From 94488704617aa6c1826e09184c8d4733c0f15b8d Mon Sep 17 00:00:00 2001
From: Nick Woolmer <29717167+nwoolmer@users.noreply.github.com>
Date: Fri, 29 Nov 2024 15:58:19 +0000
Subject: [PATCH 1/6] clarify DEDUP sorting behaviour (#87)
@goodroot Perhaps this should be a section with a heading and not a
note? It ended up larger than expected.
---
documentation/concept/deduplication.md | 23 +++++++++++++++++++++++
1 file changed, 23 insertions(+)
diff --git a/documentation/concept/deduplication.md b/documentation/concept/deduplication.md
index d35fad91..e26fd49b 100644
--- a/documentation/concept/deduplication.md
+++ b/documentation/concept/deduplication.md
@@ -42,6 +42,29 @@ precisely, deduplicating the data based on the device ID can be expensive.
However, in cases where CPU metrics are sent at random and typically have unique
timestamps, the cost of deduplication is negligible.
+:::note
+
+The on-disk ordering of rows with duplicate timestamps differs when deduplication is enabled.
+
+- Without deduplication:
+ - the insertion order of each row will be preserved for rows with the same timestamp
+- With deduplication:
+ - the rows will be stored in order sorted by the `DEDUP UPSERT` keys, with the same timestamp
+
+For example:
+
+```questdb-sql
+DEDUP UPSERT keys(timestamp, symbol, price)
+
+-- will be stored on-disk in an order like:
+
+ORDER BY timestamp, symbol, price
+```
+
+This is the natural order of data returned in plain queries, without any grouping, filtering or ordering. The SQL standard does not guarantee the ordering of result sets without explicit `ORDER BY` clauses.
+
+:::
+
## Configuration
Create a WAL-enabled table with deduplication using
From 73d403a1be5f31fc97655f92ad8e7d14a18a7f13 Mon Sep 17 00:00:00 2001
From: goodroot <9484709+goodroot@users.noreply.github.com>
Date: Fri, 29 Nov 2024 08:20:27 -0800
Subject: [PATCH 2/6] Bump to questdb/sql-grammar to 1.1.0 (#88)
---
package.json | 2 +-
yarn.lock | 8 ++++----
2 files changed, 5 insertions(+), 5 deletions(-)
diff --git a/package.json b/package.json
index 4576cfbf..9017a7b4 100644
--- a/package.json
+++ b/package.json
@@ -16,7 +16,7 @@
"@headlessui/react": "^2.2.0",
"@heroicons/react": "2.2.0",
"@mdx-js/react": "3.1.0",
- "@questdb/sql-grammar": "1.0.15",
+ "@questdb/sql-grammar": "1.1.0",
"@radix-ui/react-dialog": "1.1.2",
"@radix-ui/react-hover-card": "1.1.2",
"@radix-ui/react-slider": "1.2.1",
diff --git a/yarn.lock b/yarn.lock
index ea8aee97..bc37adcc 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -2477,10 +2477,10 @@
resolved "https://registry.yarnpkg.com/@polka/url/-/url-1.0.0-next.28.tgz#d45e01c4a56f143ee69c54dd6b12eade9e270a73"
integrity sha512-8LduaNlMZGwdZ6qWrKlfa+2M4gahzFkprZiAt2TF8uS0qQgBizKXpXURqvTJ4WtmupWxaLqjRb2UCTe72mu+Aw==
-"@questdb/sql-grammar@1.0.15":
- version "1.0.15"
- resolved "https://registry.yarnpkg.com/@questdb/sql-grammar/-/sql-grammar-1.0.15.tgz#a4b7ba0b8a100e29aeb33535b884b6186e17c8f2"
- integrity sha512-xduurxIv/cQgx3aHMIU1RYwyN1IBArZ2IUiVqAcoGwhVwmdmlDZkcYq5hkXnamvCFDu+Vzsg182xr+B/gpHbkw==
+"@questdb/sql-grammar@1.1.0":
+ version "1.1.0"
+ resolved "https://registry.yarnpkg.com/@questdb/sql-grammar/-/sql-grammar-1.1.0.tgz#75b46a86c21fe792cce8bd28950f5871085d3bdb"
+ integrity sha512-O4tD5PAMC/aV0qzNJ2QbDo6gWO71DqzEnp+EgxYei5PM01x3lAUm7+JhyMlQixoIHvo1i641F8GIjO0ErRTXfw==
"@radix-ui/number@1.1.0":
version "1.1.0"
From c22b533058a3cf7194b09a8eed0d5f6cf3e30604 Mon Sep 17 00:00:00 2001
From: glasstiger <94906625+glasstiger@users.noreply.github.com>
Date: Mon, 2 Dec 2024 16:59:06 +0000
Subject: [PATCH 3/6] Entra ID OIDC integration guide (#90)
Entra ID OIDC integration guide
---------
Co-authored-by: goodroot <9484709+goodroot@users.noreply.github.com>
---
.../guides/microsoft-entraid-oidc.md | 274 ++++++++++++++++++
documentation/sidebars.js | 8 +-
.../active-directory-entraid/10_overview.webp | Bin 0 -> 46182 bytes
.../1_app_registration.webp | Bin 0 -> 33668 bytes
.../2_spa_redirect_uri.webp | Bin 0 -> 44458 bytes
.../3_application_id.webp | Bin 0 -> 57874 bytes
.../active-directory-entraid/4_cors_pkce.webp | Bin 0 -> 49870 bytes
.../active-directory-entraid/5_ropc.webp | Bin 0 -> 46692 bytes
.../6_token_customization.webp | Bin 0 -> 46666 bytes
.../7_API_permissions.webp | Bin 0 -> 41788 bytes
.../8_add_openid_permissions.webp | Bin 0 -> 40008 bytes
.../9_permissions_final.webp | Bin 0 -> 43212 bytes
12 files changed, 281 insertions(+), 1 deletion(-)
create mode 100644 documentation/guides/microsoft-entraid-oidc.md
create mode 100644 static/images/guides/active-directory-entraid/10_overview.webp
create mode 100644 static/images/guides/active-directory-entraid/1_app_registration.webp
create mode 100644 static/images/guides/active-directory-entraid/2_spa_redirect_uri.webp
create mode 100644 static/images/guides/active-directory-entraid/3_application_id.webp
create mode 100644 static/images/guides/active-directory-entraid/4_cors_pkce.webp
create mode 100644 static/images/guides/active-directory-entraid/5_ropc.webp
create mode 100644 static/images/guides/active-directory-entraid/6_token_customization.webp
create mode 100644 static/images/guides/active-directory-entraid/7_API_permissions.webp
create mode 100644 static/images/guides/active-directory-entraid/8_add_openid_permissions.webp
create mode 100644 static/images/guides/active-directory-entraid/9_permissions_final.webp
diff --git a/documentation/guides/microsoft-entraid-oidc.md b/documentation/guides/microsoft-entraid-oidc.md
new file mode 100644
index 00000000..10107862
--- /dev/null
+++ b/documentation/guides/microsoft-entraid-oidc.md
@@ -0,0 +1,274 @@
+---
+title: Microsoft EntraID OIDC guide
+description: "QuestDB Enterprise guide to demonstrate Microsoft EntraID OpenID Connect."
+---
+
+import Screenshot from "@theme/Screenshot"
+
+This document sets up SSO authentication for the [QuestDB Web Console](/docs/web-console/) in
+[Microsoft EntraID](https://www.microsoft.com/en-gb/security/business/identity-access/microsoft-entra-id), formerly known as Azure AD.
+
+For a general introduction to OpenID Connect and QuestDB, see the
+[OIDC Operations page](/docs/operations/openid-connect-oidc-integration/).
+
+:::tip
+
+To enlarge the images, click or tap them.
+
+:::
+## Set up the client application in Entra ID
+
+First thing first, let's pick a name for the client!
+
+Then head to _Microsoft Entra Admin Center_, and register the application
+under _Identity - App registrations - New registration_.
+
+
+
+The QuestDB [Web Console](/docs/web-console/) is a SPA (Single Page App).
+
+As a result, it cannot store safely a client secret.
+
+Instead, it can use PKCE (Proof Key for Code Exchange) to secure the flow.
+
+When registering the application, select the SPA platform.
+
+We also have to specify the URL of the [Web Console](/docs/web-console/) as Redirect URI.
+
+
+
+After clicking _Register_, we have created a client application with the
+name _QuestDB_.
+
+Each application is assigned a unique id (known as Client ID in the
+OAuth2 - OIDC standard). The client will identify itself with this id
+when sending requests to Entra ID.
+
+
+
+We find the platform configurations under _Authentication_. This is the place where
+the previously set redirect URI can be viewed and modified. We can also specify
+additional redirect URIs, if necessary.
+
+The redirect URIs of the application are automatically eligible for the
+_Authorization Code Flow with PKCE_, which is a special version of the OAuth2 standard's
+Authorization Code Flow. It is specifically designed for applications where a client
+secret (e.g. a password) could not be kept safely. As single page applications run in
+the browser, they fall into this category.
+
+The redirect URIs are also added to the _CORS_ (Cross-Origin Resource Sharing) policy
+of EntraID. CORS is a mechanism to allow a web page, such as the Web Console, to access
+resources from a different domain than the one that served the page. In this context
+this means that we let the Web Console to access Entra ID, while its origin is the
+HTTP endpoint of QuestDB.
+
+
+
+If we scroll down to the bottom of this page, we can also find a section where we
+can enable the _Resource Owner Password Credential Flow_.
+
+This OAuth2 flow is legacy, and should be enabled only if there is a requirement
+of connecting to QuestDB using SSO (Single Sign-On) via clients not supporting
+redirect based web flows.
+This could mean a Postgres client without OAuth2 integration, such as _psql_, or
+a standalone in-house client application, or could be just a jupyter notebook.
+
+The main issue with this flow is that the client application has to be trusted
+with the user's login details. The user's credentials are passed to the
+application, in this case to QuestDB, and the client application uses these
+credentials to authenticate the user by forwarding them to the identity provider,
+in this case to Entra ID.
+
+It is guaranteed that QuestDB does not store the user's credentials in any way.
+They are not persisted into the database, not even in encrypted form.
+The login details are treated as passthrough information. Only exception is
+that server logs can contain the username, logged for audit purposes.
+
+
+
+Our next stop is the _Token configuration_, where the OAuth2/OIDC access and ID
+tokens can be customized.
+
+Note that users can be authenticated without customized tokens, but authorization
+would prove to be challenging. The user's security groups are not included
+in the tokens by default.
+
+QuestDB can be configured to request the user's groups from the UserInfo
+endpoint of the OAuth2 server, but Entra ID cannot be configured to provide
+this information via the UserInfo endpoint.
+Therefore, we choose to customize the tokens, QuestDB will decode and
+validate the ID token, and take the group information from there.
+
+QuestDB authorization relies on receiving the group memberships of the user.
+Entra ID groups should be mapped to QuestDB groups, and permissions can be
+granted to the QuestDB groups. Detailed information about group mappings can
+be found in the [OIDC integration](/docs/operations/openid-connect-oidc-integration/#user-permissions)
+documentation.
+
+
+
+The customized tokens contain user information which cannot be accessed
+without permission. User information is provided by Microsoft Graph, so
+the client application needs specific permissions to access
+Microsoft Graph APIs.
+
+These permissions can be configured under _API permissions_. It is important
+to note that we will be setting _Delegated_ permissions here, meaning we
+are not granting actual permissions to access user data. Instead, each user
+logging into QuestDB will have to consent to accessing their user profile.
+
+
+
+By default, the _User.Read_ permission is added to the list, but what we
+really need is:
+ - openid: to be able to issue ID tokens
+ - profile: to access user information
+ - offline_access: to be able to issue refresh tokens
+
+By clicking on _Microsoft Graph_ we can select and add these permissions.
+
+
+
+The _User.Read_ permission is not needed. It can be removed by clicking
+on the `...` at the end of the row, and selecting _Remove permission_ from
+the popup menu.
+
+
+
+With this we have finished setting up the QuestDB client application
+in Entra ID, and now we can wire QuestDB and Entra ID together by
+adding OIDC configuration to QuestDB.
+
+## QuestDB configuration
+
+The below should be set in QuestDB's `server.conf`:
+
+```shell
+# enable OIDC
+acl.oidc.enabled=true
+
+# the claim contains the username or user id
+acl.oidc.sub.claim=name
+
+# the claim contains the user's group memberships
+acl.oidc.groups.claim=groups
+
+# groups are encoded in the token
+acl.oidc.groups.encoded.in.token=true
+
+# OIDC configuration endpoint of Entra ID
+acl.oidc.configuration.url=https://login.microsoftonline.com/12345678-1234-1234-1234-123456789abc/v2.0/.well-known/openid-configuration
+
+# application ID taken from Entra ID
+acl.oidc.client.id=8de84b90-1ea5-4e41-9e84-dba860aa01a6
+
+# redirect URI, QuestDB's HTTP endpoint
+acl.oidc.redirect.uri=http://localhost:9000
+
+# OAuth scopes the user has to consent to
+acl.oidc.scope=openid profile offline_access
+
+# enable ROPC flow
+# optional, required only if ROPC is enabled in Entra ID
+acl.oidc.ropc.flow.enabled=true
+```
+
+The application ID and the OIDC configuration endpoint's URL can be found
+in the Overview of the application in Entra ID.
+
+The application ID is displayed right under the application's name, the
+OIDC configuration endpoint is displayed on the panel which opens up when
+the _Endpoints_ button is clicked.
+
+
+
+## Map groups and grant permissions
+
+Now we can start QuestDB, and login with the built-in admin to create
+group mappings.
+
+As mentioned earlier, authorization works by mapping Entra ID groups
+to QuestDB groups. When the user logs in, QuestDB decodes Entra ID
+group memberships from the token, then finds the QuestDB groups
+mapped to them, and the user gets the permissions based on the
+mapped groups.
+
+```questdb-sql title="Create a group which is mapped to an Entra ID group"
+CREATE GROUP extUsers WITH EXTERNAL ALIAS '87654321-1234-1234-1234-123456789abc';
+```
+The above command maps the Entra ID group identified by object
+id `87654321-1234-1234-1234-123456789abc` to a QuestDB group called `extUsers`.
+
+We should grant the necessary QuestDB endpoint permissions first
+to make sure users can access the Web Console, Postgres and ILP
+interfaces as required. [Read more about endpoint permissions](/docs/operations/rbac/#endpoint-permissions).
+
+```questdb-sql title="Grant endpoint permissions"
+GRANT HTTP, PGWIRE TO groupName;
+```
+
+Now we can grant the rest of the permissions as required. We can
+grant access to tables, for example.
+
+```questdb-sql title="Grant database permissions"
+GRANT SELECT ON table1, table2 to groupName;
+```
+
+## Confirm group mappings and login
+
+To test, head to the Web Console and login.
+
+If all has been wired up well, then login will succeed, and the user
+will have the access granted to them.
+
+
diff --git a/documentation/sidebars.js b/documentation/sidebars.js
index 6d9f134e..4c1e8fb7 100644
--- a/documentation/sidebars.js
+++ b/documentation/sidebars.js
@@ -376,9 +376,15 @@ module.exports = {
label: "Guides & Tutorials",
type: "category",
items: [
+ {
+ id: "guides/microsoft-entraid-oidc",
+ label: "Active Directory - Microsoft Entra ID",
+ type: "doc",
+ customProps: { tag: "Enterprise" },
+ },
{
id: "guides/active-directory-pingfederate",
- label: "Active Directory",
+ label: "Active Directory - PingFederate",
type: "doc",
customProps: { tag: "Enterprise" },
},
diff --git a/static/images/guides/active-directory-entraid/10_overview.webp b/static/images/guides/active-directory-entraid/10_overview.webp
new file mode 100644
index 0000000000000000000000000000000000000000..2077228be71b66f80291cc74afba1b70887542d1
GIT binary patch
literal 46182
zcmZ^KV~{A#mTlX%ZQHipecHBd+qP}nwr$%wt=lr^SC%v40etzoisb8c1mi%Eq
zJMuq2FQIp0=2y##%#5)z>fLVTOt@0ML0Uc2a!*oD`d;gaS2-(GY>
zRS`9hYL)*P9rqOD$fHCR6I}>lvI48&oJh_hFRT23umQ!CKN^Xkl@Ti1=Mx)CQx>mz
zj#aoJwJxi1_ra#bkMnWaz-RGKezxSELAs-+{~4?gRmKG0M$Zo6#gv5`n~Fut`ZAv6
zM|E}mpCAJn{}(Dc6-)vO|F3)g(~}w0NpEKMWW-E{7Pj#|E?jlby;JW$L6AkLb}RPT
zcPAZgSVhNT()Lk~l+ipbJz#|a8IB_8OGD}q&}g@CA`Ph>&fffAW1cz#tA{79VN`RT
zhC|$P?26?tXyxXaajYd<`9lu=WV=q(KL#j)KienWQFi$|uIwSg)f_WD0}8H|CYJ*S
z)XnjEO%e3Dx)=|myI#CbB0a83r2BjB{b;YkkP)T?nP*w|Pl@(zA+v8^ChH+T`Xm&8
zafTn*^Oj}Uvy4015be(YfJakNaaqLFtv+8-7RA7|rts=xvGc$Zji#)7;G|{ScPySF
zCK2$jqJx<$j-D${F?hqppt$c-T8)wMV2PkVsEmje^nGkII_%w9rGgbLEkiO*IEu}>
z2IO}nCKQX-(&%npr{C*%m6dgHQY-(9O}|=YYYF#OW3|7ui(TXRjeM$aD57V547csk
z-qDO9!cPjFcOcI-x#iAu@Ki-2
z;|4!@Abo7V*L|Bv`5zrs*GiY36QF+BRqIj6b-?_!`5+)uz3g?{D;
z!++k~ouBff+FrnAnTiXw2!co}ww8OG4I>x(g`r+ZM3hTF1oOw*LeupT(b?viW{eK%cd*<{-p
zz-(rV#&R6@J|^-W8rcWEYLTJUftFSkzDsP#WYa1H%t>c;5SDUz67!M(4c#fDRytnP
z-QKucBq=2HrtN$^&R7-i3{wbk_buI%amV!KafAF+RaF`bCFGAzJAhD-FvvrY%Bf_<
zB}XOE+9}rtvhODNJ)P0Bhx!lMeo@JIg^{QAj+m&C^`CXB9Gy*l#J!FvUIYOhBLPNpLQy|7dN1H)lH39Kvw6J*D=?W;
z*K7IWo>U3zu74v|_8%XC#2u
zxf-jC)Q*4*L_pt9xb-mj+rRO~b;xZ#v*BTYt+PrI+qd+KQr%nEm@@j_5H3*9`iEyL
zN%9ar^3!Paq&x3r7+@d
zVc;I53+%|$$t8@O%}>1+6}4~iP9|B`4m6w{G4Bfi3q?UAy6XASN^fo#E@KCaFJQ@-
z+T}JLY)%yIX2cN^l7vu_rp9rA$b23XM;^a&|LWe&t5zku$L>Y1T!DSfU1aF_y;@rle{ETr0{ISz(>
z!Y>Hu1Xu)Y@*lRt$~y>~pd}96mzXK9Jp3XSaBA8_v|AB`8skAL@U`x)KS1!q%G}kP
z)BKm9>mid?LgtTctat%`Dh0gPdYBb$?cdZDf~M?&sn$WRqUIkHG%JIF@3(0{Bx!br
zd!DvDx{Ws0`Czk0C{lmxFln(=JjQOe$M~ji$$Uc#d2_=3>(N|#y9{a})k64^JNcXW
zmSM4?b6(2f)H*3#Ma-;@2eVdUpY1`Iqpze__NL=r?nJdd*sq%
zO4}y%Ax{AXu?1tp=%-5RkL_(94^rHD^u}Gc+2C>
z*0IIR%yi>6bYEgdwp7l5YFv>V?b7q0N5*tQzAtSf4^nxLp$Kn%=ZGS*QQn1+??
zO!0%V23Q7B$bZ^|ZmP;FZn8F76>faD`-|Z2QCXylTK;Re|9z
zQW!wHnA^|U4;d?b{No^9`wr=vp&o%amfCgfT*;P38z8td#JJMjRIAWXwt}fW(3=sW
z_O-wprBm#YZ#6E)g8o+AYC%+Z=UQfLDIzVW~;Wn+${fr;_;y~
za%@80>YaR&lnECHp}9@-**?m;DY-&o@OFFzkoxnzk*&H%;hec9VbW
zmh-QqPykfY6TDZrKwvHIzkc$Fk%p^Ont5d
z(VE!NRD3h0_&9HwV~Y4$gp-*CYi`^)j^=+
zr(*#UAeGb2UFTR!(4cee-D8-_DKUW>2#uxksUFsP5v1zeQ&hiolIjR<4BwIAXUJw=
zN|i0AgIZP9V15`WT)P_ARfNhC9{lysR2Y@yP7`$|fg}sQ2B*XE?qm@l+pDmZp(TQM
z8u4QPxmmUwIdv6PCEW3e3&u7l#;#OHl<<%@+xUsbNIm)IGRQv@9;5DMQZ;L?x}5|t
z{fn98-D={=-+a%vIgL`p)akjnLyDL=uZDDXs>k^bVavw#(Vdx>>oHNxDdZnhP-FRz
zV(L-ib|$2!y-e6Dfb_6a(Iipn-b>{4Vv~nzzJkx<&)g&Z>i`6I?Q=xPC|3SxlVpyq
zn4Xm|G3Bv)zXK7ss+wy;u0LcICuG@|Uf8RF+p*Yt98lmKk*r~?qJhXBLheL!B3J(D
z|NlcBWU~mWuLY6X8%I^7o%f#xxj)CaT#RFIZ8|VS|2s3iGer-jsNZYb$+Z@vEBGC0
z8v8@D_E`U!VLD!IYHCYOZ;AZhx#a&S_R1te!@xBPEkNPv)8_(FRJV&Q?EA({&y~RW#u^Oz!C5{P{%6EKI3|g5KlkX
zy)In)mN?{r4lnq6JquZX5yv>IIZ&=Qy#SrBW}wD38c^W$IT2pQK26*$>f3>L>G_X0B
zF7ngoqLQt{iZ-v0DHvn@Y$28outztcyHCq5-V5jt&&c(LG&k#Sto|Y(MN3Y=lVkAt
zxaORd|L-*J_J9Ps;X_P*$j2*)XEdJxrMs`eyqpY`0a(26Un6v*F&5#^uEL$k7iq+NzGPxAO%(p_)^ov@wb
zDDK-*GgVroERWti9oU_}MbckWQFk${WCIJuPy2k(>0Rn4o(^;kHT#4^SrWQ`YO!_u
zY10yS=ufAD;f?(Rw;n`;6$PH1qj{LjGjPU<0O;Ek@@^@pKO9yv+rc)
zjSHLw%z9>rV@mwRs#~@qglIQi1H1h~wmw*B-dHD?Vq9|=XJ;R{PLKYVFiWZOVn0);
zuN7C>UAo=rVm}qj%+8UWo!yOO0nn-B#cJPZ*bm7L`+|u)(u-~wR5~Y{>D;gCcCk}=
zII{M(dyrVL-vGRy!mk@kr9ANe629`SJbPR|t~3Q4ODK?rTXT+ENt$VT6yw1GuY1Sg
zo-{c82R9l3g3kW-PCtfh
zw0zQ!SCr!bg>R^rttFUDrv{sSk9?#EF0}D|{(R#sMuY;WlzoW~*_q&k@#j!%X_lH!
z5H0wDM!-8bGsTo4khjAIu!=|+AabzZe|@I#-!~9;u~|#oR&0nhqM3VWRo1^B&4;EQ
zSHkgPss3hMCnW#nzJII#hANByZ&qAH|6?!WKb-8@1Kdo^IK&iZiPN9(@kPE0e5jbE
z+ZNzFU_>D@p74ro_6LC@zp>&{BeNS0VinsR;q~hY(7b_HSCjy)x5ooO7Kg$l9u58Z
z0Q#ImKW()Ok14c0B4Yp$z1iKXY)K3y&)%y-CYvIBd9+Pyt&d~?+@%Nd=#Wai$-T!<
zo)b|Z9wwSz65WU0OUW`6lnRiM>M4h~Z+h2zKv9Bh+_OSxb>p~4j!xW@KXMoX(~iOg
z!W0+H*i6(}KS@mENKcB6pHwlTA-c?X{h8J6)_ep<5ZB>@sM??R6&h<=*x;F!Zc9Q3
z@MAH%Ch^jL{hT%{U?b+-d;}t^m3IqU$@)ar#$WCn?T3QTC7bGrv=coH$!oR6QbA(F
z;-0LrT1t9{-_B5yi2!sHh=JXZ*evk_V9XlaTvPKm(xcbYfPm@8#<}ek(&xFTLs#Ui
zjswoOdG@s1Dp(&Ho_X#P(#l~JO7e+++B8vpJnM3tA(+M%E*n@BSK4jR2-~+*S{Z_n
zYD9f)cU4^;MN>F-RSo8dK6F1gYs`*Dl9|c}o1iCPLMwHIkx5)
z`yOPOcm%OiyEEhdh5jf&XXqv7N%Q#Zf;ixpVZPAzp9HhzECi-d#KW}_%k=qBq
zT!qt$oU{tXlL)Od?2x4KJ^NEHlhdZ9RDvT9|KQG4*=={thhNMhlJKJz|h7n
zERt*S0yWl0BO5M1#>V*Qbh&Edtu{^EWH)X5*_=<;J0#k=esNbFZ^p@kdG^%OZFxJOSbB^XrdTV&@32vT&~C80$wcf-o@50OB_$5l=;Wa8jAg+(@N49S
zlFfxPZ3+k1>BbHmp5yucD_Avd-l>!*k~{XX3@^|Z&(Z4zwgL*C2Y36!m7>)&cbTkB
z1cugTAgBhQAaKM&#V~iCD=U;WcHgu(&W8NY>=U!<>u@1Ah=G4D%@L2F>Iu#*rHh`A
zUfoy_PCO$yF8USc5!`9RI`M4XZ-Ug5cGH_2k`*5sfWLe8c|xZ!;>>kCVAxG(x0Sp_
zw|bQXu6%k6f~$E$?kxnNn0%AEFA39uUx&oRvciA?7P3wdl0F
zeQ$=J`8~PO)GITq8$?&8fE4Bbt(w%<1Lw1l8|5@}dj^xwwD6P07cY`iEflugBZD!@
zKWYUvO0xz7Sl94F&)e66f%$^;nJTjJ!Egm~T-&q$#?Gb8Da5)oQ&g68R<}ds9mhS4
zn%WUjbt&ln9ZvEDf#-HsTS;I1PJ+wZR_a&2r0yB;;_f}OVyn7kzf(&kR
zAR7V|O`EoV@ELxPLN4ihzFgW_yE!oub9U%KFLS$VkOWBW&2xKFHxAXoJ?CBg_5z~e
z&6$vh_64zpR?ugkOUpWu62N#3G
zwoxiUj%IC9dt>jt?b>>?&pi)+>I?swbCaHq!gsVtl)_~e6Dj}0N8~Fw!tooE{rb$&
zqZ#R^*iE*?OM>cH?c868VuQl`$HHLoozV9y7=l+KbUPk^L4)dK>eXd89G2_{?;@v@
zJ)m@{I9%%rh#&3*008V_8}tj1{QtPb^=X<75JFhd~Vdk_$D45*Q43FSe+O=#E0!&hG7qb^~g~ZoEcD
z2Vey`X|(xYY5j$mYuZ@BnqG{pKsasS52vFeIF5^;>#p-Kh{NvON2!$!ED<~pWCtRk
zTb8qda1VKJ&y%4Ia2}e#vL
z*a&pz67f8pk7KRSEPw}MP6)}4Y)91(biSFOkd2b0}X>-YB_-Xr)K)%nrhL(8vlVu0shjeQ?6F
z<&KiqnS6dKj0zFuP*ly(7HVBcxUqBDA^RJ(SdN894g^oKeRL7g_K(5=kFzid?wp>R
zmA9O_L~~r0;F`O}Fm`^a>F;Xqk~l#-$4Vi%d_^~E&6H7>KD{fTFw=+a1hE);(nK@K
z2Y3;z<
zPlSX)NS(+Pg3z4e%+OU)M#e}Ij@h#ry&oRV_F2)-{`PG#
zZ)ct@03V#B0>wy_XQ6TzTuVOFhAYEw)3(}`zdPOROE_L;9wk8zo&4p|I|Ll*8nV4X9Ep7#1B`l-ta
z(v&_+n>01-rXio&TkQK_6`#iK3{#7$d`-3meY*`M*n(R5mCuP7m
zZ|f0dC4v9TQI>Hm=Y2Phgf!OYwX;J*eO%Xg#M)L|#$nlTENKw1nmYtfZ01ehy3mPV
zym9mxK-f2$smS|tE_G*Ejoy95hky3Hwk04YbBxk;h;{LiZ<36A={9{xO*y942#ya%X
zWgK4ry(3|#CWlZhcHDO=)`T!kHXyk>7Ev6*cgMofU05Z@%*x
zgr8TIg0J+v8a>3v16@h(&ImV4L#=Ou^q2>Q3=?rI^pm!DX4aoCQmM(x+&#R9A2}7;
z@Pw6O!?EeKb%T9wuMfzSOy68Dyj!wsCRA5h+n8nKHJd6B?e2Q}dq_3QZ?Tf@3{ad$
zY>%_{7Efn39xqnQ!x0HpR(W|XZp0fEPi5w>0Q-9gZ@g@)Hqh!uE
z*!fp=RuGPecEvX3(^2H7JcgB(EIQZjX+^3&qGoVrm$(>JKhpT1)ltah=K+0}`_X5x
zs=<8G2kdEvUwHzPJQ*$okXW=v9IGCkU8eUi)$%?egl0ZiKCBv~xFC7%{>hS>qO%
z+4wlI${rXyY?~vNd!2ih)3-AL;tz^-jZo1mXto8RU&00CT5Wr|TRY-ln4VYVdAxFapLIYKib4v(
zKlWvzWNo{$L>b30Y!9hP-Y~_f4&Wm}g-+HYUr=EM&Q#8p!Q^HWj4#1GxL0{8i&#P)
zW3?dA-c?!N<~;M&1`Yf;kDuj%7gmzn`;{+Rl?Nmw^2BFJu-Wl=WFC1XfxMpd6w_53
zSkMmulCK{&G9$ft4wmsq5X|+L=0V!PuaEWV3%ngFGD;f(?zQ~qLIlJZMdyJEoXL4l
zb!A+PUX`-KcEG&PMyJ;gweid|Ug5B416Re-3|;cMWk`Z8ugKG&>q9iq#&1Fk=$!G;
z@|)nCqE?6
z!yn4>hkbU+EbL-UCRU`V4ZY^5lFCu)(t&*z&{C?-5Rok7Lk&Lj$xdKbUFrBfBJueKfQEwvX|i3FQ1H9{G4h
zbl*e?JROV)pX&5thf7n66@bQsgEp#j^gCGQ83B~+
z4on%BLhppj2TH3GA=s2Gi!^VC-kF7pbC;Jo!-V=uZ^RO-2Iuw8%-u2>*J|iV$&M({
zIbPSIg%GDBr0zki5W3KTdP|*~!XFEWINm8H8(@M;5hRRObj8<{Dp8(^h97;?BDRML
zT^bFP^mvv4&YqRJnyNwTm{P7uSq*0xb}$jPPl$C4l0M#6aE|RFhut0)8(RCk2GHohim?ZQfJFF
z&!>q*fla~p1K36AdOyb_e)moJDSX`${C&Z90;klEPDBnwRp?P$`C9;iyER-1ryyB5
zYq$lo4a4H{2ZFz|T=L~RRK=!H4K)D6A5xkK$lF?12O#Kikre)3H-r1bHbV0F0zZVa
z()rYv*k!~z?B&~GgpW8X-B>eROVr+HN!U`6H!(sDXrD9po`HPzL-v8Reol@}`G;pZ
z2o{87UgRiW3CiT2&D#W=hV4<%BeMZf9BNWUkgP6pY@Xze9Inc`U}CVMnaKG4du?Wp
zJ`Gev+RTmDzC>rIE6jn{;o3t%L{Hv4fK!4lu*uDQ
zTn`Mq2RKPpMDW*>sR7Lo0ykEL`-YVv{Y5EA^4Vld3HKRZ(n&VjpL&Zwp8DFQ5{;Jk
zaAWh6p16yMOF6T$_~qXK%AlQUVg<3yU5=ndxSFX(&$)4@vXS^D4TVhnifA6_&*
z8V0iGw+^&@zw?^EIOVh??~cN^IPxRb$h`M30lcyAeOOTiSCs!mEFA%HZp##}!9LXE
zuMryODcUR-u_!F8v@H#JLFzlaC7zwVw&f~n?=o3YFsMiwCG*et_ryIYA}2_&a>Hh(
zZnj}M-y>=(`Z+J)kj(JW;w_`IHo;q_y1DG46`U~H8lzJtiM!dyNL{kz<95byMZa(6
zV?5n(dtsS_->SLIEIMFZnM&If&O?F3%qlo$o(Kq8-TJtI+_bHRw-*{BbT`Id>!FX>dN(b$luN;FI@YDV)xA!ws5@83
z4^kh}%QG2nJowJ2B-?8^7ZLRCHi<@+Sjj1EuVf&8A+fVm6X^tTasF1R;9)RCLDI_ulMW))mGrGC+(2}cc=4K3CAgS`^F
zrHnJP*9%*)zKkw8akFCVx%$TK157q?x}NHk-rE|WO#Xq9A3#pZZpzxoocB*
za+<{y5(Z9A$qzOKAr>u~3(*5FO>cf6y(7U;WQl*BW#(c9#S#kPy3jlIVU_aexQ523
zQXI75R=J+&86BDv04Y-$d3=$1ce^40U+_%eCLOF$lJhS1r_Afa)rLa`SwP&QG2@8{R@M$A)K
zK-N>!IV9h$@_`N6iTDzjXH4TZ(mumS{^Yj_X&4?0T(tZvw8H1ApjdOZjQGstdJoXR
z(G5{lZXqlAyl|AeR`FEz#ATmOKP>9axqMHvAI6=V(VD*V9nG~x?5Z|Pd=a~@CG07v
z{08%y*Z5Omgf=0FW6GHUak`|H^R~D|aSoki_()o1dR4yAqvvBJEEiI$!YM*$3snZml`85%{}Dtl
zq}k6=Q5by6_u#KdnKbltv6biXUJidPPax6a(1+7}rjMYjRS*E%1%H5Jf7V@ny6jRQ
zX=C>#{nFqe@cTF|kS}V@sg@T+dNmX+GaJ~nax`=G;rc;7iM1WZzWlt)m8?Z{kjjt2
zpUObmVw=VxL$tJcg`xmly_N@Gu^1r+OmvwKt2^`g4J=N$lTe`3cCi3vb5-z9*kKoZF{Y`we!9f|yv2S|n**%pZ|bkWx{c@nmU!L%nIQeR^!6~A~;zCLK3
zR#GGpa^XQ9`912O&fth+tYdkY8@%MH@wv942uUk+ooSKBSvw@P(uSa@V9K7@6#D!^
zChxcqM#yQdH>5xkDw0(g>*NGt*bYp=5FqP6zNxI`)gfigad9?1yp{??)Uyh{=%v~#
zH3JtruRIk^y>YB<`pb+dFqc96M8pNeMc;v?dswbse#%zl{W0&GIF_*Yww^!serqqI
zpFwGwm5}5xOl2hQE^g#eK(>Q{8R9urns3FP@5Fha)ysSe@!f=QIh$MV!&_=gvfa1Q4dcjN#m!7*9UuL#=fQwlkO
z{e;;|p%OXbuK*7F6(#JT7eD2CVsPOp0ElEhTQ;(P|(Vdbj2f
zeYR$Jg^WUy#!FSuoDZWpW+B%2k-{z6jpShjjcA6BtWN?Jq;q21uVfqn=>OX1JN|CdsYOYY3Fu4!BXB;BqJBPg)&zyo-DH&97CiGF<>qxcg6)R3!?Yd_Mwr&W
zmHoxXU4#P!5!iG=)7Zl5J1@)6r?JM_Xhvqm5kw~4fI>m_e8oUA=dB`GC?s`p)ffOD`-RciCCbJ&r=07_Q81=i{QyuR~%rUJ_^K7kN
z&6)5vZxYVjnH}VX6!AL}G^h)_ic5V(vJ)SZrqJO#b_UhV2kr~_b
zJeKtH1?tewr|PQn`*JAUXp%s}9qhvK{PSE4e?N6^lCOr9+4H(vbz0&6biEt$)JbA=emPoPt`RQgW9~IWv)2tVjyF-qBr*bcnM&-G7!JYExUhQPM8*zWnv9517Q)0=J|go@SG`{&S>
zM6}0@6G^nM{N#i5$+3jvDq0l)fcm{{e0@TEQz|z6Q_9OG?)&M}uL2<7jtP0xcyXY8
z?X<_EdO))I-9oK?$#?6F5bMp+ArU3fBrsq_(&n9TYg;Bi&T-0P+0c9wqhvz9e+>7>
zYgPL)wmo81Ikp2A_R_X=%72BD!+bUDju_1hk{mItI84uEhZ`h<%rsABmd8{qRWeDW(uV4m9E4ZYj5WD@P_CkXvMLS;d?GyY(=UMkZlotHr#ufcHbjD;
zDfHZ1t}*?|*yXxo0ZQ8AIO{>A_7>ASXm)Szca_Sn3!*X`hOf?q#
z`(wUHKD$mMg(GYX#qcm(A=re>i%zJuV2CI^amDVN4Zb5~D$67e>xC4`)8Vh;c)Vy;-RAehP{Cyj<_fV8cR
zu@%BFybQvxnr2S{q*6qW(&(S7$VUd{i;3tq)%@8U{^D`pdk}+TW9Ak^>+_pfV(y){fCHJ
zW#GXKoeO;WGD=pHm(7QaX2g9bYDm$=d-7Ixx7^Jh%La^q+Fqj`-}6g-b-XJYM@-kI
zDaQI^L@k9*s|u-gA*o!cTn*uA8&7xKaQPnx=$)c%oW^BJyK2*9&J
z@Hg%hY3dkNF2<@&Kc_N+aV`K9_#!#N1UNjB@q)?B5~?$HSPOjo8a!jUveRh8!a65j
z(J(KIwcO5*mj+G;P$C5g-=+EN
zlb0;GU8x-g(8(eC3a~uhc86QmmLy(bc5RmEef~XZq~1VCmeZVDI`t(i{B)xeMb6XM
zPsOUajDr2heJ9O`Z)>Jk9%+mod{evH0r;TX_%moM;ybWAPg$>-Pv6VX%9{1sJt
znhR$tN4v{QXL
zbMvVH_y-nZFc^>*KZCV+`O$^D9``vx_MTloqSY^NBoo=-l}Ko6`k_dU@=T=yZ|Et(
zr(Gpo=r71@%?PG&=F%&`vgsYVo#A&6KS3fu$6{^2R|ENMrb7VyQsCE^;}U?y)&D5-
zZQ#WvWAYB3Y1gCW0*%Z@PAQ*@w#R&7{?Pl)mbM3sZ59Z`F=-Uy%MQx5Yv*Nu5ADKZ
zA69}M`jlS(_RUHK5yOCXhu;2
zO&UiE$-FYx$l0-$v>zP-lnbau^p=V-iTn*_kI)kKRYhN3tq7wxA5IX%fEw|$KitMG
zWkgj>>sSz4jtFb{oT-!3!~*{Lc`HN)-@mi6GAbmQ+><(FiHlGh1>8dEKNyuLibCX_S9
z1nWxZC&hT&HmBUrbo*&r)vmlf$QgeS8@rT-6&Y2!vpFIi0~u1=9^5|2BJh1*NJFXq
z5%rcmXHk3=e}cE0iJt_;8BPh4_}ouvq0ITi2^pk!frW*e213zp)c1o@>Z{uk~9y)DyzzMO#Cs
zMHWi;+!~8O5%tzK*4Iy`Z*7m==KpcNbgqT%4sk@{N21r6eX0khv+yHWpS@8~Y
z9dXbLIoxBt*Pxa-qIRgus){qRs)mw4W`-YDQXogn<|HX^ENDd`{%D?~G*tK6@9FPk
zet-%~wZsjO6bQn!W{FP$WN9O)v~&3ppnpQ%X~iKkHlt%(tC~$SBS@h|#7VtfB1Ggb
z3HW!^z6~sp0AbMBuC^RW9TrHX=c(5)qTD|{Oh0F6{7&WkopKmfz=Ho<@s=$5peFfO
zX0E?kS<4k<-kxaCJ!-8C`T(J*YGOv%tp=AAP4vmn`P|Xl2K~VrV6nm+*rWyrr&xHK
z8X0^n49#j(8Ve_9u0&PvmYC~d|-aqwJtzxMWx%QA>{4U)I#A6ZSijhl6w}
z5hcd;y&-sb0u=xhNtBV_iVCiff;HlZTu+Awb??@bZ~|qFl-*uHI%Uu3g8}e7&U;3j
z>B;XcEQL-u?MAKn`=aW-f4e=YpEimnozSBirmnW|A%hL=%b9bPbQ2arAl1M0U4o(BKeM!m9R8
z`h%ham^dz6$-=(4W-8=tj7jlxI)ybMq^0--%LfN#hW5ho);*&Q-3dH?pA~0mK~S&2
z9x|eWv!%p3{_cFK4p$s02BjNdTS;}QPH&nKJ6GDXbHGGe@LcB4g4~Q}Eo|>O#*Wt9eN63DHAJTNn)sGlmkyxV<^U<2KWInbNue3*R@Xp)pVy
z^}11Fzo7q~Y_8dN{^Lv71UWo%3M8K8)N7I>GDk2<|HlI6gR6BOZ2mkoW>JPy3Py}}
zI2BEDHUB_en9Pyf&b^>@lQKoZi>~8%rWSW+3g=UYvEhN8sdHRrh20WN)xAjMSocjK
z4TJOM43zZEl~ClK@sQye7pe~9`tUO4Hp+S$MkH?$b%Bi*{J4=R`Pa
z5@OFo+HE?5a@JsL8rRo*0YCdy3wG&D6L0to18oYU6*Uc}`M{csv4erv_R7f#0^3SN
zU7}uhcv%K^9JbL}ca`5UZ5cb=T-cu4EZTvU*3Gx#S&e!j1HcE+b9-?&q8EhiVU+n9
zf0w}VW@1?VA~*~d*P;I|&h_y!>W0D?c(;dIug?p_JDzc5YtfK!lVpF9YK-WsUBvl7LFY3Vl^O_9m!*inh#G_|#Cxx1OX
z5A7%3IKO2*`Vi-&4VB#hy2gk1@+b5eV~6<0N~}q{W0QP=_j~r?t+KBW-EQtIe2`b`
zWVAxk$lpIuU=KJrY=>512~{23zM^}RB(l#HLG$Y)Nsp6x*iu@Iw}-CRhfZ>%W1_OX
zy~$wUoGT1G1p0N(aElS50j=j9;MGUraabW0lwA%76DNP$?-)*tv@KjJ6m-h{l}Pl>
zh|+Dj{|S)0HO#Ho{99#mQdj-&{Dv4Q>Yb}iFakh%mWRobN)h{dmSW&UhE>s&)0ev5
z#kHtjpb$zXr#}_sYhWuv5+j6VRzQS-ds7Y-8EqN5ZW1s??wb<6-6dOtP0(mQvdtro
z85R=^MB7o^bb;1q(S@Z1_`~MHtpG^fYlHTjQ+4<8Rf-#wio866SzwNXnFy`Veq-oY
zNttYBYD!y&86nvgfpe^+7CFc+k?rN4&PA{BnvPj@@QMA{r=Tk_8oKcNU*XiFL~(-v
z6+se99odYO!9%mz%N##zh_B3<_fN`<4TdTVum{v;FO^Cll@-0L-~~Io5Fm80(ezW*
zs=$9gL=AZI1osm+fLcvVM+kJL8yV=VY!1V}@JReq=3ZwG?NS1P(RkzeTF!E+Ush~+
zLQ9t&y2zqs+}=^;$*z;74l`Sc;pKR5Bb3+YpydN^S(SS`%sV7CwF7iu`k345RIjF&
z4ev*oAyh&EIDQ=t;6_248K~ji6!}<8c$AuwQuvw;nDl7o&8b0HA(V^7&D9Ks&%C?w
z&ABx8d*z@&7E!vU)}=!*(NvOah~G+3$20G-GG$q*2O>UkaktP#BVF>3
z55l5;jhnICeIPl)8*msO)B`3vJD8d3u>MvuV=R98atn-U>f@E)BL!39P*XZ-g-K{(
z@6uHDywS8QLy7!HOQeyvs_pbpJW|-B%*8tkBQKjl?)D<&OG?&I&^l6aFTO3!c9_)N
zK9?9l{r>|$K)}D(4pz)3S~x$Mb|C6uCKfG1sd4;TZqT(3_SF|oxtJ`sp!rRin(lAQt?3P*^9%5AX+Ho|M9kRPGeh&`h_})gt&!OAtEFB?HwAuSLB4;kpG#|
zSPR8DiUKh6zuQbcTcK#1VK0<&dL_vmKC2_FFTsY29K+eyB&2P{*CD%|R~af)+Q(;9
z==U#Q&q5@IX(0&9R$P{*kEZM3mi(ey-aWWJOI6y7Hia*vi+^O2#yA!sF6qW#4BLGl
zyu^~6eC=yNLwvFtUcNmiX&zz8MhDnP#ePJdjrRT@Y9BI)kz-v9MF`nG0!w6ESr<(D
z)pDjV7gFyYWg};)5!iX-fU1BF=0)`IBuh+Ev8>nhOR5UnV}C(E)vGt8E(ullh5uCq
zTS(#gBm#K~<$q%K)Xe-v8X#-F|FH}S!siyv1N#*+ofhdW^jPi%HsPn#5EnPu;Ds;n
zk-S|%KPHb#)Z|Yhj+yyFUw6s@a43_gR@)ff=3%kA0j62n8~WOF30R9zGUlNsqcy~7YAx8Oti`+
zN=UZ+IpJO=}AgsJk!bvgdroh*sYZ0~6*NfkuDg-G+^BI_29?
zZhiY1GIZ{fcio6|nfgImXX8a4FZ!03LKJ)=X(RsWAfP)2utsrz$7P@K0@*R%-M
zCyp3fM7P&R>X*_0Y5@?*;cE5DZ+NX4)1uL=>+1TV57wS@9Z`Nt?--FmUrz&tTL8&d
z29!nF1JoF1SUJtk1~M`*>)waChCz0Y`YjYpF2I#JkbG3@1OPjN>v
z$x;Ul6*phgU98=-V;3z6#<(GhY?2o;bcYLpXJ6?F$X@=%HhNONEnOFN(4n|9rzXiL
zOHqV3L$k71{|N%+JPIPsxYAKY-g5J-xim7s5R3N8RLikSnR>~Wv$ltJWI-@1=M
zdHqvxK?#as<%Or8wB`$Jvgi9}*9yl_c|kPL_?pDpk%W8<&adhYUK}s?q3xbZ8Z*KDqCkEbW>KyJlG68xlTtg=&4bCj%;-ek
z^5mxqz`JzW;B8f1+`>NlLy?DF#tfMc9K^VX4ZIuP(5_iQtd)PNBccY96k@Ny
ziOU)y4~Juv%qtV8_}Kv2cC7=p0(bJY&I_JLMMhu2BxFuhK`%_r(=~Zp8g+Vzl|4b8
zUPM&^5mhp|O_D5A=k!}g)NwN;oqx?Y665wGOs%WfQ}|E1zC%!#kN5<0x}qgEl7CHZ
zWt>LxdZ{5p#97WKw=M&0%FrE;!KF4?va6Tqo&I@JG>C_ifE?m5iX>>mlrP>M?$k|p
zuCqe`$BBK&2OkUd=3n}-mS+V^bX4`9X-8qKo?MhYk@b?~{0S>66>Aw#99?C34|y=7
z*qEPbjWkxwFUK~IXW+zazk4j87{YO|Qd32=)>sU0Mq877riE&K@B>7ohJS{&S
zcKOoack(*L_p$U&1MG@RsYd7OD%=4h{pTn-G(12pb8s*gQt`&W5+*r(Y@vBOogUIF
zPHMn-IGetZ`8`+H9rqj<0@xQvEG_OO4)xZ%r9=ocYNKz5e!X%#L82p@@g=^e)%@|5
zG2V$PnS2Tijw(~i6xxj*9(1i6I{I5R`tHFhs?1xH*EY5bSK)T3*ZJlvs;yh%FW$=S
z^_>-xidzZ=LUC-9XMtS6^)CS8QNOoci8%YI_qOD>H7Q*B7@TiJU3w8ncU|IwiArTP
zNfFr%q$G+;_;=WPlKcqbBEk(CRzK8kU*5VqJ
zN|i`R{2*wWSf*`T?s(wEKB(^-oC;BDJ2O?I*ql@ZP*SO#~obuov6{rtJQfV7u!OwgXAX3(%>dYhe+Oaz*YUk8&OuZN3
zq@va+03_y#=Z(^T5zrZjf4A#cBUP?2j65t2xliew;9OechMq*NC@X?9y{{-2!!)BK
zV7DPm+80chgYjI5lgzh%Onn(Ww`T9|9<+|-#FlsQE|50YQ_BTFAPy%cQ8my<3MO~v
z(|=6Oz14_C1oXCNk9^`cbhqgh)mr``@pd!;GRro-t~62!=mXCL$tJS8ngO)bp0d6U
zUcWBGmw0v^;K}ZNyOU#N9zw}lAm#X|{Z0j8AeUUoCe%+XC#drhZ<}OVE&OSTghKNR
zLF>blVv*5;|HeG1K)hNu`;4?Q7<_tcf7_Xv3@6=3oilO8*F}oK5DSM<&LI)YVdjSz
zHucGYCl)mF?AW!BII-7VmG>ML)QEjlt6pFA>3*B2yaAtVCg;i)g_{0RhIR(fkP)(+
zb-RlVq2D@xrvSwcv0%eZyxy47m8`(T_mfpp7p;|jWu=CsMrT3+A~dp
z*r-u4feZ@~!zS?JWD{+{Fw5*+_KRk6S{KRUA<9$CcR?x3cOIs|xQ`91u5`2u&1}+Z
zkF%+9(c$p?ybgMT5miLGwgJs3m+RcsD3SA63N+e;8Aw}r2jd*a`9&#DGC%&$!w@QY
zHc-r0QxfSBfpbkkOpy)l^8SxBz^q3@0TOMkN=$&F#!Vb~b^fzG6i-!ol)r?Mak4jd
zmz#`_dkLPy>D4uG{&z!-xD$lgP)vRzUG(!Sfe83)uQtIo4sA1o=*X66kFch(P^oF}
zRQ%;pZ;B)_T`G?8U)KB&4FohZCD)PV-;AMtvu$B9rp$gX0N2-*;sPaDilaN%%ER(_
zQ=@LKEN|b`*E^->)x}20wD!ceR5BVOgWlEQz2g9^f6V*ie|Q2_w8;u|r!%~>^EM?}
zNpa6)ggnx0h7(=dO=Nf|?~>{iP_lgQh=;CoWQUj?ZZ??{)24^E?qR8cSAYunSvcB{
zT4M_ARHvgSrlO)RZQU{$BO=jJ(gEuQ{RJmGm2M~903$nnYImtFPAa&S*Hjyz
zngy0Pf2mv}-HFcew0+a|s*i#>o9sT?Dys5L|iZp|(Sbl_E=o#okqX+59n*I$_Jm*(6Z2kHel)|b+f
z3eYrDhTX1|aVMyE(do6eug*(O&%l+&JZYg&njUkjOV@1luF@~(v(P>!il8(u;8rF;
zm%N=m%RUu(i&P(RD1G!cyy`IZ1a%6d>1DXA9KaJ^4^sZRSF9`c+u{gye}o5rg%mOB
zp~6(zeb;@wQY5Nv!n(U$e)}|raM2uxYprWv)ijVsP{~KIvyg^Lu9gB{&d<}lpg>N0
zJ%6H`*(b~p)rZ-r2NKk7lqyjLk$G6Bzu`Sk8Y{r~*9s4Nv2~WvpSt=TTmg2sRqF5|
ziLE)7x#xNS3TCGvv#@tG9?k8
zbPIxbAm}}56&KHH;1Cr8nL$8PePce&_DZ(m-Uj!RIn_Z~p<*XzkRoU3na2r*YMkWD_o@H6HPV#j6JYuld)^dD=HU}I*_U^;G4Qyyk
zOJQEm$JFNy$_a7k(pfOdWY=h7-ln#AJPcwgE4j!>l-QMKLrB65O0JOWHoou1DH0W*
zo6e+kk>z)#Ef1}YJZhVK=GK2#Q_b@k9WCY*PUfuMn&Fjj{z87P^L;fusWkXF#ztwF
z+2O_CJ#eOwaKWv`W^vAe$#&=>K3-kdF!5)9rOdYoO?j#W+^wAnd<-N?)!S1sI=+Ow
zahhi5A14+l8EJ9T`R8^2(f=mWy-a@ESLjtqgGH@oM93#RhS=2Xdfm6%9)e9QZ*;bQN{wqBwMNB
z4!aU&S^v&lElWY6*7qRxSli13g-DhS&2v4{^tViEEqFl6*ZGbef>SMN>SrXJ1YplvF;}F7dA0;JGhb_%A%+buh
z4(z%(U5Wqm&sLNWlw0w0o5I$LTS9iZI_yXEcG}jgvNZU}pieFO`}>J0zqfN<(scGL
z^!czu!Lv$rUJHfnYNGMP35wx3`{O`sj**g(Em35y>O!ZgRN)Zzav+&3`v>;^YgJ~H
z1HWzRd#&Ut*fK>D|W9
z!mu#It}$BjcE#F?!n+%65S)f1Y8YdICr|L-!E)&u?saCF7
zDthaXt;d~rkV25>41Lp{ofV;=fO4$TUKdEY+
z-vv@Y2p0PK@cl6^W2g6NQ)!>cbE(t4Y`Su`O`*e1F+R#8lp=_W9(+!N8t;z|N^}Ep
z*cOzlxhT-m1D7z&Nvx^-
zSN|n^M+g;yCmCd9QD%)(@de94Ra*(M`Zv>aMP1qt8I|kau7FXPMDa#%qILv8596()
z?i7xlQ4m4dR6V%*!=Bq%F;u09f#{^hjli_u2mfn3$2Qlj5;JJmcbKEKSk1Q;Fp$eM
zF3fRKLw7u`>ZKW9H{l`cZL2WKomgQwct2K4*Vc@mN8<m&z8WY9sC3+>Q$5@0QCnez?|~z49i^i2SWyugMxKEjjvlZx079
zwJSFW`V9}}-!;i~1n9@imRLC1EpOaP2>Q%%RM}}d8zz*Raa8+uC(q)`-^r;zGGTmy
zLF=3r`anw#RM8s0S(t^N#tXo&cgyK$v9#SSw7eAQSHQ-2G?UoGo;gf>jqINMT7;B{SWuTZG+)vZ;vevnvcvt{P_Oc!ap=R4sFbhDTqWj5kns*^Y@L5MbKKYXJ>
zQ6Yv?)(}-*&@{5(izYudlYVGODE7eH7J}n&BTZvFWhHqWLsw_Wqtevq_
zaJpRX{l7i2o;;KN3|pT+H>6g@41xGfKEQ`AHT3{Tfe%n3>
zhduEOxE(JnkHV%AB$}&OCm~Ma+CMxF?cH8bt_`zKL`!c<)gA$ZRInA|kN^htgGls;
z)~iZo5`${4E~cl96WE7XVEeJn1Z_qfC2tpdx@0*^4N|tv7={@oH?y-SO$e*{rpq&@
z+3BRMv{nyE=T2
zS$pD`CbYB-j-)&>Aa+^Rz#ujvYJrsXrRI+GtbiU9!(SWR=BdFw;i9ON#ODz7XN4t{
z?JNpK13LU!NJ97p81$~Fb^)E#x*GL6@J_zA7S+|MpnnacA?s%jcq{)RKus>t&dK@=t
ziA18Eud60!ABel<7!*%{q4e=m-48yo()0KE9u%=Xx)IJs<1uZ(w3wp~h{3LGogrA1
z3O@Mg`m>3=B$Q25d~it&=l6~Dy}I~Hq?J`W<-qjZSrx;QJ>1jbQffV2Uk;@?~!q2QGtWhH5uI^77m-^oR%cU<{Y0Q>$r((
zmm<2^O!_wr%>*d`Gnv*~Qohz~uhqu~IkCezEU2smq|>~U3Zlyj$Zid=Vq5%*;UCp$
zrwbz+2#`oTN7F1oODnJtDPf?3S@|ve2fC{QNBO2}{6X0qpVgHq_u~nrP=x~&&d$2L!l$>lt;xpCM<1|PS=ZHg6Ecg7gXT7YK*NdH+><;J>K_Ktp6I?
z|KD``B`5du%^u#wycE?uZKcs9vJV$q@EE#O+!#-@k9#u5Rvf!4d<(Fz4oi-Re&MhJ
zF*EHv{I5=M!qZ5d$8VWIBEIz(Uh$T4ZosKg&HDOKMPPU`^~UiqHX48;UBJh{AY{|3
zZ^JLme&jYrv*-glNe)zDLUgA%Kn3q9hJPU3T2Ec9yGWL6k@(ANrDhzX^s$s3rui?7+Pb5Ai~oe
zAqEu7=x6Ed!+u~3jgxe$5#+OpmSF;}gk9@)-IjY?n
z_X~xm5}SoZXEexi;0#D#7P$xq$z(cXG8lZYPCPxy;Z=$rYV}ss+daPkk&cCrk~@9g
z7@>!5=Z1HCIyQQj*#u+5?VQ(4lC5wi)%WS}*`I9y#89aG*quaD+pi&>b>dM^QW%s`
zppoQ-BB%~B03FGy)jolwqHR)cJ}b}c^zvRKsqDFTBp{zW(AjqBgwS@o6R2Cb{&X{OAE@>vedZ~#jE};vbMDzv6mAs{GwpGIs6Dd5OVIp59-oaT63U7
zKvokVLzS+Ew#jz_1akUhLJRRR@mp5STs~Zauo;&mE8U2YLO*7hA>q2%-UqRMm8l`4
z9#YC;k-n2{5)?w3KxJ6OL1(g3lAu{MQ8asjI;rmB_mUh~(m=aQ!Ti4hEE
zv>f>5E7`k{6kU2FM!STKXDItoOsDiZ0!3rUl%eN@g*RuI&
zF_sUZ4mIspCS-6ayQ2D32V?LtBp8dETd%N-U!?}y*rpAA-wfWq^*V;+g2pT38;t%HS^&1|?b3uuQ*|8%&`iRGd}5MF>mMXXHl
zg;%&R#mcz{K!fR=O{Hl2k83vXbJYdii%>`+7D_`{gO;VaY)pEYiq47p4qM+LLAn`qhIY=_f*HVs(LX%k3~rTH@yP$NFW?md?(=
zV|smXLws!}hSeyu*we&qEN^n+19uQ8<`Q0MMz^Nqa=D*
z>X7vu)U{-xap*Bhh`E2L0-11>v4NH&8VA=B_d)Axz|>
z!&ryhkiFqV5B*_N$3**J3q1u^Vg`Bi;hU_fv9n6VD0K;KNp@HVGA*y%omp
z^oD)1kzC(OA=_xWj`p(ph7tY1v2kyOdx{axj1Vl6d*#)p$(xEZ=DtZfRHPuFmzJE<
zXs4(AUOEccA@qDYCLvpm`)yh{!glrbBEp^2a_>JdcN66$vX#>XH0uCGts>#I7+eJRxWS1p0TgT0CGG1YYZ
zh2CR*JtWrfWD93c`FSEzn;^=2(-jthm@hRkb=c`wRq5_~10oz)wh{)${-a74iWmgk
z&|~C~x25puF_nG?;VZ?{Ar`rLlnE;AWINk1Q$k?(&v^7EsvB5Il}iD8!tp$C^%*&8
zk?CAc7T@TDyFb`U0KK*j4E-fgt6KB}s2L^cuu0hzv46x*jx^3lFG@iHg$|hLw4-E=
z(sJSL<6ca!54u@llYY4acLLFq6qaur$wJ1v(m4YG6PrrU*+wVe^HmUszXCk2S&`$I
z)XN%LWXn?ZTq)fUwjPxoxh
zz1-f*k7@g{#HA}O3+{Y1RGbbNQMdwD>8X*zJ=fiBj~z`_lB7Czw=)w3Q(AEm4?@~6
zb}@*u^2up3-P^%{J2^9L&-*CZ?D&P6h(5fLE=m`=-sZ<)=(_nhY56vm2ctOo*oWjC
z(se%sJ>qgb2P=IUv912wrfbMCn`;i==mZMf^%#v_mqEOa?}Z5f9E9S?p?$agk(&Ub
zK;TGP)T}VdlM_MQFNK`&*jVyo|D+e|qJE|5!cCRZ{f0qNHx>w!iaz*#nGSHm*Rta;
zsJ~deVm?}Bq&G~l%+lh06l#?nScpDtc+cdIC>z^(<2_%8oK3>&EDw
zvUgGLfxi`NhSdKC+O|xYoX#<5tz-y!*e8lh_tb2b(ACT
zJFrPii%5GP2-kNov_uWLV{xs3-z^n4)k<}sWlQZ-a(`!3;#V;q;;@FlPbGzXG^gZD
ze{G%Fqh$`&8B*YfjgT{y@B}L{x7A)^?hsV@%Ut=c4&bHwjS}~=D
zGHchXknL$7K2D123t|?#FQnmM?_9YuehXe4ta{)S;M{CD$6`^N9J-(n49H0dn-C87
zoM4plPf~$QZr|Kt}
z+UsG1)$cuMJc1)jcL#9hb}3BZ8!YX9vVVTaLzlJfAy_$fao83>mv_lM{5~g9>?XNc
z{a9&?2Lk1`0)u?mg{Q^ehU&-kJRYGIZ?v^n%fmbFvoIRK3XK!!F%}}k`PW(Gh}KVN
zPo_KhMyb-aEZDGZrl68K)O7U}?-Z0(_&I7WTr<-;f>fnqR1)Xx10l^^#U7#VJZ7?a
zb@Wr>Dessjjme_JOnrSUksjDUDzip2Y}l{j(rb;al_u91Agj{TOx}u@T1_s6qJ-iN
zOu6(~sWNe?I@KA5ry#?{zYAE-;(zi@z020-(*mM2WJ`D#SR$)7tQo7|vlutAas!%X
z)S^rf*e`pVtcWpFinRc$GFVr;D@LUEg)>}DS1#0nc}1vK=5PmJa9gO`bc!&tcn-);l1C2XhgIffX
zk#i<1PtKm*S)}(uUn>!k|f$C>QI+Q5TxHPF6inu3E{09Qkm2k$O=u+n!&;PON6CcN=#bZeL;3%vbmA$=#SxLKdLGkvjtflkLWf}7;g$QBXV`nKH9d!JU$X&
zdgX?t0o^eHwnKY4VIOv1cHup3QWtKyzbQNtiI*lULVz^XsV-E*)nfPk$Hjc(pYkMEyk#YF2_JsEh^N1#Bo}!7P3Hq=fP4Nks)OjvxYby
zwI05LVH@xyuX=S&3p@F47^fLE=_6D@&@`lhGx7t1D)S9PxChmmYF?P|il3T<^$iX)
zmWS`XU}>Y_}@bBeLNBo3R(@A+s^`eR6LO>AQKuggXXwwYOG8Q`XQrg
zb*MfgxWR{-Lz8^P581lgSkwW6u1q*`_L6rI9mVYPjCQ&j;vOM#x
zxWK4}x!0B7IGGk4X-rAD@5NBXg;Pr=`r$p=I97CT)>WJ>M?AIXf7J^QdXB8N?pCRK
zcemoJFX71n)LAqS+zChR{W6S1i+MhD@p#Y8E`)Gz`xtFr%td)h6lWSORx@HHl4FQ&
zf`T*aJsXwEz2f-Dg48UQ#W~LjEZQHK=qsmI3u{SuJ*jk=ZFtrAh*PIA6*dVMd&zVH%;gP^6c-WNyYIS3`p@ktsV9Qd_SNt2A#>62
ze1OxiNWG^5^{Vt3Bfd2!T9mh@C2b?xnr027?C@{Fv5TyzI*+zvY`iX_-kn^_rcXF;
zN_-kF1?8QkBThL~V1N%ik5}TcJc&elPT!wLb&ABtI?a%s#W_&bZt@A_J(Aduj9?Xz
z{aRl;4c#2LXH6)Um`jo`VP%~Msrb+vi9%>+02VxD&oq8x=$75ff<>4*zR@~TM;2~%
z?)^GD!dNN_xDU~u&}&(w&Nt#emRTtqawE+
z+!u$o5X*KeuVa^IP;}1%_W0s+A+ED<+#B8+m1o!cXW@cJKOY$45oFycYwGs-)q_6+
zzxwp?Gp-V!DIvwGJTGLbqm24scm&DI7|P)&YDc4os^}2%ikdd|hwrkmg7CTVoq`G=11M&UnKc;ECO
zkx&=9iGaCz3{vX@sOXZ%WA)0W++5FmhPn)oQxdf9n6w^UnWMdHA{RsMWED=tCPiB*
zHbEI%fD9?HWsD0kSIppljyqGS+`p~l->ct~8(rCRJPCZ`eE
zg|!PT`GM5PTHkHOs$khty8w)hLbPtf1F?@OkVCAS<}4k#V-yY$dfnuGs0mep$6tUD
z@eDe}V%>svtgvSWhOt9%Z+L1M-&`zHbDG_`$^_0RnIP
z7Cirw7nL-PB+fwEIMH(sikYRVVXJZ)m+ixw99MoHb0}*j7ZKXK@3`aR#2@yB(t`vL
zr?M|s@BY+nsWz*#lsbMYm8le8J4DEV5~tMaKHen@QX2K-7WMqYLW9Z@&Xn&p!j&sc
zpbdOoW3(V11l7xyE_P94$=^V9e)n}flJ%IpV&dpr{I^5k@V_D;<%LRXd+)Rh}h9oDGH@6PBh|w8}aeYTrt{L**)v#swnS_6kw4
ziHFeDypxyorHY!%dsEDI?`)t8%foC}J{9y=JvQJQig_gX!)jOd2mpg|Qb1{j@S^u(
zI?{U$Gm^J=uGZtX;qJbJijM(+{dv!h9H+_R0BSBpjI@1y7k02xhs^jTbs{fw)=R6V
zpTfEiM#$yhw+Ar-8BN*eE;{i(V)iy+Mz%Aews00N;aC(9VHK$FqXNyLz7X%S%GNk+*in1zIX
zDW~F;Cb~=E!vdhC6VG^>U6Lk%m!s7tt*;+UCs#5Nt}#=ca{Cid>kNA){6K;7NPL-w
zU?HU29kG+Oo_yohcVXqpK!_(N`_%^mvhwk@LBlD1F*O|{6d;PI~;-y`m;BNt>tP8xUp-nWX2uk8VaJr
zFKXr66OVpv!8iVk{ytxkY{=BC|P(=3iI|V$ol+1)}unIMLAhqK*SpFQpo)Kz6lly_^eZ{zwPG
zPZ2m&E`!i#R8O%c>JJWu>;SA0Yw#8k!2!Ee+JhL5jtbFyH0eS>PT>o);nvw
z=TPQ2Wbg9FT&!~4c=}#%2!|O{?mjqBt_ryIW1BDf4WZX#+wVnzVz5QtCS&Ro?%kl-
zIo%Cx7{v;O!X3+TkwbhOkklB;gI%9nG^g|PA_q-SO;U`FHYw)`$RDKn2>i>h->Xf7z~=F(2QEA95MiDtfwK18MFJ*mlqaoj13DAq#OX*I#gSu4mbt%Jr3g?D;&z$#du1xXS
zPYd1^+Jjg5Blu=kl^;lLW0uODD;sgC2_koBRZ2SEC|kKB11!_71{1&GDv#1CPgBdg
zauxH*NSa~&LYIU0Fxv>LH#}P|Z^zpG*|~%(3Q?oj(zr1B*NuLdp6A9Xj;)Zk4iu3@
zs!ZWjEs>uqyEHoaR%G<=wibl5R=H&XA1oI7b@`XWskSx4Q?u2s*_00%_fS=v*-?I>
zJcM#=5qfq*gFSLO>une-3qyJptusqIcug+9ZD3#LGp@Fy=~
za!Z!4Y0Pqk6$liM#SqtiaD)rPtJELFdy(at+HFK=e((z*Y
zj;x9**W0SpCVjCr2;sqNFc~{4oiczErQ4DlDXQyk_XO7Ya~eMeBM_s)5GPEC4p`7_
z#2&-ApV;x_xgP0L)G^6NZ+6t;k+^)Xhd24lZ1M_|a*PxOt+aLGyuIYeHMTXuNt7tK
zwe>FhH8TvFQPi8I3Uy9IJ#+KHq1@he)$vuly6<|%ckPbYR}Eu-iv`n3y?l9wv9bFFwDrfedTuJ
zs2^#0jdzS;J!E#`MS+g6rjIXC5Ok+keWLu{F3cY`$q(EovPz8fSAr!?|Lwebh*Ioq
zl75-yczSG@L!_9dbNoYg5@%vC_{<`fcE?&4i{80G_I?z|;#y8e1)T@K?+A?fPIrL9
zgQPB5-~Mq5tn{H19!w3vF3{Dv-9|QvYFTnp8<`UBU1*Jd(7`k!C6kY%N;e}e@iSer
z=|C}Amc>o=x*TwInS#AdpS(Mb)|F4&MZZM;X(dowpWzbUo&ywKfXn<5g9kp_E;+Xa9Zc`d2I+{|4(3+2A?x
z;+1JgBk{WJ{rYq9$*R7{7_}`IvQCjKrOJ-Ez9u{HX}4l~hG2jzjp!
zV-StID83cMxGKJ**6B`(UX+Ez@>uqjM(=(2A4Mp{^WCEmU6w*Tcn2G7Ha@@9qomwY
zUhoh2g>Mo;DwpInR{KLiLrlhFYUw`3Q1asL>FD_kS3qsRh#V3Z>(5+y7+HfG-E*P{@5w!oy
zu%IC76-o_!Ilspf3mlA<_BF*fYC-f4ced!Ba|&ZKnq0zXSS-Jh1Ol2=r`Dz
zHE+{*>Lrx&1zGhE)QF@Y-w?l|Z7EqML-hjjEm?2gno*
zjT6*Z=D^!6&L8X6Jv9cg9FGynpg$gj2XJ|~9B15f^CLwV*pBH?Yb!!*UxL2*@BtIw
z!g`VcZ}nAOcu(jsYWH9)%*f&9uJtu6iXwrX2d%0^JQkd47#lCf{&biw70i<9-tLU$
zl|Yltz;ocf0v%>@x*=*iLjWXi%Y+z~_Y!57P9xaraCA*4)8BYLjy7g+NxJ0F|DDl4
zf9KumUzWsUPTmi={(-dK+s$*U@Sd=#empNLo(-fGjCvFRW%+)y*ky>|`7{m(M@K?O
z+WmY43FhjS0cBI@eZj!Jj5XNaChRfmw3r-N$#6|Z?g
zQineV79z9cm{RI+Bn;v`OcKFMd;-6@4F`0`5g0i-Y!2C&d_NQgZHdkpv07}im9OY>Pbr@S)^PA}HFgzwH4ODKhs-I$BD3u4
z9QiSr&hQVwi{s}HeYiKoY>gUhC9JVwf@7PJJmZDP1=eOlG%vx(z9K#~&(&1KysYz@
zxi}d&NDDcDzQuKi)R04J)gee;oST^$bS2>M*=<2@>}w44<
zeg3==0V*9o5oB7VWNN?w0000me}RoVdjR+u5p1&yP+4C$mBo?eRZrjdvqt*+Abaxt
zy%`of@cfv>c{e1`A>5Lsm|%Kw6f?#h%MU;9bIombeiwVeF|XWT-dk&b&Lr@&C8oq!
z2XGAs+o&3gE^&@jopl&D0ek>OAdXgd3JM*e8!w5PuUvtCZx{1GJ_qsTp2!VL1$q=%
zMq|O#3MXhw-j4_pY$Fo8F9s5iP?j_6@2vUjAKnw8oG}iDH#kbA-!1#BR*ccBHYzts
zGmkC1AYwJ2R&*HwvzD72pm*33wd1^~aOpUEYr>L|!ICVMZvEdT{1@u*9oL=XQ=;e16-Z#+oHqQfJb3AT$#oW326<*mbH${sK*
z!@g(M>EiQNc5A!W$}~x29KX71I}kLCobR-pkkiDIBb7kA9nU{5)YHAlv~0u?W(m&cS^yL|Y|H1LJmojP+R}}eO*Kx6iWT5me<5MbyOo4RA
zJC(0DDP0;n0mk%&h?Sf*{VAfZk!ehbdr>q@!WGt=h?c>UN}iU3rwqHx^5cmy
zm(HWnn_6YtyJN*2*J9k&Ao!Uq
z)EF#z)=Q#mkh;cO$4RM$@u743ygON;i@aO-Aabygs6ie-P*Y@0|IiZP^)vua8};Dn
zFvtIDOWlGYHd_~odPbv_@EwMkY`{By3Z2aveZzc}g0&Ny;uU=C?)4gl~Kf#cK%2?V_N3tWjq$LFe7
zm>4gmxRMvZSGQs}yprruCUlce}!zol?D#s6H@l7~Q
zlWuIie<9<24@}@L6rc1iRqRlhAK6o#M-?NKnoV0`{wGu^6(|c*TG~oFnV8Y&pG@)&
zD<}d+iWG@}XBNCEWMnsF%|ecz8LgxM#F}=qML-?@VUK@}XY?Yul8mf7xnn
z;v6P5S&8qwe}1M25?panCjM_fupZfn+|rVH9!vkQSw}-&r+yibF^IH(GFP5?DK=9b
zQsjXX6y0ygnhccZ@zp$@OkswgK#!&a{_L#p2%%%XA6cfII)YOLsJSnwu*f+p>0bBX
zg5w*>#?P>>vr$80iuWw96<7M#+Sh^r`kYz;Vndd+j~0FxC}wUX%tF*PD}ng-evW+D
z_28`WlQYpiU+>=jF{F4~;-JPV^UJx<7pEfx<5Hzf#
z^qbX2S04vxz6AHk*UW#35r&ZNoKcc{JMSx23Y_JlmftRPV5nwEvgpT&a5Ef*yLNc*=
zAS(SB5w|4+N_6HpiUmNp&%-Ybn)UlMxIyWuEwiV#oj0|ecr=`DJx`S5wtKFSGPzYS
z@l%Xn3~srA+-ks_9db%gbz|ud%I4bOEIZOiwz$3e^FX#apk-!*XGC2va2YHgt3|d7D6%d5{`3
zwWl!8$BhUxHY|2LQU`z3rmCD4{IloMzkA(hsTulHiaj$52h?%jnS3otGm-Q2bejDc
za1rUY0KE@!qzy(22IV0IT>bkh{H)L#TJ1j#K6f4CV71kN=|DA7)@^?F6r@yuZp0^h
zFPQL&Lleb65n220P2Qb(-YM2k9XJd$UycWS$Y`ct8dgJ*_`VY>H
zI*#B2-oc^q{jMAeI~wSnicxd7F-fi>$oOn*2MUbk=RR=O_~Z;?Z>TAR-x)b?<*1CtKyLKHwEA
zUZodsj1gun_@HH(r#DG53+!@SSU#Ka2#^_^ICB#-F>H~+lL_u%h6ytrM$?|x+PsKlj+;oe!aI?O+1Rrr(`kej
z@JJ%|&Y~$(Mjg}iV%X()3kiyl`i(NUpMD7?AaP0hGemMq)Bm9JqECmM!?*Uc!W54A
z*FkTXLgUIqa|mdOTnwmmH~JNw2!F}LjCB;jy&UD~W#?bGXGUL{7o_duGYJ$DmsrDPX_+Dwhi#&upNFE=O17j70?HHw1wbLppUVxdE!bJo}!~yFnPF>^n51b5uud?jTx5Yv7xvO
z4NG-!9f8olhKgsB;Gw$1P7^UXq4?zq#H)@E`K$IG1oiNks;ESOTgh;jiBi4r&re&j
zWXX8(RFV?=O)7gv;XWiR9v6)J1^O?vF}qd2ns9U~c_-HN1@m^UllgUVocgs^!k!2+
z0ljheEOi_i(28(}DRj5tI5nm*RvnE*AQOPI;peyUs=xC?1YbHcycf>NZ^t*4pq*VU
zj0Keu4TBhD?NI&+WeB-I=Ggt3Y(??~vM)yY=D9_oMrmc7>QsF3NHLE(_{UMh|4SS-
zcR|7W-d6AW1X|WF9&dpE*U1#+
z>ZNB5x|(Mf2|9^)U%I!-+@3UGJ8}0
zagxTvs|@sTCZ6|2Cltrs0RncMaF#Ci9+Fjj4rU9#tH(PEZdjrkF@Q{dN0q9})N7Ha
zAN1O0xJG|ZBSNlNJBS145*E0UtjrxXLKhv}Uw4zgr&18VVfpsd1#l
zOfr*(t*s?z?VZjXF$g8=05lclWE9m}BsK>=N&v^N>tqUn{3JPdbHJFyRAh@K1Y-fk
zz(B1&3j7pE^5b^e1TJ{9UnrJlC{3ux61^EYS?u5}|A|*|%Ek-s`seN45pDa$F({o2aoKuJ%zNV+kfMn_LUawqoP?G^?e#pP))&v
z(ur){ArX`nO1S*tJ~+YWr^8h#beJ1xIlq-=P9KP})lhP@#@cG-e@xzMihvC!BBejB
zs9iZy-iA;a_ERG;Y4RvEf|pVkdsUj$etyceaAN0DX;IS-f+gP@kfydhIm7yE*wt$X{+
zW>mp+zNIxfGZ$AuV$yQuEF00LTZ*b-Z%DaYV7;kw!ClO};>%jKI}?0WLBD~&>H{QT
z?uvP?F|-DuTI5OnG%P-bCW0OA1}P=A3*AAe2&Y!+W>lu@^%rsLK-43+_{9{3S)M3ONri(}fUqR6L3oSdE!>16
zYj~?`Z~sjnK&6HzZZSCXLGXu`obImYcMG*#GkMK%8g*NN`fV$p-8RG?6dmE%z9Ds_
z5)2HJHk*~blrmT|@S~5kV!?5Z9K=--J3w%;bLX+2tcmZ4=hM%t23G(?2GKd@xW>|Z
z0r^zg($$%0SNlhQDVfG1s*f(Uqx0!p@5->#z9%yWgFFa0bND0ylxc+4A?K8|
z^8l=6ayLSuT3gwurm;KdwZPp=x0ObM0^+XPJxT-xX14TESnQz
zOGAyuL%2rl*+g_Rcn)8!#lQeShJ2Bn!z*wu&T=K5VJ~x39Th$J7JG`B9_qHhKK1Ji
zDkxz@tV5TuZ<67ENWdxV4et9Fpj-PQ_F0D&QD^UDbuRrnY3WKA{51aaJV4EpSXSo@
z8Xmw1o9*P1DqJBU|AGYAq7~7u7D15!aJstr
zi;9JZR(VJUNE#-?AJ13@8u#cd|J(_^8mIWe6xMnr97BZf4tLsKJOG4+49uAZ-W%Ti`>w~HS;EzZusy<0ou$w{yR@h~(``^h5#Pzo&2zWAZx`nZ
zKo^EuFx8gq<8mWS7c9{1!I#}c{dG}!#a(Cy4`2<(ZF-i~%l#y@*WUId1V9M(rj6G<
zhy=UP0+QOIs!hClAT=G6A2Dyp>dvZ4RX~QWP-k4Gdo=xqFvsSpwH1$Yun@Xx!+i8#
zxfgeK_It|GXbRY$Cab8nd1mg0XZ!BEYCH46PqI3A*S+0GR4_>@mqXG;3rzzQ6h)j@
zrw>W3eF?p{%{D48v$V^&7th*5n^6B0eJMw}f47;b7_-K_5}WR2eAPD#|865vSWDd@
zQxrK3i&(ifq$&dxH=od$rHmkZqvzu&eemkkv2h}WaT~f=a&oQO3dXOLhS@s4TPuq4
zxu{(Og#WWnG68>D>CW@KHCjc%+SSo=XS7v-=<-z`Foj99K{*uvHL_&lS1zV7Ch6L^
zho?&l<2u_YTfe`g(orNxb-{2UuyDJa19@KWu*4TuO%hu~G!J6_F0Nn&fr1}lmRJ;xO_p($?M$2Hw7ZK2^j_K;emBV>NdHLJgVimr)V
zN(^y;pU`>NiKQ>VaSv!j5FHpJFItZBQLs^J96yyV9~v?E%h
z{+htwE&F@f9dtJR*Uq|G8%}>tvS|#Fbb7AmE4fj2ZH8Jr6Nkj_L5)AptcFE2OhGmB
z{jots|M)FMox2Lg1X&w`1L;uvp#?IiqV7UL);}2g1m)^EM;X+8MAJ)NjR9PGt&=N_
zYVSS1rGld+usUT%5K)QuC?mu6S2Z!h`p*J%E>2Whc5(y?0dQO!bYH^%7%bppn_v#{
zo|50KNS?D-vnbN_{|i)v7&4xxV6Rkk}m!L<(r^hlK;vB-|GiGP?87~
z(%A>$cTOdyQ%@>q0c-vRquN~%sd|MhxA=}mT!@MIF0gqolx_&;H65gnBUAm
z4-B)J0XSBU#+tw#6;P@Bs1C@>|4|nzm0@@lG#buo=y1;LqQ~6f7(|D`xbUlt*~_8}
zmPiDlPkcnAHBtEaG8YP}*}03ECH8N9|8`=L&*>Ki1i#?z8tS}NDN}EYUK0jb)YmFW
z1;~YFYiQ>vHXZm2=DuNmQRVbZ06%m=(Az+zk1URtt>gbO
zB`^mdMe7Bbq-*82>O+XrI$NHZ}9CAw|{a1b4+&h~?58b>r<8
zc8rsl)~a87GrMU^Hk(Wg)d)A`Kc+XJIM)$bwK%i>?Rp9SaZtMvx{HZ`RwkAd$FAadD~a36fq
zu#$Gmv@X)onj_a%rO$n;m1OQ=El-VonT>WYi8jE>zgm1KxYRt$aiCv|b>BHpCug%;
zGcZK3Yy+@=*>>~!;|nbT<2ns{hkr++J#sXy&&p;_Y=&=?RsR!KhT?zX3-{4NAp(j_
zaM9(PZZmCjpxAhj6s^h<9HMpHL4Uy`@#Cc;$d|>gtBgFt-V%-UbTduEQ-_V==C^A;
zN{Kifs7$5U%R`2#;(CfPVTi>hKVt{Dw3ne8!VEI7u)Il0sIZX0SsQaT
zf$(@;p_44aw4&HYx%7Lrr*aKo79-s#d1bywai6T5gNI#$k*5S47FmL7**QVJ38Aqx
zuU_rb80Un~XAUO;BUP2PGgm+QRKi_MMBI==G_}+9udEoZvKI}M9eSU5nb*BsTYgvC
z80Z=|@~fidGH}-*WR0m92B)EfgzZ)saudb~IJR7;R=nmK{`%Czj!$&y(HaH05yRbXh?H|T#2Xx
zr!;eoUU50%>n3~RL-saFuN*GR~zCV%1%^)i!z@^$gi@fGnpUes1<#_Ky}2U^hL
zI6hzvcC8_{${Ub%IT9O~SpuEvaVNWOe<9x@4=mgaEC_kib=V?G1fuJ5#)ub{9o$|o
z#XPj+=I)Fov01?+?+d8YNPDvHqQUqb*R`e
za5;mjavRP*`i-Ngvz=h0CPn9AENR0hE)Nlrt@Ey+IWWCGAr%V<32*IGJ5VMhu~WE5
zf)*xt7rNzOC<|WFVRaXcla%d#?F$N*qj7R;8%!=6bl~i%G^(dSl@Frgx$2TpMi0GG
zD3L=jTO@8^1HRm#lW|}Z2S#hEGsz_6Jzad=+B^;7jBxw)*2suI2W&up`vrNOE&XS)@CI4f=
zW%cc*+sc*45v?qvE5e`^oQ7=(9bxO!_WY?g%&L&Lp)$q`6{+EH<_j%xS2%-n83YJ=
za3aLbWh|cemQgtOwfen!yzs%gXLlpPO`nOn`vG&Mmfgb+$I^47z#rqw=zYCN@u8cLIxCV=
zIy@d?3bW#0$efQD$gH$ycpox7hOCOinjMf*op`%krnrzJS-B9>p9EF*k{f%smRW($%eJrFmQbA=0U
zm-Pe<0L%T;tv}ht_-c#9)Vlq*yuHI)E_e=uuXh0-yvh~v1@j&Rfn{2-KdhN;P81RN!br2l`zS^o!@Tg@zFSApiUPXz?Ig
z3x+R@`@4fA(3{4ykO@@SYq?MfdxNyBwkTPeR5N@Tj20mO1;3tsbRPCao!=!E+asAf^2BS?L#u7*X)EkTQ-Edble$>
zp{z@`w5AqDs;?3kJ96M9jq5N{9s>1d#S|q%~)T-h5n|>*Hi7Xkd-~K>8!%k3tlXINhe4Eo+12#6hT8<*iFV?ODo2izX!D
z%<0q<@{+Nx{&RB{mCi^_I@TSNAh8u&d1S^f;f0`dI=q<@Q6Ans43QVdB${R+_6m+h
zvPeUlCbulav1}o;P1osE4db}Qu+IQG9>X1;i?+(LRT=}yH10m%q2^E=v6o~Yyn~8l
zu-)t72Nv54ae%iZ5u;trhy+^*{8gby)KVx>UGn+QZ5!zv5@KPlzeX*w~beH@Bv-KH*
z7X7YN?mnJ#-L{3IZHFO-vQ;O_RVT7Ii5+3xf6#OcY&$|etfoVX;}x8q&OGj37syKG
zDU1M?|AxlW@Z;?D3wr2=HxEyjEsD!!U2Yj3GYaolTOBi27ewhip=;AFsq{{ILP*G=5DSR
z!cB09Q|Xc3GYo?)-|e9+jKd29idS*Xv--c#dc-0#AN%5xi*T2!qf3}D7z1APj}xEdHp(QPIUCY{72ke?fwmo>^-9@u=!U>4A
zMqxv0gLaqtc|RY{{|j=iWv5-AgdQcq!o1~NPHtQTNEn03L28sb_f31chn6_3o8(0_
zTC27MGrfC^B%DUF<%r<@Qd=Cxj1PtFevu$Y3?U!hYMqw_8-c=4l=l+CYb|Vhl2m2$
zyAYxYGj;tmubrPZVu^9!9%n#oVI-;8$0C@wIN?Z(x&jHQ(ub!~+wD?K!CkE^qbs#*
zK6}!x`g}EZaK0-hQAlq06c(h+av_E`A3Yg*Ji&-=NLV=y{{WE&Vx*rRQ{{(S{&g>0
z?M~?xd*)$xVd@nl6X*1nVe$T4ki)2cH%iSHc)1~{R0PubrXrtvcDaNw_RoBCTjsZ;
z0h?E+Zvn+ff?8_r{ZS8VWk6k}2#(@s-S?dYvW2d}G_*1O#^*=2hk4P_>N~FhfoHj3
zJ2utmSSEp}3TWe119=wBJpPLUJHTP{GO6xYyCCj+49b!Y(eWuSgB6H4Qhx$BCj=gx
zg2wOF%h@;AnZ_1ShsqK@4hcmOYV;LfSc8y-)8$Ob>mqT>i%BQs;-YQ|Cwz5|2ppEo
zkig|SsL7)JJc_vpPzh;y_>>(SsJNh_hpgc*rAiMe>N;;JFitSu33d2bl|+y#aW|5G
zI}mS|>_ys7#&2cI5^{4|ttR`DZY(mxxGsNQB9$xN?2&1h$UcW0U!Rk_NLQKUbIU;Y
zAC)LelC~6gOTVEev*Z08+*ngZW3FyRfgc@niT&$7I6$~!|#@WGjA)oL>%DpF6CkC4jw)B6=%lblj
zX!XQD!epgzJWZ^=!3CnUfzrBfWJ2Mg$+?Z+{H}QwtRfQB!Z~0V5M1o1vu~7ol~*!+
zchP(y(G5rMlLziQj*XFI!785+3kS}QH}Bf(scfh0+Q^NU4$}0MSqGstnEve8CbP|{
z;1kID1>=Sfu*n}%oDuntBNBpcZUs?`lu~@s+D@r3O=R|8J*gR2>DwZ~&#jMg3B+N`
znpL^P14AGO=TGD~CBp(qp#+oStv5VPG1JInn+>PWLDh9xYb5RZZhZaKmNWA7CXq&Bh>;u9MRX?_rNuUd
zL;|;jUwWC(XO({6c`WhUzy}Tg&!=8b@4lWRFh!v_bM^sy5de?CI)&VL*gdo}B&
z?~gi@t<2Lw8v;_kBZlVjVX74<(HXT>K9h|X+{*_8iv9*Q@@88PcieYju}FBfK@FDG
z2jIbrM4;W0XHbYpUs@xmrbIe4@R5Di6}ikuwH~SdiV--5@s-G6rs3ksd$$$U!h`j_
zwA^f3eVi6?Y}_2@Ag?VD%b$n3j>fpQ&@2vm>*_RR!%ZC!yiuf
zPuji)#-iX(Ryq7rUVm0wt^cO%MlnFg1s=AfjHnrq1{5CHo2x`2+ql^|z6^QS3nG*f
zXhnD2H-+03WQT*MBxf4|^3>rO2z#q9V!opDRh~dF)Ix6vej{e1m+;6VR^*lWcH
zw-%I#i)0YoVS9Z-wYN2%)Y*s3QT#0-Eb+$WbsLz3huX?mJdT(i(q=O
zHY>-Fm;@^GYNa@M8n5X7Q*MznuQ)h*?9y(Zd+zI{m$)m3W`R&KY4=HHQRl*7Rnk0C
zYBoujG`;3>d0wZ!EuFC$!fmprGiUbR-EdmwkWa^94I}szSTS=B01!d{vs|Z&-@bEx
zwHO_^O)H6GxuQ44r)LjHAI71YMRS-D6d4LuiPaVc)R`)FFhdtI{gLxTl53Yc#Ze>a
z+ItvWUWA*
zhZHx-EGha+R6bzmkjZrJc>mXh(LKZU8+NjU4))H0AWbYx|Ghdl;|q_$7R5Cr;g32wMP@z^!e=B}H?TA(t4JG!J@Rfm+}yPP|zQ
zH=vt>V~FyESpu_J%^KOUf9JcL+J>bLgRH+y73R~>I`O64Q1RvJKn