From 980dff961ae3b1b64c0ee08f3fec602f627e22ca Mon Sep 17 00:00:00 2001 From: Harrison Ravazzolo <38767391+harrisonravazzolo@users.noreply.github.com> Date: Fri, 18 Apr 2025 10:16:15 -0700 Subject: [PATCH] SentinelOne Deployment Guide (#28374) Co-authored-by: Drew Baker <89049099+Drew-P-drawers@users.noreply.github.com> --- articles/deploying-sentinelone-with-fleet.md | 113 ++++++++++++++++++ ...lling-sentinel-one-with-fleet-1600x900.png | Bin 0 -> 47062 bytes 2 files changed, 113 insertions(+) create mode 100644 articles/deploying-sentinelone-with-fleet.md create mode 100644 website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png diff --git a/articles/deploying-sentinelone-with-fleet.md b/articles/deploying-sentinelone-with-fleet.md new file mode 100644 index 0000000000..3b8324cb79 --- /dev/null +++ b/articles/deploying-sentinelone-with-fleet.md @@ -0,0 +1,113 @@ +# Deploying SentinelOne with Fleet + +![Fleet and SentinelOne](../website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png) + +SentinelOne is a cybersecurity platform that provides endpoint protection, detection, and response capabilities to organizations. It uses artificial intelligence and machine learning to detect and prevent various types of cyber threats, including malware, ransomware, and zero-day exploits. It's a common toolset deployed by system admins through Fleet. This guide covers off deployment through macOS and Windows. + +## MacOS + +### Upload .mobileconfigs to Fleet + +SentinelOne requires 5 separate mobileconfig files in order to properly function on macOS. Each of these serves an important operational function. These 5 profiles are available to download on my GitHub repo [here](https://github.com/harrisonravazzolo/Bluth-Company-GitOps/tree/main/lib/macos/SentinelOne). Let's quickly run through each one and highlight what it's actually doing on your endpoints. + +> It's possible these profiles can be combined into one payload, but we've kept them seperate here for troubleshooting purposes. + +`s1_install_token.mobileconfig` - The simplest of the payloads. Find the key S1InstallRegistrationToken and replace the corresponding string value with your site token. This token can be found under the Sentinels tab for the corresponding site where you want to enroll your hosts. + +`s1_network_extension.mobileconfig` - This payload allows SentinelOne's network monitoring system extension (com.sentinelone.network-monitoring) to be automatically loaded by macOS. It identifies the SentinelOne extension by its team identifier and makes the config mandatory by setting PayloadRemovalDisallowed to true. + +`s1_network_filter.mobileconfig` - This configuration profile sets up the network filtering capabilities. It configures a web content filter that allows SentinelOne to monitor network traffic at the socket level (FilterSockets is true) while not filtering individual packets (FilterPackets is false). The profile ensures the network monitoring component is properly validated with Apple's security requirements and operates at the firewall grade level. + +`s1_privacy_control.mobileconfig` - The privacy payload grants full disk access to three critical SentinelOne components: the main daemon (sentineld), the helper process (sentineld-helper), and the shell component (sentineld-shell). Additionally, it provides Bluetooth access permissions to the sentinel-helper component. All components are verified using Apple's code signing requirements with SentinelOne's team identifier. + +`s1_system_extensions_disable.mobileconfig` - This profile prevents users from removing the network monitoring system extension. It designates the SentinelOne network monitoring extension (com.sentinelone.network-monitoring) as non-removable, prevents users from overriding this setting (AllowUserOverrides set to false) and identifies the legitimate extension using SentinelOne's team identifier. This profile complements the other SentinelOne configurations by ensuring users cannot disable or remove the network monitoring component through the macOS System Settings interface, maintaining continuous security protection on the device. + +### Installer + +From the SentinelOne admin console, navigate to the **Sentinels** tab on the left side pane and select **Packages**. Find the latest installer for macOS and your matching host architecture and click the icon to **Download**. + +From the **Software** tab in Fleet, **Add software** > **Custom package**. Upload the installer from the previous step. Select **Automatic install** or **Self-service** if those options apply to your environment. + +>Working with different hardware architectures? Use labels to scope installs based on hardware. + +On macOS, no pre-install or post-install script is required; however, the installer does support passing the site token as a flag if you prefer to deploy that route verses a configuration profile. + +For admins that are leveraging the macOS Setup Experience in Fleet, we recommend adding the software to the list of items done on first boot. + +## Windows + +SentinelOne offers admins both an .exe and .msi installer, and Fleet recommends leveraging the .msi to deploy. These installers are better suited for enterprise environments with features like silent install and richer management capabilities at time of install. Additionally, the **Automatic install** functionality of Fleet is only available when deploying an .msi. + +### Installer + script + +After downloading the latest SentinelOne installer from your admin console, and retrieving your site token, from the **Software** tab in Fleet, **Add software** > **Custom package**. Upload the installer from the previous step. Select **Automatic install** or **Self-service** if those options apply to your environment. + +SentinelOne needs to be passed the site token at time of install, we can achieve this with an **Install Script**. Copy and paste this code snippet in Fleet and replace the variable with your unique value. + +``` +$logFile = "${env:TEMP}/fleet-install-software.log" +try { + $installProcess = Start-Process msiexec.exe ` + -ArgumentList "/quiet /norestart /lv ${logFile} /i `"${env:INSTALLER_PATH}`" SITE_TOKEN=YOUR_SITE_TOKEN_HERE" ` + -PassThru -Verb RunAs -Wait + + Get-Content $logFile -Tail 500 + + # Convert exit code 3010 (restart required) to 0 + $exitCode = $installProcess.ExitCode + if ($exitCode -eq 3010) { + Write-Host "Installation successful but restart required, returning success code 0 to Fleet" + Exit 0 + } else { + Exit $exitCode + } +} catch { + Write-Host "Error: $_" + Exit 1 +} +``` + +Admin can add additional flags here, such as `/NORESTART`, check the SentinelOne documentation for a list of all flags that are supported. + +## Linux + +With support for both .rpm and .deb, deployment on Linux is straightforward. + +As in previous steps, find the latest installer for your Linux distro and **Download**. + +From the **Software** tab in Fleet, **Add software** > **Custom package**. Upload the installer from the previous step. Select **Automatic install** or **Self-service** if those options apply to your environment. + +### Post-install script + +The default install script that is populated in Fleet is sufficient, but a post-install script is needed to set the site token and start the agent services. Here is an example post-install script that will set the token, start the service and check the status. Adjust the sleep time if needed. + +``` +#!/bin/bash + +# Set the SentinelOne site token +sudo /opt/sentinelone/bin/sentinelctl management token set + +# Start the SentinelOne service +sudo /opt/sentinelone/bin/sentinelctl control start + +echo "Waiting 2 minutes for service to initialize..." +sleep 120 + +# Check the status of the SentinelOne service +sudo /opt/sentinelone/bin/sentinelctl control status +``` + +## Conclusion + +Deploying SentinelOne through Fleet provides a streamlined approach to securing your endpoints across macOS, Windows, and Linux platforms. You can efficiently protect your organization from evolving cybersecurity threats with minimal deployment effort. + +Want to learn more? Reach out directly to me or the [team at Fleet](https://fleetdm.com/contact) today! + + + + + + + + + diff --git a/website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png b/website/assets/images/articles/installing-sentinel-one-with-fleet-1600x900.png new file mode 100644 index 0000000000000000000000000000000000000000..18f36dd9bf14e869eeda8cc6a33387d074c4766c GIT binary patch literal 47062 zcmeFaXCRgDA3uJhA`OaCq(j5XD6@!jwCv0xyT~pTCF5{P5;97e8QElKXQiyj9@&L# z$>vzU_kHU0`FuZ5{ty1Y2fqhh4|48vU-xxg@Avh3@9RE!s9coULCZ{wAjl3m*>h?L zvYmh+)HF0(;G1qC;uaP8U;IEPV&56H| z_zQ`@$ptb7{u)U#C;or?O{Jz&Ka6I1r_R-HaD244f5qW5V7vSH)>qG8pX2dccsddj zD{$aKOfaiYT;eA2>*wtXs9aP&Tiv}E+4-aPRU=o2`6AuU-5uD6CM~p!uMT=-iI?U@ zelUETWgc~N+rF)zPU_vdC9hrb@m_!By@{atyVSWa9)At&a{e)FFNGOxo6Iw3kZiwH z^09q!o#Ho5jIWSQWb)u|nfmJ`2TVh_~;PCP?}ijva3?Yr+g$|s8P)M4zZmx`n3J}!o6ocYRq{nnv@(oC9$Wdd2z0IVo|YVtf9^;8j5pt7fU2Vim*ij zE0SyR{7Zc|zND|O7QwV>X8PE*;yA4whfB!?RyMk7+Ix=0PXTQjY0-VmUhY%ktc;Zg zryCi&Zd#%4b|jGo2Sn}E7uev{$D9h-j7i&$#jKguS00=dVR&5IZIE9&73?A1lpTAU z7|yRsb9Zd%Ysbhz@zBi}fkmI|S1T0a>0^IevAG4WJt5;=UHU9)70nCH+lm%ZR1O(SwlX?AJa zudMTa z*FToszFFgK#DY)x#>(uS)%(Pd;96B%KJS{h^n(mK?H{S*r&K;S8T&R16ds5-a9Y-c z0a9Pv_oN?wM+G+MfJ}+VUb?=!;#@u@_oKLTdcL3`4Q_rH0sejEE7kPKJN}}S z+B0s9eTawj%^O8Rjx0&sxW2G6;GctW^R2;Ckd=SAHwzd~1&3UQak57?|pb?Ox6Q zl0O|lh?09<`MSN%*k4L*Rn;p;IOU06S6hX*PWvWCC0fZXzUxOW+7%!8o~jwWH^rjo zz~_k0{o^;k?1G^+9wRaLNgZE%g`)kQlmld zdBhE~R(~MX!yNPWIuAe*_nqcHiyXmV_xmn53583{uN7>?@(&uZ*lm?gcmi_dG#vXL z-SM7B7^XV|dn_NZX?*-xYB-m(VIw*ntzYK5?TXz8cQ;rCq9BW?ohAi~3Hs?JT-n@~zd4hV;cr`=1flMn-JV4lqW*e@ROwk@j_N zURF~{b99Dd=$&iT z6b5Ey*{j+_DC}jMrJ7pkzEw^L3#Zk`JxG3cRR$L9CqN-PjY>8W>3~X80{7Yg=K#iK zA^ZOIrDek({MLm$#dD4>rpz?6ZJOavsjy>SfsU-=5x#s%$NFm|`mEuG=!xU|u+|d$ zV6$EGb?iHa@>WypL$?5o{0{$T`2EUZr}x2LeQ5DL(A`ON8y&ABH*G%t;DiUn^ea}=C6x()RDrnpR>Z$_!y`=3ot3Q5Fxy~%P?65TO4 zq~u7+|FOll{E~%MfD%>y^{!6Bwi7UdUZ%q((H$|%>JlK0gymiTETQrVC8F|D?dSA} zhjoRz_37Qb;dA0HE7{c1)~m+d#q;5W{oG4SKNMV1K}^5jG~T^XhMNoE9Pk+rp)!g2 z8olVKT#2jvW;p#S)H%%McDiKU0$oL%Br5i##v_M{Ve2R$oUV9AbJ}59D_vO4Y__{} zaiDi{vGVcD(1%2HV^-)k1byhjcLZDr$(k962po75(ap$rwC_{Qq|M1X+u{Q{8~t954c&~t=TX^O1ME$b^^_`JZwf5O?C~pONt5IzepwOVgsTQI z!Qi5W9{rVqfGFP|)a%l#suT=V@tN(;g_V|I?9hh0j^ZeR+1)YX>BdT|fGIoW%V+v4 zC6lXfN3-uAO2E1o)EiTrq1~16bgpwFLV4}9&bG1ohQ{Gcgx!rs5pJu(O{HHH=MSISB;}ELg66pHu&5svL;8nL%JGTUuv$ z`y9m`x*~RZejC0)Jup$4_!~FB2J}SFvNDD*MF%y7#ALr-@W6Uj7qrk#%bb{3N|T#f zOx{N72dV(ofwWj%>^$Vxd6Yk4XItVu z4{VYv&F@4OA@&d?ts?zCVp`8{Qgb}FxwYJ(_29J3-CYkrp&z?gcyhmFm_G$#GhKu~ zeBzc94-Bj2gsL4{nN`)Wb8OjX6;;BLbtdUuG&py`T&?`&7`h2&&&JncRLD?Nnxh5L zrYaJh&TuQrcdi#7ij+OENm|!7%O`-S=k8@n}1Y@&^(iDx&C>Zk)f z;?vZKJp*tH;pHbW`{#UMG4H+vb|GnHPw9l6jvL>N=e%jQSe)0cLBa0@-}TU~o>kob ziq_(+c1^f@@gDVPBd}`cU+x_8#3EYTNtBi!Mk(zt?kO@@Rdq!PmQi*R;wrW-I?lG9 zAYDmaUty;&_#l#bwO?Yg-5w?aWji{OFgN9?TU{zocNXo3^$n8H za$XWl*y;I-!_qh8EkoOa`W-;4g$ETUD4F9UvWneAf7X86H*)eoOPo4jRs!?2h zwsVNG^xD|yt6HhyC$Npk3~71Snp%8i9E*3gI56(aE84NM`Qxqo?hoApbr2g9pX!B05@HVD zFlxNF2n<9FucFZ4%?G2{IqMx+93#TC#(37iUa)wj$xy{0b0nUZ$o&x2S2tY569n*+ z%BHAxQBZ0JaX_fOG`Y^m???-zMU1%U*XV8Go}tCTEVJH)y&^Ho-Ej@vgR98pmUvdse2<+H0pE9}pz>1kh!TOrvaa2!@kwi!lwgK3Z zvw%N*JLbk|B=U*crlx7bQ?R@s7IX&`hNz2_O?J`D^OeH}oZiPNT8>9mTlo3*C0>d$Dk?lZCff zc+Ci0EDCEe+d0mTULdT{mNn!_&O2plM1uuYj-?Z*@1kWJ=koLBgm>&!BK1^7uNE_U ziEDcz7leinpZq!0c{$K4OazyVeHonwlm942 zw>G#g@S24!2!|nilXQozVb1B16$vCs#}fx=dZDxl`0=&u*H8=x^MV*%P**nnzT*9_ z*VI<0jRQG9@{>mWXIqv-Jg`j87SP?6bj;|=Ey6t>p`I}!eKD43&8 z0hs4}BetWfIq<_#u&VF%4+ud8_uo3fy?$~o1QW;q_;qxB`Nz^kf|r~+4t3UnzSPbi zQel!uSrH4>%JoLGK8f8hLYqWf0s2Wp^N%K9hEy!E*aYQ};Of&c_1Foi2 zCIjDlGbRpU(ZKayzc--~CHz6&dU~UIqcexvVUDAL7 zS|m_r%)l7 z>9^pM0i~bQ3xG@z#FZ%7OE*R%-z-rfb>rf~yQrt;>0!eook?@Ijvua!a#=Mlb&4r6 z+Tg97e*YH5%5jYO)ZEL-2)BLM=?kb)4f4&h;~-LlXKE5dl`0ultV~779sh!5o^+G} z3`ZXPHQKRw0~)O-!xz`sg0Rh4tprTO@y*8U7Yg)uXgz5bC~U-Y68E0^z!d`a2fg9f5E-?sryZg&w~MVlvx6# z=Z5B=8L5WPeK6n4G5NZ^rt)FFgw%b}PYlitUb^34E@+tLUpBV`x^=bhd1vN+bwWf^dM5Ynmu*QlpS3*A6gKF zWh)`F<6}`x)?~8XiPjb+%Ihe;s=y%0)GuFKLTrD|mEHgw z$D0Cb>n+WZ9zc9j7y{;AHwZb?tB3@%xX)MX*q1R(5A`Q+WgE0gIt{|q5@7o?t7JtN z{0x*SJA226fi&FwpGrAzl2VeaQvd2gW!i!PP}m75WB%bOE;=2 zs{AE4BPtRA8WSc&#h!YK#Uu4B11f(hD5puy%Mf&`=o%HmcQ%8N+jXpC}Q5#6HkRC?2JBZU4bfbc+V0if=WKA4Sq$fO&^{gA&fnfvdf)f z-3nV}fd*G>OtIfBDQ8-)QC7Wr!R+KHQ!E+)JL08qIgPeT{lnup*x3Tmj2_{2)xZg5 zFu^1D(+?mBh03jqkaG0%3fQxA{Or+F$#gHjr%S=M<3kyOf)tOOQq1%*zzTO;l{ql06o^JHYT_Q~xpuI^0uo-)Q^HDF z0KTTMmsub-b=rzAgZ;MvaDo#BAr2k*hr&Rq_}r;I_dssTe<^}E5kE2Y>q8d+Z1MnR z59CoHpU#b>?Z6^4P(7rGx5dY2ExPfSck5YY4oJI`(Ft;T&wiBZ{luwc1U~VE zSelQO=El1fTM#C5+mX*FA!dVZV)SkXwhmr{EbYz-|In;J$h_~V)mJdjr&<~0m^`Z5 z*ext97EF2OrrK(Tn#LwX#SBbb6iGs|-;gB4kpsr@{5Z-6tM@-dU*)=Ftx)ygJHX*u@=g_`zFyyrU428MD737AvLCce+L=T+=H z%R#8E|5PJdnc4b=a&Q0hQOT^#)=l&XA!^jg>U8I#_}o@x9`y&e_$Y&v;*Or$zX`#m zraJe{Q*66R$5$)D!YXBYb>g*~dH22RrDtADup@*rIciC|Ua{Q>?(VS^oi8U6QIP)j zcjQRM?(V#}`{I>-j%HU6^qRhgr*Gena6=sh&v=Lu=j%^K(zDRs8;BoyZdP>9-fHFCSz+r_8=@NTKz&wfI_F7UPFo3s z9n+F8ezOH(vy%wH9#k%xmMzuA-icuG?9CHd`)3MtRuyRZy{hM6nO6c&OV!m95|33-1_QJ?AGZa`l2IE+m)Nt8e9_ zXPy;ta?X-^G?8P}^3g)k;f&#NOV9;|+$2Y^$7deHKsYWSA=bN_x7&R)TWzzq&RV)4 z-PDR7@@N^-?mhtNeNF7&ZMF7$UYwB5mS4$<7mAvlep}*TFs{R1mBYf~yvGgqEH;fP zb#35f2kIhe@f7Qz#G%q7U(KMCpLPUJ;aUI~isUtN)_{4HjYENI6=1#6CM!N$m>m5t&rkt50hgqZCwHs&K!ljz- zt@mljE7kO8(&_E)lFB$FVQ4K+bG`+#7)zh%+Pgv_WP6TQU(&g5_Ri%)IKo2lc3yf~ zCiP}VjwqVUD7Esy&SZaUmVg}gD51lmP#)C>jC6e>2fj`p~gfKd+j=wb>__D}3 zsWc|vIi=?w=WKMSx%QFYjfkM)o4Vf`B=@v~E$LkJ`52xSnz|iw1Upb^^dc3NYRgkn z?6xe+xi6Qn9CwW9>17;@A3Tn=X@PV(aCQc)?|Ox_k(Pzf`%18dl^#s>Tcy6Tn#4Vd z@oo2Ddvr*4Wx5lqA3S*;fLxARb3;{-3F3qUWc~?@ckBl)WnBFp$A;xbQqWaW8W|JpD39Z@+hQJL*B-+A&KPP7>qluTHQNpen{3+IyIy?SARTj`?7+8vTo?Z z!_B6^@AHEa+K_xw8htKudp55A`YxKnP`cD2DXjyskFVdZ$;qDX3EV=}`&ooVbFjJ~XYzoK|MQ5|H_je4XL+L}!j@_ynXH9@))z zOe($azp{}S*4TIZ3nP8+rJ5g5d?9?Y=##j1h$>%}x<&%S;tOTs-1x|^5Y1k1f0lFN z1WmsD3J?AUXn{C>P>^0{Nt~8f$AP-NzZ$vdL9io!snA0)WjGzf&4$TOW^~tQxH{c+ zv+$Zy){E8V(reJWP2W*z`$0Va*RYVAOSgoDz0!f&QL`?sdrM413Ud^#QUDMf66ALglrvv}ctBf16O?&l1ezGCo&M0nZF`JjUB9FG6STi!unpn4^r01`i zqXSBqK>?te*XAgZ(D`y5iyurm*+KdUoTfhg9UnLcCy=;`YpyH{Okf*RPa1 zj*h;1wXPj~y2w->R_w>gDG4I5J6G?v@@c!V71eNCBy1K|u5G8=egG?_>NE3*iuRQ$ zv9ifwBOL4btuD|AvQca&z;TYuYQxw>M}*f)Cnsgc@5=(? z`J^vDN5d%OYD{kmqLY;!EWn@q+7t5ybrz=s0~gM(6lX3`E$!ewU2-+O3%4ns#utaK)S0V9MZ7u_=$H84*ZYeygk${XrYhn|j0YE&U^6 zTT|ZYn}ubS{qkCXx(uuNq{w0sD=mx?X6+Vu{ih~ZE@Z~%edvm%>H$xzzqf|?cIoUK zMeT(UnmZ7WFNIE0byWI27~nYG?m43(Wf?3L@#GOm+38cuRG_IL#dWjKL0P45y=WA( z$G_iKBGr25Sm-F`rGFg3s&iIG8sB9`q(*S(V_own9cw7$90VPQ2Tb379hlnqsv$ZV zeR|}l=y5x4UPa8=CJjHT+#RQW)?0&r)!Z=*^bt;@5t){ngxC+yH|_eEmiQV4&FhYY zPx-gUL-I_bw{DuZ0M%(lr*aA{fqQqQZXat-YWv)A5cKq&rsfWI)-okWcF7DZYm4Y4 zRh2qzjY-_Y12aDbA3F7gq2}_oj4{>m2t0%c39oEv7OUpYugSlb30XilEqH-~w?KH$;5P`l)TKM) zrq1{g+cI2)9mF|7W({AzS^_grjT+ROMH6+A#oe6_ra225;2hgK-E&k|F=z^j&yJsA z4hijFduL5MrU3Bx)OHX=N{)Ix5j&bVUO$2HF4=HZzp{F@lUijfH%^gVmUz-u)~7gy7so zq?9ngf#p0Fsu8Wl)<+z7OUxg3!=PZW&Y}BwcrkpsHtrV{c=WNiT$W)KBi^^%cHD?6~#dNgBo0whZ{o|$>8;2woK4!L_ zN!HFy&f>{gUuL2L()Od;!cl1>fob&CjV>McH_a`9Gha0jMkUYP>NL;e7-AFYM{V}Z zv!C}U1I=N`{%Q`b!a$KEuxEcuj*iY$ZCgmcIX9ngeF&}UESQ_DHb&*MHtL0a8c#xU zZ?`LTXj1{q&1pAf3%H?WzS>kMnv~H+^2E@`K(b+VUS#b`A;+dfJooy@{aeBaf((() zXPoZ=CU%^^QDEO3K3YTE+rih>X2O)soifQku46Wi%@zuY7qC#*?iy0oF+d3NXrbvE zV$t69!FNs+mn|QW_K0o%wUJ8)Gwl8>>H|dfL#3&PC5_fXA%u8)Wsd=^r+^YgM`zZd z1U@*lf)=h_`z<^0>dA1Zqb1<+j`0Dz#R-Vwc*Y@5>e_i^6|s0pAF~k4%|_Sv-I5X5 z;fzYZhAx=8>Da!Ncf9)|MPsrH?N-*L?{b0G*|;&h^45^h>DM;%CSvYHwze*m+q2d? zhJSr|XFS5?1nggOG?bCR8%p2399ETMg`?+9h$8SeEjd0hn% z>`8;U;-V9$*GXx*YVwV`)KLNCR4Z6&O0@_^^r4pdXT;|;F$GVs7QR7|1zKsHhba^J zp&~@+mz~Cm(<{u&DPytsr-COE7l6_ZxoKPo+q760b$>#=i$ZD^e}s`H>k3-5Kupl& zJ?^RpF3EK%`kn`ElIz_hy+eLuP`*UC_9{!KNsX3TYUkSC&o?UJjHIfSp_M*ZykfhM zkp)J@(ENq_Oz_D7DW(uguwuVTP-hq(ForHgFL-S8{7h_-+9jLe0UE-ye9m{wp98Ot4z=*b_Tw9hBGa|5qRtx(m#b$XZV2@mX;dsSpmvceku z14e(yltp`_#cK4+VCGCCSk7pLnzobiC zmP8r(P|p7d%(YV{zI}9qIFe}f8PU=;FH;N2Izo9x_xo$7xD?w7j7a`wC;=#=SWl`z z50+V{;<-eV0UhYci90K69oi}`D2Nt%oy@a@`RRBL7cCg94aQmVC16prquFbxjA~J| ze=cY?qaGPMaKg)*it8EPzBymwnt~|sC~5Q1(c+TaNZfHmLmZV$XnJJvW{JTjH433L ze1UoiBxtHAH|?rw3bmhX4kKnK-L=`v_5>HuTWeYJJ7p6iw_C41gacxN65+;LMp*RM zYa}%g#^~a7qteAYRLq56i&@ON(_d+wzSl47ML^|Rgt<5Bf&^S}NO}7+?nohf)a!ii zRHE|6i4f3aTFj%_b!DNW?O<*CQU535XdJ8$VIoz`EqdUz%>)mh0RykkTxYLy`P{fu zd0=7PYJfzlWnHS8t2G~!g2N5$)ZHPy)gR$K8RkT7Py*>E172P(pK`uux1jA9MuB)% zgMS#=7KCC<_i6KCP+Zx=KQJ|y}rU>KGU?x&!LLi-+E%J867u%Hkp|V2OqL- zx6*xCl=BY0Kh)-8VY(Wc=ETh`noKv-3f5~$Y!S~Lg1ylMs^(cRy!O;`NF8uTup_N} zEOu$YQexc_HMQxtgw(O?u$g7dCb5u6__3jAxmvvtXZXz|&UqCR(fy(*=chhueUmok zFh&EWH);3YG#RT5z;0Yy=!COKx~MCf&7(xIA7Uh6PA}>F(C57D`E6Hd(2(x^Y7p`L z8Pt|{m%I}}Q*A?)Ep&UM;Go&<*1q+r4A{)$*f?h(JP_+D647$HL&>78;#>r6uTBUtWAv>HG02>KrAj*uHSJY zD!eh8FX%%vsrym*Td2|QZxZ&x%t`G+PyOYkGdgz{nk$P=A1>NqFUNj1#AJHH(zO2_ z6x^8t%6tJ*pE;aka@hsAjk#{T6MXEmdSsh4`jpkuV4YPzDRBk)+QwqLBQSW!NJD4` zqhF5!AIMwjc2uz8*eF##aBw=q`&}l@k#e?GZ3n%ZT@JoKUC;Z+JwTc1)bAiUTTk$18zFWtrM8 z?JU0P1bg_@!LQ6WRBST1Sjx1Yde3Yf{UDTOM_7VMH-LlQdd-0z7>!R7XZ@ZTrInxC zNKBySUj6d3I;?SZG>ikKBwu(fnpEA;@M-M~Osg^B!53ZEBa| zCiL7hItw(TE_#9`xagl!g}26Bj(b?ExFS0(QxI8&D$RGqPyQl8dyGvwWjwJ>o6qO` zc+A=%a^kp_kh-)<9R5X)UN97;TLKpF-(eUr)bSJuH=~7dQOZ7AU)*dDS(B4cc)wK6 zHab;ev{ng+W~1nm8oS~j#?Ty5+L9QzF9tFSqN9iPet!-1S?|};*u+BZxjQ$Po5N=oJct~NVY;sE=zwrfeF?i(FfJ2Qi($Ror>}AMpx)(pbXwo z1hp$qHl^j08;gbf+puZ~Wp@9hzYv@V{CvhQ_|54P8yLUu+)B$q%Z|>2nQD8}aVhs# z2A^hxi$yt2wDQvK4=z@ISs6vs^uo8|P2GlM-{R}Z#`O2i5LJ&!S30909n11tGOB>I zsM#7Z1PC7sW#B=OTe~3Z`6)G249~xEm-Y-C4c}WS<9u&@a?~;-+K#c%K*6X<%e2Kmnf0Vpj-jdys! zM@^Z|iffCSEWg#quY$MXPLqdzVJt3d#lbX#tN0_3y}i&k_p-KorLUl*xpvTp(LPJD zM6Y1bX`(T6#?EMdZY4)?<4T-kY1-#a>|!_9=2z5c1O-pL>`~v|1g98!pH)v_$N3^k z7K`S`?JUesZ``tn=0xKbLJgA40sI2$XB@NIp;aoj-3C?E<;|;=;X3d~zQxn&h3&u6h5t0Vx zBoB4o3gUiV%H=u9H{h!!7+lN%Tu^>i9LRH+oTuO|3N}9gW@%4pQ)qC7YUjP{aQE7% zxG@^&4jT=ix+cK}J@tvU$Vi_Y@AFVJfG_R1J@-_Ar-uJi0Cc-Mr~{^;)ZQG`Qz|8> zB}W^MeaC?a&s0;%@63o{#j~7@eI%R@4ufKJ~x~{0<~Q@e-bB5aYTs{h8z2J?iU{AdUd#uc^iT_>v&?}_<%N8 zhOs}DL#|g)7K2f@&1Qoa-@=K?C)!lFIK}IKQTVkC>Kn%XICM2={g%{dzgOh~)dVkz zrXfox?<9z!970>9ia3S^LIM7|c10M+Mf_nCLHdxSO zRPmvW>nYReYGx!s{rl_0Q)}yRh66o*lt7AF(EE|c#W73-1ev!?RmX{!zlA9@|4hLi z6R%|_DX|M~TcEcwSQcRW+Mj}>Tf<#h$SfacLXRS(<(~(K1viftFi6d<0dk}eA&G_g zuAo0FJBFV9A~mi@;Y{_LA;@W-pXh*Z#?S-$3rl~_6;5Gkr=SPA4YHPd{k>{C<%TE)9gXhE zNQ6AiVtZDzDN9Vk{~3pv(3Q{fAIzjXYvm>UI=nnKu`@lOxongsY*eOs#%zl~p0~I6 zjqZCc8g`nkZKvWq&OW_u7cnM&X?{gc=2Fk?kv4m}{=BiZb}HV!i4KQX4)IXK#tr`g zE8nm`9Co<;BV}ViA80OkK&H$rzgp8udlRCSC}t1@`x!ZldjDu61ccs~1`^ZNWDKrA zcJ<$P#EJ4EklcZ1_Zlr&L9&iehsMdIrfo5^2UH_+dAvm;3i7!lwtp}a%VCgxWfx+Y z?NbmBsPg&q4!iazv^drp>eL|#dfZl=jL!x&e}R=O3%Dgd@8bxX^q!9k>P`7 zghi*(;$VTz|13S&>G}z{6aM~NU+=mSPiow0j5Lh90_3#mBv8Ii1D9A zUUyOxL2&mjmW=lTr^M09F{zmaH%}2?z*>^?a$)iRB6w(SW0t!WL9PTZtDu+&QzRoJ ztG4!qk|*3bwdRutJM!<*P!)i?U{coxdTK=XpXp7o!W5(_zsl19RcIpw1TQzlYfvG^ z-{&OyQJ(&5xhD0UF(h%mb(Ab2zn(hvhrOihs#9bJkS=j`WN!WHedm9FBEZjvydu(V z!mB?}B3%#u@2?ZE4gZ}QLH-|R_&gvgo#$nucI~T#3)yPQ5u7r_)d{ysc-f2l`wpg% ziJ6~nmBkh9)r$_F-1c>=d8*CazspTf){KzaGyTo@v^NF2% zJo5n?K&{TU(cAge2U1>~V^=6KiYk1)k0odE<0Y}ha-wSPa#rq< ztOTXv1M`DgAq~%j%o&@O){?vrtL|g=C<|bTT3Vj27(fr)kQ%OSVmp}QJbL^Q2GL%u zhI#c1-&XlEFa6W%<15v+&*Z-&HV-%KY#JF@6N_GdGpr-{-6*?B?x;K6xs=;Z2VA=g z#PE<_{MD|YhOZ$z>7|3yPomSSe6tD@&NTANxCz?T@O&*q&#n>e3|cnJI}Q9z(|eF1mMZBIqC0#(t}0 zsXxD_S#Q_#(f8Q&ZJIkZ#azzLy8lcEul2!nvY0}th>L6V&Q3W%WYcUm<3rqD3wOFW zb?hTdM9M;Ev#Ry0wEmQps63m~WIDg9p|G%hv7D$~xaJ=mB%ZlXH~*8&Fkf)MowcbQ z!CT5aTjP~w=D%({0rY@P7X7U)ky9luT3yN!1 zy^T~h)9=S;Zx2kR3GH}PZ#*WmV38)tI{$$>dhWY*F#7Ttso_Y)1|6aKXnP*@?E90} z^|AiA)coiJx47e+g_ZF{4PL1gQznSwr+a@tf<(SU`DLciDlZwPc6(Ljs9E^n>5`SV z9k!o7`8aN&3}|68iC!3MHb>4dd={&leO=;v(nVa}pa5KfUu}f+24UyL-G>X8>6%a2 zWHKjvAIUm3+jgdVX=NOhC)-@&+-O4aQoAZvXn(SIXDIC8NR29SCO7K1Fq(cQHCv2C zF0AC3+}w0ce4Q6oJ5unHm)NV7)WCC?)`)dTF>W4fj%OZT7l>YeZ38|HsWp&}$z^%_ zmjo$OJvwqOQslYKMrU8R7ag;u^kO2b)Gc;gkkp>63wM4nxvZLcXP<;L`mbgi7!EdA z^wwOdu7e+)HCBS*<=gBpfVBozl)bH*5j$sIqr!l7;gQe%v5ov(f$LT_s4a#s9gav= zSfqCu^uJ41jwAf2dA*}#>}TB;KkKo5<};D}l&ev##fIKqduLHSg-+$QT4N2m^&1Vn zN$$@3=IPM77^xBJex3Ckinlm1P1h{F^5*i`sP<)MOZk-q)?x3l`AA6(7b4Tc2Rol9UuT}<4N4*_`37#3wyf@V z*w8&Lwvn*7`%|U5elD$NT?E!gaPva`s`&50zZL{;pb$!fSt2S^ORwb{f}dw+7cXC4 zX|)-ZHccv8*40Q6_}v#LLsFfBvmgXh7^Np8wlZ|J!9Sm?&yO~%I<`J~a#7Q9(wsq` zJhV6gRgeM8-_?hWGSukAb+R)m++74229@XIU3SfHwrrjrGDX$mA3_~bx2a)w+!@=z z#KT^w*i_M}vll3=eLSb(GOtS>xPep*PR<8~!c1t;JBM9XjgTS%tH5i7te+!`(0$ah zVZes$EKtr?^ZkGg-m0BO>^Gp+GXow|yZlj*S)>Tha?G`T*ob&eWaOf{%-&{8LL0z* zAFxZ>E-4~NHjTVWq!W!I2_iz+OJ1M^AO2XVt2aRjY}3aRZCmv5;v+X(&tjiy9f!lC zzglDu%497ePJ;;FPa1r1UtSXI*w!}vwVw}Q=V=SNSFJSq?o0jdkC+Ld&~1AJZ;wnY zz4qj0v*Zn4R~1=v^=;{OszY<(q(%@$)4zsFPq2Aff}01c>P=j;)frrFWf;>|VK=78 zqebFLdt6{ltgLPyrs5CKWq4VUEj@d*84J35lP+&Q2dDtD*bo-bv!;=wiW^^>3x_+k z7~mZkbBi=72J&!Oq*uC>t`n&PZHOsuTFEW0Lnqc;YZ6)4>_3)4eEX~Uk>0Ti`7}qz zAFrKQx#G?vJsY(C{`%+o3-jK?e?(%HwC5VYaw`5|60J%a*lCl}@Bg8cv?z0_`*G`2J zpP>HIPc*npRg`)1Et}cM9r8&BYt@A~->3#BZB9OSXEM+Ea{T%?`Rld;K=vB=)xF^V^;DJ{*G9^c=%oZO#roFScO z_AOKDQSy9uNT)4LOfG)OQWn)!IHry@YL?o6n~yAugFfhbYJ)m)m*K84+)K<4`13I7 zrAia4PR?WCk-EYZX3bI^2_;xah5TxRUZlrqa8;kWJG9fCvYRRCGgTv&*~lHLNL9ID z*?!;hdwmNKoXfCEF8(L>IX~*gH~W9GsvSjGW2QRj*Nx5T$rz zl^;j$F@x^eKkffQXw1g&eaB6{>Htd%d)l*yDX!d6`m_IDte5_o>UT`Z#vu9q3@+f) zhxLNY18&9d35q*z{39+Oe0UHgmD(>vVH_;#y~Q|58BUJ>YJQxkK@e2!Re2ij z%(75@VYkb6eLfy-pRxwob5n*m4&s)mbk+ZMSJ$6fcy6^lnCtDK^1Hw|dZ_IEYJL&o-|GCG}k=54>Z*qC7<+CAIUYAugKIwf=xHQU=ck7P;`yC_EmF=9x zX(%FUWw#^c!tHUbQVYhMZnBX>21)i-F$FZqrQN$yE?)IQ9<_28JpMf!a)+b=<3#bV z#SBFhkt<=e6jfRe^lXqy;!DUfA)l=;n7bY%J&r(Fed9>H9G>AP2;8mX5_K_ zu=j@GMTvZ+_E5^QPstdOwZq%atK+m@m$hY(`>;ijWbGnSCa;ILF-UjVOhI!@quXAS z+`*4jViyclygf21u!&d3KF^F&_5!U=#UTf3s(@%T8_-EcFk2uxm~eSpR}DoC`+C*o z(F#e58r3g6>*Ud@giwp2lyUXl=T+YNoOeXm36wkO2g-F8Hj_Ioqe?!K`?>kfL-eUF z4FPH|#Fob80$|Rlyi1$PUUFM?A9Q>DjNF~AWFj3ZT;`(seJr<*=JcxW%+&mnbL^`; zqjmQmJ3knTDx|o4Vq7swhwerDynUJ?se3XtfmQ%r>Gvc4SWk({KML-bJr$0Bx^jZ6n4J-=m_-kS6*qjg?8T)eqoQ~YO@ z8zkOb65MP&z~n&1|2-*mC93effkH@Dd9u8IVDV%+y~zh9DtzkEo@* zEsbsj{Va{YeS4ksifsvo%i5f-lHf|OhK7dUQ- ziZ7v0|2XHHeW_rLWml0ag#uaz{ndUuXy+1jpQPjlQtg&QPe3w{vpi|?cBCX-k&QUc zF=K!h+(nzutk>0XPiAhNNG-@0&~hwi`606Tk?<;n*?%JC-=iu5!IhF!(sn{?(QePV z*&r$$xmm8G^v~=v_w?Xp^tjZ5L;+E&sjUUgUt446m?Q7PZbawJKaP~xBkCR3PF^fB ziCV(akgnyI@6ny?F`Za^{IKmmjtZsR1muNeuuZMq;TQg#rt>E(#Doxb9z zodzLgte&Im54FPU1_cY`?pd7g(ja{Bu)HZy`FK)N+K!8ksTp~+%GGg0yw*7*#3;T#wHFMvR_g(3A#wjPZD7)h$R&Eu{fyJvScpB9nazyZkQNSn&HwGoGO zrXM>-&y_p6)@fKJ-)JO~jg##rRId1PCsWt=b*j;dD*(JDe(a~2NdpL?n$R}DwycJA zk-U*e7@FV5)x7-VmbX5B*8DimRJLuV!a8|d=ea)Ii+e6YJGP8$H(#CpZv96r!#?bk zfWY-NMC(Qd7|-zaGY#v{vlZK3EIivn1zZP`&0MPCq#2n6aWB>@5SUiLetx-Kk89|? zxBkPhARsHEEUu9YKe`@S^s)jY+fI(|e+QJBC=habS}|Gi#*?Wx(RdZ|FKBSxsXiTm z_ZBGxsrc1KNWV{Xhtq@R9NT1N!CjvtaJnlCGfs9B8b~?3!RJAdMOtZfhdImy+Q?%2 ztE5rIrz-83elbizqv2pOSy$lfNWP6_|3jy@Qen!v5T}#b7U@WX1E)dqnY7fEz#r^_ zRh;AG9ca*VfRCNH-OMlCy`~r53Q1ee&oNzFk)*mkuY{Lgl)dH(`M|OFm`y2{Mp&Qr z2mbKtuX{&+n(zblw<2%o-c>i)uCM3mfl-qAZpEkNDECNcVg9u(>xfi&*nsMnlgzD5 z7%%Xn3@7(Iz7UnQ;v1cAF8qfd{N)H_E1o~17IQYzV?LCgvn5yevl~ zcI?v9!9+O1d*HtsPBYVTCql?k2UFa&e(S8Rjm#-6mg@YAA3}Gm)4q4(W|TD8@aMu$ z_Zr?{WEs}JPgai&JtS&dApH|%owsj_HOLE`O1~lih11PK1FH{5_e|wsuk{Qi6wfF^ z9OYMZX3CJ!x+ioC8+oy|Vkl&9OonvTWQ=Yrny#R$M@g=#1JTQvJ?0wceCrD674Nc~ zt|(%2$x|SjO`<$S?A&x6wc;9i6t?S}OfZVTR>qqvA9iE_{tf4!Ct|8?U$T^BTwHy> zM~>1hJZ(en#mye3WPQQ;Xxqv))q+JGIB52}NtvLgmG$se9IDHDiH)|35eZvrOvk9- zsDgT6yyqh`SzhAN8GQKtOfZpb>Pq8Dxi{74x4sRnjSsjQ)K)?YPW6<|HmNT7v6448 z$F^yCAJOGn`(YP#YsnCeq#-PQSRbIc#^pS^&h_KKp9SPGqKshW-nzfdci|&-ngNY; zUe=M-FAk2Uz?k`j-(hDvCRe5MMQ|^g%_ELAzmJ6!r?+F&&vMC88!{P7!l?5hepzsb zF_@s+t)KDco1TA!qd9l z^mjjWT0iD$zP)LZT~=_~2rO2!&9hfbTHEAk)Cy+%WIz!0Fb|Jp$Xs1Xozp!s{6|To zzCi74>U1^zAVi-Ub!|~BN4`~pLy$4=lj(uUs^vWEM_gfm9LJs>wyjuCu^%2~Op8Hq zTIE+O^+Y9XL>x|E_M=RNNc#jniaE^e!$SBMTfFtt?iS8fHnD&+e&-;0m9R0kj0U%1 z31BF=tlsg_MwF=kGgcC5EDOz^mcWA$g;XkTz7n$V>?3Aerf0_A8U$*Wcl1eol2P14 zr_+;0H9NeGc*%@l+jh?tigc?(8h%G8Pc0LjbjsPPr%I-YyYbfs_cdQ5CJtK48?`+a>LgC~;D4=?xP21o}x7H-q;hF?t+ z@HlhrDs&Bow2)_z6#kowgv(gjz+9rj#;jCGx9SMX(|w%>8pZsa1=gIWaOY-b6&J~5 zvQeY{Qo6iC^T{^ff}+QlwL&UXK?cb88xoyf94BAE-@ipolo@|Zxxj?~3sE}C%U|tp z?Hu^<|AcT60`}*pGLm-1NfcF2zZ#DEi&NO7A!IYFyQhC^Up}GqMx9@|GtII$zmrb5 znx|Ha0Y?$s?QMz|jl8u+I`7v(X3s8LGB4J(rgP$-Gv;3=fE=!7pTx8lRBE8`6Q0ef#)h zzyWK>M_nkbmqyw0g_pv7X6MW2mNPnaU%k;BxIZxMG%#Hj5&Uj&W3ls^3-P{E#%g2x z_c_OL+Sq-^QY=p|2p^g)AX{ z&pB7k>-GKX_wVoZyPrSm-upSrbDrn@Ea#l(9P!!^+!L>*PsfMk{qv!>x_s zXM0TiWb`iWS!3w!JH$`1_PZzXSZZzZ_7nVpCQ8S)Lq+ljp)dN$F}{XSKV$0yx|SYn zRqLQ+66)&{;@*W%o%XIfpi@>WSo?VIl)=M3o8tE~%~hGZLNxqSY?N4o&3t*&_8SAx zcpV&CADtw!ASOv`85Oz67%6F4+rEfw&6SMhKdmx6dkNdn))Fc%|3AM!5vUnZEY5^f^e@sh2@1HHQ=F{*e3B@MYFwt5#u#)8TVQD#GzS zJwjG#avMv`7EG8Ut#}^dmE)klXGKt`j887On*E(IN$_96H5}By?zpaAc+N<6M1RbG zbSgY-#Ct;WJ+ygH?Be3^IrmqsLbR}N5Rysv0TKrB{e=bPV@A706MYoVnJBf7byrB3 zs%+X7yJ82rD2o`kZq$D*Gxi*?m*Hzk=OFPen!>#NNjP^EXD@mK& zY<>bL?Rph9g0?7=ls5u-hkxN$Xj7Z49edeE?}@0T-F*;TQ*ucIX#~TCUTi(FgD7%vYf*aj~iaiEWr9x*Q=W&EZ7%K^7#yS$i4^qhR9Gk>m`M@vlkni z^LjlUBt=D=wm>DKI@;bsL`brn*=z(^AVcNu(`5t0=!EK(^#WvABv7ufi}DY^IH_ zUaa!gKmgqrM=b#v13|SeV2@4_o!TJU zaW2N?5VaQeJ)gGGeRYpk1{Ea(NUiKW5+P@sV3ZXa!7&d>C=`nFJPF&NtKAw*86Iw; z%hCsyB!Ni<_==Xc4U}wrwI{(?<0C2}4JAmDT8l!h?I^`_di-Y~E`R*Z{Hifc;Zr+k zR%?L*BI}mcviwD#qss`!h^VK%Dg4xqj34$s=WTUtTklX@^A!+vg?*2iQ=wjnqi)HD>=FRSOwDJhI(cvtMCGf65Qf#K+N)kHplv~T_Va!)@=jY4ecE9&SON7CrK7mZLFQ<3w z6dA82mE5X+?a@-YCS!k|-y;z~1OSz)JDv%{NXvKBT|79b`e8V9EJaoTkwFUtSk1q^ zEetEcw?V>XeiT&{EBuL)6wI}c$WnHQ|5K;#;eBz;-W#V!Se?J3uiG|V1c@1pJyWWO zV{~+Z4eZId-GJvKe%&|QRu!}&BV0#@mWZs356`YPP3E|O`Jfj?tSO5}){f|^L$gc+ z*{Z%^%bffq`fj*^GRhLu6tz;+SZt@V@2?63qxiVv$jKBWF%!JcCm*S`2nMK~`tnTF zv=%xKNF0=vHo2kZ?Q*pDZEGSyo;#`0;Hbd50B=-7^~vB^1bWs>M!yv6OgsW6574}& zy^I?lN$Ym!amZJ^wDl92ll=Ad+MTh23Bxw8TsL!xP z>tm2D@suBlC9dZ4dRS+M0TGog9hxgFeJMa}UwemUkVWlvE}+jT894#DDA>oZS-m=? z*Vj)53KLn`i`UnDwoxoEMd97IT3^oh7g6_( zJ%5e^L)#T#0%WF+07tzPuE#G=h1%31t|V(NLV>!q~rqk4V}CqTYZc9gEB@W202_o7#g%z|p`@MBGX4amLBs5{yg6v@V(>WKjGQ2Uk4%D>Jr zDxVfLx8VCDARqL^uz9ZX7q&8h`9&N!D1SOW9MKe|q?d}~Rie}g3Yiz2bTw}>P9aKP ztyN&{o>I%*KBao;IXD-F%DFNy*=Jyr-AGFEF50A|=46A)%+y>BlgWAjy}XWUI|`C< zx;ZKZ4YC(9D&L<96W^f)6~lP{^4z4Dwd^2njEdl zK~9LV*GFv2&EUj#A#lCRh)*Z0j%c`~XH36+1}_ax;qk-fyrI`?Ts*s}iPhmb)7&it zh7_)aTcYZZj(t!(O&&`y^I~FJ;gAusq%P(YZplrHO|w|ZfLo~qqk4t#^zy1B&t9mB zhF=W}gi^LV>Ax-q`NJmdE5H~MIY|m^HectV44HD))X7eQ5hkhiwJD}U0N!QaLWsxN z0pay~5vyntRdTdoN}&umK0oZ#7+)k4W+U4m#3QofP;sqYb!s(@f?QcNlT(09=plmD z)+x4LOu$O}SJr2}Nna>O^qn4G)ioz(EY|7k(gYr7P`ZlJ zD(3J0;2|)8EQzFHMT#Ys8}e^Lw0PwWr}~9ix~eR8TKC#e*{RREE!rj+ zWabxLE}4u>M1mJO3_}t?0x>+Smx{zeR&JW;BDYP|7kduWTK9A<-i6z$if)dMMu3@( zL+g2c=fKvGxDXZ>ZevrULKozyU>mRapT6#uaTG-Bk-Pt>KJ@K=u>$JSkit1arx67 z)V!62-@T2rWIL@WRAuG>^j>fkjjih)e%%vifx;BfZXh8^0M6aRSs=U#D&DZEkXJYN z@g|H3UvX$So{SoHx`1n=%^>Z+rY}et|^I>8-v&d}M zw(oP>Rx#$7Qm2#XPG^Bb?yUa%Yv8IdnczB;qo@)* zLhF#bpgzN%>&);-FHf-Z<09CJTzY)58A>?ZsCwE-Xn3g-yrZ@vcR2WP;*7-Vb-j1@ zU{{RmP?kCS_O(PH ziSWx3_BZjj&TOdB-30F+U{smiwUde)EKPW%UDNn;>KR1AO_-{aM=_?4ClX*(iw~)} z{bMerpqz>@Uplkl8X0^A0OFzWNn+UmQRp<|Gihh13v> zXa5dSlZ<1Qnx^FmBI8bM)!?Jjv6;AuQ}Fz9nhj-m0%~*QU2*DCmmU;o#dIJfG4!?P zozH)?dKPc5B~`yftCNHVAAyX@(iFl&T;-FY3Cy(!f*HuiEu{GzfIz6?*;J>zfN0#w z^-lZHgoYrRq_*=)ufy8oyBR@@%h_wn{(x5YYIi&_Budp+sZ&p5{p`AoRDaDe0g4GT zZL?giway(hcO**hp(0qx%+qm^H`X>~8~HBf*FOv!^1F6!&>C9iX}~(JW`k)CzXiPG#x#FLHnywMB-S`JFvMM^B~ISoxBDt` z0Mv~dd`V)MpwBolW#^N3@jo~h2su=5RYZTofFLdgkjPS)AR)XzsCnth6C*+8ePy;S zZHBGZVTd3S_#LGi1OD3)RLp6Jiz4}tVr6p_4w>DI?$=9^to6q+uDJoPIrUWdY4I+P#T2i>>jOvcg^)$>81D=30EMM*UaIe_!B@#f z@oz|@g|-6xCWkH8H@LhOPS(5tXs!?}ZZXAbYwj38a+1SM-rR}?c=UpUOR+HA6|!Qq znB}@i_Q0a2eigV@YR;C@S;Www8qir?(M2OuX4=N*c&63zRFmB+E=z1I-1>O+c7{dDIS%OWpJ`e6Lzl!a+5938>^&e|(-dkyCd zPqqo@4}a;jU#)Jwo;@=BCmN2XuiBWPvXC=dKQ-Kbkt7oSPz-hMBp0X6thSyC79HYM z?~;9UAot^NXX4000(-RhjPddEhBvX^p0f$F&*+qY^wUd>nTboaKLh{h?VoyuJL4ZU z3kV>f_MU){s`SLg=YeKoJ{buMU1HFkV@H!D>v8NXGD{9xQpjc#G_OX%dAm6XvSQk$WGKiH@Dd52To?4Q5JBRsK-`@9IYpOnm4a zg_)+kN$|J4-1R;h$Db9zur_}wBF?>m%CMVTOUA6vfE)cl5sYNl_Ic

ZO}d@{Yd+ zpIW0EpB9|*CoV%s_jD{aR(rETMrObEj*cF}E%OyuW!xBtG#Xv(rgjwO#D9eg={&#gfBUv~9 zkE`9zfBb{JEna??FW?xKfszV>zwfI@w`I>2EnHUQ^%`qwoqS&NCH_w1UUk`i%c40~ z(e#NkDFw^0=9E4PAnn2^CyydE>v9Df;}KC^b7{I)ocGHo&y)q=povcz zIJkX$HZ?Xo-lx$%{k9fI#~Ffoz{?|UISC76J{o+pI+)Exiday@%Bhc<8!Cf83{RGa zjd)L#*RvWsW){8X!aM2j;)W6;w6z+>YkC9YT_^Ib?`uxX6j$-ovAL4qvyj)?&e!)A z2Ng(?@6L$5H!~~1u{l-s`z!(RkO-J?RKXvX{&|k9*uM|w>%Y7pi2p4&u;V2mNBZwW z`mbZkoUi}#hTt%V1C{S^;DCVx1`Zh59N_2zM;AD{z|jTZ0LK(?OaaFfa7+Qm6mTpd z#}aZZ;r|6oxX@V4KA5~_JTIXrqp0O14Z*2C`)^$`1(!KEL}bqKsBz4SFkfc(8A zeBe}F;s%FJ-(bOk1P2lvE3t$Djxqga7C4aLK!W2Wzi9)