From 9c5b4c59970dbb7a9f8cf1c66548d930b7b99b8e Mon Sep 17 00:00:00 2001 From: JD Date: Thu, 13 Jul 2023 09:55:22 -0700 Subject: [PATCH] Fleet 4.34.0 release article (#12735) Release article. --- articles/fleet-4.34.0.md | 134 ++++++++++++++++++ .../articles/fleet-4.34.0-1600x900@2x.png | Bin 0 -> 52588 bytes 2 files changed, 134 insertions(+) create mode 100644 articles/fleet-4.34.0.md create mode 100644 website/assets/images/articles/fleet-4.34.0-1600x900@2x.png diff --git a/articles/fleet-4.34.0.md b/articles/fleet-4.34.0.md new file mode 100644 index 000000000..fdfd08f38 --- /dev/null +++ b/articles/fleet-4.34.0.md @@ -0,0 +1,134 @@ +# Fleet 4.34.0 | ChromeOS tables, CIS Benchmark load testing. + +![Fleet 4.34.0](../website/assets/images/articles/fleet-4.34.0-1600x900@2x.png) + +Fleet 4.34.0 is live. Check out the full [changelog](https://github.com/fleetdm/fleet/releases/tag/fleet-v4.33.0) or continue reading to get the highlights. +For upgrade instructions, see our [upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs. + +## Highlights + +* Fleet adds support for ChromeOS +* Boosted compliance with 'verified' status + + +### Additional tables for ChromeOS + +In line with Fleet's value of 🟢 Results, we work relentlessly to enhance your experience. Our aim is to deliver results, focusing on pragmatic and meaningful improvements. With this in mind, we are delighted to introduce new ChromeOS-specific tables: screenlock, system_state, privacy_preferences, and disk_info. These additions not only represent our commitment to iterative progress but also our dedication to enhancing Fleet's utility for managing and understanding your ChromeOS devices better. + + +### Load testing CIS Benchmarks for macOS + +Embodying Fleet's values of 🟠 Ownership and 🟢 Results, our team is always ready to tackle challenges head-on for the sake of delivering a reliable and high-performing product. Recently, we pondered the performance impact of running the comprehensive set of 100 CIS Benchmarks for macOS, known colloquially as "eating our own dogfood." + +Upon digging deeper, our engineers identified CIS queries 5.1.5, 5.1.6, and 5.1.7 as the three primary outliers in terms of CPU usage and memory footprint. These queries were found to be causing process terminations due to high resource usage. + +The queries, which are designed to verify appropriate permissions for system-wide applications (5.1.5) and ensure no world-writable files exist in the System Folder (5.1.6) or Library Folder (5.1.7), had to be refined for efficiency. + +With a clear focus on achieving results and owning the challenges we face, this rigorous load testing has led not only to the improvement of the 5.1.5, 5.1.6, and 5.1.7 queries but also to the development of additional tooling for future load testing. This is another stride in our continued effort to enhance Fleet and osquery's performance, reliability, and user experience. + + +## More new features, improvements, and bug fixes + +* Added execution of programmatic Windows MDM enrollment on eligible devices when Windows MDM is enabled. + +* Microsoft MDM Enrollment Protocol: Added support for the RequestSecurityToken messages. + +* Microsoft MDM Enrollment Protocol: Added support for the DiscoveryRequest messages. + +* Microsoft MDM Enrollment Protocol: Added support for the GetPolicies messages. + +* Added `enabled_windows_mdm` and `disabled_windows_mdm` activities when a user turns on/off Windows MDM. + +* Added support to enable and configure Windows MDM and to notify devices that are able to programmatically enroll. + +* Added ability to turn Windows MDM on and off from the Fleet UI. + +* Added enable and disable Windows MDM activity UI. + +* Updated MDM detail query ingestion to switch MDM profiles from "verifying" or "verified" status to "failed" status when osquery reports that this profile is not installed on the host. + +* Added notification and execution of programmatic Windows MDM unenrollment on eligible devices when Windows MDM is disabled. + +* Added the `FLEET_DEV_MDM_ENABLED` environment variable to enable the Windows MDM feature during its development and beta period. + +* Added the `mdm_enabled` feature flag information to the response payload of the `PATCH /config` endpoint. + +* When creating a PolicySpec, return the proper HTTP status code if the team is not found. + +* Added CPEMatchingRule type, used for correcting false positives caused by incorrect entries in the NVD dataset. + +* Optimized macOS CIS query "Ensure Appropriate Permissions Are Enabled for System Wide Applications" (5.1.5). + +* Updated macOS CIS policies 5.1.6 and 5.1.7 to use a new fleetd table `find_cmd` instead of relying on the osquery `file` table to improve performance. + +* Implemented the privacy_preferences table for the Fleetd Chrome extension. + +* Warnings in fleetctl now go to stderr instead of stdout. + +* Updated UI for transferred hosts activity items. + +* Added Organization support URL input on the setting page organization info form. + +* Added improved ABM 400 error message to the UI. + +* Hide any osquery tables or columns from Fleet UI that has hidden set to true to match Fleet website. + +* Ignore casing in SAML response for display name. For example, the display name attribute can be provided now as `displayname` or `displayName`. + +* Provide feedback to users when `fleetctl login` is using EMAIL and PASSWORD environment variables. + +* Added a new activity `transferred_hosts` created when hosts are transferred to a new team (or no team). + +* Added milliseconds to the timestamp of the auto-generated team name when creating a new team in `GET /mdm/apple/profiles/match`. + +* Improved dashboard loading states. + +* Improved UI for selecting targets. + +* Made sure that all configuration profiles and commands are sent to devices if MDM is turned on, even if the device never turned off MDM. + +* Fixed bug when reading FileVault key in osquery and created new Fleet osquery extension table to read the file directly rather than via filelines table. + +* Fixed UI bug on host details and device user pages that caused the software search to not work properly when searching by CVE. + +* Fixed not validating the schema used in the Metadata URL. + +* Fixed improper HTTP status code if SMTP is invalid. + +* Fixed false positives for iCloud on macOS. + +* Fixed styling of copy message when copying fields. + +* Fixed a bug where an empty file uploaded to `POST /api/latest/fleet/mdm/apple/setup/eula` resulted in a 500; now returns a 400 Bad Request. + +* Fixed vulnerability dropdown that was hiding if no vulnerabilities. + +* Fixed scroll behavior with disk encryption status. + +* Fixed empty software image in sandbox mode. + +* Fixed improper HTTP status code when `fleet/forgot_password` endpoint is rate limited. + +* Fixed MaxBurst limit parameter for `fleet/forgot_password` endpoint. + +* Fixed a bug where reading from the replica would not read recent writes when matching a set of MDM profiles to a team (the `GET /mdm/apple/profiles/match` endpoint). + +* Fixed an issue that displayed Nudge to macOS hosts if MDM was configured but MDM features weren't turned on for the host. + +* Fixed tooltip word wrapping on the error cell in the macOS settings table. + +* Fixed extraneous loading spinner rendering on the software page. + +* Fixed styling bug on setup caused by new font being much wider. + + +## Ready to upgrade? + +Visit our [Upgrade guide](https://fleetdm.com/docs/deploying/upgrading-fleet) in the Fleet docs for instructions on updating to Fleet 4.34.0. + + + + + + + diff --git a/website/assets/images/articles/fleet-4.34.0-1600x900@2x.png b/website/assets/images/articles/fleet-4.34.0-1600x900@2x.png new file mode 100644 index 0000000000000000000000000000000000000000..f86b4459afb2daabe74a1a41726ef8fde7c7ba82 GIT binary patch literal 52588 zcmeGDby!s0_Xdm~kdhD)1f*sZ6;L{)84x8zr8}ilq?^IOpjAYrC8R-Gq$Ne^?(Xh^ zftmNr!1#H-zu%wl_5SC%uIKR#bI#stuXV4r?zQ%wH!2V1DM%Se0RW&-RJfxC0OSDx zKukhH1pWnOqAv{obM}dXt_uLrUc>x{r>J&y1N@YJm5S4@D*)D%AxP{d~fPAb4fsAhW>l$+Wox+Zz8S-{P$!1 zS?GU1I^mQ2=c9Bifd8M5=h*`O^9lI(>ZvyVsR;**e~|bGiGNW7=MDdY>8U3ELE;}I z{v}Bq2L2_2>vBWoHzV~#6L*X8U&w8h)d*duhSkAv6|D8%#`KM>l(S^73X#ib8Z6R}1vg+t^

oclK5A&{U;{;D^vd!=KmkI zB7T79F%uu`a8}d!*;yr*NF=#$r!K607LRI^q~ERB6AD$QQr`{xBn9EyG;JDbVs^1w z_04kST6{C6S*NOhi(ZL{DEXELP1Mn9*^|i?&+U;<;>s+L&(JEExcmZl zS^Jf&29})R7Z2$d-t@SfI_hYlGFPOPB{c3Cw@y%tKpO?b*Zfa&R?U;a; z8_&XHJpMFJM3tF!r!Fj&?d+kgyJumNsFfrUmv3fkIz1J0L+sDOFM8MqKiy^J`}Syt z;!D%GCe`y;Ka|SRQH_*LvycV>gc0dI75_oFp;A^@C^_6?`QVK=Q@r?IxN>8a05zXh zH9gMdDl(^|-1aM4F5?f&&ZgN|dxMbUY3j|{`7nJ#T(fE@3X@ORi?sqF zj#`{gX@a4*BTBXFSy-zN^ji_hA6`J$4YGcQ|K{kEegQodOIrLw0C=0)Q@Nuyf||IW zecW;1T#fUY#I~ol0Lf%d->Ub-4<7#t=F80=Mg;`VCkz#cY4y>{(>7db?hgxTh^K4B zo$^gIB#{Qq*mVii-!RMPH@Wc@;R2xcY`LFpWP%XNpZx;wld#exfZiohBe?wM7`Cj- z6z*V1H%x@Ql68gP;14C-mI7BcS(9Npc!`1qx&EByQw?E=O}g@7e+u*6JUCPiwJEDg zboXfU5ByjyR-BJv)qc333UL$`+BqBtGmVaoe#3T-xs(VenTC-I*>X!B_Er_ zz3%=Ki2=b9KjzgFkQ9TuW=uuxE+#4+YBWkA}iJCS0@CG)wo1-@> zQSCdUqR|O1+VF5TTzGkP&7S+|(e4|8E4bEeB7Y{*$_fv})D3XK{?*=_O%)H&u40FM zf8=`YQ438s>EM6#tCyeZ_^lHs+p<*oX-a&5%${j23s?5F-CjBs3rHu$G>0SF`sBaH zP$_7-?cZ5J+%GmVqf*EoD3HvwpAm-NBTBqD`$D_{_P-{Qr;tnt>tmLm6NZnl25i7OC$j?~&Oy`a#1i7no#?wqH>E?{@N(%&8v)wGg21He@eF~m%hv$Bs4}%6~ zYl~%ZbE{ZldObQ0L(!F++C&be?YrqSYf_Lwj64V#;9 zH9Nyt;(bONmWfYiXTOONzQg%0!U?(d*;-rHqph)^wNUj|48&VxNRz6Xd>r|dJqGD$ zIA&01t&MSNoZJ@IFo@O5HSC8O<=Nx?sX2U0Kfrrob*01yrjvOw!rch{snp?Ho)_+g z$hVkV+-4FLl%RNlHsi>#p z+%jal&o7ng|mcWk2o(kV8`79_tOUHL2Rgs`r+pxn)GV<(L&qc zf>AW=Wm(RhEV_QZe0=_IQgCt?5Cj-oR4n~hm$$HS$>Om8j~?3dz5Y0iagb}gfXlP> zhau%1_k9XVqP)S%|CKh8;n?MTp1e?hu79{AY-HcOA!@bLaQUoJcd4!0k`I4Rp$I4; zVcz2Enyd2Zk^;K0p2YQD(%m|+_CaB1rQrIF7Sd&iW2a`;-F2?Ix4nB7$F=&S0|g`R-h~SPfSo=p?S(bsa&9?WQWl%> zM1&$b+IK&#T#Jmh#N33p0MsWrttB2Vp|De9F#Ke+SL+Xvc3&KCMA_v>;5&_gxmk5! z@J-!87unN+fyh9N&AzYwsAM~K=+!be05+eOU)aZaLx7zkw!Nt>)BjG-yu19nfX+b6 z&=l@%b~4OFfMZrx6wl*{)m``hZ8l}z#=KZF9Q{}j7tsN0X6)k{J--ecOdh>g7x=%* zp7;@yN$hBrIYu>jU+8EeH^s?ag8kz!8|+J%DOFf7I-B_Mn_k$wTjaw!ORIr30a=XA zOgW5=F^_;uT-O7BDq6tS`2g^?->~uf<(S3ow-2X7z?J{{4mcP1^XUv6aF9VypFGuV z)cL0dgY`-WYs!r^m*4-IZn_e~M+Vh)^-N+peGss?jP-BRBVD}a+YD*qrc1t6NCB@a z7<)8I&uxf4t@|JW>%?dTa|IM&Md0GweAe_f@P5T7fw0dS17pcrRaVO5N47As{=U3j!zU|$n_P6{f zpjEvvcKQyGdIc-j)SueBe1>#S4cZX3vHPhyWuGJ-6V5n4JT^BrFLpdK*w8|@-N!*h z`twOx5G~UNwk$)tnVr@eD#C5k&dpIU>v3%3H=_jbBYqFUq%PrRu{fE<(%#W(Lr%9J zHWxR5d_EC+Jsc8DX4S-+bv!+9>TG-6GkHBUj^gyC0R9utbD5h+`jo4W=T(_(+|Jx^ zUzovZ@1VktE@z`_-1la|u!}3FXRCU0+FicW7o`_Z#QU5nAL2i3_N(Fz9bH2i-S&96 z*?22N!a&(7e1_7rYVR2^vm4LQT0Vfo*thfRMc}=j?T$E$(j4=#oakCZ#u=n(rYhx? zhbzZ21|l)A>+F5pd*KOWR~nb-MsZm$F|wi?w1Rbp>8|O~V3@TBsFTe?M-MsO5IsB_ zv8|o=sU6qixCCc@IN=Tc!vBAl626X zwmYu4cTOXInE)|e!-B`q{$`5(G9++Ojx|i`7?vFO!RFY^s65YD2aS87C+o ze$VF)N0f3)32M{3{kRwX+TCUHk0%q?B$zfp`WT*n*kCQ3Fzh4p|1<68&;D{y8+*EV zHnD5g+zF9`gRHNn20W@Su9~B%jf41OK>i8yp0h4`&ja(2czA1w#~bIT*Ly&wT;Puh8V5yHuYLq{4li5^RaTVkueo~1- zV|A?xNkMJOt@T#^h;EU=^tokRj2}||ORvq1q>gO!q`n`hY5b}WX5NHX4=`)GZjRj9 z)^TduOMiC-h1i52m>R^!zRvs{8~+A$i%_3eL`kLPVya!fN1I&-+BncA-oR!KJ*)T} zEdn)=bt1>zn^rXBHF{^>bXxMNe!#L*+J~8$wp0pK@S{!?ohkaW3r+9HkD%)uNF>28wtqvWa7Ach&LoCAAgX(;KBrzLG2venZXZ7`c28C%?`J;t#H{t4W_gj8nsG6#fIqW6MM7KijSayecAI;o^-`YR+7Z@6B z7*yI!R;T9c`%Vv5V$pmGmgs|te1tO0EB{j7-)VH4xR%#`ALnv_G5q)UU13X8^Zolh zQS;s@99pn2e?QfVjnKAFV&ha5mcMFDMh=>-qUY_wih+(8J@w{Ol?tU%A;=A+qzZ1V zF&eQ9(quu5#Sm&t@z#HXuQ)a{q-yFrarBMCsO?~p(>&;K*f3SQ#29m^`p@v2Wfo0s zIw0Mrx!gQBPub83R>y_%=LpGe;zzu4G`=V+8Jye;B2-Wt7SABbj1ztJ4#wvqji{c1 z%v%{T(1~UzeGkc9w%pcf{jpVPnarR5MZH9*s3G z-+qt!%D5}yW&)2LK%SXw@+oro#ESQz3UTr9`W;7r2>1*)e8t@P$nhn`?ria1c-YuX9)ezFTT zTf!WkA3L?T#F!!rs&s}%FRg3l?|{xHSq0m3mJsqD8p2VSnsF>NKlFoT|IYZ{l9&S3 zbJtcs-|6Vrx$(bY=PoX@&@EHV8!fy(T%4+42LnY9x%78`Op&ynIcZ7WRh+_R``Ua$Bago>gt4rVJuZ{3mqs#>E6Z#-MAbcncuJ z1Xqwg&IMV7U)lH$?{6C@u#p|%^Dy*1clwN{6(-mKfC07m`VfN$dZ=%%rD@cq|Mcsc z@{F|kqELo{c>XIq=C4R3wDgc zQEN?8Yh?nb-#u}_;0pjeo96nZScWQZYEe=W;=c1ck=j##ds5zs=C35X*nAF51O+Wj zcPhj0BXIGR3+oENM1lKQu@DMD7T)+D3H6jPE(g>w($qFpAFQxCp>zM%5HnDW4*?S& zr4HUuHYF#ZbawW6aNGz=d9t+DiRpF-+F-=5zwcB)U`v+W#i)(x}<8j&B@b8@I4f9Tgzb;onQ6zOOog0D7KdK z9*OTZ(k2|bem;5p?jFBw@6JMlb)Jx0Ort_~Ve;F?wJL_)%*Da9TUVDxZHjN{CAZp; z8~6#?YCOFEK9;}ZdgWV^s|?>-5D+vkNxJ9EpY_k2cVB!K`evCk-;S&_ZZ{IxXwKf1 zXm{kYu1c6c14IS`n9@L6(ZFdjDf@rL8Uzok*9!~L!s2bP^`g`D0WFG{bO$672Z+do6FFq! z%D#y|Tv{W=JPBTjM{=NxNC$?9f0GPjg5O~pbTSX|(MI<(%U7)KC#?E#msFK-l~nx@ zVj10m9ET4->sz9Ckw)(&m^P}e2ZiMm*S|nH96fa$Z8!OyUd{8I8T23repn3 znh`~MPy<~&^~qd-v=B)Ec$<35t}DcIeX?l>))unQ;&h)DMIZJQ+H9svZ{GV7(j=># zO(CZ>UzfdUQR=OTE#2oU*?~zO)G(G&r6j&)hi8ge3BTE&9`lDBtPu0k-Ec zu6K_uP-^bsfeEK4THbWz>9i?41ub>#WrIY-zAuz+21gIp3`glpd|M-yG5aI3R3qXf z=M%fhNW7{(Vdk+tCVp#JN(g>?&yVye=kfl>LTQC{C2{-~X(Y}cHLx~SA)P*F-;U2f z_7!eEzy+y8icS|iQ5^DLFKv7M%DcZ2h8phjELkrzL8vKAZ$l(Se3%v!)RC7sNVa;{ zE7?hIf3d+4{(vPajNqg>v_}X;?D*h%N%-VFnfEjziu$%^s0cEQZ4VJg@{~3T!%bC3 zD@CbV5e-VhXP>Dk4E=R4ZwwLwe%|{M-t)6_Wuhs*=NS}@$Wtl|m9*2EmY3{uL44%7 z-$!zLGIn4z^%&=7Hxw|iVUJ}M4}0D2w-avKmvZT?Fh|6@XVCs*2%MTyGXEBR2j5&k z_U5$uHrt)Clv@$hmPJk45Kq3xhaX$Z#{CF7Nt(!p6JB$`VbA9YmdQE8tGjuP6Bz? zYW5Iyl*ck?_s8h|=_C?0U?!`2|D&#%qUP}=TJUn!?qV`2b*9Lp!|y8xZJ;RwB=meI zMRB0l=uQWr(OgD@LUb*DZ1SOmT@Si0Ip0IH)gYc5Vug$kzEO4*S?4@@m@gdnDkNwf z#q)kjIZBdl9JSAd=hY>ojg+svwI{V*(lo|K#3H<3$>is!Uzpczc8Fp|ujcJBb1*Yc zoBl*RCyH;6Dveie&Ay~Q6~x1h^R9sp7_W=4%aCLxWDjF99-$508L9T}Lq`QlgZ`wW zQTr}XzW!1*pH$Gw@8i77fihKxm2_veCjJDD@|C%m@3p_&I0XpA3)IBbnJAKXlx*A9qoevmk}{q?}g(9lEI$ z?WZK2l`p=U)GH`){tWz=wj?=RO|%1y{@5kZ;Wer67Cii%NbK z$$g}{Jqs?ik%iQyUQ&2UNqBYnK^y1Mmqi>RiI^~fQFPm<+D)!vf5R*( zTkYF5LW7o>kZ}=qyB79B#`e$jam3;0tOEt;+~qH(d~2H39zE{@^L;$xxy}3&C(So9 zOcaD_(^jBab%B%>wVGK<*bcEO5ysHJl|?05a?SqW<O)Y^SEx>Pnx@stT zw+e)b@h0lF84NI66zA`MUXa=?bXq_DTN;x;#CU6SAmKV%f%6mUZF)3~r{V+X-5#&z zbVSe5S=GBA6P&H33;!f&w-H4M+4WmZhST8Vyy4|_Oct5>x!x+tnz=OX;?EYg!fv$v zYo3nj0<&4>L3@kWI&+KzZ`Y4|Oeh`Cy=$HQr9wD}9AZ6^>*Ekijap7KRQ!p-(U>Fc zP2l|ytPK&mscNA_tF<4U>h*9b9%AvH0rukW+7Z~bM`bx9ORSc?L{|H|^ z_8aM}8CYjZiZ)f_CP>pt6k4+;89+w)Or$E?NvoMn3@C({AI zUL3~dI{012k+l=6TVt=^4RMQ6vM^W7QbXt=ycaCnK3%ZLpZPJIl;?;euK*HjKRaRPo%ZXJN1y0DO#B(I6&Y5jH+?!&U_vf9^k-2$nOqIow5s$G7g)c+Pc))%`IYW_ zO9DsXwHl|*u{yNNjAlQL%qvN%kT0ELVvP+mZEsYGGX6&Q0XWtpl|Zx#3>22BOVN8_ zpz_J7r~H{mv{%veZL`+cFMl8R6vtpa@tWm>XqFXSBSvY<3S^B*yCsvGiEGHFvOR-U z-;OhZbP@bi2h!7@9)jS~yOMYLl>{cA-(j&q50ulO6eu`4*yG};lgYica&a|5BHzgx zn(dk|Q#LY-aARC*%W|%hL7FJ}a-dwasNX%BQNQ2X^^IdzII~)lpNOQ^{IpWs*%yTm zWi}gnR@n{QW_`ddbEetj<35HiVXh7l>|(oT^GB~ZZqWl&Pv}QxWaWqj?_I)&O5W7Q z>GJP$d?OLUUiJ!$5;`?_(U0arI8rIz{n@cUsi~~iwLb${{MS({ev*R zby!%~^Q7j(!;;46V#fcyj9vdChJewJ^l6t8HgxT0Mv#Z{m2Ee(7rg4r#gzkzn^^UJ z9X^bHQl}C>x@AA}0OT#tDwq8xcLU@W=#5v1BDnO8{+i?Tc^?c#dE#XcEDl!*43t-C z3kG!1Gcz}w3y>H?-p2@zxkA}6v7@NIQ2&KA(e}bu^y>=U?VhaKu^gYF%`be{T|UtYx|q9)JYck1)$lK_JzS{VfST&RQ| z5)>vr$Ez#<3m@nRxT>!v{v>Q|VkFMVdrUFLk%t%2`% zy*no(gO3Kw3ro^g7?L*32m$YQ>^-k}venWvq>@uWEB^x!Pb}tsXAf;S)(+>8 zeh4QGSjpXQ=r>zc&m$DP{fY>a&@h(?&xr?kP0Yhc#vb=3ADnAQ`AX(M=jbs$l!FV? z0P6#+5T7wZyo%RhB=>ax?Na6lD0<(r#vAN?aPts{4nQs%t7SC|(|e9Lez53~O!8PS zU-Zz(i&f##r`1kmSJ=ti01)sN8~=+mFcFd8q&FE&dpF`I#2EdtRi<8uvVx{V;XT^} z^3%ryBu`@FLo$VW50(nHc(4)(x=q$Bjcfv0I1a&p;B%}1&YF&RUZ9klam3Y(casRO zPPO9rbSI;dRuZtqSN!rOP(hldFFhTwb5O6K=(vxa;IX}*o4&z5{OEzkU0Tn@oBk6Pn_cras9!5Q{pg5BM&U*e zu%yPaqS-HOeU1HaSEb0&Gt2%FgwidEpud`Kc0EvaujHv>(H=2G_2XKi(o$Fymu-WJ z7_J_rw%A>Xnx9%mTb14Bz6luxA3pYt)Fg$+?s_O&Jfg$RWlf0H(8nrNvZJ{J)Z#s8 zmx}3@fy1Q|_Lvwg`>;I!^#=ABnnMvZB>v6VM|T3=qOdS09ApIJv5L?~AII}FCC8vx zTasu|nA(Fq3sgeB>t(QBNC?F!TiQ=d>>Q4ro`#H(dt8?|cvW9skGSyyX4`TBU$GTZ zy$y?hjqLxBmxFVqfGI2>oO5XL589sZ-%*wPv6$Ziz7WKMzv#EQE3&*E-*tqONcwRI zI7>k>2iAGX>}m_sN5k=NJ^EI1M^KfNyiM>5|b=omjxwz7bm5@Wr0a1!5R7YLKFtC|HFqrPa#w`LLbKAT? z_B(*;sb&yHq3Xfx`1Gv@#x0y?CEJOC$OjA}34DI{ZbeABG}f4{B1d0!%im_OhLAk3 zV6y9Tcnt>O_S;wNx{|-RlU^Z|=<@z7>Sw$6siaMjdi=;cCAE0VbG>`eY@PayU5g&p zbpvcq>b=>{2jLC#=uPEmN_4_}BZeJGcrUyub{gGBUB`Ib>jhA=h&c4-9fP8Y2t*y) z=C*5yD0J((WK+ZM_+Si^2G|P(6UT%++$++yM|C?`10}lp7yI>X`tc6lKm3F)8CN>9 zk}(M-lm%J8LqwcGdf-<~r3JeBim|eK%!Mub`+7}?Cx|a6Wjy1_1TzndZEzlC#hr+zq--w?9xk3OYiC4KET9nzG!2|$ZrC*?v zoL|wMznokEZD#W~^PQ0adjaM-5aFDGSU-v!_qm^I-{!_`bIMQ^AcG_*%iBfhu7<4)mMD(KOp9P*EJ-X;p4y9r^ZF& zJiZn0X+7$l(D|IbZoF>5gU;`f;z*VK$w`ZuI85A4{H9jdX!ZCYFMr|~@@727NACAC zD42~H#=SPmkB23XjUCDMxP=^!eih75MH3s@+nm3%aV8)slThm6%34b_5ajQHs8r13 zaAd z_d}EP_gb@(Nz`I$Mko^)BRp(8#Vdtldqyu>aY=kBl3kL`AiNDWk9O>jzw$PhMsd** zJ<{nqR9t2!Ot*ddI&)C+yy;2pAf1oRgQ;)vFWHC}Ouzo*wiBYmd(5iKp7Ivc*U7i7 z3m-qyT}jY8Khsj45RNJF-*h)MRB)IvG7u@sgku8Zclc_F&cVW7fZ;3`fFIFw8)C(^ z!tEwdTNOPbnh#%Y8yl)`UA>2XA5Avu_LN=D@Tasfw z2>9A~*dn_4@FjaG$ZkN!VnDm&xl`6;+M66LC3lb12HSn%`n*4u&$qqc(NKYwxPF~k zA``uQW*OyjtLhtTpX9M#_UibWejyh&(5ny_Zd+{4`kHP^t*)MXW#2F@foA{liTScea*Y4?Cc>n@YSgZa343WKysyFEiO|Nf)i zsg>p7k6i69`zdm@l^i5fA1s)mSE}NRo?%rZErm76hn&2R>~i898ZsHx)=t=07Pag6 zvNtC0*7vHVSEc3;h-hMVd-VEFYNVntOkx2W-6VYJ@jS(~yRHwr`e~HJtoqdbNlsU? zjm>xfAoyuQzADw_-OIl2jUP}2lpDwi!QS8dIDusjxI4wOQ_b@hU`P;nF{Iog;X(3Y|3aIZ_v(r6Qr8O^u6cRJixSPqx`pRSH-Y%e1n{7YYALR z_lEP2_maJQ=T#8P_MUN#3?%BuZhh&pLe~8!5$9Oo2KFs_4F;9!#lzo%G8!6SF2#gf zt9kgZ;!;8+8*_UDoxj?$d|)b|pr`!N(9LgW*WqM)B2kJ#8v8yGUx(U;&?IHSmtCYG z88WpGxO^mI+p9>ydy0!5ECa_d+T8E1s%Uo^X-wzKY*9GxR#6qDC2DCPRbHV>jN$wB zuP3z>ui&XkMqOP)e!qNIO!JM+##&N{4(vu=?2&(e&PSkwbXyxYybOi`gTvDmPoltn z6YXsgshP@C_f~lXW+zY{=W9I@F{qZSf+m^^eh3 zbYJ|)-IXFcs;0soD3i^GUEP4dsVwJFCgW$HR;V*fRd03ObpjJpz~r}h>@z1F8xTS* zF<|F_6FJvA*dewOELb!qYGdk)dUs9L&4xL3H?r^I3fbioem_un1`DLbpD$q6k%esw zVR=TCBANFQ&*c;^N9dhDQ3O5o#9cM|z*_w$L{Q^{EEN1F`uqu7uE2H`z*fH^$5Flp z;yIN{!}-@6#H`l{rQ24F)v>Y#oZv`Brg%f%`^DRc+fYp#Zg4FrhAz8PnEeFoQ;AC_ z$O*WoShobuAWIscahbrm)%f@gINsXaGS7N-+o^RlKA#TB@f(yqi3V)Hg{-k>-Q+f; zVRQ2!3@M@+D+l3J2?tX?D4Pw2M+1PgMam<$2ZVydLfSms7A`WRrLpia8@$$cAbG7u z6>ySc)d6T;Jzep$M{ar<_N|2T2_D`hUlRu{TR$;q`#Py&#sZ`-o`#Xsej&#a@X5^k zt%MnO=Yy1ZNUT4A+HAY6fPGL!=ydjs)LNunt`Sp*ZAO{NW?(|d6{Y3Hugg4S*2Ofp z?@gYZ*h#-|V(Y{n(5aT}t(mtbjnP9MCEfq~||WrleKhC~R!Z3JG7IwNH?w&`c}uQeF^A zM{g#sEdP3c-Lgr-A@0~XEkG7LuMg|O>`B>MOFGKVmlwt_z3=-K?Z$WrNeC0N6E6$+sWwbfp$3^EcFH#YGKJDz>f8{#CLMcZW}ez zoz!D{%Z~P5sc;`5BluD((Bk;0?InTLgMRwJEE)onDT@{N%DFKPiZ8Gt zcfXO+3N{w_)FP)RZ*1+(C_4Ko+8xT&RrtyeY_mmE8-*fKteA>cV)5U-I# zc+*Yw(f1+ffcB-w(tK53uG&KwN<|PZPK=sT4z}7Vi zH0i~Pi-!sxKiky{?|5_DJn=K}^iz!Wysb@3l;K@>hcqBXMP}?}UrrjHjbv(HtRq)B z%;N!_xr)qX@2XFJ2&^PwDcr8^mY3OuWIwQ4A{lF2c z7w~W$7&=uvIU<~zlfo-5{jr{Fe=uB2=PP3LWAfEAD9~}+rbe{*qK2x2iln0hq%Pks zSjLt&-SoUU*hVh9q^JCpW;x^gGKZqw(pFY(d&!O53`|(TY$#wSkRHVDND%Jk+E7oY zGlE<`ni)0Fo1RP=R+onu{p8yZ58Z?$Py^E2sgHIu35mL%c-yuiawyR^yExfxnc;4qj%9mXU5p+d&PTITdw3Hyb8-~@3VnmpU0t!y*h53L@v#AI&sSEE> zn*v-E{wuk(1fofBMzuKCU=uOMm9doOX*5yAbezFs33>QCn_GK_4H9Af8dm8!_)}it65cbL%`{ z9fpbbns1+-Cu^^|%6<6rof>84dP|4*Hr!vcr?18@j7!|yIH(x>s0A7Bz?Iy)hLsdfIF<<#bM$)~nw~A06 z$4w?6U1-z0(UN(qD89|DP&4B}S_{SuHv*;ACer?VNhpfyD$8B+BHGIE`&0j^V{?pN zaw*XoBF@*i3x|2T9v(KY^cVOwM(wYQN$0N)WaA=2>UoD7u&;vl`5;djaei z%lD?5b^0w?A={B`(_q>NF0k$G@V?lmF81}K-{N7m?#t%eyxK7hh^FWe^vx{3aIfohuIo zMKgghV|b3J)(*I{hXH@`JnUZ|3_^ zCgZc(4`rQ~4aYM+BW7c5lV0+u|9CjW^!1XL&sE@t}Qz2kf=J88u9G zK%Ykq2!qq}L~;}G!^c*r9Pv0@kgs+@Uf@)|IVYZczh%VvOh~rga8pJTPwUI~l&~UE z3PV6M@+Y*K&(4W+;ZU!S^a=?$*TzE(c(ZC`{;`NJ`UNH7 zoykpvKTP}qOKPG6yz0_r;-fV%cr#BLr2w=e0T?~t!SjA?- zk!E}Yx32Rx9`Gp_@!!86&bi9=f_KYX$>IGd8RRd08w{BmuG%b zX={|8Wfe+D0YkIN6OJR*67f<-Er@6-k0A>fNUb7k!HSE~e>Lr7NB*;ce=kK}H_4)I z*$=_x#rm~eApMf0t${n+0p;;ruM^_S?4bbxd*NO_^|Y`hR~Vt8aX04ogBsWhzr#6$ zkkvu+!%v8wG+<(FVRusp?4G>rl^=L#=g8H-$MR+`rl5Fnq>7W!e~m=$p)SZ!q&{%n zCs~Qsyl85kNxY}>9l&#`p8dGyZazH01r4zgD{8^H}8~BTDl&4tdAM|JUF<5 zY!3(Uvw3NGn1Rl);A%@^CtkX8f_D5P?d1&77BCy=dEN$ki|v->e>|4}8un2c^WeaT zJ`Nb@Ucxsx;m#mC02+Fs&^g2zqddPLQM)MUv${_^1Xum+4 z=g){ah_$}!>kdNYEP#zY(!}U4lW%>L0nYcnR1t1h(>5_3=Yz^WC9A28=(SjI>lhF8 zz?GB>6w6~(_GOQDuj@On=IHv!yiMI``g2J=nW~Lb6)B^qgfWR=`@B*I{yTtldDuV-tAv5?m40jBYELNbf~q$ji0%RuOW3`H*JkP0vncduXT$*O~l z3pg@nllpFdI#i>7WKfls?gKPLMNoIaQg>5U7!yzu#k!yydHasZ@?>y4joKd0oqbrr z99Y?&@&`T3Kg1}P4foZiY91h<^k#R&V^X*^+B%d5;P56>VC}n2stzjWS_?GrJZ5(` zI*(kYqz4~A()b7U(JLv$$3ZAB(8~`d0Yrx*Diu?gs)%7@#_tfc;VPt@F^`H67@MrW z0K)u9|54HnSuzDu#}!A$ho6UFMT0Wr>4R7G;;5g9qnXEjS9BhO+ zNEQ!(y18_>ual44GHPa<&@+t&)x35n)n_=4m&si$(<;8k@1O!g#O4GdmuJ3tm`NcL z&H(g@IRSF_xS$*&D&|P>Z&G%RJ?zh`kx0{5lr4#AaITAflC23@PpMk0ejs8pdGLPW>_&t7HF^=HXRp;tJX(r<3oGH@BznY z(Ml!!2}Bw$Qr7sGP9Yhac2F75#|m z`ZZ_4C6a&{c|GNf$@Fx!Pnnzv0xE8+X4e}lrnxVofJAN%0{-1k-Jr0EuTT8gvmZ%5 zNN(BFNsSL==5nq=_PLBz7aHI2-`J}0F35YpQfNs7e~{`@3Z7hn!o0OE`bfI9#xYCh zgP_JlxMaU)H(RafKz!FDVK-9z=8f<10Y~(bwy_(;0CJ^&yqf)b$o@W5!Vt!?Gi*yhE z!o=%;ACT^CWmi0-pjK#yr8RfUn3Eqppg2f8L$70!k z6h-xAkDi}VB2|~vnAqmGdkK)x^kT@(D~MiLqX?kKMtFAq7{(pinH)U+2?V|dcH0zm z0C52&{)lpS!~FFSV@pP#gwUjWco~x~r7a)w_$Rh_x8z+(h$)KiBBJ@7$Lyk40bc^o zwuSP7&iP4l^%*8$;bZI$o^$fBe83|Qq%?ap@RW}|6D}n8FsUTxBEG4G;%rV!5-yCq z=1QX3DP?I|0S^L~8M+HHExr@`Lf0`zKtZ=@b3Io$3eD@wrUrgxHTfijU5NpAvPNb1 zEo?+Q70xI;b^tfvg6y|a-gHt+tNJboqxt2+`$l9@MWyl~%)_*=m`moz;i!Y6RdVYW zwYkFJZvbMXc4G&2el87EG*r)mKXg9A_HvuQ2$xh`08}gl(v;uu59n+}$b8;)7-YD6 z%ZvVUMnMr{w(d>foi<|vyL)ompG(IHqQCK9A7OBlS zqATA@MBMf6%+EBlP)fR*K;hO7`40N^)Rh@;xu@Q~>MjvL7H7tc4APnri@v0U8H`HH z{wNVchPSUwcbV0vw0Y;2maH%=k0Scqv>J-V43gzTgT0yzX(_XhrU&wq2hf(FhqWjH z;Qy_E^d}54Va{O%WX5Q|d%7E1*}xLST{!kEA!d?58Z-jR8%OjYAWs+&&MEEP@ACz0yY*1Z5B`nLWj*^vONc&+NfAsfplcVMSGWMho|DZ!<}%) z&XkF!UuowIs6#b&m+eK=CN_Rq`IvSGXMvd?>UiRcN_Y|d3BDY1%zj`{a;)IQ$U>1e z2wiX4(QE$LrnsK#GyWND*?jY`ILmzd^YIX0nuUjXnpYREKSN7iCXK(M>{iBV^5@zY zJ1#JBMwq zn1fd{zrZvObl~T~QYTG$^NzuDBmtRA;GvIzS_&{~n^g!AKBww??yIy4S$w!6sIB>G zs~bRZ9OoUkR9gpo8Fm(E1-Y)M18kBX`MdeIqg**r!wKQO2($f!11n?uU_waF;{iKf z4o{I?Nh$DXRKO9o&eWUgHI`sr8Qe>dpaqfsp6yb7;FtUKaw;uP#K~L5o*o^7>D8jc zVEae3_=|YD?ytobXAo@j>=6<1zX{q z$gLsmYWF{jy63^84N&FN;QRnE&tqZ)GTY8`lRJn|K>KLGf9y!D6V-#4+gU^Wg_vVoGN1NnU-@?Zpu_h{>r8HJz-SWG zpcg-;y{>0641&dEz+}#%P!mJo}#`~{_?;N!u?&xzK@3pZ%cjbJTVbWpkVUx3} zgfK&vydE2S%H?-_w0)-kuI;w9qvP)|$N8Dk+)D4%^UZs!4x2UmElzPlEt9X>!s;kL zGshSiV496y*xq_kJ)^$S8*TqBoe(UoNCi2Crlkqm|onJQf3 z!sdi>az{Z&E5s&Rq3O~0$#B=4QNR8gp;8aWKw-7>Gl=k#h9aBYS2Ccnl03|Qlsq>~ zX-|P1>tF&%Gch(%Ta=&?Fal}!!eh2@i%EJQy&!Cpm=JUD3fux|=*Gn9`GvJaFE!rD znIIv4^3v6-fl_J!YcZ=tL3rIJ2m6+$`X*Rm~g=OGjG& zB-C_7ZmGWGpsq(p`gNffDQIrRWn`rKGTB&cH$3imznXo|t*aed_4PRU*GqvABU+9Zs^NkJ33_zg z$f>sPla70mNBQM~e-d79^B}k5HgCs0KQ?QUjz^Hc(V+?+)#eLf!VTTsp;Niam6m@zAA8 z#^qr&B3$mWWZ<9ojl6lX5oAGF;MYQv3Oq4FFGh1}Pt^szlWu z_28@3*B-rB&N2G^C%(srNo`x66e=|I(#;>$xG zdrl1ue-iq8`>OBGrfxixY??$;3YHw0d2kS@wHLdu2y#KoyYWGyHFI(*&pD>Lj6ai` z@Da8J4_ZGx6O0l$$H{L5`N;>031{L_dFZ{vxg!6SU-9@HKKwopY2as|>#{0GlwAdCW-gt76$1V_QgQyO>=F4m zpFEt?I!y3|f6IB<1Do@eq_$szL5yDV5Pr1b&t6WXws$?QI-k(y@xe^l^H(gH&T-dv z2_AJFIBEflYwIf^tFlL&T+nsbKb>s#3!TxlAfM+SUXC2vt_xPx%H)O4dTb(8wo{#s!E!u0eE@teq^5h8zs+ROq0oD-4GLNHYC7jZ{ zpX{pmT_;k>!{W4zk@5n0b*sayEa}OF=6gnsz+QXxYYb4q zvuaX{$X9T18@SnAyA!rLZDq&`^Mlz_=;fAObnkbSys@z_`eMKqb>7Dc-LoqqqsA7^>^&*Iq8zsJJ zgy<|5(2mk!_vv8`PzP#|@5Q>TO(3&ZE)7`c(2=s#WTaWl_33AJ^Si7Rm0V`j@A@%3 zmUKPZyYFaadW%`aHgNx>z&<_brhQmdc7seVa&%ewaoESlh)3Y)pp%1C>73lyPi1n+ zNO-$p@1+)=A9V5U^JVw?KSg~mjd2<2KuT;qS#Fzu4r4yFYLBO0nR_j32}&+~6I=0> zy?;iPCwX)qbHWbn>IzSRumEFjNJ?ns?6Hp!F#G7W`wTYT6OGR^mTK6s!`jbDa*{6p z3?_CAN;my|-)bH^MbV$VRax{A&B~==mX#?GK1~aqU>X4u2eFnPQLKG!#a$&yb}zCO zOg7A(4$74@Ku!EEb|*da3$|U&ca2`u=KpE$%fF%S|Gx*3?AMhovRzuJglv&9BatOW zL?KJbPNVG0*q5$kD@)0mWkN^{$rdWIguz&&tWEYZ!VGi2-kLu5`TPO*eZJpw%nv0U z@8$V=?$5{L$(=kcCU6Lt|H=J5ezpEgi$D1Z%9~fDHTXEPpj=*6cYVP;aGKFhw`b_Xl zx7~>5*dZ5|i=pWfcJ)9kOv`7&q(0?|EtXv)rb>{(hGe z#>__)f|++g-F2UPFM2YHJ6K({pek;t4F=}>$FljQG^=Q^k6=ICQ`PC-O!wG7;Q$$t zLPmzh^3Mw#^rEOWj%_uWYY8uk;<#=Cc?16jMLOJ>2qfME^)((c5g1IP&lwhL3#Uu) zIjB;wPh6bcB}?^!cnh4z^;TQ0zks+Yg1^QH)p6+!q3GMomgsRTkWIY4zsOL7+X^Nw zgLlDx?fD(GRuCr&egiY5BaxXK!BjWbO@mK6sa-1l%_36k6*fs>gZIuU3k0ac_vdrtg<6aCrag_ZR}+32b^WV%0c2 zF;U=9)Ef(`f_0(2xJG8a%zGPf*TiUXr5pGCE$s0gr9~RiXR}7DIX~C+o~rlScbNkr zKh)JUr4RzFplf#y$=$A}M3GU<+@f}+Dg5{j^!S5Z3_6~#AuyQtIvp&^p#sLtRyb~R zae{aLKnNwx#?kviUJk|hJAZqbv$%%Uz`+7-)Ai}&uOEeJncFidUCEx?)K3(Y?qAK6 zak^`<;w^v#g8YqeWtoElZYjS;xV=ywng@vo+)!#!4!?3k?Y^QWW=Ct)qjx11W-9LqkW-p>g=JH>Q{y>}`O>+|xTGD1kHh`4llTe@FDfXGHyWhW%$J`_k zSMkc^P7$0Y0x*q3;o-Q5144{<{NS*j(i{v+BW^S=5f@?Wzhx2e^? zDGkcI)@P)xp1@77V?jnYN{_?`TR$K#{%WP0;(VZ`=O!}RNOgAwVB0^#Dcn4pK2kj2 z5Rl5aQ4_qO+U;&Y$JM9uZctdIh3njGfLUtI=l}Eq(QIRpQPwfx*)g0`AT=P7wa{*M z$SHi;qw8vA=Mhr+sH)%BP0w+rV39)>F9-Wi9aPyu^kuR^w)LAr=`f0*{xhoh9`PQ` zl^;c_a|BMj^Bt_rU64Ev#%Ki zpc3^#iDe_RXgeV!Zy?Z)a{D{r5%7ffLI^rHLOy+}dW^aLZp@Dq&4Bmo(0i%{my-MC z_{7f`utC1dnliKrtZ>e~dz_*C$tkqhHP zKb-5(Dy;R~))uW?+QPH#!lKm<@i`nz zy<1+fC!S}VOFy@vb~1oTaed+=R?9f=LkfEAl^pApX-y!4>hWiG1#MMm5&x`mMpm4B z$G6L2Wgxu$+zoFqSWSiZ=dI@bNa63n>|hM5fhMvArLk~Md1_aOyx zGIJ;aOJ|a-xksxt$1pw(=7@)$u^DGBY-o0Lo*OurGStwub&4TJ3q+eI9Kh9qgHM-i z$ry4l$P!4{4}m4lJRWm;e&3lmAD|3lk}E4N2^I{@>i_44L?b_N)TOrRui|a~?s#|X>mSl1uToM?(>$(Q z9B#B(!7MfCb+8@Dy%^65E^5E4=YaHhoV`9JM|lcNxZuII|%3(@7a;Sc$@vmjXg|Gg}6 z^>2CJblgfri0ZY9s*MtrLb|-%7E7NJ$D3CFVKKWtXxvl^pt zX#*u7n%gd0J+~E#b3?mzfM>C0oDhp*h%l5Ts%z0VOnL0-m&{;XYQ(Q2~`R-?Ra$!TP{oF}6> zH(m8@;eo5*s1-FUac9(XiMo#V)bC6&Fhq+HCMORNy|}SMJ zD7d9)aQm5;L10WsZ!YyYw2@6?sF3c6!aS1473xTq+SZX+Vjo8RKo#0bSc_}i$%DNw zsb1(je-5NT*6vtd`a=c*ZSL$m^7u2xfPHIAX3o?DSEX_7VQu;HFEXPDF{jy!eSlbd zob8xR@<~UoXqqH_m2(HgFgke<_Nv*p$dZ?ABpM$ZX@AMw@$ebWTJCJ-(I757I6IS6 z#ebkx8fq7XFX!47lz)he9Xq@BGN-JVFQOCN%6ymj2a=)^o?_t#XRc9dJm}5c-nZYa z{0<=?4S6)tOAu|~?YQfx6~(^Dz7PvcLdVb*u*DmLoE+9}ANHS^La1=~C)L3JzwdEAK|U=5yNs1M2|t)zx#}+~>aZ zvpMlo<$~om5~%H&p|L--#S+l{z289kd#`-4mrDcJc|`JY^NMPt(>Kg9h1VbLg8L7` z{!#>|?+E|%PEdCp!`Mjn>)J(GH=jTGxwh``!Do_&cF)sKNcb~o-!=M034sq+ea^r~ zpXoOYa=!I??zG0H-5TiPj2iNu8lv(hc*e31obiZHd4hS^tg4}4FMr})A2Ufcl`r#G zW`&X(SP2qhzgtcMudp~ibMhIR(S~>=GCR5bRpvuzi-Dnc{ZYq7Kqb|En_0IWTz`1s zb6siG*`TJ~T%fTZv~(MI6SloTp&6}h#5Dt)5vJ0O{H4(vHLq3SN$Ay@ggbP5*Od+c zSK%m3d%MAgfM7o+f-&rZ3tdSi82sQXzvuBLl=@XLv@fiVV{^aBhrCo;N^0o%rr+<@=jmn`J`{I$5~=2Vh5lj1Y@iGmrvi0?pV~`*5J0>S~y6!i2^Vh z#i0uSs2|HU9fmuTa<@v@dbo1w3LM~#K+uBY!-3So125Mlb}Eo`chL* z-8$LfuUjUrFb{FL)q_Bf8IQKgz+i?=23s*5pPvO;C(qP>%Ue2~6;Rg_CnUXpS)LY~ zWNpPy*ZEHG{}AoWpdA#T{%)*vD^ri96nLPfL;_L%jeQc6kUNhGH!Cey@O6SP&I@9OjIscyW?VW5q?PVamwXr@s{dl&w>gxT8 z5s;K{|1p99C*Rkn80J3$1Z>=rF~TCv{?Ri482_q%h7n8<(gtLgx#@ZQ2RABFq;}P;V$<# zaF=UpPQC~?zXa@@krt^Ez0k3m)vxT^aY-LemhW)S>=-(1`6ymBy;(Ut`lQOa+?nrw z9QA^Xuh+GT0bI4`610>7BoUu5F2mdT0s{KsburSETRr~7>tmkVc4#t=`@!o;JnLjy zqxto;gmm?_uY|tNT&}{duv}c+(X8I^39pM+Y={&NeAv0i(t7%4s>5| zP~I0QyoXLu%IAZMgM9Uf&5SODQfZT7gNNo85k=~FeX~da&aZsr(XI*3#qNCjaKhhu72e(mq0!|+RT*T=fzzK-{{M+)-Z7!um{sS`9BD5 zeh6fj)CB_a)O|fZ#;!yG79-=P2DVJ>xj{~!9(Xsj0HVEsS4+lb{4n|NouTc<0cP1s zKzdF(27B@;U|1k|2=P=tBlo?{p zvIFm05es}75ObI|!#r{6tDOf}2cl^`(NR7X5e*)k7Hs25=J36NvPc0esu(43b98$X1EpizJ*gssR!h@QXJ=8S1_iC zp|6ZIow*e=LNpZ@Kmvt>X8GHeeen%~4(K7U_ZCLHlaM7^LGBQ>2pJ8ovOfP|%0v2>Xjv zlUxlJHZ}olRA}PaQYRaDBpbA*Kr`7K*{%{|$r`$V(qLTne4ig9Ah7dXC$wnBXWOf) z)E65KRRlWo9sp*~rmcv+Gv{f3TtS3VjSzW5m%}qVkVp=g{+can6!Xz=&Shcfp0Rmq$L*>DE*Z5*!cAa9S)wG8<@>OB zMKow4w;H&_D0@VWOG~@S_G2@v(x(sty~BsZPh0*XRR(j{e|5-%FUo;J*O88PwC+1g z06^D?M=t0OS{KyVAOMMhSpMSQa4IpKN5L_HUewNwPA3AnJ^}JwvmPgqS@p6>^1lRR zsk08X+AeE3xEW_U9elvt69-33;TyNntbe;O=19i|d06m5Wp#t~#=rManWI~Z3G3@? zs^3SiGH93Q{WR&`Z5+HGTIauvTj{egB1gNpx_8$f}1`|6{pX~Cl<`Ddy_j^O4eftSnudlVth_9P0l@eShslp~ru*bAoQH=nupld{HP6mM3<%|gB`yq`ozJ$;OPnMl zcr%05Bp&+r{5k(=&@*T$dHm!wHf6pfpQ!gBm&@9$s>@fqz!6 z>vU%5ffz*)2~*~^Cp=GV(o_+f=aG_jG39!IMHP>xIjTg>TU;vR=~MLUI`_E(6Qcx4 z_Sxz)5sF;M8c`K;Rtp3;!>phsAoI5~VO=zPI)EcaW@%nx_ceB&e0R&l*1g|$}cZq;Xia@QoIY#@Ek#9q?z4v6i1mD=j} zI(7o7@qW(z*S7oa4Y#s4OuQvc@K%rGhkm9vi(u1L)`AMRZS9mRuNTRt&LI9S15D&mJ+*0 z&QkRe6*cVMA=`es4f~XiD`sfmbfp zeSSh`(10a0sb16ZtkH_NP<-(ASEb3kB^7kd_yrs|IOn2;@tGN6`8BhvZcBLvav9g> zxB_3fa7~9HoUijAVV@QO1Gv*~UQ4M}NPORsGnNYnPpkJegPXqaA`2rJ*8;!;*-Oc7 z1o`&c1|w-PtF)~DO7pmzzq&h^UOQ$`<#!US$<*BpMJkm^u=~Wu%Tb^Mtn1bSw-CgL z&C3^vpQfv&UB*|&8>!UbO!j{bKx3&$wEmN)Ti)QAx8=k0XP_TAlOMx!2fHz% ztOs@`#i<662833>yOh0O71^=5@*af53R0#0=cpY8lh1Ueo@_g_Zx9`&0}PyjSEq+p zMK*1!maeXqVLiJ{_04lNspLsR=jEqFRV>ad*+$^6r`4|aoR;BoZSnH*L7;d4OGjf; zTvj4eKvw1WVD+*ZJi6-MA-U0;ua7mHgIDi#=f+prb+6Vh>uYSft(Nw>^{Q1#Sp~yy zwhF6d8V%*<=1LXRmr2=oI>z)FpkpTBB~s*yD7pSDbMb~i(kDDFIM2PsrV1UuvBS{o zZpJ*9OS0S_8^lpxPn^TLIDW%ijE{4b`t*sQX;Js8UMfKC9Mfj8p?Ra^i?t`3ZmT(* zoOJ|$)n01d?X6lHW`s4Bb9fHGOOYobUOtG|^tFJHV8(C(5E6!ft2jktno9Yb&Yrv0 zBLR4{4&mLJb#j5urrOc^Y|>UmI=qyL%Lga{y%DXfN$zKK}&l>^KT6C@Ekxc zoW}9xHIeeSE&kH@i=^8Wzb25%L-8sQBSTSc$y$TO#N@JyG?Ww)PRV%yfP69cVeOpw zEUKrOn7QZrG5E4)1H`s|o`zN^cRI=G>{79i<;8ZbdPjsl?Wlsx^`FTZ;&_{fd14f; zNCY4~fF8tyWVrgrytkUmYP{zPTuwz^^!~hloRUZg59#g6^!L_W7|O|kqLC2Ia#xI4 zwUYBiwFRaP7+yJ@tzuhbujMGje!1u$YnNbkRplzglB)JuDZ2|S*F}QSt6kAGGwce) zf~CxJHYS#oypq?>8@w_t+R^aZ$4_DTtR?w{UKXp8Ww4o(+Olu0zI3VL6+L4(wK(S& zcd4%!HhdY^6!k9KpP`i~Vo`6&Z#&Vkd#f0zAj5|!g?8B-*A>%Oe^6DE8&fb4=!hDq96ut>m#l(#eJ2S^9dDxZJQYQY~Lp4xXg zCE;y@_Mpv((Y0p|1K(eGL!M)-IW_s{gr&wmfj@Uuk4rj)is6K>x#J9@k5 z&?SFs72pJhQ}R3-K={8_aa)6W$4mrcQKf~ZmYIAtmngPY3%YnI%ijQS8QkBCb1px4 zgmMFYm_)(CjA?Y)#G%nD#-l0cMU}2+l{Vfp-YRRdHy^H$OTnDGZtFDyLDQ-}Psjp` zAkb*Wx;Fq()}Dd1#H5z3SSMV*(IulTaIFS1rv!hetYvr|`B?SrZftQMbNPa(# zSRMx?ZH3Z}$!E{scxE2+@pcdk=PocW|Iq}_0QCa2#UZcn_mFAI0npXz`7-;|qHWAP4;c1byO8XC?cg_%QkPdPt2I!(mb`9jn7QDKDdy!eFXG*&VWHV2YR8}+Dx4&IAkn4`5{ z-DqVhbielp1R|Sc`x+Qs0UxFT^gK#v-0UPRfvQVBvnZcN(0Or_)Akm!Szg2_3NK?+ z1aG3k`^a|(e~xs2yM%DSzjKwroNrYhPI%*;Qm;2BE|d#O`r7VR%n^w2Yo@0&5UvvN zC{9nx#tT?Nec!CHvcPdm7zhEfHg&c|v;$NM&K z&)G>k&l75+B#989(l-#PE6W}OPuk{$f$VG;?OFhi>zM#x7_&I&2wS2L>8;>J>L4mR+IZTB7eGY;Egrw7&*}5~&qyv=& zukk59?=EFn2zVHUjTSI1V=o$v8W{HRV+lS&q=0IL@Om;PCTt6W$S+}BLK6g*En^eY z;@Zbx4?)`{gI+W#g*PGaHMuln+XAT3m)E3}wpe+Y#;vAGcKPr;WE)`36DK&%)q$eP z)8=d=f#5!Lx`e&(&W+La(6X$dAu5JCD5$jbV0?UMIe>lYcyOJgL*;qrQOAMq(yNPa zYH`&0{tJ&vYrv#>yl#A?wSkAN(9(q{YiU6w<+~@&yHef!Z+NM$PeU6D+ZbrR@d{ps zq?vl^Upuh0U?|vZ3dygHj_Nl}xTrMl>5#rrz8S!Npgh>fQP;hw{M8pcu3B?ApHR%R z{S>ET21MPBm)W+6724$BG8D$SERi{1&!)N2Ad_`xMR$!r_Za*8f^)eVm-B9rRI7QQ zbFXnZ9$Ig9*Ro;ISp4(GFQ0u$CeCzb)eV#zr(r)9SC6N*&PqY+x~PEfX{S4tg`(L zi3(wP{r-XNjysYFBB$S+ccH6EVX8&|DvLyzykn_Zw5r~`37ea{J^ zoa3nX4GZuH*0e{!>$bd|lX~-yXxV8ho)q~eAlR8;R*ugY`iMnb_q01YDq}SDFE3ZS zD}ZZGrN$o+rSG{exv~0_6bAbI$elkPfdJYUN0*sVJNffJ#>oNC9DyVMyJdFTz#Ij& z4NdYHBVOq-yk2_Cfs`wuILW3#eV*T|Ou-gbX?7;;xjYRkz}>~ZY{~;WI00ug7c9d= z3Pa7kWX`Sp?z4-kNyBl2)gMs8Te>i$9OcLAIoscKy@ZSOyJvztdL6KUfIOMbI@WV% zzg}Urj{C;~V%HXA58!dnXPiR7o812WCZ7+%WF8t#^>+saX#i19@2=kj1cn2JC0{uC zEECx$G>Y@)mmy2k4A62uEaQth>6GhNo0(jU3o-OZSO;4uK4yi9&s;?8^nnYs(N+ay zL-4@!qLt?bjHE|Nsq~`Y>#$!x;bh8Dy?r+&a6)D1E+!A31@{bw9^c~NJK@=40Nfow zdxQL>!qCu33EPd_V~j{6L1y_5WNshe+5{xTeFSMbyF`WjgAnDsBS8Yla~7t0{$3ng%d_VXf*azReo zd?8FaUz@X7`G6)d(iVhV!KdNoBax2xiz37$ko-=~A|!Gk)qibMYj}HsPw8C&Uql9M z2q8&X%@v_KEew5KHUP>XOH+pAqx+h*i_Il&W)p8|Aaf4{v!R^dnBVV?@N^;*_ z&}v{>IJw+GmS)65OtFQ(+D}CyOn26bhRR!T9B+FFCDiC^)W^Za;3(eHb{MRj#C_f7 z;kkX=W&*I(#$RsThKTwQSBkDBc|5w0Tu!Q_;sg42Pqntog5aPJR0YO%ED{maFy43> z`07bonlYsLM$cbha`5_FcgP&d4L5A#!Ft;t(v~8IWgsaaza-rMP_tTaF0%Z2ggJod zgu&h}L0dIL&d|L55JMMZ|NM{Q+ii+1-vd&kx@%F}wseP>k_m=x@Lpe{+#+x_4DANY z`$FKGA2qE1f?6=Te^zTq<6pkW@mfD-$#;CsTBNWfBnRT%xp=+I9D3ww$yO8@-L&PO3Y3jnMD?nxXBokhwR~v!&spw67oH>Ayj3yHdT% z)t*}m{6MuX0?rEC^BRahSokl%V*utVogFwv&Na#%SN|pwhoK1$`2_@RP@KSKXsRj` z5n2%4Z67Oo#lm`m0I@nJ>sU+M8tgZi;=YpZY^Ij_u$?Te$^vql)giE*0@i#$I2$jcv|E_KFX zNmuj<#`F2dxWu@MCgYN}oH?_tW-D&4|~DcmD0E-1Ox;&+n6*_7A7dN0@*>flq}xN5HvVfQGEnU&mKk`gxC%VcB) z0FR8bFR&Ed`P(@^H6kg%;BWcd8)Tw43@jwsdQr(+@j(>qIM^c-qWed^IGwJo14jIy zmEqq`hH&=t*px8fC&OopaiL=kof!cgqBsnN5KR?j?My@y;VA9s6FNTkP%X_PNZ9>i z!dCe>zz)C+#eRE17`vg1w6;%;lB&feNq4Z##uz5XsP33i83mo|U^4;P*xk`Rf9i z`mujQ3)Z2b<}?cQcJ6+5>+PdzH-LIf1?41_4?ynkM6F+7f9TA;0{bP_gX1t~pgkEO zCwwU%XNK1ynj(a89ckUFqic&<+W|eLFn{2F2Ap8PTmU#!jQELIX!4H&f1V8U=1Uii z&>N&l?RiPYV!U79%SR#v2C zT>+%QC`5v>joZ0)IOy8~EPGXPmsoz=4y1V7!(<3LyiD`3J@h!Sk$xL@LYcX`G3`Tjb{NXS+_wopHJG z3-{YC}gSvlu$0wdX``Q-#T$$s}u6Qx_Dpvev)T+WsUG<+pl z7b;+wF^2J#nMRK^N5CGAgXF=af-pMb##n7&WY2!~#8Pa3^P@b|;tF1G)^J0~!b8)m ziyc!S*L9e{dM9x2)9Di3FCu>wxTJ4)=nTDy+cJ!B#YT!FShryHg#oyvP?}4+>)JI! z8m~liG84-BfE#dX|OE(fg%rh^-hxnT#I7y9I zD3Vy9h>zcDYll8Ff3D3RQKairi?UGNB$VaD+9JXW>=#8BZQ~!@u|3u>%>9ZijvUWB z7B5uRn2yOfFYFYsNF5Ovtwso1RKq`0Gpog_>L-^|!TE^OhT++w`0Vu$`A|O2;FD~y zC_22d1wa!XTS<7ffr7y&0#MCvgUtA=0!xwy-Jnx8CIzGk%R5>f{vmJ);ps)sgKu2Q( zY>sSW3Ks!OZ5A%K>@P92Kmm@G`8iyIiT^^ne0i|G{=cflz{cuP4s=D_d4FgBgZAdM zUfdcsNx}iI4>h=Gj`e6F`@lN-*XN0!vtMhD z5=Z5r0MmFNSl#Q&RbRGjx5#is*IZ7h(Ojdp47>KYK}6TBD^DSbUifKs-C?j+*BtdS zX2ib;6J$3LFXE3;h*{s=A!L(BOW&Yp0-xzIh|%?*53-atZ>4=_I{kO*N&6@A)BorH zeoO6Y5Q6sSiL$*4c6M0^fw1#`KJN~Q{`nI6`wl(8)cogzOo#23ezb3J9S`}>e}OOd zev~GSJu&@Ji#?UtQ;9t<@y8nWoGDEb|BF>(H-*a9|6MQ9UgzFH=6rO#J5~YOwdCzlE_UCYn<0sl*@a*i(r;mDqEpG#%Ir9Dm%xo=WVg#9om6V-0&j zk|v2gmDp2>y&(BV2lj#_O%i)5@&8UGzATQGLsx$*8a(f`AQAujPLKb)|1taD{SW2; z>VMe$cmHGWM`?!@vL_~*B=%HdPbK!e1WgBEd(M<5i9MCrQ;EGG`9}x#f+S56dn&P~ t5_>`Nj}Ghw$v=|V%bRGD_#def^o2fE96hivGtfioXc}B7J#Q2Ce*o)%x1<07 literal 0 HcmV?d00001