From 22a608620e1e996a2faa356e0395a28828a19a04 Mon Sep 17 00:00:00 2001 From: Sergio Carlavilla Delgado Date: Sun, 8 Mar 2020 10:39:30 +0000 Subject: [PATCH] Add the hardening section to the handbook Submitted by: carlavilla@ Approved by: bcr@ Differential Revision: https://reviews.freebsd.org/D23996 --- en_US.ISO8859-1/books/handbook/Makefile | 1 + .../books/handbook/bsdinstall/chapter.xml | 115 +++++++++++++++++- .../bsdinstall-finalconfiguration.png | Bin 5517 -> 10277 bytes .../bsdinstall/bsdinstall-hardening.png | Bin 0 -> 11675 bytes 4 files changed, 114 insertions(+), 2 deletions(-) create mode 100644 share/images/books/handbook/bsdinstall/bsdinstall-hardening.png diff --git a/en_US.ISO8859-1/books/handbook/Makefile b/en_US.ISO8859-1/books/handbook/Makefile index ad1490eb18..be3d4100eb 100644 --- a/en_US.ISO8859-1/books/handbook/Makefile +++ b/en_US.ISO8859-1/books/handbook/Makefile @@ -64,6 +64,7 @@ IMAGES_EN+= bsdinstall/bsdinstall-distfile-verifying.png IMAGES_EN+= bsdinstall/bsdinstall-final-confirmation.png IMAGES_EN+= bsdinstall/bsdinstall-finalconfiguration.png IMAGES_EN+= bsdinstall/bsdinstall-final-modification-shell.png +IMAGES_EN+= bsdinstall/bsdinstall-hardening.png IMAGES_EN+= bsdinstall/bsdinstall-keymap-10.png IMAGES_EN+= bsdinstall/bsdinstall-keymap-loading.png IMAGES_EN+= bsdinstall/bsdinstall-keymap-select-default.png diff --git a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml index 08a27244c8..207a805bc4 100644 --- a/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml +++ b/en_US.ISO8859-1/books/handbook/bsdinstall/chapter.xml @@ -939,7 +939,7 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4. - After the keymaps have been loaded bsdinstall displays the + After the keymaps have been loaded bsdinstall displays the menu shown in . Use the up and down arrows to select the keymap that most closely represents the mapping of the keyboard attached to the system. @@ -2308,7 +2308,7 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4. ntpdate - Enable the automatic clock synchronization at boot time. The functionality of this program is now available in the ntpd daemon. After a - suitable period of mourning, the &man.ntpd.8; utility will + suitable period of mourning, the &man.ntpdate.8; utility will be retired. @@ -2332,6 +2332,112 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4. + + + Enabling Hardening Security Options + + The next menu is used to configure which security + options will be enabled. All of these options are optional. + But their use is encouraged. + +
+ Selecting Hardening Security Options + + + + + + +
+ + Here is a summary of the options which can be enabled in + this menu: + + + + hide_uids - Hide processes running + as other users to prevent the unprivileged users to see + other running processes in execution by other users (UID) + preventing information leakage. + + + + hide_gids - Hide processes running + as other groups to prevent the unprivileged users to see + other running processes in execution by other groups (GID) + preventing information leakage. + + + + hide_jail - Hide processes running + in jails to prevent the unprivileged users to see + processes running inside the jails. + + + + read_msgbuf - Disabling reading + kernel message buffer for unprivileged users prevent from + using &man.dmesg.8; to view messages from the kernel's log + buffer. + + + + proc_debug - Disabling process + debugging facilities for unprivileged users disables + a variety of unprivileged inter-process debugging + services, including some procfs functionality, ptrace(), + and ktrace(). Please note that this will also prevent + debugging tools, for instance &man.lldb.1;, &man.truss.1;, + &man.procstat.1;, as well as some built-in debugging + facilities in certain scripting language like PHP, etc., + from working for unprivileged users. + + + + random_pid - Randomize the PID of + newly created processes. + + + + clear_tmp - Clean + /tmp when the system starts + up. + + + + disable_syslogd - Disable opening + syslogd network socket. By + default &os; runs syslogd in a + secure way with -s. That prevents the + daemon from listening for incoming UDP requests + at port 514. With this option enabled + syslogd will run with the flag + -ss which prevents + syslogd from opening any port. + To get more information consult &man.syslogd.8;. + + + + disable_sendmail - Disable the + sendmail mail transport agent. + + + + secure_console - When this option + is enabled, the prompt requests the root password when + entering single. + + + + disable_ddtrace - &dtrace; can run + in a mode that will actually affect the running kernel. + Destructive actions may not be used unless they have + been explicitly enabled. To enable this option when using + &dtrace; use -w. To get more + information consult &man.dtrace.1;. + + + Add Users @@ -2538,6 +2644,11 @@ Ethernet address 0:3:ba:b:92:d4, Host ID: 830b92d4. linkend="bsdinstall-sysconf"/>. + + System Hardening - Described in + . + + Time Zone - Described in . diff --git a/share/images/books/handbook/bsdinstall/bsdinstall-finalconfiguration.png b/share/images/books/handbook/bsdinstall/bsdinstall-finalconfiguration.png index a67d52d66ff83816f99a0965569f4b70ffa8cc9a..aa09c2a8ced090bda9af3b919907a3ce98da71b5 100644 GIT binary patch literal 10277 zcmdUVXH=8x)@?v~2}PQOrlKfaq$E_?ZYd%lNSBU)^w2v;ho@%Mm({R!N004S* zwLf(M0MZ`-07()RDe)busCHT63pG^D*b@K%e);_%NfiQu002IK`k%^remOtqzWLP3 zkKB3cG4302tvh`^&f^W_3W`CAM33saRTk2a;?2DejPZiZ1F91Wa)4K97Yi*{0Dwwd zXh&VuLe&Orfp%#tSuw#w^d}bdh$KkrXvx(6&3NuVV%ko^u5-sVWJVIN%iK zh_?+24MO{zQr_eykKn5+Iw)k-+|R4QbB4^Pi_00NE-s7fc3f!(+2Wya(P|FqO2|#V z4mhT!*v02^b)1{yJbXN1o2*NF@1(LG+%DOo16V}X1c0M2CA9?xLU<&--G#v4MRXy( z&oA7?c3wIRZDL2S1GrRok{-`SYnDhivw4he;>s-o(vfWOCm;#f2S*VgKw7rL6YRsG z{>{)GN(R^|^zUSX(|X^3qtDG?yNWg!VG6CSe`sq1NczPjKP}&gywSG*VNo=7S^mgL zmMR(5cr>4Op_}nN&}fOOB*jF&j}B1wni&XqC8!0ZrvyNKi1+Uy)Rcf9IgwWYFSR;J z0FnY203a&`3IGhKg8{GB__+WNJb#BZt>X_$KZoOSWcR-Dr#zAP{j^Ek+QpKYATcCb z?|%&b@79dvIb-z;@S_CebS&@fP&HSMbddnI-&ez~3~piV*9uzm^A|>Naf-8TU-Zd= z%jL}KTq<+=qJ;hZ)EEpO6RGV16e<@Si$6X_YH#URziV?39+1oCPh~YKs#5`iII43a zBU-WtD17=K*~MR^R)N&Z>JBSC5|&k|$mmL;PF29Osl9hQZZoq2Bpst0*m`)HR1S-3 zhMP#pDfKtQB0)@#uK_$2aT9!qVe*Muh6USbY_g*k8X-{ zIbIVHeGNV7R}0eby)*N=NFq7J@oCt|!v4+gRrHG@4FqUV@Hr$Jg+i(3XS^65x{XIM zT%OOZFUC)m#T6|5QNqhp@BvuEoAp9>PCXGNgHlX9Jc>!I6nax?@pht*L3;@r6kFl; z1Hqek7yj6MY@X6WE8gM@Q(A?Gox@&S=_BFs-D#=`3Ti`qpL{em3=0J`CH%MtsE&%f z0u=Bj?+HFT3z~ygV5a%GW(Tbwwlx&t_9HF|^b4=i>cXrt=PZRSkNhvhm8S#~t<|E^ zL&G+$ABiM1kTG#ehDCVNQ&vCm1lnUbfr~HVoB*uq;8*^oR@|>h^CW5b)g@k;5R(Gx zV$1HX7vhz1ot2my$Uty|d?0?$ul3xxBKXWL@kMIytW;mTfmL%kid_SZ1E>bx!R5)# z93=m$1#e(>b-B)fr#-V~6!vrKT7r`bx-(0our5WPpP2Q}BO2*1sUrLroEr1Fujd7w zll+)C%j@6V5}YK7_VmV8&U?Dd%E;p1)C>Ea_Gq%e3+C==S*Y5n6@4j1*Un*W&?^d;KMTTGcc#O+X;nyD81Rg>UWB>FGtdSL-nKB^$-~47vqqXh} zMlHy2bPK)Qj9|S_gF`#zl*~9M_uccQGBKy+woho$W_NN`jW_A6Sh5b1=l9kS0bMSi zx~@3X?IpC<=UvwP8ck@dtr5?QxD=6~{jN@kAT0sOPLhlVuz6>`8^AM{|AI11H43=B z5l@P7yf=M*c&x8cZnQ6E8>Ocdj9ks}{NU-4P=Bgo9K~DV4KDwz0JHIW{8K5&P+ma) zsm-47NNLC6XXmOZZc7aaV(D(S)6ewJcM`-!Jx{DcD0_l|=q2a20DfG(Hr7Bf{$%QB zaC#pT!DPN@2>5iI@;MUQ&`dn0Nx1jErDP&0<*Q~sGk1BK!|SxQo|>vdY_z7VnBD#O!V3sf z@i;;_&a$$xJ^UwYx!Z-QErLzVX>4gJ*QKFuM4X3L5LxpNP?zSFlK%2||&=`t_$ z$O#nS3KRr)K9{pplPOqRSdEu*EA*5+-A;jNf`PJd4|T0j+=sP=M*|Ph80ggJZXo5^ zd}COwD$S(Y0IFZv@q*7D;JU*H>rytA#(=;2D5!DBz=`YdNrfhfH$qM^NxzTUUzK&% z7N$p#39OxcxjEA^5x%#5sKPN}zP9aFHUFS&jomkU&cLy`JSX1cEX)2*Ju=({Ntm4V z6ZW(U0B=(5>?$U7QH-0N&mNQ=Pr;PEH|FfnKc!mAo!nTWiJ?9+)iX&SV1+gIORUPh zN>quwR*PRd81m)bZGKYwDc$S4l4ajVSc>=21cy_Od2h_X*z%vq$QxJvJjfnQJ$}+< zX?z@=)P_YT}~7OR~>SCoHWNLSkKzW#EqvK*+bvmb2m=c7`qD&L+zU6>Q(@)UtJ zeSy(T!cJg^qrkG&85BVx!VOs-&itzucGlE)W40E!;52HNuZEgic3!rg*)kx6D4ct# zs^g`#DQTO(RUbmr^qZiAHM%L`Tcf&G@V2MHsn0wILJA&7j!eHUqRDY__8`QIbX4U^ zp8c_QA>DH0I1sl@Fe&dk+g-Bl2Hi4RvgYm~Sz*uc2bae{-FwYX(Y|vj=7Tlku2oCw z%5j~Z#dEO*5 z__)3md3%8efN-8NKMeXI*XzE;ld#EE2fYC_njD#@Rz3UDe&G+zOle>NpG+U1N8#Nt z@8V9{G^z9Zx9(I6HB*XRGUY2fAb9AS@5OCkoetx_tNo&-3%8hc8IOKDy^bK{j2=!X zYIuEGd#3G2*B5t_j?_F5O!k(&e8M{ESSa=C*_~;9&yJSu6Zp^>n~bNfR+!n+cJ-0o zoL|}*?3Z1L{}|MxoAg=X{aA#wtd!vsxQf*~msJs~cRy2VJ9?ww)ik3(b(D@9(`oHLawY|Ml#f^Ykp%y#0kClY{_$p>4q?HIiut763_Noh0?TY zgKwyZ3c=o3BG_R#+ebNN1#UrFXe&)SMIcP1wKzlCz>|>YmO)KRb%^`s)~)5;PbVny zEvDCNBBuI(ETLP}UFv9U^epXiu`nhyE9{f>ksm8ty3~o?8a}m@w53S1X%qS}Bm-M+ zDA=hN<~}en{b`xXbB$BPslR}oOAG=_?#QZron0a&=(dNvn(&}nd%?;V)g?PWlKXjE zf8xAst6Pdo8Y2$(pc=F=?a^;psA@K^&MrKFvK-=b4UG?lu^wYc8K1HGw#@+dd$6Av zaG%SkJ?>Y5DmB@NO7@3`vwenUTg1EVt|XfO48z-b^2n8t3x8eM$IDbPJe^j_>bEmr zB&$zkADkK*(}L=nrXCMREMgV3Ir02%fY)P=Rt&%3IuCyX^#2I;&vA1kb-I2N?o8;b z{^<&zC7_anNbCm~kreFIC~%=Hltvho+LS!)FV8occb09|PEjbO+WdVL6v~2^cZ;Wo zJ)Lk;WS!~V&D2)hrf_6g$i?5;o_G4-DacmN2fryob@OBUGOvZC#}rS3;^(8Ii|^?B zY)ED%;Hvk1 z6~i+B$@t;nA;MLucMmxpK-fQzFkU@k+9?fi`DmW7!A9MSn?P6R+sK+qoWOBC86g7t zq;B`lEJELT(p`N!k$zeW6~F6gJfg&IzfEtiuGyC;jzR?-9oHqkI61ZE=vsW1j~*ZX zO#p0XobGkLZx6rRV2{Wb4VGLkll}gNKQwiDahWwU&7k}Q*gjiZxR#H7yB3-*RzH2kf5MM72a_5F+8?!gV?Ql+Lit)5zTkTXI$N@()Uepqu;=#u+jcv5K;scz~cZ6&sL7jM4#Qn}D|PcGxv z-rn))>HV3Mj*Xo4?b>stT76<~QjUSX=;mg%^#;LTRkeM-K!A3C~ znogsZD_p41*H3uO41bBATu>7%EG*0>fV~X(dKIMFdWbQnD^#XP*s}MI#w-)d3fXYf zRsVWu>1kUy+p254=0=747LB|{g+UcPpU+0*viBeUxfeO6qK}&)__X}^DhYb`R0_0qjI;3nM8+FMd_3f#YpFp zZR_#s7gl}u%5JLDwjwKmt4Yh7)T*Ir{tKlAXh?Gt*$siBB%d$3X6xSdjYe=cmX;>A zdnNJmA=CHt89hyPys?6@j7DA~*Hd#fDK!_1mN*9LQ}y3%MlB~n>&6aUyfh4L=uqFd z>BPuigSs&?2(goRa=XD)3msceax1;6JB_vdZFv`HGr<%kn0ouRO^clXIgRTh>f7{6 zGI`8jTh*<=J8fVGcXw7SjqB9crY`G#+dGhcK_T(B>_TVbW7c{{V}zrP*G5lSFrd$L z8-FmN34WFBZjG@PO@ngil2kruAffcdx9GjvnwH=o+kVnXl9NhzMeEDoJz%H#q2NfY zhY-GvfWC`9`?a2Oe|{}s*Z1qd{9W0=-epbsi?)s(;7)53M!0gOYbf704;|z7(c;v( zvMovx-=&h6Y2Qk>&@krUw{xO4Fyrb9e!F#>Yqot|ORWOfZe`}HcB^i0Bfs8U5G1ct z2kzXEu@5vT_AKhr92~oqavU%@x-VNIMw*-JGPLeDF zMAP!@bSXb}Px~evjj5?YM+fV>e8C3cPQK}Q?b5^d?xGvk+MGybhTi?-9^a9}aCsX- zf0b_&a*cBk^rVajb1x;XK3p-eIi_FU1C(h}dNF{jT7)4OpG@Boupk3&QBbQMiedfa z9p^skJ`$fFqGyhE9bTbKDZW+ZO*pur`Xe6I-D8J)RbgkU6Kp-C8P0H9Q^S1g6)X7) zbZFh3T&5xCBrm;~4vTXL@O(PRznI6*6?LK*Jsy?F9BZk288sxvF6}rB9B#m0&RT%u ztS}=LNm-+zRtL0D$_eDlI;C`a-p;+l<{|Sz1-=onl{iJR!ve2shEA37(7j*78>Zb% zJgS2cC>qf}=!h^wD6dX%JBO4#y`Esj59v4Ywi#T4>yKp{>r{eP14Mm>*1fL+U#?lp z?RFbbiY{AI!>+S_^+*b1ewC68eUKKyvS@uyQuz@;a8I1EE{N{uzxFWQ^zP!TgTM7V zVww1Ls5rTo4?0L>#ZuAisB#YmMv_EvcNzs2ZkHt|K83aKZD5SBKA<$?plo+bTN;E4I6x66gbVE5!^BS`I)Ebx|3qnFrI*5sQ!#uO^u!(yup zELeM%O!sD1*e9&VB9slul>#h+o?33cEiRR?wNB<2c7jY)po_7hI`=o-sn6&wyW z6}SpxRniaKLPG0z^rw%GY7(si-UiTvK4ES)EomjhYfuL~+Z@C*lPNhz8&)ir0UF5i znN>mM>06H$w=46YHSZF$?+PfRGqEK&`E11#ADIlx&`PiFvLL1P?Pan zPtg_J>W86gL}AkQE~(ti<@s&$&s{8NZ^jZJ4;V<@%Nx9)@_AI`-q~87j?Qg0O^Mnx z%)~Fy;#pIJs*zdhVzvr-&R1@jUUbCmbAi~DVvDcWesKhc`h}?(N7B*Dotrd5gx1`Us~lmoxp4}PEJ#WU2WPi6WqP+IA3UKq7t%^Qz(n2Y|>@|0UQ~W<%w9LV4^JPdvW?(MZ3!qfHXf^SGTf)6>XkZXWFJ zk^P=r#Z8Cn<}DHBhKyaxHzKneT|4)5y`-lEsCQq+oAgb`1)F5iTFl>T<;7MH5Uj35 zfSNlV6(*_@shy%21f3{bzOQnT91u3UH?eiZ)R{WVhgr8ffv5y?)K|$6$Jcd>oD#3CWmtqH^B6XvHx?R42UmuRv6t z5IpRk{KEdoTwdXl3A*?~Z+IL`G#pNf=f@&c(T@lDx6oV?{B~)qT=_l-*u5x zvCrIZfj8n`Sg1v^<1O7x?g?1dd$&5#M8w(Q(0sLPKS6;DYF@&_3HIJ?S78Q%Q-(f% zX$qjy;+C%-QgDrpqJ?-r=Y3<8L6 zHB z`imTG8rs=d$=!VM0`Uacfu(Wnn@;C>@tnF0=t>YXO9tdk>HCdbg@_WxZ>CSr>KgkXh%}UFY?0=~t=B&8j#`t)13t!KkX5p#uiJUGM*I4LF)7WHDJoSn zU3vufVdeh*zEqGQ?cEV}#{)rNQm;M1Pq|~%>So=&=|+@& zs2juk2kzXWt}XY+DMr2Vk;}G{t;61C=0a@`HS$gV%=g^B+Cv_f6?4(W&4!$G`}Evq z#IQ4uHlCY5E{NPaW5j)o-TbBsxJYB6NEiPLHw0SoRUPB;S7Z#R`tJl-rKgFtuV${sd~uq`sj!J*~>e-EG1d34nm*jgT4e%bSxMrz!`M>oZjx9wHV#mj`}eU6ZA z)W`5`u|{GPX&VcEXWw+eKeLYoa(bmvlpvqjHYeyOxuRdyB=y=Ag3yUsV#Cc`lFVJh7}CmD{2Hk|-IB#Jk9PbH1?Kg^;ho?wvsc zUB2K5alCtwv*4d8DyrmZnkGS(>$~TlO7%5F?)bgN9-tqr+31#}gp-R@>Rr@?H@zxs zI!RGEP0=y${N%Uy#TnFOw5T`RS3Ga5bXxy?E$AKPmtzC1Rk$_Pnu&15lOI5G&F$%2 z@k_`oc}lpz6|H<{?%w?U)$iVDw8^*uZt1XpbD)Tb(7W>_1Lk-V(l0jSd-HuqN)E)L zLZu=RSzU|260Gj$hq9`bjo5yQ%o%+_pcNSVtT2LL5i(b2JS=`8>g4kL^R-b!R*lVz5~vLoLCihT;a9UwC2EDc|zu^M-u4n zQ`_*xXYQ5yKG?78v~Eorwk+)jCSUm)j%Xpip76&&HWu~_3uNgcdpfJ>9nMG+toJ`s zY{mbyRsyG9kJ3rKvinr^p6PHmb3zM4=}Q8^Yiuve^X(mgn|or5-bL9wLc18l{UA4M zK?m;+Yir-A_zI}q$$-AZ&a17W9^rEyB$JeT9}=~9OUl3Ipj*IFxM-gyO0OuY#_HlUUXIw+hy}EatEKSyMiL!uu_0!H;)^S|>2tJxQNpXJeSU z_ai2Ah3nMozHpl}Tf&0{iXWriR}-dcv9nz&&#HWJj`Fwe4@yhqYiB_w=)1*eHRBuT zlq{qY7}+^4n~2=ENf#Go5f|i>c7%Z=c=jMOiOCSd%P(Vk{3Gh^#XQJ=I$ghE1&C2><6J-5g;_5O*pYKf^!M@dT8tzt40vN6*>jI@F3i zaCn_a+@v$wPT+<<|MmhHq?$@kOpBo&F9M)CT?;qR!>AWTTNb!RIX&%{%55(P9_>-TP`+XoMrKZ zsa`gjAId&QL}t)F#NC?eL1XTf<7@+CA^h6j?I!X7=En-9o+rtZ`c=x`{5|`;+-pmuH#GZo|8+ z4X4`f=0~s}C;SmJA&Uyw+R+(H>>E{<&A$4A=g(Rau}V%z<$Twk-`U~*1QvU^Rg$ft zXwD#)uVvYk-o`2?xu12--bnS-gB%m0;+F1y zod15?s;*n6Y#zw!+{b1Rr4z*1O`NObIv2(x1h_n-D;fBu)GUYfIBfQs1|4G1JCltU=n|s=A_Gt|KkG z%3fpm05R&`p>L2fP($IK!|JGrD`ODeNuoLXJiD<$YI-t&`-Ku$^xIHI7mM*F_)rvI zJ$!sCS}sUrB3R+vN$i?g*B%ay(Y#Z*#b10yw3gxMvF0Y~$ECTrgI8jl5X8FcekZgf zi!fYL$&;}YQ<$=G(6ynMLvu5)&M}@XmS$W?${|2eBm-e-B#5_{F+@VLC8Q?G@O{Rs zQ{oX48{}eC)q62RZe*Hth_{$-Zqg_bL{ytZ3 zo{bjjqoNDuR`{1!=NfYi*0}VPyTmn{x3F_|9`@^F~++ir{_*5Z~plkWR3<5H#+c6-dCUsQEaZ{ zf2Vj+RaI5F)rLZ8Oi%(ouI>4GnaO;=Z=PRnm{a=w{y)Lff9uxy$C&tXo*N);;D-*H z#^DSdhkJWN7>4eKUNAyK{(@Hr&~}ly0ErXD#D#_YP>ZAO%b;`M)3-c8aPz`KmE{xu zUZEMk)P2D+w35jR+sqY;O4Uvhm~VTF2A743lbL3!er1B3qW>{S0bPZi5hyF38PKmXHa{%y_r h&ujfZI6;@ZA$T-+WmT?$==%exKhpZM@(;`K{{nem5}^P9 literal 5517 zcmbW5cTiJnw6_ylG}3zupp-+e0U;O&(xs_1MF<`&geC%^w;)Fl5ReX`1r$L#5iBX0Lh6tl96ZHEZwRyPlYv=7vmQelP$4U@|t+yA1%) z5CH(-D>~Zq9pCO7$n!zqrm2;FNl6I+aQ*C&!Ra|0%N6Us9>D-FN3Em>yq zq-voISLapm_m8yWzMU8m{Vp}cJEATd62q!2@RTubipY5S;UczN_dpdeenuG$GbXwy zq+S%L$aY@Ho+j1TNYa7z%b8Op)87E1IIb`7 zMYb1J9OaXz-jRY$5DuSVrH*AkA3bqZMG+PRZS>0q^X@%3gY-{1g7)Tl;^H?f$pt!^ zagzqRmnpiK=_czi!n#F6ENu$Bzk?i?Hk#% z>9SeP)t6hhE?3j)I&_cY1{?~`yk-b*gpDZ9RF+c0-B|9()0x?4%=H$nl-l^VOv|sN zkIfHm3Yq8(d@ih^Ht2Kr1IR&xI=G%am;AR{%gz`Ap=`_Wv8egaj-LWw6e^7)%}1&U zN0wiw=97vJDlKyZ_o_if3Xwn4Jb&=<4?JeXKOtR2mj*&sU8}M;z^@x(uIfQfw_h3Y z%C#8y(_D$&vlK=jFO{(4PMU|;a=NJq0k4Hc+zOaj!`+K8A@K4W(@EW5xM~JL90l9# zGOzT{(dxBX)4(cUYh?(b_+3bNDbzR(dYUi!gR>!`_Vcs`$~$4w8b|L)nO;J0W-Wu7cY|dAw!Wsk zxBXt%>@VNU?!AW7UtazcUv=UZb+zk@wUd8|4FNRWqhf5LwhilQh-7c;Fanh(WwAqza>6$e0%bfb{-wy;BqysSHM43itYE(O`R%)^MKeYOpI9#K( zLzFJHed=tbT9{90XSL7odb!eNsmkcuk?E-Tv6K$YwKk-!2V2JC0s-}^DD8)L?As1$ ziW9)C*KPBqh;Hc=gr#6imY65jz3X1Q(FkYy&5+rJo!hZjJSnP9t+7D_+d87v-TriW z0k^O;Ue@q``kibvaR2xLb6t3zE(Rem~mu5yW1`HFnf*04`E_wbMe-*u(|qtz()X~ELfNH} z=@PACl42*~;GQ<)S^%PC_^Fn%=6z8eqAx5&PP*z#`Tm=_)Q^Dzl$hB0;d`qjE^&`Y zbh(2g*2v5E>sFUHrc5+7t&$=-u`jmLDvwUb!CKGarI2Kw5 zLA~>p2Ti$=XmRmxjZ<*(O}hdZH9doS4S~dAS~=lEm)c(3V&rE*Y6vU7{@knA9iNbC zKEoa<vtzpyMa&D#!n@yL`&ynh25%N^Uzf^ zGgp3mQTp~+I>0|{TG;kc=dB>BD^9`tVej#1THWAwTbg@d=%Nsa+GFP;g=JR_VQLR~ zKs?4dKd9RSClSj1Zf=OA6auImDokDnz z@B0|Gp|3Tq0Lb?u4I+XYE)gY(Fu=Ly<+D-2GdxqpJ1!hacUS^| z80rXH^hx$TW}tepqE$Y?PDl^S*1?A-`S`g(8*2cm3sd7vz5h#9qKY>8`n0HYq-_6#lD)|7d_R;_)CH`$1Z$ zbK`WqLF29X`j5UNrFAa3IPK?CQ~6Xe1fjVJt_Ff5Pv1)%TI_9j56vNhpX~OCk*j5o zt73KwVl)M(`etu#mImYmU^e4(27yz_Ei0&>jmPz7G?cy71h3A1Vm-N1{H%omJ!FdE z{>6)+q3pUE=n(1y!F@CSo@O6FQ94K2OA8w>>0qOqEoz5TYAbzqR7SEtNh=t4&})RV z_*qSho5@bu*Tth+snfZ0X>x~4xXydj;F8ax&(?2V5;$?z6@Xua5%WM5?r5}>vcMD- zadnTu10?%-t$KIfscN3=v23i)Hn?V#JC~G^^M(Cr4&KE5(d((iPul?3AY`Z1OQRp~ zn31PiMm~&{hUJ+jXOQNEx~SPscjDD~o`J?bA`GmPm}qzHF{XtREo#Ws`Ivv9Mgs^P z*1T{Q@P&p*4}^N|X5>qbE1)t4T-{mhw1!Xo{$R~ z+5%VgwHszADwK-vg{`gON_R+w6wpL@;8tpkgp!%a)$ZX!w|*u#v)$v(*}wtyx=QW# z?Sl(K-_VShdU+$ar=U|QfpXzPtGoJ1nw92XF}68b=LvEZ{_?MM}Wl=EbhZdu3d z&a;L7A^{u!HO8yS#xr3T!`L>;zmlZ)Fg>9)b?*_aBB(NB0Gf>qWq!%s#`LNA2IRSm zrn2+%CJz;~Xm{>Oz&&#{$@lQ>W34Nm53sLZ<*`u%0@vKpx7BXP`F)+hOG}RG6lmoH z<3K5zpa(L}9qcMkFRG^c{Pi0e)xhsLQ>ubbd>@6VC9^Tc0wAZ0azToXK33@l2wU$U zMW9{(<$BQ}C7N*(dR>1_QU#?#6C}A@tu!|54#p2m3UKrs3O4`!-If-TKVcqOSqaQl zHfm)j+eDhHjcfhjXOK%aW0@c`LS2Zk&a)>v;U-mWhJ)(A-TS;{grY&(Z@9|d1AFg# zJJ00vss8+kBO;Guo1&Q=iJ`=|cp#xmUCu0E41$TyeBc2QmNi#Lc(aGVL8Uf44 zbKE|sft)r>&<#tV>6EwJ2(FpSyHENaAq1X~+Z0YG z@S;U+H*Ih{SD_gBApJ33j<&+k*-FzPufIdk;yzwCV>u~B@#z}y>qeQp@WZbV670G9 zT6N9$mPIudE#>3W#X6>=(HaosX|Y(*@6(!Y#}bQ1$F#!&%Vg}eVngwcF|n`GZC<0u z1Ch}dm$i(J@4Z_ye2J0aO@%r>r{wGNm*-z=u)(7Bo!M^-qv02^^W`bzn#*Jl3CkDC zQqJ1OIER5B>31!5IBhy&v5Zjd#2$o?&4vz9s=tZ7yCnZ2wSf-eU0_6{*D})93IgLp z&I$$5v9)2|#I2Fo^apub#Ul{}W7xQ#C zJu?uny)*|*r)m)OpM-BFLc0!y9t^Ti@|x=vj5Epxdxwm~R(|>-&Vr71Mzu#ir@k|` zjZjmdAHO&l9p;x1nK`hjm@;?YtA!bS%k+9_Le*Gu9-2Icu;8pZ&c3E;DD&QMpl_^E z-4T?{oL+jDw_Bxa{jG{A&f1UJL@gq3jW1(q%?PKV8U6C%GspG!%vwYlZOk{#biT%blhcR3HRbx%@ZRTl>fFu+0gsRd>IragDCK(;yAj5G@G;)-?<$&OaA0 zqzV=fUxPyQBW@hlK*|P4wZF3$Ua#H|i|DidM5bA7_|<-woZRoP9>0TeL&sH5<*_>O zvZ+xGFQBa=sqR14cV2Por3j^a^XMGf7lb5)idS1TOs+w$6v+yQ0ZPs1EM%qM z7Ml*&U<48w9h_2Mv9-sySzo!>`i2f~gmX(a5<^(#slmkIF}P;P@`i|s(dEbLFSj0u z)#fm0*nsXl<`Tdvdj%ag={y-!F*J()VZhR)+K%((^l8zg>vg$?BadyFUsbOwxR#O#paUDM~H;!g|(@GDD!5gWRR26s#LfKUW2 zbxCU(*~2fYi$T&HZub+xjM~_@N>c+f`-=OYPoJ#>pof6O28MW=y(c`lTR2|;6pWxf z=SPza&`HgG(jQghv0I@57(2Jf>_aeW}ndRLxpuK0eJ4_zXU2K2@JWHKPD9K zyaqAIYHq$(qKiKNC!B`?Xm0(t)szG@3lLv42fw?#f2uRFPnOm@8r{FS58NUtLe5jN z$NV2*;9r!$HM0I8Z2tr0{)_bwp8H?3ARsE0>(ajgo|8FRDC_^{bAM9(U%LPATU7a; aGayi$2d$lQG4-x}{^cD!c z1r-751OlA!drx`CIrqKi|KWbTdyFJ|ti9J78EZYyv*w&@zBAO%ua6J{Fn&Z4aSn><0#xTK2xJu0Gef;_jcxV&Sz4?Uj0WX9nSX0JEB5?0PLqcpz z+7_>8RSf75R={i`?aXz|0Tf+CU*<*$0C>3lH2%6l?AJd&68TMc7@upIc>NSjJM( zGD43PA0S2n%uQH`+te-WQ{$<?%A93m)YU`)Sow4ty~;3_S&D4*zXgce z@}ZE8@hS1<8V^|ingjA}iRmndR+Wka0Pe~$Rl~9Uf*ZV|qy|+(68q1Vh)YNHK@e`z zSR-ZlgIqDY4e@M70Kn!69w7kmi2iQUDsFPCIahGsyF{`8Kvc(d7h^9T05D}M`onzT z=IL&WL^A%_)z#MP4VB1q#W3vU<(wctN20KR&%yE`|EUge+fo`}vPw?)k&3DJaybXV z{xZXcJ{=Fhz3T&bPee)T^XwK&)L^lS-STpA$pxnu{U&*$rPfny$Wp3Lt66yNrV}UY zmf1qRB}{wgB*{8hFZ$f!8~X$+!O)-eVMl?eyoCqoYb6#%BTr5W>Y;&JPv7crYL4B3 z{6jACv~^*<&8flrp0D0B0Vp69rdLa=XIShh8LOS$0I!h4cqaW$WDG=4Zo;Hh)b9zy z5~a-HxzT-azDPX3t6Jt734Pv1i#=uHjLp%xOwC(wgDG1k0a)Mm9&3sc(#QVxeX)hU z*(qV@Si#mQtt9MEHk2_-=7nXDU0X?$S}Pon6r#oE+w)bCC93RFGZr}CO#uP)B;ck} z%lG|*eipSy{yZ~n3lp(~W0ZKf2})ghvb(gEC~3tl_?`Itm}aBQxL0H&(iI|a63o#L z?-gtY_|W$G01Cz5uTYsPti*`3^dz~SXs#{YX}HI8g+KCT*#EZoYSsGRWse^Oj~?~l z6=)~~aR{(KzkRc!t`3afzA}&l04uvwtSP}ulVTvL@UtFhOQ&sp#m+0`P&wPF&(heD z%3c1uU~%Hrk3)9B0Nv*0RifOAOOoRaS;x~RCEfrNRuA}IQYflzke_5ltxthvAhqQ5 zVi^4AL(z=OkDR*X^w=#glE04@?`*&m<)L2g_CBAaxFuJQvf|!- zHc(}KNSlBs_f$AA_89n*Qbr8c#i+URxY6MW4V4qMI(L@0dSMKpZ)#PBFNJR#2KR*ydeLCS{lTIkN( zdObhE>du5;)PHP~4v}-(2_?{g$)5xk1PD zrVYR7{JOsbBzaUk>M}8_Y3N?4NNDaI40@Y>vSnIR*qNgc#W-zxhB6N!_ISg0_{Qvq z(d^*GA2YTrc<1>#R4iR&5Ru z&7@hkys)4giQj`(K(P{G~@7=OKw_g+TWi+eq4y|%_;-bdEC4fI}O6&38$ z3y|1EcS&%gbK!lo{DOd%g~g%$?aR6WXFic>u2$y`mTTc7V)qoJJu3-9kWG|B)L-25 z)!VSvfsf;teVT{nD$BlM>{F;;sJ97!F;}7nV=fsEPuI4#{I7FGzt}Xp)9?Qc`Po~I z;0_T93kqv812vK-#&n|XK2;@$=Nin|*D@f=ggj~Yo=vW#TAIxY=*$Z2s@5Iz#ILgE ztvf65L3-yC?5oum`pWivBo_hq`n>xDgQ*kt_xHE9wiF&4$#irXVQu(iJslP60$zgZ z_`OH}48L@ZU#pGLfZPHiY;AVF$yyjm`-v^KXLAI>8M$fJGvvQ1dQtflu(yntkWx$j z0jW$O6PEGnrn3RvE4hQ6*N3#zi9Dww+%1Jhz4C`s9DNeeerJh?Q+jAZYW$j#Vtq#a!En%c_q6Tl}j>h}!C0NYgB1!dvm8T?aKkbd& zqhhg0Vtx|$X{UEnh&_;A^x*<(7%D)wB36%~AISbVx0#ZhkmhJ)O&TGxXpj%DJ>ba6 zZ%tK;t~JZztz34t64wVEH?*go?$MkS7Z=Y%A|k-7SIBKJa9$ygusEpdsq3#(nj!zJ zw#Om~1TwJC^+tDpA;+xhe#kIN%GaV6v*H)R0Cj3;5V5Bw>~tz3Rxp% z2!Q(j3c%F0F$c~;P(Gou!Z1gx1zpAkAl}NI8ITYi03h_WT9=!x_uTyYF&GH;Zu2g) zIK8-lc`d3$ehIQZeU%{SD!u2N;b1Muc)u_;w=RM~^ouY;EvBrq1-WgeSPWIz6)GA! zCGWqu^g8ctsk<)j+w#|kjAcsx&7^SzSvQF{udT-xw6uOcCQLpbnh?|WSJoCs_uoDz zmL2Swn4yq8@ko>U!*^mq)J1Ebj%|Br_*P<2_hAh~HTA9v(xpOM8QJ2r3IY`sHar>e zxYCfyL(TqPw6A^DYL?Q}gocxx+hqPQwEm*)^CM91%IYWe6iYo^UQx*2*a$*BABayx zye7@2VP-rFept#jLgfC89_?7i|dN|khpe;3pz++JKImV z(8p~ANr?+oMT@D;?@+>#XQrZg3%Pd{&{ejwApyCA!i!BRw~1FF%{wWQr;XW_e9uhx zx+r~)=y%1f-;0XJ+X7v`Dae7Ti>qH7ZD9}TX}h?Bm4Y(YA2hAjAqPICXEZgpHb0Ish%C6OJA zF{0O9@wB5M)OUNN;VV@43fS}Yqmdn0KN(fl0BHYcZ&F$+Mv50N%2D*Tm@ggqjdV?w z!n$yaUge-+{Nqe=4PWH&8B__ zS}V6WJt9u|LQR{N6prlW%89J04RZFx+W#Kcn&jRAgVj=V@DM`T>c)G^3M}?0*^1-q zMCqly>norI*2u4kyQq_+xHEX&SEKLJ$J|jPk%H;f#Z0m{#LAzm;jQmwM0C2=9Dn_c zlU$=OZz3T}qYt!9qtQ|AXLjXqwXa{osA4}#vMioE{Ql}mlNdAzYj?SjXOI3?JN3gv zXn@N`X+BNS8hsOKhOhi zbc8pNdm#AOob9WFVU}9@Eof(b^SVH*N0Xs^ukF2jz@3#uVm@* z)UY4E^;sUjI?Jj!GXHzorj4GtP-ohr;9hyTFOuz6O7?;aqug0Sw$6hE`tXU@A_!8x zZGR3Cnz6#h(G1l~OF9)fd`nz|9U9%e3D-tCa&DfjuM+21?((cX<fx17A9A0v`!l386?xd^eelWGABQ`9 zUmis9N}T2s(c$1+Sl87Bw5rc%W5>(27ao5B6TbT}q1by1O`Ke@HhX<9fl~B~GipjM z<5TAYIR_#bK}KTO{vns%=CGBVXxl6z41w-tW=cxaFLJR?N*UK|#Hs=LbY}y;OL80d zQ64l2Qz_HCUu}pm>;G9hk59BrJ^0`dFr<6GAU;n6?9c+L81a17X0@>-HX*}KY)V+|Az<>k@qGe;%(LXGNFD;`F zwhpb|xo@Tm4jNwBs%l!tVdJaPa($W#RVWfi{xn^Eqr)GDGqkK5N%wcebz+|yCwVMB zSdpy=jK41)?BuLS{A*b4wf)jKY3e?-Ydy7ytD`%go;pAP`y?;H9hjz1Q=unZj~d_+ zlK1D^^6qM9-^}ExYSd2f&9(}tS}?7>xD&d#*P_1XCM88X+sn@>y$ zv+~+FE$61_a}ME6^qcbfavHuBh2+E^7+^)0)}`;u z#c%#04VnJ_@?xNuzN2ficdKk(fA^V5bRJ49tKm2!gLLu97bAZ|&&0eDb+~FHt$L-> z{M`1q$kDKe2}@QA@5w4j9G$uTUlejO>^2KS6eSx&ocFm|C5F4k?|mJaEQ93l>KWPz zXLG}zX#wQeMG4wh_ZCZcyVjlkNkO(>1gh9zgyx0JJtq*{ZZ5`6| zS+41yhQ<$UVL@j-PTMjX43P~18hX9v@sKh_;hW?HDdCdSGQ{CS`PizQujV~mRvrf7 zveF}>tA6@?@ld@an{{0uC49Pv#ANX%kBk-F}@14W2fL=q2bk1>bzD_C@#EdT3MWB^H6HfeP6Y#+?TmTdt^B!2RdVK zbSAc}^PH<%3Y&Ke$hatqnoW5SH)fD)y^vVU>n0HCG7vI=SlXN6vf9k;JyX55wB@Ad z7yM>ugwCr6vw&AV2BU}wH^o#-V!%pY%nWWW(l1&h*(?JE1lw0>8$e_35Suq(q)r!7YxH`t~krR1s?)g0I4%bzu zbWU??^bSAm>HwvcE#ww&kSz8~Ac}~&kN(>ROHQ-I26rWpJCaiJLh40&k9pT(D)NK+ z2MPkkrwva+_`(X~(Hh$Jl2*q`K+mntwgK51OgZ&R14CYyhr8x5eW{0?!5*#8(_N5( z`%k5i<(JJrkuUYtoCE7$k}pUsuC&@Q`v@t!284p^(!TB}sowE=cc0+-cj`T#@0UD5 z$3tC3AG!!ADg7zbmOFjIPG!#*RvC6a4DU#shPrIqHkUszbv$K4rztUNT`LwD<5KNk zx}!q9NVaM!g03UIu4CUUd~@Cm!Ixv7K_xw)a5rpmzD9{K_~BP^sIA@H(6W99^(1LV zgOYZ&=nyyv!pk3L0YdRXQPcxp~GOtOl;u!97jqMo0)}CRxhhj}iFBW3AZIu$G zR%Dz?%n$cTz!V)UHR0|t)iq%wp1fbYes%RJ{xohY`I}-v>XP(+uR84QqhtK-&@~f* zlKzrem|5_Z3L7T5^wHvk+1AnAymjwS{ytnGp{bU&Xu6HZMK-HI|H~cn7uC2r~ z>0!0ismby5rWn2E!Wn%4h7ZZZrZl7rd)LIE7rUI&O%7iB^-^m39?7yZ3~hZY8Mns- zcU@hXd}lu6`c4!?bg<$WNgv+bLMIY4nrIdKsy9CG*~DGkq^OFls@c{*1J#CKqja9l zclFEL35;@E>q_uziuaeEjc9@PfxiWGGQMaqYez#m*KT#iR}gUv&75$o-jcOo?jk~b ze`D#qx;c6Xqo9^#2`WJYFK{4{PZ$)>iDCL99)I4!K~X)WFqzXYsk-x#3W33vwBx2$s20dmmyA)QVM3?+8aXVLKKM;`nq%=7gtJPgz8|FG| zenf%a4~f;l19+uSGF#{tv%C zfL-PVjtkU9gv?Vf({;3idvC9}wF(#$Os)YNpG@~vQ#k=L%W7}C6Un-8-J;u1V*SS6 zL+a&I(Nz{a28UPU6XT~K?l}RPODvL&m@6%?{5Z+10skLu3`cdG7aSX{j+{IztU`J( zM(;R&)VyE7jNrW#Ne{BLGltklY#l7IDod!W?uRyMyO)KD^UR5QE(OWyoSpKk$E%+TzX$V6YXfnU%XJaExMm~3 zf$E9iR>|UZt3&%@xXpt1ZxP;o^mnYnG^;)U>CHX5#|R@f&&>V1cEMG+wo!2yKrCk@ z?KsFtkl6fGdhsOHgu2{bwm`9eOmWMC{*a1?1H9u`ipvlCI4ygxIe2YCzANO5o*Js% z4xI<{1-d4bV0+m>tTFtq1|U|$bp>$Sj-ixi{x!tJ0BBp#&50d5UI}WGa9?sU!%x!q5Sn^8kt%{^Y|2w|KXI4(GR6~g|Ypgu) zJ>(^hZ%cEvh61M&I6mFW-LT0Ezx090+v4T)JT0q;wG8fpAgjUgpR2U%z^C!+!spUh z4D)kC(+l&Yy|^?hX9D==zlB{yeKo6wvKl(6Wg`MIm(hDZ=Sz4DdSvf(c%m4JJ%ymh;DJI#9dOl!j4$MM42GW`xSKk{FY zjAG+-cDZzVZccR%ZT`*Cd@h^-{l`;IUsqPfJuzcD(eI-L=z7KnpSNn7ibjXesf6X( z`jF`8CFJHZ9$Lo){=hXA!SM~3S*u4~#Y^r5wd&agJOkLv0^6 zz>6-k{;}(WJm|zlyaR*4Z_-sh1JI&aIP1|?pP84WYe2n&&E?=Qj79v2d7zV+75if(yKgahhB#n3@JylR5rXr5zVdS(pZYP;G0=8HNi1?|DV)$VFrh7p zl^}U`XA@q(nUTEB+u2j5A%)`s`?aj~X77K5yX1D5POan>V^{S37G)z1d1|(pUsaKg zPwn{-TM=(9i{_UzXZ$R!;^qFj|GU>Po=pn2TT-y0Sn!E~mD0yGHVlvtA0~~M8Jy13 zbhHNB-O*E;M0oAtjkL5%Y;FGTU7s%WF+9-FhDL~<%l|Px1l#0Ldw$_l?WcCh*zPOr zCKtbfeBd%zqvQPG*yqy7B(>m9H4Kh2lD_2-eSIL8=j3)umB;>qU#HvcJX3F0?CK%! zRzpD{?qPXMoCaoATyHheDr7HLxn4rc;(1mvAXl)o@!iDUGjR*}gEj_8 z!o)rOvo)h4Y`gv0Z#Sl~f5E;NF7P;y1#j!`V$BiFih~lK>@TaIt_UFSus|6k&$+-? zDKm`9*l0j>(!39_qU#MHn)HSAEtbSasSOA@Q~ucp`n}Fwf!)EbhJmF10dFNHZ!5xN zz0+O-*>_Rvy=h$=IOBlojTeCO4)pvMBk%B}{E6_u%4J>!6P~By4gb1>ldy51u(RE? zPl+x+DI2WJVr3oB?Xlv+2d8pmZKrQC??NO=vR-#-60rqhPFbl}B+E-KdSc-f%P)63 zUmWp?{R06@C2y3Gp2izxL|yV@vdWMHT9%W+{JVqZY8HbS-pJ}NWaA-I_y_e+G&mPtXfE|`KU3m;_2=Zv~*NKZ^=w<$g^cx#(y7h!VA8?GB&tO@vufCwb{ImC)e=9O3ab4&O!l2id?%E z6_i--h)@IeV?dTcy@g}rRem0!%gT)~xX@8xId5M64z?E8Hlsmh&Ihu!%Hriy@pkyG z`yyD!S@2c#My$b!AY;3cbzY>%o*!_0)r0^%sd>nyrdXqzd6PXm7VkQ#xkSU8>;}e? z*Cw$3A-S6xtU(r;y4$he%@2Ei*F`9GJ-g8c%KdHx>v6FOqSCc8aIHr{r4ijmO+B zVSC1N*ErD`&%jZ$A?RGjbTwYctS8#_##K|V_Q|l_ovdxEw*c9n3vu#=okH*4xhI}B}M|A zzEwB(WyX6VH1pAuvB1uR=1%&Tal&3;aB)u$IJ`m{8bOVM4A(Oy*H<88?w)J(K3xLO zeNFuQ+bTHXwUsU(OyL>Kt_gmpMs_sFw{U|R&I6{6$)Ja3P}kJD={M|w1}p@rp*u)( zmGHrLOR+RV9pSQ7;li;CtE!?Pd{?o_pK|-p^q<{cW!()Ed=HJyqt6FJK7x-8x*zXg zhu^?a4g0}z*4Q@&>dgloN495~Zi91$bKyTo7ODq+DeydU)$xc8Le)DMgKEJX!$Bv} z%qw*`9r~%7U`KY|b68^<=ivm7R1~=622j;5vL6^|Bk|9Of&Tpm0SlsS=-6KNUE~KF zwvZJUS?wrdrJ%8&IB&|E<%cTGVD~rd(f0R$B$#o~fPP)#-|sN$p=3)}q5=(j&uve| zN*yP9dJ-3j#&t`NR4gO7^o-7gm0wg_lCS{}F;oK71|*TKcKdny2&?q%ef;wSR>^jc zF0v(v8P?h4<Q#H^SmMhnRo1Tty1xuH0i}KsPgub+fsw z8r|X0tAKVD(Cfdm_ctWrU41WjwkpCaI8^05r>XA^J~y?LD5ec=I_@w{DNVkFv2Kl# zQj+#56i{7&4s1s3R3ElK9SvO1B=Z4ZnFw6Sz_vxHI7F(B75I3!g){|fBP7uwic%M5 z7Y!#97>8J*4$q=#Q^SteHGkg!oCsza;rUSGhTDhjAKrf1s1{=*ZD1o%xyU89K^tjX z;L_6iqj%#Iq%(td!x1I<(zQ9^NOqkLc zkLWg+fQ-ULdE4qU4bto8oJ;l`b{xlf|AA$zF6-@L9hXNKXK_ug^$dbnvU6)tdyKG>HJK%bsREuSN7>ZaAPL7=-^ zV!1Q85!)hr#9cZy-ZDUpWmHe04I|QTKOsd<7wgC3fWPM#L47KyF^}Ai+_sz-JHdqp z7(YaGvgl6B@tgS8$lO6ONWc9`0`qqdi=*J__V_v>YO&(^J1k%he6|n-{PCTBmRe5J z@Zp z9OlWnz0m)XjBzHv8z6JaE_u!Z-hDTx`5qs@_BLu=nMeo#m~7vOO4>pv4 zny;2%pntBV1`HavYoYxdyq(0?9MUtce=dKYId%Diz~Sh2kPQ`}Oji#w6~ zPi~`sTm6oIOsM>moVyvt#iOXw)Kp)Sz2_Bo@qGyYWs$_$j}+DXcsUmi&oG!Pn^l9e zy(<|&z&BR%7lA4&#cIWG``Cbge*MvoJ%e*XWbIx6PStzxo(jLC$ho(cUws$<#e-Wc zJ)L*7m{~7O-pT>Eh-9O*Yng$6aQEME_l&i(nHijDz`c7u012jL(|&`hBfr!J;z#tj zZlBCk<=#sF^Ik~pJhy5K-hEZv;I+C#lzG>e%jS7!)tsed067R(RUsA8lthtxCIih#&O;XX5-X_`P6D#}%9ZYxc|Nx;VkL zPV8u5JU|aYm#rw={J)w7r;R{Jh^)})3O*p}b!1i^o~nSK7GyPXsV*3kbl rj{V;~ZU5z=|KE&p|DO!9cujzOY`&eEu6GBwFaT{0{l|4`FQWe&{X7f_ literal 0 HcmV?d00001