From 9a01ec35f4113b1bebebbb65b635f03a178c1ce2 Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Sun, 18 Jul 2021 21:04:16 -0400
Subject: [PATCH 1/7] add library wifi password retrieval script

---
 api/tacticalrmm/scripts/community_scripts.json         | 10 ++++++++++
 .../Win_Wifi_SSID_and_Password_Retrieval.ps1           |  0
 2 files changed, 10 insertions(+)
 rename {scripts_wip => scripts}/Win_Wifi_SSID_and_Password_Retrieval.ps1 (100%)

diff --git a/api/tacticalrmm/scripts/community_scripts.json b/api/tacticalrmm/scripts/community_scripts.json
index 3ca23825..bff4e120 100644
--- a/api/tacticalrmm/scripts/community_scripts.json
+++ b/api/tacticalrmm/scripts/community_scripts.json
@@ -559,6 +559,16 @@
     "category": "TRMM (Win):Network",
     "default_timeout": "90"
   },
+  {
+    "guid": "7c0c7e37-60ff-462f-9c34-b5cd4c4796a7",
+    "filename": "Win_Wifi_SSID_and_Password_Retrieval.ps1",
+    "submittedBy": "https://github.com/silversword411",
+    "name": "Network Wireless - Retrieve Saved passwords",
+    "description": "Returns all saved wifi passwords stored on the computer",
+    "shell": "powershell",
+    "category": "TRMM (Win):Network",
+    "default_timeout": "90"
+  },
   {
     "guid": "abe78170-7cf9-435b-9666-c5ef6c11a106",
     "filename": "Win_Network_IPv6_Disable.ps1",
diff --git a/scripts_wip/Win_Wifi_SSID_and_Password_Retrieval.ps1 b/scripts/Win_Wifi_SSID_and_Password_Retrieval.ps1
similarity index 100%
rename from scripts_wip/Win_Wifi_SSID_and_Password_Retrieval.ps1
rename to scripts/Win_Wifi_SSID_and_Password_Retrieval.ps1

From 304be990679091c1eb3c15d6a7527ec24ae35100 Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Sun, 18 Jul 2021 21:04:16 -0400
Subject: [PATCH 2/7] add library wifi password retrieval script

---
 api/tacticalrmm/scripts/community_scripts.json         | 10 ++++++++++
 .../Win_Wifi_SSID_and_Password_Retrieval.ps1           |  0
 2 files changed, 10 insertions(+)
 rename {scripts_wip => scripts}/Win_Wifi_SSID_and_Password_Retrieval.ps1 (100%)

diff --git a/api/tacticalrmm/scripts/community_scripts.json b/api/tacticalrmm/scripts/community_scripts.json
index 3ca23825..bff4e120 100644
--- a/api/tacticalrmm/scripts/community_scripts.json
+++ b/api/tacticalrmm/scripts/community_scripts.json
@@ -559,6 +559,16 @@
     "category": "TRMM (Win):Network",
     "default_timeout": "90"
   },
+  {
+    "guid": "7c0c7e37-60ff-462f-9c34-b5cd4c4796a7",
+    "filename": "Win_Wifi_SSID_and_Password_Retrieval.ps1",
+    "submittedBy": "https://github.com/silversword411",
+    "name": "Network Wireless - Retrieve Saved passwords",
+    "description": "Returns all saved wifi passwords stored on the computer",
+    "shell": "powershell",
+    "category": "TRMM (Win):Network",
+    "default_timeout": "90"
+  },
   {
     "guid": "abe78170-7cf9-435b-9666-c5ef6c11a106",
     "filename": "Win_Network_IPv6_Disable.ps1",
diff --git a/scripts_wip/Win_Wifi_SSID_and_Password_Retrieval.ps1 b/scripts/Win_Wifi_SSID_and_Password_Retrieval.ps1
similarity index 100%
rename from scripts_wip/Win_Wifi_SSID_and_Password_Retrieval.ps1
rename to scripts/Win_Wifi_SSID_and_Password_Retrieval.ps1

From 593f1f63cc00dde1198810d94c934af92a1ef0bf Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Mon, 19 Jul 2021 10:35:54 -0400
Subject: [PATCH 3/7] add wip script

---
 scripts_wip/Win_Chocolatey_Update_Bulk.bat | 43 ++++++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 scripts_wip/Win_Chocolatey_Update_Bulk.bat

diff --git a/scripts_wip/Win_Chocolatey_Update_Bulk.bat b/scripts_wip/Win_Chocolatey_Update_Bulk.bat
new file mode 100644
index 00000000..8d2c54ea
--- /dev/null
+++ b/scripts_wip/Win_Chocolatey_Update_Bulk.bat
@@ -0,0 +1,43 @@
+
+    ECHO Enter number of clients you're running against as a parameter if you are running against multiple clients. 
+    ECHO A random sleep time will be introduced to minimize the chance of being temporarily blacklisted
+    ECHO See https://docs.chocolatey.org/en-us/community-repository/community-packages-disclaimer#rate-limiting
+
+
+IF %1.==. GOTO No1
+IF %2.==. GOTO No2
+
+    
+GOTO End1
+
+:No1
+rem No parameters
+  ECHO Running No1: No parameters provided
+  cup -y all
+GOTO End1
+
+:No2
+rem One parameter provided
+  ECHO Running No2: One Parameter provided
+  
+@echo off & setlocal EnableDelayedExpansion
+
+for /L %%a in (1) do (
+        call:rand 1 %2
+        echo !RAND_NUM!
+)
+:rand
+SET /A RAND_NUM=%RANDOM% * (%2 - %1 + 1) / 32768 + %1
+echo RAND_NUM is !RAND_NUM!
+Set /A SleepTime=!RAND_NUM! * 60
+echo SleepTime is %SleepTime%
+
+timeout /t %SleepTime% /nobreak
+ECHO finished waiting
+cup -y all
+
+GOTO End1
+
+:End1
+
+rem We've reached the end
\ No newline at end of file

From cb1fe7fe54dcefad23cb1f3c81b25013683a68ec Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Mon, 19 Jul 2021 10:44:38 -0400
Subject: [PATCH 4/7] adding db maintenance to docs

---
 docs/docs/update_server.md | 19 +++++++++++++++++--
 1 file changed, 17 insertions(+), 2 deletions(-)

diff --git a/docs/docs/update_server.md b/docs/docs/update_server.md
index 6eca1541..fbb9bbe4 100644
--- a/docs/docs/update_server.md
+++ b/docs/docs/update_server.md
@@ -17,6 +17,7 @@ Other than this, you should avoid making any changes to your server and let the
 SSH into your server as the linux user you created during install.<br/><br/>
 __Never__ run any update scripts or commands as the `root` user.<br/>This will mess up permissions and break your installation.<br/><br/>
 Download the update script and run it:<br/>
+
 ```bash
 wget -N https://raw.githubusercontent.com/wh1te909/tacticalrmm/master/update.sh
 chmod +x update.sh
@@ -27,18 +28,19 @@ chmod +x update.sh
 
 If you are already on the latest version, the update script will notify you of this and return immediately.<br/><br/>
 You can pass the optional `--force` flag to the update script to forcefully run through an update, which will bypass the check for latest version.<br/>
+
 ```bash
 ./update.sh --force
 ```
+
 This is usefull for a botched update that might have not completed fully.<br/><br/>
 The update script will also fix any permissions that might have gotten messed up during a botched update, or if you accidentally ran the update script as the `root` user.
 
 <br/>
 
-
 !!!warning
     Do __not__ attempt to manually update MeshCentral to a newer version.
-    
+
     You should let the `update.sh` script handle this for you. 
     
     The developers will test MeshCentral and make sure integration does not break before bumping the mesh version.
@@ -61,3 +63,16 @@ After this you have renewed the cert, simply run the `update.sh` script, passing
 ```bash
 ./update.sh --force
 ```
+
+#### Keep an eye on your disk space
+
+If you're running low, shrink you database
+
+1. Choose *Tools menu > Server Maintenance > Prune DB Tables*
+
+2. At server command prompt run
+
+```bash
+sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_auditlog"
+sudo -u postgres psql -d tacticalrmm -c "vacuum full logs_auditlog"
+```

From 449957b2eb69f87bec2ddc0cd3efe5c1ce1f6815 Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Wed, 21 Jul 2021 15:02:56 -0400
Subject: [PATCH 5/7] Docs updates

---
 docs/docs/howitallworks.md   | 14 ++++++++++++--
 docs/docs/troubleshooting.md | 14 ++++++++++++++
 2 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/docs/docs/howitallworks.md b/docs/docs/howitallworks.md
index b6eb3d4d..1bd68314 100644
--- a/docs/docs/howitallworks.md
+++ b/docs/docs/howitallworks.md
@@ -138,7 +138,7 @@ Executes the file (INNO setup exe)
 
 Files create `c:\Windows\temp\Tacticalxxxx\` folder for install (and log files)
 
-*****
+***
 
 ### Windows Update Management
 
@@ -150,4 +150,14 @@ AUOptions (REG_DWORD):
 1: Keep my computer up to date is disabled in Automatic Updates.
 ```
 
-Uses this Microsoft API to handle updates: [https://docs.microsoft.com/en-us/windows/win32/api/_wua/](https://docs.microsoft.com/en-us/windows/win32/api/_wua/)
\ No newline at end of file
+Uses this Microsoft API to handle updates: [https://docs.microsoft.com/en-us/windows/win32/api/_wua/](https://docs.microsoft.com/en-us/windows/win32/api/_wua/)
+
+### Log files
+
+You can find 3 sets of detailed logs at `/rmm/api/tacticalrmm/tacticalrmm/private/log`
+
+* `error.log` nginx log for all errors on all TRMM URL's: rmm, api and mesh
+
+* `access.log` nginx log for access auditing on all URL's: rmm, api and mesh (_this is a large file, and should be cleaned periodically_)
+
+* `debug.log` created by django webapp
diff --git a/docs/docs/troubleshooting.md b/docs/docs/troubleshooting.md
index 8d2e54f6..e615ab01 100644
--- a/docs/docs/troubleshooting.md
+++ b/docs/docs/troubleshooting.md
@@ -89,6 +89,20 @@ Read through the log files in the following folders and check for errors:
 /var/log/celery
 ```
 
+#### Using Cloudflare DNS
 
+- rmm.example.com can be proxied.
 
+- api.example.com can NOT be proxied.
 
+- mesh.example.com can be proxied with the caveat that Mesh checks the cert presented to the agent is the same one on the server. I.e. no MITM. You'll need to copy Cloudflare's edge cert to your server if you want to proxy this domain.
+
+#### Testing Network Connectivity between agent and server
+
+Use powershell, make sure you can connect to 443 and 4222 from agent to server:
+
+```powershell
+Test-NetConnection -ComputerName api.example.com -Port 4222
+```
+
+Are you trying to use a proxy to share your single home public IP with multiple services on 443? This is complicated, test your setup.
\ No newline at end of file

From b2118201b14eb3e7c33ad47bdbf6cd75f76d62bd Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Sun, 25 Jul 2021 15:27:05 -0400
Subject: [PATCH 6/7] Sorting alphabetical and fixing pic

---
 .../images/example1_taskcollectorscript.png   | Bin 24462 -> 27587 bytes
 docs/mkdocs.yml                               |  22 +++++++++---------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/docs/docs/images/example1_taskcollectorscript.png b/docs/docs/images/example1_taskcollectorscript.png
index d7abbfbca9a130d0d4b7496d45f2daa7986f24a7..fbe5c6d5702fb166a157a6b2948101c485d4b576 100644
GIT binary patch
literal 27587
zcmdSBcUV)~w=RsEt!za=WeZ!nq9Wam3Iaj|R0O05(o0l8kQOPS1rm{F0|W$AKtQUr
z&;taBh)R{9bOHo~&_WUj34w$pcftOh=bm%F`^P!wyZ3vZ?+>2ETA3?r&bh`M^Bv=T
zN1j=j844T{JH*4oBVcs%nk5g<Z*1TX{>K5}ip(#}ec-S!(9%$!r?OvS894dfL(f!?
zho?G;f9KwQ;QZjDoA!Y`Jc1p&fBQNiC2l-C-gZXU^zMYZkf!_}NqB_gw^^#yk`$ZL
zlsk3Dj^Tc!BO6-owO<)k$h}>5PWSgirwr|%J?W~|xluR&JYB}qz{2U(pKeEArT?;g
zd2{vlwLG<V(O+JcQ2&4h_TKCM-L9wkQJaq*qD#+GDOxnU{dwifnC|v_5(RIznij**
zup)FZ->1iKW^Zk1S0;%LLKrv*X7Eoq1dB`H=H=%b0Da~uz>2o5?ce?-ia8ep2hL>*
z{{TkKbG7Fva~}`S<JYn@Uf@*TaET8%SSAh#0fz#KJZa!?Q&S%V99{+db0gtDapPp7
zq;^4VZR$T?bKLg-#xwraxu%ALY#|-mD+!(OI{{5uPK}R%@$h(x_2#BuS57_aK5R28
zl84tC)na}uexJf89dX`Y5@?WnTPfN>r2f`KVmn4zACpj8o|@VNTz~wa`j*%D#gFA_
z_1BkBM~~ZX0blnBWq-Eb=iQx=o{3X5+?CP-0?_hmZN01dnZ0R)%Fr}!c4%+DJt!|C
z=LWX4AA}m4V=H5Jn|bb!;T-sgan*Lme{A^^^e%1O-ny@MnVo%*xa}ZM6Y_L4UUWbA
z@i5RdL^2Pfw?ZCU>^E7?Z+S_nR$R!gVcoPbE-XJRSK-|t!DMt_t3D@;J)L%GKygrw
zMfMCh0o*6{d;l*44Oum@f2(}!<^zu^ALL<4>Ey^($)8Q!x_Q-YJWrpS`~2U^NiiJV
z6K@s53DRk&5nee#E7TRz4fhFn@UM1IQ{p^9{n5Fupvu#=BXJgvH}J~Fy0&Yhs>Yj-
za#l0fP#V7@faxic1%}F&#L4B0d@vC!!e+lZ8S)jMF8yjltjb(yjOCo7nIEO4Epd>o
zGZ!ZRz|ajP_?K4B&|QSlC}otSl6D&AhKi#(2h3z0fZ!@e(%|Aj5sw@;o3+e5CADs@
z5gQ0^{Ty{wwv)>J%3N)zofUpl>c^NKg`woft2GeCM01m6SuXBS<?g&sUIM0e+^ds3
zapClw@SvX`!r#j-T*-pZwwpJ0utr;?PL`mMS@s&;9J1Lpmo)w<@5T~kxLw}}Rj;@u
zoL__NMCW{3>6b=MI#v;@I}1HL$`kDzi@@s{@r>)c3!%~b54M0Mq;qpsIysrGljg2%
zc-q@`7$eG0iLx6I<l6`hbK4FNWcuD+TYZ{!*>;UAH)fwt4wc+pDUZ`{EJ0p18(>WH
z-)gGLauQl}RI@UE`M7+8#h-Ch=%%f=)|iaqE}d7H<71uDgE7SSPX+78t*-3!PpL&j
zTvOA|AB3qDU+Ri4W~?TWx$El><rluS%IoWB%{;P-`85c8LLkO-s5B|`3C%05i=P`2
zIe;<nyn6;%13hF_MRP4qqoULFhkTeuyMz6F+@uL7|B9?F)j$JR`fKPZ?JG(#E8`w|
zpIyh++8v{eua%pWNx5P?iqK5f(x94Q-v1zo$8hv%H(XHt?}aU^T<5$1KX7&MC{w&Z
zQaf1tS}_B7T<-BYSM{lC*Z82|;A2e3qq{C6m;R^_qemXzUH*?p43;2A_B==mDTQ|y
z<l<o9|5++Ar7n^U%<j(#N$s;6Wv5I;Q+ujN%}L#E_bd~ka<9*Hfkl&v+h1zX3&Uad
zX=l3S()RH@R$h7?N&KDr>)M({8c7eBUZ(a4|F5zQS8I1ym#CLt(;?2{@tn3)%jPx(
zZ`7r~aNef*ON7*)nRR|2CfH8u=jAsvf(mEqn@{l%M*mE!BR_cA-~GJ2`xow@`@s=@
zHrZ)lONZ-K-WN-aA>d+x{$J%i&BrAP?!*C;3Rv6HNHBgVi@V)2f8)YW+>~m34Zqlp
z>o%1V#?wVTH}dfKPLDI1+dh~ey8HYaT<1F_=OuGH1j|=~Nrzqt);$6^LQkt7Gx(>U
zAiIO_8o)!{ZlwEFhRsqo-<8APrQWJ)<M-%Q<K`c?UER-8If1TmYSU^9_jO6HGqzQC
zv(4+c=Wi(jZ6!z_*oOieYh3&t5ikP7N8Wl+X<b=|oN{_Sd9}*d#dWq+sb95;O07OT
z?>4((49h@{1iH6<;PUl4wAb{lCa8ddtdr;?PqLI%2j|#%4X3x%KTT{!WZ*UOY=2($
z8WO@HV>3dG{BDnOeTpLLLHWE<X^t+J0=(@P%;-$wS(=`;47O{2C!jF0teNdSp^G64
z7;q~tNj~{<K&v{kk$wtlhgRU#!F8?_2iBDEN-&x$eES7&^rzN~2datOGCI^>=0GS7
z&iS1+xY6H(g7Wb5TotohQ@xp|7ll6pn3#Va*r4fb+wgYnPh?aXF-($YiA9j!IyoiO
z;GOfmd;Eu9H*HzV>V?=bTlbT&o8c_A0BX$v4d+h&$J6lMliZ5^why9y@HbA&-1YB)
zlV5e4*V7hSvPh$^CUnkS7^Szy&B9TYqDsnci{^)W;3%_4P9xJQ%ZQ58y$<-FUzx~v
z<_>FZx2X(k$D-Wm==w8nHB0hpDX->r1sGrwJh(ZK9BK>7e%&q>xQ2Gw;N5g&{~VrD
zb)CowfEiK!&Zi9URbSN&wda%9V`+sG3NGE`Q<h^hH4d}Gl~O@<`v#u(Nz!^7jxgPQ
z?TzKs!p$U7TC(qiPi_iy+98lM>COJKG{xxYO~QtPL)+$DYGnjlcb!p8cp+-mlN%ZR
zYvOlct;Ygp=_tUy1lIE$zFLp)#PIL5H>g-RZ}7fHTyMD3CN@n-Q(e&4>&4j~;laW`
zEPuyOfBrQ=KV#q2dM>r0vdp|A6PFXW>A{u}AA<h4ZiJYK-`{)5KD1ZW%GpM$>5%jk
zSZ9R4<9M~+%keT^0seygH0rxNu>17;40qoTk&4v;k$T4X(RRzGNg|f2A>D6p-&olC
zs2yHOjt-TfNdEP@J*vlgEuhI8zo5^xGyE3G>l!V?P&W6G&OFFY*8M{twj`c-Q+sE_
z>uk_89rvjtTTYz*%+|I}f`{j#Ft8ztg%pAf<~%*a&DWmC)UHi>Bd4jyaRW6nJi)h=
zne7o43pT5zZE3Lf;r-~fVS3vVO^R|{kexR3&<U67Vx2eQZMB_tBz*4PSgR`Lv+vFD
z{iM<<?9t$QEp0jec7fKi_KQV!+6JmfP#H@`s*5C^(nXVEl)mmvx}X%GB2o9zUj0+|
zWY|&?>Ib;k$#6KVaPn$<y6=$OK^CwFnO+CHP+TmhRczXa*}Y@00qyJ=74mRtCB||5
zKqc>MK59%Khoi+HzTIGc2#!MPEn@s`TUu60GmOsnX7ywpW>P3ItT>sEm8I%;ie#<J
zrm&aj*{}Cc-4KzZM_MA{tQmUuWl+mH@$82x)zq%V6T+IJLwSl~EQo4vAMPN_Ghhih
zCAYidkk$1O(HE6ywy{W+x7$9gj~do#?`IxNrC~2!_0sXv$;4rrm3mR1t*n3Hpf@wV
z=crPUT5D&gBXCpog_={&_L)P{?>eQP#=r%ZPzr(Hb(%5My4MqIpC|H)O=A&o#)+l7
zi*Gj5h!kq%;rA*!XDN#b1_)~&!J?6v9u0Bk)cV->#<I<bJYz|})`5ghoG{bdlrmmo
zzKa+qeF69R&~8auA<RlkCFgbDRYK7uy|U{YWL^h0{9a62fZ`|3EbWVB_|4GuovWsE
zU+a##YZwPuGO{&qQy1DY7#T-G(XHZ1qyq!4!B+m<H?MUaQ@?}mUr@@Qy{+izobpyU
z7;J!ai!%$?5Jp;0ELXyD>t^G%bXaR=`1DU1u7Dzg&uBE@Cms)G|9O&i_G_@e?>CrR
zF-&QxrF^VLIxHt)G{>8HLSm4_&P*K*Iv+5$GIp7U&dl>|9=J#9=+LyUT8Qf*^0Rw}
zr7Jq7Oz!a(jMDyM2^o=vAqm?2?CHffp|X_bNPPf2%=qmhr4D^ekDF-kM*FB=U+?54
zQ*e6=D`o(qhgy);j)qQJ!7dgEST`Kh2hW%8T&<+O>2&N>Lk#;l3iwHw{n1iN48z^P
zEn$=_Ae+cRn`hW~lwmr&?c4=JeGO5ZuzzLTNOf>qwtNP|d|BpG+E-ThAbqEx?<<FA
zjJo4Ss4kh%h#q8~_&q+z5!Ujkk5ZgqfYJHkNshx*`@+KXU~SX{<EcEnE?C2ppQ16R
zQ{Ux6uC9FHR~1@p%al!8ZK>pKqAoVN<m~QSjkw(%D^Zdk*wcef(KP<p3l1ut>~4&^
z5k=i0!1{I@@(d^dEqCXD=V}>%jQ?H3CMPqgh_&`FYP-O}UMbZ<-BiKb-S;RnNlHh-
zT!((={w|&!P)ava&ODn|U(@i%9<~?1Z7&!26#y1I-yfV9swr`|>@6}P*6n`$O>6Xq
z^~ewPq}_PVQ)CzQ<NjXD1cCzKoTnk~KM}}~#;Ogpw6*u{xa#0vxci*{M$Gfy4wn9}
z-iZ4*WVRdS)%`LC5Zr$$lKXFW&IuR8!K`a=;vxu&;AAA6UIsk*>YzOkbG>_Q?da?n
z11C-vB<_Zr?<ypt5x{xn8sJcKt?krJd&(=ymGu#p9=kzlh>7I`U-vy5%QZ84Tc7q%
z$f|Y5eZ=O*Uc9>U`nA2|i9LHPvHE}4Sc90n=thI(QzvB)x_ed?yZbbsqqJn*iPNTb
zy$B$8C{ouurF%O?F_|r9CSeY7U~c7Mijji%J=I&?ge29TkklTT{H7-y7F?_PFpq=v
zZf~@MS6}t__x~Bk(aBe%&$_Gjz3CMb>pU<&TL9IV+YYqc*?QiB8lMUK^?@960W+WT
zN&{htv%Mn667I!K7P0cu;|X6s_6A(%T^@W!sOXrm*TsKU7cZhTB3Crl*dHPy2p?LS
zD7VAvD7T$AKiqQW*r}Me+SQZOn?Awpi(GD=E5p5UYGGFYi9LM!b^UpL#GM@{{DyN=
z=yhx|1mx7J!c$jL&^OUz8D0pE?k!9r^iZ;rXYrx>Qe>FJdl+4kT?o6b(#E;=nJG{;
z&ck>qaQ5O~F0H3162|8sAt7RJ%1X||q!78+^?!*nRn5C!9CXhN5Y@+c2fA7OT*<?j
z9%beq>!%lUjZU_Tf_MrncV}h!FdNG{Ift7i2=$J^#3~Vsrd%&>2X&I6;+0E7e&hJ*
z74?8s5w<ETn-o*$*NP70-z=0GBN!i4a&+Y=%QK&S5yM3}p*TnTEn~`8VLkCu63BK)
zJv&*W-q$w3@B_gwXQI-`x!4KYLH)(xuXJu$4S*X@^T*b$9P#M1d>F0B&HmW)T2RvG
z&o=Id!!1mgLRFPkIoH``Vc56%Z0VR0kcLtc)4fu<1`@Y22!}!0@X#&XVnMF2;E2$u
zC?WDeGW;O(^bnt|%KMME(8jA51pd@oQsh)(%-Q8w$(phWmvJVk`s4KsMOIDQ_V@X+
zWbs%yl7ekywnT<SLKa=W2QDOw68f$qBB5d7w+`&M3h4HJ{E&8ruO}WsG;Ip~NF5*F
zY}Ytz%~G<%$EL?776x<A>^QEY{;o{O)2i6HC%Scr`XEe(5tFrT(Tf)!Y+EC0i)u-~
zpmcd|N8HlNNo5T=;#oUA?pBnWC+i~9piJC~Shm8Q38+2mWPtmGqELTYlB)A-4MeXh
z1KWGSHEph$I;$C0{Vk}Su8XSUgv^#Dz3hfHBN;C1c;2foOn{}Sl%0p?68yu$FVgt6
zSDuYtDzJOX?H3k1B9*q-zogn1aAX~RazeF<A|>$(jL=8;qrr7Q2Dt0T*=OKu55wvp
zn3n{lb1_f)iYg}rd$q+1RNfCTg<A75RrCz6##X-^F+uoZmP8o*>U;9w`L!O{M86_+
zn#dwNlY5_jZ<MTsXd?QzY?S)p88I!M(Sq7G0yeJdUtO_B8Oq(Al!S1c_aD^C9jRnF
zsW7|uTbn23J@GDAW+PpHv43N%!0IRuHB*L}^vgG**|zkKl9rG&ckm%Ct`U^s0+|Zp
zH-pD`xr{*98tya0)=key+nSDK>dl-;9CvlK7Je<sp0zqhMez|)9y2dDlR#`j8B-Gz
zcH7`qLRoSpMB@;fIexsqWr+#rW=<p~0Y2jdBD=ILe8QC79I$RWj_h1t($zuE>GiK@
zhg^FPy8&2daMW7$L(opq0i#H8Xf4&(mcDHnS%_eBOtw&#mA#@Y)W)#klfa+gQ3QqF
z#HeMZ`z5_k3h$$gZI?vT<(wjo76VDTQ;@-opsTvj`G;)Au^sISAL)8H!mxio8}hA+
z#0tSD-$SrO0ZeJZ>3aNfqU{Nl8WwiLrEX)>5z>q>{7R8CwVId-G$9~F`#Sv4r7xs;
z20o;yc`KTb5?ahLR|ubToud?7A`JT_et>le0hFHmw2WT(wjcRJmcNzHs_3udVT;;&
zZ=dfMWfA@qywQF&f6aUc+_ww!b1~rl<M~m2xMD%29@}fJ;OCpY=zud9#D1#Nds}yW
z<HN6Y#HWk4*&g)vlLWOim(_?lCH_t<lhqVx3xh~oV+x|-;nN84u#gMBjS)}<68Os%
z(ldrK=#+c}jn(%Ldn;I}A1%x9H5&LP7Ae9mPYR8$7$q&zadXUHd>#t6_6*5n4NOQu
z@DeKb&)b?FPTTPwJ8ND$*l+a)Us<Iqc0pBMRx&E4-GR(NXyo5w0|@q8a7g>#b_@N|
z+}aD3iBJRX0#lU=Iiqq}?#TcW+6<Z6+1Q%3#Ro<WutM(Amz(n-%T8fU(mT5RIoM0A
zx^Nz0yzc#I4m=3^`0&!z)6MWlm9R)l4g(^kd1{eL=?Wq3n3iaB>|guRnyiP@;<zfI
zle$3`I!7D@c`DAy*EZAyfm%B&joZS_rVsipwMs<jkl6Z%x%w}t(T17@B{LZ|6$402
zC`sX7n0*4+>o{j9ZRSutwTSt<?Zq^lM`L2ak=j@=nfN+mbRE%z&Z(gM+R-Xyo*XeB
zX0OGB?7u^7+?j=`x$kRMJ@+E)>t~m8p)%&RCdD6|8nH;5VK_l@;{YkFoppA04zJwv
zbyZX2uae)(N*-Z`mB2{KTqI%I7Nt!czqV4gxwMh@@Kn@*`Y`khwmN~SI*T`U+R3t*
z%>{Y!@@Uj|_8eOY+;`E=2D>dm#FtXv2rzNZtwQD$|IehKIkHxV4372VWJ(N2HY!+6
z!<Rd8EDZnqcuaA0Ig}%?@2aBFuG5*y1C>MUrmNR}wY}ejpY($)G1_#_sg|vqRP^Qi
zv|zueJ-4{IO|0utWk4%ieCZjid{$yt2)0#rf2P`_!gC&<BPF-`wFAzy`C8|ctc71<
zDusz%|JqFQkM6vnmZloMF;Z+OjI4}jDZALH?2XW!(qVP#ekt+Acm>@NR-D)<FVmnT
zb+L^2G{;q(o+D|nx;M`Agl*jPacU2(GKLvU{8ZMWG~q#HJPevzp}zS}Lz&{Y(?M%5
zBr@=1(jRQ`NWV+{>lb%Iq6UO=vrhvUCcS5X(w3rXE(%O-$)qjaXb`r#jfeCc6>VgL
zXJ%)PvI?!~CdwQ-9C*u7az14LVO0&J^VdLDE5k_dBoedJYkS@Fvnpe4loqnpJ5|3i
zw`Q8Lk{sVlA7%HpdWFB#sF0t?(6zPwNqg^^(}>kpYn5{%gN|L=5qKVMm(<Q~@q?8X
zONCjPrhrBtVZQeE5Qy~17Nid|!!-LKXjp!TF--q@haSuDy%U<bqV;QEKs3jMi8>|<
zl8Yc8LR6p2kmcG4uLMRnLyH(gtAmS^S7=mB@!pF@uQ&;jp^tn`-%YzBaIUvp>VoC6
zP{}gV4L=ss@7SWbA?=Hs?KCMK-&1=w@3M?ibPtww;+RsBvy-lzWP!6&J}76>;75HU
zWFbnSU*Hd$z+=I(NK?iDGigk<Y%Twcv&^}kA&AaN^E*?Mmn|+V9oW|pumPrt=7)5=
zM|3!U7JyBs-oALw8!ctp=wCezCW9ltpg#`yU5)7X`zzwtb<GWJ+k&k~)tkOsy*krE
ztQJg&#pR7Gbmy-hksN`9XIN+a%ncXcBwvayF<0OcOKGeaF*tjiln;5h-AoFzi(Wo1
zd9F=1fAfnJD~lBOMX}p9T9%!Dx1$ZI<<YY5W*C<vFlT#llI?Xr@^5UGe^Rt^)`|3D
z#-0AOHDJwb?YjUf@*N1gnNfj57;$ZW?QGAAcCI$+2mYF(DI;~(&#z3am7b&?<Q}ke
z?i3HY#`4M6g=$cl8k3L+SqhV_qgAo^#PsOS$RL%5`Zh1=s1dX(j_(rZU#ZvU-pFwj
z<DzGf9?=;~U;pCqbl!!~g~8$24veP4qKb`F{nmO~ujLyt0d`dJn5;H{1};>09=Y-4
z)@nvNt1vw$<%P&iC-$r%T#S8Y2~<g@&IjfZdW7CR!xBQQPV9)A2*aBk(Q`=)=)aoO
z#3QfG5|$ZGkH@I0A@ns!VmB;r`>Xn!LsH32v#N|3_#+K_@62d*k=ne@qc?`a-8^nj
z^XrKHJ^9`tQvGg{@zASZq>UP<o#{YAZj&EOD$H!UFTP(^+uUns-^o!(gIN|nL!1%$
zS#wZBX;B~HM(&BXB6Ql?jM|cx2V_Nkae-kKprAQ#OG)z<Y9hvTAc;r^f5xOKq_NI^
z(5MWzis&(4_itgUm|1gt<B~L|J;WIgcapPzAcU+(mML9e)dt<m8;J}`V}x)ZEjim3
zzGg;PuROTu{(S&B!k)Bb;$y$)>GIT7?E+?Uwk8`_zLMcEctuIbut<5^-16h``xDu*
zv1=OVo<;Hb%5N#jE^a(HaFqU(4SO~z{pu`<i{G!|Uh-}3(Z1Z{|Aa9359s4e1a$R-
zQ`5YTHqKO|x(wn=74=3f+zW|a@A*mzx5Xc1lgzO=Fk(TI0+G75ke5jkU}Lit(~A$K
zar-}OSyfF~<G3OBlHg=pS|D;=S&XOd!)_1%U^@meDrs^%)&m3J3{$zxcXtu%c8Iey
z6lRfhp)OD(G{$dC9lV@miglo<DxgrC9Li_UN(;`51)c$w-R=J$W)Nx&_~4g&(e#i!
zuu#?ZGWr(9|2$(iw9EegtT7N8?uN0CEB?2n<$vTJhq0VhY!8+_iTx*PtUL98l<53#
zhsXc*8!LVFxduWyrwx;&(wtP}L{*%CIpBHsO|8WJc5i`^ef{t*W7%Jy2w(YFJm1bI
zeamS#xc2<>A11WHbq!zdoe{w%f+3^<NWKDbzTiKmVZd9TMdx3DckX+~!^Lm=$L{7q
zLNfPqE$+MFIOco4v4bFR@uH*l1FL`DKOd0usf*|gX57T~#}Mj=(C{)`llj?0wQAaq
zub+7w>me4=k9)W?({`Wr82tiB76C-%1!2pq`Xejy-*5GX7F`IN@;(19Gi`^MB$s~X
zV+cE)L9Oe9Khh6|;I8iFZyZE{G;o6mv)Fy86@TWf2GvqwnKeBYZt8k67+v`U^*&Pg
zy1dzHnF{PWA1@`*MiqZ#Hy2Q+0(5TDen}%+Ev3GUs6$?iEDk!dmdsGT>hE=p>64w!
zny0bOP;gO6&r@_J7aK^E2nTA$4n*KVjT-e$W!b%k(0dMt9OCy6{s>_|_F}Q`Iux<#
zCX}4?NNq#+i3VuPjC47EIsTW~=r<|Nbxt`Mbs;Q=;JR+G8S4|4ZRs~8X@GBk))Smj
z<Q|b!K@qr2wbyyzSlJoO*=lsVbO%j8Bs_7$5ovy-==pR_l5q;C9t*LR8G$tUcaH@J
zA8tsH_j2YiN4`-5_&M4a)ZUjVDc(A4l;o)K5R*3mv5J3StQHv&Qm(W6qWFM0B444!
zSKa`HxI}M1><%JQ$uBcsypQ~75S*iMQ(pTNI%vw74{M^w3oDv?oQ1iQvU-$13qAiy
zQ=oYKp6Zeaws&8d!6-lyCsEZnZp9;!S364Ma8_t&_EH*$%G@PC@mK9a$&win@`@b|
z*!y~BLaRTaAw~<g+Hu7QiT3I~5vVf`>)JeJ*bL`()KJzMUpA7o+!^A{*@6e2lr4OH
z#vAU_a0R&!heRy;X|6{#5D0?HC$J{Blki1LLAoD#(@bnU+;c`Co4(INd|>W7PllJB
zr|?5*9JzQm8sQ}5kOia4P4yw-@Df(l-Q5P1)ar+k3&Lo19n|Ogv%&0$a=+gI=iqsK
zmm2OLkZ$@-(h1sdm(%w!gwS>|HDd#ExZ8!FW@Emz0`2UV3fuWxpm+9s*{M8G9emMW
zV9c*oEDs;an-_fu-He2$pN-#XFvMv%URFl4wGy=Bs2oKo8uG^z#jUgV@ayUae5<($
zt5)N8&y9I3+)^6D<VN#goHGxxImg*EnNO&um{zS%=aylTOSjBl_OwZ%8K3#tg_hmE
z5Z>z2W*{X;KDKM4VM~;tyb%C89WE(Co2#iN_B_mt`w$fjxkBS>P^J;J;%mv`aqA%_
z0i4(st(4R8oR=B`3u&z`H&syn8+jl^%jWm~5D6yf0XWn6jvzfxef;jq_)$&&%3M8=
zVuyNRr#=^LFL`7scd2lK^cyfeyG+64?WNJHO{xHb&=VL}H+4?}MJ^EhPr%C!;`)yl
z&J=wL>Z;TU9>(W*3BQ|8)%3M`ytAxRua5`|H@{(qIFdPC3u<V?O&2x4F1Q%zBKSMy
z(vq1p<1?!=>h=lH(iHf}O+of1W@03Ix-R=(rX1LCDP%C}!CAL1{U%>T#Fxxk3KB(F
z))D<SH6)?I6OM;{##TlNr*ONx2j}Jn$s8VyiV}}&tj|Tq!}9PG!%bkEcaHOF8z9qp
zjNaqD_}OU>6$*uF@(hD-KyK3g8iol;4`;I0Q6HhQkl7Y-nR0Qa>hjFV09hmoJ1dVi
z8sl&NF@WSvG!kGh3cki0ZidOL7BdWyL2~gN!Da2NVZC@iSB)<&14oc2(H^OJpa6pk
z1^kSY&D;$a<+2k@M%E*%A}7ZV4P)#r6BoX7<jjOFfuVyM)CqV!CuQWQFTi(yn%d>1
z8<xlHa)F*+Wdc-Y%pMPJvwJ;w)ecy!1-rb~o{VPCP9KsIB~!PplM7!MxsL@;b-LA@
zm+#yGy=+L{fgWvoZ?1&)cFE4Lwoi$$1k&T4VSs4^f|6F5HZ72iwfe&GE<2y?k$V3n
zine?qv8*Q8F}k{S<l=J|UHMic;#q*~a_3D|Lm1c|aw$`+Ij?ih*@)=(Z7Hj~>zz_t
zwnh5g)&WZY{sjC6@>`G7Idi)<=iRQ=T>?x5=zOjtF48KHv$&BW{{1E-1S8R-;`!Hc
z`=)?%VVMd*ItwA4lQutJ3vizq$*z9V-ZepapnGf*%71Be^!wQM)!hUwaaSKBYk(L{
zK4IV7v=EEIdDk!>nyIxjRkD<Ocam(Jszq1PZmT^3+bdfu^<nlu6`aRkImZgde>Jin
zqNgMN`h5~EKQ(Y<r`w(q$@u$ilTFjlw&1|q0le)EVF|HiHJ35-J-wZ3uTo>NiX`VY
z2W;B*bB?r<_x@hBT8-wN0c)KRNB)3@mRm`T_=%Jm9FO<hhBF)=<6^}7@iyoRM#N?M
zOw)B|ZtYv@Fz2P<?>2s6!(A2bZ?%Vs$jkvg>!>TTsT;j%n-wdY$cL<*W`M;-jRgI1
zOnm9f=IqFep?jp#!!#f1vYh_z4}y;-i46^!+J9-9kNEX<+nqlne;MhORyGlNY}FjA
zt%x7lr^LfEb{Lr7iz+nlbE98SS_m8FrAJU5Bri`SW``G4z-kXB)oN;LYn^+m>+Iom
z+u&EJlADkb1boBHWn`v^7`kr&2hp6z)X(%Noe$qPD*n5Y**I2GZTn;TbXG<!Tg(#8
z=f2R~HhO-NGD3e+7`wXjOmCbraxk%X0(XXuOmnj*IyT#Jtv8JLr!|Z@ZC<^920f~3
zIDLWdQqZPk%4G2@2Vf%2Li!~sE5)g5cCLc(QE&Jscp134ndN?qW#y-8G%axB7*j^1
zi%*p(bH)>Fh|H=xu$)UM0CVH=z)9}Zcy%6!<fdr&xQITcT-jv#+70Y8gA`P%aT2a=
z_AeqOjngq5Rv+L#fNP6zx!yYpkNBB}#LICwbrI{IjZV}-ESxfdB~%Mop<7uVW<l|f
z3bB$+AyP;bXl!JEDbSq_WLJ8RZ3nuA`qk;2XBg|yZ!_cO7hAV+j&@Gyw$q9zQTLxC
zQ2N8rK-S;@r(D`Cx>=?9+_E{V>Tc6ne#o|aX>X6L?QA})tTX&x<0<v0f5V`;_o9O8
zEL|?p%KC5{HRYytkTW)wsyCNeT6PK<Ft$Bsp+i%VA5|x+GKL+FJR&sT${VeA*`n!?
zi%JLy=d>hE>}rJE^*J)%MtDYYy^sg`$*1Qj6xng~VLZa+drUtXE*{#r;g+wvzVbYs
z7Z98QT-wdKN}9K)gn%jKpiA;2k@qmtuw&bOaR-s#KP7&=4tgWhGx^+k7!{z}*nC&C
zt$A8BdwQ<*a~|f{l>~3t&oYIfa9;(?F@4CD!)OM<wo$+cnd@B7()?U$<FV*=vN12@
z(wlF8dV4Gp=pIn%FT72W2FKn`&$*;gxBTO-_s2%7U+O(@`K`7PdtIGLd`&FTLcSJ1
zH&&CtJbe!VP%<BPnZK$5jBQ7zDd;VTSVXqlX3qANg-i|LNqoar>hy2u&k)<W3gvC@
zSzlIb<T$`P8$*ZFIG&G!e8F#1^|<WpNBASBhpmU>dV&hP>RC-iZK*Z6xUOFXZRRW3
zsukUvhv(H>7pp+u&)7(9UvWLP_(Ut{x+|CD{x(eep0ueTyB;7;g#h=utEvJB_tLfD
zGZ%6yMElj>PYX|$qp3{?ZdP<wcm%R+Gu*drLQ9P!(1Ob~+ZzP7HQ)4?Ob8m?aIqMz
z=$*<m*cjtY9zgD6+qhRY88U3&r(2?POwYTY5zWL>ba^FLB?j99*v@T9?SqA#^XwM?
zCFG$`?L+S@wjUT^v;nzQ$nbmBJ0CkLM4Q(`Vfu)QWgT()K>%_-MkfFOSAd^wa0X)B
zNk~mOQ8M`&J$-z9E1|^$Ibk)IKRZP-0H-yrO$)TRl<<#;zy7({yn4gPY^CjjobmJ|
zgUUJf8w3?HS3SiO-sh)4mQMZY;a#(B=o9CD@rsvwnTcB9XR`NFTHk;X<-xCdW9_M7
zi1xHRtO1T>*kK*T<}vpO9GPVYGbW2wmUGGtUofUp`8_mgH7IF+cE)kXO<79qIy2A|
z6z$sFiU_2>6TBhlC@CHf54lihDymf;8G2cce`L}kEHV$=#LR~_!sLA()80wBa!+<g
z{;Kfz$iuTFgdy|JsQ*Cf+rC}BAEvuCkr4J4U9_zDCIn!Nm6t{$+&rohVO~jbb$LDN
zdP^^y(xkhrr8YtV5fO62x2!#(<6x96R0o3d6lZ7bU-`~~PAIHzuWfey#EQBv++13?
z4?ERAJfJnwkGepha^xj{Z>$Lgg*Cs=dEGQ7&Exn!r~HbDHS5762T=6PD?jff(Zp?b
zo&OR_PVD>Cnnr`Ks;Vc}w(a&uZ5nQoc))j-{h*~-WV}~r1o}fjghDe$%qM4$LS<|@
z5~D=n-H0Yc9N3vBs$BtS_R0*{XHV`%i@DbSUgEY(q<)_<{{JV}{eMO6`(KY`$yjz1
zXmL+0@c1=z1Hr-en(uru|K~zo%>XwQw4J)g_{voLOKv<qB()cEzPkU<_5VeN?43D)
z;Er;WCmEk9-I1#7_K~Fq8$-(}0Bv1;S8uw6$^Rrhpp~++EAswX9tm*EPw`I*b|LuV
zi-1t$noIgMx8)BExDVXg4eIi(bi_n8q;GWNnLE(lv+_<nCkH_Qckgf`P2hwIkdmrN
zDcT|9u-W(CnuU>>`fyj5vwSHdrawytKxbX7T@Sj`d%=uE<?Z^@+cCcCFLnXofR?2=
zQ+Z95gX8}CMdW^L2id*96XL{;J!3z}b!>~U++;9}xwUeIwDEUcrUK-tZrrtc!zCdc
z86vwk2Nkkuc_4``?(ib_YpYOC%1WY^JU{B%h_0rh^DF^oQnUIbB7@Op&iC8sr7<RQ
zm{>UQ_-^z7UPokVb1>_0I_f*1*Q+U?+T@3*boU*dS}fbJ9M=cyMT$4LT8k_~kL1%U
zH0%J-?&4?@-B7O5JL%0?7uQK_63>goze!Dvbg{ok^Ei!|62G{APucu_D3(M24P#WQ
zec#i}#?4e@`gsPucZ~LO-i0`tbHTDXk2e~-IPZhV2%_htZD%%jh@a_hgpTsFPrTi}
zg=*E6jlamlkm~FHpt$+l_E-|_`?~||=vJ{(K6k2cB*I(Itl4+YmZ>o+*wl1xTR6G~
zJo-_>{Ep?4bW4lnLz7*+0qyZ!29$lRGScIW`~3px3VE1bmOZf>5+431@a7t<N`VAu
z6#n$E<ZNXLvS+94p!+^lKcKujtgP)B9eWoI)yLq1?Tuk<(jBf)hI6Ryi2q1rZ`F>0
zxZM_E%EO&J@nk-JHByNNDU~$hedA@6hY7iBaez;0jn(_4?F4-qr?byH$1ELlbQz&6
zcVW==ClbV$2MYY*kc*4KoZK}(t9s`pp(pGY(vwePw!i-lPrVcJ<$*rtfIa$Gq<T$+
zr3i#i50O0p!JTb&YV!5ir&)4AMTDs_oG6g^HRDg_l!n0UvJTn$BNE}&u83|@da-dK
zU?fuZNGWB*UE@rtSLyCZ-<6W|xu3Y3+{UGcNSQ5&`dVf|v#ggHWjTf8!IoEhc28RZ
zkm9fbM5I>ZdskZ@(IV+6#P)k@O3|F8#BLVsyNy4o3A<+|GC9e)WZ$%EZbe0X&-uw|
z@$LMQwku~w7b+Js?8by#^1os=B)3d0r)~q9W{~a)XQ{U25UW8iuNaOMzgPm)!oLUK
z9~81}`#H6UA(7gxZ}x36D7WGkWjuTdwXB`S;v4dw9YEg0+_hyW5~Z7)Eh{^Q7x7(0
zveg(ZH3=9@)zn0=8RGI5&ilgNyA$m*04rp@zLn!Vn*^#E#6)e@ro7y*QSCK7HJQ*7
z@76!k+9Z>TCGvdOm1o+g)ql;p;zz86$wD&F2kj~e1sDuC9GK7wV4uq;uY8yn^f(;|
zY;-mu=V&<pv9_df;V{}|C!DTo_gxF{8tpx~=WgsnU7#o5M;r3+zqcc5cl+U7VRE2Y
z)a`n7DQs%w<R^O5lJw$=_K8R*0^M@S|1~j|v*J5?3bCcg?CP(_ik|j}=0)JBSHh>F
zS#$QlA|vMEVW*1^Ab`8|2HZ)hYeU6RMsJ0r<Lie(i8q&Qogv%!M=f730=cWl54?#3
z5T8Wu172W#i32^kS=%7QrW^n3|ILGJ)g71nPmwQ1lJ95$AHRCwE6k*DnV{y{86?g@
z(g?aMoq0H-zNd=$H1aQB`@hYY{%8C*;9t2fFh5nntbX@xZ~XQhGHe-eYCu6i^<gjj
zA+?8=Hoj0m$W;+|kOf?B#3`i$8Ar&Ae=?1%oCqtewjKUwMBp<Xf&70HaXll}RRJQd
zc5C=<(uRjD_WeWqFy{+ZWMr>qBbF2MPl|HlQpT}eW!Ym>04xu*3NyJyK|7P&H&v62
zG=u^;d^4wq*J#gGU)D$P`hE<=MBE{B7oJ3PH|T7!0=W4G-NY#Y1d)&6s({<T{ahaq
znm56$x6b?ah36r#(p_wX;=QoJorX#7PoZM~D(5LMd^MHQ<6v)Wz(w}*VpV_^tP{&y
zL?&lZa0w>xb;|i5v62#Hhyb_ImXLDkzHehW6;9Pi4H^#abN;By$az4B9!EO^tbbuZ
zFkeFMCq*E&B)C6u(=swrG0{~!qdCcZ@DA34852BbF@QT7?qpvDQ7zx>;^nU8^k&3C
z?U!)8q7N8OuUX)=Q8pjaq!Tpc4tEyX(f8>ws~C{>!(k=USeQbbqa+qgUHK!PgPB%k
zP}UjiJ3{ju#GeA}k)m9ZOLn)f(2KYL@yqPCD{IHu_KZNTRi1AJ#3!4(4h!IJaQ>z=
z75J_ja8)^jJptZ0tfS;K45jo@m754xhie0`#liZO$L?Hc8F0gG8@*#Wn852~*0(Cu
zswi||P29t|G4c0VKY<3;#USoW&T5;E-GDE;1^R>l9+4^6+vG^$ZbUbaunLRs`;MQd
zg><vIFAmJcGie?b1{sKlGd>q-@i;1Bl)%XosHBa0!a~^-dEjU!9+cZ#r;I6w!dV|0
z+9yhSxh|ef{A_OOl{FJ2F&HuED5b?IZHu6mFiiV05RQBYZRev@VI-i(p4I?%^D<uI
z_TZ?6(akv!mlQtE=BpsP%OliB7LhaZ&WwypT?cS*XWk0IKfU7IVL3x0jtkPMofv%=
zm(il0nBKJgB#R}am&qfEc9`%)NJT>i9;Zc&;TTV0yLkD0ni~AKQbZ@Fr~|b3;LC~(
zP%-b5T#}ynXS#QG@*K>F?<D5Wq5Z(F|L)0Z3Q#!oW?ERV4zvLc%iTa-lJUM=uSjez
zzn6!YQe=zdc0^48MM@a3)L8MpHlp}6^^y2}Aa0Zb3|{@}5+s+Y&3JreEo-Wa$agEV
zzsB64XsV0FFP4=9!{&$t4ml?`TxEU2a{(*LSGT^N!QHWM!kgY(k6yuVEM_7#T0I;M
z5II*~trzz<E~|C~a1GdwS<@TMjE%EJjG&#G$_;P)#^&~M$<qS1yXifwfhfU*XhvB-
zu%E&Gg&zv1U6$gqJ(q--)T5F?cCgi>g$>iHEUU=RBw$T?{te9agyo_`E&~#iFx@yI
zD{1bvHADc1&pw}onA5APB-;Gd8<R&zxMu{KI-2`pnNYv^sgVIBNUmN^f~nnBO-^V@
z6maqBNhu4Q6AzpE-sg~1wqZ}oTr|kzW&-IoPK%&=ir+l@-R4`;=*U$5?DT<S4J|g{
zi5f&n9>{Z7X!-(h3>N5MKd;lKl0bs9kq=mOPX`bgdw^F0a0+|>3>*R?*=u{s)Eei2
zyC2Tg*47dg%p_hpKf{g258$sV|7iMG{;gTK=h!^*MHfBdzWv6$yOE7MXLygqsQXt9
z$`{?`Ta%UWe+Dmjt7j*{+H{)Z4ZSW>#8;^JaO(SC*{R3vQ@^5sFS=%ciG?KBdxtH9
zLt06DqD98@`58?1Ua3O~ryt1wWs22+6uY}UScPS(vYkL(31ZZ3Ss(G4iBpxQdA}&#
zG~ey_n97eC%+x=(k^3dHM@!1?G3wW-D&5LnpE&=sR6`}<#iT=elT|CH*~QK!3!GAq
zI|bCq{9G>uduU$ua0`Ij+tg3C+CW*O3W!yObz`7*gN=BhcH-TsKkcz3S0gIiz9j-c
z!#I#?phle(Y|15-py;ah#<{$1ZsEiHfhQ#PT%$vo6Ew+aIh-J#JZv7QwuDk0!|yy#
zyN27de5EbXf`P|-l`eNe7K0bvetc#YrxJL?N9pgRf8kd$D#`E@=$7)64$&kRMFz6Z
z`)YsAU$5D0u?5#W#9GbS+1;WGPu^G;&4>H8fm#(B(fknGB(}CDH~MA$*KX>keDVO&
zdp9wL$Z6OvHJLl5$e%J8OcTt4;vYR7q4-Km7?wNn=}uqFf7usNL}~&MCsV6{k-M2m
z{wxsC!y1hGI$Rszb56F^57=WL!vLZws^MqTThyZaxXM$!OKKXC-;&A6v+yJZ+zThA
z*5>)PTx|<#hc{HU0QsZ+?g}DI7~cW+M>1OvWbWv$w3;7gi$bf`N1lxMKw<bpLy}Ab
z{GFg6>{CH&w<e42xb})#Emc=?E6Eo3C+AxS32}WPj^=^FxXU+1B^Gnz9p=7=X%>Od
z&3>;-$p(NYYqSLn*|Rs>+jgxsu;$3*09x#p?+M|MquR6X?JW}N9f7m1d6<0Id9BvY
zRs}-6K1Sg3SyAZ40B^niV8}^Y2Jzx-xX!aYP=thE?u;sWsg17$zKye`0Gs#BG>}Wl
z^<AC>QZaY+@TQUL`rMwh_7!>-pcCi+0;FReVL}KxHZIz<GO|(iBxKO@0XcXH15}Ra
z*&p5o7BWEP;Z=HYW#)$u_tbZ@C;H`?%|9s%HMR>4u;%9IhiX7-fq$-jGDNP?@a}~?
zFdbZV@LF@My1W=O!@cNRLYpIy*ePOUQH#a052bla|2`PM7wg;xmQ^V_kl{5}uedz=
zpv5pan9-ZJ`j1RsuhrY@$Np(TZ)X82--HQP?54hpo9(da{FaBHT9w`66N$f&qM4Pt
zKg680V1S4hyh0tV6NK$2LSe)TC&@sK6{&!v6BVx^0JT!Kum>O~DhL36d|doL@uSqx
zUJ2kiAUGVb(LxcojozXw_o=@L#55@MZltEjBL~k!55A~bS@dgaRWONl<yez<<@GBy
z)TLWfo75+)Ip_B87-0ODa(gSDTU7PONMV|QoV5rDx%=c!sqv-{`#?Kg{cWk?63q!*
z2lU@y6}jDf!?j(&;H)hQy#8hVC5X&k-0QFpu+6=>*{dksqp@?31F6xc|F8?dKJo7w
zawbA_=~|3l%qzP+#y0B#z!9gL3imqNImU31k&89N832@}&H!fccwul4!hLif`~r2@
z{T#dl@O{I(qW&4by>i%HWzN5e?PCzY^^2MA7QG)xe{GrK_QG)<M}uAO^k1wThD_+b
zJtyM+>uo`ea=5$01H2?1P9`V6&#tEW4mBb44@rOT@$uK+Jo6gzU1fQB`Ig;#^>+Wb
z{wR;L1&tMv&qyQ1+&1Ijer&(-dSBERXwPS^2+C2Gc!1|_s^tl$A)XHZ(P@hLl{U^j
z>x*jp7RUK9Sw0U&w1j8--lvOBk11y#ba&jWY2dPjsiBtk?_MVb&JAGb8)ab=c?ltY
zb~Vz+-A?64*JtbeME#hlvpJ7XY<IRY;FjFNn)P}D#R@Yn>10LrK};3JcnL{2!92W|
zyN@^h`@}cbNsZgDe|>5DQj_3oC|#gQ!&g*|m9R(bAtrI0imX~-)~?pT)M%ohE*O}F
zxbt&ua4}6s{nYpgu49x*m}V;o?tY%ezg2zjZ762G!W;UMLLV7#GB?Y}5IqBH#O@!S
z$&4!n@8q4gICy{41T8ZzkI+UtETakoxevR+RN}kto-WtC<}BS4@(|mUoiA0iZ784b
z)A$Fr9v_?gzeL(2;OCVGo7>9desVs{2kuAUGcRu@nvI9_a3$(m-iT+s%$)v{Uzwv@
zny8l{s(K4%mF_b>^i+E!^b?giymGi9DYitXxX?n^aCPNTVZ>!`d>buhWzuOWWHE!(
zOX0I^nB6|kS~VkWw51tc8NGjREq23FAuGLgT~~nV=5fQUg*fW}(199jw}f)7R_i3P
zmKH(EbHQJ)*x@rm6Hjkq*jbMvGN+LtE!#eYV63!shR+W$GB?M-&C6+LLomnc67$>;
zxh;CJchP$GNoD4mCPT8{7^u;raULSL;-k*QD<$OKf<X0ciRHemR}T@mpXf08-8kqV
z`TGFqk`kJp5rkiF;XKKHb;~g6C3xU*@RuS?P!Bny*!k&%<OERrB?W(Q?VFH?TZRfH
zf_iN`W0h>RU*6qtlIkoXaq+O556<q00>3gcMwXHR2*t|41~K~=SF2P&GK(+vYwA>)
zAg0f}y&zUKMKzApnVVjh0Ln+{hnJZ)#c?B{H<fV8#r$Ukid?cg77vM?R%6zZi76@}
z>}nIitPR{<_V#U;Z#gvHyXEY!fqYJxA=0R(A^Q`F6~gOT2ZmGPw93k0$W4qN<-qCL
z$3^-$!%7;C`YViLmm?9vo4jiBgKk;~_NGTEkHSf#IhU@8(i-`TqwkVbRYy;hx&oXZ
zQxCgO=i3KjylEB~;L<mF1<2tp6PlMIjiPf@kkCq!j`KOj*QmgW1uL|3j!1pt%S|K0
zkQ-+&PCDjX>*vQHPvzkcGSG}|b7_Vyx3wX1xO(KWp%)#IFo&CjSKvuIYgnX4P?O-x
zDNJlOn(&3MIVq!+Z5=}tU_0d}DUcEyW*@UzWm>_Im4RiQaPkBPdNobwL$5|TdL+yu
zU)6Q7JTmb*oAQE<D%&v9DKZI$J7njzRU=@8xdS}8zoy?$TdANdjyPFw?9Z!LqVbP8
z{}=`L5$J4i4K^#-_79T_VVc};uU6~9oQ5kRF+KXdilmx`n9mQZ66-Hb>I(BGlG`57
z!DVc9klvS#{}8&zx_D*6y5kpXk?`dO%(=0A1(mHs-EtMH`qe9pgXpu${8!&zsQ#$M
z8D5!6t^y|AHkM=2N~js58l$}!?E`MzblgC}ff`%0o6{3NkU51Mii=~hlSfHnOknS6
zM#tHHq>FQBoBxlfZ?rEZtNaVOqgtb@;)h0cafU8twD8Cy<MB1^S9e;THvD~Lg%Pz?
zz0C7-f8R`NDKv3th3n9X`pEvKiymv!xbl7gThA<+B!`M011(CC22)ty@?K@W`oY!_
z8_~Fp@;0oS%;u|Sss;B?_}^%-9?vK@lYEMXh~3(1+{aTQLqk)yRQpe-fj^1ZnKa!7
z4Ryl1gBeB(UvFz>5As+X7h^+z%Oj)(+ehX-7A{ZyOZP*=G3NKmPBk?e_2F9;hnwS$
zFz`CSaB1YRhc9p19AXC_Z+@+#EF4?@a<vWux_Awvn_Y#pkOWp~leBsuT%I3>P3(FW
zxL-c);^7r$J+{7e!c5>xe7z(k=arPR$a2oBq8QHA?;P8Mov5b&b(E&D@IiSU{AC$g
zWKM?u$AVcL%f@f2*;)HofAl-nQz?|B$5tTi3-PctkPJB<1Ggoc9zADvxT*6&u&$=k
zoS_<d#kr|+K=m$*;POsvv(0SulN}AwEtsun+#dP8Qg5R2OI&fI(_cx$i>eG>%R=W(
z6YW1A^$-u6*mQiQ`BS`h{!ukxMH$1OR>RS^@?Bp7r)lq7i=W6F{8&Elc2M2dD5H~g
zVFW11e=jTcK|^cv-5{*IqL~ssJ(Q5_^RXrAW=TzW?;z~PX;^oTaWxnhYQ&IqAk)k6
zd@MFQo;0M33L9&d_AbsWvR3HX7Tuvz{o|O`H!R9%2BG2DZ;PXIb6Q<p2{0>-@bW2_
zu1aX-xO!!F#`6?u6xJ?7atMynotle$|2Cu3eXBYgC^Ma{9=Vvg#=O*@EXD>Cx71Pi
zv2Af8s|&MS^JwdzHJIaHC-7_#CN-+7#9XWtbh}ZsvurIsvg<p4WK;(RGsKw`D^TZ2
zR{Axr?_p`_<d@`}WgUP3k)iPsX2n-OYurtbeG*?m#9y-u2O(#tGhJ@iChEwwi1V`7
z9Bc%60rkJwvCkST--QPj+#Az3ak4~1$j$PwU4e$Ei~1pU>{3FDU$#SM<-Rl9H>TG%
zhUtIl4$K`)#8-CVnniYe@n4_VqLlgl-VNzKvQjOVJj3>x{M3oVSH;zqiic(I>aKjw
zT#4rcLZ2+)VZ$01(KQME$S%{Fw9Jd%@4anCVER;%H_?o0-HOS(rO~Byzj^3p^VMd8
zcvy5`fem+5tId=YB5r`F&^?shtE0Mw7}W1gh0IqBWA`?Zo8;atO>ripqGxeON-|~(
z7a*(3lbaqC55H&{u;!Kf=oJueerj%`rXjm*F-&WH5P1(9=R*Hal@bD(J;v&|tTcQp
zudlz~@0qVR^z^U*fVK+kfg(HYgFE}mWIy@==Q7_X&eHhWbw2uBAP2#K3%SlmnK;Y;
z2e;u3c1C{hrqWYZ&ClVU??6dayT7ymg(h`RCR~~deSyQvo(0*b$D%Im@*gu~S(@C5
zH?OzF#R{TFSDq`~5;C^^*&K3xL!X=85g?FR3b~pD@wHw66BSf@fnT}kolTl&X5A9}
z(%{%>ljOSA^So;!rB7ltZMtpx3v}he+3C(p=@vFfQaMrZOvD4Ao6sZ7GS64dA2lhp
zDOnK>;AW;;fD&4!tmdqVC{uU@BmPr@$(qudmBC%AFKNY`Rou|jRKIvGI$!fGH^S7`
z;Z^O_Iw{qce%T4{H@9A_4siEE8P{zV<}LIA#Y`jm54L~)hS(bExqE0>#=OX-i*WTh
zXA(vC?1j;wzaBYeEPIoHn0C^7(LfD#jQ<|MrIbfOXJ0dP^Ld}9IZg-f{p`VTb9h#A
z_qMw|opG|P*>79HOD7LwYv$roIusaaWSm!4z5aM=y%e#73}=<Jq@P9-{J=TiZHrna
zN7@I3lF~5yKMHp1Ii?cJ$``dS%PCH{7PhvlA<aj1HO1LQh1zm2!fz?s9+-k5ozHYf
zmU6vSeMhNj)l~Jg0m^<ty>w3b5b%Qy0`hL;T&`}5>C$mp$mj-8lB^fs8U#`V^&5S|
zpIyoc^9>ySySYuERX@j`8uo)QjA}TS%9;7L-`ktWbwO8Fb!nVN*~&(yjE#{0mUl)D
zwE#+-1HHUu^nN4U2<w(e@e}&Ky~5qj?RIziV7JBCvv)gpc=14BibF;f!z><D5@C`@
zXx?u#1&<xN%LWa+3I?c}6|6IIJBnEWUtS?+RQEarJ9gM;&e$AwX(%9?D*Cri{q_!Q
zu9F9-r!NUS<LF{1nng<4AOEg5Konk)_%+p57Xkc;1C!O_T2;2zp8G9LE{-$L{N=>0
z=<B{)<<oUwp99zN2ffeDQ)Z#wB$`9`d$iJEgd&m{-vaGmB``8z;JHK4;q{=LwEY5$
zWiP@shel7f@_D!!fjD<9Ed4tF73cqt*1kL*%C_%YuhLaQU0tPUOx;omDTO4aQVCf~
zk-f!|gd!u$%#^jOvSdwYh?K-In6V5)o9$vIvJQrjWrmT4Vb<q3NB4cd_x-u<_j5h(
z^Z3W-Gsk%z=dmBZ<M;jkzDGUMt<!eA+dwl+(90c2#J}d*3(gf!OWAUxO^aA5Yoi_Y
zgDrc}SFsm!3n7#$)e-wW&RnDsG36r4IOJ4>E!1rG1~W_JJ{4Q%1S^-WL~i16!;)%Q
zk-KmtGcFdEB-p$d?k4Z_cD^X7Dqg`+d%-Ba`c1}f4@k#|cXr%$`K-TxPq<{Z?~1Vf
zhBsIsY`(^-!f)Q{x*ePLi<kAzLq1>%)9)TmR{K6Sr~iwfDD*ZSuio{%c=mQR);FoY
zu0@T*VQ{=%$uqQwEDN0Av*DWuaLZIw7g1hCUSU1b&6}N#CGRWnF?Kxq+BeksZby2G
zTYc@v;t>s22!I1qpVT+jy>}5AH}vz~5UOfrF)c5`Z4?hpNpPMDNkYBJ+W}FlK^3!9
z)^oi|)QWob?0)f?aFWTJeJ$2j7>gFh9@jkCSGJK;c>I=Ir?jI9Zu@#;4q{8D>9F&0
ztAU#n#Q8V4gle@>bbNW8UEoAq<iad|YA*N$xjT?izFR%Ce|}o`H@0$k*^TeP1H8Mh
z0|V}Qzg;fxH`45kKQ;Tlx<#Z^I-r-qtkzka^1Vl}Ek<8-7#PwX-jw0Mc%JyYC`|U(
zUn!@6Hk0lKu5J!1SN+m0Kie#Uggem1DR@4tCTKQ4S91CA%gL&vf_mxe_1oAn702AI
zRb@FLww=nuoVF7f;WHm*w1Iw#zKp;FVW*~9un)JJ%`uxi{nlXqEGz#SIl9Px3Y%CW
z<6{`p%@}Mj!rX#4!Xkw8lt+&l^3sCO=}iDpn<-`IaoE+qt6wl|%R5DzuW8+dk96UJ
zEP|oadfBcMn8)dD>(gtmI1b(J*hU(<P`Q?|I@4-`6E=lc-&Yiw=gqEOYOn7X%@GEM
z)rgxeUOD=d<77L*ksL!>vVM=S*L-c9$2plN`m&KLm;>Mxm7Q&x*^Ff<RX))@&ywQJ
z<7ROyZTT&<Qy&=vU)awBVsS^Hj(279t7>-oBOAOY@&;v$$mQC8&NtU{Eqi5Jll4Tg
z1my|N8-Eo)i(tphv#b>oS!3(DBMUb!m8GlTAjSxDCe^4n$WE1hOmELiigxb6o~EYz
zk6kU2NK2w&Dr@zXYAwau6R@MfeoJ!)Cd)%4olCuKU1x5&W!|f{>&g2K)`i;E))e;5
zz{$#ELe6K@DW%;D0u1pF_v+47dHZUZ4n8+R+&XWH?XABMmLdQ3PH_jFRkXR9WACFo
zw}50fXNRFut?cNLS7kc<tH^^wqXgcEuDEjT3s?>5f~qIBoq%7mN1{5Iu|^=g@M5-P
zSN<E_ijsxI3{0t)^X7Tf{yq6%P^HSx;Q%L%SNDyE3vpi5WfeJozHbt!QWkQYR8`bi
zJ4gt&bvuVB_~RaWGXlBVQJ>9|RIe1{iCH-m9=~g||6D~14r39_bjY0$tN}9vxLr2h
zF+iyLcN_UHblbQEq4E4npJMN4s1LGRd;p{IqIB&V-D87bU#i!!05k#3<~L(EfD1MG
z<%zM|sT+pLE4>&_&cB%Z_l8acTG~}AJd5^@W3EH&Iz+&ZopRFMHtH-RrCoLN3%z^%
zkrv#?VRVbulLq%9bk*zWqB3n~mrB_EH^#_d9qx!@=L%#Fm1X(8_wruT^ACu|$bEzB
zV(B5S9<#Zxa_2|5uQu~3%3Jny9nq{J<y#|_mgYkwS5E7T&ZTt*L<ThVB#+Gnk%9|%
zN*}o#6RNh+*Nbjq0N)F%L0+qEr+}$;di9<vO{Ly762}-j*g5;s*OUk5apU~8qc~qO
zKC#9Jhm|a=+XNdRI{`|MkrUjg%e!>3$lX_$GttDNg|hoBr;leU@Y8^RlYWOzw&=Ya
zLVY!-5D(}WpT23UunUU1zX2UBlZD+$1F9VM-_qkZaT#S52NSXCE$?V)9{>h;ivu_u
z^imHBY!!yqHFf6ikm!Fy=HXwdFPvmt=&4$6CvF*6EaSeDuifs#|0@4e2I60z{$G;C
z`zt`}|2IPWS6)O2IuO%g2r(vnMpZ1LCZXC5x+FVVDIv!=&U9aDqO|-zu)j%|UlW70
z?YVFJrhw|5!??XMV*ZQu+)%jOt|H*1lsNPdasj58&<-pTLEy=`<N!a2p8T)s9Xc<*
zt`#G@I*|J@vDw}Z=sctwCqwE!64wdHKk~%x!z@|g@9pi1MY*4N_;F2d>V+;m(!|oz
z<DDP$A&8Sj=r5@mNx*6}Ey<r~Asl2QfU7Jm0hq(hOk)*Qi<mPm?ZJUlW1eX!QN+>b
z7a)>&9)N@zZS;|x{IH~lr-0ig_u!@4NGjR)#h#D9qe{jMw9r><9*#%ldc3M-wKY!4
zxxbwKG}9AIV{U>;ko2E9LYYJX|8Ha05hN~S-*0YLMGstor{qIerG^}!61+rrRiDQ|
z6mr^c&rn+D)Wza?Rn9^uvg4_6kxwDUCNGY;SCjD>6+^DD#mpo=$-la!c#oftno~nx
z;z+>_{Jsk8nv}W(D&_Tki}ht^Q~4+^t#3&AdJD5!RG@fgv>}8fpy{NxwX7g(Kurd*
zhHvIy(^x5Q(J~lov9;;OtZei(dG53+>Kxt}>9wAfG@xl|X3|ZcK0%I}93k`<s4bad
zqVLRL<KG!8{6VKQe`w*6)Pz+ekE5C&nGcv<oJ`BuX7<al3}H$Xuf6PX-w~bZ*Gb94
z_TI%h=%m!|y9Gh~;R0SZR)2b2dZaxE;h<<XE_)Y(^0Tf0JPn^5YjCS*XJiMm(}_+_
zN=|^ss%5*pzk93m=<JhKx1|NA((dM+w=JZyn9L`rXiKw&@Pt27*7}_wD$1br*EiOV
z$`~@IY9r^{N8^25a%9GIxV+aJxcbPxV<%Rxt`QOyvUR|K%Q^tQbsp0o+q7g>vfscV
zzC&QY8JsSkhI=C1(q#l8ZWD{~Oc@PYNY(bz-YfFl9}NXqLPyZ0)$ra8TQRy7l@+HI
zbriYbz6aXQo~cI_4C5f@chn9*zpa6J4F`9bcjl`rwzUP@3R~_66Eha;zWouR`}L;-
zp}lgFiaEA=vqA-Z_SO6yR)9a#`(f*h?jb(qY-7BEyZ^Y)Rzt(TZIx$6s}#_Z+`}q4
z+I_|6Cdm7pp9g>W{w_#$GAoZ?2=ULvdX4i)<^w4{pCQ~Ptn*ihoj%=tD@&Gsl6USL
zKAHzYhpBYWj_^B~cV}6leka>#WlADi#8=)cH>@-#TQSHxXyV*+qeKPndw*79U$OH9
z-T&Qyu~lUsPV)Bzk;ds_h`gcziPiyin^rvIvdzPKfmk935F`MtKe4wgr#Eh`*07TH
zGZKUl5TF>VWq1J!oe}dMxA*STyIczAhp2j~{=`V*K#t~<Ju?T=s!Mjw1Q=jR7Sa<(
zv{VoJ!V`-k@ZOv$(%UIfEBTofs3=wINR20D%@umj`%BH1hW%0?V-UE|;0kf<(CXRh
zy+g^Ho<JC1k6I0?=66QF%o5}C@y3#ZuC`NY>k2#eLyH4dCm~#fT#W`Yg7NMV!UMFd
zRk&GTi&;ZU^f8Cur9`J!iW32S8AJ}uR#`nw9CPsbKXHw%r<!E$GO91bf;F7jDS-x9
z5FH>;MG(7P#~SpSk~qVim50eYy@&!-Wjsm!hi%G$R!HH%)5HUX9^dmg&OQvC-p4M{
zQ_v~VMvak5bDNKLF-z#49~gotg3Z$t$%(1uD#8UnaQedqBr}ND90cFbx=o$GDRMG)
zcb#+}+hU85fhj}FZ5d2jxJvcVo>@g`0$W1C5v!Vd*_rnNm^p?&Y&V!UWr`sd<w!<!
zek5(1V#E)IE5vFm;!u8FSWEbqW&Ru4C7dALRMom$Pwxv|O#sgD4-5T6PHo0V=MpuQ
zJ-iV_wGRJXh)z@AwiY{Dt@x<MqqyhNHRC{pXS5I;ip$TbX>n}GcLF#e^NhNj-?maG
z?(Oao#l7cYlTHl`O!4g|S%l-Ufsb1d6PyL{zV{knQ1R1i1YY=A8#kEzbM2dOX|h}-
zqv(;sr1rM)L+esg-Q=~8fp`Fof}(>J?Fj3^JTrI04)a4FQhiA=D<^@dUKf1-$}xfq
zEn0*YP+73?=1!xrx!71Etyju1Lp|Ohim#Je!Ub_tlp|+)5M}gL!mR#j)-y5!g1(Mz
zT5htqsP4s0KkiNhvV4=8ZTmBKRQtidSUbIvPf)u*@WCkLV*Jb_Kw5AHYrz^xIc?8t
z8!?Ks+IG3U1kvDUK+_o7#EgTmGOL#`BhlXlYRUOjgo126Z3CBA<Ci{oa0qeWb&;B&
z2?SLY;#;e-F*qOAjPYT$G(!w+Rw$kz7c1K7+XI!^zCOW}%qTQ26Y!Yx3W}N2?=fWb
z1ihdA{8={nO^xu*PI2kY!KeomN^+<&ZXk)_GuqnnqBd@@G2~S?#>y1ywG@+(v90mU
zx05C*1837sVMR`AKm6X3>8&+!L|XNeKs!_15@0|y`oLlb8yya^<&yhjKDDG;nx5uh
z=H~Df0~;Y?)D38_b6O*42B_ke;Eb0Bc>m(iF^v8RvcfM0Z9ls3f4G#d(O2l>NHJDR
zt{8AHs~VUA!Of{Tam=F^mqxBKqR=R8)4mj<Q}qE&|L!{;_2A(0_qH#))&N{w+cUxX
z`=_d2;w}6?%72{!HU%WR3*?Z%{<Zn19nhOf+rfqd&EDt1Q~8jE_kZbuY0d~EyW|9r
zs_%bN{u(i=c0jNd8IFn<?Tl$h_b$H=6n(uL>U?A2f;|2JQrubpkO1rd?n`U}G6Uex
z!GBSgysRA6&a}nk$w1bvgv4b=-`6;Q(3lcEN5qipe@F57&rLfdvu8(UW~R7-wii~k
zgVFatP*wi<jY^lLt;^-Rfn&17E473tGITV3E>K+MW5F;4*L<mZ`KvX{zcmB<88eX`
zJv#9@C!u9*^j##-aRYi>m!!(oZ=@YkEg)18o_6?Vdcg!=tSy_u<qV%zK>Gr9Ps(wP
zNA|nC8-_6KbaFe_l2!62rXG&?9?0OH{J04Mjr+a-q2IRnh@=y@*HaJ5>E`rP^JVKA
z21Zi*uQ1wxvVs1_6k?52dq+oF@lh3p*~)+gb|Vl@4s;zi)DsAUwgPD_6^cb8I}O#I
z2CTX|14wV~X9#g-^1I2J5<IZHGLm}(jjy%n>ij*9xV${|mD|EHs$27x{%9j!GoQJy
zS4h!N-gr<&PjvNsuT4PnEyA9q5!4#DR^qZv_`6$IS9Vj_S#p0O*uUy(?t^bR$OuY-
zn6NI1U-{!ae$3$)0Vl%tj)c{WqT=>V0J`ou!tnf^N{&SOUcZp%@yhK`$xTJ3o<`(i
zWw3l9oO_YArpe`q=IR6>E?u!2iexg&CO=KSnZ0uyE1eS9e1@=dNjeD8gEalNSoRyD
z{rEk_?PnXUe52VlMPmRNF&xMnAM;dgz5ZaJcSjDZt(mQ6AGc~muFQw`=@?P124nxp
za;&EQgRzQJLs8eK6Ib=l(&oZkUp*W&Gz-#0@ykZd&`y=-i1g-?OZPN@fqKCXL)P8&
z%Af2L*hKR|?ov~Z3*xCdKTQc!>R_umFSdGw6E=<Uzkm0up1wO>5k|11`nR-Jr<P?3
zDW&Lp=$j|;2ZeaEWF#AQl(pc|BHc%P`G!hY<-Nu510Gr{w-f!(w7IlXzO5=SqUmj9
zJ76ELMCG8;5M!3gCVhdf_kImE>>>+;(bX+j2NDc~I#+liN+_c_VP_W`zO9rz(_q*^
z&AMtmej<jl_qEHk;l&3L%-Z+8b3vW~Rh0bawfVeDJl93XY?8VN-Q;T-gF><!*Eo&y
zrJX~7NMSeB#9lx;mR})-Wj>I<5Zs{c=rz=y#ftnmpq0Dh_JoPFLAC2$)9|*m$3l{=
z1>^D+Zt@11JcSv)#FjOJm!4aR(^bHPyVAB$;$YNSl#2I>kGIohdkr)MdZm+4ZO-jF
z$&7Y^%p&dZ=KUTjEF7jTENHllIdgdXc)<Q!!Ix8uO3k!94i&pa*9d;2wA`O*CV;qS
zyqVF^jP9NNIrk~vrT)OWJQg=Tc8hiu5&ga}iu7IjRFhH(^174GmbHD^!v=?yx@+%F
zU}k_~_+gE$Ue*A1U0a#}klA9o?fWB*d!4p$r0lpsn*_DY(DS^h1Ok!1;B8&5HF$el
z_ee3yxKBZrGmMN*p%IUcQM_>l9nyq_wCiy4a3@O&(Upp>c|JS7Ra&6<Tw2?(z)Fxz
zP%JbK=S&*dzd~8CQp)HIW_oa(HeR>_7O})&9Qb3(gV;U&BVxvya*^Ch@E-o+Lv95V
z9n1z9{7b6u4)5^?uG)V*zH$9__GJJ4GsOY67X$^&nTOYJm3QVjgyyn#N0U~BKa3E5
zD9&&0aCo=l0Li>?Y{5{$W@GB~m-~;r;gwuw!P<8v-Ywog26ro2woca+Z|S8Q+ig{P
z(6yBw{d;Km(2sX7TCa5<rx*w64ZAE6bUt>s*1GcAS}M>{&Y9J@EJcI%t)5<s{tuJ_
zi;w#6(s3JGB~#@ybag(Ot7?PW&997{!u3jRVxKCcG}Av-8*eYez%Ix1>FUEhU$>bz
zPM{5J$TMePZ*1r!tMQUgyibM)IkmRkL=1evy90u22WFj|8!#XUttJ9m8Ds_A(p4?|
zMZ>`PLGyXl)!Nd>bZY9QFAlHosB|HAQ(c;6i9W#l>E%(wy-M2&RjP1c_|_!Nb;43M
z8r3HyO+;R#Ik<Z_!*MIkz(@w&CfxR-0j5qa$VN<-?tK*fZ>VQ&X;E!H=aN?xI)q$m
ztb{?Hw8&69lb<VTfN=rKeO=9CP_DpVxi$IHD)PboF$u@5{8t>&+})oP^*G}$qM{v_
z?ei%tC9?YRU{Fl_HfJAJ%L)ojCxn`AdX4kzU0THZYowy<mkQMj&a#>^_AT1}4rW5b
zAyg=?Cr3F@=5h04eeFEsQ6%NVNC{T+F;5bP;RzN>bz!d$9~f1_^e&ASKZZ9=1gAe8
z^xw}ghxLwF`UV9#M!|ouQmNN^U-8tJI95!wQJk+kP&$8zU!cu?-_Ue@;_=xldN1bf
z;5~KBgea<y7v({^{Rm1HjNn-R0aeY;;}!kr-P?+c1PTtiOOCI<+bz*9cyksj&dLjr
zQzda{llyg*1Ln<Z8tktHQ=s5+w1n=<*9~0Yh76+FPk02&0j5r8Y&NDL7S`U|oA#B;
z`ZnQpONj$Na7p%tur*fa;@6xPXUQ%}?V|_e-A(NWa~R0JP3>mmZfA@vub#1KI*v2q
z-Z5aEZcZ3QQ1>$ly`~eICM8+nQeGZ~ia{HFePTL^X;kufM4)w12z_$Ee|^M<S(%(Z
zm)`fzx2A)xyeI<1)|h;9w!ms_U)Q*l<5KrE-MPJi9k|X7m39I47OrpQxFpa0gtNSt
zS>eho{|AKXxuv&({$8)KSFtz`oFaSYV56cvv8ytE5mf&vfKAs3#`^3m>0d(L8fYB?
ziUkGAz{cd!R-obj0HTy|bDV?%&U>bx99n;Dstic`=(_5Dq{)mxO!<CEu{CG8*C@CL
zPP&naXe&1q9tM;%$XX3FLd<OS+1t7_r+mPnt8}9lYS+_ml3;j2((-?1?cra>!Wx^t
zwrbzTfza;I`CRtt=G|_>D3>B!Cy@L8CQN{w7gmrXXNuKxAdRewN1{&4&Ig!?9Dd;6
z)T1Y_l3fNh4`L_76jk)Px_3AUJZk0<nd>?sbL;}7q&ooPJ&WYKsZJNF>+_nPH3H@2
zK3<KAhErlBaqpN@q}vk^;N1l#r-Z~#=tw^R3%T7?#4t0gWdcdeJ_;^4JS=VYj*_m`
z18>NE^#N=YxihgSuj5@;ZMg%<{Ow<=sc`8<lNOM8?<sPffIN3FKcfS4ezQ;HH#XTO
z!L8au_i3$|=T^75{MrO&jEL5b$tD|B#U{C$gp)%C9245(Z1?(e(+0s8?rGd;pkny6
z>W;1494!zGl_r|n!7|XD1Ge<#M|}s_aAB*Hr>vkRVXJ}KORs{zc|FpytHr}ZT*rR^
zK4u(~|GkMy0EIbL4ho~1+2K2Pl`{K;R)C+Id@Rj*GPejHugYW0HdKOVitmGGCIyd3
z(DRa@YX8(6Sk~URKc(;9G13s%>?@#%d+@R~bd344&V<ZENIpg#YNlr&wE!<L7jFY1
zGDN_3oCDUON($5~tyj~&;62aVsd+u3il|0%l^c=+v~2kxiF$L{W&~GelvzN@zHj}#
zFSx<Hf4m0ofg3ge-LMQMN%l;Kj$;y+!7U5m-@ji)LcG=>JIQ43gcy+$o*$DT%X0g_
zMg9F1pQpHr|9BDQzql!ABnIF%&?oI-f<l*MCq&C~?&V0t2k{YMd*{;*v8~=Oue6l6
z&BFrnVa7W<PA+pC^_I&ELjeshkRXx2!2gA^oEGyl?SJY&<~3pYCQJEPuIjR>Z?kz(
z^v-2bdbu`*XznXapZWJ?<6re-#&YAJzwSoAYi0NX%VFsL>X{%D0T^o%hwQCExTAy)
zhmOJAP=Vo0rhq>}BI}8Q5;we<_Y$*z9|y$~CGecN;URH=NrR||(gTf*j4&#*aVpWn
zA&=)J#lN+76;t664(U^V6zAc%4)iaU0+T5~xRJPAt$mb@nKW}Tm969KVaSQg3|&Ow
zDlRYN!EF+^I3zrhC~h0-O&J*hvSV*HqM55)k*1qZ2l?Cs+<4z*X{l!*l=}bmw)d}G
zQ8+)lhe2+B8ThURkxJ)TJMn?UtaHp;TY-Izuwia$Ui1wu9KoP+&NnEEEQDj;4mSdL
z^PQoEO$aqs$nvnePSBASaJd}OIdmb3bb3ORC{l-`=ititRAG!1ACVF%x}kPKO78Rh
zI`R`+45H_o<*3|1711r*kpgc)?E7av3(|r)kGW{k2}zQJvoagUUri?U&0tD)c~v#{
zkp+Qs<#NK4!k#YTH2nci(Q%&qqkwm1xqTc$B83<cwnlB9D7r9++)*Q>V(4brrfAWi
z4fmj3&6t4oj#(ZtFK)v#(F<z<MV`EngP1S+BKiz(>An#uTr6;$3GuinY}E9#<-d1Z
z)=SPcqD7+914R@e9nqmHGDow{$57$e4iOLAGII+hYQQ91bf7pt30e8>XVyCF1YBXJ
zXb*->pBEHrFTKyDl4sb@6}5P~3GJ9fgiv&IcGhD~6SF)~a&1GR(DPo{Dr3f7+>sL^
z9O|q0c;5WVj!+>3lR~U`0(KM$)lNb-+3%yXi=sK}9B?~W+xt*PMJ$EUSEOL!cQR6L
zGPRR|ZTPkzc4frNg4;4K?$<>qaW^_IG*k|9mDAfcibfpkOL@L6%;;fHLvf?!8l^`F
z+1sJzA*=Tnfw}lVf2?!^H(e}KcF!H`8q1o{t$%q?MF@9^mz1nt1qH5*cxX<f=c1t%
zi15!bO!yWd^cA76O4N>DM~DOKs5e{J2vC~4qlZFb79_>+N^4gVRb(rga!KY12RBr*
zJ}!;!&p;ykgZW)@KRX?W!<St4vV2p?s^vKj3DhuSxJDOY3&u{^?!q<WtkZYa_tBmG
zj2>z-00p>Ch>AjQTqzoQD5`0W#nyrK>0WjAFchAMXbZb#uL9G&zdUiRLB4e%II}6J
z@v}ZZ+YEV#B>Kg-()=$hp?_s*lNKQ6tr21dy+r#%@iPA(Zj)j*8Hk%>`^%YXmf`YZ
l=Z^WVDLjQ>i<0=F?O!Vg3f?U22Q`o|Ic0IO=)~o){{r+!<qZG;

literal 24462
zcmc$`by!qwyFP4yf*_$HU4kOgAu*JQfJg}_-6aSkAl*s~NOy-wD<L(6gi?caNlOYN
zoioG`zkB(-$Ge~RJKp_$d;j)6j_;o(dJN85_geRLo#%C)=X&>4MgHm)nk(ndox7^=
z_>ua#a~Jr}ojboza0&cN*7>Ry@W**ab@_+qN_y#*!C&xRNGnU9J69G-bZmkT{!VEB
zSjX|)ITG+el9ux*y8`ob=Zshs9!WoQGhF{^o%H<2+s!lF$IMCh4duF-DO^F0e7*NN
zYvScE&uzm+j;q>)UeZ0d`j(9KeE}Xm;RnAD#3aFY@7@c(%O6Y-9761JX}wi*XrkSP
zp=4JaRcqke)K%oD1;-YCl%X$}XsgaZ?><X!7&Y`<_f}cQe5%5VVvJ6Ish+YPN1km<
zHCH#CtZ)6?^by`$pVW$BEmRzL?2|ClWUh!Z*vj`k%Aafc{Pi4*Ld?fE-7!JQXFJ7q
z-k&Ppvnr@-J#s0;r<OMZKgRR+JR{<_z-Lv6sVlehTA;l|tq}7}`Oi`3uOl9{Erv<J
zWAFFY(Q2vuad-J`#e@LY8E@etoeIm?oyl8$L97bJt52h9&rWeNHbzA}lOz_>mTe&v
zbGv;~q^l#vlQ~`z=yX@ZgOg3)vml9)v(9}Did09*x@#F{s!}I{`kw1mRTh2XyWNZ#
z(WQ-z2lJs@)1I4wzNctk5)`AaSLpg}g_nv!{>1cLGn+LF5z6`wZ4|kaS)3hlSqm%$
zWZIo0Lx;tN4Ry#qqmvb_xmZ=ncbFx3?RGnD%h$IT6<7Nc)Ob3!j<>|O>uslM_{7hS
zclrA3cRD%dDu+~T)Ph(GX=;`n!+G=)KWDtQSQXMLHEejeIo%*E)p0}YBle|c6#Ekv
zL3p|n+#TbmG`{P;+aruBSCu@>d8-j~?@lIt;pka;TB+R89`@j9v}wAGJQ;h5TJBNO
z!`aZL4o0u7Z(AdJc2xxYQ$)>_GlgFceq`7WYDS6fbg(Sk{TjsRL$#X2b#_#GMstaj
zL7!u&)TrsR?RfdtQmS2h^o9Q3@roCtojE7s`%{h%o-1>q9@b}t`580}-g^Tgrft}%
z)n-xS$xxm~kp$1<ZPY@edir%Xm9Rxax4FQvWHg#3{@YZoqnT&HzSP;Slo@TW#Qs#x
zMkhyU5xvGeRfFO0hYV6aUT{$jEnDB!;_8uvDox=*N1ssx*EV!T6}l;!sm0yxU@pjP
zQWW8p4i-yYn;rWNlOWupNyraAWw7>M@?h3~?EL9YVpABskP*g@xa;>?lFR#{OetR<
zD&bdCcbqA!Zkqq*-2AfHNX5<IxmG4pwf$x0gxh5-AmYZokrD&iu6l6eO-_z5Wj(_R
zC<*VQJ?%T|L2yEXfb5y$CE>a3NXaXi-dLUE(+Qi>D(%x#+-49FcMa1<5Y~Z&fTz%V
zYO2d;9D%ZszLVbd%=IO$bGkQnobN#ccnqp|TZJ_8Rl?DY2l^-2>Zb7Z6j4XZFDrS(
zeePF8#a+`-)B={nE8X|6nMXxrp4=P-+a`-jHzYC@9(p->t|bWd;6ae6%}CM2jzFKd
zK>Z1J(%E0>-l#50E3b-4M$DRLT_r1UlT>2w>A}H5<bs3*i+lv}+5Xw-4AuJ`_R{B{
zG~0T`0>dg9Co*S7%e)SE#;7S1E9lR^!MVG2-zC8C-HYkueIjdR)`~#2?MizVRBP`K
z<|>-GJvslzUfMoc-2Jte(xm9CPWv^^1$Xzu#Y7gLS9U+yJIDxzM2qqVm|~@*+MHu@
zRvypY_J$Xd`IB5u_An|O2s7>%-4)q9*okno!Ka=`y`b1Au3YvD$92!89D|MR<eN}K
zim&@eeIp=c4nZw@@y5r>sfVCheyGuvJ=Rb!<O*PIzRW@=erJsLVao{{drgj7ij(+y
zaq3Q7wwGavlFs-@M&B@E_>O|QvqJ;=)0nD|9@wbaq+We9%mJ&VO_B+PqoU4oQ3`BT
z(^?Ze`vY4EFJSg^j60=Hba4FS`R%+#YsLWBMzq3yvAq!ivrP-)Y84!ufkerE{6zCJ
zau(w$HkqGm{%;<BRnSlfpv#L^AG5amNvFk^HmsqU;6cnEGu%Ldn=~~VSJLx(S!jqJ
z){#c^iZx)WgVnBFxTGPDCn%@L{bj9O8{HYtp+_e#?@v4!*Y`m-)U>}NKmMsW<1(Lc
zTSApoAW9J4dY4#3rZV<@oSaG0(yd=)!-EpA_2MrQeeUX-$SSlzco>CzAgjWUZ_XK|
z!%{aHg(q*4@>{=L2HWvvS-pTC@wWh`p@}c1Njq5;FK}M>im0BZked(g4K|%jHnsIf
zt8!$yNe=dWZaT%3+E}cZoY7q#da_KXA&i@4V8SLcnt86i>T}G9i!a{y$|L`X%wSYd
zA8oszQEED)ZRajvyUi2}Q-%FF{>fE%eI`X3Q7yGgDU~iZByTM$T+Kh<TwW=W?#*DH
z^wM<l2K3Dj^pZAA3{HitZuFt3U!;-Ct3@^4PI1{0<;>6Y@qkl*3xExEsO$Dx5qCwu
z(wFmGomQ7dxQ00RoX}A#e7sY#=@pM@TGwf+MUF}EA38m1s5TmMsG=}WTFRo!zPWzr
zG(F-+oJk=g|J|D>fMZ%Wed6IHckQnj-K`JZ6@8MlKBv2xqmu3krQmER%m<yW;9jh-
z8ELslst2j2T8p6`c)By};A{q!>o`^SzrCSNucgdi%R^&_4Q{Heuyb@BcINLBXn1|#
zL653p<8xkqQ2j;U2@kw6qET{yvXyrd>8QlUGd|tExLqUfuToyj)G~a-LS5c<P=W2o
zNW3*y#~a?3J;EUauK@*tb?4JV^k`=o&HZ~mCB*44oW&U)2~vUOe$N&D!!Le2<V<nt
zq-07vq^k=rB){^^WMme`)(v^{KHl&9g_aoA{Mkdme@KaYAAVYTTVZhN_tU6oR)rO%
zzc<VO`p;ENyFGS30*_-@pTCoq1IL8_@=^02-RUYn==vUX(cmoNEueGxPme!_nJUm3
zo(Suqyg<EIwYQ55zG#Bq#pl1E^S1kG!fl!#l}s}JR#We#{hK4iHnerY3Be~j2+Z;M
zWdxd)hWv<^LlE)Bv8)Q6(bOFz7OOM^;1|kYvx3i6T~2<x_7qt{u1v(=?HSLN$f|H}
zC~VCbI-zva)GPdKnO?7J<`A^a=P%Pet@E)l6|rqP!EzX|Da1_V4@x6=?dJk15tFaJ
za1|LfNfznX@~64Yzst24i1+L6h-PUix9DnS4x&@9GX!5&JSc6s_j_OtbVibvAkxSz
z%lX!KCWkwVbDvvCIJlZ>r4c)}D6GY5bzDU+j01uexvK!^wE1@*Y%jFL+*W+~&3v<A
zKcb6j(b(Mb$H(UmIS6~lwK5cvfd9)nQm<w{grm96d3D~0dYqY<qFM~}+?JI4HqD5u
zw5GM<-A_?aD;=+oD6b<0P0#)WGm64ayDfxoubUQf?V|fgLvM10EK(c57QzIY0Y;ja
zG)anPE!58*&r-_Ar@nBJ`AxN9PqF|TF`Wo6x76?V{x4bXHh5sJP#SqTBnjIYhBC=K
zs9pK^$@G9)+|531Np!P*civUb#bw$Z&FhI>t1)OGr+#?-yg6uwgeZDf{o}(9mdG$?
z9>aQ(z12}3VtSb1l+%#%T$*EV;ky6l*y_Od&5dK|U*BU}LMS+z=YkkFg2Px9-~~=m
z3Ix1~h91^6m=V1Ng73*MGN@Odu+SK@21G>#1$jwi-&0KF4nP0v>qXKq%(XZIS<u+C
z#g*WEegck5-4k&)omEo=3pFEPK3o2bl?B;U<^)`vFJ>y=VxWzntF_G3(!lpPG7`2@
zAOdf>`-I_fjHz2ki=3_z(x8FqVlxTc_};td8*=8IE8HV$wxM7P<g`DBb?^qZcylUU
z<uh=cu+DFD<>uRIb|M)PQR2EvE5r%*??+j;BuQ_Nv=wGI-UdOF<^cO<Lbl2z-4s4E
zxip^-;&Xnmof8eItas~?l1INqKFAb&&rh(T?Ml{t$<>ilcpIxcIW#=zJZeB0$u(2T
zs&Moq*Pobq@p!i{Qsapd>2^A;g-+tD2@BB~_q3p(V}$;eK-W&HHzCu-OT@v_eh(aR
z>(!%v1WEk2tSX%=Hsjbe=6f28@u`~?eJXe?2xRGEv%%hs|Kt?4%)L{1TOnrH=Tb8F
zS0)xvHuyRo$K-VKL&v<?>F1Ipfu8caks{yABKYIDK4q(2N-ho{?OTw+xqxdQ#Kf>V
zU#?$Xj8Wufzbe3KW*{&VuD8sz3qVGYhtX!!+36j-#0@3aY4;ay0F*B1ed`)=P581=
z$5DU0)3yCmXBNGOX`?g>05pQD@!}_2J%yOgxWHsCa?^geocRt(t!+bRJU(?oSwyw(
zZkpHLfc*BZN66%pm}jaCmdIzp($%E=X6<2weG>cnbOr}|L#i$9;j}F!Up8n)F`F||
z;sE%~fl42`I-appWF{Cy9_P7H%jN~(qQePCY5lc4m2{d6ubuC@-r}N4l-sIIGoG6b
z2c=gA8v)9uH}pNh@LKi1SDrwX0~{>k1xob5$^Hx@iNs$2L9)PRBkomk204pdK=q7|
z*ht$#qc;xmBE$X86rdp6e7L2G7dt{3K1a(A^v?C*DV}?KnIRZAD|4isVZ+tIO2>i;
zqZ2J}dkvn(*yiqpD|}XRQFA`&(+!@k4NNlH#^XO-XXvFY5`7sI9?#BDea;{`%}q26
zp%-MHkCtb6#~k?iL6nI{2#PJ;N!`m+@Y@o^E!M^7gIVS;qrJDjU9KXn_XOu`!~6y|
zmcaDPcBT=xK?~vAt>4*^?YwRISFXF=jctB(h5LB(uHVf?LM}Yoi8AAFel;1sp%41!
zhQbO%-^5~NqL^(ZFvA*iYZZMFaPw6C>5|G#Ct||0FCkHKdOM5YF+f`4C9hY{NP_a0
zy^2qLs`iW4uAUr0Os%dbC$DPEe1q3HCh<k9A4%%$!zhy*rXxi<RT#VvT1MXYPb(fX
z<bRHpgB_SpQyRK4BR*)Th~9qHceSyoYf}EJ8(?Rq4<0*T*C%+6mowa6Nq_zwoRH5}
zF)HiyhPe9g^Ul|7x$Ay^7(BUA#ny2nQX?j(<b&R2>V$Z2hgja#!_sl<m+aoTsR7c)
zOvJ;J@@4)n%n@YYTu+_P4~d6ep{UOF8rRb8vmz26S3iSL!P(h$69hT=Lm~~u!veMK
zP&KNF^oOL2gM2p@*Dpv_aPnw~s{lqC@`}-%;GBiVJ-qXB5>)uq5*|+aa`Hc;nPT%2
z31}g(4c9HK;aVgV5Br>h5tY-UQkXyEX#g~$j4oSnSUQ#ZFpCcN;v=WB0L6Wd4v{L*
zu0Pf}N6kr@To<gle4A@Q&L}TlJwH8?-+og`-jA4oI;@rVLyYV3AyP@$!SPj!%fpwH
zQu(wV?3o+kS=`N6hn^Q2%6ZmQ-yv0sQx+Bw=IC&%C}l1Dv@#-%h)9ekeN|^c^RCa{
zef}NWyjUWYgvrFxa(-q63;&c_&j~C2RsJwT`-}G5(`jCM8(DMd&+szJ%uwyAPM{-A
zyX|g+=SGdAPpj_ic7tc3NQ_L!?D_x^C3n~)w{GR#2>t<N#3kwt=K03=ky58))kcaj
zbvdu-&A;kJ>-6fyx)bs5x02Cmqx6aiuNSej@|J(QamB>k(O-#1S-~z+C1jEWbcRcu
z6RoF&&)jE?hXd<sXAr2cN?us3oRzw$oDqR#z|}^Ph)<=Bu#(9srr1WSM8;q?g_X`a
zWvH7^GWdhG@saaCITmqKn7^uBOyI)K@ZDBW-+ySyBo<d}^JvJgyV82-<yk7gI)(Sm
zFO|!T*U1TTb*$B*Gx&4{c;ziYf2RHeMIN}^<roUi!>8_N8l(s}n^ufrWtW#@;t*tM
zeP0OSBWs&Kh4ZiS`9C^Nz^i{YOC7gJQJI6U$9SEr8j;Q%v<m||0YKHCWBLDI#}pd#
zQ!osG9k0)v!Vh{~8^ILkSxC_X%e!6I!e8n}Wl39v$Nzy@yhD{t3y;BFd5Jfk#i=3q
z!CE@6=xq!b$gp?a2<L^GjEY7AJB`U7G?oWG(F~eU3`|)k&+5_NV5Idb2l%}GBe2BI
zDdkE71kgQR5wuADKn`{CVe3wQS(ZP`F%)MJBKK#_@}aNzttq{<)j~>&PIFW_Hbffg
z^#WSXxYU=)ct<5oyUsAx?(3WLCd-4lb7-kEckOa>1?%LJfYIh0h1h0*HlK{TK9|Cc
z_ca$+Ptzbs=ymIS^jv>D*9rtx;)_%IFgbJv=``jw#+-Uc&f{IFGspVJGd{TWx%%B+
zBHy!pUnAW{E;CfbRWN4?r5q^7$O4*w)pg22K9#Zruyh`zBQ%NfoWU7dC*QN#bT0@(
z+iXnLnhbo9ExXRaG4x#DeKCH!N^^MnP5*#nl_+<^-r&KP?V-$5!Q&yR6Acki>YG14
z|1@6~7e7PiG*3r4(={SIFE4eZX1jSiQD42T@e_YX<uk8hM&ILY6U@qwInX0#a*F<O
z?l;YAs7e8*J<WBWazF*jkV*)i&XYaLQ%=>aQ?970)}R4Z&35z%v)U3sc>PJ&GaY%c
z7qB<?ZAJpX*deiG^U3dH!t?c~og>w`fL_9T{WY~n`JY=vSr@KV`E0jQ2Bp5LE7Uuc
z&hLe8^nkTAV&J-u!j4m)5q8wb*PB@QIE;v=p7#>L>C2_kdO_!JJd~8__(V4Y!fA!u
zLp`=lyW2944mkYQ30bVI;+zkSejN|yx!mZ<kPwULn6huVI+tQoVqF&D{nKR<ZZg*#
z=wSZN!)o6m(ctD}TX|b3B`QMFS-dUcomtk;!mCAS)9AeG1wlvJnZ5X^z1Ym-9L>v8
z70UNiQ=4!<H`|@pLU&vFK4-wF4xg-QC*%mF0hqI0qkdT5sPECcvm4V(*kwiJY`-xW
zXEZKqb_hW0f}@gqBf2zvWTNFR8Ln=(S8Txpc6ePyBnt_TaGcbQGCA2<>{>Yd0AHSR
zOvCh2Xh?<0sWI55a_=qIwoX*pD2jbo%a;3Lm`!&P6(ffX!R6?~@;f4Prw=)B1`4=K
zks98!e7;IsDN5*QHHBWHK1?t<i>deSQqQLb2D`??rHQimhK$v8jgfpbPw|5Dx6PLm
zjRjS^$_85c4zk4t^_FhyIq;z)Clb-jG~bcj(c5sv$z8FI(?M+QNJjOBhXED8`D1Zz
zLmO*Gb@_O(f1Grq<|zF_xtfkKgA$Y)+*U8roi)c^WO~m(y+3L1pxpH9c>Y>QO_Jlb
zG4;%NhLK!nB%_q%9)MdL98Ds-UEdd+&U3fOhI#kjlryW@>c>`QcssnEHMQUQ&W6hJ
z_4!_VSKs~{{#-$JM2N;k{TiBD<1&dzQn9tqyf1pwY9v^+E7Qq2eeyK2#NjzIW+b@x
z{v;vr`I>yyOoq{lQm5z-k}xK2xn%~#ygQYMz42Osx_6o{QVMXPg(EuWr$SAi%gz86
zZ{79o=0mkc1YkeUR5rTx{&r$-X&hstw3_I+tE#uIP)d|%NTBFMhRHiGS`Eji?!`ca
zsCJ&`siA*ZXIZ0L$?qDGrnOk_-Q%g(U0hrlHY*FF=BcJs-I3vSD&pI%Zk&_`PHM%(
z&c8|%%gK{RdW}517n?Y&zXYHI_`T44rF<)j+1bl{Xz?HNL7kfyP)a|=Gx0JiC4D8T
zT~w@XjwGb8V`dAhcQ(Zx;pv;lRbOkD>IacG<OukzB}z#*R-dd6t;Q@I&5`<2sQ~<?
zoiH;~f7NQ$ox?L+>!j|@jo<DOgZzcrQ2B#l7^vm64%+4^GmIj@6tKc2OV#)MQWLMf
z+d*!Q*{{S<c<n(hrY)4uSzWSNb<VmyjC$K)oadz)gW;GIz4`R_oY0Gu{0#X<PB~2?
zq4cVr+}ip|L)hczZGn;oZ`6~AnTN*v<sQoD_PLwg2*@1Q@?o$R$iC?GQk**@$m!M4
zZ;C$refr!8w!{c2BNRV(@Szdn_;%8S_Ga25Jcn+vwgdTtp%=e2es7eQ(h2#A(tM{$
z@Y`ynP%dV;P13EqQB-T0=f`~QJq98-?}4m-(HpBAA9|)VVkSs>Wj!_?&>ybm9(cUm
zJnZt-3K5Aob`63plNBar67q`YA2U2<ltQyu7QOK7y|@}$iuOQPa>h|q_f<JJif$b5
zzu8%?%IH-%I=TEdfFzCSsiy08?c)iL=@92!^xbsTgy-vZQJ+am`~xbyYAb91Ea&}>
zH$>-s3%3%9d=0in$(!CUCyJll?%D2YGkSEqlWTF@&10zB&hxVF@f)IZlzx>((>yO9
zx^pjCvz~YASmse>sNk81Ub*{)*RB`;Qx&FAsm^%YvCL8KW40SZ2)fXXK}3k#o;Y#n
z{5GX|gR9^6l*6~)K9lXVH!6|6krtR<opHW?ByvK)vO8()($fg$Gp911&OW^cOmR96
zJfjXeUv|-VN=u2~hK+hRdN(SUMa-`j7VpaIg*I`>wvFQLY&CD57b&&CY>O%CBvAC}
z*q|%5ku{QBirShkY0F;M4Qsd4q7jwc_|I3kE`6r62r1Q@FxWh_S$F3cdG6KQnNa1D
zF;O8IuYmT;+(lAMcI;Q$^;@nih(#7Aq7DzwjsB{P{O4*(bo`>yTx$M`FK`kgEYQ)<
zJV>5rf$>qhep-&^iJK366Uy4s8)sr<Fz5GU!sv0T=QmSbzd5^z$lV9V9i#qDJCoPV
zcV0tRP3BWlg(VB7E}NSs%&SVmshS8RW>(MFRW?>R8i{L(=Q%31Y|FMCg^1kgC1MF$
zKFs#|+r^8%SU%*|@KSzruBD8e?yx~g!`%YIxAWEEbCFxGu2?>32^edg!HivHF#_s<
zlH;0!Y8~mkVsx>#*0v~z-pGXe%f6#$cN!WG-4*pIiTPh50o({yA>t?Ae9b&-n#_Z4
z{>sbOBpwjq^*gpVr0*TG@#jW2KCaVSH+|JYWxAkC&Wj3Z`pizu$KPUxeO`aS=ahQt
zvFI?4&%t=ha`M=(^+=9eyD}C-9GQ<%8pu7OZ7`<Dw;YVqHI#oyU%1ebNYO`#7QgC9
zIqIlFz1S&VH~6}-dW50#Mt;L@duxrxGgc|PHfL*Z8#E|TNgk|YOPiKmecok_ALeU~
z#SCc=h1y^trTNHSMrTT}Q?wJC?p!lO0k)*j^vME~`(D@XW#P1_1uS@Ge-HOeKQrMr
zJlzf(+e<{irPS0vQeJpl4omg?SLEH!Uw!xmJa(SyoO)i<ohu)YoS98%^Am=Z{-B<l
z=7UcKo5q};O@+1N2R2pKGDq^mf3E4(C*AZVKa|ZC-yeP|#rzI+e80_u`}JDnPW_44
zkBdGEtIpH<1hwCIe==#;8#~ZdrV>eyD|^#XQkr4=+TuUAKki#H{G9X&t^b<*SDxk4
z$)Tt-3Ebdw2zo9~L*?D7=#2gW0b!ajLq6=<DgV-e=u%~v$6!yR(~T+Z@7Thtm|kj)
zb8G(S6m(c`Y;-B;%CgC>h^GmoH%#_dK9xqG{dc2QRCjhY^%F;`T{c3|Ay3=BJRCd~
zHH=6Va-f5rE8*cj$2Oa{w5G`qyQ<koqG8H%nIa^;3O4A{HP_r=q@#+cO0%r4N<+QS
zxNn(%?$tCiL*D>$*vn>(?X)UqmD=${Z$}LuJz*Tux$&@f^N#SCpG$7xZKU0*<;?tQ
zj0+mB3Tn?^D;mGxo(Eqp8&><XsIaQmz+j^*+~=%25k$&$ZzG6aoMLTGQ)q-=>Fc9-
z9Jc56k7bo8nYo|Y_Th7${nGInKjcVoW*5KhbZ$8QY%wv%#3_$|Ol#Xu_DijZ<N3vh
zvb1+&xoPMaH5k_t&Cv7Be6Kd}Ls0=@3>s{>Uw#=IEY_=j&s`WqRQ2(6+8xM926tl?
zv<b5h1H(N;r7GXT3;p>ECBUMhP=OgcX`~srVRz&R!-|E`vUBSy>(9^Ht?uuY)L@D5
zbX>WkEV|3F!~Ml!xbU>L7}C_+f(rhm)B%|*p6z4(D7T0NCX1XC7f>IZILzj1n~A@L
zjfbiDunoQTyN7!ptK3x(iS~2Mm{9f{;-l=-(L=|fqrDwZ-Ck)lSbMA4pi>_-*Ex~6
zrT0_k)25G8_UU;TTniZtmK_I6I_i0<>p8vB(EiEC;4ZF3cBKH?x7^N=N);5oYSlNn
zwU6V|81k9dJt&txE;OUIbE8YjLu)>=OC*M+<XMQ9aw^gr%2W6n?cm@$ub+?7mk=pw
zk)I9<mJSpDp&7|s#+`BO4v$lt5C<HeL~?)pw13-sCi_-8@5qgTkjKkV(Z}d=3cdM(
z_zgM6q$A_XH{MIxSANR=C?z@#y#Qzb$A9uB^oC5C^;ojW!NzG<A78#NjdfI^WZqIu
zAN$YHm{J>;D0Y>r*GvbUR9)3Es~5g;cqhdEwc&okAi7ji{4XRa0Aij0JxcVy!n(jP
z9k4jP)c>+5@L!h?{`#b*hQCs#q<1qQ9nF6DM9n}B1111nCYC6Q4q^+P4{G2H1cTe5
z5#Qe0cts`PgA>ST@{TL!2+M$EK+y*&u5##s8Gam#KoouF$bCRP5$213xF{+A#qlg#
z1D2GV=1Kea^tb_g&7&Uw_J?@}O6Q#i8nEXW;NMS1<E<;bv|Rh8F9!l55j1JnB#{P2
zg}D|q4qwk-4gm8lzBK0%o!nJO{|6)5^ko3&fj~&x4Dls^`db`O^jf+|>XO=}6kg{Q
zFw?c5;hOo8?$A!XEjj@Pjf$hfo#1;{3OX+*r`k1&5>xRq?XCRa0M{-dDG9KlVwat@
zQ@8Mxy^Mw&N8JbDX^?GO#EZ5mZE%TQghRtx*vCmcY6i%6U~+nVXaXM6Z8XHFBF2jJ
zs<|O6f<sEsax|oMM$ArmtQI@Oy@jg+@cQ}XkB<`_BqqTm3C6D{;nhE2HjNcCkbQ!J
zL$h^fc)ud^gcAVbI}s#hs+~DI)_N0_UEE(<cj^s_Y%>qH$!SE`3W-ted=N)+pvLLe
zzP6x(Iav|oE8#fxYj^>lq%Z5i`vM3c`>QTkMEbfYW!m+L@1h?JtTWqoT_7F}MyXN^
z7jYNo{7-U)@)qe>EXEOVhvnSFb~DQ+M|5vETmdHmMz}W82&97wn`*|?2MHjv<mus4
z=cxG)WXq$Dz*18VC`14P@`qDEHJ(KT?*eRQAyP^bqUB0yB7AFrkDFlE#!aT{-OK!M
z8`Hh+U@qGb?;tZJAS*J{Tj7f6$k~yncYZc?HXzSP4{Q!}z6@e6w#A$PG|z`FNDevV
zm@x;F*^fnJssbQhvmV7PV;ZEYZE}Sp{1q9U2&7%Ly_Y*t!gt^%fCDk>6)_EGw#tO0
z*TL3=q^KPoE#~?Y0=Y_-Dz=lf1u9WZpQT!+VYM?b#id?l6n$+jzF%nq6q9#DzQ^5V
z{g!@g=wD!{&e!@lhGx*p<*tm>)EC#y5(@JuxhvP2FQwn37f-)We>eR;hS$_#_U+|%
z*kFh9v@{DTe?XMrJwEHfoSG8Ds4T}j;=ET{7P@$v#1l-+Z`m=X9|FJ5^GQZj6gG3T
z=P?NjU)Zb92IGyPa3%PhXQS#0lX;GJZ<?q8B5TjBJBe@GJ<DLZKF?XfCqu-Qjxqb;
zaHd>7ftk2g7;9N%3yByfGMuU9H@Qg|rFz*butA5yn1*um5`I4=yz5ls9+Z}?!EpcO
zGfu@9eRpLU%wy{PFG*DtQC*w3!hft3Y{DA6%-nq5q7$3ULBvl-JDKj-D_XXo3g_JT
zGS)tPvvFv;GV%i$D$02$a2x0n-E&VR5Dh!!t&)vWV&RWtPFj5XBqj&@TSywAvID6j
zk%z0kQ#B4{j&wq{+G|_xN}_q;zl(HSfc(;0NSgO@r!W^7DO$<n>iy-eTwD`Y=E}AH
zBv|#RgNb!<@$e8#iXw-e#aUDaMPw9y08E|-8R(L?9#hWL^6Z+ky|~g0?~ycQok60t
zld&eA7j9;&TW6+<RXP219&KY%cs%c(^GdGCP11@8^?jJSE7_D~jjVl8f}c(d{i6T9
zbm}mVg1SUJP~<%j?AKridsrLT52vAftG}%X$pYwLN(n!{j3=rj^vhgM^}|!AGHwdU
z`SD2$wKG+(_|y6dyLa!CdznZ!r|x8de5}ZNEOs{?Wli7dM~oS?%rg@aN+>%sixAB-
zkVbq>e1(;*BZRFBNZB3sG!_A}MP)IkUryR9Q<t3b08h?YyVvpS>lN<lwJx7p`8z-R
z^{0SO%HkfqIZTm{6*QV&lc;fGXt-8)>0bt_-I~pMp|u09`ROkA40se`Xn>0LFLKX|
zzsWt5MgJoA80h|s+*45q$vrT=YU=3kV!z5U_q1-BYq!IuHGA}OrH+1QA0%Mrk&v<g
z=IjT=v0zhiM{s)`E$5pow1=AjV^8?%(f%eQ1LR*Cf05aSu~l^+;Y(>D=mZ9$>ypP?
zEj6d{T84zs$PJjG%!?%@DFc^pomLNk%1bF_%d?)^m+TG{(uJUUiphT`@O*Fh{}gxx
zEdHIq)AAnz&(?X@L!j?~%Ov3sz)$$;z5jFjy4xWtEC5e3ARObg#nZ5-zV@DwJW_n;
zF)@1pz8~?BhPdQ%PV9UTlH6AE@K>zJ6NgrE`Bu_0+^j#T>A`Hv&kWzwLtTRRB*@zY
z6qD89BoQbEPfl^LXnacB%XN4RojJVGene+{Deq<79};~-xNvHJW-38nL=(V{N3B+F
z&E}ktnG@)NTJ}r?w^m_BJANmznqyszUgq^u@{9I=iaKC^e~>dHJnhEfGv%ZE?}VIN
zXRLY`2Eb6BMv6WO#lDskO(IFSA4q8!ob?+*?34MbJ3aq%73VSuop!436QkujCS+6u
z7cp41wOQ(9=0{uUkqa+U*iJUzd+Bv1dgo%okoK`$7%6a3+rBL1mQ>`-mAqAPku(%d
zRDoGP+4r7u)61w$b3>9Tf7?PFP)B}ar4i?z3gtc|GamL=BRf^Q)%CkT>>9AeTr*k7
z3S#)E%mFka@wY+b36+v4D<T$!V~y`X4(CfSi$lPy1X!fv%+8eJbFK3}SmIOXC$K6Q
zJO?-X*i7E<(*FA#i>cpTmFg>%yK0v<(w84cooDusrjmQM6CpK|uzcrLZ_n9V^Zz9o
z=NN6V!M1D_WwPf-`zCaM>DT0I(yN;}x3<FQ#e}AFz+=DPo*KD7W)`XI-Z*%|v;0%B
zEt>A(CA&z&8hewe1jmlM*Ws&HQF9EpHi(XZi0h530?th!A6=@aNM5YJpIpu4s7n0p
zt#kd46y9&Jhr}$jN?BxbLc$$6195xU-#Inw{aG?*Uq2|XWj=_%Od@Ackcxx5bw4J`
z7O)Pu6K}Q`Xe>828@f<)wDM`8uIDQMa;VGUTQ>k~ivWyKh^buvn*jZ96qFU<|4}Vi
z2adyKm_kerU2@iR{-iJj?o?-$Gq-O6F@T0&=5+Za^%Kw<R5K<2`x4FyD7n9XeyRS0
zZ6jGA!R3EhY5@Yu(cbd)J4#7pH#xP*ZgS}YY&(2``t9E}6u}bTv(u~>eHpnHtO|q3
z@URD(Oag)|-9Va(DzVZY|LgMq>1|=<kT(TNk!RFD4KOYBTH~Pb<nZ@&ko-|e*z4d?
zqM)3#Tos-oBN3T>Gl(%z11d|iByLTkP6c>sKI-8mfAhZ_1pI)3d}i&#3HJp$=zv%}
z*G_9kygFJ+3Mm&gK)G*u^<`aC7s=8qvJmD*;xgmC4_N^Ub6=60bJxuJQJF9Gq*A&7
z1XyG1=+_NE<Oi>D;BmWF(sX(RnM9}zA=q}4$B+)(qv;R&73ly+&jI5k7v#HXR6k^@
z*q`=9y_ZJyVIf$ipK+O5?pXql5rh0Q0&%tsH&gvy7sUk5ciCK@v`R^6g=~X&cq@R3
zpv|LDii=j#%k5xU)tAP<heAuAe56>95^`{I*KalRy6^m=dO+}u9dCQ&bGcBz9JcB8
zVrNa?4Z{P`sz9WH>rdyoDaXEIddf*Ur+(=w?Bkfq;*VZYS!QgUYe3_7cywoTi;y2L
z*rufR4umYH{rMrVmB}oF2(ai%2n491R47D4=$1bi>IdrCHB{ZS8mzpAtAi{vNv0m5
zN03xaB^UvmA2nf_kzyM)gF<8;nnl{=KwzR-?UFYMk-BaPprRdsVGgxG*R1QjObv5x
zz9<Dv*<DVZ4%j=O{R~z$PpJ94+yl8t2KrGA?jO&2I^Jx(2K^Cb45ro90T2M*;3!QT
zxcTt%972uCXUQk!{KZRgNRy@RWUjoX6?|&B<S`x==>TMX54ihXp!+xOH*B_%hl?{!
z0Xe0trO%&O0~Xf(Yw{Yy#C3BjI5n6<9A_kur%|0STk+P#Bwl7-0*IRg7>go>nXa36
zPDD+NX-1i}2A}YSSJ}@s--JiATI*>pGszem({7k4bp75Uq+w^}4SbZW$kQMg@saEf
zf$(KUFMI2#EPW5+4cR%#c;L&HdIhW_I27-<$7I6C{OL}=qUGD|r9HKMfo}sf8?#}d
zus?od(tf2dA4y}Lr1E6Q5bxGBU%XuAA1@U#3xh_Ul66@aJ4-YEruh@*x3f{NDi;kY
zr<e4FZUGCPNtVdHmIm&6jd$y{Wr@Jh#2lBC>iw;c(~LGRZpTxnbE1DDm^k}MoZ=r<
z;<MB8V2$_>cCZagfWb?zdGDq$vE!NQxQ9XvQub2v72|;50qSXq=Saht9C-Yn!l5Zp
z-okh?z$goCJ*0`3CXJo#oKOETeVgcr8lv37S@0wE_*~QJ=o!uPTOGtSf_KHi)|>+_
zX#$|0y8#*U4Q*ttj@uucHKXK}(SzG;Vr)t*PGl`?aI0R2v^^S2?e@C8h$%}eIhTV4
zsnZ3kPnW4BGZz;VjYz<QthIc^U;pJdu#kjje(ciw+|}uH>EUyRq76WXAn!K9qy<rR
zxB50Dm-alnX^DIk{7s0`{O%-$ylIHE<sU6Og^N@`?_TSB9qA<-Bb+Y!GWGP2mb>kc
z$3|?k{(63-A<!oeOkNkU-Th_cB}CkHIC>HC;&7e;V*vs(Mw@`*09QjprkT+)9@ug9
zv<C;|j&Y!#<TJPrNO6r619V%tBJx4OoBMW|kr?nG9evd=)|8m*w+1PtD#A{lBFxNj
zU~}F-HG8sRf%}6;G*v!kn&H;%eDzX=I5y58J6Tn@P(Riw3@rIzLew8W&2JZJ1W7VU
zs_OV+%eJ96=EqjQ4CxOfdqfAX^DamXprWM5j62^I=7ZiSJe?V{;<a8iI-kE%t_nK_
zn2|MMF4o^27;EPCo6fw&5iAiRw~o7-juqX2#i|A9aPvM4ZnJN<1{HY%qgmt;kbWu-
zZ1a3hAoU<z!V}SP!=LzU=ABD7&?_PL+Z2F*bN-}~!Hgdgk!PU8+TfZ1uziU`QxTfk
z%D9=(`Z1hszJmkvWX{JG=;S?s99+d;#PXoOHXr3~JUc_sKbPq=s8D5bY;&%;n>{~G
zU6+ksl7-(oC+MrpUFkYeVbaT-3)kH>?w-$<1|8oJ-c*dA?35NJn2QO>0{)sTmo?k2
zyNbG*Sk;4D^<?h{36$=sCUti0NI(zQl{$kclV8l6QM(VK7$`5c04Yg>miqh|_6?Ja
zgoX2tK$mu60);<;#g09%{p{C?Vf7<Z?~mCv-qRc9y!dh{gF;@a=<{tSj!J)AH}Fu4
z+X^4A_;)8phDsyU!iLL)SvsByXETNo^Zjh|kTZwTm=_4ZTlSq8qBb*q?H=%&)p0av
zaLgDP3c&$gqOjeS&Xdqk1m={&^yMYfEyk)zTJu3H9B{YH=*_0FX+eqvY+|DFq+-l7
z{7J7U1!3Il1#V%SN{S$u-Oj8{4luRc?SO1OkPl1bR?E-Hu+P7w5ws3QUfXSB3>y~g
z$kbHt+I&k$5VM>y0x1Cp+_B}12l!0VVe<aAqa**Ok7-C37}R{MgG+Y2sW#F;;N;!J
z?r$ELwE8;(->vvk`>a#s6=sAtnNlxEiq!ak2EWa>i7<WnY3$XsPfsxMrqTzJX&>bR
z1srgGZ6!ITPS+{F|KOFP&XEw$T6hoCUZ~CYKvSrD&{zGt<0nP@WJnv&knl_>`B%GZ
zi*M1A%yQ?5LJaF-2eEljxpTOcZq)KnzN(U@V0SbqLeCI?AOx6(bwWmrOM<~pvI|N3
zV2;-b4bFN9_^e(+K8%T!|1D!lBc|9caMKGd2Gzi45)se<^WR{)moKBnvo<4JT-eU;
z*}6_N*=6ul=K=#OFeZios06!V8pE@C_mds~7zMS`d7MeMi1NBr_;7*R9H=U!p_Duk
zk(+g^C0jdPJVBtr*{UPI%qKy9he2oHT$Z-*?^Y38zX7>ErhzwO3-TNGNu7y{14A3%
z`?z?X2>>eB3xke2M}$M(t8Ip2tM}cypsM(MbXj`I?v5nghR=%s)>)5NJ+i21;{!A!
zgOWkefDM92CXnU#J6k3(MCGUit)4Cm)qccF)~}dI`s;rwltz&4exZ~K$tF76u}D(r
z>RRa~e+HQg?IB1Wom_d`Ezn2Ybat|7)-ksYAaslGG0L}ffJPj!*s7=@&8RH8#UbSW
zjIXcAUcbyj9VjEh$Mcj;!O|fE?;-OfD1V|*Uw6<sdV;C?5g|O|B{0&5EXIFd&J;Vb
zvyEazA$cF(2VThu5A1I1b=6_4@>sS+VdD++f*_%5ctfC<)ztx^%RSirAUAS;p|YfC
zV+vSDO$n04TwjGQdgHKHf#)D}bvY>$Y@{u4!U3S<$vF)I+b5XMVIn24+HSz0DRXvu
z0+~fj?Vm9F&u;aKZ3cXgWkcETmVyWoUpE=eScZrCI2P%@&I6FpP3GJJ&W<T?U#gI6
z;3m#(eAz6i3dE3#Z#|eYYTTST*>L4Mm&er7*L3uw)Kp>t6<PX&3#7zG*`@QU$o$Le
z9K*c&4|f}ECA0x#+zbSRxE~4Iph}Gb>xD!*j78jf5*nhAK?B$=0AyQH);~X+v@}CQ
z0u`x~J!L;7&xvo1Az4LAI#H0PISyzeDA~L7eA0mf8G^56J6P7pkJO`d8ok`<zSr#y
zD%xNkgIc2}(NRfZ3Z!Ii=MgU+J<<zT-kNnpF;`iz$b|)K@Dzb<{<&x^6q9J+qT>c~
zOOV_8C1xoEl(Ti?mxWbk3Se@>@-Qq9(9_1G4^J>$5Jfj*3}Xe>ml9d;%5XA`w7ghQ
zk&%z16igQLyE5#^pH5tdzOrO`_!|B8)?AB?Ne&g03T!z?<XX&yN8mQRm!5q*dB=8i
zfJwtv9(V@3rop4)rXq4$9);SY!p$2P1f*eBN2|xM2-;V{*$<&j`Oz{IFPV8%lD6fF
z5qo!~aO?Y`4Z3|_`@SnfqK7-jmPW80WS-LsezK_JQUIycF|Uv6<m)p+>9-Fa@&e~F
z!4=2^DE$4VKUl~Ckj5H*IzdUG4RU4DMUew3vY|HvfuA!M=>x_#Rj@JcpKD!KJpkxv
zf2jtB>U(3R8j5&Hd(I;(i4*kD#gXqjLq=bdo|OA@xEaVo+@vBrULNMDT{D0It~{I3
zo<_WLosA$MXR<a{##g|LX%4Rd`%wOqFz%Ym7#k?H+?78fBJiju9u=etTC2Bi=NINW
z(XDyTeto+w;&yomY6m31AAb|fl^yG+IM;4~b-suEEy3@eH1|n@`I3b*<-j=q#Dn*<
za1;bb+yDYK<$Y{H#hi6r)lOn*y=}R;4YbvH<gn@%u%<pB5Wu@MLVmMmAkq2pelG7y
zv!J@(`tQe4%x|6wuN&W39&I{x7B3N82P0zk+=chWU?Ud(Nc1Bv0XaYI%QHj#P{fhT
zr^4=v!1`6bzp9;8=w)jAJ|#~X;?5N?Rk$~CPdZP{!Wq~ODeen*q#b`6G#-rlXK5^y
zwhU^N+R#oqe66?gk8=5c=}H6@8R{HKye1E|KO0MHS6YF-piX3tSAHQmi&IhXBjDSY
z25L@Ea6wQjN`Ty#LVqlh{b7*jPp0mJi3P|t#Jv6wKV?)A-8=BPb?JZlE{S&yExJIF
z?-XPa^IFxLxiWLu>k9QA>(!S4(1N5QL*sV19hLb6;CP16be!EF2pF72|Jc6XTqL;*
z4Im-1DB!j=YrhaKi~vt|P?gOnB3a-C0vN)IE7wL`Ms!{T0y9vhJwSE{fnE_7hE-5w
z4C|nxwO&|V<7Gq5Yy3cb2JB%Tg~5?$fUC$i0mN?)eAB3{*Wkt@7P}IIKzg;h(#yuO
zCxs%ucv2sa1a=}PuSs*2U)<8Y(N@t~HER4CS{=~sc#=Pkbihun2j((?He#|eT$t*#
z!F~>6lyd-dMzV+i6l_CBZ(=~hmv!;Z4FjOknEb4B=8|*QmZyb`=haPsFMfD7TA-Hw
z5+~EZ6kELxrZ(Yop)k#2T?)v1bW_^$>|~#GRNqlqAL6j~Q0Q}A!=RF#alLR9`%DrZ
z>vsufY_#SGWTEYYF)VWORVW(455-b&c~|jJkjlf<Qk&PamWq)HB7yJfLxD^a5ZSOD
zU{Ht=(#rK$;w!2|Mr7)^e8Z;<fPA;p`48p0cYtxRR2JPE-20F0%QboT1NXrk1qW~4
zQ(&oMMI?eLdqBGDv?!!wU5cob`rI_)*9{E-s*^<=Ol?VVvvf)s;<Y!;caX%?{H%z(
zNS;rTnX6S2JeiC(4CV!9K&#nyv%2_p5$IY(P=>Pxs=Hm*7rRgq^t6+Yc)v$Bxp5PE
z0@&`Fb}2^!FMIeV7_yqC67hp*W7zos6%R<RZS}{vqZNbFTu<Xtq3jC3`?*;M9X;&?
zIkwN>PKv}tcLG4W!yjhL8xrHERK~R|5`t5}m5gHds4x*Mr8p2RA%+0PA^~F<U72{M
zuIb+0@Zo;!FrwZkVG$)izP*4#0hHnVEZ4t#Nr`KF7w9V#`ERx5*m|v`rw@e$Ix2;3
z$xs>VvIhnPz`l4yi2~HIa0I$FTg073c*p7sooTSzDTN?vgfsa4EP3R;fU*X=(hIU@
z2Y&<!4VvX?kW!%9et%5JmiClG2GzAkh(QWf#le1C;!$6qKy~}nCI)=|>U5Qv89y1T
z!o_#eazoWKFTt(bhtR$<6Q{2prJ$jx<oXk&Zk+QI0C%I5VVx;N1Gr=d!hf~DYO}6Z
z2EO)+bE3fqWiT5+(Fczegu9l6tNl{7bW~8O7asUH!t2HpJ(4!S{SY%{)32Al-!xvG
zERD$Qnvh9n@8~}i=xjbJ2P9g8%~mlTGm(+Vc8)(KW;EH4crMqif=75ek39#pk`axF
zlYYZjAC?+3J<!*V^=%_r6;eO#NXzxeM6n~Fpf|sN*h^3aaz6fT5|}p|E?7VA?|E-G
za=PR1Q50HZba(RgzhzPUvHy`pk(z55lwJbRhZNH|?R$2jd}{IF1?13d0a`0H&}lV6
z-fQmXlf&9Mhf@srToB;cQozUP8w&@LZe%%c#qEd0bv?n|fO=9G`W!AEAZN=lM^AL3
z6e9NluRdssf+q2Q=%2LzC3txQC~(n1$y^ks{p<e3nWs1~OA6#^Jh=6*vIUj18^~s~
z07vD`(F%!09eGsm|3kERmq~N{D^_)6W#PL?oz+C8^&GI^hh|R3V0&JS)}J1&@{!&6
zn`A+r%@oAoVRg(p4VZPcW*=at%|NcEU!8ZDY4nCT+;vd%8V{1ZcXhbkX#sfMtBHV3
z12uRHJmIb0WV*UU{Nk6++TX5=AS;z(a^!M(D{{fLJ4Z2deqIB=O9GP5L{J8dn9%Dn
z{p#{8wfp;pJCFX5-5j!;zsHtm-Mv7pv90>{^*^G;!FhXmI)_KckETEnjR_G6NUunQ
zc|XZY-e0N(ssm*fDRC1DiBshrRO($Iwa`|ry`jI<n@;QhFF_R2e3su^@4gJnepSFR
zcaR}7JXQ+rvEwgLLP)lbHy#8^bn=b*V1k?jG9Qu;&w%+Pm~lNbVL<x2HUYlZtyhK_
zD(Pwzenj+Q+1Hk1y`-5uFh8_x&Rp*X(jyo6GWBuIL_DoeojTd`Ti0v9B|5v~2&h1)
zO+{q4TfpYurcO-%mN}^u?ubiQ1<!2?&`Pv5v2DuDMU23d3WqW$D)e}lnjbWHgDC)u
zKmbAG?%BJfC58RuUz6&MYaGQdDi^Cp4MYE-R!{)7BAvN1CpxC`Y@RZkw^A&Sp)=PE
zGHlev{>hps75=i2{-aVvLE5*4dwztRzfy|fEn9KG3aYGg=aF%2TfEINBWNnP3G2Hv
z&%OCjp7z&agHJEREq?{QUdt>j7wma99L=;a4CvGqC~d+>Kd9hH`b4)qyitimEn<f~
z;Em@C*fsM99mcE(atgVpok)wicd3p;mDkn393*c&2!8KXCyb~g5LVL4^`Ks#n@$nu
zRTKKzU0*BRp6Y#D;rT!@cozac3*(eim*BO`xgEeZT0u(Aqq(wYNL7kn-n=F|1*ZUr
ze+^^ce?zBeZkK2DzHyUVpQ?J1j=%HKBxt@<0o_*zDt|&@laKGg{om3wPuLwXpZ4pP
z;9G8)cKdYS#Lqc^N=~R|JdyVys!>$>PIw;g{n&)8|AJD{etCSm%|RbbjT{U-{gqA^
zFVBPEea`<tsPJO~$#-hWx1)VLe_^2xsRm!i`|wBqcT&awd)fpBQV-30%R_$!aY@F#
ztG7r!H*6q||Dz&PLos~;R2UM-TLQFziy-ST45s=wA(}i=YQ)$JTP+&oPc;LuixA{L
z?-`7$4J)3cUGKe$wo=SwbDn}S5|G~oq*0rpX{7F*xhgk+u@XvF3%GQub4pe}G3_=X
zeWK?4D!`;sIVV(2Ky0SOO3}3+diy|E0vC}ygS+|iQBN6&O#E@!fV5FU$z}lr(tK7H
zNPQ1lg#48#3|S_dR}Y{VM^_>bDKz{i?yHyU?7WR>Zhv$BVl&wAR85qlRay;o)d7~3
zTI!BYM-u!N^gj|d&LNlZOEb8Ds=Z1jnsMVHh$+Y$%DWQrr~f$rs_;Ze*REmILSUl0
zw)C*ay+<g!AtuG&(;R!Uy==hK!JG2c{ytTm<zX3$f%fdktj-+dakopqR$eVw04R<W
z(jO?38INZ#&xLT51j|ehJ3>)mK$3>#e8*I`{o=S0ZFQD?8T9+<*uIWd>C5!PrZb0a
z_P|%+;53JlI(4XlQ~_FhV0b|oxQyqvIrOF6=eRf0VpP+Hg)BW)-hPf>Yu_si|8&w2
z0lgROZ#30tk<QS(sbV_hk6GM>t*(bIvqzYLXomyqovN#8sSvQM6VZZ#EAyvgJkC$=
zth=@blb10>@SIR&j`XDp^C%_r=eE`M?Z@_Nd?bonaIXbjy%|`ZZpu4qPmkE(#aYmH
z>VpyTw)-!-fkr1oK;r9ft{Z>ZOFIQ~W;1cAxCJkVX%S!0FMVs4Qfy4=IkZZM!OX!C
z#DgVlW2Ja3`i$;n{<07eiYObi-WBNT%$U(om8denExNfI@aWfkb}>BU2*Sj1G%gjg
z`8JOG9vRG6X}Cn}xR5eRif6E`7}hyidvTS)KQdbMJ@;HG*@xZD=mH?zHFngtVI~k;
zsWmu4nV)dF(_cbq&fRpp^BK_pAZXG+5=(R`y|wk-^@WBT0kp9A2JFNqB)v1)o8JL7
zTlUen9zE@w{pP;_<CZ(bkMvl@Pp;=qaQtT0i3nw1ZI5I$niPg48eJx4UIUO)C^Lk)
zO?(w3om7+enF6m@X~5>643JFpicYwr)6J;f1M@#BDZ3|4ctbX8cmBmhTjTEnNZf+d
z95EiOEPa4Tulux+J#+pVh>2g@@7i9n*f}Xr^HyVf`=&Qw*BQ8XMiS6y$r)9cs=K%Q
zmx4%@cMI05_a6p-D284yBVKyE%il|gl9sTQ*DKfrp^1CmD)K<{SzXkBJIdy4Pg0n=
z%V*vZMRh8YS84aFw0b0?>6v81h{&Bz`)<6Z`Q5HQ&QJTt$QMm?!d--uoS8y!-9M3P
z@MwJ~xj_|MKYa`g^LMLKc~yB8a38qRc#z7@qn;%b8m{B3#$%sNa?#}nDO|V)S|I<V
zuE!6H!cHt_$|LR>#O-3jF6A_(T|0%%n<gST45JFzc>0Xg!NT$%wk4vh4a&F^G`On-
z?97@AE>eoYNaXJN>}4~yHEj@B90w}W4jOqMI*bzWV<s}O@=PB%P2QkpaMSzqvJ#~D
zg|^K`AH!~tv0C<~QImjlNKIO~^)DhPmr4n#-g>w@P6vgI>*>m=yViSgkpS;FUh#z^
zgh0s8!NSWOjiyx9N4R0hNJAE<*J1qIT9PxOT6oVR5?!{mL?+cpOW&0PgXz7Q%LF2H
zsy-yULU#^Vi>uH)@#q7>q(b68LO7RXleG~hV+OmH=)UAMtz#&@52sf>b!>2qn^1nt
z%G5t?Dp9!M(f3@>Swnt&_06uD3wLO#&Pqr1;y(2H8rzD77?^ynpAwCx>S9PI_hWZd
zOb!u)6eZ8&zt*LsDioH^m(Jk(eP@(~()85Nf+~gNcBz2W#)zMi4lcHbkbm}q3N@mS
z`gvAtNp<P5$ZA!lv#sKIy^<j*fr%5=>52cPt07Xm+=+WCiGMCRraE*X-~U!eC5GmF
z`W)nCg96THAM*^HURQ=LXC2>H!=~-%mzA0}=&^LLwxNY*w8nQQGfsrW0F22V-oWBf
z$4O|xe<;&il=^!>_dPdae)FN{B!~6t>Ygf=%aAkLh<C^Xu|mzTbfG;kh3Lv0g2-T^
z#7)}NCo`0k@--}n@cNzBh>*JFw6TOx8cGL51ba&qKaOXlO-R2+_e+6)6LIY<zj%)s
zcW`BD-SUG2n`GGTLT}gSw5Gg6!_pJ5=y?PM0tUkx;{k>Ih@rwr62B<f{6tkQzO;-4
zG%7jsdQM@kV0~Yi2Es!woTln~<2WN40TbOvXZrdacO|pakK_wcLdDIHaxp|hF>MAs
z1i-KC+PUR5^a`1^fEK?d>7Jp^_S{Rwy?BdKQiEbG6BP&F99Ca3*YiA8cklensT>5#
zGz&6$x9hcBsvB@ii2U^^ygsyPblcb+efY4UP^Qnf#5H2jQHkl7Yt*g^ZD-!g6=?B#
zo|%rX&Vt#M&vGqiqh*)RW`yWclF%eaq2seV9iKCZu2GsHJd(fUw<t`$;Xe#a3e~Q&
z=4oP&A`+UcVC*DkP1-Rz3L@g`3UwY}7|C^6f_L*_zMkB6;ug;vGJfJGG_>s>AuPq+
zY0sQXO!@nU%Sx5hj8Q|X?2xPk4-vKvKY8acJnXPhTLs;|b1bs!cwwTmEv-&OZpD%o
z2KiVUTsE%3cwk942$GO<he{e!g*|O2IlFPAZNCYf2MqHV25qv6M+w#yg+tU4j?!Po
zxql8nVQb%Qb^I>WhORWEck&1WYa|ibHcDV&<(g9WasPO6hac}ca^Y~E?sFKLDKO8Y
z&(0H@n(2zw6W_Nebziv$c6qOwN5psnS-1NWRGa9F$!D$&Fi>O~My1DVa~hBD>uv6r
z6l0&P(1BN&z!N;q%f#dqe`m_>F$I{#8UK%p@Q>Gi{bxUW@mhixWBu1(J@TKum;{57
zI&&E-Hac6vOP2IL0^{sE0g&<nhM7QNsd@lXzfshk<&XYPE$1E8RJ!irv5klbct$DG
zMG=&uK?sB<MqrRCh=7zx7bJ8-l~`zkAc}$rk>dy`bCBM_fP~^u6(dL&ke<*9U?7}#
zGxy%PbJsev?mBCoKOwAyon-I*eZSxHJ}((69@a{pBU3_Lf5jsk$UOWvnGFuqo<DeG
zGt2+MHF8zH{H;S^B6jIYsfVu+1WR_%6ApuEL)vD@3~|UHG%OP4NJB_wqXp>%6cmEn
z7zC2Kw{XFlZ#yyrl(@8Ek%8RB>!{hLdfjF{h>52|PAIJBySCS$C&*C(p99Ai>8#-i
zttZZ+I?$UB*jQM&X-bOLBRP)WW|tz^r(U}Y;Yn&C1f`jrqKn;nCgzvcMSX!Rjz9_%
z*uPelhC)+v=BvA5LJ!Xe<xF2JpV(tB+1Rn^DRxa~-`;^FXm9F&Xk9H_5mK<PkM;tr
zvLx^gAqylv+jos2UG0a>UGT)l0EmErEPB2U#d?$m$xcpe`?IEvJ)w}ZBOzeZ2Vba^
zqoho;wk1!7Iv)y((%|Hp=R=l|$ZD!TzHnPDg2Wj=KRfH%DItVoXH#`n!N`F8BiLV1
z=BvtsiH`Ik`y=6oDc`4_ny&w3q<SWIl!;8+`t%}Bmc~uvB<?0$+kHWVcP@={g3L6p
zB-LNg+)Y5J8}fyt&3V92vs%x1t7oTg=F2b*=wKVOR*gc&f&G2Ri(oDz&)4mDP<vc~
zh+Tk~=1mvSR*-BVKsG>7B|uuT?TcX=(hZrzF50*lx?zV^fsnb4zu6Z^G^|ulNKaTi
zRo7iH+1qD)!vE9wp~tVw-gNKuhl_Z2*lDxGy?eEP3nWV#RRumjqKu9cKIM-i^f;9`
zsiKRc#_k`w6hQ8PmFIDCF0`MYMwE_apUMW>rRc?7(Q2;+A!tKrj+WXJrO;7FB2ibY
z%Bl)7l8jVM3wiboG`_buP;(1`ZD#a^j<OxXMsnPH=K@2`1uw6uOusZ$hq!A7h}q-k
z=ztv*I8?5Wr#keNqwj3Sf%$?U=(i{hYs)43AdK#`2vECk<TL3=%%Iv%Ef5Au+uN$Q
zR?)p>;e&300Y)3sN-eD>xemFC_*sXC-}~uA<K{=rBIr{@rUJk4K3EdPCS<tRgl!&u
zzN_67W3Iooz@v<5L!w)Ptnvv#70r9`0dSz+B5C`lM=LJkwSvPI2@@@@dpizy2#_#B
zXGs3RhJiL24qvUaf;Cf?L&sN4J+1O00Hq->S2WKU;lH^|5104E2g8)m=l2z2_t8E%
z5FeFb2OhiBP@B{=!;QiWSLgF(R=zcf>Duh;&M6#=o1}_TB2tXcH3dPf(G)M*Mt{Yb
z5TDkr7Iz_|CMJqYL^!zvj60E{Ntx{uL+ZHp4qCEdY)vmLO$*01tZBDek}_+^Qx`fV
zHS4^`Ng>{SRK=tvr4kiS>|4f%!LywY5iJqn?~j!s&Cy%k(e6qXn*2dI&##rLxA&qY
zgOu!W3~n=$KiYjoCe4*#U+9K6=<8&Sc)uD;6KJ<O*>Qbm-YM;4Y>C;SVVsXPf?8(e
zk_?z56MnL62~HiKkxaA2yW;@;XXc5sC{$B4$54=rPws1#yq6`ul*x<YO;=UXsxE)G
zZI<uErT`Z1o`{+%IOeYath4p4slf6t@|ov_HpWt92N9Y}(AlLvBK~O2Y2SCR#O?ZW
zk2tQ~(AX25QS#lS&!T;lIvbiA-1lj)nxfAZ^Vs#&`)?%2IyMd=h1(C?pE=P~44RIu
zFi2&GrvhV|NJ#<C2~r`skL(k6<SEw$JR>+dhFA85cpOpdf&xE1=y_lmpW3$vch4S8
zOn#V=`}!lzI7@Fgf8Bo4aS}UaacZQkAzgF{Nv#co^0{PN{Vw~d`W@LAOB*CT!elf2
zZ1wl&%V4)?iRUg<RAVzjZOsdI8Mc5mNBdl--yXb+GBHBF0ej-})tlLP=?QPQ0P+D1
zc{5F&XYIRIP{Fn9FN$6|jP`rmlA+se8g<3H-Se%TJb=%5qdLCU!|RVaP^X@qT>INX
zr=`!}THqAIZ#RGu%&I@Oj!nQRCC2X8h>29p5@DjL2T+TUJNoP#>p?QVe>h}UogUvO
zrBWU`OeML{iM07%yWRhI==%x&u&1Ca_3AHe`f3FlcRquu@5YP7iC$3s*jOT>r(`yi
zb@;x+exW&fyq=gFvmIX>_3v;xO`b*EXn`7R*bTofYbw8q5y_xeoqlRA++;$_MTgt|
z;_dHK{Zcw15WEz}8b)UCW?_ubJy`-jr#MSi?I^Xt4Jr!1B24sUNGS;WhAD{vFc;FF
zWSG{TMlg<aRW2PCTzD#=wU4_PP2WXL^iXxO!q_r&Ck)^Eb!9J&P55C?ttsz$RqT2G
zAl*?}95YpYD>#;J*pyOsw^Az6;}-tZ`}rdy3KoPSPg_NLY`SH7djRqV?6@r&=kb`7
z2bLo|DOLNylWxqr@IuvOsrUIfhS30Ztc?t@O{Zp7m1N{Wf1_}&oqKL)yWcdYu<_L-
z?j{wkJfa@vbFBQ~Zfoi7OPn4T=1z)4cR!<com~W!7jUlL7`}md+@YUMmbT3jP72~G
z^Ad3&=@CGfjV`nGgZzV+77+U2|3<xU-nc|>Ac~b44Ul@yLl71YIdRErEN}^?FfrsQ
ze-j)D6mUl#A&w8;MY>h;O3Dh-wIjqj2Wr<|&if)X2ErHZ6%M?XSc%v`E@R%$^ZyZ1
zwjj~&Jj_2tAsMSI5s(7=THTp_%AVB=+8f6CkmvsXY9g%+&|j3T?KVq#3mpzndIuN8
zdxjtd<`J3HTC=lUFf|7?3iAA?JL{tL)Q?i4_1Mw7Q($9Xq;*}&N&@09q^L+G;DBA|
zRYPsa9l2xh41?rQ)VE;9y0tYxxqNW$Vld=DSNp}0kWqKQYV5AQ2T)*fbH*bwUsM^+
zI7my&02N*9=VP5{-6kCp>iTjlZ9|y~TOZdDW*<iRJ0$#p7nz3JkzGu5YKR7FZPW`I
zuclfP>vW<hyjkjefd3Euf=FMovUaEZ*MhA*{VKd@Uy`$9)MmT@Z+mKBB?9E(Z4CGy
zPMt(EVPXW2n7sb1w7Zhbj@r*7&88N@kVX*H|1~z|3`1yPjWB-Z#{0+M7{c!+9zNjf
z2v77xY<nsVm>U$r-0V1T)aIkoI8*^pf9@_kFMpl`C>HpsRN_yQ6v+SmuVgj9|2_wh
zJ`GMBv$uPj$O&fk5t*LDHQ?>^*beb1)W2;%;8U%$eLSoG0<ih(nD9UKC}semZUAmR
z1ZFtWpQsz8woiSm1~U%!%JaVDS<rQ{hYmoOSI}M@x-in<tvvLp@C7z1a@)BDQNQ;9
zFrwT@^+|v=A&>vz8l=xT?M8iF&Voq!fV@k4&gTk+mC1E_KE-Y#lCHfafuKZD^mv>A
zVQu#7e47SysXQ!-@+yL^)6Wx3TO)0iwIyp5xifDs)uFe1n&#WKKB3*w)8;sQdfM{R
zhfxuoC{I=cj%d~qCO*1Ij~WmpSB#e3@Yf=;c<q?tve7d=IP!zF@*I|aZx&*o$uKMf
zb1I)LqT9<4UYVYs!EIqe!FYQn=RUuDmR1iegX{Bmg|&BQ&TH0|(+XSMT4FVwVK8VI
zk$Q=ZgPSXs2~Zj@1#t^U;sEd|skG==MHDKLwf>VYq6i)d>!@&dBJIhUV>GW?BkY3#
zCh@Rj<Ax$Fe=gc0>!E1T=I}(6@Xh$OU!U(tj-WTPtR@RqKjclXV-tF2sm${aYPMco
zwJ9LitXJi4?wh$9{)k6&JdYJHSukT)Fl*6~{Ne^v#CGX3d7jAdxHL45v=5li|J^5H
zTY;Q$YcbEY=BG46@axv{ok15s{Aq|1Sqt>b#p-+b$!rpci4G1f5|hnLvhv8r>y;ye
zHV#(TO|3LDP4Bjf?0nC;*IE1uaiyk?ahE5YPV~c0E|?QP87GK2QkyrR@2@%t5<6XX
z(fd^HB)*93Cz~i5x0eMD<U_`?7nvtz=S1Oj$~FZ`<kXLM;0jpP;FA>wb7DtiLDAe>
zh^+lVuP5maM&%#(g*jVZO|NU13tO#Hsw@oK{9dlgh0<3(c<brKlktqxF<Acd2FaYL
zE#{p4moH&!GB29S7?LtYfW3CGRB7{EP2qII3N$UhJ0Wjc?EQuvHS%WRoCQOUg>fgg
zj@d=Y;We(mfU8O|9-yad#--{yx9pl-p|?8-zA&(D*dx0$U|06nz&e0p=|cK^^!@3J
zOK{KVp7sB2rsI-1ECw=GNIZ_@Vv0u;QNaYo7^-7Xu7oLME}IjVwz|;Vj*HAIBWFL_
z;UXy;!YOhs%U?$K+Ex98?#fCFUhZ9O84HLI4&l82@*HfAI~B9vYDySv0*ff`jhTYE
zAx=QvLaiGy&EJOYVF`R@QWeHa7lZ}La5HyWeV^vjELE~X;&(inl|be=4aIUBK^$FQ
zTU)7pr<HRnaN2x~l@(C^5p8%lGX!svFjZodcGdn+WI_>T$IH<JwQA(IF0o&cjXK`6
zSEb}Eh+KMA?k~!LxepaoevSPersCe(y%W!)o%W#y?A@|2Jg{XpFf9m5<1M}m6U4*2
zcA0ASFPWS&l|u}OhvrJ)3;RMEJ&R(eT;~>xJZ;J$yM0*42WU*l)~MQ75(Y{2aTVcQ
zvmr=NP679vt$>ha6#*~k9|Wh$h+>1+yEaPyg*0+!F}J@DR~y(R-I#jf3TEX!0a0(m
zmOrb+k~w%v#&AFWw6mFkO@`BbWvEf$HoxW6N2bUPr{Imb8m_+daxvQcW;RZpRn#ep
z4HT>Ac4kuuN*Jbh?|w=TtCn^rF3OEAKSDnHw$UXkHks<<l{9+yRFOkxu}Lq$6G`f(
zS<=?X{8fB2aHqGH0GMwqtXXgKRAkb-on|K5QoDbNv#K9j=Ip!4FIlRw&TAL7sdICM
z;jC^t-r`k65p!t@;8_9F)+k#WAv|V|lT&4b^3jedB6knH$XKhoOa66&YxtLjzPum-
z^on3;W3m$~$0=dmCzUV3kh$7>C~^D0bEuDCS_JAT;2OB<^*kFSybhHacxGk+^(J<C
z{#`(5rs%HO2gnxXhM0@5I(Hr|_7Z8ibWY};)Jq<b=%!+m8t>s$V$agn6XuolwF;R9
zRtkLWmm5DgxM*Kz(f+YQWaC|rBR2%cXi5xzQ~BQQeOXdn5w0J{@PDml`|G>l|Nqe(
z0A8UNb=?6|FS*e)ll`czB_gY%^E@mFY!3EBa4(hQ-IUqbQq4VM_wmR4SK!e9L08N0
KLhku%cm4?rEj%Is

diff --git a/docs/mkdocs.yml b/docs/mkdocs.yml
index ae296b1f..588a0352 100644
--- a/docs/mkdocs.yml
+++ b/docs/mkdocs.yml
@@ -12,17 +12,17 @@ nav:
       - "Updating the RMM (Docker)": update_docker.md
       - "Updating Agents": update_agents.md
   - Functionality:
-      - "Automated Tasks": functions/automated_tasks.md
-      - "Scripting": functions/scripting.md
-      - "Global Keystore": functions/keystore.md
-      - "Custom Fields": functions/custom_fields.md
-      - "Remote Background": functions/remote_bg.md
-      - "URL Actions": functions/url_actions.md
-      - "Maintenance Mode": functions/maintenance_mode.md
       - "Alerting": functions/alerting.md
-      - "User Interface Preferences": functions/user_ui.md
+      - "Automated Tasks": functions/automated_tasks.md
+      - "Custom Fields": functions/custom_fields.md
       - "Django Admin": functions/django_admin.md
+      - "Global Keystore": functions/keystore.md
+      - "Maintenance Mode": functions/maintenance_mode.md
+      - "Remote Background": functions/remote_bg.md
       - "Settings Override": functions/settings_override.md
+      - "Scripting": functions/scripting.md
+      - "URL Actions": functions/url_actions.md
+      - "User Interface Preferences": functions/user_ui.md
       - "Examples": functions/examples.md
   - Backup: backup.md
   - Restore: restore.md
@@ -31,11 +31,11 @@ nav:
   - Management Commands: management_cmds.md
   - MeshCentral Integration: mesh_integration.md
   - 3rd Party Integrations:
-      - "Grafana": 3rdparty_grafana.md
-      - "Connectwise Control / Screenconnect": 3rdparty_screenconnect.md
-      - "TeamViewer": 3rdparty_teamviewer.md
       - "AnyDesk": 3rdparty_anydesk.md
       - "BitDefender GravityZone": 3rdparty_bitdefender_gravityzone.md
+      - "Connectwise Control / Screenconnect": 3rdparty_screenconnect.md
+      - "Grafana": 3rdparty_grafana.md
+      - "TeamViewer": 3rdparty_teamviewer.md
   - Tips n' Tricks: tipsntricks.md
   - Contributing:
       - "Contributing to Docs": contributing.md

From 9e19b1e04cf4188b3a85d0fa3b49a7398c692f6a Mon Sep 17 00:00:00 2001
From: silversword411 <github.com@datmail.com>
Date: Tue, 27 Jul 2021 19:02:22 -0400
Subject: [PATCH 7/7] wip script add

---
 scripts_wip/Win_Security_Audit.ps1 | 420 +++++++++++++++++++++++++++++
 1 file changed, 420 insertions(+)
 create mode 100644 scripts_wip/Win_Security_Audit.ps1

diff --git a/scripts_wip/Win_Security_Audit.ps1 b/scripts_wip/Win_Security_Audit.ps1
new file mode 100644
index 00000000..940200fd
--- /dev/null
+++ b/scripts_wip/Win_Security_Audit.ps1
@@ -0,0 +1,420 @@
+# boilerplate
+[int]$varBuildString=50
+[int]$varKernel = ([System.Diagnostics.FileVersionInfo]::GetVersionInfo("C:\Windows\system32\kernel32.dll")).FileBuildPart
+$ErrorActionPreference = "stop"
+$varTimeZone=(get-itemproperty 'HKLM:\SYSTEM\CurrentControlSet\Control\TimeZoneInformation' -Name TimeZoneKeyName).TimeZoneKeyName -replace '[^a-zA-Z:()\s]',"-"
+$varPSVersion= "PowerShell version: " + $PSVersionTable.PSVersion.Major + '.' + $PSVersionTable.PSVersion.Minor
+[int]$varDomainRole=(Get-WmiObject -Class Win32_ComputerSystem).DomainRole
+[int]$varWarnings=0
+[int]$varAlerts=0
+
+if (!([System.Diagnostics.EventLog]::SourceExists("Security Audit"))) {
+    New-EventLog -LogName 'Application' -Source 'Security Audit'
+}
+
+# preliminary pabulum
+write-host "Security Audit: build $varBuildString"
+write-host `r
+write-host "Local Time:        " (get-date)
+write-host "Local Timezone:    " $varTimeZone
+write-host "Windows Version:    Build $varKernel`:" (get-WMiObject -computername $env:computername -Class win32_operatingSystem).caption
+write-host $varPSVersion
+
+# workgroup/domain
+if (!(Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
+    if ((Get-WmiObject -Class Win32_ComputerSystem).Workgroup -match 'WORKGROUP') {
+        write-host "Workgroup:          Default Workgroup Setting `(`"WORKGROUP`"`)"
+    } else {
+        write-host "Workgroup:         "(Get-WmiObject -Class Win32_ComputerSystem).Workgroup
+    }
+} else {
+    write-host "Domain:            "(Get-WmiObject -Class Win32_ComputerSystem).Domain
+}
+
+write-host "============================================================================="
+write-host `r
+
+# kernel
+if ($varKernel -lt 7601) {
+    write-host "- ALERT: This Component only runs on devices running Windows 7 SP1/Server 2008 R2 and higher."
+    write-host "  Please update this device."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59101 -Message "Security Audit Alert: This OS is not supported by Microsoft and will not be receiving Security Updates.`rIt is crucial that this device is upgraded or decommissioned as soon as possible.`rThe audit cannot proceed."
+    exit
+}
+
+if ($varKernel -eq 7601) {
+    if ($varDomainRole -gt 1) {
+        # windows 7 timeout
+        write-host "- ALERT: Support for Windows 7 was discontinued on the 14th of January 2020."
+        write-host "  This device will not receive security updates and should be upgraded or decommissioned."
+        write-host "  Microsoft will provide extended support for this Operating System at a cost until 2023."
+    } else {
+        write-host "- ALERT: Support for Windows Server 2008 R2 was discontinued on the 14th of January 2020."
+        write-host "  This can be mitigated for three years by moving to Azure; if this device has already been"
+        write-host "  migrated to Azure, this message can be disregarded until 2023."
+    }
+    $varAlerts++
+    write-host `r
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59103 -Message "Security Audit Alert: This OS is not supported by Microsoft and will not be receiving Security Updates.`rIt is crucial that this device is upgraded or decommissioned as soon as possible."
+}
+
+if ($varKernel -eq 9200) {
+    if ($varDomainRole -gt 1) {
+        write-host "- ALERT: Windows 8.0 has been discontinued by Microsoft." #server 2012 still supported until 2023
+        write-host "  Please update this device to Windows 8.1 or Windows 10."
+        $varAlerts++
+        write-host `r
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59103 -Message "Security Audit Alert: This OS is not supported by Microsoft and will not be receiving Security Updates.`rIt is crucial that this device is upgraded or decommissioned as soon as possible."
+    }
+}
+
+write-host "= Account Security Audit ----------------------------------------------------"
+
+# is admin account disabled?
+$localAccountExists = Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='$true'"
+If ( -not $localAccountExists ) {
+    write-host "+ No Local Accounts (Admin, Guest) exist on this device."
+} else {
+    #is guest acct disabled?
+    if ((Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='$true' AND SID LIKE '%-501'").disabled) {
+        write-host "+ The Guest account is disabled."
+    } else {
+        write-host "- ALERT: The Guest account is enabled."
+        write-host "  Guest accounts are considered unsafe and should be disabled on this device."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59104 -Message "Security Audit Warning: The Guest account is enabled on this device.`rThis unprotected user account can be used as a vantage point by malware and should be disabled."
+    }
+
+    #is admin acct disabled?
+    if ((Get-WmiObject -Class Win32_UserAccount -Filter "LocalAccount='$true' AND SID LIKE '%-500'").disabled) {
+        write-host "+ The Administrator account is disabled."
+    } else {
+        write-host "- ALERT: The Administrator account is enabled."
+        write-host "  Management should be handled by a domain administrator and not the local user."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59105 -Message "Security Audit Warning: The local Administrator account is enabled on this device.`rThis can be used as a vantage point by malware and should be disabled."
+    }
+
+
+    # are all accounts in the administrators group disabled? v2: ps2 compat
+    $arrLocalAdmins=@()
+    (Get-WMIObject -Class Win32_Group -Filter "LocalAccount=TRUE and SID='S-1-5-32-544'").GetRelated("Win32_Account","","","","PartComponent","GroupComponent",$FALSE,$NULL) | where-object {$_.Domain -match $env:COMPUTERNAME} | ForEach-Object {
+        $varCurrentName=$_.Name
+        if (!(Get-WmiObject -Class Win32_UserAccount -filter "Name like '$varCurrentName' AND LocalAccount=TRUE" | % {$_.disabled})) {
+            $arrLocalAdmins += ($varCurrentName -as [string])
+        }
+    }
+
+    $arrLocalAdmins = $arrLocalAdmins | where {$_ -match "\w"}
+    if ($arrLocalAdmins) {
+        $varWarnings++
+        write-host "- WARNING: The following local users are within the `'Administrators`' user group:"
+        foreach ($iteration in $arrLocalAdmins) {
+            write-host ":  $iteration"
+            if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
+                Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59106 -Message "Security Audit Warning: The local user `"$iteration`" is listed as an Administrator.`rLocal users should not have device-level administrative privileges; devices should be governed by the network administrator."
+            } else {
+                Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59106 -Message "Security Audit Warning: The local user `"$iteration`" is listed as an Administrator.`rLocal users should not have device-level administrative privileges; the device should be part of, and governed by, a domain."
+            }
+        }
+    } else {
+        write-host "+ No accounts within the `'Administrators`' group have local access."
+    }
+}
+
+if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
+	write-host "- WARNING: This device is part of an AD domain."
+	write-host "  If it has not been done already, consider enabling the user-level Active Directory setting"
+	write-host "  `'Account is sensitive and cannot be delegated`' to mitigate the spread of malware via token impersonation."
+	write-host '  More info: https://www.theregister.co.uk/2018/12/03/notpetya_ncc_eternalglue_production_network/'
+    $varWarnings++
+}
+
+# net accounts, since we're not doing anything with the data besides displaying it
+
+write-host `r
+write-host "= Password Policy Audit -----------------------------------------------------"
+if (!(Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
+    foreach ($iteration in (net accounts | where {$_ -match "\w"})) {
+        if ($iteration -match ":") {write-host : $iteration}
+    }
+} else {
+    write-host ": Skipping local password policy audit as device will use domain-enforced policy settings."
+}
+
+# default password for automatic logon
+try {
+    $varDefaultPassLength=((get-itemproperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name defaultPassword).defaultPassword).length
+    $varDefaultPass=(get-itemproperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name defaultPassword).defaultPassword
+    $varDefaultUser="undefined"
+    $varDefaultUser=(get-itemproperty 'HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon' -Name defaultUserName).defaultUserName
+    write-host "`- ALERT: A user password is being stored in the Registry in plaintext `($varDefaultPassLength characters.`)"
+    write-host "  It is stored in HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under value `"DefaultPassword`"."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59107 -Message "Security Audit Warning: Account password for user `"$varDefaultUser`" stored in plaintext in Registry.`rThe user appears to have configured their device to log into their user account automatically via the Registry.`rTheir password is stored in plaintext at HKLM:\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon under value `"DefaultPassword`" and should be removed ASAP."
+    #since we have the password, may as well analyse it
+    # -- length
+    if ($varDefaultPassLength -le 7) {
+        write-host "> As the password for username `"$varDefaultUser`" is readily available, it has been analysed for length."
+        write-host "  The user's password is fewer than 8 characters."
+        write-host "  A longer password - or stronger password policies - should be regimented."
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59108 -Message "Security Audit Warning: Since the password for user `"$varDefaultUser`" is stored in plaintext in the Registry, it's been analysed for length.`rThe password is fewer than 8 characters in length. Implement a stronger password or stronger password policy settings."
+    }
+    # -- strength
+    if ($varDefaultPass -match 'password' -or $varDefaultPass -match 'p4ssw0rd' -or $varDefaultPass -match '12345' -or $varDefaultPass -match 'qwerty' -or $varDefaultPass -match 'letmein') {
+        write-host "> As the password for username `"$varDefaultUser`" is readily available, it has been analysed for strength."
+        write-host "  The user's password is one of many known common passwords."
+        write-host "  A more unique password - or stronger password policies - should be regimented."
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59109 -Message "Security Audit Alert: Since the password for user `"$varDefaultUser`" is stored in plaintext in the Registry, it's been analysed for security.`rThe password is one of many very well-known common password strings. Implement a more unique password or stronger password policy settings."
+    }
+} catch [System.Exception] {
+    write-host "+ No account credentials are stored in the Registry."
+}
+
+write-host `r
+write-host "= Network Security Audit ----------------------------------------------------"
+
+# Restrict Null Session Access Value in Registry (shares that are accessible anonymously)
+try {
+    $varNullSession=(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters').restrictnullsessaccess
+    if ($varNullSession -ne 1) {
+        write-host "- ALERT: Device does not restrict access to anonymous shares. This poses a security risk."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59110 -Message "Security Audit Warning: Access to anonymous shares is permitted and should be disabled.`rThe setting is stored in the Registry at HKLM:\SYSTEM\CurrentControlSet\Services\LanManServer\Parameters under value `"RestrictNullSessAccess`"."
+    } else {
+        write-host "+ Device restricts access to anonymous shares."
+    }
+} catch [System.Exception] {
+    write-host ": Unable to determine whether this device restricts access to anonymous shares."
+}
+
+# is telnet server enabled
+get-process tlntsvr -erroraction silentlycontinue | out-null
+if ($?) {
+	write-host "- ALERT: Telnet Server is active."
+	write-host "  Telnet is considered insecure as commands are sent in plaintext. Consider using a more secure alternative."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59111 -Message "Security Audit Warning: Telnet Server is running and should be replaced by a more secure alternative."
+} else {
+	write-host "+ Telnet Server is not installed."
+}
+
+# is SMBv1 permitted?
+# - server
+try {
+    $varSMBCheck=(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters').SMB1
+    if ($varSMBCheck -eq 1) {
+        write-host "- ALERT: Device is configured as an SMBv1 server."
+        write-host "  This is a huge security risk. This protocol is actively exploited by malware."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59112 -Message "Security Audit Warning: Device serves using the vulnerable and actively-exploited SMBv1 protocol.`rMicrosoft advisory: https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/"
+    } else {
+        write-host "+ Device is not configured as an SMBv1 server."
+    }
+} catch [System.Exception] {
+    write-host "+ Device is not configured as an SMBv1 server."
+}
+
+# - client (https://support.microsoft.com/en-us/help/2696547/how-to-detect-enable-and-disable-smbv1-smbv2-and-smbv3-in-windows-and)
+$varClientSMB1=(get-service lanmanserver).requiredservices | where-object {$_.DisplayName -match '1.xxx'}
+if ($varClientSMB1) {
+    write-host "- ALERT: Device is configured as an SMBv1 client."
+    write-host "  This is a huge security risk. This protocol is actively exploited by malware."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59113 -Message "Security Audit Warning: Device is configured as a client for the vulnerable and actively-exploited SMBv1 protocol.`rMicrosoft advisory: https://blogs.technet.microsoft.com/filecab/2016/09/16/stop-using-smb1/"
+} else {
+        write-host "+ Device is not configured as an SMBv1 client."
+}
+
+# windows firewall
+
+# do you really think there's anybody out there?
+if (((Get-WmiObject win32_service  -Filter "name like '%mpssvc%'").state) -match 'Running') {
+    write-host "+ Windows Firewall is running:"
+    $varFirewallRunning=$true
+} else {
+    write-host "- ALERT: Windows Firewall is not running."
+    write-host "  Unless a third-party Firewall program is running in its stead, please re-enable it."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59119 -Message "Security Audit Warning: Windows Firewall is not running.`rIf this was unintentional, please re-enable Windows Firewall.`rIf this was intentional, please ensure the replacement solution is operational and configured."
+}
+
+# - firewall enabled for private networks?
+try {
+    $varSMBCheck=(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile').EnableFirewall
+    if ($varSMBCheck -ne 1) {
+        write-host "-  ALERT: Windows Firewall is disabled for Private networks."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59116 -Message "Security Audit Warning: Windows Firewall is disabled for Private networks.`rIf this was unintentional, please revert the setting.`rIf this was intentional, please ensure the replacement solution is operational and configured."
+    } else {
+        write-host "+  Windows Firewall is enabled for Private networks."
+    }
+} catch [System.Exception] {
+    write-host "-  ALERT: Unable to ascertain Windows Firewall state for Private networks."
+    $varAlerts++
+}
+
+# - firewall enabled for public networks?
+try {
+    $varSMBCheck=(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile').EnableFirewall
+    if ($varSMBCheck -ne 1) {
+        write-host "-  ALERT: Windows Firewall is disabled for Public networks."
+        $varAlerts++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59117 -Message "Security Audit Warning: Windows Firewall is disabled for Public networks.`rIf this was unintentional, please revert the setting.`rIf this was intentional, please ensure the replacement solution is operational and configured."
+    } else {
+        write-host "+  Windows Firewall is enabled for Public networks."
+    }
+} catch [System.Exception] {
+    write-host "-  ALERT: Unable to ascertain Windows Firewall state for Public networks."
+    $varAlerts++
+}
+
+# - firewall is enabled when connected to a domain?
+if ((Get-WmiObject -Class Win32_ComputerSystem).PartOfDomain) {
+    try {
+        $varSMBCheck=(Get-ItemProperty 'HKLM:\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile').EnableFirewall
+        if ($varSMBCheck -ne 1) {
+            write-host "-  ALERT: Windows Firewall is disabled for Domains."
+            $varAlerts++
+            Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59118 -Message "Security Audit Warning: Windows Firewall is disabled for Domains.`rIf this was unintentional, please revert the setting.`rIf this was intentional, please ensure the replacement solution is operational and configured."
+        } else {
+            write-host "+  Windows Firewall is enabled for Domains."
+        }
+    } catch [System.Exception] {
+        write-host "-  ALERT: Unable to ascertain Windows Firewall state for Domains."
+        $varAlerts++
+    }
+} else {
+    write-host ":  Device is not part of a domain; checks for domain-level firewall compliance skipped."
+}
+
+# - show active profiles. this will read strangely but it's the only way to do it without butchering the i18n
+if ($varFirewallRunning) {
+    write-host "= Active Windows Firewall Profile Settings (from NETSH):"
+    foreach ($iteration in (netsh advfirewall show currentprofile | select-string ":" | select-string " ")) {
+        $varActiveProfile = $iteration -as [string]
+        write-host ": " $varActiveProfile.substring(0,$varActiveProfile.Length-2)
+    }
+} else {
+    write-host ": Not showing active Windows Firewall profile/s as Windows Firewall is not running."
+}
+
+# teamviewer
+Get-ChildItem "C:\Users" | ?{ $_.PSIsContainer } | % { 
+    if (test-path "C:\Users\$_\AppData\Roaming\TeamViewer\Connections.txt") {
+        write-host "- WARNING: User `"$_`" has used TeamViewer software."
+        write-host "  While TeamViewer is not inherently unsafe, any remote connection should be scrutinised."
+        $varTeamViewer=$true
+        $varWarnings++
+    }
+}
+if (!$varTeamViewer) {
+    write-host "+ TeamViewer has not been used on this device. (All connections should go via Datto RMM.)"
+}
+
+write-host `r
+write-host "= Device Security Audit -----------------------------------------------------"
+
+if ($varKernel -ge 9200) {
+    try {
+        $varSecureBoot=Confirm-SecureBootUEFI
+        if ($varSecureBoot) {
+            write-host "+  UEFI Secure Boot is supported and enabled on this device."
+        } else {
+            write-host "-  ALERT: UEFI Secure Boot is supported but not enabled on this device."
+            write-host "   This setting should be enabled to prevent malware from interfering with the Windows boot process."
+            $varAlerts++
+            Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59114 -Message "Security Audit Warning: UEFI Secure Boot is supported on this device but has not been enabled.`rThis may have been configured deliberately to facilitate installation of other Operating Systems that do not have a Microsoft Secure Boot shim available; however, the setting still leaves a device vulnerable and should be changed."
+        }
+    } catch [PlatformNotSupportedException] {
+        write-host ":  UEFI Secure Boot is not supported on this device."
+        write-host "   The device may use the legacy BIOS platform instead of UEFI or it may be a virtual machine."
+    }
+} else {
+    write-host ":  UEFI Secure Boot is not supported on Windows 7."
+}
+
+write-host "= Windows 10 Exploit Protection settings:"
+
+if ($varKernel -ge 16299) {
+    $varExploitProtection=Get-ProcessMitigation -System
+    if ($varExploitProtection.DEP.Enable -match 'OFF') {$varExploitFlaws+="Enable DEP / "}
+    if ($varExploitProtection.CFG.Enable -match 'OFF') {$varExploitFlaws+="Enable Control Flow Guard / "}
+    if ($varExploitProtection.ASLR.BottomUp -match 'OFF') {$varExploitFlaws+="Enable Bottom-up ASLR / "}
+    if ($varExploitProtection.ASLR.HighEntropy -match 'OFF') {$varExploitFlaws+="Enable High-Entropy ASLR / "}
+    if ($varExploitProtection.SEHOP.Enable -match 'OFF') {$varExploitFlaws+="Enable Exception Chain Validation (SEHOP) / "}
+    if ($varExploitProtection.Heap.TerminateOnError -match 'OFF') {$varExploitFlaws+="Enable Heap Integrity Validation"}
+
+    if ($varExploitFlaws) {
+        write-host "-  WARNING: System Exploit Protection configuration differs from Windows 10 Exploit Protection Settings."
+        write-host "   These settings were configured deliberately, most likely in response to a compatibility conflict."
+        write-host "   Mitigation steps are listed below. Compare them closely with your system configuration."
+        write-host ":  $varExploitFlaws"
+        $varWarnings++
+        Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Warning -EventID 59115 -Message "Security Audit Warning: Windows 10 Exploit Protection settings have been altered from the default.`rThis is generally done deliberately by the end-user or administrator in order to mitigate against a specific compatibility or performance issue.`rRegardless, it is bad practice to deviate from Microsoft's standards. Please scrutinise the mitigation steps below and ensure you have a strong justification for dismissing each.`r$varExploitFlaws"
+    } else {
+        write-host "+  Main Windows 10 Exploit Protection Settings have not been altered from default recommendations."
+    }
+} else {
+    write-host ":  Windows 10 Exploit Protection is only available from Windows 10 build 1709 onward."
+    write-host "   Older systems may benefit from the Microsoft Enhanced Mitigation Toolkit (EMET)."
+}
+
+#security policy I: get the data
+[array]$arrSecurityPolicies=@()
+try {
+    Get-ChildItem -Recurse 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\Safer\codeidentifiers\0\Paths' | % {
+       [array]$arrSecurityPolicies += (Get-ItemProperty registry::$_).ItemData
+    }
+} catch [System.Exception] {
+    write-host "- ALERT: Device contains no security policies. These can be used to halt execution of hazardous file types."
+    write-host "  Please consider blocking execution of CPL, SCR, VBS and the Right-to-Left Override character in SecPol.msc."
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59120 -Message "Security Audit Alert: The Windows Security Policy is not configured to block files with dangerous extensions from executing.`rThese file types are: $varFileRisks`.`rIn addition, the right-to-left unicode character should also be blocked to mitigate against extension masquerade attacks.`rMore information: https://www.ipa.go.jp/security/english/virus/press/201110/E_PR201110.html"
+    $varNoSecPols=$true
+}
+
+#security policy II: parse the data -- i know this seems like bizarre logic but match seems to be a law unto itself
+if (!$varNoSecPols) {
+    if ($arrSecurityPolicies -match '.VBS') {
+        #do nothing
+    } else {
+        $varFileRisks+="VBS, "
+    }
+    if ($arrSecurityPolicies -match '.CPL') {
+        #do nothing
+    } else {
+        $varFileRisks+="CPL, "
+    }
+    if ($arrSecurityPolicies -match '.SCR') {
+        #do nothing
+    } else {
+        $varFileRisks+="SCR, "
+    }
+    if ($arrSecurityPolicies -match "\u202E") {
+        #do nothing
+    } else {
+        $varFileRisks+="Right-to-Left override"
+    }
+}
+
+#security policy III: deliver the results
+if ($varFileRisks) {
+    write-host "- ALERT: The Security Policy does not prohibit execution of problematic file types (https://goo.gl/P6ec8q)."
+    write-host "  These file types are: $varFileRisks"
+    $varAlerts++
+    Write-EventLog -LogName 'Application' -Source 'Security Audit' -EntryType Error -EventID 59120 -Message "Security Audit Alert: The Windows Security Policy is not configured to block files with dangerous extensions from executing.`rThese file types are: $varFileRisks`.`rIn addition, the right-to-left unicode character should also be blocked to mitigate against extension masquerade attacks.`rMore information: https://www.ipa.go.jp/security/english/virus/press/201110/E_PR201110.html"
+}
+
+write-host `r
+write-host "============================================================================="
+if ($varWarnings -ge 1) {
+    write-host "- Total warnings: $varWarnings"
+}
+if ($varAlerts -ge 1) {
+    write-host "- Total alerts:   $varAlerts"
+}
+write-host "============================================================================="
+write-host "Security audit completed at $(get-date)"
+write-host "You may consider also running the BitLocker audit Component on this device."
\ No newline at end of file