1@daE%j5N*uC9s-rC)G&Gj09s$r%|>D|VIYX7SYqvm6;vWv`pPsPB_N0?eNj_SuQz zd3kx!)Y4Shu}T&O%)J$un!2pV);*%6&(poW)2-XX4!MdvrzU z*fz1Blb46}&DPF#L-_mCePz}SDqKotdTCjS;3Y=BANfh}BvbZdvsW4ax3`xI|M!(; z4y&cMwdFQUBBH&M9iNNy_T|)OW#LDt!G7*27`WP+8unNrDTbQD9xF4Jy>{y?ZK-Sf z{bA{ap0|^W-Nem#0Rb^ga!=i42TAbFcnL-0Myvm%c0ke|mC#U7|M=>FjP(G8o5R-9 zdfKx@8T1`_#xB7!?$q1MTF?I1`@~TN1xA`rALQJPoqqqa{OXPjY2EFMxH=#$v;1*< zVr-@?qi@C)cS6-Z2C0?A$CRCh4bNmYSYJZm_4PXdc}(#(KkYDJa=`W!CsxO zoqlTn+){9ezOkmPQJ~*c+g2CJpIs&&E10pdPCkp z2CqW?<6?bVPP+#O6h3z)pfoFyjoDc)l3CRIC$cK42hpP!hf<{c4} z=Xd}m0|NsO4-X5AGN+NDA#?qA2?@wFM@PrxaY5{&)LkKutGM0ljLoAMi;(^hDj5e6 zYkODKTt3;Qv%AR1$c&6nsN(?OYwD%sptBW7hC zD$fWgM6XoPyu_j_?)n75FppUq`l32u5Te-t zK;-dA?O;Uh zBEt(Plosdr^CB8_bo7G#uiWWe!vM~R-vtm{UdhGTSt83;3b0407<}SD9#t4Tz<75I zo-5G&e+Zu>z+Z3+Hk%8|>&sh9BX&AEKs7aLNZaczEh|Y$nn|?HV~}eAj`*u_>+R3T z$c(kSmrqGkxH_AbMo=x^Zt~-ri;D~C6HJkMD=VAugdcp&oE?kxuVC)^q_p(-T0N#- z-Ky1=T8graF$+ygOL=))4UKu?cAu^)9&T=xmEy(cAI+v|DJr)sh#&(a|1Me~2!nIk zGgX#`AU0{VQX}7`sN1O9nX8$!6#@w5OnzBbySxq93FxebhWhneg7>Pbs-dBwr6p~; z(=!hr0Ixoy%Gqn&y1Top&Ff{)r>}ZqFk#*+!e?pzz(H;=o!mte97PH&9AI^1@xY;? z?5nISFI=8s*5|!&QB+Os>+kpQ@NoVtPE1158;~z`FLNITrR?JBIyw%#TUuLj*NysD%|C~R!0cU^J1N@R zf40!zYKTHYcEu%PBIq3GGM^>Tz=_IRJ;Re*^prX3|6{@$-^V`q(IG9jkCL-#kg}qo zp&~c8wzM_9u_8}{|ZqX7o>sR| zjn5x{E2p?sT$~>2yS>BzUNvQEaQ;yr2}v=g(C9O8frwE64-enR>>3;lq&WfYi>g`RNN^zo$8X7P7n(f@CqDOu_drx@13VwN++% zdUx!R4Xy{fu)YK(Tia*kMOKs>r6OZI^)7s7*BBG!#+PAC`@{1iIVB}(p9pnLadGjU z-rn4t9CHp9IbtR(92|KKN8!?B$8~fCUU8P1s6orm8YDvggt3qS)?Z>x-)VJXYU) zDk=}3r{!9!5eE7rPBu1Se*O@uKRG#q?Bwj!)GJ#f)2gxOofT|bhHbF0p+FN>N?(c>5Ypmp<;-R%kU7!z;`>=~vWkPDqtO=t z2=$GXjS%krk~B0lY|5#r_^PV0Hz_H<(J(R7!ygNaxgLc(+;g`6W4^_`s^bv1Qu%u2)d7<|m#em?#RgNuMeR*;jYzSAyF-Q!GWqUPr2r!T4N3qOT~ zguwf?kdzdOBv8(Q!YBb{u3~I#ZOv+yl917dRSTge9_I*0IndtG;pgTyCUi6%>-Fe` zF`4r1_Igqd26U_8CDnB>40R7n6_x zqvwW_l2VO3G$aHK?Qb_3l%lS#Zi`TSLRv;#4|FO%es3>@l9imeshVZT`r;yuurL`d zD=$kYsUTw{T0%MQd1FI^lytL1Lq$VUxQ&C&#Kf=%@0E5Qyt;J9kNnc2utajwuI$^1 z$wd|}DlUHdma;NInniRR;t(qISoAV|&ciepDk|!z=*SAjN^{FR8XBtV4D^{X@&NIK zvCoqUNlEJuS1>5#tjvceB&0n{bJYe2NJ!!~b+v6ZJqQ{qDq*;hG$y#{#5x;O+S_jA ze2X`A53&_i%cozo0|Ek6(N#@M&dYO|#-*z!#+w_>@Kf;2{+VzNy-|&g#VHrA0H(S*IH1ppOLW^7dHd+aF@>CTBtWup2{M}!Y{*j zcdtP-K|MSUO7=fIJ`@zL;=9^g z7daXa&;<_ttgpXil%uusbtx%mNa`L$bL&ZYczT+jTd=S&$Hv)p#kKsBpp{o>g+`Bw z86Qb#cL=Ojs%N75vB#s+PMM~zsP4=|&(#$ZQXDbztG@ncLoq)mCpfRs*aKs*&O-{i zblf}*14m&~5ic!mQF(h%n}L>*ow5Q=&kiOg$IPsO`Yd#C@SC5XGyElw!@BAD)%8`e zsrKP42YVI5Y8fk0-0snO`vZZ7(083u@8y9}R{>4K1tN9uF8o|5OebCUY*Of^&NKjw z`t$Rt7CRq$bhb~=k8ba;3qh7^_$L@v=+|00s?Dq-2Zm(p2zAqz5)wi#RMAdxI4Mf> zz6-hwS3Ts74m+kfIxMiTA#rhWI%3XoqqK_nvo?#I4b|ir{LYu~#dHlJEz-YsLk3_d z7Z+A=Fg}SJ*K^mSsUcAXg>|Q<>YNV8rcV1n^2aF4=ACaEmT0=zl#E*@G1W~fYvNeu zm(^hf^bZcGsaMsh#+wnM@4RIerqSCDO--rv&8|&JvQkk~)w1$b^Y8K(6k2WXY!|az zBRtc6o5mPq)cEr8=;&xD$d-y_L#(OxZm;(6r_8`Wf2;xneJOPzwcK|Kid-bFSbDzS zmsVId@yn!X#VXcT_P&8wVm$|e10gW2LQ!e7JT#4kg*>FJQ?V!3c3){6Ssx5C&!zDK zPS;LbR`@+k=DF$t%!iEZJ|^r~@9wr)BSeu~{1^W9_Zj@}oNe-+MN0)Uie8N0iHYGC ze9g;*gy$}4UA0zu5q55Au|Q}NB__m;k=AAxvXZIqU_pCGSy*U#a4WD%vEbg{-jn^< z7Ppf4P9YWCM?K6$!;}0Al4Z!z-fD{P02T%o4aQx@S#J1niC10jm;y#S-18o^?&F0b z<6QmhNWvz$Yq%Y-bGpXpJvKCAuBWb}BZfRg|2r{LM^CveA2}v+Y-}Pf01iV_w1kN~ zDlw2yVRS@WzoxckNflGd2H(Rn-l@E#Vt*j*m>x-b9x0fKE73bRf3_WKe?K9yb%&2f z0G28jF}nQW`MK63MMDT0t9+Q-Fl&BRKm+ocVe$;mAH7Ym$bTlVFv*y+m_ZNPZO*)kLC>U8oTie>wlDeh7aJjeu81cYUTiFZ`Ex}dy>>?wf zun%ID>~2+uI}gOV$y`8@t7oOzn)wC=LE6+-RAgxbNZK4yn*Fn)VwOv>h@^lp+rXiE z$nP?3yVMDmj;4j>`F?RdmEV)(2AZm3-5I~pWQy&v9*-D5enwT$-Xp!mzj#uvWX zEV^QEW0!wU%S=e9GQm>0_3H5e ztB$j#p#_JCNUqP^%BuRa%5W`2v~uMA&7ImLt_l|=mFj&B63}MOeOZiKpsgH=H`_7G zpX0i8w%E(xF*7@-Vg!8^WLakCjmT76VeQ{CA^W_sa!l{VD@+zJmSL-Ka(rx}#>!4E zh!kH^YWI8NDebwL!bII@Lv&rtq0Rjo#tv;BA5+&*lV6att*%M(5*vfySB5q}kU(D9 zg7PN$?P}G-^4Q{#%6uX_o_^&JEIvIy&75*`Gn!GDMUs7wB|c2J5vBfwPyBa{l!P}T zBYI7cJcBTmNRXa($V~Z*w*DC00iR2AMAOL7(CP8{-xe|&^~5P%GYN{-kB@}(%_y)G z1E(xZOfGC&KVRb1)MRTJZIOtoO(v_96_u(t=jP_v7b&?5Vp4M$%bi*!iZzy27iX8x z4Vm#nSt|Xz+rnfteZPO#*%?Cna(k*UR$|z28JTXs!xn@uC>mJU0!9<`L97|68*Of}eMG=bm^y0+L$T-M=(e1*Jrz3vn8FqKvn zGjWcM7x&J%;Suf!-ykC~Gcw-YH)rG4I3E(?k#<%mB9q55L8Qt6jj~vqv2aM(^ z3Lc)FJDUrz{%Nd?sm^zn9~wy`u%`?g23toi46OMNxh3dX{}w_gMEeJC)Z(iN4JnTDEbd-^+gBppl4aIJ>M&9Ku`JjQ1Mczv!EiHN=6u3DINReQtuHqWrK zv~;gLe=q;427%v2d9D5Vv%I4+iSrPGQlJGH#YdILR{dF^dZEZLBc7}++&5WTS%$)f zCgI@1K0V``Pq?{%!;f(1+6rBVGxoAbWw-URNktdE!yxPv+>sM6^xYgO8KLI}Lk3Ae zWuX&BBxGQr{6r%x1@O*I2(N;I{PO2<7Dm(E0)eHADjahw%XmRJA74ouNF zJ}%BMJqj+3dCC30CEn!fd@IGH)8nrbsqBpsITeV8?d2u0(PEn;YrerqF^8N}3U&&_B&b)^97c*C!F%34MKXJsijHff^pF0^u;1K2(c1WU>!MmxhtBcg1JE7?Z`Yd3mV@~KO z+^C?eyrBwSUtfpIatQ=qqY28-1uj~n@bfr=62AIsYiob`f)%K&q?B~AR3m15?Xd}^ z>@R?jWw*pvTRn(VDK4Em-PG*76LQ;Zps)WaFj;wD5{!+FeY$mzCV1=vl$5?(G{IyI z4Gjw`EAB>4WjrJOkGkGj7Q!&I*!wh;e)PzT>*3&qw2afXXvM4 zFuCVrN2V{9atL6G{YE>~q)h<l+UHZ&w_Yin!aUN1zkzBLpP{cFON*TuzkRp5^h9~&EMR}4KVGw5|gwnnVU z<4o69-d06L#nmErX(y)FQ+CO{Z3Dhh@%^2Vs zD6K91Tg^s8Ll_YsAGe~rTI*T^3Gu>ES|TA42*6b*7B;f(*yM|g11(*(xTGv@HZ~n~ z1I$lYb4zn!y%k6J+z@zw_-CzAm`=C8VYd0U;&d<0%?)j|@HYi!r)Q3jjGUgFFjN*f zB_#k^pxV>KPnbfey|A${KR>^zX=*QRVq^^HlS)cUBYyolCc%pgi)5r{K0iJW2VN=5 zA|ayY4o$l5won%~@$wC~!xxp7=1&xw|29gQwnpJ9*jz3pHtpVMZs$8oGt|@5OF1ZC zZVvXc-=45Zwwr(WPH5{#u$2UK1BrXsbEBif!*ZXxHakFX3kylrm&1wqiK$06pq%mW z;bNfl?D%Ktmz=YK`ater{XmnjL!8n^ZqG2wd^#Ao?-kQLJK!D&)f(_8p43k?v{E4lA0NJ>vji6)Mp2DU+pLB^QIMC{jC?PJD>8-vcPDXhu$sFGbAD*6?lOEM#Y=)qDYZOKqG4M&c+omun-~G*vljwYT zodfv5|Lq_(HT9f<7^-87+p=g;uPUMK?dfEH=SMn^qqK~SQL{^Mw<#90eiJJzE2*Om zCv0ji>BF;L`a?@g3qUoXRNYp-9ako-bzWy?zwFXHuNl|kez@)FnVOnnsBBX+GMZ#l zB=dX9>9MM++Fk#)kvJlr%eVO{Jk&$a31fDzZT86A?)4SmZ}O83 z+d)b$E?33sg-c!jFPDQn4r^Tv0GabM6CyKitA3L!G?0SI)7sXyCtz6a{vB`pOrQFI zWC)PE#5p)PXjXpfdCgX%qGqSX>m8k#n5eF18#_5X>|$*O(!#UJaTrT(_ zrss!;v@9}6yg0o3yPKQFIy(5x-yQ4iIAwn1QhNr}WZ3I#Yloqt1g)*k9z^f#z#& zZmzGN@h_Up*`P@X2ul9NnDZT)uOHA$1Ery|yd2=}ZSCx4|J5rVR4iX9so;Mfmuv#c zQDtQ%-NVw-QeGYjqTB`9!}+!)_DImjQdU8r*?Ffh2f%|DqLz0jPL4 z*Vl+hNSq2!ySwI4${{=oPc1F{P#b_yvCt@3O1-@lu?+P@jGY_!YFcDcy( zxwq0hzZ+fx5v2(t(Z5dyKqO8}h49wY%k8@7v#f(Oum>6Ug#!1@hs;kd+G%=UZD_ zKwSp%4M2v&3DeLN0vttM9aeX3sH1}e;Dv`rM`B<=@&e~)Ym3lbo6Zd#LkSRQIyPng zh7B&BXECXmL9T=+>ED#CK6hjYK57o^!ai2abZczDGh7*buItTq^@hpS|vWau#gr8W6o|FC5{1EnO*j>PDlcEi2g?QVQbPUe1Q zP^#hplNvOUA(+X<*5IkvvS5vZ4wr@8<{K*vNLJX`Vv(|AV`G6Tx=GcW4uF(1qEDYB z!N5!~ZY#TP^9ZJUHa~Q8c(*bydNHOfn%O?9PO;50Th_)v*52@;$a?>m>%Nt$*~LM# zFkMy!v5xBvv;UVv+w2uj0U!3k4S`wBdlNcsrVOxaz!xzs*$o7JR)TdkY21&gSOD#Uu;}%h$!F#&;a08y6d! z>;ZsrAt5l2Md2XA8|M7k+P zt+j2=j_$p$o~Q~iRu1ayjAiTXt`~1>E9~*xmuFIprGEKo?V6dx$AvQ0WV1w zk{%yKz<)=u+8)VXc5nr!(8j$G4Lf`&{zI{nZxlrVlEavoWN$-m@V}KB{l=9#WLW~O zV80>|ty^7bs`MY%3m3Ms++LWMC+j^qKF)RGb**f4`VjUO5QuyE>zCq}K^Ort3Za`{+gKbL%{7hS{Xm8{9mHWC#TRZ&4hSE6#< z_xR<-(QZZ9iG89vd2!b_@e~H4_ms3n01-|%fe!;|dV%>T)FguBR=4fXaJ*m5cu_~Z zqKRriCCJW>+2>$qFH4IF5AXJuCSzp$Y(6;^b`{VKp#uR01Mui7MN^!=o%U#^BPPPl z)sH24pFK)f0E!pu`s%VZ6*QcnHaQAI+?{^g*0?!MA?y9mTAul%k8hd^k?doJx4g*B;c8Jc>PS&p1-StD{LELey5Cch#mHv;9aNIp-qC^;JB^v zn>SA=R2L4Bc4$;f4L~DM0`hgEkt3efsc;JF$%6jOsr;4Y`9H?A!jgQ9gxiLNfy1L? zoq6XrSDmu%F!;jjAQPyGg#yK)s>p`;r5;MKIC`jXj*G$T*l3QqUyyI+<-uU4b?$mW zd2{^c++Y%s+>jy1*@UGVk#md8QxmtPj@oN^SluT@jyM;fMW+CLq;-}cOZ|6%oJ&1+ z<4=m3;`y7884kM0rZ40@TW!X+e>FC4J?zpWrNW(tz76-lD3;e9RNFbC5Zk>nX~N zs(Q4^@ZFHkn!GrG$D9(s-a_&{Is;hxJGnBlf8#6~4yoU#go=lEc>tc87k<+wE9f+1tT!s5DH>TSrmkZb?um5|r4qki7U8qg= z^3Zy!Uz7Wsy+qU_(MaV&p+h0TmCU zrJ!fnR`h2wzDjSz++HdGpsrO~1xq<1yq4P)gkrYyvUu1p8j#zHG|cU!hJ7ML;6aiG z*2ZB5Ci8*@BTAsOUBz*QEFLc9tU}FhhUFOw9~|z4m{rWq6qD;(3a(4`YU!+7i9(QL~f0SGVYb@6AC$8ciYXNQ4#)*1pUVrPeN^?DIrzi%86Kwnz_NZN_Xt@QN5 z6H5ZWkK9#`*YGuQTC$breiHF=ZHin&BRvTo+;k@?qL34~b#4CR{G8G4})8O#?}t0Y-2ppq%wZgp$`@+FrIQq8-x|? zCTZ*8F^`Eav(544I6#bqW98fzCmjsT0D4^%dQN1)iLkZ+IM}$1!!>$$46-9McNLV2 z0uQ+hOE%OT4|OoPnrbPm{0t7D{9)~@057yrKCW}dpn8%Q6Ax0ZrjI168TGNS(slt# zolvZBlW;53bU0XaJ`>cqdBx&f6g3J{G4>kA4b`&+Q^Pq21V5gHJSITU-aXf*v*cq< z+`3oGUwUd`7E_wztNsE(L0Npp9iA~U63(Nx5m z5iy2;)*)On#bUl6>gPq%=7q>m$Ij5)vA{c4 zC|V~mW^%i&844~k!ky_q?%N*NSBt+(?lOD;*DZ0p&=(!%@kJnPGZ70pL9#Ko@3h|! z8nwg=(s4ZERO-6m6v)Ii_nIADXeq4ZH8}q@kywr{bc>cSu1aX?lGHKSeGWx_%{E+f|P{)Jle9VehsC_U?AD{<-ZqT%7lbdu?Y8QeYEz`%`UHv#v<4oQY zCxMZP_TxoQMIh|I6B!J^c1M*Nxh+^m1{qX4!rkFj%#6jPWpeo~bWl1pp zQ3CofOEyDcENJFOz~P$2aaH4-nA|iX)w+S_k4-VIo#5jIQF{os>4f$dEag51G}I{U zuBfY3(WpV@p(3CshQ&_vA+Ij)`HnaZ5yp=cRhqyYmLRDqZ;6ut*RGPYo(YRc{Kd?$ zXo4y1yJ_hXQErGBW zVYsH%52RsQBWA!6CkkDa9#*t=IC*iLf2V!m-APUrz<&rp(4~qljI`H{Dp_Xna%QB+uAw;m78cs;{g`Ps0<*$ zh}sX!fq1q1(|334DF}SBz=kueG74kfY>y3*IH8&#YTxe9?oE@|OW+3N-Y@Cg>OZ@e zlAbw%uzNYuxoj#uo@# D(wGlP