From 1261c0dfd84a8f06eaa62c96e6adbc2142b752d3 Mon Sep 17 00:00:00 2001 From: Chris Long Date: Mon, 6 May 2019 09:26:59 -0700 Subject: [PATCH] Adding timestamps to scripts, Vagrantfile_prebuilt, logo --- Packer/scripts/compact.bat | 31 ++--- Packer/scripts/vm-guest-tools.bat | 48 +++---- README.md | 1 + Vagrant/Vagrantfile_Prebuilt | 120 ++++++++++++++++++ Vagrant/bootstrap.sh | 45 +++---- Vagrant/scripts/MakeWindows10GreatAgain.ps1 | 14 +- .../scripts/configure-AuditingPolicyGPOs.ps1 | 9 +- Vagrant/scripts/configure-ou.ps1 | 8 +- .../scripts/configure-powershelllogging.ps1 | 2 +- .../configure-pslogstranscriptsshare.ps1 | 2 +- Vagrant/scripts/configure-rdp-user-gpo.ps1 | 2 +- Vagrant/scripts/configure-wef-gpo.ps1 | 5 +- Vagrant/scripts/create-domain.ps1 | 16 +-- Vagrant/scripts/download_palantir_osquery.ps1 | 4 +- Vagrant/scripts/download_palantir_wef.ps1 | 4 +- Vagrant/scripts/fix-second-network.ps1 | 1 + .../scripts/install-autorunstowineventlog.ps1 | 2 +- Vagrant/scripts/install-bginfo.ps1 | 1 + Vagrant/scripts/install-choco-extras.ps1 | 4 +- Vagrant/scripts/install-inputsconf.ps1 | 14 +- Vagrant/scripts/install-microsoft-ata.ps1 | 32 ++--- Vagrant/scripts/install-osquery.ps1 | 2 +- Vagrant/scripts/install-redteam.ps1 | 10 +- Vagrant/scripts/install-splunkuf.ps1 | 4 +- Vagrant/scripts/install-sysinternals.ps1 | 19 +-- Vagrant/scripts/install-utilities.ps1 | 2 +- Vagrant/scripts/install-wefsubscriptions.ps1 | 14 +- Vagrant/scripts/install-windows_ta.ps1 | 8 +- Vagrant/scripts/join-domain.ps1 | 6 +- Vagrant/scripts/provision.ps1 | 12 +- img/DetectionLab.png | Bin 0 -> 106161 bytes 31 files changed, 272 insertions(+), 170 deletions(-) create mode 100644 Vagrant/Vagrantfile_Prebuilt create mode 100644 img/DetectionLab.png diff --git a/Packer/scripts/compact.bat b/Packer/scripts/compact.bat index d67c864..4ab6261 100755 --- a/Packer/scripts/compact.bat +++ b/Packer/scripts/compact.bat @@ -1,39 +1,32 @@ -if "%PACKER_BUILDER_TYPE:~0,6%"=="hyperv" ( - echo "Skip compact steps in Hyper-V build." - goto :eof +if not exist "C:\Windows\Temp\7z1900-x64.msi" ( + powershell -Command "(New-Object System.Net.WebClient).DownloadFile('https://www.7-zip.org/a/7z1900-x64.msi', 'C:\Windows\Temp\7z1900-x64.msi')" nul 2>&1 rmdir /S /Q C:\Windows\SoftwareDistribution\Download mkdir C:\Windows\SoftwareDistribution\Download net start wuauserv -if "%PACKER_BUILDER_TYPE%" neq "hyperv-iso" ( - cmd /c C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe --optimize --repeat C: - - cmd /c %SystemRoot%\System32\reg.exe ADD HKCU\Software\Sysinternals\SDelete /v EulaAccepted /t REG_DWORD /d 1 /f - cmd /c C:\Windows\Temp\sdelete.exe -q -z C: -) +cmd /c C:\Windows\Temp\ultradefrag-portable-6.1.0.amd64\udefrag.exe --optimize --repeat C: +cmd /c %SystemRoot%\System32\reg.exe ADD HKCU\Software\Sysinternals\SDelete /v EulaAccepted /t REG_DWORD /d 1 /f +cmd /c C:\Windows\Temp\sdelete.exe -q -z C: diff --git a/Packer/scripts/vm-guest-tools.bat b/Packer/scripts/vm-guest-tools.bat index 1dc65d7..cacb016 100755 --- a/Packer/scripts/vm-guest-tools.bat +++ b/Packer/scripts/vm-guest-tools.bat @@ -1,67 +1,51 @@ -if not exist "C:\Windows\Temp\7z920-x64.msi" ( - powershell -Command "Start-Sleep 5; Invoke-WebRequest -Uri 'https://astuteinternet.dl.sourceforge.net/project/sevenzip/7-Zip/9.20/7z920-x64.msi' -Outfile 'C:\Windows\Temp\7z920-x64.msi'" NUL -IF ERRORLEVEL 1060 cmd /c C:\Windows\Temp\VMWare\setup.exe /S /v"/qn REBOOT=R\" -sc query vmtools > NUL -IF ERRORLEVEL 1060 ECHO "Unable to install VMware Tools." & exit /b 1 - -rd /Q "C:\Windows\Temp\vmware-tools.tar" -rd /Q "C:\Windows\Temp\windows.iso" +del /Q "C:\Windows\Temp\vmware-tools.tar" +del /Q "C:\Windows\Temp\windows.iso" rd /S /Q "C:\Windows\Temp\VMware" goto :done :virtualbox if exist "C:\Users\vagrant\VBoxGuestAdditions.iso" ( - move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp + move /Y C:\Users\vagrant\VBoxGuestAdditions.iso C:\Windows\Temp ) if not exist "C:\Windows\Temp\VBoxGuestAdditions.iso" ( - powershell -Command "(New-Object System.Net.WebClient).DownloadFile('http://download.virtualbox.org/virtualbox/5.2.16/VBoxGuestAdditions_5.2.16.iso', 'C:\Windows\Temp\VBoxGuestAdditions.iso')" /dev/null; then # If which returns a non-zero return code, try to re-install the package @@ -53,9 +53,9 @@ fix_eth1_static_ip() { ifup eth1 ETH1_IP=$(ifconfig eth1 | grep 'inet addr' | cut -d ':' -f 2 | cut -d ' ' -f 1) if [ "$ETH1_IP" == "192.168.38.105" ]; then - echo "The static IP has been fixed and set to 192.168.38.105" + echo "[$(date +%H:%M:%S)]: The static IP has been fixed and set to 192.168.38.105" else - echo "Failed to fix the broken static IP for eth1. Exiting because this will cause problems with other VMs." + echo "[$(date +%H:%M:%S)]: Failed to fix the broken static IP for eth1. Exiting because this will cause problems with other VMs." exit 1 fi fi @@ -63,37 +63,37 @@ fix_eth1_static_ip() { install_golang() { if ! which go > /dev/null; then - echo "Installing Golang v.1.12..." + echo "[$(date +%H:%M:%S)]: Installing Golang v.1.12..." cd /home/vagrant || exit wget --progress=bar:force https://dl.google.com/go/go1.12.linux-amd64.tar.gz tar -C /usr/local -xzf go1.12.linux-amd64.tar.gz mkdir /root/go else - echo "Golang seems to be installed already. Skipping." + echo "[$(date +%H:%M:%S)]: Golang seems to be installed already. Skipping." fi } install_splunk() { # Check if Splunk is already installed if [ -f "/opt/splunk/bin/splunk" ]; then - echo "Splunk is already installed" + echo "[$(date +%H:%M:%S)]: Splunk is already installed" else - echo "Installing Splunk..." + echo "[$(date +%H:%M:%S)]: Installing Splunk..." # Get download.splunk.com into the DNS cache. Sometimes resolution randomly fails during wget below dig @8.8.8.8 download.splunk.com > /dev/null dig @8.8.8.8 splunk.com > /dev/null mkdir splunk # Try to resolve the latest version of Splunk by parsing the HTML on the downloads page - echo "Attempting to autoresolve the latest version of Splunk..." + echo "[$(date +%H:%M:%S)]: Attempting to autoresolve the latest version of Splunk..." LATEST_SPLUNK=$(curl https://www.splunk.com/en_us/download/splunk-enterprise.html | grep -i deb | grep -Eo "data-link=\"................................................................................................................................" | cut -d '"' -f 2) # Sanity check what was returned from the auto-parse attempt if [[ "$(echo $LATEST_SPLUNK | grep -c "^https:")" -eq 1 ]] && [[ "$(echo $LATEST_SPLUNK | grep -c "\.deb$")" -eq 1 ]]; then - echo "The URL to the latest Splunk version was automatically resolved as: $LATEST_SPLUNK" - echo "Attempting to download..." + echo "[$(date +%H:%M:%S)]: The URL to the latest Splunk version was automatically resolved as: $LATEST_SPLUNK" + echo "[$(date +%H:%M:%S)]: Attempting to download..." wget --progress=bar:force -P splunk/ "$LATEST_SPLUNK" else - echo "Unable to auto-resolve the latest Splunk version. Falling back to hardcoded URL..." + echo "[$(date +%H:%M:%S)]: Unable to auto-resolve the latest Splunk version. Falling back to hardcoded URL..." # Download Hardcoded Splunk wget --progress=bar:force -O splunk/splunk-7.2.6-c0bf0f679ce9-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.2.6&product=splunk&filename=splunk-7.2.6-c0bf0f679ce9-linux-2.6-amd64.deb&wget=true' fi @@ -129,11 +129,11 @@ install_splunk() { sed -i.bak 's/max_memtable_bytes = 10000000/max_memtable_bytes = 30000000/g' /opt/splunk/etc/system/local/limits.conf # Skip Splunk Tour and Change Password Dialog - echo "Disabling the Splunk tour prompt..." + echo "[$(date +%H:%M:%S)]: Disabling the Splunk tour prompt..." touch /opt/splunk/etc/.ui_login mkdir /opt/splunk/etc/users/admin/search/local echo -e "[search-tour]\nviewed = 1" > /opt/splunk/etc/users/admin/search/local/ui-tour.conf - + # Enable SSL Login for Splunk echo -e "[settings]\nenableSplunkWebSSL = true" > /opt/splunk/etc/system/local/web.conf # Reboot Splunk to make changes take effect @@ -147,9 +147,9 @@ install_splunk() { install_fleet() { # Install Fleet if [ -f "/home/vagrant/kolide-quickstart" ]; then - echo "Fleet is already installed" + echo "[$(date +%H:%M:%S)]: Fleet is already installed" else - echo "Installing Fleet..." + echo "[$(date +%H:%M:%S)]: Installing Fleet..." echo -e "\n127.0.0.1 kolide" >> /etc/hosts echo -e "\n127.0.0.1 logger" >> /etc/hosts git clone https://github.com/kolide/kolide-quickstart.git @@ -168,10 +168,10 @@ install_fleet() { download_palantir_osquery_config() { if [ -f /home/vagrant/osquery-configuration ]; then - echo "osquery configs have already been downloaded" + echo "[$(date +%H:%M:%S)]: osquery configs have already been downloaded" else # Import Palantir osquery configs into Fleet - echo "Downloading Palantir configs..." + echo "[$(date +%H:%M:%S)]: Downloading Palantir osquery configs..." git clone https://github.com/palantir/osquery-configuration.git fi } @@ -198,6 +198,7 @@ import_osquery_config_into_fleet() { } install_bro() { + echo "[$(date +%H:%M:%S)]: Installing Bro..." # Environment variables NODECFG=/opt/bro/etc/node.cfg SPLUNK_BRO_JSON=/opt/splunk/etc/apps/TA-bro_json @@ -279,7 +280,7 @@ install_bro() { install_suricata() { # Run iwr -Uri testmyids.com -UserAgent "BlackSun" in Powershell to generate test alerts - + echo "[$(date +%H:%M:%S)]: Installing Suricata..." # Install yq to maniuplate the suricata.yaml inline /usr/local/go/bin/go get -u github.com/mikefarah/yq @@ -344,7 +345,7 @@ install_suricata() { test_suricata_prerequisites() { for package in suricata crudini do - echo "[TEST] Validating that $package is correctly installed..." + echo "[$(date +%H:%M:%S)]: [TEST] Validating that $package is correctly installed..." # Loop through each package using dpkg if ! dpkg -S $package > /dev/null; then # If which returns a non-zero return code, try to re-install the package @@ -361,7 +362,7 @@ test_suricata_prerequisites() { done # One-off support for packages which aren't installed via dpkg - echo "[TEST] Validating that yq is correctly installed..." + echo "[$(date +%H:%M:%S)]: [TEST] Validating that yq is correctly installed..." # Check if the binary exists if ! [ -f /root/go/bin/yq ]; then # If it doesn't exist, try to re-install the package diff --git a/Vagrant/scripts/MakeWindows10GreatAgain.ps1 b/Vagrant/scripts/MakeWindows10GreatAgain.ps1 index e4b0487..e2c5db2 100644 --- a/Vagrant/scripts/MakeWindows10GreatAgain.ps1 +++ b/Vagrant/scripts/MakeWindows10GreatAgain.ps1 @@ -1,20 +1,20 @@ # Import the registry keys -Write-Host "Making Windows 10 Great again" -Write-Host "Importing registry keys..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Making Windows 10 Great again" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing registry keys..." regedit /s a:\MakeWindows10GreatAgain.reg # Remove OneDrive from the System -Write-Host "Removing OneDrive..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing OneDrive..." $onedrive = Get-Process onedrive -ErrorAction SilentlyContinue if ($onedrive) { taskkill /f /im OneDrive.exe } c:\Windows\SysWOW64\OneDriveSetup.exe /uninstall -Write-Host "Running Update-Help..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Running Update-Help..." Update-Help -Force -ErrorAction SilentlyContinue -Write-Host "Removing Microsoft Store and Edge shortcuts from the taskbar..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Removing Microsoft Store and Edge shortcuts from the taskbar..." $appname = "Microsoft Edge" ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} $appname = "Microsoft Store" @@ -22,13 +22,13 @@ $appname = "Microsoft Store" $appname = "Mail" ((New-Object -Com Shell.Application).NameSpace('shell:::{4234d49b-0245-4df3-b780-3893943456e1}').Items() | ?{$_.Name -eq $appname}).Verbs() | ?{$_.Name.replace('&','') -match 'Unpin from taskbar'} | %{$_.DoIt(); $exec = $true} -Write-Host "Disabling automatic screen turnoff in order to prevent screen locking..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Disabling automatic screen turnoff in order to prevent screen locking..." powercfg -change -monitor-timeout-ac 0 powercfg -change -standby-timeout-ac 0 powercfg -change -hibernate-timeout-ac 0 # Download and install ShutUp10 -Write-Host "Downloading ShutUp10..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading ShutUp10..." [Net.ServicePointManager]::SecurityProtocol = "tls12, tls11, tls" $shutUp10DownloadUrl = "https://dl5.oo-software.com/files/ooshutup10/OOSU10.exe" $shutUp10RepoPath = "C:\Users\vagrant\AppData\Local\Temp\OOSU10.exe" diff --git a/Vagrant/scripts/configure-AuditingPolicyGPOs.ps1 b/Vagrant/scripts/configure-AuditingPolicyGPOs.ps1 index 5708127..fa0ac69 100644 --- a/Vagrant/scripts/configure-AuditingPolicyGPOs.ps1 +++ b/Vagrant/scripts/configure-AuditingPolicyGPOs.ps1 @@ -1,5 +1,5 @@ # Purpose: Installs the GPOs for the custom WinEventLog auditing policy. -Write-Host "Configuring auditing policy GPOS..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Configuring auditing policy GPOs..." $GPOName = 'Domain Controllers Enhanced Auditing Policy' $OU = "ou=Domain Controllers,dc=windomain,dc=local" Write-Host "Importing $GPOName..." @@ -17,7 +17,7 @@ else } $GPOName = 'Servers Enhanced Auditing Policy' $OU = "ou=Servers,dc=windomain,dc=local" -Write-Host "Importing $GPOName..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing $GPOName..." Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\Servers_Enhanced_Auditing_Policy" -TargetName $GPOName -CreateIfNeeded $gpLinks = $null $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions @@ -32,8 +32,8 @@ else } $GPOName = 'Workstations Enhanced Auditing Policy' -$OU = "ou=Workstations,dc=windomain,dc=local" -Write-Host "Importing $GPOName..." +$OU = "ou=Workstations,dc=windomain,dc=local" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing $GPOName..." Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\Workstations_Enhanced_Auditing_Policy" -TargetName $GPOName -CreateIfNeeded $gpLinks = $null $gPLinks = Get-ADOrganizationalUnit -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions @@ -46,4 +46,3 @@ else { Write-Host "GpLink $GPOName already linked on $OU. Moving On." } - diff --git a/Vagrant/scripts/configure-ou.ps1 b/Vagrant/scripts/configure-ou.ps1 index cf078d6..8b8022d 100644 --- a/Vagrant/scripts/configure-ou.ps1 +++ b/Vagrant/scripts/configure-ou.ps1 @@ -1,6 +1,6 @@ # Purpose: Sets up the Server and Workstations OUs -Write-Host "Checking AD services status..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Checking AD services status..." $svcs = "adws","dns","kdc","netlogon" Get-Service -name $svcs -ComputerName localhost | Select Machinename,Name,Status @@ -11,8 +11,8 @@ Add-Content "c:\windows\system32\drivers\etc\hosts" " 192.168.38.102 d ping /n 1 dc.windomain.local ping /n 1 windomain.local -Write-Host "Creating Server and Workstation OUs..." -Write-Host "Creating Servers OU..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Server and Workstation OUs..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Servers OU..." if (!([ADSI]::Exists("LDAP://OU=Servers,DC=windomain,DC=local"))) { @@ -23,7 +23,7 @@ else Write-Host "Servers OU already exists. Moving On." } -Write-Host "Creating Workstations OU" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating Workstations OU" if (!([ADSI]::Exists("LDAP://OU=Workstations,DC=windomain,DC=local"))) { New-ADOrganizationalUnit -Name "Workstations" -Server "dc.windomain.local" diff --git a/Vagrant/scripts/configure-powershelllogging.ps1 b/Vagrant/scripts/configure-powershelllogging.ps1 index 213c323..f4a47d2 100755 --- a/Vagrant/scripts/configure-powershelllogging.ps1 +++ b/Vagrant/scripts/configure-powershelllogging.ps1 @@ -1,5 +1,5 @@ # Purpose: Install the GPO that specifies the WEF collector -Write-Host "Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to enable Powershell Module, ScriptBlock and Transcript logging..." Import-GPO -BackupGpoName 'Powershell Logging' -Path "c:\vagrant\resources\GPO\powershell_logging" -TargetName 'Powershell Logging' -CreateIfNeeded $OU = "ou=Workstations,dc=windomain,dc=local" $gPLinks = $null diff --git a/Vagrant/scripts/configure-pslogstranscriptsshare.ps1 b/Vagrant/scripts/configure-pslogstranscriptsshare.ps1 index e76da63..6a83d46 100755 --- a/Vagrant/scripts/configure-pslogstranscriptsshare.ps1 +++ b/Vagrant/scripts/configure-pslogstranscriptsshare.ps1 @@ -1,6 +1,6 @@ # Purpose: Configure an SMB share for Powershell transcription logs to be written to # Source: https://blogs.msdn.microsoft.com/powershell/2015/06/09/powershell-the-blue-team/ -Write-Host "Configuring the Powershell Transcripts Share" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Configuring the Powershell Transcripts Share" If (-not (Test-Path c:\pslogs)) { md c:\pslogs diff --git a/Vagrant/scripts/configure-rdp-user-gpo.ps1 b/Vagrant/scripts/configure-rdp-user-gpo.ps1 index 19a1452..bb28168 100644 --- a/Vagrant/scripts/configure-rdp-user-gpo.ps1 +++ b/Vagrant/scripts/configure-rdp-user-gpo.ps1 @@ -1,5 +1,5 @@ # Purpose: Install the GPO that allows windomain\vagrant to RDP -Write-Host "Importing the GPO to allow windomain/vagrant to RDP..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to allow windomain/vagrant to RDP..." Import-GPO -BackupGpoName 'Allow Domain Users RDP' -Path "c:\vagrant\resources\GPO\rdp_users" -TargetName 'Allow Domain Users RDP' -CreateIfNeeded $OU = "ou=Workstations,dc=windomain,dc=local" diff --git a/Vagrant/scripts/configure-wef-gpo.ps1 b/Vagrant/scripts/configure-wef-gpo.ps1 index c04cde8..f7d1486 100644 --- a/Vagrant/scripts/configure-wef-gpo.ps1 +++ b/Vagrant/scripts/configure-wef-gpo.ps1 @@ -1,9 +1,10 @@ # Purpose: Installs the GPOs needed to specify a Windows Event Collector and makes certain event channels readable by Event Logger -Write-Host "Importing the GPO to specify the WEF collector" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to specify the WEF collector" $GPOName = 'Windows Event Forwarding Server' Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded $gpLinks = $null $OU = "OU=Servers,dc=windomain,dc=local" + $gPLinks = Get-ADOrganizationalUnit -Server "dc.windomain.local" -Identity $OU -Properties name,distinguishedName, gPLink, gPOptions $GPO = Get-GPO -Name $GPOName If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) @@ -33,7 +34,7 @@ If ($gPLinks.LinkedGroupPolicyObjects -notcontains $gpo.path) Write-Host "GpLink $GPOName already linked on $OU. Moving On." } -Write-Host "Importing the GPO to modify ACLs on Custom Event Channels" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Importing the GPO to modify ACLs on Custom Event Channels" $GPOName = 'Custom Event Channel Permissions' Import-GPO -BackupGpoName $GPOName -Path "c:\vagrant\resources\GPO\wef_configuration" -TargetName $GPOName -CreateIfNeeded diff --git a/Vagrant/scripts/create-domain.ps1 b/Vagrant/scripts/create-domain.ps1 index 33b8170..0cef2c3 100644 --- a/Vagrant/scripts/create-domain.ps1 +++ b/Vagrant/scripts/create-domain.ps1 @@ -8,11 +8,11 @@ $domain= "windomain.local" if ((gwmi win32_computersystem).partofdomain -eq $false) { - Write-Host 'Installing RSAT tools' + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing RSAT tools" Import-Module ServerManager Add-WindowsFeature RSAT-AD-PowerShell,RSAT-AD-AdminCenter - Write-Host 'Creating domain controller' + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating domain controller..." # Disable password complexity policy secedit /export /cfg C:\secpol.cfg (gc C:\secpol.cfg).replace("PasswordComplexity = 1", "PasswordComplexity = 0") | Out-File C:\secpol.cfg @@ -48,13 +48,13 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) { $newDNSServers = "127.0.0.1", "8.8.8.8", "4.4.4.4" $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object { $_.IPAddress -And ($_.IPAddress).StartsWith($subnet) } if ($adapters) { - Write-Host Setting DNS + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting DNS" $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)} } - Write-Host "Setting timezone to UTC" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC" c:\windows\system32\tzutil.exe /s "UTC" - - Write-Host "Excluding NAT interface from DNS" + + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Excluding NAT interface from DNS" $nics=Get-WmiObject "Win32_NetworkAdapterConfiguration where IPEnabled='TRUE'" |? { $_.IPAddress[0] -ilike "172.25.*" } $dnslistenip=$nics.IPAddress $dnslistenip @@ -74,11 +74,11 @@ if ((gwmi win32_computersystem).partofdomain -eq $false) { foreach($RR in $RRs) { if ( (Select-Object -InputObject $RR HostName,RecordType -ExpandProperty RecordData).IPv4Address -ilike "10.*") - { + { Remove-DnsServerResourceRecord -ZoneName $domain -RRType A -Name "@" -RecordData $RR.RecordData.IPv4Address -Confirm } } Restart-Service DNS - + } diff --git a/Vagrant/scripts/download_palantir_osquery.ps1 b/Vagrant/scripts/download_palantir_osquery.ps1 index a699c63..d20c7dd 100644 --- a/Vagrant/scripts/download_palantir_osquery.ps1 +++ b/Vagrant/scripts/download_palantir_osquery.ps1 @@ -1,6 +1,6 @@ # Purpose: Downloads and unzips a copy of the Palantir osquery Github Repo. These configs are added to the Fleet server in bootstrap.sh. # The items from this config file are used later in install-osquery.ps1 -Write-Host "Downloading and unzipping the Palantir osquery Repo from Github..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and unzipping the Palantir osquery Repo from Github..." $osqueryRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\osquery-Master.zip' if (-not (Test-Path $osqueryRepoPath)) @@ -14,4 +14,4 @@ else { Write-Host "$osqueryRepoPath already exists. Moving On." } -Write-Host "Palantir osquery config download complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Palantir osquery config download complete!" diff --git a/Vagrant/scripts/download_palantir_wef.ps1 b/Vagrant/scripts/download_palantir_wef.ps1 index 14dade2..a5a3c3c 100644 --- a/Vagrant/scripts/download_palantir_wef.ps1 +++ b/Vagrant/scripts/download_palantir_wef.ps1 @@ -1,6 +1,6 @@ # Purpose: Downloads and unzips a copy of the Palantir WEF Github Repo. This includes WEF subscriptions and custom WEF channels. -Write-Host "Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading and unzipping the Palantir Windows Event Forwarding Repo from Github..." $wefRepoPath = 'C:\Users\vagrant\AppData\Local\Temp\wef-Master.zip' @@ -15,4 +15,4 @@ else { Write-Host "$wefRepoPath already exists. Moving On." } -Write-Host "Palantir WEF download complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Palantir WEF download complete!" diff --git a/Vagrant/scripts/fix-second-network.ps1 b/Vagrant/scripts/fix-second-network.ps1 index a032d15..4c199cc 100755 --- a/Vagrant/scripts/fix-second-network.ps1 +++ b/Vagrant/scripts/fix-second-network.ps1 @@ -5,6 +5,7 @@ if (! (Test-Path 'C:\Program Files\VMware\VMware Tools')) { Write-Host "Nothing to do for other providers than VMware." exit 0 } +Write-Host "$('[{0:HH:mm}]' -f (Get-Date))" Write-Host "Setting IP address and DNS information for the Ethernet1 interface" Write-Host "If this step times out, it's because vagrant is connecting to the VM on the wrong interface" Write-Host "See https://github.com/clong/DetectionLab/issues/114 for more information" diff --git a/Vagrant/scripts/install-autorunstowineventlog.ps1 b/Vagrant/scripts/install-autorunstowineventlog.ps1 index c93bc52..693331c 100644 --- a/Vagrant/scripts/install-autorunstowineventlog.ps1 +++ b/Vagrant/scripts/install-autorunstowineventlog.ps1 @@ -1,6 +1,6 @@ # Purpose: Installs AutorunsToWinEventLog from the Palantir WEF repo: (https://github.com/palantir/windows-event-forwarding/tree/master/AutorunsToWinEventLog) # TL;DR - Logs all entries from Autoruns to the Windows event log to be indexed by Splunk -Write-Host "Installing AutorunsToWinEventLog..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing AutorunsToWinEventLog..." If ((Get-ScheduledTask -TaskName "AutorunsToWinEventLog" -ea silent) -eq $null) { . c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\AutorunsToWinEventLog\Install.ps1 diff --git a/Vagrant/scripts/install-bginfo.ps1 b/Vagrant/scripts/install-bginfo.ps1 index 589c1b0..bb127d3 100755 --- a/Vagrant/scripts/install-bginfo.ps1 +++ b/Vagrant/scripts/install-bginfo.ps1 @@ -1,5 +1,6 @@ # Installs BGInfo on the host for easy identification # Source: https://github.com/StefanScherer/adfs2 +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing BGInfo..." if (!(Test-Path 'c:\Program Files\sysinternals')) { New-Item -Path 'c:\Program Files\sysinternals' -type directory -Force -ErrorAction SilentlyContinue } diff --git a/Vagrant/scripts/install-choco-extras.ps1 b/Vagrant/scripts/install-choco-extras.ps1 index a5d8bbd..5fd4cd3 100644 --- a/Vagrant/scripts/install-choco-extras.ps1 +++ b/Vagrant/scripts/install-choco-extras.ps1 @@ -1,6 +1,6 @@ # Purpose: Install additional packages from Chocolatey. -Write-Host "Installing additional Choco packages..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing additional Choco packages..." If (-not (Test-Path "C:\ProgramData\chocolatey")) { Write-Host "Installing Chocolatey" @@ -13,4 +13,4 @@ Write-Host "Installing Chocolatey extras..." choco install -y --limit-output --no-progress wireshark choco install -y --limit-output --no-progress winpcap -Write-Host "Choco addons complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Choco addons complete!" diff --git a/Vagrant/scripts/install-inputsconf.ps1 b/Vagrant/scripts/install-inputsconf.ps1 index 2dcd282..b061168 100755 --- a/Vagrant/scripts/install-inputsconf.ps1 +++ b/Vagrant/scripts/install-inputsconf.ps1 @@ -1,6 +1,6 @@ # Purpose: Configures the inputs.conf for the Splunk forwarders on the Windows hosts -Write-Host "Setting up Splunk Inputs for Sysmon & osquery" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting up Splunk Inputs for Sysmon & osquery" $inputsPath = "C:\Program Files\SplunkUniversalForwarder\etc\apps\SplunkUniversalForwarder\local\inputs.conf" $currentContent = get-content $inputsPath @@ -8,22 +8,22 @@ $targetContent = get-content c:\vagrant\resources\splunk_forwarder\inputs.conf if ($currentContent -ne $targetContent) { - Write-Host "Stopping the Splunk forwarder" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Stopping the Splunk forwarder" try { Stop-Service splunkforwarder -ErrorAction Stop } catch { - Write-Host "Failed to stop SplunkForwarder. Trying again..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Failed to stop SplunkForwarder. Trying again..." Set-Location "C:\Program Files\SplunkUniversalForwarder\bin" & ".\splunk.exe" "stop" } - Write-Host "Deleting the default configuration" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Deleting the default configuration" Remove-Item $inputsPath - Write-Host "Copying over the custom configuration" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying over the custom configuration" Copy-Item c:\vagrant\resources\splunk_forwarder\inputs.conf $inputsPath - Write-Host "Starting the Splunk forwarder" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting the Splunk forwarder" Start-Service splunkforwarder } else @@ -34,4 +34,4 @@ If ((Get-Service -name splunkforwarder).Status -ne "Running") { throw "splunkforwarder service was not running." } -Write-Host "Splunk forwarder installation complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Splunk forwarder installation complete!" diff --git a/Vagrant/scripts/install-microsoft-ata.ps1 b/Vagrant/scripts/install-microsoft-ata.ps1 index 426972f..a3f1bcc 100644 --- a/Vagrant/scripts/install-microsoft-ata.ps1 +++ b/Vagrant/scripts/install-microsoft-ata.ps1 @@ -28,7 +28,7 @@ public static class SSLValidator { if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center")) { $download = $false - if (-not (Test-Path "$env:temp\$title.iso")) + if (-not (Test-Path "$env:temp\$title.iso")) { Write-Host "$title.iso doesn't exist yet, downloading..." $download = $true @@ -40,13 +40,13 @@ if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center { Write-Host "$title.iso exists, but has wrong hash, downloading..." $download = $true - } + } } if ($download -eq $true) { Write-Host "Downloading $title..." Invoke-WebRequest -Uri $downloadUrl -OutFile "$env:temp\$title.iso" - $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash + $actualHash = (Get-FileHash -Algorithm SHA256 -Path "$env:temp\$title.iso").Hash If (-not ($actualHash -eq $fileHash)) { throw "$title.iso was not downloaded correctly: hash from downloaded file: $actualHash, should've been: $fileHash" @@ -59,19 +59,19 @@ if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center $Install $Mount | Dismount-DiskImage -Confirm:$false $body = get-content "C:\vagrant\resources\microsoft_ata\microsoft-ata-config.json" - + $req = [System.Net.WebRequest]::CreateHttp("https://wef") - try + try { $req.GetResponse() } - catch + catch { # we don't care about errors here, we just want to get the cert ;) } $ThumbPrint = $req.ServicePoint.Certificate.GetCertHashString() $body = $body -replace "{{THUMBPRINT}}", $ThumbPrint - + Invoke-RestMethod -uri https://localhost/api/management/systemProfiles/center -body $body -Method Post -UseBasicParsing -UseDefaultCredentials -ContentType "application/json" } @@ -79,9 +79,9 @@ if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics\Center Start-Sleep -Seconds 60 Invoke-Command -computername dc -Credential (new-object pscredential("windomain\vagrant",(ConvertTo-SecureString -AsPlainText -Force -String "vagrant"))) -ScriptBlock { - - Write-Host "[$env:computername] Installing ATA Lightweight gateway..." - + + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) [$env:computername] Installing ATA Lightweight gateway..." + # Enable web requests to endpoints with invalid SSL certs (like self-signed certs) if (-not("SSLValidator" -as [type])) { add-type -TypeDefinition @" @@ -89,13 +89,13 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\ using System.Net; using System.Net.Security; using System.Security.Cryptography.X509Certificates; - + public static class SSLValidator { public static bool ReturnTrue(object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors) { return true; } - + public static RemoteCertificateValidationCallback GetDelegate() { return new RemoteCertificateValidationCallback(SSLValidator.ReturnTrue); } @@ -103,7 +103,7 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\ "@ } [System.Net.ServicePointManager]::ServerCertificateValidationCallback = [SSLValidator]::GetDelegate() - + If (-not (Test-Path "$env:temp\gatewaysetup.zip")) { Invoke-WebRequest -uri https://wef/api/management/softwareUpdates/gateways/deploymentPackage -UseBasicParsing -OutFile "$env:temp\gatewaysetup.zip" -Credential (new-object pscredential("wef\vagrant",(convertto-securestring -AsPlainText -Force -String "vagrant"))) @@ -115,10 +115,10 @@ Invoke-Command -computername dc -Credential (new-object pscredential("windomain\ } if (-not (Test-Path "C:\Program Files\Microsoft Advanced Threat Analytics")) { - Set-Location "$env:temp\gatewaysetup" + Set-Location "$env:temp\gatewaysetup" Start-Process -Wait -FilePath ".\Microsoft ATA Gateway Setup.exe" -ArgumentList "/q NetFrameworkCommandLineArguments=`"/q`" ConsoleAccountName=`"wef\vagrant`" ConsoleAccountPassword=`"vagrant`"" } - else + else { Write-Host "[$env:computername] ATA Gateway already installed. Moving On." } @@ -144,4 +144,4 @@ Invoke-RestMethod -Uri "https://localhost/api/management/systemProfiles/gateways If ((Get-Service -name "ATACenter").Status -ne "Running") { throw "MS ATA service was not running." -} \ No newline at end of file +} diff --git a/Vagrant/scripts/install-osquery.ps1 b/Vagrant/scripts/install-osquery.ps1 index 522749b..bc63efb 100755 --- a/Vagrant/scripts/install-osquery.ps1 +++ b/Vagrant/scripts/install-osquery.ps1 @@ -2,7 +2,7 @@ # Note: by default, osquery will be configured to connect to the Fleet server on the "logger" host via TLS. # If you would like to have osquery run without TLS & Fleet, uncomment line 15 and comment lines 21-30. -Write-Host "Installing osquery" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing osquery..." $packsDir = "c:\programdata\osquery\packs" choco install -y --limit-output --no-progress osquery | Out-String # Apparently Out-String makes the process wait $service = Get-WmiObject -Class Win32_Service -Filter "Name='osqueryd'" diff --git a/Vagrant/scripts/install-redteam.ps1 b/Vagrant/scripts/install-redteam.ps1 index d214c0a..fcd2efe 100644 --- a/Vagrant/scripts/install-redteam.ps1 +++ b/Vagrant/scripts/install-redteam.ps1 @@ -1,11 +1,11 @@ # Purpose: Installs Mimikatz and Powersploit into c:\Tools\Mimikatz. Used to install redteam related tooling. -Write-Host "Installing Red Team Tooling..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Red Team Tooling..." # Windows Defender should be disabled already by O&O ShutUp10 # Purpose: Downloads and unzips a copy of the latest Mimikatz trunk -Write-Host "Determining latest release of Mimikatz..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Determining latest release of Mimikatz..." # GitHub requires TLS 1.2 as of 2/27 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $tag = (Invoke-WebRequest "https://api.github.com/repos/gentilkiwi/mimikatz/releases" -UseBasicParsing | ConvertFrom-Json)[0].tag_name @@ -22,7 +22,7 @@ else } # Download and unzip a copy of PowerSploit -Write-Host "Downloading Powersploit..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Powersploit..." # GitHub requires TLS 1.2 as of 2/27 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $powersploitDownloadUrl = "https://github.com/PowerShellMafia/PowerSploit/archive/dev.zip" @@ -36,7 +36,7 @@ if (-not (Test-Path $powersploitRepoPath)) { } # Download and unzip a copy of Atomic Red Team -Write-Host "Downloading Atomic Red Team..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Atomic Red Team..." # GitHub requires TLS 1.2 as of 2/27 [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 $atomicRedTeamDownloadUrl = "https://github.com/redcanaryco/atomic-red-team/archive/master.zip" @@ -48,4 +48,4 @@ if (-not (Test-Path $atomicRedTeamRepoPath)) { Write-Host "Atomic Red Team was already installed. Moving On." } -Write-Host "Red Team tooling installation complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Red Team tooling installation complete!" diff --git a/Vagrant/scripts/install-splunkuf.ps1 b/Vagrant/scripts/install-splunkuf.ps1 index ea291e4..6c0cbe5 100755 --- a/Vagrant/scripts/install-splunkuf.ps1 +++ b/Vagrant/scripts/install-splunkuf.ps1 @@ -4,7 +4,7 @@ If (-not (Test-Path "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe")) Write-Host "Downloading Splunk Universal Forwarder" $msiFile = $env:Temp + "\splunkforwarder-7.1.0-2e75b3406c5b-x64-release.msi" - Write-Host "Installing & Starting Splunk" + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing & Starting Splunk" (New-Object System.Net.WebClient).DownloadFile('https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=windows&version=7.1.0&product=universalforwarder&filename=splunkforwarder-7.1.0-2e75b3406c5b-x64-release.msi&wget=true', $msiFile) Start-Process -FilePath "c:\windows\system32\msiexec.exe" -ArgumentList '/i', "$msiFile", 'RECEIVING_INDEXER="192.168.38.105:9997" WINEVENTLOG_SEC_ENABLE=1 WINEVENTLOG_SYS_ENABLE=1 WINEVENTLOG_APP_ENABLE=1 AGREETOLICENSE=Yes SERVICESTARTTYPE=1 LAUNCHSPLUNK=1 SPLUNKPASSWORD=changeme /quiet' -Wait } Else { @@ -14,4 +14,4 @@ If ((Get-Service -name splunkforwarder).Status -ne "Running") { throw "Splunk forwarder service not running" } -Write-Host "Splunk installation complete!" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Splunk installation complete!" diff --git a/Vagrant/scripts/install-sysinternals.ps1 b/Vagrant/scripts/install-sysinternals.ps1 index 6d9df52..0ffa5de 100755 --- a/Vagrant/scripts/install-sysinternals.ps1 +++ b/Vagrant/scripts/install-sysinternals.ps1 @@ -1,5 +1,6 @@ # Purpose: Installs a handful of SysInternals tools on the host into c:\Tools\Sysinternals +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing SysInternals Tooling..." $sysinternalsDir = "C:\Tools\Sysinternals" $sysmonDir = "C:\ProgramData\Sysmon" If(!(test-path $sysinternalsDir)) { @@ -27,31 +28,31 @@ $sysmonConfigPath = "$sysmonDir\sysmonConfig.xml" # Microsoft likes TLSv1.2 as well [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 -Write-Host "Downloading Autoruns64.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Autoruns64.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Autoruns64.exe', $autorunsPath) -Write-Host "Downloading Procmon.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Procmon.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Procmon.exe', $procmonPath) -Write-Host "Downloading PsExec64.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading PsExec64.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/PsExec64.exe', $psexecPath) -Write-Host "Downloading procexp64.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading procexp64.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/procexp64.exe', $procexpPath) -Write-Host "Downloading Sysmon64.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Sysmon64.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Sysmon64.exe', $sysmonPath) -Write-Host "Downloading Tcpview.exe..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Tcpview.exe..." (New-Object System.Net.WebClient).DownloadFile('https://live.sysinternals.com/Tcpview.exe', $tcpviewPath) Copy-Item $sysmonPath $sysmonDir # Download Olaf Hartongs Sysmon config -Write-Host "Downloading Olaf Hartong's Sysmon config..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Downloading Olaf Hartong's Sysmon config..." (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/olafhartong/sysmon-modular/master/sysmonconfig.xml', "$sysmonConfigPath") # Alternative: Download SwiftOnSecurity's Sysmon config # Write-Host "Downloading SwiftOnSecurity's Sysmon config..." # (New-Object System.Net.WebClient).DownloadFile('https://raw.githubusercontent.com/SwiftOnSecurity/sysmon-config/master/sysmonconfig-export.xml', "$sysmonConfigPath") # Start Sysmon -Write-Host "Starting Sysmon..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting Sysmon..." Start-Process -FilePath "$sysmonDir\Sysmon64.exe" -ArgumentList "-accepteula -i $sysmonConfigPath" -Write-Host "Verifying that the Sysmon service is running..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Verifying that the Sysmon service is running..." Start-Sleep 5 # Give the service time to start If ((Get-Service -name Sysmon64).Status -ne "Running") { diff --git a/Vagrant/scripts/install-utilities.ps1 b/Vagrant/scripts/install-utilities.ps1 index c185d48..fd24a52 100755 --- a/Vagrant/scripts/install-utilities.ps1 +++ b/Vagrant/scripts/install-utilities.ps1 @@ -7,7 +7,7 @@ If (-not (Test-Path "C:\ProgramData\chocolatey")) { Write-Host "Chocolatey is already installed." } -Write-Host "Installing utilities..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing utilities..." If ($(hostname) -eq "win10") { # Because the Windows10 start menu sucks choco install -y --limit-output --no-progress classic-shell -installArgs ADDLOCAL=ClassicStartMenu diff --git a/Vagrant/scripts/install-wefsubscriptions.ps1 b/Vagrant/scripts/install-wefsubscriptions.ps1 index 45f6251..7d74e2f 100644 --- a/Vagrant/scripts/install-wefsubscriptions.ps1 +++ b/Vagrant/scripts/install-wefsubscriptions.ps1 @@ -1,31 +1,31 @@ # Purpose: Imports the custom Windows Event Channel and XML subscriptions on the WEF host # Note: This only needs to be installed on the WEF server -Write-Host "Installing WEF Subscriptions..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing WEF Subscriptions..." -Write-Host "Copying Custom Event Channels DLL..." +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Copying Custom Event Channels DLL..." if (-not (Test-Path "$env:windir\system32\CustomEventChannels.dll")) { Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.dll "$env:windir\system32" Copy-Item c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\windows-event-channels\CustomEventChannels.man "$env:windir\system32" - Write-Host "Installing Custom Event Channels Manifest..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing Custom Event Channels Manifest..." wevtutil im "c:\windows\system32\CustomEventChannels.man" Write-Host "Resizing Channels to 4GB..." $xml = wevtutil el | select-string -pattern "WEC" foreach ($subscription in $xml) { wevtutil sl $subscription /ms:4294967296 } - Write-Host "Starting the Windows Event Collector Service..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Starting the Windows Event Collector Service..." net start wecsvc - Write-Host "Creating custom event subscriptions..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Creating custom event subscriptions..." cd c:\Users\vagrant\AppData\Local\Temp\windows-event-forwarding-master\wef-subscriptions cmd /c "for /r %i in (*.xml) do wecutil cs %i" - Write-Host "Enabling custom event subscriptions..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Enabling custom event subscriptions..." cmd /c "for /r %i in (*.xml) do wecutil ss %~ni /e:true" - Write-Host "Enabling WecUtil Quick Config..." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Enabling WecUtil Quick Config..." wecutil qc /q:true } else diff --git a/Vagrant/scripts/install-windows_ta.ps1 b/Vagrant/scripts/install-windows_ta.ps1 index fead3ea..bcf5d3f 100755 --- a/Vagrant/scripts/install-windows_ta.ps1 +++ b/Vagrant/scripts/install-windows_ta.ps1 @@ -1,7 +1,7 @@ # Purpose: Installs the Windows Splunk Technial Add-On # Note: This only needs to be installed on the WEF server -Write-Host "Installing the Windows TA for Splunk" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing the Windows TA for Splunk" If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { Write-Host "Windows TA is already installed. Moving on." @@ -11,7 +11,7 @@ If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_wind # Install Windows TA (this only needs to be done on the WEF server) $windowstaPath = "C:\vagrant\resources\splunk_forwarder\splunk-add-on-for-microsoft-windows_500.tgz" $inputsPath = "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\local\inputs.conf" -Write-Host "Installing the Windows TA" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing the Windows TA" Start-Process -FilePath "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe" -ArgumentList "install app $windowstaPath -auth admin:changeme" -NoNewWindow # Create local directory @@ -19,10 +19,10 @@ New-Item -ItemType Directory -Force -Path "C:\Program Files\SplunkUniversalForwa Copy-Item c:\vagrant\resources\splunk_forwarder\wef_inputs.conf $inputsPath # Add a check here to make sure the TA was installed correctly -Write-Host "Sleeping for 15 seconds" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Sleeping for 15 seconds" start-sleep -s 15 If (test-path "C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_windows\default") { - Write-Host "Windows TA installed successfully." + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Windows TA installed successfully." } Else { Write-Host "Something went wrong during installation." exit 1 diff --git a/Vagrant/scripts/join-domain.ps1 b/Vagrant/scripts/join-domain.ps1 index 304ace3..70579e4 100755 --- a/Vagrant/scripts/join-domain.ps1 +++ b/Vagrant/scripts/join-domain.ps1 @@ -1,14 +1,14 @@ # Purpose: Joins a Windows host to the windomain.local domain which was created with "create-domain.ps1". # Source: https://github.com/StefanScherer/adfs2 -Write-Host 'Join the domain' +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Joining the domain..." -Write-Host "First, set DNS to DC to join the domain" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) First, set DNS to DC to join the domain..." $newDNSServers = "192.168.38.102" $adapters = Get-WmiObject Win32_NetworkAdapterConfiguration | Where-Object {$_.IPAddress -match "192.168.38."} $adapters | ForEach-Object {$_.SetDNSServerSearchOrder($newDNSServers)} -Write-Host "Now join the domain" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Now join the domain..." $hostname = $(hostname) $user = "windomain.local\vagrant" $pass = ConvertTo-SecureString "vagrant" -AsPlainText -Force diff --git a/Vagrant/scripts/provision.ps1 b/Vagrant/scripts/provision.ps1 index d27b93d..f5cb1c6 100644 --- a/Vagrant/scripts/provision.ps1 +++ b/Vagrant/scripts/provision.ps1 @@ -4,21 +4,21 @@ $box = Get-ItemProperty -Path HKLM:SYSTEM\CurrentControlSet\Control\ComputerName\ComputerName -Name "ComputerName" $box = $box.ComputerName.ToString().ToLower() -Write-Host "Setting timezone to UTC" +Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Setting timezone to UTC..." c:\windows\system32\tzutil.exe /s "UTC" if ($env:COMPUTERNAME -imatch 'vagrant') { - Write-Host 'Hostname is still the original one, skip provisioning for reboot' + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Hostname is still the original one, skip provisioning for reboot..." - Write-Host 'Installing bginfo...' + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Installing bginfo..." . c:\vagrant\scripts\install-bginfo.ps1 Write-Host -fore red 'Hint: vagrant reload' $box '--provision' } elseif ((gwmi win32_computersystem).partofdomain -eq $false) { - Write-Host -fore red "Current domain is set to 'workgroup'. Time to join the domain!" + Write-Host -fore red "$('[{0:HH:mm}]' -f (Get-Date)) Current domain is set to 'workgroup'. Time to join the domain!" if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) { Write-Host 'Install bginfo' @@ -39,12 +39,12 @@ if ($env:COMPUTERNAME -imatch 'vagrant') { } else { - Write-Host -fore green "I am domain joined!" + Write-Host -fore green "$('[{0:HH:mm}]' -f (Get-Date)) I am domain joined!" if (!(Test-Path 'c:\Program Files\sysinternals\bginfo.exe')) { Write-Host 'Install bginfo' . c:\vagrant\scripts\install-bginfo.ps1 } - Write-Host 'Provisioning after joining domain...' + Write-Host "$('[{0:HH:mm}]' -f (Get-Date)) Provisioning after joining domain..." } diff --git a/img/DetectionLab.png b/img/DetectionLab.png new file mode 100644 index 0000000000000000000000000000000000000000..10fb7afa34a1d5007d2701bf17eb982a226b86f7 GIT binary patch literal 106161 zcmeFYbz4;JyFW}b^w1qcN_PqfLw87bcY`pbbVzq2CDJ9`C7nu2haiG<=Wp=-?!E7Q zJa6FnV|y$QhBa$l*Lj`sIg=<=Wf=@q5>yx%7z{aCNp%<)crF+iI12z0^v-B1o;wT- zx}2?qgsPl`1eL0rvz4ubB@B#gRH`4!3PdV{}>Q zalsJ9fG0(|aL*plIa=Ofx2sj0%Nb;eM#nH(e%REkl_#G6{@G#ZIqgCCs|)&T0UK&v zjo^B##b*6h?xNHTB-f9$+TfGEbL6=-G)RhIN&L6?lbXGRbw3WL-K>5ntQ(y?kQ! z`25K_4oYkPLydx@T-om&PP;?_Is!At$jq~q0h>k)tGCo!1DMOhcqpR}j#O8K^3)P@ z4~rKpx{|?zMrrJn)r9)gIPT`WEp4hPc%L?xCicqC_=8)dUYRmrodbR*n}^$D1N!^s z8qLYUa`h!fl?r-9S^1~_j1$odi`yEeM#bvRh;?Nhuhh1qk@5Qw%XWv%KZTvj{T4nQ zCtC}Jyc30RM#7Q-k#xjhW#}_d+yYxVYg)0M)Tbn2C=!Aks1VplCTeBM?WEyqqVf?Q zU=xAEG7n(QFJM)K%a76xzbnv&)h7tbgxz}0BhSTohC{mXnb=2U8}Lp@XCt4nbFthf zLL>yQRme&0%y>w?a+6k*}O_UHv*XJv7BR}wdeR2o5EQ2=g1{F4JpfoMl4G8-HTR6 z+Yq_4S8zaSqI?~l+cRk%QD@cD7iY@4NOu^C6JJ@lu2Eqlpcl;a(O{V7Nk%x2zN9|c zZ2@V)Xd(W0E7-K|>=7Wq{ppM4mV+878e{zdOrYII`8xdP(eGX4z_Ztd0ZN@_{t6&W$4K@Q2kqzQs$j&`f!Bn)NaU4MN0k}G;9Bi)vLKJXcA`vaDoCH^bgJkfl zgw|nxS;TshGU+C&%i*bE&<=td#lEBy4OXJj4&52-S5*?bz^nq#Ujnm)mPIo*I6@c` z(rD8-4S0reS_SWZIW?e&1Q|)z6dC^F_JD!UAQ&8A;UpX<+%|F55lRaislC+^)QXxj zjn!d(_*i3Rs6%;0!LWs%6V~2?PZq|o?biYGF`m7@;xre68-UvV;myGP=@f!cZ_0+^ z34;qtGRjh@ZYUR+&h+&r)h3T$mJh%=Qj$8^M&%+%#hipQLLj0grX{f@0+O>RcSw(! zAWLhW#Lbw1C$p7^DrZ@YQM_7gUd&uf@$Gdz!BX&{avas?WV)TNJMw32XKH8oXSion zQt4(2r=JJZ5K@*>@KYR9v_>uEu`CnHWg0&tsVA2T&PvTP+0k6`TvA-7rlqB&rhS~J zWv!bBS20y}>g_d9*mZv1|DIz*_Cq5pxGAS8#52b;`|5-8=j9oRU;7u}J2xMZN7_f& z$6P)M-%37h{rpa`cIkGx`wv&{PcM5d+bz1tgUrZi|%rWdQ??)VQG zA!Ney-sAR{f6;M9VTp1HN{PE-bCwYoIR`g?G*5DtBgbpodFx3YEY2xTWBY*Fj)h=T zYzt76j=k&nmRA}mdScXEvrf70j#Y`Zhy_1QpJka9x$3Ygsfs}VPhFd{QsY(QWWAC7 zs@1BqxheOIRkc#c1iAi)s+y`{&(1%(%gvrwo@JivOT5b>jr{d{KhhWZ7uVhMUn9K6 z6POh=aHkcz6WSGW@;Gz>=XT^sD)TC*=c-vdTi2aS?@e-sat4^wn*SbL@hE7mHT+;e zVn7jR85c|34skeN+}m~-{1mUxdvw?`Rc%!5UA=5@+_vAYPYUf(RRQ@ z$PxBtT~E>1?Xb^ZK2N(R@3FFnFG$uLcl_uO^}dIUb&z)Y`aAe>`Pun9-I3f3-m{&H z?8%&;nG)ULfGf|v~ZTmkhfY~?YEAGmWK!jp1Gm~7z5NNiic2~P~34R>A7&MX^-Un zlJT+{sP~=fCF-eLS)~{(?d1JOmuG8d=gJI|hm`X8Z_TpgvIMH=a#Qk>xFwGfv?fN+|Ap_%$EnSl zy*Id_fO%A(u%N!VJ_g+&-HI=HR>)R0BS-j%(M(eQW^pZg57Z1y*6x$bD=jPJtrFg4 z-o9rex5T#*w0B7cBW0Pp+|kya^0}WZzg5FM2fssnthZV66r}!0@65;(NP4A!iu|?t zLxhyL6tC2=)u-_v#+BMEj9om-wpZVlROG4U19C#9Hm7W}?FGGNRwB+9&zr_&cC9C! z^-VhSJ;bN_hQnSHsuBKVyL(r6ur(KL{66_k$-Yc?zwg_TGflVStM6>dsjClc8|@Pc zCv;nMe-uR0oOJG54O9aP`Wg%Cx3;;S>e1HQ{f#dlr_U;X{$cLWcF>bEVAS=muRJp1c2)YWH~-_Tv1VaH$E)kx7q@et-#%aOs>?IV(=hl*wVZBrSj)SNaP_`? zo^SB9{j(e!9IMS2=3uwt(9~*n9zi+qX5|M?>!-5G>S{M;SNoayp=I@^+{c;gp}Rly z%gjyhe}I-|8o5pP%6vZF-5Hj&Yw_e`d)QJJ z$(!53u3!F+_x{)X6tyC%z6q|i9VoV0tF!AYc1Lz{_WQy-o2vTuVh6p(gHQF_wLdqr zXu@T*$Uaf9iU@gB?kx7W?w@wyE-|z%TQ#hT2;S~AzD-tc{1_+df225&nQXme9iNLP z>~+)ed@Did$IfGX(Y5F?a`3I!xHCXx@o06;V`Ke|e?MKgI7>PY9ls4Y_NMpeThzXaSfgy5 zBG03|;og~2cucp9lTS7DVbL*pn9%~$U&G{o?(LL7hM8sj?VcwOyj;=< z>v`Yz`%Auj2kas?oES7zFx#N8#3gG2e%~-`)l@-+EsYo&o{khA>o=T`3Spq=YcD9! zwt`8}gT0|8B_UZ6;JL6RRlMSZ8A6-gQ}_hjT-rcpplcIegMe=2pD>yv1M)TJ3c=9a z0>wpE7n)oU(7pVJl~boZfq{X|wbjt^&{0wpGIw@lGqrFwvt)xfxHoYA{Y`}0#>2x!h@IWb%Zts6o6XtHnw?WnP>`L2i=B&$75W6LySI~vDTLL@ zo#vlK{%ajcOLucOTNe*oXD6zcbxqBj-+72oQ@?EV-~axh(-LC)KRY?O|L0iH1G2w- z!_LXZ!T#TCLthnsxhte<3$b+2k+gNRbaIF8Au7NrApH0F|Iau7v*W+s)cv0~`8c`$ z{pP>E`Olle>@NrS*Ma`w*5A8Oc8Q`2v;Q~iMNttrKnGB1kl9MAXh46$y@&=XIB3oY z^Xi|UFQ3~wNM;29Ffd{;a+2a25ZJ>`6qlSm@4ed%8y=F_`!2cQYyUu6h#akyTrrD6 zn&VQ`(4>Rq=u+9pcrjBZME&hjZtjoV;-;qhYz_L%;;YgRxXW@5OZ5&>ZF2G*Sb^6{ za0CA9{%|%X&r`^L8fXZBz?QrFyJz|dCqMtr>)?ijFSJ zDf)$qR|<7SZY$=Kmz9>ut<}q7k#10zqZR`<|^P!Fij@CAN^q>589;;XU?0%A7s(HOh;E$GXC%R#UU-6yC1jL`*lf0*tfg z5dK-43RVFJ>g9HtT)(||ISzgVI3OpJ$t2jq;NW)}y|Gvp60+qxyZR3G9Cl+?H4yHb z3ih|4a}}(Eoz-2f{j*y-O6oEqicHp}%=*t9DrsWVH7a>>GU zd}fdF**nC7S_H}hGXxV-*_gT2EgAbJ>R9 z`$4BvQQg&3G{=06!@iEWZpcwL_6f+zrTAZ6&Z)Jn%%w*=0GZM?DmWl5X^rs>PuN>- zlIs> zgKc_t?&>#8?3s}4-Qm!5DGGe9--#pHU#7Xf)0m?YCs(9-dx|YufMtJD?Kt4}O*Bc& zI*g6pe9IYMIM4e}e4+@IF+IxKOZ*V1gyNB(;)d2YOmTTJ^6AJ(Fm`zlK(h>hO$;41 zEs2~7VE@f{Dt_W1*|Ojlnih*nT%|>D-tuN*deO@$DBp)}iO!e%yQRHP7E3?bS#mO+ zW1654->Mc{^vhm_c`#v$vmfCQpyD=>f&0A=5GT4o3UR~l`}uuP>vml&(E&b=fyQqf zaGYhb3Gq=J9(T6Uz0t0yRKxysEgIVBeWFe7X7f}^rEL_bZG(Si{S604b(3Y#rkwc6 zNR<9>6cuR%J0~yDp_#i`yrpD-tM1L1{C)V5N(+X z!{OsG(MyYPom1)&JUxcz_pV3}?xw{FXKoEhGRnUjgWZ{Om>fy7Alv@0Xo^k@)PMdr zvU8BkpP)>z3r(1#NjWr=Y3_&}avctl8zf0?q$ZLK-iOV!SwbV$->>>cx08dM*kf|i`Iaxa7G(-m#LsYQSW^?47P zJGN2Adk2TaF(8L{iVmAJj{hOv7F`ais9mqbSYP*>hdM?(9?2uMSG2^#sY|hL6V3#? zWAizRt_5wn)brN6H=*6>@p6BOK2(7Qj8DGf_(@Pq$q|FkQp}Tj8e@&j@cs4u8>U(j z{^)FbA+;5~Ij6)}9^cevU1JMSFKydpm;_?Qw`(~Tx56?ab3^=3;4F3ljZ~w$MD{*F z7k3b&0%{Z=A@TC=y}KrJjAm#FW~4y32d-#Cm< zd&b{G^F3BL1Ezz!?xeF6SvvOG8lUrn%6hww=Geu(HP@_fG5(|hkX3g$l~Ku)w3XXe zZL{*#h!lt$H^YzhWqBQ_`-ws1k9`YO(nvPAtYdX7*tZMI3|`pMo^YlXdz}HUy)=no z0n8-QCFXo^gR~@N1(v%Hea9FxNSsBRR#l}g1jw9U80d8KWLlO`H3XT1K9?YDg>PDI z&fa9asLr7TRIH-DBdIU0A~Ntpk~q;`z)lB`cjuYu+iWsN+w}N*;d=O65L+an(#}V; zQ=B-AEUH4N_Uze-@<|NyL<}My&(Z-p7C>fQ!Qol#yL<8!eG@oTZe-~E+=-`u(ZWF- zx(UJZu++;Yv0{MWEjR0C4RD9SpI>0QdhvZQZ#^u;dR#bTDLheWKrt*)6AWG7xqkY# zBHtCUEwwC8Q_~Hd<^24t#uaqTvc&Ly|K)?iwogpG5KJ?Su;jm2f0#thD@HC|+ z3Xy6f`V=r={4#LdI1=UrgaGWsJw^1l= zwA_YGmR9+hCHiS4C9*!j<`4R}{Qp=M!i!~XOl;1+D3A;lg1JzBr!iRK7vguiZX27_ zx3a&F#het0!NXe#Xyznq(RDuWjBYkSKQa=jBcjiKR?vlQNz2YVgj<`aKDD+f$3cBQ zjn6tQ^@4R>crQUT*}xwP$qAgu^bo@)#VSg)@~B8l3={a4UJp4HSZ*qI1EYo&`pg<3 z!K8h3guzzi@_f$X@4h$!`7$piL(R9%Usj5gg*pQ4R@NLmsMK=-=)ERR*T}_)AdBWU z-yH|*_#AOrU9=94PbbO(ri$zq6yx6)e{eQ9)L)jDs=@Bd6olO+n(Bt{Jo}g0HIaj? z?WZ-qz)bLd!O5+MJQa;tO>RSF4ZY+8!Qp$bFYFwLhrM*Lp{p<0OyIeF0MHyHHj`%U z*f@9NfjpQoi~?`jK0UCE1sggaOxH(cWCUJc!NU|x4c5t9@Bxw$mnnVs@D-~Gcp7Oid)JBM} z{7!672{Xv-1ajX4owU*tnWPvQ)l+f?T)sqYoD#jTgM|YYH4_nOvW5n_10^gz-4D3{ z7>abQ8soUehOv7an_Ewnk0}xzv;{bs#A$eCaDyxO?_?KS?J`>@%Z`-ZXQIAkzq;ab zT9?XLO6(K%7G+ncpNW=c&JiT2gIm_H-#C9c3Dhj`xIEWQtK$)5P1aCK1zJ&N)R(@| zr#j|-3wP@$Z$UJDu*2yl`8t^TSFg98wcE0akR( z%+L*~#a1@88{0hw?1!r{m&3S3&)QjhUnRr0Lubv-O7p31Xv+-8w4%nc(@jzso%XeQ z<7PA8Dhkmpd6BJrCYE`PA250+l9&*jj^psn2 zFDv2mGT9)xv|}ExSmD77#F)Y8Z90&5@SFk#Q3Q-P!<&?z|i#&WxryR)3W0~O z%EYRNKpNXZkte0ay1U*GWaOW#Kj?1}z`F#(`mQ&apKLGt0Hb#Gra7z|Wt_+GM0 z+?~cl^jngF&Cv#p5m`l!EL*M>2d-dYLq_X}FXO6&nSNQ&VXlR>e`&}>;EAck#$YAAzn__{S5fYVcb9fI1)?@0j4Ubh);khOTcIL%E~t-D z$YweLGMxL~s>0Uvs%tDWNf2qUmAlxoC3HFQ!Fvh|)(eE=8p1xCU1%D4GtngJ`TH2S8B?XJ-grd8%V)1ydenEJsWJQLM}A3ULo zq!0qCLq>K+wLFQpLscg@czx4(Q)(Eekk&?t$)*N5=Cee-8AT05O|sphU$KIddk6&k zUu343I44E0t~QvQ)+1bm(We&ja#%(b6+^Gl_SRWMOrjfv1O7&-ECMf(Ei=hZ3+12# z9M+w``rHq;JrmjH-UO!*74pWn%pg*C= zR!L7Iv-E0;g_jiWoZAx{nY0Ma`58PyXr*~SLJ*=Gd35Un*O0Kfg=wJZkHK(3U{ zy6vHoKgTPDM3tn{J{@3XitI+De+6x@ZhO9ssKWzCHEQM*f} zVolP?6En4SaLuy&!t01Ni@K~$feG9b1^bcpW@x2NRF1TKPoHr#@MAKfxz#?K@o zeq@A`HAT%xHz~f(R4x5Su*q;bi=iZ~v)v_+>()v~=$i z_P_9avSAm%+Bf(ESnq*2c*2m|>4p{c=vtcdNxCi*&78kTM~~n zn%&t{E!&B2z6dVGJ}RUuwfrn(@#J)p`z^QgkB0`L66Ya6@urC?U;7Jhlt}0@>yDmZ z;BGV}mBzl0iP(HUm15v&1>B(1V2x8=rh7p&+9svrS|+MFKP9ylP2aF*A=A9x3WNSQ z%#pb4Mrxc>8CWe`U*uIZM$mRp(3{ZCIPQjV8&{_>;kqSgXHy|Rc zmUu#WMl@}F7V8sD-%CQI69>)lem2G6LUX)~NU=A4pPe>G9}xi=q%F?kk?L<^*2HPw zW^12Nl0M-22ZqJ(x6S^-FsoWHy-A~Sea7c8@I#TVK_!}~sV$tT$omA_!hjSZ;fAX@ zu_h6@Ayew+i3N>xB{ON51{j5T7S|CDO|#NQ!}FI?QrYm$gXvL*1YZ<}N)MVzNghnP zuf7enmZF z@ZlcFam>RrRs#&i>skLQo8(ENRrMJ29Kv{{VWFjdxX7^IGa}+`JV=k3jo1Kw-v3rXLhDtEK;0-vj`D% zBF=+@r+c5syJNqcQ?lSy)&s2*l73dl4f zs%j~jTL=bn3jX3f^XF+;$^OVJ2w+rb@-8#FthAN;69CyF=@7joqicL_s?$W8@g0n1 zXdGyW8>)=yKD>?(UoC6qB&TS0kjbeGW2h#Z;PC=4))ECiUS%^w{ZmE;)S3niASqCR z!J+Wbq?8hGN=ctfh9>0p;@|qp?i$BUQ#L`HQy?y z^L$eHiFKpnwEX5PY6#HPSSDj>@(`U-NgQD2^I?a+6>>DbPdtPL&8>7^>bKEyAJ>)O zXiwA!JkHIL)gPp?KlDA|?ekM#RiZvO7kY*l+XF z9Yd2WPs{JpC)3NGY)+AX^4y_nHhPT~z2ug!Lb3Le2owU7k^1x8rtx@5k`_a$iB6$) zibRFW+%3N%A~8E~aEpu6*LZLSD$PfR7w;Vjt&if?>Gww^LW_eCz;U!zLEFL--5ijE zoTIPdy)=&o&G%Jk{IFcROT`r58ONky%+8oFw{M#iTkMD&8cR%p?{7Ugu3bryo{(sa z50*6(t1bfeEMF>}9pnX!1bt@4?b9K(`(2yuHK;SY_=YLw5-t$eXxyRFTdH1ve#e4D z^C*p@n~4nnrLy#|!rN=?lm60K)qFk!&hBuI{OuOQ{&k6AuUCPap9b5#!}T!#T@#w2Z)N?RS9=h#<#cvdPUnAbo9hnRi%>|127 z!{n_oZ0dF4;EnGwm+H21argpW3k)H-+7CF7#;(tL=4ek@ei}i_vG#@-M5;>R3;j(5 zO?aV#(^}@7OovuZ#cFWuaeM)Chu4YsZiSze)*S7Ula0Eeh4$#(p2Z)vWXlp?2xYmz z@6V`o=4l?R^RUqF z^n>ra-hWy=69_z^$lG=TJH$D4kC<_>OVs#n`{@R8Z%{S)KsDdBc@@4iSzrg=bY zKCG}U1?Nfns$o0ZezEiS{`y7z78Msws zYLN=$^ya8kH|?mvF6(!awrGJ}3aWSx(b-EXmh_hEAEq)oOG>sxsgC^2nYq6B9Cr7a zbS;wvV%acahd=qX$guNU6d0E+Cy-cxa*nqkDArS$GPUl*zEfmd03a(D!2UW?^^0a{ zOfv!^y*!nT0nqcW#DF7Eny9_K1o&T&Kr&&3>aOde=;03yQOq$P-JDm-n$i6mS{D4(>+Le$>ih z?|u8Q9K|YTOTk-v4lAPuRm$f|c;ia0BYx)-270xVl=WbQ* zRfM-Cr5Q8fSqm;tU7;(Potc351A-NMj-q`NTtrVqu6ryDl5jK7rYL=u*GGGXAVKq8EIj8MrT^Mzi zQ9PJcxUxOVXnglA;Go>&aBIy`)({|N)fMSf`C0Kdzz=u{@UgT5m{26?g5rW;TffaS zexzafJaUjq53#&6y(v3}eXgr>WQ!s37aFfv(ge`?;zm8x^xV7#z$Qlz1R(b%MgQd8%u;>rG<1PEHiA9F9f~J zMXiR}?)7vSf=+++yEfy+=8{FbvtJM?His`XM)R6Vjs!oS&C_#ixl}%lBh7e&4_xZt zcS$n12IHgzWOv%ZKNP>L+XG5Bk(pY2{e@P9@}1|p(!UUkYPNiBTO1S^&>DaKzzrdt zDzddlPug~O31FbwQC#Kr#N{dRl15abWRr!|#i9rd8OvCHA%CT=7V7R#+!3<`6!?cI zq8Fk0Uc_i_! zX_UBdg|o5^P3&!HKH$*iLkOux)85IZGU-A(9^?Oj789O^_^PTh7209x@vAb_m0WI{ z-R43#t@bv#dyE~pf$8wi2z4j8qzLw_YIa_=>yB z%T6Z?oe$V%UkKr>82X0iH%2|g>_dsZ*d z!Pyhl;wfgVj+2gMTw* zG&v|;AlvhH*`5*vl8ykuxo`9f%R)QKZ~7cJ$~dyb`WC;`b6S%)w>f4F*A#H;@d*-Y z=PeYM4DWW36;bPAG9|l8vIo)cMCM9Cek$cWU%Ngv7u{A+4t6~uT|6}Ra|BH3L_Z`$m5IeZ9$?`AB$TD+)Z2+`?@mn_*$SKZPL%D!VOC*t z=yo%NzXWw{ups1BBg2IHP7>89&@_Dh;Ej3Sv(WibfhlnxxE@>R)>$6S(pfyO z_%(TwMdcKQnPb5eX#gd(ICuz+tH<*|Z-St?d`u7UNFQkANodOVLuQwUDT7>!t=9^| zY0#2nZ?Wx ztA^n9ni+tni;L1XE>aXm$Mh$i6k zxEBK_G7I=B`a4yS4LvkWn`obEOzsiJ=Ez1dl01%$euXfNDpBplvZDA^k(Si02*i_x z1*F*rn$QjVG6uN_0@%l;A*K!B%++vIg^6die$C@lSO;wmjwh7%h17V8?4;gB(E}^e z*P@=z5C)CeEgP06Rp&HY0hQZK0v~a#$!q&RJh~9nL!-&9ia#i6E_Rwq&wc?q`wV3YG^v3SbT`ECl1F)osX22W_49adPj4S=3P-O zw>o2O2U{ukZk&_k7E?Rg;K0EMe7eq_^4VPE_eohg;=7Q2lG+G z3`X`@g}IrI>QGtY7^hdg|6~P{0~e>a%7j5trMRPIvAJf-pRW@SLhUU>R&>t49_IvP zJ%13+dbg1dC(0ISah?-hydLEA6=wGa=-Y)5YhWycIZjF!rj8yT6P_sO@M^~qa_1^X z3*>!qp;i^GsyNUNgeZ|@BapipXjN3e$I#~U2^-0c5#1<)q>Ceva4dnFH)^*BVw$oZ zsQIMHQ@awvWI+lYqR{op+UXBe2!pl0EQq=9F_e;j;}k$!j0Mg>a8*Q9!0NDCZMod2 z^O^FwY-BPsne_ph?GcCf^mk&#G#pl^eZ1P*C0_2Z=AG2$#-I#8#v?=KggMf~imUyw+9G%=06W!sBH*ofSh`Uc@?3#ds9KRdCpN9|?s}AX zMN~W}X2K*1LD?#9&g=;;#6BLl|V~Z4UbZ*SDFQB)U{WbCsK1 zDBypmfi`nQl>P9bV8Vh@T35U&=X3cijNaN^VW0L|_5($DU2X*PMOJd5RgNvf)Y$>O zf4eQyZ@-7yYWBVa;g|rTn!=Pr1ppnh7|s_32^$y0AAWy|DG3TxY(C$TKwv1Yu1MEv zl?@(`#p9&AwdVWWMTuthD0IS#uOv9nf@=v3oo}+{T5`us1L6ZpTBm$!){8d7F<+%f zLiTyEkF)_NPB)!`9-s)c5EMkh^tRs)(N z&zB=|5-@p5d(AJxE0)7j2w>bZM?ju2p~biz3mP&GWtxA|BY8YYrYjQ4~guay|iDN~Gsx;iB z^iN;v^J8gGgL=QU32izpL;q{;=D~Y|iD%o7+Yv+#=Mt4SAT79)+Q1qgeG0Ljl_0`h zHc3U+m^rZOM4+l_$WoAH`H)miGkeOZ@C->xlbQj{HAyvJqzLLp7jm;S8FQ~_Rd9xG zY$0033R}NEwlrd_9t@~}K4<-Els z*Bs%E5puZ;%;}~8ZR+P=8Y(p!w{Yqo8m-K#nDls@>AqEbja@%D@qZgs)GD~DW6yfj zEY@=vGSi7c5&CC%TPL`K-teOjaI3CaYjjuD)G$_k!g~7sK9hVJKX}~ZU=3_T1oGEO zA2AayvVPR}7IN(slVC*aJp=X)k8UQ;)^h!wk*LLi4$3qCA=s0D8IX{>5+`z;7+w(g zKp%Vzp3M;}`{8B~rV zYQiTiHT5j1{rKlttXp9!_xxnC6Bcx1w`n6_NpY4$1`OQ2mIP8LhrQG|^PqzOyJe6Y zTBwqI@`N&HEf1WhGGg#80z$-k?<`3FZM_@ty{6 zVK?}-#^jS}4YTe}AcfR#$G)yf9&}Z2TSgoFmMX}zCxElAE5#6K`@2dji$%MKIhVSHl$ZrdX_qGlTaA* zLoloeWq(f6kr%LV7rVn(`kRpCfp*=(@@4^J;AUQoyGg^3rH65I(RnR2ard@QN>1ie zl=&QD$RE_vO=5p*W(L4L*=UO5i|N6&12i|AXmZYAz$0m57q*!W|0pBZi!vTl>?uQ) z(FCGqQi;(=)d@E>zKk((rmGJnAw)ggg}al)k)&oj-HBphsx&0=W9Y)M7|ydZ-p{eC z6&AT*&WgEV#iI8Q_cW)@f8MyklTA{ul%h~%(C=VhiY?kc4UD7z*sq$jC=EtjH%U?C zJ394bed{PXNI;xLZ?N#ox1cPhK>LPwPZs{_BIERWac!Ssa;&Gz{wN`!YxjL|e@MYC zW!OoVNQ9jSscDbB3TXv8M*D?C$3>yT6`}^;J@&w(65dy$-X}t$ZbS_7oW=8!(09%k z%`V8@VLylcy#?QpLKUhW#NA&yY~AQ0UvWsfCkL&o)V`!sY5d)>(10`x;f~6P;ws;d zqg*Ig%JR#5$x@{@BiD$6@=dT^X(keBrO$qZ>+#n*9Y9(QNW}~}sVCZX&RbWnd?&vz zRWrQ00>8j~?nIFnWc;h1PX!^QX(OSG~Y^^bH_t0djq0Wi{ z-L5L9Bp&yaymfKN0-yW_1|#A-lOYp#9=+D-#oLHhzFe8l0dGXPDgA9QiB*m}XaSp?{`aomzT1iMs=f1q?3<;f$Zpg4-#t`xm?UzkIVGWJ<#C zS7=0U{;x65_Lo#|OxcZ`*5obR56do8im3RFTwBQ&C2n*d-Xx4ERCFy(?yMhqNbv0d zOCL0oN{XJ;JyyY`Buq8))B^1d{}#A)eow@wp%%FJ7}^_+WtMe`ks@|G6{hzr5{Thl z+RjV_8t8%`Ssr9LXD0fFzD%^>uPE5tZUVH7AlU2QBj8iSaq;-qu5U<6cz?Tc3bWj( z;$wk$Hpwo_F-WDzf-`(!OkLa9C_5B<&^GG$!e>QhMMX()N?Jj%9Si8WB)k)`RdXYv zV{VrX9FnP%6$H}n)ycA)z|(%8iNYv03ckB=S9t%@7&i*{+I7c+pN1p8(?1C`WSO_A zBz!L28;^Zt8FVf{SS#(PL##(Um=oFk+jMJxnRHu@a}%L8;f9mW1E4ozUPuWpeFGgA zwJl+}YU+^!w%(X*_4_#Y$=;jqNRokxmV7j7i+6mcfm^tO|3F(CgyBphgJ zRQ45pBZ|34#;RaFmK3ajIDaTF6CXajFT}H>=w8x5)wA2-P}akWh19JXepIBze}IWD zOBVo7S>$kQ-0*Hx+C{048mzNTck*bsgG4S)p(y2ct{K@&J-SKZGJY23xEh@fhf2@H}i!-J8qFFmOys8mZ`wc zUon)GA%?T(Tgs6#4A&63pu}#VW>-U24q+bgR8K-8@>U20rAMC|=2%Ia!)6C=&Q?O@ zqQ5ovUP$<3T;mRSkruo$VBX85i0;S}JE0|7lK-8_b4lmG39z;bc(W3z&)A2>&Em24 zD`}YurZISxCg=5@8qqdaM=GMu0w^+Lu2fbFt}e~G0N7^hKw}Jknfp+IGQb-S1q<3V zk>rBqHEOios0*h*?KN4CbQ{&nm9J^iw=DHCa}l6r<(RG69KCxp$2Y7GEhfh!+UO+s zB$e0~A7u6S58|8zOxVs)FcWh)@VEM1hjP)%i zK^o9b5lPJIHyr}xj1RBa< zij_A#*+#*tOBk-r*ioyb(-*aX0&`TEuZi^^LbPd;B#soPQsxRB|IeNH4r@B;wHtHU~Cm1L5wIl6Jf!Gss&U z#mcN4Ge-ZJeE}{(-4C_zdx6(~=LiC;9Ckt*Xe56Nl-E2?HO3|(vxk&qW(zW^;BwHz z;d3x~@_0$#7w>??jl;(5LZzx?s)y_#CWQq;sk@7%39V5p3GF8~bC*6Fb0kU1RS8Hz zpWUWU$^*Y^^!tU$bdo?iaj8#`6{3H7uoveLJn z^!+0(zs^f!HU1<=m;u@oIG(qXaCCzTVP>c>8O;0t&XoSE%aB1I1Tu(qaym$Wgc4g8 zf0CoFo^_W*3i5$qR)bOwd14N?Pbhf$?P~{y_cMhb_Ukq=q76y?ulh;iWhjQ2Im*Xo z7V8kUq+ZWg@YCZD75SqFsoDvJI)EqzXcA>i)Y$wD-C6oX2ztB7`VIJ z_4r`~NXSgfx@n7JmIqoA{VZefWshfPfyKIN#4-(I`hQ%#1y>wx7c80=NP@e&3=kX! z5AN;+f(IBpxI4ie2DdI>)ky6Cr4 zmSfa=+keF(4l5RQx4dYZ9{xwkkiz9m)KYmz%;ikQm z^5DmPZ|8>EFUs9G^~8A+0t-i~Dt{z<*-I|gumt~7GN4gSOXob;H60I4fR)aBb~H+q zgU9)b_}LC$TBGF+c_}HEH_@i!IV)X?xL$8ALS^KU&FGyhfVCK$ zr3pL-fQLR#EW$vUIt+gES=XDXaJm+Td!=L6b!JvAD{s1N9~`8Ge^VBj8`vh?3(hb{ zW$j@<*vGFE8x27QG#%>d2F8J~$m(nB{7(i9bmRkkQrIq41CJ`lWzY2yvW6Nj)X;Rb8j5nO_LlyCIz$cG2% zCx&D6nrMZD46@fdG|)G@oaK&F>)D_F*i-#L1i;w5ADKN2;BG}E%aZRQV$((By9x|XucjXT?(SE`EMsM(fjZ`)?$aBMct1(mm|H59k)c;` zd8p*MxAXqtdCB)-Ef@I#s%@B*nzN2Z)r;)R88}Rk7!dPs@ovf4lC)3zOB{NFA)I^{ zo0C$ud>0*j)<#C|={YU`Fs5z9)x(yOf=iV`Dnv(U$74?)Ns-IO-F*4>wptC&ale)Q zPck9}UMt@nXsQ!e9zK~(H>4YZ8fd2AmU0|GZ!XZ2j^8m!4-HlH7{#j98UV?h#oX*W zZ^GNKBfL9pY|U`&eKh@hMEgAKb+3oN#bM5jb{~@^nYLaCGhofqWnz8``Z}*E1he;3 zRn&jwMEWz~r;&E4!)0Z&+wYKUj3gDW_yrVrxIna?Gy_=P`SrrxVWgG1kNP3O51 z8ufhPB}aKTe2GqgIgCUL5=yH6!^?YqSUA4aP##pa0ru#(&5Z!mk8nV2(qLDL1T3x# zO|U5{9&<@XXdiRLBqkr>OD$`0U(ZGycZQSl^(Kn5qD6_^Gu7ywSdNUaMDrrsVdk!& z`0MX)ouU{&xf>T|@GJTugI`hX7n@Y`JjqV^q1geaUwlpLvqaa{`^$L?e&@=ys`jZ{ z?Nj}KSpZbw>q(~?yiOB_RSVKooOk;V5rA*}utj;wGEg}UAscWWA_K(@9+i;eNJs!P z1(ZXUOlb(u;^%oQ6A0YxQ)iim3mTeb<&m#)o+-&a>EOIV?sdJ3eWJ-Z{38KZm8ulF zymr(o(UAn)6*rw^Px&ThzGZrbqBsLinnSvQhU^C@q#yXUP-GG1W~lI(Fd0L?{g~tv z5_>T#rQ%=gURVI`;C_Ht8=v1(=TKb%3r3GCMMX9aq5$` zcJn38lR%i>hBUl^5AQQ3pCjfH2TEE+rQ91Dd!&uG*DmVqVexquf6@Md>7&7ii#5!- zgD{J$CM@%!76lt1XH6KCNm}iE-GTmtQgj;D44iuAnlC$zyAx-)#SbbsZ6_J`i9xjM=Tq^rYeaw$?p$GVcCfUl-70i zK-$<%^ZL&g?d*XRE;qyLqN1-tjES~kk`Z6d5QJSv`*O~&xWR&Wp>Mi`mU}uo~E;k44;v z2&J#(rZ6{8ngA_`;^J$*2~6l>;t(PvEv0DJ+DEV}E9kY+CxOUEi9lNT9y<)P^(!KI zK6M&$ZnH;(7{kQ_X}pQkdvR#TBVDO9x)MCX(mNpV>Sc1F47f-#@EFX6V z6xNj#S1i|!O8>M8ADl?lUQO~rr^jR4@3>wu(Fm=U@^(w`c1uO={ZZi*Y_nA@nL+%R z*zTS&ojx}biuuZ;Iv=c;kJ`{Mgo(WoHtBB$csEU+YZ}^QrrIAH8e<%iR!w}9uR+3n zKGsM$IN0erHR#cG;q~$kkAYD&{$oK8-9Q8ok&j|qb(E4kZ|Og=)OX}wQ4=E>b6(ju zQlE{`jIHmUc1>~3`68dwn_8a=;Cc+NGF)O!3la5@^|4YHq7J z(rlAlNt^#n+g4zS>JKao`zSB{neu`yQ_Vkup?NkW+*dMaFQw%E7t$<*0qzolgvM5k zNt9`Qyx)Qg`pt{w^{Lvq&;RzNc54JV4PG2rZHdDF_3#ijf!6j_;lnk*-+q7-=Q=`HDjHI+A3CfUse<$5udc!79*;8}S$?;~<(Owoe)C6mu5R9n zz0coXr}nrP?^$x^YhPRlyVCWVg%D4mygvM_>sFVqQ6L66(E}TeA>f=wjMywEI*wa1 zl7rtP&cS~CN~g>D_ZcTN|4mf5w1_A(LyeM>jwl3fZ%tlI*5) zKnAeu!R3pa&(JvUj`#5car{4`auH&}vu{-O2-L$}ys{VI}viHOom=*ogBw6A`PUJUSVgZ`$rPDN_`ram# zvJ&TX2*v>P8JfHI`~pEuHlUK$Axw4-h6rkiOaw>!_cWb_&`^?P@c9CQ6$n}qCf%=X zBx*9P(N|k0NotcS*E5Cfh)+Ps&+S-p$&hYI$LU)IDe;X2pV zh*g@K2X7kZybVr?FUGat_0*U0lamt5g>NAuuG&aS)!8(i4et?DLoUjjCMO2z^*A-q z!1m`)Q*4$dPPjlE=S?;2a4i@mJJv|L=K5RQsR8pJf^%C(WsiGiv{`}iBR zJVTGd%vgrGEpm-Q;Wq_q)$G!&3?(V5$hE2EUJb6PtU~Vc$;gRV4s6^awDZbvt{c5* zjd1SW%?n4w!U8+B!$Owv!L3iGXrM3u)LZD0qkIcerZ%T^?cV z=1dr*7TSe@dZwYG_ZyZB5eFK1@#(@$oe2neu#rZQ>liq1=?xbrG4dDF*_=F`EnjV0 zU5LvoCz5H{lbvwBT8CBuEKu+Mq($Qo9XSi{?3#(6VmhxxoP9*V>yG7V8lH%;)^<$b zbDK3Rb?Ge`le~PEPQrgxwgP{bS(wx}%Eb`t_F&V;dW#VNA{ukAoJqtYJ+@P>f1BCR zVha?yMO>i5bhPVvDhQNHd^6S1PY8%Kmdl)%Q-7fAwc*q*|6+{YO`a_(cldT{p}j)~d^uInF0pL$Pb?(aOv^BcL&?xReH zsw!fPtHe-FUtQ@ez+@JdDEB7VH9|0Qf7zacfDjDGaVOiN1-V6O7cNf0_Mm4T4tQJDq2{MA<()5Bvyd-EQI7p*8RP96pbF+~Z8cYQ z-XMy-Vj1B3S1KgEdHJo#!YyWTBVrHCJ?nE#h$_nmbw^en&Ir95HS>^LKy#Ida>J>AEAA68E6 z(|JXQDPLTu9m)VT@BVT7?|@x_2++*#736d_^Kxw^c*LKFXsD2UyRPTSCXA7hr@LWk zP5u#4ac5E|iEHjjK`sj@7U~KPy9-<1s3T_;-;?pN@JG|z_u*+B`!PUzTF(n1VtJlm zeM0|TG@58;hv&M!o!luL@iaQ*^15V?KXN>i>E_pMVj;C)^y=nVO<5q!H_ls;!nXtH zkKSb+yM4ay<#fhPZfsZ|y)ncH9xd5ZUo{x!BO}lIg2`c{*7^KREjuZfO}POLjb=I$ zv??Uzw0X$l`PRqqaAxmMZRUB95Q^-Hgvow*^78~nva*PE<{%uyHc|tIPeZek3_n_s zSuzoGGRUp{Oa24L9;zvT_i76YzM@ksFzL-zb7L>kdl@y5Y6ufs^B~ZiB3DWJ2O9#& z2|JD0Mw1Qp@i^(JrHw!lSWZ2Wk(Lh==l#+42)rda1{l;_*pCh)|*T zfs;iULu{vb^GnI{c5@PBqVT`FKsEa&~!>dAS)etseIw_2%5<=JEMMlm!}1rsXZHnW=4ZVE^Czik29} z(Nr08!93PDBQN8E;?2k_cMMHJvkVjz6p#)BcBZ4$=Or1ocI_DU{RVjrj_9T6mJ;O; zYeApxNK2~lD0*B12bs+Hf|qpBcOtqi$wf53re{Z4dVH@knlF10Gzqb5VJN<*=f|xvWOBwtf&F+2aPy$zq2_qGFurzMr;i)lUH{L_<>ux?k0gou zBLo|0O?`xSP8G~&V0V(x_@HyS)p0aCAXEu0FD>A0 znB~BK4~M8-kBy_H6sG(&j?NdWQEZgH@}%)WS}B01`j$BixFL}NIIhY^$ds(>2WNP0 zMm)TKylU7M_$^L(GBkl@k%UBuMuQ^WfB~cR@!Eq$eBU%Y-}Lc%RGtb2MS39w8P#ua zu>SGd#q^ATU4sK_AOa_J^Vp3DP|k+$)FswjW%FX0f-uoCwM!Y>db9HFm*e`$e14D|nYQ2Tcf=zQcS&in7qM><a7Bj{3cz?-y<6GnE#Yeob!0E7C!w)_+x2fD$J>oSiVS! zHB4=apXdD;%V3NHNmg7JGicz7@Zk1Wq)sHjZvE2`+ZoRM-jvb{bSsyS+Gw5fNq>8(0rg^#)GSOtZs6({TQcK zS*~gJ#CXJ=Vj+UPh~_V8W%W@~K$*(Ts++Ijgn}4h0agM51zW^EZ(@6~egfm~ak=qm zgO>CoVz@R1ZTsPnGA4D`o6rWATUqTcf?{*oEtsD6Z5(9cIGgi4e@3{Q z9Hf2v=T=%c8tM@ok#>>&VLE*0f?fzHzp#@Z*C==uPOuxGW-!rW+5wbkt| zo`+XU7|APA95~6R(V@@BZQ$J`H@rrc(Ck^+$Lvrw_*`*HB>crc&$y~Q)13nHkE;y| zo4x#1rS|!;-DAnJCDQqlNZ3DiU7U(@Q1rnO@XZl+P5A4g$~g#0-HGDnVDS;U1@y+m z8IOvC170U=x2jLcG;K{IJV`dJ%#hTcXFH*TcLOOG~WE6Rjj@>?bu_vM)~~<^b8^ukLp?LBrC6rdq>V2M2FK{yiyQ z5?+@^5}L~tO*GWDK1YVWl7EDm(#Ly=AFi+8dmiOa>>R&%EvAK8gODyz)RjGpnw6-W zJ^sg{#)+F3y?gM&t|5Xo@l4xKsW?9ovT=c6ELaMYT?ts23&_lhm|Bqp($Upro;X>d zGvaSBS~2&Ji&(RqHnmm^dlcG|0yf@N#+m&pL?f>-PSPhoay6NDWt*#$Rz*_&5Gwh( zW6R4o2XMAd8*!v9r!Rj^`*PMJVk9bUG3EMQVZlkq*CYOqsnx?2FKz4K zhMA-xL%XMK39?me(fmK%Kf|y~+NpxHDPnp4NS=ls{QU9Zxu?E+aDd+!IO$EcEinR9 zm5`Pl#9Tko;w$Om%%#ei^qYGarznW4b@t`zdvL|Zj)~xAxls|`5b5F~?dyLi z8W0~W`468VlT)BqLQN(G(cZZNTatb>2|nHT(GTU;wr5Fij~4z6{x|ieb|};ekDXEd@C2|MLJC;LB}OfDvWYhcC>n<`Iz44y z@9*ANLQp-TDH|*ZUz7t&2xs3;Igqki7<=KxBIM-6Yl9)3y06T8-R+$p9iwT^pJQA+ z`fA%%SHf}<3rKi@`*uFrO_QCW&@9U$bkGg7M*;@K7men7!1(}Gb zIs_T-&D@8j-~sQ+{?c&z@xoGlBG(=}0cAp7`=+K}M*^>Ts7KLt4F#!WPmGs9Nk2rPY9bq+h~s^*nD5xwE&!6{l9W8eT-xI zQj=sa{{viC>)nJb)jtez^6>?)qa@sJ{)vi<;ytC;tuqTj6-)_BKNguxxgn$||W`t16a#>xPWZ*_@yuA0RvolM_h3M_0mTY8VS?A-?Ln z#jnkf?f)z)F4i^4$2qXuaI<95%9l?~6nziYifcApW*M5$7VWM`YQEMC2KP(F#Cy*C z{lt4Flw@*k$;iSSk6PiMHyOGPd-3JKa!ta~{-x-A4T1p>?%RlZz>i{VLN*XHp6)GT zu9>}c?C4Ie*^Ls5)9EF5i`UifBs>DhZzYodQ76;WdBu0AJp~{1mizrFzKm6^azBov z3VkOn|Bio`Ceh#tx(>^QGe^)qFx@8I`r4+6?Vd}$c(}X8%oyJs-BA4Mc6v1B@^ zc*Y~-{nJ4=obb)tD8R*qj5=zvwE3zq!^J9r6{> zfSP$35}z*EpeO{)F)B%FT7Qxi?l54{Lw2Tx$zbQI4H@uu^+0E_m6OwoIERuSdt3<18Xo+W}KC#_(fI~r$3SC zdA2YjgQWp;yI%TWW;Lb+Jg8hWC)IP|Z{G?}Q(|eiGqISgW(OVNRv!)PR&O&6t&EkU z3rObj+_3w)Pw$*K6j2a(Ok=vNk%dC@!|LBafKS&MjzFE+?LlSQ_O}j-&+pl(?uSI> ze5l-*R8UOFPxa@=Kf?ngUpekMj2B}B4DW4rwKSU$y8~@*=2J-el^w-tQ&Xzsvsc#V zepQ94B{51FCMq?$?NIM%WFn^)BxfT9w6$Z<1v882VPndt_o~y=>K+&+>p0i06 z;l?m0G%TsgCU0@L32l#4o$3mBa1`i60ja_o$Ipi5T*NmPDBu@o$DG{qmo)EvMCo{|_ z40)*gH{6&1T7=2gkNvQ4n@b z*uUdlVXO$Tj8$xoM_P}u)2uusLycHINjW2{h>x_*EGYRUI{a4#z`aQJs{SO5jy^1^ zP=0@wS4ZSEfl$4ctg4XO2LeP$A+DgG*?Pufy3}2egNCuQD-dCxX zWBJw=eepXVBiN10(Q5pT9XFcFJ82p6X-TlYtOaJdHXGK?S!OWuKL}6@)XKE{Oo|>6 z6AJPOUU^_OkT9#a!ESb?P~w8U{=uBOi0`lmG&$Z8T8Tq1vQ115LpT@{{wza3F<{Qm zO-6z)5|eQJo()L^2?v&f;NgJ*dU);ZB0^q@!h-%f*6{>ivQvLt5%!bO>Fg;6kLHL% zo|~FPBxdV+PN6z&vPX1mZ){esY*zDkPi)KroqZ5sU?Xs#&JF*e7bpuh8_nVhRIIjN7W~ zetoA>E_B(Q{k!;I65=-#SbhDE>WAg+zfe3a??1i{l{!07+}+ubz$hRo=|Xxzf{0x6 z&lYGbnJ{aGDHW&P9UP|Dd^}TKXM<|zOAoo{_HK}RWYwA6`2v7)g_&5orbxM+o=tvZ zO@gS*25h|ZbEAMgrAoWib>ELUG+wRk*-;8ec;x7*lMtX8qF(9qFoIl;zDG|ADW+49}) zQ?fb}ol*l8q$*e%E=+p;2~>m>$wu=Z6DA=svYbeC?q{xeL3FXJr?>N1+&*-L&y3oI zgj8ShrNs&=q%1hes5ld0!GUu{>!zWZX2pfF!k>ShEwswH*)3D+skP2??a+Hw8^l^o z`IJ-}eJDHXbG{6`U;9jz5TVMcKQJ=fQ^2@SB zmM7SuRN+&x54jRcdDUus$~gJKp^PC;JEqD=Nc#5)b5;;FuZ(n*$Mqixf^GSPx69Re zs&8)chRVMI`2k^}asOn8lDz-0=bC@jS`mT|VyU(CO_}%pb>$`lJ*z>oO0`H5cZ*d* zbm)&-tOSvK0zEe24F9<3+A-;7qF{3I)YHbhVK7T`SsT3g2kmF=WR}F|c73_%K=a66 z_V|yKE-&Y!2;=z?(6KNeswoHEY=|KcyYR2<%uc~*;Pdkm5jdc`V(_@Gz1}#46xI4R&F$AvW zZR6UBqAvfs=eX})S$=RgW>rsle9KqY_u4+yafSy{%{rER07sQluLf0*8A&}v7&1CK zkh1(jA^5cez4)2pZOi7L%FGy0C^?jDh{v_&oV-=uPW30OQ5r{y1@jv&93cufXUkY} z35SS^=|XfQh%qZ6YfJPs%I4^^+**^wmT}3FZ^>Rmb(fKKJj&IM_h_f7^Tid>^@PS0jVhmjCzR5T>>LwXP$)0v7OI(K4<=jY$)7wa z)8W|6ghfFd!yLT>*-yh?zyV_2(H(d9KI(ewpG4j^G#&;`EeeTeD|mKcL=`ptP+5yx zZL8EP>;+M5(0J_3)u#`f!*u3Z79{q@$bpZ(&6)w}G*(DzRqIo+9hb+?!XmDoa@Q~k zXW;qRd{V2T?t&75_cd}Rb!wF25@Q1q>HOOqbSBcDALCIH8RRC;FnR69zl^{bv3p}X z=ilS!7*jZ_F7}(7F#;Gn+ldxCe|oJwRp$XeF_SZB3Rqb7;GSGU6i2>Nq{}jN9m}vT z-#}Rxb+xG1KR0L_`a5>v<_}e(7}v&nXfC6e62|^77&$K$2DYzHg|x}d5PUwZ>P9hj z-;ryM?2@?eywoQ<<>o5Q6~ba)x4sgNd^I@{&wUVwSU&9f-_2Z(6tij$v%!{ZRl(6! zYF$SCYx$>sNPi?6aU%Mve~C!(XCUH334Z08SMgzOneG`US=m{^UW#-V+J6L`FYAH@ zArs+I;02@%meA#$X;0E|W$#5wJ4C2g7T=vc7yz?IgC}X|=AdS^+$;5+xk$Mnmh;%P zB=`7Ym-5;#`Xvd5X@{X;VRx;^h7d(2Vw2bRk1*iG4`d?9k3%g(5m&w2?ozsY47&8u z0sEM(yDc`GCs%a$2h&PPZ3U-B{?Bqr_s?TUL_|&xbDHhTc+Qi!pN$Y91~KuT$!d6~ zUejn9jo=O1oQ}f9ro&WdX=lsM%ph_$Jm~@+%4-_dw>OJ3p^Yv1v+_-vNi4EST1-j= zY$-&*jQ6^oJ=m>dv9aE5DHC+Ur~IH!>TkcsmNSyt=XjU7Q=iz_p7x}eOXb>CSFbGMSU1^ZX!_o%3JT{+i}RW1>F62%#M|=(LjkM5o)4GdQau{U zv=$|!36-PcjFTswbDif~N98U7y0pMXBBMZA=C(JXT4-l7*|MB?fE z2dNnG;~snOz>j26aDr7VX!I`KwAWWoJV8pDPJKL~&ME8He}hjsSrP+d)_@OBJt26L zEiT(Y)x)7StW%tH0tOZZE;bgMG%;$LyKq?}DQTz@(|JwzyMjx7-oG)5jCpRxal)Pw zRj~z_HF^lR;M(O}Z34S$L`bmjH;4F$%^(N^bI;SD^7h|;rjqX`-%Ofw%n>NDQ-`wk z(|h#jI6qh|j%tFWa}se2PS>7LtFj!PyuBz*j6Y2!B-WT25aS0UC>@qP?B8Wy47T5T zXF04F?%J<6V!PywiJpN`N0Dwp;dHb{+rjJ^0{-cvHnE@^ve6K^JQ|{27H!%;U|$m5 znq7bv_2|!DMIjMcY??2B>j^lywd>?Fm>VJ%d;b1Sx-D6y2X0?OMp40&mX*@yPJP%y zT<<3A41+9w+e^YRal|%c;1eyb7~7nu6ARpQBL5fCeJm=9mA=TKe8`LkXG%>uoAeu9 z8P`C6gMY$z)K})U_NQBW6JxoW#Lx(>ZrAJCG?4@8aTptYmEkny4UBwIw30Fhe0nyR z>OHcI{2SilAx!n5ji`vIiH~@56NRvQ@S8MAwhs!fyWTRIdVK;g)Dmh^Q$T!Yxy=&u zkY#MmrG1-t!HJwF{aW>+7m33TVoehjj$q2%FS_NC5mqn4PjORFj6Pgj$%Jvf~_PV(&#yg;`7 ztz8UI>miDkYG)JN8zX6KItZIucMD726~h*{S5c|dwf0hheN0xA>e~_GCu-9pnu@9k zR?Pi;fP5K~vi?}o@DD{q$qeHfdol{R+8<-NZHpJ2duj%HVP%hW4b!tD;PO166|b_^ zph$w5x1}VMF7w5Rw2PYar{sVGUQ%Z5=V@3Xi=!E5_G&_2CGpuWBGF%6UB8`}8Mc47 zqp7(qjL9`$kE3eM+h`5l@yX4XaYF5o(aZjTql3dh3mkxVc0(Uzfb?sb1DMKseM)q5 z>IX@5kERx^TfG_weCb~T%uwJt;yTE&5BbQF$DbqzV;2+|@2_Sx6ZqihrxaRFyQZi`N`f zLmZ`qbC;EjO$gQ>AJ6wK=bS4lG}*mGxPS6E`pg8*Br5-$VBvUu?fHEEf)kE<5sHBX zhMCVZBxUC(ug_d^Anl^mS2wkpFU2_!!YTC^11Lf9_&y zQbkgSl(y3q*zW=P(7x#xIJr_7n?$D6B%Q`j!@+2WtI>2_KIp{>`AHed`E_PSYkeUY z#>-M{fBaZfvzSA`O4#5m_N%P&qkp44o1491oQKw)k7X_MEJFw0_y-d&1_1&h9qr96 zXsBzsdJO}MlruM{tM4IyNPu|vEtaa}!0q5ygIqF7N?;U5TuzT(n6NRc0=J)qGx1!7 ztmJb7Au}S%4>o#KFJ7I4ipuI@?(h8L=DS;cv*Ih3)?(E3MRvzz>7zI@k%q=O6 z|ITYMN?TMt8Jj%tgbAmXl@@FV0wWeCjjHUqCqN*&vWPZ^hYm63xCf|rFL#{j9|-I(J9!OBY|7GzkHHBE!j zhR2H7L=TE6Er~f>()c?^A$^68sK51NT>)=)Rgb4grPvt2UyY@Ocp=A}UQd4=p9!8C z#j^?;xIeOeH;}Me`taQ#Q<@s~#Z%7DpAN_H;E;bXh`|~!!;ddynpEr^h|vHb(P;R^ zFI4$QLR1_idqBT4H8>%1qM1cudAxR{CFK5HD|}dlEhY=xHs3=@wGTIYExtdHj841}f65 zyXHju0-43R+pS`xLwu$B^>DGTox071EO)({^W0nd19-UlY$mit;xvyYjm)c*&czxs zJcnyZVVp7`=-*GKh}>kW%`fTjopl`VpK{h>n$terYpl@;`LsUWel=637aJ`=8gj)Z z(vdwdStsvu`Ri3opkk}on_U?RNh9>TNfPg_f;F0fs!%>5)1+o6O;GflhplAi#(4Lc@j$qt$G%{| zz%s%tb63(F$^;B$DhOew*92OP*dB-%q<(ZOVD9z8?gu3dlt`g$iuJzlm}MJLt&i;p zBeu&w(<-FnO~iBBdr##M75UA%>*N+q&cpQM&(~q5GKa=rh{c@F4n@BZ#ws-F9wWT* z3*DYoAft+QcM;KCPjRy}oD5UIUJEhi!Ykc2%)PyspGHc|9Gpxn*jX zwnjA98?>a~S{p0L`aT&30Y@=ocZHSDpT#-5yt9{T-%Cyxl)*`P{^4r;F8# zqC9!m6ra4%sn@sZ`=;uY!JifK^JMp|^&&hb=;7Try*=akIo`wN^;(9CJ!JWWHemcn zM!oQ*=0p<$4jdMM*xo-qQ8L(Z#IUDu`ZHi%rQ;P?B=%z?q1on>=%6EQ)p8P?SD*Pu zLPX;>g=y$*H$`J#rS92VD6{sHA5FS_wB7@(&ruCFf~;*_>aosJ*6Q{F4N)B3v5RY zES%SnuVD?}uU&^-WkaCy5+t4N4DY+%mPW!2NX^uWV5`0H$iep9K5L!uXmgflLXex5 z{@%G9PyN9&qwVn9(@WfW=JAp2b+I=|M8z(ypLMk^8@SZQawg-&-(!Q+86?gk%+Ru@ zp!?a9 z>yb8tf(yqJ6F?2*5o$l&I)4A-B79Vq)Xx3pSCl8}pCs@0KG9aL;jtcZ+3)zFYUqU` ziuFHc(@C0!)#RIsu3WGmr5?X9U%Jd{shYWJ#c3o;gN6^&Y3fb&pUiBmZYd&m_t!aX z?6z-ihVDD&jdDA_qxL>tzkiMqj`jNf6H&J7tNA$h^J5S^U%Wef#D9;B=+nO3+L=o= z{$_%PBr>|U&5}jh^%~|OP4w9iYS*_WsXbY=raVeo<%o?MA;Ca1PTiZ?o@vArp^ziKG|B(rCgaBb{vGV8w z@J8!!d9tyANdMW1sL*QrkLI7XbSC}>K4%UbYN2uqnr20pEEkZ4rDRb9xe-11p-qHB zKn5zVg>EnsJJxKo_|*e6*R-J^4*Ck#`3>S|7sLeroi#{V{cpLE%S?Ee?|WGQKG0PMV6@~foI z506&fFdwqJRe&{N^#|6^ix%$rWkhTz`Y|ws-nans|NUT6YJ$%4=7)jHs-MLv}U<6J%1obZ@FESKeVzkhU(F)0}Lc#1!o2!eY zr-l+BdnbCM3e@UX{Q}O1;^A*Y`oHT}S&L>hkq`)4DpRjx9JdhJYe?a z9}oNKI4*ICmc{faBFJz@sQl~Nlh^@GhQ-$kVwh6O=zf z-%XL8$TH+4=Hqbk4Cux2#I$(bUSP&o09x2Set2}u-mIqGoxNZ6o%l1Tc=%jF1H_3> zK{9S0@wXcvPn!ssC^>(BT&&QO;%bG6g!=b=Go7(nqgH1QZ2UQ2HZ8tD@71(t529yS zz^H0JV_Aij8ZJj;mw5N@e_izVptix!pOlnL&tbws0>;!ded1X|1u}HqgD6yr)<*SC z@9Eixj&maBLW&d(L({xihxQ70llhzvkksYp}=}UiN1CVYIkf%9`vGe+D(joDywBFC2bBF z;RyNLJ28|ejSf4%GndE&+{6na^DB#$zP$Tju#gW|FO3vPF*h$;195>3E)ueEwouO0 zM1_EgM??kOqt^saQf^90V-E|YW2w)rL|80xwR?U6CZw=V_HYFS!CB2$*wZ$~4VF~d zi26#v*Il7FhAVZnBsV%xMd<8rQ)PER@@y98t-7Aw{a@+NZ-KU(-xY*_;-F!MuBY2O z|H!xJCit&!TOX9hQyZAIoP8rVK$FSpB#laBaI1=;)n%1Za*Hf13zv}o@@B6MjpsP~ zXV%V}RR0hDZx<1xVmwc5^|$8!9aD8ddo|XMCFX^`^_6;0KGlYGh;8#lCQ?(t;13^Z zf`wehm6cmR6s7`7I&0;exkk-dN7F0xvmk5|-+%F%fs}EESJfn?=P^ru;=;KF!OpcC z=ggtFEzu7-T3~*FwOORw{HnLZ&3WH?`(^Z;J_+BtQN8tC;5(TU`%_~q`WX6g197WG zr6jF62eaGQqKFCB%HH|AGf;h(Ef$fp5KvdDsO-brbK+aKN}Q3ndI`lP$#OgeYP9}OBDSoil)2sFA#JEhe zxGuu9UJLUIk5+0+UGW@ z-V!=BG)(|JhgPFg?$nEU2=Ld~Pc;0jTQeoO(~ukp4}L7gR7FIDoq>`k*whY>sF>0) zii-<$j9+Yk{6S63LS)t(mP211qweih?C9HZR^L4^i8se%;wom-ADCbJ9Pn*LN`gFM zG;?AR7yNK}c1$u3HlDSb;mLqh=;9X0dG_5{bvDrlGVCen{QWfi0J*mheZhzQXkStO=PGtalJvDta9+QM3pQLvET4WQ6 z!-GwAcigr(1{MI|n-Ag-n;wq&RkFA9_c|4_5~|%k9)E@Pt4Y$MRfooqeKP!rc!!5o zb=6{)mrUNnYqT6RI?ub2Z^J-T^nbCBiQ?Vp|7somqk%!)2^D)X9+8+rNi?9Dpvm=5 z%w+;vt=d8hT}UEeSXn#>YZPi^@iV3^VQZD0S)ipS>ALG>U!xsN8g%y3Ym{kQm#s8a z#}@f=$tNkz2=@lm2g}ibu_At6doTYsPt9U3Y3++X>y_eG!D;*y@9WDk!I?g1P)nygx^|jxxgFM*5fDLS-$gZ^S=J>3{?7 zv&28FKKzves`p55bYwZ$#B?)ZQ+1G~?8wQ|INZYKGQ}>0kIG)J=TSxh#e4a9sGj!A z)IfK&KjcLD4T>~C>3}eQH+JoO(|BKbW!C%g@(H!Adg9z4Db?|DpDPT6W**yHTUB*5 z!V*V$9|!cpFb`cYIu&E?99(H#vAkZtwW)v>%FU`4yJ{DIhbz)>>c3vipZ!_wg}r z^z(Ni-?b#6wGNtW>WB--|C-;hY}rwb4FZ?d;*jxt-Sc3R(Hu(NHA#(a=v;+z2Di<1 zo`Vv4WBR5GEMqlhuA=gUY@dSk8>Iy$=~x;f3?m`Kb71KBQ$m~Zh?L(k705sb->PmP zY1F_E{1h@l#(C6xQ3ef|wGGZ|(&F_1M)5QD#d*IT1?iG=KAIeHAWeoFO_qN z++jOX>f1`CH^C5}8`_|T(TQlA#bat9l83K|GYH0s?p)1JSj#)xkksd8Z7S*He+|g& zF~5%K<3_ARb`JGrr*6a{5FRu6Ik$!0ZgE3udd+bo>?aBWU^>&_f+wT0mQ-MR@qfr9 zbGxi+cpURDBalAK8C3KGLb#b+)2?@7;Narek0V#Rpq!ddJE^7{Uqox{DN%9B$Bt>= zCpdGDzoeo^4V)^cl7zmI1VJEDBklThnY&3>tEL!(hx-o423^Pu5lL4e2-9+mvhH6? zKje`;tE|+OrRiy^luqN__L9m@NQ&9gtazG+cutULKw;!o4fXb(%~IocP~50-Yf8UP zsZBb$Rr-ov-4I5{gOoURS%kfrD_W%0+C@b08h#3u!?+NFcPr=hobm7(PzqE;YI5@d z`G?LwU{Y`0JTt_Iph&~6At^1834S4)tz77`LCaoaWhyMyb?V^D)R|)ceu!)v0YOcG zXdY4mrAeb($c6NUy4GeQP9i23n%o6=Ds;u_L*DnLw2;T5o6G&W;QRfkLANuol1DQ2 zeVp+Rj2rJStb=jm58eGk;27xtVe72_qH3dduYfd2Jai8s9Yae=H;70#4Bg!&-3&ca z(n@zocY}0DcS(1i&HH}NPv`szduH!-uXSDDYuySl6tuJ?G5x-PYzqGSbD(GQ%J&FL zl(*o|g}6f=rC{%1fu-1>Qt3+FqdlMc$oy*9Nee**tnSG?H@1+#6+ z45K(~?U24{>pt)DP@bw?aP`^h2}MU$myV1MA>WF;+13f{iiNO3ddD#$`s^EG(?@-A zoxib7m>#Tv9!}4zQ_Y8pO~ZpGE>`GkY$;f=|I9GD1ER)-=}*LfNef2y9nM&oT_6U~ zFaajDFCi1{`ygsS<39?81dt;H50IM0jXrK=KxD zV8I)=Sq=VoIElr+s?4dF_A_Jr@?q?;CZU^ipzu7j@Gqa=H3*1$lV?NzGbA!qy4XwM z-sLb=x``Ok6auR&K!R1nansWrkXz@I>q*%JTM4Q-CQgmXqXAWzNw?LvRoh{YHX$|J z*8!o4hO?GIJh);m8rM`3av7WdS~w_P3kSt!Y58OyHkRcA@TqFyLa_&WjkSm)^!6kF zJ30xr%y4|KR!{?F#X4jlvDF~wLBJLWmCsveVM2P!K;CX}qjGC|?^dDEMZ7ac z)5F^Lt@87&m$%R-(UgS#G$!sUu&T6ladrAOU;p52kp|l5>G^LGzolhQ1{CbQ!bclHrg+e1m9G98kUxSFB9T}CD>FrAf#Na=TxqJuwG6tukY+wK{HM`R{SOnK)&ok zt-coK+{b{P!Q>d`7=%Y;p0LSY*r&YXmOT)y2Cc#YQTx1bstcT)`Q5m=i?f%cqsW_7 zeRSmq7Dq+;sE*V1W5M)Q<(W|B<<6|XTRz_O>IOIS8Me)u)3^CPI0+ zV-i&C&cN%>={#TJu8yog3^%I-^}NN2!DYu@^d3({Nh82XafC|&WaeMsx6Yoo@65=3 zrTAwkOMsnAP3k`I_7sAl26{u%jp=zjZxaQhCIk}JV8s9-7QWAk<#o4b z(uHJ=QxzvI`JrlJJXQk&T6Y(H<~csAW%6IWgz3MfSkqs2k~B1*c9-PQj&#%cto<**?te(P@GY_o{4ME-64chJ!tT4BVp`5eMI3H)E30? zaK^UM*C5P?S=mp=(eaVyyGiCVJgDZo5O}2I%Vc%c+82Ld+!cK7_#UxJ&}xx@3mql< zrZpjEOFh{>mb}lq2L5C#AGx0jW2qH~2r9NL6o*21?Q%rbPZ-kIGqMtj_hEH9NKns! zScThO+Ooh_OxK{B(*g_zk2{!#)pp(~xNSH-^g?!;=Ek!*$V0Ya6O2yf~V&Vq&^?$i=A7v6`Laqz(SuRGfP)JJc-c<&n|RY68yRiXWs9hNYN$HU=b-Pj52WnYATD8~q<1M0(>e z3#e@!2ZH1H$&ft42f}Na6|rIa9eS-{VjbGA6REbeRA#DJ2OI)0>LEvr(BiD1=l|S~AqufDj~1UfK~X%k$ZR(#=LU>MJo1!akQZ zmQC-OEhcU9mnx1c&xvsK0@KxJUL06A4R|7QK%v{Va7B#j2UZ&7b;yK#npyu3jx(_1 zhz^{TVu?p|F$qTLwlNzEarqgBaNix|*5y@CB^$WgPRC=J&F4>qL{#Xxr;C{)h0qa1 zl@ON>XMfy!g$*13tfm)qB3tvKvdAW_l=W2IbV2;oqF`L$zQ_8qJN%p|nInp9&=~L~ z^GY+T(q@R$^JBAjymJ{=|G2(kwiH=0;9DiyX<;70W8*Ej47`yxampU>36khjaJ90E z7$N;Qwk%0d!p>W)UFmg3WNNn05}oW$5y zny=3o^LkW}NGoR6hynasy%L0&9*?O}CGnOWl&z^hOpm|L zPHzy4v*^%|%NyaD%YN)DBYp`zL=p;_){1gtF)f^Lgh^$irTAZxLe6cXGd}1x-^LC|+|_7d3Ogi{n-L!=#^_ZUWQYF{C1J#5Hfz!XnMVCKF`~!d|wO7w(2C6n^s)39QE7Jhbf_=3&WOf26i{#CJiqvQJT0WIf?+4WF! z|M;4jE7`Z!9ZMmKspUWR8`H-kuK!!6k)hb<4si&DwPk3mu}YdGBoWI=&@#gr8XB6k zCxf@YPgb+q{J1LL7be-+FN8?)B_>DV-kFADTuPzDy(}(nd-%RwXp-A|OBDVpLCU6} z1EaQ&R>DuB zifm%9uB*0eIXo6>^zzuS*Y^ue$WTMhr|C}|9i1dCb7x|04pE+Bn}WNglVh@WXs#i7 zbeh(;iwH_32bq-N5mBpee5Z}MIZR>e#?|3ni?B_n%ix~!-NjrH@*oYfsQ)bGv&^0M zZc{+Je;oMmBN@RU>O@=2lFxyq)4h@*)UisAe`m|3zV^T^Q_4tIMQO>-T*dJDu7lg| zS1G8{7)0B~VoynrIfra)x~(lyN(bTxn4^NSQ7+*4NlO%NZSYvwCuL(7|_#t??CCwz(Bv0k*GHjcshnZ$<&}PsF|=_piRCV3_<|B=)Bd ztn!Q~oG2P**i7IDiV6_*E(_D}q=J6opet$E_D80LpGr-bLF6pZ!^`WNye##O0$%&7 z)I4PKn)A~Ly1BDly_%^;Cwd_Xsl=3-KYn-8oaXIM}*7Ao^ZDXKzM!r)h$-{>Dgz~HrL+>nXK-6k1 zD0MD$Dk!ICx$rQy*~0P;Mq*VO;c^biKD@`BdCLrz@=tINhPwN7=3{AH>JiaCtfuR^ zVXU@n>?Y>@JFYT1S#Nkh5)>-}hiawrYhfLC)X=asL6!+}GjWbGV|r}&yL39 zU}_dVsIM#8oX>5V+18?p2-x814?a{DTwvZKA)O$FegBQL&96fX<{nujf>>BFXD+v0 zhm0HHicGZ~@mA+kjFFlhcmju}p&RhZjU18ky3V2ohGG4&2?-hbeE-F(g!El+0iQeV z`x67!PqiRJGlFB2far{;MR=#zaBd&35yJv{fVH2S`2e0D&U$zf&l!Yh{rdq!$CKkq!&e4X~bq^vL4ph-8ymB>t(z|E2yCjzd2i6eQ=|YBz8j9&0eGdL_y8)pAgtt z^WndZStU<>Nofi{b8#@wWC3t-M@|&cCDDKE1|=U!yo34>)Spyd|7zLSzk1L}jllE- z`M-$-Zl(|K2{l#k`Eh~C?`bk;H|xdh0H@V zk0Zy%6dFlO6C%N}y=neLPW&3 z*jLvG3tT-lrCs~LAm^m(;ewlgsaLVZ3X%CZAiN}YrEswz_$rf4?R-{c39KOQD;r~a z_Kul#(dS`P)18LwjLw`3SmWTEt|UYMm=TE9S18oX|L_osUHWm}xd0nxo2UlmXiOPJ zwOr7Ykox{qv9qanJwV#79%*5~hCaE>+K_|sKiCP&p=Re|!0kLC%b&>zHNw_H61-Zm zF|!}rMAyG(RJ+tyCu8;1LFDFVqP);wIo1pB_qDG%^oDcAE`87ojk5WfNjaHo{jns~ z8mhuP`NmbU8mu>o%iuO8jPuk|i`EsUb?AY?ZZ-}mSF<8g2k3ZkaWNf~8lEM5T1{Fi zAzcYyNb?l76DJuZn)o~CmXjHdL8>q1sK5w-dal+fZBNJ`?D#Feb<#E5J7gQ%rtBKV6Q)^a z&8QWLC3UICA#%L5&Q)|B{Uan;!-eWiKOUu1O$dFAW<^I^ze)aDFkJ|^wDbt%lt9UV zXP&kP4qC}iE<4~e;o%v5*{X_idoh6z=C^Bt z&z_~AiW$h`-4Bc>hn+mj06jQx_?4R`Dnq;gd4Fp_(>_iCukHGr)yFydp)xRk6HJ?K z|8mVw_L4&*x^VAD4g2_d6+OwH$j>bziH z6R$?@T<(!~LhBr7P6CB8{`jg;5I3-DP2MG|tv(TB!&#Qx-7QvkLhn3RoTUN$5Jx1h za)z(FK&KnWW$3kfy^NN@J5oC`&hV{` zN?1HsPOm2e{_DxWOv>dtgc=w@=@5o-kerl0Gc!lc)bNHPV^o44cUZ`Bj&xw=PlR$F zvw*;p1YPQ6b^jrh!&fS|x4lTM;2c0G4|hZK0LD0Fv}ba&GN7cZO~GR>O4?aRV2EM; zaBok7uYjFO^zA9+;%3kG8Vgq7VSFg1pk4FQxgM!t8k3_e&sLfDHY2wm7P5&8Q^%QQ z#F?2*!T&CK>zqN*(LW_VM})F(YiFBBT19>*NsF#C+B>*(`19bP6BW@~IIU9Ihr@^m zi|FoX#?8efAiFX+B*(+6oAJ7|mzs-)5KUZsO)dz&?p4J>4Lo}V<^LBis(JHPOEPsR zfD8XHSyHy5k6Rr(HoG-k2QRr%(rIc)HklbY>ff)d(x|}zDG?~lB5p*}TtM1-vHV|S zP@%W;Su(~iK#tQ3FVL$IDd9}vvX!4H@pt%SE#t;x)Fhx2KJr}xhlrGMw=Sg3+$EEmUv}$Pt8pmfI4etUt%0yiF?V%rwUAyPC??g z4&2k3qkV}&onTk}-{H}hbdcSRR(R=C2B4m53BisO=`^aX#_sT1=9zGh4o8JkHA|Hg z`#ye$Yi#;`;3aRHOBaSMW?@_}+#Egv$Xv432K8@2CWJalo&4p6eY4XTlMB8`02S^c zFf7SonyL6Nb1xV6t=^EbpW`YQML2a~K5}jn=d8J+C0s&|baatzJiuCux1!b75c$e| zcdfZXIOreAEakVisruyP4$})JG^Z}B`;y8AY>!&pYJq9EEk@JBcyKj@uO7W9{;=9QWjeospvo=Q&E^Aq~@ zxP$%zzPa01D8rB1qhugB!9sLXn4&&C%ljkA4zf#6E#O%9hWEQRly6mMSgLAEGv$~` zV#gH+2H=ABbv)iA4=fk$+atS=9y;uH$JW%*I|?uOoCT=fn{pQ_!Aa|u+w5e0kN z-Q%O=SF5eMq?-|OH;U(BI1)$4>6KnJX+=U84PMW7jMuY0#__9$(Ju1R{(k4%o$oDI zXR>@t%~8Di9;kz7^4K_pZ=^p+FV`0&B!b+!h)Vso@bsm{t&x^Ty|~ddp_2-O2UX;A z;4%;=nZ!vsV)ADi0Q9=4JWFO6*q(iuZAWx46<-TL^c zD(n+0CfVIC(M#rqPT9ihalWZ%^6f!M^XYs4Gc}KNcFRAU>>ziXK{FC>%knLQ{t3?A zv+h-&$N?<-QKbb~cCY0xCv64DUKRmf=`Ie-qI7Y_x3Gcs#|3%7?h_Y}k@$!}M;#&| zMT&c6^MxOu>CWo4&Ix1GCP2UMT|gXhY7=F^AK6Erck{hkmwpr z^UWAuk+2ir!-_l4Ge73r<~#loBh$;<1vKrtyvV>>GM_Oc%}5@-ZW~WYGpld~5hi+1 zMO#h2RSJXodi?Q|g+7I}cS#*%CabW#>^x!q?Ck*?9_4_>#@D(D!Nu|Nvb$l zBpZ${su0y$WnNzutJhcMU|r=y5!Rou04!ME2$;XiUz)Q#H^=>ritf`=9f(|KQr*ze zC4Z+2uLmV$MNy2R#QM-;PB*l)MT~TKpqCrkck2m0>4XydYbhrGdhX#7k|?wz_JZ^^ zN8;}syP*3b4u;-!rOarKzUldlNNI)38Rxm#`k2$+@MrxRtG$1MKsg z4RNIGwV+>AVDuhAhiC~pvIfnV>J+mV@}bN{7^MN{DN$PsE9~hLNtN>jB8&0>4q?cx z{GJU46Jlz`&boOKcujErJ%zcn2d9VIZ{FbubfzE`DqImo9G+itDCKhkUh(ym$lh~> z7WpDPA5qa3&^9}tIa_sDB7XQFEjN0iePA=)w9x0!KDqp3MH46QS^P9Dj zI8#cd0Z2vj3bf9u}zWci~)rf5VZya7<{LH_G6lf ztAm08#ZfaoB@$r~mR=3wb)^N=osQ2{#loqc$!a?;Ev{Q|#$8YAlJGcMpDd4l2NBel z0o>nz0k8S1Oe#S1$i!&;t@~HP5F#lR9$gA2{}QSocaq@X;b@FaP8#rT#C*QalT4k4 zwnN7pPn6EaSJ&v@;bAwPQp@T`54fT<5!LbJiKI^k|9t5{FqjaK(>o#jV3Y8$K033_ zzSAqSc^=BmR27`e=B^am|5sv&Cb5p{;5pr5*n8vAlvEHF8)RMqVg&`@+H?oof*JKU zGl%!u0YL4bhfh#;e=L82P3IjHmbZ}P4qaRQY1hf*J-coR{ZOXV=_6tg)3H}~@o(eF z;PaPAdDsFFE0rQEN!DxiT|D~`v=&EBAWv>BVRlt%O_X_~@UBKlzec3p{5IQ18Nyp@ z1kL8n(oOtEaAVUO8C>8{I8)DwA%3~owQ6TOhy08ZdObTCke@=NvEf38Ae*tW)k0#4 z`;rR+r!3)E8H5CkzA8qem}S4&y~PY&UVl8u5Fu}sx9#?U;~}YZOA|{BtL|WuXE2qQ zO5>nx?3rtxe|@cMrF$V<^3hqN3_;b2su=DLACfSuQrb=0TQ>mg+|iaA9J3d`C;U)2 z;OBW+7yG11*OQ$SwRJ3|A;KdSx&h$gTCj*-U<%h9U{~ZN3zk|Dmr=wM$6+e5Qu*SB z+s_7B&+7ssI5-h*m<|vTJ?PTiRK(#BRT<2h@7o?L{5}blA`=!~H@x#Fnvr7{?QG*iEDh{VwFqk<69hMt`%489UEhN(!%Hej2@xil>!!uo<0LwCbZX^34HE9{uY1dC!=4FV69#Vwl_v;v4j?z<7y>YEJ*hILDfeo zYAl}!!X~Rcawu9DqMYIl0i64A9*kCUR+s9&k?wy+*V3wBUMnNn_dOz7_m|<9m4zT* z>r{YU%kH0~jdI;&U?^UJ{>@nSAQ z&dIVP)~X9`j1ye>`cxh@5Fh*%n&f*ECek0b5S07Z57sD`C6Bc2*)Z>a)6aI)p?|$v zmftd|fmW1{pkRKI!5kj0dxc8Ca4tXer{lR}!&j+R>W z3|r%zC2QOmdHQ6`^4V=9^!paaVQhWbFE;}hV)LKd7paskznIV0;qQ>fiWq`6!)_&FmP?>rcr%L(#S$eH~#{jV$B`bT@k zF)l$WuOl@RBu)hp-Xo49prNseOtw2V+~nOUam0u`4Y(N(IuX;fs6u5}@=AG?P?wYs zmt$3i4@8R(0?O)4&U-C^#Tv0&oxETQglt#qp-t{hXr^?6>QDEwt_Ni4NIN{GghseDMXS} znAq z&*vERG4vk0Q}X?X@8){|us#u#@EX<;d3|OPld|&ZQ0z2hC^RCn)Nnk9v}fEoE2S+{ zOoLN)RliA4zu{3T-)y5xZB$N-$JyL(G-9ap2-I`?+q&E`VS^9PbOfP z;rxfseShEY&8$AEx4e9mZP{gs^PSh<^-ZTc(t0;D1)KT`op&PDZ#I_1$dTB=eW<5* zqjaGUsxySV&akq5(@f8*kbQk0N8CRF-1brQEh|a*zj3BNl_(}3&eZc!q27(ROtZ%JNy9+l3 zkp@iKwUrQ~_SbRaREb*cj-37S9zmLCX?Qe|;q(;hTY*>DOMuM7b)i0_Ln1u-Ey~cS z#gtFj{bg<+rj0&+gl$QRiP|KXIW|%PnPlz?aRFnJta#szvrLtQOQT46{~$^KYbYzZ zK&q_GxPys2qP!Qx*2rdLjzebtqon_ny$beD^8{T`vN1H&;bQA9&C9{o>4pY^ zGoqrI1Jq}{9t;O(tvB1U8+cGfU8l>hQAl#{$^dpekU4Z?vI1U9$#2k9(*amD$KX%olB zb%(^LGz_B{pjJnFUFN#$$)og9lkyO79HoJMPrrn*r!m}Yg?8ZQl?pGOPBnHs zV@+N4SloSrGyis9g!L@e?`qA28fnF22mJLQu-E4=4}eC8^s3RBm(Cj7Ud2nOO2Q)j!~}E42iJgEdAQrI_f7U{I;8G(T})wT|qINfr8~W zUV6hep#u&H8ai_U6fZz>s=gp7R{4;d$xxmyVuRSVs6k_x^X~N4vc>xV6lqNy-y`9v zG2}~EjUrlUX9@dU=e7vkOf)j!{C86!pl6L;%K@!bnsb%bHbSd+~(T2J(c$Nks6XjQ3H`DaIS z;jz(wmacU#aR^u9X3(k1ein;5?kkd-AnynIi+mG#ypOsqYJWiUNGIeC{7ib!S_QgD z50Z9Bz=P3Sm!TiTzXCujVXM^8yECLBY$A^A>vdlbUlUZG@_Z7lY0y6d2g88lDjZM! zcX13~z=L95CqOL9;@43xquq}pzYjfCb{dk9J~3%vm${+;Ybp0PDKDQ##7<)bnFI{| z5t$li?5GRnDP2c6zspRoa_+WLYNK8_I{Yy>st_^<`=(7}rp52s7!QrP-%%%R`5MkE z(*ADszN8`sM$IV@u0WzMFK<}$f_C)b$5V9#N)=X!Rj8idZkR}S9A<{(k(htdSMHkP zN@4)d4!5P@zIb{{>&+9{l_=JiqzNYgSFBlya#+#+s4Y@XywPOjC6R?>8P>Fa{kYSl zY=g51SoMBS6WFAXmCv*l%cEi->aPj|m6y%8m5%g>^ff>lc$7^ORHE?w_P(XU$hwsj}Lr;ILSg{7ZISpX!dW%-up#n zXAX7ks%~J3Ss$<*HfnZu{E-}4oTwQz4*QA>BxiC0wAd3Et|s=;1}ZGYoGL5mR5*Qj zHKl%zwl;vkJMk*xObAD~ub;E?(u~?)LVz%gRq1oQbon@D7MDnUkv7LV72kX$>#&3H zH?_LbK^;?_L)T&W_e{9q%Sc-JXX+JII-w`{C*3;RE&!N6t9yBTQ&Gg+*Zy459`v5& zhoUWLA29iq8*$p^wKcj(SZKguQ&o(N5{Fl5{ge}b-uPdSA{dj%8e2Jm#P-k&%oE#4 zU_ahtU|1!?-p6M4^_PN^!0FT>PMq*C4w>pcfh;VT5~6XrTs$d}T)mqe6_jI{6TDIt z?avFSDm37Id>kV2%{xjI8P*bXS+sAbqy-+zb~Y z^BOMK#&r3P255%)5~I*qUoA;=vt+Q^j2S{hYIBMBaGfV+?7dN8QjG4s!q2sH|*#(B<*8|PHfQ*Yb-k&4^p z7Mi4fgT8UoP}+ky9B_xOKi%ZY9(}29%KhMQ;0S{W|Bn@>&~W4EHhmm* zhItV%&|?*trd)H+qlyRnt7lyFNYwS{bGnf-BZKQifD;WwPWEz(D&%^22+QD90WX_3 z&E6%;&c0otJyKG?{M3xLKY2{+i`oElF$WgR{_)qs&>G;6vQati<0O`wx<^<$TQjkm znRO=%(aEPW7wU3JG-Ouuov2m)c1sjuf7i?FaQTRr@mnjV_d<8=-*K**RY9s{HLoOu zjzq;(5ZJ*4tq6lpN4FynM zpaVVg2vDOq0QAg@i0+_?na9D|12x{?Q*!VSGt}bgw}MoLPubzO#g)+tCrMXVRsu;K z<3BpTeR(`~WJbLVj!Wmv=g^m#+WV&h;`E&aQ)#w7g${jH(-3*~d%>NTg~KHv`=!{| z%PnuurcU-?$Qs|VwN3CN9={`IqfhcKQ@19*X(GK9o2dKGDrfLIcv$k7S13KrRVFSy zUVPuNdD*T*EfKme5S-P((HsXrggGkypONQjUq80(%95yhZiGT$w-lVHk}y)E+}{b_ z@bg^se5C@A|x8uP}OCMmvL+UtWXb?p703Mot2*1!lN=%P2(!0?I^-%mL1`f&iE z+ABITdc6yyl?py-b-U_g&HNl%vj&~9o*d4sLHYIR8}~THG<87rV%n zDCx6&5?!{XLG-9Odp0UD<`)r<8`+W{&TrB$7JtwCKvL{&T%V=~<}CZUI*1n?NEU6+KqdmPhiGVJtm?z6M;`ib^v1WufOJ z!V{fnI$fOOAimbluFtd_uKi-&h}1MrA>$@5%cs*mkMAma(6ciufnAl((!*Y+=1gDgUMbWc!^&VcWZkGTAPYiet{d)SUSE zeeIU~pIglBro`?@oqs%M8&F7Sm?H_o;AtDjdgvqy15-{P+&>S=aYkMp(W>%;IXQ3+ zgz(^I17G_&4$K4Q|KM=NKINMt&Q)LVaTbg|Z)O)NaOHb0L)Du^6?6^iJ+N^$Q;jwc zzA_s=k8Ikw>SEx-{^+#x2L$P&7_?IU$!9)rj1_`az<}|2_r|d6y+@S>T{zzN;DV~f zV1Kd?PB`j6%{i5B?KzWbPo;?bd`}6V55-vV8%Ji~t)& zbI)I?nz#^7IWnOEKgd9?fqo3d6Td~gc_V0 zS`K_2244A{e8!~Y?{9YU)2xqpx!n?s{Y!F*k%aj}ZeYgQ8d`Ctfx_s%E*r*eT>f#b zi*^TTs%IIjpl;sTeA5@RHtD|0CP1@lO*+Hls-yBWLar~OGxoJgpj*e)y;9ON1{E$ zJuU0iA!%1V#b0?Jq9W5jR??YK>CZP|j~}m;^F#MBQ1O_16h9x09fn&giDE114)rZ; z=ME#2~(mwbFlxw9?~lGkegCb>-Lw&clspRgedLP^|) zzFwQp(6;V|Hg(_(9WK0u<8hk9o%>6sCleLdtNNE$5di;Y!YDSom8Voj^~pqbutG*| zB){mQt4}~}U-#Xm$FIYF`@t%ssI_#Yk;>T{w)S8bx9bntAjWx;m5~j{9U;@9o{s4% zDPdlni0IEAo#K5<<57+G50tK+APnA=8e&{|YRpWdoW~3~LksSc(dZ?(mWwkKpA6M+ zn(dya|1}8y?iIo;r{>6tUZubyx*lM!RKtc1eo`Y7r(*X8Ky|b0*vya4AsxO5r6nNe zm)heOP~v;bkkhqb`i_2F`S~6|5}Y4(;Y)lb5=ti(FE!{@YA9{NIdROrs;PlF7}lAg zkThj7M19}41x$I}A_YTJV}{22%61wsGa>dm8n+m=6Ub3;ss@llWsK)C1&DL*?jEEa zGLmD8zND<1%C%-K)0Ug!9)`t#8fozJCKP!%rFXIfpH3EUd;Du!b}^ElRG(t0N)xC)mxVix0ogxK3sm_9;<1O6-T?ONZxCmfn}1KSgRA0C~MqWGWul~+gr3+1W* zn>TM>Ui9}n^ZxHW)JLsIpLF+KpP#~4yxGJ8K1;&oeDl(i)v0aum^)myG5(;G(bz-l zU-TiC?1SShOI4;%x#L1zgLSi;hV6{#&zw*TxC!r*A1C|-G10Z~x`qKnJ4@V%7@RjN zH#aLpE4x|FS)7L-dG`ttk^;nWEl&1&vVx>f$DX_S;+-)?h4md^+{4Fx(=&g=oUd49 zkWo9vOrt7kIpG-wBf?{1#WXG0mvr?MGo67be0j3Q+GH{uB)c`hT{%P4P7yu@;h}q~ zJI2I)-LLRDkENs#Te(7^mqPHFeG;GTlf~yX={{<6HFf<6|Ci^NH6(lTuHvn|I6?E$ z_tOooKbq{{P`!QjFjl1lr?QCJC~)DJ_jj(2&s`oDA09vrG!@E2e%e`x$xV_TE!JbV z39l6182yW|{YQ5DkK`n`G#Ax*(Gs_P7^1Ax|dzD~XvPLMIa6PcZB6*yOowDOVo~hW{@p6l(<+AVZym#9hS*qD= z^Q&GSF9-b9xu@4~>p^G14rXa&T#ueLIDYKV_IZhhrl+^7pC+!Y&F|~XEYV3p%Qw)G zP)bn4_;yZF37Yer{<#C^jbH7=ABBHr0rDxuDQ<#({fI|P)#Qij`Q3l5H!kcC*6wL& ze;^#ib}-|C-FQEEiOCs`Abg~Uthm0RGC_|Z#=5nS|*PIPdUT!CPe>5M-a;Wa~ zmZ$!mvxzgB(zd>s`j}-#YewAAZz&fScas1#AzlJ(PSs{p;GUarVmmMfd~gTzfY7hD zXTOYctB%|~_N4|#?&Ee7>J-)tBn@8P#^$E(-rkJHR&Di&glg2r^E;+V{O;i?XE92F z=HCo&l)AgS;V%+!u!!)jto*@oLPD*N2c7#Dsizyw4`;Jys*Q{D(c92Y(l|6}R+I0I z7G#O>o=>(%&6)u{YrpWo;GyT|w~fDlcVusXKMEoM?5VXni}b&>c6vj)R)>QgiUO*pyfYXf%r!-;$pJW6aEy@4kDuW<0|JnVs6oza z?AMusVTJ-R1DcrPs;tavsiA2MILCr!S&a(CxzH)xWE7HfpoXkgmycc zeqv&;#5zRuRuh{%T1z)PUFWyXn2qr&E$CvJUQ8;M5*p$E@EmslUV zWxx8Fym2gN&C5g6w|4BxR2d9~CG|)YlJ|B@Ia_%|yBpg6w^Lxc-Ppy|z!}}s;(PR8 z^{`bX{Q#1%pu0{HX5^a@p5W;G6koT?>1yDG93|7UFxEE9ZvOD>Ax}5UtSqi;gPwr1 zf!*WMb!LOp+N|w`@p7L@v9Vi0)>(YXzqv4))Gie=l0-cR&-k{P?gwx;c#*WS5=t7i zgSl zH9L$q16agsLjt`M3R!)b9-J=KEle+LD0 z>jf6EdW1MeDml8PCY?%4j?pD8CDJfjVx$P7NJvYGG($!sC5?hK zNK5_R^Yi_k^NYVYJBM?&=Xq|v?(5$Bo^TEzAEXO@TNP_>Vh6$4C%^4)Q3Rt{z64O0 zQWkQMe9}BARp==e_qJ1OTO#_9m=frtsjT`-+?{xvDBDnE_u_#?jus3j{~b z&-l{Ig{<6P?TNUbRPwY!uZ_pwCAD(8Fey1%jUhR^l(FOHC5VO=^}Qd!bD+6LLfom3 ztOA?2RwVKyeLn?VF-qYAANg$4!Yzt$0uJy#?~%TU8SnKUtFc2(E6d5=GfHvY||bY}$= zG{?T$`-4zMn?@qWt7fV>JNcF`ZFzt$D)ZU60gM5cqV_ROF^L=#SQG-&rT7KMrMr+pWJ zGXO(*l$pf+X#+e-s_wJi4NiggbR73l<|*FENiz)PS3~UecfL3ItSnh}Kl`hMF*CFzI(?7><3 zvHZP_K8u3iV@V#i=r|$YG3DRh@tWd(JdDQg2U)*dLen`botZ5BWzhP!Kmzyg-VLNoDb9PYpLE53h>y=$CR+A)G#lLfEa_(bC=&H z9MCjj7&5s%kvk;0meWFjAB;w2xnRr^Zlu!A+?8wfGLHp(oM_@Lg(_k*gSm z;*{GE7CK00G}dH-q~!9CyJ4Md1p!hPSXwC*lHeV#^~h474y6D$>#rV^G^qMY1koRm zj1i*aTe?YHcb@^@*`(i`dtJS3-l1M}F2!}C_m(-B?(KWO$?L|+g-$16caveHSU}Qn zc^};Oa)20IG6$NhzOJuwLf2K9254-Mc2ygj&2`+o5Rmf_rN!n)m2VnY?c_{Pm|Gw8 z@>LrS+=)u4a?=D6t9{ey6^6yMs8CzI<#Sk(m|mxZ!6wWnO2_Mb-qhC6X;-NBQk`sf zrQA9o&323_&eVi%7PW^RHctDVivNAlv_JgC*9tG7ALtkjB8Y*$PcKP2!+34nRBLm< zDdtScWatnZz8DlH^aP_KylONE4!m9)DyXai#)McTVr!p3e{o1Y81=d)Z6tZt8I)#d zFiN%wleKJ`E{Hp`xAsCp7;nVB0oUH7w-9dA4M&-s!>M2T?vXH>qGW|i^;a#|vVLJK zA^yUQui;}&({U61RP(n*QmYtMeIJyTDct({d#i!eHLb^sv03ANtcyaP2pmE> zTHAX4?U_ODfH12K+W)cw2n(T9I*=7i&HJ?q0@u5l`wEfFYc*PH%b!2BhOQ;%DVrt9 zeQWx=_epy`3YgbZK<1L;F=@;omu31Fk6pt-((i(e&%6bt9$~1f`MD;Tn0eaFFC$Po z8%hN3KV@URFG90T4bE^htqO7=zSr!;2#owePMxcLoK}LerHHa?>Kw#Yz~XsG_;;og zJN@4oQG)HqSLs1_plS$-(voZ0GzEAL<|k$9A%;uzyID?3crANem8+NOb7Q~Yht>~tl4-$PSuT)!GW1*_3 zF9eK$j@iB1(R}@VydzsGnso0Ab5%(Q1u^=`1V%bsSo8rYbC1@GCjI_0GPswL-1Sgg zi3VQn`CR3Lo0~$0m0wjJv`7z#jMmm$_?M;Ly1dhOdN-nw`cSL}{ywUs$D0;viR5%{ z$o=u#<3M4R)Cn;U_Kimod{ARFanHr~AkzOUdx@FjF|z29q?bE28fDT%l{9~*vzul+ z1lY=`U;)F2A4jGptb}W&ji+DQO}tx4%>PSIJEW}(v3d1gR+)$kua^yQqJnFhLncJC z3YKsspzFo@+KR#2K!}+qF1=+)AJgK=M{%HpaUXfs-So<5elD-Sd5XftBqFUWJGu4) zfhftLAaRddJK~6iGXBHIiteruwU}&eJ0Cr(Ln# zr(wM;@Fqg^;-gajhjxzNzXoYLA~*^m#oraPf-AG}SDgKs@0m1{QYXFSItUWeA#P~b1R`|1uKtu^@= zXuzfBeuv`L>reGQOXzs;R3$4jx2oqUdxgj9TY=|1>iM~`v1&P%um7A~a_UTuzPj&g z82*=RP~X5-CeK(ZD=9fL)B5WL)x}VrO|3yUZ?XdZ=cVh9EM?sEgVOzh-OFLV2$X%jK{5Ire`Z`jeOYgquWN2)l7mnejYU^UQ1bGqR?+-Ei$6k+xw^Iw( z$v^u)<1i@Vf43+)*{n>v`-NH|CC~TjxvcrZImCxWI)Nn3+lUtIY_=9Q*?=MtfFimq zABAH-GaF-ok*}JO#Nbl8QrQm#IpKhEaiZ;+SFs!dnI=A@yVX-6ZW9ho>Hdk$gEk*k zZH>c8UECCn7M)#6Ta!&VKxoql>|%}W8Amb=MQpm|d|EeQQ+|_uGKc4v|MukSs*;(U#|~y-8BFRaz|oL1AGEa8}rzDo0mT z-80P}Hem|IB>hIF9zzpHewJ(LF(haoIKteYs`=y|vMQu5l@KkTJO_uysK2Y5sU1gTU{yls#8P!j_;yx^H{-~e`>h@4*>Rz`1_IN- z#*QTl?ik=7D?ExoeZhw3MNwwnz$-cOiz0DbhkD*$V^X+a(!rpBdI0qd&-~fWtSF|=+vNR$ z>51Sef6Oqo(B*1d6_vPZ^P&@qLq*&R}^8q(3E{{J61o#jtv`CXWnbt&X82C!xqL?wqkml9e>aO=u=V6i_O>l%;&VBr4 z)W}12kV>f$uQ8?i?A7d-)*Op)8Rx~*KX;y$yzcS~&3=*yDN;;JSwm5X*SOX73qzBK5Jg=>;f?f=d-t&FK~^IX?h zeNbm&Q&}}=ODzyrXVN=8Tb(jsxk(@Tn?e7H@X9OjA-fOHy zJfpnV)f356QGYe+5b`7(yXHoH9z|}rHN=44Vyv)r%Nr2d%FxUer^}>#>VS;Z(p8kY zXIewRXvo+3*1s<^gU3}DRJ@y_KCV7G@L*ls=g*dZ%Qs}g8IRdXK|+l6niseEkX6-n zukqIPVefB~^rj?DGTvf>&w1s-{KBlT=5>=|g;fLbu|0lOO6;H*H=-K&&((WOMNY=} z&-#_N(xZppycx)(ihHI3H67#%ZCLBx?~fbwMT&ZeP@S|~bXe!uFigwGW=?9GE2$aX zxM-w+^6HH@#tfj6)@}d({O&Yqv~{iD?88gd%G{z0#rN=jE?r+?6#LX6F8=ihy=dnV zQn=^0BH~pX&TWRGA3ut~Vzc#`lT)dZUZ6Xt-zTSe-d;PXc$1a;!&It?6avld*w!4T zS6Cg9pRCqtk~IGD(ckce4yGkRY)A(aZcIlwVJ>x8uR^xV2$?lhp$pgORR-r71*qUqvPnRX3?W2Ejxh z9)Ddo@yV>PJvP~r6NS{ADBw{lV|3ah^)bcRn9i2QKIh>k29i|{<6K`S3N<-s)%%Ky zavNeB(W`Z_X2Ic+ghw;n>M|34qMiy!0hd2gaw*o=D?WB#c~V?nPHa4nx}U`Kmj0>c zO27jlC^Nc0J&QJaW$FDVU3|4R4?-X)&S@MKdWv66s1h4jR51QsteRg9FR$?F7Jotx z9QA`oscNK9if(JNocd$-%o&^XdU29f^3fhJagh*QRrTu|M&%%8k<|-S2#cfR7tnjj zrreF?X#Txx_xgPuSp>W7RKHiv*R!L|=p!Fx{~(gQncCT+q^h;?YS*Upkzh2Rsi+4p z6$DtFGkMG$87SnzGafLg9uc`0ecNkFb9@cJ^S}lDA&JL$G}e*@ zT$1c>xz=@#p(hhm#ta8HR?lcfXvnj-YD`vtJs;f@fmt&L?VYM#>`n3)#7z!EO($8y zbYD>uFWakn!q9LIBq*&`r{Y6d7Xa;5uBnhG{Gww#GU{u`%M@wHlo&&xa9SU#BX(BFChQ%X1R)Vyn`@DG-Ve)uL#w4wUHS|4WKvhcE-zXp*{WnKmx7FVL zVC6XBK}(Tuo!jT{^XXFxJP|9Eap75`rIzZwY(opPDM&Sog%QBU1!K|8jVX8<%BExc?M4$;$RPNpMklx9#~mS_F2?oD9Tm zTI>ko(!F1g>*Ki)4~#llk94D^hm^znaXk?{-pT7HNoH==_aN!tdbM)9-4_1d2pIfT zv)WG)oNht^brkk4XdhK6WI#L zuJLLJ&_DyEM2+fA=%VHG=Xf-OwQ1CnS+>X`pf;J-Net?D;$2X_tG0GD6A2d<`P`8$ zBik`GEA*1KWkNJ&S*7YaWV+l5&0dEU1))WY(=Wg6K!L5~W#1XNS;vN_NJ}Q4d)m(3 zF1#s^m$Hh8aW=_bH)Sa;E9nj`H1=Zae^-7YGA{DDAXSXo?Ch%Mm#I!TmZd_omqqSU zJf2tYuKh2`*N0>B5TP&KSCka#CyDg7O4SA~51|6ubDwWMbTH+OxG>K%!G>%;ExOjj zSF_{-yojR1?;*7|B0?1}j{IjGB%jh333HRLzTV^%{4se`K5xfMj4J9~iKa*mA=vm) zWJIJs`}KSB^pCzK3A6 zHK&hIc2X+e*3Fg!J`%I_c~=)tQOF8?iESYX*g=Qe!75J!a)x4dTj&#mTc1b^E*2Xgwtr)~NUA_2q&MSA-*=!s5TQX|^r_+H#46>INv!fff! zxzgDV#?K}w0)zV>ls(IfBoHOb&CYDgCY%_9xjeU=i=hM%=*XAEXs}S4Wu_ z)F4nQRoPJQtNXL?zBOkkih?(C1>b&Bny7?dQG2gANf3biogqSpvoj5Q&RfNu<83?_ zzYJ7^RC~8hji5*D2z=j!?pLSzSC`GF`}`-?-U$Y?TwJDUf*TLkV|%gY6HiX>{c$|c!~ z5m zjT|!fXDqIGiKXsr=kX||4{qCR^O$!wA1z$(^Y4ZEQdlK?J<)8{&m8eR7jV1!feuFr zerBpHlKAd@v^?hP*0FZ=6I^T^&%41<-=0ey!t4wWc!gw;3)z0g)ciW}c*hk>L6%c{ zGB}{xyd71bfNWqum&9VC(Qvu1foJAKcACSpT@u1$MzNY+fvH?5S0EDQ3XQp|0}%qf z_-n#05Jrf>H)ukg2vX{snYhksUd{ao*l$0>r=2`!tT69+^(@c6b6`FKW&6RJ;^C2E zD|R!HoGM_-->5MVoX%@5zUo!u!{>K$PatTq`Xw$!UKURl5bu=ej827yZ>+f&}XNMOt*{4)=~lYL}RSw&T!J8OSIx4)}7 zgas(08d3snR;)&^d-Tw{#6s+<9tAJ?A>HvrVsM{6!TeZ{YBz`)AG)y zB`q{hL@?}lwO&k;-Y4ad4mc}T1qUMktlfC?x~+>)B@s>RFlDG4p})qz_)L;Fmy0X8 z0|bn@)^4y`7_RAWGK(CNtELI*AFtlCGV3p{h9iGB&ixUhYkj`T;_VKz@NgDYUA2;Qm?toZ#W@2FMj;!&zk+bFXH2dav<_CD} zmY)GZpV}V(9m9=xem}{=>{Srzo>^;3;=}Gqoz8hWY#mH%u={qYE(n%im~__6e|4*) zQ=y!EhA$lJVmHzG_E*1InZMB5HF^N;x0Sc8q7`jtLdokLAJNpPRCSv#@||fQEnUZ1 zME3^=M=M>w#3d$9-@1YAU-hZkZF0N{$l~vq=$s^K`NrqnU62$_+IKdA9GiKfW#3-r ze@f(btX84hTz&z!;#;Fz`s}vVo=B0e&{c-lb-TJ48%_xGenTYP_e2REPP*yWdLXB_ z<;Dnsg1Dx;l6hYh)03o9Rr-x6I3pR16`T(V;6?mT@d3#&;shW$NxGmXfIcu1bj@k# zg#n9GP{`oxz3e&n^$n#r*(9$5zi?u4K{N|`Pp20It41&`cKFe5M!lMT4}HK!xUNoX zO;eurjS%ICorC5>``l>Rcqo%ly*>>)xUzUTR_G~kio*ZR6*PFu&LDRMI ziTT0e>PAeuaCMyj2kTU9dIBGmeOTGCk3$kq)bGnQ&^||ucKe}&AzV1V+Kgr!W@YTJ~m9Xc6?|D^DUACr5jU;3_*U@ zwn`@-8s8cZo(4AnwT;7&K1Vcx3-y`Hq8g0m!fPdTPp6nS_uF!R2y)6!)Mh3J9qA4O zqh$(P-lhcd+bqP4iThm$Gu7 zx9w!qbMn#fAh8x%sQDrov#UorYw;FHtTwZM~#t?g}y_aJflo;_%r*xtsxqCN-WFS|*P#J*)M`vbPSC1z&tYbb^p zic^#$OcO8Sd+J^v37jV)m%7E~+kg188`01>M!y>|7yJG-KXx3}sMU2t@f3dh&gcy& z!6q!j=2x{ak4m1;?tx$2( zCz0$Uke<2qs;%?lB#%mTBQ9C_ZH0yhI zGO6Mz@t@bNjcrB9b204?-L~7KGU5a|{hUPyQpJCo`tX9#a!tBh{N9fyG`L>StD;pL zjim|&=qkQjDgFhJD{q+{U=68YGANS0v1nr*N28(4B*uZiud44U;%bA>%&@Q1(-cYZ zp7Z}&+V14^_|U*~fZwt-!~lvJMy0#js9`Gm7W-<}_Omn0dpGU)Y;=v@JfoD+{}J9x z3OTr+{w~1+V|1HygkQBg#j91_OH8WEs})yy(MzHLLKPn0&fe5PJD@vZmljg<8iWd% zx;ti2V*B-lF@rUXRbR+h1XeQ~)Tz~2RL+<`+rYGmUKJJ-#N$?tiDt5+Msh(xu&5d( zOv_`4emH^T>GTTH07ISex_au`j^|h|^eGXjkkpnIDsXAA4_^&{?7s(Rpy@yCXc37+L&<5Q);y|$PW?omKj*J@|B`TPI5%t^ ziA`o%-#OQW2Sv^ZkpEEv|Tu_<(po}4%z?8jDnntEFfI%?IUzn3+=CY@>wp5<67Olf7QRe<7m3P4_!4Xb$@by&yu!p*1LXkTZt@dcPnQg8tf5%i$ z?qKGeW%-CAaY^r~OuBMJ<=Na`#0D+o;4?K0)H%&Bm6Bv7f2N-(Z%zVO-6uN0Hn&;AlS3-x%uWkbSDdu$5#C-czdbzeGFe#IpavK)&5 zp(F&3KuUQj^`Mf#!Wv1dXuF4umC}N@DUx?{87GIEB&Y8Nb@&bcZX>k~N&pV2)>e;u z$@KR-nndCS0Vt_ZB2DsK%RqUiWnSXk83&Qj?3t%J;TDjP}O$Fl=!{SQ(1?q^Iz@8f{%^FL47 z{8IS0D>*kPfpS~Pfh!>xj=&xpfp?a#qm!!S6|v?Mpr`eU0?y@o2ELl@>+c@ zwf&h9g$p}TU~EqI^d%5O~XqE{}MMm`kJAZk-Uq321} z*Q03E-j~5^dW7gHRV8^8^>Wno!Vx#(Q+S)8NOzX9YfxdoJi2w1|y#+Uxo}h+{nMiFLMobP$v}3z3OI3`CLT-W={m99S9a-PF^(;KPWgz zj2)u60bY(?f5XdkhIB2D{*SKh>EmpHC|0M=kGAmKNXGLm)RTqh=i);!{8UYneJX2+ z`Q*#bgS5-)6wW;hV>0{#ZB0oYW#iShr-v-kp%L7kOG8cRKg2-K!-5d5yvMuu7dVcU zA8h{aoRst6uXi(w`x!0{YaHoUiNJ1i9WCG<779G<7@-A4IYCauBSn1@pj}8u=LxD% zqH(JCQ_iSbQRJPaKwTQyli#8!Gw4`!j_0yTJ>#d`)-LPo{b>emQMb-I4MzlA6@V2F z;&(4@EQIXHunol{gxY;Xsmxx*drg~k&4g8nQf(FOC3)3+`}Uxz`B~d$RJD7|7yA~! z18K>&Nw2K5J@5m>PC@yOqVK#_;W$jRYc{|S+kG|uG;;CF%v3BMone_qZ11y814{}0 z6YIBcI%s-PaMY(XslNskve+CtV9y=&oja7|^qIVMF9c9+ zF_^?Vd=tZ6spt3^2Nm}}HBi^_x-<+5i%gqkKCm^%JOPslS_GU2F%>%*w>)c3pSug| zR6;0WsH?BXCi5@dq_6d8TlX68>{SK$+;s(;Z;Mev-dZI2KAFaO6M$>BO{& zwGIH-rvjYkE?^LvQl8n{%im>;bv5hy-MK+3I%yW2`P;rTZ)UD2*PZeF^ohY!#`QqX zOxJq3a~|22C#Z;I)SuxB|AxQl0tL7RVX-i)qOO&aw$Xc!cg44Si-$Uq#Xoq}pS|>V zb_6Rc67c6Wqcuk{4?a4fyqfj5Tx!?s$rEVIx^I++r-t1Wh?5EAvEC?7@(%~7TTBpE zeccF(Zh*tI8eK?;wsJ&-YfI>Z7G8wN;a^-%(Q(l1dsIcTH-KCJQ=^wM09s)~QS)Z) z4M9%kBju-LYFzf|JSyM`=KiH{z~1*ij>U|BUtw&ay1F!^Pe#jSnus1!CP^(>*UXMi zM_lxf&wjNAI<+iWS9(*Ws6P+DEttO6Y z9MsbRM1p3Hhpaa2bsAme!bINhbVzKh8jB>#zo`hdjsn$_Z8*ou_U3NkEkB6_f%yH1 z&nL^52e*vqSMONFDi-3EkUqyC3DGHxCAI)1hwnm8Iyr34hb0;O1rGm9DKbWT>1fQ3 z9IKFg#U0-Sgzo^UG#*DP%@&lgU>E2lJoJ!f-$CBnK~e7UHP#Izhoefys{s~ML}*cV z3|WO&8HF8#zMA!`s>+30BzuREoDGu7x5nHA_PMss!y|-@zvT!oxNlxoWMDvrge07k zk%4>;p?e)LSq=Om(MpR}0MU+3TDJ~gG<$lJF%Z6D^J8Kul-cy|&}&Htddc+SIGWme z*+=RdWn+zSxkAa}@}sSd9ie}DoX7gJFBmu*s9WvEI#hAC40 zAO__^ih@`t>3JJ_deZ%GDf?ajR&B`(xFs9(C7J~BrI%~n&xQteoNwX-WfgjrB-r^h zzYu4wDt!TKwG|Y3cmaH9(}Wx>JNd;ZaKzUS95>_wmF`XeVtuT^TMA6k66|?!1l7YV zd=I;DBJ*3FCxdr>^X?x*&9HiidU~g|3KqHzY)u6x9C!9==XIdt40UvWJdz)=B_!bv zcC(BBw%n-NFxjK9O4F47JvPZIF*}%;BL@HU`~@VPg92Q3(0+w z%#{fM2(T~S1p-p>F5z|62Y727I-QXb(?BrVPiNju0_03jh35t|cy!)pneatm6&20; zStC7p855J1EP+u;o#`r(Uq90=vnqlZX=1jwn(~tC2@2#V7$xQh<@I8l0$vPv@^gn@ z&zYWAa&8I(8`)W*tn|4W-C3w;AVZnzRVKi$e}wZyleSlomHuM_v-QL~xbBQ%QtPCU z^=h$inat@}hI2KE&ma2bdg=UbRNWpDa6n8POL0Ivm)Xn%)^1Ai9p^`sm8SW{Dy$0S z2gU})=oz(Lk3?opi2t?$952`ZBa$AADX$CiWv_{YYu5mh!JGgvv}^cDVKpI|)2$($ z>>;8E4%h29uQ%UvTWw)?9Gz0OtGL=cy-3#ppvp*znw4Z}&d^Ic{DG|wKP{jsfOuM4 zX|y__>g!NVK%&h{pS}}V#P*WZ=jEklm$ApI*HhTT47VL+ABS73l}Xnnyror=Hr$LR zaHt?8Si{v=z$z8cqDHI;OTXo|f_Wom-`dP&^kzzeWYwo*Y?adWP>Y_E21x3+l@opA<d9X)F-%p4b;a>X|sR@Bi`hRIM=#axg(}6s1$}1KG>YEIFg<~j8!cp%atCb4H zc?xh~A?V#?uq3JR&p69{NR)kX%{yL=_HV!XQBA3fk383r)roj8SIZEV7;MfLy=XrM zBI$Z3&I{+^y9ag}B+kwby;+A(@+R>KZr!Rb?)_d{UM)Tu6D{Mt$}_k|^R~JGz3%Zv zqpq2J(rR`m62`E;CJ)gM`)aMU>ISd2NXKQ>aL4Jx$B5f5P3Mq!MUt%My+ySduicq; zWLezZ-q)Q~MeFfhk3(=l0A-~i&ggg}4_j~_)ZRpqo2Thf$Y*>UTbus9N65&$O2^1* z=UOSp$Q)cN7WlH0u|2+6N_rI@3Ndz=YP&PQyE^zDJ3*k1#=N}Vp|>U5x*Vk zB`wta^!s>0Ye`?Fj20^K*Q+VBaYV!AiGZVC8{ePmh^PqGz|5ZapTC;3YK@8?F?4U9 z^&7hXe8M+B)Tb=3Pclj$v2Uq4V9ADbEooSlqZ9oa~{a}cJ=Y0>hu`t zhPo%PzmkHb1V^@rsP29A`Sw}6`pOiLPp~SG@1t@Im|s)6ljBFQPgdryt7ZJbMN+T7 z=mMra`POtXbPmgkfR`p$J$0ORubEZk{B+Snd+7gSWh~o3@MHB&PbxcTbUcR)>K>ns zdUtAcx1Z4Go&yt*EoD%tn|;T-3)YL{c$rh8TTZq8-b!~)=ZuQ9HCjk*#pshuY?Y9u zjnODwsE|yFZ3>(tTd9T>En4rs!&Jm)@=~+ZkTox!*IOT#!HQD>iO!(#4@m=@Z;rmK zIE0rJkWAst>;|ti&i%Gt>AmsUm=JyYeer>}rl0$?g7g{Y(r8c?1}d0ney3fZl>Bbz zhLate2}p@N84{{e_{9SWmjwE+BHs5ky|@iPPE z;0$v<)V(mrs5nmNLj>AhNY0B$sqmIshYe|Ixd$qVx9*(=O(iwrLo`@k_Y|J?A#4fwQwq5DAtQ5WbOrDdR$>0e)!r z%`(^uL|&t1w_9=`?pw}K0+Qcr1=gB9W9xzWl+^U`l{W)7U7aL>VL;F6XPJohM{9|U z88m&UB1`DV&Gtu=yWeGJ@m1)Plzj0My=63BS?*R!?rA z!?BU^WV8uiLIB!PWMZBbdJmClkwpXZCL=rj8*)Y0dNL|YjBc78G2&y24(7D+Y)_rf!T1wq2h~91Wr)LWfQiYuBp%*>7z$Qlj5+%V`t% z1w3EkJ0hs35f+Oe)$dPFOfoU(%@el>@!0^Xp6`v|W}1vY4Vui^N9Q(@HPJ?WUNyfz zaIp;+U=!wP#3-g15lg&`lW zgqAyb;3iaPG$RcssQZ{hOy6h6;DriTZl$hNr>~2^vGafT#Q6*+ZNR*Rw#l+a-`q?? zC1ylqf$-x39-Zf;Zbjk*dWocm1%#TYQcz?3E+&enK*$)<+ z{SaG|v}Rv?LQr(OFavqx@-nEb9n;GgK(SPJv)8?#<@WkWySr~4&lG2?U#rd}>U@lD zxNb`p@Vc?l0-F`KW635+mr>iUQ9^ws^}B`lJw}qHce|%*MX6NHq!)k^GiSos0}a~W zw41BPKxLGMdSx%hIp^D#@aM;+ATgLne(HF=$Gwi3;hw|H92-&n2Gn>pKdHr*#W%0+ zFzT*PLad&`yAPIMVNX`USK+rc!A<`0d4(U$(x{`NKD!~v#vFMvv+a#En>Am3V7dxC z6#Exl^+JGv-(yv62vOgT>;6U-!B{MPTNfyw>{0=T3JZvTZHWaAe#GOuQ=E}$bp6I965t*GFIOnmU3Ii zy5qQvo`-A+X60QMH{4GBRkQNP*P>0b@&=+YX3a|`qHmK*ijpK8gdot~a_cOMJ5hO* z%%OM0%7iPjfn>KhS-CT6fbTzZ&J~L5{Q~F3U%_$8s`iKhp4aR?%_YFk$E~dE&(2_+ zvH0ND>YoL1#hb_oji4atRriPFX(^zs*#_Nn>`I$yQPIXC+eAh&-$?dj!dA;qehy$F z8J=wQ#_eu(Z$@cZsVWe(Y=6iYctQe>xnYc=>$nI?!p;;G6-i80CHIh!tj3@JW$c&U z^!$f?3xxtC7qmc}SL}`z&H-PHXw>wcf z=1<8i{&<5wnY7pr)t^Oa9F4zAAFy`IcNMPrs%?C7qxI}(&=maPR?&17;o*tRTzZk@ z4AQKL?jM$=0hCLT#Y2?|+Q5y0h=l8F-=;WdkB0C6UN_s4@h6wi2ryv+*-wcKW!cJZ zI{>%KUFQs7#h2WhP$AZrKZ3dAUc`JW!p8Il{SaNOdM35BCM5_NQ-d7TEPQ#DAuEnb zFXr&8elwRhv9TI~_0#W1S}npoN7Y3%jpRbevr~($XmYppQYhEy>4>hmeH@!zW{&dz zNnjMNxdQTDQyZ7hm{R?=-bEKm*xBC-yxmCmN2hxR%&n9$N=7FtB3QGRC!tWxc!1vU z+6DOOhk4ARAlO&GeGxc;kfYE$!*mw0H;Lf22@Lqnjs3ZwpGm zKqub*#pdo(2t}^a)RAo0SgzXa0Q{i}%L4>lgSTdd0o@+0Ax1lU7nUd^xfD@*~h0_iJbtipS=$&5;J^ zZ@L3IA1!5wvk%oDYZ~; z8B62fizxa2Mbi@-1B|e+=(5wbD&(L;w#1wx5M%?QPmet%;DbDj7 z>L3r4c2r7i!xUD(?tP)#9;$POMPU2Ac%7Up^&y@@tU|E>O$vantt#}pa>^W(0$=ji ze^TkB0(jA_Y&7Ox4hPilMGGwwT5Es{!IgasfESsHE!ugEGdP-W64ot&r4n3xyxqyE zcKe-|)6oZB@^`nhf*MrPT>dFfS?D>86~-^fTGOTlg~bpxWK`ISmI5@}r!83PkY*Z~ z?Mfo1R(DI(8{l?xN9F%Wi4g%12I}gc5;Y)7YVpDaI!W<=s_R7wz|gseM^iXQ#1!gS z4F6Rrb$N&7o}#ih**B*R2#K+nWcIT%x1O8pB>O-V*clB1-vJ0@%9v;;bo^FEh@gHr zik&sp5JgXWenMvU_$83^7j}SHs3MrNC#F54CspWGVvCXWt$rt!?Bz>r? z=;&)?7G=TNUKe*u-SyqzgF#(v9EEbQ(;eAX>naGsfQPviQVdG=pUBhie^GhgqkiP> zLGm-vY71mM>dX7|OF7!}>mx!D7<;6XvFN;?FaNOx*Q3hMoW%VMdnI@37w?HuJp1BI zr0^4Z}x{92scW$K(m zAMC%^mP>eQHV%)BFkzk;@Y>wQ8n62 z!^taq$NTNYBBhlcN5lkoOnfD3B+vf0fKQ=-I4HYdoEgUfC?f!>rk_4hL>Q{;2A1Q4 zP+e?;3Ceydl~37@`4KM!&53?Q7l0M6tL=yT9YwTGAOO%l~KB2w-3DzbUaj&NP`2pie$)0a&7Y zv||t)q{W7VwEC1b1#r*@3qED?SyafmXz*VDNtNSMm}!T)h2Qzq&nGiz)-^K__II3nGgYgTnpKvdzBMAxEr48I4x+26Y3mMVG86IHhL_Y9L=lM_>#sAa- z*JXFnJ-PR_d7-oWLa(SNqO*4_w~$&y=*tKipe~a?>#uidvuXC}7@D+G5V8b%exCJL zcvfx$4Jt-@VJ>L(y`L3Qd%tC<+-^uhjQ(2xyBr;mKd6e;-|d5gfflQ z?I#1T{?N2|iZcd~R9IC2{YTTh^WVGE?quDQhbk0@mDqZ6Bf9FgssiltlGZm_9x>1L zss-GxbdqP?G5d@kw>qR~tsre($huVFil}cK_U8Y0C91%10Avc@=FUIyP$Y`hsVqwN zu3=Ga|4zvyofVPeNvCV@G>n6*?V+ZWU|LZ`=S zIvHAN1@fTdUNZ3*S7S$p8^`kh6S=ll+#7s48?M21LBtTMIO@B(vHbme?k@Z3hTFDO zxZw$lva2!KXyL1+L1bJFisoos*$z>~4?@32zcztK-lP_oL*$x%4;SIy_e1n@IGcVZ zK1ijCC(O*w-XxpQ^1|ED`S(@ifU!V@X}`&91s-20>=AB&kNLyL%CldDzHbs3d zy5&htwnAjY?g=m`GI1{8y{1`z@bQoKXzUXrbbW=Z@X=wxTVLANqnLmymrh5vuAX6& zX$n`3>9PNja3-9D_vR}yhvL5Q^&@?C#s{SzlP#X0Y~FiT?fwLoVy0PnDBTT|o(1Q6 zEMZ(8I`SxRNI=L>04{I3!m6z*Z+2}o>851`1^s|D|94@VgSSe~#>tUs>U0nQZWz%8 z?HwKG6&S{ntK)QPF$bsRYb~1}fY)=skN=FPRW5jgM{93$>rDNFt25j);JwwSU(2jS zcJ)6v9%D3I9nmU{!L$d>I#Uq@r>p>f4_p>zoCZAj>`P2#Jv7LOHROp z(TBF(_#SbX=iuyU<+b`C_AeTi)FY^eFaf+sJ!2cO-Jb$C%_!7gvT%Q^GB$V!)Go8ZGRvBr@HPqsw&g- znZqL7c?|INq&&-8@aY^T1DCP>TYa)|adnzTl*@Jvp{h@;S=W(3)$+$UEC$o^if-Y3 zl0#K!Qlr)T+3C4B63uO+dyEOq6NvjzZ^-uRQ~@d3+rhH>Ylo|4lW!9M>!I_%L$E+}7N){qEmNBDeu)Gs?aSxq zTK5M#Zvh<5x@0U7c+ZoH0@f6qB71Kyb| zQ=QQ|e|Fzlzy-xyQZENDzXP)``pHNt zzkkO922`1t2Fl=`Cr&Lik;>t_w!KjGX>SDawk4`V(3c~&fs}*-dP+O76@VX57 z9-6mqR%pR?n)sIka67_!Y7697y5CFxH7|+XfB8UyXQ%&jF0e%U7Np-Xi|%zzVo#W_D|lS)2~JH& z)M6L>3>>j`aBvVdR``HZNMUGkLT0Uz1Y$J@NwwZs7E6bH0bd@cNM9`_M&`Y}B}X7MNNFE@b*sl?f|B zNrCH0Fw)_m*iK!{dGGW10X*VmNKDg1PTMML%}n1v;fcO`;GFy(r$eFHznlN0@!Rb5 zE=pe@?fQuaMra?IUXXRUk|Xp5&?-RLfpASWt)GlNKRasM(Z7t`Fz#_&5DQ8=5uI?m zUxlF@|0N6nAINdN)zpi<8Z0EK(|&gYf2{^s2l;=4iJ7_bfPc6)n1G16YuJ{ZCq5}4 zeiYyJ>3Mf^!s@CY%4M#>dRORhXsY9{J0Khz@@3bEtj1zOszO3u`1(x4;d99pxO?iK zOj`o5Wom+$@%i^E8F7M)9!-u;F8S?c_|@ktG32<{HQ(K6`JZawb}l%;5XJ0j@WtD$ zI;V5Z$F@b&?JD|HbO13b8k$RUotPNMe{8n`ZaF*8d3HF8RB5C*#L%|4Y#4 zzvNh9pY=li61x14bntHplfY{yp2@{$^S=cBUnTsXW%|EL_&;B;=-FqgtZsf7$#DGcuQ48*sk zuZa(uxo3wzk+sxASw0C)>#kK5TaK-)?9`hASMO{1!8DqNlYwRa~16 z4L&qwZD`ERuZy_28i`xF+17>d{Wv7K?j@yApLtyWZLfR_+k%0-A zJ73CJu^Vn5dAhT`q7zuVc^NxNb@d8gzWG$VgE!2!BArWZc*QNcE6y+8g2u=wj|eGW z9+El^_woobg~vv(;cfacDXjXPh}P=lv4i+dR@VH76$iA9x;!H+C(cvG)uk;<)gGyj zKp-p(87(i?47vf>Cu0kY@(dokS*LbCcu}zdMpyl2Aih5&NhK)mCQ!b{dp{E0w2xZr zWAC=gNxzVGBSFr(j=f2q5>&_CdybvzuJP_1>Et>1Gj&0}!MjtvL*p>^a1)!q21T5n z9Z>O|`-yAGrkzB5g|DUgW5(x}=Ia2vvgKj$+|QfVAy=DgilUQlSkyfo;Nx7B6Nt%n z?`1W~s*Z*)NwG-WXF@svw;tYcqvGSQJxJlVRFi{@9>4t0+kK+f8UiAfXZMG~*CBd1 z5CJY;e9iC=?7vS&@@N8m2#xadBZCqIE^cLy76%3PyF7QW_YbkjhPPa}>vp;pYoi$-gCJ@oY z0v4gr7oRGONhZD%J?`(J84lFe(~yWc=|C}DuZK&I4tHThMS&ZKKIJt=O>F{lEW_ckpcC>_K+jYX~jopA< z%UC>;2oL8U!a~|~Fw4vR>I5*i1Oq122NRrI1|o%Y{@jm%pY+^>V`P1#V|So-jq{>V zw+Ahl@W;)B$7>0r^8(kHL#KK!21Ld7&JEW;@&k*Lcj}T>JhkPg3gUjJBM)nd)`VG+ z(@A@YQ{H+molQ@~Xh$f`8dU>^p04CSq~t`<43oimGjxd&qW*FdY}eBcugBeNZzPEb zD4Xi2%W&p5DSj0`ZFJ*yNnZ4mqW~rbp}qjfkHmzboST1=c)H0fU)_!vnV3HA)o#?$m33%V92oCPX3ET~a>i5d0bO~yQ`g2^rJ%cv5II;%by-(e;d@!bbXpd3&66{_xl!JAAej?~S-_A*VtB;NI`!-~{V#J55ulIE1 zGc?upz@q?}!NEW)$W-iGcy-dA zkT-MHCECNzu6_MH>-FN7i^Q8R89oK=u1!msdev~Rk^+f#XjvV%bkk1WY;Q20M`Nb1;2#@)Zw}oLC+l+Dd&!4Hi z=m~;~&do(M#GBe{DOTm_(W93Ee?#p~t>Ao7lak8AhMh?hy6PzEa7-HxT>@>vkqwQf zcr@LXyU&m^zb_vY@rEV- zwVKl9y}B%R6Q@mbVA{X1mSZM^z8b! z_MFP%8t5ag3l3Y(CF^z=vY{5UIH8D751hWO&IXg{(RQy*REF-~@y%*jJre84LELO- zXjB;QGskl{78_b^Z$&ydMY&d8(ni-iku4@$RV%`h+TcEUY|FAk@Ky;dS)#x4hVD#+ zn|s5=fBgs&d2%NYRh)=>jIyWx(|`hw0RRwr@F0x09uJ$XkjIGkH_Bwu5Ih%iao3S$ zA4(srr);{k{mH~vgR>oyK~(Rgn~4bBx1F8zgIsX+>`zacWJXQj{uR4H5)qEgo#c6# zJur!JjP*121U>!Zs*g9xmiG=+g+xtPP;x<)O59xbMh76fsa7KS=KZ-&pxdXj9`_4I zOQ?O0d}e|wimUsblIQiv&`;x?SA!rKs0(+W^KV;y58h*3T7)+4KZ;Mn;;R<=-2IDP ze)O8XZHGys1HE{I3zpc{Kf<*=kboOXTg*$o3wfprK)QWiO1QuctCca{`CP&Ai-cuYI|rLl5ov|c4V&72%XfvhtBdu<87!yC~1YAxmRwBkkso$Jo!LY!x4 z$D1+YDZ}dSu{@+{$ENcVum>B_aHOU}u zepNmJ+uirn6s#y6E4A$``qRkJf&w)ut&}e@Y?^C5eM3K=Sl&Z#AE$eGesRE3ZtdI1 zLcKQ@Ovw*|!I-P<$x8UciQ3~;Iw8}kO(@sfvG?HH7Up)nM-TST)eE}`-_*9J1fH-C zDL+SP4zt=%z8~~kcougeShe6aG>)8y(J^GWFoI%;Xu@Jsr;Oiq8k~uhuQVv#2&>Bm zklI@ues*An<--S}R!NezXy|>!4>Y5`p6wGV+GSN7n_5z4yL&`o`FhU;WN}HnsXve$ zdC_2(3}pMEap?iKWQL+$zHoIU8_B=*6_tQYh$)3buJ17`Io*KeE^R0F++Fz-OYf~l z;P}gnK!5i8_R?@DV(=O??$3EN=9FV3Ba{X-7t}sJ2BB@ex0|lZGiefi%J*TJeY8KeLwFZ^$w9&>LF2_2tC3S) zC#5lT@hG2ez9WKC9t;jLLepK=hdjnhJ#}z`#!0}9FEa@-sEDAoJlSLii|vhrYOm9m z$4w-U8cTzW1B13l1_uf<;lOcaGUF`o^-!kO=Y7PgWFQPHf!os)wc%}HZXwaRj*i$y zYyl)-28V!1Wsu@RUK48+=3uDJF;}KdCNxIWR1E+3ax;!W&)0ln*}(A?BrM=mSEODx zZ%h(;G^KIv7_~8RUhLCrb`+WM>qN0`gxfsyVn{r$mahGq$FuR_EZpXVq^Y#^J= zCmuOwr{^;_?L(qX?#)aagR(gIvz`nW?=qA(n|UsRa|9s66Jd(HP1rBDpH+QZOGrDB z8uS_Ip||yv!`h93G-e4+q^yDCdao?NUDq4g!2zrJ+L5Ob*}B%rAL~urMDqOZ0yu@^ zMC{)eu3JZ*!HgYG*i6~~x82r2|djcq#*SfXbTyuBOk&TldY zZhrE6TmCSW;$E>Rx)(@M4@9Fe-gUzqbv4>xcS*i!_mca5-Rx(Qe5J|wlHfC%0;efa zK;^rYkV*-ja79RvPrg0&(E3AJ9*j=Gk59mZ-m^PSKZKr)u4WUVi+oi4N=J%#A5KKK z95qNBMaf(=lsG}P^4hin{%g(N@la-A$r^^AZ+JmwIE3n-bG!Nd-DUGqAFmjKg)`p) zGvj)*-Tt@NL)JycMFx3*R)rV-u))5*JBNii-ERM4QT?yqw1^3=7WR+&L#DW~d3%A9 znXgO*X1LH!m+FR}SC#zY$E6m{4+Kpy{ba^!EkyWI%BI8Q)Y-U7#LHgGY2P2?tz0d8 znRwm0rju!Bt67)cKW%E^Pm0#MHDKXzWozi{%YWmV?zCSK$1zj1UpP?m@G#jF*O3`o z|H@~(l>rK8Q{OGVWg8$Dt_FP~C11+>u$Mj~&Rgut6n-+_2kAc{egX1=TAp{2KlJ=; zM{l8>YP7fe(e075_d >{w$TXxp6LRxWfi+Ylc{*pI0og6a%$EZE}N2*lF*Xdzc? zIVOlR5QF4Nq@4j)n`00b?_bkY{uEW|q<2;0aI(#jV}h{nJ`|K{tg} z86s3b_5y*MrxcGTTHwL=Ff7j$Z0_BYN^E%8h zBhNNq0^D81V;H`Uu75`nRuLu5*EFji%F*5n8YgtL-U-XS#gPRNIM3~xSV9iBOOf7~ z!umz}u_;yj=CQFOC7-GoNBp*nam8w35(NsA-<5V6D!=E9d$=ZmaQApb_7vtmmzcHS zqZw)yJH*>CQaPwYH1?*20ajv>DkqU^zHtC`5udcPkF;mPw_Wl2AcQ*7@;LU&wc^;n zyWTgvHgHA{Gmnbu3^wH-$N6#zieV84m63(Zo8T8RNOgtkRT$MSm+Isy#+yL4*g?eG zP+qcTBi)7-$T(UqA=Zf@EB%6~{MKMRZ6_R|j3Wa90KsENJDHd$0NenpDc6`QCQ3`q zX7l>IV&$1XUW2sX%P+kBm(;)aebAE+{~7O9=<(y2g=v7Fp{#jfT{r?nT0PyrK2ZZfUs3H8e-Yu(NEfe=H#}z6=7gt734pW9Z}Z zxaw6j{C9D$tbJZ7`6Pa;cy4u+$z)Qm&)0_pA1mM`6zi@f-ox2+4t<6Atzcfq@?qM1 zKS*Y&1HOi*h`&%RU&OC4#z>u(-WdZz`uQob>-wm1cezA|ot?t9%kKkLG#bKl5|`Yw&V34(cstjC zig%D$@)Tzzq$F|A6p*n5Sj9OvPnOf=4-L6F?~Zc06bHrZb3#;r_@c!d7fC~!j|}rh zex(Ozq;&abEP~0jUx5nI!usk?m@g$)9WIuc0x;&y2W;_o|-%aFEZk~rj@)I5;) z2X_MEB|lLFIIQ8(o{%5M0eY8$)$aM1fwAb4rBlubN01|Ecmq!cVLn!Y%%-(8JyHFO zTv`(n-4Mo+!(L` z(@l*JAT^()E`81iQFiuJvNOD4$sEwJ2c*5s=l4c0OqeVCU=|}5eR1}!y z>{VZG$-Xcxmye*-R;)MtWbBWpq;UXQh$~u3^N8a>L*zpXjM_i=A8Ob@FfzlY?q z2dcc{G`gHV&tl_i)?9lcn$LZ=e{;O%zCM;AOY{anhvGL2W2GS`Rn6}7;o zRH;o3V-pAnBco8QGv?>9e)(OuNmK4#?6#}nFfFe zjmAR_el3Pw$+`=gvj_Z$$>t8IPI-@J6PIkep1xR^?jQ-sJ^-|9`a@i*B)O&)% zSn;tywoF#EgL>R|ft09)S28+gHdtkjM7b7zK=r<~I?pdyU5tzpgJ!wI%K38hgLx^K zFgk#Bu!yqQY+Kut3{{y6SpWcqO8Dr(#Dz4}=3EgH8b_vli0pP}y<0}%2x4)Ae115V z6!(By86ca`CMEX*kJsMJ7v@=KCWD?Ej48WH9B+g%=8o4|OlAh|IyFhCFOPqvpc!B= z{eblO+?igF@75J9N~dDn0x0%5LCnb}M}Tksc`quGC?B|HO*A~*G5j&^?vDFN=SqvM z*i&q7j4R+)#HFe!T8#z6_5*<2p8X(>OOo;il@{bsBpV2a{i$#=yh6d09ekph2%q3e zl$nkEVe}it1rVkWlQtzBG3sx$AT>`0)nH?PX2iW}l!*2?xKiXrGE7R&*_$hE(cr8l z=?z8}oT|!9q?1a{qr-y)8WxTiKQABzJm<*ARGCklaoEe{u5Lt9X(seP>*$&JC;5kb zp3D$tz(#X`{E4E|MqP335jL=lWB0MxXj0j4l6-mo(onP~&Vh%;>sN(cAIOAG;aDB? zt88^Ywbr%%`rcIV#~#6NS-z@IF_E{5+)y6HC?q+zieumpt(-WiH0^>sP7m`wPH$}y z_CmOW#HiXW@;j#&0}cM)x#PkptK`tBR`dH|C0fBd?K?nx91sG0BN@GgMCY6D~kus)g(#@`tl5jeiBG6=d zl9e8pzwA6aujS`={){~;mfG$P+?jU&h?(?*|1Gylkbps5zib&jHONW`4f_aC@wJNA zqLNSJMN$-xHXwp}1`qiLWNNk2NTpD*qy$Tm+mA5rw#R-8C7taEwzt0hy{;&E^Tnty z=z#);!9<&r%~pxmdG`Pl5YcRGJ={)4(~blP_#{bneSQ6y5|jD}Ekeu_R4FdMOLzP& z6Ty{Wmbx%QFOIF_gx3e6N5N5vJ2DQdewNVo9Zrp48!VaCqOY-P`M$(Ay}d>lgkVRzVRP0CZv-y^%1le(2h~ z!_3dv$vU1YXJ&Yk6Wo*zWh}+^X+U4O_cTGk!h~DtxY#~Gc7-vq z6Zi5}#=KiXL)+Ku27(&5DesKE$Ao4mt}N$-Gan`1sZ9NW6jG|#uZx-7&iWaO;*^Cg z_nk>z*}dSx|IhL)m`mvWajjVCv4O1o>9xPYqQ0_R_fINFhc$3I-ebIZZy87KvCL*V zIToNsv3(Pn|Fr&a-Dd8nqkN`#he$DZvsRbMC1{%V1yYFK0 zKmRtP+j7A2`o{4k9ckVpsYWq{SX-UHsj|cxx^^)lGAc_aATdq$#9P%X%0%iYK&I5o zKdVu>;EH0JiISKM0=ZRC)wnU+PK*WCX(<23G!JR07!Czz;d>GU5NJ4u(7hVJw^c2V zHjal|glACZfpYk^31K{*q_Xgku)^#Y-2QhIqQ^Y55GRLP<48Nsm}`v!6=9mFjk8UW z;SaGKn@UsE*f@vsn@S3LTe8gZT`7f;^1YZO857=7lM@a~L*v8p$11kDHUru$?U3p5 z4D&O`eCC^Ki0@3(>C7$BrcMZ)zLDtY>3PYb84}%?EMnV1#kjdNNp6=DFdA}V7jLY7eXalMR-ikb2{H5MX#NYGc5Z#LlM8c-^SY4ytXcA)fxDK#^A-gfnH zq5f&O<5NZ{sd>A1+JVX&wpO}={AW~z!Hi><+LG)h)$D`~^f=dFT_n9AK{4Krvg?er zZ@xb&V3;!i3xhLI(^*+HY36KS=`jhv)Fykp+g<^+4bN2Ak!YkobUI_22=7ipnyaD` zOcTtdx@+(jH-J{94;ik^Rf|X1LdOT@s2rYpjAk@ioiQ7MGu@*88-lZV1DMqt;i(FO zK&9u8Dttf}SXkHx#Y7gxjIvc)IOF~=eMh0EBFsy%?`=NOKrxD%P;TckccR1B$wuGt zN=bU@q9dkwU-u`_&2pa`7&{(v;~xs)(8T3~H#D_pINmqlX36I=65Qf9g#hqB0;`cs z>M@7P(fIZZnMy1Z+(f#iiI2{(3|ehbSL9bM%(D8Tj$*A%W@-6*w9NJ(0!^L6?A<}P z2k7ToeVLIc1H*+4>3fwXl-nPGV*3`ey^nz+L6h|f z5xXutdD8=R%=p)zN>xXlQsA@_ivqMuE`H(rUJ1h`;qY4Js!(y*my2-#pn&4=#&0b0 zzT+Rk`|yiH+6+>~PLxui=L$X~pvWPrFkQF#a#rLX(pVebShvE0RG2$z{&{9XOAXc7 z^ozbSt??T9GS+3REi*#-qRn7hWt(kmQtKMi7ZCIht9E9gC4);g+}QjUQCDwm>fqZ8 z+39J-_?f8{DTX)g!3_%C_R##9;>(w!^JV*2x(Mq2W1&t$MPUPSdTeIuU< zuy{RKtxx*Y(%2`Hak;zULY>u?Rq#m-&Ndwqc+#R;L1CndVK1V{j~0XHdsQHWO0*oa zDSWCtZjCg&o;F{*cT46&;sG%1*0eg#Nh^Gb@&JeJap+tlNy;mfy7=X4~LrV*>zEHz>=vkE? z0O!)YQ~OZpaHup8lXeAcCeu3FDS~1in{lERBo?N7+zow%rUL-N^>3xLm0lU6?Hnk^ zMTu_4go1+*#A zR@WBqH@fbiVkRI-U6U+G<$0uwUvNuzfh%)n zYcpE#5aYP{!t0Ljt;zedJDXtzCN`X^B(4F1g1O9;g*25A$ZZJEozI=+tCVuSef|C* zbhO@air(9@F9mHk4U^;# z_r|)@E?#n`LK#Cl!vCZ#`1-)N*o@E!ne-(F1e*{4;X!e0b!_>-I?SvH`BZ5N2%Tz7 zZ`n@)SRlI?r}Kad18)+@RE1AC*$Hm zp^x>v!kF~{xlsZfebfuf*p+M(azxjQm1C7!1o=-u;_e-Q1=IOekR!axK$JWJMz!V2r z^a%CbpoCaKb+Yn>ARP)=x;UXlHNSTLf~tQPJh9xTZ^{TMR#~dx#u%J=+@q8F>;b!{ zz-`;<%mL^x|FU%AiDSYSR1+}GU86mC;)gG(Dtj{5=6auD2CvzQ0rtHvv@4e4j5VzXDV5`fg!q2|w!sd!0^d}2=g}36x&i;DJIyn!D8$Vl0ag?-jC8UKi z4u?11EC?|tl~&Mbr6I=Oym7;idSF^xE4xA96k?2$2a`R=MowOFAX#ueA)WqVD`Ge_ zUrhMBmEtPt-HqqRlJF6VCkJD*yO5?B^+JBs3rYFWs@f%t6Hr3)!L|6ldu(PR>U^!m zRt=Gr*$Ma{^~6)X4-sk`K@W4gu2*Kp&`H z+iLT~USp*|m){#PcWcfDSCdc$aBVf=9a1rYO4TLIb%hPr7Ji?Pruu#PRd3b-kU*g% z^lFofs!Y-vX&(_{VJlPBgustwA#U&$RyE74uvG0EoG0}%3~f}Wfvuns_iF=RHPFf(QtjqWn*^tm?ekG4A@ zzUC+PMK#|@?nBM8Xwevl%RP`r;GD2>dM(>w*s7TDBIfTOh_Mz6%c7EaImBaEmYV;3 zD7RH$tRmyfHnSRx-aU`p$9akx`x=(dWDO(6lfnC7)a!-*i;N513Jm3Fm=v zEl|THb`rV|C|@!kNle&dAsW{|3fDd%*MMG#Uj@Ja&Z46V?Z7PwNDyIPrSZ5Jho6f=o5%mhU%c*PAs7lAGYpUefi$b95 zN=`o_6MVF;8P8~a*!ci##i&^~gP_=&!K@1&_wyWF#g}TKTWNfS&w=7hd1kJ(M>b+m z*EJTCiV7_q?C`azj1WBCwE;sijuOpb=!0;{B72lstv9+m`gc?1SYu&ygvO zc0LTEb&G{rF=oOXbUT_34YUYjwv_E7k~tis&56`1pa~aZPLOG)9H3%!QW{j>Y1uYH4^m z-dY`BOI;EKBU;j)6sqJ)=m72aKew}_oLdxgp){w8>`9kD#)j=_G1WVGtUDdKHrM)E z>=shc>D_&H&WIA%XE9YtfC-R&OTrg!882Z^(m%{EFF1GS^P;X}YC0 z=Q{oPRcgfx%47SDYYy8oo8DKufzg4>OqxEA(MKb?`hoZ>6N^HbEEE}hFeB7MRMF=@ zn=4W>F|8XJ>cWClROE05I*?2Of<**#a(ZT$4;%v3{i8(a=G_l>2+gYB{4~;H3QY|Z zzS*p!8HO$~@9%#z6l{!!8ksGp}m$u<` z4WaO5_^!pvoZgOv5eQ-K^oPNjyX8Wq0N*Z2^5evv~ggFR`VPe*RCac!M;2^OS#Imu!3go1~IHOiSb z&Z30fUHs3eK`kp%Fn8{SRc@M*1NMXonK3@hcMrq4!Wx(ZOFvHcRK&%ey*+q7fXHYq zcEh}n>Z-36ir}G}l1TNU(x~2X=I~E;cl`nR!Zo({xA>Ce71fN9UMYGCIUhhKJ8N-6 zg1fLPtY1FVEK`6-bVq(BX@`raYR$!XF**x9SVM*YEsql-U(6FLr?z~DK8AB)B%$B|xYSsZ7OBWi*1&e-SQ0}>2k^qSLBzZec#Z~P(y zv<`EUK`eQZ7vy%(qLh^ITeUnEQ92E(|K%>n38Eu zrYbunere$oacJP~gk7%syb|eBvfsF~(wGohW;ZGR5|~2mFycp>L<^en*|ej(@$)n} zxg-|h1owZi-Ui&5NOz?8AhC*Nf%irnD=t5$t3+48#4WktA!G#igkhlr!X{y_=(zS~ z!@njpa_J^d|LPv4_1q4+B)-&dqe` z+{w8{{8>Hpjl?c7QH1_*0aVs}4T3g4+)r9SqGeg7Ffn*SilGrBP}dT*qUA3I3QIzs z1mV#6dOeSkZl5T+`v=(8eV}fGFJSUfu0mOi~35!u@LL=kf=Y+nK64wq>#}+ zpA=|IC|K0Hr+k3+RR5uBr5W3*>8xLup&*KYy+r?jM{x6PeY>hTM02zi)=8z7TlLAf zX&cQ3jCUtiJiM;dekkGxK+tz16wPEK%u8fXA8kb;D*WH?p%JX#@+)Oe`Z!&9H>@m zR^Vv_VA?FMjENuB!}#cEz9hDxRS8a^l_o#_c(g8C3H@j*Tav|rZF?q;Z=ifGW6K#{C)wN+RXQdRVz=P(e%*T=!@%o@CX{7FFObOGi-ohyQW`fW$ArWz7M_6Xu6d z0Jw(nukKBj4AY)M(tI*)dpD`;R`<*?M1(NvbO68dTF8J^Sona*3cgE$T@ zW|tS~H-fGD8usjd9>(0yTRnOG`Adc7S@$Z*{k-3~?+dK4fCxV?cW`*WPtE1|yAeFI zRRF|#c=X*vI$;pLWVWOm65}*tSB!S{osShw7!F0D9Y`BG??YMCrTXIdr>HXZ?d zykap$Xj@G>foUXSkCzO>>GgB@31@S_HTxrU z?5v5LXSf9^OR!*32AGH`VY%LM5pAU(pX2@URebT|PRgxwX}4rn-&plpdS*Nt`5P+AWdcLz$hR2?!rzPGHn&&=At%z%GP1z2$1|M{N@2K(Shf|!bhBP`D`3!=!z>y?s! z?I&E%xmMyIC7i9>cA-e3WjG@|M_xk(0nTs3&+5+c-?k?zk&XKm>KxubQ3`^2VhS4d zW4jtfRVp6PP|*hSUMxy#^a(@QLPVL5&QhCQ+aI2q9-IBO=N$^C{$KX)QCvB<3rYPBrh+QC25xNA1XbP3q-FR z;-U4wiGFpZqKC144es8=u`RLe9(VuPXq6n8^z^iJMQiHn&WXRgC z*JuO9WjxFnxKzt#dL5O9Cmx-P=nnwNf%V|M0s*5cs)lCi4>QhDNW>GKS>5D#ptewIbI5PGkAAY@elVggI>IoxK8w^r9reD!pfz2M& zQ3#j?oidcbveF?%J+PO*%+YYBV#@AKc|b!(gMCHFQ5D$~|5i5rm?P0xLo|=Q$o$c( zK#zbDN9sdZXJZOh1BcuYSqN)`&|rwUhv34WLL6D)SqMs=?Jobr)FHpva z#}Mx6n>i5t2f@{}*&0)55pF(liN}aaqm%plWF7m6ep^u(2{sH4TRNV>okluYif`X{ zM%c=#vb^px2Cr1H{{i;UW--KoJLkq&Vy0J+I;gdgS$QcOUG!%905>Uzl4aHr@yr)S z`GTo@wSk$G+;7Qdg9jyF99cBhhsPAI^=e10`dG~kTkfTnZ6}n|6|W{^eO;;pk{#T# zJK8NCGYOs|JGE47O}A|5lOZqBU!?Q$GkGQ9KHES`r|G)BRlWIAY=B~CNIgsG_rSz} zD1t=ez)Le|$=E?~(0{&Gd)Bm*a#*Lv4i3n|0y6B($_osurMjz+53kG%}HbUK#Lt&+t07$ZtGq z9(W!g)f+|ciTb`=kCOdkGeGzDYzeb4RVt0Og(|n1&CzaP?xvXBSYLpZs#|FZaBc*0 zxA`VG*jZ}Q2AI0u4RdH7EkGASnZpfbsQ--X4xh%%cBxFXn#W<4foH`$j@ZnwgVA_- z!D=+ki-&6nPe_!vWN4@0;h(=~E`b))*fhV)b^E;>8GJ^tb&THx|3r;mZ_>_wejTov zaI4ma@}b_OjZITdf^gOu`ndq7WrQk~#l8-)^QRUg8ja#> zO#|IZ`h`E#CwCr)cK;nHWDRDdb!P7nyl>A#B_0RBz#nQ&tgcF7%-h0?<6}ru^chjx zSsPIjf^{RLu{%&+$w_(HnOt9KYH2jB@n<{e5Je~0Cwlc#66!8n%4<{A4&BdDh6&}y zdaWL0l%Go~<)sHKsY>;%8ZDkBEO8gAWGN@Q$Gzk0lao$4jFvi~I1^HP@fc;f6d!rzZ?Z8#b`Qw03>W!*uyDyBCVJa zq{><$mdY!YDApR6hBw|r04280`&q{f3Vfq3fA~4epj%fQOd~nO15P`4?3QK;X5`Rh zrHUM6X%D}+2I`YV!i4j1*j1|0nu2pCAFKcg>Rf2+TdN^iIi}6yM+dE&JRHs`g=ZE527R`lrzYvI&^i6!I< zFtygf@<1RoIPVeadlsivv^nVw8`F8U5F;TcC&qqkY-uM$$yYjUhtIh)QB2a^-Py5_ zjpxY*ZTvV+mi_w_VuOd7M*)uY;Z^}spqg1w#p2p=OqpRq>%#5VSnpJ!|L?6q+zCAM zk|IXcNvj~AyyG~{=OHnPRh9IsVPlh>LXOQLk1_U7oF(nHS+|M|5i3DJ2Prf69bQnW zT(?Nn13E5jZg#!dxde|9$^t&$Cs_em1lx0zyuJtHZ;?h|dSUrRVH$Rv>#d*UF`o>|78w0AXX zhcEBz1qz3#+1zmI(H;w=(`>uHZ}Vz*W>6C!E@p<9d&+xp{BGWrX4p%;gV5vAvE#43yo?Y3~C%@p2{ zR$x;8*po?mKf(g}f|F&0Y3f!diWaA!%t4UefZpE(e9uaq_~GSM!lUIAZ3d?kYzm&s zbV_`!OwD>WFw=OWj*h+%gCumC z(an$0#tIfrv=jGadlkAH?$i~ka3lin)Zip^X$`Zf&F5M!QlqbypbsGR&9{#>73-0m z-`lZHOKxMRF;*hi@Mg=u3^IFLj!%CzHx>t+BO)Tz7!2uF7@f&Kc2c{Vo1`ZmJHCS= z9>;E(+AnX7%zMpNRLZNw#rQh0&Un3_kvpF)C_6VD@c1?gnoG(sl*96s+G6Gx5d6L~ zCmdIWpqxx4P9{af{G=x}%AT)Eb~&^ zwGv18cG151e%fiBP-#z@v8t31t(a)L;~sJ2#=9FBAM-0$hq?CUd9|0QW7KZ#WsR(- z^=%mIi}?%CZd2V5qBm%1{zYg^9i7}V1xO(3c;qe$!KRcg7f6k=iQRQ#; zBUvSgReUK)^`andNuL!@0bb2Qu`G+{{#s=gq|qvoZ$~GruJ*d(o0X^@+3~M%#~8T& z0vOfCZ`&CVzxe7?6z#788%lz;=+J=WpH82XnF+o*Y*<^*;9mAeqC*2CrV~|rW!WM=fQKX)k2<(-q*UsL zEEIGQ@!`U$;}3A2r?4>t=gD+fi}vw5eeOR62B9iJ_D<-)fdhS+L{)F{JHt&btSCm1 zeG4X!c=g#zHq2Q$>TPPI$=RSWl@-&H5gBoIz6`}rW(M@F*}XaKm?3cn-QWRlcTdx~ zy&KyUK}Y=>S(+-XByi13>8Kt369LFY+XC;t_sr=bae_jrj)X}$BqtWINb8o z{Fy?3YQ7fJ3}AJ6WO`;=F|Mg)kv6SGD$D(?c~Y^4X8C$W8jpL~vB5lFu;@0`-kPh~ zRyjzZ?8*Gk12C@N^w4l7GaocU8_0VuNC_*_^5M%LBl&rtD)gwZ?sLIbBtLhW7|iW& zNtsUs{*y$nDDD&YM4W*s{7t>=1((A;K-=F5K{ha$4$vz6*TjL)Viqbg8u zqu6^G-=`6O{4L7{Rpup53jlA_`ecvhzNAC1=|H&`4dS5t;N^Dy)xXvFfD4E~aFK6p zmtLf1$d1oa6@kRC+wzATQf(7)pTm||shg$^xNROaaF59jCh6a;BH45wHiM~TN0C|y z5;grda8( zvQUy9-=r2!{-rMK$Ea9ShunxHp{O~fYy^l9QKK)2Yq#MGShg-kVL^lGf`B}p^~cd+ zMgHs0Yer%*VqcVOz6j7FD^eK_IluIbllx7VVYDX0173S+B78LR4X2E9)$|@7C+CDW zIvS-^MR+ne`T(D*7}NF?3BtxHH$(3~3Ks}!YkR>7Ik!`mmMb@sjiHgDU&3!*_N|U@ zV@~pK6>K8l-?nNQfmP>_3XBtDRR63x3-uzm*@)YEJA;IW1Z>&(N$vZ7Oj5EVKFP3E z(UPftCc}2!s)sic(j|_Vt^QWzb7dF%ewTTD0>$ra7>wCj7r)=glpzq+oD!@$l<{5F(qvRoF8mTCdibtjc_o%W}0vQ8+4C zp*^9e420O7S>JYFO}afbEW@ zu?y_{WWs%5*bRevcJ6LkKg)QoV2I?(&_%f}!j{iMymcH=GP1p1t54mpq6R3V2xKE) z`Jnrh8YxvL=Dvbv!8AGkKl}7gB0KMq`UOP1*Hp_PbVU8&CDBJU{^QubG_RjF~0P@DFgdKFzlacCEAWm|j=E&KaO}kn&R+dVXRn zFa|;U=fs&T4)%k0Nt0k&%RZ{YVHHeChpCX0GE8pJ>B<|=g|M~u^CNddX&H(dOOqs} zp#THh3=*g9==bIeE8^J+Z1XStS<{tL(oF1D>s%N{!+8m27);rwCUknxndVXZ?WJ(raz*dqvOjJjrn?z12b8yl)gy<=bN`J1fm$>RH6cml4wQa>NW+8zUrj!lU+|98 z9tl7U-JxN5&i0Bxt4%*L6NVz$p-*%j>(l6y^P?20bX^G2q|>HNal35MyE@(WGW0ud zOPO)@f_74W!-icp*O@}v5_lI$CPE}Ft803ePx$e2=S_P>BrGn#WWmfz)5u{qtx=fx zNrL>AR6@s&&+mzIR;GeX+HMO0xZ7}*hF6Gl#A0s(hwuPFzNh;#J2c5MwX78@AA?bS zekSRbtA~U3GaIkgq>A=02rYz{0hh*4@u?kC9@H@5K zPihWz(a)4&Koj^6GnNav+%Ku%K>o4pf3d3;I&0XL3Ytm!3Vs2p?K>u=Aa zG~C_(*+Y5kUj%pxWL!2l#VW!Zo%5fe~r#cyeBS1?;;~K!)Thh5PLbBx=nwm8(gX zAtRiO_)sbQ46MQG6qUYhlMme=Y-x5KO>Av+Uk4s46iYVN%cdNm^uNhjvxK~T?!Eo6 zPpOY9VsD6QGQgo0D}S6NS-m!^jB0qGZ~m4j`f{j^_30eR$Vda&#<-UEs^)CqB9t{h zgYv2J*KrwKQew(flCD#+;)A zhZ{!pLuzN$A6GA+sE^+}tk!76D?^HMqjKJ*m~xXMeXVmqMAiuEHg;y?IYr}=DYa{! z^Esi2!Jy{hRH4ssCg+1u=p3w%xe!Z~K&(uSIk+|v8J7*merj^KU}xnQEFq1cW(W@B z)sGNWWSbmFJoj%D6-s%~^Bi22C5AG%$0H(RA;-#jt5I0caEEyQ^5D7pb51DNJ|EoJ zk2pEp`No8AoPG1#Y~nv)s6tS6C=9PVo4>vldj)bYI=h(<5e1@bL@12)hT5Ne#z(Ns z!B0b+*E5DINVWzv1R+f=l1ZKnrNf{hDP$GE*~ydhS1P8NWBgA?pF>3D5eTAFcs;T| zbn6WGCNYK;=)P0M1rPY(L1X-mPanm_LD7DEix~gSZ=loBu4zbYFI5n<`+D{&4Z83z zahPg;^)c?I>?DJ9?c^UXYnMlOu={CCS-JrvKz`@Y`zk3KovmbN{ zlVvfpAvHgTYXn`)g$Ig0t(79acV@-+&=cY3;1W5Uc@D3*QCauoZYf?r!>b6$Ax=)n zH8e>)s{~(4 z?YAiVR7?fu3Lk9cSFl(mWr7I?pLlJ1)K9lc9?s)ze@)c>QYFlJao$;lW=c69cBB|k znGhV~{)q{#Y$Rh)_gcv1)|z^JWo)jm7%0X`15CqC z6Zjaa&u!`RX)_OMrN}sC9-Azxyc<(-?T5z-=~n6_geyHz?<=B*gHd(3*$LZ91-E}v zNdFw)TiNCu*Sw8KC4kRViyJ3ASnS4_>JlqA*fFYS<^9o8EztYX{bA_z)^YP~c5Y5r za0N1;cDuDyr9igD9Rm|a2yde8{$kt20CG-=gIMR0YZwzP?qyV(T6sJP+W^~kc!OUu z44FvojC_L$7$6@05Op50KPrt%=meRZszVr zcYy$Oi5j^jg|oFIIkq3rp*rX7Z`fml@2kk3#xT%Pc`_et2F!W!pB%yz0?2Z@&v334 z|NHCt(7l;lXk~r=y`G*jio0fgfxVK{61yY(-4OA=${T(ZuNc`yhO25^b)(O-6~-(w zn=2OoVh4%O@B`+E`h7mJ572{Nrgm`yi`j4}{Yg_C$?Oz*AuEV+rG-O=o#@-cB9Qxv z08{IJSmw0w`Ps>}1-7bV#(6$Xc!`K-98FU2Z}XY9GUy8dd=C%l^WR`_anSjcuF12? zIObmx7M!}I)BLiH<=$Y;pA6`U)pVG7P}67+s z;A^Y*!0nYKbpkR~X|fA0pW#>V1QwhP=`90h^FYOEQAmKXAb?5^P7@EM{KQ0HFO!*g z4J4zLR&%nhE?5c!BlkgW*$F7d(zp*8DRp0W&`y79Sg_E$ZJ+3%1RXCe!gPk4z8~x4 zZ~j<-{}xbo5TH&WhF{OUom%~tm528Jx`36cDV0g%3=S-Ci`!syOMlf)5TFqxC? zBU7a&31$2lwF*Jbt=V7E0V{d`+v5LS#CeLsc{1b}5F3eMYp8&}^ne%(V0y#Z+yG2( zh>dLbTOn{W1E~S^J#N6wXTNbTt+qky>F0Y3d%(e^AM1W!nT zWsP&@zc?yYRCL(aSxYD)`}^kA5ybCp@25HPxMfL4fIx<`;WfShHb9I4dDNLqI0N*k zJ^AK)5%KT8YFfS^#3%&%i~b&nKILNFx7zj+?mCh(PN^znMI<-U*?mIHW^wQt@n)~k zC<;IUZww=f*yBT}!A3+R1oh+R8|1ky?6! zdT=xy0)QM5PtK;zc3OAj&Dt&9tlRE0k-Sggn$w(ar}o9_(*=pR7hf^TPughD3>?Ok%u;kh@MT=(hSJ3M;dBk@&03c3sAApY8o)i5W-YMD4cnnqXdy~jT~Yjo1w>+ngT?1vN6&HIi`Fg z5v$=Fc71Yeo5hzQn@V>0dJJ@KY*QBgO%WAsF|^iV{WT_3W30C$J^&17(dZ!4aH_Uq z|86dil@L=(<=GSQBEp3DAEMf@NEtPdCt>;JR{cD|+2Ex@75&^o>H9B5U>8D{@7a83 z!?)GZX8#qAzcQQ=K1z5e>>>*&nOI{TURs=bg}gkCdY>em7;h%l3hL0@)O%9m4de47 zqM6FqFx*E$>-3M8t&Pbj?d>exGY#`yAFD_wiW-nhCbk2TFQ5(hivyUkeUZIutu4d! z{hC%j8W*pEt4mK8z1}g*7I!7=RejslOOFS#eTG@h(jH9c_4==e(Lwq{n_u^)IZ=$Z z2rFf3KtQsr?%Q|s9E{;-%4KCgWYbiiUgw`4gm?*a;Qc~)NOVmjf}vS4`x?Q&c_ct` zgWGkZw4E90Z=Oit?h*41&b!MN1~ElAoI?K<{2DWeyT5q3W!8HeXh+pD~e)oHWpE zV1p`M>koFaV+U?D^qoklV&0(MSnT=T{iPq9%tUBHNub<7R~V0~MFUoXZxjYSvU|># z6Fagbep4||e5+6akjypNgjSHd+^;{3FAYtNm$z88)%`0jEpTdO^&B=^Z{h-7&%a#m zNn>W==1}LA<69+jOO#pb+TLWd?Jcpj@AP$?shXZ`77Bwd4mJIg_3hSUeD>G&5g*TI zFYt-EfEA^4vsoPbE7@jbU|w@*YSRz(gZUqyi+@++D7Kz)LJ(cD;BZVq_StkSYM$(< zA!p;$6>rdp!(aum_+)*tKxQ%tb3rfur-iwRsW$2Zvn#XDV)VFgkNu=@heeTLm#r`x zk1JNMS>uMdGi6u+$J{%FUi6IL6|*Qw*TP6ddloC2F=;U8_p~sQTC&Fb{xUgW=l295 z+Z~Am2tqZBrnTs+fP2~~3CQQxG9s6P`nFVY&#^w`fskAhxz@S4&#g$)5+)E>&k9|H zb;H;Ab;e}&>HDSJY(jLY9^ZW#;ha^59a4(F#5_`@fbY6SiHjB7rUYM(FBkp>xY`z1 zBh-Oafsghiq#jR#Lca-v4YaCeXt2W(!@2CN!U(d&%5AUJW<+#fwS|6$$le|AxV z9q^$o72bLh13#$rdXAN)7^bJA{613|8z`(Y*C&!dNpyXW=y5wO$<@G8|4F|J3>RuG zSWZ0m1zq^r?BB)1&US&*s)6;2!?yEKQP2SIDj>Tp-R;I+C##c*gPk*1`NJ=*;;#2Y z$@)XjS5z=sFMp+VKm&#@*i8c(@ZlKY8?PlL*N1Z2qUoLCKpce)tN}7v=d+oUZWz!z z|2>hyksn|ESfO;4+Lf(gk6e+1YxnZnmaqEfxoQ~0y-&darUZ6{uC!N5`ra*kJZj|> z=Pj~GBIa3|SSbS)TaS*nl6xk-9q8<-F%_(VC|V@cQD@*(H3V$w3D{$lFJr3f$d5FM z-UCfk-lBzsCVa^mupq{B${RM#Csh^kPvX*nNsQgBwFXbu%bIPj{F#PW{iH0rMuVA2 z#kM66V04StAD4$#xN}tPp=o!|PJg3X4h8q6gpt$HMT z6E)Z+C*X;2f?J{z9r!wgC|(yv!i>jqF}9`bO4~vwQOTar4j`zl`MEe|c@&E4Zr_Z* zja3YF#`*MRti>nYlZoDi0`-o_1)y0kZ=uha%%7&0J8Gh@30wJGbuw3!_K!X(-+C<5 z98t)Z5^R#^A0}{~ksO7}^a_&zwZC<&Tf!|_c%CA$M(zIoREv|_!_nW&b9g1+*o_i%L!Z>$-#z!7(LlBrqIIHR z{9V}Xy?$H0G-#EJ^YShO;0kHwPYa+w^49>Pd`UcNCoiNCQ@w`mhfykX@3r$6T-eP zH);Poa}8rc-0$$m3>x7ln zMoAuOlSnhDn`4B}BB>@--jd+mixzsjI}O9P`$eS)ff#d z`zdfcj@IUIH$Z?o*b+G*CxLE`+LzWa8a`c0F}*kAW8KC}D=0W!NIss2#_H4uQH&Hg zXsC7D#7bfGu35XfeN^zlwl6brJob!}n?+KxCe`Ab>ds&j%{6~iTu7ZlA6eQ;kpP5y zc;N91_MGtvZ?_0FNyCRp>Q#($Q+gA9>2!9hs3H$W?biU;?9eom;h9}2#dU66DvW8Z zlbj78rP*T4y#Z1xkH!|qsZo;U zD&am(V#~suVj4^4Axz_|=C+&Twg#+HZhi`Koe}^z*sr4QC)P-1#H5)&kQ7t)92o$c zRd{t^5KgqxIAKGBGKl!c-4u41I^Ej1qoY zYg0mD(&%yM8GyVTmRsVym#$wbpRew=_vB2jiVv%k+OiHucCyD`8Z^@Z}d+^RAE2QqTe3 z8j)=gGo(`{LcVh;N^j5?zaPj}8Xjh^>L_9O55ck~jB4<&OeokaODb>zkM?aIE4Fnc ze!L;Cmv{BRSdf}MFv4{qUZ}!00TM>8gpq$c@Vp2m)62nvFbnw%?s2+IVv})S|2C*5Syw9jE>h^Kkb<;8XJ zPlF+kohkf@x-4N>O&jh)Aq19ooTP4zaoo`ItS-<8o?;_+wm&nro*MJ(X zvCUKlkNdgQKYLZLpyLf8G!$l!{opvW`4dxiz;j`)lwx`cA3)P%T)W4&hCg+G8?Z^2ovy-Yk&dKep)75Ukf*A3KT2i3d}UD z7JXD1#b$qWbk)enD>XzDAOcp3nxZ}HE`mW9Z15`OY*5@Lb*AR= z-Z|uB&6h0KDifTLDXl}ozaX!V7EL8~nFOJzx03m(>y_%I-Ni>hB!s7$wfU|AaOo9?GH__bW5jheC^m`T8Ai^JW4 z1{V*7)qY<1{-8f7=a_K2+z+<10vUUl%-jF*2z()x9D^hi<6)lM%(Bzzx;HHGcvG}y9P^?#@^hQs^4iI)CM@aZH1Kae3yOc)ae@OB8oebF3i)fQ&5l#s zV)bk<2rDaWNICKYygM-xE=QKbu_Guzi32-EYjT=tL6mQ#PV(@c)?!*bFkymqL&5f2|3}K+Gy&f=GRUbUTaP0)p+mNL*dClL_Al*y4_)6P zfm!E8S30B#wG$RqS8n&TcCLtvJ~MAfr4()TPO3|mFhaQm8KoK?-;!% zeJmwY9A9HTCp!6Mt;m!_3?G3$XI2c#Io$7YXbm`yR{pPzWZ!AwWmZu0FTmBkfm50>esIZBSgk2C!lTv%yy~HhK+=5Z6g2=4$NvSEA`4d{w zHDRuG8Hfz5Jq;L$aEw@}pc*-qZLQ@teD%JEH*qCtU_{`Lh=Cgi^|!ceRO2-XoO~QT ziI@INlFDR)8Ls!ksm8C|#S5^rq&gC(^4_6e{!%u_vM53~cr2|WIml*$hr;XK5KcbK zR^jg`%RH2_N7P6#tgxY+*i6jhM6!*yaSJN_PkkX-O0t=Cqfpr85|QgT`14jUdw&kK zoJyp*cE#4ya~vb^V3MQ?w9J?7rC)8ZUQx&eTdu&IehY5fA2BuqOWToqyFt2AxmIj3q2C z25aRGDl*;&C&rvjm0A2@z)qL8bp_LZr$?OP*7omB zY3&A%M@U2_Kuxq!xSBrrC?iAsDSlgjn=rz3$3PJ0 zsg9=?$zf)@D(@7ML!+QNIRw8K-w-M5snI*US3CF$Dh3~L!{@x#IIeTUihIX67ZZ~a zX-}}ADe(?lrYx4>R0I7zg_p-olH?$Wj2$E5r?X|8BHArysZQtHP@P*VyLT|gd~(7B z0oumwo7WePnHepfQX?}-FL#|~QB7mAy|v~r?8>N%9nsT-nYqtt;!a+tSwDp%ioTEX zC@-gg?uFOFqDlz$$!i&TZrl7Q_92RYy89Gz-JbBvsx1lpAYby8+a> z+Gbj6zmWmIzV*q}2;seRvn<#rxYdIXgqCvojrn2Y$y)hkh_O@V^L)q%YYIRD!z1MM zJWRxGw!LKvh!1CHrKXf&ck^HQbx~|qNqhb-;qjT4DT8ys-e$S<)->X~@-H>a>SolRK_mU5N*_sqCdPLK zV98IfNq*hQ=u*gWLz{Yvyy$rSQ6FCyFEt`3N_)kM^(#?W@4oY@TQ2x%q2DI(ncfSqHa;nVMFP(CB~dqQAt>G7sWkG6ejezh zNC;i%VDzVtEAW<(aK}{OlctA@V{L}o@us62-(tP{?z8z&W~EJM7XG9|xF7jj3DeSF zqalC-)e^g^h)Li(E^+vHX&l>_DZocBg@u5Yy?7*?Gv;sYmp4K0U@edw(YErfMjZ;Z z;>C;O7OUn9RSV1S`dJnk87Z{UhbvcKzK!pOQ^Jy^lo5`jy?;O%il>_Iz_C62Fr6{_ zpUzk$V-C7R65wS=XA!vIDZQ=zS!Q7U8MK(Y$Ya1tM)#naD~`hdCsUxni}wJt)^3sP!E{JBcN1tiB#-h9HgjT=3rg)E?6BiqluuZ0u9P?55F!@BtD!m(@5}+mL*3 zqG87N&8*k!!AQ0R1k1m!?L>Oro2Nf*ffmi*PNUw2$pd8 zO=Cju7Ien8Qt9(h)ZX0b`S?taJfr{*72c1Jf>3WLS6*Lf)W0slY)TqATn!^_kgW|G zFPdgF(Q5i+LvS8xKdtdBhpCC*k)`4H8s}gYCWn3?IA5_)jzEA;_qWM_r2#$%9B@Wh zo0J1+-LK;1PtCZ>*wZdtaP_}53>KM~G@M!5>6*Ig-c0^{G@6U}GcBIhbfytuQ%L`B zS;!kp0!^Y45U_std_RwXh@QR$Z@~yh)MXqRwSI&3gZA-j_*~A9&{D=`e+h|CMz*WQ zLIPrWyu=?PyU?9h9O-d`b>8rE+k-`@O2W0EDMsHvARTC$2+>3-aDj(e(a}%Bok~Eq zh12E+TU_$ifHy`iPi)n;LV{p;Sj{ZRyS5}gOxaFw5`DFa_ngg(^h&_-aN0js;odBk zTf?9DXoS+9QSf8ga7w2TVfH5*1szsvNzwt$4|3J9PCJ>hgZjk>w2B$3zAqZqi@|AU zGJ8Yt<%?*|%`9X%WKFk#je#*Q2V0xV!v+7Jy&u!%Q#$?VqI=}%aMuSplzrKywPlC; zMd&vH8`xMC)En<=iFkt@>^h&8bjfP~TMf9JVn#Zhhk~8E=kZOwV06LHx_Q zZzd+Qwd*xIr>g}OZnVTwq^e9YP_kpwr8bSRI^LcjNR_+Hkvmv!gh{5>;fyKn|DfK? z@(xi!J?sIV{KlDrzROg+VMc8M?%R*B7FymgJfyq^aLO^ohQ{nt1aflM9+nY6~NVB^&4USAkQ@s^=4=FQgur##&v>Dn(jGHue9DkLvha?&4Z zyw5h1C*wS}8Smp>(UNH1q;Kh*w@eT64ty7kTytP-X(I=+=}vJ7HzfQn`0JTp;X*P} zP!=UxZK2!&rergE!^>V`+6dCFtJ=n&IKq)3RjV1ZvouWqkdapC*{}a>`BNe*iR>5o zlzr`2C7rC-R~!irLR5?L#h9H)iQXIPsqFz%$=tzlC@f=zNWtc$+8#D<`ujh}LG^#| zi}_9@s>`oCa2w1Le34Q2vN_gxA8h+&c}Zt|jH7PmN(9=d=LQcLG>p~=BA|TzOL5Hl zTgP{DwB3L;ZEiRD4w!U+XQ8fB|NBM+G$beSUqUGSo)&mV-7U-(%wsD zzHhyGReLIo@}f@ituxcw(FiWVM{{w@8OvZLHPz9JegMs6WxzDsoFIQ1ocsX!4M#xS z@nHh1IY6%oBTR#D*yt0yNDk%~`k=-pcV{|UQal!Y2{OSs?0X9lc~g2nlA}6^V|W-w zA=~-Gp`9g(61p-#D5A1|yEMN`vw|O0Cd}-zKp$^Jb5+tplRhsI5fNZIlgruaCWSkM zM&Nx$DP|T_0X(qPMg$ZtjYWgX>D?LNYsT!{_lSREkC2lt-SemLa%F@;_`V8@v5Ehq#T8McY_cP?Uq4(_;%KYo8JMy6h z_=z#R{!cZHe-2!{IB1@J%E${e-aW|ZZocjm5~D6HSNVzvjxRHn4$hcQF)vld(~F7| zO)s@Oz~S%*l4>s<+>VM=7Co+n_?$ItZav#Q$?K%9kBV?b`y=M5tG^8xwK%z%E7i~X zh>yS2#J@9Ak6pTjtX;K$T?5=A^VsTeq2JF6(Bb&}t7uE9q?U)8EM-yXbw#9!BDDRo zf98-FsJQ+D*#?@uSW`M~zU6AY`&`@M-8kJrb=DQL{<4!T}61K`FKtll=xZ ziH{!K4=3bO6S1{|XNH6HRMYH~L)>XBxQ(J469?MR?Q+-&_Mj4rd1^Fxpg}Q>YnSsD zbF;|Yo|lRDPiNz)`+qc=<9l&x&CwbzU%|>s=H6PlOfW*UCsD54&Fh1Zfltp~RfVj+ zE4zK_$r6>fYVtUfF_2@MeS_u#%EzUn%PYjgm71m;Y2U2r*>k~sQKOVoX>T9hb?eVK ziEbPwo!f{G*{!@Qgtl=?;vOHyR>X+d9&c>@uqJ*w`=je@Xt0`&nxD|Hf;9qrG`pHZ zA^PX;-Bk&rzx5e=k=NbE>!3x-#uYT)VLB<&t(Hg{y-01!t#LL?FX^L(7#Q)J2f~N| z1ZhV#Z6R=x5HAFEC}wKhds9Axf-#ZCiqz4+fn!5(_%nrAsQr#+>jD#WtoL_d#3q`` zSkw0iBjm#tDp!&*rO0G)+11Pw(QiGjn#)r}WZ<=*k6NPxi3gWi0K(~_3AfxzmYEjj z^3})s-UzB3R{=Cnr%ciAiQ@m1xxuO=1Rw`Q_f*)1_iwL;UX!Z(<*l9iTW`u1=};;N zDLC$fei>^lWx;=Tz~h7}7{BjlW|WkjFy8tjvwLa?W-iZ`JZwjH#Osl*IUui z+6h8~d6Q|fryzhRU>QAGW<~6r)fIoA(pBhye_g+-cbx@uSR70rG-H+dLl(D9d~4a} ztMQHS4QX#dHiv`REFy*(3QLy$`R9Ww)%FKP`cEdrx$f^8$ohwfg>)bgJy#A+Yk&|EJH$}_>G`yn5CB?d&a+3k$^kR&CEOsdjWx#7E z^goo|jCC9b&%Kiwe`{tbS|%dipvxd4e%II0QW0!Jn{dSoq~Q@v$>pc>edwj?GwR0` z--9nS)w#g$7W#B~xSHkqB*76lXGVin4)LPR)Edl`iGy17a5C_8ZM3TFyvP;xSt;zv zQ{~y?UPxOBx*xryy5ek46lsmYDlem#={KS_v)2bi^KkNSa+wx@2+(90&byj1o_}*B z93;$T-IY?rm1&9w328XlhnK&Tmxm)bJ}e5pp|1%;Kr2JMON4`BjapP>n|gG|4c+j1 z`n-CD<1h1BR85!_O;h6lDS*ZjilE9%V+zu3Oh{$^0vW~psMGQU$mV-4BRhGSQ|Lew9{v* z6%xajeD%*^YGjGpkAGLt!!I^qn1X;uev`%pfQY2 zZ~{?mWZ;1dwQWrb(qET3N^b79mTyS(Kgm`)>Ke}GgzCd_|(um0d7K@+*&b^r)ehQCurXrEoOW4;J`2WaOeCW z=bR*vhi^Q@edj}$7*bF5BhTQ)K%||(*{#F3W4{QvV>ThixL*I-ZT{JDe&i@RJdP&B zJ{}sFog+W{RDnjG*3SWO=DWHk&+r1BOgxy6;-MuV4Ka;;=ue6fMwv_yCZL7)bi`1! z;~{te2yN8?0tBEv{h@Ka?|hRyTigH=^=-KG(fXRX3w%-0SH<3XGbQ{m>!M7{fbPLGJ8B5XLQ*;8~d@ z31kV)e5rdz(beizq-5B#WbAX9vXw&6#g8?>Rl(^k=gK!02vAt-&L4xu1vDXsD1t(C zz%incXd7nb9qKC!xf+FNU#&%LVG=6NMwR;92iQ;CTD;g)}ijc9TGFymrvxUwNUZqqR zO<8xRwY_;sAOWT^r*l5p=K;86k%KBK$amQ}gs2{(UB}#ZJp$(L;H%FC!4eRWR zL#X%7Q=4Et)exX5QZN&t{y=|&)5Tj$GKtGQf2wLj-S-s2$GX=1k;CgS#-rnv*BNXR zkt126aO>DJ8WLiZ&t5?lY+tQB3Iv)meS9j4AKWaw5-f&tPOv;r1WZzS0!0xuuk!zB z9Dzo@1i?v%!6BtGtR76m`AHANm^6t;LZhi46+=IlE0VQA_~M_Y{Ap;xZp zCu4IsAK%W!`~&1CKSU0@+PThIEr!tQ-4R*+=44OmTkikrz*W$tUByAK{#B?yu}7>2 zSvb@uk3(LD9&0)ei)+3PX^}0cl^vmvswx6GKFee{YNw|yckBDy=OG%2P5-%-USyjR zvG%B1&hLY=Y2tDI7d>-lV|0{fm*O{?KWdGR;3Lxb{760Z19jgk&u2s->Q5?U%RHsi zY)v**jBgrPIpzscK*5b z}in&(Ng^`FAJ&rW=k`}5N^-a7bnpYKE+IW5uh(T5hdSPWG-s)eL?C7KYstV3)nf`CMDS)w6nir(qwx2uUkq=gdG-wax@Cyv+S@a$PP_ zS1|QYb<3tJW#qv0ER*xwQ`g_TT@s{_m-6e&nXCrO$h*^*`!P4w6Fhy#W!nMaI?S?u zu#WvUzWlY~riab>B{bYZQt+p^Q%_(7WS7q8lQ!s^M;qs;Xd7r z_Z3s@@bkY637r6dYpun%j=O*6}kS3YKASDF2m>1q@(^;*18AUF-RjS^7Y zY%>QO<_X{Qtba_@7cAEHe9SU+-P_e}NDd$S_2S-g_)SPWcc*!~xhep&Ww#S}E$rU% z6d(H(IRX`U^eb+>2ozr7u^jqy*XeOVdhk77%kkSpOiq`?X_GAvJ3|9;K~_TA)3j+@ z6ySdOPo`xvk5DdH=(k;&PMG@TP?oWcz-fFJ^2$|20ZYHqh4ypmw#|#})Xuu%{#6Tq z_*?SdS*Ai|IGJ$B>=*t3%8Pd+@#~RQP3k9lFm{99=%}ZQ5gjz}=XzbT{2&=g*@3 z7>Rn`R}ZR)rb@M|8tx??on-208)?N0ln2R8$?yt}ZtKN_a0QmoVg})D!n=foAZ#oeTQjL$fS`Via+ju@9fnpwe zR6VHf+S0+gY8@pwtDZ>>0O6+d!msv_KZo~(`XN_0lwJDR-a3CK8BH!u(Ae=DjD-+j znTX=F*cOKzP{mxY1f&S zpV#KD^6D&2WRw6?<59)qLwhTD=;`*w^*v*$U1!$K>~+m%lYPtK`s4HMa$&f-^Cf*? z@~&#fhOdL~jI0}j{fmA|-)HV@-TJLJ$RMz|mm+K_j2(>NUNU3$9KXK2*nK!?3E^(+ zP#+NjN(oLXVM|-|RB5pl>^L#Xb?yDoA?h>Due^T94^Nj&G1(R?AkN3^Yh|q(d44i` z<#{S4OkBI;ItMnrBM1Cmy)yD_g@{|6pEO=>H9yak5#sjRB}-Wiy68geZAOt51SZ!hE3HS$$COKDrGXLy8}9WVS{k4l~yg~Q~kNsow}OgesO z+1+qA1g@mT@0c4m3`EOuhteOBtUz1JM(682&yNc{OY}}AWTOebd-2flPb%AkeU}SA zrr0!C&BrvJ4Yg%kTgojbCH6tmYxI}%ff~!wT^2gRD%|N8N9&I>W5lyL*2NKjD zd$J_Ia2dxv)}ctBC@iOB*h4b2B=Z$yY1;|D^Uz}N6wO)(ca5?4?L;h5;u3AuC|;&3 zUOzatOiPKzkNFnYHt-lbsK6ho+Lh@?ljU9?7etgCB;~)ix%ir1e7WwLCb9$5LQGFB zyb`tGOlg9Wmh|jsA(!gxDPECYwL;V8q&|)K=InjuZ)T){f=)^uBRaf=Y`1ln20}^c zB^9D+FP5WqqejWX`mt5)>&%gkX{k~tk}0F|@5@M(7h3IiZM~Q(k^?rfzpJ#!&U`DD zltapz(sNj=$kV)NC`@c1^xwpR=2{6g-LRw-?tYP+@lJOl5S-0@)}<7?G0N&Z2E8$u zLud+EE*NsF{A@E)(jXk3uM7Hq@XLKqUAJr|$J{3OfJZY)iU@bR%R>2FkY#SC84--O z!-5~)%{VkU5_&DDUjK5+pS*u;mh?h-;a}*Zc~d?hco5B~s<&HBMVTOnJ+3A-5Y5wT zuSU`j_WE7rvYfsoP7@9t)DF)ViaB&@R^E^9AA4@g3Noi0I^%4yaQTF>D_DT{qTn$P zZ9Ef^taLhEVK4kxGwn7LZVsGlxu54S$2Fxpb43|Vj~BkMKP}Dai5$wJsZpHRiZy&$ zldq*M z(6M!Kx0^-X=UT?#r?qbm=ilP{H!rlVN(qM?g&6E2K{5CCiX@=r=+`fP4VdzLWF#+x zAz6JFvbejPLn@fN2M3y0{f{0EI~LoO^nre9s;<+UtvDRT{ZF;b>BJ3hF}G`w0g%Gg zqGXkf<5&Y@QQtL*1}EH+Uk0}Y>6^E4RuBbiL`^u=Ew=Irb7$m^ZeOtTUpdcxidxX%E@Vp(v3z{?SJC-h&L(YQu2B-}qG_Ag#Dtfo4;^yle9GH=Y>rvU3O=L}E@$AQZ3{TEohm@yx z^Lp3;ZsHKl)ruf(eU4e?l8zrVdge8_0etMg-}~mpk+aZL8`?C}5oQLxeZ-;sh% ulK-7ku-oZ>@4o*H3I77-|NoHij4*WW3