From publicity-bounces@lists.xenproject.org Mon Jan 04 14:27:15 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 14:27:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG66N-0006FN-01; Mon, 04 Jan 2016 14:27:15 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG66L-0006F8-W3 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 14:27:14 +0000 Received: from [85.158.143.35] by server-3.bemta-4.messagelabs.com id CB/40-31122-1418A865; Mon, 04 Jan 2016 14:27:13 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-16.tower-21.messagelabs.com!1451917629!3924377!1 X-Originating-IP: [209.85.213.43] X-SpamReason: No, hits=2.0 required=7.0 tests=BODY_RANDOM_LONG, HTML_00_10,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18213 invoked from network); 4 Jan 2016 14:27:09 -0000 Received: from mail-vk0-f43.google.com (HELO mail-vk0-f43.google.com) (209.85.213.43) by server-16.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 14:27:09 -0000 Received: by mail-vk0-f43.google.com with SMTP id k1so122780075vkb.2 for ; Mon, 04 Jan 2016 06:27:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:content-type; bh=Nod9DqTP16d0y817/KBOHQhNGklIqDvbOgewGBV6E7A=; b=lirEtTWFqNmF3vHlG5qOFhiIE8YdG5FlctjD9rCYeGzT2xfpX3lDHDMS6yC7omosU/ kQ/GGRNdJb6f827GcjeotfYpwWqPUv1LY40c/tGf0UCKEI0s5ehzu+m3do88h68IOpEF HukvlPkZ06sMBlc6E88ROkfPSUUelEf/QKUrxi9VxpVhQDkvsDsrxIWvA3M0YyEMCyiB 5XyxOy+OcNrY1DQfeM0ylMkZGU84TDYmJktUCrTuB2n7AqiXI53C6Mt5TYMGBVeLPtio vgH2CRJRmzwBgOIh4YOwDbsylpGZ/BFYlv6iRumeQboKihlrfDZpqfeyjNULLdn9Ak97 Q/EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=Nod9DqTP16d0y817/KBOHQhNGklIqDvbOgewGBV6E7A=; b=Wtvsv+Pnb47CNrh0Xs4EjUM6wMcJInCkxTFX4wkfG5sp122BNlB8f12NQT94Z7dmcj JjMu8qHkDxmq8T7Hzz4YlhWpnCQ0S1IkmIzxT8krYT7gDM3od1VJY4DArh325LXmXABv y8DClS9lrbRqnzVsieWdRhDN6SyPgImbEhVm/yrC0X9TNerLN0NFxOvzJ+tschl/gIUE gEv+Qi3V6XtCyVf2F3zsbbBvJyco9XquS+liOG6RGe5NSsbBHCXEwCgiQDX8X8ibwq1s M0sI1Cdr6lNoy7jrGJ+kbrNIJERjYJo2AGS/NA1GJ0l8l724v6PeHe5VktIxgvyGVohn yQIw== X-Gm-Message-State: ALoCoQn8aqa2jKbuddUPjJ3Ea0EsIPeJm3nM7H+gWt7nlPxta7j5IM8hmwC0rRxX43qthl7SlFCRlWKcBjMDfJXLghBoM4+9irQKB2O3ZJe7/HUjVLtuIUY= X-Received: by 10.31.146.66 with SMTP id u63mr54849500vkd.31.1451917628993; Mon, 04 Jan 2016 06:27:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 06:26:49 -0800 (PST) From: "Lengyel, Tamas" Date: Mon, 4 Jan 2016 15:26:49 +0100 Message-ID: To: publicity@lists.xenproject.org Subject: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1059001348494775691==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1059001348494775691== Content-Type: multipart/alternative; boundary=001a1143a94c8508c2052882ea64 --001a1143a94c8508c2052882ea64 Content-Type: text/plain; charset=UTF-8 Hi all, please find below a brief write-up on using Xen altp2m for stealthy monitoring. While the write-up may be a bit technical and only of interest to a small(er) audience, it also gives some insight into what this new Xen feature is about and what it can be used for. Let me know if you think this would be appropriate for the Xen blog or if you have any other comments! Thanks, Tamas Stealthy monitoring with Xen altp2m One of the core features that differentiates Xen from other open-source hypervisors is its native support for stealthy and secure monitoring of guest internals (aka. virtual machine introspection). In the latest release of Xen last summer several new features have been introduced that make this subsystem better; a cleaned-up, optimized API and ARM support being just some of the biggest items on this list. As part of this release of Xen, a new and unique feature was also successfully added by a team from Intel that have make stealthy monitoring even better on Xen, named altp2m. In this blog entry we will take a look at what it's all about. In Xen's terminology, p2m stands for the guest memory management layer that handles the translation from guest [p]hysical memory to [m]achine physical. There are several implementations of this, including hardware support via Intel Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging (hap) in Xen. In this implementation the hypervisor maintains a second pagetable, similar to the one in 64-bit operating systems, dedicated to running the p2m translation. All (open-source) hypervisors that use this hardware assisted paging method use a single EPT per virtual machine to handle this translation, regardless how many vCPUs the guest may have. Xen altp2m is the first implementation which changes this setup by allowing Xen to create more then one EPT for each guest. Interestingly, the Intel hardware has been capable of maintaining up to 512 EPT pointers in the VMCS since the first introduction of EPT, noone made use of these extra tables until now. In Xen 4.6, Xen allows the creation of up to 10 EPTs per guest. The primary reason for this extension is of course the new #VE and VMFUNC extensions that were released in the Skylake generation of CPUs (which is worth a whole blog-entry on its own), but it can also be used by external monitoring applications as well via the Xen vm_event system. Why this feature is a game-changer for applications performing purely external monitoring is because it simplifies the monitoring process of multi-vCPU guests. As mentioned earlier, the EPT of the VM prior to altp2m being introduced was always shared across all vCPU of the guest. This introduced serious issues when monitoring of the guests' memory accesses were performed by restricting EPT permissions. While the method allowed for stealthy tracing of R/W/X memory accesses of the guest - EPT violations trap to the hypervisor - the memory permissions had to be relaxed in order to allow the guest to continue execution. This in turn creates a race-condition if the guest has multiple vCPUs, as a vCPU still active could perform the memory access while the permissions are relaxed. On could pause all vCPUs while the one violating the access is sidestepped, which introduces heavy overhead just to avoid a race-condition that may rarely occur. Alternatively, one could emulate the instruction that was violating the EPT permission without relaxing the EPT access permissions since Xen's built-in emulator ignores these. However, this solution (while supported) is not particularly ideal as it still creates significant performance overhead. Moreover, emulation in Xen is known to be buggy, so creating security tools that ultimately rely on an emulator is just asking for trouble. Xen's altp2m system changes this problem quite significantly. By having multiple EPTs we can have differing access permissions defined in each table, which can be swapped around at will. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue. More importantly, this switch can be performed specific to each vCPU, without having to pause any of the other ones, or having to emulate the access, without the guest noticing any of this switching at all. A truly simple and elegant solution. Of course, EPT based monitoring is not the only introspecting technique used for stealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analysis uses it in combination with an additional technique to maximum effect. EPT based monitoring is known to introduce significant overhead, even with the above mentioned altp2m-based optimization: the granularity of the monitoring is that of a memory page (4KB at least). This creates a lot of "false" events if you are really just interested, for example, when a function-entry point is called. Fortunately, this can be avoided by enabling the trapping of debug instructions into the hypervisor (a feature of the Intel CPU). This method is used in DRAKVUF, which writes breakpoint instructions into the guests' memory at code-locations of interest. To hide the presence of the breakpoints from the guest, these pages get further protected by restricting the pages to be execute-only in the EPT. This allows DRAKVUF to hide the presence of the breakpoints from code-integrity checking mechanisms that may run in the guest, such as Windows Patch Guard. However, this technique has been similarly problematic for multi-vCPU guests, as the breakpoint had to be removed when it was hit (or something was scanning the code), thus potentially leading to missed events. Fortunately, altp2m has another neat feature that can be used to solve this problem. Beside allowing for changing the memory permissions in the different altp2m views, it also allows to change the mapping itself! The same guest physical memory can be setup to be backed by different pages in the different views, thus truly making the guest physical memory "virtual": where it is mapped really depends on which view the vCPU is running on. This feature allows us to hide the presence of the breakpoints in a brand new way. First, we create a complete shadow copy of the memory page where the breakpoint is going to be written and only write the breakpoint into this shadow copy. Now, using altp2m, we setup a view where the guest physical memory of the page get mapped to our shadow copy. When the breakpoint is hit, or if something is trying to scan the code, we simply switch the view to the un-altered view for the duration of a singlestep, then switch back to the trapped view. This allows us to hide the presence of the breakpoints specific to each vCPU! All without having pause any of the other vCPUs or having to emulate. The first open-source implementation of this tracing has been already merged into the DRAKVUF Malware Analysis System and is available as a reference implementation for those interested in more details. --001a1143a94c8508c2052882ea64 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,
please find below a brief write-up o= n using Xen altp2m for stealthy monitoring. While the write-up may be a bit= technical and only of interest to a small(er) audience, it also gives some= insight into what this new Xen feature is about and what it can be used fo= r. Let me know if you think this would be appropriate for the Xen blog or i= f you have any other comments!

Thanks= ,
Tamas

Stealthy monitoring with Xen altp2m=

One of the core features that differentiates Xen from other open-so= urce hypervisors is its native support for stealthy and secure monitoring o= f guest internals (aka. virtual machine introspection). In the latest relea= se of Xen last summer several new features have been introduced that make t= his subsystem better; a cleaned-up, optimized API and ARM support being jus= t some of the biggest items on this list. As part of this release of Xen, a= new and unique feature was also successfully added by a team from Intel th= at have make stealthy monitoring even better on Xen, named altp2m. In this = blog entry we will take a look at what it's all about.

In Xen= 9;s terminology, p2m stands for the guest memory management layer that hand= les the translation from guest [p]hysical memory to [m]achine physical. The= re are several implementations of this, including hardware support via Inte= l Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hard= ware Assisted Paging (hap) in Xen. In this implementation the hypervisor ma= intains a second pagetable, similar to the one in 64-bit operating systems,= dedicated to running the p2m translation. All (open-source) hypervisors th= at use this hardware assisted paging method use a single EPT per virtual ma= chine to handle this translation, regardless how many vCPUs the guest may h= ave.

Xen altp2m is the first implementation which changes this setup= by allowing Xen to create more then one EPT for each guest. Interestingly,= the Intel hardware has been capable of maintaining up to 512 EPT pointers = in the VMCS since the first introduction of EPT, noone made use of these ex= tra tables until now. In Xen 4.6, Xen allows the creation of up to 10 EPTs = per guest. The primary reason for this extension is of course the new #VE a= nd VMFUNC extensions that were released in the Skylake generation of CPUs (= which is worth a whole blog-entry on its own), but it can also be used by e= xternal monitoring applications as well via the Xen vm_event system.
Why this feature is a game-changer for applications performing purely exte= rnal monitoring is because it simplifies the monitoring process of multi-vC= PU guests. As mentioned earlier, the EPT of the VM prior to altp2m being in= troduced was always shared across all vCPU of the guest. This introduced se= rious issues when monitoring of the guests' memory accesses were perfor= med by restricting EPT permissions. While the method allowed for stealthy t= racing of R/W/X memory accesses of the guest - EPT violations trap to the h= ypervisor - the memory permissions had to be relaxed in order to allow the = guest to continue execution. This in turn creates a race-condition if the g= uest has multiple vCPUs, as a vCPU still active could perform the memory ac= cess while the permissions are relaxed. On could pause all vCPUs while the = one violating the access is sidestepped, which introduces heavy overhead ju= st to avoid a race-condition that may rarely occur. Alternatively, one coul= d emulate the instruction that was violating the EPT permission without rel= axing the EPT access permissions since Xen's built-in emulator ignores = these. However, this solution (while supported) is not particularly ideal a= s it still creates significant performance overhead. Moreover, emulation in= Xen is known to be buggy, so creating security tools that ultimately rely = on an emulator is just asking for trouble.

Xen's altp2m system c= hanges this problem quite significantly. By having multiple EPTs we can hav= e differing access permissions defined in each table, which can be swapped = around at will. When the guest makes a memory access that is monitored, ins= tead of having to relax the access permission, Xen can simply switch to an = EPT (called a view) that allows the operation to continue. More importantly= , this switch can be performed specific to each vCPU, without having to pau= se any of the other ones, or having to emulate the access, without the gues= t noticing any of this switching at all. A truly simple and elegant solutio= n.

Of course, EPT based monitoring is not the only introspecting tec= hnique used for stealthy monitoring. For example, the Xen based DRAKVUF Dyn= amic Malware Analysis uses it in combination with an additional technique t= o maximum effect. EPT based monitoring is known to introduce significant ov= erhead, even with the above mentioned altp2m-based optimization: the granul= arity of the monitoring is that of a memory page (4KB at least). This creat= es a lot of "false" events if you are really just interested, for= example, when a function-entry point is called. Fortunately, this can be a= voided by enabling the trapping of debug instructions into the hypervisor (= a feature of the Intel CPU). This method is used in DRAKVUF, which writes b= reakpoint instructions into the guests' memory at code-locations of int= erest. To hide the presence of the breakpoints from the guest, these pages = get further protected by restricting the pages to be execute-only in the EP= T. This allows DRAKVUF to hide the presence of the breakpoints from code-in= tegrity checking mechanisms that may run in the guest, such as Windows Patc= h Guard. However, this technique has been similarly problematic for multi-v= CPU guests, as the breakpoint had to be removed when it was hit (or somethi= ng was scanning the code), thus potentially leading to missed events.
Fortunately, altp2m has another neat feature that can be used to solve th= is problem. Beside allowing for changing the memory permissions in the diff= erent altp2m views, it also allows to change the mapping itself! The same g= uest physical memory can be setup to be backed by different pages in the di= fferent views, thus truly making the guest physical memory "virtual&qu= ot;: where it is mapped really depends on which view the vCPU is running on= . This feature allows us to hide the presence of the breakpoints in a brand= new way. First, we create a complete shadow copy of the memory page where = the breakpoint is going to be written and only write the breakpoint into th= is shadow copy. Now, using altp2m, we setup a view where the guest physical= memory of the page get mapped to our shadow copy. When the breakpoint is h= it, or if something is trying to scan the code, we simply switch the view t= o the un-altered view for the duration of a singlestep, then switch back to= the trapped view. This allows us to hide the presence of the breakpoints s= pecific to each vCPU! All without having pause any of the other vCPUs or ha= ving to emulate. The first open-source implementation of this tracing has b= een already merged into the DRAKVUF Malware Analysis System and is availabl= e as a reference implementation for those interested in more details.
--001a1143a94c8508c2052882ea64-- --===============1059001348494775691== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1059001348494775691==-- From publicity-bounces@lists.xenproject.org Mon Jan 04 14:27:15 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 14:27:15 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG66N-0006FN-01; Mon, 04 Jan 2016 14:27:15 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG66L-0006F8-W3 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 14:27:14 +0000 Received: from [85.158.143.35] by server-3.bemta-4.messagelabs.com id CB/40-31122-1418A865; Mon, 04 Jan 2016 14:27:13 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-16.tower-21.messagelabs.com!1451917629!3924377!1 X-Originating-IP: [209.85.213.43] X-SpamReason: No, hits=2.0 required=7.0 tests=BODY_RANDOM_LONG, HTML_00_10,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 18213 invoked from network); 4 Jan 2016 14:27:09 -0000 Received: from mail-vk0-f43.google.com (HELO mail-vk0-f43.google.com) (209.85.213.43) by server-16.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 14:27:09 -0000 Received: by mail-vk0-f43.google.com with SMTP id k1so122780075vkb.2 for ; Mon, 04 Jan 2016 06:27:09 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:from:date:message-id:subject:to:content-type; bh=Nod9DqTP16d0y817/KBOHQhNGklIqDvbOgewGBV6E7A=; b=lirEtTWFqNmF3vHlG5qOFhiIE8YdG5FlctjD9rCYeGzT2xfpX3lDHDMS6yC7omosU/ kQ/GGRNdJb6f827GcjeotfYpwWqPUv1LY40c/tGf0UCKEI0s5ehzu+m3do88h68IOpEF HukvlPkZ06sMBlc6E88ROkfPSUUelEf/QKUrxi9VxpVhQDkvsDsrxIWvA3M0YyEMCyiB 5XyxOy+OcNrY1DQfeM0ylMkZGU84TDYmJktUCrTuB2n7AqiXI53C6Mt5TYMGBVeLPtio vgH2CRJRmzwBgOIh4YOwDbsylpGZ/BFYlv6iRumeQboKihlrfDZpqfeyjNULLdn9Ak97 Q/EA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:from:date:message-id:subject:to :content-type; bh=Nod9DqTP16d0y817/KBOHQhNGklIqDvbOgewGBV6E7A=; b=Wtvsv+Pnb47CNrh0Xs4EjUM6wMcJInCkxTFX4wkfG5sp122BNlB8f12NQT94Z7dmcj JjMu8qHkDxmq8T7Hzz4YlhWpnCQ0S1IkmIzxT8krYT7gDM3od1VJY4DArh325LXmXABv y8DClS9lrbRqnzVsieWdRhDN6SyPgImbEhVm/yrC0X9TNerLN0NFxOvzJ+tschl/gIUE gEv+Qi3V6XtCyVf2F3zsbbBvJyco9XquS+liOG6RGe5NSsbBHCXEwCgiQDX8X8ibwq1s M0sI1Cdr6lNoy7jrGJ+kbrNIJERjYJo2AGS/NA1GJ0l8l724v6PeHe5VktIxgvyGVohn yQIw== X-Gm-Message-State: ALoCoQn8aqa2jKbuddUPjJ3Ea0EsIPeJm3nM7H+gWt7nlPxta7j5IM8hmwC0rRxX43qthl7SlFCRlWKcBjMDfJXLghBoM4+9irQKB2O3ZJe7/HUjVLtuIUY= X-Received: by 10.31.146.66 with SMTP id u63mr54849500vkd.31.1451917628993; Mon, 04 Jan 2016 06:27:08 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 06:26:49 -0800 (PST) From: "Lengyel, Tamas" Date: Mon, 4 Jan 2016 15:26:49 +0100 Message-ID: To: publicity@lists.xenproject.org Subject: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1059001348494775691==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1059001348494775691== Content-Type: multipart/alternative; boundary=001a1143a94c8508c2052882ea64 --001a1143a94c8508c2052882ea64 Content-Type: text/plain; charset=UTF-8 Hi all, please find below a brief write-up on using Xen altp2m for stealthy monitoring. While the write-up may be a bit technical and only of interest to a small(er) audience, it also gives some insight into what this new Xen feature is about and what it can be used for. Let me know if you think this would be appropriate for the Xen blog or if you have any other comments! Thanks, Tamas Stealthy monitoring with Xen altp2m One of the core features that differentiates Xen from other open-source hypervisors is its native support for stealthy and secure monitoring of guest internals (aka. virtual machine introspection). In the latest release of Xen last summer several new features have been introduced that make this subsystem better; a cleaned-up, optimized API and ARM support being just some of the biggest items on this list. As part of this release of Xen, a new and unique feature was also successfully added by a team from Intel that have make stealthy monitoring even better on Xen, named altp2m. In this blog entry we will take a look at what it's all about. In Xen's terminology, p2m stands for the guest memory management layer that handles the translation from guest [p]hysical memory to [m]achine physical. There are several implementations of this, including hardware support via Intel Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging (hap) in Xen. In this implementation the hypervisor maintains a second pagetable, similar to the one in 64-bit operating systems, dedicated to running the p2m translation. All (open-source) hypervisors that use this hardware assisted paging method use a single EPT per virtual machine to handle this translation, regardless how many vCPUs the guest may have. Xen altp2m is the first implementation which changes this setup by allowing Xen to create more then one EPT for each guest. Interestingly, the Intel hardware has been capable of maintaining up to 512 EPT pointers in the VMCS since the first introduction of EPT, noone made use of these extra tables until now. In Xen 4.6, Xen allows the creation of up to 10 EPTs per guest. The primary reason for this extension is of course the new #VE and VMFUNC extensions that were released in the Skylake generation of CPUs (which is worth a whole blog-entry on its own), but it can also be used by external monitoring applications as well via the Xen vm_event system. Why this feature is a game-changer for applications performing purely external monitoring is because it simplifies the monitoring process of multi-vCPU guests. As mentioned earlier, the EPT of the VM prior to altp2m being introduced was always shared across all vCPU of the guest. This introduced serious issues when monitoring of the guests' memory accesses were performed by restricting EPT permissions. While the method allowed for stealthy tracing of R/W/X memory accesses of the guest - EPT violations trap to the hypervisor - the memory permissions had to be relaxed in order to allow the guest to continue execution. This in turn creates a race-condition if the guest has multiple vCPUs, as a vCPU still active could perform the memory access while the permissions are relaxed. On could pause all vCPUs while the one violating the access is sidestepped, which introduces heavy overhead just to avoid a race-condition that may rarely occur. Alternatively, one could emulate the instruction that was violating the EPT permission without relaxing the EPT access permissions since Xen's built-in emulator ignores these. However, this solution (while supported) is not particularly ideal as it still creates significant performance overhead. Moreover, emulation in Xen is known to be buggy, so creating security tools that ultimately rely on an emulator is just asking for trouble. Xen's altp2m system changes this problem quite significantly. By having multiple EPTs we can have differing access permissions defined in each table, which can be swapped around at will. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue. More importantly, this switch can be performed specific to each vCPU, without having to pause any of the other ones, or having to emulate the access, without the guest noticing any of this switching at all. A truly simple and elegant solution. Of course, EPT based monitoring is not the only introspecting technique used for stealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analysis uses it in combination with an additional technique to maximum effect. EPT based monitoring is known to introduce significant overhead, even with the above mentioned altp2m-based optimization: the granularity of the monitoring is that of a memory page (4KB at least). This creates a lot of "false" events if you are really just interested, for example, when a function-entry point is called. Fortunately, this can be avoided by enabling the trapping of debug instructions into the hypervisor (a feature of the Intel CPU). This method is used in DRAKVUF, which writes breakpoint instructions into the guests' memory at code-locations of interest. To hide the presence of the breakpoints from the guest, these pages get further protected by restricting the pages to be execute-only in the EPT. This allows DRAKVUF to hide the presence of the breakpoints from code-integrity checking mechanisms that may run in the guest, such as Windows Patch Guard. However, this technique has been similarly problematic for multi-vCPU guests, as the breakpoint had to be removed when it was hit (or something was scanning the code), thus potentially leading to missed events. Fortunately, altp2m has another neat feature that can be used to solve this problem. Beside allowing for changing the memory permissions in the different altp2m views, it also allows to change the mapping itself! The same guest physical memory can be setup to be backed by different pages in the different views, thus truly making the guest physical memory "virtual": where it is mapped really depends on which view the vCPU is running on. This feature allows us to hide the presence of the breakpoints in a brand new way. First, we create a complete shadow copy of the memory page where the breakpoint is going to be written and only write the breakpoint into this shadow copy. Now, using altp2m, we setup a view where the guest physical memory of the page get mapped to our shadow copy. When the breakpoint is hit, or if something is trying to scan the code, we simply switch the view to the un-altered view for the duration of a singlestep, then switch back to the trapped view. This allows us to hide the presence of the breakpoints specific to each vCPU! All without having pause any of the other vCPUs or having to emulate. The first open-source implementation of this tracing has been already merged into the DRAKVUF Malware Analysis System and is available as a reference implementation for those interested in more details. --001a1143a94c8508c2052882ea64 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,
please find below a brief write-up o= n using Xen altp2m for stealthy monitoring. While the write-up may be a bit= technical and only of interest to a small(er) audience, it also gives some= insight into what this new Xen feature is about and what it can be used fo= r. Let me know if you think this would be appropriate for the Xen blog or i= f you have any other comments!

Thanks= ,
Tamas

Stealthy monitoring with Xen altp2m=

One of the core features that differentiates Xen from other open-so= urce hypervisors is its native support for stealthy and secure monitoring o= f guest internals (aka. virtual machine introspection). In the latest relea= se of Xen last summer several new features have been introduced that make t= his subsystem better; a cleaned-up, optimized API and ARM support being jus= t some of the biggest items on this list. As part of this release of Xen, a= new and unique feature was also successfully added by a team from Intel th= at have make stealthy monitoring even better on Xen, named altp2m. In this = blog entry we will take a look at what it's all about.

In Xen= 9;s terminology, p2m stands for the guest memory management layer that hand= les the translation from guest [p]hysical memory to [m]achine physical. The= re are several implementations of this, including hardware support via Inte= l Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hard= ware Assisted Paging (hap) in Xen. In this implementation the hypervisor ma= intains a second pagetable, similar to the one in 64-bit operating systems,= dedicated to running the p2m translation. All (open-source) hypervisors th= at use this hardware assisted paging method use a single EPT per virtual ma= chine to handle this translation, regardless how many vCPUs the guest may h= ave.

Xen altp2m is the first implementation which changes this setup= by allowing Xen to create more then one EPT for each guest. Interestingly,= the Intel hardware has been capable of maintaining up to 512 EPT pointers = in the VMCS since the first introduction of EPT, noone made use of these ex= tra tables until now. In Xen 4.6, Xen allows the creation of up to 10 EPTs = per guest. The primary reason for this extension is of course the new #VE a= nd VMFUNC extensions that were released in the Skylake generation of CPUs (= which is worth a whole blog-entry on its own), but it can also be used by e= xternal monitoring applications as well via the Xen vm_event system.
Why this feature is a game-changer for applications performing purely exte= rnal monitoring is because it simplifies the monitoring process of multi-vC= PU guests. As mentioned earlier, the EPT of the VM prior to altp2m being in= troduced was always shared across all vCPU of the guest. This introduced se= rious issues when monitoring of the guests' memory accesses were perfor= med by restricting EPT permissions. While the method allowed for stealthy t= racing of R/W/X memory accesses of the guest - EPT violations trap to the h= ypervisor - the memory permissions had to be relaxed in order to allow the = guest to continue execution. This in turn creates a race-condition if the g= uest has multiple vCPUs, as a vCPU still active could perform the memory ac= cess while the permissions are relaxed. On could pause all vCPUs while the = one violating the access is sidestepped, which introduces heavy overhead ju= st to avoid a race-condition that may rarely occur. Alternatively, one coul= d emulate the instruction that was violating the EPT permission without rel= axing the EPT access permissions since Xen's built-in emulator ignores = these. However, this solution (while supported) is not particularly ideal a= s it still creates significant performance overhead. Moreover, emulation in= Xen is known to be buggy, so creating security tools that ultimately rely = on an emulator is just asking for trouble.

Xen's altp2m system c= hanges this problem quite significantly. By having multiple EPTs we can hav= e differing access permissions defined in each table, which can be swapped = around at will. When the guest makes a memory access that is monitored, ins= tead of having to relax the access permission, Xen can simply switch to an = EPT (called a view) that allows the operation to continue. More importantly= , this switch can be performed specific to each vCPU, without having to pau= se any of the other ones, or having to emulate the access, without the gues= t noticing any of this switching at all. A truly simple and elegant solutio= n.

Of course, EPT based monitoring is not the only introspecting tec= hnique used for stealthy monitoring. For example, the Xen based DRAKVUF Dyn= amic Malware Analysis uses it in combination with an additional technique t= o maximum effect. EPT based monitoring is known to introduce significant ov= erhead, even with the above mentioned altp2m-based optimization: the granul= arity of the monitoring is that of a memory page (4KB at least). This creat= es a lot of "false" events if you are really just interested, for= example, when a function-entry point is called. Fortunately, this can be a= voided by enabling the trapping of debug instructions into the hypervisor (= a feature of the Intel CPU). This method is used in DRAKVUF, which writes b= reakpoint instructions into the guests' memory at code-locations of int= erest. To hide the presence of the breakpoints from the guest, these pages = get further protected by restricting the pages to be execute-only in the EP= T. This allows DRAKVUF to hide the presence of the breakpoints from code-in= tegrity checking mechanisms that may run in the guest, such as Windows Patc= h Guard. However, this technique has been similarly problematic for multi-v= CPU guests, as the breakpoint had to be removed when it was hit (or somethi= ng was scanning the code), thus potentially leading to missed events.
Fortunately, altp2m has another neat feature that can be used to solve th= is problem. Beside allowing for changing the memory permissions in the diff= erent altp2m views, it also allows to change the mapping itself! The same g= uest physical memory can be setup to be backed by different pages in the di= fferent views, thus truly making the guest physical memory "virtual&qu= ot;: where it is mapped really depends on which view the vCPU is running on= . This feature allows us to hide the presence of the breakpoints in a brand= new way. First, we create a complete shadow copy of the memory page where = the breakpoint is going to be written and only write the breakpoint into th= is shadow copy. Now, using altp2m, we setup a view where the guest physical= memory of the page get mapped to our shadow copy. When the breakpoint is h= it, or if something is trying to scan the code, we simply switch the view t= o the un-altered view for the duration of a singlestep, then switch back to= the trapped view. This allows us to hide the presence of the breakpoints s= pecific to each vCPU! All without having pause any of the other vCPUs or ha= ving to emulate. The first open-source implementation of this tracing has b= een already merged into the DRAKVUF Malware Analysis System and is availabl= e as a reference implementation for those interested in more details.
--001a1143a94c8508c2052882ea64-- --===============1059001348494775691== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1059001348494775691==-- From publicity-bounces@lists.xenproject.org Mon Jan 04 16:43:58 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 16:43:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG8Ee-0002wf-TT; Mon, 04 Jan 2016 16:43:56 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG8Ed-0002wK-Cc for publicity@lists.xenproject.org; Mon, 04 Jan 2016 16:43:55 +0000 Received: from [85.158.137.68] by server-2.bemta-3.messagelabs.com id 7A/17-21201-A41AA865; Mon, 04 Jan 2016 16:43:54 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1451925833!13838275!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 44669 invoked from network); 4 Jan 2016 16:43:53 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-2.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 16:43:53 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=bAL3o47N1fgo9a+Aj5fAovGp/9nfmDDq168JRnInkhf1xsiv2GnRlfTZwchPB2WRPfJTqC+s7TPPkzfw0nA3GSHMWuEKDxBASu3sfALev7CBbBvUj6V7qwzq+JsAANoQiLFlc37Xb2W/7y7E+P+sGd0Cth+IPaGHam4twKviBgIstV8RPDFR2paxDgbhrAbgdJx53ZaCY4RqzXYr8up6F2fF3j43yPTQ2AT0hcWM4NmzuiuurwLcW14mdfy2IitEJcHGB/Js10bJVlj1pwzTOjrBYRhMqkKoE8ELLpy+pwdMOhQ5u0Op7fkNPp9+8+iITVgttzM+Cefxhxxv+cIfQA==; h=Received:Received:Received:Received:Received:Subject:To:References:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=5bBtPjQOy qdlm97ST9A7fdNMoRI=; b=dsUy4AsxTbnbOnIYyHgOCsm3prhyenEwFoNTDA46o vH2UAcfxnoaDKXDS3qNJ6YI2y6LOo0SWwHLu/CYpC6+Uydv4W/bL0AtMIjEoNVLE Mzmtj/0y7ZuEDuxz3vgWlRSPkQxnwUltB5PXU7vTaGPures8qmzxCzJoBM3n5JAr OxUoHQ3Gv8ZlakU1GkMACPfX2uV4r441WhnnSqF/ZIAbu8Fpq5MpEdCYCee7+pDv wNU0m4l3ejIVeT+Uddpat040A+ebAhiPcQBmA2maZFs9GhCfPKvwkYUb5AoIiy2R Z4ScEPfX9q/z5jWXD4EPUNtZKyEOb2y9EYxNmYzsKbbMQ== Received: (qmail 26857 invoked from network); 4 Jan 2016 18:43:52 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 18:43:52 +0200 Received: from smtp01.buh.bitdefender.com (unknown [10.17.80.75]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 2465E80466 for ; Mon, 4 Jan 2016 18:43:52 +0200 (EET) Received: (qmail 11333 invoked from network); 4 Jan 2016 18:43:52 +0200 Received: from unknown (HELO ?10.10.14.59?) (rcojocaru@bitdefender.com@unknown) by unknown with SMTP; 4 Jan 2016 18:43:52 +0200 To: "Lengyel, Tamas" , publicity@lists.xenproject.org References: From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <568AA198.8000308@bitdefender.com> Date: Mon, 4 Jan 2016 18:45:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp01.buh.bitdefender.com, sigver: 7.64078 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410820, Stamp: 3], Multi: [Enabled, t: (0.000008,0.003278)], BW: [Enabled, t: (0.000007,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.002943), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS; NN_LEGIT_MAILING_LIST_TO], SGN: [Enabled, t: (0.011723)], URL: [Enabled, t: (0.000004)], RTDA: [Enabled, t: (0.017115), Hit: No, Details: v2.3.1; Id: 2m1ghdo.1a81jc129.130tl], total: 0(775) X-BitDefender-CF-Stamp: none Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: > However, this solution (while supported) is not particularly ideal as it > still creates significant performance overhead. Moreover, emulation in > Xen is known to be buggy, so creating security tools that ultimately > rely on an emulator is just asking for trouble. That's debatable. The emulator is not as much buggy as it is incomplete, and there are ways around that - see the emulator bypass patch in our initial series back in 2014. I do concede that the Xen emulator does have a way to go. As for the performance overhead, if the security tool chooses the restricted pages wisely then it is more than acceptable. Of course, if all the guest's pages have restricted access rights then the guest will be noticeably impaired. And still on the performance issue, with emulation we have: 1. receive page fault event; 2. reply to the hypervisor with emulate flags on; 3. get a new page fault within the hypervisor (page restrictions have not been lifted) - but not hypervisor <-> userspace context switch); 4. emulate. With altp2m we have: 1. receive page fault event; 2. switch altp2m view in the vm_event reply + set singlestepping on (hypercalls, thus context switching); 3. get singlestep event from the hypervisor / guest (more context switching); 4. switch altp2m view again + set singlestepping off (again context switching / hypercalls). This is definitely not a very detailed analysis of what's happening, but I would think that the latter process takes at least as much time as the former. In other words, I don't see how the altp2m case improves performance. Further on you say "By having multiple EPTs we can have differing access permissions defined in each table, which can be swapped around at will. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue." However, that is now an all-or-none operating procedure - either allow or deny the operation that triggered the event. You can't, for example, allow the operation but disallow its actual write, so that you can continue to observe malicious activity without the malware being able to actually do what it wants to do. There might also be issues with guests where the number of VCPUs is bigger than 10, which is the maximum number of allowed EPTs. Both solutions have advantages and disadvantages, and having them both makes Xen a great platform for the discerning developer. While the altp2m solution might be simpler for your use-case, perhaps neither is intrinsically superior. Cheers, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 16:43:58 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 16:43:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG8Ee-0002wf-TT; Mon, 04 Jan 2016 16:43:56 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aG8Ed-0002wK-Cc for publicity@lists.xenproject.org; Mon, 04 Jan 2016 16:43:55 +0000 Received: from [85.158.137.68] by server-2.bemta-3.messagelabs.com id 7A/17-21201-A41AA865; Mon, 04 Jan 2016 16:43:54 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1451925833!13838275!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 44669 invoked from network); 4 Jan 2016 16:43:53 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-2.tower-31.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 16:43:53 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=bAL3o47N1fgo9a+Aj5fAovGp/9nfmDDq168JRnInkhf1xsiv2GnRlfTZwchPB2WRPfJTqC+s7TPPkzfw0nA3GSHMWuEKDxBASu3sfALev7CBbBvUj6V7qwzq+JsAANoQiLFlc37Xb2W/7y7E+P+sGd0Cth+IPaGHam4twKviBgIstV8RPDFR2paxDgbhrAbgdJx53ZaCY4RqzXYr8up6F2fF3j43yPTQ2AT0hcWM4NmzuiuurwLcW14mdfy2IitEJcHGB/Js10bJVlj1pwzTOjrBYRhMqkKoE8ELLpy+pwdMOhQ5u0Op7fkNPp9+8+iITVgttzM+Cefxhxxv+cIfQA==; h=Received:Received:Received:Received:Received:Subject:To:References:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=5bBtPjQOy qdlm97ST9A7fdNMoRI=; b=dsUy4AsxTbnbOnIYyHgOCsm3prhyenEwFoNTDA46o vH2UAcfxnoaDKXDS3qNJ6YI2y6LOo0SWwHLu/CYpC6+Uydv4W/bL0AtMIjEoNVLE Mzmtj/0y7ZuEDuxz3vgWlRSPkQxnwUltB5PXU7vTaGPures8qmzxCzJoBM3n5JAr OxUoHQ3Gv8ZlakU1GkMACPfX2uV4r441WhnnSqF/ZIAbu8Fpq5MpEdCYCee7+pDv wNU0m4l3ejIVeT+Uddpat040A+ebAhiPcQBmA2maZFs9GhCfPKvwkYUb5AoIiy2R Z4ScEPfX9q/z5jWXD4EPUNtZKyEOb2y9EYxNmYzsKbbMQ== Received: (qmail 26857 invoked from network); 4 Jan 2016 18:43:52 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 18:43:52 +0200 Received: from smtp01.buh.bitdefender.com (unknown [10.17.80.75]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 2465E80466 for ; Mon, 4 Jan 2016 18:43:52 +0200 (EET) Received: (qmail 11333 invoked from network); 4 Jan 2016 18:43:52 +0200 Received: from unknown (HELO ?10.10.14.59?) (rcojocaru@bitdefender.com@unknown) by unknown with SMTP; 4 Jan 2016 18:43:52 +0200 To: "Lengyel, Tamas" , publicity@lists.xenproject.org References: From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <568AA198.8000308@bitdefender.com> Date: Mon, 4 Jan 2016 18:45:12 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp01.buh.bitdefender.com, sigver: 7.64078 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410820, Stamp: 3], Multi: [Enabled, t: (0.000008,0.003278)], BW: [Enabled, t: (0.000007,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.002943), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS; NN_LEGIT_MAILING_LIST_TO], SGN: [Enabled, t: (0.011723)], URL: [Enabled, t: (0.000004)], RTDA: [Enabled, t: (0.017115), Hit: No, Details: v2.3.1; Id: 2m1ghdo.1a81jc129.130tl], total: 0(775) X-BitDefender-CF-Stamp: none Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: > However, this solution (while supported) is not particularly ideal as it > still creates significant performance overhead. Moreover, emulation in > Xen is known to be buggy, so creating security tools that ultimately > rely on an emulator is just asking for trouble. That's debatable. The emulator is not as much buggy as it is incomplete, and there are ways around that - see the emulator bypass patch in our initial series back in 2014. I do concede that the Xen emulator does have a way to go. As for the performance overhead, if the security tool chooses the restricted pages wisely then it is more than acceptable. Of course, if all the guest's pages have restricted access rights then the guest will be noticeably impaired. And still on the performance issue, with emulation we have: 1. receive page fault event; 2. reply to the hypervisor with emulate flags on; 3. get a new page fault within the hypervisor (page restrictions have not been lifted) - but not hypervisor <-> userspace context switch); 4. emulate. With altp2m we have: 1. receive page fault event; 2. switch altp2m view in the vm_event reply + set singlestepping on (hypercalls, thus context switching); 3. get singlestep event from the hypervisor / guest (more context switching); 4. switch altp2m view again + set singlestepping off (again context switching / hypercalls). This is definitely not a very detailed analysis of what's happening, but I would think that the latter process takes at least as much time as the former. In other words, I don't see how the altp2m case improves performance. Further on you say "By having multiple EPTs we can have differing access permissions defined in each table, which can be swapped around at will. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue." However, that is now an all-or-none operating procedure - either allow or deny the operation that triggered the event. You can't, for example, allow the operation but disallow its actual write, so that you can continue to observe malicious activity without the malware being able to actually do what it wants to do. There might also be issues with guests where the number of VCPUs is bigger than 10, which is the maximum number of allowed EPTs. Both solutions have advantages and disadvantages, and having them both makes Xen a great platform for the discerning developer. While the altp2m solution might be simpler for your use-case, perhaps neither is intrinsically superior. Cheers, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 19:31:45 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 19:31:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGAr2-0006de-08; Mon, 04 Jan 2016 19:31:44 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGAr0-0006dZ-FM for publicity@lists.xenproject.org; Mon, 04 Jan 2016 19:31:42 +0000 Received: from [85.158.137.68] by server-4.bemta-3.messagelabs.com id F3/DC-09570-D98CA865; Mon, 04 Jan 2016 19:31:41 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1451935895!13862623!1 X-Originating-IP: [209.85.213.53] X-SpamReason: No, hits=1.2 required=7.0 tests=HTML_10_20,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10298 invoked from network); 4 Jan 2016 19:31:36 -0000 Received: from mail-vk0-f53.google.com (HELO mail-vk0-f53.google.com) (209.85.213.53) by server-2.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 19:31:36 -0000 Received: by mail-vk0-f53.google.com with SMTP id f2so215673675vkb.3 for ; Mon, 04 Jan 2016 11:31:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FR/ehlTgPN5BshnQgZGcMKPdA6gHu0uN1fMwj25hlWE=; b=vFrwSnxu1F/CgwZNyuYb4dH2ctGwlM0mIULPEDQKlQmUS2b7f9u+2pYr+49QrR94y+ KuOdmvTZFeuYojhFC2Iop8tiFk8MyfDEtVNVpFVRV2staG0cGwxq8A2Uydy57AxvvnlY ZEC2QF+IL7oKQdUUsuc5WVmrJiTR1iMo/SJchotICWD+K+9mU0A04g9c3ZI5Jp+nKWZS TGaOjUSFasfu0yvI0YUX1ZQgsibFFnhHRnJQqzIuLY7D8yZK3s8RIMvEJkHG5/HVeReC wf4SM5JeBuck960als85Gv4gpqPiN9x9UCtCVY17vKdRVpOfjSKSwsVxKt+FpOqgpKlY Q0ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FR/ehlTgPN5BshnQgZGcMKPdA6gHu0uN1fMwj25hlWE=; b=H6632YNzkDW9EbRFi8Umj4UXx+MIoZcevzZei56+QGJhggGT3KZQp3Ans7sikY4EOj toDcZmSaNDuTr5rRi+y0z6EQ5bSAkIaHe+nOlz+EXJEkvip9MS+yOxYJZ1Isci/Pzcrn bUVomlwNay3XqSus+UhfBFa8mB1Chc/PWe4YQFbgKRHzQq2KfgwgTVCiHHl15rlkIGqE tHHv+rozMSxeexZN0VWFIRqXwS9DFxRp2h1zIuC8micdJ7U4hgKmRTfyhd+PBAGB8yIJ 5pFZpZCszQtxvQnQaEqpMSwhcNadh/rjYDJ+GK0kBRp7VbeHN1Hl7qR6N5NLYrovvUZf 1c4w== X-Gm-Message-State: ALoCoQnvxMytsVeqtD7UnVPpSA6etPZyLbgFUIh5BQjVWdxsPUoDOxKOz5I6CZtoO94EON6JrFehcVotTurymZ460PYnrUcey9ChfFnRm3QWUDZDnlbusqI= MIME-Version: 1.0 X-Received: by 10.31.49.207 with SMTP id x198mr28572395vkx.1.1451935895475; Mon, 04 Jan 2016 11:31:35 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 11:31:35 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 11:31:35 -0800 (PST) In-Reply-To: <568AA198.8000308@bitdefender.com> References: <568AA198.8000308@bitdefender.com> Date: Mon, 4 Jan 2016 20:31:35 +0100 Message-ID: From: "Lengyel, Tamas" To: Razvan Cojocaru Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1287369431977985250==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1287369431977985250== Content-Type: multipart/alternative; boundary=001a11430efe4971c90528872b5f --001a11430efe4971c90528872b5f Content-Type: text/plain; charset=UTF-8 Hi Razvan, thanks for chiming in! On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" wrote: > > On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: > > However, this solution (while supported) is not particularly ideal as it > > still creates significant performance overhead. Moreover, emulation in > > Xen is known to be buggy, so creating security tools that ultimately > > rely on an emulator is just asking for trouble. > > That's debatable. The emulator is not as much buggy as it is incomplete, Yes, that's a nicer way to state it. > and there are ways around that - see the emulator bypass patch in our > initial series back in 2014. I do concede that the Xen emulator does > have a way to go. By default the only option is Xen's emulator so that's what I think should be discussed. Using another emulator, while probably possible, would certainly not be trivial. > > As for the performance overhead, if the security tool chooses the > restricted pages wisely then it is more than acceptable. Of course, if > all the guest's pages have restricted access rights then the guest will > be noticeably impaired. > > And still on the performance issue, with emulation we have: > > 1. receive page fault event; > 2. reply to the hypervisor with emulate flags on; > 3. get a new page fault within the hypervisor (page restrictions have > not been lifted) - but not hypervisor <-> userspace context switch); > 4. emulate. That's six context switches + emulation. > > With altp2m we have: > > 1. receive page fault event; > 2. switch altp2m view in the vm_event reply + set singlestepping on > (hypercalls, thus context switching); It's done in the same hypercall you have to issue anyway for vm_event to signal the request has been processed so this adds no extra. > 3. get singlestep event from the hypervisor / guest (more context > switching); Here indeed there is an extra step of delivering the event to the subscriber. > 4. switch altp2m view again + set singlestepping off (again context > switching / hypercalls). This is again done in the reply directly so no extra hypercalls. So overall this is eight context switches but no emulation. In a nutshell, performance will of course vary and I have no in-depth analysis showing one to be better then the other one. Depending on how complex the emulation is one may be faster in some cases and slower in others. The argument for the altp2m solution is that it avoids emulation and reduces complexity, without pausing all vCPUs on the system. > > This is definitely not a very detailed analysis of what's happening, but > I would think that the latter process takes at least as much time as the > former. In other words, I don't see how the altp2m case improves > performance. I don't think it does either. > > Further on you say "By having multiple EPTs we can have differing access > permissions defined in each table, which can be swapped around at will. > When the guest makes a memory access that is monitored, instead of > having to relax the access permission, Xen can simply switch to an EPT > (called a view) that allows the operation to continue." > > However, that is now an all-or-none operating procedure - either allow > or deny the operation that triggered the event. You can't, for example, > allow the operation but disallow its actual write, so that you can > continue to observe malicious activity without the malware being able to > actually do what it wants to do. Certainly, that's a use-case for which the emulation based solution is still suitable for. That however is beyond the point of simple monitoring and would be more like an IPS solution. > > There might also be issues with guests where the number of VCPUs is > bigger than 10, which is the maximum number of allowed EPTs. You don't need a separate altp2m view for each vCPU. All you need is two views that can be interchanged in each vCPU independently. > > Both solutions have advantages and disadvantages, and having them both > makes Xen a great platform for the discerning developer. Certainly, having access to the emulator does have its usecases. While the > altp2m solution might be simpler for your use-case, perhaps neither is > intrinsically superior. For the usecase of monitoring arbitrary memory accesses and code execution on multi-vCPU systems it is the only readily available solution at the moment. Using the emulator in this fashion unfortunately crashes the guest (that's the case you verified too, we should probably report that issue on xen-devel). But even if the emulator worked properly, provided the long list of bugs we have encountered in emulators in recent years I would not be surprised to find more issues. So if it can be avoided, it should be. And in this case it can be quite nicely. > > Cheers, > Razvan Thanks! Tamas --001a11430efe4971c90528872b5f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Razvan,
thanks for chiming in!

On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" <rcojocaru@bitdefender.com> = wrote:
>
> On 01/04/2016 04:26 PM, Lengyel, Tamas wrote:
> > However, this solution (while supported) is not particularly idea= l as it
> > still creates significant performance overhead. Moreover, emulati= on in
> > Xen is known to be buggy, so creating security tools that ultimat= ely
> > rely on an emulator is just asking for trouble.
>
> That's debatable. The emulator is not as much buggy as it is incom= plete,

Yes, that's a nicer way to state it.

> and there are ways around that - see the emulator bypas= s patch in our
> initial series back in 2014. I do concede that the Xen emulator does > have a way to go.

By default the only option is Xen's emulator so that'= ;s what I think should be discussed. Using another emulator, while probably= possible, would certainly not be trivial.

>
> As for the performance overhead, if the security tool chooses the
> restricted pages wisely then it is more than acceptable. Of course, if=
> all the guest's pages have restricted access rights then the guest= will
> be noticeably impaired.
>
> And still on the performance issue, with emulation we have:
>
> 1. receive page fault event;
> 2. reply to the hypervisor with emulate flags on;
> 3. get a new page fault within the hypervisor (page restrictions have<= br> > not been lifted) - but not hypervisor <-> userspace context swit= ch);
> 4. emulate.

That's six context switches + emulation.

>
> With altp2m we have:
>
> 1. receive page fault event;
> 2. switch altp2m view in the vm_event reply + set singlestepping on > (hypercalls, thus context switching);

It's done in the same hypercall you have to issue anyway= for vm_event to signal the request has been processed so this adds no extr= a.

> 3. get singlestep event from the hypervisor / guest (mo= re context
> switching);

Here indeed there is an extra step of delivering the event t= o the subscriber.

> 4. switch altp2m view again + set singlestepping off (a= gain context
> switching / hypercalls).

This is again done in the reply directly so no extra hyperca= lls. So overall this is eight context switches but no emulation.

In a nutshell, performance will of course vary and I have no= in-depth analysis showing one to be better then the other one. Depending o= n how complex the emulation is one may be faster in some cases and slower i= n others. The argument for the altp2m solution is that it avoids emulation = and reduces complexity, without pausing all vCPUs on the system.

>
> This is definitely not a very detailed analysis of what's happenin= g, but
> I would think that the latter process takes at least as much time as t= he
> former. In other words, I don't see how the altp2m case improves > performance.

I don't think it does either.

>
> Further on you say "By having multiple EPTs we can have differing= access
> permissions defined in each table, which can be swapped around at will= .
> When the guest makes a memory access that is monitored, instead of
> having to relax the access permission, Xen can simply switch to an EPT=
> (called a view) that allows the operation to continue."
>
> However, that is now an all-or-none operating procedure - either allow=
> or deny the operation that triggered the event. You can't, for exa= mple,
> allow the operation but disallow its actual write, so that you can
> continue to observe malicious activity without the malware being able = to
> actually do what it wants to do.

Certainly, that's a use-case for which the emulation bas= ed solution is still suitable for. That however is beyond the point of simp= le monitoring and would be more like an IPS solution.

>
> There might also be issues with guests where the number of VCPUs is > bigger than 10, which is the maximum number of allowed EPTs.

You don't need a separate altp2m view for each vCPU. All= you need is two views that can be interchanged in each vCPU independently.=

>
> Both solutions have advantages and disadvantages, and having them both=
> makes Xen a great platform for the discerning developer.

Certainly, having access to the emulator does have its useca= ses.

While the
> altp2m solution might be simpler for your use-case, perhaps neither is=
> intrinsically superior.

For the usecase of monitoring arbitrary memory accesses and = code execution on multi-vCPU systems it is the only readily available solut= ion at the moment.=C2=A0 Using the emulator in this fashion unfortunately c= rashes the guest (that's the case you verified too, we should probably = report that issue on xen-devel). But even if the emulator worked properly, = provided the long list of bugs we have encountered in emulators in recent y= ears I would not be surprised to find more issues. So if it can be avoided,= it should be. And in this case it can be quite nicely.

>
> Cheers,
> Razvan

Thanks!
Tamas

--001a11430efe4971c90528872b5f-- --===============1287369431977985250== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1287369431977985250==-- From publicity-bounces@lists.xenproject.org Mon Jan 04 19:31:45 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 19:31:45 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGAr2-0006de-08; Mon, 04 Jan 2016 19:31:44 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGAr0-0006dZ-FM for publicity@lists.xenproject.org; Mon, 04 Jan 2016 19:31:42 +0000 Received: from [85.158.137.68] by server-4.bemta-3.messagelabs.com id F3/DC-09570-D98CA865; Mon, 04 Jan 2016 19:31:41 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1451935895!13862623!1 X-Originating-IP: [209.85.213.53] X-SpamReason: No, hits=1.2 required=7.0 tests=HTML_10_20,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 10298 invoked from network); 4 Jan 2016 19:31:36 -0000 Received: from mail-vk0-f53.google.com (HELO mail-vk0-f53.google.com) (209.85.213.53) by server-2.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 19:31:36 -0000 Received: by mail-vk0-f53.google.com with SMTP id f2so215673675vkb.3 for ; Mon, 04 Jan 2016 11:31:36 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=FR/ehlTgPN5BshnQgZGcMKPdA6gHu0uN1fMwj25hlWE=; b=vFrwSnxu1F/CgwZNyuYb4dH2ctGwlM0mIULPEDQKlQmUS2b7f9u+2pYr+49QrR94y+ KuOdmvTZFeuYojhFC2Iop8tiFk8MyfDEtVNVpFVRV2staG0cGwxq8A2Uydy57AxvvnlY ZEC2QF+IL7oKQdUUsuc5WVmrJiTR1iMo/SJchotICWD+K+9mU0A04g9c3ZI5Jp+nKWZS TGaOjUSFasfu0yvI0YUX1ZQgsibFFnhHRnJQqzIuLY7D8yZK3s8RIMvEJkHG5/HVeReC wf4SM5JeBuck960als85Gv4gpqPiN9x9UCtCVY17vKdRVpOfjSKSwsVxKt+FpOqgpKlY Q0ZA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=FR/ehlTgPN5BshnQgZGcMKPdA6gHu0uN1fMwj25hlWE=; b=H6632YNzkDW9EbRFi8Umj4UXx+MIoZcevzZei56+QGJhggGT3KZQp3Ans7sikY4EOj toDcZmSaNDuTr5rRi+y0z6EQ5bSAkIaHe+nOlz+EXJEkvip9MS+yOxYJZ1Isci/Pzcrn bUVomlwNay3XqSus+UhfBFa8mB1Chc/PWe4YQFbgKRHzQq2KfgwgTVCiHHl15rlkIGqE tHHv+rozMSxeexZN0VWFIRqXwS9DFxRp2h1zIuC8micdJ7U4hgKmRTfyhd+PBAGB8yIJ 5pFZpZCszQtxvQnQaEqpMSwhcNadh/rjYDJ+GK0kBRp7VbeHN1Hl7qR6N5NLYrovvUZf 1c4w== X-Gm-Message-State: ALoCoQnvxMytsVeqtD7UnVPpSA6etPZyLbgFUIh5BQjVWdxsPUoDOxKOz5I6CZtoO94EON6JrFehcVotTurymZ460PYnrUcey9ChfFnRm3QWUDZDnlbusqI= MIME-Version: 1.0 X-Received: by 10.31.49.207 with SMTP id x198mr28572395vkx.1.1451935895475; Mon, 04 Jan 2016 11:31:35 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 11:31:35 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 11:31:35 -0800 (PST) In-Reply-To: <568AA198.8000308@bitdefender.com> References: <568AA198.8000308@bitdefender.com> Date: Mon, 4 Jan 2016 20:31:35 +0100 Message-ID: From: "Lengyel, Tamas" To: Razvan Cojocaru Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1287369431977985250==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1287369431977985250== Content-Type: multipart/alternative; boundary=001a11430efe4971c90528872b5f --001a11430efe4971c90528872b5f Content-Type: text/plain; charset=UTF-8 Hi Razvan, thanks for chiming in! On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" wrote: > > On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: > > However, this solution (while supported) is not particularly ideal as it > > still creates significant performance overhead. Moreover, emulation in > > Xen is known to be buggy, so creating security tools that ultimately > > rely on an emulator is just asking for trouble. > > That's debatable. The emulator is not as much buggy as it is incomplete, Yes, that's a nicer way to state it. > and there are ways around that - see the emulator bypass patch in our > initial series back in 2014. I do concede that the Xen emulator does > have a way to go. By default the only option is Xen's emulator so that's what I think should be discussed. Using another emulator, while probably possible, would certainly not be trivial. > > As for the performance overhead, if the security tool chooses the > restricted pages wisely then it is more than acceptable. Of course, if > all the guest's pages have restricted access rights then the guest will > be noticeably impaired. > > And still on the performance issue, with emulation we have: > > 1. receive page fault event; > 2. reply to the hypervisor with emulate flags on; > 3. get a new page fault within the hypervisor (page restrictions have > not been lifted) - but not hypervisor <-> userspace context switch); > 4. emulate. That's six context switches + emulation. > > With altp2m we have: > > 1. receive page fault event; > 2. switch altp2m view in the vm_event reply + set singlestepping on > (hypercalls, thus context switching); It's done in the same hypercall you have to issue anyway for vm_event to signal the request has been processed so this adds no extra. > 3. get singlestep event from the hypervisor / guest (more context > switching); Here indeed there is an extra step of delivering the event to the subscriber. > 4. switch altp2m view again + set singlestepping off (again context > switching / hypercalls). This is again done in the reply directly so no extra hypercalls. So overall this is eight context switches but no emulation. In a nutshell, performance will of course vary and I have no in-depth analysis showing one to be better then the other one. Depending on how complex the emulation is one may be faster in some cases and slower in others. The argument for the altp2m solution is that it avoids emulation and reduces complexity, without pausing all vCPUs on the system. > > This is definitely not a very detailed analysis of what's happening, but > I would think that the latter process takes at least as much time as the > former. In other words, I don't see how the altp2m case improves > performance. I don't think it does either. > > Further on you say "By having multiple EPTs we can have differing access > permissions defined in each table, which can be swapped around at will. > When the guest makes a memory access that is monitored, instead of > having to relax the access permission, Xen can simply switch to an EPT > (called a view) that allows the operation to continue." > > However, that is now an all-or-none operating procedure - either allow > or deny the operation that triggered the event. You can't, for example, > allow the operation but disallow its actual write, so that you can > continue to observe malicious activity without the malware being able to > actually do what it wants to do. Certainly, that's a use-case for which the emulation based solution is still suitable for. That however is beyond the point of simple monitoring and would be more like an IPS solution. > > There might also be issues with guests where the number of VCPUs is > bigger than 10, which is the maximum number of allowed EPTs. You don't need a separate altp2m view for each vCPU. All you need is two views that can be interchanged in each vCPU independently. > > Both solutions have advantages and disadvantages, and having them both > makes Xen a great platform for the discerning developer. Certainly, having access to the emulator does have its usecases. While the > altp2m solution might be simpler for your use-case, perhaps neither is > intrinsically superior. For the usecase of monitoring arbitrary memory accesses and code execution on multi-vCPU systems it is the only readily available solution at the moment. Using the emulator in this fashion unfortunately crashes the guest (that's the case you verified too, we should probably report that issue on xen-devel). But even if the emulator worked properly, provided the long list of bugs we have encountered in emulators in recent years I would not be surprised to find more issues. So if it can be avoided, it should be. And in this case it can be quite nicely. > > Cheers, > Razvan Thanks! Tamas --001a11430efe4971c90528872b5f Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable

Hi Razvan,
thanks for chiming in!

On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" <rcojocaru@bitdefender.com> = wrote:
>
> On 01/04/2016 04:26 PM, Lengyel, Tamas wrote:
> > However, this solution (while supported) is not particularly idea= l as it
> > still creates significant performance overhead. Moreover, emulati= on in
> > Xen is known to be buggy, so creating security tools that ultimat= ely
> > rely on an emulator is just asking for trouble.
>
> That's debatable. The emulator is not as much buggy as it is incom= plete,

Yes, that's a nicer way to state it.

> and there are ways around that - see the emulator bypas= s patch in our
> initial series back in 2014. I do concede that the Xen emulator does > have a way to go.

By default the only option is Xen's emulator so that'= ;s what I think should be discussed. Using another emulator, while probably= possible, would certainly not be trivial.

>
> As for the performance overhead, if the security tool chooses the
> restricted pages wisely then it is more than acceptable. Of course, if=
> all the guest's pages have restricted access rights then the guest= will
> be noticeably impaired.
>
> And still on the performance issue, with emulation we have:
>
> 1. receive page fault event;
> 2. reply to the hypervisor with emulate flags on;
> 3. get a new page fault within the hypervisor (page restrictions have<= br> > not been lifted) - but not hypervisor <-> userspace context swit= ch);
> 4. emulate.

That's six context switches + emulation.

>
> With altp2m we have:
>
> 1. receive page fault event;
> 2. switch altp2m view in the vm_event reply + set singlestepping on > (hypercalls, thus context switching);

It's done in the same hypercall you have to issue anyway= for vm_event to signal the request has been processed so this adds no extr= a.

> 3. get singlestep event from the hypervisor / guest (mo= re context
> switching);

Here indeed there is an extra step of delivering the event t= o the subscriber.

> 4. switch altp2m view again + set singlestepping off (a= gain context
> switching / hypercalls).

This is again done in the reply directly so no extra hyperca= lls. So overall this is eight context switches but no emulation.

In a nutshell, performance will of course vary and I have no= in-depth analysis showing one to be better then the other one. Depending o= n how complex the emulation is one may be faster in some cases and slower i= n others. The argument for the altp2m solution is that it avoids emulation = and reduces complexity, without pausing all vCPUs on the system.

>
> This is definitely not a very detailed analysis of what's happenin= g, but
> I would think that the latter process takes at least as much time as t= he
> former. In other words, I don't see how the altp2m case improves > performance.

I don't think it does either.

>
> Further on you say "By having multiple EPTs we can have differing= access
> permissions defined in each table, which can be swapped around at will= .
> When the guest makes a memory access that is monitored, instead of
> having to relax the access permission, Xen can simply switch to an EPT=
> (called a view) that allows the operation to continue."
>
> However, that is now an all-or-none operating procedure - either allow=
> or deny the operation that triggered the event. You can't, for exa= mple,
> allow the operation but disallow its actual write, so that you can
> continue to observe malicious activity without the malware being able = to
> actually do what it wants to do.

Certainly, that's a use-case for which the emulation bas= ed solution is still suitable for. That however is beyond the point of simp= le monitoring and would be more like an IPS solution.

>
> There might also be issues with guests where the number of VCPUs is > bigger than 10, which is the maximum number of allowed EPTs.

You don't need a separate altp2m view for each vCPU. All= you need is two views that can be interchanged in each vCPU independently.=

>
> Both solutions have advantages and disadvantages, and having them both=
> makes Xen a great platform for the discerning developer.

Certainly, having access to the emulator does have its useca= ses.

While the
> altp2m solution might be simpler for your use-case, perhaps neither is=
> intrinsically superior.

For the usecase of monitoring arbitrary memory accesses and = code execution on multi-vCPU systems it is the only readily available solut= ion at the moment.=C2=A0 Using the emulator in this fashion unfortunately c= rashes the guest (that's the case you verified too, we should probably = report that issue on xen-devel). But even if the emulator worked properly, = provided the long list of bugs we have encountered in emulators in recent y= ears I would not be surprised to find more issues. So if it can be avoided,= it should be. And in this case it can be quite nicely.

>
> Cheers,
> Razvan

Thanks!
Tamas

--001a11430efe4971c90528872b5f-- --===============1287369431977985250== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1287369431977985250==-- From publicity-bounces@lists.xenproject.org Mon Jan 04 19:59:11 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 19:59:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBHa-0008EP-Sj; Mon, 04 Jan 2016 19:59:10 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBHY-0008ED-W2 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 19:59:09 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id B9/9D-21571-C0FCA865; Mon, 04 Jan 2016 19:59:08 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-15.tower-21.messagelabs.com!1451937547!8355232!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 39582 invoked from network); 4 Jan 2016 19:59:07 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-15.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 19:59:07 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=R3efWjGhDh9SurNc9h2aDBNnt8wmiaT8sDvzKOksfVq4QWWyCGBxMO9qPGeeALw6+/AB0Hhy+5MJGRggVaWdGIS2Yhc7de3FPpkoi8035ZzJbNQBvu6oI3UqKGc00Vb06EbDDmxgKu/rcbSEcnlpdw8ocmMjlgF5fWEdwmqF8U7TrGV1EJ6CZwYY95gBJr9DvtLclFZPLnW+S8dxI+UQjTBjr4jI8r7DraT6r8VeUH4xObR8JzPKL+7JQIvOPIoS50fHZ902cXVMMf8ljqvAA5wqzGBSoWqpXTpoNLx2L8jlnlxxOgV9Utonslcfwk7VQA2U7rmYbPur23sV388bmg==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=q1DECs5zF 0LaoA+zB/5P73E/ORQ=; b=xAPi7xb0iZ+yIXm1+5bVcrUJnpErwfHesy1g9ZY08 0bxC3POFcm3tivmkJ536CXoBUXRhy/KVMFKCQRUP3ucd6FNCO9KKhMIFv6J31ipU N9JCaHPnwnXJyAeJuLfVVyvyjulqJnnfW931666x35XnBY3//Y53gTaSRpeyYTKx eHbP8T0A8KXx/wVbnEo0FhYd+h74BoZZ/5FVGD3EVwl1oae0RXlDYxHDYvVH7b3q R3HNLBtbRj25ff/7r3ESOdLknUoZdXucjk7l/ZXyOFxbyAQsAfH1/aJO+69nCvSE ZrVSEYjN5cnETQLc6V0V+cHquuwqf0wqJBtBSGddCPs/Q== Received: (qmail 5080 invoked from network); 4 Jan 2016 21:59:05 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 21:59:05 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 9BD0780466 for ; Mon, 4 Jan 2016 21:59:05 +0200 (EET) Received: (qmail 1415 invoked from network); 4 Jan 2016 21:59:05 +0200 Received: from 82-76-69-105.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@82.76.69.105) by smtp03.buh.bitdefender.org with SMTP; 4 Jan 2016 21:59:04 +0200 To: "Lengyel, Tamas" References: <568AA198.8000308@bitdefender.com> From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <568ACF08.1070905@bitdefender.com> Date: Mon, 4 Jan 2016 21:59:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64080 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410843, Stamp: 3], Multi: [Enabled, t: (0.000013,0.004267)], BW: [Enabled, t: (0.000006)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.005621), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.010237)], URL: [Enabled, t: (0.000022)], RTDA: [Enabled, t: (0.024135), Hit: No, Details: v2.3.1; Id: 2m1ghar.1a8610d0q.7ui5], total: 0(775) X-BitDefender-CF-Stamp: none Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 09:31 PM, Lengyel, Tamas wrote: > Hi Razvan, > thanks for chiming in! > > On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" > wrote: >> >> On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: >> > However, this solution (while supported) is not particularly ideal as it >> > still creates significant performance overhead. Moreover, emulation in >> > Xen is known to be buggy, so creating security tools that ultimately >> > rely on an emulator is just asking for trouble. >> >> That's debatable. The emulator is not as much buggy as it is incomplete, > > Yes, that's a nicer way to state it. > >> and there are ways around that - see the emulator bypass patch in our >> initial series back in 2014. I do concede that the Xen emulator does >> have a way to go. > > By default the only option is Xen's emulator so that's what I think > should be discussed. Using another emulator, while probably possible, > would certainly not be trivial. Of course, but I wasn't referring to using a different emulator. I was simply talking about this patch: http://lists.xen.org/archives/html/xen-devel/2014-07/msg00309.html a minor variation of which has been quite useful in practice so far. >> This is definitely not a very detailed analysis of what's happening, but >> I would think that the latter process takes at least as much time as the >> former. In other words, I don't see how the altp2m case improves >> performance. > > I don't think it does either. But then I have misread your statement that "However, this solution (while supported) is not particularly ideal as it still creates significant performance overhead." - I've read it to mean that the significant performance overhead you're talking about applies to the emulation case, as opposed to the better altp2m way - which, as it turns out, neither of us believes. >> Further on you say "By having multiple EPTs we can have differing access >> permissions defined in each table, which can be swapped around at will. >> When the guest makes a memory access that is monitored, instead of >> having to relax the access permission, Xen can simply switch to an EPT >> (called a view) that allows the operation to continue." >> >> However, that is now an all-or-none operating procedure - either allow >> or deny the operation that triggered the event. You can't, for example, >> allow the operation but disallow its actual write, so that you can >> continue to observe malicious activity without the malware being able to >> actually do what it wants to do. > > Certainly, that's a use-case for which the emulation based solution is > still suitable for. That however is beyond the point of simple > monitoring and would be more like an IPS solution. Maybe, but that possibility is there for the taking today (it's the VM_EVENT_FLAG_EMULATE_NOWRITE reply), and it's not something that can be done via altp2m. That's all I was saying. >> There might also be issues with guests where the number of VCPUs is >> bigger than 10, which is the maximum number of allowed EPTs. > > You don't need a separate altp2m view for each vCPU. All you need is two > views that can be interchanged in each vCPU independently. Right. I had a more complicated use-case in mind, but indeed, you can get by with two quite nicely. Thanks for the clarification! > While the >> altp2m solution might be simpler for your use-case, perhaps neither is >> intrinsically superior. > > For the usecase of monitoring arbitrary memory accesses and code > execution on multi-vCPU systems it is the only readily available > solution at the moment. Using the emulator in this fashion > unfortunately crashes the guest (that's the case you verified too, we > should probably report that issue on xen-devel). But even if the > emulator worked properly, provided the long list of bugs we have > encountered in emulators in recent years I would not be surprised to > find more issues. So if it can be avoided, it should be. And in this > case it can be quite nicely. I think the crash case should be brought up on xen-devel too - I had assumed that you're still debugging the hypervisor / emulator on that issue.notwithstanding My experience has been the opposite - a few rogue instructions _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 19:59:11 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 19:59:11 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBHa-0008EP-Sj; Mon, 04 Jan 2016 19:59:10 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBHY-0008ED-W2 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 19:59:09 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id B9/9D-21571-C0FCA865; Mon, 04 Jan 2016 19:59:08 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-15.tower-21.messagelabs.com!1451937547!8355232!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 39582 invoked from network); 4 Jan 2016 19:59:07 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-15.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 19:59:07 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=R3efWjGhDh9SurNc9h2aDBNnt8wmiaT8sDvzKOksfVq4QWWyCGBxMO9qPGeeALw6+/AB0Hhy+5MJGRggVaWdGIS2Yhc7de3FPpkoi8035ZzJbNQBvu6oI3UqKGc00Vb06EbDDmxgKu/rcbSEcnlpdw8ocmMjlgF5fWEdwmqF8U7TrGV1EJ6CZwYY95gBJr9DvtLclFZPLnW+S8dxI+UQjTBjr4jI8r7DraT6r8VeUH4xObR8JzPKL+7JQIvOPIoS50fHZ902cXVMMf8ljqvAA5wqzGBSoWqpXTpoNLx2L8jlnlxxOgV9Utonslcfwk7VQA2U7rmYbPur23sV388bmg==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=q1DECs5zF 0LaoA+zB/5P73E/ORQ=; b=xAPi7xb0iZ+yIXm1+5bVcrUJnpErwfHesy1g9ZY08 0bxC3POFcm3tivmkJ536CXoBUXRhy/KVMFKCQRUP3ucd6FNCO9KKhMIFv6J31ipU N9JCaHPnwnXJyAeJuLfVVyvyjulqJnnfW931666x35XnBY3//Y53gTaSRpeyYTKx eHbP8T0A8KXx/wVbnEo0FhYd+h74BoZZ/5FVGD3EVwl1oae0RXlDYxHDYvVH7b3q R3HNLBtbRj25ff/7r3ESOdLknUoZdXucjk7l/ZXyOFxbyAQsAfH1/aJO+69nCvSE ZrVSEYjN5cnETQLc6V0V+cHquuwqf0wqJBtBSGddCPs/Q== Received: (qmail 5080 invoked from network); 4 Jan 2016 21:59:05 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 21:59:05 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id 9BD0780466 for ; Mon, 4 Jan 2016 21:59:05 +0200 (EET) Received: (qmail 1415 invoked from network); 4 Jan 2016 21:59:05 +0200 Received: from 82-76-69-105.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@82.76.69.105) by smtp03.buh.bitdefender.org with SMTP; 4 Jan 2016 21:59:04 +0200 To: "Lengyel, Tamas" References: <568AA198.8000308@bitdefender.com> From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <568ACF08.1070905@bitdefender.com> Date: Mon, 4 Jan 2016 21:59:04 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64080 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410843, Stamp: 3], Multi: [Enabled, t: (0.000013,0.004267)], BW: [Enabled, t: (0.000006)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.005621), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_LEGIT_SUMM_400_WORDS; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.010237)], URL: [Enabled, t: (0.000022)], RTDA: [Enabled, t: (0.024135), Hit: No, Details: v2.3.1; Id: 2m1ghar.1a8610d0q.7ui5], total: 0(775) X-BitDefender-CF-Stamp: none Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 09:31 PM, Lengyel, Tamas wrote: > Hi Razvan, > thanks for chiming in! > > On Jan 4, 2016 5:43 PM, "Razvan Cojocaru" > wrote: >> >> On 01/04/2016 04:26 PM, Lengyel, Tamas wrote: >> > However, this solution (while supported) is not particularly ideal as it >> > still creates significant performance overhead. Moreover, emulation in >> > Xen is known to be buggy, so creating security tools that ultimately >> > rely on an emulator is just asking for trouble. >> >> That's debatable. The emulator is not as much buggy as it is incomplete, > > Yes, that's a nicer way to state it. > >> and there are ways around that - see the emulator bypass patch in our >> initial series back in 2014. I do concede that the Xen emulator does >> have a way to go. > > By default the only option is Xen's emulator so that's what I think > should be discussed. Using another emulator, while probably possible, > would certainly not be trivial. Of course, but I wasn't referring to using a different emulator. I was simply talking about this patch: http://lists.xen.org/archives/html/xen-devel/2014-07/msg00309.html a minor variation of which has been quite useful in practice so far. >> This is definitely not a very detailed analysis of what's happening, but >> I would think that the latter process takes at least as much time as the >> former. In other words, I don't see how the altp2m case improves >> performance. > > I don't think it does either. But then I have misread your statement that "However, this solution (while supported) is not particularly ideal as it still creates significant performance overhead." - I've read it to mean that the significant performance overhead you're talking about applies to the emulation case, as opposed to the better altp2m way - which, as it turns out, neither of us believes. >> Further on you say "By having multiple EPTs we can have differing access >> permissions defined in each table, which can be swapped around at will. >> When the guest makes a memory access that is monitored, instead of >> having to relax the access permission, Xen can simply switch to an EPT >> (called a view) that allows the operation to continue." >> >> However, that is now an all-or-none operating procedure - either allow >> or deny the operation that triggered the event. You can't, for example, >> allow the operation but disallow its actual write, so that you can >> continue to observe malicious activity without the malware being able to >> actually do what it wants to do. > > Certainly, that's a use-case for which the emulation based solution is > still suitable for. That however is beyond the point of simple > monitoring and would be more like an IPS solution. Maybe, but that possibility is there for the taking today (it's the VM_EVENT_FLAG_EMULATE_NOWRITE reply), and it's not something that can be done via altp2m. That's all I was saying. >> There might also be issues with guests where the number of VCPUs is >> bigger than 10, which is the maximum number of allowed EPTs. > > You don't need a separate altp2m view for each vCPU. All you need is two > views that can be interchanged in each vCPU independently. Right. I had a more complicated use-case in mind, but indeed, you can get by with two quite nicely. Thanks for the clarification! > While the >> altp2m solution might be simpler for your use-case, perhaps neither is >> intrinsically superior. > > For the usecase of monitoring arbitrary memory accesses and code > execution on multi-vCPU systems it is the only readily available > solution at the moment. Using the emulator in this fashion > unfortunately crashes the guest (that's the case you verified too, we > should probably report that issue on xen-devel). But even if the > emulator worked properly, provided the long list of bugs we have > encountered in emulators in recent years I would not be surprised to > find more issues. So if it can be avoided, it should be. And in this > case it can be quite nicely. I think the crash case should be brought up on xen-devel too - I had assumed that you're still debugging the hypervisor / emulator on that issue.notwithstanding My experience has been the opposite - a few rogue instructions _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 20:03:34 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 20:03:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBLq-0000Ia-E4; Mon, 04 Jan 2016 20:03:34 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBLo-0000IJ-IW for publicity@lists.xenproject.org; Mon, 04 Jan 2016 20:03:32 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 57/8F-21571-310DA865; Mon, 04 Jan 2016 20:03:31 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-14.tower-21.messagelabs.com!1451937810!8352361!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 51664 invoked from network); 4 Jan 2016 20:03:31 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-14.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 20:03:31 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=UHWAiY6PvVO9zKiH8g+sdbTkeUXW0y3F+0YVPL61yGkWscBosKZTOW2NX4WsMgXIcGfVq+KI2xl40MaZOsB2Wyv7OysDjhfB1CqnoSokMg8IUJCJOFJd0oWBXnujivh0aX3gOsZLJllzJIZ8mnUM6UUOP/6QR7YwFHPXg1rqLjzOvn6z4y8OdUvhtbPhzQjN/XGPzOxzIZqcVTNhPq5Fim1exUmoGmtVQ6kXlKPrAGyUTXLPDfLb5GEfAr9M+IKQ1wsnRDkAFkx8ID7F0zL4Z2LgcyzZWH4nP23gZ5puGEYJOjRXLuLtEU1ejTAe3SeHsdwuFC6yxw1rBFrWs3jGOw==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=Evr2dZ4ks FHsMRpJIuN5EBZtlY8=; b=jmAk97gE9yyb76kqBoqCh1ikfELSoub13TsbRfMzW c7cfBmJVk9iFkPGUsHnAG0PdZeZKlxDt4L6S8Rc+BpFxhBUke8Wm44mcEA7ACejV /djGnhchZUfZWcFz+OOEss42kaTdpNAyh1SgrT05J/WNFS8IuqgVz6+WU8lZyrjP z0SXMQJWb5aMFiIhwCytIvfiNswdKLLZzVlYg1vWbIq27S/l1It8a+PccKY42BCf iCyYPo362jxPNauBwqLAQfsnRfIVt6t2/vjhMGp4gXldZcGSckFHncymII0jDfiX BFB7LoqtPSzbP3Hv96v207/ZIo5imL/W5Grcld72Eib9A== Received: (qmail 5344 invoked from network); 4 Jan 2016 22:03:30 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 22:03:30 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id CF8C680466 for ; Mon, 4 Jan 2016 22:03:29 +0200 (EET) Received: (qmail 1467 invoked from network); 4 Jan 2016 22:03:29 +0200 Received: from 82-76-69-105.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@82.76.69.105) by smtp03.buh.bitdefender.org with SMTP; 4 Jan 2016 22:03:28 +0200 To: "Lengyel, Tamas" References: <568AA198.8000308@bitdefender.com> From: Razvan Cojocaru Message-ID: <568AD010.9070005@bitdefender.com> Date: Mon, 4 Jan 2016 22:03:28 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64080 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410843, Stamp: 3], Multi: [Enabled, t: (0.000006,0.001987)], BW: [Enabled, t: (0.000005,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.003902), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.009780)], URL: [Enabled, t: (0.000022)], RTDA: [Enabled, t: (0.017888), Hit: No, Details: v2.3.1; Id: 2m1gha7.1a85p9s4n.ajvl], total: 0(775) X-BitDefender-CF-Stamp: none Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 09:31 PM, Lengyel, Tamas wrote: > While the >> altp2m solution might be simpler for your use-case, perhaps neither is >> intrinsically superior. > > For the usecase of monitoring arbitrary memory accesses and code > execution on multi-vCPU systems it is the only readily available > solution at the moment. Using the emulator in this fashion > unfortunately crashes the guest (that's the case you verified too, we > should probably report that issue on xen-devel). But even if the > emulator worked properly, provided the long list of bugs we have > encountered in emulators in recent years I would not be surprised to > find more issues. So if it can be avoided, it should be. And in this > case it can be quite nicely. Apologies, my laptop's touchpad triggered an unwanted click on "Send" without me having been able to finish the previous email. Last part resumed here. I think the crash case should be brought up on xen-devel too - I had assumed that you're still debugging the hypervisor / emulator on that issue.notwithstanding My experience has been the opposite - a few rogue instructions notwithstanding (which have been succesfully "treated" with the patch linked in the previous email), the emulator has been a workhorse and has triggered no significant issues. I do appreciate that your use case is different. We probably should get at the bottom of what's happening there. Cheers, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 20:03:34 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 20:03:34 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBLq-0000Ia-E4; Mon, 04 Jan 2016 20:03:34 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBLo-0000IJ-IW for publicity@lists.xenproject.org; Mon, 04 Jan 2016 20:03:32 +0000 Received: from [85.158.143.35] by server-1.bemta-4.messagelabs.com id 57/8F-21571-310DA865; Mon, 04 Jan 2016 20:03:31 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-14.tower-21.messagelabs.com!1451937810!8352361!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 51664 invoked from network); 4 Jan 2016 20:03:31 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-14.tower-21.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 20:03:31 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=UHWAiY6PvVO9zKiH8g+sdbTkeUXW0y3F+0YVPL61yGkWscBosKZTOW2NX4WsMgXIcGfVq+KI2xl40MaZOsB2Wyv7OysDjhfB1CqnoSokMg8IUJCJOFJd0oWBXnujivh0aX3gOsZLJllzJIZ8mnUM6UUOP/6QR7YwFHPXg1rqLjzOvn6z4y8OdUvhtbPhzQjN/XGPzOxzIZqcVTNhPq5Fim1exUmoGmtVQ6kXlKPrAGyUTXLPDfLb5GEfAr9M+IKQ1wsnRDkAFkx8ID7F0zL4Z2LgcyzZWH4nP23gZ5puGEYJOjRXLuLtEU1ejTAe3SeHsdwuFC6yxw1rBFrWs3jGOw==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=Evr2dZ4ks FHsMRpJIuN5EBZtlY8=; b=jmAk97gE9yyb76kqBoqCh1ikfELSoub13TsbRfMzW c7cfBmJVk9iFkPGUsHnAG0PdZeZKlxDt4L6S8Rc+BpFxhBUke8Wm44mcEA7ACejV /djGnhchZUfZWcFz+OOEss42kaTdpNAyh1SgrT05J/WNFS8IuqgVz6+WU8lZyrjP z0SXMQJWb5aMFiIhwCytIvfiNswdKLLZzVlYg1vWbIq27S/l1It8a+PccKY42BCf iCyYPo362jxPNauBwqLAQfsnRfIVt6t2/vjhMGp4gXldZcGSckFHncymII0jDfiX BFB7LoqtPSzbP3Hv96v207/ZIo5imL/W5Grcld72Eib9A== Received: (qmail 5344 invoked from network); 4 Jan 2016 22:03:30 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 4 Jan 2016 22:03:30 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id CF8C680466 for ; Mon, 4 Jan 2016 22:03:29 +0200 (EET) Received: (qmail 1467 invoked from network); 4 Jan 2016 22:03:29 +0200 Received: from 82-76-69-105.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@82.76.69.105) by smtp03.buh.bitdefender.org with SMTP; 4 Jan 2016 22:03:28 +0200 To: "Lengyel, Tamas" References: <568AA198.8000308@bitdefender.com> From: Razvan Cojocaru Message-ID: <568AD010.9070005@bitdefender.com> Date: Mon, 4 Jan 2016 22:03:28 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.0 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64080 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 410843, Stamp: 3], Multi: [Enabled, t: (0.000006,0.001987)], BW: [Enabled, t: (0.000005,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.003902), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.009780)], URL: [Enabled, t: (0.000022)], RTDA: [Enabled, t: (0.017888), Hit: No, Details: v2.3.1; Id: 2m1gha7.1a85p9s4n.ajvl], total: 0(775) X-BitDefender-CF-Stamp: none Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/04/2016 09:31 PM, Lengyel, Tamas wrote: > While the >> altp2m solution might be simpler for your use-case, perhaps neither is >> intrinsically superior. > > For the usecase of monitoring arbitrary memory accesses and code > execution on multi-vCPU systems it is the only readily available > solution at the moment. Using the emulator in this fashion > unfortunately crashes the guest (that's the case you verified too, we > should probably report that issue on xen-devel). But even if the > emulator worked properly, provided the long list of bugs we have > encountered in emulators in recent years I would not be surprised to > find more issues. So if it can be avoided, it should be. And in this > case it can be quite nicely. Apologies, my laptop's touchpad triggered an unwanted click on "Send" without me having been able to finish the previous email. Last part resumed here. I think the crash case should be brought up on xen-devel too - I had assumed that you're still debugging the hypervisor / emulator on that issue.notwithstanding My experience has been the opposite - a few rogue instructions notwithstanding (which have been succesfully "treated" with the patch linked in the previous email), the emulator has been a workhorse and has triggered no significant issues. I do appreciate that your use case is different. We probably should get at the bottom of what's happening there. Cheers, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 04 20:40:00 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 20:40:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBv5-0002nd-Vj; Mon, 04 Jan 2016 20:39:59 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBv3-0002nQ-Q0 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 20:39:58 +0000 Received: from [193.109.254.147] by server-11.bemta-14.messagelabs.com id 0D/52-28228-D98DA865; Mon, 04 Jan 2016 20:39:57 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-12.tower-27.messagelabs.com!1451939994!14632356!1 X-Originating-IP: [209.85.213.46] X-SpamReason: No, hits=1.2 required=7.0 tests=HTML_10_20,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3829 invoked from network); 4 Jan 2016 20:39:55 -0000 Received: from mail-vk0-f46.google.com (HELO mail-vk0-f46.google.com) (209.85.213.46) by server-12.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 20:39:55 -0000 Received: by mail-vk0-f46.google.com with SMTP id k1so128794345vkb.2 for ; Mon, 04 Jan 2016 12:39:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5gP1XywwiwxP9e/hEZNSAA0KPBRKKckMDdJdWHIaE2c=; b=V5ubCKa4kLcq+qBz1C+Z7uPBl9doOmc8vsUlekjXoqf31UbnHIR47TsC2PVP3Tgmor udkJ7nVOY5Y0N1fJklpHLqHEPcF/Qu120R5ndEXrLjMpHuHB8B0eN+D5WmKlFirPCiyu qAwfZEFjp7gumPGHbakEZuI0fJw3sENfUWWPKZ1Hlc5djmcviDnuNn6C8fQSx2H5bIxn WNVjXhuBrJ/I0PsXT8hfsMFnte/JQQ/gYIgCYCjmMdSzPt8mFl/HrikPF5d4xIDxxGy8 aDilN0t/1ymDGyaCYfnRuw9NDz/3gPkjzSd8oagVqgvnjMhZyJ+EVNFKEhjlCdOVb4Fo dbBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5gP1XywwiwxP9e/hEZNSAA0KPBRKKckMDdJdWHIaE2c=; b=XmIR1EGuDPSyCXxHef8rBOuglGikpIxQSNOba4+mAJ8jIuf5cC6qYDur/ttz9FWR66 7l/MSmJC4SpcOsNs+UygAtcMZxi4fw+KKJbDjkcjYLXw3vPycaG4qwq7ii+4b7c8J8PS ThMFVR1nAzJuUc+wIq596Z0UH1BCMqIa8vjogp5g7adITBG0wgKploTY+wonVm4SFwf8 yCAUg+7gO9VlmNZTUJgDp4et7JbhLFUpdzX5Lpjr2ecnoeHjENR6jO7x6F44BrLVNr6b FHyXkftlWrrzhgYnLjdNhUOJSu/SSlVsaNA5sqaVaZF0W6FfwpVH4tcklo9IuEr+Addo 3KJg== X-Gm-Message-State: ALoCoQll7n6BlcQqXobwRy/v+RvL63TOJSEsU0lJqkfrQvmqYOHyO+zKPJku3+of3mtJkksWTJvqBVd4tSWiwMJ6tV7LZIg2W3qk2mo0NdFN7iafC7F0EUA= MIME-Version: 1.0 X-Received: by 10.31.52.134 with SMTP id b128mr34031329vka.124.1451939994510; Mon, 04 Jan 2016 12:39:54 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 12:39:54 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 12:39:54 -0800 (PST) In-Reply-To: <568ACF08.1070905@bitdefender.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> Date: Mon, 4 Jan 2016 21:39:54 +0100 Message-ID: From: "Lengyel, Tamas" To: Razvan Cojocaru Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3283631422825791115==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============3283631422825791115== Content-Type: multipart/alternative; boundary=001a114402be9bc3390528881f55 --001a114402be9bc3390528881f55 Content-Type: text/plain; charset=UTF-8 > >> This is definitely not a very detailed analysis of what's happening, but > >> I would think that the latter process takes at least as much time as the > >> former. In other words, I don't see how the altp2m case improves > >> performance. > > > > I don't think it does either. > > But then I have misread your statement that "However, this solution > (while supported) is not particularly ideal as it still creates > significant performance overhead." - I've read it to mean that the > significant performance overhead you're talking about applies to the > emulation case, as opposed to the better altp2m way - which, as it turns > out, neither of us believes. > Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit to avoid the confusion. Cheers, Tamas --001a114402be9bc3390528881f55 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


> >> This is definitely not a very detailed analysis of what's= happening, but
> >> I would think that the latter process takes at least as much = time as the
> >> former. In other words, I don't see how the altp2m case i= mproves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this soluti= on
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean tha= t the
> significant performance overhead you're talking about applies to t= he
> emulation case, as opposed to the better altp2m way - which, as it tur= ns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is n= ot optimal because of the extra overhead of the unrelated instruction fetch= violations on the page. The performance gain is achieved with the breakpoi= nt trick in DRAKVUF, not specific to altp2m (only triggers at specific poin= ts instead of the whole page). It only applies for excecution tracing, but = in my use-case that had been the major goal and thus the main source of ove= rhead. Here I highlight that this lighter monitoring can still be used on m= ulti-vCPU systems safely with altp2m by doing the shadow copy/remapping met= hod. I can try to rework this part a bit=C2=A0 to avoid the confusion.

Cheers,
Tamas

--001a114402be9bc3390528881f55-- --===============3283631422825791115== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============3283631422825791115==-- From publicity-bounces@lists.xenproject.org Mon Jan 04 20:40:00 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 04 Jan 2016 20:40:00 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBv5-0002nd-Vj; Mon, 04 Jan 2016 20:39:59 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aGBv3-0002nQ-Q0 for publicity@lists.xenproject.org; Mon, 04 Jan 2016 20:39:58 +0000 Received: from [193.109.254.147] by server-11.bemta-14.messagelabs.com id 0D/52-28228-D98DA865; Mon, 04 Jan 2016 20:39:57 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-12.tower-27.messagelabs.com!1451939994!14632356!1 X-Originating-IP: [209.85.213.46] X-SpamReason: No, hits=1.2 required=7.0 tests=HTML_10_20,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3829 invoked from network); 4 Jan 2016 20:39:55 -0000 Received: from mail-vk0-f46.google.com (HELO mail-vk0-f46.google.com) (209.85.213.46) by server-12.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 4 Jan 2016 20:39:55 -0000 Received: by mail-vk0-f46.google.com with SMTP id k1so128794345vkb.2 for ; Mon, 04 Jan 2016 12:39:55 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=5gP1XywwiwxP9e/hEZNSAA0KPBRKKckMDdJdWHIaE2c=; b=V5ubCKa4kLcq+qBz1C+Z7uPBl9doOmc8vsUlekjXoqf31UbnHIR47TsC2PVP3Tgmor udkJ7nVOY5Y0N1fJklpHLqHEPcF/Qu120R5ndEXrLjMpHuHB8B0eN+D5WmKlFirPCiyu qAwfZEFjp7gumPGHbakEZuI0fJw3sENfUWWPKZ1Hlc5djmcviDnuNn6C8fQSx2H5bIxn WNVjXhuBrJ/I0PsXT8hfsMFnte/JQQ/gYIgCYCjmMdSzPt8mFl/HrikPF5d4xIDxxGy8 aDilN0t/1ymDGyaCYfnRuw9NDz/3gPkjzSd8oagVqgvnjMhZyJ+EVNFKEhjlCdOVb4Fo dbBQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:date :message-id:subject:from:to:cc:content-type; bh=5gP1XywwiwxP9e/hEZNSAA0KPBRKKckMDdJdWHIaE2c=; b=XmIR1EGuDPSyCXxHef8rBOuglGikpIxQSNOba4+mAJ8jIuf5cC6qYDur/ttz9FWR66 7l/MSmJC4SpcOsNs+UygAtcMZxi4fw+KKJbDjkcjYLXw3vPycaG4qwq7ii+4b7c8J8PS ThMFVR1nAzJuUc+wIq596Z0UH1BCMqIa8vjogp5g7adITBG0wgKploTY+wonVm4SFwf8 yCAUg+7gO9VlmNZTUJgDp4et7JbhLFUpdzX5Lpjr2ecnoeHjENR6jO7x6F44BrLVNr6b FHyXkftlWrrzhgYnLjdNhUOJSu/SSlVsaNA5sqaVaZF0W6FfwpVH4tcklo9IuEr+Addo 3KJg== X-Gm-Message-State: ALoCoQll7n6BlcQqXobwRy/v+RvL63TOJSEsU0lJqkfrQvmqYOHyO+zKPJku3+of3mtJkksWTJvqBVd4tSWiwMJ6tV7LZIg2W3qk2mo0NdFN7iafC7F0EUA= MIME-Version: 1.0 X-Received: by 10.31.52.134 with SMTP id b128mr34031329vka.124.1451939994510; Mon, 04 Jan 2016 12:39:54 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 12:39:54 -0800 (PST) Received: by 10.103.40.130 with HTTP; Mon, 4 Jan 2016 12:39:54 -0800 (PST) In-Reply-To: <568ACF08.1070905@bitdefender.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> Date: Mon, 4 Jan 2016 21:39:54 +0100 Message-ID: From: "Lengyel, Tamas" To: Razvan Cojocaru Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============3283631422825791115==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============3283631422825791115== Content-Type: multipart/alternative; boundary=001a114402be9bc3390528881f55 --001a114402be9bc3390528881f55 Content-Type: text/plain; charset=UTF-8 > >> This is definitely not a very detailed analysis of what's happening, but > >> I would think that the latter process takes at least as much time as the > >> former. In other words, I don't see how the altp2m case improves > >> performance. > > > > I don't think it does either. > > But then I have misread your statement that "However, this solution > (while supported) is not particularly ideal as it still creates > significant performance overhead." - I've read it to mean that the > significant performance overhead you're talking about applies to the > emulation case, as opposed to the better altp2m way - which, as it turns > out, neither of us believes. > Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit to avoid the confusion. Cheers, Tamas --001a114402be9bc3390528881f55 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


> >> This is definitely not a very detailed analysis of what's= happening, but
> >> I would think that the latter process takes at least as much = time as the
> >> former. In other words, I don't see how the altp2m case i= mproves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this soluti= on
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean tha= t the
> significant performance overhead you're talking about applies to t= he
> emulation case, as opposed to the better altp2m way - which, as it tur= ns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is n= ot optimal because of the extra overhead of the unrelated instruction fetch= violations on the page. The performance gain is achieved with the breakpoi= nt trick in DRAKVUF, not specific to altp2m (only triggers at specific poin= ts instead of the whole page). It only applies for excecution tracing, but = in my use-case that had been the major goal and thus the main source of ove= rhead. Here I highlight that this lighter monitoring can still be used on m= ulti-vCPU systems safely with altp2m by doing the shadow copy/remapping met= hod. I can try to rework this part a bit=C2=A0 to avoid the confusion.

Cheers,
Tamas

--001a114402be9bc3390528881f55-- --===============3283631422825791115== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============3283631422825791115==-- From publicity-bounces@lists.xenproject.org Thu Jan 07 18:25:41 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Thu, 07 Jan 2016 18:25:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHFFj-0001Xb-9Q; Thu, 07 Jan 2016 18:25:39 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHFFh-0001XW-9Z for publicity@lists.xenproject.org; Thu, 07 Jan 2016 18:25:37 +0000 Received: from [193.109.254.147] by server-4.bemta-14.messagelabs.com id 91/C7-10715-0ADAE865; Thu, 07 Jan 2016 18:25:36 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-9.tower-27.messagelabs.com!1452191134!15315253!1 X-Originating-IP: [209.85.160.169] X-SpamReason: No, hits=0.1 required=7.0 tests=HTML_30_40,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 42804 invoked from network); 7 Jan 2016 18:25:35 -0000 Received: from mail-yk0-f169.google.com (HELO mail-yk0-f169.google.com) (209.85.160.169) by server-9.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 7 Jan 2016 18:25:35 -0000 Received: by mail-yk0-f169.google.com with SMTP id k129so316595076yke.0 for ; Thu, 07 Jan 2016 10:25:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=rsNwEA6c9aduleL7k13HYTjY75Uvnpc3Fo5p3GykZrs=; b=Y1HZMboNyr+PidEBPL4SR908+EYUYc/iHQ05Eu0s0W2FIMKHMDHAZ1Xxz5v4rqmyDE zpKmwGFR5nX1NY3qHef6bMYX4zzGdYYYaX9wSB/224acr8Qd2nkrjnuq26IvNFjQvPqm FuRE78Yucll9MI8ue82YmVw94U+O7tqQ5PV34xdTiJB4OR5am0DyifQc1D7v5/qmakcP UpA7nPEtZOrxdpQFfu9jfS5/0pOLRFoDtCqjOetRp6DxMIZi5JtYNWv4fb1neBuyOtCk IwJsoZG96NLrLW3pHTU9do0Le3EhOu7+sP5eF4Uob99NrkYOfjnXH8jupQ7mQQb3VTdE 96Dw== X-Received: by 10.13.192.130 with SMTP id b124mr87518018ywd.218.1452191134028; Thu, 07 Jan 2016 10:25:34 -0800 (PST) Received: from [10.80.114.94] (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id t189sm85615369ywd.43.2016.01.07.10.25.32 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Jan 2016 10:25:33 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Thu, 7 Jan 2016 18:25:30 +0000 Message-Id: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2012849071512330550==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============2012849071512330550== Content-Type: multipart/alternative; boundary="Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940" --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi folks, I just saw this. Given that there were some technical comments, does it = make sense for Tamas to incorporate these and I and then I and Sarah can = have a look to make it more punchy? Lars > On 4 Jan 2016, at 20:39, Lengyel, Tamas > wrote: >=20 >=20 > > >> This is definitely not a very detailed analysis of what's = happening, but > > >> I would think that the latter process takes at least as much time = as the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it = turns > > out, neither of us believes. > > >=20 > Right, what I meant there is execution tracing with EPT is not optimal = because of the extra overhead of the unrelated instruction fetch = violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at = specific points instead of the whole page). It only applies for = excecution tracing, but in my use-case that had been the major goal and = thus the main source of overhead. Here I highlight that this lighter = monitoring can still be used on multi-vCPU systems safely with altp2m by = doing the shadow copy/remapping method. I can try to rework this part a = bit to avoid the confusion. >=20 > Cheers, > Tamas >=20 > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi folks,
I just saw this. Given that there were some technical comments, does it make sense for Tamas to incorporate these and I and then I and Sarah can have a look to make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas <tlengyel@novetta.com> wrote:


> >> This is definitely not a very detailed analysis of what's happening, but
> >> I would think that the latter process takes at least as much time as the
> >> former. In other words, I don't see how the altp2m case improves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this solution
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean that the
> significant performance overhead you're talking about applies to the
> emulation case, as opposed to the better altp2m way - which, as it turns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit  to avoid the confusion.

Cheers,
Tamas

_______________________________________________
Publicity mailing list
Publicity@lists.xenproject.org
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

--Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940-- --===============2012849071512330550== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============2012849071512330550==-- From publicity-bounces@lists.xenproject.org Thu Jan 07 18:25:41 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Thu, 07 Jan 2016 18:25:41 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHFFj-0001Xb-9Q; Thu, 07 Jan 2016 18:25:39 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHFFh-0001XW-9Z for publicity@lists.xenproject.org; Thu, 07 Jan 2016 18:25:37 +0000 Received: from [193.109.254.147] by server-4.bemta-14.messagelabs.com id 91/C7-10715-0ADAE865; Thu, 07 Jan 2016 18:25:36 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-9.tower-27.messagelabs.com!1452191134!15315253!1 X-Originating-IP: [209.85.160.169] X-SpamReason: No, hits=0.1 required=7.0 tests=HTML_30_40,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 42804 invoked from network); 7 Jan 2016 18:25:35 -0000 Received: from mail-yk0-f169.google.com (HELO mail-yk0-f169.google.com) (209.85.160.169) by server-9.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 7 Jan 2016 18:25:35 -0000 Received: by mail-yk0-f169.google.com with SMTP id k129so316595076yke.0 for ; Thu, 07 Jan 2016 10:25:34 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=rsNwEA6c9aduleL7k13HYTjY75Uvnpc3Fo5p3GykZrs=; b=Y1HZMboNyr+PidEBPL4SR908+EYUYc/iHQ05Eu0s0W2FIMKHMDHAZ1Xxz5v4rqmyDE zpKmwGFR5nX1NY3qHef6bMYX4zzGdYYYaX9wSB/224acr8Qd2nkrjnuq26IvNFjQvPqm FuRE78Yucll9MI8ue82YmVw94U+O7tqQ5PV34xdTiJB4OR5am0DyifQc1D7v5/qmakcP UpA7nPEtZOrxdpQFfu9jfS5/0pOLRFoDtCqjOetRp6DxMIZi5JtYNWv4fb1neBuyOtCk IwJsoZG96NLrLW3pHTU9do0Le3EhOu7+sP5eF4Uob99NrkYOfjnXH8jupQ7mQQb3VTdE 96Dw== X-Received: by 10.13.192.130 with SMTP id b124mr87518018ywd.218.1452191134028; Thu, 07 Jan 2016 10:25:34 -0800 (PST) Received: from [10.80.114.94] (default-46-102-197-194.interdsl.co.uk. [46.102.197.194]) by smtp.gmail.com with ESMTPSA id t189sm85615369ywd.43.2016.01.07.10.25.32 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 07 Jan 2016 10:25:33 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Thu, 7 Jan 2016 18:25:30 +0000 Message-Id: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2012849071512330550==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============2012849071512330550== Content-Type: multipart/alternative; boundary="Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940" --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi folks, I just saw this. Given that there were some technical comments, does it = make sense for Tamas to incorporate these and I and then I and Sarah can = have a look to make it more punchy? Lars > On 4 Jan 2016, at 20:39, Lengyel, Tamas > wrote: >=20 >=20 > > >> This is definitely not a very detailed analysis of what's = happening, but > > >> I would think that the latter process takes at least as much time = as the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it = turns > > out, neither of us believes. > > >=20 > Right, what I meant there is execution tracing with EPT is not optimal = because of the extra overhead of the unrelated instruction fetch = violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at = specific points instead of the whole page). It only applies for = excecution tracing, but in my use-case that had been the major goal and = thus the main source of overhead. Here I highlight that this lighter = monitoring can still be used on multi-vCPU systems safely with altp2m by = doing the shadow copy/remapping method. I can try to rework this part a = bit to avoid the confusion. >=20 > Cheers, > Tamas >=20 > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi folks,
I just saw this. Given that there were some technical comments, does it make sense for Tamas to incorporate these and I and then I and Sarah can have a look to make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas <tlengyel@novetta.com> wrote:


> >> This is definitely not a very detailed analysis of what's happening, but
> >> I would think that the latter process takes at least as much time as the
> >> former. In other words, I don't see how the altp2m case improves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this solution
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean that the
> significant performance overhead you're talking about applies to the
> emulation case, as opposed to the better altp2m way - which, as it turns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit  to avoid the confusion.

Cheers,
Tamas

_______________________________________________
Publicity mailing list
Publicity@lists.xenproject.org
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

--Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940-- --===============2012849071512330550== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============2012849071512330550==-- From publicity-bounces@lists.xenproject.org Fri Jan 08 11:31:58 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Fri, 08 Jan 2016 11:31:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHVGv-0001Wx-5b; Fri, 08 Jan 2016 11:31:57 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHVGt-0001Ws-3o for publicity@lists.xenproject.org; Fri, 08 Jan 2016 11:31:55 +0000 Received: from [85.158.139.211] by server-5.bemta-5.messagelabs.com id 3C/B2-03235-A2E9F865; Fri, 08 Jan 2016 11:31:54 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-4.tower-206.messagelabs.com!1452252710!14677480!1 X-Originating-IP: [74.125.82.51] X-SpamReason: No, hits=1.1 required=7.0 tests=DATE_IN_PAST_12_24, HTML_30_40,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6813 invoked from network); 8 Jan 2016 11:31:50 -0000 Received: from mail-wm0-f51.google.com (HELO mail-wm0-f51.google.com) (74.125.82.51) by server-4.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 8 Jan 2016 11:31:50 -0000 Received: by mail-wm0-f51.google.com with SMTP id b14so166769061wmb.1 for ; Fri, 08 Jan 2016 03:31:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=rsNwEA6c9aduleL7k13HYTjY75Uvnpc3Fo5p3GykZrs=; b=Y1HZMboNyr+PidEBPL4SR908+EYUYc/iHQ05Eu0s0W2FIMKHMDHAZ1Xxz5v4rqmyDE zpKmwGFR5nX1NY3qHef6bMYX4zzGdYYYaX9wSB/224acr8Qd2nkrjnuq26IvNFjQvPqm FuRE78Yucll9MI8ue82YmVw94U+O7tqQ5PV34xdTiJB4OR5am0DyifQc1D7v5/qmakcP UpA7nPEtZOrxdpQFfu9jfS5/0pOLRFoDtCqjOetRp6DxMIZi5JtYNWv4fb1neBuyOtCk IwJsoZG96NLrLW3pHTU9do0Le3EhOu7+sP5eF4Uob99NrkYOfjnXH8jupQ7mQQb3VTdE 96Dw== X-Received: by 10.28.132.74 with SMTP id g71mr23614795wmd.100.1452252710687; Fri, 08 Jan 2016 03:31:50 -0800 (PST) Received: from [192.168.0.9] (97e66ed4.skybroadband.com. [151.230.110.212]) by smtp.gmail.com with ESMTPSA id s2sm50345849wjs.43.2016.01.08.03.31.49 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 08 Jan 2016 03:31:49 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Thu, 7 Jan 2016 18:25:30 +0000 Message-Id: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0532690011059357030==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============0532690011059357030== Content-Type: multipart/alternative; boundary="Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940" --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi folks, I just saw this. Given that there were some technical comments, does it = make sense for Tamas to incorporate these and I and then I and Sarah can = have a look to make it more punchy? Lars > On 4 Jan 2016, at 20:39, Lengyel, Tamas > wrote: >=20 >=20 > > >> This is definitely not a very detailed analysis of what's = happening, but > > >> I would think that the latter process takes at least as much time = as the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it = turns > > out, neither of us believes. > > >=20 > Right, what I meant there is execution tracing with EPT is not optimal = because of the extra overhead of the unrelated instruction fetch = violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at = specific points instead of the whole page). It only applies for = excecution tracing, but in my use-case that had been the major goal and = thus the main source of overhead. Here I highlight that this lighter = monitoring can still be used on multi-vCPU systems safely with altp2m by = doing the shadow copy/remapping method. I can try to rework this part a = bit to avoid the confusion. >=20 > Cheers, > Tamas >=20 > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi folks,
I just saw this. Given that there were some technical comments, does it make sense for Tamas to incorporate these and I and then I and Sarah can have a look to make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas <tlengyel@novetta.com> wrote:


> >> This is definitely not a very detailed analysis of what's happening, but
> >> I would think that the latter process takes at least as much time as the
> >> former. In other words, I don't see how the altp2m case improves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this solution
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean that the
> significant performance overhead you're talking about applies to the
> emulation case, as opposed to the better altp2m way - which, as it turns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit  to avoid the confusion.

Cheers,
Tamas

_______________________________________________
Publicity mailing list
Publicity@lists.xenproject.org
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

--Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940-- --===============0532690011059357030== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============0532690011059357030==-- From publicity-bounces@lists.xenproject.org Fri Jan 08 11:31:58 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Fri, 08 Jan 2016 11:31:58 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHVGv-0001Wx-5b; Fri, 08 Jan 2016 11:31:57 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aHVGt-0001Ws-3o for publicity@lists.xenproject.org; Fri, 08 Jan 2016 11:31:55 +0000 Received: from [85.158.139.211] by server-5.bemta-5.messagelabs.com id 3C/B2-03235-A2E9F865; Fri, 08 Jan 2016 11:31:54 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-4.tower-206.messagelabs.com!1452252710!14677480!1 X-Originating-IP: [74.125.82.51] X-SpamReason: No, hits=1.1 required=7.0 tests=DATE_IN_PAST_12_24, HTML_30_40,HTML_MESSAGE X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 6813 invoked from network); 8 Jan 2016 11:31:50 -0000 Received: from mail-wm0-f51.google.com (HELO mail-wm0-f51.google.com) (74.125.82.51) by server-4.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 8 Jan 2016 11:31:50 -0000 Received: by mail-wm0-f51.google.com with SMTP id b14so166769061wmb.1 for ; Fri, 08 Jan 2016 03:31:50 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :message-id:references:to; bh=rsNwEA6c9aduleL7k13HYTjY75Uvnpc3Fo5p3GykZrs=; b=Y1HZMboNyr+PidEBPL4SR908+EYUYc/iHQ05Eu0s0W2FIMKHMDHAZ1Xxz5v4rqmyDE zpKmwGFR5nX1NY3qHef6bMYX4zzGdYYYaX9wSB/224acr8Qd2nkrjnuq26IvNFjQvPqm FuRE78Yucll9MI8ue82YmVw94U+O7tqQ5PV34xdTiJB4OR5am0DyifQc1D7v5/qmakcP UpA7nPEtZOrxdpQFfu9jfS5/0pOLRFoDtCqjOetRp6DxMIZi5JtYNWv4fb1neBuyOtCk IwJsoZG96NLrLW3pHTU9do0Le3EhOu7+sP5eF4Uob99NrkYOfjnXH8jupQ7mQQb3VTdE 96Dw== X-Received: by 10.28.132.74 with SMTP id g71mr23614795wmd.100.1452252710687; Fri, 08 Jan 2016 03:31:50 -0800 (PST) Received: from [192.168.0.9] (97e66ed4.skybroadband.com. [151.230.110.212]) by smtp.gmail.com with ESMTPSA id s2sm50345849wjs.43.2016.01.08.03.31.49 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 08 Jan 2016 03:31:49 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Thu, 7 Jan 2016 18:25:30 +0000 Message-Id: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============0532690011059357030==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============0532690011059357030== Content-Type: multipart/alternative; boundary="Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940" --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset=us-ascii Hi folks, I just saw this. Given that there were some technical comments, does it = make sense for Tamas to incorporate these and I and then I and Sarah can = have a look to make it more punchy? Lars > On 4 Jan 2016, at 20:39, Lengyel, Tamas > wrote: >=20 >=20 > > >> This is definitely not a very detailed analysis of what's = happening, but > > >> I would think that the latter process takes at least as much time = as the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it = turns > > out, neither of us believes. > > >=20 > Right, what I meant there is execution tracing with EPT is not optimal = because of the extra overhead of the unrelated instruction fetch = violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at = specific points instead of the whole page). It only applies for = excecution tracing, but in my use-case that had been the major goal and = thus the main source of overhead. Here I highlight that this lighter = monitoring can still be used on multi-vCPU systems safely with altp2m by = doing the shadow copy/remapping method. I can try to rework this part a = bit to avoid the confusion. >=20 > Cheers, > Tamas >=20 > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940 Content-Transfer-Encoding: 7bit Content-Type: text/html; charset=us-ascii Hi folks,
I just saw this. Given that there were some technical comments, does it make sense for Tamas to incorporate these and I and then I and Sarah can have a look to make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas <tlengyel@novetta.com> wrote:


> >> This is definitely not a very detailed analysis of what's happening, but
> >> I would think that the latter process takes at least as much time as the
> >> former. In other words, I don't see how the altp2m case improves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this solution
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean that the
> significant performance overhead you're talking about applies to the
> emulation case, as opposed to the better altp2m way - which, as it turns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with EPT is not optimal because of the extra overhead of the unrelated instruction fetch violations on the page. The performance gain is achieved with the breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at specific points instead of the whole page). It only applies for excecution tracing, but in my use-case that had been the major goal and thus the main source of overhead. Here I highlight that this lighter monitoring can still be used on multi-vCPU systems safely with altp2m by doing the shadow copy/remapping method. I can try to rework this part a bit  to avoid the confusion.

Cheers,
Tamas

_______________________________________________
Publicity mailing list
Publicity@lists.xenproject.org
http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity

--Apple-Mail=_42ABB47A-FC64-439C-959C-1F37C2A28940-- --===============0532690011059357030== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============0532690011059357030==-- From publicity-bounces@lists.xenproject.org Tue Jan 12 01:05:01 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Tue, 12 Jan 2016 01:05:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aInOO-0004SO-8Q; Tue, 12 Jan 2016 01:05:00 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aInOM-0004SJ-MM for publicity@lists.xenproject.org; Tue, 12 Jan 2016 01:04:58 +0000 Received: from [193.109.254.147] by server-9.bemta-14.messagelabs.com id B2/A0-13475-A3154965; Tue, 12 Jan 2016 01:04:58 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-14.tower-27.messagelabs.com!1452560695!16099171!1 X-Originating-IP: [209.85.213.46] X-SpamReason: No, hits=0.4 required=7.0 tests=HTML_30_40,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 20547 invoked from network); 12 Jan 2016 01:04:56 -0000 Received: from mail-vk0-f46.google.com (HELO mail-vk0-f46.google.com) (209.85.213.46) by server-14.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Jan 2016 01:04:56 -0000 Received: by mail-vk0-f46.google.com with SMTP id a123so203838538vkh.1 for ; Mon, 11 Jan 2016 17:04:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=1/Oy9zrqh9CF5glRlH1EOH6vDYWj5VLX0971dxsiAvI=; b=MkTbuSq5VacJUA6pqjtF2zKUKgdZ/BVJfIoR27+fnwpvRpCyINy/O0ajJpkaFUFOoK QdibVhs+UGL6zBtbrzyySQGmUKOKlJ5OlPpaHch1T5sUd0zbX4no23Q5xYJaonz1Idfc sEMnTr+p/nJOKX/z292EeecPSVMT3TIA0RiTzAEdXpOMn2l0bwittWw0TQQ4ujS0dsdA nh/N7K8WOJcmLNctnvxFMUwaBzhL/OLGDAZMkTAqphWO6QQNZrUPD5o3kVWE8GFZ93Rj a7N2mvUV0ZR17Y9GxCWCNGM1Gfac/Q9cZ8OahOLptzWt5EvyDIotR+Zef936BdtdZu8F 9+DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=1/Oy9zrqh9CF5glRlH1EOH6vDYWj5VLX0971dxsiAvI=; b=G00Iw4ar/ZNsfnTWb7Xdj9uB121UKPEehU6eLrfwUJ2VjYMrtIDxV9JeLb221jDFQX VkVI0ANp1XtTuWVGXhYwgxFNeZSr50gwBJ4m8yaA+re7hG79q4EAXcxLsVJCS8t6wBe/ i36ksgWrjyzvSzdvgRBCbckuQ6eEd90daTs2+2L1xLj6qFeqPyQSsPBjv/rVjd2+Gu5e TlSe8uUbXCIA+rnpbkyymmayxG7gWDoIBsDvUcjHeCxTht51ge5Ylo9mWcKIkHiLv3Ka ZXQB58YTWt3XtPmfLW89W08GfSbpGHC7qkn3gMQivM/cpw6Jdap5Dev748i+k90+PBwS q+ug== X-Gm-Message-State: ALoCoQnpfxV42/QOfLgzYlpNRaEdFqjEb2d6rrGk9x2pG6PR2gKbwknUnn5riTrOYWnrgXbQ7q+R1e/rfhJdodxDvlWEFIEBrPStwOMQPMgwJvKD4Kqm7ec= X-Received: by 10.31.49.207 with SMTP id x198mr56911341vkx.1.1452560695209; Mon, 11 Jan 2016 17:04:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 11 Jan 2016 17:04:35 -0800 (PST) In-Reply-To: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> From: "Lengyel, Tamas" Date: Mon, 11 Jan 2016 18:04:35 -0700 Message-ID: To: Lars Kurth Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1675225600516819873==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1675225600516819873== Content-Type: multipart/alternative; boundary=001a11430efe40c6b0052918a48e --001a11430efe40c6b0052918a48e Content-Type: text/plain; charset=UTF-8 Hi Lars, if you think this would be an appropriate post for the Xen blog I would be happy to make another round of editing to address Razvan's comments. Just let me know! Thanks, Tamas On Thu, Jan 7, 2016 at 11:25 AM, Lars Kurth wrote: > Hi folks, > I just saw this. Given that there were some technical comments, does it > make sense for Tamas to incorporate these and I and then I and Sarah can > have a look to make it more punchy? > Lars > > On 4 Jan 2016, at 20:39, Lengyel, Tamas wrote: > > > > >> This is definitely not a very detailed analysis of what's happening, > but > > >> I would think that the latter process takes at least as much time as > the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it turns > > out, neither of us believes. > > > > Right, what I meant there is execution tracing with EPT is not optimal > because of the extra overhead of the unrelated instruction fetch violations > on the page. The performance gain is achieved with the breakpoint trick in > DRAKVUF, not specific to altp2m (only triggers at specific points instead > of the whole page). It only applies for excecution tracing, but in my > use-case that had been the major goal and thus the main source of overhead. > Here I highlight that this lighter monitoring can still be used on > multi-vCPU systems safely with altp2m by doing the shadow copy/remapping > method. I can try to rework this part a bit to avoid the confusion. > > Cheers, > Tamas > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity > > > --001a11430efe40c6b0052918a48e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Lars,
if you think this wo= uld be an appropriate post for the Xen blog I would be happy to make anothe= r round of editing to address Razvan's comments. Just let me know!
<= /div>

Thanks,
Tamas
=
On Thu, Jan 7, 2016 at 11:25 AM, Lars Kurth = <lars.kurth.xen@gmail.com> wrote:
Hi folks,
I just saw= this. Given that there were some technical comments, does it make sense fo= r Tamas to incorporate these and I and then I and Sarah can have a look to = make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas &= lt;tlengyel@novet= ta.com> wrote:


> >> This is definitely not a very detailed analysis of what's= happening, but
> >> I would think that the latter process takes at least as much = time as the
> >> former. In other words, I don't see how the altp2m case i= mproves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this soluti= on
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean tha= t the
> significant performance overhead you're talking about applies to t= he
> emulation case, as opposed to the better altp2m way - which, as it tur= ns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with = EPT is not optimal because of the extra overhead of the unrelated instructi= on fetch violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at speci= fic points instead of the whole page). It only applies for excecution traci= ng, but in my use-case that had been the major goal and thus the main sourc= e of overhead. Here I highlight that this lighter monitoring can still be u= sed on multi-vCPU systems safely with altp2m by doing the shadow copy/remap= ping method. I can try to rework this part a bit=C2=A0 to avoid the confusi= on.

Cheers,
Tamas

_______________________________________________
Publicity mailing listPubli= city@lists.xenproject.org
http://lists.xenproject.= org/cgi-bin/mailman/listinfo/publicity

=

--001a11430efe40c6b0052918a48e-- --===============1675225600516819873== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1675225600516819873==-- From publicity-bounces@lists.xenproject.org Tue Jan 12 01:05:01 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Tue, 12 Jan 2016 01:05:01 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aInOO-0004SO-8Q; Tue, 12 Jan 2016 01:05:00 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aInOM-0004SJ-MM for publicity@lists.xenproject.org; Tue, 12 Jan 2016 01:04:58 +0000 Received: from [193.109.254.147] by server-9.bemta-14.messagelabs.com id B2/A0-13475-A3154965; Tue, 12 Jan 2016 01:04:58 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-14.tower-27.messagelabs.com!1452560695!16099171!1 X-Originating-IP: [209.85.213.46] X-SpamReason: No, hits=0.4 required=7.0 tests=HTML_30_40,HTML_MESSAGE, RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 20547 invoked from network); 12 Jan 2016 01:04:56 -0000 Received: from mail-vk0-f46.google.com (HELO mail-vk0-f46.google.com) (209.85.213.46) by server-14.tower-27.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 12 Jan 2016 01:04:56 -0000 Received: by mail-vk0-f46.google.com with SMTP id a123so203838538vkh.1 for ; Mon, 11 Jan 2016 17:04:56 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=1/Oy9zrqh9CF5glRlH1EOH6vDYWj5VLX0971dxsiAvI=; b=MkTbuSq5VacJUA6pqjtF2zKUKgdZ/BVJfIoR27+fnwpvRpCyINy/O0ajJpkaFUFOoK QdibVhs+UGL6zBtbrzyySQGmUKOKlJ5OlPpaHch1T5sUd0zbX4no23Q5xYJaonz1Idfc sEMnTr+p/nJOKX/z292EeecPSVMT3TIA0RiTzAEdXpOMn2l0bwittWw0TQQ4ujS0dsdA nh/N7K8WOJcmLNctnvxFMUwaBzhL/OLGDAZMkTAqphWO6QQNZrUPD5o3kVWE8GFZ93Rj a7N2mvUV0ZR17Y9GxCWCNGM1Gfac/Q9cZ8OahOLptzWt5EvyDIotR+Zef936BdtdZu8F 9+DQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=1/Oy9zrqh9CF5glRlH1EOH6vDYWj5VLX0971dxsiAvI=; b=G00Iw4ar/ZNsfnTWb7Xdj9uB121UKPEehU6eLrfwUJ2VjYMrtIDxV9JeLb221jDFQX VkVI0ANp1XtTuWVGXhYwgxFNeZSr50gwBJ4m8yaA+re7hG79q4EAXcxLsVJCS8t6wBe/ i36ksgWrjyzvSzdvgRBCbckuQ6eEd90daTs2+2L1xLj6qFeqPyQSsPBjv/rVjd2+Gu5e TlSe8uUbXCIA+rnpbkyymmayxG7gWDoIBsDvUcjHeCxTht51ge5Ylo9mWcKIkHiLv3Ka ZXQB58YTWt3XtPmfLW89W08GfSbpGHC7qkn3gMQivM/cpw6Jdap5Dev748i+k90+PBwS q+ug== X-Gm-Message-State: ALoCoQnpfxV42/QOfLgzYlpNRaEdFqjEb2d6rrGk9x2pG6PR2gKbwknUnn5riTrOYWnrgXbQ7q+R1e/rfhJdodxDvlWEFIEBrPStwOMQPMgwJvKD4Kqm7ec= X-Received: by 10.31.49.207 with SMTP id x198mr56911341vkx.1.1452560695209; Mon, 11 Jan 2016 17:04:55 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 11 Jan 2016 17:04:35 -0800 (PST) In-Reply-To: <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> From: "Lengyel, Tamas" Date: Mon, 11 Jan 2016 18:04:35 -0700 Message-ID: To: Lars Kurth Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============1675225600516819873==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============1675225600516819873== Content-Type: multipart/alternative; boundary=001a11430efe40c6b0052918a48e --001a11430efe40c6b0052918a48e Content-Type: text/plain; charset=UTF-8 Hi Lars, if you think this would be an appropriate post for the Xen blog I would be happy to make another round of editing to address Razvan's comments. Just let me know! Thanks, Tamas On Thu, Jan 7, 2016 at 11:25 AM, Lars Kurth wrote: > Hi folks, > I just saw this. Given that there were some technical comments, does it > make sense for Tamas to incorporate these and I and then I and Sarah can > have a look to make it more punchy? > Lars > > On 4 Jan 2016, at 20:39, Lengyel, Tamas wrote: > > > > >> This is definitely not a very detailed analysis of what's happening, > but > > >> I would think that the latter process takes at least as much time as > the > > >> former. In other words, I don't see how the altp2m case improves > > >> performance. > > > > > > I don't think it does either. > > > > But then I have misread your statement that "However, this solution > > (while supported) is not particularly ideal as it still creates > > significant performance overhead." - I've read it to mean that the > > significant performance overhead you're talking about applies to the > > emulation case, as opposed to the better altp2m way - which, as it turns > > out, neither of us believes. > > > > Right, what I meant there is execution tracing with EPT is not optimal > because of the extra overhead of the unrelated instruction fetch violations > on the page. The performance gain is achieved with the breakpoint trick in > DRAKVUF, not specific to altp2m (only triggers at specific points instead > of the whole page). It only applies for excecution tracing, but in my > use-case that had been the major goal and thus the main source of overhead. > Here I highlight that this lighter monitoring can still be used on > multi-vCPU systems safely with altp2m by doing the shadow copy/remapping > method. I can try to rework this part a bit to avoid the confusion. > > Cheers, > Tamas > _______________________________________________ > Publicity mailing list > Publicity@lists.xenproject.org > http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity > > > --001a11430efe40c6b0052918a48e Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi Lars,
if you think this wo= uld be an appropriate post for the Xen blog I would be happy to make anothe= r round of editing to address Razvan's comments. Just let me know!
<= /div>

Thanks,
Tamas
=
On Thu, Jan 7, 2016 at 11:25 AM, Lars Kurth = <lars.kurth.xen@gmail.com> wrote:
Hi folks,
I just saw= this. Given that there were some technical comments, does it make sense fo= r Tamas to incorporate these and I and then I and Sarah can have a look to = make it more punchy?
Lars

On 4 Jan 2016, at 20:39, Lengyel, Tamas &= lt;tlengyel@novet= ta.com> wrote:


> >> This is definitely not a very detailed analysis of what's= happening, but
> >> I would think that the latter process takes at least as much = time as the
> >> former. In other words, I don't see how the altp2m case i= mproves
> >> performance.
> >
> > I don't think it does either.
>
> But then I have misread your statement that "However, this soluti= on
> (while supported) is not particularly ideal as it still creates
> significant performance overhead." - I've read it to mean tha= t the
> significant performance overhead you're talking about applies to t= he
> emulation case, as opposed to the better altp2m way - which, as it tur= ns
> out, neither of us believes.
>

Right, what I meant there is execution tracing with = EPT is not optimal because of the extra overhead of the unrelated instructi= on fetch violations on the page. The performance gain is achieved with the = breakpoint trick in DRAKVUF, not specific to altp2m (only triggers at speci= fic points instead of the whole page). It only applies for excecution traci= ng, but in my use-case that had been the major goal and thus the main sourc= e of overhead. Here I highlight that this lighter monitoring can still be u= sed on multi-vCPU systems safely with altp2m by doing the shadow copy/remap= ping method. I can try to rework this part a bit=C2=A0 to avoid the confusi= on.

Cheers,
Tamas

_______________________________________________
Publicity mailing listPubli= city@lists.xenproject.org
http://lists.xenproject.= org/cgi-bin/mailman/listinfo/publicity

=

--001a11430efe40c6b0052918a48e-- --===============1675225600516819873== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============1675225600516819873==-- From publicity-bounces@lists.xenproject.org Fri Jan 22 23:13:50 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Fri, 22 Jan 2016 23:13:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aMktq-0002sg-CI; Fri, 22 Jan 2016 23:13:50 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aMktp-0002sb-Rz for publicity@lists.xenproject.org; Fri, 22 Jan 2016 23:13:49 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 5D/95-02940-DA7B2A65; Fri, 22 Jan 2016 23:13:49 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1453504426!17613769!1 X-Originating-IP: [209.85.192.176] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 39122 invoked from network); 22 Jan 2016 23:13:48 -0000 Received: from mail-pf0-f176.google.com (HELO mail-pf0-f176.google.com) (209.85.192.176) by server-2.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 22 Jan 2016 23:13:48 -0000 Received: by mail-pf0-f176.google.com with SMTP id q63so50733190pfb.1 for ; Fri, 22 Jan 2016 15:13:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4a6mETRis2K8EiTokk5T5CN8+be6Gj/FigqHgq2fS74=; b=Cp54SrT3aXfVgWwGBpmCvcMmFB1DROmrz67nPcC5tUvetPdk5Gj0ONPedgwvrZKRXp GEv/xVXT/coUqU2vbCfyHD+dmJ+eRONzdvandRHGgIo6DwxHU8deKAVBNfHDO9FztqxK SHD+qBAJGoj3qSlFJXeZqwuB0ImzFmyTnzeQWdJO+wyQ8OpVF5R4fLO2RrbUFv1lmC2f eedw8+WWaePRVWqtGdQOQFzZLex9VatdDgNgky8HwuV+dlOKPpWYHDBccGlLMY+2rZK2 hfDnANi6Z2EfX8ObEeC8HGrRByJ2H0caVvkFl6E+G1kuje8scMHmQRXI8boItnPjkR1g jB4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=4a6mETRis2K8EiTokk5T5CN8+be6Gj/FigqHgq2fS74=; b=avpfdhKxXzcA0OR+963ukGRgVD5ucgNEbdPhw2Nd9PrSj5+XcdcSBpYd+gxe3m4o+s w1Dv4uHmQsw/8adNG2O+QbHu1KqOT7RnOlIKb1b29zEpxmrHFZNfdnR+6Y7nWjBYi9oy Y5OMrSSgFP5y3F1F9mJKesYi195O4LCxwdXwu4dQJVF9x3qzc9HiBhDwPo0W49alK/Bi MeLLGLSdmsMvRHwbyacir9aN8VKdKoLPlFZIG3WXF3yZsPkhxG7Drfe8mAIUZdy7KgVe QPeTI6p3SLlUqxsUQGFg/0QgK7uB2U/WAM6Kkc2TYOkLx68tQfvCSB+m1Cd701rj7pWb aNWQ== X-Gm-Message-State: AG10YOTj+HSkTd2Cx1EwR7+aHcT8KRm7VfEmLorEtOqTQPQHtuhxh7g5jqnZvka2NnCsiw== X-Received: by 10.98.71.3 with SMTP id u3mr8147506pfa.111.1453504426546; Fri, 22 Jan 2016 15:13:46 -0800 (PST) Received: from dynamic-ipv6-expo.socallinuxexpo.org ([2607:ff38:3:811b:4d6d:24ec:53e5:c734]) by smtp.gmail.com with ESMTPSA id fc8sm12041422pab.21.2016.01.22.15.13.45 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jan 2016 15:13:45 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Fri, 22 Jan 2016 15:13:45 -0800 Message-Id: <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org > On 11 Jan 2016, at 17:04, Lengyel, Tamas wrote: > > Hi Lars, > if you think this would be an appropriate post for the Xen blog I would be happy to make another round of editing to address Razvan's comments. Just let me know! It would be Lars _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Fri Jan 22 23:13:50 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Fri, 22 Jan 2016 23:13:50 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aMktq-0002sg-CI; Fri, 22 Jan 2016 23:13:50 +0000 Received: from mail6.bemta3.messagelabs.com ([195.245.230.39]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aMktp-0002sb-Rz for publicity@lists.xenproject.org; Fri, 22 Jan 2016 23:13:49 +0000 Received: from [85.158.137.68] by server-17.bemta-3.messagelabs.com id 5D/95-02940-DA7B2A65; Fri, 22 Jan 2016 23:13:49 +0000 X-Env-Sender: lars.kurth.xen@gmail.com X-Msg-Ref: server-2.tower-31.messagelabs.com!1453504426!17613769!1 X-Originating-IP: [209.85.192.176] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 39122 invoked from network); 22 Jan 2016 23:13:48 -0000 Received: from mail-pf0-f176.google.com (HELO mail-pf0-f176.google.com) (209.85.192.176) by server-2.tower-31.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 22 Jan 2016 23:13:48 -0000 Received: by mail-pf0-f176.google.com with SMTP id q63so50733190pfb.1 for ; Fri, 22 Jan 2016 15:13:47 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=4a6mETRis2K8EiTokk5T5CN8+be6Gj/FigqHgq2fS74=; b=Cp54SrT3aXfVgWwGBpmCvcMmFB1DROmrz67nPcC5tUvetPdk5Gj0ONPedgwvrZKRXp GEv/xVXT/coUqU2vbCfyHD+dmJ+eRONzdvandRHGgIo6DwxHU8deKAVBNfHDO9FztqxK SHD+qBAJGoj3qSlFJXeZqwuB0ImzFmyTnzeQWdJO+wyQ8OpVF5R4fLO2RrbUFv1lmC2f eedw8+WWaePRVWqtGdQOQFzZLex9VatdDgNgky8HwuV+dlOKPpWYHDBccGlLMY+2rZK2 hfDnANi6Z2EfX8ObEeC8HGrRByJ2H0caVvkFl6E+G1kuje8scMHmQRXI8boItnPjkR1g jB4A== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:content-type:mime-version:subject:from :in-reply-to:date:cc:content-transfer-encoding:message-id:references :to; bh=4a6mETRis2K8EiTokk5T5CN8+be6Gj/FigqHgq2fS74=; b=avpfdhKxXzcA0OR+963ukGRgVD5ucgNEbdPhw2Nd9PrSj5+XcdcSBpYd+gxe3m4o+s w1Dv4uHmQsw/8adNG2O+QbHu1KqOT7RnOlIKb1b29zEpxmrHFZNfdnR+6Y7nWjBYi9oy Y5OMrSSgFP5y3F1F9mJKesYi195O4LCxwdXwu4dQJVF9x3qzc9HiBhDwPo0W49alK/Bi MeLLGLSdmsMvRHwbyacir9aN8VKdKoLPlFZIG3WXF3yZsPkhxG7Drfe8mAIUZdy7KgVe QPeTI6p3SLlUqxsUQGFg/0QgK7uB2U/WAM6Kkc2TYOkLx68tQfvCSB+m1Cd701rj7pWb aNWQ== X-Gm-Message-State: AG10YOTj+HSkTd2Cx1EwR7+aHcT8KRm7VfEmLorEtOqTQPQHtuhxh7g5jqnZvka2NnCsiw== X-Received: by 10.98.71.3 with SMTP id u3mr8147506pfa.111.1453504426546; Fri, 22 Jan 2016 15:13:46 -0800 (PST) Received: from dynamic-ipv6-expo.socallinuxexpo.org ([2607:ff38:3:811b:4d6d:24ec:53e5:c734]) by smtp.gmail.com with ESMTPSA id fc8sm12041422pab.21.2016.01.22.15.13.45 (version=TLSv1/SSLv3 cipher=OTHER); Fri, 22 Jan 2016 15:13:45 -0800 (PST) Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2104\)) From: Lars Kurth In-Reply-To: Date: Fri, 22 Jan 2016 15:13:45 -0800 Message-Id: <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> To: "Lengyel, Tamas" X-Mailer: Apple Mail (2.2104) Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org > On 11 Jan 2016, at 17:04, Lengyel, Tamas wrote: > > Hi Lars, > if you think this would be an appropriate post for the Xen blog I would be happy to make another round of editing to address Razvan's comments. Just let me know! It would be Lars _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 25 20:52:24 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 20:52:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNo7a-0007jq-Hg; Mon, 25 Jan 2016 20:52:22 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNo7Y-0007jV-J3 for publicity@lists.xenproject.org; Mon, 25 Jan 2016 20:52:21 +0000 Received: from [85.158.139.211] by server-4.bemta-5.messagelabs.com id BD/CC-12635-30B86A65; Mon, 25 Jan 2016 20:52:19 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-14.tower-206.messagelabs.com!1453755136!17722170!1 X-Originating-IP: [209.85.213.45] X-SpamReason: No, hits=2.0 required=7.0 tests=BODY_RANDOM_LONG, HTML_00_10,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 50679 invoked from network); 25 Jan 2016 20:52:17 -0000 Received: from mail-vk0-f45.google.com (HELO mail-vk0-f45.google.com) (209.85.213.45) by server-14.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 25 Jan 2016 20:52:17 -0000 Received: by mail-vk0-f45.google.com with SMTP id n1so80775840vkb.3 for ; Mon, 25 Jan 2016 12:52:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=m6Fu9bhRr6s8QCoSF8rkPjMBJqUkx4bns46oby0G0No=; b=MlwuidLB2t8uhI9JMSccMWD1bPKnbhW+yqOMyGnVVB6w/OLIHfDxA5AQjmyU1vmuN1 AobmKoObeFyDHFIqKayRBTCuoz/ZpXf5vcY62RS9mDDK+G/i9OQd8daEuydme/zUbOPB tvwFXzy6Kx6g0rwSyWSoSGKzJfuqCDguM27kVFiPDbDkZXBVVj4pZQmGY+nbECHS+JX5 1x4eyuTfqeWIjDGtbTNApmFFZfhGnlvzCLuIXXgB24eigzzs6XhlUuVGuRWHs+erRqPr UYUcVepFlLHbmxJmF65am+O1hta4DYEZTazdh5yyZpqCxUduKPkzaRfnSg/UlukLMcHC NFdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=m6Fu9bhRr6s8QCoSF8rkPjMBJqUkx4bns46oby0G0No=; b=EVDDX2thXtn5KkqprJmgDAokSG0eaH/DtuvWkvIGmvC6PI5yf4+1FhABhYibPU1Zdl 5BeZyHQyxduGXpx6Ey9AaBYQqOeLS2LbW3bT4IP+AEo5oxwLiGHqNpdjmaBGTF1393yO FDQGVkKsfI3JSDDZEId6YwgTNhmNzwc5IW/tbPiB64PmBGqfw+fHpJawwheeXa/KsZIe hhASgG8F/6A/cv9Y7wp02O/Mw20W5TG4OuXHdJKLO9Oi7aDrBB6CksYQCnbn2Z6fH8yy 2Gs10XBiX5vjSPQcYWoefgQxZZ+MJrzJ8uTcLjDMewTWfQFvwdYAOm0R97esgFWyjEDW 2J6w== X-Gm-Message-State: AG10YOTuVy7VtzaOu3DLvQKJfhHxfjfM5YnYEBsirU/GKfSnkbbYPWhXhI2K7FI4y8pfIk9PhR0BqgbjXVWHszsq X-Received: by 10.31.54.134 with SMTP id d128mr10701686vka.26.1453755135848; Mon, 25 Jan 2016 12:52:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 25 Jan 2016 12:51:56 -0800 (PST) In-Reply-To: <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> From: "Lengyel, Tamas" Date: Mon, 25 Jan 2016 13:51:56 -0700 Message-ID: To: Lars Kurth Content-Type: multipart/mixed; boundary=001a11438ee87740cc052a2ebe73 Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --001a11438ee87740cc052a2ebe73 Content-Type: multipart/alternative; boundary=001a11438ee87740c7052a2ebe71 --001a11438ee87740c7052a2ebe71 Content-Type: text/plain; charset=UTF-8 Hi all, here is an updated version. Also, a couple pictures that could be used as illustrations. Feel free to punch it up as needed ;) Tamas Stealthy monitoring with Xen altp2m One of the core features that differentiates Xen from other open-source hypervisors is its native support for stealthy and secure monitoring of guest internals (aka. virtual machine introspection [1]). In the latest release of Xen last summer several new features have been introduced that make this subsystem better; a cleaned-up, optimized API and ARM support being just some of the biggest items on this list. As part of this release of Xen, a new and unique feature was also successfully added by a team from Intel that make stealthy monitoring even better on Xen: altp2m. In this blog entry we will take a look at what it's all about. In Xen's terminology, p2m stands for the memory management layer that handles the translation from guest [p]hysical memory to [m]achine physical. This translation is critical for safely partitioning the real memory of machine between Xen and the various VMs running as to ensure a VM can't simply access the memory of another. There are several implementations of this, including one with hardware support via Intel Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging (hap) in Xen's terminology. In this implementation the hypervisor maintains a second pagetable, similar to the one in 64-bit operating systems use, dedicated to running the p2m translation. All (open-source) hypervisors that use this hardware assisted paging method use a single EPT per virtual machine to handle this translation, as most of the time the memory of the guest is assigned at VM creation an doesn't change much afterwards. Xen altp2m is the first implementation which changes this setup by allowing Xen to create more then one EPT for each guest. Interestingly, the Intel hardware has been capable of maintaining up to 512 EPT pointers in the VMCS since the first introduction of EPT; however, noone made use of this capability until now. This changed in Xen 4.6, where we can now create of up to 10 EPTs per guest. The primary reason for this extension is of course the new #VE and VMFUNC extensions that were released in the Skylake generation of CPUs (which is worth a whole blog-entry on its own), but it can also be used by external monitoring applications via the Xen vm_event system. Why this feature is a game-changer for applications performing purely external monitoring is because it simplifies the monitoring process of multi-vCPU guests. The EPT layer has been successfully used in stealthy monitoring applications to track the memory accesses made by the VM from a safe vantage point by restricting the type of access the VM may perform on various memory pages. Since EPT permission violations trap into the hypervisor, the VM would receive no indication that anything out of the ordinary has happened. While the method allowed for stealthy tracing of R/W/X memory accesses of the guest, the memory permission needs to be relaxed in order to allow the guest to continue execution. When a single EPT is shared across multiple running vCPUs, relaxing the permissions to allow one vCPU to continue may inadvertantly allow another one to perform the memory access we would otherwise want to track. While under normal circumstances such race-condition may rarely occur, malicious code could easily use this to hide some of its actions from a monitoring application. Solutions to this problem exist already. For example we can pause all vCPUs while the one violating the access is singlestepped. This approach however introduces heavy overhead just to avoid a race-condition that may rarely occur in practice. Alternatively, one could emulate the instruction that was violating the EPT permission without relaxing the EPT access permissions, as Xen's built-in emulator doesn't use EPT to access the guest memory. This solution, while supported in Xen, is not particularly ideal either as Xen's emulator is incomplete and is known to have issues that can lead to guest instability [2]. Furthermore, over the years emulation has been a hotbed of various security issues in many hypervisors (including Xen [3]), thus building security tools based on emulation is simply asking for trouble. It can be handy but should be used only when no other option is available. Xen's altp2m system changes this problem quite significantly. By having multiple EPTs we can have differing access permissions defined in each table, which can be easily swapped around by changing the active EPT index in the VMCS. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue. Afterwards the permissive view can be switched back to the restriced view to continue monitoring. Since each vCPU has its own VMCS where this switching is performed, this monitoring can be performed specific to each vCPU, without having to pause any of the other ones, or having to emulate the access. All without the guest noticing any of this switching at all. A truly simple and elegant solution. Of course, EPT based monitoring is not the only introspecting technique used for stealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analysis [4] uses it in combination with an additional technique to maximum effect. The main motivation for that is because EPT based monitoring is known to introduce significant overhead, even with altp2m: the granularity of the monitoring is that of a memory page (4KB). If the monitoring application is really just interested, for example, when a function-entry point is called, EPT based monitoring creates a lot of "false" events when that page is accessed for the rest of the function's code. Fortunately, this can be avoided by enabling the trapping of debug instructions into the hypervisor, a built-in feature of Intel CPUs that Xen exposes to third-party applications. This method is used in DRAKVUF, which writes breakpoint instructions into the guests' memory at code-locations of interest. Since we will only get an event for precisely the code-location we are interested in this method effectively reduces the overhead. However, the trade-off is that unlike EPT permissions the breakpoints are now visible to the guest. Thus, to hide the presence of the breakpoints from the guest, these pages need to get further protected by restricting the pages to be execute-only in the EPT. This allows DRAKVUF to remove the breakpoints before in-guest code-integrity checking mechanisms (like Windows Patchguard) can access the page. While with altp2m the EPT permissions can be safely used with multi-vCPU systems, using breakpoints similarly presents a race-condition: the breakpoint hit by one vCPU has to be removed to allow the guest to execute the instruction that was originally overwritten, potentially allowing another vCPU to do so as well without notice. Fortunately, altp2m has another neat feature that can be used to solve this problem. Beside allowing for changing the memory permissions in the different altp2m views, it also allows to change the mapping itself! The same guest physical memory can be setup to be backed by different pages in the different views. With this feature we can really thing of guest physical memory as "virtual": where it is mapped really depends on which view the vCPU is running on. Using this feature allows us to hide the presence of the breakpoints in a brand new way. To do this, first we create a complete shadow copy of the memory page where a breakpoint is going to be written and only write the breakpoint into this shadow copy. Now, using altp2m, we setup a view where the guest physical memory of the page gets mapped to our shadow copy. The guest continues to access its physical memory as before, but underneath it is now using the trapped shadow copy. When the breakpoint is hit, or if something is trying to scan the code, we simply switch the view to the un-altered view for the duration of a singlestep, then switch back to the trapped view. This allows us to hide the presence of the breakpoints specific to each vCPU! All without having pause any of the other vCPUs or having to emulate. The first open-source implementation of this tracing has been already merged into the DRAKVUF Malware Analysis System and is available as a reference implementation for those interested in more details. As we can see, Xen continues to be on the forefront of advancing the development of virtualization based security application and allowing third-party tools to create some very exotic setups. This flexibility is what's so great about Xen and why it will continue to be a trend-setter for the foreseeable future. [1] http://wiki.xenproject.org/wiki/Virtual_Machine_Introspection [2] http://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.html [3] https://blog.xenproject.org/2015/05/14/hardening-hypervisors-against-venom-style-attacks/ [4] http://drakvuf.com --001a11438ee87740c7052a2ebe71 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,
here is an updated version. Als= o, a couple pictures that could be used as illustrations. Feel free to punc= h it up as needed ;)

Tamas

Stealthy mon= itoring with Xen altp2m

One of the core features that differentiates= Xen from other open-source hypervisors is its native support for stealthy = and secure monitoring of guest internals (aka. virtual machine introspectio= n [1]). In the latest release of Xen last summer several new features have = been introduced that make this subsystem better; a cleaned-up, optimized AP= I and ARM support being just some of the biggest items on this list. As par= t of this release of Xen, a new and unique feature was also successfully ad= ded by a team from Intel that make stealthy monitoring even better on Xen: = altp2m. In this blog entry we will take a look at what it's all about.<= br>
In Xen's terminology, p2m stands for the memory management layer= that handles the translation from guest [p]hysical memory to [m]achine phy= sical. This translation is critical for safely partitioning the real memory= of machine between Xen and the various VMs running as to ensure a VM can&#= 39;t simply access the memory of another. There are several implementations= of this, including one with hardware support via Intel Extended Page Table= s (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging = (hap) in Xen's terminology. In this implementation the hypervisor maint= ains a second pagetable, similar to the one in 64-bit operating systems use= , dedicated to running the p2m translation. All (open-source) hypervisors t= hat use this hardware assisted paging method use a single EPT per virtual m= achine to handle this translation, as most of the time the memory of the gu= est is assigned at VM creation an doesn't change much afterwards.
Xen altp2m is the first implementation which changes this setup by allowi= ng Xen to create more then one EPT for each guest. Interestingly, the Intel= hardware has been capable of maintaining up to 512 EPT pointers in the VMC= S since the first introduction of EPT; however, noone made use of this capa= bility until now. This changed in Xen 4.6, where we can now create of up to= 10 EPTs per guest. The primary reason for this extension is of course the = new #VE and VMFUNC extensions that were released in the Skylake generation = of CPUs (which is worth a whole blog-entry on its own), but it can also be = used by external monitoring applications via the Xen vm_event system.
Why this feature is a game-changer for applications performing purely ext= ernal monitoring is because it simplifies the monitoring process of multi-v= CPU guests. The EPT layer has been successfully used in stealthy monitoring= applications to track the memory accesses made by the VM from a safe vanta= ge point by restricting the type of access the VM may perform on various me= mory pages. Since EPT permission violations trap into the hypervisor, the V= M would receive no indication that anything out of the ordinary has happene= d. While the method allowed for stealthy tracing of R/W/X memory accesses o= f the guest, the memory permission needs to be relaxed in order to allow th= e guest to continue execution. When a single EPT is shared across multiple = running vCPUs, relaxing the permissions to allow one vCPU to continue may i= nadvertantly allow another one to perform the memory access we would otherw= ise want to track. While under normal circumstances such race-condition may= rarely occur, malicious code could easily use this to hide some of its act= ions from a monitoring application.

Solutions to this problem exist = already. For example we can pause all vCPUs while the one violating the acc= ess is singlestepped. This approach however introduces heavy overhead just = to avoid a race-condition that may rarely occur in practice. Alternatively,= one could emulate the instruction that was violating the EPT permission wi= thout relaxing the EPT access permissions, as Xen's built-in emulator d= oesn't use EPT to access the guest memory. This solution, while support= ed in Xen, is not particularly ideal either as Xen's emulator is incomp= lete and is known to have issues that can lead to guest instability [2]. Fu= rthermore, over the years emulation has been a hotbed of various security i= ssues in many hypervisors (including Xen [3]), thus building security tools= based on emulation is simply asking for trouble. It can be handy but shoul= d be used only when no other option is available.

Xen's altp2m s= ystem changes this problem quite significantly. By having multiple EPTs we = can have differing access permissions defined in each table, which can be e= asily swapped around by changing the active EPT index in the VMCS. When the= guest makes a memory access that is monitored, instead of having to relax = the access permission, Xen can simply switch to an EPT (called a view) that= allows the operation to continue. Afterwards the permissive view can be sw= itched back to the restriced view to continue monitoring. Since each vCPU h= as its own VMCS where this switching is performed, this monitoring can be p= erformed specific to each vCPU, without having to pause any of the other on= es, or having to emulate the access. All without the guest noticing any of = this switching at all. A truly simple and elegant solution.

Of cours= e, EPT based monitoring is not the only introspecting technique used for st= ealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analy= sis [4] uses it in combination with an additional technique to maximum effe= ct. The main motivation for that is because EPT based monitoring is known t= o introduce significant overhead, even with altp2m: the granularity of the = monitoring is that of a memory page (4KB). If the monitoring application is= really just interested, for example, when a function-entry point is called= , EPT based monitoring creates a lot of "false" events when that = page is accessed for the rest of the function's code. Fortunately, this= can be avoided by enabling the trapping of debug instructions into the hyp= ervisor, a built-in feature of Intel CPUs that Xen exposes to third-party a= pplications. This method is used in DRAKVUF, which writes breakpoint instru= ctions into the guests' memory at code-locations of interest. Since we = will only get an event for precisely the code-location we are interested in= this method effectively reduces the overhead. However, the trade-off is th= at unlike EPT permissions the breakpoints are now visible to the guest. Thu= s, to hide the presence of the breakpoints from the guest, these pages need= to get further protected by restricting the pages to be execute-only in th= e EPT. This allows DRAKVUF to remove the breakpoints before in-guest code-i= ntegrity checking mechanisms (like Windows Patchguard) can access the page.= While with altp2m the EPT permissions can be safely used with multi-vCPU s= ystems, using breakpoints similarly presents a race-condition: the breakpoi= nt hit by one vCPU has to be removed to allow the guest to execute the inst= ruction that was originally overwritten, potentially allowing another vCPU = to do so as well without notice.

Fortunately, altp2m has another nea= t feature that can be used to solve this problem. Beside allowing for chang= ing the memory permissions in the different altp2m views, it also allows to= change the mapping itself! The same guest physical memory can be setup to = be backed by different pages in the different views. With this feature we c= an really thing of guest physical memory as=C2=A0 "virtual": wher= e it is mapped really depends on which view the vCPU is running on. Using t= his feature allows us to hide the presence of the breakpoints in a brand ne= w way. To do this, first=C2=A0 we create a complete shadow copy of the memo= ry page where a breakpoint is going to be written and only write the breakp= oint into this shadow copy. Now, using altp2m, we setup a view where the gu= est physical memory of the page gets mapped to our shadow copy. The guest c= ontinues to access its physical memory as before, but underneath it is now = using the trapped shadow copy. When the breakpoint is hit, or if something = is trying to scan the code, we simply switch the view to the un-altered vie= w for the duration of a singlestep, then switch back to the trapped view. T= his allows us to hide the presence of the breakpoints specific to each vCPU= ! All without having pause any of the other vCPUs or having to emulate. The= first open-source implementation of this tracing has been already merged i= nto the DRAKVUF Malware Analysis System and is available as a reference imp= lementation for those interested in more details.

As we can see, Xen= continues to be on the forefront of advancing the development of virtualiz= ation based security application and allowing third-party tools to create s= ome very exotic setups. This flexibility is what's so great about Xen a= nd why it will continue to be a trend-setter for the foreseeable future.
[1] http://wiki.xenproject.org/wiki/Virtual_Machine_Introspection[2] http://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.htm= l
[3] https://blog.xenproject.org/2015/05= /14/hardening-hypervisors-against-venom-style-attacks/
[4] http://drakvuf.com
--001a11438ee87740c7052a2ebe71-- --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="altp2m.png" Content-Disposition: attachment; filename="altp2m.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q710 iVBORw0KGgoAAAANSUhEUgAAAYcAAAHECAYAAADS0ua8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFCw6LvM5NwAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7N1/VFNXvj/8d+Sox2lq45i2sZOOYUSl03QaZ+K3OBNr MtIrVrziI17iAsd4QYgWV/GRfmVW6SJ9qku6Sh9xFRWQjuEWr+E2PsKIt3EKQxzTSxziNR3pNSre pN9mSjqmM7k1jlEC+/mDnlNiwi8FUdmvtbKUc3Z2dk6S/Tln7332BiiKoiiKoiiKooYi4P6Tl5eX QQhJHM/CUBT14BIIBK6qqqr68S4HNToEAB8YTONdGIqiHmwCgUBLA8TDgQEA7oph3rx5mD9//viW iKKoB87Fixdx6dIl0NaHhwfT/4/58+cjNTV1vMpCUdQD7NKlS+NdBGoUTRrvAlAURVH3HxocKIqi qCg0OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKQoMDRVEUFYUGB4qiKCoKDQ4URVFUFBocKIqi qCg0OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKwgydJJLD4YDP5xuLslAUdR+SSCRQKpXjXQzq HhtRcHA4HDh48OBYlYWiqPsYDRATy4iCA3fFQFeMo6iJgVvhjbYWTDwjblYC6IpxFDWR0BXeJiba IU1RFEVFocGBoiiKikKDA0VRFBWFBgeKoigqyn0dHJxOJzQazYCP1157DS6Xa7yLeV85evQo4uPj RyWvQCCAXbt2YcGCBZg8eTIEAgGmTZuGxYsXo7a2FuFweFReZzQEg0E4nc4B93u9Xmg0GmzdunXI vNatW4eVK1ciHA5j27Zt0Gg0wypDOByGw+EYdpnvRG1tLTQazaDvlaJGw30dHAKBAKxWa8wA0NnZ ibKyMixYsAAtLS3jULr7j91uh06ng8fjueu8bDYbnnnmGRQXFwMA8vPzYTAYoNPp0NnZCZ1Ox1eg 462zsxPPPPMMGhsbB0wjlUoRCARQUVEBr9c7YDqHwwGTyQSxWAyGYeB0OmG1WodVjgULFmDfvn0j Lf6IeDweWK1WBAKBMX0dirqvgwMnJSUFra2tEY8vvvgCJpMJoVAI+fn5413EcVdfX4+XXnoJwWDw rvPy+XxYvXo1gsEgzGYzzp07hz179qCkpAQHDhyA2+1Geno6LBYL9u7dOwqlvzter3fQCp+Tk5MD oO9YDaS2thYAkJeXBwA4cuQI3G73sMrR0dExrHQU9SB4IILDQDIyMqBUKuFyufjKwePxIBAIIBQK wWq1orOzM+I5wWAQNpsNVqt1yDNsl8sFq9UKh8Mx4Bmy3++H1Wod8myOOwO12+0IhUIx0/h8Pj6v kdx0pNFooNVqIZfLIZfLB0zn8XiGVYm+/fbb8Pv9KCsrw5o1a6L2syyLDz74ABKJBOXl5fx2v98f 85gGg0F4PJ6YgYs7E7bZbAMGNq65JtZnEQgE8NVXX/H/93g8A35WGRkZYFkWdXV1A76OyWSCXC5H UlJSzDR+v58/hh0dHbDb7fz76/9eQ6EQQqEQ/328ndfrjfkZBwIB/vs52HeFou6J3NzcktzcXHL8 +HEymOPHj5PhpBstra2tBADR6XQDplGr1QQAcbvdhBBCAJDCwkKSmJhIABAApL29nRBCSGlpKREK hfx2AEStVpOurq6IPNvb24lCoYhIJ5VKyenTp/k0165dI3q9njAMw6dhGIYUFhaS7u5uPt2FCxdI QkJCRF4ikYhUVlZG5KXVaiPSACBarZbcuHFjyOMkkUhIRUUF6e7u5o9HLACITCYbNK/u7m4iFAqJ RCKJeB+xnD59mj/uhBCi0+livrbRaCQAiNFo5Ld1dXWRtLS0qONSXl4e8VyLxUIkEklEOolEQpqa mgghhBgMhqjj1r9Mt+OO8/nz56P2NTQ0EACkrKyM33b78dTpdEQmk5GysjL+9WQyWVQZWltb+e+v wWCIei2ZTEbUajX/97Vr14hOp4v4PnHHpKGhgU/Hvd/W1tYB3+NoGu5vnkuXm5tbMvo1FDUeHugr B5/PB4fDAZFIBKlUym+vqamBUCiEwWCAXq+HUqnErl27UFRUBLVajfb2drjdblRUVMDhcECj0fBn rT6fDy+99BJ8Ph/MZjPcbjeam5sRDoexcuVK/mxv48aNqKysRGFhIS5cuIALFy6goKAAZWVleO21 1/iycO3yra2tcLvdaG9vR0JCAvR6Pd8M8fbbb8NkMqGiogJutxuXL1+GXq+HyWTCu+++O+RxcLvd eOWVV8Awg9/wLpPJIo5TLE6nE8FgEGq1esj8VCoVZDLZkOW7XTgcxvLly9HU1ISysjK43W6cP38e KSkpKCgowPvvvw+g7yxcq9VCJpPxn1lzczNYlkVWVhaCwSA2bNjAX73odDq0trZCIpEM+NqDNS0Z jUawLIsNGzYMWn6/34+dO3eioKAAhYWFKCsrQ2trK4DvmkAVCsWIjsnWrVthNBpRXFyMy5cvw+12 81c4Op2OXkFQ99wdTZ9xr3V2dvJtwRyPxwOj0YhgMIjS0tKIiiwUCuHjjz+GSCQC0FfJ7Ny5E3K5 HMeOHePTvvLKK2BZFjk5Odi3bx927NiBffv2IRAIoLm5GUuXLgXQV6kajUakpqaipaUFc+bMgdls hl6vx+7du/nXfeedd+DxeFBRUYHt27eDZVl0dnZCr9dDrVbzeR08eBBVVVX8D95ms0EikSAvL48v 24EDBwBg0IqOw7LssI7jcNrOr1y5AgBITEyM2hcIBGI2kUgkkmGXAegbUeV0OlFWVobt27fz2z/4 4AO4XC4UFxdjw4YNcDgcCAQC0Gq1/KRvMpkMlZWVaGpqgt/vh0wmw/PPP8/v447zQJYuXcp/nm+9 9Ra/3e/3o6mpCenp6RCLxYPmwX3nduzYEbVPIpEMWYZYXC4X0tLSUFLy3Ym3TCbjj5PP57ujQExR d+qBCA42mw02my1qu0gkws6dO6N+pAqFgg8MAHDq1CmEQiFkZWVFnQ1nZmZCr9fDarVix44dsFgs EIvFfGDgLF26FN3d3QD6zvSBvjPn29vYk5KSYDab8cknnyAjIwMymQw1NTUAgLS0NCxZsgQKhYKv /IG+2S6tViuWL1+OrKwsLFu2DBKJJCLNvTLY6KO9e/fCYDBEbW9tbR1RhdjU1AQAeOGFF2Iev8rK SjidTsjlcrAsi+LiYni9XqxatQpJSUlYtmwZli1bNuzXu11OTg6Ki4ths9mgUqkAAIcPH0Y4HOav LIZyN68fS1tbW8TfoVAILpeLH6nn8XhocKDuqQciOKSkpEQFALFYjMTExJhNHwkJCRF/+/1+ALHP wlmWhVQq5Tuu/X5/zKaX/q/D/WCzsrIGLDOX3wcffMA3QVVWVoJlWajVauTn52PFihUAgJKSEnR2 dqKhoQHNzc0A+gKcVqvFK6+8AqFQOODrjLY5c+YAQMzhw0uWLIkIDlzn+UhxHbqLFy8eME0wGIRY LIbJZIJer0dZWRnKysogFAqRlpaGvLw8vmIfqQ0bNsBgMKC2tpbPw2g0QiaTRZ0UDKT/ycdoCIVC qKqqQlNTU8QAi5FckVHUaHoggsNIL9WHaiu/XSgUiggcQw0H5fI3mUx48sknY6bhzvJUKhUuX74M m82GlpYWNDc3w2KxwGKxoLKyEnl5eRAKhTh27Bi8Xi9OnDgBi8WC5uZmFBUVwWKx8O3Z94JCoYBQ KITNZkM4HI44lmq1OupzuJPgwBnsfXFt9qtWrcKKFStw6tQp/rjV1dXBZDLBYrEMuzLvTyqVIiUl BQ0NDXjvvffQ2dkJp9OJ0tLSO34vd4Prg7FarVCr1cjKyoJCocDzzz+P+vr6mFdrFDXWHugO6eF6 9tlnAcQ+G+aGFHKVeUJCArxeb1QHYCgUwuLFi1FVVcW3xzMMw1eY3EMikeDmzZsQCoUIBAI4ceIE PB4PVCoVSkpKcPr0aZw/fx4sy/LNTdzQRalUiry8PBw7dgxXr15FUlISrFbrsIafjhaWZaHVauH1 eu/4hi7uSo1ze7DlruzEYnHU8RMKhejp6QHDMPD5fGhsbEQwGMTSpUvxzjvv4Pz587BYLPyw0zul 0+ng9/tx8uRJ1NbWgmEYZGZm3nF+sQx01h8OhyM+01OnTsFqtSInJwetra3YvXs3MjIykJiYGHUs KepemRDBQaFQ8G3/t48t37VrFwAgPT0dQF+/QCgU4kfMcGpra2Gz2SAUCrFmzRowDIPS0tKIii8c DmPTpk1ISUmBz+eDx+NBampq1IgjmUwGhmH4pomNGzdi/fr1EXmxLMtfzYxW08Jw73PYvXs3JBIJ CgsLsWvXrpiBsra2FhUVFQC+u5LiOnI//fRTPm04HIbRaIx4Pnes33zzzYjtwWAQa9eu5fe3tLQg LS0t6rOYPXs2gO+Oy50cn1WrVkEikcBsNsNkMiElJWXIkVzD0b/PhjvhsNvtEWlun3qECwC39yn4 fL67CoAUdTceiGalu8UwDCorK5GamoqFCxciPz8fYrEYDQ0N/AgV7qwxOzsbJpMJBQUF6OjoQFJS Ejo6OlBeXg6VSoWMjAwwDIPi4mIYDAYsWrQIer0eDMOgrq4ONpsNRUVF/M1oKSkpqKioQCAQgFqt RigU4kdZFRQUAACKi4uh0+n4vIRCIZqbm9HQ0ACdTjfk6Jnhio+Ph0wmG3LUklgsRmtrK1avXo3i 4mKUlpYiOTkZIpGIn9IkEAhAJBKhoqKCb7fPyMhAeXk5tFot9Ho9WJaFyWSKauZbtmwZsrKyUFdX h8WLFyMrKwvhcBiVlZXweDyorKzkg3BpaSmKiorg8XigVCrh9/tRUVEBoVDI38XMVaoVFRXweDx4 /fXXo/qdbscwDLKyslBeXs6/9t3ivlPr169HdnY21Go1VCoVLBYLVq9ezX+XmpqaIgLRkiVLIBQK UVpaCpZloVAo4HQ6UV5eDqFQCL/fj5s3b951+ShqxO7Xm+DOnTtH1Go1KS0tHfZzBkvf1tZGUlJS +BvhEhMTSXl5edTNXteuXSMFBQVEKpXyN10VFBSQa9euRaQzmUwkKSmJv3FJLpeTioqKmHlxN8Kx LEtUKhWxWCxReSmVSj6vhIQEYjAYhrwR7XYFBQURN1fdfmy0Wu2w87px4wapqKggarWaP2Ysy5Kk pCRSWloadfMgIX03kimVSv4GrsLCQnL58mWiVqsj3nN3dzepqKggcrmcv4FQpVIRs9kckV9XVxfJ yckhYrGYACBCoZCkpKTwNzZyysrKSEJCApHJZMO+QezChQtErVaT1NTUAY/z7ceztLQ05o2T3HuX y+VEJpORmpoavvxarZYIhUL+Pba3t5OCggJSUFDAP7etrY2oVCrCMAxhGIYolUpiNBr5Y8flZzQa iVqtJufOnRvWe7xb9Ca4iUsA9AUHAIaVK1cOuvxnU1MTjh8/jqHSURT1cBjub55LB8BQXV395oAJ qQfGhOhzoCiKokaGBgeKoigqCg0OFEVRVBQaHCiKoqgoNDhQFEVRUWhwoCiKoqLQ4EBRFEVFocFh FGzduhUajSZqzYnhWLduHbZt2zZkutraWmg0mhEtH3q/cDqdePTRR6OWbAWAxsZGLF++HDNmzIBA IIBAIMDcuXPx2muvRbzXjo4OaDSaiIWUYuEWZVq3bl3UvlAohOXLl0Oj0cDhcMR8fmdnJx599FE4 nc4RvkuKerjQ4HCXuMV9HA7HHc3qabfbh1URcWstP2grgnHzTeXk5ERMaREMBrF8+XKkpaXB4XAg LS0NBoMBRUVFEIvFKCsrw3PPPccfG7lcjs7OTlRUVAw6a25LS0vU9BQcbsZbu90+4Ap7CQkJyMnJ waZNmwZd24KiHnY0ONwl7mohPz8fLpcLLS0t41yi+8vhw4fR0dERtR7H5s2bYbFYkJOTA7fbjUOH DqGkpAS7d+9GW1sbTCYTAoEANm7cyD8nJycHoVAo5hKfHG5pzezs7Kh9NTU1kMlkSE9PR0NDw4Az nu7YsQMdHR04fPjwnbxlinoo0OBwl2pqaqBQKPDqq6/yE/wNxul0wmq1xmxi6c/n88FqtcJut8c8 gw0Gg/B4PAiHw/xVxe1n1FweNpttwLPtcDgMh8MBq9UKh8Mx4Nky9xrcpHvDEQ6HsXPnTqSnp0es l+FwOFBXVweVSoUDBw7EXMwoIyMD+fn5cDqdfMDlKvyBZioNBoMwm81Qq9VRy5x6vV40NzcjOTkZ WVlZ/MyysUgkEqSnp2Pnzp306oGasGhwuAsnT56E1+tFVlYWJBIJv4BMrH6Bzs5OLFy4EAsWLIBG o8HcuXOxefPmqHThcBjbtm3D008/DY1Gg0WLFmHBggVRweTo0aOIj4/H+++/j7lz50Kj0fArq3FT X8+aNYvf/vjjj/PTk3NsNhvmzp2LhQsXQqPRYOHChXj66afR2NjIp/H7/Vi+fDni4+Oh0Wig0Wjw +OOPY/PmzUNWnCdPnkRnZye0Wm3Edm4K7uLi4kEXZtq+fTtOnz6NJUuWAPhukZ7m5uaYU4/X19cj FApBp9NF7eOmyc7MzMTSpUshlUr5KcdjSU9PR2dnJ70SpCYsGhzuQk1NTcQiMTqdDuFwOGr9Aa6T 1OVywWg0wu12w2KxoKGhIWoN5bfffhvl5eXIysrChQsXcP78eSQkJPDNJbcrLCyETqdDcXEx8vPz AQArV65EQ0MDSktLcfnyZZw/fx5arRbFxcV8W3soFMLatWvBsiza2trgdrtx+vRpiEQiaLVaPsD9 +te/htVqhclkgtvtxoULF5CVlYXKysohm10aGhoAgK/cOTabDQzDRG2/nVQqhUqliggg3BrPsZqW jEYjRCIRMjIyovZxTUpqtRoMw0Cr1cLj8eDkyZMxX5tbYc5sNg9aRop6qN2vU3bfz65evUpYliWp qan8ths3bhCxWEykUmnEFNAmk4kAIOXl5RF5tLe3EwD8lNA3btwgIpGIKBSKiHTd3d1EoVAQAMTt dhNC+qZuBkCysrIi0jY1NREAxGAwRJVZpVIRkUhEbty4QdxuNwFAioqKItKcPn2a6PV6cuHCBUII IQkJCUQul0ekuXHjBsnKyiINDQ2DHiO5XE4SExOjtrMsS2QyWdT27u5u4na7ox5Xr16NeG2xWBx1 jC5fvkwAkPz8/Kh8W1tbo47J+fPnCQCSlpY2YPkTExOj3vtEQ6fsnrjolcMdOnz4cFQTBsuySE9P h9frjTgj5dZZvv2MVqlURrSNO51OBAIBfiU0DnemG0tycnLE3xaLBUDf2tUejyfioVKpEAgEYLfb IRaL+cV6tm3bxo+E4voBuHIplUp0dHRg5cqVOHz4MPx+P1iWxQcffIBVq1YNeoxcLldEXwNnoOYo r9eL+Pj4qEf/4assy0Kn08HpdKKjo4Pfzl3FbNiwISpf7kqu/z65XA6lUommpqYBV8eTSCQxl5al qIlgQqwENxa49Z/Lysoi2q655piKigqsWLECAPj+glgVZf9tV65cAYCYwzBjPRf4bslMDvdatweN /j7//HOo1WrU1dUhJycH5eXl/KpjycnJyM/P55tV9uzZA5/Ph6amJjQ1NQHoCzxarRZ5eXmD9hmE w+GopS+BvuGiLpcLoVAoYolPkUgEg8HA/x0IBFBeXh71/A0bNqCsrAz19fX8intGoxFKpRJKpTIi bSAQgNlsBsuyESOfgL7PimsGLCmJPuGVSqW0Q5qasGhwuAMOhwMdHR1QKBRRo2JkMhmCwSAsFgs8 Hg9kMtmw1zgejbWiucq6ubkZcXFxMdNwZV6xYgW++OIL2Gw2nDx5kl+atKGhAWazGWvWrIFEIkFr ays6Ozv5+wS4EVAOhwOHDh0atDyx7stQqVRwuVw4deoUli1bxm8XiUQRlbTH44kZHORyOZKSkmA0 GvHWW2/BarXC4/GgqKgoKi3XSZ2cnBwVdGUyGUwmEyorK/H6669HBboH7Z4SihpNtFnpDnDNFHv2 7MGhQ4eiHoWFhQCAqqoqAODPbmPdldu/Q/rZZ58dVrrBcDeaTZ06FWq1OuIhEonQ09MDoVAIn8+H xsZG+P1+qNVq7N69G+3t7Th9+jSAvjPxcDjMD6dNSEjAq6++io8++ghdXV1ITEyE0WgctCwikSjm yC2ueae4uPiOz8x1Oh28Xi9sNhtqa2vBsiw/MKC/mpoasCyLI0eOxPys0tLS+GNxO5/PB5FIdEfl o6gHHQ0OIxQKhWAymSCVSqFWq2OmyczMBMuyqKmpQSgU4vsabr8r98SJExGVfmJiIhQKBerq6iIq 1WAwOGRFzOFea9euXREVbzAYxPr165GamopgMIizZ88iLS2ND2AcrhmIu/dg9erVUcNWRSIRRCJR zPsT+pPL5RH9AhyVSoWcnBw4HA4sX7485j0fDoeDbwaK1XSVmZkJoVCI+vp6mM1maLXaqPI4nU44 HA6kpKRALBbHLGNeXh6A75oJ+3O5XHxgp6iJhjYrjdDRo0cRCAT4YaOxiMVipKamwmw2o7GxERkZ GdDr9aisrEQwGERaWho6OztRXl4edWb63nvv8fccFBQUgGVZVFRUDPvGs6SkJBQWFqKsrAwajYbv yK6srERHRwdKS0shkUiwbNkyKBQK7Ny5Ez6fD0lJSQgEAqioqADDMPxNfYWFhSguLubzYlkWDQ0N sNvtEf0DsajVathsNr55rb8DBw4gHA7DaDRi7ty5SEpKQmJiIn9THtcRrNVqsXv37qi8hUIh0tPT +QDMVfL9cVd4se576F9GmUwGi8UCl8vFN7l5PB7+qoqiJiw6lHX4ioqKiFqtJufPnx80XWtrK1Gr 1RFDRcvLy4lMJiMAiEwmI3V1daSgoIAUFBREPLe9vZ2o1WrCMAwRCoUkJyeHmM1molarSVdXFyGE EIvFQtRqNTl37lzM16+srCRKpZIAIAzDEKVSSUwmU0Saq1evEr1eT6RSKQFAhEIhSU5OJqdPn45I V1FRQeRyOQFAABC5XE4qKiqGPFbccNHKyspBj1NWVhZfBgAkISGB5OTkkLa2tkHz545Tenp6zP3p 6ekkOTmZ3LhxY9B8ampqiFqtJkajkd9WWVlJAAz5OT/s6FDWiUsA9AUHAIaVK1ciNTV1wMRNTU04 fvw4hkpHURyNRoNQKIS2trbxLsqILFq0CEKhEB9//PF4F2VcDfc3z6UDYKiurn7znhWQGjO0WYka UyUlJdBoNHA6nVAoFONdnGFxOp2w2+1obW0d76JQ1LihHdLUmFKr1dBqtXjjjTfGuyjD9uabb0Kr 1dL+BmpCo8GBGnPvvfcewuHwkDPR3g86OzsRCoXw3nvvjXdRKGpc0WYlasyJxWJ89NFH412MYUlI SHhgykpRY+mOgsPFixdHuxwURd2H6G994hpRcJg+fToA4NKlS7h06dKYFIiiqPsP99unJo4RBYcX X3wRAPDNN9+MSWEoirr/TJ8+nf/tUxPHiJuV6JeEoijq4UdHK1EURVFRaHCgKIqiotDgQFEURUWh wYGiKIqKMuIOaYfDEXMBF4qiHk4SiSRq+VXq4Tei4OBwOHDw4MGxKgtFUfcxGiAmlhEFB+6KYd68 eZg/f/6YFIiiqPvHxYsXcenSJdpaMAHd0fQZ8+fPp+s5UNQEQWdDmJhohzRFURQVhc7KOkxvvhm9 uBXDMJBKpZBKpViyZAkYhh7Ojo4OtLS0IBAIQCwWY8WKFVHrR98Jv9+PxsZGOBwOhEIhAEBiYiIy MjIi8rfZbGhpacHSpUuhUqkGzC8cDmPXrl2QSCRR60+HQiG8/fbbAIAdO3aAZdm7Lj9FPWhobTZM BoNh0P1SqRTHjh2bsJ124XAYmzdvRk1NDYRCIcRiMbxeLwoKClBeXo5XXnnljvN+9913UVxcjFAo xOcdDAZhNBpRXFyM/Px8vPPOO2AYBiKRCAaDAVarddCV3FpaWmAwGFBUVBS1r7Gxkf+8uQBEURMN bVYaAalUCrfbHfE4d+4cioqK4PV6sW7dOoTD4fEu5rioqqpCTU0N8vPzcfXqVbjdbnzxxRdISkpC fn4+bDbbHeX7xhtvoLCwEImJiWhubsa1a9fgdrtx9epVtLe3Q6lUory8HO+++y4AQC6XIykpCVar FV6vd8B8jUYjAGDDhg0x98nlckilUlRUVNxRuSnqQUeDwwgwDAOZTBbxUCgU2L17N9LS0tDZ2YmW lpbxLua4qKyshFQqxZ49e/hmGIlEwq+oVl9fP+I8nU4nSktLkZiYiNOnT2Pp0qUR+5VKJT7++GPI ZDKUlpbyzU06nQ4AcPjw4Zj5BgIBNDQ0QK1WIzExMWKf1+uFxWJBcnIy0tPTYbPZ0NHRMeKyU9SD jgaHUaJQKAB8N9x327Zt2LZtGxobG/HMM8/gueeew8mTJwH0VU6vvfYannnmGcTHx+O5557Drl27 EAwGo/Ktr6+HRqNBfHw84uPjsX79eng8nog0LpcL69ev59MsXrw4ZmV8+PBhLF68mE+3du3aqDN6 p9OJtWvX8mkWLVqEffv2DXlFpNVqUVRUFNXvwvUH9H9v27Ztg0ajGXJ45N69exEOh1FeXg6hUBgz jVAoRHFxMXJycvjXyMzMBMuyMJlMMZ9TX1+PUCiEnJycqH3vv/8+AGDNmjX8VUVVVdWg5aSohxEN DqPE5XIB6DtbBvoq2YaGBmi1WgB9Z6RTp06Fz+fDokWLUF5eDqVSCZ1OB7lcjuLiYixfvjyiEv31 r38NrVaLYDAInU6HtLQ0NDQ0YNGiRXyTicPhwMKFC2GxWJCens6fNWu1Wrzxxht8XlVVVcjKyoJQ KIROp4NWq4XdbodGo4HD4QDQt37y4sWL4XQ6kZWVBZ1OB4ZhkJ+fH5FXLK+//nrMfoWjR48C6Gvu 4TidTlitVv5MfyAWiwUikSjqiuF22dnZeOeddyAWiwH0BQytVgun0wmn0xmV3mg0QiQSYc2aNTH3 JSQkQKVSQaFQQKFQoK6uLmbgpqiHXm5ubklubi45fvw4Gczx48fJcNI9jAAQmUwWtb2rq4uUlZUR hmGIVColaJBNTgAAIABJREFUN27cIIQQolarCQBiMBgIIYR0d3cTQgjR6XQEADGZTBH5VFRUEACk uLiYEELI+fPnCQCSnJzMP5cQQiwWCwFACgoKCCGEKBQKIhKJyIULFyLy02q1hGEYcv78eUIIIXK5 nCgUiog0ly9fJgzD8GUsLS0lAPjncOVWKpVELpeP8IgR4na7iVgsJmKxmPztb3/jt587d460trby xyqWq1evEgBEpVKN+HUJIeT06dMEACkqKorYfvnyZQKA5OfnRz2nubmZACA7d+7kt5WVlREApLKy 8o7K8aAb7m+eS5ebm1syPrUYNdrolcMIeDweCASCiMesWbNQWFgIoVCII0eORA17fPXVVwH09VeE w2GYTCYolcqoETCvvPIKpFIp6urqAPSNmAGAkpKSiKaaZcuWoa6uDhs2bEBHRwd/ln972/n27dsR Dof5M3ehUAiXy8U3qQBAQkICuru7UVJSwpcR6Gta4Zp8GIZBe3s7zp8/P+JjtXz5cgQCAZhMJohE In6fQqGAWq0edIgod6Yea3iw0+mERqOJetTW1vJpVCoVEhMT+ePJ4dLcPnwVAGpqagBEdlJnZmaC YRh+H0VNFHQo6wgIhUKkp6dHbBOLxZDL5Vi1alVEBQj0NTH13+b1ehEKhQYc7qpUKtHQ0ACgr4kH iGyO4WRmZgL4rsPVYrFAo9FEpOECANc/UVxcjLS0NGi1WgiFQqhUKqSmpmLNmjV8U9iGDRtQU1OD 8vJyvtkrJSUFa9as4ftUhsPhcGDlypUIBoMwm81DNgvFwjURxWrOCYVCEf0uoVAIPp8ParU6Il1O Tg4KCwthtVr5fUajEUqlMuq4cp3UMpksalCBTCaDw+GA3W5HUlLSiN8LRT2IaHAYAbFYjEOHDg07 /UBnxrcHEQ7X6dq/83egtP3TSSSSmDeaJSYm8pXZihUrcOHCBdTW1sJisfCPwsJC1NTUIDMzE2Kx GO3t7aivr4fZbIbNZoPD4cDOnTuh1Wpx5MiRId/z0aNHodPpIBQK8dFHHw16I9pghEIhZDIZOjo6 EAwGIzqkk5KS4Ha7+b+tVmtUcAT6gmhRUREOHz4MtVqNlpYWeL1eFBcXR6U9fPgwH3S4fpvbVVVV 0eBATRi0Weke4io47qrgdi6XC0KhEAzD8Gm5ju7+Ghsb0dLSwp9dp6en49ChQzEf/ZtPEhIS8NZb b6G9vR1Xr15FTU0N3+Hcv4zZ2dn46KOP8Le//Q3Nzc1QKpUwmUxDDtOtqqqCVquFVCrF6dOn7zgw cLRaLUKh0B2PFpJIJEhLS4PZbEYoFILRaIRQKOSvvPozGo1gWRbXrl0DISTi0d3dDYlEApPJhEAg cFfviaIeFDQ43ENisRgKhQIWiwV+vz9iX2dnJ5xOJ1+hcv9yw185gUAAWVlZKC0txS9+8QuwLAuj 0Rg11PTo0aN49NFHsXfvXoRCIcyaNQvr1q2LKEt2djbUajVf4W3cuBEzZszgm6QYhsHSpUuh1+sB YNChpydPnkR+fj6USiVOnz6NhISEOzlEEbZv3w6xWIzi4uKo48AJhUJ8/0wsOp0OgUAAjY2NaGho QHp6etSwWKfTCYfDgbS0tJhDZhmGQVZWFkKhED/UlRqeTZs2LcvNzd2wadOmZXq9Xq3X62VbtmyR jHe5qKHRZqV7rLi4GOnp6Vi5ciUOHDgAhUIBu92OjRs3AugbEgr0jbPnhrhKJBKsWrUKfr8fW7du RTAYRGFhIUQiEQoKClBaWop169bhnXfegVQqRUtLC/Lz88EwDDIyMsCyLJKSkmA2m6FWq/lO1hMn TqC5uRnJyckAALVaDaPRiHXr1mHPnj18s055eTlYlh2w7yAcDiM/Px/hcBhyuRz79u2LSqNQKLBq 1SoAffc5OJ1OHDlyhO/viEUsFuPYsWNYvnw5UlJSkJqairS0NMyZMwfXr1+H3W5HTU0NfD4fpFIp VqxYEZXHsmXLIJVKUVhYiGAwGLMjmqvwuWHHsWRnZ6OsrAw1NTXYvn37gOmo7+Tl5WUQQkwAIBAI 0NvbCwDo7e1Fbm4uJk2aFATwPwKB4C/hcPh/Jk2a5Ont7Q0JBAIfISQgEAgChBBfXFzczXA43FlT UzPwLe/UqKPB4R5bs2YNampqUFhYiAULFvDbJRIJGhoa+CsGhmFw/PhxrF27NqLSYlkWlZWVWLZs GQDgrbfeQigUQkVFBcxmM59OJpPhww8/5CvfAwcOwOv1Qq/X81cCQF8n+AcffACgr0Pa5XKhrKyM 7xgH+ippk8k0YEXucDj4prKBRvXodDo+OAz3Pgeg7wrq/Pnz2LZtG5qamtDU1BSxXyKRwGAwYPv2 7QOe9et0OuzcuZOfWqO/UCiEuro6fpLAgXD9N3a7nZ/YjxocISQRAGbOnImZM2cCAK5du8bvv3Xr lvDmzZtCAD8IBoMghEAgEABAxL+9vb2YNGkS9Hp9EEBbb2/vJ4QQe3d39xmj0Ujb+cYIDQ7D5Ha7 RzTr6pEjRwa8qzg7OxsZGRk4deoU/H4/Zs+eDZVKFfPu4vb2djgcDnz22WcQiUT4xS9+wfc1AH2V 3549e/D666/jk08+QSAQwJw5c5CUlBSRn0QiQXt7Ozo6OvDpp58CAJ5//vmoUTu7d+/GK6+8grNn zyIQCEAqlfLNVwNRKBQRHcSx9K+4jxw5glAoBKlUOuhz+h+HY8eOIRAI4MyZM/D5fGAYBvPnzx/W RIevv/46srOzBwwe586dA8uyQ36+H330EQKBwKCDBKhoMpkMP/3pT4dMd/36ddy4cQPXr1/H9evX 8fe//x3Xr1/HtWvXcO3aNQSDQSGAlwC8JBAIMGXKFGzZssXd09NzihBiJ4Sc+cEPftBhMBgm5gRn o4wGh2Ea6bTTgzWXAH2V5WBnqv0plcohK0GxWMyfmQ9GLpfHHB7bHzcN+XCxLDui4zPUsRmISCTi r5hGYrDycfNlDff1aWAYO4888ggeeeSRiJOf/rq7u/HXv/4VX3/9NQKBAPx+P/7617/GE0LiAegE AgG6urpCeXl5DkKITSAQ2OPi4s7s37+fLmN3B+4oOFy8eHG0y0FR1H3ofvqtT548GU8++SSefPLJ iO3/8z//g0AggC+//BJdXV3s119/rQKgIoRwU8l/2dvbe5oQ0nrr1q162hQ1PCMKDtOnTwfQt2wg XTqQoiYO7rd/P3rsscfw2GOPYfbs2QCAmzdv4ssvv8Sf//xndHV1IRAIPAUgA0DG1KlT39Pr9Q2E kKqqqqqJOYXyMI0oOLz44osAgG+++WZMCkNR1P1n+vTp/G//QTB16lR+VmEAuHHjBr744gt8/vnn +OKLLyb39PSsBbB28+bNXT09PVWTJk2qrays9Ixroe9DI25WepC+JBRFUdOmTcO8efMwb948dHd3 4/PPP+cWo5oFwNDb22vYvHnzqd7e3gM3b95sNBqNQw+jmwBohzRFURPG5MmTkZCQwE86+fnnn+PS pUv48ssvlxBClrAsG8zNzTUKBILaqqoqx3iXdzzR4EBR1ITUP1CEQiFcvHgRn332mfD69ev5hJD8 zZs3XwqHw/sFAsHh6upq/9A5Plzo9BkURU14LMvi+eefx7p165CcnAyJRIKenp55AoGgXCAQfJmX l/f/ZWdn3/2cMA8QeuVAURT1LYFAwHdmf/311/iv//ovXL58eXJPT89qhmFW5ebmlt26dWv3RBgO S68cKIqiYpg5cyYWL16MdevWQS6XY9KkSZMA/G+WZa/k5uZuGDKDBxwNDhRFUYOYNm0aFi1ahHXr 1mHevHkghHwfgHHLli1nc3JyHtoFPmhwoCiKGoZp06ZhyZIlWLt2LeLj4xEOh386adKkNr1e/y8P 4zTkI+5zcDgcg87rT1HUw0UikQxrgsOJ4rHHHkNycjK+/vprnDlzBn/+85/XCwSC/ysvL++tWbNm vfuwTPw3ouDgcDhw8ODBsSoLRVH3MRogIs2cORMvv/wyOjs70dbW9kgoFCr96quvtmzatCn34MGD sVeneoCMKDhwVwzz5s3D/Pnzx6RAFEXdPy5evIhLly7R1oJBJCQkQCqVoq2tDZ2dnT8UCAQWvV7f 0t3drX///fdjrwn8ALijoazz589HamrqaJeFoqj7EJ1kc2gsy0Kj0WDOnDn45JNPEAwGlzIMczE3 N/d/V1dXvzve5bsTtEOaoihqlPzwhz9Eeno6nn32WRBCJgEo0+v1H27ZsiV6pan7HA0Ow6TRaAZ8 bNq0CVardbyLOO78fj9ee+01LFiwAM888wzWr18Pu91+1/mGw2EcPnwYGo0Gjz76KAQCASZPnowF Cxbg7bffRjAY5NOeOHECGo0m5jrWt5dVo9Fg27ZtUfu8Xi//2dLmFGqkJk+ejJ///Of4h3/4B0ye PBm9vb3phJD/zM3NTRzvso0EDQ7DZLVa4XQ6I7aFw2F4PB7U1NQMq0J6mPn9fixevBjl5eVQKBRI S0uD3W7H4sWL0djYeMf5+nw+LFq0CFlZWejs7IRWq4XBYEB+fj6CwSCKioqwcOFCvhJ/4YUXYLfb UV5ePmi+9fX1sFqtSEyM/r0ePnwYDocDVqsVtbW1d1x2qs/XX3+NL774Al1dXQgGg7hx48Z4F+me mD17NlavXo0ZM2agp6dnrkAgOLdp06Y1412u4aLTZ4yAQqFAa2tr1Han04nFixejsLAQGRkZAy5z +DDbtWsXXC4Xmpqa+OVPX3/9dSxYsAB6vR4rVqwY0RrcQF/wXbt2LRwOB4qLi1FSUhKRx549e/D2 22+jqKgIW7duxYcffgixWIy0tDSYTCbYbDaoVKqYeRuNRgiFQmRmZkbtq6mpgVKpRDAYREVFBbZv 3z7islMAAB8AeDweeDyeqJ2TJ0/umTJlCpk2bVoPwzBTpk+fLoiLi8P3vvc9TJkyBVOmTMG0adPA MAymT5+ORx555F6X/6499thjWLVqFWw2Gzo7O1mBQGDOy8v7f2fNmrXjfh/ySr/xo0ChUECn06Gi ogKnTp3CmjWRJwd2ux1CoTBq7Wan04lAIACxWDzous4+nw8ulwssy0KhUIBl2ag0oVAITqcToVAI iYmJA67TzP1QGYaBQqGAUBjdFBoMBuF0OhEOhyGTyYa1xrLf74dSqYxYF1soFEKlUsFoNMLr9Y54 He76+nrYbDZotVq89dZbMdPs2LEDFosFZrMZXq8XUqkUOp0OJpMJ9fX1MYNDR0cHHA4HcnJyot6/ 1WpFZ2cn8vPzAQAFBQU4efLksNf7pr5TXV1dlZeXJwLAX5719vbKuP93d3eLuru7RdevXwcA2VBN eFOnTsXjjz+OJ598Eo8//jieeOIJTJ06dYxKP3omT54MjUaDJ598Ev/xH/8BQsj/3dXV9SODwbD2 fg4QNDiMEu5qgWv/1mg0AACpVIq6ujoAQHl5OV599VWcOHEC+fn5EWdTcrkchw4dihhL7vP5sHXr VpjNZn6bSCRCWVkZsrOz+W3vvvsudu7ciUDgu7nA0tPTcejQIb7yCwQCWLduHSwWC5+GZVnk5ORg z549/Jnxm2++idLSUoRC3613olarceTIkQEDDgB88MEHMbd7PB6wLBtxNaXRaGC1WuF2uwcNGEaj EQBQUlIyYBoAeO+99xAMBiGVSgEAy5Ytg0wmg8lkinhvnMOHDwNAxDHkcM1Ia9asAcMwKCwsRGVl JQ0Od6iqqurt4abNycmRxsXFSQD8gBAiJYRIJk2aJO3t7ZUJBALZzZs3ZV6vF16vl3/O9OnTeyQS SdwTTzyBJ554At///vchEAjG4q3ctR//+MeYMWMGTp48ie7u7rSurq4P7+cAQYPDKAiHw2hoaAAA /OxnP+O3OxwOuFwuFBcXw+fzYdWqVbBarUhLS0NCQgIsFgvmz5+Ps2fPIj8/HxqNBu3t7UhMTEQ4 HMbq1avhcDhQVlaGVatWIRAIYNu2bcjJycH8+fOhUqmwd+9eFBYWIjU1FSUlJRCLxTh69CiKiorg 9/v5ZrDXXnsNVqsVRqMRS5YsQTAYxBtvvIGKigokJSUhMzMTJ0+ehMFgQE5ODrZv3w6WZXHixAkU FBRg06ZNOH78+LCOh9/vh8fjwb59+2C1WmEwGCLO0CUSCWQy2ZBNNTabDQkJCTH7BfqLddWl0+lg MBiizvrD4TDq6uogl8uRlBQ5LU4gEIDJZEJycjIfaFJSUtDU1ASPxzPiKx9qZGpqarwAvABiLrKz ZcsW4a1bt+STJk36GYBEgUCg/Oabb+TffPONkBtuGxcX1/P4448LJBLJJC5gTJs27d69iSHMmjUL KSkp+PjjjxEKhdK++uqrT7Zs2bJ0//79waGffW/R4DACPp8vqoOSq1CcTidSU1MjKqpgMIiGhgYs XbqU37Zu3TowDIOPP/6Yr4BkMhlmz56NhQsX4o033sCHH36IkydPwm63w2AwYPv27fzzP/zwQzz9 9NOor6+HUqmEwWCAQqHAsWPH+MqWS19YWIgTJ05gxYoVaG5uRmJiIjZs+G4yySNHjmDjxo18MxU3 smj79u18hfzKK68gGAzC7x/+WiebN2/mr3ZUKhXy8vIi9h85cmTIPDweD0KhEH+M+guFQjFHEYlE IohEIgB9VwU7d+6EyWSKCA4tLS3wer0oLCyMen59fT1CoRB0Oh2/TafToampCVVVVdi9e/eQ5abG zrcVqP3bBy87OzuBYZhnCSHqnp4etc/nU/T/fgiFQvLkk08KZs2ahR/96Efj3hQlkUiwcuVKNDU1 4caNG/8rLi6u5X4MEDQ4jIDL5YqoODgMwyArKwsHDhyI2r5kyRL+70AgALvdjrS0tKhKT6lUQqlU 8s0+zc3NABDVfyGRSHDt2jWwLIuWlhYEAgGo1eqIS22grx+Ey2fFihVQKpUwm81Yu3YttFotli5d CpFIFFFRcwFh7dq10Ov1WLZsGRISErBjx46RHCbs2LEDr7/+Os6cOYPCwkIsWLAAbW1to3bmbbfb +Wa7/gwGA98EJZVKkZycDLPZjAMHDvBXLkajESzLDtgRLRQKI475ihUrIBaLYTQaUVJSErO/hxpf 396F3AmgEQB0Op1o8uTJSwEkCwQCdTAYTAwGg7hy5Qra2tqITCYTJCYm4qmnnhq3MotEIqSmpvYP EP+p0+n+1/20TgQNDiOgUCiwZ8+eiG1CoRCJiYkxO3alUmlE0wnXJ5CQEHtBqYSEBDgcjoi0sZpU uAqKCwjl5eUDDt3k8nnvvffg9XphNpthNpvBMAySkpKg1WqRl5cHhmGQkZEBm82GyspKvkM2ISEB aWlp2L59+6B9Dv1x/SYKhQJSqRSpqanYtWvXiObl4o7d7UEP6LvSMhgM/N8ej4fvn+gvJycHFosF jY2NyMzM5K/k0tLSokaUcZ3UIpEIy5cvj9gXDofh9/vR2NiIjIyMYb8Hanx8W8Ee/faBLVu2SMLh 8DIAaT09PSlXrlxhr1y5gkceeaQnMTExbt68eTF/v2NNJBJh9erV+Pd//3cEAoG506ZNO2EwGJbc L30QNDiMgEgkglqtvut8wuHYn33/TuD+24b64hYVFWHZsmUx93EVukQiQVtbGzo6OnDixAlYrVZY rVbYbDY4HA4cOnQIQF8QKSkpwYkTJ9Dc3AyLxYKysjLU1dXhwoULfLPNcHFNOlzQGy4ueNlstqj2 fplMFtFJzfWl3G7VqlX8WX9mZibfbHR7MxcAvP/++wCA5OTkqOMtkUhgMplQWVlJg8MDaP/+/T4A tQBqt2zZIuzu7l4lEAjSr1+/nnL27Nm4s2fPYtasWd0//vGPJ8+ePRtxcXH3rGyPPPIIXn75ZRw7 dgw3btz4+V/+8hcjgKx7VoBB0OBwD0kkErAsG3UzHcfpdPLNTdy/LpcrajbMTZs2QSQSYdWqVfy2 24NWIBDAJ598ApZlEQ6HYbfbwbIslEol5HI5duzYgUAggEWLFqGurg6HDh2Cy+XClStXsGLFCmzY sAEbNmxAOBzG1q1bUVlZiZMnT8asHMPhMJ555hkkJCTgo48+itjHjd66k3s/cnJyYLPZ8Nprr+HD Dz8c8fMZhoFOp0N5eTl8Ph+MRiNkMlnUsQqFQqirq4NUKh3wdTo7O2G1WtHR0THosGPq/vZtu/5h AIf7BQpdV1eXuqurC1OmTAnPnTuXmTdv3j27X+mRRx7hBz50d3dn5ubmXqyuro49dvseondI30Ms yyIlJYU/a++vtrYWHo+Hn9CQO+Peu3dvRDqn04mamhoEg0EkJSVBIpGgpqYmqoN2165dSE1NxalT pxAOh7F8+XJs2rQp4qqF68Dlmqm453R2fjeRJMMw/Fn7QFcwDMNAIpGgubkZHR0dEfvefbdvzrH+ EzX6fD54PJ4Br6A4mZmZUKvVMJvN2LRpU8RQXU5LSws/BUas0U9cgNu3bx9sNhv0en1UmhMnTsDv 9yMra+ATNq6vqaqqatAyUw+O/fv3Bw8ePHi4urr6JQCzBAJB0a1bt3yfffYZjh07hg8//JB0dHTE vKIfbWKxGBqNhhuG+//k5eWN+yWqAAByc3NLABhWrlw56GyrTU1NOH78OIZK9zASCARQq9Ux75CO RaPRwOPxwO12R2z3eDxYtGgRgsEg8vPzkZiYCIfDgcrKSiQkJOD06dP8GcumTZtQU1OD1NRUpKWl IRAIoKysDAD4Dt4TJ04gLS0NEokEer0eUqkUzc3NqKurg0qlQmtrKxiGwZtvvgmDwYDk5GSkp6eD YRj+5rHi4mK89dZbcDqdWLhwIaRSKfLz8yEWi+FyuVBRUQGZTIZz584NOPzU4XBAo9FAKBSisLAQ YrE4ohwff/wxH4SGe58D0BdI1q9fj+bmZrAsC7VaDYlEglAoBIfDgc7OTjAMA71ej927d8cMYIsW LeKbtb744ouovpPly5fDYrHg/PnzA14VBAIBzJo1CyzLoqura8J0TA/3N8+lA2Corq5+854VcJQZ DAbmz3/+8yqBQFAAQAUAcXFx5Ic//KFg4cKFeOyxx8b09T/99FP88Y9/hEAg6CaE/LK6uto2pi84 iDgA+NnPfqYGoJ4/fz7mzZs3YOJLly7h0qVLGCrdw+jUqVNQKBRISUkZVvpPP/0UIpEI6enpEdu5 bV1dXfjXf/1XmEwm/J//83/wz//8zzh06FDEpezLL7+MmTNn4ne/+x1+85vf4A9/+AN/Q9qPfvQj AH1ra/zyl7/ExYsX8S//8i8wm834y1/+Ar1ej4MHD/KVmFqtxowZM/D73/8eRqMRv/3tb9Hb2wuD wcCPRpJIJHjxxRdx9uxZ1NXVwWw2w+Vy8TfUTZ8+fcD3+9RTT+Hll1/GZ599ht/85jcwm8345ptv kJ+fH1EO7tiwLAutVjtkf4pQKMSvfvUrLFiwAH6/H3a7HXa7HR0dHfj+97+PX/3qV6iqqoJOp8OU KVNi5jFjxgz4fD784z/+Y9TnEQwGceTIEfz85z+PeVXBYVkW169fRzgcRnx8PH/8H3bD/c1z6QBY z549e+qeFXCUWa3W3v/8z/+8cPbs2UM//elPGwUCAUMIeTYQCDCfffYZ6e3tFYjF4jGbTkUikeDv f/87/H5/HMMwK5999tmDTqdz7C9dYqBXDhRFDWiiXTnE8u1opx0A9ABYlmV7XnjhhbixOkEmhKCh oQF+vx8Mwxzev3//uHRQ0z4HiqKoQezfv99XXV29jWGYeIFAYAyFQuTUqVNoaGgIf/XVV6P+egKB ABqNBnFxcQiHw5m5ubnjMnfLHV0bXbx4cbTLQVHUfYj+1r/z7ZDYjdnZ2bsmTZq0++rVq+m//e1v MXfu3FsvvPDClNGcpkMkEkGpVOLMmTOIi4v719zc3DnV1dXDn6ZgFIwoOHBtzv3aFymKmgAG62+a aL69I3vtpk2bFAKB4J3Lly8nezye7gULFkz+yU9+MmoT/z333HPweDz46quvpjMM8xsA/zgqGQ/T iILDiy++CAD45ptvxqQwFEXdf6ZPn87/9qnvHDx40AngpU2bNmV2d3eX//GPfxRfuHCh5xe/+EXc 008/fdf5CwQC/PKXv4TZbEZ3d/fKvLy8VVVVVXe+ctYIjbhZiX5JKIqivnPw4MHDubm5JwHsuXbt WpbFYoFUKsXPf/7zux76KhQK8dOf/pRrXtpnMBhO3KvpNWiHNEVR1F2qrq72V1dXrweQCsDj9Xrx b//2b+RPf/rTXef97LPP4rHHHkM4HP7Bl19+GT1j5BihwYGiKGqUVFdXn2AY5jkAFQAEZ86cwe9/ /3t0d3ffcZ5xcXH8LMsMw+wyGAz3ZNojGhwoiqJG0f79+4PV1dVbBQJBGoDglStX0NDQQGJN/zJc c+fOvedXDzQ4UBRFjYGqqqrGnp6eBQA6AoGA4NixY+T26XSGSyAQ8FcPcXFxe3Q63ZjP30KDA0VR 1Bh5//33OxmGWQSgLhwOC5qbm3HmzBkQQkac19y5czFz5kz09PTMmDJlyoahn3F3aHCgKIoaQ982 M60HkA8g/Kc//QktLS0jDhACgQA/+clPAACTJ08eeCKwUUKDwwTW2dmJ2tpa2GxDT/xYW1uLo0eP DpnOZrOhtrY25hrPFDWRVVdX75s0adJLAIJut/uOAgS3GFF3d7ciOzs79pKSo4QGhwnsk08+gU6n 41dBG4xOp0NhYeGQ6d5//33odDq4XK7RKCJFPVQqKyutAJYD8Lvdbm6Bn2E/f/LkyYiPjwcAMAyz fkwK+S0aHCawOXPmQKfTQaVSDZlWp9NFTXcdi0qlgk6nG/Z60xQ10Xy7RsNiAD6fz4ePPvqIjCRA cGvQT548edPYlLAPDQ4TmEqlwqFDh5CdnT1k2kOHDuGdd94ZMl12djYOHTqExMTE0SgiRT2Uqqur XQA0AHxfffWVoKGhgdy8eXNYz5VKpZg2bRpu3bo1KycnJ2msykiDA0VR1Diorq529fb2LgTgCgQC gt9c2o2QAAAgAElEQVT97ndkOH0QAoEAc+bMAQBMmTJFO1blo8GBoihqnNTU1Hh7e3tfQl8Tk+AP f/jDsJ7HLa87adKkMVt1jQYHiqKocVRTU+MVCAQrAQQvXbqEc+fODfkcbjnh7u7u+LG6IY4GB4qi qHFWVVXlEAgEWQDCDocD//3f/z1o+smTJ2PmzJkghEyaMmWKcizKRIMDRVHUfaCqqqpRIBAUA4DV au0d6l6hxx9/HABACPnZWJRnxLP7ORwOeoMTRU0gEokESuWYnJxSt6mqqno7Nzc3oaenJ6elpaUn PT09burUqTHTPvHEE3C5XJg6deoyAHtHuywjCg4OhwMHDx4c7TJQFPUAoAHi3njqqac2f/nll4q/ //3vSrvdjiVLlsRMx/U79Pb2jv+VA3fFMG/ePMyfP38sykNR1H3k4sWLuHTpEm0tuIcMBkM4Nzd3 PYBzly5dYuPj4/HDH/4wKt3MmTMBAOFw+ImxKMcdLRoxf/58pKaO2QgqiqLuI5cuXRrvIkw41dXV rtzc3GIAZVarteef/umf4lg2elDStGnTcOPGDWzZskWyf//+UY3gtEOaoijqPvTUU0/tFQgE9ps3 b8bZbLaYd8fFxcUBAHp7e0d9OOs9WW7uYeDxeAbcJ5FIECuqU6PL4/HgzJkzCIVCAPrW1r29HTwQ CCAQCEAkEkEkEg2ZH8MwkEqlMfcB391sRFH3msFgCOv1+nWEkPNut1v4+eefY/bs2RFpHn30UQSD QQCQAfCM5uvTK4dhio+PH/AxY8YMbNy4kfuQqFFmt9uh0WgQHx8PrVYLnU4HnU6HhQsXYu7cuThx 4gSf9syZM4iPj8fWrVsHzdPpdCI+Ph5vvPFG1D6r1cp/tna7fdTfD0UNV2VlpQeAAQDa2tp6bp9e g7ty6OnpiT2k6S7Q4DACiYmJMBqNEY/S0lIoFAoYjUasXbt2vIv40GlsbMTixYvhcDhQXFyM9vZ2 uN1unD9/HmVlZQgEAkhLS8PJkycBAEuXLoVUKoXZbB40WNfW1gIANmyIXlCrtrYWUqkUQqEQe/eO +ghBihqRW7du7QPQee3atbjLly9H7Pve974HABAIBKM+DTJtVhoBiUQSszLZvn07Fi5cCIvFAqfT ya/1St0dn88HnU4HoVCItra2qJle5XI5VqxYgQULFiA/Px+XL18GwzDIycmBwWBAY2MjMjOj12IP h8Ooq6tDYmIi1Gp1xL5gMAiTyQStVovw/8/evcdFVef/A3+ductFMQiRYB0VUUmKwhRcShRTU1wp Wy9pX6dkBiTz8rObu7VNm6vuppt9LYRBtiEvqUlhWCpfXTFJzEDZvKKgKBMgQowycpvL5/cHzllG RkBluOj7+XjwUGY+55zPDHBecz63YzJhx44dqKio4IcNEtLRtFptnUqlWg5Ae+zYMeOgQYPEHMcB ACQSCQCAMdZyG+pdoHBoByKRCJGRkcjLy8N//vMfBAUF8Z9Mf//732PNmjUQiUR47bXX+BPcd999 hz179sBgMMDNzQ3Tpk2ze1+FsrIyJCcno6CgACKRCOHh4ZgxYwZEov/+6EwmEzZv3oysrCyYTCbI 5XLExMQ0u6dCQUEBNm/ezLenDx8+HLNnz7ZpmzcYDNi8eTPfnCKXyzFt2jQMGzasxfdg586dKCoq wmuvvYbNmzcjMzMTQOOy4HPnzrWpb0pKCoqKirBo0aIW+wU++eQT6PV6JCQk3HYJ8CFDhiA6OhpZ WVnQ6XTw8fHB3LlzoVarodVq7YbDd999h4qKCrzzzjvNntu8eTPq6uoQFRUFkUiETZs2ISUlBUuX Lm3x9RPiSN7e3ptLSkrera6u9jt//jz8/f0BANYJchzHtXs4AABUKtX7KpWKpaens5akp6eztpS7 HwFg4eHht31+wYIFDADbsWMHY4yx8PBwFhQUxHx8fBgABoBt3bqVGY1GNnPmTAaA+fj4sPDwcObh 4cEAsDfeeMNmnzt27GAymYzJZDIWFhbGgoKCGAAWFhbGamtrGWOMlZaW8o8HBQWx8PBw5uLiwlxc XNiePXv4fR04cIDJZDLm4eHBwsPDWUhICBOJRMzHx4eVlpYyxhirqqpiQ4YMYSKRiIWEhLDw8HDm 5ubGRCIR/7puR6FQMB8fHzZu3Dgmk8lYSEgIc3NzYwDYuHHjbMqGh4czAOzixYst7nPIkCFMJpOx 6urqFsvZM3HiRCYSifjX1lRUVNRtnwsJCWEeHh6straWGY1G5uXlxeRy+R0f/37R1r95azmVSvW+ Q05SBCqVaq5KpWILFy40HTlyhP38888sMTHRYe879Tm0g5ycHGzatAkymcxmNmNeXh6GDx+O8+fP Izs7G1OnTsXf/vY3bN26FYsXL8bFixdx4MABFBcX48UXX8Tq1auxefNmAP9tUvHx8cH58+dx6NAh HD9+HKtWrUJWVhYSExMBAK+//jpOnjyJrVu34vjx4zhw4ADOnz8PPz8/zJw5E3q9HgDw3nvvwcvL iz9mdnY2duzYAZ1Oh88++wxA46fms2fPYteuXcjOzsaBAwdw5swZeHh42P2UfSudToe6ujqUlpYi OzsbpaWlGDduHPbt22fTsatQKKBWq1u8ajAYDDh79iyGDRsGFxeXO/6ZKBQKmEwmbNu2zebxiooK 7Nq1C1FRUc2urE6ePIkjR45g5syZkMlkEIlEmDNnDoqKivg+DUI6i7e392YAeXV1dcKOmHtCzUp3 IC8vD2PGjLF5rKKiAidPngQAJCQkNGub/vjjjyGXy/lb+3366aeQy+X46KOP+KYWmUyGpKQk7Nmz B2vXrsXs2bORmpoKg8GAVatW2Qy1XLp0Kc6ePQsvLy/odDrs2LEDM2fOxIwZM/gyXl5eWL58OSIj I7F582a89tprqKioQF1dHfR6PX+ynTp1Kvbt24fHH38cAPggsQ4Vte7rwIEDMJlMbXqPVq5cyZ/0 ZTIZoqOjsW/fPuTn5yMkpPGmVfb6bW5VUVEBAHaDoaioiG+2a2r06NF8H8LUqVPh4eGBTZs2YdGi RXyZbdu2wWQyITo6utn29jqpZ8+ejdWrV+PTTz/FhAkTWq03IY6iVqtNSqVyNcdxm/Lz8+uHDh3a 7iOUmqJwuAN1dXXN5ju4ublBoVBg7ty5zTo3PTw8bMbJ63Q6VFRUIDIy0qYN3rqfsLAw7NmzB0Bj EAGNfRZNiUQifP755wCA1NRUAI0n0g8++MCmnPVEn5OTA6Dxk/Q777yDQYMGISwsDBMnTsTUqVMR ERHBbzN16lSo1WpERUVh2LBhiIyMxIQJExAWFtasvrdza2d8nz592rTdrazzRuyFUlFREdRqdbPH 1Wo1/zOQyWSYM2cO1q5di4KCAj6ctVotfHx8mp3oTSYTtFot5HI5PDw8+J+zm5sb/Pz8sGfPHr5P g5DOIhaLd5pMprqrV6/Krl275tBjUbPSHQgJCcHFixdtvo4fP47PP/+8WTAAzT/1Wk90t5tY1bSZ w1r21qaPpqxDNfPy8poNsU1LS+NPdADw9ttvQ6vVYvjw4di3bx/eeOMNDBo0CE899RTOnj0LoHH0 T3Z2Nl588UUUFRVh1apVGDNmDPr27Yvk5OQ2vUd30wRkj5eXF9zc3HDy5MlmAXHrz2Hr1q1292G9 N7b1iuDkyZPIycmxe9Wwc+dOVFRUoKioqNk8loKCAphMJr4pj5DOEh8fbwCwAwAKCwsdeiwKhw5k /fRdUFBg93nrjN2mZe0teGZt27d+ul6+fHmz0LJ+ffTRR/x2c+fOxaFDh1BVVcUP18zJycHzzz/P lxk+fDi++uorXL16FQcOHMC7777LN8NYm886SmRkJPR6vc0kN6DxqkAul/Nft7s6GTZsGEJCQvjw SElJgUgk4kOjKa1WCwDYtWsXDhw4YPO1Z88eyGQybNiwoc3Na4Q4CmNsEwDk5+fXO/I4FA4dyMfH Bz4+PvyQ06b0ej1ycnL4ZhnrvwcPHrQpZzKZEBoaiqeffhrBwY0r9VqboprKy8vD888/z/ddvPLK K1izZg2AxqaSGTNm4Msvv8TEiRP5K4c1a9bwQSGTyRAeHo4PP/wQq1atAgDk5ua211vRJkuXLoVI JMLixYtbXBX00qVLt31OoVCgoKAAWVlZ2Lp1K8aNG9esaUin02HPnj0IDw/H5MmTER4ebvM1YcIE REVFoaysDDt37my310fI3XjkkUf2AygzGAzSK1euOOw4FA4dLDY2FkVFRXjzzTf5gKirq4NSqYTB YMCCBQsAADNmzICbmxveffdd6HQ6fvu///3v0Ol0UCgU8PPzQ2RkJNLS0myaPPR6PZRKJdLS0jBw 4EC4uLjgyJEjWL58uc2nf51Oh7y8PH4OQV1dHdLS0vjRS0BjGO3btw8A+DC6VykpKfjggw/4fpHb CQoKwurVq1FUVITAwEB88skn/HtRV1eH/fv3Y9asWVAoFBCJRHbnQsyePRsymQzLli2DTqez26S0 efNmmEwmzJkz57Z1sW6XkJBwJy+VkHanVqtNALYCwK+//urYg9E8h9ahlXkOtwoPD7c7Pt5oNLI5 c+YwAMzLy8tmnsM777xjU3bXrl3MxcWFn+fg5+fHALCZM2cyo9HIGLOd5+Dn58fPcxCJRGzt2rX8 vrKzs/nHQ0JCWFhYGJPJZMzFxYUdOnSIMcZYdXU1v68hQ4aw8PBw5uXlZbdut1IoFAxAs8cPHDjA ADCtVmvz3qAN8xysNm3axNfD3ld4eDjLzs5utW5eXl78+9aUXC5nMpmMVVVVtVgPuVzOALAzZ860 qd73A5rn0DXFxsaG33y/Hfa+02ilNtJqtS12Dt/qnXfesbu2j0gkwsaNGxETE8N3goaFhWHatGnN RvpMnjwZ58+fx+bNm3Hy5EkEBQVh4sSJmDx5Ml/Gy8sLP//8M1JTU5GVlQWDwYDw8PBms5pDQkJs 9gUAUVFRmD17Nv+6rMtUpKam4siRIzAYDAgLC8PkyZP5Yai3M2/ePLud8tb1qJqOunrnnXegUCja vCTF7NmzMW3aNOzfvx+ZmZn8MNdhw4YhIiKi1eVK3n//fYSHh6Nfv37NRl0ZDAao1Wp4eHi0uorr xo0bHd4JSEhbCASCHIvF4tBjcEDjlQMA9ZQpU1q8ic+uXbuQnp6O1soRQu4Pbf2bt5YDoNZoNB/c tiBpFwqFQiaRSEoBWD/RtPv7Tn0OhBDSzUil0gn4bzA4xF01K+Xn57d3PQghXRD9rXdNFotljnVl Vke5o3Do2bMngMZ7ytJ9ZQl5cFj/9knni4uLczGZTA5v17+jcHjmmWcAANevX3dIZQghXU/Pnj35 v33S+cxm8wwAsqFDh+LMmTMOO84dNyvRLwkhhHQea5PSyJEj8euvvzrswzp1SBNCSDcRHR3tw3Fc uFgsxpNPPgmxWOywY1E4EEJINyEUCmcDwJNPPgmpVAp3d3eHHYvCgRBCugGFQiFjjC0AgKeeegoA 6MqBEEIedGKx+M8AfPr164fAwEAAQK9evRx2PAoHQgjp4mJjY+Ucx70BADNnzuQfFwj4U3jztXru EYUDIYR0cRaLZSUA2ciRIzFgwAD+8ZqaGgAAY6yovY9J4UAIIV1YbGxsOICZEomEvfjiizbPWZe9 Z4y1+9rdFA6EENJFqdVqkcViWQcAzz33HHfrTPWqqirrf3VoZxQOhBDSRZWUlMwDMMzT0xPPPvus zXMWiwVVVVXgOI5t2LCBwoEQQh4ECoXCDcByAHj++eebDVu1XjU4Ozu3e2c0QOFACCFdkkQiWQ/A Y+jQoXjyySebPV9ZWQkA6NGjR6Ujjk/hQAghXYxKpfozbnZCNx262pT1ykEikZQ5og4UDoQQ0oXE xMRMBbBcIBBApVJxt7s9sfXKwWw2n3JEPSgcCCGki1AqlUGMsc1A4z3erTOh7bFeOZSXl+c6oi4U DoQQ0gXExcV5cRz3DQDnUaNGYcKECS2Wt85xsFgslx1RHwoHQgjpZGq1WmQymb4CIPfz88PLL7/c Ynmj0YiCggIAgNlsdsi9XCkcCCGkk5WWliYBCOvduzdiYmKarplk1+nTp1FTUwNnZ+eLycnJBY6o E4UDIYR0opiYmLcZYwqpVIrXXnutTffrPnLkCABALBZ/7qh6UTgQQkgnUalU7zPGVgHAvHnz4Ovr 2+o29fX1OHHiBADgt99+c1g43PE9pAkhhNwbtVotKikpWQ8gWiAQYM6cOXj88cfbtO2xY8dgNBrx 0EMPnVy1alW7L5thReFACCEdKC4uzqW0tPRLAJFSqRRKpbLFIau3+umnnwAA9fX16x1URQAUDoQQ 0mHi4uK8zGbzN4yxkJ49e2L+/Pk292dozfXr15Gfnw+hUGi+cePGdgdW1TYcSkpKsGvXLkcejxBy HyopKensKnR5KpVqiNlsTmOMDfby8sL8+fNxu9nPt/Pzzz/DYrGgd+/eP/3973+vcFBVAdwSDrm5 ucjNdchkO0IIeWBFR0eHAEhjjPXp168fFixY0KZRSbfKyckBANy4ceOzdq5iM82alfr27Qtvb29H H5cQcp8oKSlBaWlpZ1ejy1KpVJMBbAPg/OijjyImJgZSqfSO91NWVoYLFy5AIBDUGQyGr9u9ordo Fg7e3t4IDg529HEJIfcRCofmFAqFm1Qq/ZgxpgCAUaNG4eWXX251gtvtNGny36LVauvap5a3Rx3S hBDSzlQq1WSO4xIZY49IpVK88MILCA8Pv+v9nTp1Cj///DMEAkGdyWR6v/1qensUDoQQ0k6aXi0w xuDv7w+FQgF3d/e73qfRaMTWrVsBABzH/dURtwS1h8KBEELaQXtfLVjt3bsX5eXlcHJy0rm5uX10 7zVtGwoHQgi5B7deLfj5+eHVV1+9p6sFq/LycuzZswcAUFNTM2vt2rWme95pG1E4EELIXVIqldME AsEnjLFHxGIxpk6dioiIiLvudL7V1q1bYTQa4ezsvOPjjz/OapedthGFAyGk24mLi3Mxm80jExMT 93fG8WNiYqYyxtQAghhjGDBgAObOnXvHk9pacuzYMZw6dQpisbj2xo0b89ttx21E4UAI6VYUCoUb gFzG2AClUjknKSlpc0cd2xoKjLEgAOjZsycmT56MZ555pt2uFoDGlVe3b29cHcNoNC7RaDQOnQ1t D4UDIaTbiIuLc+E4bq/RaBwAABzH+XXEce2FwsSJE/HMM89ALBa3+/G+//57VFVVQSqV/sfd3T25 3Q/QBhQOhJBuIS4uzsVisWRYLJYRHXXMjg4FoLE5KSMjAwDMDQ0N0Wq1usM6oZuicCCEdHlqtVpU VlaWYbFYQnv27InHHnsMWVmO6Z9VKBQysVg8meO4dzsyFACgoKAAWq0WFosFAD5MTEzMcdjBWkHh QAjp0m7eGGcrgNCePXti6dKl/AJ07UmlUoUBmMtx3B8ZY72AjgsFoHHtpM8++wz19fUQCATxCQkJ Hzj0gK2gcCCEdFlqtVr066+/fslx3DRrMLTniCCVSjWEMTab4zgFAB8AYIyhX79+GDVqFH7/+987 PBQAoKqqCmvWrEFNTQ2EQmFanz59Fjn8oK2gcCCEdFklJSUbOY57USqVYsGCBe0SDHFxcV5Go3HG zUAI4jgOAODu7o6RI0di5MiR7RpArTEYDFi7di2uX78OiUSSYzAYZnVWP0NTFA6EkC5JpVJ9DGCm VCrFwoUL0a9fv7veV3R0tA/HcaM5jptjMpme5ThOCAAuLi4ICgpCaGgo/Pw6ZOCTjfr6eqxfvx5l ZWWQSCQXLBbLmI5YcbUtKBwIIV3OzWBYbA2GOz1xq1SqIRzH/R5AGGMsHIDc+pxYLMajjz6KUaNG ISAgoEOajeyxWCzYsGEDCgoKIJFIdBaL5ffx8fGGTqmMHRQOhJAuRaVSrQSwWCAQQKlUtikYlEpl EIDRHMeFAwgB4MUY4593cnKCn58fgoKC8MQTT8DJyclBtW+7jRs34pdffoFQKPytoaHhWY1GU9bZ dWqKwoEQ0mUolcpFAN6xBkNgYGBrm0SrVKo3ALg0fbBnz54YPHgw+vfvD39/f/j6+jqqynfMYrFg +/btOHz4MAQCQa3RaJy8YcOGs51dr1tROBBCugSlUrmI47i11mB48sknb1u2yf2XfQDA09MTfn5+ 8Pf3x8CBA+Hp6dkBNb5z169fx7/+9S+cOXMGAMyMsSkbNmw40tn1sofCgRDS6VQqVQyAtQAwa9as FoMBAJ555hkAjc1F/v7+TcOiy7p06RLWr1+PqqoqCASCqyaT6Q9dNRgACgdCSCdTKpXTAHwKANOn T+dP/K1pa7mu4Mcff8SmTZtgsVggEAgOCQSC6Rs2bOhSfQy3onAghHQapVI5jeO4rQBE06dPR0RE RGdXqV0ZjUZs2bIFhw8fBgAIBIL/9fLyWtoV5jG0hsKBENIpVCrVZABbAYgmTpx43wVDVVUV1q9f j0uXLkEgENSZzebohISEDlte/F5ROBBCOtzNdYy2AhBFRETg+eef7+wqtauzZ88iKSkJBoMBYrG4 2Gw2T0pKSjrZ2fW6ExQOhJAOdTMYdgNwiYiIwPTp0zu7Su1q7969SEtLg8ViAcdx3924cWOOVqvV d3a97hSFAyGkw8TExAxnjO0G4PLUU0/dV8Fw7tw5bN++HcXFxQBgRuOS2526suq9oHAghHSImyug pgNwefLJJ/Hqq692dpXaRXl5Ob755hscO3YMAMBx3GWLxaJKSkra28lVuycUDoQQh1OpVEMAHADg 9eSTT0KpVLbrPZc7Q01NDXbv3o19+/bBYrFAKBQazGbzqvr6+jVdZfG8e0HhQAhxqNjYWLnFYjkA wMvPz48plUquOweDxWLBDz/8gJ07d6KmpgYcx1kEAoGW47g/d7X1ke4FhQMhxGHi4uK8TCbTbtwM hoULF3brYDhx4gR27NiBsrLGDBAKhZmMsdcTEhK61UiktqBwIIQ4hEql8jCZTAcADBk4cKB54cKF QqlU2tnVuislJSXYvn27dU0kiESiC0ajMW79+vXdul+hJRQOhBBHmQtgiEAggEKh6HbBYLFYcOrU KRw+fBh5eXnWpS+qLBbLe56enondYZbzvaBwIIQ4hEAgSLVYLAssFov8s88+w9KlS7vFAnmVlZXI zs5GVlYWqqqqAAAcx9VzHLeurq7ub91xzsLdoHAghDhEQkJCUVxcXKjJZDpQVlY25MMPP8TSpUs7 9P7MbWWxWJCXl4esrCycOnWKf1wgEJy3WCyJjLEUjUZT0YlV7HAUDoQQh4mPjy+Li4t7ymQy7b5+ /XrYmjVrEBMT0yn3a7anrKwMP/74Iw4fPgyDofEOnQKBwMhx3Faz2axJSEjI6uQqdhoKB0KIQ8XH xxvi4uKeM5lMG69fvx71ySefsNjYWO7RRx/tlPoYjUbk5OQgKysLBQUF/OMikegXk8mkqaur2/yg NB21hMKBEOJw8fHxBrVa/cfS0tKkhoYGxaefftrq3d7ai8ViQVFREc6fP4+CggLk5+ejvr4eACAU Cg0mk2mTQCBIjo+Pz3F4ZboRCgdCSIe4ObrnFZVKpbdYLIsTExPhiHs4NA2D/Px8FBQU8GFgxXHc j4yxpNra2m33w2xmR6BwIIR0KI1Gs0SpVBZxHLd2+/btuH79+j0t2d2WMLg5LyFDIBBkCoXCg/Hx 8ffNTGZHoXAghHS4pKSkT5RKZQXHcdo9e/aIampqMGvWrDtab2n//v04deqU3TCQSqXFZrM5w2w2 /x+Fwd2hcCCEdIqkpKTNMTExBsbY5h9++MHZYDDg1VdfhVgsbnXbH374Adu3b+e/v/XKYN26dRQG 94jCgRDSaRITE3eqVKqJANKPHTvmdv36dSxcuBCtzaa+fv06AIDjOK1QKFxGVwbtr/uugEUIuS9o NJosAKEAygoKCvDRRx/xJ//WMMaKKBgcg8KBENLpNBrNWYFAEArgbHFxMdasWcOvfEo6B4UDIaRL SEhIKBKJRGM4jjtSVlaGNWvWoKSkpLOr9cCicCCEdBnx8fFlQqHwWcZY5vXr17Fy5UrWdBYz6TgU DoSQLiU+Pt7wyCOPPMsY29HQ0MB9/PHHzHp/ZtJxKBwIIV2OWq02PfLII7MArDWZTFxSUhJ+/PHH zq7WA4XCgRDSJanVapNGo1kCQG2xWPDFF19g79779sZrXQ6FAyGkS9NoNB8AWADA9PXXX9tMfiOO 0+0mwZ07dw67d+9Gfn4+dDod3NzcMHDgQERERCAsLKyzq2ejsrIS7u7uLZZJSUlBUVFRs8clEgm8 vb3x1FNPISAggH/84MGDyMzMxNy5cyGXy9u5xvbl5eVh586dDjvmzp07kZeXh/fff7/N2xw9ehS7 d++GXC7H3Llz7+h41vdw0aJFcHNzu205vV6PTz75BOHh4Rg9evQdHYO0L41G85lSqSzjOG7r/v37 RU5OTp1dpftetwkHs9mMlStXIi0tDUKhEIMHD0bfvn1hNpuxd+9epKenY8SIEVi9ejW6wi/OypUr UVxcjPj4+BbLHT58GLm5uS2Wefnll7Fo0SIAQH5+PtLT0xEZGdlh4aDT6Rx6zLy8PKSnp99ROGi1 Whw9ehRCoRCRkZGthnBT1vdQqVS2GA41NTVIT09H3759KRy6gKSkpNTY2NhnLRZLek1NjUtn1+d+ 122alZYvX460tDQ8/fTT+Oabb/DFF18gMTERGzZswN69exEVFYWjR4/ik08+6eyqAgBSU1NhNpvb XP7bb79FTk6OzdeGDRvg6+uLjRs3thogjhQaGorExET4+/t3Wh2aKikpwdGjRzFp0iSYzWakpqZ2 dpVIB0lISMjkOG4MAOsMuQfq1p0dqVuEQ25uLtLT0xEYGIjVq1fD29vb5nlXV1csW7YM/v7+SEtL g15/bzdxqq6ubtM+ysvL0dDQcE/HaklQUBDmz58PAMjIyLBbpqamBpWVlfd8LLPZjJKSEruB5pb1 Y08AACAASURBVO7ujuDgYLi6utrdti3vQ3V1NcrLy++5ngCwa9cuAMCcOXMgl8uRlpbWahBXVla2 6WdVU1PT5t+f273vbf2ZVFZWoqampsUy1dXV7fLzvZ8kJibm3JxNHevt7Z3Y2fW5X3WLZqWdO3cC ABYtWgShUGi3jFAoxOLFi6HT6fgy//73v7F27Vr87W9/Q2BgIF+2vLwc0dHRiIiI4JtrgMYTsEaj 4fsAPD09ER0djRdeeIEvU1NTg3/+85/IyMjg/7ADAgIwf/58hIaG4sSJE/jzn/8MADhx4gT+8Ic/ YPHixRg7duxdvXZrM86tJzadTofk5GQcPXqUr+vixYsxfvx4AEB0dDQaGhrwxRdfNNtnXFwcRCIR /vd//xeVlZVYuXIlDh8+jIaGBgiFQgQHB2PBggV8X4e997GmpgYJCQn4/vvv+ZPpiBEj8NZbb9nU OTk5Genp6XwwSCQSjBo1CsuWLbujpqCm0tLSIJfL4e/vjylTpmDdunXIysqy2/Szc+dOJCYmory8 HBKJBFOmTLHb7FhYWIg1a9bw72dAQADmzZtnU8b6ezN//nzs3r0bhw8fhru7Oz7//HN4e3vj6NGj +PTTT3H69GkAgJubG1566SXMnTuX/500m8349NNPkZ6ezr9vcrkcCoUCkZGR/LGysrKwbt06FBYW Amj8ADRlyhTExsZ2iWbTzpaQkFAEgILBgbpFOBw6dAhubm4ICgpqsdyIESMwYsQI/vuamhqUlJQ0 O7GaTCaUlJTYfEL8+uuvsWLFCgQGBmLFihWQSqVIS0vDihUroNfr8eqrrwIAPvjgA2RmZmLevHkI DAxEZWUlkpOTsXjxYmzbtg3u7u6IjIyERqOBh4cHIiMj4ePjc9evPS8vDwCanUhXrFiBUaNG4b33 3kN1dTU2btyI9957jz9pBgcH8+HR9D05d+4cjh49itdffx0AsGTJEhQXF+P111+Hv78/zp07h+Tk ZLz22mv49ttv4erq2ux9NJvNWLJkCXJzczF9+nSMGjUKJSUl0Gg0iImJwZYtW+Du7g61Wo2MjAxM nz4dw4cPh8lkQmZmJh+srfXH2JOdnY3y8nK+/s899xzi4+ORmpraLBya/kwXL16M2tpaaLXaZp/E y8vLERMTA7PZjNdffx1yuRx79+7Fe++9Z1PO+nuj0WhQU1OD8ePHo7y8HN7e3sjKysLSpUvh6+sL tVoNNzc3ZGZmIj4+HkVFRfjrX/8KAFi/fj02btyIl156CSNGjEBNTQ02bdrEbxMWFobTp09j6dKl CA4ORkxMDCQSCQ4dOoQtW7agpqYG77777h2/b4TcqW4RDtXV1a0Gw73Q6/VYvXo1AgMDsWHDBv5T 3ujRo7FkyRIkJiYiMjISnp6eyMzMRHh4OFQqFb/9gAEDsHz5cpw7dw7jx4+HSqWCRqNB3759bcq1 5NYmF71ej2PHjkGj0UAikWDq1Kk2z0dERGDFihX8997e3njrrbeQnZ0Nf39/TJ06FcnJycjIyLAJ h927d0MoFOK5555DSUkJTp8+jXnz5mHWrFkAgODgYLi7u2PTpk0oKiqyueKy2r9/P3Jzc6FSqWxe n6+vL15//XXs3LkTEydOREZGBiZNmoS33nqLLzN+/HjodLq77kNJT0/n6w80XjGNHDkShw8fRklJ Cd/k2NDQgHXr1mHgwIE2P9OwsDC8+OKLNvtMTk6GXq/H559/zr/e0aNH409/+pPd5rwrV64gLS0N np6eABrD8sMPP0SfPn3wxRdf8J/sw8LC4OTkhC1btuCPf/wjAgMDkZmZiYCAAPy///f/+P0FBwcj Li4OxcXFABqvGsxmM5YtWwZfX19+X3q9/p6bTAlpq24RDgDsNifl5uYiJiam2eO3nrRak52djYaG BkRFRTU7TlRUFA4dOoTs7GxMnToV7u7uyM7Oxtdff42wsDB4enoiICAAW7ZsufMX1UR0dLTdx11d XfHhhx/yJwmrSZMm2Xw/ZMgQAOBPHt7e3ggODkZGRgbeeustSCQSfmTXyJEj4enpierqakgkEr6Z JiwsDK6urhg/fjzfPGVPVlYWAGD69Ok2j4eGhuKLL76Ar68vXF1d8cMPPzTbtqamBu7u7nfUWW+l 1+uRmZnJ198qMjIShw8fxldffcU3E544cQLV1dWYN2+ezc/U3d0d48ePt+nEzs7OxsCBA5sF4axZ s+yGw/Dhw22Of+LECVRWVmLevHnNmnymTp2KLVu24ODBgwgMDIS7uzvy8vKQkpKCsWPHwtfXF+7u 7ti2bRu/jXUE1T//+U/MnTsXgYGBEAqF+Pvf/37H7xkhd6vbhIO9Tjl3d3dMmTLFpszhw4fveN/W T2zx8fFITk62ec56+8ErV64AAN5++2289957/Kf2gQMHIjw8HOPHj8fAgQPv+NhWL730Elxc/js6 z8PDA3379kVwcDAkEkmz8j169LC7n6afLKdMmYLc3FxkZWVh7NixyM3NtWmScXV1xeLFi7FmzRq+ CSUwMBBPP/00f6Vkz5UrV+Dm5mZ3GGjTORlOTk7IysrC0aNHUVxcjOLiYrtzOtoqIyMDDQ0N0Ov1 +OCDD/jHrT+j9PR0zJ8/HxKJBKWlpQDQLFQBNPs5lZSUIDw8vFm5wYMH263HrU18Op0OQOMItd27 d9s8ZzKZAPz393fRokVYuHAh1q1bh3Xr1sHb2xvh4eF49tln+XCKjIzE/v37cejQIRw6dAiurq4Y MWIEIiIiEBERcdt+N0LaU7cIh4CAAJw+fbrZpDK5XG4zNj43N/euwsFq1KhR6Nu3r93ngoODATQ2 N3z77bc4ePAgDh06hNzcXCQnJ0Or1UKtVvPNHXdq5syZzUZh3auxY8fiH//4B77//nuMHTsWu3bt gpOTEyIiIvgy06dPR3h4OPbv34/s7Gzk5OTgxIkT0Gq1+Oyzz+w2KwH2r+SaMpvNiIuLQ25uLn91 FR4ejsDAQOzdu/e2o69aYp3jotfrmzVLubm58VcWTa967NXTXoeuvXL2QrklQUFBtx3uaw2agICA Zr8/W7ZswZYtWxAXF4dXX30VTk5OSExM5IP98OHD2L9/P/bv34+goCAkJiZSQBCH6xbh8Nxzz+H0 6dPYtGmTzeiitrq1Q/rW762fgENDQ5s1pzQ0NKC6upoPJb1eD6FQiKlTp2Lq1Kkwm83IysrCsmXL oNVq7zocHMEaBN9//z3Ky8v5E2fTk15lZSV69OiBWbNmYdasWWhoaEBaWhr+8Y9/ICUlBatXr262 Xzc3N34Y5q0n2k8//RT+/v6ora3lO6yb9jkAuKt5CadPn8a5c+cwadIkvnP31uf/53/+B19++SXG jx/PX/VYrwqbuvXqxdPT0+4VTVuvcqy/G4GBgc1ma5vNZlRWVvL1qa6uhtlsxnPPPcf/ruTm5uLt t9/Ghg0b8Oqrr/LDioODgxEcHIxFixahvLwcy5cvx+HDh5Gdnd3lVgMg959uMc9h2rRp/GSwlJQU u+3VlZWVzdZcsZ4Eb/0jt7aZW4WFhUEoFGL79u3N9r127VpMmDABGRkZKCwsxLhx47B+/Xr+eaFQ iNGjR6NPnz4OnfNwtyIjI2E2m7F27VrU1NTYDJf897//jQkTJuD//u//+MckEgmioqIANA9Rq1Gj RgEA9uzZY/P4uXPnoNVqcfLkSb4Z7umnn7YpU1lZyY/AuhPWuQ1N699UQEAA/P39ceLECRQWFiIo KAiurq5IT0+3+ZmazWbs37/fZtunn34ahYWF/BBUq7Ze3Tz++ONwdXVFWlpas3kLX375JSZNmoSU lBRUV1dj3LhxNk1iQONVqb+/P1/PJUuWYMaMGaiurubLeHp68k1fXfH3jNx/usWVg0Qiwccff8y3 1aampiIiIgJyuRzV1dXIy8vjx+kHBgbyn8is7fUajQZOTk7w8fHB0aNHsX37dptPvN7e3pgxYwa2 bNmCJUuWYM6cOXBzc0NGRga2b9+OgIAAvq03ODgYqamp8PDwQFhYGEwmE3bu3Ini4mKbcfGenp4o LCxESkpKs/WROlJwcDB8fX2RkZEBX19fm1Ff1g71tWvXAmg8yVVXVyMlJQUAbnsV9Nxzz2HLli18 4ISGhuLSpUtYt24dnJycMHPmTFy4cAFA40ggd3d3uLi44Pz58/yxgLatPQU0ngx3797NT8a7naio KPzjH/9Aamoq3nrrLahUKqxZswZLliyBUqlEQ0MDUlJS+OCymjt3LjIyMrBkyRIsXrwY/v7+OHjw IDZt2tRq3YDGKzTrsWJjY6FSqdC3b19kZ2fz/QovvPACXF1dMWnSJKSnp+Of//wnJk6cCJFIxPfL WK9ap0+fjsOHD2PhwoWYN28e+vXrhzNnziAxMRFubm546qmn2lQvQu5FtwgHoLF/YfPmzfjyyy+R lpaGjRs32jwfFBSEadOm2ZzQ3N3dsXLlSqxYsQIffvghgMYg+Pjjj/GXv/zFZnvrImwbN25EXFwc gMargoiICCxbtoxv412xYgU++OADxMfH8+P0JRIJFAqFzQgphUKBNWvWYN26dXj55Zc7LRyAxo7p +Ph4m857oLHe8fHx+Mtf/mIzLNbNzQ2LFy++bThYt1u5ciXWrl3Ln/D9/f2RkJAAb29veHt7Y968 efyYfut+X3rpJbi5uWHFihX4z3/+06bJgZmZmaiursZLL73UYlv7+PHjsXbtWuzatQsLFizArFmz YDabkZycjFdeeQVAY9NPTEwM1q1bx2/n7e2NxMREqNVqvmPeOkps6dKlrdYPaBzZ5OTkhPj4eCxe vJh/fMSIEXj33Xf52eVvvvkmzGYztm3bxo9wEwqFmDJlCt58800AjaH9pz/9qdm+AgICbPZFiCNx AKBSqd4HoAbAt3N2deXl5SguLkaPHj0gl8tbnDVqNptRWFgIoVDY6ogis9mMoqIi1NfX80My7amu rkZxcTFEIhHkcrndzkvrUgx9+vTp1A7Ef/3rX4iPj8f3339/2xFIer0excXFcHV1ha+vb5vra93O 3d3dbod6TU0NioqKIJVKIZfLO+V9aGhoQEFBAf/aWlJcXIzq6mr4+fndcYe0VVFREaqrq+Hr63vb hf1qamqg0+lgMplu+/tr7XuorKzkh7x2Rbm5uU0HCKhvLrFNurluc+VwK09Pz9ue6G4lFArbvGhc WwIEaPxk2drVgJOTU6cvddDQ0ID09HSMGjWqxffrdkNTW9Padk5OTp161QQ0Xum0tQ6thUdbtGXl Wicnp1Z/J4VCIXx9fdulToTcqW4bDqRlJ06cwFdffYXTp0+juLj4jpbDJoQQCof7lFQqRWZmJiQS Cf70pz85dPkRQsj9h8LhPuXv7293+QpCCGmLbjHPgRBCSMeicCCEENIMhQMhhJBmqM+BEOIwSqVy AsdxXgAqBALBDTTe89lQV1dXptVq6zq5eqQFFA6EEIeIiYmZwRjbav3eYrHwz0kkEqhUKgiFwioA 9QKB4IrFYqm1WCwXAdRbLBYdx3EmAEUAIBAILlkslpMajaaig1/GA4vCgRDiEIyxIUDjMjbW2d31 9fU2CwfW1tb2NplMqK+v97q58GAIAHAcZ7Mva7DMnz+/guO4oyaT6TCAPAA/UWA4BoUDIcSh5HI5 nnzyyVbLGY1G1NfXo7q6GrW1taipqUFdXR1u3LiBGzdu4LfffkNtba0HgEk3vwD8NzCMRuMxgUCQ Yzabczds2KBz4Et6IFA4EEK6BLFYDLFYbHNHxFvV19dDr9fjt99+g16vR3V1NSorKz0MBsMkjuMm McYgEAgwf/786xzHHTEajUcpMO4OhQMhpNuQSqXo06cP+vTpY/O40WhERUUFysrKUFZWhitXrvQ0 Go3jOY4bbw2MuLi4qyaT6UuO4zYmJibmdNJL6DYoHAghHa64uBi1tbWQyWQQi8X8vz169LirlXvF YjH69u1rc5vfyspKXLlyhQ+MGzduPAxgIWNsYVxcnM5oNGqFQuG2hISEk+340u4bFA6EkA514cKF Znfju5U1JJydnSEQCOz+y3EcXF1d0bt3b8hksmb7sHaEW1fk1ev1uHjxInQ6HcrKynw4jnvXYrG8 GxcXl28ymTaazeZtycnJBQ550d0QhQMhpEPp9XoArY5igslkwm+//Qaj0djqPp2dnfHwww+jd+/e ePjhh+Hh4QFnZ2ebMm5ubnjiiSfwxBNPoLa2FpcvX8alS5eg0+kGA1guFAqXx8XF5RmNRi1jLPVB 76OgcCCEdIq2jmIym82ora3lRzHV1dWhpqbGZhST9f9N7xcvk8nQp08fPPTQQ3B3d8dDDz2EXr16 AWi8Mhk8eDAGDx4Mo9GIkpIS5Ofn4/Lly0Ecx63lOG5tbGxsNmMsmTG280EcLkvhQAjp0oRCIVxc XFodxVRdXY3ffvsNVVVVuHbtGvR6PS5duoRLly7x5aRSKTw8PODu7g5PT0/07t0bbm5u6NevH/r1 64fa2lqcO3cO+fn5uHbtWiiAUI7jNPPnz8+0WCxvP0gd2RQOhJBuTyqV8if+psxmM65evYorV66g vLwcpaWl+PXXX/Hrr7/yZWQyGeRyOQYOHIi+ffvi8ccfx+OPP47S0lKcO3cOhYWFArPZPBbAz/Pn z/+OMfbOg9CJTeFACLlvCYVCeHl5wcvLi39Mr9fzo5jKy8uh1+tx9uxZnD17FjKZDAMHDsSAAQP4 0U8hISHIz8/HL7/8gtra2skcxz0XGxu72Wg0/vV+7sCmcCCEdEm3Dnft0aMHRCIRP1Lpblnvez54 8GAAwI0bN3D58mVcvHgRZWVlOHXqFE6dOgVnZ2f0798f/fv3x2OPPYZHH30UZ86cwYkTJwQGg+Fl kUg0W6VSfSoSiVbGx8eXtdfr7iooHAghXU5bhru6uLhAKBTCycmJ/9c6Z0IikUAikUAmk0EqleKh hx6CWCy2ux9nZ2cMHToUQ4cOhdFoRHFxsXUUE06ePImTJ0+iV69eGDBgAPr3749HH30U58+fR15e nuDatWsLzWbzfJVK9beGhoZPtFqt3hHvR2egcCCEdDn2hrvW1NTg5uJ8AIDq6mqYzWaUl5fbPH47 vXv3hru7Oz/U1d3dvVlgiMViDBgwAAMGDABjDGVlZSgsLERBQQGOHz+O48eP80Hx7LPPoqqqCj/9 9JPYYDCoZTLZGzExMcvr6+s/uR+WI6dwIIR0WW0d7lpfX4/a2lqbIa81NTWora2FwWCAXq9HVVUV qqqqUFDw324Ca1g0Hb1knaHNcRzf7xAaGorCwkKcO3cOpaWlfFC4u7vz8yaOHz/uYrFYVslksrdU KtVfvL29E9Vqtclhb46DUTgQQro962glNzc3myU0mqqtrUVFRQU/zPXq1au4du0aKisr+TIcx+Gh hx6yGxj+/v7w9/fHtWvXcP78eZw7dw6VlZU4dOgQevXqhVGjRqG0tBQFBQUPAfi0vLz87ZiYmFcS ExNbbh/roigcCCEPhB49esDX1xe+vr42jxsMBly9ehVlZWUoLS1FZWWlTWAIhUI8/PDDfOd0r169 MHz4cAQHB+Py5cs4duwYKioqcOjQIbi7u2PEiBG4cOECKioqfAHsU6lU/9vQ0PB2d2tqonAghDzQ rBPs+vfvD6BxhVfrYn1lZWV8cJSVleHIkSPw9vbGwIEDIZfL+clz1qamX3/9FZWVlfD09MTQoUNx 9uxZMMYW9ujRY6JSqZyRlJSU18kvt80oHAghpAmxWGxzhWE2m3HlyhVcuHABly9f5ifR/fjjj/D1 9YWfnx9+97vfYdKkSaisrMSxY8dQVFSE8vJyPPzww9Z+D3+BQJCrUqne0mg0azr5JbYJhQMhhLRA KBTC29sb3t7eAICysjLodDpcuHABRUVFKCoqglgsRv/+/TFo0CCMGzcO169fR25uLgoLCwEAvXr1 wrVr1wQAVs+fP38Kx3Ezu/rcCAoHQohDVVZW4vLly/wchKarr3ZH1hnXw4cPx7Vr13DhwgUUFBTg 3LlzOHfuHHr06IGBAwfi0UcfRUBAALKzs1FR0bhun1AohNlsHi0UCn9SqVQTNBrN2U5+ObdF4UAI cZQyAPyn6/tRr169+GXAr1y5grNnz6KwsLDZ5LlBgwYhLy8PtbW1AACz2fw7oVCYExsbG5mQkJDZ ua/CPgoHQohDaDSaxJiYGDcAQ5o87MEYGwZA3jm1chzr7UtDQkJQWFiI06dPo6qqCsePH4dQKORv OnT69GmYzWZYLBZnAP9WqVSvaDSalM6tfXMUDoQQh0lMTPz7rY+pVKr3Aag7vjYdQyqVIiAgAAEB AaioqMCpU6dw/vx5nDhxAlKpFMOGDYNOp7MOl+UAaKOjo4ds2LBhWSdX3YagsytACCH3Kw8PD4we PRp//OMf4e/vj4aGBvznP/9BTU0N5HI5v4CgSCR6R6lUbunk6tqgcCCEEAfr1asXRo8ejdmzZ2PY sGFoaGhAUVERnJyc4OzsDIvFAo7jZqlUqu87u65WFA6EkE5hHcVUWlqKqqoqGAyGNi2g15316NED oaGhmDVrFoYNG4a6ujrcuHEDPXr0sBZ5TqlUZqvV6k5v8u/0ChBCHjitjmISCoVGAPbX2L4PWEPi sccew08//cTPhxAIBLBYLCElJSWnFQrFiM5cApyuHAghHUqj0SRyHPcOx3HaJl+7GGOZ1i+z2Xyt s+vZEZydnTF27FhERkaid+/esFgs1qcGSSSSfJVKNaSl7R2JrhwIIR3O3iimpu73EU236tu3L6ZN m4YzZ84gJycH9fX1AODJcVxeTEzM5M5Y2ZWuHAghpAvgOA4BAQGYPn06/P39AQCMMSlj7P9iYmKm dnR9KBwIIaQLkclkGD16NMaNGwepVAoAnMVi+UalUr3ZkfWgcCCEkC6of//+mDZtGvr27QuucULE P1Qq1Q6FQiHriONTOBBCSBfl7OyMyMhIjBw50jphbppEIvklLi7Oy9HHpnAghHRZD+JcCHsee+wx PP/88+jVqxcADDKZTCeUSmWQI49Jo5UIIV1RW+ZCXBMIBEaZTFYnFAoFzs7OJrFYLHV1dZWKxeKe Li4uAo7j4Orqit69e0Mm65DWGIdxd3fHlClTsG/fPpSVlXlwHJelUqlmaDSa7xxxPAoHQkiXc7sV XS0Wi4v1G7PZ7GU2m2VGo9EDgIte3/J8MalUanB3d697+OGHnfr06ePk4eEBZ2dnx7wAB+nRowcm TZqEgwcPorCw0BlAmkqlWqDRaBLb+1gUDoSQLqm1uRBNKRQKmUwm8wIgZ4z1YYx5MMa8BAKBD2PM B8Cw+vp6r5KSEpeSkhJ+O6FQaOjdu3eFp6ensG/fvl7u7u7im003XZZQKMTYsWPRs2dPHD9+XAQg ISYmxi8xMbFdRzNROBBCuj2tVlsHoOjml10KhcJNKpX6McYe5ThuGIAhZrN5SEVFhV9FRQVOnz4N ABCJRLVubm6Gvn379uzTp4+0d+/ecHNz64iXcUeGDx+Onj174ocffgBj7A2VSiXSaDRL2mv/FA6E kAfCzXWKcm5+8RQKhUwikQznOO73jLEQk8kUXlFR8XBFRQVOnDgBABCLxfX9+/fnBg0aJLk5tLQT XkFz/v7+EIvF2L9/Pxhji1UqlU6j0axpj303C4eml1yEENKa7n7OuHnVkXXzCwCgUqmGcBz3ewBh jLEQo9E4xHqPaLFYXDtw4EDzoEGDXLy8HD6itFX9+/dHRESENSBWK5VKU1JS0if3ul8OePDWMSGE OIxao9F80NmVaG/R0dE+AoFgMoAXAYQBkAGARCK53r9//3p/f/+HOzsoTp48iezsbAAAx3HRiYmJ yfeyP5tweOyxx9CvX797ryUh5IFy6dIl/PLLL8B9Gg5NxcXFuZjN5smMsUgAEwF4AIBMJqvy9/cX +/n5ubi7u3dK3ZoEhAlA1L0Mc7VpVurXrx8iIyPvsXqEkAfNrl27rOFw34uPjzcA2AZgm1qtFpWV lYWZzeYZdXV1c3755ReXX375Bc7OzjcGDRrUY9CgQYKO7My23kDo5iimTbGxsU8kJCQU3c2+aIY0 IYTcJbVabUpISMhMSkqa39DQ8DAABWMs88aNG855eXmCr776CqmpqQ3nzp0DY6xD6jR8+HD4+PgA gJvFYvnqbu8qR+FACCHtQKvV1mk0mpSkpKQxZrN5EIBVAHS//fab5ODBg9i6dWv9xYsXO6QuY8aM sU7wG15SUvLx3eyDwoEQQtpZcnJygUajWebt7d2f47goADkGg0G6b98+bN++/calS5ccenyZTIaI iAgAYAAWxMTEzLjTfVA4EEKIg6jValNiYuJOjUbzlEAgGANg37Vr15wzMjKQmpp6vbS01GHH7tOn D0JDQzkAYIxtiI2Nld/J9hQOhBDSARISEjI1Gs2zjLEnAKT99ttvPXft2oW0tLTqsrIyhxxz2LBh kMvlAOBiNps/upNtKRwIIaQDJSUl5Wk0mudv9ktsvXr1qmt6ejr27t1rrqysbPfjhYaGQigUMo7j XoyNjQ1v63YUDoQQ0glu9kvMAvA0gJzLly8Lv/76a2RkZODatWvtdhwXFxc89thjHABYLJaP2zp6 icKBEEI6kUajydJoNE9xHBcNoOzSpUv46quvcOjQIRiNxnY5xhNPPAFnZ2cLgKDS0tK5bdmGwoEQ QrqAxMTE5IaGhqEAVjHGzGfPnsWOHTvQHp3WQqEQI0aMEAAAY2y5QqFodWYehQMhhHQRWq1Wr9Fo lgEYAaDeYDDgu+++w08//XTPt0f18/ODp6cnA+AllUpjWitP4UAIIV2MRqM5JhQKf89xnIkxhl9+ +QU7d+7EvXZYBwUFWYe2xrZWlsLhATRr1iyMGTMGBoOhxXLJyckYM2YMjhw5gry8PIwZMwZjxozB mjUtLxevVCoxZswYLFnSbvcdIeSBs379+lzG2ALr95WVlfjmm2/4mxLdjd/97ndwcnIyayAoJgAA IABJREFUA5ArlcoJLZWlcHgAyeVyZGZmYtu2bS2WW7VqFU6ePImgoCDo9XpkZmYiMzMTa9euve02 Op0OGzZsQGZmJvLy8tq76oQ8UG7eG3orAIhEIjDG8OOPP+LQoUN3tVYTx3EYOnSo8Oa30S2VpXB4 AM2d2zhYYevWrbctk5WVhYKCAsyZMwcymYx/3MPDAzqdDllZWXa3S01NhYuLi93nCCF35XUAepPJ BOv9rc+ePYvvvvsO9fX1d7yzwYMHAwDjOC4qLi7utjehoHB4AA0ZMgTh4eHYt28fdDqd3TIpKSkA gHnz5tk8HhUVBaAxBOzZtGkTX4YQcu80Gk0FgOUAYDabza6urgCA0tJSfPvtt9Dr9Xe0P2dnZ+us aZHZbL7tsFYKhweUQqEAALtNS3V1ddi6dStCQkIwbNgwm+d8fHwQFhaGHTt2NNuuoKAAOTk5ePHF Fx1SZ0IeVN7e3p8AKDAYDML+/ftDJGqcx6bX6/Htt9/e8a1a/fz8rJPiJt6uDIXDA2rGjBlwc3PD pk2bmj2XmpoKg8GA6Gj7TZJz5syx27S0bds2eHh4YMKEFvu5CCF3SK1WmziOewMAzpw5Yw4NDQXQ 2IdQX1+P77///o7mQ3h7e1u3D1EoFDJ7ZSgcHlAymQwzZ85EXl4eTp48afPcpk2b4OLighkz7K/y O23aNIhEomZNSzt27EBUVJRNHwUhpH0kJibuZIxlGo1GYXV1NYYOHQrGGMRiMRhj2Lt3L9q6gJ9U KoWrq2s9AJlIJAqyV4bC4QFm7U9o2rSk0+mwb98+zJkz57Ydyx4eHggPD7dpWjp58iTy8vIwc+ZM x1aakAeYUCj8AADOnDljHDVqFJycnGA0GtGrVy8YjUbs2bOnzQHh4+MjvbnP0faep3B4gA0fPhxB QUHQarX8Y5s3b4bJZGrWEX2rmTNn2jQtbdu2DT4+Phg92u7vGSGkHSQkJGQCOFtfXy++dOkS+vfv DwC4fv06HnnkkTsKCGvTEmMs3N7zFA4PuOjoaJuTvFarxbBhwzB8+PAWt5s6dapN09LWrVvx4osv 8h1lhBCH2QAA+fn5JmsTLmMMFosF/fv3h9FoxL59+1odxdSnTx/rf0PsPU/h8ICbMWMGZDIZUlJS kJOTg7NnzyI2ttWZ9TZNS3l5eSgoKMC0adM6oMaEPPBSANTpdDrBjRs3AAACgaC+tLQU/fv3h1wu R21tLTIyMlpc1dXZ2Rkcx1kAuNlbxpvC4QHn4eGBqKgopKWlISUlBTKZDLNnz27TtgqFAjqdDm++ +SbkcjnCwsIcXFtCyM15D2mMMUFhYSEAgDG2HwCOHj2KZ555Br1798a1a9dw8ODBFvcllUprAKCs rMzn1ucoHAiio6NRUVEBrVaLqKgouLm1upovgMamJZlMxndgE0I6BmNMC6DplUEOgDMGgwGFhYWI iIiAQCDAxYsXm41GbKpJs5THrc9ROBBEREQgJCQEHh4eeO211+yWkclkkMvlNsHh4uKCmTNnQi6X N2tSksvl8PK67cx8Qsg9sFgshU2/Z4xZOI77AABOnz6N3r17W2dB48iRI7hy5Yrd/YjFYg4AOI5r NjSReg8JACA7O7vF50NCQnDx4sVmj3/++ed2y9srSwhpHyKRaNqtC+/V19fvlEgkV6uqqh4uLS1F 7969ATR2Vu/fvx8vvPBCszlIPXv2ZFevXoXFYul36zHoyoEQQroRtVot4jhu4a2Pa7XaOgDJAHDm zJmmT5XcuHEDOTk5zfbVo0cPFwBgjDVrS6ZwIISQbqS0tHSyxWLxFgian74FAkEiABQVFaGurg4A wHFcGgDz2bNnm90sSCqVWstQOBBCSHdmvQHQxInN18xLSEgo4jjuO7PZjIKCAmv5csZYEmOs1ebj pigcCCGkm4iNjR0GYJyTkxMmTpwIsVjcrAxjrBSAzb0eOI57j+O46tLSUly4cKFNx6JwIISQbsJs Nr8GAKGhoZBKpejZs6fN8yqVygNAs3HlGo2mgjG2DAB++uknmM3mVo9F4UAIId2AUqkM4jhOCQDP PPMMADRbHJPjuHkA7C6L7O3tnYibcyHy8/NbPR6FAyGEdHFqtVokEAi0AIRjxozh5xBZO5StZaz9 EfbmGN28JwQ/F6I1FA6EENLFlZSU/Jkx9rinpyeef/55/nEPj/9ObC4tLZ0MwMfLywtTpkyxu5/6 +vqdAoGgsqqqqtWbA1E4EEJIF6ZUKoMAvCcQCPDKK6/YXC00Gc5qsF41jBkzBgMHDrS7L61WW2ex WJKAZnMhmqFwIISQLkqhUMgEAsFWAMJx48ZhwIABNs8bDAYAAMdxDQDG9ejRg4WGhqJ3797gOI41 36P9uRB2y7XTayCEENLOpFLph4yxwV5eXvjDH/7Q7HnrpDaLxfIMAIwaNYqzXln06tXL7pCkhISE IqFQuLfpXAh7bNZWaksPNiGE3IrOHe0vOjo6hDG2RCAQYO7cuXbnNPz/9u4/LKoy7x/4+8zQoARe FC4J5VcSFhNFSYRC5dFEMV3IysIfK4+mMhgbSOra2pM5m62VSZkaMAMmaWvJN5TSB4KkEAxCGZxC yWYZwUaBxlBipnFnmHPO8wecswzzgwH5affrurwuZM6ZuefMcD7n3Pfnc99ccKAo6kngP1lMAODi 4mJzwR+aptWAeS1EV1xwaAIApVIJpVLZm/dBEAQBdJxLiNuTkJAwhqbpj1iWtdqdBAB6vR56vR4U RbEsyzp1zmICAFdXV6sTq4rF4tEURf1314n7unICAJlMJhWLxQBA5lgmCKK3mmQymXSwGzHcdQSG YpZlff38/Kx2JwH/uWtgWZbqmsUEtGcyWbvYpyhqLcuyou7awUcW8qESBEEMLrFYPNpkMn0NYMLY sWORlJRktTsJAH/it5bFxP2+g477QSKROP3888/JNE3jvvvuY3/++WfKVlvIgDRBEMQQkJCQ4Arg OICHxowZg6SkJIsTPqetrQ35+fkAAFvdTgzDAAAoiuJHnRsbG/9E0/SYjgFum4EBIMGBIAhi0CUk JLiaTKZ8ALPGjBmDTZs2Wcyb1Nnnn38OrVYLW1lMQPuYBAAwDHOF+x23DoS9WggO360UHx+/lGXZ h3rwfgiCIHgURV2SSqVHB7sdw41EInG6du3aCYqiZo0aNQrJycl2A8Ply5dx6tQp2MtiAgC9Xs8C oO66665aoH1GV4Zh5rq4uPAT93UMZlu9g3AC+MDwyW2/S4IgfrdYlkV8fDxIgHBcR2D4mKKoOaNG jcKmTZv45T2taW1txcGDB8EwDCIjI612J3F+/fXXNgCtqampOqB9RleKovjAAACurq5GrVZrte/K CQC4OwYvLy94e3v39n0SBPE71dDQgMbGRpDeB8etW7fugYaGhuMURU3nAoO1CfM4ra2tSElJgUaj gb0sJo5WqxUCqAesz+gKACNGjGC0Wq3V/c3yYL29vREcHOzYOyMIguiku4nciP+Ij4+P6OitGe3h 4YEXXnjBbmDQ6XRISUlBU1MTustiAoCbN29Cr9cLAdR2ZCgdpmla2LUWwsXFxeZzkAFpgiCIASQW i/+HZdkvAIyeNGkSXnnlFbs9NgaDAWlpaWhqakJ3WUycn376ifuxvqGh4X9omp5soxaCsfUcVivo CIIgiL61evVqd2dn58Msy0YJBAL86U9/QlRUlN19DAYD9u7di9raWjiSxcSpr6/nfqRhY0ZXABCJ RFwxnA5dkOBAEATRzzr6/P8/y7J+rq6uWLNmDSZNmmR3H4ZhsH//ftTW1sKRLKbOrl69ygKghELh czRN25yCw2QyGQDc1bkWgkOCA0EQRD+Kj49fy7LsewDuHjduHOLj4+Hh4WF3H4ZhkJGRAaVSCUey mDrT6/WoqalhAVA0TXvbq4XQ6XR0x+td6foYCQ4EQRD9oKOu4F2WZecBwKxZs7Bs2TK7A8lA+2By Wloarly5AkeymLo6e/YsTCaTAAArEAgoe7UQv/32GwsAXC1EZyQ4EARB9KHVq1e7i0SiHQzDrAfg dPfdd7NLly6lHnnkkW73vXTpEjIyMqDT6eBIFpM1X3/9NZycnGAymShb3UkcnU5HAfiFq4XojAQH giCIPiCRSJwaGxtXsSz7JoDRAoEAjz32GKKioih7KaOcvLw8nDhxAgzDYNKkSVi3bp3dVFNrampq oNFowDCMQ7UQv/32mzOAf1l7jAQHgiCI27Ru3bpHGxoa9gGYDgATJ05ETEyMQ0XFer0eBw8exPff fw+BQIDo6Ohus5is0el0yMzMBMMwDtdCGAyGEQCsLgdHggNBEMNOQkKCK03Tj0il0qJBbscYk8n0 NoCVAHDvvfeyS5YsoaZPn+7Q/mq1GjKZDBqNBo5mMVljMBiQmpqK3377rVe1ENYeJ8GBIIhhZfXq 1e40TX/LsuyEuLi4lRkZGf8c6DasXbvWTygUbjCZTOsAjHBycmIjIyOpRYsWUd0NOHO++eYbHD16 FAaDAY5mMVnD1UKoVKoe1ULU1dWZ0B4D6q09ToIDQRDDRsfU1idYlp0AABRF+Q3k68fHx0cASGZZ lu/3mTZtGp555hnK0RN7Q0MDsrOz8cMPPwBwPIvJmtuphVCpVK0A7rVW4wCQ4EAQxDDRec2DgXzd 1atXjxCJREvRHhSCAMDJyYmdMWMGFRER4XA2kV6vx+eff47Tp0+DYRi4uroiJiYGjmQxWXM7tRA6 nQ4qlWoUAAiFwovWtiHBgSCIIU8ikTg1NDTkA5g1atQoTJkyBWfOnOnX1+wYT4gHsB7AGABwc3Nj 5s+fL5g5cybl6urq0PMwDIPy8nIcO3YMOp0OAoEAERERiIqK6nE2Eud2ayHKy8tB07QTRVEnU1NT m6xtQ4IDQRBDWqc1D2ZxJ8LKysp+e63GxsbZAFaaTKZlAEYAwLhx49iIiAgqJCRE0Glt5m5dvnwZ n3zyCa5caS9A7kkWky19UQtRUlJiAuDEsmy6rW1IcCAIYsjqFBieceQKuTdZTKtXrx7h7Oy8gGXZ ZxoaGqIAuAMARVHs1KlTMX/+fPj5+dldb7mr1tZWfPrpp6ioqAAAeHh44Omnn4ajWUy29EUthFKp hEajcQJw1dvbu8DWdiQ4EAQxZDU0NBymKOoZZ2fnbq+QV69e7W4ymcoBPNRdFlNCQoJrW1vbYoqi ngEwj2VZvo/ogQceYB5++GFBaGgo5enp2aP2ajQafPXVVzhz5gza2tpw1113Yf78+Vi0aFGvBpw5 fVULAQAlJSXcj5kSicRkazsSHAiCGJLEYvG7AJaJRCI2KSmJGjdunM1tuSwmAA8B1rOYxGLxaIqi FrMsu8xkMs2iKGoE95ivry8zdepUwcMPPwxPT88er3Nz6dIlFBUV4fvvv+d/15HF1Kv01M76qhYC aB+IPn/+PAOAYRjmgL1tSXAgCGLI6QgMySKRiN2wYQPl52c7Y9VaFhNFUYKOabIfQXvV8qMAJrMs yz3OTpgwgXn44YcFU6dOxT333NPjgNDW1obKykoUFRVBrVYDAO666y6EhYWhJ1lM9vRVLQSnvLwc JpNJQFFUXmZm5lV725LgQBDEkCIWi98AkCwQCCAWi+0GBoqiBFxg6JzFxLLs3yiKerXztk5OTszk yZOpKVOmUFOnTqVcXV17NI7AaW1tRUlJCU6fPo3W1lYAwKhRozBv3jzMnDkTjmYx2dOXtRCdnT59 2ghAZG8gmkOCA0EQQ0ZcXNwGAH+jKIqNi4ujAgMD7W7PMMwmiqLudnNz65rFJPLw8DD6+fmJxo0b Bz8/P3h7ewt6e3JlGAZKpRIVFRU4d+4c2traAADjxo1DREQEQkJC0JMsJlv6uhais4sXL+L69esi dDMQzSHBgSCIISEuLm4DRVF7KIpixWIxNW3aNJvburm5AQC4wLB582azbpzHH38cTz31lMjW/o5o a2tDTU0N5HI5qqurodfrAQACgQBBQUFcFtPtvASvP2ohOmtra8M///nPWwBGAki3NxDNIcGBIIhB JxaL4wHsAYAVK1bYDQwA8K9/tc8y7ezsjMTERIv+/d7eIRgMBigUClRVVeGHH36AwWDgHxs7diyC goIQGhqKnmYx2dMftRBd5eTkoLm5eSSAS0ajMcWRfUhwIAhiUMXFxS0BsB8AYmJi8F//9V92t8/O zsa5c+fg7OyMpKQk2MtissZgMKCurg4PPfQQgPYMnu+++w7nzp1DbW0t32UEAH5+fpgyZQo6sph6 +M7s669aiK4uXbqEr7/+GgBMLMsuz8rK+rcj+5HgQBDEoImLi1tCUdQnAJxiYmIQERFhd/vs7GwU FRXxgaGn3To6nQ5vvPEGfvnlF/j7+0On06GhoYF/XCAQYOLEiQgKCkJHFlNv3pZd/VULYU1HfQQD QEBR1CsymUzh6L4kOBAEMSjEYvGfAHwCwOnxxx/vNjAcP34cRUVFEAgEiIuLcygw3Lx5E3V1dair q4NKpcJPP/3E3xkolUoA7V1QkyZNwpQpUzB16tQ+yTaypj9rIWw5fPgwWlpaBBRFfevl5eVQdxKH BAeCIAacWCyehY7AEBERgaeeesru9kVFRfjiiy/4wNBdFlNZWZlZqinQflfAMAz//0mTJmHx4sXw 9vbu8yt2zkDUQthSWVmJqqoqANBRFLXckUHozkhwIAhiQHUEhnwArhEREYiJibG7fVFREbKzs/nA YG+wmlvLoLm5GQDg4uICPz8/XL16FTdu3EDnWojx48f3eLzCUQNRC2HPzZs38dFHH3HdScnp6en1 PX0OEhwIghgw8fHx01mWzQfgGhISwsbExNgtRCspKUF2djYAYPny5XYDAwB+MNvZ2RkPPvggRo8e jYyMDD4w9OeMrgNVC+GIrKws+tatW0KKok5KpVK702TYQoIDQRADQiwWP8Sy7AkArtOmTWPXrFlj NzBUVVXh448/BuBYFhOH245bDKeqqqpXax44YiBrIRx19OhR5tKlS0IAv7As+1xvn4cEB4Ig+p1Y LH4IwNcAxgQFBZni4uKc7F1FV1VVISMjAwzDwJEsJms++OADVFVVwZEZXXtiMGohHJWdnY2vvvpK AMAEYLVMJvult89FggNBEP1q/fr1PgzDfA1gzPjx403x8fF2A0N1dTUfGBzJYrLmdmshuhqsWghH MQyDrKwsrmZCB2ChTCa7raXySHAgCKLfdCy1mQ9gzIMPPmhMTk4W2QsMtbW1fGBwJIvJmtuthWAY BteuXUNdXR2uXLmCy5cvD3gtRE907j5DHwUGgAQHgiD6iVgsHm0ymb4G8JCPj8+tF198caSzs7PN 7Wtra7F3714YDAY4ksVkze3WQly+fBlqtdqsqwgYuFqInuqvwAAMcnCIj4+HXC6HUChEQUEB3N3d rW732WefYceOHQCAzz//vE/nHOnalu4yGU6ePAmJRAKJRNLrlZh6y1ZZvbe3N7y8vCxWh3riiScA tB+zgRIfH4/GxsZ+e83p06cjODgYUqnU4X2WLl0KlUqFxMRErFq1qkev98QTT8DLy6vb15PJZJDJ ZP32/RymVgF4iKIodu3atXYDw5UrV/jAEBIS0qvA0Be1EBxPT088+OCD6DSja7/VQvRWfwYGYIjc OdA0jdOnT2Px4sVWHy8o6HZ22d8NDw8PzJgxw+x3LS0tkMvlkMvlaGhogFgsHqTWDT3V1dVQqVRw c3NDTk5Oj4MD0XsCgSCHZdkklmX/3/vvv49NmzbxdQidNTU1Yf/+/TAYDJg2bRrWrFnT49fqi1qI cePGYdy4cfD19e2TmVD7k8FgQGZmJldt3SQQCOanp6df6MvXGPTg4OnpCaPRiIKCAqvBQaPR4OzZ sxg7dixfYTiYoqKiBvyOoTMfHx9s377d4vcajQZLly5FVlYWYmJibN6F9beeXNEPhJMnT0IkEkEs FiMlJQXl5eUICwsb7Gb9LqSnp9cnJCQ8QtN0cVNT04QdO3ZYpJM2NTUhJSUFra2tmDZtGuLi4npc C3C7tRCDNYjcW3q9Hu+//z5qa2sBoAnAY+np6Zf6+nUGPTg4OTkhPDwcubm5aGlpsTipFRUVQSQS Yc6cOTh8+LDF/i0tLaiqquLzi8eNG2fzdrK6upqfFtff3x/+/v5Wt1OpVPwKTNOmTTPrJmhubkZ9 fT18fHzg4eEBrVYLpVIJf39/ODs748yZM9Dr9XB3d0doaChEIssp5dVqNS5cuACapuHp6Yng4GAI hUIHjpZtnp6eiIyMRE5ODi5cuIBZs2aZPc69d6FQiODgYP4Pgns/Y8eOtfgjoWkaCoUCHh4e8PHx AQDU19fjwoX2CxQPDw8EBwebvUelUgmDwWDxGTQ3N0Mul8NoNMLNzQ1hYWEWx0av1+PcuXPQarUA AC8vLwQFBfX62BiNRuTn5yMoKAgLFy7Enj17kJ2dbTM46PV6fPvtt9Dr9fD09ERoaKjN51YoFLh6 9SpEIpHV5+OOa2BgIBQKBTQajdl3iaZpyOVyaDQaAMDUqVMxduxYi+dpaWnB2bNnYTQaIRKJEBoa avE3QtM0zp49y18JT5w4Eb6+vo4dpH6WmpralJCQMN1kMuW3trbOSklJQXx8PPz8/NDc3MwHBj8/ v14FhtuthRhuLl26hIMHD7ItLS0UOgKDTCbr88AADIHgAAALFy5ETk6O1a6loqIizJkzByNHjrTY Ly0tDVlZWaBp2uz3wcHB2LdvH3/yaW5uxubNm1FdXW223aJFi7B9+3azk88bb7yBnJwc/v9CoRDJ yclYvnw5gPY1WDuPOSiVSsTHx+Pll19GZmYm/8cOtF/lS6VSflItmqaRkpLCX+V03m737t38Cbi3 rPXpmkwmvPzyyygsLOR/JxKJsG3bNixcuBA0TSM+Ph4RERF46623zPYtLy9HcnIyduzYAR8fH7z6 6qvIy8sz28bDwwO7d+/mg0FKSorFmMMHH3yAzMxMGI1G/neenp5ITU3l33N2djb27Nljtg0A+Pr6 QiqV9upOqLCwEHq9HtHR0XB3d0d4eDhKS0uh0WgsAqFCocDmzZvR0tLC/y4yMhImk/l0NHq9Hps3 b8bZs2fNjkFwcLDZdtz3JDY2lr+oCQoKQmZmJurr6/HSSy9BpVKZ7fPkk09i69at/Pfx5MmT2Llz p9kxEYlESE5O5vvk6+vrkZSUZJZNAwDh4eHYvXv3bV909IXU1FRdQkLCQpPJdLi1tfXJvXv3IjY2 FidPnuQDQ1JSUq8Cw+3WQgwXbW1tyMnJ4abepgCcEQgEsb2ZFsNRA1PL3Y2goCB4enpajC1oNBoo FAosWLDAYp/Tp0/jwIEDWLRoEU6dOoXKykqcOnUKkZGRkMvlyM/P57fdvHkzampqsG3bNlRUVKCs rAwxMTHIy8vjrzo4crkcUqkUlZWVOHToEDw8PLBnzx6zk4Y1b731FqKjo3Hq1CmUlJQgNjYW9fX1 kMlk/DZpaWnIzs7GkiVLUFJSgsrKSkilUmi1WiQlJVmcGHuiubkZBQUFEAqFmDx5Mv97jUaDxsZG HDp0iH89Z2dn7Nq1i79zCQ0NRWlpKX/3xcnLy4OLiwsiIiJQWFiIvLw8iMViVFRUoLKyEpmZmbh1 6xbefvttm+3Kz89HamoqZsyYgYKCArP9XnzxRdA0jerqauzatQvTp0/nP8uSkhIsWbIEKpXKIpg6 6sSJE3z7ASA6Oho0TZsFfwDQarXYvHkzhEIhDh48iMrKSnz66adQKpVmwR4A3nnnHZw9exaJiYko KytDSUkJf3ysycnJQXJyMnbu3Im1a9fCaDQiKSkJjY2NSElJQWVlJcrKyiAWi5Gbm4u0tDS+TTt3 7jQ7JgUFBfDz80NKSgrfrnfeeQdarZb/fMvKyhAbG4vS0lJ89tlnvTpu/SE1NVXn7e39LEVRWVx/ eVNTEx8Y7A1WW9MXtRDDxZUrV/D666/zazIA2Ozt7f1YfwYGYIgEBwCYN28e5HK52Un45MmTcHFx sXrb3tLSgqCgIGzcuJG/qnR3d+cHY3/++WcA7VeE1dXVWLFiBRYvXgyhUAiRSIRNmzYhICDA4upt +/bt/FVgQEAAVqxYAZqmLbbrKjg4GM8//zzc3d3h4uKCF154AW5ubqivrwfQfsV55MgRBAUFYevW rfyAV3BwMBITE9HQ0GAW0GxpbGzkM2O4f6+//jpWrFiB5uZmxMbGWlxlv/baawgICOBfb+HChdBq tfwYTnR0NIxGI7788kt+H61Wi+LiYkRGRkIkEvHvIywsjL8aDQoKgkQiwZNPPmmzvYcPH4a7uzt2 7tzJ30EFBQVBLBZj5MiRUKvVuH79usVn6eLigg0bNvDvuafUajXkcjnffqB9kXZ3d3fk5uaa3W3m 5+ejpaUFL730En8H5OPjg507d5o9p1arxYkTJxAeHo5Vq1ZBJBLBxcUFW7ZssdlFuWTJEqxcuRKR kZEICwtDfn4+GhoasGnTJsyePRsA+DGR4OBgHDlyBHq9HiqVCkajEUFBQfwx8fDwwN/+9jckJyfz n0F9fT08PT0xYcIE/rmef/55JCQkYPz48T0+bv1JIpGYpFLpcxRFlQIARVFYtWpVjwNDX9RCDAcM wyAvLw9vvvkmmpqaAEDBsmyITCZL6ekMq70xJLqVAGDu3Lk4cuSIWdcSdydgrd9+8eLFZl1QGo0G KpXK7HYfAN8/3jXACIVCHDp0yOJ5u/aVO9qd0XU/oVAINzc3/grvwoULMBqNGDt2LORyudm23Pur rq62mbHFaWhoMLsb4fj4+GD16tUWKYCenp4Wfdnce2puboaPjw8iIiKwa9cus6SAr776CkajEQsX LgQAhIaGQiaTISkpCREREQgPD0dISAjmzp1rs63ceIy1z3D58uV8V52Pj4/Z83D99dxn1xvcVXPn 5AGhUIjIyEhkZ2fj9OnT/Gtyn8ejjz5q9hz+/v5mx+67774DTdNWL1bmzZvHrw887IAVAAAOKUlE QVTQWVBQkNn/uVW/Ro4cafE98Pb2hlwuh0qlQkBAANzd3SGVSlFTU4Pw8HCEhYUhICCAD/RA++eS m5uL2NhYzJs3DyEhIQgMDOxVxs9AoSjqv1mWlbMse6+9LCZr+qIWYjjQaDQ4ePAgLl++DAA0RVHv GgyGbY6u4tYXhkxw6Ny1tHjxYqjVaiiVSiQnJ9vc59ixY8jNzcWPP/7IXwl2zTHnukoeeOCB/ms8 YLNvl2sXFyROnDiBEydOWN22a7+xNYGBgfjHP/5h9rvRo0dbDaBA+4B/d0QiET+YzfXHnzhxAt7e 3vxdFHeXkJqaitzcXOTm5kIoFOKRRx7B+vXrzU5YHG5gefTo0d22obCwENnZ2aipqeG716wN0DqC pml+bOTVV181e4z7Pnz66ad8cODuVq2lL3Yem3B0u866Fktxg8Yvv/yyzfY3NjYiMDAQe/fuxZtv voni4mIUFxcDaA9YS5cu5YP4xo0bQdM0CgoKkJqaCqD9DmPBggVYv379kEzJ7MhimmQymeRNTU3e 1rKYrOmLWojhoLi4GMeOHeMK8a4IBILV6enpxQPdjiETHID2q6+jR4+ipaUFX375Jdzd3S0G+jhc l0pgYCCSk5Ph4+ODiRMnQq/X88Vfnel0uv5uvl3cyTsxMRHz58+3uo0jt9cikahfiqyioqKQk5OD /Px8zJ8/HwqFwqJegkvjrampwblz51BWVoaysjIoFAp88sknNtvFBQlbuMJCX19fJCQkwMfHB/7+ /vD09OzVerrl5eXQaDSYMWOG2fgLp7CwEGfPnuWzzuwdd5qm+cBvKwBz2zmCe67jx4/bvKDg7uwC AgJw6NAhNDQ04Ntvv0VlZSWKi4uxY8cOCIVCREVFwcXFBdu3b8df//pXnDt3DhUVFSguLsaRI0eg Vqvx7rvvOtSugdaRxTTBZDKdbW1tnbh7926sX7/eZkVzX9RCDHVqtRrHjx/HxYsXAQAURWUJhcLE 1NTUQTl5DangEBUVxXctnThxAosWLbL5B/Txxx/D09MTmZmZZttwYwPclTp39cmlm3b20ksv8bdv /Y1LLVSr1RYn0ebmZuTn52Py5Mn9tlxgdwIDA+Hj42OWFNC5S6a8vBwqlQorV67kuzZWrVqFDz/8 EPv27UNVVZXF+/L29oaLiws/XtHZ6dOnkZKSgldeeQWHDx+Gi4sLMjMz4ebmxm/T27qW3NxcAO1X 1dYywNzd3bFr1y589tln2LBhA3x9fVFWVoaamhqzOyBurIn73nCfYU1NjUWty48//uhQ2yZMmMCn nXbtciovL0djYyNmz56NxsZGlJeXIzIyEt7e3nj66afx9NNPQ6VSYenSpZDL5Zg7dy6++OILPPDA AwgNDcXs2bMxe/ZsbNq0CUuXLkVpaanDx2wwdGQxhdI0nafVasPfe+89rF+/HpMmTTLbri9qIYYy tVqNkydPQqHgl3f+haKodVKpdFAzCobUEeb6eA8cOAC1Wm23P9valZrRaMSHH35o9visWbPg5uaG w4cPm2XjqFQqFBcXD1gBjK+vL/z9/ZGXl9f5SwAAeO+997Bnzx6LzJiBFh0dDaVSiby8PAQHB5ud 7MvLy7Fnzx6Ul5eb7cPNQWPrOEZGRqK6utpsLIimaRw9ehS//PILfH19+c+qc5CnaRoZGRkA/tMV 44jm5maUlpYiICDAZmrwwoULIRKJkJubazaukpGRYfa9+uijj8zuerjPMD8/3yzg1dfXO5RMwL02 0P6Zd/4+Njc3Y9u2bUhNTeXHqri6jM644+3m5gZnZ2fs27cPKSkpFplmXCbaUJeamqrz8vKaS1HU caPRiP3793PTQQBAn9RCDFVqtRppaWl4/fXXoVAoQFHUrwAkRqPxj4MdGIAhducAtJ9MDhw4AE9P T4srq86efPJJHDlyBPHx8ZgxYwb0ej2Kiorg5uYGkUjE/7G4ublhy5YtkEgkWLZsGSIiIqDX61FY WAh3d3c+I2YgSCQSJCQkICEhAQsWLICnpyfkcjkUCgUiIiIQGRk5YG2xJioqCqmpqVCpVJBIJGaP rVy5EgUFBdi0aRMWLFgALy8vqFQqFBUVITg42Gb33wsvvACFQoHExER+v9LSUiiVSmzZsgUeHh6I jo7Gvn37sG7dOsyZMwc0TaO0tBS3bt2Cu7t7t91SneXn54Omaf4kbI2bmxvmzJmDwsJCFBYWIioq CmvXrsWBAwcQGxuL8PBwKJVKyOVyixOsRCLBunXr8Nxzz/GvkZ+fzxdEdsff3x9isRgymQx//vOf +febl5cHrVaLXbt28YV1oaGhyMrKglKpxOTJk9Hc3IzCwkJ4eHhg2bJlEAqFSExMxM6dO/nnEgqF KC0thVqttvgMh6qOzJunxWLxAYZh1kilUsTExCAkJAR79+69rVqIoajrnYJAIGhlGOYdg8HwXlZW lv2c+QEkBIDg4OA5AOZ4e3sP6KRhN27cgLe3t1mWyB/+8AfcunULixcvNusG0ul0cHZ2Rnh4OEaM GIHQ0FCMHDkStbW1UCgUMBgMiI6OxtatW8GyLAQCAWbOnAkA+OMf/4hHH30UGo0GlZWVuH79OmbO nIkdO3bwg2A3btzAfffdhzlz5pi1Ua/Xg2VZhIWFwd3dnf9/aGgoxowZA6PRiFu3bmH69OkWV6oa jQbjx4/n35+Hhwcef/xxmEwmVFdXo6amBvfccw9WrVqFv/zlL91+8bmBSntB097rdz2W3HviuLi4 oLKyEr/++iu2bdtmNtHY3XffjYiICBiNRly8eBEXLlyAQCDAs88+iy1btvDbdv1MR4wYgYULF0Ig EODChQu4cOECxo4di40bN/InVy5d86effsL58+fR2tqKuXPnYtu2bfyA6qOPPgqhUNjtMaisrMSY MWOwfPlyu4OxXl5eMJlMcHNzQ2BgIEJCQjBhwgSoVCpUVVXh3nvvxfbt23HPPffwC7gA/xnsvXHj Bs6fP4/r168jNjYWTz31FFiW5b+fXb83nQUHByMwMBDXr1+HXC7HtWvXMG3aNGzdutWsKnv+/Pl8 t1xVVRVaWlrw2GOP4ZVXXuH/TidOnIiAgABoNBqcP38edXV18PX1xcaNGwc097+xsZFLOS6Wy+Wn e/Mccrn88+DgYAbAYxcvXkRZWRlu3rzZ61qIoUatVuPIkSPIzs5GU1MTBAJBK8uybxgMhmUHDhwo UCgUA5aJ5AgKAMRi8XYAEntXgMSdz2g0YtGiRQgPD7c6fxNB2MJN/AhAIpPJ/n47z7Vu3bq1FEVl UBRFCQQC/P3vfx8WXWS2WLlT0DIMk2I0GofUnUJXQ65biRh4er0ezs7OyMrKQktLC5599tnBbhLx O5aZmXng+eefv8tkMqUyDEP1tBZiKLh58yYqKytRUVHBJ1Zw3Uf//ve/h3RQ4JDgQODtt9/may+i o6Ot1iwQxEBKS0tLX79+/c8Mw+Q0NTVRr732GjZv3txn60D3B51Oh6qqKlRUVHAzpgIAKIpqZll2 33AJChwSHAh+INzHxwcrV64c5NYQRLv09PTjYrF4OoCzWq1W2F0txGAwGAxQKBSoqKjADz/8AIZh AAACgeAWwzA5FEV96uXl9b8DMd1FXyPBgUBYWBhZ44AYkmQyWVV8fPwUlmWrtFqts61aiIHU1tbG F4IqFAq0tbVxD9FCoTDPZDIdFQgEn6Wnpw9u5e1tIsGBIIghTSqV1iQmJvoZjcaLRqNx1P79+7td 7a2vNTU1oa6uDrW1tWbrxwCAUCj8mmGYf7Is+1laWtovA9aofkaCA0EQQ96+ffuuJiQk3N/W1naZ YZg/cLUQ/ZGuazAYUFdXh8uXL/MBoWuRoVAoVJhMpiyWZXNkMtnVPm/EEECCA0EQw0JqaqpOIpF4 X7t27SJFUf7Z2dlobW297Sm7NRoNHwTq6uqsTtsiFAqbTCbTGQBnGIb5X5lMVmv5THcWEhwIghg2 JBKJSSKRTLp27dopiqJmf/HFF9Dr9Vi+fHmPqqeLioqgVCpRW1trMSknRVGMs7Oz0mg0FtI0XcKy bMWdendgDwkOBEEMKx2ZP3PEYvHHAJaVlJRAp9NhzZo1ZlX9tpSUlJjNWSUUCm8AKKNpuhhAhcFg qJRKpUOqWnkwkOBAEMSwJJPJlovF4kYAL1ZVVaG1tdWhaTZaW1u5Hz8SCATb0tLS6vu5qcPS8J/F iiCI3y2ZTLYRwAagfZW4t99+u/PJvzu1/b0O83BGggNBEMOaTCbbKxAIlgNg1Go1UlJSuDWXidtA ggNBEMNeenr6JwKBYBGAtqamJuzevZt1ZNldwjYSHAiCuCOkp6cXUBQVxLKsUqvVUm+88QbbeY4j omdIcCAI4o4hlUpr7r///kksy35qNBqpd999l+28shzhOBIcCIK4o0gkEtP999+/HMAek8lEyWQy 9ptvvhnsZg07JDgQBHHHkUgkJplM9iIACcuy1KFDh1BQUDDYzRpWSHAgCOKO1bEq3QsATMeOHTMr fiPsI8GBIIg7mkwme59l2WUATEVFRSgqKhrsJg0LJDgQBHHHy8jIyBEIBPMB6LrOsEpYR4IDQRC/ C+np6cUURT0GgKuQu2PWXugPJDgQBPG7IZVKKwUCQRiA9d7e3tLBbs9QRibeIwjid6VjPiUSGLpB 7hwIgiAICyQ4EARBEBZIcCAIgiAskOBAEARBWCDBgSAIgrBAggNBEARhgQQHgiAIwgIJDgRBEIQF EhwIgiAIC2YV0mTNVYIgeoOcO+48XHBoAoDGxkY0NjYOYnMIghjmmrrfhBgOKO4HsVgcD2DMILaF IIjhrUkmk5E5iwiCIAiCIAiCIAiCIAiCIAiCIAje/wHXe9t1vZ5/DgAAAABJRU5ErkJggg== --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="altp2m-shadow.png" Content-Disposition: attachment; filename="altp2m-shadow.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q7g1 iVBORw0KGgoAAAANSUhEUgAAAYcAAAIcCAYAAAAdV2JjAAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFCwRgk/AdwAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7N1/VFNXvj/8d+Sox2lq45i2sZOOYUSl03QaZ+K3OBNr MtIrVrziI17iAsd4QYgWV/GRfmVW6SJ9qku6Sh9xFRWQjuEWr+E2PsKIt3EKQxzTSxziNR3pNSre pN9mSjqmM7k1jlEC+/mDnlNiwi8FUdmvtbKUc3ZOdk6S/Tn7x9kboCiKoiiKoiiKoiiKoiiKoiiK unsC7j95eXkZhJDE8cwMRVEPLoFA4Kqqqqof73xQo0MA8IHBNN6ZoSjqwSYQCLQ0QDwcGADgagzz 5s3D/PnzxzdHFEU9cC5evIhLly6Btj48PJj+f8yfPx+pqanjlReKoh5gly5dGu8sUKNo0nhngKIo irr/0OBAURRFRaHBgaIoiopCgwNFURQVhQYHiqIoKgoNDhRFUVQUGhwoiqKoKDQ4UBRFUVFocKAo iqKi0OBAURRF3U5AgwNFURTVnwA0OFAURVEx0OBAURRF8QSgNQeKoigqBgEAATNksts4HA74fL4x yA9FUfcjiUQCpVI53tmgxp6g/2NEwcHhcODgwYNjkiuKou5vNEBMKCMLDlyNga4YR1ETA7fCG20t mHhG3KwE0BXjKGoioSu8TUjkjoIDRVEU9dAh/f4ldLQSRVEU1R8BrTlQFEVR/fC1B1pzoCiKom53 fwcHp9MJjUYz4OO1116Dy+Ua72zeV44ePYr4+PhROVYgEMCuXbuwYMECTJ48GQKBANOmTcPixYtR W1uLcDg8Kq8zGoLBIJxO54D7vV4vNBoNtm7dOuSx1q1bh5UrVyIcDmPbtm3QaDTDykM4HIbD4Rh2 nu9EbW0tNBrNoO+Vou7S/d/nEAgEYLVaYwaAzs5OlJWVYcGCBWhpaRmH3N1/7HY7dDodPB7PXR/L ZrPhmWeeQXFxMQAgPz8fBoMBOp0OnZ2d0Ol0fAE63jo7O/HMM8+gsbFxwDRSqRSBQAAVFRXwer0D pnM4HDCZTBCLxWAYBk6nE1ardVj5WLBgAfbt2zfS7I+Ix+OB1WpFIBAY09ehJrz7OzhwUlJS0Nra GvH44osvYDKZEAqFkJ+fP95ZHHf19fV46aWXEAwG7/pYPp8Pq1evRjAYhNlsxrlz57Bnzx6UlJTg wIEDcLvdSE9Ph8Viwd69e0ch93fH6/UOWuBzcnJyAPSdq4HU1tYCAPLy8gAAR44cgdvtHlY+Ojo6 hpWOoh4ED0RwGEhGRgaUSiVcLhdfOHg8HgQCAYRCIVitVnR2dkY8JxgMwmazwWq1DnmF7XK5YLVa 4XA4BrxC9vv9sFqtQ17NcVegdrsdoVAoZhqfz8cfayQ3HWk0Gmi1Wsjlcsjl8gHTeTyeYRWib7/9 Nvx+P8rKyrBmzZqo/SzL4oMPPoBEIkF5eTm/3e/3xzynwWAQHo8nZuDiroRtNtuAgY1rron1WQQC AXz11Vf8/z0ez4CfVUZGBliWRV1d3YCvYzKZIJfLkZSUFDON3+/nz2FHRwfsdjv//vq/11AohFAo xH8fb+f1emN+xoFAgP9+DvZdoah7Ijc3tyQ3N5ccP36cDOb48eNkOOlGS2trKwFAdDrdgGnUajUB QNxuNyGEEACksLCQJCYmEnzbdtbe3k4IIaS0tJQIhUJ+OwCiVqtJV1dXxDHb29uJQqGISCeVSsnp 06f5NNeuXSN6vZ4wDMOnYRiGFBYWku7ubj7dhQsXSEJCQsSxRCIRqaysjDiWVquNSAOAaLVacuPG jSHPk0QiIRUVFaS7u5s/H7EAIDKZbNBjdXd3E6FQSCQSScT7iOX06dP8eSeEEJ1OF/O1jUYjAUCM RiO/rauri6SlpUWdl/Ly8ojnWiwWIpFIItJJJBLS1NRECCHEYDBEnbf+ebodd57Pnz8fta+hoYEA IGVlZfy228+nTqcjMpmMlJWV8a8nk8mi8tDa2sp/fw0GQ9RryWQyolar+b+vXbtGdDpdxPeJOycN DQ18Ou79tra2DvgeR9Nwf/Ncutzc3JLRL6Go8fBA1xx8Ph8cDgdEIhGkUim/vaamBkKhEAaDAXq9 HkqlErt27UJRURHUajXa29vhdrtRUVEBh8MBjUbDX7X6fD689NJL8Pl8MJvNcLvdaG5uRjgcxsqV K/mrvY0bN6KyshKFhYW4cOECLly4gIKCApSVleG1117j88K1y7e2tsLtdqO9vR0JCQnQ6/V8M8Tb b78Nk8mEiooKuN1uXL58GXq9HiaTCe++++6Q58HtduOVV14Bwww+Mlkmk0Wcp1icTieCwSDUavWQ x1OpVJDJZEPm73bhcBjLly9HU1MTysrK4Ha7cf78eaSkpKCgoADvv/8+gL6rcK1WC5lMxn9mzc3N YFkWWVlZCAaD2LBhA1970el0aG1thUQiGfC1B2taMhqNYFkWGzZsGDT/fr8fO3fuREFBAQoLC1FW VobW1lYA3zWBKhSKEZ2TrVu3wmg0ori4GJcvX4bb7eZrODqdjtYgqHvugbjPobOzk28L5ng8HhiN RgSDQZSWlkYUZKFQCB9//DFEIhGAvkJm586dkMvlOHbsGJ/2lVdeAcuyyMnJwb59+7Bjxw7s27cP gUAAzc3NWLp0KYC+QtVoNCI1NRUtLS2YM2cOzGYz9Ho9du/ezb/uO++8A4/Hg4qKCmzfvh0sy6Kz sxN6vR5qtZo/1sGDB1FVVcX/4G02GyQSCfLy8vi8HThwAAAGLeg4LMsO6zwOp+38ypUrAIDExMSo fYFAIGYTiUQiGXYegL4RVU6nE2VlZdi+fTu//YMPPoDL5UJxcTE2bNgAh8OBQCAArVbLT/omk8lQ WVmJpqYm+P1+yGQyPP/88/w+7jwPZOnSpfzn+dZbb/Hb/X4/mpqakJ6eDrFYPOgxuO/cjh07ovZJ JJIh8xCLy+VCWloaSkq+u/CWyWT8efL5fHcUiCnqTj0QwcFms8Fms0VtF4lE2LlzZ9SPVKFQ8IEB AE6dOoVQKISsrKyoq+HMzEzo9XpYrVbs2LEDFosFYrGYDwycpUuXoru7G0DflT7Qd+V8ext7UlIS zGYzPvnkE2RkZEAmk6GmpgYAkJaWhiVLlkChUPCFP9A326XVasXy5cuRlZWFZcuWQSKRRKS5VwYb fbR3714YDIao7a2trSMqEJuamgAAL7zwQszzV1lZCafTCblcDpZlUVxcDK/Xi1WrViEpKQnLli3D smXLhv16t8vJyUFxcTFsNhtUKhUA4PDhwwiHw3zNYih38/qxtLW1RfwdCoXgcrn4kXoej4cGB+qe eiCCQ0pKSlQAEIvFSExMjNn0kZCQEPG33+8HEPsqnGVZSKVSvuPa7/fHbHrp/zrcDzYrK2vAPHPH ++CDD/gmqMrKSrAsC7Vajfz8fKxYsQIAUFJSgs7OTjQ0NKC5uRlAX4DTarV45ZVXIBQKB3yd0TZn zhwAiDl8eMmSJRHBges8HymuQ3fx4sUDpgkGgxCLxTCZTNDr9SgrK0NZWRmEQiHS0tKQl5fHF+wj tWHDBhgMBtTW1vLHMBqNkMlkURcFA+l/8TEaQqEQqqqq0NTUFDHAYiQ1MooaTQ9EcBhpVX2otvLb hUKhiMAx1HBQ7vgmkwlPPvlkzDTcVZ5KpcLly5dhs9nQ0tKC5uZmWCwWWCwWVFZWIi8vD0KhEMeO HYPX68WJEydgsVjQ3NyMoqIiWCwWvj37XlAoFBAKhbDZbAiHwxHnUq1WR30OdxIcOIO9L67NftWq VVixYgVOnTrFn7e6ujqYTCZYLJZhF+b9SaVSpKSkoKGhAe+99x46OzvhdDpRWlp6x+/lbnB9MFar FWq1GllZWVAoFHj++edRX18fs7ZGUWPtge6QHq5nn30WQOyrYW5IIVeYJyQkwOv1RnUAhkIhLF68 GFVVVXx7PMMwfIHJPSQSCW7evAmhUIhAIIATJ07A4/FApVKhpKQEp0+fxvnz58GyLN/cxA1dlEql yMvLw7Fjx3D16lUkJSXBarUOa/jpaGFZFlqtFl6v945v6OJqapzbgy1XsxOLxVHnTygUoqenBwzD wOfzobGxEcFgEEuXLsU777yD8+fPw2Kx8MNO75ROp4Pf78fJkydRW1sLhmGQmZl5x8eLZaCr/nA4 HPGZnjp1ClarFTk5OWhtbcXu3buRkZGBxMTEqHNJUffKhAgOCoWCb/u/fWz5rl27AADp6ekA+voF QqEQP2KGU1tbC5vNBqFQiDVr1oBhGJSWlkYUfOFwGJs2bUJKSgp8Ph88Hg9SU1OjRhzJZDIwDMM3 TWzcuBHr16+POBbLsnxtZrSaFoZ7n8Pu3bshkUhQWFiIXbt2xQyUtbW1qKioAPBdTYrryP3000/5 tOFwGEajMeL53Ll+8803I7YHg0GsXbuW39/S0oK0tLSoz2L27NkAvjsvd3J+Vq1aBYlEArPZDJPJ hJSUlCFHcg1H/z4b7oLDbrdHpLl96hEuANzep+Dz+e4qAFLU3XggmpXuFsMwqKysRGpqKhYuXIj8 /HyIxWI0NDTwI1S4q8bs7GyYTCYUFBSgo6MDSUlJ6OjoQHl5OVQqFTIyMsAwDIqLi2EwGLBo0SLo 9XowDIO6ujrYbDYUFRXxN6OlpKSgoqICgUAAarUaoVCIH2VVUFAAACguLoZOp+OPJRQK0dzcjIaG Buh0uiFHzwxXfHw8ZDLZkKOWxGIxWltbsXr1ahQXF6O0tBTJyckQiUT8lCaBQAAikQgVFRV8u31G RgbKy8uh1Wqh1+vBsixMJlNUM9+yZcuQlZWFuro6LF68GFlZWQiHw6isrITH40FlZSUfhEtLS1FU VASPxwOlUgm/34+KigoIhUL+LmauUK2oqIDH48Hrr78e1e90O4ZhkJWVhfLycv617xb3nVq/fj2y s7OhVquhUqlgsViwevVq/rvU1NQUEYiWLFkCoVCI0tJSsCwLhUIBp9OJ8vJyCIVC+P1+3Lx5867z R1Ejdr/eBHfu3DmiVqtJaWnpsJ8zWPq2tjaSkpLC3wiXmJhIysvLo272unbtGikoKCBSqZS/6aqg oIBcu3YtIp3JZCJJSUn8jUtyuZxUVFTEPBZ3IxzLskSlUhGLxRJ1LKVSyR8rISGBGAyGIW9Eu11B QUHEzVW3nxutVjvsY924cYNUVFQQtVrNnzOWZUlSUhIpLS2NunmQkL4byZRKJX8DV2FhIbl8+TJR q9UR77m7u5tUVFQQuVzO30CoUqmI2WyOOF5XVxfJyckhYrGYACBCoZCkpKTwNzZyysrKSEJCApHJ ZMO+QezChQtErVaT1NTUAc/z7eeztLQ05o2T3HuXy+VEJpORmpoaPv9arZYIhUL+Pba3t5OCggJS UFDAP7etrY2oVCrCMAxhGIYolUpiNBr5c8cdz2g0ErVaTc6dOzes93i36E1wE5cA6AsOAAwrV64c dPnPpqYmHD9+HEOloyjq4TDc3zyXDoChurr6zQETUg+MCdHnQFEURY0MDQ4URVFUFBocKIqiqCg0 OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKQoPDKNi6dSs0Gk3UmhPDsW7dOmzbtm3IdLW1tdBo NCNaPvR+4XQ68eijj0Yt2QoAjY2NWL58OWbMmAGBQACBQIC5c+fitddei3ivHR0d0Gg0EQspxcIt yrRu3bqofaFQCMuXL4dGo4HD4Yj5/M7OTjz66KNwOp0jfJcU9XChweEucYv7OByOO5rV0263D6sg 4tZaftBWBOPmm8rJyYmY0iIYDGL58uVIS0uDw+FAWloaDAYDioqKIBaLUVZWhueee44/N3K5HJ2d naioqBh01tyWlpao6Sk43Iy3drt9wBX2EhISkJOTg02bNg26tgVFPexocLhLXG0hPz8fLpcLLS0t 45yj+8vhw4fR0dERtR7H5s2bYbFYkJOTA7fbjUOHDqGkpAS7d+9GW1sbTCYTAoEANm7cyD8nJycH oVAo5hKfHG5pzezs7Kh9NTU1kMlkSE9PR0NDw4Aznu7YsQMdHR04fPjwnbxlinoo0OBwl2pqaqBQ KPDqq6/yE/wNxul0wmq1xmxi6c/n88FqtcJut8e8gg0Gg/B4PAiHw3yt4vYrau4YNpttwKvtcDgM h8MBq9UKh8Mx4NUy9xrcpHvDEQ6HsXPnTqSnp0esl+FwOFBXVweVSoUDBw7EXMwoIyMD+fn5cDqd fMDlCvyBZioNBoMwm81Qq9VRy5x6vV40NzcjOTkZWVlZ/MyysUgkEqSnp2Pnzp209kBNWDQ43IWT J0/C6/UiKysLEomEX0AmVr9AZ2cnFi5ciAULFkCj0WDu3LnYvHlzVLpwOIxt27bh6aefhkajwaJF i7BgwYKoYHL06FHEx8fj/fffx9y5c6HRaPiV1bipr2fNmsVvf/zxx/npyTk2mw1z587FwoULodFo sHDhQjz99NNobGzk0/j9fixfvhzx8fHQaDTQaDR4/PHHsXnz5iELzpMnT6KzsxNarTZiOzcFd3Fx 8aALM23fvh2nT5/GkiVLAHy3SE9zc3PMqcfr6+sRCoWg0+mi9nHTZGdmZmLp0qWQSqX8lOOxpKen o7Ozk9YEqQmLBoe7UFNTE7FIjE6nQzgcjlp/gOskdblcMBqNcLvdsFgsaGhoiFpD+e2330Z5eTmy srJw4cIFnD9/HgkJCXxzye0KCwuh0+lQXFyM/Px8AMDKlSvR0NCA0tJSXL58GefPn4dWq0VxcTHf 1h4KhbB27VqwLIu2tja43W6cPn0aIpEIWq2WD3C//vWvYbVaYTKZ4Ha7ceHCBWRlZaGysnLIZpeG hgYA4At3js1mA8MwUdtvJ5VKoVKpIgIIt8ZzrKYlo9EIkUiEjIyMqH1ck5JarQbDMNBqtfB4PDh5 8mTM1+ZWmDObzYPmkaIeavfrlN33s6tXrxKWZUlqaiq/7caNG0QsFhOpVBoxBbTJZCIASHl5ecQx 2tvbCQB+SugbN24QkUhEFApFRLru7m6iUCgIAOJ2uwkhfVM3AyBZWVkRaZuamggAYjAYovKsUqmI SCQiN27cIG63mwAgRUVFEWlOnz5N9Ho9uXDhAiGEkISEBCKXyyPS3Lhxg2RlZZGGhoZBz5FcLieJ iYlR21mWJTKZLGp7d3c3cbvdUY+rV69GvLZYLI46R5cvXyYASH5+ftRxW1tbo87J+fPnCQCSlpY2 YP4TExOj3vtEQ6fsnrhozeEOHT58OKoJg2VZpKenw+v1RlyRcuss335Fq1QqI9rGnU4nAoEAvxIa h7vSjSU5OTnib4vFAqBv7WqPxxPxUKlUCAQCsNvtEIvF/GI927Zt40dCcf0AXL6USiU6OjqwcuVK HD58GH6/HyzL4oMPPsCqVasGPUculyuir4EzUHOU1+tFfHx81KP/8FWWZaHT6eB0OtHR0cFv52ox GzZsiDouV5Prv08ul0OpVKKpqWnA1fEkEknMpWUpaiKYECvBjQVu/eeysrKItmuuOaaiogIrVqwA AL6/IFZB2X/blStXACDmMMxYzwW+WzKTw73W7UGjv88//xxqtRp1dXXIyclBeXk5v+pYcnIy8vPz +WaVPXv2wOfzoampCU1NTQD6Ao9Wq0VeXt6gfQbhcDhq6Uugb7ioy+VCKBSKWOJTJBLBYDDwfwcC AZSXl0c9f8OGDSgrK0N9fT2/4p7RaIRSqYRSqYxIGwgEYDabwbJsxMgnoO+z4poBS0qiL3ilUint kKYmLBoc7oDD4UBHRwcUCkXUqBiZTIZgMAiLxQKPxwOZTDbsNY5HY61orrBubm5GXFxczDRcnles WIEvvvgCNpsNJ0+e5JcmbWhogNlsxpo1ayCRSNDa2orOzk7+PgFuBJTD4cChQ4cGzU+s+zJUKhVc LhdOnTqFZcuW8dtFIlFEIe3xeGIGB7lcjqSkJBiNRrz11luwWq3weDwoKiqKSst1UicnJ0cFXZlM BpPJhMrKSrz++utRge5Bu6eEokYTbVa6A1wzxZ49e3Do0KGoR2FhIQCgqqoKAPir21h35fbvkH72 2WeHlW4w3I1mU6dOhVqtjniIRCL09PRAKBTC5/OhsbERfr8farUau3fvRnt7O06fPg2g70o8HA7z w2kTEhLw6quv4qOPPkJXVxcSExNhNBoHzYtIJIo5cotr3ikuLr7jK3OdTgev1wubzYba2lqwLMsP DOivpqYGLMviyJEjMT+rtLQ0/lzczufzQSQS3VH+KOpBR4PDCIVCIZhMJkilUqjV6phpMjMzwbIs ampqEAqF+L6G2+/KPXHiREShn5iYCIVCgbq6uohCNRgMDlkQc7jX2rVrV0TBGwwGsX79eqSmpiIY DOLs2bNIS0vjAxiHawbi7j1YvXp11LBVkUgEkUgU8/6E/uRyeUS/AEelUiEnJwcOhwPLly+Pec+H w+Hgm4FiNV1lZmZCKBSivr4eZrMZWq02Kj9OpxMOhwMpKSkQi8Ux85iXlwfgu2bC/lwuFx/YKWqi oc1KI3T06FEEAgF+2GgsYrEYqampMJvNaGxsREZGBvR6PSorKxEMBpGWlobOzk6Ul5dHXZm+9957 /D0HBQUFYFkWFRUVw77xLCkpCYWFhSgrK4NGo+E7sisrK9HR0YHS0lJIJBIsW7YMCoUCO3fuhM/n Q1JSEgKBACoqKsAwDH9TX2FhIYqLi/ljsSyLhoYG2O32iP6BWNRqNWw2G9+81t+BAwcQDodhNBox d+5cJCUlITExkb8pj+sI1mq12L17d9SxhUIh0tPT+QDMFfL9cTW8WPc99M+jTCaDxWKBy+Xim9w8 Hg9fq6KoCYsOZR2+oqIiolaryfnz5wdN19raStRqdcRQ0fLyciKTyQgAIpPJSF1dHSkoKCAFBQUR z21vbydqtZowDEOEQiHJyckhZrOZqNVq0tXVRQghxGKxELVaTc6dOxfz9SsrK4lSqSQACMMwRKlU EpPJFJHm6tWrRK/XE6lUSgAQoVBIkpOTyenTpyPSVVRUELlcTgAQAEQul5OKioohzxU3XLSysnLQ 85SVlcXnAQBJSEggOTk5pK2tbdDjc+cpPT095v709HSSnJxMbty4MehxampqiFqtJkajkd9WWVlJ AAz5OT/s6FDWiUsA9AUHAIaVK1ciNTV1wMRNTU04fvw4hkpHURyNRoNQKIS2trbxzsqILFq0CEKh EB9//PF4Z2VcDfc3z6UDYKiurn7znmWQGjO0WYkaUyUlJdBoNHA6nVAoFOOdnWFxOp2w2+1obW0d 76xQ1LihHdLUmFKr1dBqtXjjjTfGOyvD9uabb0Kr1dL+BmpCo8GBGnPvvfcewuHwkDPR3g86OzsR CoXw3nvvjXdWKGpc0WYlasyJxWJ89NFH452NYUlISHhg8kpRY+mOgsPFixdHOx8URd2H6G994hpR cJg+fToA4NKlS7h06dKYZIiiqPsP99unJo4RBYcXX3wRAPDNN9+MSWYoirr/TJ8+nf/tUxPHiJuV 6JeEoijq4UdHK1EURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKMuIOaYfDEXMBF4qiHk4SiSRq+VXq 4Tei4OBwOHDw4MGxygtFUfcxGiAmlhEFB67GMG/ePMyfP39MMkRR1P3j4sWLuHTpEm0tmIDuaPqM +fPn0/UcKGqCoLMhTEy0Q5qiKIqKQmdlHaY334xe3IphGEilUkilUixZsgQMQ09nR0cHWlpaEAgE IBaLsWLFiqj1o++E3+9HY2MjHA4HQqEQACAxMREZGRkRx7fZbGhpacHSpUuhUqkGPF44HMauXbsg kUii1p8OhUJ4++23AQA7duwAy7J3nX+KetDQ0myYDAbDoPulUimOHTs2YTvtwuEwNm/ejJqaGgiF QojFYni9XhQUFKC8vByvvPLKHR/73XffRXFxMUKhEH/sYDAIo9GI4uJi5Ofn45133gHDMBCJRDAY DLBarYOu5NbS0gKDwYCioqKofY2NjfznzQUgippoaLPSCEilUrjd7ojHuXPnUFRUBK/Xi3Xr1iEc Do93NsdFVVUVampqkJ+fj6tXr8LtduOLL75AUlIS8vPzYbPZ7ui4b7zxBgoLC5GYmIjm5mZcu3YN brcbV69eRXt7O5RKJcrLy/Huu+8CAORyOZKSkmC1WuH1egc8rtFoBABs2LAh5j65XA6pVIqKioo7 yjdFPehocBgBhmEgk8kiHgqFArt370ZaWho6OzvR0tIy3tkcF5WVlZBKpdizZw/fDCORSPgV1err 60d8TKfTidLSUiQmJuL06dNYunRpxH6lUomPP/4YMpkMpaWlfHOTTqcDABw+fDjmcQOBABoaGqBW q5GYmBixz+v1wmKxIDk5Genp6bDZbOjo6Bhx3inqQUeDwyhRKBQAvhvuu23bNmzbtg2NjY145pln 8Nxzz+HkyZMA+gqn1157Dc888wzi4+Px3HPPYdeuXQgGg1HHra+vh0ajQXx8POLj47F+/Xp4PJ6I NC6XC+vXr+fTLF68OGZhfPjwYSxevJhPt3bt2qgreqfTibVr1/JpFi1ahH379g1ZI9JqtSgqKorq d+H6A/q/t23btkGj0Qw5PHLv3r0Ih8MoLy+HUCiMmUYoFKK4uBg5OTn8a2RmZoJlWZhMppjPqa+v RygUQk5OTtS+999/HwCwZs0avlZRVVU1aD4p6mFEg8MocblcAPquloG+QrahoQFarRZA3xXp1KlT 4fP5sGjRIpSXl0OpVEKn00Eul6O4uBjLly+PKER//etfQ6vVIhgMQqfTIS0tDQ0NDVi0aBHfZOJw OLBw4UJYLBakp6fzV81arRZvvPEGf6yqqipkZWVBKBRCp9NBq9XCbrdDo9HA4XAA6Fs/efHixXA6 ncjKyoJOpwPDMMjPz484Viyvv/56zH6Fo0ePAuhr7uE4nU5YrVb+Sn8gFosFIpEoqsZwu+zsbLzz zjsQi8UA+gKGVquF0+mE0+mMSm80GiESibBmzZqY+xISEqBSqaBQKKBQKFBXVxczcFPUQy83N7ck NzeXHD9+tp7UMgAAIABJREFUnAzm+PHjZDjpHkYAiEwmi9re1dVFysrKCMMwRCqVkhs3bhBCCFGr 1QQAMRgMhBBCuru7CSGE6HQ6AoCYTKaI41RUVBAApLi4mBBCyPnz5wkAkpyczD+XEEIsFgsBQAoK CgghhCgUCiISiciFCxcijqfVagnDMOT8+fOEEELkcjlRKBQRaS5fvkwYhuHzWFpaSgDwz+HyrVQq iVwuH+EZI8TtdhOxWEzEYjH529/+xm8/d+4caW1t5c9VLFevXiUAiEqlGvHrEkLI6dOnCQBSVFQU sf3y5csEAMnPz496TnNzMwFAdu7cyW8rKysjAEhlZeUd5eNBN9zfPJcuNze3ZHxKMWq00ZrDCHg8 HggEgojHrFmzUFhYCKFQiCNHjkQNe3z11VcB9PVXhMNhmEwmKJXKqBEwr7zyCqRSKerq6gD0jZgB gJKSkoimmmXLlqGurg4bNmxAR0cHf5V/e9v59u3bEQ6H+St3oVAIl8vFN6kAQEJCArq7u1FSUsLn EehrWuGafBiGQXt7O86fPz/ic7V8+XIEAgGYTCaIRCJ+n0KhgFqtHnSIKHelHmt4sNPphEajiXrU 1tbyaVQqFRITE/nzyeHS3D58FQBqamoARHZSZ2ZmgmEYfh9FTRR0KOsICIVCpKenR2wTi8WQy+VY tWpVRAEI9DUx9d/m9XoRCoUGHO6qVCrR0NAAoK+JB4hsjuFkZmYC+K7D1WKxQKPRRKThAgDXP1Fc XIy0tDRotVoIhUKoVCqkpqZizZo1fFPYhg0bUFNTg/Lycr7ZKyUlBWvWrOH7VIbD4XBg5cqVCAaD MJvNQzYLxcI1EcVqzgmFQhH9LqFQCD6fD2q1OiJdTk4OCgsLYbVa+X1GoxFKpTLqvHKd1DKZLGpQ gUwmg8PhgN1uR1JS0ojfC0U9iGhwGAGxWIxDhw4NO/1AV8a3BxEO1+nav/N3oLT900kkkpg3miUm JvKF2YoVK3DhwgXU1tbCYrHwj8LCQtTU1CAzMxNisRjt7e2or6+H2WyGzWaDw+HAzp07odVqceTI kSHf89GjR6HT6SAUCvHRRx8NeiPaYIRCIWQyGTo6OhAMBiM6pJOSkuB2u/m/rVZrVHAE+oJoUVER Dh8+DLVajZaWFni9XhQXF0elPXz4MB90uH6b21VVVdHgQE0YtFnpHuIKOK5WcDuXywWhUAiGYfi0 XEd3f42NjWhpaeGvrtPT03Ho0KGYj/7NJwkJCXjrrbfQ3t6Oq1evoqamhu9w7p/H7OxsfPTRR/jb 3/6G5uZmKJVKmEymIYfpVlVVQavVQiqV4vTp03ccGDharRahUOiORwtJJBKkpaXBbDYjFArBaDRC KBTyNa/+jEYjWJbFtWvXQAiJeHR3d0MikcBkMiEQCNzVe6KoBwUNDveQWCyGQqGAxWKB3++P2NfZ 2Qmn08kXqNy/3PBXTiAQQFZWFkpLS/GLX/wCLMvCaDRGDTU9evQoHn30UezduxehUAizZs3CunXr IvKSnZ0NtVrNF3gbN27EjBkz+CYphmGwdOlS6PV6ABh06OnJkyeRn58PpVKJ06dPIyEh4U5OUYTt 27dDLBajuLg46jxwQqEQ3z8Ti06nQyAQQGNjIxoaGpCenh41LNbpdMLhcCAtLS3mkFmGYZCVlYVQ KMQPdaWGZ9OmTctyc3M3bNq0aZler1fr9XrZli1bJOOdL2potFnpHisuLkZ6ejpWrlyJAwcOQKFQ wG63Y+PGjQD6hoQCfePsuSGuEokEq1atgt/vx9atWxEMBlFYWAiRSISCggKUlpZi3bp1eOeddyCV StHS0oL8/HwwDIOMjAywLIukpCSYzWao1Wq+k/XEiRNobm5GcnIyAECtVsNoNGLdunXYs2cP36xT Xl4OlmUH7DsIh8PIz89HOByGXC7Hvn37otIoFAqsWrUKQN99Dk6nE0eOHOH7O2IRi8U4duwYli9f jpSUFKSmpiItLQ1z5szB9evXYbfbUVNTA5/PB6lUihUrVkQdY9myZZBKpSgsLEQwGIzZEc0V+Nyw 41iys7NRVlaGmpoabN++fcB01Hfy8vIyCCEmABAIBOjt7QUA9Pb2Ijc3F5MmTQoC+B+BQPCXcDj8 P5MmTfL09vaGBAKBjxASEAgEAUKILy4u7mY4HO6sqakZ+JZ3atTR4HCPrVmzBjU1NSgsLMSCBQv4 7RKJBA0NDXyNgWEYHD9+HGvXro0otFiWRWVlJZYtWwYAeOuttxAKhVBRUQGz2cynk8lk+PDDD/nC 98CBA/B6vdDr9XxNAOjrBP/ggw8A9HVIu1wulJWV8R3jQF8hbTKZBizIHQ4H31Q20KgenU7HB4fh 3ucA9NWgzp8/j23btqGpqQlNTU0R+yUSCQwGA7Zv3z7gVb9Op8POnTv5qTX6C4VCqKur4ycJHAjX f2O32/mJ/ajBEUISAWDmzJmYOXMmAODatWv8/lu3bglv3rwpBPCDYDAIQggEAgEARPzb29uLSZMm Qa/XBwG09fb2fkIIsXd3d58xGo20nW+M0OAwTG63e0Szrh45cmTAu4qzs7ORkZGBU6dOwe/3Y/bs 2VCpVDHvLm5vb4fD4cBnn30GkUiEX/ziF3xfA9BX+O3Zswevv/46PvnkEwQCAcyZMwdJSUkRx5NI JGhvb0dHRwc+/fRTAMDzzz8fNWpn9+7deOWVV3D27FkEAgFIpVK++WogCoUiooM4lv4F95EjRxAK hSCVSgd9Tv/zcOzYMQQCAZw5cwY+nw8Mw2D+/PnDmujw9ddfR3Z29oDB49y5c2BZdsjP96OPPkIg EBh0kAAVTSaT4ac//emQ6a5fv44bN27g+vXruH79Ov7+97/j+vXruHbtGq5du4ZgMCgE8BKAlwQC AaZMmYItW7a4e3p6ThFC7ISQMz/4wQ86DAbDxJzgbJTR4DBMI512erDmEqCvsBzsSrU/pVI5ZCEo Fov5K/PByOXymMNj++OmIR8ulmVHdH6GOjcDEYlEfI1pJAbLHzdf1nBfnwaGsfPII4/gkUceibj4 6a+7uxt//etf8fXXXyMQCMDv9+Ovf/1rPCEkHoBOIBCgq6srlJeX5yCE2AQCgT0uLu7M/v376TJ2 d+COgsPFixdHOx8URd2H7qff+uTJk/Hkk0/iySefjNj+P//zPwgEAvjyyy/R1dXFfv311yoAKkII N5X8l729vacJIa23bt2qp01RwzOi4DB9+nQAfcsG0qUDKWri4H7796PHHnsMjz32GGbPng0AuHnz Jr788kv8+c9/RldXFwKBwFMAMgBkTJ069T29Xt9ACKmqqqqamFMoD9OIgsOLL74IAPjmm2/GJDMU Rd1/pk+fzv/2HwRTp07lZxUGgBs3buCLL77A559/ji+++GJyT0/PWgBrN2/e3NXT01M1adKk2srK Ss+4Zvo+NOJmpQfpS0JRFDVt2jTMmzcP8+bNQ3d3Nz7//HNuMapZAAy9vb2GzZs3n+rt7T1w8+bN RqPROPQwugmAdkhTFDVhTJ48GQkJCfykk59//jkuXbqEL7/8cgkhZAnLssHc3FyjQCCoraqqcox3 fscTDQ4URU1I/QNFKBTCxYsX8dlnnwmvX7+eTwjJ37x586VwOLxfIBAcrq6u9g99xIcLnT6DoqgJ j2VZPP/881i3bh2Sk5MhkUjQ09MzTyAQlAsEgi/z8vL+v+zs7LufE+YBQmsOFEVR3xIIBHxn9tdf f43/+q//wuXLlyf39PSsZhhmVW5ubtmtW7d2T4ThsLTmQFEUFcPMmTOxePFirFu3DnK5HJMmTZoE 4H+zLHslNzd3w5AHeMDR4EBRFDWIadOmYdGiRVi3bh3mzZsHQsj3ARi3bNlyNicn56Fd4IMGB4qi qGGYNm0alixZgrVr1yI+Ph7hcPinkyZNatPr9f/yME5DPuI+B4fDMei8/hRFPVwkEsmwJjicKB57 7DEkJyfj66+/xpkzZ/DnP/95vUAg+L/y8vLemjVr1rsPy8R/IwoODocDBw8eHKu8UBR1H6MBItLM mTPx8ssvo7OzE21tbY+EQqHSr776asumTZtyDx48GHt1qgfIiIIDV2OYN28e5s+fPyYZoijq/nHx 4kVcunSJthYMIiEhAVKpFG1tbejs7PyhQCCw6PX6lu7ubv37778fe03gB8AdDWWdP38+UlNTRzsv FEXdh+gkm0NjWRYajQZz5szBJ598gmAwuJRhmIu5ubn/u7q6+t3xzt+doB3SFEVRo+SHP/wh0tPT 8eyzz4IQMglAmV6v/3DLli3RK03d52hwGCaNRjPgY9OmTbBareOdxXHn9/vx2muvYcGCBXjmmWew fv162O32uz5uOBzG4cOHodFo8Oijj0IgEGDy5MlYsGAB3n77bQSDQT7tiRMnoNFoYq5jfXteNRoN tm3bFrXP6/Xyny1tTqFGavLkyfj5z3+Of/iHf8DkyZPR29ubTgj5z9zc3MTxzttI0OAwTFarFU6n M2JbOByGx+NBTU3NsAqkh5nf78fixYtRXl4OhUKBtLQ02O12LF68GI2NjXd8XJ/Ph0WLFiErKwud nZ3QarUwGAzIz89HMBhEUVERFi5cyBfiL7zwAux2O8rLywc9bn19PaxWKxITo3+vhw8fhsPhgNVq RW1t7R3nnerz9ddf44svvkBXVxeCwSBu3Lgx3lm6J2bPno3Vq1djxowZ6OnpmSsQCM5t2rRpzXjn a7jo9BkjoFAo0NraGrXd6XRi8eLFKCwsREZGxoDLHD7Mdu3aBZfLhaamJn7509dffx0LFiyAXq/H ihUrRrQGN9AXfNeuXQuHw4Hi4mKUlJREHGPPnj14++23UVRUhK1bt+LDDz+EWCxGWloaTCYTbDYb VCpVzGMbjUYIhUJkZmZG7aupqYFSqUQwGERFRQW2b98+4rxTAAAfAHg8Hng8nqidkydP7pkyZQqZ Nm1aD8MwU6ZPny6Ii4vD9773PUyZMgVTpkzBtGnTwDAMpk+fjkceeeRe5/+uPfbYY1i1ahVsNhs6 OztZgUBgzsvL+39nzZq1434f8kq/8aNAoVBAp9OhoqICp06dwpo1kRcHdrsdQqEwau1mp9OJQCAA sVg86LrOPp8PLpcLLMtCoVCAZdmoNKFQCE6nE6FQCImJiQOu08z9UBmGgUKhgFAY3RQaDAbhdDoR Dochk8mGtcay3++HUqmMWBdbKBRCpVLBaDTC6/WOeB3u+vp62Gw2aLVavPXWWzHT7NixAxaLBWaz GV6vF1KpFDqdDiaTCfX19TGDQ0dHBxwOB3JycqLev9VqRWdnJ/Lz8wEABQUFOHny5LDX+6a+U11d XZWXlycCwFfPent7Zdz/u7u7Rd3d3aLr168DgGyoJrypU6fi8ccfx5NPPonHH38cTzzxBKZOnTpG uR89kydPhkajwZNPPon/+I//ACHk/+7q6vqRwWBYez8HCBocRglXW+DavzUaDQBAKpWirq4OAFBe Xo5XX30VJ06cQH5+fsTVlFwux6FDhyLGkvt8PmzduhVms5nfJhKJUFZWhuzsbH7bu+++i507dyIQ +G4usPT0dBw6dIgv/AKBANatWweLxcKnYVkWOTk52LNnD39l/Oabb6K0tBSh0HfrnajVahw5cmTA gAMAH3zwQcztHo8HLMtG1KY0Gg2sVivcbvegAcNoNAIASkpKBkwDAO+99x6CwSCkUikAYNmyZZDJ ZDCZTBHvjXP48GEAiDiHHK4Zac2aNWAYBoWFhaisrKTB4Q5VVVW9Pdy0OTk50ri4OAmAHxBCpIQQ yaRJk6S9vb0ygUAgu3nzpszr9cLr9fLPmT59eo9EIol74okn8MQTT+D73/8+BALBWLyVu/bjH/8Y M2bMwMmTJ9Hd3Z3W1dX14f0cIGhwGAXhcBgNDQ0AgJ/97Gf8dofDAZfLheLiYvh8PqxatQpWqxVp aWlISEiAxWLB/PnzcfbsWeTn50Oj0aC9vR2JiYkIh8NYvXo1HA4HysrKsGrVKgQCAWzbtg05OTmY P38+VCoV9u7di8LCQqSmpqKkpARisRhHjx5FUVER/H4/3wz22muvwWq1wmg0YsmSJQgGg3jjjTdQ UVGBpKQkZGZm4uTJkzAYDMjJycH27dvBsixOnDiBgoICbNq0CcePHx/W+fD7/fB4PNi3bx+sVisM BkPEFbpEIoFMJhuyqcZmsyEhISFmv0B/sWpdOp0OBoMh6qo/HA6jrq4OcrkcSUmR0+IEAgGYTCYk JyfzgSYlJQVNTU3weDwjrvlQI1NTU+MF4AUQc5GdLVu2CG/duiWfNGnSzwAkCgQC5TfffCP/5ptv hNxw27i4uJ7HH39cIJFIJnEBY9q0affuTQxh1qxZSElJwccff4xQKJT21VdffbJly5al+/fvDw79 7HuLBocR8Pl8UR2UXIHidDqRmpoaUVAFg0E0NDRg6dKl/LZ169aBYRh8/PHHfAEkk8kwe/ZsLFy4 EG+88QY+/PBDnDx5Ena7HQaDAdu3b+ef/+GHH+Lpp59GfX09lEolDAYDFAoFjh07xhe2XPrCwkKc OHECK1asQHNzMxITE7Fhw3eTSR45cgQbN27km6m4kUXbt2/nC+RXXnkFwWAQfv/w1zrZvHkzX9tR qVTIy8uL2H/kyJEhj+HxeBAKhfhz1F8oFIo5ikgkEkEkEgHoqxXs3LkTJpMpIji0tLTA6/WisLAw 6vn19fUIhULQ6XT8Np1Oh6amJlRVVWH37t1D5psaO98WoPZvH7zs7OwEhmGeJYSoe3p61D6fT9H/ +yEUCsmTTz4pmDVrFn70ox+Ne1OURCLBypUr0dTUhBs3bvyvuLi4lvsxQNDgMAIulyui4OAwDIOs rCwcOHAgavuSJUv4vwOBAOx2O9LS0qIKPaVSCaVSyTf7NDc3A0BU/4VEIsG1a9fAsixaWloQCASg VqsjqtpAXz8Id5wVK1ZAqVTCbDZj7dq10Gq1WLp0KUQiUURBzQWEtWvXQq/XY9myZUhISMCOHTtG cpqwY8cOvP766zhz5gwKCwuxYMECtLW1jdqVt91u55vt+jMYDHwTlFQqRXJyMsxmMw4cOMDXXIxG I1iWHbAjWigURpzzFStWQCwWw2g0oqSkJGZ/DzW+vr0LuRNAIwDodDrR5MmTlwJIFggE6mAwmBgM BnHlyhW0tbURmUwmSExMxFNPPTVueRaJREhNTe0fIP5Tp9P9r/tpnQgaHEZAoVBgz549EduEQiES ExNjduxKpdKIphOuTyAhIfaCUgkJCXA4HBFpYzWpcAUUFxDKy8sHHLrJHee9996D1+uF2WyG2WwG wzBISkqCVqtFXl4eGIZBRkYGbDYbKisr+Q7ZhIQEpKWlYfv27YP2OfTH9ZsoFApIpVKkpqZi165d I5qXizt3twc9oK+mZTAY+L89Hg/fP9FfTk4OLBYLGhsbkZmZydfk0tLSokaUcZ3UIpEIy5cvj9gX Dofh9/vR2NiIjIyMYb8Hanx8W8Ae/faBLVu2SMLh8DIAaT09PSlXrlxhr1y5gkceeaQnMTExbt68 eTF/v2NNJBJh9erV+Pd//3cEAoG506ZNO2EwGJbcL30QNDiMgEgkglqtvuvjhMOxP/v+ncD9tw31 xS0qKsKyZcti7uMKdIlEgra2NnR0dODEiROwWq2wWq2w2WxwOBw4dOgQgL4gUlJSghMnTqC5uRkW iwVlZWWoq6vDhQsX+Gab4eKadLigN1xc8LLZbFHt/TKZLKKTmutLud2qVav4q/7MzEy+2ej2Zi4A eP/99wEAycnJUedbIpHAZDKhsrKSBocH0P79+30AagHUbtmyRdjd3b1KIBCkX79+PeXs2bNxZ8+e xaxZs7p//OMfT549ezbi4uLuWd4eeeQRvPzyyzh27Bhu3Ljx87/85S9GAFn3LAODoMHhHpJIJGBZ NupmOo7T6eSbm7h/XS5X1GyYmzZtgkgkwqpVq/httwetQCCATz75BCzLIhwOw263g2VZKJVKyOVy 7NixA4FAAIsWLUJdXR0OHToEl8uFK1euYMWKFdiwYQM2bNiAcDiMrVu3orKyEidPnoxZOIbDYTzz zDNISEjARx99FLGPG711J/d+5OTkwGaz4bXXXsOHH3444uczDAOdTofy8nL4fD4YjUbIZLKocxUK hVBXVwepVDrg63R2dsJqtaKjo2PQYcfU/e3bdv3DAA73CxS6rq4udVdXF6ZMmRKeO3cuM2/evHt2 v9IjjzzCD3zo7u7OzM3NvVhdXR177PY9RO+QvodYlkVKSgp/1d5fbW0tPB4PP6Ehd8W9d+/eiHRO pxM1NTUIBoNISkqCRCJBTU1NVAftrl27kJqailOnTiEcDmP58uXYtGlTRK2F68Dlmqm453R2fjeR JMMw/FX7QDUYhmEgkUjQ3NyMjo6OiH3vvts351j/iRp9Ph88Hs+ANShOZmYm1Go1zGYzNm3aFDFU l9PS0sJPgRFr9BMX4Pbt2webzQa9Xh+V5sSJE/D7/cjKGviCjetrqqqqGjTP1INj//79wYMHDx6u rq5+CcAsgUBQdOvWLd9nn32GY8eO4cMPPyQdHR0xa/SjTSwWQ6PRcMNw/5+8vLxxr6IKACA3N7cE gGHlypWDzrba1NSE48ePY6h0DyOBQAC1Wh3zDulYNBoNPB4P3G53xHaPx4NFixYhGAwiPz8fiYmJ cDgcqKysREJCAk6fPs1fsWzatAk1NTVITU1FWloaAoEAysrKAIDv4D1x4gTS0tIgkUig1+shlUrR 3NyMuro6qFQqtLa2gmEYvPnmmzAYDEhOTkZ6ejoYhuFvHisuLsZbb70Fp9OJhQsXQiqVIj8/H2Kx GC6XCxUVFZDJZDh37tyAw08dDgc0Gg2EQiEKCwshFosj8vHxxx/zQWi49zkAfYFk/fr1aG5uBsuy UKvVkEgkCIVCcDgc6OzsBMMw0Ov12L17d8wAtmjRIr5Z64svvojqO1m+fDksFgvOnz8/YK0gEAhg 1qxZYFkWXV1dE6Zjeri/eS4dAEN1dfWb9yyDo8xgMDB//vOfVwkEggIAKgCIi4sjP/zhDwULFy7E Y489Nqav/+mnn+KPf/wjBAJBNyHkl9XV1bYxfcFBxAHAz372MzUA9fz58zFv3rwBE1+6dAmXLl3C UOkeRqdOnYJCoUBKSsqw0n/66acQiURIT0+P2M5t6+rqwr/+67/CZDLh//yf/4N//ud/xqFDhyKq si+//DJmzpyJ3/3ud/jNb36DP/zhD/wNaT/60Y8A9K2t8ctf/hIXL17Ev/zLv8BsNuMvf/kL9Ho9 Dh48yBdiarUaM2bMwO9//3sYjUb89re/RW9vLwwGAz8aSSKR4MUXX8TZs2dRV1cHs9kMl8vF31A3 ffr0Ad/vU089hZdffhmfffYZfvOb38BsNuObb75Bfn5+RD64c8OyLLRa7ZD9KUKhEL/61a+wYMEC +P1+2O122O12dHR04Pvf/z5+9atfoaqqCjqdDlOmTIl5jBkzZsDn8+Ef//Efoz6PYDCII0eO4Oc/ /3nMWgWHZVlcv34d4XAY8fHx/Pl/2A33N8+lA2A9e/bsqXuWwVFmtVp7//M///PC2bNnD/30pz9t FAgEDCHk2UAgwHz22Wekt7dXIBaLx2w6FYlEgr///e/w+/1xDMOsfPbZZw86nc6xr7rEQGsOFEUN aKLVHGL5drTTDgB6ACzLsj0vvPBC3FhdIBNC0NDQAL/fD4ZhDu/fv39cOqhpnwNFUdQg9u/f76uu rt7GMEy8QCAwhkIhcurUKTQ0NIS/+uqrUX89gUAAjUaDuLg4hMPhzNzc3HGZu+WO6kYXL14c7XxQ FHUfor/173w7JHZjdnb2rkmTJu2+evVq+m9/+1vMnTv31gsvvDBlNKfpEIlEUCqVOHPmDOLi4v41 Nzd3TnV19fCnKRgFIwoOXJtzv/ZFiqImgMH6myaab+/IXrtp0yaFQCB45/Lly8kej6d7wYIFk3/y k5+M2sR/zz33HDweD7766qvpDMP8BsA/jsqBh2lEweHFF18EAHzzzTdjkhmKou4/06dP53/71HcO HjzoBPDSpk2bMru7u8v/+Mc/ii9cuNDzi1/8Iu7pp5++6+MLBAL88pe/hNlsRnd398q8vLxVVVVV d75y1giNuFmJfkkoiqK+c/DgwcO5ubknAey5du1alsVigVQqxc9//vO7HvoqFArx05/+lGte2mcw GE7cq+k1aIc0RVHUXaqurvZXV1evB5AKwOP1evFv//Zv5E9/+tNdH/vZZ5/FY489hnA4/IMvv/wy esbIMUKDA0VR1Ciprq4+wTDMcwAqAAjOnDmD3//+9+ju7r7jY8bFxfGzLDMMs8tgMNyTaY9ocKAo ihpF+/fvD1ZXV28VCARpAIJXrlxBQ0MDiTX9y3DNnTv3ntceaHCgKIoaA1VVVY09PT0LAHQEAgHB sWPHyO3T6QyXQCDgaw9xcXF7dDrdmM/fQoMDRVHUGHn//fc7GYZZBKAuHA4LmpubcebMGRBCRnys uXPnYubMmejp6ZkxZcqUDUM/4+7Q4EBRFDWGvm1mWg8gH0D4T3/6E1paWkYcIAQCAX7yk58AACZP njzwRGCjhAaHCayzsxO1tbWw2Yae+LG2thZHjx4dMp3NZkNtbW3MNZ4paiKrrq7eN2nSpJcABN1u 9x0FCG4xou7ubkV2dnbsJSVHCQ0OE9gnn3wCnU7Hr4I2GJ1Oh8LCwiHTvf/++9DpdHC5XKORRYp6 qFRWVloBLAfgd7vd3AI/w37+5MmTER8fDwBgGGb9mGTyWzQ4TGBz5syBTqeDSqUaMq1Op4ua7joW lUoFnU437PWmKWqi+XaNhsUAfD6fDx999BEZSYDg1qCfPHnyprHJYR8aHCYwlUqFQ4cOITs7e8i0 hw4dwjvvvDNkuuzsbBw6dAiJiYmjkUWKeihVV1e7AGgA+L766itBQ0MDuXnz5rCeK5VKMW3aNNy6 dWuWx8JbAAAgAElEQVRWTk5O0ljlkQYHiqKocVBdXe3q7e1dCMAVCAQEv/vd78hw+iAEAgHmzJkD AJgyZYp2rPJHgwNFUdQ4qamp8fb29r6EviYmwR/+8IdhPY9bXnfSpEljtuoaDQ4URVHjqKamxisQ CFYCCF66dAnnzp0b8jnccsLd3d3xY3VDHA0OFEVR46yqqsohEAiyAIQdDgf++7//e9D0kydPxsyZ M0EImTRlyhTlWOSJBgeKoqj7QFVVVaNAICgGAKvV2jvUvUKPP/44AIAQ8rOxyM+IZ/dzOBz0BieK mkAkEgmUyjG5OKVuU1VV9XZubm5CT09PTktLS096enrc1KlTY6Z94okn4HK5MHXq1GUA9o52XkYU HBwOBw4ePDjaeaAo6gFAA8S98dRTT23+8ssvFX//+9+VdrsdS5YsiZmO63fo7e0d/5oDV2OYN28e 5s+fPxb5oSjqPnLx4kVcunSJthbcQwaDIZybm7sewLlLly6x8fHx+OEPfxiVbubMmQCAcDj8xFjk 444WjZg/fz5SU8dsBBVFUfeRS5cujXcWJpzq6mpXbm5uMYAyq9Xa80//9E9xLBs9KGnatGm4ceMG tmzZItm/f/+oRnDaIU1RFHUfeuqpp/YKBAL7zZs342w2W8y74+Li4gAAvb29oz6c9Z4sN/cw8Hg8 A+6TSCSIFdWp0eXxeHDmzBmEQiEAfWvr3t4OHggEEAgEIBKJIBKJhjwewzCQSqUx9wHf3WxEUfea wWAI6/X6dYSQ8263W/j5559j9uzZEWkeffRRBINBAJAB8Izm69OawzDFx8cP+JgxYwY2btzIfUjU KLPb7dBoNIiPj4dWq4VOp4NOp8PChQsxd+5cnDhxgk975swZxMfHY+vWrYMe0+l0Ij4+Hm+88UbU PqvVyn+2drt91N8PRQ1XZWWlB4ABANra2npun16Dqzn09PTEHtJ0F2hwGIHExEQYjcaIR2lpKRQK BYxGI9auXTveWXzoNDY2YvHixXA4HCguLkZ7ezvcbjfOnz+PsrIyBAIBpKWl4eTJkwCApUuXQiqV wmw2Dxqsa2trAQAbNkQvqFVbWwupVAqhUIi9e0d9hCBFjcitW7f2Aei8du1a3OXLlyP2fe973wMA CASCUZ8GmTYrjYBEIolZmGzfvh0LFy6ExWKB0+nk13ql7o7P54NOp4NQKERbW1vUTK9yuRwrVqzA ggULkJ+fj8uXL4NhGOTk5MBgMKCxsRGZmdFrsYfDYdT9/+zdeVhTZ9438O9JAgmLGhvKVhBUirjQ UkFFh9Yo7sUBq3Wp9pGpJCBtXV67zrTTdGrVzujUPlrKOoW6FK10oFAXHh1RKVgFpXVHqFgiIIUS JbJlOe8fmDNE9iUs+vtcF5eanOVOguebez27d8PDwwNSqdToObVajcTERCxduhRarRYHDhxARUUF N2yQkN4WHx9fJ5fLNwKIP3funObJJ580YxgGAGBubg4AYFm27TbULqBw6AECgQABAQHIy8vDTz/9 BC8vL+6b6R/+8Ads27YNAoEAr776KneB+/7773H48GGo1WqIxWIsXLiwxfsqlJWVIS4uDgUFBRAI BJBKpViyZAkEgv9+dFqtFnv27EFmZia0Wi1cXV0RGhra7J4KBQUF2LNnD9ee7uPjg+XLlxu1zavV auzZs4drTnF1dcXChQsxbty4Nt+DlJQUFBUV4dVXX8WePXuQkZEBoHFZ8JUrVxqVNyEhAUVFRVi7 dm2b/QKfffYZVCoVIiMjW10C3MPDAyEhIcjMzIRSqYSTkxNWrlwJhUKB+Pj4FsPh+++/R0VFBd55 551mz+3Zswd1dXUICgqCQCDA7t27kZCQgA0bNrT5+gkxJUdHxz0lJSXvVVdXu12/fh3u7u4AAMME OYZhejwcAAByufwDuVzOpqamsm1JTU1lO7LdwwgAK5VKW33+tddeYwGwBw4cYFmWZaVSKevl5cU6 OTmxAFgAbGJiIqvRaNilS5eyAFgnJydWKpWyNjY2LAD2jTfeMDrmgQMHWJFIxIpEItbPz4/18vJi AbB+fn5sbW0ty7IsW1payj3u5eXFSqVS1tramrW2tmYPHz7MHev48eOsSCRibWxsWKlUyvr6+rIC gYB1cnJiS0tLWZZl2aqqKtbDw4MVCASsr68vK5VKWbFYzAoEAu51tSY4OJh1cnJiZ8yYwYpEItbX 15cVi8UsAHbGjBlG20qlUhYAe+PGjTaP6eHhwYpEIra6urrN7VoyZ84cViAQcK+tqaCgoFaf8/X1 ZW1sbNja2lpWo9Gw9vb2rKura6fP/7Do6P95w3ZyufwDk1ykCORy+Uq5XM6uWbNGe/r0afbs2bNs VFSUyd536nPoATk5Odi9ezdEIpHRbMa8vDz4+Pjg+vXryM7ORmBgID7++GMkJiZi3bp1uHHjBo4f P47i4mIsWrQIW7duxZ49ewD8t0nFyckJ169fx6lTp3D+/Hls2bIFmZmZiIqKAgC8/vrruHjxIhIT E3H+/HkcP34c169fh5ubG5YuXQqVSgUAeP/992Fvb8+dMzs7GwcOHIBSqcTnn38OoPFb89WrV5GW lobs7GwcP34cV65cgY2NTYvfsh+kVCpRV1eH0tJSZGdno7S0FDNmzMDRo0eNOnaDg4OhUCjarDWo 1WpcvXoV48aNg7W1dac/k+DgYGi1Wuzbt8/o8YqKCqSlpSEoKKhZzerixYs4ffo0li5dCpFIBIFA gBUrVqCoqIjr0yCkrzg6Ou4BkFdXV8fvjbkn1KzUCXl5eZg2bZrRYxUVFbh48SIAIDIyslnb9Kef fgpXV1fu1n47d+6Eq6sr/vGPf3BNLSKRCDExMTh8+DC2b9+O5cuXIykpCWq1Glu2bDEaarlhwwZc vXoV9vb2UCqVOHDgAJYuXYolS5Zw29jb22Pjxo0ICAjAnj178Oqrr6KiogJ1dXVQqVTcxTYwMBBH jx7F008/DQBckBiGihqOdfz4cWi12g69R5s3b+Yu+iKRCCEhITh69CiuXbsGX9/Gm1a11G/zoIqK CgBoMRiKioq4Zrumpk6dyvUhBAYGwsbGBrt378batWu5bfbt2wetVouQkJBm+7fUSb18+XJs3boV O3fuxOzZs9stNyGmolAotDKZbCvDMLuvXbtWP3r06B4fodQUhUMn1NXVNZvvIBaLERwcjJUrVzbr 3LSxsTEaJ69UKlFRUYGAgACjNnjDcfz8/HD48GEAjUEENPZZNCUQCPDll18CAJKSkgA0Xkg//PBD o+0MF/qcnBwAjd+k33nnHTz55JPw8/PDnDlzEBgYCH9/f26fwMBAKBQKBAUFYdy4cQgICMDs2bPh 5+fXrLytebAz3s7OrkP7Pcgwb6SlUCoqKoJCoWj2uEKh4D4DkUiEFStWYPv27SgoKODCOT4+Hk5O Ts0u9FqtFvHx8XB1dYWNjQ33OYvFYri5ueHw4cNcnwYhfcXMzCxFq9XW/fbbb6I7d+6Y9FzUrNQJ vr6+uHHjhtHP+fPn8eWXXzYLBqD5t17Dha61iVVNmzkM2z7Y9NGUYahmXl5esyG2ycnJ3IUOAN5+ +23Ex8fDx8cHR48exRtvvIEnn3wSEyZMwNWrVwE0jv7Jzs7GokWLUFRUhC1btmDatGlwcHBAXFxc h96jrjQBtcTe3h5isRgXL15sFhAPfg6JiYktHsNwb2xDjeDixYvIyclpsdaQkpKCiooKFBUVNZvH UlBQAK1WyzXlEdJXIiIi1AAOAEBhYaFJz0Xh0IsM374LCgpafN4wY7fpti0teGZo2zd8u964cWOz 0DL8/OMf/+D2W7lyJU6dOoWqqipuuGZOTg4WLFjAbePj44NvvvkGv/32G44fP4733nuPa4YxNJ/1 loCAAKhUKqNJbkBjrcDV1ZX7aa12Mm7cOPj6+nLhkZCQAIFAwIVGU/Hx8QCAtLQ0HD9+3Ojn8OHD EIlEiI2N7XDzGiGmwrLsbgC4du1avSnPQ+HQi5ycnODk5MQNOW1KpVIhJyeHa5Yx/HnixAmj7bRa LSZPnoxnn30W3t6NK/UamqKaysvLw4IFC7i+iz/96U/Ytm0bgMamkiVLluDrr7/GnDlzuJrDtm3b uKAQiUSQSqX46KOPsGXLFgBAbm5uT70VHbJhwwYIBAKsW7euzVVBb9682epzwcHBKCgoQGZmJhIT EzFjxoxmTUNKpRKHDx+GVCrF888/D6lUavQze/ZsBAUFoaysDCkpKT32+gjpiieeeOIYgDK1Wi28 ffu2yc5D4dDLwsLCUFRUhDfffJMLiLq6OshkMqjVarz22msAgCVLlkAsFuO9996DUqnk9v/kk0+g VCoRHBwMNzc3BAQEIDk52ajJQ6VSQSaTITk5GSNHjoS1tTVOnz6NjRs3Gn37VyqVyMvL4+YQ1NXV ITk5mRu9BDSG0dGjRwGAC6PuSkhIwIcffsj1i7TGy8sLW7duRVFRETw9PfHZZ59x70VdXR2OHTuG ZcuWITg4GAKBoMW5EMuXL4dIJMK7774LpVLZYpPSnj17oNVqsWLFilbLYtgvMjKyMy+VkB6nUCi0 ABIB4NatW6Y9Gc1zaB/amefwIKlU2uL4eI1Gw65YsYIFwNrb2xvNc3jnnXeMtk1LS2Otra25eQ5u bm4sAHbp0qWsRqNhWdZ4noObmxs3z0EgELDbt2/njpWdnc097uvry/r5+bEikYi1trZmT506xbIs y1ZXV3PH8vDwYKVSKWtvb99i2R4UHBzMAmj2+PHjx1kAbHx8vNF7gw7MczDYvXs3V46WfqRSKZud nd1u2ezt7bn3rSlXV1dWJBKxVVVVbZbD1dWVBcBeuXKlQ+V+GNA8h/4pLCxMev/9Ntn7TqOVOig+ Pr7NzuEHvfPOOy2u7SMQCLBr1y6EhoZynaB+fn5YuHBhs5E+zz//PK5fv449e/bg4sWL8PLywpw5 c/D8889z29jb2+Ps2bNISkpCZmYm1Go1pFJps1nNvr6+RscCgKCgICxfvpx7XYZlKpKSknD69Gmo 1Wr4+fnh+eef54ahtmbVqlUtdsob1qNqOurqnXfeQXBwcIeXpFi+fDkWLlyIY8eOISMjgxvmOm7c OPj7+7e7XMkHH3wAqVQKFxeXZqOu1Go1FAoFbGxs2l3FddeuXSbvBCSkI3g8Xo5erzfpORigseYA QDF//vw2b+KTlpaG1NRUtLcdIeTh0NH/84btACiio6M/bHVD0iOCg4NF5ubmpQAM32h6/H2nPgdC CBlghELhbPw3GEyiS81K165d6+lyEEL6Ifq/3j/p9foVhpVZTaVT4TB48GAAjfeUpfvKEvLoMPzf J30vPDzcWqvVmrxdv1Ph8NxzzwEA7t69a5LCEEL6n8GDB3P/90nf0+l0SwCIRo8ejStXrpjsPJ1u VqJfEkII6TuGJqVJkybh1q1bJvuyTh3ShBAyQISEhDgxDCM1MzPD+PHjYWZmZrJzUTgQQsgAwefz lwPA+PHjIRQKIZFITHYuCgdCCBkAgoODRSzLvgYAEyZMAACqORBCyKPOzMzsLwCcXFxc4OnpCQAY MmSIyc5H4UAIIf1cWFiYK8MwbwDA0qVLucd5PO4S3nytnm6icCCEkH5Or9dvBiCaNGkSRowYwT1e U1MDAGBZtqinz0nhQAgh/VhYWJgUwFJzc3N20aJFRs8Zlr1nWbbH1+6mcCCEkH5KoVAI9Hr9DgCY O3cu8+BM9aqqKsNflehhFA6EENJPlZSUrAIwztbWFjNnzjR6Tq/Xo6qqCgzDsLGxsRQOhBDyKAgO DhYD2AgACxYsaDZs1VBrsLKy6vHOaIDCgRBC+iVzc/MvANiMHj0a48ePb/Z8ZWUlAMDCwqLSFOen cCCEkH5GLpf/Bfc7oZsOXW3KUHMwNzcvM0UZKBwIIaQfCQ0NDQSwkcfjQS6XM63dnthQc9DpdJdM UQ4KB0II6SdkMpkXy7J7gMZ7vBtmQrfEUHMoLy/PNUVZKBwIIaQfCA8Pt2cY5t8ArKZMmYLZs2e3 ub1hjoNer//VFOWhcCCEkD6mUCgEWq32GwCubm5uePnll9vcXqPRoKCgAACg0+lMci9XCgdCCOlj paWlMQD8hg4ditDQ0KZrJrXo8uXLqKmpgZWV1Y24uLgCU5SJwoEQQvpQaGjo2yzLBguFQrz66qsd ul/36dOnAQBmZmZfmqpcFA6EENJH5HL5ByzLbgGAVatWwdnZud196uvrceHCBQDA77//brJw6PQ9 pAkhhHSPQqEQlJSUfAEghMfjYcWKFXj66ac7tO+5c+eg0Wjw2GOPXdyyZUuPL5thQOFACCG9KDw8 3Lq0tPRrAAFCoRAymazNIasP+vHHHwEA9fX1X5ioiAAoHAghpNeEh4fb63S6f7Ms6zt48GCsXr3a 6P4M7bl79y6uXbsGPp+vu3fv3n4TFtU4HEpKSpCWlmbK8xFCHkIlJSV9XYR+Ty6Xe+h0umSWZUfZ 29tj9erVaG32c2vOnj0LvV6PoUOH/vjJJ59UmKioAB4Ih9zcXOTmmmSyHSGEPLJCQkJ8ASSzLGvn 4uKC1157rUOjkh6Uk5MDALh3797nPVzEZpo1Kzk4OMDR0dHU5yWEPCRKSkpQWlra18Xot+Ry+fMA 9gGwGjt2LEJDQyEUCjt9nLKyMvzyyy/g8Xh1arX62x4v6AOahYOjoyO8vb1NfV5CyEOEwqG54OBg sVAo/JRl2WAAmDJlCl5++eV2J7i1pkmT/974+Pi6nill66hDmhBCephcLn+eYZgolmWfEAqFeOGF FyCVSrt8vEuXLuHs2bPg8Xh1Wq32g54raesoHAghpIc0rS2wLAt3d3cEBwdDIpF0+ZgajQaJiYkA AIZh/maKW4K2hMKBEEJ6QE/XFgyOHDmC8vJyWFpaKsVi8T+6X9KOoXAghJBueLC24ObmhldeeaVb tQWD8vJyHD58GABQU1OzbPv27dpuH7SDKBwIIaSLZDLZQh6P9xnLsk+YmZkhMDAQ/v7+Xe50flBi YiI0Gg2srKwOfPrpp5k9ctAOonAghAw44eHh1jqdblJUVNSxvjh/aGhoIMuyCgBeLMtixIgRWLly ZacntbXl3LlzuHTpEszMzGrv3bu3uscO3EEUDoSQASU4OFgMIJdl2REymWxFTEzMnt46tyEUWJb1 AoDBgwfj+eefx3PPPddjtQWgceXV/fsbV8fQaDTro6OjTTobuiUUDoSQASM8PNyaYZgjGo1mBAAw DOPWG+dtKRTmzJmD5557DmZmZj1+voMHD6KqqgpCofAniUQS1+Mn6AAKB0LIgBAeHm6t1+vT9Xr9 xN46Z2+HAtDYnJSeng4AuoaGhhCFQtFrndBNUTgQQvo9hUIhKCsrS9fr9ZMHDx6Mp556CpmZpumf DQ4OFpmZmT3PMMx7vRkKAFBQUID4+Hjo9XoA+CgqKirHZCdrB4UDIaRfu39jnEQAkwcPHowNGzZw C9D1JLlc7gdgJcMwL7IsOwTovVAAGtdO+vzzz1FfXw8ejxcRGRn5oUlP2A4KB0JIv6VQKAS3bt36 mmGYhYZg6MkRQXK53INl2eUMwwQDcAIAlmXh4uKCKVOm4A9/+IPJQwEAqqqqsG3bNtTU1IDP5yfb 2dmtNflJ20HhQAjpt0pKSnYxDLNIKBTitdde65FgCA8Pt9doNEvuB4IXwzAAAIlEgkmTJmHSpEk9 GkDtUavV2L59O+7evQtzc/MctVq9rK/6GZqicCCE9EtyufxTAEuFQiHWrFkDFxeXLh8rJCTEiWGY qQzDrNBqtTMZhuEDgLW1Nby8vDB58mS4ufXKwCcj9fX1+OKLL1BWVgZzc/Nf9Hr9tN5YcbUjKBwI If3O/WBYZwiGzl645XK5B8MwfwDgx7KsFICr4TkzMzOMHTsWU6ZMwZgxY3ql2agler0esbGxKCgo gLm5uVKv1/8hIiJC3SeFaQGFAyGkX5HL5ZsBrOPxeJDJZB0KBplM5gVgKsMwUgC+AOxZluWet7S0 hJubG7y8vPDMM8/A0tLSRKXvuF27duHnn38Gn8//vaGhYWZ0dHRZX5epKQoHQki/IZPJ1gJ4xxAM np6e7e0SIpfL3wBg3fTBwYMHY9SoURg+fDjc3d3h7OxsqiJ3ml6vx/79+5GVlQUej1er0Wiej42N vdrX5XoQhQMhpF+QyWRrGYbZbgiG8ePHt7ptk/svOwGAra0t3Nzc4O7ujpEjR8LW1rYXStx5d+/e xb/+9S9cuXIFAHQsy86PjY093dflagmFAyGkz8nl8lAA2wFg2bJlbQYDADz33HMAGpuL3N3dm4ZF v3Xz5k188cUXqKqqAo/H+02r1f6xvwYDQOFACOljMplsIYCdALB48WLuwt+ejm7XH/zwww/YvXs3 9Ho9eDzeKR6Ptzg2NrZf9TE8iMKBENJnZDLZQoZhEgEIFi9eDH9//74uUo/SaDTYu3cvsrKyAAA8 Hu9/7e3tN/SHeQztoXAghPQJuVz+PIBEAII5c+Y8dMFQVVWFL774Ajdv3gSPx6vT6XQhkZGRvba8 eHdROBBCet39dYwSAQj8/f2xYMGCvi5Sj7p69SpiYmKgVqthZmZWrNPp5sXExFzs63J1BoUDIaRX 3Q+GQwCs/f39sXjx4r4uUo86cuQIkpOTodfrwTDM9/fu3VsRHx+v6utydRaFAyGk14SGhvqwLHsI gPWECRMeqmDIz8/H/v37UVxcDAA6NC653acrq3YHhQMhpFfcXwE1FYD1+PHj8corr/R1kXpEeXk5 /v3vf+PcuXMAAIZhftXr9fKYmJgjfVy0bqFwIISYnFwu9wBwHID9+PHjIZPJevSey32hpqYGhw4d wtGjR6HX68Hn89U6nW5LfX39tv6yeF53UDgQQkwqLCzMVa/XHwdg7+bmxspkMmYgB4Ner8fJkyeR kpKCmpoaMAyj5/F48QzD/KW/rY/UHRQOhBCTCQ8Pt9dqtYdwPxjWrFkzoIPhwoULOHDgAMrKGjOA z+dnsCz7emRk5IAaidQRFA6EEJOQy+U2Wq32OACPkSNH6tasWcMXCoV9XawuKSkpwf79+w1rIkEg EPyi0WjCv/jiiwHdr9AWCgdCiKmsBODB4/EQHBw84IJBr9fj0qVLyMrKQl5enmHpiyq9Xv++ra1t 1ECY5dwdFA6EEJPg8XhJer3+Nb1e7/r5559jw4YNA2KBvMrKSmRnZyMzMxNVVVUAAIZh6hmG2VFX V/fxQJyz0BUUDoQQk4iMjCwKDw+frNVqj5eVlXl89NFH2LBhQ6/en7mj9Ho98vLykJmZiUuXLnGP 83i863q9Popl2YTo6OiKPixir6NwIISYTERERFl4ePgErVZ76O7du37btm1DaGhon9yvuSVlZWX4 4YcfkJWVBbW68Q6dPB5PwzBMok6ni46MjMzs4yL2GQoHQohJRUREqMPDw+dqtdpdd+/eDfrss8/Y sLAwZuzYsX1SHo1Gg5ycHGRmZqKgoIB7XCAQ/KzVaqPr6ur2PCpNR22hcCCEmFxERIRaoVC8WFpa GtPQ0BC8c+fOdu/21lP0ej2Kiopw/fp1FBQU4Nq1a6ivrwcA8Pl8tVar3c3j8eIiIiJyTF6YAYTC gRDSK+6P7vmTXC5X6fX6dVFRUTDFPRyahsG1a9dQUFDAhYEBwzA/sCwbU1tbu+9hmM1sChQOhJBe FR0dvV4mkxUxDLN9//79uHv3breW7O5IGNyfl5DO4/Ey+Hz+iYiIiIdmJrOpUDgQQnpdTEzMZzKZ rIJhmPjDhw8LampqsGzZsk6tt3Ts2DFcunSpxTAQCoXFOp0uXafT/R+FQddQOBBC+kRMTMye0NBQ Ncuye06ePGmlVqvxyiuvwMzMrN19T548if3793P/frBmsGPHDgqDbqJwIIT0maioqBS5XD4HQOq5 c+fEd+/exZo1a9DebOq7d+8CABiGiefz+e9SzaDnDdwVsAghD4Xo6OhMAJMBlBUUFOAf//gHd/Fv D8uyRRQMpkHhQAjpc9HR0Vd5PN5kAFeLi4uxbds2buVT0jcoHAgh/UJkZGSRQCCYxjDM6bKyMmzb tg0lJSV9XaxHFoUDIaTfiIiIKOPz+TNZls24e/cuNm/ezDadxUx6D4UDIaRfiYiIUD/xxBMzWZY9 0NDQwHz66aes4f7MpPdQOBBC+h2FQqF94oknlgHYrtVqmZiYGPzwww99XaxHCoUDIaRfUigU2ujo 6PUAFHq9Hl999RWOHHlob7zW71A4EEL6tejo6A8BvAZA++233xpNfiOmM+AmweXn5+PQoUO4du0a lEolxGIxRo4cCX9/f/j5+fV18YxUVlZCIpG0uU1CQgKKioqaPW5ubg5HR0dMmDABY8aM4R4/ceIE MjIysHLlSri6uvZwiVuWl5eHlJQUk50zJSUFeXl5+OCDDzq8z5kzZ3Do0CG4urpi5cqVnTqf4T1c u3YtxGJxq9upVCp89tlnkEqlmDp1aqfOQXpWdHT05zKZrIxhmMRjx44JLC0t+7pID70BEw46nQ6b N29GcnIy+Hw+Ro0aBQcHB+h0Ohw5cgSpqamYOHEitm7div7wi7N582YUFxcjIiKize2ysrKQm5vb 5jYvv/wy1q5dCwC4du0aUlNTERAQ0GvhoFQqTXrOvLw8pKamdioc4uPjcebMGfD5fAQEBLQbwk0Z 3kOZTNZmONTU1CA1NRUODg4UDv1ATExMUlhY2Ey9Xp9aU1Nj3dfledgNmGaljRs3Ijk5Gc8++yz+ /e9/46uvvkJUVBRiY2Nx5MgRBAUF4cyZM/jss8/6uqgAgKSkJOh0ug5v/9133yEnJ8foJzY2Fs7O zti1a1e7AWJKkydPRlRUFNzd3fusDE2VlJTgzJkzmDdvHnQ6HZKSkvq6SKSXREZGZjAMMw2AYYbc I3Xrzt40IMIhNzcXqamp8PT0xNatW+Ho6Gj0/KBBg/Duu+/C3d0dycnJUKm6dxOn6urqDh2jvD6B caoAACAASURBVLwcDQ0N3TpXW7y8vLB69WoAQHp6eovb1NTUoLKystvn0ul0KCkpaTHQJBIJvL29 MWjQoBb37cj7UF1djfLy8m6XEwDS0tIAACtWrICrqyuSk5PbDeLKysoOfVY1NTUd/v1p7X3v6GdS WVmJmpqaNreprq7ukc/3YRIVFZVzfzZ1mKOjY1Rfl+dhNSCalVJSUgAAa9euBZ/Pb3EbPp+PdevW QalUctv85z//wfbt2/Hxxx/D09OT27a8vBwhISHw9/fnmmuAxgtwdHQ01wdga2uLkJAQvPDCC9w2 NTU1+Oc//4n09HTuP/aYMWOwevVqTJ48GRcuXMBf/vIXAMCFCxfwxz/+EevWrcP06dO79NoNzTgP XtiUSiXi4uJw5swZrqzr1q3DrFmzAAAhISFoaGjAV1991eyY4eHhEAgE+N///V9UVlZi8+bNyMrK QkNDA/h8Pry9vfHaa69xfR0tvY81NTWIjIzEwYMHuYvpxIkT8dZbbxmVOS4uDqmpqVwwmJubY8qU KXj33Xc71RTUVHJyMlxdXeHu7o758+djx44dyMzMbLHpJyUlBVFRUSgvL4e5uTnmz5/fYrNjYWEh tm3bxr2fY8aMwapVq4y2MfzerF69GocOHUJWVhYkEgm+/PJLODo64syZM9i5cycuX74MABCLxXjp pZewcuVK7ndSp9Nh586dSE1N5d43V1dXBAcHIyAggDtXZmYmduzYgcLCQgCNX4Dmz5+PsLCwftFs 2tciIyOLAFAwmNCACIdTp05BLBbDy8urze0mTpyIiRMncv+uqalBSUlJswurVqtFSUmJ0TfEb7/9 Fps2bYKnpyc2bdoEoVCI5ORkbNq0CSqVCq+88goA4MMPP0RGRgZWrVoFT09PVFZWIi4uDuvWrcO+ ffsgkUgQEBCA6Oho2NjYICAgAE5OTl1+7Xl5eQDQ7EK6adMmTJkyBe+//z6qq6uxa9cuvP/++9xF 09vbmwuPpu9Jfn4+zpw5g9dffx0AsH79ehQXF+P111+Hu7s78vPzERcXh1dffRXfffcdBg0a1Ox9 1Ol0WL9+PXJzc7F48WJMmTIFJSUliI6ORmhoKPbu3QuJRAKFQoH09HQsXrwYPj4+0Gq1yMjI4IK1 vf6YlmRnZ6O8vJwr/9y5cxEREYGkpKRm4dD0M123bh1qa2sRHx/f7Jt4eXk5QkNDodPp8Prrr8PV 1RVHjhzB+++/b7Sd4fcmOjoaNTU1mDVrFsrLy+Ho6IjMzExs2LABzs7OUCgUEIvFyMjIQEREBIqK ivC3v/0NAPDFF19g165deOmllzBx4kTU1NRg9+7d3D5+fn64fPkyNmzYAG9vb4SGhsLc3BynTp3C 3r17UVNTg/fee6/T7xshnTUgwqG6urrdYOgOlUqFrVu3wtPTE7Gxsdy3vKlTp2L9+vWIiopCQEAA bG1tkZGRAalUCrlczu0/YsQIbNy4Efn5+Zg1axbkcjmio6Ph4OBgtF1bHmxyUalUOHfuHKKjo2Fu bo7AwECj5/39/bFp0ybu346OjnjrrbeQnZ0Nd3d3BAYGIi4uDunp6UbhcOjQIfD5fMydOxclJSW4 fPkyVq1ahWXLlgEAvL29IZFIsHv3bhQVFRnVuAyOHTuG3NxcyOVyo9fn7OyM119/HSkpKZgzZw7S 09Mxb948vPXWW9w2s2bNglKp7HIfSmpqKld+oLHGNGnSJGRlZaGkpIRrcmxoaMCOHTswcuRIo8/U z88PixYtMjpmXFwcVCoVvvzyS+71Tp06FX/+859bbM67ffs2kpOTYWtrC6AxLD/66CPY2dnhq6++ 4r7Z+/n5wdLSEnv37sWLL74IT09PZGRkYMyYMfh//+//ccfz9vZGeHg4iouLATTWGnQ6Hd599104 Oztzx1KpVN1uMiWkowZEOABosTkpNzcXoaGhzR5/8KLVnuzsbDQ0NCAoKKjZeYKCgnDq1ClkZ2cj MDAQEokE2dnZ+Pbbb+Hn5wdbW1uMGTMGe/fu7fyLaiIkJKTFxwcNGoSPPvqIu0gYzJs3z+jfHh4e AMBdPBwdHeHt7Y309HS89dZbMDc350Z2TZo0Cba2tqiuroa5uTnXTOPn54dBgwZh1qxZXPNUSzIz MwEAixcvNnp88uTJ+Oqrr+Ds7IxBgwbh5MmTzfatqamBRCLpVGe9gUqlQkZGBld+g4CAAGRlZeGb b77hmgkvXLiA6upqrFq1yugzlUgkmDVrllEndnZ2NkaOHNksCJctW9ZiOPj4+Bid/8KFC6isrMSq VauaNfkEBgZi7969OHHiBDw9PSGRSJCXl4eEhARMnz4dzs7OkEgk2LdvH7ePYQTVP//5T6xcuRKe np7g8/n45JNPOv2eEdJVAyYcWuqUk0gkmD9/vtE2WVlZnT624RtbREQE4uLijJ4z3H7w9u3bAIC3 334b77//PvetfeTIkZBKpZg1axZGjhzZ6XMbvPTSS7C2/u/oPBsbGzg4OMDb2xvm5ubNtrewsGjx OE2/Wc6fPx+5ubnIzMzE9OnTkZuba9QkM2jQIKxbtw7btm3jmlA8PT3x7LPPcjWllty+fRtisbjF YaBN52RYWloiMzMTZ86cQXFxMYqLi1uc09FR6enpaGhogEqlwocffsg9bviMUlNTsXr1apibm6O0 tBQAmoUqgGafU0lJCaRSabPtRo0a1WI5HmziUyqVABpHqB06dMjoOa1WC+C/v79r167FmjVrsGPH DuzYsQOOjo6QSqWYOXMmF04BAQE4duwYTp06hVOnTmHQoEGYOHEi/P394e/v32q/GyE9aUCEw5gx Y3D58uVmk8pcXV2Nxsbn5uZ2KRwMpkyZAgcHhxaf8/b2BtDY3PDdd9/hxIkTOHXqFHJzcxEXF4f4 +HgoFAquuaOzli5d2mwUVndNnz4df//733Hw4EFMnz4daWlpsLS0hL+/P7fN4sWLIZVKcezYMWRn ZyMnJwcXLlxAfHw8Pv/88xablYCWa3JN6XQ6hIeHIzc3l6tdSaVSeHp64siRI62OvmqLYY6LSqVq 1iwlFou5mkXTWk9L5WypQ7el7VoK5bZ4eXm1OtzXEDRjxoxp9vuzd+9e7N27F+Hh4XjllVdgaWmJ qKgoLtizsrJw7NgxHDt2DF5eXoiKiqKAICY3IMJh7ty5uHz5Mnbv3m00uqijHuyQfvDfhm/AkydP btac0tDQgOrqai6UVCoV+Hw+AgMDERgYCJ1Oh8zMTLz77ruIj4/vcjiYgiEIDh48iPLycu7C2fSi V1lZCQsLCyxbtgzLli1DQ0MDkpOT8fe//x0JCQnYunVrs+OKxWJuGOaDF9qdO3fC3d0dtbW1XId1 0z4HAF2al3D58mXk5+dj3rx5XOfug8//z//8D77++mvMmjWLq/UYaoVNPVh7sbW1bbFG09FajuF3 w9PTs9lsbZ1Oh8rKSq481dXV0Ol0mDt3Lve7kpubi7fffhuxsbF45ZVXuGHF3t7e8Pb2xtq1a1Fe Xo6NGzciKysL2dnZ/W41APLwGRDzHBYuXMhNBktISGixvbqysrLZmiuGi+CD/8kNbeYGfn5+4PP5 2L9/f7Njb9++HbNnz0Z6ejoKCwsxY8YMfPHFF9zzfD4fU6dOhZ2dnUnnPHRVQEAAdDodtm/fjpqa GqPhkv/5z38we/Zs/N///R/3mLm5OYKCggA0D1GDKVOmAAAOHz5s9Hh+fj7i4+Nx8eJFrhnu2Wef NdqmsrKSG4HVGYa5DU3L39SYMWPg7u6OCxcuoLCwEF5eXhg0aBBSU1ONPlOdTodjx44Z7fvss8+i sLCQG4Jq0NHazdNPP41BgwYhOTm52byFr7/+GvPmzUNCQgKqq6sxY8YMoyYxoLFW6u7uzpVz/fr1 WLJkCaqrq7ltbG1tuaav/vh7Rh4+A6LmYG5ujk8//ZRrq01KSoK/vz9cXV1RXV2NvLw8bpy+p6cn 943M0F4fHR0NS0tLODk54cyZM9i/f7/RN15HR0csWbIEe/fuxfr167FixQqIxWKkp6dj//79GDNm DNfW6+3tjaSkJNjY2MDPzw9arRYpKSkoLi42Ghdva2uLwsJCJCQkNFsfqTd5e3vD2dkZ6enpcHZ2 Nhr1ZehQ3759O4DGi1x1dTUSEhIAoNVa0Ny5c7F3714ucCZPnoybN29ix44dsLS0xNKlS/HLL78A aBwJJJFIYG1tjevXr3PnAjq29hTQeDE8dOgQNxmvNUFBQfj73/+OpKQkvPXWW5DL5di2bRvWr18P mUyGhoYGJCQkcMFlsHLlSqSnp2P9+vVYt24d3N3dceLECezevbvdsgGNNTTDucLCwiCXy+Hg4IDs 7GyuX+GFF17AoEGDMG/ePKSmpuKf//wn5syZA4FAwPXLGGqtixcvRlZWFtasWYNVq1bBxcUFV65c QVRUFMRiMSZMmNChchHSHQMiHIDG/oU9e/bg66+/RnJyMnbt2mX0vJeXFxYuXGh0QZNIJNi8eTM2 bdqEjz76CEBjEHz66af461//arS/YRG2Xbt2ITw8HEBjrcDf3x/vvvsu18a7adMmfPjhh4iIiODG 6ZubmyM4ONhohFRwcDC2bduGHTt24OWXX+6zcAAaO6YjIiKMOu+BxnJHRETgr3/9q9GwWLFYjHXr 1rUaDob9Nm/ejO3bt3MXfHd3d0RGRsLR0RGOjo5YtWoVN6bfcNyXXnoJYrEYmzZtwk8//dShyYEZ GRmorq7GSy+91GZb+6xZs7B9+3akpaXhtddew7Jly6DT6RAXF4c//elPABqbfkJDQ7Fjxw5uP0dH R0RFRUGhUHAd84ZRYhs2bGi3fEDjyCZLS0tERERg3bp13OMTJ07Ee++9x80uf/PNN6HT6bBv3z5u hBufz8f8+fPx5ptvAmgM7T//+c/NjjVmzBijYxFiSgwAyOXyDwAoAHDtnP1deXk5iouLYWFhAVdX 1zZnjep0OhQWFoLP57c7okin06GoqAj19fXckMyWVFdXo7i4GAKBAK6uri12XhqWYrCzs+vTDsR/ /etfiIiIwMGDB1sdgaRSqVBcXIxBgwbB2dm5w+U17CeRSFrsUK+pqUFRURGEQiFcXV375H1oaGhA QUEB99raUlxcjOrqari5uXW6Q9qgqKgI1dXVcHZ2bnVhv5qaGiiVSmi12lZ/fw19D5WVldyQ1/4o Nze36QABxf0ltskAN2BqDg+ytbVt9UL3ID6f3+FF4zoSIEDjN8v2agOWlpZ9vtRBQ0MDUlNTMWXK lDbfr9aGpranvf0sLS37tNYENNZ0OlqG9sKjIzqycq2lpWW7v5N8Ph/Ozs49UiZCOmvAhgNp24UL F/DNN9/g8uXLKC4u7tRy2IQQQuHwkBIKhcjIyIC5uTn+/Oc/m3T5EULIw4fC4SHl7u7e4vIVhBDS EQNingMhhJDeReFACCGkGQoHQgghzVCfAyHEZGQy2WyGYewBVPB4vHtovOezuq6uriw+Pr6uj4tH 2kDhQAgxidDQ0CUsyyYa/q3X67nnzM3NIZfLwefzqwDU83i823q9vlav198AUK/X65UMw2gBFAEA j8e7qdfrL0ZHR1f08st4ZFE4EEJMgmVZD6BxGRvD7O76+nqjhQNra2uHarVa1NfX299feNAXABiG MTqWIVhWr15dwTDMGa1WmwUgD8CPFBimQeFACDEpV1dXjB8/vt3tNBoN6uvrUV1djdraWtTU1KCu rg737t3DvXv38Pvvv6O2ttYGwLz7PwD+GxgajeYcj8fL0el0ubGxsUoTvqRHAoUDIaRfMDMzg5mZ mdEdER9UX18PlUqF33//HSqVCtXV1aisrLRRq9XzGIaZx7IseDweVq9efZdhmNMajeYMBUbXUDgQ QgYMoVAIOzs72NnZGT2u0WhQUVGBsrIylJWV4fbt24M1Gs0shmFmGQIjPDz8N61W+zXDMLuioqJy +uglDBgUDoSQXldcXIza2lqIRCKYmZlxf1pYWHRp5V4zMzM4ODgY3ea3srISt2/f5gLj3r17jwNY w7LsmvDwcKVGo4nn8/n7IiMjL/bgS3toUDgQQnrVL7/80uxufA8yhISVlRV4PF6LfzIMg0GDBmHo 0KEQiUTNjmHoCDesyKtSqXDjxg0olUqUlZU5MQzznl6vfy88PPyaVqvdpdPp9sXFxRWY5EUPQBQO hJBepVKpALQ7iglarRa///47NBpNu8e0srLC448/jqFDh+Lxxx+HjY0NrKysjLYRi8V45pln8Mwz z6C2tha//vorbt68CaVSOQrARj6fvzE8PDxPo9HEsyyb9Kj3UVA4EEL6REdHMel0OtTW1nKjmOrq 6lBTU2M0isnw96b3ixeJRLCzs8Njjz0GiUSCxx57DEOGDAHQWDMZNWoURo0aBY1Gg5KSEly7dg2/ /vqrF8Mw2xmG2R4WFpbNsmwcy7Ipj+JwWQoHQki/xufzYW1t3e4opurqavz++++oqqrCnTt3oFKp cPPmTdy8eZPbTigUwsbGBhKJBLa2thg6dCjEYjFcXFzg4uKC2tpa5Ofn49q1a7hz585kAJMZhole vXp1hl6vf/tR6simcCCEDHhCoZC78Del0+nw22+/4fbt2ygvL0dpaSlu3bqFW7ducduIRCK4urpi 5MiRcHBwwNNPP42nn34apaWlyM/PR2FhIU+n000HcHb16tXfsyz7zqPQiU3hQAh5aPH5fNjb28Pe 3p57TKVScaOYysvLoVKpcPXqVVy9ehUikQgjR47EiBEjuNFPvr6+uHbtGn7++WfU1tY+zzDM3LCw sD0ajeZvD3MHNoUDIaRfMgx3FQgEsLCwANB473YAXR7yCvz3vuejRo0CANy7dw+//vorbty4gbKy Mly6dAmXLl2ClZUVhg8fjuHDh+Opp57C2LFjceXKFVy4cIGnVqtfFggEy+Vy+U6BQLA5IiKirGde df9B4UAI6Xc6MtwVaGwSGjp0KB577DEMHjwYQ4YMgY2NDRcmHWFlZYXRo0dj9OjR0Gg0KC4uNoxi wsWLF3Hx4kUMGTIEI0aMwPDhwzF27Fhcv34deXl5vDt37qzR6XSr5XL5xw0NDZ/Fx8eruvO6+xMK B0JIv9N0uKtYLEZNTQ0AoLq6GkDjUFedToe6ujqUlpaitLTUaH+hUAixWIzHHnsMjz/+OJycnJoN bW2JmZkZRowYgREjRoBlWZSVlaGwsBAFBQU4f/48zp8/zwXFzJkzUVVVhR9//NFMrVYrRCLRG6Gh oRvr6+s/exiWI6dwIIT0W+0Nd62trUVFRQU3Osmw5lJ9fT1u376N27dv48qVKwAam5OGDRsGZ2dn 2NnZtdssxTAM1+8wefJkFBYWIj8/H6WlpVxQSCQSbt7E+fPnrfV6/RaRSPSWXC7/q6OjY5RCodD2 6BvSiygcCCEDloWFBZydneHs7Gz0eG1tLaqqqqBSqVBSUgKlUgmVSgWVSoWff/4ZfD4fDg4O3L6G +Q+t4fP5cHd3h7u7O+7cuYPr168jPz8flZWVOHXqFIYMGYIpU6agtLQUBQUFjwHYWV5e/nZoaOif oqKi2m8f64coHAghDx0LCwtYWFjA0dERY8aM4ZqIbt26heLiYlRUVECpVEKpVCI7Oxt2dnbw8PDA yJEj261RDBkyBD4+PvD29savv/6Kc+fOoaKiAqdOnYJEIsHEiRPxyy+/oKKiwhnAUblc/r8NDQ1v D7SmJgoHQshDr2kTkY+PD+rq6qBUKlFcXIzi4mKuCer06dNwc3PD6NGjMXTo0HaPaZg8Z2hqunXr FiorK2Fra4vRo0fj6tWrYFl2jYWFxRyZTLYkJiYmr5decrdROBBCHjkikQhubm5wc3ODTqdDYWEh rl69itu3b3NDWW1sbODh4QE3NzeYmZm1eTxD8FRWVuLcuXMoKipCeXk5Hn/8cdTW1kKtVrvzeLxc uVz+VnR09LZeepndQuFACHmkNe1PqKqqwpUrV1BQUICKigpkZmbixx9/xLhx4+Dp6QmhUNjmsSQS CWbOnIk7d+4gNzcXhYWFABqbou7cucMDsHX16tXzGYZZ2t/nRvD6ugCEkIdbZWUlfv31V5SWlqKq qspo9dX+ZujQoZgyZQqWL18Of39/ODg4QKPR4Pz589i3bx/Onz+P+/e6btOQIUMwffp0zJ8/HzY2 Nrhz5w6AxiDS6XRTWZb9US6Xe5j69XQH1RwIIaZSBgBFRUVGq6UOBHw+n5vvUFlZiezsbJSWliIn JweXLl2Cl5cXxo4dC4Zh2jyOvb09FixYgGvXruHs2bOora0FAOh0umF8Pj8nLCwsIDIyMqMXXlKn Uc2BEGIS0dHRUQzDvMMwTHyTnzQARX1dts6QSCQICAhAQEAA7OzsUFtbi+zsbHzzzTfIz88Hy7Lt HmPUqFF48cUX4eXlxY2G0uv1VizL/kcul6809WvoCqo5EEJMJioq6pMHH5PL5R8AUPR+abrHwcEB f/zjH3Hz5k3k5uaisrISJ06cwE8//QQ/Pz+jW5S2RCgUYsKECXjyySdx/PhxVFRUAAADID4kJMQj Njb23d54HR1FNQdCCOkEFxcXLFiwAFOnTsWQIUOgUqmQlpaGrKysDt21TiwWIygoCN7e3lyzlEAg eEcmk+01ddk7g8KBEEI6iWEYuLu748UXX+Qu8pcuXcKBAwearfPU2v7jx4/H/PnzIRaLodfrwTDM MrlcfrAXit8hFA6EkD7x4CgmtVrdoZFA/YnhIr9gwQJIJBKo1epO1SLs7OwQFBSEsWPHGh6aK5PJ shUKRZ83+fd5AQghj5x2RzHx+XwNgLZnnvUjEokECxYswPnz53Hu3DlcunQJN2/ehFQqbbcvwszM DFOmTIG9vT1OnjwJjUbjW1JScjk4OHhiXy4BTjUHQkivam0UE8uyGYYfnU53p6/L2Vmt1SKys7M7 NKJpxIgRmDt3ruFeFE+am5tf6su5EFRzIIT0upZGMTU1UEc0Ac1rERcvXkRVVRX8/f3bnWFtZ2eH BQsW4NChQ6iqqnJkGOZsaGhoUF+s7Eo1B0II6WFNO5wtLCxw69YtpKSkcDcxaouVlRUCAwPh4uIC lmWtWZY9EhYWJjV9qY1ROBBCiIkYagKGJTSSk5NRXFzc7n5mZmaYOXMmxo0bBwB8vV6fJpfL/Uxe 4CYoHAghxISsrKwQEBCAkSNHQqPR4MiRI/jpp5/a3Y9hGEyePBlubm4AYAXgcG8GBIUDIYSYmJmZ GaZPnw4fHx+wLIszZ87gxIkTHRq6K5VKMXz4cKCXA4LCgRDSb1VWVuLGjRsoLS1FWVkZ1Go11Gp1 h0b/9EfPPPMMZs+eDTMzM+Tn5+PgwYPtzodgGAb+/v5NA+JAb4xiotFKhJD+qEMrupqZmdVZWVlp Hn/8cTMbGxvRkCFDYGNjYxgO2i8NGzYMgYGB+P7771FWVobDhw9jzpw5bd5QyBAQR48eRVFRkR2A 1PDw8GciIiLUpionHwC8vb2lAKQA4OjoCEdHR1OdjxDykCktLW26ZERGbm7uie4eMzc3N9fHx6eO YRgly7IFAMoZhlEC0ANQAbAGwNPr9YK6ujrh77//LlAqlSgoKMDPP/+Mn3/+uf7GjRt1v/32G1td XS0wMzPrV4FhYWGBYcOG4caNG1CpVCgrK8OIESPavH81wzAYNmwYbt68ibq6usd0Op37uXPnvjFV GanmQAjpl9qbCwEAcrnchsfjjdPr9WMBeLAsO45hmHFardamsrJSWFlZyW0rFAprhg0bxnNxcRE5 OTm1e+tPUxOLxQgICEBaWlqHaxBmZmbw9/dHSkoKNBrNIplMtjYmJuYzU5SPwoEQMmBFR0dXAMi4 /8NpGhoMw/iwLDunvr7e/vr167h+/ToYhtHb2Niohw8fPnjYsGEYOnRoXxS/SwExdOhQPPfcczh2 7BgYhtkaEhLyY2xs7OmeLhs1KxFCusUUzUrdlZubW5OTk1OUm5t7Njc3NyU3N3ebj4/P9wB+BWAO 4ImamhqLW7du4fLly7hy5co9lmUFQ4YMYXq7RiESiTrdxDR06FDU1taioqKCxzDMHG9v7125ubk1 PVmuZjWHkpKSnjw+IeQhN1CuGVFRUTkAcgB8HBwcLBYKhbNZlp0BYE5tba3TmTNncPbsWf2wYcPq R48ebeHs7NxrZetKDeIPf/gDfvvtN1RUVDixLPsRgNU9WSYGGNjrmBBC+hVFdHT0h31diM6SyWSz AYQwDBOE+1+aRSJRzdNPPy1yd3fniUSiXimH4cZBtbW1GD58OGbMmNHm9lVVVUhKSgLLslqWZSfE xMTk9VRZjGoOTz31FFxcXHrq2ISQR8TNmzfx888/93UxuiwmJuYIgCPh4eH2Wq12FYCwuro6px9/ /BFnz57Vuri4aH18fERisdik5TDUIL777jvcuHED586dw/jx41vdfujQofDw8MCVK1cEAD4FMK2n ymIUDi4uLggICOipYxNCHhFpaWkDOhwMIiIiygB8rFAoPikpKZnNMEyYXq+fc+PGDVFRUZHezc1N 6+PjY25tbW2yMojFYkybNg1HjhxBbm4uhg4dapgA1yIfHx8UFhayDQ0N0tDQ0CVRUVH7eqIcNEOa EEIeoFAotNHR0d9HRUXN1+v1wwHsZFlWf/36dfN9+/Zps7KytLW1tSY7v7OzM3x9fQEAJ06cQNMh uQ8SiUSYMGECAwAsy24JDg7ukTYwCgdCCGlDbGysMjo6+nWdTjeaYZh4vV4vuHTpkmDfvn0Nubm5 +vr6epOcd9y4cXB3d4dGo0F6ejraCqPRo0cbhuO6mpubr+qJ81M4EEJIB8TFxRVERUX9iWXZZxiG SdNoNObnzp3jJSYm1l2+fNkk6z0999xzsLOzg1qtxtGjR1s9h+H+EfeF9cS5KRwIIaQTYmJi8qKi oubzeLxpLMtmNDQ0iH744QckJyfXd+RmPp3BMAxmzpwJKysrlJWVITMzs9VtXVxcIBKJrNTt8gAA IABJREFUWADjeuLmQBQOhBDSBZGRkRkxMTHTWJZdBEBZUVEhTEpK0v388889WouwsLDgVnK9evUq 8vPzW9yOz+fDw8ODAQC9Xh/a3fNSOBBCSDfExMQkNTQ0eN7vj+D/+OOPSElJaejJWoREIoGfX+Nt HLKysqBWt7wY6+jRow1/DZLL5TbdOSeFAyGEdFN8fLwqKirqTwACACh/++03856uRbi5uWH48OHQ aDTIyMhocRtra2vDXDURwzDd6pimcCCEkB4SHR39fUu1iDt37vTI8f38/CASiVBaWorLly+3uM39 24pCr9fP6c65KBwIIaQHtVSLSE5O1vTEGlQikQhTp04FAJw5cwYtNV05ODgAABiG8VEoFF1eeZvC gRBCTKBJLSKtoaHB7ODBg/rWvu13xrBhw7j5DydPnmzWbGVhYYEhQ4boAVgrlUqfrp6HwoEQQkzk fi1iPsuyG1mW5f3www84efKkvrv9EL6+vrCyssLt27dx4cKFZs87OjryAIDP50/t6jkoHB5By5Yt w7Rp01od8WAQFxeHadOm4fTp08jLy8O0adMwbdo0bNu2rc39ZDIZpk2bhvXr1/dksQkZsGJiYt5n WXYFAPW1a9d4aWlpuu4svyEUCiGVSgEAOTk5zZbXaHJPHr+unoPC4RHk6uqKjIwM7NvX9vpcW7Zs wcWLF+Hl5QWVSoWMjAxkZGRg+/btre6jVCoRGxuLjIwM5OX12OrBhAx4MTExexiGmQZAWVZWxv/2 2281ba2Z1B5HR0eMHTsWOp0OP/zwg9FzdnZ2AACWZSkcSMetXLkSAJCYmNjqNpmZmSgoKMCKFSvQ dC17GxsbKJXKVmdqJiUlwZQrVhIykEVFReUIBIIJDMOcrqmpMUtJSdHdvHmzy8ebMGECLCwscPv2 bfzyyy/c41ZWVgDAAhB3tVOawuER5OHhAalUiqNHj0KpVLa4TUJCAgBg1SrjodJBQUEAGkOgJbt3 7+a2IYQ0FxERUVZfXz+NYZh4nU7HT09PZ2/cuNGlY5mZmWHChAkAGpuXdDod95yVlZUOAMrKypy6 cmwKh0dUcHAwALTYtFRXV4fExET4+vpi3LhxRs85OTnBz88PBw4caLZfQUEBcnJysGjRIpOUmZCH RXx8fN394a7bATBHjx7tckC4u7tj6NChuHPnDi5dusQ9LhQKAQAsy3ZppjSFwyNqyZIlEIvF2L17 d7PnkpKSoFarERIS0uK+K1asaLFpad++fbCxscHs2bNNUmZCHjbR0dHr0c2AYBgGkyZNAgDk5eXB sIS4UCgU3H++S+28FA6PKJFIhKVLlyIvLw8XL140em737t2wtrbGkiVLWtx34cKFEAgEzZqWDhw4 gKCgIPTW/XYJeRj0REA4OzvjiSeeQH19Pc6dOwcAGDRoEABAr9d36d7PFA6PMEN/QtOmJaVSiaNH j2LFihWtdizb2NhAKpUaNS1dvHgReXl5WLp0qWkLTchDqCcCYtKkSWAYBpcuXcKdO3dgbm4OAGBZ tks3vqZweIT5+PjAy8sL8fHx3GN79uyBVqtt1hH9oKVLlxo1Le3btw9OTk7c1H5CSOd0NyAkEgme fPJJsCyLs2fPcn0ODMNQOJDOCwkJMbrIx8fHY9y4cfDxaXvWfWBgoFHTUmJiIhYtWgSBoMtLuRDy yGsaEBkZGfqKiopO7T9x4kTw+XzcuHEDNTU13SoLhcMjbsmSJRCJREhISEBOTg6uXr2KsLD27zLY tGkpLy8PBQUFWLhwYS+UmJCH2/2AiNVqtbzDhw/rOzOT2sLCAk899RQAoLS0tFvloHB4xNnY2CAo KAjJyclISEiASCTC8uXLO7RvcHAwlEol3nzzTbi6unI3IyGEdI+jo+NqlmUzamtreYcPH2Y1Gk2H 9x07diz4fH6LK7Z2BoUDQUhICCoqKhAfH4+goCCIxR1rogwMDIRIJOI6sAkhPUOhUGgZhnkRQEFF RQVz6tSpDu9rYWGBkSNHdrsMFA4E/v7+8PX1hY2NDV599dUWtxGJRHB1dTUKDmtrayxduhSurq7N mpRcXV1hb29v0nIT8jCLjo6uADAfgLqwsBDnz5/v8L4PTF7t0thy6j0kAIDs7Ow2n/f19UVLoye+ /PLLFrfv6mxPQsh/RUdHX5XJZIsYhknLyckRPPbYY4bbgLZJIpHgiSeewK1btwDAqyvnppoDIYT0 YzExMUdYln0DAP7zn/+wHV3J1VB7YFnWtyuL71E4EEJIPxcTE/MZwzDxWq2WOXbsGDrSQT1s2DCI xWIwDCO+detWYGfPSeFACCEDgIODgwxA3p07d3D27NkO7WOoPfB4vDc6ez4KB0IIGQDuj2D6GAAu XbqEkpKSdvdxd3eHUChkWZb1DQ0N7dT9pCkcCCFkgNDr9f6Gv2dkZHArsLaGz+fjySefZACAZdmO TWC6j8KBEEIGAJlM5sUwjAxoXIX13r17OH36dLv7DR8+3PDXTt1ohcKBEEL6OYVCIeDxePEA+NOm TYNcLodQKER+fj7au82ovb09LC0tWQBOcrm8w8sYUDgQQkg/V1JS8heWZZ+2tbXFggULYGtrixde eAEAcPLkSdTV1bW5//9v7/7joqryx4+/7gyCsmC4tIhsfKTgi4qaJIo/wtXCH+nKatmqubqyKgNO apZuP/xkzWfd1dLYTFtkBtywWlOK0nRFKQx/JImMkZoWC4pLAVEkgTvKMDP3+wfMLOMMCMpPPc/H o0cw99x7z8zgfd97zvucExQUJNX/2OwJ0ERwEARB6MRiYmJCgdUKhYI//OEPtqm4x40bh5eXF1ev XnVYlfFaQUFB1h+b3bQkgoMgCEInFR0d3V2hUOwAlOPHj+eee+6x2/7LX/4SSZK4cOFCk7Owent7 4+npaQbuiouLG9ecc4vgIAiC0Em5ubmtkWW5n6+vL7/5zW8ctldVVSHLMnD9KXCCgoKUABaLpVlZ S3ZDqr/++utmVlkQBOG/xLWj9S1atGikLMtPKhQK5s+fT7du3RzKWKfSkGVZrqiokPLz8wkODnZ6 vLvvvts6ed90jUazWKPRmJo6vzU4lAHk5+eTn59/4+9GEITbXVlHV+BWoFarfc1m89uyLDttTgIw GAwYDAYkSZIBCSA3N5fAwECUSqVDeWvTUnV19Z2lpaVjgcym6uACoNPptCqVCkDMsSwIwo0q0+l0 2o6uRFdXHxiyZFkODAoKctqcBHZPDZKPjw/du3fn3//+N6dOneK+++5zus/dd9+tPHXqFLIsR9Cc 4AB1AeJG34wgCIJw81Qq1Z0mk+kToJ+/vz/Lli1z2pwE2Fp5rFlMJpOJ+Ph4Tp8+Tf/+/enRo4fD Pr6+vtQHh3HA/zVVF9EhLQiC0Amo1WoP4AOgv6+vL8uWLbOlrV6rtraW9PR0AKzNTsHBwYSGhlJT U4Ner3e6n3UBLkmSRkZHRze5CJAIDoIgCB1MrVZ7mEymdCDC19eXFStW0LNnz0bLf/jhh1RXV3Nt FtOMGTNQKBR89dVXTteQdnNz4+c//7kR6O7q6trkRHy2ZqXY2NhZsiz3v4H3JQiCgCRJX2m12p0d XY+uRqPRuHz77bd7JEmK6NmzJ8uXL28yMJw/f56PP/4YZ1lMPj4+jB07lk8++YTPP/+cBx54wGH/ Pn36uP74449IknQ/0OjoORewBYYdN/MGBUG4vcmyTGxsLCJANF99YHhHkqRxPXv2ZMWKFfTq1avR 8lVVVbzxxhtYLBYmTpzoNItp0qRJHDp0iMLCQkaOHOnQ9+Dr68uXX35p7Xd4ubFzuQBYnxj69OmD n5/fDb1JQRBuXyUlJZSWliJaH5pv0aJFd5WUlHwgSdIwa2Cw9gk4U1VVRXx8POXl5TSVxdSrVy/C wsI4ceIEX375JcOG2bce9enTx/pjhEajcWlsvIPdIDg/Pz/CwsKa/+4EQRDqNTV9g2AvNjY2sr61 5k5vb2+WLFnSZGC4fPky8fHxlJWVcb0sJoDhw4dz4sQJzp07x3333Wc37qFHjx54enpeqa6u9vj2 228HAXnOjiE6pAVBENqRSqX6X1mW9wN3Dhw4kOeff77JFpuamhq2bNlCWVkZ18tiutbVq1edDmzu 06ePa/2PYxvb16WxDYIgCELriY6O9nJzc3tLluWpCoWCX//610ydOrXJfWpqati0aRMFBQU0J4vJ qqioyPbzmTNnGDBggN12Hx8fZX5+PpIkNZqxJIKDIAhCG6tfxe1dWZaDPDw8WLBgAQMHDmxyH4vF wuuvv05BQQHNyWJq6JtvvrFOqfFdZWVl7+LiYvz9/W3brZ3ekiQFOT+CaFYSBEFoU7GxsQslSToK BPXt25dVq1Y1KzAkJSWRn59Pc7KYGjIYDJw9e1au/zUR6p4eGrrjjjsAkGW50eAgnhwEQRDaQFxc 3CCLxfKqLMvjASIiIpg9e3aTHckAly5dYsuWLVy8eJHmZDFdKycnB5PJpAD2G43GjW5ubn/85ptv 3C9dumQLMD169ECpVNaazeY7o6OjvVJSUhxGzIknB0EQhFYUHR3tpVKpNlssls+B8T/72c/kBQsW MG/evOsGhq+++oo///nPXLx4EW9vb5588skWBQaAQ4cOASDLcnJKSkqlLMvbAQoLC+3KeXh4GAHc 3NycPj2IJwdBEIRWoNFoXEpLS+fLsvwScKdCoeCBBx5g6tSpkru7+3X337dvH3v27MFisTBw4EAW LVpEc/Zr6OLFi5SUlAD8UFtb+08AhULxD4vFsuj8+fN2Yx68vLyUP/30E0AgkHvtsURwEARBuEmL Fi0aWVJSshkYBjBgwABmzpzZrEHFBoOBN954g1OnTqFQKIiKirpuFlNjrGtJS5KUkpKSchUgMTEx KzY2tvSnn37qU1FRgbe3NwC9evXqfvHixUYHLorgIAhCl6NWqz3MZvMIrVbb5JoE7VAPX5PJtAGY C/Dzn/9cnjFjhnTtqOTGFBcXo9PpKC8vp7lZTI2pqanh+PHjAMiyvLXhNlmWdwLLL1y4YAsO1k5p QAQHQRC6vujoaC+z2fyZLMv9YmJi5iYlJf2jveuwcOHCIKVS+YTJZFoEdHdxcZEnTpwoTZkyRbpe v4LVp59+ys6dO6mpqaFv377ExsbaLtw34vjx49TU1CDLclZSUtJX12xOA5Y3bFpqEBxEn4MgCF1b /dTWe2RZ7gdN5+m3hdjY2EhguSzLtnafoUOH8uijj0rNvbCXlJSQmprKuXPngOZnMV2PtUlJoVAk XrtNp9MdvbZpSQQHQRBuCQ3XPGjP80ZHR3d3dXWdRV1QCAVwcXGRR48eLUVGRjY7m8hgMPDhhx9y 6NAhLBYLHh4ezJw5kxEjRtx0HS9evMjFixcBfqipqdntrMy1TUvdu9vW+vFyVl4EB0EQOj2NRuNS UlKSDkT07NmTe++913an3Fbq+xNigTjAF8DT09MyYcIExf333y95eHg06zgWi4Xs7Gzef/99Ll++ jEKhIDIykqlTp7Y4G6kx7733ngxIDTuinXBoWpIkySLLssLZ7KwiOAiC0Kk1WPMgwjooLDfXIfOy 1c5VWlo6FphrMplmA90B+vbtK0dGRkrDhw9XKBTNHx52/vx5duzYYb2rb1EWU3NlZmaSn58vAWWy LDe6PoNOpzsaFxdX9tNPP/lam5bc3NwMV69e9SgrK7sLKGpYXgQHQRA6rQaB4dHmjBa+kSym6Ojo 7m5ubpNkWX60pKRkKvXNLJIkyUOGDGHChAkEBQVJLal3VVUV7733ni17yNvbm0ceecRhbYWbVVZW xgcffGD9dZFOp/uhqfJms3mXJElx33zzzXU7v0VwEASh0yopKXlLkqRH3dzcrrvmQXR0tJfJZMoG +l8vi0mtVnvU1tZOkyTpUWC8LMu2NqK77rrLct999ynCw8MlHx+fFtW3vLycgwcPcvToUWpra+nW rRsTJkxgypQpN93hfC2LxcK2bduora1FkqQUrVb7z+vto1AosmRZjvvuu+8A6N69u3z16lVkWb4T 8eQgCEJXoFKpXgVmu7q6ysuWLZP69u3baFlrFhP1OfvOsphUKtWdkiRNk2V5tslkipAkydYjGxgY aBkyZIjivvvuw8fHp8XTCn311VdkZmZy6tQp22v1WUw3lZ7alH379nH+/HmAopqamiebs4/ZbP5U oVBQVlYGgIuLixlAkiSHDhQRHARB6HTqA8NyV1dX+YknnpCCghrPWHWWxSRJkqJ+muwR1I1aHgkM kmXZul3u16+f5b777lMMGTKEXr16tTgg1NbWkpubS2ZmJsXFxQB069aNUaNG0ZIsphtRXFzMP/9Z 96CgUCj+4GziPGeSk5O/Wbx4cUlNTY1fRUUF1E3r7ZQIDoIgdCoqlWodsFyhUKBSqZoMDJIkKayB oWEWkyzLz0qS9ELDsi4uLpZBgwZJ9957rzRkyBDJw8OjRf0IVlVVVRw+fJhDhw5RVVUFQM+ePRk/ fjz3338/zc1iulG1tbVs27YNi8UC8HpiYmJWS/Y3m80Hgbnl5eXccccdyh9++AGLxeLwWCaCgyAI nUZMTMwTwLOSJMkxMTHS4MGDmyxvsVhWSJL0M09Pz2uzmFy9vb2NQUFBrn379iUoKAg/Pz/Fjbb7 WywW8vPzOX78OCdOnKC2thaAvn37EhkZyfDhw2lJFtPN+PDDD61PKl+5uLg8dwOHOArMvd6a3yI4 CILQKcTExDwhSdJGSZJklUolDR06tNGynp6eAFgDw8qVK+2acR566CEefvhh18b2b47a2lrOnj2L Xq/n9OnTGAwGABQKBaGhodYspps5RYvl5+fz0UcfyYDZYrH8ISEh4XJLj6FQKD61WCx89913/M// /I8SQJZlh4FwIjgIgtDhVCpVLLARYM6cOU0GBoB//etfALi5ubF06VKH9v0bfUKoqakhLy+PkydP cu7cOWpqamzb/P39CQ0NJTw8nJZmMbWGL774guTkZIssywpZll9KTk7+7EaOk5iYeCYuLu7y5cuX PUwmUw8ASZJEcBAEoXOJiYmZAbwOMHPmTH71q181WT41NZUTJ07g5ubGsmXLaCqLqTkuX77MF198 wYkTJygoKLA1GQEEBQVx7733Up/FdFPnuRknT54kKSkJi8WiADYmJSWtvslDZgFTrSmtzojgIAhC h4mJiZkhSdIOwGXmzJlERkY2WT41NZXMzExbYGhps47FYuHbb7/lwoULXLx4kfPnz1sXxwHqmowG DBhAaGgo9VlMN/K2WlWDwACwUafTNStttSkWiyULmFq/2I9TIjgIgtAhVCrVr4EdgMtDDz103cDw wQcfkJmZiUKhICYmplmB4dKlS1y4cIELFy5w/vx5iouL7ZqKoK4JauDAgdx7770MGTKkzbONWqIt AkO9a6f0diCCgyAI7U6lUkVQHxgiIyN5+OGHmyyfmZnJ/v37bYHhellMx44ds0s1bcjHx4e7776b BllMrT56uTW0YWAAKLxeAREcBEFoV/WBIR3wiIyMZObMmU2Wz8zMJDU11RYYmuqs7tmzJwD1A7xw d3cnKCiIvn370rdvXwIDA1ttJtS21MaBAT8/v4KGzWnOiOAgCEK7iY2NHSbLcjrgMXz4cHnmzJlN DkQ7fPgwqampADz22GNNBgbA1pnt5ubG3Xff3aGdyDfq5MmT6HQ6WZZliTYIDAAajcb0+OOPl9TW 1jY6PawIDoIgtAuVStVfluU9gMfQoUPlBQsWNBkYTp48yTvvvAM0L4vJqrnlOqOPPvqItLS0Ng0M DRQBIjgIgtBxVCpVf+ATwDc0NNQUExPj0tSI4obNKs3JYurqLl26xLZt26xLh0rASzqd7kZGPzeb 0Wg8JUnS6Ma2i+AgCEKbiouLC7BYLJ8Avvfcc48pNja2ycBw+vRpW2BoThZTV/fFF1+wbds2+T// +Y8ElFG3LsN1p9++WZIkFTS1XQQHQRDaTP1Sm+mA7913321cvny5a1OBoaCgwBYYmpPF1JXV1NTw 3nvvcfjwYahb4nOvLMt/uN6CPa2oyZxdERwEQWgTKpXqTpPJ9AnQPyAg4MqTTz7Zw83NrdHyBQUF bNq0iZqaGpqTxdSVFRcXk5ycbF1X4SqwUqvV/q2dqzGyqY3tM41gI2JjYxk2bBgjRoygsrLx6ch3 797NsGHDGDZsGNdLv7rZulzP3r17GTZsGHv37m2TejTF+hlc+99vfvMbYmNjHer0m9/8ht/85jft WsfY2Ng2PeewYcOIjY1t0T6zZs1i2LBhbNu2rcXns36216PT6dr077OLmg/0lyRJXrhwYZOB4eLF i7bAMHz48Fs6MHz00Uf85S9/kesDQ55CoRiu0+naOzBA3ToXjeoUTw5ms5lDhw4xbdo0p9sPHDjQ zjXqvLy9vRk92r4PqbKyEr1ej16vp6SkBJVK1UG163xOnz5NYWEhnp6epKWlMX/+/I6u0m1DoVCk ybK8TJbl//nb3/7GihUrbOMQGiorK+P111+npqaGoUOHsmDBgg6obdur73SWz507J1HX6bzRaDQ+ l5KScrW966JSqe4E7myqTIcHBx8fH4xGIwcOHHAaHMrLy8nJycHf39+22lJHmjp1KlOnTu2w8wcE BPDiiy86vF5eXs6sWbNISUlh5syZeHk5TLLYLrRabYectzF79+7F1dUVlUpFfHw82dnZjBo1qqOr dVtITEwsUqvVI8xmc1ZZWVm/NWvWsGLFCrsZVMvKyoiPj6eqqoqhQ4cSExPTbusitBeDwcDBgwf5 6KOPTFevXnUBvpEkKVqr1WZ2VJ0UCsWg+gF2jerw4ODi4sKYMWPYtWsXlZWVDhe1zMxMXF1dGTdu HG+99ZbD/pWVlZw8edI213rfvn0bHVp/+vRpLl68CEBwcDDBwcFOyxUWFlpTyhg6dCh+fv9NBa6o qKCoqIiAgAC8vb2prq4mPz+f4OBg3NzcOHr0KAaDAS8vL8LDw3F1dZxSvri4mDNnzmA2m/Hx8SEs LAylUtmMT6txPj4+TJw4kbS0NM6cOUNERITddut7VyqVhIWF2QYHWd+Pv7+/w4Ahs9lMXl4e3t7e BAQEAFBUVMSZM2eAuqeYsLAwu/eYn59PTU2Nw3dQUVGBXq/HaDTi6enJqFGjHD4bg8HAiRMnqK6u BqBPnz6Ehobe8GdjNBpJT08nNDSUyZMns3HjRlJTUxsNDgaDgc8++wyDwYCPjw/h4eGNHjsvL49v vvkGV1dXp8ezfq6DBw8mLy+P8vJyu78ls9mMXq+nvLwcgCFDhuDv7+9wnMrKSnJycjAajbi6uhIe Hu7wb8RsNpOTk2MbFTxgwAACAwOb9yG1sYSEhDK1Wj3MZDKlV1VVRcTHxxMbG0tQUBAVFRW2wBAU FHTLBQZrUPj4448tV65cUVB3vd0BLNVqte3V6eyUxWIZeL0yHR4cACZPnkxaWprTpqXMzEzGjRtH jx49HPbbsmULKSkpmM1mu9fDwsLYvHmz7eJTUVHBypUrOX36tF25KVOm8OKLL9pdfNatW0daWprt d6VSyfLly3nssccAyM7ORqPRoNFomDp1Kvn5+cTGxrJq1SqSk5Nt/9ih7i5fq9XaFhg3m83Ex8fb Rnw2LPfKK6/YLsA3ylmbrslkYtWqVWRkZNhec3V1ZfXq1UyePBmz2UxsbCyRkZG8/PLLdvtmZ2ez fPly1qxZQ0BAAC+88AL79u2zK+Pt7c0rr7xiCwbx8fGUlpby4Ycf2sr8/e9/Jzk5GaPRaHvNx8eH hIQE23tOTU1l48aNdmUAAgMD0Wq1N/QklJGRgcFgICoqCi8vL8aMGcORI0coLy93CIR5eXmsXLnS ru9r4sSJmEwmu3IGg4GVK1eSk5Nj9xmEhYXZlbP+ncybN892UxMaGkpycjJFRUU888wzFBbaT28z ffp0nnvuOdvf4969e1m7dq3dZ+Lq6sry5cttbfJFRUUsW7bMoa9jzJgxvPLKKzd909EaEhISLqvV 6skmk+mtqqqq6Zs2bWLevHns3bvXFhiWLVt2ywSG2tpaDh8+THp6uqW6uloBKGRZzgKeTEpKyuvg 6ln1v16BTvFthIaG4uPj49C3UF5eTl5eHpMmTXLY59ChQ2zdupUpU6bw8ccfk5uby8cff8zEiRPR 6/Wkp6fbyq5cuZKzZ8+yevVqjh8/zrFjx5g5cyb79u2zjcC00uv1aLVacnNzefPNN/H29mbjxo1N dpgDvPzyy0RFRfHxxx9z+PBh5s2bR1FRETqdzlZmy5YtpKamMmPGDA4fPkxubi5arZbq6mqWLVvm cGFsiYqKCg4cOIBSqWTQoEG218vLyyktLeXNN9+0nc/NzY3169fbnlzCw8M5cuSI7enLat++fbi7 uxMZGUlGRgb79u1DpVJx/PhxcnNzSU5O5sqVK2zYsKHReqWnp5OQkMDo0aM5cOCA3X5PPvkkZrOZ 06dPs379eoYNG2b7Lg8fPsyMGTMoLCx0CKbNtWfPHlv9AaKiojCbzXbBH6C6upqVK1eiVCp54403 yM3N5b333iM/P98u2AP89a9/JScnh6VLl3Ls2DEOHz5s+3ycSUtLY/ny5axdu5aFCxdiNBpZtmwZ paWlxMfHk5uby7Fjx1CpVOzatYstW7bY6rR27Vq7z+TAgQMEBQURHx9vq9df//pXqqurbd/vsWPH mDdvHkeOHGH37t039Lm1hYSEhMt+fn6/lSQppaamxpapYw0MTXVWdxW1tbVkZmby3HPPyampqVRX VytkWc5SKBQPJCUlPdCJAgOSJA2r/7/cWJlOERwAxo8fj16vt7sI7927F3d3d6eP7ZWVlYSGhvLU U0/Z7iq9vLxsnbHWRSzy8vI4ffo0c+bMYdq0aSiVSlxdXVmxYgUhISEOd28vvvii7S4wJCSEOXPm YDabHcpdKywsjMWLF+Pl5YW7uztLlizB09OToqIioO6Oc/v27YSGhvLcc8/ZJv/FAaLVAAAgAElE QVQKCwtj6dKllJSU2AW0xpSWlqLT6ez++/Of/8ycOXOoqKhg3rx5DnfZf/rTnwgJCbGdb/LkyVRX V9v6cKKiojAajXz00Ue2faqrq8nKymLixIm4urra3seoUaNsd6OhoaFoNBqmT5/eaH3feustvLy8 WLt2re0JKjQ0FJVKRY8ePSguLub77793+C7d3d154oknbO+5pYqLi9Hr9bb6A0RERODl5cWuXbvs njbT09OprKzkmWeesT0BBQQEsHbtWrtjVldXs2fPHsaMGcP8+fNxdXXF3d2dp59+utEmyhkzZjB3 7lwmTpzIqFGjSE9Pp6SkhBUrVjB27FgAW59IWFgY27dvx2AwUFhYiNFoJDQ01PaZeHt78+yzz7J8 +XLbd1BUVISPjw/9+vWzHWvx4sWo1WruueeeFn9ubUmj0Zi0Wu0fJEk6AiBJEvPnz+/ygcFisZCd nc3zzz9vDQoScNQaFBITE7M6uo7XkmW5P8Cdd95paqxMp2hWAnjwwQfZvn27XdOS9UnAWbv9tGnT 7JqgysvLKSwstHvcB2zt49cGGKVSyZtvvulw3GvbypvbnHHtfkqlEk9PT9sd3pkzZzAajfj7+6PX 6+3KWt/f6dOnG83YsiopKbF7GrEKCAggOjraIQXQx8fHoS3b+p4qKioICAggMjKS9evX2yUFHDx4 EKPRyOTJkwEIDw9Hp9OxbNkyIiMjGTNmDMOHD+fBBx9stK7W/hhn3+Fjjz1ma6oLCAiwO461vd76 3d0I611zw+QBpVLJxIkTSU1N5dChQ7ZzWr+PkSPt076Dg4PtPrsvvvgCs9ns9GZl/Pjx5OfnO7we Ghpq9/vx48cB6NGjh8PfgZ+fH3q9nsLCQkJCQvDy8kKr1XL27FnGjBnDqFGjCAkJsQV6qPtedu3a xbx58xg/fjzDhw9n8ODBnTrjR5Kk38uyrJdl+edNZTF1drW1teTm5rJ3717TDz/84EJdBlKeJEka rVbbeR7brlE/MNHLw8ODO+64w/L99987LddpgkPDpqVp06ZRXFxMfn4+y5cvb3Sf999/n127dvH1 11/b7gQbdh4DtqaSu+66q+0qD4227VrrZQ0Se/bsYc+ePU7LNidHfvDgwfzlL3+xe+3OO+90GkCh rsP/elxdXW2d2db2+D179uDn52d7irI+JSQkJLBr1y527dqFUqlkxIgRxMXF2V2wrKwdy3fe2WTG HFDXP5CamsrZs2dtzWvOOmibw2w22/pGXnjhBbtt1r+H9957zxYcrE+rzqZybtg30dxyDV27cIy1 03jVqlWN1r+0tJTBgwezadMmXnrpJbKyssjKygLqAtasWbNsQfypp57CbDZz4MABEhISgLonjEmT JhEXF9cpp6euz2IaaDKZ9GVlZX7Ospg6s4KCArKzs9Hr9bVXrlzpRt11tNMHBava2tohkiTh5+eH p6enCXD66NZpggPU3X3t3LmTyspKPvroI7y8vBw6+qysTSqDBw9m+fLlBAQEMGDAAAwGg9NBWJcv X27r6jfJevFeunQpEyZMcFqmOY/Xrq6uDgGwNUydOpW0tDTS09OZMGECeXl5DuMlrGm8Z8+e5cSJ Exw7doxjx46Rl5fHjh07Gq2XNUg0Zu/evWg0GgIDA1Gr1QQEBBAcHIyPj0+zBiZeKzs7m/LyckaP Hm3X/2KVkZFBTk6OLeusqc/dbDbbAn9jAdharjmsx/rggw8avaGwPtmFhITw5ptvUlJSwmeffUZu bi5ZWVmsWbMGpVLJ1KlTcXd358UXX+SPf/wjJ06c4Pjx42RlZbF9+3aKi4t59dVXm1Wv9lafxdTP ZDLlVFVVDXjllVeIi4tr8bKf7aWkpMT6Ny9XVlZaZ5PtBuTKsrwxKSnpHx1Zv5aQJGkQ1N18NdWX 2qmCw9SpU21NS3v27GHKlCmN/gN655138PHxITk52a6MtW/Aeqduvfu0pps29Mwzz1BeXs4bb7zR Fm/HjjW1sLi42OEiWlFRQXp6OoMGDbK1y7e3wYMHExAQYJcU0LBJJjs7m8LCQubOnWtr2pg/fz7b tm1j8+bNnDx50uF9+fn54e7ubuuvaOjQoUPEx8fz/PPP89Zbb+Hu7k5ycjKenp62Mjc6rmXXrl1A 3V21swwwLy8v1q9fz+7du3niiScIDAzk2LFjnD171u4JyNrXZP27sX6HZ8+edRjr8vXXXzerbv36 9bOlnV7b5JSdnU1paSljx46ltLSU7OxsJk6ciJ+fH4888giPPPIIhYWFzJo1C71ez4MPPsj+/fu5 6667CA8PZ+zYsYwdO5YVK1Ywa9Ysjhw50uzPrCPUZzGFm83mfdXV1WNee+014uLiGDjwulmW7eLS pUucPHmS7Oxsubi42BoQJKBIluW3JUn6h06nu+5ym52NJEmDZFnG19eXy5cvWwc7ONw9d5oOafhv G+/WrVspLi5usj3b2Z2a0Wi0TZFg3R4REYGnpydvvfWWXTZOYWEhWVlZ7bYYSGBgIMHBwezbt4+8 PPukhddee42NGzc6ZMa0t6ioKPLz89m3bx9hYWF2F/vs7Gw2btxIdna23T7W9Xgb+xwnTpzI6dOn 7fqCzGYzO3fu5IcffiAwMND2XTUM8mazmaSkJOC/TTHNUVFRwZEjRwgJCWk0NXjy5Mm4urqya9cu u36VpKQku7+rt99+2+6px/odpqen2wW8oqKiZiUTWM8Ndd95w7/HiooKVq9eTUJCgq2vyjouoyHr 5+3p6YmbmxubN28mPj7eIdPMmonW2SUkJFzu06fPg5IkfWA0Gnn99dc5efJkh9WnpqbG+rcuW7OO 6gPDD7IsJwJjdDrd3UlJSau7YmAAkGV5ENQ1tVssFmvQcxh30ameHKDuYrJ161Z8fHwc7qwamj59 Otu3byc2NpbRo0djMBjIzMzE09MTV1dX2z8WT09Pnn76aTQaDbNnzyYyMhKDwUBGRgZeXl62jJj2 oNFoUKvVqNVqJk2ahI+PD3q9nry8PCIjI5k4cWK71cWZqVOnkpCQQGFhIRqNxm7b3LlzOXDgACtW rGDSpEn06dOHwsJCMjMzCQsLa7T5b8mSJeTl5bF06VLbfkeOHCE/P5+nn34ab29voqKi2Lx5M4sW LWLcuHGYzWaOHDnClStX8PLyum6zVEPp6emYzWbbRdgZT09Pxo0bR0ZGBhkZGUydOpWFCxeydetW 5s2bx5gxY8jPz0ev1ztcYDUaDYsWLeIPf/iD7Rzp6em2AZHXExwcjEqlQqfT8bvf/c72fvft20d1 dTXr16+3DawLDw8nJSWF/Px8Bg0aREVFBRkZGXh7ezN79myUSiVLly5l7dq1tmMplUqOHDlCcXGx w3fYWWk0GhPwiEql2mqxWBZotdp2XcOhuLjYOvDVdObMGYXJZFJQ94RwFdglSdKOPn36/LO+nreC /oBdH48sy2XXFlIChIWFjQPG+fn5tUl7dmN+/PFH/Pz87LJEfvGLX3DlyhWmTZtm1wx0+fJl3Nzc GDNmDN27dyc8PJwePXpQUFBAXl4eNTU1REVF8dxzzyHLMgqFgvvvvx+A//f//h8jR46kvLyc3Nxc vv/+e+6//37WrFlj+4B+/PFHevfuzbhx4+zqaDAYkGWZUaNG4eXlZfs9PDwcX19fjEYjV65cYdiw YQ53quXl5dxzzz229+ft7c1DDz2EyWTi9OnTnD17ll69ejF//nwef/zx6w4CsnZUNhU0mzr/tZ+l 9T1Zubu7k5uby08//cTq1avtFl3/2c9+RmRkJEajkS+//JIzZ86gUCj47W9/y9NPP20re+132r17 dyZPnoxCoeDMmTOcOXMGf39/nnrqKdvF1Zqu+e9//5vPP/+cqqoqHnzwQVavXm3rUB05ciRKpfK6 n0Fubi6+vr489thjTXbG9unTB5PJhKenJ4MHD2b48OH069ePwsJCTp48yc9//nNefPFFevXqhb+/ v+181s7eH3/8kc8//5zvv/+eefPm8fDDDyPLsu3v89q/m4bCwsIYPHgw33//PXq9nm+//ZahQ4fy 3HPP2Y3KnjBhgq1Z7uTJk1RWVvLAAw/w/PPP2/6dDhgwgJCQEMrLy/n888+5cOECgYGBPPXUU+26 DkJpaak15ThLr9cfupFj6PX6D8PCwizAA19++SUmk4kBAwa0aj0NBgP5+flkZ2ezf/9++e2337Zk ZWUpzpw5Q1lZmaL+Tvpj4E8uLi5/SExMfEev13+dlZXV9FwTXURMTEyoJEnLevXqxeTJkzl+/Lih rKysuyRJWr1e/++GZSUAlUr1IqBp6g5QuPUZjUamTJnCmDFjnM7fJAiNsU78CGh0Ot3/3cyxFi1a tFCSpCRJkqRf/epXPPbYYzc8erqsrIwLFy5QUFBAYWGhXFpa6mxp0gJJko7KsvyZxWL5Z3Jy8jc3 U//OTKVS/S/w54iICObNm8df/vKXyn//+99eCoXi7sTExKKGZTtds5LQ/gwGA25ubqSkpFBZWclv f/vbjq6ScBtLTk7eqlarL5lMpp2HDx92uXz5MgsWLLB7km1KZmYmX3/9tfnrr7/m6tWrDTNarE1F ucBRSZI+k2X503ZcXKczeBRg+PDhdi9evXrVIW1JBAeBDRs22MZeREVFOR2zIAjtKSEh4f3FixeP t1gsB06ePOlWVVXVrGk2Dh8+bO3EtwaFb2RZ/gw4Ksvy8bvuuiv3Fuo7aJH65VpD3dzcHCZmTElJ EcFBcGTtCA8ICGDu3LkdXBtBqLNly5ZDKpUqFDhRUFDgsWHDBpYtW9bkaOqqqirrj28rFIrV1zaV 3M7MZvM0SZIIDQ21PYVVVVV1A5w2o3WqVFahY4waNYoXX3yR+fPnd4pZPAXBSqfTfaVQKAYD3xUX FxMfH29dWvN6CkRgsCdJ0qMA9957r+01k8lkwckYBxDBQRCETi4xMbHIxcUlFMi3Lg4klmNtmfqV 30Z269bNbh64K1euuDlLYwURHARB6AISEhLKXFxcwoC8qqoqXnrpJQoKCjq6Wl2GJEnTAJeBAwfa +m0MBgNms9kVJwPgQAQHQRC6iPo1IYYDmTU1NWzcuLFDR1N3JbIsOzQpWWceUCgUollJEISuTaPR mPz8/B4C/l5bW0tSUhKffvppR1erU1Or1R7AOIVCwZAhQ2yvWyfdk2W5yNl+IjgIgtClaDQak06n WwhoLBYLb775psMqksJ/1dbWTgO6BwUF2U0hf+nSJQAkSbrqbD8RHARB6JLqR2IvAUzvv//+DS8n e6uTJOkhcFx46scffzSB83mVQAQHQRC6MJ1O9zdZlmcDpszMTDIzMzu6Sp1KdHR0d2A6wNChQ+22 fffdd9YnBtEhLQjCrScpKSlNoVBMAP5z7dTltztXV9dIwKNv37706tXLbtv3339fA6BQKP7jbF8R HARB6PISExOzJEkaB1ibSG6n+ZKaMhccm5QAvvvuOw8AhULhdF0KERwEQbglaLXaXIVCMQqI8/Pz 03Z0fTrawoULg4BHXVxc5IiICLttZWVlGI1GN6AoISHBaZ+DmFtJEIRbRv2UGbd9YABwcXH5X1mW XUaOHOkwH1V+fr71x88a2188OQiCINxi1Gq1ryzLsxUKBZMmTXLYXlhYWFv/49HGjiGCgyAIwi3G ZDI9A3QfPny407XE8/PzLQCyLDc6glAEB0EQhFuIWq32BeKgbqnZa1VVVfHjjz+6AZVJSUl5jR1H BAdBEIRbiMlkigW6h4aG4u/v77C9wYSFjfY3gAgOgiAIt4zo6GgvYDnAlClTnJZpEBwa7W8AERwE QRBuGW5ubrGAV3BwMH379nVa5l//+pcFQKFQNDljoQgOgiAIt4Do6Ojusiwvh7q14J2pqamhuLhY AkxXr14VzUqCIAi3um7dusUCvn379iU4ONhpmQsXLiDLsiRJUm5KSorT2VitRHAQBEHo4jQajYsk SSsBfv3rXzdaztrfIMtyk08NIIKDIAhCl1dSUvI74C5/f3+7BX2ulZ+fbwCQJCnrescUwUEQBKEL q1/pTQPOxzVYWSwWCgsLu0HTg9+sRHAQBEHowkwm0zog4J577mH48OGNlvv2228xmUzdgK90Ot11 Z60VwUEQBKGLiouLGwcsUSgUzJ8/H4Wi8Uv6uXPnLACSJF23vwFEcBAEQeiS1Gq1h8VieQPqOqF9 fX2bLH/o0CEDgMVi2duc44vgIAiC0AVZm5P8/f0bHQ1tdf78eX744QcPoOyXv/zl7uYcXwQHQRCE LqYlzUkAhw4dsk7RnaLRaEzNOYcIDoIgCF3Itc1JzibXa8hgMHDixAkFgEKhaPZCSHYrwZWUlNxA VQVBuN2Ja0f7aUlzEkBOTg5ms1kJ7K9fKa9ZrMGhDKC0tJTS0tIbqK4gCAJQfy0R2kZcXNw4i8XS 7OYkgIMHD9YC3WRZTm7JuVwAdDqdVqVSATTd3S0IgtC4Mp1OJ9ZvbiNqtdrDZDI1uzkJ6jqiv/vu u260oCPaytasJL5UQRCEzqulzUkAR44cAUCW5eTmdkRb2YJDbGzsLFmW+7dkZ0EQBCtJkr7SarU7 O7oetyKVShVBC7KToK4jOicnxwJYZFlu8c2/C9gCw44W11gQBKGeLMvExsYiAkTrWrhwYRDwLjS/ OQng008/xWQyKSRJ2pecnPxNS8/rAmB9YujTpw9+fn4tPYYgCLe5kpISSktLEa0PrUutVvuaTKY9 gO+AAQOa3ZwEcOjQISPgKsty4o2c2y6V1c/Pj7CwsBs5jiAItzmR6di61Gq1h9ls/gDo37dvXxYv Xtys5iSA/Px8vv/+e1fgGz8/vwM3cn4xCE4QBKGT0Wg0Lmaz+R1Zlkf6+vqyZMkS3Nzcmr3/J598 Yl3lrcUd0VYiOAiCIHQypaWlSbIsT+3ZsyeLFy+mZ8+ezd738uXLfPHFFy6AyWKxbL3ROojgIAiC 0ImoVKp1sixHu7q6ykuWLLnubKvXysjIMJnNZhdJkvbfSEe0lQgOgiAInURMTMwTwLMKhYK4uDip b9++Ldq/rKyMjIwMBWAC/u9m6iKCgyAIQicQExMzQ5KkVwCio6MZOHBgi4/xzjvvmGVZVsiynKzV anNvpj4u1y8iCIIgtKX6QW47AJdHH32UESNGtPgYubm5fPXVV0rgh9ra2udutk7iyUEQBKEDxcXF DQL2Ay6RkZFMmDChxceora0lNTXVDCBJ0rMpKSmVN1svERwEQRA6yKJFi0ZaLJaPgJ8NHTqUmTNn 3tBx9u3bx08//aSUJOkzrVZ7wxlKDYngIAiC0AFUKtV8hULxCeA7cOBAYmJibug45eXlZGRkWADM ZvOTrVU/0ecgCILQjjQajUtJScka4FmABx54gJkzZzZ79PO1duzYgclkUgDJycnJn7VWPUVwEARB aCdqtdqjpKTkXeAhhULB3Llzuf/++2/4eF988QVffvklQCVw053QDYngIAiC0A5UKlV/k8n0AdC/ Z8+exMTEEBwcfMPHq62tZceOHRbqugee1el0P7RWXUEEB0EQhDYXGxsbCaTJsnyHv78/ixcvxtvb +6aOuW/fPn788UcFkOvn59cqndANieAgCILQhmJiYp6QZfkVwCU0NJQFCxa0aBI9Zxp0QissFsvS G51crykiOAiCILQBjUbjUj+BXjRAVFQUU6dObZVjv/vuu7Umk6mbJEkprdkJ3ZAIDoIgCK1MrVb7 1nc8R7i5uREdHc3QoUNb5djZ2dmcOnWqG1CpVCpbtRO6IREcBEG4rajVao/a2tr7k5KSbmgRnKZo NBqXb7/99nGTyaQBvLy9vVm8eHGzl/a8noKCArZt2yYDkiRJKxMSEspa5cBOiEFwgiDcNtRqtYfF YjkmSdL+mJiY37XmsWNjYyNLSkpOS5K0EfC69957efbZZ1stMFRUVJCYmGiRZVkCNrbWSOjGiCcH QRBuC9HR0d3NZvN+WZYHA0iSFNQax42Liwswm80bZFl+FMDHx4fZs2ff0KyqjampqWHz5s1ydXW1 Atjv5+f3x1Y7eCNEcBAE4ZZX39zzlizLNz7i7BrR0dHdu3Xr9r+yLP9RkiS3Hj16yJMnT5YmTJhw w6OdnbFYLCQnJ1NaWioBX7m4uPy2LbKTriWCgyAIt7zS0tIkSZIe9fDwYMCAAZw4ceKmjhcbGzur Pj31LlmWGTFiBI8++qjUkuU8m2v37t2cOnUK4Aez2Ryl0+kut/pJnBDBQRCEW5pKpXpVluVoNzc3 Fi9ezFdffXXDx4qJiQmVJGmzLMsRAH379mX27Nncc889rVbfhrKzs9m/fz/Urez28NatWwva5ERO iOAgCMItq37ZzeUKhQK1Wk1QUNANBYdFixbdJUnS/0qStAhw6dmzJ9OnT7+peZGup6CggDfffNNW BZ1Od7TNTuaECA6CINySYmNjF8qyvFGhUBATE0P//v1btH99n8Kv6wPCeMBFoVAwfvx4Jk+ejLu7 e5vUG+oyk7RaLRaLBeAlnU63rc1O1ggRHARBuOXExMTMkGVZC/Doo4+2aABafdPRQmA2cCdAt27d CA0NZerUqfj6+rZJna1qamrYtGkTVVVVSJK0t0+fPqvb9ISNEMFBEIRbikqlipAk6R+yLCunTZtG ZGRkc/a5E5gFLAJCra/37duX0aNHM2zYMDw8PNqu0vUsFgtarZaysjKAM0ql8rH2yExyRgQHQRBu GbGxscNkWU6XZdktMjKSKVOmNFpWlmWXmJiYSdQFhKlAdwAPDw9GjBhBREQEfn5+7VPxeqmpqdb1 GcoUCkVUQkJCu2QmOSOCgyAItwSVStVfluU9gEdz1mOWJOlZ6q+BCoWCQYMGMWrUKEJDQ1t1nEJz WCwW3nrrLY4dOwZ1mUm/TUxMLGrXSlxDBAdBELo8tVrtazKZ0gHfe++9t8n1mBuMRXDx9fVl9OjR jBo1irYYo9AcNTU1bNmyhXPnzgFcBma3d2aSMyI4CILQpalUqjtNJtMnQEBQUBCLFi1q8s7/V7/6 FQB33XVXm41PaK6Kigo2bdpk7WMokyQpSqvV5nZopeqJ4CAIQpelVqs9rEtv9u7dW3788cel5iyk Yw0QHenixYu8/vrrVFVVAZyxWCyTk5OTv+noelmJWVkFQeiSNBqNi8lkeheI+MUvfmFZuXKl1JZj D1rTF198QXx8vDUwfOzi4jKqMwUGEE8ObcZoNJKTk8PZs2cBcHNzY8CAAYSHh9uVMxgMHDx4kODg 4JtabLw52vNcgtCW6ifSe0eSpIc8PT0tS5YsUXRUn0FLZWZm8t5771kHuCX7+fkt7qh01aaI4NAG 8vLyWLVqFeXl5Q7bQkJC+NOf/kRAQAAAlZWVaDQaVCpVm1+w2/NcgtCWSkpKNkiS9Kirq6vliSee ULT1wLTWYLFYSE1N5ZNPPgHqsqW0Wu3LHVytRong0Mqqq6t58sknMZvNrF69mrFjx+Ll5UVxcTG7 d+8mJSWFZ555hu3bt6NUKju6uoLQ5ahUqheB5S4uLpYnnnhC0VqL6bSlmpoakpOTOXXqFJIk1QDz tVrtzo6uV1NEn0MrO3r0KNXV1Sxfvpxp06bh5eUFgL+/P0uWLGH69OkUFhaSk5PTwTUVhK6nfiI9 jSRJ8sKFCxVBQa2yXk+bqqqqYsOGDdbAUC7L8vjOHhhAPDm0usrKSgB69OjhdPsjjzyCq6srd9xx h8M2vV5PamoqlZWVuLu7M2PGDCIiIuzKFBcX8/7779v6MpRKJcOGDWP27Nl2E4GZzWZSU1M5cuQI ZrOZkJAQJk+e7LROhYWFpKamUlRUBEBgYCAzZ860NX29/fbbFBUV8fzzz9vtt27dOpRKJU8//bTd edetW8fgwYOZNm1ao59TcXEx7777Ll9//bXtnHPnzrUbkWowGHj33XfR6/XU1NTg6elJVFQUY8eO tZUpKipi27ZtzJ8/n5ycHLKysjCbzfTr14+5c+fi4+Njew+FhYX88Y9/dJgwLT09nZycHKfbhM4j JiZmRv0SnMyfP19qyXxJHaWgoIDk5GQuXbqEJElfm0ymqe057fbNEE8Orcza4bxx40bS09MxGAx2 20NCQnj66acJCQmxez0jIwO1Ws2VK1fw9vYmLy+P5cuXk5GRYSuTnZ3NrFmz2LdvH71798bPz4+K igoSEhJ4/PHHbeXMZjNqtZr4+HjMZjN+fn5kZmaydOlSh/oePHiQOXPmkJGRgbe3N97e3qSnpzNn zhyOHq0bh2M0Gtm1a5ctIEHdRTktLY3U1FRKSkpsr+fl5bFr1y5cXV0b/Yzy8vL43e9+x549e/D2 9qZ3796kp6cze/Zs8vPzgbr879///vds3rwZk8mEn58fxcXFrFixgj//+c+2Y1VUVLBnzx5WrVrF li1bCAgIIDAwkF27djFv3jyKi4sBcHV1Zc+ePRw6dMihPps3b6aoqEgEhk4sJiZmkiRJOwBmzpzJ qFGjOrpKTaqqquLvf/87GzZs4NKlSwBHZVmO6CqBAcSTQ6sLDAxkxYoVbNy4kdWrV+Pq6kpISAih oaGEh4cTFhbmtK+huLgYrVZLaGjdnF9FRUXMmjWLtLQ0Jk6cCNRdxNzc3Ni+fTve3t62fZ988kmO HDlCcXEx/v7+7N69G71ej1qtZsGCBUDdXfiyZcuoqKiw7WftoO7duzdvvPGG7Zjl5eUsWrSI1atX 8+GHHzJ27FgSEhL47LPPbEEtOzsbV1dXjEYjn332GY888ojtdaVS6fDEY2U2m1m1ahWurq5s377d dmdfWFjIvHnzeP3119m0aRPr16+nqKiI9evX8+CDD9r2XbduHbt27bLNkGlVWlrKG2+8YXvamTx5 MosWLWLDhg1s2rSJyZMn2wJ2wycovV5ve79C56RSqSKA9wCXBx980BIZGdlpb2otFguffPIJe/fu xWAwIElSjSzLa/z8/F7ujBlJTem0H3JX9thjj7Fz507mzJmDn58feXl5pJXDiWkAAAuGSURBVKSk oFarefjhh2135A2NHj3aFhgAAgIC6NevH6WlpbbX1Go1L7/8sl1gABgwYACALTvqwIEDuLu7M3fu XFsZd3d3lixZYrffwYMHMRgMLF682O6YPj4+REdHU11dzcGDBwkMDMTf35/jx4/bymRnZzNs2DB8 fHzIzf3vgM6srCzCwsLw9PR0+tnk5eVRXl7OnDlzbIEB6oLqM888w+TJk6muriYrK4vw8HBbYIC6 JrQnnnjC9hTQ0IwZM2yBAWDw4MGMGzeOY8eOUV1djaenJ+PGjeP48eO2pj+oa1JydXVlwoQJTusr dCyVStUf2AN4jB49unbWrFmd9pp1/vx51q5dS2pqqrXFYJckSf11Ot1fulpgAPHk0GYCAgJ46qmn eOqpp6ioqECv15OVlUVmZiYrVqxg8+bNdmMeAgMDHY7Ro0cPuwtZREQERqORvLw8Ll68SFFREUVF Rej1erv9CgsLCQ4OdmjaGTx4sN3v1vb+QYMGOZzb2p5rLTNmzBh27tyJwWDAxcWFvLw8Fi5ciIeH h+38xcXFFBUVNTnhWWFhIfDfgNaQtY8iLy8Ps9nsUF8AT09PgoKCbM1PVg0Dq1VISAiZmZnk5+cT FhZGVFQUGRkZpKen89hjj2E0GsnIyGDcuHGNBjOh48TFxQVYLJZPAK8hQ4ZcnTdvXveOrpMzly9f 5oMPPrDd9CmVym9NJtPCpKSkAx1ctZvSaaNwV1VSUuJw4fL29mbixImsXbuWhIQEzGYzW7dutSvT VBu91aFDh4iKimLRokWsXbuWY8eO4enp6XBhrKysdNp0de1rRqPR6esN63PlyhWgLjCZzWZOnjzJ 6dOnMRgMjBo1itGjR1NRUUFRURHZ2dkAjBs3rtH3YA12Tb1fs9ncaL2gLmhWV1c7vHatay/44eHh +Pj4kJ6eDtQ95RgMBqKiohqti9Ax1Gq1r8ViSQd8AwICrsTExHRv75lSr8disXD48GFWr17N0aNH USgUtQqFYu2VK1eCunpgAPHk0Op+//vf4+7uzocffuh0e1hYGD4+PnbNRc1RUVHB6tWr8fLysvVN WC+eOp3OOtUvAH5+fg4XT/hvMLCyptlevuw4Zbz1Im5tbrI2FR07dgx3d3c8PT0JDg62LYBizRQK CQmxay66Vu/evRs9Z1FREQaDwXahtwama5WXlzvMs//TTz85lLN2lFuDhFKpZMqUKaSkpFBcXExG RgY+Pj4Oo9aFjmcymX4H9K9PWe3RrVu3jq6SnfPnz7Njxw4uXrwIgIuLS2ZNTU1cV+pwvp7OFYpv AaNHj6akpIS9e/c63V5UVERFRYXTZpWmnDt3DoPBwOTJkx06teun+rUJDQ0lPz/flqljZb2zb1gO 6obzX8ua1WMto1QqGTNmDNnZ2eTl5dmyRfz8/AgICCArKwu9Xt/kUwP8twmrYf+F1fr164mLiyMo KAhPT09bWmpDhYWFFBcXO3x+R44ccTjesWPH8PLysmuyszZd7d69m2PHjjFlyhQxGLETUigUaZIk 5cuyLG3cuNE6a2mHMxgM/OMf/+Dll1/m4sWLKJXKbyVJmp6QkDD+VgoMIIJDq1uwYAHu7u6sWbOG devWodfrKSkpoaioiPfff5/Y2FgAu87i5ujTpw9Ql11jfQIwm838/e9/d7gwzp07F6VSyQsvvGDr pC4sLCQ+Pt6uXEREBIGBgbz11lt2KbN79+4lJSWFwMBAu5TBiIgIiouLOXv2LMOGDbO9HhYWRk5O Dmaz2W4MgjOBgYGEh4eTlpZmF0Dff/99cnJymDFjBq6urkRHR1NcXMy6detsT0HFxcU888wzKJVK h89v3759tuMZjUbWr19Pfn4+8+bNs7v4+/v7ExoaSmpqKkaj0S7jSeg8EhMTi5RK5VhJkj6tqKjg 5ZdfdmiubU9lZWWkpaWxevVqDh8+jCRJRlmW/3zlypUgrVa7u8Mq1oZEs1IrCwgI4G9/+xsvvPAC aWlppKWl2W339vYmPj7eaWdrUwIDA5k+fTq7du1i0qRJeHt7U1FRgZeXF8uXL2fjxo2cO3eOsLAw goODWbduHc8//zxTpkzBx8eH8vJyoqKi7MYkKJVKXn31VVauXMmqVatYt24dUDcFSEhICK+++qrd hTUiIgKlUonRaGTkyJG210ePHk1aWhr+/v5OO9avtWbNGlauXIlGo7EFrOrqasaMGcPixYuBugD3 3XffkZqaahsPUV5ejqenp22QXUOjR49mzZo1bNy4EaPRiMFgYPr06U6DcFRUFGvWrGHw4MF2GU5C 55KQkFCmVqsfqq2tfcNgMDz66quvEh0dzYgRI9rl/DU1NeTm5nL06FHOnz9ve12SpExZlpckJSV9 1S4V6SAS2OYq0YSFhREWFtbBVbp1nD59mnPnzlFZWYmbm5vtrrlhZ6zRaOT06dP06dPHoR09Pz+f mpoauwvh6dOnOXnyJIDdnX1eXp5DE0pFRQWHDh2isrKSQYMGER4ejl6vdziX2WxGr9fbmqeczR7b 8PxGo9Hu78T6Hry9vVt0sc3JybGdc+jQoU4DZnFxMdnZ2VRWVuLv709ERIRdR7Neryc2NhaNRsOQ IUNszWGjRo1qNFCdPXuW3//+9zz99NPXXUpSaB69Xm/NWtPodLr/a+3jx8bGbpBleSXUNQ02tTb0 zTp//jyffvopJ06coKamxvqymbqU2vjOsEpbexDBQejSGgaH5jYRvfbaa+zcuZMDBw6IFNZW0tbB AUClUj0OvAYoR48ezbx581ptreeqqiqOHz/O0aNH7fo3FApFtcVi2apQKF7r6DWd25toVhJuC9YB fd999x3bt29n1qxZIjB0MTqd7m8qlaoI2Hns2LGfXbp0icWLF9Ocld+csVgsfPnllxw9epRTp05Z 11cAQKlUXjCZTK8pFIqtiYmJjql1twERHITbgpubG2vWrAHqmuOaWoBe6Lx0Ot0/Y2Njx8myvPfc uXO9X3rpJZYtW0avXr2afQyLxcKePXs4evSodSU2AJRKZaXZbE4B0rZs2XJbNB01RQQHoUsLCwuz m76jMda5nGpqaggJCRHpq12YVqvNjYuLGynL8v6SkpJ+a9euZdmyZTR3XYejR4+yb98+wBYQ3pMk aUfv3r0PdcVpLtqKCA7CbUOsfnfrSExMLFKr1cNqa2v3VFVVjduwYQOxsbEMHDjwuvtanxZkWU7s 3bv3UhEQnBPjHARB6JISEhIu//KXv5wAvF1TU8Prr7/O4cOHm72/JEllIjA0TgQHQRC6LI1GY9Lp dPMAjcVi4R//+AcffPBBR1frliCCgyAIXV59+mw0YNq/fz/JycnU1tZ2cK26NhEcBEG4Jeh0um2S JD0E/OfEiRNs3LjR6QSPQvOI4CAIwi1Dq9VmKhSKkcA3BQUFbNiwwTa/mNAyIjgIgnBLSUxMPOPi 4jIcyCsrK2PDhg0UFNxSE6a2CxEcBEG45SQkJJS5uLiMAfZXVVXx2muvydY5yYTmEcFBEIRbUkJC wmU/P78oWZYTjUajlJSUxEcffdTR1eoyxCA4QRBuWfXjGBbHxsYWWSyWl9577z169uzZ0dXqEsST gyAItzytVvuyJEmzgasN51MSGieCgyAItwWtVrsTmAD8UP/SD00Uv+2J4CAIwm1Dp9MdNZvNo4A4 Pz8/bUfXpzMTfQ6CINxWtm7dWgCI3NbrEE8OgiAIggMRHARBEAQHIjgIgiAIDkRwEARBEByI4CAI giA4EMFBEARBcCCCgyAIguBABAdBEATBgQgOgiAIggMRHARBEAQHIjgIgiAIDkRwEARBEByI4CAI giA4EMFBEARBcCCCgyAIguDAbj2HkpKSjqqHIAhdmLh23HqswaEMoLS0lNLS0g6sjiAIXVxZR1dA aB2S9QeVShUL+HZgXQRB6NrKdDqdWHpTEARBEARBEAThtvH/AeVLQEYaTgygAAAAAElFTkSuQmCC --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="p2m.png" Content-Disposition: attachment; filename="p2m.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q7n2 iVBORw0KGgoAAAANSUhEUgAAAXMAAAHFCAYAAAAAKRn6AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFC0oxFF5PgAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7L1/VFNXuv//jhz0OE1tHNM2dtJpGFHpNJ3GmfgpTrEm I71ixSt+xUtc4BgvCFFxFT/Sj8wqXaTf6pKu0q+4igqIY7iFa7iNH2GE2ziFIY7pBYc4piO9Ro2X 9DZT0jGdya1xjBLY3z/oOSUm/FIUxP1aK0s5Z599nrOT8z77PPvZ+wEoFAqFQqFQKBTK+CPg/pOT k5NGCIkbT2MoFMqDi0AgcFRUVNSNtx0PKwKAF3LjeBtDoVAebAQCgYYK+vjAAADXI583bx7mz58/ vhZRKJQHjosXL+LSpUugb/fjBzPwj/nz5yM5OXm8bKFQKA8wly5dGm8THmqmjLcBFAqFQrl7qJhT KBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwC qJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJIAZvkgoNpsNHo/nXthCoVAmIBKJ BEqlcrzNoAzDqMTcZrPh0KFD98oWCoUygaGCPrEZlZhzPXKakYhCeTjgMgjRt/GJz6jdLADNSESh PEzQDEIPBnQAlEKhUCYBVMwpFAplEkDFnEKhUCYBVMwpFAplEjChxdxut0OtVg/6ef311+FwOMbb zAnFsWPHEBMTMyZ1+Xw+7N69GwsWLEB0dDQEAgGmT5+OxYsXo7q6GsFgcEzOMxb4/X7Y7fZB97vd bqjVamzbtm3YutatW4eVK1ciGAxi+/btUKvVI7IhGAzCZrON2OY7obq6Gmq1eshrpTycTGgx9/l8 sFgsEQXb6XSipKQECxYsQEtLyzhYN/Fob2+HVquFy+W667qsViueffZZFBYWAgByc3Oh1+uh1Wrh dDqh1Wp5wRtvnE4nnn32WTQ0NAxaRiqVwufzoaysDG63e9ByNpsNRqMRYrEYDMPAbrfDYrGMyI4F CxZg//79ozV/VLhcLlgsFvh8vnt6HsqDx4QWc46kpCS0traGfL744gsYjUYEAgHk5uaOt4njTl1d HV555RX4/f67rsvj8WD16tXw+/0wmUw4d+4c9u7di6KiIhw8eBBdXV1ITU2F2WzGvn37xsD6u8Pt dg8p0BxZWVkA+ttqMKqrqwEAOTk5AICjR4+iq6trRHZ0dnaOqByFci94IMR8MNLS0qBUKuFwOPib 2eVywefzIRAIwGKxwOl0hhzj9/thtVphsViG7cE6HA5YLBbYbLZBe6BerxcWi2XY3hLXw2tvb0cg EIhYxuPx8HWNZpKGWq2GRqOBXC6HXC4ftJzL5RqR6L3zzjvwer0oKSnBmjVrwvazLIsPPvgAEokE paWl/Hav1xuxTf1+P1wuV8QHDdfTtFqtgz6IOPdFpO/C5/Phq6++4v/vcrkG/a7S0tLAsixqamoG PY/RaIRcLkd8fHzEMl6vl2/Dzs5OtLe389c38FoDgQACgQD/e7wdt9sd8Tv2+Xz873Oo3wqFEpHs 7Oyi7OxscuLECTIUJ06cICMpN1a0trYSAESr1Q5aRqVSEQCkq6uLEEIIAJKfn0/i4uIIAAKAdHR0 EEIIKS4uJkKhkN8OgKhUKtLd3R1SZ0dHB1EoFCHlpFIpOX36NF/m2rVrRKfTEYZh+DIMw5D8/HzS 09PDl7tw4QKJjY0NqUskEpHy8vKQujQaTUgZAESj0ZAbN24M204SiYSUlZWRnp4evj0iAYDIZLIh 6+rp6SFCoZBIJJKQ64jE6dOn+XYnhBCtVhvx3AaDgQAgBoOB39bd3U1SUlLC2qW0tDTkWLPZTCQS SUg5iURCGhsbCSGE6PX6sHYbaNPtcO18/vz5sH319fUEACkpKeG33d6eWq2WyGQyUlJSwp9PJpOF 2dDa2sr/fvV6fdi5ZDIZUalU/N/Xrl0jWq025PfEtUl9fT1fjrve1tbWQa9xLBnpPc+Vy87OLhp7 haKMhAe6Z+7xeGCz2SASiSCVSvntVVVVEAqF0Ov10Ol0UCqV2L17NwoKCqBSqdDR0YGuri6UlZXB ZrNBrVbzvUKPx4NXXnkFHo8HJpMJXV1daG5uRjAYxMqVK/ne1MaNG1FeXo78/HxcuHABFy5cQF5e HkpKSvD666/ztnB+5dbWVnR1daGjowOxsbHQ6XT8a/k777wDo9GIsrIydHV14fLly9DpdDAajXjv vfeGbYeuri5s3boVDDP0hF6ZTBbSTpGw2+3w+/1QqVTD1peQkACZTDasfbcTDAaxfPlyNDY2oqSk BF1dXTh//jySkpKQl5eHw4cPA+jv5Wo0GshkMv47a25uBsuyyMjIgN/vx4YNG/i3A61Wi9bWVkgk kkHPPZSrxWAwgGVZbNiwYUj7vV4vdu3ahby8POTn56OkpAStra0AvnMJKhSKUbXJtm3bYDAYUFhY iMuXL6Orq4t/g9BqtbSHThmWO5rOf79xOp28L5PD5XLBYDDA7/ejuLg4RHgCgQA+/vhjiEQiAP2i sGvXLsjlchw/fpwvu3XrVrAsi6ysLOzfvx87d+7E/v374fP50NzcjKVLlwLoF0GDwYDk5GS0tLRg zpw5MJlM0Ol02LNnD3/ed999Fy6XC2VlZdixYwdYloXT6YROp4NKpeLrOnToECoqKvgb1Gq1QiKR ICcnh7ft4MGDADCkMHGwLDuidhyJ7/fKlSsAgLi4uLB9Pp8vostAIpGM2AagP+LGbrejpKQEO3bs 4Ld/8MEHcDgcKCwsxIYNG2Cz2eDz+aDRaPhFnmQyGcrLy9HY2Aiv1wuZTIYXXniB38e182AsXbqU /z7ffvttfrvX60VjYyNSU1MhFouHrIP7ze3cuTNsn0QiGdaGSDgcDqSkpKCo6LuOrUwm49vJ4/Hc 0YOT8vDwQIi51WqF1WoN2y4SibBr166wm0qhUPBCDgCnTp1CIBBARkZGWG8zPT0dOp0OFosFO3fu hNlshlgs5oWcY+nSpejp6QHQ35MG+numt/uI4+PjYTKZ8MknnyAtLQ0ymQxVVVUAgJSUFCxZsgQK hYIXa6B/NTqLxYLly5cjIyMDy5Ytg0QiCSlzvxgqOmXfvn3Q6/Vh21tbW0clYI2NjQCAF198MWL7 lZeXw263Qy6Xg2VZFBYWwu12Y9WqVYiPj8eyZcuwbNmyEZ/vdrKyslBYWAir1YqEhAQAQG1tLYLB IN9zH467OX8k2traQv4OBAJwOBx8JJfL5aJiThmSB0LMk5KSwgRbLBYjLi4uoisgNjY25G+v1wsg ci+XZVlIpVJ+oNTr9UZ0RQw8D3eDZWRkDGozV98HH3zAu2TKy8vBsixUKhVyc3OxYsUKAEBRURGc Tifq6+vR3NwMoP+BpNFosHXrVgiFwkHPM9bMmTMHACKGgy5ZsiREzLnB2tHCDSAuXrx40DJ+vx9i sRhGoxE6nQ4lJSUoKSmBUChESkoKcnJyeCEeLRs2bIBer0d1dTVfh8FggEwmC3uID8bAzsJYEAgE UFFRgcbGxpAB/dG88VAebh4IMR/tq+twvt7bCQQCIUI/XHgfV7/RaMSTTz4ZsQzXi0pISMDly5dh tVrR0tKC5uZmmM1mmM1mlJeXIycnB0KhEMePH4fb7UZTUxPMZjOam5tRUFAAs9nM+2PvBwqFAkKh EFarFcFgMKQtVSpV2PdwJ2LOMdR1cT7nVatWYcWKFTh16hTfbjU1NTAajTCbzSMW34FIpVIkJSWh vr4e77//PpxOJ+x2O4qLi+/4Wu4GbgzBYrFApVIhIyMDCoUCL7zwAurq6iK+DVEot/NAD4COlOee ew5A5N4mFyLGiW9sbCzcbnfYgFMgEMDixYtRUVHB+5MZhuEFjvtIJBLcvHkTQqEQPp8PTU1NcLlc SEhIQFFREU6fPo3z58+DZVne/cKFokmlUuTk5OD48eO4evUq4uPjYbFYRhROOFawLAuNRgO3233H E2C4NyGO2x+O3JuTWCwOaz+hUIje3l4wDAOPx4OGhgb4/X4sXboU7777Ls6fPw+z2cyHEd4pWq0W Xq8XJ0+eRHV1NRiGQXp6+h3XF4nBetXBYDDkOz116hQsFguysrLQ2tqKPXv2IC0tDXFxcWFtSaEM xkMh5gqFgvdd3x7bu3v3bgBAamoqgH6/diAQ4CMqOKqrq2G1WiEUCrFmzRowDIPi4uIQoQoGg9i0 aROSkpLg8XjgcrmQnJwcFpEik8nAMAz/qr5x40asX78+pC6WZfm3hbF61R5pnPmePXsgkUiQn5+P 3bt3R3ywVVdXo6ysDMB3byrcwOGnn37Klw0GgzAYDCHHc2391ltvhWz3+/1Yu3Ytv7+lpQUpKSlh 38UzzzwD4Lt2uZP2WbVqFSQSCUwmE4xGI5KSkoaN9BkJA8ccuA5Ce3t7SJnbl0LgBPt2n7jH47mr Bxbl4eKBcLPcLQzDoLy8HMnJyVi4cCFyc3MhFotRX1/PRzBwvbLMzEwYjUbk5eWhs7MT8fHx6Ozs RGlpKRISEpCWlgaGYVBYWAi9Xo9FixZBp9OBYRjU1NTAarWioKCAn7yTlJSEsrIy+Hw+qFQqBAIB PgonLy8PAFBYWAitVsvXJRQK0dzcjPr6emi12mGjK0ZKTEwMZDLZsFEtYrEYra2tWL16NQoLC1Fc XIzExESIRCJ+iQWfzweRSISysjLe75yWlobS0lJoNBrodDqwLAuj0Rjm9lq2bBkyMjJQU1ODxYsX IyMjA8FgEOXl5XC5XCgvL+cfmsXFxSgoKIDL5YJSqYTX60VZWRmEQiE/S5MTwbKyMrhcLrzxxhth 4ya3wzAMMjIyUFpayp/7buF+U+vXr0dmZiZUKhUSEhJgNpuxevVq/rfU2NgY8uBYsmQJhEIhiouL wbIsFAoF7HY7SktLIRQK4fV6cfPmzbu2j/IQMFEnDZ07d46oVCpSXFw84mOGKt/W1kaSkpL4iUNx cXGktLQ0bHLMtWvXSF5eHpFKpfwklby8PHLt2rWQckajkcTHx/MTPeRyOSkrK4tYFzdxiGVZkpCQ QMxmc1hdSqWSrys2Npbo9fphJ+7cTl5eXshklNvbRqPRjLiuGzdukLKyMqJSqfg2Y1mWxMfHk+Li 4rDJVoT0T7xRKpX8hJf8/Hxy+fJlolKpQq65p6eHlJWVEblczk+4SkhIICaTKaS+7u5ukpWVRcRi MQFAhEIhSUpK4ieCcZSUlJDY2Fgik8lGPKHmwoULRKVSkeTk5EHb+fb2LC4ujjjRjLt2uVxOZDIZ qaqq4u3XaDREKBTy19jR0UHy8vJIXl4ef2xbWxtJSEggDMMQhmGIUqkkBoOBbzuuPoPBQFQqFTl3 7tyIrvFuoZOGHhwEQL+YA9CvXLlyyHRwjY2NOHHiBIYrR6FQJgcjvee5cgD0lZWVbw1akHLPeCh8 5hQKhTLZoWJOoVAokwAq5hQKhTIJoGJOoVAokwAq5hQKhTIJoGJOoVAokwAq5hQKhTIJoGI+Bmzb tg1qtTpszfWRsG7dOmzfvn3YclxW9tGkk5so2O12PProo2Ep/ACgoaEBy5cvx8yZMyEQCCAQCDB3 7ly8/vrrIdfa2dkJtVodkvgjElwSkXXr1oXtCwQCWL58OdRqNWw2W8TjnU4nHn30Udjt9lFeJYUy vlAxv0u4ZBQ2m+2OVt1rb28fkXBwuTIftIwz3Ho1WVlZIVPs/X4/li9fjpSUFNhsNqSkpECv16Og oABisRglJSV4/vnn+baRy+VwOp0oKysbclXLlpaWsOnyHNyKlO3t7YNmcIqNjUVWVhY2bdo05Nru FMpEg4r5XcL1xnNzc+FwONDS0jLOFk0samtr0dnZGbYe/ebNm2E2m5GVlYWuri4cOXIERUVF2LNn D9ra2mA0GuHz+bBx40b+mKysLAQCgYgp3zi4VGuZmZlh+6qqqiCTyZCamor6+vpBVyTcuXMnOjs7 UVtbeyeXTKGMC1TM75KqqiooFAq89tpr/IJeQ2G322GxWCK6HAbi8Xj4DO2ReohcFvhgMMj32m/v sXJ1WK13lvl+INw5uEW2RkIwGMSuXbuQmpoasl68zWZDTU0NEhIScPDgwYjJN9LS0pCbmwu73c4/ IDmBHmwlQb/fD5PJBJVKFZb2zu12o7m5GYmJicjIyOBXfoyERCJBamoqdu3aRXvnlAcGKuZ3wcmT J+F2u5GRkQGJRMInPIjk13Y6nVi4cCEWLFgAtVqNuXPnYvPmzWHlgsEgtm/fjqeffhpqtRqLFi3C ggULwsT/2LFjiImJweHDhzF37lyo1Wo+cw+3lOzs2bP57Y8//ji/3C+H1WrF3LlzsXDhQqjVaixc uBBPP/00Ghoa+DJerxfLly9HTEwM1Go11Go1Hn/8cWzevHlYoTt58iScTic0Gk3Idm5J28LCwiET iezYsQOnT5/GkiVLAHyXVKK5uTniUr51dXUIBALQarVh+7hlZ9PT07F06VJIpVJ+Cd9IpKamwul0 0jctygMDFfO7oKqqKiSpgVarRTAYDFt/mxuUczgcMBgM6OrqgtlsRn19fVgOzHfeeQelpaXIyMjA hQsXcP78ecTGxvLug9vJz8+HVqtFYWEhcnNzAQArV65EfX09iouLcfnyZZw/fx4ajQaFhYW8rzgQ CGDt2rVgWRZtbW3o6urC6dOnIRKJoNFo+AfSr371K1gsFhiNRnR1deHChQvIyMhAeXn5sG6I+vp6 AODFmMNqtYJhmLDttyOVSpGQkBAi+FyOzkiuFoPBAJFIhLS0tLB9nItFpVKBYRhoNBq4XC6cPHky 4rm5DEYmk2lIGymUCcVEXQJ3InP16lXCsixJTk7mt924cYOIxWIilUpDllQ1Go0EACktLQ2po6Oj gwDgl1i9ceMGEYlERKFQhJTr6ekhCoWCACBdXV2EkP6lUAGQjIyMkLKNjY0EANHr9WE2JyQkEJFI RG7cuEG6uroIAFJQUBBS5vTp00Sn05ELFy4QQgiJjY0lcrk8pMyNGzdIRkYGqa+vH7KN5HI5iYuL C9vOsiyRyWRh23t6ekhXV1fY5+rVqyHnFovFYW10+fJlAoDk5uaG1dva2hrWJufPnycASEpKyqD2 x8XFhV37wwZdAvfBgfbM75Da2tqwV3qWZZGamgq32x3S4+PyZN7eY1QqlSG+XbvdDp/Px2fa4eB6 kpFITEwM+dtsNgPozz3qcrlCPgkJCfD5fGhvb4dYLOaTS2zfvp2PlOH82JxdSqUSnZ2dWLlyJWpr a+H1esGyLD744AOsWrVqyDZyOBwRk2gP5p5xu92IiYkJ+wwMR2RZFlqtFna7HZ2dnfx27i1hw4YN YfVyb0oD98nlciiVSjQ2Ng6afUkikURMNUihTEQeikxD9wIuf2dJSUmI75VzT5SVlWHFihUAwPu7 IwnbwG1XrlwBgIhhdZGOBb5LocbBnet2kR/I559/DpVKhZqaGmRlZaG0tJTPapOYmIjc3FzezbB3 7154PB40NjaisbERQP+DQqPRICcnZ0ifdzAYDEuFBvSH/zkcDgQCgZCUbyKRKCR5sc/nQ2lpadjx GzZsQElJCerq6viMTgaDAUqlEkqlMqSsz+eDyWQCy7IhkTFA/3fFucWKisI7lFKplA6AUh4YqJjf ATabDZ2dnVAoFGFREzKZDH6/H2azGS6XCzKZbMQ5Ksci1ycnrs3NzYiKiopYhrN5xYoV+OKLL2C1 WnHy5Ek+VV19fT1MJhPWrFkDiUSC1tZWOJ1OPk6bi5Cx2Ww4cuTIkPZEiotPSEiAw+HAqVOnsGzZ Mn67SCQKEVWXyxVRzOVyOeLj42EwGPD222/DYrHA5XKhoKAgrCw3KJqYmBj2kJTJZDAajSgvL8cb b7wR9mB60GL6KQ831M1yB3Cv7Xv37sWRI0fCPvn5+QCAiooKAOB7j5FmHQ4cAH3uuedGVG4ouIk5 06ZNC8l6r1KpIBKJ0NvbC6FQCI+nP/O91+uFSqXCnj170NHRgdOnTwPo7+kGg0E+PDI2NhavvfYa PvroI3R3dyMuLi4sUfPtiESiiJE9nLujsLDwjnu+Wq0WbrcbVqsV1dXVYFmWH4geSFVVFViWxdGj RyN+VykpKXxb3I7H4+GTblMoEx0q5qMkEAjAaDRCKpVCpVJFLJOeng6WZVFVVYVAIMD7ym+fddjU 1BQi0nFxcVAoFKipqQkRQb/fP6xwcnDn2r17d4hQ+v1+rF+/HsnJyfD7/Th79ixSUlL4Bw4H5xbh Yr9Xr14dFoYoEokgEokixocPRC6Xh/i1ORISEpCVlQWbzYbly5dHjLm32Wy8WySSKyc9PR1CoRB1 dXUwmUzQaDRh9tjtdthsNiQlJQ2aFJtLCs25zQbicDj4BzGFMtGhbpZRcuzYMfh8Pj4MMBJisRjJ yckwmUxoaGhAWloadDodysvL4ff7kZKSAqfTidLS0rCe3/vvv8/HfOfl5YFlWZSVlY14ok58fDzy 8/NRUlICtVrND5yWl5ejs7MTxcXFkEgkWLZsGRQKBXbt2gWPx4P4+Hj4fD6UlZWBYRh+ElR+fj4K Cwv5uliWRX19Pdrb20P825FQqVSwWq28u2kgBw8eRDAYhMFgwNy5cxEfH4+4uDh+EhM38KjRaLBn z56wuoVCIVJTU/kHJifKA+HeoCLFnQ+0USaTwWw2w+Fw8C4ol8vFv7VQKA8MNDRx5BQUFBCVSkXO nz8/ZLnW1laiUqlCQv9KS0uJTCYjAIhMJiM1NTVhWdoJ6Q9ZVKlUhGEYIhQKSVZWFjGZTCFZ4c1m 85BZ2svLy4lSqSQA+GzvRqMxpMzVq1eJTqcjUqmUAP2Z7xMTE8np06dDypWVlRG5XE4AEABELpeT srKyYduKC/8rLy8fsp0yMjJ4GwCQ2NhYkpWVRdra2oasn2un1NTUiPtTU1NJYmIiuXHjxpD1VFVV EZVKRQwGA7+tvLycABj2e57s0NDEBwcB0C/mAPQjzcA9XDkKhUOtViMQCKCtrW28TRkVixYtglAo xMcffzzepowrI73nuXIA9JWVlW/dNwMpPNTNQrmnFBUVQa1Ww263Q6FQjLc5I8Jut6O9vR2tra3j bQqFMmLoACjlnqJSqaDRaPDmm2+Otykj5q233oJGo6H+csoDBRVzyj3n/fffRzAYHHalyImA0+lE IBDA+++/P96mUCijgrpZKPccsViMjz76aLzNGBGxsbEPjK0UykDuSMwvXrw41nZQKJQJCL3XHxxG JeYzZswAAFy6dAmXLl26JwZRKJSJB3fvUyYuoxLzl19+GQDwzTff3BNjKBTKxGPGjBn8vU+ZuIza zUK/VAqFQpl40GgWCoVCmQRQMadQKJRJABVzCoVCmQRQMadQKJRJwKgHQG02W8SEAxQKZXIikUjC 0vFRJh6jEnObzYZDhw7dK1soFMoEhgr6xGZUYs71yOfNm4f58+ffE4MoFMrE4eLFi7h06RJ9G38A uKPp/PPnz6frmVMoDwl0tveDAR0ApVAolEkAXTVxhLz1VnjyFIZhIJVKIZVKsWTJkoiJhx82Ojs7 0dLSAp/PB7FYjBUrVoTl/7wTvF4vGhoaYLPZEAgEAPQnwE5LSwup32q1oqWlBUuXLkVCQsKg9QWD QezevRsSiSQsf2ggEMA777wDANi5cydYlr1r+ymUew1VnxEyXPJiqVSK48ePP7SDRMFgEJs3b0ZV VRWEQiHEYjHcbjfy8vJQWlqKrVu33nHd7733HgoLCxEIBPi6/X4/DAYDCgsLkZubi3fffRcMw0Ak EkGv18NisQyZKailpQV6vR4FBQVh+xoaGvjvm3tgUCgTHepmGQVSqRRdXV0hn3PnzqGgoAButxvr 1q1DMBgcbzPHhYqKClRVVSE3NxdXr15FV1cXvvjiC8THxyM3NxdWq/WO6n3zzTeRn5+PuLg4NDc3 49q1a+jq6sLVq1fR0dEBpVKJ0tJSvPfeewAAuVyO+Ph4WCwWuN3uQes1GAwAgA0bNkTcJ5fLIZVK UVZWdkd2Uyj3Gyrmo4BhGMhkspCPQqHAnj17kJKSAqfTiZaWlvE2c1woLy+HVCrF3r17ebeERCLh M/bU1dWNuk673Y7i4mLExcXh9OnTWLp0ach+pVKJjz/+GDKZDMXFxbz7RavVAgBqa2sj1uvz+VBf Xw+VSoW4uLiQfW63G2azGYmJiUhNTYXVakVnZ+eobadQ7jdUzMcILlkxF8K1fft2bN++HQ0NDXj2 2Wfx/PPP4+TJkwD6xeT111/Hs88+i5iYGDz//PPYvXs3/H5/WL11dXVQq9WIiYlBTEwM1q9fD5fL FVLG4XBg/fr1fJnFixdHFM/a2losXryYL7d27dqwHrPdbsfatWv5MosWLcL+/fuHfePQaDQoKCgI Gzfg/NkDr2379u1Qq9XDhrvt27cPwWAQpaWlEAqFEcsIhUIUFhYiKyuLP0d6ejpYloXRaIx4TF1d HQKBALKyssL2HT58GACwZs0avtdeUVExpJ0UykSAivkY4XA4APT3RoF+Uayvr4dGowHQ3+ObNm0a PB4PFi1ahNLSUiiVSmi1WsjlchQWFmL58uUhoverX/0KGo0Gfr8fWq0WKSkpqK+vx6JFi3gXgs1m w8KFC2E2m5Gamsr3Sm9PolxRUYGMjAwIhUJotVpoNBq0t7dDrVbDZrMB6M9/uXjxYtjtdmRkZECr 1YJhGOTm5g6bkPmNN96I6Bc/duwYgH73B4fdbofFYuF70oNhNpshEonCeuS3k5mZiXfffRdisRhA v8BrNBrY7XbY7faw8gaDASKRCGvWrIm4LzY2FgkJCVAoFFAoFKipqYn4oKVQJhzZ2dlF2dnZ5MSJ E2QoTpw4QUZSbjICgMhksrDt3d3dpKSkhDAMQ6RSKblx4wYhhBCVSkUAEL1eTwghpKenhxBCiFar JQCI0WgMqaesrIwAIIWFhYQQQs6fP08AkMTERP5YQggxm80EAMnLyyOEEKJQKIhIJCIXLlwIqU+j 0RCGYcj5tHm1JgAAIABJREFU8+cJIYTI5XKiUChCyly+fJkwDMPbWFxcTADwx3B2K5VKIpfLR9li hHR1dRGxWEzEYjH529/+xm8/d+4caW1t5dsqElevXiUASEJCwqjPSwghp0+fJgBIQUFByPbLly8T ACQ3NzfsmObmZgKA7Nq1i99WUlJCAJDy8vI7suNBZ6T3PFcuOzu7aHxUjEJ75qPA5XJBIBCEfGbP no38/HwIhUIcPXo0LIzttddeA9Dvbw8GgzAajVAqlWERElu3boVUKkVNTQ2A/ogKACgqKgpxXSxb tgw1NTXYsGEDOjs7+V707b7fHTt2IBgM8j1joVAIh8PBuxiA/uTFPT09KCoq4m0E+l0NnAuEYRh0 dHTg/Pnzo26r5cuXw+fzwWg0QiQS8fsUCgVUKtWQIX9cTzhSuKfdbodarQ77VFdX82USEhIQFxfH tycHV+b2cEQAqKqqAhA6KJqeng6GYfh9FMpEhYYmjgKhUIjU1NSQbWKxGHK5HKtWrQoRLKDf5TJw m9vtRiAQGDR8UalUor6+HkC/ywMIdU9wpKenA/hugM9sNkOtVoeU4QSb868XFhYiJSUFGo0GQqEQ CQkJSE5Oxpo1a3jX0IYNG1BVVYXS0lLeDZSUlIQ1a9bwYwIjwWazYeXKlfD7/TCZTMO6SSLBuUwi uTcCgUDIuEEgEIDH44FKpQopl5WVhfz8fFgsFn6fwWCAUqkMa1duUFQmk4UNYstkMthsNrS3tyM+ Pn7U10Kh3A+omI8CsViMI0eOjLj8YD3P20WfgxvkGzjYOFjZgeUkEknEiTlxcXG8+KxYsQIXLlxA dXU1zGYz/8nPz0dVVRXS09MhFovR0dGBuro6mEwmWK1W2Gw27Nq1CxqNBkePHh32mo8dOwatVguh UIiPPvpoyIk7QyEUCiGTydDZ2Qm/3x8yABofH4+uri7+b4vFEvYwA/ofegUFBaitrYVKpUJLSwvc bjcKCwvDytbW1vIPCW7c4XYqKiqomFMmLNTNch/hBInrdd+Ow+GAUCgEwzB8WW5gdSANDQ1oaWnh e6+pqak4cuRIxM9Ad0JsbCzefvttdHR04OrVq6iqquIHOAfamJmZiY8++gh/+9vf0NzcDKVSCaPR OGzYZUVFBTQaDaRSKU6fPn3HQs6h0WgQCATuOJpEIpEgJSUFJpMJgUAABoMBQqGQf7MZiMFgAMuy uHbtGgghIZ+enh5IJBIYjUb4fL67uiYK5V5Bxfw+IhaLoVAoYDab4fV6Q/Y5nU7Y7XZeALl/uXBG Dp/Ph4yMDBQXF+Oll14Cy7IwGAxhoYPHjh3Do48+in379iEQCGD27NlYt25diC2ZmZlQqVS8QG3c uBEzZ87kXTQMw2Dp0qXQ6XQAMGQo4cmTJ5GbmwulUonTp08jNjb2TpoohB07dkAsFqOwsDCsHTgC gQA/vhAJrVYLn8+HhoYG1NfXIzU1NSzM0W63w2azISUlJWIIJMMwyMjIQCAQ4EMXKSNj06ZNy7Kz szds2rRpmU6nU+l0OtmWLVsk423XZIS6We4zhYWFSE1NxcqVK3Hw4EEoFAq0t7dj48aNAPpD/ID+ OGcuZFEikWDVqlXwer3Ytm0b/H4/8vPzIRKJkJeXh+LiYqxbtw7vvvsupFIpWlpakJubC4ZhkJaW BpZlER8fD5PJBJVKxQ/qNTU1obm5GYmJiQAAlUoFg8GAdevWYe/evbybo7S0FCzLDur7DgaDyM3N RTAYhFwux/79+8PKKBQKrFq1CkB/nLndbsfRo0d5f30kxGIxjh8/juXLlyMpKQnJyclISUnBnDlz cP36dbS3t6OqqgoejwdSqRQrVqwIq2PZsmWQSqXIz8+H3++POPDJCTQXRhqJzMxMlJSUoKqqCjt2 7Bi0HOU7cnJy0gghRgAQCATo6+sDAPT19SE7OxtTpkzxA/gfgUDwl2Aw+D9Tpkxx9fX1BQQCgYcQ 4hMIBD5CiCcqKupmMBh0VlVVDT6ll0LF/H6zZs0aVFVVIT8/HwsWLOC3SyQS1NfX8z1yhmFw4sQJ rF27NkRkWJZFeXk5li1bBgB4++23EQgEUFZWBpPJxJeTyWT48MMPebE8ePAg3G43dDod39MG+gdd P/jgAwD9A6AOhwMlJSX8QCzQL6pGo3FQ4bXZbLzraLCoD61Wy4v5SOPMgf43lPPnz2P79u1obGxE Y2NjyH6JRAK9Xo8dO3YM2qvWarXYtWsXP9V/IIFAADU1NfyiYIPBjT+0t7fzC3lRhoYQEgcAs2bN wqxZswAA165d4/ffunVLePPmTSGAH/j9fhBCIBAIACDk376+PkyZMgU6nc4PoK2vr+8TQkh7T0/P GYPBQP1e30LFfIR0dXWNalXEo0ePDjprMjMzE2lpaTh16hS8Xi+eeeYZJCQkRJw92dHRAZvNhs8+ +wwikQgvvfQS7ysH+sVq7969eOONN/DJJ5/A5/Nhzpw5iI+PD6lPIpGgo6MDnZ2d+PTTTwEAL7zw QlhUx549e7B161acPXsWPp8PUqmUd+cMhkKhCBmQjMRAoT169CgCgQCkUumQxwxsh+PHj8Pn8+HM mTPweDxgGAbz588f0cJmb7zxBjIzMwcV+3PnzoFl2WG/348++gg+n2/IQWlKODKZDD/96U+HLXf9 +nXcuHED169fx/Xr1/H3v/8d169fx7Vr13Dt2jX4/X4hgFcAvCIQCDB16lRs2bKlq7e39xQhpJ0Q cuYHP/hBp16vfygXSKJiPkJGu4zrUO4DoF/chuoJDkSpVA4rWmKxmO/5DoVcLo8Y7jgQblnfkcKy 7KjaZ7i2GQyRSMS/kYyGoezj1tsZ6fmpkN87HnnkETzyyCMhnZWB9PT04K9//Su+/vpr+Hw+eL1e /PWvf40hhMQA0AoEAnR3dwdycnJshBCrQCBoj4qKOnPgwIGHIk3SHYn5xYsXx9oOCoUyAZlI93p0 dDSefPJJPPnkkyHb/+d//gc+nw9ffvkluru72a+//joBQAIhhFua+cu+vr7ThJDWW7du1U1W18yo xHzGjBkA+tNI0VRSFMrDA3fvT0Qee+wxPPbYY3jmmWcAADdv3sSXX36JP//5z+ju7obP53sKQBqA tGnTpr2v0+nqCSEVFRUVk2qJ01GJ+csvvwwA+Oabb+6JMRQKZeIxY8YM/t5/EJg2bRq/6icA3Lhx A1988QU+//xzfPHFF9G9vb1rAazdvHlzd29vb8WUKVOqy8vLXeNq9BgwajfLg/SlUigUyvTp0zFv 3jzMmzcPPT09+Pzzz7nkKbMB6Pv6+vSbN28+1dfXd/DmzZsNBoNh+DCrCQgdAKVQKA8N0dHRiI2N 5ReZ+/zzz3Hp0iV8+eWXSwghS1iW9WdnZxsEAkF1RUWFbbztHQ1UzCkUykPJQGEPBAK4ePEiPvvs M+H169dzCSG5mzdvvhQMBg8IBILayspK7/A1ji90Oj+FQnnoYVkWL7zwAtatW4fExERIJBL09vbO EwgEpQKB4MucnJz/m5mZefdrVNxDaM+cQqFQvkUgEPCDp19//TX+8z//E5cvX47u7e1dzTDMquzs 7JJbt27tmYjhjbRnTqFQKBGYNWsWFi9ejHXr1kEul2PKlClTAPwflmWvZGdnbxi2gvsMFXMKhUIZ gunTp2PRokVYt24d5s2bB0LI9wEYtmzZcjYrK2vCLHBPxZxCoVBGwPTp07FkyRKsXbsWMTExCAaD P50yZUqbTqf7l4mwrO+ofeY2m23Ida0pFMrkQiKRjGhBs4eFxx57DImJifj6669x5swZ/PnPf14v EAj+n5ycnLdnz5793ngt9DUqMbfZbDh06NC9soVCoUxgqKCHMmvWLLz66qtwOp1oa2t7JBAIFH/1 1VdbNm3alH3o0KHI2VTuIaMSc65HPm/ePMyfP/+eGEShUCYOFy9exKVLl+jb+BDExsZCKpWira0N TqfzhwKBwKzT6Vp6enp0hw8fjpwj8h5wR6GJ8+fPR3Jy8ljbQqFQJiB0Ub3hYVkWarUac+bMwSef fAK/37+UYZiL2dnZ/6eysvK9+2EDHQClUCiUMeKHP/whUlNT8dxzz4EQMgVAiU6n+3DLli3hmVHG GCrmI0StVg/62bRpEywWy3ibOO54vV68/vrrWLBgAZ599lmsX78e7e3td11vMBhEbW0t1Go1Hn30 UQgEAkRHR2PBggV455134Pf7+bJNTU1Qq9UR85Debqtarcb27dvD9rndbv67pe4FymiJjo7Gz3/+ c/zDP/wDoqOj0dfXl0oI+WN2dnbcvTwvFfMRYrFYYLfbQ7YFg0G4XC5UVVWNSEAmM16vF4sXL0Zp aSkUCgVSUlLQ3t6OxYsXo6Gh4Y7r9Xg8WLRoETIyMuB0OqHRaKDX65Gbmwu/34+CggIsXLiQF90X X3wR7e3tKC0tHbLeuro6WCwWxMWF31+1tbWw2WywWCyorq6+Y9sp/Xz99df44osv0N3dDb/fjxs3 boy3SfeFZ555BqtXr8bMmTPR29s7VyAQnNu0adOae3U+Op1/FCgUCrS2toZtt9vtWLx4MfLz85GW ljZo2qvJzO7du+FwONDY2Minw3vjjTewYMEC6HQ6rFixYlQ5VIH+h+XatWths9lQWFiIoqKikDr2 7t2Ld955BwUFBdi2bRs+/PBDiMVipKSkwGg0wmq18gmyb8dgMEAoFCI9PT1sX1VVFZRKJfx+P8rK yrBjx45R204BAHgAwOVyweVyhe2Mjo7unTp1Kpk+fXovwzBTZ8yYIYiKisL3vvc9TJ06FVOnTsX0 6dPBMAxmzJiBRx555H7bf9c89thjWLVqFaxWK5xOJysQCEw5OTn/3+zZs3eOdQgj/YWOAQqFAlqt FmVlZTh16hTWrAl9+La3t0MoFIbl3rTb7fD5fBCLxUPm5fR4PHA4HGBZFgqFImJy5UAgALvdjkAg gLi4uEHzbHI3FsMwUCgUEZMc+/1+2O12BINByGSyEeXI9Hq9UCqVIXlNhUIhEhISYDAY4Ha7R51H ta6uDlarFRqNBm+//XbEMjt37oTZbIbJZILb7YZUKoVWq4XRaERdXV1EMe/s7ITNZkNWVlbY9Vss FjidTuTm5gIA8vLycPLkyRHna6V8R2VlZUVOTo4IAP/609fXJ+P+39PTI+rp6RFdv34dAGTDubSm TZuGxx9/HE8++SQef/xxPPHEE5g2bdo9sn7siI6OhlqtxpNPPon/+I//ACHkf3d3d/9Ir9evHUtB p2I+RnC9cc5/q1arAfQnR66pqQEAlJaW4rXXXkNTUxNyc3NDeityuRxHjhwJieX1eDzYtm0bTCYT v00kEqGkpASZmZn8tvfeew+7du2Cz/fd2j+pqak4cuQIL1Y+nw/r1q2D2Wzmy7Asi6ysLOzdu5fv eb711lsoLi5GIPDd+vwqlQpHjx4dMhHzBx98EHG7y+UCy7IhbytqtRoWiwVdXV1DCrzBYAAAFBUV DVoGAN5//334/X4+CfWyZcsgk8lgNBpDro2jtrYWAELakINzq6xZswYMwyA/Px/l5eVUzO+QioqK d0ZaNisrSxoVFSUB8ANCiJQQIpkyZYq0r69PJhAIZDdv3pS53W643W7+mBkzZvRKJJKoJ554Ak88 8QS+//3vQyAQ3ItLuWt+/OMfY+bMmTh58iR6enpSuru7PxxLQadiPgYEg0HU19cDAH72s5/x2202 GxwOBwoLC+HxeLBq1SpYLBakpKQgNjYWZrMZ8+fPx9mzZ5Gbmwu1Wo2Ojg7ExcUhGAxi9erVsNls KCkpwapVq+Dz+bB9+3ZkZWVh/vz5SEhIwL59+5Cfn4/k5GQUFRVBLBbj2LFjKCgogNfr5d1Cr7/+ OiwWCwwGA5YsWQK/348333wTZWVliI+PR3p6Ok6ePAm9Xo+srCzs2LEDLMuiqakJeXl52LRpE06c ODGi9vB6vXC5XNi/fz8sFgv0en1ID1gikUAmkw3rurBarYiNjY3o1x5IpLcarVYLvV4f1qsOBoOo qamBXC5HfHzosho+nw9GoxGJiYn8gyEpKQmNjY1wuVyjfrOgjI6qqio3ADeAiEkhtmzZIrx165Z8 ypQpPwMQJxAIlN988438m2++EXLhk1FRUb2PP/64QCKRTOEEfvr06ffvIoZh9uzZSEpKwscff4xA IJDy1VdffbJly5alBw4c8A9/9NBQMR8FHo8nbECMEwC73Y7k5OQQYfH7/aivr8fSpUv5bevWrQPD MPj44495wZDJZHjmmWewcOFCvPnmm/jwww9x8uRJtLe3Q6/XY8eOHfzxH374IZ5++mnU1dVBqVRC r9dDoVDg+PHjvDhy5fPz89HU1IQVK1agubkZcXFx2LDhu8Xejh49io0bN/JuGy7yZMeOHbyAbt26 FX6/H17vyNfm37x5M/82kZCQgJycnJD9R48eHbYOl8uFQCDAt9FAAoFAxCgTkUgEkUgEoL/XvWvX LhiNxhAxb2lpgdvtRn5+ftjxdXV1CAQC0Gq1/DatVovGxkZUVFRgz549w9pNuXd8K3jt3354MjMz YxmGeY4Qourt7VV5PB7FwN+HUCgkTz75pGD27Nn40Y9+NO6uGYlEgpUrV6KxsRE3btz4X1FRUS1j IehUzEeBw+EIudE5GIZBRkYGDh48GLZ9yZIl/N8+nw/t7e1ISUkJEymlUgmlUsm7QZqbmwEgzP8u kUhw7do1sCyLlpYW+Hw+qFSqkFdPoN+Pz9WzYsUKKJVKmEwmrF27FhqNBkuXLoVIJAoRVk7A165d C51Oh2XLliE2NhY7d+4cTTNh586deOONN3DmzBnk5+djwYIFaGtrG7OebXt7O+/GGoher+ddMlKp FImJiTCZTDh48CD/ZmAwGMCy7KADn0KhMKTNV6xYAbFYDIPBgKKioojjFZTx5dtZlk4ADQCg1WpF 0dHRSwEkCgQCld/vj/P7/bhy5Qra2tqITCYTxMXF4amnnho3m0UiEZKTkwcK+h+1Wu3/upt10qmY jwKFQoG9e/eGbBMKhYiLi4s4kCiVSkNcCZxPOzY2csKS2NhY2Gy2kLKRXAycoHACXlpaOmgoHlfP +++/D7fbDZPJBJPJBIZhEB8fD41Gg5ycHDAMg7S0NFitVpSXl/MDgLGxsUhJScGOHTuG9JkPhPP7 KxQKSKVSJCcnY/fu3aNa14dru9sfUkD/m4xer+f/drlcvH99IFlZWTCbzWhoaEB6ejr/ppSSkhIW ccQNiopEIixfvjxkXzAYhNfrRUNDA9LS0kZ8DZTx4VtBPPbtB1u2bJEEg8FlAFJ6e3uTrly5wl65 cgWPPPJIb1xcXNS8efMi3r/3GpFIhNWrV+Pf//3f4fP55k6fPr1Jr9cvuVMfOhXzUSASiaBSqe66 nmAw8nc1cNBx4LbhfmgFBQVYtmxZxH2cAEskErS1taGzsxNNTU2wWCywWCywWq2w2Ww4cuQIgH7R LyoqQlNTE5qbm2E2m1FSUoKamhpcuHCBd2OMFM7FwT2kRgr3sLFarWH+aplMFjIoyo0F3M6qVav4 XnV6ejrvRrnd7QMAhw8fBgAkJiaGtbdEIoHRaER5eTkV8weQAwcOeABUA6jesmWLsKenZ5VAIEi9 fv160tmzZ6POnj2L2bNn9/z4xz+OfuaZZxAVFXXfbHvkkUfw6quv4vjx47hx48bP//KXvxgAZNxJ XVTM7yMSiQQsy4ZNPuKw2+28+4X71+FwhK1Wt2nTJohEIqxatYrfdvtDxufz4ZNPPgHLsggGg2hv bwfLslAqlZDL5di5cyd8Ph8WLVqEmpoaHDlyBA6HA1euXMGKFSuwYcMGbNiwAcFgENu2bUN5eTlO njwZUcyCwSCeffZZxMbG4qOPPgrZx0X33EnsfVZWFqxWK15//XV8+OGHoz6eYRhotVqUlpbC4/HA YDBAJpOFtVUgEEBNTQ2kUumg53E6nbBYLOjs7BwyjJQysfnWL10LoHaAsGu7u7tV3d3dmDp1anDu 3LnMvHnz7tt8kUceeYQfaO/p6UnPzs6+WFlZGTkWdwjoDND7CMuySEpK4nvFA6murobL5eIXMON6 tPv27QspZ7fbUVVVBb/fj/j4eEgkElRVVYUNCO7evRvJyck4deoUgsEgli9fjk2bNoW8FXADhpzb hjvG6fxuoTeGYfhe8WBvCAzDQCKRoLm5GZ2dnSH73nuvf42hgQuzeTweuFyuQd9QONLT06FSqWAy mbBp06aQ0EuOlpYWfkp+pOgY7oG0f/9+WK1W6HS6sDJNTU3wer3IyBi8Q8SNlVRUVAxpM+XB4cCB A/5Dhw7VVlZWvgJgtkAgKLh165bns88+w/Hjx/Hhhx+Szs7OiG/MY41YLIZarebCKv/fnJycUb8C CgAgOzu7CIB+5cqVQ66G2NjYiBMnTmC4cpMRgUAAlUoVcQZoJNRqNVwuF7q6ukK2u1wuLFq0CH6/ H7m5uYiLi4PNZkN5eTliY2Nx+vRpvkewadMmVFVVITk5GSkpKfD5fCgpKQEAfkCxqakJKSkpkEgk 0Ol0kEqlaG5uRk1NDRISEtDa2gqGYfDWW29Br9cjMTERqampYBiGn2xTWFiIt99+G3a7HQsXLoRU KkVubi7EYjEcDgfKysogk8lw7ty5QcMJbTYb1Go1hEIh8vPzIRaLQ+z4+OOP+YfGSOPMgX7hX79+ PZqbm8GyLFQqFSQSCQKBAGw2G5xOJxiGgU6nw549eyI+cBYtWsS7eb744osw3//y5cthNptx/vz5 QXvdPp8Ps2fPBsuy6O7ufmgGQkd6z3PlAOgrKyvfum8GjjF6vZ7585//vEogEOQBSACAqKgo8sMf /lCwcOFCPPbYY/f0/J9++in+8Ic/QCAQ9BBCflFZWWkd6bFRAPCzn/1MBUA1f/58zJs3b9DCly5d wqVLlzBcucnIqVOnoFAokJSUNKLyn376KUQiEVJTU0O2c9u6u7vxr//6rzAajfjv//5v/PM//zOO HDkS8mr36quvYtasWfjtb3+LX//61/j973/PT+D50Y9+BKB/bflf/OIXuHjxIv7lX/4FJpMJf/nL X6DT6XDo0CFedFQqFWbOnInf/e53MBgM+M1vfoO+vj7o9Xo+WkUikeDll1/G2bNnUVNTA5PJBIfD wU9AmjFjxqDX+9RTT+HVV1/FZ599hl//+tcwmUz45ptvkJubG2IH1zYsy0Kj0Qw7HiAUCvHLX/4S CxYsgNfrRXt7O9rb29HZ2Ynvf//7+OUvf4mKigpotVpMnTo1Yh0zZ86Ex+PBP/7jP4Z9H36/H0eP HsXPf/7ziL12DpZlcf36dQSDQcTExPDtP9kZ6T3PlQNgOXv27Kn7ZuAYY7FY+v74xz9eOHv27JGf /vSnDQKBgCGEPOfz+ZjPPvuM9PX1CcRi8T1b3kEikeDvf/87vF5vFMMwK5977rlDdrt9RK8GtGdO oVAG5WHrmUfi22iYnQB0AFiWZXtffPHFqHvVoSWEoL6+Hl6vFwzD1B44cGBEA6LUZ06hUChDcODA AU9lZeV2hmFiBAKBIRAIkFOnTqG+vj741Vdfjfn5BAIB1Go1oqKiEAwG07Ozs0e0lsQdvStcvHjx Tg6jUCgPGPRe/45vQxw3ZmZm7p4yZcqeq1evpv7mN7/B3Llzb7344otTx3LZAJFIBKVSiTNnziAq Kupfs7Oz51RWVg45DXtUYs75TAf4xygUykPAUOMlDxvfzjhdu2nTJoVAIHj38uXLiS6Xq2fBggXR P/nJT8Zsoa/nn38eLpcLX3311QyGYX4N4B+HKj8qMX/55ZcBAN98882dW0ihUB4oZsyYwd/7lO84 dOiQHcArmzZtSu/p6Sn9wx/+IL5w4ULvSy+9FPX000/fdf0CgQC/+MUvYDKZ0NPTszInJ2dVRUXF oJleRu1moV8qhUKhfMehQ4dqs7OzTwLYe+3atQyz2QypVIqf//zndx3KKBQK8dOf/pRzt+zX6/VN g033pwOgFAqFcpdUVlZ6Kysr1wNIBuByu934t3/7N/KnP/3prut+7rnn8NhjjyEYDP7gyy+/DF8h 7luomFMoFMoYUVlZ2cQwzPMAygAIzpw5g9/97nfo6em54zqjoqL4VVAZhtmt1+sjelSomFMoFMoY cuDAAX9lZeU2gUCQAsB/5coV1NfXk0jLUYyUuXPnDts7p2JOoVAo94CKioqG3t7eBQA6fT6f4Pjx 4+T25T1GikAg4HvnUVFRe7Vabdh6ElTMKRQK5R5x+PBhJ8MwiwDUBINBQXNzM86cOQNCyKjrmjt3 LmbNmoXe3t6ZU6dO3XD7firmFAqFcg/51u2yHkAugOCf/vQntLS0jFrQBQIBfvKTnwAAoqOjwxYS omL+EON0OlFdXQ2rdfiF2aqrq3Hs2LFhy1mtVlRXV0fM0UmhPMxUVlbunzJlyisA/F1dXXck6Fzy jJ6eHkVmZmZIyjIq5g8xn3zyCbRaLZ9lZyi0Wm3EJMi3c/jwYWi1WjgcjrEwkUKZVJSXl1sALAfg 7erq4hJSjPj46OhoxMTEAAAYhlk/cB8V84eYOXPmQKvVIiEhYdiyWq02bPnYSCQkJECr1Y44XyiF 8rDx7RrliwF4PB4PPvroIzIaQedyCEdHR28auJ2K+UNMQkICjhw5gszMzGHLHjlyBO++++6w5TIz M3HkyJGIiagpFEo/lZWVDgBqAJ6vvvpKUF9fT27evDmiY6VSKaZPn45bt27NzsrKiue2UzGnUCiU caCystLR19e3EIDD5/MJfvvb35KR+NAFAgHmzJkDAJg6daqG207FnEKhUMaJqqoqd19f3yvod7kI fv/734/oOC7d4pQpU/iMIVTMKRQKZRypqqpyCwSClQD8ly5dwrlz54Y9hksv2dPTE8NNIKJiTqFQ KONMRUWFTSAQZAAI2mw2/Nd//deQ5aOjozFr1iwQQqZMnTpVCVAxp1AolAlBRUVFg0AgKAT6E0sP N1fKsRl3AAAgAElEQVTj8ccfBwAQQn4G3MF65jabjU4IoVAeIiQSCZRK5Xib8VBQUVHxTnZ2dmxv b29WS0tLb2pqatS0adMiln3iiSfgcDgwbdq0ZQD2jUrMbTYbDh06NBY2UyiUBwwq6PeHp556avOX X36p+Pvf/65sb2/HkiVLIpbj/OZ9fX2j75lzPfJ58+Zh/vz5d2UwhUKZ+Fy8eBGXLl2ib+P3Eb1e H8zOzl4P4NylS5fYmJgY/PCHPwwrN2vWLABAMBh8ArgDNwsAzJ8/H8nJycMXpFAoDzw0efv9p7Ky 0pGdnV0IoMRisfT+0z/9UxTLhq16i+nTp+PGjRvYsmWLhA6AUigUygTkqaee2icQCNpv3rwZZbVa I84mioqKAgD09fWxd9QzfxhxuVyD7pNIJIj01KSMLS6XC2fOnEEgEADQnxvxdj+uz+eDz+eDSCSC SCQatj6GYSCVSiPuA76bnEGh3G/0en1Qp9OtI4Sc7+rqEn7++ed45plnQso8+uij8Pv9ACCjPfMR EhMTM+hn5syZ2LhxI9eolDGmvb0darUaMTEx0Gg00Gq10Gq1WLhwIebOnYumpia+7JkzZxATE4Nt 27YNWafdbkdMTAzefPPNsH0Wi4X/btvb28f8eiiUkVJeXu4CoAeAtra23tun+3M9897e3mlUzEdB XFwcDAZDyKe4uBgKhQIGgwFr164dbxMnHQ0NDVi8eDFsNhsKCwvR0dGBrq4unD9/HiUlJfD5fEhJ ScHJkycBAEuXLoVUKoXJZBry4VpdXQ0A2LAhLGELqqurIZVKIRQKsW/fvntzYRTKCLl169Z+AM5r 165FXb58OWTf9773PQCAQCCQUDfLKJBIJBFv/h07dmDhwoUwm82w2+18rj7K3eHxeKDVaiEUCtHW 1ha2EqNcLseKFSuwYMEC5Obm4vLly2AYBllZWdDr9WhoaEB6enju22AwiJqaGsTFxUGlUoXs8/v9 MBqN0Gg0CAaDMJlM8Hq9fBgYhXK/MRgMgezs7F0ADH/84x975s6dGy0QCAAAU6dOBQAQQkRUzMcA hmGQnJwMu92OTz/9FAqFgu/5vfTSS3jvvffAMAy2bt3KC1JTUxPMZjP8fj9EIhHWrFkTcV1xj8eD w4cPw+l0gmEYqFQqpKWlgWG+++qCwSBqa2thtVoRDAYhk8mQk5MTtqa40+lEbW0t7w9WKpVIT08P 8S37/X7U1tby7gWZTIY1a9ZALpcP2QYNDQ1wuVzYunUramtrYbFYAPQvs7thw4YQe6urq+FyufDa a68N6dfet28ffD4fyv9/9u49Lqo6/x/468wMMyO3HYNFIPxCSWgmieIFDRPD1BQXWl3FtK+TMgNO 5uXndtutbdpMbVdXXI1ggA3yEpoWhpuXr66YBGZgtOINccMYByIJAkRgZs7n9wfMWYY7ylXfz8eD R3nO55zzYYDXnHmfz/mc2Ng2p9QdMWIEIiIikJGRAb1eDw8PDyxduhRarRZJSUmthvk///lP3Lx5 E6+99lqLdbt370ZtbS3CwsIgkUiwa9cuJCcnY926de1+/4T0JHd3990Gg+GNqqoq76tXr8LHxwcA YLmhiOO4hj8ktVr9llqtZmlpaaw9aWlprDPt7kUAWFBQUJvrV65cyQCw/fv3M8YYCwoKYn5+fszD w4MBYABYSkoKMxqNLDw8nAFgHh4eLCgoiDk7OzMA7Pe//73VPvfv38/kcjmTy+UsMDCQ+fn5MQAs MDCQ3b59mzHGWHFxsbDcz8+PBQUFMXt7e2Zvb8+OHDki7OvkyZNMLpczZ2dnFhQUxAICAphEImEe Hh6suLiYMcZYeXk5GzFiBJNIJCwgIIAFBQUxhULBJBKJ8H21RalUMg8PDzZ9+nQml8tZQEAAUygU DACbPn26VdugoCAGgH3//fft7nPEiBFMLpezqqqqdtu1ZtasWUwikQjfW1NhYWFtrgsICGDOzs7s 9u3bzGg0MldXV+bl5dXl498rOvs3b2mnVqvf6uWcu2+o1eqlarWarVq1ynTmzBn2zTffsLi4OOF1 p5p5N8jOzsauXbsgl8ut7tbKzc3FuHHjcPXqVWRlZSE0NBTvvvsuUlJSsGbNGnz//fc4efIkioqK MH/+fGzevBm7d+8G8N8Sg4eHB65evYrTp0/j22+/xaZNm5CRkYG4uDgAwEsvvYS8vDykpKTg22+/ xcmTJ3H16lV4e3sjPDwcFRUVAIA333wTrq6uwjGzsrKwf/9+6PV6vP/++wAazkovX76MQ4cOISsr CydPnsSlS5fg7Ozc6llsc3q9HrW1tSguLkZWVhaKi4sxffp0HD9+3OpColKphFarbfesvLq6Gpcv X8aoUaNgb2/f5Z+JUqmEyWTC3r17rZbfvHkThw4dQlhYWItPLnl5eThz5gzCw8Mhl8shkUiwZMkS FBYWCjV5QvqKu7v7bgC5tbW14tbG/lOZpQtyc3Mxbdo0q2U3b95EXl4eACA2NrZFbXXr1q3w8vIS HvW0Y8cOeHl54a9//atQepDL5YiPj8eRI0cQHR2NxYsX48CBA6iursamTZushs6tW7cOly9fhqur K/R6Pfbv34/w8HAsXLhQaOPq6or169cjJCQEu3fvxosvvoibN2+itrYWFRUVQjiGhobi+PHjGD16 NAAIwW8Z+mfZ18mTJ2EymTr1Gm3cuFEIablcjoiICBw/fhxXrlxBQEDDQ1Fau+7Q3M2bNwGg1SAv LCwUylhNTZ06VaiBh4aGwtnZGbt27cLq1auFNnv37oXJZEJERESL7Vu7KLp48WJs3rwZO3bswMyZ MzvsNyE9RavVmlQq1WaO43ZduXKl7tFHH7WatIXCvAtqa2tbjDdXKBRQKpVYunRpi4tpzs7OVuOU 9Xo9bt68iZCQEKsasmU/gYGBOHLkCICGNw6goebelEQiwYcffggAOHDgAICG4Hv77bet2lmCOTs7 G0DDmeprr72GRx55BIGBgZg1axZCQ0MRHBwsbBMaGgqtVouwsDCMGjUKISEhmDlzJgIDA1v0ty3N L/4OGTKkU9s1Zxm339qbSGFhIbRabYvlWq1W+BnI5XIsWbIE0dHRKCgoEN5Mk5KS4OHh0SKYTSYT kpKS4OXlBWdnZ+HnrFAo4O3tjSNHjgg1eUL6io2NzUGTyVT7008/yX/55RerdVRm6YKAgAB8//33 Vl/ffvstPvzwwxZBDrQ8q7QEU1s3ojT92G9p296DkS1D73Jzc1sMmUxNTRWCCQBeffVVJCUlYdy4 cTh+/Dh+//vf45FHHsH48eNx+fJlAA2jQ7KysjB//nwUFhZi06ZNmDZtGtzc3JCYmNip1+hOSiKt cXV1hUKhQF5eXotAb/5zSElJaXUflmebWs648/LykJ2d3epZ+cGDB3Hz5k0UFha2uI+goKAAJpNJ KG0R0ldiYmKqAewHgGvXrlmtozDvRZaz24KCglbXW+5IbNq2tQmOLLVpy9nr+vXrW7zJWL6aPoR5 6dKlOH36NMrLy4Xhd9nZ2Xj22WeFNuPGjcMnn3yCn376CSdPnsQbb7whlCUs5aTeEhISgoqKCqub goCGs24vLy/hq62z/1GjRiEgIEAI++TkZEgkklYfYJ2UlAQAOHToEE6ePGn1deTIEcjlciQkJHS6 3ERIT2GM7QKAK1euWD0BmsK8F3l4eMDDw0MYQthURUUFsrOzhTKF5b+nTp2yamcymTBp0iRMmTIF /v7+ACCUZprKzc3Fs88+K9TeX3jhBWzZsgVAQ+lg4cKF+PjjjzFr1izhzHzLli1CsMvlcgQFBeGd d97Bpk2bAAA5OTnd9VJ0yrp16yCRSLBmzZp2Z+27fv16m+uUSiUKCgqQkZGBlJQUTJ8+vUWpRK/X 48iRIwgKCsKcOXMQFBRk9TVz5kyEhYWhpKQEBw8e7Lbvj5A78eCDD54AUFJdXS378ccfheUU5r0s KioKhYWFePnll4VAr62thUqlQnV1NVauXAkAWLhwIRQKBd544w3o9Xph+/feew96vR5KpRLe3t4I CQlBamqqVQmgoqICKpUKqampGDZsGOzt7XHmzBmsX7/e6uxar9cjNzdXGMNdW1uL1NRUYXQL0PDm cfz4cQAQ3jzuVnJyMt5++22hrt8WPz8/bN68GYWFhfD19cW2bduE16K2thYnTpzAokWLoFQqIZFI Wh2LvnjxYsjlcrz++uvQ6/Wtllh2794Nk8mEJUuWtNkXy3axsbFd+VYJ6XZardYEIAUAbty4Yb2S xpl3DB2MM28uKCio1fHJRqORLVmyhAFgrq6uVuPMX3vtNau2hw4dYvb29sI4c29vbwaAhYeHM6PR yBizHmfu7e0tjDOXSCQsOjpa2FdWVpawPCAggAUGBjK5XM7s7e3Z6dOnGWOMVVVVCfsaMWIECwoK Yq6urq32rTmlUskAtFh+8uRJBoAlJSVZvTboxDhzi127dgn9aO0rKCiIZWVlddg3V1dX4XVrysvL i8nlclZeXt5uP7y8vBgAdunSpU71+15A48z7p6ioqKDG11t43Wk0SyclJSW1ezGyuddee63VuUEk Egl27tyJyMhI4aJbYGAg5s2b12IkyJw5c3D16lXs3r0beXl58PPzw6xZszBnzhyhjaurK7755hsc OHAAGRkZqK6uRlBQUIu7NgMCAqz2BQBhYWFYvHix8H1Zbps/cOAAzpw5g+rqagQGBmLOnDnCsMK2 LF++vNWLwJb5bJqOynnttdegVCo7fYv84sWLMW/ePJw4cQLp6enCsMVRo0YhODi4w+kT3nrrLQQF BcHT07PFqJzq6mpotVo4Ozt3OMvizp07W1x0IqQviESibJ7nrZZxQMOZOQDt3Llz233oxKFDh5CW loaO2hFC7g2d/Zu3tAOg1el0b7fZkHQLpVIpl0qlxQAsZyBaqpkTQsgA0/gQZ6uPkndUZrly5Uq3 dIgQ0r/R33r/xPP8EsvMiRZdCnNHR0cADc8EpOcCEnL/sPztk76n0WjsTSZTi5pXl8L8ySefBABU VlZ2U7cIIf2do6Oj8LdP+p7ZbF4IQP7oo4/i0qVLwvIul1noh0oIIX3HUmKZOHEibty4IZxc0wVQ QggZICIiIjw4jguysbHB2LFjYWNjI6yjMCeEkAFCLBYvBoCxY8dCJpPByclJWEdhTgghA4BSqZQz xlYCwPjx4wGAzswJIWSgsbGx+SMAD09PT/j6+gIAfvWrXwnrKcwJIaSfi4qK8uI47vcAEB4eLiwX iYQIr6YwJ4SQfo7n+Y0A5BMnTsTDDz8sLK+pqQEAMMYKKcwJIaQfi4qKCgIQLpVK2fz5863WWaaR ZozdoDAnhJB+SqvVSnie3w4AzzzzDNf8Ttzy8nLL/+opzAkhpJ8yGAzLAYxycXHB008/bbWO53mU l5eD4ziWkJBAYU4IIf2RUqlUAFgPAM8++6zVMETgv2fldnZ21QCNZiGEkH5JKpV+AMD50Ucfxdix Y1usLysrAwAMGjSoDKAwJ4SQfketVv8RjRc9mw5FbMpyZi6VSksACnNCCOlXIiMjQwGsF4lEUKvV XFuPq7ScmZvN5gsAhTkhhPQbKpXKjzG2G2h4Rq/lTs/WWM7MS0tLcwAKc0II6Rc0Go0rx3GfAbCb PHkyZs6c2W57yxhznud/ACjMCSGkz2m1WonJZPoEgJe3tzeef/75dtsbjUYUFBQAAMxm8xWAwpwQ QvpccXFxPIDAwYMHIzIysumcK626ePEiampqYGdn931iYmIBQGFOCCF9KjIy8lXGmFImk+HFF1/s 1PNWz5w5AwCwsbH50LKMwpwQQvqIWq1+izG2CQCWL1+OoUOHdrhNXV0dzp8/DwD4+eefhTDv8jNA CSGE3B2tVisxGAwfAIgQiURYsmQJRo8e3altz507B6PRiAceeCBv06ZNestyCnNCCOlFGo3Gvri4 +GMAITKZDCqVqt0hiM19/fXXAIC6uroPmi6nMCeEkF6i0WhczWbzZ4yxAEdHR6xYscJqfvKOVFZW 4sqVKxCLxeZbt27ta7rOKswNBgMOHTrUTd0mhNwvDAZDX3eh31Or1SPMZnMqY2y4q6srVqxYgbbu 7mzLN998A57nMXjw4K/fe++9m03XWYV5Tk4OcnJyuqHbhBBCLCIiIgIApDLGhnh6emLlypWdGrXS XHZ2NgDg1q1b7zdf16LM4ubmBnd39zvoLiHkfmQwGFBcXNzX3ei31Gr1HAB7Adg99thjiIyMhEwm 6/J+SkpK8J///Acikai2urr60+brW4S5u7s7/P3976jThJD7E4V5S0qlUiGTybYyxpQAMHnyZDz/ /PMd3hDUliYl8D1JSUm1zdfTBVBCCOlmarV6DsdxcYyxB2UyGX77298iKCjojvd34cIFfPPNNxCJ RLUmk+mt1tpQmBNCSDdpejbOGIOPjw+USiWcnJzueJ9GoxEpKSkAAI7j/pyQkKBvrR2FOSGEdIPu Phu3OHr0KEpLS2Fra6tXKBR/basdhTkhhNyF5mfj3t7eWLZs2V2djVuUlpbiyJEjAICamppF0dHR prbaUpgTQsgdUqlU80Qi0TbG2IM2NjYIDQ1FcHDwHV/kbC4lJQVGoxF2dnb7t27dmtFeWwpzQsiA o9Fo7M1m88S4uLgTfXH8yMjIUMaYFoAfYwwPP/wwli5d2uWbgNpz7tw5XLhwATY2Nrdv3bq1oqP2 FOaEkAFFqVQqAOQwxh5WqVRL4uPjd/fWsS0hzhjzAwBHR0fMmTMHTz75ZLedjQMNMyPu29dwt77R aFyr0+ludrAJhTkhZODQaDT2HMcdNRqNDwMAx3HevXHc1kJ81qxZePLJJ2FjY9Ptx/viiy9QXl4O mUz2nZOTU2JntqEwJ4QMCBqNxp7n+WM8z0/orWP2dogDDeWVY8eOAYC5vr4+QqvVtnnRsykKc0JI v6fVaiUlJSXHeJ6f5OjoiMcffxwZGe1eD7xjSqVSbmNjM4fjuDd6M8QBoKCgAElJSeB5HgDeiYuL y+7sthTmhJB+rfFBDikAJjk6OmLdunXChFPdSa1WBwJYynHc7xhjvwJ6L8SBhrlX3n//fdTV1UEk EsXExsa+3ZXtKcwJIf2WVquV3Lhx42OO4+ZZgrw7R4yo1eoRjLHFHMcpAXgAAGMMnp6emDx5Mp54 4okeD3EAKC8vx5YtW1BTUwOxWJw6ZMiQ1V3dB4U5IaTfMhgMOzmOmy+TybBy5cpuCXKNRuNqNBoX Nga4H8dxAAAnJydMnDgREydO7NY3jI5UV1cjOjoalZWVkEql2dXV1Ys6WydvisKcENIvqdXqrQDC ZTIZVq1aBU9PzzveV0REhAfHcVM5jltiMpme5jhODAD29vbw8/PDpEmT4O3dKwNjrNTV1eGDDz5A SUkJpFLpf3ien9bajIidQWFOCOl3GoN8jSXIuxq0arV6BMdxTwAIZIwFAfCyrLOxscFjjz2GyZMn Y+TIkb1SRmkNz/NISEhAQUEBpFKpnuf5J2JiYqrvdH8U5oSQfkWtVm8EsEYkEkGlUnUqyFUqlR+A qRzHBQEIAODKGBPW29rawtvbG35+fhgzZgxsbW17qPedt3PnTvz73/+GWCz+ub6+/mmdTldyN/uj MCeE9BsqlWo1gNcsQd6Jp9ZHqNXq3wOwb7rQ0dERw4cPx0MPPQQfHx8MHTq0p7rcZTzPY9++fcjM zIRIJLptNBrnJCQkXL7b/VKYE0L6BZVKtZrjuGhLkI8dO7bNtk2en+kBAC4uLvD29oaPjw+GDRsG FxeXXuhx11VWVuIf//gHLl26BABmxtjchISEM92xbwpzQkifU6vVkQCiAWDRokXtBjkAPPnkkwAa yic+Pj539HDk3nb9+nV88MEHKC8vh0gk+slkMv2mu4IcoDAnhPQxlUo1D8AOAFiwYIEQ1B3pbLv+ 4KuvvsKuXbvA8zxEItFpkUi0ICEh4a5q5M1RmBNC+oxKpZrHcVwKAMmCBQsQHBzc113qVkajEXv2 7EFmZiYAQCQS/d3V1XXdnYwj7wiFOSGkT6jV6jkAUgBIZs2adc8FeXl5OT744ANcv34dIpGo1mw2 R8TGxvbYdL0U5oSQXtc4D0oKAElwcDCeffbZvu5St7p8+TLi4+NRXV0NGxubIrPZPDs+Pj6vJ49J YU4I6VWNQX4YgH1wcDAWLFjQ113qVkePHkVqaip4ngfHcf+8devWkqSkpIqePi6FOSGk10RGRo5j jB0GYD9+/Ph7Ksjz8/Oxb98+FBUVAYAZDVPYdmnmw7tBYU4I6RWNMxSmAbAfO3Ysli1b1tdd6hal paX47LPPcO7cOQAAx3E/8Dyvjo+PP9qb/aAwJ4T0OLVaPQLASQCuY8eOhUql6tZnZvaFmpoaHD58 GMePHwfP8xCLxdVms3lTXV3dljudLOtuUJgTQnpUVFSUF8/zJwG4ent7M5VKxQ3kIOd5Hl9++SUO HjyImpoacBzHi0SiJI7j/ni386vcDQpzQkiP0Wg0riaT6TAag3zVqlUDOsjPnz+P/fv3o6SkIbPF YnE6Y+yl2NjYHh2p0hkU5oSQHqFWq51NJtNJACOGDRtmXrVqlVgmk/V1t+6IwWDAvn37LHOqQCKR /MdoNGo++OCDXq2Lt4fCnBDSU5YCGCESiaBUKgdckPM8jwsXLiAzMxO5ubmWW/HLeZ5/08XFJa4n 7uK8GxTmhJAeIRKJDvA8v5Lnea/3338f69atGxATYpWVlSErKwsZGRkoLy8HAHAcV8dx3Pba2tp3 e2PM+J2gMCeE9IjY2NhCjUYzyWQynSwpKRnxzjvvdPsDmbsLz/PIzc1FRkYGLly4ICwXiURXeZ6P Y4wl63S6m33YxQ5RmBNCekxMTEyJRqMZbzKZDldWVgZu2bIFkZGRffK8zdaUlJTgq6++QmZmJqqr G57YJhKJjBzHpZjNZl1sbGxGH3ex0yjMCSE9KiYmplqj0TxjMpl2VlZWhm3bto1FRUVxjz32WJ/0 x2g0Ijs7GxkZGSgoKBCWSySSf5tMJl1tbe3u/lpKaQ+FOSGkx8XExFRrtdrfFRcXx9fX1yt37NjR 4dOEugvP8ygsLMTVq1dRUFCAK1euoK6uDgAgFourTSbTLpFIlBgTE5Pd453pQRTmhJBe0Tj64wW1 Wl3B8/yauLg49MQc5k3D+8qVKygoKBDC24LjuK8YY/G3b9/e2xd3a/YECnNCSK/S6XRrVSpVIcdx 0fv27UNlZeVdTYHbmfBuHBd+TCQSpYvF4lMxMTF9dqdmT6EwJ4T0uvj4+G0qleomx3FJR44ckdTU 1GDRokVdmq/lxIkTuHDhQqvhLZPJisxm8zGz2fx/92p4N0dhTgjpE/Hx8bsjIyOrGWO7v/zyS7vq 6mosW7YMNjY2HW775ZdfYt++fcK/m595b9++/Z4P7+YozAkhfSYuLu6gWq2eBSDt3LlzisrKSqxa tQod3S1aWVkJAOA4LkksFr9+P5x5d2TgznhDCLkn6HS6DACTAJQUFBTgr3/9qxDWHWGMFVKQN6Aw J4T0OZ1Od1kkEk0CcLmoqAhbtmwRZiYknUNhTgjpF2JjYwslEsk0juPOlJSUYMuWLTAYDH3drQGD wpwQ0m/ExMSUiMXipxlj6ZWVldi4cSNrepcmaRuFOSGkX4mJial+8MEHn2aM7a+vr+e2bt3KLM/X JG2jMCeE9Dtardb04IMPLgIQbTKZuPj4eHz11Vd93a1+jcKcENIvabVak06nWwtAy/M8PvroIxw9 2m8e7NPvUJgTQvo1nU73NoCVAEyffvqp1c1C5L8G3E1D+fn5OHz4MK5cuQK9Xg+FQoFhw4YhODgY gYGBfd09K2VlZXBycmq3TXJyMgoLC1ssl0qlcHd3x/jx4zFy5Ehh+alTp5Ceno6lS5fCy8urm3vc utzcXBw8eLDHjnnw4EHk5ubirbfe6vQ2Z8+exeHDh+Hl5YWlS5d26XiW13D16tVQKBRttquoqMC2 bdsQFBSEqVOndukYpHvpdLr3VSpVCcdxKSdOnJDY2tr2dZf6nQET5mazGRs3bkRqairEYjGGDx8O Nzc3mM1mHD16FGlpaZgwYQI2b96M/vCD3rhxI4qKihATE9Nuu8zMTOTk5LTb5vnnn8fq1asBAFeu XEFaWhpCQkJ6Lcz1en2PHjM3NxdpaWldCvOkpCScPXsWYrEYISEhHb5pNmV5DVUqVbthXlNTg7S0 NLi5uVGY9wPx8fEHoqKinuZ5Pq2mpsa+r/vT3wyYMsv69euRmpqKKVOm4LPPPsNHH32EuLg4JCQk 4OjRowgLC8PZs2exbdu2vu4qAODAgQMwm82dbv/5558jOzvb6ishIQFDhw7Fzp07Owz8njRp0iTE xcXBx8enz/rQlMFgwNmzZzF79myYzWYcOHCgr7tEeklsbGw6x3HTAFjuKOrXj3LrTQMizHNycpCW lgZfX19s3rwZ7u7uVusdHBzw+uuvw8fHB6mpqaiouLuHhFRVVXVqH6Wlpaivr7+rY7XHz88PK1as AAAcO3as1TY1NTUoKyu762OZzWYYDIZW34CcnJzg7+8PBweHVrftzOtQVVWF0tLSu+4nABw6dAgA sGTJEnh5eSE1NbXDN86ysrJO/axqamo6/fvT1uve2Z9JWVkZampq2m1TVVXVLT/fe0lcXFx2492i Ue7u7nF93Z/+YkCUWQ4ePAgAWL16NcRicattxGIx1qxZA71eL7T517/+hejoaLz77rvw9fUV2paW liIiIgLBwcFC+QJoCEydTifUsF1cXBAREYHf/va3Qpuamhr87W9/w7Fjx4Q/xJEjR2LFihWYNGkS zp8/jz/+8Y8AgPPnz+M3v/kN1qxZg6eeeuqOvndLWaN5EOn1eiQmJuLs2bNCX9esWYMZM2YAACIi IlBfX4+PPvqoxT41Gg0kEgn+/ve/o6ysDBs3bkRmZibq6+shFovh7++PlStXCrX61l7HmpoaxDcr P7wAACAASURBVMbG4osvvhDCb8KECXjllVes+pyYmIi0tDQhyKVSKSZPnozXX3+9S6WRplJTU+Hl 5QUfHx/MnTsX27dvR0ZGRqulkIMHDyIuLg6lpaWQSqWYO3duq2W4a9euYcuWLcLrOXLkSCxfvtyq jeX3ZsWKFTh8+DAyMzPh5OSEDz/8EO7u7jh79ix27NiBixcvAgAUCgWee+45LF26VPidNJvN2LFj B9LS0oTXzcvLC0qlEiEhIcKxMjIysH37dly7dg1AwwnL3LlzERUV1S/KiH0tNja2EAAFeRMDIsxP nz4NhUIBPz+/dttNmDABEyZMEP5dU1MDg8HQIghNJhMMBoPVGdinn36KDRs2wNfXFxs2bIBMJkNq aio2bNiAiooKLFu2DADw9ttvIz09HcuXL4evry/KysqQmJiINWvWYO/evXByckJISAh0Oh2cnZ0R EhICDw+PO/7ec3NzAaBF8G3YsAGTJ0/Gm2++iaqqKuzcuRNvvvmmEHL+/v5C2Dd9TfLz83H27Fm8 9NJLAIC1a9eiqKgIL730Enx8fJCfn4/ExES8+OKL+Pzzz+Hg4NDidTSbzVi7di1ycnKwYMECTJ48 GQaDATqdDpGRkdizZw+cnJyg1Wpx7NgxLFiwAOPGjYPJZEJ6errwRtjR9YTWZGVlobS0VOj/M888 g5iYGBw4cKBFmDf9ma5Zswa3b99GUlJSizPd0tJSREZGwmw246WXXoKXlxeOHj2KN99806qd5fdG p9OhpqYGM2bMQGlpKdzd3ZGRkYF169Zh6NCh0Gq1UCgUSE9PR0xMDAoLC/HnP/8ZAPDBBx9g586d eO655zBhwgTU1NRg165dwjaBgYG4ePEi1q1bB39/f0RGRkIqleL06dPYs2cPampq8MYbb3T5dSP3 vgER5lVVVR0G+d2oqKjA5s2b4evri4SEBOEsaurUqVi7di3i4uIQEhICFxcXpKenIygoCGq1Wtj+ 4Ycfxvr165Gfn48ZM2ZArVZDp9PBzc3Nql17mpcgKioqcO7cOeh0OkilUoSGhlqtDw4OxoYNG4R/ u7u745VXXkFWVhZ8fHwQGhqKxMREHDt2zCrMDx8+DLFYjGeeeQYGgwEXL17E8uXLsWjRIgCAv78/ nJycsGvXLhQWFlp9orE4ceIEcnJyoFarrb6/oUOH4qWXXsLBgwcxa9YsHDt2DLNnz8Yrr7witJkx Ywb0ev0dXwNIS0sT+g80fCKZOHEiMjMzYTAYhBJcfX09tm/fjmHDhln9TAMDAzF//nyrfSYmJqKi ogIffvih8P1OnToVf/jDH1otb/34449ITU2Fi4sLgIY3t3feeQdDhgzBRx99JJw5BwYGwtbWFnv2 7MHvfvc7+Pr6Ij09HSNHjsT/+3//T9ifv78/NBoNioqKADSclZvNZrz++usYOnSosK+Kioq7LiGS e9eACHMArZZXcnJyEBkZ2WJ585DpSFZWFurr6xEWFtbiOGFhYTh9+jSysrIQGhoKJycnZGVl4dNP P0VgYCBcXFwwcuRI7Nmzp+vfVBMRERGtLndwcMA777wj/FFbzJ492+rfI0aMAADhj93d3R3+/v44 duwYXnnlFUilUmHkz8SJE+Hi4oKqqipIpVKhbBEYGAgHBwfMmDFDKNe0JiMjAwCwYMECq+WTJk3C Rx99hKFDh8LBwQFffvlli21ramrg5OTUpYvDFhUVFUhPTxf6bxESEoLMzEx88sknQtns/PnzqKqq wvLly61+pk5OTpgxY4bVRdOsrCwMGzasxRvXokWLWg3zcePGWR3//PnzKCsrw/Lly1uUQEJDQ7Fn zx6cOnUKvr6+cHJyQm5uLpKTk/HUU09h6NChcHJywt69e4VtLCNs/va3v2Hp0qXw9fWFWCzGe++9 1+XXjNw/BkyYt3YRyMnJCXPnzrVqk5mZ2eV9W86IYmJikJiYaLXO8jiqH3/8EQDw6quv4s033xTO iocNG4agoCDMmDEDw4YN6/KxLZ577jnY2/93tJWzszPc3Nzg7+8PqVTaov2gQYNa3U/TM7e5c+ci JycHGRkZeOqpp5CTk2NVonBwcMCaNWuwZcsWoaTg6+uLKVOmCJ9EWvPjjz9CoVC0Oqyv6Zh4W1tb ZGRk4OzZsygqKkJRUVGrY+o769ixY6ivr0dFRQXefvttYbnlZ5SWloYVK1ZAKpWiuLgYAFq8CQJo 8XMyGAwICgpq0W748OGt9qN5yUuv1wNoGMF0+PBhq3UmkwnAf39/V69ejVWrVmH79u3Yvn073N3d ERQUhKefflp4MwkJCcGJEydw+vRpnD59Gg4ODpgwYQKCg4MRHBzc5nUjcn8bEGE+cuRIXLx4scVN OF5eXlZjk3Nycu4ozC0mT54MNze3Vtf5+/sDaPj4/fnnn+PUqVM4ffo0cnJykJiYiKSkJGi1WuHj f1eFh4e3GKVzt5566in85S9/wRdffIGnnnoKhw4dgq2trdXT0BcsWICgoCCcOHECWVlZyM7Oxvnz 55GUlIT333+/1TIL0PonpabMZjM0Gg1ycnKETy9BQUHw9fXF0aNH2xyd0x7LPQYVFRUtyjQKhUI4 c2/6qaK1frZ2AbG1dq29ibbHz8+vzeGbljeGkSNHtvj92bNnD/bs2QONRoNly5bB1tYWcXFxwhtx ZmYmTpw4gRMnTsDPzw9xcXEU6KSFARHmzzzzDC5evIhdu3ZZjT7prOYXQJv/23KGOWnSpBblhfr6 elRVVQlvIhUVFRCLxQgNDUVoaCjMZjMyMjLw+uuvIykp6Y7DvCdYgvuLL75AaWmpEHRNQ6qsrAyD Bg3CokWLsGjRItTX1yM1NRV/+ctfkJycjM2bN7fYr0KhEIbVNQ/GHTt2wMfHB7dv3xYukDatmQO4 o3HhFy9eRH5+PmbPni1cTGy+/n//93/x8ccfY8aMGcKnCsunrqaafzpwcXFp9RNDZz9FWH43fH19 W9yNajabUVZWJvSnqqoKZrMZzzzzjPC7kpOTg1dffRUJCQlYtmyZMEzU398f/v7+WL16NUpLS7F+ /XpkZmYiKyur393tTPregBhnPm/ePOHmmeTk5FbrrWVlZS3mbLCEVvM/SkvN1yIwMBBisRj79u1r se/o6GjMnDkTx44dw7Vr1zB9+nR88MEHwnqxWIypU6diyJAhPTrm/E6FhITAbDYjOjoaNTU1VsPf /vWvf2HmzJn4v//7P2GZVCpFWFgYgJZvehaTJ08GABw5csRqeX5+PpKSkpCXlyeUpaZMmWLVpqys TBih0xWWseVN+9/UyJEj4ePjg/Pnz+PatWvw8/ODg4MD0tLSrH6mZrMZJ06csNp2ypQpuHbtmjCk 0KKznx5Gjx4NBwcHpKamthg3/vHHH2P27NlITk5GVVUVpk+fblUiAho+9fn4+Aj9XLt2LRYuXIiq qiqhjYuLi1AK6o+/Z6TvDYgzc6lUiq1btwq1xgMHDiA4OBheXl6oqqpCbm6uME7a19dXOOOx1Jt1 Oh1sbW3h4eGBs2fPYt++fVZnlO7u7li4cCH27NmDtWvXYsmSJVAoFDh27Bj27duHkSNHCrVKf39/ HDhwAM7OzggMDITJZMLBgwdRVFRkNS7ZxcUF165dQ3Jycov5VXqTv78/hg4dimPHjmHo0KFWo4Is F3Cjo6MBNIRSVVUVkpOTAaDNTxnPPPMM9uzZI7xBTJo0CdevX8f27dtha2uL8PBw/Oc//wHQMFLE yckJ9vb2uHr1qnAsoHNz1wAN4XX48GHh5qW2hIWF4S9/+QsOHDiAV155BWq1Glu2bMHatWuhUqlQ X1+P5ORk4Y3GYunSpTh27BjWrl2LNWvWwMfHB6dOncKuXbs67BvQ8AnIcqyoqCio1Wq4ubkhKytL qIv/9re/hYODA2bPno20tDT87W9/w6xZsyCRSITrCpZPhQsWLEBmZiZWrVqF5cuXw9PTE5cuXUJc XBwUCgXGjx/fqX6R+8uACHOgoT6+e/dufPzxx0hNTcXOnTut1vv5+WHevHlWAeTk5ISNGzdiw4YN eOeddwA0BPfWrVvxpz/9yWp7y6RLO3fuhEajAdBw1h0cHIzXX39dqFFu2LABb7/9NmJiYoRx0lKp FEql0moEjVKpxJYtW7B9+3Y8//zzfRbmQMOF0JiYGKuLxUBDv2NiYvCnP/3JapijQqHAmjVr2gxz y3YbN25EdHS0ENA+Pj6IjY2Fu7s73N3dsXz5cmFMtWW/zz33HBQKBTZs2IDvvvuuUzdTpaeno6qq Cs8991y7teIZM2YgOjoahw4dwsqVK7Fo0SKYzWYkJibihRdeANBQComMjMT27duF7dzd3REXFwet VitcCLaMIlq3bl2H/QMaRr7Y2toiJiYGa9asEZZPmDABb7zxhnD37Msvvwyz2Yy9e/cKI6DEYjHm zp2Ll19+GUDDm+wf/vCHFvsaOXKk1b4IaYoDALVa/RYALQChTtfflZaWoqioCIMGDYKXl1e7d8WZ zWZcu3YNYrG4wxEnZrMZhYWFqKurE4bYtaaqqgpFRUWQSCTw8vJq9WKZ5dbwIUOG9OkFq3/84x+I iYnBF1980eYIlYqKChQVFcHBwQFDhw7tdH8t2zk5ObV6AbempgaFhYWQyWTw8vLqk9ehvr4eBQUF wvfWnqKiIlRVVcHb27vLF0AtCgsLUVVVhaFDh7Y5kVdNTQ30ej1MJlObv7+W2nlZWZkwhLE/ysnJ aXpBWts4ZS3pZQPmzLw5FxeXNoOpObFY3OlJojoT+EDDmVtHZ9u2trZ9fut1fX090tLSMHny5HZf r7aGGnako+1sbW379FMJ0PBJorN96CjsO6MzM0va2tp2+DspFosxdOjQbukTufcN2DAn7Tt//jw+ +eQTXLx4EUVFRV2aXpYQMvBQmN+jZDIZ0tPTIZVK8Yc//KFHp0MghPQ9CvN7lI+PT6u30xNC7k0D Ypw5IYSQ9lGYE0LIPYDCnBBC7gFUMyeE9BiVSjWT4zhXADdFItEtNDyzs7q2trYkKSmpto+7d0+h MCeE9IjIyMiFjLEUy795nhfWSaVSqNVqiMXicgB1IpHoR57nb/M8/z2AOp7n9RzHmQAUAoBIJLrO 83yeTqejBzi3gcKcENIjGGMjgIZpNSx3r9bV1VlNFHb79u3BJpMJdXV1ro0TjQUAAMdxVvuyvBGs WLHiJsdxZ00mUyaAXABfU8A3oDAnhPQoLy8vjB07tsN2RqMRdXV1qKqqwu3bt1FTU4Pa2lrcunUL t27dws8//4zbt287A5jd+AXgvwFvNBrPiUSibLPZnJOQkKDvwW+pX6IwJ4T0CzY2NrCxsbF64lZz dXV1qKiowM8//4yKigpUVVWhrKzMubq6ejbHcbMZYxCJRFixYkUlx3FnjEbj2fsl4CnMCSEDhkwm w5AhQzBkyBCr5UajETdv3kRJSQlKSkrw448/OhqNxhkcx82wBLxGo/nJZDJ9zHHczri4uOw++hZ6 DIU5IWTAs7GxgZubm9VjH8vKyvDjjz8KAX/r1q1fA1jFGFul0Wj0RqMxSSwW742Njc3ru553Hwpz Qsg9yXLh1TJjZkVFBb7//nvo9XqUlJR4cBz3Bs/zb2g0mismk2mn2Wzem5iYWNDH3b5jFOaEkPuC QqHAmDFjMGbMGNy+fRs//PADrl+/Dr1ePxzAerFYvF6j0eQajcYkxtiBgVZjpzAnhNx3Bg0ahOHD h2P48OEwGo0wGAy4cuUKfvjhBz+O46I5jouOiorKYowlMsYODoThjxTmhJD7mo2NDTw9PeHp6Ynb t28jPz8fV65cwS+//DIJwCSO43QrVqxI53n+1f584ZTCnBBCGg0aNAijR4/G6NGjUVxcjPz8fFy7 dk1kNpufAvDNihUr/skYe60/XjSlibYIIaQVbm5umDp1KhYvXoyJEydi0KBBMJvNcxhj30VFRX20 fPly777uY1MU5oQQ0g6ZTIbHH38cixYtwqRJk2BnZyfief55iURyRa1Wb9NoNK593UeAwpwQQjpF LBZj1KhRCA8Px9SpU+Ho6CgCsMpsNv+gVqvfUiqVXX8iejeiMCeEkC7gOA4+Pj743e9+h+DgYNjZ 2dkA0Mrl8qLIyMhXlUqlvC/6RWFOCCF3gOM4PPzww1iwYAHGjRsHjuPsGWOb5HL5DbVa/aJWq+3V ASYU5oQQchfEYjHGjBmDhQsXwtvbGzzPPwBgR2lp6X8iIyODe6sfFOaEENIN7OzsMG3aNMydOxfO zs4wmUxDGWPH1Wr1tt4ovVCYE0JIN3J1dUVYWBgmTJhgecjGqkGDBn2nUqn8evK4FOaEENLNOI7D 6NGj8eyzz0KhUMBsNvuIRKIctVq9rqeOSWFOCCE9xMnJCWFhYXjsscfAGBMB2LxixYr0nhibTmFO COlRZWVl+OGHH1BcXIzy8nJUV1ej8Xmf9wUbGxtMnjwZM2fOhFwuh9lsnsoY+1qtVo/ozuPQ3CyE kJ5SAgCFhYUoLCxstYFMJqsXiUS8nZ0dJ5FIbOzt7UUikQh2dnYQiUTCI+QcHBwwePBgyOV9MoS7 W/zP//wP5s+fj8OHD6OsrOx/RCLRN1FRUXNjY2PTu2P/FOaEkB6h0+niIiMjFQCanoE68zwvPOSz rq7OFYC88UHNso72aWtry1xcXDhnZ2c4OTnBxcVlQAX8oEGDMHfuXJw8eRLXr1+35zjuhFqtXqbT 6ZLvdt8U5oSQHhMXF/deZ9tqNBp7nuedAXgxxobwPO8KwFkkEnkwxjwAjKqpqXFtfqZva2tb/+tf /1r0wAMPSH7961/D2dkZdnZ23f69dBcbGxs8/fTTyMrKwoULF0QAklQqlXd8fPybd7NfCnNCSL8Q ExNTDaAaQGFbbZRKpUIikYwQiUSjAYzgOM67pqZm1PXr172uX78utJPJZGZXV1fxAw88gP4Y8BzH YfLkyVAoFMjMzASAN9RqtaNOp1t9p/ukMCeEDBhJSUkVAM40fgkaz+rH8Tz/BIDAurq6wOvXr9s3 DXg7Ozs89NBDeOSRR+Ds7Ny7HW/DyJEjMWjQIJw4cQKMsVWRkZEVcXFxb93JvijMCSEDXuNZfXrj FwBApVL5cRz3BIBAAIG3bt3yyMvLQ15eHhwdHflhw4aJhg0bhsGDB/dNpxs99NBDCA4OtgT6n1Qq 1c/x8fHburofCnNCyD0pPj4+F0AugPcBoHEo4DwAsyorKwO//fZbfPvttxg8eLBx2LBhNg8//DB+ 9atf9UlfH3roITzxxBPIyMgAx3HRarXapNPp3u/KPsQA4O/vHwQgCADc3d3h7u7e7Z0lhNybiouL UVxcbPlnek5Ozqm+7E9bcnJybubk5JzOycn5cOLEiXGMscscx4lu3779kMFgkFy4cAFFRUVGk8kk trOzg1Qq7dX+/frXv4ZMJoNerwfHcbPGjh174dy5c5c6uz2dmRNC7jsxMTElABIBJGo0Gnuz2RwM IOKnn36a9dNPPyErKwuurq7Mx8eH8/T07LXhj6NGjYLRaER2drZIJBLtioqKutLZ541SmBNC7muN 9faDAA5qNBpXs9m8lDEWUVJS4l1SUgIAzMPDgxs/fnyvXDgdM2YMysvLce3aNblIJPpMo9GMaexj uyjMCSGkUeMZ+3sA3ouKigpijC1ljIXr9Xq5Xq+Hl5cXxo0b1+MXTadMmYKbN2/il19+8ZZIJLEA lnS0Dc3NQgghrYiNjU2Pi4t7ob6+3g3A7wGUFBYWYv/+/ezUqVP45ZdfeuzYNjY2CA4Ohlgshslk WqxWq5d2tA2FOSGEtCMpKalCp9Ntqa+vf4gxtgbA9fz8fOzbt49lZWXxt2/f7pHjOjk5YdKkSQAA juNiO5qYi8KcEEI6ISkpqTY+Pn6bu7v7IwCUAK7l5eWJ9uzZYz537hzq6uq6/ZiPPvoohg0bBsaY XCwW69prS2FOCCFdoNVqTTqdLtnd3f1RjuPCeZ4vysnJQUpKium7777r9ul9J0+eDJlMBrPZPEWt Vs9pqx2FOSGE3AGtVmuKi4vbW19f/yiAN+rr601nz57Fxx9/zF+8eBGMsW45jlwuh59fwxPnJBJJ rFarbXXgCoU5IYTchaSkpFqdTvcuz/OPANh1+/Zt0VdffYV9+/Yxg8HQLcfw9fXFr371K5hMJg+D wdDqZFwU5oQQ0g0SEhL0Op3ueQBTAGRXVlZy//znP5GVlXXXpReO4zBx4kQAgFgsflutVrcY8E5h Tggh3Uin02W4u7tP4jjuNQCmvLw8fPrpp6ysrOyu9uvp6Qk3NzeYzWY7AC83X88BgFqtfguAFgDc 3NxobhZCSKcZDIamc7NodTrd233Zn/6kcebGj9HwtCU2ceJE7vHHH7/j/RUXF+PQoUMQi8XlQ4YM cdFqtSbLuhaF9GaT5hBCCLlD8fHxuRqNZrzJZNoIYOXXX38NvV6PadOmYdCgQV3en5ubGxQKBSoq KgbfuHEjFMAByzqrMH/88cfh6el5198AIeT+cv36dfz73//u6270S43zqrykVquPAEi6ceOG8+ef f87PnDlTpFAoury/4cOH4+uvv4aNjU0U2gpzT09PhISE3G3fCSH3mUOHDlGYd0Cn0/1To9H4mkym w5WVlX4HDx7kZ8yYIXJzc+vSfnx8fJCdnQ2z2fxURESER0JCgh6gC6CEENJrYmJiSiQSyRSO4w7V 19eLDh06xPLz87u0D7lcDi8vLzDGRGKxWGVZTmFOCCG9KCYmptrNze1ZADsAcKdOnUJ2dnaX9vHI I48AAKRS6W8tyyjMCSGklzVOCfASgJUATN9++y2ysrI6vb2LiwsAoL6+fqRSqZQDFOaEENJndDrd +4yxcDSORz937lyntpPJZHBycgJjTCSXywMACnNCCOlT8fHxByyBnpOTg7y8Tj0lDpYLpzzPPwFQ mBNCSJ+Lj48/gIaSC7KysnDx4sUOtxkyZAgAQCaTzQYozAkhpF/Q6XRxjQ+/wFdffcW+//77dttb zsyNRqM/QGFOCCH9Rnx8/DYAbwDg0tPT+fLy8jbbDho0CGKxGDzPy5RKpZzCnBBC+hGdTvcugBST ySQ6fvw4bzQa22xrmRJALpe7UpgTQkg/I5FIVAAKKioqRJmZmW22k8vlAADGmDOFOSGE9DMxMTHV jLHfAajNz89HW3eJ2tjYAAA4jrOnML8PLVq0CNOmTUN1dXW77RITEzFt2jScOXMGubm5mDZtGqZN m4YtW7a0u51KpcK0adOwdu3a7uw2IfeV+Pj4XACWC6J8RUVFizYODg4AAJ7nPSnM70NeXl5IT0/H 3r172223adMm5OXlwc/PDxUVFUhPT0d6ejqio6Pb3Eav1yMhIQHp6enIzc3t7q4Tcl/R6XRxaKyf Z2Zm8s3XS6VSAABjTEFhfh9aunQpACAlJaXNNhkZGSgoKMCSJUuEuhwAODs7Q6/XIyMjo9XtDhw4 AHt7++7tMCH3t5cAVNy4cUP0ww8/WK2QyWQAAI7jKMzvRyNGjEBQUBCOHz8OvV7fapvk5GQAwPLl y62Wh4WFAWgI7dbs2rVLaEMIuXs6ne4mgPUAkJmZaWaMtdqOwvw+pVQqAaDVUkttbS1SUlIQEBCA UaNGWa3z8PBAYGAg9u/f32K7goICZGdnY/78+T3SZ0LuV+7u7tsAFFRVVYnPnz/fahsK8/vUwoUL oVAosGvXrhbrDhw4gOrqakRERLS67ZIlS1ottezduxfOzs6YOXNmj/SZkPuVVqs1cRz3ewA4d+6c uba2tkUbCvP7lFwuR3h4OHJzc1tM7LNr1y7Y29tj4cKFrW47b948SCSSFqWW/fv3IywszKrGTgjp HnFxcQcZY+lGo7HVs3MK8/uYpR7etNSi1+tx/PhxLFmypM0Lmc7OzggKCrIqteTl5SE3Nxfh4eE9 22lC7mNisfhtALh06ZKxee2cwvw+Nm7cOPj5+SEpKUlYtnv3bphMphYXPpsLDw+3KrXs3bsXHh4e mDp1ak92mZD7WmxsbDqAy3V1dTaFhYVW6yjM73MRERFWoZyUlIRRo0Zh3Lhx7W4XGhpqVWpJSUnB /PnzIZFI2t2OEHLXEgDgypUrpqYLKczvcwsXLoRcLkdycjKys7Nx+fJlREVFdbhd01JLbm4uCgoK MG/evF7oMSH3vWQAtXq9XnTr1i1hIYX5fc7Z2RlhYWFITU1FcnIy5HI5Fi9e3KltlUol9Ho9Xn75 ZXh5eSEwMLCHe0sIaRx3nsoYE127dk1YTmFOEBERgZs3byIpKQlhYWFQKBSd2i40NBRyuVy4YEoI 6R2MsSQAaDo9LoU5QXBwMAICAuDs7IwXX3yx1TZyuRxeXl5WQW9vb4/w8HB4eXm1KLF4eXnB1dW1 R/tNyP2K5/lrzZfR1SoCoOG5g+0JCAhAa4+x+vDDD1tt39Ejrwghd04ikcyjoYmEEDKAabVaCcdx q5ovpzAnhJABpLi4eA7P8+4ikXV8U5gTQsgAwhhbCQCzZs2yWk5hTgghA0RUVNQoANNtbW0xa9Ys 4bFxAIU5IYQMGGaz+UUAmDRpEmQyGRwdHYV1FOaEEDIAqFQqP47jVADw5JNPAoDVZHgU5oQQ0s9p tVqJSCRKAiCeNm2acA+H5bFxAIU5IYT0ewaD4Y+MsdEuLi549tlnheXOzs7C/1OYE0JIP6ZSqfwA vCkSifDCCy9Yn43/d3hiNYU5IYT0U0qlUi4SiVIAiKdPn46HH37Yan11dTUAgOO4AgpzQgjpp2Qy 2TuMseGurq74zW9+02J9WVkZAIDn+etWc7NcuXKld3pICLmnUHZ0v4iIiADG2FqRSISlS5dajSm3 sIS50WgstIR5CQDk5+cjPz+/1zpLCLnnlPR1B+4FGo3G1Ww272KMtVpeAYCamhrU1NRAJpPV63S6 CgkA6HS6OLVaDQA0Zykh5E6V6HS6uL7uxEDXGOTpjLFh3t7erZZXgP+eldvZ2VUCTabAPbS7jgAA HxhJREFUpR8CIYT0LbVa7WwymU4CGD506FCsWrWq1fIKAPz8888AALlcXgLQ0ERCCOkXNBqNPYDP AIxwdXXFqlWrrIYhNnfz5k0AAGPsMkBhTgghfU6j0dibTKbDAAJdXV2xbt06q3lXWmMps5SXl38D NCmzREZGLmSMjejB/hJC7mEcx12Oi4vb29f9GGi0Wq3kxo0baRzHBTo6OmLNmjUdBjkA/PTTTwCA urq6K0BjmDcGeUpPdpgQcm9jjCEyMhIU6J3XGOQfcxwX5OjoiHXr1mHw4MEdbmc0GlFQUAAAYIz9 N8wtZ+Rubm5wd3fvuZ4TQu5JBoMBxcXFoE/3nRcREeFhMBg+4zhunCXIO/sQ9O+++w41NTVwdHS8 unnz5stAswc6u7u7w9/fvwe6TQi51xUXF/d1FwaMyMjI4MZqiLOTkxNWrlzZ6SAHgIyMDACA0Wjc YVkmabM1IYSQbqdWq//IGNMCkDz22GOIiIiAra1tp7cvKyvDpUuXIBaLzUaj8R+W5RTmhBDSC5RK pUImk+1kjIWIRCLMmTMHISEhXd6P5az8gQce+L9333232rKcwpwQQnpY41OCPmGMedvb22PZsmV4 7LHHurwfnueRlZUFACgrK3uv6ToKc0II6UGRkZHLGWPbANh5enoiMjISTk5Od7SvS5cuoby8HHZ2 dmVbt25Nb7qOwpwQQnpAVFTUKJ7ntzLGpgNAYGAgwsPD27w9vzMsJRaO43Y0X0dhTggh3UipVCqk Uuk7PM9HAZDY2dmxhQsXchMnTryr/VZXV+P8+fPgOI6vrKxMaL6ewpwQQrqBVquVFBcXL2WMbQLg LBKJMG3aNISEhHBdGa3SlkOHDsFoNEIkEh1JSEjQN19PYU4IIXcpIiIiwGAwbAcwDgAeffRRLFiw oNtuwszPz8fJkyfBcRxvNpv/2FobCnNCyICj0WjszWbzxLi4uBN93A9Xk8n0VwBLAOCBBx5g8+bN 48aNG9dtx6irq0NSUhIAQCQSrY+Li8ttrR2FOSFkQFEqlQqz2XyGMTZcpVItiY+P393bfVi+fLm3 WCxebTKZIgDIJRIJmzFjBjd79mzubi5wtuazzz5DWVkZBg0aVDB48OB32mpHYU4IGTAap4pNY4wN BwCO47x78/iRkZHBANYwxoS7fcaOHYv58+dzdzrcsD1Nyys1NTW/27Ztm6mtthTmhJABoemc3715 XKVSKZdKpQvREOJ+ACCRSNjkyZO54ODgLs2p0hWdLa9YUJgTQvo9rVYrMRgMhwEEOjo64vHHHxfG XPeUxnp4JIAoND4f2cHBgX/66adFTzzxBGdvb9+jx7eUV6RS6WVnZ+c2yysWFOaEkH6tyZzfgZap YrOzs3vsWMXFxVMBLDGZTOEA5ADg6enJgoODufHjx4tEop5/QFvT8kpdXd0irVbbZnnFgsKcENJv NQny+V2d87uzlEqlXCaTzWSMzTcYDCEAFADAcRwbPXo0nn76aXh7e3PdetB2VFZWCuUVxtif4+Pj 2y2vWFCYE0L6LYPBsJPjuPkymazLc363R6PR2BuNxlCO4+YDmM4YE2omHh4e/JgxY0QTJkzgXFxc uuV4nVVZWYktW7agrKwMHMd95+bm9m5nt6UwJ4T0S2q1eiuAcKlUylatWsV5enre7f6cOY4LZYyF m0ymQI7j5JZ1w4YN40ePHi0aM2YMXFxc+uRB95YgLykpAcdx+WKxeFZnyisWFOaEkH6nMcjXSKVS tnr1as7bu2sjEBvLM6M4jpuIhrsyAwCMYowBaCihDB8+nB8zZoxo9OjRGDx4cJ8EuEVdXR127NiB kpISiMXiAo7jpsbExJR0ZR8U5oSQfkWtVm8EsEYkEkGtVncqyCMiIjw4jpsoEokCGGMBBoPBj+M4 q+EmEomEHzVqFPf4449zo0eP5uzt7XutDt6euro6/P3vf8f169chkUj+A2BKV4McoDAnhPQjKpVq NYDXOI5jKpWK8/X17WgTpVqtFoYOWs68AcDJyane29tb6unpCW9vb7i7u4u6++7Mu2UJ8oKCAojF 4gLcYZADFOaEkH5CpVKt5jgumuM4plarubFjx7bZ1tHR0fK/XgAgl8tN3t7eeOihhySenp4YNmwY bG1tpT3f6zvXPMg5jrvjIAcozAkh/YBarY4EEA0Azz33XLtBDgBPPvkkAEAmk+Ghhx6Ci4vLgMqy pkHOcdyNuw1ygMKcENLHVCrVPAA7AGDBggVCUHeks+36m7KyMsTFxeH69esAUMIYm363QQ5QmBNC +pBKpZrHcVwKAMmCBQsQHBzc113qUf+/vbsPiuq8Gz7+XdaukYZnNiWlSsPTjbRYqUx5BFGMjFYU gzeoiRONVsZG467SSIgarU6MtLa0vpCSOEF3wYRgbmMYSbFws0IkQTCgyCIdCDGMW2lJwazBIUDX sNllnz/0nJt1QYkVFsn1mXFGds/L77zs71znejmnpqaGnJwcenp6AJqBWIPBcPFeLFskc0EQPEKr 1f4XcAwY8/jjj4/qRN7T08OxY8eorKyUPjpms9k2ZGdnd9yrdYhkLgjCsNNqtbO4mcijo6N54okn PB3SkGlpacFgMGCxWAD+rVAontfr9Yfv9XpEMhcEYVjdTORG4MHo6GiWLVvm6ZCGTGlpKcePH6e3 txeFQvE3p9P5tF6vvyfVKrcSyVwQhGGj0+nCnU6nEXhw2rRpzmXLlo2IgTv3Wnd3N2+88QYff/yx 9FH6hAkTXvwmw/O/KZHMBUEYFlqt9qdOp7MAeHDq1KnONWvWjMpEfvHiRbKyspxdXV0K4Aun07kq MzOzeKjXK5K5IAhDTqvV/hT4EBgfGhpqX7du3ZjheC74cLJYLOTl5VFXVwegAE6NGTMm4V50OxwM kcwFQRhS69ev1/T29n4IjJ84caJdp9ONqkRusVgwGo1UVVU5nU6nAvgKeMlgMKQNZxwimQuCMGRu vnrNCIx/9NFHbcnJyarRksg7Ozs5efIkH374Ib29vQA9wKExY8bsGa7SeF8imQuCMCS0Wu3Ddrv9 Q+CnGo3m+gsvvDBu7Nixng7rP2a1WjEajXzwwQdOu92uAOwKheJtu93+h8OHD1/yVFwevUTqdDrC w8OZPn06HR0D950/ceIE4eHhhIeH09raOqSx3ElhYSHh4eEUFhYOSRy3I+2DW/8tWrQInU7nFtOi RYtYtGjRsMao0+mGdJ3h4eHodLpvNM/y5csJDw/nrbfe+sbrk/btnRgMhiE9P+9Tq4GfKhQK59q1 a+/7RG61WiksLGTHjh3OkpISbibyYw6HY7Jer3/Gk4kcRkjJ3OFwcPr0aRYvXtzv98XFQ94QfN/w 9fVl5syZLp91dHRgMpkwmUy0trai1Wo9FN3IU19fj9lsxsfHh7y8PFavXu3pkL41vLy88pxOZ5LT 6fy/r7/+Ops3b+77tMP7Rk9PD2fOnKGwsNBhtVqV3GjczHc6nb8d7Ps5h4PHk7mfnx82m43i4uJ+ k7nFYqG6upqAgABaWlo8EKGruLg44uLiPLZ+jUbDrl273D63WCwsX76c7Oxsli1bhlqt9kB0oNfr PbLegRQWFqJSqdBqtaSlpVFVVUVkZKSnw/pWOHToUHNiYuJ0h8NRduXKlUm7d+8ekhcyD4Xe3l4+ +eQTzp07h8lk6rXb7V6A0ul0ljmdzu1ZWVlnPR3jrTyezMeMGUNUVBT5+fl0dHS4JaHS0lJUKhVz 5szhyJEjbvN3dHRQW1uL1WoF4Ec/+hEDPdC+vr5eelIZQUFBBAUF9Tud2Wzmk08+AWDq1Kn4+/vL 37W3t9Pc3IxGo8HX15euri6ampoICgpi7NixnDlzBqvVilqtJiIiApXK/ZHKLS0tNDQ04HA48PPz IywsDKVSOYi9NTA/Pz9iYmLIy8ujoaGBWbNm9bvtSqWSsLAwpBfVStsTEBDArS+vdTgc1NXV4evr i0ajAaC5uZmGhgbgxl1CWFiYyzY2NTXR09Pjdgza29sxmUzYbDZ8fHyIjIx02zdWq5Xz58/T1dUF wIQJEwgNDb3rfWOz2TAajYSGhhIbG0t6ejq5ubkDJnOr1crZs2exWq34+fkREREx4LLr6ur47LPP UKlU/S5P2q8hISHU1dVhsVhcziWHw4HJZJKGePPzn/+cgIAAt+V0dHRQXV2NzWZDpVIRERHh9htx OBxUV1fT3t4OwOTJkwkMDBzcThpiGRkZVxITE8Ptdruxs7NzVlpaGjqdjm/6Grjh8o9//INz585x 9uxZ57///W+pH7wXcNLLy2vPoUOHyjwY3m15PJkDxMbGkpeX129VS2lpKXPmzGHcuHFu8x08eJDs 7GwcDofL52FhYRw4cEBOFu3t7WzZsoX6+nqX6RYuXMiuXbtcksUf//hH8vLy5L+VSiXJycmsWLEC gKqqKlJSUkhJSSEuLo6mpiZ0Oh07duwgKytL/nHCjVK0Xq/H19cXuPGjS0tLIzc31yUOjUbD/v37 5YR5t/qrk7Tb7ezYsYOSkhL5M5VKxc6dO4mNjcXhcKDT6YiOjmbPnj0u81ZVVZGcnMzu3bvRaDS8 /PLLFBUVuUzj6+vL/v375eSdlpZGW1sbf/3rX+Vp3njjDbKysrDZbPJnfn5+ZGRkyNucm5tLenq6 yzQAgYGB6PX6u7rTKCkpwWq1Eh8fj1qtJioqioqKCiwWi9uFq66uji1btri03cTExGC3uw7Ys1qt bNmyherqapd9EBYW5jKddJ4kJCTIhZDQ0FCysrJobm5m27ZtmM1ml3mWLFnC9u3b5fOxsLCQ1NRU l32iUqlITk6Wh8A3NzeTlJTkVlcfFRXF/v37/+NCwr2QkZHRnZiYGGu32490dnYuee2119DpdPzs Zz/zdGjAjfwgJfDPP/9cSuAKoEGhULztcDj+Oysr6zNPxjgYI6KPUGhoKH5+fm514xaLhbq6OhYs WOA2z+nTpzl8+DALFy7k1KlT1NTUcOrUKWJiYjCZTBiNRnnaLVu20NjYyM6dOzl37hyVlZUsW7aM oqIi3nnnHZflmkwm9Hq9/KhKX19f0tPTb9tAC7Bnzx7i4+M5deoU5eXlJCQk0NzcjMFgkKc5ePAg ubm5LF26lPLycmpqatDr9XR1dZGUlOSWyL6J9vZ2iouLUSqVTJkyRf7cYrHQ1tZGTk6OvL6xY8ey d+9e+c4gIiKCiooK+e5GUlRUhLe3N9HR0ZSUlFBUVIRWq+XcuXPU1NSQlZXF9evX2bdv34BxGY1G MjIymDlzJsXFxS7zvfDCCzgcDurr69m7dy/h4eHysSwvL2fp0qWYzWa3i99gFRQUyPEDxMfH43A4 XC7WAF1dXWzZsgWlUsmbb75JTU0Nx48fp6mpyeXiDPDKK69QXV3Nxo0bqayspLy8XN4//cnLyyM5 OZnU1FTWrl2LzWYjKSmJtrY20tLSqKmpobKyEq1WS35+PgcPHpRjSk1NddknxcXF/PjHPyYtLU2O 65VXXqGrq0s+vpWVlSQkJFBRUcGJEyfuar8NhYyMjG5/f/+nFApFtvTy4traWo/FY7Va+eijj9i3 b59zx44dnDhxgpuJ/DOFQrHf6XT+P4PBEKLX6/fcD4kcRkgyB5g3bx4mk8klaRYWFuLt7d3vbWxH RwehoaFs2rRJLrWp1Wq58e/zzz8HbpS46uvrWblyJYsXL0apVKJSqdi8eTPBwcFupaNdu3bJpazg 4GBWrlyJw+Fwm+5WYWFhbNiwAbVajbe3N8899xw+Pj40NzcDN06eo0ePEhoayvbt2/H29pbn27hx I62trS4XoIG0tbVhMBhc/v3+979n5cqVtLe3k5CQ4FaK/d3vfkdwcLC8vtjYWLq6uuQ2iPj4eGw2 G++//748T1dXF2VlZcTExKBSqeTtiIyMlEt7oaGhpKSksGTJkgHjPXLkCGq1mtTUVPkOJTQ0FK1W y7hx42hpaeHq1atux9Lb25vnn39e3uZvqqWlBZPJJMcPMGvWLNRqNfn5+S53c0ajkY6ODrZt2ybf YWg0GlJTU12W2dXVRUFBAVFRUaxevRqVSoW3tzdbt24dsMpu6dKlrFq1ipiYGCIjIzEajbS2trJ5 82Zmz54NINfph4WFcfToUaxWK2azGZvNRmhoqLxPfH19+c1vfkNycrJ8DJqbm/Hz82PSpEnysjZs 2EBiYiITJ078xvttKKWkpNj1ev0zQHpvby96vZ7S0tJhWXdvby8tLS2Ulpby+uuv21988cXenJwc Ll26pAC6gbcVCsU8f3//R/V6/YsjqWFzsEZENQvA3LlzOXr0qEtVi1TS7q/eefHixS5VMhaLBbPZ 7HL7C8j1u7deEJRKJTk5OW7LvbWud7C397fOp1Qq8fHxkUtQDQ0N2Gw2AgICMJlMLtNK21dfXz9g jx5Ja2urS2lfotFo+NWvfuX2BDo/Pz+3ulhpm9rb29FoNERHR7N3716XRugPPvgAm81GbGwsABER ERgMBpKSkoiOjiYqKopp06Yxd+7cAWOV2hP6O4YrVqyQq640Go3LcqT6ZunY3Q2pVNq3sVqpVBIT E0Nubi6nT5+W1ykdjxkzZrgsIygoyGXf/e1vf8PhcPRbuJg3bx5NTU1un4eGhrr8fe7cOQDGjRvn dh74+/tjMpkwm80EBwejVqvR6/U0NjYSFRVFZGQkwcHB8oUZbhyX/Px8EhISmDdvHtOmTSMkJIQ1 a9bceSd5iMFgeGHdunXNCoUiPTc3l87Oznv+CFzpgvj3v/+dS5cucfnyZcfXX38t1TmNAexAidPp fPvrr7/Oy87O/uqeBuABIyaZ961qWbx4MS0tLTQ1NZGcnDzgPO+99x75+fl8+umnckmrb2MlIFcd PPLII0MXPAxYNynFJSX1goICCgoK+p12MH2UQ0JC+MMf/uDy2cMPP9zvBQ9uNDDfiUqlkhtPpfrk goIC/P395bsUqRSekZFBfn4++fn5KJVKpk+fzvr1610SjERqyHz44YfvGENJSQm5ubk0NjbK1U39 NQgOhsPhkOv2X375ZZfvpPPh+PHjcjKX7galu6W++tatD3a6vh588EGXv6VGyh07dgwYf1tbGyEh Ibz22mv86U9/oqysjLKyMuDGBWb58uXyRXfTpk04HA6Ki4vJyMgAbpTgFyxYwPr16/uNdSTIzMx8 dd26dV8oFIq3Tp48qbRaraxYsYK7HR165coVLl++zKVLlzCbzc62trZbH+KlBC4qFIqzwBmlUvk/ nhilOZRGTDKHG6Wbd999l46ODt5//33UarVbw5JEqmIICQkhOTkZjUbD5MmTsVqt/Q5a6e7uHurw b0tKths3bmT+/Pn9TjOYQRUqlcrtgnUvxMXFkZeXh9FoZP78+dTV1bn1V5e6ZTY2NnL+/HkqKyup rKykrq6OY8eODRiXlNQHUlhYSEpKCoGBgSQmJqLRaAgKCsLPz29QA7luVVVVhcViYebMmS7tB5KS khKqq6vlXkm32+8Oh0O+UA90wZSmGwxpWX/5y18GLABId07BwcHk5OTQ2trK2bNnqampoaysjN27 d6NUKomLi8Pb25tdu3bx4osvcv78ec6dO0dZWRlHjx6lpaWFP//5z4OKyxMyMzP/W6fTdQNHy8vL vbu7u1mzZg3f+c53BjV/aWkpFy9edDY1NfV+9dVXfXemAvjK6XSeVSgUZxUKxdmenp7T9/KtPiPR iErmcXFxclVLQUEBCxcuHPCEf+edd/Dz8yMrK8tlGqluWyoJS6U7qftgX9u2bcNisfDmm28Oxea4 kLqKtbS0uCW99vZ2jEYjU6ZMkeuVh1tISAgajcalEbpvFUVVVRVms5lVq1bJt/qrV6/mrbfe4sCB A9TW1rptl7+/P97e3nJ9e1+nT58mLS2Nl156iSNHjuDt7U1WVhY+Pj7yNHc7riA/Px+4UWrtr4eQ Wq1m7969nDhxgueff57AwEAqKytpbGx0ucOQ2kqk80Y6ho2NjW5jDT799NNBxTZp0iS5G+GtVTBV VVW0tbUxe/Zs2traqKqqIiYmBn9/f5588kmefPJJzGYzy5cvx2QyMXfuXE6ePMkjjzxCREQEs2fP Zvbs2WzevJnly5dTUVEx6H3mKXq9/oRWq13g5eX1P7W1tf+ns7OTpKSkOxZsysvLpYZxBTdK3Z85 nc6zwBkvL6+PJkyYUDeUzw4fiUZMAyj8bx3l4cOHaWlpuW19bH8lIZvNJg/Zlr6fNWsWPj4+HDly xKW3htlspqysbMDb43stMDCQoKAgioqKpEdkyl599VXS09Pdek4Mt/j4eJqamigqKiIsLMwlOVdV VZGenk5VVZXLPDdfTDvgfoyJiaG+vt6lLcPhcPDuu+/yxRdfEBgYKB+rvhdlh8NBZmYm8L9VE4PR 3t5ORUUFwcHBA3b1jI2NRaVSkZ+f79IukJmZ6XJevf322y53FdIxNBqNLheo5ubmQTVeS+uGG8e8 7/nY3t7Ozp07ycjIkNtapH7xfUn728fHh7Fjx3LgwAHS0tLceiJJPZXuBwaD4Uxvb+90hUJhuXTp Evv27aOzs/O28/T5/m0vL69HDQZDQGZm5lOZmZmv6vX6mm9bIocRVjKHGz/+w4cP4+fn51Zy6WvJ kiUcPXoUnU7HzJkzsVqtlJaW4uPjg0qlkk9uHx8ftm7dSkpKCk8//TTR0dFYrVZKSkpQq9Vyj4nh kJKSQmJiIomJiSxYsAA/Pz9MJhN1dXVER0cTExMzbLH0Jy4ujoyMDMxmMykpKS7frVq1iuLiYjZv 3syCBQuYMGECZrOZ0tJSwsLCBqwOe+6556irq2Pjxo3yfBUVFTQ1NbF161Z8fX2Jj4/nwIEDPPvs s8yZMweHw0FFRQXXr19HrVbfsZqmL6PRiMPhkJNmf3x8fJgzZw4lJSWUlJQQFxfH2rVrOXz4MAkJ CURFRdHU1ITJZHJLiCkpKTz77LM888wz8jqMRqM8gOxOgoKC0Gq1GAwGfvnLX8rbW1RURFdXF3v3 7pUHIkVERJCdnU1TUxNTpkyhvb2dkpISfH19efrpp1EqlWzcuJHU1FR5WUqlkoqKClpaWtyO4Uhm MBgurl+/fjpQ3NLSEpSWlsaGDRsGM1r00qFDh5qHPsKRTwkQFhY2B5jj7+8/JPWxA7l27Rr+/v4u vQi+//3vc/36dRYvXuxSLdLd3c3YsWOJiorigQceICIignHjxnHp0iXq6uro6ekhPj6e7du343Q6 8fLy4rHHHgPgJz/5CTNmzMBisVBTU8PVq1d57LHH2L17t3yyXLt2jR/84AfMmTPHJUar1YrT6SQy MhK1Wi3/HRERwfjx47HZbFy/fp3w8HC3kqDFYmHixIny9vn6+vL4449jt9upr6+nsbGRhx56iNWr V/PrX//6jo0/UsPY7S5yt1v/rftS2iaJt7c3NTU1fPnll+zcudOl7vK73/0u0dHR2Gw2Pv74Yxoa GvDy8uKpp55i69at8rS3HtMHHniA2NhYvLy8aGhooKGhgYCAADZt2iQnQ6n73T//+U8uXLhAZ2cn c+fOZefOnXID3owZM1AqlXfcBzU1NYwfP54VK1bctvFvwoQJ2O12fHx8CAkJYdq0aUyaNAmz2Uxt bS3f+9732LVrFw899BABAQHy+qTGxWvXrnHhwgWuXr1KQkICTzzxBE6nUz4/bz1v+goLCyMkJISr V69iMpn417/+xdSpU9m+fbvLqNP58+fL1VS1tbV0dHTwi1/8gpdeekn+nU6ePJng4GAsFgsXLlzg 8uXLBAYGsmnTpmF9231bW5vUhbTMZDKdvptl1NTUdEyfPv240+mM6u7ufqS2tpYpU6a4VL1Jmpqa pN5Dd72+0UYBoNVqdwEptythCaOfzWZj4cKFREVF9fv8F0EYiPSgNyDFYDD89j9ZVmJi4oN2u70Q mD127FiSkpLchv8XFhZKvcL+4/WNFiOqzlzwDKvVisPhIDs7m46ODp566ilPhyR8i90cLTrP6XQe 7+npIT093aOjRe8XIpkL7Nu3j+nTp2MwGIiPj++3z7ggDKeUlBT7D3/4wxVA+tdff01mZiYfffSR p8Ma0UZcA6gw/KSGV41Gw6pVqzwcjSDccLNHygtarbajt7c3JScnh+7u7n6f1SSIZC5w41EH4hnf wkhlMBh+q9VqvwBefe+995RffvnliB3Z6kmimkUQhBHPYDC87nQ6lwOO0tLSYXtA1/1EJHNBEO4L mZmZeV5eXvMUCoX11kFSgkjmgiDcR26+6We2l5fX1ZsffeHBcEYUkcwFQbiv6PX6GiACWO/v7z+y XjrrQaIBVBCE+87NIfwikfchSuaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIg CKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAI o4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAij gEjmgiAIo8CYvn+0trZ6Kg5BEO5jInd4npTMrwC0tbXR1tbmwXAEQbjPXfF0AN9WCuk/Wq1WB4z3 YCyCINzfrhgMBr2ngxAEQRAEQRAEQRAEQRAEQRAEQRAEQRDuc/8fxC9aEL2TrMcAAAAASUVORK5C YII= --001a11438ee87740cc052a2ebe73 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --001a11438ee87740cc052a2ebe73-- From publicity-bounces@lists.xenproject.org Mon Jan 25 20:52:24 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 20:52:24 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNo7a-0007jq-Hg; Mon, 25 Jan 2016 20:52:22 +0000 Received: from mail6.bemta5.messagelabs.com ([195.245.231.135]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNo7Y-0007jV-J3 for publicity@lists.xenproject.org; Mon, 25 Jan 2016 20:52:21 +0000 Received: from [85.158.139.211] by server-4.bemta-5.messagelabs.com id BD/CC-12635-30B86A65; Mon, 25 Jan 2016 20:52:19 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-14.tower-206.messagelabs.com!1453755136!17722170!1 X-Originating-IP: [209.85.213.45] X-SpamReason: No, hits=2.0 required=7.0 tests=BODY_RANDOM_LONG, HTML_00_10,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 50679 invoked from network); 25 Jan 2016 20:52:17 -0000 Received: from mail-vk0-f45.google.com (HELO mail-vk0-f45.google.com) (209.85.213.45) by server-14.tower-206.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 25 Jan 2016 20:52:17 -0000 Received: by mail-vk0-f45.google.com with SMTP id n1so80775840vkb.3 for ; Mon, 25 Jan 2016 12:52:17 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=m6Fu9bhRr6s8QCoSF8rkPjMBJqUkx4bns46oby0G0No=; b=MlwuidLB2t8uhI9JMSccMWD1bPKnbhW+yqOMyGnVVB6w/OLIHfDxA5AQjmyU1vmuN1 AobmKoObeFyDHFIqKayRBTCuoz/ZpXf5vcY62RS9mDDK+G/i9OQd8daEuydme/zUbOPB tvwFXzy6Kx6g0rwSyWSoSGKzJfuqCDguM27kVFiPDbDkZXBVVj4pZQmGY+nbECHS+JX5 1x4eyuTfqeWIjDGtbTNApmFFZfhGnlvzCLuIXXgB24eigzzs6XhlUuVGuRWHs+erRqPr UYUcVepFlLHbmxJmF65am+O1hta4DYEZTazdh5yyZpqCxUduKPkzaRfnSg/UlukLMcHC NFdg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=m6Fu9bhRr6s8QCoSF8rkPjMBJqUkx4bns46oby0G0No=; b=EVDDX2thXtn5KkqprJmgDAokSG0eaH/DtuvWkvIGmvC6PI5yf4+1FhABhYibPU1Zdl 5BeZyHQyxduGXpx6Ey9AaBYQqOeLS2LbW3bT4IP+AEo5oxwLiGHqNpdjmaBGTF1393yO FDQGVkKsfI3JSDDZEId6YwgTNhmNzwc5IW/tbPiB64PmBGqfw+fHpJawwheeXa/KsZIe hhASgG8F/6A/cv9Y7wp02O/Mw20W5TG4OuXHdJKLO9Oi7aDrBB6CksYQCnbn2Z6fH8yy 2Gs10XBiX5vjSPQcYWoefgQxZZ+MJrzJ8uTcLjDMewTWfQFvwdYAOm0R97esgFWyjEDW 2J6w== X-Gm-Message-State: AG10YOTuVy7VtzaOu3DLvQKJfhHxfjfM5YnYEBsirU/GKfSnkbbYPWhXhI2K7FI4y8pfIk9PhR0BqgbjXVWHszsq X-Received: by 10.31.54.134 with SMTP id d128mr10701686vka.26.1453755135848; Mon, 25 Jan 2016 12:52:15 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 25 Jan 2016 12:51:56 -0800 (PST) In-Reply-To: <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> From: "Lengyel, Tamas" Date: Mon, 25 Jan 2016 13:51:56 -0700 Message-ID: To: Lars Kurth Content-Type: multipart/mixed; boundary=001a11438ee87740cc052a2ebe73 Cc: publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --001a11438ee87740cc052a2ebe73 Content-Type: multipart/alternative; boundary=001a11438ee87740c7052a2ebe71 --001a11438ee87740c7052a2ebe71 Content-Type: text/plain; charset=UTF-8 Hi all, here is an updated version. Also, a couple pictures that could be used as illustrations. Feel free to punch it up as needed ;) Tamas Stealthy monitoring with Xen altp2m One of the core features that differentiates Xen from other open-source hypervisors is its native support for stealthy and secure monitoring of guest internals (aka. virtual machine introspection [1]). In the latest release of Xen last summer several new features have been introduced that make this subsystem better; a cleaned-up, optimized API and ARM support being just some of the biggest items on this list. As part of this release of Xen, a new and unique feature was also successfully added by a team from Intel that make stealthy monitoring even better on Xen: altp2m. In this blog entry we will take a look at what it's all about. In Xen's terminology, p2m stands for the memory management layer that handles the translation from guest [p]hysical memory to [m]achine physical. This translation is critical for safely partitioning the real memory of machine between Xen and the various VMs running as to ensure a VM can't simply access the memory of another. There are several implementations of this, including one with hardware support via Intel Extended Page Tables (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging (hap) in Xen's terminology. In this implementation the hypervisor maintains a second pagetable, similar to the one in 64-bit operating systems use, dedicated to running the p2m translation. All (open-source) hypervisors that use this hardware assisted paging method use a single EPT per virtual machine to handle this translation, as most of the time the memory of the guest is assigned at VM creation an doesn't change much afterwards. Xen altp2m is the first implementation which changes this setup by allowing Xen to create more then one EPT for each guest. Interestingly, the Intel hardware has been capable of maintaining up to 512 EPT pointers in the VMCS since the first introduction of EPT; however, noone made use of this capability until now. This changed in Xen 4.6, where we can now create of up to 10 EPTs per guest. The primary reason for this extension is of course the new #VE and VMFUNC extensions that were released in the Skylake generation of CPUs (which is worth a whole blog-entry on its own), but it can also be used by external monitoring applications via the Xen vm_event system. Why this feature is a game-changer for applications performing purely external monitoring is because it simplifies the monitoring process of multi-vCPU guests. The EPT layer has been successfully used in stealthy monitoring applications to track the memory accesses made by the VM from a safe vantage point by restricting the type of access the VM may perform on various memory pages. Since EPT permission violations trap into the hypervisor, the VM would receive no indication that anything out of the ordinary has happened. While the method allowed for stealthy tracing of R/W/X memory accesses of the guest, the memory permission needs to be relaxed in order to allow the guest to continue execution. When a single EPT is shared across multiple running vCPUs, relaxing the permissions to allow one vCPU to continue may inadvertantly allow another one to perform the memory access we would otherwise want to track. While under normal circumstances such race-condition may rarely occur, malicious code could easily use this to hide some of its actions from a monitoring application. Solutions to this problem exist already. For example we can pause all vCPUs while the one violating the access is singlestepped. This approach however introduces heavy overhead just to avoid a race-condition that may rarely occur in practice. Alternatively, one could emulate the instruction that was violating the EPT permission without relaxing the EPT access permissions, as Xen's built-in emulator doesn't use EPT to access the guest memory. This solution, while supported in Xen, is not particularly ideal either as Xen's emulator is incomplete and is known to have issues that can lead to guest instability [2]. Furthermore, over the years emulation has been a hotbed of various security issues in many hypervisors (including Xen [3]), thus building security tools based on emulation is simply asking for trouble. It can be handy but should be used only when no other option is available. Xen's altp2m system changes this problem quite significantly. By having multiple EPTs we can have differing access permissions defined in each table, which can be easily swapped around by changing the active EPT index in the VMCS. When the guest makes a memory access that is monitored, instead of having to relax the access permission, Xen can simply switch to an EPT (called a view) that allows the operation to continue. Afterwards the permissive view can be switched back to the restriced view to continue monitoring. Since each vCPU has its own VMCS where this switching is performed, this monitoring can be performed specific to each vCPU, without having to pause any of the other ones, or having to emulate the access. All without the guest noticing any of this switching at all. A truly simple and elegant solution. Of course, EPT based monitoring is not the only introspecting technique used for stealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analysis [4] uses it in combination with an additional technique to maximum effect. The main motivation for that is because EPT based monitoring is known to introduce significant overhead, even with altp2m: the granularity of the monitoring is that of a memory page (4KB). If the monitoring application is really just interested, for example, when a function-entry point is called, EPT based monitoring creates a lot of "false" events when that page is accessed for the rest of the function's code. Fortunately, this can be avoided by enabling the trapping of debug instructions into the hypervisor, a built-in feature of Intel CPUs that Xen exposes to third-party applications. This method is used in DRAKVUF, which writes breakpoint instructions into the guests' memory at code-locations of interest. Since we will only get an event for precisely the code-location we are interested in this method effectively reduces the overhead. However, the trade-off is that unlike EPT permissions the breakpoints are now visible to the guest. Thus, to hide the presence of the breakpoints from the guest, these pages need to get further protected by restricting the pages to be execute-only in the EPT. This allows DRAKVUF to remove the breakpoints before in-guest code-integrity checking mechanisms (like Windows Patchguard) can access the page. While with altp2m the EPT permissions can be safely used with multi-vCPU systems, using breakpoints similarly presents a race-condition: the breakpoint hit by one vCPU has to be removed to allow the guest to execute the instruction that was originally overwritten, potentially allowing another vCPU to do so as well without notice. Fortunately, altp2m has another neat feature that can be used to solve this problem. Beside allowing for changing the memory permissions in the different altp2m views, it also allows to change the mapping itself! The same guest physical memory can be setup to be backed by different pages in the different views. With this feature we can really thing of guest physical memory as "virtual": where it is mapped really depends on which view the vCPU is running on. Using this feature allows us to hide the presence of the breakpoints in a brand new way. To do this, first we create a complete shadow copy of the memory page where a breakpoint is going to be written and only write the breakpoint into this shadow copy. Now, using altp2m, we setup a view where the guest physical memory of the page gets mapped to our shadow copy. The guest continues to access its physical memory as before, but underneath it is now using the trapped shadow copy. When the breakpoint is hit, or if something is trying to scan the code, we simply switch the view to the un-altered view for the duration of a singlestep, then switch back to the trapped view. This allows us to hide the presence of the breakpoints specific to each vCPU! All without having pause any of the other vCPUs or having to emulate. The first open-source implementation of this tracing has been already merged into the DRAKVUF Malware Analysis System and is available as a reference implementation for those interested in more details. As we can see, Xen continues to be on the forefront of advancing the development of virtualization based security application and allowing third-party tools to create some very exotic setups. This flexibility is what's so great about Xen and why it will continue to be a trend-setter for the foreseeable future. [1] http://wiki.xenproject.org/wiki/Virtual_Machine_Introspection [2] http://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.html [3] https://blog.xenproject.org/2015/05/14/hardening-hypervisors-against-venom-style-attacks/ [4] http://drakvuf.com --001a11438ee87740c7052a2ebe71 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable
Hi all,
here is an updated version. Als= o, a couple pictures that could be used as illustrations. Feel free to punc= h it up as needed ;)

Tamas

Stealthy mon= itoring with Xen altp2m

One of the core features that differentiates= Xen from other open-source hypervisors is its native support for stealthy = and secure monitoring of guest internals (aka. virtual machine introspectio= n [1]). In the latest release of Xen last summer several new features have = been introduced that make this subsystem better; a cleaned-up, optimized AP= I and ARM support being just some of the biggest items on this list. As par= t of this release of Xen, a new and unique feature was also successfully ad= ded by a team from Intel that make stealthy monitoring even better on Xen: = altp2m. In this blog entry we will take a look at what it's all about.<= br>
In Xen's terminology, p2m stands for the memory management layer= that handles the translation from guest [p]hysical memory to [m]achine phy= sical. This translation is critical for safely partitioning the real memory= of machine between Xen and the various VMs running as to ensure a VM can&#= 39;t simply access the memory of another. There are several implementations= of this, including one with hardware support via Intel Extended Page Table= s (EPT) available to HVM (and PVH) guests, called Hardware Assisted Paging = (hap) in Xen's terminology. In this implementation the hypervisor maint= ains a second pagetable, similar to the one in 64-bit operating systems use= , dedicated to running the p2m translation. All (open-source) hypervisors t= hat use this hardware assisted paging method use a single EPT per virtual m= achine to handle this translation, as most of the time the memory of the gu= est is assigned at VM creation an doesn't change much afterwards.
Xen altp2m is the first implementation which changes this setup by allowi= ng Xen to create more then one EPT for each guest. Interestingly, the Intel= hardware has been capable of maintaining up to 512 EPT pointers in the VMC= S since the first introduction of EPT; however, noone made use of this capa= bility until now. This changed in Xen 4.6, where we can now create of up to= 10 EPTs per guest. The primary reason for this extension is of course the = new #VE and VMFUNC extensions that were released in the Skylake generation = of CPUs (which is worth a whole blog-entry on its own), but it can also be = used by external monitoring applications via the Xen vm_event system.
Why this feature is a game-changer for applications performing purely ext= ernal monitoring is because it simplifies the monitoring process of multi-v= CPU guests. The EPT layer has been successfully used in stealthy monitoring= applications to track the memory accesses made by the VM from a safe vanta= ge point by restricting the type of access the VM may perform on various me= mory pages. Since EPT permission violations trap into the hypervisor, the V= M would receive no indication that anything out of the ordinary has happene= d. While the method allowed for stealthy tracing of R/W/X memory accesses o= f the guest, the memory permission needs to be relaxed in order to allow th= e guest to continue execution. When a single EPT is shared across multiple = running vCPUs, relaxing the permissions to allow one vCPU to continue may i= nadvertantly allow another one to perform the memory access we would otherw= ise want to track. While under normal circumstances such race-condition may= rarely occur, malicious code could easily use this to hide some of its act= ions from a monitoring application.

Solutions to this problem exist = already. For example we can pause all vCPUs while the one violating the acc= ess is singlestepped. This approach however introduces heavy overhead just = to avoid a race-condition that may rarely occur in practice. Alternatively,= one could emulate the instruction that was violating the EPT permission wi= thout relaxing the EPT access permissions, as Xen's built-in emulator d= oesn't use EPT to access the guest memory. This solution, while support= ed in Xen, is not particularly ideal either as Xen's emulator is incomp= lete and is known to have issues that can lead to guest instability [2]. Fu= rthermore, over the years emulation has been a hotbed of various security i= ssues in many hypervisors (including Xen [3]), thus building security tools= based on emulation is simply asking for trouble. It can be handy but shoul= d be used only when no other option is available.

Xen's altp2m s= ystem changes this problem quite significantly. By having multiple EPTs we = can have differing access permissions defined in each table, which can be e= asily swapped around by changing the active EPT index in the VMCS. When the= guest makes a memory access that is monitored, instead of having to relax = the access permission, Xen can simply switch to an EPT (called a view) that= allows the operation to continue. Afterwards the permissive view can be sw= itched back to the restriced view to continue monitoring. Since each vCPU h= as its own VMCS where this switching is performed, this monitoring can be p= erformed specific to each vCPU, without having to pause any of the other on= es, or having to emulate the access. All without the guest noticing any of = this switching at all. A truly simple and elegant solution.

Of cours= e, EPT based monitoring is not the only introspecting technique used for st= ealthy monitoring. For example, the Xen based DRAKVUF Dynamic Malware Analy= sis [4] uses it in combination with an additional technique to maximum effe= ct. The main motivation for that is because EPT based monitoring is known t= o introduce significant overhead, even with altp2m: the granularity of the = monitoring is that of a memory page (4KB). If the monitoring application is= really just interested, for example, when a function-entry point is called= , EPT based monitoring creates a lot of "false" events when that = page is accessed for the rest of the function's code. Fortunately, this= can be avoided by enabling the trapping of debug instructions into the hyp= ervisor, a built-in feature of Intel CPUs that Xen exposes to third-party a= pplications. This method is used in DRAKVUF, which writes breakpoint instru= ctions into the guests' memory at code-locations of interest. Since we = will only get an event for precisely the code-location we are interested in= this method effectively reduces the overhead. However, the trade-off is th= at unlike EPT permissions the breakpoints are now visible to the guest. Thu= s, to hide the presence of the breakpoints from the guest, these pages need= to get further protected by restricting the pages to be execute-only in th= e EPT. This allows DRAKVUF to remove the breakpoints before in-guest code-i= ntegrity checking mechanisms (like Windows Patchguard) can access the page.= While with altp2m the EPT permissions can be safely used with multi-vCPU s= ystems, using breakpoints similarly presents a race-condition: the breakpoi= nt hit by one vCPU has to be removed to allow the guest to execute the inst= ruction that was originally overwritten, potentially allowing another vCPU = to do so as well without notice.

Fortunately, altp2m has another nea= t feature that can be used to solve this problem. Beside allowing for chang= ing the memory permissions in the different altp2m views, it also allows to= change the mapping itself! The same guest physical memory can be setup to = be backed by different pages in the different views. With this feature we c= an really thing of guest physical memory as=C2=A0 "virtual": wher= e it is mapped really depends on which view the vCPU is running on. Using t= his feature allows us to hide the presence of the breakpoints in a brand ne= w way. To do this, first=C2=A0 we create a complete shadow copy of the memo= ry page where a breakpoint is going to be written and only write the breakp= oint into this shadow copy. Now, using altp2m, we setup a view where the gu= est physical memory of the page gets mapped to our shadow copy. The guest c= ontinues to access its physical memory as before, but underneath it is now = using the trapped shadow copy. When the breakpoint is hit, or if something = is trying to scan the code, we simply switch the view to the un-altered vie= w for the duration of a singlestep, then switch back to the trapped view. T= his allows us to hide the presence of the breakpoints specific to each vCPU= ! All without having pause any of the other vCPUs or having to emulate. The= first open-source implementation of this tracing has been already merged i= nto the DRAKVUF Malware Analysis System and is available as a reference imp= lementation for those interested in more details.

As we can see, Xen= continues to be on the forefront of advancing the development of virtualiz= ation based security application and allowing third-party tools to create s= ome very exotic setups. This flexibility is what's so great about Xen a= nd why it will continue to be a trend-setter for the foreseeable future.
[1] http://wiki.xenproject.org/wiki/Virtual_Machine_Introspection[2] http://lists.xen.org/archives/html/xen-devel/2016-01/msg00285.htm= l
[3] https://blog.xenproject.org/2015/05= /14/hardening-hypervisors-against-venom-style-attacks/
[4] http://drakvuf.com
--001a11438ee87740c7052a2ebe71-- --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="altp2m.png" Content-Disposition: attachment; filename="altp2m.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q710 iVBORw0KGgoAAAANSUhEUgAAAYcAAAHECAYAAADS0ua8AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFCw6LvM5NwAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7N1/VFNXvj/8d+Sox2lq45i2sZOOYUSl03QaZ+K3OBNr MtIrVrziI17iAsd4QYgWV/GRfmVW6SJ9qku6Sh9xFRWQjuEWr+E2PsKIt3EKQxzTSxziNR3pNSre pN9mSjqmM7k1jlEC+/mDnlNiwi8FUdmvtbKUc3Z2dk6S/Tln7332BiiKoiiKoiiKooYi4P6Tl5eX QQhJHM/CUBT14BIIBK6qqqr68S4HNToEAB8YTONdGIqiHmwCgUBLA8TDgQEA7oph3rx5mD9//viW iKKoB87Fixdx6dIl0NaHhwfT/4/58+cjNTV1vMpCUdQD7NKlS+NdBGoUTRrvAlAURVH3HxocKIqi qCg0OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKQoMDRVEUFYUGB4qiKCoKDQ4URVFUFBocKIqi qCg0OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKwgydJJLD4YDP5xuLslAUdR+SSCRQKpXjXQzq HhtRcHA4HDh48OBYlYWiqPsYDRATy4iCA3fFQFeMo6iJgVvhjbYWTDwjblYC6IpxFDWR0BXeJiba IU1RFEVFocGBoiiKikKDA0VRFBWFBgeKoigqyn0dHJxOJzQazYCP1157DS6Xa7yLeV85evQo4uPj RyWvQCCAXbt2YcGCBZg8eTIEAgGmTZuGxYsXo7a2FuFweFReZzQEg0E4nc4B93u9Xmg0GmzdunXI vNatW4eVK1ciHA5j27Zt0Gg0wypDOByGw+EYdpnvRG1tLTQazaDvlaJGw30dHAKBAKxWa8wA0NnZ ibKyMixYsAAtLS3jULr7j91uh06ng8fjueu8bDYbnnnmGRQXFwMA8vPzYTAYoNPp0NnZCZ1Ox1eg 462zsxPPPPMMGhsbB0wjlUoRCARQUVEBr9c7YDqHwwGTyQSxWAyGYeB0OmG1WodVjgULFmDfvn0j Lf6IeDweWK1WBAKBMX0dirqvgwMnJSUFra2tEY8vvvgCJpMJoVAI+fn5413EcVdfX4+XXnoJwWDw rvPy+XxYvXo1gsEgzGYzzp07hz179qCkpAQHDhyA2+1Geno6LBYL9u7dOwqlvzter3fQCp+Tk5MD oO9YDaS2thYAkJeXBwA4cuQI3G73sMrR0dExrHQU9SB4IILDQDIyMqBUKuFyufjKwePxIBAIIBQK wWq1orOzM+I5wWAQNpsNVqt1yDNsl8sFq9UKh8Mx4Bmy3++H1Wod8myOOwO12+0IhUIx0/h8Pj6v kdx0pNFooNVqIZfLIZfLB0zn8XiGVYm+/fbb8Pv9KCsrw5o1a6L2syyLDz74ABKJBOXl5fx2v98f 85gGg0F4PJ6YgYs7E7bZbAMGNq65JtZnEQgE8NVXX/H/93g8A35WGRkZYFkWdXV1A76OyWSCXC5H UlJSzDR+v58/hh0dHbDb7fz76/9eQ6EQQqEQ/328ndfrjfkZBwIB/vs52HeFou6J3NzcktzcXHL8 +HEymOPHj5PhpBstra2tBADR6XQDplGr1QQAcbvdhBBCAJDCwkKSmJhIABAApL29nRBCSGlpKREK hfx2AEStVpOurq6IPNvb24lCoYhIJ5VKyenTp/k0165dI3q9njAMw6dhGIYUFhaS7u5uPt2FCxdI QkJCRF4ikYhUVlZG5KXVaiPSACBarZbcuHFjyOMkkUhIRUUF6e7u5o9HLACITCYbNK/u7m4iFAqJ RCKJeB+xnD59mj/uhBCi0+livrbRaCQAiNFo5Ld1dXWRtLS0qONSXl4e8VyLxUIkEklEOolEQpqa mgghhBgMhqjj1r9Mt+OO8/nz56P2NTQ0EACkrKyM33b78dTpdEQmk5GysjL+9WQyWVQZWltb+e+v wWCIei2ZTEbUajX/97Vr14hOp4v4PnHHpKGhgU/Hvd/W1tYB3+NoGu5vnkuXm5tbMvo1FDUeHugr B5/PB4fDAZFIBKlUym+vqamBUCiEwWCAXq+HUqnErl27UFRUBLVajfb2drjdblRUVMDhcECj0fBn rT6fDy+99BJ8Ph/MZjPcbjeam5sRDoexcuVK/mxv48aNqKysRGFhIS5cuIALFy6goKAAZWVleO21 1/iycO3yra2tcLvdaG9vR0JCAvR6Pd8M8fbbb8NkMqGiogJutxuXL1+GXq+HyWTCu+++O+RxcLvd eOWVV8Awg9/wLpPJIo5TLE6nE8FgEGq1esj8VCoVZDLZkOW7XTgcxvLly9HU1ISysjK43W6cP38e KSkpKCgowPvvvw+g7yxcq9VCJpPxn1lzczNYlkVWVhaCwSA2bNjAX73odDq0trZCIpEM+NqDNS0Z jUawLIsNGzYMWn6/34+dO3eioKAAhYWFKCsrQ2trK4DvmkAVCsWIjsnWrVthNBpRXFyMy5cvw+12 81c4Op2OXkFQ99wdTZ9xr3V2dvJtwRyPxwOj0YhgMIjS0tKIiiwUCuHjjz+GSCQC0FfJ7Ny5E3K5 HMeOHePTvvLKK2BZFjk5Odi3bx927NiBffv2IRAIoLm5GUuXLgXQV6kajUakpqaipaUFc+bMgdls hl6vx+7du/nXfeedd+DxeFBRUYHt27eDZVl0dnZCr9dDrVbzeR08eBBVVVX8D95ms0EikSAvL48v 24EDBwBg0IqOw7LssI7jcNrOr1y5AgBITEyM2hcIBGI2kUgkkmGXAegbUeV0OlFWVobt27fz2z/4 4AO4XC4UFxdjw4YNcDgcCAQC0Gq1/KRvMpkMlZWVaGpqgt/vh0wmw/PPP8/v447zQJYuXcp/nm+9 9Ra/3e/3o6mpCenp6RCLxYPmwX3nduzYEbVPIpEMWYZYXC4X0tLSUFLy3Ym3TCbjj5PP57ujQExR d+qBCA42mw02my1qu0gkws6dO6N+pAqFgg8MAHDq1CmEQiFkZWVFnQ1nZmZCr9fDarVix44dsFgs EIvFfGDgLF26FN3d3QD6zvSBvjPn29vYk5KSYDab8cknnyAjIwMymQw1NTUAgLS0NCxZsgQKhYKv /IG+2S6tViuWL1+OrKwsLFu2DBKJJCLNvTLY6KO9e/fCYDBEbW9tbR1RhdjU1AQAeOGFF2Iev8rK SjidTsjlcrAsi+LiYni9XqxatQpJSUlYtmwZli1bNuzXu11OTg6Ki4ths9mgUqkAAIcPH0Y4HOav LIZyN68fS1tbW8TfoVAILpeLH6nn8XhocKDuqQciOKSkpEQFALFYjMTExJhNHwkJCRF/+/1+ALHP wlmWhVQq5Tuu/X5/zKaX/q/D/WCzsrIGLDOX3wcffMA3QVVWVoJlWajVauTn52PFihUAgJKSEnR2 dqKhoQHNzc0A+gKcVqvFK6+8AqFQOODrjLY5c+YAQMzhw0uWLIkIDlzn+UhxHbqLFy8eME0wGIRY LIbJZIJer0dZWRnKysogFAqRlpaGvLw8vmIfqQ0bNsBgMKC2tpbPw2g0QiaTRZ0UDKT/ycdoCIVC qKqqQlNTU8QAi5FckVHUaHoggsNIL9WHaiu/XSgUiggcQw0H5fI3mUx48sknY6bhzvJUKhUuX74M m82GlpYWNDc3w2KxwGKxoLKyEnl5eRAKhTh27Bi8Xi9OnDgBi8WC5uZmFBUVwWKx8O3Z94JCoYBQ KITNZkM4HI44lmq1OupzuJPgwBnsfXFt9qtWrcKKFStw6tQp/rjV1dXBZDLBYrEMuzLvTyqVIiUl BQ0NDXjvvffQ2dkJp9OJ0tLSO34vd4Prg7FarVCr1cjKyoJCocDzzz+P+vr6mFdrFDXWHugO6eF6 9tlnAcQ+G+aGFHKVeUJCArxeb1QHYCgUwuLFi1FVVcW3xzMMw1eY3EMikeDmzZsQCoUIBAI4ceIE PB4PVCoVSkpKcPr0aZw/fx4sy/LNTdzQRalUiry8PBw7dgxXr15FUlISrFbrsIafjhaWZaHVauH1 eu/4hi7uSo1ze7DlruzEYnHU8RMKhejp6QHDMPD5fGhsbEQwGMTSpUvxzjvv4Pz587BYLPyw0zul 0+ng9/tx8uRJ1NbWgmEYZGZm3nF+sQx01h8OhyM+01OnTsFqtSInJwetra3YvXs3MjIykJiYGHUs KepemRDBQaFQ8G3/t48t37VrFwAgPT0dQF+/QCgU4kfMcGpra2Gz2SAUCrFmzRowDIPS0tKIii8c DmPTpk1ISUmBz+eDx+NBampq1IgjmUwGhmH4pomNGzdi/fr1EXmxLMtfzYxW08Jw73PYvXs3JBIJ CgsLsWvXrpiBsra2FhUVFQC+u5LiOnI//fRTPm04HIbRaIx4Pnes33zzzYjtwWAQa9eu5fe3tLQg LS0t6rOYPXs2gO+Oy50cn1WrVkEikcBsNsNkMiElJWXIkVzD0b/PhjvhsNvtEWlun3qECwC39yn4 fL67CoAUdTceiGalu8UwDCorK5GamoqFCxciPz8fYrEYDQ0N/AgV7qwxOzsbJpMJBQUF6OjoQFJS Ejo6OlBeXg6VSoWMjAwwDIPi4mIYDAYsWrQIer0eDMOgrq4ONpsNRUVF/M1oKSkpqKioQCAQgFqt RigU4kdZFRQUAACKi4uh0+n4vIRCIZqbm9HQ0ACdTjfk6Jnhio+Ph0wmG3LUklgsRmtrK1avXo3i 4mKUlpYiOTkZIpGIn9IkEAhAJBKhoqKCb7fPyMhAeXk5tFot9Ho9WJaFyWSKauZbtmwZsrKyUFdX h8WLFyMrKwvhcBiVlZXweDyorKzkg3BpaSmKiorg8XigVCrh9/tRUVEBoVDI38XMVaoVFRXweDx4 /fXXo/qdbscwDLKyslBeXs6/9t3ivlPr169HdnY21Go1VCoVLBYLVq9ezX+XmpqaIgLRkiVLIBQK UVpaCpZloVAo4HQ6UV5eDqFQCL/fj5s3b951+ShqxO7Xm+DOnTtH1Go1KS0tHfZzBkvf1tZGUlJS +BvhEhMTSXl5edTNXteuXSMFBQVEKpXyN10VFBSQa9euRaQzmUwkKSmJv3FJLpeTioqKmHlxN8Kx LEtUKhWxWCxReSmVSj6vhIQEYjAYhrwR7XYFBQURN1fdfmy0Wu2w87px4wapqKggarWaP2Ysy5Kk pCRSWloadfMgIX03kimVSv4GrsLCQnL58mWiVqsj3nN3dzepqKggcrmcv4FQpVIRs9kckV9XVxfJ yckhYrGYACBCoZCkpKTwNzZyysrKSEJCApHJZMO+QezChQtErVaT1NTUAY/z7ceztLQ05o2T3HuX y+VEJpORmpoavvxarZYIhUL+Pba3t5OCggJSUFDAP7etrY2oVCrCMAxhGIYolUpiNBr5Y8flZzQa iVqtJufOnRvWe7xb9Ca4iUsA9AUHAIaVK1cOuvxnU1MTjh8/jqHSURT1cBjub55LB8BQXV395oAJ qQfGhOhzoCiKokaGBgeKoigqCg0OFEVRVBQaHCiKoqgoNDhQFEVRUWhwoCiKoqLQ4EBRFEVFocFh FGzduhUajSZqzYnhWLduHbZt2zZkutraWmg0mhEtH3q/cDqdePTRR6OWbAWAxsZGLF++HDNmzIBA IIBAIMDcuXPx2muvRbzXjo4OaDSaiIWUYuEWZVq3bl3UvlAohOXLl0Oj0cDhcMR8fmdnJx599FE4 nc4RvkuKerjQ4HCXuMV9HA7HHc3qabfbh1URcWstP2grgnHzTeXk5ERMaREMBrF8+XKkpaXB4XAg LS0NBoMBRUVFEIvFKCsrw3PPPccfG7lcjs7OTlRUVAw6a25LS0vU9BQcbsZbu90+4Ap7CQkJyMnJ waZNmwZd24KiHnY0ONwl7mohPz8fLpcLLS0t41yi+8vhw4fR0dERtR7H5s2bYbFYkJOTA7fbjUOH DqGkpAS7d+9GW1sbTCYTAoEANm7cyD8nJycHoVAo5hKfHG5pzezs7Kh9NTU1kMlkSE9PR0NDw4Az nu7YsQMdHR04fPjwnbxlinoo0OBwl2pqaqBQKPDqq6/yE/wNxul0wmq1xmxi6c/n88FqtcJut8c8 gw0Gg/B4PAiHw/xVxe1n1FweNpttwLPtcDgMh8MBq9UKh8Mx4Nky9xrcpHvDEQ6HsXPnTqSnp0es l+FwOFBXVweVSoUDBw7EXMwoIyMD+fn5cDqdfMDlKvyBZioNBoMwm81Qq9VRy5x6vV40NzcjOTkZ WVlZ/MyysUgkEqSnp2Pnzp306oGasGhwuAsnT56E1+tFVlYWJBIJv4BMrH6Bzs5OLFy4EAsWLIBG o8HcuXOxefPmqHThcBjbtm3D008/DY1Gg0WLFmHBggVRweTo0aOIj4/H+++/j7lz50Kj0fArq3FT X8+aNYvf/vjjj/PTk3NsNhvmzp2LhQsXQqPRYOHChXj66afR2NjIp/H7/Vi+fDni4+Oh0Wig0Wjw +OOPY/PmzUNWnCdPnkRnZye0Wm3Edm4K7uLi4kEXZtq+fTtOnz6NJUuWAPhukZ7m5uaYU4/X19cj FApBp9NF7eOmyc7MzMTSpUshlUr5KcdjSU9PR2dnJ70SpCYsGhzuQk1NTcQiMTqdDuFwOGr9Aa6T 1OVywWg0wu12w2KxoKGhIWoN5bfffhvl5eXIysrChQsXcP78eSQkJPDNJbcrLCyETqdDcXEx8vPz AQArV65EQ0MDSktLcfnyZZw/fx5arRbFxcV8W3soFMLatWvBsiza2trgdrtx+vRpiEQiaLVaPsD9 +te/htVqhclkgtvtxoULF5CVlYXKysohm10aGhoAgK/cOTabDQzDRG2/nVQqhUqliggg3BrPsZqW jEYjRCIRMjIyovZxTUpqtRoMw0Cr1cLj8eDkyZMxX5tbYc5sNg9aRop6qN2vU3bfz65evUpYliWp qan8ths3bhCxWEykUmnEFNAmk4kAIOXl5RF5tLe3EwD8lNA3btwgIpGIKBSKiHTd3d1EoVAQAMTt dhNC+qZuBkCysrIi0jY1NREAxGAwRJVZpVIRkUhEbty4QdxuNwFAioqKItKcPn2a6PV6cuHCBUII IQkJCUQul0ekuXHjBsnKyiINDQ2DHiO5XE4SExOjtrMsS2QyWdT27u5u4na7ox5Xr16NeG2xWBx1 jC5fvkwAkPz8/Kh8W1tbo47J+fPnCQCSlpY2YPkTExOj3vtEQ6fsnrjolcMdOnz4cFQTBsuySE9P h9frjTgj5dZZvv2MVqlURrSNO51OBAIBfiU0DnemG0tycnLE3xaLBUDf2tUejyfioVKpEAgEYLfb IRaL+cV6tm3bxo+E4voBuHIplUp0dHRg5cqVOHz4MPx+P1iWxQcffIBVq1YNeoxcLldEXwNnoOYo r9eL+Pj4qEf/4assy0Kn08HpdKKjo4Pfzl3FbNiwISpf7kqu/z65XA6lUommpqYBV8eTSCQxl5al qIlgQqwENxa49Z/Lysoi2q655piKigqsWLECAPj+glgVZf9tV65cAYCYwzBjPRf4bslMDvdatweN /j7//HOo1WrU1dUhJycH5eXl/KpjycnJyM/P55tV9uzZA5/Ph6amJjQ1NQHoCzxarRZ5eXmD9hmE w+GopS+BvuGiLpcLoVAoYolPkUgEg8HA/x0IBFBeXh71/A0bNqCsrAz19fX8intGoxFKpRJKpTIi bSAQgNlsBsuyESOfgL7PimsGLCmJPuGVSqW0Q5qasGhwuAMOhwMdHR1QKBRRo2JkMhmCwSAsFgs8 Hg9kMtmw1zgejbWiucq6ubkZcXFxMdNwZV6xYgW++OIL2Gw2nDx5kl+atKGhAWazGWvWrIFEIkFr ays6Ozv5+wS4EVAOhwOHDh0atDyx7stQqVRwuVw4deoUli1bxm8XiUQRlbTH44kZHORyOZKSkmA0 GvHWW2/BarXC4/GgqKgoKi3XSZ2cnBwVdGUyGUwmEyorK/H6669HBboH7Z4SihpNtFnpDnDNFHv2 7MGhQ4eiHoWFhQCAqqoqAODPbmPdldu/Q/rZZ58dVrrBcDeaTZ06FWq1OuIhEonQ09MDoVAIn8+H xsZG+P1+qNVq7N69G+3t7Th9+jSAvjPxcDjMD6dNSEjAq6++io8++ghdXV1ITEyE0WgctCwikSjm yC2ueae4uPiOz8x1Oh28Xi9sNhtqa2vBsiw/MKC/mpoasCyLI0eOxPys0tLS+GNxO5/PB5FIdEfl o6gHHQ0OIxQKhWAymSCVSqFWq2OmyczMBMuyqKmpQSgU4vsabr8r98SJExGVfmJiIhQKBerq6iIq 1WAwOGRFzOFea9euXREVbzAYxPr165GamopgMIizZ88iLS2ND2AcrhmIu/dg9erVUcNWRSIRRCJR zPsT+pPL5RH9AhyVSoWcnBw4HA4sX7485j0fDoeDbwaK1XSVmZkJoVCI+vp6mM1maLXaqPI4nU44 HA6kpKRALBbHLGNeXh6A75oJ+3O5XHxgp6iJhjYrjdDRo0cRCAT4YaOxiMVipKamwmw2o7GxERkZ GdDr9aisrEQwGERaWho6OztRXl4edWb63nvv8fccFBQUgGVZVFRUDPvGs6SkJBQWFqKsrAwajYbv yK6srERHRwdKS0shkUiwbNkyKBQK7Ny5Ez6fD0lJSQgEAqioqADDMPxNfYWFhSguLubzYlkWDQ0N sNvtEf0DsajVathsNr55rb8DBw4gHA7DaDRi7ty5SEpKQmJiIn9THtcRrNVqsXv37qi8hUIh0tPT +QDMVfL9cVd4se576F9GmUwGi8UCl8vFN7l5PB7+qoqiJiw6lHX4ioqKiFqtJufPnx80XWtrK1Gr 1RFDRcvLy4lMJiMAiEwmI3V1daSgoIAUFBREPLe9vZ2o1WrCMAwRCoUkJyeHmM1molarSVdXFyGE EIvFQtRqNTl37lzM16+srCRKpZIAIAzDEKVSSUwmU0Saq1evEr1eT6RSKQFAhEIhSU5OJqdPn45I V1FRQeRyOQFAABC5XE4qKiqGPFbccNHKyspBj1NWVhZfBgAkISGB5OTkkLa2tkHz545Tenp6zP3p 6ekkOTmZ3LhxY9B8ampqiFqtJkajkd9WWVlJAAz5OT/s6FDWiUsA9AUHAIaVK1ciNTV1wMRNTU04 fvw4hkpHURyNRoNQKIS2trbxLsqILFq0CEKhEB9//PF4F2VcDfc3z6UDYKiurn7znhWQGjO0WYka UyUlJdBoNHA6nVAoFONdnGFxOp2w2+1obW0d76JQ1LihHdLUmFKr1dBqtXjjjTfGuyjD9uabb0Kr 1dL+BmpCo8GBGnPvvfcewuHwkDPR3g86OzsRCoXw3nvvjXdRKGpc0WYlasyJxWJ89NFH412MYUlI SHhgykpRY+mOgsPFixdHuxwURd2H6G994hpRcJg+fToA4NKlS7h06dKYFIiiqPsP99unJo4RBYcX X3wRAPDNN9+MSWEoirr/TJ8+nf/tUxPHiJuV6JeEoijq4UdHK1EURVFRaHCgKIqiotDgQFEURUWh wYGiKIqKMuIOaYfDEXMBF4qiHk4SiSRq+VXq4Tei4OBwOHDw4MGxKgtFUfcxGiAmlhEFB+6KYd68 eZg/f/6YFIiiqPvHxYsXcenSJdpaMAHd0fQZ8+fPp+s5UNQEQWdDmJhohzRFURQVhc7KOkxvvhm9 uBXDMJBKpZBKpViyZAkYhh7Ojo4OtLS0IBAIQCwWY8WKFVHrR98Jv9+PxsZGOBwOhEIhAEBiYiIy MjIi8rfZbGhpacHSpUuhUqkGzC8cDmPXrl2QSCRR60+HQiG8/fbbAIAdO3aAZdm7Lj9FPWhobTZM BoNh0P1SqRTHjh2bsJ124XAYmzdvRk1NDYRCIcRiMbxeLwoKClBeXo5XXnnljvN+9913UVxcjFAo xOcdDAZhNBpRXFyM/Px8vPPOO2AYBiKRCAaDAVarddCV3FpaWmAwGFBUVBS1r7Gxkf+8uQBEURMN bVYaAalUCrfbHfE4d+4cioqK4PV6sW7dOoTD4fEu5rioqqpCTU0N8vPzcfXqVbjdbnzxxRdISkpC fn4+bDbbHeX7xhtvoLCwEImJiWhubsa1a9fgdrtx9epVtLe3Q6lUory8HO+++y4AQC6XIykpCVar FV6vd8B8jUYjAGDDhg0x98nlckilUlRUVNxRuSnqQUeDwwgwDAOZTBbxUCgU2L17N9LS0tDZ2YmW lpbxLua4qKyshFQqxZ49e/hmGIlEwq+oVl9fP+I8nU4nSktLkZiYiNOnT2Pp0qUR+5VKJT7++GPI ZDKUlpbyzU06nQ4AcPjw4Zj5BgIBNDQ0QK1WIzExMWKf1+uFxWJBcnIy0tPTYbPZ0NHRMeKyU9SD jgaHUaJQKAB8N9x327Zt2LZtGxobG/HMM8/gueeew8mTJwH0VU6vvfYannnmGcTHx+O5557Drl27 EAwGo/Ktr6+HRqNBfHw84uPjsX79eng8nog0LpcL69ev59MsXrw4ZmV8+PBhLF68mE+3du3aqDN6 p9OJtWvX8mkWLVqEffv2DXlFpNVqUVRUFNXvwvUH9H9v27Ztg0ajGXJ45N69exEOh1FeXg6hUBgz jVAoRHFxMXJycvjXyMzMBMuyMJlMMZ9TX1+PUCiEnJycqH3vv/8+AGDNmjX8VUVVVdWg5aSohxEN DqPE5XIB6DtbBvoq2YaGBmi1WgB9Z6RTp06Fz+fDokWLUF5eDqVSCZ1OB7lcjuLiYixfvjyiEv31 r38NrVaLYDAInU6HtLQ0NDQ0YNGiRXyTicPhwMKFC2GxWJCens6fNWu1Wrzxxht8XlVVVcjKyoJQ KIROp4NWq4XdbodGo4HD4QDQt37y4sWL4XQ6kZWVBZ1OB4ZhkJ+fH5FXLK+//nrMfoWjR48C6Gvu 4TidTlitVv5MfyAWiwUikSjqiuF22dnZeOeddyAWiwH0BQytVgun0wmn0xmV3mg0QiQSYc2aNTH3 JSQkQKVSQaFQQKFQoK6uLmbgpqiHXm5ubklubi45fvw4Gczx48fJcNI9jAAQmUwWtb2rq4uUlZUR hmGIVColaJBNTgAAIABJREFUN27cIIQQolarCQBiMBgIIYR0d3cTQgjR6XQEADGZTBH5VFRUEACk uLiYEELI+fPnCQCSnJzMP5cQQiwWCwFACgoKCCGEKBQKIhKJyIULFyLy02q1hGEYcv78eUIIIXK5 nCgUiog0ly9fJgzD8GUsLS0lAPjncOVWKpVELpeP8IgR4na7iVgsJmKxmPztb3/jt587d460trby xyqWq1evEgBEpVKN+HUJIeT06dMEACkqKorYfvnyZQKA5OfnRz2nubmZACA7d+7kt5WVlREApLKy 8o7K8aAb7m+eS5ebm1syPrUYNdrolcMIeDweCASCiMesWbNQWFgIoVCII0eORA17fPXVVwH09VeE w2GYTCYolcqoETCvvPIKpFIp6urqAPSNmAGAkpKSiKaaZcuWoa6uDhs2bEBHRwd/ln972/n27dsR Dof5M3ehUAiXy8U3qQBAQkICuru7UVJSwpcR6Gta4Zp8GIZBe3s7zp8/P+JjtXz5cgQCAZhMJohE In6fQqGAWq0edIgod6Yea3iw0+mERqOJetTW1vJpVCoVEhMT+ePJ4dLcPnwVAGpqagBEdlJnZmaC YRh+H0VNFHQo6wgIhUKkp6dHbBOLxZDL5Vi1alVEBQj0NTH13+b1ehEKhQYc7qpUKtHQ0ACgr4kH iGyO4WRmZgL4rsPVYrFAo9FEpOECANc/UVxcjLS0NGi1WgiFQqhUKqSmpmLNmjV8U9iGDRtQU1OD 8vJyvtkrJSUFa9as4ftUhsPhcGDlypUIBoMwm81DNgvFwjURxWrOCYVCEf0uoVAIPp8ParU6Il1O Tg4KCwthtVr5fUajEUqlMuq4cp3UMpksalCBTCaDw+GA3W5HUlLSiN8LRT2IaHAYAbFYjEOHDg07 /UBnxrcHEQ7X6dq/83egtP3TSSSSmDeaJSYm8pXZihUrcOHCBdTW1sJisfCPwsJC1NTUIDMzE2Kx GO3t7aivr4fZbIbNZoPD4cDOnTuh1Wpx5MiRId/z0aNHodPpIBQK8dFHHw16I9pghEIhZDIZOjo6 EAwGIzqkk5KS4Ha7+b+tVmtUcAT6gmhRUREOHz4MtVqNlpYWeL1eFBcXR6U9fPgwH3S4fpvbVVVV 0eBATRi0Weke4io47qrgdi6XC0KhEAzD8Gm5ju7+Ghsb0dLSwp9dp6en49ChQzEf/ZtPEhIS8NZb b6G9vR1Xr15FTU0N3+Hcv4zZ2dn46KOP8Le//Q3Nzc1QKpUwmUxDDtOtqqqCVquFVCrF6dOn7zgw cLRaLUKh0B2PFpJIJEhLS4PZbEYoFILRaIRQKOSvvPozGo1gWRbXrl0DISTi0d3dDYlEApPJhEAg cFfviaIeFDQ43ENisRgKhQIWiwV+vz9iX2dnJ5xOJ1+hcv9yw185gUAAWVlZKC0txS9+8QuwLAuj 0Rg11PTo0aN49NFHsXfvXoRCIcyaNQvr1q2LKEt2djbUajVf4W3cuBEzZszgm6QYhsHSpUuh1+sB YNChpydPnkR+fj6USiVOnz6NhISEOzlEEbZv3w6xWIzi4uKo48AJhUJ8/0wsOp0OgUAAjY2NaGho QHp6etSwWKfTCYfDgbS0tJhDZhmGQVZWFkKhED/UlRqeTZs2LcvNzd2wadOmZXq9Xq3X62VbtmyR jHe5qKHRZqV7rLi4GOnp6Vi5ciUOHDgAhUIBu92OjRs3AugbEgr0jbPnhrhKJBKsWrUKfr8fW7du RTAYRGFhIUQiEQoKClBaWop169bhnXfegVQqRUtLC/Lz88EwDDIyMsCyLJKSkmA2m6FWq/lO1hMn TqC5uRnJyckAALVaDaPRiHXr1mHPnj18s055eTlYlh2w7yAcDiM/Px/hcBhyuRz79u2LSqNQKLBq 1SoAffc5OJ1OHDlyhO/viEUsFuPYsWNYvnw5UlJSkJqairS0NMyZMwfXr1+H3W5HTU0NfD4fpFIp VqxYEZXHsmXLIJVKUVhYiGAwGLMjmqvwuWHHsWRnZ6OsrAw1NTXYvn37gOmo7+Tl5WUQQkwAIBAI 0NvbCwDo7e1Fbm4uJk2aFATwPwKB4C/hcPh/Jk2a5Ont7Q0JBAIfISQgEAgChBBfXFzczXA43FlT UzPwLe/UqKPB4R5bs2YNampqUFhYiAULFvDbJRIJGhoa+CsGhmFw/PhxrF27NqLSYlkWlZWVWLZs GQDgrbfeQigUQkVFBcxmM59OJpPhww8/5CvfAwcOwOv1Qq/X81cCQF8n+AcffACgr0Pa5XKhrKyM 7xgH+ippk8k0YEXucDj4prKBRvXodDo+OAz3Pgeg7wrq/Pnz2LZtG5qamtDU1BSxXyKRwGAwYPv2 7QOe9et0OuzcuZOfWqO/UCiEuro6fpLAgXD9N3a7nZ/YjxocISQRAGbOnImZM2cCAK5du8bvv3Xr lvDmzZtCAD8IBoMghEAgEABAxL+9vb2YNGkS9Hp9EEBbb2/vJ4QQe3d39xmj0Ujb+cYIDQ7D5Ha7 RzTr6pEjRwa8qzg7OxsZGRk4deoU/H4/Zs+eDZVKFfPu4vb2djgcDnz22WcQiUT4xS9+wfc1AH2V 3549e/D666/jk08+QSAQwJw5c5CUlBSRn0QiQXt7Ozo6OvDpp58CAJ5//vmoUTu7d+/GK6+8grNn zyIQCEAqlfLNVwNRKBQRHcSx9K+4jxw5glAoBKlUOuhz+h+HY8eOIRAI4MyZM/D5fGAYBvPnzx/W RIevv/46srOzBwwe586dA8uyQ36+H330EQKBwKCDBKhoMpkMP/3pT4dMd/36ddy4cQPXr1/H9evX 8fe//x3Xr1/HtWvXcO3aNQSDQSGAlwC8JBAIMGXKFGzZssXd09NzihBiJ4Sc+cEPftBhMBgm5gRn o4wGh2Ea6bTTgzWXAH2V5WBnqv0plcohK0GxWMyfmQ9GLpfHHB7bHzcN+XCxLDui4zPUsRmISCTi r5hGYrDycfNlDff1aWAYO4888ggeeeSRiJOf/rq7u/HXv/4VX3/9NQKBAPx+P/7617/GE0LiAegE AgG6urpCeXl5DkKITSAQ2OPi4s7s37+fLmN3B+4oOFy8eHG0y0FR1H3ofvqtT548GU8++SSefPLJ iO3/8z//g0AggC+//BJdXV3s119/rQKgIoRwU8l/2dvbe5oQ0nrr1q162hQ1PCMKDtOnTwfQt2wg XTqQoiYO7rd/P3rsscfw2GOPYfbs2QCAmzdv4ssvv8Sf//xndHV1IRAIPAUgA0DG1KlT39Pr9Q2E kKqqqqqJOYXyMI0oOLz44osAgG+++WZMCkNR1P1n+vTp/G//QTB16lR+VmEAuHHjBr744gt8/vnn +OKLLyb39PSsBbB28+bNXT09PVWTJk2qrays9Ixroe9DI25WepC+JBRFUdOmTcO8efMwb948dHd3 4/PPP+cWo5oFwNDb22vYvHnzqd7e3gM3b95sNBqNQw+jmwBohzRFURPG5MmTkZCQwE86+fnnn+PS pUv48ssvlxBClrAsG8zNzTUKBILaqqoqx3iXdzzR4EBR1ITUP1CEQiFcvHgRn332mfD69ev5hJD8 zZs3XwqHw/sFAsHh6upq/9A5Plzo9BkURU14LMvi+eefx7p165CcnAyJRIKenp55AoGgXCAQfJmX l/f/ZWdn3/2cMA8QeuVAURT1LYFAwHdmf/311/iv//ovXL58eXJPT89qhmFW5ebmlt26dWv3RBgO S68cKIqiYpg5cyYWL16MdevWQS6XY9KkSZMA/G+WZa/k5uZuGDKDBxwNDhRFUYOYNm0aFi1ahHXr 1mHevHkghHwfgHHLli1nc3JyHtoFPmhwoCiKGoZp06ZhyZIlWLt2LeLj4xEOh386adKkNr1e/y8P 4zTkI+5zcDgcg87rT1HUw0UikQxrgsOJ4rHHHkNycjK+/vprnDlzBn/+85/XCwSC/ysvL++tWbNm vfuwTPw3ouDgcDhw8ODBsSoLRVH3MRogIs2cORMvv/wyOjs70dbW9kgoFCr96quvtmzatCn34MGD sVeneoCMKDhwVwzz5s3D/Pnzx6RAFEXdPy5evIhLly7R1oJBJCQkQCqVoq2tDZ2dnT8UCAQWvV7f 0t3drX///fdjrwn8ALijoazz589HamrqaJeFoqj7EJ1kc2gsy0Kj0WDOnDn45JNPEAwGlzIMczE3 N/d/V1dXvzve5bsTtEOaoihqlPzwhz9Eeno6nn32WRBCJgEo0+v1H27ZsiV6pan7HA0Ow6TRaAZ8 bNq0CVardbyLOO78fj9ee+01LFiwAM888wzWr18Pu91+1/mGw2EcPnwYGo0Gjz76KAQCASZPnowF Cxbg7bffRjAY5NOeOHECGo0m5jrWt5dVo9Fg27ZtUfu8Xi//2dLmFGqkJk+ejJ///Of4h3/4B0ye PBm9vb3phJD/zM3NTRzvso0EDQ7DZLVa4XQ6I7aFw2F4PB7U1NQMq0J6mPn9fixevBjl5eVQKBRI S0uD3W7H4sWL0djYeMf5+nw+LFq0CFlZWejs7IRWq4XBYEB+fj6CwSCKioqwcOFCvhJ/4YUXYLfb UV5ePmi+9fX1sFqtSEyM/r0ePnwYDocDVqsVtbW1d1x2qs/XX3+NL774Al1dXQgGg7hx48Z4F+me mD17NlavXo0ZM2agp6dnrkAgOLdp06Y1412u4aLTZ4yAQqFAa2tr1Han04nFixejsLAQGRkZAy5z +DDbtWsXXC4Xmpqa+OVPX3/9dSxYsAB6vR4rVqwY0RrcQF/wXbt2LRwOB4qLi1FSUhKRx549e/D2 22+jqKgIW7duxYcffgixWIy0tDSYTCbYbDaoVKqYeRuNRgiFQmRmZkbtq6mpgVKpRDAYREVFBbZv 3z7islMAAB8AeDweeDyeqJ2TJ0/umTJlCpk2bVoPwzBTpk+fLoiLi8P3vvc9TJkyBVOmTMG0adPA MAymT5+ORx555F6X/6499thjWLVqFWw2Gzo7O1mBQGDOy8v7f2fNmrXjfh/ySr/xo0ChUECn06Gi ogKnTp3CmjWRJwd2ux1CoTBq7Wan04lAIACxWDzous4+nw8ulwssy0KhUIBl2ag0oVAITqcToVAI iYmJA67TzP1QGYaBQqGAUBjdFBoMBuF0OhEOhyGTyYa1xrLf74dSqYxYF1soFEKlUsFoNMLr9Y54 He76+nrYbDZotVq89dZbMdPs2LEDFosFZrMZXq8XUqkUOp0OJpMJ9fX1MYNDR0cHHA4HcnJyot6/ 1WpFZ2cn8vPzAQAFBQU4efLksNf7pr5TXV1dlZeXJwLAX5719vbKuP93d3eLuru7RdevXwcA2VBN eFOnTsXjjz+OJ598Eo8//jieeOIJTJ06dYxKP3omT54MjUaDJ598Ev/xH/8BQsj/3dXV9SODwbD2 fg4QNDiMEu5qgWv/1mg0AACpVIq6ujoAQHl5OV599VWcOHEC+fn5EWdTcrkchw4dihhL7vP5sHXr VpjNZn6bSCRCWVkZsrOz+W3vvvsudu7ciUDgu7nA0tPTcejQIb7yCwQCWLduHSwWC5+GZVnk5ORg z549/Jnxm2++idLSUoRC3613olarceTIkQEDDgB88MEHMbd7PB6wLBtxNaXRaGC1WuF2uwcNGEaj EQBQUlIyYBoAeO+99xAMBiGVSgEAy5Ytg0wmg8lkinhvnMOHDwNAxDHkcM1Ia9asAcMwKCwsRGVl JQ0Od6iqqurt4abNycmRxsXFSQD8gBAiJYRIJk2aJO3t7ZUJBALZzZs3ZV6vF16vl3/O9OnTeyQS SdwTTzyBJ554At///vchEAjG4q3ctR//+MeYMWMGTp48ie7u7rSurq4P7+cAQYPDKAiHw2hoaAAA /OxnP+O3OxwOuFwuFBcXw+fzYdWqVbBarUhLS0NCQgIsFgvmz5+Ps2fPIj8/HxqNBu3t7UhMTEQ4 HMbq1avhcDhQVlaGVatWIRAIYNu2bcjJycH8+fOhUqmwd+9eFBYWIjU1FSUlJRCLxTh69CiKiorg 9/v5ZrDXXnsNVqsVRqMRS5YsQTAYxBtvvIGKigokJSUhMzMTJ0+ehMFgQE5ODrZv3w6WZXHixAkU FBRg06ZNOH78+LCOh9/vh8fjwb59+2C1WmEwGCLO0CUSCWQy2ZBNNTabDQkJCTH7BfqLddWl0+lg MBiizvrD4TDq6uogl8uRlBQ5LU4gEIDJZEJycjIfaFJSUtDU1ASPxzPiKx9qZGpqarwAvABiLrKz ZcsW4a1bt+STJk36GYBEgUCg/Oabb+TffPONkBtuGxcX1/P4448LJBLJJC5gTJs27d69iSHMmjUL KSkp+PjjjxEKhdK++uqrT7Zs2bJ0//79waGffW/R4DACPp8vqoOSq1CcTidSU1MjKqpgMIiGhgYs XbqU37Zu3TowDIOPP/6Yr4BkMhlmz56NhQsX4o033sCHH36IkydPwm63w2AwYPv27fzzP/zwQzz9 9NOor6+HUqmEwWCAQqHAsWPH+MqWS19YWIgTJ05gxYoVaG5uRmJiIjZs+G4yySNHjmDjxo18MxU3 smj79u18hfzKK68gGAzC7x/+WiebN2/mr3ZUKhXy8vIi9h85cmTIPDweD0KhEH+M+guFQjFHEYlE IohEIgB9VwU7d+6EyWSKCA4tLS3wer0oLCyMen59fT1CoRB0Oh2/TafToampCVVVVdi9e/eQ5abG zrcVqP3bBy87OzuBYZhnCSHqnp4etc/nU/T/fgiFQvLkk08KZs2ahR/96Efj3hQlkUiwcuVKNDU1 4caNG/8rLi6u5X4MEDQ4jIDL5YqoODgMwyArKwsHDhyI2r5kyRL+70AgALvdjrS0tKhKT6lUQqlU 8s0+zc3NABDVfyGRSHDt2jWwLIuWlhYEAgGo1eqIS22grx+Ey2fFihVQKpUwm81Yu3YttFotli5d CpFIFFFRcwFh7dq10Ov1WLZsGRISErBjx46RHCbs2LEDr7/+Os6cOYPCwkIsWLAAbW1to3bmbbfb +Wa7/gwGA98EJZVKkZycDLPZjAMHDvBXLkajESzLDtgRLRQKI475ihUrIBaLYTQaUVJSErO/hxpf 396F3AmgEQB0Op1o8uTJSwEkCwQCdTAYTAwGg7hy5Qra2tqITCYTJCYm4qmnnhq3MotEIqSmpvYP EP+p0+n+1/20TgQNDiOgUCiwZ8+eiG1CoRCJiYkxO3alUmlE0wnXJ5CQEHtBqYSEBDgcjoi0sZpU uAqKCwjl5eUDDt3k8nnvvffg9XphNpthNpvBMAySkpKg1WqRl5cHhmGQkZEBm82GyspKvkM2ISEB aWlp2L59+6B9Dv1x/SYKhQJSqRSpqanYtWvXiObl4o7d7UEP6LvSMhgM/N8ej4fvn+gvJycHFosF jY2NyMzM5K/k0tLSokaUcZ3UIpEIy5cvj9gXDofh9/vR2NiIjIyMYb8Hanx8W8Ee/faBLVu2SMLh 8DIAaT09PSlXrlxhr1y5gkceeaQnMTExbt68eTF/v2NNJBJh9erV+Pd//3cEAoG506ZNO2EwGJbc L30QNDiMgEgkglqtvut8wuHYn33/TuD+24b64hYVFWHZsmUx93EVukQiQVtbGzo6OnDixAlYrVZY rVbYbDY4HA4cOnQIQF8QKSkpwYkTJ9Dc3AyLxYKysjLU1dXhwoULfLPNcHFNOlzQGy4ueNlstqj2 fplMFtFJzfWl3G7VqlX8WX9mZibfbHR7MxcAvP/++wCA5OTkqOMtkUhgMplQWVlJg8MDaP/+/T4A tQBqt2zZIuzu7l4lEAjSr1+/nnL27Nm4s2fPYtasWd0//vGPJ8+ePRtxcXH3rGyPPPIIXn75ZRw7 dgw3btz4+V/+8hcjgKx7VoBB0OBwD0kkErAsG3UzHcfpdPLNTdy/LpcrajbMTZs2QSQSYdWqVfy2 24NWIBDAJ598ApZlEQ6HYbfbwbIslEol5HI5duzYgUAggEWLFqGurg6HDh2Cy+XClStXsGLFCmzY sAEbNmxAOBzG1q1bUVlZiZMnT8asHMPhMJ555hkkJCTgo48+itjHjd66k3s/cnJyYLPZ8Nprr+HD Dz8c8fMZhoFOp0N5eTl8Ph+MRiNkMlnUsQqFQqirq4NUKh3wdTo7O2G1WtHR0THosGPq/vZtu/5h AIf7BQpdV1eXuqurC1OmTAnPnTuXmTdv3j27X+mRRx7hBz50d3dn5ubmXqyuro49dvseondI30Ms yyIlJYU/a++vtrYWHo+Hn9CQO+Peu3dvRDqn04mamhoEg0EkJSVBIpGgpqYmqoN2165dSE1NxalT pxAOh7F8+XJs2rQp4qqF68Dlmqm453R2fjeRJMMw/Fn7QFcwDMNAIpGgubkZHR0dEfvefbdvzrH+ EzX6fD54PJ4Br6A4mZmZUKvVMJvN2LRpU8RQXU5LSws/BUas0U9cgNu3bx9sNhv0en1UmhMnTsDv 9yMra+ATNq6vqaqqatAyUw+O/fv3Bw8ePHi4urr6JQCzBAJB0a1bt3yfffYZjh07hg8//JB0dHTE vKIfbWKxGBqNhhuG+//k5eWN+yWqAAByc3NLABhWrlw56GyrTU1NOH78OIZK9zASCARQq9Ux75CO RaPRwOPxwO12R2z3eDxYtGgRgsEg8vPzkZiYCIfDgcrKSiQkJOD06dP8GcumTZtQU1OD1NRUpKWl IRAIoKysDAD4Dt4TJ04gLS0NEokEer0eUqkUzc3NqKurg0qlQmtrKxiGwZtvvgmDwYDk5GSkp6eD YRj+5rHi4mK89dZbcDqdWLhwIaRSKfLz8yEWi+FyuVBRUQGZTIZz584NOPzU4XBAo9FAKBSisLAQ YrE4ohwff/wxH4SGe58D0BdI1q9fj+bmZrAsC7VaDYlEglAoBIfDgc7OTjAMA71ej927d8cMYIsW LeKbtb744ouovpPly5fDYrHg/PnzA14VBAIBzJo1CyzLoqura8J0TA/3N8+lA2Corq5+854VcJQZ DAbmz3/+8yqBQFAAQAUAcXFx5Ic//KFg4cKFeOyxx8b09T/99FP88Y9/hEAg6CaE/LK6uto2pi84 iDgA+NnPfqYGoJ4/fz7mzZs3YOJLly7h0qVLGCrdw+jUqVNQKBRISUkZVvpPP/0UIpEI6enpEdu5 bV1dXfjXf/1XmEwm/J//83/wz//8zzh06FDEpezLL7+MmTNn4ne/+x1+85vf4A9/+AN/Q9qPfvQj AH1ra/zyl7/ExYsX8S//8i8wm834y1/+Ar1ej4MHD/KVmFqtxowZM/D73/8eRqMRv/3tb9Hb2wuD wcCPRpJIJHjxxRdx9uxZ1NXVwWw2w+Vy8TfUTZ8+fcD3+9RTT+Hll1/GZ599ht/85jcwm8345ptv kJ+fH1EO7tiwLAutVjtkf4pQKMSvfvUrLFiwAH6/H3a7HXa7HR0dHfj+97+PX/3qV6iqqoJOp8OU KVNi5jFjxgz4fD784z/+Y9TnEQwGceTIEfz85z+PeVXBYVkW169fRzgcRnx8PH/8H3bD/c1z6QBY z549e+qeFXCUWa3W3v/8z/+8cPbs2UM//elPGwUCAUMIeTYQCDCfffYZ6e3tFYjF4jGbTkUikeDv f/87/H5/HMMwK5999tmDTqdz7C9dYqBXDhRFDWiiXTnE8u1opx0A9ABYlmV7XnjhhbixOkEmhKCh oQF+vx8Mwxzev3//uHRQ0z4HiqKoQezfv99XXV29jWGYeIFAYAyFQuTUqVNoaGgIf/XVV6P+egKB ABqNBnFxcQiHw5m5ubnjMnfLHV0bXbx4cbTLQVHUfYj+1r/z7ZDYjdnZ2bsmTZq0++rVq+m//e1v MXfu3FsvvPDClNGcpkMkEkGpVOLMmTOIi4v719zc3DnV1dXDn6ZgFIwoOHBtzv3aFymKmgAG62+a aL69I3vtpk2bFAKB4J3Lly8nezye7gULFkz+yU9+MmoT/z333HPweDz46quvpjMM8xsA/zgqGQ/T iILDiy++CAD45ptvxqQwFEXdf6ZPn87/9qnvHDx40AngpU2bNmV2d3eX//GPfxRfuHCh5xe/+EXc 008/fdf5CwQC/PKXv4TZbEZ3d/fKvLy8VVVVVXe+ctYIjbhZiX5JKIqivnPw4MHDubm5JwHsuXbt WpbFYoFUKsXPf/7zux76KhQK8dOf/pRrXtpnMBhO3KvpNWiHNEVR1F2qrq72V1dXrweQCsDj9Xrx b//2b+RPf/rTXef97LPP4rHHHkM4HP7Bl19+GT1j5BihwYGiKGqUVFdXn2AY5jkAFQAEZ86cwe9/ /3t0d3ffcZ5xcXH8LMsMw+wyGAz3ZNojGhwoiqJG0f79+4PV1dVbBQJBGoDglStX0NDQQGJN/zJc c+fOvedXDzQ4UBRFjYGqqqrGnp6eBQA6AoGA4NixY+T26XSGSyAQ8FcPcXFxe3Q63ZjP30KDA0VR 1Bh5//33OxmGWQSgLhwOC5qbm3HmzBkQQkac19y5czFz5kz09PTMmDJlyoahn3F3aHCgKIoaQ982 M60HkA8g/Kc//QktLS0jDhACgQA/+clPAACTJ08eeCKwUUKDwwTW2dmJ2tpa2GxDT/xYW1uLo0eP DpnOZrOhtrY25hrPFDWRVVdX75s0adJLAIJut/uOAgS3GFF3d7ciOzs79pKSo4QGhwnsk08+gU6n 41dBG4xOp0NhYeGQ6d5//33odDq4XK7RKCJFPVQqKyutAJYD8Lvdbm6Bn2E/f/LkyYiPjwcAMAyz fkwK+S0aHCawOXPmQKfTQaVSDZlWp9NFTXcdi0qlgk6nG/Z60xQ10Xy7RsNiAD6fz4ePPvqIjCRA cGvQT548edPYlLAPDQ4TmEqlwqFDh5CdnT1k2kOHDuGdd94ZMl12djYOHTqExMTE0SgiRT2Uqqur XQA0AHxfffWVoKGhgdy8eXNYz5VKpZg2bRpu3bo1KycnJ2msykiDA0VR1Diorq529fb2LgTgCgQC gt9c2o2QAAAgAElEQVT97ndkOH0QAoEAc+bMAQBMmTJFO1blo8GBoihqnNTU1Hh7e3tfQl8Tk+AP f/jDsJ7HLa87adKkMVt1jQYHiqKocVRTU+MVCAQrAQQvXbqEc+fODfkcbjnh7u7u+LG6IY4GB4qi qHFWVVXlEAgEWQDCDocD//3f/z1o+smTJ2PmzJkghEyaMmWKcizKRIMDRVHUfaCqqqpRIBAUA4DV au0d6l6hxx9/HABACPnZWJRnxLP7ORwOeoMTRU0gEokESuWYnJxSt6mqqno7Nzc3oaenJ6elpaUn PT09burUqTHTPvHEE3C5XJg6deoyAHtHuywjCg4OhwMHDx4c7TJQFPUAoAHi3njqqac2f/nll4q/ //3vSrvdjiVLlsRMx/U79Pb2jv+VA3fFMG/ePMyfP38sykNR1H3k4sWLuHTpEm0tuIcMBkM4Nzd3 PYBzly5dYuPj4/HDH/4wKt3MmTMBAOFw+ImxKMcdLRoxf/58pKaO2QgqiqLuI5cuXRrvIkw41dXV rtzc3GIAZVarteef/umf4lg2elDStGnTcOPGDWzZskWyf//+UY3gtEOaoijqPvTUU0/tFQgE9ps3 b8bZbLaYd8fFxcUBAHp7e0d9OOs9WW7uYeDxeAbcJ5FIECuqU6PL4/HgzJkzCIVCAPrW1r29HTwQ CCAQCEAkEkEkEg2ZH8MwkEqlMfcB391sRFH3msFgCOv1+nWEkPNut1v4+eefY/bs2RFpHn30UQSD QQCQAfCM5uvTK4dhio+PH/AxY8YMbNy4kfuQqFFmt9uh0WgQHx8PrVYLnU4HnU6HhQsXYu7cuThx 4gSf9syZM4iPj8fWrVsHzdPpdCI+Ph5vvPFG1D6r1cp/tna7fdTfD0UNV2VlpQeAAQDa2tp6bp9e g7ty6OnpiT2k6S7Q4DACiYmJMBqNEY/S0lIoFAoYjUasXbt2vIv40GlsbMTixYvhcDhQXFyM9vZ2 uN1unD9/HmVlZQgEAkhLS8PJkycBAEuXLoVUKoXZbB40WNfW1gIANmyIXlCrtrYWUqkUQqEQe/eO +ghBihqRW7du7QPQee3atbjLly9H7Pve974HABAIBKM+DTJtVhoBiUQSszLZvn07Fi5cCIvFAqfT ya/1St0dn88HnU4HoVCItra2qJle5XI5VqxYgQULFiA/Px+XL18GwzDIycmBwWBAY2MjMjOj12IP h8Ooq6tDYmIi1Gp1xL5gMAiTyQStVovw/8/evcdFVef/A3+ductFMQiRYB0VUUmKwhRcShRTU1wp Wy9pX6dkBiTz8rObu7VNm6vuppt9LYRBtiEvqUlhWCpfXTFJzEDZvKKgKBMgQowycpvL5/cHzllG RkBluOj7+XjwUGY+55zPDHBecz63YzJhx44dqKio4IcNEtLRtFptnUqlWg5Ae+zYMeOgQYPEHMcB ACQSCQCAMdZyG+pdoHBoByKRCJGRkcjLy8N//vMfBAUF8Z9Mf//732PNmjUQiUR47bXX+BPcd999 hz179sBgMMDNzQ3Tpk2ze1+FsrIyJCcno6CgACKRCOHh4ZgxYwZEov/+6EwmEzZv3oysrCyYTCbI 5XLExMQ0u6dCQUEBNm/ezLenDx8+HLNnz7ZpmzcYDNi8eTPfnCKXyzFt2jQMGzasxfdg586dKCoq wmuvvYbNmzcjMzMTQOOy4HPnzrWpb0pKCoqKirBo0aIW+wU++eQT6PV6JCQk3HYJ8CFDhiA6OhpZ WVnQ6XTw8fHB3LlzoVarodVq7YbDd999h4qKCrzzzjvNntu8eTPq6uoQFRUFkUiETZs2ISUlBUuX Lm3x9RPiSN7e3ptLSkrera6u9jt//jz8/f0BANYJchzHtXs4AABUKtX7KpWKpaens5akp6eztpS7 HwFg4eHht31+wYIFDADbsWMHY4yx8PBwFhQUxHx8fBgABoBt3bqVGY1GNnPmTAaA+fj4sPDwcObh 4cEAsDfeeMNmnzt27GAymYzJZDIWFhbGgoKCGAAWFhbGamtrGWOMlZaW8o8HBQWx8PBw5uLiwlxc XNiePXv4fR04cIDJZDLm4eHBwsPDWUhICBOJRMzHx4eVlpYyxhirqqpiQ4YMYSKRiIWEhLDw8HDm 5ubGRCIR/7puR6FQMB8fHzZu3Dgmk8lYSEgIc3NzYwDYuHHjbMqGh4czAOzixYst7nPIkCFMJpOx 6urqFsvZM3HiRCYSifjX1lRUVNRtnwsJCWEeHh6straWGY1G5uXlxeRy+R0f/37R1r95azmVSvW+ Q05SBCqVaq5KpWILFy40HTlyhP38888sMTHRYe879Tm0g5ycHGzatAkymcxmNmNeXh6GDx+O8+fP Izs7G1OnTsXf/vY3bN26FYsXL8bFixdx4MABFBcX48UXX8Tq1auxefNmAP9tUvHx8cH58+dx6NAh HD9+HKtWrUJWVhYSExMBAK+//jpOnjyJrVu34vjx4zhw4ADOnz8PPz8/zJw5E3q9HgDw3nvvwcvL iz9mdnY2duzYAZ1Oh88++wxA46fms2fPYteuXcjOzsaBAwdw5swZeHh42P2UfSudToe6ujqUlpYi OzsbpaWlGDduHPbt22fTsatQKKBWq1u8ajAYDDh79iyGDRsGFxeXO/6ZKBQKmEwmbNu2zebxiooK 7Nq1C1FRUc2urE6ePIkjR45g5syZkMlkEIlEmDNnDoqKivg+DUI6i7e392YAeXV1dcKOmHtCzUp3 IC8vD2PGjLF5rKKiAidPngQAJCQkNGub/vjjjyGXy/lb+3366aeQy+X46KOP+KYWmUyGpKQk7Nmz B2vXrsXs2bORmpoKg8GAVatW2Qy1XLp0Kc6ePQsvLy/odDrs2LEDM2fOxIwZM/gyXl5eWL58OSIj I7F582a89tprqKioQF1dHfR6PX+ynTp1Kvbt24fHH38cAPggsQ4Vte7rwIEDMJlMbXqPVq5cyZ/0 ZTIZoqOjsW/fPuTn5yMkpPGmVfb6bW5VUVEBAHaDoaioiG+2a2r06NF8H8LUqVPh4eGBTZs2YdGi RXyZbdu2wWQyITo6utn29jqpZ8+ejdWrV+PTTz/FhAkTWq03IY6iVqtNSqVyNcdxm/Lz8+uHDh3a 7iOUmqJwuAN1dXXN5ju4ublBoVBg7ty5zTo3PTw8bMbJ63Q6VFRUIDIy0qYN3rqfsLAw7NmzB0Bj EAGNfRZNiUQifP755wCA1NRUAI0n0g8++MCmnPVEn5OTA6Dxk/Q777yDQYMGISwsDBMnTsTUqVMR ERHBbzN16lSo1WpERUVh2LBhiIyMxIQJExAWFtasvrdza2d8nz592rTdrazzRuyFUlFREdRqdbPH 1Wo1/zOQyWSYM2cO1q5di4KCAj6ctVotfHx8mp3oTSYTtFot5HI5PDw8+J+zm5sb/Pz8sGfPHr5P g5DOIhaLd5pMprqrV6/Krl275tBjUbPSHQgJCcHFixdtvo4fP47PP/+8WTAAzT/1Wk90t5tY1bSZ w1r21qaPpqxDNfPy8poNsU1LS+NPdADw9ttvQ6vVYvjw4di3bx/eeOMNDBo0CE899RTOnj0LoHH0 T3Z2Nl588UUUFRVh1apVGDNmDPr27Yvk5OQ2vUd30wRkj5eXF9zc3HDy5MlmAXHrz2Hr1q1292G9 N7b1iuDkyZPIycmxe9Wwc+dOVFRUoKioqNk8loKCAphMJr4pj5DOEh8fbwCwAwAKCwsdeiwKhw5k /fRdUFBg93nrjN2mZe0teGZt27d+ul6+fHmz0LJ+ffTRR/x2c+fOxaFDh1BVVcUP18zJycHzzz/P lxk+fDi++uorXL16FQcOHMC7777LN8NYm886SmRkJPR6vc0kN6DxqkAul/Nft7s6GTZsGEJCQvjw SElJgUgk4kOjKa1WCwDYtWsXDhw4YPO1Z88eyGQybNiwoc3Na4Q4CmNsEwDk5+fXO/I4FA4dyMfH Bz4+PvyQ06b0ej1ycnL4ZhnrvwcPHrQpZzKZEBoaiqeffhrBwY0r9VqboprKy8vD888/z/ddvPLK K1izZg2AxqaSGTNm4Msvv8TEiRP5K4c1a9bwQSGTyRAeHo4PP/wQq1atAgDk5ua211vRJkuXLoVI JMLixYtbXBX00qVLt31OoVCgoKAAWVlZ2Lp1K8aNG9esaUin02HPnj0IDw/H5MmTER4ebvM1YcIE REVFoaysDDt37my310fI3XjkkUf2AygzGAzSK1euOOw4FA4dLDY2FkVFRXjzzTf5gKirq4NSqYTB YMCCBQsAADNmzICbmxveffdd6HQ6fvu///3v0Ol0UCgU8PPzQ2RkJNLS0myaPPR6PZRKJdLS0jBw 4EC4uLjgyJEjWL58uc2nf51Oh7y8PH4OQV1dHdLS0vjRS0BjGO3btw8A+DC6VykpKfjggw/4fpHb CQoKwurVq1FUVITAwEB88skn/HtRV1eH/fv3Y9asWVAoFBCJRHbnQsyePRsymQzLli2DTqez26S0 efNmmEwmzJkz57Z1sW6XkJBwJy+VkHanVqtNALYCwK+//urYg9E8h9ahlXkOtwoPD7c7Pt5oNLI5 c+YwAMzLy8tmnsM777xjU3bXrl3MxcWFn+fg5+fHALCZM2cyo9HIGLOd5+Dn58fPcxCJRGzt2rX8 vrKzs/nHQ0JCWFhYGJPJZMzFxYUdOnSIMcZYdXU1v68hQ4aw8PBw5uXlZbdut1IoFAxAs8cPHDjA ADCtVmvz3qAN8xysNm3axNfD3ld4eDjLzs5utW5eXl78+9aUXC5nMpmMVVVVtVgPuVzOALAzZ860 qd73A5rn0DXFxsaG33y/Hfa+02ilNtJqtS12Dt/qnXfesbu2j0gkwsaNGxETE8N3goaFhWHatGnN RvpMnjwZ58+fx+bNm3Hy5EkEBQVh4sSJmDx5Ml/Gy8sLP//8M1JTU5GVlQWDwYDw8PBms5pDQkJs 9gUAUVFRmD17Nv+6rMtUpKam4siRIzAYDAgLC8PkyZP5Yai3M2/ePLud8tb1qJqOunrnnXegUCja vCTF7NmzMW3aNOzfvx+ZmZn8MNdhw4YhIiKi1eVK3n//fYSHh6Nfv37NRl0ZDAao1Wp4eHi0uorr xo0bHd4JSEhbCASCHIvF4tBjcEDjlQMA9ZQpU1q8ic+uXbuQnp6O1soRQu4Pbf2bt5YDoNZoNB/c tiBpFwqFQiaRSEoBWD/RtPv7Tn0OhBDSzUil0gn4bzA4xF01K+Xn57d3PQghXRD9rXdNFotljnVl Vke5o3Do2bMngMZ7ytJ9ZQl5cFj/9knni4uLczGZTA5v17+jcHjmmWcAANevX3dIZQghXU/Pnj35 v33S+cxm8wwAsqFDh+LMmTMOO84dNyvRLwkhhHQea5PSyJEj8euvvzrswzp1SBNCSDcRHR3tw3Fc uFgsxpNPPgmxWOywY1E4EEJINyEUCmcDwJNPPgmpVAp3d3eHHYvCgRBCugGFQiFjjC0AgKeeegoA 6MqBEEIedGKx+M8AfPr164fAwEAAQK9evRx2PAoHQgjp4mJjY+Ucx70BADNnzuQfFwj4U3jztXru EYUDIYR0cRaLZSUA2ciRIzFgwAD+8ZqaGgAAY6yovY9J4UAIIV1YbGxsOICZEomEvfjiizbPWZe9 Z4y1+9rdFA6EENJFqdVqkcViWQcAzz33HHfrTPWqqirrf3VoZxQOhBDSRZWUlMwDMMzT0xPPPvus zXMWiwVVVVXgOI5t2LCBwoEQQh4ECoXCDcByAHj++eebDVu1XjU4Ozu3e2c0QOFACCFdkkQiWQ/A Y+jQoXjyySebPV9ZWQkA6NGjR6Ujjk/hQAghXYxKpfozbnZCNx262pT1ykEikZQ5og4UDoQQ0oXE xMRMBbBcIBBApVJxt7s9sfXKwWw2n3JEPSgcCCGki1AqlUGMsc1A4z3erTOh7bFeOZSXl+c6oi4U DoQQ0gXExcV5cRz3DQDnUaNGYcKECS2Wt85xsFgslx1RHwoHQgjpZGq1WmQymb4CIPfz88PLL7/c Ynmj0YiCggIAgNlsdsi9XCkcCCGkk5WWliYBCOvduzdiYmKarplk1+nTp1FTUwNnZ+eLycnJBY6o E4UDIYR0opiYmLcZYwqpVIrXXnutTffrPnLkCABALBZ/7qh6UTgQQkgnUalU7zPGVgHAvHnz4Ovr 2+o29fX1OHHiBADgt99+c1g43PE9pAkhhNwbtVotKikpWQ8gWiAQYM6cOXj88cfbtO2xY8dgNBrx 0EMPnVy1alW7L5thReFACCEdKC4uzqW0tPRLAJFSqRRKpbLFIau3+umnnwAA9fX16x1URQAUDoQQ 0mHi4uK8zGbzN4yxkJ49e2L+/Pk292dozfXr15Gfnw+hUGi+cePGdgdW1TYcSkpKsGvXLkcejxBy HyopKensKnR5KpVqiNlsTmOMDfby8sL8+fNxu9nPt/Pzzz/DYrGgd+/eP/3973+vcFBVAdwSDrm5 ucjNdchkO0IIeWBFR0eHAEhjjPXp168fFixY0KZRSbfKyckBANy4ceOzdq5iM82alfr27Qtvb29H H5cQcp8oKSlBaWlpZ1ejy1KpVJMBbAPg/OijjyImJgZSqfSO91NWVoYLFy5AIBDUGQyGr9u9ordo Fg7e3t4IDg529HEJIfcRCofmFAqFm1Qq/ZgxpgCAUaNG4eWXX251gtvtNGny36LVauvap5a3Rx3S hBDSzlQq1WSO4xIZY49IpVK88MILCA8Pv+v9nTp1Cj///DMEAkGdyWR6v/1qensUDoQQ0k6aXi0w xuDv7w+FQgF3d/e73qfRaMTWrVsBABzH/dURtwS1h8KBEELaQXtfLVjt3bsX5eXlcHJy0rm5uX10 7zVtGwoHQgi5B7deLfj5+eHVV1+9p6sFq/LycuzZswcAUFNTM2vt2rWme95pG1E4EELIXVIqldME AsEnjLFHxGIxpk6dioiIiLvudL7V1q1bYTQa4ezsvOPjjz/OapedthGFAyGk24mLi3Mxm80jExMT 93fG8WNiYqYyxtQAghhjGDBgAObOnXvHk9pacuzYMZw6dQpisbj2xo0b89ttx21E4UAI6VYUCoUb gFzG2AClUjknKSlpc0cd2xoKjLEgAOjZsycmT56MZ555pt2uFoDGlVe3b29cHcNoNC7RaDQOnQ1t D4UDIaTbiIuLc+E4bq/RaBwAABzH+XXEce2FwsSJE/HMM89ALBa3+/G+//57VFVVQSqV/sfd3T25 3Q/QBhQOhJBuIS4uzsVisWRYLJYRHXXMjg4FoLE5KSMjAwDMDQ0N0Wq1usM6oZuicCCEdHlqtVpU VlaWYbFYQnv27InHHnsMWVmO6Z9VKBQysVg8meO4dzsyFACgoKAAWq0WFosFAD5MTEzMcdjBWkHh QAjp0m7eGGcrgNCePXti6dKl/AJ07UmlUoUBmMtx3B8ZY72AjgsFoHHtpM8++wz19fUQCATxCQkJ Hzj0gK2gcCCEdFlqtVr066+/fslx3DRrMLTniCCVSjWEMTab4zgFAB8AYIyhX79+GDVqFH7/+987 PBQAoKqqCmvWrEFNTQ2EQmFanz59Fjn8oK2gcCCEdFklJSUbOY57USqVYsGCBe0SDHFxcV5Go3HG zUAI4jgOAODu7o6RI0di5MiR7RpArTEYDFi7di2uX78OiUSSYzAYZnVWP0NTFA6EkC5JpVJ9DGCm VCrFwoUL0a9fv7veV3R0tA/HcaM5jptjMpme5ThOCAAuLi4ICgpCaGgo/Pw6ZOCTjfr6eqxfvx5l ZWWQSCQXLBbLmI5YcbUtKBwIIV3OzWBYbA2GOz1xq1SqIRzH/R5AGGMsHIDc+pxYLMajjz6KUaNG ISAgoEOajeyxWCzYsGEDCgoKIJFIdBaL5ffx8fGGTqmMHRQOhJAuRaVSrQSwWCAQQKlUtikYlEpl EIDRHMeFAwgB4MUY4593cnKCn58fgoKC8MQTT8DJyclBtW+7jRs34pdffoFQKPytoaHhWY1GU9bZ dWqKwoEQ0mUolcpFAN6xBkNgYGBrm0SrVKo3ALg0fbBnz54YPHgw+vfvD39/f/j6+jqqynfMYrFg +/btOHz4MAQCQa3RaJy8YcOGs51dr1tROBBCugSlUrmI47i11mB48sknb1u2yf2XfQDA09MTfn5+ 8Pf3x8CBA+Hp6dkBNb5z169fx7/+9S+cOXMGAMyMsSkbNmw40tn1sofCgRDS6VQqVQyAtQAwa9as FoMBAJ555hkAjc1F/v7+TcOiy7p06RLWr1+PqqoqCASCqyaT6Q9dNRgACgdCSCdTKpXTAHwKANOn T+dP/K1pa7mu4Mcff8SmTZtgsVggEAgOCQSC6Rs2bOhSfQy3onAghHQapVI5jeO4rQBE06dPR0RE RGdXqV0ZjUZs2bIFhw8fBgAIBIL/9fLyWtoV5jG0hsKBENIpVCrVZABbAYgmTpx43wVDVVUV1q9f j0uXLkEgENSZzebohISEDlte/F5ROBBCOtzNdYy2AhBFRETg+eef7+wqtauzZ88iKSkJBoMBYrG4 2Gw2T0pKSjrZ2fW6ExQOhJAOdTMYdgNwiYiIwPTp0zu7Su1q7969SEtLg8ViAcdx3924cWOOVqvV d3a97hSFAyGkw8TExAxnjO0G4PLUU0/dV8Fw7tw5bN++HcXFxQBgRuOS2526suq9oHAghHSImyug pgNwefLJJ/Hqq692dpXaRXl5Ob755hscO3YMAMBx3GWLxaJKSkra28lVuycUDoQQh1OpVEMAHADg 9eSTT0KpVLbrPZc7Q01NDXbv3o19+/bBYrFAKBQazGbzqvr6+jVdZfG8e0HhQAhxqNjYWLnFYjkA wMvPz48plUquOweDxWLBDz/8gJ07d6KmpgYcx1kEAoGW47g/d7X1ke4FhQMhxGHi4uK8TCbTbtwM hoULF3brYDhx4gR27NiBsrLGDBAKhZmMsdcTEhK61UiktqBwIIQ4hEql8jCZTAcADBk4cKB54cKF QqlU2tnVuislJSXYvn27dU0kiESiC0ajMW79+vXdul+hJRQOhBBHmQtgiEAggEKh6HbBYLFYcOrU KRw+fBh5eXnWpS+qLBbLe56enondYZbzvaBwIIQ4hEAgSLVYLAssFov8s88+w9KlS7vFAnmVlZXI zs5GVlYWqqqqAAAcx9VzHLeurq7ub91xzsLdoHAghDhEQkJCUVxcXKjJZDpQVlY25MMPP8TSpUs7 9P7MbWWxWJCXl4esrCycOnWKf1wgEJy3WCyJjLEUjUZT0YlV7HAUDoQQh4mPjy+Li4t7ymQy7b5+ /XrYmjVrEBMT0yn3a7anrKwMP/74Iw4fPgyDofEOnQKBwMhx3Faz2axJSEjI6uQqdhoKB0KIQ8XH xxvi4uKeM5lMG69fvx71ySefsNjYWO7RRx/tlPoYjUbk5OQgKysLBQUF/OMikegXk8mkqaur2/yg NB21hMKBEOJw8fHxBrVa/cfS0tKkhoYGxaefftrq3d7ai8ViQVFREc6fP4+CggLk5+ejvr4eACAU Cg0mk2mTQCBIjo+Pz3F4ZboRCgdCSIe4ObrnFZVKpbdYLIsTExPhiHs4NA2D/Px8FBQU8GFgxXHc j4yxpNra2m33w2xmR6BwIIR0KI1Gs0SpVBZxHLd2+/btuH79+j0t2d2WMLg5LyFDIBBkCoXCg/Hx 8ffNTGZHoXAghHS4pKSkT5RKZQXHcdo9e/aIampqMGvWrDtab2n//v04deqU3TCQSqXFZrM5w2w2 /x+Fwd2hcCCEdIqkpKTNMTExBsbY5h9++MHZYDDg1VdfhVgsbnXbH374Adu3b+e/v/XKYN26dRQG 94jCgRDSaRITE3eqVKqJANKPHTvmdv36dSxcuBCtzaa+fv06AIDjOK1QKFxGVwbtr/uugEUIuS9o NJosAKEAygoKCvDRRx/xJ//WMMaKKBgcg8KBENLpNBrNWYFAEArgbHFxMdasWcOvfEo6B4UDIaRL SEhIKBKJRGM4jjtSVlaGNWvWoKSkpLOr9cCicCCEdBnx8fFlQqHwWcZY5vXr17Fy5UrWdBYz6TgU DoSQLiU+Pt7wyCOPPMsY29HQ0MB9/PHHzHp/ZtJxKBwIIV2OWq02PfLII7MArDWZTFxSUhJ+/PHH zq7WA4XCgRDSJanVapNGo1kCQG2xWPDFF19g79779sZrXQ6FAyGkS9NoNB8AWADA9PXXX9tMfiOO 0+0mwZ07dw67d+9Gfn4+dDod3NzcMHDgQERERCAsLKyzq2ejsrIS7u7uLZZJSUlBUVFRs8clEgm8 vb3x1FNPISAggH/84MGDyMzMxNy5cyGXy9u5xvbl5eVh586dDjvmzp07kZeXh/fff7/N2xw9ehS7 d++GXC7H3Llz7+h41vdw0aJFcHNzu205vV6PTz75BOHh4Rg9evQdHYO0L41G85lSqSzjOG7r/v37 RU5OTp1dpftetwkHs9mMlStXIi0tDUKhEIMHD0bfvn1hNpuxd+9epKenY8SIEVi9ejW6wi/OypUr UVxcjPj4+BbLHT58GLm5uS2Wefnll7Fo0SIAQH5+PtLT0xEZGdlh4aDT6Rx6zLy8PKSnp99ROGi1 Whw9ehRCoRCRkZGthnBT1vdQqVS2GA41NTVIT09H3759KRy6gKSkpNTY2NhnLRZLek1NjUtn1+d+ 122alZYvX460tDQ8/fTT+Oabb/DFF18gMTERGzZswN69exEVFYWjR4/ik08+6eyqAgBSU1NhNpvb XP7bb79FTk6OzdeGDRvg6+uLjRs3thogjhQaGorExET4+/t3Wh2aKikpwdGjRzFp0iSYzWakpqZ2 dpVIB0lISMjkOG4MAOsMuQfq1p0dqVuEQ25uLtLT0xEYGIjVq1fD29vb5nlXV1csW7YM/v7+SEtL g15/bzdxqq6ubtM+ysvL0dDQcE/HaklQUBDmz58PAMjIyLBbpqamBpWVlfd8LLPZjJKSEruB5pb1 Y08AACAASURBVO7ujuDgYLi6utrdti3vQ3V1NcrLy++5ngCwa9cuAMCcOXMgl8uRlpbWahBXVla2 6WdVU1PT5t+f273vbf2ZVFZWoqampsUy1dXV7fLzvZ8kJibm3JxNHevt7Z3Y2fW5X3WLZqWdO3cC ABYtWgShUGi3jFAoxOLFi6HT6fgy//73v7F27Vr87W9/Q2BgIF+2vLwc0dHRiIiI4JtrgMYTsEaj 4fsAPD09ER0djRdeeIEvU1NTg3/+85/IyMjg/7ADAgIwf/58hIaG4sSJE/jzn/8MADhx4gT+8Ic/ YPHixRg7duxdvXZrM86tJzadTofk5GQcPXqUr+vixYsxfvx4AEB0dDQaGhrwxRdfNNtnXFwcRCIR /vd//xeVlZVYuXIlDh8+jIaGBgiFQgQHB2PBggV8X4e997GmpgYJCQn4/vvv+ZPpiBEj8NZbb9nU OTk5Genp6XwwSCQSjBo1CsuWLbujpqCm0tLSIJfL4e/vjylTpmDdunXIysqy2/Szc+dOJCYmory8 HBKJBFOmTLHb7FhYWIg1a9bw72dAQADmzZtnU8b6ezN//nzs3r0bhw8fhru7Oz7//HN4e3vj6NGj +PTTT3H69GkAgJubG1566SXMnTuX/500m8349NNPkZ6ezr9vcrkcCoUCkZGR/LGysrKwbt06FBYW Amj8ADRlyhTExsZ2iWbTzpaQkFAEgILBgbpFOBw6dAhubm4ICgpqsdyIESMwYsQI/vuamhqUlJQ0 O7GaTCaUlJTYfEL8+uuvsWLFCgQGBmLFihWQSqVIS0vDihUroNfr8eqrrwIAPvjgA2RmZmLevHkI DAxEZWUlkpOTsXjxYmzbtg3u7u6IjIyERqOBh4cHIiMj4ePjc9evPS8vDwCanUhXrFiBUaNG4b33 3kN1dTU2btyI9957jz9pBgcH8+HR9D05d+4cjh49itdffx0AsGTJEhQXF+P111+Hv78/zp07h+Tk ZLz22mv49ttv4erq2ux9NJvNWLJkCXJzczF9+nSMGjUKJSUl0Gg0iImJwZYtW+Du7g61Wo2MjAxM nz4dw4cPh8lkQmZmJh+srfXH2JOdnY3y8nK+/s899xzi4+ORmpraLBya/kwXL16M2tpaaLXaZp/E y8vLERMTA7PZjNdffx1yuRx79+7Fe++9Z1PO+nuj0WhQU1OD8ePHo7y8HN7e3sjKysLSpUvh6+sL tVoNNzc3ZGZmIj4+HkVFRfjrX/8KAFi/fj02btyIl156CSNGjEBNTQ02bdrEbxMWFobTp09j6dKl CA4ORkxMDCQSCQ4dOoQtW7agpqYG77777h2/b4TcqW4RDtXV1a0Gw73Q6/VYvXo1AgMDsWHDBv5T 3ujRo7FkyRIkJiYiMjISnp6eyMzMRHh4OFQqFb/9gAEDsHz5cpw7dw7jx4+HSqWCRqNB3759bcq1 5NYmF71ej2PHjkGj0UAikWDq1Kk2z0dERGDFihX8997e3njrrbeQnZ0Nf39/TJ06FcnJycjIyLAJ h927d0MoFOK5555DSUkJTp8+jXnz5mHWrFkAgODgYLi7u2PTpk0oKiqyueKy2r9/P3Jzc6FSqWxe n6+vL15//XXs3LkTEydOREZGBiZNmoS33nqLLzN+/HjodLq77kNJT0/n6w80XjGNHDkShw8fRklJ Cd/k2NDQgHXr1mHgwIE2P9OwsDC8+OKLNvtMTk6GXq/H559/zr/e0aNH409/+pPd5rwrV64gLS0N np6eABrD8sMPP0SfPn3wxRdf8J/sw8LC4OTkhC1btuCPf/wjAgMDkZmZiYCAAPy///f/+P0FBwcj Li4OxcXFABqvGsxmM5YtWwZfX19+X3q9/p6bTAlpq24RDgDsNifl5uYiJiam2eO3nrRak52djYaG BkRFRTU7TlRUFA4dOoTs7GxMnToV7u7uyM7Oxtdff42wsDB4enoiICAAW7ZsufMX1UR0dLTdx11d XfHhhx/yJwmrSZMm2Xw/ZMgQAOBPHt7e3ggODkZGRgbeeustSCQSfmTXyJEj4enpierqakgkEr6Z JiwsDK6urhg/fjzfPGVPVlYWAGD69Ok2j4eGhuKLL76Ar68vXF1d8cMPPzTbtqamBu7u7nfUWW+l 1+uRmZnJ198qMjIShw8fxldffcU3E544cQLV1dWYN2+ezc/U3d0d48ePt+nEzs7OxsCBA5sF4axZ s+yGw/Dhw22Of+LECVRWVmLevHnNmnymTp2KLVu24ODBgwgMDIS7uzvy8vKQkpKCsWPHwtfXF+7u 7ti2bRu/jXUE1T//+U/MnTsXgYGBEAqF+Pvf/37H7xkhd6vbhIO9Tjl3d3dMmTLFpszhw4fveN/W T2zx8fFITk62ec56+8ErV64AAN5++2289957/Kf2gQMHIjw8HOPHj8fAgQPv+NhWL730Elxc/js6 z8PDA3379kVwcDAkEkmz8j169LC7n6afLKdMmYLc3FxkZWVh7NixyM3NtWmScXV1xeLFi7FmzRq+ CSUwMBBPP/00f6Vkz5UrV+Dm5mZ3GGjTORlOTk7IysrC0aNHUVxcjOLiYrtzOtoqIyMDDQ0N0Ov1 +OCDD/jHrT+j9PR0zJ8/HxKJBKWlpQDQLFQBNPs5lZSUIDw8vFm5wYMH263HrU18Op0OQOMItd27 d9s8ZzKZAPz393fRokVYuHAh1q1bh3Xr1sHb2xvh4eF49tln+XCKjIzE/v37cejQIRw6dAiurq4Y MWIEIiIiEBERcdt+N0LaU7cIh4CAAJw+fbrZpDK5XG4zNj43N/euwsFq1KhR6Nu3r93ngoODATQ2 N3z77bc4ePAgDh06hNzcXCQnJ0Or1UKtVvPNHXdq5syZzUZh3auxY8fiH//4B77//nuMHTsWu3bt gpOTEyIiIvgy06dPR3h4OPbv34/s7Gzk5OTgxIkT0Gq1+Oyzz+w2KwH2r+SaMpvNiIuLQ25uLn91 FR4ejsDAQOzdu/e2o69aYp3jotfrmzVLubm58VcWTa967NXTXoeuvXL2QrklQUFBtx3uaw2agICA Zr8/W7ZswZYtWxAXF4dXX30VTk5OSExM5IP98OHD2L9/P/bv34+goCAkJiZSQBCH6xbh8Nxzz+H0 6dPYtGmTzeiitrq1Q/rW762fgENDQ5s1pzQ0NKC6upoPJb1eD6FQiKlTp2Lq1Kkwm83IysrCsmXL oNVq7zocHMEaBN9//z3Ky8v5E2fTk15lZSV69OiBWbNmYdasWWhoaEBaWhr+8Y9/ICUlBatXr262 Xzc3N34Y5q0n2k8//RT+/v6ora3lO6yb9jkAuKt5CadPn8a5c+cwadIkvnP31uf/53/+B19++SXG jx/PX/VYrwqbuvXqxdPT0+4VTVuvcqy/G4GBgc1ma5vNZlRWVvL1qa6uhtlsxnPPPcf/ruTm5uLt t9/Ghg0b8Oqrr/LDioODgxEcHIxFixahvLwcy5cvx+HDh5Gdnd3lVgMg959uMc9h2rRp/GSwlJQU u+3VlZWVzdZcsZ4Eb/0jt7aZW4WFhUEoFGL79u3N9r127VpMmDABGRkZKCwsxLhx47B+/Xr+eaFQ iNGjR6NPnz4OnfNwtyIjI2E2m7F27VrU1NTYDJf897//jQkTJuD//u//+MckEgmioqIANA9Rq1Gj RgEA9uzZY/P4uXPnoNVqcfLkSb4Z7umnn7YpU1lZyY/AuhPWuQ1N699UQEAA/P39ceLECRQWFiIo KAiurq5IT0+3+ZmazWbs37/fZtunn34ahYWF/BBUq7Ze3Tz++ONwdXVFWlpas3kLX375JSZNmoSU lBRUV1dj3LhxNk1iQONVqb+/P1/PJUuWYMaMGaiurubLeHp68k1fXfH3jNx/usWVg0Qiwccff8y3 1aampiIiIgJyuRzV1dXIy8vjx+kHBgbyn8is7fUajQZOTk7w8fHB0aNHsX37dptPvN7e3pgxYwa2 bNmCJUuWYM6cOXBzc0NGRga2b9+OgIAAvq03ODgYqamp8PDwQFhYGEwmE3bu3Ini4mKbcfGenp4o LCxESkpKs/WROlJwcDB8fX2RkZEBX19fm1Ff1g71tWvXAmg8yVVXVyMlJQUAbnsV9Nxzz2HLli18 4ISGhuLSpUtYt24dnJycMHPmTFy4cAFA40ggd3d3uLi44Pz58/yxgLatPQU0ngx3797NT8a7naio KPzjH/9Aamoq3nrrLahUKqxZswZLliyBUqlEQ0MDUlJS+OCymjt3LjIyMrBkyRIsXrwY/v7+OHjw IDZt2tRq3YDGKzTrsWJjY6FSqdC3b19kZ2fz/QovvPACXF1dMWnSJKSnp+Of//wnJk6cCJFIxPfL WK9ap0+fjsOHD2PhwoWYN28e+vXrhzNnziAxMRFubm546qmn2lQvQu5FtwgHoLF/YfPmzfjyyy+R lpaGjRs32jwfFBSEadOm2ZzQ3N3dsXLlSqxYsQIffvghgMYg+Pjjj/GXv/zFZnvrImwbN25EXFwc gMargoiICCxbtoxv412xYgU++OADxMfH8+P0JRIJFAqFzQgphUKBNWvWYN26dXj55Zc7LRyAxo7p +Ph4m857oLHe8fHx+Mtf/mIzLNbNzQ2LFy++bThYt1u5ciXWrl3Ln/D9/f2RkJAAb29veHt7Y968 efyYfut+X3rpJbi5uWHFihX4z3/+06bJgZmZmaiursZLL73UYlv7+PHjsXbtWuzatQsLFizArFmz YDabkZycjFdeeQVAY9NPTEwM1q1bx2/n7e2NxMREqNVqvmPeOkps6dKlrdYPaBzZ5OTkhPj4eCxe vJh/fMSIEXj33Xf52eVvvvkmzGYztm3bxo9wEwqFmDJlCt58800AjaH9pz/9qdm+AgICbPZFiCNx AKBSqd4HoAbAt3N2deXl5SguLkaPHj0gl8tbnDVqNptRWFgIoVDY6ogis9mMoqIi1NfX80My7amu rkZxcTFEIhHkcrndzkvrUgx9+vTp1A7Ef/3rX4iPj8f3339/2xFIer0excXFcHV1ha+vb5vra93O 3d3dbod6TU0NioqKIJVKIZfLO+V9aGhoQEFBAf/aWlJcXIzq6mr4+fndcYe0VVFREaqrq+Hr63vb hf1qamqg0+lgMplu+/tr7XuorKzkh7x2Rbm5uU0HCKhvLrFNurluc+VwK09Pz9ue6G4lFArbvGhc WwIEaPxk2drVgJOTU6cvddDQ0ID09HSMGjWqxffrdkNTW9Padk5OTp161QQ0Xum0tQ6thUdbtGXl Wicnp1Z/J4VCIXx9fdulToTcqW4bDqRlJ06cwFdffYXTp0+juLj4jpbDJoQQCof7lFQqRWZmJiQS Cf70pz85dPkRQsj9h8LhPuXv7293+QpCCGmLbjHPgRBCSMeicCCEENIMhQMhhJBmqM+BEOIwSqVy AsdxXgAqBALBDTTe89lQV1dXptVq6zq5eqQFFA6EEIeIiYmZwRjbav3eYrHwz0kkEqhUKgiFwioA 9QKB4IrFYqm1WCwXAdRbLBYdx3EmAEUAIBAILlkslpMajaaig1/GA4vCgRDiEIyxIUDjMjbW2d31 9fU2CwfW1tb2NplMqK+v97q58GAIAHAcZ7Mva7DMnz+/guO4oyaT6TCAPAA/UWA4BoUDIcSh5HI5 nnzyyVbLGY1G1NfXo7q6GrW1taipqUFdXR1u3LiBGzdu4LfffkNtba0HgEk3vwD8NzCMRuMxgUCQ Yzabczds2KBz4Et6IFA4EEK6BLFYDLFYbHNHxFvV19dDr9fjt99+g16vR3V1NSorKz0MBsMkjuMm McYgEAgwf/786xzHHTEajUcpMO4OhQMhpNuQSqXo06cP+vTpY/O40WhERUUFysrKUFZWhitXrvQ0 Go3jOY4bbw2MuLi4qyaT6UuO4zYmJibmdNJL6DYoHAghHa64uBi1tbWQyWQQi8X8vz169LirlXvF YjH69u1rc5vfyspKXLlyhQ+MGzduPAxgIWNsYVxcnM5oNGqFQuG2hISEk+340u4bFA6EkA514cKF Znfju5U1JJydnSEQCOz+y3EcXF1d0bt3b8hksmb7sHaEW1fk1ev1uHjxInQ6HcrKynw4jnvXYrG8 GxcXl28ymTaazeZtycnJBQ550d0QhQMhpEPp9XoArY5igslkwm+//Qaj0djqPp2dnfHwww+jd+/e ePjhh+Hh4QFnZ2ebMm5ubnjiiSfwxBNPoLa2FpcvX8alS5eg0+kGA1guFAqXx8XF5RmNRi1jLPVB 76OgcCCEdIq2jmIym82ora3lRzHV1dWhpqbGZhST9f9N7xcvk8nQp08fPPTQQ3B3d8dDDz2EXr16 AWi8Mhk8eDAGDx4Mo9GIkpIS5Ofn4/Lly0Ecx63lOG5tbGxsNmMsmTG280EcLkvhQAjp0oRCIVxc XFodxVRdXY3ffvsNVVVVuHbtGvR6PS5duoRLly7x5aRSKTw8PODu7g5PT0/07t0bbm5u6NevH/r1 64fa2lqcO3cO+fn5uHbtWiiAUI7jNPPnz8+0WCxvP0gd2RQOhJBuTyqV8if+psxmM65evYorV66g vLwcpaWl+PXXX/Hrr7/yZWQyGeRyOQYOHIi+ffvi8ccfx+OPP47S0lKcO3cOhYWFArPZPBbAz/Pn z/+OMfbOg9CJTeFACLlvCYVCeHl5wcvLi39Mr9fzo5jKy8uh1+tx9uxZnD17FjKZDAMHDsSAAQP4 0U8hISHIz8/HL7/8gtra2skcxz0XGxu72Wg0/vV+7sCmcCCEdEm3Dnft0aMHRCIRP1Lpblnvez54 8GAAwI0bN3D58mVcvHgRZWVlOHXqFE6dOgVnZ2f0798f/fv3x2OPPYZHH30UZ86cwYkTJwQGg+Fl kUg0W6VSfSoSiVbGx8eXtdfr7iooHAghXU5bhru6uLhAKBTCycmJ/9c6Z0IikUAikUAmk0EqleKh hx6CWCy2ux9nZ2cMHToUQ4cOhdFoRHFxsXUUE06ePImTJ0+iV69eGDBgAPr3749HH30U58+fR15e nuDatWsLzWbzfJVK9beGhoZPtFqt3hHvR2egcCCEdDn2hrvW1NTg5uJ8AIDq6mqYzWaUl5fbPH47 vXv3hru7Oz/U1d3dvVlgiMViDBgwAAMGDABjDGVlZSgsLERBQQGOHz+O48eP80Hx7LPPoqqqCj/9 9JPYYDCoZTLZGzExMcvr6+s/uR+WI6dwIIR0WW0d7lpfX4/a2lqbIa81NTWora2FwWCAXq9HVVUV qqqqUFDw324Ca1g0Hb1knaHNcRzf7xAaGorCwkKcO3cOpaWlfFC4u7vz8yaOHz/uYrFYVslksrdU KtVfvL29E9Vqtclhb46DUTgQQro962glNzc3myU0mqqtrUVFRQU/zPXq1au4du0aKisr+TIcx+Gh hx6yGxj+/v7w9/fHtWvXcP78eZw7dw6VlZU4dOgQevXqhVGjRqG0tBQFBQUPAfi0vLz87ZiYmFcS ExNbbh/roigcCCEPhB49esDX1xe+vr42jxsMBly9ehVlZWUoLS1FZWWlTWAIhUI8/PDDfOd0r169 MHz4cAQHB+Py5cs4duwYKioqcOjQIbi7u2PEiBG4cOECKioqfAHsU6lU/9vQ0PB2d2tqonAghDzQ rBPs+vfvD6BxhVfrYn1lZWV8cJSVleHIkSPw9vbGwIEDIZfL+clz1qamX3/9FZWVlfD09MTQoUNx 9uxZMMYW9ujRY6JSqZyRlJSU18kvt80oHAghpAmxWGxzhWE2m3HlyhVcuHABly9f5ifR/fjjj/D1 9YWfnx9+97vfYdKkSaisrMSxY8dQVFSE8vJyPPzww9Z+D3+BQJCrUqne0mg0azr5JbYJhQMhhLRA KBTC29sb3t7eAICysjLodDpcuHABRUVFKCoqglgsRv/+/TFo0CCMGzcO169fR25uLgoLCwEAvXr1 wrVr1wQAVs+fP38Kx3Ezu/rcCAoHQohDVVZW4vLly/wchKarr3ZH1hnXw4cPx7Vr13DhwgUUFBTg 3LlzOHfuHHr06IGBAwfi0UcfRUBAALKzs1FR0bhun1AohNlsHi0UCn9SqVQTNBrN2U5+ObdF4UAI cZQyAPyn6/tRr169+GXAr1y5grNnz6KwsLDZ5LlBgwYhLy8PtbW1AACz2fw7oVCYExsbG5mQkJDZ ua/CPgoHQohDaDSaxJiYGDcAQ5o87MEYGwZA3jm1chzr7UtDQkJQWFiI06dPo6qqCsePH4dQKORv OnT69GmYzWZYLBZnAP9WqVSvaDSalM6tfXMUDoQQh0lMTPz7rY+pVKr3Aag7vjYdQyqVIiAgAAEB AaioqMCpU6dw/vx5nDhxAlKpFMOGDYNOp7MOl+UAaKOjo4ds2LBhWSdX3YagsytACCH3Kw8PD4we PRp//OMf4e/vj4aGBvznP/9BTU0N5HI5v4CgSCR6R6lUbunk6tqgcCCEEAfr1asXRo8ejdmzZ2PY sGFoaGhAUVERnJyc4OzsDIvFAo7jZqlUqu87u65WFA6EkE5hHcVUWlqKqqoqGAyGNi2g15316NED oaGhmDVrFoYNG4a6ujrcuHEDPXr0sBZ5TqlUZqvV6k5v8u/0ChBCHjitjmISCoVGAPbX2L4PWEPi sccew08//cTPhxAIBLBYLCElJSWnFQrFiM5cApyuHAghHUqj0SRyHPcOx3HaJl+7GGOZ1i+z2Xyt s+vZEZydnTF27FhERkaid+/esFgs1qcGSSSSfJVKNaSl7R2JrhwIIR3O3iimpu73EU236tu3L6ZN m4YzZ84gJycH9fX1AODJcVxeTEzM5M5Y2ZWuHAghpAvgOA4BAQGYPn06/P39AQCMMSlj7P9iYmKm dnR9KBwIIaQLkclkGD16NMaNGwepVAoAnMVi+UalUr3ZkfWgcCCEkC6of//+mDZtGvr27QuucULE P1Qq1Q6FQiHriONTOBBCSBfl7OyMyMhIjBw50jphbppEIvklLi7Oy9HHpnAghHRZD+JcCHsee+wx PP/88+jVqxcADDKZTCeUSmWQI49Jo5UIIV1RW+ZCXBMIBEaZTFYnFAoFzs7OJrFYLHV1dZWKxeKe Li4uAo7j4Orqit69e0Mm65DWGIdxd3fHlClTsG/fPpSVlXlwHJelUqlmaDSa7xxxPAoHQkiXc7sV XS0Wi4v1G7PZ7GU2m2VGo9EDgIte3/J8MalUanB3d697+OGHnfr06ePk4eEBZ2dnx7wAB+nRowcm TZqEgwcPorCw0BlAmkqlWqDRaBLb+1gUDoSQLqm1uRBNKRQKmUwm8wIgZ4z1YYx5MMa8BAKBD2PM B8Cw+vp6r5KSEpeSkhJ+O6FQaOjdu3eFp6ensG/fvl7u7u7im003XZZQKMTYsWPRs2dPHD9+XAQg ISYmxi8xMbFdRzNROBBCuj2tVlsHoOjml10KhcJNKpX6McYe5ThuGIAhZrN5SEVFhV9FRQVOnz4N ABCJRLVubm6Gvn379uzTp4+0d+/ecHNz64iXcUeGDx+Onj174ocffgBj7A2VSiXSaDRL2mv/FA6E kAfCzXWKcm5+8RQKhUwikQznOO73jLEQk8kUXlFR8XBFRQVOnDgBABCLxfX9+/fnBg0aJLk5tLQT XkFz/v7+EIvF2L9/Pxhji1UqlU6j0axpj303C4eml1yEENKa7n7OuHnVkXXzCwCgUqmGcBz3ewBh jLEQo9E4xHqPaLFYXDtw4EDzoEGDXLy8HD6itFX9+/dHRESENSBWK5VKU1JS0if3ul8OePDWMSGE OIxao9F80NmVaG/R0dE+AoFgMoAXAYQBkAGARCK53r9//3p/f/+HOzsoTp48iezsbAAAx3HRiYmJ yfeyP5tweOyxx9CvX797ryUh5IFy6dIl/PLLL8B9Gg5NxcXFuZjN5smMsUgAEwF4AIBMJqvy9/cX +/n5ubi7u3dK3ZoEhAlA1L0Mc7VpVurXrx8iIyPvsXqEkAfNrl27rOFw34uPjzcA2AZgm1qtFpWV lYWZzeYZdXV1c3755ReXX375Bc7OzjcGDRrUY9CgQYKO7My23kDo5iimTbGxsU8kJCQU3c2+aIY0 IYTcJbVabUpISMhMSkqa39DQ8DAABWMs88aNG855eXmCr776CqmpqQ3nzp0DY6xD6jR8+HD4+PgA gJvFYvnqbu8qR+FACCHtQKvV1mk0mpSkpKQxZrN5EIBVAHS//fab5ODBg9i6dWv9xYsXO6QuY8aM sU7wG15SUvLx3eyDwoEQQtpZcnJygUajWebt7d2f47goADkGg0G6b98+bN++/calS5ccenyZTIaI iAgAYAAWxMTEzLjTfVA4EEKIg6jValNiYuJOjUbzlEAgGANg37Vr15wzMjKQmpp6vbS01GHH7tOn D0JDQzkAYIxtiI2Nld/J9hQOhBDSARISEjI1Gs2zjLEnAKT99ttvPXft2oW0tLTqsrIyhxxz2LBh kMvlAOBiNps/upNtKRwIIaQDJSUl5Wk0mudv9ktsvXr1qmt6ejr27t1rrqysbPfjhYaGQigUMo7j XoyNjQ1v63YUDoQQ0glu9kvMAvA0gJzLly8Lv/76a2RkZODatWvtdhwXFxc89thjHABYLJaP2zp6 icKBEEI6kUajydJoNE9xHBcNoOzSpUv46quvcOjQIRiNxnY5xhNPPAFnZ2cLgKDS0tK5bdmGwoEQ QrqAxMTE5IaGhqEAVjHGzGfPnsWOHTvQHp3WQqEQI0aMEAAAY2y5QqFodWYehQMhhHQRWq1Wr9Fo lgEYAaDeYDDgu+++w08//XTPt0f18/ODp6cnA+AllUpjWitP4UAIIV2MRqM5JhQKf89xnIkxhl9+ +QU7d+7EvXZYBwUFWYe2xrZWlsLhATRr1iyMGTMGBoOhxXLJyckYM2YMjhw5gry8PIwZMwZjxozB mjUtLxevVCoxZswYLFnSbvcdIeSBs379+lzG2ALr95WVlfjmm2/4mxLdjd/97ndwcnIyayAoJgAA IABJREFUA5ArlcoJLZWlcHgAyeVyZGZmYtu2bS2WW7VqFU6ePImgoCDo9XpkZmYiMzMTa9euve02 Op0OGzZsQGZmJvLy8tq76oQ8UG7eG3orAIhEIjDG8OOPP+LQoUN3tVYTx3EYOnSo8Oa30S2VpXB4 AM2d2zhYYevWrbctk5WVhYKCAsyZMwcymYx/3MPDAzqdDllZWXa3S01NhYuLi93nCCF35XUAepPJ BOv9rc+ePYvvvvsO9fX1d7yzwYMHAwDjOC4qLi7utjehoHB4AA0ZMgTh4eHYt28fdDqd3TIpKSkA gHnz5tk8HhUVBaAxBOzZtGkTX4YQcu80Gk0FgOUAYDabza6urgCA0tJSfPvtt9Dr9Xe0P2dnZ+us aZHZbL7tsFYKhweUQqEAALtNS3V1ddi6dStCQkIwbNgwm+d8fHwQFhaGHTt2NNuuoKAAOTk5ePHF Fx1SZ0IeVN7e3p8AKDAYDML+/ftDJGqcx6bX6/Htt9/e8a1a/fz8rJPiJt6uDIXDA2rGjBlwc3PD pk2bmj2XmpoKg8GA6Gj7TZJz5syx27S0bds2eHh4YMKEFvu5CCF3SK1WmziOewMAzpw5Yw4NDQXQ 2IdQX1+P77///o7mQ3h7e1u3D1EoFDJ7ZSgcHlAymQwzZ85EXl4eTp48afPcpk2b4OLighkz7K/y O23aNIhEomZNSzt27EBUVJRNHwUhpH0kJibuZIxlGo1GYXV1NYYOHQrGGMRiMRhj2Lt3L9q6gJ9U KoWrq2s9AJlIJAqyV4bC4QFm7U9o2rSk0+mwb98+zJkz57Ydyx4eHggPD7dpWjp58iTy8vIwc+ZM x1aakAeYUCj8AADOnDljHDVqFJycnGA0GtGrVy8YjUbs2bOnzQHh4+MjvbnP0faep3B4gA0fPhxB QUHQarX8Y5s3b4bJZGrWEX2rmTNn2jQtbdu2DT4+Phg92u7vGSGkHSQkJGQCOFtfXy++dOkS+vfv DwC4fv06HnnkkTsKCGvTEmMs3N7zFA4PuOjoaJuTvFarxbBhwzB8+PAWt5s6dapN09LWrVvx4osv 8h1lhBCH2QAA+fn5JmsTLmMMFosF/fv3h9FoxL59+1odxdSnTx/rf0PsPU/h8ICbMWMGZDIZUlJS kJOTg7NnzyI2ttWZ9TZNS3l5eSgoKMC0adM6oMaEPPBSANTpdDrBjRs3AAACgaC+tLQU/fv3h1wu R21tLTIyMlpc1dXZ2Rkcx1kAuNlbxpvC4QHn4eGBqKgopKWlISUlBTKZDLNnz27TtgqFAjqdDm++ +SbkcjnCwsIcXFtCyM15D2mMMUFhYSEAgDG2HwCOHj2KZ555Br1798a1a9dw8ODBFvcllUprAKCs rMzn1ucoHAiio6NRUVEBrVaLqKgouLm1upovgMamJZlMxndgE0I6BmNMC6DplUEOgDMGgwGFhYWI iIiAQCDAxYsXm41GbKpJs5THrc9ROBBEREQgJCQEHh4eeO211+yWkclkkMvlNsHh4uKCmTNnQi6X N2tSksvl8PK67cx8Qsg9sFgshU2/Z4xZOI77AABOnz6N3r17W2dB48iRI7hy5Yrd/YjFYg4AOI5r NjSReg8JACA7O7vF50NCQnDx4sVmj3/++ed2y9srSwhpHyKRaNqtC+/V19fvlEgkV6uqqh4uLS1F 7969ATR2Vu/fvx8vvPBCszlIPXv2ZFevXoXFYul36zHoyoEQQroRtVot4jhu4a2Pa7XaOgDJAHDm zJmmT5XcuHEDOTk5zfbVo0cPFwBgjDVrS6ZwIISQbqS0tHSyxWLxFgian74FAkEiABQVFaGurg4A wHFcGgDz2bNnm90sSCqVWstQOBBCSHdmvQHQxInN18xLSEgo4jjuO7PZjIKCAmv5csZYEmOs1ebj pigcCCGkm4iNjR0GYJyTkxMmTpwIsVjcrAxjrBSAzb0eOI57j+O46tLSUly4cKFNx6JwIISQbsJs Nr8GAKGhoZBKpejZs6fN8yqVygNAs3HlGo2mgjG2DAB++uknmM3mVo9F4UAIId2AUqkM4jhOCQDP PPMMADRbHJPjuHkA7C6L7O3tnYibcyHy8/NbPR6FAyGEdHFqtVokEAi0AIRjxozh5xBZO5StZaz9 EfbmGN28JwQ/F6I1FA6EENLFlZSU/Jkx9rinpyeef/55/nEPj/9ObC4tLZ0MwMfLywtTpkyxu5/6 +vqdAoGgsqqqqtWbA1E4EEJIF6ZUKoMAvCcQCPDKK6/YXC00Gc5qsF41jBkzBgMHDrS7L61WW2ex WJKAZnMhmqFwIISQLkqhUMgEAsFWAMJx48ZhwIABNs8bDAYAAMdxDQDG9ejRg4WGhqJ3797gOI41 36P9uRB2y7XTayCEENLOpFLph4yxwV5eXvjDH/7Q7HnrpDaLxfIMAIwaNYqzXln06tXL7pCkhISE IqFQuLfpXAh7bNZWaksPNiGE3IrOHe0vOjo6hDG2RCAQYO7cuXbnNPz/9u4/LKoy7x/4+8zQoARe FC4J5VcSFhNFSYRC5dFEMV3IysIfK4+mMhgbSOra2pM5m62VSZkaMAMmaWvJN5TSB4KkEAxCGZxC yWYZwUaBxlBipnFnmHPO8wecswzzgwH5affrurwuZM6ZuefMcD7n3Pfnc99ccKAo6kngP1lMAODi 4mJzwR+aptWAeS1EV1xwaAIApVIJpVLZm/dBEAQBdJxLiNuTkJAwhqbpj1iWtdqdBAB6vR56vR4U RbEsyzp1zmICAFdXV6sTq4rF4tEURf1314n7unICAJlMJhWLxQBA5lgmCKK3mmQymXSwGzHcdQSG YpZlff38/Kx2JwH/uWtgWZbqmsUEtGcyWbvYpyhqLcuyou7awUcW8qESBEEMLrFYPNpkMn0NYMLY sWORlJRktTsJAH/it5bFxP2+g477QSKROP3888/JNE3jvvvuY3/++WfKVlvIgDRBEMQQkJCQ4Arg OICHxowZg6SkJIsTPqetrQ35+fkAAFvdTgzDAAAoiuJHnRsbG/9E0/SYjgFum4EBIMGBIAhi0CUk JLiaTKZ8ALPGjBmDTZs2Wcyb1Nnnn38OrVYLW1lMQPuYBAAwDHOF+x23DoS9WggO360UHx+/lGXZ h3rwfgiCIHgURV2SSqVHB7sdw41EInG6du3aCYqiZo0aNQrJycl2A8Ply5dx6tQp2MtiAgC9Xs8C oO66665aoH1GV4Zh5rq4uPAT93UMZlu9g3AC+MDwyW2/S4IgfrdYlkV8fDxIgHBcR2D4mKKoOaNG jcKmTZv45T2taW1txcGDB8EwDCIjI612J3F+/fXXNgCtqampOqB9RleKovjAAACurq5GrVZrte/K CQC4OwYvLy94e3v39n0SBPE71dDQgMbGRpDeB8etW7fugYaGhuMURU3nAoO1CfM4ra2tSElJgUaj gb0sJo5WqxUCqAesz+gKACNGjGC0Wq3V/c3yYL29vREcHOzYOyMIguiku4nciP+Ij4+P6OitGe3h 4YEXXnjBbmDQ6XRISUlBU1MTustiAoCbN29Cr9cLAdR2ZCgdpmla2LUWwsXFxeZzkAFpgiCIASQW i/+HZdkvAIyeNGkSXnnlFbs9NgaDAWlpaWhqakJ3WUycn376ifuxvqGh4X9omp5soxaCsfUcVivo CIIgiL61evVqd2dn58Msy0YJBAL86U9/QlRUlN19DAYD9u7di9raWjiSxcSpr6/nfqRhY0ZXABCJ RFwxnA5dkOBAEATRzzr6/P8/y7J+rq6uWLNmDSZNmmR3H4ZhsH//ftTW1sKRLKbOrl69ygKghELh czRN25yCw2QyGQDc1bkWgkOCA0EQRD+Kj49fy7LsewDuHjduHOLj4+Hh4WF3H4ZhkJGRAaVSCUey mDrT6/WoqalhAVA0TXvbq4XQ6XR0x+td6foYCQ4EQRD9oKOu4F2WZecBwKxZs7Bs2TK7A8lA+2By Wloarly5AkeymLo6e/YsTCaTAAArEAgoe7UQv/32GwsAXC1EZyQ4EARB9KHVq1e7i0SiHQzDrAfg dPfdd7NLly6lHnnkkW73vXTpEjIyMqDT6eBIFpM1X3/9NZycnGAymShb3UkcnU5HAfiFq4XojAQH giCIPiCRSJwaGxtXsSz7JoDRAoEAjz32GKKioih7KaOcvLw8nDhxAgzDYNKkSVi3bp3dVFNrampq oNFowDCMQ7UQv/32mzOAf1l7jAQHgiCI27Ru3bpHGxoa9gGYDgATJ05ETEyMQ0XFer0eBw8exPff fw+BQIDo6Ohus5is0el0yMzMBMMwDtdCGAyGEQCsLgdHggNBEMNOQkKCK03Tj0il0qJBbscYk8n0 NoCVAHDvvfeyS5YsoaZPn+7Q/mq1GjKZDBqNBo5mMVljMBiQmpqK3377rVe1ENYeJ8GBIIhhZfXq 1e40TX/LsuyEuLi4lRkZGf8c6DasXbvWTygUbjCZTOsAjHBycmIjIyOpRYsWUd0NOHO++eYbHD16 FAaDAY5mMVnD1UKoVKoe1ULU1dWZ0B4D6q09ToIDQRDDRsfU1idYlp0AABRF+Q3k68fHx0cASGZZ lu/3mTZtGp555hnK0RN7Q0MDsrOz8cMPPwBwPIvJmtuphVCpVK0A7rVW4wCQ4EAQxDDRec2DgXzd 1atXjxCJREvRHhSCAMDJyYmdMWMGFRER4XA2kV6vx+eff47Tp0+DYRi4uroiJiYGjmQxWXM7tRA6 nQ4qlWoUAAiFwovWtiHBgSCIIU8ikTg1NDTkA5g1atQoTJkyBWfOnOnX1+wYT4gHsB7AGABwc3Nj 5s+fL5g5cybl6urq0PMwDIPy8nIcO3YMOp0OAoEAERERiIqK6nE2Eud2ayHKy8tB07QTRVEnU1NT m6xtQ4IDQRBDWqc1D2ZxJ8LKysp+e63GxsbZAFaaTKZlAEYAwLhx49iIiAgqJCRE0Glt5m5dvnwZ n3zyCa5caS9A7kkWky19UQtRUlJiAuDEsmy6rW1IcCAIYsjqFBieceQKuTdZTKtXrx7h7Oy8gGXZ ZxoaGqIAuAMARVHs1KlTMX/+fPj5+dldb7mr1tZWfPrpp6ioqAAAeHh44Omnn4ajWUy29EUthFKp hEajcQJw1dvbu8DWdiQ4EAQxZDU0NBymKOoZZ2fnbq+QV69e7W4ymcoBPNRdFlNCQoJrW1vbYoqi ngEwj2VZvo/ogQceYB5++GFBaGgo5enp2aP2ajQafPXVVzhz5gza2tpw1113Yf78+Vi0aFGvBpw5 fVULAQAlJSXcj5kSicRkazsSHAiCGJLEYvG7AJaJRCI2KSmJGjdunM1tuSwmAA8B1rOYxGLxaIqi FrMsu8xkMs2iKGoE95ivry8zdepUwcMPPwxPT88er3Nz6dIlFBUV4fvvv+d/15HF1Kv01M76qhYC aB+IPn/+PAOAYRjmgL1tSXAgCGLI6QgMySKRiN2wYQPl52c7Y9VaFhNFUYKOabIfQXvV8qMAJrMs yz3OTpgwgXn44YcFU6dOxT333NPjgNDW1obKykoUFRVBrVYDAO666y6EhYWhJ1lM9vRVLQSnvLwc JpNJQFFUXmZm5lV725LgQBDEkCIWi98AkCwQCCAWi+0GBoqiBFxg6JzFxLLs3yiKerXztk5OTszk yZOpKVOmUFOnTqVcXV17NI7AaW1tRUlJCU6fPo3W1lYAwKhRozBv3jzMnDkTjmYx2dOXtRCdnT59 2ghAZG8gmkOCA0EQQ0ZcXNwGAH+jKIqNi4ujAgMD7W7PMMwmiqLudnNz65rFJPLw8DD6+fmJxo0b Bz8/P3h7ewt6e3JlGAZKpRIVFRU4d+4c2traAADjxo1DREQEQkJC0JMsJlv6uhais4sXL+L69esi dDMQzSHBgSCIISEuLm4DRVF7KIpixWIxNW3aNJvburm5AQC4wLB582azbpzHH38cTz31lMjW/o5o a2tDTU0N5HI5qqurodfrAQACgQBBQUFcFtPtvASvP2ohOmtra8M///nPWwBGAki3NxDNIcGBIIhB JxaL4wHsAYAVK1bYDQwA8K9/tc8y7ezsjMTERIv+/d7eIRgMBigUClRVVeGHH36AwWDgHxs7diyC goIQGhqKnmYx2dMftRBd5eTkoLm5eSSAS0ajMcWRfUhwIAhiUMXFxS0BsB8AYmJi8F//9V92t8/O zsa5c+fg7OyMpKQk2MtissZgMKCurg4PPfQQgPYMnu+++w7nzp1DbW0t32UEAH5+fpgyZQo6sph6 +M7s669aiK4uXbqEr7/+GgBMLMsuz8rK+rcj+5HgQBDEoImLi1tCUdQnAJxiYmIQERFhd/vs7GwU FRXxgaGn3To6nQ5vvPEGfvnlF/j7+0On06GhoYF/XCAQYOLEiQgKCkJHFlNv3pZd/VULYU1HfQQD QEBR1CsymUzh6L4kOBAEMSjEYvGfAHwCwOnxxx/vNjAcP34cRUVFEAgEiIuLcygw3Lx5E3V1dair q4NKpcJPP/3E3xkolUoA7V1QkyZNwpQpUzB16tQ+yTaypj9rIWw5fPgwWlpaBBRFfevl5eVQdxKH BAeCIAacWCyehY7AEBERgaeeesru9kVFRfjiiy/4wNBdFlNZWZlZqinQflfAMAz//0mTJmHx4sXw 9vbu8yt2zkDUQthSWVmJqqoqANBRFLXckUHozkhwIAhiQHUEhnwArhEREYiJibG7fVFREbKzs/nA YG+wmlvLoLm5GQDg4uICPz8/XL16FTdu3EDnWojx48f3eLzCUQNRC2HPzZs38dFHH3HdScnp6en1 PX0OEhwIghgw8fHx01mWzQfgGhISwsbExNgtRCspKUF2djYAYPny5XYDAwB+MNvZ2RkPPvggRo8e jYyMDD4w9OeMrgNVC+GIrKws+tatW0KKok5KpVK702TYQoIDQRADQiwWP8Sy7AkArtOmTWPXrFlj NzBUVVXh448/BuBYFhOH245bDKeqqqpXax44YiBrIRx19OhR5tKlS0IAv7As+1xvn4cEB4Ig+p1Y LH4IwNcAxgQFBZni4uKc7F1FV1VVISMjAwzDwJEsJms++OADVFVVwZEZXXtiMGohHJWdnY2vvvpK AMAEYLVMJvult89FggNBEP1q/fr1PgzDfA1gzPjx403x8fF2A0N1dTUfGBzJYrLmdmshuhqsWghH MQyDrKwsrmZCB2ChTCa7raXySHAgCKLfdCy1mQ9gzIMPPmhMTk4W2QsMtbW1fGBwJIvJmtuthWAY BteuXUNdXR2uXLmCy5cvD3gtRE907j5DHwUGgAQHgiD6iVgsHm0ymb4G8JCPj8+tF198caSzs7PN 7Wtra7F3714YDAY4ksVkze3WQly+fBlqtdqsqwgYuFqInuqvwAAMcnCIj4+HXC6HUChEQUEB3N3d rW732WefYceOHQCAzz//vE/nHOnalu4yGU6ePAmJRAKJRNLrlZh6y1ZZvbe3N7y8vCxWh3riiScA tB+zgRIfH4/GxsZ+e83p06cjODgYUqnU4X2WLl0KlUqFxMRErFq1qkev98QTT8DLy6vb15PJZJDJ ZP32/RymVgF4iKIodu3atXYDw5UrV/jAEBIS0qvA0Be1EBxPT088+OCD6DSja7/VQvRWfwYGYIjc OdA0jdOnT2Px4sVWHy8o6HZ22d8NDw8PzJgxw+x3LS0tkMvlkMvlaGhogFgsHqTWDT3V1dVQqVRw c3NDTk5Oj4MD0XsCgSCHZdkklmX/3/vvv49NmzbxdQidNTU1Yf/+/TAYDJg2bRrWrFnT49fqi1qI cePGYdy4cfD19e2TmVD7k8FgQGZmJldt3SQQCOanp6df6MvXGPTg4OnpCaPRiIKCAqvBQaPR4OzZ sxg7dixfYTiYoqKiBvyOoTMfHx9s377d4vcajQZLly5FVlYWYmJibN6F9beeXNEPhJMnT0IkEkEs FiMlJQXl5eUICwsb7Gb9LqSnp9cnJCQ8QtN0cVNT04QdO3ZYpJM2NTUhJSUFra2tmDZtGuLi4npc C3C7tRCDNYjcW3q9Hu+//z5qa2sBoAnAY+np6Zf6+nUGPTg4OTkhPDwcubm5aGlpsTipFRUVQSQS Yc6cOTh8+LDF/i0tLaiqquLzi8eNG2fzdrK6upqfFtff3x/+/v5Wt1OpVPwKTNOmTTPrJmhubkZ9 fT18fHzg4eEBrVYLpVIJf39/ODs748yZM9Dr9XB3d0doaChEIssp5dVqNS5cuACapuHp6Yng4GAI hUIHjpZtnp6eiIyMRE5ODi5cuIBZs2aZPc69d6FQiODgYP4Pgns/Y8eOtfgjoWkaCoUCHh4e8PHx AQDU19fjwoX2CxQPDw8EBwebvUelUgmDwWDxGTQ3N0Mul8NoNMLNzQ1hYWEWx0av1+PcuXPQarUA AC8vLwQFBfX62BiNRuTn5yMoKAgLFy7Enj17kJ2dbTM46PV6fPvtt9Dr9fD09ERoaKjN51YoFLh6 9SpEIpHV5+OOa2BgIBQKBTQajdl3iaZpyOVyaDQaAMDUqVMxduxYi+dpaWnB2bNnYTQaIRKJEBoa avE3QtM0zp49y18JT5w4Eb6+vo4dpH6WmpralJCQMN1kMuW3trbOSklJQXx8PPz8/NDc3MwHBj8/ v14FhtuthRhuLl26hIMHD7ItLS0UOgKDTCbr88AADIHgAAALFy5ETk6O1a6loqIizJkzByNHjrTY Ly0tDVlZWaBp2uz3wcHB2LdvH3/yaW5uxubNm1FdXW223aJFi7B9+3azk88bb7yBnJwc/v9CoRDJ yclYvnw5gPY1WDuPOSiVSsTHx+Pll19GZmYm/8cOtF/lS6VSflItmqaRkpLCX+V03m737t38Cbi3 rPXpmkwmvPzyyygsLOR/JxKJsG3bNixcuBA0TSM+Ph4RERF46623zPYtLy9HcnIyduzYAR8fH7z6 6qvIy8sz28bDwwO7d+/mg0FKSorFmMMHH3yAzMxMGI1G/neenp5ITU3l33N2djb27Nljtg0A+Pr6 QiqV9upOqLCwEHq9HtHR0XB3d0d4eDhKS0uh0WgsAqFCocDmzZvR0tLC/y4yMhImk/l0NHq9Hps3 b8bZs2fNjkFwcLDZdtz3JDY2lr+oCQoKQmZmJurr6/HSSy9BpVKZ7fPkk09i69at/Pfx5MmT2Llz p9kxEYlESE5O5vvk6+vrkZSUZJZNAwDh4eHYvXv3bV909IXU1FRdQkLCQpPJdLi1tfXJvXv3IjY2 FidPnuQDQ1JSUq8Cw+3WQgwXbW1tyMnJ4abepgCcEQgEsb2ZFsNRA1PL3Y2goCB4enpajC1oNBoo FAosWLDAYp/Tp0/jwIEDWLRoEU6dOoXKykqcOnUKkZGRkMvlyM/P57fdvHkzampqsG3bNlRUVKCs rAwxMTHIy8vjrzo4crkcUqkUlZWVOHToEDw8PLBnzx6zk4Y1b731FqKjo3Hq1CmUlJQgNjYW9fX1 kMlk/DZpaWnIzs7GkiVLUFJSgsrKSkilUmi1WiQlJVmcGHuiubkZBQUFEAqFmDx5Mv97jUaDxsZG HDp0iH89Z2dn7Nq1i79zCQ0NRWlpKX/3xcnLy4OLiwsiIiJQWFiIvLw8iMViVFRUoLKyEpmZmbh1 6xbefvttm+3Kz89HamoqZsyYgYKCArP9XnzxRdA0jerqauzatQvTp0/nP8uSkhIsWbIEKpXKIpg6 6sSJE3z7ASA6Oho0TZsFfwDQarXYvHkzhEIhDh48iMrKSnz66adQKpVmwR4A3nnnHZw9exaJiYko KytDSUkJf3ysycnJQXJyMnbu3Im1a9fCaDQiKSkJjY2NSElJQWVlJcrKyiAWi5Gbm4u0tDS+TTt3 7jQ7JgUFBfDz80NKSgrfrnfeeQdarZb/fMvKyhAbG4vS0lJ89tlnvTpu/SE1NVXn7e39LEVRWVx/ eVNTEx8Y7A1WW9MXtRDDxZUrV/D666/zazIA2Ozt7f1YfwYGYIgEBwCYN28e5HK52Un45MmTcHFx sXrb3tLSgqCgIGzcuJG/qnR3d+cHY3/++WcA7VeE1dXVWLFiBRYvXgyhUAiRSIRNmzYhICDA4upt +/bt/FVgQEAAVqxYAZqmLbbrKjg4GM8//zzc3d3h4uKCF154AW5ubqivrwfQfsV55MgRBAUFYevW rfyAV3BwMBITE9HQ0GAW0GxpbGzkM2O4f6+//jpWrFiB5uZmxMbGWlxlv/baawgICOBfb+HChdBq tfwYTnR0NIxGI7788kt+H61Wi+LiYkRGRkIkEvHvIywsjL8aDQoKgkQiwZNPPmmzvYcPH4a7uzt2 7tzJ30EFBQVBLBZj5MiRUKvVuH79usVn6eLigg0bNvDvuafUajXkcjnffqB9kXZ3d3fk5uaa3W3m 5+ejpaUFL730En8H5OPjg507d5o9p1arxYkTJxAeHo5Vq1ZBJBLBxcUFW7ZssdlFuWTJEqxcuRKR kZEICwtDfn4+GhoasGnTJsyePRsA+DGR4OBgHDlyBHq9HiqVCkajEUFBQfwx8fDwwN/+9jckJyfz n0F9fT08PT0xYcIE/rmef/55JCQkYPz48T0+bv1JIpGYpFLpcxRFlQIARVFYtWpVjwNDX9RCDAcM wyAvLw9vvvkmmpqaAEDBsmyITCZL6ekMq70xJLqVAGDu3Lk4cuSIWdcSdydgrd9+8eLFZl1QGo0G KpXK7HYfAN8/3jXACIVCHDp0yOJ5u/aVO9qd0XU/oVAINzc3/grvwoULMBqNGDt2LORyudm23Pur rq62mbHFaWhoMLsb4fj4+GD16tUWKYCenp4Wfdnce2puboaPjw8iIiKwa9cus6SAr776CkajEQsX LgQAhIaGQiaTISkpCREREQgPD0dISAjmzp1rs63ceIy1z3D58uV8V52Pj4/Z83D99dxn1xvcVXPn 5AGhUIjIyEhkZ2fj9OnT/Gtyn8ejjz5q9hz+/v5mx+67774DTdNWL1bmzZvHrw887IAVAAAOKUlE QVTQWVBQkNn/uVW/Ro4cafE98Pb2hlwuh0qlQkBAANzd3SGVSlFTU4Pw8HCEhYUhICCAD/RA++eS m5uL2NhYzJs3DyEhIQgMDOxVxs9AoSjqv1mWlbMse6+9LCZr+qIWYjjQaDQ4ePAgLl++DAA0RVHv GgyGbY6u4tYXhkxw6Ny1tHjxYqjVaiiVSiQnJ9vc59ixY8jNzcWPP/7IXwl2zTHnukoeeOCB/ms8 YLNvl2sXFyROnDiBEydOWN22a7+xNYGBgfjHP/5h9rvRo0dbDaBA+4B/d0QiET+YzfXHnzhxAt7e 3vxdFHeXkJqaitzcXOTm5kIoFOKRRx7B+vXrzU5YHG5gefTo0d22obCwENnZ2aipqeG716wN0DqC pml+bOTVV181e4z7Pnz66ad8cODuVq2lL3Yem3B0u866Fktxg8Yvv/yyzfY3NjYiMDAQe/fuxZtv voni4mIUFxcDaA9YS5cu5YP4xo0bQdM0CgoKkJqaCqD9DmPBggVYv379kEzJ7MhimmQymeRNTU3e 1rKYrOmLWojhoLi4GMeOHeMK8a4IBILV6enpxQPdjiETHID2q6+jR4+ipaUFX375Jdzd3S0G+jhc l0pgYCCSk5Ph4+ODiRMnQq/X88Vfnel0uv5uvl3cyTsxMRHz58+3uo0jt9cikahfiqyioqKQk5OD /Px8zJ8/HwqFwqJegkvjrampwblz51BWVoaysjIoFAp88sknNtvFBQlbuMJCX19fJCQkwMfHB/7+ /vD09OzVerrl5eXQaDSYMWOG2fgLp7CwEGfPnuWzzuwdd5qm+cBvKwBz2zmCe67jx4/bvKDg7uwC AgJw6NAhNDQ04Ntvv0VlZSWKi4uxY8cOCIVCREVFwcXFBdu3b8df//pXnDt3DhUVFSguLsaRI0eg Vqvx7rvvOtSugdaRxTTBZDKdbW1tnbh7926sX7/eZkVzX9RCDHVqtRrHjx/HxYsXAQAURWUJhcLE 1NTUQTl5DangEBUVxXctnThxAosWLbL5B/Txxx/D09MTmZmZZttwYwPclTp39cmlm3b20ksv8bdv /Y1LLVSr1RYn0ebmZuTn52Py5Mn9tlxgdwIDA+Hj42OWFNC5S6a8vBwqlQorV67kuzZWrVqFDz/8 EPv27UNVVZXF+/L29oaLiws/XtHZ6dOnkZKSgldeeQWHDx+Gi4sLMjMz4ebmxm/T27qW3NxcAO1X 1dYywNzd3bFr1y589tln2LBhA3x9fVFWVoaamhqzOyBurIn73nCfYU1NjUWty48//uhQ2yZMmMCn nXbtciovL0djYyNmz56NxsZGlJeXIzIyEt7e3nj66afx9NNPQ6VSYenSpZDL5Zg7dy6++OILPPDA AwgNDcXs2bMxe/ZsbNq0CUuXLkVpaanDx2wwdGQxhdI0nafVasPfe+89rF+/HpMmTTLbri9qIYYy tVqNkydPQqHgl3f+haKodVKpdFAzCobUEeb6eA8cOAC1Wm23P9valZrRaMSHH35o9visWbPg5uaG w4cPm2XjqFQqFBcXD1gBjK+vL/z9/ZGXl9f5SwAAeO+997Bnzx6LzJiBFh0dDaVSiby8PAQHB5ud 7MvLy7Fnzx6Ul5eb7cPNQWPrOEZGRqK6utpsLIimaRw9ehS//PILfH19+c+qc5CnaRoZGRkA/tMV 44jm5maUlpYiICDAZmrwwoULIRKJkJubazaukpGRYfa9+uijj8zuerjPMD8/3yzg1dfXO5RMwL02 0P6Zd/4+Njc3Y9u2bUhNTeXHqri6jM644+3m5gZnZ2fs27cPKSkpFplmXCbaUJeamqrz8vKaS1HU caPRiP3793PTQQBAn9RCDFVqtRppaWl4/fXXoVAoQFHUrwAkRqPxj4MdGIAhducAtJ9MDhw4AE9P T4srq86efPJJHDlyBPHx8ZgxYwb0ej2Kiorg5uYGkUjE/7G4ublhy5YtkEgkWLZsGSIiIqDX61FY WAh3d3c+I2YgSCQSJCQkICEhAQsWLICnpyfkcjkUCgUiIiIQGRk5YG2xJioqCqmpqVCpVJBIJGaP rVy5EgUFBdi0aRMWLFgALy8vqFQqFBUVITg42Gb33wsvvACFQoHExER+v9LSUiiVSmzZsgUeHh6I jo7Gvn37sG7dOsyZMwc0TaO0tBS3bt2Cu7t7t91SneXn54Omaf4kbI2bmxvmzJmDwsJCFBYWIioq CmvXrsWBAwcQGxuL8PBwKJVKyOVyixOsRCLBunXr8Nxzz/GvkZ+fzxdEdsff3x9isRgymQx//vOf +febl5cHrVaLXbt28YV1oaGhyMrKglKpxOTJk9Hc3IzCwkJ4eHhg2bJlEAqFSExMxM6dO/nnEgqF KC0thVqttvgMh6qOzJunxWLxAYZh1kilUsTExCAkJAR79+69rVqIoajrnYJAIGhlGOYdg8HwXlZW lv2c+QEkBIDg4OA5AOZ4e3sP6KRhN27cgLe3t1mWyB/+8AfcunULixcvNusG0ul0cHZ2Rnh4OEaM GIHQ0FCMHDkStbW1UCgUMBgMiI6OxtatW8GyLAQCAWbOnAkA+OMf/4hHH30UGo0GlZWVuH79OmbO nIkdO3bwg2A3btzAfffdhzlz5pi1Ua/Xg2VZhIWFwd3dnf9/aGgoxowZA6PRiFu3bmH69OkWV6oa jQbjx4/n35+Hhwcef/xxmEwmVFdXo6amBvfccw9WrVqFv/zlL91+8bmBSntB097rdz2W3HviuLi4 oLKyEr/++iu2bdtmNtHY3XffjYiICBiNRly8eBEXLlyAQCDAs88+iy1btvDbdv1MR4wYgYULF0Ig EODChQu4cOECxo4di40bN/InVy5d86effsL58+fR2tqKuXPnYtu2bfyA6qOPPgqhUNjtMaisrMSY MWOwfPlyu4OxXl5eMJlMcHNzQ2BgIEJCQjBhwgSoVCpUVVXh3nvvxfbt23HPPffwC7gA/xnsvXHj Bs6fP4/r168jNjYWTz31FFiW5b+fXb83nQUHByMwMBDXr1+HXC7HtWvXMG3aNGzdutWsKnv+/Pl8 t1xVVRVaWlrw2GOP4ZVXXuH/TidOnIiAgABoNBqcP38edXV18PX1xcaNGwc097+xsZFLOS6Wy+Wn e/Mccrn88+DgYAbAYxcvXkRZWRlu3rzZ61qIoUatVuPIkSPIzs5GU1MTBAJBK8uybxgMhmUHDhwo UCgUA5aJ5AgKAMRi8XYAEntXgMSdz2g0YtGiRQgPD7c6fxNB2MJN/AhAIpPJ/n47z7Vu3bq1FEVl UBRFCQQC/P3vfx8WXWS2WLlT0DIMk2I0GofUnUJXQ65biRh4er0ezs7OyMrKQktLC5599tnBbhLx O5aZmXng+eefv8tkMqUyDEP1tBZiKLh58yYqKytRUVHBJ1Zw3Uf//ve/h3RQ4JDgQODtt9/may+i o6Ot1iwQxEBKS0tLX79+/c8Mw+Q0NTVRr732GjZv3txn60D3B51Oh6qqKlRUVHAzpgIAKIpqZll2 33AJChwSHAh+INzHxwcrV64c5NYQRLv09PTjYrF4OoCzWq1W2F0txGAwGAxQKBSoqKjADz/8AIZh AAACgeAWwzA5FEV96uXl9b8DMd1FXyPBgUBYWBhZ44AYkmQyWVV8fPwUlmWrtFqts61aiIHU1tbG F4IqFAq0tbVxD9FCoTDPZDIdFQgEn6Wnpw9u5e1tIsGBIIghTSqV1iQmJvoZjcaLRqNx1P79+7td 7a2vNTU1oa6uDrW1tWbrxwCAUCj8mmGYf7Is+1laWtovA9aofkaCA0EQQ96+ffuuJiQk3N/W1naZ YZg/cLUQ/ZGuazAYUFdXh8uXL/MBoWuRoVAoVJhMpiyWZXNkMtnVPm/EEECCA0EQw0JqaqpOIpF4 X7t27SJFUf7Z2dlobW297Sm7NRoNHwTq6uqsTtsiFAqbTCbTGQBnGIb5X5lMVmv5THcWEhwIghg2 JBKJSSKRTLp27dopiqJmf/HFF9Dr9Vi+fHmPqqeLioqgVCpRW1trMSknRVGMs7Oz0mg0FtI0XcKy bMWdendgDwkOBEEMKx2ZP3PEYvHHAJaVlJRAp9NhzZo1ZlX9tpSUlJjNWSUUCm8AKKNpuhhAhcFg qJRKpUOqWnkwkOBAEMSwJJPJlovF4kYAL1ZVVaG1tdWhaTZaW1u5Hz8SCATb0tLS6vu5qcPS8J/F iiCI3y2ZTLYRwAagfZW4t99+u/PJvzu1/b0O83BGggNBEMOaTCbbKxAIlgNg1Go1UlJSuDWXidtA ggNBEMNeenr6JwKBYBGAtqamJuzevZt1ZNldwjYSHAiCuCOkp6cXUBQVxLKsUqvVUm+88QbbeY4j omdIcCAI4o4hlUpr7r///kksy35qNBqpd999l+28shzhOBIcCIK4o0gkEtP999+/HMAek8lEyWQy 9ptvvhnsZg07JDgQBHHHkUgkJplM9iIACcuy1KFDh1BQUDDYzRpWSHAgCOKO1bEq3QsATMeOHTMr fiPsI8GBIIg7mkwme59l2WUATEVFRSgqKhrsJg0LJDgQBHHHy8jIyBEIBPMB6LrOsEpYR4IDQRC/ C+np6cUURT0GgKuQu2PWXugPJDgQBPG7IZVKKwUCQRiA9d7e3tLBbs9QRibeIwjid6VjPiUSGLpB 7hwIgiAICyQ4EARBEBZIcCAIgiAskOBAEARBWCDBgSAIgrBAggNBEARhgQQHgiAIwgIJDgRBEIQF EhwIgiAIC2YV0mTNVYIgeoOcO+48XHBoAoDGxkY0NjYOYnMIghjmmrrfhBgOKO4HsVgcD2DMILaF IIjhrUkmk5E5iwiCIAiCIAiCIAiCIAiCIAiCIAje/wHXe9t1vZ5/DgAAAABJRU5ErkJggg== --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="altp2m-shadow.png" Content-Disposition: attachment; filename="altp2m-shadow.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q7g1 iVBORw0KGgoAAAANSUhEUgAAAYcAAAIcCAYAAAAdV2JjAAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFCwRgk/AdwAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7N1/VFNXvj/8d+Sox2lq45i2sZOOYUSl03QaZ+K3OBNr MtIrVrziI17iAsd4QYgWV/GRfmVW6SJ9qku6Sh9xFRWQjuEWr+E2PsKIt3EKQxzTSxziNR3pNSre pN9mSjqmM7k1jlEC+/mDnlNiwi8FUdmvtbKUc3ZOdk6S/Tn7x9kboCiKoiiKoiiKoiiKoiiKoiiK unsC7j95eXkZhJDE8cwMRVEPLoFA4Kqqqqof73xQo0MA8IHBNN6ZoSjqwSYQCLQ0QDwcGADgagzz 5s3D/PnzxzdHFEU9cC5evIhLly6Btj48PJj+f8yfPx+pqanjlReKoh5gly5dGu8sUKNo0nhngKIo irr/0OBAURRFRaHBgaIoiopCgwNFURQVhQYHiqIoKgoNDhRFUVQUGhwoiqKoKDQ4UBRFUVFocKAo iqKi0OBAURRF3U5AgwNFURTVnwA0OFAURVEx0OBAURRF8QSgNQeKoigqBgEAATNksts4HA74fL4x yA9FUfcjiUQCpVI53tmgxp6g/2NEwcHhcODgwYNjkiuKou5vNEBMKCMLDlyNga4YR1ETA7fCG20t mHhG3KwE0BXjKGoioSu8TUjkjoIDRVEU9dAh/f4ldLQSRVEU1R8BrTlQFEVR/fC1B1pzoCiKom53 fwcHp9MJjUYz4OO1116Dy+Ua72zeV44ePYr4+PhROVYgEMCuXbuwYMECTJ48GQKBANOmTcPixYtR W1uLcDg8Kq8zGoLBIJxO54D7vV4vNBoNtm7dOuSx1q1bh5UrVyIcDmPbtm3QaDTDykM4HIbD4Rh2 nu9EbW0tNBrNoO+Vou7S/d/nEAgEYLVaYwaAzs5OlJWVYcGCBWhpaRmH3N1/7HY7dDodPB7PXR/L ZrPhmWeeQXFxMQAgPz8fBoMBOp0OnZ2d0Ol0fAE63jo7O/HMM8+gsbFxwDRSqRSBQAAVFRXwer0D pnM4HDCZTBCLxWAYBk6nE1ardVj5WLBgAfbt2zfS7I+Ix+OB1WpFIBAY09ehJrz7OzhwUlJS0Nra GvH44osvYDKZEAqFkJ+fP95ZHHf19fV46aWXEAwG7/pYPp8Pq1evRjAYhNlsxrlz57Bnzx6UlJTg wIEDcLvdSE9Ph8Viwd69e0ch93fH6/UOWuBzcnJyAPSdq4HU1tYCAPLy8gAAR44cgdvtHlY+Ojo6 hpWOoh4ED0RwGEhGRgaUSiVcLhdfOHg8HgQCAYRCIVitVnR2dkY8JxgMwmazwWq1DnmF7XK5YLVa 4XA4BrxC9vv9sFqtQ17NcVegdrsdoVAoZhqfz8cfayQ3HWk0Gmi1Wsjlcsjl8gHTeTyeYRWib7/9 Nvx+P8rKyrBmzZqo/SzL4oMPPoBEIkF5eTm/3e/3xzynwWAQHo8nZuDiroRtNtuAgY1rron1WQQC AXz11Vf8/z0ez4CfVUZGBliWRV1d3YCvYzKZIJfLkZSUFDON3+/nz2FHRwfsdjv//vq/11AohFAo xH8fb+f1emN+xoFAgP9+DvZdoah7Ijc3tyQ3N5ccP36cDOb48eNkOOlGS2trKwFAdDrdgGnUajUB QNxuNyGEEACksLCQJCYmEnzbdtbe3k4IIaS0tJQIhUJ+OwCiVqtJV1dXxDHb29uJQqGISCeVSsnp 06f5NNeuXSN6vZ4wDMOnYRiGFBYWku7ubj7dhQsXSEJCQsSxRCIRqaysjDiWVquNSAOAaLVacuPG jSHPk0QiIRUVFaS7u5s/H7EAIDKZbNBjdXd3E6FQSCQSScT7iOX06dP8eSeEEJ1OF/O1jUYjAUCM RiO/rauri6SlpUWdl/Ly8ojnWiwWIpFIItJJJBLS1NRECCHEYDBEnbf+ebodd57Pnz8fta+hoYEA IGVlZfy228+nTqcjMpmMlJWV8a8nk8mi8tDa2sp/fw0GQ9RryWQyolar+b+vXbtGdDpdxPeJOycN DQ18Ou79tra2DvgeR9Nwf/Ncutzc3JLRL6Go8fBA1xx8Ph8cDgdEIhGkUim/vaamBkKhEAaDAXq9 HkqlErt27UJRURHUajXa29vhdrtRUVEBh8MBjUbDX7X6fD689NJL8Pl8MJvNcLvdaG5uRjgcxsqV K/mrvY0bN6KyshKFhYW4cOECLly4gIKCApSVleG1117j88K1y7e2tsLtdqO9vR0JCQnQ6/V8M8Tb b78Nk8mEiooKuN1uXL58GXq9HiaTCe++++6Q58HtduOVV14Bwww+Mlkmk0Wcp1icTieCwSDUavWQ x1OpVJDJZEPm73bhcBjLly9HU1MTysrK4Ha7cf78eaSkpKCgoADvv/8+gL6rcK1WC5lMxn9mzc3N YFkWWVlZCAaD2LBhA1970el0aG1thUQiGfC1B2taMhqNYFkWGzZsGDT/fr8fO3fuREFBAQoLC1FW VobW1lYA3zWBKhSKEZ2TrVu3wmg0ori4GJcvX4bb7eZrODqdjtYgqHvugbjPobOzk28L5ng8HhiN RgSDQZSWlkYUZKFQCB9//DFEIhGAvkJm586dkMvlOHbsGJ/2lVdeAcuyyMnJwb59+7Bjxw7s27cP gUAAzc3NWLp0KYC+QtVoNCI1NRUtLS2YM2cOzGYz9Ho9du/ezb/uO++8A4/Hg4qKCmzfvh0sy6Kz sxN6vR5qtZo/1sGDB1FVVcX/4G02GyQSCfLy8vi8HThwAAAGLeg4LMsO6zwOp+38ypUrAIDExMSo fYFAIGYTiUQiGXYegL4RVU6nE2VlZdi+fTu//YMPPoDL5UJxcTE2bNgAh8OBQCAArVbLT/omk8lQ WVmJpqYm+P1+yGQyPP/88/w+7jwPZOnSpfzn+dZbb/Hb/X4/mpqakJ6eDrFYPOgxuO/cjh07ovZJ JJIh8xCLy+VCWloaSkq+u/CWyWT8efL5fHcUiCnqTj0QwcFms8Fms0VtF4lE2LlzZ9SPVKFQ8IEB AE6dOoVQKISsrKyoq+HMzEzo9XpYrVbs2LEDFosFYrGYDwycpUuXoru7G0DflT7Qd+V8ext7UlIS zGYzPvnkE2RkZEAmk6GmpgYAkJaWhiVLlkChUPCFP9A326XVasXy5cuRlZWFZcuWQSKRRKS5VwYb fbR3714YDIao7a2trSMqEJuamgAAL7zwQszzV1lZCafTCblcDpZlUVxcDK/Xi1WrViEpKQnLli3D smXLhv16t8vJyUFxcTFsNhtUKhUA4PDhwwiHw3zNYih38/qxtLW1RfwdCoXgcrn4kXoej4cGB+qe eiCCQ0pKSlQAEIvFSExMjNn0kZCQEPG33+8HEPsqnGVZSKVSvuPa7/fHbHrp/zrcDzYrK2vAPHPH ++CDD/gmqMrKSrAsC7Vajfz8fKxYsQIAUFJSgs7OTjQ0NKC5uRlAX4DTarV45ZVXIBQKB3yd0TZn zhwAiDl8eMmSJRHBges8HymuQ3fx4sUDpgkGgxCLxTCZTNDr9SgrK0NZWRmEQiHS0tKQl5fHF+wj tWHDBhgMBtTW1vLHMBqNkMlkURcFA+l/8TEaQqEQqqqq0NTUFDHAYiQ1MooaTQ9EcBhpVX2otvLb hUKhiMAx1HBQ7vgmkwlPPvlkzDTcVZ5KpcLly5dhs9nQ0tKC5uZmWCwWWCwWVFZWIi8vD0KhEMeO HYPX68WJEydgsVjQ3NyMoqIiWCwWvj37XlAoFBAKhbDZbAiHwxHnUq1WR30OdxIcOIO9L67NftWq VVixYgVOnTrFn7e6ujqYTCZYLJZhF+b9SaVSpKSkoKGhAe+99x46OzvhdDpRWlp6x+/lbnB9MFar FWq1GllZWVAoFHj++edRX18fs7ZGUWPtge6QHq5nn30WQOyrYW5IIVeYJyQkwOv1RnUAhkIhLF68 GFVVVXx7PMMwfIHJPSQSCW7evAmhUIhAIIATJ07A4/FApVKhpKQEp0+fxvnz58GyLN/cxA1dlEql yMvLw7Fjx3D16lUkJSXBarUOa/jpaGFZFlqtFl6v945v6OJqapzbgy1XsxOLxVHnTygUoqenBwzD wOfzobGxEcFgEEuXLsU777yD8+fPw2Kx8MNO75ROp4Pf78fJkydRW1sLhmGQmZl5x8eLZaCr/nA4 HPGZnjp1ClarFTk5OWhtbcXu3buRkZGBxMTEqHNJUffKhAgOCoWCb/u/fWz5rl27AADp6ekA+voF QqEQP2KGU1tbC5vNBqFQiDVr1oBhGJSWlkYUfOFwGJs2bUJKSgp8Ph88Hg9SU1OjRhzJZDIwDMM3 TWzcuBHr16+POBbLsnxtZrSaFoZ7n8Pu3bshkUhQWFiIXbt2xQyUtbW1qKioAPBdTYrryP3000/5 tOFwGEajMeL53Ll+8803I7YHg0GsXbuW39/S0oK0tLSoz2L27NkAvjsvd3J+Vq1aBYlEArPZDJPJ hJSUlCFHcg1H/z4b7oLDbrdHpLl96hEuANzep+Dz+e4qAFLU3XggmpXuFsMwqKysRGpqKhYuXIj8 /HyIxWI0NDTwI1S4q8bs7GyYTCYUFBSgo6MDSUlJ6OjoQHl5OVQqFTIyMsAwDIqLi2EwGLBo0SLo 9XowDIO6ujrYbDYUFRXxN6OlpKSgoqICgUAAarUaoVCIH2VVUFAAACguLoZOp+OPJRQK0dzcjIaG Buh0uiFHzwxXfHw8ZDLZkKOWxGIxWltbsXr1ahQXF6O0tBTJyckQiUT8lCaBQAAikQgVFRV8u31G RgbKy8uh1Wqh1+vBsixMJlNUM9+yZcuQlZWFuro6LF68GFlZWQiHw6isrITH40FlZSUfhEtLS1FU VASPxwOlUgm/34+KigoIhUL+LmauUK2oqIDH48Hrr78e1e90O4ZhkJWVhfLycv617xb3nVq/fj2y s7OhVquhUqlgsViwevVq/rvU1NQUEYiWLFkCoVCI0tJSsCwLhUIBp9OJ8vJyCIVC+P1+3Lx5867z R1Ejdr/eBHfu3DmiVqtJaWnpsJ8zWPq2tjaSkpLC3wiXmJhIysvLo272unbtGikoKCBSqZS/6aqg oIBcu3YtIp3JZCJJSUn8jUtyuZxUVFTEPBZ3IxzLskSlUhGLxRJ1LKVSyR8rISGBGAyGIW9Eu11B QUHEzVW3nxutVjvsY924cYNUVFQQtVrNnzOWZUlSUhIpLS2NunmQkL4byZRKJX8DV2FhIbl8+TJR q9UR77m7u5tUVFQQuVzO30CoUqmI2WyOOF5XVxfJyckhYrGYACBCoZCkpKTwNzZyysrKSEJCApHJ ZMO+QezChQtErVaT1NTUAc/z7eeztLQ05o2T3HuXy+VEJpORmpoaPv9arZYIhUL+Pba3t5OCggJS UFDAP7etrY2oVCrCMAxhGIYolUpiNBr5c8cdz2g0ErVaTc6dOzes93i36E1wE5cA6AsOAAwrV64c dPnPpqYmHD9+HEOloyjq4TDc3zyXDoChurr6zQETUg+MCdHnQFEURY0MDQ4URVFUFBocKIqiqCg0 OFAURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKQoPDKNi6dSs0Gk3UmhPDsW7dOmzbtm3IdLW1tdBo NCNaPvR+4XQ68eijj0Yt2QoAjY2NWL58OWbMmAGBQACBQIC5c+fitddei3ivHR0d0Gg0EQspxcIt yrRu3bqofaFQCMuXL4dGo4HD4Yj5/M7OTjz66KNwOp0jfJcU9XChweEucYv7OByOO5rV0263D6sg 4tZaftBWBOPmm8rJyYmY0iIYDGL58uVIS0uDw+FAWloaDAYDioqKIBaLUVZWhueee44/N3K5HJ2d naioqBh01tyWlpao6Sk43Iy3drt9wBX2EhISkJOTg02bNg26tgVFPexocLhLXG0hPz8fLpcLLS0t 45yj+8vhw4fR0dERtR7H5s2bYbFYkJOTA7fbjUOHDqGkpAS7d+9GW1sbTCYTAoEANm7cyD8nJycH oVAo5hKfHG5pzezs7Kh9NTU1kMlkSE9PR0NDw4Aznu7YsQMdHR04fPjwnbxlinoo0OBwl2pqaqBQ KPDqq6/yE/wNxul0wmq1xmxi6c/n88FqtcJut8e8gg0Gg/B4PAiHw3yt4vYrau4YNpttwKvtcDgM h8MBq9UKh8Mx4NUy9xrcpHvDEQ6HsXPnTqSnp0esl+FwOFBXVweVSoUDBw7EXMwoIyMD+fn5cDqd fMDlCvyBZioNBoMwm81Qq9VRy5x6vV40NzcjOTkZWVlZ/MyysUgkEqSnp2Pnzp209kBNWDQ43IWT J0/C6/UiKysLEomEX0AmVr9AZ2cnFi5ciAULFkCj0WDu3LnYvHlzVLpwOIxt27bh6aefhkajwaJF i7BgwYKoYHL06FHEx8fj/fffx9y5c6HRaPiV1bipr2fNmsVvf/zxx/npyTk2mw1z587FwoULodFo sHDhQjz99NNobGzk0/j9fixfvhzx8fHQaDTQaDR4/PHHsXnz5iELzpMnT6KzsxNarTZiOzcFd3Fx 8aALM23fvh2nT5/GkiVLAHy3SE9zc3PMqcfr6+sRCoWg0+mi9nHTZGdmZmLp0qWQSqX8lOOxpKen o7Ozk9YEqQmLBoe7UFNTE7FIjE6nQzgcjlp/gOskdblcMBqNcLvdsFgsaGhoiFpD+e2330Z5eTmy srJw4cIFnD9/HgkJCXxzye0KCwuh0+lQXFyM/Px8AMDKlSvR0NCA0tJSXL58GefPn4dWq0VxcTHf 1h4KhbB27VqwLIu2tja43W6cPn0aIpEIWq2WD3C//vWvYbVaYTKZ4Ha7ceHCBWRlZaGysnLIZpeG hgYA4At3js1mA8MwUdtvJ5VKoVKpIgIIt8ZzrKYlo9EIkUiEjIyMqH1ck5JarQbDMNBqtfB4PDh5 8mTM1+ZWmDObzYPmkaIeavfrlN33s6tXrxKWZUlqaiq/7caNG0QsFhOpVBoxBbTJZCIASHl5ecQx 2tvbCQB+SugbN24QkUhEFApFRLru7m6iUCgIAOJ2uwkhfVM3AyBZWVkRaZuamggAYjAYovKsUqmI SCQiN27cIG63mwAgRUVFEWlOnz5N9Ho9uXDhAiGEkISEBCKXyyPS3Lhxg2RlZZGGhoZBz5FcLieJ iYlR21mWJTKZLGp7d3c3cbvdUY+rV69GvLZYLI46R5cvXyYASH5+ftRxW1tbo87J+fPnCQCSlpY2 YP4TExOj3vtEQ6fsnrhozeEOHT58OKoJg2VZpKenw+v1RlyRcuss335Fq1QqI9rGnU4nAoEAvxIa h7vSjSU5OTnib4vFAqBv7WqPxxPxUKlUCAQCsNvtEIvF/GI927Zt40dCcf0AXL6USiU6OjqwcuVK HD58GH6/HyzL4oMPPsCqVasGPUculyuir4EzUHOU1+tFfHx81KP/8FWWZaHT6eB0OtHR0cFv52ox GzZsiDouV5Prv08ul0OpVKKpqWnA1fEkEknMpWUpaiKYECvBjQVu/eeysrKItmuuOaaiogIrVqwA AL6/IFZB2X/blStXACDmMMxYzwW+WzKTw73W7UGjv88//xxqtRp1dXXIyclBeXk5v+pYcnIy8vPz +WaVPXv2wOfzoampCU1NTQD6Ao9Wq0VeXt6gfQbhcDhq6Uugb7ioy+VCKBSKWOJTJBLBYDDwfwcC AZSXl0c9f8OGDSgrK0N9fT2/4p7RaIRSqYRSqYxIGwgEYDabwbJsxMgnoO+z4poBS0qiL3ilUint kKYmLBoc7oDD4UBHRwcUCkXUqBiZTIZgMAiLxQKPxwOZTDbsNY5HY61orrBubm5GXFxczDRcnles WIEvvvgCNpsNJ0+e5JcmbWhogNlsxpo1ayCRSNDa2orOzk7+PgFuBJTD4cChQ4cGzU+s+zJUKhVc LhdOnTqFZcuW8dtFIlFEIe3xeGIGB7lcjqSkJBiNRrz11luwWq3weDwoKiqKSst1UicnJ0cFXZlM BpPJhMrKSrz++utRge5Bu6eEokYTbVa6A1wzxZ49e3Do0KGoR2FhIQCgqqoKAPir21h35fbvkH72 2WeHlW4w3I1mU6dOhVqtjniIRCL09PRAKBTC5/OhsbERfr8farUau3fvRnt7O06fPg2g70o8HA7z w2kTEhLw6quv4qOPPkJXVxcSExNhNBoHzYtIJIo5cotr3ikuLr7jK3OdTgev1wubzYba2lqwLMsP DOivpqYGLMviyJEjMT+rtLQ0/lzczufzQSQS3VH+KOpBR4PDCIVCIZhMJkilUqjV6phpMjMzwbIs ampqEAqF+L6G2+/KPXHiREShn5iYCIVCgbq6uohCNRgMDlkQc7jX2rVrV0TBGwwGsX79eqSmpiIY DOLs2bNIS0vjAxiHawbi7j1YvXp11LBVkUgEkUgU8/6E/uRyeUS/AEelUiEnJwcOhwPLly+Pec+H w+Hgm4FiNV1lZmZCKBSivr4eZrMZWq02Kj9OpxMOhwMpKSkQi8Ux85iXlwfgu2bC/lwuFx/YKWqi oc1KI3T06FEEAgF+2GgsYrEYqampMJvNaGxsREZGBvR6PSorKxEMBpGWlobOzk6Ul5dHXZm+9957 /D0HBQUFYFkWFRUVw77xLCkpCYWFhSgrK4NGo+E7sisrK9HR0YHS0lJIJBIsW7YMCoUCO3fuhM/n Q1JSEgKBACoqKsAwDH9TX2FhIYqLi/ljsSyLhoYG2O32iP6BWNRqNWw2G9+81t+BAwcQDodhNBox d+5cJCUlITExkb8pj+sI1mq12L17d9SxhUIh0tPT+QDMFfL9cTW8WPc99M+jTCaDxWKBy+Xim9w8 Hg9fq6KoCYsOZR2+oqIiolaryfnz5wdN19raStRqdcRQ0fLyciKTyQgAIpPJSF1dHSkoKCAFBQUR z21vbydqtZowDEOEQiHJyckhZrOZqNVq0tXVRQghxGKxELVaTc6dOxfz9SsrK4lSqSQACMMwRKlU EpPJFJHm6tWrRK/XE6lUSgAQoVBIkpOTyenTpyPSVVRUELlcTgAQAEQul5OKioohzxU3XLSysnLQ 85SVlcXnAQBJSEggOTk5pK2tbdDjc+cpPT095v709HSSnJxMbty4MehxampqiFqtJkajkd9WWVlJ AAz5OT/s6FDWiUsA9AUHAIaVK1ciNTV1wMRNTU04fvw4hkpHURyNRoNQKIS2trbxzsqILFq0CEKh EB9//PF4Z2VcDfc3z6UDYKiurn7znmWQGjO0WYkaUyUlJdBoNHA6nVAoFOOdnWFxOp2w2+1obW0d 76xQ1LihHdLUmFKr1dBqtXjjjTfGOyvD9uabb0Kr1dL+BmpCo8GBGnPvvfcewuHwkDPR3g86OzsR CoXw3nvvjXdWKGpc0WYlasyJxWJ89NFH452NYUlISHhg8kpRY+mOgsPFixdHOx8URd2H6G994hpR cJg+fToA4NKlS7h06dKYZIiiqPsP99unJo4RBYcXX3wRAPDNN9+MSWYoirr/TJ8+nf/tUxPHiJuV 6JeEoijq4UdHK1EURVFRaHCgKIqiotDgQFEURUWhwYGiKIqKMuIOaYfDEXMBF4qiHk4SiSRq+VXq 4Tei4OBwOHDw4MGxygtFUfcxGiAmlhEFB67GMG/ePMyfP39MMkRR1P3j4sWLuHTpEm0tmIDuaPqM +fPn0/UcKGqCoLMhTEy0Q5qiKIqKQmdlHaY334xe3IphGEilUkilUixZsgQMQ09nR0cHWlpaEAgE IBaLsWLFiqj1o++E3+9HY2MjHA4HQqEQACAxMREZGRkRx7fZbGhpacHSpUuhUqkGPF44HMauXbsg kUii1p8OhUJ4++23AQA7duwAy7J3nX+KetDQ0myYDAbDoPulUimOHTs2YTvtwuEwNm/ejJqaGgiF QojFYni9XhQUFKC8vByvvPLKHR/73XffRXFxMUKhEH/sYDAIo9GI4uJi5Ofn45133gHDMBCJRDAY DLBarYOu5NbS0gKDwYCioqKofY2NjfznzQUgippoaLPSCEilUrjd7ojHuXPnUFRUBK/Xi3Xr1iEc Do93NsdFVVUVampqkJ+fj6tXr8LtduOLL75AUlIS8vPzYbPZ7ui4b7zxBgoLC5GYmIjm5mZcu3YN brcbV69eRXt7O5RKJcrLy/Huu+8CAORyOZKSkmC1WuH1egc8rtFoBABs2LAh5j65XA6pVIqKioo7 yjdFPehocBgBhmEgk8kiHgqFArt370ZaWho6OzvR0tIy3tkcF5WVlZBKpdizZw/fDCORSPgV1err 60d8TKfTidLSUiQmJuL06dNYunRpxH6lUomPP/4YMpkMpaWlfHOTTqcDABw+fDjmcQOBABoaGqBW q5GYmBixz+v1wmKxIDk5Genp6bDZbOjo6Bhx3inqQUeDwyhRKBQAvhvuu23bNmzbtg2NjY145pln 8Nxzz+HkyZMA+gqn1157Dc888wzi4+Px3HPPYdeuXQgGg1HHra+vh0ajQXx8POLj47F+/Xp4PJ6I NC6XC+vXr+fTLF68OGZhfPjwYSxevJhPt3bt2qgreqfTibVr1/JpFi1ahH379g1ZI9JqtSgqKorq d+H6A/q/t23btkGj0Qw5PHLv3r0Ih8MoLy+HUCiMmUYoFKK4uBg5OTn8a2RmZoJlWZhMppjPqa+v RygUQk5OTtS+999/HwCwZs0avlZRVVU1aD4p6mFEg8MocblcAPquloG+QrahoQFarRZA3xXp1KlT 4fP5sGjRIpSXl0OpVEKn00Eul6O4uBjLly+PKER//etfQ6vVIhgMQqfTIS0tDQ0NDVi0aBHfZOJw OLBw4UJYLBakp6fzV81arRZvvPEGf6yqqipkZWVBKBRCp9NBq9XCbrdDo9HA4XAA6Fs/efHixXA6 ncjKyoJOpwPDMMjPz484Viyvv/56zH6Fo0ePAuhr7uE4nU5YrVb+Sn8gFosFIpEoqsZwu+zsbLzz zjsQi8UA+gKGVquF0+mE0+mMSm80GiESibBmzZqY+xISEqBSqaBQKKBQKFBXVxczcFPUQy83N7ck NzeXHD9+tp7UMgAAIABJREFUnAzm+PHjZDjpHkYAiEwmi9re1dVFysrKCMMwRCqVkhs3bhBCCFGr 1QQAMRgMhBBCuru7CSGE6HQ6AoCYTKaI41RUVBAApLi4mBBCyPnz5wkAkpyczD+XEEIsFgsBQAoK CgghhCgUCiISiciFCxcijqfVagnDMOT8+fOEEELkcjlRKBQRaS5fvkwYhuHzWFpaSgDwz+HyrVQq iVwuH+EZI8TtdhOxWEzEYjH529/+xm8/d+4caW1t5c9VLFevXiUAiEqlGvHrEkLI6dOnCQBSVFQU sf3y5csEAMnPz496TnNzMwFAdu7cyW8rKysjAEhlZeUd5eNBN9zfPJcuNze3ZHxKMWq00ZrDCHg8 HggEgojHrFmzUFhYCKFQiCNHjkQNe3z11VcB9PVXhMNhmEwmKJXKqBEwr7zyCqRSKerq6gD0jZgB gJKSkoimmmXLlqGurg4bNmxAR0cHf5V/e9v59u3bEQ6H+St3oVAIl8vFN6kAQEJCArq7u1FSUsLn EehrWuGafBiGQXt7O86fPz/ic7V8+XIEAgGYTCaIRCJ+n0KhgFqtHnSIKHelHmt4sNPphEajiXrU 1tbyaVQqFRITE/nzyeHS3D58FQBqamoARHZSZ2ZmgmEYfh9FTRR0KOsICIVCpKenR2wTi8WQy+VY tWpVRAEI9DUx9d/m9XoRCoUGHO6qVCrR0NAAoK+JB4hsjuFkZmYC+K7D1WKxQKPRRKThAgDXP1Fc XIy0tDRotVoIhUKoVCqkpqZizZo1fFPYhg0bUFNTg/Lycr7ZKyUlBWvWrOH7VIbD4XBg5cqVCAaD MJvNQzYLxcI1EcVqzgmFQhH9LqFQCD6fD2q1OiJdTk4OCgsLYbVa+X1GoxFKpTLqvHKd1DKZLGpQ gUwmg8PhgN1uR1JS0ojfC0U9iGhwGAGxWIxDhw4NO/1AV8a3BxEO1+nav/N3oLT900kkkpg3miUm JvKF2YoVK3DhwgXU1tbCYrHwj8LCQtTU1CAzMxNisRjt7e2or6+H2WyGzWaDw+HAzp07odVqceTI kSHf89GjR6HT6SAUCvHRRx8NeiPaYIRCIWQyGTo6OhAMBiM6pJOSkuB2u/m/rVZrVHAE+oJoUVER Dh8+DLVajZaWFni9XhQXF0elPXz4MB90uH6b21VVVdHgQE0YtFnpHuIKOK5WcDuXywWhUAiGYfi0 XEd3f42NjWhpaeGvrtPT03Ho0KGYj/7NJwkJCXjrrbfQ3t6Oq1evoqamhu9w7p/H7OxsfPTRR/jb 3/6G5uZmKJVKmEymIYfpVlVVQavVQiqV4vTp03ccGDharRahUOiORwtJJBKkpaXBbDYjFArBaDRC KBTyNa/+jEYjWJbFtWvXQAiJeHR3d0MikcBkMiEQCNzVe6KoBwUNDveQWCyGQqGAxWKB3++P2NfZ 2Qmn08kXqNy/3PBXTiAQQFZWFkpLS/GLX/wCLMvCaDRGDTU9evQoHn30UezduxehUAizZs3CunXr IvKSnZ0NtVrNF3gbN27EjBkz+CYphmGwdOlS6PV6ABh06OnJkyeRn58PpVKJ06dPIyEh4U5OUYTt 27dDLBajuLg46jxwQqEQ3z8Ti06nQyAQQGNjIxoaGpCenh41LNbpdMLhcCAtLS3mkFmGYZCVlYVQ KMQPdaWGZ9OmTctyc3M3bNq0aZler1fr9XrZli1bJOOdL2potFnpHisuLkZ6ejpWrlyJAwcOQKFQ wG63Y+PGjQD6hoQCfePsuSGuEokEq1atgt/vx9atWxEMBlFYWAiRSISCggKUlpZi3bp1eOeddyCV StHS0oL8/HwwDIOMjAywLIukpCSYzWao1Wq+k/XEiRNobm5GcnIyAECtVsNoNGLdunXYs2cP36xT Xl4OlmUH7DsIh8PIz89HOByGXC7Hvn37otIoFAqsWrUKQN99Dk6nE0eOHOH7O2IRi8U4duwYli9f jpSUFKSmpiItLQ1z5szB9evXYbfbUVNTA5/PB6lUihUrVkQdY9myZZBKpSgsLEQwGIzZEc0V+Nyw 41iys7NRVlaGmpoabN++fcB01Hfy8vIyCCEmABAIBOjt7QUA9Pb2Ijc3F5MmTQoC+B+BQPCXcDj8 P5MmTfL09vaGBAKBjxASEAgEAUKILy4u7mY4HO6sqakZ+JZ3atTR4HCPrVmzBjU1NSgsLMSCBQv4 7RKJBA0NDXyNgWEYHD9+HGvXro0otFiWRWVlJZYtWwYAeOuttxAKhVBRUQGz2cynk8lk+PDDD/nC 98CBA/B6vdDr9XxNAOjrBP/ggw8A9HVIu1wulJWV8R3jQF8hbTKZBizIHQ4H31Q20KgenU7HB4fh 3ucA9NWgzp8/j23btqGpqQlNTU0R+yUSCQwGA7Zv3z7gVb9Op8POnTv5qTX6C4VCqKur4ycJHAjX f2O32/mJ/ajBEUISAWDmzJmYOXMmAODatWv8/lu3bglv3rwpBPCDYDAIQggEAgEARPzb29uLSZMm Qa/XBwG09fb2fkIIsXd3d58xGo20nW+M0OAwTG63e0Szrh45cmTAu4qzs7ORkZGBU6dOwe/3Y/bs 2VCpVDHvLm5vb4fD4cBnn30GkUiEX/ziF3xfA9BX+O3Zswevv/46PvnkEwQCAcyZMwdJSUkRx5NI JGhvb0dHRwc+/fRTAMDzzz8fNWpn9+7deOWVV3D27FkEAgFIpVK++WogCoUiooM4lv4F95EjRxAK hSCVSgd9Tv/zcOzYMQQCAZw5cwY+nw8Mw2D+/PnDmujw9ddfR3Z29oDB49y5c2BZdsjP96OPPkIg EBh0kAAVTSaT4ac//emQ6a5fv44bN27g+vXruH79Ov7+97/j+vXruHbtGq5du4ZgMCgE8BKAlwQC AaZMmYItW7a4e3p6ThFC7ISQMz/4wQ86DAbDxJzgbJTR4DBMI512erDmEqCvsBzsSrU/pVI5ZCEo Fov5K/PByOXymMNj++OmIR8ulmVHdH6GOjcDEYlEfI1pJAbLHzdf1nBfnwaGsfPII4/gkUceibj4 6a+7uxt//etf8fXXXyMQCMDv9+Ovf/1rPCEkHoBOIBCgq6srlJeX5yCE2AQCgT0uLu7M/v376TJ2 d+COgsPFixdHOx8URd2H7qff+uTJk/Hkk0/iySefjNj+P//zPwgEAvjyyy/R1dXFfv311yoAKkII N5X8l729vacJIa23bt2qp01RwzOi4DB9+nQAfcsG0qUDKWri4H7796PHHnsMjz32GGbPng0AuHnz Jr788kv8+c9/RldXFwKBwFMAMgBkTJ069T29Xt9ACKmqqqqamFMoD9OIgsOLL74IAPjmm2/GJDMU Rd1/pk+fzv/2HwRTp07lZxUGgBs3buCLL77A559/ji+++GJyT0/PWgBrN2/e3NXT01M1adKk2srK Ss+4Zvo+NOJmpQfpS0JRFDVt2jTMmzcP8+bNQ3d3Nz7//HNuMapZAAy9vb2GzZs3n+rt7T1w8+bN RqPROPQwugmAdkhTFDVhTJ48GQkJCfykk59//jkuXbqEL7/8cgkhZAnLssHc3FyjQCCoraqqcox3 fscTDQ4URU1I/QNFKBTCxYsX8dlnnwmvX7+eTwjJ37x586VwOLxfIBAcrq6u9g99xIcLnT6DoqgJ j2VZPP/881i3bh2Sk5MhkUjQ09MzTyAQlAsEgi/z8vL+v+zs7LufE+YBQmsOFEVR3xIIBHxn9tdf f43/+q//wuXLlyf39PSsZhhmVW5ubtmtW7d2T4ThsLTmQFEUFcPMmTOxePFirFu3DnK5HJMmTZoE 4H+zLHslNzd3w5AHeMDR4EBRFDWIadOmYdGiRVi3bh3mzZsHQsj3ARi3bNlyNicn56Fd4IMGB4qi qGGYNm0alixZgrVr1yI+Ph7hcPinkyZNatPr9f/yME5DPuI+B4fDMei8/hRFPVwkEsmwJjicKB57 7DEkJyfj66+/xpkzZ/DnP/95vUAg+L/y8vLemjVr1rsPy8R/IwoODocDBw8eHKu8UBR1H6MBItLM mTPx8ssvo7OzE21tbY+EQqHSr776asumTZtyDx48GHt1qgfIiIIDV2OYN28e5s+fPyYZoijq/nHx 4kVcunSJthYMIiEhAVKpFG1tbejs7PyhQCCw6PX6lu7ubv37778fe03gB8AdDWWdP38+UlNTRzsv FEXdh+gkm0NjWRYajQZz5szBJ598gmAwuJRhmIu5ubn/u7q6+t3xzt+doB3SFEVRo+SHP/wh0tPT 8eyzz4IQMglAmV6v/3DLli3RK03d52hwGCaNRjPgY9OmTbBareOdxXHn9/vx2muvYcGCBXjmmWew fv162O32uz5uOBzG4cOHodFo8Oijj0IgEGDy5MlYsGAB3n77bQSDQT7tiRMnoNFoYq5jfXteNRoN tm3bFrXP6/Xyny1tTqFGavLkyfj5z3+Of/iHf8DkyZPR29ubTgj5z9zc3MTxzttI0OAwTFarFU6n M2JbOByGx+NBTU3NsAqkh5nf78fixYtRXl4OhUKBtLQ02O12LF68GI2NjXd8XJ/Ph0WLFiErKwud nZ3QarUwGAzIz89HMBhEUVERFi5cyBfiL7zwAux2O8rLywc9bn19PaxWKxITo3+vhw8fhsPhgNVq RW1t7R3nnerz9ddf44svvkBXVxeCwSBu3Lgx3lm6J2bPno3Vq1djxowZ6OnpmSsQCM5t2rRpzXjn a7jo9BkjoFAo0NraGrXd6XRi8eLFKCwsREZGxoDLHD7Mdu3aBZfLhaamJn7509dffx0LFiyAXq/H ihUrRrQGN9AXfNeuXQuHw4Hi4mKUlJREHGPPnj14++23UVRUhK1bt+LDDz+EWCxGWloaTCYTbDYb VCpVzGMbjUYIhUJkZmZG7aupqYFSqUQwGERFRQW2b98+4rxTAAAfAHg8Hng8nqidkydP7pkyZQqZ Nm1aD8MwU6ZPny6Ii4vD9773PUyZMgVTpkzBtGnTwDAMpk+fjkceeeRe5/+uPfbYY1i1ahVsNhs6 OztZgUBgzsvL+39nzZq1434f8kq/8aNAoVBAp9OhoqICp06dwpo1kRcHdrsdQqEwau1mp9OJQCAA sVg86LrOPp8PLpcLLMtCoVCAZdmoNKFQCE6nE6FQCImJiQOu08z9UBmGgUKhgFAY3RQaDAbhdDoR Dochk8mGtcay3++HUqmMWBdbKBRCpVLBaDTC6/WOeB3u+vp62Gw2aLVavPXWWzHT7NixAxaLBWaz GV6vF1KpFDqdDiaTCfX19TGDQ0dHBxwOB3JycqLev9VqRWdnJ/Lz8wEABQUFOHny5LDX+6a+U11d XZWXlycCwFfPent7Zdz/u7u7Rd3d3aLr168DgGyoJrypU6fi8ccfx5NPPonHH38cTzzxBKZOnTpG uR89kydPhkajwZNPPon/+I//ACHk/+7q6vqRwWBYez8HCBocRglXW+DavzUaDQBAKpWirq4OAFBe Xo5XX30VJ06cQH5+fsTVlFwux6FDhyLGkvt8PmzduhVms5nfJhKJUFZWhuzsbH7bu+++i507dyIQ +G4usPT0dBw6dIgv/AKBANatWweLxcKnYVkWOTk52LNnD39l/Oabb6K0tBSh0HfrnajVahw5cmTA gAMAH3zwQcztHo8HLMtG1KY0Gg2sVivcbvegAcNoNAIASkpKBkwDAO+99x6CwSCkUikAYNmyZZDJ ZDCZTBHvjXP48GEAiDiHHK4Zac2aNWAYBoWFhaisrKTB4Q5VVVW9Pdy0OTk50ri4OAmAHxBCpIQQ yaRJk6S9vb0ygUAgu3nzpszr9cLr9fLPmT59eo9EIol74okn8MQTT+D73/8+BALBWLyVu/bjH/8Y M2bMwMmTJ9Hd3Z3W1dX14f0cIGhwGAXhcBgNDQ0AgJ/97Gf8dofDAZfLheLiYvh8PqxatQpWqxVp aWlISEiAxWLB/PnzcfbsWeTn50Oj0aC9vR2JiYkIh8NYvXo1HA4HysrKsGrVKgQCAWzbtg05OTmY P38+VCoV9u7di8LCQqSmpqKkpARisRhHjx5FUVER/H4/3wz22muvwWq1wmg0YsmSJQgGg3jjjTdQ UVGBpKQkZGZm4uTJkzAYDMjJycH27dvBsixOnDiBgoICbNq0CcePHx/W+fD7/fB4PNi3bx+sVisM BkPEFbpEIoFMJhuyqcZmsyEhISFmv0B/sWpdOp0OBoMh6qo/HA6jrq4OcrkcSUmR0+IEAgGYTCYk JyfzgSYlJQVNTU3weDwjrvlQI1NTU+MF4AUQc5GdLVu2CG/duiWfNGnSzwAkCgQC5TfffCP/5ptv hNxw27i4uJ7HH39cIJFIJnEBY9q0affuTQxh1qxZSElJwccff4xQKJT21VdffbJly5al+/fvDw79 7HuLBocR8Pl8UR2UXIHidDqRmpoaUVAFg0E0NDRg6dKl/LZ169aBYRh8/PHHfAEkk8kwe/ZsLFy4 EG+88QY+/PBDnDx5Ena7HQaDAdu3b+ef/+GHH+Lpp59GfX09lEolDAYDFAoFjh07xhe2XPrCwkKc OHECK1asQHNzMxITE7Fhw3eTSR45cgQbN27km6m4kUXbt2/nC+RXXnkFwWAQfv/w1zrZvHkzX9tR qVTIy8uL2H/kyJEhj+HxeBAKhfhz1F8oFIo5ikgkEkEkEgHoqxXs3LkTJpMpIji0tLTA6/WisLAw 6vn19fUIhULQ6XT8Np1Oh6amJlRVVWH37t1D5psaO98WoPZvH7zs7OwEhmGeJYSoe3p61D6fT9H/ +yEUCsmTTz4pmDVrFn70ox+Ne1OURCLBypUr0dTUhBs3bvyvuLi4lvsxQNDgMAIulyui4OAwDIOs rCwcOHAgavuSJUv4vwOBAOx2O9LS0qIKPaVSCaVSyTf7NDc3A0BU/4VEIsG1a9fAsixaWloQCASg VqsjqtpAXz8Id5wVK1ZAqVTCbDZj7dq10Gq1WLp0KUQiUURBzQWEtWvXQq/XY9myZUhISMCOHTtG cpqwY8cOvP766zhz5gwKCwuxYMECtLW1jdqVt91u55vt+jMYDHwTlFQqRXJyMsxmMw4cOMDXXIxG I1iWHbAjWigURpzzFStWQCwWw2g0oqSkJGZ/DzW+vr0LuRNAIwDodDrR5MmTlwJIFggE6mAwmBgM BnHlyhW0tbURmUwmSExMxFNPPTVueRaJREhNTe0fIP5Tp9P9r/tpnQgaHEZAoVBgz549EduEQiES ExNjduxKpdKIphOuTyAhIfaCUgkJCXA4HBFpYzWpcAUUFxDKy8sHHLrJHee9996D1+uF2WyG2WwG wzBISkqCVqtFXl4eGIZBRkYGbDYbKisr+Q7ZhIQEpKWlYfv27YP2OfTH9ZsoFApIpVKkpqZi165d I5qXizt3twc9oK+mZTAY+L89Hg/fP9FfTk4OLBYLGhsbkZmZydfk0tLSokaUcZ3UIpEIy5cvj9gX Dofh9/vR2NiIjIyMYb8Hanx8W8Ae/faBLVu2SMLh8DIAaT09PSlXrlxhr1y5gkceeaQnMTExbt68 eTF/v2NNJBJh9erV+Pd//3cEAoG506ZNO2EwGJbcL30QNDiMgEgkglqtvuvjhMOxP/v+ncD9tw31 xS0qKsKyZcti7uMKdIlEgra2NnR0dODEiROwWq2wWq2w2WxwOBw4dOgQgL4gUlJSghMnTqC5uRkW iwVlZWWoq6vDhQsX+Gab4eKadLigN1xc8LLZbFHt/TKZLKKTmutLud2qVav4q/7MzEy+2ej2Zi4A eP/99wEAycnJUedbIpHAZDKhsrKSBocH0P79+30AagHUbtmyRdjd3b1KIBCkX79+PeXs2bNxZ8+e xaxZs7p//OMfT549ezbi4uLuWd4eeeQRvPzyyzh27Bhu3Ljx87/85S9GAFn3LAODoMHhHpJIJGBZ NupmOo7T6eSbm7h/XS5X1GyYmzZtgkgkwqpVq/httwetQCCATz75BCzLIhwOw263g2VZKJVKyOVy 7NixA4FAAIsWLUJdXR0OHToEl8uFK1euYMWKFdiwYQM2bNiAcDiMrVu3orKyEidPnoxZOIbDYTzz zDNISEjARx99FLGPG711J/d+5OTkwGaz4bXXXsOHH3444uczDAOdTofy8nL4fD4YjUbIZLKocxUK hVBXVwepVDrg63R2dsJqtaKjo2PQYcfU/e3bdv3DAA73CxS6rq4udVdXF6ZMmRKeO3cuM2/evHt2 v9IjjzzCD3zo7u7OzM3NvVhdXR177PY9RO+QvodYlkVKSgp/1d5fbW0tPB4PP6Ehd8W9d+/eiHRO pxM1NTUIBoNISkqCRCJBTU1NVAftrl27kJqailOnTiEcDmP58uXYtGlTRK2F68Dlmqm453R2fjeR JMMw/FX7QDUYhmEgkUjQ3NyMjo6OiH3vvts351j/iRp9Ph88Hs+ANShOZmYm1Go1zGYzNm3aFDFU l9PS0sJPgRFr9BMX4Pbt2webzQa9Xh+V5sSJE/D7/cjKGviCjetrqqqqGjTP1INj//79wYMHDx6u rq5+CcAsgUBQdOvWLd9nn32GY8eO4cMPPyQdHR0xa/SjTSwWQ6PRcMNw/5+8vLxxr6IKACA3N7cE gGHlypWDzrba1NSE48ePY6h0DyOBQAC1Wh3zDulYNBoNPB4P3G53xHaPx4NFixYhGAwiPz8fiYmJ cDgcqKysREJCAk6fPs1fsWzatAk1NTVITU1FWloaAoEAysrKAIDv4D1x4gTS0tIgkUig1+shlUrR 3NyMuro6qFQqtLa2gmEYvPnmmzAYDEhOTkZ6ejoYhuFvHisuLsZbb70Fp9OJhQsXQiqVIj8/H2Kx GC6XCxUVFZDJZDh37tyAw08dDgc0Gg2EQiEKCwshFosj8vHxxx/zQWi49zkAfYFk/fr1aG5uBsuy UKvVkEgkCIVCcDgc6OzsBMMw0Ov12L17d8wAtmjRIr5Z64svvojqO1m+fDksFgvOnz8/YK0gEAhg 1qxZYFkWXV1dE6Zjeri/eS4dAEN1dfWb9yyDo8xgMDB//vOfVwkEggIAKgCIi4sjP/zhDwULFy7E Y489Nqav/+mnn+KPf/wjBAJBNyHkl9XV1bYxfcFBxAHAz372MzUA9fz58zFv3rwBE1+6dAmXLl3C UOkeRqdOnYJCoUBKSsqw0n/66acQiURIT0+P2M5t6+rqwr/+67/CZDLh//yf/4N//ud/xqFDhyKq si+//DJmzpyJ3/3ud/jNb36DP/zhD/wNaT/60Y8A9K2t8ctf/hIXL17Ev/zLv8BsNuMvf/kL9Ho9 Dh48yBdiarUaM2bMwO9//3sYjUb89re/RW9vLwwGAz8aSSKR4MUXX8TZs2dRV1cHs9kMl8vF31A3 ffr0Ad/vU089hZdffhmfffYZfvOb38BsNuObb75Bfn5+RD64c8OyLLRa7ZD9KUKhEL/61a+wYMEC +P1+2O122O12dHR04Pvf/z5+9atfoaqqCjqdDlOmTIl5jBkzZsDn8+Ef//Efoz6PYDCII0eO4Oc/ /3nMWgWHZVlcv34d4XAY8fHx/Pl/2A33N8+lA2A9e/bsqXuWwVFmtVp7//M///PC2bNnD/30pz9t FAgEDCHk2UAgwHz22Wekt7dXIBaLx2w6FYlEgr///e/w+/1xDMOsfPbZZw86nc6xr7rEQGsOFEUN aKLVHGL5drTTDgB6ACzLsj0vvPBC3FhdIBNC0NDQAL/fD4ZhDu/fv39cOqhpnwNFUdQg9u/f76uu rt7GMEy8QCAwhkIhcurUKTQ0NIS/+uqrUX89gUAAjUaDuLg4hMPhzNzc3HGZu+WO6kYXL14c7XxQ FHUfor/173w7JHZjdnb2rkmTJu2+evVq+m9/+1vMnTv31gsvvDBlNKfpEIlEUCqVOHPmDOLi4v41 Nzd3TnV19fCnKRgFIwoOXJtzv/ZFiqImgMH6myaab+/IXrtp0yaFQCB45/Lly8kej6d7wYIFk3/y k5+M2sR/zz33HDweD7766qvpDMP8BsA/jsqBh2lEweHFF18EAHzzzTdjkhmKou4/06dP53/71HcO HjzoBPDSpk2bMru7u8v/+Mc/ii9cuNDzi1/8Iu7pp5++6+MLBAL88pe/hNlsRnd398q8vLxVVVVV d75y1giNuFmJfkkoiqK+c/DgwcO5ubknAey5du1alsVigVQqxc9//vO7HvoqFArx05/+lGte2mcw GE7cq+k1aIc0RVHUXaqurvZXV1evB5AKwOP1evFv//Zv5E9/+tNdH/vZZ5/FY489hnA4/IMvv/wy esbIMUKDA0VR1Ciprq4+wTDMcwAqAAjOnDmD3//+9+ju7r7jY8bFxfGzLDMMs8tgMNyTaY9ocKAo ihpF+/fvD1ZXV28VCARpAIJXrlxBQ0MDiTX9y3DNnTv3ntceaHCgKIoaA1VVVY09PT0LAHQEAgHB sWPHyO3T6QyXQCDgaw9xcXF7dDrdmM/fQoMDRVHUGHn//fc7GYZZBKAuHA4LmpubcebMGRBCRnys uXPnYubMmejp6ZkxZcqUDUM/4+7Q4EBRFDWGvm1mWg8gH0D4T3/6E1paWkYcIAQCAX7yk58AACZP njzwRGCjhAaHCayzsxO1tbWw2Yae+LG2thZHjx4dMp3NZkNtbW3MNZ4paiKrrq7eN2nSpJcABN1u 9x0FCG4xou7ubkV2dnbsJSVHCQ0OE9gnn3wCnU7Hr4I2GJ1Oh8LCwiHTvf/++9DpdHC5XKORRYp6 qFRWVloBLAfgd7vd3AI/w37+5MmTER8fDwBgGGb9mGTyWzQ4TGBz5syBTqeDSqUaMq1Op4ua7joW lUoFnU437PWmKWqi+XaNhsUAfD6fDx999BEZSYDg1qCfPHnyprHJYR8aHCYwlUqFQ4cOITs7e8i0 hw4dwjvvvDNkuuzsbBw6dAiJiYmjkUWKeihVV1e7AGgA+L766itBQ0MDuXnz5rCeK5VKMW3aNNy6 dWuWx8JbAAAgAElEQVRWTk5O0ljlkQYHiqKocVBdXe3q7e1dCMAVCAQEv/vd78hw+iAEAgHmzJkD AJgyZYp2rPJHgwNFUdQ4qamp8fb29r6EviYmwR/+8IdhPY9bXnfSpEljtuoaDQ4URVHjqKamxisQ CFYCCF66dAnnzp0b8jnccsLd3d3xY3VDHA0OFEVR46yqqsohEAiyAIQdDgf++7//e9D0kydPxsyZ M0EImTRlyhTlWOSJBgeKoqj7QFVVVaNAICgGAKvV2jvUvUKPP/44AIAQ8rOxyM+IZ/dzOBz0BieK mkAkEgmUyjG5OKVuU1VV9XZubm5CT09PTktLS096enrc1KlTY6Z94okn4HK5MHXq1GUA9o52XkYU HBwOBw4ePDjaeaAo6gFAA8S98dRTT23+8ssvFX//+9+VdrsdS5YsiZmO63fo7e0d/5oDV2OYN28e 5s+fPxb5oSjqPnLx4kVcunSJthbcQwaDIZybm7sewLlLly6x8fHx+OEPfxiVbubMmQCAcDj8xFjk 444WjZg/fz5SU8dsBBVFUfeRS5cujXcWJpzq6mpXbm5uMYAyq9Xa80//9E9xLBs9KGnatGm4ceMG tmzZItm/f/+oRnDaIU1RFHUfeuqpp/YKBAL7zZs342w2W8y74+Li4gAAvb29oz6c9Z4sN/cw8Hg8 A+6TSCSIFdWp0eXxeHDmzBmEQiEAfWvr3t4OHggEEAgEIBKJIBKJhjwewzCQSqUx9wHf3WxEUfea wWAI6/X6dYSQ8263W/j5559j9uzZEWkeffRRBINBAJAB8Izm69OawzDFx8cP+JgxYwY2btzIfUjU KLPb7dBoNIiPj4dWq4VOp4NOp8PChQsxd+5cnDhxgk975swZxMfHY+vWrYMe0+l0Ij4+Hm+88UbU PqvVyn+2drt91N8PRQ1XZWWlB4ABANra2npun16Dqzn09PTEHtJ0F2hwGIHExEQYjcaIR2lpKRQK BYxGI9auXTveWXzoNDY2YvHixXA4HCguLkZ7ezvcbjfOnz+PsrIyBAIBpKWl4eTJkwCApUuXQiqV wmw2Dxqsa2trAQAbNkQvqFVbWwupVAqhUIi9e0d9hCBFjcitW7f2Aei8du1a3OXLlyP2fe973wMA CASCUZ8GmTYrjYBEIolZmGzfvh0LFy6ExWKB0+nk13ql7o7P54NOp4NQKERbW1vUTK9yuRwrVqzA ggULkJ+fj8uXL4NhGOTk5MBgMKCxsRGZmdFrsYfDYdT9/+zdeVhTZ9438O9JAgmLGhvKVhBUirjQ UkFFh9Yo7sUBq3Wp9pGpJCBtXV67zrTTdGrVzujUPlrKOoW6FK10oFAXHh1RKVgFpXVHqFgiIIUS JbJlOe8fmDNE9iUs+vtcF5eanOVOguebez27d8PDwwNSqdToObVajcTERCxduhRarRYHDhxARUUF N2yQkN4WHx9fJ5fLNwKIP3funObJJ580YxgGAGBubg4AYFm27TbULqBw6AECgQABAQHIy8vDTz/9 BC8vL+6b6R/+8Ads27YNAoEAr776KneB+/7773H48GGo1WqIxWIsXLiwxfsqlJWVIS4uDgUFBRAI BJBKpViyZAkEgv9+dFqtFnv27EFmZia0Wi1cXV0RGhra7J4KBQUF2LNnD9ee7uPjg+XLlxu1zavV auzZs4drTnF1dcXChQsxbty4Nt+DlJQUFBUV4dVXX8WePXuQkZEBoHFZ8JUrVxqVNyEhAUVFRVi7 dm2b/QKfffYZVCoVIiMjW10C3MPDAyEhIcjMzIRSqYSTkxNWrlwJhUKB+Pj4FsPh+++/R0VFBd55 551mz+3Zswd1dXUICgqCQCDA7t27kZCQgA0bNrT5+gkxJUdHxz0lJSXvVVdXu12/fh3u7u4AAMME OYZhejwcAAByufwDuVzOpqamsm1JTU1lO7LdwwgAK5VKW33+tddeYwGwBw4cYFmWZaVSKevl5cU6 OTmxAFgAbGJiIqvRaNilS5eyAFgnJydWKpWyNjY2LAD2jTfeMDrmgQMHWJFIxIpEItbPz4/18vJi AbB+fn5sbW0ty7IsW1payj3u5eXFSqVS1tramrW2tmYPHz7MHev48eOsSCRibWxsWKlUyvr6+rIC gYB1cnJiS0tLWZZl2aqqKtbDw4MVCASsr68vK5VKWbFYzAoEAu51tSY4OJh1cnJiZ8yYwYpEItbX 15cVi8UsAHbGjBlG20qlUhYAe+PGjTaP6eHhwYpEIra6urrN7VoyZ84cViAQcK+tqaCgoFaf8/X1 ZW1sbNja2lpWo9Gw9vb2rKura6fP/7Do6P95w3ZyufwDk1ykCORy+Uq5XM6uWbNGe/r0afbs2bNs VFSUyd536nPoATk5Odi9ezdEIpHRbMa8vDz4+Pjg+vXryM7ORmBgID7++GMkJiZi3bp1uHHjBo4f P47i4mIsWrQIW7duxZ49ewD8t0nFyckJ169fx6lTp3D+/Hls2bIFmZmZiIqKAgC8/vrruHjxIhIT E3H+/HkcP34c169fh5ubG5YuXQqVSgUAeP/992Fvb8+dMzs7GwcOHIBSqcTnn38OoPFb89WrV5GW lobs7GwcP34cV65cgY2NTYvfsh+kVCpRV1eH0tJSZGdno7S0FDNmzMDRo0eNOnaDg4OhUCjarDWo 1WpcvXoV48aNg7W1dac/k+DgYGi1Wuzbt8/o8YqKCqSlpSEoKKhZzerixYs4ffo0li5dCpFIBIFA gBUrVqCoqIjr0yCkrzg6Ou4BkFdXV8fvjbkn1KzUCXl5eZg2bZrRYxUVFbh48SIAIDIyslnb9Kef fgpXV1fu1n47d+6Eq6sr/vGPf3BNLSKRCDExMTh8+DC2b9+O5cuXIykpCWq1Glu2bDEaarlhwwZc vXoV9vb2UCqVOHDgAJYuXYolS5Zw29jb22Pjxo0ICAjAnj178Oqrr6KiogJ1dXVQqVTcxTYwMBBH jx7F008/DQBckBiGihqOdfz4cWi12g69R5s3b+Yu+iKRCCEhITh69CiuXbsGX9/Gm1a11G/zoIqK CgBoMRiKioq4Zrumpk6dyvUhBAYGwsbGBrt378batWu5bfbt2wetVouQkJBm+7fUSb18+XJs3boV O3fuxOzZs9stNyGmolAotDKZbCvDMLuvXbtWP3r06B4fodQUhUMn1NXVNZvvIBaLERwcjJUrVzbr 3LSxsTEaJ69UKlFRUYGAgACjNnjDcfz8/HD48GEAjUEENPZZNCUQCPDll18CAJKSkgA0Xkg//PBD o+0MF/qcnBwAjd+k33nnHTz55JPw8/PDnDlzEBgYCH9/f26fwMBAKBQKBAUFYdy4cQgICMDs2bPh 5+fXrLytebAz3s7OrkP7Pcgwb6SlUCoqKoJCoWj2uEKh4D4DkUiEFStWYPv27SgoKODCOT4+Hk5O Ts0u9FqtFvHx8XB1dYWNjQ33OYvFYri5ueHw4cNcnwYhfcXMzCxFq9XW/fbbb6I7d+6Y9FzUrNQJ vr6+uHHjhtHP+fPn8eWXXzYLBqD5t17Dha61iVVNmzkM2z7Y9NGUYahmXl5esyG2ycnJ3IUOAN5+ +23Ex8fDx8cHR48exRtvvIEnn3wSEyZMwNWrVwE0jv7Jzs7GokWLUFRUhC1btmDatGlwcHBAXFxc h96jrjQBtcTe3h5isRgXL15sFhAPfg6JiYktHsNwb2xDjeDixYvIyclpsdaQkpKCiooKFBUVNZvH UlBQAK1WyzXlEdJXIiIi1AAOAEBhYaFJz0Xh0IsM374LCgpafN4wY7fpti0teGZo2zd8u964cWOz 0DL8/OMf/+D2W7lyJU6dOoWqqipuuGZOTg4WLFjAbePj44NvvvkGv/32G44fP4733nuPa4YxNJ/1 loCAAKhUKqNJbkBjrcDV1ZX7aa12Mm7cOPj6+nLhkZCQAIFAwIVGU/Hx8QCAtLQ0HD9+3Ojn8OHD EIlEiI2N7XDzGiGmwrLsbgC4du1avSnPQ+HQi5ycnODk5MQNOW1KpVIhJyeHa5Yx/HnixAmj7bRa LSZPnoxnn30W3t6NK/UamqKaysvLw4IFC7i+iz/96U/Ytm0bgMamkiVLluDrr7/GnDlzuJrDtm3b uKAQiUSQSqX46KOPsGXLFgBAbm5uT70VHbJhwwYIBAKsW7euzVVBb9682epzwcHBKCgoQGZmJhIT EzFjxoxmTUNKpRKHDx+GVCrF888/D6lUavQze/ZsBAUFoaysDCkpKT32+gjpiieeeOIYgDK1Wi28 ffu2yc5D4dDLwsLCUFRUhDfffJMLiLq6OshkMqjVarz22msAgCVLlkAsFuO9996DUqnk9v/kk0+g VCoRHBwMNzc3BAQEIDk52ajJQ6VSQSaTITk5GSNHjoS1tTVOnz6NjRs3Gn37VyqVyMvL4+YQ1NXV ITk5mRu9BDSG0dGjRwGAC6PuSkhIwIcffsj1i7TGy8sLW7duRVFRETw9PfHZZ59x70VdXR2OHTuG ZcuWITg4GAKBoMW5EMuXL4dIJMK7774LpVLZYpPSnj17oNVqsWLFilbLYtgvMjKyMy+VkB6nUCi0 ABIB4NatW6Y9Gc1zaB/amefwIKlU2uL4eI1Gw65YsYIFwNrb2xvNc3jnnXeMtk1LS2Otra25eQ5u bm4sAHbp0qWsRqNhWdZ4noObmxs3z0EgELDbt2/njpWdnc097uvry/r5+bEikYi1trZmT506xbIs y1ZXV3PH8vDwYKVSKWtvb99i2R4UHBzMAmj2+PHjx1kAbHx8vNF7gw7MczDYvXs3V46WfqRSKZud nd1u2ezt7bn3rSlXV1dWJBKxVVVVbZbD1dWVBcBeuXKlQ+V+GNA8h/4pLCxMev/9Ntn7TqOVOig+ Pr7NzuEHvfPOOy2u7SMQCLBr1y6EhoZynaB+fn5YuHBhs5E+zz//PK5fv449e/bg4sWL8PLywpw5 c/D8889z29jb2+Ps2bNISkpCZmYm1Go1pFJps1nNvr6+RscCgKCgICxfvpx7XYZlKpKSknD69Gmo 1Wr4+fnh+eef54ahtmbVqlUtdsob1qNqOurqnXfeQXBwcIeXpFi+fDkWLlyIY8eOISMjgxvmOm7c OPj7+7e7XMkHH3wAqVQKFxeXZqOu1Go1FAoFbGxs2l3FddeuXSbvBCSkI3g8Xo5erzfpORigseYA QDF//vw2b+KTlpaG1NRUtLcdIeTh0NH/84btACiio6M/bHVD0iOCg4NF5ubmpQAM32h6/H2nPgdC CBlghELhbPw3GEyiS81K165d6+lyEEL6Ifq/3j/p9foVhpVZTaVT4TB48GAAjfeUpfvKEvLoMPzf J30vPDzcWqvVmrxdv1Ph8NxzzwEA7t69a5LCEEL6n8GDB3P/90nf0+l0SwCIRo8ejStXrpjsPJ1u VqJfEkII6TuGJqVJkybh1q1bJvuyTh3ShBAyQISEhDgxDCM1MzPD+PHjYWZmZrJzUTgQQsgAwefz lwPA+PHjIRQKIZFITHYuCgdCCBkAgoODRSzLvgYAEyZMAACqORBCyKPOzMzsLwCcXFxc4OnpCQAY MmSIyc5H4UAIIf1cWFiYK8MwbwDA0qVLucd5PO4S3nytnm6icCCEkH5Or9dvBiCaNGkSRowYwT1e U1MDAGBZtqinz0nhQAgh/VhYWJgUwFJzc3N20aJFRs8Zlr1nWbbH1+6mcCCEkH5KoVAI9Hr9DgCY O3cu8+BM9aqqKsNflehhFA6EENJPlZSUrAIwztbWFjNnzjR6Tq/Xo6qqCgzDsLGxsRQOhBDyKAgO DhYD2AgACxYsaDZs1VBrsLKy6vHOaIDCgRBC+iVzc/MvANiMHj0a48ePb/Z8ZWUlAMDCwqLSFOen cCCEkH5GLpf/Bfc7oZsOXW3KUHMwNzcvM0UZKBwIIaQfCQ0NDQSwkcfjQS6XM63dnthQc9DpdJdM UQ4KB0II6SdkMpkXy7J7gMZ7vBtmQrfEUHMoLy/PNUVZKBwIIaQfCA8Pt2cY5t8ArKZMmYLZs2e3 ub1hjoNer//VFOWhcCCEkD6mUCgEWq32GwCubm5uePnll9vcXqPRoKCgAACg0+lMci9XCgdCCOlj paWlMQD8hg4ditDQ0KZrJrXo8uXLqKmpgZWV1Y24uLgCU5SJwoEQQvpQaGjo2yzLBguFQrz66qsd ul/36dOnAQBmZmZfmqpcFA6EENJH5HL5ByzLbgGAVatWwdnZud196uvrceHCBQDA77//brJw6PQ9 pAkhhHSPQqEQlJSUfAEghMfjYcWKFXj66ac7tO+5c+eg0Wjw2GOPXdyyZUuPL5thQOFACCG9KDw8 3Lq0tPRrAAFCoRAymazNIasP+vHHHwEA9fX1X5ioiAAoHAghpNeEh4fb63S6f7Ms6zt48GCsXr3a 6P4M7bl79y6uXbsGPp+vu3fv3n4TFtU4HEpKSpCWlmbK8xFCHkIlJSV9XYR+Ty6Xe+h0umSWZUfZ 29tj9erVaG32c2vOnj0LvV6PoUOH/vjJJ59UmKioAB4Ih9zcXOTmmmSyHSGEPLJCQkJ8ASSzLGvn 4uKC1157rUOjkh6Uk5MDALh3797nPVzEZpo1Kzk4OMDR0dHU5yWEPCRKSkpQWlra18Xot+Ry+fMA 9gGwGjt2LEJDQyEUCjt9nLKyMvzyyy/g8Xh1arX62x4v6AOahYOjoyO8vb1NfV5CyEOEwqG54OBg sVAo/JRl2WAAmDJlCl5++eV2J7i1pkmT/974+Pi6nill66hDmhBCephcLn+eYZgolmWfEAqFeOGF FyCVSrt8vEuXLuHs2bPg8Xh1Wq32g54raesoHAghpIc0rS2wLAt3d3cEBwdDIpF0+ZgajQaJiYkA AIZh/maKW4K2hMKBEEJ6QE/XFgyOHDmC8vJyWFpaKsVi8T+6X9KOoXAghJBueLC24ObmhldeeaVb tQWD8vJyHD58GABQU1OzbPv27dpuH7SDKBwIIaSLZDLZQh6P9xnLsk+YmZkhMDAQ/v7+Xe50flBi YiI0Gg2srKwOfPrpp5k9ctAOonAghAw44eHh1jqdblJUVNSxvjh/aGhoIMuyCgBeLMtixIgRWLly ZacntbXl3LlzuHTpEszMzGrv3bu3uscO3EEUDoSQASU4OFgMIJdl2REymWxFTEzMnt46tyEUWJb1 AoDBgwfj+eefx3PPPddjtQWgceXV/fsbV8fQaDTro6OjTTobuiUUDoSQASM8PNyaYZgjGo1mBAAw DOPWG+dtKRTmzJmD5557DmZmZj1+voMHD6KqqgpCofAniUQS1+Mn6AAKB0LIgBAeHm6t1+vT9Xr9 xN46Z2+HAtDYnJSeng4AuoaGhhCFQtFrndBNUTgQQvo9hUIhKCsrS9fr9ZMHDx6Mp556CpmZpumf DQ4OFpmZmT3PMMx7vRkKAFBQUID4+Hjo9XoA+CgqKirHZCdrB4UDIaRfu39jnEQAkwcPHowNGzZw C9D1JLlc7gdgJcMwL7IsOwTovVAAGtdO+vzzz1FfXw8ejxcRGRn5oUlP2A4KB0JIv6VQKAS3bt36 mmGYhYZg6MkRQXK53INl2eUMwwQDcAIAlmXh4uKCKVOm4A9/+IPJQwEAqqqqsG3bNtTU1IDP5yfb 2dmtNflJ20HhQAjpt0pKSnYxDLNIKBTitdde65FgCA8Pt9doNEvuB4IXwzAAAIlEgkmTJmHSpEk9 GkDtUavV2L59O+7evQtzc/MctVq9rK/6GZqicCCE9EtyufxTAEuFQiHWrFkDFxeXLh8rJCTEiWGY qQzDrNBqtTMZhuEDgLW1Nby8vDB58mS4ufXKwCcj9fX1+OKLL1BWVgZzc/Nf9Hr9tN5YcbUjKBwI If3O/WBYZwiGzl645XK5B8MwfwDgx7KsFICr4TkzMzOMHTsWU6ZMwZgxY3ql2agler0esbGxKCgo gLm5uVKv1/8hIiJC3SeFaQGFAyGkX5HL5ZsBrOPxeJDJZB0KBplM5gVgKsMwUgC+AOxZluWet7S0 hJubG7y8vPDMM8/A0tLSRKXvuF27duHnn38Gn8//vaGhYWZ0dHRZX5epKQoHQki/IZPJ1gJ4xxAM np6e7e0SIpfL3wBg3fTBwYMHY9SoURg+fDjc3d3h7OxsqiJ3ml6vx/79+5GVlQUej1er0Wiej42N vdrX5XoQhQMhpF+QyWRrGYbZbgiG8ePHt7ptk/svOwGAra0t3Nzc4O7ujpEjR8LW1rYXStx5d+/e xb/+9S9cuXIFAHQsy86PjY093dflagmFAyGkz8nl8lAA2wFg2bJlbQYDADz33HMAGpuL3N3dm4ZF v3Xz5k188cUXqKqqAo/H+02r1f6xvwYDQOFACOljMplsIYCdALB48WLuwt+ejm7XH/zwww/YvXs3 9Ho9eDzeKR6Ptzg2NrZf9TE8iMKBENJnZDLZQoZhEgEIFi9eDH9//74uUo/SaDTYu3cvsrKyAAA8 Hu9/7e3tN/SHeQztoXAghPQJuVz+PIBEAII5c+Y8dMFQVVWFL774Ajdv3gSPx6vT6XQhkZGRvba8 eHdROBBCet39dYwSAQj8/f2xYMGCvi5Sj7p69SpiYmKgVqthZmZWrNPp5sXExFzs63J1BoUDIaRX 3Q+GQwCs/f39sXjx4r4uUo86cuQIkpOTodfrwTDM9/fu3VsRHx+v6utydRaFAyGk14SGhvqwLHsI gPWECRMeqmDIz8/H/v37UVxcDAA6NC653acrq3YHhQMhpFfcXwE1FYD1+PHj8corr/R1kXpEeXk5 /v3vf+PcuXMAAIZhftXr9fKYmJgjfVy0bqFwIISYnFwu9wBwHID9+PHjIZPJevSey32hpqYGhw4d wtGjR6HX68Hn89U6nW5LfX39tv6yeF53UDgQQkwqLCzMVa/XHwdg7+bmxspkMmYgB4Ner8fJkyeR kpKCmpoaMAyj5/F48QzD/KW/rY/UHRQOhBCTCQ8Pt9dqtYdwPxjWrFkzoIPhwoULOHDgAMrKGjOA z+dnsCz7emRk5IAaidQRFA6EEJOQy+U2Wq32OACPkSNH6tasWcMXCoV9XawuKSkpwf79+w1rIkEg EPyi0WjCv/jiiwHdr9AWCgdCiKmsBODB4/EQHBw84IJBr9fj0qVLyMrKQl5enmHpiyq9Xv++ra1t 1ECY5dwdFA6EEJPg8XhJer3+Nb1e7/r5559jw4YNA2KBvMrKSmRnZyMzMxNVVVUAAIZh6hmG2VFX V/fxQJyz0BUUDoQQk4iMjCwKDw+frNVqj5eVlXl89NFH2LBhQ6/en7mj9Ho98vLykJmZiUuXLnGP 83i863q9Popl2YTo6OiKPixir6NwIISYTERERFl4ePgErVZ76O7du37btm1DaGhon9yvuSVlZWX4 4YcfkJWVBbW68Q6dPB5PwzBMok6ni46MjMzs4yL2GQoHQohJRUREqMPDw+dqtdpdd+/eDfrss8/Y sLAwZuzYsX1SHo1Gg5ycHGRmZqKgoIB7XCAQ/KzVaqPr6ur2PCpNR22hcCCEmFxERIRaoVC8WFpa GtPQ0BC8c+fOdu/21lP0ej2Kiopw/fp1FBQU4Nq1a6ivrwcA8Pl8tVar3c3j8eIiIiJyTF6YAYTC gRDSK+6P7vmTXC5X6fX6dVFRUTDFPRyahsG1a9dQUFDAhYEBwzA/sCwbU1tbu+9hmM1sChQOhJBe FR0dvV4mkxUxDLN9//79uHv3breW7O5IGNyfl5DO4/Ey+Hz+iYiIiIdmJrOpUDgQQnpdTEzMZzKZ rIJhmPjDhw8LampqsGzZsk6tt3Ts2DFcunSpxTAQCoXFOp0uXafT/R+FQddQOBBC+kRMTMye0NBQ Ncuye06ePGmlVqvxyiuvwMzMrN19T548if3793P/frBmsGPHDgqDbqJwIIT0maioqBS5XD4HQOq5 c+fEd+/exZo1a9DebOq7d+8CABiGiefz+e9SzaDnDdwVsAghD4Xo6OhMAJMBlBUUFOAf//gHd/Fv D8uyRRQMpkHhQAjpc9HR0Vd5PN5kAFeLi4uxbds2buVT0jcoHAgh/UJkZGSRQCCYxjDM6bKyMmzb tg0lJSV9XaxHFoUDIaTfiIiIKOPz+TNZls24e/cuNm/ezDadxUx6D4UDIaRfiYiIUD/xxBMzWZY9 0NDQwHz66aes4f7MpPdQOBBC+h2FQqF94oknlgHYrtVqmZiYGPzwww99XaxHCoUDIaRfUigU2ujo 6PUAFHq9Hl999RWOHHlob7zW71A4EEL6tejo6A8BvAZA++233xpNfiOmM+AmweXn5+PQoUO4du0a lEolxGIxRo4cCX9/f/j5+fV18YxUVlZCIpG0uU1CQgKKioqaPW5ubg5HR0dMmDABY8aM4R4/ceIE MjIysHLlSri6uvZwiVuWl5eHlJQUk50zJSUFeXl5+OCDDzq8z5kzZ3Do0CG4urpi5cqVnTqf4T1c u3YtxGJxq9upVCp89tlnkEqlmDp1aqfOQXpWdHT05zKZrIxhmMRjx44JLC0t+7pID70BEw46nQ6b N29GcnIy+Hw+Ro0aBQcHB+h0Ohw5cgSpqamYOHEitm7div7wi7N582YUFxcjIiKize2ysrKQm5vb 5jYvv/wy1q5dCwC4du0aUlNTERAQ0GvhoFQqTXrOvLw8pKamdioc4uPjcebMGfD5fAQEBLQbwk0Z 3kOZTNZmONTU1CA1NRUODg4UDv1ATExMUlhY2Ey9Xp9aU1Nj3dfledgNmGaljRs3Ijk5Gc8++yz+ /e9/46uvvkJUVBRiY2Nx5MgRBAUF4cyZM/jss8/6uqgAgKSkJOh0ug5v/9133yEnJ8foJzY2Fs7O zti1a1e7AWJKkydPRlRUFNzd3fusDE2VlJTgzJkzmDdvHnQ6HZKSkvq6SKSXREZGZjAMMw2AYYbc I3Xrzt40IMIhNzcXqamp8PT0xNatW+Ho6Gj0/KBBg/Duu+/C3d0dycnJUKm6dxOn6urqDh2jvD6B caoAACAASURBVLwcDQ0N3TpXW7y8vLB69WoAQHp6eovb1NTUoLKystvn0ul0KCkpaTHQJBIJvL29 MWjQoBb37cj7UF1djfLy8m6XEwDS0tIAACtWrICrqyuSk5PbDeLKysoOfVY1NTUd/v1p7X3v6GdS WVmJmpqaNreprq7ukc/3YRIVFZVzfzZ1mKOjY1Rfl+dhNSCalVJSUgAAa9euBZ/Pb3EbPp+PdevW QalUctv85z//wfbt2/Hxxx/D09OT27a8vBwhISHw9/fnmmuAxgtwdHQ01wdga2uLkJAQvPDCC9w2 NTU1+Oc//4n09HTuP/aYMWOwevVqTJ48GRcuXMBf/vIXAMCFCxfwxz/+EevWrcP06dO79NoNzTgP XtiUSiXi4uJw5swZrqzr1q3DrFmzAAAhISFoaGjAV1991eyY4eHhEAgE+N///V9UVlZi8+bNyMrK QkNDA/h8Pry9vfHaa69xfR0tvY81NTWIjIzEwYMHuYvpxIkT8dZbbxmVOS4uDqmpqVwwmJubY8qU KXj33Xc71RTUVHJyMlxdXeHu7o758+djx44dyMzMbLHpJyUlBVFRUSgvL4e5uTnmz5/fYrNjYWEh tm3bxr2fY8aMwapVq4y2MfzerF69GocOHUJWVhYkEgm+/PJLODo64syZM9i5cycuX74MABCLxXjp pZewcuVK7ndSp9Nh586dSE1N5d43V1dXBAcHIyAggDtXZmYmduzYgcLCQgCNX4Dmz5+PsLCwftFs 2tciIyOLAFAwmNCACIdTp05BLBbDy8urze0mTpyIiRMncv+uqalBSUlJswurVqtFSUmJ0TfEb7/9 Fps2bYKnpyc2bdoEoVCI5ORkbNq0CSqVCq+88goA4MMPP0RGRgZWrVoFT09PVFZWIi4uDuvWrcO+ ffsgkUgQEBCA6Oho2NjYICAgAE5OTl1+7Xl5eQDQ7EK6adMmTJkyBe+//z6qq6uxa9cuvP/++9xF 09vbmwuPpu9Jfn4+zpw5g9dffx0AsH79ehQXF+P111+Hu7s78vPzERcXh1dffRXfffcdBg0a1Ox9 1Ol0WL9+PXJzc7F48WJMmTIFJSUliI6ORmhoKPbu3QuJRAKFQoH09HQsXrwYPj4+0Gq1yMjI4IK1 vf6YlmRnZ6O8vJwr/9y5cxEREYGkpKRm4dD0M123bh1qa2sRHx/f7Jt4eXk5QkNDodPp8Prrr8PV 1RVHjhzB+++/b7Sd4fcmOjoaNTU1mDVrFsrLy+Ho6IjMzExs2LABzs7OUCgUEIvFyMjIQEREBIqK ivC3v/0NAPDFF19g165deOmllzBx4kTU1NRg9+7d3D5+fn64fPkyNmzYAG9vb4SGhsLc3BynTp3C 3r17UVNTg/fee6/T7xshnTUgwqG6urrdYOgOlUqFrVu3wtPTE7Gxsdy3vKlTp2L9+vWIiopCQEAA bG1tkZGRAalUCrlczu0/YsQIbNy4Efn5+Zg1axbkcjmio6Ph4OBgtF1bHmxyUalUOHfuHKKjo2Fu bo7AwECj5/39/bFp0ybu346OjnjrrbeQnZ0Nd3d3BAYGIi4uDunp6UbhcOjQIfD5fMydOxclJSW4 fPkyVq1ahWXLlgEAvL29IZFIsHv3bhQVFRnVuAyOHTuG3NxcyOVyo9fn7OyM119/HSkpKZgzZw7S 09Mxb948vPXWW9w2s2bNglKp7HIfSmpqKld+oLHGNGnSJGRlZaGkpIRrcmxoaMCOHTswcuRIo8/U z88PixYtMjpmXFwcVCoVvvzyS+71Tp06FX/+859bbM67ffs2kpOTYWtrC6AxLD/66CPY2dnhq6++ 4r7Z+/n5wdLSEnv37sWLL74IT09PZGRkYMyYMfh//+//ccfz9vZGeHg4iouLATTWGnQ6Hd599104 Oztzx1KpVN1uMiWkowZEOABosTkpNzcXoaGhzR5/8KLVnuzsbDQ0NCAoKKjZeYKCgnDq1ClkZ2cj MDAQEokE2dnZ+Pbbb+Hn5wdbW1uMGTMGe/fu7fyLaiIkJKTFxwcNGoSPPvqIu0gYzJs3z+jfHh4e AMBdPBwdHeHt7Y309HS89dZbMDc350Z2TZo0Cba2tqiuroa5uTnXTOPn54dBgwZh1qxZXPNUSzIz MwEAixcvNnp88uTJ+Oqrr+Ds7IxBgwbh5MmTzfatqamBRCLpVGe9gUqlQkZGBld+g4CAAGRlZeGb b77hmgkvXLiA6upqrFq1yugzlUgkmDVrllEndnZ2NkaOHNksCJctW9ZiOPj4+Bid/8KFC6isrMSq VauaNfkEBgZi7969OHHiBDw9PSGRSJCXl4eEhARMnz4dzs7OkEgk2LdvH7ePYQTVP//5T6xcuRKe np7g8/n45JNPOv2eEdJVAyYcWuqUk0gkmD9/vtE2WVlZnT624RtbREQE4uLijJ4z3H7w9u3bAIC3 334b77//PvetfeTIkZBKpZg1axZGjhzZ6XMbvPTSS7C2/u/oPBsbGzg4OMDb2xvm5ubNtrewsGjx OE2/Wc6fPx+5ubnIzMzE9OnTkZuba9QkM2jQIKxbtw7btm3jmlA8PT3x7LPPcjWllty+fRtisbjF YaBN52RYWloiMzMTZ86cQXFxMYqLi1uc09FR6enpaGhogEqlwocffsg9bviMUlNTsXr1apibm6O0 tBQAmoUqgGafU0lJCaRSabPtRo0a1WI5HmziUyqVABpHqB06dMjoOa1WC+C/v79r167FmjVrsGPH DuzYsQOOjo6QSqWYOXMmF04BAQE4duwYTp06hVOnTmHQoEGYOHEi/P394e/v32q/GyE9aUCEw5gx Y3D58uVmk8pcXV2Nxsbn5uZ2KRwMpkyZAgcHhxaf8/b2BtDY3PDdd9/hxIkTOHXqFHJzcxEXF4f4 +HgoFAquuaOzli5d2mwUVndNnz4df//733Hw4EFMnz4daWlpsLS0hL+/P7fN4sWLIZVKcezYMWRn ZyMnJwcXLlxAfHw8Pv/88xablYCWa3JN6XQ6hIeHIzc3l6tdSaVSeHp64siRI62OvmqLYY6LSqVq 1iwlFou5mkXTWk9L5WypQ7el7VoK5bZ4eXm1OtzXEDRjxoxp9vuzd+9e7N27F+Hh4XjllVdgaWmJ qKgoLtizsrJw7NgxHDt2DF5eXoiKiqKAICY3IMJh7ty5uHz5Mnbv3m00uqijHuyQfvDfhm/AkydP btac0tDQgOrqai6UVCoV+Hw+AgMDERgYCJ1Oh8zMTLz77ruIj4/vcjiYgiEIDh48iPLycu7C2fSi V1lZCQsLCyxbtgzLli1DQ0MDkpOT8fe//x0JCQnYunVrs+OKxWJuGOaDF9qdO3fC3d0dtbW1XId1 0z4HAF2al3D58mXk5+dj3rx5XOfug8//z//8D77++mvMmjWLq/UYaoVNPVh7sbW1bbFG09FajuF3 w9PTs9lsbZ1Oh8rKSq481dXV0Ol0mDt3Lve7kpubi7fffhuxsbF45ZVXuGHF3t7e8Pb2xtq1a1Fe Xo6NGzciKysL2dnZ/W41APLwGRDzHBYuXMhNBktISGixvbqysrLZmiuGi+CD/8kNbeYGfn5+4PP5 2L9/f7Njb9++HbNnz0Z6ejoKCwsxY8YMfPHFF9zzfD4fU6dOhZ2dnUnnPHRVQEAAdDodtm/fjpqa GqPhkv/5z38we/Zs/N///R/3mLm5OYKCggA0D1GDKVOmAAAOHz5s9Hh+fj7i4+Nx8eJFrhnu2Wef NdqmsrKSG4HVGYa5DU3L39SYMWPg7u6OCxcuoLCwEF5eXhg0aBBSU1ONPlOdTodjx44Z7fvss8+i sLCQG4Jq0NHazdNPP41BgwYhOTm52byFr7/+GvPmzUNCQgKqq6sxY8YMoyYxoLFW6u7uzpVz/fr1 WLJkCaqrq7ltbG1tuaav/vh7Rh4+A6LmYG5ujk8//ZRrq01KSoK/vz9cXV1RXV2NvLw8bpy+p6cn 943M0F4fHR0NS0tLODk54cyZM9i/f7/RN15HR0csWbIEe/fuxfr167FixQqIxWKkp6dj//79GDNm DNfW6+3tjaSkJNjY2MDPzw9arRYpKSkoLi42Ghdva2uLwsJCJCQkNFsfqTd5e3vD2dkZ6enpcHZ2 Nhr1ZehQ3759O4DGi1x1dTUSEhIAoNVa0Ny5c7F3714ucCZPnoybN29ix44dsLS0xNKlS/HLL78A aBwJJJFIYG1tjevXr3PnAjq29hTQeDE8dOgQNxmvNUFBQfj73/+OpKQkvPXWW5DL5di2bRvWr18P mUyGhoYGJCQkcMFlsHLlSqSnp2P9+vVYt24d3N3dceLECezevbvdsgGNNTTDucLCwiCXy+Hg4IDs 7GyuX+GFF17AoEGDMG/ePKSmpuKf//wn5syZA4FAwPXLGGqtixcvRlZWFtasWYNVq1bBxcUFV65c QVRUFMRiMSZMmNChchHSHQMiHIDG/oU9e/bg66+/RnJyMnbt2mX0vJeXFxYuXGh0QZNIJNi8eTM2 bdqEjz76CEBjEHz66af461//arS/YRG2Xbt2ITw8HEBjrcDf3x/vvvsu18a7adMmfPjhh4iIiODG 6ZubmyM4ONhohFRwcDC2bduGHTt24OWXX+6zcAAaO6YjIiKMOu+BxnJHRETgr3/9q9GwWLFYjHXr 1rUaDob9Nm/ejO3bt3MXfHd3d0RGRsLR0RGOjo5YtWoVN6bfcNyXXnoJYrEYmzZtwk8//dShyYEZ GRmorq7GSy+91GZb+6xZs7B9+3akpaXhtddew7Jly6DT6RAXF4c//elPABqbfkJDQ7Fjxw5uP0dH R0RFRUGhUHAd84ZRYhs2bGi3fEDjyCZLS0tERERg3bp13OMTJ07Ee++9x80uf/PNN6HT6bBv3z5u hBufz8f8+fPx5ptvAmgM7T//+c/NjjVmzBijYxFiSgwAyOXyDwAoAHDtnP1deXk5iouLYWFhAVdX 1zZnjep0OhQWFoLP57c7okin06GoqAj19fXckMyWVFdXo7i4GAKBAK6uri12XhqWYrCzs+vTDsR/ /etfiIiIwMGDB1sdgaRSqVBcXIxBgwbB2dm5w+U17CeRSFrsUK+pqUFRURGEQiFcXV375H1oaGhA QUEB99raUlxcjOrqari5uXW6Q9qgqKgI1dXVcHZ2bnVhv5qaGiiVSmi12lZ/fw19D5WVldyQ1/4o Nze36QABxf0ltskAN2BqDg+ytbVt9UL3ID6f3+FF4zoSIEDjN8v2agOWlpZ9vtRBQ0MDUlNTMWXK lDbfr9aGpranvf0sLS37tNYENNZ0OlqG9sKjIzqycq2lpWW7v5N8Ph/Ozs49UiZCOmvAhgNp24UL F/DNN9/g8uXLKC4u7tRy2IQQQuHwkBIKhcjIyIC5uTn+/Oc/m3T5EULIw4fC4SHl7u7e4vIVhBDS EQNingMhhJDeReFACCGkGQoHQgghzVCfAyHEZGQy2WyGYewBVPB4vHtovOezuq6uriw+Pr6uj4tH 2kDhQAgxidDQ0CUsyyYa/q3X67nnzM3NIZfLwefzqwDU83i823q9vlav198AUK/X65UMw2gBFAEA j8e7qdfrL0ZHR1f08st4ZFE4EEJMgmVZD6BxGRvD7O76+nqjhQNra2uHarVa1NfX299feNAXABiG MTqWIVhWr15dwTDMGa1WmwUgD8CPFBimQeFACDEpV1dXjB8/vt3tNBoN6uvrUV1djdraWtTU1KCu rg737t3DvXv38Pvvv6O2ttYGwLz7PwD+GxgajeYcj8fL0el0ubGxsUoTvqRHAoUDIaRfMDMzg5mZ mdEdER9UX18PlUqF33//HSqVCtXV1aisrLRRq9XzGIaZx7IseDweVq9efZdhmNMajeYMBUbXUDgQ QgYMoVAIOzs72NnZGT2u0WhQUVGBsrIylJWV4fbt24M1Gs0shmFmGQIjPDz8N61W+zXDMLuioqJy +uglDBgUDoSQXldcXIza2lqIRCKYmZlxf1pYWHRp5V4zMzM4ODgY3ea3srISt2/f5gLj3r17jwNY w7LsmvDwcKVGo4nn8/n7IiMjL/bgS3toUDgQQnrVL7/80uxufA8yhISVlRV4PF6LfzIMg0GDBmHo 0KEQiUTNjmHoCDesyKtSqXDjxg0olUqUlZU5MQzznl6vfy88PPyaVqvdpdPp9sXFxRWY5EUPQBQO hJBepVKpALQ7iglarRa///47NBpNu8e0srLC448/jqFDh+Lxxx+HjY0NrKysjLYRi8V45pln8Mwz z6C2tha//vorbt68CaVSOQrARj6fvzE8PDxPo9HEsyyb9Kj3UVA4EEL6REdHMel0OtTW1nKjmOrq 6lBTU2M0isnw96b3ixeJRLCzs8Njjz0GiUSCxx57DEOGDAHQWDMZNWoURo0aBY1Gg5KSEly7dg2/ /vqrF8Mw2xmG2R4WFpbNsmwcy7Ipj+JwWQoHQki/xufzYW1t3e4opurqavz++++oqqrCnTt3oFKp cPPmTdy8eZPbTigUwsbGBhKJBLa2thg6dCjEYjFcXFzg4uKC2tpa5Ofn49q1a7hz585kAJMZhole vXp1hl6vf/tR6simcCCEDHhCoZC78Del0+nw22+/4fbt2ygvL0dpaSlu3bqFW7ducduIRCK4urpi 5MiRcHBwwNNPP42nn34apaWlyM/PR2FhIU+n000HcHb16tXfsyz7zqPQiU3hQAh5aPH5fNjb28Pe 3p57TKVScaOYysvLoVKpcPXqVVy9ehUikQgjR47EiBEjuNFPvr6+uHbtGn7++WfU1tY+zzDM3LCw sD0ajeZvD3MHNoUDIaRfMgx3FQgEsLCwANB473YAXR7yCvz3vuejRo0CANy7dw+//vorbty4gbKy Mly6dAmXLl2ClZUVhg8fjuHDh+Opp57C2LFjceXKFVy4cIGnVqtfFggEy+Vy+U6BQLA5IiKirGde df9B4UAI6Xc6MtwVaGwSGjp0KB577DEMHjwYQ4YMgY2NDRcmHWFlZYXRo0dj9OjR0Gg0KC4uNoxi wsWLF3Hx4kUMGTIEI0aMwPDhwzF27Fhcv34deXl5vDt37qzR6XSr5XL5xw0NDZ/Fx8eruvO6+xMK B0JIv9N0uKtYLEZNTQ0AoLq6GkDjUFedToe6ujqUlpaitLTUaH+hUAixWIzHHnsMjz/+OJycnJoN bW2JmZkZRowYgREjRoBlWZSVlaGwsBAFBQU4f/48zp8/zwXFzJkzUVVVhR9//NFMrVYrRCLRG6Gh oRvr6+s/exiWI6dwIIT0W+0Nd62trUVFRQU3Osmw5lJ9fT1u376N27dv48qVKwAam5OGDRsGZ2dn 2NnZtdssxTAM1+8wefJkFBYWIj8/H6WlpVxQSCQSbt7E+fPnrfV6/RaRSPSWXC7/q6OjY5RCodD2 6BvSiygcCCEDloWFBZydneHs7Gz0eG1tLaqqqqBSqVBSUgKlUgmVSgWVSoWff/4ZfD4fDg4O3L6G +Q+t4fP5cHd3h7u7O+7cuYPr168jPz8flZWVOHXqFIYMGYIpU6agtLQUBQUFjwHYWV5e/nZoaOif oqKi2m8f64coHAghDx0LCwtYWFjA0dERY8aM4ZqIbt26heLiYlRUVECpVEKpVCI7Oxt2dnbw8PDA yJEj261RDBkyBD4+PvD29savv/6Kc+fOoaKiAqdOnYJEIsHEiRPxyy+/oKKiwhnAUblc/r8NDQ1v D7SmJgoHQshDr2kTkY+PD+rq6qBUKlFcXIzi4mKuCer06dNwc3PD6NGjMXTo0HaPaZg8Z2hqunXr FiorK2Fra4vRo0fj6tWrYFl2jYWFxRyZTLYkJiYmr5decrdROBBCHjkikQhubm5wc3ODTqdDYWEh rl69itu3b3NDWW1sbODh4QE3NzeYmZm1eTxD8FRWVuLcuXMoKipCeXk5Hn/8cdTW1kKtVrvzeLxc uVz+VnR09LZeepndQuFACHmkNe1PqKqqwpUrV1BQUICKigpkZmbixx9/xLhx4+Dp6QmhUNjmsSQS CWbOnIk7d+4gNzcXhYWFABqbou7cucMDsHX16tXzGYZZ2t/nRvD6ugCEkIdbZWUlfv31V5SWlqKq qspo9dX+ZujQoZgyZQqWL18Of39/ODg4QKPR4Pz589i3bx/Onz+P+/e6btOQIUMwffp0zJ8/HzY2 Nrhz5w6AxiDS6XRTWZb9US6Xe5j69XQH1RwIIaZSBgBFRUVGq6UOBHw+n5vvUFlZiezsbJSWliIn JweXLl2Cl5cXxo4dC4Zh2jyOvb09FixYgGvXruHs2bOora0FAOh0umF8Pj8nLCwsIDIyMqMXXlKn Uc2BEGIS0dHRUQzDvMMwTHyTnzQARX1dts6QSCQICAhAQEAA7OzsUFtbi+zsbHzzzTfIz88Hy7Lt HmPUqFF48cUX4eXlxY2G0uv1VizL/kcul6809WvoCqo5EEJMJioq6pMHH5PL5R8AUPR+abrHwcEB f/zjH3Hz5k3k5uaisrISJ06cwE8//QQ/Pz+jW5S2RCgUYsKECXjyySdx/PhxVFRUAAADID4kJMQj Njb23d54HR1FNQdCCOkEFxcXLFiwAFOnTsWQIUOgUqmQlpaGrKysDt21TiwWIygoCN7e3lyzlEAg eEcmk+01ddk7g8KBEEI6iWEYuLu748UXX+Qu8pcuXcKBAwearfPU2v7jx4/H/PnzIRaLodfrwTDM MrlcfrAXit8hFA6EkD7x4CgmtVrdoZFA/YnhIr9gwQJIJBKo1epO1SLs7OwQFBSEsWPHGh6aK5PJ shUKRZ83+fd5AQghj5x2RzHx+XwNgLZnnvUjEokECxYswPnz53Hu3DlcunQJN2/ehFQqbbcvwszM DFOmTIG9vT1OnjwJjUbjW1JScjk4OHhiXy4BTjUHQkivam0UE8uyGYYfnU53p6/L2Vmt1SKys7M7 NKJpxIgRmDt3ruFeFE+am5tf6su5EFRzIIT0upZGMTU1UEc0Ac1rERcvXkRVVRX8/f3bnWFtZ2eH BQsW4NChQ6iqqnJkGOZsaGhoUF+s7Eo1B0II6WFNO5wtLCxw69YtpKSkcDcxaouVlRUCAwPh4uIC lmWtWZY9EhYWJjV9qY1ROBBCiIkYagKGJTSSk5NRXFzc7n5mZmaYOXMmxo0bBwB8vV6fJpfL/Uxe 4CYoHAghxISsrKwQEBCAkSNHQqPR4MiRI/jpp5/a3Y9hGEyePBlubm4AYAXgcG8GBIUDIYSYmJmZ GaZPnw4fHx+wLIszZ87gxIkTHRq6K5VKMXz4cKCXA4LCgRDSb1VWVuLGjRsoLS1FWVkZ1Go11Gp1 h0b/9EfPPPMMZs+eDTMzM+Tn5+PgwYPtzodgGAb+/v5NA+JAb4xiotFKhJD+qEMrupqZmdVZWVlp Hn/8cTMbGxvRkCFDYGNjYxgO2i8NGzYMgYGB+P7771FWVobDhw9jzpw5bd5QyBAQR48eRVFRkR2A 1PDw8GciIiLUpionHwC8vb2lAKQA4OjoCEdHR1OdjxDykCktLW26ZERGbm7uie4eMzc3N9fHx6eO YRgly7IFAMoZhlEC0ANQAbAGwNPr9YK6ujrh77//LlAqlSgoKMDPP/+Mn3/+uf7GjRt1v/32G1td XS0wMzPrV4FhYWGBYcOG4caNG1CpVCgrK8OIESPavH81wzAYNmwYbt68ibq6usd0Op37uXPnvjFV GanmQAjpl9qbCwEAcrnchsfjjdPr9WMBeLAsO45hmHFardamsrJSWFlZyW0rFAprhg0bxnNxcRE5 OTm1e+tPUxOLxQgICEBaWlqHaxBmZmbw9/dHSkoKNBrNIplMtjYmJuYzU5SPwoEQMmBFR0dXAMi4 /8NpGhoMw/iwLDunvr7e/vr167h+/ToYhtHb2Niohw8fPnjYsGEYOnRoXxS/SwExdOhQPPfcczh2 7BgYhtkaEhLyY2xs7OmeLhs1KxFCusUUzUrdlZubW5OTk1OUm5t7Njc3NyU3N3ebj4/P9wB+BWAO 4ImamhqLW7du4fLly7hy5co9lmUFQ4YMYXq7RiESiTrdxDR06FDU1taioqKCxzDMHG9v7125ubk1 PVmuZjWHkpKSnjw+IeQhN1CuGVFRUTkAcgB8HBwcLBYKhbNZlp0BYE5tba3TmTNncPbsWf2wYcPq R48ebeHs7NxrZetKDeIPf/gDfvvtN1RUVDixLPsRgNU9WSYGGNjrmBBC+hVFdHT0h31diM6SyWSz AYQwDBOE+1+aRSJRzdNPPy1yd3fniUSiXimH4cZBtbW1GD58OGbMmNHm9lVVVUhKSgLLslqWZSfE xMTk9VRZjGoOTz31FFxcXHrq2ISQR8TNmzfx888/93UxuiwmJuYIgCPh4eH2Wq12FYCwuro6px9/ /BFnz57Vuri4aH18fERisdik5TDUIL777jvcuHED586dw/jx41vdfujQofDw8MCVK1cEAD4FMK2n ymIUDi4uLggICOipYxNCHhFpaWkDOhwMIiIiygB8rFAoPikpKZnNMEyYXq+fc+PGDVFRUZHezc1N 6+PjY25tbW2yMojFYkybNg1HjhxBbm4uhg4dapgA1yIfHx8UFhayDQ0N0tDQ0CVRUVH7eqIcNEOa EEIeoFAotNHR0d9HRUXN1+v1wwHsZFlWf/36dfN9+/Zps7KytLW1tSY7v7OzM3x9fQEAJ06cQNMh uQ8SiUSYMGECAwAsy24JDg7ukTYwCgdCCGlDbGysMjo6+nWdTjeaYZh4vV4vuHTpkmDfvn0Nubm5 +vr6epOcd9y4cXB3d4dGo0F6ejraCqPRo0cbhuO6mpubr+qJ81M4EEJIB8TFxRVERUX9iWXZZxiG SdNoNObnzp3jJSYm1l2+fNkk6z0999xzsLOzg1qtxtGjR1s9h+H+EfeF9cS5KRwIIaQTYmJi8qKi oubzeLxpLMtmNDQ0iH744QckJyfXd+RmPp3BMAxmzpwJKysrlJWVITMzs9VtXVxcIBKJrNTt8gAA IABJREFUWADjeuLmQBQOhBDSBZGRkRkxMTHTWJZdBEBZUVEhTEpK0v388889WouwsLDgVnK9evUq 8vPzW9yOz+fDw8ODAQC9Xh/a3fNSOBBCSDfExMQkNTQ0eN7vj+D/+OOPSElJaejJWoREIoGfX+Nt HLKysqBWt7wY6+jRow1/DZLL5TbdOSeFAyGEdFN8fLwqKirqTwACACh/++03856uRbi5uWH48OHQ aDTIyMhocRtra2vDXDURwzDd6pimcCCEkB4SHR39fUu1iDt37vTI8f38/CASiVBaWorLly+3uM39 24pCr9fP6c65KBwIIaQHtVSLSE5O1vTEGlQikQhTp04FAJw5cwYtNV05ODgAABiG8VEoFF1eeZvC gRBCTKBJLSKtoaHB7ODBg/rWvu13xrBhw7j5DydPnmzWbGVhYYEhQ4boAVgrlUqfrp6HwoEQQkzk fi1iPsuyG1mW5f3www84efKkvrv9EL6+vrCyssLt27dx4cKFZs87OjryAIDP50/t6jkoHB5By5Yt w7Rp01od8WAQFxeHadOm4fTp08jLy8O0adMwbdo0bNu2rc39ZDIZpk2bhvXr1/dksQkZsGJiYt5n WXYFAPW1a9d4aWlpuu4svyEUCiGVSgEAOTk5zZbXaHJPHr+unoPC4RHk6uqKjIwM7NvX9vpcW7Zs wcWLF+Hl5QWVSoWMjAxkZGRg+/btre6jVCoRGxuLjIwM5OX12OrBhAx4MTExexiGmQZAWVZWxv/2 2281ba2Z1B5HR0eMHTsWOp0OP/zwg9FzdnZ2AACWZSkcSMetXLkSAJCYmNjqNpmZmSgoKMCKFSvQ dC17GxsbKJXKVmdqJiUlwZQrVhIykEVFReUIBIIJDMOcrqmpMUtJSdHdvHmzy8ebMGECLCwscPv2 bfzyyy/c41ZWVgDAAhB3tVOawuER5OHhAalUiqNHj0KpVLa4TUJCAgBg1SrjodJBQUEAGkOgJbt3 7+a2IYQ0FxERUVZfXz+NYZh4nU7HT09PZ2/cuNGlY5mZmWHChAkAGpuXdDod95yVlZUOAMrKypy6 cmwKh0dUcHAwALTYtFRXV4fExET4+vpi3LhxRs85OTnBz88PBw4caLZfQUEBcnJysGjRIpOUmZCH RXx8fN394a7bATBHjx7tckC4u7tj6NChuHPnDi5dusQ9LhQKAQAsy3ZppjSFwyNqyZIlEIvF2L17 d7PnkpKSoFarERIS0uK+K1asaLFpad++fbCxscHs2bNNUmZCHjbR0dHr0c2AYBgGkyZNAgDk5eXB sIS4UCgU3H++S+28FA6PKJFIhKVLlyIvLw8XL140em737t2wtrbGkiVLWtx34cKFEAgEzZqWDhw4 gKCgIPTW/XYJeRj0REA4OzvjiSeeQH19Pc6dOwcAGDRoEABAr9d36d7PFA6PMEN/QtOmJaVSiaNH j2LFihWtdizb2NhAKpUaNS1dvHgReXl5WLp0qWkLTchDqCcCYtKkSWAYBpcuXcKdO3dgbm4OAGBZ tks3vqZweIT5+PjAy8sL8fHx3GN79uyBVqtt1hH9oKVLlxo1Le3btw9OTk7c1H5CSOd0NyAkEgme fPJJsCyLs2fPcn0ODMNQOJDOCwkJMbrIx8fHY9y4cfDxaXvWfWBgoFHTUmJiIhYtWgSBoMtLuRDy yGsaEBkZGfqKiopO7T9x4kTw+XzcuHEDNTU13SoLhcMjbsmSJRCJREhISEBOTg6uXr2KsLD27zLY tGkpLy8PBQUFWLhwYS+UmJCH2/2AiNVqtbzDhw/rOzOT2sLCAk899RQAoLS0tFvloHB4xNnY2CAo KAjJyclISEiASCTC8uXLO7RvcHAwlEol3nzzTbi6unI3IyGEdI+jo+NqlmUzamtreYcPH2Y1Gk2H 9x07diz4fH6LK7Z2BoUDQUhICCoqKhAfH4+goCCIxR1rogwMDIRIJOI6sAkhPUOhUGgZhnkRQEFF RQVz6tSpDu9rYWGBkSNHdrsMFA4E/v7+8PX1hY2NDV599dUWtxGJRHB1dTUKDmtrayxduhSurq7N mpRcXV1hb29v0nIT8jCLjo6uADAfgLqwsBDnz5/v8L4PTF7t0thy6j0kAIDs7Ow2n/f19UVLoye+ /PLLFrfv6mxPQsh/RUdHX5XJZIsYhknLyckRPPbYY4bbgLZJIpHgiSeewK1btwDAqyvnppoDIYT0 YzExMUdYln0DAP7zn/+wHV3J1VB7YFnWtyuL71E4EEJIPxcTE/MZwzDxWq2WOXbsGDrSQT1s2DCI xWIwDCO+detWYGfPSeFACCEDgIODgwxA3p07d3D27NkO7WOoPfB4vDc6ez4KB0IIGQDuj2D6GAAu XbqEkpKSdvdxd3eHUChkWZb1DQ0N7dT9pCkcCCFkgNDr9f6Gv2dkZHArsLaGz+fjySefZACAZdmO TWC6j8KBEEIGAJlM5sUwjAxoXIX13r17OH36dLv7DR8+3PDXTt1ohcKBEEL6OYVCIeDxePEA+NOm TYNcLodQKER+fj7au82ovb09LC0tWQBOcrm8w8sYUDgQQkg/V1JS8heWZZ+2tbXFggULYGtrixde eAEAcPLkSdTV1bW5//9v7/7joqryx4+/7gyCsmC4tIhsfKTgi4qaJIo/wtXCH+nKatmqubqyKgNO apZuP/xkzWfd1dLYTFtkBtywWlOK0nRFKQx/JImMkZoWC4pLAVEkgTvKMDP3+wfMLOMMCMpPPc/H o0cw99x7z8zgfd97zvucExQUJNX/2OwJ0ERwEARB6MRiYmJCgdUKhYI//OEPtqm4x40bh5eXF1ev XnVYlfFaQUFB1h+b3bQkgoMgCEInFR0d3V2hUOwAlOPHj+eee+6x2/7LX/4SSZK4cOFCk7Owent7 4+npaQbuiouLG9ecc4vgIAiC0Em5ubmtkWW5n6+vL7/5zW8ctldVVSHLMnD9KXCCgoKUABaLpVlZ S3ZDqr/++utmVlkQBOG/xLWj9S1atGikLMtPKhQK5s+fT7du3RzKWKfSkGVZrqiokPLz8wkODnZ6 vLvvvts6ed90jUazWKPRmJo6vzU4lAHk5+eTn59/4+9GEITbXVlHV+BWoFarfc1m89uyLDttTgIw GAwYDAYkSZIBCSA3N5fAwECUSqVDeWvTUnV19Z2lpaVjgcym6uACoNPptCqVCkDMsSwIwo0q0+l0 2o6uRFdXHxiyZFkODAoKctqcBHZPDZKPjw/du3fn3//+N6dOneK+++5zus/dd9+tPHXqFLIsR9Cc 4AB1AeJG34wgCIJw81Qq1Z0mk+kToJ+/vz/Lli1z2pwE2Fp5rFlMJpOJ+Ph4Tp8+Tf/+/enRo4fD Pr6+vtQHh3HA/zVVF9EhLQiC0Amo1WoP4AOgv6+vL8uWLbOlrV6rtraW9PR0AKzNTsHBwYSGhlJT U4Ner3e6n3UBLkmSRkZHRze5CJAIDoIgCB1MrVZ7mEymdCDC19eXFStW0LNnz0bLf/jhh1RXV3Nt FtOMGTNQKBR89dVXTteQdnNz4+c//7kR6O7q6trkRHy2ZqXY2NhZsiz3v4H3JQiCgCRJX2m12p0d XY+uRqPRuHz77bd7JEmK6NmzJ8uXL28yMJw/f56PP/4YZ1lMPj4+jB07lk8++YTPP/+cBx54wGH/ Pn36uP74449IknQ/0OjoORewBYYdN/MGBUG4vcmyTGxsLCJANF99YHhHkqRxPXv2ZMWKFfTq1avR 8lVVVbzxxhtYLBYmTpzoNItp0qRJHDp0iMLCQkaOHOnQ9+Dr68uXX35p7Xd4ubFzuQBYnxj69OmD n5/fDb1JQRBuXyUlJZSWliJaH5pv0aJFd5WUlHwgSdIwa2Cw9gk4U1VVRXx8POXl5TSVxdSrVy/C wsI4ceIEX375JcOG2bce9enTx/pjhEajcWlsvIPdIDg/Pz/CwsKa/+4EQRDqNTV9g2AvNjY2sr61 5k5vb2+WLFnSZGC4fPky8fHxlJWVcb0sJoDhw4dz4sQJzp07x3333Wc37qFHjx54enpeqa6u9vj2 228HAXnOjiE6pAVBENqRSqX6X1mW9wN3Dhw4kOeff77JFpuamhq2bNlCWVkZ18tiutbVq1edDmzu 06ePa/2PYxvb16WxDYIgCELriY6O9nJzc3tLluWpCoWCX//610ydOrXJfWpqati0aRMFBQU0J4vJ qqioyPbzmTNnGDBggN12Hx8fZX5+PpIkNZqxJIKDIAhCG6tfxe1dWZaDPDw8WLBgAQMHDmxyH4vF wuuvv05BQQHNyWJq6JtvvrFOqfFdZWVl7+LiYvz9/W3brZ3ekiQFOT+CaFYSBEFoU7GxsQslSToK BPXt25dVq1Y1KzAkJSWRn59Pc7KYGjIYDJw9e1au/zUR6p4eGrrjjjsAkGW50eAgnhwEQRDaQFxc 3CCLxfKqLMvjASIiIpg9e3aTHckAly5dYsuWLVy8eJHmZDFdKycnB5PJpAD2G43GjW5ubn/85ptv 3C9dumQLMD169ECpVNaazeY7o6OjvVJSUhxGzIknB0EQhFYUHR3tpVKpNlssls+B8T/72c/kBQsW MG/evOsGhq+++oo///nPXLx4EW9vb5588skWBQaAQ4cOASDLcnJKSkqlLMvbAQoLC+3KeXh4GAHc 3NycPj2IJwdBEIRWoNFoXEpLS+fLsvwScKdCoeCBBx5g6tSpkru7+3X337dvH3v27MFisTBw4EAW LVpEc/Zr6OLFi5SUlAD8UFtb+08AhULxD4vFsuj8+fN2Yx68vLyUP/30E0AgkHvtsURwEARBuEmL Fi0aWVJSshkYBjBgwABmzpzZrEHFBoOBN954g1OnTqFQKIiKirpuFlNjrGtJS5KUkpKSchUgMTEx KzY2tvSnn37qU1FRgbe3NwC9evXqfvHixUYHLorgIAhCl6NWqz3MZvMIrVbb5JoE7VAPX5PJtAGY C/Dzn/9cnjFjhnTtqOTGFBcXo9PpKC8vp7lZTI2pqanh+PHjAMiyvLXhNlmWdwLLL1y4YAsO1k5p QAQHQRC6vujoaC+z2fyZLMv9YmJi5iYlJf2jveuwcOHCIKVS+YTJZFoEdHdxcZEnTpwoTZkyRbpe v4LVp59+ys6dO6mpqaFv377ExsbaLtw34vjx49TU1CDLclZSUtJX12xOA5Y3bFpqEBxEn4MgCF1b /dTWe2RZ7gdN5+m3hdjY2EhguSzLtnafoUOH8uijj0rNvbCXlJSQmprKuXPngOZnMV2PtUlJoVAk XrtNp9MdvbZpSQQHQRBuCQ3XPGjP80ZHR3d3dXWdRV1QCAVwcXGRR48eLUVGRjY7m8hgMPDhhx9y 6NAhLBYLHh4ezJw5kxEjRtx0HS9evMjFixcBfqipqdntrMy1TUvdu9vW+vFyVl4EB0EQOj2NRuNS UlKSDkT07NmTe++913an3Fbq+xNigTjAF8DT09MyYcIExf333y95eHg06zgWi4Xs7Gzef/99Ll++ jEKhIDIykqlTp7Y4G6kx7733ngxIDTuinXBoWpIkySLLssLZ7KwiOAiC0Kk1WPMgwjooLDfXIfOy 1c5VWlo6FphrMplmA90B+vbtK0dGRkrDhw9XKBTNHx52/vx5duzYYb2rb1EWU3NlZmaSn58vAWWy LDe6PoNOpzsaFxdX9tNPP/lam5bc3NwMV69e9SgrK7sLKGpYXgQHQRA6rQaB4dHmjBa+kSym6Ojo 7m5ubpNkWX60pKRkKvXNLJIkyUOGDGHChAkEBQVJLal3VVUV7733ni17yNvbm0ceecRhbYWbVVZW xgcffGD9dZFOp/uhqfJms3mXJElx33zzzXU7v0VwEASh0yopKXlLkqRH3dzcrrvmQXR0tJfJZMoG +l8vi0mtVnvU1tZOkyTpUWC8LMu2NqK77rrLct999ynCw8MlHx+fFtW3vLycgwcPcvToUWpra+nW rRsTJkxgypQpN93hfC2LxcK2bduora1FkqQUrVb7z+vto1AosmRZjvvuu+8A6N69u3z16lVkWb4T 8eQgCEJXoFKpXgVmu7q6ysuWLZP69u3baFlrFhP1OfvOsphUKtWdkiRNk2V5tslkipAkydYjGxgY aBkyZIjivvvuw8fHp8XTCn311VdkZmZy6tQp22v1WUw3lZ7alH379nH+/HmAopqamiebs4/ZbP5U oVBQVlYGgIuLixlAkiSHDhQRHARB6HTqA8NyV1dX+YknnpCCghrPWHWWxSRJkqJ+muwR1I1aHgkM kmXZul3u16+f5b777lMMGTKEXr16tTgg1NbWkpubS2ZmJsXFxQB069aNUaNG0ZIsphtRXFzMP/9Z 96CgUCj+4GziPGeSk5O/Wbx4cUlNTY1fRUUF1E3r7ZQIDoIgdCoqlWodsFyhUKBSqZoMDJIkKayB oWEWkyzLz0qS9ELDsi4uLpZBgwZJ9957rzRkyBDJw8OjRf0IVlVVVRw+fJhDhw5RVVUFQM+ePRk/ fjz3338/zc1iulG1tbVs27YNi8UC8HpiYmJWS/Y3m80Hgbnl5eXccccdyh9++AGLxeLwWCaCgyAI nUZMTMwTwLOSJMkxMTHS4MGDmyxvsVhWSJL0M09Pz2uzmFy9vb2NQUFBrn379iUoKAg/Pz/Fjbb7 WywW8vPzOX78OCdOnKC2thaAvn37EhkZyfDhw2lJFtPN+PDDD61PKl+5uLg8dwOHOArMvd6a3yI4 CILQKcTExDwhSdJGSZJklUolDR06tNGynp6eAFgDw8qVK+2acR566CEefvhh18b2b47a2lrOnj2L Xq/n9OnTGAwGABQKBaGhodYspps5RYvl5+fz0UcfyYDZYrH8ISEh4XJLj6FQKD61WCx89913/M// /I8SQJZlh4FwIjgIgtDhVCpVLLARYM6cOU0GBoB//etfALi5ubF06VKH9v0bfUKoqakhLy+PkydP cu7cOWpqamzb/P39CQ0NJTw8nJZmMbWGL774guTkZIssywpZll9KTk7+7EaOk5iYeCYuLu7y5cuX PUwmUw8ASZJEcBAEoXOJiYmZAbwOMHPmTH71q181WT41NZUTJ07g5ubGsmXLaCqLqTkuX77MF198 wYkTJygoKLA1GQEEBQVx7733Up/FdFPnuRknT54kKSkJi8WiADYmJSWtvslDZgFTrSmtzojgIAhC h4mJiZkhSdIOwGXmzJlERkY2WT41NZXMzExbYGhps47FYuHbb7/lwoULXLx4kfPnz1sXxwHqmowG DBhAaGgo9VlMN/K2WlWDwACwUafTNStttSkWiyULmFq/2I9TIjgIgtAhVCrVr4EdgMtDDz103cDw wQcfkJmZiUKhICYmplmB4dKlS1y4cIELFy5w/vx5iouL7ZqKoK4JauDAgdx7770MGTKkzbONWqIt AkO9a6f0diCCgyAI7U6lUkVQHxgiIyN5+OGHmyyfmZnJ/v37bYHhellMx44ds0s1bcjHx4e7776b BllMrT56uTW0YWAAKLxeAREcBEFoV/WBIR3wiIyMZObMmU2Wz8zMJDU11RYYmuqs7tmzJwD1A7xw d3cnKCiIvn370rdvXwIDA1ttJtS21MaBAT8/v4KGzWnOiOAgCEK7iY2NHSbLcjrgMXz4cHnmzJlN DkQ7fPgwqampADz22GNNBgbA1pnt5ubG3Xff3aGdyDfq5MmT6HQ6WZZliTYIDAAajcb0+OOPl9TW 1jY6PawIDoIgtAuVStVfluU9gMfQoUPlBQsWNBkYTp48yTvvvAM0L4vJqrnlOqOPPvqItLS0Ng0M DRQBIjgIgtBxVCpVf+ATwDc0NNQUExPj0tSI4obNKs3JYurqLl26xLZt26xLh0rASzqd7kZGPzeb 0Wg8JUnS6Ma2i+AgCEKbiouLC7BYLJ8Avvfcc48pNja2ycBw+vRpW2BoThZTV/fFF1+wbds2+T// +Y8ElFG3LsN1p9++WZIkFTS1XQQHQRDaTP1Sm+mA7913321cvny5a1OBoaCgwBYYmpPF1JXV1NTw 3nvvcfjwYahb4nOvLMt/uN6CPa2oyZxdERwEQWgTKpXqTpPJ9AnQPyAg4MqTTz7Zw83NrdHyBQUF bNq0iZqaGpqTxdSVFRcXk5ycbF1X4SqwUqvV/q2dqzGyqY3tM41gI2JjYxk2bBgjRoygsrLx6ch3 797NsGHDGDZsGNdLv7rZulzP3r17GTZsGHv37m2TejTF+hlc+99vfvMbYmNjHer0m9/8ht/85jft WsfY2Ng2PeewYcOIjY1t0T6zZs1i2LBhbNu2rcXns36216PT6dr077OLmg/0lyRJXrhwYZOB4eLF i7bAMHz48Fs6MHz00Uf85S9/kesDQ55CoRiu0+naOzBA3ToXjeoUTw5ms5lDhw4xbdo0p9sPHDjQ zjXqvLy9vRk92r4PqbKyEr1ej16vp6SkBJVK1UG163xOnz5NYWEhnp6epKWlMX/+/I6u0m1DoVCk ybK8TJbl//nb3/7GihUrbOMQGiorK+P111+npqaGoUOHsmDBgg6obdur73SWz507J1HX6bzRaDQ+ l5KScrW966JSqe4E7myqTIcHBx8fH4xGIwcOHHAaHMrLy8nJycHf39+22lJHmjp1KlOnTu2w8wcE BPDiiy86vF5eXs6sWbNISUlh5syZeHk5TLLYLrRabYectzF79+7F1dUVlUpFfHw82dnZjBo1qqOr dVtITEwsUqvVI8xmc1ZZWVm/NWvWsGLFCrsZVMvKyoiPj6eqqoqhQ4cSExPTbusitBeDwcDBgwf5 6KOPTFevXnUBvpEkKVqr1WZ2VJ0UCsWg+gF2jerw4ODi4sKYMWPYtWsXlZWVDhe1zMxMXF1dGTdu HG+99ZbD/pWVlZw8edI213rfvn0bHVp/+vRpLl68CEBwcDDBwcFOyxUWFlpTyhg6dCh+fv9NBa6o qKCoqIiAgAC8vb2prq4mPz+f4OBg3NzcOHr0KAaDAS8vL8LDw3F1dZxSvri4mDNnzmA2m/Hx8SEs LAylUtmMT6txPj4+TJw4kbS0NM6cOUNERITddut7VyqVhIWF2QYHWd+Pv7+/w4Ahs9lMXl4e3t7e BAQEAFBUVMSZM2eAuqeYsLAwu/eYn59PTU2Nw3dQUVGBXq/HaDTi6enJqFGjHD4bg8HAiRMnqK6u BqBPnz6Ehobe8GdjNBpJT08nNDSUyZMns3HjRlJTUxsNDgaDgc8++wyDwYCPjw/h4eGNHjsvL49v vvkGV1dXp8ezfq6DBw8mLy+P8vJyu78ls9mMXq+nvLwcgCFDhuDv7+9wnMrKSnJycjAajbi6uhIe Hu7wb8RsNpOTk2MbFTxgwAACAwOb9yG1sYSEhDK1Wj3MZDKlV1VVRcTHxxMbG0tQUBAVFRW2wBAU FHTLBQZrUPj4448tV65cUVB3vd0BLNVqte3V6eyUxWIZeL0yHR4cACZPnkxaWprTpqXMzEzGjRtH jx49HPbbsmULKSkpmM1mu9fDwsLYvHmz7eJTUVHBypUrOX36tF25KVOm8OKLL9pdfNatW0daWprt d6VSyfLly3nssccAyM7ORqPRoNFomDp1Kvn5+cTGxrJq1SqSk5Nt/9ih7i5fq9XaFhg3m83Ex8fb Rnw2LPfKK6/YLsA3ylmbrslkYtWqVWRkZNhec3V1ZfXq1UyePBmz2UxsbCyRkZG8/PLLdvtmZ2ez fPly1qxZQ0BAAC+88AL79u2zK+Pt7c0rr7xiCwbx8fGUlpby4Ycf2sr8/e9/Jzk5GaPRaHvNx8eH hIQE23tOTU1l48aNdmUAAgMD0Wq1N/QklJGRgcFgICoqCi8vL8aMGcORI0coLy93CIR5eXmsXLnS ru9r4sSJmEwmu3IGg4GVK1eSk5Nj9xmEhYXZlbP+ncybN892UxMaGkpycjJFRUU888wzFBbaT28z ffp0nnvuOdvf4969e1m7dq3dZ+Lq6sry5cttbfJFRUUsW7bMoa9jzJgxvPLKKzd909EaEhISLqvV 6skmk+mtqqqq6Zs2bWLevHns3bvXFhiWLVt2ywSG2tpaDh8+THp6uqW6uloBKGRZzgKeTEpKyuvg 6ln1v16BTvFthIaG4uPj49C3UF5eTl5eHpMmTXLY59ChQ2zdupUpU6bw8ccfk5uby8cff8zEiRPR 6/Wkp6fbyq5cuZKzZ8+yevVqjh8/zrFjx5g5cyb79u2zjcC00uv1aLVacnNzefPNN/H29mbjxo1N dpgDvPzyy0RFRfHxxx9z+PBh5s2bR1FRETqdzlZmy5YtpKamMmPGDA4fPkxubi5arZbq6mqWLVvm cGFsiYqKCg4cOIBSqWTQoEG218vLyyktLeXNN9+0nc/NzY3169fbnlzCw8M5cuSI7enLat++fbi7 uxMZGUlGRgb79u1DpVJx/PhxcnNzSU5O5sqVK2zYsKHReqWnp5OQkMDo0aM5cOCA3X5PPvkkZrOZ 06dPs379eoYNG2b7Lg8fPsyMGTMoLCx0CKbNtWfPHlv9AaKiojCbzXbBH6C6upqVK1eiVCp54403 yM3N5b333iM/P98u2AP89a9/JScnh6VLl3Ls2DEOHz5s+3ycSUtLY/ny5axdu5aFCxdiNBpZtmwZ paWlxMfHk5uby7Fjx1CpVOzatYstW7bY6rR27Vq7z+TAgQMEBQURHx9vq9df//pXqqurbd/vsWPH mDdvHkeOHGH37t039Lm1hYSEhMt+fn6/lSQppaamxpapYw0MTXVWdxW1tbVkZmby3HPPyampqVRX VytkWc5SKBQPJCUlPdCJAgOSJA2r/7/cWJlOERwAxo8fj16vt7sI7927F3d3d6eP7ZWVlYSGhvLU U0/Z7iq9vLxsnbHWRSzy8vI4ffo0c+bMYdq0aSiVSlxdXVmxYgUhISEOd28vvvii7S4wJCSEOXPm YDabHcpdKywsjMWLF+Pl5YW7uztLlizB09OToqIioO6Oc/v27YSGhvLcc8/ZJv/FAaLVAAAgAElE QVQKCwtj6dKllJSU2AW0xpSWlqLT6ez++/Of/8ycOXOoqKhg3rx5DnfZf/rTnwgJCbGdb/LkyVRX V9v6cKKiojAajXz00Ue2faqrq8nKymLixIm4urra3seoUaNsd6OhoaFoNBqmT5/eaH3feustvLy8 WLt2re0JKjQ0FJVKRY8ePSguLub77793+C7d3d154oknbO+5pYqLi9Hr9bb6A0RERODl5cWuXbvs njbT09OprKzkmWeesT0BBQQEsHbtWrtjVldXs2fPHsaMGcP8+fNxdXXF3d2dp59+utEmyhkzZjB3 7lwmTpzIqFGjSE9Pp6SkhBUrVjB27FgAW59IWFgY27dvx2AwUFhYiNFoJDQ01PaZeHt78+yzz7J8 +XLbd1BUVISPjw/9+vWzHWvx4sWo1WruueeeFn9ubUmj0Zi0Wu0fJEk6AiBJEvPnz+/ygcFisZCd nc3zzz9vDQoScNQaFBITE7M6uo7XkmW5P8Cdd95paqxMp2hWAnjwwQfZvn27XdOS9UnAWbv9tGnT 7JqgysvLKSwstHvcB2zt49cGGKVSyZtvvulw3GvbypvbnHHtfkqlEk9PT9sd3pkzZzAajfj7+6PX 6+3KWt/f6dOnG83YsiopKbF7GrEKCAggOjraIQXQx8fHoS3b+p4qKioICAggMjKS9evX2yUFHDx4 EKPRyOTJkwEIDw9Hp9OxbNkyIiMjGTNmDMOHD+fBBx9stK7W/hhn3+Fjjz1ma6oLCAiwO461vd76 3d0I611zw+QBpVLJxIkTSU1N5dChQ7ZzWr+PkSPt076Dg4PtPrsvvvgCs9ns9GZl/Pjx5OfnO7we Ghpq9/vx48cB6NGjh8PfgZ+fH3q9nsLCQkJCQvDy8kKr1XL27FnGjBnDqFGjCAkJsQV6qPtedu3a xbx58xg/fjzDhw9n8ODBnTrjR5Kk38uyrJdl+edNZTF1drW1teTm5rJ3717TDz/84EJdBlKeJEka rVbbeR7brlE/MNHLw8ODO+64w/L99987LddpgkPDpqVp06ZRXFxMfn4+y5cvb3Sf999/n127dvH1 11/b7gQbdh4DtqaSu+66q+0qD4227VrrZQ0Se/bsYc+ePU7LNidHfvDgwfzlL3+xe+3OO+90GkCh rsP/elxdXW2d2db2+D179uDn52d7irI+JSQkJLBr1y527dqFUqlkxIgRxMXF2V2wrKwdy3fe2WTG HFDXP5CamsrZs2dtzWvOOmibw2w22/pGXnjhBbtt1r+H9957zxYcrE+rzqZybtg30dxyDV27cIy1 03jVqlWN1r+0tJTBgwezadMmXnrpJbKyssjKygLqAtasWbNsQfypp57CbDZz4MABEhISgLonjEmT JhEXF9cpp6euz2IaaDKZ9GVlZX7Ospg6s4KCArKzs9Hr9bVXrlzpRt11tNMHBava2tohkiTh5+eH p6enCXD66NZpggPU3X3t3LmTyspKPvroI7y8vBw6+qysTSqDBw9m+fLlBAQEMGDAAAwGg9NBWJcv X27r6jfJevFeunQpEyZMcFqmOY/Xrq6uDgGwNUydOpW0tDTS09OZMGECeXl5DuMlrGm8Z8+e5cSJ Exw7doxjx46Rl5fHjh07Gq2XNUg0Zu/evWg0GgIDA1Gr1QQEBBAcHIyPj0+zBiZeKzs7m/LyckaP Hm3X/2KVkZFBTk6OLeusqc/dbDbbAn9jAdharjmsx/rggw8avaGwPtmFhITw5ptvUlJSwmeffUZu bi5ZWVmsWbMGpVLJ1KlTcXd358UXX+SPf/wjJ06c4Pjx42RlZbF9+3aKi4t59dVXm1Wv9lafxdTP ZDLlVFVVDXjllVeIi4tr8bKf7aWkpMT6Ny9XVlZaZ5PtBuTKsrwxKSnpHx1Zv5aQJGkQ1N18NdWX 2qmCw9SpU21NS3v27GHKlCmN/gN655138PHxITk52a6MtW/Aeqduvfu0pps29Mwzz1BeXs4bb7zR Fm/HjjW1sLi42OEiWlFRQXp6OoMGDbK1y7e3wYMHExAQYJcU0LBJJjs7m8LCQubOnWtr2pg/fz7b tm1j8+bNnDx50uF9+fn54e7ubuuvaOjQoUPEx8fz/PPP89Zbb+Hu7k5ycjKenp62Mjc6rmXXrl1A 3V21swwwLy8v1q9fz+7du3niiScIDAzk2LFjnD171u4JyNrXZP27sX6HZ8+edRjr8vXXXzerbv36 9bOlnV7b5JSdnU1paSljx46ltLSU7OxsJk6ciJ+fH4888giPPPIIhYWFzJo1C71ez4MPPsj+/fu5 6667CA8PZ+zYsYwdO5YVK1Ywa9Ysjhw50uzPrCPUZzGFm83mfdXV1WNee+014uLiGDjwulmW7eLS pUucPHmS7Oxsubi42BoQJKBIluW3JUn6h06nu+5ym52NJEmDZFnG19eXy5cvWwc7ONw9d5oOafhv G+/WrVspLi5usj3b2Z2a0Wi0TZFg3R4REYGnpydvvfWWXTZOYWEhWVlZ7bYYSGBgIMHBwezbt4+8 PPukhddee42NGzc6ZMa0t6ioKPLz89m3bx9hYWF2F/vs7Gw2btxIdna23T7W9Xgb+xwnTpzI6dOn 7fqCzGYzO3fu5IcffiAwMND2XTUM8mazmaSkJOC/TTHNUVFRwZEjRwgJCWk0NXjy5Mm4urqya9cu u36VpKQku7+rt99+2+6px/odpqen2wW8oqKiZiUTWM8Ndd95w7/HiooKVq9eTUJCgq2vyjouoyHr 5+3p6YmbmxubN28mPj7eIdPMmonW2SUkJFzu06fPg5IkfWA0Gnn99dc5efJkh9WnpqbG+rcuW7OO 6gPDD7IsJwJjdDrd3UlJSau7YmAAkGV5ENQ1tVssFmvQcxh30ameHKDuYrJ161Z8fHwc7qwamj59 Otu3byc2NpbRo0djMBjIzMzE09MTV1dX2z8WT09Pnn76aTQaDbNnzyYyMhKDwUBGRgZeXl62jJj2 oNFoUKvVqNVqJk2ahI+PD3q9nry8PCIjI5k4cWK71cWZqVOnkpCQQGFhIRqNxm7b3LlzOXDgACtW rGDSpEn06dOHwsJCMjMzCQsLa7T5b8mSJeTl5bF06VLbfkeOHCE/P5+nn34ab29voqKi2Lx5M4sW LWLcuHGYzWaOHDnClStX8PLyum6zVEPp6emYzWbbRdgZT09Pxo0bR0ZGBhkZGUydOpWFCxeydetW 5s2bx5gxY8jPz0ev1ztcYDUaDYsWLeIPf/iD7Rzp6em2AZHXExwcjEqlQqfT8bvf/c72fvft20d1 dTXr16+3DawLDw8nJSWF/Px8Bg0aREVFBRkZGXh7ezN79myUSiVLly5l7dq1tmMplUqOHDlCcXGx w3fYWWk0GhPwiEql2mqxWBZotdp2XcOhuLjYOvDVdObMGYXJZFJQ94RwFdglSdKOPn36/LO+nreC /oBdH48sy2XXFlIChIWFjQPG+fn5tUl7dmN+/PFH/Pz87LJEfvGLX3DlyhWmTZtm1wx0+fJl3Nzc GDNmDN27dyc8PJwePXpQUFBAXl4eNTU1REVF8dxzzyHLMgqFgvvvvx+A//f//h8jR46kvLyc3Nxc vv/+e+6//37WrFlj+4B+/PFHevfuzbhx4+zqaDAYkGWZUaNG4eXlZfs9PDwcX19fjEYjV65cYdiw YQ53quXl5dxzzz229+ft7c1DDz2EyWTi9OnTnD17ll69ejF//nwef/zx6w4CsnZUNhU0mzr/tZ+l 9T1Zubu7k5uby08//cTq1avtFl3/2c9+RmRkJEajkS+//JIzZ86gUCj47W9/y9NPP20re+132r17 dyZPnoxCoeDMmTOcOXMGf39/nnrqKdvF1Zqu+e9//5vPP/+cqqoqHnzwQVavXm3rUB05ciRKpfK6 n0Fubi6+vr489thjTXbG9unTB5PJhKenJ4MHD2b48OH069ePwsJCTp48yc9//nNefPFFevXqhb+/ v+181s7eH3/8kc8//5zvv/+eefPm8fDDDyPLsu3v89q/m4bCwsIYPHgw33//PXq9nm+//ZahQ4fy 3HPP2Y3KnjBhgq1Z7uTJk1RWVvLAAw/w/PPP2/6dDhgwgJCQEMrLy/n888+5cOECgYGBPPXUU+26 DkJpaak15ThLr9cfupFj6PX6D8PCwizAA19++SUmk4kBAwa0aj0NBgP5+flkZ2ezf/9++e2337Zk ZWUpzpw5Q1lZmaL+Tvpj4E8uLi5/SExMfEev13+dlZXV9FwTXURMTEyoJEnLevXqxeTJkzl+/Lih rKysuyRJWr1e/++GZSUAlUr1IqBp6g5QuPUZjUamTJnCmDFjnM7fJAiNsU78CGh0Ot3/3cyxFi1a tFCSpCRJkqRf/epXPPbYYzc8erqsrIwLFy5QUFBAYWGhXFpa6mxp0gJJko7KsvyZxWL5Z3Jy8jc3 U//OTKVS/S/w54iICObNm8df/vKXyn//+99eCoXi7sTExKKGZTtds5LQ/gwGA25ubqSkpFBZWclv f/vbjq6ScBtLTk7eqlarL5lMpp2HDx92uXz5MgsWLLB7km1KZmYmX3/9tfnrr7/m6tWrDTNarE1F ucBRSZI+k2X503ZcXKczeBRg+PDhdi9evXrVIW1JBAeBDRs22MZeREVFOR2zIAjtKSEh4f3FixeP t1gsB06ePOlWVVXVrGk2Dh8+bO3EtwaFb2RZ/gw4Ksvy8bvuuiv3Fuo7aJH65VpD3dzcHCZmTElJ EcFBcGTtCA8ICGDu3LkdXBtBqLNly5ZDKpUqFDhRUFDgsWHDBpYtW9bkaOqqqirrj28rFIrV1zaV 3M7MZvM0SZIIDQ21PYVVVVV1A5w2o3WqVFahY4waNYoXX3yR+fPnd4pZPAXBSqfTfaVQKAYD3xUX FxMfH29dWvN6CkRgsCdJ0qMA9957r+01k8lkwckYBxDBQRCETi4xMbHIxcUlFMi3Lg4klmNtmfqV 30Z269bNbh64K1euuDlLYwURHARB6AISEhLKXFxcwoC8qqoqXnrpJQoKCjq6Wl2GJEnTAJeBAwfa +m0MBgNms9kVJwPgQAQHQRC6iPo1IYYDmTU1NWzcuLFDR1N3JbIsOzQpWWceUCgUollJEISuTaPR mPz8/B4C/l5bW0tSUhKffvppR1erU1Or1R7AOIVCwZAhQ2yvWyfdk2W5yNl+IjgIgtClaDQak06n WwhoLBYLb775psMqksJ/1dbWTgO6BwUF2U0hf+nSJQAkSbrqbD8RHARB6JLqR2IvAUzvv//+DS8n e6uTJOkhcFx46scffzSB83mVQAQHQRC6MJ1O9zdZlmcDpszMTDIzMzu6Sp1KdHR0d2A6wNChQ+22 fffdd9YnBtEhLQjCrScpKSlNoVBMAP5z7dTltztXV9dIwKNv37706tXLbtv3339fA6BQKP7jbF8R HARB6PISExOzJEkaB1ibSG6n+ZKaMhccm5QAvvvuOw8AhULhdF0KERwEQbglaLXaXIVCMQqI8/Pz 03Z0fTrawoULg4BHXVxc5IiICLttZWVlGI1GN6AoISHBaZ+DmFtJEIRbRv2UGbd9YABwcXH5X1mW XUaOHOkwH1V+fr71x88a2188OQiCINxi1Gq1ryzLsxUKBZMmTXLYXlhYWFv/49HGjiGCgyAIwi3G ZDI9A3QfPny407XE8/PzLQCyLDc6glAEB0EQhFuIWq32BeKgbqnZa1VVVfHjjz+6AZVJSUl5jR1H BAdBEIRbiMlkigW6h4aG4u/v77C9wYSFjfY3gAgOgiAIt4zo6GgvYDnAlClTnJZpEBwa7W8AERwE QRBuGW5ubrGAV3BwMH379nVa5l//+pcFQKFQNDljoQgOgiAIt4Do6Ojusiwvh7q14J2pqamhuLhY AkxXr14VzUqCIAi3um7dusUCvn379iU4ONhpmQsXLiDLsiRJUm5KSorT2VitRHAQBEHo4jQajYsk SSsBfv3rXzdaztrfIMtyk08NIIKDIAhCl1dSUvI74C5/f3+7BX2ulZ+fbwCQJCnrescUwUEQBKEL q1/pTQPOxzVYWSwWCgsLu0HTg9+sRHAQBEHowkwm0zog4J577mH48OGNlvv2228xmUzdgK90Ot11 Z60VwUEQBKGLiouLGwcsUSgUzJ8/H4Wi8Uv6uXPnLACSJF23vwFEcBAEQeiS1Gq1h8VieQPqOqF9 fX2bLH/o0CEDgMVi2duc44vgIAiC0AVZm5P8/f0bHQ1tdf78eX744QcPoOyXv/zl7uYcXwQHQRCE LqYlzUkAhw4dsk7RnaLRaEzNOYcIDoIgCF3Itc1JzibXa8hgMHDixAkFgEKhaPZCSHYrwZWUlNxA VQVBuN2Ja0f7aUlzEkBOTg5ms1kJ7K9fKa9ZrMGhDKC0tJTS0tIbqK4gCAJQfy0R2kZcXNw4i8XS 7OYkgIMHD9YC3WRZTm7JuVwAdDqdVqVSATTd3S0IgtC4Mp1OJ9ZvbiNqtdrDZDI1uzkJ6jqiv/vu u260oCPaytasJL5UQRCEzqulzUkAR44cAUCW5eTmdkRb2YJDbGzsLFmW+7dkZ0EQBCtJkr7SarU7 O7oetyKVShVBC7KToK4jOicnxwJYZFlu8c2/C9gCw44W11gQBKGeLMvExsYiAkTrWrhwYRDwLjS/ OQng008/xWQyKSRJ2pecnPxNS8/rAmB9YujTpw9+fn4tPYYgCLe5kpISSktLEa0PrUutVvuaTKY9 gO+AAQOa3ZwEcOjQISPgKsty4o2c2y6V1c/Pj7CwsBs5jiAItzmR6di61Gq1h9ls/gDo37dvXxYv Xtys5iSA/Px8vv/+e1fgGz8/vwM3cn4xCE4QBKGT0Wg0Lmaz+R1Zlkf6+vqyZMkS3Nzcmr3/J598 Yl3lrcUd0VYiOAiCIHQypaWlSbIsT+3ZsyeLFy+mZ8+ezd738uXLfPHFFy6AyWKxbL3ROojgIAiC 0ImoVKp1sixHu7q6ykuWLLnubKvXysjIMJnNZhdJkvbfSEe0lQgOgiAInURMTMwTwLMKhYK4uDip b9++Ldq/rKyMjIwMBWAC/u9m6iKCgyAIQicQExMzQ5KkVwCio6MZOHBgi4/xzjvvmGVZVsiynKzV anNvpj4u1y8iCIIgtKX6QW47AJdHH32UESNGtPgYubm5fPXVV0rgh9ra2udutk7iyUEQBKEDxcXF DQL2Ay6RkZFMmDChxceora0lNTXVDCBJ0rMpKSmVN1svERwEQRA6yKJFi0ZaLJaPgJ8NHTqUmTNn 3tBx9u3bx08//aSUJOkzrVZ7wxlKDYngIAiC0AFUKtV8hULxCeA7cOBAYmJibug45eXlZGRkWADM ZvOTrVU/0ecgCILQjjQajUtJScka4FmABx54gJkzZzZ79PO1duzYgclkUgDJycnJn7VWPUVwEARB aCdqtdqjpKTkXeAhhULB3Llzuf/++2/4eF988QVffvklQCVw053QDYngIAiC0A5UKlV/k8n0AdC/ Z8+exMTEEBwcfMPHq62tZceOHRbqugee1el0P7RWXUEEB0EQhDYXGxsbCaTJsnyHv78/ixcvxtvb +6aOuW/fPn788UcFkOvn59cqndANieAgCILQhmJiYp6QZfkVwCU0NJQFCxa0aBI9Zxp0QissFsvS G51crykiOAiCILQBjUbjUj+BXjRAVFQUU6dObZVjv/vuu7Umk6mbJEkprdkJ3ZAIDoIgCK1MrVb7 1nc8R7i5uREdHc3QoUNb5djZ2dmcOnWqG1CpVCpbtRO6IREcBEG4rajVao/a2tr7k5KSbmgRnKZo NBqXb7/99nGTyaQBvLy9vVm8eHGzl/a8noKCArZt2yYDkiRJKxMSEspa5cBOiEFwgiDcNtRqtYfF YjkmSdL+mJiY37XmsWNjYyNLSkpOS5K0EfC69957efbZZ1stMFRUVJCYmGiRZVkCNrbWSOjGiCcH QRBuC9HR0d3NZvN+WZYHA0iSFNQax42Liwswm80bZFl+FMDHx4fZs2ff0KyqjampqWHz5s1ydXW1 Atjv5+f3x1Y7eCNEcBAE4ZZX39zzlizLNz7i7BrR0dHdu3Xr9r+yLP9RkiS3Hj16yJMnT5YmTJhw w6OdnbFYLCQnJ1NaWioBX7m4uPy2LbKTriWCgyAIt7zS0tIkSZIe9fDwYMCAAZw4ceKmjhcbGzur Pj31LlmWGTFiBI8++qjUkuU8m2v37t2cOnUK4Aez2Ryl0+kut/pJnBDBQRCEW5pKpXpVluVoNzc3 Fi9ezFdffXXDx4qJiQmVJGmzLMsRAH379mX27Nncc889rVbfhrKzs9m/fz/Urez28NatWwva5ERO iOAgCMItq37ZzeUKhQK1Wk1QUNANBYdFixbdJUnS/0qStAhw6dmzJ9OnT7+peZGup6CggDfffNNW BZ1Od7TNTuaECA6CINySYmNjF8qyvFGhUBATE0P//v1btH99n8Kv6wPCeMBFoVAwfvx4Jk+ejLu7 e5vUG+oyk7RaLRaLBeAlnU63rc1O1ggRHARBuOXExMTMkGVZC/Doo4+2aABafdPRQmA2cCdAt27d CA0NZerUqfj6+rZJna1qamrYtGkTVVVVSJK0t0+fPqvb9ISNEMFBEIRbikqlipAk6R+yLCunTZtG ZGRkc/a5E5gFLAJCra/37duX0aNHM2zYMDw8PNqu0vUsFgtarZaysjKAM0ql8rH2yExyRgQHQRBu GbGxscNkWU6XZdktMjKSKVOmNFpWlmWXmJiYSdQFhKlAdwAPDw9GjBhBREQEfn5+7VPxeqmpqdb1 GcoUCkVUQkJCu2QmOSOCgyAItwSVStVfluU9gEdz1mOWJOlZ6q+BCoWCQYMGMWrUKEJDQ1t1nEJz WCwW3nrrLY4dOwZ1mUm/TUxMLGrXSlxDBAdBELo8tVrtazKZ0gHfe++9t8n1mBuMRXDx9fVl9OjR jBo1irYYo9AcNTU1bNmyhXPnzgFcBma3d2aSMyI4CILQpalUqjtNJtMnQEBQUBCLFi1q8s7/V7/6 FQB33XVXm41PaK6Kigo2bdpk7WMokyQpSqvV5nZopeqJ4CAIQpelVqs9rEtv9u7dW3788cel5iyk Yw0QHenixYu8/vrrVFVVAZyxWCyTk5OTv+noelmJWVkFQeiSNBqNi8lkeheI+MUvfmFZuXKl1JZj D1rTF198QXx8vDUwfOzi4jKqMwUGEE8ObcZoNJKTk8PZs2cBcHNzY8CAAYSHh9uVMxgMHDx4kODg 4JtabLw52vNcgtCW6ifSe0eSpIc8PT0tS5YsUXRUn0FLZWZm8t5771kHuCX7+fkt7qh01aaI4NAG 8vLyWLVqFeXl5Q7bQkJC+NOf/kRAQAAAlZWVaDQaVCpVm1+w2/NcgtCWSkpKNkiS9Kirq6vliSee ULT1wLTWYLFYSE1N5ZNPPgHqsqW0Wu3LHVytRong0Mqqq6t58sknMZvNrF69mrFjx+Ll5UVxcTG7 d+8mJSWFZ555hu3bt6NUKju6uoLQ5ahUqheB5S4uLpYnnnhC0VqL6bSlmpoakpOTOXXqFJIk1QDz tVrtzo6uV1NEn0MrO3r0KNXV1Sxfvpxp06bh5eUFgL+/P0uWLGH69OkUFhaSk5PTwTUVhK6nfiI9 jSRJ8sKFCxVBQa2yXk+bqqqqYsOGDdbAUC7L8vjOHhhAPDm0usrKSgB69OjhdPsjjzyCq6srd9xx h8M2vV5PamoqlZWVuLu7M2PGDCIiIuzKFBcX8/7779v6MpRKJcOGDWP27Nl2E4GZzWZSU1M5cuQI ZrOZkJAQJk+e7LROhYWFpKamUlRUBEBgYCAzZ860NX29/fbbFBUV8fzzz9vtt27dOpRKJU8//bTd edetW8fgwYOZNm1ao59TcXEx7777Ll9//bXtnHPnzrUbkWowGHj33XfR6/XU1NTg6elJVFQUY8eO tZUpKipi27ZtzJ8/n5ycHLKysjCbzfTr14+5c+fi4+Njew+FhYX88Y9/dJgwLT09nZycHKfbhM4j JiZmRv0SnMyfP19qyXxJHaWgoIDk5GQuXbqEJElfm0ymqe057fbNEE8Orcza4bxx40bS09MxGAx2 20NCQnj66acJCQmxez0jIwO1Ws2VK1fw9vYmLy+P5cuXk5GRYSuTnZ3NrFmz2LdvH71798bPz4+K igoSEhJ4/PHHbeXMZjNqtZr4+HjMZjN+fn5kZmaydOlSh/oePHiQOXPmkJGRgbe3N97e3qSnpzNn zhyOHq0bh2M0Gtm1a5ctIEHdRTktLY3U1FRKSkpsr+fl5bFr1y5cXV0b/Yzy8vL43e9+x549e/D2 9qZ3796kp6cze/Zs8vPzgbr879///vds3rwZk8mEn58fxcXFrFixgj//+c+2Y1VUVLBnzx5WrVrF li1bCAgIIDAwkF27djFv3jyKi4sBcHV1Zc+ePRw6dMihPps3b6aoqEgEhk4sJiZmkiRJOwBmzpzJ qFGjOrpKTaqqquLvf/87GzZs4NKlSwBHZVmO6CqBAcSTQ6sLDAxkxYoVbNy4kdWrV+Pq6kpISAih oaGEh4cTFhbmtK+huLgYrVZLaGjdnF9FRUXMmjWLtLQ0Jk6cCNRdxNzc3Ni+fTve3t62fZ988kmO HDlCcXEx/v7+7N69G71ej1qtZsGCBUDdXfiyZcuoqKiw7WftoO7duzdvvPGG7Zjl5eUsWrSI1atX 8+GHHzJ27FgSEhL47LPPbEEtOzsbV1dXjEYjn332GY888ojtdaVS6fDEY2U2m1m1ahWurq5s377d dmdfWFjIvHnzeP3119m0aRPr16+nqKiI9evX8+CDD9r2XbduHbt27bLNkGlVWlrKG2+8YXvamTx5 MosWLWLDhg1s2rSJyZMn2wJ2wycovV5ve79C56RSqSKA9wCXBx980BIZGdlpb2otFguffPIJe/fu xWAwIElSjSzLa/z8/F7ujBlJTem0H3JX9thjj7Fz507mzJmDn58feXl5pJXDiWkAAAuGSURBVKSk oFarefjhh2135A2NHj3aFhgAAgIC6NevH6WlpbbX1Go1L7/8sl1gABgwYACALTvqwIEDuLu7M3fu XFsZd3d3lixZYrffwYMHMRgMLF682O6YPj4+REdHU11dzcGDBwkMDMTf35/jx4/bymRnZzNs2DB8 fHzIzf3vgM6srCzCwsLw9PR0+tnk5eVRXl7OnDlzbIEB6oLqM888w+TJk6muriYrK4vw8HBbYIC6 JrQnnnjC9hTQ0IwZM2yBAWDw4MGMGzeOY8eOUV1djaenJ+PGjeP48eO2pj+oa1JydXVlwoQJTusr dCyVStUf2AN4jB49unbWrFmd9pp1/vx51q5dS2pqqrXFYJckSf11Ot1fulpgAPHk0GYCAgJ46qmn eOqpp6ioqECv15OVlUVmZiYrVqxg8+bNdmMeAgMDHY7Ro0cPuwtZREQERqORvLw8Ll68SFFREUVF Rej1erv9CgsLCQ4OdmjaGTx4sN3v1vb+QYMGOZzb2p5rLTNmzBh27tyJwWDAxcWFvLw8Fi5ciIeH h+38xcXFFBUVNTnhWWFhIfDfgNaQtY8iLy8Ps9nsUF8AT09PgoKCbM1PVg0Dq1VISAiZmZnk5+cT FhZGVFQUGRkZpKen89hjj2E0GsnIyGDcuHGNBjOh48TFxQVYLJZPAK8hQ4ZcnTdvXveOrpMzly9f 5oMPPrDd9CmVym9NJtPCpKSkAx1ctZvSaaNwV1VSUuJw4fL29mbixImsXbuWhIQEzGYzW7dutSvT VBu91aFDh4iKimLRokWsXbuWY8eO4enp6XBhrKysdNp0de1rRqPR6esN63PlyhWgLjCZzWZOnjzJ 6dOnMRgMjBo1itGjR1NRUUFRURHZ2dkAjBs3rtH3YA12Tb1fs9ncaL2gLmhWV1c7vHatay/44eHh +Pj4kJ6eDtQ95RgMBqKiohqti9Ax1Gq1r8ViSQd8AwICrsTExHRv75lSr8disXD48GFWr17N0aNH USgUtQqFYu2VK1eCunpgAPHk0Op+//vf4+7uzocffuh0e1hYGD4+PnbNRc1RUVHB6tWr8fLysvVN WC+eOp3OOtUvAH5+fg4XT/hvMLCyptlevuw4Zbz1Im5tbrI2FR07dgx3d3c8PT0JDg62LYBizRQK CQmxay66Vu/evRs9Z1FREQaDwXahtwama5WXlzvMs//TTz85lLN2lFuDhFKpZMqUKaSkpFBcXExG RgY+Pj4Oo9aFjmcymX4H9K9PWe3RrVu3jq6SnfPnz7Njxw4uXrwIgIuLS2ZNTU1cV+pwvp7OFYpv AaNHj6akpIS9e/c63V5UVERFRYXTZpWmnDt3DoPBwOTJkx06teun+rUJDQ0lPz/flqljZb2zb1gO 6obzX8ua1WMto1QqGTNmDNnZ2eTl5dmyRfz8/AgICCArKwu9Xt/kUwP8twmrYf+F1fr164mLiyMo KAhPT09bWmpDhYWFFBcXO3x+R44ccTjesWPH8PLysmuyszZd7d69m2PHjjFlyhQxGLETUigUaZIk 5cuyLG3cuNE6a2mHMxgM/OMf/+Dll1/m4sWLKJXKbyVJmp6QkDD+VgoMIIJDq1uwYAHu7u6sWbOG devWodfrKSkpoaioiPfff5/Y2FgAu87i5ujTpw9Ql11jfQIwm838/e9/d7gwzp07F6VSyQsvvGDr pC4sLCQ+Pt6uXEREBIGBgbz11lt2KbN79+4lJSWFwMBAu5TBiIgIiouLOXv2LMOGDbO9HhYWRk5O Dmaz2W4MgjOBgYGEh4eTlpZmF0Dff/99cnJymDFjBq6urkRHR1NcXMy6detsT0HFxcU888wzKJVK h89v3759tuMZjUbWr19Pfn4+8+bNs7v4+/v7ExoaSmpqKkaj0S7jSeg8EhMTi5RK5VhJkj6tqKjg 5ZdfdmiubU9lZWWkpaWxevVqDh8+jCRJRlmW/3zlypUgrVa7u8Mq1oZEs1IrCwgI4G9/+xsvvPAC aWlppKWl2W339vYmPj7eaWdrUwIDA5k+fTq7du1i0qRJeHt7U1FRgZeXF8uXL2fjxo2cO3eOsLAw goODWbduHc8//zxTpkzBx8eH8vJyoqKi7MYkKJVKXn31VVauXMmqVatYt24dUDcFSEhICK+++qrd hTUiIgKlUonRaGTkyJG210ePHk1aWhr+/v5OO9avtWbNGlauXIlGo7EFrOrqasaMGcPixYuBugD3 3XffkZqaahsPUV5ejqenp22QXUOjR49mzZo1bNy4EaPRiMFgYPr06U6DcFRUFGvWrGHw4MF2GU5C 55KQkFCmVqsfqq2tfcNgMDz66quvEh0dzYgRI9rl/DU1NeTm5nL06FHOnz9ve12SpExZlpckJSV9 1S4V6SAS2OYq0YSFhREWFtbBVbp1nD59mnPnzlFZWYmbm5vtrrlhZ6zRaOT06dP06dPHoR09Pz+f mpoauwvh6dOnOXnyJIDdnX1eXp5DE0pFRQWHDh2isrKSQYMGER4ejl6vdziX2WxGr9fbmqeczR7b 8PxGo9Hu78T6Hry9vVt0sc3JybGdc+jQoU4DZnFxMdnZ2VRWVuLv709ERIRdR7Neryc2NhaNRsOQ IUNszWGjRo1qNFCdPXuW3//+9zz99NPXXUpSaB69Xm/NWtPodLr/a+3jx8bGbpBleSXUNQ02tTb0 zTp//jyffvopJ06coKamxvqymbqU2vjOsEpbexDBQejSGgaH5jYRvfbaa+zcuZMDBw6IFNZW0tbB AUClUj0OvAYoR48ezbx581ptreeqqiqOHz/O0aNH7fo3FApFtcVi2apQKF7r6DWd25toVhJuC9YB fd999x3bt29n1qxZIjB0MTqd7m8qlaoI2Hns2LGfXbp0icWLF9Ocld+csVgsfPnllxw9epRTp05Z 11cAQKlUXjCZTK8pFIqtiYmJjql1twERHITbgpubG2vWrAHqmuOaWoBe6Lx0Ot0/Y2Njx8myvPfc uXO9X3rpJZYtW0avXr2afQyLxcKePXs4evSodSU2AJRKZaXZbE4B0rZs2XJbNB01RQQHoUsLCwuz m76jMda5nGpqaggJCRHpq12YVqvNjYuLGynL8v6SkpJ+a9euZdmyZTR3XYejR4+yb98+wBYQ3pMk aUfv3r0PdcVpLtqKCA7CbUOsfnfrSExMLFKr1cNqa2v3VFVVjduwYQOxsbEMHDjwuvtanxZkWU7s 3bv3UhEQnBPjHARB6JISEhIu//KXv5wAvF1TU8Prr7/O4cOHm72/JEllIjA0TgQHQRC6LI1GY9Lp dPMAjcVi4R//+AcffPBBR1frliCCgyAIXV59+mw0YNq/fz/JycnU1tZ2cK26NhEcBEG4Jeh0um2S JD0E/OfEiRNs3LjR6QSPQvOI4CAIwi1Dq9VmKhSKkcA3BQUFbNiwwTa/mNAyIjgIgnBLSUxMPOPi 4jIcyCsrK2PDhg0UFNxSE6a2CxEcBEG45SQkJJS5uLiMAfZXVVXx2muvydY5yYTmEcFBEIRbUkJC wmU/P78oWZYTjUajlJSUxEcffdTR1eoyxCA4QRBuWfXjGBbHxsYWWSyWl9577z169uzZ0dXqEsST gyAItzytVvuyJEmzgasN51MSGieCgyAItwWtVrsTmAD8UP/SD00Uv+2J4CAIwm1Dp9MdNZvNo4A4 Pz8/bUfXpzMTfQ6CINxWtm7dWgCI3NbrEE8OgiAIggMRHARBEAQHIjgIgiAIDkRwEARBEByI4CAI giA4EMFBEARBcCCCgyAIguBABAdBEATBgQgOgiAIggMRHARBEAQHIjgIgiAIDkRwEARBEByI4CAI giA4EMFBEARBcCCCgyAIguDAbj2HkpKSjqqHIAhdmLh23HqswaEMoLS0lNLS0g6sjiAIXVxZR1dA aB2S9QeVShUL+HZgXQRB6NrKdDqdWHpTEARBEARBEAThtvH/AeVLQEYaTgygAAAAAElFTkSuQmCC --001a11438ee87740cc052a2ebe73 Content-Type: image/png; name="p2m.png" Content-Disposition: attachment; filename="p2m.png" Content-Transfer-Encoding: base64 X-Attachment-Id: f_ijug1q7n2 iVBORw0KGgoAAAANSUhEUgAAAXMAAAHFCAYAAAAAKRn6AAAABmJLR0QA/wD/AP+gvaeTAAAACXBI WXMAAAsTAAALEwEAmpwYAAAAB3RJTUUH4AEZFC0oxFF5PgAAABl0RVh0Q29tbWVudABDcmVhdGVk IHdpdGggR0lNUFeBDhcAACAASURBVHic7L1/VFNXuv//jhz0OE1tHNM2dtJpGFHpNJ3GmfgpTrEm I71ixSt+xUtc4BgvCFFxFT/Sj8wqXaTf6pKu0q+4igqIY7iFa7iNH2GE2ziFIY7pBYc4piO9Ro2X 9DZT0jGdya1xjBLY3z/oOSUm/FIUxP1aK0s5Z599nrOT8z77PPvZ+wEoFAqFQqFQKBTK+CPg/pOT k5NGCIkbT2MoFMqDi0AgcFRUVNSNtx0PKwKAF3LjeBtDoVAebAQCgYYK+vjAAADXI583bx7mz58/ vhZRKJQHjosXL+LSpUugb/fjBzPwj/nz5yM5OXm8bKFQKA8wly5dGm8THmqmjLcBFAqFQrl7qJhT KBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwC qJhTKBTKJICKOYVCoUwCqJhTKBTKJICKOYVCoUwCqJhTKBTKJIAZvkgoNpsNHo/nXthCoVAmIBKJ BEqlcrzNoAzDqMTcZrPh0KFD98oWCoUygaGCPrEZlZhzPXKakYhCeTjgMgjRt/GJz6jdLADNSESh PEzQDEIPBnQAlEKhUCYBVMwpFAplEkDFnEKhUCYBVMwpFAplEjChxdxut0OtVg/6ef311+FwOMbb zAnFsWPHEBMTMyZ1+Xw+7N69GwsWLEB0dDQEAgGmT5+OxYsXo7q6GsFgcEzOMxb4/X7Y7fZB97vd bqjVamzbtm3YutatW4eVK1ciGAxi+/btUKvVI7IhGAzCZrON2OY7obq6Gmq1eshrpTycTGgx9/l8 sFgsEQXb6XSipKQECxYsQEtLyzhYN/Fob2+HVquFy+W667qsViueffZZFBYWAgByc3Oh1+uh1Wrh dDqh1Wp5wRtvnE4nnn32WTQ0NAxaRiqVwufzoaysDG63e9ByNpsNRqMRYrEYDMPAbrfDYrGMyI4F CxZg//79ozV/VLhcLlgsFvh8vnt6HsqDx4QWc46kpCS0traGfL744gsYjUYEAgHk5uaOt4njTl1d HV555RX4/f67rsvj8WD16tXw+/0wmUw4d+4c9u7di6KiIhw8eBBdXV1ITU2F2WzGvn37xsD6u8Pt dg8p0BxZWVkA+ttqMKqrqwEAOTk5AICjR4+iq6trRHZ0dnaOqByFci94IMR8MNLS0qBUKuFwOPib 2eVywefzIRAIwGKxwOl0hhzj9/thtVphsViG7cE6HA5YLBbYbLZBe6BerxcWi2XY3hLXw2tvb0cg EIhYxuPx8HWNZpKGWq2GRqOBXC6HXC4ftJzL5RqR6L3zzjvwer0oKSnBmjVrwvazLIsPPvgAEokE paWl/Hav1xuxTf1+P1wuV8QHDdfTtFqtgz6IOPdFpO/C5/Phq6++4v/vcrkG/a7S0tLAsixqamoG PY/RaIRcLkd8fHzEMl6vl2/Dzs5OtLe389c38FoDgQACgQD/e7wdt9sd8Tv2+Xz873Oo3wqFEpHs 7Oyi7OxscuLECTIUJ06cICMpN1a0trYSAESr1Q5aRqVSEQCkq6uLEEIIAJKfn0/i4uIIAAKAdHR0 EEIIKS4uJkKhkN8OgKhUKtLd3R1SZ0dHB1EoFCHlpFIpOX36NF/m2rVrRKfTEYZh+DIMw5D8/HzS 09PDl7tw4QKJjY0NqUskEpHy8vKQujQaTUgZAESj0ZAbN24M204SiYSUlZWRnp4evj0iAYDIZLIh 6+rp6SFCoZBIJJKQ64jE6dOn+XYnhBCtVhvx3AaDgQAgBoOB39bd3U1SUlLC2qW0tDTkWLPZTCQS SUg5iURCGhsbCSGE6PX6sHYbaNPtcO18/vz5sH319fUEACkpKeG33d6eWq2WyGQyUlJSwp9PJpOF 2dDa2sr/fvV6fdi5ZDIZUalU/N/Xrl0jWq025PfEtUl9fT1fjrve1tbWQa9xLBnpPc+Vy87OLhp7 haKMhAe6Z+7xeGCz2SASiSCVSvntVVVVEAqF0Ov10Ol0UCqV2L17NwoKCqBSqdDR0YGuri6UlZXB ZrNBrVbzvUKPx4NXXnkFHo8HJpMJXV1daG5uRjAYxMqVK/ne1MaNG1FeXo78/HxcuHABFy5cQF5e HkpKSvD666/ztnB+5dbWVnR1daGjowOxsbHQ6XT8a/k777wDo9GIsrIydHV14fLly9DpdDAajXjv vfeGbYeuri5s3boVDDP0hF6ZTBbSTpGw2+3w+/1QqVTD1peQkACZTDasfbcTDAaxfPlyNDY2oqSk BF1dXTh//jySkpKQl5eHw4cPA+jv5Wo0GshkMv47a25uBsuyyMjIgN/vx4YNG/i3A61Wi9bWVkgk kkHPPZSrxWAwgGVZbNiwYUj7vV4vdu3ahby8POTn56OkpAStra0AvnMJKhSKUbXJtm3bYDAYUFhY iMuXL6Orq4t/g9BqtbSHThmWO5rOf79xOp28L5PD5XLBYDDA7/ejuLg4RHgCgQA+/vhjiEQiAP2i sGvXLsjlchw/fpwvu3XrVrAsi6ysLOzfvx87d+7E/v374fP50NzcjKVLlwLoF0GDwYDk5GS0tLRg zpw5MJlM0Ol02LNnD3/ed999Fy6XC2VlZdixYwdYloXT6YROp4NKpeLrOnToECoqKvgb1Gq1QiKR ICcnh7ft4MGDADCkMHGwLDuidhyJ7/fKlSsAgLi4uLB9Pp8vostAIpGM2AagP+LGbrejpKQEO3bs 4Ld/8MEHcDgcKCwsxIYNG2Cz2eDz+aDRaPhFnmQyGcrLy9HY2Aiv1wuZTIYXXniB38e182AsXbqU /z7ffvttfrvX60VjYyNSU1MhFouHrIP7ze3cuTNsn0QiGdaGSDgcDqSkpKCo6LuOrUwm49vJ4/Hc 0YOT8vDwQIi51WqF1WoN2y4SibBr166wm0qhUPBCDgCnTp1CIBBARkZGWG8zPT0dOp0OFosFO3fu hNlshlgs5oWcY+nSpejp6QHQ35MG+numt/uI4+PjYTKZ8MknnyAtLQ0ymQxVVVUAgJSUFCxZsgQK hYIXa6B/NTqLxYLly5cjIyMDy5Ytg0QiCSlzvxgqOmXfvn3Q6/Vh21tbW0clYI2NjQCAF198MWL7 lZeXw263Qy6Xg2VZFBYWwu12Y9WqVYiPj8eyZcuwbNmyEZ/vdrKyslBYWAir1YqEhAQAQG1tLYLB IN9zH467OX8k2traQv4OBAJwOBx8JJfL5aJiThmSB0LMk5KSwgRbLBYjLi4uoisgNjY25G+v1wsg ci+XZVlIpVJ+oNTr9UZ0RQw8D3eDZWRkDGozV98HH3zAu2TKy8vBsixUKhVyc3OxYsUKAEBRURGc Tifq6+vR3NwMoP+BpNFosHXrVgiFwkHPM9bMmTMHACKGgy5ZsiREzLnB2tHCDSAuXrx40DJ+vx9i sRhGoxE6nQ4lJSUoKSmBUChESkoKcnJyeCEeLRs2bIBer0d1dTVfh8FggEwmC3uID8bAzsJYEAgE UFFRgcbGxpAB/dG88VAebh4IMR/tq+twvt7bCQQCIUI/XHgfV7/RaMSTTz4ZsQzXi0pISMDly5dh tVrR0tKC5uZmmM1mmM1mlJeXIycnB0KhEMePH4fb7UZTUxPMZjOam5tRUFAAs9nM+2PvBwqFAkKh EFarFcFgMKQtVSpV2PdwJ2LOMdR1cT7nVatWYcWKFTh16hTfbjU1NTAajTCbzSMW34FIpVIkJSWh vr4e77//PpxOJ+x2O4qLi+/4Wu4GbgzBYrFApVIhIyMDCoUCL7zwAurq6iK+DVEot/NAD4COlOee ew5A5N4mFyLGiW9sbCzcbnfYgFMgEMDixYtRUVHB+5MZhuEFjvtIJBLcvHkTQqEQPp8PTU1NcLlc SEhIQFFREU6fPo3z58+DZVne/cKFokmlUuTk5OD48eO4evUq4uPjYbFYRhROOFawLAuNRgO3233H E2C4NyGO2x+O3JuTWCwOaz+hUIje3l4wDAOPx4OGhgb4/X4sXboU7777Ls6fPw+z2cyHEd4pWq0W Xq8XJ0+eRHV1NRiGQXp6+h3XF4nBetXBYDDkOz116hQsFguysrLQ2tqKPXv2IC0tDXFxcWFtSaEM xkMh5gqFgvdd3x7bu3v3bgBAamoqgH6/diAQ4CMqOKqrq2G1WiEUCrFmzRowDIPi4uIQoQoGg9i0 aROSkpLg8XjgcrmQnJwcFpEik8nAMAz/qr5x40asX78+pC6WZfm3hbF61R5pnPmePXsgkUiQn5+P 3bt3R3ywVVdXo6ysDMB3byrcwOGnn37Klw0GgzAYDCHHc2391ltvhWz3+/1Yu3Ytv7+lpQUpKSlh 38UzzzwD4Lt2uZP2WbVqFSQSCUwmE4xGI5KSkoaN9BkJA8ccuA5Ce3t7SJnbl0LgBPt2n7jH47mr Bxbl4eKBcLPcLQzDoLy8HMnJyVi4cCFyc3MhFotRX1/PRzBwvbLMzEwYjUbk5eWhs7MT8fHx6Ozs RGlpKRISEpCWlgaGYVBYWAi9Xo9FixZBp9OBYRjU1NTAarWioKCAn7yTlJSEsrIy+Hw+qFQqBAIB PgonLy8PAFBYWAitVsvXJRQK0dzcjPr6emi12mGjK0ZKTEwMZDLZsFEtYrEYra2tWL16NQoLC1Fc XIzExESIRCJ+iQWfzweRSISysjLe75yWlobS0lJoNBrodDqwLAuj0Rjm9lq2bBkyMjJQU1ODxYsX IyMjA8FgEOXl5XC5XCgvL+cfmsXFxSgoKIDL5YJSqYTX60VZWRmEQiE/S5MTwbKyMrhcLrzxxhth 4ya3wzAMMjIyUFpayp/7buF+U+vXr0dmZiZUKhUSEhJgNpuxevVq/rfU2NgY8uBYsmQJhEIhiouL wbIsFAoF7HY7SktLIRQK4fV6cfPmzbu2j/IQMFEnDZ07d46oVCpSXFw84mOGKt/W1kaSkpL4iUNx cXGktLQ0bHLMtWvXSF5eHpFKpfwklby8PHLt2rWQckajkcTHx/MTPeRyOSkrK4tYFzdxiGVZkpCQ QMxmc1hdSqWSrys2Npbo9fphJ+7cTl5eXshklNvbRqPRjLiuGzdukLKyMqJSqfg2Y1mWxMfHk+Li 4rDJVoT0T7xRKpX8hJf8/Hxy+fJlolKpQq65p6eHlJWVEblczk+4SkhIICaTKaS+7u5ukpWVRcRi MQFAhEIhSUpK4ieCcZSUlJDY2Fgik8lGPKHmwoULRKVSkeTk5EHb+fb2LC4ujjjRjLt2uVxOZDIZ qaqq4u3XaDREKBTy19jR0UHy8vJIXl4ef2xbWxtJSEggDMMQhmGIUqkkBoOBbzuuPoPBQFQqFTl3 7tyIrvFuoZOGHhwEQL+YA9CvXLlyyHRwjY2NOHHiBIYrR6FQJgcjvee5cgD0lZWVbw1akHLPeCh8 5hQKhTLZoWJOoVAokwAq5hQKhTIJoGJOoVAokwAq5hQKhTIJoGJOoVAokwAq5hQKhTIJoGI+Bmzb tg1qtTpszfWRsG7dOmzfvn3YclxW9tGkk5so2O12PProo2Ep/ACgoaEBy5cvx8yZMyEQCCAQCDB3 7ly8/vrrIdfa2dkJtVodkvgjElwSkXXr1oXtCwQCWL58OdRqNWw2W8TjnU4nHn30Udjt9lFeJYUy vlAxv0u4ZBQ2m+2OVt1rb28fkXBwuTIftIwz3Ho1WVlZIVPs/X4/li9fjpSUFNhsNqSkpECv16Og oABisRglJSV4/vnn+baRy+VwOp0oKysbclXLlpaWsOnyHNyKlO3t7YNmcIqNjUVWVhY2bdo05Nru FMpEg4r5XcL1xnNzc+FwONDS0jLOFk0samtr0dnZGbYe/ebNm2E2m5GVlYWuri4cOXIERUVF2LNn D9ra2mA0GuHz+bBx40b+mKysLAQCgYgp3zi4VGuZmZlh+6qqqiCTyZCamor6+vpBVyTcuXMnOjs7 UVtbeyeXTKGMC1TM75KqqiooFAq89tpr/IJeQ2G322GxWCK6HAbi8Xj4DO2ReohcFvhgMMj32m/v sXJ1WK13lvl+INw5uEW2RkIwGMSuXbuQmpoasl68zWZDTU0NEhIScPDgwYjJN9LS0pCbmwu73c4/ IDmBHmwlQb/fD5PJBJVKFZb2zu12o7m5GYmJicjIyOBXfoyERCJBamoqdu3aRXvnlAcGKuZ3wcmT J+F2u5GRkQGJRMInPIjk13Y6nVi4cCEWLFgAtVqNuXPnYvPmzWHlgsEgtm/fjqeffhpqtRqLFi3C ggULwsT/2LFjiImJweHDhzF37lyo1Wo+cw+3lOzs2bP57Y8//ji/3C+H1WrF3LlzsXDhQqjVaixc uBBPP/00Ghoa+DJerxfLly9HTEwM1Go11Go1Hn/8cWzevHlYoTt58iScTic0Gk3Idm5J28LCwiET iezYsQOnT5/GkiVLAHyXVKK5uTniUr51dXUIBALQarVh+7hlZ9PT07F06VJIpVJ+Cd9IpKamwul0 0jctygMDFfO7oKqqKiSpgVarRTAYDFt/mxuUczgcMBgM6OrqgtlsRn19fVgOzHfeeQelpaXIyMjA hQsXcP78ecTGxvLug9vJz8+HVqtFYWEhcnNzAQArV65EfX09iouLcfnyZZw/fx4ajQaFhYW8rzgQ CGDt2rVgWRZtbW3o6urC6dOnIRKJoNFo+AfSr371K1gsFhiNRnR1deHChQvIyMhAeXn5sG6I+vp6 AODFmMNqtYJhmLDttyOVSpGQkBAi+FyOzkiuFoPBAJFIhLS0tLB9nItFpVKBYRhoNBq4XC6cPHky 4rm5DEYmk2lIGymUCcVEXQJ3InP16lXCsixJTk7mt924cYOIxWIilUpDllQ1Go0EACktLQ2po6Oj gwDgl1i9ceMGEYlERKFQhJTr6ekhCoWCACBdXV2EkP6lUAGQjIyMkLKNjY0EANHr9WE2JyQkEJFI RG7cuEG6uroIAFJQUBBS5vTp00Sn05ELFy4QQgiJjY0lcrk8pMyNGzdIRkYGqa+vH7KN5HI5iYuL C9vOsiyRyWRh23t6ekhXV1fY5+rVqyHnFovFYW10+fJlAoDk5uaG1dva2hrWJufPnycASEpKyqD2 x8XFhV37wwZdAvfBgfbM75Da2tqwV3qWZZGamgq32x3S4+PyZN7eY1QqlSG+XbvdDp/Px2fa4eB6 kpFITEwM+dtsNgPozz3qcrlCPgkJCfD5fGhvb4dYLOaTS2zfvp2PlOH82JxdSqUSnZ2dWLlyJWpr a+H1esGyLD744AOsWrVqyDZyOBwRk2gP5p5xu92IiYkJ+wwMR2RZFlqtFna7HZ2dnfx27i1hw4YN YfVyb0oD98nlciiVSjQ2Ng6afUkikURMNUihTEQeikxD9wIuf2dJSUmI75VzT5SVlWHFihUAwPu7 IwnbwG1XrlwBgIhhdZGOBb5LocbBnet2kR/I559/DpVKhZqaGmRlZaG0tJTPapOYmIjc3FzezbB3 7154PB40NjaisbERQP+DQqPRICcnZ0ifdzAYDEuFBvSH/zkcDgQCgZCUbyKRKCR5sc/nQ2lpadjx GzZsQElJCerq6viMTgaDAUqlEkqlMqSsz+eDyWQCy7IhkTFA/3fFucWKisI7lFKplA6AUh4YqJjf ATabDZ2dnVAoFGFREzKZDH6/H2azGS6XCzKZbMQ5Ksci1ycnrs3NzYiKiopYhrN5xYoV+OKLL2C1 WnHy5Ek+VV19fT1MJhPWrFkDiUSC1tZWOJ1OPk6bi5Cx2Ww4cuTIkPZEiotPSEiAw+HAqVOnsGzZ Mn67SCQKEVWXyxVRzOVyOeLj42EwGPD222/DYrHA5XKhoKAgrCw3KJqYmBj2kJTJZDAajSgvL8cb b7wR9mB60GL6KQ831M1yB3Cv7Xv37sWRI0fCPvn5+QCAiooKAOB7j5FmHQ4cAH3uuedGVG4ouIk5 06ZNC8l6r1KpIBKJ0NvbC6FQCI+nP/O91+uFSqXCnj170NHRgdOnTwPo7+kGg0E+PDI2NhavvfYa PvroI3R3dyMuLi4sUfPtiESiiJE9nLujsLDwjnu+Wq0WbrcbVqsV1dXVYFmWH4geSFVVFViWxdGj RyN+VykpKXxb3I7H4+GTblMoEx0q5qMkEAjAaDRCKpVCpVJFLJOeng6WZVFVVYVAIMD7ym+fddjU 1BQi0nFxcVAoFKipqQkRQb/fP6xwcnDn2r17d4hQ+v1+rF+/HsnJyfD7/Th79ixSUlL4Bw4H5xbh Yr9Xr14dFoYoEokgEokixocPRC6Xh/i1ORISEpCVlQWbzYbly5dHjLm32Wy8WySSKyc9PR1CoRB1 dXUwmUzQaDRh9tjtdthsNiQlJQ2aFJtLCs25zQbicDj4BzGFMtGhbpZRcuzYMfh8Pj4MMBJisRjJ yckwmUxoaGhAWloadDodysvL4ff7kZKSAqfTidLS0rCe3/vvv8/HfOfl5YFlWZSVlY14ok58fDzy 8/NRUlICtVrND5yWl5ejs7MTxcXFkEgkWLZsGRQKBXbt2gWPx4P4+Hj4fD6UlZWBYRh+ElR+fj4K Cwv5uliWRX19Pdrb20P825FQqVSwWq28u2kgBw8eRDAYhMFgwNy5cxEfH4+4uDh+EhM38KjRaLBn z56wuoVCIVJTU/kHJifKA+HeoCLFnQ+0USaTwWw2w+Fw8C4ol8vFv7VQKA8MNDRx5BQUFBCVSkXO nz8/ZLnW1laiUqlCQv9KS0uJTCYjAIhMJiM1NTVhWdoJ6Q9ZVKlUhGEYIhQKSVZWFjGZTCFZ4c1m 85BZ2svLy4lSqSQA+GzvRqMxpMzVq1eJTqcjUqmUAP2Z7xMTE8np06dDypWVlRG5XE4AEABELpeT srKyYduKC/8rLy8fsp0yMjJ4GwCQ2NhYkpWVRdra2oasn2un1NTUiPtTU1NJYmIiuXHjxpD1VFVV EZVKRQwGA7+tvLycABj2e57s0NDEBwcB0C/mAPQjzcA9XDkKhUOtViMQCKCtrW28TRkVixYtglAo xMcffzzepowrI73nuXIA9JWVlW/dNwMpPNTNQrmnFBUVQa1Ww263Q6FQjLc5I8Jut6O9vR2tra3j bQqFMmLoACjlnqJSqaDRaPDmm2+Otykj5q233oJGo6H+csoDBRVzyj3n/fffRzAYHHalyImA0+lE IBDA+++/P96mUCijgrpZKPccsViMjz76aLzNGBGxsbEPjK0UykDuSMwvXrw41nZQKJQJCL3XHxxG JeYzZswAAFy6dAmXLl26JwZRKJSJB3fvUyYuoxLzl19+GQDwzTff3BNjKBTKxGPGjBn8vU+ZuIza zUK/VAqFQpl40GgWCoVCmQRQMadQKJRJABVzCoVCmQRQMadQKJRJwKgHQG02W8SEAxQKZXIikUjC 0vFRJh6jEnObzYZDhw7dK1soFMoEhgr6xGZUYs71yOfNm4f58+ffE4MoFMrE4eLFi7h06RJ9G38A uKPp/PPnz6frmVMoDwl0tveDAR0ApVAolEkAXTVxhLz1VnjyFIZhIJVKIZVKsWTJkoiJhx82Ojs7 0dLSAp/PB7FYjBUrVoTl/7wTvF4vGhoaYLPZEAgEAPQnwE5LSwup32q1oqWlBUuXLkVCQsKg9QWD QezevRsSiSQsf2ggEMA777wDANi5cydYlr1r+ymUew1VnxEyXPJiqVSK48ePP7SDRMFgEJs3b0ZV VRWEQiHEYjHcbjfy8vJQWlqKrVu33nHd7733HgoLCxEIBPi6/X4/DAYDCgsLkZubi3fffRcMw0Ak EkGv18NisQyZKailpQV6vR4FBQVh+xoaGvjvm3tgUCgTHepmGQVSqRRdXV0hn3PnzqGgoAButxvr 1q1DMBgcbzPHhYqKClRVVSE3NxdXr15FV1cXvvjiC8THxyM3NxdWq/WO6n3zzTeRn5+PuLg4NDc3 49q1a+jq6sLVq1fR0dEBpVKJ0tJSvPfeewAAuVyO+Ph4WCwWuN3uQes1GAwAgA0bNkTcJ5fLIZVK UVZWdkd2Uyj3Gyrmo4BhGMhkspCPQqHAnj17kJKSAqfTiZaWlvE2c1woLy+HVCrF3r17ebeERCLh M/bU1dWNuk673Y7i4mLExcXh9OnTWLp0ach+pVKJjz/+GDKZDMXFxbz7RavVAgBqa2sj1uvz+VBf Xw+VSoW4uLiQfW63G2azGYmJiUhNTYXVakVnZ+eobadQ7jdUzMcILlkxF8K1fft2bN++HQ0NDXj2 2Wfx/PPP4+TJkwD6xeT111/Hs88+i5iYGDz//PPYvXs3/H5/WL11dXVQq9WIiYlBTEwM1q9fD5fL FVLG4XBg/fr1fJnFixdHFM/a2losXryYL7d27dqwHrPdbsfatWv5MosWLcL+/fuHfePQaDQoKCgI Gzfg/NkDr2379u1Qq9XDhrvt27cPwWAQpaWlEAqFEcsIhUIUFhYiKyuLP0d6ejpYloXRaIx4TF1d HQKBALKyssL2HT58GACwZs0avtdeUVExpJ0UykSAivkY4XA4APT3RoF+Uayvr4dGowHQ3+ObNm0a PB4PFi1ahNLSUiiVSmi1WsjlchQWFmL58uUhoverX/0KGo0Gfr8fWq0WKSkpqK+vx6JFi3gXgs1m w8KFC2E2m5Gamsr3Sm9PolxRUYGMjAwIhUJotVpoNBq0t7dDrVbDZrMB6M9/uXjxYtjtdmRkZECr 1YJhGOTm5g6bkPmNN96I6Bc/duwYgH73B4fdbofFYuF70oNhNpshEonCeuS3k5mZiXfffRdisRhA v8BrNBrY7XbY7faw8gaDASKRCGvWrIm4LzY2FgkJCVAoFFAoFKipqYn4oKVQJhzZ2dlF2dnZ5MSJ E2QoTpw4QUZSbjICgMhksrDt3d3dpKSkhDAMQ6RSKblx4wYhhBCVSkUAEL1eTwghpKenhxBCiFar JQCI0WgMqaesrIwAIIWFhYQQQs6fP08AkMTERP5YQggxm80EAMnLyyOEEKJQKIhIJCIXLlwIqU+j 0RCGYcj5tHm1JgAAIABJREFU8+cJIYTI5XKiUChCyly+fJkwDMPbWFxcTADwx3B2K5VKIpfLR9li hHR1dRGxWEzEYjH529/+xm8/d+4caW1t5dsqElevXiUASEJCwqjPSwghp0+fJgBIQUFByPbLly8T ACQ3NzfsmObmZgKA7Nq1i99WUlJCAJDy8vI7suNBZ6T3PFcuOzu7aHxUjEJ75qPA5XJBIBCEfGbP no38/HwIhUIcPXo0LIzttddeA9Dvbw8GgzAajVAqlWERElu3boVUKkVNTQ2A/ogKACgqKgpxXSxb tgw1NTXYsGEDOjs7+V707b7fHTt2IBgM8j1joVAIh8PBuxiA/uTFPT09KCoq4m0E+l0NnAuEYRh0 dHTg/Pnzo26r5cuXw+fzwWg0QiQS8fsUCgVUKtWQIX9cTzhSuKfdbodarQ77VFdX82USEhIQFxfH tycHV+b2cEQAqKqqAhA6KJqeng6GYfh9FMpEhYYmjgKhUIjU1NSQbWKxGHK5HKtWrQoRLKDf5TJw m9vtRiAQGDR8UalUor6+HkC/ywMIdU9wpKenA/hugM9sNkOtVoeU4QSb868XFhYiJSUFGo0GQqEQ CQkJSE5Oxpo1a3jX0IYNG1BVVYXS0lLeDZSUlIQ1a9bwYwIjwWazYeXKlfD7/TCZTMO6SSLBuUwi uTcCgUDIuEEgEIDH44FKpQopl5WVhfz8fFgsFn6fwWCAUqkMa1duUFQmk4UNYstkMthsNrS3tyM+ Pn7U10Kh3A+omI8CsViMI0eOjLj8YD3P20WfgxvkGzjYOFjZgeUkEknEiTlxcXG8+KxYsQIXLlxA dXU1zGYz/8nPz0dVVRXS09MhFovR0dGBuro6mEwmWK1W2Gw27Nq1CxqNBkePHh32mo8dOwatVguh UIiPPvpoyIk7QyEUCiGTydDZ2Qm/3x8yABofH4+uri7+b4vFEvYwA/ofegUFBaitrYVKpUJLSwvc bjcKCwvDytbW1vIPCW7c4XYqKiqomFMmLNTNch/hBInrdd+Ow+GAUCgEwzB8WW5gdSANDQ1oaWnh e6+pqak4cuRIxM9Ad0JsbCzefvttdHR04OrVq6iqquIHOAfamJmZiY8++gh/+9vf0NzcDKVSCaPR OGzYZUVFBTQaDaRSKU6fPn3HQs6h0WgQCATuOJpEIpEgJSUFJpMJgUAABoMBQqGQf7MZiMFgAMuy uHbtGgghIZ+enh5IJBIYjUb4fL67uiYK5V5Bxfw+IhaLoVAoYDab4fV6Q/Y5nU7Y7XZeALl/uXBG Dp/Ph4yMDBQXF+Oll14Cy7IwGAxhoYPHjh3Do48+in379iEQCGD27NlYt25diC2ZmZlQqVS8QG3c uBEzZ87kXTQMw2Dp0qXQ6XQAMGQo4cmTJ5GbmwulUonTp08jNjb2TpoohB07dkAsFqOwsDCsHTgC gQA/vhAJrVYLn8+HhoYG1NfXIzU1NSzM0W63w2azISUlJWIIJMMwyMjIQCAQ4EMXKSNj06ZNy7Kz szds2rRpmU6nU+l0OtmWLVsk423XZIS6We4zhYWFSE1NxcqVK3Hw4EEoFAq0t7dj48aNAPpD/ID+ OGcuZFEikWDVqlXwer3Ytm0b/H4/8vPzIRKJkJeXh+LiYqxbtw7vvvsupFIpWlpakJubC4ZhkJaW BpZlER8fD5PJBJVKxQ/qNTU1obm5GYmJiQAAlUoFg8GAdevWYe/evbybo7S0FCzLDur7DgaDyM3N RTAYhFwux/79+8PKKBQKrFq1CkB/nLndbsfRo0d5f30kxGIxjh8/juXLlyMpKQnJyclISUnBnDlz cP36dbS3t6OqqgoejwdSqRQrVqwIq2PZsmWQSqXIz8+H3++POPDJCTQXRhqJzMxMlJSUoKqqCjt2 7Bi0HOU7cnJy0gghRgAQCATo6+sDAPT19SE7OxtTpkzxA/gfgUDwl2Aw+D9Tpkxx9fX1BQQCgYcQ 4hMIBD5CiCcqKupmMBh0VlVVDT6ll0LF/H6zZs0aVFVVIT8/HwsWLOC3SyQS1NfX8z1yhmFw4sQJ rF27NkRkWJZFeXk5li1bBgB4++23EQgEUFZWBpPJxJeTyWT48MMPebE8ePAg3G43dDod39MG+gdd P/jgAwD9A6AOhwMlJSX8QCzQL6pGo3FQ4bXZbLzraLCoD61Wy4v5SOPMgf43lPPnz2P79u1obGxE Y2NjyH6JRAK9Xo8dO3YM2qvWarXYtWsXP9V/IIFAADU1NfyiYIPBjT+0t7fzC3lRhoYQEgcAs2bN wqxZswAA165d4/ffunVLePPmTSGAH/j9fhBCIBAIACDk376+PkyZMgU6nc4PoK2vr+8TQkh7T0/P GYPBQP1e30LFfIR0dXWNalXEo0ePDjprMjMzE2lpaTh16hS8Xi+eeeYZJCQkRJw92dHRAZvNhs8+ +wwikQgvvfQS7ysH+sVq7969eOONN/DJJ5/A5/Nhzpw5iI+PD6lPIpGgo6MDnZ2d+PTTTwEAL7zw QlhUx549e7B161acPXsWPp8PUqmUd+cMhkKhCBmQjMRAoT169CgCgQCkUumQxwxsh+PHj8Pn8+HM mTPweDxgGAbz588f0cJmb7zxBjIzMwcV+3PnzoFl2WG/348++gg+n2/IQWlKODKZDD/96U+HLXf9 +nXcuHED169fx/Xr1/H3v/8d169fx7Vr13Dt2jX4/X4hgFcAvCIQCDB16lRs2bKlq7e39xQhpJ0Q cuYHP/hBp16vfygXSKJiPkJGu4zrUO4DoF/chuoJDkSpVA4rWmKxmO/5DoVcLo8Y7jgQblnfkcKy 7KjaZ7i2GQyRSMS/kYyGoezj1tsZ6fmpkN87HnnkETzyyCMhnZWB9PT04K9//Su+/vpr+Hw+eL1e /PWvf40hhMQA0AoEAnR3dwdycnJshBCrQCBoj4qKOnPgwIGHIk3SHYn5xYsXx9oOCoUyAZlI93p0 dDSefPJJPPnkkyHb/+d//gc+nw9ffvkluru72a+//joBQAIhhFua+cu+vr7ThJDWW7du1U1W18yo xHzGjBkA+tNI0VRSFMrDA3fvT0Qee+wxPPbYY3jmmWcAADdv3sSXX36JP//5z+ju7obP53sKQBqA tGnTpr2v0+nqCSEVFRUVk2qJ01GJ+csvvwwA+Oabb+6JMRQKZeIxY8YM/t5/EJg2bRq/6icA3Lhx A1988QU+//xzfPHFF9G9vb1rAazdvHlzd29vb8WUKVOqy8vLXeNq9BgwajfLg/SlUigUyvTp0zFv 3jzMmzcPPT09+Pzzz7nkKbMB6Pv6+vSbN28+1dfXd/DmzZsNBoNh+DCrCQgdAKVQKA8N0dHRiI2N 5ReZ+/zzz3Hp0iV8+eWXSwghS1iW9WdnZxsEAkF1RUWFbbztHQ1UzCkUykPJQGEPBAK4ePEiPvvs M+H169dzCSG5mzdvvhQMBg8IBILayspK7/A1ji90Oj+FQnnoYVkWL7zwAtatW4fExERIJBL09vbO EwgEpQKB4MucnJz/m5mZefdrVNxDaM+cQqFQvkUgEPCDp19//TX+8z//E5cvX47u7e1dzTDMquzs 7JJbt27tmYjhjbRnTqFQKBGYNWsWFi9ejHXr1kEul2PKlClTAPwflmWvZGdnbxi2gvsMFXMKhUIZ gunTp2PRokVYt24d5s2bB0LI9wEYtmzZcjYrK2vCLHBPxZxCoVBGwPTp07FkyRKsXbsWMTExCAaD P50yZUqbTqf7l4mwrO+ofeY2m23Ida0pFMrkQiKRjGhBs4eFxx57DImJifj6669x5swZ/PnPf14v EAj+n5ycnLdnz5793ngt9DUqMbfZbDh06NC9soVCoUxgqKCHMmvWLLz66qtwOp1oa2t7JBAIFH/1 1VdbNm3alH3o0KHI2VTuIaMSc65HPm/ePMyfP/+eGEShUCYOFy9exKVLl+jb+BDExsZCKpWira0N TqfzhwKBwKzT6Vp6enp0hw8fjpwj8h5wR6GJ8+fPR3Jy8ljbQqFQJiB0Ub3hYVkWarUac+bMwSef fAK/37+UYZiL2dnZ/6eysvK9+2EDHQClUCiUMeKHP/whUlNT8dxzz4EQMgVAiU6n+3DLli3hmVHG GCrmI0StVg/62bRpEywWy3ibOO54vV68/vrrWLBgAZ599lmsX78e7e3td11vMBhEbW0t1Go1Hn30 UQgEAkRHR2PBggV455134Pf7+bJNTU1Qq9UR85Debqtarcb27dvD9rndbv67pe4FymiJjo7Gz3/+ c/zDP/wDoqOj0dfXl0oI+WN2dnbcvTwvFfMRYrFYYLfbQ7YFg0G4XC5UVVWNSEAmM16vF4sXL0Zp aSkUCgVSUlLQ3t6OxYsXo6Gh4Y7r9Xg8WLRoETIyMuB0OqHRaKDX65Gbmwu/34+CggIsXLiQF90X X3wR7e3tKC0tHbLeuro6WCwWxMWF31+1tbWw2WywWCyorq6+Y9sp/Xz99df44osv0N3dDb/fjxs3 boy3SfeFZ555BqtXr8bMmTPR29s7VyAQnNu0adOae3U+Op1/FCgUCrS2toZtt9vtWLx4MfLz85GW ljZo2qvJzO7du+FwONDY2Minw3vjjTewYMEC6HQ6rFixYlQ5VIH+h+XatWths9lQWFiIoqKikDr2 7t2Ld955BwUFBdi2bRs+/PBDiMVipKSkwGg0wmq18gmyb8dgMEAoFCI9PT1sX1VVFZRKJfx+P8rK yrBjx45R204BAHgAwOVyweVyhe2Mjo7unTp1Kpk+fXovwzBTZ8yYIYiKisL3vvc9TJ06FVOnTsX0 6dPBMAxmzJiBRx555H7bf9c89thjWLVqFaxWK5xOJysQCEw5OTn/3+zZs3eOdQgj/YWOAQqFAlqt FmVlZTh16hTWrAl9+La3t0MoFIbl3rTb7fD5fBCLxUPm5fR4PHA4HGBZFgqFImJy5UAgALvdjkAg gLi4uEHzbHI3FsMwUCgUEZMc+/1+2O12BINByGSyEeXI9Hq9UCqVIXlNhUIhEhISYDAY4Ha7R51H ta6uDlarFRqNBm+//XbEMjt37oTZbIbJZILb7YZUKoVWq4XRaERdXV1EMe/s7ITNZkNWVlbY9Vss FjidTuTm5gIA8vLycPLkyRHna6V8R2VlZUVOTo4IAP/609fXJ+P+39PTI+rp6RFdv34dAGTDubSm TZuGxx9/HE8++SQef/xxPPHEE5g2bdo9sn7siI6OhlqtxpNPPon/+I//ACHkf3d3d/9Ir9evHUtB p2I+RnC9cc5/q1arAfQnR66pqQEAlJaW4rXXXkNTUxNyc3NDeityuRxHjhwJieX1eDzYtm0bTCYT v00kEqGkpASZmZn8tvfeew+7du2Cz/fd2j+pqak4cuQIL1Y+nw/r1q2D2Wzmy7Asi6ysLOzdu5fv eb711lsoLi5GIPDd+vwqlQpHjx4dMhHzBx98EHG7y+UCy7IhbytqtRoWiwVdXV1DCrzBYAAAFBUV DVoGAN5//334/X4+CfWyZcsgk8lgNBpDro2jtrYWAELakINzq6xZswYMwyA/Px/l5eVUzO+QioqK d0ZaNisrSxoVFSUB8ANCiJQQIpkyZYq0r69PJhAIZDdv3pS53W643W7+mBkzZvRKJJKoJ554Ak88 8QS+//3vQyAQ3ItLuWt+/OMfY+bMmTh58iR6enpSuru7PxxLQadiPgYEg0HU19cDAH72s5/x2202 GxwOBwoLC+HxeLBq1SpYLBakpKQgNjYWZrMZ8+fPx9mzZ5Gbmwu1Wo2Ojg7ExcUhGAxi9erVsNls KCkpwapVq+Dz+bB9+3ZkZWVh/vz5SEhIwL59+5Cfn4/k5GQUFRVBLBbj2LFjKCgogNfr5d1Cr7/+ OiwWCwwGA5YsWQK/348333wTZWVliI+PR3p6Ok6ePAm9Xo+srCzs2LEDLMuiqakJeXl52LRpE06c ODGi9vB6vXC5XNi/fz8sFgv0en1ID1gikUAmkw3rurBarYiNjY3o1x5IpLcarVYLvV4f1qsOBoOo qamBXC5HfHzosho+nw9GoxGJiYn8gyEpKQmNjY1wuVyjfrOgjI6qqio3ADeAiEkhtmzZIrx165Z8 ypQpPwMQJxAIlN988438m2++EXLhk1FRUb2PP/64QCKRTOEEfvr06ffvIoZh9uzZSEpKwscff4xA IJDy1VdffbJly5alBw4c8A9/9NBQMR8FHo8nbECMEwC73Y7k5OQQYfH7/aivr8fSpUv5bevWrQPD MPj44495wZDJZHjmmWewcOFCvPnmm/jwww9x8uRJtLe3Q6/XY8eOHfzxH374IZ5++mnU1dVBqVRC r9dDoVDg+PHjvDhy5fPz89HU1IQVK1agubkZcXFx2LDhu8Xejh49io0bN/JuGy7yZMeOHbyAbt26 FX6/H17vyNfm37x5M/82kZCQgJycnJD9R48eHbYOl8uFQCDAt9FAAoFAxCgTkUgEkUgEoL/XvWvX LhiNxhAxb2lpgdvtRn5+ftjxdXV1CAQC0Gq1/DatVovGxkZUVFRgz549w9pNuXd8K3jt3354MjMz YxmGeY4Qourt7VV5PB7FwN+HUCgkTz75pGD27Nn40Y9+NO6uGYlEgpUrV6KxsRE3btz4X1FRUS1j IehUzEeBw+EIudE5GIZBRkYGDh48GLZ9yZIl/N8+nw/t7e1ISUkJEymlUgmlUsm7QZqbmwEgzP8u kUhw7do1sCyLlpYW+Hw+qFSqkFdPoN+Pz9WzYsUKKJVKmEwmrF27FhqNBkuXLoVIJAoRVk7A165d C51Oh2XLliE2NhY7d+4cTTNh586deOONN3DmzBnk5+djwYIFaGtrG7OebXt7O+/GGoher+ddMlKp FImJiTCZTDh48CD/ZmAwGMCy7KADn0KhMKTNV6xYAbFYDIPBgKKioojjFZTx5dtZlk4ADQCg1WpF 0dHRSwEkCgQCld/vj/P7/bhy5Qra2tqITCYTxMXF4amnnho3m0UiEZKTkwcK+h+1Wu3/upt10qmY jwKFQoG9e/eGbBMKhYiLi4s4kCiVSkNcCZxPOzY2csKS2NhY2Gy2kLKRXAycoHACXlpaOmgoHlfP +++/D7fbDZPJBJPJBIZhEB8fD41Gg5ycHDAMg7S0NFitVpSXl/MDgLGxsUhJScGOHTuG9JkPhPP7 KxQKSKVSJCcnY/fu3aNa14dru9sfUkD/m4xer+f/drlcvH99IFlZWTCbzWhoaEB6ejr/ppSSkhIW ccQNiopEIixfvjxkXzAYhNfrRUNDA9LS0kZ8DZTx4VtBPPbtB1u2bJEEg8FlAFJ6e3uTrly5wl65 cgWPPPJIb1xcXNS8efMi3r/3GpFIhNWrV+Pf//3f4fP55k6fPr1Jr9cvuVMfOhXzUSASiaBSqe66 nmAw8nc1cNBx4LbhfmgFBQVYtmxZxH2cAEskErS1taGzsxNNTU2wWCywWCywWq2w2Ww4cuQIgH7R LyoqQlNTE5qbm2E2m1FSUoKamhpcuHCBd2OMFM7FwT2kRgr3sLFarWH+aplMFjIoyo0F3M6qVav4 XnV6ejrvRrnd7QMAhw8fBgAkJiaGtbdEIoHRaER5eTkV8weQAwcOeABUA6jesmWLsKenZ5VAIEi9 fv160tmzZ6POnj2L2bNn9/z4xz+OfuaZZxAVFXXfbHvkkUfw6quv4vjx47hx48bP//KXvxgAZNxJ XVTM7yMSiQQsy4ZNPuKw2+28+4X71+FwhK1Wt2nTJohEIqxatYrfdvtDxufz4ZNPPgHLsggGg2hv bwfLslAqlZDL5di5cyd8Ph8WLVqEmpoaHDlyBA6HA1euXMGKFSuwYcMGbNiwAcFgENu2bUN5eTlO njwZUcyCwSCeffZZxMbG4qOPPgrZx0X33EnsfVZWFqxWK15//XV8+OGHoz6eYRhotVqUlpbC4/HA YDBAJpOFtVUgEEBNTQ2kUumg53E6nbBYLOjs7BwyjJQysfnWL10LoHaAsGu7u7tV3d3dmDp1anDu 3LnMvHnz7tt8kUceeYQfaO/p6UnPzs6+WFlZGTkWdwjoDND7CMuySEpK4nvFA6murobL5eIXMON6 tPv27QspZ7fbUVVVBb/fj/j4eEgkElRVVYUNCO7evRvJyck4deoUgsEgli9fjk2bNoW8FXADhpzb hjvG6fxuoTeGYfhe8WBvCAzDQCKRoLm5GZ2dnSH73nuvf42hgQuzeTweuFyuQd9QONLT06FSqWAy mbBp06aQ0EuOlpYWfkp+pOgY7oG0f/9+WK1W6HS6sDJNTU3wer3IyBi8Q8SNlVRUVAxpM+XB4cCB A/5Dhw7VVlZWvgJgtkAgKLh165bns88+w/Hjx/Hhhx+Szs7OiG/MY41YLIZarebCKv/fnJycUb8C CgAgOzu7CIB+5cqVQ66G2NjYiBMnTmC4cpMRgUAAlUoVcQZoJNRqNVwuF7q6ukK2u1wuLFq0CH6/ H7m5uYiLi4PNZkN5eTliY2Nx+vRpvkewadMmVFVVITk5GSkpKfD5fCgpKQEAfkCxqakJKSkpkEgk 0Ol0kEqlaG5uRk1NDRISEtDa2gqGYfDWW29Br9cjMTERqampYBiGn2xTWFiIt99+G3a7HQsXLoRU KkVubi7EYjEcDgfKysogk8lw7ty5QcMJbTYb1Go1hEIh8vPzIRaLQ+z4+OOP+YfGSOPMgX7hX79+ PZqbm8GyLFQqFSQSCQKBAGw2G5xOJxiGgU6nw549eyI+cBYtWsS7eb744osw3//y5cthNptx/vz5 QXvdPp8Ps2fPBsuy6O7ufmgGQkd6z3PlAOgrKyvfum8GjjF6vZ7585//vEogEOQBSACAqKgo8sMf /lCwcOFCPPbYY/f0/J9++in+8Ic/QCAQ9BBCflFZWWkd6bFRAPCzn/1MBUA1f/58zJs3b9DCly5d wqVLlzBcucnIqVOnoFAokJSUNKLyn376KUQiEVJTU0O2c9u6u7vxr//6rzAajfjv//5v/PM//zOO HDkS8mr36quvYtasWfjtb3+LX//61/j973/PT+D50Y9+BKB/bflf/OIXuHjxIv7lX/4FJpMJf/nL X6DT6XDo0CFedFQqFWbOnInf/e53MBgM+M1vfoO+vj7o9Xo+WkUikeDll1/G2bNnUVNTA5PJBIfD wU9AmjFjxqDX+9RTT+HVV1/FZ599hl//+tcwmUz45ptvkJubG2IH1zYsy0Kj0Qw7HiAUCvHLX/4S CxYsgNfrRXt7O9rb29HZ2Ynvf//7+OUvf4mKigpotVpMnTo1Yh0zZ86Ex+PBP/7jP4Z9H36/H0eP HsXPf/7ziL12DpZlcf36dQSDQcTExPDtP9kZ6T3PlQNgOXv27Kn7ZuAYY7FY+v74xz9eOHv27JGf /vSnDQKBgCGEPOfz+ZjPPvuM9PX1CcRi8T1b3kEikeDvf/87vF5vFMMwK5977rlDdrt9RK8GtGdO oVAG5WHrmUfi22iYnQB0AFiWZXtffPHFqHvVoSWEoL6+Hl6vFwzD1B44cGBEA6LUZ06hUChDcODA AU9lZeV2hmFiBAKBIRAIkFOnTqG+vj741Vdfjfn5BAIB1Go1oqKiEAwG07Ozs0e0lsQdvStcvHjx Tg6jUCgPGPRe/45vQxw3ZmZm7p4yZcqeq1evpv7mN7/B3Llzb7344otTx3LZAJFIBKVSiTNnziAq Kupfs7Oz51RWVg45DXtUYs75TAf4xygUykPAUOMlDxvfzjhdu2nTJoVAIHj38uXLiS6Xq2fBggXR P/nJT8Zsoa/nn38eLpcLX3311QyGYX4N4B+HKj8qMX/55ZcBAN98882dW0ihUB4oZsyYwd/7lO84 dOiQHcArmzZtSu/p6Sn9wx/+IL5w4ULvSy+9FPX000/fdf0CgQC/+MUvYDKZ0NPTszInJ2dVRUXF oJleRu1moV8qhUKhfMehQ4dqs7OzTwLYe+3atQyz2QypVIqf//zndx3KKBQK8dOf/pRzt+zX6/VN g033pwOgFAqFcpdUVlZ6Kysr1wNIBuByu934t3/7N/KnP/3prut+7rnn8NhjjyEYDP7gyy+/DF8h 7luomFMoFMoYUVlZ2cQwzPMAygAIzpw5g9/97nfo6em54zqjoqL4VVAZhtmt1+sjelSomFMoFMoY cuDAAX9lZeU2gUCQAsB/5coV1NfXk0jLUYyUuXPnDts7p2JOoVAo94CKioqG3t7eBQA6fT6f4Pjx 4+T25T1GikAg4HvnUVFRe7Vabdh6ElTMKRQK5R5x+PBhJ8MwiwDUBINBQXNzM86cOQNCyKjrmjt3 LmbNmoXe3t6ZU6dO3XD7firmFAqFcg/51u2yHkAugOCf/vQntLS0jFrQBQIBfvKTnwAAoqOjwxYS omL+EON0OlFdXQ2rdfiF2aqrq3Hs2LFhy1mtVlRXV0fM0UmhPMxUVlbunzJlyisA/F1dXXck6Fzy jJ6eHkVmZmZIyjIq5g8xn3zyCbRaLZ9lZyi0Wm3EJMi3c/jwYWi1WjgcjrEwkUKZVJSXl1sALAfg 7erq4hJSjPj46OhoxMTEAAAYhlk/cB8V84eYOXPmQKvVIiEhYdiyWq02bPnYSCQkJECr1Y44XyiF 8rDx7RrliwF4PB4PPvroIzIaQedyCEdHR28auJ2K+UNMQkICjhw5gszMzGHLHjlyBO++++6w5TIz M3HkyJGIiagpFEo/lZWVDgBqAJ6vvvpKUF9fT27evDmiY6VSKaZPn45bt27NzsrKiue2UzGnUCiU caCystLR19e3EIDD5/MJfvvb35KR+NAFAgHmzJkDAJg6daqG207FnEKhUMaJqqoqd19f3yvod7kI fv/734/oOC7d4pQpU/iMIVTMKRQKZRypqqpyCwSClQD8ly5dwrlz54Y9hksv2dPTE8NNIKJiTqFQ KONMRUWFTSAQZAAI2mw2/Nd//deQ5aOjozFr1iwQQqZMnTpVCVAxp1AolAlBRUVFg0AgKAT6E0sP N1fKsRl3AAAgAElEQVTj8ccfBwAQQn4G3MF65jabjU4IoVAeIiQSCZRK5Xib8VBQUVHxTnZ2dmxv b29WS0tLb2pqatS0adMiln3iiSfgcDgwbdq0ZQD2jUrMbTYbDh06NBY2UyiUBwwq6PeHp556avOX X36p+Pvf/65sb2/HkiVLIpbj/OZ9fX2j75lzPfJ58+Zh/vz5d2UwhUKZ+Fy8eBGXLl2ib+P3Eb1e H8zOzl4P4NylS5fYmJgY/PCHPwwrN2vWLABAMBh8ArgDNwsAzJ8/H8nJycMXpFAoDzw0efv9p7Ky 0pGdnV0IoMRisfT+0z/9UxTLhq16i+nTp+PGjRvYsmWLhA6AUigUygTkqaee2icQCNpv3rwZZbVa I84mioqKAgD09fWxd9QzfxhxuVyD7pNIJIj01KSMLS6XC2fOnEEgEADQnxvxdj+uz+eDz+eDSCSC SCQatj6GYSCVSiPuA76bnEGh3G/0en1Qp9OtI4Sc7+rqEn7++ed45plnQso8+uij8Pv9ACCjPfMR EhMTM+hn5syZ2LhxI9eolDGmvb0darUaMTEx0Gg00Gq10Gq1WLhwIebOnYumpia+7JkzZxATE4Nt 27YNWafdbkdMTAzefPPNsH0Wi4X/btvb28f8eiiUkVJeXu4CoAeAtra23tun+3M9897e3mlUzEdB XFwcDAZDyKe4uBgKhQIGgwFr164dbxMnHQ0NDVi8eDFsNhsKCwvR0dGBrq4unD9/HiUlJfD5fEhJ ScHJkycBAEuXLoVUKoXJZBry4VpdXQ0A2LAhLGELqqurIZVKIRQKsW/fvntzYRTKCLl169Z+AM5r 165FXb58OWTf9773PQCAQCCQUDfLKJBIJBFv/h07dmDhwoUwm82w2+18rj7K3eHxeKDVaiEUCtHW 1ha2EqNcLseKFSuwYMEC5Obm4vLly2AYBllZWdDr9WhoaEB6enju22AwiJqaGsTFxUGlUoXs8/v9 MBqN0Gg0CAaDMJlM8Hq9fBgYhXK/MRgMgezs7F0ADH/84x975s6dGy0QCAAAU6dOBQAQQkRUzMcA hmGQnJwMu92OTz/9FAqFgu/5vfTSS3jvvffAMAy2bt3KC1JTUxPMZjP8fj9EIhHWrFkTcV1xj8eD w4cPw+l0gmEYqFQqpKWlgWG+++qCwSBqa2thtVoRDAYhk8mQk5MTtqa40+lEbW0t7w9WKpVIT08P 8S37/X7U1tby7gWZTIY1a9ZALpcP2QYNDQ1wuVzYunUramtrYbFYAPQvs7thw4YQe6urq+FyufDa a68N6dfet28ffD4fyv9/9u49Lqo6/x/468wMMyO3HYNFIPxCSWgmieIFDRPD1BQXWl3FtK+TMgNO 5uXndtutbdpMbVdXXI1ggA3yEpoWhpuXr66YBGZgtOINccMYByIJAkRgZs7n9wfMWYY7ylXfz8eD R3nO55zzYYDXnHmfz/mc2Ng2p9QdMWIEIiIikJGRAb1eDw8PDyxduhRarRZJSUmthvk///lP3Lx5 E6+99lqLdbt370ZtbS3CwsIgkUiwa9cuJCcnY926de1+/4T0JHd3990Gg+GNqqoq76tXr8LHxwcA YLmhiOO4hj8ktVr9llqtZmlpaaw9aWlprDPt7kUAWFBQUJvrV65cyQCw/fv3M8YYCwoKYn5+fszD w4MBYABYSkoKMxqNLDw8nAFgHh4eLCgoiDk7OzMA7Pe//73VPvfv38/kcjmTy+UsMDCQ+fn5MQAs MDCQ3b59mzHGWHFxsbDcz8+PBQUFMXt7e2Zvb8+OHDki7OvkyZNMLpczZ2dnFhQUxAICAphEImEe Hh6suLiYMcZYeXk5GzFiBJNIJCwgIIAFBQUxhULBJBKJ8H21RalUMg8PDzZ9+nQml8tZQEAAUygU DACbPn26VdugoCAGgH3//fft7nPEiBFMLpezqqqqdtu1ZtasWUwikQjfW1NhYWFtrgsICGDOzs7s 9u3bzGg0MldXV+bl5dXl498rOvs3b2mnVqvf6uWcu2+o1eqlarWarVq1ynTmzBn2zTffsLi4OOF1 p5p5N8jOzsauXbsgl8ut7tbKzc3FuHHjcPXqVWRlZSE0NBTvvvsuUlJSsGbNGnz//fc4efIkioqK MH/+fGzevBm7d+8G8N8Sg4eHB65evYrTp0/j22+/xaZNm5CRkYG4uDgAwEsvvYS8vDykpKTg22+/ xcmTJ3H16lV4e3sjPDwcFRUVAIA333wTrq6uwjGzsrKwf/9+6PV6vP/++wAazkovX76MQ4cOISsr CydPnsSlS5fg7Ozc6llsc3q9HrW1tSguLkZWVhaKi4sxffp0HD9+3OpColKphFarbfesvLq6Gpcv X8aoUaNgb2/f5Z+JUqmEyWTC3r17rZbfvHkThw4dQlhYWItPLnl5eThz5gzCw8Mhl8shkUiwZMkS FBYWCjV5QvqKu7v7bgC5tbW14tbG/lOZpQtyc3Mxbdo0q2U3b95EXl4eACA2NrZFbXXr1q3w8vIS HvW0Y8cOeHl54a9//atQepDL5YiPj8eRI0cQHR2NxYsX48CBA6iursamTZushs6tW7cOly9fhqur K/R6Pfbv34/w8HAsXLhQaOPq6or169cjJCQEu3fvxosvvoibN2+itrYWFRUVQjiGhobi+PHjGD16 NAAIwW8Z+mfZ18mTJ2EymTr1Gm3cuFEIablcjoiICBw/fhxXrlxBQEDDQ1Fau+7Q3M2bNwGg1SAv LCwUylhNTZ06VaiBh4aGwtnZGbt27cLq1auFNnv37oXJZEJERESL7Vu7KLp48WJs3rwZO3bswMyZ MzvsNyE9RavVmlQq1WaO43ZduXKl7tFHH7WatIXCvAtqa2tbjDdXKBRQKpVYunRpi4tpzs7OVuOU 9Xo9bt68iZCQEKsasmU/gYGBOHLkCICGNw6goebelEQiwYcffggAOHDgAICG4Hv77bet2lmCOTs7 G0DDmeprr72GRx55BIGBgZg1axZCQ0MRHBwsbBMaGgqtVouwsDCMGjUKISEhmDlzJgIDA1v0ty3N L/4OGTKkU9s1Zxm339qbSGFhIbRabYvlWq1W+BnI5XIsWbIE0dHRKCgoEN5Mk5KS4OHh0SKYTSYT kpKS4OXlBWdnZ+HnrFAo4O3tjSNHjgg1eUL6io2NzUGTyVT7008/yX/55RerdVRm6YKAgAB8//33 Vl/ffvstPvzwwxZBDrQ8q7QEU1s3ojT92G9p296DkS1D73Jzc1sMmUxNTRWCCQBeffVVJCUlYdy4 cTh+/Dh+//vf45FHHsH48eNx+fJlAA2jQ7KysjB//nwUFhZi06ZNmDZtGtzc3JCYmNip1+hOSiKt cXV1hUKhQF5eXotAb/5zSElJaXUflmebWs648/LykJ2d3epZ+cGDB3Hz5k0UFha2uI+goKAAJpNJ KG0R0ldiYmKqAewHgGvXrlmtozDvRZaz24KCglbXW+5IbNq2tQmOLLVpy9nr+vXrW7zJWL6aPoR5 6dKlOH36NMrLy4Xhd9nZ2Xj22WeFNuPGjcMnn3yCn376CSdPnsQbb7whlCUs5aTeEhISgoqKCqub goCGs24vLy/hq62z/1GjRiEgIEAI++TkZEgkklYfYJ2UlAQAOHToEE6ePGn1deTIEcjlciQkJHS6 3ERIT2GM7QKAK1euWD0BmsK8F3l4eMDDw0MYQthURUUFsrOzhTKF5b+nTp2yamcymTBp0iRMmTIF /v7+ACCUZprKzc3Fs88+K9TeX3jhBWzZsgVAQ+lg4cKF+PjjjzFr1izhzHzLli1CsMvlcgQFBeGd d97Bpk2bAAA5OTnd9VJ0yrp16yCRSLBmzZp2Z+27fv16m+uUSiUKCgqQkZGBlJQUTJ8+vUWpRK/X 48iRIwgKCsKcOXMQFBRk9TVz5kyEhYWhpKQEBw8e7Lbvj5A78eCDD54AUFJdXS378ccfheUU5r0s KioKhYWFePnll4VAr62thUqlQnV1NVauXAkAWLhwIRQKBd544w3o9Xph+/feew96vR5KpRLe3t4I CQlBamqqVQmgoqICKpUKqampGDZsGOzt7XHmzBmsX7/e6uxar9cjNzdXGMNdW1uL1NRUYXQL0PDm cfz4cQAQ3jzuVnJyMt5++22hrt8WPz8/bN68GYWFhfD19cW2bduE16K2thYnTpzAokWLoFQqIZFI Wh2LvnjxYsjlcrz++uvQ6/Wtllh2794Nk8mEJUuWtNkXy3axsbFd+VYJ6XZardYEIAUAbty4Yb2S xpl3DB2MM28uKCio1fHJRqORLVmyhAFgrq6uVuPMX3vtNau2hw4dYvb29sI4c29vbwaAhYeHM6PR yBizHmfu7e0tjDOXSCQsOjpa2FdWVpawPCAggAUGBjK5XM7s7e3Z6dOnGWOMVVVVCfsaMWIECwoK Yq6urq32rTmlUskAtFh+8uRJBoAlJSVZvTboxDhzi127dgn9aO0rKCiIZWVlddg3V1dX4XVrysvL i8nlclZeXt5uP7y8vBgAdunSpU71+15A48z7p6ioqKDG11t43Wk0SyclJSW1ezGyuddee63VuUEk Egl27tyJyMhI4aJbYGAg5s2b12IkyJw5c3D16lXs3r0beXl58PPzw6xZszBnzhyhjaurK7755hsc OHAAGRkZqK6uRlBQUIu7NgMCAqz2BQBhYWFYvHix8H1Zbps/cOAAzpw5g+rqagQGBmLOnDnCsMK2 LF++vNWLwJb5bJqOynnttdegVCo7fYv84sWLMW/ePJw4cQLp6enCsMVRo0YhODi4w+kT3nrrLQQF BcHT07PFqJzq6mpotVo4Ozt3OMvizp07W1x0IqQviESibJ7nrZZxQMOZOQDt3Llz233oxKFDh5CW loaO2hFC7g2d/Zu3tAOg1el0b7fZkHQLpVIpl0qlxQAsZyBaqpkTQsgA0/gQZ6uPkndUZrly5Uq3 dIgQ0r/R33r/xPP8EsvMiRZdCnNHR0cADc8EpOcCEnL/sPztk76n0WjsTSZTi5pXl8L8ySefBABU VlZ2U7cIIf2do6Oj8LdP+p7ZbF4IQP7oo4/i0qVLwvIul1noh0oIIX3HUmKZOHEibty4IZxc0wVQ QggZICIiIjw4jguysbHB2LFjYWNjI6yjMCeEkAFCLBYvBoCxY8dCJpPByclJWEdhTgghA4BSqZQz xlYCwPjx4wGAzswJIWSgsbGx+SMAD09PT/j6+gIAfvWrXwnrKcwJIaSfi4qK8uI47vcAEB4eLiwX iYQIr6YwJ4SQfo7n+Y0A5BMnTsTDDz8sLK+pqQEAMMYKKcwJIaQfi4qKCgIQLpVK2fz5863WWaaR ZozdoDAnhJB+SqvVSnie3w4AzzzzDNf8Ttzy8nLL/+opzAkhpJ8yGAzLAYxycXHB008/bbWO53mU l5eD4ziWkJBAYU4IIf2RUqlUAFgPAM8++6zVMETgv2fldnZ21QCNZiGEkH5JKpV+AMD50Ucfxdix Y1usLysrAwAMGjSoDKAwJ4SQfketVv8RjRc9mw5FbMpyZi6VSksACnNCCOlXIiMjQwGsF4lEUKvV XFuPq7ScmZvN5gsAhTkhhPQbKpXKjzG2G2h4Rq/lTs/WWM7MS0tLcwAKc0II6Rc0Go0rx3GfAbCb PHkyZs6c2W57yxhznud/ACjMCSGkz2m1WonJZPoEgJe3tzeef/75dtsbjUYUFBQAAMxm8xWAwpwQ QvpccXFxPIDAwYMHIzIysumcK626ePEiampqYGdn931iYmIBQGFOCCF9KjIy8lXGmFImk+HFF1/s 1PNWz5w5AwCwsbH50LKMwpwQQvqIWq1+izG2CQCWL1+OoUOHdrhNXV0dzp8/DwD4+eefhTDv8jNA CSGE3B2tVisxGAwfAIgQiURYsmQJRo8e3altz507B6PRiAceeCBv06ZNestyCnNCCOlFGo3Gvri4 +GMAITKZDCqVqt0hiM19/fXXAIC6uroPmi6nMCeEkF6i0WhczWbzZ4yxAEdHR6xYscJqfvKOVFZW 4sqVKxCLxeZbt27ta7rOKswNBgMOHTrUTd0mhNwvDAZDX3eh31Or1SPMZnMqY2y4q6srVqxYgbbu 7mzLN998A57nMXjw4K/fe++9m03XWYV5Tk4OcnJyuqHbhBBCLCIiIgIApDLGhnh6emLlypWdGrXS XHZ2NgDg1q1b7zdf16LM4ubmBnd39zvoLiHkfmQwGFBcXNzX3ei31Gr1HAB7Adg99thjiIyMhEwm 6/J+SkpK8J///Acikai2urr60+brW4S5u7s7/P3976jThJD7E4V5S0qlUiGTybYyxpQAMHnyZDz/ /PMd3hDUliYl8D1JSUm1zdfTBVBCCOlmarV6DsdxcYyxB2UyGX77298iKCjojvd34cIFfPPNNxCJ RLUmk+mt1tpQmBNCSDdpejbOGIOPjw+USiWcnJzueJ9GoxEpKSkAAI7j/pyQkKBvrR2FOSGEdIPu Phu3OHr0KEpLS2Fra6tXKBR/basdhTkhhNyF5mfj3t7eWLZs2V2djVuUlpbiyJEjAICamppF0dHR prbaUpgTQsgdUqlU80Qi0TbG2IM2NjYIDQ1FcHDwHV/kbC4lJQVGoxF2dnb7t27dmtFeWwpzQsiA o9Fo7M1m88S4uLgTfXH8yMjIUMaYFoAfYwwPP/wwli5d2uWbgNpz7tw5XLhwATY2Nrdv3bq1oqP2 FOaEkAFFqVQqAOQwxh5WqVRL4uPjd/fWsS0hzhjzAwBHR0fMmTMHTz75ZLedjQMNMyPu29dwt77R aFyr0+ludrAJhTkhZODQaDT2HMcdNRqNDwMAx3HevXHc1kJ81qxZePLJJ2FjY9Ptx/viiy9QXl4O mUz2nZOTU2JntqEwJ4QMCBqNxp7n+WM8z0/orWP2dogDDeWVY8eOAYC5vr4+QqvVtnnRsykKc0JI v6fVaiUlJSXHeJ6f5OjoiMcffxwZGe1eD7xjSqVSbmNjM4fjuDd6M8QBoKCgAElJSeB5HgDeiYuL y+7sthTmhJB+rfFBDikAJjk6OmLdunXChFPdSa1WBwJYynHc7xhjvwJ6L8SBhrlX3n//fdTV1UEk EsXExsa+3ZXtKcwJIf2WVquV3Lhx42OO4+ZZgrw7R4yo1eoRjLHFHMcpAXgAAGMMnp6emDx5Mp54 4okeD3EAKC8vx5YtW1BTUwOxWJw6ZMiQ1V3dB4U5IaTfMhgMOzmOmy+TybBy5cpuCXKNRuNqNBoX Nga4H8dxAAAnJydMnDgREydO7NY3jI5UV1cjOjoalZWVkEql2dXV1Ys6WydvisKcENIvqdXqrQDC ZTIZVq1aBU9PzzveV0REhAfHcVM5jltiMpme5jhODAD29vbw8/PDpEmT4O3dKwNjrNTV1eGDDz5A SUkJpFLpf3ien9bajIidQWFOCOl3GoN8jSXIuxq0arV6BMdxTwAIZIwFAfCyrLOxscFjjz2GyZMn Y+TIkb1SRmkNz/NISEhAQUEBpFKpnuf5J2JiYqrvdH8U5oSQfkWtVm8EsEYkEkGlUnUqyFUqlR+A qRzHBQEIAODKGBPW29rawtvbG35+fhgzZgxsbW17qPedt3PnTvz73/+GWCz+ub6+/mmdTldyN/uj MCeE9BsqlWo1gNcsQd6Jp9ZHqNXq3wOwb7rQ0dERw4cPx0MPPQQfHx8MHTq0p7rcZTzPY9++fcjM zIRIJLptNBrnJCQkXL7b/VKYE0L6BZVKtZrjuGhLkI8dO7bNtk2en+kBAC4uLvD29oaPjw+GDRsG FxeXXuhx11VWVuIf//gHLl26BABmxtjchISEM92xbwpzQkifU6vVkQCiAWDRokXtBjkAPPnkkwAa yic+Pj539HDk3nb9+nV88MEHKC8vh0gk+slkMv2mu4IcoDAnhPQxlUo1D8AOAFiwYIEQ1B3pbLv+ 4KuvvsKuXbvA8zxEItFpkUi0ICEh4a5q5M1RmBNC+oxKpZrHcVwKAMmCBQsQHBzc113qVkajEXv2 7EFmZiYAQCQS/d3V1XXdnYwj7wiFOSGkT6jV6jkAUgBIZs2adc8FeXl5OT744ANcv34dIpGo1mw2 R8TGxvbYdL0U5oSQXtc4D0oKAElwcDCeffbZvu5St7p8+TLi4+NRXV0NGxubIrPZPDs+Pj6vJ49J YU4I6VWNQX4YgH1wcDAWLFjQ113qVkePHkVqaip4ngfHcf+8devWkqSkpIqePi6FOSGk10RGRo5j jB0GYD9+/Ph7Ksjz8/Oxb98+FBUVAYAZDVPYdmnmw7tBYU4I6RWNMxSmAbAfO3Ysli1b1tdd6hal paX47LPPcO7cOQAAx3E/8Dyvjo+PP9qb/aAwJ4T0OLVaPQLASQCuY8eOhUql6tZnZvaFmpoaHD58 GMePHwfP8xCLxdVms3lTXV3dljudLOtuUJgTQnpUVFSUF8/zJwG4ent7M5VKxQ3kIOd5Hl9++SUO HjyImpoacBzHi0SiJI7j/ni386vcDQpzQkiP0Wg0riaT6TAag3zVqlUDOsjPnz+P/fv3o6SkIbPF YnE6Y+yl2NjYHh2p0hkU5oSQHqFWq51NJtNJACOGDRtmXrVqlVgmk/V1t+6IwWDAvn37LHOqQCKR /MdoNGo++OCDXq2Lt4fCnBDSU5YCGCESiaBUKgdckPM8jwsXLiAzMxO5ubmWW/HLeZ5/08XFJa4n 7uK8GxTmhJAeIRKJDvA8v5Lnea/3338f69atGxATYpWVlSErKwsZGRkoLy8HAHAcV8dx3Pba2tp3 e2PM+J2gMCeE9IjY2NhCjUYzyWQynSwpKRnxzjvvdPsDmbsLz/PIzc1FRkYGLly4ICwXiURXeZ6P Y4wl63S6m33YxQ5RmBNCekxMTEyJRqMZbzKZDldWVgZu2bIFkZGRffK8zdaUlJTgq6++QmZmJqqr G57YJhKJjBzHpZjNZl1sbGxGH3ex0yjMCSE9KiYmplqj0TxjMpl2VlZWhm3bto1FRUVxjz32WJ/0 x2g0Ijs7GxkZGSgoKBCWSySSf5tMJl1tbe3u/lpKaQ+FOSGkx8XExFRrtdrfFRcXx9fX1yt37NjR 4dOEugvP8ygsLMTVq1dRUFCAK1euoK6uDgAgFourTSbTLpFIlBgTE5Pd453pQRTmhJBe0Tj64wW1 Wl3B8/yauLg49MQc5k3D+8qVKygoKBDC24LjuK8YY/G3b9/e2xd3a/YECnNCSK/S6XRrVSpVIcdx 0fv27UNlZeVdTYHbmfBuHBd+TCQSpYvF4lMxMTF9dqdmT6EwJ4T0uvj4+G0qleomx3FJR44ckdTU 1GDRokVdmq/lxIkTuHDhQqvhLZPJisxm8zGz2fx/92p4N0dhTgjpE/Hx8bsjIyOrGWO7v/zyS7vq 6mosW7YMNjY2HW775ZdfYt++fcK/m595b9++/Z4P7+YozAkhfSYuLu6gWq2eBSDt3LlzisrKSqxa tQod3S1aWVkJAOA4LkksFr9+P5x5d2TgznhDCLkn6HS6DACTAJQUFBTgr3/9qxDWHWGMFVKQN6Aw J4T0OZ1Od1kkEk0CcLmoqAhbtmwRZiYknUNhTgjpF2JjYwslEsk0juPOlJSUYMuWLTAYDH3drQGD wpwQ0m/ExMSUiMXipxlj6ZWVldi4cSNrepcmaRuFOSGkX4mJial+8MEHn2aM7a+vr+e2bt3KLM/X JG2jMCeE9Dtardb04IMPLgIQbTKZuPj4eHz11Vd93a1+jcKcENIvabVak06nWwtAy/M8PvroIxw9 2m8e7NPvUJgTQvo1nU73NoCVAEyffvqp1c1C5L8G3E1D+fn5OHz4MK5cuQK9Xg+FQoFhw4YhODgY gYGBfd09K2VlZXBycmq3TXJyMgoLC1ssl0qlcHd3x/jx4zFy5Ehh+alTp5Ceno6lS5fCy8urm3vc utzcXBw8eLDHjnnw4EHk5ubirbfe6vQ2Z8+exeHDh+Hl5YWlS5d26XiW13D16tVQKBRttquoqMC2 bdsQFBSEqVOndukYpHvpdLr3VSpVCcdxKSdOnJDY2tr2dZf6nQET5mazGRs3bkRqairEYjGGDx8O Nzc3mM1mHD16FGlpaZgwYQI2b96M/vCD3rhxI4qKihATE9Nuu8zMTOTk5LTb5vnnn8fq1asBAFeu XEFaWhpCQkJ6Lcz1en2PHjM3NxdpaWldCvOkpCScPXsWYrEYISEhHb5pNmV5DVUqVbthXlNTg7S0 NLi5uVGY9wPx8fEHoqKinuZ5Pq2mpsa+r/vT3wyYMsv69euRmpqKKVOm4LPPPsNHH32EuLg4JCQk 4OjRowgLC8PZs2exbdu2vu4qAODAgQMwm82dbv/5558jOzvb6ishIQFDhw7Fzp07Owz8njRp0iTE xcXBx8enz/rQlMFgwNmzZzF79myYzWYcOHCgr7tEeklsbGw6x3HTAFjuKOrXj3LrTQMizHNycpCW lgZfX19s3rwZ7u7uVusdHBzw+uuvw8fHB6mpqaiouLuHhFRVVXVqH6Wlpaivr7+rY7XHz88PK1as AAAcO3as1TY1NTUoKyu762OZzWYYDIZW34CcnJzg7+8PBweHVrftzOtQVVWF0tLSu+4nABw6dAgA sGTJEnh5eSE1NbXDN86ysrJO/axqamo6/fvT1uve2Z9JWVkZampq2m1TVVXVLT/fe0lcXFx2492i Ue7u7nF93Z/+YkCUWQ4ePAgAWL16NcRicattxGIx1qxZA71eL7T517/+hejoaLz77rvw9fUV2paW liIiIgLBwcFC+QJoCEydTifUsF1cXBAREYHf/va3Qpuamhr87W9/w7Fjx4Q/xJEjR2LFihWYNGkS zp8/jz/+8Y8AgPPnz+M3v/kN1qxZg6eeeuqOvndLWaN5EOn1eiQmJuLs2bNCX9esWYMZM2YAACIi IlBfX4+PPvqoxT41Gg0kEgn+/ve/o6ysDBs3bkRmZibq6+shFovh7++PlStXCrX61l7HmpoaxDcr P7wAACAASURBVMbG4osvvhDCb8KECXjllVes+pyYmIi0tDQhyKVSKSZPnozXX3+9S6WRplJTU+Hl 5QUfHx/MnTsX27dvR0ZGRqulkIMHDyIuLg6lpaWQSqWYO3duq2W4a9euYcuWLcLrOXLkSCxfvtyq jeX3ZsWKFTh8+DAyMzPh5OSEDz/8EO7u7jh79ix27NiBixcvAgAUCgWee+45LF26VPidNJvN2LFj B9LS0oTXzcvLC0qlEiEhIcKxMjIysH37dly7dg1AwwnL3LlzERUV1S/KiH0tNja2EAAFeRMDIsxP nz4NhUIBPz+/dttNmDABEyZMEP5dU1MDg8HQIghNJhMMBoPVGdinn36KDRs2wNfXFxs2bIBMJkNq aio2bNiAiooKLFu2DADw9ttvIz09HcuXL4evry/KysqQmJiINWvWYO/evXByckJISAh0Oh2cnZ0R EhICDw+PO/7ec3NzAaBF8G3YsAGTJ0/Gm2++iaqqKuzcuRNvvvmmEHL+/v5C2Dd9TfLz83H27Fm8 9NJLAIC1a9eiqKgIL730Enx8fJCfn4/ExES8+OKL+Pzzz+Hg4NDidTSbzVi7di1ycnKwYMECTJ48 GQaDATqdDpGRkdizZw+cnJyg1Wpx7NgxLFiwAOPGjYPJZEJ6errwRtjR9YTWZGVlobS0VOj/M888 g5iYGBw4cKBFmDf9ma5Zswa3b99GUlJSizPd0tJSREZGwmw246WXXoKXlxeOHj2KN99806qd5fdG p9OhpqYGM2bMQGlpKdzd3ZGRkYF169Zh6NCh0Gq1UCgUSE9PR0xMDAoLC/HnP/8ZAPDBBx9g586d eO655zBhwgTU1NRg165dwjaBgYG4ePEi1q1bB39/f0RGRkIqleL06dPYs2cPampq8MYbb3T5dSP3 vgER5lVVVR0G+d2oqKjA5s2b4evri4SEBOEsaurUqVi7di3i4uIQEhICFxcXpKenIygoCGq1Wtj+ 4Ycfxvr165Gfn48ZM2ZArVZDp9PBzc3Nql17mpcgKioqcO7cOeh0OkilUoSGhlqtDw4OxoYNG4R/ u7u745VXXkFWVhZ8fHwQGhqKxMREHDt2zCrMDx8+DLFYjGeeeQYGgwEXL17E8uXLsWjRIgCAv78/ nJycsGvXLhQWFlp9orE4ceIEcnJyoFarrb6/oUOH4qWXXsLBgwcxa9YsHDt2DLNnz8Yrr7witJkx Ywb0ev0dXwNIS0sT+g80fCKZOHEiMjMzYTAYhBJcfX09tm/fjmHDhln9TAMDAzF//nyrfSYmJqKi ogIffvih8P1OnToVf/jDH1otb/34449ITU2Fi4sLgIY3t3feeQdDhgzBRx99JJw5BwYGwtbWFnv2 7MHvfvc7+Pr6Ij09HSNHjsT/+3//T9ifv78/NBoNioqKADSclZvNZrz++usYOnSosK+Kioq7LiGS e9eACHMArZZXcnJyEBkZ2WJ585DpSFZWFurr6xEWFtbiOGFhYTh9+jSysrIQGhoKJycnZGVl4dNP P0VgYCBcXFwwcuRI7Nmzp+vfVBMRERGtLndwcMA777wj/FFbzJ492+rfI0aMAADhj93d3R3+/v44 duwYXnnlFUilUmHkz8SJE+Hi4oKqqipIpVKhbBEYGAgHBwfMmDFDKNe0JiMjAwCwYMECq+WTJk3C Rx99hKFDh8LBwQFffvlli21ramrg5OTUpYvDFhUVFUhPTxf6bxESEoLMzEx88sknQtns/PnzqKqq wvLly61+pk5OTpgxY4bVRdOsrCwMGzasxRvXokWLWg3zcePGWR3//PnzKCsrw/Lly1uUQEJDQ7Fn zx6cOnUKvr6+cHJyQm5uLpKTk/HUU09h6NChcHJywt69e4VtLCNs/va3v2Hp0qXw9fWFWCzGe++9 1+XXjNw/BkyYt3YRyMnJCXPnzrVqk5mZ2eV9W86IYmJikJiYaLXO8jiqH3/8EQDw6quv4s033xTO iocNG4agoCDMmDEDw4YN6/KxLZ577jnY2/93tJWzszPc3Nzg7+8PqVTaov2gQYNa3U/TM7e5c+ci JycHGRkZeOqpp5CTk2NVonBwcMCaNWuwZcsWoaTg6+uLKVOmCJ9EWvPjjz9CoVC0Oqyv6Zh4W1tb ZGRk4OzZsygqKkJRUVGrY+o769ixY6ivr0dFRQXefvttYbnlZ5SWloYVK1ZAKpWiuLgYAFq8CQJo 8XMyGAwICgpq0W748OGt9qN5yUuv1wNoGMF0+PBhq3UmkwnAf39/V69ejVWrVmH79u3Yvn073N3d ERQUhKefflp4MwkJCcGJEydw+vRpnD59Gg4ODpgwYQKCg4MRHBzc5nUjcn8bEGE+cuRIXLx4scVN OF5eXlZjk3Nycu4ozC0mT54MNze3Vtf5+/sDaPj4/fnnn+PUqVM4ffo0cnJykJiYiKSkJGi1WuHj f1eFh4e3GKVzt5566in85S9/wRdffIGnnnoKhw4dgq2trdXT0BcsWICgoCCcOHECWVlZyM7Oxvnz 55GUlIT333+/1TIL0PonpabMZjM0Gg1ycnKETy9BQUHw9fXF0aNH2xyd0x7LPQYVFRUtyjQKhUI4 c2/6qaK1frZ2AbG1dq29ibbHz8+vzeGbljeGkSNHtvj92bNnD/bs2QONRoNly5bB1tYWcXFxwhtx ZmYmTpw4gRMnTsDPzw9xcXEU6KSFARHmzzzzDC5evIhdu3ZZjT7prOYXQJv/23KGOWnSpBblhfr6 elRVVQlvIhUVFRCLxQgNDUVoaCjMZjMyMjLw+uuvIykp6Y7DvCdYgvuLL75AaWmpEHRNQ6qsrAyD Bg3CokWLsGjRItTX1yM1NRV/+ctfkJycjM2bN7fYr0KhEIbVNQ/GHTt2wMfHB7dv3xYukDatmQO4 o3HhFy9eRH5+PmbPni1cTGy+/n//93/x8ccfY8aMGcKnCsunrqaafzpwcXFp9RNDZz9FWH43fH19 W9yNajabUVZWJvSnqqoKZrMZzzzzjPC7kpOTg1dffRUJCQlYtmyZMEzU398f/v7+WL16NUpLS7F+ /XpkZmYiKyur393tTPregBhnPm/ePOHmmeTk5FbrrWVlZS3mbLCEVvM/SkvN1yIwMBBisRj79u1r se/o6GjMnDkTx44dw7Vr1zB9+nR88MEHwnqxWIypU6diyJAhPTrm/E6FhITAbDYjOjoaNTU1VsPf /vWvf2HmzJn4v//7P2GZVCpFWFgYgJZvehaTJ08GABw5csRqeX5+PpKSkpCXlyeUpaZMmWLVpqys TBih0xWWseVN+9/UyJEj4ePjg/Pnz+PatWvw8/ODg4MD0tLSrH6mZrMZJ06csNp2ypQpuHbtmjCk 0KKznx5Gjx4NBwcHpKamthg3/vHHH2P27NlITk5GVVUVpk+fblUiAho+9fn4+Aj9XLt2LRYuXIiq qiqhjYuLi1AK6o+/Z6TvDYgzc6lUiq1btwq1xgMHDiA4OBheXl6oqqpCbm6uME7a19dXOOOx1Jt1 Oh1sbW3h4eGBs2fPYt++fVZnlO7u7li4cCH27NmDtWvXYsmSJVAoFDh27Bj27duHkSNHCrVKf39/ HDhwAM7OzggMDITJZMLBgwdRVFRkNS7ZxcUF165dQ3Jycov5VXqTv78/hg4dimPHjmHo0KFWo4Is F3Cjo6MBNIRSVVUVkpOTAaDNTxnPPPMM9uzZI7xBTJo0CdevX8f27dtha2uL8PBw/Oc//wHQMFLE yckJ9vb2uHr1qnAsoHNz1wAN4XX48GHh5qW2hIWF4S9/+QsOHDiAV155BWq1Glu2bMHatWuhUqlQ X1+P5ORk4Y3GYunSpTh27BjWrl2LNWvWwMfHB6dOncKuXbs67BvQ8AnIcqyoqCio1Wq4ubkhKytL qIv/9re/hYODA2bPno20tDT87W9/w6xZsyCRSITrCpZPhQsWLEBmZiZWrVqF5cuXw9PTE5cuXUJc XBwUCgXGjx/fqX6R+8uACHOgoT6+e/dufPzxx0hNTcXOnTut1vv5+WHevHlWAeTk5ISNGzdiw4YN eOeddwA0BPfWrVvxpz/9yWp7y6RLO3fuhEajAdBw1h0cHIzXX39dqFFu2LABb7/9NmJiYoRx0lKp FEql0moEjVKpxJYtW7B9+3Y8//zzfRbmQMOF0JiYGKuLxUBDv2NiYvCnP/3JapijQqHAmjVr2gxz y3YbN25EdHS0ENA+Pj6IjY2Fu7s73N3dsXz5cmFMtWW/zz33HBQKBTZs2IDvvvuuUzdTpaeno6qq Cs8991y7teIZM2YgOjoahw4dwsqVK7Fo0SKYzWYkJibihRdeANBQComMjMT27duF7dzd3REXFwet VitcCLaMIlq3bl2H/QMaRr7Y2toiJiYGa9asEZZPmDABb7zxhnD37Msvvwyz2Yy9e/cKI6DEYjHm zp2Ll19+GUDDm+wf/vCHFvsaOXKk1b4IaYoDALVa/RYALQChTtfflZaWoqioCIMGDYKXl1e7d8WZ zWZcu3YNYrG4wxEnZrMZhYWFqKurE4bYtaaqqgpFRUWQSCTw8vJq9WKZ5dbwIUOG9OkFq3/84x+I iYnBF1980eYIlYqKChQVFcHBwQFDhw7tdH8t2zk5ObV6AbempgaFhYWQyWTw8vLqk9ehvr4eBQUF wvfWnqKiIlRVVcHb27vLF0AtCgsLUVVVhaFDh7Y5kVdNTQ30ej1MJlObv7+W2nlZWZkwhLE/ysnJ aXpBWts4ZS3pZQPmzLw5FxeXNoOpObFY3OlJojoT+EDDmVtHZ9u2trZ9fut1fX090tLSMHny5HZf r7aGGnako+1sbW379FMJ0PBJorN96CjsO6MzM0va2tp2+DspFosxdOjQbukTufcN2DAn7Tt//jw+ +eQTXLx4EUVFRV2aXpYQMvBQmN+jZDIZ0tPTIZVK8Yc//KFHp0MghPQ9CvN7lI+PT6u30xNC7k0D Ypw5IYSQ9lGYE0LIPYDCnBBC7gFUMyeE9BiVSjWT4zhXADdFItEtNDyzs7q2trYkKSmpto+7d0+h MCeE9IjIyMiFjLEUy795nhfWSaVSqNVqiMXicgB1IpHoR57nb/M8/z2AOp7n9RzHmQAUAoBIJLrO 83yeTqejBzi3gcKcENIjGGMjgIZpNSx3r9bV1VlNFHb79u3BJpMJdXV1ro0TjQUAAMdxVvuyvBGs WLHiJsdxZ00mUyaAXABfU8A3oDAnhPQoLy8vjB07tsN2RqMRdXV1qKqqwu3bt1FTU4Pa2lrcunUL t27dws8//4zbt287A5jd+AXgvwFvNBrPiUSibLPZnJOQkKDvwW+pX6IwJ4T0CzY2NrCxsbF64lZz dXV1qKiowM8//4yKigpUVVWhrKzMubq6ejbHcbMZYxCJRFixYkUlx3FnjEbj2fsl4CnMCSEDhkwm w5AhQzBkyBCr5UajETdv3kRJSQlKSkrw448/OhqNxhkcx82wBLxGo/nJZDJ9zHHczri4uOw++hZ6 DIU5IWTAs7GxgZubm9VjH8vKyvDjjz8KAX/r1q1fA1jFGFul0Wj0RqMxSSwW742Njc3ru553Hwpz Qsg9yXLh1TJjZkVFBb7//nvo9XqUlJR4cBz3Bs/zb2g0mismk2mn2Wzem5iYWNDH3b5jFOaEkPuC QqHAmDFjMGbMGNy+fRs//PADrl+/Dr1ePxzAerFYvF6j0eQajcYkxtiBgVZjpzAnhNx3Bg0ahOHD h2P48OEwGo0wGAy4cuUKfvjhBz+O46I5jouOiorKYowlMsYODoThjxTmhJD7mo2NDTw9PeHp6Ynb t28jPz8fV65cwS+//DIJwCSO43QrVqxI53n+1f584ZTCnBBCGg0aNAijR4/G6NGjUVxcjPz8fFy7 dk1kNpufAvDNihUr/skYe60/XjSlibYIIaQVbm5umDp1KhYvXoyJEydi0KBBMJvNcxhj30VFRX20 fPly777uY1MU5oQQ0g6ZTIbHH38cixYtwqRJk2BnZyfief55iURyRa1Wb9NoNK593UeAwpwQQjpF LBZj1KhRCA8Px9SpU+Ho6CgCsMpsNv+gVqvfUiqVXX8iejeiMCeEkC7gOA4+Pj743e9+h+DgYNjZ 2dkA0Mrl8qLIyMhXlUqlvC/6RWFOCCF3gOM4PPzww1iwYAHGjRsHjuPsGWOb5HL5DbVa/aJWq+3V ASYU5oQQchfEYjHGjBmDhQsXwtvbGzzPPwBgR2lp6X8iIyODe6sfFOaEENIN7OzsMG3aNMydOxfO zs4wmUxDGWPH1Wr1tt4ovVCYE0JIN3J1dUVYWBgmTJhgecjGqkGDBn2nUqn8evK4FOaEENLNOI7D 6NGj8eyzz0KhUMBsNvuIRKIctVq9rqeOSWFOCCE9xMnJCWFhYXjsscfAGBMB2LxixYr0nhibTmFO COlRZWVl+OGHH1BcXIzy8nJUV1ej8Xmf9wUbGxtMnjwZM2fOhFwuh9lsnsoY+1qtVo/ozuPQ3CyE kJ5SAgCFhYUoLCxstYFMJqsXiUS8nZ0dJ5FIbOzt7UUikQh2dnYQiUTCI+QcHBwwePBgyOV9MoS7 W/zP//wP5s+fj8OHD6OsrOx/RCLRN1FRUXNjY2PTu2P/FOaEkB6h0+niIiMjFQCanoE68zwvPOSz rq7OFYC88UHNso72aWtry1xcXDhnZ2c4OTnBxcVlQAX8oEGDMHfuXJw8eRLXr1+35zjuhFqtXqbT 6ZLvdt8U5oSQHhMXF/deZ9tqNBp7nuedAXgxxobwPO8KwFkkEnkwxjwAjKqpqXFtfqZva2tb/+tf /1r0wAMPSH7961/D2dkZdnZ23f69dBcbGxs8/fTTyMrKwoULF0QAklQqlXd8fPybd7NfCnNCSL8Q ExNTDaAaQGFbbZRKpUIikYwQiUSjAYzgOM67pqZm1PXr172uX78utJPJZGZXV1fxAw88gP4Y8BzH YfLkyVAoFMjMzASAN9RqtaNOp1t9p/ukMCeEDBhJSUkVAM40fgkaz+rH8Tz/BIDAurq6wOvXr9s3 DXg7Ozs89NBDeOSRR+Ds7Ny7HW/DyJEjMWjQIJw4cQKMsVWRkZEVcXFxb93JvijMCSEDXuNZfXrj FwBApVL5cRz3BIBAAIG3bt3yyMvLQ15eHhwdHflhw4aJhg0bhsGDB/dNpxs99NBDCA4OtgT6n1Qq 1c/x8fHburofCnNCyD0pPj4+F0AugPcBoHEo4DwAsyorKwO//fZbfPvttxg8eLBx2LBhNg8//DB+ 9atf9UlfH3roITzxxBPIyMgAx3HRarXapNPp3u/KPsQA4O/vHwQgCADc3d3h7u7e7Z0lhNybiouL UVxcbPlnek5Ozqm+7E9bcnJybubk5JzOycn5cOLEiXGMscscx4lu3779kMFgkFy4cAFFRUVGk8kk trOzg1Qq7dX+/frXv4ZMJoNerwfHcbPGjh174dy5c5c6uz2dmRNC7jsxMTElABIBJGo0Gnuz2RwM IOKnn36a9dNPPyErKwuurq7Mx8eH8/T07LXhj6NGjYLRaER2drZIJBLtioqKutLZ541SmBNC7muN 9faDAA5qNBpXs9m8lDEWUVJS4l1SUgIAzMPDgxs/fnyvXDgdM2YMysvLce3aNblIJPpMo9GMaexj uyjMCSGkUeMZ+3sA3ouKigpijC1ljIXr9Xq5Xq+Hl5cXxo0b1+MXTadMmYKbN2/il19+8ZZIJLEA lnS0Dc3NQgghrYiNjU2Pi4t7ob6+3g3A7wGUFBYWYv/+/ezUqVP45ZdfeuzYNjY2CA4Ohlgshslk WqxWq5d2tA2FOSGEtCMpKalCp9Ntqa+vf4gxtgbA9fz8fOzbt49lZWXxt2/f7pHjOjk5YdKkSQAA juNiO5qYi8KcEEI6ISkpqTY+Pn6bu7v7IwCUAK7l5eWJ9uzZYz537hzq6uq6/ZiPPvoohg0bBsaY XCwW69prS2FOCCFdoNVqTTqdLtnd3f1RjuPCeZ4vysnJQUpKium7777r9ul9J0+eDJlMBrPZPEWt Vs9pqx2FOSGE3AGtVmuKi4vbW19f/yiAN+rr601nz57Fxx9/zF+8eBGMsW45jlwuh59fwxPnJBJJ rFarbXXgCoU5IYTchaSkpFqdTvcuz/OPANh1+/Zt0VdffYV9+/Yxg8HQLcfw9fXFr371K5hMJg+D wdDqZFwU5oQQ0g0SEhL0Op3ueQBTAGRXVlZy//znP5GVlXXXpReO4zBx4kQAgFgsflutVrcY8E5h Tggh3Uin02W4u7tP4jjuNQCmvLw8fPrpp6ysrOyu9uvp6Qk3NzeYzWY7AC83X88BgFqtfguAFgDc 3NxobhZCSKcZDIamc7NodTrd233Zn/6kcebGj9HwtCU2ceJE7vHHH7/j/RUXF+PQoUMQi8XlQ4YM cdFqtSbLuhaF9GaT5hBCCLlD8fHxuRqNZrzJZNoIYOXXX38NvV6PadOmYdCgQV3en5ubGxQKBSoq KgbfuHEjFMAByzqrMH/88cfh6el5198AIeT+cv36dfz73//u6270S43zqrykVquPAEi6ceOG8+ef f87PnDlTpFAoury/4cOH4+uvv4aNjU0U2gpzT09PhISE3G3fCSH3mUOHDlGYd0Cn0/1To9H4mkym w5WVlX4HDx7kZ8yYIXJzc+vSfnx8fJCdnQ2z2fxURESER0JCgh6gC6CEENJrYmJiSiQSyRSO4w7V 19eLDh06xPLz87u0D7lcDi8vLzDGRGKxWGVZTmFOCCG9KCYmptrNze1ZADsAcKdOnUJ2dnaX9vHI I48AAKRS6W8tyyjMCSGklzVOCfASgJUATN9++y2ysrI6vb2LiwsAoL6+fqRSqZQDFOaEENJndDrd +4yxcDSORz937lyntpPJZHBycgJjTCSXywMACnNCCOlT8fHxByyBnpOTg7y8Tj0lDpYLpzzPPwFQ mBNCSJ+Lj48/gIaSC7KysnDx4sUOtxkyZAgAQCaTzQYozAkhpF/Q6XRxjQ+/wFdffcW+//77dttb zsyNRqM/QGFOCCH9Rnx8/DYAbwDg0tPT+fLy8jbbDho0CGKxGDzPy5RKpZzCnBBC+hGdTvcugBST ySQ6fvw4bzQa22xrmRJALpe7UpgTQkg/I5FIVAAKKioqRJmZmW22k8vlAADGmDOFOSGE9DMxMTHV jLHfAajNz89HW3eJ2tjYAAA4jrOnML8PLVq0CNOmTUN1dXW77RITEzFt2jScOXMGubm5mDZtGqZN m4YtW7a0u51KpcK0adOwdu3a7uw2IfeV+Pj4XACWC6J8RUVFizYODg4AAJ7nPSnM70NeXl5IT0/H 3r172223adMm5OXlwc/PDxUVFUhPT0d6ejqio6Pb3Eav1yMhIQHp6enIzc3t7q4Tcl/R6XRxaKyf Z2Zm8s3XS6VSAABjTEFhfh9aunQpACAlJaXNNhkZGSgoKMCSJUuEuhwAODs7Q6/XIyMjo9XtDhw4 AHt7++7tMCH3t5cAVNy4cUP0ww8/WK2QyWQAAI7jKMzvRyNGjEBQUBCOHz8OvV7fapvk5GQAwPLl y62Wh4WFAWgI7dbs2rVLaEMIuXs6ne4mgPUAkJmZaWaMtdqOwvw+pVQqAaDVUkttbS1SUlIQEBCA UaNGWa3z8PBAYGAg9u/f32K7goICZGdnY/78+T3SZ0LuV+7u7tsAFFRVVYnPnz/fahsK8/vUwoUL oVAosGvXrhbrDhw4gOrqakRERLS67ZIlS1ottezduxfOzs6YOXNmj/SZkPuVVqs1cRz3ewA4d+6c uba2tkUbCvP7lFwuR3h4OHJzc1tM7LNr1y7Y29tj4cKFrW47b948SCSSFqWW/fv3IywszKrGTgjp HnFxcQcZY+lGo7HVs3MK8/uYpR7etNSi1+tx/PhxLFmypM0Lmc7OzggKCrIqteTl5SE3Nxfh4eE9 22lC7mNisfhtALh06ZKxee2cwvw+Nm7cOPj5+SEpKUlYtnv3bphMphYXPpsLDw+3KrXs3bsXHh4e mDp1ak92mZD7WmxsbDqAy3V1dTaFhYVW6yjM73MRERFWoZyUlIRRo0Zh3Lhx7W4XGhpqVWpJSUnB /PnzIZFI2t2OEHLXEgDgypUrpqYLKczvcwsXLoRcLkdycjKys7Nx+fJlREVFdbhd01JLbm4uCgoK MG/evF7oMSH3vWQAtXq9XnTr1i1hIYX5fc7Z2RlhYWFITU1FcnIy5HI5Fi9e3KltlUol9Ho9Xn75 ZXh5eSEwMLCHe0sIaRx3nsoYE127dk1YTmFOEBERgZs3byIpKQlhYWFQKBSd2i40NBRyuVy4YEoI 6R2MsSQAaDo9LoU5QXBwMAICAuDs7IwXX3yx1TZyuRxeXl5WQW9vb4/w8HB4eXm1KLF4eXnB1dW1 R/tNyP2K5/lrzZfR1SoCoOG5g+0JCAhAa4+x+vDDD1tt39Ejrwghd04ikcyjoYmEEDKAabVaCcdx q5ovpzAnhJABpLi4eA7P8+4ikXV8U5gTQsgAwhhbCQCzZs2yWk5hTgghA0RUVNQoANNtbW0xa9Ys 4bFxAIU5IYQMGGaz+UUAmDRpEmQyGRwdHYV1FOaEEDIAqFQqP47jVADw5JNPAoDVZHgU5oQQ0s9p tVqJSCRKAiCeNm2acA+H5bFxAIU5IYT0ewaD4Y+MsdEuLi549tlnheXOzs7C/1OYE0JIP6ZSqfwA vCkSifDCCy9Yn43/d3hiNYU5IYT0U0qlUi4SiVIAiKdPn46HH37Yan11dTUAgOO4AgpzQgjpp2Qy 2TuMseGurq74zW9+02J9WVkZAIDn+etWc7NcuXKld3pICLmnUHZ0v4iIiADG2FqRSISlS5dajSm3 sIS50WgstIR5CQDk5+cjPz+/1zpLCLnnlPR1B+4FGo3G1Ww272KMtVpeAYCamhrU1NRAJpPV63S6 CgkA6HS6OLVaDQA0Zykh5E6V6HS6uL7uxEDXGOTpjLFh3t7erZZXgP+eldvZ2VUCTabAPbS7jgAA HxhJREFUpR8CIYT0LbVa7WwymU4CGD506FCsWrWq1fIKAPz8888AALlcXgLQ0ERCCOkXNBqNPYDP AIxwdXXFqlWrrIYhNnfz5k0AAGPsMkBhTgghfU6j0dibTKbDAAJdXV2xbt06q3lXWmMps5SXl38D NCmzREZGLmSMjejB/hJC7mEcx12Oi4vb29f9GGi0Wq3kxo0baRzHBTo6OmLNmjUdBjkA/PTTTwCA urq6K0BjmDcGeUpPdpgQcm9jjCEyMhIU6J3XGOQfcxwX5OjoiHXr1mHw4MEdbmc0GlFQUAAAYIz9 N8wtZ+Rubm5wd3fvuZ4TQu5JBoMBxcXFoE/3nRcREeFhMBg+4zhunCXIO/sQ9O+++w41NTVwdHS8 unnz5stAswc6u7u7w9/fvwe6TQi51xUXF/d1FwaMyMjI4MZqiLOTkxNWrlzZ6SAHgIyMDACA0Wjc YVkmabM1IYSQbqdWq//IGNMCkDz22GOIiIiAra1tp7cvKyvDpUuXIBaLzUaj8R+W5RTmhBDSC5RK pUImk+1kjIWIRCLMmTMHISEhXd6P5az8gQce+L9333232rKcwpwQQnpY41OCPmGMedvb22PZsmV4 7LHHurwfnueRlZUFACgrK3uv6ToKc0II6UGRkZHLGWPbANh5enoiMjISTk5Od7SvS5cuoby8HHZ2 dmVbt25Nb7qOwpwQQnpAVFTUKJ7ntzLGpgNAYGAgwsPD27w9vzMsJRaO43Y0X0dhTggh3UipVCqk Uuk7PM9HAZDY2dmxhQsXchMnTryr/VZXV+P8+fPgOI6vrKxMaL6ewpwQQrqBVquVFBcXL2WMbQLg LBKJMG3aNISEhHBdGa3SlkOHDsFoNEIkEh1JSEjQN19PYU4IIXcpIiIiwGAwbAcwDgAeffRRLFiw oNtuwszPz8fJkyfBcRxvNpv/2FobCnNCyICj0WjszWbzxLi4uBN93A9Xk8n0VwBLAOCBBx5g8+bN 48aNG9dtx6irq0NSUhIAQCQSrY+Li8ttrR2FOSFkQFEqlQqz2XyGMTZcpVItiY+P393bfVi+fLm3 WCxebTKZIgDIJRIJmzFjBjd79mzubi5wtuazzz5DWVkZBg0aVDB48OB32mpHYU4IGTAap4pNY4wN BwCO47x78/iRkZHBANYwxoS7fcaOHYv58+dzdzrcsD1Nyys1NTW/27Ztm6mtthTmhJABoemc3715 XKVSKZdKpQvREOJ+ACCRSNjkyZO54ODgLs2p0hWdLa9YUJgTQvo9rVYrMRgMhwEEOjo64vHHHxfG XPeUxnp4JIAoND4f2cHBgX/66adFTzzxBGdvb9+jx7eUV6RS6WVnZ+c2yysWFOaEkH6tyZzfgZap YrOzs3vsWMXFxVMBLDGZTOEA5ADg6enJgoODufHjx4tEop5/QFvT8kpdXd0irVbbZnnFgsKcENJv NQny+V2d87uzlEqlXCaTzWSMzTcYDCEAFADAcRwbPXo0nn76aXh7e3PdetB2VFZWCuUVxtif4+Pj 2y2vWFCYE0L6LYPBsJPjuPkymazLc363R6PR2BuNxlCO4+YDmM4YE2omHh4e/JgxY0QTJkzgXFxc uuV4nVVZWYktW7agrKwMHMd95+bm9m5nt6UwJ4T0S2q1eiuAcKlUylatWsV5enre7f6cOY4LZYyF m0ymQI7j5JZ1w4YN40ePHi0aM2YMXFxc+uRB95YgLykpAcdx+WKxeFZnyisWFOaEkH6nMcjXSKVS tnr1as7bu2sjEBvLM6M4jpuIhrsyAwCMYowBaCihDB8+nB8zZoxo9OjRGDx4cJ8EuEVdXR127NiB kpISiMXiAo7jpsbExJR0ZR8U5oSQfkWtVm8EsEYkEkGtVncqyCMiIjw4jpsoEokCGGMBBoPBj+M4 q+EmEomEHzVqFPf4449zo0eP5uzt7XutDt6euro6/P3vf8f169chkUj+A2BKV4McoDAnhPQjKpVq NYDXOI5jKpWK8/X17WgTpVqtFoYOWs68AcDJyane29tb6unpCW9vb7i7u4u6++7Mu2UJ8oKCAojF 4gLcYZADFOaEkH5CpVKt5jgumuM4plarubFjx7bZ1tHR0fK/XgAgl8tN3t7eeOihhySenp4YNmwY bG1tpT3f6zvXPMg5jrvjIAcozAkh/YBarY4EEA0Azz33XLtBDgBPPvkkAEAmk+Ghhx6Ci4vLgMqy pkHOcdyNuw1ygMKcENLHVCrVPAA7AGDBggVCUHeks+36m7KyMsTFxeH69esAUMIYm363QQ5QmBNC +pBKpZrHcVwKAMmCBQsQHBzc113qUf+/vbsPiuq8Gz7+XdaukYZnNiWlSsPTjbRYqUx5BFGMjFYU gzeoiRONVsZG467SSIgarU6MtLa0vpCSOEF3wYRgbmMYSbFws0IkQTCgyCIdCDGMW2lJwazBIUDX sNllnz/0nJt1QYkVFsn1mXFGds/L77zs71znejmnpqaGnJwcenp6AJqBWIPBcPFeLFskc0EQPEKr 1f4XcAwY8/jjj4/qRN7T08OxY8eorKyUPjpms9k2ZGdnd9yrdYhkLgjCsNNqtbO4mcijo6N54okn PB3SkGlpacFgMGCxWAD+rVAontfr9Yfv9XpEMhcEYVjdTORG4MHo6GiWLVvm6ZCGTGlpKcePH6e3 txeFQvE3p9P5tF6vvyfVKrcSyVwQhGGj0+nCnU6nEXhw2rRpzmXLlo2IgTv3Wnd3N2+88QYff/yx 9FH6hAkTXvwmw/O/KZHMBUEYFlqt9qdOp7MAeHDq1KnONWvWjMpEfvHiRbKyspxdXV0K4Aun07kq MzOzeKjXK5K5IAhDTqvV/hT4EBgfGhpqX7du3ZjheC74cLJYLOTl5VFXVwegAE6NGTMm4V50OxwM kcwFQRhS69ev1/T29n4IjJ84caJdp9ONqkRusVgwGo1UVVU5nU6nAvgKeMlgMKQNZxwimQuCMGRu vnrNCIx/9NFHbcnJyarRksg7Ozs5efIkH374Ib29vQA9wKExY8bsGa7SeF8imQuCMCS0Wu3Ddrv9 Q+CnGo3m+gsvvDBu7Nixng7rP2a1WjEajXzwwQdOu92uAOwKheJtu93+h8OHD1/yVFwevUTqdDrC w8OZPn06HR0D950/ceIE4eHhhIeH09raOqSx3ElhYSHh4eEUFhYOSRy3I+2DW/8tWrQInU7nFtOi RYtYtGjRsMao0+mGdJ3h4eHodLpvNM/y5csJDw/nrbfe+sbrk/btnRgMhiE9P+9Tq4GfKhQK59q1 a+/7RG61WiksLGTHjh3OkpISbibyYw6HY7Jer3/Gk4kcRkjJ3OFwcPr0aRYvXtzv98XFQ94QfN/w 9fVl5syZLp91dHRgMpkwmUy0trai1Wo9FN3IU19fj9lsxsfHh7y8PFavXu3pkL41vLy88pxOZ5LT 6fy/r7/+Ops3b+77tMP7Rk9PD2fOnKGwsNBhtVqV3GjczHc6nb8d7Ps5h4PHk7mfnx82m43i4uJ+ k7nFYqG6upqAgABaWlo8EKGruLg44uLiPLZ+jUbDrl273D63WCwsX76c7Oxsli1bhlqt9kB0oNfr PbLegRQWFqJSqdBqtaSlpVFVVUVkZKSnw/pWOHToUHNiYuJ0h8NRduXKlUm7d+8ekhcyD4Xe3l4+ +eQTzp07h8lk6rXb7V6A0ul0ljmdzu1ZWVlnPR3jrTyezMeMGUNUVBT5+fl0dHS4JaHS0lJUKhVz 5szhyJEjbvN3dHRQW1uL1WoF4Ec/+hEDPdC+vr5eelIZQUFBBAUF9Tud2Wzmk08+AWDq1Kn4+/vL 37W3t9Pc3IxGo8HX15euri6ampoICgpi7NixnDlzBqvVilqtJiIiApXK/ZHKLS0tNDQ04HA48PPz IywsDKVSOYi9NTA/Pz9iYmLIy8ujoaGBWbNm9bvtSqWSsLAwpBfVStsTEBDArS+vdTgc1NXV4evr i0ajAaC5uZmGhgbgxl1CWFiYyzY2NTXR09Pjdgza29sxmUzYbDZ8fHyIjIx02zdWq5Xz58/T1dUF wIQJEwgNDb3rfWOz2TAajYSGhhIbG0t6ejq5ubkDJnOr1crZs2exWq34+fkREREx4LLr6ur47LPP UKlU/S5P2q8hISHU1dVhsVhcziWHw4HJZJKGePPzn/+cgIAAt+V0dHRQXV2NzWZDpVIRERHh9htx OBxUV1fT3t4OwOTJkwkMDBzcThpiGRkZVxITE8Ptdruxs7NzVlpaGjqdjm/6Grjh8o9//INz585x 9uxZ57///W+pH7wXcNLLy2vPoUOHyjwY3m15PJkDxMbGkpeX129VS2lpKXPmzGHcuHFu8x08eJDs 7GwcDofL52FhYRw4cEBOFu3t7WzZsoX6+nqX6RYuXMiuXbtcksUf//hH8vLy5L+VSiXJycmsWLEC gKqqKlJSUkhJSSEuLo6mpiZ0Oh07duwgKytL/nHCjVK0Xq/H19cXuPGjS0tLIzc31yUOjUbD/v37 5YR5t/qrk7Tb7ezYsYOSkhL5M5VKxc6dO4mNjcXhcKDT6YiOjmbPnj0u81ZVVZGcnMzu3bvRaDS8 /PLLFBUVuUzj6+vL/v375eSdlpZGW1sbf/3rX+Vp3njjDbKysrDZbPJnfn5+ZGRkyNucm5tLenq6 yzQAgYGB6PX6u7rTKCkpwWq1Eh8fj1qtJioqioqKCiwWi9uFq66uji1btri03cTExGC3uw7Ys1qt bNmyherqapd9EBYW5jKddJ4kJCTIhZDQ0FCysrJobm5m27ZtmM1ml3mWLFnC9u3b5fOxsLCQ1NRU l32iUqlITk6Wh8A3NzeTlJTkVlcfFRXF/v37/+NCwr2QkZHRnZiYGGu32490dnYuee2119DpdPzs Zz/zdGjAjfwgJfDPP/9cSuAKoEGhULztcDj+Oysr6zNPxjgYI6KPUGhoKH5+fm514xaLhbq6OhYs WOA2z+nTpzl8+DALFy7k1KlT1NTUcOrUKWJiYjCZTBiNRnnaLVu20NjYyM6dOzl37hyVlZUsW7aM oqIi3nnnHZflmkwm9Hq9/KhKX19f0tPTb9tAC7Bnzx7i4+M5deoU5eXlJCQk0NzcjMFgkKc5ePAg ubm5LF26lPLycmpqatDr9XR1dZGUlOSWyL6J9vZ2iouLUSqVTJkyRf7cYrHQ1tZGTk6OvL6xY8ey d+9e+c4gIiKCiooK+e5GUlRUhLe3N9HR0ZSUlFBUVIRWq+XcuXPU1NSQlZXF9evX2bdv34BxGY1G MjIymDlzJsXFxS7zvfDCCzgcDurr69m7dy/h4eHysSwvL2fp0qWYzWa3i99gFRQUyPEDxMfH43A4 XC7WAF1dXWzZsgWlUsmbb75JTU0Nx48fp6mpyeXiDPDKK69QXV3Nxo0bqayspLy8XN4//cnLyyM5 OZnU1FTWrl2LzWYjKSmJtrY20tLSqKmpobKyEq1WS35+PgcPHpRjSk1NddknxcXF/PjHPyYtLU2O 65VXXqGrq0s+vpWVlSQkJFBRUcGJEyfuar8NhYyMjG5/f/+nFApFtvTy4traWo/FY7Va+eijj9i3 b59zx44dnDhxgpuJ/DOFQrHf6XT+P4PBEKLX6/fcD4kcRkgyB5g3bx4mk8klaRYWFuLt7d3vbWxH RwehoaFs2rRJLrWp1Wq58e/zzz8HbpS46uvrWblyJYsXL0apVKJSqdi8eTPBwcFupaNdu3bJpazg 4GBWrlyJw+Fwm+5WYWFhbNiwAbVajbe3N8899xw+Pj40NzcDN06eo0ePEhoayvbt2/H29pbn27hx I62trS4XoIG0tbVhMBhc/v3+979n5cqVtLe3k5CQ4FaK/d3vfkdwcLC8vtjYWLq6uuQ2iPj4eGw2 G++//748T1dXF2VlZcTExKBSqeTtiIyMlEt7oaGhpKSksGTJkgHjPXLkCGq1mtTUVPkOJTQ0FK1W y7hx42hpaeHq1atux9Lb25vnn39e3uZvqqWlBZPJJMcPMGvWLNRqNfn5+S53c0ajkY6ODrZt2ybf YWg0GlJTU12W2dXVRUFBAVFRUaxevRqVSoW3tzdbt24dsMpu6dKlrFq1ipiYGCIjIzEajbS2trJ5 82Zmz54NINfph4WFcfToUaxWK2azGZvNRmhoqLxPfH19+c1vfkNycrJ8DJqbm/Hz82PSpEnysjZs 2EBiYiITJ078xvttKKWkpNj1ev0zQHpvby96vZ7S0tJhWXdvby8tLS2Ulpby+uuv21988cXenJwc Ll26pAC6gbcVCsU8f3//R/V6/YsjqWFzsEZENQvA3LlzOXr0qEtVi1TS7q/eefHixS5VMhaLBbPZ 7HL7C8j1u7deEJRKJTk5OW7LvbWud7C397fOp1Qq8fHxkUtQDQ0N2Gw2AgICMJlMLtNK21dfXz9g jx5Ja2urS2lfotFo+NWvfuX2BDo/Pz+3ulhpm9rb29FoNERHR7N3716XRugPPvgAm81GbGwsABER ERgMBpKSkoiOjiYqKopp06Yxd+7cAWOV2hP6O4YrVqyQq640Go3LcqT6ZunY3Q2pVNq3sVqpVBIT E0Nubi6nT5+W1ykdjxkzZrgsIygoyGXf/e1vf8PhcPRbuJg3bx5NTU1un4eGhrr8fe7cOQDGjRvn dh74+/tjMpkwm80EBwejVqvR6/U0NjYSFRVFZGQkwcHB8oUZbhyX/Px8EhISmDdvHtOmTSMkJIQ1 a9bceSd5iMFgeGHdunXNCoUiPTc3l87Oznv+CFzpgvj3v/+dS5cucfnyZcfXX38t1TmNAexAidPp fPvrr7/Oy87O/uqeBuABIyaZ961qWbx4MS0tLTQ1NZGcnDzgPO+99x75+fl8+umnckmrb2MlIFcd PPLII0MXPAxYNynFJSX1goICCgoK+p12MH2UQ0JC+MMf/uDy2cMPP9zvBQ9uNDDfiUqlkhtPpfrk goIC/P395bsUqRSekZFBfn4++fn5KJVKpk+fzvr1610SjERqyHz44YfvGENJSQm5ubk0NjbK1U39 NQgOhsPhkOv2X375ZZfvpPPh+PHjcjKX7galu6W++tatD3a6vh588EGXv6VGyh07dgwYf1tbGyEh Ibz22mv86U9/oqysjLKyMuDGBWb58uXyRXfTpk04HA6Ki4vJyMgAbpTgFyxYwPr16/uNdSTIzMx8 dd26dV8oFIq3Tp48qbRaraxYsYK7HR165coVLl++zKVLlzCbzc62trZbH+KlBC4qFIqzwBmlUvk/ nhilOZRGTDKHG6Wbd999l46ODt5//33UarVbw5JEqmIICQkhOTkZjUbD5MmTsVqt/Q5a6e7uHurw b0tKths3bmT+/Pn9TjOYQRUqlcrtgnUvxMXFkZeXh9FoZP78+dTV1bn1V5e6ZTY2NnL+/HkqKyup rKykrq6OY8eODRiXlNQHUlhYSEpKCoGBgSQmJqLRaAgKCsLPz29QA7luVVVVhcViYebMmS7tB5KS khKqq6vlXkm32+8Oh0O+UA90wZSmGwxpWX/5y18GLABId07BwcHk5OTQ2trK2bNnqampoaysjN27 d6NUKomLi8Pb25tdu3bx4osvcv78ec6dO0dZWRlHjx6lpaWFP//5z4OKyxMyMzP/W6fTdQNHy8vL vbu7u1mzZg3f+c53BjV/aWkpFy9edDY1NfV+9dVXfXemAvjK6XSeVSgUZxUKxdmenp7T9/KtPiPR iErmcXFxclVLQUEBCxcuHPCEf+edd/Dz8yMrK8tlGqluWyoJS6U7qftgX9u2bcNisfDmm28Oxea4 kLqKtbS0uCW99vZ2jEYjU6ZMkeuVh1tISAgajcalEbpvFUVVVRVms5lVq1bJt/qrV6/mrbfe4sCB A9TW1rptl7+/P97e3nJ9e1+nT58mLS2Nl156iSNHjuDt7U1WVhY+Pj7yNHc7riA/Px+4UWrtr4eQ Wq1m7969nDhxgueff57AwEAqKytpbGx0ucOQ2kqk80Y6ho2NjW5jDT799NNBxTZp0iS5G+GtVTBV VVW0tbUxe/Zs2traqKqqIiYmBn9/f5588kmefPJJzGYzy5cvx2QyMXfuXE6ePMkjjzxCREQEs2fP Zvbs2WzevJnly5dTUVEx6H3mKXq9/oRWq13g5eX1P7W1tf+ns7OTpKSkOxZsysvLpYZxBTdK3Z85 nc6zwBkvL6+PJkyYUDeUzw4fiUZMAyj8bx3l4cOHaWlpuW19bH8lIZvNJg/Zlr6fNWsWPj4+HDly xKW3htlspqysbMDb43stMDCQoKAgioqKpEdkyl599VXS09Pdek4Mt/j4eJqamigqKiIsLMwlOVdV VZGenk5VVZXLPDdfTDvgfoyJiaG+vt6lLcPhcPDuu+/yxRdfEBgYKB+rvhdlh8NBZmYm8L9VE4PR 3t5ORUUFwcHBA3b1jI2NRaVSkZ+f79IukJmZ6XJevf322y53FdIxNBqNLheo5ubmQTVeS+uGG8e8 7/nY3t7Ozp07ycjIkNtapH7xfUn728fHh7Fjx3LgwAHS0tLceiJJPZXuBwaD4Uxvb+90hUJhuXTp Evv27aOzs/O28/T5/m0vL69HDQZDQGZm5lOZmZmv6vX6mm9bIocRVjKHGz/+w4cP4+fn51Zy6WvJ kiUcPXoUnU7HzJkzsVqtlJaW4uPjg0qlkk9uHx8ftm7dSkpKCk8//TTR0dFYrVZKSkpQq9Vyj4nh kJKSQmJiIomJiSxYsAA/Pz9MJhN1dXVER0cTExMzbLH0Jy4ujoyMDMxmMykpKS7frVq1iuLiYjZv 3syCBQuYMGECZrOZ0tJSwsLCBqwOe+6556irq2Pjxo3yfBUVFTQ1NbF161Z8fX2Jj4/nwIEDPPvs s8yZMweHw0FFRQXXr19HrVbfsZqmL6PRiMPhkJNmf3x8fJgzZw4lJSWUlJQQFxfH2rVrOXz4MAkJ CURFRdHU1ITJZHJLiCkpKTz77LM888wz8jqMRqM8gOxOgoKC0Gq1GAwGfvnLX8rbW1RURFdXF3v3 7pUHIkVERJCdnU1TUxNTpkyhvb2dkpISfH19efrpp1EqlWzcuJHU1FR5WUqlkoqKClpaWtyO4Uhm MBgurl+/fjpQ3NLSEpSWlsaGDRsGM1r00qFDh5qHPsKRTwkQFhY2B5jj7+8/JPWxA7l27Rr+/v4u vQi+//3vc/36dRYvXuxSLdLd3c3YsWOJiorigQceICIignHjxnHp0iXq6uro6ekhPj6e7du343Q6 8fLy4rHHHgPgJz/5CTNmzMBisVBTU8PVq1d57LHH2L17t3yyXLt2jR/84AfMmTPHJUar1YrT6SQy MhK1Wi3/HRERwfjx47HZbFy/fp3w8HC3kqDFYmHixIny9vn6+vL4449jt9upr6+nsbGRhx56iNWr V/PrX//6jo0/UsPY7S5yt1v/rftS2iaJt7c3NTU1fPnll+zcudOl7vK73/0u0dHR2Gw2Pv74Yxoa GvDy8uKpp55i69at8rS3HtMHHniA2NhYvLy8aGhooKGhgYCAADZt2iQnQ6n73T//+U8uXLhAZ2cn c+fOZefOnXID3owZM1AqlXfcBzU1NYwfP54VK1bctvFvwoQJ2O12fHx8CAkJYdq0aUyaNAmz2Uxt bS3f+9732LVrFw899BABAQHy+qTGxWvXrnHhwgWuXr1KQkICTzzxBE6nUz4/bz1v+goLCyMkJISr V69iMpn417/+xdSpU9m+fbvLqNP58+fL1VS1tbV0dHTwi1/8gpdeekn+nU6ePJng4GAsFgsXLlzg 8uXLBAYGsmnTpmF9231bW5vUhbTMZDKdvptl1NTUdEyfPv240+mM6u7ufqS2tpYpU6a4VL1Jmpqa pN5Dd72+0UYBoNVqdwEptythCaOfzWZj4cKFREVF9fv8F0EYiPSgNyDFYDD89j9ZVmJi4oN2u70Q mD127FiSkpLchv8XFhZKvcL+4/WNFiOqzlzwDKvVisPhIDs7m46ODp566ilPhyR8i90cLTrP6XQe 7+npIT093aOjRe8XIpkL7Nu3j+nTp2MwGIiPj++3z7ggDKeUlBT7D3/4wxVA+tdff01mZiYfffSR p8Ma0UZcA6gw/KSGV41Gw6pVqzwcjSDccLNHygtarbajt7c3JScnh+7u7n6f1SSIZC5w41EH4hnf wkhlMBh+q9VqvwBefe+995RffvnliB3Z6kmimkUQhBHPYDC87nQ6lwOO0tLSYXtA1/1EJHNBEO4L mZmZeV5eXvMUCoX11kFSgkjmgiDcR26+6We2l5fX1ZsffeHBcEYUkcwFQbiv6PX6GiACWO/v7z+y XjrrQaIBVBCE+87NIfwikfchSuaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIg CKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAI o4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAijgEjmgiAIo4BI5oIgCKOASOaCIAij gEjmgiAIo8CYvn+0trZ6Kg5BEO5jInd4npTMrwC0tbXR1tbmwXAEQbjPXfF0AN9WCuk/Wq1WB4z3 YCyCINzfrhgMBr2ngxAEQRAEQRAEQRAEQRAEQRAEQRAEQRDuc/8fxC9aEL2TrMcAAAAASUVORK5C YII= --001a11438ee87740cc052a2ebe73 Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --001a11438ee87740cc052a2ebe73-- From publicity-bounces@lists.xenproject.org Mon Jan 25 21:23:14 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 21:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNobR-0001oT-S1; Mon, 25 Jan 2016 21:23:13 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNobQ-0001oL-Lo for publicity@lists.xenproject.org; Mon, 25 Jan 2016 21:23:12 +0000 Received: from [193.109.254.147] by server-7.bemta-14.messagelabs.com id 6B/0D-28221-04296A65; Mon, 25 Jan 2016 21:23:12 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-7.tower-27.messagelabs.com!1453756990!19309697!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25830 invoked from network); 25 Jan 2016 21:23:11 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-7.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 25 Jan 2016 21:23:11 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=nCKYKGYUcAkQ6cl0t4nAFLrp/THonbTS5zmHKuXqkreE09McL5LGelefqAS+YRlnFD7LZ55SSmx+52LV3Lm3S6qLMn1KVLIQ8G9ErRJ8Rh+b934A3LiGfEO/MCR6RFu7sz9o0uURdkuocaNv29DKJz+UEbkXWfPpBQ5iOgzTEX9WqMeguC2PS3GvfAxspdjfVw9FNGhser+KktktBqYIUJrecin26pZVo+SE2SPLQhQK1nEl58Yik89kVwU+IBzqYrXe0j9tsK+A8ZaEQRwsCN81E1XDivH/u+nf0B77I+MWJPmZwKhe77e4kOHxGBzaJG0ESVe7iITNu0IhR1jlYA==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=11tamZ5xS wqscQ3Vpt5+L12vPe8=; b=qyyAl5URYjGB5IS5+sW6JN14TsFlGloWNMig+TnCa yuHt5ByeA6fsG2HZItpcm3kMxYPN5nhoLzcF5bzVxj+OmjJs2uF9S8pVlqgKDSBs up3f2+6BeOF7O5Y6mQ+vtSl70hgR1lS3TNz48zf6/lqAiG/+FrZ2M1TDkosBTlVg cE28mU1oncSPVdM9Fh34i5N5e1YNr/LWryguKdKisKtFeU1fkHbz4xK4Ucl5CB1f d9nnvmFQNVXyyKMiVM7t8F+k4Au9N8stx12VDi0vRZw3GUUYuKu3vtpvntevdl5l CL7DlJV1d7l6bN92LawJ+2tQXKxT+6tX6XBUVwYp9MX9w== Received: (qmail 23615 invoked from network); 25 Jan 2016 23:23:09 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 25 Jan 2016 23:23:09 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id CBC768004F for ; Mon, 25 Jan 2016 23:23:08 +0200 (EET) Received: (qmail 1034 invoked from network); 25 Jan 2016 23:23:08 +0200 Received: from 86-121-135-66.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@86.121.135.66) by smtp03.buh.bitdefender.org with SMTP; 25 Jan 2016 23:23:08 +0200 To: "Lengyel, Tamas" , Lars Kurth References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <56A6923D.5000302@bitdefender.com> Date: Mon, 25 Jan 2016 23:23:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64298 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 413249, Stamp: 3], Multi: [Enabled, t: (0.000007,0.001783)], BW: [Enabled, t: (0.000006,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.002060), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.008586)], URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.017719), Hit: No, Details: v2.3.2; Id: 2m1ghaj.1a9kmb0m0.1kv2m], total: 0(775) X-BitDefender-CF-Stamp: none Cc: =?UTF-8?Q?Mihai_Don=c8=9bu?= , publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/25/2016 10:51 PM, Lengyel, Tamas wrote: > This solution, while supported in Xen, is not particularly ideal either > as Xen's emulator is incomplete and is known to have issues that can > lead to guest instability [2]. Furthermore, over the years emulation has > been a hotbed of various security issues in many hypervisors (including > Xen [3]), thus building security tools based on emulation is simply > asking for trouble. It can be handy but should be used only when no > other option is available. I still don't feel that building security tools based on emulation is asking for trouble, for obvious reasons. :) And I think it can be argued that link [2], pointing to a message posted on xen-devel, does not prove that the emulator is particularly problematic, but rather that a problem exists with a corner case (as my reply to that message tries to point out). Furthermore, as discussed with Tamas in private today, altp2m tests I've written today crash my guest no less than Tamas' emulator code, in a similarly obscure manner. I'm just wondering if altp2m, which is certainly very interesting and valuable, could not be presented more based on it's intrinsic uniqueness and strengths, rather than in battle with alternatives to be defeated, though of course it's not my article to write or my decision to make, and I respect everyone's opinion. Thank you, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 25 21:23:14 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 21:23:14 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNobR-0001oT-S1; Mon, 25 Jan 2016 21:23:13 +0000 Received: from mail6.bemta14.messagelabs.com ([193.109.254.103]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNobQ-0001oL-Lo for publicity@lists.xenproject.org; Mon, 25 Jan 2016 21:23:12 +0000 Received: from [193.109.254.147] by server-7.bemta-14.messagelabs.com id 6B/0D-28221-04296A65; Mon, 25 Jan 2016 21:23:12 +0000 X-Env-Sender: rcojocaru@bitdefender.com X-Msg-Ref: server-7.tower-27.messagelabs.com!1453756990!19309697!1 X-Originating-IP: [91.199.104.161] X-SpamReason: No, hits=0.0 required=7.0 tests= X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 25830 invoked from network); 25 Jan 2016 21:23:11 -0000 Received: from mx01.buh.bitdefender.com (HELO mx01.buh.bitdefender.com) (91.199.104.161) by server-7.tower-27.messagelabs.com with DHE-RSA-AES256-GCM-SHA384 encrypted SMTP; 25 Jan 2016 21:23:11 -0000 Comment: DomainKeys? See http://domainkeys.sourceforge.net/ DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws; s=default; d=bitdefender.com; b=nCKYKGYUcAkQ6cl0t4nAFLrp/THonbTS5zmHKuXqkreE09McL5LGelefqAS+YRlnFD7LZ55SSmx+52LV3Lm3S6qLMn1KVLIQ8G9ErRJ8Rh+b934A3LiGfEO/MCR6RFu7sz9o0uURdkuocaNv29DKJz+UEbkXWfPpBQ5iOgzTEX9WqMeguC2PS3GvfAxspdjfVw9FNGhser+KktktBqYIUJrecin26pZVo+SE2SPLQhQK1nEl58Yik89kVwU+IBzqYrXe0j9tsK+A8ZaEQRwsCN81E1XDivH/u+nf0B77I+MWJPmZwKhe77e4kOHxGBzaJG0ESVe7iITNu0IhR1jlYA==; h=Received:Received:Received:Received:Received:Subject:To:References:Cc:From:X-Enigmail-Draft-Status:Message-ID:Date:User-Agent:MIME-Version:In-Reply-To:Content-Type:Content-Transfer-Encoding:X-BitDefender-Scanner:X-BitDefender-Spam:X-BitDefender-SpamStamp:X-BitDefender-CF-Stamp; DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=bitdefender.com; h=subject :to:references:cc:from:message-id:date:mime-version:in-reply-to :content-type:content-transfer-encoding; s=default; bh=11tamZ5xS wqscQ3Vpt5+L12vPe8=; b=qyyAl5URYjGB5IS5+sW6JN14TsFlGloWNMig+TnCa yuHt5ByeA6fsG2HZItpcm3kMxYPN5nhoLzcF5bzVxj+OmjJs2uF9S8pVlqgKDSBs up3f2+6BeOF7O5Y6mQ+vtSl70hgR1lS3TNz48zf6/lqAiG/+FrZ2M1TDkosBTlVg cE28mU1oncSPVdM9Fh34i5N5e1YNr/LWryguKdKisKtFeU1fkHbz4xK4Ucl5CB1f d9nnvmFQNVXyyKMiVM7t8F+k4Au9N8stx12VDi0vRZw3GUUYuKu3vtpvntevdl5l CL7DlJV1d7l6bN92LawJ+2tQXKxT+6tX6XBUVwYp9MX9w== Received: (qmail 23615 invoked from network); 25 Jan 2016 23:23:09 +0200 Received: from unknown (HELO mx-sr.buh.bitdefender.com) (10.17.80.103) by mx01.buh.bitdefender.com with AES256-GCM-SHA384 encrypted SMTP; 25 Jan 2016 23:23:09 +0200 Received: from smtp03.buh.bitdefender.org (unknown [10.17.80.77]) by mx-sr.buh.bitdefender.com (Postfix) with ESMTP id CBC768004F for ; Mon, 25 Jan 2016 23:23:08 +0200 (EET) Received: (qmail 1034 invoked from network); 25 Jan 2016 23:23:08 +0200 Received: from 86-121-135-66.rdsnet.ro (HELO ?192.168.228.128?) (rcojocaru@bitdefender.com@86.121.135.66) by smtp03.buh.bitdefender.org with SMTP; 25 Jan 2016 23:23:08 +0200 To: "Lengyel, Tamas" , Lars Kurth References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> From: Razvan Cojocaru X-Enigmail-Draft-Status: N1110 Message-ID: <56A6923D.5000302@bitdefender.com> Date: Mon, 25 Jan 2016 23:23:09 +0200 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:38.0) Gecko/20100101 Thunderbird/38.5.1 MIME-Version: 1.0 In-Reply-To: X-BitDefender-Scanner: Clean, Agent: BitDefender qmail 3.1.4 on smtp03.buh.bitdefender.org, sigver: 7.64298 X-BitDefender-Spam: No (0) X-BitDefender-SpamStamp: Build: [Engines: 2.15.6.743, Dats: 413249, Stamp: 3], Multi: [Enabled, t: (0.000007,0.001783)], BW: [Enabled, t: (0.000006,0.000001)], RBL DNSBL: [Disabled], APM: [Enabled, Score: 500, t: (0.002060), Flags: 2A917CE3; NN_LEGIT_VALID_REPLY; NN_NO_LINK_NMD; NN_LEGIT_BITDEFENDER; NN_LEGIT_S_SQARE_BRACKETS], SGN: [Enabled, t: (0.008586)], URL: [Enabled, t: (0.000005)], RTDA: [Enabled, t: (0.017719), Hit: No, Details: v2.3.2; Id: 2m1ghaj.1a9kmb0m0.1kv2m], total: 0(775) X-BitDefender-CF-Stamp: none Cc: =?UTF-8?Q?Mihai_Don=c8=9bu?= , publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org On 01/25/2016 10:51 PM, Lengyel, Tamas wrote: > This solution, while supported in Xen, is not particularly ideal either > as Xen's emulator is incomplete and is known to have issues that can > lead to guest instability [2]. Furthermore, over the years emulation has > been a hotbed of various security issues in many hypervisors (including > Xen [3]), thus building security tools based on emulation is simply > asking for trouble. It can be handy but should be used only when no > other option is available. I still don't feel that building security tools based on emulation is asking for trouble, for obvious reasons. :) And I think it can be argued that link [2], pointing to a message posted on xen-devel, does not prove that the emulator is particularly problematic, but rather that a problem exists with a corner case (as my reply to that message tries to point out). Furthermore, as discussed with Tamas in private today, altp2m tests I've written today crash my guest no less than Tamas' emulator code, in a similarly obscure manner. I'm just wondering if altp2m, which is certainly very interesting and valuable, could not be presented more based on it's intrinsic uniqueness and strengths, rather than in battle with alternatives to be defeated, though of course it's not my article to write or my decision to make, and I respect everyone's opinion. Thank you, Razvan _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity From publicity-bounces@lists.xenproject.org Mon Jan 25 22:06:10 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 22:06:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNpH0-0004Ut-Cn; Mon, 25 Jan 2016 22:06:10 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNpGy-0004UT-Up for publicity@lists.xenproject.org; Mon, 25 Jan 2016 22:06:09 +0000 Received: from [85.158.143.35] by server-3.bemta-4.messagelabs.com id 7E/BF-31122-05C96A65; Mon, 25 Jan 2016 22:06:08 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-11.tower-21.messagelabs.com!1453759566!12040727!1 X-Originating-IP: [209.85.213.53] X-SpamReason: No, hits=1.7 required=7.0 tests=BODY_RANDOM_LONG, HTML_20_30,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3367 invoked from network); 25 Jan 2016 22:06:07 -0000 Received: from mail-vk0-f53.google.com (HELO mail-vk0-f53.google.com) (209.85.213.53) by server-11.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 25 Jan 2016 22:06:07 -0000 Received: by mail-vk0-f53.google.com with SMTP id e64so82661291vkg.0 for ; Mon, 25 Jan 2016 14:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/YPvmSXIV9MA48TW+Y1f8GDu/BhcA8sTCa4tHRS/9mY=; b=yCx9JE8ygdADCW4luh+hz3+U+DEyYv3T904P+z9Lpf8s+g0o+bSUoFujCaolvRZDI+ 66XS2//kZBZl6/KIRmk5LD97PKrIe+i2Tc9XqE1TmxNn17OfHWUxDBGDg3XEs/DlNsAA uKws5NrFUrbfXNab0jIC/bvTJeWT6KuPJNnjXqJM5xSYr10x4GvvsKXSIPFJbyib4HVQ atIiZZ6oJ4vL3wB2f2JJAcP7vAYILwTf9tW0m0D+cuAfe4ukuSkWkuScV8S0V0s/hIpO Uq+2O28+W+OPmAJ4Pvlb+j4U3+F0SaU+kHEF1zEngtbpanPltrHzOWySM3qtr9hLUQwq 03Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=/YPvmSXIV9MA48TW+Y1f8GDu/BhcA8sTCa4tHRS/9mY=; b=abyxLzyJ2bsjB+rd8qwVsTcljS4rAnk/ip19uTLF2qU5QEUmbFxwWxHIb2PMMb4dxP HbA73t7cbKn1gHfEkVgpSFW1ZTX5cUd/rrQ1cZlex1Spj731qfZr/E/e1iYdt4VFp1oW ChESVlDwiavRWIsxTAFP2/gzu3m1m7kKlVcLJ21v+7zgVlVNkPZL6MAMtL5W8FFAgTod DvFEcRFcDVinJHwUvUQP7N081xofw4pgsw/NXf1DpHp0MbIhp9IGc1r9Rnau91SO4aqo HoPGr1uwBUYuIgivF2MRLiP9Z6ijtNa1+OyVHq1DHiH7ZbXP2Q35WLRlhABZ4xuN7hJA P0ag== X-Gm-Message-State: AG10YORy1Hfkx+kJBWCdbsHtIjJTeRBT6YHDgRCYgFo33F6q+7DCRYeaoI3UmbuEB2lnlwzjGfmd6K49xT6hEp0t X-Received: by 10.31.54.134 with SMTP id d128mr10886530vka.26.1453759565812; Mon, 25 Jan 2016 14:06:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 25 Jan 2016 14:05:46 -0800 (PST) In-Reply-To: <56A6923D.5000302@bitdefender.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> <56A6923D.5000302@bitdefender.com> From: "Lengyel, Tamas" Date: Mon, 25 Jan 2016 15:05:46 -0700 Message-ID: To: Razvan Cojocaru Cc: Lars Kurth , =?UTF-8?B?TWloYWkgRG9uyJt1?= , publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2010159919719152063==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============2010159919719152063== Content-Type: multipart/alternative; boundary=001a11438ee88273e9052a2fc640 --001a11438ee88273e9052a2fc640 Content-Type: text/plain; charset=UTF-8 On Mon, Jan 25, 2016 at 2:23 PM, Razvan Cojocaru wrote: > On 01/25/2016 10:51 PM, Lengyel, Tamas wrote: > > This solution, while supported in Xen, is not particularly ideal either > > as Xen's emulator is incomplete and is known to have issues that can > > lead to guest instability [2]. Furthermore, over the years emulation has > > been a hotbed of various security issues in many hypervisors (including > > Xen [3]), thus building security tools based on emulation is simply > > asking for trouble. It can be handy but should be used only when no > > other option is available. > > I still don't feel that building security tools based on emulation is > asking for trouble, for obvious reasons. :) > > And I think it can be argued that link [2], pointing to a message posted > on xen-devel, does not prove that the emulator is particularly > problematic, but rather that a problem exists with a corner case (as my > reply to that message tries to point out). Furthermore, as discussed > with Tamas in private today, altp2m tests I've written today crash my > guest no less than Tamas' emulator code, in a similarly obscure manner. > > I'm just wondering if altp2m, which is certainly very interesting and > valuable, could not be presented more based on it's intrinsic uniqueness > and strengths, rather than in battle with alternatives to be defeated, > though of course it's not my article to write or my decision to make, > and I respect everyone's opinion. > For a blog entry having that much opinion I think is fine. I admit I do have a strong opinion against using emulating with the track record it had for security purposes. Even if there were no hard evidence against it being problematic right now, I would at least be cautious about it. I do point out that It certainly has value when there is no alternative available. Flexibility with Xen is what's so great, you have options available if you don't agree with me ;) Tamas --001a11438ee88273e9052a2fc640 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Mon, Jan 25, 2016 at 2:23 PM, Razvan Cojocaru <= rcojocaru@bi= tdefender.com> wrote:
On 01/25/2016 10:51 PM, Lengyel, Tamas wrote:
> This solution, while supported in Xen, is not particularly ideal eithe= r
> as Xen's emulator is incomplete and is known to have issues that c= an
> lead to guest instability [2]. Furthermore, over the years emulation h= as
> been a hotbed of various security issues in many hypervisors (includin= g
> Xen [3]), thus building security tools based on emulation is simply > asking for trouble. It can be handy but should be used only when no > other option is available.

I still don't feel that building security tools based on emulati= on is
asking for trouble, for obvious reasons. :)

And I think it can be argued that link [2], pointing to a message posted on xen-devel, does not prove that the emulator is particularly
problematic, but rather that a problem exists with a corner case (as my
reply to that message tries to point out). Furthermore, as discussed
with Tamas in private today, altp2m tests I've written today crash my guest no less than Tamas' emulator code, in a similarly obscure manner.=

I'm just wondering if altp2m, which is certainly very interesting and valuable, could not be presented more based on it's intrinsic uniquenes= s
and strengths, rather than in battle with alternatives to be defeated,
though of course it's not my article to write or my decision to make, and I respect everyone's opinion.

For a = blog entry having that much opinion I think is fine. I admit I do have a st= rong opinion against using emulating with the track record it had for secur= ity purposes. Even if there were no hard evidence against it being problema= tic right now, I would at least be cautious about it. I do point out that I= t certainly has value when there is no alternative available. Flexibility w= ith Xen is what's so great, you have options available if you don't= agree with me ;)

Tamas
--001a11438ee88273e9052a2fc640-- --===============2010159919719152063== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============2010159919719152063==-- From publicity-bounces@lists.xenproject.org Mon Jan 25 22:06:10 2016 Return-path: Envelope-to: archives@lists.xenproject.org Delivery-date: Mon, 25 Jan 2016 22:06:10 +0000 Received: from localhost ([127.0.0.1] helo=lists.xen.org) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNpH0-0004Ut-Cn; Mon, 25 Jan 2016 22:06:10 +0000 Received: from mail6.bemta4.messagelabs.com ([85.158.143.247]) by lists.xen.org with esmtp (Exim 4.72) (envelope-from ) id 1aNpGy-0004UT-Up for publicity@lists.xenproject.org; Mon, 25 Jan 2016 22:06:09 +0000 Received: from [85.158.143.35] by server-3.bemta-4.messagelabs.com id 7E/BF-31122-05C96A65; Mon, 25 Jan 2016 22:06:08 +0000 X-Env-Sender: tlengyel@novetta.com X-Msg-Ref: server-11.tower-21.messagelabs.com!1453759566!12040727!1 X-Originating-IP: [209.85.213.53] X-SpamReason: No, hits=1.7 required=7.0 tests=BODY_RANDOM_LONG, HTML_20_30,HTML_MESSAGE,RCVD_BY_IP X-StarScan-Received: X-StarScan-Version: 7.35.1; banners=-,-,- X-VirusChecked: Checked Received: (qmail 3367 invoked from network); 25 Jan 2016 22:06:07 -0000 Received: from mail-vk0-f53.google.com (HELO mail-vk0-f53.google.com) (209.85.213.53) by server-11.tower-21.messagelabs.com with AES128-GCM-SHA256 encrypted SMTP; 25 Jan 2016 22:06:07 -0000 Received: by mail-vk0-f53.google.com with SMTP id e64so82661291vkg.0 for ; Mon, 25 Jan 2016 14:06:07 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=novetta-com.20150623.gappssmtp.com; s=20150623; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; bh=/YPvmSXIV9MA48TW+Y1f8GDu/BhcA8sTCa4tHRS/9mY=; b=yCx9JE8ygdADCW4luh+hz3+U+DEyYv3T904P+z9Lpf8s+g0o+bSUoFujCaolvRZDI+ 66XS2//kZBZl6/KIRmk5LD97PKrIe+i2Tc9XqE1TmxNn17OfHWUxDBGDg3XEs/DlNsAA uKws5NrFUrbfXNab0jIC/bvTJeWT6KuPJNnjXqJM5xSYr10x4GvvsKXSIPFJbyib4HVQ atIiZZ6oJ4vL3wB2f2JJAcP7vAYILwTf9tW0m0D+cuAfe4ukuSkWkuScV8S0V0s/hIpO Uq+2O28+W+OPmAJ4Pvlb+j4U3+F0SaU+kHEF1zEngtbpanPltrHzOWySM3qtr9hLUQwq 03Eg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:in-reply-to:references:from:date :message-id:subject:to:cc:content-type; bh=/YPvmSXIV9MA48TW+Y1f8GDu/BhcA8sTCa4tHRS/9mY=; b=abyxLzyJ2bsjB+rd8qwVsTcljS4rAnk/ip19uTLF2qU5QEUmbFxwWxHIb2PMMb4dxP HbA73t7cbKn1gHfEkVgpSFW1ZTX5cUd/rrQ1cZlex1Spj731qfZr/E/e1iYdt4VFp1oW ChESVlDwiavRWIsxTAFP2/gzu3m1m7kKlVcLJ21v+7zgVlVNkPZL6MAMtL5W8FFAgTod DvFEcRFcDVinJHwUvUQP7N081xofw4pgsw/NXf1DpHp0MbIhp9IGc1r9Rnau91SO4aqo HoPGr1uwBUYuIgivF2MRLiP9Z6ijtNa1+OyVHq1DHiH7ZbXP2Q35WLRlhABZ4xuN7hJA P0ag== X-Gm-Message-State: AG10YORy1Hfkx+kJBWCdbsHtIjJTeRBT6YHDgRCYgFo33F6q+7DCRYeaoI3UmbuEB2lnlwzjGfmd6K49xT6hEp0t X-Received: by 10.31.54.134 with SMTP id d128mr10886530vka.26.1453759565812; Mon, 25 Jan 2016 14:06:05 -0800 (PST) MIME-Version: 1.0 Received: by 10.103.40.130 with HTTP; Mon, 25 Jan 2016 14:05:46 -0800 (PST) In-Reply-To: <56A6923D.5000302@bitdefender.com> References: <568AA198.8000308@bitdefender.com> <568ACF08.1070905@bitdefender.com> <90C49EB6-4611-43F5-BD9A-82CBD5BCA300@gmail.com> <506C6432-96D8-480A-9740-C422C2D6789E@gmail.com> <56A6923D.5000302@bitdefender.com> From: "Lengyel, Tamas" Date: Mon, 25 Jan 2016 15:05:46 -0700 Message-ID: To: Razvan Cojocaru Cc: Lars Kurth , =?UTF-8?B?TWloYWkgRG9uyJt1?= , publicity@lists.xenproject.org Subject: Re: [Publicity] Stealthy monitoring with Xen altp2m X-BeenThere: publicity@lists.xenproject.org X-Mailman-Version: 2.1.13 Precedence: list List-Id: "List for Xen Publicity, PR and events" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Content-Type: multipart/mixed; boundary="===============2010159919719152063==" Sender: publicity-bounces@lists.xenproject.org Errors-To: publicity-bounces@lists.xenproject.org --===============2010159919719152063== Content-Type: multipart/alternative; boundary=001a11438ee88273e9052a2fc640 --001a11438ee88273e9052a2fc640 Content-Type: text/plain; charset=UTF-8 On Mon, Jan 25, 2016 at 2:23 PM, Razvan Cojocaru wrote: > On 01/25/2016 10:51 PM, Lengyel, Tamas wrote: > > This solution, while supported in Xen, is not particularly ideal either > > as Xen's emulator is incomplete and is known to have issues that can > > lead to guest instability [2]. Furthermore, over the years emulation has > > been a hotbed of various security issues in many hypervisors (including > > Xen [3]), thus building security tools based on emulation is simply > > asking for trouble. It can be handy but should be used only when no > > other option is available. > > I still don't feel that building security tools based on emulation is > asking for trouble, for obvious reasons. :) > > And I think it can be argued that link [2], pointing to a message posted > on xen-devel, does not prove that the emulator is particularly > problematic, but rather that a problem exists with a corner case (as my > reply to that message tries to point out). Furthermore, as discussed > with Tamas in private today, altp2m tests I've written today crash my > guest no less than Tamas' emulator code, in a similarly obscure manner. > > I'm just wondering if altp2m, which is certainly very interesting and > valuable, could not be presented more based on it's intrinsic uniqueness > and strengths, rather than in battle with alternatives to be defeated, > though of course it's not my article to write or my decision to make, > and I respect everyone's opinion. > For a blog entry having that much opinion I think is fine. I admit I do have a strong opinion against using emulating with the track record it had for security purposes. Even if there were no hard evidence against it being problematic right now, I would at least be cautious about it. I do point out that It certainly has value when there is no alternative available. Flexibility with Xen is what's so great, you have options available if you don't agree with me ;) Tamas --001a11438ee88273e9052a2fc640 Content-Type: text/html; charset=UTF-8 Content-Transfer-Encoding: quoted-printable


On Mon, Jan 25, 2016 at 2:23 PM, Razvan Cojocaru <= rcojocaru@bi= tdefender.com> wrote:
On 01/25/2016 10:51 PM, Lengyel, Tamas wrote:
> This solution, while supported in Xen, is not particularly ideal eithe= r
> as Xen's emulator is incomplete and is known to have issues that c= an
> lead to guest instability [2]. Furthermore, over the years emulation h= as
> been a hotbed of various security issues in many hypervisors (includin= g
> Xen [3]), thus building security tools based on emulation is simply > asking for trouble. It can be handy but should be used only when no > other option is available.

I still don't feel that building security tools based on emulati= on is
asking for trouble, for obvious reasons. :)

And I think it can be argued that link [2], pointing to a message posted on xen-devel, does not prove that the emulator is particularly
problematic, but rather that a problem exists with a corner case (as my
reply to that message tries to point out). Furthermore, as discussed
with Tamas in private today, altp2m tests I've written today crash my guest no less than Tamas' emulator code, in a similarly obscure manner.=

I'm just wondering if altp2m, which is certainly very interesting and valuable, could not be presented more based on it's intrinsic uniquenes= s
and strengths, rather than in battle with alternatives to be defeated,
though of course it's not my article to write or my decision to make, and I respect everyone's opinion.

For a = blog entry having that much opinion I think is fine. I admit I do have a st= rong opinion against using emulating with the track record it had for secur= ity purposes. Even if there were no hard evidence against it being problema= tic right now, I would at least be cautious about it. I do point out that I= t certainly has value when there is no alternative available. Flexibility w= ith Xen is what's so great, you have options available if you don't= agree with me ;)

Tamas
--001a11438ee88273e9052a2fc640-- --===============2010159919719152063== Content-Type: text/plain; charset="us-ascii" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Disposition: inline _______________________________________________ Publicity mailing list Publicity@lists.xenproject.org http://lists.xenproject.org/cgi-bin/mailman/listinfo/publicity --===============2010159919719152063==--