From f5ce4ef4bfd89069bb27d45af787b4838db1d388 Mon Sep 17 00:00:00 2001 From: Shriram Rajagopalan Date: Tue, 6 Oct 2020 12:08:29 -0400 Subject: [PATCH] Istio sidecar DNS resolution blog (#8264) * DNS blog * no period in sub title Signed-off-by: Shriram Rajagopalan * period in desc Signed-off-by: Shriram Rajagopalan * rework Signed-off-by: Shriram Rajagopalan * spellcheck Signed-off-by: Shriram Rajagopalan * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: Frank Budinsky * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: Frank Budinsky * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: Frank Budinsky * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: Frank Budinsky * Update index.md * Update index.md * Update index.md * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: craigbox * Update index.md * Update index.md * Update index.md * Update index.md * Update content/en/blog/2020/dns-proxy/index.md * Update content/en/blog/2020/dns-proxy/index.md Co-authored-by: Frank Budinsky Co-authored-by: craigbox --- .../dns-proxy/dns-interception-in-istio.png | Bin 0 -> 29890 bytes content/en/blog/2020/dns-proxy/index.md | 254 ++++++++++++++++++ .../blog/2020/dns-proxy/role-of-dns-today.png | Bin 0 -> 30098 bytes .../dns-proxy/vm-dns-resolution-issues.png | Bin 0 -> 22371 bytes 4 files changed, 254 insertions(+) create mode 100644 content/en/blog/2020/dns-proxy/dns-interception-in-istio.png create mode 100644 content/en/blog/2020/dns-proxy/index.md create mode 100644 content/en/blog/2020/dns-proxy/role-of-dns-today.png create mode 100644 content/en/blog/2020/dns-proxy/vm-dns-resolution-issues.png diff --git a/content/en/blog/2020/dns-proxy/dns-interception-in-istio.png b/content/en/blog/2020/dns-proxy/dns-interception-in-istio.png new file mode 100644 index 0000000000000000000000000000000000000000..db6a9e2080547155106bc60b26627825e1f63026 GIT binary patch literal 29890 zcmce;WmuG7)HjMK3W(CJbmsuljkJV-bU9Me-Km1q&>#${G}7IJ4oZiFAPgZA0}dfM z!VvF0_2x>x?z+QdH9QM*S-M~H)ib5BEESsw@ICIkoPhA;kY z;G3cWTQeLSpI8lL#b*KY+ug)I7RI6Fo%Q`=KNzIrs=pAD`nZuQv$K>dQrzG%mdX5> zAowmmHD<;#X2w;UFAmW*9T8AYE$?gdTexP2$h};ob5_wKKnto6x6&F z6jq+sFPcjL4@3rdZF?(9R1NE&kNl(j>r_eMhDaf<{ZTExi4?vsPjZ^#kFDzPr?V;F zs3M0IC3bhjSE^Vip%XnPonK^X6i+7JUx}j}oG5QxZ}3ioMy+c-_zh?me<@~nSj9=O z?BIcPwO6Jeta5Ty^!7>?;m2<^1(*ktO{gKc#NSsp&*pZEzDo;|4!T+DUg~51aggz~ zn-ftmFaP5bjk&Y@R~jSV-04XWDOB-dCS8pNfnOe_BKO%-gI7Bj=7RXO_WbJ zOQE7gHFgThKpm;U3STE!Ms0{C3l>A0emjtR?XtugKTu5XAy@pNsC5T>e#FyfGs2|I zngaq+8o6&jgZA&j_L3<2(mL-eYuKZI?mh&+2-+JI7mFUOx+RI;HP}hR=iiRN8zs)b3({Dqyt7(76l}A!9G1tDj@maR<)#%Mi7u@_|T0PGT3u)o;_OR^q2SD z8?;nAjQOP$Rd4jQYRR;xa$pL=3t{Dn*FL+Dj3m8Y`aJ&&iAp?#hbI(w@wmju15Wx0 z1g6-hJ1%zPj;uG6pOr-A0{jgziD!0sC&QBNeWAI2F2dujA>8&Utu)ODdzz~b&!lK+ zc(5Twzf7$85S{9le}F1FTq%<=KN@7T6&Sz0JKd9c&%opQQ58d3k%v3=@<8~x0w^C*OW_w1OXbDXnu+-^n=A zr4w(w$d)4MHRL{I+3h`(rp&hgr{&KT)wRD{sZpTX*x6t0n2Wi^F+RY%e)2ujMsy{mDH|2ndpxCJArn@yga{J-@Wp9=|yzCwqBwfK7b>h@d}d9W8enTWxf7(O{H`^IV_&&t-k3%S9bTp zKWPm_Yvp<7BA$8<;Hc>jt5*wOuZ`4qws)p>Zlk0eR40*YyLbI1iK;G1q8B|6742X9 z7{v8gIN)6Ik#>{8foD8vZ$GTZ7UUvIEk~hyt?%!I;fMJ^t#gwTjCpYZLf-=Lt^{`0l__3-52*Yi1b>6MSr>b%AR10Jxk z;ji_^=}SgJc>3UdEz!c)FI%0BVh=He99^riAuSRG$SI;gDSYW%=Ru}eEZytz6f)-R z_b8L_KY?1ob17zWS5XPmM^*%;=+vQ-P`8Uyk#$L!(a!+d44F);jDb}S^VJ_U1xZks zs|_AY;}fCxSB&4syMxYE)65O>rpNt4vn#P~D4j+hRJ|(pOvaZq6?a$=@`fWsXPQo} zjmm&VB#40}T)V?M_UR_MtPiqpLS(?N99LpP<>*cQ(plF`JX94i_2= z0xZMDS;F2JS;h4fKf*H*am$i-SP*KF8fM~)j=E{+fAx43H&RIJw)TM3O`cdXzmE{g zYzB5snnk_TPQy#SvhKsdESJj2rm&VaIM;7b6~LAm=C zTtl9HNNz~?+f!MrCTlV{Wkj^q;g6{QvZSuT3omnTL!LXd!nXFDZI-;PX_C}pj51lB zJe`=4ybyTL`Pm zxbRSwL)~!UHt}P8n^Qf2|FWB==ZxY@7sR3}*zHRKE2LRIGBt+@TRZg&;}Bd7Jm!a))7!qxMQM(b0jjSs^~b^@2EXDV-NLv|3* z@r%V-5j92`Xy7pHCKToV8 ze)j6IZne4pVo%Oo?03?>A(hfxe0nA|TjwNb9=*51I{!+nDM}`hTC6$hDsQABKskxG zp~GPOtK~AGeFkUEWfNV)dGao*4h&Pp9u!B_XUo%kDjzI=g!6)i^?WAyez?0f%YG96 zKcA4^4RY(;??ZR}GOP`yqJ=QJbyaMHL+3OmNwLr4;BZ-kyBslxSJv5uRMbm{ujGS9 zMo!2d(_A~M_aRY2DJEzLk;fbSKH@SphQTV+#tmzd{~mP)FVuNXO{qWMXDzR>%xQ}Q z{R_*ccZ)_uV{TC~{{?Qi&G@3k)+^T*CYTRl>eQF1AO?8E(PGj|K|!m zv5rdhTNQlsmUcbJvsE^ zR*IVa%spo}p3$fBe?Rq$5a&wdou+*j`R^%(cEX~_qj)RfMy<=Mj0^PWw9;MLN%q=naBTL$I`3hV|~ReLZzOt-AUitbKD%eAd86I5=z6eQy*c zkRdRd$cg0RlTA4@88Ahx3`IkjFh03r7Mlnzjsi_)2XWE8J*o3(sJVM*Xrl5wz>|!j zs*ws-BO>%yBjON>l>CFA1f*ZvI}*X`24{8$ua1|bMmt8ZL&f(&=OnYX)pOPTR$d;Iz08)3+0)QPZ1JMI8kXI|@Kx zmzj&Qg)VEA@oLd3LU>btksw6-taTL8dSv-v(scmXjHFM6K$!9^kwu#OL)!BV(Q5ZB z(#O!Ei9EN*w?C)oJ+p&Oi^VC-Ujm{6Ldk1T$AJ-QFo#G-WTo1mTm891AD*f5W07LrE#`sb}XSx2xyM>(gRHtrVPOmHm zq+pX~6 zYp1g@RrQiQ#`@(oG0p_CK0R`|j*9gx!V;p_tlAa^fsqq6g2;JCubeMfQRB1T0BDa; zA?uSuc0N3_EDNIwOq++@cF0q`s4egJtuNq=S@G`iPXu9dnnlN zWACCGUfem-)m+>3sr(qbgbrQwd9l%?`^LPRy|XIdHUE=`0@%XI>BvOGO%l+(7!V6Y z=028Pz}~O_hl9foIU;zlg0*{Y4S4DFMj6ScU+~A7jQ`_$&!ap?vqi_P0({6w`B-E; ze)({;xm&CK=a{RaJW&ba38C9l*2=fy@q3Oc(U;NCJaO88J~cv^s_*x2bWiPD=l~gV1}PcJL~({618WH4+crYs?|sx)|0!MK4}@*#x9**Up&< z(r(e}xteEa-YV;P^f@gCto#?=yFAc!<|~~)=QnlIBkYaTRsElM!LC@m-?8?V(|=*^ zl9g1Av{*A!nU<*hY8ojLeB$RIR-!-N)dpL+G~|f?&vo+UusvHmu-Qs-2@l)psW$CA zQ8TZp4Z^xdi^?x`+|8$RzNi^_jE!K>{ukbCbDc$fV`Fo$=M5Yq9F3P!uRWOX)n0?1 z+aq^6tB9pvDKL?2P_yyNl14sOe3_{vXnLOsqF@0ykoN-kvWgPak+Dofcq`>pPPT>U z8K&tw%wMZqR;u()o{l zM^>kirW}ib+1g!l!wqiQBQ{ix0>CyeDCLT`woD%NQ&F(qR>{61;bibx_rnxXObvvx3n>=KlKex^3e#9&5g*m#JR! z5j6zbTr~n5(gR2S(ju(4MQ9;Yx7 zudpjty$IJYneb9VQ}%gM4)>DwlbWV~zIC^Glgu z$>rg9Ijs};>CF!J4q@EML+EKW4-{T>3Ig6hX)y(}V^Zm|3 z!`1|QVZQv69bfQp2A*VacsSg1FTQ~@6m`>V^CQv-C-rHv5}fORebM*e9!T`#xTPFC zvfi@R(ut{Ls~o~uFTQc{o9EXO;A%jEYt`?%qU2s=vE0OYzpyz8=bXe>hXczWM+p&D zxOUML@lkR>S|qpSL=Z~vAAhX}JX1u5Dw(LGnP-;y4Ve_gt1~)WJvOt>4Kg(~F zC?ECtGDhK(tEPX(!~y zAC?7*8?Zcr(d(xGSU+dLUKdgwZa zRMsNkv&RZwnZ^6SLUcb{2d9dvgFM#v>XiP@(sAC0m1q%S%P>Cged{v(ClsoeTjtQ~ z6uHdIte^|_`}WzVj5`Of>%P5zh=Xq&J`n$~&K+K(I%n_j#jl#Qe{1FMNrr_BRE(px!? zb%n-_8-`c`ZKNl`hg9`3vlR8(&dTMJ)Q`ZTNrr(#&wY7(N0-pTf3{|JWakS_s}YRfYXpuuE(tZxCzj?o{Z5n7>IgC$GE;Nen=4i3t(WG? zgAJb&;p*|^3S<#&I5;Be1sPUuH`8B~zN)Iuuk&;L#iQ5YBH;p8v$}P?;wgB5iSmG> z{hj%Z>rnW$MFz~o`tPTefx0nd`@QSX{D(%g(fbhhn!xhsw(oNo0Oqi{w2bYaoE!f! z`tyU$U!Utd;P12n=;pQa%FwnUsqvr(a<%L~e==gVt}4dIAxv=~rC1hk;Zk6CtZ#ZR zoU)-h(v6S5N)`pAl*t5RLWl1{?~tf+8NPk}ZP4|fAIyj)f`%m{aPU_rBMU;-D@A~i zVArzPChNU2p%F={NeZ=k6Sn(rLnTSlNZEzk3N+O6xeS4}rGERHZ#YGq$z!2Cy9dz% z^6vt#)a0^HCs~(ALjJr;a#%V+>2FR+t?0YKft=Zrv@0y&fZv3MdH|2)=?>0c%0&dA0We9f|`yp!Y z?;>Bf^Y-zNQkMUN|}!CtfVrO zrM@{beV3Brte%DwapyisA3MJOV=lP(qjL|PdquY#oq}cs_eOak!gUEm9;-EnoNpYw zW&#a|Q6hq!s~PyL$;LSQ9$>cD9@{|3kF}l;-i!L&NPLk4(Xk{r+<1#e`wCO^#-TLq zl6v=a?Cf|}w%+k@gZ1-;Mk>dR1}wYrx@6Q^72{H;~}${4}d;0)#ChG!L=1iE*$SFJZ(;@o~ej45?0SAU$fJ7U+P*n zw{H;?aU{cu6$JAAZ-0aySRo3oB~fjx zl`Ieis~cZ>f6ZlSUhMgwPdmdLrp%QBHcv0)gT#OgY4tOICA&5*(>@+hr3kfY>z5Fu zAGtOi3Z9|V8T-n8|Ir1Wn7&1JH0`9LYi!WA*R7Us(du>~pYk84yljxDnf*K6iZrjf zaATqm9f0)a!9|Jn;uW7Tjr>B$@Li7A=CeB4w-kQejR3MmtZ)@f`+IX*md{^S6jxTV zccI^)!^PWtIf0j@9&&@E&yG;|PXdJr>}WvzZjAxYO<^X;8YNB%2{GW{$G`d4w=sqO znXR(KaQ!C`bp`C%LsATGKic*kC%1o zeom_lKi=yXz0Okf$Y#s>mC_vde5=G&KEoeaP(ys_*$C=U0O# z^>$KYu=S48kDY=KerDnw5Hc}fUmDJzPdCydK)YAdd7>EIW_g&!tWWPEb->v5Teo9_ zU@K+Xt=F%BngftJE#YeSn;k}?#I(7q3QON>i%RbSh5aom7?A-`i18?(7M4A{+w((I z1b!59G8_K;5PFSi{CstjOAWj&_g#+m0dlalV15zUG7wMU^ls7gZMUA&ceIM>e`3c& zB(eSl>MHIwKH?DR9+~op05J6TT2cEuW%G!W0;h0&Cz_j{7Vk86N&i{b5U>GX$FgOB zkFY_ruldFs;*j(9@q;Tw7)BO~^~jPel7N3G#pLY`V;%O$v05Z))%0#p zzGI>kx!=WII6m-7Gq@pSR>_z9$TOD9k-Sb3-&UB9DvfpPDpGihx|>bpKzBLYltVNX zRr_S@k@5!xj^>L=O{(f*aVt(>4>+}jJvS79-6nYjfGF&qA)QM)%6-Xh5cLUZ(u2|AoGLFD(+PHww zvDyxJA+E<@BIi`6H`8obn8zE2y7+ceq^M%(DyP*#o;CJb+lU`vRTcYEq6msC1#T|? z*i&YzR@T&Bm0r5IM83Ni{7DOB+W|juuvpjtFAk3)4I@lgNMs;EtC_huTA1wPG|$jL zd4q+jZpLL|1EXU$k0=(`19S|l(17<%e+AOCR*{a-ewIwChu+@F-$HPS#&eF#r8im> z>)q~2fh7V!l`L!K^;3qo?~!FJpHpP1xa?8wxYzt$So#Y zt#h*mBLJ%`8dy>$G0XM6?UN_qj0bHz#kfY=)X+cra2lk(C`V-ULyg@L3-A^HnV8{Qa&5 z1Pk@>M*+=9H4;??nj3&j0MmF+Mz(y!f?wqE)z+Ef&NHHt6AvyW8vk1>*_^sYKU0}8 zdqxBgzuQ<&T+ChEUz6;=PicmTJc{w(DeCC593QOa&#;qaejQ>uu68n4y8PsDo*OCQ z=DHQrsLiNH4M3Z(;It&fSXdK>M}tOJ8rLC8s2cY>DGLNnV7XL_3ym3~f7Y}erpz_| zm7u_KlHLv;^aJ0$T=e+)rM;yBZtgoo)tyf>*OxX8k7D+f@s^ zZTR^JErQj$YgYfooCq&6)e1X=0~~_@8n;h2za4HK+Kvf6Wt`sGM!Rw#1cg5IH#ENr zyH~_VKfB)Gmd7wfn3Y?}_FA;VwP$drmkT3Pj4(nS06=ov;~vH_@8uA1y0;g`xn&di z5C}%sGKlyZADyFL!AbhR=!|*@QoDM$zgoi?H1`S|lIP9YtOdSb=a8&z*Vn(ZJcBNdBJMam%IDRtO|l-+Z_4yPHB2sYpP z3jO*jjyPtBcT&Bxu1D^TYhPl-!Lal+bhU^Pb3{%0nFTKEekvMBx}=MZukj#(2aZZS ztU38iLCg^FLa>uD^|iO=r6v|H)xWwJTSUve!tc9_4OY;#KJ8_ZIqtsew1XGdad!@; z%)+B>W}qyH#peNkY)DI7IaAxSiz)a!l1U23U0LBJ$AY*Q(atk9p%FmH`9h6F_HPXE zzSsW+M!Z8+mL|#tkO@KXv57g<7`EZ7>$23ae#qfp9C)2e;9$3As*Pw!igrcKR9}Hn z^t-uKo)n57eKgWPN1W+~$~8K;``h>SCFr_$dSb5XhitJ19LXR7bt`m=9eYyxS^e;E z1SPIv_~VrCw-C=W8oMTITBwPtTgJw;uaG~#!DtiperP-E8w=l@Ic|RowlK|bN7{AM zFmzjJ#K~4S&mQKTfo1WqnsmwWq{gD)T>nNnWViuTXxm zC<4?A>*nIKus>m=Hi5Bt3csY?-+5VmG9s7j`Jl34yU>V>enJ>#$&3g8uJnU~eLYMr zJ_tfcp&Gd5ZKz@&9k<#Rix%eMx%a0hbG377@d)}|Tt({;ck;0Y@!OH@kZM}(9t&Hj z)`v!ez2Wr1ytiDCJ|+thZ)8z|6uJ%7lC^N^!kv2qjt>+9CPH8$UbYkdRL~IOXw0rl z*VpWQ{`6~8XXxEk69_Ip+=K!C!`>cA@qMH`pwYu@@@PTudr?`c+0 z9pWiijd2xgcZbpYn)kFwen5$#t{g>L9St+`t^4MBFx%8pWk%X*A0J0fgdu0sCKh{$O37p zLyE6><@6dkt8e+;3mltcXq3`ruH!EL+5Y%$Ky%PIA%V>#ckw*jfoCn?J4Y)Ar_QUn z-JY-9x1tBrmTe`r|6Vqi<}TN;+hUArf97}){` zi{-FsN55ZF?6Na4aj6+fnF6x%=7%%o=#|KPR18BcXP@kTl-^~*!Hi^~;QK;}@`fLj zkGF$FEq4;?cS*ZTB~bbj|H|+>E_lG0?Xt;}QN$Q-)R+BarC;mGN`;hthaF>)H3j(G z<@Yx|U0!+4EBAC~?!4{xcJq%M=*}OEQSxR6S55f}IJJFT{=T(uA@t5>uCzIH%y($H zoFiDfLpQi4Q>&%)YX)ZzXnFm7NyBoNssV8vwBznSHfJ2|?RG%V;D2kD>Sw>UTS7y) z9JlOD)?tpH1j=tS@Q3f)+~v-G>C4zjsy@qZG9xIc#VLeVbRS9b(DN6RzOSnd`6ONb z&hMBs0TTkcaaP;tym8r}F#@%gv8}7<jB||8R3D{}gUs@nM0=tMDL!2swmWTzi9DFP@Q+jv>uz1< zSTxS0ZYAmaN~&rsAmAt?Aa*b23}yl*LU8=X2!*zTe&GcQ)C71I(SRQi1d<9rKM-dJ z+B2~vzzW?~xjWVQpIYDIpWoo*cM_d@M+HVPOb1i62toN__>hHO@1Ue0(moZ+J~5G2_od`maohuaf}#Xt zQK87~TtYn>2bL3hHJbG~2`Vqks57B6q;c7@VIW$(s`MZ^E&tx;p-|10F|`T$m&|O5 z$L(u??!9f~1l5KUYq74=YNFr=(3z-Nbn|n=Do{s}_)yN}6i4e;HN}gh^7Q!)s9KkA zWMVR|x3BuE)+JJ1Wd#UQ#gSFxOLhdvl3vGw+zuM#1@?JBf{N+D<<#4YwjhUE`!3JYek}X+aATi?>rt|H#At>7*q&>lt&`rpEG(MVR4TQ|UO0zQ|ox%GKOpEk7Knatgd{mRtS) zM~c#;j<;I7Of0Ef)>F8}Ia^wivqtY%B zkO~7GoG)sgtPmwfo=-OSYcN_QX17DJfFvBRfyt%g?#{3d9cPVd8(~(7}60^lI4hc%GSiL zrVqLjZZIGUmM8Keq^tW~Vm!w*WS7zh6UpXjycUaqs9(w9FBLx(v^4uDtzuueV3--R z=|NcLMy_YxYqYZ+u8x+qYY?SAIg`pgc47XmGa~ofRz@w)`8a2pVQP<9Qpp)DT7s4a zH%vjMRdXwYIp& z>XCbVYuEUi&gHI-gGe&xG&L8^4u49yr`BDg*O1#X#ha(+(WwK^&V<$!IOk8WlYwNb?4G<)8vcXdv@VH!o_Spf!xF;#sJ4QC2| z+X*G(=7x4Im!j0_H97qvtL%3>~<~kIlJpNg}=P{6tUPC5D zge31CbNJ&#w}pa*IhNiNG@E5<2H^?MwS30t5UQ%l5~S~#`Gj^RrH287&D@sn?n}0q zHyRgVVzZwHE8yu#peRRvYx~ihMH0S`Szf~gzKJFHT?>ud;MOqFsB9ITTq^D>TV z*yhormktABhJlmcZfi$htdDY>vzvOyBx_biJ8@nRO7{c-S_l9rRmGtDyHfSxb=}?> z_%=m^y4vb1T-}lIfPpo!H>vY&1e83a8s>*$g$4b&d)dd*DXn^xR+7dQ&C+E^4;}f| z>~?q5qH_uzVCcJ94C5I;(gkY0)`Zs=dmJwWs{1vAX6=x6^upfGH-v*^0V2OVW)k=Z z-1IF3H-xV3yy-O0L}e4=+hjdeDWUXB#-pdBW`gJkZ_Tj9`Rw=CyQ9ZUFFJQ4AdXVCoueYbMSSJv zx7=ZGSy`T3ZopCku;m2SXzCwC)oYY|)l70Vo7);3e<7yfi@9Z1tUC&(d_+rAik-b_ zS?x&7BMOGWxn_ga?Q{}(o1I1(z| zt%4#WC|c(Hmeu}7X8L1SvkEX!=ibSgt_S}COoi_-QE8}|^*?}8GT+O|aVZ;m5jxOp zDblX(YWImAQG8rJ=(=QP1IHu*KradLt2Qhc83C#x1kj3jKe~isLi2(!WGUqx!!HZT zT>3PnX&^1O%PU+tq^G+wbfq<&^yRImLOBg7Y5|GX=x2RH zrQGn5IzDWJN*_FrC){J$ll!4}XIug~zd7g{Z)Kb&kjX7Emh%5P+a5Suf!eTTyZnP2 z<5#^jMC-)c`Q%6J%jE?~*2o6!OuLZ#XYE&<73z8bR+jrP5eA~H4l0pC)l2{I;` zGagA_*)&=qL@B=j)7=f{E(3ulDhqcIku9p@j%MgtdX|w@4r#P$Xsis~8l{5FEkLP> zE#|;E?fj~*s^-#F5=4cRy%p>_#H=8Khd>dNe4u@W=*@uT8FKv!58!i!(g)?s(Dy8 znIpilkP~iVe~lVkztLx#H#yS`o`~>nRW|klLkM(v z%a1kEyL@{dk$(ygFGOV%zm;R^hqq5GfuV+Ejyj~QP!p?&m?{9U+4l@qM^%Y^6-D6z zAv98-J69tJLFR3#(Ta-u3tQ0Gyznk7trwKP__k5Sitbc+aT0zXsQtb(W2B!&rVCK>3mx`>loK&pC+zm~oijHCA<%6m zgT-t{%}PpW>PGfPydF!yh^=+sS@9#{hqE%GnzszHljdbamt|@k0Z5XvkC&s%oY0XL z2$@4`uhMRX|M)`RRBA1fIwpg9=BPSV34N|A(j|6rmDN}iS~R~MQ=&K5h)2Qe+)~H9 z(vWszcv;V(poK%&G!mo}jc=1Ns6(B6fAEjpRj?>4kYZ*t#bKesbUmw-=_5avlqjKx zEaI%Bh(XEeFEW13nfHyM3)!;ai?**We76Eek+~-opk1OtdHBJoMn-$_hK5`CWiLn2 z{cpW=*ou^3v`k-U&E)K;)j2;~mj>fwxw<}Qs1D%YIP2(7#}&^@Uevhb)qOt|sHS}q zKM3P=>EQCd)cU?A*<&q>&Pvl-8*JK!(9mN(Iybj8W z^U=j`8+GK2tNZJU919ZLtXY==OGJ|-OEC{-yGq+XU8why^xfo;erm3{r#CcQrh4~5 znW!?2^CR8#o@S1)*4PwW_@@8o@>v^WRssOdPoKT%uOQNy&C(*d7L#lDv>L|rO8SkoFZ)SS#+3H7LN=GvhVfCm zX!Z%sWzMu>=cND<0`>T&DjLn?rJQPex0?fXW{yX zh2RVMiYrFngOWoYTY?L@-(jbskm#drgS7tsyp^h<^SkA7Ho+Xn2MtO= z=@ONm8qNY|Uvug5QG$!`N!#U<4tGvn6f#Jbk=Lb6yM^FoWsQ6_h7L3*_W-~TmPr>| z9w!A44sQ1fpEx=6II0Pcmv0aG=LOxDjx7YRVtl(~;~%gcBf2=szTs?G2RMiUz8U7% zNlZc3ppo`a&s?c>utkPey!}m66BRQg)q4A0`%)qvzD?!^w;oYez@jQJi8MSYn6ObX zRr=@1&@*bkeB&yO^px@1Ml}DvlBP?AB8XT@pf9F>-qg+xOxOyFez>App`KW=aBnlL z8o$MnS^3=)@(-$NB;x_JYcZKC_a*zcJ%z{b^W$6S(>@qXqrERR%hNCa(hE~Jy(!!? z)4YhWs%g|s;zs(6t?kVcl<-3g+#kNw7MK-fhSU)r#J$O`DakwXANZ2v>{ovVI>Qhk zI5Y>=8Xsnjyw!66=G3D+=Mgjc=+6Knu=(EJ>>k6fZF_p~O>w)7<$C{=$O+k&7)Sn8 z?BFBN?qnylv6rkR07n`o8$*H`L`%SY8}*q=H0E08bgHI;AKgDR(aZt&peO=SMC~-*BuZ!VqfM%Yg(t+{A1lXFY0#+ameyKD)pi0yB4 zGeO+E^(yuoFBlUB{nX0y%Rq^n`=L_Lj^L%A)U*CjDS+Ww`YDLj+~MNJ(9kdK(F8Vc z8h1(4cH&+nY2Rag8iohtxh9|lGaQ*;l#qpN2&`@RY*oJ|-_Ul6d`*tvB0yH=o2 zuJ>I9Xw1LhPM6)C1OB_V`_hVkKi_jdLom9WwomEGyYKie$2Ber3v|9HM80`5MB3-g z5tLjj0q0UT7$Hd8x#Ilw$hF~SZbC)XoTF?__8-_WSjnhJU!nrj_FG*)fdP@|6(lfz z@lj-M;+eBy^6k8fAvwZh%OtWsj_xH8I7iG|?RMt3?HDis%~AMCAf>lTdJYyRvfu%8 zb1jf{KUANcXT92BmB7Av@V*3< zD$Dpmw#@Kk$KDJsx{}A1(XYqzSNQa)A#`)2bSoy=Cz0{pSm|N$X8>;&w4L5FAwQsh zTW!86$7cvt*)8d6qca00D_TSQkIAUDXXrRL+4$9?V`%$#Xcm@ty09E7 zdzfv$bVdSb$r~n4(&ucx2lHrG4!hls zp6p7>Ry~OOs+t|v!r$vjr@brFQx~)fHejjW-CveJsqg1CB)J;}O#a)4og_RAw`mwH z*T9Z`fQ5wLGd&RTUhdOa&S2&zDwsL`#iT8W?lT$Jq3QmCs^M^oYjamQqz~WkbAlec zxGLM#$%qHuR@*fx-}W9jOsiZ^(kQ6|Hv;;C!>*D_NqXTQY{qLZt?gUFxvxhh_#(v8 z9{PM{OlJCkK5K)9VnR%2c^^^F$SoS@64Z3Yo1mYQ0%zSv$wHLQ%#PT}P^!g@eWlNw z3V-~`mTkTAkV8PCk4fLBYybzPT297j8RdmIZf#-kRi8~o;Dt_w|D(s)U& zfy4gdiyp&CVkKhou<2P!@qs|>JdbmZxI0Ynm()7H*v%E7tl_hhk@+(TfDmNBO_o%8 zvC!TTooXd)PfJ?xx9Fps1rB*(mzE=1$9r@3(E{GikdM#Goti%V0K=tE{GH18VVSF( zzMW$v%#Fw?s)pqz0R*(H&PtueKkEKtpPs31 zZKrMn_m(ct*Lkjz_ndZi>+-MB8B6^@g&d>8Hs*4i@~{5tE`(tovVFy8{p8ixJN*tN zh@JnyPIWK#9KxbsoBO}Uw$S`xMCFm{b&s9Uo5&j(tgX8JbySzY?SZCa$rtR86Rjuh zj19A@UW!%*i)=Nso*yZ_i^qWE=c~2KU9IkGHV*Tdg6SA7{5A?S5M?+sV$%K(Vm2bE*<7hHcb*g z41712TuU3629@SMcVct&a-N|VUH&cVT{f@2`DDUM8&mn%DskS`JSN)PG)LVc?S>o4 z=f5jc;l7vAX8FKSJlCxebDD9a5;wU6R}o&Cn|9clRdba5(<>wG8bJR5d(mpFWN&}%qXrL;x9=OpK|=;iD^dU3gj7B;3- zN^4T#+x^z(JzbfPG(sJ5*VBxfoMGQ;9hd816k5TK$mBG+dz*K^Iw23A4g{U5YRS37 z&D;M{h;ZrHsAt2TO65xQ7)(hA-UwE^fZPbJEsP|WSW4TMiL+1=IelI-TJ%p`kDeW110j)`GE z?o=h08~l@H@KmA*FIpf?dU95W^KrAH)6JwnjMEe@JcghkOQHaD0%RgasW~<=md#Xb zbT(DaIc+nUb)dIjXQz5D6PGWX+U>v9It5-}yPcPPo%gT6rqs$-Q)h2Ss#`@b1@K-s zjPj=P2wnbs;_!^AXmYI0(S_oky<0*|-eVA{SAr#}W7%>8GhYvPWS+c`)2*M490=`| zRR3Bj(E?!|D-&e*+IE~e0{z?T*N2?IrDq}uz?HF?ntxp8gHEzt4t2$wq-pc3ebco5 zJY@hkA?B4{7tGoFbSlBKrXhz-4Bk(BP?O`A?PshpGZOudd<`H2t+eSIYA!o|MWlGN z?QgxAQE!hEWOla8zIBv*nf^vS{&fRRa^erdy3B zV^PV(a)0)lWj^rRTFc*ZXc>sZu*xMq)oHOtQQqGv zKh>+Iez24SUkuR!q71*(qC%kD*+Ld@J>lpl4y z+hE_yR}xiPtv*IypV`G=dnMR~Y>3?pdvoYQK!xxoeT&gmIT<0#E09iLkE@7=k14^b zB=XP-Xvs`yOJB%Ajt?nRTXo-$X4W{KsZ1m+A!lKJK=zQL&+Na!B1svK zYBt=uTzCM=wbfxeLRgrvLVfinr%vriKzX3~NOd3SR3&9Q`i;%r6t4i)^adeUcFPxT&%Nx@> z_5wrTh}0v`s^{Pb>_eG`R-UTiQ%-96#lBxN*hy4VID2%T=foK$v@&Am9zv&2{F}7T z=na>u(&u1k0?xf`zmw)ENj2W#dtsKTV<9>@46Mr-YIRrv9wxREbqhDiL9GtqDnZ!hX**xx-g zy$G`y?@kQBPD^1cBTD*c016a-nt)#faL6-8f*rT=IJ_#7(j?{KocqY5An z2XW`mD%8L8O|-{-%8T_puS=;f*?QTGq73{pJ%-FWYN;J%9dS&PE-N}ZbcZ5+IUb)N z^=*c1-qQnUR`EF@wg?l3|IMfk4K7_?VGKVPETG?igq_15A>b-dxl|?s+AJ*<^Bw$$ zz-?IHjm9I(^w7{>BG%W36XHY)asHp$zB{ampnDe;>C!ubp*Mxlr3)gxSEVCOx>AAx z0!mj@hKpZo9KKOoO$cV>2G_RO4f-uI2V z86i~3C2UQKbaokF+@=;h0$`*-9QzeGK*!M0!N|X0;u7hSkgJ!}HArG>Gyx!rYZ<~dI2cTN_TszQ0P9crN`^w9)VwwWbn_b>tzZ_YpC6+y6 zL=CEC<_u`5LiwM#o5x$xA z^}~(V4gi?^nosB@llnlq#`k8Tiv)m4H5Fy^Y{w#eLGPB^e&&$Un4D%^cnH2PQ)1+1 zO|3V^49_bZjiZ#t%{9^%n}Z!$p-*_R2}hPi;Q$xvDi@YT2j9-Lufkqo@m2H+M#w8c zUiql#O2e+_ZWjg5pB57)@IP8ZHQZZ>elT!hnE5ATT59NnvdXXQdd}XtF}wAOKS645 z+kf_2DY(x^_`1iPz<Wqb^ z2Ck&*RsA0;JdTPPY9j8qNUl!{%r&iZRKzA~T3@SXUa zBfk-6ZctyIst_xwE+a_270g?qP~ZfRx5ZCh(-dD}@vpcbcEB{SEodAi*R&^Pg#`Bl zJUJZoqx&8{M*i-(659RR^|85W3Uu+dUxx)y~jE8&$D!HeOG<&YOGEuKu( zn9za0t{ax{K-mUm|&BIg}1e*1iyrE z$(-F?aRzL|bqz6g_@iVHwg#uA!sz(?I#%^@!6YkRZ~22;tKRtVZd!P1hlIfm6nOL2 z|G{#2d^^Vr4WjyNGaIt(gVS{Q?kZ@`-X4DN^ZFXLSqoGHP1TEOT=JgX@3X z0x%}4jtY1ElZ}~v zJR)dGKoz)@-mOcTWdLvk=K|xO0br=XhdOnasaqDgw=xGlWrbR9+?tZorTqF$@Dghe z07YLZB1uE$nAlp-8w~e;lcV{qLtx>$LN)_Si;21qf4}k|aP8IJ@m>Coe#RHHE`(-pSM>>n7XFvdUSgMngZ$YlkaHHlnviXwi>><&h zxc;}2f1LM!7M)T&Ff`4_LsFhLe*7ui;Kaz{2V>qDBnL$eZS>i?V#@@HgllG`Yl@k; z=n8~5V&0|nCwKn-EhXC2{+ABf=+Su=+}xG>?B!W;;e|u9M!sb+nfRsuuJ{vIbgcAw zXcZvpRMQ?jpD3D4BCw@wekhl=hmRlh{qKN z4spSiCf#+2nf%1`@llTGhnSG6rrqk`#`)t+_u*eIi_;{l^_S#{EJX%7KG?*iJcEmi>-#CRXwt>)dw11xnH4uQ{9>o1J_r|}1Smu0@Ul-ks)WQTO4G}kb; zvo7ymvR%_OrJm-Z-VgpVvUqU`?-tekgE{_o0j?9y1jd@gUWN3A{s(m(xW`TfDOru1TYZ|wa3;R`-qeMhXL3CW7R2iVP z)dwnu_CFAB{AQzh^SP)BBX_XnH_lkI!yfj|NRcg~f@s&cx^k%^Fv&fq#!-7$>4-9{ z1NMU9ZYu}W&5Z=z_U8JI`tq{NL9Ih>gI3w?$j8!7+`5;0*qm3p5#sax$+Ww- zn*ynj(a(V=rWY*?e~-_NP;mrkdlvw`5zg*&cnolyFH`O-2~dVnfU~WU&S_zeE!E~bLC$TZv^P%? zY+|xD2l1YYd5KJszEs=fh_h(7R0f$o-;gwtXxp-HBh6V}3MR8rLlHr`qXrrI`D{Wx()FeIY~#){04z|VS@_LdgSI-Lry+ghqKtn@>;z0k2m~W^JrSH1&iV8M+J{Cbx>|rP$D#$bX1t56yAc7-*Mdz9F6+u)V z3dL)PdBwF>91nh5VkJ?ByOy77BVISGOUl~U>9l3T*AQuVL%MKq-hQdIl5yuvv}Whv zgg`TZQ6hRYH#=xcs9gt;=n+II5tA>EUI5+q7$_*+YM{n};h#FoZ!oJT(Y25;A80>K`Za}DtsZ0ByoPDWEf4jb8y zxj*ta`gsnzgT2W+vBc_s-s_#wdSryW`=_}THnxc%(ot$cx-pfjwg6V|`fnqr@4|M`;H#ca8Fh0m+ZXo33jg2yT9HU(l%jixnW^VhBr;kMEm zgmzs+dm?@;J8w`=@%B4 zucY1V#M3P|AtT5B-<1^r5Ps_`5Bq4|UwUykYr|Q=g zn~&nr38lE4k7(7UN~BAG0Biuz7ILLtZ)*L7m>Kd26?M=aq|~2PpOZp(;PKrtuLt{x z6NO=3X@v@V5%V5}T(>icXp;L~hx}DnPCF99-^6`aE8g_Bkw9c(j^^NdPK@Du1HHTj zCK2tMH|o%O`&mF1)QR930XuM1a%)NxaLj7v7@@>TqH)*#Lpx^MH=gzpKev1?VTm zQz-(Eq&$8C;xsu=!(SE^=Y5;6ZRB}RR2h&-G#zgTo#b<2Pu z-0s%Y0wCk`??Jw*0=!)2QVraoEq~da1njC)Bk{Jrd6kW+!Q?!&!Hm8i=BNzDwPQ~i*kgt^Z~s_aZ@KI~32&DHemTY~wrO#6nYj%ugo z${FYgKQGk+P|CX+mg@0I_(%0SeF-4-0I7;YQPszZAf2${pD>g_<;@}0xI+s<^Q1x!W3i2pQryAD z$b|z|5xWt0DLe-pLrJ(|NC0S~lM4GdW*I$teat@5@<Ac?^Pik zkExa|sFm(BhW`Y`Zgz|d26^}eD8Nku_5+WtyH_R{!ui`fSCyWvoB}TkpsSdpP5B-_ zPb)%CwePlXYSXsNhA|0l-|C>P1TkBhTlmqsJrrqLhD^2OjyM-;?<}(d{YBrEC=Gpn zkLccrKk>gN+Xf?Mwu357$94{To^uc_LIJq^rpHo;Fg!fcfF@jCX(q4F9YTVwSZWyt zNY41I%!%wfsL6{jCn=EkJ6bA9*8W;O(o!-{clV^=eGB%V+)Q>%to!`t3pgpgaoH_# zDmm!kD66W)W?paYPHCsIB?c^u?>4M_z$a%9hZ1dW7?udIacy&}J}sEQq7ct+%~lmY zN|T7}c_XkPRp!5W4W%mQZ|&5& zI=7c$nxq_TSOq$Gjh&*hub+!7dOkQ6q4i!;^UKyK{$Z1kWtOOusH=7N>TirXk}39^ zXO{0PYrzq>3pGLft9&|YQ6Hk0tF7V$ce0Uw>p8mp z1>HV?@Ycp2F%ujw*^DhCHk(gnc3S2kE^Vwx7)weI@gh>XeJ`12xk#ciX961zzCIKO zxusCCM4A;5KV8q6y>a`b^80a9*bhE?aov~K~8l9i@u5p>Ld z%|BfeYa-tF4F^R?XtZw=sn+GFX*T6b&UX0o)1@@Vv?TaFNv_-*Dz;3KZYxo zBSwDk=;k}ClvE)t^OKg|vgYV?>StE#EsjdH+wg>pMhK0yAhXH+7u>zxUulYh064tC z<1OQB{-dWsDm*W>)kKKjh@-?cJ46APf|Gg)IM$=djMUbNTjpxyXn2f=vp}GuBt^4-`%ZsKxKhgal#7vY zPM@OM5r?`&?p}N@lHe5KF3}z3{i*IOvnI2UmccKt>NkXwTBE8L@KUtvYpSp`T#_-9 z*!OADQ(3UdG@Fdd@=ph2`o!7$N@C(qisIb>5rdB_5jAFx0@^>^-;L)`*7&$QpC*-c zT9gYPa{|)1_h}z8dZ6MvQP#XkvIS4YT|OctDvg>kQiQ9| z1NlPpZ9~cE;4QW0nC$eJ-A5xKrUYG$H+5;Yv(eY$xzgZ zKx)r1+Eb~GI}SWICY)cS-p?B=E1pEcA|ipx)~on7{gIBkSIfFLcQV$c?|Q_G;vBE6 zF?m#bO`qbvdcAxu`>^{v&O{g9hbilQoFnM;Zyu1${fxI%z4jRiSge+d>cSn4l_+|? zSQPUGHPwccWjH`wsxWA{c@B6V*XVg-8IGmBzeJx}Mik!SWXIMRR_mdw1b9(1J8Myi zy{9UGeEc^^=M4PJNML25D&4(e=^CAoeJu=wf-DN~0z{^!y@?_ZfGbQPjkHCF6SP}5 zm8n)(8_jfig)#4*V@)c7w(#JVm!jkYg!a6U+iO~Ym1~W-m+32WHgpgzwbm_(n6`&V z*FuKFrSxh(cxUhV7l^+G4omu+Y1tfMo{u3On0ZD$Rtwjn305=ixar{^hJO3=$jnn-<3lg|_bnA~mdNZi*@Ygl^7tL+RKtAlNe4AKR*9d(uI_ob&y~EPGMjWgty#F+ z6Ur|$>pXJlZ}%EUxyQB5i=pv}ecw}Qfx0w!<*q$@w&HIEb%&Q^gSxo^t@neI*ktTC3#>;Ayo~*Y z_s!oezPY;?0HN5J_%b^s(vU4IjL8Z(O}f34MLOB6zhC!#1ikfhchzN@Ko-6f^HaGr z)i>MWM#`D-z1IU@y}#9bHP->wydais@AT3qq+V&OzvX90kg3~qBXcig>tSj)ZhO@o zPcEDh;2kko`Gx)#2^CpB0chLzkevqLB2eVszjXm3^EzS zMLjwGKFahRtYzqIg0whpM@xj(WD0mK9z13-1Y0xYC9cnrA&+25S&9hhqC-M z+eBAihrRznfH%;~wZno)6%P-8HRfY}_lQRTo7uYXO`8n&Fz&b;(wcR6ZA9JaQ3p>( zRmM8bH)MadMG<(9HL)wLzV}rCo?9qV4nwRO=eUDd%MLfB>3##jnZlNNJLNnyY~^=M;=?urvr-t;kLdMAH(qNwLWd? zA`a990>20m_r@5bJU%k&L9^z7m2UR{mAXV>~e~qlA51gn4;$SiNqPKPBjD5 z1JYo7;Vr+|w4_ps_l=Hl$4wD(`L|k{$!NX$xyf}Bb^WhSIaih?;QMvmd4-CZ5xyO= z@}TfdD}*m;-~OK~#i%ZYYc&X#mUW_v)q9%$*{)LyWX*Xct@}fQm}TD9)B4Mh#gh*H zw*1lId5eWj1txM9@mAgugF*@94ChS?zYWc;RFZY3vEwso!M@Mi_MX+n<6j(8A(h#) zP#b$^$zuZA93y$>NZMGxp^}P)J%?wVo~aOyEWOgqre;|}M&ab)^Gct)KhEAW;O93C zw?0>Jw%ni}f4G4!CWG|Q_t%q6$@Ypk{OZ$qG$DT*;?^N07J;SgZ1N)YNJF|Qq-0CX z$b%`MiVprmXB0Y@+ecCrmn~(|H8NwMJ<{?zW*K*l0X$DFx2CI!+ z;$L+9b0$v~@9ek(HmTXy%;{Sa$Zp<0Pb^K>=Qk0l(e>TqF~Rno_>EXPWzO$4OtN^n znl`G6f9@oMJY{3cA4DTy1pm#)ejtGeyY60p zAm%hV`f?_GL~MSUX!LXC`TM@V@h7TNglpE1DsnB%vX2I984?or=EBXX{q|eb}2+N216BJ7Hz~LS7nZE{E`%n z2x`D8b6?rVuj6$I(#M|J220bBLBh zhS$|-2J2;(0@jp8QedUQlQRW-ZspZ6_jKFi=jRSO&rf5bE3D*Istg-K_R|Q63ZJwl z+FDNEfXEOH_RTO&JXkjlb%7Ce&*+Iy5%;DJ$W|P73KNw*R%1v@f@j=n(`v`EW$Q&K z>C?t4PJF?=-cb6zP#7>;<#8)fH`())D)c}=c4NhVl?i_}x?`}9+B?v7XWjUo&%3@> zUXor%;xQh`wU3I<5$9f(xHZFVD+7^F3Y!(@eK05%D$q&mCcv14al$U=s2>lWYvGh= zla}jz)oxgGd6ad|Jp=736uZvueXI|x)p6Iv!+Tk8+cw(srJM8SYWj$dB;V-MZL6ma z&>&)p?Utr$?mQ$pf?Mcy8wrPdeD)jn=OTqIWOK4;+U{q&B@0dP08UTDu4r9dQot!m z@We8M#92queb*@>)zExA0e=o;(GS z`hu|)?|Uv2PB9yR#>)z}APRpqVAA$Yk?e)PXo~e^!xSY>#-Sy1L2W7dozO95G7MWUDU#X25 zEJO0n*L^611L5Y8A(WV|D)<~>u3&?dh-;Ga6~|xDw}AH>PwwS&*2t*-*q+S5)CDq%wT8*o0^gS2RMLV*g5MoOzQw;@ zFHVEHCQy!Be?1NwcKwy1siY^rM90?431roNzP7Hlr`SOoLr-@JUV9sGzAgIlfRjx& zqLII$xOj_RWsD(ZT~6L|=?_mz_FWYo(o>0PD0lsE@HQ-Ic})I=aMg}o*R%=i&VVWA z{TZI?JsQVlhYhXi4lf66Y41rXfzDq4hIl*S1HL3Xq|qUx71#okWM)-fjQApnuj* zwzp7Wq28L3a$2A_=aIs$H#m3~SRBo|LVG}XU0R>k{Gfuz9VPWsG`Y13V3}b}>SUfo zRc4~z3EtFZE=CmhFP+qpp7}n+aTNSCBAP)F#Q95=xrZH2z%nb$U{TwgirGiw zb($$_fNA_u$&(rDpp#qIf$Nr2xYh_VXVD=qOMxB>)0ud+ip=05t!>=%@ zv7Xzv(j3H!CnQb|x#4xN@jXTMdqAOW`rXg89x=F(;Jthut1-Et5k5PbJ-O4?d&1TC zr`6!ulYq?G)=kc=NUB&GxYUTNQTMYUt@;1hp?6uRWZfY>5r+5_dAH$`Uc47(`uejX34^( z7L@+VwLF%RT4{9d$>L3SZlAiSUNZfq#18&fkTu;I0hTfSGcjAH>ys#tHL1R9bsvau zCe|X`{?ey@h#l@(t>AzH^WM_^`$FMpo_5195`^YHLDWH8% z(CsSo>ivQQ#FAzkee5=)!q!IAu|SZ|KV^vo@%s*IzC`HQQ=j!~$vWaoQqRho5zWmC z8$6`P-re`}8f|n_cKrJWItn1WzfG=wM(ouEwa>DLSWqj5DPrbr&qMj5apzy3 z7Mw_j|o9KiUQ0NovK`9Ud71=qd-(-W4ZxsUeoKuzFdgr%bhUW zSid$hkLQVRwzENoz@`^Cf@OK)Q@K7#8q$4!Y1kPzP1In|I{5Q>O>-8p41?9!uD?lbh6S&OXm9}zfqux^*RpB*00NDQ2Ki&a)#fX&Sg!(U8`$^=7vkQ zIuAxETaSxX4OnB3z$Bp~j!X_2adHJ!~}ZO^+xloYU2 zB%v?FO~fL(^PE;3t9tkB0q+Fa@MXDC#jhgI_Ah8m(vZ?R@?J~>Q)}k$vk&-B3oIxH zB89t$(OHH}qlgWfybdpJhgCx}pK>uIU@Z%Nw)Oqn{L8V3Q5$Gc8)KEg%xcuiMwne0 zB8k=$>rXD0h+lFa&=i}6?d)E(OD3sq)?--(K^n@FjSbq zX?5U>e0gvwe;uizV&lXY`8Zkl+~{U(N$>$03i}21EOt#5b2fkaeTRj0wp{CXuu*1C zkt<|6o776nSa`Z#3%+p2q*CzBi0+@iVm3BcP52XHcU`F0QBM6B`{&Gzm CLYFfD literal 0 HcmV?d00001 diff --git a/content/en/blog/2020/dns-proxy/index.md b/content/en/blog/2020/dns-proxy/index.md new file mode 100644 index 0000000000..51eba0b857 --- /dev/null +++ b/content/en/blog/2020/dns-proxy/index.md @@ -0,0 +1,254 @@ +--- +title: Expanding into New Frontiers - Smart DNS Proxying in Istio +subtitle: Use workload-local DNS resolution to simplify VM integration, multicluster, and more +description: Workload Local DNS resolution to simplify VM integration, multicluster, and more. +publishdate: 2020-11-12 +attribution: "Shriram Rajagopalan (Tetrate.io) on behalf of Istio Networking WG" +keywords: [dns,sidecar,multicluster,vm,external services] +--- + +DNS resolution is a vital component of any application infrastructure +on Kubernetes. When your application code attempts to access another +service in the Kubernetes cluster or even a service on the internet, +it has to first lookup the IP address corresponding to the hostname of +the service, before initiating a connection to the service. This name +lookup process is often referred to as **service discovery**. In +Kubernetes, the cluster DNS server, be it `kube-dns` or CoreDNS, +resolves the service's hostname to a unique non-routable virtual IP (VIP), +if it is a service of type `clusterIP`. The `kube-proxy` on each node +maps this VIP to a set of pods of the service, and forwards the traffic +to one of them selected at random. When using a service mesh, the +sidecar works similarly to the `kube-proxy` as far as traffic forwarding +is concerned. + +The following diagram depicts the role of DNS today: + +{{< image width="75%" + link="./role-of-dns-today.png" + alt="Role of DNS in Istio, today" + caption="Role of DNS in Istio, today" +>}} + +## Problems posed by DNS + +While the role of DNS within the service mesh may seem insignificant, +it has consistently stood in the way of expanding the mesh to VMs and +enabling seamless multicluster access. + +### VM access to Kubernetes services + +Consider the case of a VM with a sidecar. As shown in the illustration +below, applications on the VM look up the IP addresses of services +inside the Kubernetes cluster as they typically have no access to the +cluster's DNS server. + +{{< image width="75%" + link="./vm-dns-resolution-issues.png" + alt="DNS resolution issues on VMs accessing Kubernetes services" + caption="DNS resolution issues on VMs accessing Kubernetes services" +>}} + +It is technically possible to use `kube-dns` as a name server on the VM if one is +willing to engage in some convoluted workarounds involving `dnsmasq` and +external exposure of `kube-dns` using `NodePort` services: assuming you +manage to convince your cluster administrator to do so. Even so, you are +opening the door to a host of [security +issues](https://blog.aquasec.com/dns-spoofing-kubernetes-clusters). At +the end of the day, these are point solutions that are typically out +of scope for those with limited organizational capability and domain +expertise. + +### External TCP services without VIPs + +It is not just the VMs in the mesh that suffer from the DNS issue. For +the sidecar to accurately distinguish traffic between two different +TCP services that are outside the mesh, the services must be on +different ports or they need to have a globally unique VIP, much like +the `clusterIP` assigned to Kubernetes services. But what if there is +no VIP? Cloud hosted services like hosted databases, typically do not +have a VIP. Instead, the provider's DNS server returns one of the +instance IPs that can then be directly accessed by the +application. For example, consider the two service entries below, +pointing to two different AWS RDS services: + +{{< text yaml >}} +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: db1 + namespace: ns1 +spec: + hosts: + - mysql–instance1.us-east-1.rds.amazonaws.com + ports: + - name: mysql + number: 3306 + protocol: TCP + resolution: DNS +--- +apiVersion: networking.istio.io/v1alpha3 +kind: ServiceEntry +metadata: + name: db2 + namespace: ns1 +spec: + hosts: + - mysql–instance2.us-east-1.rds.amazonaws.com + ports: + - name: mysql + number: 3306 + protocol: TCP + resolution: DNS +{{< /text >}} + +The sidecar has a single listener on `0.0.0.0:3306` that looks up the +IP address of `mysql-instance1.us-east1.rds.amazonaws.com` from public +DNS servers and forwards traffic to it. It cannot route traffic to +`db2` as it has no way of distinguishing whether traffic arriving at +`0.0.0.0:3306` is bound for `db1` or `db2`. The only way to accomplish +this is to set the resolution to `NONE` causing the sidecar to +_blindly forward any traffic_ on port `3306` to the original IP +requested by the application. This is akin to punching a hole in the +firewall allowing all traffic to port `3306` irrespective of the +destination IP. To get traffic flowing, you are now forced to +compromise on the security posture of your system. + +### Resolving DNS for services in remote clusters + +The DNS limitations of a multicluster mesh are well known. Services in +one cluster cannot lookup the IP addresses of services in other +clusters, without clunky workarounds such as creating stub services in +the caller namespace. + +## Taking control of DNS + +All in all, DNS has been a thorny issue in Istio for a while. It was +time to slay the beast. We (the Istio networking team) decided to +tackle the problem once and for all in a way that is completely +transparent to you, the end user. Our first attempt involved utilizing +Envoy's DNS proxy. It turned out to be very unreliable, and +disappointing overall due to the general lack of sophistication in +the c-ares DNS library used by Envoy. Determined to solve the +problem, we decided to implement the DNS proxy in the Istio sidecar +agent, written in Go. We were able to optimize the implementation to +handle all the scenarios that we wanted to tackle without compromising +on scale and stability. The Go DNS library we use is the same one +used by scalable DNS implementations such as CoreDNS, Consul, +Mesos, etc. It has been battle tested in production for scale and stability. + +Starting with Istio 1.8, the Istio agent on the sidecar will ship with +a caching DNS proxy, programmed dynamically by Istiod. Istiod pushes +the hostname-to-IP-address mappings for all the services that the +application may access based on the Kubernetes services and service +entries in the cluster. DNS lookup queries from the application are +transparently intercepted and served by the Istio agent in the pod or +VM. If the query is for a service within the mesh, _irrespective of +the cluster that the service is in_, the agent responds directly to the +application. If not, it forwards the query to the upstream name +servers defined in `/etc/resolv.conf`. The following diagram depicts +the interactions that occur when an application tries to access a +service using its hostname. + +{{< image width="75%" + link="./dns-interception-in-istio.png" + alt="Smart DNS proxying in Istio sidecar agent" + caption="Smart DNS proxying in Istio sidecar agent" +>}} + +As you will see in the following sections, _the DNS proxying feature +has had an enormous impact across many aspects of Istio._ + +### Reduced load on your DNS servers w/ faster resolution + +The load on your cluster’s Kubernetes DNS server drops drastically as +almost all DNS queries are resolved within the pod by Istio. The +bigger the footprint of mesh on a cluster, the lesser the load on your +DNS servers. Implementing our own DNS proxy in the Istio agent has +allowed us to implement cool optimizations such as [CoreDNS +auto-path](https://coredns.io/plugins/autopath/) without the +correctness issues that CoreDNS currently faces. + +To understand the impact of this optimization, lets take a simple DNS +lookup scenario, in a standard Kubernetes cluster without any custom +DNS setup for pods - i.e., with the default setting of `ndots:5` in `/etc/resolv.conf`. +When your application starts a DNS lookup for +`productpage.ns1.svc.cluster.local`, it appends the DNS search +namespaces in `/etc/resolv.conf` (e.g., `ns1.svc.cluster.local`) as part +of the DNS query, before querying the host as-is. As a result, the +first DNS query that is actually sent out will look like +`productpage.ns1.svc.cluster.local.ns1.svc.cluster.local`, which will +inevitably fail DNS resolution when Istio is not involved. If your +`/etc/resolv.conf` has 5 search namespaces, the application will send +two DNS queries for each search namespace, one for the IPv4 `A` record +and another for the IPv6 `AAAA` record, and then a final pair of +queries with the exact hostname used in the code. _Before establishing the +connection, the application performs 12 DNS lookup queries for each host!_ + +With Istio's implementation of the CoreDNS style auto-path technique, +the sidecar agent will detect the real hostname being queried within +the first query and return a `cname` record to +`productpage.ns1.svc.cluster.local` as part of this DNS response, as +well as the `A/AAAA` record for +`productpage.ns1.svc.cluster.local`. The application receiving this +response can now extract the IP address immediately and proceed to +establishing a TCP connection to that IP. _The smart DNS proxy in the +Istio agent dramatically cuts down the number of DNS queries from 12 +to just 2!_ + +### VMs to Kubernetes integration + +Since the Istio agent performs local DNS resolution for services +within the mesh, DNS lookup queries for Kubernetes services from VMs will now +succeed without requiring clunky workarounds for exposing `kube-dns` +outside the cluster. The ability to seamlessly resolve internal +services in a cluster will now simplify your monolith to microservice +journey, as the monolith on VMs can now access microservices on +Kubernetes without additional levels of indirection via API gateways. + +### Automatic VIP allocation where possible + +You may ask, how does this DNS functionality in the agent solve the +problem of distinguishing between multiple external TCP services +without VIPs on the same port? + +Taking inspiration from Kubernetes, Istio will now automatically +allocate non-routable VIPs (from the Class E subnet) to such services +as long as they do not use a wildcard host. The Istio agent on the +sidecar will use the VIPs as responses to the DNS lookup queries from +the application. Envoy can now clearly distinguish traffic bound for +each external TCP service and forward it to the right target. With the +introduction of the DNS proxying, you will no longer need to use +`resolution: NONE` for non-wildcard TCP services, improving your +overall security posture. Istio cannot help much with wildcard +external services (e.g., `*.us-east1.rds.amazonaws.com`). You will +have to resort to NONE resolution mode to handle such services. + +### Multicluster DNS lookup + +For the adventurous lot, attempting to weave a multicluster mesh where +applications directly call internal services of a namespace in a +remote cluster, the DNS proxy functionality comes in quite handy. Your +applications can _resolve Kubernetes services on any cluster in any +namespace_, without the need to create stub Kubernetes services in +every cluster. + +The benefits of the DNS proxy extend beyond the multicluster models +that are currently described in Istio today. At Tetrate, we use this +mechanism extensively in our customers' multicluster deployments to +enable sidecars to resolve DNS for hosts exposed at ingress gateways +of all the clusters in a mesh, and access them over mutual TLS. + +## Concluding thoughts + +The problems caused by lack of control over DNS have often been +overlooked and ignored in its entirety when it comes to weaving a mesh +across many clusters, different environments, and integrating external +services. The introduction of a caching DNS proxy in the Istio sidecar +agent solves these issues. Exercising control over the +application’s DNS resolution allows Istio to accurately identify the +target service to which traffic is bound, and enhance the overall +security, routing, and telemetry posture in Istio within and across +clusters. + +Smart DNS proxying is enabled in the `preview` +profile in Istio 1.8. Please try it out! diff --git a/content/en/blog/2020/dns-proxy/role-of-dns-today.png b/content/en/blog/2020/dns-proxy/role-of-dns-today.png new file mode 100644 index 0000000000000000000000000000000000000000..0f9959eb502c19dbecfc2050d6ee654cbb2392f1 GIT binary patch literal 30098 zcmc$`Wmr^g)CM|$fPxArAs}7S(%oHxq{0A7NQ1P*0E#Ff-7V4r1JXUHAPq_lJvcN& zNDJdIXAi#b`+eWJ&i~`(A7}6VJZrCK#l7yewowKTG;Wa4k$^y;8(NyGh9D3D6a>Pj zy-Ec9QqpNd3Ih2))>2h6elfe3e8r`j~Rdz~P}%5y_qVK8u)<;LuD2c!72y@mbN2p>^+(Q%w=?^+g$2(B9sK z{ORfF9YDJOzyE|a7_6&h(?G1=1q!Y86w!##kzP?E2mY$6b>|qV%lz!|6nxXZar7a| zh96{1`cP21U2?65RxqtyGr&_#M5X^qZ-?ZE%qP_}TEkau*_nX%=_(;VWi7C;EmDu~ zH8Yci4J^r5@_nI z__BtK8XpLA;8ryFz*A*pZY8^=#@mk%qW>%}I1(h}Aq=@Y+Yy<-cX6e5Ccy=aYeu}?1YLtKdQ&F*ttRP zuiAC@QuYH2(!cX@NG|!x_Qv!TNbDteV~p=n7BQFRO^_lO5A-C)V7(`$|N0^&n-u6H z+9qE-^JPZ!G#<#45ENGR#`sIl{Y)h_?ooVW7U9gpcAB?0hIv6BGn@PCOCnPpTQWSP zx~V`Qo|kN#BK8mDwD1h%wnZ{;?#Ka>n6R=2OxUeG>HJt-oiTJ}H^h#8-^r4*cu;?( zWuFWcxa~DIymTE2=#lCRUUGSc6Dv2UQGS?H^XU^ zjXFn=vE-P)o^+W+0wqXH5UO!3BJ-rD{S8w~i(sa!(NA&ABFp7!cf9no4{Tl+fy%%| z&v`Htca-kDKj}Vx*AHpsJFFjA(oN4fy@{$tLl8}3b>Sm=*jjCOz9+enIDv(I1F&DiK(4}LK6{e=ps?no>%fJVK3PMOH|if;nP%V8D+x8n8QXYd{YfJ3 zVn8D2*SDHPVZ*$YjGVN<49R=S6^liB7cQyMip=lwJle zkV}NQS(q@JUU+fT^Q5B7TONr3x1=OOILCGWhWM#CO%z{0$bc~}P)Jqy@}A0ULP2vt z)G_b=`%afXDRSQt&x~dP-D5crbYUe!jtp)4us41=Qav@Q6X3cT6aQpVSE`AC* z?OA26-E?iY?lW>wf2ClMr&6&A2~>_##L%ZufEYBXF(32#n>@cH(~ow@W2Ps*te-&k zO6FCu8y)@+tDEprsdi!X=~yx8vwT^}gqMkF?HNEIVwB*;CLcbD{(8lLj?TpIiOaL8 z!Ym-ZO+PM^EXMI@7&n6)Yd{f%++gqoeEu^7Mee( zSbh$wWO91onPWHY^@S(1T6QMYJT)-s3P_om-({sAoAY$UJ*;7D<0|TX0TyXm&>tft z=iWiz?j~jJC~(~XzX+>F++SnAVe*tgpi(B=w6L^4DRG7_{Xae_N8d0t)kGmCz_B zObB^WKMQ(_d7Gtq&rhl)Xo$BLpXtiq^n1kKveAgiyss+)4H?wm z6uw1pp1T~-nCa6fx6vL~{ZnG7f}Ng!-CFD@lg#dm*1a-ab1@@1MMEGJZOnCjq3<$X zE~9pIGPUkF%b##gZCma4Ol6tA>uLE5;@-BXMv&$Yhxk&_>SdEGW3X!rjn+06KG;*Zd8equoruOHEyt&|$weT*5hOkbsMI|L(F8d1 zVOX4Yj2HUC(#P%7Kon`$l3H!LC(D}ssLA2#mi{V<$SgzJ)Ttx}o(!GV5GmrK#-_;` zXnUTQy#6NQfn`(M9$V|K&~WyHY`U$3mcBEqPu<6#l@+w`K=j=Si;lFXAZDYbl()UI zL**f?JWv(;`8N|umdxc}_q$%K50d3<|2ZPy+M^9#N)q1vuBU-l#Pwe`~(NVI5ckvJ&W&1oKm@zFeY8k}7J>Yd?LP*L?BoCD&fZ3PvwrAL$W~ z$mXkSE(vBK6EQ_8C+mYTdkve7Zzf^irkJ6uUmb!`sUfHP=8{}R=h>X3sZqKQg|vi0 zU7XBhVyoBOX|(Xf-cgd5YQD)@PT=0F7xON8XM0Wdm)&|9*9%e;isjP_&4}Zzw%$D{ z%&tCWj3FT8B(U4}M+-c*YJd7I1zaW2n&CS{szco~^>}DvtB3oVkTRo*r|4#c@vy#r z*2xrRdRf5~yF5Bi4%?rTSTt_ZP2oaH>_Yl=)+6Bav%eFbKB2f8FH75L=e)u#5EkFO z_?EV^(k~vOk~t;l-7D;_mBFQm^wT510Tr~&ZKoC$d#bm zWTZS!*3j}@vtMTFIL~ng9qr5MI9I~dp89g+!}UgM?_t;iRmaKd>2=7jt?r}o^3pXc z-CQi%{)4X2;p)0kyzKdpiBZfK!HYxw>cC?OYmA`PDUpEC)hJOKd1Yb68^VqQ7AT_B z*uIgU!qA{dcB@?SFI%itY!52BqPnz)S8Cbnc6}rn0)x}_+y_5+MOTRKrJ6#=%$oF@ zI;cHkx3GSUvjUc8-uyYYiScjIiPO;f>PqjLxeQPD>0iXaFRJyi$90;koZUf;!ID&n zpmF~j1hI;eTgU1MMMK3{7Q!V6yUH-DmymUdZ%qANt|*D}5Jmq|1d2yO$47Eo*C<||~)p{p02uGcwat}S{A2&X<7ToX>OE!x=zsch& ze`pen->AU~Z~rq>D#)6c%~vh45ImSuFmwO4ZH6-S#1cWa{Xt)r!{?OJ@)z;Zq#(*D zu;jI*0x^=W+lLbn_WnjaGRj2)s;E)DWqe&2q}?!D9@ESUt?^B4A#T$oDg&TJ$UD2TfB}vS&u*$G zv8+nKeGT7Bi9FT7Pf>=XWN^?G#x0c=!sG)95Y0%M`uRg+w5)C{(WK6)73y_a~1(J?VK`a$=`8!;ATyNB)9E@)-DN z$;HO+-(-6&u=NT!xb86fe5sPrlaSf_&2TC8`Gj$ObI8TKcRAubm#m1>VT1(=;?;US z3K~$iFPI#RrwQHr5pT6t;QTxXvt_uov-bi{o16(L!27#G@!u70w(k|BG{u((?d~ao z@l3yju`14#9jP|$P4AO2y;zCwjC~JfJjLc?*Q(n^v(>Z%0`e#WpSE zwYs0~W;uR{XvROI>?+A$4{urs>18#fleY;v>7x__;G{9_SQ4{SZI$2->WbFah_9a% z!QRN<$@yCF#=M+B9)2hp_Q$eR{%G*onUCIf@5Q!vd0yvBW0b}20}OI*PY<)1ANsUM zxHiroqmJbr3`PpVB5}Kc*3U>jz^x?EZ{tJnvhcHBEEFJ;J5RXC&7R*8&YY2Y^##)R z!%Y}c?9hHktYvrv9gL9K>ba1eqvs{xahVRC>E*S`5zpLbCpv1#;TmK0W_p`J`quVk zbLTDA9FO)x{!Q#DY}vBm#ykZD zf*!8-Z8)t52@}qLAgRo^;umjL%OR;3b&syQ!Zbb+Rm$)BG37pRl%Wadj2K1sv(x<+HRUgPs_QfqWIaNV|O1d3bI3Yh5y-` z4I0UtKC{IhV#{gH>M8e3STCHEf*tzS_*S6{Ih+C!_$CKFrh$I((pR%Zr~uoBG_Ov| zo`653T9FraSb8)O)~xOQq@TR#&2cZiRr2kF3nqpA@>j_7?7e`{Rx%eB&s6iriBGzz z`bt5Pqkzw+wu|1~M~^~W_GCsc+!OJE7gRE&V}}j~x^BPMG<@Jp=E)b{Ew&k?pGD@6 zs`U#iv*~HDIPEX)pZMPQ6)br-CX3q4=_X$|x11cT8Cf@H6{-uvrB zU$C#-o_*FUtT;ZphvxV{J8vI*VrQ5F_rvKC0lTa8ivhcz5^xfHm48@2kvac4lT)`b z-${j{*GtTk>Sv0#DN!Wdqqofi!VZ^C9**QO9$DLaxDk-`w*}%PHJhyout} zQe!HH`g!zTEwnsZ_`N+&GoG(=_=LAu_k$bgA)GTb`sb>-qoyd6djZ70gjbb+)Sm zX}5>7r&O@~+4z_F7!)(KL zBV9m1q%Z^R(sl*J0gJ8_gD90jKt7@{W6sA{1UIe78J2{g#}FMrU7Le*aS@A8Qg z&6UvSGk9l|iaXI2uXXoN>UKOJs|~t`)QBLXz<_IKx>w)|qh}+QKaSRepfHwWC}Kn7 zKM|s%h(q_{FQ`4||7>8YLb(n@7}jeE4!FZ+smy4TmAVhjLK-A6=VVOS7lBeT-^aKv z4q`StYjAl9`Z(48;&+sOar)WtX}bddM`4;)zVLrFXnb31?^#{*!@`@l&NM>bsX_y0 zWElCuev0yh1~NzU`^z95QyVxtmq@s=&MdU2#+c@`rm z7jEFL*cbkaOxA0Kcyah*btkb8-8>%_Oac%)4c~>w;wM)!tHE|AB_p4(gXiRC2ZkUL zmb)?LPqAWcei+!C|MqXCqghlZkjnNsSUY`CqYA$k46D7@M=TKwb?fKr)g6APTsMZp zfqVw?9KJ35rRK=;_%u9q_AzaOmX%JZ8Sf{+sV=1>oVd3`ELfsRcxj~)Dq#Br&P@0u zgW97`Ud$6WQf?7h0Q`bK>7{-+8_~m-u1hKtKF@X@%M^c?EgeNoHlT7 z#iI|__X}BnnS2_8Zpv?Os!&C?X8c)F&S4{2F#?z>V4J`0XDI=L9OR)97`t_anD(1F z?dzJ{QvvYLF{J(B-q+&p0XdQxdIexPf#^@#?Yq#9wp&LOWnT;W8HGx}^u;Av4InrG zXNyAy#_yWtfAu%PgOKN6iSydm>B(egTK)iKt7TV;dGvyHxs&U6!!=OHs#;1)4B|- zhfCY!@L@`LIE}+B*$9W!2b}NSUOy|a4n}t%R5ic$tdGj2&-(88B2LDtsQ%sLue9rD z-^dXZQG6J9|7a+a5dU5MQNa=`w2?x`O7YAO9!Z)$9lYk}lGHfh4y;>KJaQPf(E!IR zGhM9f-#0MI!zB?T4@b<5$1VWdM>~$9nW3QnV(|g@k}TqdbR&R*^{YHu&?pW0Kw*C8 z27wA;$H{#zh2*V^V=SsIuO`Gli2Y!RNC&sg+I8T(067o1K_lKwo`N?my@y8xJ?0vB z-pcr^rB}mPI*ns~VorGT`mj$%kM|wqo?^(XS|`kAS`@8Fx-Nk+kOwXw2OOoD`6Ylw z)AYeiIrK2}5|~DV@)A`5`2Fv>nJ3P5qL$3Q?FK%Fre9iF&U)CtR)$0BI1F-$_Hl;; z=nV&%rJf5skHdTZ^En?t*aM!sBum^)6-IgsP?bw+q)RqUZ~L7?o37XSWFFHosuX)> zGB>P_h}#97gg$P{tf=vIx31i|d%*e_Xpg3>>E{QcoH%D*tl^Yxfc&Zcf zUN4ueUFk&p>}lRR%oL6s52PJ?M2hanm_qC*tO;Y0_K^GED>h}Qyh07n$(e@;Ue^r9 zZPgabr}veHq4&SBk`?@68}{F5*opT;2)`AZRdz2e?OJyW+|zvh$gF~9xPp(33`F)q z=mRQtV)}nH*mTl32WZSm;e}_}^)_z9fNry^EdbW58prSB;GgI|t`1(Ts%CrevQ&#y zJQ1I;j0iKg%SZELPmC~_t7LErg*^@+(Y{T0qjS{UbcU;tP?3B3m>67rut>P>+i`KB z9MR61y3j%{JX<-KNA}4zrj8FuQX@9%-Le)R_^B))N~d~_ztkMT__;)JM5&U7T`@?sV$k}#a$+il2RY{B;c<>6!`@Q(k%@KT5B4lG6!tXPrRx-Nb z_mz+L%WUx=D->jLDBILfj6S$pY)!{u?IM~<>~E&)zJt=l6H57`+Ddh_G7~4ek?nIZ z7hGRHy-S*Sn)7QlUGLd3F$C~woLP~>>28}*WD)Qkj~j3 zdW{BE7XtPu8<|98agoNO=e@e$FX2pvPioJcg=Gc8^GN8#@*UY+j5F`f!+S_Apo=AWQZg z>T!6ppHrT2wUbxR6$Mv5Q*d~9P|3Fu!hgav;D2va&%Fndk6vhc>Ol`K%)1*TMg#U} z%q-q#?e`?gMzq!->FV{rByr1nc?cotj31@Y{kW#_WfbLaaX<;`RS^g>SMW|}5GrP1 zjtM4dW-?1_9w6wN!Oz#vaOHhx)8ngXKe_f+uM=KO4u3H0O%H^Ur7t+F7+Jxrr+F$> z&1SCYw4mxKmr&ZZ3T(SfH=)b#ZaS6qh6-Lr{bgRXMsF%Bn$k=Q!EJqR)t}rMf@eK; z%&^aIX8p>39Y2i&z>GINQ-jr=RoV`M1>l`W@nj-mW(mzV30I1fpB>{NzeHCsxD<2{ zjsCBfUi(?5{h{h;B#Q!r-c> znECIl@0i$)!0p!3+)?CtV2Pr%?zyU;HjHKx?qI4l$n5EM619b=XPwQ+z!@6*3U;;^ zk_@X(51mo&jV<{Cn&gLCwpJ?@7U(dFnlXo7WrJGcISFNQAq2$t65ocWlW0o(n^_x@ znjk>(LGQ}H*ndRpXO!2hlWgR~=<0%;Z^5Waqe*kJ-74Azk^Y~#>NJjyJxhQ2Dn|$u zqi>5E7FQnD?{x%H=_Y=)#~`Tt=u8IEeHTheBP$?ZLMPJ&%tT96D34n4PevWj`JINc z=gnUeCNt;`#Jh%m4}i3EeflNH+gnxLRci@A0~20oUFV;!vBEP=11rve-OdCg9sEya zZ{jfTgHA!Rtu5tfm+U&%juKDn8~LO_b?_G#RK%dbdzQp7Vbh4Webk+|=xeI988^al zJVZMsGRwI9I$i0~$BAK-VHj{Z03c%Db_Z{ifYyF2DuMN&DmB%A+-; zw?>g}#!#2~MS^@Ge}H`5!>gIv1x}cUlVxp^!f&~ha|b}UTS9y3gi+7%78h9P82 zoEDUD*zWJ%I9-(qdv-j6Qh3H^4ZYqYHvVoWFd?O3mCPw}u;+~AQEsF(1np}08OG}qeUbuh*~dMSA#*W4H5pSX36``MKIAsHlaisSz_=6t-+W4L z*4=QQ^|i2nzQrMTL-e{{$=W0pd{UFzv-2c7)%#FvQ`#o(DyPrf0%sGoBy_M9ZCQN) zQHRm|Se-Z5Z+npb8p`Wvw;Va}EF7vc_7Nb1$NCu4F|DrMGgGx}3pBcoYo>P|wg7Gj zz7$mxkyHs-@el`n7wxBMxsxA+IvNi$?!$6r*K^5{&FQ`pBaIU?w^G()*?Nb(|yM znXo|t)E?D#(~7UxgW_Sbxkl*D=A+E+hQZ3a34J^Iyqa#?HjJKbMlG>xXR?~$-or?j zFLv2?Ne#n;CbeP+ljpc5S;f8?&TTPKwCG37t|qa4b+5B2R1SKB^W?jiO8*DQn%|jQ zF>xlNzguv-Kzc2?`^idP=v#gIx%G>y;RA$$dcZb2WM>FO%G7DwXvj}P5q+( z;<|r8DO@&ERcmLfR(l~yJ1v*-Tih;+3>#eT#`)s4jZUY0;lX)i9fU%^sr=W&8WEY>bVXR^ z|2WDS8-+TbtM%hh>wgMU*We+JfN zoiH!CD$7p_Vypr5-D7+A@xN&KFGzFgaYgTjdt3T5{27R0h5F0A*w6Owz}oO?Q2z_O z|AFa3a}PqEbFzNnK?a_N)8zjw`wPSY2=Q0FyzX;AT^n0ZX8Gr*rHVJ^t_hBwDL(|4 zY;3i-pXR~d?aUn7xQ-qp+ArSxHmv#vFarB)7F(m+^R%fg9ofJO|4sB%^=`B#&A_{* zCo=`7wW#3=Fu#$*v|Jf~$WCcC;@7YSBgSz{u=7ZF3s>T;V?$avmvurCYG{_UXMn9Fqmz@;jCzlh4V@2x%?JenWLTA98LZ-LZRtkjYyBNO*56!*4Alz_Bzg z1;|g&kG1M{GRnKp2aUtqeNd`@dm1mB-M=^5!h5mHD8w(AWon2lrTP@3KL_GO!pe(r zjR!cBY3KE`JbL8lpP$Q2T!MnEi&!RkJ~CeY|0+j`XLCD0T&mHX6L$^CA6o}+8(~Mu zY=cg~OaDF|r?~>~9jaE0@<79;7^f-)0H^&evgvDfP=3AgK>)*l?{x}u(KqRk<;C>o zOSxwQ1jz39_W}gIh$#2#6m_uucTOliz>Zb<m< z}srTdA9C;uG5m(V6~TZb0tC|Y ze~S{{e=5jJ;`6^sxjXeTOaW}=Kdd1LM=t{Y*PV*vdVmhW%VyKIW_h5owe?dWQ1%#L z5Ls~SN*LhS|5;Wnm04y&$A06SQRw-)^*u?qcTJlUK$#89JpqyEfA1(^1-3wV`ERXE z7+umE%uuQQVptFhgzUNP+TduqE5>UtG3dK`!v@gJ`n$dRL(dzxFK?bGX}*}+3uXrT z#ccbt@M0W2SQUivvQ9kihY)#k2ok<0|MDq}jt2gdOd-wvX7KoMQxSH+1v~EE^zHa| z=vmJM{a&z6;Mv^X3!|;?eTBT;CV6q#f$Ecz^s}h$DqP#j$NCZa3?N8~7two60rqV` z2}rAuT4x>l`**LA!eNPw(SC4znE0N))IHn@6$#OyFG?fd6j_Sgh3VcfQ@@( z_c06lE1fK-WT#I{tWE7Rqc%(bVf)0sv1)}iuaQ!GWAb>RHxhJ;F}L25Kpb8udZwPL zNm^>9l%jTpS<^4B}=gKdmf7p`avYl_D$h`w5{ z(M00+tc~umm3)UW9x#cHAz+rk_gtPeKpv@mMi26=Vt~F-Dj@abf3(a~%OjS5!L=0P znX23ebYO~KLBRI3PWXKKLvEUNPado1)#~(NL-&gvyr$R)0-Fh*%gVtrtV}z3BMO0L zPA>_djKRl|XP@58LDRHDWPiE}MkEBFW?-gTN4>FovNFa%JMF~DZulU0^eDe)HU!Io zp0$9N-@10Oc}vbG;n4xB$*X4bkC53Q?6zw;Cr4%umhx0YMKsrU(t zeos}`d5=l=LwTU@#+p$p5b$xAtXzvK(Xxt}72~)X)poUJ;-h<7^O*4q70o~)BVL6@ zJ2K@~hin}VJBdYqXem3H@^1EyU~2Q?3&f0Vae|Xa{)3d7hOZIFvaZcfv84;dH05L6 zEqiU%%cuEh)AJ1Xn&ts(dhGej(~`Egn$y8n2i~Eiv~%a*8lj1F=GgFuStLdmM2cXS z7+U^2_(=2nMVV=um9ltEgx6us1B#lrDkhr;j1H7P@D1u%mj(|;zMtiM=3e)#yMbqO zA9lO*O6+AUgBr>R8^3!QU5-JVY%&e}VV zy)e6IS}^`cNp8YxYJz~0h$60kSgBU>MJEC3Ij`2Ps+4(E9ZEaLK4ks9W*AmP&Xzyu zbs-N0dRl)33FKSCrJ{@n$6o+KNGDoh@_3$BjnHfjAhjl~2=|6`N< z>g{(pY02U56Y!FX%F`(C7G0|r-A{s#!S88m7lT;!I#v1XX}RtCK=ix9V?&Q#KT1o! zC?C5%^dR3BEgS_J^s@t~C?`hF;h3FznK8kE-E=ojzH0l9NS8^Wj|U{cT!5-^QuA!d z7gK`;&l@Xke(&Y~QS8%vno=#I?goQ#OK!ftoXP{Ul4{RVfdsn8O^>T7nTwtolh6v| z7xk5d(oz^Z9dLZ%8SFojxCk({e{ydoFIWKO4HFcrG-Pved0hO2ZBXa-Gnw=XS0f@1 zWpI=17#S?W4j5{fTQ*4^+W z;pMVG;&njW)}G1ek9@rRjzz`5RHgIy&%Uqv-Khr>Af&m)-BX(cyTA9}IY3^jx3Q!- z+F;h5^{I```KHe)IqlO$1x(hB%q+dM#2>50Qzlb_p%i}&-%Zi`DK5kDCXQz*;2DU| zzWTS3@O6!CID$jOor4?4uvd|1>6Xx|6ycxpZ>m8eS3k76imsp=lx-CQi6XMU0i(X)wx-EU(JeXIMdrivEfAcE&OuB)Ej}F^MuuuZ%H(6z^(vK%nUV_ByXm)o7y(B5j2#1|Q$7xQlDjUcPB& z0{#~cqqbqVvl1AV=Fvs^p*g`R1OSRAh-IF8+04hLOCh<2PtETYG)MOhmtUVlK-3k| zVPm3=i-~0cu?4boDXZ}TLOTi(}mm}o(&c^@WVZ0{pfWK(lJ18UJ(=UVH%Jo540R7Kb@s#XcM z`cAuIC&<}FY_*OP^T#oA*+LUc?~6S+W`UZ$v~qJtFngv#vb`9u=SWmYY~Emln)=vh znnK8by!}_yRgMw~%aY#m2cCMnaXo3caUz4Oj~&_z8g_z$P+K8yE8Z7r7KHwwWHfdV zNuV1XjN_x?g{B|Lhzn#Qvq9xq|KeT^`@uXM;L$p-I0vvM(l)9s3OK*NNc>t(IZuDX6TJT*YxA3UFPRp{~dCo z=*Dn+a#5MICzZO~W*|j?WsvLvQ#_VAaK~4WE^9J9DR9{T#B8ZkODE+aLe7;9-AojP zdd`S6Br795BinxwZ5}PF{c#uK?b0YjQ*3+2ENQMY#eVX%+5mQPo+)z?F)D2 zny`_w9nBdTA<_-r>(FYTfB?p%I2p{BHd(npYJ>UFO*_;3W>$D>XyMr!-Bgv8c!tEj z1E81gp;wY=Bj*s>pHMG*TN$5shj9vpzJa1LYYOmCVf56KB+D0Ap@6{dXeV2RhE78` zWh6F}1mp90p7WLHxyKe4h08ooy1rd+j$H{xI-eG^Es1Ql3a4}B7IHQ}c28*bL&*&f zRJ+aI^&jKe7V=3?O~WS`LE$YRqWS43fr&ym_GlCqmOxFRLKc7V1Q>w(Bk@}aP z3Wd>T5I00t-zjU3ngDY?^V;3xQ&=blV3bBpj@ zg??EU(TpYePuG$|SAP0&xncG+lo?g9wZ2(5EjgRl8pj6IV{v8g=p*8v$fck0MedP^ z-x4MU4@%|%O29~@@AkGDhMr4`+$>CtS(v54@Q@SBEL&sv#gM+fN*PIFVl3YJ^IHe@ z%=)6jKbQvSe)i`7(RDt}lM`GIsCk9!XR8p7mqpM~JaU>f887?@6wGS<=_?G43e1*d zU&d=*o(?}umU$&?>@jl>@VvIsi+RCqG#9N9jg}?tSEdj?py>*SNYKS#lv8s^Q|JN4 z!`bvnv3`o^akA9u3H(Dhup(h1XY$yU$&q~SDlr>&QpKK>SerS&?cYaw64>b&82UR? zu&vh`czE!mX#PcbArtyDDx~$y0vPhR_%M@0u>#b+-BbhYHHL>g7;F3IBu@DE8o0+s zHO@gCx>WE=z$ctO1XgkBl`yU1CDU@45tSz@Jr5k3MPq=3%cI~mnunXO8SSf=wvN9_1n@5gHd#LgBa?5NKToygFSHlf!kSRQE~a7a<}q`e zSGiOlRBvEKcs>f7t;riLTV4a*qsId{M8azZ6b8#A21c6JMgfvEqO4W#(z35#b$XU@ z|4ieXn}vP0aK@zRo$J*jD{)BPO}63gHvAK7^PfH&>q=}`&YZoev9DwYK9?0R9$;{f zXvPSYozseCUf17C%zEZeUTB4xSAcIM^p9Bb2(4SVw|9x#w&qTr6UN-37MX3k>Rn#S zLN|%v(L7C5!?=wdtktreQ$Y0BtmFy?TMmEENVKK_THfUL+O&`rZ*3hBKCodL`!tDfNl3DrshHI!m5-bL3ajelPPSNf?m2E}3odr$xhpm!U$`4IrhgReewxsKLV6riAvE)> zXWit_6c6-E>$cL^jGYel#5@Pzy6Wm?f%TOb)`A2jh0)_ zRJWf(%EoRhgE1chCsO==3IAixt5-p;R}H=ET}{QMa(I%PA7rLN)Qg#SZaTAz865_6 zH)tr-4f`kKA*FYD%k-tI$)wQt23rZld>xe#lK2eli(`l;?j;eYB<_ZOA&uIFhY^Aq z+lmh;F9Y>4dyPDYW zn9A`4LBUflpW#dw<{JJ6#mpqfw5eY@C+vJP=bv@?bu7f)RW~t^(QVAEo^x$lSP^e= z{l3@a!m_x~8`+6)^CEVtWuro$0$tJ%oja!)sYa-2#8@#*%v@#NOe_)=0Fk_{nk@f& z8uo3c?`s10dJesK3!6u^23XD5;Yg|9sjfB(up7X2FXx0n#xI)(RFZ-l%8$>{MDS0! zg!z+-dDrmTF*Z)Daj z{VGk*IIQN9l*WY=kb(HCEO}hBtoiw+^?<@^DS+1oCjeK0*H)al`cEqjml{CtU9bGl zd4j_7)sjHE&lW9ksEQCsAfWfGi2(+M!1oPoMt_DL;%JP^$I2#ZAHD)UWJux^N#|Sj z08%M%KPW6380;o=&bAW#b}y8G8M>;-%s z8*cG5#1q6dTTPv+1FbVMHYIc!Z-C;e?wYEuS6>{b^Rft*0$5vALSokUT>l9 z8#FfG#Jh9|d1hai%xP(+jXjatyuajHI(!zly@$8pkVnD>eDiN$z7~AyQN~|%U7`W^ zrADO7wW$_HPca_q z+<_`|=4_{NO`;sRee#&&P+32nwsTG{_6tlHzk@rX zB(FyV&bPV4fqD+u^NuHjpK2|9X7pj|H^;DMPUDr84iO%ov$dxdru+3rZzVDAM3K#w_V0uXfo%D@oKBntrVzG}4HE21 zYCZH8-TG7w7%w^eIMT%!%XE|6Oeb8s;`)fs=gRH;rF7M{*!uuB$Bs&}3_g&8EnxU5 zsLaZ_ckU%DUO={PJQ6P#M(HzM+ToF=1dFq!OZ;u~ky&S)#rY<8PoAKzCrR=?503-p z;^)K>(yEUHiMMrBt^p(MF=?_$9!;i+WxBU2(Jt}P61ac`>RMyAkKw?OHYmlUF%$yA zBI(q@YBv|wnw1*jS;Gh8ns?!F_qw>q0qf8%@nY%;w=tQe+i;F#hFrds*-A(r{DA(I2X93R1{u6meMYXF>Px*B4p2Q;#4!3dDc44_w{?jPIy75c2JCnR00Rbk zUx^)QVW(M#diQ@lxkY2+z$UckC1y~K_)2F;zn#X(+bxv= zWAA6nM9Uv=g+m?mdIeZ4Bk7vJdG~ExXqlFtc3042C+tnTAWVzc0w^A5UzfJ+sS|`a;cBN>Ac`{Tu63QeXF9pJp$-A!0HzrPAuI=Q8oXLX>GyaoWT*|0Y6G%W%I>g^2do*vNH? znQlnIJg6p$=D}Esf6ClXe2IvA67Sl3i|R~IG*&&0LPP+)8jK6G8=YI4zI5Zz;vq>i za$1C_M)=k%54;1a5%K*mkKL>uW{z?G9Ne&oegq4RGos0Sw)TanG`p{MXhGVZMBlqE z^EztSr=vb&Of-UL@`5s{x7M8i=YO)I<;?>rJY&QsWofsQ%tNA*RP8mKKhx_q3a>T~ zY*nUB(tWJ?a|4)iPy##X?&ehV#32C+X8D-=77g&jD0Ak4TZRG_;+db**oXCB2t9gQ3mCp}MsxI1j&Nov*p$=lHeI4@ zCIAd$#?SMDIT@CV0~}!e@5Z`kDz|Djho(xn25PT6%ZwjD|@@RNkGeZ+?kh%a%2nRe~AV(}3Ws>YfH(o3(T#+9&G*a&9Q?_vzei~?UW#?4G z_>t->!3@{lvy@J1?j$b9!MHmu4IQE18DhAoQan-{Z zHkaj)Z%OOschaJTZDKVk9qf&!guACgBkQbqOCcj3Wkyl%2G_viE#buPGUsQF2c44V zdK-uB&}d+)4j4?KlyUbW{_2%YqG6I^$u0NM#$~khCH{KkLjKoh_D1`MoH7H5B(?$Z zs%`%^U3WcS=^Hr5#r;Pc&Ch`;#DqIkY)}zAL%%Kx`0K+Nc?SeA1B2D$uB$x}9FmW( zxH9*wTIp*^H7C@QDsZOMwiU7KU}~y1RFaFhPcOWX9*i2|ijL@>yts+B2-0=G(Ew!T zU40a~ac|_ExBT&&>HP9AANtABozB&43q5C-c*(hR(K|rD7?8n}aOum;b>PDw`XM$b zT0#*Vp}z3;acYBRBGNfA>pRPWgjpr052p0)&t%xTN(p-PR#XM%|7q^a!=Y^3xTmzJ zMr*gVCL_CiltaErIk2G|%c2F-5{h6e+LfLzE z*IlWiR|bt|qlrzLp~U{+RtLF;L~+%(Hsh)vc&U4E>GqKAc`PFWG@Lp8G9D1^M{xM{ z0Hl0{f?-GA$XA&=t|K@i;{#jD{%*$lsVA}b0lp{?LWb?LE+L6-{e9ge<>2(6+~Gk>Q304Tv^7xIO{3~MHKWVxpuppQ!0I$h*;^R{}0vr z9j}00!DbVJUSwfoBIpiPSkGNc4YS!qC*X7G%1&bsGj>aH-1SC1KY5HKz|H3Y=Fg`ytc@-1zEo+k6W!-CTu z;9(8oo+c7-9DodCe7>GmVE4R+9vs@buHJ=SHz74=|@VaU%~ol2PnQTt3z(hx}&;IBY&{e_+t z5b^G|Sb~Z4(m~&DQ^HY-GinKEuMOF*#|pYuy^Tw{cuENA-O>QA<8TTJaYp^FtCkoD zKHg(nfmF%Xn%yHHWku|dEv{2X{LSq@qexx%EPYZViwZQd_NR6Y^Ca0mfLT7oQ|;#C zm{$FiX$Bk(Edz3t00(EzDBDVUA}kF@9gJ03cQPK%BxBPIEwr*omg}>xd%o}mciP}# z?94B3wc$4#*0|i9pRl{K#*1C$_3Wo5{`uq6TzZY> zb+@=^_{j6P#Ee<+kL}$L8@nMf@gm5&6A}e_LupzN-Are(iI5nB<{;(eM&!ccSU#-n&YYIFRpAe^|9S`;BA#4Gs)bJiQX z>gIuEojQ)16-(59_EX%AKTh7Ex26NJ?)M4p7-s$MK?~$I&rc_%@75!gdV4$KS~tfj)RCV}y|k;~LuOlglG3OcSA`<}A?u zFqN%R?gr_ex&apy2@>^Z(bL3P{yD73ZoNyFu$9aV{Y##>BEyKaxL{XXp?t#mQ!BT1y$pmMv??RxJpg)QpN7{2h?43NGuq5 zNI4D21P5BjJp~gc`H>P1i_Oj@&3*QSvR$d8M<$-iWfV} zF8lN^9t6ABQhKBnV+ww!H}=KcT8z~?V>5Wh<` zDLZg{lLWUkyBa>q^1iZOv~T{9uafT9C;vo({DML27Nu^I;M|?k%9hMSu6u;apsySN zxW+cim;*V$zv9~Gtg~G)=@(?M9q=F@5Hc5sZ$A4~?t@5XV@aS#m0s%#Bp|T35mK4; z#7+g_#?gorWV*$4cnB{Qi~mpqA=4Wl^%G^hr2yXO}+_~@bFJ#r|a-H+$&odKYk!-pp7re=3f z{Cfj10BIunPstFV5_ZNvau`Tx2H1t%hq5W=c7XxM^^9WEmGj~*SEnKs$T}6xb$t5o zKi!n8ygZV2vu$YNCSmud&nND(az6OMsbmFK-FLR#u_oS^e^%Yz;Q|nrLvB18m;OaD zKT9}RQerVB=^K0M>z;nBkY{W*7JF_|K&o)jA*D%e^V!bwE2Pv+AlvZv{Pw4b;uno3 zr};XES3X@ zcb7oQ6O>CxJ4@ee&mEZ^o9TS78;mC_>?DyaN2rg%*STP$OJ{p!mZ}O513PNHXYT5! ztM;uZ#Qe6XVBzr(TeEL(vYTh=_pkPNAmcF0-)H{wl%2v0+4F;n-P*2QbQ-+6w=|Xf zzqE^vo0ZrCi!Y?4O9mT%B2b|AL)u&H8R2x`$5Ys&+mMq2?0L1n66crn>k`aYZC_%? zJ`W*3SlU{@Q9fT89%8s zvQ^Xp2bw?+hi?{#Sd38ilo8?gM&C`=vx5l--J2G6qlLB+R-Mu%^KrJxcAS%joH{PIXFNPrRpVsGBjD)+Js)~A?Pah?{DT6q ziuol6PhR)hKA#D$$4ygDP7kwbe)(L8syy1uwj5S9GGIheY)&Av&7!BmnU23b>2arF zy3uvW`mEXfiJ-@S9V_j5HpH1~PJ@peIqR87#yzG+x8iSw`l}xxyou}{5`>L%er7$0 zezP1&q~f(1gg~Cco>RNdwP`VW-fA=)iDEwN;9C3A_4+%DQfC$nqf`99O4Y&%zCKnK~+z=Sn9kTIbfZd z+rQuIQ@BYHqBeH#xV8lAj`;PUrl`A9@Ap?tx+@81CahtKiLe>W=}Fvf;=^(j6uaFx7VXq>3TNO8fzN&DVPu0T z4^$=lrSdSCcz=F8;MhxJ0Wy1klwDls)HR*fGav73L!kFh9tBb;oflv7$yD2Ob$BpT zMgTASxWp5m_H~qh9a|lrSrp8oLLNR!Ty#>9&*8cCD@lAjM=kKv4pP)fOP$-`9;~ya zQ?Qbm>O6X{nwP~@z1^w07P$^EDy`WLYCYG^4(G0fwKEdbj+-ldU;EdB^ zPVmE%uSI_9x9!OmXir?g7C2g26#ZA>q>a|ZU)o7%jC5Ua<(sdW_kfSGubER? z3eL{T=gKA=x2%z`^6jxX8BsLAk0fFOz}`v6Vu3x^Osn?o0E|KNe3#-(F&K;Tc7aDM{rDm3^kDIRTDjrYFJ<@wZS|}~F^JNn4s2*q-tUgbOo2o7d z`X+qSakNe4FI7}9)Pgj#W1~;(5$kVS`y{M~87pchV;&q(King|_zTlg-n>5WT#>-_ z?ZYRk*QK9T)_MW+n;j6933p`5F|5iA;L^HV;!q> zTVKsG-Lc)0g6D8`eB{yI1f=z28n*-C#Q>!6(B%12?}lG>5ANg;u>1B6uxZwgS`E8Y zDN-HAtwQmWf0@?RM$zQ( z-~M*YEIKB)CH2clf>`Dr*mC7rBh4%pKrMlx*;GYakIa#=m)>|o0S%(2+Wm(eHu#&h zeUVz+LWp7Vn4g^j&(2#<$f(1jB!UUn}*I1L`M}6R9pKq+5s&v*#TRrr>X&UzRTzj!pec18QBF~=^2$TBW zlVWp>kw4)o%)gqytADN$i*UTerQ;U=ZpB`5z-QHek~CV-zHZTQiiqVHCheRojiID6 zy)i?oZVMJ!+CxyIANsA?MLr~iyYjOoJ$RYqV21p!v0pj{xMuIVeli0K83Y2*K!{vQ z+)Z=aE6N=y1bW~Wu$=(-UWZuFKbrc`i~h$Lp!xK#TmIc7`Ogc7fXlyn7({#FA205| zt%t)0?2O-Y%7WK{kp4KI{g16Z{iPOri@=e3(L;~%Ps2IyeYbo1RmkDwfNaHr#`OQ{ z#%+zYRzZ@(W(V0;m$zkuc;HP6`>*zkhaiU^|Cm6uj{xBS6Ut#0HRVreL+lnK zIzB68S%GYfhIDwC8 zXgJu37R(!4e1bTFbo=0xxQ z)1y{Lb;YMjFnpFzFh0XRTlGWKnb?;vUy?L(2cefLfKrDe$ho8dL~2NgiHY@UYioZx zUpcczX*rTkF1fFw>u<&|S|Bc>9O6xqVh!SBZRnUESI7QwX@hhqN!BMx)^&wdl_qcSIM3 z4@O#7{Kw-r;PSRS3C8`)3cQ^RNn9@FpNd{_qo!G2wq+x^xJm z9rAGq`rQA#M9X{d_Yk9;W_*{63-$2*S!Qedow4lth@CI?-{2q1@N+;)k!9%$zrM(o z4ff_=5u0`GL@t`s0x%&cChVxdtmz~7?Ma_Pe}8|EsQ_X<{+pFAK=lHPz_reY1i!tt zZheb4&YzTHANJN|2Wc39lHUobqEzqn1}uxNQGPf<+qJj}HV@ zAQk`^)9EWSo!mVD((evV0?J*DA$7eM)LTF_|A38yj2P z%^M&}e$EtlX)@4cgyZ}7?RPJD?HFd@kU#wr~(Lwe^P#}&T9+F~{L=V+I zgv#bSrhFCnY_#Av!r>w+v4GeEc}Ar_B>-85kGPksyEko51?U4)_aN5x;hDlc7%pvF z-Nf8I<;|FE(-L^euIuI9E9Bmmz1~|m4sLFpmV-J}lUUQ+y^B{eT+jS6n_5pbxXB47 zm6jb0R|LZn(4Y5lUPIueH&&y_GGk>pDF8?L?62-TkD7Gv=2^n|eLN$Zcfd4$o|8ta zAFuA#2gKQcOfu2l$uw$36Ixqun{MR^NLmg}T%X-t%uQSXb{|NOZ?O8k#_Cxw$CTZ* zX&%!p&R}&&QO#Qk@U{f{imeK6(6O|%G&NXtdWl0dlgld_gLjt-hj2Tew3LBpDInb~ zfC45lfI2;=VpVAazXGJjxnI0@iY5wrvvppfPKaH@AeDT0(c17Eq%p*ndTt9|e4MqX=4mGN^R|Zby3ewfm@UbQkrmkXSd_7E)v!DHPQ(f0cB-~&I$kP=3BJRq{XY@+g&6jn3 zKyEvrS0(Dgap$hk-Cnz^e|+JU8brhh;?kmD9ACqKH1_vBu`*FXD`Bdp#_!M$Lr3Vm zC-e0F{{Ciw(S`Yno5LxjvB5ywX@RAanH3eq3~W~kNv3))!AohvbYdBoogmOA@`xA9 z({a3^qv^bCkN=+r=i}HPy*iTPYuaRT8Hjto&t`0VA)i#*m^$dAArH0_pRLK+?Hs;e zY_4fR(OOmVTera!42kovFOu{LOb)^;$RXF?V7iY8zpvE!qs*<;RW!w6yW70094!95kd4O7MV!lx=-ZN@vaH_7x~(V?)k9S}pVt@b z@ao8uRUN-U4at9m*z0&Y3+}5NppgeHPw#Vgq#O#f5Rc1JeqI2VIu*A4CG<@5?&*IX zyyB;t+1@tjN;zU8D0$Q86)mj&P{>`o)npNu%m59BsU;02K)3|I(Fpvn zyO;aI(wd@xoX7d90_v`O9Cf0xcUdY&`8I|RmG3Pt&Vsfh*MxEfhHNg>3G`k*^NFQ0 zV{N5+AO>x*;BgED@{O3YU;sLppF0`5aphy`{O0f9zqJobb+G8>Z4oCa#*hSn$PP9m zj1JM?flRZn*~H7rwQ*dy-(C1aJpyPOzaE=~NFW=3h)(BMS|()wXP-a7qJiX!8#~d_ z(HAd2?6B*gNxrdKC#(v`2?S8#hfifZUY&H;=)8DwV>N)Pn+Gx)@#%F$b^&5@d21Y+ z)?6M2i3Cbkv`!a-Y}FzO&0mh!NYJBLg9H7y9nYw6-e|HXHO?*|uE z(sg9R=+k%sHNjagc;AJf3?$BOWFO;ZH#Owe@}qYji?!9YXRJa_-vY41lLI$h6vI`=H6>gDBgG3Ykd%A^mcoV@uJYKFWq1aYB&ZDpVA zp`E_933q`aokK8>m2dCuG$Q0T(ElrZ9JP8(an|EX}O(f*h@IR;Tqh=X~e7pWa)!Q z!>MbLfiqJq*L zYUJL!@0B}y#Kx8b#*^5^_@}Sba`qXTUm;{$L%4b*bhO@{j*LULGx)p358#G4AcPx+ zb7E~?+O=P$3K)^elm2yPPG)tLLI{ztc}!p*#_^r4k0;W{T6u&`9pUIKXrYqQeO3i4 zTURND!a)(K%aQD2WrAFZtBWHLX&e}>=tHJfjc?jm!$%fmWZB{8qio-IQp%MpaH-vo z%n+33=5L&I&2)67$bF|F@xo9(D-VGaO6ab%e5d#v17%CX`FBf`4Cc^bpy?i_bdVt8$-7GSC8g?Cadl zk0r>!J7xTW9n8sRsS>hnGB;5+FmC%W-uhM&3eo41)nko*rMfk*NF0R(o3G82S0TaT zmX`CoNc=jUy4(KnmdO$f*!aQ3j<6LTZDR#eA1NiN$VxCfQ;uWlIz21SKQGBfJtJ^yB3_y=C#-@A?)hyn?KMbEQgAwI;OA~ZYz)@*^ElpgihmySp8PIbPB?U;*h*<&9@Ax} zHs=-D;L*Umw`CiZV69{{IVO$z&Ze&Nz%3rcTVAFw_O6-(GPkvqYHg0K5_LNWDDbd7 zbK$gth*$-~Noxql&uLSXX1`4chc2DU0-;e6}NP<5o=xb8ECLu7LpAEN|?uNlTRTl3}YKCjpIEpqubr&k`RWO zZ%3+p5DUBwp%+hPi0FV|Zhx#>2RgUTkT^ z4W!5^B(tV{OcM8;tuDLjhpEC!hLp;K7wf^?cf8D|(pAZJwbw@nw;0~L%zd^p^YmL8 z%=eX~!&fTfT?MxNM6m(Y^f}}MOY(jP6~nHnWZ|PY0Or|8vBGuauAI_mbO?uT+ZUqnlogWu4lKs@X_MA^I2bWtrpIgD7#;8<81(UV@n z5M(Sl-DG&Ii)XkTE3RZIMts9X%J|qxrEh@Re+{gzToKvvr7Dl79~e)3Ior@une9}s zYh2PP_5nP;;j8k6%#CE*_Z?I88Q<9Nn>{G;fLjdU?L6QFa#=4mqm)e`UO2H<5r^D4 zy^V_A6IC>Fh!g%@;-Li9}N3tR@4IB5IQlaM7&pr!=>vY}3kL`Q*_-6w%y zn-P>gZ08{Wx*+bJ5{p*1zM1aqAs><`B7Pb!c4sAT==t<%P#}X@$xh@;*$tUi9+pWt zZ^MmAIjcyNQp)2fW*|IsKKk7=ie#Cl2!XNi7#aZA3Z6ZWADyx~SNPj$bpO7#s1M=> z666MterkVGs>p&gA~HEB!lA78EajX^@jk>Z6A2+3Jr+fT2`6Hvi?OQ{`3irsXyGOLUd&#gi9&Z|uW- zP!^>NX4VAP&b4>mIcEC9fxXUq$6bTiL^X_`g3zevUfPl0@FhFE-hxu;T|N!?(l3Ut&9KpJTJ~S(x)?e*{M#;a!Y9S?`-}ePdiRB3SSJ}e zhn)jr=N^&`H~QYke6uL?O9+tH`-?E3%R>Nifj}2ifC2yKy8haW6)>xw9_- znHt9c%N-Q?>i=o6Zyw#~=81AojjZJnDLOB1>q(5{6G{!_#l{}sYW=#QZlW|*F826j z1I)8EbT-?yyoqVRCFlWQ)BH|vBj28@#A0B1=oX~efUV0jQH4i+D54Bvd<3nMk(h$w z=O#fL1-5K4X1SenL-kB+nDY2ls6?IAn_glI_!lp5l(KR{s-9Saw&bNGbP)*DiI;?u zv{)DD7jgos%&C}amWFq?tds!8eaEHVJYqbQkZ~EUJX}8N+Vm>1kFCwob4umazyRya zCM2?E?0H~WGfzc;>>Up|qduQg3HW{=f+@3w0x+ev;Y}HrMKwiMUT|a+#5*gS?@aFI zm^DziH;N~`Ys6c!dq?oozD6$EwZ4tN)~r-2eqxsA8G{kA5ixNIx&@P|ivvmZ#q>x5 z7vHvTB^*y#vD~Q7N~x@*@d@S{dZZk2@unKVH?oqSW99vO=`~a4YqDaMQ~9BU`mXgs z55KEnZq=pE9FW|UO_M3*%$eHeAmopMJ7TI;j1BB&Td-SgwTu%dW8U=4m4!JC3!-JV zNlz-_$ve=q-O`4~tZB?v%RJU46}9?>!oq>Ha1F0roRuFFyb%0-no}%sTrHxe4y^*e3Jvu4ktvM$Spzsrj19!mdFeWLq`OUlRhN4e9U03( zKX5)VtBg(enjz8N!HjokQ8J8BcNyJPX-=q)A3u&wjwh#9#H*Zto%}!vTg3y=>7GK?X*ZH6adcUqqnUBRlOp+3IkRo`e(iPbUoRQbnLibH@K8euCdzO*6tgOlS7D3| zvb|t!`z#^)z3W0Sv>(B4mVi=jPOgW94>HAierPa#wiYOpSj>nVl=oK}Xj@Q3%I(8? z>5<9t)L3gd#0*T=)jEI|Uh^e;y%bopAI>UgPU`W0NJ*yaM1RFfIrEmVCAP)o_{ccv zuK9Y+D5X|JC&^`vmv{tFIL9ZFdWX#&Q8GuTySgxm#<6B#!Y_Z!kA+C(?nb__nR^-K`^g@`K?X^`DJfI}P{lg29IlzbxIoWDa_+)fU z{1o8nwVH1s^)Jzo6ME!FK7l81yf}erI20zoxvUS}6W}{=J-N0-6GyGLrEakRUja=- zdjQU|&fo`5?H$cfOtlDF0hlKzE^(0BhixB1t#t%Fy1jrDg>RE1< z<(lOo3>3Yfevs4#YtRRZwO;anZ+2k5BtRQFXnd9SZ-gee=2%!*;Hak`BjLfDgIe$w z@71we`9y=D1u4YN9N;N`u})OlN=!ix125eVTGmJS2lu^^mMttO*e7*Fvt*STS9rTl zpa(NDGxe7fzEemoxO%T8J^bQeZk9ywS}c73r=ZG?#PHsiFFhji=fuiN+4X#)U(@C{ZFo;A4a_kz!AnyF;LygtdZmxG5_zcv{zOHO&*RJ>&@-uknfBu| z_sShR!@*7?Wjj7lEdXehMxTD*c-D@Kmy0WN%^RTF*rGt$iT5;Sx$S01nVU?LZ(Yz({vg=5>zyG=y5wUm<<^bl1suvfk64w6ku~LN13+dX!ln z>|zy2jT;Gnx)f%DqfBkf17lu_=-jQOe~#GSEL6Zzi9W{C=n=|IDXF2IPKn?_8YmpV z=jrY3{m3oemeyl&|3)!%FaW%hj!!>p6Em~r@6hyRKcoVzb$NZhx9RKl$BX;FQt>oc z*+SdSYh0}1m*(~uFa__ns{_TC?Num`B{ns$$JqvNH{i&`?zzep8l*8bXW#$!@gui# zf^5qUn6yUgQfw$8t$8zlYEA-}>Q`;jYET2ufJ$BWveMyp(Zd;VLd0C+crJ0&ZlfMx zx2^W208$gG$X3!+DVNKAFOIV2%W=5{@aQ*3I8X!-<%e}5xqW^}S7p)$Z5c!!o|?O%4du8DMa5r;HGR>ozzUi34xjU#Obp)49kI=Qf838W z)zmaHD=g@+yOs$5Gj0Nv8)B{FAj&@ZB6Bi&ZtcQH%&TeBL|GT{hPTt4=5e_S9%gRk zA02gMSScfHklq+JtcgG!>r*2)U?m;H9x0ViN;MDYb;{CQjO*=C*LE8BxRHI6H!&5P zass<(wf890DSX7^#PouU^|_*F8u9LETetX(XzL)Cw5HKoCu3-!vnc=Hq%qXdJ72w| ziFQ^twv-oWhfG$P_AiXf)DL-tImKzk!%!|h#nYxISF3tG#$^aOJjrUqZPFO}ZtELn z9-aY%wQ|`Fh>Ce(T5Wd#o&7%6IUJj=D%X{*`7j>Y!Ys<)IMS;jVqas^<%{*7aMJOr zF(BA;K=`kZ5D?kfM3?IFd=vvx@WI=~h=m^`0H%!#0B?*{xr~=>qdt$uXHG_0H^B&w zUhE0BpYIj?S;ss%G1oa}q(dE#H5H+G5<5L@MV0`*>zmqO-k-IHq!u)8E$OvMr^b^t zf5#!T!BGY$u~qM5-D=`eDK!Re@oXbiowc}1%}(EON`0*%jjECI=v3=Fx#Sxq47n~? zpZF)EZ;OhF{t(OU+VWDjxafGSOqzqyq*6Wd2Pz+B5n+4~8hDI-9(9ICE1!~c~u_i5eWWsp)!HeHP& z5KjX|Z>xARbA}7nzJZaKhv|_QeH8#IyYwUEVavMh$){zN%?~TFO+EHz+|M5S6NmqAmz@ z1_=U@1fM?#T=|;!N*x3;O$#n3G!)b3S#+jLTrMiG8)QLRM_|5-fm z@{2g0p<+9d{DB^6b@n5d0v6kll#0cKS4R$O^D@AWa_;#duf5fBM!b8FHCueVC9vtKbR_gmuu=e96L0KfdO>Vtc6`bVcKE9bd&KswWp?LHrO z{4xV;JhRK&=e&m2@BIRO?Xd9ZFae^XIQG#^d+$uhAY`l+Tw{=qgj<)xb3vG$=E_=C*N2G zex$>l0R(bO$5g840sF%aJ5SLWleP(L_$ew! zD0C;gbHmK`)hZ%sRw`ONb^*1pKoi}Y!4s#Ij`|9}T~y`Ao?WIxU|Kc(%gPfxu?&=& z@80R)pQylxo|`37=+^Rnq>a>q@i8+^Gi7|uwfkz{D!!WFXmWHt3uRugMXq~3KW@yI z0?WWwGeHR5tfG#^tYPQ~fWd=6LAJM$^8H4zhVn0s1^UIf#3l$EQej+Wt526U2Nrf% z^OZLpRYOMjFzh)tYbbuO{99=U)7Woa(=J}@Vir5&@n+6xA#LJ@fO!!AGyYbBwj>54e8<}p65rm&h_M+sXD}JO4aFU6;VMX+vqIsT))HsT_n&f9 zqSK}^dyen3%(#)WXg=g3jY(S(7KdljMo9Rvzo@hO;C>%^8eAS3>r90rP}90Ap)oD7 zN%OZwpYys~t8G|v+Vu0FX)y&`N?u`l^m{8#gHmrES|>tr2Di%`V%aNL`_a!3b>Gkq z$avrCnEACqZ+59!rCv;tG?OQF))Bo=CeHCqTizZW&o&M6W~#mBjA^G{ip1$o|G$6D z(A%;9SO`Vni=HR<&z}g%QMZVtYuyt{sDm~<2oH5F(^q*pk{IjP;c0WjDPyddQOaxI zdxe@TGLy#hRrZhT#f-Nv>)}Q%%RGbD?z=ZM+}-wLmnzKns*W`;yC&qs0a8&OC6i~i z5PEo={`hQPW`^%;2L;(0r585qQO&mVwb!?meDQrkRQF3UsS+NNULde?nmb*b@@ts{ zkB2vNylki_5Z}i$W8-5Z9YCsx=DdOx7Z<#76d8zJ_GC9Y0-rzEw{KlBNGK6^LC^)Z&{E>5FA6WBd1_Zi(O==^FZ=$bmk2i{J{cL3c#bV4xryvj>_U~!Hj$rbw;g5S)Ycenb z`j%s@UzH(3Kho)K4Zx)gECh_|5*l_Uxnlf611g;fv@VMQq{MP@2bKyFwIn(hD z=(F{w*6~5%ix*_ReyzwHRref`tK$K+dn7GC5AmM6!~6511o>3d}Y1@YY9TMFoOXLx!Mcvj`GrU2-( zkQFli@XH6xYqyu{;4r_AOKH3P%%ET2r7y$kvYuxJnPz`e7g4#x$pdgLB(c=wP^@Q)@imI)uGZv9^rwYxiq)_?V;hxXN>Hd@dK=3 z+UCxR%o2;FD@JC!m(}w96!}|iPV8RqWziv(RP&TF6laGvVb-3x2kC5I)e-4@lq!BrF* z?3?WGP~KR-iM~vWp9hj7RKOBYyW`K)RuRIRx;f|+aU;5Ab{MQ+j=slF8{&Nak>^yK z48vyp?S{26@eB0NKH$#g(Co81a&_FDomcKOk0Jp*8VSx-lg$5e&ZuVB%`-S={RxZo zb}W@PYoJjWx-Ip$^Wo>Rra8~&wuqUbmRR`lBma6oz)6EK@(*FLu;sW zB=dS_^h#B;6_#0uyT!c@QF{~7IC?&dHivcpaVRf3IwT-V-|r(mU;&SeGvS$bg?-Ui z@Al6RhE}R@Jx9pj%(QT0RDGi=*Ysg^WA_OY2yBtJ6(wvq|L}ay)k-hp=uYxr1RD|* z|IW8`Oi@6Ca#3;w1gLr1-A$$gr1!4Xpg;jikwv?n@CNLw@}^U%>4m*FU#m2Ls`xh* zrqaPls+0-5T7Kf=8({1^1gR+}Opb}2;SOVHTg_{05U5=p)nF}b@_HTfLhJ+LKM z1)>=UWU^5Avs;JiTp9p=ecfuAGc5*O;gL4?3qP436ycOszb)f&vY>-yX!6v_5YnH3 zQS#oS`lgE|s6BmX{2oCHMv4d3{*a+*Ax40YAAkIKh`33v0xxd4d?{@cPEQ9pUZ_KT zU+|llXz-AOLgH4SmjfI71AkvmzN3PVo)~p~JicS@-+fujN1x6V$nb=&D^cAF9A`kX za#&_X#tx7Q{L(8m5lCWG+ucp6+j|-iBuXh+3koTU(mDc?a|GsgdB3_RH;|=YzYXw~ zlobFpeTLOmpG!8XTzMlc)-m$t%XgSrhBT)5(aDRwKL4P`t5-= zn0|dwuG#~Zc%Sqz@4X{~Dv1i5UO}EmPSSg7G>?EXF2KBOJQ|Cq?Ig>M;2!S7_f(>} z1}M}8AV|CEd~*l7D}AOnJ={KAu(dVUD|^}2AR8Ig{>ir} z?r7%w!QnnR%X-tsk)cv-4609W`WZ?g191N9!ZVb_Q-1o6iXH@dQ2pQ=eFTO;oj-z5 zD!|t|Lfxezw7?~|t_x|X@pS+<{K$L19HGpQ4gx$#1u!!4jyz^O0}y0Dq}x6n_mY9f zn}!-%$Ryj~5}g|7W*2^Qt8hgO(%rUeDvt)71H?ZZvd0NXsYOb(1+M5u@PaB(FrUxc zxL(fi_tnUU)GxQMfj}RJ)X|GGH6Ws211BH-V#HlQA1Ju1Q_g2ZSqIez&?F0bt=#<@ zfAqsUi};*bDG&29Up^2>R>hgRK;>Nf;&bUHr0VUas7qa{Z2K+mNlua_tH>8dUQVhEdPNCIoi>sO-V0XYL{>d-U$ z%wGO(kg3GiyI&@wkNK*`*0zP+@lJD|BH$}sz66+jOzc^fvXm(Q-V8C(r9+ZcVZ z`_)2fubcT8uvseBl&OecGL5AhqJv$D8<;|)!NO?+;Fn)~>@mLs$R=+m*}CwG)Q`qQ z*w1q*mO=38q3=N9a8rtjsidq%fT{mhVHLcsSe!0vqx>e!?s2^7Vlf*` zXU$uH;I+tk;T#B{39@LtY0iMaCCLKULx7XWXz>Xn<+s#pzm{e)CPu(5nVTtpCyf{+ z!u-!0B-KHm{j9Z{vvPXa1Kk5{KXtpOt)epbZ-9K50pOm`y&ct{;!K&*sqXpP_`x0G#kHB8N+u@1-e;jUMjOyh*?WYSsH`{OoJg6=jn1sE zN!k}xxPo3NKoU_(exI#wFA;)K!z)$XvwNV=XJZ7hw#?^|fipGafdlB=$!m^&1}E-d z2`9Ffnr5kH4T+QpfRUcLMO#Vay79u@Mrv+D#WC^;!J(%r|s-pOFBSvo#f;%e` zebwhBN+peldTnM8WGV|d=5_+#>ZP?cbl34P-@Yy*4LebsEezszJHPVr6u}bAH}4PYe=ZRc`>UEQRk zQ*tGH*7Z{_e?I#PDB+1t5W#*iij0~X(9=I!sSXdaf4+F*pR+l=;7)P}oJC6@J2k+d zgY&?_5ibPQUjoi|h5eWDuiA6O3xKcweZe&7!g+!sQ99ttFKJTXZr}p2!Wk?D_+&M6 zfk6;{oJ)jm{%E0*9Ct&-n1-N&m5)QRR5$pBYh$O%342--gQ; zW4~9%kKP`=dcyQmnaCax%dG}ktVb3v(oN;VauG^h|boAL@h-Agws0mN&v9m98 z+yQnP;0^e(0e(MQ+xJwpJbqQD3G!axD}*#xK28mzirGloxE)3qUm&%*S)EN zcYa}Az@ZIz+<$M0;kRGY#IBm2I-_pl<7dT{VikBxdr7UJ7XaZ}HB| zbz1~!Xt{95MlGtp?a=#gqXX^eoEv@MNh=`!MHVW4x;9BreHeoDmo)Jysh4G2PcbUd zB|%^y(_$(9QBx2RQ2zVGfEzkIsH{H_Z#;EI5P(bpjQfuYh$-~ny4L@V9j>ttKbaBr z0wYZa|NDtoGZ4oG607T#{Gvk3r82mslU=Tt@eN1hC!ab>8W)|iq8D$pUysxxS|uQK zkbDg0fdK3VLu+%I^A-TY_6m-FJto@lsn49=BMar%hC<%_B!mYzX0kB7ndtRG^lcK2 z3do+J_tfPMj#r8l|5p$&k|*1}r|~5P;jlFf&flJ+CJiG+5jN)de-kk)e^ht);COUG zNrXc{#)|p>hy}`W-`p&5_Tyv?o7g+P^=>t)jR=BI%IZXQur&d_y%Z#{cQ)0S+!YJt z!>72F)D{7Y;otg}4F9uE5NVti#ViJIUQc~Rtz#O<+>sBJrg%tT+7&Cc0Jse}9J&7v zg^tqT%k&s~vcU4}JYlBxoPg4QocLn|K&xe(Dw2vXz2Zns4`Mq#-}69lIL*f@@K)>|;Kj5s zr~Ws+%+TzqI1}22{)M^`4-|9Wh)Zo}OyK;}|Iq@VO`B0H<`dV*TWQ?X#KXqhtcgyH zm``muoZ)EV(A*S6owoCT&+lp;0u}wyrlf)(Z{>BItb9}Re0J-+e&xu#K;Tvt{~mzN zg;{fMnBPZI5n;}stpLapKK_8AB@VpZlW=dE1&+B5jb2UPxQN+#K&wK9; z5z@$2-QS<)1Hi`q6YESl%dG}CH$FCqQ7#?h8v*!2#M3i>f+q1sBBH4d7k~sTv!%jm z&r`*|`8y;4(IRSaRvDTPpAlA%yG<~ucA1pnGp?AAhd>|-WcS|P^Ts(=F&F0L?WSE2 zZ%PETa6k;uJrx(HOOCf8fjS*qO}~bl-LDeE|LF#62}mv2ps9Oz;=;m0x>=p)UP;4t zQsBy{c%Y3Y5!M{;(NI9)3u>A z$8Bfh?a5|IKkqP7B5nX;oT|B~e{VjN8uMkW&g+C;oUK^jVZ460X{B~?ykR;_!r-cL zz{ceFS#6o!x0;f@0_S7TPk6SypXfqLoRt61LQ=gvB7WOTCu`RN*RHLy%D2RZ!PEQ) zEC3CZyjc8H@p(OYSJ-{7eq(vHvCEzBr7ouC+c%&?u`kneGc}VKmE~8|a&ImX!&uB| zZQZnATnC(Rt-NL~n(mgtArlE(8J)J|+N+k0CVJxlK|f5&!Ssa^|2p@x#8xT zQ|#3%4{f6)t{Ty6JJ*%iq?0Qbd^vK~4jqL#I-4}n^75f*mG}6GUq8(7NW`-{r3%j< ze3{;|D@phO$sm_{HS0?xSaak>@Y>Sksd>FhiP8$4-Xh4@Z41wP?!9%|J`K-Z_I9=# zX@_%R7bb*PTi2fi0LAgXW4P2kH7IOMWE4~6RrtGUt7{{3u3u*N$7`R7p|z#gK7QNG zn=&=)jWLV1%*z{bxD}NOZ8>Piq8kKhSvqtVt6(hwXkx?Z(&*}pDBw?u*TEEkPrD-| zH;3s@h}dDmZ>zE;!TiQEzv5;j2~NGt>{9QS8tZ4k?IboP}W zK#pil6ZCSLD);>nEo7Iv&6?jQS$Qq?w_P%jt*kP9_1n^%H-Nlmmd8u?{u76=8BRBA zgYCV~L#-qA`;s?V6n%qD0fLHJ7<1Mwd}BOz`P&5mj=7sdSMvkGIvLk5RX2E@OkQ|_ zSHm~eZWJpLo>r%l3B+JdNt5Iz@Xs8M6#mFq4ZBp1USt)JnHonXZPIiS`$Q_WxRFk( zx3Gycv2rQD0MDYxijH>&FrX>e@7e?L4q_e7p02A7vyT-*ZDNbY7u0geeiYF!q6snA zQLl76U$Oq|t4+#XC2W`I!eE0`g9=dod!8~;`8QIBLGK*}WW5-vW`Nk^we zX;t?0)dSR5tPUh^;X1c5pW&7F2y+o;`csUAU=r)1h~gne4Al-flI~> z=xl#`W@dGd5;H11U7WVRM*jtVWoac_|d<8et590%vP4bm-m$ZdRgXSVI zk~Tvom~w@Tm<@cycfK!;@hdj?iRQkegfq}RK%6TT368qBo$0aI+ts_R-&qWKxoq>S zTbSW?uD@eho?M^UwRS1Q^yLu?Ae3TA-;??T<#q4hTOlQ`cj0i>G^(mcJ?oCG#@mi9Q0&<6=Vj(v%n@$IYY46I_WptqorpED;m9aBU zGA%ui%}#~O^s%q|{2Wj?0DI<&*7BnPsJ%?@wQtvs%HcicLPxQN=4%$dgzOJh8$T2- z?=3Gc8_pzDvMgVoRD`xYs-l>T3r6H*d^1u?)AnI+UL>qC;0$WL)F_<1C<(WzEZaK^ z`6C|$Ew)B#(Is8<%ar&wIy0-qC!IwLj;dMW1n3^%OuG~|-4y$cv)tLfMp0{fjf62v zT2{iLo^SXX8h?ZIjwRre5Rvx-_ z=23Y3Z8N@|sO-FHoz&+D5x-3PrF=zCmWqamnbyZ!PWX$iX#`;vw@ZkkXv{Fj&HM_j4i zUjq-<+Gt^j%mc>j*MCb{lu-Wejgs_s_T&_}P$AjnOH&t%4+|2d6=LTdkZt5EP!5qarxGO}OkFuh)V4WVg z7p3)D-b|h`Jc#9Z z!&Vrj^Uhu$YFPO2o?YFDv%US|>nQAR$uUeYM^0i)1sl@m7Lu2BG{&-)V#>86$h?jmiR$Jll(Uv*dyf5`rO%n2c0a4*diNgRY};?jWMom%S2Tf&;3+pX#js7nP7CTch$+igEhK~H6lRX-r&)U%w5^g zy&QO@xJpuipfAxWh>?bBTx~uoTvzh#U{;4#Y8+k1-3Nk4!nr=5i&yv99tPr9Vfx^;%4&N>f6@ zwO{0`_j(5xEoq@oei)n$n;)^XFv>BsGw$a+<;P7tU?A1pgE>~^2o2hJhmCD3Sa4!_ z^rN6QQF)gFQ4YS9j$S_Jutw9NcUYy;=B_WEx(*{%dd8KADS7SlS%S`a3F758kMOCh zCpRXU)(4%R?H3gk*Dh%CAN?BdjrHW;EAY7&FNyUL$L3%1+}taw8duXVg~4D|WWU|A z^^nxBVWy%^qX{+&H$wH>25`9Khsu!H_*=-wTuQvcN9*xTDbzpeR%%0{fC$f}wsd8E z)TKR!o7RUjcE&IDdyQ=Rr?G$<-gzu(mS9O<1AwBMb_dhU1rGtJx74)1Km6iKcXRH! z!=`;){9#hvNp4yX0DxE;tYh<@$v5yU#BT`P@yK!)c&njPX#jgkg;U^7N=~K~SSZeo z`U+G&RJnB@MjqHPc<6FW>M2WKX|$>9MzqnZ75LV9lUV>|i>-ymTKEi{5xzp~#QIv%;{Gcc|fl{edeNst%$I9Zb-XT-{mAvURY zSrn2wQjE@wg1t+>RsHh;?4id44u%2G%3}0A8bV*Kv64cz4WnHTPvn5-yh`vX>ZpC= zK-_+8ECnIk$Mp1W9@RglRQ+>6=BsBxMQ2XFl?jYDg+tT z2^ls&W_KNdIP zpez!p^#WiEb*4=}e)`dwhN{YcYZ5EHv;$DycJnWc`G-r}Dpnu>8B)#Ga=R%{u*1}T zuOniX|2zCT@tW-F-L5}HD$VPqq?Q}6I=4p3a!0I7lh*M5u`p0F1 z=It8(U?+Z~XvNgL3@`VNYLjCSFoyJWPQq+LDE5C5J2bxAc_o25qtwr zN`#4^h!TD}_qi?~#!1#PW;_O|a4IxVBmx}M`dYSS>j#EaAT_W_D;iAK;8XQvuC)1x zlPiY0lK|TTtuJL;etB^=@C2*Q&q};yBkiQVc#`-$KtTXW1p@hO>(YdL8z5SClhU(b zhi}Qwjf5Vg#Ll%Zvk$vF#fiEm$`ujFPq!v3`PMvO?+ICO_0+w)cYpC)G#-u>lr-)K z;%AwNkpcu{WD>Bp1usyaxCg4LcKlA2@}p**djG8>n(HX`mf`XC{$k0=V;2VcHMdLu zY_g4??n)0hpuu;`&SIU1RrW)0$0ZNrt*H?HeMd*f<9eTs@q>9~nOb4xR{)YG?hK&p zs!0KfP$-mRXB;16f;dp!hS2k^JJ%98UnIml{PgI#3{WEOIM*$sEylej{P~|v(WdQ! z`0+#o1G-bdp6c~ME-WO2qcAsF40-n@9!Hm<*w!t$-7;a!ynzNWVRbSayMcl0Ya510EnLs5P)_jX>UX3rb_>B zQBO&ePf_CLlH2g)qbZ+_fYh^VfPRU4|CLSp$aq4z^z7Q}riI-N$Mz@ZrfPnVL0aX5Nq4-7c&9ID6l-Ma7mCzd;Zr=9}g8ocl3%xHXbncTn@C} zV#SpFHbkjQLx{{kfi7Agt(2&9SOVPOi z@lHG=?|gvQ{vO2m-ASI4>pDPxUdiSTo}##Iv7#vX?J%Lc)4DdNpG-&ei>s)XO18 zMHV0Fzt$u=MM~#4{d1)}!Gdx^+K;4Uf&aMTQfk`72D~?Z}bFx?=`}g z)8a~nuX0c?>levMh`NpavU^(jSg#e+v_Z5ih0{xBy(0IOTn#ZuH0lm++97u^k`Pf% zk?kDVjQV!4oDzo<&)=--h_vNv>QKG>=W)Q{5Xr18K?QohP6L>%V{)gksqxEv2G_7|c9fL;SY%1iNO>n-0H<1N%7Y-(`yNc7s*hZHo> z50_Rv1!pcYy}M9FSH7B!xo0=>QM6Vs?YnDM`B!V#&(d%`1O5u#%q%)}U2JTj?w zCIDY7bqox3Os+m#`4)rIBg_M#5+a`#2~g+>*Sp92Vwu#`V3tNo0s!;*CqzFnfdXV} zN`zKNZsY2(*Ik``VA3Qq@Zi0~kx{u7MIsT~zxLqBBeoduUC3l^NI%}hsqPFw>Azu$ z(DLxiVzic0{qT2CkGTLq(;yBck#SO_!vV7}dn_dl_!rjOo6MT$^XiJ@YPQ1YuEj-G z+nu%*%ED2EI3hjrSA-sp(27+G0A_HSsMBf#J>8Gg0;mX9(J{_1Rc(x zSPdfpO%U}5LrAbnDYG;CDI+wyOT<^M;yy{6FSal3wrA~li9u<-^Wr>LWl zW5YmIkb!x<8PBR$U0e57#c@Oy_;H64j%_t<3xoW#?gF>?vc{!S{cT^Z0|f6r0BhRB765$7&xuP0#LP_!d* zP)lMW!4bzN=TJ7i=8%X)V@M?05JJP-+7F>ub0g}Xa)o|ferwAjHE6Eh=92grj+@-G zKc6ri*H|3kiK}Oqs|aOB_M=N|_TL=LyKMhl>AH1qQs(i7F>&OAIJi_V7T~g*HL>I6 z{G_5#P4Z;H*TuvJcyFn~ z=YFK)2QH+YJ#+?wyJ3)IyQ&)!DoKv{y?fHRr`Ge2iAJCxB$57=4@%o$@d*l5!@ zm7#{v4aluFAh`z43}Ip2nqFPJs<+B}U}3LBfYJ2eL^ZgTVrpl7B)X7_Gk$XOG0qEF zMC*=bpEQoOJW#IxnH@CC=|CHa!MbAli_A?N+6a_D+V+y@M1OD%ebv@WXm@RAJ%|L4 zDpv}Yj0Z6N){q}#p&7Nm0E8*?H~>!(bMMAOXs>E_whA19%oAJK*b~C~_>yA92kzM) zM|Au+M=S6A0&8S_Ma=rZ&dXZhshiQ`UcZzL@ukP6#)(H+|3Fujmvr2 zW3OGVdiV7xp`5#Jfjkm%7kSBZh)WTm-U zO;a-lnF#rHV|F$ZM)5%_9*pql2?c!OKBvDEUMg0r)|waT7wZi;q9IiPrLwje5aSLduv zM4?q!VlZ>r^iTW|4@M#uu?@{Ia>6(CWU00dBu>c>C9+A8*GFFR2uptSZF#g=_a`O% zz>Kqmiie}5Z{UK&4JfntAUpkJ&GvoF+N)?MDs<6JiIo6&S}`InL9#^6Rq`IL%@v2| zaYiuqz&!8NX;vRF|6HncUn$$#^r8Jb+5z3R+_{~N^ijsKI=e1LLZU&QqJ1bkSH=KY zb_>ntSrNxr(OOLlq^ed**?Klh$gcHSL~AO9^vY@8BfRZu)7XeIOF?yt8_0eIYm zKLapb(b%}maDomGSYl}>jz$pc$I}|>$!Dpp%S?yU{HJ#r9DQj%HcLCyKW)PP*IEyK zCRQhE9!*xR0z{2bmRrj1ctOb?khOmVpLhMAqGLT$0_6*P@%CX(ILnFk4~sR4G_j_o zIg=B1V)x^p0_~n9P;;afn)yulEgZ{vECXV`!R!!^jtY!XnE5i0_58s_*82|(A z_gMI>Gb%{=D_<}dfz9r&g`VJQd^WBfb{0NdVsPHvUHf;5bmw_1c-z9GAJ&uvbWxkS zQj8Ee)IblIq3JyK7hcYIldKddiT>2wr&SMW@!7ws;h<|Af2Mo>DY$?EqW`%Sa$z^s zkgjC_ynVJ568!z*p#7zcW(t3P&$%|FPigzHP|=q}^yqex)w~;?ggCzp;#UEE_9s)p zZ_;7*!5H#;Of3ZPA^6P;?(Rop(kA1fg6S3K0y~ieMz%7Pty!ei@8#=nmNz(87*BDj zc?5_!q=X^xA;~p;0z+WOV-$@DTaOeM(Q6XdBo$;A?%BBxXtfZ z+i0tNVDW2B7kcFbJ9UwD?oQX3S^h2@f5v3)d=|#+cvCamW_&k#+7SQD(12CL=iI^1 zx$B zN}QPpqt=~#ReM}7hU{_kmog^QEiSk^QnxuC6<^)hS`odjxC*?6XLWD`?HKwxY)7BE zNUpGaxnu_D1q#Gor!YQ&=$Ck8mpA8lh+*@idXU>SJg*T0L(;;_FLd+wf{m+SX~^24&Zs zszygTIn~0K4}8?4&q)||4G&bF-<+sLBoT0DlP`u6-DHlw-G zPz;g_dHn8E`C+ZiJAr>r1A8wFL7%8UfZK6fotiU@`mttLkR7E(QKH7bbzI;z5Op!E zO7aXr12R-sLoXJ;HdETpGixI8d`njq{;;T`KUOPwa6wXqcd{n*tzJd6 zgBELHt{%eXD&)%GYt}N|s)BZrg33(`pEbnGU6n%txRM ztjpgmGw>Usz7s8+C&f=w3CdONWT9C9y-3J?2zrJ$oHAB#Rxk#W5KDRK{u>ht+~YVn z7@2-|5Ze0{9lI47)n$cVTEB`la-OKuyuIb){NAdBNgY}wWmk@DvaHhkR>e0W= z|GSA%9U6kf4zMLRJz;|k{|9{Q-9biuMZny03HN9a^YS@jD1`XRW%S~N0ZF-y`xnIo@nyuPmu*V9nl8+7mc@3fKRjrZx zb1FUcxaHmbqb^^H&WF%tzbZYm>fY_)!2GBXAOQZM=kl>NSapl{Ms^zlj`Xp>gu;sj zdXW}lr%DcLhW2K6)FqyH%+wT`5s`_T+Zo!yUL1&hHXyOlsavTm^b^W#z##l((FN6U z35V9D62{IKFKRfuWx0NyDQ{Oh97Shb>44F=E|u>!N3JQ}S`z!}sSnUxlkD~m-TyBUpeaG z3|P1!#QA`%I1D{)kFo9C>8Hmm~>`3L5C*iN$ z7!DoFttj!xi20FvUtDorxG((VF~apS8#3!Q(NH4>cXY&o)!TLUy`^Vz5G#WB3edW$ z6y_)1SO!HP48kY;mi;o>{gbK$g2%S~o3CSQzQs}9ho!}nyN-t`2-J+vZ4K9^=NXKw zEpE8p5~d3Ghz?x)SoIeSijdh%bdi0Wnd85wKNMq#t-7ch^HcOSB} z7y!fB1gea8cm*f5+!?3X%5SE&>*6zN@FCX-JzisY|KqKijyYIju!u$m0u4yxm>O0( zF(csA*@xToO%5RaXSt6L0$JcHZ(b+~-z1mHon!BLI~s*i7;th!_S$N5J4tam?br3k zUC0)6a2|Fh_5D8A4=mYQ6rH(&K5-ddMlbP1&v;(o^ZGpZ8s_d1pkD=ycjTWT0^@bY zh9-mPi)TaZBvz*PBI>XV20F|FlcOx2^;XQAOzyrhWA@o;!XkmO9;4H^%?AR?p^>(1 zs8ti)r6$~5Y_^dhB#&H!n_SbSIo0u2p&9x zoA5{RY(*hEVxq2|RfvthJ^Nwp*(s?20QI0-&()xHzzDnSQGFim&p1gbnSU63@!&UI zV)TjfH%|=ns;;Xm}#?oN52vywffZ;QD|OnR145 za>aPhUDn)|DFTMNL9}xrJw;B>W@_GeX-d`s#Rss_M^_?J@=$z^lDVRGRW&^4``_G( z!P*02M|Y=f_0yeo+bvM8WjX9;_q*u;^!JG6NCHP+s~++~zM;t*y~F^0veF4Q%mxYQ zj@~81Rb5s5we4rV;(!Eazk*ajF83e26}+MKZ+{Z0BbXWx-D4NUksI+4rH07un2RGldM*nK z)^-sGY0x|e7Xxnud<=SUtgj^ivYyQjc-b&i(2XAe50L4=cQ|CuX-e^S7km;Lq~?~; z6bdIx-}zETs>PVC$`XJ6^VPMz;#$?78J6JIKWqYg1p(;ulT1(b zzE;l}TLq!|w5CrT7*}cT{MHCvny~^_J_m|31Cr~_D(^KFD zx~q0yK5sty_MXlQcxPtD5a^RtHQ5i|IjI~p-vGLR_{&sOG%Z;z!{zX!Oy%%>3D2e9 ztJTw&PF}Jc{*oC3=0>Vqc1SeNk1PYPZ(SWZP*~ZRyd1b24Rqq5Crjl$Y|1TkA>GNM z2ZLr_V|6SCLv7M6X6GaBdEAt`3cQzWGe6AamO2DH>|h)1h@)m@yEV1<{PMG3OjWG1 zt#|1eK_JD)7vb%WK$}klrN&39Xno76>1carwSEI5Gv`FsexAy=IQ`6f72pN4^W3F) zQrVRjFau6sguP9Ko10>#EXjDF~mn+wPIkM;h zUVhLb@QA;fkwif0CDtqIA_zqNgI1B2cposj(!(yTi1w>AtM^`$7!3t6luQ13b?-~2 zXNrP(8R4w#imtIS^usRo@Flaiz#X*mSfl#_AdTx|qLm!YuYmWcU}7N`=DppPQ+j_= zw*=hL0VV>0H|Y{6(cT?)XwaUbMG}kND1mpFC%lV4Ifx12Z58fOFrIE`KDjX+!|ltS>>9=mUK zRYW@qVJDGo_&Wu1alvO(<^9HYQGx^dgbph%o_B5Ix#|_4)6r)VFr?l=HeEGWO+s|o zi$de|QGdgyUdDV8oWstWS56H84F!B_h4I1YROrnY?Xei8=rAP{bO2L2Z|Sn_a8mmr zuS8s>=P2tfN0wOzH8|3-se2ng+?WA-lbo{gW5N>`xFv=w@xnslls;!znlq|e`I}!8 zA2dE-q4LfwD54+UvDr5m+WCDVluBKD@Zr5>*RZmJb?S&bdZZrKs{yrNZleSQ1xIKF z@mS?HsE}TLj~Gb2yU$4h+ct!}mI`}dbL`4*MCI>AjYlrq?FH};UvhdG@4zyaJa=86 z*Q<3q|7Paf`pt${c2fP)Lw22MUM=N6!(5}ssuXx;fF{?{C##W1ZKKWr?qnRRc^JFQ z{&ao7xviojt37FT__@JD`;5k74kuq1@HVMB`k@ria z$y;{x8Bg=EX%%>gqv6Tw^0v6ff#pHd<}f-OCrsm%JJG1TBLjRFOK)c4**{YX8ut)j zl09x@I=K4Y&xOiH(OO0O0{0RX-b>;e`fSi8l}Gwe2{zoYL~CiCeC-6yi<{A(sQsPl zfG^8P%?-;QXC! zQ4pBst5rZfE| zqqy%+$>~rFvrCVls_;5dU6c`CWlk}>{0^J(%P@oz4sp|UAY3iCZtPO@FGO3aR!frR zJXABx(ki&`VRg2vN2HILh)hgmEJnQWJ9rslM~>}E4n~NW7&~ja7V7}jy1%E`q)F<4 zq>^!6o1T5fg6`uDNWvJ+WVr4VLXP_o{_wJ!8I(~9H9&eg{qgz#baUqaQ0{vGpQM~> zs6#k7_Is0n2ENgz1sRVgIM75nf{GU<8F zLufMzoD%7wUD2egYAjeAkx{7j0QSlSltCgzqNGA%64Hpq?8x~TmJxt!?7;hZtFAzT zXa8Zi;(B*<0yCns8UT5v@Q()`}Kp)s?MJ`V=GN)us;|xzbC5=WVZ1E`< zNx@D|#|Ms}+D;B+*5m z6mg=vl{x22TP6l}!Cs$z44?<^jkm3>t#|XC&YJ|8$Tk+y7hi1aa9?NYz9=rHbboFi zi~5M!1)Js0(9qDaY3jWH3XsVp*HzyCb0Y7)b@I(Z*4H&U`{$<q(Fp;6WnhqucGfu_FKN7MdLUcYoc&VBbE4-;x#e)7oI zuATT4y7D|rID1aEb)vzbME1MQdY#w8osdTDR+b6}|3S+1V^lUrczC>Rr#o$~ZFVl{ z1P7eGr$3^nz~?Ehzi;==>IJ;j{u9F`*ivVfr>_t$H&KC)LsW% zC~kFs-DQvanK#QUfiHt8gYhX0jnhc_oZ0FZ)U7Q2;s_!~dpeq{tQoj!L(NAJVFPo) znZ|J%#KRYF&VXJ9f$bZzWCJ(2YqHG?>l53_tM2V=QI~}%h zp@_)e%FTn4w!1Rpe`$zVduG~%-AEb^=2y*2P(EF3&>K7346&U?_YRQl#mEV4K0uD_ z?-YAARnOFGYisX<8_qO(JX2DvgP9U)J7}$~>eLx(fwScXU^!J0Fx5nuoofae;nr6> zP>O(yQzdHgR^-UlnZezZL&ts?kKZ(?C!{IO>s0=fa~d`VqzM+~#4OOj5K@Jt+H{Dz zBnR$r7gX&ZNj;LvWrY-IPzA%gzN(aEO6oeknF1k#C|*la`|{*?{35+l5H(0p1#AWW z$R;O_n_lE9?p9w*D}Z5yalZrf5g&y8^unOP5h#{imP;Jr$K`&zVS(y@Xlj4a5^}askn?Fgfi5Af3MUZh2EKltVg5Tek-^?V@;j zX{ry!3R%^*Y1^CtQu=wb?YU;n`>wWegHK!{>O`@2b1z@+=f9S&W1Q$yj?U(PR0dU& zRSxEMA5+nj;RRieU$ne z+IB_t!|+1ABwz526z2u?!M>+LhO>qy8MNe`1mpjg;I3OSnzGv(Xjiv+MRl;5)l6Eg zQ=F0SkEL5=EVz*Ch{I2117Uo^1c1D2D&er}}Lj{O@p{cZcj+^{Br_JQ3B} z%5}%a;y5SNeC;S!f8jsWjNx4o@Spi;O$uBgf|ve;8{i>Oi^K4tse}0YGc<>&bRP@& zfuj$f8hgEtxW&Jn#{4T+@|J}3>x!GAt&K~+96vk0y7^q}^9lKq3ar&&>_^tg75JPS z=a)QFtUn$ZJa;xo--8w^z-%ae*_3_V3KQPhor8d?slzKj3lfhf5YHh+xg zg%}taFn4fqMYkkzB1F%&WJ0Y8T7az-brLSD5V>iHuk&^>y!xdY598Q3JmD8#S#nS( zaT^iN;Bn*s9^6D+i4xhW9g8-?!(%kSC^7QL=WEldDu<8|y457^5 z)95D>#{2{*9=;Wy@?Oz895kG6Fv8_3*RdOwISbubv2RPPtGu^W)1yA;){sS6PS-r& z$in8Nza$;D4baH|Q0IkB5D1?WOZoN|qw!E$-GzDG)AeeUy|8LHdw_|8yOPdaaVM9- z>||$)pUWCw_VRL}y+^k6>!C?*D~9O1=hP_KUcOl~9^c)^jY!$IAqt0N=2F}4R3-mP z8R~sgZ{y+jk1ENqLg%8+Mm@C{McAl&%>-OGfq??9I7h{M0dvhN1p88az5b;+TSZd5 z@+|*TT3`Ed)ozT`+s_hW%gCb9pg#zX@^|Nj?g05qE=wSTfZrFjT$3)RCY-Z7{3aZM zd^beNGr;taSTWj?(G3;%R}P37Gm5EGZkP(f87}R0J}VbJ5UbHN>XZM1pkL=Z-)i`a zlL(k6Sb`SSH{&w%Sb?`1b`tV}W%sLH;Nl9?>|+#o1u!Zp^m*czqh6~tt0|!Z$`%2R zTI2UlrFpD`BDvN8B}djX9$S*@)zvnX9blk9+{~|Peq$mT_N$3jQ+)gBTezN?j#_;W zi3lM~=eB7OWxvz~*s_;|cMJ2lD0N+f+=*{nA$ozFX75ge#d{g$+)m*V57!bDE&@X# zvVcbn%(rkQ!hB3qu?+-7+`4s9t&HzgQy`v^ZId>e8>%1^-=par%&Z_Re7A9DV*;nc*}=v0qM6d_#v#Pmaw=cl!lr$ACYMkcJJ)3oA<8>#)1KNF~=Q~s_z3?4FN779L%LMsd zob1~w_o%zIBH5gw?`_Q_pL2b04SA8ZuhM$z3vf?EYVgMSI7Q>@&w`^=fn8-Em4$2~ zTIhc@Dub)v;jLDm$(}*t@?*jad50Ijl&h#bo~L1R0E1Ot4ebzZ|Fg5rD!gJ~ICo0! za$sM@%J1=$+Gk1{Y@6vi7j0EZ@qH)kVuqKhnuDS2)Ki%asgB!uJr@Mg+@i^kL3}hrmfuut5`SPEwied@wMahFSYQ$wG+UE>iL-e`7HFleNPG9W z1_j&m95h0TbTC`;W-BHAKP13OKf`c)Ai0j-O_K@TXa!lQNjluu#9!d@g$M{FH%8zJ zYzYvuT|3K6U1bX^H-yQ=QX91lm33Ufm`$&_It$PucsJ^JIZovmZ6slfvSp&#yTC3F;liHde28yGfR=(Lg6uLpD({~fr zN7o<3u1xKW*wbVWCi6F&TK>e+IR19Ntih$GLy*{ei8oyaJ$E*qhM7I zENk~b-O!+8RQY1`Q7&FL7$zox6i&^_W%FT b^WIJRA*9!%kMkJbU#*?Bqg8|DwUmDW>y#s# literal 0 HcmV?d00001