From 2ced8f710fccafe3cf4a269eaf2d6310891e6e89 Mon Sep 17 00:00:00 2001 From: Marko Lisica <83164494+marko-lisica@users.noreply.github.com> Date: Tue, 1 Apr 2025 15:40:03 +0200 Subject: [PATCH] [Feature guide] Deploy certificates from DigiCert and custom SCEP certificate authority on macOS (#27439) Related to: - #25822 Updating existing guide for NDES. Adding instructions on how to connect and issue certificates from DigiCert and custom SCEP certificate authorities. --------- Co-authored-by: Noah Talerman <47070608+noahtalerman@users.noreply.github.com> --- ...nnect-end-user-to-wifi-with-certificate.md | 307 ++++++++++++++++++ articles/ndes-scep-proxy.md | 147 --------- .../images/articles/ndes-scep-config.png | Bin 25051 -> 0 bytes .../articles/ndes-scep-failed-profile.png | Bin 11986 -> 20445 bytes 4 files changed, 307 insertions(+), 147 deletions(-) create mode 100644 articles/connect-end-user-to-wifi-with-certificate.md delete mode 100644 articles/ndes-scep-proxy.md delete mode 100644 website/assets/images/articles/ndes-scep-config.png diff --git a/articles/connect-end-user-to-wifi-with-certificate.md b/articles/connect-end-user-to-wifi-with-certificate.md new file mode 100644 index 0000000000..43433af9d6 --- /dev/null +++ b/articles/connect-end-user-to-wifi-with-certificate.md @@ -0,0 +1,307 @@ +# Connect end users to Wi-Fi or VPN with a certificate (DigiCert, NDES, or custom SCEP) + +_Available in Fleet Premium_ + +Fleet can help your end users connect to Wi-Fi or VPN by deploying certificates from your certificate authority (CA). Fleet currently supports [DigiCert](https://www.digicert.com/digicert-one), [Microsoft NDES](https://learn.microsoft.com/en-us/windows-server/identity/ad-cs/network-device-enrollment-service-overview), and custom [SCEP](https://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_Protocol) server. + + +## DigiCert + +To connect end users to W-Fi or VPN with DigiCert certificates, we'll do the following steps: + +- [Create service user in DigiCert](#step-1-create-service-user-in-digicert) +- [Create certificate profile in DigiCert](#step-2-create-certificate-profile-in-digicert) +- [Connect Fleet to DigiCert](#step-3-connect-fleet-to-digicert) +- [Add PKCS #12 configuration profile to Fleet](#step-4-add-pkcs-12-configuration-profile-to-fleet) + +### Step 1: Create service user in DigiCert + +1. Head to [DigiCert One](https://one.digicert.com/) +2. Follow the instructions to create a service user [here](https://docs.digicert.com/en/platform-overview/manage-your-accounts/account-manager/users-and-access/service-users/create-a-service-user.html) and save the service user's API token. +> Make sure to assign **User and certificate manager** and **Certificate profile manager** roles +> when creating service user. + +### Step 2: Create certificate profile in DigiCert + +1. In DigiCert [Trust Lifcycle Manager](https://one.digicert.com/mpki/dashboard), select **Policies > Certificate profiles** from the main menu. Then select **Create profile from template** and select **Generic Device Certificate** from the list. +2. Add a friendly **Profile name** (e.g. "Fleet - Wi-Fi authentication"). +3. Select your **Business unit** and **Issuing CA**. +4. Select **REST API** from **Enrollment method**. Then select **3rd party app** from the **Authentication method** dropdown and select **Next**. +5. Configure the certificate expiration. At most organizations, this is set to 90 days. +6. In the **Subject DN and SAN fields** section, make sure to add **Common name**. **Other name (UPN)** is optional. For **Common name**, select **REST request** from **Source for the field's value** dropdown and check **Required**. If you use **Other name (UPN)**, select **REST Request** and check both **Required** and **Multiple**. Organizations usually use device's serial number or user's email, you can use Fleet variables in the next section, and Fleet will replace these variables with the actual values before certificate is delivered to a device. +7. Click **Next** and leave all default options. We'll come back to this later. + +### Step 3: Connect Fleet to DigiCert + +1. In Fleet, head to **Settings > Integrations > Certificates**. +2. Select **Add CA** and then choose **DigiCert** in the dropdown. +3. Add a **Name** for your certificate authority. The best practice is to create a name based on your use case in all caps snake case (ex. "WIFI_AUTHENTICATION"). We'll use this name later as variable name in a configuration profile. +4. If you're using DigiCert One's cloud offering, keep the default **URL**. If you're using a self-hosted (on-prem) DigiCert One, update the URL to match the one you use to login to your DigiCert One. +5. In **API token**, paste your DigiCert server user's API token (from step 1). +6. In **Profile GUID**, paste your DigiCert One certificate profile GUID (from step 2). To get your profile GUID, in DigiCert, head to the [Certificate profiles](https://one.digicert.com/mpki/policies/profiles) page, open your profile, and copy **GUID**. +7. In **CN**, **UPN**, and **Certificate seat ID**, you can use fixed values or one of the [Fleet's host variables](https://fleetdm.com/docs/configuration/yaml-files#macos-settings-and-windows-settings). Organizations usually use the host's serial number or end user's email to deliver a certificate that's unique to the host. +8. Select **Add CA**. Your DigiCert certificate authority (CA) should appear in your list of CAs in Fleet. + +### Step 4: Add PKCS12 configuration profile to Fleet + +1. Create a [configuration profile](https://fleetdm.com/guides/custom-os-settings) with a PKCS12 payload. In the profile, for `Password`, use `$FLEET_VAR_DIGICERT_PASSWORD_`. For `Data`, use `$FLEET_VAR_DIGICERT_DATA_`. + +2. Replace the ``, with name you created in step 3. For example, if the name of the CA is "WIFI_AUTHENTICATION" the variables will look like this: `$FLEET_VAR_DIGICERT_PASSWORD_WIFI_AUTHENTICATION` and `$FLEET_VAR_DIGICERT_DATA_WIFI_AUTHENTICATION`. + +3. In Fleet, head to **Controls > OS settings > Custom settings** and add the configuration profile to deploy certificates to your hosts. + +When Fleet delivers the profile to your hosts, Fleet will replace the variables. If something goes wrong, errors will appear on each host's **Host details > OS settings**. + +If you resend the profile (select **Resend** in **Host details > OS settings**), Fleet will get a new certificate and create a new seat in DigiCert, which will take 1 license. If you want to revoke a license, in DigiCert, head to [**Trust Lifcycle Manager > Account > Seats**](https://demo.one.digicert.com/mpki/account/seats) and remove the seat. + +#### Example configuration profile + +```xml + + + + + PayloadContent + + + Password + $FLEET_VAR_DIGICERT_PASSWORD_CA_NAME + PayloadContent + $FLEET_VAR_DIGICERT_DATA_CA_NAME + PayloadDisplayName + CertificatePKCS12 + PayloadIdentifier + com.fleetdm.pkcs12 + PayloadType + com.apple.security.pkcs12 + PayloadUUID + ee86cfcb-2409-42c2-9394-1f8113412e04 + PayloadVersion + 1 + + + PayloadDisplayName + DigiCert profile + PayloadIdentifier + TopPayloadIdentifier + PayloadType + Configuration + PayloadUUID + TopPayloadUUID + PayloadVersion + 1 + + +``` + +## Microsoft NDES + +To connect end users to W-Fi or VPN with Microsoft NDES certificates, we'll do the following steps: + +- [Connect Fleet to NDES](#step-1-connect-fleet-to-ndes) +- [Add SCEP configuration profile to Fleet](#step-2-add-scep-configuration-profile-to-fleet) + +### Step 1: Connect Fleet to NDES + +1. In Fleet, head to **Settings > **Integrations > Certificates**. +2. Select the **Add CA** button and select **Microsoft NDES** in the dropdown. +3. Add your **SCEP URL**, **Admin URL**, and **Username** and **Password**. +5. Select **Add CA**. Your NDES certificate authority (CA) should appear in the list in Fleet. +The example paths end with `/certsrv/mscep/mscep.dll` and `/certsrv/mscep_admin/` respectively. These path suffixes are the default paths for NDES on Windows Server 2022 and should only be changed if you have customized the paths on your server. + +When saving the configuration, Fleet will attempt to connect to the SCEP server to verify the connection, including retrieving a one-time challenge password. This validation also occurs when adding a new SCEP configuration or updating an existing one via API and GitOps, including dry runs. Please ensure the NDES password cache size is large enough to accommodate this validation. + +### Step 2: Add SCEP configuration profile to Fleet + +1. Create a [configuration profile](https://fleetdm.com/guides/custom-os-settings) with the SCEP payload. In the profile, for `Challenge`, use`$FLEET_VAR_NDES_SCEP_CHALLENGE`. For `URL`, use `$FLEET_VAR_NDES_SCEP_PROXY_URL`. + +2. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with end user authentication enabled (learn more [here](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping)). You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0). + +3. In Fleet, head to **Controls > OS settings > Custom settings** and add the configuration profile to deploy certificates to your hosts. + +When Fleet delivers the profile to your hosts, Fleet will replace the variables. If something goes wrong, errors will appear on each host's **Host details > OS settings**. + +![NDES SCEP failed profile](../website/assets/images/articles/ndes-scep-failed-profile.png) + +#### Example configuration profile + +```xml + + + + + PayloadContent + + + PayloadContent + + Challenge + $FLEET_VAR_NDES_SCEP_CHALLENGE + Key Type + RSA + Key Usage + 5 + Keysize + 2048 + Subject + + + + CN + %SerialNumber% WIFI $FLEET_VAR_HOST_END_USER_EMAIL_IDP + + + + + OU + FLEET DEVICE MANAGEMENT + + + + URL + $FLEET_VAR_NDES_SCEP_PROXY_URL + + PayloadDisplayName + WIFI SCEP + PayloadIdentifier + com.apple.security.scep.9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC + PayloadType + com.apple.security.scep + PayloadUUID + 9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC + PayloadVersion + 1 + + + PayloadDisplayName + SCEP proxy cert + PayloadIdentifier + Fleet.WiFi + PayloadType + Configuration + PayloadUUID + 4CD1BD65-1D2C-4E9E-9E18-9BCD400CDEDC + PayloadVersion + 1 + + +``` + +## Custom SCEP server + +To connect end users to W-Fi or VPN with a custom SCEP server, we'll do the following steps: + +- [Connect Fleet to custom SCEP server](#step-1-connect-fleet-to-custom-scep-server) +- [Add SCEP configuration profile to Fleet](#step-2-add-scep-configuration-profile-to-fleet2) + +### Step 1: Connect Fleet to custom SCEP server + +1. In Fleet, head to **Settings > **Integrations > Certificates**. +2. Select the **Add CA** button and select **Custom** in the dropdown. +3. Add a **Name** for your certificate authority. The best practice is to create a name based on your use case in all caps snake case (ex. "WIFI_AUTHENTICATION"). We'll use this name later as variable name in a configuration profile. +4. Add your **SCEP URL** and **Challenge**. +6. Select **Add CA**. Your custom SCEP certificate authority (CA) should appear in the list in Fleet. + +### Step 2: Add SCEP configuration profile to Fleet + +1. Create a [configuration profile](https://fleetdm.com/guides/custom-os-settings) with the SCEP payload. In the profile, for `Challenge`, use`$FLEET_VAR_CUSTOM_SCEP_CHALLENGE_`. For, `URL`, use `$FLEET_VAR_CUSTOM_SCEP_PROXY_URL_`. + +2. Replace the ``, with name you created in step 3. For example, if the name of the CA is "WIFI_AUTHENTICATION" the variables will look like this: `$FLEET_VAR_CUSTOM_SCEP_PASSWORD_WIFI_AUTHENTICATION` and `FLEET_VAR_CUSTOM_SCEP_DIGICERT_DATA_WIFI_AUTHENTICATION`. + +3. If your Wi-Fi or VPN requires certificates that are unique to each host, update the `Subject`. You can use `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if your hosts automatically enrolled (via ADE) to Fleet with end user authentication enabled (learn more [here](https://fleetdm.com/docs/rest-api/rest-api#get-human-device-mapping)). You can also use any of the [Apple's built-in variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0). + +4. In Fleet, head to **Controls > OS settings > Custom settings** and add the configuration profile to deploy certificates to your hosts. + +When Fleet delivers the profile to your hosts, Fleet will replace the variables. If something goes wrong, errors will appear on each host's **Host details > OS settings**. + +#### Example configuration profile + +```xml + + + + + PayloadContent + + + PayloadContent + + Challenge + $FLEET_VAR_CUSTOM_SCEP_CHALLENGE_CA_NAME + Key Type + RSA + Key Usage + 5 + Keysize + 2048 + Subject + + + + CN + %SerialNumber% WIFI $FLEET_VAR_HOST_END_USER_EMAIL_IDP + + + + + OU + FLEET DEVICE MANAGEMENT + + + + URL + $FLEET_VAR_CUSTOM_SCEP_PROXY_URL_CA_NAME + + PayloadDisplayName + WIFI SCEP + PayloadIdentifier + com.apple.security.scep.9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC + PayloadType + com.apple.security.scep + PayloadUUID + 9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC + PayloadVersion + 1 + + + PayloadDisplayName + SCEP proxy cert + PayloadIdentifier + Fleet.WiFi + PayloadType + Configuration + PayloadUUID + 4CD1BD65-1D2C-4E9E-9E18-9BCD400CDEDC + PayloadVersion + 1 + + +``` + +## How the SCEP proxy works + +Fleet acts as a middleman between the host and the NDES or custom SCEP server. When a host requests a certificate from Fleet, Fleet requests a certificate from the NDES or +custom SCEP server, retrieves the certificate, and sends it back to the host. + +In addition, Fleet does the following: +SCEP proxy: + +- Retrieves the one-time challenge password from NDES. The NDES admin password is encrypted in Fleet's database by the [server private key](https://fleetdm.com/docs/configuration/fleet-server-configuration#server-private-key). It cannot be retrieved via the API or the web interface. Retrieving passwords for many hosts at once may cause a bottleneck. To avoid long wait times, we recommend a gradual rollout of SCEP profiles. + - Restarting NDES will clear the password cache and may cause outstanding SCEP profiles to fail. +- Resends the configuration profile to the host if the one-time challenge password has expired. + - If the host has been offline and the one-time challenge password is more than 60 minutes old, Fleet assumes the password has expired and will resend the profile to the host with a new one-time challenge password. + +Certificates will appear in the System Keychain on macOS. During the profile installation, +the OS generates several temporary certificates needed for the SCEP protocol. These certificates may be briefly visible in the Keychain Access app on macOS. The CA certificate must also be installed and marked as trusted on the device for the issued certificate to appear as trusted. The IT admin can send the CA certificate in a separate [CertificateRoot profile](https://developer.apple.com/documentation/devicemanagement/certificateroot?language=objc) + +## Assumptions and limitations +* NDES SCEP proxy is currently supported for macOS devices via Apple config profiles. Support for DDM (Declarative Device Management) is coming soon, as is support for iOS, iPadOS, Windows, and Linux. +* Certificate renewal is coming soon. +* Fleet server assumes a one-time challenge password expiration time of 60 minutes. + + + + + + + diff --git a/articles/ndes-scep-proxy.md b/articles/ndes-scep-proxy.md deleted file mode 100644 index 74047600b6..0000000000 --- a/articles/ndes-scep-proxy.md +++ /dev/null @@ -1,147 +0,0 @@ -# Connect end users to Wi-Fi with Simple Certificate Enrollment Protocol (SCEP) - -Fleet [v4.59.0](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.59.0) introduces support for helping your end users connect to Wi-Fi by adding your SCEP server. Fleet currently supports Microsoft's Network Device Enrollment Service (NDES) as a SCEP server. - -This guide will walk you through configuring and using NDES with Fleet acting as a SCEP proxy. - -## Prerequisites - -* Fleet Premium with admin permissions. -* Fleet [v4.59.0](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.59.0) or greater. -* Apple MDM enabled. -* A Windows Server with AD CS (Active Directory Certificate Services) and NDES installed and configured, including the certificate templates for the certificates you want to enroll for. - * The default password cache size for NDES is five passwords. Increase this value to account for the number of devices you expect to enroll simultaneously, including devices that may be offline and need to enroll when they come online. - -## Step-by-step instructions - -### 1. Add SCEP in Fleet - -Go to the Fleet web interface, navigate to `Settings`, go to the `Integrations` tab, and click `Mobile device management (MDM)`. Scroll down to `Simple Certificate Enrollment Protocol (SCEP)` and click `Add SCEP`. - -![Add SCEP](../website/assets/images/articles/add-scep.png) - -### 2. Configure NDES SCEP settings - -You will need to provide the SCEP URL that accepts the SCEP protocol. You'll also need to give the admin URL with the associated username and password to get the one-time challenge passwords for SCEP enrollment. - -![Configure NDES SCEP settings](../website/assets/images/articles/ndes-scep-config.png) - -Note: -* The example paths end with `/certsrv/mscep/mscep.dll` and `/certsrv/mscep_admin/` respectively. These path suffixes are the default paths for NDES on Windows Server 2022 and should only be changed if you have customized the paths on your server. -* When saving the configuration, Fleet will attempt to connect to the SCEP server to verify the connection, including retrieving a one-time challenge password. This validation also occurs when adding a new SCEP configuration or updating an existing one via API and GitOps, including dry runs. Please ensure the NDES password cache size is large enough to accommodate this validation. - -### 3. Create a SCEP configuration profile - -Create a configuration profile in Fleet that includes the SCEP payload. In the profile, you will need to set `$FLEET_VAR_NDES_SCEP_CHALLENGE` as the `Challenge` and `$FLEET_VAR_NDES_SCEP_PROXY_URL` as the `URL`. - -Adjust the `Subject` values according to your organization's needs. You may set `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` if the hosts were enrolled into Fleet MDM using an IdP (Identity Provider). You can also use any of the [Apple profile variables](https://support.apple.com/en-my/guide/deployment/dep04666af94/1/web/1.0) to uniquely identify your device. - -Example profile: - -```xml - - - - - PayloadContent - - - PayloadContent - - Challenge - $FLEET_VAR_NDES_SCEP_CHALLENGE - Key Type - RSA - Key Usage - 5 - Keysize - 2048 - Subject - - - - CN - %SerialNumber% WIFI $FLEET_VAR_HOST_END_USER_EMAIL_IDP - - - - - OU - FLEET DEVICE MANAGEMENT - - - - URL - $FLEET_VAR_NDES_SCEP_PROXY_URL - - PayloadDisplayName - WIFI SCEP - PayloadIdentifier - com.apple.security.scep.9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC - PayloadType - com.apple.security.scep - PayloadUUID - 9DCC35A5-72F9-42B7-9A98-7AD9A9CCA3AC - PayloadVersion - 1 - - - PayloadDisplayName - SCEP proxy cert - PayloadIdentifier - Fleet.WiFi - PayloadType - Configuration - PayloadUUID - 4CD1BD65-1D2C-4E9E-9E18-9BCD400CDEDC - PayloadVersion - 1 - - -``` - -Upload the profile to Fleet in **Controls** > **OS Settings** > **Custom settings**. - -When sending the profile to hosts, Fleet will replace the `$FLEET_VAR_NDES_SCEP_CHALLENGE`, `$FLEET_VAR_NDES_SCEP_PROXY_URL`, and `$FLEET_VAR_HOST_END_USER_EMAIL_IDP` variables with the proper values. Any errors will appear as a `Failed` status in the host's `OS settings`. - -![NDES SCEP failed profile](../website/assets/images/articles/ndes-scep-failed-profile.png) - -> Note: If the uploaded profile is signed, Fleet will replace the variables and invalidate the signature. - -## How does it work? - -The SCEP proxy in Fleet acts as a middleman between the device and the NDES server. When a device requests a certificate, the SCEP proxy forwards the request to the NDES server, retrieves the certificate, and sends it back to the device. In addition, the SCEP proxy: - -- Retrieves the one-time challenge password from the NDES server. - The NDES admin password is encrypted in Fleet's database by the [server private key](https://fleetdm.com/docs/configuration/fleet-server-configuration#server-private-key). It cannot be retrieved via the API or the web interface. - Retrieving passwords for many devices may cause a bottleneck. To avoid long wait times, we recommend a gradual rollout of SCEP profiles. - - Restarting the NDES service will clear the password cache and may cause outstanding SCEP profiles to fail. -- Resend the profile to the device if the one-time challenge password has expired. - - If the device has been offline and the one-time challenge password is more than 60 minutes old, the SCEP proxy assumes the password has expired and will resend the profile to the device with a new one-time challenge password. - -The issued certificate will appear in the System Keychain on macOS. During the profile installation, the OS generates several temporary certificates needed for the SCEP protocol. These certificates may be briefly visible in the Keychain Access app on macOS. The CA certificate must also be installed and marked as trusted on the device for the issued certificate to appear as trusted. The IT admin can send the CA certificate in a separate [CertificateRoot profile](https://developer.apple.com/documentation/devicemanagement/certificateroot?language=objc). - -## Use case: connecting to a corporate WiFi network - -A common use case for SCEP is connecting devices to a corporate WiFi network. This involves creating a profile with SCEP and WiFi payloads and linking them together. Here's how you can use Fleet's SCEP proxy to achieve this: - -1. Send the root CA certificate to the device using a [CertificateRoot profile](https://developer.apple.com/documentation/devicemanagement/certificateroot?language=objc). -2. Create a profile with a SCEP payload and a [WiFi payload](https://developer.apple.com/documentation/devicemanagement/wifi?language=objc), and send it to the device. - - The `PayloadCertificateUUID` in the WiFi payload should reference the `PayloadUUID` of the SCEP payload. - - For more information on connecting your Apple devices to 802.1X networks, see [this guide from Apple](https://support.apple.com/en-my/guide/deployment/depabc994b84/web). - -## Assumptions and limitations -* NDES SCEP proxy is currently supported for macOS devices via Apple config profiles. Support for DDM (Declarative Device Management) is coming soon, as is support for iOS, iPadOS, Windows, and Linux. -* Certificate renewal is coming soon. -* Fleet server assumes a one-time challenge password expiration time of 60 minutes. - -## Conclusion - -Fleet's NDES SCEP proxy feature allows your devices to receive certificates from your certificate authority's NDES service. This feature simplifies managing certificates on your devices and enables a secure and efficient way to connect them to your corporate network. - - - - - - - diff --git a/website/assets/images/articles/ndes-scep-config.png b/website/assets/images/articles/ndes-scep-config.png deleted file mode 100644 index ca4c48e253318f10245ab5008baa9ed300336be1..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 25051 zcmce-WmFwax9>|J5FkKsNP;H|Sp;`?_r=03xVuAu;O_3WkhQSj4#6$BySuvtxjgUQ z?>^_Ad(Ix?emVW6$E>cd>RJ7->iL^JDpXNk0v+`eDjXafx|F0S2o4Sb3Z*J{fUEf5Eyb!&4D4`6Xpd zE32Cx-m(3I6J%7fArV=ZSJxCkxwhW}B$U#@VHpOdKDW1b3CYFt3#%<{{Z%#X<&~}d z0~37%<8*9lEL@t6%{_GuT}Q`f)wLZ<%Ntp_6_-~x#U%}QcXu0`yTkyg??yl3lL`$? zykip!$0z4yK{k=Gkg{JbT!OmJ?$I6He`e;E7ne3Tc(ogvy4N>$pPruX?;lvXHE(Y2 z0N)h4dWMT&b$k0q?Y{>P4o_&A!Om_`{=unHagfomSs5j(@`~n)sGJYQQqHoeweNT5(9G=8_4V!Jxv#Z-$lCf2Si{NnN6gQF6h&40%9`I((@P8- zYQL)6Yw9~K?SeA0Dj-F*Oq}X@1=YHSp2_JYRP>5Lq3I?Te)Wyre@3QzdPjTv#_sO! zX&9B|!M1aAD}v(2!ji_BIhC-|CU4(_iK#_?5&hzl#+dm0jO<^W0y^rtu6_Mu14EOW z+lTvyryTq`60+vBOv<5=*}c7^&JHh8vALt8v+El>`v*q}DbUgJxxkS0-MwRJMa$E( zi|DvKNMUtS!pqgwby8}vnzqZ>_}sNB>-)tAWdm#&_Xfq|FBg_pvD7dz|cpWZKRtuJe9+uPeO_xCU1 zAul7tFTnvX>8USyIWIRiFEi6Go0~5a<1f4WC&x!GogFXPnJ;CfFK*5+HQjV|aB#XA zQldg&vy~&QLj~M{*%Ju%R|J-rb&f7S(eHMILJ2wAZ@)Bj^b;nO)cc0KMZ!~mJ4+p8 zj7R|X3qvMU{1S&38Il6%{boa9@MxsUF+SW|@wcd@sHvo4(s8qDq|Gzy!h7%nU5}N{ri8j)Y|ra7EZA|haT&RvM|MMcP>osDO`owOTDn9OL9Ei(p`wFbWZ6;FFgwa8HF>+2l~ zUY}>~ISPyTfendOg`JZ^m0s=`zpyJuzDL5|nO-N9R+znFKuar6mH~XU7&?U*S58z= zG2x#JvDjyPD0s7KP6iJfj{G6z8yTaQOl5^bu7%*q+!i-2eUqUnFNX?Py);1OX{oQZzUanvlKTdQAjTZm_v%Uch zws~<}C&m6Te|>2eSvcqZo>C=te${1Vp9-oFoH~d(peLVSA&%ORuNB^&3HdE4)<1fS zxH~T>`J>nlXyO-Ry;J=0M5L4P?jF8EUt=(Ni4CCghlEi=L|PuaUjVQeS`pMpM0?av zj*H_WlaAm|?*ziD&7c|@3z7^2^T- z$Ve|qK6S*rGn7wete?mww)m5h>$47-KH2^j9yDXMNk~BB_@s=?g<#C88^ZX>SjQW9 z(w0_EBAi7mOV`%#{e!Vi==U3jPutT@;M-^{-`KEP{=B>N2vk0uKrt<+&bEngT`9Z{ zHDddteomZNPncGE=_C`9>)m-9^Neh*RErsrB^i6kcP5UhCF!byi4Gt}5 zDzBSh_8df`Q%dhn?`1&dVwg%dX6yJ=r`TUNeF1$l%i~*1lE-_sJLDEgls_Iu!7vP7 z1VM#skb18u{7o!S9F+qfg$5l3v@I+S=p=x`4pMgcHgxAx#)spyREERc z7bWSSVKUwP!116aIi^8i@WZi3A)bbr)ow1!TD?Fz2Yg|g3AW2(m!(7)oQOM z@Y|NYuFJqfl4L+(4T109jpn-d{|+79FAYAK?>{x%Nzl?3GTFfF50aKOeE@{rE@cp96^Uv|bF~p+U3I+uEl{K@^9=C zFeIjX9*NE}FiJL-2j4%MF~NyPfgWU308HP`vs?&UoFoBHA0r$eI!-kZ_HiOS(SQ*~ ze4lputVv?e-Nt&w)CtJVs zf*QB9#;tkb^ij2b*(alKsnK5M$2Z;6kV3-Xk@(`jgx}WmUwQmYG!g`<$-p8PC9}=m zgseSZ*o|*>VH@hItOal(I@Goe}_L4hV6F7`e~olm=}gda+dN(=$jZb zvTnVTg#D!uWX}$RA$aD4dY>+^28z-c*R-51rN{t8$_VAd;WR21$Cx z^UHLN)qR($0%-ZGQ3RmyI~6C`1s0b5p8R~{HytskvMOIx`i+%Qpa0(Sr}M~2f%he% zHzs$Z5QubaaszcLcVB$X>2Ay*kKC$qavd>gzA4HWBfVHAF!MHjH|p zxhtt(J|l(~f}`al^k?i17iVNSqX20#_@|p|GC#C)D@RiHOwi9b)77vAOY4mUt_Q*w z6=71GHYs+Q#7sg+4)1%9sXVNLqV}rN1}M#_0*eZ{W-UXorJ*UnNvfdRoeugf7W0OY zDe_FPKclG52pyFMx$BIL4how$+X?zD9?`La8N8>uDkJoA%GrQxy9S+KK=deZjWr&kspB51dW2wuh3)0?tk87gf(w5nUIn=d z4^=Eo;l~`nD4H7D2|!5|uCM0McR)SFjkQefKARJ6A)@v@cMHB!Z5d-rBS8%TtNPcA zeJ1#;bDKJvw}A>ujNyXrj4Ur0vo!3rQljXWURMdc9@nUxpD4Tt(*;JVup6R zU1!DcUKyYjQM05WYUxT92fZe0*$G zTZlz6-D<*+WI=aM4Z%IFp$;)Rz&f+8`2N3M1R%^A;DT>`^2Lp(Ux`QeOk z`JgoYC7%Zt>>wxtG?NLHUMF`{jpe_#@*O=m&ii=NHdq^64p z6H?!z`%}D*d}#!D0BG7eTqkd&I&(E{w8ca~LByI_5=f(iOvK-0nQ9@}DI+7er z`yEZf3~A5CP4YhrX!SQKN&B1iE-QiIEpRE{_RzW+(R`7*Yw&EP?Uo<;G?ohRf_CHW zw2{>Z}Hxi$2I>gYLmksVlvdzX%_T>sM zx@_;bzNg4Y7I(V7p=UqqAjrI7A0?4yNRVH+>yEKpp+jO9`WqX{XUHsa@40rKGFR> zy*Ejzc>Ip{Z=YjMUO%}@i5t>h!J7@I-=)_2cMZFU>Rn^>(b>=MX(HpGZokc&?O5`m$CaN&HQS zoFieId!`t>QB%>K{8=&W(>ItIA=MwK0`JLHzBM#{IfOsTu4oH@)&It_mcmA_)=orTOe3gM} z`AzlI%eF}{*h9WP7(-#q^S!rZ&(qg%Qe6IrA%a_1olS$A=xX}2RloBCylyF5u)uj` z;-Eb50|1Xeg^J&Hb%-t)+!je5FU>B+2-zr?EVE#^sVUET{`HU+Q+G*vXI+Txxm9?; zMMPRP)xQl`4vP^FWj=)rp2^C4^Fgxp%SuTim9$m`pbckCZJW(?n!FEXEb@05HeZ`1 zDl~6DcAQ#^%n!OB^*!^qjUt7&UMV`ETS@R9pNjx(cE*Sp+GHL^sMASN(TSBn(!|^j zEJSbFf4MVPLwKZM?j?)Ol9u}V zD-Lo_!;5?YuaIM+Q}5dRLBkIW5B&wzpS{4^u~>Nh`db$|8eDx5gK=|I`sWLDw-;5X zTjQ4ZsE;9#_?%WOzpMdc_}EXUzL7Oo4>Ncv69P(d%aWQMEX_x|$0E&^{=wdN9ON@u>%QF|tkR(% zU*s4P@q4u|jpwtZ@9yTJ@@vCSAKK+F85k(Tl9PIPvTj%BforF1!t&#KiEK-eGlci$ zPmS>#{JU+b?S&S=KhLOq#(ObMsaXH(KvlncLZXrHPy4vA{ONl;A)1Yv-+gpclKf3 zfsPs1{2y~5P2~Lcjee7OlT=+wbv#H@9LO`EUDv1Be3B^^T$EkY`kBuj z{NvS6ZjJV*HVEhYEw==2G$d~>y#Ir5w0Ya8p+FCGHB$*_m}OBsqf}_m@#^W7 z!?LO~*f_*G{jYsul_uGA`<-$2IRKXv9=FofO8H(KkK7k~l%q-9-37qw3k3N9jknhwAi-~3B8xiZ!fNi}`5^5kq@J}`9DxEzIi zwtYZM^n)g~UNr^AWF2^3d@If*L8h^D4jf=(cnH^`a!9m+|izW+4mk zv?IfSReS!$C)e`88W-d@Yq8{2bFp#-iL&i=Is}15wQz`3azMksqMy~P!>1l zMq!Qd!+I_XMgDV{EzSBHFyP7osFb!j6&_aLFd`n?DR*v{M=RCnm zRYF5%YezARMSl6|9%OWA9A!l(#in_fDD3%K`_6PxY-Hignp4e~BKafKEaOUFf#49T zwZ#eOIwT2%13>F!N|NsNh8iwDzfB^w-^x#?r6byEC_&mQxT4vRg0*fbL^V%2gO&Jj zb~4`X%Mh177iaH!a^Ct44O+8p{ch0USVXuc5VNa9kFV*Y8se;v58`*YcK`YT#JU*d z)Y;yBQ0Xvo;3QTJ8Z0dNN*mklnDk;eyI`2tRQD`D10Hzu&VS@=4B6F=NT^014hxxu zkWv_7(C{~^sD(HQM!!gen*WCeKk477QG`lgKE0-u_(Os)At-el~QdB6m`H${gMl$lc1u$jope+7h8cl0Vw{mjuUWPH^F9_)3N^lYB zVl~6e9!>I==4)}1q=V@5i4aO*}Fpl**J1_ zp(Ld^xplErC0koEi6WE7n1i2*gamt~Nh3C$R!tTo67e2?$`134847XMR*FATyD--7 z9Km6{vVJ@lKM^i*0{p2R>NzAy36 z>i`fyZ^BB{d7TCz6y`cO8RFz7d_qDIqClQTqW2t-zR7@1Gg{sBk8i#~JB`>>`BQ{-W+XjoQ%@40HIYLAID%``ct?Y_09>S-;W@0tQ*Y& z`Om&8FQ&%eUm(5WE32lMul40O1GF1pdl1gGkOy%|_fX{P@DsBcSa}kk zVs^H&xD3#~Nqy`4Yyq?yGj^KB?MJr9|m%7vvm2+B5nHKw>hzSFujE>EjHBm`Z<_Hq%%y8AR9cIzhL=eEry z4|A8qL%F&>RV}`xRAI_6_NOA3DRtl6j_1poE@X}TNhj!Vhe-!zhXyuC!_sTkorI+< zs?5uXz8v%Cx~^g7XJO$l*(}qkSjg|gT@S~#e_oH%12G*)96QFrCPjQ2YzB+s1CU$Z z=L_oZZF}uiMxrj=u@p4%u=!0$AqI0uhk~7J3Iu;Cq)-^00TMm__1+XQw0+8Q0*z1; z&|C9U{bFBO%i&s<<%fxo=nwYdP8Ci0`{(;@xVik}QfM{!|s$nsSf2s&ckS zsxY~y)~WQNtw08`B=xxJo)eaektsj6W5R5NJ{nn@yp?^UyA=6F6Qr`WQe^D-RtBbm zDN%yL1?KKQJ+@8(iwPw({UyB4V-#UBf7A&O*}&0~g!zz zTnjPC8_0*-I-BF7T-R8WNLc>*3b4l}a>6=Kn52ycO!EzKQ%@id5_}4+l%C;`+r$5^ zAcWIp#I<(=!1EOPXLg>M*wcq!ZLp(2jI%T+!s3VdzhLD9RItXP87TsBH@>B95Z4;# zyGuG(WEq7jah4si;wWS;8GsR^LNq6Tw)h~+a}~?llbgob-r6DqS#AT~i}k02i>Ed4 z2*#IhOhduw4z8)jwqhe0 z>yeBly)9*>QZ`QI{DoeGhm`u2orB%PUCq_Qs+odhSc%I%e1dn37)d zVHP)*oJ%2IQU{xZm>z#xN>s!!q7)ZF8OgO4|GP1rLt<*iZvo(9C2F!$KSCk@x)I3W zUsUJ@os!&aGo9QXU~jp-y>>Vme1O=?x02P_lK_|A|Dq}*y(HClX5Z2yG(36QAX5Wb zIA%94{RTYD?ye}i@W`hC9nIEA>GE{lg$9v4-{^LShyFV%hs|uJP>5+`}%2!|0aHL3Bvnj zO5`BYVgU@8QSh_lkc@xM-Sju7+hJS?ZlCAZ8eej!_umq8GJ-rC>p@0n~X19a+rsb>pcAjX2YD25T*&oy!`2eFbK z(Big^a+z5z9CGsHe)Q*h#FTQh?@c}ocZELb1{rZOj{WLdt}O7U8lq*nnUrq#7Y4?v zFj=e&>1V}y`>6Lp1qVA(2xiyp!zx~W;}U{7dR#I|cUeQH6F>UR6|+kh_0Loke2Of) zcdg?Yid=^OHa5Wc1#~`Dos-~rIgvHjfAk6e@I~<1Nf-}z4Z!4-$|-BOW&a|a@;<_| zg%{5(?(>U#__j*UMv8zv-l89E0%_o9g70EI8uvWE4P|zl`chW%+ygFmXS;U)wjU!5 zHL4|yIn=-C!t%;|msS-hq43%x4sDV&cq)F?hqvRn%<`)vj=WfV>J|6ycK7-#w@Qk& z7MrIKb1&2v&Jh3qJi6W~@Lf-xUIzcW;Q!`%GgN5hfZi%*-c z#DH+6;~8SMBc1sN?R1{Hm+a`{`;`0*A(v?eZx>J5LRGM=>}{q>-)>WD-CECmFFD1X zJ!)$LJzC&UbKfWbh|3igV|TBW!w-2_4?B^!d*|)vFZCQ6393#0n$+oc`H+INhT8Fb$}9xoU3%o(UFy^CbnQDvh1$MTl0 z7J7-=?(EezWJ>oA>mgYF7UBLJc0&HpEZ;5ApV}@Z;PfK8r+mIgZlcoaCGS2elyeIW zJ4tx4+QZBC0ZFN>B+s1~W-N1y6mL5qJp)q@krKKRf4$VlqMqD+Q8`Z46N2I0owg2P zo|p7i8t9`E$O3!))U14ZeQ?N+IXGc)X9)2JyY*m@*Y#u(X=~Y}m$20JaPwQ+Tn6VR ziBs?ASovEn;eESxf|vsV3`*H7#+q_LeuxJWeOPGjuMaQF#1+}jk6?-|zf z0S{Lqhc+jJUpPK8B-Ub#Pa&?(c|s9$BR+-eGDt66!;S1WV=@z=(`Z$ccB{em2RXDL zSXt38x?_FV>*uXK4vdF^G>KrJw2-E-f~kF~zUy$svB|qB(3A8dhpwLQWqkKa0;hx4 zM5Lz*-);9De`&?!Stld2_*5Bnxpp&7$*gi1;-SCNgo;CrlM1-kpnLCv63@`%>AF8k zx0gK-d_7w~oy_O2+cL-9Ec->~Jjcj4WM}AVHP2MtHjF*vN2JHiAYLg)oPDLi&j7d~ z{#bBRg$gKE`z(IcDVm=Q@*v-YV+$swxH`^P8;IOgvT$$(9B8wZEk@y~tqkNsE~@gM zkw2=gm#5>HPIK#9+TNwt$TA*%fTBr@r3t}Ugfn??yOCmXDVvjdV_PoBRlurQZgzXP z>`gOZEyIu9@|uX(g)TVXDAp(SVf+3d=0>(1OZ4x3Qkr6A&{iUg%W;1ut^5RU(qi8Q zaU%3;;rpHSpvbsKwD%fF(Z8J|?U>26$Z+2?;GB@e_}_o`w8;?#ij=Imh|CxyteDA} z{Sh=)<^4lO25XXFBt?}run|Fi#`9j8bg}#rc^ck%sN2E`-*C_vvq*Z$>_p~d8E}F( z0*8C@`<+Vg67$IAR~AV5U_5pW#GNLd^1R7|&$fJL0IS!u=qPFX`TKXEA>X z;}H9-3qRq5Tx%5KheuF?6f*b0@+)YceB0vaJrGCxM&R||C;_Y)8I|6(`zw zp41PVC6uK9l%hculpiW^C1sU{qS&`HI41*js9khmVuuiw^DJC5(L1v9{Bb^M542 z>+1l%kx=7YLyrzx2axxBRzv;K`}Y=zexhFA-S2+?Z1cEn5`Ia-Ygdh^vIJzRYU&Oq zc=w%XG9?SnXTZ=}SqjlJW*k9D+)3Ikl(_yti2aFYJp(Ni=RNmydLFuad_ZgX85#6@ zPY>)31vYtb+=1Q)=ZfcI^66mi*dhJ^qF5LqsVBhaumRx|Yv(#*12GO_sb|e;&yyqUGNI0eZyBS+w^@c}BO3j$yY{ z^)*m+Wv%^#B#AAxoii|K`AZaaAgpeidZtE(Gt%Tc!vYOHG8>;8>O1&uE2|RgYy}M? z%%prq^{{Bw^g%^fBS~(%a0}<@yS;m2{Wqob(7G>X;t~7Qx%lQ*%2LkZ5GyBM^zowx zl@AuM&g$JiF_^6gOe+aig2V_Zn#XJ#*tt#WY=WZ5xM7e7ES$mLaR(9?dNyF*ZYqB7 zM4~6z`Vz8Q2MWkY{Wpm|Uz=lkX=7GOeYGm#(lzht=6 zDTySs$kl1J0V*j;D13lL6zGMlOCIc9+E&cbRSvRpX){9Eu<#x%o_{ z&QU7?u;)4dPU~`0u6i>hBgzvXMgavAuposb+LK~S1@iau;K;yErDWja4@!awul^9| zc}ri2cEY;IcJ0ls*E#Zu7=7i#GYe`Hz@K|aVV!pHhi{nLhV@3HKh=s}2MP9MlKAW|xo`=}O9 zf3Z%I!MCVKNU|`nT_{YxpFH(jK>2dSOk@sIi$Obuyi-`27qVW31jsBble)O_>tUK~G$5xJ0ZK7XA^T z8#rx}AQ{*;<8{L>0@RdeV#Disr`J~I8St_S2Mza+%NSXh5gS3ts2`{AZfkr6(U=2p z(s1mPcjP-f)QfOY=NNt#ia6kPv=q$Z&elGwtRhE}Y}vV`V(K0+O&Q~;zn5F!VmkGycFq3J63h@RLi**CFjx$Tpj7Um>P6N zQ^3v}w81BVu@-i5klbaG0P$mf``>>gZ#a*`AIBvVS36sFKD&;I>*U+vtH@3SRe1eb zO9taL-tK?hOij6o30#aSfov!7YD}4HA8v?`vbqOq*=ho_G5pbRve?A$a0j*{zj#Xp zdJKP6I%SP#-rT}(p|01%X>@*nncH(<-laYFRht}3a{?9zL~~AD;;<0?=+}RkL*(nU zVsL1m{C59y)v^PwE%}kCmYvt|o(CEfytqS=2n-LU9)M>yVv?dGIyPygi3g6=LeJOtvv4+8?x*PHsr=^?SL>wm~nKkk#c@7%D{LAx25TJE~zfH|wf85$ZB?I(79 z*1oKD!8y#13Jr<@kN-ty>x2E+(@w366QVZb1Ot2qLu+YpQ^w_~^I8mh(>D^?f?uTY zyuaylayPd23P4dM-o#t{C;mvAOxJ{fc~k@kH|_RvodW@Y6Nup*rwkC6Jb@-}B935R zA}6twq-+G%5OTtPF~RmOfHf5??kNn?uDy&9PkvxRXED)=}`afqy<-1owiW4Z#IOKK+4U`)DUbw5RX2;>5p$YxS{|t#c zP(Pu&nW`EBe0K;Z)#lfOi%|*KA;Z%YKd{pj->+2G;1%o^89L*I)w;vq*=%;Gl@l-t-}Qi$EP6>&ZA7`%(I#T7pDYUrE`eWmE3- z$&OM+P_G$xUtp3L5k2=${YCRQb|F4wX<4c_vqVzj!#R>aU?#Xkqe|naUcyj@IA+c6g@9yN)#KUZJo6-6z-9LrzYDYY3;9vJN{O^wjpM8?g zneX5vd-v3D`8b^~7azp#jNXvZgdeoGy5DY2)hnX@Tr|5r)`?azyfdYOvyph3Th?U? z^L;JGP|0`o?BQko1UGqz41tFOy@7+m{e0as|j@?X?x5e^+~L=C!qd-vxSO*Dg~#cQ+EO@KV6$b~fkF;HCI$_Ny)zs<8UJ zX6mC;$MhJYCn~Ciu}5)E4tdJ)G)E*)Pv|jXdlv$HOjxS-=LX45fSSwO1<0JcLTQ@;CP-V9L^8~4$cYq@~h-UZ0(^|&|u9tNz z^PzlCz-0m0^VpPR<1rNi;ybIS64+^ZbzTy0%do8}rjjAst+TUhuZOC;bT)a`CQ{w_$zM{RZ{! zyBBW-hXp5sWxT6z5k`)s3LY*kUx30bC{Q>EDvQ8NEuBHI0eZD#n*zi1q%8{mul|$O zOP+Y?0yhUH2z-pR#4YKT;$+vov3pH%P5D~NACw~QZL`sO3gi! zj3!)4NFtIYeizuy4u#Ofw|Cuq+a+}k_cs{vNi@o*=&ZQMkC*hOFbxN4sTF1b{&DAP zc>P)M2wm$#*uzbI&?PZKyZc%DeN*BD{t&;Emmhf4;d!%H-hSZyx2=_SJ8voJS`i)n zPD6M{j|UD+P28skGQ-n0ydRnK#ec=b)cnBjRyQ9=b&;XEdL7v-Um>V*!F_LcZqf#C zwF~D8-DY5_%FWN_#Co?A%r06`^{03q=KCU3T~mGN)+sZP4DTm6mgc+OeO`Zu$>9dL zGc9UO;~%B|za{4*BPO~*>K$68&aZ?-3t0Fq9U?u4lm|)@N*JvQIdV6G`87!yRZ zbAP1SUS}BONs*1a8Z;~t?_Xm|@?SIR|1ejeaFU;)4lpgJf!pv}a}Qc)J<&JSDzL!d z-BrVZ=#Zg8LznQ+ zd^7+8>Itt0z>H}{gx~Aiu;b4n891(`q0{;Sw;T#{ zgJK)ZQMP*hfp++I%RZ?i=~&fk^IN~LPG#p`=zPAxNK^?YpqqV|3cXCDuS`^L$?`4B^I=`6?mpku zEV@fqfyLH?biW!9bMNvkTBem|_i>YOt zn|bry8zh~lC#^YvOAGf&N%GB;4uZztiY%G;4~d*Gc2s(LxpUdB&5Tki-22Ny6K5m4 zM5a^|O5lyz-jx$_v(*mhTW|zf8VZ;Xb3~Ui6Pc56%);1YmD?8=-Ny0NiudFU(t&~0 zQsJKn#3n#SRL5^2Y0jW&_w>*u6)iYM_OTCMT9{ojtK)w zlMah)tZJ=v%%ERbjGCUXr-|F)(z!tMBG#f_mNQ6u^?2YPkC)|YEK?idLBs6Oh3>v` zXs`Ph?}uce8eRFl%%@K5(O-A!)}QdHN{^|wo3-}y%_gMFE^6P1`1YS(Ct>|4QRRuTouy?N1&}#N5VC zu_G)F#39h^2LY^`$Q*ALd$KMB7=9 z>dsoGN#{!X3s5Z4$d;@P-T-<=-cVtR@V-r+EetnL7Bn?S9Vat*Wx)VRvj!b2v)~`d zBn;+7JvU05z1ov`D@pg!6E^OvY@vY@tD>u58qripai!AN z%`PC+A6zX58#TU2@Yt{iUBBg++owH$Bh#17o!4GoN0*jT?B>4(`D4CEA(O*f17B~` zpedwgREq6hI$$0X0^pA1n)8k7-;YVK0NjHkq)pA{pV5z_t*Gw8!4H8%DSq#NSze`R zNB1`tVv6mwNNTJke*-=nN7Xj_4!6K%sXcdQ7o>$#}}tPp@J<7*V36v5-y3IRVUp6gZ$s z0sNdQ5*8YJgmFUwWbeR57yzy*E`g9Ep;n{v0rU|~q?r(|ES^U2uJC79K*!0l7-^tE zz)hOxb^^^~tAc`=`XwO#pen2>fV=blx^klco1l!>+~s6kDpBGi*T{%j0k$*d_G59% zg7t&&zAg47*fok-N@??xws*)|fy^jj*i|fyi8J3dsQpjldT42B+fABND3!pcu_=D= zv9&5KJR7=&J!LY`?#rCs%-iPrME=khBxfzV6l~>zv>ad3fonZKFl9T#9G@C&QOnW5 z03Z!eC#+Ro8JKqz+D4tGOvQi?riPU(KBRZEPG{!7O1m406lJCv88mDFUFrzt%<=G> zi-_B;dNLr$^AMF6b>KC~|5FDlFLP0WW#k%#4r;hHs($PypgV zDr8qsE%qdJ9a=B@F-OoA2pEIR;B0j3FT6rbNot&AZ4f@pUFWv}h=*Rr&_Jwd9dSBd zE0|vmr&Rvwl+z+O>cgQ$e2&O+4v_|!+$nHk`QLhGQsPhE=7lbtOTzv0j7Y^tc?Uj; zQQGIYw8L#r1k0NS#f;|9)~CtpTS<%jRYQ8eU<|Ipp&drI_|DsGgOS(#MM@-=#14Em z+U>dWEL6#`vYo5k7WU~$mD>@ zE4f7Jge|dY2^y;V<@AA#<9*G7X>9StlhWxZQ zzQY&xH>n)A7ki4x%NGv#q-`Ndsj@X&qLZlWFyq|a8|Ko*U}===VJW6K1bPw=%q{3m zEh&-P=%%wxPA+bsDOVg%-%AG;yndr#(FPW_$pj?0u9qYwLEvf`7^gOe-|{!AJ6yS$ zz39!GfI7^rjPh#nRt&%a50tOG+bnQ~uTIM5>q7<|57mvfjLV(?rDmsR#C$BC*Yr&3 zmhV-&E}L;Wwt-mX_JW@fRVbuH4!)_sNjT8+8hxS5pZ*HSzmetqmkzCtfiM z@b36@Pky*;m{tA~#fkfTeUQ+2yResT;gR>Vkt&f*BKt=LXj{GLP-)52`bv(CPwDqk zyv0FEr1=$QQ4y3(<#p>$;-${Wj-&Q}l(a1(1%q$>|JNAqe-5(b(!u%ctXz_gR{8&m z(X9V7Mw{mI%|(UW3$l&#Rf8(iap=tuC)8O{8{{cO3{u7PsF=7#loFq zl%Jn6GaWtkT-Qt(8KQvK7**6QF7DKZlrI7+` zmP_Dw-6h#+OaCkHz$u{qF^0PElWVKTI(tIrn%~W5LKZAve37p?BoTL7!2C?|=VMzZ zzq3h-wZ9cuX#UD^h2Ch;(ti6pKjfLhYhzsY9)GIB=YBX#>J@E{yhgHv!QV$@YBMVq zFGnBs@2m8~32UAy3N#1q7xWymQeDL}G<4{r>5if^I84JfSLK1zdDD+ruYEOv1GVn7 zK;M{J7av0i%}CT^KPFh*cbyttY`44JAdbA?#=e?}sluHD5N^th0Py#68I?hI0PRML z63sc1VX(U*Ozop*$|Y}I(B&}}G=NUQ;Y1QRt)RC^9#qNwuO3X@cCfg#pHg3Al4NGp zb_&)fL#sEt=^s5q+VNvyiIvtF$$&)ZsvkdvfQ)?w591eOx^5=ye@o(mo+zjj#iXvI zD?!HudJ2IBu(cNTLR&kVL{Q_R+GXE+a=es7&=cQ>NlH3%Q!8=>B^cVsi}Ke(x<`9_ zZDkG4dJ!PwY=KAOW#a1=Y_Fkv&m%!fpWNJsL~wxtY51v!g6eb11KrF3l+N^ok|rX;`Rwu4imoM^E+>TkH@xlImLXW4zBFF>tA9)15u2zoIc z^j4Ys$T)rVM~F|;k^gJMpY{GGn4Y**rw0~z*uT?LLWlld%6jgpbQ>*fZq8W>2!?;< z@c+W~f8gb}7Y!a3ld4EfYAsHq`e!AsMX`ioi%?zDqEHVFs&Sf~FBZlCQ9x;8f1f;- zbCqu1fW^VHxV{z-E5eJT~(+JO-&rM`?Z;6@%F^>-z0QGll}jn zglILMvy1Bg+2;iIUm=TO{He_O60X>^H_?CBpKZVrs0LUSvnCIZudygP=@~Q8N;H5b?9q zVkBz4OIty~V%=G}#C4cbWd~DwUP;W^#O=KJHkOI9M8FI&7X{*5Yl$1T}_z zX@lhDtWi=HBG(t@6f`e~zm%X!{6B?Uby!==wl75sMOsR6_W%bg1b2!h1776YYw?dKPFYP(^oOkbc-}nBR${c_+Xl=+Yx{2ye=)b0N#OFZHFBpZ1b^4pkqO^?K=RZHdmxo zp**P~$&YbvtzwtFuxeVr6gFevJGSg<{6VWnOID|7T;El~xr+r|$EUx7!e=`%+C@?A z8tgEbvLBPP=03XUS$1|e1H3C{8y1W6D&FOH{{s6_MAD%u`^;^(j|Z5zo&}WU6P+MZ zkY%1>OB@36WpR583(yb4F!F*a>9d{d8=06Mv&rtPIHcXO{ropa_Dh>#lVv8C zO&P-sr^VBdDp_$@eoopSeyQ#|Ja=j_#T zVAqtYEVSMadTxyUk}*1Q`B@g4Ve!lZ6+g0%b!`_X7PNa`p7|c~Urnh;I$RISLI_(b zEC^GJcx#65XIpbSWKrTjkgy0fp^Q@?2F0)mq34Ey<2y@J+&-2oKgj__u9sHtl{*Df zcovWk2Glew4GO=o46NvOsGatF*~@0f(HVtr2fy#QrXZ^EV%XFD_IgLKY5oa7`Rw@{ z4to!h`-JMYTZE3750|}%`^aPXz%QuaHFmEkdXDQu(to@TWt<}#%geOc6eoJY{cga} z7Z-5y#mRl=mi6$__HD?Hz(H4gpFM2wdJ0FV6ZiaQ;uTAKg2c4Q&qi_Qcf#@zg((>W zp9ms+0SkklSZCOz*M74W++Ol4buEO8Q+aSq@rnSESL#)hgVe1BgI$#MNBMs+@MKfC zFxG2fpI8Vu3JOPxdh}B(aN8!=lGIV4ld#ff$8|ar`u?r z4WZnV?R5|13QPF?E)JjqKojs{l)bk}Vqs&}d2Rd#-+* zIQ{r)CuagRcjc8o^r?HrYW$zrmYbi~ZY4e^=jbB?Sn_vLcYM8173C zuI}`Lj3I%|d6E)!YiZ`(llvH7f$my6;}Z6F^r&#XNv5Y5FvKN6l(_1T5|BY%Wu!k%<{W?p!DTs{ z%|!JSl-6ZdeV}bf45#X>6HnSPk1yrc#|+|noRmdIEeV-gBQub^_NRtY0u~Ci{XyUFmmFK@-g-wQn zaX){*va~>7-W<>+0`Y30+n-8}`0aS;qLnmKEHsJE>0O>?sB*L{^9NEB_1jpBgZDy% z*x$VOCZWnF;mM?+oZw7$$G{dXY~Mi%X1|yH&21lW4Py3$jjW&Zzs9$3SV{_!Y7Nx40WurWt=*o4enudC9>7yV;6JJ2i1iV& zg8?&^G?CJU(cHv;#8pX!h;(YDy;z(G7@4Tkm|`=!jpMKWo|R&Fn`(1}ZKs4`UT2;m zkh1Me)i$3V`=!?XB@w?4OQ|_oO|?|d!#l@uot{Vv4pKMilv(t-HM}>I^Cu zH2VoDVvY%8$A{qX(Vz{U6PCFfx2p0-%MK=EF!x^%fJFa?bl+U^uUKg;>O(Fm9r57^ zL}?n-aQm*<^%uzW0|%>^n-zuPap<8MQ`F1boo@n@gqQpODDQA>`>ZNI7+-eAJm-^t z)=4Rn8O=MZ-HsioqInP;?Q3q0$ks_+sZRI;C;hCdgmP~ms47phPx+xNiF!8%Z{4a; zM(pav{xMf(r^zBx1#}aBSC}46ys7n~b(3)VtYp5V{%G_Y%`|P<++mCb4D0goY#`xD zIP~*-Xw?%+LP-F)D^>KA&9M~-q=eH}D_|gRFpz|4i5k112vKn1^_zY(&ZVvZQpE8V z{o+C%!#W|D>9MptC_xc}Btq_YCoRta!vQ>wfHEZf?mkr72AQ+`+jRIHr!&3~n69Iti9M@3BzDoYXbCANW+gTtM<7X>;;yxfb8y zz>7ez5<~PtW(Z*|FSFi0lKI-jDa-V_E`f$P0;()?s+-q&;*mgia*eCajlft@*={#e zZhc~!Vrn)pY)^nEb20AiFkTtN`rfiHjsp0p)#=j3j1a|C5!1u@9v0 zEJMb!HgA;@Gq}tdz%2th+X_tx)qkV&m+g{%@{=Wf#8AfJs-Jv3K@ zN^o0HGp935(1GY(7;}jZQH$o%#S4C!6ZlCq9awS948tOeY5z%X>TR3jm9ft|nkTPF zWKSDUghClP6Hkcn`29ko3T(M?xK*+O``4{NH`N5lp1s5OkKp@>;Gf%5B4AoKSU|Dt zsbAhnbimw?lS0K(Qo!?GdC#A^iD#=CueZ44l$~%76-U5Kd{)w@F-*-XMDxPX$24gY z`3iD|rywM695?8)n?KR&(X3gZpVsvE$P@Nl@t+fyOE+ih`Svh4^R|Xe*JdNsM-w1c zeOnTEF|vOGRV*cg;}agSHJoe-Z`|A{&tB6+r8yB#-T{Bymy9pm7q)?i4vkeyUj0lk z22sD(O$-?MX`hcRZ`cKT(4lfysdRb#DL}R5Zid5tb;rCUGK}2Z$#E_o9gugi-l5j& z*pHcFepjzH)*7g3_r7om&d? zp4T>EgdG2`i2Hl!Kf^HMuRuX{k9Tt3`v%GN>kSQ^R|tWpNKJGTP*(;fQB!(k@I`r< z$mC6ZuCoeG@Q*(z+_iEC1X`;=L!)x?{Z}OrN9#PFpwR5(bDyBUV-ALj_Wu%Pzk}_! zLLPAgORG?6I+*SwaLi48@{q7*074*H<6d%-$z$+2A6V~Wx{c*Q?1qY0;j<)Hl^KZn zl7lYj5zZdPag<$0TCd;(xbGAA)C=W|;{DP}a#cHB0zm7HCr70ekcOg7sZI&BKn^Pl zEu=T0w>62iS+H){(qM^|Rw&Ii1o9d+oj^hz^_{e!$W{!%-QCigB1uHm%)oFulpPOX zcfeOJY{y*g2nz+{0Rw8oZ*CwW&osx|Mh?$08L3axDfT%baYNxxPdkISR~GU_3&+E_Px>U>af7Cp^QwA>X@Pf|2`=x+#s(?M6j*h5u)FsTK+k`vAU(HF-Px4s~)z z=}XGGWcF&KuC;wU<#7r=>tH}hIVdR1!hBp&GJ6q8YS#9k=!uBRrEXzmj?yXwd`5pHV`gVB86rc8JK_?^gK)g^j)2w1ALk$iU z$k$Eo`o2jZo`)L5%#CSF@eEGxx6+&d#SE;sQ~Q$dO=Bbeut~X47C%;ZKjctfOE7Hq zDyxRzx$`UjbY<>HbunY5r`%b!3Ezd>O^12`fR>*J2bk$q9%sOIx(q()6m)X3B&D16c0Z;u1#{Skd$-RxH(Fc1&w7EiU!|t-oi;_bXK6IU`7gdwP>TztW^3Rso zHN_q}aGH~5lJR0&B+?5qL|%F0f|4~m`$3_>E%(ILB`?B!^&nlG5DB-y0-p6~apGrTUd(v>F zZnAwf>n1f_C4&eA&;92A{(^U7*4*qG0_d?K)^q$vc0g*#}Rp);->T@4ye(Vws^f39-0 zb!m}Sg*C&&-MRPIRf})69eUVVru}0Sj9S8E^8;GNS;2j~D%AkRR())txWljls{srh z0+>}XZd(B{nj&oG9`ZR&rz{N8OnQ$*>rddPg# z1^$4s;t=u3+i0DV$TD>VHv#R_(e|_-+eEM0jBh>zM|br$3U!xCE9cdrSTj zy_#5t%7Px+u*^3-h=N}Xr-;YFw4juO6gHETFzj+gIGhLzg2B2X7~H&t>NO z`_~SNro%&V-y0Yb{h3(7U1X9LRZ})L%rG4IJjmqj5o%#{ES)c$mnvQD z4nJK9+}N;;T&0mkN0oBE>ab}b&2@l|D0MffPn3S)aPNyFx~Q~1N1JSBKL}iC>WRF{ zN%$!hs5+8J)Pfx5R~BKvtLdN58%oisl9n0*C-i@IR5g|m49|5+tBhS0seE0A=Ns;l zc62WQT8BCyG;>cxaZ=gXGSkxgMu3XgQa3mf+K-=7OFYqX_R|zArR@1xb~&G0DFoZe za*ZweTXsn&Ihn+S5b+4U&cE1+d3wwc`?_K8hZxTwC(gD>sVc5-+b##)THhibJbgpf zZr%SRoxF>NZ4*Bgd)1)ENd30Kt$92jw0wS*z|2bdod$ z1E|dU0rWJO(tMC{GZa41nUC>d{(v^h-wQ=Yj=Fjl$<|=rFB?V=Ga={S@l`4`F>8)u zu2Fvry`^g3rp&Kpy3b=&Ihd*J;(l-XOkX=jX^O6A)PE2^Wg1Ckn*&q*SR%Lk1h2h; z`?#k1t-MiFliHaJ{<9^Qf~6@QEY3_9_U=t9715}I!Ra)sU*5GozwL7s@u#c(Njf!e zzZqlfTpcJ9Im>Y(SFSag;(_#OOYv6;Sr78a82edYGHDI@e&r<6RBkXN7QnRd0FkZ! zJk5r)o4>C*z;{ZmDiH@xG68&a`mzJygorkp&roM5CxCTM^5GCnK8)k2Z;cCsqKfnk zL*R^w;1(Bqt28J92kt9Z@q&-|pECYG$i?3k4|!(wSbWm4@nmC42xL*-QoY};aYOGZ zs-Ve)E54S{{9Vy>oXV40$oE?o8b?iqkc294{Zk6zauAS2)b#%+dHH+&zZuQ%LhK*v zfvTwf;y1d4;MVDm6Um*=q7yB{Tt<`Q+6<_=A~(K4@Zv!AYB2#dsb(kd^2;6E?1^&L zzyrWzX^$|dPuz_-n-Vsrg>2SU&RcwM-Lu=H#uf%ugYG5ofr}=(Ypea)_jtj+PtU9`;p`{YXiWd$H1)ozq-z2+9|!Kw8QD`I$=i+y1Kl!TE)*WI?1GuT zdb;qWAIIax7%4)v8kJWbXZF8h$IsKzu73vehenPuGe8A#YMJC8(L>N55#l!zC1b-p zb=q<0U%+&OYP;<0^@jU*qb3_0hikP)$VGLzUww=Dz)|(%PF$#GZAMJ>WCZ9oc_okh zIH+&ex`fDqNr9!o9N<7Mqmv7gdaen~2QyHW^QDVCmg0Vi=9^2>gK^zgF4gv*KG&Fz z=bUm;3cOC?da2U!ycX=`^wHnYV_$&7QVuhJ%s;T{$Fg#azg~dL#Yef80uk+ivOsSc z8sA-8HAJG1Lz3T$im%+{cCDZwvb7&_6LT$p3Q2ei|KR}s+_A_r%X{jdv7iX1gMV6( z%yFEe9lBhgtcx5vCP#L2VLK=tJ0N3#f#1VTnoB;;R~rJil4^Nx@|wz2T3L=?BdG=9 zh5oab5j$>YWxDzIHD9^z&n|ck)(?p8SxzjT8-q{hZuew-4GPbSN9N=$jla2yrktcW zZ8z=eNZQ)YC{vDb>qu5=?$>bVQrdg;j-xh&n_H3{2L=u%>>7g^A`qm9y0uw;TCKJ{ zG7IU69||Q(;`)7O;q{2dq9KM>y_*ehuqWY~%~g*KO1zp}t>P)yD-rVoxYNSLC{L>ew(fz|Dt36e7(2lkk%ofMfZDU6ucG#g_)W429y z3uhiMwCuBW!pkjbxm*>CacDLA7O}k)zI~&oRx7z!;3H)Lm`{9wWd#Dzd4v>Fe zLO_$;a<8~BdWPA>5@H?3%jH_ct8G=vJ5<%1j<9OxbsF%q+!&baE=xm18!!!Z+o!O1 z8?$qD@5LKhu2v1C?{?qG1Sw$>k!YgHp;{^MpY1(Om!Us}zylNd3+;j+DZ_;T8XXNI z*#&EBKvxpoFyVOjnum=kmyMmi3{-vts zBh>2mP-5hNxBn(Gp8*hr+7tuemmX<0;PIzD=T0<65;eC-wZmB20I%`VU0Mnw$3Ih-?`dF(v?bs*XOG=uox(igB-?~cJo!+%=PmW zREs;Q+yag36!lFnY-U)|H5Xv|KY~!l-NrcZ4f5HH@0knxCh=Bx*D>ul@@%{jAa&s* z8ioClHGVzZS<%I+?MPv^_-s8XVn5U?bJKX@m*ju*+%NwH!NPI>n>qXd`N~r+eVXe# zV<|C!@iqa46uVxqARJ6tfU6?`o7GB*QTCao=*88^2Fn`7frS7{)?)%vwaT_yT1T*; zaK_)({4e6}{qpet;e)@1erff~^Z$TM#$#*X(iG>~o>mi0w`4iw1Bd|t{pL%5tb)QS zhj$*zX$*H_>mg-vFd~85diJsc%o8;m2`N%T zs~n$PeBtwH(*E|&ww3DCl~L;iYmRxz-$!3095;RMx%{0XPwrj=1sm1w@m{jXI{s&c zvfwNWTV~#^nO+|^IZRbPfYY+70s;g0rqNPXL3!2jhMfEi9^Q6_#cE`yLK2 z7W&sCBT*-@bqLt-EcE%lKeW8GUi>?+CR$Qtzl2cCXHi7cLj-HdE!xMe{2gUQFPT_` zfAk7k-NYML79GuR?knHp7nZ9LyJrE1FBzsUIQpIAll&=5-ROYHl6Pmcnr~pYbE7Mt zXwL%nPNT8`XR#QXGqqGMNrNq1Vq+3@EC6$@5wL>Bv{$iD)EV`%v90NI5z%0npYM15 z${36Dao?x~l&x7>H4}Cz#HLiIE>^cGmNRhKH~E+l*xPZTbZFEc^X;Q*(T3xRQjT!Por!g1L`gi3Ll=>csLde*WTx&d{EcVBV- zm1FMx3I1OJ{~utx_gDJ)KW+$zfVVM7@f(8VKF{k}rMe-5@bq)p&q+#>q5;eI-|kq! z_ohy=jn#GA?i3*xeYsKI27sgrG-ruz)yO-8e}9Leq40)Sbiy*h^x7BlYeY$2U9LjL HJotYAn9@zs diff --git a/website/assets/images/articles/ndes-scep-failed-profile.png b/website/assets/images/articles/ndes-scep-failed-profile.png index c479347c06cbad42eb14a744a6ded4612642e5e1..69337fd9db8c7c4d9e1c8c2f816bc5b3bf902b14 100644 GIT binary patch literal 20445 zcmdpec{E$!->z0wt5u!U7e&8q&0n;}*4&yZW)W(xsv(F}%|j?{DT5<`Oop=LqS z)>QKlgc#DABMmhMG2Hn5?p=4?^{%_tUF&_{f9@Y~vX5i$bN1PLf1c<0JX^G}p$Dy_uLUTs!%kV#@mT7vtn9Z&RJe zOz8fbWJckP%OitFOiW)AE*veLe-WkVB&vXG9eM?&rM~vuB}R z%6s60eli^@N0iQ}RJ?q7RgNeI_$(vxrb=4mT-L9w%R}+ti|=`;Wh@cH{u2_$SRpS# zmH?8|brzfGJOfUXd=M%_v;;G-_HgN8?Eu=_Fh`6n;L`Tth+-*frP3BG(9UwW`yR$cO zzi{!-uORO~gAVMW822UgChNrqn{RA3o!QN=3X1A1adKvI3%0lDdwFq0FglTmsdHiZ zi{s+gqgH29xW?l6mq@LpwC(In2=T+W7ywX_uk;wA>ou?m*x$PS_A*#{s8R}@XPqvwavqzGL8>|1- zzscqK`9lZWg+}`6hPM3{zV|Guh8y!kb7SnznVr<}Ni0W^GxMtT_gC}Fzqt2tB74sJ z17|oF``;mS@Vd!Lp0PhH*vf&7QW%(X0F$Pl6BoAbtc`b zc`?Ul?k0^!sZi0VWVG=5CunWT_Nk!wCcn+^h>I*&6UMJb1a#PpHm0d=7g%nLxTQa= z2qCXKBku5|yK@(;Uw|NcoOv7GUM<^wHdir8cyTj~zP0ChEE8ujShrkUJxvl6Y(IH& zkuxmU%F3RC$fwy^xW&UZUv`LDVP!RCsruFt1>nN#y-(0d>0Qa%nTeKwdu)lPQ@XC{ za5Mfc@8flS=(7s~u>Qkb7{NfIPB0TjGeGAzqty0RfCX-*Vld-H73;iNFki7=_Q`0> zyUeNC)x9V&349a@P_Zf?7fs85V|m~%PAEnN?THz)S&c{{RDzF8jklU54w1z15l?Nn zrDcS8d04c>!qCnrk!oV}qSb?mGslkVl3OFFX(F>`o3S5Uk`o%MB46MnE1)*cAGMDB zMYOlyxap^E{+~ku-DP?AB2R{xyk+OH)p1vZY;-Cn2T6oX*&RjXF7Q|+xXnvtvjPR7Cuy5}f zmC&$q!{VI;fP2Se4oi*@Wx4DKF*cU3#AVy{1PXJ%zCIzqqNd6O_&rcG;&K>S4-BL8 z_YHR{Q0cFl*x3vVMuc=)IUl$NUk_n?WJPvOdH*Jv3jw}GlR~MnI}_J%<==LozbVE zbM6BTuk~;Xn{PTWq@!cTNx87P^~Ms|!1&Oez6g3zaeO$(lMoQbRp$)RKF(r^IW{!N zi0B1;Ekg*E&P=~)w>K=6%_m$d7{f2j=+Byd^fWw+baWJ!?T$VwAd@PfGjos4jiHrL zz4RvEt`(D9>FMr4NhExmnOX8T6$i9{uCN42L~$X_fD7B#)JlYQTGb znj8f+1+{-Co_wDW*W2)q!Lec0;gyqi333+40(B$v`n;b)(%7DccrI>`Qii@tx>Uaw|C*20c41|E|nkMwv=WLRemv?9@{ z!hy~FdR|FPI!`*?GwtvJZ1z)<-}C*H*1#2j&EQcu#*$B# z6bKi`(}Gqu3FE}?=gcF8g0fA)8qHt)<*`epyu?4!nkoxw^}laguvN9Dq37`zGV8ja z>8C%T*r5}qZ-ujFIFc_u4beVIoabGbv<~*~y1AsMUN`QT+_!&|3fZ!i1gtjIfjXap zR!4q4(uL1{2}O?aRfcxTyQ*8_DA@5( zwNxpU)uUp{^OG*T1}(e_Z8dde6MDK1dLNRGnUL;Y;V0m5cV}iaH%kaoEXor+f$rQg zNv9G~jtf9QqC|2IGA=HNo@6sw`C=lrFXAexbxg?;AR8&zDW&#}`>5@LLT6Ln6TT~& zv~T_`pA2^9QpPQa<&1}_u~jxU8I`g>EH!3Mizqp}C}FKk(9gksO$BK3g2nTU6F@F5-8gKKPS+7FZzlvHrPi7(?j?{Nhzn`UTcqO!5<`i2X{)Y1l3Ap zT4sgN56YULh6WYB`)BvM$LVMH3TR!+@1jEwhxl8C!XPP=Q0nn^p-z@`(=^e=K1cu2 z$DozrSMGkHzdPI?T3G~JT);~!K&Nx}`47C%exSv(P3ww6ChotzM(;u3GmyfcsLw{w zrcV&$+-KMs2Bw%Sv7XhBBNsxR%J!w`78>M>lswZi+U9&)(uqbGRT#EZR)RyI=_ckD zZJE-`-Dagt&--w*@47#LzF1jlf0CX-oi3qf(tch8&s~47yz%F^GsLbYghe;2lhtr2 zaBH?ZU|UY^prY>4d!Em9@^szU)O>`5z!_237)c|D-v-zl&oi`^?=~mIbrT#GIivU^ z?X|&=0Gm;jDopg4s*cjF%PbEzxs3d!ivD%CyPnZ7u8v#|yHGm)xZ)>9Qj%y=UHT>D znHunY2s6ZM`f`0fPhyy5zVs17{#vLqDDhy&)zU2wZd8d+3p`MD$;Kkqg|kp!klx`Q zD*0eIEIV&bWs&hxAE=y!^6_tMhU_FmLFaKD8T9<*I;%HHoHbbh^O0=Jy47@;H6P0VBqEfT zoQ<4gtRHJ1O$MG7%(RU3a0#9u+Xr@M7}SP|DdO`p#4|g#^Ng=~j(ywm7|94a{&gM- z?qY;&6nnP5NR33Y=cl>469A%4CqHLX_wDO+Ui|b9{0I;@F|pXyzS*m#!J2u^;aA~6 zBMI-B{R{vIYQohXZSyK*I%u$Fe<{?)IEb5rFuw*SNnGqLct%Z3t^!(0ZhmrU9KT&2 z%QHrqM_0Q%&}-qPOyH~t*G-Wp#$T(}Yh8My|Li?-oL(bPH+p^tX`cF^3j8gvyn&za z%s7qg^PH5_W%(Dwh&S5qpMGajCGGL!7H$1h#OWI>;%wL5es{87GvUF_oRu3@QuBM% zN3Az}BL2?g&*lNjqIa=;GAj-qxb}U-$6LV4L(fFauk&_nz^TgZHm%b^$&S%k^8lL&uUh?N1kcIAruzF)E?_psy9}(@`&TMM5JyT*NrT zZ*tcR8B?5eokbJtmO&#>-Fq+c)`*B?Lf%}1)!0bbQ$XtTTJ^p&Z({qd^1j#X+=CeF z8WtXwFSur;0j=u?4$C0~)swz0R!U_|Q|4fn3v73#=#G=PNWRB{M>_6V$ zRDIRfzDjG3%Do3H9`Fa%nn}2Cd^YjhhapWrNYu@1j5daF{u8%(s&Ab~33D4%HCGy@ zMJRW35^KM5tb~CVz|79~G_%5A#_e;;n*3{$@@YM)v0U$n=O?Sq@=i znFG~ooX5JdLYykcl)|)}kJ?ZOG8*tSM6@T%7X-$;2IyA(YN-G$@=jME%cL3gs_R@1 z>FTb0!C@=r@R!_b_G%c5MD#`2nln{po5K?!C0Xnf6;6|)c8`3_qGHMpf9xL@? zd+JO&^i`NKl96uYV6^>}jJ`!IE1B1L6fJJ~G(F%=%Nlp7vPOM-g0k`?h%#KWQr?3r zY-i;{2^9_BkT4o;yuY`b1x8Ds;@MD?=PazKBZPnQJl^vToXivmOfTlG^u?0Qbp!RbNMT==L@p`Y`-zrYC*4J*$%fR#=sTZwxPJTVyA#d7VE^u>m zYb}`R)&#Z9_6VKGE$TX;k5cdc@nJJFtJRBJ009b_oVweF&?{Uju#?q2I*Ie&;o_TU zgTnYpBwBv(-zN}YGENT-4!Z8Fsy(|Tfc6()G{>|@8LN#IWhg#Dv=s+7tw(3XbrR$= zrjJ`XeO5-g_dn{rqK|V4t`py@wALxGxL+aw90_Chx-4^0u z(}RQ09&?3MRvmx+8!u=1;zY9fxhrBnjr10-_9s2MhWYu1ldmmTrRjtxGf@j0{5iaL zpX^e?; zg0Y(R9uHMakv6f%>_F3DCArnau)R3s#NL-ihwr|N-B-AHnSKGYLN_u;oqL)l4Gj7u z(~E>BWJ6jBXc;E9C>*QHRh&KZ1K5?a-_tJU*gr9JYc5q=rWW=Js5GxU7J_b`eeR85 zppD1H>I?f7p~aSGb;wU!okN!>tH+`WVFY&TqbVbs{r=8<0!jXuU_g>{VjhqWJD^H4 z|7_c!{nU33S<;T+%zKl^^R%t1_*jMV?mmj>9F*dPMD8_A{8@P+q?;*ZP)M3_rhm48 zkNtB^{b;PEYKBG7$tn8vEbiz)0Lgke_BYT9(Yf;E77&8BmW{(Wa1R$0MH_M%EbS{P zO5!V*Usc;OGrf>sVn1I&f)FEw7w>1Q+Wh};2_O32Ywi>7mLSk z8;j+{7?HZqz~-_!Fb-^yM@Lymv{}*6QN{2L(6v!%%~Q$fJE2dDWYG}oqu&X(#w@q$ zRbg4f-YLTfqc99fjC#~NW1XtK{qiwLjUcQCI)29d>2~(BIk0jNF6X#VxVM|@C_Nim zZqRA9D3BC>`MjrpTJ0zF zJ0mqg{V#kgCO!8$%{p|*hE&TJ#QM->>HDfM@k6n4)#K*~(c_R~vwhIlLNO6Wq+F^s zhz(umP47spOF!5MrCAd)h2eYt%y~|fBSMhB(H49u8C0)=sKB()ZG+;^-pE3imEm~p zh{fajjeEh8ag^gm5`1wupom_+h*y~$V7$bF7lO}=`d%*=lw9o2plHkU;^x=sw!G<8 zFV;7S-P^0*EvmgOh(6svL|SE@xBVHxKebP)3Z&5eav`f-o|Xn-^y_{aVw-m~u=jqj zTRY20V?$M5A1t3QJ$>3f3He%G0AUFdG|78OFQ0=bl0Gggw>oQwTrNzC57;+H{76nj!iR)2cHO8&cw+be6G3^~z{N|>ch4i%z(Xu(Vlx1L771l5Hq<87PGc&cIm&b0Nm(HNlDoP9NHcdG_`elOly-$YLe0QG$tbXib_IcvLDjm!%=~UoTo*#a1uxb*zhho2##eXYpOV>yN)9H*7 zy1`cz^)}kUK(Ii}H!&bcVE^5tv+9iK@H{2j*tgPYWxocEv@6Z6M0u7ipZ_4O5iRx% zQqgT<_35IsN2HdK^{JZzAiC+`{ZVI6GeuNy%rFWST_Ovd=5|>*qy*sWQF#Hi*t>$d zqq=r>hf>b16zC*%{KXj2ln;`CO5HEUGF9YDSq-e)eF~4)W}mTDXkR@P zYhM*bt$e1}@IYM(v}=N5R`B&av-K%h5J>;j&^;x1*v~w9X}2bG`9C-5d2`1G*>-VM z+xjlj5hj!V2KpHlr7dH?R8^|GGs7uYmWmK4v>jd5v9SVSEa-JQp^2`g--Ab9S6(T5 zk*`>ex|GId>hUZ;A@{4@L3>xUL+6CX`>={wX_=K&*KY}-saB+Bfe*4wRyv5=XcfTc z&vzC3i!D{o85YjfwnQ_Ec#u9udcVEoWI`t?2icwGr?rkQy&_0#gVjtBus-G3&} z-Wj4byQ-!R>rd=XkH~3u9591#{)h_Nk>1xl$WL8UG$oG8sZ%Gg>wQtCtqiWt^cLC5 zDvqM8z&~q?G8afjF(|)tBs+JC+t=b=gL2qyRBt>(Z;az1M+f6!uNq2N^LJxQXYnQV zSDXS4Ug^=d{CvGdL8q*Yz|@2aN$+prr{8;k0hu>I7l!b}5PW@+N&R9d4;;;y)L2ay z-ZktRKnDc3+iY(#v~wx;n%v~DNa_ez-laPUtsqL5H#6-ok%L$c;&l#f_Q{~?j`M*Ex{y)X{k@oAa6I72zm_$NYIr!w6*x9x#OGzg-VyJy^GqrI9;D%Pni^~$OBXS2 zq(->+Z9Ap&GSmhkRQTT_zP@w=2FX3^D$XJXJl>6U4hIyGLl1T?EFy8uZjTW)d9tS% zP*kh(xkSj;Lz&H)cYUfLUU@`E1=0pOh!vWC(0Ri5R>Jt^#L@f0GP5Y_UIsmIZbt!V zG;*$GHbW^wdb4-xoch67(J@z3LR7YAO3|MM1@_TZwinX=2_DL+hI}ci>JAAVe7f16 zMnyUR1Qd^jX96nd_F+CJN5I4JkTXy_(@77XUak5XSdC6o)A8u(RDd*2{OR&HFe-bKFTK%${~Eek$l&?c&-1f0Fs3-l=$ig(M|7v_FtjUHs?h{e&V37B054LPl*RxyZ(be$sovn! zx88>r`Z@@?x_n%RYc!)plG?N+^aarm?#|2)@4^GYkorYEzG{6E z2{MV?v{ zFw#ux+Yk07(C46Yv8DqK5-j5TSVn#%_s03p7R|T_`+w6IP zx+d5T5z}LV_Fl^9(80%I9a&_L@?-k75aPIa3RT+2FmT;R8Ntcn$XIJS;eaP+1soxu{rEtbX6@!qD~cn8gavmIc#a#6%0~{o zxeiLRJDTXZaJl|UxJS*0Q%ecD5_o)2Ve1x+WG6l3*@|s@wRUJZS5grovmI6h8ImqI zcCoI93t_|L?<}PKN=OK$gt61+3O75`c@cA$rv=J8rF3d8N+>DX(U%Wby10P!iUoI4 zAtlb!zv%dI-SQ{|uQ*2ng$NXoU?G|7)a}kf#G2ivCQd;@rxT?Z_@SC_b2&&RM~bh{ zT>t_;fFJL@DT7N{sE+Uc3LltS3Znam93;$Gr4oWdx92bP^(VS2x|8V};Q0k#5OQyh z+$wcPEK60oTw}?2OYyo>19P@uDjcs{(3pOG`GmP)DiA= zoJ7?=*l|Bjn;7OjmbIWiq@%M<1v&Q1g#Z{o7w>9+_|3Vs00J~S)SKokg#p}oes&^LG?(5V&sf~mYd&Z!KKA8r$G`7afM!Ur z^YMyCgC*oPpmmpmFYUR94}VD$Fo>#NT^V0uWi#^a)2W-^Z5h!yjzyi)iK2Kf|GA>D z+5%CM?q|+>X~O=Gs2x=(JL?4qfhry5MbhQ3WY-h*Yx`0}en#V2>g3|u2j15yAp55} zG`U?!+FF@Q-j4VZ2}AcFY5Y#9U1&<(1hjsvP|Oo$H_OOO3nxL7uc)0JI!@IcS;~3h za*m*L8vDREYmm4mhP{-o%Qu7#x172ZTrCkx^`H1!O`d(Y_&w=VU!?7`C>6z7Kf+vk z#ZhYcQbmaUWy_?C`evN^go}s@*Wh|hP>&0q|7sil$9fT$ZPX3V0C~!rbG2~pw2LSe zVtL-+vN9Suk-CpV&%ahl81M?yiPAd`b;;yE#5B@>GSZ}SaU$Z<3uo2;zVj3;=wwzj zA)GbAGgoR-CSBpCcg4c*X6C!$;aM}@X#GjEEWvZA@@WD}KSuhSL@JX+C0%~wjLYEM z)$P@4XnL+lDSK~0luMI-7E~ambfoYux9dFJR`kh`^r+-lRzrz$jn3l$FiB?nr`f9r z=C;R$Up1j6329j+ymOt}Qw~^}`5v@NY($!eq>{LQaH>dZN=eImG_x3J3sT+Yd(n$> zM#j%)QqRz;Ks{*3R$<9TN0|@rbe}Dbzr*(W1&kI!wRW?6exoPyFQ#HHRCw+14{=Gq z(T5?TO{|+mArVGX$v~v3`Fyl43WLXTd@dkvOm`;iU8D!M9EO=+7`?F_ zVUUwuu&2{>sNZa6%x!TPhH-iZ8g*AMQ?$7KEKquhmx@!F7cY|YQAI%r8;q#BK^WGv z9M#KMYwU+Z_xat3_n$_iTZ@4?o1uJwPSn+v0SF><4)*Lc(^uqR;9^;@fC!{GeKqHt zZ!kwj@)ub5)*?!Bq0@hDrq9U~K);@?*0P80c^MkkZ^qRYu;Mn7Kx(1OSb*jykChw2 zmUT~?j+gpnt$*XkzP;%&U`(H)^3ornHT*46nm84ww}m||t9B8yMSNlhW$Ag0G_|M)*z)`ltI$E@9v5hQI&<; zF{yKM4cf7Wy>H_CH&xknDm-q%nevr#4g?2q*v>H%h1uV@{J#nzi^wnN#!M>R44jQGF&{_%i|JKgme z$IqI=+?KR3GCxf_xaGGA#C&H=;MJ*a7TDPgy#YY;&8h}H4rV5%?^>0of7bXOe(jlN zWn#K6#PcsP`M;LI0GUw!tMVsQNHHzqoOw6vj?77cX!Q5>bN>xFNz7kN4-5`}&6O|i zaiDtbcS2ovMg^qXZG$r|&@bL|WVLgaRC53Luy~1^q4~azea7+?yj1umxR*xSRoJwf zjsmxGRvwV?v}v92ZU~o+J6ft~iovb!nXs3=DMjy%GfZg;U&)WdyGPWH3M})Iz!(AC zVMO4HR7I9?qUtFoKE7`;wSR_|dV7Pp~h&tih`$f?T)tUM)xl; ze50xwIHv%ea3=PAcyZ51j2ulp!Q&@Rql76hN`Q=?*}I3MDd5sClS^?o?@vv6O`c({ zng74Ap@gKQ8D}z3%K2vf7MS;mY?eH?{ENyH?^)4^r2ST&W_V8%6fK=9bvVop+`sv7 z_Br0XR{n{l=NnNL3C1vEBbMD|=T#in&wU`aM&9;$71d`f?)~dcmj2vALH--lR@>V6 zmY}MM<)eOCXo~bd-8N?9KSfEtyW6f4S&MwUu4E`qlD#zk4D-HyX62VcacT4&#W0`j z(&;0vrocJM_NF|wQ@$zg4G{092rFong+Zk6AP&WJC7Wiu^{Q5biyY_bdnyz#YY$pl znm6Na6gO@&xG@Q?a<_ax{q)ULw9Odp;M1nqOLN^)BbnTY3oOjZ!g976(g+nb8(G|N zJuY&2e-8gUt$cFoC7eHGe{0ECkMcv7|3A_n%YW0KSinDvsx=Sf>~I!Giw@}y#@fYh zt=683pv{2!UlZKSSDYH;><*-JZIq=rQ|7Ir?03dZ?f^mNHO+f8BL%!C@7kE!TE4I; zo}E|v$3MZ(b5D4T0xtKDGjTvvUIyVNazb$9;16B$d!A{%Q3inmr_)AKCKg-+i+*IB zxT2)ZC#cCt{8H1!kw&Mb29gzAm8c!J*|RfQ+osxOuG@1*Er;3x=7;##!TdLgb2ZMk zcr4xb=N3Xk=p<`^>$2a}bDWr$~5UZ~hY@_d zZM`@shPPPEUfkxq&g}>Of?4vHO^7B$E9|QrJ%1kflTJ=~>deGHEut_nKDw_BG(DdZ zoi57oa2mUwGf$dDuqTnhpQXD|tNFcO04!TC!dA9eBsHiqQ*5`>Ccb`W{oBnu|3l=W zA8+Aff4yWEMgT(N;C_>DYl?q8XbH*C*{)b)hcBPz zsRc&&)aUdt6z!~9`JeC4inIMlUDOJHuc{~j1Ap$vC8@R}x5~Ut!*|DDyuQ}5qo1w# zEhX(n)25>J{>X+eUkqA<{CIPh@^QEV&3dFbFA&PaWcjZEj`E0@t!ETSj>*G;uapmKjZ8K;oTF>XNO%i|Y5n`6|XZfAh>wjJVvhpN$zyPvaX&ukQ!Z-E)# zDV{O7%Mkk`BXgrK<1I1E_{*VnjmQe((;UzI1K!WRRYFQtnm_GCebbQ>UfP##DC-vmZf2V z={c!QEr1jNz^o5IIF;(tU%ymctUe!aEu8VCaMJG8@Kr=M!>{ z5uQUZNnq5yS9?wx7hmHqjDEEO&vSA$t=z=Y_+Vzk`3WUdtrI_Hq##klsD|x{o*B%s zx^GaYR8EU`%AHSYvbb@mHwxO8Oa4A{gLqcuVf+}ve#2)UXfu7UV6K*3V(6L!$YLlN zOmY^SF&E)dkuV3W7e9opb!XSfYC&rT%n#jPOMn_{phw?g z`t4P2?(R7bG~x;oHyk~PmUIB9+FjGVe>1JbqH0&M0IZ8B=t+*-Rk7E)$XJyhcLBta zSPZdzSt}+8wNfgFtZ64)A>a+;aCauq&&j~jYim-O8BZetc8kQ~DyIb1^e;p85lkQ{ zlQ(l%G~YTs+sPO&-e5-4B~MHm-W5QaRHb3+3300kb1a zNJ=vWQFx{9j5LqdqOH;qj<<_$KS<~?r(?J7RzfU zPBUH4?U!+xrmO$hrc-wKABa*pwoL16GHunc!8A|FWK%bprLdq)+jQOCqfbc5_v_a) zcGsKy!xkexK#w=)i<~B|zCMC0;XS?>S+jCTDlkUqga@oUr87PM;*%oZ7sRtIpH|mA zyaJj%n`bNwV8+lF`+RHid#9UJjvm-}Z*xtD($)xsgSm#%X+_wxpEM1sj+vEofN^G{ zOGjUqlhD`|d%L1TQ{RVtvCDOCD&00(qF-`Lxhj(_fcHZQ zMcwnIOtq(eY~CN5Tzt|x)V$b8{qEjpG0^h8##}8pR20%i3M=roUwR3ls`|&H*3=N( z_7JVLxZlT(Sg>ID`qpyMm!6}h9_+_D!!SF#uj_Yx%Et<#Z0WXZbDiA!aMx_j)_JDo zaYJ*}rt%ut|F&m=TDJ9}jSXiJ81JQ{k z;Q{9|1J5$f{#We(U~If#V(5qGSKsMWeLQS;>Vh+^ zr-J7s$pJ7gdzYZP6gq&V7k!u`n4uNi37||%zYvC@&za#bo34zjP;q>Wpk{lm4cK%9 zP0Thr|6Y!{v4kw0bfHntd($D;PE3D@xL}ta`OSG?Y2OJ*I?c_-$7J#dDEHwv8OKKh76xk<`W0Fvm2vG0blIe6 zBi_a`hT#ghX7g-pVp9vO-@_y0_8D18&X+jYnXmR_2wb^;7>N{TB4n;Fy2!n0IC)hM zgX^m$qc#wo)iY7D2D-XmxZUwk8~0U2=4#^KB)!_hfk_xV?AQl?V?Efd#CfJ^ka~x< zeb2b+`Bg4Wrw66aGoetV!9fpXcFPE_!^oekR&wQk1ZNjdKn^H7a!7Tj;W+Op7Wr(e zU@v^=j4BMSuAj_#y@FT>eVJt?QSeLO%_-Je5UTpaxS&6Hm~fu$U= zcCK;MGo+Q}A1~C#sLSqUyyMS@+)H$dcd5Qzk5LgbY;E0JQQ#ye&!GiKUW$$2Vrhne zc=gi1k~L{bwW*-R7lSR`YOnDsp)oD!rS5r3XnvqHxUa>m$8{i>Y{fhB=|?cK&ORJy zJFggmnF<$)8zQHF+uX67Ns`fDH-07@%dch4;ZCe6dIzdr2lp8Zh zQR?vtIiM{`-C9*z!%y-7ZS{Q)4rsCj$xfGhbDf}0V^T$K+U^{3J*z*gcw>Gx5b2l? z-X3CUk>4BXu=u-Yhp+spCHRB}QW_)PwkoOhK1C%-ZQo3TRwn6fO>G^}5StoC`XK4_ zXf-w2ax6tOSsQ_%@9u)b)Bl{N>JrRBO&dl#skvq#ozXU*=}(HV@RR6-B>Sq2Dr3^b zR93J>WFPx!lTDNAt%bc{j8XAA1*0lv3yH?1$KUkQ?O1uDG#>8NPUZ1R&h4skf# zuqUrp@JnKWYj)0sL5ZrjS1_f`Zw7#xG|}9F&B;{q3>us&EIxNMEoR27XX=HLJhv{! z2~byf5t#J1;(cg6*ApimpGP6IK9J(1TXViyD=l9=sR+zky76!=IETjgVP_?~nliM57?P`{m&!qm^w~l@sZ5bXV zkQSS}(Tk-x`~OPda;Vqj(sOF7_kf7;)40l(JEbgq-F&Bfzu{Hqfi~rH$P2MMy7Ynz z5%CF&Tzssy59Fo<;BA$t8mDFL0xvertr{ItRDAYvZo$EyWv@O>dj0}gX}f3ao~{}A z=^7RYJJ>jQm`+w2R%RT%UEX{5_71#8#W>NCo7niG`cBW@KLfZwfED@%X??iZ zyuLv{r*MCF&*unjS+5H6{hCADfrhP?$iAX_nRPO;B@Sof>L@&D+5D~aAA<@-qi>(C zKXyVX5|p~ctT9lb)l!^n5A{u6$m&DP%nF85K~V^SnAwf`9=4bvc+06N2nm|$w3?N_ z6s+g4-%o#*Q7ZI-#R9iw4dzyj?nGuI{rl@V$csgbmQ^0L$gZm6eXNgV`Ncd8}$4qoXvF)aE3ZD_Q;662FvXo>TD%$cd_Ean_M9swV|(% z=<<_7ubi5-6X->}aCdtjW=yD=7U~H`nft?DaW7_YPgpFpS<=;=Am{Yk=l3MB9J28Wd8=O$GXGnt*b_Y{pfB9t>aIbJ@`tKr*n%h-&6`1{Pa)vWz7MX zu(@ln&LjG(I2&qQz~&f4LJ~--C4Sc$u+C9CQp|HtM)MvW3^f*JOAjV$PM)(<3;G<~ zV3A&yTe@|H{pYqZRKH4718hn=uT~)?IzIfExCQ#=JH36C*7;3HAgk_qTRSA^>t~1o zv_6S$hwAsS@|FTQs}k;a`52fg^)nXC*|qW^lxvl6&zk|wBd3s8VX@OR5JWFPdZ^a8 zQ-%2Ju`-SmS1*oZ7@tCeYvL{a!&H22wv<$jnhmOoGWp0Q>NwE%8lmA|k9@dQ2NEeW z@niWsPv6Fp7(6&fHIir+N#bVUyd)8c7aT{$9-ws%BhtqeuEXzMfLW!{v4`DWQExyqxQ1`CO z3X8Up>+H5);i;tDJfv*FR(_FP_Lim?DO=APnePLRjNBRW{-%~6DE#V5ld6uRhJWGI zc=IouXTRbl<$UmPwTJqc7uFy~b)sgGC9z^DKyeZ0XwRp<@sL&ky4d3C``w1Xo>%zZ z+&9J|n8&dKfx41+i)8Nz<2_FTrb%xoRlSImS^xG}xttx+u3`fEGBVgAK^tD)DsN1W zL0w+Lq}TcA*Q~8mC8VH}a>a6Sqm&)zOCBR#>U&=oDFeQIBd}L}X{ee!!vk8@c;^%qAY5Uu1WkDx%!{fX-@Ak}4bJWMJ zw`E^-;r>Y~DJ8kZyTX430ZeX?()?DR8+B@E6=HU!8q{#Y4S*5iqC?=>v+LT4=u`RA zP}_4`cONoRscoa;eWAUF*T?}KtD5fQU2*18-l*Kud)n_&{DW6nWU8foN)7Uo(DbjT zR@t}NEm7Ww1V^LAPdI<28jGPfmte(W6F?!P@ zsCq>1)y!gUiG}9sscsL?FC1JT9&!b4JxV=uH;N@X=}(b+Gr!>iy;7Z4rb$mt_LoXc zTSe^MOr9f`SGLp&GX2@Zc<^0Y4vAjENrNVU+rN`@iq)^7!rM#E6uPxeqFEEtFp}48 zpO^^>2fZqdcR}B_S3w%52pITe=}=6OF=@4TEnV=OfrdFhgKm`?Zin6k5}V0t(rsv!%USr}}R^^qkp9rPz=S4o=tXO;fqydGF)xo0WPr=jz+;m z>Wf>>sX@)m;icrYQ%x$SIXXt;qpj(BSt^my0`K^sd&v!mws~+-tFLj5c ztR=a=GPQo3;J;UV4PgE}t8HlxS0@w7H5spHthL z%LRq8vGCB)-@CgVJ`#KaBy}LeW&YJ_GB`H(XUToUB5m3ZC6<5s88yAmX}HkaCi=ak zACZ-_MJIM*j+B_&Z=a&9I^<;7KSb8h@mrMRbRM8UGxnc4()(3{7d_O&`U%+Q#5et! zja`yD+qPnHBKQ=e$W}NZbf!%sma8w~MS{$FO~EEMGMoFOHu*`5>t1kU@r(qQP;g1o zn2+Hv-Y)R~5pfFiO}+(jWbuAYFj%is6QbZF6=yeKxFFXFimn$NSU(txxM{1=xp`qo zISa~x+Ps@35UY0ag8(bM*tjn_1gt8sE4UFAhqg^*SlDN9_W~xadE4eb>LJ8x9bR~= zg!#AR0{#kJE}IPg`so9e*G*4wpQa?UN4vG@pML2+!RD~N27FbkH~O}N$~LXNItyK6 z^kom9y@t7VNcS$nT!@k-8l9v^Nwz!hYMiD+<}6G%{{qfSJ`aUWH~D)DmtJkFgN&|* z<@9o0lJuXeZLWx?o4Osa`0WHw z=3JK9WY&q2)TU@#*u=KkL^$%_h#ouR-3PLl<+6E+w$`azbA9!~-Z#Wd(4+fqM5?}` zFZFql?Mo~&cn*RO*m8B-H3^nE+VTf2{$w5PTil!4CS=JRAH{^+VAwGNhP2yEaKfbGn0SL}G+9;ndw%*_6iu$>!?a|ydq`PmS7h!$) zsdcJr&hXLS3J4A`di_JqTxsumKYr{O9PBW2t| zMPlX{-+)xxrt8&~PB)U-g82U7-drB*6O??hgH_}}wbSI%^4|O!b>CAK4ux(f%%S}{ z)jQYz{Mv6jA_v#D#{3@WY9PS>XSUaG
D0^D=sH7kY8Vmvf!WuVf5hMfz2~47Zj&+paAP590vPeLYttf(k zK^9R2iVz_MD#2jbAsUs0J!}R96QV$RZ)hLdC&#BwpU=7X-1D99o-=d4|L-5~OYIq1 zQ1T^(tL!{;13;$M%D#Ba@I?u5^%9pj_&azf^o3p{s@uIl-x=@;Or{_<5=aytk-1s!?Kb$3_jR32mx5f?2k-}$mvo+ltVQoW*{(hLUAk5 zCU{z+FX$Qy?`06w0CJ~23KMEb6=Op7S2L-EMoa%qKC>-Q~?`d;&aw@cPC!SZz zP^!?kmrgrwj>4IjxlDA7FH9`fJjchsyvtjmH#QE)d*|`4N`wO(sAM+aTV>V4;{u=p zZL!E(NnTmFX;#Qq%Sa@~lE@sr7;q$sk4$l6Ac3#Ns~?h?CSZHrBR5W7Jg>2hxe z$Sd2&KbbU9Dx{ll|4)DS0x?r3x0{r(yHpotkAXT@)$OIyc@-#*CtClv(z0@ zTHo20wLJ@T354=CF%3{0k)Qdvo!=2<>xP+&6_x9{vMP=)KTOkAaqQNgq~OfKA0i)) z=NgnIew=y@O%~QFLL;GVLD`Rt=@&E^`bgAjmjkKMrlY8pzvznF?^U^u{RqY>$g`*) zQjNkWu1!v3w3&HWd57`Fd59=NdxCRqIQ;%wpG~P?!nQVXrqh0GcOBOv+A8a@q5f46DF@K>Y9wCxnK^QC&|;s z9=0=K4tnUphCLrg$CR`(%9lTJY2(*mNxs$^ZgcZ9y+<2jYDNh%p0JdPgZ0a#or(F+ zv)pu|<)|lCnN<^mA)!9yQ{+;eOZmB1(^;DFZ_2y?I$EB?3WhE7 zjheW1?3mtX2FMhNe8yj+YQaDor0}>Hc~ZlVc>fw>zU;1HBWEuuMizYcz9APv`0JHC ziqp-FaQO;g(t*?*kFYZ`PDqOr)Ah%inW%BbC0VGhBcZzRG=T)jc)*Kx1xL4r5DTOn zc4+>Ozz$#b8LFOQG#U+7B^17K05;>O*+~y_64o+2Sso^Pt*Pm08iarql3nnFm@7*O z;KoDUtXpDt8ZbMnI__3nz=zxXHP)thHSRQ5WDPG9)z`1Kxyd~@6fDP5^v>-Cfs3T$ zm|V~nEyWy-1;I|BLIQx_Ju$JSrk77#NSdyHdau0__gRcUr&oYYmUxfSC(*Ki-kOC< z=_kI*t_d}*xu!}IEp=el)*tL4@OS_mNqvZi(G)7pbuoJC{td`M2KHF3NU$M7q5(qE z3YK+!yHCktoDgVT+a)R@Q`OVMu>9UaAL>`l+ zCW7W3>Tklp_6^dHn#HJ3IqU z53^Ur@L(!DTZ_UjAB2gRvQ_O|hFFguq{Ac!GX7Y< w=O4y(ue64hU}4XKWzq(d!`|?7&Ux)JHKX+C`yr3om~K~R(`f>I(?6zRQJQRy8*fY5sp5b3=aL3$?ykluUf3B5xo z5ds9rhwtyb-}kQj{d3p4^T(Wh_UzevubElTGjq;_t18Qq-lMyRgM&jV_fbY22L~UC zgM-^dgnz5y;LY5{!NI#$Rn&Zs#bPfp*Q@Kh*5)_Z8!RpBhnt(5>+9>w%j=8FtMdzt zSUvc_KDh1o;J28Z<>mD$*rJ)akF(pi=9Zq)vL@7@v(wWvx+fpMTKSt<_zH;VA0MOi zOx(l1Wj^CkO-w1iy1Lrj+GT#GFnO>%GYh}DzF~YSSGdq-Wfwd;I(>L_0`!OpjYz+| z#K|xdN`ClaZXFO5niii_l$lfUoL5aj%~oBM#%;FE`kPwed6($@B_l7_vPZ=6p+ zLRe%*$*-pB+O~$KuH9YaYk)yuXi8*s_Qcfu`T0e3Y;J1Cuk_5a*7pAC8Tj17^2+Mg z=_&f+;;OQ`^>^n`c}2_c$n^T=F6Qb=M&8oZJ-Vl7bbeuFWo2`Fdw*vKDgMsvv!(C% zxV*FGuAz~s)wL}&`rJP_c@e%UB5ACp=bDjSk)2mLIkoUn$y!d?M#s=Czp%EgeE>GS zxVL|JfILE>PDLe6TM&MzX?Pfq@5>bW?$gnRqNr)QNXCSVJH)>l+RF^j8l ziG?Q#1@(;`eFGC?6Z4JDUB{?18;4+bukZT@N2=ORwpKSFa177|dwhhgD985oV&~_u zDq4=KtJvMW!=oeA3F-`ejtK}!?jM}o*ud`YA9;eX*?H9)n|t5FvANmU`le143VU^h zy}7~GHgvW^vE$>|h%jtn0k*jb+tr1IO<|FTC_is(Y6>WWhOv{d#RKH=^)CtNn6I?1L$Rcay@ybsjhIg44I zAXF=rloTY@R0AYooW@m!EI;{m)nAKWO!wXhiMg1YgC0@8uV)QDc28#3X95fJl~eAtpGH8+hgmB z576W%O&8djO^qFGq~gh1`J}+u8ZTfJDgc95Lf_3=mAMCVqZPfqZEa7|1Fyg#XJWnw zRxyp7kk-Z0nLr@Wz^SpkoOet=;(K#5t{vJIp4{S*%*Y9_5Lwcd)j^MX&nLS>J7Z5| zw}Smp0bw2fjtXK|7Z#TfEgJ+U{iEjV88@QInI`pdmA)8;96xnpRRJ2dmDEkQf4Am& zPkjWf2av$oWVI}6FTDBPjq2$2Hsa)6jSumZYX}^C%d*zwLHvN zC|Q#}PS9)f!LT;1gWlhg#;90s(?B<3H6m(Q1LARI^~JppF}&&R4X4sB`e;Vd3lpXV=3BtAQnWg5mVAPlJq zh;y}6y1jO+Xnr^5)hG6gCR9?=LWj1aOHnbi)K-dH-7QugB}V(GZ}mht=Hjf#;u)Py z=doft3qKZ&C3ebs3)o zkA(ajs6&LeXiL@ZURbk^9NK6a@E%58a@7^^@L+Ypl&q$T_A#t}X_G~$^OXtHCz19Q?4tKt78mwecK=oDwnH5) zZAGl_@Cln!mYYNi%6zu|?ZEUUkYI>r_2gY3^zRt%VW_(*)V8VTYQ)ok^;h|DdH`rME`4y=2fr@`dfMo)G z{f&%ycoN$GO?Gy{nw9q!mFb}O=Mu$M%_OME>!t=QAK(eIZZEm0nyNOZ{NTFNZZsCp zu|cAT&$`IV=B9w|gnsM?!r=u?1mt;Q#i)b_?50Q0=x6VByy13f%rRyq(Qu`WGfW$D z^r?cmlUEM*0YDN5MG~HIC#Rl)W3uFaWLSfWd^C3qTq1MCT^eXW|m)^_`P6k24EG#dv)XYd)#-sAuEXa7ST{ z`<79I`_FlPY^Bx3-|sO>Z}WY5>HanBdIS_x^ILSht!b_u;d?SER?f6yp(EFfB~pai4@g zv6Kv#PBY`hS2Df$KHsANzG2ETOZ0k|&w71lowIX!p9;me{HFY*4j#EJjm#fDFvxa+ zg(4U?88Xm|gXqZ1?;}cKQAqB|5O_!DR<({7u4lN}t{hL9Per_mNu4<=cW*XP2@9}5 z-<(`tY;p+PZt4D2u2dfA*8JV_{SQiZrT2`isokZ$$*`-iiT#YI!i)Wm?F$=j*XY!4 z>8;|pJ>CM=>Y0TNujHgN4f>Gj_{mmAe${WEc=6&K^j|)kLq6Ud z_?83ht=}o_H|raXaaz(uz{dheTs+$9!C@||_K?rXHmDl-R*&~S3T|`?_Z9kV_lm{SfOPr1_5R#khZJ2qjAZCF$dv4{9{l_x0a%g~ND% z{ib}Fr!>{f-$U@4x0rJLd$Ot3XG2=x#Cyo+ogUutd^w{(V22Os`l2MlE)_8%ZQYA2 zWX~1_mX2G52!{l)t`>*N&kILQn_Z-Nr1*yg4*yXs{g(n&ajO_1eofddNIscCWlbDm zm5Boeogv+{&yYPjXGjuu164&-C1@*1Kfo+CbZ3OPj-Xpm#SaSLm?EQ|e5(jjE`IvF z&|?;mgywuwYI2Q9_ zn0;r!O%iG1nB-D8$8wbfL#v4UaicYQ7=3VvkIyk^4@!s8lyt5n#kC>u`@Nbu_TbR_ zRftA-%)>?#*cD0q00+&f)q-i1xbfJbL1}4>`lyupn}{pHJ27jB-};54;!w30CfkEL zUxwJ|uOp6*_)oCp#%7pBScY@~?v6&crP-ft>Tia988U1_t ztl4gSR@-8~)|RxJ4dppinPSC0=iPX8GO!mZ=UZMUV~h-h!lq6cz}{!)9|GW5A~}P} zjIf)Aq>Ox1G?H{6+Xj7UWW-ovbbWHwy6hc0QBC*r?cO}}W@20TiCn_0Z}=-N&3H4BO@D1&iu)oyjRKb5EeT$Mrs?5J);rrQ05cq8urw zPgObE&)k~xHe9!-fURXXU|lYpfj?T2bMU;!Gp8d*;YCK4%wy~)Pb-c1$Wc?sJgNMh zt^R=58c+zBwZ2ZP`7PvgCAb^rS=UgAdA1zh_h>n~Pn^21NJ~o#kdJ%Q{+rvfEY2GGWBK6*1noX$eKmgIP$TG>MA0z zT-xnb5g5&+Xajne&rF1zu#u_5WU(A}KrsY(cDbgi>t}4YXYbGu%4e|T3~y-_gP@oe@kQ$&lUwnxa=E5WzX z+m-3EZa)Ixy=g{>N=!}|349S7*%w-ify5)*rDl*Br|Je;wf4^-S(EVBX^TDs%)%c> z@WZRv?~&|W>UGS0ruPiZV?dO-G0#0cC9f+2MC`M}mP)uhJCT;-D(~w0y(zNcq=gu6 zCZ+sBl->fR9GpOj++tdA2UGI`a{I`@dr)UUJya6aNvo%B0ATQf7w?;qiXtVC) z(mKyLOz2jOs$f+}X@HNPXh8)-^0MJev97*>viRo`xfyEbA=Kg}X^%ZbuQju}M>88A zz2i`cKm8jEsZ0+?5b%)!1pIsek>UU4euNd% z88Tf};Xi%-1-^Oz{|9{J;D6&?^1m$!W+648hMH=SP-`{Ff@SV6NdCn}%KyMdy#3qM z+-_6*uh5-{f1sAB@ZXlWXUKi{!LNOIR0RqNCuY4dCv!82kBdu-OG`_u;pVV-z}iJ# zZ1cI;X3HGZeQn_iVD-k$^=YP3a)YOy``!tKl(l56b(x(z^@C&o`Ut!P>$H+_@j5jxO^rP+ z>wUJTN_Kg6moA@u_kAZ_EJEOeNNLNA-!RNI`@RU^R`C=y=VCF!J9@7eiDTJ`El2KR zWCH3a9z5XB{ESxuz?sk12K|BKx|d4<2_@-CZpE=XnjoB7T<^aXj1kA~FMJ8{kNlR06L4Sob3Zs6t&ayzz0tBwwUbo;yRHu+$<0r$wrKCChjY zf8``|?|>w9`8*F|#~>>v!tCoD?X#1=#%7jO6hu?oS9)IPJ$UcqiP~gqtKAr*aOjHi zQU*{c?TZtR{M*`7)YGO|0Z6((m)`b<3tRQJMAS#ds|Hxs zkTx<{2kKk^+}|soN9vfP;>=hjeBz|0HW$8(Ii98x`@mog?yT5}X~o_tu`O45Q66+y zsmvZ3bOf|ZPy%oy`8&a@lA@^CG7LE>v$|Qyxqg3qe~b5OL(2)=dj!f%!FY7jc}Rl) z?)Bs|6h@nwO@A~kIDHvvai=rR<4td7IZ7?zxD#6TwyY5q0o9&EsO4{Rd-u7$NB_Az zkXh(*keP#qv-2o#=s+WKT}@b=MIZ+NMWJAihU41$W*YfK+4mGNGstJdiSCgovc6zI zWP;*2T>SWc&|GMVfvjc*YYk_W66|`aN49WIs6+V(u~bOws?&oST+hlvQI^#WoJBu5 zoJx5w{skb>pf@!LqU7@MjGNg1gm@?+56J^ESD-(VWfa6+{Yd`Wylda`LWJqzZ;cXU z%^!GNumvuv;VGiRtRZx+X`IL+0(lm`WEBqGp`C$Z4U)a=YZIIouBgcA4l# zxv#C}I_1^AlxsDBsDFYbFPW+{vgYF>OFxW~r?;dgm^nYGN6xiU$BAbqdMOV*Gy)bG z_FoqhtyVRc&LHp07)8h_2uDtffrBsdB`Tg7rN5lKOwxo8cB=vIi}0r*2hMAy#v%5T z;szifSe7`5z+!>TwW42No8_Lc-pqGPp71g-m4ZD#_rTY_F>TQD+wxPm7Mw4FbeigE z~+yQ<)K2ztD6WNw-pQz{NTW--GP>Apd(7yoZSXX z+xhkk{{nNm6j6q$kAS2r)t>Y^Ro6RDSKn#I@4X#?R*&x2lM^S7J+kGN8ReMnh^#M9 zjUicwy+Yrd=6BZ=_LIB}NqOja2h)sU*Pl3~o3p6z#5QxSwUuzc+GCeM?k+1j4SXl$ zELkBWw8yJkXvMHen0GQznL#`Va~rozk4#bRy0&mDY$8|hfPmYP(gmf1-bp{1w*w4! zi+{7=@Fwy(Jv51jj51h&Zu>yIVtWJ#pJ}tWR^3pNw=Au|xT@F$hte3+WS*Y+l+uA> zw7&{Qt4sG0D}a!BLait%&yQ$=CPP|mLt~|@)g0MR45W^J>R^YP+5RF2H!ymd$!E3I ze4l)Levhy#)STOJhpM!pzF+4$sSF&D3m#qo1UVdOpx7Fq((%BY!{}|z^rBWkf*{dh zhH`2mT$t?xHT*&md+~k+YCBRRK~I@`BC9tO)%y0(4r~JV)eKXZk#p*p2cVpuT1=Ke zL|a|*C@#v>(cO@)@4K2esp@o)+BkXOkXy;}qh$~?`Z6I=@pi8iDHPJUs0 z?RXSAjhgVfJ6Hr>7k>!A8x(a+h$nY&aK5F*LiR68y7i2Yvr7J#lYToE9Y%+RJqC@J zwE}QhZju{rAInyOyJUWE9&bbNv+w^UIsD7N)n95e&Av4+mXldx#POEAt?VTKa@>sr zkPzqXLUuF$(c8dV2lIY5|L~oRjM0S4!{x6#J`q_ko@eN$M|&wOt`H-Drte=o=K8IC)5c=S4deW_>h0j0iL6?^=R zFUSlxR}F|Z^N$S>I{Lztbb zx$^F^UscslhkQQklXKLsJh3IskyG2jdqY)%U-1<5thB+83?lt2&1`gMsgeV_fS#+& z2%feo-3|N=%F#tdw)Zoc$Hc8w!+cyAYO>IWDIHAVgvFsKk6oSboz8?AW4-B*-X$us z$uzY!%10a7POUVeMqTY^Ct^i$m)eb@*Ol2qY}ef+*!3z*khB^yfHBzoCl?QxVA=Q(PP(cs}zncDrJDS z!0u*z4kcPihZ~L!GvnJKN+(~?2^6&vO;_%Ag>$iJq|S168!Yg%iPkd<p*cvl(dKL*!%-nlx}OjwRTE2MwCw&iKWK?11z-o9pA8OaNVxO7DD=&xp%w%=$L^5k%)_;*hqIM**h~cszHb6 zxD-0Gv=7OC$99ZticVxWGNo#PpoCj|b9D{2p_!BVKWlEe>!3qchMlu{uR4vjCXSJk zH8{Zq-VL}R1N@qRdpEI+F;>jcldOHE0eq>+#L4=PcTw+EErJyKR(F!R8NT8z7v&l5d>ozh>R9k&7o#Vf{!>Os z`S@?Z;Sz{Gy4043T{Gq6kuT!jNaKN7E5DMQ`kdSY9}5ffDaQVTW!u#sCX|!jZ|nCE z@t|~v>%RdfmC;Wbc%j2?3CNJeGD$`ZBayXhXyt5@L>Yh$wxv2+ zpugX3Y5LDhM#FwH)|~s#5Rq*YZ~llrL?=DK zTG$Rq{;+kyjyzZzkAB9^V)SKCL!_NIS_&&)-$Ko>B;LamFI50ZlLsx%EZu84c)>0) zX>Uv0G$0_PhyD>OWB!v2GSYkB(t@!XS-;X~V*dlFy!}}@Dkm-g;N0zY;&WR9ni(t;yB)2Fb3jn)fX}1q^zqsySQf_IpY! z4<6;FJPGh;&e`nSe)arq_}%?ZEBUbDBMMkVhIE@1T92{a+lNh@ph0QK5WYvre7x_x z^W1d4ujYq-QW-J`HC}vJF6MBB#BDCT0_zHE_T7$6g{} z=pgDhL0jUf!4 zJqQ&6{}T6nD?o}u5X31BSoyQ7d@Ji3sscHPlB8t4K@rqO?CMJy zEQW-;5UQX-N!YD;m+=%%+@Y1dt4zU*|5yBaZc=*dE|PxtHp;m#!_Pxyit>M2{=?|M zi-FOthsv?JkurZh?@8Xqb)>ybB4{u>?>4!{dzybeXa5yRQnk=+q74l``Y*P00`1|8 zizn7xw`K->*+~Rc_)xkxXscUJe3C~)WJt^~m^fMA!h~Le`4wM8V zTUGnuY(7_Pg-YI|rd<5whUXu;?|8)yvV=9g&r9$ydGlNv9)+_l{)X(`veC=sY`{@NCz${Nz<|eC_yGHujQyNmlKYGNqXXxJ4=}NGc!=~% za1N38_;NAe2Y_{@za)w9uKD!?T<))b(U%}CVx+qgzx{aLC;M$FUC5%3qiFfN!a|-> zZ@_)(xS;h*m$_g1BsIO~juK~EmGzY(ZRx%uKQHpnPEK3A$xwIQycXP!Yfk;}W%Y1~ zmK#8W`RBhSf)9_#2P?fR6bgB8SgnFhjv+vEm;)cQ(b|N8AjN2>8v!fAy>J}4yJ4F3 zFqAcCK1=L&6IA(e{B}N4oRs#xiIl6~Rj%BUE*?A|3HkOpuGzr7z#s)GyPf$4H~yE; zWzbenU_0rcXA4*K-47?OS9i=5SSM4&`fS87WSdloyX-r2!puGKq7F2uIFy^I^9>pC zX;C`e#I?eCl|+Gi`gIqmx?4Wx^(I9jH_kzG%0}Cvw$E~PKi<*Mxf=8I51|2+K*Ki` zknfjM8dm0!xg3Ul9g{hHe^1}(sq?5$vA4Uk(DFSCb34?A9!;d`9&e|^0MzUaeJi$c zw{soPrW9nYAUGrTu37R3kHdoW`r~dZ_?YD^f?3|%&v&!y>*FkfypMbjytSf%WyiH5- zkWQE8OGv&#|MI+Rs}h&!i+l++jEuP9wK~J`C|Pp-A!VCuhTBpY00>Fw#;@Xr`9NqU z!9>=LNX4Wt9?tM2T-^r4X6Pkdn{Pp#DY^U5K8Aq0h->ZOOVvOlq4Q}# zt4p=yUwA#gJ8rvHn*yOPy#27(1(x?Plz=o<_08fObHnp%q6YiR<~t_t`Ylt{X^HS; z>H4{hSj5V0)`2I<^^nqjfN zifUBa=T)DRnpGWzPkMTi6{a4{)WJ{kvEOsSs;>wZexuc6l1;YKmjcT+7FeC!{CSUCZ7QP+i=l&?T3#n)+R)jRGeLe}1!JdTEChqPxx6$M* zh-PmaCnpmqd$BF;mnuTcaf+e~_V)&Z6!{h^z69^brw^4Pm%OAv;bxAmW*dFG_LE}m z^Q6i)B*^}~G>(sGY$d2dLJ9tfp}kG-Jfk&5nZK4GSW}u#l@mk_^vly7&pw{-Y5$&f zZ$MINjzB85kyV2L-r|>Jhj?Sr!cFp;*LbzGTPP%`%lDIS_lOAeTE3tAzMcNL58}#G zdh~@AYGcPE^K3a9pd3~&=d{F@x^Z`GIR6Kd>5g&Rw5S1}UXF(*2eVC}n#N`nD53Eu z&qO`skPZFKe)B5a;5`J-^Mn3kl1>k9I3FppF>;MeQ+FD#G_IV^)Y#bTZtQazn0Ko# zspUgk+@p*=D^V-GXzVv|E3RtdVkiLFDUye?x*zJ#WH7U5HUrmzUfPMjl`qGASw44r zS8NH_a87VJ3Y_)vU87js8uD%ihGA1o^F`hcA1Vk&kEY4BYAta}o7lRfN*HMbuSP%H zdVy^$3Kws}4MI7zQ4p6M9KB>xp%|&-z}1`{?4@k>ECyh|zOmpfX(^O^>HxVEcOE6$ zNl1!>6lBIyqYGnSopbeHKIR9RBU`&O$Ify&--sCFlF)Y#mdU<( zW;ct+O>wG~3ef0+nxi*|tNN4PI>~CEv{noloFF^K8YlcupNX{rl*}G8-Kj5(4sbUh zbe#3b;{fU!Qpf-3@)W@Jvlh=dB)W(#k#l*g?xgC&rWI$4L+!NSJ2nTKijYzZ0?;TC zl&yf&90!^CAiq)Kd5I!7-=Cgqam}&|Noz*IJ;W2r;Ns>yiyVp$kD-Ld`iCO9>)+LO zhl*4lpvi&Kzud_j7Vl?0Bc6Qy8n;1)d1}ZePI$5AiZp9iNW^Tt-ff8w9l4Ibl|Mec z^Y&ER{rcR>&#!Um5&K-z1(XeH zoWqG(oFSqR4zPC!W$sM$!-FxDj$Xwj|L z2uYhk^)oTvFEf@7geD_AnC^G-y&_5_RiOx%)`H^`P@!3B6F)dU3OG+520Oie`qZY4 z8uXS%kCB|RTaBeNzAoDVU;uPpWF&PnS&XVm#BFOdV6suLw|i@dSV!;eC~yX?b#Ov^ z@>54tIFQbx&l}96R`df!vMus^jP!iz+aEYtI4>^9#2|3aah_-3{0g4u3nR)2vPX)S zX@ScneA>$I=XyTdjA7O9eKrd3rFaQiYElZDQtH@EgRtevBqI-}d=T1PGSf^WaJbXV zOvDp0n?6?N_xELO^1Y$FXz1~550Cd5;%ECo8ob5q?njO+^{M99eZ&` zDu$E}%kSYZSYE>6+^;Vc(noZ%t$~5JZ0ld*(O|?b|Tx00ySC0o6QmMpdc+` zY%h>a7F@x)uNWMW(O>E9o_I7pkhHdXCMrt@!xy1?Kr1Z>$|`;4jhiSv@>19|$W~9~ zS<78UBJCqFHldA^cZ&Us! z6R9)&%yZQ8jVX{L;w)25_-~^EwUI77e3Rs<`Xmq6m-G|eFN;-S5Jv{I_A3gw%Z+FCH@Dx+AyQJmrMsWQ#5 ztTM8F)JY5^#{CGUmKp~*axok=>O5*HfxQhroZK&9_}0;h`r_=F!S^N!`>THADq+!| z>EaEV_i)hNcm9R&ui?8BzY+wA+w5R^-vMLH4bG$VN<7T+gGnDk)sny(T4e~?dV3&3 zxd7};=()DA2*4a=$nlw{*^iO)26~S}@hnQbg?j*dibzR^#i8rsuQTqty)*|~Yc9{* z(ssz3?QR8 zeeA%M4KgpVRzhCjpFEd9gG)T4AyIB|m2%iL@Z-xtM