From decd5adc3532500ba4cfc0d81476cc9bf85aa282 Mon Sep 17 00:00:00 2001 From: JD Date: Thu, 9 Nov 2023 11:00:10 -0800 Subject: [PATCH] 4.40.0 release article (#15033) 4.40.0 release article. #14651 @noahtalerman Prepping this to publish when the tables docs are ready. --- articles/fleet-4.40.0.md | 113 ++++++++++++++++++ .../articles/fleet-4.40.0-1600x900@2x.png | Bin 0 -> 52368 bytes 2 files changed, 113 insertions(+) create mode 100644 articles/fleet-4.40.0.md create mode 100644 website/assets/images/articles/fleet-4.40.0-1600x900@2x.png diff --git a/articles/fleet-4.40.0.md b/articles/fleet-4.40.0.md new file mode 100644 index 0000000000..c4db614cc6 --- /dev/null +++ b/articles/fleet-4.40.0.md @@ -0,0 +1,113 @@ +# Fleet 4.40.0 | Rapid Security Response, CIS Benchmark updates. + +![Fleet 4.40.0](../website/assets/images/articles/fleet-4.40.0-1600x900@2x.png) + +Fleet 4.40.0 is live. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.40.0) or continue reading to get the highlights. +For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs. + +## Highlights + + +* RSR version in host details +* CIS Benchmarks for Windows 10 updates + + + + +### RSR version in host details + +Fleet continues to iterate by incorporating Apple's macOS [Rapid Security Responses](https://support.apple.com/en-us/102657) (RSRs) into the host details. This feature, accessible through the user interface, REST API, or CLI, provides users with visibility into which macOS hosts have received the latest security patches. RSRs are an innovative approach by Apple to enhance security by delivering crucial updates swiftly and efficiently without necessitating a system restart. + +These RSRs address various critical security issues that may affect Safari, WebKit, system libraries, or other components, including patches for vulnerabilities known to be exploited in the wild. By integrating this information into Fleet, administrators can ensure their managed devices are always up to date with the latest protections. It underscores Fleet's commitment to rooting out bottlenecks to empower IT professionals to maintain robust security standards across their device fleet. Incorporation of RSR information into host details enables organizations to leverage this proactive defense mechanism, aligning with the value of resilience in an ever-evolving threat landscape. + + +### CIS Benchmarks for Windows 10 updates + +_Available in Fleet Premium and Fleet Ultimate_ + +Fleet has expanded its security capabilities for Windows 10 Enterprise by incorporating updates and additions to the CIS (Center for Internet Security) [benchmark policies](https://fleetdm.com/docs/using-fleet/cis-benchmarks). These benchmarks represent a consensus-driven set of best practices designed to mitigate a broad range of common vulnerabilities and are considered a cornerstone in hardening environments. + +New policies include hardening measures such as disabling Internet Explorer 11 as a standalone browser to reduce the attack surface, enabling Administrator account lockout to prevent brute force attacks, and configuring RPC (Remote Procedure Call) settings to enforce packet-level privacy and authentication, thus elevating the security of inter-system communications. Additionally, adjustments such as disabling NetBIOS over public networks further protect against unnecessary exposure of system services. + +Updates also reflect changes from the latest Windows 11 Release 22H2 Administrative Templates. For example, the 'Turn on PowerShell Transcription' setting has been updated from 'Disabled' to 'Enabled,' providing a more secure default state by ensuring that all PowerShell commands are logged, which is crucial for auditing and forensic activities. + +These updates provide security administrators with enhanced tools and configurations to ensure their Windows 10 Enterprise machines are fortified against the latest security challenges, maintaining a robust defense against potential vulnerabilities. + +## Changes + +* **Endpoint operations**: + - New tables added to the fleetd extension: app_icons, falconctl_options, falcon_kernel_check, cryptoinfo, cryptsetup_status, filevault_status, firefox_preferences, firmwarepasswd, ioreg, and windows_updates. + - CIS support for Windows 10 is updated to the lates CIS document CIS_Microsoft_Windows_10_Enterprise_Benchmark_v2.0.0. + +* **Device management (MDM)**: + - Introduced support for MS-MDM management protocol. + - Added a host detail query for Windows hosts to ingest MDM device id and updated the Windows MDM device enrollment flow. + - Implemented `--context` and `--debug` flags for `fleetctl mdm run-command`. + - Support added for `fleetctl mdm run-command` on Windows hosts. + - macOS hosts with MDM features via SSO can now run `sudo profiles renew --type enrollment`. + - Introduced `GET mdm/commandresults` endpoint to retrieve MDM command results for Windows and macOS. + - `fleetctl get mdm-command-results` now uses the new above endpoint. + - Added `POST /fleet/mdm/commands/run` platform-agnostic endpoint for MDM commands. + - Introduced API for recent Windows MDM commands via `fleetctl` and the API. + +* **Vulnerability management**: + - Added vulnerability data support for JetBrains apps with similar names (e.g., IntelliJ IDEA.app vs. IntelliJ IDEA Ultimate.app). + - Apple Rapid Security Response version added to macOS host details (requires osquery v5.9.1 on macOS devices). + - For ChromeOS hosts, software now includes chrome extensions. + - Updated vulnerability processing to omit software without versions. + - Resolved false positives in vulnerabilities for Chrome and Firefox extensions. + +* **UI improvements**: + - Fleet tables in UI reset rows upon filter/search/page changes. + - Improved handling when deleting a large number of hosts; operations now continue in the background after 30 seconds. + - Added the ability for Observers and Observer+ to view policy resolutions. + - Improved app settings clarity for premium users regarding usage statistics. + - UI buttons for live queries or policies are now disabled with a tooltip if live queries are globally turned off. + - Observers and observer+ can now run existing policies in the UI. + +### Bug fixes and improvements + +* **REST API**: + - Overhauled REST API input validation for several endpoints (hosts, carves, users). + - Validation error status codes switched from 500 to 400 for clarity. + - Numerous new validations added for policy details, os_name/version, etc. + - Addressed issues in /fleet/sso and /mdm/apple/enqueue endpoints. + - Updated response codes for several other endpoints for clearer error handling. + +* **Logging and debugging**: + - Updated Apple Business Manager terms logging behavior. + - Refined the copy of the ABM terms banner for better clarity. + - Addressed a false positive CVE detection on the `certifi` python package. + - Fixed a logging issue with Fleet's Cloudflare WARP software version ingestion for Windows. + +* **UI fixes**: + - Addressed UI bugs for the "Turn off MDM" action display and issues with the host details page's banners. + - Fixed narrow viewport EULA display issue on the Windows TOS page. + - Rectified team dropdown value issues and ensured consistent help text across query and policy creation forms. + - Fixed issues when applying config changes without MDM features enabled. + +* **Others**: + - Removed the capability for Premium customers to disable usage statistics. Further information provided in the Fleet documentation. + - Retired creating OS policies from host OSes in the UI. + - Addressed issues in Live Queries with the POST /fleet/queries/run endpoint. + - Introduced database migrations for Windows MDM command tables. + +## Ready to upgrade? + +Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs for instructions on updating to Fleet 4.40.0. + + + + + + + diff --git a/website/assets/images/articles/fleet-4.40.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.40.0-1600x900@2x.png new file mode 100644 index 0000000000000000000000000000000000000000..2a4aff55f88c839f898fc6e1eaf17d95262e380c GIT binary patch literal 52368 zcmeEuWmuG5)b0QhA_|I>#Gt5PAT3=YVjv+6A}FbVNH>F^fFKSk-Jyb{beA+pceiv& z!^GLozL0zA!V-?7jAid);g8jqj8cGBZt9YC-2?8{Rjr5@PNTc z$;e2+I~aW(LGa`FtGik@Fc|G6=s$vck1no(HwkPW$=!lwv@*?u7spJbA4jPO4%sn|XK^9uIwt4G@SrzX5x{BwzaF7Xc~@X_!OOpi42&n5o3 z#J?no_kn*&@<x$*;_jGhb7Xx63Oz-TzwEH@Ag z6K0(=;CSp(MRoD6kFkH2A)Qt)Ny$C$OJ$l}^qM67#GV4au31jLx&>EW^xNe(cm)qy zvuTAGp8iDtE=c~-#Y>+a*|CJ$J@d~tc;H+Qn7H6b`N`8)nC{7=>Y zoa2;@zx+!Q|B}SNB=Ijv{09^M@#=q-#J{3V>OTw}?S)N>%dKW?eR7_bhG3+i-(KtYfs05R(m`ij{d=MjVg2ZEn4k#l6R4 zy8f8fuN`_i+SrZBHd^`C*81sT*Z1La(x)E|=cW$Wg%8iPbGMi~bYbWCCxy=5I zzY;$toV{^LxeefG_F{oY+KsSE+poLN=*OXHUQv zS7ZHyW$4)VHRVrxQb-QjZ+D$TS--gEVle(&XDULkXUIq zV_K37x=dyh%J^2N}5U!?$eM$Cbf;J{mdhN^W1F;+ZzE~ zqlK4mZrRJK%aZ+RK)Sy;`Byx0oOt}%8SdAOT@epZSW8=e^tpxwpr@Ot-$cqJwdWcX zSq|*wnZ&4CmcET<>{hq*)%$IuPIpZ&xr&u9#tGotb8&wLi=8vDUO?Wv89A%+sD)7D z#YMPL*5;pr-urc!3;_ie%W|?WiMQtg~M4r#8dLy`;%v)nfUp zeo6HK6C$07t6PsOFSyLAs{(_bL$fm`zIX1mNY;zwB-|^D?^)-{thm}_nrz}U%=5|# z)f1m3WH;D<(j@Xs=#%o_0`)b_!o-i2YTR)dW`Ky(!3$oQ4Sldhd75g?$>^v$&u7mni z!QRd(HAzA(U&)ZI%{w%Y?OW`WMGtg8lxDM~r1?rpd(tplSRF_yqW0F5AFv+H zBlVR`3WQXU$U$q3gDl5)c>Kih@W*4&{%gUVB+K;jKln2F&DS}?sp+@ZpcwZb-;VfnHAW=H>I$wf}LgX$JG?`W_?R@U6qzfJXD!V;N}V5 z(wTiW(>|YEeBsrVTcKAuej@XBhUr@L=U)3H0v|FGY%k)MD6q2Q_nLH}HDf*64a^9a z(>gh5d3r6Qk;ckzZkS0tSy|Q58DL~|U;Ny09jLqRB&FC{qn)Do9v&r~GcA*;k(o%K z>c2ZN#z_!>ba%QL@i5Er(HkzKyzP~P1?Ag(S7;R>`LhRk9c70{5l;M{FW3(h=S$+3 zZ<5CuncH!8J~>$E&2F5C2pgnLj>Ko^sg#z2JACJy$0z2J?d}Xfk?C_Y&ChtVeP3;B z6{HK?P*R6hkDKr#e*f%vqSltB1aq0pjK3a;?pOS&&$bNLK9nSw=RY3N(W^F9*DJMp zh+jJ>7(xis!qn9$%cd=4Yyk#iP0TI6c(Z24M6zWmLUiS75BXibOvLs6?jbeo->-ed zeJvT7t4dT+E=NaLHG?K_aiyFqLf0idNA(&jWxD0cu0d6GD_%n!SD+?+yAnE5Q4qaf z?HJ+K;Bb{Ko#xZxkI7{zy0XL&6gkDW zJF08d(>ykVSiJ{;PAR%Wj#>T>h2DV_%Kyu#PaEr)l)5U$Jg{Xke74kLd1Ob{UWdfR zt6-!8_Y7{OAS7;?Fy5L|p@WqzMQvYJ*#vtuxEyu*QmW?ex?U!Veqf+tsj-$14Bm>z zK@Mizez?(*#H_2i)^oPD*V{_`It2~UQ_+5`#t^2y=(-X|K{jftq}=UTcOa0Wg~dCDP6{y_PqKiD@Id(CnBnuLpN2u zK09U<`o?eFJ6e4s45dTGE7}0^P8_Y{kxk_Rem&XYX3^Sk-Yd=OS9b6uvi9s#c{xr! zQyvfnBrhI#+6?7(lH(6flvobeDbCD;Wrw9%$+y`tde#~}mb;>ULvvUvNeKT(CmfWx zeN&B?9b=tUS!{NY(A79e;=iaJyy}{<+FEe`Q=`Z%(UBlQzR-RPr-4TgiW0NVe&z{$ zp6R58apk??0m(~iLhx6g)X==I8tt~DPqk(y(#~IB)MB`P!vL0@@gUbm0-g8uuS#ek zQO7@->9LghXvY!SO6Q8!^g#29x4*g@bTJR)f@&%4F7QuF25E||5iA* z`t;^g%kzZ76@Yz77sBy7gR@2G@b~W_^L#y2=nr9;n+~IY(FvigGUaL?jHasiwV?gBu>awC1^Z;%&$>5y)4cRp6^0u5v zS3NKXpOvXlwy@YGm~gB(wF>@8C7izE&fn4763Py{@S(8~#%nbv^`mh9&50{6m%n+{ zmTiCAz(3to&8Pu`Ny*4B6#z$A|6;=D#69*?me!_Ah3E6D^D}vZNzbfbN(dEve0~C- z0HvHjeqn`~zDfHiL!#BEeEHO=J{i){<^IKz3#sCk`+}mOALmup2Mcrlu5u`S&0K45 zSmc@4QO%m2urI!nX&zBSA2sZ6tBclM_H=N0-d%)O&CCU8=jVQ}*&{Em@&hJZw=;9n zz&(HC>-flr<;D`&1zVv4=2m=0;9#)S0neY@;3H@#d4E|KK#b`D(o>J$X-(=E6JtP{ zU;D(`X5%=WxTN)U{2EO)L+W7b)$do#1B$+vn$ZRPSpA;gVE)qi>Ie2GC8lo#V-B7g z?#xy@5e46I++T761e)~d%TnRE6zd%x?MII>LtZ)oIC|Y~IZFB$W7{kx%Z;xFm&l&w zFEbw>-QHa5z^}-`XsHc}DS%3=|3rKcbG2UUY?Vybv0F9q%Um_TvQUfXY6ojSbi8AI zX1E`ega6w7#z;s|8Jbi&15xn^dHC~p6BRH0c{wJLL~U9GS4uIzJ}c8AmnG<<#C>%C zHw3d=YC)?N9K5rBLrJGH&^jJ4>)yY4jnzmCtErUsg#X}=Y!+tyzXG!1qWx8(sE)zz z!0!O5rd$jl50ZcgV{h|a>jFS-tVfWA0n_3}P&gFucc1R$=Z8hUcxSBIOB_VhhBlIC zV)|gLS_3!I1`A#HFdq^;(_-4T8?=Q_VR79!K2BasUbkY=vg7;cdTfvddTMqVGdAXL z%*S{0oXdkkOxF0iE~$axzAArYrui5(ULQudN~N>^z-ya+Xg~~k#Zs1QCP0$BetXFe ztj->^60^47oOMM%B?IkXaay`EXX z$7PF-f_ad*k&hr}tvHBX&T`Rl;ZIbdp0b(_X11ECi@Ze|pw4I{fTK9R(w;Eeb@$~EWGohRn$q^u)-zn>6=OLU%* z#AwUCH@6HhzA4D3OL^6A`E!gN)O3fv z05xaT5JX>FV)t%c2ZVNj$!X?m|DFl5e)yN_TK?<7PDj(~lz!f@)v+{9^ltAp(#bq4 ztnrb$q-=2Z{;F03H(QNH3c%aeBeC`N`E?)UhCrcqeFf0dIy;B4&|@;U?jXn31LNd^L09L$VN|8 zy(;Sb+T> zrjbeb*66yGgUIz;5K)3v%4%G9aWyp6H7`2o zb)HimrbFNn1@{SHjXw`h6xUv#HG}KzqDdD4vBHh<$ul0%FKgwT zX>QOKHO2e!_oOPn;z%IioSbjqwMm8eZQS6*(OTH7+HE+}6(c=?|A0U6Pz0OeczhgJ(@?dUTBU<0sX?izKn5`4@|j+6hFeKj`>*HnWn6 zAH+Mul{-62G>FfAZF8z2`8fOS?W1^(EmaD^$23%7w5d-V&ZIeC^p5NI2qZXe$@5u| zTWtE5C8dtcUE|e@d@h-J+p{*h&ElWael2O4p?4J4c69Y%aTjRyoS&xuEy|Kv2%yOD zAP*CDQIA5bgySu(`WXflSyIHVD^0S0-wZu`vyroSE-I|k?e^c@T{_(MGX_)x?h)t% zB@04U=;x*U-Odw#wJCA9;3p9mcg3h)K6dB{Fgz9*X}}L=LlnW()Y?0r+6i5sldfVJ z+v^`<26oNO-JdsC<_oj9tgH{RE%yi*W9QBtRMc)Jjw&5EcJ`wUCd2eb+VrRVGi$ul zGjETz>3zVwMrufIJ(5Z)+)c2-JKP)vB$L$FmMAgt58|7BBydX6-*&H&cX%oO^xH_L zTTqJak7#a9FX$WE!TCiLq9ty8gF8w6lCb|(IqQN^?4v=J(Nm(Az79_L$rbc^o>vkW z!0>!M@P+mO4G}MB|4PCP+d|J5hMtW^B1(GyWO4mzo9$~}E@LlGq9tpjY9KzEW!*?oFM<*wuEy9(+J1;<&I0@tO19R`gPq0`$36?t*ABzv=~*8@!UV^3}mU+Jpv zyLFDCm;Th~N==PhR%dy#F?=c7 zAllAbRSV0VaupMaOU~XiSXqKXw}b?0o3b~5o%FpwZv(7h)*Xx0F}psm z3ddxAp1cN^NTL0~;iaNLui;YOg%n|p^QCoLiaMGGCZZyI`4y1pL&ya3T5B;s{c%YJ9A zHdfW2L`No6AZ(VWT$kXxC_BVePr;{%$t!RAZEk+sH* zQL7Xq$w-WT80-;UGef!&>3HA#GsR5AVw7iI+cY=!Ls(*G;4e_v;iBxR+If_+AjZS0 z!kqBCGuapN31l&{O*DC%U@!kOyDpE-QI=IBM|2yJeX&G0ulKB4QkaICV<6zNji7LHoyk9#937p>Yyazt zyb#pH1!5+}{jbtsl83U6e|d2}P_c9|uIa7h0>&8gG|L{{oHd!1PO!|q^QDy>VK`JT zIczJ(iHe`cJ0%G&>WDW$NU`GVmBQQqi6Hdq-WnoW)vPHwo3T~+LNVnz=Jr#okz>@+ ztko=`i2Y)rd1kmD}sN@kDTyX-9n)o6_d^Zco5+}hEoqWFUo4SruBv9 zZhr~(BIMys3)HJ3$-S`7dlEdWabfP=1O(}S%J;;T)qwBGwlTopxvc2m=~HDp4vKDt zIs6ng7>yibh`vn3wJN^ukno;&*J^b5UdOu|lITDW^>ERWh?A_T>Y3l)O7b4V<1znb zoKkM(BWzQkeF&ANy0);xV;z)i1Ll7r)LS9oy?Imri<&ShYaAVV8-e|ekERGV=)1YP z`3OVmJ4xpdm4%(e`q}6yw+bE}k%3Qp(Jn2WB1zl70#X|5C@1g~q2C7Qn?rWi2XZ5& zf)#wYEngUt6w&q8&-LK$G>+mHNV)yjY}+_(x2s2wVzLr}h@#3QgOctu)T?LSJe{_+ zd+1w~V;*uB;+j|$3|(D*TnQ%Zi*?-L|tJ2g8&3B=Q-MV~#TbCAr5#BWaX**ND7 zO1>;y-!7ajpTXO8i5X`Qi&Lv2*NqioSSX+^L0KeWPC-0=_k6Irh|zwb$4BnjFAKQ{ z!^QefW-sw9OMmsa2Uys`rZcO8p;WztQQ26LnQ??PfZTls(ue-VUqbOBCs`RVbE{)a zkc?ndj#5KCx4~}|7If+MOYs%7QOZ8o8x&vi8nxWgmI(@d!8z>ZL+PR_twzpdjpXKRq1@h;es&OfdUMw zB~DBrN3Ol#yT2oy_-tRT=tSP4!*S$_20 z^FAY|-#;yE5qhev`Wixb+@P1h*;VJPz_ik_wKbf2xYDbSjL6-lxvrPR z`*-5=IM;a#Ygh@8)PKx0YNvU&WiyfAgF;q@y!v_Fah1fSm3duS;PCil!Yy`a(}qBz z5{KQINn)wX0qcql@gRJ!>KB$~5uRk-*}Q?5Mt?VK6zEDj!*`ihR;9*(e@}|QCthCo zm2Ks#`3xzT;htYGUY8VboGxel`d=#ZPmL*+dIw!OcO&kSv3%?~qXK}gnnMNndiY2s zN>Wpl^zfi&Ljnfx#xEJimF+3hpWwS?m1}1pv&O||@L=}H(s_;koL07PuGpwP+C9uW z^f(m09)$BNHxRHdnU=cvPpTh4=JD{}*K@t((L1*gL1olCR&hoB|C(I;<;DXY&v*;> z=Qc_=&|DZSk#}`aqmNv8x;EPM?`(=VV;8klP`xyr4i9LP?MTzbTK{ly`#@R!W%DE} zqu^idqHx*`aruTF&^MJehYjpbUaMN!5|yC%oJ}g#o1sg0G;8JBq0>%=2i#(naat;> zPc&t5-v6qw7zSL>Mh5|J*{s<0nGjcknt_QbFjt` ze~3|*j=E7=o}xeXxwsCWy(%+se9R(i?`z9Ckl^H#Ycf2tCq2H*AT3Tlv3xuAlY2e| zIFiL!F@6Q_SST^H--I~qcpi)6l4L@Ix>yQQP2YT zo$;EsEM=`>SFK#fa_mob$M>iMyC3qZioZ#c5iIY@ba(|0%@gb$iYQTGUxFQ{y(%4?Vht0jQ4+@mHtb4lD__&~V zKinER)`9C?eayjgRatQqj>M^Hj8&9BIv=RLI~8J=1;t8xR7S=+epL!dT$udGzBKi@ z08xDAA!{@hCOP#!*~MzO3AVcJ*?)~ah;ty0+$ySuB%D(i1#@1GK7&cV=7M91d22qu z@sJGjd!`C>7*t7Dj;@6Qa2GwMO=a|{Dj0!jwa8|qx^nM5^|xM< z&ZOC?FB)(?W_9>;;mQ~tlG`lKyB&_ETM>ip2Pv-n-3s>%E2jcR9NZK!jNeCNBBnZ@&Iu6UYG}OGr?97dyC%{;V%+yFF2<^5-sj6 zF6T~ppq?lFa%)+g8F#+PV#sX>DvFcYDr8&j-BE+i=XM?Ub3@*Ud4F1T{9U=xAN^Rc z$es7>C$sOXjV3Q*yP}-E9(*+XEFV6zVYyTMJS2n}55+`6yFGkwUx1kZ>LZn~uWyex?5c|$-8O&hhTYF6kv=8~<4AQLpX!bg&O;83Eb%=0 zW72Ff;TbbHD_mLbTH92(qZi7kZ=yLpxECE$#AC9ZroEP!V)nh4oPUk)cZfa3n{Gx2 zoDkrw8cJ;UxflhlBSFbf3dm{AJ(V%q^dF$Kw!$LI89?&TtwM_D+E7h*&rc5-kj~{sXj;27zf&n6+A0CWtY^&@&)we zWKVd&zBtbrOrT=!3sNtoUm20B2_hEHv!|+Fk(fPpt8zwdtEcg3WL@6`5_E4Nz zsMo=H$a(Xkm>ZaW;XLl(t!}0x!TfMkDLI$ITx@L)(Vfq{OnAmN~Tq)a;+h~V2cDdQ#%U;_h4{- zszUlp+AA!7{1{sAw6b*VWQIo2R=4(+dY~*_w1M~`^hGWmrsDU>OiFtDGuO-_pKkT0 zQf5f5rAIU+Jx9-zhU@_ZpB_Ld8saRjkN7ai2&n;;J9; zPqXq>A)htde3Dtz&?~x2_2pP`aa}#|-0#tRi{BmXDLge5abMuhKAO|}o(0u@ldLEF zQr0VJ#m!MC3(m(-jfr!{puGU$+zUiq*}4sLwnq7VJ0|$ z*olP>@#ofTR=}TruJX-WoFbPr%w+bL^cg?hJS1s{MGX+y>8Ay}3WcR%7P4@YoE32vq z_~_tX8Q5_v7w-8bHYnS|U>@SHfbZ10IXp27EFv<5O~1ArS$d3&6U*Ou?mI_zf^M_> zmc*bP?mI`dCb)nVKT4hjdb^&jA7_C=%pl9@I~s*ujkL{H_GyjNJ>;_6Ey;)9yDJ=r zdAoR{>sUv8aq;Dvo>*N~QS1W=#DgD}hjx;P+e-8@f*CeVvrT4S%kalwT5$S<@ykKr z2`W~q?62eHqM0<9xSP2v+WmrCBxDnmv^VCy3sfGNwq5LKM2+Bxy$O1f)ckUvPnGb|6Yjm= zI^>@Zali?K^;eC*!j9Dq59AQqC#9O*8g@j_WX&bmc*f80bbhH;T3Ea{cM3PXH?Fk- z&VW*?L_74pfA#ogR47emxC0vS@l!Hgj}HyNovV!7qQ@GkOS;65^68C&V_uLpk|dm- zUVq$9{ewM?9XDUU_~FLlrdpyT(rGab@pk=;!nvd3d%n9hmmVZ^&4@H@1uc?qdmr^7 zmIe=RZM0Xtk)*$2!Zr70~<$u6o$-IKSY*Q^L~4R_({$G7T3copSSy&?hwjsFC6XY&+pb4 zBhBdilt(tw7BFn*3BtjdC1Pnic>g z&^)no2zTtK4~x;O7W1K*X(!WVPDdd|!@s_~(Xi&Tbz9l6Fq1r81UGB@^`lv{X?1Ns zJhdZFO6xO{ST*N)ozP%so9BJ#3L*`M5tSU5GrQAG(i?9I;;B1=pSBeH3F_|{>5D6? zCPniW^rqNUKXj-m*F2amF5Jo=<@nU){5zz40;(E0yf6VXj-0qnA366`_EmC37FhLq zBtPg|6It!i^vQN;DOM+Tu$Ja0l!Z=wad8e^Rq59s@C(jMzZ>Gd=L_{;gVbV>pGVi@ zaa+*eJqoMfoH>J8`fo2E-Bc3mD7c|6S^Di}+K}K6i~hprV@$e(OQZvjdp+9tC6R~B$!h* zB(-(qC}*ZBMFu~A3%!z=kyvGCH(gmQA_jVREfME#|S9$6<6<2NbFY* zP9p*m6w$k}jW}EQy-b(w)%2^e!zNYxC7(R*YzS*Z= zv=mE17iZ&r`fC1=s;_iu4{DLzv+px}`f&NlO(W>Q%?cRk5Moq=ab)QEfg%$%DHGy$ z=|mwLX+GPtUqc_hqqScKpeE}T`+l-=xvwS>4N6IFF zzr1(G!`ba_Sun5pry=nj&P=zMWn$qkZrW|bgWp>8*CJX1Yd^J(osl&VFH;wn+Ugl{ zo?0wx9y~KR;Ph}txJkfnq0%|Rr8Dh=o{Cf1=x2h0a=SweR>KvystVqsb+N9l@BHajl&o%R0BJW_+j9TsG0-W!B9=tY272284bPz?L1hQ8Ai@aW-DZgu`Np7KD?Zgm@=9(_b9o%B~%sL`JKa@z3!K z=VFSk(banH=$(;$DsGWMoNO&_G<8R-yPCD=17>bG=Y@2jf{qFlT-(kG^EeRlxQc7I z-RJUxlVa9I^}4z{$hWu~UelGbxx1qaj!DDf0<0_dCIN$1P=%{zwGE#`} zkbNRrlx5Iv>!n=$Ub=W?CZZVC)z_1+@K}W*Sp=LR9H#Z;2m`883=!k>1KC4exj__2$=z7(lLAXzkL(us^ zreO?76fb0!qA&XN`j5LVe&=1hVmBGlw73I-B~F*g=O6%zv)zsrx_qj5Jep?@D^ihO zg^cd;V)a4ytoBNfz_b&oN!={V(hEL$Er{~wj+W26pTZLubzMsi_szVrmGgM0%AqP1DlO_%er+E#24NWtkXhrpd;h^y~w zzU;)Ro^UrLy4%q+B=yG%y){Mw(>II~uV9BVd-S+Bqb2fEpK3|GzQcmdBKB3+a@Jl#%A@z2kx|%x{T^jQ!<2%J`!|~*%0Iq>#o9fENJ4rDnaba~x@e7w9 zMx9HPQ}nemIEAz#itUqZt>=F!Z->nw3L44}6{Iwed^VK-Fw?zMIN#jOS>NUIO>@`W z?Y*{xJ}BJTd4o;%8-meBY5c*tbdiBlC|y+O|k9YjXb6sfhkRlYHyLC$5=Q z1)Aust!e>AIDzX9o*jMaj}U|ciX#;Yb9qcfYvx<2C+-Wg1TYGuIX2mv`gT*hoVO(J zZe<(>^DysbU^#p22U+-ml&zhbr7y2f@5X-l#5d6dHIPr$_O_9a;iYjctDm`&zD_n6xu`$ei1!6d2GbnEk&jj zAg+Ug56YjUGO5;yGEc?^nmSTe)n>Ml6av$B2?PmQNWJVY+xsd41B8!i^I7BE?jTw8 zPPj$we?X+2J`%xEnkqnU)0V&1ERsuWAWZ6mtqzHl!4|Me$fZw-DNE_Zp68(f?w& zHYI3$!_UbkBR$U(SGOIVV{!}xTCK&#oKfrB!hC)qO$T%e9pcNEUaZpSJ&QZsSSKlk}{RZg`fZJJ^lz}iAV(^Mh;(cpP zG<5{Ix9&|T=mb)kh7PH;Ht)9KlJFv>7p8K|Nvy5pm6fV=IWkJOYOy>yO}1(J2Y`bi z#0KAb$P^b93dT|R+)|8h6qDap16)89>`vq(&dtc8hu=U8C+EF}!DJ4iV}yfCY)YPP zecTBCS_ZL}+caQTcKw;?!$Wx0MqrXw=X2)=R8@nwY+oqmdA_MEXApOG{Uw6&+#MU+ z4j0;tdr`(ksH%0-16B7+mdCO+Z%_(A&4iY6d zWvaUXYY@e~ObHYjr-BPo3x{!d1)qp+-vQ#m2{IT({0j?W;oH&G-S5)?Zmqw25CRSf znSR5%;n6zLPc;_53#8=6v}S0=QT6kQ=DQb~iAf2RLUGCJ+XpJ)IO@Y$d*+wncG@5m zO;23AnN|W0sgI>+fm6Ht{4zNGXrC~qa80LBQ>*=CmOGz&KOw%cT&155 zhxMqs1jO1{FxhODKuNyo7^IT?h_z8_FA%qcuqEwaLe_%OUNgt&V>z%GS>o!46wDxjDZNMY^k%BH#I)th=NkW)tr z+yw((Q;HUpr0)74%mv`7?)l=Ub;(hKqLj62dZfpxX&FgOYQ(1pr(R35Xb9Nq+O|QowKart4vr9Oqnz!RA+*haU zb5H`>QA*5&(CkB|FsCv!`v(SaTY?r=8JCg=4x~*p%?YlQ2p`aoC*O~|8VLYzd*A0% zW)dhyiB`F~2$R1t?b`J@z&huYrwq1rxcv3{NI-T_eFH^OJFUT6Nqe&;gq1lgPCSg>O7zcydf$I(LuC}WyF=^;jP4&3U$M zZq1(CIvA-&BG#N#YTjccJwM?US5O3%8D+qeaq67M!K1~x_Y{)C{vr4?Fn6OnvV-I= z(XnOHJZa!KcXP+`Lv{p@+rkqcA>$~ek6X5pTdHRThgDZDhg{8*C#WDtyk}9v{9ps5 zh72M#M{?d_7P!)%2UPjp0@gln-R^eZL11MxEj>;M@-OkS83{Pw4lli0@EvA?z{!TK zpp$Y&Jv{>PysLce^V#c=9%(SJxGM~Vds_yr6u@zL4;}XwQA7J3W;cD9R8pkY$9zu; z#-Jjr1iz3_M}2W{E8xXaKsb$QcjJ$$!E!rktLuok;l<}4XsI~LC=jJ+i`ehtgi<-9 z)+l1DU(*f{i5S2+6es&|dp|)vgEj~dikZ=_5;2Ytqf2nj*ep8f59ZzT3sqq>>`gz0GeVVf|)_askKz z_9qKvkXCWW#~y@(Am6||6nc9E&KoOmVRZ-iOamEfbIfbKl+{&=DUsp=Cfo0n?TbR7 zL;JH25ZG^ze56v=o)ASZym^kG@?lX8s1t$>vRA`%#+;w0tAPR|jsk)lpx>Y0o1|7` zC>hncQt}ifsEvXNzF!$}vG*BdU=Kn()KaX?E3TQn+^3=u`c#r5Qcv>tFUO5saJSOC z8nCoyz3X&9PALYQHes;0d{b|pD-%-&?`G_(^=bSu4gtr5+oss?uI7qwA(@&CXH^FD z7E^vm#C@KQ9(*eaqkm~BR-8o34Q;mguq&p-J>t^;Qc0Ck{5tHBs@Xxz2i{2cpWT{y z#YMeuQ}~%Q6>EFI{e-487i)o0n>ZE7yze>^`FEr~GF#uR>CYk>D(u7T_i~=*Dy7OY zdhi2T7r-c1M+*P5Kjt#A=Q|rqxqXX-B32h$-QS++1}Yzp8&HsW5IP%8`4hmR&7rFx z16?Ox8SAl&j6!v8W*fVwSWL|FvMA_VCDuC&5w&s#L;2R&$kX5$11DyaNM2R2w05^Y7i&q#gU$%RgY{5Nz`JuJ0 zGy@>EF=6(#c=Zwdw1&7aH47a1gkoJRG> z4U#?Dl@RW0Z7UiFVqV7?lnPzOozFbl4Hmn@urKu7-sUwj+DP+a!GH}3(uQS|)Sn3AKDUH{Z1hY~`<%X_e7LJ&*Fh_|Hf2VB=a$+nA0?v-OdX%uc`9vopM#uW z&yNBwt>fw>3@p2qK6fP2cn^A5@7`=Std?hQv7HQ+A&W;31biRKDh20%&zXy5sleAIZ@b#qg!H@)X zuKG>xD05cVn!JRE213&tV(9m#{^ra@$waqUM@GCRkoKr3gL>ItdSSDgQ*9aYqQ9@7 z1Vy*h#9>Na{{(AzdAuILUGd3@TQV-43r`|(_>dWTdLuv#svxvHGWB06=@ ziI6&dq>QFIx~bY#2^ND9p=5Ndp_W=lzVAi3k=gZ$Lm1dk-AXUJ9y03bKq)=PI1)n{Ah5OQkq@ z&81W6lf`KWCd#vX0!}lW(aI7lSYH1&bwOe`{x>0c&geNF%O?WouKupb+%r4x1uqyb zMTb6ww=69B?{>EAb!=;w)XzW6Sf_MNcDA^7a39ccn9@aDB_C;yiooU=nnadw>x0Bj z4SPM2*aM5;`>N9nya1FYItOz8%Z=P3E+&eeG|S!QGL4_zlusOYHGo&s5Aa*f>%Gh* zz89hFP4$q?r87Tgvv+xYFLhfCm6cPn`o7S7T&SYGrtiCMYSM`}%hz?JfLr-V;bJ2) zG8_<^(1-Fdl z3olf|H7I2`p2{&OnO;7|Yd@?nBO5L-1pZ<r_2-Yt$Cp%xsS`{>j`64xV&QorRhoJ(!ML!b{kgGr5m~Mm*ov zTBbM5hRR?AO4nZa>Nkhb+cOXrVKH@}IKCVt5Y=w(b?+u3O_QbirQ$8tq*!n-$^_IT z0Az5j{lOPq6=L+6=B`(KHL*Km^jBxr(Um?;r&UcahrQ~H9x|JF z{n7q`Z1r*W82X2A&9jdieL+uu{5`0i>rpz|;nN0zrTroGds!V?LCqzZcU~kMck?r@ zi;hutqq*jQGRedIo4Zf6rJk$?$i<#Xlrz%?P&tTe%$b&G+$^VW<0=vq>G9^0j05dg z4{>l6QWzF@HG2=V)QpMKtvYIDC=)U@%f&;uEX6$9R*aGplvC@r5E}0dTsxzFdmc~U z3^<59!Tz3^?rUIM-re(&LG=aUw1L!P=a%$Aqr&P}2Xr3ZegnrB&ztYnA#s2aeK}Hb zzXBBvwk@6)k5H+0gYF!`lt|>@66~e{#@bi189YG8r9gS8dc@%+vb@~1#5JQ{z|_&y zj{Cfk(9=D?`0C>fm@skC`%mo&WNu#Zx*6~*MmOVIu)0u_3%GvPeh0VYQ?UaL>>0={ zL>k*NvEL3=I`z5Y? zkIvQuHdH_JNsjT^0itz z%Nq*Z@oAV{#qCsq^d$vv^OdVg4Zk1O3yjXPOFp;MIaGDwRAPH^38N4DAOo!NH;6}9 zEQKIV+4HYGr^HRw-?NBI0131Yuf#=B+)2~1HRI$^7641n_rxxPe(jPr?)rQj-+M-v z+wu`Yob1Smq<4mr}ijuacvLdYRnq6Mg7PCwqk>h3Nqnw7Ri zj;b!%`y~|oulBzCk?Q~L{}>sWz3mZNW=6Jb-YAuknUTFYNM!FQnOS9JCgUI+vNJ+t zCC4T!viGrlpD&$0_kDl=f&2c!`Gvzd=k3$KyJMKhorlX6#&0FB??^b%6$B z?)o9#_0k(zpk8 z)s+7bbakack^~-)mlm3>@UL0zrZhURE7;|*XT9QKx_xKkCs{?C$ZAy6+wYRwYgPgZ zczh!(Y*B*siezG<7xQXrHl#dKMpwSFrpc>EIg1nC0;wD3M)auUSoX)ZtlT$hqVQq8 zLlk->#zWhWRAH23Akhhoi9t{T)>m8&(U7vbaF<}=*zN#(3J6Op;1P1xtSq;x(pM<) znMd5;xm6ZsdtbJu-1X>pj$kmm-38SL9wwrJDx@R-+zBwCv8QVdQ4fr~_&VM*o%8~- zW!KW$Bqb;xOoBp|+1Svvz?h8yG9gmdF;}Y+vdz6T-`3v4F|FR{uAz?+=-*3RisIk4 zcm*e{lx1;1m=+;Vp+MlDt=J}pBOf6rpSn;IH1Q9R(;swdTocF?!mW5u6LtNLMY3)R zd+!J6Io-gy36t465P_2#yW5k0z)t^M?iZe7pX1)|EWhTmqxFS$mA3#KO`dA^g{hOX z&|duxxD?vsq>4S5E!i4o!`l0uRQ`F%!wR^d?SyrFJuca&=xzudP!YYeq7Zxh zJEK#Cu2<`6F{)5q6S6!g?rNdOd&!5kjZ~oWYrjAP3s6MuBJ6CX12|z}%QEt1*D~Ki zM{`73ot3WC=10ksX8{b_q*CP@QVKTjhf0wfQeA=$muJ25B|fgXz|vdP*bzabM1 z&NtUtbt5M>g5Iv@6KmRO^5I1qTu?3ahU?dF%z&D@N<%9)t#B8f0x%P-u7v*K!HNjV zD2acZbpnD2E%>}tTE1?DOw1PrhT4-#W;+{avUgE-m74>b{=A?4D5gUA65J-AKRqH+rya)T*KE&v zTcS{Kd9207^JIUzu+6fGJyfudvHxXjge1SPy*>o5L!8;7I6XX`w7MfBQ_u$sBV0?R zqL@5H(YkJDTR#UbjuM1hK|^~;{23Z);SU#K%@#p;tF9i4q4qbWleG1A zFx#7j9YHQuwNIa;BmHf3*Z2)9IurI*^HhR<;k1V%vYiC9Nmw#dk9Je5s-!n#}yQh zFzH{UOc_d*CuKT7zoI<3!zOE3IpFDd>uT78Cu;$=f`^03!BM_sUIr2>>_FyXc^+KdsT<^9_U$&>1HSb)8l$(dLlPpF-spWDghIxW}v!_cm=U<-g4`ILluit+ z-Ghdw2#F(`JM_~tcN$kFq|K|_dQ925QajA&bsJg|3hu^l*y+;gG^PJb*G$+Y@y^nh zC#=Vd9z-+Bf9R(&jha&`%L4CJiP!_R$ckTbx|^Y6uu`)d{4`+17H96ksJ67c6wJt-xw4~@TsfEB(y;q^|2&{RkaK-C(2OLmA`v!!h(#KJ| zk`!8e$H7l3v9Z?mW?E_E#%X{DJtV18t$27e8w0{5Tivg_A&@dcAAmUPp@KBFTb?Yj z0qc6#4{SLs^H(xP0De z!aTs|aCCGhJ)cTMP_EhZ{@DuD{pOBwdhLr=O9||8mZ+&AXRtn)7Y236o;^opeG{S$ zxmfi8KortPRf!7Vqeap+wjFQ!QJ}H|(6Rs_$o1vZ6}(n~H%^JhO;W%$Udk0A7#`Ew zjP6Q6M4-j?qS@o*lia2BllQ8I>VRoeAQ}c&`42EFTD$l$g_aZOP2iS~mg4);YO$y( zuszZbU@fHU&%MCsO^GCgd(fv7V6q8-QvU+PzrRXJM#B*aiv}w*)93YeW4SEgi|$P* ztK&w<2@eBbq(HCTL5)o(0&fU8q+GGGwUiX5fEYRcm(M&8(D%4!QftMZ*X?u$aS<0N z<*4Mes?xgCcr_KQ+J9;fyQ)fE^`AP+B^snR@3a_F5wezdE{g??s;%a$wOif`VhvSv z5I_jO&s?DdwHFh{u@*7E6Ax~AaFG=Z#*h+KN(HE-21g%VutyyB!)(hJQ$`@M$JJF? zwQk#B)s$J-?I-8yI}vO3Acm7ruHNRhz)P}IbLq9@0CDuo6J zUx8>u@L_8-2{;7{P(S^>jQFs^U8|4S`J!0VWy*v zcf{k$A5A@wdK@DrXJ=f;2wC?eXidLD5FR1+NoIvIB8fkYHqiE$nCr7O8il_53@=MS z5m4sv?*_%=EFIryIP@3?a4$MT!x@~B-%E7^Z^#WlrMIbxT{e-wFoB~Apd%$*`ePh* z87lTU)<}u^tx1t>*vUARgRadlD^6ut_FH4QOQXW2@!9GEUx%F4X}cs6X>euS?8?wW zz~(AIHW#Rc++l}9o%#h2nr#3+ zTwUcc1pdoOXhCq*_`g@xub*!G5N40nrzay0ar7+oTuU#QLmYQdCtmx_E>6O-9Ele_ z-WjlNe@Y7(4g3mY=Gj}me*-{bD&kPKL;AIT$r~3lpy0Vjn&$a-tP;JEyaHiBxE;_1 z2Ua<&nusVN5m7@JO1X(p=!>H&d1dnPAOMcPHKW;nLv z;c7-Gb3|z;TFQjm&0-5>6=>LL+@yvx<$-?!M)WH8asD-qMefbY0@C^d5#$J`^$ZXK z+g%00X9T^>_hM!m2N5@ene+!BroTiW1QZJ)$O#D^cCk>ZJulbCAEdsGj$zZXgTdQ<1E801KAZw*tQW4wLNhhm&nTZi|=)n7jExp zRbH|(av0V-K?#H1Jfolj9cn80{@L?jEdEvIe0Y@R`{C?m0HDz(^2=s4SgYF_(cRqF z=VajA^IY51m2g_o%2~PIV~9tb&p5&n>$#UTapF9)lQ@XdfG?-k2iVor%sOyF=-?ZJ zW79rSgM0g}n<8W3!6HI^xP0)jpW3(zo;+P0YVrb&A(_F<-_s-#KYBSy`EIuFikf%( z%KIXS@yf*woDG6pW3Id+E~o7Cllt!duF?OVS2NXv3o=OrWl!_D^$=j))R<`#7kThe z1%iS}L4B{Jb_3FnHw_@j(&H_=GiYB9P3wRTPyYQorb;{7srl_&@fn;Wj`ILu6Y_Mm zW@}{d_;y!blV_K!CxEP9Shns&xqe)+$Y8O~wZuC}CcF`mZCQUx)I(GG_Nu-%{d0{Z zLZk5VnMlV>3k8^YWiUM!%wPMgngn#B*cNB$Hz2DNY8Kq3TY>A=!6D>V-IgPlSh??j z(15KO=&ggx;H|`(ZX8L!Nkn^hC`b;lB6E0wa=+aeDo0TY6YhDR59(5H-C%(i#9ly4hlz($wQ5v`PU46i-e)VoH|^i=Zk6C!0vjimT}`P`qqEEJtz{V6*I~~DwgfcceR>Pevbe)=HN;E&lMe#l8v%})WIihc5w+iDQ@T)T221kAUCVWEun&?< zPkBqdyb=`#el!!{ebYB{Y+@EaeH1|+fmqSkc?&a7L!a5uRR9dbu`Z_SWLOh$eC*Xk zSf*lM+oS6H@W?XE{*gzv?7h1o_9Il~Hop!5-eJOp*PRy!tiTRR1OOqh1vnhrXJo}m zTRq|eAO#M)@vh+ptr*?Uy&r76W4TT;q`X!xvS|gS?~3gQzH-ao(RxTmebfE)M!X#f z=j&QHymocd=dr4epIZs?%hF_T0>YgSU|ZpujgUV9zzuz(3YiHZpV7`_vu*aqx@u55 zdVb47xn*`W1MN}DYq~OGtxVcT)0lwhdd{Q=0@c>T<*!>lCS;?02M2gP4}^V|Rq${( z(fU55s=hiiKfj8ca4Vb4f%1kkiJp{-x80Hv&gMbq`}mAm7v7Eo?yC;kzyKFu+*{5@ z@1hcySV`JqBei_*wQEspP9dS2c2J`n3cquhOzRhu^zl&r@#;du+gEYjuO)9^|B5v;A$}@M%|lxiu*s;`u-0vN&!-#y>G$r3 zd{2VwJrswmQ6@~C5N$_MSys`xSDuO@+{L$7GsVDQW-YwGnPSlg3QddL!A>FzqhK~1do#ccSXN6z$zi~RCi$HUk z@nyVCe{e7(O}AeWZz(S^R%&ImX9AAae=W$U3Q_qTm|DQ$K;adU$gI8fyw?ae z$J)c6HFRdntJ3z4@26Q~k9d8VhsV|JEI3`ALgf(Yqjibbao@AU1?4r5yfz~GP#C?d zU3Oz?k&8yGr=JeStJIe>mt;smPb2!W$?_d7H`{{D$cvU>eBzh`%h8~x%^zHNv&Y^+N!0y7*D-#Ve zKSA4^JIwIbPo7LRIN~`l9mxW8z-7;dM*mjdjhy7r%HMzw4N8x3 zV&?svsuIHtK-??of986z=P>H71)KalfNc*rFtzZMLZq{9yV36lAI0hZ{W`Ci;DRFL zW^wg^Gwq?eQ2p>(`s$79PCME6nT%P$2x?sW?hhjG%;MteXK%Zazw3%zB+*UE&(uS) z+nt(@(ITXb<^;36QdLIZl4+W!L7AHQME9e&*Y6<0N*`A*`|sow158}{umi~dns+Y1<>v}V*8yM3_hF(UX7n2vIRd!E z@xN1Cl|OLKA!DyZ=T{P}yd?IW-Pr4{tfvJ4e73OnzTMr@=x+<=Mr(-O^bB-$_il^E zYBs4tv;*hxNpJW*5xM{wuc`Pw`@GikibQ*gM+XDHu&Kw#FZpdG(v1xr z&ZJ-^pGvI@slfS5Vju9);hCb-^m#vlQb2hWRG9&1N>60WU1=q9A@wSLdhy9}<_P(= zjigJK#z16qd{En!QR%Qk-|h}_!G&@)t^CRW%H!MgHdZ}rc|!KH8|=!jx>tWN#Dtwl zD0S3<^k#9fIC(_oc8{NwuM%t}v5Qj2Xuv>Tp~I;$_r#O0B_@K3PM20WgjR)qh!@=> zE#gJ?BzIVO!#j2=F0+$5)^bGqp>R>{e0XC*9Pzi=TRnmNiEoPZ-o>9c19Uy0MdmrBA5Em;_l`{QUW#jbydK z;$908Z;PGWbvjegy`Qa(&&TsjxxP45lHyrLiWgNK3$!@5r@S~rlBDIPj_Q$0UEi(d zxZZ%;@f$Q?&xxHo9MI^|tcfQ95ri=08-P8|o8z<3#bt3z2zbG0(8Jw)L2D=JU0E=g zki=LDg~d(p3W&8_GixhKNv`YTgNT`0E50#+`1C*iiP7cvE!S#hzifaP60Eg6~suH4GoMzabnTF zyGI(+fQ%kb=)K&%Kc7kmokfUx2Fm9|p=;_Qs!aEB`3nJH+i5@lm0Ip=vXCaWe#2hboV39fLXjDsS~iAEs@E;+-(91DY3#=}-h- zbgai_K%|BIwJ|!=)!$8+PRozG8LL#$*2X)*OFGf%_OdRf@x@Z{sMLC0*5;;F7i%;+ z>?kxP!wk1J0#Jgh_#EE8|+J0?7TSm?%-2f0(Fcj?pT>A|CXK_ARvC_>0 z3tDI*0g(u~KC@a6Vlg8sbq<+?;D)Ap>G|i~*}VPeNmrungBz(lJ^c{LJX$s+4~qF9 z{!0O~Z#lIT*K5Y`cL1K70~&*yfjRq8npARxLQ4`VolmJn@)f+waV>S-S*tN zfNdQ#c%VgV?!+!MN}M2BQaXpTyfd{;$9Dgf7+amiPqEaYJ`xI7K!YoByPsg-axWt! z#PQQcBt-ES=XoO#mzs?KL{wr>t%B72b3Pc#pjZ9=38+}!Ei*kJ)G%xPJo2O{6Ey^l z9eS=0c39qQzl^`!psWgcn>gM<(87+G^R)x7BMKY)LR>(=C_G{h?Z-eI_$^J~NH$uD z=_~oaR^`5+2kO9c+_{3&_N;`&{8JE%2h&=EpV!ghv7Yqqj|7^*FCdEd1BdEw4evuZ zW5qY|Eh`FwnhLXI*%4=d$UT}eYPZ_}T*{2Uz{+Q6KoTQk9V$j0rvv8+GnrOL~e zAEyD7v=ubdYK}g10RTk1xVWsyl<4_+5#)sjbH(#X9b0c4aOmU~7=}s>(AMr#&HP$OoVdNdO?V|9K3D%TU>11x$DN zHzmTEh;6^!zGb>Qc8qrt`HvSj4k4GeeH6YQ`Q^(;Lyv@A3U#HN!YApSr(agB(3rJ- zdEDvL)xiv2p-tesj9^CO`F4WQU23G5oH57ys0T3f^-O|TS42P8bBRfeTkHA&o;c3$ z!}oWlqT=TLz6u$I0fWJ3{aAQhuz=}e-qwhaL}^S;2MNn>W_YzcEV$!4_Cw-llVYN? zlcaQf0Hm|BKY`foBkJ6Du_T{mK+ji5l8Rk7-HdxN6UpGdJi*%<@rqVl*tVg5<|NP2 z0a$VSC?rnQ>3(~$Z{6ihFPh`M;-ki&yE#Klj`X7SbQPey3j!XA`Wd`P7fIUJCQ01- z_)L|gO!M>anC&$@N>vxkj3g_4EhJ868}NXU{DYo?!Qx*(Q|Lhj<`~uU4?RP+M)O5a zTpZR``xkP<;9OPJkPv=!E-8J~>2s|Dn}+0LQ>r_+3~5dKp| z-2Bb8O5*WeJubf^h>xpAiRl)6nUz@vVDw9B)MAB?X90{@iwcp7>t^*;=*wf(=HJXG z8@vAb9n{gGgPPLcF35b8+|YEiUoe7NYYJzrEYP9-4mb}y+6Z64^aX&o)!3^DWPE?R zcf*fD?I}q77ywr#Ld6+?u*F%I<*f9!_AYOX9e}}KE1T;{eo%Yx>R)E?QZo$?N>3(Z z?&oeO?~!JlENPM*Dx>|0B$ecSp?`|173Hx9EZ3?1-M*sJx%Hoe8A|@9f8Wa$8UWEe zWYi4-2PCK3%TIXeratI|P-=wa-Tp{20~nM@e>Iz)x{^{9V09zP=f1dZWC;aU0C8_% zd{TTu^J1#Il6x3$ai{$Nd$OuQX-kRN^VlVufkmOdymEgvSF+-&9N`y4FhuDz{<|{( zBc_VN$%`N4XgI>4MhUR?ybgRE&CJ8)y`X`ZP5{lgizGX+AbR1(ly46*;2E!iqKh!= z=cnG&kwd+cRa2(GL=9m~RHV}|)nHrxKonlNJ|4T&iIpFPMZyE3L?dTInVLD|r+*I> zBB;spR{_wjHK}cl07iRvSaheE*$|{-FonNF^|Y)lc+42G;_7;YZu112J8Us_BA zPU=LpjF(N82LhTmB{v{h`zv9@m7a0T?K`kQ8)*RzPa`6mzWGzG4kCGPxx_)tiH6 zAOKY3zgj*=uW!h)l>aMvUu$lsyckF|Qn$j?LMDFBzvzk~ETj{%h*7~{+JygW443=% zLsGJN@{i;M*AN;_m*iN&1*f8Z`Is6@dirH8Ld$lC*OgGf4q2O-Cr_fJqZ~$$#=(#j zFp(L+)WDvY5eD#mzs*hQ47P-e{u^`1xiU-+b!(L7V`E5q5gmk5mLS)Y&PaQ%XA~v?BoYq^JB*P1s{0 z(c06#NI2Yh&0?Xsj=LrAkjIDewGB)>U)xI*zp*vLgPJ~m}_FNqC1N}@uWZ6*~vzl?t#BvZqj`k z41%`KR})cK?vl{(O7P7QGSJ4r++rKIP=qb|1dWgE!v?6j5rk!=__}8VY#bge*x*j1tBN8axxQdBZ z?p<30oVQEZ8Q1KGt5pba{gZ%~j&$@x_sqP^J-Q6CATSC0OgH?m{0K$qKt^vhZDOv^ zrB%sx5WlPQ$|+L@o!jdG+@(BMe%#l^CTgw#qv$uRGy~P={JZ01KNI6hp##w%A4$KB zxf^;~d(XW)h)coU5W0>BDzZ;pcxA_2HV+yE1Cdj6ItKH!Zl4Z3J7fawGLV}>_bCWc z)7=Kqr+ZuO?p@LsV5t_(twKn&zc&bEKm3DPA*%)K`lt*)x!n9Ca83|8GG1TS0V`D8 zwyocD@jgo9&|+PYAXo)h!OE5nW+Nk_V3?ZE>3+*)=hMwoZMz__#6L`EpwN=h@}1yD zc7)~2QZpwWvK$E1&bC{VM)t-f(8^c$e802aEj@;KRXW*f5rqR?+Cu$YJNyqoAcZwT2}h zJW}F(ntMKygn@BNK9V-C*(<%tTu6Uk7nAS?6632!_i6>Qz%C>-MuiR@X^b7Nkl7pq zvE4>}fTRyI9-3RX7goLrhL`J#Hn6d$fx5_90!*ooC%Y*zr`O@2jJ_oMQCD>!cD@v} zR$4&;_mLNGkjgrA!z&>9cxlGkAl@3W;fte2sVXs`PvmEP1YIE&@6XA&^!k}fkM>J@ zzIHx>FC}L30VX?}?K_%|H+oAn7*QI?9kgRUqSBjLAJp~z|EOQ(=}ZqkeuPjUtXvCE zdKCzw6|HS}1Dd%{4zTXfL(u>X(Uvc#CmzWH?7y=~#|4$gc7=L%tn9^}sL2SkH7=HQ40O0py^kXG z_T(3Ez;_v(!O_6A^s=Qsr6pe(LAC!po7gbAX_kL&uwN%(7gb@P%6!sXX8LP8udzL^ zIG1?R+W7Z<@glJ`lc!-I$8Dof1uqg&S$%01>HCb)v$qgtya&a0N6T;LHuf~?kb_3x z3Xd^u_jHm)`SM|7HOC7kd)90VH+OafT@K3kvRrz~(?T8fW@dZBr~rQEFh$3^UtsL~Z+m{woqraijUQ}=Vy5qxw6#$lAJlWNZ=AXw<|`b=Gl*myA-)!ZpBV&*@M*z2ENd%LS6f7U!`D)4bN)!nLbHqC`du%AaYR0(I z^v_VFJDLE>r6Vv0(jS(z<{LfV@Hz*w@-oAGqrBI-t5m6F!A!Ix&{2meM*gv3GIwXwchB@QZiNLowKH613RqiQ z0-DLvRux_nyg2L9;(o?0|(@lsF$(6&Ly zmQ^^6F01T80$vuv_>$N8l|kmovK?1O7>(b75dlUM7Ih0jNU`8ks6r9a4+c9vb&%0* z#$Qo0QU&Ang_nQGYYX5p)vz(&THpV{UV7lEH;R5*`1shGd+&;jLfN~iPOb1Z7y(IEoaZx!UW`7V@KGi5 zQqx8L3csvJ^nDej!PTrSUX%+e3AVCiOE3BDe${ae>fp(Pp+E$o&?R7(9U8JCC0)7Ly%|#~%N!strGG28i>1zXR zNY$bOlFWIh>RqhccZ=TMEiTGP9n_HewI=k?NT4d@03X#G5|NCDLJ6QKmecFg7S}Y8 zJ#4~{jS!hWAhd?TXgM&73q1jk3zbk@@}GyA_5b&8%)BVf3)GzcZ~gm7dU^B~u+Xq3 zmc!hNR?-FN_rDKk?6Zj1HU|)4yin|FlW~rVdD)h5xjpF)L2&Q;>vN&eM=b0_&%66bLf zMiS>Lajp{o%T98l{xT7?3B;R~X|0i)m{!5B|5^VK`ycfW2 c{+CsP$m`it_z!0DQfM7_6;%E$k~0qcf2=Mi8~^|S literal 0 HcmV?d00001