From afc8580b0d62d78d61d45931b749625a4f91cc87 Mon Sep 17 00:00:00 2001 From: Brice Gagnage <40995873+BriceGagnageRenault@users.noreply.github.com> Date: Mon, 3 Dec 2018 13:54:40 +0100 Subject: [PATCH 01/17] Update README.md test --- README.md | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/README.md b/README.md index 7f3880a..f8e9c6a 100644 --- a/README.md +++ b/README.md @@ -49,6 +49,7 @@ If you have a comment or suggestion, please open an [issue](https://github.com/d - [GitHub](#github) - [OpenBSD](#openbsd) - [Windows](#windows) + - [Windows Subsystem for Linux (WSL)](#wsl) - [Troubleshooting](#troubleshooting) - [Notes](#notes) - [Similar work](#similar-work) @@ -1406,6 +1407,9 @@ Create a shortcut that points to `gpg-connect-agent /bye` and place it in your s Now you can use PuTTY for public key SSH authentication. When the server asks for public key verification, PuTTY will forward the request to GPG, which will prompt you for your PIN and authorize the login using your YubiKey. +## WSL +plouf + # Troubleshooting - If you don't understand some option - read `man gpg`. From 432518b23c539d1f911c582892c22d8b63090e45 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Mon, 3 Dec 2018 14:29:51 +0100 Subject: [PATCH 02/17] added img --- media/schema_gpg.png | Bin 0 -> 66518 bytes media/schema_gpg.pptx | Bin 0 -> 95622 bytes 2 files changed, 0 insertions(+), 0 deletions(-) create mode 100755 media/schema_gpg.png create mode 100755 media/schema_gpg.pptx diff --git a/media/schema_gpg.png b/media/schema_gpg.png new file mode 100755 index 0000000000000000000000000000000000000000..96b486f464f297fb92edce7347f42e44dea4d61a GIT binary patch literal 66518 zcmdqJWmud`ur4}yaDrP15ZppS&>#u!?k)+gA-D}5EI`oU?oO~^gC;pAwf8>f?z7MRb${?Y%zXV-cUM=x^;UKDgeb~OV4{(tfj}TkDM?Xf5C{qQ7ykP_ zcn}DVo7g=8_yp&uEFlak8z5f;J|LRClzRyRRYsy;8o`>P+DmFVfO`kSdJDXL><*BTQRjWTh@a?j|*V-gdMvu@Hul1?wQDw(-(M5#M7ppE8= z{?eTcP!R1qKRrZ7Km6PxoPe=hjX1Uv@Y_qF>Ya(0WEW@C{HX>Ah$#b><5m;-?oqJu?voDYMVCHX5?Fwx%c}P zgNqestQ2|aJ<|27jPJO>pE`3c)n&#Ki=N(t`_)XP*KXGtRGoE}-$jZOO;hz58K+52 zEVs=Jqg9jFm$dCcjU!JBxL(My%40^(V}z$l>QZd>Pe-dE5o8JD0oFK5I=*JBhTq90 z#g1*i^5sTsRLd{cm0h|K>LF+&!F?Y?a5WQ zdj&I0&Qskv4MDGOda8dsd*h2#!~Ze+JhJN_dt)hBa`0>XHTAw=UC3y!_}H8uctbS5 zhYDzEa^9bfY6 zO-Q*fhBt2(ip0j~VAL~~>VVW~PIvp-Q;DO8VSphPE`@waO0d)5++)A$X0t!po|ao{ z-1%8&7g^d=NX;oFJx!vah#t>W#2pAsN9pPdY?oQOJ^gZ+JjX~H7K+qet5av|_6c%K zU>CS9ml^-%>1nov_il{8(kl0!U6qaZ3l)5Js$mc(WLx{Mxl_<1*tKYm(fF@%x51lH zJDKUe{DGQkH(M!Ti`2M}cD&12ytt}Wr{HMiTWMNlJuWmwIN9+&l9rxR}wQZLC9TKBw!%W-pitpwnM7g;@Zd{v3b8(OI}?J=vhuE3wP%OQ)Y$%)>yJIYh=v8 zNu3gBPsZJFswyFa2B!$tG6M~^QQ91a=~?vs`jIwA@u^j0=*wlM0XML2+8VTzxpq<- zbIzw4^ZHyUYj>cJ((@(SxS|Gs^sy;6Grm$AX!81?N7Z+Q(8!10D!7+lr9(e1cvOoI zEXP+-E!tKH2j7D{OMGYF*WBm$r9Vpax80oMS;sLHWB@a-kU^4fd>vX+0Cv)=F`5i7 zDp#uafUFRMS#Gul)qipUTR<<ev6%Ly%+Co6M4~)(21Z#0H~>L!rSRIYZ4M8S#QB3uGZ2;8b>X9pZP6iJ?pt>Q84-z?3!A0u@|r1Z6e?GOO!a3AlMB>RMIg^qi) zgOw6z<|&`d@qHZ6$J6B6Kmeyzw?LrNpFPS)O-{NSCWAaH9lOUHw|b=nD$uPX7dmNm zP9!IewTQn4XwvE%8d)}~7v;(4FpoS=&vJzMR@!QaR6Ei!5}-=8MD+0ZqA1X$nUNxg z!i`chdXw9btlGQaRzl(y=6srKbabd7Izq#^`VpJ`{;9dIN;@DJhTSEhVgF_V+>_|C z3ort43x0h_0|b9N5YNy*KIqQf(v1Jy>dyzslSo)C*;cq2g2>5{Pz$)fMTP%&-u_qT z6Z(d@*na~9n|&FeaOOK-F$}MAeV?cv(uKrk@8FBBt2+lz^gsF7&R&E^=^LrO82+%iZ+31#zwd8ZE7=;_i7InG;R7=d}8a3&SOR#!@r*O z=dY%~K2*_Qrzpa0qP>2%mV};y2gBXc2*BWBi1HFioacg{g@H^8NdNjlsC?cjpyc3OkVFw;&ep_EmM&X}h zH^8i9LQSbS4!M?j#K{k7rhYBiFykeUBH#YB3j*fxlNzb7Gnh_+p{kX4WDJm88XrTD zF0aPvWZd{v?~9Hh{~HlsLx%5^nxyYyx!xg)ypDdytDe3&4Re;Y>FpiBJT{BIQp=I< z&dn;=2DOLjDSSBw7+L!dwq3Jd`XX*apPqO)?|eu~ovgLJwEP%rqmj44M^w*(kA);7 zMCRP(7roWqW_YN@hr|BmLsT)o{EdebYVyq!`{|xHLRJ1T`TV*DS*zn`A9l8WLvH%J(8pmJ`b!TDk zolY-bKO2TGtcz1_DcqUbtNzi$2BV-u7H__mg=&{RtI+#cwxK!qf)e+AY#_i`Gg!!Z z?OO?#Ukq2dbg-$pL%q>p_E%NBK%Hl`0-x^I&1)dLez;d5zvQZqg}D3WAi2E7_@JT5jI)85St-spS7c*Ejb<{H?X)zQhlHgaf2Xf<5A2`VI+LZnes%J|;m+WC%% z|E6R$4!{;`x;Inrkd2=wmrNJ9m<#yMS5Cga1jO()#)@tLCQQ6yjWTt+C@entNY*h>}X z8ms-v#iZe$aCF9|u@m<5bwiI&XK->hXFbs_lTQ`zSfaC+WFt52-A6k)x^dajAoAUM?jmK>LqwJ%mkMJ{uZ|*Fd{}oU z#xYwKYq^!80%gIU%2fcDoNlaTSQBt$EFT7_=sKT)P?J^v!`B9Bn77`Wg9=p*cTY6< z5Y-PR%Tz?Ts77T2PwE5ZEJs9+mT8LZxN<&0RM@PNsA`$tUZf+b_r>!M4RuLQlhoa@ zZ2G{@kn)r<;z`^ZQ$~k{xWOOcyR86q(z&BfF^Cq*O`hCO1_m5!AP@C_E|xkbXXI@o zZ3`Kb)EbmcE|-+VNCdMy>nMr)%wcPkuwF&+&}4F{astHdasnQ#yeJ>)%dG$+Ewdn2 z2XC;xVl!{FP}TSD21#04T7MyTQNq(}Up>HLSkbC3=47UG&PLOw=!G zbeu}hyFpM}oX^IOd%wwh;_^eQ;AM+;^rO&7&b{B4Q5PLJ9#uu-@z8! z3O!zyipxEg*Nhm+P10yPvQLogm4jC-yVZj?r|pSuX_MnZdIHm!Wv=fQ+O+AR#@n~L z4lrsB>xa$H_J$eTx!a-nD^d_l-$6zqEXo;@2ixZuM(pUBRJQ8=jZ1t%fa_{#qN5cDVp!Iz@!$G z&@%g2^i8BPmfcb3QW!64{8rlrU+&tRzlm1MOx}MEpU~9YBW7K9CPpPBR!q=~Gil@9 zhEx_j_dL(AvH!8I)?9=m9mIW4G{TQBCviMK20S)h>xRcSxD7ve>R!hZ$*S2Ktl?Ad ztuf+KtkkWg9Aa7!>zxyXo`MTFF3$9JR;N< z9rTfbxsl1TCMAR94UI)P7H_4Vlng@xI{%v^Hl8y4lq0~Yv4Q|M-1|4;pW&y%{4(%G z*uVWUU-4f&20Uq?v2i>__SAWY1{?*D`bFQ@Uq$r86a+(nI_q)6X zFp6mGn_xYiy>6oP(7#_|^V{E$e89*@|Mv$+Uq`=N*aBdZlZfZPe&D1|l-LP#!vC2} zR98Y`%R6s55hGJ%7bvfQpAaE2YhM$?Ftpd?3Hbl&%OwfW&BEnOz^iv|>|H}Z;B@+s zLp^x^5qOMK=AIP7fnn$)ry)`wtsBQp7W)Vd9VTBhNB-zv4|TX=X{jCbGy2+j@oikSyvbuLRAf0%<$R{RF@8D!ZkzgYxV7l%MAEQEMXC#D4R4q8g z113cb$57!>pBY;EXELDFSAf8v5llvdnTdM7%AV5jeFJL^?u)C>*qtOTmBpZZpUy4OI z4d)n)2=I$m3y zq{K% zw6u}XpU_)MHa?NvaWjMT^1UAicnRkP+|j#Bv5{^`4&G<;4HvoGsD}LLP!T^;0xZU{ zhY*6-nD^tO?Q>Y58Pvp@{CNjv9gnA5l?;0>^jea5-6NEf0`&HWc!hZ>%1yAgRgjpnj_p5q-d*@{S+_@CD6{#8fL|x zl&UdH3wEZ&EGb;L7z>e$2A3JUwWt2P6e$!RnJoFF#`Ei7%niU3oe_Df=7N&|8{RFfi5I~?GxvRI>*g?QIzye2|@lA zV*c8&6_H=kkt8b=V6ojr0rRY=N{xquQ<52*Y@B7C}Sz=A)Na3B8`C(2|i3E|mOgR*!up9Y} zzJj%vxkk4Cz{^gkJ(kl}>BFx*2HtpRTWpDM398EF5>W+RH{HNcuuIag*l_0aZxZ75fyHN0k@ z3P_Um?P)YGO!eas2*nS-K(O9<2zA<(h|HM7XnM)vE*)UvVYH%B31mP==p|-YC2V#l zLED}_WQ}4%wYgoq7&U$tl##iv%9+%kEVUgZ!@5CBul;Sm5S}cAn?#DXsbe*r8RG{$ zf6RN9*nv%caZ)_q`r|?4(){Ym`z6JVU++J(cj}KDHXe_8R8Ai*Un!p*I;|L4O)>;I zpXOfK=T=z%KzX|P79Q$R7`MwRkJ4T7nptV3BwBC0r_)!(iwt#$8O{O$+MSOyM5gnR z3(yhxqXH!XhsCdOv+*Y;SKH5#?bR7hg)$xAk=m2q;m{tvX$i(0OLQw-xT6~66caF< zI}h-I_f+I$;s9GC4p`=15MAgicw!&i$*045G#wvWsPhFj3;c6gC`G*8)F0zhcovdj zNs-Jww(LoXng5wT(_Q^xTJ2BMjf0cL9{{zS@7=FW0g09XpgJCPzXRIKtY4OaY<(uP zGf_lG0dtSH#%C1|?|K<7HtDkc^m)yB{hM6I*OWE5olg7QD5jwNjDydZYgg;k^cvF# z=OX@0YOncQCaR|2#%7I5 z4@s0@wWinDjvhS#LOVQIN&kL=;WiO}2zU8V?_w8`z*JtJv=Mg_mPzFVc(|$6 zd8DT4Moj0FC2p0~iz?CUmWbF~koWnfNJ_eAFM*}1X~`bECX!~VWVKZF_@GWD$;(Eo z6MZvD`oRu=m3rq-jwGJ%4_~8qXiPdgCyFhkREn@Gr6S?b`^0# zrNwodpN^#7tc*Mym({ycW}Y`w71bIg!mbJ+mEET~;~LH&5wK~<$;oL_5}nz(P2(@d z3}#B=OjiF)gW4_3=1d%6*KIvNr&wu_8vYeQWTS-%RStj)-%?q5a6O+Zr}&<)BD5G$ zws;Dp7*!3V0n(a1wrq>0E(Z&F_J*j?E9F>#fp?S0`(0WFAns1ljwwg6Zj;t#o0h~s z<}dkKfq4Wt8Sx2kq;_vA)T<1yv3*gxa^x8P0gcR|NY*cY;Mfc#F0d~?PVqoCEZK`Y zhTSqM$220230>#_>F>EKtZW}*q42t>z$gJH7s|ECmusfa{4Z?zNPsQDF<>w4k0oHX zaGeGmYpJEvShDwY)J3ZnEUI964mkO%nxparY~htZ?pD`-)jj)d-|Qe^qgIPs{A_Zo zQNsrMz6z|TQx?PBt^Q-mz3NVZZsCCPc4IV|RQDOdjfbu}zygnw#UD{~e+(LxJ|!Vg zqR0kj;CWvrP+Aa){jfj&=F}{n=d8&4jgG~iCPzvJk!L-lJ`b)8(|t3UoVW2dSKSW> zz{4`z>lIakP#_KOw0-orP@29uXn>o(k*NkZK=YLTEngD9RUz7Rn4S9sd7mF(;Kn^C zpqVD~ydsAzz*{D{fjj`M2WU27%yHtO6uZVGO}L0Z4sEG+PgV6EJ~Fp1UXh!u{-uLo zTdEg?%#hIrL^g}do5>x+RF>c4MtPL7KR9MKVZ#!=XLy|QA8Y_Y&5bTnvUCLiWdUpx z+5TAZ7tKTvuRR4YA4Q{I4@Y^VYWJi-ELMs~lha9OYWM+0yH=fYmjb z+U;n)l)(1jjcknrVYp9eEox}+SQEB3CJkb5aXnXrSba(9d$Wr;Eh(<^Ut*d&Yuw(V8xA$m0YP5~^tg}p^nZyUSxB4aC&)1_oAwGBD z)(&!3v7`l~k=_4cb6ZuEZ2YpcX!-=0K@zxQWd7-2P=Sob&Ac{}M^q<9E!b7!Us4P=Dg+}>f7o-Dw zvwf^Xi3fOLIDxgNV4k4#i{`rRA6oqmZu2Ru^*^wTwPXdt`@r-!D8f9lGRq&&|9euN zfc3;9Vop*1VI)+@_V^b{>)-yv2nq@iG+T-TuD3M8HZwoL9=@cI+51g`L{XecIOP`} z{wrEw%l=z?FjQT~L4f|Du2{Ntvs#VR38l~q#O=`8U;6Bk}?tCTUZ?g4c@m$jPGkPHlm3V=lME8bYi}4G+oi5 zc(cYq8;XKRyNpEFNRz(hkqLV22M21k7&*SxFW$i<%P04w2o5AeADKl#!^a6Ju1385C$Gr^;|5(sa!XGrICNpLCj&e1 zuCl{|&Nq8l?3o4O|F9t06=L_K<2G=GhY28{Z|TAqhXt-^FqNvNoD%*IUX}`_vTMn= z+(-XMWTq^F>&{Fw8Ml{-a}`|;aVG-6X)A1|>U*?SbVrYZo_8yhcCz&n>3Sl;qT8bW zr3Zp~6{e86IyUPOb@@Gxojya&zX-WuJhpQ$P&&^lw-F&IIvxp31M*83Hqs{G0YH9HR;jO4}v{l)4 zbz#5XsBy}VGbE=r{KrcEjD|Sr_Y8S#c3K`wf^O!5B`&W!RTNjh7Z#7M1YZ4C*NZM? zc|{R;(|W925{S!;n-2{>3p!FqreVgXmofYM_6)mo2-ry-wlb{9S*x*R^ebqbiS6R# zP-?7{$V3Tc@H?9kO#0TBy;Im>c(ngAhX|D3jsYudIyLvi zQ~N59O8Cv2gMvj`PbUVy@or18iZ6h+_o3Emzt}9 zC}}ww1^UTMO8{YqO5XFKL^-j7F3#H3l#^nWB?_Hejy?k4Z?>PdXZYT9=IvuUJCO40 zI{~(*vGkfWYY+!Gq3q}RUQ+}^21)It%VxvTM``?S?<&)-Bs-6>vt(-Xr=KF}gfs&L&-HRyi=JryQZT3(JG&QXZLuS=Wa& z>}gyi`^G-DQnyA15DtWW zUXc>Yj&D6tP@=@}odF+nEoh0LRd9V}IiN&}71^MZy3qL61t1n^_M%!!LNLZNMd3Wf z8s*I{x999f1F|baS0k1`zr199V5v&@(yMQo)kAO>Y>_Hg*kuTcxy51tPtgpTUBilc z$N@}RK(@D#>e=5*6>s@IpCIw+o#^Zis~89++m@Uqti_(deCTa!Ik#FeEVc5-HY|(k z1I?66o%ua^&~kG{81_ZaY3yV0gC9joT09ti5r}?EnXAFvSW`EYBcpi#?wc2VuBvL^ zZAX8%Io`L1qfC!$KB-mLZDF0!2Nj7lHW;2DQ?k#r|9U5q{$rj#Fl~gyoX|Tc)PN<> z@5a4;Z*JuJ@WNl4%WbPrM#J+vs*mJj*K(UMI?Uu)4MZ7);7`_P+l`N8pJV3|J`xes zQ7^TWY%{rYpagFSA>Ye=_F{ItTDuG;$s63yISHbxvaxQ4wx=7%%XI9pJlJZ8KY~|t z!w9MFa9o!v0S@EA8^z)nZx78FI=SnKi-&nkF3Mpqbyxh6@S+pHIzv|P6U__{ZucH< zk?f>SRhFZ~RYjDlBFNu*Is*DKLm!hKF~I0U$spe=C2lq+?OHjX^TugoEbx_ko+l0h z>6E{kMqPl8BS(#K#+8N^L`K0XcL*B7%nrT*97m^<>Zey6T6?!JfxI7%M_He4r*L4Qq32^nVH%4J!#_ZPJ<;*9rlN_vg^sz1QJ+1tfl;VlUsz zYhJD=^)m;19hV%&@LNI(sp}{dnB;YRfnd0>i?S>`D_37o?})1QSmAZa(7U2*W#o67 zqUED9ozf(ecC~g<<_ZLybE+YN;R`ZdAutlfZaa7ATF&Mq5oSZlb4f)cBO}E|$Y(()I-MBSm-4 z&mnLM#r`nKX})5ja7c<%c)ql5h7U-1xpjT9W7kKbW z@wbv`2BED6rIzcjuB@ijBJjp~s8~s#yQIQ=zn`OVbVZyYA&N7aptZDCly*3VQsf1T z18|VJbY25X#|aPp&|GFKjJKK<v9!~C%@zw!Hx_y#4TMU2i zl;hpW2JabKSEA4Bx}jAlATogoEFq}&wBY-y_eP&!JBhkYWK32%brWDopx3%`e>YY;O1W-^^yc5J(Vkx$dsTs?_#XFf-M_X1F5 z=HL)nEjN{@YU%Js!FY4hpnMcRJRQ_NYr~)oAe58)mx-bRd1o`SJ8A#6br1p+z{USy z(WtvppcBEGxI6eJhS>i59q>bV*AcSmhhNVm7_WXKT<4=b^sb&cPYp&|*l_SrmN_f0 ze?J=y@lrb*r@vN3+h>bz;=P0&WaIM8(jqfVI>uldUdqi+0qMrOk-XIX(k&Iqt*;vW zE9cpFkPc!6A`Lvj5W2OeGj_HB-?kDM8J>5?=D zNC&|jgv1>NfDm}1abkd=@Pv09^XbK`7x(VgN1$Z%)!L{D2GigMSEts*e2Yu2gZsZ; zs<*Y7ZRjJ3$r%5BRv9-}+cKhtxw_X*KBBb#uXa2|%-gO@y&e+I-sV#~lY);pnJ5D< z&Tn+aXbgee>9AVSAI)D>qU`eOp%g<9PWYe80LgSMAFrM%@z6h-fED0Ri;3)%I6s;M zZA4+sv0+E3DXs9WOz&1TROSH0zW#kE;lnKC6z~G(oIZk(YFj)l-^~`QV@wa=wH+Ri z(f2fAr@$;pu?eoEouxQ2S@u?KP#&pEsSz3GtR4fP=>p#!2*c~58m=G}yy+S-dkAE^f;PVUz@PSUjxlwwBMvb~ zW2gg3JJta)3>mq746>V#Q?^gvlm(=pb)7XYC42F{y!9ZbIGl5c^|-e+8jd&}K>h^? zh2|i&zNcHyRn&WINr%uE31edQkkdOr0~Ek=GkgZg4|`0D*$PS(cI~oa%xz`@lWxbF z14wzRhj+}lHg|lq1dx}FN0}PGnN66!&I_j``J*X3*4$$zA>pe$wLa!A%|Ycs&*ONWrk7%0T}a7E zt18k$=$bu_uUFK}W0?~?4>~u(mK3EEdt`(MfP^P1yz5wyO;NYgt>=+Rg+7#pgVlVr zB>7x**oZ{W8A&{V?UhA(QbjFNb4n!Z%z^i_mXaYlH%FnY#c=c)V1(0LM{SJeYYYrx z2?If&oBP<;yn&$j@f0M{9T^jiEO3kU>mu32W@PNfB-9cKzzfNw!iDddgxv-(jbU3r z`5FnQ$r0?75Gc5*xm-uHT$CWQhNJ^I*oy<^7gxsqc()z~{<~U}fu#GJ#cAaVq8~3n zeHv#vJ30T8mbktJSDL=nv)<>C=yV2(Bk-&Cs8q_=nG` zgsfiqu&$L%<{L4eXjpHK3pid?ezY7uO<>is z#rc-1HxUhgk%Wp6n7QK60-^of;kD~~F+d*DC3QRygDiW^k-00V4=u52Omj<*rFg0d zHLSgYai3S$)P(IveNGmpeU|KunOR-I1;9G3!k_w)87K|CZhQExh|b0xGj(SwE?Get zwjRrHDX9Ny3MJ8yU*s5M53qZ*|l1luzf=qjQd*^sA*#8jjJa!6+JI zQ*Y5=;7tsf5CKMqF?U0$#Pr(jOreUytRVuucI%kT5O;RA#VV*H`A{ z>c<=P0HDJ(aAyRN{jLr^rN8nj6t~@cRR$^S*nc0d{^AGJU6+<6Rhcdr0-5CRk)A#{ z5=!E5jmj_j^sJpoH)M(2XWH;vFc zVi~%$YLQ=e9?c6bP7o16MTB-HCKnV`L%o=_tc905Kswp2cNaec2g6373*Srk z`^<2+Q7IL2MKU}1>dyVPf#`mFOkxNP951TjTVr(P_);(W!o1J#6Ov$wfE>JhVn`B+ z!Hzm-$VAP_a~)GaTngeYpgHxyJJqu%i>Y+Ixm>c*GeB)=L8P_`@E#+L)+c%~Ju%-gaAM`3c)mRfrYUc{3pW z#%aU~JTuTE+uYo09htLTOKTE{_oHB5_Rm$5-+f6L7yH{4jFK+WXp09<0*AKY(2rhcdId|5fuT7{lAyB#zv8*yh~(Qcr=rSi>4cId2BPt>n+_az{08IzJt z!Tv|WxWM%R^!i6MWoyg_s<(!-f5cavLYdP6aGN^+N*~*{gN|A6B7e^?0G{tmobaFY z@STZ!h5eJZhcRSeWWOWzyCn4{9Wb{)`vN)RAy?SJa^k=9+P!_Z=OO>|)b+pe-ar)^ zV`!1ee^KVf5SsOdl9XLc314jK#WTauEQZitUvmgP@I@TL5b#zO0~1OXoC@%TDwZfh z9?-sk{2j6^&|Zlb2Qv|9|Nj#K6;|36Z#bv|76}hLW8;A{n3q%S-zYUGaS!p2jd7gec^wYOZ%D%IJiln!^ebj7P7kncOaTCni-dXE2?h2 zfj-guW-={;zp6HJ$s?6wmSrzpsn8G%9?oV?`VSbjEy+>Y2&Px!U9 z-MiA5*}d&&HYnt2KbbCb*296_u4HJ{J?&m(X`q_OE5|@uVWn&Y>U=w2&pk7aqR!-v z!I9SJihyQT*Q}J32?maEBk&=!7Z}Ye(Qx^-YfO!V`Q>=R@7nJ=f~;j2mw64IwN!T# z8V=U#XTXg!-${(BZC5NEYLCnx(6?p%VF6JFtI4!%bbjQUd`cBC8sa7>Ez>Iu0f$8r zyRIoH0;xBZ!I-2BLxGx;!cw{^x4hU~3P}@RWZiOeNSRciFUWE0=$n-?1;-gjzCRuN zoLe84p3C?z^Qom;i6tCdgH3IkV7dUDz&p8!Pn4{=n};3*V(;+k^zMBlII7UcH-{XB zB5x+C65|NJJ4sy0{*=Qa3XY^c@j6tvm>`8RS;ik<6jz%%mpcQI>_sWt7o8CTgl=_+ z(qs$q|I1=g2H@;G8I-V)(z@4!$dQjKhTts6gmI6m)8pHLlD0CT@YA;ci4FW8i4Bcc zASzMf?Bw__x>w# z-`GKlHOiS885vn8RswELZe-QGr32xpkdVLOX1aGq3puHC*-nY>>+y!RpBBdDr?|)C zmq^|0`6%p6pCIAqM3Bdsw&#$j@rZH^kl&emXO?V1q7nyQ*vFB8-dwo!H@$0_!-h2Y zZ0IP|nT9;Xp@=+vn0sgOnYtdjE23)j2_=_3$1DiajYstWu zEU?&^kz1ZkepEHeuZ`56h3O0JjA2^j@Q11>%~(_d4og$xC%~>uBi)UbpuqHDMMn~8 z8&+h;!9o^c*IR7y9VYBQ!A3;D6p0R%bjxUKkqkq~#XLWB>rMHHt!#vYj+uz_!RAi= zxM5E-tw(N(@YFr|)YQ%q?}p3p7{hh9ul&&xYnW*J&?|0?Sxgj}=zZW|s!bVcZ=U|a ztJZqjQrqWbI>YyIhQKQg$EU+|{hpLt zs@u5e7;DxtX5gIOa;fpWPAq-hpka%;kmN@;p7Y7(%-F`EzlqDnGsDB(lbB>F4jo>z z!@dHoR_m71k0)*RqwjL^X4(u-8k}22ep%UGWw2F|F}t8|Gl_>s68U* z!OCOy)N{4l@vq!J<1rNm|1*WTXyBwR2!7LkquYsnV6eLxxe+%~_n8fb=Kj#dFmkx} zrugVw)Mi$NYqut&&)FG$pP53uiehA037n7MJZqr@2^Zs*?-q(}Xm&l7MdXurr3-_8 zizp@@-lwtg!^re}HZvhfA2q+*H1~$W&3cbFUr;W^d2-_yFfa@42M3G8?<%P#1W1cS z2xm%WygZ~`HRlR{LkTa0)t;FxY)by}4LM81a&IOMDY^ZNK0Jlp3$q+G;!a_Nfk*oe z-vU5?o3|v`fi3x{4UdQ%sqtrx30ai;TZRx8*UF8xAKyB$l)!_T6i9oUz~N!1_9JB@ z>tC-S%Dk65dN~5fl+Iz^i#XT#5Ld;D(dWcCRuBkErBM3}BS<7CA~6-)L* z1%kOe|gs zi9Nr)LC)Nvh6}KDW%|Q^JaWM}{q|!;l$GQB+IIA1M;r3}M03h_u`X?^t=`wRjlD)T zgyGhXlVhzqPv(mPvnL-@jJqu@>W~J)o9j|wJVJO+*EobX-+2F32TCp9?z@hb+18ut zWn|p-P!vH2!SRcjnR2$05pZ$5T?=q?)|tp<1-O5b{rw;pX<%9|*(DUt#iwN*_)P(& z)A7|M#{|`E!{)P3I(Zq*qZ#(wdLy}}qv2x(qS$Xl3Zg08G4<+A#wpA^ctcBLww@n< z%>?eI2>@wcv{f{uiHPPSKBd9?*Ypp+$liNFoX7f_s*(YZ$@Dh{K7BeDDfm$hSI+H` zy#Y-X`%p$xI5`VuaF*TPwo27teg~g=^W^b?3tQ63c5WZNZjHHh@Y$nDwp7=S&ssiV zE#!I!OmB0Zom)E65JSr?s^c$ecz!APh^}~?Y{%(H=@)ZbbLZ;9Pzm+vTxEL61W*;t zkD;TpHdP~tG8qGJ*$Ivde2xu=A&bUt%~Saqm3Q45+mWD=K-EJ>%P}&0rF+Ib_3uUN zG<8=dgh7t6c)u)*sXQK&96}IpEwtQCjOUy{|FYO&YPIW`a2ts0>uZGE+@-H(*{HU2 z+(NdMmiwFr^3AU&I;}MN>ksd6QK|H7@T@RAq|Yy ziPSz{!fakQF$GG|gh@hg83Y`}Hon0}+S8-N+}^%vaFScB8s0oMW3EhwfOA=V3NJn8 z=_X1?z&70&Iai^avsvMjZ=BzEum9K(l?%M-`SJu09w*#FM(ba&e#kM`^HA1uqDc(# zqwOJ|I;Y+256>En7A<_VxOg$EEDCZjB|e;zf+xRLk+?0(ny4PDb6frVq&0FiAe3FR z_AEWOos!V|9&_YZnEX3PUeIZA-y>A}B?53P)g)w3XlAg_&RpI@jL(K^0UHC?9g%X# z^T4MMPg z9oskG;){$@Yd&V#sy_a9v);qy&}mfo1De04ImAs=@cl=eJ2! zm!UM)m@x2gw(;vl4>?j4ge6}?x5KBT zzM-oGY1yW_glOC)4706k-VzVJ7xU8xI8zBzRR0sKoyG${hN8qN*a?sq+Sd>T!F@@Z zb3xmT{)yI>%WoYmNmFiJv9@O9KD(b4$_y@sB2XSeFDDx1HTSRMHu7$kI)8Z&e`*>M zyx8>jtfN*YWMCD@Sh_~3v2&>VU$}`K+iq{8uE2(4deLw8v8na^25N<#lanE8YQuzOrqAED^a_kfbpnh>l zaADmMB#x4Y=#p)D5y|90>BFWLN5AhvJQ~7>ar}HZSYbSHAWPhX$eBB1a!WsOX7`8u zZGKOCjkrR^Lbtp~F}EGO$k}B9apC7woj{c$_@lWnLf$7;;;5z|WZ7X6xx(LcwzKX# zn30tLnWlVR=DTV;tgzcacO$(csgn9CDae;?ej&Z` zmm<>0;jXHjX_33Qa&2tjDIqC) zE^KO#?G0Xz5%Et9faeP*oo!xLTwe68V#?`Uv-J)jSD}AVJ9>dZd<2}?ejw%b>R*l{ z%zq;D^7QRkaDh^smM}2suL5!ky~3V-I(qLl?u_&<%K9+Qj^O;@H1}0;g;8giYF5R1 za;~!Y`E#FXS)Eq%t9%BGi%l&HYmPYw^xzEf&sF_7xpGN12w=Qi@QBUL1WccEE%|^$ zXbD7?wJ2n#BvJmRvEAvVQ9X}&iT`%Ffbr;e6bH=3UX_;iaOXx6&=C%4#mRRthr~bY zk$%Wu*aO_*@^l@XD4MZ@5!S;8ho45|{o!DTuBNT4fFfSq!-RU+H}=X)7X2YP{t0(# zmZj%AfG|ssfDK&dk*sMEywBJ2t=6w)wkGRleQvIlR)3U|CCMeSzhuG|IQ&j0mt=U7 zX!5=i^=)dzfjkq2WYBkT^Or#bkzS(FSog>~(j`d;8-{gr5II)xbC>P#_F9|C6mgGX zDS9aqVK1O2O{t*TVMglreAp2N$p5js52!HTqGPL(AK4C0Jz}t%s#ii&ju{6?`_s-9 zWY3?hD$Y9-#Z1%GvmA54&z_)(`4v6Yz_?zGHo0;AR8#`{)sBYi`C8y0`JVyt8*a{) zQvg?oi=Nv2X#LTApyp@wsef+_WMiO+3o* z3|>Qkv^}=S=Ocsif^+wmlp+I32I;3Gz%7klD(lku5F-;0s1l0F32^sy>}F(%Y)gvb5cJWAF+a1W$25%^&nS8Z= z;}ZW9vHhfkc;Wdg#X|c7gruKO!Sf-U?YoL#l^+%!KVEi$)vBS^WD1Xz-}Cusf>uOH6EWZDuF|=@JBY@ zt$hO&sO9=>wtvV)c?GdQfu?PAY9Mb?yHdoq16StXlBUf~v0^@}I0~gnUP9x{wVi*6 zfc)dw8V-_G!Q6smCqgpA(n3qfFp+Obk_^{3RCLW92G^&>xwr6azc}o>vrSdJVJPbpN&!D6I7NmZJPMODZ>sROBh(KFJQrepQid5OB4Bg~)zOji*yOb(Zdpejvip z@kWFEq70;HBIeN!7qX7>heb7>rz^mH|2}krB7H>_?Z-ZA0y<-(sF?o`d+!|-<+g2) z+O#whT2OKjMS^6I3=#wc2};gckQ@ccsZjwXOH^_cBqs@y8c`(YjN~L4$(i43(0%qf z_tblJ-o3BhAMaM}U9~se{e3IWIoFzFj5&k}f7gS$k{DN9knLhO_!XCP^JdD`e#}RT z@r0BNF(r7)uONdY#%~-Iv~ihyOIj4AJhTc2hY=|OkT}Ut?Fww@ceVPAn0AIndWFOv zo7Z$9dJz{+g=W2J$-gjHIpCoHr@^JsGU9iS!b<3dnfcW-3n!Rz1rv_Zk z`QK29iF4fyP9U@Tnf3NJ-Wn^dzU&E0&W>7}4WZ7C;&w_( z9mfM8jkVXu*L$1zyestuRK_8(J#HzGObDEhVQkdd>d5_}MqH^NSJvj9b&_WJvp_C) zBdZJxJlRmN6IN$n1Hg-JerW-oZbu9%_cE2;V8>?`Z8AkPO6q6(m;<^y8dhGgXJg9 zsvH6n6Oy_VX(XtX!Zpc7?*SFw8X=By&v=l;8zUtWVNy^YRpqoUfuc$&B&ti8db%?an*jm>6lFE z_tr=Z4}#zd?%gjv9(3(y`Qcn2smRf3n?&q5{pRFUt;boacrfTuxGNJ+EBR+IHI4)8 z!$iwZ4Q`F4cgj66A3QUr@GVG`v{=n6)oiq&WaV9pJ_wpIAk?43fK*36u%G zU+Rc$!sWVN_T`RM=vpASh@{D%zt}Vu5-zju;zu3VeK|t3W@41xYD+Jn2dx4?v#civ zST%kwq#N(c<;k{xiKrSI0-T?ewDcR7!U#Z2WoU|dIn}$FgWRq9vg_})I{4aXR0=Y{ zD#Fg}IkG$4=ymsSz`G{(D&%7S;7F?KavQg9Rsyj!wVfeCcjxs(x7{IY%a|!V91;U! zYXG)b5^RNr-<>pP+ZAiYWwYMwI9V;iUcRAVR5ST$OFO0U1czjvQGX$L#~@jlAW!&4 z@T;McQ1J$5+JH5eHO?Ws`Ji`YjG-iWC+`l$lD3v*6Qj6gaDEW)(i!jT=R#yfqkjF2 z`BEpz=FgON$ssDX#3qR@At>q78cK>X4y9dEcFnH$rzwaQCnFBX=a>;PMN`>xaSP1( z(XgyX<1Z8BKPFydgO;Va9oKj*Db&RG?|#M5U!t1>QEhlqFGe^-+u>8Am1R8oU3*KU zJu40gx;7@XjCU3SoD&ax2udW_PYNBaJ;fd#`&^7w1@hu);KZ?bx9561oNcm=j;aD(MQ`HHhConBP z4mvmYcP@1VC`yL};<%XZe73FAxrAFrT4+6Q3M~sbV)zLJYzUEiAwbbije{pX16wJZ z{nq=4YKSQ&a}EJb@24HgEIZo+ZAby~As%#6?`tqrHnA zt3fYI{>ygZPNl;8bV$y`v(J-_>HyWE8N~^E&D4bu@*}nTV{5=OllrFkGmZKKcO>Ei z^U}+9x7yfs7s`Wf-8C}h%!J4~F&Qg3`0;-m#~VrOIe5ExdE4blN9I;txR+qWzkQzV zL?u&({I#R_)^!iXA*}uX&aD$b(e*siqylvS7k=?nP^Iz$BEGGl) zQ3`gq%Suz&wu}B8Shp6UfD$RLZ^XUb9q)|uHABp3B6mZk1!3ekmWChI>Dm^x7ox&l zBq&&6F*(ZF{@Q_x5cUdB30QlvZ@{^lld*3jOJ<^``U4N??MF(hj&9&g0;wd{%GJj^ zac=+|aJjUD4TmgRcH$H0;}t4k`&m`m;sqjWA%XKOnxnsJ73HuWJ({Qdv1mKL7kA8d z@%RH{Bsfb*oZoKVXz4>FkO_JWoaqToj`-hc+9_dHAHTQBODr#yhFsE_iQq6z45uep9KsvEO}^OXhD`aouwEs;t_-Z(>A%tM+ra-@Y4 z{apy`2jDL4V8RlknRr(^+@P_K;<}OnK{_OjNwv%iP=+G(Q5gkinK$PF_-phKrOjQs zaKU$Xx&2=eka*zo$)9KEejhMU_l_UMpmgZC@c;aSA;%A8mYeR@VWeo#z@4HfAAo+O^A~4D)N=r5q2{^wc zRZ$ZwlA>f%{`Q~weiqPKNs^O{uRN~GTXifL@hj%CJhb7q0J@O91EmR-s**b$*$F** ze3pkq6pl`m_eO>ijr^aECULo9J0)}>r0d0@Wk}_I;s6C?R&AmXk@m{KVs6pI!_7R% z_lu13*HqxHXjm<`Wceb50W=8HIH?D{A^dP|zh(M5Q@^ahfgL1?2Q8l(`^~95xU{5`j!4LfNB9hZPbQtnV z!zr|7!AZ|NOSue`Ho6d71i$m1=a>MzKn??7DE{3i;8dV$hJ1B}%b+gBgpTO16gtRw zW@3S~YRVP3i<|#TcAA4LTwvBqW=4O;gk*n6maI)A7;WSPNt+i`{TIjsJlPJohNsPe zIzA7sM(s>qL26RO=NZl|NY+p%&jKD9JC)cqGP?wQw6ceHwXBRrUHty3E8z~%an++m zvmhevg*&N$M6O&bnm#fME-lZ0*KefWlvS3e$4vY)45TP^E3qD0k#{P9%r*{l(K%E> zl(~|7a&xMmsrIBmo~|{9uu)HmZLTW=LS1R>x|vov?eO*!IEEkE$%#6inN< zKLCN38X%xp=ok`kYxmw91B=M79d{o-9iu~|T*q>X`@#O6Bgfo#8#H1S|tL`~G>pmExI72*X5d84W zK0$IIMe=u4(Ccrwq;_7SP!!4iUy&t$jQ0QMA9=ZJ>hobqQ?|W}6&I5-{4WjtPhe30 z5d`MHpsW6Wj6?fhEZ%p;07je4FDXkH1l&AB;AMZssIx$1&q$o zWwOG|RDk2LzX~4$CS8aSg&J}&Lkj!ARz5~TLSwly#mg~P*MLTYG0@dHOlTHy@ z<+dC1!qMjA`*JIMizT51Jf-*wGt_mscE16j8;B@!E4>@bxzX}PoozfdgovtQ-9!uJ z1wstrB$zpTv`XVKex3&ShIi*bmc&rwMvJX`+3xNy81&Wg9ypjAiQeIHEaNU}ze07n zA`WtIOvNd|`s;H=yc|7HMuVQs<8$jhZy`}KK5}C6zdyMa+f)L=z*aV0)#Uf>O#;lS zSI3;X{qvd8EvF)cONZf;KVD&V^LO10q zWHUw~7cl2z3E{VD|}ihbj>@E^xRaJ|na_^u7H-Du9AJbr;s z^-4pBce4C5#o5Y%f9G=VM^Mlt9oEiM?Z&$~IW!pWbMlnv0eUUSPaF5LBb!6XfS?*)=6Uz8mR{_IVRnOeIiF8qPEjc`azV302cNlO`HObGU4joO zcY_x2-ysJXZ3Nf}AX*BG7l-a*av8`=oWGH*P(B&r&IlYS%|aK#6YbAWz?CDu88R{8 zKi+Kr?N_`4sLE`zY0`h}@K@pC;V2kp)K~J~JK7AHo>ehlz*{+8?0r1ZyEwoaZVi{MPe$XC-X5Cgw7YR^-MpKIm&h&ZHhiBo^B_LuG5(iI(gQu#j!7JKnSMj{M zvimI`sZxUR!J;f0cW!+2iJRSEIjzaqea{nuo(T!eQ)3x>jjxDO@+f_qriAC^Jr%@Jq_AFSZSS1?@f__^7jiA#%O;>}{S8fORfu zDtToMDu>StfL#aD_jJK8qIzw-osZX5;nL8*Kkq$+O{0|Hml{z(2N9eI+`@t20sPgYGFkDO56UdbYIVY$sk8>(T)p5zan_h~RC!D=pYf z_D$xVAVj*L>0(swb6GWA6bgIK1HhQdOlvPwVN=YS0NJ{Am5pU z8P{jwKeW&bv6py?Z|^hUkW{hHVRziq9}x%8;>y`C zfvE@2*j27!0U+^Lij8tJBxW)Me;Q6nzG3OCQ#{@KQ7M`dnGV72puBs<_lb}|ihbvr zZjGFX#?^Mx6Ap_3wm7ybgVpd(#S(xEU07=?KWw$hh3wTWU4AYMgiOqMPKVckpy6Dd zm~5X$$uSU6DP#)2HgJ!`w6muZ$ma(p>QkG~pmrdy4hxkP(whiH1Gaksp# zFHo!jI;$8jx^eaDgI;!bK1p!s;Gcg*cCvxtA0r`;88c0xNw??AbXRzbY?}@LD{L%{U_@}~fCL|2Waljf8 z~C_Y`W^!K|P;)bRE^~*J`fGiPK%@w+h=ODpIab zir(J8MM0nUTFdSweMZLH`{wDTTnbub`3Gp%DTr-!1D;pTGf8*vA=1j=se{c}Ttm*y z;j|wt^#gvd*~uD6D|W|p8jX5BQ1k+?&?bicrh^?ayW7sg^<~$`4Jv*o0l3MU^zf*3I5EjJJj#l+DH*R8K+7M zK&@RhNrva_vE&X<_gpPu4aWxFa8NhXU)l=u~5dwMs1X@SE4k6 z-Hh`=4%(>bdRLGLWxtRHOHr+`MY4GcYr5_LQ)NUz_T&n6G%(BF(U{+Bh!lJhIb1k6t!Hy}xA*Cu(X_;KG;tL8}+gDWeU9UAb`F5+@H zL$dKaq`1d73`EotZuz$3{c!^Mq#HgM6grACAKu!LNLy#k8cE>Ox~j_+S09At=eCMib{J<^yO`Awy$Dmbfj` zA=BPxdKJ=S$&y$Dao;<&_5eIaiF!ce69qnrwbQ_A@2sCy(k1_|GS=?L=+x-4K<2ps zNN=L!^gGd_4+E4kGinW{Ou~mm{&J^%h?^(hXO6yjHoR3RR1q!;A}ABo(Ykgu8l!<% z*S>9qmo;w7Bn~}oMEB6!->Gski*{YV#;#2@@Vh>*xm^rW_$b;}tUD$_9Q>O$ah(bSnSyR1b6tFtc#pqX1_D|e9Y0R~+ zbvHms3d3kKW|k-AD9zB~Qs><_i{WWyLT##Ug~=!J-}-w*+zRyqIohf^v_kYSzk}|OM48^kTwBTY(ip=T|;hao&nK<};%JJBG;Y!V_%{3oDyY8&D zulHTT=pKNGw;E^O#K(-hJp-2zxpw1qBH@)%i|!>1f6BuFa@%+0Qi>(S)*Q5*QDqR6 zzGy1Oz99!JD0;J}sNzFQ3c53Vh@VFL&3M@Qfa`J*xD@;a`&(coGl8(wbCTR7t0{zS zPQ~m6wHKa%n_>vN zoG9!^VQQ}Qj7c5eylGDD@s}U>^%#Vpep7GaT9(W09xQurUN2p7a<$^IL4#Sr<(1^k z8T`{%woL$WVTsm^|Ly=nv5-x3lnPaduZ$#U`__#=s{ovENi9qW%nZP3sE2EkAtKY4 zY(<;ss$_wc>Q=*x?p)$VZ3pRK0|t(fpBcF=;@vliJgRJ$9dC{mdra%c$ba5l9^R|z zJ1Wj{^-r_i!+IRYWjjM9_*D?KCfN9G5zylDwI3YkUZ;(BxCA27DkJ>&nCxgV~QQU&b2oy zgXsrU7?d2(j*mV}R1^O8UR0y76^ul|ty=*6UTlGM=k?IlB?_T%cv|vPyRzF-n0ioR znmoTUT#~EmlX`!a>s$WUEq*BquJkI9@({f##-WNQGm-$xyfs73n>%6P)^6I3z`qZr zJ3r)51;PXkXWx0s$gu9ur09DNSua+^P1au{vD!}4*f5-}gKy~b>+m5Skr?nEI@xZ& z)Z!){zJe~J%{6R$cCu^hE=}HRbQ<{E=Y!G49Ojq|WVOP-%I&gNE5c0D`(*BG$iuT) zjI-*Q^q=>tHjR#&oYQPCJ=FJ*qztluY`m>Nqd|t*@bM)}>?gjgIf%T-*xDCJL7jcP3``9`rZ(~~0a{nfqbTIYk~ zx7PZeOD!jiGPTDWOSJ2sYG(VAI!S*m{9q?IlcC33h4Ap*3#m<+`dxnIUNewPjCLrpckL(zWE?P%T|-`Ix~w<#oXzH zZROdHxAZDnge%P-_j;FP128ca0En6!I$q_BYd^s$FZlelDNxO;tH^k(5qk6RqzCiH z_qx8t{G1TcC*5Cdjv^x;c^|y^HdEl9yu2=+kwM5EQ_qO&n^sqI6Q|7T^8_yL!MLTk z|2s--#q*;K<}W`(b`<#Z0YI<~;_NR6lgCD?M*7}P7(FhgDeUYivQ~fe(@uLK;!cgr z)O3;h)z#h<<8Q(_!Yh2gJWTkel}=>vOA7JWAPu)TwSu5jxNrOCfiIG<+8CVVu+BzJVG-Ybwt zGO?Dw+=0V$rOc|EqbFH(rdTSS%LVDhQd{nwQzC!Qv6pw^T?m%C@ZP&!A=7L!F{vqV zsKc}YneHzRo}k(nCdNwm%O58D4Rh~Gp&2s5r7$KrfRAb0lmYs;FWB_hBUbMoh zO*_YH&s=D_l0`M?H(%Z?qsQgd;L30KvNysOZ|7MeNyrjcZZ%LbRpb2QSO3yawr@5g z+wCLVmN~q0E8ihCF-h?K7geT6M3L&wt1z^e;HpH2$KYpNd)!UWpSJZscap?s^!VJn z-?i!=E)c?BX0XKZ+76cvzka(O>m?x&JJK%@H?DSQ|rI>+e-8zu4`(*&5#~~3y z^DSipb+#z6?l`Z+g+_JQ%S2ho2*IH2^3orf^l|pV#a<5C&2U2K=~`9I@<2h|$5wr` zqc!bo43<3=(%;KsVyVC7#bf9hnjvXO^$xc0hJyEqU+f`*nwV zoT?IRAhUcaG9gSw^m^`xJ|l1;18mi!Z>WoqOU8F-K*EvoKHyP++lEUDPGU;53!Tuv zZgP|^(chy2Dezrzdd>j%Pw0qZeEqwid_i`j{|2oYE{XHTI4*?Qy+na zZSwbLPBY;d1D$zoCl&Sl#1D)$!2f}hq6}yRssXiViXSYd--<)$WxM{?kZD$YqPhSn z%@SAIvIb#yHO9K(+7voOs@9=nhIO^Wo|Cfna#dO3uhCCcdu!nw)kHf(-<;ZB5NEva zpUr4c3675v`lpUfvtEgKy9E=loG*wo&m&0oA=x7C4>Uk39heyFyQ^FsR<=7V)74JL z*^7c9-$O#PmTZ@WZvE?6JR_#5+K{u%y5vJGoqdT{xAe4k$PE%zsA@cPc4~k7x+PE> zDbRZ%d6JnUTw0~+3wnA}Xh;%_$oX|QF%IueLf|6Ws(XiuKNh9&oqQ;Dq{~}ff_VO4 zKnYOPss`7id=&9`3SZ~>0wNq3XArK+1Gijzb3N(Lz{BdUZQY1axdS zOyVHR!|diq;~S-O>oQO>yBcuu4+tCJwo(^ES*sKP=WxISZ#OeN)n|h3N|-mPy^vTI ziIQoK@+pC|Y`!-wvU^+YjWb!H#A)6fN4)@#lyWGZTnLgygu@y_J9h?ZFYiYUa1-%gRjhI;@xpX&9iO zHw4}IZZ7rBFBYp4wFi9JMBOii8=UC}QU}6t>OEyGxSlrQDXabfy$0LQ4r;&)}ctm!PAE{XRd{K$v>}1_L zhUXXALJUYq&v2z1ia+)>z1Y}vVgqnKpRg}l^1dk}xU!=%SNKa;8ZG1X|D~rg9Z47{ z%Mk;HLs_CDh^Xqr_L#Gj@2bt?hOAAl6W@P&a`P(yH-E4V$_%USjQ0XDL$Lix3bVnS zvR|_|N0v``9Z7R1l`DOj8TH!5dT+x=AxWh-bA0`L?qBaf+*<$Sw3)JdS9@ zkuNL+y#@ppFH4axJWiI3|AgYrP{_TnN+=?oR3GamS z-7M-n!fN9|={8FQ^=jR?k0xNzxHQCLR~4%opeC1CrPqSzWJKPeIhS?CX}KCRy%lh1 zgx)z=%x+up3zeCg;|0bBJd*mzYkcPg&f>4VL%>-oEPz5aK5$aOUOO|qp6XwWL=MQh z_qVy?-;##HI)13PSO~uHf#;AZY`~b+Xj~bw3h$fNn!Wu&a9#g0ecEFy*}hgavLTLF z9Ly9%f#ihir3d8-sKLS#y7!o1=DR*__TAX}aK+GKR0lOsF~z$E0K*1%#k{osn;c`? zC?E|r=vR@n23eV*ft+(B4gdju`^+3h!BtkoDNh*AWq^42BKvI}rb1|mp?iq`pFW6@ z4FuABnrA3|kbA8v+)$=tsqNX@qY;x0x#plJ@0IYnD6K*9O$|VUBi2-7@OM1 z6k5v0jV(>a9wsyFW{#Ps4borok-tb`LQp4_TZ7 zqIz$BKi(%L-5zC`5f=<}5L zs=vMJS==|`xv*-$of~;^>*150>9>U%{Mc1x2$+3U5sW!A?fN*Ibs=_hWuf=5gl5?I z%B_sx{n9PJmHfyER961n#M8*`E#%}9%h)eIe+V#JLIkoh!GO{uL6_baSByXSR)sKJ zR~wH;)i+muP&&NbUaY?E^6Fg;V}>lN{XYTC(wk^ODmHF%# z#%~y?uJfMfVE_2`r(!ZS3?PEGpJF+=V1psR_fBsz{@dpi?+Mc?%hsKa zIwe>=FT$)hBEQBF>jeijdIVmc)A9*B{GzNkS3znoQ~^-fxD0;Ne=pkqHOa*mxyyT< zV3(Ne){5Wl`VQ_oQmcXmX8&7`!O|at1|PB7G8jL9Z88+4-xs6rhUhC`Hx4m95myr%Ijki|w3v(1oSlb+fjO((dg<}^cdTHIXiXU7cRizUFA{S8uqt}%-c zl+~6%wB|}evcs=2H*Xw1>y?6ERfb6F4|z)5zmg#UD+uD@!-63{9lj^6r zKm6tv3@0&mBS=8y&hFsKH@Z2~jVH(RZ>(W95=m(FT*U%DEk& zFuCL9__k}tm;cOt2O+=UZLHO2cGRH@3RtZJr1+4@WSKCh*TmX;6ntJX5uC)10m)Bx z|9UA1xs`h-r%F109-~o`q9E%_kF4d_Il9cV0!pf`hMSZN^DNb#o~b=#0UV|}P^&g0 z&+L2z2V;OxLbvsa%2XkcN-n8FC$#+f@p3Vn1Y_nlS@y;icA`^SjfCar} z)8vEEi+CdfC{WVb;M9p4kU_TeY+QJ@%0SjnyNN3HMG?o9%%$boNVzvkPbHS?PFsT- zn7S{1gIVV{3*nk{i+q}m^;w8V6EGF4e;kb4aRen5H3c=||M?nfU{iS}GyUZn$n;&; zrR)HAUys=vTfEf@3NfqZ^6dj@ZUXAeVou2_vpKQeQ-gOOZ7Fd`0&XJW6}@7 z#*}+$$YpS_@(b_@m4p{&!$-#{cuq?$-wY3+edhlj5j2c5_SY)`^CeN}%nn>M{@|Lt z7Lgt9+!8sS+s;^5l^$xU|LD(vp^iT&SWEUVs(ezrP1~PZ`JZi7vTcV=UOL#i5RP&d zcwSqqs^ruJ0E6>}Y*-{1UyG%->$ly6{-ZO`QN+V66I)~a{`zuv+)q=~5ZpiV z%ci^YI|HMYVSxOuKdyeDwh2fy(}0|~x>ijXcND7efr2;+RejF6hHFyR#=ZB4w7LYe z1NN>T1*2dCM@ty$;-t{YLIyv=874Sa{NaHDXIfJeLVjr@elu@&aclm1W+jk&yCfV; zo~^S9Z?R7s@GHTB^Mw|!3lou7y78gBg3^Y*xDuU88)(mL8^VY4E#b26rzcg_V>w9c zC(FS*SPPEiw*j#c(29MEGo}HCIg{Yn9eJVq6%d3&l9T1ZL>so#a<8_Rkyk1NyDN`C zf%@u6&rno2le;vk&{s3>ub^{LAq*b!jM;CyW zX7IrL>;n34M+QQ+Q@-uo#?Z5(sj3BD*ZGx~by>$v6ooL4wH-Ew0!FC~f3S&b>79rF zxl@B-7s6u%0|+38>}@`=5b3x317ht>`!EgW@$E(deHx?G3NB$CcfQhEbzmyQ6#B2d z@+H|&&ch9F^kh9Qs=j>UaWo;*zA^AE|6$msqOnr+CuBSG}I}e{C1=3 zmI?9zH60+Cw-4&HqeKn}W--XIV6_-4q=3xw(QTYdb&(cic;2-MFPvRzKmFyMMas@r6CJPKuzIDiAmzn8yAZ=lG!{Hth7fl~1jjJe|w96b$7u`H43 zlG)e~p>pJB$(MebUZ<`8=v&L*XAg#9V-WxPxcgIy z5@}%#I}ushxLyVI_>O?i!gQQo;}uSv*CIzqzC%4nT;&_T2YHJ&bXd1yu(D`49f&A+X z{dL30dqM)(bDzk|XS#Y+wH2dx%{aknsM#US``)=K>1afHnvY(GjrZ z1zBvn=iunQ>qNV?22>p6L`7|k_ajw%gh@Tl^)J>@Bu~a=i6AxA#Qxm}@3IIYAvce{ zr)2~S$r5%+%K5D8o!M#64orVCY@`1=t`m*eY2o zg=zl95QRamHTYJ{DI-n4Bscp z(lcHA4%gFp}|0eke z?o%O$aondJW8SzV35M8As?vqYtnfTNhusySNqybp$l%oBKpx``Th`@JjTUORy3bu_ zLnz8?-+b=CMm&re-IO#jSVyhJ*=5EUO!O9 z4^8#NbX#s=49Y8hXceU zAC%q2Az4+=Js=9j=U2&ujK(>srOMA%@i@v6){)v}4`7E9l)SPO2qxN@j@jsFgOlvs zzU#;a=c5F~&uHX^mFu@EeaP}$jI+{bHsRwI1ZhYz%&gSy4QBl+$0{a`{C`k1*GBp0jGeq{A?+NnW z%+BKy7f$AK(8*J{+EgBHo!IW8AuLFIch30f=d#B@S8cejY_Q9hFJKI0p(B;kPxaGc zWQ}OLvL4W}>@?qp<`d7>Z&I?y4;}D0*!;t*VZm^8UBsz$ut)T)IPL;-Ex-2Zx2K?l zMx45gOEP3`U&{uB`vnHBNtC_6%?#WND#lUyV139U0FMLf*B#Z#cF)rn(O!%ZRoj*mN5EwM%bR{=rGWE!D{`hu zwIkRn?)vJ}5I~*uEW`ywpNt2z+cPkkqv{bT+G>xOT#8DzZ|3bt8)_kro)zc;K>$v{ zu!O5>`yI{jO1S|*JkBDU>J*Yp^9LbfJUo(x5EsZ1`09%@QUYL&66a)O?Hd|O^BTMX zdUOp23iWDb)`}+u2RQNVg%Y?OhoDe|59w&{lbWA5wGY~1{EVv+=hc1NY0GQ%93Ga? zo;xHJK@`KS7DGo6#4+gx$fS-lnPF8!nyPPaim}D>7F%?r#g9L^waW1axP4S?Uoqwd zC4TKe#I^xS7VEtzF7>g)&x#!U?4y%Q-OMCWz9#TB`d7KHjuUmxzw`4FSg_+~b266d z&9`7dxhnDf@8{7f=2v{`4CnJ8hIA&NQ4{nFp}%798ZHlFHw6VX5- zY(=nKPp*1X(|rB?-{Xht&(G)h1w_2aHueL&SYtu{*TO4uN>Zx5R?fc#RUm#pUqKcy zj~~XKQT}t>1tF&@YcZy&kO;K332bNaS>G7QYCSU!}{`*I_&gr!j{5u~s@}agt6+9F-kJpxDq9S8+`cUl85Y z3QekWqnzX7Q?ntSTRBRP%|Y(bS0)z5ytFrh!#oT4`7ltmWC`pEK#!INf+<JE@Scohb?Z^VrGr0mb#V$!{S z3d_d3u1MxY8NnO(|sF+_Y}B5cGoUAOYH+Jb-M`?!Mc&%xS~ zo_ydfCq#L)Pl4=6+PW^<5k_8=r)`gaQaYBB8uEN{SUCkUy^U5AGT z?VGeZ_1?z)(~EL~Gzf9}`CKumK*u#})<)Tgt@NuXcFSh<%iC+W(wDLs=xyUUA-pQ4 zsn1f~U@llT`{v_kI+6u$I{mfFJEi=Z7R5U2RSwmc z`RRAdfJQ`XHw~Z&$)1lkK{iBN`9b;67q+}JYdtRIM=GD5rCP*S72WtEWBOd6O|$Uf zlUaLhdzJo6CP?(#C|-mrRzISfylh}R6?3`T-2TeqO6;4LMx)4EmXg25Kq>3h;YwXH z=qDyq{(BGTtl=6Kb^#>pZF+|UDWqiHpn9`8klC@qFbJgs3=EK$!2~C@Fc@<_Or&Ap zL;3(4E$YJZ^2?77#HP~x(onSn8>`@6gfb9|`u*iB(!zE+URAj-tjG4>8~Y1Cv$QUx z7I*N-8T6Q0O+fuDQztzfc){H{-y9ggp}oX!Usm0bJ(q--lJbek3hN>PDH$$}$?XF; z>FDODiV`V$c20*Gc%zM!E!bwrQzZ@?MHF%Ux&<0013Oj^;w>VTH$5uc`L<9n_v8>y zN7^Z%gMikQ_{829!wM4f#QZ#YKBBE^h?8>zjxQzUBMJ^d;JMd<*UQ4B zNk^hibzBDCD5ueP8Bpj^79KS00XPJozY;KDvEV}>NoWc^ZzV9Rg|6L?j*M_LFNWdb z#W-Yz5t_VbYOJBgtIDi8wBfeb*<7+YTXxZ+!9mHq{cAnBFr|+SzbtDUZMa-91U!<_ z0D85y#2heARWbtG_T8KT)l@a(ccWLn>P1|C`HX0VFz!jYeX#U`M2aFFXPN0;D62p> zq8G?O1`v@I8vepAACkQfJ(9&#f|`PgATMA&lDbB%dITfn&_p1yj@D%`oQq4)t$AwO zjTloTgH<~njc2#JN85}+-N89!RR8gip!o@FX0CAcrgs$ zYCEj-^%BRYl0kS{2)_?F+e1nGS{o{+R?A$IL;6(DZ=lwiA5c=T%B!i57uKnhy-JmE zqtF9zx!QtAQ=n9vqmAw z#{=s3GH{v|8HRR?ga-L(0OUl=3@H~~cX-LqCz4o=k$dP98=tIF)y8mLDo)O6?gIJ{ z5W|Ix@Od{*IHFc`HjJ4SU8F(Hqsd$@9P+*F*$eW#f8Jorxsk#~56MS4fgiX7uvE7u z#`YJFly+}@e2j_eh$IZBAlzX>pLmDnU9b9R>KeDZGS{=*l3;wGPdU1Wm~x`$oA~h< zROFERI8yz+c8{6JW&#=w`>9#^(VE)SXQ(@MWu>x%ifSyzon=Sv_qxX~*=M z`*3v*EUvo9Y)H~QqnuB-UF(O<NWUrBJ zfOCjF)lX1Rp53WAXBLzUB`LQOU? zHe=LDpI-oMk8tc}s<7Ul?p*=*lbjcW5F{!iDtr+1VvE*{s_e0iBAEI=GYN*sW46LJ zY|t+PNMMe{$?2>=24U znPHdNhCgR|xN!Rk+3&D|+D--_0z3Fk>Q?nKMjpHXA&3+>ESxjDe_JVrThB*N?D}7n*z=9>S9^a4Bw=6wV#c0tjQ^?E zgLNrMejasEy%Ftu2k7vCZG8{C$erk zaLb)dqw+nT7*K6{SFitI-j>=HB`~b*w{z>O?c`f?$~4kIO!hgpyAV+5N$koKv`4S; z>5wY*0hsJms6XHvh{dx*K47Um0tZ*{hj*9or(a>Rs}_Pidj$ftH~_i^Z!c}giv z_I^%N$YweZ7_emr4B_Gh=5LvLxAeK83Y@Otkh;4~1-%3aJ5biK=E*;Bq5#vWs;Xue zzB)9{oqxXYd9r7(%@!*Ruw``Bwxd3HI>?)W*7E+WExNM~?GWIzNSn+b3si@xojp!k z5ccO}TP)pS(QkIeATcP~f!i^?Fy{t{7*^*I8SPL%DV*gj0lOwB-tj`w;FtnPLGZO1 zc=P$*IGx+md(tRY>%7_Jm~J}2<%20p#{^a?KT zHrE~Bz^!UBNl6+LZzO`TwcsSON}NNad}aT!Jc%$D#(t%fAR0 zF2-@vDFsaZ0_JZ01h)M%zfltXn~pjee2>BUOV_&D-kq24-iL?`-qs%TqZtQSXAGaR}~$A=D}gKAmKamujPHnlE)G}{qB zG46|+TQpN@s`1R z4N(uxR#~P9EzT(~TZ;cN5aJB_ws#A#IJRplSuu`KUAG%`;+f@yf(nL;y%y-Y>ntUl zWXk?zFcSsLU^fXw#G>JNLOh`H0nFgTa0U3&qq8a;`M_JYZZ&SK&q8Ng{Z5{@9tW~V zuOYT((=4p=%SvAeZwTVlJq@11WFy|5M7D5K239=N zCulFA@zRA?wP?0!zdbKGOg||}8hHJ~erf629zD#!kIyss-P#j$xg9FqHd)_IFr0>O8Q zIzq@)zItF!vo>!5KR{SS;`ZQjah8jF@u&{qLWvULxr=!4XdrDUm(|vm|0>_Ji%6V? zlcj(its;#5my1i(Y&OEkeO3zfA2u$j!+9!|yXEvtw2ZM7(gDbS0VLmpITv54eXdm= zUO;@;03MvR3A&653ReIK=-pQ2Bi?o;9XW4}6AZXtcnO;`4+{U(PLo={wE|t6A0p1Hv~9ui)v$wfr$I3*R+vHk(h8Hp_U~_>p0QuDJbT#fpofTj zaRqEf$)Es53i2K0(N)BfK{j{J0N3=qj#8z~_S>6SiN46w_yCa}U*VVF_XWjtnATn! zn$Sf{u1$q>AlZD}?GD)zz|*3NDIf`skvF`;Vn2HEAA8Y-zdb0pXnF9bXkYH@kaW%# zeIF(Hk{Au8?`Qk5!S^R|?Fuh(L^(p?wQ3uy=fn5;e_yG@|FLBBP{c*Jc#;%bEaF>2 z^HkU{fOEToif^Bi-I%c1&$}!>pdxvrBwmuzwdJ(^my*8G!s*rB?_#Mt`}GFMTrh-u ziMognfM3tFeO5WAKuL=A#V>bV5-igG89sE6Te^Umc)*uBQz>=otZXv5rNFW;4$yk4 z{i>0Y%3&`4`(uohX}M&@vm1Q*!d{VV7=es4$t-g%-BB<+-f9Nfos1biDx#0a99jiT z41YyF5flS2A}FbZB$(L!xr^}@(X}U1UAuaQVo)6yD=sKI!`Ye`ObC>C z1_^pBRVHR84r5pg0x4=Bd;x38=PBEV_#1BXDO8pU?V0azT)v~o_STv_ejL|(XH%>8 zOtHIwosIefy1qgJ91yPqajNdLb>~akY;EbKBLqSptoTpoKtCi~qQ4fpn0+0YUB;MEblhfBr`v$WUr_JfA zZ_Y5e+G?5I!Vj#ZveaAzLHK}u3UoE^XT!Q7kWP`1yuAV|}QEj)H_Yv0Q za5GSMyZ1HwoP|LcOGnM2ck7#Nfn!GWx8rYh3*Oyta_4aH4Wh~aq;^m7K7hS2@D1qN zcqafp9h=swo0c1{cg|Xb!S|kurxwkM=B4@s1AZdQ?NuDcQI0Mh8{mAAjzW+S zx($u*Nqv}DeLJ@8V*y)$(KQPltzfWy^Zw2^BVX;sJ8J2O7o0w2*h+{`=WU>+oD_`4 zE`|LE^U;HU%7H1~=B`hK?KsT|g_$i!eli3jio zkr-&x*&sv<~p9H2h`7^No;(405vdmGN>a{a)3T5DlI-J@*4T4Z+T8TusaU*_ICs8#gV7T zSrXaX7L+e1Ti(A7G2ujWc=^NTltg`NQ$k4KcvIrx7<`BQll7_iAgMSX**Cgo&K}N+ zoQ$oY((H^7tnBrG&5Tx$3+vZvj81=n!W07g5CkCDlZ*$KCAEe%scr)C4I+$L_XJ#fELgOv-$!eb-xWBp zCtn7ZhY`N_RmgcW#g1n^QfwAN7nZ_lK2@oCVuJacv*e}4({RzMF@P>|`JX~sQClokQPjXOKsIp}v4Jqz2b-!g@2GWvC6{7FSppdSPkVS7h)67XjK&+oDz&MS%SWSc zRI>=Fsn2lyI`^T)f$15wQKQmge%ys`+O%#nca#!*liMAmV9*xS$~oiqqd~}2(-h6<_(s`ZVH&PqGE-O zl$4mJ=4qH_PUgt?n`>SpaA%E_*slvLfgi&D!?-A7dOu)3gkc97oRzD4z^!|?BH8tF zrj6#C%^~sX2hYoOjK$p_hCey+ul4QsurETq(|K|36dXlzYJ9g;D}QpfMm{YGy(d>P zb2|-b8M(L9=B&e;pD^kfk$)SMO;OaPNYj!_5OsW~y|)N)JE0)GZC>?u*ej`bv}`B(GtANQ-83trYX1a_aYIE(Qs5DDY#;H z7)bE7U=2_u9Qc+kVUDNEAR4@s_X>v;GbrU?vU=K^MQeZZxTnM0_5PVDrpNBSZsSGb zNMq(Jijw*jU-^5^2I4U@x;7fYM34svNZEj@pce>5CuDVa1~>6FP4kSfgT9-(9bL_g z>^}-LC(mTyvc4M_Kcce&FOel<$0XsJE z!iJRe!gALwo9{Q7H+0TrMzz@kYHFjeb#_3DAyK2rS=iARyuaD(adoS>4`{jk^By#$ z`_6dz$L^%3=LHyLaJDXoX3Ahu;k0=XTwm@maN(P+zXia)wnHPQIuxCHIV?VV5yyI_ z;A0UX%elqG+IIx(`!hBlH&|L-iGJNg=-W?Hqr12M>1ehyG#MZlpSRZm`|}>>gPJ;m z**m+x^sVjk%2rLqGOYI$Y3ioDOs4RhROCc8*Y=hV?lbx|nI=3fQkG*IQ9M~O5j8EG zLmx5P(tHLG=-SL;jNl)q<^eDMh9|5_&20R}OY0d?e67aM z6yt`XF*9X}Gwvn=(M%KUr|z7ND^byO-)mMlb2`uXJuhW)_)hQhJ9V!`Ek8fO*tPB6 zwtvB>f6ro>63`BT;dT1cwFn$g12Z$XoMO7|IC+wO*afo4i2igOHaQA>?u~evG66G- zgfZnczc^1t$F`8(?LtjlM_Kw^ms^~T{^fKz*GZs$#b?JxVBjzvmSwYnN~0LeDNzWr zzhak07_ncy)f|q|?WD`S+miWUNi>yD1H@oM^~kG8hws8KH5?STlHp>J-mm9oc40oR z`|M^=bf-n?-E$HCa8`DI6d}=iwekG*b#X6U#|Q8jT`!`><0Z_SyseqA*~ck;aXY%w zVokq!xju>Z_c~0-``O7Sb@~wTxJ9!4t&iv0N`1+^*9fbUD`phXVCm3>;_OV0tYEPd_)>{*J@wuGW5Y z0D0tnBK0`)yD0tX+>26YeS6yOa_u5YNH%4v?-(!}wqS62J%njqxtmO(ijLgZ5k)wV z%x$w^`Jh$;(79mG>N-ysC%qmRE@bY%L7WOc*&lO-rJjx5fH>1pvc zaDL|?{z{m&ZFc%oWh6w%|MRme+c&0S;UwYS%G@}j>iPE@OMM^rTdvCiLJ~e!@`nU5 zn10peoe-O6**vgU9roI>EW1h8o29NYq2_$^JuB0@R*FooXM7UYWIz&{H93Zkl0^Y< z48a(QKaZCy_Q#hbbI!s%P)Hq*Vc{P4)26kssgHqjZd7de22zK%*~dt_ZWJ21Wd(}* z@^O{}ZsXpcocFu-w>pzvNw3fgdUE(=pMnZil#ky@iu=V^rtk>M(!n9uI@A-{bMMOb z3tPf757;)mHkK8*oHEjGs6hZ~=zo|+^26dn5?D%c-oxW5F*33-j_8w8so$#j4$Z;A z?suV|-;faeT7pM^S^1R;@t3aMYQuL?9St!=6eC3(VJ;-ipBrDnTZtcW1HB}iO$@-E z59wp%@^WlruXUkgs%Q7<7t7mxPCMg;JIM#$yfq*YScbA~>2yF(eLlb}Yj)0N+Tn`d@k#W&P4$Faz$_7{8U3 z6kAF%I=>1DLU#S-Dq^HsmZVDEXi`F=IqL1C8C-mMxu=D>lc7@QEa%_guZ|IRpoX1Br(5M7kJC`2x)t2=!i~_>+V=e&GCdbhpoVD$* z+ypESSTll{7_iVcsQ5OHo4_jaBo%YFMp9g^z=d8Je|YFeAF6ciu8#-m^Zt- zrx+{Glq8M3dKe38tgbH>maF}2t9CZb^8J^w$OX7mi>1oE$L#g%qF6|oMkxu3nn=5! zJ8naos)a%?D4OIiYB8VQ{7)WgEl0^D0$%5QxLN59`h)NPi4X4*OknpXwx$g$+DQa6+M)fHiEW7TwGtSE7wX72zU_09`ME6w| zljoCj#|ipjJ7;zJ8S&I4qzx_Hr;$04i{IAc!|wuf)dfj;JSnz^du+E3)N&m}>PFBp zAJmGX9dw-U+|T5Cdd-Hv-#?^YES9xg`lN7KJ-LX;vHK6_p=`Sc!8w0BC0LTD^SUn5 zzf+H6>`t|}m#eZEOubtOE6T6Ao$Taqc{mMss^V+Cw2jf4)@;2qKBsRkTj0r`?;C>6 z@N6z9+RWKODdc=|`;m4{>zGnU%vOmaSToM{ng>|0 z9h)sqA2Hbv8SCP}^S zUQB=35Yk($bd&kv(8>Sbjl}=Oz>w}tW11=|0p&iTE38G(h115_a;s^*c&5glZ|*w9 z??_fnu5r`%T;0e-wSL9L$rP)_PJ7|b!lY&~dU880!RG1&DId%2{u|55LyP-{p!UW* zKP($7LD$ncE;MwoF0I+HFKze1ZRi_A3HR+uIxJ7{bjoWoU5DFI+))k6$oaY`7&Hmd z%T`kx*xTVWH!*=0Bx^RBIQuuyr@Q_{qn|8tnbtVIrIK>P1>5S~Yz1q?3o^_~y_;JF9Hv z6QTM~5_%~Ct6GcR`!;-U1TC)ettN)*P3Py%pPw|movpDuEB=i!ICyoN)}_5sbK|X* z5;t}*#Z%VtJ)Ond?z%TgwFp}1G$-Y>3oTUDCjHU(s@o`ll&47itQat(9Vl<+$GaH$ zw-xO}@`C#-LOO>VyEetTjW6b2tW5J{y&~d*vFsy8p4fPgF`{7|=V=GQ@nFF}0Y!4G z6|vmTzN`@jry&9EP>pX87xsJtn}TDF&8LB;(H#nKt&JCGorS*MNq0CHGT&6;FZ3S3 zEz_&F_}Cbiu~@+gYbk`)3Bl&Ziq!jEE5-tzn=C5xG(#(gtQQ3y4u0YDFDzWHBqym> zRzaWxy@ej{(^f5@JU72H0AAmwPqU3|t(Or(Md}xwtKnt3RVIUWHG_Psu~j~9?kVvs zE!Xz#Beq0eH>oKuCWt^Zk`H!8o$_n?MWk&EI0hha>_0$91xzauPOe+)shOcyrh6*% z5Tm(2wWC^Oq+aGdp_!j{)gNO{uD;$9Pb6RugC?oIW^Fypx#~!<9%_W$n3YU^Afi2( z*-g^+vAdS4sfsA_@Z87WohWg*wZq(C(w1gG*s(pXoJ>P>LdZ@T^o z5JS#AK-AW!iXp1uMVhM#t$gcsrjs5g6(L-=RaVQJE+wfm?z0JGn_=~^8KJv8akZM6 zY0l^Ajw``H8k3;BnT7E%+-kEZo5DpVpn_)|g-C~Li^RUK?u+36yeHH6PlE6_#yJu# zWlMN7YLP968=G`VLW$u4^<^4Vrz`S}EFu0q87-UWh-_nWe9-S|9uzxl03CXUcZS?(MJEs_S69rUj69r&(& z%7g9xIAFH;eF12jwao-zs^;9Ul8O*Kyci=%)hX$#$jm=eD^sj82?OZhCyUhU4$$aR zBV$e`nH~h(R&qKdeySfc`p~sMflqyMiS`2>MZ-2SVntC#51~NxQV{%CglVE_W7Mv* zPJ81$w>VpOH!bC4VPZT{>ZX&n8vd|umjCvyCmYZmwmKCeoE+9IqD}w;GmpT6OO7!$ zh#_zh;qQ>@0bi`7qNDR;=Vm)YF6r=SYh4E8XYLo`Wem1whxoPxSmjHHL+h_up2JDL zvd7U1G9CtY2nWCSRFA;mec!*W(6C<|r1Yc}C4V!iRxw{N)?tDHZSrlZJZ*jm-0cwJ ztCY=tqUjd@#uEF-&*As5^91c{3<%yMy#oi^_=D&Xyx~iK!V!|LWlvS&N+Kp8y2>s8 zpiMD}xUmMS9@zX-dN>9vvxfl*{}8VM;t#_gG;O2b-!O$~uiyVuJn(RIEtvYQz2FRR zku4YrrA!~;cKbMU*TqL)rBdFj%5t&Q?mjtKjqKwow+-t8yF>qi6J#TOg)HU#sdz~t z@x?sI%z4wd1fuB{Rd=pj^JN!44W=0y_{lJ@ORnmX@53!WL;S&%ClAD8RM zshOtLSWsM@jc&XT*<67(B=^zL7k$LES;8|4u4OlZQOdAwyZOBEIc%QI5}XGth`*&y_T7N2M< z7m`LKVQgdHiiw4^a&|2tfzxcsSz~KmUp8L-|D+U$+g}!@<`0cyb8@Ibx zk}>gENfpNkcJHsaCjweX3fc2*=WaRi`->UAqRFJla1Er_>`*%>sK1zDb{Kf|F)S7% z3SrO?G8*fsdLOn3S78YK3iYn%nh*g10`PSlgZ#hU-2e7NophTW&XNIMbp+kC-rvY$ zg#E?mc`g@fIdy33!$WU+^_J6_RAZOGC+HW%C^F)=;xTgTsJ0(JF3Yert0*Yoq|>c+ zKcc|#>v=}F?kJJ*Qz}$c;hWFV`!$w`l)nx=-kra@tWz|nPW~8-q7oXc%R0HkWY8)_ zb;JHx6vv_;e#NE!_U+r+ucdbX*Bl(_ZX3^3Sz~sPUU)9k{=LRE9L{D``1iwalbgKJ z-&}&^e8s_DU}u9pZZ`pjwv){vq1DjWogP({m3)p{lxznLyQQhAq;4bMg%RvlZ3Xf6 zDBF4|g~m$oY)KJ$5)t>ad$}Wo;bDFt>bCoLq?haByxM_6CUGKeM>(LP--)lXrDEu) zni+x6Lc;HC=}P_r)z-de$gv2K6a@~8?tj>vKS;!VMG7umz^#%P_RKW(mCwEBS%ZG7 zHxd%kW`<8o(*cwzQ|LI2-zDAaeENk`IIdu{=cKMnFEBS(;I-@FQgJaer+U6j0xKk0 zZiNM3y@N=P>}x;hJVNll$spJQoH@Gu^fMxHTjvS9P6e}G z6OU2#vu7upLFu=pC!;cKQkh?^T^rs=gP(JnKTYRSQczHs`4HH0rB<&+SBeZLhkTV} z9S2^eY-^|aOd(s@93KYCA@;`ZAxC}SlD5Jzkd%jKY{TPpEY7J0L_t+x9?3;dpI=_i zu2cBN4pBpCMm&(2Je^g(zZ3euT9BVe(57|FqL2@4WRy|<)h&6XAkMv2> zaF9#Jl+i<^>!_%xI06`ws3vU;y}Vk4S|y$Y7)sECC%B+p8XsKr7>d_S8&u)Lse=l( z#c*)^&PQSc^WO<^=frp_FU~ESbMksB4lU}RTL?bW2=uy=ZjRZ#UH*1bd~76%54Qn` zX-YM(Wn3-%V5Y!SE!-1vkCjZ39r|7pu+)UVo%U>ZA;nz-grRT;c;=+-0e!qE*rf0 zYa7j$1K$GhOqis1L=Pd8J)}G*ZpQA>5GbVS&^rNR!?Zq>{Fb}*!8{Mi|_nS<373gSmP03i*l;=tR4=Nl;w-( zFS8tq?du8;-%7~_-LbVbyPq-M_1s~*%vYPmxJQ@w?1w&kEgBt{r{_2#2B~a9Rp%53 z|1yB~{^m2RpU@mwH&6OO0$~4IPyirjWjHv(-ISC4^TQX`YqP42#s|%1Ub+CI^IFq@ z38!MGFur<980yh%u-I+_k=&hmNb!4By~g!-Ii7T*$Nexiwz+EkIGKyLNsWcQG5TBe z?o2by4U*h7PNo(0rQ0F3h4!!Sx=Th0sDi7MYP$SsC9GjB?iSfifOX`?dDYeC%O7hawCP)sXHNSuLi*A=5PjP7D zBXMqOovEr1>~lUR>LY~h01JSRlLVclCT`;} z(ka70a}Ik{mEhEIT&pqnJki1GMvmFwZ`D<&VA&GNz%GS%nMJL)+j7b$HOO&U{C;fiZ|E-@O@^Wm-c|N>);e|B zn6G!#UJBPRzrlr*v&}`X$)>q}!04-S^~>3ph&df#wENOo23L!y@%gIHh@l!%@B7k1 zg-vyE`tbMl3=4};=u-h@<$j&H_fT#RJchOkEhc4sGF*cg4gLXU7X`3v^%L#&io?0b ztXAxP7JFkHl9?m-TiVEMzr0&4#xZz;UA5{Iwkm|j>sY9eo`$jGaJ*Wg)cb76spbxS zonR?5?Y_Z%M5qJ5VwDz7je(i@sf23&OBwgG9okBgbW@|fsR|Btp{0 zz{LZ}0}Y`xcs^c_)*vsML267oFICy?yZzv3hN;jm5`WbI6R#2sQ@ma@>ghWvoq4@5N+rR*1h<7Kmy5(BEW#S;WYI&`{tOUEnqK*nWDv!c5q$%HIK z)ll$7dQQH{ZtQD*j_8e&r)rpH~CZ9 zgul|M)g^<~x=5t-eL(0ElzlM2^PR^npgp82UpHSkcU(iyYrv8GzFD7YS6fZ$1kkF$DS zXXJ|Z$Gv}+z?ld6BF&PuyE`J88^Ylx-8_?*zb(E}%|JudR-p#j=*xNLAaB-AdQ%I{g5B^;BVdsw2G$hM;3g~sN%(@<6VEYASrbA71B*r^3*e`SLGCT zBd_h&2V<18pB1q{$n4Z>(5Ibczyx+`ko$->t?ZT^jgnX18U122-fyH9i}55RJGv=p z<<=4*yi|;xL`xh*Y(#^#gfDrJW>Dbw)U*1kP&0WApM?8^@E4Kc0^j88z!!JDAYz_3 zBi#9@!HG_yO2&d`mT&lDvT_JD8I(W!DUuQl1U%arJYG_BtRX+(P^q&{82n;@ApwN3 z!yxKTs#N(=d*pj?(b@OUR6uz%Ef-){W-NsJmo);Z>>oKlSz>&wsRb?qP=rPPO3nV^ z(}?0gLM05wH2~owCSGzqA_=N3J6bZx14sc5Q66h^gv5V5RT%6qHH@h7s8aCL)kmvj z2Nyklcr-^uj)=)CD$C{vj;y7S9px_S#5MBx(>zGO0kS_46%&_6;d1m$`2Y3Kd5}mL z$^J@`3(EH7;ZWqr|9wRc_{;^4I0lGQyPt1Vm)ibH#=EfKKL|WSBp&^fB+G)0|K*|n z!N#rM$~)=pv%Xf z1cBnd%D|_-odjX)kDpv5+%>p|{q}vGQD=fg8i9TYq%g(N8vjwwAb@D(aO8YjTGow& zBd*^9XnUaYI5C@k z4}aU^kzIY7M}Kj4J;Qe#0|&?gI6LzFW6wahkMs)HCXVO*O8z?+iq|UjotW~2TU>^& z=tdgBxxAJZcnnE-e&PT>p}8qAeu4RsWA^x2K6|%iiDn<#r!Z`c zK1NxyH)7Slf3Z*zs5~n(f8lLmSNndM9*zt5S*^6;@;N8qO~wEDYn@yrcoLBjKwrf$ zQvw`NTPDB7pWUkZ!mT({U4{gzv+uhSwh>uYDXN=QqNJLC1F}V+D18{fCNFP(wC3vO)m~zwH|@M+QD3EAvWQ!n_Kt9^ z%%ga6?K%HuU(k#bS&%e8iDp1?!LQZqw~3WTLoF+Zz&z8(_Bu~0Jf?R*H|2{zr%mXH zQ@_3rFAOu(L6uhNn?a^sbu> zD`&2tnhA@7!=yTK$TmA1KOt%#`C6}s78lPqsBH%7`eHJ>%l%Twi22Ll=o!UeSP zr<)1*C~5(S9|(cC5?1FuJ?BH-jzbvAC7J|z9U)`ZUPi^LTTd(ZBbvB)oA^CR{`kNT zWa3-&{C7Y*065A+FGD}{yLGw~A5<4O?E69(5#e47d*dc(eeJ@*G}zlK?UhCb40^aa zrDT~x%AoydLfR*Qzfy%U6S2s`=T33T3@LN~yNOPj-bj9zt2kT0- zwc9gho2m{Q&z92;%Kmd*|8l54DhCe1j&s}AJkp#Vk{yW01L$b#EEGIJ$5!q>eodAbrQwEGP{?jrd*6mxVWj|Us1a=yr|E9WpcL>}N~f+=u< zM5T*(d6wxg>ylw;POQTE)>RAdj}wG~{PiCr?4R?pbqw31%;;8U;=P`LmL(pxjScFe7-1Dz1d?N?;@;ack_uN zEG?eGd#DNjk3BHnJ>5F^6evyc<#~GQh*hVp5pk;DKb-Gd-_s>4{tMli%GPzQ$nc^o;ijry-}9V=D@Zl*~6>9 z-{=@7s0EQa#QZlHVN?c}?XxEa;kkWHX$VcMDqz3eaC`Bn``nmIhGBQ0Y`D4p((?LR zn*hX!93lMvufv2mx;FnV&uNHuu3*S#?|ZCmk$Z?>gVF7r>|$^H8;o_RP)hf)Z)mKC6a<)K{RbeY&5* zy3My$p}$|ONaj?|koJFJfeRx@ovJpnz)@QQnQ5gU!&gHg8oZ<#-1jrsyBHwxO(RyRD zgJm8=!IQTgG4M^M`bT1Q7Zq!a#swkvXK~FWyQ1qF&@4mN-A`~W)y6*9g80O6$nxO7 zzTMlU#RVT}_~_}t*FV8GQToh(f2F@Ld$;;fe|1LQfzI42P1|SVWT<;!q52x;NWjV% z<`!6`k8}xm1`9a_!GZxB;$Oc9gf7asA9qASkKX-+HR=Ff$Fm^k;?PaK`q|XRbZ_3# z0)RWh^6!(!9M&oynzPG-0)1$GuY=JR#IRKQ!`m(%rJ(#B=^*3GyRG?xij zuPoZ1uH|!Yo?6Y>?(AX{?9UVE<-HL?I|RZ)S+kAgdiwGcxe=?jtp3?2N@dMXgn-b~ zL2y`qS>!Ov=5{&rc~6 zH;0*Y%K43&x z!9R(^f`8nDUkVo}{Re*zpM|3y_O$BX9LX+c&cBfLK5wU%Md9N0az3%`eXdS=A-+21Vx^Uh zWzxH`F0;_kl9_z7J-~Zsa})N|gtk)S32!PS{8KG zr{jc*Jkf~tpf%E?Ul=j@qeHoS$;K9b@QDU9Sgh(By;y zvUs%LXu2lO?ZUlP3!~e_6n-5m)vx|qYHXv+^|O7m@Hu$oKpu1xQI_%9ac#+WUS?B! z9j+Z0&U-&OL)M0HbY62{r|EdpedoLGD^tVP=kf`7PMC+AbM=cd+z2p9ZhP)8oiqL>${CqP^VKG9zu$Nn+Y_2+6 zBktv^2@6~*nI^eSbyLB^K18RNIY4Xq5HXInZKz3`(uXb{PsIEkm?>d7#QpxhQeV9+ zir04IWTF_c0=NJbBJ6OZL91wY!-fSHPJlQih-0wJ!$8!h8?@jN(6Xz#*o8T{=~Ec4 z9ZYN!!6ZjKOS9Lo(t+^cyfK;acsOtp7h+ur?QpSdu}ZaNJ?@Ap962ZnhC)&^6b z-t&1BS^qGaa1aylhVvRzfO#qBIH`WEphUz+B%;NU{8QAch`lKX_FG0wyn>9xCEc}m zHG4gnS>YfNW84DyeET%`G@v2b&gke5v~1%q6Zgy6^b1|=)BY|Zl2rPWLmoTSAMTqa zWH_e*Z9vqDj!zuqU(KpJohm_OqYfWj_F?z7zuc7Y3fIjIG}-Vpg=@?>KeLigV^R!z z{T@z9PcOZXC3mxl<>Y1*Kt_X;bBMp#FZa>i^2w!@z)slHId;=)e7!m}3NKIwmEtG- zf|C2Ku8eJKT8CxJh7@;6H)R5NDTCoUb<{;rG}nXg#YfW(JXt>`aDJ621|XI z6N%;bGora`lcA`7K(`_rn=pmvCeJKAI}OgLW}F7lO)^Pvuu8Ju7|s-N9bCkKFv7H2 zn?LqjPdD%`TDNXegh16tim25JWaWY$&2W$XZHVOi@pIc-Ux$xKLMS?WiB=B*s%M+U+LvpcIi(Y1t)Pm zAphvKf_Yyhq;i^~2ADKn zbheY%r!yxEf3~esnqts=KmD#Iq}0PQ{zup>M=_={UO!%(v-ypx26dYv(q+I!V}VqF zD!p8=wVKmVu|X+!<)>iBj_fDNvl22kB*z!rt-|1JWH?s*k;&#owx?BLPbYb*5NX>g zV}AM8u#}PARWgo1Z@*E)7jtBtaIV^v=4+FWRSTC{kes&ebMNrBA!y$pP^d#GJo@G9 zg45k)CYD#hS{)mC${c~ zirGNR6Q(VDGZ(XOmMgW88;e7qQ=PWh{uz#qKBNCkE`v9JvA4uin;EDz5S$~bSH0Xm;dAP zKv4~?Q`qQ7H$6;Ce2rO}E_)}7^R`G51&;7HA=S+`J>0}sG?%@binm;Nq;SqRt*OM1 ze#wK2u4nP$Mmp?()$RBg(Ns(j={jTr6MKI_t=g$Z&9HUlJ4ojIU`pV0fob7pmZ2*7 zt{Q!px2-B=^T~s@|AG&{j6Qa8bcOj{c+pHC1#wDXB65**v5X(Ir=0goQMW5J2l%JU zqXwb7LLX|mlDCg`$}pVb^0bxDFyNli5Rv$MQ;#p?!7q90!*>!FP7gyCf_k(HzC6W{FZX-dzc_5S>#OP38`|wz4p4z02AM)F zA3l!jGP9NmB{lXs4r-9S4sL)(ZINqTfMfs_qK@Y)*O$V{>6k@}7UqTLwwRYTyiw2m zt*lD8S-m!AzJEu%rb0esQMaQpewfrVNSiZZl8=M39vjk2ASQ$ z{_G|4mrTU4>$92dvTNQpJ3KrCsbrxi43wv&^?L`V^!h-YmZ_s{T$&FMfahPCNdJk zhOeFji3`a`0<};z`LH3fI`&)gd>8mLeEg;m(t>z0By`RvOg`o2O}|5U6O51q$zh&+*qlx(ro_o#E%4B`Cb%^n+ZDgqfW?YSr{DZ;^(ATXP)e=aT z2Z7hD)G~WTY<@R3+%@8x1RMPTiH?8sKHpSn1%LX;xy);lJD=G4!7911RTtDy% z5>>!{N)f&j4?&`>IMNPbY%?bqt@O_9V;YX_+Kc8aG8CBMhwXScl>DT>X88;hPe6;v zeFaw{_-CcP&)L*#&j);_fX|Ys{=9kXg*4A?JsmEydD`5UN5>7;3I8!)7f^i}nm~a2gwTkW=|! zBpf=^U^_LNHfb_Q`ppgwesmGct(5&(qaOZnbpAky$e}0YVthAb?09yLd%IrDO>}yyR~d=}UFIV3ZMd?XHjU8&fJLXKqcJu*2yC z5Zj=YjR@%kfnTp796l(hg(0I^K;HP`gim$kuRw>~lSnjm?>sh$4Y!>+4uQ10w1Si{ z?tzjh2LAZT0ILd1oT2}#cd-4dA+wm4+Stz8GaQEwK*0$puYf>N)jlaf3^U5N`v@#n zknh${-OFt%k>zy3z$96BSzptS-XIar+v?b~v9Fsi8SNF)D@&nrZ^!FZA||__c;RSj z7f?`kMyH%u7r5x3Fp4P_VQ%JBIM%`=`xJP}|M{upI3)8{Tx7!C#9r9#-cx9oQ>!+1 z{Bm#MS*P@J<9K(7g4LZOM<8g5JZu&dIydm{Un-l-+2HigUW13|&j-)QT8+jzny;NZ5G-XCdv>U;Haf+!B-OdirTQyoj>+`TcH1#|mGW8}as^o;quzf9ueI5>ehx0|3 zr>((j)}_ihUvm8;bAsouAt_6XPo*JLR^vS3aL!+XM5|BYqIO@uMMLKurv_$&x+O;g zz1JHn$SiAT&)?LWXvbyU<(r;*CST@tx>*BbA0Ny4rfgps-|s`|+IFAD&a!!)5BNzR zppJo_ES(KGG_8^&8N!ugBd;pVC56k7s5Res?!LZNcenkesCa1!6_>!7?$q)_mmJ)? zt3N}8d11ghh#VSN0O24;HK-aiSk(p5d@^*t52C&E!-a4 z4^`5e#cazTsdWxa7%o!0>oHLHYChSv-{#lAVO?B9E9VmPIPJt)LsR#~cRXKTm!FB0 zbA}z9+Mv40ceL9=b+Xra1k!=zfNnTkMd=P++E0ZCttZIqL-{3l4YzmQ9b{*4vb2Jj zqMI9?55DKP-T&59%F$n6)ToO;*5)c6%{rbG2Ak5luGI~ygmgembM<)3Ezcf1qMW_HL|j-AeSYIZ!)_;Vyivr+FYTQbFiiih$@H4x5j` zq=t>zJPvPp$j@7KWk@U@+bVa~#Mr)aZQ_5u1@dPr4?BV8ChWthZaU}sp7BMi>zo-j zmh<*aj5=g|d@KmA{}@Ns%VR8dhLQ#;4WEN~*(7xFb#@|z085nA{Z9{~duY?2Gv9Pd#yyjMPvL%aF1(~g(;cza0%O&u%`(GVLVZjRJlQcV zZ1|}nCArXa?s1mBycm(u_94Bj_{#WTij}`qS%u4ts*E~q&sd@bYQ77~_=jP)LftUM z^eeh+kX~zWX0`nog9mZ)QJxOmK^-w`qID|X3xv56fg4ady_UkmtwG#D$z;%|iT6Lo zvUFkeOPEK2?#Y77gLlK;zT7Gooc!iro1efxrQb%pR=t5jX{|*j_fcTAcP-V*D20YW z{$lzOa~i53f(MSs0ztGX5wO7ljzHO^DY@1rg!qAS@^zKxUmj`wqTE1aY{~oY7;RB4 zAVL4=IBRbK4W@;9{PmOr1?zYK!U+8O$tp8@*MVM4I}2*EzR`3D0kK?(mBl2N=SRzm zJ|7%;`s}2NS+2)~j{do^;VAvSalew2IUV91r5)a`7oMJ)!%6UzF3orFMke=6}6Q07ZBJu45!{qHxL&8@Jwt4d;#JBEK#s`uKTQJ;1o6Dw7xJMkf za@-wOQWg8iZKdzQ)fV1;nSt9BmQBOjZ?IOy$#qo>EA}l5W=z*4Jy>F7X^AN|d23(d zw9;C}oLNHft5Dfe-<~?eSQ;>-Ny?PZn<28P_rdSo-;Ve+u`X9nwq=AMU{j=$6`D`a zzu3})6F#Ti84j1vebdyBWV-d`q`-o#cLGQIBI6}9Usy6I4niYI6u2kPt-&y{UN8j_ z>+Y6vjy9{lq$iUe8FVYMQ#F^nsV(1}uI-@e>zf6vJ%MWUaEnp|C&Q#P-LZUuDFFZr zB&}L)C52}BUradr#hT|d*#7V>>}@)^41430 zjL|Ou0e9;7!&?CeZJ7s-^I@JS;_KFfZabEfA@4lFQXU&5enE;)EpZWRVzlU*f4F_A z@A}bj*{Jj5bMuOxtwGYQ?9b8^?#MVuEVGDcB;Peo-*?D%LEDt;P^Ynge}-{P(56DA zCWZS$@e20ZFNNs!N{pl0-_9<`h8G1&-9@~Tgq1!BO~t*{@fp(_DsDT&+F zQGOA(EdF)m)F6@FB`$B@L*YU$k)1@paYCtK7oY!utJl+b}l1mMX8PiHCLj~gjBQXr;fYux;B`2%?*R!7ZC7t3KS!ky%~d-raG z5Q)I@b&;2IcUjk$o;GkYz;m@=*U#{mc=Y&W6})j6%3&H~4P@|KRG1v73c4hppEO$4 zCSoeJ5Yt;3Od7gq@7*7V`vC%A`Yr^;-Y#wnnTv9kbv~+L{MYo(;B{WS0u;P|+Wj<1 zU==WaZ+k@Hs!Av?*5Hf$^sL*lDS9ozU61+F_I$2#1i{Nc@e2y7@B=^1Oi3?Rp-!^$ zN>c<&17sB-zE*)U-(P^I!mNiNlS~YGaPqVYCse#7(qd#G{eYSYbm5t#1&bmeqY*yD z-FrD(tK*S{lKZ*M?G=|Q-z?1s9#>)JZ-XE-8XN8-$OtCv=V9wF`gr(vfW)t(vFpcS z%;e`S+mH1Z*__d7w72KlflYUn2g+vkU8IiIg?yV7VMtS7g zrx?=6^UGVFK0#3GIb9TYg*Otr{NcQkd=(iOjPU8JX>8180)On`+FzvHQ6a3lTPd2 zye#MX6%LSLRy_8V6}SeOt*m?1B4H{I+izgF&5aVY!%AuUxgcau}q9Zq}G zY%II=kI~-y3#D47A3YYI0=l= zQWACzRtpYu#=O#~<_4jJSpToaamjWDrjK7IS-twm(Zur^?&sASyI4qF`6G3XRa>hqmSb_*enu%nNv-mMYL@1 z^5^I`#= zJ3^@eLw7_&kgS}7bgvS^6yA2@lt zUiAP8(e}y3H8DavF_HU~cnv$JAt}jF#;rkjn-GUTd_n#g1Y7>$=Hc;)bK{y$22Hy6 zA0KY7D4ZS6SW+oqUxRiF9Q=p0k#FdW^_7dQ*R`xdsC+iHQ2<5W%(o%v5ylPcJnWuYizgKSM&4`1YMx(a(j2N8!&>2P@7eW%PG+T9o z-=0pL)&D5$d0; u>^ESQrTmvwiH2?UK4G|75SgCvS@97?J}UXVVrobGuXapJIY-ID?>_*Y)dki7 literal 0 HcmV?d00001 diff --git a/media/schema_gpg.pptx b/media/schema_gpg.pptx new file mode 100755 index 0000000000000000000000000000000000000000..4c45f037fcf40561d1ee6a715ea125f95ca3a61b GIT binary patch literal 95622 zcmafabCBp>mu=g&ZQHhO+qP}nwr$&X-{x(bx2<=-Z>DDEz4xn{Ka$kWNve|C+3T#c z*NTEPFbE0&7ytwS001F?qBM)$IuHN=CL90&%HJ~%4leW#PNvSLb}oi4miBgZ9=0}D z={r_i3@8D&;NIZHTZvo`{z5rPHIEoB2w69PD%z4VrqdEqSuR&Q?j+NZ*-U4nbiT*L zx%$3b`^B5rjYe~UP?`^1qOWE#I9jJY6qmM9e!OPIAe>5xT?8@fETZI8i`Soz<(ka4 zAgL{CB7xPwhE|-Ul)orfWpvd~xU~>Hhq1MS?S@4~QD{cjXhA#!?@*n4?>U^PmDVQS zqvKy6XUk^Japzx9OYDOoretuP)Y+P%*L+B{eo*YCla2(|KgcCj$E-;M;j)GsNvZvi zDl1+Ux20WM4^u>=cyLAp55xf*kd=FZv0}F0X1>Bdv^!yu#CYv*4|dvh`?=l_p&su* zpu)SSV$+ya?X@_lnb@d;Ozb+H8)L2jm-$@b9_yOI1?nu;%a}YtC3X~ z%faICho5{atrC~DkY*}5l@^q!9z94UPD96m#}4y8HdypPXA#6WBEk4*QKZHD|6Ufv zc(tHNlXv(X{Dl$zdqE&A3KZoTfK(6ZBNrLfJefeyCe7jttvDHlJE*BV}dy_0a{dMPQLs`Y|07OG|)-S=%!JA{?lliOOIcR z91qQk`?SM~K>WRnM|6+P2=wS4J+H;!jyM;PuOEFh6d>nfemH&D@6}A`IuEg3lb)vf z@OH!c6&4dXRT33r%*VK#wKMQ4C&`3nm$D&;iC2iIu#on!%qjHR0^$1^xUBR4|7K=q#eeo|5$w^*O=dXmh40k|6iFu;e?Qd6vBJ zr)VG+*CeFBRSYn+Ii#B;$i&_dm-e||5^TYxmZQZIa@)GI_jBQGD zdR?Y!aO~k_=q8Je0VS)%*JI!`?AU%#sFB)I7bK%HRNKEp*J*t&+pFpZZ9e`sS%WO@^8YwOD$5LKJ@5dtAC^ zZ@EV5k6ZMYrzGf}GL5H(O$O?1I()Dl3P3Bf$^gztMzGL(fo|A3SQpKWuzQ_oj3ywc`4Tj7XS?XBA;IQNLkxg=S> zY~goURfCpXy4{LLD)IRzOa34mk@{4b%{!XJQjP?jx}egDCYHIUpZo_+T~?lgNvH)y zoGFGbaF?0g4VzQgPWDQJY6<2Gipp=!+2yfKpLNFC30PO85j>9^%*#MytS(`iARc0( zjDTu)K0rg_CeY~S&7|i1G+31OzjFjS(F`W-+N4^Jfqg{69~XDzE#=Ni0DX!j=BY}S zh1%`AJ(0fF>a7Z%m%Tm1}mdh}GjCuK3+ ztcB`QMxb)N1{hXoF9POhi?8J!&gC0$&}(1bfEveRDL>L0?DagjVQ!gydeqmkqO0ml zsxdYu*YWkr`o2)?cNbc+fl+s&bwDw3QSt(_%O1S&4m=>Vh!AkGhikT{LeQOs)lY?aL?TBYDMfW!JQ3G7a&V5$(rO5XBYlf8lE;8q2c~}A!p*E zHlY){SKw>MS?!cQM*ZLE+@Giz)&Ml=6k&_SX5J3C6mluHiRs~&@+`?|y=AHH48k94 zpf1$_9Isqy4BeTA5<|)1BrxJEk{X18MK~^~8wzW@=Hd+8P#2UX#hN%HSCsBz0lwT* zO-IPKg!Di*+Q)vj5WAI}M4>E>()DAd9w}`CuapxMBt&qhG+7>qyu^|_^~x!MEl*lZ z3*7oCRBjK&c=aa;ZV$(J_2Wj|9QwD3Ry6W*?Kjc|Nb-A&(U0&{qghkTBFV~_ytF`mm2(Hj zFCj&}p_QCR;1%iS(?p0)dXjW=)g_e04yCQI(~VcHWzlHFP$q%DrmVv*-Ut!ruXi==(da{?PM6X{NO9?WJz7AzV=!D zmS0k+ecTE(6#SqOjnL>M496*iN{S_076XVJ!VF_4RmRQ3MigDuMhVxVZWTgYuI4rf5VNk zxl^=t3O8=yt{~VGwChec-m?RCx=KXwYXZGSMM!68kIcdzG>nhtS>hA!p*vMR6$;Zi z+7XiTP8ha_E-+5LgyQ%@d+Hu+3)wwMbpn1UzhE5CBRNGnLwD{3 zkAoV=7&lk<`7w4H_IQ^g_sIGilD(|hTmE-~v|t?1wXdD6)9>J*ISBC&n@!bhxTd?s zz_uH~#Asb{D}R=SG~8^e!w2APcl!d`5A5&^FvobXUtQP$u8e8;uKnJ?w&%IF(~P~w zsF&_pUnfdm!BIEDwvV{&Z$HN5KY;(lNZi5-Pk$o<0BmIg0HFR)M)IFrEeaMNRozbBd|}HEL4Gshv!`lHHi8tG?Dro1 zG}~FbsL8G0`aR`pBzeT};t|HviLxDnc}%$q$GD~s^}j8N=EX(TTA#aDD+nLt ziS$p>kFyo|th;(}ITs{D*bm88p6N**5+4}_myjrOv7?EwtVfb1n2B0qBEGDb5fo0J z_b#aCvTp6L4D9o3v2E<_6>CTbUHK8HLeNaQPf?U*tkqs3_H&FY+ulie^--oDwrKKU zhX%I{0c-VG-QE$cH1~e(BFWJ|o|{~eFIzqlw`iV}jqV$B`EtvM6Jsp6>dV@j`A>{L zd1CzPz$A0vipjfZv6IiY?Wz23r8}zm@_23kIeQQaYbm8lo13Z~3BThRO^{9Dogz&EdR2vXpW+AvW z4g8EB9`sO3NoC<*c{`@H-Eu2_sbUZ7p0@YPo56%Nw_>c&_EYo~(7vr|z6FOMygdj; zzzqeTgmH%ACLxhU0JjiWvx05oR6Pi}BM4Q~$b!PFV7Tkw4FiwrWUC1THzGN9 zc!~TixEl!GiI4Znc!yxpUTc;^SAQu!?y$mxN%w;BKm#*54JD8kotQ7c+%KPg3~!mJ zMjqInx;LCZZTWqE&0rrF1{{#Zf6I-31D+XFJv>-W1X|ScIiKA!5f*&j{q}IZfUuxA zEU5XlFQoXYXruS{vp4l)uHKJTX|+zY1O7u7?epxc7gMZofd;`AUPp6*{b-aTsyM6n zut`L_H&2gN+y*>+_kR9-+M>bYq!0w*o35`@9&MA)vGNiI{m9cr`8X}<+-SG_1pp)L zk|0+f01`h{lotM#(eud+qa`&8#-;9_zDM)8nBU~|W|N{Dc;(K1jtXESe!sdbAx`EN zG2SS$ZC#+hVJVV(tY`!&nZZTaw>Az`?Iqmqb+|)w2D_@*OGslbw29$JCE!VsM4&*7 zR|Sx>?I8!_Dt-}LhPbpqb1V2k2mZLNEBs-$=mbcx{72?dWy>gA%FOj)*rmzho)-r` z>e1$zFc=E`c8qoV##*Y1I0m+L0+uJNtuvFQy2cu>y zslSW%K^ZNzfsMHIs$BNdl8oahjo2LMq4++8D4St~g*?S`-slXAu8f35Ujif?ZpS&*+)+w;EVj?NxB4m3^3G%TB z?qfq0>!=3gps5Iq>KWpS9fARkQ5w8!W9TnRYiup%C|OfN`#C66FRu5CIWLpXlN~DR-t|mZxY{JVRLup5nAK zAsTFfCRFWAr-ot-gyBs{g7et^f z=gL9LffAgAKckUy1;CtoG)<>n6cw6gK zd{OS3E0cySuZb=+K=KUrfN`@WDTLAzZFJ*nl)}GUvBWxqo53}3#g-s%LDIU=3OA&^ zCCF8jk=j)5q*Lr1mdbnRmXn?0q5_ag9Ko_dU|l1wYZXhQZtx4ZA=y?+6^Vz`;NPjP zWH4iS4G!*NSD5AogH2DeR+0uZ7MReRuivc7NA_Tg?4fsayDtO09uJvo+w+L`ZYr%6 z&m^OEH?_`kSyjh`Jn4aRxH-gdw8mZHx|cw%J{V!ZoHjPLoM(~6KrVQ*0;AdZG%LXqTJ13$8MVpY{y}c!&5oGD3B_5Ez^1N!g=2!&4V}!X#y}} z1VmuQAtej@DT%A$Si|t`LQ9uX3cb8B%QB8~Kd_OFh=nZP1m>Jyp7f#D=b2J^Q>{7- z4`bCHT+cO}?Se81!jy(6m*5gL(4Y>FiN!z?LBy6$#gNr=)p$%`pLhS`#9z~2GVFjV zVBgYoW%au4D6U$A5tYp0kxV0&=#Ce7eps{0H3RC2Tk9iG?59}kv-erdOE)|>$2UZE zKP6dWBVpV$Q%qq51xOrQG7#tNI<+Yd|7?59bfp{CJAH>pH(Wi6DphZw(^InSfC}O{ zV7ak65Rrmt&ekYFnn5U6BKB)Qv7~2^DUQe}K3C*PNN(8oMC_L3vnnU7`X~~%+)y2v zRDwaqCdBY6T;!JsW(nwh#6tp!WMy2BpKCc`vJgZcvto|Jtc8Q64`BK4$s|I2C(JrQ z@6H~+$iq8`1a|SDo*Sz_*%FlpAp}*CK!@CcjB-L;-6cU*Q#Ti|ghJN=Jm9Dc zC-2V$d#(xQ-b*`{>acF8hL^SE5`!4PCGo^1q-7K2LWtHxITgk`XY;_GmInLmll?Om zwjCRwp2M(qHC_7hCTDg_?~AuqyNcG4=tWOg6FLBEn>qlqFzPuWnSwZAJ;f5v$i&tm zk*VndwsEuWUW6m)K@LracGrkM)k2@CwcTPqYnvhblquwmLTZEfcCH~YDJY{r$sydf zx*7N{RuS^nga#`2J0Tcip-@wQ&}S~NBfk58-aiyyd*F`k!Jck0Gpb2aTeUM?StUoA zt!+Vu5n*Pi81q9-jKh1@B$GBq5{^ouwN#tqt=gLwf|MJxBcZ&4TkT9C6J+r!a-LSaT%>y7}8 zsv(IOB~;#aBG?)ibBB`+hPBQZXiZJ4O{j8pnHjH^_IO-MKAro%oZH^?nlnJ=I-a8F z%FfW1eX%ww7cq`K2KFSvH@K_YrfJ1g1r+4yz+wj`#Qgy$SUI+V%78@RAqZhwqqE=K z-sLvcqb63Vq1gupqUy4O6Q?l(n?O5ooZycD6()-Waf)2wYjQj&77r_HBV{VdVLdcc zCmJpyh1K+`5>ev`+PA7b_KILJnrv9?a`X)fkzy!zryv2egoS)c&4fj&!gu(vku;UP z^*TMZp3c;`Gkr9c{)ol>Rx0}$&;C}|v zvUeYan9W>h(PM`~!5Q`>@m+rfEr7*X{0Ma7R2K0|c7ag?L9Mk|`mL zmG4YmM>9jNrCjgU+*G2r#j>Y8y$A*Vrk5)5p1EP{9=}Q-zLMAMnklnL)H6MoQ~3$G z>&%vex4&WZZ zr#(QQA%?uVR#@qRwOH@H|Eze@`{{?kOz7I&PBDla%>~fb*k~{mAp~7gF|)((zj29( z4Ut8T|Fs_A;_BP8F{TAbLwMquF=dIm6bU~~wfB2XRapOnbHw!xf3HW|WwtL6v$Xa6#d_>(y61kXQM$f(zFv%8VT^-nj6R z&T6(amdL2ob_&O!Kndd*niHH+#1uTtQ;*LO+G@5D_vnUe^u6+Opj%T1f(an@AQ&#l znG)P_rfMHMRT74pk45N*`b?ag>|#tJSX|f^ZQIOLAk4}kl359YYo5=|i2aU~;3cXrJUm|tfCgdYOl_$}wbY+ogdeoJSP!RjHkJvg@~rfM8`7bzaxgT-V&H-SPpU|O^7TNZ9ro?78*;+bsPc^ibEhc4F%H;(S)G7so^44{RBr8 z9up?n=jqMf^7oa!eb+9Vh2L#z@z_=ca|!)mNcbc0;bQ|?Eq8CWo}%-Q_Yb_)?ziID zAL{D%(3LG+h)9Y=1kVv)CY;6+q&lK28o}^;_0Js@YF&M`*VcXzk7%r~Q=r$Ksqd!$lP@7tT`?;(}*0qQ$ zm(etVnuZS>LK47@SE0u`o4K55AP>3;KI>kGCJ#s46aA;6MENq)1%n)k2Uo)tWEm@5 z6t-eFR*bspY+o~?&pVQqEbqfz?!U&Rj0za`W$L(EAvP5Dy81|cxOrZF{&sx+f0e4( zgxEUvZ?}jE7y#gJYv{k^S_LP22j_pOQZ-A8_FDu90Q)bJAMj|mAPj7AwH&FqIF?Iz zWmR8*6JwBBj1UrAl^6c_&P!A~ER|W$E(9*)?he`6kc` zAKkn|@J39{HG}ZygR{?%<*~Ij$$E2wAsO$pq>T$#)QZ8z5N$#eFXEM<`k2(G z9&A|Uq7mBe0>Q}f_dvXbD8^we3d|ix-SJ1+jw-!JW&Gz59O#ZtS|r~UHU70`{7Tnd z@$MzIHcEV<^?W*NlarNLJno=duBK}OVdrpWB+`c3ZnP#j3qZy}*)1M#sj^L03VrBy zuSKJRZoyDGAoo$koA^AnUgkZR!&U6>OXN)_id@z!OH_mDFJ1`BunYoQuv!kcu{lX# z%`JhVopuId%Sddrrwz8*u5%hu&Ov)IPAKJ+G-7tE{zr=~2BUis-g)jHWxo;JyWz|@ zuMIlOK+I}nEw@Gmnwc5v--{i7&qaQF=VWVhwhc}HhRyncX6X$}vOeOZ+l%wVf4r9e z$K2^C^eGMf&0Pk_f9KB4($xLGa+jhqYj?na&{yAbYw)&9M#-`ep>iy>2{mO z3sR4>^}u1ff6h%JAe@?dHjC%)&+OLZVPie4M_Az2cC=|bg{g6#(xy83Q{%ro!#PY* zgEXc|@dlT`PuK6S{d%A}ymdPuFm^g3 z)`mHPm(-hMG>V}Shg22E^he7d)QNqc>(4^#dJ_J8F-y*1`r7|_J-%tVB7M)Fdcggs zV#WATDV+xc09YXSZ*PT*g{iG6{lEAB(ZAK4jmBn2=|_L(hjDiQWIc>0-8G26wn^GC zndGA6w6gUSYcw+<@pPAkNI6=OE=)+%gX(QnkOGEf`LiValM))j_C@?IX6!B2R+b$v z3*pjhAf2`6{eIqCUf!NHtu7~Ig=A5`K4wZ)XQm5tBF@@w$3`=(dmnOC<&84SpR6?zpSf zb*dj|ffMq2^@~;SFR6T>g5L;gSq_V?Yt(to17-q}%LU!qw`$W^e8v4;f%e_^`C;k> zCFeH#AHMXhhF~cyJFq=lmTp~LexOoWt*}15D>q!Ou=N6fq>CoNx=z-r_MN{_O=iyG z5O-a2{d$`M$}5b>x{%%^PDZsNZkTt$1DxoRNScm(qQ)&CIN%kXCL&vS6Gi*KJ)+b5{~Y$ONXM?R%j@%bzaMPT z|Gb|^0`8uiF+k%dAV6P|@wM4CBcNGi0N_8cCu4v_n2`QTq*n+r!UXOj2Zr@^j-z1O z=hA3D)P*}A0_oxEu1Dm9c$Gl{z7s>R8sHtX2zNZpvKw(Wt!0Szc|7t-8{H8*n_y{g zKRMpDfpV0Wq3Q*&W_h9PzsAk2-jjM z72+lV>7S7W8QjaVeZJAc6_dT_ewFyE0t>8^ASutrs4vPCElgm9vP5r-GBG6bWIPs{ zIS>vm^Oen9#5N$1WorA>E%pLhj$J+Ta>2Wjq?;HC-4Km6P0(d~078|E&5=MgZCD!t z5k}SclEso_^a&sEy#k7M-tJbyk@3Y49eeFuCsrt+d_YFu}EXc;R)w(WwH$pEu| zr-9FBuFtNVZuQ4V*=DJNeK)-RkfbRM+oI&9#(2Y76@3L}vBfn0H$J&VnDPSoflO!x ze(P1C4#vAJ({u{-rYMnw!G&VecY?$Wt&~v2Qw_F7iW9Z^#XT0klGE(cxH;!jvMUo_ z{Jp|SOo^^X8U-VtueiguAv1w5LQGt(FxO!_BF0p0x-oEEL;|&S9K<|`yVYo`OY26| zFYR=fXd*7yg#(dEvPY1*U({Tgt`udL)k`1Iqd4!4$-8eWyxJDDmM1s__m!4&__wzS z^9@puePdLTJC~hxoinbU2R4m(WtqX2DR-LD5(mQg;gczb=hMTe{H^clNE`1)p^<(UMzr&}MK9&+fMawSs zi;&dn@1{|&QT>$2wS!+fZ4n!0g0)KbYS_42g_?iepy$|?D_VH9$`xuqUhMd-J7dp& z3vY2L8IDxmR{Vcy!QM$&J2@CMgJ|I#T>rM$cSiE74>grx+qju*?AqsrQ9XXO_ajh{dh|3AK*TNSSX&0i~-AJYG0 z7?Uydw0Cv+Pm%UNf`3o-Ga6fVIT8rI`j$U{_q%xSKrCuwhzt!{la4hTAAlHMJQkg$ zfswfsN`B<_A6*|E-^o6cYV7-%`s;DI6ZFfn%D!DybA=VZS1+5J7}kW^JauPfdyF%~ zDwepWtCu_9#vNliEL(JyOeGc7jqLLNIv{&rF6ryDcG@PMlOMZoVFoIG?U>lrb=7U= z&i-;CohsR>#8w>aHKm;{36}Qcnl^a=Y?w9@qnXZ3mDI~T^m|MAdUDDvH&QJ3rL3|8 zNGy`zy6e|HmgO#Fg%`9gu>cgi?YmHN-xX-l-9;T@Y015kp03XqZSY zyK|!3hbBe_vq2ErW|?hF8Iq-Xxo6_Mf+N-YWZ+8?%cHD79KwlhA7l33q;)xY_3L@r zGV3aj*0fS=BEpf4J+Q<1iCfwFpoV$Lka4G`th&8@qpbQ2?Q+v)z~)i`b#;Gx)?or= zu2Cwm5UKQQ!@hg6SntI7Q5h$BAkHYvD1*=p6b2OWQ9*_xJ_0*Dge!m5?&_*c$->TW zo-Eez6s+DfZ>p;{eMe3!y;y)O7qB!VHie3w-!o2_7|mk>&LRS191dzCs0f1|CtUGB z@xTuc8Gui|IL?S|j2ny(agpuA_1)ZBg%zRH1J|Rw1!F?RxEaee)$Kt;+PX+%XFXZA z$lerlD@1c`0DlZbX|#^%#*htzf{d`Z&Uk0vdBD!CySZR)ZuJHkBXGP#N}ZJ_j2zf( z(M^2Elkks^?!H(iN_pzD{$qCJF}H>d|D3FNE*H*U{`yE8BldMxL1IINq-vCgGvLY}BuyrO-2H+y|GMy~LQ<MhuKFNr4^-d7j9nEpab64B)DO7C=Ny`AYc3#(to`Xdhu%{wJ-Wa80MTo8$ z^SK6;7{-a06ST+Glk(uRCH=s5&l0L0dd^~+jz&aDm#uOK@7@ffTIDgeV*q^CI~A9V zNl~kxZ0j~L&$s=LSMj818Oa7o`H%s(+zRN&)&k3G7RqB z`1L&`s3f%g55C0Qgk-Rv@5q7Q@(@hzMfYq>rvmfr}TNhO4^dcCXNBRDBodyo~31vm&qHJ}1c$Aj>xm*f$UQ zTcdIDMp;ZK;EOO8tpA4_;m*7O%+*3G;O)QWW`RMjhjDy9m>%=laVr+fX zdvPi+4Cps9%iX$GiG2zJ&c9q2>BOLmQ87_|FZTKSZ(rm8?|L+TjK@0vT{UOH|L;)C z^sg?+jJmYl4jW1?`WYU`tYsw16SEQcI~phwdF&1-15$pi8o%<&v^OM>3Fm#yvYW;& z3H3QC>04_XGIuDf2a(dz@mH>MeTDfvyR2w zA(Gx`r7F}joC|xasLfV0mRjqHkKXpFPrH^XsC>7PjR!S3Y0$b%(9f{uDtvU?H{UO> zL2!j)`JZ*t&TGP7H`n%Mg`p!@dX1hCj_BjAmMt}bp~+HEb`F*(y40TB7hi?^h&k1o z-QSXb#=oo!<8f>Cp^K?fv)(!^XR(_z{A|~~jC8sEx@0!L%}B9Wh3H~t10fS^SC^Hn zeSqg=qDSpoIlNt?Z5-2fh-_)WYWy)(6=mmkV8UsB%WNu0F8TFf933oDQ~^H<=Ou5< zIz>5U5L%6+jAFtn%Hd5f;ktY~0> z85nT|SN44Fn;0g5SOySfl|^)E1|2ZKA(nDTHZwRn9{A<_g;@IHxS_1WTwwhGjCXY1 z`wxQ_T!2!CT!-$Yi~$v6e>P?*wWgEi?UqXNZklvgcGh+J zUM~xF5CBDH)duRo2X^F+hdWZ0`>KQ6*eqelVa8${*h&VaLRmnn53STzW=mQFe_SW? zKpt!_H3wlGy$Ynx9tE-!ErtnXQlLUeSRtW=Y~%p`G03Q)ZE?Q1rfun_1-OTC5+PMP zHzN3fK)u2Ky85Yiyqo}DKA92>7HR@MS$K()HxF$7x~-*e|1Gttaaq^5&fj9%wVc?u zg{j-MPa-a>cez%%-K*bBOq6}fw7uH4O0B1dxK{o3f6msWfeJ+$>G7Cb4>d?yp*fm*s>gB`-^<$NUJ#y8?7A8tgYI>{OJSBvn zjZ-fS#Odw?4|mh*GY#zRk{*8)=D*a|Z>jaDpq{T%u>V9pz$d40St1p)JOCo*|DteV z!r$bGm&`Mi`rN;NYfmyF+JBn}IWqda5A27GhvspsJ`BNK>Z{q6EqQcmz6ms0{F(8#i{MhIVGZ5A05aWsaxgYb(K0 z7C}}RTSO7)EguvaZE1v@qwiW&SSQud&-!8~pwIW^`R4`y@8JpHOB{asXF188H+vI# zyih!eK#Z}Bv&izS7=l2w^HL#eL@;q{kG$*Tk6Ni$eU~-tFoTY z#a2iMi;hE{X4A8}fM4x?SR*>U#=muq1<)A4xhUOBbXL-ZyvRuZyAuANy?d{XG+Ekz z$)VR@;~wFEGT(pyK=2Rbkon(;r7>%_&4$p2e#Q;a#f;=nqA0c&Sd#h+C=Pk#9GC)W zom$1eutS?$FrY`yuD5OcMD~FMS1D=T5yyRNWK1s&g_Zd;Y){;(BR*e;rL`5+siMox z@KC(YHnQz(s)|>CqrYzkp}kh{*fw)rmm2N4^skX&od5f-gCFbSfu#S6Z7K-k+98Gh zs#WPL@epQIi{3ogr^cbSP|#?uEX1d?d6f>Y+g+HtpKHT_f$ijS(xJYuYdff%(RQYrS4wwUpmmrtDb2*dcR!ah(4*JZ!4JnWce zJh(3d0i1NQYH}#|DIYK+3i~gi_QR@e0V-y#C$>{ZC(7(RUrMT0DYa%?jir}0YaeS< zo}f6xW8XOJhXHmEvbphIz1@fq|Hgx~a7dnEbn`EvJE-efxv4JzMS5)0aBl$Cj}^QW z%&nZ(%J^;@LoQLO(F?f0Gcz2PX;!I&arwzIuJ@102Px-T7oU) zv2yY>nrp10{jIXDd)UeuDxZGeRi;0*egCwus+y_lYKzBWNK{$cI%~aAiGCcHQT!B3zQ>lifc z=D-NsApWeQS2Oym;K4cpS?>-@PtLQTeXxILm4K}0AD%uy9tM5|aQ`>j-N)JuP<*|@ zC(wg+8k%9wW)OT_)#;r_O zR*+`{?%z)*ThQpwPeY;rG}SYPTwWEW(bA04$T37|pb?~af`&1`DW!$@g6BdG&j6*; zl{Umpu6p$+NMed*}mtD;Z4Dezs)E)1cHpF-e_LImX2Q(ryMVL{*7exV{FyRU# zh+x*d!9cqzs}VI^dlL6H#W11lt!A*XQdWuW>Paf&BrXhV(zEUdKrmr1Z9aL^I=5BW zQD6K^k2h7BA5tk=LB4);G;Rg&#XNG7Q#vS!yxuq^6whCz4;9#DDM)Q3i(i-arAHJ4 z>)AR~gyyi{(zsvxEU&(iFSkT}J1qG86LQY_YMy(rsa0)54{$0#nA_<*d(Mb~(MU6L zN+@rT!Zab+kg(~L`eZNkfrWJP?6b901TPLqjT}#JN!<+#7)r828-R*Q1r&oL!!(Y+ z_j|b_!CsZ13|w!4&z3*<<$t~pmp}UZhTn{{-ufFocVz9A@f4SuD--g8hhRiJg zLgp)t>A%Q~vV(rc5All`iSoj91n!TKB0=Qx#utFt!G_fnl%(t!B+!v_l5YET)8AFQ zq@>gXOB-^0FvlGchJi$4diu*lj&pc%cs!e}aV;jg>)!R&U7)pg4fRLWjokC~UOZ%k zjkLrs)s}PaHv4==Lw>H;xAO4eJd3LFKQ;KJr9Li3@i$xLN^stB#8b*^O7{i$8s#Ty zy!MqU@t-4=9KNMK?Xkf+><(I5?$14Ww@rQewHHapzMO3}$;rrbSX8Q?2Q7Fb2euod zTLYO2b~6|9!b#@AQ)+z|@cN&I+GBC`s}L>lDi_C!%9^;gs{(Ulv8vCxCOZ@}B^Ys> z#$D^R{=bJ8?_#o9<=5vsRMmft_pG^{L~hRTxLGed($Vs3cDdL$AJp2dYHDQrY74rR z_2cr6u`N-R4?1yc<>BcWYv-Y@Yj974&Hb>gYRV4k%7W9LOScGp?)j4 z+RDU&9!AMPm^Zkf*ei+XkVJVWcp3sR$QZMF$p~P00nVvRkO2GZpD8fX(@G9yKIJCw z10W0=_kAmG=+Xl$b^J>y8!`q~t{u7bdO;tAU|LMj_Knk|w0pKJ7i84G0WT4q0d5}f~ zebPk`>Qz5mG|wH_v=8SSeq#-a>y=QYDl)|+;1m2PUw<$J1+pz zV6%*_&5E9H1iD+rMMioIG02CSQ&a$WbLx!`PJ3r2zdh)6y|10#YMZ$}Wi2{_*Pofy zkN4D%((ZV%cYoQIB<(HH_HEj#xzmqhZ|}CkHI>@X?i$K>F~EeUvJs-;<&t}*=5tcWog}j~d+HRh_3O zpRZ4Pw5~w+IWIS@&@83oSU@&=dwKE~IS?nAFh&^fgl@p^B$$N)fkGi2f%a9cf9yWp zlX{2@pckJaJ%k3g?~vUM3*JL}y^|hrH}?Jxe8KvtDifx+s-((A-ByM&KrtbaW(ok3 zr)0iIj3CAjVi|yh3r47#-%%D|SzT`IO#@}u;p(eG`rQIiq|@9Rps~8M0V-KU<&Y$J zB%IR;krXXOlGUY@KH_!?^yhwOPyXlY^03>#PwFWtv;OWh?kD&^0iu!BYm&fUl`;cCe*^8iD7*4!aFOemgTM)ooj@i0xcg+up{*tuR!z-#c zPb4((lbML*(QnfEPI2|D^7**vZLP|(*(xXZp!^MF>C|Sb*{R~4$@*}{B;@MrBqrI1 zDwXbJ#x`0Wv}wt<*Ojm((P<@*+dtI zUpTVMWS-y~qI{%nv}K}6smX>u&6BTIeDh{hHD=R7sk-n>6+Gtz-)@Pk*AZ&=L2B$( zpcu^WMiM)cu+`VQs^R0|w^hOH{jxO6otlHDJe$E!^LnS1s$`%#5LHETStQogOWRhL z!(x;>ROHrdZ3;!|`KgP0l>_P`)A84RP+| z1HU4_b1$qfI-1SCMmOItY#beA_cn>T%3fS@47}`=daL+4s;3DLo#2}56w`L`k;fm~ zu!*(UHgArEagg)H8HE{J5So3%J|j9Q$W+8eB7ucQ#d)!!b2W=$82QVK2O2trtP*Fl zs%lSmk~LLfF8)dbK1OVJmBpV3PUyygm_>~U5x*IPmR^ieq6WwT;c&wy#|?oAPVOz# z7;)FQX?#eEYV*~b_q3~P0w`v!=eIQD^JIK$(2FaY=+uS#zsoFZ+~2gKNL_I$Vck_6 zWL`y^8fO{Np9hG_LYxKZoi~Noxpx}%OUb=nu{p46Nx40@dT->MOy#V;jE5`&4tN&r z80-~3tMXg7yaCY|=U2R`)%W2UW~9>9$~V`UpS8=?%?ipcDP>XEqa)*tqJD8@QdV<* z)jZz(Y0d;ftD$)i06md111I^DXo3haGYq8F7mFiCL`QsMn7!LSz*5OYKpS1_a`KE9 z7#iZjNTmf0YjVP|bnZ$9>B_jNVy31vhlaZGnT_Y9l4Du#1T$PiWSNJ}JT--qqsb0C z;DnFIZ>CapQeR;FfoBtLIoOYx?it1eki<%G22>mfGcK8 z)*im90bHXqtVEEG(8XIbhGnqh+z`aQvZDgIK44YT=SxQ(19>S~FuaNE4XhmIU3IP7 zsq0O~GBCeO*S}M+DGSD1Jtdba9nGf@4c8;VVYpAkeT2byXHfxY6vrd(webWzY3Y)W zR*Tvo@$hD_(CcYuxe&6o?M9~xgbtGhHOY|zyQc>6NsiUSlfF5YeG0Yuz`^}hte}=z ztJ1U$uzK|}TM;gs+Ug#HiAWOEkO}K2k%eHO1%eHOX)zxL& z>auMcUAAr8HT#@rCSra(U%d10+YuR=kvmt$%8YgUy05%&TOp*`rne95()PMvKWBIn zOw4rNCh3MkzGW1nebPB_9*?K_L!yiO7XLAQ#*lqtpDHz9W;XiRjoOutm7E*-kMHcuRGCDA<{Tg zgf1HAMyw^=DslgN&DdOZ&FEB@*Y210v%2!8PsBDO!LjFB%~B%5VLq71y)hGVzo5b)SR-DmZpNPolsrMGv#s<-?0Siyeh@oQ3&9Y zGyA5qhWmBvq8zi&C35iTp2-wx1-Ux?p*;>fiF(;*-}E3DLuFdnG%VIOe%^aZ`zlCA7)F7mvJT}P zC8E@hGDdiV9Gq^;L5Se?`JO76S@J%yr-i<8hi*YbVdO_@LTS5VF^L4LLs=#GLg**M zX%;B!;BzEunPH*0J4Pnx9ZdpZ}e`^5Vg!5tQm8S&+)65{K=hCz`ecugBppl(OF zGwM^Eq%sa<=o0jA2xdytRYlaDY<}4P z&6K44n<*K&27g2Nb=4>uF((~a2`WW{4vxDXmJMk@R;^yjuMx54feJQy{<384UAavv zpODYrX?cMrZV1{PhBmZ2dGoy=R->oCjJ^iFm~0E+)rdDHnmw>pWLKv--!%OV3hSD| z0ba8vURl|7Qn@@L@ckf7-%-xF``)|^wPevwrmv}8bvW1D;X`A!h1aCSdSg3Zo?-2w zs_vHm;;qq9ZF9!it$SZzNACTI_3qX{1!&E>@5YG6$5brX!`{1YF1k2cJTO*Ely<3| zH2A!Zd(abZZeK{|v@Y)o`CVoO89d1S`{F*bToAs-aHoDjI#2Fl@uny-RT^sE+O3Du zlW2O;z@eQ-y_9wmBr)Gqo}k!rz`6m4`^o)C-8q$^hNGOF?gG4BPm^$Ui`SNgyqax% zr0;_8>Rg@baXl+Qev%? z4CXXDBlcrAfudhB3SQncWEDtfVD|C2r1EBMJ0+lQuvdQFm#+(Be zE~B|{TR2LQkYK1=F~YhPkP1j6=2x_hIkY%;e1W&5u#8Y%q>ecCFi^f6ccxDnV~;sG|7Fh-4x)EcOA@hZ)XvQBAe&*&h}THeqlE}5 z+|dMXV2*BUq-{3Q0b|ykOkXEBouofuZeSFw9Vgr8^9!tZrv2d>Q0|(2~ zbUy3%bNKpt7ityyDmtyY716tc)M07|DWP;AaO%}!u`s|p)Jp1R{qh3}jGu%(y(a;} zY@P4+ivxLsOAZ?I$|0E2}yWh~4euU2Es0#ekRD_Zr>B z3*16ZLW^26H^G4KxVsgJEN7 zpNs-K@*{%Ie$`qS-4kxtLZl|&G>Vis-pS-)KynW}qd!?yU z*%)OEr#SD+P&?9aiX1;tR+3*38})NLVL=gSjRXFCYc0hw(VNlW9W4%1UDndI5`2Kb zbu8Kz2|yg;wRGtpzbCCDz390+0*mP8uL9CSrtxr0Q_@N0J#Ye7Rs@WY zgWvi36PlKsts{2YnDqp2(%ERfJYyzmI7pGFqLtO3pu?PFl39hW?RN(5u?3WJx=Cip zj{__44srfjYandXg+jYBx@l`n^DJQv-5xv|x`+>!%@XYPeBu$0l+B6l(%{=m-h%xZ z(wGoQJMmGgt1?%uX^jO4Qu_Fh#r6iQ;>{Kiu0=8M9I*KW=wSSNy^7AXCq zB(qE#xU!TK^mjZdVicHp7}!9Tu$@7HS$L++Pn z(ESM9eKh~`<|O$esT6J;tF%IpWy}dT!YnnSPtrSnktIr%62tr%a@v+UA{Idj{%p^_ z(nHhhV&4^M9-s9N$W!=nBITV~jzsc?YDHPk+>4>jfxV2*MYN0oOCA>+d43UB`&OI9 z#eL7_srrAFZUI}mokKv)BpvgAmTt~}rCVduDT^Je>sn?zaMjy19!b)}$UGoK&Kws| z=Y=H9dz`z&1kQA2P9NJ}aPP8ZI0s1gLn6?3b&>hz1*Yd~S4{98=SV7E^bwUaTG zNuuiE7g!G?#c#?)Kp;B*Id)BfyoXw7xz8MZUyk;k$TBOVhxhR@KjBp~Hb3xEd8P%* zIc~Z!O`@XP&P8p9E`<<2Ez{Ds5;^ED~0n1ybyG7IkVkp8mb zmG|dhrF6S+lC3=@84r&yuFE_ zSe{NdXu#SZT{DxWA6+E^ZWRHp~a*%H1CogP^=J68i_F?Jyy zTrLc}s+8Hv`PeXOG{w7WB*IJH5ai?F(^GhJ#UNRO?20PLiT| z=AV*qJL4X3vqaItZK9fm{L0Y(4IPj*Qh`6@f_2S!Q->t$t3l?^F0Lt*ucG_ju1ox8 zRBqjc^=r}0mL5XqTM1IVp|fsq!zq1zIc5z`+^u0H#TwbDt~+dnNp|Mmi^}`Rt48-# z)vH*mCzK|Mkv>rj{O67DbUMeSqjw4{9)mM4X;Q>14-iLgUJK3B&wz*;w#vm=JBoZo zd>Z-mpJ-j@?-q!9!LySrw_~H=t#FOZb5j<{erT!!uY9&u4FnBKpl$jwOOzwEW&5H4 zw24mDZlv>~7;~l8os8HxG49)>DO3_R;h8h6XU-UsBkeqbFb+@rV-oS-xkYpnci*)% z?KEdPg;W;l71==UG~^;|I)(A{LnLqYK)+CGS4lf#=$;rnU?eS^+6QhoFhNNUgTLo1 z$UymB@H`-dF3pA#K)-Bo0Dp|O{BwB4ZiBeecxK(Sllpo{-VhAi%QO4HK4U=uv}z#| zaCo1;egJju3-9Nlug@}DRUg>{W0*tq1jw%y*EjQFQ$-7>iH zW5zb$H*Iz9eX_Zx@KL5}sZn=2S~#i~URadxjA;1|t3N*+4}(*P(OaqFavF4epWG{u zZqKJ$NgKZ3`vN#HjU9*gJO(vrh^e`+s%JjH&~seG*KKm=M7x=Kp{kwa#b~Cg`Zbh0 zW#e=j6g|t9vBCYIV|T(DpZ}&UO>1E@{(AVU?&uzrpc$)qtQvZ&?WAf{&^Tg69mkEqMA@*|@k6tS%_VAY3QjfV4N)PDjEQDzBao`gT7HGb? z=qDE{jvdDsZdrj{Lt*R zvuk%&RuL<_q+0xKG<-yuX9_0)e8mWJEHHw1wh(zht*QEI%;wX2bmywmqiK~asIPD+ zC{Uiv?0teR3h(>z^K-}lzuJgj4IH|S02?9q|6n7y{$nF1?AAHaHW3-W2|cE@{!oU) zWuSQ>!2GeCHQ^UbKGDGHk{+|0D-aYYTE8&kX|VbFqtBe0gtqRvD4Q+Bjv;%CuXl%w zpWyYiS4kUH6lbfa{*L-FnT1s#eNI~=_e|lRGZ-ct)%>%Zmg-FULVik&$J6oV-F`Z= zt9cY5@!o6pM}T6J_t=-omh0awm$hPNMe@src4YL<%*A>c?iU*Ql5`nAQFf_3_p|49``!(dMRfwwi0&pz6u5dDiM0rOUAD#%Ri2Prr zr^*KsNrh<|w8VC}NE5G>1$7On()nec>Cq?yQ}9|7yveTG)9vP#x(IJrrVvp^+>GV* z9|xhum%B4Uyo~wonO>tUc&J=4w!^;^IgYN54M7NxZ_6Z@@P>Kd0EtRlg!6}*rBW+G z>D#q?x5WYqWxmW;!V3Cp7^cQ^{j+|n6#Jqy&5c7o_XRgYlS~us4dOv3Z(@LuRQyDNFtCyjR4{1*Z4x1X}JhrB>B~Ss9%k@?$>YaI$D{Q>8Lkx4`5N`p!N>tC% zE?P*MYHrm9#YmEs9+w3~mC8sHaByq*jwd&dUsd~5alq4nW_B66@s`2Da}OAk-a;B) zo3<75b#jYpQ0gS$89h*wUu_X7xsWQ9pm_}-q`y`LzeRx1$AM0&f!i0Dsl1``gnt07 z!YG^qP2Lj)z?cFZSO>&hYWZlVZ~!j5)Po6)jNp|}?^17Gowp!N-)d7;e4Z0OHbpvc8@TVQfRWBI_@U@#1 zI3j#CJ*Re-;BL0XJBdYylK^D^OPBt~o8?0Hx)t~zQxj+xiQLjv2sNO{S?BnlB#4Sv z4uix|$iHDBin^tY*1dch{VCC;n5knT9Tffc+fZPU##>MaQv!}_qcBVf;SDw$C#%PjKS zmgUIJ;Qed=XC7UBp_pd{jGx1qcO0ssfRo0kOqvB;J7Q}%F9TE@rh$<$b{g1-y4(T= z*F|33W;4XY=Y)X7_Se_f;Wpk&tY1_v&xq%85kTip@u25TrqK zJpHU~7k#AGG_5EVP}>hRC(B=n z`RZf;pg;dpv7gT<9UFDdtE1dmvAb}amiB2@kR>lmeMSKrJznUrTQ~ircumk#O3>e5 z4TSd~QCc|6o@z_o%WOF>UQ$cCEw{#OZ!$i^wvDW=T$>O1I+uz8(cKSfBrEGkp?`os zd|U4#@b{R%zH8s0$h1SkKCyVE*E}&7e(3n!7s;}Q)II;$7-ByW!zS8G!^0*m&L419 z%x*LP5cON7ivQ9)c6FOBRaI!d8Vh?ZLJ_)<4S7dEpu&sa`kbJ!$~-9;yXjp!b+9

=4rpjPw?wRmmua&+jg|*f}30jS zHf_zfmfJ{6RoXTYV>69k#^|g`w=CSz_WhKXtmB-_`T$CEb_o`*cYU;kXt@`!3JWvx z(#p}z+r4{Hf%jRzzbn=b0^ZxQ`|wWn6I*L}P+Rcc^CfNcO`%x?BCgjyp zR_WPgO*G9S9FjtyI&b4qN%@;=6UjKgc*%f#awO10n1*=3`9b^MKdWDYt!*I%rF0}V zs!7Ee4_9(!H&BvGPf0oaR1$4dC@{iYH47s)NCvTk-tk zeSUdV5+_RLo3DJAx!??G>NS?4>bnSzFGTbr{yIw3ErvxN_i(?<&aK;0RM57qCLQYP z`f4uH)U2h*%qv{+S-XU~r1}wVl^qH|gd+9jlwt@}vX`yh?*cc;SE%^77b)Ec(m)fQ zb}pg7>qZ6B3U}uoLxnm95Hm=|S*}sF#SXOpz0%V8KntK# zuTkFMafIABWQ95ia&blYj)?NR)uCrlH8UM}xxqM~s*2p7xfnb+Ai?yXH_myGBxEE! zm9Guu;9;kbDdX9Uf%8*ttlxz(-hGjC^@Ms|`G$(>&nhX^Qk19+)Fkep@p58Jy3N z+^_vfSfw!LDcUFpl>QpUBvL`Y2{*c|wB}@eS7JSNGH?}w&46yd*Y}<69>DJS$6GA+ z(fLxAJ6q-o01;|VArxf<3+iWi0_v9&>9pL(84g-{EK^_7a`O)&bRU2SC7?X-klvJ~ zb0(gN7|jjueWD$4!?g#oG8tRahW@OJA{fr-BKh2vo&}2no($JIBV&`8tqP0s?T)(s z{I7L(WVQ2wL4Y2sNBV!zWB%J&n$pDbh7EK;MG`HP}J2u>@$>+auYnTiiu0>Tpt|yu`&z1tqtSiUX z3v8xR-lj`_5VtSEuAwzr;WRI_R4(h|`+aXl+RdsDA#XMZ&j?D)Gn^<1U>0a&iRb1v zWIRFIj$mtOH+2?+{Qj7v2F=OR0H&sM4NM)ZqNpbVxepG_tJ z%bYo(VA8UPDIdBSStk5(lgeD?DdQ2bljn5Hq3PY@^S8ArQIo8ei?LSP;6kltMND1G zr_I&eklB#+s<2DrUnNMSmb>LRXM>QG*u+;mb^(9iU>m=jEkfH#NUU#e6)!ey_f0%+ zH**F`W{dH>LcPgi_)eWOg8Ipr4b}n5VElfwUy4b4K&H(iO6$``>$m*ln<*`$T*?8T z8k2(!oz@1+rc>+Py5Yf{RTN8;2cTJWyt}l2KasS%!%aWUgr?@%XV zjVYY?<>G-dkJUU4Wn$!!(~wU)3faG_mNPJr5`kiY^rWIn$D4U_N6ATNU8)Yr6r2vW z8m-Y(vvqImMRQ)*5hjt9N1W-_KQq9Z%~6}^`&`3KkwY&;c+0Oaj8L0~)ULkJwF1<% z8W(`gEF>?=gheUQ?8yr)$tw>>4S5%z2A=>q0pG!DB z@tg@l&U9kg?VWyUQp>dDCf6D&>wW350H|l85T0kOwyPeKT1>wMo2E9c{IN@S5LF_t z)o@b(4mpIbg(d@iT%z>$f>h-N{JEEL-X2Ix8*CujS0>oyBn#8PB3bS$v+fW|i~lBi zh8=zU;`0!$Sj>9dhuz7vtih*zUww`C(djdm^29;ec0@%X!8HZ$&ri%Bb(c9X#?%f> zH^338G%p0=P+X#=nTD9sLlhQjm8Yqy5z}E>(=qMfYy=&sHz^&9(J=__@1ojLklWUy zIQGxa@m{~2Pp*tZyEyqVf8*TcjcY^}{!<}=ld3ad0}DAJjq*vD2j-JdvSH`+wFSk8 zbZ1Dg&A{hq2Ty%kg!84f*SiIH8}9MYd`tQwGQrJOAEwkL<6VX-ZVwH=J20A-CTN~+ zTS#b+f|5OvwdoS;{qCWp7|2HjAMr7oR>6ITM4cG72wy4;IVY64%5Nm`oYPZd3 zccroFq8#N>Rg+QhaSQxpqC@~dzPvwC(u1G>RciJXm9<~(h3Z{Ed2^8_N?Gslo3WEr zG0l^Hd^W-FFY_dVvenr^YB#Z(SVOZhdem)s3xJ;y#Oo|MO! z?2cm2*MjCN!mVaGg3JLU54WOBj@cP)GhA}{_!}GH|Axf_sx|-qh=AmnSTRQ@fq?$m z{?FGYY)wrp4H+zL4b4rN=pF3L!xiKt;9;=;83ZpSDXIhn1mMg7Y)}A<5|EBlsTmLu zA&``)kcvmvMVDtMovQ2gd$zM$m7jY_(PMxfnm4ksGYNS_@pCsR!&t}jp{{dcYNk&? zo25RA@xn>8G({LOVcsx;F(x=Fe2^llsLCM5DbZZ^SJq}tarsf!bu5#)Y85C9^#ikVmZ?hR?jU?Pk!ff&M>z1MI7tres{n>MLN~+eyn@hdPjC+fe1({PFEzF0*4^JYt!HNp_m4H( zy?pN5;eRP`JqM9__kYMAzY09^#&~ZyK0xwCEfH~Xy2yW7lxrextqcquNIgonU-!|7 z?`LUWw`Rgl_XJD`yh^!UtO0Ks+KL;oE@>+z*1OKDeVyBXaroW$d<)<zU&` z9pkIx(6`?9!gpoDpHhIq#UaG8m_s&Q~zLFkKxa7qv=|{7C;LUN(5$gQ^lsZf5COp^dw~0A0sNMx)O+@EV(J&_rdp=J zYlDF4dUK&=la|1d`}>Uczqd>S`k0R`c+Rm&Xz*R8=YNSM*u7@(qIll$g!I6%@>P(I z+y`~7?BxnYBm*=6N%Vpt$q+75wf&V^r~5kp{>=PX&HbhdCGbSMbi-x@UNiv+(NmnJ zgWqvB>8D&ByXJ9DhnwS)_SUcjzXMa@E=n14ajq+VQ7@K*+=}3=;RK5;6%}+PB;5l+ zr--%KE(>jnjmk|vqHma6%LKvaEkT3p1o_$}7$+-GA3!ACX3`{nE5n>?=;7TJG3ZZN zmgEjKsr$!gL2t5(S<1(2??KyE4S2^gK^Vh{DFWp+4SVZ@crR)7<~ODUfJN2 zG=NZ&%zw98*aw8|JzDiOD)kQEc^@T#dbQFW9J%#q_qF>8pxpL`3||1{?4=A2ox5#< z7y~;{smWcqJ%}yoL7?cFlLWd!a0z-gVAaShbm{;25dYdS_3yR+jNLXnPx(tKrGyf4 z(85=L5l^rOkfqA2m-wyyt`Y9(v$HrH`|jwL9Cvzx_Z11MVG)!|L7b#H1H7eH08h~~46t@!S+W3sXdk|u5=^5?cad)5PxumJ%eVKYX>Tb{_aSpQ**#J~`^vvn< zVvj%|=d64Vqfq?K1SM)CcwRo73Ma%29SsS-`9)jfwP^j?^R;eYYiNj32wX&l#TQgL z26$gkbW8i#*M?c97pqONi2erzT;D;kD~`vyE}a87vCngj_gi>KyejE?p^kzIJCy@i zfci!q7RhOsxN%h#V*oZj5=%I#)HrkBzM{vH`m)EsxqhrPYtNT;&-ic%xXj%s_h(*d*{RcVzm+t5K`flL@crn9Se#U3v+-+~zQK_oNgj8sc%F}k)(qQnWME0?!qp?2Md5=Ely6(JxedzH4v1LIyoeNg;uvZ*Mn*U7erYV|{ zHbxOi8Ea*b(+JReWd!;KFvwa|&`~i9~Ej*E&WJpm5`&+xvp)VL@#&QIiHqiA9T`4no9SGDuqucMiB@_ueXcC z3%4bu-}b`v&Mg+oA=7xR&O_HYmx}7+ag=f7#F29kK`3da`3ZAy@Cb7ZBQ?}DKodI0#K_s0 z%l|n6Cum*i%y}IG#`<^yD;Gx!VGXKqf;$cslLz9y)B63Oq31td_HiIZ!G!fN9&qab z4+8KIE+q+3=kJ!TOA!9=>uu>I7hoFSbALa!xL7dYrsZZ(2H<5%xf+fq#5jkcI>e4x-Gbhd+v;jUntAfeJ-3)+1QUE)Cnr|;9B{f zJj`u~)R^##xA8NH{Nzh^dEK;ZCyVkMml0gjrwbIQ*DI5m^@kV_;SFSElLcx$DxwAa z6tp_gEN6-5*S-E|h2Cci@8OvIpLJUfGC|{5oeGiC*kE$ z5#$5s9Fz~9+Cz$O1R=5yIdt(jRY~zIbTB~_)IJD@j6aKq2Z{QF+nskco_nYS@)e8K z7UQ@Zy#@ndHW%-WF9wk$Rk3Pqk53(*?;)7?Tkg8Q=+u6_9>Yshw08D-3vEUg1TglM z6uP*tRvVwGJO}b)S$4fVSZPTm<(%0PT*R*Cu zS&F5tVDapg#Sf6beqYRP?N^P2z!h2XV5<=F7Fog`(ov3t3fu`L$N}8ad4c^E+t`A6 z=?RqK_b^yqFoGS>+JDUDW|f+`cWy&7`)+aOcd+x86GE!qo#LGjDMA%7OYGdMYTju? z07X%-=J}0yvS2oR482@wt=8Hv{8)FTU`+bvD-&S_ZeV(kco>plaOBnj$&oD{`2y6e z=+h3BYx?F}l@oC=UywrAJXq~r_EM|J+UL=$KxQZl8$%)JaLKWqARpO*_w9H7#!&UH zyJVZKdZ|A{LfxqA2=Ib6zd3aCDx zqI#RTDye{y8Z7(7q`9(+grw#Gh>(s~|K~j4?E-o_0$!Ht3#b8XIul!8)tiAv!~ZXQ=BYg-Uk&7hPbz4Wn|f-6-TbgkzdF`$3GTCE>oR#hvQmzp*vIvi_o?iU&kly8 zu4_Mn{Y763TPc~KB|2V=;|OVYMBz0#C>W(>P{SjBFqp&HUDDV-5i2J_*`GcVs@ttY z>Tw@d*7B9Rfz*Nuu-ICOX-Re+12+B;$9MxagIk~Pl=aYBH1)g{;8ANp@k@WgE3qY@ zGiNQ7w{lA*O2eEX?_lVWVie-g!R>oa@E#zYKd!F7dT^UPNi3}p67GA(fDknA53#lv zFpF}UQ<9sAwqJ%@IN$%;??p^h3wq8_qt40Nf;Cfuh{%s|X(K?2?L|RbcEFQ#QFE3k zYp5r&HJ84Ev2IG38MtaL`UFrumMZQ2Ol~x~4r!=qj0;X;cj@poGc!v&g~zIfU+r?| z*!LkW7a%fyemQHh%CYQ96f=?r(Y#<370Xjr~9IlId+nT2VL%fyV`v?5B2oB@(k@#qjhe z<42aUhQ`&Rs#JFI^3{8rOTCrwe+ZqNo`yd05QM$UZ!QMo6s`Kx1>wBKg0FqmW{pYk zHWS)lUL;EYA<1cG_mhR)Vq{4(-7l`HtfsAZUVh5EhqO$HBgIa%h+1xR zp&l0zF9hvcNlE)XqB-)Xmeah>Q(RF)linz*kpjTFB8J|p61`=UG`y#wuYK4LyFHw@ zy-&vQO2=-uhP0L^z;DeQAhO`Icz~I_)kL(c?@t3DtGIrBDIzfSZH;2bCa}`&1fh*l zScgo>NuJR>7$77!ZtRs z3`><0>e;5abkWo&V8N{}&di=dy@B&bf%Rz$46#sI==M`N2sQJ2hI8265UDm1dQ3+(YbtaypueqjSVgdlb+ zvMj{RO6=qwG`bMYYeoqr?L>vO&uygsZgffZxO(*~b;w_Z@nGkmNyu6N<)i)3Zt|QV zjyx2x=$79i@Xb~t=@_sGSAN$q@yNE+kDZFdhCdLY->RH}G&Q>8z_8R&n2?Y%veE_X zmDSbExCl~>1)G=ghh`LuhLBY&u*eik+v*|tg> zI#;?9<12v#pm%ZVSxYfH<$W_bV|(_7DW^|N4AL4@WR#E8{5>!x}F&1+{`Z^>E9ftl{* z;5n)zg5Xh>F)2fuZ7!pZws|MN(eh@8#zt4DuD5$# zBfrV@9!k~VjNJO<)A49S7h1C*O^6gLKh$rrgjgM8GOxX%3Xzun2J>S#If2K=$*1*? z4TcZi29^dw-_X#DI)HB^GFUL6ajc=Ixj&)bmf}3^iTiP;dl#O9Q_Hc{^lQbxs(%{uX zoJ>tijoNhNn!_FmEb|160xTnW0>Q2r#!5LigZrKzs00(p5_m(uL+D7!iB20&+)QzH zNpl(TqkmMzV!?-^S);09JlA@EBiL>Gaky_ZC1$U??^N|$3^_DTji1424FO@LBzd5x zBw+}nFIh^Z%?W)hcw5F>6>(nF4sbm_uy}mk=MpdnhRRvCjsfBKsl{I6%jal6U1=Y% z@{+0K1`xtc zaAP=6#U0QJdN<^PkLCvc#`p5P!YHVimHv9y0kfFRCykk$#=@8M+|M6!K1U5)Pie-h zot7k$lDJK_du4T%^MEVIZ81l8ynE07CERjqI3DfnQ6>WM z?E(YWmnd~j#vO*aZE0UciiT=WXaJIYJ(i3QZe&%Odp#QImwb=}jciGnbd}oA>XN6X zlU^Wlsj&tCE$G0mcC3M$Tg+;R=2xu#JGvbAsVDF5t^7{y00JO9PMOlDh9HP*!!kZ` z?Eu)@`BS$)%l2?`eJ0Gs%U83PPe062$rGUmcD+1v4?chNX%BeI_74-^fViaylaT}X zGuL{zy53*L*_Q8qQSiqP#Bz47@uHFApXc5Oo617pK-GHl^nA2Y;=ZS=2yPm_>@T}mvk%f6kNv>=p(`?7=jFA-E9=80DW6Eb(kQh3|in; zV;HD3=}-SGQ-VlzcpJKomcu#hKKu)N$T{uQsqDhzdvt^$xlYCK@tV8aM!^?rjQ>da z_WAY6Jsqg2QjzTRf-Di&yylU-lRaXFnv#&jg|-f|(`tTgXDPNcUevldiltjkn0OVM z#NzQw1&tZ!+O%-?vSnkCM(@jM%jrtnb1pGQlwmabyYylQOUmjZwElFA=k?tp!EyO1 zTgT@X@^zxegG>KyeDS~zWt0t~XmWu{Ki>TTxWu2AC^*T@064`6TaEK$*3!5b>G9Pl zE+9^mQud(xhwUHU8v_+KRM#TgV~yEB|5mbW0|@ws0(>VTq3warXM zx`fgdKPBRKK6Dv`@cIIVj{7Eu=c|5K)_J!pUg4}LHwBwiJ>+}_&<$hbHTXK`F;>j* zhR-=(mfM?V=MkI##FO_Gp{!CTV%Z-U#5|NLo>YbpzJ0zF-0?|y3Cy*CkDspmL=1jGC6-~rTC^4-suugP_hmM+);0e zk1x4#1GnDkkBjNM6XV#T37ryOK22$uUIrmOT(sI)cjXNd?nOw}* zZPq&LgfA7zQiyC7^!0k0)P5HvBLI{5pykvy3X;xBiqe1nRQC^5*7K)s*>a*uv{6b3 zE*AJE!0)z}4hSvV#PNJaTdM11KA2ec31QiK5wGq(qrM4|bivWgq5{$@T?}s4Bi$55 ziIB8{e%|h|x)tYjC1J$!UfTji$Z`rSAs7xu4W`+1Rika=hUcON7jvFcTp>20I@4n{ zGNwkJwZcoI@;;X;_ZV)FGg)Vnn7@7$&Wl_TPmbnAsyIh#)S{BW_eAS(yE1BJFIc~3 zqITl`L=M4(j5(C*G$W{ue$gXgPrwwr#EZ1n)(&8&WUv)Z+Sg}zM|<_?KbQB%ixv2~ zb>U8~OgFJ+3%G%7BnS0KTMaDfd1l6C8G`{-)<(zx6&?SV`qbMZ1|R&w!B?SSxAPLm z1F(f3UV^2%Mb3mW+tNsdei@6|3iuwS0#Wld6(FrCNXl{C-AF&9Ipu5`!Z&L1&HWK+Sx@%PgbXoGbMsSe zl009HO#(#{M3iX_UD7h-|DBiIjHdrJhw1US-I=m(|BX;M_Up9eZXg&`7RX~IBX4|) z=64}e%eEV&JXO%d;xs6_bvW5Ahms9T32)1w>Z@-m6K$Kcssd%yxp7aLB0Chl!(=HL5`W4}vh-jnYCnksJ)8RbSjLF>brjE?Sv zU)H`P#>W@zUT_2}^fITK={(NmgXz+0W!nI%9ddUsRK*ctQ)(IK#9bRU=;87U%b+rL zT&NsF@MGaz6hJ{A(b(vIz2%TTUo`Y={hZ83S#;vE-pB(zY{7kr00+&exF^}o1AYxH z|9mDjYu)vR)Dz~Y)g>PfoH9@}kwi_Zp0KO>YNLs9u_;{5!*@MW1BI`cC6kjZ=pT

G;pm6C(=;E?_>vJG>Wh$cHaQUPpqoBH`8^}Hsn7A0x5u;h*1-4MK&sRJ<94rw ze1_z78x$M2-h#7{7S+l7gLQda`-rk~C^yenr&_s6wW3x?A9jGp-Fv+&MI>);DpV^i z6mqWsjP>yBDkCK*S+)ia2_WXm&QL}T2@KI-5E(T5^IV-oJngjQe=AVi+A5lIEO65$ z5J!k65L@67#r)H5mnHWTcYjv0omyNu2^%8mnS_-2(3`GL`B%G5)dme@AiZv(0#76~ z2*sMWPtN@=qF>znmIF1w4IyN>J7epaxOeggz!8F1k}~WhxQ;dO5ZbPOXL9a0a@-Bi z%NaXv(>FFBn&CM%pSifQp~R|roejE8fxGHOx`Wpz@zmaS+U%8?-Gg_CPN~Uupw7q2npn!ty>SMgz#6~DwTuCXl4u^N&Qj2x@-?;lNFZvGmOQPutnH@+fXl&{mA)CizRt8!c8fzWrzfGM_O*Mz} zsrthvjR-GC*nZ^kUKr+z`Csaa`ZY&BZB3l|NmJKZB0usw z$Cq>nf}klGgozy+YAzts^x9nWSVrAn65>yM&`CRMl+H9#7CeC-e}JPMc=o|_Z1g7P zzK}NCY)W@*((`~kyVeUJId3&|wh!aEZx5KJ>JEnrya4~Urb!bu8EHcKUjXhv5x?S- zR;s$Uv4kSRC%Wtu=%6wL5&#mT!p~P{vQnzrXyj#D(s_%s1z-K@*GSS9#~**Z%nj55 z)$hZa0PrxdNtUy3-y)Y^eg&_3)V#2L(&UU+vk|MiX~= zMkz2CPRTkb7$*s}7QI5@EWpb03fF!6+Z=uLHnwivD%*N%-GlqJcygo23&+apD!1JJ z9p3*B@8|vReK)Jii)a;?k6x9^Np&mlrH*`yX&_V@B2gcp6eO=Qp71>`C^MyLQjSP# zuekOrUu9-?hQ~ebadbMJ@9+HuYXZPQWHA*i|Lz>4(U@Dmb2sN-a1p1T@_P2}-btcO zn39X6nBb7ki;|Cb;S^UWFQ<6~@g*Rr5`p$1RgHDHS03vr(`g?D1w_M7lx`(mrKGfK zQ^|N~C0zwo^X9@;y?YTAb@K9BV{=*QrGwb03%@VYgk#Nbt*i%2BGtI&L}hv%n087O z``N#DH&=cB3)sSQ+9}$opmA8;^~kdGD!5$8ehTYY8xGmNa}QU3{uRr@m;wNb;FuQg zG_6jb|NPvaz)UDM3B0b*Yw2z({P!th5q_Wjy`k`-%Xq2#U&Q83EWB1Z^zo zR9HyjVK6hxU;Wj~`JLbSAI!|mOo62Lmk~4p;2^S?dS_X|zWqyl>6&Xf?G10>8(;qh zvPUAQ%yMrjE~r?1qTK7y%1oUq#snwR3g>N5(u+SYSpqtNu*ORsR!}&Z;H%C0R~N0y z^k0UB2rWWzMHIn^TKtp`dRzojZx704I80)&A^*1lFG!M_Xr}jN3FDxo1Is-WflpcP zDZ@%=gDnc?7Z!NR2`BK3XFZz}PJ9;IjyRI}nHk#cHWq0&F0ZVzW9MFOyzwT!_{Goj z)h}Mn?p-^G$&Igq8Gi8UavRxTr?TL!@zuSit!|4*PeZR@B<&< zg7eR3_pW>7Vb>~%U&`qdA0DXc=&~oQd>H@|laOUu*)xx)sn%fgyyVe~E}tR~53|&w z()Ty9&keOv*XrSxKf93bRu5~Ew8*jy9k7QaNhoZF_SFo4QWb|Dqze&%0-`i{1h--U zh>SS}6t*DN&2kT<6JnGpPvpp&R7R7By?^b_EQf8`%EpZwnHkLBynu&$_wQ!U?wul- zVhhqF#rn{WQxcF=c#mF7Y2;(cq$1HrvY({Z=_oU{8c@U)JVrwaV{!dccwBW}3yHqJl) zZG7U=kCCmf;JrqN2{Ebh!zn){*%h#W(3_9Qabk>Y&}Dj&hoI<@)Ds^NaUSalslAr; zGuG$$im_%iMR>rybK&>Jo_0vjl?l>Uvi>XX)RSKoH~WlnexC9|7VhX z1IN<>rrTN4;__up9D|K5YzZ30@7KtTd+Zv-?~i@#)EHW68WvwDjFPX(*=)jCuquaJ z6a==OE7SStbdxMEuQlQu5~vW)g0KEA)MNoKt#d+V@|7B}3pj*y#3Wma>_Dmct0kk# z2W>+y%({pZ#Kof0R!qRlfRY3X2`Ht*gh1)M4_X89zgK}NW=lpH;y`d5?lJd~=En?0 z%B`XrunGum-BqK0fU|PV+L)3d8DBTf6BO3roh(fG{O3Qx$sZj}YfY<_GRY>Q(-*;`0B%K~ z4Jz=v%s^tg?R{w71$5fR$-zjviRrC4s|l;UlnOimrKZXf6L#Xo2|rmKqQeFuC)k3o zG9zLB)n*XxoU&CA zEJ4C}9UzVyG9(lD1lC$~niAWi#>nrFCv}}?pyCV#v9(%(cv>e@X#aHjuBx_f#4rF8 zvoB)Tr+Tk3XvMCG;2^dnKdI0iD6<_r)=Tg-iKZw#S)P>>iVwt^0Pql5N&fJmzr422 z^*7waDW{ymXFqcV_zCjNYCN)&&nSQI4^m0LUs78E+s2c;O7R0DET3D#ZRs9_An|BT!WX9wWuU;#D4@8ks%6n0k7T)2CSdWLS#fO=RP!df6s#?=hitfw|wkR+vq0{M*jVDZ$qSKOHeBOH|lT5GxrOC4_v4b2AgPnZ8K9(W2*js&LPlaxb)T!fges)?a`@JY2_-uRkA7equHHwF!#V=gd2~1_ z(nM1APPap^-y_R1+U+)J+F~*qLAym(6b$+uy!B*RPF_qXycKD%I2)i0iI&-eL~C@r zEm=tj0ONd8*0;KLT~M8_byM1a3#VX_i}ShwW|lvv(W;uJJJ3mDcOX!X^wv=}70Bdbf;WLchpR$-V%m%<$$PnslHms8~wV)0=~k_3e= zu>*PdB+YKO6WZ+--ENn;xj9zX)`)Dq#Avc2m$hNbs~Dx3j5Cy0iVLOJP{$Zb+sS4o!(%{ip? zO1KFkyi#EoMN!D;b}bW%e=ggI2s<)qw-^itbbDR$JZE`nFKJ>J%na!Ddn8H40k}VF z0>F>Zya($%D{Jdqcf+l`?tj0IFI@RKyd9&oFM&6a#;#5RhYtvKcnGutAE=Hx zFcl9XMbyzs6Z*YA9!I;^W`1@KR}`r5^I4W*i-NVab+SCCu<;B<=FjWMx|S0;FRBz& z@BmFKX_e(mq_3hv{qE&djCF6!2=dUUH^#_&jr<=}#X=0ATOHJk{Dz2Y)OG(_tu!zQ zU6A93x;z;~f314(Hk1ru}w`vJ=`l_USo>)B4i?% zi?mX~1sU^dJ94}yk@j118)})KbQ}~(n$jN(SeTz@-`>3pheNzq%=G&7dILJW9;Rhv z<@y7#CICDL7X7axsQ})SkUCx@$WSd4dfwLVMDHU1;!*S%+I4xwA!MPx1No#SSI6)rNu>7*VggQlII15RiH&* z(BT4wwVKXzN)eh5rDF*IB~DZL0;NS>Tq!7=Yy?WR46;Oll6ng>O=?OwfKrlbD;+bM zYP*o9PJDv$RM!p(rA4x|+rJ@xD6=3Tc{B9bO(JlvuBZHkeaj6p1$UW(M?UW-!{& z>$aGThO`sIo}GKi)(f&?o!kn$&nfWQW4t0&o^DIiYZ>~fp`|@7W3YG%2Wz=!l;zlo z$2pjIhcogpQVQL$2d1`Bgw^87vC`m4+bX>`J zB6c7SFF)gJ$i53f%Q}y?@w#McGWOu3SV`=d6k#8Md?bQJ=>2& zqSxzjuIxUmx=An{VUnv(DjDmwkdfTSNIm23i8y z#b|>qqI!&Q$|KqfHNY%9q%Pn9s37F&khVUJ8C1wjOq7MdOgkjLXTcgD5dy>{i|c{zH={o zcC4^x?}%IO+Q+VyjD4$?N#=1@#4w%nWJQKmIZ3;PfONHKzyM?l!%v0wn=i>Y<$MB> zTof~$DlixoMuG#d7Igw*N};J`P_@7#_cl0XXzvN#SO#z60+RZ$Rb7!d;tAFUkWeS+ zl0zVz{30w(jbtYomzE3#9|6Ex`4-BD$axSgL@%t(G-0Mc%lzCN!{IvncJ0IEj#jrv zuRp{5hRyUkT~gD=7da=K@KhG&=cc+X-^-c+@L*UVyA_3Jd1-~Kzwkv)IrVhD{`GHy z&(SLMenV6jlv!#?phU|f5u~mkA8W<(VN_b=rqQ)v0qu61c3VvTv`&L z&D;Z$uFka$Pd#pqXFhF#r#^mxZAWfnZf+}9jaXe>B%c(_%+4^F>Cx|RVtq7WZFz|; z3mu;D=uJYRF^bVz&W+dK#Z_OpiR*7(V}tb zV0^h&OO$qF>EoxsMO_=`g{mJ<2#C3j>d2s|@PMgdDpVzzIErp}j`iUh&U>DB(hGR%)1D@K5FcO-&ok*||APlCZwE&id*K zlPn90x{4IfVRLPs|MW-kq~m6I+B3Fr_?E3CX@`lOkY^KyYfB_Lq1&1#P5ZQaZ3oYrZB;FgA_TSBTeJwBrJ>R-_m$3ON_ChM!DI?V2SQMwg0SVmW43R;p>v`A>x z6=EtXYCy*YmnsK;Q~=PFHnh_YX{SRTSZ>S9OH9TY4o`yTutCa+Pw4WD<2Ug1CvIcY z){PA25>y(H1?w2Eui#On?LNKvITE88t}Ky_$8=hTq|?Tm0cp}D8}22~hPZr!Ni5xd zhrwWhBaS+PCmz3-X;0>Fd^H0QX~6-B_JoF(?#;WodbZ zuYKcNoOar2eCg_|Fv^mIl0YWbR7n3sWmg5&+j0^tD)##6mX;5IV$|s^$6`aLKzT^g zlycoT80A@B+5v^8 zu;Z{BAfeao<5hz51(V@A<4I1hKg-<0CKQ^CSBGzWK+8xq%Pn^m@mW^=UkqyV} zTpDxP<+t*w&wPiS>p6vn)PplAR$ELUJY`n8779fxj2GK5mK^K!Iw{B6xX9EYdWc?H zmMXLhLpooU95o`953e~zNQx(Mozq|M286#0Fk7F(Q&Z0Z1dJebbK>~6bB;tM(%o=Y zDAj@IuR^Coh?0(^)nZ{`jw7~i=8o^&!`kYIPLeV+GoagRv0=;MB%Lm4+5%UwY4Zk7 ze!=rO@h6_awquTAFf&_HydS7F0pNb@-nU2k-+7+1Z{ISXy8H^xe)HMfeB<@BQot3V zJr=$f0l93Tj83KVHqMXRk_R6#08~jRojReSR(z+`rrqwKwV~bVvbMI&%Gw%vVevTT zI);;;vW1g>@-UwI#3Si<+i26FJu^$Y(_*x?%6NT0HqQXZ?80W8Ex;BGM+Kni^*VIA zeK0MwG34VBA@z>q#M12y3rtiZm_TT^IYcZ|CJ7?A7zjYlg&JFx zI|Pa_IT=4^4OMntyF0O zz=LK7wxqoGjK&jo+_RH+z2kjcbkX^&uJ6YfA;1)QE&?6Gmjejk-}DMC0kSH`7Jj~| zhC-A$N|EPPJ*Ty((f znc2ZC&MKDoEi)P~Gnna-BpPj?*BLO$R>&u7DB2`x50e=By?MsN2`j5hWciS8uT8Jl z1>!7%BFjDFaYm=zrqk`>6OE>a9S?D~;B!~r%(?IR61VNOGFOkm1!YcK>(eJH&e4m{ zh=i6R(Fv_IVLVwc@0a|X^!ZKT2DmcKmys%Ki_+N+1R+%nw6)Je#Q?2T$wZ8JK%COd z!siin7LuAigLEAt6|4H139l!+0;?e>rDPj$zuRMWW&skz?mfG}W%N2-dUFE?GqcQg zd-VEUlrki(gcDA9DldG&i#YCak7MJeO|)9mYr?*t0MK9nHT!O{Fn-+@mbLW}H{Em- zXP$8;pSk?Am2 zuyoXXpa=`OD7NR~>&KG9D4BRH>YV$Kfm!G7^?Bq)QOb0I1Y=`FYcOgMM$Di(EWmpg zq||iTp~wpvb57GXopz5-+F>|cV`aF4GKyZe$K2cuGYfMpY}|y)3al$Q?6A!|>pwq- z=RD^*JnE=p*syV9*h}!h9sWRT0>J%P1Zc9XU@@rny!q^N_}bULNTMyu1UW0h32l7^ zU?DwVoDL5|Xg{G!E_g|urBeKfEH_20UxobRakN?~Nuo(w3C?;J7Z)jffyXi1Rs6zp zkK&|fZ)T>O(jD~BM&<*GV#xa1GTy`N{5l!%lg_n z-g^f9nG$r%vy9Pbgu>J9_0gs+fTL3Qq97k-7_Bggq0^fO3_o$=M9gh_jpO%S47bwWaRI~N?xO32R5tPKOg7?@LFo z&;PrK36!n9d$SSa*CKXMj{9gW9iJkCy_Ek};W;X-Bhd-%R*%8VfOf0PaCOLVZJkzI z(`xsaotfw8M{O10IJ0C~#@53(^RqwqvpnHRPv+=HZDYg2LMf5{!&nmlzN=O2zR{#$ z$L>9R?2=2k;N0`L`;NOvOysB=v{p>AkQ(}`O&8PtdM_EmL+UAK^-&@dr33RX4$j!X zF;_}JBCR#4PBA)RG#OK57F%Rk^ zR;x{Fx@6fJOZ!DWYG!7R{$L?&36ckVb#0lVu*?i*(21ej?X$YN%=+3I-Z|#y7cglD z>ja6yAfjFZMU>R{{ zUp^D9!dPvf3?B%_)d?^jN}Yi;j74iLd-jS0bP4K%IVL!DCHxW7e4#?euf-rxayGQC z=*R(dG>Py($M@#f$Y}l|qWxqZZD8d16IjN$DRuSA-t4oQUxuN^5DS z(VF?e9Nm7G-TU`29*yv}0H1K;V|x7dFF%PVKW7`8HylQ)JFKoOG92z=%VxOgOz29!+Xw9>5`Kw_qhe z0QHhYOWLh81V!GmYf|gk$80O!H&Z|51ISk&tuApE;y_ky15ye23AHcIK*-O9YrD_q z2ux}OT$LA~-RZM=<7S5IBUYC8;D6uFEu|-{?zJ!|3 z$*B|T_NdewRa_xHY}LHFQh<-b5x!)sm58qLU`6a>&>!HOWo@`ho{N0fhJM2T{{5fi zc_*KMX?4lQ`^mB)lgTQt?tqy=pTq#xvu)e4{L~Ad&r_apB8MGuI2-2YX}3F}v=o?=`g{5T?T{`3?ko0r zJb7l>w|9|GU3LW*UU(7T{`R-f+6Vb%Fe*;Cc{DmqpH&o96&@xj2ZD6A)>6MZCnrdh z(o&(m_d#4ji*N^?67)*6#fj@8>{<+h)|(*P-% zVu=tx<2V@@#XOYsAW2O^9)w)t%CN*}dc7VS7B(=@37A=ZE)!LplINi>HVC|Ji%fpxv(O z&hNMPKI1dJ)1B|th=e8(G9W+_Mg{~Lz*F0F!D=A5xW6A+K^)R#s?j%lUKXa1K^SV~WhMzP8R} zG7|HV+%cX^c>Z&5=EX0)gG;Wwio-_^Q`hwcr+fkzyC%v%Xgw7G=+XK8=|127_5-}? zmwtu!zweJxGzcIbqpb>^5M{>(Bi$6TI&@ei+HRx;vNY44*l1BaGWe+So5h&{@4IME zyqR*7(KIbKSQd5x0ZIdRyzEjgx%?{5p7}OAkDMkS4_G<0Mo|=KB?cL-o#EUZRFKwF zHK1)<`O~xz#JHmz)!-COGox*1IM-r~bTo>hz!~uxXctqwZ>Z}r#bAWB4aVfm=Gz!u zk{6|1jA#s!Y_nRcC^9J2kf%TEQl5SFVLtS^b8^B*mY$7*C3G!S8;Ll*(3*F?OY4{0 zZmEZ#7?sOhejj9H)*ih}G2mc8AUjg2+#dd1z`a?7opy5w?JH#QEq`+UFF zk9Yu(o2s>z?d@GY`d5F&zkSuK_}W+g2DC+aN9J?kd~1cZEt*KR3`^SZ$QUT}b-QB8 z-9^5$)b~#}QA~4HY9!G;1|-o7$g`3xFY&%*zCVvAWZ=@ZoEvXA%6$*qOBOuE#*k4x zq{xR56xKFOr`uRJr>qAIixM3SwplQrPH|3DWOW`W${g3oNUpb**=){eyh2`NfTL{| zXjR~y?b~;VN^hPOOs9L&lU5#;<dh@&hFx88CUAN<^DG6ErJ zlnz}fByL9*ZFF=O(j?X4&|53;5C<(nW8)K zQvk~{F=q2oBE1trbv}}k`s`pd9t-YKWNdD3vY5^(s*180Fd2=RtgTWHDuSJnX~pHI zF6XCz?&rDonKy9a#7QQTNjE9FOhWsI*85MieslsrB4?=nL=HiWIUafBG2Z&NxATVA zzkxHSAEPWHt4x=q{yY$M-TIRS5~Hur3Q}vzsD6e#`SGRSRVode*ri^-k7%*#_}oI7 zm7aHNTiSMk*NR}FQikVVe}uK+n0Yg$9uHVuJuKfxF`w?TnD1hgr!W;&wMw361lzK8 z_A!EO7>-A%T-1WSZzIhYsxo6d8dDS%s6g8`c<1nbE^5M=!8%QrSInmSXzeKqjrU?k ziq0_Fpp}ClT7L>fUQ}XIVl74~Zh6i#Ih=o-bB#jh8AKUzNtzAQ6Y8+l7WfnG5FxgvVx*0 z8Pr3(_v~)(uxRI0WkpdB84bp)tgcXGIhDx>rsVo-pUx}q`AM$6_L&?xevHAOKG@3q zK5l;a5efk5d`-x^bB_JlobTL!Kd*W1Yx#qBy^HyDMq#9FBPn0#(mm-RXN0B4O6jLx zdhEXMA3f%+rPtQ$?WaQM>7pu9UroG8yEc;+(vVPYBOvAk`5z5)p7UcTvDPqI-4Lc3 z9@hq@(=FP?f-E!Cg9%kN#CgwbZ;xg^CC@WVl@YX~Dr>xV%-cEh**-;4VZ9+Y8H=Wo zzI*U!lcRHKr(rxrUQ6E|FST-BP?Q5v2MP|`wB%WaHZjlgmY{U3={>HwmW99L9Fj$oOHrU*et8aKUfLIU~HhKFb< z>LsO@jVGU-Tbf&l6=8I14rF=3#`*?E8xiW+ihI=w5vFF{P^SQ{qNVNUtT{l0RV_TZwlL5w)Us|^%uU#ue|D2eC)42O0aUn zhS*|h+7@GSajVfwYBQ>@^DpG~Cu?V!LHbYtvr%S*F&YOl|h{zK;Y z9XOaIyYNDwaS6p%$w)#NfLdj-l%OjCg7@TECO5hl^G6kA;_a%-RylR)5$bV`vxddO zGMhS-nloOVke9j0Q@3+=wl`5KP?lmLm1PQT#HVhyw~sPV)?xSI*(wn*RGLLeBqAb|kU!ZbJRTPn|V^G1fzq3VA)D)TE6=EbB5qFhQlzBYq z4S}2@D2@$EG#cwgEH#9fYDd{KyqBO8X}4)UAR+${`|pZQI?cykeW%nL|ClBCTnI(3 z+wffp=PeooD&X3-3*=f0kt_NBIq%SDN$pqGF-5_-bDKZ3dIl(JNt82IrD2fff{?!G){G0FQo8Q}}4T>VueDk~8-22%- z<^T9!U&dueYl6~@CaXAS#Ui{YC4+Geur!UQtS2ayW19s!gMg*1hIp?r!Qh%X+Bh&3 zE9*6AjR_EfO{Kg5s3G;-LpP+8Isl^lBO)WI^#&4XrEG{6-_W`561@~dyeE?EdiSIq z7@I^)`;1I73F2^<*qX0SR+vmC?CnoEcm6EOIjW+d9@MNKT4y*KiM!BZL0)Ive*10Q zdFLxRdFnDY4y`jD4Jq>f@=3mbjP*ki03J7HyY%l60@elg_U3&4OJCx*Uh`W1{LlV` zwwaN~ny(EpyH`%?$#`0X5MoW+JMCV`I9vXj+*EQS1(Gm@>b|G7CRZAp0z}mIGm%3s znZT0R1ajXtiv?|PfN0|hbI!88d6xNXhBA!+cjF4B4SRe0%x4QSBf&$P3RCEAm}Wkk z(##i(#z!d!>xAGqb8d%U|Lynlok#Y?$5(^(4PGlAe9ZHwfASUn`+xl$T!_+LUcg3q z@8ZI%btYmb&WZ_UX7Fx-)`qs7qEsc=2oCEknJySjR?q}2DN|7KvxxTOON>4R2RZ-= zBuyZli3qJn4if@{;h0f1Vs(9uvMh1VQC0)iSH|4_(%X6NEzjrFsVmvoI80UM9l3`mpc4O} z)(=GhxNt3RAlq8Dws!c~Uwxc^_iMk(=RS9@%7U><1WPAHQwe=pER78j|Tnl8#bK*O3dDg59-MU8$u= zh`vl;9>9DE(Lq_0nIT18QVlAm^L@5=wkVCJ$}2|W5o;@l$cuv6VoILp96ND}pM2$A zJmbb^aP-7+R@XMjv-}`6`JZt8Py~SGsNL1&z`R*-=FEBC@%DG}hS&Wzk3I4|icE>i zjTg$Nb3XQu1$_?+k?xiUL;#@BPo~AqexWQBAixzyN`~kUmwNh2i50cScc+vf)UHzo z(prgZSWNYki!B&3mEo1#;FVIi`7X2BjFTtV7z`^^u{Tx@mfiq8N8Q~=b#`nQr8od z0DfAoPut8f#<0J?$8fwtRc8dRqfiQHBdWqE&2&rj6c*9+R3R2yDHB+(;dT0Y2wf)7 zuO!8#Wm-e)jzrbX11KTxxR4Auq;2W(QMlE2Ob;a6fg~4Q%qAXZ6Gm294>}UTNcf9N_uD<3fjvPJ4%E}5^mdr~2ezM))@AX3w z0N`L5;Js&Wf6lk>e}GrN`qliwyMLcxEm<6gwcZg3G>f^&L#6&bblUtbj_hik>PUyy zAqqRtwU8uL6rzwZIo4V^os>f9(AAheDDV+|){!+vN_B~Um&b9=NAOI^z>f)06g2)$ z0~?byF1bvkzN`;4``gU+T8g3)psy?_O~HIRV{7v)I#X1G8bwZBk7?{2+s;s`#o0Mm zUa`Rq*RAmBuWS==w4p&cO>GQES3N)T)7M6-Yk_qZ7d%-u6p@Tr2DDZNhO)ds6R66P z#bQBG4RL7NI6sjW8D8Z$>v{CS(^Ahz3N?XlGeV!fdjz{Ms<%KVm0haWP>c|*Tuarf z^8%5N5vA8KVm6XkgVuGyS|bD>ZFIB_1wpFP9=?mk(e zs8=Rr#*$?sps|?kGu_>hwp~_HRYQy}an|7$bG!>^lTnvPD9Vg~`QJPr^^TA8jr(?J zoFY?>r(H7OXYPI$H(h%Li)J6f9$A)SjKVf^l+NRZ6~d1(IXcT|=2MI|WLZhmSju`8 zyryaAIP1xBMbL(Y2kV?gAu#CyPVrRhtC4TQO(-Qh|y$?tQ^obEegl6 zQ^&dc?pJctv!2cI6DL{UNK<^@*Ddj1yq=T+fRKnFOJ53NX?^zWdH(Rdf5hv4>o@rB zgAZVojVD20t4ocZ#SNP3bw%(F?+qGBS4rTYJV8f5@!reE^j`YSDqxg>h&FepmQOzP zk%8vvPOxNel_bLz8sFLoLMKjp9Cr;p(-0@w$hoaKJKJZO&-WM%GE6z39@S(fU>94Q zKYIpeTLy!QVlW16SS%XKvS2Z9Xch~Kq9V^LLAIUZ)CtA^{BM4o`@grv`E#4B42N8P z#Sso~Y~Y<3ocJJRiowJZ#mNRQ3WC$bB;}yqbThS9Q#PTEMk$T+tq{eO z!jvVGl`%zDac1*0`+GYSMNKuRSsB)>uT4?naIsJHcc! zA;PmM&&eUYXAqJo3n6yzvch-o zj7Jlo6k2aQNdpcYMy!q$FL>5EKD0P%v8|?U=P12EDerq;Rc2Of= z$1X~Ph$b{NjVCWltQC6m?ry^)=XPkF25h(C6Zk2^dx-#)+N976tO|;+eJTZdH{B4K zl|BaPgr{iJGYOYFIIS1LlXMF-*Js7aIGQ=3e!nK$p z=h@HxG46TAE4k|Gt2uJ`D1*VER}#8NH$OaS1Awd$q*mYA-RBEm`YONnE5FKzKJWo@ z6XfpkCf-1S;9H=VcuH+Kc^n@RVDXP%7Lx!Xp(LgH5wtT&6hw7wz4%}<3Tu)gus;wm zeC+M%Ae{vj`_j&PGGmsksS*I$&!sob0)oedzysf#V$^`aV1OxC$uq^?xkuUCK21F- zsp=8l1x%)ywKEp`GrU{iykl?bSl>9zVjgJQ1=j80gO!0JW!PU>8S^zc&3vES4^Vmp zxdCk`vy9pP4#~dTn4D%Y!#Ph`)j&>&0o6!vLx@3{VmjMqP#?tx_|&KVn(Z@lGzA_j zWqrh4d@RM1`ff+SA_1>GfhXxLK)rd?c%}bUy?@#~^I7oRuRR=(1*K zd!Owyj}g?2;dsE>c$Lv;#Mr+Ugobk#V3dy@=P7 zHUNYWXsqMh*=;`fp^xwzzww)V+D7 zNOc{8;8PD;k;U}CCzd5%x-4UiJb$1g8EGx;LFr-zicDc$)Svf#Nz(yQ32%tZ^E4tH zf&uM#`1G99yK`2KRrq$s_Wl&R*vI4r)o_L3V2o>~G|fI+=XV%X8TC-qf1C>}<_ofH zfL$yI-cjTgii|9;v8}_-7w9af9<7MWuD6uAbT<}@8CjN*nF8km&N`H`R+)^)tgo(-X^maX0J!Su*Kp@O z_i)qA&*9{WQ;f&sI2!;LW~moL%kPQSMIQhzq(%n72g`h6dE}8Zy!~zO4d?VDrh!E2Nm>B$_fQdG)}m*xLToiA zU%OOFL{L#@=-@iQ5Fed#Bl|36C`nl;gp|fAoOkT(&iT}5@8{`Hzloil$FP1*l?|vS zIb~HbpEU$KXExnK1y5BEF?m5y0b>;VyL;q?r5+3ji&1=Cnb=|bAbof&P(fax1I*{U z_z=j70?5$1lo|Q35PGb0Xx-wKMyou6noT756olvj=t9FMKk*H|@~wwyO?29gqNqxV z=$h~ZaxwT!rkSyQ>%EI3$vQIs`g=u4L`fq+eEJB&Aj~o&F2ZP;unbl{SFJH+jw%WQ z8D}3oFP3O!#i$xEUSFda$V^4B4TJHJ8*h3Rx8D8}TzCBqoH%)s(P(r4R9s#c>*j|i zK>&b*5!5@!{&c}NzxgfR_=eZ>&bPl6+qA;-4hkQHcb*J5A>e#VaFCfN5?GKERv2s^ z9~_-_zwG|FA#&*-hdvWXHyrWiH*tW(D22*2Z6hF+>H>?LaL#*h4&_7S3oP9vp+A+h z)>zlZR6Ej-Lx`%qo{#*$_wmzrU5CjPMKNYr975$S?P8zl{uJ9znT#h4Co+dGUUZhG zS&-!g&b2hnoT?r$n@_Q}iTnl~pVJV$i>F#f8|3||pmBg}8_^itpAkYsnQX#Th0-}L zfTzKSmZGT9A+T7?+4BYe@%{I*HTPJgOjAa89TI7G#b@$s4& zo#7L(s$zZ@O9YK{90G_zCql#;3NuHYKW_T~<@b=38kL6Nh%Hl!XG*dXk}dNAPj z7r%rT-hMkrPoCoV@nej~<30nqh&THattUkQ=x4hFn_Js_?Bk#2|9;gk@ukn*8%Ib( zob(f*N93ns{g=sjrq(^1tpBh8)z6Bnn4>SJiJgs8Y}d&NBdRaUy8cEjZE~gXR&1XX z(i}+OUx((ChkOR?O!MjLD)b*gjRc zN?ETE+(HDe4UdW`i$hZ$4{x%?M% zy8lG$Nf7`-5I2>_PM_r+?|3J#d);sG=)>Qm&^k7Gqpq8h)L9vYb&(Q!!HL@2Fw@oP zA!vv^aFc+cr4LeT0r5hJHec35RH%{QA+@{^Qu-Ny*h!uYsU&z|01I|4+WiOYVFo!(x@$Y?H;_f^x8eHgmMe#I9_yz`B+YJY_u~ zFN6%06$M&rnuV3qZ8XGL{D=kq001BWNklm`5Pn(Sv+i4eEhg?g#nKolMASSu2@FR-7(x;a)K}aepYSKdwR4Gh! z^z9Mrjy4>}NagudL=EJ*6W<+@LT-ovWa2tV1|m|_J~|I6tXF*gzFpq)hhOIBUwJ+A z`6hXmR;^Swf<6sw!Ot@v5r1oo!oaXyY#_QkuXMFpCvvPfjD!X+l;ZRmQBW?+f^tx^arh`J zqY-vCM}K|L4<{=kzj<-c%UbOGSPNj~R2TbtXw{q67I zwZHM}1lLj+O=h$l6cGdx)L0Px)Nt=oeJ#FzrX&0$-TrvWDAk=FDh~8$CFWEf-I0Op zQfn}QeiC@1;*1aISU;zqQL!F%OIbx%0)!B?=$8grw3eQ?3sL=6YH|_hRJ7Iuo=h2> zva~_-d+)xN%TJDZ-i?={bJ6v8Ewr{l8&6TxC~a^)kmohVE1KDqq8y-#0!2ny7-rLL z0+8n=&Wfn0Hll@SRMg@#fH9QC0Pk9yYd{qQZ?UaK>jJ05j!Xq zV$oPmpFN9KjzL{BEGt%4R~gg;f&!Zb4o^0C`O9C|c894bkO0LVZ$zxm#V$^oJ*BOBhu4ggB^ zH$Qz~TpoNnyOCOTwjRbq7HC8!usgQIP|FaSfq1jL2d zDT;hRYa5IXRP})Qd>4a&nV_j_DPfw$R5oPCR1`|_ylJWHio6)pGz|euh!b>Q|K?-7 z>CJ!1qDfPag2a0juug)X_pOXmBf&Yf@)B`}NXAm=$Qbg8e2FM2sBTb6#kQ(OVXdPm zO4iob$?}}toqeXWIc1(Ps7k6lXH*XvS3|H4ayWU}Nq+X8pXJ#<_8it$*ExLn5LHz@ zX~Dj~ZC!K$U^(^kKCpRyi+8^5ot%F3u_d4_5kcsB^~osFwo5{r{h1;FA)cUmEx2W} zPoC!oSb|dDOB(HgEEkqomWU?wr<2j(Y$6TG65A_8C__bRFNpnDLi8ik&w6qFRWXZ6 z!J&1w6BmW0AV4aU#H3{5;H&rT@!H@1PyCPn!%wh2u4$VEnNgqvCN~nWw8krkF7mEl zEfa#VJ3&iP7PO5e&uX+TXj{P&vaF!70hFZUN@r+Y5tNSZIG)-JQ6|IT(K_I5OO~(m zg)e=NSN;3<@}1MWv?f4O|BZ!{*0FR-GTU9wb#S9eNu?zKs1VDr5PcV-z-MwOUb>Ga zlL^D&nDJ!9nX{+apYBr>8H1{3R91`zL)JFdS?+FvS?<-7{n%4cv z9E1dvbmvlcAY}~BIg+RcT6)plO%MV~iP=R60cU$Epo-;0Ab{&T3O%VMzP|K2Vt2q8 zBQ)2jeCxdo$e5+9A*3$F5=fZz?)QS@!=HSFru``Y%m4IJ4y|NZH<#%`YY48vtDL+T zp>z$j;H3{9oV=E-oJhM=O_@#~1C?R&vhQyPjn=tHn?)C7lhwTe}9jMzxO>Je&k^x_~6iF-3Q^k)Yd3sdhH_)DC#Yw zG%`erXxCno6I^R^ARSN7-y!cx7;QeX_oN$;n1!jYF1JRyk<-H`?buWfEF<|H`3IR} zP>5H(w<3g*)M({qmrd?c*%AYciKLk_#YAXwjG^bnMQpITc`4shZQtd-0Uv;ku( zcBhUH|HT)1^=to}GusQCj{W_hWz1HorOzUeL7uI`BCb@yQ@Akhcip3_{ zF2?IdazP$2s4HgkIa}L1XdS4klDZnOHd$v-*SKa*z_Gru&Wmn;F*o0G8^=zZ;LxEB z2E$=@Uv{X@56|8QF2Vqi)_lHTb90mPn_F=}BMLag4WlALFYPpG2O1;h5@PxgI+Pw# z9ho*=8uID0gf!dVqyK$R8701NoybJ|ozS%uV|}X9tbq_{(xx{m$y~+krK{tK|Bo4m z7Xr*O&z+75C_lT50VD~r#7D4Nv+o@r{q%!8_}HKDZ~o;AdC~K(A=jIPsN8FtJu+1Z z0ZDmuR%28NZl7kcAkzw^OO){_onu>v&H`E&gdp1fLeSADWe66$-z8)kr7Ln%bLR9u zzw>(^;156eRrcqQB+{g0in{wTFhcT0=y?*JfDW;B*G+IndXO=~u#DF-cps_AQc6e@ zMho*%7c3gf?)ElSRbX<%pdK(8O&C@K>bhj199LX^1$V#VZf>~oCJr4t&f3~4MV|jq zo%Da(x+nuc+qRrNbB@h(TiCXxDhoEfoO<3_vMk57R(i`zAl`x2QFrQ!^;V}ctB8c5 zUdbn|Ww+Qabq^8!kL@S4!bgOhQwAP}v0FPQcz{Mamii^M!nJEO+Qr01(!2KLR zdPyc`Ag%W#YpwK}vo0l17G=VP3&G(v%!A^q56<}C{;v=7)AxLnfAueJVKNN(uz;YM zHe09+GBYNq0;L?mN^R{!OJT+gMvGbr(;&>S~T2 zJHcQ${97r#KaA_53;>J8g6*v>n#GJknXx_@bM9cG7G&w;V6c+1dl5%S;49B4HUg3g5>zqJN+d8UxjCU2*Te2+RLyMVv!NTMGtU5WfKz#Zn|o7xf?$d-XCZ-P3-x5+aWxbs6MqE{d1PbyJ`B_hXX?Eao#c-4|(w&Kf#Z`FRDClW~QPmZL!GP)B zK07v|Oh@JIlG-fuN^?+ck69Q4go-|Gz{|ljGGA<7ldHT{tDTTLIj5AE?SY)^hN&~NY zO#|mVMj09B)eh^N5QYd~0%ee0q8^M1XdZp!QM_LWv8Sq;49BdkZ4iJ(yI?RJ^8DLw z;m$kn;*!fRWBt$}CX?}xRK5R1>*5OlN?JI^WRzu%cb=msj*#aSr;eRMDb2af^RZ7) zUq5RO^zxTe{r&_!*b0>LId1R}Wx+xkg^eYIbmzOrcJYMHGMO((fZ}vIr4t1SLYqxk zLf6uh>|LHc&~ew7OOR9x`w)kOe847Ng7n||QX_-iB~7heDfk^$6ph0Zi83#_aRIdXV| z2fukgtE=l+0z2E=G>gSDIqSgbk^X%^-YdijywFoiQ~OD2jSitp@g-Qe1L(Wb(!;iq ze;WEHijOHLbb=>bl(TXnpdwFQG8Ksg*4hK7eSG@|UKjNC)oC2K&uC=hi%wpza(jSf zXR-*I8mx6f{)wFjofQyV+9_7ZnL|)h1MBWQ8KD424%(C z$_mO$)^y_7G48zQPHuemvpI3;C9JKjQREp1XnjAz>*5OlNB|g(N0e2?bhb~KXFTf} z*YllkK7e!F?7$kcmB+FAvfA_wn*u{fQ6-MPvKW z$C}hA6-6qf#*Ya;A;fM%s@p?vPZeS+3o1^g3Av~*NmQpL7*e;v(`|}n@zUjg8xyA@ zBW7To$0*gwl(W=-mm@lA?4eLzfy(5B*FMe#$nWSBNVDFeOerNJ*g>!c=UwN`XR;h; zt>6w3h;+W6@awuWT6frl?ygC?+APtb_z_+gT>wZQ$Y?ZTvbw_l zY@c#b@wCgY;2F=nflq$sQ)E@nWMviCSfIgr+tuzpW2>)`m)mb4wxLw$2ZSIY?iYwT z`2Kg&gkO4%GOF9BrF~CcbsdVX{*SN47=yF6*QSr8B!CcPqsmD~WWs5zZ#(0X3$N2M zS!kJ%hJBRa@qO2&2ipglg%4jTs zFf(Wa&%5PjUV7)9oVfH7HVz+RV`D=UjOF4zb^gb7(FK5XLzHF7p+kq*+1bV|<}8Xi zx4rNdHmBQs>s#NV$_pkdD{Sv)! z5(HXjBVN#(o8WyH93jxQu9NXzetpa7I$ev>lV^D>r7WHh!B7cMNzf#au0bwrJ%6y{ zvTUWEo-efvyShKJ7YB7kkxQHI^y$;++(_%Msu>T)td3Tws)GIfJyzG&xZ`Cn;RP?a zjYG$dv3h8OmB|X(1(TIO>L-6%7hM2=J_{I6#;mWevzRX!t~jhQ+;Zz}%=Q=Df8Tec z51(hys3nD0`6FtvLfh?o`>Ae~{=SYn@E3wl2>^s;Za{i$-A$h@*Y4?cFHaOM2ZY4l zQ$!tr*iqM+M$=9R$1+Q&s0%G1E9u(g;Oc0+Q)Ure%)C^0fsHOl77CN@c{O(PTNpazIs< z%x4RB=Tox0pd3_GRmEs9Vp0uJUTnp#x#ntKe$SoUc+*WBKXHQ9wGE1*h%MFrGrEum z@}s;iz5uY4uIG8qWOaqjt! z#H;0!VEJV4H)w}ErxQP(dO|amc3m1`N%inD?YLJ9S~~HU+j$&>ot$-Kk)C`2xLj&e z%CJjM3|ijwkE1a|%ur%|8^7&Ch|_g_pfN_1W+*zgxODr2vt@ zzWDv+4YM>qAj-D=$=7Y7_%)qC#o!KPA4ZEyk0K5KXiVx(q~DD~qs!TaQbPSrC$V%g zVp|hHc|x*A;{tKgr4zY(9kEpy0t9Pgz>~};;19glpkyE^wJ=BH5qtYnLRb)dz=uYp z%wmR?p1ZRRQ=o$DrY?=vtWH+N*Tp%edwUR|$_sRsQ4ebB;egSg!nGEa!|gA6DL;Pu z3%TU-OF4Y(7#pi=viXtgd|{UM)auv87XX$bv{s_?pBFXEW)xM;Y!Ud=Kl=dpe)1FK zneKq4a!@myPFXlduH|OcF%?w+@}o4?b(;$nO+5VLZw#@OmXkPn)dL+F$J!`Bv2;o% z0IRRB`@b)z)+%NZNm4A&WvD215VYa|=-8e5X=*X@0{YWg-VO+8rcD;Hj^vZD)M^Z& zOZ^kzsF$)J5EtE4YV@x?>L(x*c_^?xM7;#n0f6T>H__T)w4rSqAwBv2u>%?NFSfOqxG`luK4Vah*`M#@ zy_Jb_WzbQ5Mx?pYjJfH^L(2mpb$^^r2YfZqTE_Q zPG8%m=SyS6%XM?Vc>{E(c)C6vR-uC!Y{vRN&oi0xcODhx(h~v4L#L&fz`gYTv^E$6 zE_h)%cAy}nOv+>#At-KEGg@=P-rl$3QDXFzg_yx{3izlOW-c^Q{o`*c>u8=N?Cg3+k%?7p8`f4_B6 z2LSIq)7hNqbj}yQ@KxUVj<@sIpZf%whCGw`x1b$anNbcfrG$E(k2I3qiZ4X?hi4*W(XqCGElG z7MY9EVltulL^5I0HAuYo6g;vl?~(cVvpuai%9bdie0n_TRg~81273C^KpPVS5#5GQ zud9Era`n=6^e#l+fDBLdty4vw=Q5+ex=v#)XU?4`ct@UPRMn8W${7u7k>J)jWm)lp z+iu~+lLaBo!umjiUsZ8Jr*FSLpxNtI0^0j>KC$Uj$ZGU2iL`2eE z*^?QK^=@hG*mpVv$wU+&h$>11-{h;-Nk$=QKD2GZGDIh!)7cA4%tmD*smVrcL$WOs zuSJhx^g4U#efcQFp_8Uz%!XQPyP1nzi>O9$qS&j9!o?1S)|yOZOzIIR#rDn)o4Y#% zXBpNNqpD(3uQ04?+1M&DS)Fj(ZMX6hcih486Q@|)IK=Ae3R#|Y*^KP-r#AcFcl{Fw zfG7H(Bz@eUwtVOQhk3&r-^6=<{~b*C&r?>0LT9uyOTAX|jO(AqgWr3IhaNk}dS*Dj zKH={F`q@6Y?YuZM?*dt- zB0bp9HchVx98>s2?13H&=v;{v7}dMk$Q-;3$s~L7;5blX^n|9+G4_@&TUX<&j%gHV z+qP@0=%`!_>2VXDk5GzLh#T5PD|8WOQStS*t?j1woRu<2vqz6g?L zp^2G*O{uij-Po`ExG?Ah&v1C>F{bEh`#=O3(aSjMfv!ekKBmnokD9W0Ats@SfM3sX z@CmMu*Gou4L}j0FAlRkXB3YK{=*;4QsL7OJFdS1<6-Aw~wRsLZol_JU)u6@{HRI6= zb}?gEmuMBZ`sq*Su2=jNmt1}&$4?yP)Tv9TtCaHp-2vdK^>?p-(f|PcrU^jXST;9z z`Q)cR!!P~vtN8Ng|C&q%G9ARlCNm5t8D$Q5i<>n(_u3J^_%qMvnj5acmljD#NVB>;GjRym0ufb!kXCKsdh8lK1#A%S|N z@+Sn0?(qhhVMyR(KiQbZb|X^xINSuHeOe?Dh5kp$RmR$6jkS%#oH>7vo&9YLfk9qS zmKjxDQI984mB@4A=n-yy-p%~jbDzs4mtDcep~DaexM~l2z^T3 zF9D6_i=)=7Eci+f;U;i4lk<-U|%djpO4>G(0tRq)@yyUqj`Ndzji9^RP z!zqQH?J{q7aNbg{t#bE0FT|-KuX)Qyd1%YiT8|1*&{B&}z_K@hY`Q?6XEd>1PoQ!L zL1ydYh)rr@AE3}G2@YQM#F|8(UB(2KZ&*qHMK8~2BV)HqEkhKY0IHMOJtu;cr%E!dBQ?K5n@d*ZBs>*Lyq$T5llcIVyPaNP|YK5~TP$B#1}4=D0w zhvy$YmEIrp`hjBr!b>OOQPLxx&gMM$@T0u?SAL!M|M7d--Z?8LVp*XHtgY7Ec*C_k z{N0Cn?6Gr<2aaEO*`@rmpLzjxy^8Y=-|o`33yiKPszT~k3@^R?1$_5`bG+*>zQ*Zu zJ6J?eGLPfCVQFLdcnY?*iJ)E6A>|-GdV<3DZ8^aTRkWa19p}7l7bGE&ESgmWB6E!- z5gsIEkNS8fQ*b56E&u=^07*naRNyqh$<&;Sh=0HfZ6RhQsk}%5K~ijCKcdA$kPrwe z;DRU97bp|y-T*cDCA2*H>=6{o`^e`P_N4a`29iBmmMFhUiD^hP7o3D8LsK6pvXb27 z)Kx`YmTXUV+1lDh=Q%}DQWYg-S)ua`*S6%Qy=73=-1>rBx#OOf zaLE;yacJWxYisM2MSk$TKDGYQ)(9ebESiRM=ePNbkNziK^P1Q2wZQ@*hudLHC`Ba}dByNO>Tn9@a zS)2#!;<8IPe&Ph9(cpkT;!~UdAAkKo1As^7$MOScyyck`SPxN6l8?Ya#v3s$4pFo4z=^MVYH#py zDle7>M#rEK{DEuOXD9vloVU@2yl3~N5#>PWZP1BWW%v9bcm?u06@oRmxQUhOKd}%n zChLNeYb{x3x=u!x8C>k51ZRa9r4&_>GZ?LqWrp3YO%`oKQ4|z;#b`XCEM=&xZRgZg z!E>MgTweb2JGuOl%UIo5$G?7iO~`&4(2u>Jh*Gne50&6?G- zs=8~cPo15Atlg2o#Vg%IG(@tfS!L2`g`%kPQkM4t*Qa*W6UI_DHnG){fAv5I=Vjt&x#io82dcVQY8 z1`t54v6=f1!W*x>kvs1Gkq7RS2Ah*w!M;5${^ws@$`@~Zm`{E2ejeE0q0?!T3xPzU z)RMk^i9-*iv5T01Wtps%>gesUv+8&EZMowJM&c>E2$psSrb_wg_wM`8^?CngWR6S&~KJF@|b>W6_udFOiPZ zlzM%DIF6W^nW593BhZ>8ib>LxD2x$WRSC$JEhlc`;-_ECiQ9J4XpS&EI>PA45J?yw zN0naL`v2_fXEFiwSCG;e+U<;c@BInye&>7n@)vKUy)cV2IYKysK+$N_C~W~@m(Z59 zQqAR;tmU$&okYDJ(diWAxgm~qm1OGxMG!_<3*Gh+Tv-w&W29r-x%nFp@cQdM!qKS( z&;m~!kTgTVg{Q3MB`?`aeIP*C2KU@|gb)7Xx4HA4qs(UoLUZ? z>XJFTEQ(r6pMF~njzwzj;`La59$y;h{yc3Lzkd-Uz)vzkC7ta*UYaFpuc{=^#vKnj zIx60NMZN9+9~g*;#UZRj~EMjcnSukssanJ?3Vn*|Da<3!Zxt zyLYU{5o2Wmy$-JEB9n+H83kLCWnH?xHqt4C%7|;DsQO+${^_sq-s}IFZs{n6zzT^r z8LL|%FZ_*NTyVio!YDbIJXL#M)zrvk&KgvSx^Z#76eb!Pga_1KZuEk>x z{=wsZ|Gp34a>I?~jKJkv{3RPO>sfPRDS%}8&nn^LvHM2~&r$IIUmz7)Yx2?_H)yOi zi`x>3&(ZU{8C?mGDgdvdDF@546OFZ$)}W>Gpq`Kw@84@F`_f{q1EMgdR<9Gq5mQGG z)9v+0(i%~i5QibPB=+xB3W6l$tTXpH|WYl z@H4IdU<|--J+rLj@Zl%<_{TrZ```5*9(nA3z#x@I+7hWG^+wF-@CXk+d_Sf$&$&BV z{Lw4UXQ(+rZsxGPd3xH*Ff__g{1_o%uF*{`e41Dl+3iHiJc4 z;pMW`AW~8-(qX+YsBb6!)2sdQ48tWLus@jlj=f%0yUdoWLfM^jl*_OH>kPp%>#@GA zw%vaY7 z|KDBzi#vcN>gm#tTa5Ag{ri6MFmHV0wcK*^%^tYJ=k}pMNXOVvjZhhiykH8 z@S7K(Owb5$gcJ)$$QP!G;uW4jT5kRJt=Qb7_QIvOpi9zl1PBV(#^#C*Ba#<9`xMSOdk5C^=*=zA z?atDuHwo&4I0;&K)>)S42m{t?l7Uh5z;-_J*?V~RhyIa;V{NpGaN3YcO)GR>-LZeLY<MR!rk;@6cR)cVI0$_H&8;*>CThZ z684T|QkOl+so3Uq8i9HhUhp%>6o(Y zf`KwO1VK#UEV*<=`k627A zek$Roe~uS&iP5(luv1D=6a`NBRAa5GHe=Q2?=$We*?*p`L|=_4MBnagsY}tHP!=i9 zP@(%v?@!Y2DpaaH=N5%gTB|A;)&Cw^2h@@pNfP6%WoCK`oFlEJ1Yt;&*3e3$ghOj+ z4mP>q!i(9tdk<^Zt|N>h#>U1N8X6=Fmy3B;>gQemt_h&O(2K=Y#VtOb6(z@}rugEQ zzQSu>_gbE~|3MNQfwBlRLOW_LNuncW_8%cC3(h}d9WQ^;nKYu9%sJZaCy~Yxh6#Zh z^730_aAira+eT_hn8q}RPvpmsmc07)*K*&Z4`Zz+2n#|TqKcBOlL7zdA704lSPFK5 zFia?%AP7dWcAhNDDYFh~qlu83Bp#rU!~FNZ`w*Z1@^_I6{^n24XKK33M?UvG_8-Y9 zib{`Pt?t%&WW2vBS95^B9{AN+D^&$|S^}jPJpjtmEZTkf>sdJhSD_>Q^c@elu{bFE zXY*?0Bh=CkL`j9QMfCwy2BFJ7hB z?BiMIY^EzESy_^2^I!|43Q<9T(gD^9NEPkKbqpN|Mpcp`q(j= zq2YmC48S=>%b3Q?FBqqs>*NB zi+M`ZHwO7>4?yXg@$|z#`gB}TUHL#Md;o`8Ba$t?e=IxiFW+)6 zO+225&_BLNFztSOrjuGUZ`fu`*)Fb=Lx04DuDc|sUq(vA>x7{I#HTA(&WO5bn zy5Z}5_!D2pIzwS4N;_<6*f1RPlILvayffDk$0=o=p#q7D29P4a6m7cgHed!W@i~`XkPTZeOz+McH$VcYtqd-+F@sbu{aT;T}`l$bW6ofPzEkF3DrznboC=3bXgdhosVojt& zQk^hRZ*uCHdpY~8Gg-f3GeaYT3=R%ctJRJJLRab+ul_$`0M1Kz=jXZgmfN`cs;jy4 z&fC#4CsYnA1!)|!dhHltGiLV5F0$u1^Q0lJeE!LdjSo_G=E+T$I0%U9O_UCO6jV`C zm@avD0qrzV98nwF!J|jv>bHNGTW-CNKnsKkh?J!kST?Omc-e35VaK)!RH!LjNf@P+ z#$tOp!uC+Y5@-bqf@G9lu$JrI^l85Ix!Xa)=Cuv}@MY(-ch_dnCBizoS(h*nTzcs~ zN|A7E_Ve7oe;(UM`|+kBeMO&e$6Ify>TKO#Nd;mteoM-}!j466K(D;B$J=x*BgFI( z`sK%gzNB}#!><&=dkIvpx%{ZnZ$&P398^VQ>Zbtt-$N@!nx@oi4YFR&?9>!aNa8pp zNfH{h22xvuGNh4U)#xB+pLGGJoqaBoYt}G6K199VKJZYkB11dr`_FoIs$_fn#_mAPFo-pEyXWI{f+tYq{d`y@+~3FYnTs zJ3}| zF+4PgH3g1{D6S#P98+4_?P)Ne13_2|i3cV*bZmgD-tZ3Yy6b*wiDcK7Ixqj7eQepb ziB4YPIwhsaN$X7etF>1En0c`2faDTau+0UKKKMj z6nL8Tz(A9knK|a>7En@n|Gp?8O;R7!q7`8nvTp4fF1zd*?AU%Xt2S(4bZmk&4v%9q z{*0LBEA<~#|H2NyE&J*}L}LxzPLD?(JIw1|_c}iJsgF~d933ey2q_C1&4^YrL3SrpNo#lq-}vSM z-t?AtaOgPLfTHlGQ05;*42tZ&kjw&p3X<#S?!Ywa+H^ z{(lez7*kL#l7Cp-9av+j64LxGp?VGLyi4$+#knczd+DdO28~*T7Lr2;4^osRaTpPX z5d)1uM5wF4RmVVD=ftgBx#;Pav2N2QR!vSYF)=|L$3KNNtn31QvFoQWfaNGZKv^25 z=jQq9*KXlmZ+k1>z2ny|b2x(h7K%^;j3 zZPc(TB2Mb`I&+kHj#kRAKqez-PSUmOx$d2xl3vy!AO_(G(-@?}lo_Vz((87K!UPr785r2g{ZHn+>6(vm z=l32(#J*i-jYa5!ecJ~4qbts0Y&0bdHAWOT1Zg}%md|6#9O0Dbt4mAR+{|n?!5glA zJKy~FkB}jpvSo-r`0exAuz85A=y>0|!XQP0iej8AkwJ<>voLdvbZDH6)x7;ZpJem8 z5e`pv`0&SWrqgvCo$G*91j;-5+6t^Q6++)XlOsG(*k{-+7X%6Gj=S#t0n`^2N#W1w z%e4WS1pp@@R`eVaWIs)`tj|HI)2$ZH#s}ls8!jw$S93#>S9R$?t zgVbv+aL~)!2rb#LW*yJC_)>Q6+0D@S7^~N=rPXYqv|L&Be@W|KoB*t|bh{Z3J^U!| zd;bTy{`%|bEX)vSDzgdywK>?JG0>npb&QcT=ef^1foENGHcItqx2Gub9&yqjPMTQh zz)2L6tUXPyw?LFOkU^7Lb2DGR<0x;u_T3zwp2HF$B2Y$>%A9jfAK~||ID^4jjG-h9 zY6NjaQIwd%c)ZQDQ8J)(CH0{l{OHjIUiF4gaqyuB7>N_kI%AUGdf|DD4A(Jv4@^d8 zGU7NP2pSj%&gR(CfDVw!D)v9A_?v(D06)6(C+MMsR;|HU-I0cl+wYlXrdQx_1VSx& z0`ysTi)g>ky6+?L;8lE{UAF}O^(TiQ2r3P~^9CdIEz6dA|BH0ws)K-&ixW#2hD!`T z=Z>Qj_klyKpLSX!p9zEzA%HA&sO)n$}TCiZu{O2qVdw6E<+((=K59wjGR5 zOfWhz#^}g!l_hXI<+=awmHNf6MGRn(HRdb}oi;!G;l2FB-(SU7zWNnxnWI(T)>;uo ziX@J4WzPK3C)hBo`IFzfh+QX5lJ#aWg+uGOveybgME=IkJGAF}-X=Oq5MhmQU?=bW z=$Clk`@et-Br=TAWq>PlMrwwaJa-4@pS2Ebjuin>&_qZ{r_)1AfiZJ97oc=Vp%NNH zC-Cvl+{=64_i=jNoZ)83%U`gMi!a(iUUVsYM=+&D$2IEF0Hrk*1ldJMi9m%K};iUp`)0*v}grM5^~C(-JE&;d8}H!mXXm>R;`+( z)oN9aMy#y|s`L^G&(C%`}t+#RYRj=cY+ipYR2r52$J&0I0xr*8L6ou&$$eg{~ zTfF?Yx3g-bMrUr0!n84Ek4AkJanhu)9g4DpDFsd#R8$hm2D&xD!DE`&{ndN8?R!6j zAVfKD%@xTun8X{i9YhM3pzVgLe zG0Jh`x|sj^vP;;!eJzCmN=ebni0Xql>wN?R5qO7NHxF@xw6T}hzWL*P;A1zVmBpZm zv_%#9Ez*P+cM()#AX)JOgv1HsUsEb-wFbi@qhy_o z!v_x{g&?iP9{sO3u!W^GKGu75bb_Z{crM#_oW#WH^)vp8IR-Xw?QO zbI6MY!eD?Ps3QW0)EZ;E6di$Zh9FcB*3gYr-1p;xSH1p&JoLn2vwzL6WZF{{3@Y^_Cks@YrEu(P7W-310NPy-ZF_ zVq}KNGr%Eii4&SAOcz~#^6moh$VLv$q`diUALSe0c!;jfp>PDkkxI=8Ya9IG%g*GK zlXp7H;e*HM6$QcxtdpQL)|I%*eqA zaf&sT`Mif`?t9jrS~l?dq@z9&NC;6~tA09<^ZA2Vf?7j6o8vxSq3`Zg}P@MN?unLBz6Lzg&eB6WZa18|Zo zn?}n79aOT?piZs6hcA5jF0OjZhnea05P`x=@QTq$7lmeF~3r z?o14Xy?^;1Hidwj`Q;0JD<^3i?WzUsybyh&jshM z=g5(1y6qqF#Nl~ny9HJlg!L3*A%y4N8@oi^Wl4$GANYM6?y8#yII=9G7AGj9fF(OI z|MPusKe5b-V43OZD!|Z*)*v5vnx+!%eGPS-h$`B2L*wsAtgjngR;yqrc+qakJB`lV zJfHvikLesJF@-=FhmqdSOA3MYl)dA;1U!=8k0x8{4p_hl$gHL8cKt5O*hR8Wp7(%0 zrFR)quyP?b#t>8vy;29%Yju)ZLT((>v$N!#jCxYz%zdYE@X%4R!umo#v>cxZ_6@iA((w6YavC`nvVCUxMc<6zjaO}w^5Ykqxv4GMV^0tSA zW7**3tu0R6zMA=k9$9yeG*Sd<6RLJtw|mU9&B_u-j*bNNp)EY}=pe88Z?EPDk35PE zw5OAb8mY6Kv{v%_FWtw+4MRv95JpW(GP2STi5#sYnQ_EvL|ItEbS>?o#ozwr2l>t& zKSpTFSv!XLMmn`+(_ z>N)H42&I%2UDzxRbf~1fmCCOytoJ;$InsGfzp>zoa&f}&Kj&G8vU2uWqzvQ9LP7`% zX9%N!R&$Ufh?$z1W})3h2LVwOQm@r{eE$L3osJJdRfhHJ*K*m#7qM;oPDaL7F*-5E z*!UPpxZ=|Lt6UoA$n%1!nQ0C_@i=+AjV%pAc}r;@0c|m}0-2P2^|r%o+IWx)P8*?? z4q#mAx%NU(7F~*7j!~L8jwwh;hj#JxI}UNxHE&{Os(?Ua0ZqxU>~PUpYkAJ)+n5+{ zAY_EGCC2oKg9f>oquW^^jv|t{i8BxltmUpBPI28^-pV8U50D0q%P-r-<-fj*!DfQ# z&I7*B9*6)`jFmYQ24zd~0^+gF{P@wFH@x{;esIqLWEdhufkx8^V9)kJ{`jS5v1W3_ zyXQKGv2!>Ppu#4$n4`!PTKW7yr9z(fyi0iW$sXNr?`Qwf9=5QHtUHOoNw8Hc*iwR! z{}7zBD6O%!q<<9ftF2sQ1ooktAP9kqO3acqct3Ov0bv+YuhkF;<`(AYW<8?NXYmaT zG^o{57P<@mco%85oVcBfFT98owryvi(PC_DoQbh64(iy^T}{`!GtbJJipP7}oV0im(#=Hws>1JyE9JQ&ytzJ9lUig`!%# ze3^2G>3%IaCG@({8-$-G>cj(a*%DQ2i~vC8GV+I(JP^^1Ryx|0oR zRCP!1#z?K{v~EF4e&io=htfX}9F4gvLj&0gl2U${CIM{^FRT184BPj~3Ti?DNsdJ< z=I3c!#jNZ756tC=MHG|FpC0OrB)`bU;usA@^g?kk9u3WZdxdPXKkHo#SPnkibAz^i zS~$;C#Sm`Ok3!Rt$|3N{LF4Vn$;LM`oH707iM2Z0*C&4_CHDer>C`|oe2*SR#P0V{ zxY;?h-JOwlr-ma;G?t5);V!z-T#?ipB+u5q_pnGWR24!j zNvuXMG?NdU&h@wul%^v&suLKPKCuv&pqahsxH!iJA`8bC9gBLabK;Egj}nz)@CbTe zR2o`V{r|Z4$h})7yWvOHb@NL=j(|Y6?aGdICOID~QsjUqg@xW`!;hEVNi@mr=N;~< zpw#uVRerhj$@s90`NY(l_1CzYW`D4jppOw*ITtN|V9H$O!P+`ItM7Drg)X-g>m=5l z^50lo$_e}=Gbq?2ioPW0G>-(6dWPyZ2+Hx{23^_D6nQ1R@nlxvTh+Le`h}@?}fm+v5W(MG>Vk)`V=uFp`8q3W4x}-j-T) zMci46+{==~DUzmds&R3W1>n;sbnpxX)5uI>c*yDN;djRn&eY=lFbKW z{J+rU;tfe5GExOW7KZJi7KT1lmO^ zt{ZN3=UWbtU}*_@6Lf*BOB3cyMk<1(64RlHWGXOaP6d$$1iXq1xtmh$*Y9Z-+u!Hc zz(Zmc4)o$&Q%Mfn&%58A6PzuZzJELBhEu^c{uaq8eDlY}V2YX^5%{ZJP-VDsBL2zt{xB#^S6Tq9wqr!QM(o4{`ti%-DzsoRRiQBPLW)~ z)&HH4&Nn|UiM~uWkyv(}#C~jYV&>cx$wUELil&zCDXADk3u*S(htFbKuxoyey6Ki4>v|lKJ z3>D+kVqXo$0!JAlNfn}LLmZ+>?A|CZJvK$CIY$RHTn%3I+W1c!a4=P%7EUKB>%PdM zso^84iO-AA^uk^3I)v8Q6sn8r+=VBG&+sKIkadE0d8*qUbT8hA{SvtH=<_JK3MBVsDlI|Mo0kKNdOoMu@?$4d?8rI(v5~3)pG73+lje3CT)4$Wmj%1 z?gn+jUApU@1&Y#aKX{8=XR<`=MK&(MzP-Iq#4(}G%C8I<;mI$P%DRX$2_Y1SSi0<7 zJVOJOB>W2oMph?;lJ0>8chREY!BPF>rn|Zv!?IOZ1K<17^bCDbsR-V&-$j>^3Ho}A zj@z?5p3~vSlra*2l1L>sGR2VtQyBP(bm!^EXzW`r>fdHlA-kvj8_Ws@paK*=$3=nY z^wLGh;*&)|+O7OO3R+fEGN?4+_kyCNLjL+5n#``TMBp(5QhAe(Cv# zQe0ZeltR1~QInrEh%j{qB(fr(skJ=3(_d&7PlV)A|;!4~L1Z^6`R zyh@t+V*Hgl0u#mguFkH1%9*f&?u4Ed_fu5C2<@D_#RaITDriJsRQ=lVl5-}yIj$K-geZ9pc`dSYR#I}ea zlT?>9K=Jcn)Lp30(p|v`bZm{d&z63!d|<1-hdHwKHL^#=zH+w{0kzt9R?p*TTcSaA zm~&EZ5+%o<1xAAXd;+UMSq3kGfM3xJRsc%NXei!T#@2=rgY>J%_@-g6`{i>!239RL z0~#f*g$?_0+S|*H^D>IsTTkIclaV zj%OUi9r}E3Hkm?$!=pP~l=|BtioAK7sR~a`!)kg#_}=E8|M zC(+!wg1SxlS+SQth|bQ#16&hNWnvVSX@HlLPEBj>ymU))%<^54su-U76ap-8LHrx` zmG`F1-!I_N@9yJ@Gk>8(27$<>DNEN60&#}O3Yw&h8GayzcwdGAt28!6FK(skOi$v| z+xX*ENwZIY2@0*)@Agnp9f(vkJGtJStd%8Qf!8s?#i7hcV5A?O0B@68a76JFnhpsF zpY0PkFeOZuneuiIfet1I{Sc8VNzzQ1bQ|)*FKbuO&Vy!(<%56_9kijid=~nugRQ=m zT}#pUMP7rJ`ZcgBWI!jl5n8L21qHRl3d*XoZ2siO2h0-obGx_+pH%ukSc_bhJ@~o^ zE^R^;w>j_L4_UxY&I$A0fyxGWgdbeQsAy<2R@^FH5tEmm2qMki4#j@4#XY%nnd4$o zp`Tp{{t{a9-`+Xb2nEwS*Z<6$1Bc`wXt6rm|sGx;sDM&_lKAi;fsq7>wRuw)~v*y;cli;dj)}CJ+I;D6V!8NvBo} zy<3&xjfh!tWHBQ35_j0dHt>j*40t}?^In56{IKX4=_qjuvP{Nn_S|#2!lEYD!qtfQ zDOFSp=|@NER=z7BDH=rvi4x>dq$a#<3EQ=vQ)qQO!;tc2VbQvNT_{{VRZT)?kcehR z3jW1*(?bLlWj&obH(eS5r~?*clU(Rw2a-BRRbQqsliYDRCbq7G{42RfWL@%P6GFTy zLm8N*(aC^>5~Orr9KTxI5HirLD-u|sj%x--<@hnQxm}u@x1KSDz@Ym}!dpI*iChO*4S(^;n*-Uy8%!ok^eikLKX4p&2LmmY_ut?v_Uzso~7 z-4A<@c#-DzZ1Kd8+DTqD`acE1MBOTfnH`@H3L_UmoF zs379rXT&kGqR>0p4;feVAib$jDIAZnP8n!-FJ*}$P{2vX2j5$Ess<@Tn~Ihmnl-=o z<%wDYK?~%QM<_ud^m8F%qB^)^iVA^^G%64W#5`V-e40r#T>;3>l*4p!YMt{WnQm`k zk>!X{{qWEgn{3^eQ+=@qE#wphfH>j|m+}4Hr)YLkzjm5x-eu>LW72H<#CudItn3NF z+id<9cKkvKi4cLUsl+h$fvKF+yksLI`ksbEhDwn&IU2D7kMB)e^NW6&i=8J*X*tJ^ z^QTp2##SlXmVURqN?W`+jTtRGk&@V3-5MjjD4HlqOo0L7NptXvx4{TE~QCV|f;^$;` ziP!DI402RReo*!ab};p7%kz#R1_yA(Mg#}2MY2a#itstzv1Kb}az*@J#DU1`s9Ypp z$0t--#u7uZJ}U`Cs7>+(pSQWO^VCMhZ)53J;>%*Q9^l`JoF?lsctny1G=oErk1caN z-c(|RJs}>mmN|koxz+yrdV+Ub)TG%Em(^B=n>tZlZO+yV`q)-*ewgwWjBruDa1kMC zEO$HBP?!%#a>Gi5tF>ZEkquQAlli_KngMHqk^9UJ2S zEI}g`e4B##kE|q7q=j(7%%=H+SUKz(M!V#b*UV z^-p~G3;~OOrAH2{hvSQaS`m^UrL7=Gf4UXni^FNI$k!qhk3yuCs2H9O?8ge`+@h-c zNp`)(hq6vw?LRAW69I|Qt%}&7EIc)X*c8iW;JDwK<@FMgv<$sOCTDq5C;b}_F-mMZ zL_7jBSPTJL25E+Q?QUGU^DJ*6SS}UK&0gICE;|vT{2Ynko1;1XU8Nh$ET7MMiUaH&hp7m#(2{ z3}4nB5w09W6CPfe=GGjg9I03xh98;VL&?&9MWwjvjvw4x*dP^_mZjZjb5)J{l>D-I zYWNjiRc@M;^m}71ZZTzZ5G7Y>j^igOb5ltS>-_Z#l?>=@xm-(x08v5*#p@+%Y0HH$ zZEoQn5DWr+rQ{y~C37U^PqEQ7DTTyG^g{I@M~H8>I-$4!XCg`sF-=n7FxG`X)0V=e z5BX-tDLXDDq6~CI3hielnWx!J;b7NOO(x;XsM=b&`lc>$o}S5Md)*kt_@Wzjd7)o(T(9ltR48($4|16YVXC)|lyt(Q!S{O2woKWfd|G^V8y7OGTx6FX`s-JckiC7&#IrJ*hP z(@#3*c3^Hg&5^ISbg(1*a)HFXa*7*br9vW*-PZX?=zq<- z=wO;3tjcbLiJeimRagJ9^#-o33@y$ilAoTVpa|(ttOFcS)=M&uYH|vg*N{igX;t|_ zaJlSu#ot53-OoZqg)yIJZ6{(7efq*hNc4~bnF{*D%N0uA>T&!b(FD;9jj?IXPZ)Uk zu%%jO0=*_Xllwgy6ZbO}`L^jEzsmKRQ|6hiH~ZpmXW+@z^i- z$(CjT`}VvRDpx}^4HonuCs&#!EamDd58tSFd{ehR~irRG8%M*kHzg07|w}N=M+} z;IoEyl~x}^Sy{1bQ4*or%xD|r>-Rhn*$>JF1Q@0Dw$xI6C#=&Z8?*b2d#)2#mpmk3 z_u+9r*)~Q2W)h8}8j#JDqHNk`&aogb(VYNB##={9^MHcMI8U}9V7^@IHrhfsc=j=S zcxnljde@{vzd3e0Un~w!{d-QQ!cwIEquhJfypl0s)IJHcT&r1LYd)^a`ppr5O-K6y z%DI&`o;_?Wku)>22PrB+SZ+i^v1#LGPoB87?zFyU@D3 zaG$mC-~H?=q*FFL%YGwv6a25=;OPd!Ph3?$=IiiMq0)q;q{cr?L!=5H z?1Ow6Vf>3hl`p)zJ*k_5_g>kJ)(aFri)!Mg+2G0-s!ei{TTfS;^Jz>=q}w1!BB%A| zFE=xhD;ch6N`ihNF_}D5ghx~7W4lR`#G*1Q(88{_?;$Wa6|3rp+*%z3BiQ*gnn{SX zKP-DuST`n|bA6FzsfMHAicqE@fd8Z>T;hxs$J@~~sNJ~yt;|RWJdO^3`x(Kx4--sM zb*C)5UCt9i?v)*02AEgy?N_)VR9N92vX~S! zLE6BAZkTvXqzFt385uUyoj&%Ib4)t2I3Xd<4z2n134Xz~6URx9h+Pj->laXw-;t(9 z>WOCdWzIer+^OV~VK4F^lwckv)iyXQ;t@(UFJl>>Gms3oay#W0Fe7}LX`S?(Ci>d2 z`XNaZ)?moUQN(@InH2$j9k>RPbRo?5&6OgYv7zzEk9+suMi7>$AJoE9iZUovO7+WLt`eyRfIB7WKQL z@&h#82eFFfX13mk2mDUmXA)g^=B+=(B(O)q|3^xpSf$b}2-CTL>T2Y)j zeg(wEa>ixMK@g}dO)Y!mD)6L>B{M#aL)W_7`I>IHq*OZl5mDl;n{FzjHJxGQ9A8!Q z;I~c+J6UOTJp|8`mZUUkA%Os{n4yQ*Ay!af_|{RwjQ_Y5F$f@n_@hbpuH?l|bB#XaJK zO?&Wd-rM&qwY%5952yFx5A&9$--(P2#H#XoSmm}`970;3D zYI4j2O|6zy%t8i@Y}Elw2Jjai|FK6%t(h5|`6qXClgLkRU(}Dg9kFo+*^LPc8r`{( zo_;>L=`3C^wwoIy1I{`NWf&|Q^_GSKZBC9qDSl<~Ib|qwV?K}$$Sf=@5XIbBNuyvA zR@BpLHFmD7)iwPczOjw+AUTcZQO$xx1~9RWaGKX|{lIYX`SbXs{}#=;!PgXfO$}eg z@0C3e;LclC+)$@Fu(Ik>kklas!NQBrj)^~zdebK(Z+c)>m_SQ&ST!mWm5f2qXMa|P zDzc7d9I~U2sU!gLzlqT#s1!8!5}MfX{48zv8EE8)g{SWOJZ>IbW{@gHEp}-$pwIis zy`ViQDUUlJVv^U=?o~*dpI?@X}e~6csNfU^CCIo zUG%V&6e37)V#mmO_%JgrGLslFl!$(#tlx45#Z>b0nk-cuOT0fBG>1YV!Nj1?sTIVi zYkZ!3!#t0AaGv-o7_YKEPRci22G%4kP?jycji~KO#@_i9EKrhp|Jma8dsGty-8na8 zqE&1oRVn}gsM4}u#MG0%{cWG{P_OI}(r{g|WTio*p7}nuumF!JMjc_8Q*Sd1dq z0aOW3tKE4C&2a7Wr()rKkTUC;+19HaxQemQfdnEhb~Lqw59s@@KX1SFZJxsA7$|Ve zXR+Nam>L!J+bP5iZhUE1OV}%;o(_YO&h=WyvKA8Ew!Y%+c_bUrmXX0ZSS9wid%~pu z_UE_hOaIt&Dr!XNNY$Fg)}IVa+F>|waxXOTaW{fe$KepvS$F)?EDF5Q8v-Q)bj11l&Em{EUdvWrQ%Jl3H zY{YR(D`Q6rlhj#*5hgu-;}4{rDHV1$>}$k|Jg|&PKJ3R4sh^B|UB41mIzN6WeO_pu zVBc(bJ7FcY@N`U{Db~i)l;qnm*NCDhr?0Td+VvDx-YM$wVg^3(2!r%;_oEEGLTDnw z6Mn@svda;U0Kdod+zN$gHV8l#zwh@q#F?4YK9!b@D_`A9Rpc;vs5ZP_85FYxMrQ(P zOG^HJot&6DZkW!=`4*?IDcn}ID8JreIL^J{n_b;?ai86FaDO1Z0kib%dniv9D$F^{ zxisVCX`Lu2kJPX;r{B!U!|+_VY5sYX;U=L@raVwYXIJ2m%`IBJ=4K5UeCrU3E_el} zQmUQ^Kc-BkVr5cgg#AUpAT|Y5^2+MMzRv6dF?2qzN6|P!&(w6L#~-58 zGK+f+$u?+GTVXyyrLr1+{D23$QaW!nZRN_K&||d8)V%45Agz>T?&j7#H-{VCgIZ~h z!);kvY13_BQ*y04v3uI1f19|)%?jlfC0f1M`{)}qni_95Je7DP;|vKWeZw?}8-&*k z^dOlLYK%a>jI$h z#646LPnpk0go1J84@-BDGV!YJ4krW(`fYp@j6kwXcq-de$858WInayv5#Kz6P4)*D z&O&uXJldcPvrGnihab5yoGhW^*^}c%%b{XQN=kaVe$ndb%rRF4@G4^+GQKkd7ij>j zje5+1G;(R_nbeH(np)KXf!~F9zf#DKwhMrp`1jo+aJJ+=Gt6^qLy6Pl)^wn+q794q z-$Uml`Rw&dUuPS0t0*^I9lMvd9#(nt`ySY#Gkq|1D^cp&q*f%JpVmLmG<3$f z`8x)vveT3mE1WmAV@u;|j`Hvf+hp3XE2--)GFDwLXY= zWk}6XT?z8A7#b(VsRSxD&r&0Dnd#o7=wUd6VJ?lH7kZgUmnP57-e{Oo2 zjrcIBH6M#7JttR;FY1yZcEc?M;i4@UCM+dAJJW)#E6%Mg=1~7KUkl?cBQtK%3?A^! z8U4bO?A-0usxF4BhT)UmB`2MtauNSWMhAT40bFysFMZpxF<1~2DdlulSB(NY&Q&X` zVNtVBf;8DPUFTi3Ap&hJi;+qF4OI<(1r8$JlmNv8jt`vPF4|0cH;!<&W-jD^;$m+; zdaQQ1JA>aJr_Udc?q0@NnWpR-tKAmQ+p8g?D|t}?U~m^F6ld3rf|%o&Ecxrk=fIrV zLh*BC`xn``@B19Rj=HT#vTRkq6T-74WO{2zZ~O_QztkQic0FPwnMIbuzy@8@_wxU2 zOc}8?#D0QWK@p{w($Ot`lTqjr>34C5w`QtT%zPAlB2&x}96noP%C<}O>r%?<`@N2} z!OhLf&-)dScY}ZCveGS%=Ruig5&1`1QEo!W2OU%J^-arX~h?iLJr0$?@qQAD?oJj6wJp z-iK|FfZ>F}&te+W1cM%Oou;$~`d)g@oX)+lMu#lAnL-b7sD3{Vy}I87w08llneU%mbLMK|f(B&7#A z2YK#d$(8vfKa3R>azty-*4`h%p5G~{wI{%!S|0O>Rj);D657hn%|HvvqxEyKs>Y_M zB?n{?;gHDZME~#&NGu&s(rxlBTK0AXGbuavZ?=^lC1H%yfTiv|yi7zRcA&Voup@3_ z3DK&a9!1`!CFi_7buvYy4_V8j@Wh5M!7Bz!ZA(k8V%yJBAvc~!E8gskjv+LCX!ZO= ze9Rx`>_Xg8jnF2fr&Dui~SMWP|wIjYzrpUz|3fgvOfW;wB;4w z&R=De3WUZz)c5Zh%8t0Oy|VFz~ z;DEd35MetnIY0A$F8hsRQ&l~C;>OqFgQ=t2>3TsLxRBL#C%9@E=?ISzp{8s{BWctbDbrKCS^#kk0?z_mX7&;R(C-2hWnNbeCU%qYX>B3th z;oKRwT^gW$E$>EXeC&>Efsh697tnY#;kcCuebX%sd(@o0M7w@TmM@eyVrs!LfDPMF z8j(S^o?S9Mzx~fc9v1Ia5>>3YVwM-4x`RTF74O=$)mOu);Ak+n`*(08aOf9_FwV2n#P=J>7XFyTKE@wYGYo;&nlC5L#@) z3L6`n_?60UmLANFh=I<~`>#shp6TuzZL3U9C8Q0n z8{Ch)rg6d}Y?Eo}8O1~LA$JZFJB&yZ5Z+uZn50hnO?RgUL$L2=n|f^G+{DW~gC@4x z?JDALQgg|HWcxOBjkmohvMe?o>cOFk-1S>O9?t@d_J4c3+l{7fSZ>zKBO6ss_wT11NPs6HIrZ=hAph~eI(9p^tK@JzLY%swi8ZtHN?hrSPO5uwbe%}*H;RRi zPe6nU&y_K5ZS`FJayw7r%gxQYqX8GZMqlNBT*pL&7FJPN?fg80tVd#9R7jawe)_Go zZsfruydEw_O1y2>#N00DxYhIJox$r}_}X>2<^IA?VVv={1T$cr`)Pt-&IAH1ZDVg+ z+t?_{LzY;|Ael~`O&dR{(vbdKOFR9KcRn!iDP@ z=m^iytwxr!;F05}lUbz;u(I;wv)6@Mx+ln!!&zZK^5d3h!w<;FAfL!og#2i=!FMv# zl93_wl^MXz?Va{7!vk9*05TAbt)PCFE%(krE34IqmBHnem}97+h$@VemHf;9f0yCe zU*RbRk9p&*1prC1l8Rrd#EpWKtO29WRlE_zT0N~$60C{3+Z=&pE@8Hbp z^262kyPdJ64U3h7nFV+Wyam9NlaiGJKtVwPj39pi@G3w800RyE?*mD&kPjRp92_hx z95Mm|JR&MGDk=&x3JMxJHYOT67CH(FCO#$>4lW)Z9x4U_AwDi4HZC6Sze1p3AbDWn zkl^5uaM4iEaQ|N?a5n%85%3EN00Tt@fX0G?!GZ$!0muOWC^$%M|5f9785$NI5t)#fl$??ZnS=#}Ma3nhzsvsA)i*RYHMg|>1@`v!4-5_skIc-@ z%`Yr2Ew60v?C$L!93CB?T;JT@-9J1&J-_^;>mQx}SNcB*`(Nn7g3tvG3kw5_@Q*Gi zXm`j3g9Qsm$qtV#rh;JXh(pB@h=?m5pI_U9M9rysh4=+5aHyf6}!AK!t&VbRG;AKm_ovRuD-K`2XkH5vF{qI_*WC?WX|}7D)X#pC($W zPXH5U3XZCp!a?-pikxA^AW=u zXNtaB1hg^le?(39{u%`agcts2!R3=J-r6~VlAd6|!$Ub3AVwr|xn}q#N&X)t`x^N6 zuJqj@Gfsj5&5edHh{Irj-wqhCL;s&;pWI%MEzsqu82G<;`~d@|q?BGC3BUj>>HjQS zE7#$nRtP%s77X~Wgo*rT(J$?6^K1)WX>ib=i zN!!#~L8n3HL+pHE#sO_dONyTRG8F_!g@q_NR%QUVnl2Buw8M7E$LJcr*#5A$%v|Uq zolSCHyX>fgqomXQ)gEQ}ee+7G5Y*G}Zs-jLP#;+_cKdHzdSrrv44&aa>y0fe6#(RD-%2K=Iew667ZC;n5a$~A4w?Fna8 zSfnK4DxL%4aW~$4=-AQsKi+(F{-MObjQ$Cp`36A4>|wae?z z|1jQ!fsnGV4|n`3uVp-}P#{wIto)o=YwLCPL!(Qb-f^?!>PSoTujn!}FS`< zRJ5QK)cQ{YUnjsl4RVe>k&k{PKP_mv)7t}d4;&>(;upL)j>XvGoXvPuIuq!ylJo%s zw#Y@^3(WL!#QyGf?5h|7X_fYA3m=?%y@DfsO@)b6alyB?5In%B0t$fW3^uQiG3Na@#_NtG4#T$UQC;F0Il%rc;;GvW(NQKg)=Fa!cdsaJ8%jaN1ifNEl8cnPj;v0(7Un( zD9(K2fTt$Bjf{5zuzEy)Bq`Q;3i9X$1N<{Gg&Mg=!LBOR@knyd8%^X(VHxrG$E9UPP@mUUv|Q4ui)@~`dHrj&kxN{ zr?&2;tL3fnDGb!gV_vmAd%3#L^$)p?vzMI=Ka@}1D~p$!QsmcqiPEZQeg!te@Kf8@ zQsi(N=)PbCJiO)5chHR@9Ml=#p8G@tJP<|?g*)5*Bt~AVJIHHVX*Vw{*8Q)3S^D2$ z*F!q(7{uid6f1@>J-JB`7*P7O2vo>_BC|fm7QtMXw8Z7VEpDP10-2Zqp#3g3dKdYh zt)&iuA{e&j0ld*HWJqajDU9ErqU&!);57nJZgLJc_pLIm9u2*4vb3ZhInR$8#|13$ z`R-A4XiR=;q|4Gxp)NMQVL>>BT^Sgl4{13u?q~Zg6n*H;9l9Vr*>;E=U~8=Dnr8F~ z2~(=umfZW$u9OId)D%?Y^PjoSOiz~j+H?0j(idM7{j6^p{ARs2qZ%-N@-7Nv&rJL| z+hLZaRN~oT{HTdNjQZuf)VDImMY}iXrRoX$pN3cRxdcyzJGNcnwyp{i+l#&BbCx8w zz5V4}bR_vQF9pMMo-GixacqD{r9fytd~)g9#=1zVtu2lM<2iF9F18{9U4WM+$D8=o z;)7kfKToT%g?*V`@qFnjoi?%dx;rDB6NbdGq0=#gQg(A=7K6Bpo+1>xp+jwxi1EE929H$1=^eP;~e*YNe}#*zoYs@`=)+p_YoF zL4B6)N#~x2zjFTa`{6LYNF5juTV0u8|0Kh--7651vg0rsy5b)keNJAixLKDQo52(P zl&ZvDcV@=RxmCp;#N#q(^-?nUF7LmnBXY-6c9P>7)p>d$uH%bh1Gboe%P^8qW14K)8ub*whV|05xP|YBd^X)9vZGLqRKZdZ;oCHM=b?^aZ<#=mgCX* ztn*d#;9Bom$tlNiuD?x`sh5UDs=Dcs?J8@70cG|tr*xpu`E8M_r41s;lEqT_EC~km z&+CgkbWa(FO14bje>CBW?o=HBi0}R8_iLdRzMp+hjc&eLPF-Yse45NZs)hywLLtzk z?@+GxBdj2n4z=yBK1SAv91_rSO;gSS27ms|1<%FEE?tlmf0fq~lN6cYz0nMJX?U^5 z4N%KMO=mHOa`w!Q80iAmsaj)Yu*sKEs(o`n*|Jp~8-_V@oLZrmdMxwZ@;vlxhDEZ?{ek&c((lL_(jchPCoMxsKT*FvM=f&1H{5zXsBL`; z_+P=G(5$y;-%s{W>cWT+j;$sGS@gIdjd65IW7bw987hlcY&$~%r-s$cJPEjaiPxe> zsZXtaGTcVvxIt-CLbG&RRBlONC}@;4HF83vaIiiy3=+9Pn-@9#mhbE`o@R}!e+ne3>&qlu)(r5J{Pm`lOC#5MZv?{+T1N@n2#vivQmlSKj zd7fwM1Yz5KPd+~K9L75@53j~f#3n!MPc^02pGmqfIth+8Q5RL?B(0O1I+A2;4;@bN zQH+(((E>=w+35hzb2**u-*+D}W~t|RBnsBYjpObIBz2s@fNw(soSW{7*3R3I-a)}2 zwi;Autp^SNbtl2$xNy_GV@$vgfv_i)WDwS1R+6vc93a0TRC&IBz^VQJx1otkLRfze^Sg>pdAyG9(|8D%@aX>2XBcGX`$?> z)Qu6-H$&<9HSQPx;uxZSF!KgTefr&gX)T zujrpo?6hJo?V48i9CsWxwdM8n4*dMV0HDfN{{k~atq8GPRk)#&EqGPIMnFZ4E~Vjd z49s#p9qqyAAW#GD6zgHi@f)5rUnCqb3yQ6 zz|an8!hfRc3fIrGEAoxc<7sg%cCZN=Z4CDBUoHr$j!8U z;li7|h`6y4CurVgc!Sa7_@CnHl$)BLGT){<$>EPCvq!)HM%)aBpL34yRr(dtgZqm8 z{>u>HWIv9^Ur({BEc+xnL;*;*F~Pw%cQ4NUUP670+;>n>Q2VXV->O~ixDUxV>Lhmf zWfIJ8mPw#B5BErUl&Ev}4NBS&yX&jUB&S|fj=?;_`#b87P4}1Rz18A92N@e`ur*9I zzYui*XsbEFaf82MjkVucYwCEZ&lhKC`!Hb2ez9&i^~L0w)O7C#c-`-b(-|RO5C2MRfY#`GO=_yI^a?zW zOZxeY*gbN^_crdOv|I$?nXO$k|J0B1c9PP*PU@J{F?jKdRWsuWAm`$eqd^R*ILY{* z89esA(D=-**6JxIsT>@|_YU;G%I7Fn~(24739V z99e%$Nd^6#1$E7W0djDzUDzUfvhyNqhVN+Bg&ZK<4x;ldkr)h(=UjH{zbwUN-@ZKP zuKoQcCO1s#Kz(@{gtV{pkQ z>ug|cPh7AVP=$O9golO$(MaH7bx=a6h)4o3Q#}xdUsu@LPxo{P3 zgw5lgJ*NBB4YExO*raNG=h@(APU}cqDHB_Q^Se)8pquG@2r_gB25A5JF_h2=fh8p5HbAWd2;{XbtLhA+CmDUAUG zEaQldg!va5tP#16DH}UeR^Y5HER3o&q%nry7*CYWUJaig!a(nl&lm%n&>%{EpD&Bt zzSN?dw%l*Ct8y%r0j3r-A1dj@F~o%nI@U_~EY))tn5`{+xdqppD+40#w|HyxI{ta8J7P7L&z1!!RzEb4!uW^MU`+Q~;cZnxs>wN|^oXSc(Y zJu!Bt;*(L%Voy9*@1>i#$Ewv78Ik52&nppC^KyhD8CT1vW`F@^n-bMXOcLdn8w)3K z>KW@F&CJ(`oS?Kmc@B7y8ylGI%JX$?Q~#+;k9NN`BwAYW z2TJllEd2@zEXqDb^t~8zZ>s|SXMcJBt{!-~f^d*;4i-qFTyy+CX|7FIr>SEWGRYvo zLY-=Szjlk@;W=5*VQzrW7Nc9j8UNNXd(Mp+<%;SYJ|RBD0Yy=*95i&Kqh4{(S%9B$| zp4{bUSXru>&P{@Lj-wN0ir)Hm>8juzIOD{Qb@fu`yzYy(UOuu)X!SfUjPCG3wS;gG zXu=JspV5&GBHUMhiQQqi>~f`&4WDqU;oH-K+G^Ce#{Dd+x*BEsL9uu73g)I-Lgf0b z>wXLjU^mP+b<ZGLqd@^`j zk^7_uVuvU!)c#xQo2e1s8EFB>+Ny#z;V-?xwe%q%Ba$c48 zr;vS|zNq4Ii`_t3qKya5BCV8DrSM@S24Kj&%5R&;8<#PuZs_Q(%iH?ZiQe{AP4gzw zjTOZuUGbA8-#tV3jWlL9v`^oxiC<0UyHt}kSrmA5^$;t?LL}?D69+qrgU{htbpyT{ zwU<+S-dY(aBK5*qHm0xe)o#tpW42Cs1%vs>P{W`HkGpEig0Anyk=2sASru^urBd0_ zp40x>ajefP_*=yN)J7iUI(5fp;M#(W?oFye!o;Q&CX&Gxh*0 zR{Nz^F!7$dRPxhO#!{G9Lf0Pd5ip}cS?j+l#P$DGR#l&R8dTdBd{Bxc!;Y1bx<=2b zD1{{&gwF&6P?Uh=ckIVtz~h_NsM}wWu#1!fTX_v{`I44opN2#G3FzyF#JQY2NA-hQ zAAYp{IsX-2)H3Q%9KZQhqA|sPZT7Ew0$e_aolI}Hb9JtP0arLz0$IMXC7TzPt8ZR! zlNBP{mQNC(P$3bBsU`A1Zk}ar+Ualj1Y+)Fa6WxCuIsxyUUI(7S=wI^un%QrUEz0S zjM8oztch>I-}N6;H}X9*MRmM@0RuE^7HlW{pODC}G1MvbAtH{PUu?SS$F*w51Idv=4u z!JE`4tRe1A*KZJmhSLz#(V$~==HN+~kW zW5$DHo-)s5&NYNG&qI`CCS}MF$~V@$Y(l6iO*-FtDKZjayZ&*y1-@v`?h>uv4N zcdfO*>$CPgRy`xS+4nD7KX{cua}_JPTfy5@%e%ADd#x*TOLSz{3nbt*0Ysj@(<>^_ zVIsuWW$4Zd<8D_uNb!RAAdBf@srr>yz$G%EVtf169>fzPqoTZ5R%<-v&~@?WS%joH)~KIT&Z$G`^2B4Nx*+ zi~Mz)#+aC4>-39RxTeM2%#T}b?xcWmhN3NnwM=Vtm)FlT|D`s!RcMTYPjZ@_xCCi) zukhW-Em7~5QNulmE(@3p(-m+35-23~>PkCx0>5LQoQk+r6 z8w~cn%^_ubkRsMkQ;D{X8NshY%QcufF8g5VN1<`LOc5Hn1ZisdtF8N)caxqf5s!?) zl)@ggN}IYP&?z=0Je63}CybNeVP*D6SJJ8Op5{gUT<0a+_Lhw3WrOqZ&&!GWG)BouQl&O$GYza-Ox9*)2`H*U8*DThKW%d?LmOkg*n2EL45Z8t zYdz1jJtz7i1`_cC*KNyYd=IkiUc2K}uzN46_NoW&%U%2{SY{|Sqc|9(P!IKwB6UKV zGi6n-#-UmKm=j9e7(%3OpM^b|%RFzLl~d&+j;`5*M1Dz9J=5E8n|Z{`Bu`O{a5H^_ zN>Pje^3R=GT?{w$ZBD(H$GjVScJ(1*6U+k^^ma8X)*{N(c3VNFmI^$T#S!lSx7V|u zxF%cO-%LthA$V%X9X9aQ1TwYj)+e&mJH`&)#|ADbD38Es-@i2~EN;@09~7~Rz6XKq zO61?2m{pV07#dsL)!Bp83GQ&{78Ut+2v$+AW?nFj=4q<56au>r4jl`FRoBZW&1>WL9ql91GUK z0W!7B`|6>F!VdWqwGOe@GamI~I*7Kyz(V}LvD z)9bxFzls0K?OW%)ZD_W6g~fU8QBk@`m=fNF6rZR&>+jm`P-w%Y@H7&nn0GFEr38Hx z#tM4-adJTzjYjoi>l53V;@Uj^+>DTQ{8if@tU#V(`+r=czm#xHbatnNqpo*-(~Dnj zZnOzdc3IGoQPj9UDZ^I?*L zQkQF$R|gFiltV({87l%-(7J?y-{B?}*q;-+wVqIq+Awqw6p`+HKxs9hGNE~1S!%KAee>#oA-n`?h0YSUbX| zZRG`HMy;3#FD7G#59X9GY!5>14{{eQ;6hz;a_n%4xL(~?5aq5%RS<)BFAFaCTMB2+ zKt<+7($V-n+2$Kx{ZxQC{t&U_{myO)$HIU254 zkO={MYZo#*@rXIgkkp_*W(>r|(gR)3aGSRD*1FZiDjOsHpu@vg^X{lR1>4L5-XAeQ z!h}HGgM_Ii*ZMk=ODK_0_f7<$5edw|RVjVWtQX+(Phz?zGxmnMS}sO| zZ*C8>)l=iOCMvYnjQIx*cUKT=8+(wZh{EQbx!T3A0B8-29@@N3O>YF~DpL;N-uSNI+^;-~ONTl)r>iTtC1t1BKa{*KGTI-SogoY5@76(VGkN2A zcY5-J+~*AlDR6uPI3{s77C~$f8zSqYUhthnFn*<4?g(wkgN7|~u3qs!mx2yGuiaQ} z_^X8aGo;0(4$xd;m(jP^dc7C7Q@5>OB7!K-)hvZ2PpkK6y=vpVaGoYj0@(ejx$~8srSP)r1=2AOXX(1ozXFo`OKmfg^w4 zFJx$A2WNM&vhf+k!(^hmF4SfE zKv%c1G&EP`K9i;|_t{cISZ(xF&%1jT41Tl zqOI0*-D%fg(B zgm3z)s(#Ft3NLFT5Fa8s+f{Yw=btgA@phOQ#W7K}_pQa2yPr2?apKmz`<4!$zUhim zg9-|lQg+GmA7;Ytw)7#2rg7|#SvZ3E?6)pUqiq+#M|MremU$7 zv1=aV8s_i0STHfVV-V8w>Z^@5!r5;m0D7|_kMYdd!l>K_T+uQ1r2;P7>cUHI6Ol#u zS?x_Zdzzc5;O?tERLJqr5YP4Byad8>^)v*6cQiCGTigA}B&m#84`0LcEa>wt+@>Tt zpT>5ZFCEiL zJ_XqoZ1id`5+6C45VuR%HdA@gov`t$zQ-!!4ZI$wh*N%#fVvpTVhqqe_hBqe46Iz6 z@#l)2R*-m?S^7xE*pm86rPFJf7}%*;dRNA4?oPvt5v0OyT})XF@LMG1q0w*mILyqW zUR-r17J1mn;Br>%aTfZW-Za0sk3J>rZH80XAw>|bP2Nq>_>Ngbm~1i$j-UmbmtqVi z{+uLt(W^!>6K<$wJndI}OCtsMj@7$#Bm&HZ%g+)vU#m;kqa`|u%6EiAT)6|>UscEq!_=xGFRZKnlRXtW?%vSm$o(=9uOyjJimMlBE zE@_|6>jTQ?Buo9DZfE&6l9LN;i`jGG__@!e4Y-r3^GALO!cQO@CMuoL#;YCXC@3*jny7wVVOMwQnVmO5_misR zz0BYi>w!^IsAUUFzEh5uV~0hb$a^cx-;icD9M=~nIA5_4o9#VfFu1ThR$!%}CI z3aCb5yE1*Pp6_&n3^+f3n|t@iGP_#A+~<_@ouC2zdlNHVcSr|!X+b7IGs6P!(6fVE z+HEkdMn{Rbn zn+Oy^r)jflO|bZ&7+bfl_{sJA@9H!VEH2hiq6#YROnw10c}$!KuwHH5r>Ukl*>AWO za{Vs4tXcQ!!eUmN8&yyxW~9fQ1GV6^olJFTE~1d3^2q{uycc&`Jm>2HMhPwZ(-~K8 zZbG##8}PO;I!crVKbB!AhZA=j%-)6GhPh&g3`2TwWbVIJ2TA67D9p{e3_Uw9I6 zf2b8X`z7?VK&vj$S;4J{5L;UZj_-Qe+QIGN)($WSGaKvuj`>}`=<9L~oOohu67TC0 zuG~>d6U~+5Kl2!i?zagDeLNjexRt96bw#szI-M$^W8}=<>b7e_k@~`-TnU?-(!iOP zC<2m%9<{f;r^Z5>^Mv#XvL0uZqn%!nDD2?iP~*sj2aEMF-(r14a=t5Y{Ig(A@oPCH z1BwI}B`w4oylk82(KA7o_c?kT-t2Iqeo>?!Q8~5!=mnbE3Qp&na>slrkHQ&~Ao?WJ zy5w7Kt9*Qh0V~*ODCjKr%wEagVEy1vmCwA5KKMqDKhd|vILIZ6pbMJ*M|*de0xUJNr`T`YYRK;jd6LmFJwu#2VYL=Yr^RX zk{>BlR9h^*9%HY|>7I--!^$JbgtD4dzx|bWQm2 zkZsk4CDFUEGbBI48wzpKDi3ASQYw~}848SoZ(K3E`u;WPy!)(4J7cpB>7ErM19=D& ztq_aBTg>8;=h>0@`G!3MMi#>67D>hV20dyIEQyuNw;mP^ebw>;BK~`y{#bRN5*NJU z4f-_IQF)IEdnoDCsJibR-FLBYdd#T8H`t+qm=Mz~a=)V|V$0G~zma;E!>`)MuCml+ zNdMLQt89yTwR5>!LtJQ1%%v)0!l;$E_pOIoS7CP=o;ber{P`t0A+=#-04eAQeP5PvfiQT?_Q=U7!+9lqynJ!8O#8rW})u>t$ z^^+Gby?@r+PxPC~3Q_a8WJ4m!>LY5PG>o?{S3|fBAYiM^2gPz$3;?xP#f7!U@KiRE$nbt%q z;B}w!0M(4McezUId6XwseSeIu{xB2yzpKFgcaQyFR)Oc23ZRql{!#&`aOsx{Kn1>E zDgYJuf2jae5cs76P(kp&Tm`nHDd<0EO`N}E0F8m`zcG7U7FM}d2J&Z@vk(YAXboC7 zY^)u?d|6M$)fR5Avmf}jSRMI#PJ+Ni*=<~D8*G*|8ZtCuFYS%%G`l`8DAI<@WVP^i zt4+x9=%#Mm9ZbBKb7j#zCECg2-Moy_Iq=zJ&x~%G!yf)dW%$rmFt|l)F};WGuA>aS z3?s(5c;Ac3t8Gqp}O60iIa6T0>x{j5HlJN~)XLF608OR~|>Ur2? zEOXahgtQ7vymUnOS=5*7@nWhUh;i83{W8&jW`9YJFdoh3rhOzfyX0v~G(?zYr%X>pjNR&KcQhy^!30qncCsN`*)`KG65_h6QRW9$L; zb_&c(vb~QmOkDp0!Xt%^Ipf=y>*DWRNVgB)7PiqgE+@4%#! z6bAy1B5(V439?b5Abp(BMO$j941DQ8zI|)@=!OC2CHsUUrhxs?or8XZjB^T1pPc}v z_DCWGLU@!0Nd#us-?%?PKSX32(OQIow#yCv{=PkaxD`-*N9>=|!4tOo?HIWR+6pyF z^`LkhcpCM1aSLD}?bpD`4DS4o#Yy&5vOCd$YxDyuf z6jZt#eDC+Y!%c_rPXf%q60YpvY6-Xh(HS^BxuVYs3}~zlD`J_BRfB= zPtjI$m^~090a!!FBb?3tbKJp<5?SB%BGv>gP&+pe-s3oRo}c3mre?^vJXUtc9#Fe6 zAk}f)vcS)A2Xh=`oPqgz)HM*ka1iU`xKmeujysqvAmb2p^+KQa%||ef9>?9i`E%Ss z){TtQ@t+7t1vnb;@c40DzQoUQ2k9#^PQ;3BdWfcq}+Y8zq&0!}1zh!9r9LIH#nIQAdsVy`#0$wp#m^scf z*ZB{;BmLs=v3)r%UgDNE2xR~J_}FP}@SSG`H!_29m|4M0;9Tss)+XO;bVxvc@c-~6 zO*v2wm-UW+3;^k`AL@tiJVs%)YNA*bYKi992OCv8v9F~qzM>)DQ zfm{&TnLjL8uYqzfO#Z~DM}{H0(}ysu+uvcwu0h|)M-Cl?_h1D8nT%}A9+J(qj*yRe zivLVQ_T&y}71~E=e+|q>>WS=ABG>bu$<;b1As>2wCnq=Po`ihpr=6VqM(-r#Lyzj@ zlCm|ntDJLh77@UNB=ue!SJYjee^5LBSa&qfco zPw Date: Mon, 3 Dec 2018 15:00:04 +0100 Subject: [PATCH 03/17] Update README.md continuing --- README.md | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index f8e9c6a..28acf93 100644 --- a/README.md +++ b/README.md @@ -1408,7 +1408,23 @@ Create a shortcut that points to `gpg-connect-agent /bye` and place it in your s Now you can use PuTTY for public key SSH authentication. When the server asks for public key verification, PuTTY will forward the request to GPG, which will prompt you for your PIN and authorize the login using your YubiKey. ## WSL -plouf +The goal here is to make the SSH client inside WSL work together with the Windows agent you are using (gpg-agent.exe in our case). Here is what we are going to achieve: +![WSL agent architecture](media/schema_gpg.png) +**Note** this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See the weasel-agent site for further information. + +### Prerequisites +- Install Ubuntu >16.04 for WSL +- Install Kleopatra + +### Windows configuration +- In %APPDATA%/gnupg/scdaemon.conf, add `reader-port Yubico YubiKey OTP+FIDO+CCID 0` +- In %APPDATA%/gnupg/gpg-agent.conf, add +``` +enable-putty-support +enable-ssh-support +``` +- Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. +- Go back to the main screen, go to Import..., select your public key file. # Troubleshooting From f39b92ae454376b3d773b14c5cd82dde151fb04b Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Mon, 3 Dec 2018 17:17:09 +0100 Subject: [PATCH 04/17] test sign --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 28acf93..89e62b2 100644 --- a/README.md +++ b/README.md @@ -1425,6 +1425,7 @@ enable-ssh-support ``` - Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. - Go back to the main screen, go to Import..., select your public key file. +- Open a command console # Troubleshooting From 92467bc12676e42c7de58faa7d9c97708c6bc805 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Mon, 3 Dec 2018 17:19:45 +0100 Subject: [PATCH 05/17] test --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 89e62b2..1fc67b4 100644 --- a/README.md +++ b/README.md @@ -1425,7 +1425,7 @@ enable-ssh-support ``` - Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. - Go back to the main screen, go to Import..., select your public key file. -- Open a command console +- Open a command console. # Troubleshooting From 1c15d89a542412964208b995b667820bcf692700 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Mon, 3 Dec 2018 17:28:34 +0100 Subject: [PATCH 06/17] maow --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1fc67b4..89e62b2 100644 --- a/README.md +++ b/README.md @@ -1425,7 +1425,7 @@ enable-ssh-support ``` - Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. - Go back to the main screen, go to Import..., select your public key file. -- Open a command console. +- Open a command console # Troubleshooting From 95624e2c489969dea2c29f64bd739436c0822db1 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Tue, 4 Dec 2018 11:39:25 +0100 Subject: [PATCH 07/17] first draft --- README.md | 41 ++++++++++++++++++++++++++++++++++++----- 1 file changed, 36 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 89e62b2..389878d 100644 --- a/README.md +++ b/README.md @@ -1415,17 +1415,48 @@ The goal here is to make the SSH client inside WSL work together with the Window ### Prerequisites - Install Ubuntu >16.04 for WSL - Install Kleopatra +- [Windows configuration](#windows) ### Windows configuration - In %APPDATA%/gnupg/scdaemon.conf, add `reader-port Yubico YubiKey OTP+FIDO+CCID 0` -- In %APPDATA%/gnupg/gpg-agent.conf, add -``` -enable-putty-support -enable-ssh-support -``` +- In %APPDATA%/gnupg/gpg-agent.conf, add `enable-ssh-support` - Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. - Go back to the main screen, go to Import..., select your public key file. - Open a command console +- Type `gpg --card-status`, you should see your Yubikey's details. +- Follow this part: [Trust master key](#trust-master-key) + +### WSL configuration +- Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant) +- Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent +- Source it `. ~/.bashrc` +- You should be able to see your SSH key with `ssh-add -l` +- Edit your `~/.ssh/config` file +- For each host you want to use agent forwarding, add +``` +ForwardAgent yes +RemoteForward /tmp/S.weasel-pageant +``` +**Note**: the remote ssh socket path can be found by executing `gpgconf --list-dirs agent-ssh-socket` on the host. + +### Remote host configuration +- Add `export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)` to your .bashrc or equivalent +- Edit your /etc/ssh/sshd_config and add: +``` +AllowAgentForwarding yes +StreamLocalBindUnlink yes +``` + +### Final test +- Unplug your Yubikey, reboot. +- Log back on Windows, open a WSL console and enter `ssh-add -l`, you should see nothing. +- Plug your Yubikey, enter the same command, you should see your ssh key. +- Log in to your remote host, you should have the pinentry popup/window asking for your Yubikey pin. +- On your remote host, type `ssh-add -l`. If should see your ssh key, that means your forwarding works ! + +**Note**: you can chain the agent forwarding through multiple hosts, you just have to follow the same [protocol](#remote-host-configuration) to configure each host. + + # Troubleshooting From ffd7b674c8223a21194521ceecd4464172892650 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Tue, 4 Dec 2018 13:16:18 +0100 Subject: [PATCH 08/17] updated draft --- README.md | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/README.md b/README.md index 389878d..1776f4e 100644 --- a/README.md +++ b/README.md @@ -1410,7 +1410,7 @@ Now you can use PuTTY for public key SSH authentication. When the server asks fo ## WSL The goal here is to make the SSH client inside WSL work together with the Windows agent you are using (gpg-agent.exe in our case). Here is what we are going to achieve: ![WSL agent architecture](media/schema_gpg.png) -**Note** this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See the weasel-agent site for further information. +**Note**: this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See the [weasel-pageant](https://github.com/vuori/weasel-pageant) readme for further information. ### Prerequisites - Install Ubuntu >16.04 for WSL @@ -1418,21 +1418,24 @@ The goal here is to make the SSH client inside WSL work together with the Window - [Windows configuration](#windows) ### Windows configuration -- In %APPDATA%/gnupg/scdaemon.conf, add `reader-port Yubico YubiKey OTP+FIDO+CCID 0` +Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your Yubikey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find out what is your device's full name, open the Device Manager, select "View->Show hidden devices". Go to the Software Devices list, you should see something like `Yubico YubiKey OTP+FIDO+CCID 0`. The name slightly differs according to the model. Thanks to [Scott Hanselman](https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx) for sharing this information. + +- Create or edit %APPDATA%/gnupg/scdaemon.conf, add `reader-port `. - In %APPDATA%/gnupg/gpg-agent.conf, add `enable-ssh-support` -- Open Kleopatra, go to Smartcard, plug your Yubikey, press F5. You should see your key's information. -- Go back to the main screen, go to Import..., select your public key file. +- Open Kleopatra, go to "Tools->Smartcard", plug your Yubikey, press F5. You should see your key's information. +- Go back to the main screen, go to "Import...", select your [public key file](#export-public-key). - Open a command console - Type `gpg --card-status`, you should see your Yubikey's details. - Follow this part: [Trust master key](#trust-master-key) ### WSL configuration -- Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant) -- Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent -- Source it `. ~/.bashrc` -- You should be able to see your SSH key with `ssh-add -l` -- Edit your `~/.ssh/config` file -- For each host you want to use agent forwarding, add +- Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant). +- Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. +**Note**: we use a named socket here so we can use it in the RemoteForward directive of the .ssh/config file. +- Source it `. ~/.bashrc`. +- You should be able to see your SSH key with `ssh-add -l`. +- Edit your `~/.ssh/config` file. +- For each host you want to use agent forwarding, add: ``` ForwardAgent yes RemoteForward /tmp/S.weasel-pageant @@ -1440,12 +1443,13 @@ RemoteForward /tmp/S.weasel-pageant **Note**: the remote ssh socket path can be found by executing `gpgconf --list-dirs agent-ssh-socket` on the host. ### Remote host configuration -- Add `export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)` to your .bashrc or equivalent +- Add `export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)` to your .bashrc or equivalent. - Edit your /etc/ssh/sshd_config and add: ``` AllowAgentForwarding yes StreamLocalBindUnlink yes ``` +- Reload the ssh daemon (e.g. `sudo service sshd reload`). ### Final test - Unplug your Yubikey, reboot. @@ -1506,3 +1510,4 @@ StreamLocalBindUnlink yes * https://alexcabal.com/creating-the-perfect-gpg-keypair/ * https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/ * https://evilmartians.com/chronicles/stick-with-security-yubikey-ssh-gnupg-macos +* https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx From ee307676122c8417ae4e6344dfc93d74d66aa7a1 Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Tue, 4 Dec 2018 15:03:00 +0100 Subject: [PATCH 09/17] final draft --- README.md | 41 +++++++++++++++++++---------------------- 1 file changed, 19 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index 1776f4e..03ebc13 100644 --- a/README.md +++ b/README.md @@ -1385,25 +1385,29 @@ Install `pcsc-tools` and enable with `doas rcctl enable pcscd`, then reboot in o ## Windows -Export the SSH key from GPG: +Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your Yubikey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find out what is your device's full name, plug your Yubikey, open the Device Manager, select "View->Show hidden devices". Go to the Software Devices list, you should see something like `Yubico YubiKey OTP+FIDO+CCID 0`. The name slightly differs according to the model. Thanks to [Scott Hanselman](https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx) for sharing this information. +- Create or edit %APPDATA%/gnupg/scdaemon.conf, add `reader-port `. +- In %APPDATA%/gnupg/gpg-agent.conf, add: ``` -$ gpg --export-ssh-key $USERID +enable-ssh-support +enable-putty-support ``` -Copy this key to a file for later use. It represents the public SSH key corresponding to the secret key on your YubiKey. You can upload this key to any server you wish to SSH into. - -To authenticate SSH sessions via YubiKey, enable Gpg4Win's PuTTY integration. Create a file named `gpg-agent.conf` and place it in the directory `C:\%APPDATA%\gnupg`. -The file should contain the line `enable-putty-support`. - -Then, open a terminal and run the following commands: - +- Open a command console, restart the agent: ``` > gpg-connect-agent killagent /bye > gpg-connect-agent /bye ``` +- Enter `> gpg --card-status`, now you should see your Yubikey's details. +- Import your [public key](#export-public-key): `> gpg --import ` +- Trust it: [Trust master key](#trust-master-key) +- Retrieve your public key's id: `gpg --list-public-keys` +- Export the SSH key from GPG: `> gpg --export-ssh-key ` -Create a shortcut that points to `gpg-connect-agent /bye` and place it in your startup folder to make sure the agent starts after a system shutdown. +Copy this key to a file for later use. It represents the public SSH key corresponding to the secret key on your YubiKey. You can upload this key to any server you wish to SSH into. + +- Create a shortcut that points to `gpg-connect-agent /bye` and place it in your startup folder `shell:startup` to make sure the agent starts after a system shutdown. Modify the shortcut properties so it starts in a "Minimized" window, to avoid unnecessary noise at startup. Now you can use PuTTY for public key SSH authentication. When the server asks for public key verification, PuTTY will forward the request to GPG, which will prompt you for your PIN and authorize the login using your YubiKey. @@ -1417,17 +1421,6 @@ The goal here is to make the SSH client inside WSL work together with the Window - Install Kleopatra - [Windows configuration](#windows) -### Windows configuration -Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your Yubikey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find out what is your device's full name, open the Device Manager, select "View->Show hidden devices". Go to the Software Devices list, you should see something like `Yubico YubiKey OTP+FIDO+CCID 0`. The name slightly differs according to the model. Thanks to [Scott Hanselman](https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx) for sharing this information. - -- Create or edit %APPDATA%/gnupg/scdaemon.conf, add `reader-port `. -- In %APPDATA%/gnupg/gpg-agent.conf, add `enable-ssh-support` -- Open Kleopatra, go to "Tools->Smartcard", plug your Yubikey, press F5. You should see your key's information. -- Go back to the main screen, go to "Import...", select your [public key file](#export-public-key). -- Open a command console -- Type `gpg --card-status`, you should see your Yubikey's details. -- Follow this part: [Trust master key](#trust-master-key) - ### WSL configuration - Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant). - Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. @@ -1443,7 +1436,11 @@ RemoteForward /tmp/S.weasel-pageant **Note**: the remote ssh socket path can be found by executing `gpgconf --list-dirs agent-ssh-socket` on the host. ### Remote host configuration -- Add `export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket)` to your .bashrc or equivalent. +- Add to your .bashrc or equivalent: +``` +export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) +export GPG_TTY=$(tty) +``` - Edit your /etc/ssh/sshd_config and add: ``` AllowAgentForwarding yes From 86e03e6d09e7406be71f982571f7795ccc76f96b Mon Sep 17 00:00:00 2001 From: Brice Gagnage Date: Tue, 4 Dec 2018 15:11:13 +0100 Subject: [PATCH 10/17] final draft --- README.md | 18 ++++++++---------- 1 file changed, 8 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 03ebc13..1b3c310 100644 --- a/README.md +++ b/README.md @@ -1402,7 +1402,7 @@ enable-putty-support - Enter `> gpg --card-status`, now you should see your Yubikey's details. - Import your [public key](#export-public-key): `> gpg --import ` - Trust it: [Trust master key](#trust-master-key) -- Retrieve your public key's id: `gpg --list-public-keys` +- Retrieve your public key's id: `> gpg --list-public-keys` - Export the SSH key from GPG: `> gpg --export-ssh-key ` Copy this key to a file for later use. It represents the public SSH key corresponding to the secret key on your YubiKey. You can upload this key to any server you wish to SSH into. @@ -1425,15 +1425,15 @@ The goal here is to make the SSH client inside WSL work together with the Window - Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant). - Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. **Note**: we use a named socket here so we can use it in the RemoteForward directive of the .ssh/config file. -- Source it `. ~/.bashrc`. -- You should be able to see your SSH key with `ssh-add -l`. +- Source it `$ . ~/.bashrc`. +- You should be able to see your SSH key with `$ ssh-add -l`. - Edit your `~/.ssh/config` file. - For each host you want to use agent forwarding, add: ``` ForwardAgent yes RemoteForward /tmp/S.weasel-pageant ``` -**Note**: the remote ssh socket path can be found by executing `gpgconf --list-dirs agent-ssh-socket` on the host. +**Note**: the remote ssh socket path can be found by executing `$ gpgconf --list-dirs agent-ssh-socket` on the host. ### Remote host configuration - Add to your .bashrc or equivalent: @@ -1446,19 +1446,17 @@ export GPG_TTY=$(tty) AllowAgentForwarding yes StreamLocalBindUnlink yes ``` -- Reload the ssh daemon (e.g. `sudo service sshd reload`). +- Reload the ssh daemon (e.g. `$ sudo service sshd reload`). ### Final test -- Unplug your Yubikey, reboot. -- Log back on Windows, open a WSL console and enter `ssh-add -l`, you should see nothing. +- Unplug your Yubikey, disconnect or reboot. +- Log back on Windows, open a WSL console and enter `$ ssh-add -l`, you should see nothing. - Plug your Yubikey, enter the same command, you should see your ssh key. - Log in to your remote host, you should have the pinentry popup/window asking for your Yubikey pin. -- On your remote host, type `ssh-add -l`. If should see your ssh key, that means your forwarding works ! +- On your remote host, type `$ ssh-add -l`. If you see your ssh key, that means your forwarding works ! **Note**: you can chain the agent forwarding through multiple hosts, you just have to follow the same [protocol](#remote-host-configuration) to configure each host. - - # Troubleshooting - If you don't understand some option - read `man gpg`. From 7746c3381aca799e387466e7d103d33ee84a9d77 Mon Sep 17 00:00:00 2001 From: "Matt T. Proud" Date: Fri, 7 Dec 2018 09:37:10 +0100 Subject: [PATCH 11/17] Emphasize keytocard danger and fix inconsistency. This commit applies a few editorial cleanups to the document: 1. `keytocard` operations now contained emphasized warnings to convey that these operations are destructive. I unknowingly made this mistake a few years ago and only learned of it recently. For that reason, we should go out of our way on user's behalf with due diligence warnings. 2. `$KEYID` was not uniformly used throughout the document in various command line input literals. This is now fixed. 3. `YubiKey` was often represented as `Yubikey` and other inconsistent forms throughout the document. This is now fixed, except in cases of URL, command output, etc. --- README.md | 38 ++++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/README.md b/README.md index 82b4793..9e5d145 100644 --- a/README.md +++ b/README.md @@ -1,5 +1,7 @@ This is a guide to using [YubiKey](https://www.yubico.com/products/yubikey-hardware/) as a [SmartCard](https://security.stackexchange.com/questions/38924/how-does-storing-gpg-ssh-private-keys-on-smart-cards-compare-to-plain-usb-drives) for storing GPG encryption, signing and authentication keys, which can also be used for SSH. +**Hint** Many of the principles in this document are applicable to other smart card devices. + Keys stored on YubiKey are non-exportable (as opposed to file-based keys that are stored on disk) and are convenient for everyday use. Instead of having to remember and enter passphrases to unlock SSH/GPG keys, YubiKey needs only a physical touch after being unlocked with a PIN code. All signing and encryption operations happen on the card, rather than in OS memory. **New!** [Purse](https://github.com/drduh/Purse) is a password manager which uses GPG and YubiKey. @@ -253,7 +255,7 @@ uid Dr Duh As of GPG [version 2.1](https://www.gnupg.org/faq/whats-new-in-2.1.html#autorev), a revocation certificate is automatically generated at this time. -Export the key ID as a [variable](https://stackoverflow.com/questions/1158091/defining-a-variable-with-or-without-export/1158231#1158231) for use later: +Export the key ID as a [variable](https://stackoverflow.com/questions/1158091/defining-a-variable-with-or-without-export/1158231#1158231) (`KEYID`) for use later: ``` $ export KEYID=0xFF3E7D88647EBCDB @@ -631,7 +633,7 @@ Backup all GPG files to it: $ sudo cp -avi $GNUPGHOME /mnt ``` -Keep the backup mounted if you plan on setting up two or more keys as `keytocard` will [delete](https://lists.gnupg.org/pipermail/gnupg-users/2016-July/056353.html) the local copy on save. +Keep the backup mounted if you plan on setting up two or more keys as `keytocard` **will [delete](https://lists.gnupg.org/pipermail/gnupg-users/2016-July/056353.html) the local copy** on save. Otherwise, unmount and disconnected the encrypted USB drive: @@ -769,7 +771,7 @@ gpg/card> quit # Transfer keys -Transferring keys to YubiKey using `keytocard` is a one-way operation only, so make sure you've made a backup before proceeding. +**Important** Transferring keys to YubiKey using `keytocard` is a destructive, one-way operation only. Make sure you've made a backup before proceeding: `keytocard` converts the local, on-disk key into a stub, which means the on-disk copy is no longer usable to transfer to subsequent security key devices or mint additional keys. Previous GPG versions required the `toggle` command before selecting keys. The currently selected key(s) are indicated with an `*`. When moving keys only one key should be selected at a time. @@ -996,7 +998,7 @@ gpg: imported: 1 To download the public key from a keyserver: ``` -$ gpg --recv 0xFF3E7D88647EBCDB +$ gpg --recv $KEYID gpg: requesting key 0xFF3E7D88647EBCDB from hkps server hkps.pool.sks-keyservers.net [...] gpg: key 0xFF3E7D88647EBCDB: public key "Dr Duh " imported @@ -1015,7 +1017,7 @@ $ sudo apt-get install -y gnupg-curl Edit the Master key to assign it ultimate trust by selecting `trust` then option `5`: ``` -$ gpg --edit-key 0xFF3E7D88647EBCDB +$ gpg --edit-key $KEYID Secret key is available. @@ -1052,7 +1054,7 @@ gpg> save # Insert YubiKey -Re-connect Yubikey and check the status: +Re-connect YubiKey and check the status: ``` $ gpg --card-status @@ -1093,7 +1095,7 @@ ssb> 4096R/0x3F29127E79649A3D created: 2017-10-09 expires: 2018-10-09 # Encryption ``` -$ echo "test message string" | gpg --encrypt --armor --recipient 0xFF3E7D88647EBCDB +$ echo "test message string" | gpg --encrypt --armor --recipient $KEYID -----BEGIN PGP MESSAGE----- hQIMA1kSp5XpDdLPAQ/+JyYfLaUS/+llEzQaKDb5mWhG4HlUgD99dNJUXakm085h @@ -1264,7 +1266,7 @@ ssh-rsa AAAAB4NzaC1yc2EAAAADAQABAAACAz[...]zreOKM+HwpkHzcy9DQcVG2Nw== cardno:000 By default, SSH attempts to use all the identities available via the agent. It's often a good idea to manage exactly which keys SSH will use to connect to a server, for example to separate different roles or [to avoid being fingerprinted by untrusted ssh servers](https://blog.filippo.io/ssh-whoami-filippo-io/). To do this you'll need to use the command line argument `-l [identity_file]` or the `IdentityFile` and `IdentitiesOnly` options in `.ssh/config`. -The argument provided to `IdentityFile` is traditionally the path to the _private_ key file (for example `IdentityFile ~/.ssh/id_rsa`). For the Yubikey - indeed, in general for keys stored in an ssh agent - `IdentityFile` should point to the _public_ key file, `ssh` will select the appropriate private key from those available via the ssh agent. To prevent `ssh` from trying all keys in the agent use the `IdentitiesOnly yes` option along with one or more `-i` or `IdentityFile` options for the target host. +The argument provided to `IdentityFile` is traditionally the path to the _private_ key file (for example `IdentityFile ~/.ssh/id_rsa`). For the YubiKey - indeed, in general for keys stored in an ssh agent - `IdentityFile` should point to the _public_ key file, `ssh` will select the appropriate private key from those available via the ssh agent. To prevent `ssh` from trying all keys in the agent use the `IdentitiesOnly yes` option along with one or more `-i` or `IdentityFile` options for the target host. To reiterate, with `IdentitiesOnly yes`, `ssh` will not automatically enumerate public keys loaded into `ssh-agent` or `gpg-agent`. This means `publickey` authentication will not proceed unless explicitly named by `ssh -i [identity_file]` or in `.ssh/config` on a per-host basis. @@ -1274,7 +1276,7 @@ In the case of YubiKey usage, to extract the public key from the ssh agent: $ ssh-add -L | grep "cardno:000605553211" > ~/.ssh/id_rsa_yubikey.pub ``` -Then you can explicitly associate this Yubikey-stored key for used with a host, `github.com` for example, as follows: +Then you can explicitly associate this YubiKey-stored key for used with a host, `github.com` for example, as follows: ``` $ cat << EOF >> ~/.ssh/config @@ -1311,7 +1313,7 @@ debug1: Authentication succeeded (publickey). ## Touch to authenticate -**Note** This is not possible on Yubikey NEO. +**Note** This is not possible on YubiKey NEO. By default, YubiKey will perform key operations without requiring a touch from the user. To require a touch for every SSH connection, use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager/) and Admin PIN: @@ -1385,7 +1387,7 @@ Install `pcsc-tools` and enable with `doas rcctl enable pcscd`, then reboot in o ## Windows -Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your Yubikey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find out what is your device's full name, plug your Yubikey, open the Device Manager, select "View->Show hidden devices". Go to the Software Devices list, you should see something like `Yubico YubiKey OTP+FIDO+CCID 0`. The name slightly differs according to the model. Thanks to [Scott Hanselman](https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx) for sharing this information. +Windows can already have some virtual smartcard readers installed, like the one provided for Windows Hello. To ensure your YubiKey is the correct one used by scdaemon, you should add it to its configuration. You will need your device's full name. To find out what is your device's full name, plug your YubiKey, open the Device Manager, select "View->Show hidden devices". Go to the Software Devices list, you should see something like `Yubico YubiKey OTP+FIDO+CCID 0`. The name slightly differs according to the model. Thanks to [Scott Hanselman](https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx) for sharing this information. - Create or edit %APPDATA%/gnupg/scdaemon.conf, add `reader-port `. - In %APPDATA%/gnupg/gpg-agent.conf, add: @@ -1399,7 +1401,7 @@ enable-putty-support > gpg-connect-agent killagent /bye > gpg-connect-agent /bye ``` -- Enter `> gpg --card-status`, now you should see your Yubikey's details. +- Enter `> gpg --card-status`, now you should see your YubiKey's details. - Import your [public key](#export-public-key): `> gpg --import ` - Trust it: [Trust master key](#trust-master-key) - Retrieve your public key's id: `> gpg --list-public-keys` @@ -1449,17 +1451,17 @@ StreamLocalBindUnlink yes - Reload the ssh daemon (e.g. `$ sudo service sshd reload`). ### Final test -- Unplug your Yubikey, disconnect or reboot. +- Unplug your YubiKey, disconnect or reboot. - Log back on Windows, open a WSL console and enter `$ ssh-add -l`, you should see nothing. -- Plug your Yubikey, enter the same command, you should see your ssh key. -- Log in to your remote host, you should have the pinentry popup/window asking for your Yubikey pin. +- Plug your YubiKey, enter the same command, you should see your ssh key. +- Log in to your remote host, you should have the pinentry popup/window asking for your YubiKey pin. - On your remote host, type `$ ssh-add -l`. If you see your ssh key, that means your forwarding works ! **Note**: you can chain the agent forwarding through multiple hosts, you just have to follow the same [protocol](#remote-host-configuration) to configure each host. # Remote Machines (agent forwarding) -If you want to use your Yubikey to sign a git commit on a remote machine, or ssh through another layer, then this is possible using "Agent Forwarding". Assuming that you have your Yubikey setup on your host machine. +If you want to use your YubiKey to sign a git commit on a remote machine, or ssh through another layer, then this is possible using "Agent Forwarding". Assuming that you have your YubiKey setup on your host machine. To forward your agent, ssh using the `-a` flag @@ -1474,7 +1476,7 @@ Host remote ForwardAgent yes ``` -You should then be able to use your Yubikey as if it were connected to the remote machine. +You should then be able to use your YubiKey as if it were connected to the remote machine. # Troubleshooting @@ -1504,7 +1506,7 @@ You should then be able to use your Yubikey as if it were connected to the remot # Notes -1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the Yubikey Personalization tool. If you *never* use OTP, you can disable it entirely using the [Yubikey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named Yubikey NEO Manager). +1. YubiKey has two configurations: one invoked with a short press, and the other with a long press. By default, the short-press mode is configured for HID OTP - a brief touch will emit an OTP string starting with `cccccccc`. If you rarely use the OTP mode, you can swap it to the second configuration via the YubiKey Personalization tool. If you *never* use OTP, you can disable it entirely using the [YubiKey Manager](https://developers.yubico.com/yubikey-manager) application (note, this not the similarly named YubiKey NEO Manager). 1. Programming YubiKey for GPG keys still lets you use its two configurations - [OTP](https://www.yubico.com/faq/what-is-a-one-time-password-otp/) and [static password](https://www.yubico.com/products/services-software/personalization-tools/static-password/) modes, for example. 1. Setting an expiry essentially forces you to manage your subkeys and announces to the rest of the world that you are doing so. Setting an expiry on a primary key is ineffective for protecting the key from loss - whoever has the primary key can simply extend its expiry period. Revocation certificates are [better suited](https://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security/79386#79386) for this purpose. It may be appropriate for your use case to set expiry dates on subkeys. From 94919459a68d496a381f4ab7bbf4d2be15585da3 Mon Sep 17 00:00:00 2001 From: drduh Date: Thu, 27 Dec 2018 20:26:37 -0800 Subject: [PATCH 12/17] Update gpg prefs, style and fix #21. --- README.md | 132 +++++++++++++++++++++++++++++------------------------- 1 file changed, 72 insertions(+), 60 deletions(-) diff --git a/README.md b/README.md index 9e5d145..65e0b8a 100644 --- a/README.md +++ b/README.md @@ -14,7 +14,7 @@ If you have a comment or suggestion, please open an [issue](https://github.com/d - [Entropy](#entropy) - [Creating keys](#creating-keys) - [Master key](#master-key) -- [Sub-keys](#sub-keys) +- [Subkeys](#subkeys) - [Signing](#signing) - [Encryption](#encryption) - [Authentication](#authentication) @@ -54,7 +54,7 @@ If you have a comment or suggestion, please open an [issue](https://github.com/d - [Windows Subsystem for Linux (WSL)](#wsl) - [Troubleshooting](#troubleshooting) - [Notes](#notes) -- [Similar work](#similar-work) +- [Links](#links) # Purchase YubiKey @@ -64,7 +64,7 @@ Consider purchasing a pair of YubiKeys, programming both, and storing one in a s # Live image -It is recommended to generate cryptographic keys and configure YubiKey from a secure environment. One way to do that is by downloading and booting to a [Debian Live](https://www.debian.org/CD/live/) or [Tails](https://tails.boum.org/index.en.html) image loaded from a USB drive into memory. +It is recommended to generate cryptographic keys and configure YubiKey from a secure environment to minimize exposure. One way to do that is by downloading and booting to a [Debian Live](https://www.debian.org/CD/live/) or [Tails](https://tails.boum.org/index.en.html) image loaded from a USB drive into memory. Download the latest image and verify its integrity: @@ -85,8 +85,7 @@ e35dd65fe1b078f71fcf04fa749a05bfefe4aa11a9e80f116ceec0566d65636a4ac84a9aff22aa3f Mount a USB drive and copy the image over to it: ``` -$ sudo dd if=debian-live-9.6.0-amd64-xfce.iso of=/dev/sdc bs=4M -$ sync +$ sudo dd if=debian-live-9.6.0-amd64-xfce.iso of=/dev/sdc bs=4M && sync ``` Shut down the computer and disconnect any hard drives and unnecessary peripherals. @@ -155,6 +154,8 @@ $ cat /proc/sys/kernel/random/entropy_avail 3049 ``` +An entropy pool value greater than 3000 is sufficient. + # Creating keys Create a temporary directory which will be deleted on [reboot](https://serverfault.com/questions/377348/when-does-tmp-get-cleared): @@ -170,9 +171,10 @@ Create a hardened configuration for GPG with the following options or by downloa $ curl -Lfo $GNUPGHOME/gpg.conf https://raw.githubusercontent.com/drduh/config/master/gpg.conf $ cat $GNUPGHOME/gpg.conf -personal-cipher-preferences AES256 AES192 AES CAST5 -personal-digest-preferences SHA512 SHA384 SHA256 SHA224 -default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed +personal-cipher-preferences AES256 AES192 AES +personal-digest-preferences SHA512 SHA384 SHA256 +personal-compress-preferences ZLIB BZIP2 ZIP Uncompressed +default-preference-list SHA512 SHA384 SHA256 AES256 AES192 AES ZLIB BZIP2 ZIP Uncompressed cert-digest-algo SHA512 s2k-digest-algo SHA512 s2k-cipher-algo AES256 @@ -184,7 +186,10 @@ keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint +with-key-origin require-cross-certification +no-symkey-cache +throw-keyids use-agent ``` @@ -193,7 +198,7 @@ Disable networking for the remainder of the setup. # Master key -The first key to generate is the master key. It will be used for certification only - to issue sub-keys that are used for encryption, signing and authentication. This master key should be kept offline at all times and only accessed to revoke or issue new sub-keys. +The first key to generate is the master key. It will be used for certification only - to issue subkeys that are used for encryption, signing and authentication. This master key should be kept offline at all times and only accessed to revoke or issue new subkeys. You'll be prompted to enter and verify a passphrase - keep it handy as you'll need it throughout. To generate a strong passphrase which could be written down in a hidden or secure place; or memorized: @@ -230,7 +235,7 @@ GnuPG needs to construct a user ID to identify your key. Real name: Dr Duh Email address: doc@duh.to -Comment: +Comment: [Optional - leave blank] You selected this USER-ID: "Dr Duh " @@ -261,9 +266,9 @@ Export the key ID as a [variable](https://stackoverflow.com/questions/1158091/de $ export KEYID=0xFF3E7D88647EBCDB ``` -# Sub-keys +# Subkeys -Edit the Master key to add sub-keys: +Edit the Master key to add subkeys: ``` $ gpg --expert --edit-key $KEYID @@ -478,7 +483,9 @@ uid Dr Duh ssb rsa4096/0xBECFA3C1AE191D15 2017-10-09 [S] [expires: 2018-10-09] ssb rsa4096/0x5912A795E90DD2CF 2017-10-09 [E] [expires: 2018-10-09] ssb rsa4096/0x3F29127E79649A3D 2017-10-09 [A] [expires: 2018-10-09] -``` +``` + +**Optional** Add any additional identities or email addresses now using the `adduid` command. To verify with OpenPGP key checks, use the automated [key best practice checker](https://riseup.net/en/security/message-security/openpgp/best-practices#openpgp-key-checks): @@ -493,7 +500,7 @@ The output will display any problems with your key in red text. If everything is # Export keys -The Master and sub-keys will be encrypted with your passphrase when exported. +The Master and subkeys will be encrypted with your passphrase when exported. Save a copy of your keys: @@ -528,7 +535,6 @@ sd 8:0:0:0: Attached scsi generic sg4 type 0 sd 8:0:0:0: [sde] 62980096 512-byte logical blocks: (32.2 GB/30.0 GiB) sd 8:0:0:0: [sde] Write Protect is off sd 8:0:0:0: [sde] Mode Sense: 43 00 00 00 - sde: sde1 sd 8:0:0:0: [sde] Attached SCSI removable disk ``` @@ -544,10 +550,7 @@ Erase and create a new partition table: ``` $ sudo fdisk /dev/sde - Welcome to fdisk (util-linux 2.25.2). -Changes will remain in memory only, until you decide to write them. -Be careful before using the write command. Command (m for help): o Created a new DOS disklabel with disk identifier 0xeac7ee35. @@ -562,10 +565,7 @@ Remove and reinsert the USB drive, then create a new partition, selecting defaul ``` $ sudo fdisk /dev/sde - Welcome to fdisk (util-linux 2.25.2). -Changes will remain in memory only, until you decide to write them. -Be careful before using the write command. Command (m for help): n Partition type @@ -879,7 +879,7 @@ gpg> save # Verify card -Verify the sub-keys have moved to YubiKey as indicated by `ssb>`: +Verify the subkeys have moved to YubiKey as indicated by `ssb>`: ``` $ gpg --list-secret-keys @@ -909,12 +909,12 @@ On Windows: $ gpg --armor --export $KEYID -o \path\to\dir\pubkey.gpg ``` -Optionally, the public key may be uploaded to a [public keyserver](https://debian-administration.org/article/451/Submitting_your_GPG_key_to_a_keyserver): +**Optional** The public key may be uploaded to a [public keyserver](https://debian-administration.org/article/451/Submitting_your_GPG_key_to_a_keyserver): ``` $ gpg --send-key $KEYID -gpg: sending key 0xFF3E7D88647EBCDB to hkps server hkps.pool.sks-keyservers.net -[...] +$ gpg --send-key $KEYID --keyserver pgp.mit.edu +$ gpg --send-key $KEYID --keyserver keys.gnupg.net ``` After some time, the public key will to propagate to [other](https://pgp.key-server.io/pks/lookup?search=doc%40duh.to&fingerprint=on&op=vindex) [servers](https://pgp.mit.edu/pks/lookup?search=doc%40duh.to&op=index). @@ -923,10 +923,10 @@ After some time, the public key will to propagate to [other](https://pgp.key-ser Ensure you have: -* Saved the Encryption, Signing and Authentication sub-keys to YubiKey. +* Saved the Encryption, Signing and Authentication subkeys to YubiKey. * Saved the YubiKey PINs which you changed from defaults. * Saved the password to the Master key. -* Saved a copy of the Master key, sub-keys and revocation certificates on an encrypted volume stored offline. +* Saved a copy of the Master key, subkeys and revocation certificates on an encrypted volume stored offline. * Saved the password to that encrypted volume in a separate location. * Saved a copy of the public key somewhere easily accessible later. @@ -934,7 +934,6 @@ Reboot or [securely delete](http://srm.sourceforge.net/) `$GNUPGHOME` and remove ``` $ sudo srm -r $GNUPGHOME || sudo rm -rf $GNUPGHOME - $ gpg --delete-secret-key $KEYID ``` @@ -1315,11 +1314,11 @@ debug1: Authentication succeeded (publickey). **Note** This is not possible on YubiKey NEO. -By default, YubiKey will perform key operations without requiring a touch from the user. To require a touch for every SSH connection, use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager/) and Admin PIN: +By default, YubiKey will perform key operations without requiring a touch from the user. To require a touch for every SSH authentication, use the [YubiKey Manager](https://developers.yubico.com/yubikey-manager/) and Admin PIN: ykman openpgp touch aut on -To require a touch for the signing and encrypting keys as well: +To require a touch for signing and encryption operations: ykman openpgp touch sig on ykman openpgp touch enc on @@ -1416,7 +1415,8 @@ Now you can use PuTTY for public key SSH authentication. When the server asks fo ## WSL The goal here is to make the SSH client inside WSL work together with the Windows agent you are using (gpg-agent.exe in our case). Here is what we are going to achieve: ![WSL agent architecture](media/schema_gpg.png) -**Note**: this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See the [weasel-pageant](https://github.com/vuori/weasel-pageant) readme for further information. + +**Note** this works only for SSH agent forwarding. Real GPG forwarding (encryption/decryption) is actually not supported. See the [weasel-pageant](https://github.com/vuori/weasel-pageant) readme for further information. ### Prerequisites - Install Ubuntu >16.04 for WSL @@ -1425,48 +1425,54 @@ The goal here is to make the SSH client inside WSL work together with the Window ### WSL configuration - Download or clone [weasel-pageant](https://github.com/vuori/weasel-pageant). -- Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. -**Note**: we use a named socket here so we can use it in the RemoteForward directive of the .ssh/config file. -- Source it `$ . ~/.bashrc`. +- Add `eval $(/mnt/c//weasel-pageant -r -a /tmp/S.weasel-pageant)` to your .bashrc or equivalent. Use a named socket here so it can be used in the RemoteForward directive of the .ssh/config file. +- Source it with `source ~/.bashrc`. - You should be able to see your SSH key with `$ ssh-add -l`. -- Edit your `~/.ssh/config` file. -- For each host you want to use agent forwarding, add: +- Edit `~/.ssh/config` - for each host you want to use agent forwarding, add: + ``` ForwardAgent yes RemoteForward /tmp/S.weasel-pageant ``` -**Note**: the remote ssh socket path can be found by executing `$ gpgconf --list-dirs agent-ssh-socket` on the host. + +**Note** The remote ssh socket path can be found by executing `$ gpgconf --list-dirs agent-ssh-socket` on the host. ### Remote host configuration -- Add to your .bashrc or equivalent: + +- Add to .bashrc or equivalent: + ``` export SSH_AUTH_SOCK=$(gpgconf --list-dirs agent-ssh-socket) export GPG_TTY=$(tty) ``` -- Edit your /etc/ssh/sshd_config and add: + +- Add to /etc/ssh/sshd_config: + ``` AllowAgentForwarding yes StreamLocalBindUnlink yes ``` -- Reload the ssh daemon (e.g. `$ sudo service sshd reload`). + +- Reload the ssh daemon (e.g., `sudo service sshd reload`). ### Final test -- Unplug your YubiKey, disconnect or reboot. -- Log back on Windows, open a WSL console and enter `$ ssh-add -l`, you should see nothing. -- Plug your YubiKey, enter the same command, you should see your ssh key. -- Log in to your remote host, you should have the pinentry popup/window asking for your YubiKey pin. -- On your remote host, type `$ ssh-add -l`. If you see your ssh key, that means your forwarding works ! -**Note**: you can chain the agent forwarding through multiple hosts, you just have to follow the same [protocol](#remote-host-configuration) to configure each host. +- Unplug YubiKey, disconnect or reboot. +- Log back in to Windows, open a WSL console and enter `ssh-add -l` - you should see nothing. +- Plug in YubiKey, enter the same command, you should see your ssh key. +- Log in to your remote host, you should have the pinentry dialog asking for the YubiKey pin. +- On your remote host, type `ssh-add -l` - if you see your ssh key, that means forwarding works! + +**Note** Agent forwarding may be chained through multiple hosts - just follow the same [protocol](#remote-host-configuration) to configure each host. # Remote Machines (agent forwarding) If you want to use your YubiKey to sign a git commit on a remote machine, or ssh through another layer, then this is possible using "Agent Forwarding". Assuming that you have your YubiKey setup on your host machine. -To forward your agent, ssh using the `-a` flag +To enable agent forwarding, ssh using the `-A` flag: ``` -ssh -A user@remote +$ ssh -A user@remote ``` Or add the following to your ssh config file: @@ -1510,20 +1516,26 @@ You should then be able to use your YubiKey as if it were connected to the remot 1. Programming YubiKey for GPG keys still lets you use its two configurations - [OTP](https://www.yubico.com/faq/what-is-a-one-time-password-otp/) and [static password](https://www.yubico.com/products/services-software/personalization-tools/static-password/) modes, for example. 1. Setting an expiry essentially forces you to manage your subkeys and announces to the rest of the world that you are doing so. Setting an expiry on a primary key is ineffective for protecting the key from loss - whoever has the primary key can simply extend its expiry period. Revocation certificates are [better suited](https://security.stackexchange.com/questions/14718/does-openpgp-key-expiration-add-to-security/79386#79386) for this purpose. It may be appropriate for your use case to set expiry dates on subkeys. -# Similar work +# Links -* https://developers.yubico.com/yubikey-personalization/ -* https://developers.yubico.com/PGP/Card_edit.html -* https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/ -* https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ -* https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO -* https://trmm.net/Yubikey -* https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac -* https://jclement.ca/articles/2015/gpg-smartcard/ -* https://github.com/herlo/ssh-gpg-smartcard-config * http://www.bootc.net/archives/2013/06/09/my-perfect-gnupg-ssh-agent-setup/ -* https://help.riseup.net/en/security/message-security/openpgp/best-practices * https://alexcabal.com/creating-the-perfect-gpg-keypair/ -* https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/ +* https://blog.habets.se/2013/02/GPG-and-SSH-with-Yubikey-NEO +* https://blog.josefsson.org/2014/06/23/offline-gnupg-master-key-and-subkeys-on-yubikey-neo-smartcard/ +* https://developers.yubico.com/PGP/Card_edit.html +* https://developers.yubico.com/PIV/Introduction/Admin_access.html +* https://developers.yubico.com/yubico-piv-tool/YubiKey_PIV_introduction.html +* https://developers.yubico.com/yubikey-personalization/ +* https://developers.yubico.com/yubikey-piv-manager/PIN_and_Management_Key.html * https://evilmartians.com/chronicles/stick-with-security-yubikey-ssh-gnupg-macos +* https://gist.github.com/ageis/14adc308087859e199912b4c79c4aaa4 +* https://github.com/herlo/ssh-gpg-smartcard-config +* https://github.com/tomlowenthal/documentation/blob/master/gpg/smartcard-keygen.md +* https://help.riseup.net/en/security/message-security/openpgp/best-practices +* https://jclement.ca/articles/2015/gpg-smartcard/ +* https://rnorth.org/gpg-and-ssh-with-yubikey-for-mac +* https://trmm.net/Yubikey +* https://www.esev.com/blog/post/2015-01-pgp-ssh-key-on-yubikey-neo/ * https://www.hanselman.com/blog/HowToSetupSignedGitCommitsWithAYubiKeyNEOAndGPGAndKeybaseOnWindows.aspx +* https://www.void.gr/kargig/blog/2013/12/02/creating-a-new-gpg-key-with-subkeys/ + From 80d5c0ed6c23aebdc2300140cb485e9936d08ed7 Mon Sep 17 00:00:00 2001 From: Hugh O'Brien Date: Sat, 29 Dec 2018 20:06:33 +0000 Subject: [PATCH 13/17] describe tmpfs clearing rather than init system (debian uses tmpfs) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 65e0b8a..3b0e0ff 100644 --- a/README.md +++ b/README.md @@ -158,7 +158,7 @@ An entropy pool value greater than 3000 is sufficient. # Creating keys -Create a temporary directory which will be deleted on [reboot](https://serverfault.com/questions/377348/when-does-tmp-get-cleared): +Create a temporary directory which will be deleted on [reboot](https://en.wikipedia.org/wiki/Tmpfs): ``` $ export GNUPGHOME=$(mktemp -d) ; echo $GNUPGHOME From 0f6e9948d7beb6b60c0b5adcbee45ebc9e10537c Mon Sep 17 00:00:00 2001 From: Hugh O'Brien Date: Sat, 29 Dec 2018 20:08:48 +0000 Subject: [PATCH 14/17] mention debian-live user/pass in case of screen lock --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 65e0b8a..9ab986f 100644 --- a/README.md +++ b/README.md @@ -90,7 +90,7 @@ $ sudo dd if=debian-live-9.6.0-amd64-xfce.iso of=/dev/sdc bs=4M && sync Shut down the computer and disconnect any hard drives and unnecessary peripherals. -Plug in the USB drive and boot to the live image. Configure networking to continue. +Plug in the USB drive and boot to the live image. Configure networking to continue. If the screen locks, unlock with user/live. # Required software From a6431962a65cb1d67adb604059e9a4ff666eab29 Mon Sep 17 00:00:00 2001 From: Hugh O'Brien Date: Sat, 29 Dec 2018 20:12:09 +0000 Subject: [PATCH 15/17] remove broken gpg option (debian 9.6) As per [0], the --with-key-origin option is experimental. 0: https://www.gnupg.org/documentation/manuals/gnupg/GPG-Input-and-Output.html#index-with_002dkey_002dorigin --- README.md | 1 - 1 file changed, 1 deletion(-) diff --git a/README.md b/README.md index 65e0b8a..982bd18 100644 --- a/README.md +++ b/README.md @@ -186,7 +186,6 @@ keyid-format 0xlong list-options show-uid-validity verify-options show-uid-validity with-fingerprint -with-key-origin require-cross-certification no-symkey-cache throw-keyids From 8f724a4df55bde53c2eb434ae5fde57e1662a569 Mon Sep 17 00:00:00 2001 From: Dan Cundiff Date: Sun, 6 Jan 2019 19:35:03 -0600 Subject: [PATCH 16/17] Add addition note about red hokey output --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 5cc6994..3ab270a 100644 --- a/README.md +++ b/README.md @@ -495,7 +495,8 @@ $ gpg --export $KEYID | hokey lint The output will display any problems with your key in red text. If everything is green, your key passes each of the tests. If it is red, your key has failed one of the tests. -> hokey may warn (orange text) about cross certification for the authentication key. GPG's [Signing Subkey Cross-Certification](https://gnupg.org/faq/subkey-cross-certify.html) documentation has more detail on cross certification, and gpg v2.2.1 notes "subkey does not sign and so does not need to be cross-certified". +> hokey may warn (orange text) about cross certification for the authentication key. GPG's [Signing Subkey Cross-Certification](https://gnupg.org/faq/subkey-cross-certify.html) documentation has more detail on cross certification, and gpg v2.2.1 notes "subkey does not sign and so does not need to be cross-certified". hokey may also indicate a problem (red text) with `Key expiration times: []` on the primary key (see [Note #3](#notes) about not setting an expiry for the primary key). + # Export keys From 3a872d40fee3ffa95831414a32d32941804b2f5f Mon Sep 17 00:00:00 2001 From: drduh Date: Sun, 6 Jan 2019 17:47:10 -0800 Subject: [PATCH 17/17] Fix keyserver command order to fix #86 --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 3ab270a..f558413 100644 --- a/README.md +++ b/README.md @@ -913,8 +913,8 @@ $ gpg --armor --export $KEYID -o \path\to\dir\pubkey.gpg ``` $ gpg --send-key $KEYID -$ gpg --send-key $KEYID --keyserver pgp.mit.edu -$ gpg --send-key $KEYID --keyserver keys.gnupg.net +$ gpg --keyserver pgp.mit.edu --send-key $KEYID +$ gpg --keyserver keys.gnupg.net --send-key $KEYID ``` After some time, the public key will to propagate to [other](https://pgp.key-server.io/pks/lookup?search=doc%40duh.to&fingerprint=on&op=vindex) [servers](https://pgp.mit.edu/pks/lookup?search=doc%40duh.to&op=index).