From 6a2cc256571a175d50d83caecf2f60c5e98e24ef Mon Sep 17 00:00:00 2001 From: Mikey Henderson Date: Wed, 12 Apr 2023 08:55:29 -1000 Subject: [PATCH 1/2] Win cert changes (#49) (#50) * Win cert changes (#49) * Refactored code adding Windows cert store logic, including renaming IISU to WinIIS. * Added PowerShell class to perform get-childitem from cert store * Refactored code allowing multiple types of Cert Stores, including Win Cert and IIS (WebHosting) Cert Stores. * Update generated README * Fixed a problem adding certs to a cert store that had a space in the name (ie. Remote Desktop) * Updated Change Log. * Removed logging of PAM credentials which was logging the info in plain text. (#55) * Created custom Configuration Property Parser (#57) * Created custom Configuration Property Parser so not to display or log passwords. * Masked Private Ket Password * Modified logging to write out as JSON object * adding store-type definitions for `WinCert` and `IISU` * Updated ReadMe to better reflect IISU and WinCert settings. * Update generated README * Updated Cert Stores and images * Replaced Images --- CHANGELOG.md | 6 +- IISU/ClientPSCertStoreManager.cs | 1 + IISU/ClientPSCertStoreReEnrollment.cs | 13 +- IISU/ClientPSIIManager.cs | 8 +- IISU/ImplementedStoreTypes/Win/Inventory.cs | 4 +- IISU/ImplementedStoreTypes/Win/Management.cs | 60 +--- .../ImplementedStoreTypes/Win/ReEnrollment.cs | 2 +- .../ImplementedStoreTypes/Win/WinInventory.cs | 2 +- .../WinIIS/IISManager.cs | 6 +- .../ImplementedStoreTypes/WinIIS/Inventory.cs | 6 +- .../WinIIS/Management.cs | 8 +- .../WinIIS/ReEnrollment.cs | 2 +- .../WinIIS/WinIISInventory.cs | 2 +- .../ICertificateStoreDetailsBase.cs | 11 + IISU/Interfaces/IInventoryCertStoreDetails.cs | 7 + IISU/Interfaces/IInventoryJobLogger.cs | 10 + .../Interfaces/IJobConfigurationLoggerBase.cs | 24 ++ .../Interfaces/IManagementCertStoreDetails.cs | 12 + IISU/Interfaces/IManagementJobLogger.cs | 13 + IISU/JobConfigurationParser.cs | 107 +++++++ .../CertificateStoreDetailPropertiesDTO.cs | 18 ++ .../Models/DTOs/CertificateStoreDetailsDTO.cs | 14 + IISU/Models/DTOs/JobCertificateDTO.cs | 15 + IISU/Models/InventoryJobLogger.cs | 26 ++ IISU/Models/JobProperties.cs | 8 + IISU/Models/ManagementJobLogger.cs | 33 ++ IISU/PAMUtilities.cs | 1 - IISU/WindowsCertStore.csproj | 1 + IISU/manifest.json | 24 +- README.md | 179 +++++++---- WindowsCertStore.sln | 7 + images/IISUAddCertStore.png | Bin 0 -> 38097 bytes images/IISUCertStoreBasic.png | Bin 0 -> 39043 bytes images/IISUCustomFields.png | Bin 0 -> 36187 bytes images/IISUEntryParams.png | Bin 0 -> 36638 bytes images/WinCertAdvanced.png | Bin 0 -> 33180 bytes images/WinCertBasic.png | Bin 0 -> 41910 bytes images/WinCertCustom.png | Bin 0 -> 35737 bytes images/WinCertEntryParams.png | Bin 0 -> 25282 bytes integration-manifest.json | 286 ++++++++++++++++++ readme_source.md | 179 +++++++---- 41 files changed, 892 insertions(+), 203 deletions(-) create mode 100644 IISU/Interfaces/ICertificateStoreDetailsBase.cs create mode 100644 IISU/Interfaces/IInventoryCertStoreDetails.cs create mode 100644 IISU/Interfaces/IInventoryJobLogger.cs create mode 100644 IISU/Interfaces/IJobConfigurationLoggerBase.cs create mode 100644 IISU/Interfaces/IManagementCertStoreDetails.cs create mode 100644 IISU/Interfaces/IManagementJobLogger.cs create mode 100644 IISU/JobConfigurationParser.cs create mode 100644 IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs create mode 100644 IISU/Models/DTOs/CertificateStoreDetailsDTO.cs create mode 100644 IISU/Models/DTOs/JobCertificateDTO.cs create mode 100644 IISU/Models/InventoryJobLogger.cs create mode 100644 IISU/Models/ManagementJobLogger.cs create mode 100644 images/IISUAddCertStore.png create mode 100644 images/IISUCertStoreBasic.png create mode 100644 images/IISUCustomFields.png create mode 100644 images/IISUEntryParams.png create mode 100644 images/WinCertAdvanced.png create mode 100644 images/WinCertBasic.png create mode 100644 images/WinCertCustom.png create mode 100644 images/WinCertEntryParams.png diff --git a/CHANGELOG.md b/CHANGELOG.md index 60d53f3..faa1419 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,10 @@ -2.0.1 +2.1.0 * Fixed issue that was occuring during renewal when there were bindings outside of http and https like net.tcp * Added PAM registration/initialization documentation in README.md +* Resolved Null HostName error +* Added WinCert Cert Store Type +* Added custom property parser to not show any passwords +* Removed any password references in trace logs and output settings in JSON format 2.0.0 * Add support for reenrollment jobs (On Device Key Generation) with the ability to specify a cryptographic provider. Specification of cryptographic provider allows HSM (Hardware Security Module) use. diff --git a/IISU/ClientPSCertStoreManager.cs b/IISU/ClientPSCertStoreManager.cs index fdff0b6..ccb9696 100644 --- a/IISU/ClientPSCertStoreManager.cs +++ b/IISU/ClientPSCertStoreManager.cs @@ -78,6 +78,7 @@ function InstallPfxToMachineStore([byte[]]$bytes, [string]$password, [string]$st $certStore.Open(5) $cert = New-Object -TypeName System.Security.Cryptography.X509Certificates.X509Certificate2 -ArgumentList $bytes, $password, 18 <# Persist, Machine #> $certStore.Add($cert) + $certStore.Close(); }"; diff --git a/IISU/ClientPSCertStoreReEnrollment.cs b/IISU/ClientPSCertStoreReEnrollment.cs index 5257f83..fca10b0 100644 --- a/IISU/ClientPSCertStoreReEnrollment.cs +++ b/IISU/ClientPSCertStoreReEnrollment.cs @@ -12,7 +12,6 @@ // See the License for the specific language governing permissions and // limitations under the License. -using Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS; using Keyfactor.Logging; using Keyfactor.Orchestrators.Common.Enums; using Keyfactor.Orchestrators.Extensions; @@ -34,8 +33,8 @@ namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore { internal class ClientPSCertStoreReEnrollment { - private ILogger _logger; - private IPAMSecretResolver _resolver; + private readonly ILogger _logger; + private readonly IPAMSecretResolver _resolver; public ClientPSCertStoreReEnrollment(ILogger logger, IPAMSecretResolver resolver) { @@ -59,8 +58,10 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit JobProperties properties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); - WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman")); - connectionInfo.IncludePortInSPN = properties.SpnPortFlag; + WSManConnectionInfo connectionInfo = new WSManConnectionInfo(new Uri($"{properties?.WinRmProtocol}://{config.CertificateStoreDetails.ClientMachine}:{properties?.WinRmPort}/wsman")) + { + IncludePortInSPN = properties.SpnPortFlag + }; var pw = new NetworkCredential(serverUserName, serverPassword).SecurePassword; _logger.LogTrace($"Credentials: UserName:{serverUserName}"); @@ -91,7 +92,7 @@ public JobResult PerformReEnrollment(ReenrollmentJobConfiguration config, Submit Collection results; // If the provider name is null, default it to the Microsoft CA - if (providerName == null) providerName = "Microsoft Strong Cryptographic Provider"; + providerName ??= "Microsoft Strong Cryptographic Provider"; // Create the script file ps.AddScript("$infFilename = New-TemporaryFile"); diff --git a/IISU/ClientPSIIManager.cs b/IISU/ClientPSIIManager.cs index 2e08b32..4b03965 100644 --- a/IISU/ClientPSIIManager.cs +++ b/IISU/ClientPSIIManager.cs @@ -50,8 +50,8 @@ internal class ClientPSIIManager private long JobHistoryID { get; set; } - private ILogger _logger; - private Runspace _runSpace; + private readonly ILogger _logger; + private readonly Runspace _runSpace; private PowerShell ps; @@ -82,7 +82,7 @@ public ClientPSIIManager(ReenrollmentJobConfiguration config, string serverUsern Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"]?.ToString()[..1]; IPAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password @@ -119,7 +119,7 @@ public ClientPSIIManager(ManagementJobConfiguration config, string serverUsernam Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; IPAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password diff --git a/IISU/ImplementedStoreTypes/Win/Inventory.cs b/IISU/ImplementedStoreTypes/Win/Inventory.cs index d277ba7..944ceb9 100644 --- a/IISU/ImplementedStoreTypes/Win/Inventory.cs +++ b/IISU/ImplementedStoreTypes/Win/Inventory.cs @@ -25,7 +25,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class Inventory : WinCertJobTypeBase, IInventoryJobExtension { @@ -55,7 +55,7 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven { var inventoryItems = new List(); - _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}"); + _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config)); string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); diff --git a/IISU/ImplementedStoreTypes/Win/Management.cs b/IISU/ImplementedStoreTypes/Win/Management.cs index fe5d96a..ebba907 100644 --- a/IISU/ImplementedStoreTypes/Win/Management.cs +++ b/IISU/ImplementedStoreTypes/Win/Management.cs @@ -24,7 +24,7 @@ using System.Net; using Keyfactor.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class Management : WinCertJobTypeBase, IManagementJobExtension { @@ -47,11 +47,13 @@ public Management(IPAMSecretResolver resolver) public JobResult ProcessJob(ManagementJobConfiguration config) { - _logger = LogHandler.GetClassLogger(); - _logger.MethodEntry(); - try { + _logger = LogHandler.GetClassLogger(); + _logger.MethodEntry(); + + _logger.LogTrace(JobConfigurationParser.ParseManagementJobConfiguration(config)); + string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); @@ -112,56 +114,6 @@ public JobResult ProcessJob(ManagementJobConfiguration config) } } - //private JobResult PerformManagement(ManagementJobConfiguration config) - //{ - // try - // { - // _logger.MethodEntry(); - - // ServerUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); - // ServerPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); - - // var complete = new JobResult - // { - // Result = OrchestratorJobStatusJobResult.Failure, - // JobHistoryId = config.JobHistoryId, - // FailureMessage = - // "Invalid Management Operation" - // }; - - // switch (config.OperationType) - // { - // case CertStoreOperationType.Add: - // { - // _logger.LogTrace("Adding..."); - // if (config.JobProperties.ContainsKey("RenewalThumbprint")) - // { - // _thumbprint = config.JobProperties["RenewalThumbprint"].ToString(); - // _logger.LogTrace($"Found Thumbprint Will renew all cers with this Thumbprint: {_thumbprint}"); - // } - - // _logger.LogTrace("Before PerformAddition..."); - // complete = performAddition(config); - // _logger.LogTrace("After PerformAddition..."); - - // break; - // } - // case CertStoreOperationType.Remove: - // { - // break; - // } - // } - - // return complete; - // } - - // catch (Exception e) - // { - // _logger.LogError($"Error Occurred in Management.PerformManagement: {e.Message}"); - // throw; - // } - //} - private JobResult performAddition(ManagementJobConfiguration config) { try diff --git a/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs b/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs index 9152fd3..a261438 100644 --- a/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs +++ b/IISU/ImplementedStoreTypes/Win/ReEnrollment.cs @@ -16,7 +16,7 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { public class ReEnrollment : WinCertJobTypeBase, IReenrollmentJobExtension { diff --git a/IISU/ImplementedStoreTypes/Win/WinInventory.cs b/IISU/ImplementedStoreTypes/Win/WinInventory.cs index 70ad891..0e4542c 100644 --- a/IISU/ImplementedStoreTypes/Win/WinInventory.cs +++ b/IISU/ImplementedStoreTypes/Win/WinInventory.cs @@ -19,7 +19,7 @@ using System.Management.Automation.Runspaces; using System.Text; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert { internal class WinInventory : ClientPSCertStoreInventory { diff --git a/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs b/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs index 6a14735..eda2049 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/IISManager.cs @@ -24,7 +24,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class IISManager { @@ -66,7 +66,7 @@ public IISManager(ReenrollmentJobConfiguration config, string serverUserName, st Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; IpAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = ""; // A reenrollment does not have a PFX Password @@ -105,7 +105,7 @@ public IISManager(ManagementJobConfiguration config, string serverUserName, stri Port = config.JobProperties["Port"].ToString(); HostName = config.JobProperties["HostName"]?.ToString(); Protocol = config.JobProperties["Protocol"].ToString(); - SniFlag = config.JobProperties["SniFlag"].ToString()?.Substring(0, 1); + SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; IpAddress = config.JobProperties["IPAddress"].ToString(); PrivateKeyPassword = config.JobCertificate.PrivateKeyPassword; diff --git a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs index 0919ccf..1b3613b 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/Inventory.cs @@ -25,7 +25,7 @@ using Microsoft.Extensions.Logging; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class Inventory : WinCertJobTypeBase, IInventoryJobExtension { @@ -52,7 +52,9 @@ private JobResult PerformInventory(InventoryJobConfiguration config, SubmitInven { var inventoryItems = new List(); - _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}"); + string myConfig = config.ToString(); + + _logger.LogTrace(JobConfigurationParser.ParseInventoryJobConfiguration(config)); string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); diff --git a/IISU/ImplementedStoreTypes/WinIIS/Management.cs b/IISU/ImplementedStoreTypes/WinIIS/Management.cs index da0d60f..89afcbd 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/Management.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/Management.cs @@ -25,7 +25,7 @@ using Microsoft.PowerShell.Commands; using Newtonsoft.Json; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class Management : WinCertJobTypeBase, IManagementJobExtension { @@ -33,8 +33,6 @@ public class Management : WinCertJobTypeBase, IManagementJobExtension public string ExtensionName => string.Empty; - private string _thumbprint = string.Empty; - private Runspace myRunspace; public Management(IPAMSecretResolver resolver) @@ -49,7 +47,7 @@ public JobResult ProcessJob(ManagementJobConfiguration config) _logger = LogHandler.GetClassLogger(); _logger.MethodEntry(); - _logger.LogTrace($"Job Configuration: {JsonConvert.SerializeObject(config)}"); + _logger.LogTrace(JobConfigurationParser.ParseManagementJobConfiguration(config)); string serverUserName = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server UserName", config.ServerUsername); string serverPassword = PAMUtilities.ResolvePAMField(_resolver, _logger, "Server Password", config.ServerPassword); @@ -139,8 +137,6 @@ private JobResult PerformRemoveCertificate(ManagementJobConfiguration config, st { _logger.LogTrace("Before Remove Certificate..."); - string certificateContents = config.JobCertificate.Contents; - string privateKeyPassword = config.JobCertificate.PrivateKeyPassword; string storePath = config.CertificateStoreDetails.StorePath; long jobNumber = config.JobHistoryId; diff --git a/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs b/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs index 59d2703..4307725 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/ReEnrollment.cs @@ -17,7 +17,7 @@ using Keyfactor.Orchestrators.Extensions.Interfaces; using Microsoft.Extensions.Logging; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { public class ReEnrollment: WinCertJobTypeBase, IReenrollmentJobExtension { diff --git a/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs b/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs index 23fb0a3..5ac831f 100644 --- a/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs +++ b/IISU/ImplementedStoreTypes/WinIIS/WinIISInventory.cs @@ -22,7 +22,7 @@ using System.Management.Automation.Runspaces; using System.Text; -namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU { internal class WinIISInventory : ClientPSCertStoreInventory { diff --git a/IISU/Interfaces/ICertificateStoreDetailsBase.cs b/IISU/Interfaces/ICertificateStoreDetailsBase.cs new file mode 100644 index 0000000..302726a --- /dev/null +++ b/IISU/Interfaces/ICertificateStoreDetailsBase.cs @@ -0,0 +1,11 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface ICertificateStoreDetailsBase + { + public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } + } +} diff --git a/IISU/Interfaces/IInventoryCertStoreDetails.cs b/IISU/Interfaces/IInventoryCertStoreDetails.cs new file mode 100644 index 0000000..b20870b --- /dev/null +++ b/IISU/Interfaces/IInventoryCertStoreDetails.cs @@ -0,0 +1,7 @@ +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface IInventoryCertStoreDetails + { + public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } + } +} diff --git a/IISU/Interfaces/IInventoryJobLogger.cs b/IISU/Interfaces/IInventoryJobLogger.cs new file mode 100644 index 0000000..f8adf23 --- /dev/null +++ b/IISU/Interfaces/IInventoryJobLogger.cs @@ -0,0 +1,10 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface IInventoryJobLogger : IJobConfigurationLoggerBase, IInventoryCertStoreDetails + { + } +} diff --git a/IISU/Interfaces/IJobConfigurationLoggerBase.cs b/IISU/Interfaces/IJobConfigurationLoggerBase.cs new file mode 100644 index 0000000..1ca6792 --- /dev/null +++ b/IISU/Interfaces/IJobConfigurationLoggerBase.cs @@ -0,0 +1,24 @@ +using Keyfactor.Orchestrators.Extensions; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface IJobConfigurationLoggerBase + { + public bool JobCancelled { get; set; } + public ServerFault ServerError { get; set; } + public long JobHistoryID { get; set; } + public int RequestStatus { get; set; } + public string ServerUserName { get; set; } + public string ServerPassword { get; set; } + public JobProperties JobConfigurationProperties { get; set; } + public bool UseSSL { get; set; } + public Guid JobTypeID { get; set; } + public Guid JobID { get; set; } + public string Capability { get; set; } + + public IEnumerable LastInventory { get; set; } + } +} diff --git a/IISU/Interfaces/IManagementCertStoreDetails.cs b/IISU/Interfaces/IManagementCertStoreDetails.cs new file mode 100644 index 0000000..935065d --- /dev/null +++ b/IISU/Interfaces/IManagementCertStoreDetails.cs @@ -0,0 +1,12 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface IManagementCertStoreDetails + { + public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } + public CertificateStoreDetailPropertiesDTO CertificateStoreDetailProperties { get; set; } + } +} diff --git a/IISU/Interfaces/IManagementJobLogger.cs b/IISU/Interfaces/IManagementJobLogger.cs new file mode 100644 index 0000000..dd10eef --- /dev/null +++ b/IISU/Interfaces/IManagementJobLogger.cs @@ -0,0 +1,13 @@ +using Keyfactor.Orchestrators.Common.Enums; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal interface IManagementJobLogger : IJobConfigurationLoggerBase, IManagementCertStoreDetails + { + public CertStoreOperationType OperationType { get; set; } + public bool Overwrite { get; set; } + + public JobCertificateDTO JobCertificateProperties { get; set; } + + } +} diff --git a/IISU/JobConfigurationParser.cs b/IISU/JobConfigurationParser.cs new file mode 100644 index 0000000..bd7889d --- /dev/null +++ b/IISU/JobConfigurationParser.cs @@ -0,0 +1,107 @@ +using Keyfactor.Orchestrators.Extensions; +using Microsoft.PowerShell.Commands; +using Newtonsoft.Json; +using System; +using System.Collections.Generic; +using System.Configuration.Internal; +using System.Diagnostics.Contracts; +using System.Linq; +using System.Management.Automation.Remoting; +using System.Net; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class JobConfigurationParser + { + public static string ParseManagementJobConfiguration(ManagementJobConfiguration config) + { + + IManagementJobLogger managementParser = new ManagementJobLogger(); + + // JobConfiguration + managementParser.JobCancelled = config.JobCancelled; + managementParser.ServerError = config.ServerError; + managementParser.JobHistoryID = config.JobHistoryId; + managementParser.RequestStatus = config.RequestStatus; + managementParser.ServerUserName = config.ServerUsername; + managementParser.ServerPassword = "**********"; + managementParser.UseSSL = config.UseSSL; + managementParser.JobTypeID = config.JobTypeId; + managementParser.JobID = config.JobId; + managementParser.Capability = config.Capability; + + // JobProperties + JobProperties jobProperties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); + managementParser.JobConfigurationProperties = jobProperties; + + // PreviousInventoryItem + managementParser.LastInventory = config.LastInventory; + + //CertificateStore + managementParser.CertificateStoreDetails.ClientMachine = config.CertificateStoreDetails.ClientMachine; + managementParser.CertificateStoreDetails.StorePath = config.CertificateStoreDetails.StorePath; + managementParser.CertificateStoreDetails.StorePassword = "**********"; + managementParser.CertificateStoreDetails.Type = config.CertificateStoreDetails.Type; + + bool isEmpty = (config.JobProperties.Count == 0); // Check if the dictionary is empty or not + if (!isEmpty) + { + managementParser.CertificateStoreDetailProperties.SiteName = config.JobProperties["SiteName"].ToString(); + managementParser.CertificateStoreDetailProperties.Port = config.JobProperties["Port"].ToString(); + managementParser.CertificateStoreDetailProperties.HostName = config.JobProperties["HostName"]?.ToString(); + managementParser.CertificateStoreDetailProperties.Protocol = config.JobProperties["Protocol"].ToString(); + managementParser.CertificateStoreDetailProperties.SniFlag = config.JobProperties["SniFlag"].ToString()?[..1]; + managementParser.CertificateStoreDetailProperties.IPAddress = config.JobProperties["IPAddress"].ToString(); + managementParser.CertificateStoreDetailProperties.ProviderName = config.JobProperties["ProviderName"]?.ToString(); + managementParser.CertificateStoreDetailProperties.SAN = config.JobProperties["SAN"]?.ToString(); + } + + // Management Base + managementParser.OperationType = config.OperationType; + managementParser.Overwrite = config.Overwrite; + + // JobCertificate + managementParser.JobCertificateProperties.Thumbprint = config.JobCertificate.Thumbprint; + managementParser.JobCertificateProperties.Contents = config.JobCertificate.Contents; + managementParser.JobCertificateProperties.Alias = config.JobCertificate.Alias; + managementParser.JobCertificateProperties.PrivateKeyPassword = "**********"; + + return JsonConvert.SerializeObject(managementParser); + } + + public static string ParseInventoryJobConfiguration(InventoryJobConfiguration config) + { + IInventoryJobLogger inventoryParser = new InventoryJobLogger(); + + // JobConfiguration + inventoryParser.JobCancelled = config.JobCancelled; + inventoryParser.ServerError = config.ServerError; + inventoryParser.JobHistoryID = config.JobHistoryId; + inventoryParser.RequestStatus = config.RequestStatus; + inventoryParser.ServerUserName = config.ServerUsername; + inventoryParser.ServerPassword = "**********"; + inventoryParser.UseSSL = config.UseSSL; + inventoryParser.JobTypeID = config.JobTypeId; + inventoryParser.JobID = config.JobId; + inventoryParser.Capability = config.Capability; + + // JobProperties + JobProperties jobProperties = JsonConvert.DeserializeObject(config.CertificateStoreDetails.Properties, new JsonSerializerSettings { DefaultValueHandling = DefaultValueHandling.Populate }); + inventoryParser.JobConfigurationProperties = jobProperties; + + // PreviousInventoryItem + inventoryParser.LastInventory = config.LastInventory; + + //CertificateStore + + inventoryParser.CertificateStoreDetails.ClientMachine = config.CertificateStoreDetails.ClientMachine; + inventoryParser.CertificateStoreDetails.StorePath = config.CertificateStoreDetails.StorePath; + inventoryParser.CertificateStoreDetails.StorePassword = "**********"; + inventoryParser.CertificateStoreDetails.Type = config.CertificateStoreDetails.Type; + + + return JsonConvert.SerializeObject(inventoryParser); + } + } +} diff --git a/IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs b/IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs new file mode 100644 index 0000000..422c91c --- /dev/null +++ b/IISU/Models/DTOs/CertificateStoreDetailPropertiesDTO.cs @@ -0,0 +1,18 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class CertificateStoreDetailPropertiesDTO + { + public string SiteName { get; set; } + public string Port { get; set; } + public string HostName { get; set; } + public string Protocol { get; set; } + public string SniFlag { get; set; } + public string IPAddress { get; set; } + public string ProviderName { get; set; } + public string SAN { get; set; } + } +} diff --git a/IISU/Models/DTOs/CertificateStoreDetailsDTO.cs b/IISU/Models/DTOs/CertificateStoreDetailsDTO.cs new file mode 100644 index 0000000..8f4a277 --- /dev/null +++ b/IISU/Models/DTOs/CertificateStoreDetailsDTO.cs @@ -0,0 +1,14 @@ +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class CertificateStoreDetailsDTO + { + public string ClientMachine { get; set; } + public string StorePath { get; set; } + public string StorePassword { get; set; } + public int Type { get; set; } + } +} diff --git a/IISU/Models/DTOs/JobCertificateDTO.cs b/IISU/Models/DTOs/JobCertificateDTO.cs new file mode 100644 index 0000000..77a04d6 --- /dev/null +++ b/IISU/Models/DTOs/JobCertificateDTO.cs @@ -0,0 +1,15 @@ +using Keyfactor.Orchestrators.Extensions; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class JobCertificateDTO + { + public string Thumbprint { get; set; } + public string Contents { get; set; } + public string Alias { get; set; } + public string PrivateKeyPassword { get; set; } + } +} diff --git a/IISU/Models/InventoryJobLogger.cs b/IISU/Models/InventoryJobLogger.cs new file mode 100644 index 0000000..5659f94 --- /dev/null +++ b/IISU/Models/InventoryJobLogger.cs @@ -0,0 +1,26 @@ +using Keyfactor.Orchestrators.Extensions; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class InventoryJobLogger : IInventoryJobLogger, IInventoryCertStoreDetails + { + public bool JobCancelled { get; set; } + public ServerFault ServerError { get; set; } = new ServerFault(); + public long JobHistoryID { get; set; } + public int RequestStatus { get; set; } + public string ServerUserName { get; set; } + public string ServerPassword { get; set; } + public JobProperties JobConfigurationProperties { get; set; } = new JobProperties(); + public bool UseSSL { get; set; } + public Guid JobTypeID { get; set; } + public Guid JobID { get; set; } + public string Capability { get; set; } + + public IEnumerable LastInventory { get; set; } = new List(); + public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } = new CertificateStoreDetailsDTO(); + + } +} diff --git a/IISU/Models/JobProperties.cs b/IISU/Models/JobProperties.cs index 7e8926c..a5cad1f 100644 --- a/IISU/Models/JobProperties.cs +++ b/IISU/Models/JobProperties.cs @@ -13,6 +13,7 @@ // limitations under the License. using System.ComponentModel; +using System.Reflection.Metadata.Ecma335; using Newtonsoft.Json; namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore @@ -36,6 +37,13 @@ public JobProperties() [DefaultValue("5985")] public string WinRmPort { get; set; } + [JsonProperty("ServerUsername")] + public string ServerUsername { get; set; } + + [JsonProperty("ServerUseSsl")] + [DefaultValue(true)] + public bool ServerUseSsl { get; set; } + [JsonProperty("sniflag")] [DefaultValue(SniFlag.None)] public SniFlag SniFlag { get; set; } diff --git a/IISU/Models/ManagementJobLogger.cs b/IISU/Models/ManagementJobLogger.cs new file mode 100644 index 0000000..a9caa0a --- /dev/null +++ b/IISU/Models/ManagementJobLogger.cs @@ -0,0 +1,33 @@ +using Keyfactor.Orchestrators.Common.Enums; +using Keyfactor.Orchestrators.Extensions; +using System; +using System.Collections.Generic; +using System.Text; + +namespace Keyfactor.Extensions.Orchestrator.WindowsCertStore +{ + internal class ManagementJobLogger : IManagementJobLogger, IManagementCertStoreDetails + { + public bool JobCancelled { get; set; } + public ServerFault ServerError { get; set; } = new ServerFault(); + public long JobHistoryID { get; set; } + public int RequestStatus { get; set; } + public string ServerUserName { get; set; } + public string ServerPassword { get; set; } + public JobProperties JobConfigurationProperties { get; set; } = new JobProperties(); + public bool UseSSL { get; set; } + public Guid JobTypeID { get; set; } + public Guid JobID { get; set; } + public string Capability { get; set; } + + public IEnumerable LastInventory { get; set; } = new List(); + + public CertificateStoreDetailsDTO CertificateStoreDetails { get; set; } = new CertificateStoreDetailsDTO(); + public CertificateStoreDetailPropertiesDTO CertificateStoreDetailProperties { get; set; } = new CertificateStoreDetailPropertiesDTO(); + + public CertStoreOperationType OperationType { get; set; } + public bool Overwrite { get; set; } + + public JobCertificateDTO JobCertificateProperties { get; set; } = new JobCertificateDTO(); + } +} diff --git a/IISU/PAMUtilities.cs b/IISU/PAMUtilities.cs index bbed644..38de2f3 100644 --- a/IISU/PAMUtilities.cs +++ b/IISU/PAMUtilities.cs @@ -27,7 +27,6 @@ internal static string ResolvePAMField(IPAMSecretResolver resolver, ILogger logg if (resolver == null) return key; else { - logger.LogDebug($"Attempting to resolve PAM eligible field {name} with key {key}"); return resolver.Resolve(key); } diff --git a/IISU/WindowsCertStore.csproj b/IISU/WindowsCertStore.csproj index dd80058..5af1292 100644 --- a/IISU/WindowsCertStore.csproj +++ b/IISU/WindowsCertStore.csproj @@ -21,6 +21,7 @@ + diff --git a/IISU/manifest.json b/IISU/manifest.json index 77c0b2b..6fa8618 100644 --- a/IISU/manifest.json +++ b/IISU/manifest.json @@ -1,29 +1,29 @@ { "extensions": { "Keyfactor.Orchestrators.Extensions.IOrchestratorJobExtension": { - "CertStores.WinIIS.Inventory": { + "CertStores.IISU.Inventory": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.Inventory" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.Inventory" }, - "CertStores.WinIIS.Management": { + "CertStores.IISU.Management": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.Management" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.Management" }, - "CertStores.WinIIS.ReEnrollment": { + "CertStores.IISU.ReEnrollment": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinIIS.ReEnrollment" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.IISU.ReEnrollment" }, - "CertStores.Win.Inventory": { + "CertStores.WinCert.Inventory": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.Inventory" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.Inventory" }, - "CertStores.Win.Management": { + "CertStores.WinCert.Management": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.Management" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.Management" }, - "CertStores.Win.ReEnrollment": { + "CertStores.WinCert.ReEnrollment": { "assemblypath": "WindowsCertStore.dll", - "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.Win.ReEnrollment" + "TypeFullName": "Keyfactor.Extensions.Orchestrator.WindowsCertStore.WinCert.ReEnrollment" } } } diff --git a/README.md b/README.md index 6da3b6e..c4ca0cd 100644 --- a/README.md +++ b/README.md @@ -86,11 +86,10 @@ This text would be entered in as the value for the __Server Password__, instead --- -**WinCertStore Orchestrator Configuration** +# WinCertStore Orchestrator Configuration +## Overview -**Overview** - -The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store. Users are able to determine which store they wish to place certificates in by entering the correct store path. For a complete list of local machine cert stores you can execute the PowerShell command: +The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store. Users are able to determine which store they wish to place certificates in by entering the correct store path. For a complete list of local machine cert stores you can execute the PowerShell command: Get-ChildItem Cert:\LocalMachine @@ -110,35 +109,33 @@ In version 2.0 of the IIS Orchestrator, the certificate store type has been rena **Note: There is an additional certificate store type of “IIS” that ships with the Keyfactor platform. Migration of certificate stores from the “IIS” type to either the “IISBin” or “IISU” types is not currently supported.** -**Note: In version 3.0, the orchestrator has been renamed from IISU to WinCert. There is currently no succession process to update previous certificate store types.** - +## Creating New Certificate Store Types +Currently this orchestrator handles two extensions: IISU for IIS servers with bound certificates and WinCert for general Windows Certificates. Below describes how each of these certificate store types are created and configured. +
+ IISU Extension -**1. Create the New Certificate Store Type** +**In Keyfactor Command create a new Certificate Store Type similar to the one below:** -In Keyfactor Command create a new Certificate Store Type similar to the one below: - -#### STORE TYPE CONFIGURATION **Basic Settings:** CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), WinIIS (for IIS Webstore cert store) -Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either Win or WinIIS -Custom Capability|Store type name orchestrator will register with. Currently must be Win or WinIIS. -Job Types |Inventory (Checked), Add, Remove, and Reenrollment are the supported job types. +Name |A descriptive name for the extension. Example: IISU +Short Name |The short name that identifies the registered functionality of the orchestrator. Must be IISU. +Custom Capability|Store type name orchestrator will register with. Check the box and enter IISU. +Job Types |Inventory (Checked), check the additional checkboxes: Add, Remove, and Reenrollment. General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. - -![](images/certstoretype.png) +![](images/IISUCertStoreBasic.png) **Advanced Settings:** CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Store Path Type |Determines what restrictions are applied to the store path field when configuring a new store. -Store Path Value|When using this as a Windows Cert Store, this option must be freeform, allowing the user to type in a particular store path.
When using this for bound or IIS Certificates, This must be a comma separated list of options to select from for the Store Path. This, combined with the hostname, will determine the location used for the certificate store management and inventory. Must be My, WebHosting +Store Path Type |Determines what restrictions are applied to the store path field when configuring a new store. Select Multiple Choice. +Store Path Value|This must be a comma separated list of options to select from for the Store Path. This, combined with the hostname, will determine the location used for the certificate store management and inventory. Must be My, WebHosting Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Forbidden. Private Keys |This determines if Keyfactor can send the private key associated with a certificate to the store. This is required since IIS will need the private key material to establish TLS connections. PFX Password Style |This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store. This can be either Default (system generated) or Custom (user determined). @@ -151,19 +148,17 @@ PFX Password Style |This determines how the platform generate passwords to prote Parameter Name|Display Name|Parameter Type|Default Value|Required|Description ---|---|---|---|---|--- -spnwithport\*|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service -WinRm Protocol\*|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on -WinRm Port\*|WinRm Port|String|5985|Yes|Port that WinRM Runs on -ServerUsername|Server Username|Secret||No|The username to log into the IIS Server -ServerPassword|Server Password|Secret||No|The password that matches the username to log into the IIS Server +spnwithport|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service +WinRm Protocol|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on +WinRm Port|WinRm Port|String|5985|Yes|Port that WinRM Runs on +ServerUsername|Server Username|Secret||No|The username to log into the Server +ServerPassword|Server Password|Secret||No|The password that matches the username to log into the Server ServerUseSsl|Use SSL|Bool|True|Yes|Determine whether the server uses SSL or not -**NOTE: Elements with an asterisk (*) are only required when communicating with a Web Server and bound certificates. - -![](images/certstoretype-c.png) - +![](images/IISUCustomFields.png) **Entry Parameters:** + This section must be configured with binding fields. The parameters will be populated with the appropriate data when creating a new certificate store.
- **Site Name** – Required (Adding an entry, Removing an entry, Reenrolling an entry). The site name for the web site being bound to – i.e. "Default Web Site" @@ -178,8 +173,8 @@ This section must be configured with binding fields. The parameters will be popu - 1 - SNI Enabled - 2 - Non SNI Binding - 3 - SNI Binding -- **Provider Name\*** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target IIS server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target IIS Server. -- **SAN\*** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. +- **Provider Name** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target Server. +- **SAN** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. Parameter Name|Parameter Type|Default Value|Required When ---|---|---|--- @@ -189,60 +184,137 @@ HostName |String|| SiteName |String|Default Web Site|Adding Entry, Removing Entry, Reenrolling an Entry SniFlag |String|0 - No SNI| Protocol |Multiple Choice|https|Adding Entry, Removing Entry, Reenrolling an Entry -ProviderName\* |String|| -SAN\* |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) +ProviderName |String|| +SAN |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) + +![](images/IISUEntryParams.png) + +Click Save to save the Certificate Store Type. + +
+ +
+ WinCert Extension + +**1. In Keyfactor Command create a new Certificate Store Type using the settings below** + +**Basic Settings:** + +CONFIG ELEMENT | DESCRIPTION +------------------|------------------ +Name |A descriptive name for the extension. Example: WinCert +Short Name |The short name that identifies the registered functionality of the orchestrator. Must be WinCert. +Custom Capability|Store type name orchestrator will register with. Check the box and enter WinCert. +Job Types |Inventory (Checked), check the additional checkboxes: Add, Remove, and Reenrollment. +General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked +Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. +Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. + +![](images/WinCertBasic.png) + +**Advanced Settings:** + +CONFIG ELEMENT | DESCRIPTION +------------------|------------------ +Store Path Type |Select Freeform. Allows users to type in a valid certificate store. +Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Forbidden. +Private Keys |This determines if Keyfactor can send the private key associated with a certificate to the store. This is required since IIS will need the private key material to establish TLS connections. +PFX Password Style |This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store. This can be either Default (system generated) or Custom (user determined). + +![](images/WinCertAdvanced.png) -**NOTE: Elements with an asterisk (*) are only required when not binding certificates to a web server. +**Custom Fields:** + +- **SPN With Port** – Defaults to false but some customers need for remote PowerShell Access + +Parameter Name|Display Name|Parameter Type|Default Value|Required|Description +---|---|---|---|---|--- +spnwithport|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service +WinRm Protocol|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on +WinRm Port|WinRm Port|String|5985|Yes|Port that WinRM Runs on +ServerUsername|Server Username|Secret||No|The username to log into the Server +ServerPassword|Server Password|Secret||No|The password that matches the username to log into the Server +ServerUseSsl|Use SSL|Bool|True|Yes|Determine whether the server uses SSL or not + +![](images/WinCertCustom.png) + +**Entry Parameters:** +- **Provider Name** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target Server. +- **SAN** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. + +Parameter Name|Parameter Type|Default Value|Required When +---|---|---|--- +ProviderName |String|| +SAN |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) + + +![](images/WinCertEntryParams.png) -![](images/screen2.png) +Click Save to save the Certificate Store Type. -**2. Register the IIS Universal Orchestrator with Keyfactor** -See Keyfactor InstallingKeyfactorOrchestrators.pdf Documentation. Get from your Keyfactor contact/representative. +
-**3a. Create an IIS Binding Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+## Creating New Certificate Stores +Once the Certificate Store Types have been created, you need to create the Certificate Stores prior to using the extension. +Here are the settings required for each Store Type previously configured. -![](images/IISCertStore.png) +
+IISU Certificate Store + +In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. #### STORE CONFIGURATION CONFIG ELEMENT |DESCRIPTION ----------------|--------------- -Category |The type of certificate store to be configured. Select category based on the display name configured above. +Category |Select the IISU from the dropdown. This is the name of the Certificate Store Type you previously create. Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. Client Machine |The hostname of the server to be managed. The Change Credentials option must be clicked to provide a username and password. This account will be used to manage the remote server via PowerShell. Credentials |Local or domain admin account that has permissions to manage iis (Has to be admin) -Store Path |My or WebHosting +Store Path |Select My or WebHosting from the dropdown. Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. -SPN with Port?| -WinRm Protocol|http or https +SPN with Port?| Defaulted to False +WinRm Protocol|Select either http or https WinRm Port |Port to run WinRm on Default for http is 5985 Server Username|Username to log into the IIS Server Server Password|Password for the username required to log into the IIS Server -Use SSL|Determines whether SSL is used ot not - +Use SSL|Determines whether SSL is used or not Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. -**3b. Create a Windows Certificate Store within Keyfactor Command** +![](images/IISUAddCertStore.png) -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+Click Save to save the settings for this Certificate Store +
+ +
+WinCert Certificate Store + +In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. -![](images/WinCertStore.png) #### STORE CONFIGURATION CONFIG ELEMENT |DESCRIPTION ----------------|--------------- -Category |The type of certificate store to be configured. Select category based on the display name configured above. +Category |The type of certificate store to be configured. Select category based on the display name configured above for WinCert. Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. Client Machine |The hostname of the server to be managed. The Change Credentials option must be clicked to provide a username and password. This account will be used to manage the remote server via PowerShell. -Credentials |Local or domain admin account that has permissions to manage iis (Has to be admin) -Store Path |Any correctly spelled local machine store path +Store Path |Enter the specific name of the certificate store path you want to use. Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. -Server Username|Username to log into the Server +SPN with Port?|Defaults to False +WinRm Protocol|Select http or https +WinRm Port |Port to run WinRm on Default for http is 5985 +Server Username|Username to log into the IIS Server Server Password|Password for the username required to log into the IIS Server -Use SSL|Determines whether SSL is used ot not +Use SSL|Determines whether SSL is used or not +Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. + +![](images/WinCertStore.png) + +
+ + +## Test Cases -#### TEST CASES Case Number|Case Name|Enrollment Params|Expected Results|Passed|Screenshot ----|------------------------|------------------------------------|--------------|----------------|------------------------- 1 |New Cert Enrollment To New Binding With KFSecret Creds|**Site Name:** FirstSite
**Port:** 443
**IP Address:**`*`
**Host Name:** www.firstsite.com
**Sni Flag:** 0 - No SNI
**Protocol:** https|New Binding Created with Enrollment Params specified creds pulled from KFSecret|True|![](images/TestCase1Results.gif) @@ -265,4 +337,3 @@ Case Number|Case Name|Enrollment Params|Expected Results|Passed|Screenshot - diff --git a/WindowsCertStore.sln b/WindowsCertStore.sln index ed90aa4..e63867e 100644 --- a/WindowsCertStore.sln +++ b/WindowsCertStore.sln @@ -19,11 +19,18 @@ Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "images", "images", "{630203 images\CertStoreType-c.png = images\CertStoreType-c.png images\CertStoreType.png = images\CertStoreType.png images\IISCertStore.png = images\IISCertStore.png + images\IISUAddCertStore.png = images\IISUAddCertStore.png + images\IISUCertStoreBasic.png = images\IISUCertStoreBasic.png + images\IISUCustomFields.png = images\IISUCustomFields.png + images\IISUEntryParams.png = images\IISUEntryParams.png images\ReEnrollment1.png = images\ReEnrollment1.png images\ReEnrollment1a.png = images\ReEnrollment1a.png images\ReEnrollment1b.png = images\ReEnrollment1b.png images\Screen1.png = images\Screen1.png images\Screen2.png = images\Screen2.png + images\WinCertAdvanced.png = images\WinCertAdvanced.png + images\WinCertBasic.png = images\WinCertBasic.png + images\WinCertEntryParams.png = images\WinCertEntryParams.png images\WinCertStore.png = images\WinCertStore.png EndProjectSection EndProject diff --git a/images/IISUAddCertStore.png b/images/IISUAddCertStore.png new file mode 100644 index 0000000000000000000000000000000000000000..def6510a8cb9866c55a5cd3dcc95baac794903d2 GIT binary patch literal 38097 zcmeFYbx>U0x;KbR2+}}+;O-J6xYM`=55e8t-JuEYBoIh|1P$))5IVR!jk|jz(>eE^ zbKZ0B`R3L)Gc{FHHGfb*vuZbct^GVddpi1^iY(>};ummmaG3IPKy^4c_(V83L@hKF z*elw|MeDF{@NVj|l5piCqCE(zy5-=W2kYT^0JIm?1!NFnm{P}_(a4Ir~ zgG;rP2TEvq8y+rW>&M?biJfNj<*VQd5_FTP=FV1pube5W_(r9+O}kKob2+9BS%`aCk`| z@bepS5J(OW1q}eO>4u}CrdB4R1Of}t|FKx)Yq@?~o@nU@kJ*-2uvd5C-F*+Nm2!E> z@*8rrGc*tTeV=b$*%H%WZ*gewY#9J&`ixAH<4_Xv=J6cH%919uZc_2750)(O*8sHy zP#Ybc8x8DP*Tkex0ULfkYY7>H3g(RAq?#n^tDn#)=G7dQ+!uX2{17Rg?&xaYWqIX^ zh@Y#_2z%4;9;RUGy<8DN)_@8!8@yFZ#EEYRNKP8B#@y~x30G}Fu~oHrkyIauETcLK zkJ1V{t%Pgj)ov-F#yA`22inI21 z7#q2JRkIz5dv+7Pe;NVwelL#k7kT3}Mcn<~_OL)sIAQWtJwL{l=xTbz+;+(PJK4}%z?+r4OZ$D`c)8OBsmp^$E zN11!`*o76Zvi6SW5>orm#CSiwp2wc6^9(nW0$)J2$1O-P7g1e~sph(Odf@E&xd@upvw6p1$6Lj`$tj-~wSZwzjUJ72zBS ziD{v6cO~K4buD-HqCn5|2J*{H0c47kLo}me`k7t3!dCT71U6 zXNIkyLp$3V1YVW4vttMo_3v%tJ8QzL@-1e@JGe z%H~a13q9OGtu$H50Ew2d zj2pB_4&7eqX{ZU#*wib)snV`Lmf|Gb8f2{06t zyM-NS+)~<7o@Trn@~h3cCl<|tA~-6|>$iaNgW`HW?|s@bTD)O$p??-MJl?lPXKCQH zrDbY}`zv0v*B*!+F}FHa5-S&IZ`xE+FepkMF)zB+BgJ(j6o<(rJaw%cA-4#KYzP~Q zib}12B2o0#loanX#78r#C;aIZKQyGChNj+(lxCY+vif#3YPvaIL~cWH=>(hO~!7pmf?e#FX` z)7q?bSmxXEN3rxzkapuK?+H0Q?6*W>RD1*r?86Pw-&7xY+F zEm^%yKWTp7HOPlbVi=>{ozMDnRcyQ`uOB}7v4;<&72|p$!2#m#N3lMFgsd2BCF7EQ zRACqU#4ZCruGlW|@!_N_1&{tPCwP|y>~gu|Ge^!OgI5lFB)Go!K{jmmgLc<{yIglM zfgW{Rx4ZGn3?K17u-GljqX#y5%d<=G=G;v^s4=tlQ^M z&p?khS=;D>VymAR!O&sL7Tqv>RpnI!XyO3njQ9(D=dj(V8w;iOedrG9+)*4a;Xk@g6XC~j~=)UVNU zobk!$$VZ!3*}=6gy_Lh~et_Jo+~%*kzm{P=!$bOeK6df%-e!Wg7>UVXIRdK;1vSrr z7oyA4V0gCNesIP6krj-3Ix5K0@UwVYOI>PbRo~i;(LiPUNP2FQwK29;E}W7?_?5cJerQgT+pjr<>JU%w{AM)9a=EA$Qgm zHPYibxTKEk5W_*tAs7Y|0sS}{Od?w_LfKQi~^PZ@;E#Ub=w zR+#seG<4OIufgA>e@A{79^%E&_^XiG{2I(HYvBWf+zST9HBji@oxP&Po-*dxm_+ug zQa0&vjzRu>!+WB2EY;cS2x;pvxNGGt-ODfYJgmzdMro3|0q5*RFH=_}vQmhm20;NJ z_KUe79@L?TxK^;7fJVC^#Rp7*tD)o;YqX(jw+5-~l~q&hn? z|3jjf;EReh7Vp$yGsmccb)N_dKyf0zmX+)hBm1 zd^L0u2JDx50;<{bF-fxuUYF?*jr~(y*6Vw;(k(iE4>f7WzP}8^cn9T9)XEZSqi0Cz`isX{?T`T-jjxW;ukO6zT ztacU6f*&&r^;V3N@tso%4zf;=R=PyC8ej2<>MJ7-VEg^5Se>GTUdqww|ao zFXE(>S+f<%yOg73Hhq!J@A;E+)vforqr*4&t5@eV??sQ(M=e8%Jjfd^tqg`_u8!MZ z(ZqTlpZeJGh|b}K&h^f|x%x7p5#tYJea8KzHMN%oy|kvwAC@&<)fYKS^lH><(zqFg z-EopakJOhp6_*67#F27Wh_oDtviXWuhKe{s#~QJLCXd6itJdHvQzi++=EMWu;5gS| zgTY7akEPr%ik?BdL`*|Z(y~hfYGOrpY(;2Q8kGB~IJl>I9VwD}9 z;VFau-ccRRo->a3E)3K*kw?WkQ=pflfsAiOp<- z1#+(ZUJp8l*yPK%6tU57Tms<3o}H-Ehc#~wD*4rl*FBeDH^p)u!+cNq6y|@{At5cL zH>dfj?$3R>w@luae>`Q>asl}>7#ajjV8Hi${~cEy;I z>G8NZ>LG<<`UgH0OZ^D2=2oD)#9>e_MSI)O=dCpTXYC>2wzxb;hV z)^m2u<1O)Y%RNuJJ&MrV<`1_&>*xT2vv{Beiae!U)5p0dxx1bX5466o8ursM09)rX zBN9# zk-F?K%NGbSF##p&WPxcZv)3&*4gTBc7+$7O2p5%la#-&b%jxxHfa!DJVEJX){RBs& zuVNp2`}M&Wj<;#4UnwgJmi+pE-bwnSG{n9EQGdXjF9mu!GYKL=7H zpoy+vw0z1V3Q+vJ2FN&p3Y$~>3&$ekT-;~exZQBBjLnbi>(;k~pm#EZ^`~b?-cbE< zwz8*3Jl#((qp&jqya#eGijI9>6^p69%hegWtT3D75mIhKGN&myt9`!eJ$X4iR@TRs zkd9L8e@VUW^+3D6PF(#ZrxW~`BXc0DLVYhzRbFV=+dk-Yy74JR4iqnYTM#xE0DQzA zD@XV3I70}$d5bWecJ5R!|P+r9IA3vVMIeJf~7A=&>NT%ZJ29D724F!{=e zqNOiZv|7L>==C$<@MMH~n6ch#lQmE59ygcaDLA#!>9pY{ztXl(;7(5oziqZHBD&qd zWU>G`aPgeFec9)g*caibQM2}*4z~(ws6E%U!#yc@fF44z`V@X5EwR50etq516d8*s zd#aTTnmZmf7O$xHu2mAAWP9#c-oy=2tavY1< zogc@#vT%81htG`}eW^ul+gV z**@S;U}jyMO?vG(-~B2)9lE%3=A}j?WZzoL`W<6^n)Tf2zQu~`*=Ic6tMowYb=iMI z>9vBiF^hgH`|)<^$p`Cow9Dk>Z)E-bLD83__YWOWON`qoYSGAs}j0>|QASNdS}S z`zqM4!qoeQV7;c;G&fr@5x|me&=~3Te18=;O6A)3+>=h0&Tk`PL-_;CuHs=R^B_Z& z%J)LrJciTtW{vRFJ%$V3LZ|2C87l)X-(t@&WNgqQ}$<6K_=U?04KD9rry zinzpb)H9?(kX8Y@PLln*J_2SmRN0r`Yy2X-NW#g9o^!}Zs}bC3f2Hr|bQlZoCR=oK z9K)6F{Mv=2&yMTG6lolbH> zeL~px=`vvSnHvF2EwVPF$usGS({c*pk|2GZldm+#OLC2{-8Pv&G`bO)uG(c6y!Bog zm4n(b_mX;1spqFV-)K9Xh%kh%*Z3Dm=K@{R`8RY{-72}7S%B-GY0Jn7 zquA`&KL+E+Gz*&84vIJGxRh`-oHFA4Bn zAUS!eqwsgUBgLIY4`}#=SZRM9GYxIOe0qu|7x#M7qCeO9Ncw>COY9Mq7n2Nfe1VX? z74$BRSwg#8Eb(?!GIM`1FQ9_lStAfZKU?cL6VzJ}!yieWTRfqcXphqUq!ru z_|?x}At!?08my2zY}H8v$boh~u7&Lzcvvs^Mcw(=~kLt5J z<*0g0XM^lR;;%jPtb^Q|LQlTE^UqzSq&lNMKk9An2!dY*KPUnB{OEI`=r&eCuZ-js zYaM3+27wh%t*URAZw;&ayaKlg=N`*3KQ!2|v^xR38v?q#RtjtLU2~651@sAWd%9k3 z@>z#opSKhp2FXpsh$p!y_7+7dHFaK#PMf?t?7QCok> zL*z+1C@!kB{+tcD+xCtP8vk1U4nVWcNB4F90N%MqgAf2v`(nBbkTZE98HQL@M+3wxAoD>M%DC-%XJqhR zTLrhC-5_Kx*FG_*3+<*jtLk*i{t(SDl&x51u94rQ@;z^L7*W!L1$?&(e$V!-{T#M# zBz9C&r;L4fYBQqS>T)PI*0Ax(8rJLs5f91D+kQXL2nK4UD}=cB)1k?I@#{!7ZweX_ z(hwHTOn@_-Ct`3ckCprH7|F0=BNJD?CTWk36og7>fD^xV?J5w6GzeD}Z|`>an|wRE zrFzN}nQQ&`xY(v%j+Jy);Z3Gl{BT;F`Nd~)yy5YE#Tw7Jx7c@#()UHDsG)XgK-lc)@UII5`ZkNf&K;BtPl@ zC_5t(HBI24Z06tU)SW~s(H=6% zbh40FrsRj*quf4pVV@18m?)?Ml?LFDgiBRY=LC9w&7b4%p@Upc!;EZlyHLXnRk|T~ z0_nWjYYQV2R=ap`6+HkD7$2I2AI3)X;-ox%9Oh?h{r(8Qj@IDlC?}ALmfu_;jF+s9 z-Ie@O=Ou{qs$box8IB5m(ZZEhJKbiP^ z#A@T*pJnV#y?$+0W!J&r>)}~j3$6+oc#f6qIc<9H%nCVSzZzYP5T>{Cmpo zCn91#a&kTy;!mI#SiSL%2bCAfd>*f1d)$8yZ)zd%NoG#qb*fPHJ4PA4Cp`#$Jr?|1 zGT_p%T{MVX^2R4PGm*Rs?&8M0vwsHVM|Y&D`vp1uP3e9VzEj4<7J`yq78;Z)rgHZ! zAJ|+3cG10diVz&Ycw5(Mg!I2g6sBnciLI?h#;xwJo0@zWSy_`i*rkuCsPh)yRTzrQ zE%1hhNof#$r~^*^P@W=x+$Eu58|Sj81$ryea!) z%>wr5G%Ly}y!&xEnVQ=il)-({j*jC~THd<&5d_-j{l}smh|k?e zP|`&{3hwJ5HNEa`1I;>5;nJQ&SZ;-nADh*Q5 zV(@d+y@?!3#{(p3O@9FlPPb*wSRsu-W!7uwU%Hv#O8VstEMez4w*w8LU~e7Uj7Mpu zN_nXchXVBs53}cU72n|`Iop_lcvpv1qW}QQrcV!dgM)+b^!R>RKp+rXu;9K*u<$Ge zMvJtG?U)|gvIoKr#?%(<&Zu6KUu+Lc<%$LjMS%Q8Eq@bjnGE9;3&Bqmac>_AMJYS+ zuk}uJSz8%lAKk0=Tu%tVZjae&sz}Y*(^DHEp9iSWL&MIlvPUA~Tiaa!1bZJjEY-Z{ zOpCcpXRK`&`S-U|YO%ZAn0^%{kFdfBdkKy-(jR5tM8~%Aft#xYujdlc1>LEKvUY@avt>Ju3l{s49loy zci$A>xfak8GUU+!rfso=bMYK@+KJBk)szCf@KlOul9x{SOpaURiA2jda%x#&XS17% znY8c%yLbc%)blltzv>&uNCmzLWf0aT06SLfIAl=DZM-2#KmQfN40-Rlwi*$HJxHa1 zT(BL0-19MPjwgHro7%TAEmF=QBB}svL@VsQYj=4xso?-?qy|59hRgL*c42qAYW!b= zyj@&M-=_!`YU*lok>}7dc6d{}MYP%S$C7#wsHi--?!%0|2y6`&mNKj!Y8GI)-K;QU zt6OvRRWTS=F})Enx~;L&K+UMXJh-2E9S~qu{74 zVa80PM`}Vuyx?C7dL0xFDoX!_=jGFomi-1+P`(EB%wXm}StYjU@-{53+=cwxpz{9; zZ|J@67-<^=g^%`BZiu6to8Uh0yd32lFnfqW@rd}$EIzaY7z`98GIW@he)Vf9;fO2q31pqEI*C&KrDEJ{H-e`@%)^b)pr>)p4W6f4XG@<3CSC(p>+J?d-V>bWwRJp zR6yJr`F@^4=DAX(4fAR$2y|&V4fkKE!;A;#=eZ_0H&L)8w>jc+|HdPFpmQ~{`pk82 zvSOe!Z;phvCw;7AP37GqyPTdVCQG|g)Se5Wcf4WbjWAcG$KH$HC-ble44FpN<=6<0 znDOB>qTgtPy|9+&ydsA91U*{Q5ks^JOGSR$1tuO?WaSq|??j(BB?7GC zpQu*Pg;^Ga+XhJ8?908MQvBQdvl$IJRtpDe<=i5dDg{Gyz0k{2a$=wA zeKO>uNq$sbgM;Vrieh*iXC0ipQFt_5wQzlQb&s45lsPm31fngC7k|l-FfewA!-}RV zAz{NfD1Rv)6ix~+4E3SfzIacRCW@zi4g6*t%%IQmnWHH}-bWd}n&Z>j{&q<$<>5k8 zxBT8u_J2bxdif(jpc2z%#rO4&L=^RSG$b-6BSqp!D9BX1%OaJpZvgaOZs7*Gy6<;f zh|C@z0Yq<*zC}n?S;wN5v^xy}jzsivxOeDoD~5x2c7JtV?`5_K;!`PlQA!(>`r5CZ z4Gf=-yhnJ3t8#LEe!|5z3t3PG0@JFWM*ko-VzgMa%D*D^Uurd4>$rOe3`Oo&%t*@0 zit6sBzB^E#B8O3F%&YzBu%8Yz{QNu--?S8Y92S5_;|a&`$-eYt0s>R~q{fm#<8RL1@+rT+)a|7<>Ygf-xj zMf1Ne%8uIE`UCr_u&(IXK27(x_SN(6<}Ci!zVe`R4|f+yNlD-89h1S`Jw4Ou9)Ga@ zSc6M=dpIjfG~hlJ190d6JCk#$=QGuxy=_*FBYyj0WMo9aI5kqv#=Ez#k0~HuHbHxK zhT_k-hA184`q($AEy)6V?`*LkLxV}dKNB7|ReDkd_1#jYFc?|h8TuRC^ujLZ3kSOj z40`_dv-luRvGTv470FW!-n}C%2Z08CFCQ?fVfz6)KK+*K(tiaO*nvu`jEvgGz&4Nh z@0`ZedKwpYaA#Zuup^@X=SJHs)S{D;QS`u$Y?=;+HnW5Oq)`7SXfuUJGE=uum?N)K zURCEX`9Z$9KaOJBp+6T^2eRp&0w(MSRju}P2UR%`sy%W_b;A{oH-^ozOH0D|1OzTX zNuVZpGrHx^ab|)Au-n-6(k#+oJCTQ)>*xmCsY~bo?U|YX6%?61!ZGnsQ<=ikBO_BW zGU9|txB+~7i`=&kzl7wJru5bz(6R=ghX6hexw5@bk)b-Qv}oD-PFZWEdYSD8C$Ntj zgFx!7%6jtpW5L0G-seW#u-9p=ylz%FzU=XYC*r`%wQ9#;{EzEoq@bU4@ZLd>mi8;H zn2VBzAvTlm%Y?P-TNk=6R9mV7D^nKA1tufR=I*7W;qwGZLmI2^+^GoEqNa8P-H2Ps zp--E1@gG6ET^2B$I>zq9>M?KSTY>@Hem6l*W~&b$y%&p-p$6~0=}6#PxY)Dz0@|_K zp{yr4JF!aO^)mT%O?Z*^ZCV;4@bw!L3=}c>r0!Ez7 z`rv*^3{~NKx6UC)-tXtxa#Gs{GTN``Cpeg7RS8Xz$m0>NiRUcDMLPREO4(yAMvhw6 z_RnA?1FmerEVswES+pdDhnZC-bPvXuYKJEmvZ|xQOwU0FKAuyMRyVpeAxS zF>H@;)6=f685>Ed>dkZv{0(*Z&MgC&LnQbtKTGD_&-=%$)&VYzc>Pjppdd>|f59}A zkg*xE5kga(dK*;Ja-MMbJH{t1R@Jzk^ci?GZ|!9YS!{1lW-^iGB|;Lvst zl}PLV1kS++kgR5|#Hn3r8TIujHau39+>|ILtV&DEh$!Qo54IyyrJ_xh)DV4S3U=tJ zn1z+_-R|Z>@uQNQt14XZm%HI|b=nf!Jw&(tKOwM6j!TU% z^0qvP?tC^b8E4!ddEweCWKP~mutl^*LomPGYRmtDhPv77kLA)TOfFR;RY@s~jQl;r zviv`lx2AiQ?Cx50aH}c*6^6`dR{FqNVBl$s%ZyQkkp5HE0i6tP#Gc$JMkh<#kl`-# zKXiKNADv$R&SN)DtwV;2ULLbDo0c}a844{W74itn8Yg$GC>;>+CGx+=jLf)(qJcoR zX&xLV^UWsyb1Jd+L=gh{tawurC&wYfjR|j>7LT}Jy&%DkH9Cp=-Ip$ZKza7wWzd^D zm>IIW4xiCBd8RJTs9^W#&|Ci)NwRi50O!3>0>+O&B^G%-Craj~6Gd&lhn1?*kl&6W zQ~om2CQQs9F${;_1$82*ZE-wtj2A9u#VOK&<}ob`IW)A8W?%D~EFlF(@QbVnrgnfp z;It)-4Z(EC8%`K*{P)4W|Bk_@G8{1Zto46WK6jiQn0fq9`kBvTZ+VhUd~*=dRFO<@ zH_I6|X_zpjsaDw6)MiKnFrXjb%8nwX|CNLa!+7Ot8SvkAF|3F02z$@}(ZR`o6vlt3 zmcf>vn@E_jr4H5F;Lkr%4G@4UB`hcPf257_KNk6T8@9tR8EXD>=3raT00A}yNiO;q zP@9qr#$W3etEb^H2W*e#RtTpDkw$D}D5S0^LbXkvO4=G}a|&f6jRWQIC(_7|%E|AE zs7z2@v>Y;0YNx9ya%tCQYzi*M!D;PU(9IQV4+OnF-g^4tVOQ5Pk4*2A%8EX2>O5#x z8e#z)!xQmG<*2|&$d+2>-OkO~({H}<(qBG@m{1}=j`xxUsfwc^yC45xW2-m1ybX|F116h!eGkFu&HgT=w z4tzy^N9h;q!I}q-#MKcpOjqe3M|cHthZw`272p6jh1uk|BICUiB9HA9se$YxAb=v{ zq&S%-aW^PGL>ZklP>g)T$ktIery4JYx^GUFwZZQ=A#;=E`YR$q2nk^L~E**zZJox~W)Uc6;$$?!M|4igCmiY& z*nhXAkDogC?dL37>%0_s+v%i>{WB}UPLK^8Xv1cU6Q=^&EFRzon_OisoquaF4Ujwk zgweV2WxQ11TMjezv}hthsLE#bmGE6Z>F-Yhs44ftp_?5JU0qzW-(M(v=zLDl;B*_2 zYurGRh{bf_%Uk$a|D6in;ZTEKu_R)>$*0r44r* z{FElQKI28_eQmjxey&fi|H2PFUU*^*w|S2GmFf=7sMq1%nV=Xw_H zFg2eefpb_kVzF)QTJS(`u|G}2>>IcH-y{hF zuDDNeBm070r2ygF0NmSI3E+49uXk?CR39wxsZ2%5r3a zznRy@Gy~y|y?_2b8_i~me|}6FJHVr)ZYI&jOq5wR9O(3<<3F=u%xmumrWTmjcZVOK z(Kfj&NjU49A39F44IeQu2u?9Fc8Y9{-@}bRQS3x+irdFINE-x8X#ITFw{ov#0vyyu z48-i4-(yO@3p7y5m)W-{MzLUb(!H)w>xYm)b&{(Hv#3>;G7+2f;)DaSGoEug3H?S& zy;9QFCK~*boF!~vtldo;69+W0co%o(T{CL-=6E$U@i{Bujw%Z$YZ4)#?>t0x+4WaZ ztjw3l4dqn=ehNUSG}U_5g9dHdoYnzWf%a%~zScOp{fBl1BpnMXx(6A#+G>1jL`t%rUr+OIcqZ=X|tK z@vmxOeQgXMrU6UYU`@RAAHoWz67?H1`@rvkK#$C_@xKE=fz2fSAEjtDlC6~i6K4iA z|CAR=g0)@}YA&4W8j}LJRMaI>=E~`Hx_|uGt2}T87Zb~sQnPE^PngzJn0V{>P~^z{ z1iJ%~>RK?mn{L9E1&eON)k|#o8@QzN^T3d^35(6`?QfNpAR1iiybtuMOIyp@Fl%eX zXV+uCgtZh2rc*_3-Lnv3N+Js5ALI1@D{1f-nf%Y$`+u|e;7RbNTdB9qAcTye+T_Ac zRB6Oujqi}`<~q1G+VTHGN%xI zvEec92O+9|GS-}}ONP;5w>itRxyXQnHWPhefSyWmz^h;KT{BXz2X(Sw+a^$oA{Us0 z-bc;qXbp)z(|8;^bw>N)poDZ?AwJfPI0!I6F7z~(2^K>Ldw`JOhi1CbZ_&BZj=N1D zge##-ju~n6;^IxvSW>=uSBv-vsO2$4FA%a_Bx!5jqTI>`{BYxZFTjfv(iL)gg)TWK ze`dJ;7?$1-SJ?B0!J9=r)xmP({jEL{GHTcA0AY&gs3tEgNC<5Ww|J}TvQ1}p|JlzQ zn@81%z$RYg%TLeD;d#FwS$_Vh);16L4mrmn%cPG^iZ!=UZ?^%6vzd4?(^o&FGbhid z+nsbWp(-&vR%wiEZmzp%7m2D9sqNK64o3H01wOtBRNI(LmTphj1`3y{y-WP7{fbb8x@XlfjU zc!JfXSYzr)!nsLHCL;->-8ObMi|*%Aof|@liMBQy=sJyazZmFg$>T#uDIScAI2L)G z{pjF4qj1$AbCkaAT)t?yG?>rPsK%LXXgz{(o<~a|czQVXOfRB;SiafZr0M8Zi-lKF z86rWv_Oxby;?%OLl>%Pk6s5IP+AlPB);xQ&KDtx+$A?pvl=y&1m_P5c!zeT5Mk4Ez zN%}y>{AnuQ*{fIA@F%O8i1TE1SSiq!&hmDE+GJ>DX*;$|9G19W3P3w28s;ca>T-&^ zIvZgo-N!GtLh8H-O{Wzc1z(31Ex~y=zhB@J$OFeX4pzJM zRE~F{1!@Qz-h_-&a_}?JB<~N(Tniuy3-Wi#wDynpNyl;zF;@L|THbx;e^ZCtXnA&Nj z7N1t6NhfvdNhJnNB+>_V)!|r4SI>|IJu=5rzg0Z>3kE9l9)<9-MK?F3b=rF_9qKVB z6jSyhFw9w(oO%2cTKF1I5B;&GM7;mY=V$)2hI^U4Ot!Wj5jMVq2Zx8HOiYpLR?~P-)IWhB zWdS?UEGE^?InoPzea0sHBDXc~5;MNBfc?*v_jBUJ+1XZN@?q2$DNl5vRFnbs>M=R8 zoRxc^qd@%$SZlHS2K8+3#uwmqP4VigwF zchDUWd6C#fBvvKH8zH^kI>FxE^#yF4EkeFAZ8W~VCPeDS&L*|_ZNg;82N>xf`5X;T z9SGA;kprzh7h{F0xvo^yxe2eiWqjUq1CQtF$_i0iqxo(ksQ3NG8=DCi2}#}@)wNgF zxg*Bio1Wq$5-4fBzFN@!3u>@(T&Egs2fye}@1F2@5ad$VEOF z=mp)dijTF5MUKJ(gpn|QvNrTA{{fn{CX%ynyTaDO_d(U@Nmh!oj6LHWO$+kC%fu9T zm))^%u2ky0!Xvp2`Wsd0euR|P;q8d4@C2$opoHu7;kB+t2m7-r<5mGn4$0Y(Hcm;K z0#5*7{D?|j4??xv0|#in8mQe-S?j&g;9Q!OFnFJic;CT^+MfoV27GMJ1c4kGNvP{y zkx#T?;<(Fn_C8s^Z4qnM;i|Qss^M6{f7a%ggne90+U9SO+12H3OgJibKwNu(ZwXt# zE3(W;23g+j!X3gqjtV1KX85+v_F9BIL~{#?ps7J>^~ROcYgIoI6=ncxL?IS%Z`0=X zjEBb&J(Es`!NhEF&!4Bn9S= zGWDoyc1C7)8CzRHS!&qDKxMzGdBK0INJIBKEqaUZ{~vK0QI)L!NVUuc*2TeUw~Y4O zyiSXe4mB{8-%5Brep89FQ(%1X?d4|a@IIFTf85~N0#?Hp+2X#2ljuXs* z`+Z3!4;Dj=k^apJ`uxWX?zN6ptiUU7=N}jN_TM}4fKbWIL-aEt z!gyi-eL>bs=RMvR;BDWY?I|qQTQ{U?Qp%ab_%k<#o{BHttN)y?xny4#k?H<dTlR|=;GMNsSrqIQw)FdK;Uk}Z zw;RH9rT~F)5OTaeKSr`&rbdyOI=x^A`Md2+k@TC?la$+WoQqCX*2Q<%kbK})(;dT| z=;ZMDb3G4iI!E@UzL`pDMM{9kk1QGmY?zq~Zw|8%|Kw!7pL~lM^dY7Uxto*_u=g$I zb(n;RnV0W4p33)9QAn9+Lr5Eu555rx3Kt%Zn+RMW`49?R7&b~9X+i-$-r->ul?W3& z6Jf966klgeuHw8Gn^Y{bKI!z1r*j~R+=Craw~COAdUANgy|&8G?o+U!dRJLpmnn^N|cF11+P zR-6kT*4X{~PqMgM#J5AA_oYtumkp|4pv?s=w@toL_i_@G0bpsCp*+ z8%1pBfWtRA;H7c(z5z^J!6JowT0t1E$^3tt*R-{Z?Unrx13CX{D4u%3qPuD7;^I7& z7&pH*8R}-GJXoS5pp;C54eRk)f9dgm6Kbc`uVC>V-Cq=QguBT(OyNiW|3(dv5bM)bd9OAQl4BvwEJig_@4K$Q>uaq7W33yQ2_Z6*gObv{U zLtdynmm;IIi{XC3n5ep`;c#A0rZXq5+m8*Ay6<_it8)BECRoqh-NCVyC+^PYh0&Q6 zCYYC0y*Du%9s0D2J6Ctn1)6QiYlxy%BpC*)h(kgSB zM2pjhnoZ@SIxXg|1`#C17yv>qg4zS1Z$-EEFrPHi>h2Viz!2#J7gR&psT*PPqEWz(0Pk5`d zIPI}l!g?TgON&HBQIfFhp89ZOMa1zobSDwAyLajY{E5-^APt6jur`}dIsp!8FB03G z@X|RxgePu+tM*fz&T1CiNGw(R9%X^Uu08(M{0PDKZujPvIDT_F>COBEdo?wz&A8-{Nkth=72` z-**?JN&#&&FWMKQ2c1eelX6{fjQsV2QRiH9qX|LHC^3Pnj57qTll{_{pgjo^9a>ohU4hA-qR{2_x}M za!>n>7U8ExRdFC?P#YV_@muRL0#?wEc9lV85l|S@`G*hiDjSnV)$@@r zJv<4&bCU1#()iU<)@w(c_Cp4FHb)7+xeP= z){?L1Vp*Tnjd1<>`S=s>EgcJV3l4SXuD*0!$8t)g>dR7L1%q{ldxT7*kc_x|I_j;zv~0T z-17>ah~RSdNrGsMj_d<=b}wWlunY*SE1mdkAf??FmjRm`$bqi$8p1So;(yDuU^9~< z&)u&80Nn(b$b9^#I!NhIgo)*SuD{P5{D+H}_T>5p326R*8xcj$gx)k=Rnpj)G8Ewf zz;6NXNjj?5408>|RmG}=`Q?NWAP0O{EH{?jnhSii`0^1$B_*W2N+;1{v~|S_x=>tS zc9nOAg>tJOXMIQdLWJw$lz_-Ly|LE$-pz;-B2qX;aQNA=l5-|iN=cz(IVm_A3uQnp zs6L*>>Y_UpyxtDz2>I6$vZ*7`H?Bbz_Q9I>oZ?Dy_xxyj4w0sh=?-(GbtH?Hel*Zi zHKK~r(pF*QtRCK&0p3Hs6U>eE=s8z~qn294l$DsKCPzAbk%!gaoUX!6|bYnZHh}QzD=+`_eh8w@425e<<^S3vm6ic@~zkB&M(s*K_ zfO&M#VM%x`?tMW4SQ{%j!J_*@TD6zJhra6{qc_I(7^Qz?$pVkX+5 zQOMT_)ZWqpds2+t(pdI~0DsQC3ndGiw4vjRD}(~z@8FKzD)$QyW~VNW^>3W%(A#SnDNu+u#|OTnEk z3lT5*uBo#tNs2|m-TCti5tE!JwLO8dOwAWXoODg;@VTZQDg3i=O|@Q(b0Yl-zV1?!xxIO}s$%J3Qb|qMHuT#ltA%@&-y`EDM?wf)XvsUv zT(@hE&H@TwlSixc@frLUvdqRa%iB+%J$q8GvZ|cd{a&^584Kfwe!ZC(XK{bgsz`_n zm^PXDg2?%AJkKHh^p80~W};m|>+nRD9Nm>zwz-@5!8evdG`17^y+kq75e=^4etd)l zAV8E_EHBpOSum9Qc-H|hrq^vxPS89wAu6lcQR}6%tGX=0e|nqlcV*oHBNFQnq}!LL zYO*?iyi)OSBZP@m!swqZ&D~XbNg0|r36(d&Y81oaxiQVyFv6GZfe5sioI%cc95CA} z#DKWbBB_0MLqS~W;LNQQvL&Ox@d{aHlb#t1qSD3$OAhv?@n@H^w?=3buDl^t=$w(_ zJU!f}?-yl1-8BPtujb)+{lXx3W*EZ7-M_7=Z^D8i5_Ne7)6{{N%Bw~VT)UEjXxu0gv#?Sow_Ioit8@$`5j6vdREW$gwD zwnE6(DB&^~F4Q+c?s3&;R-zCA-Dp1?=njz9L1^I8p<5q)gSR(=Ml@V8PWj>&8C!+q zFhU=`6vV+^Br|tqrv|$F$~`D{PF04Uqmc23DB5 zu0!-u@qK=@eO7tdCDgI7XW?q;jA**7QoyO9qv{RNXm1DUatDI|GOJMOC(GOVpJBNF zX+qJzbV+8*o8dnuB?TWe-Jop@q_$U@PW-5`)~_&~KpW(H;C^lQ{3dW{rwV?J1CUa; z(_q9E6tG!XSbmfn$!7OV&&*Kr@oCd^X?xziN=Z!xVPJeJ(sbl`-Yp=UB~l0vrmGVX z5y9tmtEpRcn5niD%M=ZJ@w|y<64U@ydi=rR*|0QR4gM-=n0?nzZZ_6-G#5X@bzpS8ar3a8Aqk9gH}b-e)0EGT-n1#=*V_MzR-2~LTnDhk!i%ot34}y`u-fa-_udSNR12MX zFTe6+OZ9|mK>#S|gTVb^I%Y78{lmd|4e+^UC_xL$yi|77Q!S#NC`ObYu}CQMV4dGl zp7JMajroIcB4i6RZ#VKR6PoNO6mKp%R~Fi`?&(vi4iKZM)i_snAsRXn`HWt7rSgPP zPi9vO@`w5Pdo!$?D%Ur7M3*OMS?XH4a*VV^znVC91Ij0Nx8sh z=ScG{Xni|!=i8ZS+u}A-_q9nTW=@uq@EHM2Gtfeprsjj;=%8R887>MRUWv3NQH;8a zCF%CM5c#~|cEa2)nfOp*x`CE5=~E&tC;sx4FF7^om7!2e7s+{5kofDkAR=atQr9lR zG&uKgKwNxg@``_zzUY`C`{yCgfa)EF1zo2vhe`=o3*8m(Z*rs=>H^qGp=W``E?*@gR)A_HNDUR^>I7s1Rrh+; z#m2q=$uwF0r~i3jscZB4bt*wVFR@|GI|=g z%@xS%oU{a@N)kvJ6EU3GF1oh$lKx2m+T=~%^GkR`YsK#x0Kq6*YQ|_rcwTrBV0|QP z#+iMt7`@fTYHbQm+P?WmkLcsj%A zjV1TxKZ{oRT?d`zE~?41#9xJz!DHbBv*`2f&F0yVg&9_6)|_Wqd-yk9@s9)_9U&wo zfE=a0v>D|7?GTJSgPB*2F`~i>$pu_N^R3VxU?B;YXCKj_8@Xy*=h_J$osm*+1bsFg zJvB6|i5{^}xwI)BhTz)VtWF7J@oT5+FwRI&e(0e(Gwgi0$p+Sd)knti%0ObE9xC&T zZq&53j?;d_84i?KXdQo+SPNK1R&s1nz8&p|hXjkzzRxcyR2R=BAd>c^_>;`yqN45a z5#8ZhzZ7Phk9=?Cbmv zVukIi_Y5WZ`@B=Zf%uwpiBC~*{5!`8RTW$xHIo3KDhq|4t#_fYwG8E;z3@t=``)|i zf}(dm-I59#Kq7r0tS zTWG$Ljt!Ojeqbcd>4aeE4A+s>_`~6Cu=+GLT_#@o2bGulOj?-5?$dWTQXw4lT9SY< zAc@bD7bqS_$E9slot$c>%P_C%OZLZ=;nDL4_rKThw1g_P_Y+2YDoy*B%J&yC%{PdB zAbG`zU0=Z@u!Y%MZRuWkb^B#~sZcF(gNUx80&vSx0Dj5niaOsib}=7 zb1`z^(;oz{Ot6KWo@a&u#*ya_z1<1S`WU~ro$oYN0;*(#OQ)Z%=9vS{KmR}dljNcl z+ezcr3-I70pG&V4bphgN3=ofk#V>cG44@w%zExOHQm8$ja4n%0A+|Iy>n_6){eH9; zE*kd~cq*rs{p>W4l|pQV-qT)Fn#_(kt$9|j+|uuPep8%9t*JPZ?$cC(=JnU@6!^Z^ zeo2-QsQyPcc~z?JTBH0QSZmx_&x{jlJzRT@Er;6IN9f}HY2MVu-6L-?M|h#=Rq+HD zkyVTo_?Dr>fNT1X^wQt@#$`%7XLtsHc~*T!v)v7yw$4C;8~CjQX>yEKWRK{|VqNzJA>z3IbXYcV3dn^pk`>tus@MQ~XIXyVdnS8n4>@|HLZ(i!j&! zK{*t32DK`I^8OU1Biz=65Eh)ifOWsLWkSeAtR9rc`&qnKk{>KPWltMdRz(dgY=Un~ zoM5in*>&Kmo~`9JzKSn*gmbxuRja}yLeOruR;gvjdRE!&f)sh|jK9p7D-B#^et^i~ z&sAsNBiu%lnQbm1Ivk&2Oe!IqV~9BXQO}E)#L9F#=$qUQXfew{q1F651z^Vjk{BFU z%BN(&i4{=r6-Ee$$Jl-6ZB@DpE|&OsvK?{qCfbz=k=6#Z?>ycC_!&APtyY_jk1Hee zN1&@{Ye)VHk$H}L>4Ox1*+-h6DuJ@H<0KiZZj&trZAb}=O`;#HB(v14cvziv3IG50HX6;344_$wPNWBzTJT`N^*EWa#wX%DphHIh#luncYQuN;EoB zcu(eK#M6_`tV60*jp~ADVuIcW{yG+i&l^}ju(WwV=qbVIw#GX~8vsu+y!-+08txs~ zWFZ=HEPwX9Kqn4+;vfM=>ZM5<5RLKx+1f|yIv)KmMVd-NHI4V5SzcV4iJF?-nbN&@ z(GT0bBI4%MI;N_rvl8%Gvcq_J#DCM>7=Ab{CEHB@PMv?#8{0nng$B5NNguAJ(lj6@ zf?7AkoQe0&jJ0ZS9_3(kE1_ALSQ;@WXO7A64!1zH60>y>%0r%QrO_kYgb|=M2kW9Y ziMba8IkK{hD6W`()JGG}@-%=vxe2;rsHngm7u{p_ebzp<>V#{Fb1QJpu?T;yKCw*ND3Mf>aBy+TS1HP-~`WALU*$?F0NBRwe~}&xuWauFv}Ha z??Qcff~y{yiWCY2P}rl_cJ@(X|U%po+8a^jsKi3@orW3~4z{i-E1vy4AEM=PQ7 z6T4ncfw17`Iw>&*%L2g?8kBnvZv-M1+(0fju<9MEiKS||@xhW$0w-guXW{nj6h_l&$`MSr&rc90X^TcK#7R8Tme`{g@Q7(a=`*Yt;Q>9kq@RD&sYNd&RK}MQf!9h!TK5T~(ewlpl9F zcd9^YI);}bu=1VDKwy|xH@v@-k@ja5EpTxF0dwWx%iYF2J4#(^N0fohkRLF8J2DTI zd;{nQAs>cn<8b`E_PT6l*pfF|x> zcIH6a_}L(Kok}9${~%3Gre*YMx4mO_`tejaC#9MWVDVgYaG|IW(+8YjWeK-Gr!9SG zVA1E2!BcSwmMAuuTlAvlau6O3B9-$~+I(n6j;gnN5=Z(vVs`dKT%{4gHhMvLvt(fV znty+y?=a4YYwcK(Yp}ZHmXuu#$PqE%8Apv=mtB^&gno_wfX(-$pNYCy;G$Ser=u4J zgh4!X;mNhKIQ@24(RX#YsWzc%`DLUvA`9FT`{dwP2fRT&O>;{_m0Weju?gZKH%!94zict`Rr0tP~@}hEav+Lju|;B;d70JDk1m3DLYEH zUFSg#Nam{YQ5hea^}PPF&O-{Da3q>FWz6uB+I{hZ#aWlA?J&+-_IkRk*-LcGvn=P^ z`E+_@3)_K)A;R?~t}viu4z^H?PSV85*KT`}w@JOO{*4nIu;p()7}?wD-GW@>&c%j; zp4;u;QmHMyJokw4a=gFjXR#%-3_f@E6D9IvG5%_`(xM+Wx(B%2$5dYZN`JWd-Z_s_ z`9pg;#Q%UkaHFT`?R#dH45qz@^W~4jsUah}E6g4XR^N#!T+@X&1PV*u?>$R-d(hi^ z=MilToyMXQETiN6K+R0C3u9y1;K8u|EJDmv7T(bPF`ywI4hV-Zm;J2$)|(3KX2{51(Z^*}1*hsz^|4%_UHpjHllDlbIk>B-bNutxK>X>}E|y*d z4v2b4eo+@ZDOEm9i|m8qQ$s!DStqBMDe9{<-R8L!9X}i8bZk* zu3frez>Wd#v!o-~9e1XuLZGGW3}N3u-h+@Jk*O}MJ0|=Mm?Hr)Q^itY^F2zeXV`Ha z=*Uyms|2gFXyvt+ zGdSx_BNY9rPbKCfceJ3r}n_j+@xOU8G!!#7(7;8l^4h z2XV@{fAEkfxXM*An~K<4@9|WR!+R*{;$9x3Uw>Jey2~@t&jT0*Bo_vTac@-U)UVbj z`7W4b7xX#LZ%H%y#psFkqD{XG!3CRxH`cUHcH~Yzk}OYR(h+{YoWZw^_+hZ-JYH0~ zPEPtX>16FbWRT3|z4l28G!79pC@NOf5v^mH)9H(+$siYfH6(XPG)gFghxv=_ zbLhQhy43m6cO)*stU9gNuskiZmyby3Iyv)j zX=Qw|Pjs}Q@3}*NXO9qx@-xhHY|2F(^geJ=lfV_qN(6Pt5fPBfl=oK$!nOjCd;v)i zXh4oy&fWAqz=%=qD{TU)^%gsJVY>*2K^Mh#B&pWc8p0|;R9doMuGQIDaur#pE|tda z!CQ&gWeu-ooBYH`?dM39o6+8{IJbrDXu)m4rT2%ZNCFLV!ph;7o{8`!*>;}nofP%S zYai9m2tcps5$d;ZbVfHJD%c4+KPL4A{!H?S*%!k973ARxXv1T#0fYw)?K@IOZ@b}s z9m{(P=rk*nB`^bH9eLjXYP%>r<)!qI(;PgnZ^NR3oPfm+;(?I^nb{F!*4<~ky2)Te zVs22RGRhZ^?VV12D?YwU`?~hr_9A5Nn+~1sjjiWz+w;hHkm}D}+a<%_|D9Zq^ruVt zfc+1bG7Gc3=2Q=_k(U@e^(1)3&dwUN5}IV?zp-eB{V=}K#SD*r>aFd`4hjZ1i@wJw zlVZoNb}Of*HQafi0aWzHcOqEz5KD1{Ne49VIOz`(f&yU^`F%>16CYrBtL;h)?WT1m z*!$HC<&IRgp=9k_1{tz9r7%u`RFqB>JvyH=HS}B^=gNARZ&@G7S+;q3@rJXt( z?7W^1^v@1}=5Fz1&Sdcwye6~hr(}du2s)Q$0*5f{Zi)+br#k#MhRQ2iNVsxghf68zC;bNg&z(G(-4q)PAZpV>g2!jLF^6=(^vhExAl_vlzNA1gWr9W2v#@ zqSoF4VcMaWn0-dnx(drSD8|ayYGZs@%(o&ss`toN44Cf6maaV)7{wu)H6X(2h^~e1 z*A&+K8d55T&Oytm)?m$B>>>*($a$OkD>cO~BXWG6&!kn#WpmDieYa8cx>b|ayzv=J zClV=j!f)r>L1O8ee$E@O_1e-PP%hoEtZ$E5p9`Nyd;#%Z$qPGF?}qeOVxIZGBge!W zXm@N{y?@0=6gIT%UQU+}vGaa$)61>Eq8<&joiR=-14)3_Hg( zdM9daM*BO5DIS0Xh!+g>>FO_lH?T0)%UvPWX5aoM{6}Q>t^5fsp2{` z!YyW^5|1f~q_xfPF1s7>^UQ$`P8IPM$avG24EfSM@DDQ@uNxE;(*Xgi*o2ussYNRs z#cx@ould7HJM(R#J%Vgm#X)$XO#r>jkEmi8Ni;p9VqBx|8CLPgNn9N9e$HZy(EUV9 z^ZSy*q~8LijU1&Eg%I|je$<;n8+bg2P4xzJR@$c*TmHo>=BWy zPZ}2dX#EV`cz^nh<~wjfgSq_S*$K*>$~%l zt+D}Vi?B{(q4%^Po*%&b{aE65_Q9a?yrqFOj`DmIhVJ1|q$aO1*nwoyg9gSrJ3`)a zY|)J838^JEY^5!q-vg1)re&AzyasxOlIzp@{U-KmdeS3E6IlX1(sg@FM2!J~GGo!e z_hk73l6HwYG$n=Iob8nYyu-X)8R1%HLxvWK=D}i@64{vz>Q(AkrRB?!kz+8t$s3Et zT|{PJl$OO|x#Ttw??TL6Ag2ni(%y@9`y8%mcG#kv?0iXxm2p|n1*0{}2r#Aq$;bRu z9Ped)iuc{j#nM|n@?EXNmKl?DgV%}PFDp9wXbnpmyq4yd@jbEodbQ;8_l*F(CRQy~ zcu=hpR9vOv{q-b#u^vUerWwcUFw~kIIi5q3(GhVcF$}CwpGT>CjdW?J8rYeS8KpFe z+4v>A<-B8J@$31517aVo#2$_OBBt0U$B{m;<~c0I8p6sVUnIr7{W$@cAv@moKGwV0 zvb>?Jt&cT&tSApS(~V`OGlJ5&iF5K}E41CZ2JqJ-_(nE|(Y!-`;)2qOAe`5G0DepcMyy;<&zTZ{{_FI#4x`@p_BuES0eJ`uqVpl1N zzA-@IGA|=_mK3=3Ipb}eL))R_Xp_WOSPNY^Dbx-E7qge^g^cuNMy2FR+@8xcp;~l| z8xRDg@R6U+l?wCr<`v$;Ois?RST6p6V0-EhI7Q!0H!+sFt-eNaoCnv0P^5^S%e&@% z^0UD|HwxaEV4$!OJl%^wJ>To7@HdhpYkPn1^=w;^(|MmlRGq(kADW)LLMl|W!)8JY za!u4>Nqr<%hk$pAfUVb9WRENZUX313+_GQ*p>?5pp}}nJI)idoB&uJgaP`_%`qUkD zrkGCna(TE2v#AHyO{?jPvM&b zfQmLEB+F=)Xv}X>IRh=j08ZL?pA3;w(kfT-Wtp%h=c(QmnhFPuR@<#FHvSDZMx{=Z ze38#Y3G~M=@(*9B=8rE$`}&udn&dOciK$a~iB{Ke+Bn(Itj$o5RCkig?S7HgFHOy~ zenqMa8gl=N3r&SKGm$Fl9mvRb+dyQkELfszhh-qV+rF*1P0Z=Y3U6~LDQtn|?=-nH zS!CwNJn_zQ(h5`T;5_^-Wv1Cqv_1)e~E? zjf|uHJd{Z%mla=s9C!!6hc94;)P}du20M*+J{giq7`i**et23flartM5>!-rB9q_O zyG(>IUepqfH3jTENS|#m91@{JmBmBcO8$;e`TPyk9F-rmmjz6dThv7xw1Ae`s*y8V^;!! zaCz-{kRQ{H1g)n^e)**VPcPxKEV1wWIyx9WP>&Aid(o0CU@zHnA;`qefpBnV24^X7yww$S&9Vrg_uc6%agMx>c&2m%Jt&OZz|ZUtUYMjb{<{N#N|(AN`OB zJvkBiq~bU`%)`!y3@BM|wA#v&3OG(aGQ0QlG{7f)VGMcMoi?Dv^?iN$Z++FPKSbBVm`(N~4ahRa8T7;)bd_Qk%lhhW zNaJq$J*f8v$%bpBH@O^5dVTj{p-g>qvBiYP+ZZSOYc;|BV)1885qI^QG%{?(&h~!J z(t1Biv$n1hyc7oK8C-7d21Vh=OJF?(A)qxM1IeexZd48jH`+Y{wWlM@z{ZQ~Aa z$H2vG)nk-dzm9gf!z-aJ;|@5BVwjfwx65JWrax8hf9~0iG36nbGcy-CbJqUDH{38Jp4?&p_s!gtsm z6m4hY_t51v+uhZTj`8zD=G2=tfUovQ(`(+-nV=(nBlb>*4m;Tl*r1@Xl{i-s-VQt^ zn=%%(dB@!#iYDUftT8bXS+M}Cm73~x3M0&U*?KTlc9Z7UPCY6op6EWvX^%n!zyQUC z!`KHaFI<50Zd9v9?#n3zwlWdj!?Jj78{!BVGB{*6n32}T$Zc%?swCR)+sor2a~Ex* zC7VAR6En1tvjP!hw}%ppVq}Bh(^)FvAU(^eF5E1RP`?oO4_*pSAr1n++LFoDms;eJ zY6v&75o-sLOR_Fqn=l2On}Byi;wsJSWV-eZ=OTfbg!o(?%8j${`S~|3LfyC_b#3Y5 zKgUQKv+W;l#{20nbS_WcLs-u?4(%M_Q|(F%HbkRyOXfGvNSgB&+ApecPfbIT&?hj zfh_&no;Cg+Q}Dim~h!`t%Y4?Q#`+MYAI~uR&w=YK!w)Y)#GgXBQ=`p ztFBRKXVG2S=GfJF{RmO|7F=}?F_<|InIX#>@QrW70DLfI!#n|c`_ff!hb_Q;LrrA0 zns(Byoy)g-i8w9j;)$XlDlj~S{bhc?o>nJVJjug*Cu69;`QY@TdZAZRePzOx(zY}O zjQeYw_dHhzMqV?#(TACUi^*N)xgcJkPGCwdo>c8Oa1zbAc9ZO(8<8ac)e+LMD`3gUQB_Ns91xiB{`? z@1AKESCuz@rUJFa6&Ym`>-Hl{5Z}J#HVhB2+PjucaQMn6QmVADS<2c zqHlG?r@l1*gdcaHgy1pz>{&avTRfdZZoHTAdjY6AzL@r@eUl6Bu(;{bgY;_6ub}$Y z9Rzo}GRUjb9SMR!+Im;JRG|_Y;gEY0+WFT;z|bcIx;{_H0g(*ZdwS3n$+CSZGP|D8 z&CunIiWt>EY6xOJ9ivB^^vA^=bRLL=~5%ej;Dl)9(!R zmS>$Vs7Re`=ekLk8f6_ncV{<4aKMx;Eq8JW)n|(K4Y^qd#b|dWY=?3kjcn)#`_bwI zUWe(fnNzK)_)M3CwGfu1*f$4B-eZm94ltY1}jldn^=zg1nUPHND~ z)vZ}m?9fqsDFh0q;@Ah2ZRniczRUe+cPIAM3d1|DMRZKeG0jR2C}*UTxKq*ik0UDg z$5N*rW-sQo5+IZDxIWhh*7Y{a=sD32DPM1vfIvI!%Zina+I}LfL+&P?SBDVSy7PiS zUPnm#D4y_xe#oJKFnP+ggP%HA-xJ{cd9`N0;;sl%F(|~_UtyOz(=V}J*gMJa1;v#tUf4M2>tqLVP5nZD{{FZ>6x|;K=iqDtwBh$al2agJXhVAY+}~HHVTr7PfI|e;Ojk zQ;Xm2W}?Kb(0JpiYEwBbYwW>yi?3{S z8Xtj_NFmbFZ*cFMK4%U~3SShfp+r6_i8pE&v@Tj(s5o1~zyJQ)F9d77-UvB4V3|}7 z->tPqs|w@ZW756`iWIN{!tbjwpWAlD2uG37oR8Fj*FfC6*hs6xAQ}oA-&i zc}>d)Oa?m7sYAuvM$#n>eJ1EJ`GKkVOl4qFJ;FA?)YmP`{e5i%6|!@Dtzi`n$r5dB z__4*5#Trlux55te1Rkj~PZMnUypLxs@x0+BlA!aOLnbj@jv-}4;lT>J*1?{&po7T2;q{0A=)}>84m0%gp#G(5X&^D{X3dv5Qw11 zVmEZ3R832M>_}-0FUpD_r>lRF_bXP4S}@Zrq5rC9u>S2G1j;^@;Qq46uCf@>v1MKS zK<%tdBg!+O1Hv;o8EVqD6*msZY>; zZH+)Ymee^e{q2Wut#S9K5!(-(a`FRO+E5anKq%{HGFvt}6)w}Ufmz>kA7P6!#>Gc_ zg-$|?zje)58guBY=Y(g$nN$DXc?hhxi$ZwJ(~wE_q{ak^^gxYMT4Y*0dn-<9K z%8CZ@XmlFq+0PrgIbwskoe9{Qcc9W21YpKLSi6ZuCMZD>D#y==dKY$AVjnPy(rCvF zoUM|b`zIz`tFrz0gki*Xi<-|z>zT=~+AfSRqgfxi+PDoxQO7u@=XKh(9g1=5e$(Hl zRK)nYO$&Q!cXXI_s{Y5tE3@V@jHM7s#xcOlo?6J^i#vk{Tc$SN!xeZuy)(`gvB|25#ct)1ICuPfx*Uw{x$Gn?fz=&T%NRQ35 z)VPKk{dU@gBb}yfiI%mzrzDWbjhC6~yT%CnYabZyG*4T7yfSC?Wl%5_Uq+Spq=0m+ zHpO>~DHsx_XpM|s?T+_xgZ~gFR5pj~q^yhji9EM3?x#Sw;l+AZCku`;3-73m}^UshoXC&gQ|mOx4w-hbzhzTRnLIE zkEuFyFi?<5%#A?2dC)_|Y>d;rc+V_xX$EQ-OEM4D@_L)BQ-GHl*q>e)c!928y4a^K z2E%}V?YZJD3pF%iNrY<_Eb#9A)@#Kx#Q|U-PPAx1>-#P-{3!uVabaPcx-XD=Mhhrg zZxF?6$-3|WSZH?xiqL>USC$z{OHK?~uNFwd!tmt2s*(ds2YyzmyrJDiBSs$-i^gD^ z$MZIok2%ZR&R2QuaLb9CM!thFJ0_eI>3V263JmNCn;B~A{)&gL_L!{pYuZhq3sGe@CXRYZBDHYg(Evi^6RU-U3ad5{pllzWTq>8`9guPDvsU9Xxq zten4Y?R@(LcaQmn!ShfoXwb>=do$N|5lsMEiY;|{%z5(NnxF5I1f)~?|CNQ}zy0Oa zv^$>2(NP7ri#bOQ$9m`eiN$qviqqfDm6+dm*&_wCcYs+tkX%_5J}!ZEdF;nw&{uDD@$)MHb8 z;(hE@be+!#6J7F7Sns_-{c(~fTIU27_b5QeUMLm9fw@^1>Kz$#q!N8-m5X$`!-;FG zmVBm>E6itbfhi_{lZ(DYuM_F?V4-=qkN=|VQyfn?*Vj#sid`-s7il{Q(4^ySVUKMh z?0`wmW%TiqHaxW+_K}*FA(|5V)=!`HEOEkTl3t{7r*@hBx-UNW#4++iB^DV-% zq;h^vS+_OyD;~6wTKobcLNI@+Wz!=A`Qe?bL}DaCBg8$V-UE=($M+N)ar=H@&l=#% zgn_r7VjO3*d|WnGxFjdR5P$c0Wa)%oj?W{l=3WLE#2hL=87aZ)r!ys-W`w*q(Zp@f zEJUvDE1RE4L}b2x!4tlDmGJ|9&W$b%kD1z`7-Eynm9;9!eWo!B8ST~?ewe3lSbjPI}bDtEWC@Rk%FmBsX|B{(oli$_7%K#Xhk-FcHgrDU*BaTkG@ly5T}&zid1R z%DRfiDARo^IKEfw4x`sAcD(R~@-0dHX2HQDVoF$A>dI)IHU;rqkPS zU$A(HD<;`Tx-#^(gGiUhALQojt3ECvcZEtnAIYt){~L|?H(mF?4AT5>R~o;6hc5NT zAin)0JZt)`SIl5LhNpn}b|DiMb00N16BC92+r+dBNapEmW$1%A(8RxQIFGnZQyZBLivcu3CHBgi-=E3vv^y1ii?zMRu^Ld7=1P^`bRS50-jhwuDV zu{cKIvhWGg!6T7FOT4~JI-VfbP}iCAOsm+;Q7wy8$XTw5^L&u!`^bes$i~$A<_Ep{ zxayb5o`7zQHv?v<5Az13;${0db73Il(=ftqfn=TYLDoWuqp_2_!`1(4vp8-Y^)JDp zg++|3qzU@_T&&Y6Pa|Y|fTSRvQ(&g=x|`lQCu?LyRg zso}YL6)<@3r(nFse1_5esVPF0NIoKH*}YT#ia_>OkT+isFgm^dIwq+CXJj<_t^Dk| ze{quz(1ZG}VOn-hc);=0H(%jPC|#d7)K9m>U`OQg`Yui=HDQ))tp-8_s!+wH1@kST zP!nEtpam#lQ2Oc_TB~xt35+7ET9S7l{Au3G4*L}VhW{w>EkBS@51dMiUwf*1O*8_D zSOxact;nqGp8mybjP0MoMTwjo5wwz?4%`=S{0a>HM6FtZL6!fU%pBrqeG)zB_W*b2Cg|OkJ7dt89Mu&o6mxe$e~nnP7{K++n!E z3;!7lF#4=8h@po$SkMVVoz0(I%DDr;a3;c_3N=3{G7c6gLqM@qlbx3!6p1UN>}}+n z&kp>%uB;lDEcNR7k3VJ)0BO;G@IUs?kH=@(Kv8*UQW-NXdm?~7yRf4=mb>QUZM4&AUgomJ=rtaPXEsQ25-jt<*%XR)*FkogY? z;E^xpiKCOmH&oP{FI*a*?FZMW+MefNmucO z=(?WgC4A5d)+6H+w}RDuKMw_c4imD1fYMgeoUN`!$?2l^gNZWkIXhfvd-%xqaarCp z@afBJe+$AmyAm3-GkfaRo?62B5<3t<(i9@E_wZkVE4cDB0Q3{ryFbC$e*S6lS)^^5Fq%kCl}%l2Cq}@pMJd zw2-i!qaAwWDC<_ww<`kknTmkS6@BB`OSx?DP$PNsyy=98VpH^EhU!6<&`q$%$B%%m z=-+H_VXwtK#(*ek5g;`>&9&-SdknC~68{;anl?9X|Mlx~J?7Ow6ar`t_16G{24M;@ z5+EMz;Ejj&u`4CTu*9D;g!a*oT|X|w-_C=<6~n+_Kp-;OCT^ef_~zpRAt*}eajekK zz_APTEB9{)VPJ7uV5q@B`^oXxors6_>v=CRVRZ7}XBezDAw|xXBZ7k`!+i-F9At&< zisv#RzIASChWrG+)!ca6AAMIs)`uUb3!k?IjZq#}xH{T7I>RPA_-8arI)*;zkk22Z zbt2jW3EOq-`vP7Xf(nuFX<8=23-)h%g^R9k1*Gowv_dy;G2=YH0M_xn&axnp1VVRg zv5||#*bHBB<4O#4Yw;5rmzL8OX*<7m*Ad;op zOCyf;`8z{}22S6T+0osvPigQdj;{a*TnxOBANW+M5AtJ(WLXmdiSO(4=f$;e8oj?gtOAs&>}@Q_qpH;$IaX3XBZ~%$jP_mQx1v4 zn{Kn4UOAY8nYh6{(9O)B>X_m`&~$_dxp)ExVwAAY^E-PLdD ztaaLlu9O+|*65-@A$Iy#l>`_Pc)R0pL3-tWR4k4;GzSc@G&3h$0;Xk-;m)D2UOa7P zr=TbVl9%8EbAWqG)qLoV|IaJ^pNXqGyyVT)e_qA^lFa^A^V#qJCcOP)9u^p}DK0I& zA)XcfaUtZ^WA%cn85m4b|M{QM?Cy;~G<&bA#Y$Jiu|>M8xJM(9;^#pP*ye6!@JWQT z;OC%)|8=}rxcELf!Tdj5bC2^wPWApD8twFdS9X5=IlSc*V%vgG(f$1JbyBm2y8{+q zd@x^p5};!7EUG-GMUSkf|8&916P_Ml@^_P6{#xzw!3&;xjT~(7|C9Bb{N(L~O>xsb zf{=boLlHfyI1Nk2eI!z|%tBF5*LiFkp5S7D2FI1!xm~q`@ww<3>dYh1_~6qM&+_Bx zJuC-aY>S=d9ySXva_c4{r^(L#?Af5VLAvN^mphpI7WwV-^YXnF{M#?g_`ABrMPwec7J|~V(aQ<1;eC zktnp}hOl5@TqV{AR+ZSW>ESH|X_0-=u)cAXaXWhXO>DKV>Swz4S<&3Pv&n>&sc5xv zPv$P5@oWY;llag#Ts=3eyuRY=%em^^J_$W>!miuA zzKnJ^5sI`wZz07UH|TkFz}nYMeL&Y>O(FA(4NJ3 zh45)2#s|!HXkB9h*1`jR-ZnfW7pLTQvgR_cXMEKTye>7@F|o*P@z1L`<~f!F9@NpN zeJh<_IY7EL=t{lNKb-_5Tg$7vvA(EcJ31QR0ZI=hUn%VfY3^JpHT#54nt8 z0W}$NMuAOL@qjJ%-kKn9ZM};WL@+}BrT6t6OxjdTU<&m<#WYD*?sQy|FjESOPKU04 zey`ulN~oTmA|J+E-aPhP)D^s;t&#R|1!(mvdpr1jbUs^6hVg6JC7tesX_me)l9#T^ z?PC?hoZm2ozKBJ2`!dKvvS8BFJbK!YF}cY;d)mF~l^vygsSznkm(3Xu#Gg8CpGb(;)nyfI12tQpq$2k>-dR)E!( zsM9yoDsyL5*x;0C)V3HYaC>!xSQpbeRU3`?0<|!h1A=c z=d^?KgfgIzgCG>uONy{7_wk?1-#t<89(zZ{>mAu0mUq#HFI$mC^?1RGcUvQV=6bfv zc_6fjE@zm+=(RKf>2|M+vexOcIBj1sh~`ho1I|_K-t9lF;A9_^w?`LNQAg6Qfm?4a zE~)Q8?WQH!y;)_)t{iK7e+!w~WH+fbAP=9fMdw9%u#mhJ{3_cR15*E;C06Vk9+`uo zrBe^|-KWPSVytx|v_r>HmtnEY50&tk{$g%9TTLqwMP)0T7#TSGOR3PRO}Or82C&PI zoVgmy-={PD<$16qAeey@4v)COCw}Q!J?ZQB>;Fjt8M}Y@)qm?6{6%~C%gg=yFFyft Zn4HTwiE~lgEFgeCZ$xB-iv)Fi{tuFhNtOTr literal 0 HcmV?d00001 diff --git a/images/IISUCertStoreBasic.png b/images/IISUCertStoreBasic.png new file mode 100644 index 0000000000000000000000000000000000000000..54e9cbc0c4d73cf2e184c58511828e04f23cc61c GIT binary patch literal 39043 zcmeFZbyQs4wl5gNf>sD_0TMh&a1S0q0t9z=DYWna2`(W(a0z@^kfLx3cXzi!3b(?g zurBhQd-~k-Zok*B@95G0^d6%|)n04Y(z)jR&EJ}9hkjC&!+lEr^udD%xbNRdt2}t{ zC<^r{!9+);aAc)TqP`wFtH?<{C>f;OLft&EkWi3#@Bk8xeQkt>y2o;Sr{(8I5$2C4~0KJGw+lxGeS^TzA{eKeac@?1L*;%tDtr1-TnP463|MJU0=$H|v8*;XPJe@wBIfL|He#rUc^>da;U5lu#fNhDR$kq9(y_xUNEP1hP)}`*As_l7oAE z^x|&OQw6`~C{e_C98pIs2;r9p&ij8v>(;HKSjTJN+W$s-u>DtrS9yv0k}b^FR==7? zr&>=9UEQhW`!sE$h#980$i8w=<@drIP7CjdenN4nx2Bxvo-8}t)?|wI@4Hwzd;-g( zXb+O9B6=3EW6n9anm9JO+VetBJ>_b`esG+bjHL)p*XInLuPg_RI6vZYn)_Unf$cG$QA8$&)QM0Kb3^Lgx6hu0ED=A9}ynHiz^e-D3*8IR?a)P?F;Q z0|xSKL+_`^JyD;fFqp8_b3jev5rbs5%f}YT-RQ;vEKe2k3&#E|+t0(f(wIubH|S~) zJfFFT97}O1t7nshkMe?E>0^2dCh3J#4ywvM-^zh6-jx4Zc_{MaxBJj=~9@l)nz zEKA;Z4ea8eEK7 ztJt>MZa9osoHGBAP`KFuJC+LGty@zjW<2Y zP9YWZNpaGrLff{h?8AfN$s$6)h+e^YJ9;a86k144dNdb#f;nV$pBp>h!f^Xjw&r3 z_H8epDW;Csz)pI;%uhZotQt9DXc{V1Tl8BlP|=(KqZTt%VS<8s2ih^rv@psWC1J${ zGLt7!;|-XkBdjXnSxLi<`ee#z^MIa4diew4(U67#-125cs-9<4HC39Ve~|la-Kk#x z`}{*Ond+ILVP|d+>5-w7oH=mmb-|ZHxqoJM}z&G0Wh-U><8`5mF$Rs)!>D8;Ud0#jC>c~++j2K7(q#FRqa zj*F+_Boc3e4Nt)JZbwHRl$SOPx7V}4#35mH!TCVikEb9l_OXc|@Ic{Z?c{OSVUMt1 z%V@Q=U+&O2Z6dpPd5i1bCnv+lzWm#X4T6n+E6>@|=IfT1#=B1gD%ana1oL-zYU+5U zL&?&ci!QSZ!L&q+c1B2+hzthx)+I5}o*6!+Rvk@}F%rsKF3ssT%-pA`;c<&z|J()V zn=u7>f++r2d@Nlpdv3U^5ly3B>O78fH9lDV;qkT_$jX13&(m|I@-tPGjM;Scx7%a% zmW}Z|*W@c3?+jigSUZ-~GEBbyxJxPKF8+=Dv#aI5raBEJOEEY3t5Al+C8eO+O4~`& zGERGyTy7^x>2PDwp@@n+Cw2qkQGyfsp@}g5Zin>9)bcq}oaT#vB=stymYwG(j9U zy_KSULsHawV&y88?Lu_b@#gh{Zszaz(}zhrCD@-w-vgR+n@WH6F!)s)cxK@rb$ z!KB&vY)*X;m|Co3qUl6=CFYj;3G_`g^mg{_Y-%*-Lh4kPe)~dfqv)ansXbk2#_6CL z*kiKuRrdXEZ~=U3WdgU0!V>KT9i3B6&Qgt^0*ii1)l=~JSOakimUAfSmNoP3VI!s? z#;UL`r{}q-G?53|E=5gzhb*}mmSOGHp(jA|*ZFlqLc5W2?zwOtdnz1b@L=@ehs z;|;&TRA*gACb6+|NXc(&nZl6FIwOB9^TSb_ZOnQNrVaiUu_3<&E=(!UFq2ED9tZ(% z^>i4G;q`IYO$)>I03=?XeXg%A!1vyL6+cy_(DgA;bh}?w4iuFXfm`b-|I`U5W?%;q zvNm6F@ZO~mTzqy!=3O=#Qk)SwC0b`Vn#+8#Bgh3NAvSKCWXz16k`}w*u5r5v)r@9$ z++n)aXbe>7eX}Rd^^hYnhLDhUwXF%h(|0smFS}lQ#BIiXT#Ay|v8g!M*e|<79rb+( z?z; z`K3rmLY1P-I+};wrljqx*b@n-Izd--ETEu(M~|5QY|v@v?w&CP;aCdQe1}zEzBZ!+ z4jDXujcw+dIqG^bnNf4)<$8BscNPCm9qlGFVs`GjVV^XCuLDxQ*tHDyk~1tC{j8i= zN-<*~n5%X>)1@hR9HE(aZuoBHN!Nu_QoE3+LnPd*JHx673P73ieG%MAz7M?iiM2%4 z&nb&9Hz49S@(p@tCC1+Fmn@FA0#4O}c=}@C8{)CHo8jVEk)wsj(T!3ElDeEhE)Wv_ zCF+`4aE>>@ew48J((I|k#mQ;VR3NUwon?cIR)Odh*?!Zx?Cc`Try9if2C`3LbZa@{ zPg<+D-}&G}aec`-I)w0!uBvZtpxSZ+H2@I3Vl-{ES6iNvlE_K^#a#lmYl+>lWVPor zaBjFJyH`^7orRt+9$2p3$rCz3;oaBt?6_8<5sHxwXITC=(lDaHZX@S@@kBIuN*wUZ zdBB0HvY4vQa4GdY2+=LV#(C0lV=QR4m%iT8i23x`MOO;c_{2=3L*&dBlwK%4h8w#c zEi+6%vFL9zB$3GJM}Q2UdPNiRz@-YZ%}N4_3~kRa8&(b|(|b==20sfYsC@#@qX4c( zBnI7hO7I@920%VC8ajQ))Hs?+H5LWoQbcZjyqX3Zb+8kPUDglgJct(g$`4CtYgI>> zYsyxxx}82r|4~pQy(^3nRwz|oU;pBmqT8AC>uJ|_@?*L!b;V{x=ZPB|SW{_%8ov{v z@AIhfY*b}6slB3|=Sb|j)tCOq&g$EG(}O}^w*pPM#%0fX%GW7}A7g6Ezf_{ovU{ei zl*uc`uU$Gezb9Q=2-*Tq-6UETfPQj70x>^ygE@yZ*FgKyDc7k_Rzfw+#bo;o6E6AJ znKTYXm&Zqbjz=M*KfQ*cFN7E|l2Y8&+_wa~@3ad5NH4BNF$1rab9d)p9gLhjExitR z10tdQ4`+t~gJ65yTuiKVI+sbTe2eO0iSKhFPdpleXwL^aH$y4Dd;HZ8`0QKrbcg85 z5;y-aNpdUZW?I{MA!I+cUS)cxh&?U%(#C7v>Z^bUfrQ1G!OFpuuBdsJXRAi7v#wCx zGC{6*!mg#Y!>34(XDv$S)29}+)X`_b`@qZJkGdKK4C(|M3k4vXy3SOBUSty^E`W!( zf?d3ca_v|>TxMmHstl$qj2IFozIs>5GA(s$BYH7f z5TYxf>03Aq6M1^dh;eFtrwU@KoHP^vywoIqooAiGzUYL52(hb~Jd&S_9v|raAV?pO z%bmO!8j>%=LrNY`VMOlzc}O9s%e+Z2H?U9i!|_Tqlg-JOJ>4?q@+NqIfT;ubgctqC zhS|F($-lL!NKR-p{33rhq^x|iFFAs?OgiH8#AoOoE;6(Zt6dokdibSy?*%|;23v2- z1Z=w%nr~Z~H91d_+J(r83;7lcdC{G}etTj1Ktm7Xfoid|DkKqGHn~f$u5jt;=6$ul zv?5CsDhj!jNGLS%H8|jP;ZX_X2^m?3PnU@`JJD-yNAZ=u^=J@XNZXfNJS`pCtXUt{ z5XbbX%NIF>p3(QlTdR5K?I;P=WJ;~^-Gm6coU(^!V?Xsi81$26Lg8+>!0pI8%c9SI zpzC1Jd8EzRQvTK`nzom!OHxD9Fmolhb$4#lVehHo+!=f*g`&}9+*fY@ql3vYjGL*c zi%OJQ4aQ%?&%jaKBs&3nr6~JpXi}&b+T6AwAy>R@@lC+(cVh}U3&}+j69zc;WTMFq~i9F?~&U+C8`U1yajQWO)e;m0KHHZNp*Q z_HhDkZ`~ierSqI+sJW=%+Mo+4?_vH|!ZpQoq~c^~A1Hf&4{w3A>oj+5E5mpP<0^*P z!5dnQo&NMl<%aF!&LthCD)qy)(}SVq$y#i0YUdL#9Et!9Sb>8U<$?_utt}Xzj*$*3 zHGbL06)EDBrw*#%HxcK6`M|Yb2%L4kHIqFi6fg0a%Jr6hH<&lA;UO^-S>s8x7AYEW zNzH$Ph2L4z5(V?V>`pMNGb(XaSW%1fuENF|P&IMhu$EuL|%cr>b1j)4_BmR>s_eMZ8m+C{fZsW))xdA9A5l>*?6u5>uK@5 zGK21KE>^Sh(1Ffqa_1`>gfLR@#s&TBbe|rtyJ|xBNgX0+>7b8$KGhhng)wA|<-65) z&W}EBrq~Edz#C{=Z4{U2@poB!*flD8Kz05C>Pqlyua8@R&gSzjIq1Pf-Wb;z061Ll zjh@74;4zS2K2GJ&3xRkkih+ELkAZrtf)1gK-)ET;6n12ru9KUZs+6X z9UrF4Bq>c~1t4jqe6<4I?E=5#i9+*^N$UmAhn7+T%g%9v|?p^VThpHT0Xcu+1?U@Aa5RyNjQ!n{p>iwk@wOm86D? zVF=k zuk%G(esBC*;;ll%IBcMxT)fhXoz9J4UdTEH3A=qaxkb5!=D?$qL1MY2sT$ZB!NRgP z*DYj&Vhwx|;+n=fS!v*NEQ2D(9`QyUec9tWs0Psw99rD0O3c*PV$M)d{!*sLOaGnx zUO23jBwvJY{WJ5K19MwXKZj#cXxA@GZ&|~$VAawWvkkv<3trA0lK%QVJY9~h{|sYe z3a8g#kiaPCZk!opu@!hWRK717IN*FvZ?q3VJtVFky=7vGsr;)?3X^m%pX>|EY}EFr-->eG!PI9bO?mT>5Lqj6+>I%(--LTvukr#_31=-KU?($n`jp4a|vz zxkpzjlRL$);R8;AO2dT1YLlhtryaw$u6IA=dGUc+YyR7a1{NMgGJpPcmS4)-;}mdp z`IcSgs8fxaO95C)BMqWmEl8FhQY;c|arK7h89=$szNQoK3T?XSoFa~AqG|?)hL7*{ ztdW;}6Xi@t`K|f{#^!x+?8wHZ_ATPL)u7yJf?c6K<+yvI{}^NDP9*(W)xpCHTiI=B zsGTSMi;~)@9@^l#U)VLh#i#XIG_fY%M~`PuFE)rHh+U@ zi<~Y+`mf{#&Rmlk%)w2%C5o>E%KA(V-0bcoNH^(oJu2npcT_2_ss<}okFU3*bjDr* z+VQ>pWAB8b%cp$NGt%`zAVY(T@!DUKz8D@D?Lrq#cYtHs$zKLEBD*ZGt1S;*K;M+y zS7LDQY&CMdcKxK?BKbH9zT-!feNdN?HP^O(;9Y@#TkSA5&@xeywYmzVys9UCwIMSs z%vcquzv6Y-A+>pDv*r=O%gd!S`9qSD@OXUO^ZStXyv4Jf%vch1be18BqG;8hBNDgo z+ix(!loU+m*^5<9hjkk5v;MHt@sC%%+ zq8KUD1{l_(k+~Yq;ker807UK_m%8me;!xr^A!AZx*&Wh&MMq~n9f=`FXDxPw9CCGl zzq;h_TU*Szy*S4_Dk9w6Zm{)7G0&HkZ&i5#yj%5HDRBOkA#icaBQkQdj6)^9L;gvW z52Z~UNIznidF@Sm){*obIq7l58;5z+_A#gtS6@;BwQR|!KP$LUl%^w}>x_wYOo?Cj z`zqwxYc2+X1#P!IHR$NF%>RSUE-gsDXS+WeIle@3P;_dfl&A_q-Vve8-QTKw`@>!T z|JnZ-mUv>Es01MLjuf&LsNgC@f9C6~Ot!(GCl;K2bp*U7W`yhJLB#T@W-C!N%_37E zIne%Cv%<@saFF@NJ>XhAbnQyDadhg<;NHj9z9C%cA-9$C%4oxJ1fih_P>Z>NFtsgr zW7Q4l!|!&C>wDFa!dbPTY0ILH+_C;$pF^pyf;g(Osebah?v&|DEA4Vq@W`y_uFLKe zE+OqQXI;AlQhU;s22A7xN~YPf1)ci>-rv<<((F59XqdE?`iCqy>9&u}wTnl->y6=X zqqCY*zIp*AN|5=c9yF zAfC20CbM?Y>2gKue@{AX|Kdk~Z-|{N<etHQJlHJdp zJa1@%5MBC#s0N6f#OAr{L_^3#XK^Co{9~$kBew*O6C-zScOsdT9~L({cMDk#XX;rvILK(ajU1jF&i?89f9p;x-IMxcHM${WQvZ=0V7EK&hgd6_!^V)MBmG^_Ii+k6Zd>;+IM-1IE5y}c zPf5JN4o}vjFZa!BY7b8=x6gcxx7-hXT~n$%PK+z}IL%Tt8;{_|GqQro)_ViC&ZXs_ z$ds&-ixUOqU)#^VTs45#v8g}5~}IP0oII8kQ16T z8`}8s{Z5H~{qtG0{M*|B%GGdpIyX%=H+A+lnJ(|ogU4~=d+k;b@OWV<^0?AR)~JU) zT;+vc=iz{H3gH+jd()zk>h4whUh^&07GbGX$8(&bc}D#=D;1+f2IqAU13E7H9te%d zIl4Y!6G=8q+%Ds1o7t|9Ot>3B7P2<~BK~UXtC%*MAX`uYsW_iUsE>E8Zkq)e@WfF? zt;s}?NMpzdtc!6Z{A_^<5=~Xf@ns%Xkywhx8AXC9oKL5qG{|?*-&we&$|eL9nAkgyx_;BMlT5;ZJvMr7RlkPDc=SRb^n?opgi+1)oo)-Ht@;>!F&_ zTm+s@Q?0P=Pd@}?;Fic1nnYpeA*aAMHt1TFUrJ)P(|*MgRZ@W~`s6E)A=tuJ^x){GaV8fiuHYn+Vn>m z58u?{3?_riBu(>~I|NnLx5w=QMih3$X4giDw6cWvi++@5Qd8fmM2#Qishm_9`90r( zH)Sm~5zj@{8mG-JGG2RSD{wTbEId+X7nd(OrgE;E<+KYPxP5Odx|LbpvFGYtGEmk= z%|u*9=+!W4STF`p*d=^`T7pt1evJ0 ziOJJT*DCPtPIjvsi(P%O%@osI6n2^T5HaJVb2JI%&fwV%-kdF$pPn4JVy(w1M|>OJ z8?P1HQN>jhV^&a!8dywbaydknw=!UBiu-2t9 zC)<0jw75NOzk72N=Tp>LCAV8B1WAq8iS$XKC{?k&QCZl_4Lt;>Om$ZK(a}|E(+Y&q z+(7jlQ|-E}x`wnmwnXM86)5Z|#`tF4c8M^mNuaYrL7|T?_`Phg??|c!O^9dt%>B&D zy9t>5BG$aDpLB&~uXIgU7VdQ@jj;j!m2P}cD|#w=PCrzP}LrP=3#N;W#4sWin2|2gUv$`&s6MP(H=bzZ;7 zZ&GqvK3D!ep1cVX-qm`ARgXKq6<3k4_Sr;vIsU>FcWu=gI0|s3`>WfL;VhhZj^z27 zT}8T?dR5;}t8UtRc9<^j^4D736j{?Uz$5-iC&ZTc6rczMcV+R@-*$xb4%2 zyfE5EL!O<#!Z4vdS&Nr+ybl7^m6C(=_S4lbWy87@i1=S=NTicn(@F%Qfw z+IAq%QFu^Z+-qiyFlBcjM%1;9YkLbTvAoBW23FB2cFv>d@bHYCCVW||`MVuYbKQ>< zJ4e93G)?cv-|mQ<(DC`6(Xls)Ka9SXw({h!HWfA#t(n)?|QcOyE|G6AMRLxAtAbxZG*pQ^qX){8YIT>C_|&~ z+s5E|IO+7MOi|Hgn(4-J9Hy|VRIbl_pmCiBa%b$)ucJcjIpPkCsbNIikN2Fmg4gX? z-cCf!5XTePf`5ZKpwL|{!*U^!Vxh_2%&!Q3TSCg9$YCO0bg74E(I8&4zk=Gkc)#B} zQ<5GJ`H3Gz($uvDmjljwQ+C}Y;hP*;+X~^F?2kOwL+nLd?H4q!^#&$^fDqj+<{r6L z9H6Yv1)b0pUZC&1CeDs4-r`j4T-mYI%7)8{V39%m1Go`@sZltx!DfAFO&aL7u#3@? z&Dr>xZUtNC&?k}{cgDxT8!#RJ1THRYY*;GL{W?raa&3Td z-`kx-pHj3RcpMxeM}i99aSU`p#&1F_`F`#eUeBj#J}bw{<2Y~5?>?MHc7E6`>J1_R zdZz&7_IRP9oVN4tNE5o$7A&1d>ai%y$n9yV9(P!9+)}Gv%Y|N&Fk+YGt{w^Q>Io4) zzEXJm!<#bN#=Yv8^#wU@DD}uV)|4O9aUw_8^}N(xw{z6 z5Y6^tfo)O^n80C+EQIg*QD+j77f`vR+DjDFv~UD-sKKjc?0Q;Pt_~47r1MP5z`;VVLaxE8ow(#a%pHUS_SIH6ss2m+5S_sSnyx<-6ue zLKf?y)`Yoa@+uQ*LD3z^!SX$fBW--+t$BQ92ip$Y>X-7vr|mxYC+!D|6o)=?3F{6e zw;TGl*A^OV-oAf5JNZ46l2J$9(V3dP@`5D1A;r@KQF9e1%<7&62cxr?u=wW4eLhg8 z6s;zJ2eRfd{Iok3vRtJ4CKn`_+_~apztnwNI5X|x$fnq|vXPHUZgOp%ZH=HUx zou+_4f|DLLgjnH^N6NJF(}ggzR(E03eT}%Ih6rhe&l1vW_(W4j3-@Zv%5B~zV)W(4 zlorJd6dQ|q;E?AIulS8k{>nE0ZE)}bXYS3@^Hb9BNJb%()uV=Yo7U~qFeeY0QdpKuYhygAN0ZOV z&k+a>u{k-{!6qfnF1*IsZ3!o4vhtjnetZ~6YJ6@djqou6W?a};-srb09^U>g-oAyA zf;nnI+3 z27FE&5Tm_kTP9TWO_xoKeb6yJ{locuFg3nwF`ny@VC1?;A{+a#=lPejbj0C}ni-|m z*#OX6%~6|D(;8bhehpy$Y0K<`3S7kVx`)k_~l>UNz1cAOPUgKge?+CcaH6q^6K zrpE5+{*{l$t{_#g(fmwkNU}^giZaMr2a@l|ok@>=B9wR53YV20*VVpUC#B2MappQU z>+WOxSyR%9w7L(w8wln7M|_>l{}$!2mP^w$CajZPZ(SFKp%t%jACuQk{tvc-H!AWS zvWI$&2o<5HJjZ35-*mLyS=xCYe;4w3IfL?VjzbgvzY)pzzXlqz75kIlV4>TMu`9leO4Kh$w<B^q2S`hqc;eKh|Z_(v3{8Dc%OMK8|TPUViAr7)~>zxu{;gL9Hx*(Ai z+CHWhkie!hG^Vq-r6o}LfQaLDMp1w=H-O@troH86j%!hv22xm7f*;NsN23|JNu}NY zK~e65r_iM0@wdwM-*NZhqYI+RuLXYEYDM|mmxFiA9R$G& zi6JSTiDo}cdq4RDJUWginBfxoTCJ{nlA0uD5h==FW94KX>|Sxs%gnP1;ZV+SJ_f`9 z)D}jgKN^be<;N8Dd9q-Kss;jVLz*k{Nnh?;B8}e(ZOb)pStDb z87hoAN#h-T>Lt(icN>;&&#~=F7p36ZX|a{Q8)3?oMJ;6)_ge0N?8@h8!f-CvMgVn_ zAJOs~{#HV%^a)ybpEpOWHV?q@*@o_TPg&x8w^Yb_i`6w{v^+xJ?4oNny^~rQr1Rpg ztgoBfNzi{An)ow2@m_RGmdBTv?pPwco847c1)SzP%?y*B&ddF}u{AxriIDL+rRJ&p zJiVm*N*%OjW$41@L3BKHkAmKFf7jl9h;Q~JovDh`OJStU0_pbzaoW0}577 z{*ENJ8>4d7_>)vg{okTn<5O(s zb7TTcwgyQrf?u_K{)JP@Dl@6;_cAH&J`9--T3o3c39rSG=I9MrOCG%sewB8Q`-vSz z-v+P`l{=|p(7m&$EM}Tb3b8_eOo!7#N*#k!t|DyZJ4F*Da~KjC@rBk@fNs))mX($q z0Qf~p{VaO^W7MHxkIc&F$2i9IpL}@UD9+E*AQ(`!Wg#nd9bG19t$XA_-ZeNqxzJyO zVQ+Anuj5?)`pcm!%vVtJBH>Yve4H33>G4$Vi<`Z7hHVcuGxYr9;$DYP#C@X*{?I{6 zOlqJMu-;MmPD!!l?60?p=4`TxX8HF9B1>nojK2%C4YBkmi5P)&m+2~_e<(Tdd@gV# z@#crPPyp+>jk30SZrnp{4vv~C5{`LYpt#8LgdV*okK@i0-CBlR)wt*)8_%y7wXC3#*wWCQG@_l07@?$1n_6%$aRMRL$-^al>gY$1pOY8d4~ zKK3F%79-?F7wt=-1UmTZ4axP9DLdt3uLe8$4U9?0)_Zw~}D>fH90Rz?A7!tMc8HY6_FC)_#h zmnglMegS=ule3t86}Ygp?@P1aaGrODMt@)LMvU@)FpY1;M#&1d#a?aUR2%F=fiv$% z$Loy^bC=!Whxp>x1Z{Mv(v`7eAp1Murj|8Ujf282@AzMX@RKDb8*(}_ydrMYQH=1>zSX}cic#>X{`tRHQcvp50cGCbi{85K-$pRU zEC9az%5usc>u9Hum_1|qtDutjBfB~`V~`R~gythS)|%v?5M15LQUKK&0B_1jg=?yePT`%(t>kK95r92WjUGUs|^WyG%K4SN4 zA`rfo93Osu-gc3g@Jl@5YxZKuZHZ`RFjihTRY$xc&Cuh{leZc^JrZwvJt@_!UvS(yiy9kn8C};HZ7!4E z>mcdZnQDP18(ce%Ck;jdX-txt-cfL+Yl71xnyUTqj?yTnh?3!^Iub0s$i!heu?+~7 zr?|scw+a0sd=sC0AyEEkZQ;CP&;+YPya>WQ)j-~lWj?Qzd_0CyG zL5ni%bhq8h?$7u$^vE-mCvgk%3P5XI+EHSfe{w&0$~G}c^5)zYPS%dQ^R_);c;33sP2w=A+_vOi_gTxl3IAtFZm1PgQ@0olZu;qG`DYtXJFwsQpHip-4sHNm z_7bHEC^skHE1xXlm*ollhW90`+bZ6~2J)s|K$~Gzu$vb9vvw~;gSaa)P4vE3?!shi ztC5^<+}#S8Spla zvO91s`AzR@R(}sE_NRR)B6!g3g{SgQLh)$S2yE_;4Kgr+Q{D?Y8Q^#RR_ucSp?D>G z@hwla=t+^Gtdg@ND?1LanMS|9VCQ-YRm>_Czz78vLKe5tcdDsLt1r~#Pn=26%wJw| z1e*OtGMJ78=xa2|-0~A!){AnvxjkhNv(BhU^Fd~K(Ovi9tco2HkLF!Tn1F#eG9xvC zAxGs|mKM)`+M(DyqT~cVW3LZFZm%#}MebZpwc^g3pGHfR zfB#YcG#r)@O>jZy^nPzxvqLR7{}uQ0;qsf8DMh`_AJpTF9;}BCea~phGQcCg&3VgA zn1hegd0ol;&QJK+wBv(G3yl}A%&=F`&5VLml{5{#MX{1erszZk(dJ?w86`tV1rsO{ z_fCQ}tM)p%oZW-a1OFCJu zrk1>|Tb8+$h1H2m2P#R>W9d(0Y@LhzvmHPClNd89r#s2v?TSD7z}Qc^=aLvh7;(4A z6Y_xf;^Z-EGZnTyomEOMr1Rik+On)g3b5-e|Nm!*A&V~ywJ3xi=|=^eHSa{p9g^a3 z7Kw#^Q9A~VYRcLmB11!CN*hVS3=h+X^B*7RjShR&FA0|sgaTSZW@e-#e|3_?u&zsN zWSyKpm6#`Fs2Ag>?s4d(-*VvBgy$bhjnBS){u)=tQu+yy@@mXgLl=3~B zpV%>S$QiFqekE{w?946Xw)q8xLqd%1nT7ms-J0j8Q;SPS@vIjUCXKzHHh`XvalDZP zs=E_~9zWRc%j4Z|$BOBi4Ha2mO_s}pQKGbE+{9mHxqqk$?cje=+efmb9t!j+dG`(1 zj{et-eJc+MhWo-Q*^_!q`J5S02;#Dv%Hy2p-x57Ca8nBY{6C}LbkG+RrTX_7#!9_^ z8^O^xEr$osDo`N>m#zlb2}-uDsd+U1ReHi)^^EAUZ2pH|ooFr6fQ39fsi@Y3BrEJp z3iwtNItM8>Z!HxI*q67c8%h4SvubZNYTqjC6}VUTE;^PAOBVymFVn_MY#kk3e%??C zXD?#!9H`BLPHMWu(C-_&z@W`9aBKZ?1)Y>j*!by>DyohxC$m3zX2A`W<+dCAtxnPC z<~R-La;bUZViTNBzhS7l_P0fGnL|~<x9?AiTp) zbvS!S^Cc=i-pjY%6ClT3-8$_`>(cb>M!$`785QK@YbF}S!uy@%u9g}CPUQ5R=R9%z zgPpR7hkv&~juTx4kTA|v#pkr2#JUa{eM6A__&Vnu#+q`1vKpI<3*lc&WaT&MGmfY6 z8Z!7L>#R8@gCUK7r07*;x!@t#0I}ds&=!Pb_4#8ulT*_MwC_+18tQ`5|6d$ET|s%b z2v4__2EISzANx<#s;4Wof)dluf5Vpl6H>VC&tstg_CM;-{^#?RdUcr>{aSn)e_$%z zzrb8!S0vf|0-|lopii9V&q>*033IN0N?`#Ch}U?pJylF)G935=oUnh)d^G30FTt5F z@3yBUSe}*A8D}rg((vJfOMexPJo-H-VeK89?ilf5X!Muf#9KqdZ$8;#CLz zh)tA>Bu#1<5+XB78?FM%X6x2-_*$#GWrv<)U`}iGD|HH!6bD_pi+5-vem}zhPM9GF zT$P1SztqG-vc^f@BTla6>km@qZTg87MMQTYP5#|YEm{NR z#lCt)wRM==c;?}Ar z(4KxpBX>}WNJ|R{ZD8y6aOP5{fj;6dM57*JZz&wQLeW-51v=<`?>JIL)i6KCpd-aM zl^f?mOuosKiZo*C5RYS-s}nwx`YBP)My2daZf2;U{(MiqwM;?IQRc}sT_m-`E1A}* z4z9(%!Ec#5hf^2(S&5ArFJb!6@EnxQMdQEywMHi3q|mM}NW(fsR|f8c>}J%^tyvfzD)$5l^BTKcv>BQbif4@tifO_uMOAj_tj1yVw?|0S*y z&=DTNq!LDc@=id-Sn>-jM)QXV8e#fmHq&bgbAWtDvXp%;Kx|p!&tdpgp4V=X@PUd0 zYu$xRuB7h-l z18fdZul(i;LoNud#+n2A@PA}Y7Bq`akDU53cn+ut@tUILjqy6_JkK6R<W;frsEKNxTYGeUXwQgPvp4>p5^tZDw(_Fwn- z#2e$HwH|?Kf1*x00OyAItUZXkaV5$PLZdhKU}uXrDkNsq2W>9U(6V2}+<816W8*Wn zU*)rum6u%I3^o#-Ygefa*-u966a-99iebhw>>QR(IJNC$z29p92(*xN_S>%R4>tE$ z$kI0JG2c@WP65OPz;Q96ZwEg>Y%oJv53_^1@6pmyOe^^DVZ-!Dj(EX+JYw3NRjW%$ zrq`08!Fb3SAWBY%X=TEVu2q-`jYh09esTmwRJYc&t%gLe+|1CJN$}S+g%t5iz=IFO zMR4GwX59t#gzMUZPpdj#2(UaxTZ~`&YZ4#deJbSAEjT)Qk}E3fz~Ec&8*L-l&xgmV zz6VwY0Y6l=FHVoX%CZ&KRr6an?4(FOXWr>JdXF9vjrW$OlH0FRXvsQw8{qhY8nPow zASfFgL_T*vkoK~DJZg0pbS#%r^1FuZt?!SNMF1fnGYpi@=oaSH!N*@WYOoH2oSB0&L4&c?%{= z6fbkjtOLx(^g-5m#Z$cZxucZBcSxN*s8sYv zj8aYZY_aFqcMg~^WEzfRBc_KM#@NnCh#v>w(8g`N1UUY@ne-LR1XH%XOS?aMqU{*U zaOnvO+ai9|O7JYO$arLt`9XF%;4b_DS-bi@4eC@zTw92=S9ayU*i6AMu3puS!OR3O zCD(s^;xx&R0`4)+mD2-Uof7(bmifQKuuK7ZCl=h#Cridj{e|0Vu(mvIz1bbW|&`sL0s>RJ|V#OA#aN_(tH zsM*+5WXzsN(FB%5LLC-^v*n5?XFgtK!}_@8Fe4*n1R{kYa(y6$6OOWrxs2GAXu4wv#aZ03WCdFixH?pi(ee%9%fCUB9+Ze%j>$Dcu z0 zS#iti3;Qc{EF(Qixbd5#^;6{!_VX|wjQef5Q8`q@UCx1S)YdUenq_8!vKdd+iJsV? z^-rhZNB=>oF4fMcT>sqdRHsQ0NrM0hg#_M~?E##keR& zLs}X}w9edjBYZiE+BB@-BXH`gKRlItrFu;#2O`BQZL)5{Az73z! z)I=?YY-8!Oog<|dx0bIp!AG1%o0PlPip=-^Gc>&Nt>bQhe|FuAyU#wnp*~AG+&t;8 zWp7EvalAimIT$6_sI$Ws@!=-=LASckqI~I*b!T6w8B*EZo@)sCh~SfsJ=Tl&MU|9Q z^;^c8Qnc0hfSPX_k!fE+fnJ}$m!+1z00PcEKiT9a#=078Nv8qpw~zD}bGqqaE`X(* zra0w6V)*3-TG81ba92D0O5}D~86s%-aYQKtQDYi1TSRR0`z$TtOMO``wC6yr)4?jO ztEg?{JZRY^3)BBdFiITdOj`I(Lpg}sgnGH4l6U+1FI{+zC21~GyWBQ!>H)KAUJ$W} zQ`FwG^!Qn2_u_AR+-seQdpWGGd;E{hnM$;O^N{`{PQC&q>IhH!?DL!ZokHIC>o1am zQws*rGT}UKidk@djT|H3c^c#cE4hZJmFhxyKF*GXH$uZi<~r%=zcQ zpNgkqF6I6sr%N%-7v25*>fm(h2w&kIfiH;u>+0J+E#+r7s0|=we5!eTzkzL+-Y@*- zy!)Eo`FnZgjJTlYSST2Kckg&L6K0;JDh}Q)aF-FEnr^ zYfBL;ISyHID z9u|34)y+yt`ppX|wYVNqkmf))G42|;Sx$R>WiuvP8z7tKWCQE_7{{#lpTJN&D_Z`L z!vQwKX+}+MhrZpI;=IOwx2a6>6BOABY(YQk6F z=aP#8g%MktLM4AznNwe6a!goy8X=^e0>3;nxaX&cVPU}b3+8}ia_~l@Pp4jwsoXNn zC!i3rP2Q<{?plVD4_C#20UL_A`kRAzWViZ@f{ke3vpj54Cca_ER`f`rMyc-hwS~)| zvWEtH_;_)Z?kvSRF7;X(w9@EDbZo}aH_l%_V@CI1L)T;c)P*XU@EOIKReXdZD-cXD zjWq&6gG1GSd8ux<0$0~btAREk_eqHviCr_G^kLk<)vgd46LTPGo@*^sh&(%`1+Ceb z*>Y&uZWSpqCW#0oS~^D!f6qu z-HWzQhnY|dZI!_J+9G)G0c+SIJ-Cr|KIl_x z&o6yBK#2JF6o|~LQ9vq9ck|a<14Cnun>EQAx4SPb&;IaxxDON#u;#y3{9o{Qv)=Ic z)DkRtgc#lsUSh8&y%maGzY^WFVwokj$3$A=A2OKx<7=BJHD}>sewR>FjD5*FsM;ai zuY^bT!G|uRu|5BEUS;SGV6^R#8L{*_7KDq$2g?MFNNJ2powWQgFiP>Iqeft2Neo0V zV>Z_z!6MTg6B#Nw_O|FgK7TGGoSMfD?L$F4)*jSzmd_A&{jti&_Y<`QIOXFRFb+^l zHIz$1ALm45`-h{g5#J;?T5;F4U_lS>sSGq_|5h4pZ6>$t@@L9xFF(5ajFJK}epYMy zp(-gYOt|P%BGJw^wBo)n0g>WiK3(selqw2pQW${>1TxR2^RP?k`brC1EgjYtx7Fw0 zPY#uDVEU{kgtyutV0g9!Jl(juyuSX|TS}>#_^Y?-)v7&vWsXQ(#vFpVpJP?*0$4}h zSK-8FINu^3ty3|(MYVzd2ud%M!70uy=eIh^n6736<%_dQl1IlhLev+ffYz09rTF3r z2?*T-#FS+J_?;sg4}bs-KBZtrYYTJ`k?$&lC1&XahYeQKpqsUY4ojgLK^OjLf0WP% z2K*tgz9Xaw3Cd zT?HjldO6i!y!kxE4mS=lroAs zs(nI?z>W{!aekO(Ux`O2Fm>_EEm~CyK}719S{wBfNz|hj>m0)^y!#k7|0xCyX*(I6 zF~cn`*)|FB2K^Y+VxQGk%o$D>_|0LZ_0NFwb=wxCSw8ZUXum9(O}APx7VaeNw;U!f ziT$>KPAC^DcWGtlrS1^Z(7DrKP|ymQ!P~m2pb*UTE|%sjhbaZ*K9?|Dfv(HM0x!15 z1tJ?iXw{KiMIZ*y5qX5yoOw_O(fu#xmSZnaC3>AFID{Wg#jGkRVBm$el7NGe>YA>3 zA$=*nwDXDtP8HT}?poK6NmfHW;@xtged1jN&7BdL+I2!49!IF(KH{Cv*>J4GV0@sl z7i;JN8!=|asLjL|vnbM2Cmj)$^8G)%m=z5Ucd{X9X>V*>f?~pE83uM?eum9RY2H*N z%}%Z%gN{>OGm&68B0TA@Em7Q4ewUeT;VTw-2o{~|g|qYG0Ri2osl53l=Ifv&otLGn z`b(7ateEY&5r@#0)~~IZ#@x`$3E+1gEh?R05}RXX9_xBO3~lD>41@;?)D6~e4kKk| zM-_Q11A0o?T*h!_t`Jw`o}sMc%E9Bvb< zK05rEvYn6dGLcqN^**C;Cn;It*rJ!(Tfu)2hYA03MQR&Jqweok>rebg-#vr0X8KFU zyI#$R-u{QD<=^SXi=|?J0l8RP#QI~?Lt2&i(s{bpD(fjYDP>(yjAZ1fD$7Yw@vd#9vSr9r(~T< z-_6)U4OS1O+qY)Go84tI{)U4s6cBJ6%}F+WbEs<1EG(lOWG3{Hc42YTRIXQLQf=9f zxJoT7dpv<=+ulF07s^(^AYRLD0h)X#spdJnJ@$yaDVj@fIA`D@-?(S6`F$#xU)upk zU#pxfTHB@#korm7|slRpL7v}`-}II857gZtfuayg0= z-Dj^wc7CAzA_=z{Mr(Q0N6SHW=r|FdsYHW|nxj@TcxYc=)=ScBifC!a6&p*;l|_i$ zb9pgPM~PN{(%7+spda$lpLQ8Bmx`qaFqN~zbFe6S^brVeHuFR;vt#;onuh`kW2gPceKLNW(Sq%7lP{)vAkV7S(f0ASWA;A#|0rRa?D| z3467G8fL~wn{hOGnlBQNo8Qd~;4a{8dX>ghOk=jhD*GecUeP$v_TlQmZhy3e7y{qV zCLW416L?*h7360EIh&UjPc`WBH96cGVaC;Z-3Z&kG^Z%Enw!2S@=QrqeMB2M&j|kQ z_2tWmq%a?3;D}^r4$>I_KdzTq2ICp8D@6tOQoFw2g7@e&gFt ztw%wujRtE(C_D}t3j6S3Sk{Mn4K(1^Xfrby{rs5P>3$GiZ6~~lP?ot*RAS2E@6HKm zCXpeT%jb&H@ynF!-CEs^Li%olOuMGMD(_kf8+ohq=F0qASJ%#(UibH%Z*$W9TQLTk zavUa*_7>+HAaGro)8?G!-| zm6(J^LRkqoh01u(9a>7@6DQbFWgos*zGz^(MOsW`XTJNCY8@gLVJ;&8@9XH5zW@%{2Ur{Lw` z8|jyb#24&KB6hBiNQy!OT}>vuu+j^B##PJ0-z~st?y1^JLEQ2F7Ev4Jq-B1&K`{## zosg{n+2`|i%>7jPb&?X~v1$uyQ$CirvN8BWr`k!@ZXQ||1ys>-T&&f3wE`1C)=`$* z^@;g4S2=)rOxYM8(a*UAp-b#ylS-MKM|GAZLu}7qhr$WAl@WLWeXClilPOAOR>8wD z)vwVAn6iFKYmf*&04P!O%oUom0K0K*hT06gLp5XlT!3{4+VLs8N z>aWPVNs9+HUJJW6uNnr%p+Xq0U*jP~*c2n#gGO}S-Dz00lf0b_Y1_yO0d=LlK3&Y27~U5klN~_+NgKmBB(hGI`Lb|ca_?B zVZcSh9a>reDj>~}E@+!}afOEdwSFDs0yxAe-97GR; zf5cy8v5mH%xO{-ff)#K<0YE5Vl~Z#kKnzC~?+p zi}{$Z4haGyZbYPT3BS*n0e~!J!Sutc$0-6xg;a2VW|J!ay22XI^|S|f$8N#x{0wJ6 zA3a1IU8(_IR)0(}85eJ2%aNZovd}5IpqTJj(B<&wcy>+d?WmBKme^W54#9QS&Lv93 z>-opcFUkypaM{ov^I;e4WStd$WM=2tn-{@oo9&aFsiX(xTZ|J3P1e1)d~1Dom#Nv8 zS|~Qh{)FJz4Sgj7QDh9!>yRB4dw|(Bbb;;Ks5IlAZ|!DPXxv1-Z0{EAb_(=cn5D^Z z#Cc~ZBLCe{-RT&6ZAt=*kI{Gi995^8<@+glc!qC<@R9rWk5c+8m0J9h4!B(S_5n4B zFJJjew|4j}tO>#rgSqhLiJMfOXk>7ZE#juNwp~D!gnIdYAqXjoa3r>D6#N$Aq|;yu z-;Usc68MW|e@rTsnabo&w9w%O(@*DOXEtiA3lo%J$Lvo8;$t&pr{ApaxymkZrkon~6 zg-jRSL-HmV&u;u`!GgIAqAg->62hao);inj1_G~py`fQ|UxfeAC?vSm6hX4` z>ES!kBNS@x-)$_>s}Z;HVTFDz;0v2F2onHSX_BQ99I8n7>G9#a_lWW`5576Wp7+c* zmTosqU;x1|ka*QuHUrXRc7a3NK`UZ6ozOosA(dudCpC9GMTn*FnogeVK1{BWAPzOCcO*U zLHSisF7j(UNgWMqn}ebgwTa)Vf2k@1!1&!pu6ofOoUPxwqhsho-PWunMJnABsj;WZ z=auom`f?@ENkdzSSB0bTqDwpQ7Pcs3Qf$A zuan_O{8H%}-uh@kswh@bRr6iK7=lPuJm_eY{y6#ZHY1KwC2kXN|iwA3* z(fdE>_+X&*601tvUfLkZU@wGVDOxT)ZbIuC3y@R196a^)UC;YwznX*% zx6v410Vog|$>H-Znj2i|2wnXjM|Kv2u}m7;&olDltf7_zN9tvRXuuEg0^4y)xY?f^~QpW zLhvHzK*-oL;O2!Kw-EzUKhI})`Q{dh>)Q4pl|cQ@GodK)KvVrk_JC4M-5RlvCjlm| zaj=oV!iz4aq)Mi_$t|lR9>K9{!F$;<8+(%$5T>|uJ|;4-F!Ta(f%7Y%V2|XA-$7)+ z_IZOUB>Zx>&6vv$A`go{FoIs}$i@wkS`26wXkrxF&{&yy-TIiB5yf;W&kF``)#qKs ztSO@*F2VtZUtuMh)vN#nic~CfjxV_uL=a<E9;lnSGYR<^QdPyN8Hh`X$kojofc)bX*RChcYiQhPiHX&cApm^2J6C0A0SB< zbRwGe^Ct5=9*Bztvh zVp15fpaQ%ibu{jA%{$z@oGW){?XL3gC$#{z&hJxrQby^L+NyF5z}!t>r9{7qHG>v; z&TiVbJ3HVXKsVL#VzhA}A<{!xwGBXIAp^-cm6CUmglX5!mNik5CHKJjgJ zn$T+k8%G*?5@G))3@!LbW$G?mpJusBv5*pKg70RqXX{+35n@V92ZjeHV0@w_&Q9k) z-#j?bw($=vrsMo#JDKfyxr8p%r)98W;DGbkGpGs>)7a`MXz;)*=KCgpn@Q*Qo{6yojM9FrKHQEo5#ohQJfd zV;%IOwxRQ`UUG5A9vX`g4V3+N3R@MzYN-|{oeJJ^XzB!5XB7-&)S3UY(mK^kB!^bS zGov?#D>H(v^QDOLRY>weXJ}9yEW>~pO-nU+s=2Mvp6{`X$ms#8Ywb0gG;|y~N4Why zrhTdKn%8M~jG8k;D_-RN-DjlsuVT)Txdjx|l7WOIkQ(b@%(L%-n4^Yl0zsz|fJU(p zwE{5@pvY6cY!j!e!A2QKE}J0iD&}j zkR8t^AG>^VA(Thq&gfgg5Z9!n4}s&@rS{3$wX07A^78AUd&c4MrE4Zu_9c(3&&LSt zxgPu^c>$Z_zmZ_1bp?>)zAA>QlYwG;jLcyt*Ex5tYHxU2*xN#RynouRStzYic~Oi<*mu>F^~ZE5h-_*CUl+2{Z*6%?0S zm+cp5vKKlW@7oBecgW1`V4+l7YHmftB3UgRMci*KedyQ?i#OQVJb>yw>I-6jz<(HToyA(#4z ztH_)=$$0afBV0l_{zs*9sCc>><^x5MynCSLOF5Uc_5&Ij-`Y*nAM1fe{q88ENV8Jx zH09@5;^U8@nz&$3s!$}05IB|$9f*WYg}n^k8al^cfj-1nDdw022Dog2ty&+3d~1f> z;veV#Nb{aY|0O~u*e1!01FLbzq=h29IexSucAsqbQ%qm=+j+q<$+GB}ER0G);f#Gb zB7`ZOkN5M>|7u1C! z2tb%RXB+<(|A?TWGDUFs{43#f3_#@8Q&aAHby4RKleEy(oU!mzKf$p-MQM#JYzPUT0h&9m$7;%0YB?5&51l5=Rv<$qpBkEeC3h=h(no<(3??4DKl@-w(O+4`;Qx_}i z0GtFY#4&wTZ^ys{I8a}$!*&RpjM#bMa(YT*56t->Q z<}0^&TY#uyCFEb*5txfIjj(pG9LAT?+y?W`7-*Yt!1uis+I_2U%D4G zQ$$=&PQd+0^B@*NNV{AeyDgNf0rwgbr0K)5y6bdr~OLGJvX>y-d34dXdwq& z=p454MSr8g#9fR7HeeYEAn|$#1FkAZ`fD*@cGez{Dx~44I!oFa@gEUrYJ$Hb&|gh_ zFGhq9JUB%sT%W=)z6zvRZMFV~e3{@|{7>~VS5KHZP;Nq?WF&0wGG(Dn9l@5f5m0`C z$A!@pMueiO>%I{4uR3ZdD@6B2x#H7<3EB@yGL`wtF!LvwWQf%>+y#0|P+NcRmgI5S ztswR2wN_6*N0S(ID0P`e1|l4V@h7fCt=u3R!3K3jsK^p*mZTmg)PyBVF`ZWMY-39N?mLkgALP#>HHHCuT?^nuhYNyV_3xk)G${g<&b|D!Zh zi>jQHsZs4?Q-QH7XpEe#Sm&5^ld z3%_YUmAAmog&nySE>{Hi(Sx`f6C8rqY}b@05cwEEUg7puddI$7D54%_8oGgj^q9lM z`hK8&DE7aKnAo|vjX29nWSzGYiX#(G-9F+By6PD)mK&d}G(MYEC^-30!BfVuE-*5q zWFrx!%cT0v7$Ue9y7xqKgXzh1l8nNSK*NXxworSBQqlb6!E$YApa#pQ7wh;wkMvbO zwYdJLGB9xePoY$N@tHc2)R^iAJ;Y{NJ@F4YQ7zso!*;Lv&QLA~-vbRRH{cx}rk3%43PqgAIq{5DbXPH6cmG5$6oX{m{aXL# zW?=uPWYnpZ|5cMl%C_lt9!FjQXj41}NuaZRMEKx9+PoMgVN4tI9xT>0oW2;j*cx^zxM+M2bT+xbo;RHO&;OyUFo9@I z8ZTh&{IIacY$OtAK6L2^nprVlbj!%~#O-tA)Oux8?T_sq56Sp>VV8g(Jjhr5P9ds? zwhQB%tb06w{hw-&-w)<+yZP*4udXb3SS0aux02CZAie_0Bb#?MGSO<$cZ69odaG%I zB5kt=Gjr*y@6=Dm3j`_uB0)@jwXo90S8*oF*0GB}%A&r4dzzw!q>xo0DCA_&5i#PE z4g9B}1i_p+J3<)7*G>juQ3AnlKzbr0HB{Rqx9(i(oWrreT%7YN2_eM5F?MR*cT1bZ z#~96sz0}i%=K19X=}Dr9Nto%cutnp^FpW2UIj5wiDD(5He40KGQcR{eM-h#-M$Rps z!x45SC&mQjX!ein&0jE9^}V`-TfFMdHtP-^YVvR_mD~|W8JJh>s%%!RO}H}8+x#5< zazli4qbKsRZM+}+_O}>~ zlwjsku96qX{`RHHSni9srbqhO$bO2P8n6r0+Cq9M|EOvrPn)PsB8zIuwPi*9hp3u0 z(vUMI=+j3uHQb`1AZjZHeE3^fRQQ@4e2<$DLP{ORgdTnvx`~tx{WBr(xrv+$br(p% zT?%d=yqkbbzZ&LbmgKf)KU8I6iW*&BnF&iv^n@|^kl>YPs11uvZ?scD<;|B;EZ~3# z2&4;Oz4K}HR4l{H^xZkGJz?hbYdSS(!G&~iJWUOP(-KZYh#_38AkG%TSWBiStRO&2 z4xhAsSRb}RLDi+1r2?j}OU^j^nFic2sc*?rNHD-3i8{n5g|P1UZz@iEU1IY)j&b^w z(H3^>1bQCPlaz_8P3cOdBSRBwtpSKV_b>LBx!Ji#}faOjY5`Ut_HZwiTRkjNg~`N3D7 zzv#|=HOviNhrU^PPKr?$c5>rLc_WZuKO^xtGyZT%l~;B)oE>;xaP}QfCKcCUM-Kkj z#(>9_a}tWS^L9#dLkzxQA=#xo4N@wOY8rE>#W2i@If;+5(Ep?KC*;C79eSjlS}>vt z)0Xq)wv}x$8dO;53PI^hYq_kQl`!#B#LqtT&F>D)D?vA=QkAZ;RmEhLo2OHsPA47! zOEIUm(cObUyI^!MF)10u0q%FwLF7#!nOGZ!n%|xW)(#gqwu<049#4E~`!Lj|*ghqP zM*Mi)sopFy(rn+nV9NwlPB|7mv-lx-QeomW+L}Qg@WGe18wZk}j3*gS+EKvxtKNp! z1K(xTp%Osk4Tpp2K%&|ov1pad(v5WVY!_if2mD(BFwkJHUDG4`dXBeJ7U_T;d ztEXU^_6+%(sw-?NDd1QH`q|m2U%05xwqr?xLTcdiq!PT%)?KisGPU-$y3gMluFyZT z#>N^uDUmr8f0WN6o|;KWgAt`D+%AiuAo~N1KqnUz^T*&X>zvqPVUh-XR-yw7h-L}k ziFE~2rTO*&X~Rg#@aRDLSgAZZ41C_%g~e=x_l)*rsbL?w#WegZ@kTE0Kmuw=^|w3{96v)HTuy!A3Fd_B{C6Q$`wq8=>x-qA=Z5#HU!wTb zw#uI+mi5NB=Z#dqZ)=?FP*LiBipa%(7n6So*8U@>qa*)_y+T)eaia`?LU3{Y{#Gi3 zi_!B@drlPr0^V*V;OyOo=b%@_1zJ*~e8TyQ~#b}7BAT+d)qX^IAY{BX&~hFI_5@!+#RcUy8diqA8v*hI1*knq-B9+%%uREBz8*XvC}7C?^2F0cvRK% zl?e6bUDaRk*4c}6K8D1$M_lzK9%rHdV_pAj?kI*gP3qxLZ^R845QP)_@Y8~Gv!^I`(DeKiKYu$b{YO?2^8-e$$|1n*@&vD(n z>y^WIi;J9)^SDCS&b~7t*{R?V*nekJ>(-=;buXI|{T=tJ7c-8jFbV!qN^OIa=yNPR zS5pX{c*$NU!L`Z|?KTtA^%k2-{FQ@4vReFVPhx}6bcUiy|cwTQxZD5voe zVeK#u4=k0?-en6tW2+Y?%;3g%ZCa1If6)hB;5ys}$VYpZlP8+WLyzFo3th?L2l5bF z@~%$$#L$m5JsPeUn_#uW2~H$~xH_2TU@JQbS~W*oY^v_-=h{;WG*-VPqN8O`Tvo?= ziDGU716L|%%$dd=_rULNV*)i<`J4;1!wO1nxI{hsA*Y4hbd|kdd2E`ous9x)Z)tRO zg4fcgYk1-zvEvQmJ8WBf{TUMCSD6mEQiO+Qq-uJ+%VzM6eQJbXd=rthoe6Iri*T~DZ0^b8zeK5UEd zI<4jGs{%eg%@nh`ODjXp7W_F8Xc2LMTb&)y4e+bz$r$3_&%s8ThR5>vA%Oq9{9^Q1 z$B^tC$->hMVl5jYP>V;$5&Nr8Xty)B8Ba?0wxjNQ_E7Gpy|ACavR9FmZ#P6e&Z~Z* z`figKEXFu4((rRkI8P-U*zxG#;dd=<^HA5B_w5(pVYMSlH<<;y`Qi!1AG!Z0vKJQU6=L2}mnee~J%Hc-OO*$N&tl)veyVrw zjPaAD$ZNrKvj&_DqHrOp@OGNJ1;vYk*Sp=uQr~ z2>K9_wy5-s>ujGHK1ye<4~DOr{5XhD?uCRX2IrbcuYDxy}saUlD8VUG6h+;$2iiUa4`Q3fS!#2%2aw<={WF=D(B0tGMss>?OLt z$zfF6znamwKmLE79OmHhj)izDgw5+0xb_7mMVXOU#Y_(MAJ`kMO1@npJ+=4XntEU(F5p6)NHs=qADRfC=^Fb7fxySi1iWI zJM3`1h@`Ns5%OQTG>~c3a@*<%Fg{VUD6l&n}J#!M4TB88YlfYJNhGr2>X5vs{j=qq`I`H&c`JAbdWQp?(?Kp z-JSDt+<18%?!)A(tk&Y7)$*LDhQn0i<4IgyBYvhcO6VQ#Vxl#-TkluuMaFr+PJCIN zpa;_a@%%M+2Ruaz8c&izew#5k|3 ztggs!tMyIwaX4y0RSx5;hgU^9;pVdR@=EG-`LwN`s)-KgP{wZ=@sXNE{;gv5wuEjg zxwbkznxf>{_KMHPp2f7YC&_?>8n-$X`&}KJ)v$xnoam4nxBmJtXj84Q9Y0!Jx4rgp!&d7W}POY(RY8w<2lkX z(FGA7x#=|wJ*e+X#`f@GuIiHu@k{)-O{ajpd@LoL7 zss1jk_p1BXAlJ^xO2rx0!0`bhp8!;u6{hWZ7+>oX_^wH1n2#7dhM&Dc@_pg<6?mj- zh{QJazBYKhELMCvrLaQL?5plMlKa8Y+Q~a@W-a>P7-`AKG$Y~q{)U#LC<~9c>lu9r zY$66)D#-8L#kRK-Ja|DjYF-AKuVDTm5Z#pwaAcU!*+H+7tP^^}9V-lCarRqdVDZD2 zZ%ub%`W2oy_oXNzZv%pp@<{o32wx`Gqp}VJ@!)X)qWb)oi@>%ZfASWKAmYUq*yLB8 zoSS)7ciE9;AQ`QiTciOO*-ZW{Drz{nbSmyP3H1OJd~9h&HqEIe`EJ#44SO zZbJ$V@CWC!GKUpX?{`b$@}!Sa1rXi*Jy|R-)V;uWIkUIoH_xFNQ_F*ws6e@pkm1iN zF^t4HAVe9*G6A0&+7J&^GfauU@+L# z=L@JEc(bCeb_~n%nL>AE0eQ^9G4`<%^qwa?AU-E^`x3~Bl0AVZOg+c|b^jta>Q=aS zL`Fr0@D+OQ zprl*8Kq^N_RdJDIPg6dgARj(uAL zGAo*5Fc_34j~ng=r%8Qa@HPwlDo^m(Y&r49j-35KfZ2!Tk{$1z81$^^cFG-}q+yUC zbM?*nX%;b)RUN@fR&Xh4$W&)Q>?q%}-%{OREhe;-sNd6q%dNAZKz-Jvg&P?DC@cf^ z;Klo(it=qVQ##;qo{e6Lx;{%cyqZu66646s4u%xR{mO5q|DA6F4Z}=8)a8qb@1d{j z$o7nggB-0{5At}zmyr6>sJ9CSN)xP$KJyV zMH>k*&OZfVM?Xqe*8?*G(`VXnZ|MQLuqD5WE)qXyZY*GYvk@9^D|*uaCbs0Vto@rj zY_zmgXK9G6;q9}0|Lsp?U9mH8=GZHXtQUKpR59X9026=mdb+RtuFc*&0?1u6Cz&4< zB#~X=2Z^{~;+s{^`1!*(0ZbXV#gokH4ycFg9o+e?myaJV@Q&0p!fd>18E6q|#>IfG z0}S6%Lr}+6%isH4Ei7%u+i`^I%W}$yN>j-V=1V|{M1k?2$<;ugl2j~JW8o1!USPHl zG>Usc>N@tmSv~&6n;Q+z#0r?|XX!vFSqMrDjc6`0Q~Z+P1kb6JDPI)xn7 zZux#Oa6$f?Lx=wdhpq|!?;*0kay`$>guwqQ3~YfHP~Dx4-2AHmmq-P;DcSq;#s9DP zJO3vGCvc~!%e$D+Gi6{nN2-pd|3Inpom9u1@*QW>-{4-2O<@DW8v<^#TNl_KBJ4zN z`CkeLB7xL)lQr4SPlZPyaz%N?`#kxxY!pc1yn6@4p-#_p5-dd_+0#CDnpR7NLDxqh#^A$RfRs;;#cMu$e^-F+mt_`WPq2^kBg; z`qEMZf(k*3-px-$A73XmDk)lpU25N9k#IMGw-nJ$Hp7T!M8vpcLYJyjZo84QcM{I3 z;f}Wa5Vrhl5Yix&&E~u>@bKX*wAlN3SYap!DRZRy%WM5AX@2_6&?hjFU*R;PHNPT) zsO7C|lxC6=Zh66V#ZAR#RO2oy>4|LIH4emi_!ME9KYdcz!>COO)SuIAd<7C>|KOeD zG$@I4xC8!=yAee)0_*bA9&t-vbsU_+5$}B!XFx134SsofmsEWR9@VXRGjK0weE&{x zAbUmX%~P%slg1#E?iF4mW)Hw^ZOkern{p=tXMEHT6vgP#aN|J}dn6ttks1-diWXJf zwT*s(W%)>U*{$^`LE}HaDE3dsVtNAI8tvEt_9KlYQnhYUZRpU2%XP&QQhj1lrv<7} zy&B|imyokNW+VqnaA35>cY9DBBL%Xi6_N?+yHf8>k0(@!F!AWG8M1|aW~}fev2bRS z{sw?aJS##hB%?Qv!|ZcL-Mry|Jg#IrMPS}c;O~cOG#0RIfzHqu;gk+iG?tCf9n(EbTzs~S5#*(Yyl`R%!C?JQLqMk;KZ-ed{F+zzCcj!bZnzumo1!;< zHUMj0pRq!tAl|n4%s~V9m{Wa@3Hv?Z6Klki)0}~7l2qEDczw4EiktH_06i@EAwkAdO++>y_Y4v-NZk7S$Z$LE|Y7{pf3iggnM?ge(&-8lf6%O>;Seu-P3>GW(6!h^O6*k*+!Y` z?pxvW^AEEfcRNb@5QjNh)o5>9`dXvIX{d$D(OLHx>Pnk{TUF)_keH~56USvohUYj97w2$m7C+rBGx1kkYRJ+3HqraND4QR&sJq}a z#i$*TNxpX%cKVCJ3OIoqote`a^Y@GMD9m4N!sJxd*5%fN6r_mx44V6`GxDt5+8Vf|6H}z z0(3Df$N9-E@0G7m0XjeDZ9J|^K47zL8#V3^thX>MA97DsT#;t$bahjGOmkR$+_pci z!g%?_NH?KftvlYNwDT1Ycs-jfu%6}k+D13l*0Wf^QFc%*CVRcc0M(ZC@Wf|U0$jMF)I#TE@o#rT)GAoz(K zST%28K-mvWiEpHLi$;B<*(Q*k#c)xZ_me)Caj=Lk!VEAgqKjpQhwU4q^uY18YAZRp z!1w#6tLr)viVpY3Y4SDbgZ=M{)1W)yZg9n%6~HJ|n**6{t9Bj(J{z%dX)dJ56yV0G zg@C9^2tr?X2=7Ef<2z$3?SLC8Z1+C5MHN;-P(i^}^VSy3i|va(%TK2pcKLko_A;5= zJ@!f2Xtk2mA`^B5&@;(N`X1Z5{~W+NRv8cYR)_}*#b(rg5BEE@Iws5xg3l&X9QXZ9 zlw1B3m8*x!Pi4ty>AR5N&G~6l&Mh274RZLqLo%N%8h2B!)XNkqveydED2|V(bw9Ng;LzXvjAnmMr^3L_f zNAHR6;&8xb)T#=Re>S6%l|R^6Ay_q(9=@nL61RUJn|TjoiHNWM3}2BZ_UsDS7+x15 znqAspjRG>m-l(yOt~51z_1oa93!k+gG6{s+Fb)qg{(}`222@TBKvfMkKfniV@v^)H=Vz}p7>3khU!;L4Gub-9K-$yk{4TP{!UX)#k~Yq0)Q zw5YMlSUoBBGT)?uUHj1Vg~fmH&)3XuIR2s$BECn+Qx5UzHC_Gl{kq{tOVeWM`&{bb zy(7F>{sRm3JqX7{uB~YiCorn&VW8`=vFg96aF>l*V@SFzia4&%_&E?8hkH9M3p4Mt zzlpsG*obRpz``CO$T3>qf%-u&G{P+o(O2Du(_qkt;j7q+`LMd&!(Rklb{}D(3{&b( z3+>2>wSs# zZ@7ncP^}qk)*f{-*Kq~HiDC<1-`bpSqm9svwlFan1#=UgU-Fs?n}jX(t}O>!#+kYM zU7^#1>>`vbRMP?YUgJ8iu>H~IZ;^wNKM&}96!au!epCzIs-jpPD=>?fdJ1Bm-cc^M z(|8)*RYQ%EYneWW%c{PLwsT1`Cmg0{=`<wr zB7Q4f^Z9L|rLYrtWHNj{IVNGb)86&Mltf-8|8VKyH14n;XkT+ab<4$bOjy?F?H?aw z3^@n47gy?du=MPOomf&&wfwvmp766>O~S;IW&H#|ne?FY&81XV{m1E=reQ5+x(uS0 zPxYOds&4jglUhkCe1(S>ty%szx2slO&Gwn+jIq1cQ+wytD&fPV^qF;C4g5y9Pz@g~ zm87fdsZkfk0IMt5QKq*sx$7W)cDZ}m;LoGvR}m$vu@^sJ%iL%*JVq@uS~;}X`IkyQ z+|j8xNE=`4BUgLpO-Z?!Y2-U@-JdSG53GVjn422$u$(V)U$YvV^Tujjau^MEhp<|D z8An`ro{Q3Q>_sT-@itkMtVpqFS8-LjSl?S#+tR7_!y%YI6m>TcTRq{NFL!P)oUe1e zBx5kz4RBmh%x6rmXbi+9m-g_N&N;t|&0JMAJ5&yvns@Gg#d$CY{+jNsj~{r6xY3S- zlcTk)W?Djg7d<5RO%1ez0y}Lx+i~}1ThjF`+kh|7d#=t=e%#x7z+3WTwC#_#YiSNJ z4v$S&8v-0q?LxW;yOXtAReq1(8r!yXN{h4-u`rmR>clvpARzj?&#j;wARr*3sGHEh zU(|ubz{gU=DBxqIAO{!-NXMuD|Aqg(AIVkT8^)O<2#6iL6fVA9rcMKvoN~iB_HsYwARm_BLs!dbkY7rzMmeP_GS>0;OP*{*m>f>GUOVI9wU20x5_2%>a9hO%6EF7;42m!U;x%)u67Xck zx9jpee?EAkBY&Pn9_^C%S)S9f-A7hV3lcq<#_!wp;(Y5HREvZ_?YL?* zZ}6L;asBm;>*IuTZ0IG#vPW+lFY3Bx-RJ5hjcnS4Hq!qKSOIKTnQ5>xi{+0^Upv^{ z$@EUy1567Y)S+l$yr+4D*2_eTE$arLAa+WA+RaL8gn1y%vgerlm1s6<*^`qDS)Lz# z{NdUuEUp&f(i+#u0BIH5Mu9JSZqwvR{lre_aNxA5@LZGIDs%qba|ZqyBdX{1P|^;F z2b5y*^N7_~phy;6LqSGgcEl&PYkVJxip(MSWeo;TH@F_Rkcldl^cmx)hA3Gm>cmTg z$*n@1*&7nv1PHSm+uD-qLag2dx*nuej(f6xrVT(?@wh!ZK}p-rtaDWmE;>=3mSsi) z)iN%`Y+*~M2hGScHQ@ax)T`xWvd|7Tb7r55(@&E;@Of=6YUae=HM8FgX|-P2RSY4h zOL{jS7E)-$%2JbXBBxA@;&~;JcepyjUfT-Ex??#XjiaeDO8fm_#Zs#MPtt+TfgJUu z$us)vw~br~WWWgqIKM1D4;BnK^go5cJF~2sxtw3?X2qh%hPW33*Eg7?4B3=kU zN6*K4FrnS~B9*vkRxE$nP`0$b;M$WP8^nw+o$v6~eyha*<18K$;6p#teMQ(O>d};- za7_7{pw1ZgZ9@}gZNWLYc~-vG*SmHuy~Si_{roa853X=q*%n#ceVD~d!`iF~8d1Nn zv5#}-1wLrj*UTW*BR7sZa#oD8FNX$4P>PAvD|e2BQ{wTh8-B`-`_48Wq+Z+Z;OQ;y+v+f-|+iub*c%b z6`itHpRI&Uz`j4LuiJ>2#&mAq3MI`|5-KvX8$<7%019YfcuM?|vswRJ|I<*fPx0oe zbJb;$d8yf@JmQFc7w1Ct)x{KFdLi1#LJH$~{c0%N7D;E!(QWYWb?0w-3@|NX2^v-~CO+B&qex zj%7)9GwJXU_FDfZNdHC9{6SvsUdiOqN!m7TIdiJ5d{$oz4ww3LPruv z1O${G0tr1J(g~r3kc1?M|MR?Ot@Ez+emL(sAJ2zbbNyznHD%9r?b);Ex8IwY=<{+5 zb8~QT@IHC`(1L^G#K+@Qf9CXYi9@rC%5nBru!a5uj+!CSwPSF~Q^#0`gQG5m=g5`w z7@rMzY#+?Q!PoVl^j9ya@;L{`hwUd1b*#djH)nYr1;NGa9Yp-wDo*WxGqXNre*!*T z3WBzuc9(HRL0tV17JhG=rlCyo+oqQ14xl7(OKCeh6*+Ct+B84Qjm(kR@)0HJj9A@K z-o902(GmUf%kR=L8hbfcCn7YuGeMi|d}CNM_nu;~$1*jKH~?C$1rfCo$K!fgvbw!M zPo7&}m$$N|!e@Do%e-#?Gan5;tbE=O_Fd3*eXOcvR^&g$oAVvI>)V5>T-Y%>&S%OW=Oa?DCI3@#RqX@^$M*~WTOfDoU~|?Dv;^0tAN<#;w zi089vw<5~Mws7@bi%b=lUJ(gQ7$j(W{<21s?+QWP3w+A4Qk*GgopPU8s5orPux9y030kUN`TAsgQQi#%GA(_@0MelPH-kxdR#h&G1;X0%KpKHt7JyW724Zd11Jikg@` zUI6PV=k}Gbz7`ap??v&P_(%PLr+XE*Ex>u9vi6nxjefwxjreTx90?)T$o(7g~5@Q-|uPM_Pzn3fE@rjSRu&iY!_v*l;|zQ<4}M z(9g|Wc*P4mWZSGxW)OS}w4xZ?K}roeUa2Q80d0#fL+qi~gOik0QTyB9Dhz!0qIWY# zR#^=e{&q8(O27lLkxusGipAnWI@6htMF#KtR zXc0E(K}X=BW!P%BHGps=3it&fBLPL1|=n@k}>($C3IUqLKGljDFs0Q(iaH4xWWI7@c z>op5WX(wHZDPGb`gYJaoX(9IsDG*R|-D$>;+{u+AWr5G}N&HjA1an6A1Uyk~5nr~~aYWE9Vnpp3kEbGz8 zL3!7%zo(iV&~i%;khJDO1=xV6n$+}7Ss0*;EkQ$nz56=9_tcvU!WSo9m|cTy$McwQ z(JBSB2^FzCa&-t)>lP3{tp~I^Z^G6DP1aj7G((3=pq9zB88l*ZNGJpuT`C?$y(;j` z^CmO@73-xVwdsI#FdSU)vtQ5$-gRH#jwA>>Ajk?VK;pz(st}=!m4;GB)D-kfHEbMB zTJmUfb1D~##?EVC0>qKN%^A?z5w^C+ffkGCo(Y-0vfJelGMsy*Z%7{>f-oP=Ll-0VxcCqm@;zy;A?==J~d!hlC zXm-jksZP+{Nj>SAm_OpZaT_i;rfT)55XHuzBaeG9!WoAXi5|k=SmI+|1-}8dac(79 z3}V9a&n7L$guKZgKd1I+D9#}iFwS==T$rpw(ZX}x( z(4RWCIP^=z0#gPRT_e}M%FfBy4nfj=NC!iSNVHA2#KfZVyh9jZrs`gc=Pl3nab{r; znboir6^_w*bW*_I{NTe}UzQ!fe~}U!uyR^9H>YI3HCdi`P!Jtw!SZW-OCV~jO~RW% zx5p$r(tQ^FA@UfGiuzA|JWVR%Q+903@os@nOx#8s>>HaMpe``Ais&m2fE$3s(gO9fG?T0vpb*4N7AMPBLJ2PJopY9L==gAcR|?Y(BGTQ2(}@5+m?7O?9n=<*6G2vE(u`~^(+0WRw*!juQ9KUyvgSDbRS!s za92zj@F1Q2rkH&wqO7?eO^oWFBEr2E#Ld~{d(13r{jGSoMq%=v%ZS!{;|C?(n+cHY zLn3|fXw;_Wc>A3XJJy#p9?0kbSN^!0Y@0{9+*nVHM=6pC+^awPlng9bt*(>*cP&{A zW7+YF=)I6wM_;ppK}3eg<*rm?{L%Fi<C0EST`)M@D=~Q-H0U0Z-*sWmC-sMdVUDo zagS$fT)u$O>O3G0)j?mSP@9c$Ou#1gdHxA7?OW8bmOjM{NyVgqBVs<<4{csig_;@? ze6%zuDU+>z_I`5-RJ>`!jg4djMMRW`SM1Q4ZaeBj=g7}U=Mijm@6fuC7pn;p_aZ7Q z9b_=dT&#Ydb$)k>YihG@YtYv%e*=R<4v1=4DcTM;5{!}Q(O%25bS)l3~Qq6qoMPe;IvNNl2t96_f2ZU?lGzLjKzP;iHqLnPe}`_a0T& zuB@p*MYBWU#$8`q@Au^TSk+{t-_u1uv|*TWxO+V$0yet;mLYU~Dnq&tN5p@*$Zqtp z!IVv6X1wv%67T!MQc-deIYf4T(&Ff+E<1A-yTs*4j zXjsD`TGqZzH%bdUx@FP6SB}{hR@%FfeSpBO2iIBea#r@%e$Gx+0ZK+OPPbgU?-WC| zaE5NNgcR3>gQ`yRid3>Pnq%3E9rBu?q)EN?$tAlQ%s4c9lAGv$f8)X}Dtj6(9Q3V} z&#XXVu7+XBj6d2{1$fzPOn7(7Mk>haNFqckb#%Lw=cV_^f?C-#(|DH{;N!Nu$eg8J z-n}rFF~&toic)_>M2k=y$oPHMFb$95NH%6vNhK$nN%-2IMEQ!Q7k`Vi=d0k_;+ZEO*!rG{-ure!%t@Q>)UAv!`)w_*fq5TXC#hJ3T%uBAN z9G!OR0-23sh=mKwOth^r$JDqD#oCi15mvx@$|k*gGg?wF^m1Rj zhxAR=JX%$e5hN=zhEN(G-*{{sypErKo)_nR6p;Mlj(mFNQjHu#PomPGzu{p9ln|x!g!88nv`o5)B zw%*uMIzyC>FoSeIRE2jaU0nzgP|rCv<^)0)n$O0TnKM0oo(ClM%xSss5X85+(h%z* z+ag3SxYu@G538v^4Hqz*NdRyk^xJw;y8ZoTHj^~`?%d#)S}i@gZVYPsT9`W4ul&RR zp8upWB))uhN1t7GV56LQL*VFHjeo4r=pu9>v2`fY7RI{~rivDocxH0@wQxK3|cL>=6Uw99m^ZUz>K4AQLI`(ZtgxKH}vS9%sE?;m$eE8DOx41Mt&=y-~ zDWYB5fZYTHjf87H}ceae8!G=s^l%c)%9{#>0yNEp%f=eqYVJgRy z(|ua46@9eM%(dg$waksvK4X+YQ$An_D}LRT0F*d{+9aUqyW1*Gd-T(Tcc%kNmLi_E zvKqfT-_kH1(Y%sD{ELHBJU-&3`o^1LuGM=*+%#e_lSiFvBI7a!|4M~t^J_mc_1+9b zH#fb_e(afUx=#N9k{Fa^VTt_gAwyivpll=O50I6 z1>JDbCF*fMf2lW1V-4u6ZJ)wwi-24A3rAPn^>XCd__OW%^6kOh#py+LkNBUN*zAMO z=d)zrJI^{vP`ET`ZSG;g={>92zR1cwFHjTPuVUyjl*GLdYS&{E(tZutlH4*kzAk}R zK?TFom+0hsqF(~y-cmxte^W>VXdTQN&H!pSkJw)x1K~c;3gUj(AG(zIx9@L49^K@K z2BrEKixky4_b&t{)As8$mOAPz$#dKkr$p^}lu@{ak7sVJ9Miaw%oP>f%Bn4-2$i6P zTB(2v&aFJ?+0~j_*yb?v&I79Ecu+EwOkqSRNgsuz)#r`7jg+x~-R$gp z!HuVP{t4nxGgPAW-}TcBsxS}Vcj`g+N7E;obOSzo>d(h^5;5c7#>*-1K9#{5t66XB z-OOz(vYW+wL`RHu+2BU0qY+{g2MV(u+=*>|C2q@y19aPw`BuBx1K8cS)Dy9F z*7q<+dEyL^FH1wbN)L8q5tZ}rDhN#n>bJuO^H(H^tuFGI+BSQcrEHRn5*thNaGpB! zt0pp+ZVw(gRgJn8;4Jr&8e!NFpF#E5-XkfNcSt)D!`4|fR?exI&1U!Z?1cnSPq**5 zz@laUz~9~}any%wtv<2uS-e=NO-LE>!!t9%jI=$C;A?Jkp?LxA&*)8#GHuU0rl+1N z{{!`mr9uYmp-brL5R~s>?Rl_5M{s!ctWVUIg*#^Y pX7m>>Y$AeHAxpSIh=z-16 zXpaL${TP!H+|E?c1AY#WgX%2iw=L4sPM;J-9X>euQT8ukg#`;r>-RU!DWN`a>yqEN zzLVc=jV+&*-cr)iXxi@Zq>PH;8sC=u%7`s?JV~44 zk5bIrmG{4JkeE*^R8-EuC0!0%#rK$LUzk7*DyK1{38PZ|^;U?0KEIU&3HSE3AMjbr z#gquw?0jScMqN3aBRq-!I1;kMei>Em-70rzLHuAa3i+T>2oR0s_{RKa<8=R| z7m$&dIv3(7^FuBRvG%@<1r`~x?_yIfD#qsZWo(V5=h+PV)2lS}z9MfEO6vNpyMmp}#a5oCR9Z)1BbSco0_>G27igBD_&%YyS!MWZ*S>ofS#->)Wb56?$lS69!GC<0 z#)zRd9vsr_m#S4;Ujrt0m%ovw6J^UCa*)f&d2=4`N2OY@5N zf&^v$A%h&16OkAQRy5o)r{#D6(esxJ&E>TVd!;go{n6|Nu9v-!Ho9%UD3zMaI((%> zI`&UE`W`RMz?=2fH6$BL7pN8z=bn4&u&sz;wCJk?uy!owNx8!!?F6WNL8O>)1D7TtXmMNVj<+Q*9jRi%mv;A-No&(Q^q2m z@#ncB`9}cB6vE&3I3W7)C3nV)ks7+n-@UT;V~heKca;TBz-cwG@hJd<00)GFZGIa* zF-Tl5H~HM+H6_8s=nQsR47M_q1(q*Mw`(h@j8ADome@m+_pq$mCU;DFDcp?SXx&%E zZzb@^Yk5p$`izx_a0wZk8}>-T`;^+G0{U}_Xlc35pRM6kQa|5Uq z@+S-+Dtv=jd_$sHw`A$}8RKw|dJ8EA!G-qPqFv3eb-8prp~v6Dp;Z?k{>bYTN8?te zuV@npmX2!iCSq&+@`?7gJ#&>;dHq)b-x{oZxtqQF4`S%$`XHwW${ihWdAyGD|3A7^yKGd){WYduO1<5O897P{Zx zp+DwLOtw7AOpK1J>BNOr5g!jFEN$J+)bpThiy4I z3c~=JqupHll5sL8yp;s@~(Q)i)5-P!>q!`T3>jJjNpWt|jdu2HO z{mT6OfpuSmdzuOa{F$6TkU8NBCkBT%GMxV6P}4hee3`%z@aDLm|77!Ljx+uLr|kb4 zP#P1r*k`{!Qlz^`xSt^fu&nfnN)6V}QqZ^WS9_E-z3J>%>G-LVFYGyNbW2<05(|Hu z2;w2t9GJIb;hTVRU%I@M?`~XGpQBy1L5kM)i`o{u2%h>hrq7=3+@preo3hpmeHPY) z$;FnUNaN)VM*GpiXvrt1ti3XTsRdj zZLN0W308M8HH01FUL%JszSp2cJMhw*%_-`%>HI1gHEYmb)6g?;3tu&4m*02I-NeXZ zbav1s3kJYy$eX6g^qk5{*3S`0ff`)CMY3-(fH?>gO6sW!sYidVrHxIro4|S)?QCV; zy9Xo9mxkY4=FX|Iypw zM+)w}KsQU=xgiSUv2x{R7H51BY*VsL;_lClN2{ku_xF!I!~66JhdEUBO$kq0!t4Fg zcE7W7?{Wj8uXrPO`evO_pm!m4I${aSP*=J-jMG z!bQ4YQ(3VZ_(zd5!2Rg5-@U!kbEg&$!3}8*)qx$h2jy9qS9pcD(z^%tz{W1|S~(}I zu{{-Z*gfJ}W6J^;GpiFf&PGb78S zwv+2EbdQ8fV@>}`JjX`~yD{*Eks16>U(nD~23tM-KxQUFdWjYDr4yCq{YW&+ldVF0 zXq>g1uh0)#zOi5b6wD`9GMSXb$8HuEQ1`fQ$Ltam_eu9GoV+2Vac;UIle`=F09jv< zb=#Jy9SEuEv#Q$EQ2$B!c4aLvV~vbyB%$<2&Dz~7Ta_`5;u z5<{ratYP5W6NF)_z~IU{$lDtnT~Zd|M>#yp(ffTmpBvX^k=^ortI?`GV>#LULs)1X zCW>Krc5cE&e%D4+K`cSKElK?2u1|D&OQ*w<)BejgbBx?Jp59ZvoBn5LZyDmzF27x# zrT0W;pLg4)UAbH2q5?LjXys5x4~@)q2xB~?)pM>6nZeA zLA-cidlJSBwqi_PBY%*{42oalhCe0z7dxcx^h5LBXs&*?fzYAEc+PflnnDX?q*G#8im+Y0n$m{*FOW}L{P~qEg5$vf;pvH$d8e^Y)X;&OWic`!n|8<0ZCBzc&^TmD4sG2;IX_gu+ZyL34`I6rgM zxVE_jZ@c;n*BMLv1e#WuUi#3+%_gHfKdW}XaIl=)1%2Q&&0O-T&7&a)Sz3q*Ks3W} z$2mFQ^FY)APJ<893l{v*0cbLm=yKab;uqvvj}a&_44dyZgZWUBBJn#pX7mLFziq(| z6;+h&Z5gJaN;YGv@j0M_@xL2#DX2mUxDsKdC-GUX0C+$k;mQ?en)^K zSA(|$E4nYzeyvTwMY@jPLsrdkHS^?B$JyTM+8e{ zE%}&zqH(KSj|w*Gcz)}!sqL!q3EQp{aB0=aONSKBw~$D4QwA#A+wLZVJLwe2Ca$w^ zA;f|141g4+<~q2Xq6un=xu+0!)%}2l1=7|YSKKcB$@6+`2b+F>C8%*;Z4np|*E6{7 zA$x1bM)Xb>ymO|$S6Il4%Tl0zAf(ieyxA$aQ34&|PGa4$TjKe6VJ@}hXrm+)c6KsG z#=$v=|ET#( zQ{}QfdfF#na2=?4_^Ij*_hbk7a_RdbrAq$=_&%sSn@xgtA75l`lIra<8(MnlBzX7y zL;z~fk4pJ#;C4g_v*Iq~vELp3WkHq5#IXFBi-ZC51BAzvC}!uZe~CZwoBqcOu^xvNMXy=9D=f z?|?Vg=;E!ODwT*e@fY~GtOU?zEWSOFqRtiSKQ>z~L=L=--Nd$&E_?vNteRSkfa*@z z4px7mn0koK;SZxd4V6}MeT~idxHb2hMENIr|DgxO{C*(?LS(!P^zNgBD}%%hQhlG+ zs{b&t4MjEo>t7T&;41*OXs$%>7-U;jPx8QdCf)mJZso;NJ$;zo#zNP{zxSr{Rc(I} z=#UM!Sd{FMQRByr+7kcZ$pgfsTd0 z-6#8UQmcRbg@0L6U7(UhQTWzG<~9Ebmm1JaFFCqS(|7jJV(^5qw{cA-CmEn9sRF;gOE!5u)LX$lkvOCDg~UT z!VgQ!BJPI6SFc_nzi)*Z_D*cn8bV`MRLyHBxRVSn2M4!tHG9kiqbS*qbO^q`Mb;A+{U!%&1RS0Y-sy6j7rl~!CyK)qT`3L z-Tw~QOf25YZmMQQ?I~@1evuZ@skDrK-xm?oyvyg=<&%caf<1FdcFcTs?PX9CU1rO(PATf z4Eg4PRbxMk=T+A6c73Zbh`go9csSYT=-!^?neZ&7&)IZ*%yZWYc)7e1`@}$4OrBI_ zG5+~Qw1?uJ4<`-pp}M{N(3n4~Y%R=PNe!!R(~E@UO|T|@zPy_qWczV6e@MfE$Ib~l zqbdTp)(5pe7|Yb=>jiYK9d8v=p~A1-ppF#fK)j3((f~AQfj?=(tCL!OJF{YBrT3-+ z9uZQ(w1p=y3UK+kmG(=_WywY=?I^)K9?Of#@b|6Ih=Vud)1RL!YV z9W}0rqQb?Uy^ELb1t916kd})1?^HScz7)%ER1an7$*g5P=my+f+`c|&DQ{*jV4)29 zqJM?@hyk<;TNSGL7B!2mojwfI@R$k24XRh(SwvnE7p>mT{MUUPumByB_+}t+ciLE9 zG4EqXkd{T^8^+f^>uVBAW4`r7hVzg(hq!WN^D`HTlKI+)?tb-ADgtE_@6Dy1ZL2Q@ ze+iDpjMisPLce+w7Y=JO^Rz{&%`RnqD?u5reXt84Bo z#?#5RjR1%GCL``-i~Ub`IL9Gl(KWTTc1=a)9B8Q@wud$#85^CzDyZ?f_wRyk`Mea< zuU?T(x2*~$o{6_>ulBr`p7VV~aR49>#y5x=hkaV(^S1avNSPkJ)78*o70N(PBMG|~Htxw7MDtMH1ekr5uRx=IC$&q{Nls?DGO9l6y1ewL z(w+k+zyCEKZY7^9y>al~-f2Y|7k13!o3|?Jxp3?q`DnKIzvm?B-6@>ayS?@t(=}Nh zGN!{2J3cqQ6V^X&LM>=U`Qw&5d6N9nO>xOAm&xau^Wh`yK!fA^5D_!V(O1CJ5T5xZ&aZL>2=N=94o~F5u(FXX*K_u zZ#uTl_w2+pLK}~p;1g3X9n4Yn{`sls_)QWKW2&Rmp-yfi>vQgh5o0RW*QLSaxzIw7 zb`FjqJa6vP>yyYztkVFVd9; zq8@>X__d?Gf!EWg^&cK?wKl%Bhqr5ltQLYWOq&eHi^Z`SRLglzR(hL5^9y|ZWoNIR zwaWT>(rzRMcPu~n_o2KP+{P@brLzmMog8&7_x4_0b;hx{yf*NI+~+nob5`~S+MGit z-MM*5i>R>LWmxv<{w;vZ#>CzG7e3o&?X*u>0gGL`YRoH4^kZqw+IzIES!i|jSPL;m z#?%iE%CleGCliU)1Tx>SVS8cWKfK58jYpU#h9=9+92}l$F-gZ92DUSdG}Kc=h(nZm zk3G4k38c*vODi&N(xg$gBIv38bm#D6{VQSpMC;lToxq@c_xrp)da%%D+z1U_O+D4? z1X^2Q%t&2HTg~~rw?8uxd%)q_m5Jzgjs%uOG8oYm^JWiiRv0g9Q1d$f#vh)K2xod? zew*wMKxf8vy5W>0P~ncT{EX*=HyHBSdtx1d%!F=XO*IQARA>`}Zm(16dcR(!Ju%T~ z3e9v=Ou?deHsaif=nR@R4!>{mqw35@m#n1*AjzRxh&0{oH{KD)6$790)oPM`t80j( zSRk5MyiH0bxQKf~$N$`&=&M2T&qNctr3E#qnfQl*DlU+wW87Gx+nJBk4V3SV1n^|) zBpuV@RP+%wLnl`NMw%K}PBlrJfgex8p{6Aya$8Z#;*Iq>4G`fY=9@Jgu2snCRHLxS zY%7?HUL(^7wg^A&`#9k=0Ny8*D4v6{J0ktSGzJDkat^6TRE@?b&jX%%KOVj*RuRvfx zUV7WrI26wx(@l(dup(zb1lrx3k zjYKOuyMRM$re2d)<6Rj|ApcEv=Q%*gN3BfeYm>Z7A%UNu(4!74@(-(H-8zBrD_dFO zklwTuuI)Bix2UMdO6)3_Zmb%k=04*1zEcG(fZu>qeGalbi;6WV@W)bzWp#E}yOb<>8xrzEzbzrHMyunICHs^)Z1bHJwg;I(^FJ>Wxk z&dO%+Hb8AB_ql8i#nxVKj6z6OYcr{7KZta}G>Z;<-o}@)GBZW^ApYC)@5tkdxBi+h zoyv#zii2T{(v1BUJ;VJLfRQyhOdRVbb!LAc?;Zjsr(b(Jen+=5pFZwMEI%mgjX`jC}%XX|l$lr#N!+@GHZFtse>ddly0{ zqp`{c`3G(!mL(eB5|RY0@ZI0D6(;}^!gj!+XHzT(nz)+WZ1-M{EJ3H0w|ZjXjlPHX zv*a_pCWf7@YXt9GA_!X_xc0|Jabeb9=EK`Umwd4d!bZmmyLg4Q!O7mhxF~pvl4Yn& zQ_^Q)m~=kk1{-Cu7%N=S5A@+}0_8a~o!&|dkg1O|(rWXgC`W)Zwp$2Ihr7(G(CY0aRj5VJaXkYr)4|=n~#^uuWnzI0G9Qyzi zd00gQvg5S|s{FOa9GIy`Kdqby(-JZ$M~d6*1$nsK?E@!1fY_Ojy}x`eSw^~5*KBxG zx6k5v>r{Oh3y%~wQfVR(zdvy}@e#$X8ss8|Rq!Q&Hhll~#!7{_IBTBFuBmxH?0aB} zxL4$HP~qS}RXaWogW_#!ZtsKj^>}StYG$LmhCL`$L7_|4+p-wSnOxZ0b30DRmPRn< z8O{}7@(#E@e7voX%)J&IwWV)2aHFPeXj$4y9df1dGVizup5Dt}Vj~aTVL@w{{Q=3A zjZBGu3EqXB2&Pq8K~um<$EOuv4<^uV-HYKvfh49{ena=KSkd9u*S$L&FR}Z9n&{r& z-@uf`;X`>_NUKR!ie|BLo&0LNM)hO6vg;VydzO&0X#?a^v953axTykaDX7(ZXb3(mG1C_{h}t6jl)GM)S<=i+7Y_vDrX_N z)o-52L!VC!@8{$g><=)%GBcnBv4%E^*~{qB1Vb0AwvUNZsumuRw zIAnAJ@pPefzqlp4R-CZ!Qr(T1x{H+w?|PH5;oAP3w4$iCP@0a?^uav ziRWqM#hvg*2+=u)G22Sda1hpDYi74i zzMSn61`*_9a7`%>*Rb^R z`rni&+}N7tVd*1oS6O8wVQ{ggpE`{)HEOz89a>X|DQxWW_oBqMeN8_nC4G6&X7Nv* ztH~8BOyIQb(GyS&%_K&$#tiZH)-NMB(r>^j!a>gF&$unLmot?8$i(={xY?kmUL=Uo zotW4Pozx5utsY~u)&ympT8s-w>ZN=xez)XlF4(^1E5^w4q_2zGwsmqRozlb*%^|MFxQNGo0CG5&MAxl&?;ybN9*S!atGOB!;!qqTqYcPD$$RTk1CDaEfHubIo zX`tK`+PgDFZ)TyNHGHI}5yz`MAZeQLkDhNG_JV8CxZ9pGi-Z`bGA#yw<(3ADYslag z(;pv$Zw5K1%z#TGs|tQgRnVykH)6{n>x4on6ff9CLalyQsiXOIL!Wuyo4191__u80Dz-3vT$*sOiOny^IOxLDc5JTr z#CGBPM}qm4Kk`NlPCl`(!;@O=x@zi%JBKzZ<+SKf5I;gYCM*jof2CYUCyLUMgIFzj z2~(QL-HAc&BC-o;$aFz8EG*q`G{fn^SWDRD7|Oy4Ey`;LjWGDQ2uKd!C)nRqy>I9= zF>OTt{c(3wZalkwPx)uGEtv;xzC>?nny1l#R(6GgWK;=rRQblmC@zNk*}3wwU3npuTR=Xse&?AzPu8Cy1di|!r+HS)25&@ z%Gc@<$V|ndQR>`CF6|z$uKqr`-Lg6+k0ISQ+|6Cdw4-IMWxMRZZ)PgnCc$a;wpHZ) zR_$=6plo#S2bVU}%Ln|nM1Qd|1VGsn0l_CBn7R_x(JtiM#8O0@oF!&%_ELajQ=OXq zM_78-J97-S+aU5SH`2d`WfoSU>$261VpF3OHWfkDiqOi*DBuN1E!L;ud_) zt`H)T5LcO~oS?*-z!()i$ayVZJx>%-EKqOP+(Ts2R#QXPqc4L2N!+!O9%HX%1EB+hM+sT zr@W^A9m*=swjC9^J#GVZKiq1+9!a8Le9EkQAkk)5nOy^Pnu&GJ zocWN1%cuj{-o4VHKy!;(9IvF;pH5Q zn^4&WdgGgiX0YZ{H|4Mc)M4^C=EG_^C4#(GqIJ+|@0p}AaAl1Ywvk^jQ>^2XzM6*t z*|dllQ-9P6ht4I?pLSJ1t27EpoIDhQ@?SyrxLtT$0EtGt&0H*zW;X`-t05Zbjjgh$ zX)WFIVO4U`xm&r>2&oT9V16fIAHylp0H4nttu(5nS?L)%Tk4RS=ozT;Y(Iu)c7QQ_ z27xK#hoNMCO9gLYenzh*iYPBHKL%49gW8DrHX*q6N*LDNHf8)>>~hS{COY<;FW9?9 zs;nbECd9h*%0fv>BN*Yt7u{~?V4!XNeFS!CZm?t!Mu4vG)@9#`fNn7e*un5GpK&WiI*8_IpulE>A3S$MdQb5L+CS zDJ}WU;R7@yF?sf@*h{nh9|GbZ9o=-+l|Q?mLUuFZR*@&TuvtaOkAM4WGZbfO!+;TY zck)Iu1~KO8GF_6T(Doa32Xzi(o)JSwfklChuCKmlGN-wPQj&E+s}qCa<7V4eS_Tni}b8PH`AMQUqxf=x-yjh`{jv9r=oZ7 zKuw{Gy}KmF@;?;wU%ki|cBP#_@6z)l@PcBu-mI6l#d7?DjnMYrrDLKVrNv*29tD zH5;lcL7J-9D23*c0qu6|NzFKTjhp-3K#%)de?)|9DSgV`D4sQecEU7+soiny(cZ7>5OE zL1)nB)~+q9`l{^j(ai;?od7`g%E9BcMTHoT3@lpV$Od&zA|&l}d=_zY0}+$)TO&It z2m$u(B>c4=Nox{TjLm(UppHsgdGRP9WIacCJoDu^+)|&|Vj`c7#gE{_7jW0SrpfuJ{n6{t@eJeFjh6iiwLVyl4Px;6RNKnSgG@0@2vrd2V^*Nz5YKsle#BOy135u44z&0j;mx+?`5i2g z(g(Ar6URlG+!rFyfOquBoviUB&6k#e-H zjDIRinQ_X@ZWHqPG8Nmlx^jz#t&T_c0O#443OBL9)Q7xb&;Jrco}dGf>Lp`2H^wEOFs zgJ*DxBTRxA)xuJ~`{b**!RWiKgQq3Fn8&;u)H?iSIF?S4_@($f^R#nNqhbyR1-UMi zeAm;Z03PYUNl8-&bL~&|=2!{bwV@L8N+sBToQ)Z4gC3suLRZ3&_wjzZ9oWT?;gjrg zZ%g5}o|M|&&elJf&D~_aweOe9AD&&Umdiuc!skV?-;7qLuAAXG2|p!f;Vw!uHG{sR z#;)sAtKygv39_klaQ$WRz^2zSgetFb1HZ#sn+09O?)ZMh0i;@1g3I>@hUFOc5u+P6 z#|F_eiez27eGI>w_q~ecMVuEw_m3seZ?%Q-q|Dd7c6lscHHEzHVft0r4%V|T377vG z>GTXAWeD#O5e+_Za>`Cf!0b5i#9Y~B6Lj8e!^$D}`;VTX^_j{K$LzU#Lah7j-97e* zq~+FliW_6C;d*Oi*j_7Snzy6wx;QM}I{v`Q%8Q}zYgPL{+I#D$HoN_Mutq7gz*`6v zw1x$Dhn5y8E=h1G?(W{w0)-;Q-8~6V+(V(of;+*TLXaZCWgg!5-aB*edcQNjwPya9 znRWl;SxFvFPLgx>XMgtI$NWRurFJmLwY->i9Pz3s`EjLT*agZxx603gZ^`!~56glq zPSCjb4aqUP`IwIdc`@y&met6{46@P+W~n4o!-gHG$sqb=-m=tO0zD0zUQB)+#!jx| zURxYWl_M%?hfVGIK;b$ICsQ#E`U%M5q z8Lc!@=_ig`?*(dtVW1``ZdNz%j~$FF(>*CO`sSHvQ$OkERZ+Q5=HvBh&!&EJ(FgEi z8QvJ_Rl=>Iv^-E#*_+yYhz;y$L_aUS!m%op4)Ls*u6f0n{aKC_T|gdk@QLKTU(cDl z@KWq;B~(S?6;cEQToHLS)OvPKt454$*kWIA#oRKWq}t z(4FkYXSbW@s#JRKUs3~O<8HEYa>PaO(jpuWX*MysnXI%dqxxmDV>IRWegqwqTQN@x ztc=HRk$9{x6>?%%yKZ;6`ts`zGRU7C*%UEOAVpWod45V8 z+9%7+KTKrBDaWG4SVrUHb+C5xRVxatTD!$@tlGuo*e-JSO`E#obul5kK54C5iwG3v zJafixRkujvJQIzg%BZY8@rX3tsCWX^OZXC1B$0h*Gq->-&W$odq)zTx^Nu*14fr`h|rvTP>Cu(Dx~ z9BVzD_kRt!O=%sVJQ9!fY8`@5aW3U96}NTvN9LFJe5y+%5451JkKtA=bU^`)^k176Br z)xH^F_3}@(cTqDwm%2XRe3K9M8&!g<&tJy7Y+4h7s>oAl7>3~|<|Y#DwuGD1aJ#BA z=$8kl5%b$cm<)D*eDKEZA9(4Pm13vAZf>F&(NwR!;M&#SMGAA#4!yLfLE6OW{uyUY`k`+U<2Vx!J#W*xb3TSwj%5r$SY z%BGfFWG-Z#qCL-+JW}f!`|EWtH8y5x;~OtORBduEYA?UZVft}E(cL`+ zkM-O>zfr`7VMSo%s=Io)0)h(EKmYJKeOU`D8PEHYZ3i*#i-X_m@z(8E^Eo{ju0AE~ zJ|wrot;e3c!{KW+nFJB*fC_1+clzp3e*CF!6-J8j*Ia&Y3>`qXlU+13ly0{0aM;I> z#<>m872MGs$ggKRGb|@0RL9=j!;o8v5B4VcI-c*@P|O_Ophlj_(8g#k>aE$m)l+vm za-$-3L><`r>EFGq`q|XL%wLdo8dkR%q+TekefTx?x?%;C*H18y0K2jEGP=B~w|OPB z%s{3*ZL*?7Hi+#G?AwSytEW`<+KiFnq0r%ac0bK@_v1LhInbq~(=Pk){roi3|4r#^v2xF8CE@V{A|#uSicE2Y!v6i0ZkU#>Ydy0?Cqw zyqjZ6BN4ipDDJkrvmvCFSf43=b=pJMIbkQh@o7Nb(9VL*uRoB{^;(O{cu9SN&JKU5 zIdZ8G*XKRzIcj9{QXN;$lgl3xLVi zkJIpLu|@tnGpr0I?fs13O%Qf*A4n&feqr?`7fEr%WHe44DtqE+Ut%CzY50T46~ zxsG|46do>Ung$jdFf%=tI5|+`FVV~^>E^@r@dMYH%Vukxa}*empDadrJozTV3g z(GHa7;X(1$=(D-Zb*Es_na8~o4;7c#+kuu);_c?0nNo_;^IKJUbzmFzX=Gm&65^{# zdw!HpKrxDC85eSxNVT`Oh8NkCHox-LS|CZ8mc3pP9gSk2+h0s@(oy6QNW44oz08qg9pk7YvGF*H)jBDcok08 zX}`LWYsvg4=e;yf^FL|=HfP`yU}EZ5e;zYR9C@BsstVM{M=yZ?DJZrZZa_midlPZh3&N)CccZ6kj~A z#OAKUdnO?cYj^0R0^nH5hr+&iB##l}a!tx>E9VC>zp37wEaI&=$g~edQ3(*>|HA+bB6BX*)Nf+4*-CeoAKN#`&yebsI{m4>< zYAjNYz^?S$j5weAA=uHRvWq)M-=Sc-%UZ}5hi0wUrfn>f69k_QrA2RpR@MnBL~{=n z=_MBK2jrzIWtzIkKwN95F(Fke#~M6mwn`ppgWJ4AUn=uf2bTm}Q5OPkJTtZnpvM%& zoDoZjtb4aMI$(xDkoubf+A-k0a2d&@Mcpa2B5G_3b;Jj!>tRL|J00i7NK<@8l^HKQ z^sI80|LOv?alEMPq+95z?y=l%58~xyJbi(+Vba+^DD2Ee_Jd*-aha$UP{G9? zkSd|RhQ1iDO6pZt5ZKNFX;^YM`nJ+Q7910@ZMjm+qBNv_`g()Y!YYkgXm^?h+OQh8 zg;qgL%G4(=G>9I)|DzYTA(8LNSakfh*Z0zjW`gT@EnTGyFc6 zw735GT*)O@1SW$lc|;UE7MjlhM&^bLUKqs)pdgaDu8@?tyo$c4m?L+CWM0n?W384U zj?izt>u|{YAgMwF^Q*@J7mS*^IvG<|3(FMNLV)jpNkG9*TR``%(gT^hs-VL!I(tlV z0aJa7Vmi-bjvNb1?2;*ZoGL?BUobfq0L|*+nxHbMi+V&1$?D`O}$p8uQ=N z9_!v?*11zuOSGkR668-yFAfFVT!>W7Oa8!fA=-C~U$yjXXnH{JogsMN<5DIAsTZC3 z0#PN#r#fFc6x+C_fvx_){RtDdm}deni8^=&<~kbag37EpN{K48uBiVco3d%f^r*Yr3@Z}SmO!owhW!d3)obfvB9#Q9D1cC zr&dqp#+Dh4k#a>+)<*u!wQ!|PQM*X+K2mj= z>epBf>rtC1q8IQa7+R)DH983MCI|JY z`TK-#YR2Uq9U8`(_*8xCpt2i^Il5PUJh$;0STFq=OzW8;+6lQi1+vRimv5yv)qGS@D;ZI2C7B|x$RPFk(_B!PfK3D}iNcig}Qxqf+bkgtFk?2d1 zP*P-m9kqR1)T?%~Nt3(OJM#1CfymsHqyEag+{kek7x|8A*`RvTt(t+N+Qz6D`|R`j zLnY;1-C8sg5@Is{Y&o3&$H^%^-o?ADDE4H!>JnFKfk{b5&v%JszUjrGc(E()?9dSi z=Es@8zr?aHyHdcisXoCSwX+&VCudy3;wB57qO7HJ1CcM{`{Cm`YYBU6$#<8Gtx5@* z$QF4zl%>R+tk?JXmWr2jln*QpKHVW3r?{K^wQ!079K&N<=crXn$Ffo9F4?#NJ85B| zo1!wwyHBSskvP?72DZ~JGb|}*CrG{Vu zIBj(cu9yq?x=WmC<$_&x3GBMreSf3pvFOIh+_k%uI%zX1d0cdi8wqGJC%$9*z`+|% zvGv1SBg4FGbb-c|?@VfjdYN#+W~bg+}QZea*v?$ICR&vhtE)_4=q@FwbP5%t6pdPYwA zH&6K)z#id(4rSW$o-k8prwGCO6bsw8dre2Yx*(6qbIq|w){1G_MW_AAzhmN)e2lYH z)B04J13d`6I23AyB|zLldM2+_WPJrBnMSdwTXgav)#7+5qIbf>J~3VdLjqXS7W_a; zp>oCTa^%~+{clbOlZ`&8B$YmqBhw~IQ32I-c_mvNOpkcTa^tsDv{safn(@}O zbMBULqA8ZwRva{~6tt~f8*$q0^^s1eBBVc1r z61KW{YbOG?g(fkzmA5b%btQBF*5T?IN~ z-buIGYC-v-2W!NZ)WGPHGN3MZkyj4Y_t8OZoWKkI*1S5=2(2_zOS`Brjs_EBM5*rl z8rL1jZe#ZSb8M+=MJV82ia}(ZGMkiCZcW+Z#&)WGk=58LX0{41n(0iX*%4+rarNP! z#^?R>+0O~C)R;Y~GE$afawE{>>cWM=`?8^g(6KLUu4jZaT(Hu3-^{_D(@iGewi%7U z1R@dKm%{AdXB|Rsbf=6S)7ukn0@wmSo{JAN4TsIJ3o-5{8rEy?vZNLhXBL8yy+ixT z+*?v!FPRDbCSL)DR1iP9!SFe`7|+|aZS~355xUF%Z(JVz+EucPk(aj7e z2rcP`oU{O9j-}n6#l-;EhrLp$*>A6NOp8jrhPC61e-Ts19IdNVQO}}`56H0RRU)}f zI_3xT*=-nKCzeTNT#|K9-PlCa!cvF>)6T<0@PUu!KY)`RPrI!CXSE>wy>O58mfAv` zO{rD@dp@&W@-)U?*sY*wvtfs`PTr%>ILWbn>z3kkiguo1eyN@62k6F$8BI}1$EJ6L zQPqTy_3iA1Sj|EA_$BdU}Wa+>|md+6wC zaql4|1Ny-WCPS?c&uBD_4@!WYY=wyxUG##CMlOQ;SaPab2CCG?+`n~OYefaKum&y= z59OQcRq}6Z|0PQ<9+l7K|Gf7a018?_qC&E@T_NXYVOYXgUf(QwTPMW0x|Is@M)XmX zook{*uJT%QC%W?F)KZ<47nk|QkM*5-ifNH`?J!}TM<{7*(KDyGb>T_*1o)cUPbORQ zf|l(b$W}^cP<~`-?}f7VN%C44J5z%#{%njY3aOQRj}Cy$U2yWS)Zz^V>6Odh9NhYmK|z%wHYu;A+L|Jp~p?BH-zbSFD@-Mxck-*_9&y>RPU4Q7)0=zZu{n;qzVDgMXiNV++_^~S#ke3r1lU7-p+iH+sI%d zPL*F+o^Dx{+P6M8xP%|=%{z~>DXFx{!BiyEWDntn3qU6DmllU@$6x{^vu3eZKDbkU zQr&ebGShH&XY3P3o#8a1%d|ec!6GNb0e%?+CCDoMMtsNK8V zn9;1A~EL2@Eji;J7CjWmWkSR|4h$Qx)pG2%S;66{$w0*F*?1WYV;>AR8sYC)cGKu zP_We1owzQ#T(+1iZgCA~S7-8W7x3s_>c7Tvd~^8w6Tbfgb@qTPR^v8>4E;&IXqeT#YAz%~k(%jfB?t+s(tl|Nh7Cbu-31sy#E%$e8@@(?N zIJ(_Pw}mfec%cM+Ah-aB@~fwKj_j<^O3W+&Vg+UEFU#ciXLrIC@T8azKBz7?#1uCW z?Kl!~3hT$n5jgF}pm<)ZRM*L?xLK3ZR9ik%sKILIe%FrXU0yjEc2C*r+8@c#;EnzV zbgjSU^nFL2|50h%BJ!(Pb8AZ?!4Pi!ns)IT=7Le z6Xe~Ijm+lVd%-G>GR0FxQx6!o3qpPxYYr;e|LP|RT!%#O9RI_N=#))!TH)QQ~CGA8M?-Mv+R z?3;U-YIin$LjWD)@;vAgTkK9J|5@cL(~IczFx8ccHS{#BNePPBk9bSiB%0mR#tHn+ zq~9=IJdNNg$J#X)K;{jx7puUVpM6bKa*ubSx2LLc1m%;Nr;O=)$hd|-dVet65+T$d zEH$)8g$glYVr4DguI6o@RbPeA6+bFBfg!BzzAZ5HjEcAg?=r-IkD>V0BG=pB&yD+k z#V(LrT_}7Gt_qQQELa;Awfq<7wbwCMXv5pub9~ucAFK_;)5w8f1UfH>D|80GytaX;^ z7o%9*AgJC!o|(dSOriStc9w5qHbg1uS&{U+))(emZD5b}i8Kap{ZEVwc^W2)_n=F5 zJ)M%}n<9{rFZoARn;iwlvGUz&>qVy7I?=_S=X#SW2l*pmyh2i5&p^CIkZ7ZpSYvTQ z<_aMtweAYt*Uw{hl5!f_4aqgsGFu)-pPjZ82q@@1%DhL$_#wLRwb#XRg6NjK$p&p^ zqPWli}jE!ar?|2r(t zrbJ##={Zq^5Lbo?FtnNnR_9JgJ!h0xxk<%uX06g)(m2ewP+>7P_sDzsTELc0CK5^x zKi<9DUJ|k}wmjoe`mA`vR*3*Wu$x7?+YS}(e5@*?yJ06A%=JMxuj{f6;GVZz49~H- zre`l+(TRVNd|vj}?Ej+t1_Z7`=l|UXlv3WziPYEsQ{1W;NM=bj#9vYU5A#rX$aDqV z7QQh=JuC#kc%D~?^#>Y%YEv0V!mi4Yzx5JTcp)tN@GOn_al+ zy>D84gqI*#w5Ko!nusj=Nz7(qT~-e*YS4F9UgB3hZqjH8@*R6+}~y#tUBO=wD8sVT^CV|1+Oscl<|cA#A>D4Lxb< zc0*z0Do5l^tzmZ+ACGFWa30u5GuKWThnCM}XW47CGgS**5R!-Lg-sKsY{GiE+RtQ8 z6Reti?cxbsOwdKMN`{L($JMsfGu#_K9qZeazU|H?c4ZO6HVR|{Lz?mM2)TEik6Nu)WCY z{_H2h;!8v2ijNI6c6+u8Br@>MQ!3UgkYARpQIOm*A%uoD+l_4?OogkdEA<~+-`>(I0{rFB--y15sg{R1ZX zJ!rNtlGC7X(jEf!V4(L5L^Ss-67xpaO|pd6)oyKyHM4CY;} zMU~HThEQ4d+T#Z@?<7iGIzEE+1$el?_5fQ~=+KyA*Fjx!I_ zm<9$0Fmd%?(g-92`{(D7w~&r5NibJ{se?iIGdn)KW!+lGhsk%U{sRriH08Yf3l6Il zOq^4~^{Qk9Wnuf*>ZM=CnO%iA8OWl_>r#6zl>3RErcxf5dotx(tsLaU@Do?|S>-xsQ}*7vZ=I=-XOd7&|*vB6__X(rg3SxESg&IoxzF6PRrl0U16Z1dIjvh zz_Pr>n{H*5^!;)8+_?PLEIV1{`ILJAwQCkK8a{o+L6`!J<>!*yyGNfG=P~lN7YWD; zll+CKPfT;Py9wOm5~pQv6CL$?R9nUqe#Da{3kC*#TRhECt#zyCnXW_X*hwd1vPeO& zCQeP>pmr;n&?t2?#yuY|@d7rLP8cxX@{5|$#hpZ34-cnpox|krkH+Rx+nS7t(`6US zW0Z2>2bu1zjLIKgJq2s%Ixjh4L!cnioQ&_;z%2i`Po@2bqi%y?PZI&>faziNC#DH? zxdg^BUKCAxzFC856KP5J_*(vw1D#4!w+fs=A@ZiKBN27BVn&gMF?ameRqwjt1! zpURRKabKRBqf?$F-r%s_0bORh8+IS;yB97@KTa|ytor&{qZO5s)1O%mISM zO!H{kI(7G)=kmT#E{#~WK+oK3CAp`bgNay3M+^?<7KUtk##r1it09IBS)QJA3Z~_U zZ#$TQjV|x>obCKkAK{d1C&KJ@D9lTDKw7UfdDO-EJrUulop=NP)3H*wNI+`{OHH|L3X9kbi;}oe)Y2rZH-@ z*iz&mjeF8x-Ba?3RNNJZ8C(*F(f$6`dE($BKr}@cwpiAaU9*?UbdY~eQ=1+-vhke> z?N##fm{JzrffDq;Ic$iP?k9(T{I z7Vl{q^1iEn9}qeb8RFFevPVUpRr&#xk>zfI!1Uqv+jS1`-fs?%DOsYhQ6%q*k4IWw zd;JpEq9m~bq)jNok4nGDFe^_irl3Y;4SaCu(ve-J&XBxT3wlUd*dc7%scTE384t7_ zN6mp19B4b59hO`r0TQV3o)ed|G_l)GQD5;}nqcHk1Qrux(^oDxpXmTp8RC6mV%$8C z`9o8%Td(n~o93bkaxcs@hG{#J^8yEeykMu09;(G|m$TCk>*yFOUu;L_f!(=$CLCIz zNv)G~mQiUV4=u(?r)o`+gv4@!B@@BQ6O9g|!+`yo0^!iT)8SXr@4Gs+dc4=rn^hw7V`I zchf%aNQvq$QNn(IYEU5oa>z7(Snf4)OBgopRh`^E7U!Sv?mgqTbB=KftVfGyuyhG? zzQ81xw>Mm}bR}op+MXgh_!j8>!_@umMz80n8+}9BG`2`^OiS`QmGp=xbylJSO2^SZJO*hDjI<<_aqwUrEcmUz*|_hvjARx zX5!G)J^MC)O5l0o%~6pA6YYiccb$8sdZP2`i<|7NUfI5>c6saAUDIiDAk@poK+s`D z0Qk=QT4S^eJ)S;qvJI$y($^pknN#4NltOFchRlt`IkY{JFeGIgHV>}Z?^3%-aRCOx zziDKaL+K+3AM~j%7Nu29wB}P!DBA!pmrKX4eDkV z-8r0ulPfS+-LfcK;@z;43j$dbGoY8m;q2~*&=`^kKlt#0kdW!Cmqj7GC+AOw#;TJf7Wc~RO+<(4c#GHrJ3HZ`nEK4*8CVzIN-3s(aU5StfbdzAzr`wXp{rwFJ6Qu zj!h^B*uaHUjWjM3i<`M#g9Q7(0Jfn?Sp*Nh_Jzlf!1|c*Q3s^+<7Cvx*4S91Z`G@mtkhno$86kJ9+k~}PvRO`n0z~7oTWkc;-X0;OQppldcDYktgfY;|V>2$u zlvP!he}w8gSKe2>xB9`SgQe-xmH6^6xj*y}!Yy(ILy9_w_m5-(CgXDuhjED#LQ0Q= zn%LDxs_B!SooU1{Ic3RdUMEP}wJ*yOHIZhM6H+Zi=R(2mxxO@mv88N~@}Q*Sw#VD! zhaU+&!s9N(-Nb=P&=nx-!LeS|azhXK%th;d5Xuq|-YvCMT7W(P&2liNy5Nbg;;Y_2sMRxg7|uYtarLF1?54KjimU|TeTozrXRQZ z4asQFfove~;s{enM5&l|QCVYiNIH-9-V_}=T^YWlewQ5B!WX*yK`#2|hjh#aI%Ny^ zr}^`t1ca>yj*qjM)nyH@84SW^JpB$9X?bqhhOTB-FM);{w5E7Is}a4%4qsqm$t`nL_gkZwKb%stX`B3ARsELT^rj67BCfWG`slM%S-+gNY%a>i=fI^`B*>h z6CUpMFZy7sxfBQ)_y?KrX7Lg5@_$cZaqPX_{>|5C)9vb!$BG3G^0WOjt`C8$-rK@p z*CBXaVVRPfGH{Z{wf5ZfBCX~ zD};tuZ|BdkZOPl=h=9(gPzunIoSmyVr9OY^73~?`pj)l$kU72gi`eI+SWok$HjADf z8$?V?{q{A8E-!|r9ByljBty}zECm&Xeoi` z_o*m%I@ENTBA^1J>Y;&uR@&q%*nmQOhN6%HZF$g^g>4R$ z%<2PrHAyieKO>j4JlD^V6QO#id5BBR^GWfZT^;Ui)1*?i01|n~$*JqwOiM#NYf3Ta z%^%BLi{T!Oa*`LE4lsd>^Ope2<6|6(soLD!N|dm=JAx!;Q}DGf!-(a9$4;^pS-0?8 z(T`%Y@3p$JT~!~x<-XFF zZym|Myz)nh1ds(uo3`4+RQwI!y|HrZ@yyqqy@pAW7Yh%yGZ62LJR-UU8YrzTTXoxwb6qyn(>QUR#5hL+q&(g z@fu~o-GJwsfA}@A*L}}NNo!VjL3bZ09MSwrlZ~2revY=W)$2t}dJ5W0IHe-Ac1*He z-~$gceKIT5kFlX@q+o01#c{nuabnctA#b+zBu2YWcD0s`$0S{pmkX|YRo|0c6+-zp z8w2;!=6b-~+sVDBqaHIyUxP0U;>tWw^Fj5%*Y6+bpqtFpYu^Rxes>pXGh{6svYXcc z6%XS(xLF>XUs?nd9xhXlJ2To!3omw(Hj9;Q4C11)z_Cv1F%sKVmQx~N4H3EE=%@{? z_?NBnGO*v;cwn55G9e&H`ol`&9g>t5u6lxnO>0-~>ZRs#Mz=9qCu?I|I%VqwJNQv2 z42;Lc^0n%dmEj@E`+s<8a3{)!hwaTSKH`Jy^LA26XX6Sui2!e-sUfB@g4$I z%l%&biqNBv^)Szpd-YWa#X|(go}F^RT6Kl8$>@2csU}%50py)LGHS*RQ8SgDb?6AX z><396#UV5TO4`5|c^nqm+D=|{O!IBP{2)?VPEKdSyS+?GwLPMvcuSi~hC(R|%}-f- zN!u%FLCo72j&j|f39LP&SqTFxjdl$jk|absxDl1Zo7cW4hRltJ{AWFnfNI+6`u8ZG zaIamAC69zOO@D$vcoUYK^{w3zQo|~p$gZT)VyBB&X&lB~nLq~-Uh0z28qnJlYbcYB$^y8$A@#YH)_~^yM zS;}@4Eu_P#qUZS20q{oF-q>6JRp|Q|d>qXdM$6C1Dr$w*{>zRlTiwp+bW3!ahznTJcpGxVnt~43YAupa*3m? z_CY2ysX6;QY?62yT@=VdH>G%6m*e>D33r8(PRQt~>%3kXqFbFT=8@6ZGu}T)$q`5S zT;Ua2Z0z$i?d9m5Eqr=ou_YB#*UU5Rw*ZoOh|m;{2hbf&uL^K*9UugK@n%OU2Yf{j zJeM)laTL{qySoK$msySHT&alAyu-`&##DcYBcK^0%p9=7E>h@8#>n@d-ZKrV5910? zZfU^-L(_^q(8`02g|a^O@D(j0`+I#e5+(^Pv&*MxooH(7xOuGz@WZ?l+ET+6zizdW zq*Iv&P0MIOBg0thi&U-&@e%|6#BWyqFBf`7m+j?ZRA=O4S36|_lKZ5?b#s1MUwT@Y zzARfok>??`U;BhPwTUQUx68YBw(tb{QKFpkxqO9fjF#H6VUPa-f1rpW^@vGP*o3%#h!0mr8F5fq7ds-_fhMr zT|;jUoxbr8J$RV`}!J!BH$ay(6#hs6S$^1*uHGxxg8CkJ` z*EoM7&6XI!WqqM;@(&7yZsh70IPdv-$pQm1w*w{+yWV}-d-t~+RrWRRd>0f!idO7h z(vkTciF$^__^vn%DIeGAb+ z%0=FM&btyR!uyCY<&Rlkj{e*l6$g~MvH4N3osn=^?D*4>t!urcle;k&j+qVA8&9{`Atg+FWy`!AMGU`LThGLmgtmHrM%XO5*J zsOu(ZFXPaXDh^xo9MaX{L%Ra45%QIEA*TM>*RNhj@t)2FrNUzB(~CdOUKxK1g?x8EsB9bI?u2=5(9j^;lBhEJ@5tDXN5PCBVnO-^h(1 zj>A?5pmuIc>DMnentMPd|0ZNcVKz_^C4W{ojag7F89`w(_B=j@Gc^k3HYuXDF2#H8RX=Vg10rBKle^r+ z@dRsjFy@N`4le=wgJ-}nKx7C&FoD)l_e-qN%4IiW#C~wE^-Q{_sRz~-R$=N}EqM1s zBtSI5)L%Eokf!J>1IsHWlKdlmw^n8YiRe=@(bgpL=z`D_*szp~W}>XbGth(Kwr{Ym z>6ZbmH6VkPyTGx2vQP+PYfwVi&Of)c0}B<8VlI6JWkdPT61Ix_o8q+xqWWpE81z&$ za{TFq?Hm#^Hjx-5Xhl+}3=L~Scv=Pf&>DR*hWD`K!l!PfgfZzou z-@h@k1NPz4i+o)qz4(*a<#mH&y3Fs9WOvskCLDdd&Zv+6PC4XU2flE68+^c7OVS7aa*4Z)mYJE*a7b$c?eP6?T`w|0ei_SNfdh z-AVDeonYkjmssMrOcf)Y$m6_FZJ-EfKWDm&Ah#wV_^a4=5~-%Oa=9w?BYbCt?DMew zX?}vH5yEPZPo>RQA|e`3GWWyGmbZNK^M2|X9$HZP2?7oKjN0-QK$!q^+c!pvn>oMN zEuBp7oa5rJSaaH0{nV>1FBoWh|G!K(0F35t-vX`vd-1oriN6VC{hy;+ z|NF?_i%V*86A$}dmX6+tfZS_4ohuS}x_I103&0WShid-Edm-76M zOc8#2G|z*@SOB_Gij(C#u6(%lU@Zt0c$5(QdO@xtJrn=$J>-Jv7Z4 zmr1_fKfpfRPGt}B-i(XphBe6zoYPKc@#{S<5_1)|__*TiC3nu>+dtk_w57GFRi?py z;n9dbe2Z_Ddr>_NFJ$5`PmB0+h^Qt$0>QDB%Qizgpgy&k)u@WAFCJTgrgzC%W#@J-dOwVUeQ$%gug z_Og(>gWq(@I&J&*gK3e5a^eSe{WtV~Ax9=E^ev1#BF8!j!x%Qm$azR7f9-pIcjt;2<-4`P&Ig9{k)!}!qx44V5owC&f@55q5;L= z@_Rnxl0mlm*~HFUE%6Vr(O#r6Tvbg%7+zo9=j~u0Ae)-X_;CCX|zqm#Bp~bKqH$++NHT%j7#!`c#v6AAk-!m5+M+@4^@U;Q`>SN2t>P+?DZxz0} z$@6q-o$q>=OJRjqP+T{HL?e|~1m~uu=dr|ld3ca9WQiC((+oMD=Wr=ItuP*2AlLF; zy%TnCyCm{*Lc43VM7dV9do^UhbG`LWQRAhO)=}_uU)A=Hq6q=lg1}QY&1%!875St> zKw{j{rLX2?`sZ}ERk5q1p-qFLZW@Oto9bip{EW+~JUz!v(>@>br)Tt2UAIRas|h|j zeW_@Mn^2|BQC7M7*1F=2$CnsMGn*z5XyY+g^z#o7w&bqsPkiik*REU&IHwQcs7FK$$XO2}kr0e1| zs`c@>)p!pstDO#6pn(S0+DkV6sF|4S&q)6+`NrJ*4+6B(J66TI&;4`8E!TrA1-`J} z?g`0A{?b49LXh!DBGTOV{XJ*W;eu?jPYZV+zA$W`we#%V6ZtVO@3-YNJ2oeACQ|E! zAdtQ`7aCkzn=oq|j>5=xU%EeZD&O4sJ*n#bXy!}462&u=ci7Gl=h3+u%L7DcK1ruY z&2Qyyo9RW3k>SU&0r3NMVvifCOS1D3ROfcp3p?!}e%YQ;4aJ`P@|{s_&@s1)NQ>JG zG7cAA59J^EX3Zv+hI~WZ3ejiE(~Dh{Y#*R$8%QYhd$27HZ`#=rR^N2c33J2=pZoB+ z?lIS{2;6uXR)Z1@zbx@fTh#d24TM$9wE<(kruqq3wV7J(UwaRlzjN(n2+(tUA_=Sw zU!MUVoebwSs%w^?uFu7jTx-G>TV1QUdbm{|IDRze&j00$?*ohE|KVvar>FR>Ko?i1 z*w)C2`6uvi)dkmEy}FpKn%rDn7k~d&cc27%ui)6NcG^;L+$-sYw?)AAbM399;+tZL HcmDqyI-yGx literal 0 HcmV?d00001 diff --git a/images/IISUEntryParams.png b/images/IISUEntryParams.png new file mode 100644 index 0000000000000000000000000000000000000000..a05f36fb7c5343f76018951d8e3c0679193e09d3 GIT binary patch literal 36638 zcmdSAcT^MI+cwH$LsaBZno=Jt3JNN{MnypB9jOtJUV>C1KvWczs?uwuLkf|W&?6!s zy(SR?gx&&#mIMe%KAzwEp0&R7uCvxT>-+EgF|*g6nR|Adz3*$Techjo4RyHB2%X{J z;NX7t^oc14$FbO>19|$?(UotLM#qklzXD8k9&=Rmi>w@FPPjcXc*Ma`nRNEh@#ImS z%kQam00+nUwttVmIzeSGIXDulpFMeG{@P(}lE=;>=pCD_$SqJJ;C{1=KO^h2<#V$( zr0e>Fp;#ahbx&E!+{|%3WjsWpjG3xW#I%mzb`Li5EcxQ;`6E|kxpD5Ds*2rRvIB!N z?G#Hd$F%kE_>Fdh+mX-!%3l|FPL~zY!ZgIJDEk2e>hw)zdegvCxW-a+&82_qt)kS& z5NtkIw!P_&PrEr9ohc4 z@UO}Ab+i{U&v*0uy?;&a`ki|#zjoRke3(SB+uk3elY|f>>qDglOmHvB#ch+~e-JXgbBx39 z&hr_Hl^FQPEK9KYwHHF&Z_sha{&ig5p;kfkc$EE$iSY!m_DQA{auiJSTROE;p~%+4 z*bkG$Hh$3*se1`GY^v^?m$$PEdW%|z-Lh-u6(P6=Stt29+Ot>fk%J1x-19HrsJG!iK74pEKM8ZhW{DDH*`yj8AlZJUf8!Fy0~|Kc0bwW8~sEN6*aq%WJCx6G4*9sG&V*@&w{PU zK^>o~0}ZFg{?XFP8)N8wj^w>44zc86cAw{Wj`8RSz^e?H3^4+BXT3(KFKG8pO1@HH z8H5I~zNJD``?(O!e?`g7A5M>yeTkC)4O8-(Dn+6|cuTMOdHC)GS}iohg`8iblpyMu zkRtt2j4y}&61{YspGmawsmaS;|Ln=MpE{S8yQC{Yt{|>enQbW|5oKo1e#`Us|FHqE zYHvHQ(?0DFIQ)Ib>*k(>dUoXR8bM$NEG`kfD8jLs%Ln$7aNI&0J}zi0Ua8nsxpn^X z1!UzbXO+*QZb2_Zr0{L4bz^BdxrWr#|EiJd8k*0P z|0Vfvzr{(b_2e8pKk)edfwPlSZ1KA53sf7{0*^+g4s~2(sb>>eEL+SPj+^askg33sR90|gAZ%o&DhJkVXasQ+)`3?J33<_)X#p<@%M)~a+BAeJ;>NSJ!m&TG) zL%S^b*|xP)#9`o;l|uQp54a`x7;z(pD9`SA%ny0NO@e0!vmS*^VF`JKxt9T^LlcgY zhF-b!!Sxmh!{)BFF{0^Yj6-5VUTEzDc4(C}$cM2^DyOq*o?s)2Y{C@Ta6vKo&VO>=6B@ zKgv{aoq66`!b|nAaqK)+IWRYx6rQ@lV3&w_ANORTZP}YC!y5|1Gcmlozt^sWQ52zFefH*31Xa# zzx!G@MBTl+qwMVNZwhZsFdlNM`{x4NzqZ3S6yCPL2!;&MB)k?+IKtgNEwX3t?!(qz z2~>--cE5P&LcNcL4rpBDm_9N0x_oT7=d-)=h7TVd1kuAbmu?Pzb|0%Vi`&3FE>I6Y zCm&g3=^%AoD4nz&;vW=h%%gti`bH=-seuAZyfQRgU3{iWgJd+|L{ruGPvXXSAW)hxlN^W39o;_8 z(b5wp%4em)0IU1c&BA`qY(1r2L=v4{J*VIyzWLUt6$baueAZyq6{zNjC~SIm~RZ~v2YMLDc@(4 z!6k}nLUKpKee4Cv69;*C7ianj^=6X2J^}V4o*HL}I_5?;Khe{;m)wy!Xx|PP`D$-T?5~$R zKt0o~>h4Qh@9wd#NPwOc@Vga)c);#SxnJGX+trph=C+2e?sOlnd2x3!PYbltoJ52g zXC|l7r-rM3xEwsvZE)<(cZvM*qVKhb>*fxAY1t@G{5Gy-_q#j=Wn;;2XE~<|vD_HI zWcvugo?#7n`auyls}u6T3VR`&%%&pb+}|A2^CKQU1;zH9>3OR`#uF4`c`D@3#@=&u zV0JJgyEqpYwvL-_^<29K7|MaNFU0*T4MgJCKQZ)^;pe^#bheTlD8^a!P;N zw2oiXabLUP%%@(kLyKboc8ImkZYw!|sn_S>i;z-N=j`y+zSjN(01&n1qqAtt&7MhU zkWzhZ4BTHO#^5CLH0E@|?nr1Qw*a)ACE|yds>mdfA&07 ze$7s+Gjkxc^`Fjf#OE&f9WAnTS;^v|ImRdf=SQxN=EnaiS~*cq! z$Vux`mTrWaJ?2K{J(o%05$_mxx_Mt{_~UQfur$kM8A?c9jkuysl6piomsMrwjBIea zMMcFhx8<2BXId@+BYLjOGT`lvY?s`Cm69I$^2vth7yU=5Mk7v9P=a^q3<-*W91xCt z_Prof6Thpq>*Xmcjnjc5La&L`2J+%3PKu}}dT0-#KeWbnwofC$Z@6TaS)6#2Y@B|j z(n6-qi6Wyeac-n2TSrOb>&>K5Wyi&DjRB1cCmPV_O@Hzf@^~E&I=IY~Usl?ssWId6 ziU(D0>9S0y*BqEuJ2og&>$vZK*ScnRdXA@Of%t;3*VJqv94ywb84%5b|0cWkb`ECU z2uGg+b0;NO{`{3FpK_DW?!{x*n1>B>IJZ=}Wnc;)^W#mem!7Lg8P6^-<6Y}~oa;JU z@}8~4cynnby*X9V7wgkICo|Q2X7pJE+KjAlV%9*gx9c63LMEhl2c%4YJBA9pR!L??~gcc^_uW!Ipne}G$x%*cKq zbb196c7CGC4B#L&NP2pf1#FkLpw`GXTj&(2hP^0N;W7b(L+DFR&bHNY|WP48KpE;AiWolxNwN@qTm zwaLC7{@r>9Vl~trag7LyVX5@2SOx$58JK7<+#Et*I)L@?#?0+rPP!iWSvpJY{&U{F zuv$wSc_==CpiVgn@?|sc>o#m}CjX^FQZ>_DvssA%%B}nmgkn-xI@-PDNhvd$8UvG3 zRE8E!d(8LULSE9R8utz zIjQnG;~oQl(F@($5`DIXnRf8>&#K9WSP-7GnF|?~c5RN}b-bewS24*2y`fFQ0fr ziT7+KYCZK{5D_5Bqc-y9g!qia74%Ks>h&;=r85(st?Pw6Pv0J1quHSQ-!jF z&a{fs+TYdo3Hed{0hP=K@s3q=XYRk<03?+ZnUL@%wbDbf*~#fM=*pTLjhFFu1RbK{JB_cwl=9YwD`elL^^313ki-dlISr;0JZ<5Q z`IhQ=%<-yomk`UolaVEpDi+}|Bu)Jm(d)3x#%mp{plyr2GP&TCG~>2b{@1nCdw2gh z)NJv9%J&vhZJdJ4h3@GqUe^j?IDBP11nB_;2HU&7uBXYk-R$?UOI3w zTy6XJ%Y=mv5{KW{<;|Wu_7lgJK7YSdcPAn)G>9&;^zD*Vdb3jtki9?Xkcz*nnuaar zM{@rRE2y_lu%A3s3jBQYaPDQ_o}=HO+vK|i5(^d-Q*+xJpBIuQ3F^PdFLRK+$Zo3+ zYb6%BTjfM>eSa(??LeHVa;pw*awurhNejlNRTVDYl&8^Z*U!~2Uu4?9qk2R07#Js{ zHz|!$Z6L|oN9_)R5L8OY_cX*t!1~7L4D7+Io@k|YR&zfmDFEg0I(Wgc`J*tVsa#Mz zdJeepBLmZeGaqsvrnYo-yB|^PUuus@y-oiZ6}E~ z7&1aCa8MQ#`H&|VKBxPY{F}~Hy9uqddMtm~4G)aM;$6z#m0E^n1_4_zOaj(Oe$l zz67vk!n21GiW8AuiKcVCkA|`KdK(eCNiq+r6NM1Z(!~c8{~|1Zk$@Drmj-*FnZj&X zlWMx>vk&S&FMXBM=k4dlZD257_KlxaR>q(!`9Dx^)^OmndAJ%ux1 zMo!EfFQX6JD*av`@GdfvQne~|KAH^jHbjlkOF|%fFkW-PUi1GjN0ZBmoQTn=jnwVT z7xI3d2w$wnyN>f7!}wSp^TRmoNg%-cy_j_{=zCgCbx_{r!T}<7=})U}mKdC?try&a zc_sy%5Oz;inRhdz5`l)pex29^DqPw1^2oZ&pJ;utd@jx28h+LFAjQX=Wa(-{Oa#Q3 zK(3h&X;AEAMR->ma#cK9OlH(lEvgX@2hUmz2ZWIGFE3JDrm*YL#Enm38^wVMfFc28 zTkty0P0h|taY7@7Yv}BDAR!7VVSZk5#@9;V-O+e2PLm>ZKHMIm?aivdpcVCws^2!(TeK+ik${2J*h6E%}F*J{$ za+D>cSOZ$IyZ1;%eM2W}r*WF}?bWl|Mbbem7ez0HAaqf6)jJn^y2Z_R>(`6A@j9y> z|0(mS9E|yd&^K4RVjWlDh}N42JsIKIi&%yI7p45p1EyrW?)u}|vI~op2WB3YPiq2e z4P8U)OX5#v6=wx)H@o}9;6MKXnnAP65!ns<^ePN_D57IZsHpOp)$RP+Q}Qbp?L$I4 zfu73lAC)VG3Zfu%^k=0Vov^h?)$2C>iMV(PH^~53KZcLJIdW+cF?yJT|E%;oC3WRs z>&E*h96$2I%nQrZvulQ{t-*`!K{L8(OxlJpNE#RsV&1N zKBA#f)z1M5v=S~PXJE&Nba&IAtqN~^4pnP?wLai|{|J`VH%=Vbxlx9|dQ!)r>Z{xE z1tG7rv8I7LGT9OM~FX`=$w~5WevDrw@vjKcY8 zy7Z)oX=6BaQUB0RcuIkh8U)Y#a*aQt>qI?*8ekWmObg$9JH^;E!+HNHXMSnpi+EIX zv#$5qlWA7T5n&B;dvxK)mUAu1Zm(veDsqQ-V7~+)6&9UUIib|)dPHN3h>AK8IB+K|C>UWRzLoKG3EaU z~$0SGTRi`=M^njb&S!e z7GTx@T@R{0s<>)7??nqt*S2<%kTf*g=rZdH!>UtX8kZKV1dmZRpW2VMVOi*_#nDAD z_iXivp)VzLF0AL&Et8=htr&m+!<>)~QGw)!>zxNCRpEkM@BYP+yD}%#E)r^MGwK9b zg=QDPIPJO}{P|2O^YyC>3*^8nTzrazlv|K`YLWgv%JP) z+W>hnm%ODR#BhAX>acqbo08 zkAF&}*TGCur>+IgeSnZTDdqyfVoNfxeI_x=5M0LAS7rBWv?+HVEnMOsc9z=1c$91-usI*%<<9^^@m;uantJGvc*sd~0 zGEVKPq?jms+q+mzB>w|kSDxN*>BEPtFOFaQ0nhJ%T=HF+|J+e>mf06p+m_4Wpz6+z zSWMqGK6nk@Gr#YfrVCJ(yM!@c{2h^~-fW?n>ltR;w+wP$e)Z-Yw%FJiO{#YOH?C*J=#}&E zm8)#p+m>IIwHviOJ7+~LxMPs{H~(|((f5H1)P>ACQsJ=MYD##rZP(4y5~wbVtyoQL zrk8^}S+V0F-Xym1Ri3V`3{OSZ$gjk7c;9wa;bXZSi=E32;~KQ$j;8b-Ia$XP=9n9- zD5zm*v!m7HigU>=FOwkRTeR;7`95zTCUio{_9O*Oa^;5QKr580#jac_oNp+7$ltj3 ztkXV94YgRl!O|~ILhICWnf1EdKa+D+$<9-K{%ec#K9|FpV0G^jz}f?-Pu?-Xk@ayd~~a!#3b|?NbuH4=y6HC~(QPWex|oXcpPrKWWV9s1534 zhvFBCO-z{lAx2;D=6oKD@1OL638*Tt1Po%DCkd$XywtbU_^M>MkIhVGKN5`5H>Yg} zL)#B?m+ZY*r|2nVi%;L)Qq$(*+H!5oo^~BJn-t#9x(rHF4K#nD{`hOPMb((iN1(h+ zMit+z>4B&jA8w#H#{xp`I4ta?DL{D10qsvRm^Y0=>2;%k?p}z)`CtlPC)_V%K3V(u;U_zmRVT@Z?j; zq16U@N|>X8hCJ0Ctr%M~jXO~cbZbE*WVMe;p3c633i8-`h!lvYyT|T7hRZtU_lo>J ztFzcOCzVdHD#>|&6Q?2)FP!$WD*}id1|qpeh0JCA;lWy3(Aub7l;lWL!^>hj;cE%O zQZD|v%I@Gk0!BT8s#aWL-qTz*g#aQY^FCP_JbUIh>vB6wzFuET%JW^DcH8#Fz7e}( zgYy(8MvbJ&t008GrT6_2vcZSnA z(rrP))B{!Xn^BgzV1nBB4oH2`$9Q9#8Fbs#)&`2vE>^@z?x^r~6Gfl*z!*~1zr2?Y zOp6g&$dnkbl!LG8cA3RL`E_h(J7Bht?wHsWu?JZ$*~q7 z7P^+gcdMo3Ps%A`R(NqK?pDMXs|7p>bIV{RsMg12yUrGPcVPAye+@{yu4Zy!3b`no zFkrGGiHa3Bu%uSkAB@n3bVCCxzG@a{TvoPujnOl){Oca7+;-N2Ei72(XW1}ZQDNRS z9E+wU22uFnn+dOr4FYa2K0WD*u}1Mb+ zPLR*cL}@|8a~E}J;r!Xv#`{>VZ`Wkan-Jz_H{w$%V|Nxt4NPXL{P{JOEf-K{kInRB zD~zo@#$Xv)a8uw1$?)QCvFG1z)91Z3UshF#8<-T`W_IyN8wXeIJ6MzU4_nX=#(nJv z$}L%KV=!#9@szGCWbARfFSYDvxg{@$%7grT(4M~y0;9Tnf%ugcZlRZ~-s5--)#b63 zrQ9tZ@BOLC#Zj-lA~67L>)%_Y|M5P$hR@JU@5n#A&?Uh^w_7H|E4t41Wu5Q|)ffwp zj!&DlZ*`=|j9%O?Q&f5ZzpLvpWbolG-iDC=vSztzA}#hu%JlXu^z?br5+BATC?C4$ zR&nuW@{g1^w4R_a(zo%npV^~dO`NW3tMVKDBJQYy%y=to^y{i(5=&##a(??B8Z;gr z+NVO#LyH$T7ixS9Q_>MwPsX-uWoa!E*f~RcH*%iDv$jynKDP)G9+mqi|754@L|A8Q;i;Q2{iqS$3-eA=(s%~!8!KYJbl z^D3`O6OHuCy7669y93ip9mU95ETZc;ZFX$LVJoM12%;?&wXN#{8a}>yGgYuO8!ubB zi!z6wDZ^5=x@L4ya@7O#K!B6{>yR9GEPX)x#&yr`gq3bd*y(tT^!*0$ZP<%s#b4#{%Ej`jBgN1buVzz9&h{WOKj!~yd$}?-p=dsd~3vy$X@1K^&v|uv;2mJ zV=lFf?CT{9-Ol)m5>2DU1|wLpm-Be{grl}w*=Fv!ec)3oI{?GZcVL%VX8&c@%n?30+x9IgB zZ1$R{x6HR-cO@hKAb+2NZg2SCmcMIuQco`x0xEEAF_wVrw3-SE;DOBJ6tCw7mlN+{ zt<4yaYjV9!Q<1(a1QM$^QhrSV5*K~3FJ}-i82BS>7n7CX4L7Ia56&;Jejl;0iz+Ye zui0lY$tQK0FY|_zXZhsaQ-&e-C0SE)Nk^OVJL_nZczsJx-P~A#>?kzXoe%V4xT|(O zdav8!VCk_7P~2s}{an1sHuJ1S3)<44MWj9Dy5!tKRJwaq?_ZPeV`HjiH6);u>MPNU9Ay+7ONUEY@s+R9&J~{;Ules@ z1a^6+zshX}6st>ofxRI6R?O&ew}@@r)hllZ^`336%XE$#DXtI zez3+%EmAo>&Ash)u~YB+rz9x6+RtljR}|aJ=8KQIY*N#w&PtB!F?Yq9A3DeWie~vVUn*KVPT_GxZ_1o&&38fo)LF1w!tiBxmX~P zD)V1drAiN*RmazC%v)Z|+wdVgG1!mzT^)JL=PSn&eLYvBv5Yu0ok3@&R|pMSr8| z=HBzOjSBY4j`iJ4dunTySGVracH7*GKeb(1aPI{*>&rQqG4Jg3vwisQ)}r=#H7buX zmhv4Jt2=MQj%cbmT0(Rf&fE$Xc4XWc2B-DqP2Iq*A_>{aBAvE>-fMNs%WHALcT&|! zh3~UX=f%c$eh3H%RD2vPi6Z_|^Kf4aKTZu~_2=f7aq$|g?fjmTRo(mjyggA?;tlk* zc@^vtvu%A~_|LZk`&w63Id{L1MbH3@*`%m<5-!ZAF?C|$a=CvJT$WgS^h5h5*;<^l z-Mik#YaF2yo(4n7n9oe&i*c{}Y-)^62J}sGR9}0@yM=l^c)*Eye~FhvLQ?vQ$tSMc zl1iOT8~xKa#%MoF7rS@NQ_hsOpP0H99IazQFsNz6zpCjd{3-t>3#_;8Na3%`5wR}+ zxsZCMQQ9`I;CZO)lMHH{>4d$@nZ{n10gtnRp5^8)_TPE+jID^J!qPqFV=!}^n%w=m zbyS~KM0ohOsE6|gC%4rGfj35GkM#uKD3SzKb2-rNOLTaifLfx~PLL@Ix?M&%sYOPs zN5nOKF6<@@eapIbz$V?OFYH&HJSbUjA1BsV>zl;8q0l;xtWteP44OTj8e5MJY7DlI zoRwJWZhjqm)ydSNPQ$Lt=yi&qb;0O!@=n%2%}TnVQvRtETfx$uX3v`zrEhY3(`E7S1KL*v}@~?uKt6bOtZpW z3uRr64b>0Gil^1dy=dr*ZY#2L$FWf2LZHrZ=ia6-+v+)Gb@#0$E5<-ZO6IS_VWtwc z0~5Li3XCxF4T9Kd;dF#Gy|e5epOgbzM(5zCZW||~z`>FI#*3^d>+VoVtyH5DN$H<= z;K28@Ujxh?kNGEe`8zIB1OY8Jp|@WN1sUZB$CJZYiHLi`_~#{=TqbXW)&VyyPR?Y$ zKt&Q~L0dP=3bHmu=gT?5Kg``R$}{S;)l`%Q=_YbDTTm zMt?8C&COD{>gL*T-|MvvZa(a&LCJd~ELoz`E-{PU47-k2bkh15{ci+Mf~kIBUBJVt zMe8LCEo2Ze^U@LX1)p+Iw5ID$`1pqf#*a&`hdqF3=EBHX=g%u<%^<0<9}_K#np?PS zr7X4#YlVI~^QqpntaMek-S3k#azQF{`AKQ0)E&$16R$%Rjx_jISmH{AWUn~zc4D$m zaoGQJ>zLBBeT(LrCwUg_-Jwl33HUjLS#wHoW;?DX= zqv{z_R$o6R7T|f7n;W-THY23=@}qi3CW%5w2S(=SrN2uyd-^eOG4nW|fPib#tB&Bm zIC5gc!oWEcePcU}FH*X}J?DT*c1u#O6;<+kD6D`W>}~O`-S4MuOcri#p3V&(4=MED z&jz)aXlgc};@MDnSZ&Y2QF?Ww@DCUK=2qjyi+AyE>xS#)L0OyjT$%#p>foi(kL$;d z#`o60TGnrF|GV(DkfQIFChsK~H0H8J8?4;^V5y;DP!F;zL;%zf&o0p1Ey`bXAGc9n zRnrPLQke#P`*J32(z|dUD0$2 z=-2YI|1_;;vhGz>zuJzztPub=>TROeqj<30Bg2o!LSBTnMRSjonFyX*R2Q1u?^Pd@ zCZc^tN(_Yg1n_|G{iT^f>XfD(K7M(%K^kf+t|J(#{@NFh0+u<=Nh|DN+#`ZgrR(P( z+;3~EWkmf!x~hX^ewEbI$rmiXA)e29thTGJ8~-Bx_%f2Zdd zM~)q0js_rGfXfO!jP96qw9|f=R3)jkkVcUh~NN=;=R&+de1Sd8SaK zb+29tDfxX&iL*3S3exAzR z%h+fxL3WgxO>)Nqo3=m=3xtG*Ig;2YTS)dHBcuhn#Fn@1(N;&Ki`Qu%U)v9hbr^_n z@9}~R>vVa9EiVe!t|y6EKzxk+?oB(%k_P$-@Bwy`MrEhyEJBGn4|H8QWYcZ$2IS0) zI^iU3>enS(b1eu_3P3J14T5e&(1qfes$~1Ih1O|vqX|SFcVWpaPD1agM0in1`n?h4B zgBIv0PvT80yH_qR?5x6egyMo$G_K67q6rDYf{fe-iR&C9Wx<(w%mHvXJ5teaxrAI+3G2Yy#!drvMDdM$_#rV8E({URuijnw3lsKA{|aQ zVRi((zA^Y+3S_3;!QC)Aqq5CGxWnx98ScSky*L;MA*Zd39ZY|fF!zhkDh(3UNpjeK zOhIfvh05TnGegJ@JDi7f0__>7DL>PqUZ4hy9L$^IREt_WEO@EXlEgmwjaK7{y z*}s}P66+QN6|J)aOYVEJSq}|7p1j|;%|e{!P`J6r#>hdiL)}r_@{cu;q zfJiN{48N4KVEp9(m;`{w!`GbmKYQ(l5OgWwrotk=OS?N2LpAeCOSEW~(eB1}@qtos zRf$2PNwO1tnc3Y3+aZoHPCu$t3{HXXCP)QQWFey?Y?k-tR`ycg<#u7o(6;)8hY<^L zVQY#(S+tQSxl5z_fdfL#hwyM*@l**pnmA|Zh%X*oCt|z^6-LM9U*KJq%|7s7R0NG* zS`HOCTEO2VTQUs;?8G5?SBc_{Si$0*4n1P93humhbE@Dn>$0W6G=R*4*neAqR7+5Q zq*<|14vAsLGD{Q1Mc8aad=5ZTYE^5JT~lg=a=6F`Ze9Il8j)a20(6R9_&XmyNpRP* zElrb`+#|g3nQIQ%z$fRu&0{4-B2kSGe(ONVemek~{JJ>1HFrFH_O5-c;+j%lgZ$@_ z*W+(0|>-ofW^R)yJA2De)S63 zGQuJ?NJ#PEFgQKah_GKcSEQ&w_iz*NO$simmo;}Zp z2Ln)QOYT)n=Mk1rvTO;-kKEql&8k^aX0CNyXQG5b`083;by^+&MdanHyAgEx@%_e3 z-Fl{Sv+P=D*h~Dw<}kKVAS!5Oe@JlGSAr=R+`=q4bB0ww7p=GfrDLI^&ICyD0`~CP zH~Q{f>|wPKyMm%xZCv>JOriGB5rXP3Gdc0bO#DAkO6lf*x%}N+u2@To85t9Tl|l@R zkI$i{@b(@pdg@Ndf$?0`t?x%bV()yd$wW06GX;V4h1|T87kRMKushr%H=m=qF%xhJ zOF}h+gUMu&Ar7dmJW4mLj#Stb`S9Vxm~&3$zc{2I4{dVT|DWg>ii%405q6r+I0Bvj zb7ye0vHuPTfrkDEYR$GRa?+}=k%Nqz4!`QH=kpGL#hW0HQAg1_KQOJ`Pu00%?ZS>C zkp91g>HG`Ue%yuyFBvi}Z%%f!aGapJ0{?GS*yF+~^ugG#3pL6CFL*eqs$O+Y{lc*C z#^Cqzq(spJ&uKrcJe)#R=b`G9ReR^~t?IllZsXUIzCs8(<8_55$77OkW%O5fCaHVgLNS7HkiwUXN2Lk(uG2t_!?_iIe%`F(pNo+h}A4L&#G zGNZ%unEsbRKKs+`7oM=x_GRW3lB7X=v&Znrb zJ-ARCUVazEazM2(60|!U%JSEf3#>c9dJs5!{55)3y7{SQ|MyPu**%fM&Gl;9ha*{_ zbLAQb@e9lSu=&UTgGK&E3y_Im@pB50WN zSp#EThkZc27hx*Glhq;iHre#gK4HZWzLwp29Aj6QuLAreTOGw{D`Xd8Rk8L4L4sM> ziIDFTfe)=)pDmp3d`~;%ZZv0y#>i|gp2GRCpKGG>5J$UM(A7oZSw2UrS839^r;nr1i%&K3^h^jg3n*g5y`uFlgnUgxW3d_Q6o)qgnQD zgg9w!t|0{+ywRrUUG*Q>znlv$=v` zi6AT;zbfzlha+N(byb~(&>@C2l>(X@%;6-va(*0?-0SEX>PAn7xYbS}_wzck=t99A zRxrji%4WAWPLdi*T@)7cVQq`#0%pC}cQsHzHr7TfQT4UuGRhvw?u{@JZgZAb@O)@H zPN&$QVtGQAcLNT*=+Sq#p{m-2eGNG@YWlcCvrTs3mx@^7^1l}2tHN+lId;2KbNx8n z0%hT8#Qq{Af9U-|A);veom%trEkz#|>f+s6yqiI8%TQ?;cuUV_J1Z0GpVS{OR{SOE z;2AK|yWf!gZOLIjZpwif?O!yZu%cHVC)DH5FFk(s zGHY80a>1Rvpq7?MiuHobSWzySRRlNPa;mBUxJ1a<5NDJIbfN!Pnblf5L|4QV*`yMv6>UDd-ra* zC3_z*HGRJuc3YhiZhbfXyjY?1=n9!#CUF*E`b()XxU$@GssLiPvf-YPB<7tcyhfBb z>&cgt{I<<0aH@Vd&8P8vxxo&h8AV`MX%_l6Y0@XuZ860TMI}ZWmJzlF-O}qS>V^Q; z3Lw*iaC@UC#G+vh+1CF!TiA1V%2u2_QMA&q?p7TXu+6`XwYW(U!1gyUnNuT&SbHPrfS`%epy2MlwHVH`p>!qzUi^f1J6nw!zkk2^_Czv$_I++it z^ZcxF%eI&&WK6tYMR>xsUkTJ?fnm<;2r)ua9T-qU8hS@MZ!y`Ks^Lauaqo%#_ z37hI$W{0mjMtqSH%)~xsF0>s?SNVA=A+gaR)&gx&E?YaIo?`L_iUUoWvR|cBN%UA2 zlzy%IjN$DV5ndsHWqXy?yidbpwqK988Jhh}R@&>U+ZL1>+4iE{!K;Na@IaF|xcDURHb6?6NbmQbexdtiZ9~(&GYv}py_+*J<26K$^WpWH z!f*}C<@a&&o}YojQ=vvwL490&W_8dKz|eA{pFeC}v>Hn*(%uxNt(%EHs#HA^Ei*YY zUevLFj|>H*<#j zaPJyUUPNf>F=yxPEph#SREh7Esu6>Zg>tJC+BgW>C|^^?+2Ab44vqoOjTWNzO z1y0>~6}wVo_GtOrj{J~%--!mv)HIYr>+T>5`c}{Zi8YG1dM`vRA4?i&_CxfWMG4uU z-ewF0As1WorCSyYF{M6)+_8eD&V zh>edOF5@EnURXtOlL2R>&z8o2m+mRBupcsNSk^fh;z14m+39Pl=xUf*of)ruRj4tk zXWe?cX!5=zX)3AqmD&4>gT`kKf%+-8iAz#67Pe^0KDHmWaq~U~+Zr*#G z%R9DDkHADZJ;L}78#E#{hv<{oVo5#uhwyQ{f^tFx7Djcf9P3TqFTlk-x1 zl`AMoIuc~n{QYF{Cn)Eu*90F25efq&Uo~uQxPGr1Yh*=ljp7!|~FvW~xrWx$oVz)Ypd?Np{&YRoW=LzAZwl;jjhJ zag3ikokozb5T?G;Y(^s>z=SX9w`uQAe~8?#oH|62JcniRs2%16O0sognMUmT#MgiK=$2jO0TtL|?eD%tz9bPm4F+DB}*#%w2H zpE&oco0h&a=5F58$?~WAMQr1N3qIfZzf8el5DVRO7_srE2e-bXYfW6d0~z+{R~r(>_#Ba3zyn z@ztqfB-J?@4Y!c3#<#%P)(tkc8tKt_0L%1W4n;GZy_t(|r%$df4j`jebjGQn$w$(_ zK`^BPU-8>S1@t?g6F(SvQ*DE7Y5*L&)}rF)j$>yEE*I2Qj$3S5HKVWSr`v_+N28|> zN~H3mYu;ZPAhi zkYrEAiV@!+RLC8}2li=NX0b350W9ok!FEXwj@ZpR^3|26w4tc{sM}IX&qQZ3?%kVx zoY4Gq{CTw|lpZ%|Y=-8HsMgDdu}e?`N=@D&%m{Iq?5T`D^-Sl8rqXAufe??L4sO_f z)edO6gSoh83Pc@f+RD{_x+f7*`6U6io#~v~AsM{u_aSpDpF~Enu5gYX2Ki~oE0W<% z!&H&Qj3M?N?t??nK@ob&J24FB!y0_A4}Q@3)=aE9&$gE4N35~Vo`TqdunaUlyv`vT zLm)R%j4Zmjr4v+o=2wqXVWC)4C={&qopZbq1q&P_+f+IgPaVF1|E#EcM6g$}D_uV@ zh7%~mR;na|FsivikrWD)hbCFhvRfXdYg0#9Xfc<{Sh28@ma$5G$bOG*wMdc!cu8|z z4tVu~phNzaV2)4l$OxZ+D<0GrwjQrLNF~@IPRD$^v_?Jrpl#D^Zc7OYIe4LUUPDt= zO2KPjFfI_ccUG#KuVvfWD@oe44R}IUL?hNSXkosM zAx;u5l`hy|P?#+_I3vmvCmhC1AW&(X*|lEt^1974oGPFfkN}Q+#5D1hd2?P;p#HMr zQZf@z~W%O9i z5J&D(d-BCLb2^%wluyJ_DQIlVV>U{AsIX&<;3CYq#AMiUYdC;^Y0Teq(Pbj|f{a$e zi#*T!v6K3<&iN-@lQ25|=P6k+ywMm*sLx)^{`f)!_4YOq9fU#GqynJxpI;`JOw@r7 z(w|D*d*iliHY9DLR4nNHVei=ihPSjXK*)XV0N}kqvr_F?=Ccf=h`;7at!K75 zxn%8XvE-wFP{(KP>EFJuZQN#l^y(Xr<%CMYZN|(qkX`H=*JhP~h?m5s&XPfpV#*nz zEv_Z`?*@_Q0rzTrUuu7`DUwfG-P1ejV9fh)mtmY~{QcMwos6hrrh?C^WS-dL$R;~N zPSsYqPT#AL)tbp?+XvR@y5&b&bBRkOCn_3UWL!EfX)VzSyofua)FIkS33 zkB%qXn~xaxV+P8VDR6aNy%4jz?2I>8-b^uoTv{eN2xGPu`TdcLm-kJkp@{xV{b9bb zsq*g`n>KzVIP^U&Ov}d@RVNFxZIg{!(fzjd$+(V}ge_<6tjrMcT~Zd^aObKHr`Vlj zUEnFJ#KEQ3C=eqFQ!(1uhB4ot8tyUGzJ&d3cykH4dGAdrJCV00{mIOXU(=BNC2+}w z{1>ew|ExWw8H~%F>S1h25_{zJi8U`ExqGj4!+d_w5s8-Sdz&yMPy9qrAoIn^10&YQkGTbfyQEUgxZ}=T6s}vm zkpY-7giKVfMcswPe$4)Qf7AY(<*6CAw)<-Itc7AC>-)FttLs3|x5b3DZdJ|R*Al&2 zs8ljFJkXxQ;aR+1uQ{i$jQ&ft#zj&*cMiFjWZS+M%lkGB?KJUA@qLRk+RLilQXu#a z(K>ZycQr*o{-z!!m-=3jBf=A@zU~}MflkN>pI9$CQ!j>|0Y*g75L8mcd^`p1d-zQE z_{tp{&2p>}ns}?+8E+Bo%ktt#zB%Y|EWc^(bOqJ(X|tRX3C)%>D~1#4H*x~`5CE?l zg>&+IYTw*$J}r!EK*y!3)8rTxi>KC(ngTq$Qq9C`pA@ss<-B}Rea6x_W1}~Zu0^`? zx*DPysgE+r>h+4fIn~qVX%67CECc2-#STKRbhYqQhF_<7bQip5walA8%GfR+3W^`* zYUDDXy@;4q;T6h@&f=h&YFpAb8&aSt>7aCOA@cqShZ^U6md?HYZqn|3Pw^Zqq+X|z<-mw5OH^le*Rw(v zsAOXtEis#0T>m5{w2ssV@08e!uXvC*D#DrA!5fRtGSW>PM}DM;Jo3a{X{C1Xq!f>(Y$7Jui>k`v-=2-(?>r55_n&8a)X-1Ys$)}kNKGO~0c`S;59 z+x;HPw)9T5_v= zjS>!)57-Rj-YEY@!p8V!s{4YoQDD#VZ7O2F5z~FnCH`EHy#EL#g2UM9y-{-od_FOw zXcUDy*H{&edm61f$f*YQwkzlbrn;N(=BWB(FS_W)6rnG>I=)ay%zB?yj1cQVSFsF! z8IFry2Qk`py&(%4fCxT5S4V ztMfY}61AT^Kl_?WJ?UJN%2J~B_*OoR=jJ2alIKn?4~f!!Ls(L=ib2w&uEhQ&PVj08 zq4tP)y}~6f!miy6(dZ*Q0`F>|=p;|_hQo$1O&ivdx`j6{mqnfSY}Iv{+fZ{KZ?~#f zI3`H!H86HxPC3(oMMPwBSdNf*wteb8b$d+Mi?=`brlUTf_*uJk`pVgi2r&Q5|IfoO z!T9FFN=`L|zqSZ@mu+bFonsZs<53w4kNv#anAfRk^xYaEG}QQ+BTZJO zSBm<2ICqkGCgLQ-TJaLO>S8Owr&}wnh|T6g^k`qF#i}AeDH6dPe4owcn;YJ%eZ%hmb6&<&1*jSHJD@`-csc55@ z^D;ZxbB}h+!ViP|B8W)B*$skwfJy<#_823l5Flf8Y6W@V&vS;&8(Lt#dBiWBFKT9G z)>9hmF|CNvW}z8P${s|A-*6~eZyi@*s|Wjyd;E5XU)w3^Imp+E6n-47sRPgX>IqaY zM?KHEn-l8|L0*se9rs9uc>IR;;DeZ0TP!kI4epuf<*JzGt60~=7OWOO%+miS+#@%) z`c#w%1FtsbP?XD^+rxVrMIzVQv3cYKc4lim7=LCH=g63E1KD&xoiZmP&(fpGx(@;H%rch+YM zk5~rG;e5bK7JU|Zui2$L>}JpM?s@i~r4lZbX5;J!<+4IjdZw4uz2s|BZMpda6xa%5 zh3g`Q!W|r7`p0h}r zDus*DAP*}c+T}L}rhncnX`-m1PcLsbAxkqb3D>Lwq?|sUsgr6*okoZm=Tmr}1A0H! zm&sirms{H1kv|ja2c#J_SNe!4LO{WcBeBeA3ixD)+GOfE3^BU#MW1;2Qu!g_Kt@H) zsYBpFDXM|`u@E??wRPEWVn#}3`G(Wynojhadr6~bs$^MsZvsrA&xY~kjaw6$Q=bEW z0gb6Xt8FQ&8NN&1RC2>L*Q}ttnT>rq!HcHGaEH_;TMe5z0h;)F9bH+sZdw?XLVsN~n^W)LwNEWu{rg6@DX`SD{1*`$vj0m1aNx9N!q`?F29 zuoL&fqNB&K+tcAz4b%uFcJ<>+OCCCMpJ25()SD9arlX?i5bD=d`sv|J?HX-8+Fx|1 z??-PO+n0um?*W4zf{aHU>p$jalW)!(V0>OEzpX^n3Q7sNedFjz$o}ey>3h(Zcs`!= zURDQ~kbFG@Vns-JE3D|%fX>5f6VxYWsCqQ(+lpF2$%nO?3!j+6%D*{7wv!UW&40AV z;wAbSdxd;r&IvmRS?8+`%-=c}%lps+F2t%_mLQuX@hUUYKZxlj6;97#MIv#|opabu-McE`;g;`%VZ2uSqQ92dNQ?sCb>#y$`s z+MYvBMlvDYW&V_JDzzInbeu^sjs#E7CAl1^>Q-tcu9$NYQoj(wiHB|1&HcQP)TVl$ z7z)k&UN*=8bJbnv&y`hAdFzUpB9QUXXGSLzHV?El@eS;xh`2I-t|-k*Vu}WYzI#jQe^U7Sj?76~n3ZuMR+A7wz4^QH6(9zGQs1!%G`<RpUaBja*TyD7%=3o+^X<4)4-ySMDycskF4GLOV(YOp>-t}ZvaT=3Qtq#ijB zi_(V(t9@%cI{TsmR7*d(h9v>svAqYp6oV>~^}I!5-;*ZLx?WbTrak*v$Bxof-O&n3 zp5o(qVYh4#@7{(QDbNP!;=y}E0QV#%jYhRFXj^40(LANSc2;WIu(@5$(mOw#Y^agw zh+%wMm{k_Z&iPo$!8S@ZC;AF%GI}f=-3{5yk(2iBSg_odD<@dNyw7!J0TL zFmO|MyakQfTOj5+0ep9r0(TIqpg`sye*>PA3~iuq8z(nLeM+1KX$850+ORp@vrMop zWYD?OMXL%-_{*Mkj&S!U+=#&FJV`z~$fzvOyV1@jn_scD33JBh6=m&t$3EiLyhiB` z#;-$LH`Ku+@M{;`5xnLt0+j>7yiw(jDQXSvhnj6_duW05x7OTxkvY2)YFDng$@@{P z?EsE`3utYxUZQcai>Wb-0kc};l#{Z;M+t(=$BEAno&fa+l~48%g&1yuwc7i-{OH0f zxMP~fKm)wSB+?Oa0Dv1`naWXSWYqNYZ$KPA$qCoY;=BjwfVZA5T(~>3|7zjFBw*Yu zYRqb>xjg?0O&6A>#^%Cl>RJ<-NbDPkVCkIY(j`DvUM81Pgf7iOZCZTka?a2*&UnHs zB12ma&mPds`tgI^T_fgo8P@K~M?PTU4RpbTp4?T|okkYS-hKTX$^+-`GV|S3G$2rR z4cjKzB($&)8C8!u(#)HZ)m^)q`5{HEE&A3wU7;sunA=k7TEx~{tDO_o?36VXlFir^ z$OZVR*UiyFB+fh{+LehqLVFYlMo89_?i7uSmHCR9v5-Set)#Ocj}o6>!W}(TzS(*+ z5KsS}`p1tcB{*+(F(n7%-!};(Wo_EFr)?`4$XZ_D7+VjXP5_v*$w_(HTc0*MxiW}? z=0G&6Cka^~w~u!hHi(HcMyzjY0~xi@P*32FV76_pdhz}7v+Xq#)7bMY;}#5se#{qx zLNzynD*;1GS=I!#S{YTw)Ed*!jW z++JGa;*h(ZkXe(}JEN~>6lS5)SSF%aV{Me2`M~Q?x@ibh z#im9c5do%RL%(zD8vX#E0_6l9Z zT+ZZzHA|QvFD(OF8!LdP>wOV`aJ^>-P-#gcM@a$e>{7O@tIQVSBLnIb^E4~`iZ3YwOU}<;j0?)%md`f7F^8V4#%}q zNr=v0Z{_+Nm}}@1(jfco?C_8O0?RaphhsA~XUc466X5Lq+wMIA7cT^o*uPmUPQC@* zt~ttdLk+~$7aELvfF6;sp&vALYO|v|Z&&2L?$<<)SUMMwzNP{b7qAaOvYgO^IDl8K zMo5w`Zbi-pZ{%Kdpt!tr_rzl%8{!&q) z>P5@+`2pk5W$87f0UM>;qOu=Al)z19$2d!P7$w%!pp()RY* zq~2%#XT+(YxT41eucz}0bz~^hF~nPN>aB2PW~at6tm_*c{guu@su` zsx>i;+xD42^O3!E6X7`g6NRb%fLR&eiUF^#V{{*C7S?IQ=J{U@j&ZBHI%NXemxwvw zaydfJD$q2Bs>H*ypxu-ls99HIwLIBQ0}$xEsPU>j(K;u>u2ODwX^MvGmIOuIMYs=2 zlf2V?Mkpxtba}UupF~0uh{{}nLn0p_Yr#ac?;d5Sp_}_H|Z!E(FQCnw^=KNI!e6I zTx^u^WV7u=FUn}g8ga83!c#{!hoDT}^_Td5b1E~7E!OFeW_NPcq0U}^;rxvQ8vHnJ zgdtv8xBaQuVEjtV-V|#(z_)#Jjno;nd6ZoL`01Z8d{`sB@1uHqT_?OLT?`yMx%Gj5 zuT7p*h>xQfAtb(Dut7fnVGX9}E2+pdw{*Q;x+whOZ4)~_Pz-O)zi#dR;{dyUa5{-} zaHu5kc6!;xc~4&$U(4YwZ&nJ(Rj_I=@-cX6)>asWRT_}4T#E#HeJONVgXb(p3TCwJ zoS(DG{^;gV6HaB+{v-s$7=4ep{Ijur<#4Gh)j&bvvBG^7WFY+>Sf&Ax_X8=`UT(7IHSg5(nBl-a2&! zc*sq3X@Ey2)WM+j%|-&D>(jQ`5h)Z%oCbodRZXnrhmJ1l!Z@u~$ho;oWjMI^-}QUo z)LupC%;r;s+F25F(YIrIiVB(;x9}zR^&*GWuF+ff6804@>W0(U8H}5R*p%n(-&m8+ z;MUFS=2qk$gM2OjDsfE@wxe45^(3_>KP^%>*?U8Tl@v z-BElSC*NkyVf`Yg&4Oc$hW>07O83BT{e_`Cj3ekGZpf79fmk_9L6p|!Xh|1O=Qej! z`7mCvp#FZzOkNQLWcQxes$B9nwvSR6Pth?*woF*;y1w^G++3`NMO_THzHfb24R!od zm+_l&mT$|Dceo--ZCncJk}!7JYE~S$rqP;L1dDvv|E+9BBQ|i>< zVa$G-HkKSUEJZA7U+Id*zR`U*LR<-8+`_$1Nb?Yz}Be<4%DMOAdpwZ`JW^hW=Mn2^gCNt;v zH>jI_&9OE`ayo5;+HYoJlCo-Uib3h<(iXkRI;)MEzp{@YCuwgPw&zrI*y10 z8%w0-LZj_F6b5AUR(?~%ZTqo^FC<><0_@74*ZRS;RanAVvdh)&lTJ=C8%cr?5 zx_sr8BJt;K!K4T=o!l);ZGf%Kw`&$Bs@ccAW*nQ5fg8S#UvE4J82ZI(596322q`BT zrl%^>Yg;Cg^PeQkbkX^#8cX}=raSi36nV~KroT(_M34&7ENwMYwjKfl6cRp#^urn%?AI{jc@5C3{3oX zFElX0XR9;OLp5l9tL}MFx4_twtG1mdt74Uzb7Y>6$po`AGl8F`jp(0cK)#f&9C|x! z++i>K2l*}k@od!ZD<_Y~i~Ffdi%aH*q~DBA%!++029{u2p0N;OS;X!5-W*?B z?{%c!jMq)e>tIY+p-h_=%Js<9GtOg`Csepj`F^xL4iQZ0S}ZYo8?#;6bm&{FyY4rw z89hSj4zIFwohWrOG&8+^Kuusps_`*@J<5ds}58k_$M^IDB>dH!^k0 zoB75slIH+u;k=#R3{sH1sX28kvj+BzdOgp#J54QjzCyDtB-hHu4mVnOl>Ih#3^L?= z=;tNJnX$eez{D?)tRfGH{j2@ErZ*<5>ZDwQ{%sewy`9;7f>dBLYf z0)Yx5yWc(g4Q7dhki^8vsv#_z}9X@4X632gA#h z`Jx*$!#2wEnaoV0RlF5EX5wwkw$D<{j*FzRmvPif!c?h!QKHLnxpN%%GoItLLLbd@ zixiivw{Ax3RvH$omtk@@O2Hcv33=}`7_lX0eL|aUH)ZUzmT04jl6W=uiu}XcIG101 zCeK(p`V0YO=DEE|S%2`SvD2iy^2x#@@OK+;--8-JP2DpN%ROWno0~2=jA2D<$??|& zx%~=UTBa4lTno^>`5g8eOL=DOkA?Dp*T(;t9NDc=yTJ;$5w;%cUJ)@ixyMQAoY;5- z!;*e?ecf~ImRSY97Gi}|U~GBSHUm_h@R>SR-+p!d#;zuX=JHA9Xa#Zpdq-WMaeUmMFmsso*yH0Gl z;?1mbMreAr)7s>iHIdDcg@$$P_VtQN(WKuNaQL)ckg(UU@SU516{UIci4;KhHFLI zfLA)Pk65MC!p%ADKFJ9&Y?zF2p99p4TM>rS@@mfx-DNMknUJTajEePo2Mj}l*16YV zRi%wr9*Ia@gz0n+#V&u63r~%g2{76PlYVpFwu%q>#u-xojiS_&;;+R|a#B1#qp=|)sjV71ZX;R;!B&@>)qgHkT< z%UQ1T*9^)Fg(WO(4Rnu+kjZOR82P>orRjttw_=VlKFF_mPespA3A(AK82Qer?Sp6t z&wt)Ri|UTK^4d6jp~i6D=g8D(!Z`VFf1WKw0GE-u!JjxKSiAP`J2pt4<8_q=99NmN zdlFvSC@BhwN`z+FE|dL9Lbs?r#HnN;6^SEZAgj+J7mH-#xGQaiSvM(-LWj!6?u5Nc zdU%q^tJ3VHP}r4kp`76etX6UZ&fCZ;kitMo721$O#&}Y_ITM>`x8qp$$H*`g>sJz} z1RCqL+~DCUlq0E?Q?WL7CCC-i6gzADh`fVCU1iMIC}OKe-QB#~Fm=Y<#xh_frS=-S zBr5Z}r#Z67Ck8bbMpJgKF?#rBwqTV?poaO49csMp<(q!fnSY-Mq={m_ynwn>Io4iM zmFSYmG0YafEZiO3p)v`G5_5|_x

qmpGHrE2CI z6sLm>lnG#RYsinzIJCTsiL)K0`=*nmj<|%0nyWkO87d_+W`Z>kQ9k2w@1G@ni5c}g z-G3&W64dJ3dbHB$e1nZT$gkiIZDD$G{NRJPqQa!YErLHqm6t1(bmADgh^zr{2Idw+ z^d%DEP^AHg*;C$?e2qGnhgRc1ghr$CiUKYK3Ty9yi=7ikGP!hDD*r07fWbth*C~8N zMEYZk#eHQX4az=APy9BV%yxIt+b42Lbisroem5^M?jl~ubP(E!-$nr3bPk5Yh&2lL zy>C!6^U$HPSL~2KP&z_B$J*sgrHCN>pih|*FP-%tLiZ56&f!v2jy+z)dxMx|zWt0W zK9`eC5!Ca`e3tP`d}02N2jIW;0APQC`ErUeXF(|C!SdaSfs63MkHW+zM8 zo*BMkBLlqLqLB=@c1nsZil0MX zs)_kyme4H+OU7k?^lbI0>74HCbJw>1MUa(|4M#amP)nIdhMLXfcxhLR=>QlEq?tntFL25XBr8O$0%ud?jB!^06hdJdsjCL&+tEznLtP zzBE>50hTZgUOtln*nzh$ae|a;SDeQ`*zsy>xiu|fpfrA%|hnSbIwmsGDA*K9@ZD33VPV1)a8-o-ijGy}UEih*%NZ^d- zg{f3oj_r4gpYvvAAc?sN| zt0IWesQh@aTK7?4Y{J2=A>Pa2gS^0+B4wX58HSi_L#cM_JHV{CMeDbsd(OrW5HH)H z4sxn#J@(dZD*7uS;ASU0;KaR#Jd_sbV-5py)&d~98Sx*^0foq-fBc*TX!2sbSYtDOIoXBaGbJ$O-_N?p%vDBzWysCEBljx&ZhX(OVmAbX7KV8ZY z(`~<4j9`e&;ZGV|!$ktN6HMBDuwP4EBxw3rT95qm7mp8Nf(L0X?~XtU;-N`j{PwZ)Q#9xLppo_v(S48Z^uKm^hfb*ZO2!vfO zPwZ={E|Ja=P@|@@aHY+BOG^vmHxFRoZO85b!H%FRwN(E`L&@i$X7|k*ZR1Q7yN2K6 z-ORyWK?&`awA)p+))TvdY8%{6;1i!j zu2>eSGI!pq=kIAFSAQui%Tb=5`|@3R9GfB^>^7BG#(CLjQ^9kIuBFP1>N!POMsNrD zH%DWifYH{80j_mQ!ZIO2Acf@U_Z&vqd+5hnp;frLWfu08L~1-LUwz=Sy-fbb_u{%Q z@Jah7Wv95uepI)Ko@ddELqu;NiW|Hdtab3Z>+&bUiCmv;v#jsV6^~JahxXQQ^`nq^ zts8=N`(o`u@u;n(DrBuFWK22-wwYZe2s4yp0R z_@2mb`h`HP0hh-}gJq4QP3_q078>f!8RqdnF2HK9bL^B{!q=-9tGO*|QF$|K<&@Uzz*k*wOQWex$C7BhM#A&p zwB!_&PMp&@uV~s@)LLe7g8j*h;~7?cA$$6+W(&|HF?NHNojtHh-_T5&Qe6gOmO%u< z=0#R|vi?B|Q^_$Lw>*0xM1n?q8oW>0_GovN4x1E_7tD48>19*d^Uyro!o~jKgfvms z&G=ziiL5A72Q?GdJHu2*Lc7MKH@V+f_@_eKN@7=G-&^;M%L=NiqP7SnhK!0+-$jW* zF{DGS;fcWXak+M2nqMk9_(alC0T|=bA8tIrfe!Q;lb^8+o}= z^_5F54Q?{&Mt`t3f^1X)h)s4Ot^^wPVTW~EB#;wC*f!i)BXFE(Z0g$~Zto}{f?G9p zl!uN;$KU+3{#G%Ea?Aaj{6^lfxb0~opTc=5BU|F`dFvn@Z?Hv;=g^}{~;~@-K51&!w7$K#@BS| zO?%6}Xby~yI(NPJ(flsh6$01W%w3rz5Z&$J$W#>JCGT0BxP)$D4GtMj4% zGgl*n+Igb$R6wNIS@5S^)!vv(+$q%~B9S$2E0%IB3N2ya+~p1}&s||H0p)yASYL}F z{rvfQv9LHy->Z} zpemJ6=Uc_`h-(-v`gpbC`|_aX;PBR!9{2$T_}Z=8Gmr?hbM8a7mJDIHNX&9MU(?O^br0LMjC(_4R#^u?=z;Qr%_-k2o_wdq zMX(UBku0ZZnvjZ=mMu zJM6cPEFMftH7hpgAGBjkNDbDdm~ju#X#y!Z7deWTLN{mt;&n<*I3u8uUL&RR)KW0)!wx4ss2oK<+9)f12dJZ# z1z8~}vw9`ufO&cp=p%OWl6MXTwy~jRu20IFiM4MUkI88}K*_yVYx86YD>k2xe84i2 zgpMz`j^HYn6Y9$`Dv@8;P&BkiH)7km??D&EVqu#A;p^4u=L9W)K=5OK+iw=})W6d# zrc)ZjP=&|JstQYcp6m5PMoaZpM5g_dLm#=)i#2An7_wF;-CcQa`AkI zrHvm+#_F%U;ZxVI3*lp289;3%4dXJ|6FS9uOV=wz_4n5LkflZi!wpkHMCzwUhjLXj zJ?BA7Zt#M3>`s?;d$B0iS@)0FLj2SS&VvQu`67fan?a;W8nD-G-9&`!8X=`O^7#R| zh~*YaLBxl@cxVg}X&JQ0%3&TkB1!TEI!5#~-hH=)sb2hYgPM;X=ZqXehz1&QYu<|_^8)`C zN+Kp`JBrfz zVW?ZrQswNlO&@@0m~noBHgBXjb!Q5T{EKwM?++pO9$Ff#uT!Xplo^zgEngeGI%HSC z$~u}p<8Wq~PtG-U2Se;dB9;mXGH>gvjO@kw=$07FDO9OG(tDLDzVZEv*I|``&T-CE zFaK7f?O4^PKiog*64hIJ^@hbzIlYX&UG~djOUt&B_nMUvo?p$8V+H*N*NGo&{~6JM zG;6lmX_@lHkC8&iYLH&*vjgt$nY#pWzU)bC3i(3}w*w#A)YHeE6bAVJ0rPk4 z`R9!!Eq)q610pvb{_dO!Av_?NNS8B@eCXrO=*0QRIufJdPHd_Mj%7t)3;NPx%Yt>% zrp9U5-5rZyKAJ;!sp*1x5&H$5T;#&qF11X%Rv7qpM+(~uo4-0iLmz!Yf@2uOs!T_YSg}-h57Y(xr}R3lf{L^{u8S zRe@y;lv;Jlp1dF~_NV>iSwMk!#!t*i?k`4D)!(JJY2db`Sy=!3qyWils*6tx75^4W zvxGQJMa?1f7RH<_I~}Yr;@d=?#K~f1GFp%(`szZhP*7{T@C)MS`Ipf(Oq3~LjM0{g z4z10L$Q{v4Ih?n~^YFE1B91=EO&uSk{NLxLyI5Opd3 zFftf6nUuzDe%Z(X^%g>nw14KO=Qe|EV7wS_9Z&E#PNm$>_>Cm=@*AT#5yZ%%TBM76 z9`;ve>(dt{E)HIz?Uh4wkAGDjSL-7AwF6)#mHiIB5MU@;@rHS{<|5-MRLJ(s8zq48Ytjt!E^>HPzmAeS6 zrT^_D{O{sfxL@%ssW@li=|lg2-AQ=bs~eEkf9jhLJ*^ofTI{c#8VVoLYo-=chTqc9Nau;@78yOU-2H`EQ!_8ED3s9F~|u!gI?} zG`~xKfMidSL2TY6LD&*COSxa1+TV`tyO=l0x}sI4-gz{6#%7dx#V$P6uEL;L0FC>h zVl{TNbUDCZ@V?-Wsn;(~_CMI(CTN<54ri8lmoGSadbv3;5kb_xP4CzXW>%pvzrWWT zD<}xcza0r(`D~$BnKyuUO-e%S3FgXWA=k)od_`Jz_TjFnPp0u#TyTy zu|Zcvbfw-;-nR*^x$}r3YaqDsadWx7x#rkCb0EdTy8)c#l8$`-2We~GYo6tn`d@9`R9eR&%J=J}#D*X@Q)1%eTbeS@hwE{vA}Vz<=h z%H*g=iUg7X)7RWY_0IMk0O}3{>G$~RXZvGmnYDr#c}u%ENm{jBJ*LdD(46|b&4$CDqS>_uR1cJjpWsx)YfAi zA?z!-mD|=v5VVicQ_4ktx#8=J?Xv2bVeB0U)}0|}gx;~Xy|v_ym&&kb^9qJ5>U;^C zpt52$E=PEjzsR!YW*BP=K6Jq%p6Yrn(h4kTyS6YO&ZXf<7{_dn zWsOND9lB}T7BWJ3X(0(Q(|gZ)W7eG84sEkU3F%edytH&2&$D;FqQ-fZo7#V~frzAj zj(nauJ#SE_)%3}*$!ahw^|La|IXdhC2hC}_ot^k-$_MX^q+?@I&mI!^xk zWad@g-r}v!qn4l`3iVCbQVp5*WNXcm0<{qCUa0qqKte)+ZcyM08Gml1yLe`xI?K{& z56=_XP9LdmD@GfMvHW?o4S#49=4iS=!plkrY|67R;_lLU#W(6ab$RuN;zy-3BDO{? zICE;nivTR6)yJKNtReO8dnW=`XkZLCHyPozHK0}>!EwMb$1R&1z^k+u}K^PTo3x7D0&;S4c literal 0 HcmV?d00001 diff --git a/images/WinCertAdvanced.png b/images/WinCertAdvanced.png new file mode 100644 index 0000000000000000000000000000000000000000..5175a95e29b23ad946162702e248513bbcc6d7ec GIT binary patch literal 33180 zcmbrlcT|&I(=Ut#8v-hVw^Yk53J9q5t{|dR=^X^5gkB6Sgs7+}3fKVY(o29yNvKIc z6ch+8BtQa$A|QbfB!mz`l9T&+&bz*~zV$upeb0CP$l94b`a~E@d0bla{Y|9)GpjXxJ%T*aor?5Y5 zb_TvVd=|`!wu0={t)hfej>OvSeLxoI4|cQMmfMEFgFu-U5(AhY)l%Km)MV4cNjDp7 z`J=YGu2?I2B0N=bKX0g(Ed-`#vM|Il;2Tab}}6`4hAU4rXaQz0|Mlizw_ z!0@d^PJN30)iG%u3e%~~B%eR4M7b}4=+e||?osjEbWu@{iAs>#KEwC;#e?qIH>raI zJ!gS0dTq(zE!R|o*Bi0+005v2yphF-sRlLw`nXKiNLs^9yB^2 z;|JtwM(x~f+X8=gyNjNjnviS1o0d^^j+XAy$dVwxm#nZXvUHVF7%#{;yZikj1iKIN z>TAz;KmhbY2??7jFwbJO%zk%6hTE zRAR?(>{qPYJ+Jp+o3b@8Bjb?#z+am0u?nG#B$QvIk=H8HW>9CGMATAIGxW)DO)Pds zuN8%9H_}@NK$7VzHwVQr*_#@*%tdiU!p=`ojY&;WcFj)WJ zCP+`%B~=%brntU%!Bns_RR2m$pLnJq@ggQVCNQ)349ybtB4#Lem%bt8LfgxYU)PYS z9GmPI4S{Ywf)8I&bNEp&Oz->T-WMn5sjNr@7Oy|I8CTbk6cN|(3z*VdwGvKs0JP$D z-<1^=WWjslJeBs;_wjAmk6IcyH{DH-iSdKlt;W@;sS+Nn+)#B96qD332i=5q=$XF` z%zuwt&Wu_WZCBrsXzOBBW*fS2lJ_U14|Q3Kh*w~+%6^*XFV5c)jQt);yQ>I-l!`6t zf4*!J`VscQ->QD;&A{-|yg=TM>h`+qr|1R9U!(GOF~Plr`bg0bW^PKb*VJ^pFIO^z zrD}}+D>nB+DB`(IfRhSj8rCo>+!VYkM5#}=(Ak1h`*S%y%Ng*9_=lBIYroC}MR9J~ z?<}LV>jbdrOF2F@grRS*X@>0H9Oi`+I$^_d{bKC$^iVxg0g$hA+@`$?_^h`G_^c-o z`7Tt|Df~D}%lu^X^YQD`HM6UEDY#gJKZX4cP0J$oV>u(@3N5Vrit^XyLK&KD)wXQg zL`2$3=dOMHHuEB?wewqD{3ZXIJ3=k4@0y>>)uc{tSGMDp|J3i&Q=*Tl055PFGjgQ3 z&9Fq^OnN?zI!Mm@;ZuEWNP+z|yVm$-fFs+x-$}&#GGK5x9CA~CTR9_fp0t!3Dq#OI zq+3?@!Avx)AQ9^s<5FzfT&}DiF(`6%^vQ19-|14;D>KC}w1#N3Kp3-?HSAs=leM|I zmtNv8Oh+qI*u9nymqBV<-|x8~)`Y&7$EwyrTK2Q;r?q-RHglG7gwW*%RF8#daC&{9 zfk^YrrXbD!N86pQ=De#6izPFQSuM!fFTE}!uY8*3-%yw9MW|?Mf(^ssAYY3)PFy-j zJ9#)jZ9*%p-c0uQ83yThwaKt+9?ZV6aclkpg9)ry#^SrN!PPak0Z(nv{k zVHyq`>Omi;CpMVDkUKgSAkNtMo4@e(7b!vbNql0NtJq2fGG^z+g3bWg3Ht&8)zQR7 zp=RZX4~cV*EFOqZd|l zbV)pEAK83 z)Q`y8St+OC(@tiie2Tgk7+1WhM70+zD6$ZT?#Na?ZY(kW`@1KqwnI4oM*p6qP~2{! zV2a8<_FD8&zVPfSU;sh8cR0X(D@qb6gRb@D2Cq~VjSy(BGSi!jMzX_hipo%i)g{DJ zg$!1TE$N9rH1ri!GeepAJu~hqybst%+P7nD)kUBvZZy|vcQl?oe^Np`|Ea)$>t4CX z-p^vJVTpaytVOD1%UvyyMLWd0RLx4a;$3&pi#w~I)N{c(h>l_0+b>+TGkIc_HF~m- zQxn2R&L;2WPM@k1YG%rW$u!>dfn=9qWD+6=k)AWiT(#wWSRpmT65zRo5WVfBICx=q zn{RSKVyBEaH0UMxk;2YkyQqY}Otw!@w~|!lq>odZSuW={*YG5siXJ;(`i@!;2lwQ{ z^DdGh1~R$y?VnLz=^4-mBf5eV*NdtyOUvPZI+^i-BX!z$cqgr=KkwV9G2~iPk!(=m zId(%Yzu^vlS@~%F4J1oKq!TgWuWDZym$b!Vt2EUnyuf!%ni%a)Y{shwmT&(Q4zjk) z+ihZ;d7iqupd%9+y%_>$sOJa|LJ|{(AqAh~Fh6u$+sLANT?eO)t$sl}b&pF#!#v~~ zh&sK^7_=uSy$x}_a8UrinqeS@i+`6!Sph{aTvH@umR?srj#cPizyB=k9!y}RjCVUB)=KT-@x+&rMWPg;FlITqd^QM4RyH7b|S&?eATkEOIHLx?YK|>8aUIjRh}3zWDaDn zW8>p{#6>PZr{DL+pk~h^0PEtl%+9MREzapR;^k_EgearSfJt&)3cMFHldk69cZkBA zYJO@946BHMVy^q)HI&wS4iQbp>x3Q0S!`rpSw9KC&4qIK`x9PGauAUT-Mg66AkUqu z-aX(g@h`u;xE$%6Vp3R#BRIb(rC1B5ux!L_lb>Oh_@y%^ngG1rt@Fc^wEh85;<&^l zC3jqRzN~b6KVJfUY?2s&i-H!Y0KUxr#;|VZs_54N`<&69g;IL5;0Ci+*sejxg#u3f zo$d5di*ceAs^?fJ$zIs6$`1R_r(-TybT$saKZpvAHM2GW9O1Efq)bz4Jynz9E zs{m}I;TEI55N2Z6v|>TJ_8Dp1chP`a^+Tj^EEQRh~k|Q_41?JQF7(`z? zo!*vc;C3>mX(T30gG)N)wlIabHf?7%FW54&mKBx_;YesCnt3&6vyX>31Z~vr3{i(MMt+wy?P4Kj% zg=jRSAu%K=P2?lkv_C_|xAEvZTea|qnFvTQeon`87^ALcPXZ*Vs^XtPW&Q9?MotWU zaV?4vNvp=C5H>yoi;(XOA>kU8kE?k>r}-yLn%5$L&FhU-En|CY!IO|1szj^+e$QfC z=hH6m{&*nK+jvO2v~Y$rh(?#^hwdikCGL(*r)()IVi5_AN{wkD3i=!FFHdVWRY>1^ zvpL>uE@8aQ_&qWb{TJFi2roLidW6sO7X3w!{PJJY5}}payLW&V9j$md^}3AE0B`+g z223Xi-Cdh#K9b*Usgo=}ODGSF-d86p*n%KG=K!O-3r)CHdc^$tsUGgAr$+E_&f=<- zbjZNE z%M%?_cH%Xe3rJBSI6%#KUV{;lMZK1vchxCafWI&U1*;T!FzJ&&{t}HCtZ-L zWcgS(}^02=B%x?)dH|dnpjaYr zhTJg3sZw5LUx;|J{l{Ef16vzm%_;b**xod`{e~dX6*jewp5!pPMOlRv5Uoo467Kyk z*dTY#_mgbaYe<1+xq`#`@av_&^nD>O!tnEpmL&j!%1#EUd0Cvq^%1D>8+O--pMxak|ej$96i8tIPro>)OTz@ghY zcfPUVO+R0)w6`tD+LEePa|GXwM2Krqz4YeWAAEa8Y!%g9wUXZzfW|m?vOGJ|xMrf3&DDA^ zdQMO-nNaPsi#TUI-loivLo8!F*`R0pJI8yJkgiq%H8!BwgmGPB{%di`1EC$(=TSw! zBT3i1lC}n0yplPGw3m~RZO&*94~A$7N+D7v?pD7>VogfVtw3-)tz(d)`pAW%SB(O! z-~WziwJU6}5S5H*L_5;+FHk02iN=EVI(uREr?Z$Kag6@-_)kb$x#$VWI!nFoJPF&v zd+>3)x9gzbSPEr6_eD?uBi_=3U3^!|RxALg1D{I#(WZ3Qt1dLgHY9hGTXbPr`V-DR zp~*}q4|L}R{HV=MBs8QGtm`@sx7lKIXch`LX7JUdP`o&34hz&Eqb9D6Ga9xMZEB@Fv@$KaGbYC=5suvn{Jxu+8E4s<%+PDM-F4k^Z19!*DitrdRq zZ;yJH?RWIfQFNkn$hN>^yxRP5h~Lo29^i3S^l&&MbC0{ z-Ba7ad%ESLG5DatA8Ib}4ku;V0c;pT%G#-dn0LNALD8kPr03eob*YK>Wm;CS7}9HJ zZ2iS*&GBUik%S-+@D(DxkKVUsPjF+qbq)!@0|$3faytmnapYxXO1P91@z& zhax-)pM6~e6Q1a}ls{b*Pz~u4QhKxRG3=bgF@H<}u!p7ER_kb+G|ktMh}rs)n;sOv z3bJdv)ZN-uk8^r=AQW#go->S~`Ghp<$?F5B`1UC8$e>*2u{!P3kHZ!+60*Adm69Uv!rb)YE@;)oYN`!qo8o5RMZ+&M;^^u6s*>srpa zE*i4q1ky)5$EZGB(A0~a_R|{yH*T5_A6vs(3U9X?o$NBP`^bIbz;2k}?n#8!M24L`Svql;u#zT$2?|vnTQc@VMY$v;(??+33TS9G9a#^-_0}xx^Os7S zZOH|id~rssi1-szdv3*l3&svpHK34Od?{e;<}wwO8!XMaR;s}P_H+v5;{Y!Zo26}1D-kS3TUSY0fJ2RH|E-c92{q(~K8W-|;mq(K20YAN(2w@fx z7Qj?O-iU1U$g>d@&&~E(+{doeD>}&+UQHuM*a3>v!}fAbhg1=hl~th>j%P|uv>}?Y z;2s}CBsKYmRiTcftea;hJxD5rTaf9UCn;$jC0{HVI~?5twrv+Kh{-!c%J2uRIlr-bOA!WgJ+DvN;YWknQ4|KeI07k;b?Kr_SHbp}C_bJael& zfwB|S3iF30O~Y2r;9xK+jAW!eRbqM4FTb}B(>8-ogN!+4Aqzb*Z9Jgh=}x9_({hQ` zquCve(<8Fx&C!9dm*QvaCKwNhV%S4mhE=0fxnRlqaP5<&)-Xu1GKMqlWoYJPPjw9; zx`Dw@ug z#^B}*@>$m%VqS!7W{LrlC(BjfNl3?q@&xRm@#HF7t7ZL{aKKyeRwLw81TB*-uW@S| zKe*&yk`|?j{GLk>hN<;2(Sb<9;Eh7t_`=@6hhqlxaf94K1yImuhuYJ4ju5bc=(tKw zuiQ!!ZUQeGG*MxNKZu)mo)WvSfICn+d9jy=gswNWw(z( z_OiW=f)2L1Sh@0G>#r?8jBtE|zds}>7S`LL6XOdCz7&nT{Abn;o;X#e^nn+Qkg-91>xQ|)5n!jb2^t*+CZ$f zAuU}jvyP8X_1x2oJha@+t5Td-{2!s^|3gsy|E8H+K9VJ{e4aP5`^`{NzN#gfxH`Z? z8Tf!L@f+zKE+{~jiU5xsTPL@!_HR+SECYWr9$h(YUshI@vEAi4L#kSz_D*=ttGsF9 zNX1OoAWibMc+_VhM`eQ(rDEfnJeLRGO{uy9)z3&5)yO3t^;kRnKsc{#G5p5~@L1uX z$^VGRQqn}J**m%eaaFdlm-TcNtdjHP9p4PiVA~e^n}RVQ?brc1Xn%b-0iKxMpiaR$ zE-Bw~Si|;Y^f%Sb&ZD9ZYm|{k4r^DX>O~ud+ENQK*7$YUC}~Ky(pPwF=WKX6s$W6eBuL_)+6$Y zLoza|AC()yw(!X!+H$^_xV?G(4$Jfx&wh{4v-*{}B?P!1B3@Xs^p?S=Vtao7BkH|E zE6Bx#t%*LyqaE|}w8)6qtOnWi;jb}5?xkNqc5z(nz4Hgg8_ST4%5u};Q zla#g~vg>lQC>1$jr00<^l-<6e+iz;QcihebdZ_8+F&o@UwWXceTu z)mp10v<5q~x-?LN1HLOzOrwVvo~~sLI43%5R|0)Nzw6cfnTz}R#5;Y}?4~=2H}&Gt zA9u6dEq`hS%(yRjU`AU$Em?M5@-xKsIA&?7IQJ1A>@QM@Nl8i4-kEIWFDNObU{OhQ zUB+)Oih{Nqs8T1|?l41UY{bQoJXh>aXhyH|C2pxSVnhcAj2}HRO3}4K3_q<6Qmb+e zQUe4Z%Wbk_Ty_8uL1t>jJ|d9sQIEDZ?u6(jL|h0*UN{Vx>v=AIdSzhYD@r3Z7s}d^ z6OXxOZ>HfsQ?$0hNhQP_P2A?2ZP4xgQ+IPY3GJPgY4MvPld>gvQLh|m%rV}*Y8CZf zyUO;FunN$IbhN*zKPzGedqV}ic3T-^O>yCTiYJ|%cQyGTm87~1QT7P?HTM+g(pKJj z2=&EOKsvZ8)j24`ldbY|8_zCIt_u_^ejBEav)7ZsRx`|>bEyJs>X>Dl{GPS1X#U=3 z-MuV3I;#BnA@-88JcnebmoRQ0xQkH_6!9(~Di}LM8iDD7q_DMXQz2xX;hJ`U030xF zXyGFrl}VI8oRPI%SzHIGejAotxuVv*GS{T*sk}V*)Hl9{Wgj@Qs}5&I3p5HQeGJsU z3q{QTCgB0(1AbtVDsgH}-Z<5za__aeIe6mWA1!Uo#Joe`aXIaxS1w#MeiQ6l=^KF8 zP-S-BVCJCl3%v%9rdIAX?%l&~+jmzCM#Q?l)Dtp#L==|BHi#I_$K?d3K~4M>$4Zcd zowRy&;Zk|3vU7Y*AZlE4F~2`~j{`JaDJTZovmT_0w)2ddy$x;+7S$GC_SzDa_(KY* z1_Zxq?2Js59ng+{q!BXA_QJH9KYdTt+Z-5aa2AHzwqR${9|8(hYCLJkpDY<$f4gcf z(Ws3=gnam6FWq( z)|W^?k!@7()4qrgq-#ShN7mHS0ghE)lI0ymrK_ic5M^+JecF!CtH!Hbxz3b5 zb65Z>-yGuZ+B*BnBSUt_4k3xE-h@$6c9RNUd>4((^tY%LwFa%AGL%knByNx)e`fDj zUElge&uTZg8amPyzh-KsfR$Yc0ZILV=f{B*Tp77Gt*ZX6ixOr%*$8`I*zzW(EzNET z9h}t+mE2hy?bFztsdU?2>+Eai1i38|7#fa)X|`n?l2L{Le$jCW-CP@qd)R29sFxuy zqvC4K@mhSk4}(!ZUXzEMPwflQGE=BH9zX#pTJ3r)vs>P7DpWM7!r%jd?zTNJpvHryef$xM3Wt>@S6v@A2N8b- zMCH}cW%_Ze($|Sw+yRiD3JJaTQcI}tr8@Op;~sJ{BWALfwPslIE47cme=Q>7ww7E&ip zS94%!T%z1!v7;HtX0<#e}2gU|$8j24=e zW{0|t^7U<+9I7tqi5URqg`_1ymm;EG>{f&Xv3m{p#!Mhi`R;%UGZ9IQGTT;G6&W$BPs^D*GKHIMJtuAH!#a%$?NH$2 zOHrKRXK?7y5^6YZLyxu3|La;qU_T}?Z6}llyB}Ud-Kjchxt)(H5RsWeop5BwHU=hE zj-L@?_giwc!tst^nSpxJCfA<-aBs!ZPPK~%avgt9c5m#6KQ8Nx(lu(4p#KuPdYj{U z8qS%@{dv@>;(4n$#W5(nMx9C;s^;?(nyyJ6$oec!S=vY*3nV@$$46Y0Kht3=iVm!l zjt|m8S=xrNb9yb{ah~opUo7K$scGWk8h3oO%5&k9wk;d$(au?r;Uh=U^J8W%>9~ul zS-w}!u6=u^ZM7(apaZiIEu{jgcN5AsrtL8P_zTo}s7gxG1GLUmtD?JP?30OOj5oY8;<`X8L)--t!qQt)bM(FtKvJwvVmY2-Oje-Q(jbB} zDaqx#-@OP-^Xc~>uWD8LDqxha)65_%6SoK&vw{>1$S8>0Vkf6(l$UbnK@eRWeKTzB z%E-G8xxjp!kuV#v+iH=?e5`T4WZSdg%*33#OYn_YmbF}jyF~xpF@X?5d>@1E(GP`m0YXg zaWa8jd@(B&!s;HZeWO0?=cEbKz2Ja_XY0Fzf{J5?$-v*kt-S~u z)@_<9Q<2%Y6i{_^vEqgoTiLHLuQk3^JMm3s?V@#JYPet8pj3J4SEZRV@0T<_{WY<9 z9y1tc6qff10e~IVQ8Oxst>eL$hq9o?G-@`m_Sz7)`KTk?RJE?+Xi*kfG2}i5w|eTGl&B)ifC@-6m0{5-u!*fnu4sokDWqLL_*geu&EJK%;<(kiG zCETahdX|?336WnmN>2~pL+T=%RyE{u+IThmz#*-DY8u ztKmp_bxN6P_c3`t-KVVS0VaVy5iWS7^#YOA&rv()#b^(s@byVY2C zp5YbN>th)A5|O>JN~$YiX#~z~hM;=u(h9AFSH1wSC0@v_;f)Y+#_Q*U-w(*pl}QCLjcnclR5c_)nE0X@RH0BO?Efxp1HDxO-lJdWZi7@8Oy!sDu7@z zGTbkddG-qh-|}jbK|CEfoDdfgx8oLR&pVb}Z9jy9=}!Gs@oSf>To|)PWDvpFE_95+ zs!;cLMN5+?wI>an%j8tX^Vj&B&WvOi;>fIoosIKSa08msYT>VK#$~>|^;3s?PXnvP zh2U6so}ke-eKPoVQ=?>SLY!2r5;SEqZBiC^YxBGX_?+o^(w4AeXyd}~uJY+Z_p*~F zwqrUSRWOXp6wXnAA%#27I*)5;m(JI9Mb2FBrv?;>ZTApAXyA$MxQ(1EyIDlLhMFwX zrO7#mMs96;P@vc4vUNh`z3pgSO#5n4R(p`UjXMTncxn184C zgQ1J2XfwvU#hL1ZM8~5SX#qg zM<0fY8!%8mrv*E$z+rh`u~TL12dJYUNSxKep)Kv+Li%nZcWfzmb-bcXS2=9V$D;99 zJ@p-Ob6UlOm6QDG;yAjaohj8o^>40PahD@FMU?NVwQ|`<`PAIuu-`r)o0jc$_TB0B z?>omL3f7P(xd^Ld@#g!hUotNbD(V)^f8G|A8nvdqM!GA|>iw2tL=!5(Cg$u7d|*V) z?c|4<&+Wm#>}z51*jC)i0b5pNT=mRr0o`JQk1!I3n+x@)YaFOCvr(fy8` z*!U5?&*$AUHTVucj*5uIl(dnn)pNvm-iz&8#_i)%{X72O@r!!AP)@$^=d(w6g(FYK ze;`_<(#PyYcY9ssG&3|9{RRnGqxQ!;&|oo8USWZTs%zQQrSbVII)+A13wR z^|e?HHkNTD90oBGOaBG-2>NbMTxA28?YoZOvn+pBaV~DSuo;i3EA`8|mjCpoL_b^H% zcv_Pl$-9}$l*;?vE>~GNvw;bS>q#AX2{Oz()qL!uxQd(UboEI}esNnuPVLcxvwcy1 zR-(1NjehbRo2J8jd^?1e2SzwVMLlXbVA2q0f4X?j)Fn~Km4%7L z)WlER!z-DIkN zCocimdtJwbuhDwV>|5H$92xHePJbTOzo=RqQZE)3aq@_;X!XWh8qZHXtMH5LSxcx+ z7m|wdQ#R0eZfq9j8~7*p(x!CGu~a@0@qWBT_={8(HC@>|RWdtS8H>u+rrvqp=Fa8` z#WrG#(1Ex*s#Xd1BQoIWDQ{c0UPf>KNAwlrSFc`~-oS3iIm=gW*c*UQz)4{4xH^o~ zt#T{7J!Cu}yP>x?U?-9m&J1rHhzlw4jzKJ?-MueN+7=q0QuG}>l@+Z#a^QM*2Aq`L z+`-HVLY!ZuAM-D?g+Ck&_ivw9O|V3yq-z3GQw-Y$UzwWUu=P%{u>c+50Xoe`5) zjnndL#}C;&nmc}ptxZ}(TIZGhxrn&3_v*NBX)XX|l9N^WGj~u;?*I?m9Kl&jQAcVE z-6vEInmG>I@nUZ+b9-v{zExSL-#Jgdao#=bSIzz1XXjHYoz_<^%oAEWW#R*WaBXu; z51EgB0zKX1A2$Jfd&ZHEyJW(&zxBljBG`KQo52q0qKziaTV7P-m&h}D&p>1@1AbF=-o+OR ziyF+`0ran@$J#0?+9V%+UFS&ph8(j_F!}Isbw23BsfldXZRG$xic zo9Albc(8X};;%Wc2COf%#_1An@O$Ia&~%&9qfg5!QcDl5lvD2#Uk84Z5)o=vu+z|z z3ax0FIcQ_75Et4uinX+iz8m8QBNW`1fo*2JaoomO0f3p#R%Bg^R)eq3(NEk-#sw%F zd{2TXs{Iy!GsAHRG1x%ZA^d&2Yy7Z$OW9Ed!yuxMQ{i7@;HxRc`xpdfoLPZE49Ei> zp{7kev;XdCr76g3+>xS-XJB3ZV**{MGMU5eW?!> z(pPU}jzy78F=S@h(YM0#bx(*{S;beEd3Y2G!n^4Dh*BvdJ->Xc~hY_lxXGY{~gmuhW#^X zm%VKLYYRlfyl?RFb+)z=Ui1ib9l9lP1oEi25$<6fa=HD@@WkU3_L=X;nbZ$F_aoou zBDXJS`_$J}hOI;2LYm$2Lb_Wg%ZDFXBjV8%LQZ}!}6i=T#Ij7)?2+qz? z1=s|IUvbsAbyQjAe(c@Hw%*T#hSxq89Ei^^In<`WGJvmoyr{I+-0DcIuGz=-YgSzb+gEOUF^p3Y`M67Y9M!bM;)_8{~l;@sD5hPDlgxh zen6B>!{v||`&9={ia2}_f&cnsVujJ58pXf3;kT6;Gj|OGhJLMjl&SQGb%gI`hJctP zg&7WA{W=7o)DN~8mSiJRD9~ghmW&o zYX_z;e|QlSQ!e|rY);!N)4MrEQ>ScORBZ2I8-7j0oj$x!wC;+i`ufpg7rxE#ptPXx;5!XJ5}t6X;%ZExiyn zG)l1W9ZblMba*H?zy0ABX?y;A$0zDQHZoD`PRaO$Myu(Q8y_kZh=|_OzZE9|refa! zqd^EuT)k>nM^?F@_kt>+1A>dJ?uLF{6#4k+Q)%h9gO@M^^k!edORzF|m4|N%B>$@V zTrD&kmNT1$a`DkVw7bmBtUc>PiJu?4C}$s6$a)RzxGk}CT!WgVmo^Z6wa+n|s%D8w z$G=(_(<*?bVO`RBu2%73o>97e;Rr}SSE``ytT=Syf2#s~=`8J5fc`_MEbR#;{e%ZU z$pR^DJP+C7)o+EHVGwB=ch?p)9S>v3KQcdFTrV!W_}s%x(gK z9=-g{jPhPhE#%9E{sy%;bCfpvi_6(1qeOUBmX@pq^YW>0@RSxvwR3XSssy6L;hjN2 z+16G@PNY@cjhN?w^LvkcJKkPJ=K1K8r>g=lYYf)r?-{O3lw40;3S4h9TvYy4(_!hO z_G@snjTi#Sl(kZ@rZQJ8Ko0|EI>WgsgNFaS4_!u#^?E-vVa}ty5&o-IseCOs{^doS zK}hjDhWpbNtF{wev2ze+*ro@VF~c5$`pbETytg4~t7*rR?%}@drRBgi-B->ksHtDG zD1o@r1Prr}&B)&$(~~-FLmG~LJXx?3tp`=Rq-zU90Z4MNV~Kh$uXAOCR!pNLYb_mz zrWfb~ZQ?6bnqZCxFfV5z4ruDnPaLma)r4J|+RqnWr{omgev=M8AmtEz5KYMRg32R4!Y|(KK~tg7#?o9wDUnWfL+z zI!~_Me23IKHr0g0drV+K3PC%TpA5mscf3TY{sqsRUeHHI^3Ctu<~Yx_pihi`lm{o1 zQjxIl3MeQk5{gz1DHaWJSlZS+%r~3h_GLC8tl1lu2S4+5tXHX-9?Xu~j(c@Xcv&IH zI%iaj0H{BfBkT~X0+a7EHUBd8`8z67XR)%$Cu4EhwuMVBb==tPls73|{g%M+R=0GCye9@W1G zWswD&{O9k!le%dCVEZ$f%#zoHp2ijg5Z);7pKIj^mDH-xudjKooY&WAR9}D_2 ziHnGWTF4;bPCt#AbquND{8N}&fnxM1punG>5@PHg-cvE=OgO7QdhAW5K$X%)i;+jyN)v1in`3M{KJ+R&7Dk0lEnvggQV@mF>0z0*GNSJghFe8g@Q#Y}*wN z{DS<{S-{osaMm%iO00BjMODZSrjKTxj4-_>v&r_@uI4rxoyLthCqA(Yt5DHmL^muC z>6NUt`^&ZZd^Uvalu8@iaQ@&aP}MwLkSAFT|EXsV`WvuAo$}nUExX02wXe~g-v8^Y zIK;(CfE;lFj1^X;#Sy0|-(N$LA`gQB0Y}u+72F;Yi zsRE~+2bYtpmSBPR4M2Zh0ieB&O(jj4(9+yHfwu|A1X1c{A71<|KZ00Q#>+q05fI1z z`S{_mr3goa);6Ph>09nHU7}nu#2?@d6ZhG~rDOlL4O?=R*YienQzC@;I^$Yus0%y5 z2oxitBhQ_~a$tL;Tk?!QUd*ZPP2T|ZC8V5zDJYrIb23vz+o45|o zybDwAy$5*Nh++`v?v2R*$I`m=k6k$nr9O3+@`FZze!Xhjt8`bXA(F?a~pcBYQo5#Fl^U-{pSA9THA{Y$XE_=Q~e4dNf( z1G9ZM|BvFQ{)b^!{~ygFyPhua0~Cx{FqNlCwd^8H_Xm5ZHS9L=@(S9az#@8fieDRNgx?>gu|+ zJC07%yu_PR%S5nP<9~5WfUfPXK#NYbXS@Kh$7Y>=*K)rH%LW}eqpIm5RlGi?Q5RM| z#ARAZX+?e%@Z&wLbS@Vjywot+|4&QtK6^-_26|Ng3fKR6Tg>Y}q8>*IAsj1k!spw` zLSQA>IJD1{)X$sJ=O+`c>l4rl%JXa6c|9-wDyUnp9v!vue9G!)=_m*MGnGz9B2P(p znf{#_PyRcQ_`kzb|67!~PF_*5wn>`2Defyx}iu%3gGFCvN4ayy$I+xj`S@ zlnhb6Vwe5&wDjby`UBGTTboUz9~!9P*ZacAE# zW@1A@;kxxo|In4jVNd(yWA?E>;u4C$ZSG-|kGcmILoRIM8Ti~Igb(UL)rIl?t#iuXH%F6#V@2+@Q_4%vw zHUJ^}?TrH==Tgq>O3|2b-lqI5FI49z_*Jv#g*v_tomE8V?ZH!JpMaNTvjN{8`ck&g zHz(VUrks5TkoFCXHGi|Tw>uWciuVmG18gY}6Nsx&18s}RXwU)$wRQiiiiBO{R2^o6 z(*I0^l^w8sDJmy!uK|6j1JtM%^K3fp??&`JQ|FJchU#UW&bNeTAMU-urYD_Rse7p% zKW!))k!9CFd#jBhRL31KA9)-{Xahd8%)_%HWP7H zL+t(%=4+LY1@DS3QxnWek`=AzUfs-qO{ITTlcfo!22fAi15Q`{Iy10(dcgku(a4Bb za;EN%pWjzUM0K<9ZgddJt$=y9@2&<`#5z7`;F{ufn9NvEIih@91HKzHgRd25U~QMJ zKza%Wj?d>Vehf|SX)LrG*SM?@^4j2KW=(eKNYDX#K$|lHh+N|Sup|9)eRx`)_UEiT zlj`iJGn!E!i_pcG*_-~egZ<}<5B82`sNkw5Td?I33I-8@ZZ{1iuUffs-^SgHEj{}2 zlDvVppFU;;3VDftd&~N=(!--G88zoUl^g~wxgDo#IZ4H$k@5Z&RyT>9_(ZydOa7mZ zJC6kJclCGEZ|)uR&8-PC3LC7xYAh^OTv>gRTU%)V*ZPyzZ(>1#!8~nf8d(Wt* z)^=UkhAvTbDMS(n1G8YUq#<>Ai*` z0YWF=#I@e{-DmH$zjM|(dyjE`oL^y#gprx~%=z5ceU*Fu2g0@(4!d-H>6aH zpm446N6%M*Hb9pK{V88{HJBknO<%RV3RvxexcQdyKYJ%Cs~=Y-2O8%e;S#?NVCh2+wyRy-ieJ|K{YaP&KC?1M)!>Gtn$ucwE68p(aFH~+J>~Q*nv#8b z@?)r_OLWx_Ka)Rt8QmDvFZFeEh&r&2?X$Mh0qQ`d0i|AR@^A~^?H48dvZQZ}>obuO z&LWz+k|Y#@jLn=#md-pPI8Ou2<`2)qttI*)=;_rq=#XD^1Y;0{!TKAC!(mP5*4nub z!uMW&dd!F0zD#8TRTW28us`S>m56;^y?y*?llFW;V9fnt zuPFtauBt2Og|W}L{Z5skFXP7ATCtgIh##^8>sRe!i{*E_6r@h3n$Xsbk-PvV_e5F2 zk)?6rGQMZoIG|8;M}}U%1z@mVH=OI}$Ds@%Mc&m{E1Nml3zFG+__ShB+`olo zK!oY@=XeL@f=9l{0C6(DzyrzujBNbd&HUW)fIs4BsCtXT<^L zXW2FTdu5kt=Iq2zp%z$x9q=HCuA8*i+y_;`2Dj_>JE8GK<^CQ~^it{~h23VyO;- zs`$D=Zr^(Of+0l6IkJz|A9R4x7OrwnV?PqoyG*Wnc!DlFxyiRpZII$SfPsODZJOqGO=w{JM743pF+7yf0E|5+$9_u{R(}HQ{oV zd!vJrz#KC{doMK<&MBbgFLRg7Xn1fC;R$3X8oES>p{^3r)D^P25+Sf#?K)zkV+8EOP{XhlI3|w-mX!5n+hh zP&2b#{Yc`9ZxfcxM{9YDue(ejs%%)6F94j@xoBE+@=Yhhr({g^p&9#A8ZdcG!m~d# zZZXem@D%8}LC%5b1&C8)2R0bijm0{YR0;s(RQ7k7!YNJd2te@^>}=!bzYni)AP}ZW(4!BBLN%O^P6txp#H>v85LEP! zQ_kp-Q>n_#&ThRLZEcbXD7(S11<_8^VVf9$6nszm7HcndjWc%BET8mK;9IN%h0A-$crjUJ{l|@5xA`CbgJ?4I zTD7JP5jtsEaCMqv;WA=0HLs-;%QiSxVNsIWDesZ^;fXq}=1g~A=@iFFoM$s$t;F?K z|Iq6zo+bt*gZ)pMj+WVZL@{7A$d>lK3tTVwxS~vC-Wchxw521xq zGFX*gi5s6BWw$oMU!zmGzcRC!jsN{nc&nb1@i4RWd(Fc*$*P=r>1?AWdY7>C167RN z*#kWmW4WoO8D`T_M6a)UK z4X?fP)7(^!Uw8??;Q!^c)nCv6e-+n)M@2`&hRz{85ZQn9*x)MnwSlU&+T0qi?WGTV zwLPvx!)y_|p#`t;edG|e|`=t;TnmY~C4_=}cmdDGt8fNNEX|g-?1VmZ|UG|6)8?WY&() zP>Rr#odCQtnhove7+9}PL|#ulEd&%izr;boJt2L1secM?&|tx+$ftR?Nw?rJ53=)c z=TO1A*U_Nv7Vbta^we-c*q#lkl{0&$0W}y{io(!AwQ}fGuG#EXox6*Hk2xrC`hHDc zqWXyPJWU%3@Sr^^RQ&t~giDA^!8>Ggn?A@Xu6~2xW+hB|56|LF+jGOi&4UjI&%8I56qmWT9)kd6D!7}ddPdWh7s+{Xqx-!7f_A?)1N{j#J+1}oa?`-S>% z6+W3CD^$0!KZs}J-2G;-G|%CTi%9Ca>Z5%dUrKDh+_YJmC-Xpdmxz>h3f|;f$z=0w z&w8xk<3IuA0xEo-UdTi(NCzd834R)xo947Hrr9fNoWJYCEGC5X->{DXbA;w!%ujY0 zG8^LL8C$$(^B~n{-sZ5on**Sr98C<#6PDeQ#d7ZlfS3!)jdMf1hgIVl0_@_LVpE1J*7PG&w&FR(U$TnD6s1#q=c3v&ZUfDaI zY?n06h7)$3nxc=26f+PUxVBGvsz@6p&j0Ww@-7>DC~QbFS^UDqd5@qVC1vtm%T4kl z51$LFmLHTLxDtk97A58PAv!o4`-UMU!tf7OYnyN3MD3_Sa{yA@H+Tb;_89*-5F7ad z)Y$<+j`q;6K#P57BjcnD2j{3IN=kaqPeJSb#MGQ9sn0F4*kcdXR0USTh2#dk4!wM= z_xFi0lsAYtcL%IT_tmJU=?At+4pn$G6z;nEG|R8XoVw(#(J8Zx-DjDXT)o=T)iX15 zJre-Rltb41Wpvqh;w4nAY3_01b0Vu7kgM$Z z%Io1+!pQx7qigwxODA9}`^O>+cklQSgRIO8aMg2io*mC=q>3Q9{emSj`PsDWGR|Z< zeIj`32&JsSocF}|StTI5`5G-^SD%L|XRB$$N)0Td^5XK^k}0sgrHcTp=$~-wI<>)% zq>@ZVi2hI%iAejs080siP)mY>;ThrCSvEgb)S>Nf z)7k(Id^doAdt#hVki86G11I+Ig~;R_bT+0&MuU3s{pP}BD!0r%P~z*Z6PhCLCQ=x41SQ*HDUZD zZ?%rkSbxmflLdr+FG4tXRt_|P6L;phYjn8Ju#}$!b>%^{2Cp$=e&u)(P=aC#A5C8& z-I?8e7+FUw&;kZ(oZsNn1{!)_E{!#`+3ny%lWM2&!O2agW9@7(bmF%`3lAUZlvPM+ zDzj^;$*7Mfp?gMBXFm~r5AlIqIg0rXJKB9sStolR%X@wcZCfK>djE7q6RzHpD z=amHL4z1F`p6FKKy3?f5Lh@BRi96ciId8R?8OV(gI!pa-FTHZZ!4)YogvI@h32nXv zL)W7x@^9(q_zwPgGO(P-=i|1j&$5$#_kb+7$dz3gZ@$3FDR_ml8=R9GX2pJSH@ivl zw6Iv3uJoJE8nlSZ^rpx~?H4UiK-D@Eq!md8lQ&KY&D`LTIEP;?Dl;1 zQ;a+*X=l8)Hp}V`?Xou^*pXx9&xbhVM)-s<|fJ6J(0?yS)- zxSiE9B*u(t3S?iH<+s9u`cK1(%Fru!@To*rv)cGI>U~+G)U>c*Z5B9zFDA;}}k}xbY z*6*q0{|~WF$#?8>QIzZV^aW3UOO*0!*U|IRbZaR)4XS2P7I%;WxIlv8<7)u6Id*C1aDri_3a(`TQ5EgF&-@hd8uRTN>w-rYEW$Z#&uai-h3c@0#z+=;vw4UG4OZTS>q^yqzv6lnLKz zM(6r8Fbw8CagLZ0GBGSYswa5?fMT4iH?`N(I55J?%kBU=h~sgo zTt0_AobX+(nBVM@T;sfZSKfWxr)&)&>Ck>YWGibTPn&f4!Ii%;*7mvurb&U+ygYPz}wnGC15h7rjR_&qas}^0EfKll-J9M`t zY4@t&t%MxBdzaY-btu68KgOUcq-m5xZsac)k91Tf86;zpj5|cl05~%!7t}7!0+0lW z$twNRuYNj;61e0@^V^WN5-q*zeqETF<@l~1b%U4IWv)BWovN=#KJvI*R3z2OA`52{ zSNXjb!K?3B@e5?L8*bxktPZF-C+6q-EMaMdlyXwEG+`Kqz{_ zQ`f3dbQ;Z^R)jWI!D9<|x-nqg^@3L07X)&!gSq(CrNdPRuSD#MboQ8Dz^Y)RvopAu zA?C@&k~;LZH8b*TcRMxhed5SZ-e@akT6X(%liG}KtEa*P+BrD+du{cf`-Pj&p=Zh= z>z={S!;4*>lK^Wo^Zx5T>+=m;5=L1E3SE2B(hS=(XUF#rYu*Pb$3;((GSz;93=YxS z7ZHQh9Wgd`HtU^^QjW6pct4t#@iSiP(j*C^v=Q-dAPX;l`gb!d8Lk5iW6@eq#!9BP=K6^igL-9QpF^s_a78uM zZcWc->&{9WfA+%y&4;6`#N~IAJ6<9>p5WHE6?m=PC9zSwN_!6u;12BYS3xj3rR3*f z0?9Y>N2)BW2EIO_5h2I?)AjP*R=-&}gif`8Vf-5SOR*wystNbf?|D=7J+sn9%y;b3 z?h+XxJ$54v6Q9LBtjk`^F+0wbx9fJuEhseA`XbXF&2;AvEWo$&4=ivp`w^7lCX&8L(E->+02P#u`j@Z$C*`9j|%(+wR!TY6LurV<|njPlx1?c)26z8D&h{hC%pb{cm^ zZ_FjkyHpvk=O1jGT$!G=LZ+{jA}KML)0wH@(eP|(4)y9y>#Fl_3uQmT-}62BNdvq| zP>rQ~uYK^LOdyDrh-q%{k=e)9rV+vRbg(={SBC|S( z%C0M&?8>aDp_pF-0wqGO-pshakxYC$R+Qv`N`X`9_cLKvBsN~V*pa|G_4+iyYx<># zEEsbj_T-7LC|)(k<&8-CM4$_{K{jvF%Jvq+b01GGi7&A848~%n)O2wx1bst4)!n0e zAsW8WliQcHoRaltr8W1zS}VkH@r|W4T~PbFsU{9y`93TEL?TMjw11AYYwy8y_#!Jf z?0XSy6l-L#2#*`mA&aO28WoopILUi3b`*T@O>fqAFr}l0b!*jDbanar)>9d}Y~Vta-wKo%c|)ROR+K3DpX+ia*MhCcBVQPU!D=peS$U7YAVG1zMl(+(CCK zx`@g3K3tIm7iGlVK_uqQyz3D9)67!ph8`3?$4SmE-h7oV#3mD$A3ptX$x$QY(wWEB zUo|aQWJ96LhlU5zAM&4fip*L!X9&^AE^E2yj0blG)0K^3KL?kOb({(0o{~Hw@0}U7 zr`SN}+H#Aw*HBwGTLdp00}r$OFZ)Y;T!UWrHh^peFTkieZoVr%1&XA=yVv%gr{hJ8 zbXL2Fg3}h9D{#Tcz3d3-(1(*+w8o-F(o!fKHCj<8nRX!8pFVPd`OYm&UQ#AHXX~b- zV*0O5vQY)czO&8tUD{PasD>~C>c1ymcGXi#MN&Dp>)}O6j1lVwg3)7Dy6pB?N>>|G zx@t&rBpPoe7`Zq%6%S*T78jSdiSXjQ&9C$g0bjT$=5^Z#iI0r7iHdwi;j=0ia2G!w zpK|lxH_21WAPiGMMq0g|Ebq`b^B&YWL%vDz5yR5QBE;-AKs5=KW7NZ@XO~{RiN4EW zjUT$NcCZc?d%-f6o@dMs=I2sU3JQvk99QV3M)m-?BK5TY##qt6SEH*TZfj%tKyih8 zZLbm-jlEMz1y$;HLnXc2wcFCAcEbaxfW4l;(saWUC&Uo&!`)GDW5;_`izYU@P+eVJ zFc_?@s`_!wzgicF?eOt!`%E~DRzgioOvtaK)a~$rB6%z;r%pWhR({X(=E}MK-gHG_ z$B75oGcN7XJUS8VYSxFZ`Tp9%yU=f|_JbjpI(H@5dL|Oe)dkUhUKp5%FfcroR0KW_ z6`AC~q;6q;&CUsSsQS}X8-8Kldsq_`F!bd`VRW6>1G4ArA?)qcIVtqfxO=}J8_qB` zd*YTC!;Pn@)p6&Q58WyS&c2msXMW9m|Oco4N4hX-h93 zTL(>_H!Vef*af#kpq_erZHu;#rsLjHhzHC3+3%X$8$HSggqBCV@ez+9~sA% zP=`JASC78qdiHj+46{P|rjojf&N2+S*A7q*ypOFfj04BrQ?;Pv+l9dYOWOMR;lN|7 zY;mW&+JQ;=sa#KT?TvhXt~PLd97?Jxm18K^e4l|+(4(@blWG+aUeb65{j(@9%QbbW zs@>mDhRR!&m|*2Zi%kZj<>$Gd~*F*c>l}rs(a#ExynsRxrhkU$asgC@7rD_MY&_ojU_YoLi3A= z+6-l1;Yu`oEu8CZHhL|> z?$YkjefnR}(SRypmxh7cY+X2AVxb%z#JHMd%pCvgChSdG+8q$Yc}G-A+b}ZofS%=L zX{koWUbY&f`c9OTu%W+$J6eyOL5(#6)5Vtud%S0zf8>!O&=UL1`OdkatxodROn#zc zMD&43i*1M%UH?6nu~gxsRBsuA(NKe{mioNm?%-xJY|A^w1!907GW^@wuF|=7TwYJ9fJh=D94y zdgIt#v@}hSMe!}%N9qLRn<2}Qp)9o;voSX*}V z1gy18OSX!RpO%ZOYgskjnbPP;tNppY?Bj7m^N@dO8r|ng!eZw2<8YE! z4cY0Fv3GvAIrco0r=!o!;mac&4(fYtMeF#S{PYZyq_OJWTuP9J96DN$=jgK~`Sa2| zBL&NDtRCpls;~D0U@Wv2x9{F*IKRPoR0Oh z7^kS^0?nga{i@f=8Xw%xT06=Yd!9=0nkNQ63|_vD@^h#4uJOs{yr*g3|4Jc1a)WM4 zH6}8WlT>)OW{49e7wGAdThvI0k_H^)HIz<+;gkc(zQ0XpxvC3V_CQH z<*t65%^kuzWy$sMHn)ueRymRNOLz^`bnwbjk4>0>apyK7_7+C7S5cvs%}v*3T-#@N za2K8IyfMl; zazKUYpK=Fz;~#Pdv%CtlQdC~cP7d^}K~wY9jukw&3QFLmEG;@9_J`FMQMMI^zH_GB z4?fE!Ydf`FRNFSZ59#(|8hf}N5Qjrctb&6f2CkgfPpYXvClfO@wIF%cAC??fF*GM0 z$W;PY=-BJQF_msQ;C6S<*D62Ttroo*xaqD)jlq<@xg+TJ!w-jpYI^oVjo6JDwM^bxsYDXM1ND3wBoFM;v zA8f_}V7(L>_;{ZL#0|izCzifx3Lhiwzm=`}51}c(44}o2{6Rh$@a{~kI7V4Ho{M5Z zFPsL?0julI{lb!BCHp=7>{tNNU4 zGDDNYVkKHsBBkw$CNk!(`vAJ2HXs^wpb4K7GUBB3;PHaY@Bmi4^UA8K+Tq#nrjR2k;nP{6WlsmY z?{e0|ktw}=^SkY`-SDORI>^Wjd5v&(YO3bgWo^RmCPB15+!)POL4M_@Gs!v%1?(-V zn%L1}g@d>~A`e6i2f`1~->tolu0{#)C@2AU7B)S@1DRhtPlNbXf@O;PXwpaT`{+E!_U$`vM=~ZpOPcG`mBNUW%i= zBX7U)e*pbx)!rDnn6E)X`2}_FoX!k`*KdDE5;zDO?f2A>u(YuaBKJ3ZlIZ;rlr#Ek zS6jSO_od9nEzO3;3Y=$+rkThHSo^S_9Xz&Z=JP7$-_sH3+rI5@+kSE!(%)?50%1o$ z3@=^vIwc=)TBNweu!|voc^9O7z4YO24OPNx^t1kXRKz#DTYOKG{Nt9%J0R-s4^9?Q zy^N=(h?ES^ddTNlq7sKVirG z+i#zqjv|a}vDI(_>3Z4^N2*cOinj_)%^nbzc7R!fQZ?r%xjIPhai0oAodkrcG|H8Y z5UPh$iDR8h$7z)xdOW*2NNIn_v27=2zY1KU*PSOS3)dZ8m0gej$$QvSQn3Z}5K z+*cL_d!6@SjbY)0x{Xrs;df)niG9-&PdCLV>XA4diE*AZTLOfYWD~OqvgftO($9PGcR>^T=1OD{c`*?TV(ujgYj~y0VQx5G`}2f>-|6_*8Y`9dKG!Exff~ zE&?-2V^m}zE5UG@3t8O7glW$rhn!RC;afAWPsgttV5tW3F}Bah*bqqLmO1-=b65GI?Ze$t zur&uw=~|9CUzcWlCEC9;#IDM^wXP^KX>Bt&dS-z@Oe5?T^z)G}Ro0~6ftw*O*6(lQ zJwr_gZRjJ#IEXipBB3!k-yt85+`i~cM3q_V=05eP{1?>`a@(h><}=U_?oPj8lYNnu zdYZw@!Ppg5noAFu$=A5A+*BFJwA{QUVX3TK-Oqh3r8QZd5KF$nbm&xzaqbTJceF#| zxdrKJIo&W0Fn`-62ibHwJ9eCN)%kd8E5TV#wStAr8lBabOb3G}9G;TotW4OggIl=mt8_rsYD(U2(1Sfk3ON zu=63n?LGPDh?Ku)TKL0!^t1LlZ}H^I{aKQK0)W5FO&_PEOZsGX0HZ&lM*kz`hxTBN zSJ{})w&BWX72Mc+J)od!Rif0Y|MB?#*ft((r=L9#MIzNwj{$|-;F*@Zyn7%Jh>M-Q znK3+G*d~iib~26ytkby-4GlBvuM&sgNX-5bFbSf4-0aFtJ4*@A&78BBZZ0H@7h3?6 zJ|r@(@#t~hxzhm0+71c`TlHlO{D5HX{jM6xr2P1FVzC@<6u`Bocqlwk`-Dc=2~3!M zRan#<);IO7lfk=NK2w%q@t)&xiT`Pkn+lr;uZ%vU+cC*Fm6U0ZAE6H6%c!uyE?XYs z=*$(ia3Trns2>)NSk;;tw0#nFIFAK9H4`|uWBo+h8k^l2n57|m2;r;UNxQ~tuy8?# za;%@M9Lt3mf{$qwGP+=M^P*XY2CQ+vKk7ceK3hxDtm|M>I(}MCNS0^%<|9)&Ga9`j z)RWn+JZ8dnoy^t>BItbAVb%(yQEsF22=GO$drJ?k@~Fj!XFkX1EZQc1^F4N@j30Ll zi87K>HfHAL*3_fJ+7{^YpDD7BrydcUN94Eo;!``^58B$Q0FEEf!XguM-e%mu@$d&o z3PuU>sEiqY5Vrb$6?7Ar5HV^%SGIL^8c5En(I|RrzyZyjsis+`4Xi`i0i=1!;sMs; zg1EuH0wFbJEXfJiow9e7tdzgM)(M}(1kc=%d@MbDW~ZHr23)Fs;^R&15Y_Lg63%`@C(- zKMLvmrUV#b0_anx@XMaXV)s??Q!8Um%|_C;d~Z=$U7PVY|ME{GAPN=e^o7R&~qxwT#rsM$A)T49h^T{4ae~G44 z2;bbIEHz>vn%g84p5sV3(-hJQN##MC4%h5|$Q+)IN+eec6d@ts+pTcB_`2mr-;x#d zZ7NRNtya)DJRNTQ0XARdcK~E-CTxBZ2hKKL$&Ydo)T8VGMc|I-`IDQ9j7-ePxGNZ< zn>QuNVLgj~g}^-L4$G1O<-yN!aP|%;vHn4*i+>#Y3mX3Oc4&_p_d71$UMU3bY?O%m zH3%aUYGuP7on&l+b@+vQcrzkl^cX#*%wt~?#9k@{Iiv|jsxapcuN}qYViTu z2IwwZsnRR0II7EVLy|OF&Gu!mjL28QOoq7d%yqU zo!O-@3aI@Uf*sG=I`)PF4!aZhcd6FE%io-C{=ewA`>*}j->#Q`tCjuFCxiS~y;Jcs zT?rtm6Pn4n4puDSKW3l&-#KmnFEX$HgS>y(R8Q6T-zN_KtIp})TH>f&DrNHFA0y_v z|MH;#|2g*hTVM1){dEgqqpZ8+u;*RwH@!Y%rX-@Mmc7*@;KYu+%@!yMxz&>eg zmlPl3%K1OC#M)K?mRzVy*B-{QpM(49udt$ zjSP)lvEAa?I^6YNVkUH;o_T+HBwIOe=d-){O;4~ONrw~EaXnknZ7g@3FQ{KlJ+4HK zPh>y6ftDSmk&`5wc3PaYrQCcD434T+%=ohJxzzh|dm*bCyLxBV#Xf7Ixt3$!#b?Qi zu4dge#HPylbo)EBzs~Bl?PEVTqv|`Cu(K`#w{1HvEbVo^Tyh!rT>0gq4iPCTDXf|l z>BcS;|16UkbhzoRrW7}KQ21nw^bOC`WZbf5 zH(<66gQF@?#{@-8p0C~q5%pefdVQPWA0B$8^RYUMu~>^5o~E;lL)qhaY`Xf(D7Y~( zhYL^=t(_a+wxgKJCt`htL=`>^$mE-er!yd4`1?xC+Cg`g&Mbb8>9iRpx@VRDZs(9cnj1r*7ds^mhyI zV4dgtUhDb`{pJ=^L`-J#l$7#)_lS{)K;JI=QW-tCUuhIerVB~fdVMFil7aag3V0ft zO=rJ5caO2t;PF27T4GjpB(M7PxTfviT|4gh3^>dKU*?G+PE%2rMEAZ;a3k(%D>%lk zZfptE=9>+xehS_xI9pP zqAv_%1Zs9B`kCS#oygmGBZ*^Rpjieykam^QBD{IhtH3z!l;lYI%L<*%sfFLhr#{R6 zqVts_*>dAC{aIri@zQYn_4#$4;o6)h=a?kF5l5#PM#tXf+c{W=IG~{Inp@W`dd)DJ z;u|=;u!wTKIdAzs0!?bB66P)+sN|k;xs?&4eT1?)&1kjHsBRL4zOp7kV>RQT&VpwB zddzy4kF4lYE9WjEv)`CpDA}FPTDreuG_JtUVlQ~X|C^9g!V168hKRx_#W19}<|8wa zyZa26q_?z_e7U^@C5Y@>+Fr0Kz*w-xrkqgbt=Y00)O>D@Yj}CMim!HJjZSqak42QV zA5AB`jX~YHbqmE|Kc4#e8!>s|^Tk?0gU_Um(wfH_Gqa(`S^XuUXIl(*W8#}LKV0zc zt~$=BsR>z^5R&ln4{R{n^F}UjIDdW7nsg`HkiogaChyYaX0GR2(MX@I zY5K{+sc*te?(+~H>W`eYwAgOeTN#NV9A2l1_v++kOAYU)GZW@fVhRp|^@Chm30}hB z+4or?hN*tq*`)QSaaif3G@0pf7^-fjNbWd|?5ZaNSiyX*WhK{&C=SacrFLRQ^C#-& zNW?m+wC`OH``%TR!*$ zJdobMjq3N)Vsf0;*Avc0o!zuvgSdH9?dj|gdkO+FqT{(%>`w#5i;s}4N_&SI%%p8o zUcI_S-S2{!2FHuPVCz31HR<=sojmqR;6cn5vD6lVX2N7x~|bVLsfWp4_+Z{h+FH TMH2vhCzKS_H9ikl^kPf#B{QG-wF!aIxU-?ry=|f?wp~?(XhRAi%}lS;%kxQ{PN| zGdsImTeVf&RkylYPM_27dG+b%+|X}w5{PhkaPQu|L;NZ!`u*Lz_o1&pAT0Fj8J{|; zU#~j|`|lE8-j$CL?7tp-FcFp&e)kR(4gaVQ^?Ll#MpE7W-8-c2w;x2mb&=t_cX`rZ zMTM1IbPiV$wJ;pF1W%*A9TWW6iVSCYC*VC`>Cc+95EL+YP{y^YMLw~|%aLDs$ixBp zWE5h-zL#IVek5iXXGgz!FE$xh%Q{a>Ez1|UUL1}K3-htu?cv4CIk}gZ{mA=}w~gl3d#GLXZ8O3_3w=E?04+j>`noOZNm7u#ZukhHZ&wZd zNn_vcw_u_`d%YTq7$o|3wW>2l^7X1iQq$%1ryb>^1701me;PRFpnpVXGPx#@k>tuj zDArkY@m>lK677B1HMx_4`eVEKh?#6CUkbBvIV@*mW=`F7@t7VAJk-iAL+5dF43NV0 zU}V_|JK4#-a#vV|8I~3moxw0X4VO}OqgbB@S!p5X7p9N8w7Y#AUMGlg)9g$t1I(9Ltr(>(>ul@flh?zvq<`_>fik z&ZY4)_`r=+&hl#yenom86d0vp46Y+!OkMJ&K6yQ<7H3bV->sEaOX9fx0dzJ_y-<@s zbhGu_N5A@s$?lT1{@L9W4vOkD$=1BGZ3{^~ZH@o56FY8V{_8#!8Cl8nM-LuSIQN7$ z7G=L&S)q756tt7<-Cb})Obg^>Y$0fSlu#|nZBheFh1}F_(mAY;rK6r3ib6VZm;P1C(c$9WJL9XINUn zJFLc`!<_=_-et`9WD{@);PvfoT&kGI90+17J_Qad`(o3~v?$n+;?U$-?|Mt2csqEI zK^qc!4Y7Xkc`Mrs->XWj%DQdjJAzM}DyB4P*h_%>jY~eCMGW~Na~%{(K_@@4&(2ii zK;=se2;E+e_O;rU=|o-RiK-Bh zuWk#gwxE#Lf#4o`U`n-s%c-zW&!v4TG@3VqOb+H2k=(B@ndBBxO8Qx@h?GQSnm{`( z4K7qJLu+$wx-6(1J)KBN9N6J-##hxgE;?5n{<(xBy4El5- zp8%Itu+vhiwI{93S@s)rpvc_nL2y_dLcPG!8$&gBuJM>Xt^DRo>3Jy8w&rAQRdKTU zxvUoGnY&y;gjUG^-JI*G#G@e}or>w2lkjn;E>XEI5^MI(Q-|^4xq9q(r_zh^tG{qA zGV=#0bE2Z;r!`Sd3hFbg;Y{Y}uzMC*K-QH{Z2CLSy)z^=zwY88H4lWi58s)8HSH&a zipv+c!U>4#DUs~8dsJfyRhO*XZ6NkpQi#d7qfh2gRFw=4k+4BqwI;|d&9?8Mol5pU z(;-zg_EtKV;7ImXp1kq6t15rEgYTu0< zWCWH;%Wv%A@?PG_GDkfr;#RyLZo;=AB7U@jtn;FMDAb?n6%802RO~C#yF{_jnt;&k zkB`!HZA}{^?vFyQC%f++lC3O{yEm94hMcIs)ad^i&UIf;cssmI6=OTeGf;vF%`mye z-Y7F~-j-Ot^(U1fvm=T45mS1t^fBc)4hB&2ID$7{t9vxn;A5)%*{boU@}6XBz$b*gz6^ zjCGOa3@+}i(EZ(kK*w3$VrasI#=!rP6}itHC1T*}ZVo5y8x zCJv#1vmpA{@UW_1VyTm8#X=%A>L#1J|EPL9T#8QvBf38$W|2w`nLD)}5ccdzu+KsQ z=c#+{t6BzgsloxleAA)Je34QDp+F;k{y2Ub9Kt_PQjo}W)4l4ljfsnr05Lie?+HuX zQZq(LBBgGQq<@g?C@DZb_b{%$!0i30K&}`MB_F)Nm}oj!Fyh7z))2Ihly&(j7h1`F zwd3f>vCR88gy`w6p-Y?rf@WQx(SNDOwr)}xb}$yq)x`kkND0L=PvFGAo<`u?sE1L3mY8}`PzOm0c zXta+n4!6^^J6*Yvvdoor1;i@9&!xETzA{kRE_0+ZD_W%@%Y9gs4eWU;o!dU5racp9 zUtLD!jftfdZ^{g=5Jc4n`*;Ks29@E3w`YWZanr|eBESne>;8SJQR5(VQu$RaiNHs{ zwaj131hHDHy^aiMa#b6$MRK=(!954Q?=f-X+t;dC8e<`wDNnN&3Ub-!afKBa`+0$H znewOo=rGz>yVurz)XL*gOr@4{VgRqjS&_;>+wHS)iy$ts^&ynA^w<5`ABtx~?+R%y zX0RB@DfP5dv9_PeL=4gIU;x~l3@%uNrRLW3+|i7xdzDuqE~~YWeb(s#?K>f^tu^n! zbpnu)EkU4ZkxJ`n4WI-sR}JP1&3dP}QOb1|LAa{;Kxk;k*`nZ?NN7u9d7>-Blgy&h z;WE6n_f=h$Rc`EKWU}*}=Yf1k<#mGPLb1^7AbQ>({-`J^@4n#RQ}GugoZH)F7hbbq z*a+7h@SL5eF5v}6H6(8vrr2@D>CoKZg6&tG;l_9P^~eG3D^_Fa5)OuNa+qqA-%_lR zN0u1sn3-GEAqZ0~aKU96_|Q?6b2__L_iz#~69Mim_O-dFOW{X$I8w*Ub4x> zsbs1cPIe?8=^bIkX+{y%C*5NnTOBpTB-%Q{aR2o3SO)qs8Bq%GBWjz6BAALK71j|rEQ79^@jUV$&RqW<-O@L5QgTa-aERuGjnf2 zj%Y`tv-n1+g#g#bmyoWP{Rfo$aBXzP#*fxCsOzzejkRUO@(i;!ok^u{xiew>0TM(O zlK2|TRo8@7Y&(PfKU>Zv1YP0@6Et(SebzS zTW3@~?d^6YcJ!&VJSuTk%7i_3>O;UMWJec-a{gYsCN3p>yYM#bi$=LNvq1gW?X&Yr zqP@>awPoZhPr5z4x?w(z2RCyXGj)U;?CyL50{1+-!IypH0B)nQj1oob+h{wG&V@5G zcHn$3pHrD@=CI&2#P*-a0Ppehla4lX?}&_fV$WXiioDoD<2TLPctS0SfK5i0na?>3 zWc4V6u@7Q;S`o~Oj$Cd!GTpE9>$y9KM4lAU`@tLa*Y9e^UN@U7!k}VlH}!JvUMtA9 z#{wyPukrq~;|Fxn%7aOSVKrU5W;f{Z!4K)Q*BOw1h9Ik2MD_Yj2QKI%4#Isgcg3cF zIN^d3d-~cspiCYCLLb4FD+E5ed{;@%5Ytf8U*6YcJCvjkAH7^Y^;ADDW&;RaKbW5_ zIV@si1rs*2sHaJaI$)QulO#3`X1myrj;12v;7k=SjR|J65}DE>HDHf#!wk~{ktPsq zY8!XI&h{Z8joPRdmdNhIXq&2`8xMNh9u!RxEg!&nNq+5&l5HMt?!nme{$}R(?206) z1>`%E;Nj`YiJY1SmTwoHR0Ex1nw!6DtJfNT|L`6gm8mpf5`I~wbA8kCwz)0R7kRv^ z(iU8~{Ue7x{?UW5pfqvP?As=5U`yTusCKLAHD}p(t(+0V)DrDOPW+(=Z<|ZBxljS=%sSAv(qs*Gn3r2BSdoy@Ydmr!D_nzhP=D@!bfnI=RO)X9v3zW$Y&Gne%H zrs9}AK_k939d`5+mFZSOZUiE^j@ic-4RhgBAxQH}ygbY$2OFhS7WlL7c3L*=xgBw4 zIO*tzAPZnt6O6P@@r3N6KXPvT{!W+?ZB;A&{oH5qNqJQuqtQe$ILhA-eSycI_Etwq zDqLI`2dqLr4Z!Mv0yS&Ltn2J)D! zG>61>txiYKZ_6MvYnEb_;kj=KvvUhMCwm9xQuM17stz?t^LMLAW!W@Ohg;^3AF{xS zy6Ja@X&#orv00-%&s~y0>F~a1;MZiq#X61>w^xbS5G#!GP=kpiDxv@$Mk{V{z6$6* z#if*+n8Tw4WCLCap}>RkPc=nM@^|dOVDP6~>h=5YMmO)wD)w5ThSeY+bX~U^70#8J z+v1lG?_>_A)hkdhC$1$~X*@p`w*Ilr)S zg@zpCQ=K}}Lx7a7gwM>+j_*zDVu}tXAk3ug?Q-&qE54d(ABb?QM=F%BFVzuyFDhMR zq$Tni=(-Z8eIL&&N+56I%W1I|LY7hc?kQWGAD;5=rMw;-Vg^HXBR97+MXt`}RnUZw zB!zv87gluvWDfzPWL{M1C{h=vuWao6DdGFw$bcz;9_3m{0a9x)j9n%%tbPcUI=8d?u1cdU|ah(Ns3Gx;H| zR)I_}^$4daxEf7(UhoTscZ1t|-c68p%7GcbKcSzY(a9YF>4>-E>8p8r+=)=jnXuz9 z;AqW@_ua8a5hv=TcJ2^k`OJB8nw0S56vop}7w0E71Ia@OMx%mDW?iK=_wNFUjl!&$Gi=D_eVg07}Ja8Jw3 z`Rc&QQyiiT@4<&$&-MPFj?h{~Y#9Jh)O3$CAS380u6!;yOx1{09vj3^e$JP|K-9nf z{FtyK=ja+2)~>ober55~sD-+0;*4{AgWL7#_Z6Q-BpMa{R{qo8y3ob&fw_Ae=TWDv ztGzt+S*!P*Fx<5!L#d<;LHZM$z-JYY&-YQ-r3|c}klyun!a}zpG9V*08^92`;xfGq5 zOY*g_K$fKTny`oXt!-1HS3FTKhyAQux+(&z8jOqM%26PStBQ#E#o zA>};f2*5!wll$+F;3i9>;I_`_(6b71+8sW*j3h`xCILq*9WNWf-G}2~odB8#eg4z) zA{`rN8u7$UO$$%f<@;x(j8ms`HuIw&vKM^C@XwlOtgD2ZF977r0}_FYAC%V>!_`{; z2W+l5&*z1{dum6{On}mhtXI`S-;782#4ochH%T6rw z6!0EVV#mtv7Pm+1P0cx&6QErf>UgBS>Vb+n`BbuKhPKnWI0(LR;q1Jhc0PZX4x+{% z1Op)yJ|V?lnH^Zr`ekID7bUW~F0|*P6gqi?Z#(k&iS7t|s1`^IxSJ*%HjA-~D~mp+ zh7Zx^-N3XZ@!}P|>-~r-b1#<}fSl-1<&jB!#m6za7`?~cKl~oB4ohDU72}&n#KVV_ zr9YQS!d>>%44)$}5CxxqBe7DWviJGRRC88n2i2bkH|8ixjrlTm!$p0=N41Ef?RU!K zq{(ki}AT}Ezs;V9#C$Fl=~bdx6muFEPvDVlGWv* z*2MgyJOB>@{Zv>(=nj$Q%dyqn?Jqb8kU7;^t4tRTE=vB=?pGP>z=b}#q?|Cq4t|9A1+ha zwT!$EqQ%|AuZ(R<&JW$l}PzZbK&dGH4Mtxop!-UypO4P=bg)BF` zM#ozDx*8GAb(2knO@RCK9r`WL6PsMdV6So^(%!Y9^`i#CtheM7mini%&4bzXb9B4& zKNC}m)!!BlNSPx|Hgr_zRU_cHk5Z7ZEKk`#(QkLO%1h2MCQ0{ zNj$X(^t@*wb>x=?QVW$7u0MJ_jMEuraYw_G@ijevAGxs>b@}`d%K7zqWswwBts-Z% z!p$JN;4!tG~(K% z3MmELxrO>{X=s$Htn#U*XWouPT%zA@uK$U-nugq47)51}zwD}TpI`l@dCX%cpV4t< zJw|$y3+u=Y;N4?rOVSmHYHL@>bXHR!yf7RZ?XqQ-cPxXsqwDd61|cmqb`8tBj_EnR zVgO~o$Dxk}ZIA-VYMk&%t|Rfv8`+Fb`kQ@uV;;RR%}Ntk!li15Sea)p+HW_r0PR1c zxA#|Y%Uj($rN?w@;~2${>({sToCUWIk+Jpdj^C+bt6rX?QK2OMNqQ~(l~rC|@!(Mj zor=a?&lWQ8Zp~-83+#%n^?WIp((5TmGP2y=$%xTWQKiCgXp68VpZ1nkxCy>FWv8)vFv0-9@w(x|}+t1V0rt{qrpL!;MO2_eXTvC4jl zQ)?64PiWI5H_@fjai4_O)(ja}x#^iu&CB6c&y8P0w5vQ5Yt&wFBIjg3T^6iICD)AT z>9d#eR(4ESrwPVZZEm60pzAAJb&G!j4tY2rdLWv&x8*&%prEcQqzY2#V3XRaQuIaP zYv$vJcJfn_UF&kbNbvmG2*v?}14HPkL@`=L9;Jg9Fzx`@fO^7egxtQ*s5vw62h7dc znN<+$x~$zE9GKN!v0X}+sBvS!Pf zA&xfLx;4kn>5SYz_7YD-5oRmS3C~{+t^{u^NG0^NVVrirF8o5ZXqF7Im-^R0L`LRx9s3nE)*^7j9bP(#GvGvLa0Ncqp)%_-Wu2l zpW_-nq4|U+?NRUMiG`P+x;fG#B*o_%Cq>U# zP7b87!W$5)LMNDpGsrs%yWdr%?#@b$-U{xc64E5fvZ^`g;853Pq2JBz>Q)5idgLUj zapZqgQXik&Nm!q>u%I)an==5Zc~{WuhR?q*16P5=K@%_1!HfA%zLOK{BM?t345GK< zdaC;@zcv5lIb>2jnPQKHdFE@V?_^aRvtxui<0rf?{y@bMYAGjUQ2FTPNu_=r%Imws zJ0)(geg5^7W|c~3auYbkrhC;4(%NOBpKBs+xn)?x@@5S3vYTU}FGc&+mLneiEn~qB zuPF0jenH2KPJk|G*5EOup*Qht#||;GxEs_BGJ2ZZQPLV0F42NH=S5rn28t%Ert?`@ zo55*@nutU_pN+azInt&m$Y#y|gQ*a#l3bgif6Qu9xOkh@x~neV2}}WXrhAR( zaU5zGAQ7`qwurY>+%CXXGrA?49I>R1_L_{~cQqwXs+;S?RL-Y+*_679CHJjRS@_>Q zd@<5VRkuB-1Eu@!vZqv?M7YYn8%eI7*Rr6-+_{&uCst_N3Q;p&e96k#g?j4Y%Hv3m z9J*~I&H}}MO=^eb>~{5atw`=jaVcB8kp&5qhx(a|UyN}BGBnnx9!>n!Y1^bmJro!O zWq=nM_UWU^Rnr!C6rfDDiDYucvMh6sV>XGgMLhxXzJ!az6~?Lba*UL5E2e1Mxnxy> z>T5hsvr!kCm6j`D?aMicJy&bwBG&=zV{F7E5jH+$RYPYqN;h1={)&A~F{!J< z@H@LMHXV;7Ij5S0-q{n?b)_>5Cp@1rN~s!)iC+XM)Y3`k8^tX9RlCZ3*{`!vA1UlR z)VlXnA*fdyiCYkSpM(oE>IEz(SD-HEd}nBT5IC$;L{#55IWT7c# zt($E>q4-@#< zOfg3te^Mv>ko4{5cFcI)`6iWd_#B-$6>{gH(5lvoGx1qqNI=D6jrLkOQf+LitgmYH zN|UtCtN6f4vHzCiLgV3DUQ{Vf69=uA__jn_=$Gpsb#PYsR`vdF89rw+Cxr#mi3}!8 zRZ_;Nr9`Oz)qd+PRC`e4QwY>9;^2B(B+KcbV9Pl_<`=*j^I7ox+9IFrcFH;AMlHY| z#A0>PY_WDFLNSoKIHqX_dq@Gw7R)uLHu8B)@~ zLX9bvD?B8z{Ae*3gHv3e7@v?Zs%t4cp`o(srI(`9YlO01X20l^-B2^j2dZh=YJkBG z$yWRnqD(igMgBe%0RU)kFnaLos)|&p9vN~nMPDfawws9ndXL7c()0C851tiMcB)H8 zB$9k=F7S2&M#Tvqk|H(wE1Fi7_Ua=vpEm5 zMGfpIJe(y+SOf^~xZOnCw*q4gjP;L>GeR;raN-08g$J+Dvi-4j!tYSXU#f8op4`72 zO<)=rI4x@B#d#0H8Yo~p?4R4*U4@n{X;kPpV~!nl1y}_5I{gUpL+>wDfKL=Co8yf>Ok6okv7w*u4C&nJR8q%Tt&B7c*g4BR zIK+XoloQ-22D$=4n7oDtm+BUgn&AQl9{Q^WB?@PKn3EZcSEQ8BOLm=K{BJ7K)`?5G zsOlS)fH;bq&DU9xwcOlH>1D=g=6kn@i_f7UB@LGI6g)R)f#L)N^6A6E*TqVQGW&iu z+B{BHD?S@7(;4(_0sJU-3DHWvHf($>)9fr>)Np5|w$1#bZscu!T(>bDE79x* zR})2!5W%&M@^3p$f{Tr^T@1`JH~VtTCP$lxaKEz3T@aNqEj^j-3h=_63%3{AA{VaC zMI&mo!kw}3jiY)OC*5tu+p&4u7kpp^Yj@}!(Mb#4WwXEtCW5FI>kDD6gYLu4+hhZ3 zNWbUK50C}wzqsEP)^hWe0aR z!q+eT%hz; z`=s|qe5d@T1dpdpY5h&v!!)tcE*Q5DLk+lMZQoNp=La(!i&*d>T<%RljUm_dcbA1J ze0SSGV>}O!&(z}2EevJd>Aw4MvI&2*7khe?=|8M|>}K)Oa68RS2V<@(F5;{f5S%qe z<~VE7f<-=-n)c-5g3xp$M&RK}%b;3R9J6Y)Dyrv9=kQ_%U-8aXNE0V?Zwg<;?mNgy zvFWNdH+o&|Qe6NaT~MmGN55?jpH&oNsKSNu3#4fc?S#=L9o?GhePeT_%dvPm{k~t0 zzCq>HD&~T6BIJcFAPuRXj=ffUgO>-T$tc!{v-7u!MGtg}hjnb7*H$&Qb|1w_4&b>r z)E5XrJt%zeGxqd=6$^BZ%5{B|BhG^`geddr4^8;bzmfWJn43{z0P@Qx6K7?Bu z8H64Aww5`QV3E9!9gbG-PvB(tXc7h@2DTI%xze2PxS7wY(7DSO*`E*J)beWYJLg@h z%sNd-jyUN=EHd`0a21;s1s&@~E)&zbdVKEET?!j8Y92DbIhPlzKT^v#8pHM$l>WWm z;})e`PP8nDs(@&vEjh9nGXKawS*jmrRhu}3vYd_+Ok*TPPX>`Ce_gc$>VBS@(xNkD7D<>cCsAj zu>>h;d5PUS?xOuWXj6Ag?eu##+QE=|YD`A7zQ_=>tx&koK_8JM;Zvnu@HRt@=a4k6 z;#oY_CPcptoe4zWhj=+zy5$1)Z{BPe{GMf_nz7V~TvGh(@Xbh3J&T-tW$fu|poWz~ zj*L_^PD~XpERUxkN(<`H`$ThupsiQoE(9lO8$-F-#Bz4NN$u=;g$oAa1 z1={sv58weAHXy7|9x z?aa|iQJ38+&cj}*b$e@@yaSr9%A9lmMzMRQBmRep_kXFwe;9fHAHpqu=wrptM^*s} zki6F~*~>Asm4lS7eLV3Woh~bw-Sbs&zr2Ao&Lxx|Ls>|4=-Yx$1rfy_Bn}gD5_Vpc z0v0%(b0f9Ess3B_pi`uE;3ce6l#Tlm@e*?$>SaJ4OC_$hRF~Ef1i}Qp$VA={(_aC9 zi(}&)#_L&n<8?&&Ylqn2*oas9X!;(NMv=;k8G$4S4Ldjt>Jo}+s5=m@| zz*=UJLdPogz4eKj+5viabu0!y6vWyZAer+$Wk1R2XZRjoq<;PT{{5{C<&^<{eeDll zdQ1X_##3&+NhcM$}~)r@}IfBEr*y z6Fp+#r`6464U`L5zlNj``1r(pllhnxo}A&RyHe!FLlA21+EICE^Z@}uXu$6S4g+=I z-*;$e&TU*YlPL)lyORu^>|H*)qua1bXB!K4Rbcpl9Zd4SVeA>?FyyLu#*zK{-C%xj$Qv zLdQy`#dHdVI5pQNtgBJ&oCllY{yjz=cqt7P_?aa|56wudai|iS$urF-S$i?Dz}PjZ z7F?m_tHn%j&ip0{{<5!Mav#|-?EKX57+|F&4BqlKmEbte`Lf9##ViMvAw8{bt}p@ea4r?`s=Iq z)@)T*R{!Fu^;rKmD8m2lki`AHZSy6nq+G?`x^#|1f2Q0~UcIgMcsn%oe+7sC?*BWw z@xMRozu+q8sfz&C${SCKFyTc&EFEOXU+r5^&A++5@tgOerXSfuxzm_E_0b|Y|FPMo zZFX--1O)L)X1HlVmX2$xeA$6DOn+)pQdq=~9UBu|hM#MraEV>X4fQd|y1t;IvEk&H z$Hidq6XxV}Gjn~0GliNv(~}Vy`Hd0~au#G>XmBxj|6;@b=Dn3G?nH81p*O=#I`*sc zLs*p%Z74BviFbRc$OLS86K}qD`n4O=80B70LL}Go5QUxuLx7PwF1ze{`mKcxUnmaw z;;H(WzTC*sDWR*9Gcyn^8$9VH*TGWfL;QT3DXXEfM%!Mo@W2c0oHQa|ifv`1Y(wOE zDxbWpKGNfhyoUP_JlDWLDco!)$3Rc%v#w5}=nkmz4CP!2s9>j#S$qJ`q8r8P1lhp! z8jHZpGtQY79s({<_Ko~)7NLob2IZ(nv4-ynp)d`wA<@NkkqhS5U(Uv3A=2+|>U8KV z!kAI?MNPSb-kS@JX;g6n$4+_?tPuPIx#Mjo28yaf?lGGZ_0>*_cz?%LiV0UVlXr+? z51=R9JT6y(J1B03Uh*ro!9@$I44t$39YgZrO2rK8?^G46bj5rw;zOx>bo_A`|9mVQ z;?d{hyemq2JgyM(5shgRP4I?L4vvE9xZ0)P;s|L+{rXTS;Pkj^7 zz}DP9A$3yQ_rF)G)Scs9Kfjl*WP8-RJE+eL3=r1YZ&qNYL9bEclcB9yW4(@K_6O<5 z{4r_%FH<&GNxnM~%JXxEJo~~Z8wU>@WPw{BBht4{i}nX#Z!X4F=^DW+ckqcTv#n`q z-Rp4@w0*YCeUSY*-c!jXWul?Jj3;dteYD(Jtgd@JOXUPH>bMIb1Zf?_C5={I|b z1>kMqO`e8WaVav!)qQ3^V?Lh%60xP<==+mLpIB2yj3Z}XgPg#w_*(BjcAYe0$dbmc z5*HxqdIF!8`Zfnvf+>TkTW!BzgY%nRI#}!f$E+vs?#otVB+g+Wp zi1yC_!>=%$M6X96%LgvXpiV}V)Ul&YUPYKy8QmJyAv2ZtPgx$5j!PdeT{$sLMvarh zr zKy8rJQO-v~kfku1ltUss7J?rLQD^CX>FSEuCXWNzyjsnCz3Q-`N6~jb-p4RZm$=bWu!ut~ zsOiKwcfOeR8y~ohjJb_87vf5Yj`$=$2l_kf@OR6jk+qyxKIbKHp1&4xH+M6Vdcj+- zDDNqI#bg=t10d1W8ieEITF6Z>wkz3cWMO|#mJIsb`smmWwVNR>U2!+k?`zCg+hq}B zWF1yT%{yvW#m-aL1+*nHShJa1(xlrJ+os#y`FSYKDG?^-{050WOofKnk$jI=%3IKj zI;83&W}AG>8PgL`EJ9Glc?Do`YCC}=C5yLM#S&Dz*TRv#jX^&2!u$z=}RbN!wFaWMMMqpoZlZ*_^Q*agYwU~uD^fpBw#Ng=7 zWG~w6t1rZ7SxHz6C4xcdy4LRsZo8(ZbhLEG_NKHS4O+B@5gEuNiN<}I^*LSvHkGE> z5E%%E!eM_6|C$rOjwDsR$Y+F+B!mzTK0*VS(LRPW<4uC!A>(I6qaRsb2DTQ? zbby;3A@GrUG`=zonDqxlx@s=~Y-%I~_35t4se(UU+c$H1PS5&$t%`wv8sQ=h4;+H1 z^c^&H8Y_Uqdc*$19$-6SOe9J|;7bD`AEXi+t4#~t|9#Bn8r>+|NhNjuB+}S|PpH?TJtreE)n#MNC+ zS(}N?0)c}rf&riSjw*ZEY2;r0ZNT-y)xn~C3>Cr{FHz@yCZ-Ac?(!~?XfH$N7{v8R zX32FEEh%BFCpR4+PLD}3f#!)Zc+?afwbJ#l(A8d?b{!vWO}<#3CMvgkq@bi5(LE`m zzV0Cmix5|JW|`nn&)0Ph^a*)}52)rghX%UokqQE(wNzcvE&y;F>}}Wz_>doKvriJ? znka0+JHEqpM&p-Ua|9;DTyq-adV9qDby;9tHA^RrRDbm4@kd7QvrL~K=|7g&+~zsn z0)*wnm$la1mNwJk2c$0NnEEM+zptdIXjr{l@%1fgh2%B?C%#>zB^y(39Sxl7t z*XrlHaHqHaNMp$3<9iJ3q)Owruv-*5D8=Q9UET6kOvir#Lv{p{UHWfy%x%_;(~f&v z7$uOI}%(dJ*l{(EJL`C*W z>tY0zfz-B5-6irOBP_4m$q)-=6f%RZ98)T|@q7}>bCE+%?vBemba6&E_-#HyF=1#x zYf=}^UKqSddB@d#^h6fNmz`a|*y=6jEfTO!dV@N<G)9i z%!*1}j|MN85=`PkVqv@Eqt>V6f7;8sak==t2UljO*9?xqufu*#nh+VY)m{jyn}rNoZ*-4tDer$csrvGa&vw_~9*F z9~+Ol%jPb@RP>+puH9ndOm>IFbBgPqw!n?Hw>t!e=WogWlk2Pc%J4fJ`J-I^YBjI}e zw^;D6sa<^omO9VkP9FjGS)x?El8ZhJOg_rd?gkFGJ$V{`I6GUZqfo1=pvrvmmDO1( zVSdMXAx#@h29Yilj>)A+0$g%-}|b3lss%`l|r zxR7fp=z$G_5~SBBh`_H(u4Epy#8pWM{ihS(0>Z3z1jxf&sNRakRmjw{W8+t+Mb@Ob z`tu*GaPPS5-&jrm1)FKq&e{GyI4K{_Z?AkRRQ56~dX0{;a{8ruYnWPlm>Tn&nD0|; zseBZfkEH0Xu1S-PiV|Er0ueC89vxLEZ&p3yU>NXl_lGud#qszNO8WR*xZWz773Xh8OvWn0fgvh(j*!wdC`MWzIidO=IYMyGP+E zgOB=L4L-I%HCr6?)k-UNo@A&*PTl{nhpZ1C0kFgkTFj}*qM_}`(wyUoaxlLQd{uxY zeDGh9Bi@;LIQ-M!s_^>fzZW#b_T(pj>zv$WX=9d@QM}Su?4;!;Q1&l~P@gqoC~K>0 z_gc^Vm1X^ZTDv^yL3*|#9$_*09`)theg3pLb3-6i?o0lq^h=0PI2JkROiRE?R#AlC z68k(McPU}x@c4(!`O(MP+jK1YCcs`PNODvm4F3SEhHxF-%bcI|ruklT|F4uMZ^c}$ zv4z#~`*9xuuDa!S<`g5ro7qUd5WW-p@}Fx1P4pK$5j@}X^)8Sxc^yDi$d~1Oe<{TJ zaW(|#Y2(2X@ofIGYW~^yq)r7r@i08VX|r3c+8wd$fjh5^;4h)bdFwC~nYnM41@HU? zHS#MSv+R229xfL?zI>v%5IF@NubX9^)qIGfgyYQ`-QsJPb}|W!o)W|Lwa!Llk;D>RpbX}h_Gn#N~;;O27wj_^%T%e=bAs~;|Y zBwbsjbfHd{i%h%+U@3Jc7GBZHgUWwkwfwiRK4G(#v;coxr|t;q?zfR?$DDA>iM}0| zhPRj{?hdWse5dHKS*-Lt8_n9}fc=8QIB(}44*Rp;UQgz=ntk?9u%aMSe7CxP4kmq5 z>LRz-7(Pjqxu)@(U?mKZ3?u5u#8TyW+L|uvC`#rH@WN4{jas=ew1Bb~(1I4PrTQ05J60SeLOW|{fmV3r9fHryR}MPj-(;71q^(c@ z?(W7l)dud4Dy6%&!$h@ihBKUVhdSwm3|w|;JgLYWGW6YEy+2&q3Z0qcpPY7PYH6YR zqI%9mq*9AcP6>kUwPDrftqhEylF>}hGA%{8e6&pEP;{PDgAAHu0Jo}i;@;YABRkZ)rdo?-R ziww?|a=Eg^v4_36*!q|e9TxvVI!ab`#UDSjc1rhtBc~+RosMPjX#70%M;4f%a9(&_ zLx`%tjl20ne#BXb^R3GObzS zKM}*Zp0b(puSy&f{!jkR;lIo?|7VR~8Jk%6IqNmB)32~J9-d#!1Z)ox3r!%Rk?4{J zAxl{NnsLmHHW~nXz!gzUQWCa6f@A#8&QU7-2{M9|uF+yvV3+$>ys#KwwUd3xpQW_! ztY2F5VkrOYXyI)MjHB$liElK|RRjQn<<=*aY$)&5EZs&W&I;)%%3&(Yh)C|{M7Onz z1u-D12TEC^vxaSOm<>AHWHr35LgPc5ujn)9M>6n*4O^r%`lZ=n^xN$4IS=_T!3#b~ z4=9%kLCnp>2>J1$YC@*e_f^MW-(bY1L0rKsKWt>gUK45mY^!1fpwL_a;)^pAlH66z zrHRMy$Oc`HpqorqQqw`U9wVO4eJKWlppottK`s)@^Y1`G(}1B-C~}it11)Fr@6Ro; z#6(SSFmb4IjC6gPjILdve4wu;oIy4%L;9c}vnJFLaqZ`&yzVog1x}Vu2>nHA08<*?at!kr&scDR7j%OS z(=8jHGDbn_v}jDwN=jCq9*tRwI;Ux*ea(1;>c9^#h=J342@TlXn%~STZ_rT!aBpp# zFS^5;B?L4sS$y#R9e|uSM}8rJxuO-+x$Mf1B#;nt8_O`)$cN_dV|49eU7cKSHuw6+ z2&f94YzDFbA{Hc*j%x39Gf04C7*d%;ycs12Fk0d<5fRotNrWGTfD>7GYrV3Uj6^{H zOP_9mL8~?nhefEw*0sxRM!LVVQv!!kS~d|I@|kU@8vjSh1rtA~;^eg;NraVJ^an=j zyo4dXuwMW~HhC3nluzhzlgJlaVkFWlQ9GXBD>o`qq*6Y6I=sW`3*84h8Qg7ug?*A_ zTq6y_hIrZyzeB$Od7A3}YH7qZI{6-I6oz{8btSR~+Ya<22We4CA<_+++{+4Of*c`y zn^OPqq-H=)QalJY2QW%%8H{w?`HT?qs(CY?N4;dXMr)=@4hgeaaIyuHsMf5Jqe)ZE z{C27L1nVUxtoijBhc!wzUp!C{V4}iYXo@$t0A;iemEIq2^J%pVpR4Ur6kFi5>M_`T z__ea$MS0-`H;hMb9gv&-#!TdV<;H23T|i*+iGS$6u=h_EIV&%3^)UdW)~f{PQBoCM zz$yIr=q>0b92m3HtUvw41khjXK2pTN3GUahVatT5eU$Ue z&CxM{Ts(<*Nyjbn`gfW?H@2__Z54scwN|9MqEMhuVInVmaACtu=|_tFIo=WYYOHC& z$zqJkI8s<#zOp#zJh>*O)l(<|b-99F@_$%+{6-R-_NhywcN8c##S3a6oE?QJ3e#eY#?3M>Se0^_hvdfCSeqUeJb% z46`m?@PyUQ{NeY@IFY*+7XJkv$pdbrB}&sMTHbfH$Y{8M&8;zxJ_mfE-?x}}C1ZH3 zSrATzZ6T&e6gojANgVWl#ZtpWvzk zs&py$RUN^if3sLem~_3q-)t8c__-UD)5ylu#!8?>)K6?ZJ2u1~RVusR-RmR#4*4+* z_lmU6vD!+#Dm*&X-W^^zc$f4bW8YyfBzHVIKuq)6LgtNUVGlBIZ+-Ara@V;1nT}Na z#hFYebX3t)VS&Dz^9TiWB8o54fPEO&=IbAcU7y*=-7+IKe&8U#Jz@3puR3GLiJFS%1{s}(fSuv@Oy6ZUKBm4c7Dmg-y!Wa!7=->!1l(?_`FgDpNneYc6e0j; z3eSNnE4;~nlre|IHsMgJ+`e?O=<0%D2&`JjotC)V3ZT&*%i{OVO) zod!JJjVadh{HT0TqQvN{%LPs-ZD3Mx$`dJ(fuGF(=k4PP&0gmOzbmd+Gt3d*batbK z?_dR;Yce>>A!J7zH$oQ2lGyJk%_c^T-{_^hCq0!=0H_z}h`c7i$~|~Yoid1y&CFdi z7ku<8e4~&f?aO>l)BZF))@@I8pS z&ORi+?5chBL4D*~zUbYXdsuJqLF(X7jO(Kl(u3<*46`#J6sfgpY$duF?clqoI5Rhy zL(pyYMwqW;w~(!+8RQP+gJwB*X{Ee4R%Cu1M~YD3~)*nxiO^rt9}&*AoJ4dQFuXo?0pr{X`M^Kt)0PV_su>Eaj)6GWcF=dhuI4X@~rVA z><~zeoqm`I`v)r4)8s{w$ z*O58doEOZ-Ixn|ztI7^BQMV3ryZ+$X;Scp{@rw6cxz1Sef!GH3&Npg0IUKZPCr4X) z9CVv&pZimxd4GRC<+z)ytAhlz=zem76hP+>Ux&vFBA!GzxCN7zUdrDSBx+g!M{2q! zmV^S>yg~zmOzzLfaN#kwfeeBn649|FC+DwGV8u=9!O-6P5ji<~6NPSs{#^cq1Z}}| zz_{g|?c)RM(~VExLU?N-bZxP~=$D5Asq}S+yAED;Bg*3LSBw~c?O}1AXIH&O9oI|; z+E7_dBk%|HT(tgr+4ocnUsOqXpy7Iga9+L(>&)0&zYQ1ZlEQ!BSbyY@8gaqnG=M}P z2+GyZRCK;Y?%>vI5UqDCu8HNn2rVPC|D7SexE$~Z4qDrj4^B{^OC^t|*AEr-N{Nc` zi;Ybj&6m8JIqi?Zzw5IdH-$+mqb6>CF+S#4uwxX=*T|FYJ(}#l{5B!=hpQm$NwklP zdUnTMEX*B{N0^rowfX?fOCDhSxM`4Amcd;3+Q+_pu6DjodJ(|GtGWEH&b_y`^QLzj zNy~>oZ^rYNZs>DO`5jnBt7|s|i{jA3;Up}*%edBV*=k~t=a|YIJe*xXm;u*kLtRx8 z^3Pr`$xDx$^h7Abrz@yld*dn4>rj@!vi`|xGr}5qttzGG@q^bKKo^F6oaS4HwvXtT z9SXR0jDIL9fMKCsis!o}``Ap-yh$l!a?%Rzo3-<{>)U(N^MTfnqSdY~En6kfNwd@iPp z>i(l(Yu#<+NW|R^knZ2ne6uJVx;18}bRQtFF;%a^mFNNyTe-TCgAQVMCQs&LNU9;) z!rcO2M&hIc=ovCX{6i_*aJ~49?fi4yAz#wN5;{|$THU%%B$u@M2U?0$-AR1-OSC}F{90Cg9dy!VcW}CS@}Z?sn^*o|2mhLg zh*ucM_mD=4jS(c(+Lgq%%}lUA8gx&qZ!qlRMQ zsv2)V{uR~0VoysLqjG06#-GzY;QPCtUOdaymXC%sqV`d~60jh<`mptobPXcONjlLE zAA#kf`WM6#v#Z(?I`WtCX8{{lCkqX(#zz#&WG5$}gm2;lnKn=B78ZsL7G7yRPnOpq z^U45!AfH4{Jf*;bFM^i^BFV#<6C_|W=o_(S!azK`6t(qvT20hI~aL( zdj{Gfr!{_39lB>P?= zAyT`7NbpHQhwRlC)}Q3e-o9j|+IJ^l$Aj~=NT7uu65Y2E+Uj)-D?#TAWxz5KgT`S~ zYjZcj%wog~6omg56rdjcl}ddl4d_57{r?3S02PZ(wOZ1N9dx$Bab-51% zx%**p_(7V~A1b1ya{!l2Gz~+BtnH+ z1rGY#4$wj35;r2i0?i)gb857N;TNz4{d;#;XjVIHu0khQtxR1S_HFlHRah%{GnL4V z)Ie32yvuV{h!8Ew+34g7=!zWv_Q8G*r!dfkg z3G!fh-hSx57XYbB5g^ zT6L{9dFEzoKnN-EhY~(TlABtgvq84`5c!oZaeKhY#+Vy5M2R&qH>(5O=Z*-_g%FKW zF5iHRL~by z{~n<1oROB6U#KGC%5?LgZ~q5Dt~E7OolB7U7R|9fAEG_Y5tm2C@b`hX^0q&;rNoL7 zXQiv_ELa4m36O+LmNO|RSQ<96Mr+1L9`&-kU6}CeuBXWJRK{P_?J%G zEm3Uq5&VEkk($OQL*d&>Y}rY~@J1@4^2}h6i_y3^`39K&$HVIK^11W#cvg)Rx@{V1 zUtCxr|Ajaq{1GWKDr&Ieq+HYtNxmc|)n}HUUTco@DVm_n*9}~l3u1yzi*$aOZSV}XrCeFM$J8@CTKo%mG1VgIVaBBmiA(nxf z3FOdFapFzMushI&I%(%35hmKdXHM*#3MX}?57-FYBvrHx*Vj*9K#q_XVmD%UA1<1@ zpEvAu;l?~>q6rhG-w}ICA-x_KzZbJ>WUD`o#ev(-7O8eM2=iL72(;RFKGuKndG>!0 zD#xV{|Dyk~4=Ex7hVM}zu6u}9yIemz@*W^c=X=Riq#!R?^f4n!@o5Zw|5#rn&sKiD z12^9RJDx5Yx7hzG4SZGxBSnq#y$elcwD(VRh1H#9(nz#u}M9+F+Q_M)>>;*g!W{;*K{Tv0J#wxx1&6M)vR+L!if{f+Bwg) z0nw#h+55H)qQbv+c^cYwptp;XC9M@}sP`5Y-*Z`s z=1v)?d3iC^AOy0!OT(l%GmV7;};LwM*%y$}G)g!A<$e?K(8!aQ=)Cd@p8;I7yOwOd8pm^Ph0J?Z7# zCv1L4rtpY6Ba3Q!zFQ%N;$s;N zqepNwW%*{|JDKJm(Nq-??xZWiAwN?+0sYAy%ZW(FS~)PTDVMgUQ9ox5i-c2iYSt!P z60fx9TZ)xD1Rw=+`^QAS4{#+x#>{m8$W%5bL(;MUZ$#WuIn*W!-bULpH8dl2KU@ED z7hoeQ>#4hQMD(`#H#CI^=b=y!gG{T0VFig^bGs6WD36`?;awlGaXAIeERcK?qliom z+l+!Q2GozA`!08#vnd5Vl%~MSsRz;Xec34+mF6U@ABz7l|o1K zc$7}i;2cazNn9)4^Z}kYc)h;M?{lj(k&4gSiq7b&zL(kS&7|YLFy0fJ^t_{6Jq*3* zyeXd{FJCSeF%P<_zZgbJa9n^88jnEGi?7}R0zkQx4NOK8!7x&dGeMk z|J_ABtJ33efk}7QO4GeH41-N|_L3RXB=h2V24wP#R5e}?VC&|)BO?_|dLJV^;$iK1 ztGK3b9S<#=E#I&U51> zaq4WE!gd1=Ns9P~g_g#%r+4K}!~x;UvKSH45S}ow-?kDTHYvG0ct4is_KBla>oePw zOgfvfK*`ZzSAciVXZMNGS<$x*cC}E-8ubjlT*?;lyCgQo=cad@kfR1M^R!{2e~{2> z*=fmN%7fhYm^UOM2s5CpqWm|q^*@UEKM14AjR>o|xAe>#$*^zl+`V4VR*Dw@O6Y)o zY=1WYG5-A5GpYYCRSfOa_d9O2TvzQVuP+P|2W46P4!Sw+PIWP~ZYL!T&oZtG+%<^$ z9sS8!xG^xlVnazBYhph9#qWUJG$+r5BZnP$-i3|c?d4CQX1WkiSsBqrnMojM#4?JD z`eo6J>gB<@UD%+P>7k4=0|)(J&Gb`oX3y{qtY30>fwQ9OW8|qEXbfDBebXG}wHjO^ z0aLb6Lh&HGj?2}n{WH>o01&}> zZ!dXX^sbalq8c_XS0?0L9+PmJgqM`4++K=);{Eo6@3XFE-nEt*LS!f5@9=)^`u@CB)u9Rr$xNZt!dBMjck&T%N?XP&C6|jSF zw&^s`lnY;`{)Ugp2EFSg%+~w5eY{aiX-Td9`!9r4lVw+26oKvXo^-&Fr;6sAhbIK+&Gt0y_0=)Kre9ogg}; zqO=3h3*^D!-P#syH2bi2m=t<2No^=kUV5AoDmp!T#PqUmHhh#9j9Tytgj8<8x48^V z1pzx@OmUKKXLl}a@DD16Y+5!d#)#jD$iHMO1T|6(x039h{5Bs!fJL!LBH0>YfwPiM zjw%dyek2tgMW2TID>i_>M`E{V3-E&=uYm8({%b(WsRmBe4m3|Y%x8VX+B7=iA>6Y%0`4a0@t(Hox0+h! z3dVLC-IbIBRy`VSI8>84pdP**j$$>bf{aXl8x>C-xum5o>?*Tkk3y+9WHXRMbr(kg z8>v=T7x5zw$#Da{#`H@oGXis>2r_9bSx^0R^+Um>#FH}WuD3#ep4l`C&C47T;^#p7 zar5B|3UW&(VNNsc{#K>X7&(_-pI-g~1dwh(Zi*Gn=d1wP*5kVKlr|WM{fdQhm+4t? z>_I|uxxkJ;-CO6WE#VQYgNmwVr>%8r=6ma$<-q-VrGTx zQrQ3LlI>i~|2=rrq7Iu|P&VXLhOkOvdmEuaKZZ+x~;4HM0PAolEDtw3Jc-9#u2K1sjJX3gLZ@KAg# zwJZ&!ic++Yl!1V1?orEX>qPr73z(IRiSEDE6u>T`7nTlUVOaXLeK(9k)cHOEIQ{b> zGvqrrm6 z3A}E*(=1C<9&Zo$elOcIt^9WN=tOqi?e@1*$J*Zp?9T@0LQCtn(X3Kv@Bs!$&ud7y zJj0r<*`*wRe}?iOBYx=#%mdJV%TZYp(A^G-6mw^_bFRPrJg{+sy3CgOxLbRAFG-Pb zB3O~xSYWK1kzfxi=TP&ObC+^7F_Fuf^{dz5BQw#g+bNu8G|NX|yM0uE8=mrU1$f$! zUNp&=)&Vh|3?K{IRINW&lY0vEdklO)hnjnv)6aggEu!f!y!d=M5wA=EW<<(eCdHWY z*#}P2J5f2zVw#;2;!-wpo#p_+rn-@E|2;L!2ydEx2B&gQei$o>*jkPR`&J!H)WTAs zYBu5_$NTJnS5urhx}^s}9_8cbh#LCM5&t9sUci`Uk_BXq%1?hg{4F{?7U!pjBm!cG ztdCktKN~ZoK#&<6MZU3x%oB#lQdlk6SPNlG>^QX(Pirn0!G#R%krB{frx~}HxD(`v z%VAa=-)I*=!1)t-)r;nRFC2R$j?&RkdOqF=+UD>!%Im2muks93T0+;kuPQtP6DjLD z*lNp^N%vn~xd`z-b}by@TfRn;uKgzY&@o%BX`+HUa*S@z8klfKX#rNmqt4oXE)S5Y zuI0quN-{}0#P~HZOKuLJ%jv{1F93sMKqt1s-~q{JQbFK!yoy994(<8O4{wAf#%aX% z91#<$z(=DXJJdB-olWHHZYNUXOrL+SOum0vKate9kzAW0)gaUzEH)t^P+5MPFo24# zg0~1L|GDy089C<8G_kskY2DfB#RrC=VeQw}edxkzqdh}s`ojwK4mY)g=k-rN-f|x*dhg4msoY2*;Z0BXgK>HQC1$wsu~K`;M04LY>hNDCff zh1tGhjh|GA4l*0H)u!_whF$JMXw)sh$K`--IdfK0wXusPYw>C!vFb8}e;oi*;Sm_o zIf;VU1ji<1!O!PsA-P|@I4{q|S+rARTFDVVcVM3@df!sT<>e(@d!kz(mvrITVl4QK zqP5Izn4^I(Z#p}$6ti>fL*%Kx(xL7BDVN`k+M1<2^tX1^+dq5)ObOub{n!w;w*?- z^s0rF$d!QfSDdOMZUAL<$ght(7B+eCpyHA@aIgoo>l1`6Y#Gw|FREA>)abh>k;JlI zVjB_^1@94UZGNjq@2Q^~hX=ag#Te19EeN{(;x*Qz?<&=Ftm-_ zYn0XL*z%BXXHJDb%=1<9nQyELBli8B{E^Jv))CsLboh2sjd11zgDCfmH7N^0X>-}y zaKH-vFw?Ot*p$IpA$&;?uciM44i9ShFDV>RSA`n%h^ga#VIVkY;<caMlDPH{YN1qV0MNKgt0yHBJixgT;S=L6M5<`D5m$*rrI} z0amhq-qWvy`~~s`AOiwiWH-zO;m$`C_DrAcG=MSLbvmYzwlG?Jsc`!@2FGDZ(o__dB8}Fj02GMBqgax`K5)$vy>ScOo26BFpEhQ*J!IHvD+cV zG~dh@AOT>0PzT4wAs29jcraubbz`X)7URnxA2ivc0mJ7K2{`_m=# z7P1}t#V>Mi&~TsWgT5Rpa+#$Sk^&LY#xH8q*^9eXS7+AU@JK&le6sKeaS}PJpQWxD zuz#W20if8x{Qw@xhkRs`qDITO$Xxbg5%v-`yAwl5x)~BPl~6On-%i#pMJ&dCx3w*? zcA{!4J0#3+m3?EelW~SVS!hDg*>I=8e6J5g}`cVDFf64Ejq$22@-M5H8@Q34TI>aL@{CupN^ZhNS03}kuI&}X!=o*!4P?R1Rv`|_k% zA^oGB1Qp`WuCIjQitg&CH!5;EDXqZa+BmO&=L+|_3lHh$wCV3f{N*I2D4Hh9N+~*l z@v<())lKtH_un0_0})@wp{a9~@wpp266K7H)69ZE~ zNXLV!py)&N>+EH+{YDT+*wcIOY`}ug^_e%BGPn=j2uSGli$-_}k${a1s(VLQ?;ltJ9a zIg1oqZ(Btng6kS0PF!4DFFDHtvvfOXMk#(@ShgVX`-4w$W>6Vtr8bm|wTH)!>5mjY zNzC~I*ClsE=R-%Q>apw)AenIh=96+}|3?r;Y&ey zrT*{Wv$ThJ9!~-+PQ-MM_ZZr#^m*dUcvbi9H~d@!&i6&|9j`icjmQn`iDkKTlqo{XxRf z9v!n{SWw9dVenr@tXUUUiR+WIpbxi%*nA{!;O@>R;6Cm=NM=~~ca~C5ZR-bB;~yTb zE@jWDUyp{y=Kck@))-q7M1qlLbUuZUwM?&23GY^7(*aj7SpBPndRsnCH`{JR5r>Mk zMTo8nH~FJS{FaHGfWHu$+8Z>RKQbqpik>IL=IVo7l@GaLqLeTHDxiQ$spZ$3_0e_i z*ICqPq|Vo1ke5u*K+9$^2PpP_d_7ho-3>+4RWsUY{Gt!HrUtTi23Bq!pnIq!K$mf5 zWL3&OU;|^bs88T?7ZNcEPS~k2L=hAI8lP}(HDRvZ&+l4`>!M4;*MOpyk0W9X?TK&% z2K-Kx{GzSP1r3Bz@LU}UQT$KVu6yLrfqvY!e_6YhSLOL^nb)j45lkcoqvLv;s*W6a zHP+sr{KIYqQopd2QV2rgbDAX|l`?`VZ$)lVk9uGJB-1qs6{D;-fA7GKHn`jrKfL@W zWG5Bj@%z^9pvcH?4lT9ONJ~pat0a$T`ls?Kr*qq&(}15FKGf&cKK}{c@;^{4f{cwE zQU+-+PZD2rRo@%QsE7+53H1zz9S6FFvA^xt)HL;I|5(=`|1BJLtfsZvfWL^0Lk!9Oz@b+Y-wFB4VHD^dqs)gsjYwL6aLjX5TQ)Hnh9X z8DHqgFL2m5xdp(cLu4+@;XO8X-umrRu)7M-s$DF&%j1Zvf(N9;?W=E(U(S|m#-(n; zI!5Wdr>8|dQ~2M|u4OTiinKJ&90?R9ze#AcKrs(+MMuoXG`WZ-ocjPuGVM3~D_wpE zAai`9_=>HV{~m_(|G%F2-$1|r8ISq@MvPn)y7&s7{#rvQ6@f6opx8Aj2l2{m1cSHr zE}3PBU>ii&SR)w*+T#Qhs)eh?dys?Et}lny9h2r{e&Bt2Z}dzQys0(X^rjDce5SCn zPhpR&e=jPPGWa%DWRM3r4EY4VprqgAAti*XDS%U5!AYpE207F}tt7_HgNY!jtN8n% zqQZJ$`%`a?t!9j&8}4pfR-kMmi*m(fd;=Z2($i(>8KbmF(yO5;0W$bo@~as3AJQZ} z+|;>|DJu7v9H2BROK~~Mh+a)mfFNA$=$p}VqVb&r#e0$x&wOT^zlWt^8O*w2;n~nKaUid-tmB@IIAo!WV7sYiw zdA`WZ_cy}X$3OC953twf3`|z*TTsnVE1nlqd9+}pXF&0Oktiq}`RKmrd(21R#DmJD z!Gm4B{@EzyVvlC}vd{2D*Op()L(Nb^1HsXgb&iOo+f@XIs+a}}kS9Cr8y*^}y-T@8 z#ut;~#EN{xhp!X?4*a@#o^^#Ks&S|wOeime#s8jL=6xCdI-XMYM-mEOE~x1FH6fMw zbGrxMw6VyVLGU3KS)t=OF4?=R=mMF%pF`ZRe@6YxDS`<1)vD8+c+Jpq_yl(-&tGzL zEwkOAZYqC`Hq_mX6m?sSa~&v zm1VWJAL$kvTJ`y0Pb&W>@b6|qV}W%6tww#j?J#HbYet%J9%I)%aG6uj1n>a)Xc6(S z4Gn^S$fz;)Z!)Upp*V+YE#-FLlQ20&ADI)-+7cx?et@l-gBRJ~kw^aw+H%*SziTJp zSGhD$$WfI-MX9DMG{>XShNr#ZJ8@6XV(%{SI)pkPm)k78oPTdM@}+YA?_*YD)9h|9@RB|U%!)3K)) ziYv}VCc9M+2oip6Jk0sdM3_~G5uF)=%+VKmLya>8w)rMyHpb>SUm+(9M+z^>`cUI6 z^UoVTYbq?z8mSUshhJ#SlRfa*bVeG%5S9gLfB(xSoq%cY>`Z^M$zch`*1I@B)2{lH zf`0b=J6>G-U^a>Wsb>?Gov^4Rm@vPxHG8Lwu#eC~y!nePjG1d>NVEoNhIi-r=FE$?D@*fbeeSaCnI!ZHjCq6Jzasbn`UXa&cQ@ z6#7mSEdN1pEc?t@JXnt$l-iq|^t7rpPu_w66W%|lxsNzM zH*x^x<{`*>;RopN{pQiq&d$-LJ|z#yVTp{Xve}-OI65`_uFR(qHazr`Zhw_JAhKYDa$q@=;i^nM&E;gXNw* zp>2uOk-%ug(wEbH7%X^Sp^&Bg6ukA6+T3UiOrrg#p}^XH~l7ZIV~!0 z%B$H_a4L6b^7u!daO&sbyE{zu565iY-`G~sVCl}jB0hX{uR_&X7Okj+RG9iNw zpBm_HYiH28|MQ$EF=RXegro6KT_yT)$xfl`Iv3bgOHo$&;bf|71blXUF((<;o{Eip zzC{cnB zj-$~syC*qoTzqBQV1_;-2ef(f?LllqlVJ1GU_R!R0*5SbaxX>i59c@iJ!8%Eq2jbZ zj~G1ss;z6Pg`Np7#QwM^Ql4mKz_oc(Y#2!gy5p*SK8ze~{UL}GUK!SRJP8lxBK0-z+^@t!a z{-{SNU;3Q zm3(lghOYMh$+1V<*@mrWov4M<6cqkC;3>ryOY_02s9BGId~Yc2idsWUz?yC_+7Ezx zvVl;2_E9_WE~Ic87S1dD%zw?5;%cCdiC%^f$>~y|HfAnsK=p2go)39uD+BREk;Sj8 z3QzJrO5>-LJLV1(sOul8s0Z#Jx<}sFFtkj2PE3JZ2|#I*c8KP5ZNzTeaBb8h%3_v&7#C~W=?X^ z45O&p^oimcZHyHrQhIN=cfq1s1L&eBbbOHCs z0+aR6dUeHzbi>87x*ldf74yY)ykTyXX?zA7Y4g6W_$qW{cF`d4>cn2Bk8J29+SOIQ zm9{4Ac0NV6@|f3xw7hwNg^5Nvo?yG0qTB`fI_e$0;&VRP3+$ zm7F^DLz6zZ;iHKiY`X0PKokY&`wwYsGpE@{>7b+f7+G&Z#;8A*T3@fG-QtEaW`X}0 zPaz#se6(myLTT|Z&P{8=joPBK{=*ncp?^w{WtJM zGfLU|kvOq`W5xbW$n_DSqriJKdhm8KPi=b7da}&~oR%Hd{92+XFs!u=(rky2^OU*U z$X<|j($af{NZ3Y+$_!>zVWaAc&9bW%y@H98w`DXNl~#Lx}r!D?1gu+WSnL!!WLq;5}M4IpQVp5tQT(om4Va@ zcM#NMk08S%T{v0)5z*2}J3|W3kY@BN@UD?e34gpH8t8Qe@AP%LGT|vS3|1a!@fqk% z^6am&%&b&;&S`k#i7rkVl}Zgge{mO{wo2bdQT>>siHls;s$VUnTc^pjj?r>}BFQqu ziYeAWD8*R^L&ImH^kf2XnftPCDj8xw0R!pQfLY=VEws#!BT;)5@5BWmL>7{xjwpXv zDLtJ!1diw~VZ@d3g}3^3L4X8NnZpCGc!T4S?|7|s)fvp431H+b2xHud;ZSVmU#`2c zHmhAk__v5m3u#s%WzX~sXyNu2gnr$V*^_%8m#e*S#-r`dq~6-vGr5~1O>T9OaxY?Q zWgq(lnV{#Uc`hYhv00jzc86ml;C}#z_0b8$QH9_BHp1^LxSns)E8X16J4TX^b;Nj0 zJ>-UoOsp@ckUu}NXvbRV@!*|tHlXHNETvI6=JdWtx~i&M=khD+r@nab1FpoIB1e4m z0&_*^YXbKk=Kp@TYGjId7}4RrIC0hnccQ4UFnrgjs&m^_N7irj7AGatw#-&d>C!KU zXhs%AFg@D{l?@@p*#i(#H!zPPb5(Lf+|4x=KR^4iDO@t8`F={iK>{KzrB2zNP5F!Zr|!Z=qF^$0qZ?HWj)1h7HtpSh zaULQ|iO(UMxwbMDQ9!By&pNt445vf;rT^r~V3>KJWGQcJUby7}%$IDWnDi-8#nSBb zC5tqn$xZYEVl1gi=?Y6%7Py4)x*mi!K)1ZBai`M(AMzm|j^raZY#jUq@qk41Z-_xj zfjo(cz>Y0s4VdjgQtS>Yy;H98*D=EF6@qeTz)@an?@{0>za9R}0Da|UL_i-?5$h?n}x?-yQqMrdv9nxZx zL*E4Vjl>8h-SR{n5ms2y!H4Vi6dEZXg4e$)Ne&y~m4s|_dkZGcpK!uY-Jdn)BF6d9 znG9*MS$=|703zXHtK8BO6VtBD7yRczD_7{qqOL#Z)fZCTdj$^F&SRK<(0NYL%z6eSJs-AIg;b8?E#q5?w>5dM&+ZEuJY zRWp5-;Cxp=pA&gyyEl53e;qj=yB@ zz;;mX*X*+yefvzIWO>LGhPZ0b^0W|>-9ijop}QWT!qiIxPEjsyQ`E_XtGsQy0wf9D z79YwkX7^1#7r8;H+4AtPcx572(a7gIwmT>@#^B0I8y8x~<2~qXz2*3FRoB!GxnKr^ z4`0&vtw#8bzH2vY$3+e09L_v|HZwieZ~)>t?i~0d>+CG@ZLmadpyww3H5u>bEIJaj zI>@;7a0I$d^*fnP%5IG(5}&9W;|;~hiWLjd1YSkg|KKJsJp(@(L!&`UC>0SlASaCR zpx_cS?q>#%QkEx%lpy!NQjA^x4r|%sJ1b~0Sv#WV3qyRDVSdjmZwr zbiexfXg0pI_XC$^oH%BDTu@wq9*Rco^w22!LjB1On@3uIgtq9S1+m|SR&PVd1Ba4P z!LlK(=>i0Daa z(-GABA0%*Zn~elX0~dC5FTYgfOLl>C;1gvla-0Pd3Iz ztj*^w?2;fn>v;Opqku}?T-s)#7$9HHiVRm)KcQzo12#RHQ@F{xU zo@i(2`_|LFCL}%YH39mrRe^O^J#DjDT*S9GnjX#&!xyzEPofz0glIM@ z^Xqul?tkn81lQZ#0an5LgdX2s>9X5ez3w|hoE)tQ0`8+uC7-qU^GehB$WbSOZ*yGt z*ZwsT$-d_cEvS_fb^T%T@6$>DzqA1S&v@Yf8HxP=dPKTr3E`|Dj}27!Q&}>JM>VMP zDdP(SZ!v@MR>e_21Zm2hF+D@m zHOTTQ7QfNGOVjO~7;(t{RUgm^zrQ;wBwVEI8^>~*8Zse($L!i`KU{Mbn+ZD}e3Ocw z8P02#p}kW`LPG~|NM^Z`wpJ|I#j(%Q{qwMjYSOTj)h%=vA2cvT`f6Y!87DlFNiT}(~mq^5;n7Pf#@ET{f+UE61tt7)uFJ{oW{5f-%bygOZTJ=Ch?al%tZ z0g!6UeAgNL&HNKq|N+nqO8#`u8{q!au<>2EBF9a&)fLHtxE97*3 zVotgB8{MWcV1tS$V@MG>jemd5?dQ>sL3bUIY zVeHJdA8ThAb{>7wh+z@n@rn4PagABjVd8%qhBPWsrMYIsz?*ElR{HJZkC7t-&pF<` z=nr%6E;{m;zmEQ>OdDvR<{&Tm8Cc>O`6mx&ofpyG344L!7bcV!T=s>=q%diBT6DbX}L z54BnKIfylCWFp>VHgImr7twBJO zU84!Mx_;_w20z?e7kO4iz&AV5{*NK|Lf3CoL1+fV)!hkYIl+851uUNi!?k@Dc)+n< zGT)n2-}q&XKXu8ye?uK{i4jh^bLi$o{r)i`_mGCKjh931y!ZkcuyHSbo0cm`t63eX z%rZ9ZQGh9Uek9f`*`QNFtsA^L6HzaoLP|1(^bf%(FJGaLcb-dUCSnl6`?Rfx#}K+` zJxtDSMceL5kyO|FjEACY)Tg+CF`3l^1Zd$oV=4O8nxGXg6q2O(bmTFbhky{=Z=I7; zu}pt5StenSQ;bY;u|5gGZRpC?$7j?YDp)vY_?$ZRNuw(_6Rvr$Ha^p$rfuFX5;Luo za|^_6P3l$rb98^POc|%(hqxTZ@ zVt~NsW0?ak#{~p`KY)e7P&hb)V+DGsDH^lky+Y-bftG%3Y9poIM76MslV35u-UbeK zcvx8@nSUP7wG4-d!;r|F7MgRXX7C@He5obhjHLMhorDv5|7c0+pi27vxBxk6O)Izz z#rt18RH9ZL8lT^2<19xky+ljVsTwNmh&~e!V_x-M1`*8w%0gLXq16C<(ru8sv4)Vk zNR2bSJ`?2u8%sDb=8Y631zqjatBC!|i{k|4#h3fR8$nSdz?Al@N=>fc9E4{#^wKdp zd4N&inisM6AP*lQMi;{3KuzeFGD{P9R%bC6(#|n~SktpOWRrI|<#h8gjgZXy#x-Mq z04h4hV$Yx!pB$?Rua^UmiC2oCbUDo>1sm> zuP-#99e5RZng>#o@(yWF=w#O^h|M(`3QKVQ;+O|8&YF!xrCr~_g9h5GGE_R+SO^;> z+!UcT`U{c%CMVvMMP^&=4NN(mfXou^Zb2^&_z{$jFU5zvL?VHLR#Cf_G3R(H) zezuij6R$w+RmC;H#A8-Uzeg=g$uXIs0M9qn?V{LFpD0?94+Wrm(8+!Q6#TTytzTnz zx&3rU80rc5Rvfi|$Ld0Pm$A3vljV|mHGams7X}p|0AY`)B1&|n(&)Gc2L?8uNQ;Vk z(ph9IK=&kkY<6tcndb(KMXk0&3rjS{*Lgis7eL0GfnwQ@9l{z!UZe zZ&n_xhg*gU}ouiuAQn3zxEEHELWmF1r1u1a8g) z!t76~?n%CA|F8D0GpfmKYe&%;MG+N52Z6aFMFIjELIebqqJR_$gc1l`WhhB#QbcMf z3L^-J6s04bP(llx1Z5)9386?0h}0xRfrJ*wjraTemAU`FKWD9X?X%8%&ff2Pp8f2# z&pw(@-n|*OEMrxy64m1nr}sxfd8JOVJq^qd)m+D?dh@#Zlkm}UuRm`;un0Z){O%S) zAL2^eC3_Gr002!A_I8*j$Hyz8b%c!3vZ!s2jZpd#KnE*Av6KYF+{W zyxXrz9R&b7icZbUoCW~Gl}=qb2LJ#RpX>43rnBdd004732FG}k|3=``El44>rVyKX zy@oD`n|@bkD!w8%@x}vOG==c-hJEq+#LovE-fRH&CtmVe?<@a)-+v<5&2YZO#Klgw zDQM=(#tT1I+)phT75X-9XX(CYDr})TRi;m{8A(r1R`g|requ{O~ zvgdQ3GEPNW#)KT(DEiHR5?2^Kep6+onIErCu}-iS@TweoRj*RyEG4hz5iR1uOHBb$ z{3>*4)QWa~nqLS!UoGl<>eBwf&6Kp1Qn_BE5$|CnaZDUuc^70fvSNG`QlBgUv{ltb z7N`ADC?)SPCg~B}IDzEwBT(WR<%+wGahB{d%IwQAU41x_c@uktb#^Cs~7tM+BYT&CA+vKcl{>)o#h)Xay|P| zLij=NUISUe{IfBrce(8AW7M+AmDtPY3zl?QD0j9S#Xi^%q}zS+WzWPy$cJ1_ID;0Y zHf(xhid&4avoraU{kVZlB&fn6?nw@?RtJWDTIWru~=b`yll$w=)cQ9jd zpwV;fil-ktUf#N^YixiySnJZxt^tKgboEr&Mg)!xI1Ow`yG??pM0cQgkTd7~P===R zDBK!t+tp~+05!4eMS{3nPs(ovmx6H>q*_y$UGGAdT{*Tt*zN%ykJ`Ee@-Q2*DgVW^ zF*b1@u0TtEyct?vf!Y)oABWWi<)!ZFG>`s)X(Ugyz-JxY1UQDxAR-AXS6-i>k*n6J z;FtsH7FG8yWf`!2%Bw5Z`?lfC%GzH{l^Q~3)SUNJTXczunFNwXD2wIWfX5FYH$4{I z%fAZ_6z=ByD1gBIU2(0Q?A><+VJ(ja58Zg@(YJOaroYX2N1)Yeu0pw|1s05akc}bO z5{9?7Q(&$hVw&9*RPCuf-6B}fPKy89cyHx7lbS0K@{}v-}6~}@832JzlkgbD<7Ui zvroNn`Q6<|bQ(Wg^@tKM8JvLFgjT{}1B62eNHZ)C-_|pGWRUXo zx9GI|jrO)EllAelH+Vf1UiQ*=@;+!vtPD!NZfJy}1sFt1@KQqw)CPpFF!oQaLseXf zj=ru04C+NKJh~?%x0nWn^}#T^qIRkdzf)sSwjIi^VU^F)rWU_3BUYWo zuZ&RXCj4XP%u-Q_=>>L_?RWF@{K``zmqPS%4)CaY9CcN^V5jw{us23qTD%f!QeX`( zHmec(wBkrDv+8v9-=LqgrZ?)2(kDuQl=0^Yq3s@-*sQB`HUnkFh=5DSZzR6@qOC{V#jKS!PGC+l&MNDXu7 zAdTqd3ioUKVkg3!*n{Vjzzmhghj@Xvl9`t!`R>pu`^qNkhucJ8Cu$*jKzbOOb5u*K2NHS>0 zEHz6N=POdIl)ve}8j(KvLq{9mR%4%RA(UEEpT8M7qp3H~_eRCPo7N)^Eox&dH=X&k z&e7j$#ZO4}Mc?%B+p9ZVE<&wc4F2%At=TQcVZaFbEYCV8wG0mZ{e8`ZX3#J2yW%*l!L}q+Ttne?yRj z{O%!*4eBk39XdwxgHr}zZAa{1h0o5rIA&sta7(~Pn4DNb2Y7OMiciC<^?TT5Z#nP} zqZTzQxdPGpCp>hDjT62hb2n*3cdo6f0DYcMI9-&*F$9!{b$ zmzH!)T2r{JGd$C*fh%((Jz4FPcS#K zs@iaLEH8}KuZo;$b4?gdgVj4;-n1vNdmr zau^Mrw5NAN_vLD9VkCd}-AmT8I@x(&j-4;4VmG=~V|^~^9Dz*k&^ouYGddXD=eIs9 z<-FA97Q0f%Z&&9~lp8eq%s4jWn#G_ZwL)C&5!@pZS*MntAR&f}En31@>gF4ppMh?L zOTgRx+ExAmf4|fkwMUX?S2BS9*sAS^FJlk?;CE}nv>;wf?(1V$@a&|dPX+c-d^_NB zch3wfI?Ws6TYw-w7DiFOKl(LayK#r9tO_n(-)3j3vebv?gxizxz&-uSH~EqrN_IVh z6Gn3@ce-dUr1YR90(8fmt7Yz}^qHK`Czql86?$)`G^XhWg7o@}#ld~HVC$m4MU#v|jvTW#aPsMh@N?OX3yws+Zn@tGaaEu&RDulye(`KknNm^d z6^QvuHi^>gjA|iqFSs;XeN1kz_ebS3k1pynRnlknbkrT+ZkvIDJ#0sMR#Njr=g=kK zqQkONLf!`u7;pVT#AWiLZ>F=XqBVjZm$CowPhnAH>Qtko#jJmKF%@Z) z(_)qsw+!r7SQ^&Qk6Zo~z5o1=Ab~9|7!#u5 zFu!D=ad@O;ZAJ{&j4r4jLUBhPb>a#nZ7KgDsJ^7dImVXeQ~vL)s;D= zvKEu90>sADg+EyV$4huWED_<{A=w6KfQo)H!NWuE_8K|!_N+i?ycPRPS@mR~=x->q z+>sx{Gw{aU*K3(lOhY+$y|$bl(L9G4y7MVZ^`@A})?F>S5Cju39J~%2Lv*QBNh8Pu zoH)|YWp-RRmz|qmb6_%;vHRw$XFrsCt`#P9skmuJBTKsPrdmK|xSLK&5YXjAwu@<9 z8l&Rv_L8zd_Yb87h`nxpYw!M)s0ZtKUov)}-)fq{z{y`Yt7I2-^06QRI~feE_v|`) zp)I@I-i8s79bqWjyQQ~&7r&Qwa(DsV*TP_F;I^(gc3MaO{53-&`M4jrOCyF{jOIS8 zV1<;Cww;853!2>O^#`9N+DlH0!A6Lc6H>wXzX7b!eEB~tqALlpnkVDr+?U_!Xr>a-6` zoEv?9W4Ww0ENAROv72QVxq{BT)>5LqQ#oae8=F&({~j+PF_LB^lp(o3@Vl}!!c@#lb3j}hT4q(+Ek$XnsWG~eRH=_1|9qGP`T>(t%z{#jsnox1m4NaIs zwIjIn4!U#PIsxys=u?^%~0Z=pj*fMR3j%L zO`bOEUW6GWsN!rR$b2cVr1DfyWJo_n;-p2#OCca;>KG9wG5Vz-=A|5=VJ$L9oVk=0 zDUnh7jv!+LTeq&kjXq7F^nw`VGPj;o2P?dN51e5=%cqRw2Mzeh8W zd#PBKtzfZO5(uPj=0#$b$%A1b(34S7g@R|$54z?8{BYQ8a%Tdh`dHQ`Z%V8Ty{mpr zY2sqIl@`a9AMe$SFwY`#;2Xg#sxrbUSmNP)?YijxLr2#~U3`MTcHI6iBDosTG&Lc~ z&MZUjiG|zkKlC8&H+&;L3E**RA%@a3Lii2selNP+QpmW}m|MguCA|UfIB??npy4q< zUR?TVQ@tvke@6Zbps)Lf literal 0 HcmV?d00001 diff --git a/images/WinCertCustom.png b/images/WinCertCustom.png new file mode 100644 index 0000000000000000000000000000000000000000..193f6c9848a834ce4a6739064a7a357443e7bf45 GIT binary patch literal 35737 zcmd42cTiK$`}d6nQ55-D0HuDc2na|CC{;v3K{}xq5vidlEkH=3BA_6k(z}AxKteAG z2?zp8Z%H5!q9Qer&_aNa>vg>|H#HRC z7v<;S;SqTB@V+Gv&*Aq67vlJ_gFBGyX}g2sP_U)pJs#ws_|k!K)JxAqkB6rw`Q*ME z?}2^d`9u3)9-h;k|G5tJ1eQJH;Ym<)%LQgu@Uf$B&RDFQp}dk)yg0dcRDwO{H}i-3y%zr}9X;q){U0rs z>p}VX!BK;Q;`ZfRhk1C~&%8QwU?d$sctxJ)_n#a*`0~o(D+h-7nG1(_cz(TYKYm~s z{-?^zx``PmWEDI}(r_{UuL@q}qZxF9zKYZ+SuukIbs*fD3EUjdpV-0fIgZBRCW^@z z9N`k8lYWmOI^l}l$3_ooxk{MtO0%wUU6w@%R?aIk3x)cu0eWo@6BDv4c~g;xM><;Q zFgzm=Z1)sa90QJ-k}wnp%*=t8mt1=)lF5_8Jwg`*({9>ql%+X%ft!$VG)IOUS-TKH zCdWG?w*LCxacISxotSL1+{nxy6`88v5e)PhQR4Bp|Qswg?3m~uq%IX(ngk* zsDbgqB1Q9*9l&N1RhO{)D=>+#w3ljZdX7Wu?qzl#)_o4$?_wLu*T86KTO46Ef|^jt z_dfM3(+gA;Ku0)!&(}vQ_Z!lamP2qhQp+9&Ate1_(xd2!66H64Ni_Q zofJDwVw)<+JsY~Uxw`zZFe1hfH#0Nu1quX zzT$qZb>F;*56s4=v$@m=v>COLS)Iuhx#rrowOH*v2{%uW`Z+>gAM&YTV{-Q*4)gr- zJB!p5Q5Z)(T^WqrZ38uHk)PVtAD(*=`@k4;WcG)2An_y!hK!NN(eOKcQ?@6=^iT=o zQ!HfM>u3c(Ztd6%DTAm^0XSrxVbeeC9j2!ksNSp} z!cnF)dYbZdYZXj9o9M{srpBMEdc?;Qr5HoO8+o^4(yAvqu2CDk!B1B3y7%=jA8XoJ zM!Aqz&WPQq_sZxsZY+XVgL4 zvXo}C8MoxAXDprl<00kF@R(>%RsK4p7`=hrFxQ*S@o(T>7m zGV@ka#IBpR#+SexUmiiI<=2&#JK0UcBC)NNqHPcsA}Zh`KU2IVZhbh`Hk85u)dQhv zPS4|B*Ah?H#SRqGYS2oh#bH$GjgLJ7tI<-!-?iZ*SV4*E9`9$P1HIXJ+sPDak3V`waFtZn zwON;@*0$t9`cO`k+tuy%ea6Oqq-i@a_nxv}gq5qUt}`~)#}=h$0c3{~G=YuaMb zWXba{G_g91IZv_d`W4%3w}Mml)TgobA~PJgiZnn;8_P~E!BKAR_OxwX1L<06^6_s-iOoFz<)(0WsRa#2f{A{9Zbw{Dn#vuG-U(Iu- zrtD1`d;t~t+oMW(u7Lb^tkYTwr1LVths7L_%~Ysf3pXLGLA^Raz+zcEW& zL8|iO861-eYq=}P(J+)#U-1F^6Te8vrG;Va1qV6`J(#Wp?|J{Brl{m)O)&r~%+=0s z<=IVlM+VwAwflX;OqM?=qC89;b!pnQLMU+0^yP`>}MAq|n*lDGidJ7B79}LsxU)@FZlg5ta3_hM;M-R{TE^sR+nYu-Wj^P8Q_LU~A zfrp`dTi=YYhhyELg@|t5f-)kQW6H}1FYQ8fQ%h&7IHw2cU(PU1@f{xS0N5Lp?Zb_5 zIy)ekp6J~YHgZ1Gl~%Du=JUn{PXP7&D|r2%9Hw;`#@GLB71-S!i2O30O;M$5wc-9o zCZ1OD*m+$X`FmhPSd3x^fSCQ|I-NX88&ND^x48TeMP8b@#9$%^hM~GEc)$Gp(8)KL zhPBmjcF22Fa_B{9zWrdOy?U9eG4UB0vo+Lmr`H8E6UV@t)s-wWj8sq%FCVw<8xI_r zTH9?8$%>191b17;nmU)%rk9R=ET=BLj5|U2{&**x0rh|3$eg*;AIt_jWTd#qg0{0K zx6zNrY6S;c9oxLz%1;D52f;YJ|(X6unXCE5iFprI*=(`6pi+3yUrEGq-)gPqeI?4duACh%RDnv1Y@Nv-GMAekyQ>zv@yQyznAdvKS`fcrCvm zGVwx{Ou0J%jRHTH+aD)GP|x6ut%f%i%+DNA<)_v6_L^Yu*)NLIVg8d3mdUH($U1yQ zRF^D$PKRnC&1Cn;ixSN5vC1iefn!h^TnBVcj4lQ2oA4MNh`bDNDMCq9Uh3>rT{POH z&tbF47~w*g{8h37bRZ}qZWpb%40(6&a(|Eup{T3f(dy}Z@E69Q*{l`3LT0uTKjdJ; z%@3iwhdqFL$wH%4rAn9A~KY`QYb6mvryBUw4_u7(O3@NmQzA zULfpgN$n0w?k&Nudq4jEk@6Wb!7$n%q5?)+DctxII+(l)1X}i42X?PW==sXal?LwT z^kSsy?-xnehklHpojpZoScj&R&79NLo)yw0-S4F_{7mX3?>+4Xb*FS3~H8vtn(p>LjR(h7fH-uQLz_5Ch{XWtrpfK*{x<`j-$IyTL!igWu0D@{_$8ix zOxVE)`>vy-aW6N3d8eVX5>-NpxUt*S0mZdqD6!2wuWyGUsAaf`A`{0}rJh%Jd~O|* z-bIy1vRA{el{%HUg&9BZqs1UpXSa2C70R0`MzpfpMWFZ*FDWciynGQ<1#TcUyP1vk z(e&ouT>iYSp)uJvq2|1o{R@VnOZJ7%-+xx5J*lr5Uq7KEb3x@dx`cUER2z+_WJKI& z%3YqT)eqkdQ$e||jCM0uSGN#(vQgNjjb~gsi?q>#s ziKD{!x|Nt*>$(ECxmo>McAkbyXXGP_HGBynF%r{bKL)dWcb z@UJ>e@OoKjwzY6EaOo#Y6ib5}Z^FFH0^95xvx^*o;P(#r6&8s};MeZ)tvZnHweVfO zP0To72~zZ|hw$%2OZJ_rDr)HnIGcgq`Iu$|Y7OX@Tm53G>6i7ZfpXNG&T_Bz?Jh*x zcAzAOPv$%hcM7Y!j;B;qyJ6^@;BXRb`cNvFn z_jT$Qxo(49-(wURyb|*!l+Zc0;`Hn z;${5waIO_!!u&Sro4Mgz^U5e;kY1@E&~V!s5M+@awUE^x5EJfk4f zYIPm%TXqBCunO9y+EJx1VFPMuO(FCzwnY&Y0Up}pEe$9Vv(cD%a?a_{^r60qcv^yxd4m1N;>9W2F`a)<#J4zqt>1gwAp8Wri~vRCDK1u=Ty9!=n;#$W!afS6 z)U>6`Dp)_kLlG<9Yrk}p0J@_Jd!hr4GWB_~GTMZCjm^jvj8x>yPbFnGRx7NVG}4)o z?!}zuGKTQy8R15zHsZl9#(I`$^~IJ{z;bJ*!D{D3t?5)I81#5zN!A%tLHxkMIgB^V zk(!H&yZIR>qwD|$;%oSu*&b;89ENXfw3zs$CE!Gj)D7s(M4Xj&D7ByE=%P47WTQ2^ zf6tGjdK+$rzN#fQu3flf+?3DnGv*Ew9k3c%kZme(o3tC~DJFUAZYq7>6T>H^XusbkakX4qCAxe>~Y zzgT6s&`^I9M_ie72fX2Xd!*gIaMCsMMRUVOXmDkzBM0;;-^jsTdwB$NdoZ!PH6&vN$*i9zr zjI_cbE{a0qvfqW=Tt#n=b`aInFyaoSWcuG5{@bICL{Orz(}=102L=Zt*U2y4V_ zwgjSn?PH9mi#SY-3Wm#A)xm8m>NC9*O(1}Nt_)Fn~W+TI00^Me{z% z!kqFYEeTSc1&TW)8khh^yz09^tSJzSv`nvY-XEuM)@x zHH>a4uTTrQfbHJGuNm*x)7j3X@f(#%FwR2cILr3IX>aoW0$`SiBcT*Zs!c9v+Og|h z#ZESYvdGJtd%G7SHXE&-1S?M!8X6fRiR_+0U#5LT! zCeeSaH-@j3S-HKp8_r&DD#D|>DBXKU<1~v3PY8l0^>;e-3_}>Jom(qBDEE z0^o>Rb?7c?*#1Q;d7PPFP{NWd*RApW?KYFx$Sbvpq5Ni%!6I4yBpQXz{Z5@sr9wBE z56XqJQc5CFyRk8k`I)f`C%0F|`68xP+tBU=#+0YCVS}nG&r3SS%AwO+XdLULJ918u z#o5mXUI=v9dY3N071O0qGVC`tXAVEN5l|z=t(|>og9|fv6bT&ecGn_&?fa0Ew!dtx zy#bF@8^5{gIu8*y*S9-GMX(-!(PEuuDLQ9bQX6Tx!ZN>?b4(0W6YHDw~ zKFX|TD}Cda@*f6&;CQs6Vt-^4dW-ph&3;8;#HK25bzO$atEG3gCOdWW7^DrA^T)9X z*Nz9CP`oayR2zrBKV5kdzQH~QNH7M_k+vppT`TMNswbR4oBL^W%>_@x-FpPW5r=fN zk&g=D21e(hiD>cUSm5*HmY$;SbV6%WkEGA^(-l`=?N8+v2Yn8NWt3<8#XLwD)5=;J z08C{v8-XfjF(<1S=2F5K-~E$TfZ(TMa773C%ybC|9r7_d5%+ z>g?b_{%I#raiQPluBdA4{m_0bFb%2qdGJv!;Lc*zPca{PVi&6+z~>`)GTP8Zk@%0w z06N;!0aU-f={Z)L-$RU=?#A6Zw4WzH+FO@gR5cfz+) z*X-R})LXvI$i)C1jAt@VsZV|SP1=V&Qe*mj%lcM7I6(FWK0O&+5k-kv20t)!4x4-K ztnz0f1Dbr`xvVNC?ff=frMMq1S9AT0l>drxMmKC7=`q<^f25Y4FU z5_;e%;Us>UD8C(i$}z|?eWYh^EJltpSss18-DO?BF0ei*dH#!;&GNhEE{AQOA_qT6 zrfmvoo)2(k+1NjVvSLfP0y}of{KwnhLH3)(KYu|D@XljZti|9o|H&eKJ*ZHS{o7bf z|Iatf-LeC(^~%oSD=)2j&~3rr>d-@bIe!S0MA)W?Xs~_Vzr;VQCwO>r9ZGjTslIe4 zS$%!b);BKYrHeAGtoA;Y71gQ4Ii|tGBN5krJl7Kd>20{&@DR>vgS0Xq`aVvjVchQ{ znv8gOhDVyO3gmjmg;iQ?_krr?5DBeJCxf2%-t7Dick&QFPrJ69LR1^OhTWc>zO~#bl`3 zjr}Tn97UMqEKw9`g{$SHmSnYMR+I~Vz2W|%MwYzYUiS_6bWWkyk|1Z;7Nnkqed1cq zZ<|qp9+af$G5G9_ax#klK*N$fD~JoS)WnXlHkbp6jz!&Bo~Y`X8Ok0ow3`m`h>|$?7S<0V?ns`9lz#|nUDc>P;m4N~OTrU;f zG);sf8wU2s>K&|*wFiCNNTZa*1oE}+v1r3z*aSrx@uzYVFtYsIxix%6Z`lVBR0gRCi}(wdr~FcmP%L z>HEIN(&lc_(RfBwgmT7Q?Fkrti;GEk0cSm;Td11eFuj)zZ^hTv;1y5)C zzOVcAMn+aRF<9TBcVw-KYXj(4iSC|Xdz?zz=w}<5HgEYxp{#GKX5L}Xq!S_K{hIPp zO&d}G7DxL|4;*1E#zfr@_RFdxZGk#>WZ>De5)=pI1YfXqs|NPVR8wxF#wNs(+P)H9 zGY=T_CuQHAc~3dU-E7Z>cS2bM{{?Qhvg zYNvV)HC+rK=zqPa1Fi~8^3`?xlf^iqk_5g3o$YC@?$qpmDxdt?Gh(CvsDrC+w^vqv zc%5XSlu~DvqNX2VQeRJ!-1fa`r7IXq)c{aj&IuW7l?!@AhGo8}ia5RZYS(|+*3!Pj zD`@y5rTDVkOcA0qqP8!J4D34D|6FA#S)BtgOC6yMN-H+zY-=TRel~Qr4vWubTyUQ^Bwme}&-rbfpS5zL z8Xaf4-4DgT=l)UMWF3q6RGYLP%kUj&ybuT{?u&?oE4vQXyH4h})>atwJ(+3K7&zxE z&zzkU*z_AP{K{ZSs`asIcV|A7%y#bwz4H2riO64B_ypYyZL&aPsW|=9HFlo3UnXERJGjCtZyv*HO=h{)!l{MBAMdQsl-%bIPUuX9S|zZLkZVt%!ix2ZRyfw_QSqTAAoaLvtHwHpVv$jH)LFi7NR2E zGxsjfq)e9mYM=4i8~D>}jmH z+^s>hLH^4Vby`_{Mp{CA1J4ovG_5qm?oPcLejFAY)OuPC~Um*1o&) zs@bBsT(dg=`q__U$jHN2(s%7(S@=ItA)V1qGX!a^?ql#`PQMSG} zK57C_U+Fn6RmXObc$Q4Lc}o(sUxb@l+Bw1FAM7B84VRsl-I=^_4Lgs4EzIN=XT5Oa zPe{TyPn`v*Abw1_ZrJu0@%CPDDa%riAypwZff3_ahcsD;emuWGEk<)<(8&XLl|Hv< zjZ#jk+)OKi}_?Zp#aqXVTuX>;HN7et{SFjzGx?q=!YkKT~ zdbDeH?MB#RzfRD6pHRiLxAO%pEOopM^5HeR60#{f1wR4!QM}YvfO<1Df8)jDH?JXY zWY(E2^3&($Z5TLTAMfT4KJgZ5wI?r^Bz+0dS#g0YFaq{11HA|KA6+f$f?P0G1^c-| zj?PZW0$1fy(ub_AKhuM}N===G)b4cdCk@aLl?Y&HXxi(0_k^tBEi)^M8=FlWI#f#M z5-_Xnw9R((i6DW~)}@(Qz01St-{e&zBSLFUdxZi2n!dA&2Y_orzo8#b!h6mC{=Klf zohhsuu=UhMGiX6>Nt6-@ZDrZAm_43h=`x19*_yjQI3k*!CCajLKx;w=R-i`{mXln- zGmIXC2)di+p8azGHDuoj&x(f5N57NJNiCI#iE!BPEU^qY(P*fOj+3Q*;q9HW`$Fol zj+y^1yOh?=RIq=2UPG@+T-6L)JC`+oS7C0(og(dxJ!S?(E@f=?o~?UxsN_iof1`Q< z-C*B6b?r&@{7rfD_4u1}rjIN;{spxw5t6Uexx_YZWA*saU2ifC>(ZKT(tq?-dbu7% zFJWjxIsC2hi+S|{xRTW_gDFiw$XNY`6#IMs^9S`=tiqi^Im>(?qONM8!o7eLvgsXNcn{6p^`6Nk@(7j7=KTE3 zO{y_v52CRaJH0$tG?eZ8qXzQ#aDP;fXOG4gEyImH-FQxi2 zNvrj9b(U+}Y}nJtn}xUO6wR0JK(DT<_O=(W@$?l{tMYfKhU4VBa6cr$w!? zyEBySefydtFwyr`r7h6(Q@yJ59V&ZH6vW@uW0_{-+G&-AdjEhI$87xJcvi?KU45w~ z>RMv5(u2Y-AGWw-$i7pIPI~1Xx#c!>+u#EkmZfPuOUtWVk)D@rx^&J4v6Uz;1OffJ zC!``{ddI9-P4#p6Olt9CIbQG^+VAUkhk(=DA=lmmF3}tA2?fdm*CBU|SY5YU0>n$R z0<9NYXTI^z*nfWgM;U0FQ6BEo7=%q$Q?3-_NM)A4$K&}g2p8=yjEB zVcm$mCt`44#?vc(zU@gmyws7FHxGs?>EFRC1wDu*HH4K;@aplmsTnvFAYS`hu6=$U z6SsqS>Yo&(t8%9N%k`1l+@~?8)erf+Kr8p7WmH)ACzr)Na34W&ZcV)|#v@y$!9WL* ziXS!ajKsyHSF0@XA0J0~s%-l5?hrhQ+>)aMr?QK(z$NM$-!xo$Fz~zy&cyf6FS5hD z8Z8TYwJoW(&K0@p**eQVD;|XrGj;sMxo;aKbq{?Gl@PyR^|t~QQRnhe1sG{uqD*h{ zJ$f17KXRB?SKaiC67E0`^ih+4aQKr?1N3egof)Z#PfW5k2;6LeBqJXkzo2WoJ9Jbo z_+A-PvqO4LZl~miW=P&W>SkJt&ciy|d(CA`YerUdd|FHE#Q6Z3-XVTl&eyvta2w;F zPP?wFwLSID5-1<{1fbI$5^~x(p_y4ue0;!~lXBVeV zIme4iekl_(c^Ka1I_A<(n11(VSyRh&-8Ms(y?vbbSgee15PD;E2=3ndh@0(Xl6cz2 zwr<6lPx{7{f9)T+oA9hiR=oYKCmVIs=1jELa@9*sRqFa}tM==%%cIEUNT1ZR1q#;F zvvr~h&iRp?_}tV&UaM)NHtF7}duXfVTU|3Lbb%HVsT}w2yjx?H(fle%W4BkY_!CU6 zJ=rN0%TaoWEw?)ImeSag_zhwwZ+x4g1#$*wVT$!+VVU?wKCod@9wL+2Eptm%FDqv? z-|(Gv|KEo~C`FsvJ1ssGR7fj}c!HK}a#Us}SA1|KyJ+Xf@h%55*|%m^_IInHug^X+ zC4I8qPB+;uS62)r)Lk?Izg#-)YZFCGo*KQ? ziA6p3VD+!WOl*1%Y|bAR@~cdR|7RDHuy>(1r`fC)X(Iuv1I4oJN}F%L&+s!)zy~I_ zF{hRLX1$Wzu#bx&m`I{y_(Q`ON|FV;+nSei`C)`ddHkJ7{9zu`e_owww?{s{_`=Po zt^DBwK?~3^p3;ts>%Rhcypxx^#yrT^l}cGr9^rxhhj?=N$Nw8E1pMCs3VCk-snJ+8 z|J{e4pg(VvkqG_)RU(npK>6*LGIM9>;ECHgUDF{& zY~*U0+kfGTwEr%A|94*T|GOhaBjOYbnlpzACmu9=z&}3fH&G|iNl5am7k__%Rum4% z$Xo$J73;I}tB=N`|JMX1&+WY#Et`dQ4x8j$;}{wm8deaTQ&3Q_$IG-Da>1_X$OmJ{ zdwWz=$iCyZ$#N^{rH+%BpA-s(Hl|EC$@9x;e5PkPD)8`ZiHTTfmykZbCD;oy)Uvwv zyOUJwQ5P#97QpnGe078+^v^$Kn}aNvwHlmB23H`FmP7f2dfAM_Jhw&G#k&tel)`O_ zZX-|SL5{vwRbw%9;~TYheWY}&s|U^S7)HU3?jO8O{mK6o4&B1~Y}LY`HAtMsC{4p2 zH`*&L?M;KId(XQ{jxFBBG#RBT(cG#|VXR**7{`(0gl_K`X5U&;bDlyafZvab^mr3` z`v9Lymu__mG9|w%&C&_Y7J3_rFaD5f`&mr7Ey}(AYXCw&P7vWu=Br>enl2Q02~Vr3 zYE47TiUIw;Sn|P$Kv}Cz=)a%-6=?PQysx;{&`(B(CMdM7-BU63N=sY)(6gC`Oa-^fWvXdZbs#25sekG*5AIdTbaiQQNS_p zN$7%io+e91>yMEN&M?Q=SoP_5{PO7B4@LS`)(~^W!o#B&$EG>9fIwJkzo_)ptKTb$ zbkX@@m%Ddg#yY)tkV5%-O*+`|V5;dX+XK*)1T&<)C zwcpAkIWFfUqo8I#mX5y{)453){&Hq{28$sRd-(4rMt^LW1X`~Uk|d;ZBHnK#xk_E& zJJmeSx>&lD_txsng*N3ruZE5$JNfaZKuU>z-029%av~b!cq%4+o?7ezVvB)%a_2XL zv<`USC*hs5vJaZ>T(v3xHEGDu8$TEMD>gQ}$VS}o$@Ir!mRDQ}-ZM`(@%)oohv}4i4+~@`E58J;^#B`n0d*X-Er#7sF`rKOy z^OuC8A@I$p=x zGDPs(!zGo&-r9EiCsp>>?rh&>oJ5CMw09krVY z%chD7ry_R9f5vGUI(V7qGqghO+0wfLv*ETRu_Ab$D$wkv14=gV+DD-K&N*$?tNLv? ztPsu~u(ZF{4B)`Y3>0qt9ITMr%bB>}K995f#?5>I<3yemdNkD#wtguQvyLvY6?bg; zGk)gy`_(Nxi#tqFj2{6+oAm6SK`-^_?XfnP{X<-~Cpp;5`Ds#87@)QC*Wbz%`nR}+ ztDwosw!)weuhhl`J2lix*1HXER~bvYGnT%sMXqywsLkc|9TXVP?$i!w7y zb=lXAoV!B#o3vPh2xu{T1a^{U(HgF7!wd7!rrMy*wDldc^K^jLlM4Kq%;c!V*9j!Jb_a}8KC1`*~-(4N1Ng^*+N$^^X_o zMh}0!4AIAIj~yAbyVSz}=!su4`QYF*6B_xerEPhV8!^M&>r9wGHLE?>$}HEmv^wwy zF}_R50)Cg)pzDhXCM+T~jZ%zI{vALbAEJRz*C~9Yks6F4Oc<@|Or3&Rfm~&EGjz%( z(AXpJAUcs-Tw&c}gsWCAt=t10@bMxwG?p;-Omz+y; z(+V=1k*#uZUR+IjFJ3N5hJ?oz3@p>dZr-q)bB0kZ)ND_S&13HezCcUW9E7kw-jio6 zNE+}gdcWcq{TI4pA4B#>>_3*uzAG}`A=IfarVM~g-qqgv1T5dujokY^6*4XOhN^7m zMvST$9dc+M8EET!1lgZi|5c;0P@M#;9Gv{~OxI??>6?2fPrEnAPJ%w`zY&UeH)AOn z!&_V~3hGu0KFud?HaS{U8}-39&#|?GUd?lEJdD!~H_-jLST3F4W_G2r=Mq-@B38zDQ*4y z>5T4JV8G3hF{TN_`4eo}#D2g%X**5FiSt^Svw_>5fQnMXI^oN^aeTg=R^Ua~K$flc z+UTJ~Q|R2Ajz8}{$F7ST2)Or^x%pi@5M$42MgJwMN{{~co{m$0HR4<4%l4%)CdmKQ8F}a+_k%v5{hq~K9gCAfa%bLjD>$PUD-cK<)Qm|!JNSIl zRMim{b7_h`h;OSO9p7EBhbL7x?X#;&KvnKo9-hGmtJt`8$hrUMG92A|>mc3arPb^I zBcJ4d>NAT246C(?^gkt*fNnLV!TCQa1ZQj~oxSoy#dNfa76cD+Q9`PfEg^@mWPJVK z5>x)?5B;C#vOG_!n5gT4@kO=ODDvn?*DC(=zY4{DpY~&+6?-8F9fXD-m=%I6E4Zh) zdIheFi37~g$a^IaU0&z$;mzh2FubhLtoW8nfu0CS+w22`-a|rT49F}23%dejnCmRY z0SIda7EsR$v}oCJa<4}z+GR+-W^FfMNF}sBvxcflBNOK9$ULD78uv5u+rtENPp?jj zkX)|U>#e%@v)7LJPsuSPBNLJ6=_s6b&u@Jo3H|$u#HrTN$5+g&24C;uB&NWK`3{)q z*~l$$i(I2Ob%7$grd+4XSFe?3WnloY*sR&$Fr_r2I-U1Mh9$#>3~*{xzdqsBi56Q* zl-w@wQMsEd`~s3s(lJ<%%&d7YzOOoLQVVD35CK;WG4sH1RDbQ(2^>h?G$`7Ny?5+j z_$5Ix;>>+0Gf`G2T;HB+SM_N$S=1$mfFfWtwfUEI&7tVLQuOjbBy~t}iJZ+5)oD&f zht%rAot8tM_dt4K3&sp7H9IIKKUbdlWOpi((J&X;R*`VbS+XJlGjZg!Ew!li6x$!{ z>Z~2|5}g;w?734lk3fwVLBJS<|LIkkQHqKPD6|Or>j(8DufZwXA6m`AV|t`R(YBy_>BnPt@~G}|prfMAcc5(Sr1?+ORRlbHe7i%^icR;Y>^FRyql~*T51fi< zuDc3twCz-SSZkdfuVY1$Y+zo}9UW&Otv{Y*rCrY$rmr=^Hw^?~`UY-Ns%i+m;fPa! zHaDurVoQu@ccf&nnx#!81ENTHi&(8gZfYPLQHMl_`-;pc_FtBb4ZI(=>tMOveS1IX zMgjn@@B$FDR<|>f{L_17{#27p{ zWv(6^YrjXMW;fk(MA(QdlA975+NeA+42&JDK}t^Xipj|X9B;dA&bu6-OO<2f=@3~c zY-Lwq&Uylq+VSC*z~YGg-kw!( z3{Fc-AQ@sfb4nTF{AiJ>=1kaxu%c*LAW<8&)iqV`HAaopW@=YO_W1SCW|k?s56M+V zj~az?udk9sNDkLC-PgWoOD$Is=Vd@kzEuk0hH^TpJwI?qghF5~=?Xh3Gn{@uP64zG zn1i$7${kx?OBYUJW*jS@+T{c8F(a~VL-J#te`7?gn--2>HFS-o_+mlczb-**-SR4q z=mRnHylnsIsVJtQ13Ro(A^z>H-w2%QZ8K-Zt+8*(#AP;W&-eQW7*5WZf?po{(^Owr zi3-@aNR6}=0r|{t?or_9cY1Fi=C?*))zZ8*EDfBI3OU@0QWagBU*?#`n#Oy)_S~v# ztb3|Azn03VCk0bDzNPUqQxyqFwB8x0sI4NwC-A3{2YfBhsfi6oyM2&JS-G?jO09xr zgp6@QrF=2)ve=kCgckGS0BAikxTeC!OBVXm2A@SInXln+tfJHPFF7ZCy&r()?kWy)LEPcXO(j zGnNp!>5MovK$MP)lq)NMR%%9DbcV-=(#0x_6_vcyG?{95Ql8tw%D|i!N4F+&k?XXs zGg#W`3u#CP2<)^^x&vA|`$dYo<>fhH62G%|MBct}zN~H(y{ug2xLK}nF&IPR?1qrf zfD@-dLBQ(HDr01`k-o2*4^?{mV%p?yW`N8Hp&b$8;cd*UJ~jSh;@zG_cp5?8r6d%S ztOKf;-2FoEV_5mU&Y~Akir`{+eX$@4-Vm}HQ#W`ToUJlEMH?mSw%F?*98;&b6NQrM znY5p?fIqE*3{JNh&$uCR|l-l{}VbX^=-BHivdMp=60e4Gcf;%Ie@k1{hPp$bU zxYBH#CytVp7?LKU!D-VmsAaBDRDa{^V51b}FY{JH@(>_z196c;%MEB;E$|t|H}t|+ zO`vvUtKaI`?%W6S`WckZFVr8Dm15Fn+1o{+0f$hSx^pBxJW>s2J9QAor>$sM7oFRvBt`A3TOQbI$1POhowSZN9hh1d(f8{ z@JfQ0>r_#ea_b+AIp$QGUIuJ0pWr`(KxdoPU+2o>4Q7y#fep@|!4u0?SbYrcwh+F{ z>-1rF$6SiNGbZb0_~P@iZXN<@a|MW>k%ca;6Wf2QQz_D!iM=?z33?&oycnd&z)8p4 z%{Gxx)#Oq{D}Yt@E|-XhJ_P7s)n*69xZh;r!n6JJcayBeZFc zz2-^2wI9UG%O~fzBM{Vr_U)TbhK_aI>7=}Htgle)FJ}m;Q|F~ziVgt1W@HVTu?Hhz zLlHWLLEOFu=~870ka$mR`M z#-wGTJVekJHTm0^>4cPv+Y0uZo1-v&*?kkB^UbUBb3y?D^<&x5-GpH(wK#0xcq%0RZ#vI$7Zy(!@YBTVH;A~VVl6wXKz$gvuGHzApwN%s7 z588%P6%k=MN8B2~;<@^yTKQ}^)G^MjF{j=5@K==JasmqX)bU$Okww<<(t*3E!U)9i z?d1Vs8ePmd77O#vE z+bXzzv&yX&yA-x^V!RmYt)k5$LzkPJZ+oU-rG<2u>d^?g2 z=u#K+8V0(DHicf<8o$r>wo9BDv=93`8lV#DDxu0JTsPu8yfgmuXtP9@!vfAg7q_6m zhTJPG(aJ2d&|dv!z^YTLD zwtvPY#=WEhZA^B;$za<;*nSE`b+%MJEAQ`49%b&ZeG@OQfypqL$&K@T4BE=R-79%= z;nOThxJ|P%+BNgjcN790y4roP67P>Ge}SmO?L};^z(O)$BjFe|l#F_81tbNslLT$m zE$@HiVz&e2uXI8c0uT-BoenVqZKIBL3p#5xjWF>t3oa*^th63RenEjRQevB;@V)OS zO1-aMC8Cas&Ge1L@yS*Oo=hICIqYgKRZc=PJOb-PZ4t3sSNw0J>^VIpK#Z#}ViLjo zZ1ME2qho_2AvOade4@N#8hC=Z>Wdl#T1}?N@sC$hjP7t7d%taKtsb&9oB3+b&pv5p zGAMxJqW{Ei(7z$GVt6K=e|2Z^h|o>@uL~TP%P})wsmGW;)_tA^RXcaNc4!ApoT}Jb z`z6scu$VmwHLv_Qs0fmZtLMijW2;cU+kPWxK^st@d8WcDzWybH`ajxx�#Ub!*gy z3aI=QVxcNX3j)$Rh*BhUNC+JT>AjawL_`EBN)J_9=)ETt6#?l|LhmK?&7a^L#$77sF_+k+%uTBAfh_uXKfPYo zetDhql-hA&VWrY)$ykDE;@N z%dkqHpnWtEG+Z5V2{V{yyvnl9Cq~yT9X^&m5(1GLKy!lfj?h{NDZ^|6+%FIR=rT5& zb&RZAqm_*kea*1w5&WfIhudmLxBrSs)jIvuI<~4$b$6Xa-hQmR6(MEtyX#7>LF!6B zvC_$}7A{t0r#>=N$dG1z3%Q+@2hnQQQ@qrrVCbP11|d_{$$CV_FrcdSVMlE0N`^`h zj8JGVj>Rq~-nCv(LiX-4?j3AX`e><}YRSidtNq^mKuH|jUw9T}&f@E?hN(`ZFdY1` zV8Ja#V(1&DZ{|B>y110e;9bxzfv9v>4XkQtg!*-PsUo^~Lun;{7bUw0j6R)Z$`v)OO3O%Y}w+@1gck1`A5rj^$eDKxcVcro*=J{b@vLZ z^&s%E(`VzeMm<-UgE^g*h5y~6zsgPhsu9T3!=4y3(L*o9y8NigEtbJ>zBS(bm|@Rt zg3wO2Z~6We`PEpOBIqk}|K1_U5y#CE-O52Jj$%bslD)cTh>$94zf=x>t6|d>>`0;N zRQFH_p|hitu%axsS6Psllfl1~UQ8X^b38G5cW@OtVp~%L)Z$VRdWb6Tuj|wWUuG_2 zxoaA^j+~P3CMGZ1T2GP>=Fb0SMvFg@A#z#iCr5<4Y3L~ki6cs5YDD`S*r zbhlF`JvZp;8((AgZ`DYXR-ZnLbK9^Yy8{#v^sEDrBW=^?i}Yl8ngaW(Q)R{2qwtvx z-x77BE4Q?kOr^=h&#Zm+dyhw*)iXst>}y5PpB6G~yzol==&A;?CaXLOaNo82Ze=^H zWBNQf_2_1K2W@_g3&ZNcxMp&mRPX2y7}(1%;1+=amBxwPcVEsUAICr|G9U)UM`^|x zSAThV&wCmG9k=oqXZkB+4DdQaL)C`RoZf=Wd-kS%I?qUXhlm}QlFrWl1gsaK{!$_5 z2vfd@VnjzLZy-sosu~SpJzzl>V};=g2kM1-y*x(#9am}loA-a~P2stpPQeQ*t>LT0 z$_?wL!DLYn_4mFm$BirK&-9`j+O0`;zAN*S#dOw_e5+;8QjY?yO3v&GIW`K?zRaNO zj8qK{n(uVFLJ))k><+-dK+H0-Z? zsD3(Y=&Y{G7s^Xtyoufmg6GBc*BhI^rL<)3GV-$gDViuYy!NEf`m0EQ4Q+S9BG-Cx z-wgRBkc9xi29{c&2?_m}BA+An8aRcsoart8W9?#A-HaeIqwhkccx-npR8tM2#|^6rN|3@bf@iw-S>2`Cta~U-h*CR zCWS`sd$qqr?~n9rxRWH5KiwGj9BMQ4X*g4KZK%n3AWpc1obh^ zPh+$0*I?-R2wkXi0KOh*KAq0KZNQIf#%afehmZOVYyB=A#c)^TD&;Ktq)geZ6Q84V zhL~5@Imwm$tP_P=JDFP5tjA4gH|kp#FZVUa6gL%`gu@uz`45}Qt_{>$Rr%)G@q_)G`o~JWTtZm>w zc1@j}z>XO7yC6qP>=9>?1Li?ku{EcS3=C{I^oJsC##=RHdWA>ueM0Jyk_ohB{KjgKXf(i%*8Z zj-$yAz)EJRXXCP&@?|riYJ&Ho%jc*D?rC7T>*r#Ju#n2(lb~8 zF#tYKz7_F#b$=ORq`piCJ$F`IO*}O*?&`=Y`98<*te!i**Tkp^)t;lnYULJ;iLoz8 zVEVNV#$LI4Jsdg~Dc-XTS>cC?9Ix5Mu$w5cGS_La*s8#7vX|Qh`U?${(<+)#sqi$M z3q(z;c4CAq+f$NWxshfOjT%!fV0_oakDt*mH%)n)tOHq!Hg>;Y{z=1hoIdU2{cJzrK+3QX?ieUW+@jRWPJ{?@D#9IES4JJl6yS$_h>Z{Kg$rvcwgMlr*j zK|>Rr20BG%MSFombF=(CwgdQ$mXZ9|m^RI}DkWJihHMdg=-6fdjbI9=XpOi6=0lW{ z$KyUcskhYa`!qERMMcqLWI=nNG-=0#y@5A@RZt#kUKLVGMHtjd{^x^S2=R$JX#_}g zaQe`QCd0B_{kvCwzD8h&BL88xN7lU~#y75x{!T^VQPw%j!^o_k-=IXFEhT12^@p4g ztu=0^&g>_kc0V(#7dO>@C}vGIgeP=5|FIAl*T52~QN!2Dp;kkm@19mgkv8@VV3m$j z=S$m@UmofZrO|f^M-St#2R3&?2XS+S zJy*N`GSdrB{*u=IgWvgy5+Cb67VIsmUbLj`+<8N5SVBY|{?}T^5bZ|8ZH}Q$ZDpU_ zVJ?dC$+<#8dGBqU2jZQ;{x{2KuWbJMS`!q4Y8gx?^XF>DptAcY~d)NzwFSRN~JV0K@Vix>8F`pu-s@;-eIr-9Or*=&=KY269@q*e%TqMDfcX!75=q^!k>2@( zqSCUIQQmQLoun##2baS1^wZy++=&stopVU30eflob7U#Ovi;a6k}5f!q$9G6r}jBa zxstJ=?n2aEb@zh9HFGkb~yrpE|b$VWg_n zZoxFde881M9^5~ELWaF-26!YjM%?AV2SsvmNE$NrIL4MmHhvDx{-V+#ovX}1R#pwK zof1EZMd3tw?L*lqW3p-YPp~RMqh(Fwc{B^e@pJ?{tY7dh3BoK>z0fD0!+3Q}J_GO1 zg0I^4;p}$KB8$bbz1FBRK&%umDJZb4;e_tC3 z)4ZmqlFG}Uz+GF0d3m{IL5EkaT;VvI&Rda<_Q)y~mRnM>QY1UI`b zZJ56;C-E;OIeqjcB#~bc8TbI=(fqykokDYv$K{XmYGr@a zpv~T~-XA>J9jNpuAsfQzr-RyLZ%Ysqdib$I@kyS`?Wy-Oeoamq%IAv}MUF~;HfDLuPRu$& zIE;h!qto&bUG4~soUY)ic)BIO+ zmjWd}=OraehtShxm%V+-ED>GsX4TccZZ`YpNb05TTUT1HN{1lCWz!V159xC$*CSU; zHJTT)t;>9Z3%gF31gzCjEY;NfOd!D0&&r0H`8p>xp4En%ice(3_IaACd4w7pLZF+Q zBCHE3C2vWcVJ>rb!f0$_T|J^TC{*CMfL<0nec_h-93s6}BJ_4#xF)_tsVmvS7WoC@ z%Os0uWu!9O|MGE5kt)V?gQMIj6c6~FVw&#kYT+KWfP4+&Bg3~L(OE3>Ddy@ zz}7CAw=hAyvy*j7NDiUp^5Qjm+v%b8I|f2t?^@KhQ4VNJHxm9j=~KMPiq-jS(k%sy?2?; z5zw^7de=)jAWzV$!wt5}koEr8E7!)QS;59jL1A#EGj1q);q5<84SA@mE6#86@K7{7 zDizrwx^YD%?HmEjYaE$j^swzjSyowb0~>cm`~n}AU05~{TbuB}re)#{g@x>ly%@WP zM}cu`JY4Dhj}NTi^?EDB(pJ8H^jDPtgNEfWM|PV{;VykBxLTsFFb{6dX6uNYaCP!r z+$w#JAvb5*upefB?krh?7|=^a<)|b_Z?^MP(QP!m*{573?(1jOLoN1MGElb1U0XIU zuncc3yCnusK^*W3MbgG!YNdn@GJ$N(cV+GM8I?NAJEbeT&+v{Ln!-Yr4V+r}n_2t| zcGY4u_KWMi9;ue7M*@c`1bnG2jL4iQMptyJ6EhMZHo=zH;wXWnnL*P=!QaWx|WBg-lVO1_DvK5Mqu4}rakH0)F6(u}79 zb3RoN(em3szJ7<2il5HkBM-+WVL9WpE((PKXAk-NO}4bwe!;Z%255s^{@hXzK3BtBVg6uZK67U6$`QMBygqV{$wS~lx+(k z%7%-aXjk$tLulzA#lgs_`80JBBRc(>p7I&pzS*RkBG~=NWR8m9^1*4fBR5$D;>Qbd zG+D>v1UxvgpW|&=_v0Rz4M3IYqRjTc#_lINhJcjS-JD`K; zdMa1bcAhD^*9Ocb4adtz)R|g1(nXXqvSALeioP?^h;A&_sHI>5?-{VKrfDmu9?z?f z9VV%8Df>L^)!SL0*dMJ3iw2jgi$s>Cqer$xl~uzPv_6nUd#M&wr+=NP@zW!obU};U zQ~CY(V{#izDn?qE>{2sMj(k8Ctd~rfzVwokc>!W-R~GuaW*oCD<>iye4DVIyp>7RO zK?Gds&07gK%`c6=b_b6@68G|=&Ap`yYF9vt(S?s?ZbH21epF^AyAH&&4W6xCXHn#YiuWDz5F5k&GY|t=66~IA-y3P~;Qk%{<1uVp2=-tv z?!d;BTNxhWSLQ_CBcTWyW4gR9|H@`<#ex|u-<;SEtr(!C zN@rR?J0|dIQRQ^L&q&fUrg~r;F(y;Pc=eF1=t|JV#7? zYTm&^#Psj$fw~N<^f|8r!Nw)rp;xcQ`{^Nef2T%z_m^9p{2ghoP|&`}pu#81`~xdK zudfa};_%XleCL5`3~FY#Q*%ws z4lCCwnZ*MVL3zHIMsA~#9w?iqM$$X6u>jQ&rsJ^ZfZx3Su-(=vUk15-uQrB%Bq_%O z^8(~&p6>2vGuGDj#ixC=_0n2>pJk#{x^`{Pd+>6%#W5y;N@B2%VC|CvXso1E5={(V zG3=-s5PK&S=4`ojqx^0cS72L3pVN;poLmk_jAja_#`SowW-dc?Q}TZhPsy%>)lRoH zV2R1h(+M8U720kWZGjWqDFxvn#DR~SfroZzly&?_FQY+7YFvKB!g5Gmv#Hzi9OYTO zYm3G6iMQaxsmM%AA#8TD8(OGI&tz7De4<9inKf{X1Wr?Nm`@X?J!hvkYK@t1x`1bw8>uLjGTi~R)BHDb% zPp|--?Tx6ST~Fyr>ehWyjT62HPDFNvTn-hji;It6@=!)bpK64Ay9d_7YS>=D2raa= zPb^ZIuOZbw^K&=38zE;5le0qW6+(Dk*B(B#Z5OzfET}}Y`0-`4)L+>rpu>>k<~LKP zzrVe2{YnNKArxuZbCgyG-L24N(#(rIQvAK3lW>+T+-xvbqa6m_Wn!raY~eUedo#7# zE!?acqV?7}JASX|9!=y`<(-7XqbxCrgW`6)$0@|WzLd%C z#PA5J^j^+`RdK61YT~S9pm`ZW_qjCx7qkVh(HGZR zn^e5@$=5>9f)&&tj-k9pNoGP`ma=o}=tIG&m-F1^ zF|#VL_j_#lOCDWQP-ge!9r2lC#+NffEo>%EC5*n-D&X+Z?f_W5OM?4Y_(vs;wt4-m zabv-Diasj(VVJWPg0+uDIeZB3AluD`9awtGJSa8UUaY-bjhriAzIO~M=}T4Auuu*p zGkUqZe$T{Mz}2y)Z(~05Dl1A;o|qL^fA|0*^%PR>=Y7&Mz~)1Iut2DL(QnLEdMrE# zKx%X0{FvP==7ePhQ1g92OwR#ml{q^kozC0?cugl_SkAI>47G8@E82yb0gC4BJHm+D zqxjG>MIfl#yBMZ86Cq%Aa6L&DV6%>N2vR=gQx=X%D-Gq6Q}b8B7tG5qM#U(vGj=QV zCM;Oyy7gYa4x9ffD5NQl`l>K8z?I(gZ`A%j2DRJf!45PMoT|r?pE(O;wR;Im7g>}S z-ux$?vR?Fs<)@CijfgT4gVJOaM|BJSYPVbdV!Vm(d!NoqqsHov_h{aQfeluk(uAWi zZ-KQ3`;u?=2)7!2P-TK+@>bcFm&|!rBX_sj5!Jtahul&ZIX6#mm0@l}TkM{kU3^mZ z5fiR9>qw~x^C0u@oZCMe>zami5*HN&^W}v)3DE~f9%S?s+ZHW%R0}`0s|$`7NLZl+HNZYmcj-(xB^!NHo{Rqa1Y}!nO+J@x zja$d9IeC=)z_+P&*X7>qe`#dz_ev9c{? zF@lgk%4(kK-4;S#+U}-ZxR#xodZ!mcoi`Lo#*C_sV;aX+Y<<0c%T_SN~Fm* zER`97Xbe2W1Q}(b>XWkTe%xrTk1k42bFS~#-j3(@aU{NOmHr1J)|!bTO&DX6C861Y zmT;<)(#*x|wtrC!!cRIvx_scDro5Heg&-Tfz|()(&(4d2ev8>ZJ_gUN1$tIamy zWX$UAt#46F!I2T@Oa;q!1ef8So@$NANSj`4!AlHAx@q4abN4eTQlUgZ#2s!bW16F$>%(!fDLqjGVb(-3$$poNG zaK0)!d{6H3<<7=J39ltpg+JB0v3L0Ma$bS;1dRo$dpSRYdr>vj@4=@k<&Rlh2CohM zo|z%Dn&QknXdwO1bZG$-!Cc^WQO;}5R2c!ADYN_vH*zep-dHn@H$95~@ai$&#oJ~W zLOn^haKLQzp-c#GS!b}SZ!pB@I$SQZ_^!lJTy27uq(R!C&jQa}v@T`dm8tAZA6$H$ zKI+7Qop+Qre?mmJth8OI^L4^EWaziyc)w_4JU49rlV$tFeb%9;nklkqDk*NbWk)~A z^HT>^L@VnlPd={qJ^CVSyOCL;-%j+qZat!Kl-BvHj@H*m0Asjo)X?2oWdb`m9R$gM z?fRaW-Zf*JiIFiath$zzqdD$-Q`pi=-fH`bGozuOmd5S3TyQGVkEhL>CFvGN{9HdyeN`lW_NAQt=WA=wtsB`7h3tdL0kis z1m^`wNup=UX4J#yW|j{mbD`Y^TwN7h3`1i&W>q;JfrIu+TFS2xH$Q3hjk=iDnQvUf zGJ{8O2=XM$aRwj^DdYHieKiOmL~C5LEX^CrR#Lsx;i!UEP3ZBfr1S;uv$qdH1)QSW zwR_EAGBUNdXFMp^5yRI0}WZ&Ph_jZXMS?5d(*&ZZg`Q=(!Eq}Zl-aj5U7k!&= zCtBR?@pjw@#4#JFY7~oR<|^KJp!!&KhAt+OYaE2}w8zsHe4KK+eWeRY$)vd%$d!yk zWU5q*q|kG~^nKARiI+Ip#N~LnnZX_hv>;y-zj=>?RyI@1$aZ{$nv7C`vEP^c70Lal z(>La%_*ES7H<+~}T6l_U;Arq(rDX%+HW8CID?4T4sxPDhYY@TVPWq^4i{s^;1#FGb zvsZ)If2_$n_GnoiZBsS7NVV|$^J%l@=T;CKx<+@RH~#}GiFe}r-Li_MGEP$5Ep$7X z-5AVIvhGcH!s_dlP6M9%u)YyEOb`)Pp4s41*YGiU3M9lix143&yYP7&tS2hZqqW{1 zuU%`W5S5ass(s}xpMDUDoYboCw~bNvYQ!JXa+W-acmfhJ@h2lAuM4XtBLkTA_px@# z0GFr$fT^p7JTJdvwAh`M1FafP(z}X7W{091SB(RWdizuE00g3_M$kl)g`>S8sxu~W zcLe^Yf$0`pL?a<>@`o>^`P2ENEv$c#`{J^R{G)UB@%&Y=901+^w^1+2QT{xD8{wD^ zct-__p{c)d9dGS^?y|8dDK|b>w*ZEaDBbfJFlH9a6CXk64jKoi-%ID?ZvNHm7*`7p zO9D=x=s98rqpd*+L2cE6OZt(;p%ukx8=G;4U~w$p^9!7>MU z-9Njn`w6oPL_KXnr+Bj(U>zaI36dn4Y+ETdO?>|Ya6y$A;0nA!UC-~paTa{PYcCZw z?oJ+ET`EJ;(~|3D+0ZWfF#nSIhyGdyXx_n$ehkpUo(=`nU(>M|w1!>2T0!ykn<4!L z*(@9bW9wR5buzW-CLkKRwBc*Y-*I$p@Uca-IT{rnjIBRI=BSwPQh#VmE{>jN>pJ{a z$K8YN6pqt3tNS=Z3NhN)51T8LRrduc-Xs8Elx zB%iqUYr-2g^GWE2yUtuzF(KS6nw>D?*sv!k{+x6tq>Fa06MIU0c21o&y8d)HuJ%Q% zVZj4`Xt8gjf+&vGBPJzI{IzBXLsY>H5ZhjgwzbuTw|v3ar3H_LdOeFqYfR71T@T-# zQ8~=&L3CX#4w+iriWjZg?@Wb{+)>?DmZm2OM6gIze2X&Be@(IJVYOrK`HqEab4_?{ zeVa<0em&Ux9Aiy8dNMNT&gPbUz~Vg3NSZzF+U(rg_OUBCOggmxKK!z$-~>GNwoIvK z{_A7aeZ!s8awXNeS&1E?(I)DhTZs$oC1R^OQxDFzZ$)HV1)C?JJY$C$3Uw3L+c@~_ z>vnDfb42Q^Mah8-GI-CPwzK{h&_?gi!<0M6d<}Md5tUl-7*<3G(k<40B%h2=Lb1y8 znupa?@0@lRbgbzm(zW`Rg zCy!N}cQ~MW@wq>LK}@F} z3>ojQ0d4YOuQ*rr|MHOanj(zg6Y8 z?_P9CxmIcgUHTxWxPjtWx8y6X{7yEZ@0$6c==L2rp^fE1Ye%biX)MhOQ$lp7IT4kcT^Y1OmeE9VO#{l~ zIiLw<?)LS12Gl7U7NpGiZ-Rwy6Hcy&m zl^ttx#940mzWT8cU}yRUG%D~r2CVP(CehZRllU#^#>fWnxd3*8fQQWzDe1qn`n@CW z1iQ8EY3I&v_X~)~kR?avhJL$IThPL6VhlpS(PSKY*4+>C-Xo%-F%{4I?IX56aOSf- zHI;n_Vfd&f6M9(Zne~KAbB{+aR{!7BiwlHWs@hh@Xxp$Y9H=_JQ zuMtlKj^p*1i_weg*0l^>FrBDTjU=7XMh2NvUOjd^RQ85oQ~I2MpJq()mXb;Mv43zf zA4EVvv{MXxVY;)o4gICpcgk$t6LK(lawCi3e%6Q-y&1t0(>Ii=?%N~A&xyN(iQqf! z1Dbu`db|MEBm7LaD6SVv@v-qh0^PMpMY;4G4s!|CQU zWICay@f+MHwk3=yRgI-UcCMH#n{E9>tp{3kB4r`b%rhM6&ewH6?#ESDwsi>%)c*Bk z$K9TRn(wcjkdCbq@wtps@xmMxeo|@%NGE!F^D0{e27&%P`dlD8N>P&`-l{5MxxMuC zy5^^2>C(Q|#~d$6AoZ++3Dg&+m5c?vL<~JQ?gH65_?vk0sD8Rf0{SzdZ3rHz7f^UXc@@MZCo(G#7NufgQvVz+=KLXrr11Y;_A`xb|X ze#)<)SPyW)>q^fQ9ci8vlCin~?^GIVN%K>^r-FTa9F6TlU!U~ziLkXr)eqI3J?W<` z_UJhY+b?OUYclgBTT|(I&6gaEJ5DKS!2B$qU$~?iVGc z)Q!nzW9_-Yx!qYW+TtBlo$anu{>j>B$Gyp$kC_j3s6UVWlH#!8gat^YNLG9x9nRLD zb#KK&bp;c)C@~qOV>T(2O0Xptca)CuX?kKxUe`o}cEnjP`l{_hGg*%u%O$)pU~!V# z!79rtI$5vCse;rGO}?+HwxLy^3&L6dB`heQ7W{9*f+4N{BP>|gl?&vsikDbpdjJUu z-kWH;FQOvy2-#jI)we5@`amDmIhD=sqn^e85)c_h`VlUW)F&37bYac9FH?y;l1sx) zy?xbh@0r$KaLmwE)?&2IeYSL;xgoB2)~PyVvP)|`pq~nFP-F~hxRX&s^CC<6Fky;S zeM^Wxg+Ob1Z*XeJ?ad^|r=1uvW`(F1b;)Mq*JVfS9b+wqeANoZ&7XI<-L|dbSNwki z6wm_+MHSio-o-+BAooO4P0o)=PnFXm%<>%&RlJ4?sDn~e$v8asq@JX`;OwM-8I0$H zfAP0vXN!vdVn5YXQ!1mFl2G8FIf;g6vTetilBGr#SejghR!#_2ohj#neK_S{+}#5; zGq3keUuecR>ZBp1Ng$Y3cbyRg`|tDa7LepSK}%^D#c$Uq%zVWhd=_)blp+G&sW!zA zvp)N@5jHnP0iKr}#CbnI27(w|fG0=JpE6&6JV#)uo0qcUzlj=n)ABLP?yePPFf>T? z`)Qpgb9e-NmSQa-)-7iej%xq)Qg%;}?&3^H9)&x~54Iu9EK&K)lV*qC6A{V2HUZ}I z=k?Mk!!-g@yv64N#9-R;fs0OI$*54wofyI1td~;OI+q2AMaVu*uBmMU%50>-gLdy8 zu7M8c=q*Uyo%D6x47qoVCRBtsM_;sh7nsMJJhc7^N3>VRK=T|dOT(=iod6)wRZDsy z$^Uxj&39A;kC5kaDmxO8$D_pa`lUWWi*a1J9%sKeuX65;JY1Yzp4j{dKue3j3ZA$6>>>=a5v-ubV?W+ve| zE}Bc2x+y-G$crvs{W-0LS*ocFjn0z@M49dmLpYzJZJC)%Xk=$&f6Eb0U{{XPN%_Ld znl|*BZ7_73hTTc(cG}aO!#@(K1wC&02ho{__8-7Iv9Ihi5*>Sb6OPyVPKgiygAjRe zm#+9QG0!{9oZ5MuLTN2YJukQS^`tsbVuq^>hK24Q3tIPR{vhDY*@)lRx=y#A0s#Rr z4X2^oh{-fdp15J3q^-DfB~rNCAGQG?3zGkIUJ98Tt*7>e{tYPpf7U}4w#$;P>}sb? z!2Sa&h~GXYi*Zve(C@_wh(9kSbgFlwR!nYjoYd&?bDsr#Al zva)cm=J{_3-(<;R2h>LdSQ)40myTA;ZW^1ggOm{f7k}!2nz~<_GQZL?SITYVJj+OR z+XQ>5#cD;d*$Hv&Pa!`!`W>J?Ao1|2#!@R7Jl=2Rv7ZqI$qmK6@t}0jwD1k#F7!3F z8r9F2&|`Y$p5bO*gv)tEm=k=yfhf~TfY{kl@7W_w^)N#Ib}7dui;UH%;!alfj{(a~VP!v2#lx}H zR!8cqNmuQ#Fv5NXK4&DmYx15Hf4jwe1&2ih?a zpK@+EWQ7e)f*Z8E+w%by3#A?=W%H>0;?)eQuIF`kEjOKc^{rz?Zp02>wC}5Ev$KPPd>V+6pWLCu#_x)F#Wl(9gY)+O z1$nW#v-A4(LbnRt-TTA>#r&ztjpE7yA9J4uA3tVb7T*O{RMRDsX;1)FoplWF5HttZ z!99AC$L6bih~d&Y07HzYdH7w*1e-&;Py2e`Tclug1my`;7hjj9vKl zKlT>OiE1sGs@6G03;rm+gt_$kfZbE%ZT{n{OMN-MEvzZ#g5elk8^*o@U_1}btytwnVu#Wstj&B zE1WOb|Eh=lFU-KRB7mDF>9WeC^Zh0P6NS1KBlj=pUp;kJm5rHDazAA58Y3dQ#Di1c zz5atmM47x~Rt23zOr2Hi9j>t=&&w%8j0paYOy=B#nInyn(go_neYU`wRhK0_#8>sx z(G3?u=w-K|V3C={r+9AcEQw+au{%zq5ZQAvj%`K?#r7yKNa9`T42*biByeQ559L(3 zRgHio`o~O9WCyX&B9Qp$FzQG+w2USt8WTI+sz)zPRPx@ z4s!vtYMFjD7q$ieh}uWd4{?J}1yV!$iA629INh9r*XI`7dY2O&T3ALX>!4+;R!1mo zE$>A$P312dLF-DcJvcR;%e-sZk6F^=pYO}mk)u?%i|?HZ>XGkg?)~ulkT-q07*k)_ zO`of>>NNP$#B1fiWp{2W+hQhiq+NIa?P;Z3 zt#2$^PGHi}Yo%ea(_L@Mz7Ze3eM@*9;Jhzxb!xi1>Ah!@aE^OL8nqIg ztJ|es+kp;+n2jFYli-P-s82_DU;v%?8w#QBmjTR)cbFTvZEGQaCjKumR@y24E{<+A$XEtV8Ey%kw)ZU;IcuBmJnb6+jnvWfB-gq0^ESSekTPwG)R~fPw zW~B60sir|bqlL>{R4OcqSL?-H+)}WRo51^)gve${gH`z5n40=9gMA`cy<!^i-tZT3E!7e{d@NRYvdFeKs*x#miq~EVl;H2>CAe8JooM z?a|B4l_kbhv8XdupTY>unM-)basgsv$Gq<5Tb4b8!nKN`1S+8)^doLST!X~yQVX{s z(S9(BMeW0IazjF^ju+9~*NYfeE+Eo^mfzAL)~{-J9T)1fPC5cf%;PyDW+~Jkh-oI) zcAmF@8f)=w6oIy-e27#kXp8pe`2**|??>l{|G&wD{>78{?`t6i{_2Hk+HV0EJwFEm zVWQ2$LFjMs!ZnYHXVrSwfY#=P8v%G#pMcv`vKKBq1|~H;Bn9@Y0PO4KkLwqn-2pU3 qk-#1J`Tgw+Zyy7@{_`s~*TOX*T}LFKZD9Kg3bHCPMbBTo`@aDD7#b1) literal 0 HcmV?d00001 diff --git a/images/WinCertEntryParams.png b/images/WinCertEntryParams.png new file mode 100644 index 0000000000000000000000000000000000000000..8506dac3ede3a8a4b662db3a2da39228a71a07b9 GIT binary patch literal 25282 zcmdqIXH-+$_cn@^BMKa)c%=Rmr5BanMFf=ILJz1&H-sK~Y>0w@g&KOVAqs>RNCXc> zdP#^RKtM`>0Fjae5&|#3{~htkSHz`^k??c(8+ zb0_T!K@XinIXHNJ{I{Iy16Muc;CSlz=z)QKr2FRVMK^))?&EDl!uhC29XG44MJ8fx ziEgVq{|LhOe;p;jf#u2NZ5f2dTnDSQW<7-!hX$0DcVKr3LfXf=mf`EkWp4kgv^ zTi%$SyPLqjSjK-$%2WQ&JnsYhot-F*d#R72&j@&B=r-wK7`&o#u!VZPJPcD6IGLC= z;7iDlIPQ}(d#ygU_(@&$w&<^uO77K-lVjaqC(p_8^@j9m4vz0h|F0cELPRz#kO7!o z*9HR48gX#En6w{BE~R~6;#6Vwh(O)}m&2e=HJ&U`V3 z3Q1$6YSBb~)pm?B9v*>k-vWeHLpclI^K9KAnH5uG{2~P9l{h%0Uhy3j^asU=*zo!t zfu018J~1)JZ#wAGP}lvb^r_|SSHHVb)?g~WZ4M|lGN3wGPHbW|{!}1TA)8_(Twx_-5FQqA7EI>Jj4|0-%QgK3!3Z3@*Px zk=?CA8U7~pYig5|W4!d3A`HE=Y-~3kJ%tpNk$eY0T7l`RcsIcKt z={?+$Cg)tCmF=^^M?wrd9Q}kA{J1jnc>4nT=`ZcfkE_zSoi{x~qU<_b{3awZ-^sGI zz;{4&I;6(iOZ4c&YgdQWwwNh7Hq>#|N~vyAtR*t$uAM5}^kMoTzgx3SC^Wb9*61@z zPI}&epH(JdAoh3m$L#F}NnqQ4|Hsu|jUH>fm40CxjiwMx))x;+4h~DHC+*=!vAX=r zbcg=PlAXIvsyDR^8VatDkIxrr1oaNXQ0sxiEfEmE$dPV( zcISF8)4b#h_U`Q%N!}$329_5Z$C3OFE3X}$#DI?4$V z+ntxTW{ef`lNuY?12N#-oxGQZoPJxW54^StYD|n1YJH@9io${)nvt3+8+9q^JAE|5 z?+!J}^^pU2hyCXKwu_1WGrkbw&m*_N#*6m9DcW%=yyHqo&zrx=vi_~pyvk};!jm~f@_3-TAyg7y_f7ADlzo? zCek-z`?2oM99y!<(&qQ782X+Y9Zu(G4$Ry+e0olsGDbQ(@Q0!TN&pkCwX{x7g%yoC zj-*5p0FD`+&einiqso(_l)KKccFW3`YG}XWbU|sIJc;ryr!EB2;iAtiKWVV5M~M#TKRi5*oto~g+2HGJN8YW}ORexHZvF`Z`&d48 zQPDWmCc3yUtGR?=sf~3ztWhG`k&}Ws!Iw(u0H?a@Q~xy&wWM(+y($yquqwwCQrBo> zhL*BL;|lBk$1J-a5J#!y;UNcyg$1=FPJCxguw(s%VE9MD6^25};B~tYL@XH9RYL_Oskm>N(6!F!BH(?47A)Ha? zq@#O-Qc#{BwH(eaG~8E!&Og$CD1&9!1r8f8eRrmBx+FAzX6uXn(FYiXFLhnu~(3m9dUv_7~KO zR#3w+2UbGiY0ek$d$^_xAS4qpm=U-leuo^-_pf&TN3Xi-n*r!vBZOnY^jl-asE2&B zU;g6*G*_W?YabS_Jd>nGL6&fBT^C5x6um zh%BoM0f*2|(8IRs9IwXp@lE}grh2XjbE%s`XTWS;qp2ushW3q{TTxVjS^X;Shhgdd zKYt+B@pdGeg7W5|QRQS>zlPM!_A{0ZuL}`lb*^Ob6MT%?b@2UNb>Px4TgNyPWeVN5 zf<;;lp8()wNTa#3;Bz?smOII3MEk})&F1Xys@tgtCY^6c4X(W0ml&PyY+_XVF~rXW zUH`QU>B`xnRqvOa zyd$VM&5<1+Z>fMhJb@GE*ROx?XhQK#F-K)4^0Q6VYlN?T=Jw5w;+V&$@i8OXr&VGt zJKRazZ|*Ymi}wV6gtLNtB1K0))$x!N+~F-l)s8~2b${8y9R0a6m8%6W2|Kfl&Oe8a zh+k1=xe3`LTt-bLe~myjT!n`QKcWzmGdh(W@8|Af(0@$1xBOFQcLf8sa-*hl{qtZQ zeac%?heO&lVkLEICLO)LCTcgX1}ff=Yycxgc3pm2&5v0(Q%pQPHqUc_poqP9R{kuciDL_gW8SrUe5mByx#xa z&ZyDyjLHrMRa;8LEaV78FAYekwz5<#Vs6a7>FrF!!&^E@HUoR)uyTZQX>`OyD;AZ3 zCi)RIjbx5R>U@1r(`dW*7r+67>T}oZuL@K=I#wZO=a9;ZMJ<2bog$voRf&9q5DXoC z1#n>-;rL`jCmNzNG9#5HTkQ9^b!))8!$jYuWY4%k*YqO1a=l$%%-VIOZBd2k)m+D) zCSd;+Fa#F9UfBgrWmr(R(A%9Zq6AE1-iT5LH zg-N1{{+F?jbXhd(hm{1PlGtJI;#4Zq7PZnBq6@c=8gz(MqG+bcUt{D_aFsj#8U{>kQF(kmX6y)+w%jHU7Bae4m$6_oS zuH{zsF{m-`YD?4k+0Q8zdAs?J@j?YbsI7m*DpE%pm@PJ=tGP6NaLz|fau%9kf6SAV z7mHe{kAKKZny}g&3eiGBhP7yRdlpw&1P;Ni@uRzTz4gefgFima*v(_n%GEzVNCwIE zj1oqx;^r)HSpN*Q@XxV$$CAKC)Ex!i8{)R7LyL|pS^QL!ANcE0IEd&-7No3(F z%}*ueUPg?MOPXtr_Nq{>-}G;l99gA+Uf1+YM^nBCWzm12DBG1Lxj_OES2Dk$^EUlI z1_s&w5o@G&v@8ZajDTG%1Ahq}DbGFcAC%Fcal^Zpf|uxy9SoSV>nps3LqPQ(#&viy zWR;0SgF_O#xbQjQM3)a}_r<_#LHpCi-lDVvK%L}aR;Y74V&W>O+~G2ZrD6Enf4R6X zC39o;M8*wXgV&yImLx_vXhTEC6lSW2=UiP~Wq-pyN)Ya;YAfASu3e9t92KNsOiDY&xgtF>t{J}sX3LjhRi zE-5x^BmhuuF1c#t7QN(bLNq%s`&(+H))wyJ=)~TM{;2uM7Z@&@zv@+2=q+mg7&DE3 z8-mn4;v4NK`e7}TXSCC4 z(X{19?7l?8VFp#Qz9amEsF2k-I5cor=3jZGI$D)zArbykY8!BJWd_lwFx&KIVSUnp zSsz)5PA&1kvSUw0xzvn-_wBl0KLgN z{9a;~+_&}iJHX#(Gz0tZz6?maP%wu#S-`&GZnX{OovmyWHurT4$v1XTdF0e$(Rh>z z>0G<@|tdH~eEgrvc|niu>BLq|i{aW7G}5wOQmHxw(+ za0nT}ua9>Imrt3HMGT#Es?|@{?mXFD@z8-q(YaUXG*bTaCHg$bWyiRg*2`BLnp@-S z1-E!{KD7y-9gX^Sef?LrAA{lf$F4DHR8co9{g2%W+Y5GeF36ozdJD%w#zJ4MU~;RL zqdaMUW=*C{rvV4%rR2W`wW>GTYr!VUo!X#I&Eh*xt0YIR)dtTA>zHQ)k$|Y?<^*@Z zfW6ybwDj&O3a!m7KOkJ9zwfkVYhiaE zP*`BVZ--p1P21dpt3|uA&1-+ulD;Y?Ba+eR$+hDTmK+)ZORI}o_n)4NaXS3ffr_{E zw|+iV{Q6aARwg4xiIxA6ki`sATuuoghIW2)8&#-cr&>})8y5?vUVX@y-3}-nGn-)m z`6|YhH&iR;wnj?@W@&v|HRr29qn2ow$+VrOc+{rko1}AkWuHeGO#dsxcW3`z3-Da? zooY_Jf#3}mKO3h4(6a-D{aA|Gp!5)DOUG@(RrGW}R^Ga>d-6wI4!)PV0^+wt^o`of z*wGyaLJJL?0Y7~-U8s7Ecm6%#Ueof4Ii0obq)M%OcNtADxut}#T{j!d*qW)rcDxRJ z$5YK{yvZvVUr*bT$hjX4tjdIISCPxnN6j{`Y5nrVhW&QG$+tC9yhrC>Og>2Q@UC9G ztbyw;VKnT)S7vFUpI<-CzA^jCi+wP>4gqMTZA8XoWCB$F(iZgclC7pJ^qp8B!_iQ6 zN5})5x%*e9KDv|}N8r!&8#PJJ(6|GvzNm+oXSDFf(VS`cum?F@s>fj5VA$87PWR(MS*qy9NQ&I}Cllxv`GRxr z`E9#Cx$|r1D|Nl5-OKf!Sh@`j3Q8cXA6$)rQ$L@h`gVr?usU}#k}3tHz)))hmA+)Z z!VaAserdA>#Eo{q(;5DGU!&;$KVC(_?tpdG8#uoE^Bgi=&0TTdU^7=m=RhTHmktw6Y&w zO-Sd@#|Tx7>108><@M$Wzxvm%b2h($$r%NkJhutP5Npy!_8u)!8(D1nP*jH;sQa5O z@Uhc{JtSgrn2%_#&C%@d<=!k#C6v-~h)w@?CTl+(c`)31>%nl1P7sm#_n&+@mBn6_ z^4!so6@jQZy|}BQh~sPDJVpU}LBzPAu#Dw8HH7Z8X`LpV&n0UJztk#1YNuTs`|bhs ztx&R?BWfePDwV&M2aaZ!X~UH8KWqjwyj}s47oM~)R-o6Xo9&~fDd|kqXdIO~_GmJ5 zhFp6K4j=L~L?YIG=+8@6bAMo4ULOqMT#>Oy?%-T(GlUl(3jL=pb&A@1fD=(p%bksC zCGc#Pp+Uo~UI~HI+!!?>p8*x7lmbQ3j!6n5Ni!JVEOKt#aE0AsNK?6$mB3@Wc6&21 zd;Jf0<8nq3vGWmFj^VgF?r}A^5}Xr)+oe|mNB_RLZvHM_(q>VtUZc1{=M8G0dEOJv zaE&Fg>Yq1Spnhl{Io1^vM3*CCNlU&jHJxEJ7}%}9|2EiH4-u58=iWZd&Jby=C#h1R zU%=f?m^$te+$M}?3?u=q?(^7Vn-_%sJ@<7!R3V3Y@%`{nSA%<&F599NH5d0`klyKX zM2H7H@~EVlMCm+gEWrCs)Sh4_6j@#Oh|u^i!>MrK<1ggv-kjIlO|CN@6}K0j&ChzO z1{h0G$)ZEQs?YJtJN`aHku&`Lz4{wWqx*s=ZLAn|Nvl;*2fSR1SZk&q@T_ZTdR_-*m-vFkzP@{D^J*RJM97fw3`=Jj1Cq_^^ z&7tPX6;#As(x6jH$o-Pi`nx#?!zcW?#koetZYtJC*Z$4F9NdN44qw1EWX5tme$ln} zt$%gF_-lR}o7Y0KR(PJe12ct0q^gtyD11K#ap}D$VseqU_4;_QLAJ4;s>7FF=9I_W zE0N*+R=370viF~wHNt1=JoY4Rp6000t`IWXoUU2EMr^vvJUu@JZtRn8!<pR#_T(Tv)`u6$RdUQF%|7ef}DsF@w1&N&_UBz%07 zskrRQ(H1IJk?%i-?b#t7PfkBr9_`Z1D>Qa}a-VWN9}h1)Zz2+S#_6YB7588RGJZE6 zJUn~Pr%mx!DK5FOb5Km@kEsz|WmldEUO}2tFg16S$WhU%mGE_8z7CRWr9z>AKb`@{ zHU_+lHlo{&3aQ`IAQ`O0c#Fn<8%_UF_v2I?t~McxT5~_nCli6VAah*+8PI&!F~9I& zh&xAq*A7q~}?egbALqV>Z39t6`@m0l1Q*Bm z3lFSMZhIk+Rd9-fDBTA zs4sb%AsPIe@{6}`fkHWP#g7g0U^96or(2H0KGHZFW1;;aEFqJwhG|$(Xj!`!(K4v@ z?QCvUlZ6;$W3A|(j5>-KpQ0Gpbtj&sZOf0pX(^*Ua|BCOL)%2AvkYLi?xvazF$!kq zQVwuYT{PG!^Jx^15B?LXO%g{tRmlKEq;8q~z@60HK?N&?f1x1ZR+&^!A)v;c4J z@sG|a4BeiJCC9BZ0>JhD|M>lQZlv}eyTQHnrV@3RkN@f|>7(X-2~^)zf6w>YKoELl z3|n~CH~SzkReLCECqt9cA95-AugPr90DHF;O9 zRCWR^1XOj%9=dn@A0yqonjzJnLdSMc(i`q2nGtK_Z5e9>R?7X+wMR+RMS7u3bQ-=} zsg`qbNA*IIKRFd)?N&77S>?UQe^os6#q+p;hUTnxFKI&666$ou&i-?+4GkTsQG8o? zR%xA658(cmO(i5#jvCaz%b&dlak^i4Vd@+)B;Az+`ldJOs8FjM=U#7_U?KW_Z86=q z^cN-}rby|h&A{s)u~~u^cvbHP!Q}(vHH!SLxog$^@2*!Q+t0j~8Q4C8155cQ3vHb* zF4~N|`YAM}{!2S;9=&b)d`LOi>aC!jYf*M?3BTv7pdmtzDbRtf6uKo`5v!Z$b;)5r zWfJ-I_s%@w0e4kY8(|3SAHM8f%ld9x zxPP>ZDpGJ-`JhZu9|%*ow4Ue#;GMrs4JA3Y%9wnS1PVlfKQ};7rIzhay*fTsz2cOV zL8G**K4b1HUCdzccZF0V3Af@X^hFfE$U)V$W8X68=CvJna|pf>9F$TOBCKb6W7QIU%id0qITm#=^HecCjB0^lv)>U!UQR z2PaK=SNc9DU56cgGfCbOE_$*00Ddr3{X}IDvgp*4dwk|;e7za$(ipa-RzCTlpwa_` zejPKJ9@BIWt7U)rGJ7~$y=%Cv@)fUlz;mcFi4N>s_PwGE@FV8soGiLm)0wabvPUCN zxB`W$-!SwMeS5%RrW)yeqg(MyZ_Fe6-<_Yh{!*Lt;IBHxa7-UJFVqA6AaF{znzXi` zKQDbdqFpd2N&Qaeo^R)1NZl3b4yq(s$1pDeo~nh_0}D`!+}4_nf4>{9VqSrIGgo z{Vp{_bw;M|qygyV$8LFg&Nd9P+);`f7;Z4~N_tsoFt91&V*%r;U$nu8rwE>mb`zP1 z6WZqM1JfsM?Pp91T+J=5I%iZ7doU2+j0u^Xh?P)E#_bm;r#Hys@nC*Te#IKB#KzDS z|1Dm&Oh#48{K8;!?zWMsP`h=omEw*9>O%1y$4c3~?dKk#0oI~Gt9QzdMVAiP%Hh~V zN62#^C+A6fr9{RZ9pm=_oyw{&13sMB5wCh9Un%L05={AW*JC$D`yd3l!Y$JbZGE4> z4It9_%4`ssa=Ukwe|qM4Pgh8H=g_;PEo9%RQYM_|+!Q)wJigSc7IzH147ag-Az7Y7 zb8E8xMzyluC~ZrM8Q=6!cK$h-3P~OWOjJoLY_LAaAP_^I=|%ml8ET_!+65Dd-|3;C znxr8}?y=2hCb+mKh#5(%b_>mcNQFm_07Op3`j9sD zQF*(fPMEcK@9ZzfRG;GT*1#@HXpjv6cqS51QBmsP4$se230)8 zTRC>mToSN~oYB^6j`1z%-np9&s>Pjs0W+|>JkkfCb`O~7V!m}? z^OydbW86&lfyrd*iP(#UQ95=uW>qUk@50dh*Yh!`pw)UO-}z-vzz*@EbVedQ(?RMLGMhTn7;iL{P80X z(q&nE+O}6nRNd3TFPOd5?HVl)BAL0AB}FRRx#K7K)czCu859!D(o$WhnRz4ELVY%% zX!Tc3AH;>cgGaKlPMI?jWV>&vPd&oWxEf;a4^c;FG>i>6=oM`fZ{4kJzqEqlu9@L+ zL)i`X*?&N2ZL;hJ1eO9h1!_`BS_mEE%gc6xASET;CE;0V9)TR%9I3rSXxsdtx8!gK z8*_h9^)P2=gN<%UuP<~IBWhK}4%K=CsqQX%%OS@**_DlPP>Bw!yxIP`Iw;OGyX@1pfB@4Xb2+MUYfPHo=ID8s% z(EXu&d3UJe5Darf2Scl;(}tU|f%XSF=r#Z>tKG`JHfcBfn? z>SymxtPfCqC4ytViC#K4WLuzb*JWkmHxz)@x-(kAPhD=Tzigd49;j>0&u;=U!>eE!^-)n|U7 z_UO~BT(4L)ZOjH{JMUgUmswMG^{Gny8$>UXP775Dj|;31@%VDL;KSs{)$19vOILRR zU-j@EyC&|H-WGK6>*et2ND0HUkDeLY^w(VSh(OiU*-& z^utZsxk4HN)*s7$0?=QsmwL%^y1FvGUL{(IGI@WL3}jr+CUIazbQ+dbm)w`^vuVN;CM|Ita?gD`j1S6l*tbm1<=#zazBMTg zOtNtTS!5~+m*#|${pNNpv+A&nmVkv)8!p)q+uyAZds1L!Wjz;FS?KFRtotu@yb@cq zpvN5NBK7e>u)88&(RQ{B=#NoS2PtmTS7=_b(WJ*Cms+A>;mJB5naiUAd@=d_S)b7I zk^t`4R+=6g;$7qK#hrwGqpx4us#Gbbr{&hAfRa5LO-?6%T)E6KqNN`w+*9;VPmiGV zvTEp<+RIx9N0G~^ZZ(_EX2?Io&n!Cie&vt(UaraJT=83D#%6fml2!q|>+J~JzXDIw zEXuY1lpphyXSGk3vH6U;j5dO_Z*t_<_c>?o}()XJevpqfXyZO3SmGkTwE%FQyxwuYh=q2cMuQ`$#;E|rp6 za{m9`Jg1vcwIm^?x@5COm|?2QRpIHLXA@){rd7MMr?v38FRo5RK4}Zr=3~7wuc~I| z%m2him{sjrvd|X}12Gnq!Ql>fRjPh^tv%V6Ns|my(}^m)duUj~54EeBa5uM|*p)H8 znBx?(D>ls|^@Ps$w@E?e7JhAvAQw&@|>ZThomonkeJ?M{EDFhr<|k_f;= z#MMpWM?B!J8r5p1c0(O%^&}^FuBJ|FZ-WSk`Ja4p?pH48IiRZhuAVI5hkHux@a?tqtBYa;i#(D0}sJHLXA8FFCPM;{3zi1<(X5&_+ zes+nQRn^;BRnzLUQEbV8yi;AC`b1N&>*C)vRiEyd#@sF5>COJlEn^xn0hZXt%*E0@ zjf7%ox9#FXgF^jJ>z*6PzFgUVv<=(T5$hAtd7V+cK|?R^ZdA3qQ@*h`6m7rtNmxDn z&^z;``cc}=Hg&U{+suiZ7SYg--b?UK$^8er7%le;N6MOD1V_R|~GnkNh_2nl?38^JytZb+1CEpqY>7B&g~6cRcm?PEBy5ctK8 zwUUbXVq!GH8h(^YyR3F(kR&2j`!1tVHQeFtjld*;J=v4@`Oy(vVAU}?GC%uj&n+aP z$TJ@uL6&Kya`3V4rhoE^_;bSRC?HD?%#byK)x+hxsc81-TT%o$mu6k3M$19VR?>IT zKTTbn>!#w&t;McYR?VIB?o^vP&oLi1)o&17b3@LbkXL{FY}u`_ZYd_utd^}B-=%X- zU)y}a25nY*0ql5FA~Y!ZFV#~)FS;e(`aXP6_nDBxm|aHQbOlfrlry#~AKyy*ixzME ztN+qD5AE;Vu2SQKOScf*6X~v=sr&NO<)tE3)A*Q_LqvYfhxFTCA1-|TjV1BMEd_?dj9*4_ogJCc{I{w?E!(7eIQ3X$TI z?Vze{W9VI#o+uqliZowcY167DDO&W;yikHW@S8hjE}qGoUtNWND|1`L@@KA#+{({O zx6YT#C=NNh^ObpAbokwnlT>}6k@e*#22)X1DHAgM%!r<%;+48L*IzP!5AsU(uv8`7 zxuH9=M`kRxrHkF?`zZ>#?0{1=|5U)=v&W17=&M}#zAXu=Z*WH{t};lV%=dniGb3)8 z4j4~~HO>Kqv;&f@l|dgH#6(N}h<(X`#f*vC04YboNy6(LNw#hurtxx$ZDMDR=k5p{ z->dp;91eKV2yGHC`nk6CF!{tR6yeYl&cg;1N-+O0gOL;WMCvH}E_JuzzT^r!e5p;#0 z+HZqa_?vl7wkhVL&dB~-#$5#Xz>T&CgZ>>OY(^!#*S;gsxLX07ds zHdZ?&l)2MD@SexVnPL~So+p{7@T7l1J|NCA#pxt$G|%XNM7+NLEw**!gp*Fy14{=L zDO7sCG-p$6?_a}*^RgE42R7V1VVnV_pWo_MEd!No=i4T(k6u4V-_J4r&|#y$_G?Jn zXk>RB*3glw)pAGI`>;4-RzNql=`AP@W1-hvqfZ(^YDYi2&w?MGIo+{K87qF>9@3rMP&mGtdU`u8qLmW|CTp11T-*R70*_*YxGXU9JJ5v0-h9eadGXjc}atIF6%&_ z5tZxLuX}eMSvzNP!ChM%M%_DW;-u81LR?Q`c?Sx5n1#fny0n?O_4=_mB}r-KS$0%d z>M`%C5)+@lu=UX;)}t)^n2~q1O_znUc3!}c+>U#224#eT5^=PguP3|Yr5CkQEOdh$ z-#)r8Oq-pLijI!F3VFlFPo|WR3+=-=NgvM?R`?Q1j~%F_(aG%i;SS*evwU~#qWakb z$zLrth?_c9w{)+lkQMoaVhz&<(=PMl;~I=RV-jnPk_ES{#ijP`xgU&pXBA@1h%Hd> z0gdn4aYoh~GY2=QG3zkWw#GGs?HA5^^ktTwY)s@J|@lO-aCC z*gXRTgL!ERo(R6TJBou7Zmf&)B&Q$jNiZY7FSb)_282poa7xl**mg3s+AlZ0-VbxF zJYF<+?faCv>Mo}6(^k9@26MDpXeYcC9r%DqiUSt*e3+1EnW+**Jd-BJK;9Vbnhk|P zAmhTL$F3gjKWh90>OJ&S+<`;WKdw;D`UqA!j8_L!#;!l~h(AbB*C>$5BTUxMwh!*+ zo183#@Wj&`Blfpq^z3Y^iJ|vZ>@Y-+aeeO(^tTU8cE!~F{~aw$YnaORB}D#}#2p?4 z&+Jf4`6nddG|R}($uDUR7&<2Ecl8(5ltyG0htONk`1=z*F0=I}*DX@oF623lNJLH5 z4?8$GczZb>T71)P){>If;yruZ`$0eKt?pm!4)0+s^VO8B?9MqO@)c&HIK0M9N*sDv z3~>Sq?TGcIih97-9PQEI$qEr_=#^6(-1bcl2y^jT51!;HD35S)Ohu({KEry`&ET-S z;ON)cR?MO8@d2x6?r+B?MWf?TA{6E~ycdkY9+$;eNbq%^@;d4<4`op3TxFrT)y_yk zLrz-0@|R`>?2LMm&ENdOtKSokr!X!?Ydc~U!>&+12m3La)uD4{k%yMP zb&Z!A@T`_Hl*{6hRedIO+o|e|RVC_Hmfrq7ah%OHr>4M!DH{6z6XbG*Za_Lx(d|r( zddFth+P`fx8;4E5&%u@cxYz4`iG}F0NQlcQa=`TEg;C##oUQn68@7+5N2kYby&-?_fx+gl@MrgY;=079bQ6|G6C$USUE^wUWXoW$s7F8UjfJy%Me%Y&j9-zfI zKI*vLHHENUk0VDciOMvFZAWQ6{jF-BX4?4%?#lmi2=sRzU>UbZ zP0>1cEs0DSl?jAkwu8Uz^jb2w; zmQF_`0f)j_04Wy-iFP3bl|7V!=o&w<8c)1pz%MV%zZ1Sm#wg_o=+ZAvumW|IOP$;clI{P6I7!o zM*dz2_J1_)CFG4d?2t3G(x;m!P&EvW1G-m?q@-`|M2ehv!uXbF0-4Jnq*NnE-DcxF zn~rvST~(y?P18n$?w2SV6vbZ&&)_;%bNB`s!u7^url^Rys>HY`!ZyPF&e-P2Q~&e!;aS>=VcAc<`d2X#Sz{?W%+X@X6u?|<1(-ogK{ zt?w5M{>K4_bLQjEM_J{Q=5$>(23>;tK)}4pi98F)zgmMXg;LvJPdI=^GC_LlfEf_C z^OMjhDX$hVWuE08okM7@rC%zPh}03=oZUsDj~C3@Ug_&2x_t-J-y?Py2p0X$)J2YY z^RPM)|0wLg`7J@si{64Kq$lt1|EI$b@FURs;Bh&N>!iQ(OI2~HwFBe7K|&uh--BHdZ?+ZA*Ye`&nxY)Al7>2bJA4; z%(ZMi#vq}B>(XX*a;hhaGyc-aT-KrHRf!X`gq@##gmzbdJSzl981BGahbHn0`VF>Q zA@%=UQBJ#ub2+;kMQqu${dpjYQ{L+z-B|)pWg^gy^F7|sKv3b}PYvURKJvyz6xYSn zHL1gqeD78SMS+nly8i2W|E4xgL+*F>AmayQ;CP?A{4l0mZ6(%a8svnsrBbCGtt%D% zNrxgC0^kX4DAa(O6=q8k+r-tqXB~OkR- zXq(589tmz^*nA-kU6p4ZRn$8RRYUKY^dabK&#iO*@m;(GiXYsXZ%$~>=XgF46iE>$ zY>*rm@<+y}5*qiq->z^`ui3}NFO&RPNf=5>8q}KnHPGKfRR$JS=YE)X)V6#&!GmB1 z8VyZ!3=K)O+27V=bswF%#kDyxEgBLQ%Th(MssnR$fN8qk?IxA}zu`YrgO2Yi?2|)4 zN}mp05@bUjbi4(|e{!*}>uj(U5Xgc7YXvzOwN+(P-*Ayh$@aGEbQSCrWREJ48;(so zEH=Ltle|}%gC>h~yvlt| z8`q+*Ll0n^WXY=H!lhXe#|xVk=bHuc98yEfs|M^kT#Z=%ho_X}9J)r7utx*MOem%U z*fR5X{k@he)HjEnEq;Pk^$S_GJ#$t~%Vv#;w%4Ks2sJq=lXmIDE8)S7jg3}QjDG-E z>6^-Ys!0L^gZAkt;{b?9QG8aLk26^Xu-lxEYXh~RBf&XIN*k30aLiO9xTDI7t!M)d zHD>e-K>gz<0$eg_1#`gWM=Tg;b!g&>)}NoJhqJ#F=c61bG*P~$GdKj%C= ze9dcwg$S5Bw1+$8R5M7xQr%PeIOO8F9XYnS*_SJ-`m9h8%LgW?z3l8-B)*rS7rSXx zjtQvnXfz=wh5^W#7Uf{fZJ$b|fUR2a+K&wJ)!F6TJrE@sTW)A}pjy=|AZ7a6-=;>R z6_Ptu&oUN0?^g3M(~EEvC`x=T3HoeKN($c_x!Tx>& zeBNZDD6SaYcXn5O|M7xUG#Tk^>fB)~r%ak`uo@!u^8oq70t*C3S-ErUiRVWi@g)Mn zXh5YqFwD1cnaVaY@Q>e$Up@@T^!6$&)$5FPgbr}&Pt}f=tu}tYP2P<*CC@s(v6N~$!CTIJI;`!INi=Xg ze*S_WfEfS1q{-~VD980lS61wmD2BKwis~7M+cjDsR;!mr`F|1NK>1-u?*Vb-AIjgf z3x1xd!W+cOi~jspp9MwlhmR*r&_z+TxQZw)z3~|ErY&BWitS{WkFB=4%d&Sa3IL|c zHm0_`7nnVp7`4TEz`caUs^ZoGdo@wpBg*V9V4TgA<4vOtxfeha3v(2w69Jq2w{6Vc-r0cg@fC)kafW-8kkbW3+jBa%)LRKl-WQ~l^`|ehZ#_o1s`+*q&jaS$E%F@~`@xaiw=!iR$#ymJ~#|Uh_g6kg6 z{RBr1YDD=JWnz&`VS0y03k*0+gy(RBGSpQwzL&fJ&E)6nB8<*m#$?+HujOPY zy9Vpd+@2jwDi^k4MM`30S?9&PqLVt_>7P6wV= zdae+M@*s(5d~bfGY?9%5{|i-zfVcsV?h!eYw@Fy@)~PHn%<#t-+{nO1)<4XLQmt-- zjeeA$VumaV#@V=)ZRYCPJR0-jLTOmXlj4g7j$y2-TBjVl>B_oCzn zG@jze8}3n?y0z*V9N4(K zq{6x&a{GQM^&mwu6)`cZ(x1=e^VyRi2-PTKld>h=dAxves`$8eT`OVUDK-j)B2^53 zKqGRu;O)TNt<+jWT#1WtXX$aLe(}&xApWbFfYVop=~@SWwp96v{a*=JVU_q$eF!_w zMd#V;fwLi#!|h%(;JsZmz1BW_d+{U%SVDSgNd_>!6}veyil7-BmyZR6 z8>P_!{|m^mbx~Em#E4D$zT8*Cm~-dTWub%Te{ED0be1W!p_&kW zMTA@sYMB>>R3(STLFYaZBW9sgc9?r8pEe}ESc#rK&^ z?K_R^%I}4STotr0NpW6rDlg!o%-I}yx02dUaruTk^dhk;?3{DZ+P<|*xBEW4aPV)V zhQ{T1JaaJl#MK<k{>s}QIG{k-b;LNDL&!zV2$pb!8Qw<84;#j<^ zKK3nerKo-TOedo&h8Z-gwz(CX@jGz8`Xt5fG0%UV%k2k?;DMti+L9`u>Uo|nX5gSc zGUyu>yw4Ix;MHI1@<#`MJUz;G@Q7y?bGg#gp@zh2FSBF9@myk)^0+@{$I;7gxsSTW z9?EcODeZrwsUNENBDj;e@3yD>aw#iKCfP@Bpw@Sl&W>pJ30^|H*WOu`!PQP)^ zEjs1xrB!+Ib{hGtN*44Wq7(VQ+PluErna<=R}qn70TfU`EVKv;Nd%>dxkwFC6A54x zq$HsiLyHJ1Tp|Ifk^oW@LcjD5q5_J5bfjbGU0NuiOz^ImweI)L%$nab_gDU$th3iS z>wTZS-=~~!rK&QFQHaBU6$Km0^L>(^zW!a@?MSJT2Ez?XgynQGL>|wk5?;DGR-?S~ zO)0r*XpxUKxC*;Z7GHPdbog5P2KEGPtq=K6hUB9q+}0-M)4l~AF+o3R0iQJN6Uc(A;S}=ULrhow`|AiA8P58)lW9%}m(1|1eN-plU15 zYtxAeTrk)h_Ssiiik2zU7cygbISCuP0f+ZrZ-rP!v&LEl1DO)Np~{-;$vK1y_w2D= z%RyYlLhG*vth)1dU7AnW62`dk z;O=5+7(1S4>?xv_a_aV_o8K9~IFrzt`e_83*7tNuj!e%xoq!gBZkNCcr&`0-0(a@% ztNIYjT)2YhDb<);rRu81)6T(1EqJH1)DN-5pZYm@QP5Ek2>!`eotOWQazM~O+zxmu z=WSF};t$1`6Da#~4EJQ8;%V6R3FUnzG^_98A!Sf5o8*uIJi*rKoQ+BA`vG zciJaZ~Tv>l>*HX~O#5VaC;-fM8V zu`yMBgAL#c3mrh3#8BjejkMnm46qCrY$Rr8pT<6e`x`nsreuheRo})%jY~|_DX8C# z#U(qHU37Yz)c56hRVp4XCMm1j%h)~^XM@pD=q3`P3uifWNg z!YQJD53KH?+vfOz*LxnG!15 z@|j3*wgz1Nt~&bL?&l^t_xf^nLXKzp4e?us-wh&*Kjom53OK>Ky87?mEaQDZUko{B z4O)L$CARurs*qAZds{D9^@xySpWRfmN)3`I(D*&DS#!BZf-Cqq+&PRLu~zJKYl8Ut zBu|DW(86;>q2+;(T{_oNg(j0hZzqXY;^ z;xVVw**D@GuG})f==%9S3@B(e%XG*Bm&h;C9q2^o!Uc_CB~zZ1jP;|>jQG^@WxP0| zw-J6^$2iv4881=IOf1?S*qgkqa937@tMfg$2Jz;_J6qn3$1yuWp&e1{l1<+xeO`$J zAWV-crfZ_+X`X`?>ADPZ*~tlRbC+^vxOYV8QS3wFbr8gWquKY(V=2b+?JFVI*&bot zyXDR&dqh#HK=;lHG;HOm1a@vPrOM!Gt@XujJkfsLMSh)$`G5BTKxWE zT8L?|wy!9Jya0(V+;@)UTsW24(^^n;%$;KFiS_Fo%X>$ktd#>MItXY>0w*eZc7MFS zPbdd#35XbEc{Z>Iw>O6zXu|+Ce*T6|3wfghXiUdR${`%O?}ASdpsO#W`3&FuJWK17 zB2gW!Q#J#&O}Kk=&M!B9R5J_H`xqWPG|?5h*)QQ}UaJq(2qb351Vex^c-68^$L*|sFl%gSk%1&kHM7m6eVWt`5&nVM*C^{)rZ8VjAvi2uYRnj z1gp3d+WWco8W)Rm0F(Z@tZ8tm!H&*>a+H3hVagF<><*7wS~1&@;NeaOe6ImntDelF z3KAI4w>2bf8sZ%#R6+o$rcMe^5=m%#Qb#ZVoG_2lp7PZnBwSMqeds=X*2n{#9z zM6O=omXgtbvZ1+-MIYY{;O*JCpOWrk`hvpi$$Kj$#XOQ%RSCANnu85#KqcQsm8zo) z+=ylGL(K~l8l{S8zKt0I_EeQqf~)QJS4=$;Y=qs#Twmw8> z&nzh-_r|J+jK4-bhOV)dN#)O$-`^t@Trf?Q;$D0cX6WipX&6*8?Gzy<%`8H}>yskn zj4w=;G_ve{YP>5~d)JydpOK<_AiH6+l@VWsXVp@>!l`h)FGxdHps*TxCE$Gu@A{pp z0EQmC2fJt%`m#_+S~zvkXK-P9SY7G~NuC*Wqy-h6dt>^<_A-h-tVW{0QdxYx{l#nd zUXz{Ms|F2=Y3_`3wavf8SKv!0nreNhOGh#`T6zm*Q6lAJu5(=1Cu;>8^ zgY}(!6S$qulj;u=C6pPQqRb2d112Kv#w()z?7n$46^O)d$j`$qSmL#Jy8UQM);2f8 z{1E6pB$aq6G{5>POHw-sq0c$rZBeHPm+&&F(Wc{!mSp@|FiqdQ{NH;QyG$KOSQ^^w z9C(G^LUp35e4p1SjUK@47T+A=QOJpO@birIgSI+9@T6lg_jWz zlFa_(gYvk0w7yLy;ir(qj(T*Yx#MQp^8q&IT{`PRckV2Dx9(c96(7Jo*txgx`%gyY zyojR>bF1*rXpwFzR@vu}};uutVyhc6mt()(!iqJz*AW%~YrC@E-vB z1O2PM@ULWh!^%4O*+9ps%EMucZD*He>Pu@4_YJJvp~@mdng{feLI-oZaJO>JyvQqV zMUl(UeE(sworhX=Irp~J(zsjxv$yZlfM=t{o zTrV#8kl(sq*L=rUc?H;912}7J^VZ73nCcCK9ZYwS?QU}Lfi23sbVOXIGw!40m9Gn| zdTbu^Z1sT1sMrTMKwc55BoIVQQorJ;%2XmZwp@)?YVuUl1~Rduok2uYJWZ8L3^iD$ zaZbQ&y3EOY(ps_*tEiRIm*6|e%ZMtPaEqMVFM4o~CAPPN>ZBcm^~f~s>PF0?cHR0S zX9lyNlmjfUgeldtt|%n`o!V)V zcw7)u_6KLxfWl+UI;Tw)&6aVMQc6;W;qv!-UQCOTw*8&Xvy67#(a-Ke$exffZf^2q zJsJeqtGi6j$w9c$3>vb4WCo3|TSoiCqI5?W9GKZFOy?(G=D7%Tiff**iKn1PP6Pyg zHD0+C-tp;IY1|E%+HkVrw*)QbrYK^&ayNQs8?*CDrx*k>N-o`lkHd9BgIhVHUlcN9r^0Sb~6;kYv-(_$6dgml*@Fd82gbkxO8Q%@M$&_sI9_ zmYa{){iM`i)zIm%m0A@wRM-UI>Bp`nLEh0K!``RPFRpVv z%;xN>qxz1F>1SLduh*2WbtS~Vli;ALAS%dg*(~pZ)%3HClZpl|g8RyqV2?C%UHP)w zE{s60=3lcxTQwL;ThQEzO}fFwBV8%_1aIGxyVZ#l5cZg}Hx;Am%t#>B1Oe{XqWKlsv7beb%_cDVfMllyJ!%Yv))aQR|S zk5H42bL@C$AOB8>5JT-Zfpcfb)U!0cL2N}qjoXOpRi@UldtRq};{`wo{afH*rDpxY zkPFK*BR!^x*E(iMK#Nq3eNEX-2~$klbA7NMDc3)kvTSg+0y5iht&k->m*!BuvLr0! zv|1m*30(}Q{=RV*t&3f*}y2JIZie`cUsOHRBJKg^t#&Z)MS5$ zV_BEXlgCZAr200X)s;KoJV~o5*5h;C4GBEVCLjn&EjDoXydiC{vck2!@=P&Fc!z|f z0*;31yDv>HzD`X&Q0M(|reMZPTs>%M&n^jJ?$Um;#((mMb_)pbLMq*#AerqhDOu1L zs53Rn?Rb!}sK=(b!cjhVAg~%JX%jjqY}^#6i69Xmca^015vDp?~%Jzxw_ETo4DeiE9JQ zJh(#DOXA0CZuwX*-g8F^HF)Rez1coU;&wiI;bgZkZ=M_XEh~QFb7*UAtx6w!(0sFE(|n779a`C~EcIZ$aY7-kJIthZBuy^c$oi zOFT_xm|~hRW#_L*v>JbZ1R64!-X-cKxVd=YrDv1-4Dquh$t^hk4O9mgH_1>+HrO7Bd+|DjuDHq~c5AvPH>aiz36 zwV+BKzSCg?Q(_@p+C70k?ziktfm*(5whiucn@lRZMOBcS6R5gboiMF-2lwG3zNWRZ z=YXo^&_$h3H|FXoT`xW}gDdlNYd2SoTaXG+Nu9+`znGdFq zk3k5F>2#G3Rsc-bEtT$jIMPz@c9co~1h*oX$g=s~5~p$t78w{sC7Px7Ui2+H4Oga? zyDV>*I{>Kntj&4`Rc;NF z`U%w;rQ+}!u^AZedLU9w>WJ8Xkeh9h!@Ik~Ydr~VAM9dgjO28CPao%+ALa0K8)-Ju z8aO#Lnxk$`j?(3c_kPm*DOazS-8eiU?Y$5}F7Ki~tKDdqcv01;v;6+oMXE?Q47XFj z>jG5;y9IrlM^xSU!b~=MxZ1VC$&8o(+~b{o#>FlhJ2<=L)ju)yAT(4klNlgpZk?-NfzAHlIz7U2I-$TyBl8m$PhS=7RC^Q`T?6&xwAVHl;FRW2NQaSxFU2(w zqTxtxx$mLb)wW-ieLs6ct887Y304C-KGd%?`2K4^!yi}HAP8rWDOxcX37_X3Wq0bH!4af;;`@LjM^C~ao0EHTyd=+Caoq9FMv z!S=uXSON<`xQvVCoxn3T$KJhn3xz|=O3rbA{6j|hz=8MgzqRnMyFJIu{$Z4W)0FaL SK`|2*ShUpje$Bn}FyL>9q9>66 literal 0 HcmV?d00001 diff --git a/integration-manifest.json b/integration-manifest.json index 2cf1679..effd81d 100644 --- a/integration-manifest.json +++ b/integration-manifest.json @@ -26,6 +26,292 @@ "supportsReenrollment": false, "supportsInventory": false, "platformSupport": "Unused" + }, + "store_types": { + "WinCert": { + "Name": "WinCert", + "ShortName": "WinCert", + "Capability": "WinCert", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "spnwithport", + "DisplayName": "SPN With Port", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "WinRM Protocol", + "DisplayName": "WinRm Protocol", + "Type": "MultipleChoice", + "DependsOn": "", + "DefaultValue": "http, https", + "Required": true + }, + { + "Name": "WinRm Port", + "DisplayName": "WinRm Port", + "Type": "String", + "DependsOn": "", + "DefaultValue": "5985", + "Required": true + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "ProviderName", + "DisplayName": "Provider Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "Name": "SAN", + "DisplayName": "SAN", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + } + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "PrivateKeyAllowed": "Required", + "JobProperties": [ + "ProviderName", + "SAN" + ], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "ServerRegistration": 7, + "InventoryEndpoint": "/AnyInventory/Update" + }, + "IISU": { + "Name": "IISU", + "ShortName": "IISU", + "Capability": "IISU", + "LocalStore": false, + "SupportedOperations": { + "Add": true, + "Create": false, + "Discovery": false, + "Enrollment": true, + "Remove": true + }, + "Properties": [ + { + "Name": "spnwithport", + "DisplayName": "SPN With Port?", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "false", + "Required": false + }, + { + "Name": "WinRM Protocol", + "DisplayName": "WinRm Protocol", + "Type": "MultipleChoice", + "DependsOn": "", + "DefaultValue": "http,https", + "Required": true + }, + { + "Name": "WinRm Port", + "DisplayName": "WinRm Port", + "Type": "String", + "DependsOn": "", + "DefaultValue": "5985", + "Required": true + }, + { + "Name": "ServerUsername", + "DisplayName": "Server Username", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerPassword", + "DisplayName": "Server Password", + "Type": "Secret", + "DependsOn": "", + "DefaultValue": null, + "Required": false + }, + { + "Name": "ServerUseSsl", + "DisplayName": "Use SSL?", + "Type": "Bool", + "DependsOn": "", + "DefaultValue": "true", + "Required": true + } + ], + "EntryParameters": [ + { + "Name": "IPAddress", + "DisplayName": "IP Address", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": true, + "OnReenrollment": true + }, + "DefaultValue": "*" + }, + { + "Name": "Port", + "DisplayName": "Port", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": true, + "OnReenrollment": true + }, + "DefaultValue": "443" + }, + { + "Name": "HostName", + "DisplayName": "Host Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "Name": "SiteName", + "DisplayName": "Site Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": true, + "OnReenrollment": true + }, + "DefaultValue": "Default Web Site" + }, + { + "Name": "SniFlag", + "DisplayName": "SNI Flag", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + }, + "DefaultValue": "0 - No SNI" + }, + { + "Name": "Protocol", + "DisplayName": "Protocol", + "Type": "MultipleChoice", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": true, + "OnRemove": true, + "OnReenrollment": true + }, + "DefaultValue": "https", + "Options": "http, https" + }, + { + "Name": "ProviderName", + "DisplayName": "Provider Name", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": false + } + }, + { + "Name": "SAN", + "DisplayName": "SAN", + "Type": "String", + "RequiredWhen": { + "HasPrivateKey": false, + "OnAdd": false, + "OnRemove": false, + "OnReenrollment": true + } + } + ], + "PasswordOptions": { + "EntrySupported": false, + "StoreRequired": false, + "Style": "Default" + }, + "StorePathValue": "[\"My\",\"WebHosting\"]", + "PrivateKeyAllowed": "Required", + "JobProperties": [ + "IPAddress", + "Port", + "HostName", + "SiteName", + "SniFlag", + "Protocol", + "ProviderName", + "SAN" + ], + "ServerRequired": true, + "PowerShell": false, + "BlueprintAllowed": false, + "CustomAliasAllowed": "Forbidden", + "InventoryEndpoint": "/AnyInventory/Update" + } } } } diff --git a/readme_source.md b/readme_source.md index 550a643..c166c26 100644 --- a/readme_source.md +++ b/readme_source.md @@ -1,8 +1,7 @@ -**WinCertStore Orchestrator Configuration** +# WinCertStore Orchestrator Configuration +## Overview -**Overview** - -The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store. Users are able to determine which store they wish to place certificates in by entering the correct store path. For a complete list of local machine cert stores you can execute the PowerShell command: +The WinCertStore Orchestrator remotely manages certificates in a Windows Server local machine certificate store. Users are able to determine which store they wish to place certificates in by entering the correct store path. For a complete list of local machine cert stores you can execute the PowerShell command: Get-ChildItem Cert:\LocalMachine @@ -22,35 +21,33 @@ In version 2.0 of the IIS Orchestrator, the certificate store type has been rena **Note: There is an additional certificate store type of “IIS” that ships with the Keyfactor platform. Migration of certificate stores from the “IIS” type to either the “IISBin” or “IISU” types is not currently supported.** -**Note: In version 3.0, the orchestrator has been renamed from IISU to WinCert. There is currently no succession process to update previous certificate store types.** - +## Creating New Certificate Store Types +Currently this orchestrator handles two extensions: IISU for IIS servers with bound certificates and WinCert for general Windows Certificates. Below describes how each of these certificate store types are created and configured. +
+ IISU Extension -**1. Create the New Certificate Store Type** +**In Keyfactor Command create a new Certificate Store Type similar to the one below:** -In Keyfactor Command create a new Certificate Store Type similar to the one below: - -#### STORE TYPE CONFIGURATION **Basic Settings:** CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Name |A descriptive name for the extension. Example: WinCert (for general windows cert store), WinIIS (for IIS Webstore cert store) -Short Name |The short name that identifies the registered functionality of the orchestrator. Currently must be either Win or WinIIS -Custom Capability|Store type name orchestrator will register with. Currently must be Win or WinIIS. -Job Types |Inventory (Checked), Add, Remove, and Reenrollment are the supported job types. +Name |A descriptive name for the extension. Example: IISU +Short Name |The short name that identifies the registered functionality of the orchestrator. Must be IISU. +Custom Capability|Store type name orchestrator will register with. Check the box and enter IISU. +Job Types |Inventory (Checked), check the additional checkboxes: Add, Remove, and Reenrollment. General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. - -![](images/certstoretype.png) +![](images/IISUCertStoreBasic.png) **Advanced Settings:** CONFIG ELEMENT | DESCRIPTION ------------------|------------------ -Store Path Type |Determines what restrictions are applied to the store path field when configuring a new store. -Store Path Value|When using this as a Windows Cert Store, this option must be freeform, allowing the user to type in a particular store path.
When using this for bound or IIS Certificates, This must be a comma separated list of options to select from for the Store Path. This, combined with the hostname, will determine the location used for the certificate store management and inventory. Must be My, WebHosting +Store Path Type |Determines what restrictions are applied to the store path field when configuring a new store. Select Multiple Choice. +Store Path Value|This must be a comma separated list of options to select from for the Store Path. This, combined with the hostname, will determine the location used for the certificate store management and inventory. Must be My, WebHosting Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Forbidden. Private Keys |This determines if Keyfactor can send the private key associated with a certificate to the store. This is required since IIS will need the private key material to establish TLS connections. PFX Password Style |This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store. This can be either Default (system generated) or Custom (user determined). @@ -63,19 +60,17 @@ PFX Password Style |This determines how the platform generate passwords to prote Parameter Name|Display Name|Parameter Type|Default Value|Required|Description ---|---|---|---|---|--- -spnwithport\*|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service -WinRm Protocol\*|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on -WinRm Port\*|WinRm Port|String|5985|Yes|Port that WinRM Runs on -ServerUsername|Server Username|Secret||No|The username to log into the IIS Server -ServerPassword|Server Password|Secret||No|The password that matches the username to log into the IIS Server +spnwithport|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service +WinRm Protocol|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on +WinRm Port|WinRm Port|String|5985|Yes|Port that WinRM Runs on +ServerUsername|Server Username|Secret||No|The username to log into the Server +ServerPassword|Server Password|Secret||No|The password that matches the username to log into the Server ServerUseSsl|Use SSL|Bool|True|Yes|Determine whether the server uses SSL or not -**NOTE: Elements with an asterisk (*) are only required when communicating with a Web Server and bound certificates. - -![](images/certstoretype-c.png) - +![](images/IISUCustomFields.png) **Entry Parameters:** + This section must be configured with binding fields. The parameters will be populated with the appropriate data when creating a new certificate store.
- **Site Name** – Required (Adding an entry, Removing an entry, Reenrolling an entry). The site name for the web site being bound to – i.e. "Default Web Site" @@ -90,8 +85,8 @@ This section must be configured with binding fields. The parameters will be popu - 1 - SNI Enabled - 2 - Non SNI Binding - 3 - SNI Binding -- **Provider Name\*** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target IIS server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target IIS Server. -- **SAN\*** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. +- **Provider Name** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target Server. +- **SAN** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. Parameter Name|Parameter Type|Default Value|Required When ---|---|---|--- @@ -101,60 +96,137 @@ HostName |String|| SiteName |String|Default Web Site|Adding Entry, Removing Entry, Reenrolling an Entry SniFlag |String|0 - No SNI| Protocol |Multiple Choice|https|Adding Entry, Removing Entry, Reenrolling an Entry -ProviderName\* |String|| -SAN\* |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) +ProviderName |String|| +SAN |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) + +![](images/IISUEntryParams.png) + +Click Save to save the Certificate Store Type. + +
+ +
+ WinCert Extension + +**1. In Keyfactor Command create a new Certificate Store Type using the settings below** + +**Basic Settings:** + +CONFIG ELEMENT | DESCRIPTION +------------------|------------------ +Name |A descriptive name for the extension. Example: WinCert +Short Name |The short name that identifies the registered functionality of the orchestrator. Must be WinCert. +Custom Capability|Store type name orchestrator will register with. Check the box and enter WinCert. +Job Types |Inventory (Checked), check the additional checkboxes: Add, Remove, and Reenrollment. +General Settings|Needs Server - Checked
Blueprint Allowed - Unchecked
Uses PowerShell - Unchecked +Requires Store Password |Determines if a store password is required when configuring an individual store. This must be unchecked. +Supports Entry Password |Determined if an individual entry within a store can have a password. This must be unchecked. + +![](images/WinCertBasic.png) + +**Advanced Settings:** + +CONFIG ELEMENT | DESCRIPTION +------------------|------------------ +Store Path Type |Select Freeform. Allows users to type in a valid certificate store. +Supports Custom Alias |Determines if an individual entry within a store can have a custom Alias. This must be Forbidden. +Private Keys |This determines if Keyfactor can send the private key associated with a certificate to the store. This is required since IIS will need the private key material to establish TLS connections. +PFX Password Style |This determines how the platform generate passwords to protect a PFX enrollment job that is delivered to the store. This can be either Default (system generated) or Custom (user determined). + +![](images/WinCertAdvanced.png) -**NOTE: Elements with an asterisk (*) are only required when not binding certificates to a web server. +**Custom Fields:** + +- **SPN With Port** – Defaults to false but some customers need for remote PowerShell Access + +Parameter Name|Display Name|Parameter Type|Default Value|Required|Description +---|---|---|---|---|--- +spnwithport|SPN With Port?|Boolean|false|No|An SPN is the name by which a client uniquely identifies an instance of a service +WinRm Protocol|WinRm Protocol|Multiple Choice|http|Yes|Protocol that WinRM Runs on +WinRm Port|WinRm Port|String|5985|Yes|Port that WinRM Runs on +ServerUsername|Server Username|Secret||No|The username to log into the Server +ServerPassword|Server Password|Secret||No|The password that matches the username to log into the Server +ServerUseSsl|Use SSL|Bool|True|Yes|Determine whether the server uses SSL or not + +![](images/WinCertCustom.png) + +**Entry Parameters:** +- **Provider Name** - Optional. Name of the Windows cryptographic provider to use when generating and storing the private key for the certificate being enrolled by a reenrollment job. If not specified, defaults to 'Microsoft Strong Cryptographic Provider'. This value would typically be changed when leveraging a Hardware Security Module (HSM). The specified cryptographic provider must be available on the target server being managed. The list of installed cryptographic providers can be obtained by running 'certutil -csplist' in a command shell on the target Server. +- **SAN** - Optional. Specifies Subject Alternative Name (SAN) to be used when performing reenrollment jobs. Certificate templates generally require a SAN that matches the subject of the certificate (per RFC 2818). Format is a list of = entries separated by ampersands. Examples: 'dns=www.mysite.com' for a single SAN or 'dns=www.mysite.com&dns=www.mysite2.com' for multiple SANs. + +Parameter Name|Parameter Type|Default Value|Required When +---|---|---|--- +ProviderName |String|| +SAN |String||Reenrolling an Entry (if the CA follows RFC 2818 specifications) + + +![](images/WinCertEntryParams.png) -![](images/screen2.png) +Click Save to save the Certificate Store Type. -**2. Register the IIS Universal Orchestrator with Keyfactor** -See Keyfactor InstallingKeyfactorOrchestrators.pdf Documentation. Get from your Keyfactor contact/representative. +
-**3a. Create an IIS Binding Certificate Store within Keyfactor Command** -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+## Creating New Certificate Stores +Once the Certificate Store Types have been created, you need to create the Certificate Stores prior to using the extension. +Here are the settings required for each Store Type previously configured. -![](images/IISCertStore.png) +
+IISU Certificate Store + +In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. #### STORE CONFIGURATION CONFIG ELEMENT |DESCRIPTION ----------------|--------------- -Category |The type of certificate store to be configured. Select category based on the display name configured above. +Category |Select the IISU from the dropdown. This is the name of the Certificate Store Type you previously create. Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. Client Machine |The hostname of the server to be managed. The Change Credentials option must be clicked to provide a username and password. This account will be used to manage the remote server via PowerShell. Credentials |Local or domain admin account that has permissions to manage iis (Has to be admin) -Store Path |My or WebHosting +Store Path |Select My or WebHosting from the dropdown. Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. -SPN with Port?| -WinRm Protocol|http or https +SPN with Port?| Defaulted to False +WinRm Protocol|Select either http or https WinRm Port |Port to run WinRm on Default for http is 5985 Server Username|Username to log into the IIS Server Server Password|Password for the username required to log into the IIS Server -Use SSL|Determines whether SSL is used ot not - +Use SSL|Determines whether SSL is used or not Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. -**3b. Create a Windows Certificate Store within Keyfactor Command** +![](images/IISUAddCertStore.png) -In Keyfactor Command create a new Certificate Store similar to the one below, selecting "WinIIS" as the Category and the parameters as described in "Create the New Certificate Store Type for the New IIS AnyAgent".
+Click Save to save the settings for this Certificate Store +
+ +
+WinCert Certificate Store + +In Keyfactor Command, navigate to Certificate Stores from the Locations Menu. Click the Add button to create a new Certificate Store using the settings defined below. -![](images/WinCertStore.png) #### STORE CONFIGURATION CONFIG ELEMENT |DESCRIPTION ----------------|--------------- -Category |The type of certificate store to be configured. Select category based on the display name configured above. +Category |The type of certificate store to be configured. Select category based on the display name configured above for WinCert. Container |This is a logical grouping of like stores. This configuration is optional and does not impact the functionality of the store. Client Machine |The hostname of the server to be managed. The Change Credentials option must be clicked to provide a username and password. This account will be used to manage the remote server via PowerShell. -Credentials |Local or domain admin account that has permissions to manage iis (Has to be admin) -Store Path |Any correctly spelled local machine store path +Store Path |Enter the specific name of the certificate store path you want to use. Orchestrator |This is the orchestrator server registered with the appropriate capabilities to manage this certificate store type. -Server Username|Username to log into the Server +SPN with Port?|Defaults to False +WinRm Protocol|Select http or https +WinRm Port |Port to run WinRm on Default for http is 5985 +Server Username|Username to log into the IIS Server Server Password|Password for the username required to log into the IIS Server -Use SSL|Determines whether SSL is used ot not +Use SSL|Determines whether SSL is used or not +Inventory Schedule |The interval that the system will use to report on what certificates are currently in the store. + +![](images/WinCertStore.png) + +
+ + +## Test Cases -#### TEST CASES Case Number|Case Name|Enrollment Params|Expected Results|Passed|Screenshot ----|------------------------|------------------------------------|--------------|----------------|------------------------- 1 |New Cert Enrollment To New Binding With KFSecret Creds|**Site Name:** FirstSite
**Port:** 443
**IP Address:**`*`
**Host Name:** www.firstsite.com
**Sni Flag:** 0 - No SNI
**Protocol:** https|New Binding Created with Enrollment Params specified creds pulled from KFSecret|True|![](images/TestCase1Results.gif) @@ -176,4 +248,3 @@ Case Number|Case Name|Enrollment Params|Expected Results|Passed|Screenshot - From 5a9c6d4af67f79a989da65ac9ccef4581114063b Mon Sep 17 00:00:00 2001 From: Mikey Henderson Date: Wed, 12 Apr 2023 10:02:42 -1000 Subject: [PATCH 2/2] update workflow (#63) --- .../workflows/keyfactor-starter-workflow.yml | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/.github/workflows/keyfactor-starter-workflow.yml b/.github/workflows/keyfactor-starter-workflow.yml index bc2e627..a942322 100644 --- a/.github/workflows/keyfactor-starter-workflow.yml +++ b/.github/workflows/keyfactor-starter-workflow.yml @@ -5,13 +5,26 @@ jobs: call-create-github-release-workflow: uses: Keyfactor/actions/.github/workflows/github-release.yml@main + get-manifest-properties: + runs-on: windows-latest + outputs: + update_catalog: ${{ steps.read-json.outputs.prop }} + steps: + - uses: actions/checkout@v3 + - name: Read json + id: read-json + shell: pwsh + run: | + $json = Get-Content integration-manifest.json | ConvertFrom-Json + echo "::set-output name=prop::$(echo $json.update_catalog)" + call-dotnet-build-and-release-workflow: needs: [call-create-github-release-workflow] uses: Keyfactor/actions/.github/workflows/dotnet-build-and-release.yml@main with: release_version: ${{ needs.call-create-github-release-workflow.outputs.release_version }} release_url: ${{ needs.call-create-github-release-workflow.outputs.release_url }} - release_dir: IISU/bin/Release/netcoreapp3.1 + release_dir: IISU/bin/Release/netcoreapp3.1 secrets: token: ${{ secrets.PRIVATE_PACKAGE_ACCESS }} @@ -22,7 +35,10 @@ jobs: token: ${{ secrets.APPROVE_README_PUSH }} call-update-catalog-workflow: - if: github.event_name == 'push' || github.event_name == 'workflow_dispatch' + needs: get-manifest-properties + if: needs.get-manifest-properties.outputs.update_catalog == 'True' && (github.event_name == 'push' || github.event_name == 'workflow_dispatch') uses: Keyfactor/actions/.github/workflows/update-catalog.yml@main secrets: token: ${{ secrets.SDK_SYNC_PAT }} + +