From 842497f7d571a9207846676fed4aeba09279f714 Mon Sep 17 00:00:00 2001
From: Heather Flanagan <hlflanagan@gmail.com>
Date: Thu, 28 Nov 2024 10:47:10 -0800
Subject: [PATCH] New and updated articles for Issue 15

New: OAuth tokens, Intro to OIDC
Updated: Intro to PAM
---
 Access Control/intro-to-PAM-v2.md             |  886 ++++++++++++
 Access Control/intro-to-PAM.html              | 1229 -----------------
 Access Control/tokens-image1.png              |  Bin 0 -> 180399 bytes
 Access Control/tokens-in-oauth2.md            |  823 +++++++++++
 .../An-Introduction-to-OIDC.md                |  501 +++++++
 Laws Regulations Standards/oidc-image1.png    |  Bin 0 -> 79144 bytes
 6 files changed, 2210 insertions(+), 1229 deletions(-)
 create mode 100644 Access Control/intro-to-PAM-v2.md
 delete mode 100644 Access Control/intro-to-PAM.html
 create mode 100644 Access Control/tokens-image1.png
 create mode 100644 Access Control/tokens-in-oauth2.md
 create mode 100644 Laws Regulations Standards/An-Introduction-to-OIDC.md
 create mode 100644 Laws Regulations Standards/oidc-image1.png

diff --git a/Access Control/intro-to-PAM-v2.md b/Access Control/intro-to-PAM-v2.md
new file mode 100644
index 0000000..f519a9b
--- /dev/null
+++ b/Access Control/intro-to-PAM-v2.md	
@@ -0,0 +1,886 @@
+Introduction to Privileged Access Management (v2)
+
+© 2024 IDPro, André Koot (SonicBee)
+
+*To comment on this article, please visit our [<span
+class="underline">GitHub
+repository</span>](https://github.com/IDPros/bok) and [<span
+class="underline">submit an
+issue</span>](https://docs.github.com/en/github/managing-your-work-on-github/opening-an-issue-from-code).*
+
+Introduction to Privileged Access
+=================================
+
+Privileged Access Management (PAM) plays a crucial role in modern
+cybersecurity. All organizations (at least those with technical
+infrastructure) maintain accounts with some form of super-user
+permissions, e.g., the Administrator account on a laptop. Organizations
+enhance their security posture and protect valuable assets from inside
+and outside threats by addressing the issues and risks associated with
+privileged accounts. This requires a combination of robust policies,
+technologies, and best practices that help organizations manage the
+risks while ensuring the confidentiality, integrity, and availability
+(the “CIA Triad”) of systems and data.
+
+Terminology
+===========
+
+|                                        |                                                                                                                                                                                                                                                              |
+|----------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Access                                 | The permissions, privileges, and abilities granted to users, account types, system processes, applications, or any other entities within a computing environment.                                                                                            |
+| Privileged Access                      | Users or accounts with high-risk permissions, such as those that grant them access to (critical) systems, sensitive data, and configuration settings                                                                                                         |
+| Privileged Access Management           | A mechanism for managing temporary access for accounts with high-risk permissions. PAM often involves check-out and check-in of a credential generated for a single use. <a href="#fn1" id="fnref1" class="footnote-ref"><sup>1</sup></a>                    |
+| Privileged Account Management          | Focuses on special control for risky high-level access. Privileged Account Management (PAM) is a mechanism for getting those special accounts under control.<a href="#fn2" id="fnref2" class="footnote-ref"><sup>2</sup></a>                                 |
+| Role Based Access Control (RBAC)       | The use of roles at runtime: a way to govern who gets access to what through the use of business roles and application roles                                                                                                                                 |
+| Joiner/Mover/Leaver                    | The joiner/mover/leaver lifecycle of an employee identity considers three stages in the life cycle: joining the organization, moving within the organization, and leaving the organization.                                                                  |
+| Least Privilege                        | The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function. <a href="#fn3" id="fnref3" class="footnote-ref"><sup>3</sup></a> |
+| Identity Governance and Administration | A discipline that focuses on identity life cycle management and access control from an administrative perspective. <a href="#fn4" id="fnref4" class="footnote-ref"><sup>4</sup></a>                                                                          |
+
+Acronyms in Use
+---------------
+
+|                                                   |                                                                                                                           |
+|---------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------|
+| CIA: Confidentiality, Integrity, and Availability | The “triad” that forms the basis of information security.                                                                 |
+| RPA: Robotic Process Automation                   | Autonomous IT solution to automate manual tasks. This autonomy is in contrast to a user-initiated macro.                  |
+| ICS: Industrial Control Systems                   | Implemented to separate IT environments from Operational Technology environments (e.g., in industrial process industries) |
+| SCADA: Supervisory Control and Data Acquisition   | An architecture framework to secure ICS environments                                                                      |
+
+Privileged Accounts
+-------------------
+
+Privileged accounts, often called ‘super-user’ or ‘administrator’
+accounts, possess elevated permissions granting access to (critical)
+systems, sensitive data, and configuration settings. With this level of
+access, these accounts define the behavior of the component they belong
+to. ‘Administrator’ is the built-in account needed to configure a
+Windows component, such as the directory, the filesystem, and the
+networking capabilities. Similarly, ‘root’ is the super-user account on
+UNIX and Linux systems and many infrastructure components. In database
+management systems, there are ‘SA’ (system admin), ‘DBO/DBA’ (database
+owner/admin), ‘root,’ or ‘postgres.’ These accounts function on behalf
+of a component itself (rather than a user). Anyone who knows the
+password can log in and effectively ***be*** the component: they can
+change the component's behavior and thus make or break the system. These
+super accounts are almighty.
+
+Managing access to privileged accounts should be one of the most common
+early initiatives in an organization’s identity & access management
+(IAM) journey. Why? The simple answer is that the organization should
+manage access where risk is highest. For more detail, look no further
+than the \#1 item in the 2021 OWASP top 10 list of Web Application
+Security Risks: Broken Access Control ([<span class="underline">OWASP
+link</span>](https://owasp.org/Top10/A01_2021-Broken_Access_Control/)).<a href="#fn5" id="fnref5" class="footnote-ref"><sup>5</sup></a>
+Without effective privileged access management (PAM), all three legs of
+the information security CIA triad can be compromised, sometimes with
+catastrophic results. This is why, although they vary by country,
+emerging regulatory frameworks specifically call for controls on
+privileged access. For example, here is one clause in which the European
+NIS2 Directive specifically refers to PAM as an essential part of ‘cyber
+hygiene:’
+
+> *…Cyber hygiene policies comprising a common baseline set of
+> practices, including software and hardware updates, password changes,
+> the management of new installs, the limitation of administrator-level
+> access accounts, and the backing-up of data, enable a proactive
+> framework of preparedness and overall safety and security in the event
+> of incidents or cyber
+> threats*<a href="#fn6" id="fnref6" class="footnote-ref"><sup>6</sup></a>
+
+Regulation is not the only reason to start a PAM program. Even if an
+organization isn’t subject to these compliance controls, managing access
+to privileged accounts is in its best interests. Figure 1 demonstrates
+what can happen when unauthorized users gain access to admin accounts.
+
+![Screen shots of two twitter posts, nominally from Joe Biden and Barack
+Obama but posted as a result of hacked Twitter admin
+accounts.](PAM-image1.png)
+
+Figure 1: In 2020, the admin accounts of Twitter Operations Management
+software were leaked to a Slack channel and accessed by an unauthorized
+person, leading to fraudulent activity.
+<a href="#fn7" id="fnref7" class="footnote-ref"><sup>7</sup></a>
+
+Threats of Privileged Access
+----------------------------
+
+As demonstrated by the example in Figure 1, organizations that do not
+constrain the proliferation of – and access to - privileged accounts
+face several issues. Those issues include:
+
+-   **Over-Privilege**: Employees with privileged access might be
+    granted excessive permissions beyond their role requirements, thus
+    increasing the risk of unauthorized actions and data breaches. For
+    example, a support technician who gains full root access when they
+    have a limited or occasional need to restart a single service.
+
+-   **Credential Sharing**: When multiple individuals share privileged
+    credentials, organizations may struggle to track who accessed what
+    resources, increasing the chance of a security breach. This creates
+    a lack of accountability. For example, a support team may all know
+    root credentials – a situation exacerbated by employee turnover if
+    those credentials are not changed.
+
+-   **Credential Theft**: Cybercriminals often target privileged
+    accounts due to the extensive access they provide. Malicious actors
+    can gain unauthorized access to critical systems and data if these
+    credentials are compromised.
+
+-   **Insider Threats**: Trusted employees can become insider threats if
+    their privileged access is misused intentionally or unintentionally.
+
+A Typology of Privileged Access Accounts
+========================================
+
+Understanding the different types and characteristics of privileged
+accounts is essential to management and risk mitigation.
+
+Human Privileged Accounts
+-------------------------
+
+Generally, human-privileged accounts are governed by the human resource
+practices in an organization. The CEO, for example, often has more
+privileges in systems than interns. Because the CEO’s user accounts have
+more power – and because the CEO is often easily identifiable – their
+privileged accounts are at a greater risk of attack. Fortunately,
+executives seldom have root access to Linux servers and are rarely
+assigned as admins to Windows Server management. However, their access
+and associated risks should be managed thoughtfully. Role-Based and
+Policy-Based Access Control can help control the amount of access that
+such users have.
+
+Another type of access would be individual/nominative accounts – those
+with root access, global admin rights, or other highly privileged group
+membership. Managers should consider these accounts high-risk. The usage
+of these authorizations may not be anonymous, but they should never be
+assigned for an indefinite amount of time. Just-in-Time (JIT)
+provisioning or dynamic access controls offer further controls to
+prevent long-standing high-risk authorizations.
+
+Privileged access may also refer to operations involving sensitive data,
+e.g., the amount or type of personally identifiable information (PII) or
+company financial data that an individual user has access to. In some
+scenarios, privileged access may extend to *which* customers’ data. For
+instance, a healthcare organization treating a ‘VIP’ may consider their
+data more sensitive. While policy and regulation treat them as equal,
+the collateral damage in the event of a data breach may be more
+significant, and, therefore, an organization may put more access
+controls in place.
+
+The key risks applicable to human accounts are two-fold:
+
+1.  Legitimate users (employees, contractors, etc.) gain more access
+    than they should and, thus, put the organization at greater risk of
+    insider threat or data loss.
+
+2.  Bad actors gain access to legitimate users’ accounts through one of
+    many attack vectors, like password spray attacks, phishing
+    campaigns, or consent hacking.
+
+Of course, these risks often work hand-in-hand since bad actors that
+gain access to the highly-privileged accounts of legitimate users can
+inflict greater damage.
+
+Best practices for managing this type of account include:
+
+-   **Role-Based and Policy-Based Access Control (RBAC)**:
+    Authorizations are granted to personnel via business roles.
+
+-   **Multi-factor authentication (MFA)**: Mandatory MFA dramatically
+    de-risks account take-over.
+
+-   **Least Privilege:** Accounts are provisioned with the minimum
+    number of authorizations required to do the job.
+
+-   **Just-in-Time Provisioning**: Accounts are authorized only as and
+    when a task needs to be performed. Once a task is finished, the
+    authorizations should be deprovisioned.
+
+-   **Strong Governance**: Robust IGA procedures, like access request
+    management and approval workflows, ensure that interventions like
+    RBAC, Least Privilege, and MFA continue functioning.
+
+These controls depend on solid governance and access management
+processes. For more information on Workforce Identity and Access
+Management (also called Identity Governance and Administration, or IGA)
+solutions that support Joiner-Mover-Leaver workflows and Role Based
+Access Control, *see An Overview of the Digital Identity
+Lifecycle.*<a href="#fn8" id="fnref8" class="footnote-ref"><sup>8</sup></a>
+These solutions can, however, not ideal for the management of <span
+class="underline">non-human</span> privileged accounts since the
+managing process is not a joiner-mover-leaver process.
+
+Non-Human Privileged Accounts
+-----------------------------
+
+Non-Human Accounts require different management processes and risk
+mitigation strategies because they are not human (as suggested by the
+name). These non-human accounts are not managed via a
+joiner-mover-leaver processes. Instead, events in their lifecycle -
+which resemble those of human accounts - are triggered by a change
+management process.
+
+![A diagram of a digital identity lifecycle for non-human accounts. The
+boxes include Create then Provision then Authenticate then Manage /
+Maintain then Deprovision Access.](PAM-image2.png)
+
+Figure 2: Lifecycle of Non-Human Accounts
+
+Figure 2 articulates the following lifecycle for non-human accounts:
+
+1.  **Create:** A non-human account is created as the result of a change
+    request, either in a development process or brought in through a
+    procurement process (rather than an HR process that triggers a human
+    account). The account can belong to a server, a network component,
+    or an RPA.
+
+2.  **Provision:** The component is activated, gets an identity and an
+    account, and is given the least privileged authorizations required
+    to perform the configured tasks. A secret is configured to make it
+    possible to identify and authenticate the component at runtime.
+
+3.  **Authenticate:** Once activated, the component needs to be
+    identified by a governing body (like the network) and authenticated,
+    whether by a configured password, a certificate, or a token.
+
+4.  **Manage/Maintain:** During the lifecycle, the component's
+    functionality can change, and any changes to required authorizations
+    will be managed through the change management process.
+
+5.  **Deprovision Access:** When the component is decommissioned, access
+    is removed to prevent abuse (practitioners often forget this step).
+
+There are two forms of non-human privileged accounts: those that humans
+interact with and those they do not. While the main focus of this
+article is *interactive* non-human accounts, it is crucial to consider
+the PAM implications of those that do not interact.
+
+### Non-Human, Non-Interactive Privileged Accounts
+
+Some privileged accounts are non-interactive, meaning that humans
+generally do not log into them to perform business activities. These are
+the accounts of components like middleware services, such as databases
+or web servers. These services access resources after a login with a
+secret kept in a config file using tokens or secrets. These accounts act
+as placeholders in the system log that register resource usage.
+
+For example, in accounting software, an application may need to register
+transactions in a relational database. To do this registration, the
+application looks up the password of the configured service account and
+logs in to the database. This results in each transaction being logged
+against and owned by that application. The application must, of course,
+ensure that the account of every actor is registered as the initiator of
+their transactions.
+
+Other examples include accounts used for automation, such as batch
+accounts, macros, or RPAs. The organization’s Technology team documents
+a change request with the process requirements for each automated task
+and then creates the appropriate script or configuration to execute the
+steps. The process itself needs to have the requisite authorization to
+run. Or, in other words, achieve the minimal required authorizations
+according to the ‘least privilege’ principle.
+
+In these scenarios, the change requester or requirements owner should be
+considered the accountable party for the script, macro, or RPA.
+
+Best practices for managing this type of account include:
+
+-   **Change Management Governance:** These accounts don’t follow
+    regular IGA processes like JML, and authorizations are not
+    role-based but specific. Ensure an accountable party oversees the
+    requirements and a robust process managing any change to the
+    functionality and authorizations of the component.
+
+-   **Least Privilege:** Accounts are provisioned with the minimum
+    number of authorizations required to do the task.
+
+-   **No Login:** Make sure that these accounts cannot be logged into in
+    the underlying infrastructure, like the operating system.
+
+To learn more about managing these types of privileged accounts, see
+*Non-human Account Management* in the
+BoK.<a href="#fn9" id="fnref9" class="footnote-ref"><sup>9</sup></a>
+
+### Interactive Non-Human Privileged Accounts
+
+Interactive non-human accounts - the main focus for the remainder of
+this article - are also called system accounts: these are the built-in
+component accounts, such as ‘admin’ or ‘root.’ These can also be
+accounts that are built-in into applications, such as the super-user of
+an application. A person who needs to use the power of this account will
+log in to the component with this account name and the password provided
+by the developer or the vendor. In the session that results, the person
+*is* the component.
+
+The existence of these almighty accounts creates severe risks of
+unauthorized access by individuals capable of breaking or exploiting the
+component: they can be tremendously damaging to an organization’s
+security posture if practitioners do not contain and strictly control
+their usage. As stated, someone who logs in with the component account
+***is*** the component. And that means that the component itself is the
+actor, performing all the tasks. Without additional measures, the actual
+human being may not be known or identifiable.
+
+This type of account should only be used in specific circumstances and
+for a particular purpose, like during an incident or to deliver a
+change. This practice is a fundamental security principle. A common
+control is to raise a ticket in a service management solution when
+access to this type of account is required. A PAM solution can then
+check that the ticket is valid. Connecting a PAM solution to the service
+management solution is best practice.
+
+Best practices for managing this type of account include:
+
+-   **No Default Passwords:** Immediately change the default password to
+    prevent unauthorized persons from becoming the component and taking
+    action.
+
+-   **Password Vault:** Use a vault to retrieve a password.
+
+-   **Restricted Use**: If possible, these accounts should only be used
+    once during setup and then deactivated (if possible) or heavily
+    restricted (e.g., for disaster recovery scenarios).
+
+-   **Named Super-Users:** Ensure that usage of the super-user account
+    can be traced to a person. For example, on Linux systems, a system
+    operator logs in normally under their own credential and then uses
+    sudo to promote to root.
+
+-   **Service Ticket Validation**: Verify legitimate use at access
+    request time by checking a service management system.
+
+-   **Use logging and monitoring** by connecting the PAM to an SIEM or
+    SOC.
+
+Addressing the Challenges of Privileged Accounts
+================================================
+
+As established, there is a strong business driver to implement PAM.
+However, not every organization needs a costly solution. As long as an
+organization can cope with manual procedures for managing internal
+privileged accounts, that may be the best fit. A manual process might be
+something akin to the “envelope procedure,” in which the password to
+shared admin accounts is stored in a sealed envelope (yes, a physical
+envelope) that is kept inside a vault (yes, a physical vault). When an
+emergency arises, this envelope can be opened. This opening should be
+treated as a security incident resulting in password rotation and a new
+physical envelope.
+
+This type of process is appropriate when only a handful of people manage
+the system. Even where it may be effective, beware of risks: if one of
+these admins is absent or leaves the organization, there will be a lot
+of work to mitigate the risk of any shared accounts.
+
+Privileged Access Management Solutions
+--------------------------------------
+
+Several conditions drive a need for automation and more formal
+solutions:
+
+-   **Task Volume or Team Size:** When the volume of admin tasks rises
+    or the team size grows beyond five people requiring access,
+    automated PAM should be considered a best practice.
+
+-   **Internal Policy**: When an organization's information security
+    policy explicitly addresses the risks of privileged accounts, the
+    business may need to invest in a specific solution.
+
+-   **Laws and Regulation:** For many companies, PAM solutions are
+    essential for complying with regulations like the European Union’s
+    GDPR and NIS2 directives or the United States’ HIPAA and PCI DSS
+    regulations explicitly defining the need for privileged access
+    control.
+
+-   **Complex Architecture**: In complex architectures, multiple
+    administrators and sysops manage the IT infrastructure landscape.
+    When additional architecture landscapes exist, think of IT + OT
+    environments, as well as hybrid on-prem + cloud and multi-national /
+    multiple jurisdiction environments. Control is becoming a
+    predominant theme.
+
+-   **Outsourced Operations**: In the case of outsourced IT operations,
+    either outsourcing the data center or having external parties manage
+    the internal data center, insight into operations and limiting risks
+    needs to be done, and PAM will play an important role.
+
+Readers may also be interested in reading the Body of Knowledge article
+“*The Business Case for
+IAM*.”<a href="#fn10" id="fnref10" class="footnote-ref"><sup>10</sup></a>
+
+With a need for automated PAM processes, organizations can implement a
+PAM solution. These solutions provide several means for managing
+Privileged Accounts. These can include different approaches to privilege
+management and secrets management, and they support a variety of
+operational use cases.
+
+Privilege Management
+--------------------
+
+-   **Approval Workflows:** When a privileged account is configured with
+    an approval workflow, a user must go through several approval phases
+    to obtain privileged access. Depending on the type and sensitivity
+    of the access request, this may entail approvals from managers at
+    higher levels, security teams, or technical specialists. The PAM
+    system maintains the record of all the requests and approvals. These
+    steps ensure that access to privileged accounts or resources is
+    granted only when required and only under secure conditions. In
+    turn, this minimizes the risk of unauthorized use of privileged
+    access.
+
+-   **Just-In-Time** **(JIT) Privilege Escalation**: When privileges are
+    assigned on a JIT basis, it means only time-bound privileged access
+    that is automatically revoked when a predetermined time expires.
+    This control ensures that privileged access is provided only when
+    required and prevents users from abusing permanent standing
+    privileges. It also minimizes the organization’s overall attack
+    surface. Combined with MFA, Request/Approval workflows, email
+    notifications, and ITSM Ticket validation, JIT Provisioning is a
+    powerful control.
+
+-   **Privileged Identity Management**: Some solutions offer a
+    combination of on-demand access and role-based access control (RBAC)
+    provided via an Identity Governance and Administration (IGA)
+    solution.
+
+Secret Management
+-----------------
+
+Secrets management aims to securely store, distribute, and control
+access to sensitive information, such as passwords, encryption keys, API
+tokens, and certificates. PAM solutions often offer:
+
+-   **Password Vaulting**: A digital password vault contains the
+    privileged account's password. Anyone who knows how to open the
+    vault can use the password. Whenever the password is used, the
+    password vault will rotate the password so that the used password
+    can no longer be used or shared.
+
+-   **Password Rotation**: PAM systems can automatically rotate the
+    passwords for privileged accounts “on access” (i.e., when the
+    session ends) or based on a defined frequency like every 7, 14, 90,
+    or *n* days. In some cases, it even offers disposal passwords that
+    are valid for only a few minutes or hours.
+
+-   **Secrets**: Secrets management ensures the secure handling of
+    sensitive information involved in Continuous Integration (CI),
+    Continuous Deployment (CD), and API management. PAM solutions
+    increasingly cater to API keys, session tokens, access tokens, etc.
+    Non-human services, such as API gateways and microservices, use
+    these tokens.
+
+| **Secret Management for CI and CD**                                                                                                                                                                                                                                                                                                                | **Secret Management for APIs**                                                                                                                                                                                                                                                                      |
+|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| **Environment Variables:** CI/CD systems like Jenkins, Travis CI, or CircleCI allow developers to store sensitive information as environment variables. These secrets are encrypted and can be accessed during the pipeline execution, ensuring that they are never exposed directly in code or logs.                                              | **API Keys and Tokens:** When accessing external APIs, developers often require API keys or tokens. Secrets management ensures that these keys are stored securely and are only accessible by authorized services or applications. It also enables the rotation of keys to mitigate security risks. |
+| **Secrets Vault:** Many organizations use dedicated secrets management tools like HashiCorp Vault or AWS Secrets Manager. These tools centralize the storage of secrets, enforce access controls, and often provide features like secret rotation and auditing. CI/CD pipelines can authenticate and retrieve secrets from these vaults as needed. | **OAuth and JWT:** For more robust API access control, OAuth tokens and JSON Web Tokens (JWTs) are used. Secrets management ensures that the keys used to sign and verify these tokens are kept secure and rotated as necessary.                                                                    |
+| **Temporary Credentials:** For cloud-based services, CI/CD pipelines can request temporary access credentials from the cloud provider’s IAM (Identity and Access Management) services. This limits exposure and ensures that access credentials are short-lived.                                                                                   | **Role-Based Access Control (RBAC):** Secrets management can enforce RBAC for APIs, ensuring that only authorized users or applications have access to specific endpoints or resources.                                                                                                             |
+|                                                                                                                                                                                                                                                                                                                                                    | **Logging and Monitoring:** API access should be closely monitored, and logs should be audited to detect any suspicious or unauthorized access attempts.                                                                                                                                            |
+
+PAM Use Cases and Architectural Choices
+---------------------------------------
+
+-   **PAM as Single Sign-On**: Accessing a privileged account requires a
+    user login. When using a PAM system, the PAM system will log in on
+    behalf of the user. For the user, this means logging into the PAM
+    system and then single sign-on from the PAM portal. It’s not ‘true’
+    single sign-on since the PAM solution logs in every time, but the
+    user no longer has to use the admin login functions.
+
+-   **PAM as a Stepping Stone:** The stepping stone mechanism, also
+    called Jump Server, enables a user to log in to the PAM system, and
+    when the session is started, the PAM system gives access to secured
+    components, like servers. Usually, this is done by creating an SSH
+    or an RDP session that the PAM system can control (and end). It
+    should not be possible to bypass the PAM system. Note that this
+    approach has the added benefit of enabling remote access for target
+    user groups.
+
+The following section explores a variety of architectures incorporating
+PAM.
+
+### 
+
+###  
+
+### PAM as a Stepping Stone
+
+![A diagram showing a PAM system at the center of an architecture that
+includes ITSM, Directory, SOC/SIEM, Recording, and Target System.
+](PAM-image3.png)
+
+Figure 3: PAM as a Stepping Stone Architecture
+
+Traditionally, PAM systems are installed in a data center, close to the
+components they manage. PAM systems can also be implemented as a SaaS
+solution (see the cloud discussion section at the end of this section).
+
+### PAM in IT / OT environments
+
+In organizations employing Operational Technology (OT) components, the
+IT and OT domains are separated by default. This separation may be via
+airgap firewalls, Industrial Control Systems (ICS), or SCADA
+implementations. Some organizations add IT capabilities to OT to share
+control center capabilities and to provide remote access and monitoring.
+Traditionally, the separation is done through SCADA or ICS systems. A
+modern and more affordable solution is to use a ‘PAM-PAM’ connection
+that secures access. Only through an IT-PAM system does an operator get
+access to an OT-PAM system, where OT tasks can be performed:
+
+![A diagram showing a PAM-to-PAM architecture in an IT/OT environment.
+It starts with a Directory and LDAP account, then goes through the IT
+PAM system to the Admin account, to the OT PAM system and finally the
+target system.](PAM-image4.png)
+
+Figure 4: PAM-PAM Architecture in an IT/OT Environment
+
+### External Service Provider
+
+Many companies outsource parts of their operations management. The
+component owner is accountable for granting access if a third-party
+manages company resources. In this case, privileged access must also be
+assigned to third-party operators. In addition, when using external
+services, the company must ensure that the service provider uses a PAM
+solution.
+
+![A PAM system in a third-party access model with the internal pam
+system being fed by the third party PAM system. ](PAM-image5.png)
+
+Figure 5: PAM in 3rd-Party Access
+
+### 
+
+### Remote access
+
+As described above, PAM solutions can offer business users and
+(external) developers remote access capability. This way, legacy remote
+access services and VPNs can be decommissioned, resulting in lower costs
+and reduced technical debt.
+
+![A diagram for PAM in a remote access scenario where the PAM account
+touches a PAM web portal, which is the front half to the PAM System,
+then goes on to the target system. ](PAM-image6.png)
+
+Figure 6: PAM for Remote Access
+
+Implementing PAM
+================
+
+Good Implementation Practices
+-----------------------------
+
+### Automated Discovery and Component Onboarding
+
+Components that need to be managed through a PAM system must be
+onboarded first, meaning that the privileged accounts and passwords must
+be brought into the PAM system. Onboarding components can be done
+manually, but PAM systems can automate the discovery of components in
+the network to start the actual onboarding.
+
+### Session Control
+
+Authentication and logging controls happen by default when a session
+starts from a PAM system. Implementors can also add risk-based session
+controls, such as:
+
+-   **Session recording**: the whole session is recorded as a
+    video-stream.
+
+-   **Keystroke logging**: all keystrokes can be recorded to make audit
+    or forensics possible.
+
+-   **Keystroke deny-list**: when working in a console, specific
+    commands can be blocked; for instance, the “rm -rf” control can be
+    blocked, limiting the risk of destructive actions by a highly
+    privileged user.
+
+Beware that recording and playing back sessions should be considered a
+privacy and security issue. Ensure workers (counsels/unions) agree and
+that playback calls for 4-eyes
+control.<a href="#fn11" id="fnref11" class="footnote-ref"><sup>11</sup></a>
+
+### Break-the-Glass Procedures
+
+PAM systems act as authentication services. If the service is not
+available, the operator cannot get access to the component that needs to
+be managed. While redundancy is an essential control, break-the-glass
+procedures enable access to the password vault under emergency
+conditions.
+
+### PAM in the Cloud
+
+Developments in PAM mirror the developments in most IT domains: where
+PAM systems used to be self-hosted, on-prem systems, nowadays, both SaaS
+and MSP options are becoming available, as well as hybrid solutions.
+
+### Third-Party Contracts
+
+When outsourcing operations or using services provided by third parties,
+an organization must ensure that PAM requirements and rules apply to the
+third party. To protect the supply chain in this way, organizations
+should build this requirement into third-party contracts as well as
+procurement and vendor management processes.
+
+Addressing Barriers
+-------------------
+
+### Adoption & Friction
+
+PAM System adoption depends heavily on user experience. PAM systems
+often add extra steps to log into the target systems, introducing a new
+pattern. Like the reason for access, ticket number, MFA, or lack of
+native integration with remote tools, these changes to established
+methods may lead to frustration among users. This friction also might
+lead users to seek backdoors that help them bypass PAM systems.
+
+Current admin account users may regret their loss of almighty powers –
+and may feel less empowered to manage their components. They may fear
+being mistrusted by management. It should be noted that these concerns
+are real: communication is essential in change management, and emphasis
+on the added functionality of PAM solutions, such as single sign-on and
+auditability of actions, can help.
+
+### PAM System Availability
+
+PAM system availability is one of the biggest concerns for
+organizations. If the PAM system is unavailable, it prevents recovery
+since all the privileged accounts required to access IT assets are
+stored and managed by the PAM system. This risk can be countered by a
+flawless and tested break-glass procedure, which enables swift access
+recovery. Unfortunately, these break-glass accounts are often forgotten
+and can cause more harm than good, so it’s necessary to monitor, test,
+and securely store the break-glass credentials.
+
+### Password Rotation of Hard-Coded Credentials
+
+Almost every service or application requires credentials to communicate
+with databases or other applications. These credentials are used to
+prove the application’s identity. Typically, they are privileged and
+embedded in various locations, such as configuration files, source code,
+INI files, OS services, and scheduled tasks, which are referred to as
+dependencies of the credentials. Therefore, when the password is
+rotated, the new password must also be updated in all dependencies. Many
+mature Privileged Access Management (PAM) systems can automatically
+update the new passwords in the dependencies after rotation.
+
+Conclusion
+==========
+
+Remember, PAM solutions do not address all risks relating to sensitive
+data access: practitioners must understand different privileged access
+scenarios and map them to the appropriate controls. First and foremost,
+they must consider the differences between human and non-human accounts.
+PAM solutions are not a panacea and do not address the thorny challenges
+of managing people or the non-interactive accounts that do not require
+humans once coded (these are demonstrably not people). Effective policy,
+governance, change management, and other controls are still very much
+required.
+
+PAM solutions are best used for interactively used non-human accounts,
+although their secret management tools often cater to the needs of
+non-interactively used non-human accounts. Make sure that these use
+cases are identified correctly before introducing any technology.
+
+Once an organization introduces PAM tools, do not underestimate the
+impact of culture: it can be a significant change for people. It is
+essential to bring people along, highlight the benefits of additional
+functionality, and communicate the necessity of an improved security
+posture for the organization.
+
+Remember these Core Principles
+------------------------------
+
+-   **Least Privilege:** maximum authorization should be equal to the
+    bare minimum required to perform a task (or simply said: “just
+    enough” access).
+
+-   **Ownership:** the accountable owner of a component is the owner of
+    the non-human (built-in/admin) account. This is also true of service
+    accounts (non-interactive). The owner of the component is
+    accountable for providing access.
+
+-   **Security Controls**: should be layered on top, including MFA.
+    These must be applied with a risk-based strategy (e.g., what is the
+    suitable retention period for session recording/keystroke logging,
+    given the organization’s server capacity?).
+
+-   **Third-Party Access:** with third parties, the component's owner
+    must ensure that contracted third-party personnel *only* have access
+    via PAM.
+
+-   **Outsourcing:** The contract owner must ensure that the service
+    provider employs a fitting PAM facility for managing the outsourced
+    service.
+
+Change Log
+==========
+
+|            |                              |
+|------------|------------------------------|
+| Date       | Change                       |
+| 2024-11-29 | V2 published; Appendix added |
+| 2024-03-15 | V1 published                 |
+
+Appendix: A Note on Entra ID
+============================
+
+The IDPro Body of Knowledge is an independent source of information and
+the authors do not endorse any specific product or vendor. With that
+said, we do acknowledge that guidance related to widely adopted products
+can be useful to practitioners.
+
+One of these products is Microsoft’s Entra ID, formerly Azure AD. This
+is an Identity and Access Management solution that runs on the Azure
+cloud platform. It is used to manage digital identities and
+authorization in cloud environments using modern federation protocols
+like OAuth2.0, SAML, and OpenID Connect. Given its role in access
+control, Microsoft added extensive authorization profiles to secure
+access to Entra ID and Azure administrative functions. This is called
+“Privileged Identity Management” (PIM).
+
+With features like just-in-time access and role-based approval
+workflows, one could argue that PIM is a PAM solution. This article will
+not weigh the benefits of PIM versus a dedicated PAM solution in
+general. However, when an organization works on primarily on Azure and
+has a compatible
+license,<a href="#fn12" id="fnref12" class="footnote-ref"><sup>12</sup></a>
+PIM offers a core element of its security strategy. When other platforms
+and on-premises systems are present, a supplementary or alternative PAM
+solution may make sense.
+
+Author Bio
+==========
+
+André Koot has over 25 years of experience in the field of IAM, and he
+is a principal consultant and co-founder of SonicBee, a Dutch IAM
+consultancy company (IDPro partner). André is focused on business
+consultancy and gives IAM training courses aligned with the BoK. He is
+also a member of the IDPro BoK committee and (co-) authored several
+articles in the BoK.
+
+Acknowledgments
+===============
+
+The author wishes to thank BoK editor Elizabeth Garber for reviewing and
+helping with this article. He also wishes to thank other contributors
+and reviewers:
+
+Contributors
+
+-   Pranav Chugh
+
+-   Sebastian Rohr
+
+-   Eric Woodruff, thanks for the diagrams
+
+-   Lance Peterman
+
+Reviewers
+
+-   Bertrand Carlier (IDPro)
+
+-   Mike Kiser (IDPro)
+
+-   Abhi Bandopadhyay
+
+<div class="section footnotes">
+
+------------------------------------------------------------------------
+
+1.  <div id="fn1">
+
+    Carter, M. K., (2022) “Techniques To Approach Least Privilege”,
+    *IDPro Body of Knowledge* 1(9). doi: <span
+    class="underline">https://doi.org/10.55621/idpro.88</span><a href="#fnref1" class="footnote-back">↩︎</a>
+
+    </div>
+
+2.  <div id="fn2">
+
+    Bago (Editor), E. & Glazer, I., (2021) “Introduction to Identity -
+    Part 1: Admin-time (v2)”, *IDPro Body of Knowledge *1(5).
+    doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.27</span>](https://doi.org/10.55621/idpro.27)<a href="#fnref2" class="footnote-back">↩︎</a>
+
+    </div>
+
+3.  <div id="fn3">
+
+    Carter, M. K., (2022) “Techniques To Approach Least Privilege”,
+    *IDPro Body of Knowledge* 1(9). doi: <span
+    class="underline">https://doi.org/10.55621/idpro.88</span><a href="#fnref3" class="footnote-back">↩︎</a>
+
+    </div>
+
+4.  <div id="fn4">
+
+    Bago (Editor), E. & Glazer, I., (2021) “Introduction to Identity -
+    Part 1: Admin-time (v2)”, *IDPro Body of Knowledge *1(5).
+    doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.27</span>](https://doi.org/10.55621/idpro.27)<a href="#fnref4" class="footnote-back">↩︎</a>
+
+    </div>
+
+5.  <div id="fn5">
+
+    OWASP (2021) “OWASP Top 10: 2021,” <span
+    class="underline">https://owasp.org/Top10/A01\_2021-Broken\_Access\_Control/</span><a href="#fnref5" class="footnote-back">↩︎</a>
+
+    </div>
+
+6.  <div id="fn6">
+
+    European Parliament and the Council of the European (2022)
+    “DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE
+    COUNCIL of 14 December 2022on measures for a high common level of
+    cybersecurity across the Union, amending Regulation (EU) No 910/2014
+    and Directive (EU) 2018/1972,” clause 49, <span
+    class="underline">https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555</span><a href="#fnref6" class="footnote-back">↩︎</a>
+
+    </div>
+
+7.  <div id="fn7">
+
+    BBC (2020), “Major US Twitter accounts hacked in Bitcoin scam “
+    <span
+    class="underline">https://www.bbc.com/news/technology-53425822</span><a href="#fnref7" class="footnote-back">↩︎</a>
+
+    </div>
+
+8.  <div id="fn8">
+
+    Cameron, A. & Grewe, O., (2022) “An Overview of the Digital Identity
+    Lifecycle (v2)”, *IDPro Body of Knowledge* 1(7). doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.31</span>](https://doi.org/10.55621/idpro.31)<a href="#fnref8" class="footnote-back">↩︎</a>
+
+    </div>
+
+9.  <div id="fn9">
+
+    Williamson, G., Koot, A. & Lee, G., (2022) “Non-human Account
+    Management (v4)”, *IDPro Body of Knowledge* 1(11). doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.52</span>](https://doi.org/10.55621/idpro.52)<a href="#fnref9" class="footnote-back">↩︎</a>
+
+    </div>
+
+10. <div id="fn10">
+
+    Koot, A., (2023) “The Business Case for IAM”, *IDPro Body of
+    Knowledge* 1(12). doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.97</span>](https://doi.org/10.55621/idpro.97)<a href="#fnref10" class="footnote-back">↩︎</a>
+
+    </div>
+
+11. <div id="fn11">
+
+    And as a side note: storage of recordings could lead to capacity
+    issues.<a href="#fnref11" class="footnote-back">↩︎</a>
+
+    </div>
+
+12. <div id="fn12">
+
+    At the time of writing this includes Premium P2, 365 E5, or EMS
+    (E5)<a href="#fnref12" class="footnote-back">↩︎</a>
+
+    </div>
+
+</div>
diff --git a/Access Control/intro-to-PAM.html b/Access Control/intro-to-PAM.html
deleted file mode 100644
index 500e83c..0000000
--- a/Access Control/intro-to-PAM.html	
+++ /dev/null
@@ -1,1229 +0,0 @@
-<!DOCTYPE html>
-<html lang="" xml:lang="" xmlns="http://www.w3.org/1999/xhtml">
- <head>
-  <meta charset="utf-8"/>
-  <meta content="pandoc" name="generator"/>
-  <meta content="width=device-width, initial-scale=1.0, user-scalable=yes" name="viewport"/>
-  <title>
-   15b1f282-acf6-4e22-a8bf-09e5f5082c6d
-  </title>
- </head>
- <body>
-  <p>
-   Introduction to Privileged Access Management
-  </p>
-  <p>
-   © 2024 IDPro, André Koot (SonicBee)
-  </p>
-  <p>
-   <em>
-    To comment on this article, please visit our
-    <a href="https://github.com/IDPros/bok">
-     <span class="underline">
-      GitHub repository
-     </span>
-    </a>
-    and
-    <a href="https://docs.github.com/en/github/managing-your-work-on-github/opening-an-issue-from-code">
-     <span class="underline">
-      submit an issue
-     </span>
-    </a>
-    .
-   </em>
-  </p>
-  <h1 id="introduction-to-privileged-access">
-   Introduction to Privileged Access
-  </h1>
-  <p>
-   Privileged Access Management (PAM) plays a crucial role in modern cybersecurity. All organizations (at least those with technical infrastructure) maintain accounts with some form of super-user permissions, e.g., the Administrator account on a laptop. Organizations enhance their security posture and protect valuable assets from inside and outside threats by addressing the issues and risks associated with privileged accounts. This requires a combination of robust policies, technologies, and best practices that help organizations manage the risks while ensuring the confidentiality, integrity, and availability (the “CIA Triad”) of systems and data.
-  </p>
-  <h1 id="terminology">
-   Terminology
-  </h1>
-  <table>
-   <tbody>
-    <tr class="odd">
-     <td>
-      Access
-     </td>
-     <td>
-      The permissions, privileges, and abilities granted to users, account types, system processes, applications, or any other entities within a computing environment.
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      Privileged Access
-     </td>
-     <td>
-      Users or accounts with high-risk permissions, such as those that grant them access to (critical) systems, sensitive data, and configuration settings
-     </td>
-    </tr>
-    <tr class="odd">
-     <td>
-      Privileged Access Management
-     </td>
-     <td>
-      A mechanism for managing temporary access for accounts with high-risk permissions. PAM often involves check-out and check-in of a credential generated for a single use.
-      <a class="footnote-ref" href="#fn1" id="fnref1">
-       <sup>
-        1
-       </sup>
-      </a>
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      Privileged Account Management
-     </td>
-     <td>
-      Focuses on special control for risky high-level access. Privileged Account Management (PAM) is a mechanism for getting those special accounts under control.
-      <a class="footnote-ref" href="#fn2" id="fnref2">
-       <sup>
-        2
-       </sup>
-      </a>
-     </td>
-    </tr>
-    <tr class="odd">
-     <td>
-      Role Based Access Control (RBAC)
-     </td>
-     <td>
-      The use of roles at runtime: a way to govern who gets access to what through the use of business roles and application roles
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      Joiner/Mover/Leaver
-     </td>
-     <td>
-      The joiner/mover/leaver lifecycle of an employee identity considers three stages in the life cycle: joining the organization, moving within the organization, and leaving the organization.
-     </td>
-    </tr>
-    <tr class="odd">
-     <td>
-      Least Privilege
-     </td>
-     <td>
-      The principle that a security architecture should be designed so that each entity is granted the minimum system resources and authorizations that the entity needs to perform its function.
-      <a class="footnote-ref" href="#fn3" id="fnref3">
-       <sup>
-        3
-       </sup>
-      </a>
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      Identity Governance and Administration
-     </td>
-     <td>
-      A discipline that focuses on identity life cycle management and access control from an administrative perspective.
-      <a class="footnote-ref" href="#fn4" id="fnref4">
-       <sup>
-        4
-       </sup>
-      </a>
-     </td>
-    </tr>
-   </tbody>
-  </table>
-  <h2 id="section">
-  </h2>
-  <h2 id="acronyms-in-use">
-   Acronyms in Use
-  </h2>
-  <table>
-   <tbody>
-    <tr class="odd">
-     <td>
-      CIA: Confidentiality, Integrity, and Availability
-     </td>
-     <td>
-      The “triad” that forms the basis of information security.
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      RPA: Robotic Process Automation
-     </td>
-     <td>
-      Autonomous IT solution to automate manual tasks. This autonomy is in contrast to a user-initiated macro.
-     </td>
-    </tr>
-    <tr class="odd">
-     <td>
-      ICS: Industrial Control Systems
-     </td>
-     <td>
-      Implemented to separate IT environments from Operational Technology environments (e.g., in industrial process industries)
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      SCADA: Supervisory Control and Data Acquisition
-     </td>
-     <td>
-      An architecture framework to secure ICS environments
-     </td>
-    </tr>
-   </tbody>
-  </table>
-  <h2 id="section-1">
-  </h2>
-  <h2 id="privileged-accounts">
-   Privileged Accounts
-  </h2>
-  <p>
-   Privileged accounts, often called ‘super-user’ or ‘administrator’ accounts, possess elevated permissions granting access to (critical) systems, sensitive data, and configuration settings. With this level of access, these accounts define the behavior of the component they belong to. ‘Administrator’ is the built-in account needed to configure a Windows component, such as the directory, the filesystem, and the networking capabilities. Similarly, ‘root’ is the super-user account on UNIX and Linux systems and many infrastructure components. In database management systems, there are ‘SA’ (system admin), ‘DBO/DBA’ (database owner/admin), ‘root,’ or ‘postgres.’ These accounts function on behalf of a component itself (rather than a user). Anyone who knows the password can log in and effectively
-   <em>
-    <strong>
-     be
-    </strong>
-   </em>
-   the component: they can change the component's behavior and thus make or break the system. These super accounts are almighty.
-  </p>
-  <p>
-   Managing access to privileged accounts should be one of the most common early initiatives in an organization’s identity &amp; access management (IAM) journey. Why? The simple answer is that the organization should manage access where risk is highest. For more detail, look no further than the #1 item in the 2021 OWASP top 10 list of Web Application Security Risks: Broken Access Control (
-   <a href="https://owasp.org/Top10/A01_2021-Broken_Access_Control/">
-    <span class="underline">
-     OWASP link
-    </span>
-   </a>
-   ).
-   <a class="footnote-ref" href="#fn5" id="fnref5">
-    <sup>
-     5
-    </sup>
-   </a>
-   Without effective privileged access management (PAM), all three legs of the information security CIA triad can be compromised, sometimes with catastrophic results. This is why, although they vary by country, emerging regulatory frameworks specifically call for controls on privileged access. For example, here is one clause in which the European NIS2 Directive specifically refers to PAM as an essential part of ‘cyber hygiene:’
-  </p>
-  <blockquote>
-   <p>
-    <em>
-     …Cyber hygiene policies comprising a common baseline set of practices, including software and hardware updates, password changes, the management of new installs, the limitation of administrator-level access accounts, and the backing-up of data, enable a proactive framework of preparedness and overall safety and security in the event of incidents or cyber threats
-    </em>
-    <a class="footnote-ref" href="#fn6" id="fnref6">
-     <sup>
-      6
-     </sup>
-    </a>
-   </p>
-  </blockquote>
-  <p>
-   Regulation is not the only reason to start a PAM program. Even if an organization isn’t subject to these compliance controls, managing access to privileged accounts is in its best interests. Figure 1 demonstrates what can happen when unauthorized users gain access to admin accounts.
-  </p>
-  <p>
-   <img alt="Screen shots of two twitter posts, nominally from Joe Biden and Barack Obama but posted as a result of hacked Twitter admin accounts." src="PAM-image1.png"/>
-  </p>
-  <p>
-   Figure 1: In 2020, the admin accounts of Twitter Operations Management software were leaked to a Slack channel and accessed by an unauthorized person, leading to fraudulent activity.
-   <a class="footnote-ref" href="#fn7" id="fnref7">
-    <sup>
-     7
-    </sup>
-   </a>
-  </p>
-  <h2 id="section-2">
-  </h2>
-  <h2 id="threats-of-privileged-access">
-   Threats of Privileged Access
-  </h2>
-  <p>
-   As demonstrated by the example in Figure 1, organizations that do not constrain the proliferation of – and access to - privileged accounts face several issues. Those issues include:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Over-Privilege
-     </strong>
-     : Employees with privileged access might be granted excessive permissions beyond their role requirements, thus increasing the risk of unauthorized actions and data breaches. For example, a support technician who gains full root access when they have a limited or occasional need to restart a single service.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Credential Sharing
-     </strong>
-     : When multiple individuals share privileged credentials, organizations may struggle to track who accessed what resources, increasing the chance of a security breach. This creates a lack of accountability. For example, a support team may all know root credentials – a situation exacerbated by employee turnover if those credentials are not changed.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Credential Theft
-     </strong>
-     : Cybercriminals often target privileged accounts due to the extensive access they provide. Malicious actors can gain unauthorized access to critical systems and data if these credentials are compromised.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Insider Threats
-     </strong>
-     : Trusted employees can become insider threats if their privileged access is misused intentionally or unintentionally.
-    </p>
-   </li>
-  </ul>
-  <h1 id="a-typology-of-privileged-access-accounts">
-   A Typology of Privileged Access Accounts
-  </h1>
-  <p>
-   Understanding the different types and characteristics of privileged accounts is essential to management and risk mitigation.
-  </p>
-  <h2 id="human-privileged-accounts">
-   Human Privileged Accounts
-  </h2>
-  <p>
-   Generally, human-privileged accounts are governed by the human resource practices in an organization. The CEO, for example, often has more privileges in systems than interns. Because the CEO’s user accounts have more power – and because the CEO is often easily identifiable – their privileged accounts are at a greater risk of attack. Fortunately, executives seldom have root access to Linux servers and are rarely assigned as admins to Windows Server management. However, their access and associated risks should be managed thoughtfully. Role-Based and Policy-Based Access Control can help control the amount of access that such users have.
-  </p>
-  <p>
-   Another type of access would be individual/nominative accounts – those with root access, global admin rights, or other highly privileged group membership. Managers should consider these accounts high-risk. The usage of these authorizations may not be anonymous, but they should never be assigned for an indefinite amount of time. Just-in-Time (JIT) provisioning or dynamic access controls offer further controls to prevent long-standing high-risk authorizations.
-  </p>
-  <p>
-   Privileged access may also refer to operations involving sensitive data, e.g., the amount or type of personally identifiable information (PII) or company financial data that an individual user has access to. In some scenarios, privileged access may extend to
-   <em>
-    which
-   </em>
-   customers’ data. For instance, a healthcare organization treating a ‘VIP’ may consider their data more sensitive. While policy and regulation treat them as equal, the collateral damage in the event of a data breach may be more significant, and, therefore, an organization may put more access controls in place.
-  </p>
-  <p>
-   The key risks applicable to human accounts are two-fold:
-  </p>
-  <ol type="1">
-   <li>
-    <p>
-     Legitimate users (employees, contractors, etc.) gain more access than they should and, thus, put the organization at greater risk of insider threat or data loss.
-    </p>
-   </li>
-   <li>
-    <p>
-     Bad actors gain access to legitimate users’ accounts through one of many attack vectors, like password spray attacks, phishing campaigns, or consent hacking.
-    </p>
-   </li>
-  </ol>
-  <p>
-   Of course, these risks often work hand-in-hand since bad actors that gain access to the highly-privileged accounts of legitimate users can inflict greater damage.
-  </p>
-  <p>
-   Best practices for managing this type of account include:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Role-Based and Policy-Based Access Control (RBAC)
-     </strong>
-     : Authorizations are granted to personnel via business roles.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Multi-factor authentication (MFA)
-     </strong>
-     : Mandatory MFA dramatically de-risks account take-over.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Least Privilege:
-     </strong>
-     Accounts are provisioned with the minimum number of authorizations required to do the job.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Just-in-Time Provisioning
-     </strong>
-     : Accounts are authorized only as and when a task needs to be performed. Once a task is finished, the authorizations should be deprovisioned.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Strong Governance
-     </strong>
-     : Robust IGA procedures, like access request management and approval workflows, ensure that interventions like RBAC, Least Privilege, and MFA continue functioning.
-    </p>
-   </li>
-  </ul>
-  <p>
-   These controls depend on solid governance and access management processes. For more information on Workforce Identity and Access Management (also called Identity Governance and Administration, or IGA) solutions that support Joiner-Mover-Leaver workflows and Role Based Access Control,
-   <em>
-    see An Overview of the Digital Identity Lifecycle.
-   </em>
-   <a class="footnote-ref" href="#fn8" id="fnref8">
-    <sup>
-     8
-    </sup>
-   </a>
-   These solutions can, however, not ideal for the management of
-   <span class="underline">
-    non-human
-   </span>
-   privileged accounts since the managing process is not a joiner-mover-leaver process.
-  </p>
-  <h2 id="non-human-privileged-accounts">
-   Non-Human Privileged Accounts
-  </h2>
-  <p>
-   Non-Human Accounts require different management processes and risk mitigation strategies because they are not human (as suggested by the name). These non-human accounts are not managed via a joiner-mover-leaver processes. Instead, events in their lifecycle - which resemble those of human accounts - are triggered by a change management process.
-  </p>
-  <p>
-   <img alt="A diagram of a digital identity lifecycle for non-human accounts. The boxes include Create then Provision then Authenticate then Manage / Maintain then Deprovision Access." src="PAM-image2.png"/>
-  </p>
-  <p>
-   Figure 2: Lifecycle of Non-Human Accounts
-  </p>
-  <p>
-   Figure 2 articulates the following lifecycle for non-human accounts:
-  </p>
-  <ol type="1">
-   <li>
-    <p>
-     <strong>
-      Create:
-     </strong>
-     A non-human account is created as the result of a change request, either in a development process or brought in through a procurement process (rather than an HR process that triggers a human account). The account can belong to a server, a network component, or an RPA.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Provision:
-     </strong>
-     The component is activated, gets an identity and an account, and is given the least privileged authorizations required to perform the configured tasks. A secret is configured to make it possible to identify and authenticate the component at runtime.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Authenticate:
-     </strong>
-     Once activated, the component needs to be identified by a governing body (like the network) and authenticated, whether by a configured password, a certificate, or a token.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Manage/Maintain:
-     </strong>
-     During the lifecycle, the component's functionality can change, and any changes to required authorizations will be managed through the change management process.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Deprovision Access:
-     </strong>
-     When the component is decommissioned, access is removed to prevent abuse (practitioners often forget this step).
-    </p>
-   </li>
-  </ol>
-  <p>
-   There are two forms of non-human privileged accounts: those that humans interact with and those they do not. While the main focus of this article is
-   <em>
-    interactive
-   </em>
-   non-human accounts, it is crucial to consider the PAM implications of those that do not interact.
-  </p>
-  <h3 id="non-human-non-interactive-privileged-accounts">
-   Non-Human, Non-Interactive Privileged Accounts
-  </h3>
-  <p>
-   Some privileged accounts are non-interactive, meaning that humans generally do not log into them to perform business activities. These are the accounts of components like middleware services, such as databases or web servers. These services access resources after a login with a secret kept in a config file using tokens or secrets. These accounts act as placeholders in the system log that register resource usage.
-  </p>
-  <p>
-   For example, in accounting software, an application may need to register transactions in a relational database. To do this registration, the application looks up the password of the configured service account and logs in to the database. This results in each transaction being logged against and owned by that application. The application must, of course, ensure that the account of every actor is registered as the initiator of their transactions.
-  </p>
-  <p>
-   Other examples include accounts used for automation, such as batch accounts, macros, or RPAs. The organization’s Technology team documents a change request with the process requirements for each automated task and then creates the appropriate script or configuration to execute the steps. The process itself needs to have the requisite authorization to run. Or, in other words, achieve the minimal required authorizations according to the ‘least privilege’ principle.
-  </p>
-  <p>
-   In these scenarios, the change requester or requirements owner should be considered the accountable party for the script, macro, or RPA.
-  </p>
-  <p>
-   Best practices for managing this type of account include:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Change Management Governance:
-     </strong>
-     These accounts don’t follow regular IGA processes like JML, and authorizations are not role-based but specific. Ensure an accountable party oversees the requirements and a robust process managing any change to the functionality and authorizations of the component.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Least Privilege:
-     </strong>
-     Accounts are provisioned with the minimum number of authorizations required to do the task.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      No Login:
-     </strong>
-     Make sure that these accounts cannot be logged into in the underlying infrastructure, like the operating system.
-    </p>
-   </li>
-  </ul>
-  <p>
-   To learn more about managing these types of privileged accounts, see
-   <em>
-    Non-human Account Management
-   </em>
-   in the BoK.
-   <a class="footnote-ref" href="#fn9" id="fnref9">
-    <sup>
-     9
-    </sup>
-   </a>
-  </p>
-  <h3 id="interactive-non-human-privileged-accounts">
-   Interactive Non-Human Privileged Accounts
-  </h3>
-  <p>
-   Interactive non-human accounts - the main focus for the remainder of this article - are also called system accounts: these are the built-in component accounts, such as ‘admin’ or ‘root.’ These can also be accounts that are built-in into applications, such as the super-user of an application. A person who needs to use the power of this account will log in to the component with this account name and the password provided by the developer or the vendor. In the session that results, the person
-   <em>
-    is
-   </em>
-   the component.
-  </p>
-  <p>
-   The existence of these almighty accounts creates severe risks of unauthorized access by individuals capable of breaking or exploiting the component: they can be tremendously damaging to an organization’s security posture if practitioners do not contain and strictly control their usage. As stated, someone who logs in with the component account
-   <em>
-    <strong>
-     is
-    </strong>
-   </em>
-   the component. And that means that the component itself is the actor, performing all the tasks. Without additional measures, the actual human being may not be known or identifiable.
-  </p>
-  <p>
-   This type of account should only be used in specific circumstances and for a particular purpose, like during an incident or to deliver a change. This practice is a fundamental security principle. A common control is to raise a ticket in a service management solution when access to this type of account is required. A PAM solution can then check that the ticket is valid. Connecting a PAM solution to the service management solution is best practice.
-  </p>
-  <p>
-   Best practices for managing this type of account include:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      No Default Passwords:
-     </strong>
-     Immediately change the default password to prevent unauthorized persons from becoming the component and taking action.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Password Vault:
-     </strong>
-     Use a vault to retrieve a password.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Restricted Use
-     </strong>
-     : If possible, these accounts should only be used once during setup and then deactivated (if possible) or heavily restricted (e.g., for disaster recovery scenarios).
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Named Super-Users:
-     </strong>
-     Ensure that usage of the super-user account can be traced to a person. For example, on Linux systems, a system operator logs in normally under their own credential and then uses sudo to promote to root.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Service Ticket Validation
-     </strong>
-     : Verify legitimate use at access request time by checking a service management system.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Use logging and monitoring
-     </strong>
-     by connecting the PAM to an SIEM or SOC.
-    </p>
-   </li>
-  </ul>
-  <h1 id="addressing-the-challenges-of-privileged-accounts">
-   Addressing the Challenges of Privileged Accounts
-  </h1>
-  <p>
-   As established, there is a strong business driver to implement PAM. However, not every organization needs a costly solution. As long as an organization can cope with manual procedures for managing internal privileged accounts, that may be the best fit. A manual process might be something akin to the “envelope procedure,” in which the password to shared admin accounts is stored in a sealed envelope (yes, a physical envelope) that is kept inside a vault (yes, a physical vault). When an emergency arises, this envelope can be opened. This opening should be treated as a security incident resulting in password rotation and a new physical envelope.
-  </p>
-  <p>
-   This type of process is appropriate when only a handful of people manage the system. Even where it may be effective, beware of risks: if one of these admins is absent or leaves the organization, there will be a lot of work to mitigate the risk of any shared accounts.
-  </p>
-  <h2 id="privileged-access-management-solutions">
-   Privileged Access Management Solutions
-  </h2>
-  <p>
-   Several conditions drive a need for automation and more formal solutions:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Task Volume or Team Size:
-     </strong>
-     When the volume of admin tasks rises or the team size grows beyond five people requiring access, automated PAM should be considered a best practice.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Internal Policy
-     </strong>
-     : When an organization's information security policy explicitly addresses the risks of privileged accounts, the business may need to invest in a specific solution.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Laws and Regulation:
-     </strong>
-     For many companies, PAM solutions are essential for complying with regulations like the European Union’s GDPR and NIS2 directives or the United States’ HIPAA and PCI DSS regulations explicitly defining the need for privileged access control.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Complex Architecture
-     </strong>
-     : In complex architectures, multiple administrators and sysops manage the IT infrastructure landscape. When additional architecture landscapes exist, think of IT + OT environments, as well as hybrid on-prem + cloud and multi-national / multiple jurisdiction environments. Control is becoming a predominant theme.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Outsourced Operations
-     </strong>
-     : In the case of outsourced IT operations, either outsourcing the data center or having external parties manage the internal data center, insight into operations and limiting risks needs to be done, and PAM will play an important role.
-    </p>
-   </li>
-  </ul>
-  <p>
-   Readers may also be interested in reading the Body of Knowledge article “
-   <em>
-    The Business Case for IAM
-   </em>
-   .”
-   <a class="footnote-ref" href="#fn10" id="fnref10">
-    <sup>
-     10
-    </sup>
-   </a>
-  </p>
-  <p>
-   With a need for automated PAM processes, organizations can implement a PAM solution. These solutions provide several means for managing Privileged Accounts. These can include different approaches to privilege management and secrets management, and they support a variety of operational use cases.
-  </p>
-  <h2 id="privilege-management">
-   Privilege Management
-  </h2>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Approval Workflows:
-     </strong>
-     When a privileged account is configured with an approval workflow, a user must go through several approval phases to obtain privileged access. Depending on the type and sensitivity of the access request, this may entail approvals from managers at higher levels, security teams, or technical specialists. The PAM system maintains the record of all the requests and approvals. These steps ensure that access to privileged accounts or resources is granted only when required and only under secure conditions. In turn, this minimizes the risk of unauthorized use of privileged access.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Just-In-Time
-     </strong>
-     <strong>
-      (JIT) Privilege Escalation
-     </strong>
-     : When privileges are assigned on a JIT basis, it means only time-bound privileged access that is automatically revoked when a predetermined time expires. This control ensures that privileged access is provided only when required and prevents users from abusing permanent standing privileges. It also minimizes the organization’s overall attack surface. Combined with MFA, Request/Approval workflows, email notifications, and ITSM Ticket validation, JIT Provisioning is a powerful control.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Privileged Identity Management
-     </strong>
-     : Some solutions offer a combination of on-demand access and role-based access control (RBAC) provided via an Identity Governance and Administration (IGA) solution.
-    </p>
-   </li>
-  </ul>
-  <h2 id="secret-management">
-   Secret Management
-  </h2>
-  <p>
-   Secrets management aims to securely store, distribute, and control access to sensitive information, such as passwords, encryption keys, API tokens, and certificates. PAM solutions often offer:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Password Vaulting
-     </strong>
-     : A digital password vault contains the privileged account's password. Anyone who knows how to open the vault can use the password. Whenever the password is used, the password vault will rotate the password so that the used password can no longer be used or shared.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Password Rotation
-     </strong>
-     : PAM systems can automatically rotate the passwords for privileged accounts “on access” (i.e., when the session ends) or based on a defined frequency like every 7, 14, 90, or
-     <em>
-      n
-     </em>
-     days. In some cases, it even offers disposal passwords that are valid for only a few minutes or hours.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Secrets
-     </strong>
-     : Secrets management ensures the secure handling of sensitive information involved in Continuous Integration (CI), Continuous Deployment (CD), and API management. PAM solutions increasingly cater to API keys, session tokens, access tokens, etc. Non-human services, such as API gateways and microservices, use these tokens.
-    </p>
-   </li>
-  </ul>
-  <table>
-   <thead>
-    <tr class="header">
-     <th>
-      <strong>
-       Secret Management for CI and CD
-      </strong>
-     </th>
-     <th>
-      <strong>
-       Secret Management for APIs
-      </strong>
-     </th>
-    </tr>
-   </thead>
-   <tbody>
-    <tr class="odd">
-     <td>
-      <strong>
-       Environment Variables:
-      </strong>
-      CI/CD systems like Jenkins, Travis CI, or CircleCI allow developers to store sensitive information as environment variables. These secrets are encrypted and can be accessed during the pipeline execution, ensuring that they are never exposed directly in code or logs.
-     </td>
-     <td>
-      <strong>
-       API Keys and Tokens:
-      </strong>
-      When accessing external APIs, developers often require API keys or tokens. Secrets management ensures that these keys are stored securely and are only accessible by authorized services or applications. It also enables the rotation of keys to mitigate security risks.
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-      <strong>
-       Secrets Vault:
-      </strong>
-      Many organizations use dedicated secrets management tools like HashiCorp Vault or AWS Secrets Manager. These tools centralize the storage of secrets, enforce access controls, and often provide features like secret rotation and auditing. CI/CD pipelines can authenticate and retrieve secrets from these vaults as needed.
-     </td>
-     <td>
-      <strong>
-       OAuth and JWT:
-      </strong>
-      For more robust API access control, OAuth tokens and JSON Web Tokens (JWTs) are used. Secrets management ensures that the keys used to sign and verify these tokens are kept secure and rotated as necessary.
-     </td>
-    </tr>
-    <tr class="odd">
-     <td>
-      <strong>
-       Temporary Credentials:
-      </strong>
-      For cloud-based services, CI/CD pipelines can request temporary access credentials from the cloud provider’s IAM (Identity and Access Management) services. This limits exposure and ensures that access credentials are short-lived.
-     </td>
-     <td>
-      <strong>
-       Role-Based Access Control (RBAC):
-      </strong>
-      Secrets management can enforce RBAC for APIs, ensuring that only authorized users or applications have access to specific endpoints or resources.
-     </td>
-    </tr>
-    <tr class="even">
-     <td>
-     </td>
-     <td>
-      <strong>
-       Logging and Monitoring:
-      </strong>
-      API access should be closely monitored, and logs should be audited to detect any suspicious or unauthorized access attempts.
-     </td>
-    </tr>
-   </tbody>
-  </table>
-  <h2 id="pam-use-cases-and-architectural-choices">
-   PAM Use Cases and Architectural Choices
-  </h2>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      PAM as Single Sign-On
-     </strong>
-     : Accessing a privileged account requires a user login. When using a PAM system, the PAM system will log in on behalf of the user. For the user, this means logging into the PAM system and then single sign-on from the PAM portal. It’s not ‘true’ single sign-on since the PAM solution logs in every time, but the user no longer has to use the admin login functions.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      PAM as a Stepping Stone:
-     </strong>
-     The stepping stone mechanism, also called Jump Server, enables a user to log in to the PAM system, and when the session is started, the PAM system gives access to secured components, like servers. Usually, this is done by creating an SSH or an RDP session that the PAM system can control (and end). It should not be possible to bypass the PAM system. Note that this approach has the added benefit of enabling remote access for target user groups.
-    </p>
-   </li>
-  </ul>
-  <p>
-   The following section explores a variety of architectures incorporating PAM.
-  </p>
-  <h3 id="section-3">
-  </h3>
-  <h3 id="section-4">
-   <br/>
-  </h3>
-  <h3 id="pam-as-a-stepping-stone">
-   PAM as a Stepping Stone
-  </h3>
-  <p>
-   <img alt="A diagram showing a PAM system at the center of an architecture that includes ITSM, Directory, SOC/SIEM, Recording, and Target System. " src="PAM-image3.png"/>
-  </p>
-  <p>
-   Figure 3: PAM as a Stepping Stone Architecture
-  </p>
-  <p>
-   Traditionally, PAM systems are installed in a data center, close to the components they manage. PAM systems can also be implemented as a SaaS solution (see the cloud discussion section at the end of this section).
-  </p>
-  <h3 id="pam-in-it-ot-environments">
-   PAM in IT / OT environments
-  </h3>
-  <p>
-   In organizations employing Operational Technology (OT) components, the IT and OT domains are separated by default. This separation may be via airgap firewalls, Industrial Control Systems (ICS), or SCADA implementations. Some organizations add IT capabilities to OT to share control center capabilities and to provide remote access and monitoring. Traditionally, the separation is done through SCADA or ICS systems. A modern and more affordable solution is to use a ‘PAM-PAM’ connection that secures access. Only through an IT-PAM system does an operator get access to an OT-PAM system, where OT tasks can be performed:
-  </p>
-  <p>
-   <img alt="A diagram showing a PAM-to-PAM architecture in an IT/OT environment. It starts with a Directory and LDAP account, then goes through the IT PAM system to the Admin account, to the OT PAM system and finally the target system." src="PAM-image4.png"/>
-  </p>
-  <p>
-   Figure 4: PAM-PAM Architecture in an IT/OT Environment
-  </p>
-  <h3 id="external-service-provider">
-   External Service Provider
-  </h3>
-  <p>
-   Many companies outsource parts of their operations management. The component owner is accountable for granting access if a third-party manages company resources. In this case, privileged access must also be assigned to third-party operators. In addition, when using external services, the company must ensure that the service provider uses a PAM solution.
-  </p>
-  <p>
-   <img alt="A PAM system in a third-party access model with the internal pam system being fed by the third party PAM system. " src="PAM-image5.png"/>
-  </p>
-  <p>
-   Figure 5: PAM in 3rd-Party Access
-  </p>
-  <h3 id="section-5">
-  </h3>
-  <h3 id="remote-access">
-   Remote access
-  </h3>
-  <p>
-   As described above, PAM solutions can offer business users and (external) developers remote access capability. This way, legacy remote access services and VPNs can be decommissioned, resulting in lower costs and reduced technical debt.
-  </p>
-  <p>
-   <img alt="A diagram for PAM in a remote access scenario where the PAM account touches a PAM web portal, which is the front half to the PAM System, then goes on to the target system. " src="PAM-image6.png"/>
-  </p>
-  <p>
-   Figure 6: PAM for Remote Access
-  </p>
-  <h1 id="implementing-pam">
-   Implementing PAM
-  </h1>
-  <h2 id="good-implementation-practices">
-   Good Implementation Practices
-  </h2>
-  <h3 id="automated-discovery-and-component-onboarding">
-   Automated Discovery and Component Onboarding
-  </h3>
-  <p>
-   Components that need to be managed through a PAM system must be onboarded first, meaning that the privileged accounts and passwords must be brought into the PAM system. Onboarding components can be done manually, but PAM systems can automate the discovery of components in the network to start the actual onboarding.
-  </p>
-  <h3 id="session-control">
-   Session Control
-  </h3>
-  <p>
-   Authentication and logging controls happen by default when a session starts from a PAM system. Implementors can also add risk-based session controls, such as:
-  </p>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Session recording
-     </strong>
-     : the whole session is recorded as a video-stream.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Keystroke logging
-     </strong>
-     : all keystrokes can be recorded to make audit or forensics possible.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Keystroke deny-list
-     </strong>
-     : when working in a console, specific commands can be blocked; for instance, the “rm -rf” control can be blocked, limiting the risk of destructive actions by a highly privileged user.
-    </p>
-   </li>
-  </ul>
-  <p>
-   Beware that recording and playing back sessions should be considered a privacy and security issue. Ensure workers (counsels/unions) agree and that playback calls for 4-eyes control.
-   <a class="footnote-ref" href="#fn11" id="fnref11">
-    <sup>
-     11
-    </sup>
-   </a>
-  </p>
-  <h3 id="break-the-glass-procedures">
-   Break-the-Glass Procedures
-  </h3>
-  <p>
-   PAM systems act as authentication services. If the service is not available, the operator cannot get access to the component that needs to be managed. While redundancy is an essential control, break-the-glass procedures enable access to the password vault under emergency conditions.
-  </p>
-  <h3 id="pam-in-the-cloud">
-   PAM in the Cloud
-  </h3>
-  <p>
-   Developments in PAM mirror the developments in most IT domains: where PAM systems used to be self-hosted, on-prem systems, nowadays, both SaaS and MSP options are becoming available, as well as hybrid solutions.
-  </p>
-  <h3 id="third-party-contracts">
-   Third-Party Contracts
-  </h3>
-  <p>
-   When outsourcing operations or using services provided by third parties, an organization must ensure that PAM requirements and rules apply to the third party. To protect the supply chain in this way, organizations should build this requirement into third-party contracts as well as procurement and vendor management processes.
-  </p>
-  <h2 id="addressing-barriers">
-   Addressing Barriers
-  </h2>
-  <h3 id="adoption-friction">
-   Adoption &amp; Friction
-  </h3>
-  <p>
-   PAM System adoption depends heavily on user experience. PAM systems often add extra steps to log into the target systems, introducing a new pattern. Like the reason for access, ticket number, MFA, or lack of native integration with remote tools, these changes to established methods may lead to frustration among users. This friction also might lead users to seek backdoors that help them bypass PAM systems.
-  </p>
-  <p>
-   Current admin account users may regret their loss of almighty powers – and may feel less empowered to manage their components. They may fear being mistrusted by management. It should be noted that these concerns are real: communication is essential in change management, and emphasis on the added functionality of PAM solutions, such as single sign-on and auditability of actions, can help.
-  </p>
-  <h3 id="pam-system-availability">
-   PAM System Availability
-  </h3>
-  <p>
-   PAM system availability is one of the biggest concerns for organizations. If the PAM system is unavailable, it prevents recovery since all the privileged accounts required to access IT assets are stored and managed by the PAM system. This risk can be countered by a flawless and tested break-glass procedure, which enables swift access recovery. Unfortunately, these break-glass accounts are often forgotten and can cause more harm than good, so it’s necessary to monitor, test, and securely store the break-glass credentials.
-  </p>
-  <h3 id="password-rotation-of-hard-coded-credentials">
-   Password Rotation of Hard-Coded Credentials
-  </h3>
-  <p>
-   Almost every service or application requires credentials to communicate with databases or other applications. These credentials are used to prove the application’s identity. Typically, they are privileged and embedded in various locations, such as configuration files, source code, INI files, OS services, and scheduled tasks, which are referred to as dependencies of the credentials. Therefore, when the password is rotated, the new password must also be updated in all dependencies. Many mature Privileged Access Management (PAM) systems can automatically update the new passwords in the dependencies after rotation.
-  </p>
-  <h1 id="conclusion">
-   Conclusion
-  </h1>
-  <p>
-   Remember, PAM solutions do not address all risks relating to sensitive data access: practitioners must understand different privileged access scenarios and map them to the appropriate controls. First and foremost, they must consider the differences between human and non-human accounts. PAM solutions are not a panacea and do not address the thorny challenges of managing people or the non-interactive accounts that do not require humans once coded (these are demonstrably not people). Effective policy, governance, change management, and other controls are still very much required.
-  </p>
-  <p>
-   PAM solutions are best used for interactively used non-human accounts, although their secret management tools often cater to the needs of non-interactively used non-human accounts. Make sure that these use cases are identified correctly before introducing any technology.
-  </p>
-  <p>
-   Once an organization introduces PAM tools, do not underestimate the impact of culture: it can be a significant change for people. It is essential to bring people along, highlight the benefits of additional functionality, and communicate the necessity of an improved security posture for the organization.
-  </p>
-  <h2 id="remember-these-core-principles">
-   Remember these Core Principles
-  </h2>
-  <ul>
-   <li>
-    <p>
-     <strong>
-      Least Privilege:
-     </strong>
-     maximum authorization should be equal to the bare minimum required to perform a task (or simply said: “just enough” access).
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Ownership:
-     </strong>
-     the accountable owner of a component is the owner of the non-human (built-in/admin) account. This is also true of service accounts (non-interactive). The owner of the component is accountable for providing access.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Security Controls
-     </strong>
-     : should be layered on top, including MFA. These must be applied with a risk-based strategy (e.g., what is the suitable retention period for session recording/keystroke logging, given the organization’s server capacity?).
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Third-Party Access:
-     </strong>
-     with third parties, the component's owner must ensure that contracted third-party personnel
-     <em>
-      only
-     </em>
-     have access via PAM.
-    </p>
-   </li>
-   <li>
-    <p>
-     <strong>
-      Outsourcing:
-     </strong>
-     The contract owner must ensure that the service provider employs a fitting PAM facility for managing the outsourced service.
-    </p>
-   </li>
-  </ul>
-  <h1 id="author-bio">
-   Author Bio
-  </h1>
-  <p>
-   André Koot has over 25 years of experience in the field of IAM, and he is a principal consultant and co-founder of SonicBee, a Dutch IAM consultancy company (IDPro partner). André is focused on business consultancy and gives IAM training courses aligned with the BoK. He is also a member of the IDPro BoK committee and (co-) authored several articles in the BoK.
-  </p>
-  <h1 id="acknowledgments">
-   Acknowledgments
-  </h1>
-  <p>
-   The author wishes to thank BoK editor Elizabeth Garber for reviewing and helping with this article. He also wishes to thank other contributors and reviewers:
-  </p>
-  <p>
-   Contributors
-  </p>
-  <ul>
-   <li>
-    <p>
-     Pranav Chugh
-    </p>
-   </li>
-   <li>
-    <p>
-     Sebastian Rohr
-    </p>
-   </li>
-   <li>
-    <p>
-     Eric Woodruff, thanks for the diagrams
-    </p>
-   </li>
-   <li>
-    <p>
-     Lance Peterman
-    </p>
-   </li>
-  </ul>
-  <p>
-   Reviewers
-  </p>
-  <ul>
-   <li>
-    <p>
-     Bertrand Carlier (IDPro)
-    </p>
-   </li>
-   <li>
-    <p>
-     Mike Kiser (IDPro)
-    </p>
-   </li>
-   <li>
-    <p>
-     Abhi Bandopadhyay
-    </p>
-   </li>
-  </ul>
-  <section class="footnotes">
-   <hr/>
-   <ol>
-    <li id="fn1">
-     <p>
-      Carter, M. K., (2022) “Techniques To Approach Least Privilege”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(9). doi:
-      <span class="underline">
-       https://doi.org/10.55621/idpro.88
-      </span>
-      <a class="footnote-back" href="#fnref1">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn2">
-     <p>
-      Bago (Editor), E. &amp; Glazer, I., (2021) “Introduction to Identity - Part 1: Admin-time (v2)”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(5). doi:
-      <a href="https://doi.org/10.55621/idpro.27">
-       <span class="underline">
-        https://doi.org/10.55621/idpro.27
-       </span>
-      </a>
-      <a class="footnote-back" href="#fnref2">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn3">
-     <p>
-      Carter, M. K., (2022) “Techniques To Approach Least Privilege”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(9). doi:
-      <span class="underline">
-       https://doi.org/10.55621/idpro.88
-      </span>
-      <a class="footnote-back" href="#fnref3">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn4">
-     <p>
-      Bago (Editor), E. &amp; Glazer, I., (2021) “Introduction to Identity - Part 1: Admin-time (v2)”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(5). doi:
-      <a href="https://doi.org/10.55621/idpro.27">
-       <span class="underline">
-        https://doi.org/10.55621/idpro.27
-       </span>
-      </a>
-      <a class="footnote-back" href="#fnref4">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn5">
-     <p>
-      OWASP (2021) “OWASP Top 10: 2021,”
-      <span class="underline">
-       https://owasp.org/Top10/A01_2021-Broken_Access_Control/
-      </span>
-      <a class="footnote-back" href="#fnref5">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn6">
-     <p>
-      European Parliament and the Council of the European (2022) “DIRECTIVE (EU) 2022/2555 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 14 December 2022on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972,” clause 49,
-      <span class="underline">
-       https://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32022L2555
-      </span>
-      <a class="footnote-back" href="#fnref6">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn7">
-     <p>
-      BBC (2020), “Major US Twitter accounts hacked in Bitcoin scam “
-      <span class="underline">
-       https://www.bbc.com/news/technology-53425822
-      </span>
-      <a class="footnote-back" href="#fnref7">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn8">
-     <p>
-      Cameron, A. &amp; Grewe, O., (2022) “An Overview of the Digital Identity Lifecycle (v2)”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(7). doi:
-      <a href="https://doi.org/10.55621/idpro.31">
-       <span class="underline">
-        https://doi.org/10.55621/idpro.31
-       </span>
-      </a>
-      <a class="footnote-back" href="#fnref8">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn9">
-     <p>
-      Williamson, G., Koot, A. &amp; Lee, G., (2022) “Non-human Account Management (v4)”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(11). doi:
-      <a href="https://doi.org/10.55621/idpro.52">
-       <span class="underline">
-        https://doi.org/10.55621/idpro.52
-       </span>
-      </a>
-      <a class="footnote-back" href="#fnref9">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn10">
-     <p>
-      Koot, A., (2023) “The Business Case for IAM”,
-      <em>
-       IDPro Body of Knowledge
-      </em>
-      1(12). doi:
-      <a href="https://doi.org/10.55621/idpro.97">
-       <span class="underline">
-        https://doi.org/10.55621/idpro.97
-       </span>
-      </a>
-      <a class="footnote-back" href="#fnref10">
-       ↩
-      </a>
-     </p>
-    </li>
-    <li id="fn11">
-     <p>
-      And as a side note: storage of recordings could lead to capacity issues.
-      <a class="footnote-back" href="#fnref11">
-       ↩
-      </a>
-     </p>
-    </li>
-   </ol>
-  </section>
- </body>
-</html>
diff --git a/Access Control/tokens-image1.png b/Access Control/tokens-image1.png
new file mode 100644
index 0000000000000000000000000000000000000000..3d62f4719156bcba6e588cd670a4d3c7eb1371a8
GIT binary patch
literal 180399
zcmeFZbyQW|*9HnmBMJu*k&YwMB_Iuwha=rx0@6r#he)?{NvCwDfPi#&ONVrGH{ttz
z-?+cu{r`^f>hPT7Veh^6T5HZ{KJ%G#<1Zy4f{ywU6$S<d9U>|y0|SE$fq_93L`DR@
zd3OEF1$cwCk`Z|aQ`n2Y4*bVkPYI$gE)GKld`5;rfCa%kx;+H=3j_NS2I1~A42&2o
z-ansZU|&BR0|x`+X9xrTaEuD@e*2O5_T``VM=7xXbHx<6zegiOQXc*Nj3@}40V8Zo
zXau~WScocH!NAZ!Z~wt&a7X6=mr^#AQ?gbPf6t+7Zc3;9!CXg=&fe7G_AD4Kdk)~E
zsh+hqvAwB@nH7gUH|gCG9Kh$>ujxsN?+&px<|b7Vmm(H0x6~tMrDLFDAmu?NCMM>x
z{GiVvBPjfEI`BVk(vQ~G798~Sc6N4jcFc6<mIm~U?Ck9H3{3P)Otioev{nvg*4p;8
zW>#eP7x{Y~K|L#7OG685Lvu6Y+v{rUnA=!$lak&J^v|FB`?NOH|DTb}tRAKXOpyNe
zC-jVT4D|n88#tBg_FE1~OG7<i<lF1>Fml};`G3B97>A4gcJTjoGxsyS`xclg4=NY^
zKg-60imS1J1Ovkd0}<qxvxnW9L2{Orzi9fCl@UQ2Sx*z0L8Hv{3|9z)pLJ2t*VFTL
zmz1<L<@`IL%K+6+^!RUK_~9u9T%<!Ok*Q>bF+ZZs(DvLUi5kVdGBu0)6mhw8QT^&<
zmO1I5e#JD7i(SMU9Tpyg59Z&Of7jq&JNVZP{)K{nk?>z6{1*xTMZ$lP@LweS7YYAG
z!hezQUnKnhI}*aF5tBD{bnN}Nos5Ccl&rp}ag!O`xmo=nc8R0uhP^36#;-w1SD2LJ
zGF4%?I#w7f$8ua(?QiwF@Tn!pHv|R_nb@5V(<9!z;jHFoc6NL#X={3G>pQXlwdJN%
zK2gz+AN3tabFzQ_lzdLBa@f}Fg(Qpr{5Ra~X?N%TzhB-y|7yAF&BkH97MT^r@V$0S
z>t_=`<<s}EZ#%#9DBj;Zva<&y;?<00>)wK!G1*GFZ~SB7z?Wxz>JdARbbD@&FG&9T
z0A?U5W|70~8BST_;HNZPCKd<cY*%M%hdD<x)|(#@?{~QoL#kBxus&C_<~dCf3)hGK
zYO9#KT8g==6wOOM4D$be^#+hssmMo{0}me@^kEYMD#kX&lLS}HyBM+;%~$VuL={qf
zG<sur^+%-@ipUo9^3(fjr%l44r~mz$u4F0tEd8D<0%$}pezc8H6HB+4U*}-FzCFVo
z4Q|8hJn#IdyFYhdrL`OJ3hD9B*tdE*syJqN^8anC;W3ckd!SSXiw_F7`#tA*Lo7|o
zaAV3ybqDmAQN#m9ZZ|YNo?|b0n52rBMI+}m$^QH8#WmI2&7653H~BqBWRN1#;^J^I
za&cw2pEEK!tbQm%`z8%b`VXuF(9)xIgMjb<b?=E&pnNXGMLb`}sKUs#F}xPWG@Rtd
z#J@4zkB<2K1+(o|h>Cq(FT>|%@pNH)=DiTKRFeN@O2qTZu+b9?zx`P6%%{{YY4l+y
z>YBcOT5>e14<*)S@S2eP<=k{&mrQucPdrTINiO_f;$4$EoY8atwr)jhD@CWWB_0ni
zHwsBBP2)1}J1cfKhqo+YnmZBiJ5&j8I;L$Dr(fq7`~TPiQ4dNx33~y&7jrvrviTRw
za@67WkwW<IrUUQ8*BwoZXZUEv#+M(RFp=3xQ0kJH=_d%`D<n;jkdE{}&Y3R-g`9|Y
zfWE)|ndlOGtfRgWagg8ra>K{)?Kae}B948&GA`>Bk>py|#KbC~fN$X%cy0QhuLc7r
z{7edJ%5^wCt>UP=Ia(fXz22`-Q(;1SlqWZ=%DvWQKJ6yQx;sIUOnWW-gn%R4_|k1>
z$}OW1^_lQp#BAb&Yuuf7@yT0wOvoX~VQaQ(bd-{FauCwk6%){4VOST>W+u(-QjAc|
zCmI@(yg>G!XN7^1oxz&qvXH^(=!=h|C^_r4Pm)83m67#QkHy2L_Gwp@;dx_m4!HD(
zaVHHDpWyx2$?(H6c$~Idr?Te1WOw3e9u?KA<&KeK4k_2Vg-dpiB|Fpi@v!twQ2DHs
zf!Tz4-k7#K`B2z{tl@r<V_H`x!2WYL9$*Y?Z0uxu5Rp>4&Ku;@N<LTH;pbt)ayNts
z19wNk=ekn^E5&;B1VpZO>9OXh%^l07UH8jr9b26?L9E+RDUU%x5sZ3&$$4Fm!kHTG
zG%#fC%ex-JPggxI;LLa53LTp@l)#aJv2T@vDUw4^<_2PREzCO6U7|b*xSHA}!v)=E
zq<p>pLMD6zpNWaR+_6>!<%eQcT9p>%h#b&RI>NQOf%i2SgD|!L0Y6b61VKe%bcu~g
zysB^ua{qW||8Vk6Q5memOnBQ%#z<8DitQ|?CAKQz-VKFn5dDF%M;Z5CV$s;-@d(Lx
z-PC6K8y+OIKR{ppy6{3|O(I;Y6P>z=*hMT{Fm%@5>uGJ!^EoY3#gOkB!7TEd<^dHH
ziBsi%GHlpOTBadm$MB{n$C-=eKkDW>d#66GfXdXl+l^~0E6EE4un%HpcfMZVImx9m
zF)J%6l~Z_UBs1iF8d&%vQDX^-ySoR%FO>IQWp24%EoAA*L*d}0?w($WHx^CazPC$(
z0S~vTPtngZNJlWaK_$7c2xk-viZUs&ota$3AxJozkB~G<gc`BWryytD&x;|_UBzfA
zJ_Fjli6YiRDqX~n&Mp7i7(m(i7j_-?4o5<(1_dgOuIlWjok5s1)!JUTf_~%>_<^2d
zuhdsYjKQPF=aW0#rlF%}k4+Wb-0KUr`wX3OE2hl;O!^C&5@l>ROxLK|GzdE-Wp6_!
z&CKx%5)-~{7i_B^F0w;^8LA|AjfH*35lExH0~#_kZy_PD_t%m+*4W`q_=qq8Fe^Mp
zF|}6ix2uc9R50{$v}gZ-g9EPW*7K!@&_np#LeJK-kT%}_ZSMR>4RHJ#BwUJ$rWzBU
z7cUS5#4zM%u!_->qH81UQog%GpUO7JWtN3pNQ#$zd5ZX`30{7Dq{HP(8JZ$guQ_G#
zvG%yxPn#7x;0vVQBR*w&R5i`ESaM24Ir&Y~!H&w~yz(okX-N4O3Js^EZ`<aEwMAIu
zWf-WHVw0t~lMR|v6o#C5_Xynv-;$mt?DzFo<J<;L?N1bVj6G&pSz{DhQJI^<D;kRy
zp<CZXhJj_F_J~X5>ysMZLb?SLS)Y<8@M;j&PvD$3{*#0U^jLx`q$&TT-EAMzf&G}E
zY}?*rN4sR%*Q~@nmoHq9Z$_dK|JO%aqodS@Fy2F{?>R3<{7$L<Xa!XC_1lt}8?ipd
zHo!9_a^7*U+aAb{7mNOywQY{a!ngSD_9pg%+|Rt^BG^0o*kJpq;gIe5n&cqy7{6&j
zU@ksr#2rBaqZSVf`*RUCW`~Q*4f-eb0HY^yMBYt;uL%e4Xk#QV-!3P}+nbQ4d?7PF
zBYIj28nZS*12tRA5twMg)T$0@s*bsS8(vwSA~J#IJh+@QnEeTBz5iOrDTdp2CnhL<
zxrp~BboF;n`Iz512Cwwg2-3Mwh0#bZG`T?$QlL`)&CzDJfWYSb(2(7gOW9SaQNwm;
zTAKXTc1lA9g`v}T`*N$nItOU=T3Wz28IycLLBVWUjfrb^S2ZRkrVl-F<m^_z%S@9u
zR!KCbu*wqeDm}zM5r#o{8(zc223n`c@P+P_%hh{(UukLTF{>)ShTTRWVJuMycVY_L
zD@A?Y{wWcLD1*)*t(vJo?A!gL^Jo@8>a)MDUbR6#FCmOs1N<%=VR#U%Nq3&M{Ek&o
zGEp=>JJGT4_ZvTcVqmW@rayQ+`Be5?@jE<96h5O~*9U*j#zM)Ko#F5G)tcC?zhX;2
zG~*Rbv`dpO@PS3t+**Sy4OhEOx*fKw90Hz)_b*wVUG$SUtZrADM1a5i$n%ux#Ed!F
zqLj~7I8X^3B~U&$9jOUoC(&DI3CX9=Tb(JtGBqVC*fzP_M}BGyJUpGQGnq0P6u`HT
z<zP*P{rf#D%Lj5M`o`}=^j=j{7mG38#=3U~>)}Us#nGs5SkcoKz0opvmuSF#8x?L@
zKZ{&*_%W*zbp?v?ap=1tisH8B<iQ0nkmiC(3R)!EAuJP*04n)MX>91q`DH-Shy59>
z3>l%hqJwOm7jG@x-+Z+8a6W4zt^GVx1O92cL?Jqq*|Vi_a@_ePiVBhir3>5JL#CBp
zWUHMy+2xgT)EH1r>yD{(nu(_n=#Gjo8p$&*RW1uxueF7knFZUNYy|CNm`axLbXwhF
ziN`!9a>!!`8EB}KzZEcbjB&W~mX_9cy}wr}5RMse32wdAy$E5aezTV%+T}!Dk^9r*
z?Kwp{vu9aZsCrP$&q2YF+kTQ=9$rXdlxK4*+l^NW3j^!2bJwmjl7=^lE4cT5-i`?n
zgM8Imvx=n8K$K;h9h8*B?usT&iJpFINi6O<cjQC~zNxJ<=u5H;;boyV9I?wwbo;cg
zX_IvJoiCfHLt^ck5+l#2z=gVOEfYlU`-D*G@EdHfa8Q-BoJmEzSm+Cv?iV@Itxizm
z@pi4<w@gejzK`ow%w9^Hgg>d?slofEe(~fu_v|nsPFZKGpt93p6&o5Hn~Kn0iR$8L
zw}yY~;Zg1t&m+I?9Lw(>2Ef40Vl%|Pd*x6m;wW$jLc$(cSu#ZfoI4dbZ~9ez_9c+B
z!EA?Sh6a}Hn*{<6_av|moDx0RKZOG|UBk92tW&WR*o}^h<54#!=(=cx={7yR;XbUy
zBsYS^QHE>DMgcunimLmwoM5ngZFurkG6&4+tH%9a?wzM}WrN~T#PG13a>?l&{8JXM
zA3i;Ccr0q{MLJ+ymUDdv?dzL~_R|VmQl;59b7?^=BhTG+fm<McfzU!`C5*IGh06@r
z48(+IgxD+`^qd#l^DJ7+cb1v-yuWr>SWS)FkVtcCNE<=#qL8Ng6J6(uM+&@d|J@<J
zIH#-05v_-aoicciZ3)!7UEz3~mAg8us;l;oawFq<lh9$!QGOT`Y?tns02sxzJ7JJ7
ziF<rjKKcG}vg`i$UvXDeZ;YnLi$AHrb$51#UF^iB_1H?wB0j~X(q34IhWffp*BfWi
zsGWvsFCDzoQZ4668al45@5fQUCHubE$RUBFppN(XNFT>J1+|c?G@HmtG*?zXpxe52
zmwmqH&!2&)yuPYgr5Vz;jIy*cI(y#epPdz=MaSv7g9pTOl`NF9Z`ebr0!Xpg6NZea
zcdXSO%12xNX>Yz+*6~~xYFc-yk(NXiIYPp4wX?e1Eu^`YO_D}i9kw^`5|Te4@89A|
z+k^&fY;bYKaZa=O5roGU7VBSQKwM(hlGle-u5|JA#WD^G2vxYpn$heMzPippvQact
ziZO43Zez3{F9~rolLx~YI(1^~glB4SYe=4Q?(qJ^^?x37enu$Uy7DF_<Pi|L3oykn
zP*eLC<37KS=&Dn}qTbmbaBynUQ13m65PQvPME+!b+Z}+LFYDBO;dtkDp5<>Kpk~L_
zdfpxTf^O;2nb`t>pL}0*7|nWoRp(HeY1u(w_mV?+YCf*=BZ<w%sp262F7?Ia6S5Z}
zo5o%egSH^B=bs&BeRxkbVj3zclAkCqc;NV{v<9P>1A@>8o0(1S%=#%>@vyI-hx*3`
z!+MSy<LdCOv|22x`?M@YcK%l^GnuslCSdr~nMGVcEIU9Q9Rvu_X5z_p6@{{0j(*q+
zhoPX+tjk4*m~OhGfVTx+`7-6XN2v?R9V2-}Tcr@Cov>qm4|ZwNSxZlmdshOCITWEK
ztptLBzKr+l4t0r8vL}#+Y2Y1eh*;;TxZ5Z<J^3z9C(~$CQ}Z%sKj5eb$-V#_8OWY-
zZpl26%brJ}d2Vh7>jq2q!aH-hPYNlHJztpY*DwqM;=5^;>)yUowM?%q6nl1T?7`3&
zoHTz0(JHnnzGe;Z1|Oqh>wN2rswZco7_;o6CuA-y`IeH>M6V;yui?})5}uT_!1gDa
zrN31q_$M1QrpuE}qtsLkEJkj0@$r7E?*qkOJvb4r@E1@2u_q#jQ)(4892KtKEVSsY
z`bf!g`%quwp8HVL>j%R|LO^`{^38GE*@4YblMG%>l^R`s^z^Ca08Y(DR%WK;7}dRL
zQuBp-&&_f)qH^&ED9{o~RiVEeZ``YH<j#?)E@||6U*}59V7<pzovX=P?f8>;>f;C#
zi~lVFoA|$X2CNvLUsLdm+cO8r+_GFF+ea+ju<@%1Y7k-en8SDB-mB(Mx$k!SElFr>
z?58}ewlB{NC)1?Ebf0jMSpbA<27UL!xba4uqR1&yt{6F#Tsv%jAOcQEKdkEa<R*B>
zS-tdWHFw3F?M^te!Qjj+9Xe@>Vv0oKqzwIzvlUC!>p#b}L_gQUT214nZ+w$VxjPx}
z&HfIK?q2|*hi7GHlhEn-#=8CnK&D{s8J9MIVX+E$4~ds9`wq!HyG!NvJe#_(sqr?~
zGhMIj4aai)0SC8{=A$)Ci)Mw0scc)LCDUDgYq^ydh`uIN&8>?)J5+^LcOyUDevL9c
z28S{Vd$`Hlbly+fr%0nom#0t|SvHiFF(Op(VXZhXLt%SS`3C9f6)m$tZ#WxH-A=Tt
zAv~-dGS}hW<7$JAXE|~?X@M_4r8^%sU+iyJcIU?jSMtoW|G(xFNw+5{HhGm1L#5IZ
zHG%%6qA83JHhQ{0T}b)Pgvn5*89y!7Ps-qtIO^1#*N`}Vk*x@XGcv^DhJbQw56kK(
z%KbLG$5}?M_=ty}>W~ZG;CwXY_I|QGrA!pPeg-|z3_U;EgxoX>e3(U}?~31TporM1
zSKMIv_}UBcFh*A-<hkKZYsm9(VrfC|M`Xxc98Q_}mpnNPkxvLXv3Yn;z6EWg1mEXC
ze~lQpvy=}WJ)E}XG}VHC@@UGXr+-8ks6oUaoDs7f5sU+@_w(#Ut|}Q8o(iT-FpOg|
z1Fa1T+^mNAJ-M9e7M~dkYz9<`mU*_<FfGtx0)Yd4aZ^cbLbuBWKc?$oPI4A-#$G}?
zMMz%~t$zr&S;KUNJk)S1v!KF+KjE_CfK9pPQdRkQhH8BzFDqZII@dzMe^=4ffX=NA
zTTx7{-Z41tHy4}+meSP~)kLLv5kNbH3kjL}r_Fm*%IijX32y1C2OW^2JCs;PQRRQf
zUSo^<b0#=HKA=1D{*`Q?BuAF)-44KuVOr?r1WlP$S4S#TZ<zrp(zFHmtZnAg5aIna
zsiWPdL_^?!Xg^>nsSNzs{-nSz7qCgE%b;0Q2uQe5;F?G?%)BWC*D1agGpKQ!_250m
z6Er1tsm^Cq{AteCkz72+74N^=XN|~*^~AeIIqk%fZn{nqdm*AnqVwM9G+fWv&BYNR
z88J&vvumq`ao`irqro1T>&$u9TmJrqt7$En4EP6M6Pns=p53_seS;?NJW>}7=AK8>
zNDM2t#o<rsaB^oY$(TDY%0L75rM(Sj<2*n8kofgNr28zG&Gk%AV7!|AtB-^YAIbg9
zr)d~;hO;?momL6dOOHy2edEnNBYM6s`$kCdE4?4%ohLrj{;7xax!f$xcAI0=@As+^
zBru5^lpql*6_v@ow;LW##jgXni{2^v7*tTM%t6sK=!HW>zDgoF&Ko1*_{wdJavG$E
zH1L0UIWQFq<SM4ArZ)6|MssX@l?H+gYN%ONIQ-I-^dRT$vhxw6L{cm6(A6(#=b+c?
z>`(%+aOczG9}1%3$Ukb0@)@yXAuYDJ9@yP6&@3oNtbud!lUmu1CpxvNAOg9>^v;{F
zSj5ARL9$uzqYI`gI(>;;L&2J^B=Hp{QQU6Z%xrAhm+%KmmDJIyY<+h;`97xHugooN
zhQXF9eVjdkc=%Y7wp^M=O%a>BN45eUwtU%lwkL}GMZJp@;r%%xaC0sfrn(|yTZsla
z=uT9#>;}q~0+Qy@0CgNr&A&kjC0}qm`87vM#}px$$Z>NuaB#XcVY!XY_7#iJ1Svz`
zt$3!=bWWenc4L_GKsTnl<||PQ-Hk$0;zfR0eN|$a(Ts|Q!yh4slOBZM#?g9jgTWN>
zA!q+d9p=+Qt77T~IL7I*!8>ry->mZ<Y~ZI!0OI=A`LwvOPf^*Zm0-WHG8F)$+Kj9f
z?wraeD_2myF<zaUmoEoiN~f45-el5F?;Rj^{_3K$`btHaW|z$K+tz5Lkald&9zebU
zz>_Pcx~5st|C4rm8skn~`WT=T=DXjiAykFrt*5q;hrxI13^E*$8N1nqf!Qv1lN`u&
z!pZAW-xJv)G^o@Gn&Gmy?64R}5OO>IP&3)pbc>DoT}&>Nz4CT6|Arp~0)05h)J!z|
z!t{Ua=|TU3B@TUSYJ?L#xz~udE*AcUx|89WLg2^Up~6_>2Ny|*j=Dxbw3wxev`cr-
z18j~FK8`5`25lR6FB4u?w5aYluB;|IitF@etB`(FF-?rNX;^={-<ed;Ge!WnK1|r<
z{eoa1JtbhG?@5gwUK{@IwROEDxjwtXbPxyvAeU_nvNk$XLz(oCQivSMKW}aHWozPl
zMzPP=11ho7Q5+n?1NgrNw-?paIm|43biCa~gXnmX;@k<h(%LFWTm5G;-aJaJe<N3~
zGpHl!s?kRw%i+sCE$)DC55ya@YR)V2-CWn2CRjRpmX+@ZKWSq^27%<+lqa2@2A=sp
z?M=we1NmGDyOX0dR?B<ft$F*~b!8-Sc7G0I>r84qjz!7^k%&zeHvWF;a4>W7%jQ*J
zGBMK0c9f}VWmlR|z=z}fiQg-1gvs1f38K<G9Ad8|N3KpjL1wJ}X%0oE^5~m&U~yU5
z2TR9JC}&(>VSqq7xoVWGyVaFELC93(h(Mlow*$Tyr&e><)JKSm4-;L7D<scLP_^_T
z_aAhi^te529?`>+ghX=PG*i7J+A&XR_7R*ZXGQ<a#)6j!l5v!1ct7nb5w@61#1OA9
zf8;e?|M8-2iRB6vuH96@?;pN{?dkd{N;j>JRx)h~21(&^+f#v+fds}9!BX9(*|_Ax
z@3D-W)Sz+M^0gIb4gmh@B}YqrKN}O@Z-ExY_5C4&cc!#ho9EZGm7Kdbu(#l1+mSC8
z1|V`d-B%Hm%W_6yKMD)tzpA%Ts-xb?@<8@nd&@+D0+{fop=6Iniaw*(LA^V5Czan5
zqU!#WFf7<RNGnF(8n0L)t=Bc3`U6)l|9Te|029d7`5(*qCf6)g%?4`+^(-{m{$2P}
zw5DA%<$1(>5bmu{@LcZ+WFh8+Q~A!>d*xpkdXe)SS2<J`X6uJap@57sQM*|$Gcotq
zwqo~xdyWYW_xif?!`GCM2lDU0Yu`ENIF=}P#B;-4XUHn+b=50bRnK&1h+fs5SbD3k
zSIOS0zj33ybBQGV3b^oU%9gqlU$6&O!*xevQjK%(ivd!(d?AGOoCO;7?@na!7_qGz
zGh~cto>_>`Z*2PhES2oBs@VrJF##pZRztc*>K7Y!m{=A~Xpt4ez6g9^`P;a#+fdC{
zh|458Sz%;2TdOe%0cG*N2I>LI<oxeOHphyRGdMz!UkLN{SXerQ?D+co@!iwd;^*U4
z8gq_8(KS=7=BVGfRx$r^A76JU)bvg8f$+z}g>Qi54#W}sr4MhP-DUKADN-o|KIj^+
zxh(ckpr&t8Rx)(-fct}D4hFH^GL-nq!xc=}D7gg_oi=bH$4?J0zvay~C^rZ#=$5{|
z^Fd|$&<}IV_hxe=?{YZ4CTcjm(W2gdjxPgK6MwKe(ho;dx$aFIFyK4Y|M3<tUv9@<
zc$>VH<gk@qC%R&|E*B=}eNhFzqA8emN@bmZ<W@mAFmZ^U-pem)ESCuPZk%CUq%GyE
zuR2)iMOo^ae)2!q+Du&Rv}#Uw)uY7}`_9&MhI}#{ues^RiwEx3)B&U(uR{A%gF@0X
zom2smS&Y4KmnbzM!>vY7e(uNWuHtM*1BS#rkWdDO3@+t8Y_Y_<wut%s&td`;kO<{l
z62!{k&#xff!p=kKaqGYC%l~S=%LEPw;0YvdVt}b=+Nl+icdqStquzN6KQ)lXcvx*J
zTasDq=qZc53l~&I$hofu-vI!hJF1CVW6gWAsR{>K(b$(MO#iHzHz2;>*_*^OTACIa
zJfCO2PK#puU#KBWzIbn8@7(N#0+1Cyb~3g`(!Y(aZ7a~2u@Tv%l4}wmLvov@NV_lb
z+-BK)O`CT+^ctGgA&GAgwp#)tgY#f7381%$VJwq5o(eunMy;r=T9SDkg8pJU1Eo3S
zxKT9eSx@vHDjmWpdfm}M*C&n1z=60lyp-uctSlwqux9vhjKxgUFY8y*jzbJ-IX(G|
z{J#kFYx!HW&sV;-$yqskHeP>F$-up0+8y^kGgMubZ6e9`Y#dA1n*9aULxIg*8$LWF
zc`b|Wg`z%n{}j@SI*tX{-v`X5c9Qw(c7@z^J!V~;`fQv>uA}s6UrsbODGLD1d%6A3
zGFCb|CKrE|c*=Wo#~NDHm+xRaQb2EQX_Ui5h}c4^^@Co@<SF!|yyW$Ikf&$hs4%sA
z^O1lgm#^XcvbC;ri0ElZfVt9dGnu|`Leb@6x4UjKdcL@?XS%w?rtwqrxJPkCZn2G?
zx1hVm;P+5X<}jV{&G5Y^z`*LF-j;T+{0QS!p_0}#<*6dwY<lVt9qmr^xoK+0+hO6<
z=T8!Ai~2d+Sqb7d3f?);quz;XK%I}|K!`rBxjTYfdk;_0zWv$T#5mdjo^dKXHy+{~
z%8B;JgXq#i!afi$Vfhbh=%yJCc_kD~-?9vTUgBtk2Q^-*k=OjDRq6T}M)nP|6wdq0
z;WR9^<e-v3Xyd%QS)5FyGnD`83aqwxpE8np$OrKDIh+(IlFIG7qh9>*$66Son0pmt
zvz}zt`jwN6x?RE6@D1Krk!?<rX@+S$TkKK^_wLsBFS^a$2m8!S%xE{Z6BVXbhq^<r
ze!q9titb*rs&MQ28wI{2NMz`7=d-<2)Tg}N$nIBK%9cx;;DAIkQCdKKGyMHO`9B{D
zoKa4Yc{JU~QCmo}fS>4595(c06jT`FzTDKNnD9jJ>fC1Kw#@rOU`W4i)f$ZYQpJ6R
z^|6Z+a_?t2fO?OX>6PqH&A=uSr*2u59ITwo1$Qq!b)kmx%qeG1rGm)y$$P1yiBn(7
z`#&w!?+NF<p582eYSW{MMLwM3I<wr6(@sG83HH`Ah}Ym7uGhAw?Pi_X2g8ZA(f3-<
zS;Az^@HA4wU+4F69$fZc*Y9sH3e{{*7+;+FFG&M}Vrum0S9Tlc(E}?YtW9_nC{gXn
z))!~3MOp)Sc0f|U%O{aFV529Ir=51im;$IF%pTM~f8PC|i>g0ev8dyyBCJ2J6rf`#
z9(=XIv^FPk&WAq)YN(}~i{Z#2FOEkszDgq`iCszr6L9Me?{PgJ>)17kOq>c=H*;%N
z-Tis(5*$Iy#LTojV@E(SucxnHHO+>7?~TZUuu;T+CMb4ABHvU@*G)@B2{NvXZXU=j
z3P9q;SnYRL44BP{co;N$1XIH?#He<+SfZN#2rj<CWjRER5OcJ6rTvb!fbmbXvAEmz
zRp}2fOYgU2N|7}0Qaew}dvXAu<Q~T|?<L7IP(CbNSvVuuBh#ese4j!Zwx5Co@5G*Y
zYLCY2Q-PDiet`Do)n*jURS?kkEAmtKgyYq8K34Z2M-iAK^kj~67Xytqve`ElRBfS+
z#ncq5>$J|+%QFk%bN+TD^{r=R_qzvDV$`=0#M<0u-5~s;-o!**&I3=eB&kj`VDo~U
zD;MMUkM&K9&ALZcsg&P=xwF0fzmI9ir?hKLMXRU?fDN5X54#zhN_EGh6+6hq#$^}q
z?}50PWWFmOR-K~^{Ye7Miwq!YaSKR8n5i6uB?-Fj(Mn4a0O741_}=QTs9|ZhcnCz2
zJ0!$@tu{7RMFPTwYsWlwn7P(z{=t?{6BIxE+IDtMGJz|skk&lRM8mR`>AB6;MyCE3
z3w<b$s~S+$T7NIyb)P|CM8Y{@k>`gEgYX+oPIKmcF?ILps<KU&;}4R%IM`GL{Fzym
zDi?xRjeOBq(Avi|on;s-ewLr1xF8AriobFPKc8_+&ldFm;bh+DbbJ)jI)h1M`jDKs
zy8#)eG2d9U_@%Cepy6{VsF`#9hwpSjR-MecHu7l??If&l>a{jbA3C16XyWVTpyLU8
z5yiz!+e>SPt^&FM7i~?$@7LP`urua-=L`xp!cC!YCtwW{Y~4pzaqZR2ik-j3{m^Cr
zUqnm(hv3)Ir$pzTUPhdBM<Qz}doHORYKR9HW0#UcKcZl5$i(VMm+En`n(Fi(vLDQp
zy#H*PkN=Q6xPONqHi3Q0&8i5{EubX&W|Z%9rXUd7Ux)bx+*u&uv$q!WO$_xtKvdRX
zoQpO9VE6o@#tu*eT#(l0b`juM_}|TZ%^jht+P)snR+bH>h~dE!O7}&d8KpqK2QCaz
zpgJDNUP_1&Au387)Sak1QE#BQ++ki9>UK5GdB)k1SX}0FXL;_h2x`hkWEC>tvqb}!
zIb@dkew3VNu-)N!Dxe+@nJ<>O_ffVMNbs~{!1EF+fLd|{U>RXNki+<8_Gq!9WQ_zW
zhq65la?t#Y>fw&HHdr1{bG|hM>KLI-^^?oSkk!F`=w!jjhuc(iB||_!Xy$Ov>ZsqS
z)k_6B5{6bN?=@5yxNFMLa7PY)^JSw6#Cj;(+P2qzI|k5*pgWC}c8flj^7H!|F_ObT
zEo37{&S5c??b7BaKi<h4()B3!u`I>lE2F!V!XO_N0Gmx$3~?CLOBZ7C3KK3Gir~bs
zHB?MX=_!uEI{6+Le8WzGm#(elY2seA#t{lrv@hmTQUj|UB4>;@KJ>g~!Pi)NXklw6
zwiqd1DA8Gusm_v-CH2&<D-8ZL{ln><dI6OC0T%a&Jh1Z=nXxl&rs;}A9N(NJyK3x4
zKDk3KIN^CYv92RWq=@DD(x>&?QnROUPOdlU<$u!2TL$4p!(WSk-bAi?of1x_5nHKn
zyem#Q*s|DH2{l=Hjmy3xvp&vV__Lgkx5{Y|K1ZP-E?={<!eTvWpOJAeYgeA>BVQxP
zAS_!xFY_^hZO~<daf~JtIv(pV{nD$CcXy|Y5*Tmo_5;g*C=ff+Bh5b#FJ`I%`ZQeh
zv9%;J!u<|Q0+2qID9LqoiAKZ!8)X{C@E~21x8P`PIOm8c4loE<ODHZPfGhJX9*##F
z@~$_DC!V|Ug&J7LH^I>~8u))sWlL*#?dQmV{-8I_oN(dfp1{+GmQPW)rlV=Bh}6OC
z6KA$g5b@6F)nql=u@EErt0FVA%J(Tra?E1cGf_Pwj)jLp1oz7s__{y;sBJJ;ek$K|
zid6)Ukw>%rn~RvvOSisOa?#WMSN&}F5T^k;T^-Ibt{cXlIsMM3qS0$ldx>;ukL-OX
zOw2#}r-tp)&#ZnP!DnQ2ZcVEZPJX$bIq{=Qu8fr!pHxc0V<=|={7O`*@}{kYHcdZ4
z>ps;03@!n?%5>jrAT_lvu<~eQI>X6KjjPmbs>UMlFLFCqI-)loKKj#M<M5t*s0ugo
z_pR7OjCos(BiBXjtf%W{urr$*si!&0*>r-PRX@7oCiaBEQaWr_@M9Joe<I)W=KJ1u
zP(>E|eMbZ^Dn6=QU_m}Dzm0BTD;&Q)2`N{a*7UF+nU}@d<9m<vNWuD=3)I9;_q2g%
zT*F!9)<izE#+H7&Ll|4PR3wDwG)1DAli_+00q9hS)CdO&V*}(i+s?P@QbDVuf~-bo
zu5P`!aQ~r=3m6u0mVqNp%tQ|a?!9^)*tn^2UAT~paKF&}q!x?tP*eEM0=feRd8Qz-
zTuLi}H@B%KF~%FX`isMA`j3d+eBCsm;g-U*)y==N;Ob%l5*%C{L~XIPhC9<-ZPghB
zPTq}V9CLlmSqa_@_PWnA0F&Z{TY5D^w7@&yNH<tj^Qn5f_Ha)PsqB7@fyyFCsoEFF
z6>J0^6F!EpAU5)Q-v-VX?}@K|#bP3&`CB}uDYim_n!PwZj(qtN0?GhM!@%~TB}jDJ
zLMf>D7nkf<<6<tpUaV1pz|(1BWcR`Tg=~uQW<Z8~UWIadU@xb%;eknf``iITC+X}$
zCeFPfI@4Lqee;h15{A{v<{~)aoc1C!oaWou$%744$DJ<+L~LAM!Y5utH4U~wN%gr|
z@@h2^#EX3Zvhz%44<7ae`G-RA;EdFP0*lSq_W~_QXmLVcXD<#2O!JcKJ_ciag{u^I
zW#D-8#$I#KZfB62jjlmkYgSG89;0F4+TbNJz6DX)hGQW|5~qY4$yth{2vt2aBr2!O
zxx?zF^6?e%iF$Bl1FByT35I?k!)G{;MYx-(y@0dj-P#jTM@Pp$aI3v#ja7+f%B7h&
zVi{uC1knehK8WafT|kga+yMsF%j)K!`WR2FO=$p${CX}W`ALM-H$$E9AscFX0f((i
z-QBOv_S^Ni^Mao({+*z`U~^T@Q<0ZT5*QDbf^07^znk7ccPPwzh^Yi;FvyH(Oy)>e
zEZp|-jwnvkhK7alhkMsbd!^L#9$!w7Ap7Em3XnrciOutF(8a)lCew#`Cf7C*`PZ&d
zTT_)|8T@ZP_Deac&B{(z)GE<crTANK^v`bkV~quw(Q~>%S?L`Xei0*TOtr`AJn4Qb
z7FsOFppz!(=;(V{elq7Yovkg9BSq2<q6@j-c;Xb<6v#n<CmsJg%#j>*5n7g(0OUko
z`ezSvKr%vfkrL*%*kvMzHO=QdY4BK7%`jtdlcZ{eNKMIfSJ<+f3ZB6;LC;(3*OK#4
zZ`}UEW@Pe1Pt9Xw4&3&Vjf0dL;!f@#Ze8`8(W9(vsAT_wT)7g!<~ggrngXIIweRL0
z#|sypV`x)#dcO(=%T?`gnLfHJf?o9&X+nI}#)NrX4Rp012PawYO!9Hq23uKI4<BTJ
zMU`GMh^2Xp1uN~1a+a_fmV@6M=pH<$T?s~6%1|f>k0Cf~Jfp|XQ~gHbMHm_4A2wy)
zsLr7|*_na~dVcH2?!0Jq=hG1z=x#+|F>fCqY`M?DoyOzKo+bfP3j#=FOw7#hdOv*I
z)U^9G__?>^3hAT+f3i_g$xMI(zwO=%_GCRSUd=MD=bX`Re7Vlm;6AvJ4|!r77mZ1k
ziC<JNF@R0(llZ)<TEJ>zy1?bS+n6nSD1zqupD|5p_8Am}yNh_rq-fMTM!B8odF`Ai
zEG}+9Vv-U|yM%l~1J_r1*$u3EeGAq92q175F%E}5CE$3mKZw^S8P9NB$nGkEVZ9J>
z+q*ek`A7k3K%-nDNSMeyWb9Fw1Ad=<rC-odOCcV%S=6XOx4t|vVScVTqozY8`11nI
zwSqHU@Ppjf!=17Bg?J;QdPoLX<TM1Q9MbQ=qQ68Fz!%%UK)2bZ<*v)n@_N?qx9=lQ
zm-^~mV~JBQnVFeBOq8sULzG-!INYV57V%B(M|mr9MqhS#7mpAzWE-4aSLsly0rDC%
z77lt>er^<tRtr@Jl!Nkom17%UF`fRYklB6nUN<V^_Gv}6bK#uXhSz@umF!fMt-rqu
zpaJ`5cb|C<o2L~D$T3fPHU&<)`pnXBXT6v#rmWj({h)QB*Ei>+^@+h$#vRw^n@27)
znK&=;LVCLKvcJ5ws1waN97jWnj*LUo`{b4NI&P`Oi7Kb)tY*xz>-p?z&8%^Ech7om
z&}VWK-B|@c=`iwzP+znpj2GONRTObHHR3GBK9faNi(<HT7w|wGnlEc}gLZtWtKITb
z)`8x3ZoQ?&E`;6ktvr<?9sO#DVpxM$9HdQYtg$JDjlTs{OOFNSQ8~?-0g^})s<8RC
z7>%%rQhg-}Y=_~7M3v>Qj~-|f#@YGM(_wni5HMNx@@K|M$tT8h8Gh%r%{h$(H7B^Q
zCkd@MScGO>&L(~(yItqhW$lb;I^6{7v!Y0@57OO-rgqTJu1?c@3exf)z7B}~R#ETr
z5@PU24n4m}<FGCXJmwBXq>8^dh<lWo*f_R}ql4-OF;KIcX4T&cD5A9&Fkty|N6+E?
z`MlcykR3i@Ilt`pOt3TvkPGk+lz2jqqww}XKP&+Mg-R1Sf;R4%^4SWWpF%%eK`zDk
zql=J)qAV`GAd>lEyu^0osMnWrd{@c-L-BEOuTwi#2KUnxWYUGvbL2}ihx3&Mj5w8i
z7uLRifJpGrb%aN(oc>uV(Y;`Ws9e>@&1U}KX}s7`mA)u8E{w>L&2lu+M~OmC)sM1R
z{cYsw4Mx-ii{-0Fd_ZYlNRN|V{Aw!+Rkdx^ex!C^=q3IPFK6jaVPL#wBQ&=ahLu^9
zFrv&@Q8Injw6$MbVHUoc92c7$7P}tS$o;(G$a0jMIr(>MF!A|>LG~RmHUm8*EPGWi
z<t@=rOL~g*y5tMKs(qU0J9wFl@XBR-Z6mUU@OeK^L%*5k%CGk`S3d-W*BwJ-?2zQ{
zZeY*YV|rRm9m=de(wMyb<AZQlbquym-Z0ldy84(=dF}|EgZQUL1=Owin@%pOypVi`
zr<VOJUL}p^htx51SZF3WO}L37v)PaF358`4J(LQ}(ke97RPZV#t7L&z7|Ix%hGA_c
z?{rqV{U41e&u|i{Ez{4W!IGDIOOk0k)^2ARIQa50eLU(PXGfUunXwE+?_wNFi%$u_
z?b_!91W{OIy_r=@qPKwd2xgf`et`2}AlrI;)6>kg^PAy;3W$n+Ucbhb^nGLO@?G`%
z#qeYpJADHd>y5vNrS0y7o}GVi$#nPjRAm*ox8w((`hyWORPb4E2Anpvj8}eMyH`o}
zs69|ub0FNMzZgY){IX{HFD8v#SztT?{Y-ijrIcje%mcolnRe2(GTpb<1{!)s-$3eg
zeF`OXI3>YlwJzR)M-eg2JD~dXt~_T_!6myvE;*RB9A0Fq!c?!VYnK4~&zXZA5DyS_
zAd%zMv=f$J{x;z3k$Dh}QLL*F4aBA@gGJxUPOmc=Dfq8j{T9)%=P$+2qGng_|G?yP
z3ri6hlz%G*&7>)>0;M!}<ecp5?FTfNi!bV%-A?3o`#yQhqTcJ|$W*ZPSmHTj*wF>1
z=?Vxw^c*zwJocBnF%`*5AB&!qk9|=Yr_!iM!61f^zBVgWM2gKms!*BQoZ6HJQ`H^y
zUX)lYbo?gwJ)p8TLD_EEktd?kes^@%X`uP@b67fBkuvXX<zLM~ND`3!1R+pPQ<qM%
zz8jv<S6Q-&s&QR2D4=Lq2WIIs=Rm8I8tGQw=so+t8Zi<;dC?_lG(VXkq9D~rUzLeP
zW-An^XiTV5O}6CfX>zjZ$qyLeKPY>5-2LH250ouips>Qk!lwsx6Z*qIKs?${e@cw(
zzl2Qkw9c;ON06N#?&uYLR_wK@-;!}K>W%pQ0Y!uvdfRysSbxOIZog(8()LZ?{OhM(
znOGK6<s5%d62L(o_p17XT+TK0)(01KE4>M2n$i53pFEm>NGe^4i;Xv5Ih?FGm?eiT
z<hpttj10a=ngu1hvU9x|u6Ogr=Wu3F>3Q{ugQaa~VTk7*>yS@HQ<{9tkCYqGf6{<F
z*aCcahy*gj`^AM3?u?NFp$rEfArsD)myN-Yo|U!;w};v5t;2;pBaTMq#>d38BoOj}
zTx%Jg9Gq#{Ktlo0upZ<nyl8^Ub1D3%Js<P<ywXkr49&ipIpK{oJdvPOST2>s>B<ah
z{J98*eiJ&-Z!3&h@fHicCDYQKC>_B`j1*#AOj$*8fwT<?6<I(;T`DFQd+(B+^~QW9
zR*%DP&Z6M5#xP=QOn<AmvW@NIYh5!!z1{FLwX^-+9>IlTSh{;fXFdy#ic)7O#F(kl
zboQC$<&QtFx1UyEn7$6%!Iy{{@2VaPsUO<zwi^$SrmbhxIjl+m<gp1;-M3B^#MaGu
zeE}bx&a&4o5z+DVGzX9NQBCRBbL-m|(Fl%r9<APc<vmW`di~ueWCd6tOFinXHJ_&9
zCxuK=Pq60b8`;k{uMcJ(301^Aw&L2)#LGCyi1|5fkQ7GWs3u2FSAN;<etk6)_gXuV
zSbP1KbeeZ1h@9pVpi(7|ZJ#KGdv6%*Fk3Bqh46%}bT@?k3Uo7QQ|PuR+wC7nAeJ7a
z0g1n4i{t_NM7@xnD7`z*>(FlXJ(sV8zpKj3bHXA)Fju&72gG$>*@O98n0%8S6$Y!-
ztu0N<=1`jLvN3Z~Z&fC8QhnrvU_H0^%gq0o5?@mRT=c}F;q<urFFlP2zfM9g*5=rx
z4Gzg6Yw+pzn6Q2*ATr_LXg?y?ao{1gXa3V0DWB4P_lJihp-ZpCmt(V5mDDjm8KimF
z1EJfX!XGp%5nB9XAxMNJ-FtFq=teyJH6>#UYm#b5U<G&EL&Fy=$=(EKQKtE+wkdmF
zEGbvqGwq;E{jiTfD4&YJ&c7%=asFvTM*6Ficf5A3-6}Zzm08_UA?l|;=riM3;(z6K
zX@ue7PLpE<3H=Y<C#rVcg}f)-plv9vQJ!jL;o-VNb(s-9eGDu6oU0H;U+!^?**IO}
z&N!I&`p~O7I^&AaRP`qUNA#yvIu3sc#``UP{3<jmmQ3VH5=~&PM13wueby8!@JrSd
z{o@1*Sn&Px1w~KVwLO1upGW{9_mvaN*Am;zXgF!cu@G}&tlbxy-`F<={Yi1G@gpON
zwGG?DUk{{O)zMr#*REJM@oYeXk(J;P??JSQ-J?y@<++s^E_zYC+H7s|*o7Q{?Jl#_
ztg~qYtI5GWiAF$k_?z!%S>@G$>@^l4P{%68arc}8AJD8Xr{jH26tC-%e0{2#<ai{`
z?tE$y_HM(zxpp_UPn~VcD3+l(OVBTdTBbeLD<j@DCbsVvwZib=wWpm>dmugunUng4
z^~LmnPC~++bz21Rc@!!PZ$9qUr(%Hcdo-L!*LYl?j_r_@93Jehq(9}MVI9WvoqK&%
z*r4`OT`6mv#XvH0_<H=4ZpLn?nG8i?oNQ05Ca21bVir{*^*2|<@k>eK;hT4_bRHr9
zFk&PJo=X6;&N{BTG(tm*kMV)1mCZPA7A@$1IK5O6BgSp}ioa#>vsfguFFZ=O{XJ<0
zq!BlSy2RI7+e!U)p?x5PjgFDNvf#G(zLV=}&hGfD0h|Y*i<C}zyvv<;QacgwG8^8%
zmMB)8hQH;Qj`niP%Hcd693C5A)V()ER5>XgT5PHb)_ptGV5;uY;cTDL7ch9A=tYXp
z#}L_eiVJiA2T9T9{XnsC>G{$_XLH!*mj^Yu2~wO3&ASMEh7I&I9RoUCaaK!pIK0^V
z(6ymjMTpJSV%$rwbU}ZERmt%FVnDG>rQmN_7yd`Bgaumw;B2r&NrauK2@tKmb8|OH
zj774IM8`v-iLnP4{o}JcQFbrvb)sc^0`Y<gOZnrDZq0lQS+ihS`3gb~I>|n_&YY6m
zP$Rd_r;X7nv-{|ho94UGD*g`(@s>nN$~P9~mqWq^@0Jf@WBwea-3;ppibL21g(Qx=
zM#x;H=Jjhy?&C7q?Yy@MhK*~Rj}O#sa$Qi*ihyW#?X>HReKw`iQDDlc2tn`wo`%F#
zg!qFx`kYNE6&A@*K;V6gzxCo?6rii6&EPqU(XjPSqS;d+C5pm^KK<`+Z5D~52@m^S
zG9EgQ0$*ueWwP~&?{{t_ThFEWXu5(`8#NQ%SSeKFrQfOk{N{btBQ&>Wb`v}H{AWW3
zlo@KGX_t4;69MZqNBfq*MP?UNE23DLd)XHcmHa9fbX~ssnOwq6PVqvL_q@(z;=6z%
z0V+}hFb5B}kQw$Ch>EV430}g@A~jG4(#A~&cE()M6-=^Hsq$sQg`B^I4vpfkQlSMW
zpDS<Y`i17{k6A$Kd|I}l7C|AI)ZbWKVI?k$`Vavglcu;tnqMdLw=fF6h;=wii|)73
zy8vIA^sa-uC8Fd`c89Ic<`AzSFLHY{4+P$?LyRTf8qIMrf3^+VwdDXU-gODMD<aUy
zDny08Rg#g>PSH?3ZsUkCYn7y~Ty?%^#HJ9lQm$9K*$fo$d(w3t6@O5%HIX1MbKz5}
zT=fQy>MZ_tk8C@faeybtHXSNv=B#$#+%mxJb$50Je~?v@YsI+ztmbLHVEgz@d?>uX
zj@rF{|KDKNMXnVN7qh7v4z_>OIY%K`yJgSBTsu8+_=`%}ZL7=jgTtC&Zuj<0Y&3SX
z-Iic^!Xqc<?ebmAR=K|vstCpTtlFyd`xN3~>j|&W4#%ZI`3#b+!K6khk48!l&q~+v
z>T$g`WXkOekG*vx^+*nuJD_sG&x;@Rht5`*+U?D!GTC%}m>Pn$yN#PG$0&Bs@y0gL
z55RBoPh;p;d1}NgO9GPVM`0-bQ#j@#)w+&O8D%PcQkBf+G_{Kxtio->F*A@M(`S6r
z<y>20x6NbNSS*$}pEOyyKy&LIe6jFdd!GE_uccG2{H`<~u^4+%$7jrLm~QUlD<^R+
zIF_vXqT{`jQ!}o-`D#++BI|L?u{51eT=+wh;08;JK;x#?pyBgd>CLion~qPPj+Vo4
zne!zP4i7pbD7wuj9fgd?USS7Y%{A0pDtFAGhR{lih8BxPURK#m*;;vw7SK^u6DvNL
z9I+O{lkGXYVqIOW2j|zq_ki0LH?MF*81{qHn~*yyT~{8#j};d2t(~qr?iBiL#7oZ(
z?$x-^^PfI)5LF|5@=)mHYeMiysH+p}kR*(FDQ}FOmuR{F{=1c<WWsyNyja^;@>Gd9
zd6iTvkKO|!6HIL?;fvsNH-AXQc5mW|n@p{OIIsmy&Kf>18~`dK6iz;@HBy3i!po$f
z^2Ypmv98@})8G*Ea=K4)*CY!hJoe9A%##}MVJIV8NH}Vo6=Z4?Z8mykj)pepGf7d@
z|5A}c|6o45U3PbK1fAZzwNjYl>+cj@28qT56gMtS1~Y7CmfA_9)sh{%rOiVR)PSE<
zs@>V$T`pIJWOC(`JS~xf!eD97(Lpdl^qz`MK)HO@mrbI#Zwg;T(dSHrwY@A)=r183
zX5)J3cHb-K8<-RMttr*;gfiuv*W!>*EQpGQdg@8;@tM4-WVQ9Bq*#euu2hbw`T=#I
z6+N?kwY2vut*1(6WLoA0Q;5e2qcUMPSuYqZ%d7$RUTHH=k6v!*5(daU>NL{^$%%?v
z_!M8zfB=K*U-}F3WE2IIyFB@A<W>R_jQUh|^=DP1@qMV&lJt^#g-LaK>ZiLNQ6OB$
zl{btVz!|P*kvWf6kN)vJ$|JbhKe5mvNlkT5?Qd;=b1&?;b0Q2s`)Q(wlMTWGU!5P?
z<fJ05^!nx@&;yaQWqXzB%>Ykd)wc-aT|AAiG1$6>a~Uu>57KS`+~hk<x=}e4XPQdw
zdS{^<*hgw5TQga93*v7h5*;RM#JdlEW?QTeX5>M)Pc~+#=VboO{~<%7F;yY#VH=d;
z+fC15u&!sJ+!X+buJh+zB=rts#^915Sz2z){HeVKwl6A1KOCK`nm6|w(HoVL7pn<8
zik{O)T}^_(!4*rLolL7a2KegHzuqUi_%1TM`peXJ;U?LLZhMxNOSQLV&*J;^E6|=k
zJyD+Hd6aegKodYmJ>R=Oo!*|?yPi4hv!2KjdFPr}#_WSqp)H>`VXnr>IloW$q=>zS
z;jl}?fraThG2`7kfzquQSv$E4hOTR&-g{|$9?Qecjq~iAv4HJlVY)Fie=J*bq<Qxy
zt+nn_Y%HAIh^-)3{~3$<2$e#iwu702Tqj-hjAd{~({msPE#5U(7K!;d)s&ExjGn8<
zYSK{@J@fTwZK)z_<!DTk-ZmIZ2qBvOB6AIeQ-srPilieLJXPI7c|QR-RbnR6K?BNF
zD2~h4Fj4AG!y~`r-Kb$^!{bKJwVmFrvauX!Nch-UiL9UOgU8P&!vV$379gN>*Nl8<
z`5K?t5L<3M#)=+*j#lbyfuX{EECorLi5ndoah<8LSvj{nTZlgH9w~HeF}siuF)5l?
zcA|J_3UGIVr)m6QAKC3#F~U71&>@ld-oRM@d4nXDV!gywOCSQC>`23QOf0n4Us27W
zZDKkX*T*>65NawoRiPRE0VlaWM{%;LS|bgJFW`OnBcXElc`akuBR38K#HS@Z*pYn~
zhdW^40mWyywQ=H$^Qnyi2}>#2?%N<dp`vTMNaxE_Hzcn6LKv|qyoP4go5RAKp$yrq
zUfl1i@?C#^7gw6kfouQ<6t5n4asK<@X&pyzadENdspB8q*1~$qlkW~ikPABQIv(IR
zqCR9OyC~T?5wyEGPDP40>+8N|INgybOJeA!ixu0b`kI5J--OTI=x5U6SSW4yEk+uc
z{a;K15BRRCP0OY2Uqf|18%@6H)zC6R^lzd3zKuQq(CC1Csz%Jg@op!<HeksAu}aCe
z97xE40BYCOg$nT-@;958FKsnZzjkC!x}9gl)=U-+ROqmyy%$un7gOs=V{TV1yyDcv
zwo<rS#T@VZs>6C~IKpfyd1{?C9-O;z<VLR$Si|Bw0;9@}BfdyEpANjMzG=wWzaAqC
zNLc+R^|BD=bNN`b?L%L|TBu2T+fXP4m9e*MM<`!z7eUkbiOY7RUDUIY63*m$scpJo
z-P3!zMw=c^+FNAhs&E0V@vf{dQx#Nm7KkF&Sj(&A?)uv_P=o+HDm!@;*Facma6vS^
zPHOnlAus=G)1vo6(@l1{JVh*cZJ<~}qa&X=ENp$k2dd^hmghpnRj7?^@V;ma1Xl4`
z`FWn6V>`7wRV88TH$1!_9;G?%Dj4BN(PA``^ZWfpjrHl5EIPWoUtPdYk#cb2eXJoy
z5|-2Stw-r-?$d$~v8zm;gr37j8}9y2UUGLyMz8^{A~RPuyzk}OO*kX{7vnfQ!snRk
z;W-&sKz)~(_v$oVz|d*CGRR!J(bOzepo6a-NVigECrUz$%S^Ep4>t^*s6K|!Z#w6&
zL$~`=y?hXh>i5IhA!&Q?l3$R4;svIGenhr%`nZgg(B#7XDtl;Q?&%Ny2-zGHRI@p<
z7yzNvwOmZrb(EH|Jwwf6w-(7F7pf8nV|_^PX*^2a$Kxx3f<=bP#Esc+tc}`P6s>_r
zy|KXTsi`t#oFb$Ly}n)R!=(OL{|{Yn0aaDow2uQGDM1>MjzdegbazQNf=IV?w@6A#
zmvnbGf^_GhyGuI%+kD^e`+vW+&T^ggJRbMn_dWN_b<JEe8|dp0sy$S}uT{O1`Z1J}
zy*S4vIv2qmosSs!2}tJ5Dc>@syjH7xt+JkfgZk-@S~?3}eM1t594!1zvC&E;;qI6!
ze-g~jv0>9an*|pkYB^Iz@-@1qN-X83+RngC%uHJUUH5u$9I@@8+MUbjXzuIU-Teu3
z<jIF8^5N0Le5LVDHxjBXmbV+`BL15y{h!LLTFnBaDCgKLtuLzsrQDfPq~prve3>w5
z+UryR4S1~`tc;;$)#s`j!odTK!<e~hGtD%_-7Pb*Fs<%+8Ws#9`VTWdyJ^&~o6im%
zTvoVJ?<hwA%|OL=rTioJ+bs>Cc$AIJZ|wMv^N%3pOMFn-0BiaC>*<Q+$*qO%%zHXq
z=A&}BAE_SqYc{oPyXhG}MR$N|u2Kt7ouQKtx8ByfVx%RI;@8>Z{=(Hh`q;~1hfznK
zGSgNnr_T@ji^|{Hr&3cwcq%PEfAAj}DcWWq6v|AjEn5AQZN~4m6~4c#<(OYOC-%Zr
z>lq!GnTIY%337bwimYwcx;|?Avl|@<DZ_|)OXfAL5FSX@V-+DGA+^V?LxlS2kJGA;
z*ppd%mj|W3C}>=Gv9z0Cdpp_z%WRKF9$`zGaAAu5>h(ytqIXwyW^s=_DO>~@jxOq`
znT(z*XOq*O%&+adkaVT)z`}$B(CjzMDc<iO2re(ZF*br$wC>yh?vy0@?oC6r`4bw+
z)nWc{$aBcXn&6Y0-qIxYUQfD&u0?D>I3m+{MCcYju+<m8#ex#V`8y>K|Jvu!1Ga%p
zQV2Sg)0XtE+!Vt;XE;G`9nbHuYoXd9y6JX`)=KYvR%dqneWOh_w_i5h@92Yi3`hm`
z9UrjG5D+&E_t+vUbLFHCN6Dyj_KU`IB1iJRzjiP)>(`6nYFCji`#9#<%kL;+7mhFa
zoC)h)kcg-nQmJNj#gyk~axVf=%Lmj?@)`IiHh=nCgb|fX-zWv@dFo_`wOUI-Y>zKL
zR<g5%hyj^u2a7TKOwp{6{h?!pxpd{*tkOEBKE>NDQPDILNSR6~%K^(X4bwRvhZJyd
zTSM9*?x6l&;Li%)bU%GH-#2^NpXsErVlCeyoh0S$^37WZyYV=uXAw^hB#Y;^>Uq8*
z&h6s?hWR-H+mpt88jPjknx!R#^3whXm7)>8<=^BO06!g+yUMoACyIc5zF@L&2mMO2
z01=k0aC$)MfwF$UT3su`^D<TEbE;GfAe)yTYSOzs&5*q9_I9iFZ}AI}ncQETGW}0u
z1EG(dN`cge*n-$<w8Djhq&QTPxx@1vGY5LMqYK+{;$Msc>RDcq3^R*#Q#;yRD0&LR
zuC^p(BQ54#Z|`K>%t+0rIT=(eTICxKjS8f|?5aoWQ_=i`coK}ti5ltkmCOhriExb8
z)ZTbtMW6@3wPF+(EAsUBGi7p7>X)6D%w{vyQE6*a!?Z=NX9weP#k(=oP_ZD}y)UDi
z9(y$hn>CuX4c~Xz=^Ro@1O)%!5cTxOk-f}?`t`toz9=fD6CaJwScVHf7O#NnqtQcU
zgd13pG{^n=uI?&O_qtJx4y(ds#ZC0VjQ)it{Z}oZm!nfGtWck6{V&H4B~e(9uVE4*
z{Zs*O!V%-9i7l}E2W`3e?8fpY(Q4#exMZx{5}`7PEyr?TG;<O*&@>A8T4D@pRaNnR
zJK^%drVD}i2c}{6a`7*RPP{@F4ytv8)SZFF>xz{C(elp&OY9Arh{8L1<(yB<&(A-x
z(D^19{ipnt@u9>`7~-_EV)r9g35Z@U5yqB~8V#e!1`k*SEcK-a;pU5PZKZto3P2%R
zeAd^!ay`U`PO{^I^>0#TSq{3{T2sp-t2AA}+Q<o3PU{eziZfMv-{DK+T+S~Ak<T(V
z)gJS+xmqD#JVq$7VLBx5q&$0gD=%Rc<3~)6RN!GGEH!H@em)Ge8@tO>O<?YhC7=}f
z%;k}7@X9L$cBa^f^B1b~q#xOd>ObXS^9LlSBU@X1z)*EZ!|+4|q2U}rua&~hZM;f1
zoj61;v7LYTVKy=nb-WEvOq^3EBlM{fAi<t97a}hJis;je<U@ZmohVNy;IQ3IRyy&P
zyGx$E3Gbhc&S!g8<yPSMS7j^EmIBk8AU-}pi==B*r!+ZZ$rSBheiXrw8B%*t1st)O
zTuwepo75WjuH|;&jedp~Sc&g89>`?z8jQ_$JH$NBzRE4An@$zfoYhsFJXSgp9xJN!
z6Qz9^llbTZ7JzS-f)g~$gCP}FgkDm5l{cI_9H;~OcJu1^!5|BsT|hJuhBO^oP$b*w
z>r(}Iki=2%!|?n<WxZA<+w3W~yWC;3{pLWz^`gJU#n4bb2};>3cyFj*A8$4oj6+Yx
z{rKXfg^I8MZH~3o07khu_=hDttYXa?`t4aKedX~fwdk2up#my#xv!j6)@tpGI@~bK
z^zUsp;42ZH!bT@IZBI7pNjemDTB*iTRhUCI(c8byp|dB81nm$*!TkIz{{SIMOZibr
z;N?`NJwJC*C&W*uU<jfKC+aKV{NS%=OnnP^FDix^Y=6twtE6lBt%v6eh4vF@R48av
zo0rh!Z{=?}2_zHfvos9@rD&ygM26C^aCOd^z_U{`#d%W!pTUa7b<GCl-DV7rF1O%w
z@}WUgi2}VPfd>0aRn3Ndr6(`x1)xBGK5Yabvz{puIn0>`qi6^QdYxv6kKb*UNG-OM
zf3=`m_)}O|bjskmu^cunNbOw=LpK@S&fUpg+}LiB+1p-}?}C5-r7Do81O$`WZXeYw
zQb~Y31REyA3FD(;V=GyvRsGFe+>i9gvW=Q;LAXCxwje3<fLKr5?#g{KbCkpmz*=R&
zsImDWlCm}{&NB4kK}YMI#5VuE`_3KtZ4?tP6XTUKIW$;OIr#e#X4PZiUPt(+Pp8~a
z7qIhn!7I5`@~I;EMs6>Ki2gm8Eex4e1Dy<5lGCaUs0WxXu*-vkInNEwM^XvSE@+i#
zg@k-*4<Dwp+81t+$|Tmlw?9#RbbNh#sj(3q7Ke1~h|i+uQge2?(N7}Ze2iPYGcy@Q
zv;Jojp<v#_PXvd}5_jDXB57dW$EfMD)9`>fn@|Iy>4Z)ze3Wc$uhViZYroW)Q76|f
zxiKt^;r#tEDk0k2>7(G*hno-~hI1PF`T}B$$Jl1fH|X#m7o~{>4;m<VnXQ3>sblk!
ze;<aK@1nicc^Kaj!jsg7NN>USHMTI`&!$gaDxsm}5PjjXIYzBEhjbeoh!Fp~yHx4r
zHK#`{s;0^t??wA&r+JnVv-V)PZiwfM*=G!}uGfj_Vgb19YZW-M7SpumuD?S(w*`9$
z>-D=eHdQ)}FKMw!mgj@cB~>R=Rg{ROt+wuUuc1jP_Ymn)`5V>M4#@luP8(2oFD$&P
zzarK1h5x&-Cd|f$k=I<m!SxN1U%h)<<ioubX@^i5&_4{tEAx2N&sFWYbd@zZ{ccnH
zaHd>oHkG$=5LpoR*U^B2LG+<bi1);#yqxn}%Qb5C&kjFOL64Nk3<aSxAH3blZ`cqw
z-#XCtXgi$7Jvp(RO~u8ytB?VRV%)4g2xLJz(xkzH(L6uTgYgpd@1BU4&0xGNu7ktV
zI5(XT(4)xI-a8u~qLZHp^jUBfpo3v1ZU#;>8m&f=h?p9hT=pE>(}ulT*X^dTN)k-R
ziN3pC9wNR-AtfX2>kexbrhd|VRe4Q9iqNUAh5Gpm+VLTz)Fd^$gdklmPvO?r{^vRU
z^$~_SYI+=vmz0zY8BXCgKE8!0^xsY1$R;U1f$-qAM%I`vz9NuB_p~iU1ON0uoHENO
zqx&fXli-#w_YNjNOJJV(5#fbgP)iWnOp60|u$!6MQ-qg73;uPiF5y|1s6e;T<$U4p
zG3%uBXA0RwoDdu2Kg;;@(U(a;n_i5SGIgu9r8_JvEW+%bx3VYccvj33LS>F_brqd>
z47|e0dHQk@8|JE|@HvyT&NCTsG}nO0InDjfXY!Vm&k(&0i##>;;x#(?zykdDzdi%W
z=b_m(Mg4S;BPUIjDeD;;yabGcLFV{6*Iz@>4{s|s><M=|oX`F+U6SJHh3Xeg9_LX#
zkgW0j&f8mJb&|(sm~8xxSUK(4=q{cU-wQgJiX?##F~X8cj-_kn7<~6<ESk-(VWj~9
z&dJ1#R`X#K<-%^1uk>mD_-h<=b!KbFm;9j|F*i$CYG&JuPQ>}O-^;{SO3yHq6<1zP
z)^L%m9gXLH5@kb3ismW$7RdBxYmOaY97+pVw7NLQr`JT>OUT+#==rXkS9nV*;iZ3D
zO^ej>?(>7oU~n*f3og;B9g5EiS&-hH^I^{+)AK?r^5skGf`(Z7&|5m6Xv%P<?rVEb
zJboAs@-pR*z%+`!r|7>g)dO$C=3i~D3d_X~seK<@{0ip9aGH+$(wdT`6zlQ<T_T&M
z?luA>rmLqXeopCWXYC<=CiEZkxkYH=HeM`3o7Um59BgnXzZmXD@&YqjjCc<|<I`J@
z$RK<F`y$*37LbN>Y^IGbDdXvfTcEib>xb$zvg5hqC(Tp#oX`KuCZJ$ErSvyLjS=ZA
zU#vt()L6}8I&MxNBnf+c*fn2)hK4ri2}!h!;JYkXFyb+vGA#Q0V>WqW>Wo7Swxg#!
z$FML55GSgTkbL_fjw?i>-x0tp70SAv=_IW-rNBjg*{2p2$8CJ3gZk0sLeTo;g(ogL
zV5}r4+CINy?VpG%j&Wt!FTakUg35zDHlUVDS3OC&m}q$Qade|*w^6v%Ded7~Z&*@8
zC#!|;pP$HMe0kj2`avO^T-KZGCt^cS!dN!V_UL@ud^x6LfF$<YMDKjtc2$;;*NYSH
zNYz0*tUhQQ$k(;wV*2Ub@Whgt-6L-69l4>+uO08|%HgN~<0znD*d+8H;8^<2Y+NFA
zUIVA*-CFGuCS-T{%8d{yJoIB8T3iN61{MGmMsf}WEyCbj|NMAa9@N*@Z+J(o+lBad
z!4-Hx6_u6p;SII}^Sc_zh0ZKKJ*lqiSL?wjuZ}ly?iQTDl2^A*-f!=6kr;vz5fMX0
z>)1&nlj4oR?c{&V9PkTuL2XekmHnsB5PcU67jBE`A1pj2<fgEap6u}J=M6TzVail>
z)@ZCz+j7_$<4uZir|Yrct+5&}`BJEn{%^rK#q_sY{45EQf;ApQmfxrjjXz*A7(D$A
zE0BGBn|!TG%0aX(GRt=FRlhRyY@w8|Agg-S^~-gsN2VQhSv-DmJzbZK7U=9aZWq9y
zLj41q0KX;bP4rNzQ_1|Dnv9RH9*8M6CwH^oE_wMTb6yzYd8!-Qk2zQ73_d$@-R`w1
z7lnO9#>y6R0qpL^t{pDmr*~EBr%O44)HY%-$%CcTNkLqHo?e~e`0B~!h0E<dS4JEg
zBMgitjN5a<7Ti~VJ&`Vqo70i0^%4H|Es>9d`4st;-b4#l`Jgr8jq1$DZbTp6-Es`d
zvW39Jpn7}zV6dQ|v*+7ztatymJRD=D;w`c%Ya&z+-Br&(bEDH-41CMZtxA_9mWm<*
zJp9PK?R4v>+~#`{N{KHj#@8_~mXIEY*M`ydl2qOxT=SJ^H$jm@lx1xGZhH+N>Kk;M
zSJm0R=I{X+AS}Q85^wDd$5RoMUxuNN;!~p2crjCH?DUb>K7B6@G?c>q;<zt~!DB6L
z^j2&_rG<JM?=2}JH~hPNhjICoH+rk{NYHB{QFV2kESjkQcGTP39wZjp7^Ycmp|qcj
zwUj!DfQTaJvY2Brc@*cNVe%|2h|rB)e*~FhRyiS4D-HVWtZMp+2!(WPFnX(nWGAJ*
zWj*xBUw1<W(=-0qFeKqGjanu_{6mVpX1+`U?#b_k>IP|6Te3jZ1I<y(M3%QR)|y|1
z2_9a9fN>Jnmw64mGD-|}F7~(^n{WG(*)Z0ARHb>cqKb-7v)6S$g%=SK8#`X<go614
z&5|jOM_3pFM8!qpxy`9q!BwR6HFCj~j@nFV7<f_W(b`dWC#69-F;xKK%G7H5_Eas>
zd97aj6oA<i6?u7h+Y7l~Oq6^x<IeXh(-HZngc~m~L6t=ND7OKBVFa-Pn@`VCbFKW`
zrYyUqwMsRc$<-4d7Oynx4HR2avEP1k8g-`D%^Gf6-51M?__%Y9sB9zf#ga*q)Tpbi
zyUl_pOm1lI{$geP%|*+UdZ@YJ^2`awhs^=gC)i4<?umr%%Y6S6Nn`y)(izi>_ng}a
zL5DQMgZ<U{2EML3B{n04@{dusglT=TXhM%Orx+f5kM~ji8fpd21<;h@XS)lf?>ZJx
z0)y*1X5z1j241bLLst*iq((Gu5Rvo3Y4_N^WUXnmJ?Lu!V$C!S6-`V{7E;WBcA3|H
zQbGoe=-QDB<5iHul1fZ$tcI)<zm1Jo%(e*8J(1`HB7^x@m4@PQ%ag1d6g-s;T!p{r
z#0wm$^0Aox?xckq<Hsf)e~`W1AjE#t!nXVQ=5J?v#pm<&>(>&4!W=U%udd798!P{&
zjc!P#UfSc8pZwB6qvDO#JJqGC9}8t@30N?u-G*=%Askkt1L(^j^tGvC^B0C_CI9$=
zK${Wh9U#uZB9FoY$2alV%XtGT_LHDO@POvA!?qWpS2!+*nKs=<=TD%;nX$4E(fY=H
z#ksDWfylj_#<}a<u#Zzv5N+-%;2<oKv3DQu<x$Izg1~4rWdw9~4OvM!>d2N^)^>?}
zOUQ+zN{{~I%<whoTNvbjgn-9qpeQ+YQ=IrIbU(=MQwXI7;Wzj{j>ZH5snPQ)S|1wb
z0-e)!dtKjcOJIow{=57emq3o=4h;BYbh)n~siY~hm2UAo-$p;SwLi&00Q0(i;27)p
zZ(kkfEfZ6goe8oowte(Ug~ybHe;*A$!y>1E${SVdA)(b+vA&fy6|aX1QT!<LRMEZT
zx;q$6t@cQn$L4BVqMRULvQ@ASvGb#C?dZVEVN61P+oC?ZxhZt;jD48cngY^->ji=>
z#pwhIS;ys}!@k2=f)XWFy{(dQT#xo|vqn9Zgn`sNhDUYtxfn0tDLY!p6}YK+JN*8?
zdc={oe1>@pT|PJk@ol|^x#)#XqD7lDFse)GA0|o5)*L`%{yk0-rD{d$Vhl1#Vv@mE
z+{(-=hE}?K9>)(B)gKQV+$!4H=>K?Nfc~}VfC{8y80R!QDL7^*)ZU?{sM6`GSDY0N
z(^06-yi=e$VMo^{5lWuBtA)E|IygY-ES&SrDgYs9d9dcH@pFCKnHij|7LBuI2hebh
zx9{^`d*ZE!=6sdPZGFGg^wg1(f05Zj;_YqZ>9InXPC&ukr{Y>r(hF1xTKV_N`wOj0
zCA;5mQ6BRj8NbwaA@ct=x`MQ}#3R)n)yD$$Q3%3anU&6V<FiH6$B~qXgC7^_cY|I@
zOL=D;jGlx?h-j^RlD-;6OJ$#}9(zRidkk<Mru1rFB6g`PdEU#u`%ka~CTzfe7YW{x
zzbj;AVNue%_O6|(^Xi*WPz)m;7_H{kgD@xql=HO?f2rj7d(l-=DTcB&5w#Uk=ia7S
zBlGDZq$m{<XYO#wQB&(Xz%_H>rx92wH<}3vH$~_jjFc1qe)t{?DmvPuccsztq4g!{
zov}smG*wO%XS}g(7;2)ho@`XrXOJ+{o9PynYuDpt&n7rsEO4kFfRVh@Ft+Ea%_9i7
z9cM%{1pQzq+>WcC3ZD0q_6bSvCq6S8CPURmmoj<*(_dROi|u?k&((--|DzJ|2m_6G
z+eNXR%p7zKGm1;_NFa@oVH`q8hF0|8h!q6}BQ2ctgyDsPMV`O`-B=*R|L`j-^0r{~
zqX8ZC)1PE90-q1ZaY<OI$g22lAxqPOu#Jt4sD?&@PTB-Z%~Iu&KoB~3!f`^&M!PN&
z?PfV<%de}3z)Ci9re!17ebHCsAc%L%D@}6CNdmt>%%_-rp9ERwx9xfXdLnJR;^y+2
zzWy*&H|w3;r&Ga0@CA6o2+1ak5&&?i-yDlg4_8!lXd$oQlJph!xLS0(y|W%lrdz~e
zcZdBAcKCfRQXnW59Fhjh+n)6SC$pni`??$b$d}w9So1>ZtRhWe<KDh+toKDjmTtRC
z*yxRQ%WoYDbe;*!(*2Bh*hRY5tkNR-3bF=2Hd$|6_SknJc>G)LP7wtBf@vNNk@DwZ
zwR0vh^9o*J7=O+r;C1ulV3c&-S>`AA*Z?~_p4d@(PKj8?pW=4m5UgeQ?73T5KtP}h
zW;`Y&WxL#K$tpLB@!`rrI{$d`5FDJIPV6S^&-ce$d3(QvA%jDCg-F|5n2i(=sGZOI
zK|iJKyU9Med0=eq$G%Go>C!rPl5FXVr;R$;!L18jV6fzj>~oBtr?!nBJ_bAfqLT7W
z38^A_{EOn$X#Av@(bx4@y5@Nq&Z90?rq~1nd;&4bVkz8C1vAy=wS!0G8=ISJgZK;$
z(_<=NNeOgLTnu$8kW*g3Qi*0T7=a)%mR7A`lxmBtgvgZC?{88FxLi|$Ky9jrkVuq&
zCy59Uk1%?X*={&`<{8xB2<IyO9<Gd(ekIZ9-|6O&*B+E%t9uFxG7e*4(H7+=5OCY?
zf@Tx7JG6o(LQ2&pGVIl4Yjy9*@HK{uFi`(;f(W#{vL6_UtCzggY5SP?9f=fhup%O#
zGST0x8rs}}@i$WEu00fjVJ};vo(}!?Tgl`j#o`<^DC@&wCXnK0>&(bV1u)Qatm}+K
zjg*;gP`oDDD@jf&DU@Wf7f{}21c9H}#*3?|hcCt@jii`bAafP3=TnpW!g<2J3k(Uy
zyxusOzeaN18{|MTupawLy};@i<Ae0#AIv0PJ^;N2e8YzwwKQ&gvFMz^y5#C{h$ZK~
zw-qTR;YUJ}1Dn&%BnE!94OLR2LD%MYQ@*7KC9o$eS}X<gW`5CR01J2ZJ`TC8|KNg!
z`jYl9(T0LqePNkYb3<p;{^W0@g92t%d(%n~3wFecynO~L2!e_N7X($-mM}|mwg?>D
zi4%DW5V;?>Xs$bL*>4T81=nj`nw#uCV@Ui?0tGFpKVOHJZwU7&#~Ag>2K4L9923F-
zJnRi{l4E;8aiqIIDl`m$!#~2JDduV{^_rZH=nH!h;wwx1TTUm0zYRB^lniQF54c{>
zMzMIM<TIC(l5=GXT&+x~QfwOdA^pA4^eAsCiVVy4jLc6W+4#nbk^*keY{{B`9JZVP
zJU7QWFvYkvGRtP-CX2G(N9j#rj!W|Mo~2FKK&_$=qG~C}fJrO+f>-oIcCmVSC@k_z
zsWmHnGEq;5`DSBa8s~$B-<Qsgj=ZmRU!D`rSQGa=h0jBHh4n%rN&%z&H^uO-MKw`x
zeVb9NC63cGQE#kg__;@W$#tu><C4$SI`#pd%av-s9`5Ls%kGAg(6=cP>~s5yl99&J
zW`%(p>{#U|SynB`2<S9~oWGgWPjux|0DtWF%&k@@zmKB(Klld<bQcY5#NCe;2*x>?
zkW0O5hnJpLYzf|L|IDnrJ&%R?CU@6^Nwo>8m>)Hk5Jd%r$Y6Y!|M-vNr!YT*Kbj=E
zV-UI`ZIcWb%XxnZPn#SdT`fQ?V)<IIT*urc?6i<+y40dHdd?A!vL%ICaWX}a#8E{3
zV6?ZXa3c962_3v@uov@Tk0rg&48sl?|KA;UQQqctSRvsug(NMc!B)8eO=*NM;a)Q1
z4@arH!SIE@37<18bXZC&)m3$XyGI7!WvIz=02zpt6hmoINqo~V{1WYWhJ&sdC41Pl
zNl2td^6Y`RgT+{G92nZV6OcbF{aFvc^~wOvaxwWms`<NjU^dgS34y?8|Mi&UFe#-6
zFB$;&aPU0;XACun61S=)@vF}fPxEFgyxy>yl)cNqZ-dx>w33_6S%>E;w`vyYSz3t~
z`(v%ZCX^*WEgsjrj1{L{eHtUaM92yEmy|=n=!ydQLS2VOvjL3~inqsBjMiMEH4BrT
zl?UC!TD7Ag<GG3R-Yp*I^<)%={~h=lP?tYFYj1DIGBPsqx#$`PLRo}d<njU2REdTL
z*+!eQ^z#ydj1q~rC|cWpToV+$vaG<hvhk$Z2r8%oF=S_Z=|z6sSLNX>-4q<NSe)Ee
z$4xL<u6OuD>|6bg*b8K&wZAN>AOx!7vLJ+Y3L3ihXQof9>?V11fi&}lXj)GAeumeQ
ze9CLb^vyx{#;A_+HOlQ1aU#{Al4K6+MPE`<QknJtzVlMFUq(J-2Z&pyUSIC-jpDo?
za?VlU;Xx>+rsPjNckL~Ds%O|Ame>HT{^Hl^Y}<pkL3k&QM<e-#QcYb`Zpms%SUS$r
zP&Grh8RWX0ww5n!$6L9kf>4S0$#jE(+jPTeDM966rW`{Shwr22+?UYyB^a#CCNA86
zG3yew&W1kZ;)qAcD}}GrsX;JHq@h8Ywjds}FrLfR?qdDvYuDqiKKD6vN_nD?Zu;`0
zJiRYle@NzcC7xt@{Fi{=tro_h49$%#Y{~xG1*)Dg9<u*&x^qywNV;esvf!K)=9n1;
z`|qMq@Br`Yjo`zpH|y=V8yg#|=uddz$Dq^4n%{<siGw*(B`UpW;Frj5jit+76W&7s
zbyvPY`Py?;J&as}F$>^mLTUh*Wj5;oM{IO?X8s}H-W(VLcK#cUJ(C1EgQ?;#=y6n?
z6^56~cdQ>H4x21t7Dg6YF54~2TaAaUR{8Evf(Ycg6mCQQ=7w!zyaV^;JEBWjI6sdk
zypt36xHxkW70s?Xi>|J^OESXNA#fWHV?7LCQ7%;dC`usxq-G}VY8bM8lcZ!>Q93WL
z!<^H+gna7O9#tCYMgf#XoHspAluJ1!eG8?!B;dGQma|{zeSK`XrVtgMJzo(r?J$f;
zCI+T7$&Y-(%6at3&3XPcojBU~2_fDy{NJUepPmca82&g8@6q#yTuXO9fU8o@VKC*f
zeSo=KHSCeD%3>#TWMU;t5*(wfwyplRj&m0UwOGgAbRcT9akj!ySWF?2XZ-5QfQh_o
zQ5+ZxU-%7sxDrviK&DMWep4h=EzS9h=45Fhc2a5xCH4hh)d*fb)pXh_=x<19YX))p
ztc;_yWH^|&);6G0Dqvz_jvPET^yY}bn(lYh)1HluKV}1AOY-yVTIO&|x^zPPevS1M
zjz6DxTZu=22fZuk9fOaOK?itEGFhap7nH2LOgpIQE0V@{PxWemcJc8t7UIMCU;M=g
zRQE{)Kpj9xvk?GZrBY?oi5ve7R`_4^4g_8KG<2d&BFkP+OcM1BQDNclBkZn~sws3o
zc#zi&%-Su>Ct)ytZPrM8l`*f>vqAnhJTISs*7uM~gnYaLK^Bsck-(fyYCaDyYOHu{
z$bjv)C<hf_y$%@e-^os1h+-kogMCt(!CXuHq>>$%N9BcN+9XJerWO<N=;TG@60E@4
z-kr3!AQCftUw1(SgJ$3sN3YX(Bj5HB^UwP6d=aSSdy=Qp&;D&n8wto>`3L%|s*mTJ
zg>J#YYChW20<q#lR~@8)Il%Ux&!t3A=Ia`vkiEJ+f6?DsokV5be6kfFjdjfpOh4}~
zEvpKxJN0i4J0RkV(^YjpRnH*5#p+@hUe9Z$75G<gOMeZIKjV_whlt+oS#;}3P<+c*
zd}en+zD5$gm(q$~19>>LjvGhWV^@iZnTt6xt)Kw4NVbvj32r2rc)TtMAZ<_{Jwnx4
zTCc&3kWUaAOk$htZ{F$B^zHhglsg(4pW~*)d5rbfOn$;xB%iHCXO8{y-Zg0;`pL34
zTTE5CtYj(aJ$s?04=U1ZDtmX})DLrz&x7_7O_AMwJq#<0LI!cLw?WAMeT!zD(@}|y
zAxCCbW`Az$wNLL&w`<*Rh5#G|n@A`=L=)`!9ceB{HJ8Z1@Xc7*s>VAtcazQ^nA!}A
zpOC|i>9=sTA@;Tnq<MAMB~PH+5rQ#s(2Rza|2ltfB@oU2E24CZjqIeXd{iuW5%F>K
zEAj)5AcbVE7_=+lgD_FUQUV=XR?dmcFo&fF6Wf8gw(M5B{;7u+c5C(8x3-)6KX@J7
zL)hoN%=dX625!WYcqYxSHV{A*2$XzGj{X?r6mmH7z^p44!qclg!yfq&UZ*8l=2_tb
zMu23o+Wbx51D3of?~Q>ufkn<)zrr8EFFwBb5Qzbff#Mon@ncYZ+RAMI{3#rqnudn&
zxq8}GIdl!n#y5`6w1fxPZ{Mayy|jIRqM_U68gYI2<+#XS>ZgDV+IM%(xR7Ys2_uW|
zaBK>$@6(~;bY2c6k9(<BL7+=qm<N_nQbbd9-qz3Iy4~mDUhb;(?QD5V`Y$S2g6e4e
z$qssu`C(&KlqcpK^|b=4uelxXtSo0%XKI(+@e;MPacX~Ths%UW;T+S#0NAe(a&W3o
zi4Z~&jBY%XoU_syI5K9`#1iCGb>uaZ4tBBt(8VgS0y2>TziaNl{?z@s0(F@pLC;g3
ziEH!cght~z(>}Kc=AkK>{ltLvOw=J^;neSW?Tcl5N?6U?r!&^9uEizeOQvH0ER9e8
zul{uo;w16rPBce|G2R3>PGx3Pk5#@D3`GB1-tgW+iwt(_+e6ktPt)D(nI2lquhiJW
zI7PHO5B_YHV=Sj@GsTnA$Aghylh4;vqARy{PV;2Os<Y54UMo2aOO+d#A?|9ZW2_-Q
zYP5!FGvxe*{)T#V(lV;<JNo_G>d0ZDo6Gw%$c5g{s5sHjFu3+MqHgnm?fp=)BvBJT
zq=-Kb9b8dqzs*wKx>|tMZ+d^zS5!wLT#~ge7Dn~@bt2G|EJ>$TlRj0f`6g>U@cn@>
z{D1Hfu|g%NZp@F4@Wb9L<vPGqu~oFHE!8MsJ73X!gw}Z5k@&p(pZC<3_bx<FH%0g;
zg)Emo0_ueJn*KWrKq7AA+QmRRR02cm+#pl-T@9i^hfp8ex6C<FNmGLQa98?%8hjZy
zYBju$zxjS|Z*dGxr=6pYO=PWvCOr(*{%alSezwHpAMp=4U4^@DtWP+%JOLB1;Ww1m
z_K7B?09LBu^-Ce`L`x<i*PxPCs_;sYtuFXkLNv-oQ9a_Pr&qJN&!`V_iFSH()3R+j
z!ao~CaN3=Je39xES9cmve=&z=JvuJWXT{8Vdmpi#Qu`ncblWh#RHBs01LCN`@-oSX
z&hKawC6;*Ss6+p-@=s#xEwE*N8$f@*Yafz&vCYzUM(rbNiS(~5q6`OZk1|(is3WhN
zHL6mb58$Q-n|3pD^GcGckMPvF1_uhFo+Y#3U|8Gg!J%r=FZk+*chM+X*nbjWQ1Cby
zBb=!s-%B}?AtQY=K)O>-N-7hGd|X&vu}%BWd`&-<f4=HcH~c&}y?TyfJP3R2Kd>*Y
zhF&5yc353dncf^R_smUCc&@Ni3q1&z0#&_p&+vMetnJZW20bPErDO0=ED;ctP|aX1
z6YC7{@?qa(2COFTVI*1be3yjRR#~0W>cOC-nD_tz=oIhu#Q29Tf=9+A;?b{?O64lw
zrJ_N>PvB5S2Wvys44C4H-_p^`r8;lsQ-5%1tYQ7I&8T^`^P+2#YUH1>{9H9ZDC=xA
ze0+-&9SmtL2WRmQ$LN1!SDHXT9?7za(&E`B9L_ePA3|1XEuN9PyN>LSret`}hBjU*
zzV=tcn(aQUrX9tO5Nk+|rD$c*zJlq}e)DQ|0E`psznC@*j(kluNzzk7Wbcu2cW*t|
z=I<p_#%^J|Kli|k`1O8uY!$uolXJ#f?2uAKV1`7YQw=k{T==hp_TuBAgn|E;_akq*
zCgn3rQBw~3<0#~CLs}$1MAx|3Cq{iyQ0hhJw_eBriz5-S``2{@)UzLMYVAOdTC$S5
z!^cqUnLGC$J+vfk)Njt?UF)+blNs9)aDi+JMTwLT(1R^$K={`I0u+J4C-58(J5h^?
z{k7O-f|Pw$<i8rv1SYg++z`QFq(FQQvgxt6Phba4$zel|rKw52<M=1<$Yt883Ahg?
z*~*1wIfgurhS3e#Z?M(5cNtv5$^KlznH2iEEG6R3K-lBpXludE!Dc&76b!dhJDrE|
zQfU}nT>K!2m1bHE%F;&V9%Oj?oGVOHR~8Cl>3n`rICjk>WEi(itzx!|DTX8|i-PzZ
z@o<(t^-?+KF7wl}6aO^{JqL%@V_J0Il!>jU)R|<aeFv!a)u@uFm&n;pX3s~f5l#(X
zH#<AB28TNkF0U&qoAuO$K#$6cp76AEVA|K1JinFlRMq>-g-gD#a71;(0vpo@t>e#>
za-*^>S=F!egRF9|=H`g9pX|5@p$jC{JXkq$Kd-he5o^a{ciszsk<%&?ZPhBv8~PVs
z|AMk8WQ^CN#$+r*IZB?o^anQ{T8<JD5{%ZBpGO$U2RgL_xc|XB8W=1p-t<gCOqv4T
zd7kuKQV4NPZ*jo_m%GB-aoYG!qYg=v=s=&TFBSJ&M`<DqUUefmmb|Gri>+T*Vv`x0
z@844cky=feQ*o$i{zM9_a?;NEcY6iMeQv_`###v*()gS&JEZ_+yCG#bJxwrG5jmhk
zE|p@wlzCI$adDLFPD%HrF&(imwsY+eM@s=WnTX_IIykrxe<H;+nnI=v^@<VtAX<m$
z`G~x52$n4aW=b^9tD5cYFCCB`<biz%J8O$uXXtUD;tSClh$wl6P!?BdQf@|&lGZ4#
zIo|ubr8^^p_o24vU3Q~tpN4|baz(b-rO&W3AL(72wkg7DSDb<DRm>0q2AMUEs3k;)
z4xJ)VF*p1`_RJE^<_+lb$?fH+HKbN80jHh)sKJey_hKgNr(3*7*IrmDu3gHAH*U&{
zf0@Q(b6NbsEvR+7Ad;XjQVc8}YL!0eTB8Qiq1u(r{jp}^Bt|gjvi-_(#^fPFPA+b_
z4>(GTBI7yD0%1{jxC{ZmazDTJ5ID^!#BEwuHd|9(GgQ&<^igck=>Iv`ZFrMH^8TK~
zHUpV-M`x;gLlbMMPr>QKs_w=-McO~GaSZW#;wg-EO57FDaH9yODjZ@<{dUEI#zWzb
za*$ge1ocX<+cWRAqV_-(?}5nx0p5AX{TX3N34HaDh@5|ui+J!R_`TWV%>&C_d|?vn
z!iC_GqlOY?WmZWr^Q$6EP0q%Z&ClPkdPxO^rVTpHjs1f}Dbx*LfB3+VQCvRjX__e!
zIZ_Q<j_|VGhlJvSOA=<V6_6kR#TzF|v^R;{*pKQj-8v&f-AY3walY6|-1*qECZL%-
z+Ds5$CqCM*sAeFf=PkRtTCRWgx1A2nbX(+$@;KW@v#$|<cCI{{8#07|J}(#SDRB0X
zsb!hWc+!4biTvT_Tsk|ZJB*r!<`XUllb-47Y5-E-_wVWR$@rS(1_|wV1@wVP_2D@@
z*I;A<9);4I{+fd-n-w9=3THGR(Yw8|8|`|IzMT@}su)ptL2CdEE$6s?G;ud!{}%LK
zG5&StgqU<@r(a1HQMkxxP?~#|>U5eHj~Bhi{bW3=XNQQCgv3O@?dm-UNJW@*eS8bd
zrZ?>6UzCSJ`?q`l`2v)&*Kg^<)otIGknOqjCy%5P<4!d{aiAZh<5UxDpY_S;n=*j@
ziXcZr7b-JA2miHbzVDNUk59m757%x5o4iw90~K4bX~b;B6fLFUsQIX~vf~O;#5Xk)
z`nS~Iu0Pvei~7W9DVS1Fl~GkVm2yg7hAb6Vv8tMajQ_X*g#}P@-UsD{64f<VVG&Yc
zcRw7>+I`Bw#b!5TqOS=2z}tQmMhl#xE28ECVoTZl?-Jt{(7%|dgdOydPvo2zjup)^
zs6bGV(mUt}xsz%c;$li!_GQ1=Q1#{%KrtOU{sb)Ct7ba-QR-nBm;>ZYBb}F_{m#xd
z?}a+^TDx?C7On&JY1bap@z5_{E^8K(uTLL6EK6R4O1YKJm@@fEZ>&ZMteVK-EFGO2
zz6EP@8FZbK?c|haA$^cb<B~>sxP=C4KDj>H9=4AMhTA^oLvKWm(@0qqc;B46?B!KX
zG|-NAT{Lh1Sa2{M+R}FKEVDJ}p64QZ15o0w#jtZEINOa$5FkJSsvDC|s6#&sN&oBP
zeS`)NkC5%J+f0^OW7S(!muz}?&qu!P{r!00BjLiT-#|=mjab0>-uX5mZuNZxzN}}4
z=&g@KCJUL{Ww5c=Ul7oS2S0O4yo9%ElN*uJSe-TYy-AvGi2c*_I_Qmnivs&o6%mDl
z)5tN+Z$96Y^^Zdy6Dd*<_a?#%i}Y0j>~-99Wku06)HE+Jv>Z0zOb&u#dlW>T?(FYj
zFv2{6L4<R{!68H=R0&W)x_t(uMXrWYQo%wR`t->Yp3Tg9*TxH1hmvrjcK+Wdv2|+t
zil~}JxK<F+rN+t4dy|XvBHdkS&h_tR!aKK5<n5Tp*&huKBa$8r4(Uhv(H8bEanyq0
zpFPVu-<ziHue+7TPz+vOyd_G<6ANdYQT3bNC}!ikHDGG~G36Cp+rl`lS!*S1y*T@2
zt_xqOkHXg1KN}G}irQQmhy2ZPa-op@_R1j_Yq=pqVl1{Kt!gQUhFyQ$phOH~1`PE7
zZ~cF5$Bca2qWqJ&R^Rwx_~#klAD*oCv#{h{U7fIC)jz#)s)8{OfDHt5grZ2A7Bs<a
z!}qt%IZ&B>kGvW?!wASW9(u2e8LK=O5e|=JKJ|)=iZ4UzwyDNFVoZ1S=IKESyvHB(
z#3(Fqe_JMGQT^7^9G+$TUTUIwlI=uI^j@Qm%%e0<x0LCY<ftq?a^GC*;-ln8X{6eC
zqtZgR9)eGN3RRD#odyLix1Tds5}LL2@QCnKdRCj?)X3($w{59ie%JG3yM==2y>+&o
zkM=)$HgNrTQMp!0blA+$A{1?8HS<=Ze}?7kpcC`)ZK+men)AJM<zqg=n$t(!_f}{n
z=qGy@OQxGe31>=k@8_!R;Z7VeN-Wl_T4Ea<_pI2Ne5cFFxqQ!a=AAGW7D-Y_eTR;-
z`!#hwzdGp~vDjUB|BCly$_}FuSYyHe=NijEp>$h{WmA0;dHU(2yh6=pwRMi=9O)>j
z_J`Wp+QDZge{+E5@XIa@2lz?sCTOY2kwV7IW6y@QU&kk?CFeHDgoG4f%;#Bk!Xocd
zXt@rVjFVcvnVU3QOb=kY-Q+vAjJBk@rvI6^du%=c3o%MYehd$%zB{eXNNf+g?EVO5
z_uECouecl5BCOwq=8(n$pSfzXc}!h2>s<DPYR{yl-sY%oR#;Cb+{$;aUe3(d+nX-V
zN1VkHYz`-7f#vY|>|#z&Ph+|eE_QN>I5dln+ptJsk?_0BCNhm^rDSBj{-l1xgbP>+
z^$f|$<*w&ut}fjnn}O%diavfh;rXJ}XyTX&1G<&jz94x8wa+8NqbJc#346zZ;`s-K
z`5z!&PD-kAZ<(K=lb_W-q5R`Wmr;F)IPOrZ_vWT{p38QF0fQ<84W)5gAD*{Pa^d_g
zCP6`qBg`}&<hv4_=kiY4CA+<VE+O-A+tIm1TKpMxy}eM|jwrPb?QIm`+47fov_C}q
zORC*@I?c5_2<Fj^;_M!qW3nER>7PK?Tn4Ph6LMfH=DrjM0%2>@5_gmAyx`|EeV*N$
zy_?SoRm+Z_i001YGAS2zb9)B|YfM{-<vwjgO8FN~hJ#&mIqTasef@MthoZ-ghsFx5
z)y4t3TsXf<_PT*xw%(0uVd|z#oxEo#7GFvJd8>pT&up(nX4g@xb#A*~5Dg@n^F2Z3
zA9~Z~g@B2LrRQ*XWUqG304?%gxt9k?fm?wEe#6VjJhtm=pB7xaRhZv(H6a)|9_7mp
zlNDz8EBv44a7m{_GS5LJm<5(->Onx?X{wEY&`9J}Ua}=Z1*~4xz?thjzLnN&s+GKm
zwstpKjwc_uoM#J`!{?U+Mw#Yh_`zwuv6mRaA{%43%pvf)lap?J7^48@4D$t2IP`zL
zQjm)rVRurA)Zg0$W0NbcB7CMg$$2Xpyt-;2C4H+X83T`qIOY=Y<p1G-WYf#PFo~Th
zj~a?zCf2y#2TomZ-u^h^hM{LSk0Qj!#MHhxzkFZoSKULnS7RE7KA-v4z>mVA88M~#
zt!s{_DMD;oD{2Iand|0(kJ?Y80qUar#qZj#(U`@3(@18ymmt6}i%0Se@~>WmRMsU7
zu%Eu10Y&!=@f8Qk@qiwJu;vFTi}KOU0>AE6v&Qh})L(mbo_B?6k3_W0XfXVE#C|}H
zPf9Xm>TfJ6iqUmFdD`st$32uRv1fVSgUx`tJipbUf1$|T{Uz6`<?Ep|et9oKULm64
zG;_Jh%>8`0M?pia)XavrJ!h>muV@-=iMe>9TNtCMKBuM0H#!|<0`k3jTZb?Il7)Y<
z>QDE1tO#?b?A5T1;%4r?dQaY{{o*Lw|6rz(|67S9@Sc^Klcdbi28W~pH|qvIKEA#j
zg8~)xZ#J<YM7w;8Ve5p|ak1yt=UAwy`X~3jG}A#azxKhq81yE9l+w_#!ofFpyI7;S
zA(pr0F8RXVHpG5#_($?a>piBn>YLpULhrTRQ`+PfO2Vz@UUTsjVG}OR+4E~>xbfUd
z1eQfFBWjhc5P*)AHVH0!XZn>%zPx{xe0h46Ng{h8YV#Dqs-na1LK`g~9jfXzRs#(x
z^D`~l;sI}#&uS(I-%A6{zdHn@cQT9`Hq(Dwa+9UibWLX(e6WK{;c*d?t8`xfgfdmY
zhxF2p;9FO>=483ayovtzbRX8QZluWad_rjLjaclv>x>@VIHt5l-*?`K6F#Lg%Io-o
zJRB|HKxr4=;Ooz<;Xo8+ZZxKaa*^$(`=Cmnk3T*xuL$VVs3^K~NC{x=ZK3}wQS~pm
zw_FS26eN}Xa35p|$di~I4#y^~eK^sb0bO?0{j^@Jr8Wu?ALio>ZP0eG;*;T8>ZUjQ
zA9)ALQ@kl^iA7EJFu>tcg$&H^!zXGMU_Q^}x(D&zjQp<XmW2oyW;81R@Y>C24W(di
zT;%lq%n-lh=@Dgo4ck(2#_{oShj^-M<lF~~PZl!qV{Fz%c}3oG?}&N_==(=0B|uMM
z=PvKGA772!;YPYrK;K$b7<Vs6=ngVJzd3}68OiN7$v^h^o;b_uh(CQXLO}35m{73C
zt~4v6b|Ui|ttY8l<zx0E@IspC+~)*Itfo@6q5IN0Q6&nOR~V#BtG>dH^St?PDHvxn
zyoNg|F8#=Ha}`D`0I~KhI|zivF0I=h!?Nac`4;9I{g3hfb=Pj7F%b!=-zoN(9wH2)
zwz9qJiX${z(oE~P(o9N1FXd~-k)%RTnPjG~c;vGh8y&$LOe&}|j^&Jfx~N32)XRDo
zxkliAIkU20D77#N44vx_lwKp%;=`#ikzd}8zoSw?pNYAMK80TC=;%0}&S{m*vT7#b
zF85Mb&4wMC7bI@wSt5SPQU;D}d9<QSO>2Bo6Exc;dr^jG;Kv;SPvEi1zZcR6BWfMq
z|MAiv5q&?RD2}*L<~yk1y`u3>>{}5Ay?7a|;o5W+?mpAbINqNU&D6~r3JkJ_PhB6a
zNSS<1f&?ewcS=9Bkz;{pzM$8!yVeI*Bcjhy$KKS|@=4{2>B;x2mc*4P+S)Rm?@uPB
zdY;-gBmIqO|BUSS7kwY^2am5#OSh3f6`;?|P$5#w020r0D8vR5g`cG|yB;00U+_&-
z#(KE<%rxMfA;I4f;1E9iD7UXhA-u!VGRBE)fBN%SPvH2dm)j+71MBZA&zCD%yQFG3
z<b2z4_xhl%-IUeiCPb>DtAL?3EMerh`%7C4j5W$&;oUTT$YurU=L=2(98B-6gA1r1
zs5<kkDD`OU4ehNqIe2^Yo<=632P1w4T6}A0!_9{&SCr>1x>rsftOWfpg<8M%jQNa<
zR$Xpu%#|C)D~11H$1P5r%ymTmIM<b$+x>Y<Qt2efK*_MmAyDa=O6NLv;})Rr=?qA9
zF+-G1wxMN{vNGZHru_pI|J(He-x<MelIUF!b0A%g8p@(}Fjteov6Lzas4`>|5?*xX
zdN`qNl%+uLZq`pD6DHRJ@Q9-n=Etu%5D$7EoEHlU&R!LSr9{u<68F|K97y68XX?-z
zFLm~^?4^qc9YRFPpPyf-$6|z_L(2;4e=j+QTf5l5UMvA2)J!vGdnS@MM!NliRfo+?
zTQ48q7T$Gy_FEIvi|494fmRgtrR4-kl-sTEKCSTeDJk-i_&Tz)jZX7UH$Zn-UH7g2
z*Z?l>J?>cGnebd3qMf#8Obct+YjIgf3Yi(DSYYMw!M2F5M;{$R_SrmVAH%a)rR}b3
z^o=IdOgRedQIozr*_4n^O**gCvg?T7%~`Snl?|~j;%Kr^4+Xu(8edSOQg1id=i54;
ziK(O)xH0f;!dXWr#!mJl-J8{Dz0IK%aTeV~dIsCSIO%^avLQ^0KXE`nZ8(uNPoOy^
z!m%GQJ@w)KRGD0Z&kj4PL=j%=AS_$nZ|XK9POO?2u|nOH@&X;a?`JHVR4baq=aD$?
zN_G}K9XC;#6H%T>iHeVZrZeaUjj~S;bmhARPbTv{cDQsoUvp5#bm8^8uQZrWEJ+y%
z2i1Kb$4}r<7@c8!O&$LxL7TYLW5rqLp6pB`I!6jY{N->zi|*In=p#Wk1ca`h@J6Qt
z*6{6^a;X2&T=B>4C_IJsWRNr!hC_+T<!p#-Yikz<h^J8MAv2aD?K+mzY~U}!-!bsK
zBKv(ouGbn*fm(}=XmAjbOXvf~9>FwjAX_{J4x^3!4oigW{o+R8+mQoMnO717t<eHn
zE|M{i^yHX#jTu+O=wkr_v{XE;?W*^__MkVnnxz5_hY5qjo7mLy<U)qL0*Nmr?JDS1
zvFPiXZ^VtIthK|XA45Gp+ZFS^Rk8@qD7kC<LF>;jZ^TkVJso3b`7~Hc>y4FFOL<AT
z+=li64MmHDS2o7$2A&972^{6m%K(>rQTUPRLgBh+tFM}L%2V+jG$x^fOtker{lXYg
zeIh9F2#wSJf+3M#UQ13IYk_)_OYXm`3V*>QHcWmEm0*u8jH04qxP1438407^)p0-3
zt1Ano>Q{lHKmT4^EBsfxI@vBbo^rN2H!F8wB*KCrj;fASx=v3GMVhO_4h-Wa`_JS9
zo@PAm=75)66r%|W%8(2r>T-uM!ddBU?x}$=0kK*%r^jZIroTM{Wn^@;bOb-&H*HMX
z0R)o&QU?4FQ!JAq=3;sf>(9dZ-92Cv*XHfxm(1pKO}tzUT3y>SORSZspEiGTY~KUq
z)(MuNqWzO{RKTPRnnlFzDhPG>KDLvv*t9zNZ-^Pr0-nX}qNOSTVsPCnlQ-3ZH-m_o
z)aA#DlpH09BpaV9q~yKm`grna)ylMoK8x3X3T9BHkvP^irj@WUdS35HrzpEh$TA7W
zrh9l3=$jRfG4lW+`Y^oiwzF3nha=vR<~U>ds*COa2DIMZMliJtc0Zmge=Zw<Bl{O1
zhtTS*x<(Enc#gYtw~F)~WzpbE@&n3CbU+HC9rW5Q`9PQ6>gwt?&>eaMrI*MT8;;K>
zA}A>6`ckebqHUJN*kqxhIu4)X`nvWj{J-kf|IVqz30T;Cmjy)U|E_yTJd!KFw93GD
zzpCjp6F9g_0u0L9UD+R?$v3e3G}p#&O=z1V_|CN=#&#0M>NKyIuPqiygdBz|M<suP
zDNb!0^UPKITY81*hwcsB*dC~Q|3zpn3S(N&;{YpJ>S+ij*2@Xmp{+jT3dw{AO()U~
zZ9!i=wE%^13Ug|M`xk~D=lG^duZu2(N24Ehr$>s58`<-TGg7`54LZ=qNT-w>633%o
zidQgBu9>0NhV2R;(Q9YVEHeZI1XS6yyWg|Pxreu<kdi8YKCXv+^8RDY|D^^6{>!{9
zabuHnf%+PuQ|Xi2e^34(o^C!o1XpWuJ^KiAneh>@n`;jHsPd3YWMoBj@Or1aON{*7
zq$I*ANt15R_DYkhIkIl<DM_=ViU+A*axVXF6k1g@rqMm_T>cyw*+`pmgy4+bsKQ6L
zgjbQ090$T0-orWDE}|zFX^um#RHhEt60f*QRA46M{Ul@}^}7pfFIpd{T_Sf+#txJe
z<tWD9DsV&t<9=cbGfT=>LR>!5vnJyF?|%Qsmt}02_>y(qBkWGb-)%t4OaSd2PG5SM
z5o~lk%pA`h2ZjkOnJ&G-<;V!^?VSLcBX(!A8pkj6+c*&R7wR9)mO=--GJn4OdTEcz
z>;-`HT(jL)%U_$l9J&t@&{m*FCK^kdDp^|R7rfQ`n)Wd=H^fuw!++{s|2dz>Trkqu
zbOp>gCm58f`A?prmWk;fpzwnid2J2)?nFbzig(`rR$#W>!rRz&jTzCJ><uUB9J=4+
zM|Y)IG8Cvqh(!<z`@vo~UB71BUI2OCob*I;ydT23oXAp&cXa|k?D0l{d2Sc&eMLg&
zzIlc3s+Nr6D~JFw^%YBc32{53c9%eDR;fw440*hAqyjb?8~TTu>Np38JC)&^Ox`&q
zL7{|_3R?LM&5}G~lIckHb9@~|K_R9g?CR8hws-gy%pyh`;RR<^NVBVD;nn?9C6sGv
z3$a2^Aj}dni!L(b3!SfyJ`m~tA9+dva%egKnQD8=l>5C`1l*p<L&on$>O(_f5mk~G
zJf{~viHSJVnN4PLkyC&b-n{YH9cg)@11WsrfSq<I@&u4>V#XWvhZW$w#s68AYzk}Z
zdBzVU{8~z}YZ-Lw1b%D|WdP~F@%3IOrOF)H0wbMQs|28-WIhg2=TBgSqdFZ5U0i+>
zHbw7rF@&$UrJhQ_E1L{omfVL3Y`yl<xT#M$)B~f^{a?<=I~Vn8<@U&Qw!)~&{E~jI
z+NrgFo`&kx*epv`Z!d-pw*zK&S>xyx0>)?773S3zqwP09kJfQ9_a_tJPVW)~banZf
z@A}N8VuN-!+hWO6y$)R(j8B{MXcQNYd7Ya*8lRK?e{{VCR94;AHY`XgjWogy+%zJf
zG)PHFcXxNEG)Q-McXy{C9nvKs-AFh58`0-E=lt(ChQnd*z4lsjU31QBmdUjDp@dv1
zw0w@o5iY4_<)lCnTV6~*;#@zJsw+32Di3b~aYl=5;46x}Mia~}3H}%;I}G?zT}h=O
z?qK-Nx#7*7(#a_Mwe;ff_UPcd@U>GW;TaS)CZjgq%Puu0%1x7o)MzVc_?%r+;f98W
zeisr~9nRFZ3iL;O*VHNBok*r%<?;`X5htNmP^y_k76}Qdk)ZR^Hkb&~?7~O&<4V8v
zFou405{u_vAips_DllFD|1gE>&}M3M$QPKjIC8SzXGZ9BkM*RvZHz&|n+)3=ca6-~
zjt|ZrN`)=96!b7IY)=Bs5yd*<3DK6{FyGRd`XD?4?gzo;%YdlUUnF5uLS8<&WC}4e
zm#btoaGP$Tnlj4Dy<gvQZSD8KHM7}@qzPT@q`P!obrXlavZFySJyhnlEe}=pwRr%4
zuQN0C0TL_gt)z!u=n(y_cWO_9^T)~~AD~>8vN*<R1!%2$Uv4@h@z{p$SH({TT7AMZ
zazW9wd&m;Cw$UN#S@YB)1<MD+MOA0x{;1P-KIFL%IEf#`md{lz-1f)cwz+jb*1JB!
z&T=PIy;oOJS*rl_)fE9MDfuT$y!Yj8f|t+9jbqz8TzfPy2$qvF^ew#kib#aN5}8gi
z^rZ(vmCe-2@q70dLeBLg29m4la=%~TQE=j>{yrcZgZoOY)G^&yb>B1TAf3(lEc-Pp
z=*%%x`WtV;paxaaVs4=`R9Jt*&JL<^Lv_2!C$&<7jIAx;kku6q)8(~`Es7ObHDp)l
z^hqAU^igf(6J)UD=oH{>zCa69#J45B6V{sy{q&k&A%UoMi!A?ce2$?RxkRTdUL;l+
zqfsbQQ`7JXQq@J$^YbaxShxmEo_nkUe};rkVdqFj_7sqlCHK5JY*8q{)*48Blf;<e
z<9wFS9~3*0;R+krL=_6?WW%j;EjjVceRf)nR#Ea$!aRW4`<~`bkfTE`{)hzfo5z<V
z5*$2BG%BAoXp}_*goWkL=(ld5tdCz_;vos6wYnFf5&<-17$7c89HczF#2X(28tqoU
z?Izhv`(&k|u~;uFe&#}4*zFVm@Ots9tj@GF-fJezpK}uM@8Md&pOlzdBU9ZzrO-s|
z<guVI{l4uU$f)rgPS$xKAS&_wH9rMNlikxgQxGuvo954PzCX!%zBy!;1-4O*^G9i3
zwVm-Ith0kjKXZJCC>i({v1pX_f#2pBi;Qk8=8b?BJYDnV@g~g}J<A>5hMm44;#XS3
zwH3wcEk1jwDRbCCR{PqJezdBgGp(O3{9E*^DsAxQ*<r7rHaV3?vrl1Z;t~@tR%kGZ
zIZWMkT`w>&usR#Efe>Zp`eaIx3vQg852)JMT%3}vF=0j^JjEJqfT4L;`U6yiu~mfJ
zYYfG!prcCK@de<fTZLd1L5b8<LWcY056Y{!%(CIjj1zL;HQdTXZ<<|D!z1J$X*_&M
z*eVpuFBHx9U6;P@$B_nYZle|*?56{LQd~{r!J`po|B+z}H)g2K2mx`|!U}T<kg3bq
z5cgLOreyk0{JSiy=R8?3a}uZ{0JXCWPk?#RF-r`CIQgu`W}3E3trqA&GP?3DXpl@4
zpVLhmm^I+OoG$AyKz~%ornFD1CTbOAg*}OGNM2bWBU6^q@Hx!rV+`t*ev;ddG2yw9
zq$Au;H2mM)P1?QTleyA(sN>$AC?Y@VfTfbF)b1tgsCid>&Y!-fb#GTTU%tYM_PMRF
zGjP=3;7`)fp<|eGUmwCsb3O<#vbbdBEqh5QjF##&fcvsed!qEr6zgs6CTAYz&mSZ3
zwx-zF7BD=8;W-Hrd{F;df=}o4^fMCb@(!ZLTMZ*RX5wZ{&Z`-n)4hoTnB$#RY%VKe
zD=zl~e6cj9Azf+|@n}c8ZiKpP95j5IMV(3auAD~H%Sq>>hO76DHuHhdcy<2K@PDiZ
z4YG3E*%x8R7I(<IhHL&>=4E73vdlfp2^l@!N7ArO<aK$G=n#5%)27wCS58JsN*bsP
zz<l(*)_J?A78)iC`?{!#6E*36>AeC_$H}A|SeGBtNI_$tN1p6EVGX?WHP^1K-YZ>3
zXx60}EIrPGqM~b%-MXsXBuq)`#CL-AMCr65q23)NX)=R&RXn+5x~Zax>C((|{!*!{
zx?*|3VXJ&ED0a}GtTl6WLCe?<MWFyB>xfXXLxigdN(B0_O^9+~z4*JxpMMjG{>R+J
zCoBIbYb?nu9)4+jv|?O<pP@cI=cFx-=E`CaDm|*b7GD8Vi0A%eYYH4t*}h!4wd;pn
z9Pn})or0_SUCYW^Uv%s@+$MDJz0+>J;D;OQZJO!N&_PcpasUdCi<3}sUo?%|ZamwO
z>Rc0;$d@8%+7Mp%@`7ZuxqkopgYIYOLa$qwYkD*E5L{N?M5_UM1~A9M8(%G132r`&
zjxX!q^iak4_`c8yb7^)8Uk6knnn`*G`k?~Z{(cK6DeMK^=61qtIy7Hv($Ec2ocr)0
zqM-0>KK+{=^j|?*fF!Q8u||;XS#qfoBo)d}!DBPUK5MCky=yjWQg7C|Ah=@{Z;pHB
z9`Db^@=8f@t%axkPsU6Voaw_pa?+_HB{4%JnMA56P}f@L6bg*5+0dDKSj;(<AulP|
z?s1#F4w{bw``Y6qW@@02n-hhr*#@|c+{(?Arkgmc%N)-GjbbXH5|Pp2PJhlcv%dF+
zT@Xur--3pbTqa8<S%~i6yG988spk1QFITZ_c(@$6p4hYaQ#*IPmrw0UL!-%=ZSLuF
zX~C~+fE$eg-;&v%n-9t;>rXGvVeFK{L!e^bnu=k{p=^ki=HXS~=j}gj?6y&o*eRq^
z>~%V(;Lr+t#f9MVlXVPYAt1RE16;qG<ew5<8jm*D=*}yckcF|kZ`5ECB9b&mosyZ{
z!+ST^eZj*H-V|m(-ay2enP&O?efhKBo2-Abul{>~so{&&E?O#EzEGPr_G4N!X(hjs
zTHf&6!95aCUH@!;+`^2nHUt!ml9WIHeT|o|pzQa47*$1~lP_*mLcy!Qr>FM>tTLRH
z{#Ui{#dDYYvCPemf1-po!de%?n$l{2EmP4A3JpM$U>bEv0ZN59PLS|8whqQi>{1OH
z;meE@xs#&Vx+gWIjpxXVpPC8$4>`F!4>hc(noYp@`FkY4@4V%N?F3L3zkZMn2jnTU
z5j{Jn0ViyIsMb9o;C?EVUuK7*)nHH&o(FT664M)Mx}!H#dFAH|?Mya>4e5&~bLdsk
zzT%AXIIb{^pvVx9{Us{#Gp6V<fkh6iW{_7whmplJT_{y8Bp6o%Llu>6`we!jBi##X
z#K8d?ejoRC$rq1GsC=kD`_1}~<vC~!aC9M7Kkn_9ht=^)JAP<*C4SzyiPChMPLb_t
zY1-(T{UQ)i0&@s;*y@eugmg%$75x8=h_sI-r*%tq%xCqv>@93Mz9MGxI>FR}zpnRS
zZ#vyF{y9QNW(bwKM#Bk;Z)TpgX5(}E^Lb+-L2mOLlVsms9F@Z_v>+g)@)W)`ZRERs
zg)%e`hwc7iVgB}l-yIJRc9Jw_(Dh*e@2#&%88Hf>JhpkaR_Vt`eE}rY|I300jJ)Xf
z(w3Wmn^Oh#oYv{{baS<)(ew^)Bfun~RTDG|rWVM~$r&wOXo{|x)M2y>m3ZBl)_hAB
zd86?4#UH@eB=q$1;=Li`o__}qn(laa7?jiuxP?jWY+6&AMToUgC@~}7V5z97x7>u*
zM+#@ozo+9UgfH_XoXR>ONNxz>N%Mq?cw^v}q^@|pqB^gB7h{aT){v~CwGw7bJi<6O
zZMhA@UwR@;RW52*x`n-68Jsi`^_x}6<o#mrb>8l59Xec%kHY8MsQS)3X=1u5m%U(3
zy}+Q5WJu(-+MusCx`4G5qebdiw!Ck0!H4d`xBr=D{-0`Vl4p6-Y(C%yFvTec><%m$
zfy}>PTqZ-IlqTB@V8)HiW~rK~J-_*82R!QL@SRwXL~?pokHj1YVc@@ySw@Fi^QKIL
z>*n)*ri0u<e_-=c80|o3H-Ejm8(n3R6@W)ZxGnhX?Dvm0S7E3+cXT0J59R-TJ}ms{
zQr4AxCwejPB2laXU+a(X6_`sce;#bSJS;L;!=#8O=JTecqM69){nS6O{fVbS=G=~u
z)q1eZI!nTiRUi6qu=g31OZ2n0VQxJ-!j=ZiufPF8(=k#o<%36y3@#8tazQ*tf;Vy8
zdNB}L)8{cU2-S-x$W^z`OO6dy8@MkvzYNy~H|0_bl@pE`tp7m701TxA0P1F@+@*Sm
zo$!`m<uRS-`1JPJ;JPuuV7w2trm@L7(O}O{Xl$V@|Ak6_DJ2$(<=Fz6?Y6^aKIkv}
z!+0`EmV&%K{mu8)fOULrlZ=hF+~vQ7{5tE9*_003KPV^*&ks4L77?A|Jw>nPU~14R
zR@wJ+SHJBzjXE4rli5m)v)#p6qZ=53e<E%lKBa$M<B7e1cK&%d;GDNR88)8Qw9{pD
zbKH^i9I4OXGm_}HXk0KrSmF9uXc>9K{-_v@SSgb*!>ogL^}kEzP7<i-*hR##ec#-L
z@&7m<@#WhFn^!XIbL+xrp`Ue^2E(}Sf~QJvQhha;gLB(1iAl*wXARn6%o@as5DN*i
zj!!yPPbUNA^zRy6t{8@HwBfBPyGZK7^4L(d^v`JEMf&@V#_x5ijfZfns070Zhz^oz
zj>1sAO{)(>qKABu0XzTq4qifg77yaj9qmFWx7s!cH|z9-<dkyGOPRWuMbWE3Cu3Jw
zY@$}3li%ua*d2_<5@(vs8Y4No34p$jtep8;A`)0SnBou?M`NKF2_*+)+X8GxRv~c*
z1{g4ct1-aUa$uGt;rSZ2F<)^CWM|qZM_XY6Y1=HaoTSmzw2Alfs~S^7?!9s{#YPvF
zo~UlKQT?uI!q)DoV{2yK*yMb4?P=r6N5%I?{MSXV<!u!uN{zx@$hFCHOeSae*3(o)
zm{s6reaeX%OrXbd%@y-Hoq08wg@>hfDQdHQu_aIKy1^v1?P6`d6X;PUU!Y=*1QA<t
z!SmR`%YQ2l|HphX1^?>2Sds}#<=j&3=EpN|%*DMK=|d}-ug%HJ6+IFqF9PyP;n9ql
zS(LP=@<dKm^zwU(Q_7Z{zH58=I1`Y6D!*%9k*>ks{O2yKi!XOYv~68czD*L-T>j2t
z<<+A!5@GLnNa?&iJN;%(<Ms;8`8Wd$zxL2yB7RlvvDp6S1$Cu-cmwP*!2#osB5}we
z?I7vFVuNzCpad)b|5@>$-?mdhl!B}VeBkxb!Ngx%PGp>#^?Cse8lBvqLnHU7&y0zY
z^GB}z<!9ZTmDZZ9Q{m;qN{~!Z;XGg=o0_606Ab&%s9EXi$J!*_eeQm(^A@OBQmoM+
zy6mUjoO70SZ5^1R{QeI$ZW;cJ{6q7}+=FT2kn=g&CrhucJ%>ey0@ou3zGkF?JtiE#
zNCkAjq%&A(mDO=boEo1%=ZczRgIbwvCYK9eexUgw$K%DCUnC|(yYrBKsVdl=@dE9d
z3e6k<1X(}HtIg0CX!z{!;E)A!TW;^$Q6G7!|NYT!2X)ZoP}zrxmyAz;*I+=o+mCT=
z{>{44Y0vP}r~KVU{-VCI(N%IIz~(*O3C5YM&fKIqIT^mQXRo>o<J#)|Ns@!XIx9DP
zcRXJsw}VZ6TW<93uEjM;>^x+11^3VUTv9yhz}l5*POQ*O<U+kS-2rHRVXrF^X((}2
zTjR}aynL!3wtw)SZuYIp%>iw52&gBJMfOt=?r?#g6FSs7T1jy4^VMFNM-fNg#&VZ%
zR|%u33KI`mWPmK6=*u!vNdlDcFEr|9Ev}aMP|3u<el|N9iQ}~EKK*?h+A<ZI$+X4$
z^4UrybYN8XNCDvN1-bz0wJQZrL2ssB>-k;9D)L;#=P+UGFPUp=SmNKe<_bvccIQIa
z9JYB^$;IDS)a#BC1G!^)D?I>DloX8jGPmuR%Iv|6z2x?seU+%G^eW`Dh2a&c-f5Bl
zbVRH=uB5#C{Q2>gXF(057vErFeYlE{D$du4a|a<u;nUKT+0i@c)uEvaw5|<RzrVHZ
zx4!KM`+oR=XP2#QFRDb!Ua5~a3MMl?hjk#VVluU-d3Qp5*TB`nQum&^&L)UfU&DX`
zy=8Shc@~?fIt{S>_6+1p-d%1=sd0K?Z5Bf9kUhXfxl_mzJdb|yDzH?XqG#>)h0(wk
ztcFEY@buWQEIB{Ud~|MhGBvN|_#-bfh1NqdQZ1<C8vE(Bldj2+3AbN0s(ctML1!mt
zlO(Swk^L`$$$yOqfwH9;4kDo<@^U-dA-jh$0dG<QRYlnHFP02d%MA4QyOu?)dCutN
zT|NJ1*Z;zV1Zq$gT$k4R7FTF*0pbD}!gJ)zy1<{S3G-W0+WDcz+^+k&BH4JpI!dO{
zb?7wN?_~pR@W!`+z{vE0n(f+%4idSzrFD1L5&9OOw?g6=8#cP&6F52o2na`#1PO<d
zOza0xSQDan1eWN=wm-rfjYNfAebeVM)rlJTlA{M9t1eY^*;TQp{ARu@KFOB#?Nag#
z*{lZtddHiSpjDBPTrA)Bq8+e3rkOCLPr~C40;SD5@fG7u-ED;@wOK5nE)o^UT`pmb
zV1mCf`<LtL_F-u#<5p5}S%EmK^AF^X5X;`DU(Pto+tF_kLjB_59BCXW=stKK#+irJ
z_XaQ9<3VP^-VE&-m(a9*1U?bL7B%vQ9WN`{rnR+CB&g$4V5a>?3mNeHe8QQ5tK{f(
zaZ$|%)3N9Yx!M5~C3sW8ZQc&<rOQM+xocAe3z4!SwQpU>+hz9g22^Upn`>|f*FbrR
zAv*XG-LVx;V-gzQ28s@h&yXd_i0+85DaSa^eb!7T8G1pqJMfH@gh(o}nlvni$xg;6
zcCnQ9>LW7-?4O_j&^dtGl?bj2a25d4i93XB$llEGiB6k%<p~TKn{R%vkhGlbi@Z6A
z8iVVmP`gP%NtG?Zm0ETxNO;S<V0Xh+a9G1hGq+~O;b;<e2a7ZZj1)7apr;g0h)Z=#
zbmT1ks8wK<*=2^_t%B>T%AbBZxU}+`_oO7ddhpf*QTnJg``BLLsKB=8lhjN(jO;)7
z^+Uv?h>2xvtyyjRhDP5Oa}ASKTRFkz@)yy%%+I#hOG;;pT1aJH0gE4jntcMdx=inv
z96$K#|D&3}loWKYt@Kkls2uQUmZ70Aojt=We}m+0YWv;8Ju@exUZ4!VZjK-GqH_>n
zLS$Al`muU<`XOZQx0yRouzpSER6qRH;XTpNIl1ABF*`k=Fjn+VUlG5@Bi17~yErs=
z@b)B#f;xag?&u{lynG~>%K9aqY);U>1++^*C_x=FD#5P9)Y3^?<*fnU{K#<AN-@sh
z1q2X&{pFRkB?Jv`76Tzg$dhbnQ(oiQSP6jTfC;5qT`a(wmDi0q?6b|usVeb!rP!-L
z!@H6qzrioLh@tOWPA&v>2sC*4KAUJU$wO$Bu95vWV%%N?=fdJ}z<XqZlylLtQ`(_~
zVj0+;io7`_V$%;v_7onGed+1-l{k_0hVzrKQ8pO;mp$fib%!@>!h)A~(T8FH^Hx5g
zl$x4`6)FGVu&?H?dT`x*eGNn+-h_U>;TCnw?<DH-`4T<QhrznR<)cJCcBIA->9yVz
zVvX@{?}*!o_ABbmkTfSs>>X8%bu|1h--gLm>bp>}3#1@B7#rCzfgB-Ac+Z)5!yXfa
zhOXy-BFE1lu+ZV)96#zp(mGVg#RFRP7dIpX?hpyV7N+V`j$}FSGGKos-uD-M+U!Rt
zxVx6wq*e1T`ZzP^Xc7dt3yJwB=eW&cf^z$(302iQ^OI!8!o;ZBzuIL30}9L-$e=Z7
z)Oq(meuE3`sJ9~S)d}MgxbZ^-3T6X#%a=j8j4muC%1u)Tj)}2YANz$pQLkkvr9<tA
zzvk-=$lC&y7S9{rV8LHGVO|i{>3y($lHBIF_HIJv(QkvIP0#CXDWhUt&O#PWOcTP5
z{I~>>2$_EA0DRgj4841YoHr()tHgJw%!EwMv>f18&YoLr=D5_i@n+HA3{rz>eDG_Q
zS_B;y(M6qT-H2|qomb?}WcKXQ&|Lx_8Gv2;Zrr9$fLa?j8_0V_q?s^S63g~U3u4j(
z-vCu1TryEz*r7mXB@ku@fSq+1yC`c)9UE!DX{Z-gkuHT(GH<SpXst+<*I@5^1ee8J
zbF+n-;p+F4n9RXxKmdJ}(N^Y^JTmW<P@C9Uwv&-aldrNwst6vMmu_}ly3E9G!L7{g
z1a&|9g0i-kDqraG-#XD&Zq4CjR_cSc%~Xl^5D*TRyd3@zKuQ9!=R-!I4?h$3@64bw
zU{vU#+sg3%dDDS>ZI$6-F%HnGI5aU(r%1l!QFp^s&?r^=JDR*)1=bAIB0Ao+S&YAv
zP+C0C5{}9}-FH}mC!E86o6)vmhlJ0eIfX2~xNOGn7=)x@s-~O`%z(ZjZfZTOA+@tE
z-5QXDny6HzU)dnK+s0sz0(T>CsbRZaMQXnXy^lB1oURz*Gkm%dj?|vBhwdK%`fe}$
z2J5YAddxr^>-*`LC?rBQp&xoTdb^m;mp>mQfe2rAuSMt`%(*p%aHdmFcMg9vVRt%E
zX<)1bxsiY8ELKWIna#1@;3)cW-#K=V?|=&m=rw7uuq$rtFsI>qMsUXXA2p-xX>k6q
zc~Kvgm&x1%aVoq#xKL3rz#py*4^)AGd0tYeB9IBv9LT-n0fBTi0FR#htV0f$#VAwo
zaPbutLB35}qngT&m6(I`PC}lT=|xMepO`Q_m+9pwh)4U!P~DiCgM|EbIMFnvy+kSp
z4|6cS@a!xr*=|0xs+89><Mf9_uC(L@@vdYwiEyhLKfl9TPOOH{JxJ?nFKtfY(K_I*
z42r)=y=6;2NOde?#PFuCT@sH2bv*9~usfS~#-><#aunJ(;r13B+J8d9OZay5;ib8^
z_C~4MCRvosG0PWn&Qy8iBV|yAP|Ko$9o4l{x}Zc(X5D}qPLWRib)e+9m?F5OSP=sc
z!-REyycinJH3AUx=H*gr03WC2KA_}0uU~nlz#-Y_&!hS&!(0>(8<6rsp>nUx?3i7%
zz(9nZLKx+y%wr$GIxbxVt<TLW%LED^eW4bjP%{|#7-u(Og15bEwsT6gX(D<Teh)Ot
z&prP*3>1050Cc05&sfd1ssqmz`Drw3bN!T0Ea~nJ)T6%?DCbf`l6%2Znxn!eg|6Yl
zqi+^krz%2AToy7-MxXY1{cgN8qn<|KpE{Q5N9Z-D;u1QmsYgMEyJYwD@bJK5MeSc=
z1-U&c-e0<q0owB~MBt%9uZJ*jSpvN3b|vfle<`1S%lu{>@$H1Ms7A%qvc^AWKz?jm
z<4wlZ$p*z8F#bJrGf!M*!#cCemvEeBF5-DJZJEUn$N7-$@#@;(p2w7|1w~RRVp`f^
zW0vP-`%-Ki*&Gzv)eIIH@<FkE^5g*>NFiuum0Y#%W!kl6by(Pvl0`~EjzDt8KWeu*
z@R>yb{m)W7GjUy%GXD2s&eO;g$lqgYvE;xnR(0NBIcwe^b2^o&ohO}%O>rS3Bfc08
z4dCsdD!b0Lj;gx0c)>jDr}W3Xc*+5^4D^te;?2SVMZ%7!F!=NVULWwn>|1lR0Ey=x
zlHVCPhp<0~eOf^wI6OXHF(;JzRjSJ#{YrLlA+Cb&<x;W3tD47jLFSOxdUT{@xlBWj
zMr@q7y*h!nn?p$m-9u`>8k<`iYV8*;Ho88LtbPn27eLH)N7|BOC|4NK#!&?FgsB8h
zchxQxmuTOogV;Z&fKca(rR+6rgJo-+b#KCgg>sIb-@J0z|L%DKp@2J27&S+pw(ro_
zh@V?axL6uPQ67Tq@Jark;y-4ze00JRFoXXKRQZL?7s#C5_DB>+qiqNo8%LC+z*h69
z>}%NUGp=`^&odh4l!eMovSDACLG~|Fx4zDF5F`g6_LZs{_vcp@Zvu0hCXjor^dwzI
z6~e<IQ?q2G72Yjtu_~x>^1j)$F}D^gcne6ej<w`yadknHY@ry1^Cw0q%94pFrgbV~
zjnl`3oYY=cm`Rdo{_5cDPSs8x)ZLAuAxly?v#R2(RO-8^lZo0_oJJwAwn#g73Sn|c
zCkYJ1tMs)6C7_NCTW2bEJqRu52Jzs(+5JGtK?FqvnU}H4Var7*DzYMZz{zOlBmeCP
z>uGvq)5KffD0xw}_gcME<hMxMJccKQ0T0ZU{Y$n_<6{(xsU)iuVYEdBE6C>he76iN
zW6ApsXrY8kF2U8xqVTsDfTBtBz2M14qHO(gAl6|UdlG@;7LUnzi!%)|eE?f*Omy83
z2NoCZo+*ad_6LJQj^%8MN*MK*`PmEnBQJHoACd^6Jok!6!GK1%3?R__iZ1mNfdYn(
zh@j6WFg=|B8|9VkuUD@yq)>T+;m|n1`(8hAm_R(9ch_g4jGUYcoLUC@2Ko<nZMj87
z>MhQPOUdK5Ep9o1?k|F5!=DB03@Hm>5ur{*1JiKWHZGR>mG4e<YEtd*+HMs^ByvX>
z=c;F%xV^izPIlaefxb#W`wIv-T_gy2U2IDkjkBMbq@Ug9R4X0Ur>T)IuQt<)uoFnm
zYd%z-9X8k%ZSD=uTP>T{aB*jfpUrU*j8@yp;^cgMz;JI9axFLPTO2cEKc6|PW3OE}
z*zuDusi3wnkZZcXzH+~AIMPVG&KvE=?*bYyK|%>fqk}qu25oTM&mbRHAuXtRyw+Fw
zoyxB<*ZpCbiaamCN$5GL7L?n}`3aH9G$uhD-4~<ceB+qHwiL^+s4vH6x&|3bicP&E
z;%|!bQk{2-2JIjR9-k;H4q5Ob9Hmj=qK(S9m+jrhvX>8qxQwRDtOuvGDJ37^i!Jq&
z%h}8@Ds(P;rD|ij&-Sk@^z6cY94S5FCz0-efkd~vgy;9N_^}_dKe?5dF)CMI+D!5x
zg-~+yc5;+&|C}t^*ep_8a;<YZ93j<Gv6JNlTiAq<gc=&^=7YF-`Bo90zN;4!a<UL;
zrT?Kqr{+SzMRKh43YCqeV`g1*iHChM6b1P~ad(-J{XG|L;WK#7a)BY-olEikLfX57
zDh-4?=i-cqI^3pe$zL=OX!}Wod1jWU)=D_=DBy?<2Q@TU#aU=C9OQEY95{W9a$Lya
zcpPxHvB^@JC%1tZT(9xMc`@RK<h)`N)tk3CV90&eSXX`TBfr>+QnSiNv0-KLw3-fk
zm0|>hSk4Y7px&<!gj&wy=(A%hsyEx9LEBCzD*g)h+i_36;yG+%@dpvIuRq*yz#nsT
zBWBb{HTD<q=x-#yLyA9%kmnvzJJxnzQ=A{cTw~Q-Ua80;f>AcBplkaSvXLzp9rW)*
zrb=!P#?r7I0*&qmk5ByiNivbhSTrdkAtq1gTKS%+_P)gZA^)uT12E%Fj&t}!k3+C-
zX!sjuaFh>}{6};!(Jc7D{Zgw&$6$;43>njPk6oeGwjUF#CUn;jMriNuN^qcr%IS(K
zZw|t}7I&o>8v?UX-j5G2cK=FkpPI6^TBu3tD<nA$1l2!s{~iK9nk8#t+s~!WY5(og
z-R2Ed+x`MNnyu1_hqs&Q_%HuNJLHlwZ+z`z=C<>WLXo6lztV-~T*tc+=o`1CrcKQz
zFRqEf`5%=$LB4)dSLhIE_H+{%JZQJ1f3DUa`R0WKx?idF82eV+K>QJU?sN3;XK<ej
zl(HI~ovv*s&x)%CH?l%mmCp|56<n{bu#CG;u_lvFHVSKYr{?`Ws&Q>!BJI4j+Z7<?
zdRTxqzPmmYo2AW5MY9quRx$VgDkIK8M8o~ji)^FqEOy<!E1-%Sgk2y0N+Q_fWsK;Z
zFg<S0-|vo2YJUKTn{umsPJwpa(Q^$^SAk`(<kc6U<#=FE>~5ylSKV6MT<wNY&t7Dq
z1RMGBFA!^H<7Z^QgXm+C)YlECL++G(_n9YsbnsI-7l~&?a(DQ<Dk1-HN(!A2Qy6Os
zK0m81G}#QW37^mgjLnBP7?L`LFKb0$;7{Oosz%D}c1FdOiqv*1Hy8}y>iG8%ZE^UX
zV{rQEhQsv{6Dctbl7OfPk{;fz4bt-<DyQjFIoF8y$jaZ`H>6zfj9^5=4d=i%9!=To
zPa93>CU>^B7y1m6p9hd<*a*SEr|@el#HiNvxS=B|JvMgz2V?&J(%-NBT*Dm^hsn6h
zwG;vpjfVcb19mbnW~oq2;MZ3YWR7%Njt34q+4-qYkkpx!Jp?wU@3nIWfliZ#sU&7K
z85nGJKfdp~ZN6)Qf#gYMNPDBQVY-6*Tf%?80)zyK_8ruL+VL!a<^3h{=(RTl+Wps4
zd1FZ3NTIU%whp?@S7u|()bjWRved49IRF07XONUcpagKgHCVKYA-aFXK(9XT67Kg0
z^nrf$7gbHP@7^C2DOd9N2g``p9)usSV`=1n>8{1npw&Rl+|17kLuxp0ia-B)qJKf(
zQ+t74b-glcy?QC0QhapYpF5PaA2&hm&#k1zlky@l(dah-gF4}>4V`?97c;+Xe+%Qf
zH{?iiDYa*T<a_snf6(t4ls1?<{9|x?Bu#5afrddi-8|{Khm;q26|H;xEJ^l?V_VTX
zA)z>0=i+xq9_DpxUKk6sN<`UPdvJ{lrZ&U7;f%2TGwI16OuRcyM{(YYUM)9wR1nRQ
z4EA}?(pMjVpg0A~l_d0L(yNU2rtxTXluYGM<LMgG<5NZ0^KlY3pkb95Q1`~2O4b(>
zR$to)ox@Q!6+zXSM$(|M%bC@jFQsij^Pd$6DX{Q8sgl3P{QClWI>Ni0_DS2#6{Jj7
zW9139F#4v7)UJmUZ<@d$z`cz8ey6;++pN3IU{VxfGkkDBiaABF8;ckDy0gUPVnMl1
ze@<E`eQ)!D;_T*-=yQCYrE{*=qt5h1AeF3=e`D8)$edqm#>*wN*m|eHc+}U|eXf<J
zmv0cCVhG8#e_b*2y{}3jvm>|SgBN&gcf;q6X&H4%8PdQT(YMqUWczTY^R+`i6#MjN
z6l&Sz{whNd3c9E9WD%Z92F^{ToL6L)jv=*YS^bkBp!mmmKz*uaS%I5eEq*t-9(Q50
z;6|dpFdD3K$)i~m@@|+#riLw3?>(O=&SoqgR<gT!SH%#LMd4Jb3L)|44=-@`cs)zH
zag6Z>ach<L?lC&u`J1IC^C2cV>0^VE;(Yr9^DKhPNFiox-zV#!9tE4pG@tFZJXebo
zn4>CPhlEpn@S0w_ME%T6kqa><sQsXYeKJ>r8DFuXxm)G&Ll3!UzMfBwCGM2ZbreH(
z6hqDFwjrPquf~qHUzL7#_x1LW=lo)RF#ysU&VcQ8fgb{C8Bh1&1e@YO+!S-!3HWP%
zR`NkWWW)0jr_{Q_itm;!nm-?aT8vkbQL%w8E?@J;V7HJdA+qTESpGH@0gb^AP)m|~
z*Gv259!VaPxA6bJOAkncHhH<uCN1Mh4eN%~#fZBsIj)LKvdwUVeysmY%{M0Pj;6!-
z=Z(p30;13L213-a?&XFOuOhE|XAVdbK>^C$Sa}t(OAd!KRSvT&ihe|doDkI9yuQVS
z_kQu6s(C}sXAxU@d}zOKbERiHJbB6<E=cQQe+S}ja=C+fHfgN#{xH*mIX6d3NpqsK
zrK#}N;ldpcw{+tBf$736pPkxfatjn301=<@Fu_NC7jiEp@{4xz;t~|2#G&qGs&}zE
z2^fU4$Hh7@pCpCb7d>Bos240H&&nW-T~{dVyF~kVV;^roc5?fa*+UH^8STw{%uar7
z$)wbNsB{P}ldRusxB4BIodSA`p`Ytr{T2!Z4vS9ndj~H4ed^k&`;UqjA=2?Q!f&#r
z^H2(ng{MyxvZ+W;#^mAq^0bnLE6QiEh<;=6<Zopni3CZWW~<#b>V7qlCbvo^Hrb81
zOVTf&-M;ZU2~T0|Hpb}Sxm&^A?#^V9<5WHra|$Tnw6X8_tnH(>(nH0~R#3>K`N1n=
zUA<lq5rGJ%Z?=9o9l6!OISQNrb1rhUCclQtERhR?P<-JKgr}5q@D!>jjg~+3W~D83
z9>R-*K6qWEA8MrKh-0Nx4Y?k=;o+4catcds4|n!iI|z}A6nC%wxmC|R{h@FLqyK1R
zV3RZ;0ocq~v&8IUIf~<gjeK@nZkANVUbyStLO&gCGIvThS;2Rc-#zoCG1)oL?&`qn
z3u={c@zudntV?xF$QP9dhKG8cEDS+faY&1{2TyuywZR}vL4sNH&1nrk*Cfn53<RKk
zG=LVSB$8RaG2Ebe)y_0*c-bZAUn5Cz51ZlGeg%9;1t&|2Js^!E;Oz4+KQC8nW{g@k
zn5#DH&ZfC<xmR9`oTb^K8^HOXC{{c6We_2L>TAQM{Hw~jL2i)U3eIw8=lVw`THwF>
z4o3)tGJ!(y3nh#?(ux<U?6`BP1ofS`%l#~a&E>Z^)t#K~x)!NU7<#h?qWM6UAf!{v
z+TC3Z_q((7cF0!qpUL7-I}cY9Dy`z=-sMl$+gM;bFx+FjpMY7%p2mK`enBj{mIdDQ
z)-6i8<@zrEIas$5KjuU!d7Pmb5-?JwJb!WKsvB0T@SqW&bog@J9ZzF&y~YP@037l@
z_;c1u@NO{7*xPR?^g-rtU*?)qR59Q~LE~FD%B|HDPh!dz+U+QPHH9D6!a*(GvLaFf
zpNcq_%o7#eeQ)fqcKOI!!A7SX20xBrD>|>|#V80}$qm(HS7nFU;v6hvK+GW2+r0GZ
zw$<k1U}2c9XLgS4A7_UfL;zX2;9HrRw=&v}{Z~2|V%i@KQrMsm^5z|o0p~^lX<W4E
zdgENUP~Fh}gNhGIoQ?IogsFPPu<l3v(MpiBP;Z0zf-}*ysxGFdx5;FDf)b|Ao8S8n
z_G<Sdd?Rf(Uwtfh)`>hn=2nDgwY=ZpS<>T@l2OGAhi~0Wq_;}oXlwXIbU1sRSTaX7
z3nv)?QtRc9RgHV!n`neFrSy~Wvgz3Rden1=UVdM)zw7)@?S>+-oUaoqpC#}EYbrI^
z_sdJH>q0e6^Ro14)0)w<Q`*)_x0K;G%+0zjdq(rQCDSN#<H;UJ4hAFD(;MZM5gQlq
zK)E6W9N4?PhtM@Y*1c*>;fy3K^kP2`9Wnwg+3{HTON8#0gajl_Yu=J8C4;E*l=&3U
zoaK14#G+zc)KN1BO!wj7-Po&mzleyA)FGZqtX{2=AL;Ye>QXucJWB6KKGIS9Y`us=
z?pIpnpNin;4IABDM#z0lRBQOT29>Ahl%)?u<fpXuQs9KHv<v2rs~~Aw-)0%PO3XA4
z0lE82uX8_63$b=TR5z4>BA+)dq;;;TWI~^yK?jNzr{FIdw&%`vW<cf&419vbQd7F9
z<z8yCcQk%e(OOaufCryKQwnRH_M|6coT4Ws@!W@{fUdu|Gc)7y#EKv2hVf3J4gT3y
z6lBjr*a=hVGmo9ZO8k<!3ll74a-cQf6P(AicZc9fugqnJVO<TMY~VdG+>CIR8TkKD
zb3j&LWfjoYNz)m;Lsrr`jl~=LHR^Y~)79cQd*a?gYe~p$GKbD`kUuq&+Y*8Oq{D?t
zer;ui;qFp+mNe}}nJ(QIH9B<l2KN$c)g?J!qh59rA}7SV$!kfy2Qb0kS9(V;mn{$f
z>Nar6cK#mPUZ-L~uR<LX%~sM&y}hm*7sCdgtDZt5bs3JcE|o9M&d_54DPidaEnF9h
zp-3^vJA4_=#shT^C0b0t(uX3><AopVRL#0Xx%TYaS{(k1-6|$|jUaWA1gA7Kbo`0|
zxbT^Z3+}VBi?$gu8J2$89>%zT(Z(L~rk_gbJ9o^d4U0W@QXus4xP>u(?Qv=D8Qq*8
zhz5T)y5H+4syN{R21nVWFH)4avVt}*kC*4uEBg88Rk%rA5cFXy`WTIhxsVf}XJWSO
zF)R4?tYY>3nC09HRHkPK?O;$?DrE99<J4VS++pGa1AZ?c91O|sb|=?zcYaH^zf`uA
zE?;)dRGb0>*TuUWTxzfve>@RAS`o~{<O(M%LMT(-C7_uh6<2P*tKktTroF?Ag?V98
zMYTjGSQCk+*km<dTGn>opTMu3<*8##%I`J*_bb8S+%eCQc9Oa664F22rX<4qYLh$x
zD`*yqOw5@<H!zX0uqZB1f_dJ&@rrDk+bbM`UR^Z)SN)Fjl#*7~qFVWPWA+vigQC{s
zdAUbVZD?1iY*^}S_X`YNv3ixfn$;EQPKv{#Jn{UFe{62C%|OV@VXo;hN{oumlGClJ
zg_4BY_vD}(Z)OwKhh+Ys@gI_dzcmT4+aMiy{Odfvx5J97^r{iU#I6r$2o8z%H_zXl
zwB0vUL?nZ(0gR=_L9~r1bi#IzPe9TwLSXf3v^{?=@`1uYjeV`ezC<D#cAN}M=KT>A
z<fCYKFEN6iOv)k$LjM>%Z{nY#4-=q?2`>_N&V57RlZg}HC;gt<b;@nmgh%VA5HCzX
z$+w${s&RdsE8egDzsfOj{{bcLV5m8}=G*}KwO(vLy+%hvq(jjQn43RD&pPPWx`Kvp
zaO+ua(jW*1URSZ=Smo>oSDF;i!7}xetbTygVRIh%^OveEGkWv-BeIyZGy}Vb-H-<T
zyWn@jvS?f10eu{vwWNntlq-h(POrLH^%78ECqb{xa~#rI&4;RU=po?4S#GL_UGG_4
zb06GjjrN}B^89fO!WW@vcWg$J#x>$Uu(y<Sv2g)J)a7WwOzW5K(-AhYExYN=lzIEt
zE2bNbkto1WtFpxN{$|39y{neoPQ5-3hRM-x(!UxO#Xp6+X6LR@zNnOHHe%@@8}H^D
zQV{Bs40-O6mmkl^5Q(1yzPwn{2R^eO^}=Qh3~WN*yOwC1WK(QiU>_Y!qRLTqpvi<x
zyrGd%!E9_&65d!|-6-&xIzml%D=Q+jjBjg-4+aKaLa6{nn0JXLWmA*kRomnAf_~Lj
z5sOf^9$hx?G+ZfL-h5;G3uS;NW8F-t+Fsv&o0d{=uH)bVv_H(gSn|O`JXtGZG6@P9
z8(YC;ZmZwiB!64tCRAeFB)Us#<J}@8@LbJS4rs;#M;ZCLgTn;kgeshrND=Xrea$W{
zX9S;65=~#wGL%~x8V4ttoy9=1M&8I4)^zNc&AaP9BKE~Q^pBdF`NQePoG}S!M6$G7
z4(X%O<2uz6&f)sH0Wi>SSpB$^!)i5zV?)!+55{#a*6?);7t}~CO&sLlZ@t~~3e9Q{
zr6-?nR^o0r^(;P*ffC}lx=l_4+Q8f9&(=SLX=lw@JdiT}{ZJ4Jp{IR{MRC?Sg%eDP
zOU~fwXXAAn{IEaLb`PcB$|Sgsgq@z6%)u)93t&#D;1k0;)!k+q<=(hFxSpLza1{X~
zu9=%^%@;D=W@?9u-5XrKsHwUF9wXyU>&--Y(?R8&on_Y;sYtQeJ9VdhI~zPiRJQH4
zs5eRm{1<((cnar)>7|W3R53{^DlKiG@Hd$NCp#5B?~5QM{@Hd@P66?|+%OLJaxcmJ
zK1b!OmI4YW0)qJ^`kyu8d`j<O<z%`w8E#9|&%cT{BjFDBK@`B14?;)+3$3^|nZ5j=
z=pyvc^4bl5w&@_lZ*tN2Ff%m=3e3H-y>0Qy!$$=dRjGF-Jg0OO^RHx5f+hLo+N9*>
z3Dc9l7L02Zl7t;_oOZv(40Qv)4(@<?+COeK)XPnqks>FHww%%fcR3-DcU%aY<JY2x
zY8mz<Pt^1K8$vh5*Ym9{4K;q%fElI2dEMKoFWJRvkX9nTZ=HC(`A#B%Pq!$fG|!;|
z8M#0ttyd`ACwO$VS~84)b8rWs`eauL($bUoh8Koe-q2i<eDnyaCIZcph;L6EbxtqF
z&tCx%qEC2DbWndN5YIj0@4H{s%Z3wKcfIzG3y+;U?eVtV53z8`kn9t$erD$Q*%MxG
z53h4E*EWJhJcngLA(1WIb;1C#6ut+e@B7@Z*ru3IT|#@iYHc7|H@w^+g6>QN6Mp>J
z0NMa1KygO$^8&tvV7uWvZy)-ZWa{s_+f?t?*1jXga%x%o`V11j=MA%of3?MkD>j?X
zFyMw`{>lXDjlnj;c|b5_KDD+6fS0KfyWt3E)&SMS3ikHFkL2M+>H}#J2*3oWbra!$
zYcUUHkVRcu9Rb*1fCQ&9k|i1A|LcWF(n9vwx3*MeET>vi_FZ=9b<W!nOwq0`wEyv0
zxzXTE7tS>pUDhb%HkZ98oi>xr^xZCxPu{L18qEcb%MIar(j+Q(gr+o2@Vj2;Us<&1
zG1={XR~K_ShpsYjMz4T;4ZhU+L9%*EH&WH>573IvcA;ns3?q!*Fsw~OCKYCvzfenE
z-{&HGqO;pkHU4U@GDvfm-^@h=MSO_Wg8wZ?+321?i&x)-Dy`M-awc5RGJiUdDfJEO
zv~}4K65I@@r_Y`MW>{_Qn>IbJJhyIYs5}#>OInoegt=b|iz8^*mTbB6Rr7V$M^|jE
zO?R9NR;ncTt62{mB7qOzGHA+u@sEeTLj3(c_~(9b`sA$KDsGCL_c0>OOGJW{xR!Ux
zBPdlnQ!5C+R|F39fO<Fhd6V-bJUsxgF|v%OYfB1M>QWhi*4!IID)|6+I_JRF_x@<j
z2Y#orO$~=Q?>VV@>W76viqXT$Ah|dh38|Nh58P%;tqbv4rEGwH1{4ey!|;CQB<h>V
z!GyO(4p=m@Dk1w^#?z%{JH`{`o;V;P2ponql?Fg%5npQ(DpctY$!$7tQM+)VHKCmO
zpv5!oP6}eaQBRgkp?LE3_Q2&<oz7>MUBWwSQR44kM?VYL9?#Xwt8$E?gA~XubbTFm
zSWo+~e5;bzM(1k(^;H&y85}_Bcd1C}M}I7A+dcT%L{RT8Y8c-_-@!N1?6ft2h_{dD
zYy@;Jet&!5aaXmGk55wInNZWwi=&;Oqe!|x$0D;>KQ)UinlxmRh52f%Qa^1UnIynR
zIx_6zz$|nP(srzU!Z^$PCQ}deIv}%3gQBRu#RP9L3RHAzDm`d%NEUL_m{>(pq#{^z
z;um;adEW3$LagVyLP(uR^l_tN<9*k<)(WQU*=ax!ZouUCq`?{k9d`)lP%D-w>!ZoY
zg$%Xk$jW^lvZ+aS1?~Z^fc-8*O()BPY_p1(vz7Vm2-ich`*$AL1cq}i^M<o?wTlpJ
zw}w$NU~Hlcq6U_HHR>SpU-5T=@`6Bn88T|llW;^iv?q1d?M>l{mf(t9LGT+Uq=mQ{
zL`@mJ$g+ED@z2Nhe&rSd`S<6!;f=bcmM~OX+yPP~2QtsgZki&~Vc=u^^MvTWL2stv
zF`U*C@p076pzzG<>&&P*d<hP)eVpt2(3|NBX1)G{$SC>Pkc9518IdG10}Y!gH}<)6
zslxWt`BFMMLq8Jn7L!jl1|F_P+^2?IZOq9M!b<4TKtjX<ni!PkG=U008|8hAIE}dr
z?mS>njYT1Y<wP!(SQ0_)VPR^CgPlcVh5nFnQ;N1~9=+#+Ky#Px!~OmIN!3!p`Dz%~
zr>(wwikC?XbwAi_H(f~%3bafz|MQwy{!r5K!wbW|=wf7Pf)#G>je|-1%;mbv<c<2|
zp@Sry;A}r!y*gVz#(=kS+;2Ry+K%83z_V!JZ#mwfAyu&v+6XwtoW<4c4Nsa7OrtrI
zCFOZ-bARS*!1emC@yne~4A=Z&^Q?+WTYbZan+YBGyv~CIjkmXL&yh_U71bsmKFLW-
zqv_urEHo8y+>dQC5;8lBAI#Wqj`~g0uos#O4+$_nWLft^t_XxaSEC<sCRJw;+lzzu
z-{LB<r*7d(&nuk5;V^M>EvQo1BP0wjH-$s8Olk_u0n3_zlDy5|MKQ%=i92zs-e3t`
zXzC`zAuU)$DWdm(44XV>-<;5?!Dw7!+hz6Ibk##UNuNk9^t26c+gwYW=Gq&U!E>K$
z(mBi3ux`EAPk{P>@3`y<Ti|@QlXQ2^6<i&zhs<&M%fcYl3io%U=I^2VCve|X9UK~P
z+#xW-Foil<=HQ0gj99@?ug+RtR@RxPC>N;qDE(HP`PER)7u&l@Mno~1;Pi}dsDk;6
zSnBz{OP?)NJJ8VZ>5aysjJpRDw3Mj#T7^8inhs$Yv}fiE{+pei74!fFAT;OghjA*q
zUjFpkSwwx9xtc4g;=mf@Qmt(6_7gd0p8*Vp&&IM`mKI65R|j~s2UsDB@9Jvla%@>V
zA5cuF5#QvJV0cYS8I7XCDf_MBOZoYE2-<LewiMUEX?jiIl{ig6qPWuJmAUiz-2AOd
zjeg1^TTZUp7nM67bct)A^R5)^`+SYJE{BM95Y>N;<Yy4Dp63hX)kV_$XYY7LKjW%}
zyk1asMmIEtiWc3rJYVe$DaNb1*q4!s8+v^jQ^&&j$K)L(vz(w8Eb4G4jArsgi<IN7
zJqlmVUS-c8Z%oc@v^&h`68}v@?W9R?l`N|KO10R4<Gg=lCX-pqdN6!4>@5Ef&VRga
z2ES)KXbCoDyfi}t19HfmEVbP^aq5|=F4kifU%o(VsaX0Tz^Tg4w@Ap{m@Xh;&Z#YD
z7Z-f8)1#5hmoJ(Bm|Uqplz8Kd^jbM*A;JvFpCb5)8hv~`9bEM;YpM7d=j0r;mMtyy
zfRO=sh@o@<E|_9z3B_Au7O~sr2jc5tr{)<UiCQ}HyuBh<)*Wh+ETz#><Ik<v#^=kK
z$6_6Ze{3md6zrR2@4}g0O)5|LZCP-Y4}Pa$s5GOAtisU4g}dm9@pNHM?Zb7E(u3AK
zQ;prcdlpmEJWgK4H-U+26rX?B<-u)_@_6A6vnm`*Q(ab$p0{0J<1yOpOr-2im7EOH
zMEoq3r#ji4w)izq8mDf(9FW2WbH1G~ySPg8*ZwnyVmnJ78&(Y0Fg#svI`gZZ{YqU@
z(!&c?PeBgR0K3_jK{y5GSL`{-`zWnqYC1o47&WUf7z!5RdU`^7COikLQ>8IL8R6b6
z-_b+A&h9twqdNjn#Y%#l2NU3%@?g|2F6!;*Q2rQhPuSfn3iwmH8?G;_l)Xp^a4sZ6
zG(z&Pt`1w<R+H8TY}_ujs3Fj`vd8L(xY~vfR@rQ4KJ(^<GCrL4@MZNOM79oVJ`TG7
z{VaI$^0L64g8odnaG}dV3Q>^fZ6&^4Rz?^o0E(9%<H;Zh^MFF>rGGTkv-8qE4QK{9
zHplIuMv-xSJI6h0*LgA<{!%y|fG{apqVLmA0KH99-4|yWLpn_t%dMiQC@6lk7}@YB
zSy@@dEV)0ld@?tuy;wkc^UZGcL-cFg?>udro12F>orFkILrHfQXJjFG0T?(nh@Y&i
z0;s5H<)M>ah7vNHyFgONQ{r;O-?gAWL&NxeDZ+E03S~Jh&s$yf?hr0!m`H36t*k<+
zK7(zBdaR$&q!`L~!7eUR=U&C4z#uK9@X?frfItUu#N`ss4!BSXQz`*V|A6zOC+orE
z@$H!A!2}d^*c~Aibg1Me(#6^5oN|;v9P4_{e^gf_zYYwbwuml_^#8bc^MS73mI>*f
zNGL57=1B7;byh=wh{7Cm$Y<MI-c{7C=q?;(`@?0tQoK|aS0JDI=^Q|~kZL1rB7H>b
z10!vcCmXE=v2KmBB{%n<YwQ=U4Q0E)Hh>emlW#AWpo8h!Oi{|3_<B+HY->vG>|i`@
z**|`Z<WDNZQ!s9i6bL1rFRF0-<ud*_=1*si;=wHqC&UC}AmEGhwl%+1qfXpxu30H2
zHa6cK&rS_+(B6P=e4w~zf{=W-el%1WFE;bXn@8Mf?aH6+6e~;sGkJ;*TUCl`@#crw
zM9fGAb{_66-c8nushj~soTdmOIjHn6;6Fv@8H9g1{Ld2py^0iEo&f(Fs}T_9+cr^B
z1W3FCA$;Rss-qVS>Bnf6iOXzM$Yd_$B2XB(VYw1OE?*7*XvtinfTDbm@gM)SJ0vS>
zz>I#UJCgH%zx)Y0{(WEX2gt|hn!_T!teA^+<y?b~;1r8vAF1o)Pd~;XTz5+-$XOvk
zYnV0{T|)h1J^x+L(+B<gOizG5@<andb;%p@+5}Lba5I2P?5$-F<oZXJ(!Jn;A<K;P
zqT$|=N>Hr~l^-$mV*3<d{y(1$Vgl}WSNBV!|9DL=)HM$A#Yap&;vu+X<C!YDA=9t;
zfB$}kocou~?H=}jhvRhVA-uqqmm5GW&i}P~?i|uzG3U+o^&i(aH@8KG;fa489!`-7
zp&LK`Yh7{(l5t&w&Z>*5@uvR$N!JH#HI8G#i^4Sb>jG<Uq0EaW`+aHH*S6uT-coNx
zR%E4$m>9x0KE4SCL5(GI$GopY{!M!SfrbBA0GbdtCQYz+<T@0S`P^-5vtr!pzQdx(
z@)AfE9s-^t0SKy-EdjhX3)B2Pn^oMO!*qi}x?3eg4!?IgSv*D0D#M5R6c{u#x<BtQ
zBZI_<@Z}j42VmU)gz(k>yD9(i%HJPE<tc!Omk)#zZpqFyn75Q|q_|{Ug$0`koot(_
z-n^j~YpS<6RNgiuVfv$@Bl*)$D9NXb70Oy8bvnKxM=^@!Of_v~A&a(}%@H(INqe_D
z!GQw+yc32@qNoYNd@B{%LN=A<bb`54V31q5zEmt4O}XXyuju`U@brQpI}hqtxs{sp
z<%(h(kNfWnfpS#uVhIfyjg-5$XL}Rwi7&C-ce$3C;e|5(>>?GqXY8BA0y440J@m95
zu4_X*YfjSE4_s!xbLCpztkXt$X#_JiB&6@&!9!6YKc4=ndYM|20OFSW7q&_>le1qW
zt5p*sKmOv*f8WVpfP*-bCD+z=#@zPdb|q*;u1p<^N@<x~@oP}L`%U4b$>bR`f;^vj
z<LImCZyEGi0t8!Jf$C5D&25iXZ`51zS-HkM>wIsaNFbz@i#?_ISy}7N1>0HwU|dW&
z=k}V+xvJ%T1BZ!hyQ^mZ9=YV38?~;^B%mOPw|={O*W+)>&VTQiWB}X`*Uj&^j3yH^
zR~@h~P5kF&?*Bi=zB(?-Zfjc+5JaUxM5H@L0V#<AiJ_&X1%@t>kWQtgBt=5Hk?xXi
z38^8JuAyOQzIza!^PKlQ?|0t+_))X>zSmysTGzVPx{rdLl&MfL->Cp2+z#7?Hpq@b
zPjVI)7U;Bu?p&En9QfDzhVf&b3wVWxZo~P>Ex{vb(ea5rch>pYNv?xLc_-@bP+!~N
zAbd4Ft}u(YM3=)dS0i0&93YIF_^c+T81Hrwp`0c$Yi>YMg=k*RR?bc20-1a;g(UZ1
zHwyC5E9q`8>{A9=YdA(niN_g4WbYb+hPk2oPP!U=9FiB36*!tto4JF9b@;I8QN=4F
zmg;?;lZyH}5FZ0~g#$0=Q-VJcKI{lpJhXb#^Mw2n;>6>k1n%i}a**BmiJlbJuBHIM
zlTOzq#pNdJhO-R!vu9gfd3w#h-@jP^d4}z0F4IU6=GZ$ZQ9*!7MlHMd#|gw!1W4I6
z*brX*b6?bXU6+qTKMK0^2iv-48Qev#EC5FiT)*nN6VQ%5S-pR|%<2q%f802U*iU+3
zR_qtH$6@nLOO1*g(>Fa&p<|?zSOoA(=k_uiV>m}eddj6g;WmqUwZ*2IE~u~=Sn!t_
zhs^@zyLi9z-tZp+)C&210p-4$n#6&HWWJ-LfR`WdV}KidfK@(z&7SUb=KC>6at=&0
zuGBB1a_d<4x9Rbktx@jn4f45h`P+Y;^xrNIfZp)4G!Y=F`_wQ7>*<mc)j6`ONNR}6
z=U}4ylV=#Hq5kynI9(YP5SJXES7#q+x;>h$P@@XJh0T-vuqjsktvvABSft8t8bMFD
zR#07>G*N9BRK2wET&q1FxHOhym7RBT-VmnX{u}uE+cL5uQR@$9bKyYEwR_qoG=w}6
z=f=tK_a>i0%~%|5hRciZRZ9OdRs7!1EIl6$Q)>ovy7%DkiNvMPPI6?)_zx%U9Y=7W
zMo0qT20EC3W2(JeXyo09_jlGrVLaQJ&xLnBp5Ojxfsgl64>VQ1|8hz9hjf|6IMr-4
z8J_=kUk%o<akrq#Cwc)rHG>g)AptSqJsdgH#M(F`OC#S*w(-i$ewyu1FqaJ1I$8S$
zhz@ek)+;1>Q6oYgWN*})$EKIKAWF2CaJ*JPz3i6t$Dh3l+yjF9){9Q#qgDY;sv5T7
z6V=Z@CCEKyyJSzwe@(p`4kiJ8E<O-ysW6G{juo8}IyoKw=V;4>?Nu1<p_E@*T3W8i
zi=b&)V=_!J(i5@!`WFewNgbBFgw~xafc0?|eJ$b+Y6LRu(tOXy`03>2^i-Z%_+F|+
z=(g4&@dvyw$+rl6C*Q_b&xL&LvJ|3e@I<wYoyLRqnY;b`q1UVo<I1;F>!`}AeD(1W
z@5CKWjFnPt6Ssa@_}8{zvbF4fE}Co=Ojn+j_j7Jb{y!^js_Evog^<C!_`?zXqb9(V
zi~ltk|I0^0c>s^feu~~^=I(R6FXG#Qa?)siTjM4UWx`|P2(quQca5I89hc$+2)eO3
z^!nmZL2JT#Fm+wGtDIfVPrt1b;fcP<4=-wBt?`x>gQ(no>sse3_5n>QGBPrUxp0|S
zKW3Ne@eB>ML_kwZCvst?^rL@)h<_~uhy_tWU^zLtg|`o^|F&=@S}&%k!8H~Kjq>y@
zX4!|_cUGeB;_<x@g-E=|!qjnGjmwT6ZVn9&WlR>vj<gh@lZnj&<(ELi{At18ADSpz
zHNd$}45ijejQcTRIW4A*LYe%;G1hX6DclOcTB!e*wfv727KbD8zk`~P=0SF*M6sby
z9m|DL`VtW-(&)Onx_X*<<<=ax&Yv2ouv5!8>w8<>=LJY_wfvcH1H&9gD~yzG$0F=X
z{`a+8*i3^eAV1oJV{`-FIaamFy8Pyy*`8hM^(jO|ZLbaYh|vM-vKBo4AA$Zq5yxft
z$47?4Wvh@%>qz4tK9x>pF+(D?ZiqTG%F%<MM1lSiw%hj}LVv;uJ5eaH_L)@+c6t(j
zEbMXQ<#Qr^gV{)4mG%b}-P2CR+zsOxRBh2a(>P*D9_2lQF<pUAwwXDM>lVjZ>(3OG
zp~v*XOjcrh{ch&<;|uMK(I-n>*p~m}oc?*ym#0VKt`^T_ng=Ze^KMj~+?TgT8vd%=
z02<|4cQhMjRk?1d<xp33Pj`3OYG2o&d`vbl{KL4!zRp2*`GDMy{9H&isZLQ*(M<bz
z+<s*tM)U2`{<`VUgs3QHRi604*@@0(tH?uDdZ8JM>T_pABf$y_%cOqSp-tezd0f}w
ztv~MWWfLk5R;0zk&sry}wQ+HwxeoPXD#O4C_mc-MXRGGu8jr=9jqfD`uf+K00|&mV
z{sOqqc~w!<A^e;hPxrxZ%<tA9J;(%TE+-~BItO^qg-b}3CCBkz)tJ^8&etm2nQ!dE
z%fUEr%WuCq9Jd$kCK}N?sQ&pNuOph2P=$uNC4P7M{`PK*9GR@GP7()fh^0mdk7XcV
z6I*ROUlT<b&;5(m?P|`hv(&3KF-0_{v`Q-@HjHxxJ>co+dkx<?o=5Ek1b1{jkn;3I
z4IT3lUbpXL7yoCFcIoTAUIJ+R{Z2;?vwB|A=^nv;1v4Agu6c8tte)io`U#dpr|NH&
za?+sne9f}GRW6v}Q(Yo1(M;D?M$m3hV32mZXmPIOocKs3pFN5?aUQw^Z3LU2qX--A
zH@)LM)0`7^?dH9Jes`FS=uUgVlL+ggNue5@)j#IqrHmK$+V7Jbk4`JzBttQ~xV2D}
zluI1ee?}y)b=qGDO7F9Tni94-sQKGFsFN5x7xiO>M>riHA6Vi*?g93%*jy!IG|+?z
zL_!0@w-8^-h<$MRu78G1;@*3bCzM=MZ`a^VgZd3ga&^x>B+2BQ$Za}jEJccmZFo^S
zdk!V-f|d=@t02iiXC@=HRgb@4NovE2Q0Ga0buk~eT3!IDEojtMbP}KAnzQhV#pq}_
zgM+-MR*R=p=?EG=e3I$^rA$&mof|A@{QaW;8#2Ix>F~lrMMEuM6I#2FcPAw)PIU3E
zl86TGF`%misf^{CRv}KBmza1QuKM!9SaFjWXF-Or54y7z_V4tU<+D5`=A&U4-J-CC
zXYYz9Y;A1?RAM4q%F9|+)DD!a{48W6R=)644qVA7d>d{1>wd-SG2&r#_U)~j+foG#
z{6&nT;cvkl6yxa{)(E%vX+b0VWE~+K2#)6))H+DB>VTp+pKQw<+=L;WuQCymi#bft
zY0ygr2JCQzh6<jyjK-sFvTnga@|hMsPqzaC%o=}=wxx;dyq|Q3Sti1)The+cADO@O
zHgMF6sTam;8=?8DZWVb{BLx4j#IMk?``*32>Rk&&zDiPFW@~+SEzI*p{)|)N-n?kT
z*S%{R5$D!TOjlsNg9T<QnceF#{|d)oalEj*GuT4xg4CAnmjqfAGFMTztB_wGRybm%
zVFBRqf+Y~j@~Smkt6u-IcSC45=l#ZGpv1zm?sIvb@fven({(X#R7N0ty_ha2B_d`i
z;U{I_Z%pFO-A?x3T;o4S@7l>qGG$9q+w4^9_BouK*_L>5T_ptU7%b<|>`m{^WMQ8?
z)4~RKk14aes!Xf7N||I@*AV%a97S}aAJFDs!~FFMr6QBh2VOu@kQ9mig5&P3MI=at
zm;=Y0whs@Os;u6x^&zKuKuMSmT%F$6nCfB3Tls808b&2Y+TR_PGOMp!XTLgsa*$cg
zq4>jhC<zby;;rqjq9xz%)v4i0z20AamU#U6nR&rPxvAm)XlK9L;G&AuY{xLc=J^m3
zdeM9=S&!eCl&=FYQm^32fstJNnIbqyRuNjeZfZ3O+U<OGQsUi1&t9DVS*;2{jVuD}
ziC5kb^2{q=Gi7F#<Fh5NqNULF#{xcIHd(Xcv8rlUVN9Wa<yqzV6XnpQKh({NSh9w5
zoX@ib+Fun@KH3#fH~)0Ux>wfY#UCQ>66q}DFrUO}`=H-b1~8EV0Qr71X?$}k8Gp?9
zO%HHIQZOB50!qmDSIUx^c%9ta5=7p1j0b?w(Gr^W<8G-%nr$rt6rponec8qtt4{x6
z`)Wz4=KVgI`{9M7Q6dAw)(Bw+Lm#@+`IbuvZW&&1&Mie+@LtGsU*FRL368Q;of<R&
zNZVag4|tUN;(<|-;B8S3ZuTor1;u%_5AVwQ*|nK~iaK$j{b>I+YPT%7oO;boLA`1p
z8sXiwY)dyqZULm~6k&a+^K&73@1{-bZoescmWcggYVQa7Whm*S1k(k~zv;!u$2)o;
z8y-WjqdyIQRc2NeQOE?>eLk_K(NNn%{@kH-GbWjebj5tY`s0yZ(WrgAAQDEXx%H=~
z(^8(TjhsE7=L;vEjVHIQ5&EtLD&?{K;q}D5dfk9(N~ng#{>n(1F!HpDzT1ATt=;R2
zrMZcBtB`D&WO-$=!v{N9W%MD;s8w;K025W@@ME~K4<<g{aRBh*ip#%+kfQ8ZD~x}7
z9!;hBR^hL34yMBi3zaxy*ImVa(MnvHUuMWEHvJr;e%>oZt7*BmPgo%nHAqMPYI!|E
zLp3Q~-Z+OdYU2Ed!K7f{5B+d<#c1y4j6{i~G9kBPEsLXkxA2m~xi(7NdjER?I})+a
zH;bT{Q7%$IxEhQBF7t|ub%d3A?nu7C(zlCtm)0(o#J9kxVWoSkqlop2we6FKX~NCE
z(IK||Ye)dFl;k#I_L;+_T;-kW#5-UX>)X0$yTl3cBg#)8wFvdo*dXg2JjpJDP}wcc
z)Mguaub`0j1U+uB-332=$`vjE#9{8j0W0PCK-qumj@Di?b&$wT=#fcKt-pT;<c6=i
zj=%V0lB?qt!`-^$7}ok8z}stP(KFFneekSx(2w+foxLF2n&5)&hBJE)CnC)C-SM@Z
z&22w&67roC-Nm4TDlmx1gtTnxc)j9~(t$_!$C}OC1I_oiY!2!!+ICXm+Xn}Zs~J==
zLQwbZUfIlPXBp^Zpb_EPS#X<i#Zi|_XzeM%Oj#(q-|lAZVq-}%O#ACSWRz*e3G0c`
zX=PR_jjug@chOOvA9Wf(li%TSLhCu3h9AN$WVG)rPucLn?R=u!b)={ew{j&oT{iLN
zyi>A71xN4E)QCb0U7W53f##We;g@qqv=K8m_KKwXSFX6@qQ}$?qu(dv#I&b(I|O9s
z-TZ&b&jUfi1MppkyPd1k1|j!Y%4>Le^+aBW>$p481(R>m>5EG`@YVa64QF|oH*khL
ze%5u`G$7<`C6q{IT#+7Ev{|kePA+|hZL|~`;?`r+1V%B<)htY`V@_i`=)jIzjwCOJ
z#wgX;ZGRDQeO@U?HbhkT0q;Z*?qDRB4nT>eSJzx@C*7}o{$I~FC#$Sqow!FwMSU2i
zm3><rc=}>w&1r5Lmzwo?Es^u%S`QgTnO!VTnXdN?$g2vt;}+pY=3l=7C8a{IW~trJ
zN{bb|(E}ONNHi;__BXq~)?Ubr1flOlrHx{_pH0(@2a$&p>51HxZ~DM*jY;f8KSwxE
z(I4VGAOU4IE230EK)e~|H@$YJ!WMswzD~ZSqxdE$7UdGrM93tkr73GWi3#<q&jTal
zRh-dYR^E#=4i#nn(QPe9#bMDl7g`%1@XR2Sl-N`{O=u?`ep=_y$7~J-0w{$5GMi6C
z(9)`Qrg)D=-`h#0_PSMUvPszbZkskH4rT!H#ZYH>!^~c8`l&7BaUr=)QB!@Rjb7od
z+mLcquYvWa4|gQ((}SQjkeI=<yn@7@)FK;yT(4~Dl#Qg3_G`3r2W2Ppw+!QEeMRHY
zFfwyEM*ovJIE9nJrCl-KpE@7i;n>nYmM&R0`@V{X_Ce})h>W|l)T;)oZ@1rS*&7N?
z^<4imJQSUq*sP%@>3dueaxdn|MCb&V$KW6q7XQQT4~I+9yzGgs-i|~<RIJ~}&LqXO
z6F;%7+j}j!&~uZ%{~9c59|q3Zz}5U#HDy16d{k+mn+-B?M{U)ToQ4PMy!9jn5+RSs
zhOE=w`e4>Iz3wDx0s|ym7rYBqm8apxH!!6btR*9bb}Vpu+n?%l1LbXqJTlNOxdp%g
zcwSpkkCWc#A$q@Nx36+BqS1G)aHfIc&A4Gq3*i_A7K%ZeZ$?-|a*%O`%tu(k*B6M}
zc>Z{u4wSp1O10kNDI}!%!9z19?fZaZ<|XFAv%g3wyUBay8k~SPpBc)9y&s(od13;~
zi26VU0*&T8XO<SyUPSsOcw4C)=KJ7-@m3X*k5@6~4jl#PW1S9$ba{I;YaIu~*>Xss
ziB0UwH1kQMZL+H+gX=o2%BA_ObET)SVR083J;1Ml_5ffn><)fDucCb@mD|Uhd-_;h
zvfdnkZF>b$Q;f%*y0@=u2A`<&B7s*8ZSs$`Ii-H#^81)M!<xL~pHmCEPIdZu4zM{=
zdcQIDgZqLt6-W&*#PK74WrD)bd%o;{-aJE;_y{6R5UDVEjG)w0<@67G_8X>>`(iO7
z7>nHPR8j^sYgptyi;v&Sf~TSWsqN!%k9r})N>I6fUhn`G%7M*9!7Fc~dB4Nfm7&Nn
zeGs1A(~W`lb=d;@BfOHi?F6k8ym5x}wk|DKm)Xt$JtGsjB9^qusfH)5oYxuHuc}IX
ztj~jkgIO)Mw!0$prw7mO;m-fLTNGiwsHcEp31+aSx&gEFXV!t)rG1UJiHFYcF-HZF
zy9Yh7d5*u-SY_R-R{Um8bv_}$qNv=xS-jukOZFaZ6r$s!pIZFcW_ZlqKkQ%FBNRM}
zr>o=_TPhnB`IT<Ty2&4OeWjiH3oB^$?<j^j30|;lZHx1hFrF=j(l=+I5;+oXFU6!#
z4bd0&EPR(rq@3LrTa--`G9P_kP&R%RcrZQI{t{@bQIrSL#$gWm)nGh|U&ODr4h=#-
z7=8--aPX|n;|DF|*H@eACe*=;#oCIWb}?X78!4iTba|-gh~;mciFM~m6dF#7B5C(^
znuXF}8)l89(_79FxS|v{ajnG4t8hpv$kj|g2^vSEa|;BR1^GIa){CV|ub11tLyw^8
z0_|NLW$_13j+5vi(0H^Ad2v~++W2Ebz*HS4uK1QXNF(USZw%_7_ouL_wW$xfbeW<>
z{)krRv?GIYKIyd`7j<$tmP6g)S9|A#Ga|j(wlUa(wzp2OO(Jb_6I>w7t+r0*Rb{KY
z>CaYUr+!MY#piWvaX{KmRS((nj)YFh3+OU!hCc~j+6*s`LRu=&J^++q5i5ur^a*cj
zjlU(mqPP%f_%?d9z}2={wLI7js@O{!Ey)BTyK2F!-xh(#6V~o06LO^_TxTd)E#!6e
z2L1XQoFi)_-x-%25+EMP{MqtO3G0N*T(&2`$5POu=A=W3=mO$BPn%z!|0a<R_juH%
zWEa*b%dJD)|HeERl?F0!oEO5w9Pw5|%4r`{niokTX3`EWje>5`K6nu#N&r`KiVI>5
z7>>f2`Ef<&zoCAa8R7y?jc56b0)f(bJ<C<AddP-_&S%n~vNlo>gjFo-2UQ#fb!ro)
z>&=B}T9vRHDscCqT+agNatU_XFng?W$EYD@zmIrbXQiOK<S?8evbf=08pYj{+fOtr
zENl|07jRE1IBf~PJ&R6bc<>A`+A1{7QjbuJS6P=-H~1mW10ctJD$orHOFrFLD<gz^
zqZ&98V)FlN)fu%sUXQAhM4TklmCNsv&aIaikL_Wxd^<_LWj1AjaQ1!Ex8{(*-~ol<
zG%P)?0UcDw%Od3*gc6=Ic!ceVaet9<;B;!7e(!ew6LEE2^W{RWy(6F=ME60@t9|sN
zWZd1W{$MW_>Tg?TXa$eS-1eTTx=cCm=U11^R%rVvacLLKP4RVa8rGeqSJ!Rqja%Mq
zVoWVG#1&`voZt{%?zyKyH&VhM>V)>jL>o^uMQ9_8>j>Ox<x>C?(hBd<+3fSs%+2~{
z%e1Lb>k-Oy_dfn*z6E}8bNu-Gc|0-QFO#r!jfk%>5(-?#=Jfmgg!bWrkbtyqy$B}~
z(_nWH^^ys@h4>v7|9PMIk42@lgGnhV`ZL*ZM4JwROq3n~@Nbb#w!ClY{;sL`t86na
z2`&e39T)cj)(+@&6K_Ck?k|aWWxhdwC+e(j?UDW1^f%aUd|~R_ve<))dPms2J2p_F
z+I-VV@wT1pg`1&W=K6L$Kwi_XRFb>C&a*1`W}CCA@PW6h<uVe4;h;o3V~oCm88>Wh
zp8e`>;F3?|t37%VF2&bgLw*2Dkv{(>dU8_BSgET}T1rYukRBg+`~ma;jW8SccRs(-
z&$BieaXed8T1sO9)zcGxrCCh+a2TOe8D3=oNE5~nQphin2}KwiDo~T}8H%hfZ^UTm
z!SI6L>#88k%ETp^_^rj`-~LgQ<vY(3nSfbj2_xWyQbUh29>vHIB(a`w>T?A?X*C@Q
z^LL3fV$-{Sd6`9p!Ns)C%%?@P$JShDW}bsobb`(a6MnM~?6yCAg=79LfLM1b5#pg(
zwh&XE05|}^+oDR+_%UnzWn{>TC#S`5N2)}2M8p;aro0~Cbru47juLURF?YBEjgrf3
zxKUcB^8h`<fe$84r8^?g++~hS_qoW59iRrLYt^jWs^MR4LY<7z;!Z|fpB?(H32=m(
zkP$ioqMaOwZXD_5{!cMGZj;+C)&B+&NLZ(MBu&ZqKLa<(N;ttVSQtRUZGe3R&;iGr
z5|D!Z=fD7u1#XN1pB+yJQCYdfT2GgDD(M#M(1}W^!8sxIo_5T@WS^G{Q%f*e(3NNK
zvZLKP{xY7JF<v6kp@wiDPluBFm0M~!t)@^%f;of816-{lfR2U7u5MYlA-U6aCpqy}
zcKsMsH}M3j6ILGJx-;_8n9z|*aUvK<Pg`#P$<yw7K}gsP;%Gsj16C%gUUGBa-r5Hh
zot4OPhk6E$ZTl@mXh5r*5?A=S=tKy!(Ht;_3PTwKpv#z0pMScpklpa=l5R{igGmY>
zJgL~s)>hV9uX^SeTm~xVv5!JbSpRM-(6rc_2+};DriFZ$3*x(c%utS-m=<9(Zwm)Y
zB@GG-zB!DSQ^R~{sOs{teP)Mn`e*$@`DWOh4oLPxJr27dOF$`u-|(@=`qTb;WQl^U
zZk>IXL<&WLnH@r<v>8sX_2&^&Fk^ODm*{3I(a#h<r*#WYRB5?=GNMBJSP&=xrMKwN
z0r_EZ5|AH`dxUOZ^Kbw-B=ox9UWO<$-dlcZHuwo&Hm?0~{4YjWp89SYTVko%)C32(
z`P_ajFe;bdvNV$rK_I2r9wAS}yd>>QBl|()4|4OA1f!7RshpO>A;XX2(&!V2gv3K0
z!H<H|;-r$Z)WU-JC3@o#8ASJZrNeUE@84bN@C>r6mLT!GQsYygctO1GQIf|Jh+#xL
zVRvlRz)R5Mh!7I<#Xg`2&<B)96HkrOez?<5kmrxWEgHC?32&%HNl^!Vz)^coZZTgQ
zIY7=bVcm4nW7EZOj_UlB_>z~GchRPQ>YZaiHf6>1#(0c>h(XBy{l(ZPlsL7Npk{g?
z-Qr6?wXp-zEpuI_hlbm~fAQJNgy_J$(!Sqc{6qG3y`Tv9y5|mafMN|mg3u0PR*T>K
zQd<wY<NkI5{>hU4G2o60A4>YT{fs)}H>}q#n<&}bD+sUnwe{%B`w*F03CTuJsmp`P
zx`DC-W7{OG4Lm~(>%8mg9#PpQ!qf@Q=%~T%{I=qdcjtT~NXY$oUC>{!(6ejDf_#y?
zVXEKcbbH7U(W+C?FHDAlljR6pd*xGsMwCB?54hNuD;SVF3p)f(3U7eSr8|{sb_^)_
z{W`*SB<r9Q#?WC*2G!3OhZRy#$vyA`JL%kSc}n);>d@*@k>CJEE}dxsqa?YV!iXeG
z^#710+Mq$bZE7MeywazD6L9nE;FutLcXuBswb%*5BBP^^1L*5OLmLW%UQcdb8h2V`
zW7X3B-j~fI<D|0V#hye<fMPfx<Kv6xFSHkzVx=JAstY{hWu3Si?|$4ujwu&58>7Oh
z=%8p>I7DoUh!;}zIJFaVu`bR3LJ1&oO2B=zzA;w)*G983zl>$4I-7h!=nRMd;^#0l
z8@z?n;tSA5B%K7K?nf!Vj@NEi9ncnU`$x0lW#8AnN)swE58bwj3kOXqHpBApk6RCb
z5|RSmYlZ3A1O2*MzNxlM=k4ZRUlUj~i#Aa>yi$Ukd6Z*fgjG|dN4?xmvctZXc%dpO
z&MtIzp_%7$IY3s_``P6pURQAJhdR%~i~EIdwcfMJ!{@$`FybfZ?GCePuMd3~ZY58+
zH^iKqg=*kzxkQ-KQ~BnY>MUT79v9JO$^q2Rz-Gt{Rb#s657l+KTpXG=Lmx*O#|!zQ
zshVyBi9$dGMUXN<oW$a;w9QKC3q^G~SAG2|B8)G5bp;Cxo@u2S*Ts#`jkEI6$Dg;P
z6~Y1P8SD9}A{bV&nFX)|neLc@Jb>WC_G@y#u8UJw>)`JLeSzrhfiAjPG#8d2@_`A$
zLak6MV+|}W=ihDaI;D;QUESUL%1G{61VyKo-NA`zYnh?{tf$;%-pl`ws0Q)^B|?}Z
z8i6ZE49!(qI>9#{p<8-zVxPic;UJWoYuqMxQmbRXRGwRONX3W0(od4<a@*B$T>d!_
zzH}}-?oYg){dq<}a7b3f4Li#*Y!daRJ!O}MT<padWdju;jFa2$#a^9QAD)@3N*K-o
z6(7~1OnD`so+(wX9(@j|0t_Y=E66iwWv;~703nsD=3;Ce7IRW;>7{A<<J(uwl5si`
zD!XjmndcCZ?iS~e{Z{9^<J55AwdWF?yQ*n2nRCw_<#ZE0W1v(0U5=sr);NE3*<p$(
zJEt^poO6sjA+MKzz?yyAK8Ldd8FPCu8L5#H=RLev%$s5Bw5qyLi<HxFgdkAWH05qD
zW9x5n7j7!>F#+I^qDZoal#w3ZUv><H69)UNn|i6F7-!hpoou+);UE-eU1cI0$I`cQ
zVhd#oZRTWhQ+?)`=mF`X*)<L<eBsy3i%6rj=KIu8!8Roo03QmRK%2D62f}(Ji@&jf
z;!?+@UJ#+t*n-pW`h)f%d<O8*AaWo*aLs$s3wk<5B&4qzIeT-qgoVj5eXu-!?p;3s
zhSpP<)Db1@)2TS$v@Q(^`~mL=37Z6<u2K+~@h^%H)?XhRC=kx!qh9dA7A4M0UTWA0
zbXO4Y>paCHc;Xz4IE^UcAaa`^AFu=!9a9<LuY_8ZRIkFKx<I>8(1t^c@l1yjqzv0s
z1jyq!t8iogCF^0j>80Tt`u63u5AUEt5o>L&2l;6}9_Si^ISax}I+D|q*f@M>pkI+F
zigCQJsSt9Iov&FgTIP?_A7tN9H3z)eY7M{a5Vw#l`w?+(iZ{zQJKnRq&yp_)3o;0a
ztT0XG7tiv75e%qo#Fy6g@+<26JBVOL?Dh_GPHE}zeuV-GmZ5OHVK)&j#~Ueesd2g0
zGBqQy{T`ZKY2V(=#5l7)4}jOwcIvQ=g<eEhK0B4-JWkoCSJiDPFj*w7f}D5kW<&9#
zmI&#kG1qwtjpaX~3FC=;Lh;%I8p}kFr|?<+QDQ~%;`KJYw3}uA8a~EAve!F0Ooi$Z
zN6NyW+BY#EY~tDq3KlFcDBbc~4dUH&1du+gP~!G)*S-qP;=J!A3UY7J6Or;eWMx|Z
zh0z&F8z)-Z<qZtG>>iBjIZ+?q2q%7bnV$ln;|Ly3Jzxlg_^3w<tPvziQdAbf?P>zn
zPQ{)RBs5aG{PknJ(W6O_UHa8?*ti0aba%;9WS%np_$Agjru+PDy>Vev=?jWp%-WOb
z@3ShoYD=3_HQd6{(QZ$G*uX~*A-NO@f|F4&AB2LNKdx+MgYjee1W_^<=jU01t+Ot&
z06h%%-r|>85TUg7cwL)q^VTbIia(mi6U+w<KNCLYA`lfXkqT8DiYE)>#115yamw<O
z=CX;f!x}WNE*VebkS<rmwg4&SgUyd3BT?-F$Bz1=!icB@KF2M4tdejt!E|yjrWIp6
zqU&lH5_JBXQsOUfbNyYf7G$Hvw#>lQl$XEBdH$C#!4Hw0C-<zS#NtZ<P0ju=hms0V
zP-gD@GRL20-PT>GTpIURSIu83(0_dJpOyIsfXiajaQn<qx*OE9#X}#a8}&F2jP~C=
zD|~X26hHCeUd^tYy?$m${f^x=^aKLF#S{MX<Uyx|qx-~$^;nMo`!*YqsPEjBNwyFb
zqBXXLQsw~voaL6ty(vrEj&!g{anL>w>U9#)VTB@2l#}i2_pdAYkEdWN<_YH-Ty;<m
zehS>z)dQGS5F_}zm1$DLfg&DM`2SNq|F;JM%(Vih)*NjB9Yt{^IvgA#k-$4@@aZCr
zc?_;s^p79^x5Jb~CUJwfnHQ+o(?V@S9Y~mrl$FdObC@pK#68q;8vd1Q^5MVzw-qqp
zqU<WM2u+$ND;7_zN}ihhpy;lSx2lzUW<D}m?VyTG`o>$HT>_r}Vp_mfDK0zAxGGZg
z?=rGX&hi$aiUL{<rnHO6U1wh{7-*zG-BO3kdRk;*e!lXt!_hrb?y9ckqKZl98f`6s
z{T^lcBcKLi-F4jA<9I}<WHc~K3k=Un6|oEGWiQXF<bldnU}3W0s&fm~yc2@0f8w3&
z0&1{#<J3-=jDJ%a9&s~A9TuF_+EuM&BFi2B%^HDUs09$o@7@f>z2!!9ZsX@k6SR3%
zR&~dEmes%ac}se8bSXaEN5yGENxE^b#ADY;Nte^3)Z}-<@9%;--lTGTza8xX#61?@
zYw-|J?tMKzs2aPYih=utt;GTJ?eYLzhPK#zw7@1X3y|${o<Q$o+WFHhe=iV4p$f5p
zX$TxPzH;HXs>S`c#X@cX#)Eg`=_eI}794*H_r=9U=W1r*TX+ONdOEs(sjPe90#v(>
zzR?LFG4b8Ao|;YAPZ`=K6M;^#0q1Uj{-kn$g$wg->=V6|`qDmtyWE=aGTTX`&nt%z
zV%k-XVC49hUu&`QdEWk?j*kL|8d#M+YP97nQs|W_y}!l{)aq9mn3z<7Lfr1E>OrIb
z;Gm*B@04CYzrw3m$Tr<#R!G9>X&6@pmhk}wH;L(|U+Bi@{sXD)vFcQ{ZH{Hq$$rp6
z|BRkQf%a$5#W)SZ|8Mups{=X3qK6@ucCtKp%XSR(>3#4g8C-XDGT><3<0wn-9rWPG
zb6XDfQW`hF1w>E{DuH*&N72>+a=%0p8sw;{sHmv8cF)|xvbHg1<o$AAQBOMfZky<4
z_up+F>0!Y~fH^6+`;z1~#j#Q<gg{hpcW(SrT^Gj7t=C?m!y7c}=cm-vt0V+Ie|<-P
z2$-85d-L9q?q|czJGrnWq#R4{too~Q|E`_Ny@#9~IWT5Ce=0AcaH+hT%;9@~X*B+e
zt$YOz0%JiTy8vn)3?(dFzpq(AprOQ9ar_1=?}sqqfh9K!T2tW6!D9#YqHN1}RU@U%
zAhxZ$^WQ?lkBif#zsQc1jnLn7a;j3TDJk9?GVG(fE~5Pxqo8O-!rZ4@7D)wZX)SgG
z%r!5X7JH2vpha(t<SGv%y1#ENv+_zwNi`qa`2e4<A>LP2<#Zrz4@{26e+##NYS0#>
zqpeV}_Bs@D%NeneJN*SwUiQJyV!;N83E{r~*8@;MHaFdY_>0O@fIv9@zoMpujYG#u
zvngau0T`)VVI?3ku^;^i?ZXMj%P};d+rwfrJa0CpNo297v$H59L-wJ|=c2md=N&Jw
z@n$mRlQOE4eyVWW{CnTnHHf=*Gr;D7t{VNilZwJyqB+1c0TIBX4QG}Ak}Hyy`BODV
zHa3jCRxUS7;OoR<+v?f?y3}cc-fRBwK~)9#2flf(<>bKc-&rZ)$KTC0v8R$GmxgK*
z<0KdLng789qu&Im^B_v<4bp|`*ul*HR-*=%@_%7VE0kh%b^sKv0#)9hfbg;3%6R)e
z(n!(qv!a{I4V-x~X*h2AEJw3o_pv@}nFlD&1){wl$?k3{6*^})g?2ALj5-kNz?|PR
zFt&?%NxTu~Rd&AL+uOUpo_bXb|9c<?upcmtuo!1n4N59s7qtXjBb66^(*>V7t>(Gk
z1I3{~5Tw|%5l}F4*C7S(#f_v|$kPkcM(v;p*G6y{S<{43M$Z!FCEIg8DHdLyjam>!
z!JgdXG#dt2q21{id8AoUX<hNVEZ?u3@>8Exy>Z0Z*uQ#Lub)Vk3~E8W(d(8QnDn7Y
zX2jS5o<n81x$>y}uRs<DusF0GbWw4L`?)~&y^bXB9A;+xr;%iIB0JFcm*}QLcEHMC
zTg*>DK;R1~Kfd`wlipxChvg#;SSxdHVx(DxCq&%khaYUKxR{-=*9OoJP5KV~ExElu
zA22$gMZ&||!jTWpivt8K0mcjl*Ng1{qu3ht_knYtB5R_6vKuhnnoVob&4-*84;0$i
zensCDL9BsqyTOUJDBMyE76J)1didW7mIXOQvvPkCD_<O|HT_gFKG{bdr|J7%7INz!
zOeHE2tYA~*ymh{V#tQ-3x~x@IouhADSuT{xYoC-$gZ!nOyK`V6X<<Jgq#?#hK;CsG
zPjK0t*iVc@{@^L+-@=#^wI4P?KUCJ%%itd{mch4K*P|Bn)}mQ~9x3j!Sf>Kr1}`To
zScVFuMho)tgObifUHNWUy=c@c1V$7{a#E^0nspdxC9Jj|_{USibzFnLi-P)WF(HY7
zqx<0U;RlXz@aVgT><)muD-z~{1F9>%B=eDGlZc9xriKf+{E@BSi(Eo?V)M7JYq~C(
z0z^4L(_^&ts0^lv*~-r?_`!};d~{n3c8OSD*hxm;?qvJTA}y%CZlP$u_OoQ7+I~&%
zXZp^@X~m0zeZcx3R|_c^XA0;zFGxoK5cQ1!&;bsA7VL0s%-7ElI4O4jMj`{;mRzLN
zbB!8P9iu95hEONP4E}JM(DD1%YxRg8YKWyrUSTVmc$-BbJ0kx`O0dyly7og?XD23a
zH4@Zl0$jxCn_O*_r=tBxa5M1LUTOwlaEj)sRiJVt)LbTH2evdo-!|z2pPU^esm`&N
zvUtJ>)F3ME8bf8Sfdo^}3W>Slnn{Ahn#FQ6wQUpdXlI~=uLMGJFmI6@j8?sAp?0xA
zB^tX)Grde~a_;JHiMA7WMw??(Z5DNHU@+dVXu|LH&m@|~KkmKRU8e()9XzGHh37hu
zV{b11@qi+NkXg;CE4@oq{?_u98T~y(Qc$9f<Q<$NJOp486zuBl_u&FdEMv9fC55#h
z*qk~rP4O<zTAvt-&{^@5->O}6pJrT(*a9oZ#Yz7dZ*nc_&d!d$DrJM-4(VtrEN-zq
z#wsoc>Lx1K#}BC3ds{t@UJd0#eh3fIeUw!nAL-8bPee*wX`VFJm;a88;+;omEk-`o
zG3V4sLghJJv0arPDdR7EG+tijyyaDtsKnzI|8!1FO}$rZBb0bobXrJ_8p&QnNC8Mc
zB9QwmO1j)H2vpU>aWC>T*7+=XqK@><epvw{RcbHr`oQyZOCf;!THhU8(}6jS8R97j
zExrQghv12_uXF}1hR(m=p3~0!L=mYxzG`;k<3EJWwD+F6(U_SxTiJph?Gyt|(ogF*
z^`T!yK&p4E7P#zzGEh|QOh9@El{bs)SU1p(k~{4<XYcY!1;oHmx~e!{%eYl$1Ton9
ze#FK=C|GqgXGD5kMhK)rF3@5^-{(~D*s^=UD3j$}I&5KYWk{r&cDc#CNJ#XFBW3Yl
z%6wKZ4aF}F>L(OLZpY*EYYWU;qXCl^5Iapt$?R%?`=~dY+m;<^m%2+Qw-`|CQ7=9O
zG}_U8yb(te;mc)908I0vn6bbcaD2OB7*iD}7BBo&Ar*b(5GX+9Zm5Je`n=M;;kXhw
zJbjXa6*(GBx^s(BSM8BjX2{YDAJngDT_ceCAJ^j3zX2QY4hEo)7wL$JEM5>-SC3nJ
z`fh`i(swxqKH!>{a=S}EfCbv3SWASf0dOZuvZkh{kfi&A7^Zi1?0Bp$+Uc^lI=jia
zVZiGvE=`Ii2%N@Ru@Kj&L&Gq*i5O-xFO=T$wy^yg1icYTn=BmqDUT4JPG&e}#A&``
zz-9#>tzyO@KArw&)Og9#p^*r&%Q;dt;%duItPP9>NeKe9j>>nDRT5tpjb0|K!+x2#
zhZVA)k`ndd6)Vbkvgl~WjW0O82(4g_JWF!(``?~#21_TPszGq>Trqdo(E+(YuXT!-
z4d>_B0$(0?di$g~MWY41lFrd7cVVUCG#UFbG@q||u$ju{g{>nty<KWqA~Z%tDCl%F
zXGjhIV_aTP93=IWXhw@)QP(j-pd%cPB<Il7_}Wd$kXSZP$_N$nhaEE@=u}zbw&1ky
zd>En`{#yD(6;D5AMwQTtZ`~4a@9Erv+PW-bt~|2apsJ-G(4lTJ&y8ls1<3#&WX5$5
zpc*=nIp_|Fam!tLht({><3s%ZU`!o384uIw>eViHohc)9w4>X_x+|_`F=19GBczmM
z<ygk6;+krTIiKZebk{$1zvyV8r!%rA!aRED`=1heAbzioV9Cb77i((Y$Mk%{WBE<2
zoZOzVV^}jvB@#q5y=krLR-+i7bLS4?w#=)KO@U{r(aJ~j3!y_?*GRRK>It&jM;M!Z
zDO+0(EADs-LG&I-L7fly`>P*ucAVXk!R(5h8AtjtBl+dG$0Q@F4~u>0%F2rlKc$bj
zx;u0_`}Kt^5Y|!#3SL;mrGugf^=8$K`kZ@9G+j^9vpV+Vy_F{emy>|9VM%wW5(}c=
z@-ZMn@*2j?imuL%Wt_r<P<W;}M?!=oQyIc-tb|ywKf1_tMn7<G!gbJHAn$M=@aqFT
zS=W6uwm-Hu0FD3FO`pQ%I+CYunNf@<sH5PA7sYsBFO+Lel_3W7frS~O27Aa1Kh-je
zF|_)9Sw~gJ(7?E!vt&qttcM89#POWPyu1CjqZ=U&YM9*B7G?p#rt0~B2GI`GD%rS<
zQag<1sSlM7u^LvaYZgcg3x6%}O@Nb^rFGGRJiZ5~-u#m|hk;RK<2gg5V1O7wsW`o&
zjzzP&#hpa4;v#x!!O2>-9>@z8`D8m@!&)^ASete33!Qpsjk-W#OxmaG5lauW`_{&X
zI2fQvxWba(C->N4u7$hKuo{Zq0EmUxr&Q~nJYZNwc83_pl+k?!j36x-;BFXSB=F*|
zkguEgP*6D?c;Z@6O0dvQ-$m26Ep>Q~I1e5X%)iJWEevw-r{xAbtrW81{AD&KFaYBu
z>hq0002+)-QP69WHG}@dXwL-CTG0kXeRvK~2pErdTf=jt@I#fpOUA_lmA*p~%LanM
z03~R(S_LW<<g?kfw&0^}CbAH7Yd{AlA1$nW72z4_D9FE5=Tldr(X^R;K7CwaG5*~)
z*0mC;L5>K<E6%{}b@orvmKa+s9!)^MY}YvTR@A-f(b&nOhGo?peXSthotx(kNNwJ9
z>Z0rdM!W&sJy6xgv_LI`1)po<LYIAkaambb4|bRA*fBK!hAytYBoqS+K4D}{NC7%I
zsOa$L)2km9FJwdWhG~C-V0A>er^TWc6Uxb}rJZWdUSL>3e?%MXTnx(OwzDGvYrEFm
zNuli2&@^F2xOJ&hSvJ$c?8TJINrmx{{TqZo`^k1{sWhRFVCOtTbP3Oz1bHH~f#O4P
z%i3^f#i|wIfMLwLPm*@=s9Z8hg1svFsLscRiGlN>+NLye*R31iRV2o6USy{Z>LqMW
zP{)TP%aB|!GfO9nEB_}|$?oUr8pQ~+6g(d@D9|N6c6vLA*`5m^($82J+3w>T75=X;
zA_h%8g!R6XpaK-auXXl9!x|NB#g$J<LKBa#2Cf3FBHwP)cN|ReJ-1J>410Zhysz21
z##SKHVwBboRi+~rXqIRr>-a?k{koK$wY#F-zxSm&D{HJop6|=~7Y|_&tzSt8*B(+w
z>4Fro2_W#~|MLMLeJwDl8&KXyJ(3sTP+@gMkd5Xu)%K7GILmyn=v=Arr--AVp?(h=
zjdmvA=#A&9svgd(de>z=dK1%ZZ<k(JDH;9G1;gRKi76Fk`P2?Q8)$g6S$j*$&~%?!
zEzh6vwURdz^dtbF2#borv=eOHnxDoOi5p)k&eo~K#>=`3vjV-=Hl!i|Rtob%&4DKO
z#{PZ$!QUuHFJKNDXo$9T7a$rK#y$8yQ|a2W0sUxF`zh~dsJzE4`!VzoFE$h4<q{Pg
z_B;i3w24wlR7VCRV%NnbFiHfj6gz7-CCua~3fa}M#-^5JVUFzTSaf(;#1P@x0SGH)
zJ5>n+*ox3;Y4qJ2mb~x`%<(P<LC^#7@r!8X|B^R@AEDCVHv{sjOm{{mb|rNQ#Uj9|
zgp1-$Zvw~o$;t3NpwfSNWSKgUrQq`(_VD9($hm0ht!r_$69y#O-$f#LPq}FRQ>&`(
zErVRPhLl?%s)S8sbEh~8Eu8?bLLKiWJl30*X3OT^Iyqu=V2bmtm9lLB#8w6>=X&j|
z71IS&Hi33Cb`59eVqOHefF)p}j#*J-zEt@4!2;Jn_oWkN$MgvHq);2`uL}7}sImW|
zp$n7b1c%7j5-R|9Io8BBr`=v0?8<Q`t-B+oeMp0%@c~k)=_YI)^;kShziD(C6gnvL
zH=qTCxnT(>P8X`r8eS|voc)PBw=1nn;?4w)$Nac#3|{E^Lx3vLc#qV=paCpPhj+X`
z7ETrh3g2uI)uNFc2K1@dNA-2m0^owh$tRcp{!Y$5bC3TDo43e=*%>)42gj7WfN6CN
z(1yK1X*Xi}@=U#B<4)g!Jat=I(@OY45J*rBAQ2Dfa;NKGNaV_0S;0#ZOwsspNU>mx
zBF$J+eyPQ{h$K2zA(f_=BnhWU@<RdV;0Vk5$v{+LsQ`j8ihl6KK?>CcE8lv*h?Q+d
zHEV?RZ0OYDrL;j@{7x^02Kj8A$H1xtz()8Z3H$95gR6<s6a%QWGv#!SbVq)@&o|k&
zf*Hu)c3T>K)^6~4!>Um$nqc>RJK7K+%+j58?Y!(|fdzK(q2P6hg^7+#sXqEMGhY<%
zO+7SpZ$ZDh-eMELAm1o3F+YzL8wN2K5V3ytD=qQF@%F*`6Cc1BUcg9%ER$ksh_4Tj
z;$e{Fg6M!w;;6{TtjAM*!?KjdM;!`*r*xrY&ox+GXB@GYF+5AL!zgZ6P)M@w!gGGA
zdU_7m1wvy2GXRmmd;fe*#Aeu<sE)t2dk?%G)3(qh^_JeL-8ekN?&8#2Yuz~uh*6!C
zFKKzr2AEKT1%eoGIy6vb+)v=tr$T_@p@aXjGy>HXI69U+4_}CSD?gF0>rL^Q+gdMU
zIjCJTAe!s^g$Wsu{}F~hyq+9<>8U7KF+?>^-?2U9DNK+X(=C5~GFh<S?ck*P?s2Xw
z5zD0AQQ0%=fx$AD@j==GctXe~&IlV8#z3U<5y3~+jw`EH6ix;diHSoUHP5wG^R&`)
z^_GtJ*GM!Seqx)C-g6K*V8N``O(NyA0A|JmtiFc5@d8r+@cByrU{WGoCum$g$khiB
z_%k=|FFo4UI(bSwGw&pN*;k<qsAG4B(%tZA!#9$aM3KBIBU1Sw^#qvNaJh@*SxiXd
z_i#&1myFTf;+H8s3ut+$&&SC3>gG$TwAtU_?1lHf<2kC|e#dYW9CwXYEKuBaA;<_a
z!coHiyt_<Sax@0s*Ml?RN5Y{qtg^<!KS`wf3j7U6;fhRtkHfP#c7SYt#l%Mm+AB5@
z(mQo@iBX9O#>Pt?%Tl<N+pA6j$k`&^;iN1@Yg!}jihP3&_8h+K%I)Crbf;e|v-b-Y
z*r+_K|Cz7WFP&f-TAN9bfNYykVpAZ?bXb|qmip6>5bd&2->f1R+Z_#6T<`hv{kki`
zYZzHrE31vWDpkCsM5XcZLFF3@;-8c@s|NxglVnpSc2%@PMNC6@{ri%&%==fqz44;t
z-Gy+p%Kq17L>fbqN@ow}MJ)pb$K?D?aWq%lqp#6{824#NDwEln#`p<PgUC}Uk`>VJ
zqImb+2*Bt{U$`SfaHoS%9LL6$3B$3_6VE8?ff3GDJt9<qqe>-vIJZZ02LB+gPCjYK
zO%5U0Ae3unc%k8Pc9<u-zH$aH!vrdpfhZ+sAD}G#UoO52mFGvB-;a4^s`t`keA>d$
zU)6TJs~PLPs(v3n1=zE(602p&Of$cd;3ftx4-N<(k4Eo1<tOx3iWU6Sn*da|zLW9A
z#yXFNbiY(XlI!^8solnjJb(Q`=f@1fa+{q!j=rA2q%i-VZ0NLPyY;CWpDTvica@SQ
z6LUT{)Cy{%pdM3GKmZY_1})h0#!VCfe1AfkhpEYP<S&8QcwK_-6VNjkZzn%}%-=j7
z?PL{(2usJ;!WW($Yo&kw02Kq+4-?A8(IN2G`Gv?%ZQ&lDgYE;zl|dGh>hVU+e7>h9
z24*AgmVn;_dxBL^T;M;ChlmHn^HyKVB%Q4_ustrXBlo(u^kuix`AA9bsG}BzbT%}z
zpmsIKS)d62;>2T@RVm#T{#dkut=>_MLU@u`IA%cZdA7<A$a6%wW`<2Ie41DYzjae8
zC_CqfdBim7hS&5RjELp@ijhAbDv#!V+|h5GM}eCw>iT;($ugH5*U;_aY^J-f;n(-_
zE^eYg5AZy*a!dJ?1L>NL4Duk5`vSjyiAt5l<DQ`d$;qFLJ`XI7MTf`0^Hu#B4tNiY
zHSP6(v<;8FYrp*6WG1h=#aGY1+Srf0viVIf<WdT!@Lo2q&AXVmr_1cN$mGs;w2|<x
zjBGM?6dy6qtU-8h$K4*U6o(lynRq_NbgU?YYgcqIF)k!Pv@o}n@&fyLt)scxfkAD;
z=k_tH!{bq-J^FWM+!!=WCR`pIOb*^Ryb>{iZIYDv{@LaxTKyikhmzSIvw2}W?vWPL
zkJ(?VAl<58x~LUd6Q+N*gxuQ;dYq=lqE!w0h6ka-ZCHMlh1-R=a}&vD#dSaL;0}!P
zw}MXQ&>*>-z?1tazw{1M^i7Q@@(&ZRL_HfVywE&crtCRXKlxuI1V`ymLnz#hN10mp
z505BS-7N2l`n$|7c+^u_L|Pu~N`7G;8DarbSqmK#dT`pe&&-VPAiSL1aP8h0+@Uhr
z-vyuERE;z}P!HoF9{qf#6^Te+wS2w^56MrcPPq_6811U<Klmx(33frLDN~bSym~HU
zs2dmOKIzsJ?bwGGquH4~E)VKXZ+9PWPDa(8?sSi5swF9{TA$(__*2is*C9HnKcA<5
zQ?6`n8ftK+b6MY}|6K5`D9l-tlN%>9_u$KPIqO-}_o?w_?6c%Ox1K}8#%=m9v8~)J
znrCyBx)dr8Tkf#-3)YynaS#{;0ZqYE))(vhKs(DGSzk`uRDXHyLm%hMXV931(E>UP
zl>~9k?mC1QNP4yQ3seA2_oqTf{ol5=H!6+GBQJ^tRwsd>mcdDWyDoDvaQJXcOj5r?
zIU&`~@r1giepp*10v3H~f<3f27bibWf4xE_>Y-m~uss=eGVWhGI2JhSCvkGy$J(6?
zkT(|7Fmcl(aVjS?nwzi~O(n+-#;ppB3^o0_I1t0MmZNX6N&!w5@DhU)Dg^@n)zGVK
zRHuQin@C$xuqG@uK}g4KV|-Hsa&Lq7$z7Bca<xsVvr`4ov2&9#TUSAq^JoRy9C7v$
zHe98Y9ArMTUEaK^B4+1w9-4UyeQvl@T=a3L=(yGQ9)eJwdn(D2e_O=$=WY4CnHU7T
z805}aGmn*&n`B*%AAWQs1PsN4PsYUbRyf5U+0esO&qDcTNuz}vmwyjp9s5^@dRTB}
z<nRaWa~<S6=2wz8q1Xy|Y<FJ_36-yDPWD@mPpEEnr-;?KzyH|47YipJP<i<Nj8H92
zMa8Q2E6;HB32y9OqYw5-Tj>vD6H3d9_18<p<r$jMW!0>`-30-r43X|uW3ld5j>gR^
zXpc5(InO4)8QmnTi~^3ufb~gxf7<rNCM^o8xNh=Fzx{>bYQwqtogYs2nILpc+oP)d
zvX9Kb&l>w5r3$r+^Aw}VddQiaPW4ZiUpN@2qg>SQPUWg4)fEl$sfZ_k@Qk9-XylQ-
z^d-LP6z78thu(Z`c)2up-<ly7Tm*d`tIlgmCt55(9lOQbYL2<8Zk460!tVJtF6)7*
zC7Frm_CuTOT+#4-8-tfk7Vvk?C7+1TKK9R8xWPxtnC?+QfUdd_v*XdP`N!lQlE<^s
zpbEmnft(PYnf`L)wHWhD&x~9oC0}vsvnPLUPO>hF`{Hs;tpgB-z!WF9&@X+LXX7#^
z|IV^Ox^OFAgU@Mi%^@emX2I_i=FyOpSioxez@wFbS2fh%+$m6na#rk6ixGusq_Ck*
zl|}WjKZSp7->W(bRRM;KAT}0q;=+9cA#eV^!xr^)6=I_`32uIBaH<VqNNlK)?eH?M
zrf!XWzL`%DsJfDX!seL7c%=UJXCaBAdqGdKolnm!YBYCKb^hh6{;covHtb0QSf^pW
zO#1Rns~NTwkJt9~&6YHqT6gLuLmMJ=-8Ojl>8O+EirUF@-5x^qR|b!d#sd03v@Bt%
z=JAxfpO0i~uAY>@MeA@M;WEoV+RES_4iew$__=a2us!%(e!D94Q07JAY@#FP<C}!7
z1UHFWW9D1W+T=qCHrMQcT}_;|yx`_f?VB}zO7)VK#X#_LuYzNnvGj3N4wt_%C3bPZ
zQ!yM-*IOmqB`kWlbWhJ6RcDVnhFp`rGEMZIy#BNDOHXmRBV<SfzKDyW;YYpP=xYMB
zSq_5MQpfGt+23IJjPqK>n#Wgi&`e?FP9O<rI*2SJ*;k29K0hhY)A!Z0*X0DDvdzl5
za>X~I21iltWNLi-hja3gA-8{1=;~4HG!oxppLRd|y1!xH%(2Rn0o;7<T*FB1VyNVH
zbmE4Z<&Q&_FRnYCwjuP1L%>+gzTPj~&lrF7m&e<+U%A@Lv;NnL@74i!?dyK$-k<OH
z5R4TWxU9@4qf5$I!&HyoHy<TcW##vKw=msn?YFX+D6Qh0Zu1fH=x+L$Y4nKPeT*{Q
zw!!5nebA->TVKVyH=g^aDwE0nN~D#ectVBS$;k1RfmlczA;Bu~?bn&4=ob-!?-XUE
zqxaaBvyv={+bxp*esF&oM=BKsL|@rxkmpY%6n=ej@HVVP#|5rl$;VR@%76SSo5Qcx
ze&e<8sc(ZumHC1n{bSg^Y4E9YCakSrob#cBhHlh?_3<KWnF{7&P6=tE0x)+Sen*6N
zwgb`k^JBfvrf(DZv%Hp_-FD}SE{G6pV@=fT%k^54K`2Lo_HL$Hsei2q)tTm-X6VGg
z-D@b}3${V?e?>Cu$z7)>9;ZrA1e)IG^|LfB^I;kcBy2a@J_>=rm~%=3-OFn5Al&>x
z_HD2DFrnG{>j@(Y>((m$%BdH$Nf%njUpi(J^Rfo|%b%C2B_dbgEAe_DMT}I*n)sf4
z=zio4FCEOhx`X47D;EN_C2DX}zw2dsf`w2~CHG!v$6qcpxf?|~di@TCe};~$%{M`^
zaBPp=4CCFY2{W`6;)DG;IftD_U%8FATniO1V%svMg?%eWqP5`qjXH#mibK^-b>P`Y
z!Y4V78PguK+vCr4>x=7C#D|gI%RI?7K)yxv_|WuIQ8xd63B2oes>r|H=?Ba=z5XA2
zZy6QU_6H0rqM)dh2#SOlbO{2|D4~F$bb}yWBHfM{G%6s?V9?ziUJ0c}x<ToNp&4eF
zcOO(lFW&!J?|R<#e0e|IyN<v<d+%TOi7>c2a0IXf><!6calo5MwwUiG<=oLzs_NbX
z4xp5DFhGdy>dn-vD^8QzreN-6fIW}L>-Wru)J5Y1FxsNZtC|LlVIIgOluZTc2a-h3
z*>;UUJ^xR-+K%oH*maslKNhDxL;-ofGuaPT`-LBfQuGcS#=Uj?>-$NP9W1FORhh4M
zzf-CK<a~U@?8K$+g94M!jCrSLFKZT}TwC$vKF#+nidwFE_n@#-9TV*;5o-C<AA5jN
zVN~$eQg_C<&(cvr?6-@4=Wty7<36BT?0f{nz{MSwkHMcUHokUq*r(28@bjEIW2t^k
zb`Kak2BulJP93xgF@CLV`JiztupShAg$%4TY33}m7d`0g0ki1VW-;`!FDyYfR@zu^
zc{ie<Z|>d0-|zK<X(^5z6eIb_A%nWP^8@}<eCVtj(vH;xeN&cw(i2C%eYJO8&|avu
z_E?r*br)DB1((fk-ds&7bR^sAOE;b#NxW^O>bY6(A}Wu2+s$y!p6ke2_(;)er!|7F
z@&zfz!u34Hf&B-C|1K$xNQl0uj%$44u>*M6vBQ^Nvo*<yj5I0)43#g>w<2lJ%@$AS
ztXfqQjENl|O>%sI?@;os`2Octt)Eg+PsEd3RZkXJ54FtNNlld8<50z;d+<$hB1W4a
z(&YH-qPf1pX8Wzj8SA-ohwb~D_PzaNFo3x52lMZyl%3|+0jaXY_Ufxs>_d30_}}tf
zLqrIcFnH8Vt36`II0K7rbJVV{`H?`6h6bhzc2^jD6C)Ymn7r>#%t8#`{G`b4<%#NX
z5Y_=c(=U0rOIF8Az;0sj^Oy@e_+385H+6`<(Mf$v*D3<5o9{U?o@{|}oR2iNjvQJW
zyb#2oz0vYfgoR3AQZ|k<c59(hH<`53X_!2IgozN`yW;C~$-OV8i6@0-7h74|+RC@u
zZ;SM?o#;KdKeUwqv>(a&TM<L_24ljNixA9LY6503SElIm%#2cD0gS;|i8L8vS#L9^
zTn2u)c&e5%2fudmB4*_!+_<Gu=e>_le7upvtlEYQM&T)e;N-Ij&IJLcKF1+#7zuLI
z+d<``^IFes+dw0PPy@3M5be&*u525P61lIZo_#RXMJt>}sFx;hXg$$hVU&*%zM)(Y
zv;N^b@OPo~<6(pai0f$Mp>D_u(HlLif7J(&cNTZEGL2yNT-;+P&N8!(=ehV9lPaiD
zdJ**${>PlXM?<{HSCKfIRMrA4TVYfLSlJuNq^u_aU9qM&BMH|B+f=GV{iaJEmQcn{
zkmHaJFB6C9deo%3Tk|H3FMd49*s=V@i!g7cKWFu6Z?02Qhid4&sl%Q84>IiKYOc-0
z&QZ*wqf@#<!DL$-s?0&m_StR5N%aLXR5m*p{S)ahPBNm4oC&1X-Oz71gmEB7X*D~+
zxrFc14Q4Ewf51mB6^9S=Jw8RpM~6cM*-K8vOPE80E6-*VtOpfRcyTU4R?=;+OT)o5
z$Q+k-AD`J*>~0x$y6h(d1*a!nxQIC(e0xf6jMNvD&!$PGQo@+ND%&nD0JMtrsS5)R
z8118Q`0(^GVnHIrZ9&z!BOT&ZRq<ikIy9}oAU8BlaPf;p3QB&d5pD>}$FMkjq~$+@
z&=hn;qOUevZx1!W@XE4<W4o_yjt0xr*>J#(lTr$d?P`ziOX2<zRaOQ(Iv>9aX#>Uw
zBVCoR=Kv4K1B87T`b^I~oO{r74TUKkUPrcFHeWrxMG7DE))MRrtrbXH5uvHPQi^<5
z+3*j$!XTp7Y<^=)fKq;Sw#W>DZ&bATI$7h3tgyGrNONYUnvKP2F+$sT5DmC_8ou~R
z=mLXrK~?k?kKhZcQhn7p=~PrI4?{sP-b5No4>{Y2aXLb$_l}cw^o)i{Ux51_2Y!!C
zg4vK}y{ay1DngO~9;xa+21NpzJeG2$a)aeicchLWa|Bdey33pu+sG@ZlzC*nIVDqJ
z{MPty>4LE#4*fRF0>y@6hGFb|rKdTv;-p<3*mlHPi=e;sqQ$cswHRZ=5ZkM|2<0>f
zA;C)532obESHVJgA<WEd_&QaGO8MO+Ca+-mYlgMP=0-E(6cQX#Zu1H1)1zlnO6H6(
zHi5fJdhf%?MZHTtHj$PF5YS=S<lf{1FWI+ejdSa$J?XY;NQ1gmuA4l$hJ8$s>)vKe
zI_Nq|tX}qIPT99&z!SS}2DfnnEZZ~SIB?D2>SO%3eA`b*b8Gy_3*C+m%xz1Gc!~(c
z=*$nrXoIHqSDBBA=4u<z7Xsa^yHo}y?^`IlO1cLLZL3-K2iV#IL*2;w+D3YQ)ssmB
zq~bZ-)oUu6-p)Y?dqMOULTTn()wvrJ*4LZ{ZMC0@wG&?x)+TiaUanM|yl-{l4V}_D
zYJ0DqTB_Cj<>OCpcUU4i*}L|UqJWX6ar`9RAJqbv-x0S{#}yOFqG@-_K7Rp?oVG=H
zsM@b4`&8*2o9!=N)=oASIomimMFyJ&`Nv@(7t(a@rLhq+3*5ZHnss&6Lp_z4MLM}7
zf5rA=E%;ABQ+ol8ZkB07oG|CFL{RN=bnelOVoM&X9|wZHt=jSEkWL@Ae)@DaA6And
ziBjSS7q%REMYp@~Zx2<A1o*Egwy$yH?8`}e#bMkDprb8m8L#gl)qO=g{_#qnVZOm{
zT=;2H?0wDet9yxvF8<#<XqDAR5!_$rq~L}Xf)6tnfREFN&Ai^;|J+sK1ZubR8)*)F
zq~BNG?g7dOWbJDi_3}aL<M*5YPE+8W01wGGYnp$~0$9eYTKu1@itxdzum~Qx|Ajq{
zah%5&YtaWe-2UfZvO#}om=F-Wm%aC+AOB*2W=_uo$M^Si_AK%D1Al1~VLI~Nq}=nH
zKfz+a1_1W|2DGp<I5U;Dss$!3Z(RZneExQJ3T;5d?*s}ZC4XQe>8KkpcwA_2;y%?{
zt6>i)Yvc=b9;NR%urKWIz`#Y05h;s(U%jHL*U(8`%Z49UIb3czfL`m=+zDp<3)K{c
z(6)l5wLiE0J2kWeL%*GI_D{h48)olVvicYZo4a=jDQ6Z~!JSKd>i#3)b*3HxP_XFV
z%a+N2a&a5$m-;Vq+*x@%6kPU~vr|sKQQM@bKFTF*qXL2XjB_PsEmOM^yG6KGVXJL{
z1Qv-RrRqrdM|}Vkelus6zJk}!!rYNE`Q}v0e7H}auNF_OX(?}No%mo7=lAcEfuB(D
z0XQAvy~Mv0#Kk>wgBIr?o#@w<pcst?-T|i@ZGl4T{o}o>2CC<@3EqdZKBCo$CigmN
z#H?wN<|L0xHp;j*(hE$8u|%^znTo|?1%aBaF3*V!g&rfky9<yJ!IM!t^Nn~epYjxm
z!JxbT+xUAcSEv2;f{Um9D+<rbsPUk-ftlG=Ler<RE&=P$R!bPb;Kwp1Fu|kBbeAKB
zifgrIZ7Xy;wDKbpnc%5qh=P4DLi;5G0I#_$<nnh~Fe3IA_04S-OdSb5ZIqmo7zTXC
zm+2a--&k<S$EAr+k)+}@zNULbi$mLci`at1zSa*Vr`S&l!<{SWFvSe8iQpq{^G>8p
zPo(rMzwy`yt+@F9Ibg@TvDyaT?Rv7Kv!x3jJ-3I-E^U2AP&YZu_p8_2c+~hB%&=N^
zKhSlUNgv9fA#9VwJ(H&E>6+dUrsLqe*4|c`5wyC=s+qfE=0@+t$=E&Y2UgW>Rs;I8
zCdpT&1ZqyXhnq|Il)06;EsTzNc<6@qU6Og7m&Qi394Ep%5St1B^SYaDe-ake1oEX<
zU%`8a#{3hjri`N_1`5ByESAS__teQpH9~P9F4|%AoMXSru@LW2iiASTsJjKzq`Dhu
zV{@_N#8r1>iJk5omt>fSufRxsC5&g`cCF9NJ`mqsKWOc81A|&JbTx*ITo&1-QwPs)
z(z7nvW(U~9b=>7JO1Lit7r%O4{fPRUM+)vjEPh8e6(N+!TIsZ@bG(|Nv*okLyqcX^
z0d{L@iUo(p7nGl{cv@Y^P+sjH#iTs+@N*Bs=rk#lA(Rb<sG!8xzqw3w0$h=w*A{Pw
z|0oDx_{WNnGrA3d&O>)?106xIZ+3%JjwRG}w53kE?&AX@W{LinIKsXkhyyS>&iyv=
zia{dV;!}Jlw`bA|UpH$zcPOhn6-X1ikuX0TWfU$)4hSqX6HfGxGxLaZh;bIZQNPm=
z9onSub*Ulq(_3q2Ut!)r^X}LvoknG4gz~)AUxInd<iIWP6mW#BOmK<Aup5Ie556%p
z=(tRcwIVsrp*J<_4NN*GJ`xJNw?jFyS1R#)pi~hdDvsXdqq&E*M|mr;)gv;g+*-jZ
z=_d3wDQ7mNX#x%s%=HghMXU}LGnbA}r%u-xXl46;x~?b!kJ<rS$Mu*2`F(%}PJlg6
zd-I>*9}rcd%ew!0SbF-*inM-*zkY9pyDO5zHSM0Ek0XtZ_>@bkSJHZ>%DhHAor;Bb
z*hX%=+UN7aw_4`%3}*;>pzu?9gj(_29%G*A!~ES-6Si#)#gTsZGbYS3wzT)x+pslU
z2lLEug&zzJV~H9pNMAYQtt*IhGVOR`!>N%y+->pk*_PSIfmm7Jsp6(6-{(E>at~}P
z(gJU5UX^Vt2w@dzPv%?W=Smv>5Gg?(CY%crWiv)@Mg|2oC#H7}(L`U#(`OqRmi;R&
zxtEAwPeH0oEgW9DqkyVD5sb1IjVu#pm%x-xcXtw9L=IbfYBGKKOwX~_ZyVHF4x&#C
zRO=&ODS71$XS#-Ttoel(Y(P9Fg{H9g%(Drj7ZWMSVzaSX!Tpp0F23DmkW}SjkN>`#
z+R-#@vvyAkVJx4DfzG6!AA8|Q?x~pffW1R}vGZeLGIiy`-U#>T?QF%Frdnw{C>e^f
zNsYPZY$a)$q0#hod4F+u=QQY;T6^$atmBu_5i#SR(tSaG&k6)GS3g38Hy2E#Sy1s}
zF4s*RQx?Or6)dvZ_Qt4a@*e^jOyyEaYK~95jLgJY!e^_+XV!|%qVc{bGyg?NU$j8%
z-Im<=$At*Qt8N%Ps=h_<&agGwV{8ohLD>aU_ZKTSn?&pt+~VpX;noA3(2lK@(EP5B
z$M>e`BWI5<+j2G9cHC!*rrV30T^Pbn0~X)Sn$)U)#Um8bI_rUZv)`u9GT!!NBmoO+
zTHa#6ZB!JwnT^BN+FU$y=72#^t4-!fC?U9$_p@dj$3l@J5vzPI3q%t`qjGBTgPlO>
zu1?>5h$KLZEw_PwzMbQYuq^t~Q?sAI4kJ7Y?6f*Qtj!6eq?qYV_srO5GOvz7s+d1^
z?ko7h6`QtBnUl>_5jkF4Ux6W%4~<XA05SSjn^Z3yA>Q=fg%xxbLOF3n`7b-?$i8@z
z_yf%0=NJ3Pbr@m<zTUQGpi;HZa<7{_d~3FJX!}yEr<;S~lv9D%1W#DQcF#<MeUpQ=
zau-`A+PBr12f}j?5X*(i?wPSs1^jK2Z|=cUd7dTV?}GHV2X0{4njEnC9uCA`k&8nv
zla!kmyRuR(b$ZE!Vkf`Rybjc)sy=oS`(Qz6wP9<%RJSwzYlzE*69SMO=m3Hy9f(-Z
z4^JVLl13BM+suLJNNReD+*d2bsRDGmTuP_f(X1TeIGKH=We-IK;Qkw>m0P{h7y4}x
zLehpjmc3g1Rt^t9!qLp3#Lh}z-*n2UE^sb>M2A{j?<3G;>efpMl-8f1EdESgx<iHQ
z#6S-S&oA*+2G|s)m<vx7TDYGt9bJZ}4xJS{3rCNtuZ}o4l&tpKnR`69&*+UHFx*A?
zZx3;hu|3ZAod96jr=1!;ShEIT-_Qta@v~7^H>^Ttnd#xj!>hyF-=0$`2sToK4hR;N
zJ0`E+4l1V#_p6kX%7hs)tDMu!ysUEHMA^Fh4!NV8@K}h#oGvP=^0U5Rx&rRq9mWp3
zAo>kMPpvC5Ujx3;sjYRaRn2wI-qO?P!h&vLY?M{=0!Op*yyaiiN(}I1Ci@$|JFOsO
zHhkE<ED6yDB7DKxz`_pIS&<_8hu12$eoeiC#jk^;_ZBi|tF?hGlYAiSTg7bSDZRT|
z$#jp8R+P-6G|C~7#xBs+{8EZao1KLDik8#2ns}FY0cxRi!i+6*D{CJKn<{eFN?f=&
zn;#s@)L)cbVbt2m{Tdq3<DB{@MU@eyoELbFf81TlzTXWTfAVJGxMTNt%E&F7L%-47
zE@gy(+(QW8xgY;NPsBb+DYE|HGr6#;YfB}td|8&}Nl8~b2<hU6L3ph7^dMuR+xt_G
zh}kCy1-}O5^S>L!zw907F9=yRZjPOEp28l6$%FX)44sr)U0UuPY4%FaNQm)Kvy$yp
zsS-~#tti}&b?G0g+r(u!H8Xi%<S~zLs#<k<OJZ5joW=55$!5Qut;ci2jEBbi$8?Fp
zA(wlzulT#u=ATyusNRBk@f%cCL+!NqVYXa~y5)5pWEg><c1G(2XXJoW>n)o4SQk{6
zCEjuIa^9gU9cd{QF{Qv#F>m1Dr+{51CL)<Hmu+in5^=mTBy6`_JT;C!`BAIMQSNWv
zLn(mVY);k>-+~*znqUE6iNS-Pj-3R4e*-c@hsPe`GT6O3>C{G<v$cTL0Ve$8^S)DP
z0=7md&Xy}MU&QM7Fy{S+-9HP7i6As5LQY~YE|4w#5mK~rDOwMDI2yN39lR94c<!Ap
zsQfV#pnabmC?+u9Y1=lpNmW;THqThf^Ecl4sUyBv!XyT)L@~ftP5_aUOx<8ZKel8m
zI|0u!RDbS}vbMV!9Y;8hfaAQI>U2-gkz7X?2@uRuKU|QI+Mp476K-U>Y3;WgqZ#Pi
z+>8lJfKztbdB6pBcQhhhwC%It&)5lYAH<OWRSes6&BMsY>sa@RQq@dh*OA9FcMrmN
zaMS*;hCTqn{GX4}%<`aba6qvn|B$LB?#K~^!B<N{j4~savh2&AndgD*QbZNa33X5V
zuz#D);3r&wei~_Q9)m|A^6;Cil6uwm>lb7<+d~fDy!eDuwxRYx<Fj8?Pd^d+Q$<fg
zPFL(*bI7;g!lmP&TaqGBr4!Xpd0?^sem_k;U$CzdZt_`h@I1x`cbIrLrFD8A1Rd}>
zLiBupgXa5|DW`y06Q585kpD$X&zYZ!SyDE^O|QP`)d3$Prsf|cu<sj^?f^UGX?O~-
zFGR)k=;oyK#79G)E;l)-CI%}uvGM(<e=ced^i@i(5-AX1*J%m;y)8#3xFe6cGskFk
z%|5o>cf+5qiV`!h_%!76iD@}vaq!~r$tRqH5jQAU@nZPMqAd!u_RrA$T+Jd2@;CpW
z`)@z0+Bn7{e<LW)`*R4PY;jv2>j2TZjKSqBARq%wKl#;KbU*uxh5*N-z=s@t&J+A%
zkE&ka%f9!J)VnbnN-%5N&RJf?-!JzkW`AxE$z)MH$i1pk0Quu=vQLLD=$Gc<JT+IO
zqGV2zBKyy)+tGrnA7YU>N<_g7^J+DrR}8H3He^%{ElBX~R8o%kUK+J8WrFvb=mLyw
zsYsL1a-eV;+K4VN=wBH-q&P3h&#ufr5a8Q!>%UH2H49E{v~Cl60M-IX`-Xp&_b293
z!G4-V)WXz5%9Q<mk{=2R6zS0VoaT@trR7+{an=*J2wOABGk0kZG};wA`#qR|@Z;N~
zzKVby)2hTw?*}tV=~d^1xJKxc`2>_(+|m3`XoY}CREW?yKqoHXx-aN{Tvs)6TJ>Y^
z{?5yf<9>y*_f8}L%@Qyl?j(GF@3Mynjuf%3-ZMLZdPDGEyVhy|`cjjx{6I=^4JODz
zS0ICDVyCH~+j;zsr`^*X)T}6dMZ&Reo2j~(>1%!Hk*+eHE$~01=7-02RruZqy$S&N
zapnnO9NZ%kU*p<eeh#_7p|4)=6+X;GgF&~~(MC=}jD+w1vWm*Fzq8XsUTBpY#JX=W
z{_t1!zU@(!8-PorYO^~o{)(cWvzg#yy32~E-ChuZE}#97@Pl;6fd|A{_>u&Oz-LwB
z(~`K7;yTwTv|9=ObJeq302~}muPaC><iCTXF1RXb-`M0&A((U>kSUojR7+<D^HO;F
z1L>ez>_1M2&!Pr4dVEwFuooFlU!kR^eab{x2)&{(hv8p?so!rF3MyEWLKF>wFG;s(
zja{?u@vC${@4CG?k-LB?bS1pCF8TVub_Sx83<v}5d&-OladMBAZS)NpX~tqFW}l0o
z#dw5-gf#E&pMd#!VcI*8*so_$hDtthDzTV_Tu&D(+chxC{e9?#ZRdiwKXvh6AP~n4
z2&Ckn6a^gIhcN7f=Qd&%wlD<8EQMh&h#3A|h(Y&<Rp6t=bTv8{Kw;j6#kx%A+iPLW
zK?vcMH$nGFNl6X3tPcGrtLQBPGl0{{_N^4Iq@3RRfFt6h@aPu}4`g9wQ^9+LWxsuw
zqm)(jk^LxfS5Q^yLD_@Z%@zTi3-noCGdf`s9y4#A8?tY&J)KPy*{pQ;H5fJOdGuds
zIGzB2_#v9SoDPVXOqY(-9PA3cr$z&P8P=<ZtJ1|~2Jpt|5gnc-FJ96Aq$L#HBA&ac
zGE`y2fRFx0vwcrPefSIORQpoMQ1nuv!r<$i|GW(tLJFy4$z(blTqY8yD;-=BOXBr)
ziEh^Q->YAKaMZtVa~jIle|W+KNZ$`<{e4N0jPrVk{O!%;kpDsbji6w!x~#ij{E=wT
z;RHojMMj#CC1FP0$feHzwKR_v$XH9J!$7AH!B~@N%oTKEm!cH6RqFc`{s-N2q*htw
z>e#;oc=TdjygxlS%B<~=cv!t%uNsJFxvVz*rShak;>!1`sFmwqzj_f~d+_<yB~sh`
zRVhDmgmSh0zKCGC3GwnqzwD!`14sLVQ6$%Ns?LQiIWy9PFU7rIO};R5B%TZPJ%{1K
zxcDZ>?Y_ZlRu^OTzV_2UB>3-|Eb{0^za$qKsEnsDf=#spcoIrG!$a6_JDb;I<cRam
z|Cgad`$Y<{w|jLL_dy(O^6pm}YQampl<-ibHK%>j24kZ3z0&LVeScvX{rnM_{fl!D
zXM}F?{@Ka<^`wk6@TGFbb$<2RZ@Y$jzsJ1y=kGfp$9T6YO9rIU@%w`%U9{>;6Wz?}
z<>UMPP7UdMs<NMLJ+kk$e{RnO34Cra7Y2qT4wt(TBfS|HvVLo`HKZ`1zbP*xDl|1}
zmlgMUfOP`#qS04${ZW<EQHxt2wfEk?W2#E&+x?Evl%PLWhKE%xIS-6o-h<(1Dgduv
z<YEFzX}?Io=oJTo8Rg%*xz(>HXc_u;TzqTwr=*_DtXgV!LsNe(3o+2$6Ufr51~>BG
zz@?-<h(mC?h`!^&E=<b4<Z&x=<bRRw|1(I-qNZn%a_`F6RYno`QY}you{YKCz7rRE
z=hydV0gq|}Fy+g|yWOeZdhcdhuc;Votr216|CL~$0|qB=I+nLSbxfFJWyA`PC5K@8
zgwEgmg-J<B12QxvWCK0H3>fUqRYrFC%_c@q<}ph~$H;`%6QnVN@BfT$-YFKvm5%Pc
zGb7c89AK1BEMpt<`i&ha9s;7gAq*>#e<V6|csPt<7nc22z6h)SHmiGMKk@(LFtChc
zvhlsDyr$>3F&<X+m9ow<^%L=Bf_oJt>^$%YIG+S3GypxHCW<Qv_->xDP8Tj1x}?SU
z8mYyrdcNxq^$m-~udZw{sQIK~s$P=CGd7_(7`_BixXdpo?5)bvOTtZ1v`$nIW*Bo<
zsNfz;XDpOPb}<B}v+@6lGhix}wQH1mZak1-+S&>MYuJ7}?LjC7@RjtvD>!X=)obp@
zdx6WFun{kftGovnI{*>&1QK#Nn2~pD-8D7Vom;y|V64bdyM8+WzSjiuVgRz3$XEgn
zgoZMVzOCvqAehaKkcHdD;XDb4D#aOnyZ^9xF~r`UA2TDQ+GN^<vh_#V6@l~U46ywh
znTZ13aQu__Bw$$s`Umo7kv5DAu}jH}BB2k_bcP1?c=0TMN+S%JT393&iBporGEfS^
zH*n~XY=Yp+y=q9529WOxv2GiH`AwWQM)~j53+N^}WJGNbo$p8}6f;Le<dBLOxk>{6
zuws;^Lag*=(Qldp1-Tl8laV0fElL1mokB;3ToBcl`IiR!q6=txbHnRdib5LQW=qI|
z9H6SZj%aGpJ$uGU0SV%Qn|=le13LzefqTw1f6~xAzBuj2PBtYf_y`~Gm~I04{=aFH
z4eB+b%SicS?T+lDaDi>ycy?8rx(1fKoe#0N5TpE`FscE^U^=2qwV$-SK+h2>*&fhw
zF;XmDmfrdnxCYRoVZXsx0$TrA>BPS4S+f%A-f2emZkg0OCYD_qvj;kO@9HWXfO(b!
zi1a;Nv1^$72UIDYohlFxa8Nf}?+@{eSPEu@hXFmaSMl=$-fTG^KD_S>(yQ7J_@k@Z
zpa1Rhl%TKYt|T!)L8InZxaYEbkBIPcWAr*GffU+?RoXN^E@$Tmjr12xGu58n5c}A>
z*}jmhx|DVDUN;6IvnYR(*<*UW_WZo7U5uwE{h~I;(nBnrCS+cxFzzf<#par|=T;Sz
zM%A9tMR(K}G@R7?09#)8GWl6)yX@q`nfJrN$y_g=Uqvn~G~SLMzd&fN5ytQFCCfp0
z)pa^lFzp6~19q7N9sJQ3jw;W7?v8y&UC<$?i1bn%bvm-ZIGV@2hb_JUFJ62{p(n|H
z)peNt<gxLQCQorloN1-m;n-SHV=Z-|s=X~<{4u<i`~e#)i^8vuUQ;??Hx?d-w{eJU
zeQWj%hgWQ`3B|_1T(;p(!`Xr2&jfGke?<%YL$m!4aE^~mZ_;?Q21;_wZc_@Jo%>2A
z%wTUC4)@%~xF?`zdvvi(8oH58o0H7W=DmZ#OG@?f348hW4iPA{#(Ac_NBjMf#>b1R
za@w)Bira?u#20OJ>KhdI8d^62kqQ3j7WqS`Qrw0eYRl?OK)cmvmw?F9Zz8r9(yrZd
z<*@ydx*U=?%x!A>QMKMIAWQ#&5K4~ysM>%fi#q`Gj&Uev>2*jKBvXEwu&``km~ftM
zvv{!|K@x?Z&ti$Ww!_P#it@t6U09SZ)?D&D{VzcHzpAo&$4y~ye%BS+`v7x3dXCS&
zp(&pdJIt<Xv^AS6U(hwP)~vIdqS};th4&XdP$&Uq=*7>40^!bo-vTC#@3v4mplNQe
zuTSTSa2<?d9hwk{f8^7(`i347a6i`EDF+_J^zDuxNt<2X+<Ab#ArFs@ZJsZgDb2T;
z4aT{2Qebv*R(^eez0ZAp;JJszk=^%jK>m8I<9xtw*TT;ocK*cjs2~<CV*GLlJ&xtt
zY6z_(2r-elef}q<z{DU8?4A2oeqX2pBVA2mSbM?6ag82ZSJ6YW{f*}2%}hJ5-HTVD
z0YV!QP1^gfSBLq4>Q|u!XX~|Ryi|G}-Y;Ve5B)Sh{SyHQkkO9sew2OuLKOsrs^hTA
zjfT)3&;<^kTP^8oDjLV#1vl(2L=DGsO^)xoZ+K;u;#8--s`hGVQ2BHRwy$qoH$dQ*
zBtKqJMRVMPeD%fdJ$`#&I^7*P4RoJ7WHltKmZOxhy1mlBc9PVnk|wzzRDNXNup_Lb
zsvyr%9td=6**(gb!vR8+RsD(Z-}d@`X&5JI5pMu5VIW2B8%nlc*MzE6a-LuKiLTvW
zKo9<ps}xO%6f;Ms?ozzq{6#>&LK?qO!uR8gVnKYKt=gA(1_Yb;DhyFCu+>fgSBV+&
z%q<<JlM|cNrz*E+Dy_;#0{ariS-Q7yC|!r{$Fs`C_wuM{7+5n?j#oTySE{E}r0&c!
zR1?^iu4JcL+FqtvIy!5xKGJh0X~MH3g;2f%)sd;wDHW{4BlKXK>ZCAAq|tPQ!%=wE
zz2U{W=ezB7Wj&_+itJ1wHMNnC{p%E)zrE5GlZ&{OJb*d!$wG5lW}7h};7~ie_AfT(
zcmW`L<e`S0Z`C9|8fmT*ED<X(*Z=DA#m+`;IiHh<6Zly&o$_(esjIVj1y^GR<J{tL
z(9C1ANja>^E0KZolMlZYQoBr+=2*1w9lmuu#4{|>@k`23IR7d2>7c6Gc8mMTA~=c|
zQ<c<A{KbWZcUcL~o8;dYuua`_&An=GT@sEb)u_^Zbq|(~ffF60*y+am7ZN!9szzD5
zTx_P2+ds84JC~53Fx$gVNuZ#CBLB=)>OF7UWsH(b4|EEdV&ezXr!>+ivf0L1e=~bo
zM1fGoS?rho*Pc*iG`?)Y%e84z{XPXvVhYYs;FauE_e><f?<0P1w!7D!2MSZzRUwLj
z^5g(PzPETyrclP=J2_QtK*z1T#;d>IarsI4*vS?;nMma0OA>WHx0(K?RVAP}R<-ig
zpYPgzDR{WS&hb(*D`EJq#qHIaeTX#(NSzgY4X$52`RlmH<ExaWS6h#{RIqjs!-)T2
zL(w=wfE(1Kj9dGi_}TTZMePkBv_4fnwJpe}4^u9V`E@SXQ(zOSCB<$1k|e*_4n%Lq
zOz$WzpX*l4?5A9pN93L?{G~K#zZ{0HE2?~H-|Mn+ymX;S6|q~22uRQD&t<bLe7{%0
zb3B45{DFeqpDy9|pxQC<xQ{T)6+KNR(hsNpysusru+@)m;7$Se_21wUA`6#Jcee{X
zy>Pp0`K$Le-;zBEqbgbmyYG9xkngh+7sbdCan_oQ7O7Oivnm}cr@7~Fdp)~fAo>}K
zQexwXFe{6H)0sZSr{b>`2DJTNQhWxAQmS9b$Ib6&TV(0MJ}cdzrp;!Zn}D}=hp+8j
zDG9}L@NXx)`S+f{A<h;}BeAgp0f1;cDLXA6%3mZyL~#;e=Od@Q%YIo2(N&z_<a$=f
zbF$lGksQRi0M*}C(|0fKdDG835}7b^bS(Mq4d45}ucGlEO*#&>YyTS)zy0J3<PaUK
zKL0=ekRuXMhNP`d!2f=!2~l_Yw{GZ_D5fk>vmKCpXkpfzo_i;Kgdr-j1Koz^sFp0A
z{iqxC^SD8=S7BSr_rINV*AV&jpqB;(H&$0D|BN&I`ja05ih>4!eT1t^azBan8<c)!
zI(7lP{{x6R0n6b3^f6%rwZ=){lvOVX&}^$%EY%X{q%eSFt@c+>`2(3$j<_R#xaU8B
z1ltBIGzl+%eUxZY_Un)W@{mBOgeio63JzHMp-!5CUwUjWcz{6wY<kY92cRz}ZXE|I
z_F~n@OPX`5rEjjUuvu1GTgi-_ayQQ3*M9s#HhNDWL@bV;J$n%6BO~~x4DWrYmvXl1
z&|tXsVuW7~e$I>iNOu>qYDK^(cuJW91Gvy8EdmvaIq!n_>r+UyNmV%iPMcMHklaY@
z;ZXrer0ZXyvI<a8+ry0=H4ZX@+HR8JV1B~2Qc$jzyVJ5rwI9Fkf@4p0u&C-`sNl6H
zu~|UCb$UwI7%F8dPd`C9-vCt)tr`gYCvn;VhJ9<x<p{Qmo58^=n>x`GuUl5u-VAlQ
z+Rg5xHh&QztQqJWyYYAsn8kIu`~Y-~GUSuN2Taz3DWMvwwGR6(W53g^Ok<#aDB2zB
z3j~GT()I|4#WpDqozleY48Dr5T;v@Y5)lpxD<ZujBc#TmC^CDf%%>wGUlG9(VtN&?
z?%XmtRYZ-NX2(_dW^~X11ELSKp(gOq1Rxv}u`#0=nAp@Zn!l7$gXoDZV5lbTXplvz
z62(sg9aqUTZEbzhbpd$9X+-SbRNWV=XWLQ{re)FTppMxARVUX3DvK<dA3ec;@2&UD
zv1~4@SBQ&AhCZVhmC~EfkPD_TA<nuHv&T5X!;?ZQL3^Q*k|R{zQ+j%}AB({=)<VdO
z3)PVK&K+?(wczu}--uD?0eM4>P3+s4+JdOV&&7v~qr5ikq#MPoR4gu7GY_d;gFDB>
zSfz#+axj)i#@NQ=SAAYEy{cQo?>jbfhABa1`RppSQx&E8@?931txZq*Tp_<2*OW*w
zNg<%1*ZqheCg;z{-7fj;W?@D3Ob!o^nUy&Og)Pp#cRJcXJ!V_xFN8{Zmt*wdc=~i;
zD4UMk)L25;g>JfDb9xD(x(q&-X4*i9>68@Nvi6{=SH-nNV{aGcn#KHAr3kTEro5@q
zh=db)HaRKI0#Ltgx=^9B;#3imRwcvxK(ye%+MMR{!0SHGqV-r*ex-)9mV0GSb0C#K
zj@r`;IJV=`obYTg6(X73wqu@)Pg6wurx&z)_MZ>CC4`4q7NdsHisg<Fkr%l246cq0
z%c1jK)2Lr2GPt(!T7UKcjb3y8#ksK~T3QW?Wfud<%L1l`{n(m^4|~KyUAeOrCkWeT
zeE8qZCoMo#Lw;9*AQSQZaN2pu7vlmk5LC!MwT*w%WIc03hF8Ujh`p`v#3}Ev?f|h<
z_m+d<LK+VVpia6kY2|4y!p4?qH8o5VmY^!THQevuiKa+Ts4P2iMBSpmOiG90F@-N;
zrs4$it<kY1%SOet6cWbRQm5^u2_&eJHx_Io*X~B0Sy<DuUphWMlKa<Op9aX#nOKe-
z1FVK(B4U5)$L^ttv3E;DWuf}D;ho;(i%<jG8fZt%b-Jc4YcmhSqXF}fkVW>>uk~N{
zHcX-qKh*Lj$MAY!%zHq)Yl;%vbRa5Ydnr`COwH=}L+^h$pA8#}yd5wRnP*PeY274%
zV=Y+Y;+%wQ$x@H4FxND!=s%K5^{76_edK08a^11h0uns&efqPG{WhAXyQ1P#CUVs&
zZDVF?%c$Hwu|0RnFxHIuMlO%mmn5h0MEjhXSR!SwSW&3Z?4yRtFzcF54p#=_2YOGi
z#a0SR&?*SF5mSUDs-1bS{z8&{JY~R`V<DCGZ$g!$6iDJ8cP#)i(IH$=>OLla9F&|#
zR&JDow(Tx2M*Yxd%o%0+k`Kgfh>#>3U}6)z!kfIRhK%y8t|S}`gQ)3?nwN?}<`i?%
z#@QTK)v;G@=-_xeTqL5R@ky~v77K<LO+0t+8&B00=eSuhENZcgtUY&1(K6qgF#3+*
zRRipMJE7@5@Y!VPu9R4W!k8tsox$MRkZ0Gi%Pj$QMn_#t)|>;LQ@h0(F7R6R=1<>h
zROXy~({r16gA~S;8>;E7wHZtmfYlZ+FON<wj{RUXVz+;DB#_|YjKHu;@PW+x$x>0b
zk~c+<#n2tDWlGkv+4a}mu3V6x@Em`u?nSip@UCi^U6Ug6(sCu}5rJn|hOwxFs?&8^
zm17Kn=XGQeYYP0C>rj2>bl=sfOw?9{{!{;*@f4LNYsJB}*StHfoK>wi>A(sWU922b
zQzcuD=o*+W&|G%dxc5AyWKrvi<!fJfvv<e2r3voG&Kl{$$Z7+TOw|svnot*5UK`Wb
zB(;R>%1YPbG7SlKP%v+t)os1?H!bw5t_9R=k$Hdhh6+)q+D;%_G0#?t{fwqwf)CHd
zSWR#p+B{Jc_PHjk(KD~;+$rR8ordQ)ZDwjufld4)sH8tvpR2jXSkTu!YNqWt7gN%r
zcp5%2^Zmxx71*j9@eOtG2l`V*!CqF4#`JSiJyuPcjpn#pqf-&OSpFeaOB&R-kE<h&
zG|1T2+%MgQWqQbEj;;AZPY)NdzFPSXi=m2gCEd*Nlo;czc22y%UM3CLo<?IfP)fFg
zpnCckP=98T^4RX=_zv=6_9<(5_+b;bdr|8tML6OD@H3wl{N{#hWTv0@wfdfN*61g?
zX!ChOL=|;TO2;b0azq;HGG5cw;jNh5t}~9x<mXVOIqg#3@>boQy%PO!YGp=%!g#9I
z?n}U?g@r-Jh*fjnhv(-stc6vcd3R8pRpiv0aF?P{2W>*%o_l;zbE};uiNQVAl$7>O
z9G79t)b)n0>s8e`K`&<-%l$1}P@hnI*deOa8<d>@cflOC;Rg!qQ7urX?^W}*C|)7W
zN@`{{@x>Z9g|e*Xwym}awqa88ySneYsY{0^dyNT)mkD3?Zbn!8RbnjDEw())-Bai)
zJBtROdgw$4Za19wcG(ELnrq$}WylkmaK|8Dd*!R}7>9(Y<pS(>sW6fR<J$p5sFR!A
z1zj>aoF{aA3^<pTPIc|npwk=rrpnlzWeDl&Yc8O;d1?&rUPkX!;g!GPM^qhzsSF9F
z!0##Wq00<6jHtwzp=Z`q#`v$%uqUu%hR3+9e8SeUTO~%_F8PCj0u^ISq%~pn$fc6t
zy!)Rsl-Y(WhOVY{ez~PRz}Clym#%^_Nu&v|&$pHDFf6%d{hY?(W^!pw2gUGp&adBC
z@hbCGcmyx#(aDQAnRHF?4QnBL7(5a#u@9xs(Kad<)+X#f0toa6*F%1cvqM0@0T}F*
zH+co9D`gqWOe@c5?~>0HPBdH;%hp3abwHx8ugjyVj`p}yQYWQTb82e0Ak+-?L68Zt
zF)N0w5ZMeCVWkdi_XxGUW2mi63qEj0yhxP#el&T*G=Og%^Z_8)4Htx#yip$194%^>
z1L2rD<LR-pB5ewlU!KN@MWwPGzZ?1&i0WO0?CH_Gv!{SPeR(l?xtXn8FmO9lcs*ME
z5aHRnA~5YEzRIsw)W0~8a>g%|W$%=aEabx}K4GuLZBqG91s3ja?1V)&nyj}Ohp39@
zT33cEDU+u+qvdHzIjyD6Z4SDq4i`s&jv9w^ec;PeZwhE&r)m(nrw(0yD~pUpFQ2m+
zId3gg<lvc!MF7BN)};yk#iitcnDm+b_)63P*h|u)Z=kbk*w8$7c=<HBw$nY#(+3_E
zMeYNGu3dzs$m;@3STNhArvq5S)Q^b8NCTL4#fv8w(hEHV9L$p`1c|!%Z}k;gvy*v(
zp&DQu(Ujh;8!yDSaXf|HXKUP=J2I^hng+BV3E0cjW?C-<39Bq<aK50EldKZAIqbV2
zviQZ{bvT#}vb$ILOUk+MZ9C>TQ~uTv>;D$0yt~oL26Uo&42OpmaUq?Ryg<p*AExcG
zNfvKg;|2N~Q#~kP_yo>kx|t?{G5C?*q3rsGzO{NjeHHHJnE7&@^%9iFtRN;;8!o}1
zZSrujRfavRnN6px$W99k196u^W=(7XhOAu<+g_f!nVq52WNaW(3aI82(ZLhWE?}md
zS*eK2#y7N58`*hZ7%3J*j<u0TUfWC!t?O7=sA&e^XRl2@@i*|BL3C{?8Sos;!#V9u
z{wZ7G2B)^|s&Wq~>Su~gS>VmcdVziFUM?EuNT>GJX4Oydj=>OSjXi%Gv_~;f0rx=*
z)hNY@fqF#9GA)N%hG>0iuYJ-*k#BX+dl+b!$08<;*~il<zPv!JiuAk62QbDaZY;!c
zlBvdd=OClU)+KvtJ$MIoSCQbP9R><Ce=#vA@E~8DqoMZZqpCYctEEp&=sviYjM#A)
zw--dz_{s4gzG*F{5kh}#wP8OA%`j2m0^WsLT}@c8&D(*BnuZ1RQ|Er(F5^>YMVg4$
zSFT)b{s2uWSQw|AG3&AzJi$|(O}?yh+{C*$&{zO_u>mwH47^uWXMI3N_{k>+=^Qw0
z+uFU55US+#kZ3&RpKnQj3v2iX0OH7wFaz~sdf~Xj>&1RD%-rHbs&H4i0?^YIe~(4C
zz|jF3Lxvcz8#%$M8k0nB*1b7(K?DJ{N}zfgDmLO-n)9PTYpD+V*@Guq5^rXo6*U;@
zO<pf`9Mtx_N4*-2jquY~ly{vkmU0(y_}R`Pc7v*^zHwb^<Xknqf<`*JrCYMm*l8j;
zJA-MQE3<UKvT!`T+k-RiJP!4I`GkndOYbYz?lT{1-o|6}4@kJhULZ^hXMT~ObV~xy
zi$j&{gv8aqNt-m_aQb)HQL+GOL&uSAXX-GftQuNE$^L}BVsg0G_=qpL@aAXv(}cNd
z_HSdtR<iYPl*M`0^_^_kj$i!j8>Zuu?ZB2X25)A#dWX*mG$Y<eUV9-(Ci0GG0%~PJ
zD_CyDS8hg~fl=4s5Q`II5Q=4J4={mb;(7iY)D^?;G5G;cV~y)EkxDx1L2^)h6f?ic
zIb;8O8INA52|;7(>i;PX2gacOz}!4<V4|-xa{(2Mg0s-sSMSA5oB6rtG?DPwY}O-p
z8rS-pin3+skKD^B;pXo6(U<k-y<sn*(JMKM=6ayOqExi(W`*^~L-F^ZhFgctG1ZV}
ziQ=dVXPGIjviFeleD%a@HEc{N=wvOGPo7E7`Z)_g_I{Y#H{19vUpyPudhsmrennYg
zHzF7X9`$1F@YL*Rusj=89l-*mTRhlQ)Vqy0b9&2b4*262d^*H4{j{waG&?lV>Aeph
z-hdiy;J*9_S%U!nrBfKc4$imf95W7P=Zy2nKhSd~=vNNA71i{g1KJ-Yjc+3?KM;v1
z+jb}j7)jP2Jlkh^JjrK<X8Y!~qy%K_q$+0-U8N4%P0AyKyiY7VRmWeE@=p-_;7z>{
zTnEbd4-^F8-;%e#0{cUm;L66zwC(f_zsk6vuzzSoEOR{AhS)RyA@Yo&DR#>6xPd3&
zOk0ye*zD0p<>_fWM@ktGFKj>9(=&b>(TRGc>nGgQk%^D?M)JxeMlZdb1;dCm2(NgH
zdiOj&PuG3%F-b{;e)P@=w-mB_VO#dC4!je&10KM}_qF6Duz)(K7*Cs)06i3tP=j#f
zE>HHO2lht^pP=%7VOkKp0qO=c&wsj|d=L~xo8cgHQ163<mCmZ*QgC}TpV#T!hN3}G
zixrbVmsr}$12BqZre;`?0FpZxr;M15hHd=o(72^M78fv+hQ}b^Pvz+{YAFoSRL=^y
zdkr-9M%t!*gW9mI&RDdh%|DGUMK!1z5wo;f`4+pZ6EB!*l%;H1XgEjFr^XiQ=LWz|
za4rPE6&PP5)+rA$4p*qPyn&knK?5J@;`y6cynK-P*6}urDP~YY!~CEoRP{b~#1p-a
zsy}+rrZ+h_UlcY>FuZZ@17_Vb^Ry^(Ha9A#bfJXHPyW&=#j<dbAEQ}#Pgr>K)724R
zH@K^zpun*7X=iQZXTPrbY$;O-KeR@!W!X)L`4WYPVlZHSm<+Rw_@>;9pG}?GyC6c5
z6|Yul65>%Ln8i{wwGp|RUT;gx@~{=pp%b-Q8m1eYJuNnmMRhIc+Qz2OF^$_6p!$kc
zR?EgLYta&qKH4HIGh%!Z*4!Q%m)JG?C21u_+-qhqy);jXr@Oj;OkVtVB=FfSy%r98
z6<tuRdG6PEQSBgyZKu^@<4W_1<`_!Fm<0=kg-$yw_26YWDBn@Fh~Kz|ZD7~VGiizZ
zcE&f>f$qik`J5(el?yRSiVUU8t)ML^@}HxnyW~%XzfqiyBd)v?1A%c8gBH4>`82zv
zpMzR{4&Ovr<~_2B{1ue@8`4;TE_-(sE_vfWLweBaJdj9k!KvK|$?nEI_j}OGgT!&C
z+u3~!a&~V5J$!+R$_XeE|K?`wo*LEyvTmFj%ck7Ft>2A&?s*U;09Rtwi{3X^{u@9f
zq4Hdlro@(?0i}N<_UBJn!Il1hfc`HU`TriE7cOUQ3pg4A|2buXZ*O_dpM*G04+0||
zR`Wl~-Iz{8Q$|+xUf>@up7qmBDSG-L)#_ZGpi^!f<n{fz8vKMq4%nl$rUg6mPAu^)
zz_`Kg@+2#-_*Zlm%=gZ9OE)f5$pr-NNnGxs!2>X88Xo`C?~T8Ef3Zu^KOXd;K&=1L
z>{-e`fAcS3-y!c#uQ2{O%<_vAEC|jMAwiwU9cVzExOo+%5cazWg&-uB2csv6|K|pK
zGOu2YivdxIIZ%Wi%BI8yT^nc5;j07&qtKLH9@(b9e6;eyjck#vxkAr56lTctff&Xa
z7*6fejGa_l<rFjWG@H(C1@ABf!nSwkG(wX3SL+L=J=ot@q)b2)Tzb*muEOkF!(nD!
zr(1`_${Z=c9EV254n!wybGh*TK&^5DNo5LzGp`wr!6k?cI&etjKn$e^wOSZfTXFBB
zyL$8xWTOzE_3wz430lfJYdaV7H7nw3R10n9caMKKV8a^tF8vcU^2I~bbPKf6n|B3i
z+t{(b&@cEJpyKWm)&to-8ba~)ZDPWmMq(5;x+|P4zEjXtI_?C9;E7sfUBfCA`%kcx
ziUCcx%HVE3k6!fDs?L72*c!;PjIMLoiYTq-5nRr@(^nQd>`<|+mG-WPW@jo4k4RH2
z!s+DjrjN7v8hX?|--T_&g^#Cq92-!*+Rc9UG(58?R^W6)UMUU2h*NnJj0TBBcna7C
z6n9T_XPU*n%}}vbUd<)5ytOZ?LF(}ikW<I&WhcRm5N%>_a^F;8Cw)!(Is)`&f(gCO
zi&~k{6os-R;hDzV-jf%>=vpbucz>q|Ayr>m{|y-=_}v3x5c$_Q;>m4Jk8>Rg{2PUp
zcw{K{WjH2z9Vy{N5Q~19&!t>GjgS{yj(Kl|=54*Tr5rN14!UHWr)zVSpO*6PM}>gF
zL_+~XrL-%NAH+FyiHO~hQWxz3CTjL9YZe%R7)ILIki5Jxulw?A3ouM(qGR1Dx%;zU
zgUS6N_x05LO(?#;AT<cDt*DkJFC0Y86`)QVG^y4Xt>iT9%!)4GrdZx2*HTNFcuUYw
z7w<<!t>xBIqh2P6X!|(|#$}7MqQ4}YW>ZMnqSR1RVkjl$-L&)ebjgg&2iD?y+p@Jh
zvGGm`zKkf&K3@{&o=r6Gt0B!X2hbbAn%YpOwdxtnN*P`E)C!?!mppB3PW{mivOD*?
z?<B<k8KmaGxbwiTu0PV{wpp*xhQwI`{n;^)O@={Nx5n?xrJ1k9y5?6sMLp$l9FEt|
zl_%vc6(T$b&EZRL0#m~#{q<YI`WA}PPvsFa-vC2~dEQy%lG4Ylyy+#FV|Uxm?SY2V
zl;8B<oE{~1|D=ekcS^*bXuX;MiJ!!f;B-yL?Ve7*2rv%Yr$2dd4Oiel-W?iKW0up;
zk0Q3@uCQY#n_rA0FQ9TrR&uK-h?hQwM-VY_{c3*k7Gz5&(y2{?#6g-694q3wPHm~G
zOcUtw^h%LG>{g&>vf!&5bC*8geb96^%RG4Sum$NcvnrhDH0-d07mq!A{_4PzcihoC
zG-Z(&M9vf6JAgS#eCn(<tGxC3uNU5E$i2|>^hC4K`}nu$S~kVlMwP3Z8^d#HjOW}t
z2e-KDHgdWQGK$C1jbzf=LygMUD0qf*Pt_4&kH<H>C16k5vfx=ZzBu5JK9^&FI+K=9
zMfy;G_(n;zqt2QwB~nWVal2TzX}jmvx^>yy#zfx0vQmYo4nn0^sB&Mdfn=u%&Z~>Q
zJQq+m9*MHy*sMNXsXvlh;i{{^%y`~C*L^)EX3)~C6wTW*BGbAe)3+pK@alScHB5uo
z=QC~{6&xe}DOg@eG1Y8bO;%2gjD)52GjYVRd&Yz4&4?Qa;Vmtr%Fvi;9y#I7(UK<d
zpbh=vS;h6oHcWQ^I7Ih3qLpHo(L)O*%x&12FxG~P#D;RuV)%4z@`E4xc-B@p4jmdB
zu<@M1oH?^Td|6({w#hz11e=XOUb_`$<zmHuRo+=x)6~50Z&$ksU5%R(b$#b*9ZyRu
zmpdDVHVQ{ZeDUU(Y$Tp6O%rvn>uZ)zh~ZJcD7I@$=;GSSci2XI^_ZJ=Tw8hJb>+F|
z7Am39gIS=G0DkUPm}y%=f+IoUfUo7tBQLuID>qsZT&Z!@<f9{(x<gI~JO5)7p?o$)
z)q=5023s(KxLJZ(S(|oUkhdzkr#^P)oT}Cv!?%Vxu~Bl(iaLl+@pSFKr7L?GX>Yxa
zDe1i|s;7WEoI)_Ad@)7U@KdfL(mJV*jChG{PMX_0Rp~wWLab(MDXV3rr5O+7@Raf8
z3VsP0D$~Wc4m~_hTY*aE_haG78WN*f9|^6Kth47TBiB29FCq~dZZAbtOuOJOHP-#$
zJ?cyG4a|wd(`5O=xp$MlRM*}Y;*E(+lw>^XTyWM>=C1+7GdKeBwYLYLVF`1m)G9r0
zBy3Js9*n(q?L$nm@==^7ZgSPKo1Q6O6A?mDn^BmiybjrcqMX{utAt@}JtQcO76nTp
zU4=UG`Z_msk`K?o(rU0_-^1s95AKyadpLhYHEIvFRZkeLMTBCwo7g>yJsOo6Qs6<2
zw`~WDS6<0*9aU(sE^&U2u<&<mpc96UjMPd&bhs9z%=GPFbOGiFki58f_j}>eL*nkN
z?XU<3qsDHoT#*QYv9K&8>EWpkw#%vVQMNZ<ZQS2LUw09-(W;}yWVh0vVMG0MDgMnE
zve?T-QX)6KYe+6O^C}_}GtL{q#=V>zF0|GyWINZHBA;<z&cS42P2hQON9sayKdZ;^
zyO-iIZ$)?|;E5Ut6+;q>{R}W*HNkL>-F(IHeLOWO=|)p(rqS6X9cp3Q94~>?g>sQ=
z$ToVr#lV<i<(2ZKX>$h(P1)CcGyZMTF$`D_`^~1$vpu<IU7QDG7hF3E&UhKkB<Nbz
zAr!b36K+SnPTub8(nZWVy3l*fzeD@ixYmW9WGnhwRx$u4|0aZuC(l1g`kUp(PYdYr
z&?hU<>;~H?>~CYYX`?F~$j-^36giPIv^5mvZ{c>e$Mu2Hm{SYyX}9T(MV|nvU<q;^
zj`?F};JS8VrVIq9qeHY@dJGLb-oA-Iu9aAFolfs`UoXX`b;uCd3|#UfH%8fDatv>k
zk0x2US(UiQUJ1Vc)A;-IT(YkoUG%y2*b(}ijTG%=K_&W|)fZvQ%_1V3i*NAOkBg)8
zK5$ZY(j&)~8@{dAQoatjR<NP|#B+NB%j>+7UH8gJc=^tNUS+pRkiY^)7mHGL=IzN|
zt0)+LeZML4IrF+-YG}3iJEU}>Fz<k%{7BPt+rLSfU?64qljn3mONqFi%Le+!%X&i3
z74ZZCPBD;tDCMeiF`Z~^doKO4_#1Oqn1?}Yb!WO}@DdYAyw^7xr0qG!fz_B%Uv_O3
z;r12l${wB*+|7rlMCfhUA{jLcEIuoFcFmU>uL<NYe<GxA5L87XIwwxY>aMR1tn{z^
zBiIo`M7EzkhU^c#!w%D5%ln}~DHU<IZD#qEbstZ2w<`_ua91ANt&IpD4<=4ix{9K~
z0!vL2>}$`GeoRbhYw2xk$9ji`*Xg&{(<jN5u-BZC@o?V$vD;BPi1rwMdo!a-Qh|3-
zy!4)~wrkEHWIA)U#6B@L>KVUcqCz1;G3MK~?;pYV_qq7l02z&pTHSmkT6%aee~UUo
z6FnR@!?hJNxY?B2b1}dLjx%Y8<#(<OXR%pnsZ+5!qsrmUUaH9&lQTe~^3P;`4kE25
z;{4U+iHja`m$V0St-)xqVh2lINH-uX`W@=(pNR~#CQn=r%68lm9J?2{C;V=Cn!>_%
zD{_xyh|>eeJH~Uq<i?|_>cd8e*ih5^7}U7%r5DBBa`QNNG!IP@np#>qgD+k=k#CcT
zS|+h9Q?82?o~$}_WgP`RDS(&_$|nuh*xr7F$DFv{W319TRSoZ0AB6Wieaw-jVJmU6
zQP^&j8Pf~0uv->f{d5XUX#ZhAi7pTve|EltNdKO9QTiTv@MQ#?$;IvQi6BvtW9M8x
ziACHSLN#Ub=4pH|&$O)93hQdt;WD}(X*QaB1Q0Iol`gx7#(H`#;|`jIR-b287qskG
z^FPbSx|N_7!?&i^h6&a_M5x0#+0$&^Y8SZ9X1k7C1zhaaLO+$c($(H;+F77N=}hJ4
zbHX^rT`s=3&kAF7V|k-|i~8p9G1{?*cMpxQbv2FfdI%eT4r9yYCWF6OZWbua8Tuqy
z8XM)%XkFN>cwss2<j-pzfIY@fJAt7%md#zwe7^G;#W7Bz>w7BM;_wb%ytM-LH^Mx~
zDZ+(?ikDK%nT{i$&JU%RrRM0Gk3e#hRK)#yx+1CY+J{3Y8}pFw>foPd6CH;MzUGR!
zT8&$OPDD8B3!vgfe27&~P%H#fMDdirM%O$)c}qX1+G$mP$l&o!m&1=LBY8cq-!Kca
zw13+aMD1$Vm|b&C09lQ=UwgGPE;64gHKr^O?pDtjk&pqJ)PwnAv!!L9T?6uzDbe8Z
zKlJi^8975f0W$2x+`;d&(Fsvea(Sj*wrv@kbG6RX)wy4(f60W0r@WbOH4Y38O8v7?
zPh|as;v{D_w(cr-+#bx{VL5n<q$ZNE{JbbFJq*mcj=ES;#TtfSFQN7EY!fN>z2WwT
zCip_&wQ<r2^2#yuB~$?W%hW9r(qpac?;6}8@k)Y~#NH3P5QtKXC*b^iAIz@ja%kan
zsYOtSG`wPFlOGi3xFh}gCQZ=9h}yf=Xw0B$h7S06&}cB%R?~c5Ljiw_5fE>|w%3=W
zQJX#ns9s;qSA52)szYrLx-_#bi;$O@JvP301!uBV7C%%zXM9dRI(0+#waht3FnaHb
zY)LilQ<IKllC98!z|VIet({;!lreGH;XT!IpXGA<%9EmBUc4wLuKwF<P4#b{vu(-W
zCSXMG&Z|7>7J0H~@UdtZ!Od5bOGn$?ad6EDs^$5r$&02)AeNs>l#NjE-MB8YoxZW5
z&-Z#|`smcm<q|4gI#thCw3km+hqZLL`>gvOB`X{t#<tdv{y*%!WmHvN_XqljsHCKV
zA|j0-rASCBAq|R(N=gVwNjJx%Qc4I&#~}nnN<zAnBM68zNGsh)H{7*RVILme@&4}^
zcid0!7svLnW39PnuQ`7!s7%C6lPQy)$?VNkzpbOBr?t|+_x^WhhB80*@wYADVP|f=
zo9PWfE8)t&$!P|JU@DDNqC#_j9*nSbu&;|Bs<S{a>j;`vut#rnf11C9>hY{Y7ra1-
z)L2ngQIA~K=)cq{`}A6&&%<2ZCaJ|s<m<Plb?M87)<4V_7`1QM)(QprZ0>DejNU~4
zY?zU}ymmIbf|Fp@+0&mGU!1^Q8Kx6QuK{+@;5Pzw)nd9>vq#M0InxL5*TMGFXZZ@1
zB*nT(B|XS;oR)RwpO~}?xK87AL150ag4wbNSBol8ep+3iTUl^c<sS--;{4dc%$xF9
zUh`Q$RI2!#>+DZ-=~EE`4|>xk(BR|+{`2>i`|D3DQW{p;7F&!sOt+c4#K(?Y>dh8H
zG?oPFTQ8&qvCrk33!);VwkLT6ea%9X9#*}9>R5jd7&s>A6ZECRie(Sot!l-KNp(y;
zV~G#blK;H{+*v3g79bHK|Jsc7Ttm2+{A+t%>zoCwe8&XOe41@uXCYKO{`#!rDXp5y
zkg>6Ps@D@$^+z`bM1_OUAu+RzjwG_`{beR0Tk6u2YVri0wlf`ewxkn1zk((LO}lb~
zd|OXz6*KvAYi2*FSaT=C>$mZFZQD^9#BtVPa6Q4biaSY8p1`a6a>|{ao`n~bKAnj(
z?bB0+ccW)QQ&luN1rV*v<1Ma`%KBz5`b{M%`q=WGR(eJ1$tIa9H|6(X)&DUa$B|Vj
z&!5Ee;w*dejYF=kE&Fjj$q5^W{Fe5rLf!?1fb(*56TP`KoQ1zO3VuqicQ!oSpgHvp
zU@K`qT>L1sOtbn?w>tAWBDG0R-Y|4@<Q%I{2b6b1vT*g5)n*W&6z;u9<~#BU!Iw(7
z-J?9QU7E-L!&KFM+w5*<|7VWBRe(Hn?-6fvc+m?|tV!c&{a@~RRrtvR8ku8dU4=T~
z)&V;iUh->TOo$@(cHfN$T@PNKj4I=8=e;bYO#pIX-iHQ2Pu(W-d!y!wu&ec<nFbI0
z_SE(7C2ruu;{N!+2tVFO<^+Yiy$D*`(~b5hCIO)3y~=cr4-{cJBbi+nDrA}algN)I
z@~wwRvW9f+Pbn5^X-iUm@?+-m&ZirmBhGkk&xKa@L=r=#dw-=Mkma0=4(V)9_&>-c
zJjfyibj_SG8)eGu9dBK}HU2F^v@FYXuLb6JGJ8}F8Ot@dg6rcI>=26#qLsQv;PFco
zoTu~~)&^3z<$5^M0igso%M4;M^q@rAMCRL-fgA?s0g;07absg9`P9<ot-;CqXtj5$
z(=GQ5P=U@s>(v&y?#s&~w@y&vifj1~{2Is#N^-Y92k7#BX$ynxuQ0r~@|Ygr1(OQB
zg=AD!*DOTHhf`);xcm5KmPv=r!0mrQ{f}}YL%(p5)47V!*OPV?J$6dPFRP$EOTbNv
zVJQ`WBhZPRau2|%P<U>ac7B&nflyicNXBP6M=ysUEUIU~_BMVWu%eqpKAQ16Z5%v|
zKgxt7`frB)CKibB&tb*K(#VOU>-BR|zTy&c_MIhi>kGX=Lf@;lCjnyTt{>VKxA6@P
zrxS}w!*b&3TI=g^aI*XoOT((M)I1WcU{<skA;?1_nl=k;vb?WQ|1Z7A!`^vrc-(L$
zu(Psa_qF*aFA(}KKO&8-rmiV|%uxA)cu3D{B?V>;Up)gZ{2AiQSD%1$lD-MKylp91
zahk|0z0tWuw8tU8Sw##VORnPbl)6G(p<HtXQYG)Yy2d3YSppAxS`2gY5=-!deN^pV
z_S)q$=%PUhtKz}?2xg;liz6@b#f50-m}D*xa8qKCTn4CQg{R2};bw{T;So@14_aNL
z3HGpOlu*~uVL^-G?D5<`$fMZKX7Ps@ZUcxbjUQTw&6Gh3(QSvGqq!y>q}wzbADAP5
zC2#gR&(|UPjFO@PC^IK>nqN1~ygrY(xwaW7>fd+!=`U#N)?Vd^&2~hP;~IeOi5;HF
zHSG%MvF(~Fa|^VRJFyWzf<3+Z&2Csef|otd0z{t~$K5K2hudO)p9%@q-3PxoZT1~?
zvH)i{BcMF@gSayfRA6fz6AVaypB3ctUqzJ9<eDj*MQnKZ<WOu^R$Pa&a|wk**k1YB
z&58(lUzRAGZ4faB{{r|u$Z6u0jBQrt>l@tn;tJcl0-2Zas&rX|SpYz5{h;u>{BCQ4
zU4s1Z!)mUmPwvvyUGb?Vt)SJ!f%o3LBK_5#sX}>hM@hpF7I)afC*pb!PZ`qvW)lbN
zPQWip;&aN<$hm;YOslb}{B6|ssqJJKZ~X}uTS!95zWwI+{7(|zjWFGVEG2&*AfcsL
zboHP;>IMU>`A_z$?v%LPXLMX)i!9cM3mlfB^L*O-SrihtwY%Dml<Uc~XK}bmbtFAE
z;res!8c?5F^4VASd<2-r)INp``}xI<HkxSmQz3=s_xU=$zV6t7!+RX;D5E{1dD<Jm
zckGXap<l%0u&mrwd+!zgB0~spb~w$H1PU*Q`%h-oa<E?>1^_^RMMClfSj?8NM$WyT
zcK?QrBmcB~dAmwHq3AdP0RzqEsDJg3Uc_lqrls)b(fND*X~+%W!w;IjlRWSx)+Obm
zqlT8?v{g1A-I-S`7GG#Rm=L-3se@DI2&Z<xx_|x-2765v5M}#YiT^>1AQnT5RMlK<
zXQ(_T@(aO;5SZcjA|*^t-UU5UmH^T!8F|752JrxMKd)l<vyxhkoDD8s-|lAaFwN`1
zYhvr!BVR)}kb<^u^@E$Wqfby$Qc8=gHPQzzmm)+{q!uPGP*MJ|T`{6i5HnItbzqAk
zwk`1rTI-t}aJ8c*3)(dWBduV=;smB?)a@S6(F2K>!||R&y-=qkD<e9yHhsIw<Gy(%
ztmyCs=X;geqPPD6Oz~BAd1XVd0`1cAOoZo84cnd}(Ta>ccRMEO2!P6LZZ>`lTk<`A
zdW&OnT#d+`@^~gMOsU4qV1udtr@nj_reDgG<^lq7_3mc*dvDDGmMiP*((XFLFB<T%
zCO(}5UW_3p!57NCzYNlzlc6J$G~FA}-cpHa&mG})=KwC~o#&Lea6O{T2r>$IXwVqF
zidQ@kH6yDiIJHpdv$YP+Q>eV1GJQ5(?Z%Pcl#ZFeRur1OBwhrX=f4(T*(%#=-(DU7
z_Z@2+ZjHA6I}!!F3pk4gmmL%YQ_PS1goq|&=0@=~?G=F_HHlv_G~z=I=6Dx=`P!9U
z^14xGLWL_sDmT%t^2b>j<wYJQ60tW6kgsN!p_9o?BLsggs=JE#?O-6ILEUZq-J7rc
zg~-=#DEhKUhrl}L#byC_kt2K;4r)S2>fjJ4Sn{>GtrMC1HOfrC?Anu^QCTRW5HP)R
zQ2wQy0p~*Gb0;%`Wp6gARG^{YhEE#{tQgai5dhuxmkxUuYf{=Q-aJ)Go<0+~0+Bvm
zBo!d8hetABWPlhez6yt#m|cbkOc!jcZB69n^g59K%45O2y;W^MfRC=3fAcx8?|m5i
zr2F{PeMub+LnnJDZ+ER-%K{7$FUXS`(x)fx^VfF7bJP)u<a(MQ;HRT&$eB)=Nr#q(
zY4CrL#~~F?oYQp>qcsF!Rm8S8TaB&`H%Q5Q?~{cmfQG=Y#J0}cLu=U6#xZQz!ycO7
zBD9rg@Y+KH>6yO2u7!;+^es>~UU-EE!Gj|;$tek*oi?-3p2*dr%AhgLBn*M=2{#-C
z>uM_2$^dhncb7+lor~C!MipT=e2I!GPb-^l!}mFSaadx&cd-;-aKK);J7}(CEbhh!
ziid^2pBYE%z4%FN47XVz=m87+ky(2A-%J7eFW#0v&hJXLnO;%m*HZL-tI`TDm3hGc
z1XDUYmUDNYunYOba^?KhySStip9+3Xai4ZQ0pq(uW$;l7#c+;2#@^$ZS4HK@h8Fs_
zQ>ZFj)wzL@^@kaCum=n!7;Bl8mtln8eK_<zcs4fjT&92tB-XqpY_K6MyaHr88!j(?
zAQKxQ^JUR)v}f^vuo@PUP{4Snff{gep>FiT???>x7eHlTDc!FH($n^y)!~6DRRE6%
zB|c_xd4*sT-z9P-Ipx`TZ!-Ak-jpi}3$Q*r(9-?&^nc6TEx_Jyu`=Osi%1TjZd}gb
z0cU0#gIv2`AjAR4bcdzi!AB1Qhk0?)8j>O&J~Y0?!E`AFL|c=31b<BX;*ow?5^-7`
zOY~RbOcMf<WkzWULYVOWWn!^sfN-au-}HfxpBf0l@(USaaoXYM(jlSefFWyKxO(6g
zUke3rW%{IH30~kjU(-I<&A=pu4&|#P<TDrLysATR&f@@P@MZ>)rx5k;L+bwwpurVs
zsUxuwCGu@b=PA0InA2P3;6rgMNnSB<ANN(+B_Fsj3@qP@?TIDk=GJ-WDJ7fAb~TRV
zyv^>C?p=5TJEucHi7_Z(xU~&AnXVAHg_6aEWwG4S?D~3S{2)*9eLSEzwZa)Vmx^g(
z9gd9+r6keSeCZ=Xp03u||6w<M0AHGOz*y3`J-|4TN&xpY8GZlE0&Y%$fVv<Lazf*v
zj%zVlAd`3%On=u7q8QV;_lSI3772Op&{K4Nq+O@$;%N`G-me$}7=(^s5KBXwOZ_z2
zDfeq%as3UvP#t$844!o!z}yWpkcrsD<$|Bp6MljchXRfEq?`{g$^W=Edx;94Dm4Xk
zGQ&UdTj~iRJ3%Z92jE!K)HWlg#3Ko$PxLS}xJPoD#%P2v=KzZtLjyT^1F2M(U~l%p
zBXECVA?XoH$$d$JSyo*VM3L|`(Jr|MF92E_DA&QXZo?wh;Ro2_UAo^GyqTD!y%j&X
z^c<ix#Ofj4uzH?X3^t+D<dk@e!ycjS+MBkwsmu;W4nBxlo9tYC1PHK7zM*GzvTDU+
z57P(s;4Z^9LH?TRh7>?+N1KN}FZToznTdV0!pn_TM+XSAB%54UckIuGE$N6Ee}j4P
z*vyYYR3=tx^s$>idHd*RhC_yXv?IFIs5<=`+4Z@st>3C$DJnr#{It_sx8>XTN*Lwc
zsGx7eXT!T-!-CfKG&@fp8(-1W)X`A?5ePg}iO~8&^E2R{8TYvE_;S6o-|X7bk^o%g
zpOr<@LHncqslRcC|Ipe2pWyjXkKC%rVygPgl9gmXTg0@kX?~S7_<(q9Jk40}H+R=9
ze)MCCMLt^_nGo==ohikl1J}ZbF7Nmm=r$|y>qT|;MtMKXW=51(7H9gG6gssH3yJH0
zy}ND4$5Yd+D5w!2A%2r}cQwgx0D&Ocf#ut^FJI)eS$N1*y$$X9uWD|#?$5F97+q6x
z;5<sHE5K|U*Lf_f3Js5I=t0jhjLg!W&Ug)caC_pt{}YcML4M={DY~6?foIhAM8Fof
zshNkpU?C)wSP&Z>X;=zvW^`#&_)FAX>VgX<FfBAge-S*csl(q`=oncdQWd7u(VSN;
z+QWE(@rmn6Ft7S-^U1vd6iWO+Y;~0}ZqLoR56)I0LcM)`Wqn5j9GVaMv?LkO<~gSt
zX<);W#WF8leK_|LRq|SBu_dsYEn|ZX?kVgMME))q_jBCKyN(SAi8ZmdXKA+mH`Y|Q
z1B8|*FICUiZ(C{BJvw+#nGv{HXR%=)$D{p~QMPs4vbK&5uaP2Zca>omF?^7Q7%o12
zVwZ-<bh4FZyX|{flkOS!Wa1_sDq<-5KjX9Z16q7Kj7@m2&$(e9t7tMyE^EfASM9}s
z=;|0q9yy(N7*A#ngo5B`nxaDo*@FgGFzzWn+heei-zWYKg57|_$FJm*Z_oE_v9E@N
z@G*e1uqyPdt#jPk)b~Qdzp@XxDh&P%KhMKw_X}&renc>kl4h$+Gyw2`0Zk$3H`hUp
zoG2Z*auB+NSS+?J>n(F@_dUiqgk^&*V*le1=X2J1@nT_g9Pz}p1N9~GTQ=ajarooy
zF%ZbKpL4a-g%T-~)cuLXR2aVLuBIh^3l+;Sy?h3H(mJeMdUWO!@iW@v__I^Q5&!8)
z;Lg8Q{tln?b?i2G3j#Mv9E<y&9{*ve(m)z<_Lz@&R3G`1D}NR8@@{zA94y0Yx3ot@
zsPi7c1iwKGEB-+~TW*#1iUuVelhRj$8*k=Nv6t$fdzMYHHpWHN;P<q2G_;#dm=A7R
zgq-rTzK0k<6_{O`&P6Dp4dS}Iizd0J3lVuXU1cxv=V!bQALlpxmSfa>bX+*bJmSg+
z%@ZSgt`GSgps^k#NmaoH4xAQgL%W|#p){_w+`=YGwqDz!oz%4M%tiD^3K5ZP2_;xo
zU0u$7d0W?rwYz((wE1~x#Eno-5EOa!yt(S32&KpcK14RJOrrCfl8V+Vdty+10)UiM
zFWT9`_>xKW$H&L(v0zaY@n@Ait2s0!6qX3`MR%Y2dm&a2)cj~i@?|dA)8WLFgf<@H
zUx_m9JSAz{+(NxCGIv`~>vew@-kanuQ!Eq$3DZP982G!50{#+n59$B-;|t<-j}<Y`
zh-)SUjn!E>fqYg6<-#`U08eRQo;YeK`NQpTBg9m`znLnh2yKq6H(gf9IiQX!rVmP-
zba_+3k4sO(6Qbk*jyPq14l$7%a6dY~Ret!t`W|E?l!O#S9-%ZkGsG{irQ-YBd8Nn@
z4E4M{DABTz4G7>G?V<~_^xAP)^s&ejv`a*@NMb&>@04^Iq+Msfq;OB|(rxcz)DCEt
z%`I$7`1&~D789SoPpQL&wxBJg*0J*RdOh~DKY`4s`~yt-c3)Bq9L|1rd^PyrzR3Of
z*wCQt`H?uu&7MUfW$4r6pBr~LZ4X34H3z|reeI`{e>nqEEORF*2?>vb)bMd9kGteL
z8lDepALnbwbi8bVO?6kXodarxZsGw3Ec6s9B`#qG4u~y?p68!OR}%ZYUg_{TMwR^b
zK%1=#{4vU|N(eP}cV;<qKinFA!Fa)2RfJSAoigL#Q$xHtfz$6yV*uyW1~X*-HLxZ2
zn-J)`fDk%{seu5M8fL}*Xi_dH(3*9D&|7wOt5_1YRE3ZGo<zLmV5>kDv>ux}=ncwR
zK>S_kFYiqOY>5~Ffv5oO&zs`T=g<nYyzVR^$10?Rl6I#FyJ&b0hQRdx7JLXGA5u&_
zUBCsLxq)lWf)W>u#id_+k{;lYAddo5$%B)C;ico9`=vcv0a1Y4g3evS>j}JC;_pli
zCA3GRSd%gPb=*iP2}@4(o^=}!{RSK3-)C5|o&+(x5E5Mb@8`r0G6DYJlO^2s><)O{
z?*)+rF3yd?jz&H>9~^l1IX)md1vei3KAZEvTmCE~7$}1mUA=GVfB$>|5QQ&3H^pI0
zc<`IW{Gs%rgY5!FV13|YUlagSn7uxIK;-q8lz*7<1qf&2zGTOnANU?P$BLPOFv2pv
zg%~cgaIV{Zv$7r_lVmit3rt7vvG*>YLl>67JM^bY*xlj!kE1}+0bymCn;iY`?Io`w
z0PVY3F7NIq><(=I1^GQdCVzwLeFshhemAlkDE&dHWZM7ABQak9nf}M37^{2`dH>(A
z=zA-F!6Xb0{UWZd#^R6@zmp^yy@ISrln=|wop4O6z~G<;UQj2I<8ue|SNOvIWo9vd
zu)yR-ybA{;wD!%#5aO@g#zzNbxBtHG_aiJ&H7i}6d+EUf4S%mG5QIkF`-BInc+By_
z3Y`z4D@<f#OtA#>()2Oj8MA^_c3fjaW40)HXS0dRw;bherBWp@0}w9Yw0rw+7n<lu
zZ;yxW^!HcSc}v4LeqC2$;55IxQxQo$?bP`BWuVK$I>n_PJKMRR;zYeaorQh{GNTl?
z`o%qNeM?)LcBy`<M6K14cQu9#tF`{8sa>i(R31Q<XX{sq&FlUMBn`7~!g3Ucuv|EQ
zSW&rb<NO1g)Dy8%EC8}J4^??YObYW~g6jGnF-fBZE74x|B1~7m;#HI8^$B!aUhn^)
zk|>{yzOAa&WvRyT@6`UN2GCO_u*1%w&mevA(RywI>m{58Q*GwFHZvhwy~?too?gef
ztK<6Q)ZN6Ju9t}(sod`w=7<AbB6#Zq98MA`LhhNuhYq4`(nq;GWSnir&hR#o2iyL4
zyz*)MI6)yvp`+0{MVWe81^2N77W1I3vzYoL{dlBu>G?wOkB4rzGf?rSDgiRGoQf2n
zx8j(t8UTe-Q9{MTjf3EPpSs9AO#8aC!ZA>0yEFD3M!3G<Uk++Z9X(Dk^s|zvI*(<!
zll!i&+^DAaa~3Ta?f*>JnsNI)llmLgcZLhSA380);oSTCwRT5rr+Z>gox)%w>uWzc
zIS~R@5m4!2j;zG6_F+Lj=b<${)V*w~x5)>&6m8JSf8h}+7!)~&BQ*D{D&Vs5+4Q@U
z*<jPTEXr0^zpTS2pAJ2wKmFn_769O}zDa%db}g5g&Fc0$-2w7p7a7TzqgTQhT(9Zr
z4WzK=ZT8EFa(=kcvn0`FS|D!2;m!6GU3z<&Z(0jfD#?!ML`li<byQkZ2`Kq(hU$tm
z&Ru$yryoB&zTcKF0(;!TcN4RYsgiibgE{(3WC2UDJPjy=wMr!uoK3J^J7VX2RaDb!
zaX{`DR0KP>DoHV^Y_mA-B#R=3DnQ31SC5~_rSV)&w&_brFXau(?pwEAA&@DaOueKi
zr&GlJ@l7FmLdR*=x$r_k|J+xXM?IG`%EG2XaV(b%>J=a<Yne1RnE*BMLEk=K$^P_+
zW`NO;yfrsi#$l^J5-p$<61t%hos!XKDYw=V+U20;>p%~~O5agY$lxQO)J6Xa1w17Y
zQ+7m(&m7?1D6yS!K>r-;xn@>HF~BVl*GQ`MdV6WHJ&>)``d*J*u369h`~ER&Zcb_V
ze!^?I)rAy@;K}8!<+dw5{<^aXTUEYSSRGb}2nqW*+gwbWC#rvZJte5#tdMK5=*gew
z^IB^7l6kGvTEc#3y`dO*ec^moM=%%*8_A4vWEyy{{ZZz!R-^%|!knUd32oFl5>X<{
zE^4+wKB?<af#GesvoA+#7}E!d$^ID+T6h6r$|#)2jq9Ffqo)dd$)Oo()F1G<WAkhE
z@kw>Z>Vz<Cuk3Fk%uwm*36Jl~hGfF;)-`)d%(Bvg&ds(C@iANY*36$k4CD`3^+;DY
zXZf%1b74V)IdDDWF7v6v`6XuN2(Mc!cGJ+4XU7$1PMQgBDQrtplr9?itjw*48K7i<
z3>$hVJxA;Mi7ef<glgm~E!uz8)GXOkW%lG>lTde{E0G2N{&de!N1-L2TY90aJyA(4
zA@&N+0yJ7}piDAfx~y2qoO7jRcI+LYdDVKNs<fvJah~f0RW&z_C~LFShO_K~Cpe$|
zg-bF=kG9&h)ugfG5wB1JvXKcZ{Q5rHYGz+2(ApqZO*%ATyg6)iFU19(RoGFF8;~Pp
zkPOG*#aRdv+rXAAl#jY{xkN30s%UymQNQ*1iq1yiL`D~_0A0^mXv^c81~rtfCoZAI
zhv&1h@;siLt<BXWt&1adD3rhgkZ66-3!&oD7YLyIr_<tP<Of%N#dbUoHOumGQ3zqn
zD1F$y`oabr0A{-uK%G0E(;aKEUu7cIfj|z{By+<J*@9m==*zhHjNLK-Jvv+`v!N$d
zpuXTHXM6W@j5Eh3m8y|6!d7>4jc}}4&}4h{7}58icNdZ3L;@^Uqj?$THIsIaM(ot`
z9-3V?y>BeT(W9r<)1H4*I)%;R&Foy3e4f$%vyBX)9N<#^qae6~6y|)dFUKpRQ!l*C
zG8u|;9uJf6JAUQ8>qYU^r%>-!4N<-Dd|MKC%}B(i4=O`C<WUu9e=sXcdo<*igfcRf
zd<htEdcvX#^$OoYGq}K7iXLvP!OE291EpR$WP!Qy;CS_136_NVDV^f_2e<s}##@Yn
z#3L#I7TarpuUBAFom^+><g;}rV<U4=E~I@kQaUZSsG7H@oj>?tfc_(&66Xt?wU$o*
zDxX{eF^eH84M5!PS>}djtmed$AR*#oYn{e{^Bta2ulQ28^%FX4InAYkd)D;$jc9Y`
z!@7zf+qup!Y_oA4Th4RO2QH#Wy*QvoEWNhWj_N79;~{bWyuZhgd+O4XiJqs;#GwAY
zWhqwJw{|=tG7z_MKe$E+{~Z+YG_hTfK&GkXojj?Nb;p?Hg7oO!jmfGYRjq7s3f(O9
zJ%h+QFDx%Yrs3i+E7{I^jw_)ipEUkJ7GIz$j(W78u-Jg(<^QQqfd4*ffV7(`b$YlW
zsTdHN+Isq;*pcpgzmf+6J=%rB@7;*I!zWrc`m~94$M6h(4snf6Zc@mdnlwHeeCn<s
z{7ry>Vrt+EIc_^A!tK&?)CDQL^o2=AX!&ci1~;(fBD@`-ou{_(#50q)K&V7tuflz?
z8uFq*H_B{2Xb5monyV)BRg&T@y`QaF)&=C3?E6)?EC5Pre*$d6B>xsel`bTe$9kN3
zeahY$DN^WQHGKDm?NT^*d{YqAKow+4WsV!^u%>KTp_-n-;D>(W1x)#B8eUgk{|G;*
zxe*K+=+TRqHrD^g^t)ke7NJJt{(6SJVjkGcd6>AkTpTUiI!5$Z5i_O7F0M;<bm;mC
zvuSv7uD%TadSguQ5O4p>t$KE$ve!H}qApl0+fBb)cpqVsq!4ju%&wc#SkhZQ;f(F+
z4_|-Y3Ew5$pNnzGe?2@1VfXI&5#H>NzyGAEi!A0&l~6`wKewBT-sA!OSDQBy`)n&I
zJgZ4(RZb5DDDsRkb%FK0?tqifr?p|}0(C|W+_UZ9n*Mz%-0mCKG=SGvCVB|N9Yo^d
zTmVW~uvlojD9AkRVuMLDa7ZJe+T@3vDQeqa=#SU8tnPFfbtQ8?{zdEYkk!X`YqpuS
zM^DgcDfKI5TSnijj+vHkcY~t}%hurx4jj}2wq$UKzg+$CI=1;@nzL);5q8Ea&ZeK)
ztM3`;b=B|)A)`KqUAl-m3i-24+_drF>>uEk>(B_^IC?bEz%1KlBKWK8SwU3|7gN%z
z7DJik2avPc$P;XqB|JQEoiTG}$Z~?Othb?tSxIP1Vl^PV%;8>}N%wx%I;RR{M=T#<
zc!rzI#HxY$z<&%wqE^PpPAjr_a*iv3axEG8bVCDynd142byd&3rAQh3N5uQ(ewD2>
z&{l)e)w-O<^eE(5^CdRxjZJYP-i3>0VOu7h3-^uWEld_g{O5oVx6^)`unM|?%Ce~W
z3agjmIMr{CIc=DHspCVGWNDRfXU(?m#0ikcG_Df1Da3w>unWG$4(Vu1P;cNbn0ypN
znIW(sC-ti=;f-@l!e7HL7rpi**5XZ)>-NLN;})P}qDckfwq~uCyX>^>6xcO=H_S+o
zNfsUQ<3j)=z?s#-`q*{s=y)kZJx_S^H<IfvsZBSX!^-Su6J+G?u!Q8hSlIs*ZLAMO
zV?W`q<Zm0#t(oUBC|eFPSNqe|)1$WzWVtq#iKL2#x;f?1>#CCFA72^LuQVA}S7bFh
zCGS6oB!}s}m2pVHKJ+xbBW9azd;y??^-`cRvDP%-Jg(2m`RB`%f`VO-eVq)VMQ%M}
z?@3xA6_Q%J>zij%kPNlkkcu87A=Ev;oL%_wc3(-xnzG#bP%Ek8#==TS)%xc*p5smI
zxfVgbLwr4vXPg$)WLPYMycc9owd$^q&qYMsAJdBqZe7mXA0Z7gYcqOnT=)Rb%OFcB
z^84jN7`IoHlo&xLY0K-+jn`?^?hicx%I&gNIbZADsG3=Q*Gb)CgG-F1EGSWg=A{t%
zx6{CNtd3&yU~Z|jr+`|$1f7}mi`Tf3Lq9M3G0o1i>IRu*Lfjh^jpR?9m35YCD_O}N
zEI&*{nQ_1Ac&&x`=zb;D0Oc0%Ct6`5@VAfxH{=*IH%G~2)*$fH<Xpi~=$A$BJ>H3T
zKaKE11@jC{*w$I-E#bK@%W|l@D?^;^%tYM?tt?>d!Z^?rgH_asYZq<CTP(;9U!)i+
zCR<;v95tMSTJg*XP(0@|SV_#u$Zi}L?f(+2+RIX}vT;jxqx%bRTa43#cY?f`PM763
z#Wy8NXl(<hF4c>uWTi!Kub6BBcjfI@r!|!`A1eDeYVR-qD=G^OEr0E$G5rYCFyG$m
zZlT)#)7`TAA?c4J7sG<}vy7?@G^wmeyKZ*a>aWbWC)DNSvA=#ep0ZPOq`~-}d%<>?
zQdq>K=Jk2wD*h4BeR3O1a%Cp>9Y@EX>@gne`;El1x@Cm%YDI3vN%kuU)2kjSYQjt)
zkQe5Sbw3~)-Ip0`fwHk(pKrj`Hl_mnqtRokfYn_1{`~a*Z~-%20%?C`HK3(UDXzmM
z{NHzhUyx^^G>k6UBYv3CIPmLF#7u#<`=D_Ko;HVje0wi&lm}n;Q+WIH;1|Ik`T#|g
zwid79zwNzf*Xn>8J#O&z{}FV*(T7p!_n-cMBj{V&_iMfDf#+2cZ_!P|>kt1fdZ8rX
zg1oP<UE!hi6S3<@%*w3t0|-dT#M2AcI(>T)7tPxIbfXCjK#voqXfP>(T8P1pB6!&n
zHq&iwkkfDp!RAW-L0wv~I>nXW6@)Ehhf(qX4jP8GP2=icZNXzw%-8>=T>)^MzPR1k
zA7A{NCB+(#*m5`?Tg2Fc1HA_B<zY!gjNEI<3j?9+My@-!Q*b7hCS{WW2uObk^Pet|
zrBFRKMKi|nZ`L<|KyAd728g9@J)njJ(W&>c<wl^Eyr{`LT{DYNYR4zV@oS?FAd5l|
z!g_v~n=k`Vwy7ZT^khIy&&s5=PWqg4?tK^X{_aToeuIk$2o#De!636^q$o(ldc1?>
zsSTS*`aU<o2dX%`C5wTX(L&<MDXaUmd?%)W8m#NsG+iCU$2Oquz}M2;z4&b_Iy_O<
zT$()#bxrN)H&3m-)@L_*pIvJ92m~Ev(FLl7K2TSAvRVmQS0u>z$PT;{p%CsbIjw-_
zrR%z0ULNY6iOQ@CHMyBl_kAX_l7v0Q1u-|+95h`um6`4nRO35##mB4)JKVZ@zT^CI
zO3-Q=->@}mz?ONKwca45aNB1x1QomTH4S(x!%*^!L-=LmT0f_HfP-e7g3bB7+pdaD
zi1bRwv-8fpHJhhWXvi|7zgVeGhiG9c;09cvaH5oLF<Q91X^F|se-j?*PE@^58DHQ_
z(_3g`JZ9crg?4jfWO757C5UKxRUe+!x29)gia_%kmw2b!xfC;%em7gtT<nbSo)6rd
z%yCMebIrXU7QYf133-Tx3m}Dc`BuiAgkn_HLzEBQ-F8b044)EYSpJ=C73;&_Neku*
z-eKDDCc1J>YbAtSp-hT*f1gy@MEcCFr6MEx&Af?>;_-03o|mF2-ity0KGl*GoZkpW
zpd`>jbw*k~qfAEW4PN>6&r1U?O^i#iy)Q_I)@Jn|U*cS@Z6DecH0{jcj=11g^rc>L
zhswtClNO3-wA(mCI0%dcyy|UM!<?ZW*%6`55r;@7JO0+m`S0llx>;#<Pb~HcT@F-l
zMrCmsRx2R3jT>pRBv4&pd{%+i<Sq(|y>>F{hiK218MO9<NqFUxR)AcFV2f!L63V@e
zF`7GfL~wAg#%#>xt=WA{@>No;GlBBU=LP6;ivW&?ngAcal@t`gDaFYYpr5~5U}mqW
z8ps4a>M_M?SrBxFtb5S22lTl#Gh}2qP5O;)6g-0zT1S(}xSLFQiZpCfbKmv)aW)Oq
zPFVx5eR71izo0le%Cc-OywAF9z&2@^wU^D$fGxM##0!<5&n;9mMv5u`v70EMM*)F6
zO4Ct_2I}b5^O~ELLQuJ!op<D|oM@Lw>)P!0X}24}R0Cp{K$sfdcryg9b_Q_JAxVGJ
zS&t&`BZN+9rJuEPwmr2CQh|xnHj*jCsxJUqkqAI5YITX^L%0q%WY>#?bodEwZ>ASr
ztV-9)y)b|Aiq*wQ^k85<-Sq;rlDRX8J!^_=5VZ(;(GpfMd9$}cEjRNrubcpIO@$0g
z8R|M^&77SBvu2LAS1zkM2&?HYKXe_a;TRK8TkKgM7ol387Ay)=(;N3)7P9T{2$i28
zc)kxVui+379%?aLe7H=tkn%%t6CQk~j>6e}go22zkCT*-7FQd@kJp^pnwp5XxDM@e
zd>ubN>o#RCLoxJH6v81oar)i%Frq+n(OjK7zPRbSP1ZG=9<S*PsPPpD&h2n7-Ir`$
z@;UNt+0E4jH3J=wJ`1FeS}xo5%6598nkdZ~gYHcGmom+aWCj72Ol>}%i|H1D@&g7L
zYuQd0_=+eqa+!9vyrVBEpi-@q4q;czePb7B@a|49|KzWVOCwdCUQ=7G#d&v<JrVPw
zrD&QA^zAeK28XWP=x3%1b{?CnN$Y=fXb*)*Fe)-diho>K%_rxE26OsofTm=e<L8j^
zHL?!#Do9r1soTght@fRbVR&16<PN7bW<f~{g(redc=MDeN@UsOVe9iX_5~@QmAu*Z
zREK<?Q1*`u8k)WDMM@%ylf3FrPF`YL_j(2*`px_lW%;Pi0`zML1!6wSWmSQ1=2w`{
z*YXtG7r;bVroZE_?53XSI6WU{p_r<*-IjDi=fil=smg+!F_knCzraP4LDL?dP<%L*
zKq}`r;9E<v7HoLhp$Th<B6N11XspaXI=#8RD<UO;L36#%{NkB9XDpEMu&q}wvYBZ6
zx}`VO?K<)}%W+XSsH;ke_00TiJnOoyDfwo{`8D<1qH4MVes<0kYg!K#ce=e1S+*~h
zOa>na-wU3Gw*`QvaCVS^E*t3^g)Qxud)kX7%goHKYtJLqrly9QIMoK2&xfCHPE@G9
zwLLYFVX(xk%j`Ng0QMVFy02_at>bg>XJm=CN%08@mhh^681CoGC=C}--wg8t$?_@d
zitI*Oyu5v8@}Q&~=oqzFe6mnGn^OzYRjHGeL*Qs^5H<VzWH31qeM>!)=g%<Xx{R_B
zu7J>jDj)Bl1yM`^TfOi}U7zV)j9|}-3Hj@rdHaYB+LN9igHEd2buR>P(9b=_vAvGq
zE6RQo+};?h@HiV;LA@651*Nhygc~6JelL6YXANa(;l}XIYw|;4K0anHwuLU~kK`qP
z9=DmuzQHd|y{~ZMJdoe>1QENR0T+h1e|U&G(peeFzq<QjeEKW5;D;lLN+?Z%*|}OO
z)-E3tla4G#l_`y)ndpw0!Ef}U_7_$+;_zAXyz9#$pq~yJ<M@c^D9x~x%wf8-N`4l_
zj#2#W3iVRVLfx1<N;reG?^VwF7-Iao$?*#`Z`Tn+$V*|H#kQaqIb2o6&B&m>WT|Fh
z2+BBi(3l%Q&}T_Wic#TEHVK%F>b_oQt6|%A4TQ!+L~4|xu%K>FS=c}cm+E4rns8-)
zc!ge&nIkV#?H3mq>i}O`EE`hDCsZ(?`!8d=&Ocg`9Cw{TnETu(6V1^#o?(=kyku;9
zbQtVvqQD47h6p<fXFB-0+U(nh9j3#L(`%g{4nRiw*(C!W>z7~zgf@wa37VlPSH$Ia
zpo3WJg#5zrt-g;X8qj<Ee6+7D*&2c?xE|W`9KP(UIJXd*bf`Pbc|p&P3!Q65BJBHT
zzi!<Xv{-a6LyUf`8FK+(V>xUB36_DUsUXCyf?0R{pi2N@gI{2NA-2Yq)6{xh{qjYM
zY=iomTWV#c1xn?59J%|$RdPk}@t=tj9xz56l|q(0)Keui91J9ZaC^p&+dv}SVl?PB
z^;s*Q!K&`A;Nio~my*E#SO8cCMR^kl_JcLA2+GHaI?RpLY~7{mE1E$L4u$kNB3*7g
z8#tR%a>utyiTlE8(@>C{Zd|3qNR(QKxn8_Ry`tc7Uc|^d{{l~&<HCb6@~vuRtBVXw
zgDq?sCArC(L5cNw6CH+y^a|<?z9Z>gT`Bw8KE{C``&RDFUhO@Qo^gEVUr!ES3UXao
zAq(4FP;}081$&BhsUojLP`&A{57y(W&Qj02nVKx4$wZr#i)POrZcbvpPUB)SWNUHT
zT}tz)D#sU#fk73;>Kxmtkg`bhtoLml($A1zEI=Jd1_9^=Z7Q1X?5|1qfV@%nF9Y5h
z7nAmE2y~~dfYqse-Ny{tnM=4Yk6tYbvb()xYziqu%l;&#w>FQiRdp_!$iG#w;V^5r
zQXR=v#H^D*x`V)(M?QfLrV6ktPkM5W4!m5mgyb#&+Ebm66J<Jw4oL<|N520NuFvan
zid^G1p~y%w0C3258?E;gsE34>X#i5e(`1sclef#F);h|m>1>oZWsl0gD7o=QLa^3@
zNSJ>Wq`KJhJO{iL8`+}rN!H0UwxL3Y@k*c2NaD0B_jLN2dS^ecfsMC!V;ngX9bVK%
zRU5Vg>X!x212lF%!3_sr#PKG?bj|PZBkXz9!<oyPo3<iU13h+eBb~F|p!zg@U*)4d
z&_nvT7?_WtPsE(BYHb#HKnN9%jiUNBuNf*q?va&KMfcigpl?k^eOozA241d$nud&)
zhbDYXWau~Ef3R^1%MdQz#b0ZGgckdo37Yi*bgROt!5crpc3{1;Eq(4O)t8=T`W4?%
zqv0HlnL&fkt*Pq3?(g7O(1rfROsyeT-Z`~W13_@0O`SPk-R+Kous)D%mi6KrGww${
zTR{2Dp+-U*$mASv2QS!=b(oE0bNjot7UgQxYm}^C*_R<a4cf07Jp-;_s9CWe2SDXe
z8D2i`Qu@<rxkqc6aq{UAX2uE4je9D%Ak_E;vVv6O*O^&+*3!&*^e6$$l7h}PY3mv5
zQ`9|?6YO29lR3t&Mf&OYquz$vHyeIxgy4hJ!I6Amix1@JzPhFePC4@4pHiZ4KQRSb
z-52g*dUK;RU=cPkPp}j_hTV@}7y9<qmbJuc?yMETP6RSLWa;enUA|*xb4FnY%?A5v
zD1ko*q;$MEja1VL1-%x-*=Of*&AoktI~5TZ8FI;HPN+VzuP@DxFwGqTCv$eALX~f7
z#OY2pyAw`C$l@fMB^j<yIofs#l$D66a^HyCxNs+foMd^xin1Qs_%(Hj1cH*2-8|(y
z-PvJoiXkQdnM{6cllC;oa8425b!}#s3)HI#*y!wC8jz%j7Ue5j%K4L<C6_$6VOP=l
ztB;VTIzzN8onX7?eNNa?u3MA5iw!Ug4XNdjK@(US^}EgSvifEk1N-gM?;E|#E0rCF
zDJjmJ6hUO$dRrYQJEzR3{CwLiWjsLRw~>yC!KyW1>vG=C3l=pIG--^RZ$D|BU)ZV(
z&>u!KaW9|Qv*kN%5HpVjFu<Y<#=K8CJzV-%J@aRfBe>!10D8~iOan^7Uml5GX(VDR
z@k5oL3Kc2IGRLr<;AR$IkP+$s>K45}4{?Mfe+55;0V*L<HrFYEkRDs2Kq#T#wF~j~
z$MnE(zc8aZymRmMYl8=&!VR$T82|ydT_$6?)8~YMYBktf+3Z$R!2#DI&Z8fPG%%zY
zva}zuZ8`2DtpC-{qRg^`LNl)PUr=a5q4LW>p+jac@hX3Vw^9Fi8G&j!n=fz(%Z+?x
za|W^P+mNY2HPt<&r9M|w?=t;~?`WdZws?H|+mMLzE=yw>@l6)uGQUft{cf&jin;fA
zY4kcI0{jz|u#<zu?wu>e1`sLd-ajkfMVO)99<!=v%IjIHqaH^q8ADbkklv492r5=8
zeY>3HdW`WH4!Neb>F5J*BymNTF2e>ZY#|q**6OoScPsX}W7tegkB7&^6OQ)Jr1h;y
z8Fh(*jHm#zkt?nMbg<ve5^i(rI{|QaNb2F4xP@1s*Ouqxfeo*ae={WE6?%rGHj<c4
zyqJWJN%kud9FU-a9ymabdUS;Q83{@>g1VU+FH)+M`=Jy|G&m&nL>~L_&?rFl>S%v;
zv&}v}-QgQcGEXmnN@bGX*uU_2vIW4SP~rlVJ#CEcb`B^rtxuL%1f$O`>*gqcs`WYL
zs5S%ldAV!Fq;cwqm~WTiMpBs=EZLDT92ic<UV1Tx7>meVv%5uGY52M0&g?b$F!9`w
zAl3J{&l;ohxBy2Umodbh=TFzs!prhcTnz=ZI;0Zu`kHSk>0Q(50U#63>@|#eVBy}C
zi4zNqg|E!+JjkWA-+qpkCu)y6-M>mqPaEt`NdR92<$s`Agko#_&hBE8BIYrc#R*R~
z=I<$CKi3#(HE~J0sP=&rY6n1j`J}~N7)jW_;%tvhi1nDT93P5o_y%G90br{QjJ9fO
zs2T3T<Gh3FnqyM1Pv*wv&0mWkdQM6Bua0bLD4BUk4~CKeBfs&HHuvc5e1#I!*-qih
z=y?Erb%Agng3%sm6wLShLk34cw!`#cr=~L*05+p04mY{ZIgGA!UnnX?x9ltN{Qb1>
zc`j0^#i`@ICW`s(2Tof6$_O920q<MiU9pAY@?Q)-k2UjW4%14B6YS^vm*B(qpIc#;
z1pay0h4DSFw`~uDuf1dbax#F(0pL1Dpl1MH5~zSP*)5@Q8y<@^@FMwo?dezjwl~Wr
za?5OLgFh-8nf1Kbtq+-_Sh;Fwskl|g+tdH`@#lak5;DF!U@;}sO);P`&H!E-_`wf@
zi4hyY-WsFXMnPST-@gzJ^u>7Zao+~Fk*@v|Ptf4>6Cf|a-xTBiq~5ee%;Mm-01Xx{
z&V^MZv4y19Ptc;I3|l^FP(~yD;QRhW|IQs^L^$$9x}I$2!ZbPz=qAvd1cT#p0c|I7
zGc<?(!IXgCR%qdU`B$!7NC0N9?FaL7fm-S~lX_y{6#dJIqvA+`2VWui@BfI2lD7u6
ziEAn3eLP5R#9|n@I5*}Y97uQZNg5bsK<^{anXWGg4+1;^hwI?U6B#HH&Tgotmo3Fm
zXxWQ60DPpX)XBZ<3DS(>dqLN+nC*im3eL8$K=y4d<rSr?I~XL#`nfKA85EvzG0z&&
zycD2e+o9j@W4xCh5W5P5pIna)hR6bsAtg!dH)d&=xOD`!R+N~YIc*zBhkj3C>1l?g
zyxD;oHw^pccHn40#m@T7wx-dm!-o%7b5}XjIn=NBq9${@%t}Nb)9)_ws0=d7(el>O
zJ-+*~Z7|dOZ0g;(#EtqM{pAnu1c}BY-`&x~%_}1Pb;$a>(juO}YD@-_tXzUhF`os8
zT$)_|RX|d)1g#hw;TOi?U()oin_7vlY6jzB^DqA+B5i0&Mn1V!8}+7Wymu>pIjT&5
zxF*sn<3sy>r}_`ej?VFq__cI>1uFT56>s?VoyNco2*PvzarhYH_7H&48T8v;@ncI<
z)!&<Mq6#=+vN?I`-ri3zh90Fyx-`|BoN@V@S=~E7tR@`iSE-<~%WL8II01%cJBR$j
z9{Qui+!fEQr&ell+zo|DCf<&q-aYt+(gd7@^GvwZaevXnjwV6oVsEW&tIuWNQ%tXq
zI8A?0RU107=P@++VIf-leA*r!WO{Lk-%9-OFk&}&<B;b^ZPUVZh%_kl-EM9n#sflD
zs(2P}bntYambc}6yKJ<j8J_p%-rgs<c)$q}?hoJE9JG;(q&@jPc*$kz+eQts;OK5^
zB{*ju911c=A$B0d38f*@JgMa633@uYy^*+Uf@6Og%CPouw_sESht1O@Zr+O+#_^_9
z$cEKilq&*aYW~4a!t`5l7Rtbc@Qs_!AW77kF2ME*8^pl*Mu*9hU>^u|MV4)?0J}25
zV>?t+ABB*du$2947YgZq$=;thq>)@OFPoQ;m)a8+uR#h6&UcO>`p0q?%n)N7f=7<a
z=amqjo1My`&eW06^V$<r<Z*0pB>R&D7TCLX2_nw^_$R^Amd99jd!hgqy;L)N23)vc
z+JRzL2Oe}G&dkL(HH$zEYnm&d@|fyKC^H%B;Nw*x2d6ekiskM3z<VAD7daM%q6%kT
zLjAp>OJx@o>K7>YSWTQB9N%N;e*eJQgU~nS8w;hi%ns&7c`kzNlx$KG!7vJs27t3S
zI6l4$-kbmKw2?@XyUhvF8(e92rs4ElIy@M|)i_BEoJH-{gNEDCj&=P_n%2z+M7fDJ
zk`0pBQYJDO{K12V6A&t8;<v}oe+>kPt1_^M6Vo)*uD;BhN@X5*OnAC>3sw?W4jq>&
zPx{StcTHdy1jS;hD_rJyB^$Pm=Bbn<Fo6+^IR@5sq5Pa7MqcVKErglh)0s9RP!cJw
zp}pC>V0pO1AHuofEGd|;__Nsau+RNvMVy7_<wzs8HtU9fG^36Wg7d-FY;eww2eRsD
zt<8hcdGhBy$WtVtD3Qeuo_d*i2_rQ}?mI6%wO^<*v5vy~9ZSF($Jte0llwbf_$Wf}
zAq&O^=zl$k`^W2g(}b~IupA$pvo;yP!zd{^wOuU<d&_9B7`C)f#PH$MLO)s;y2E*{
z|MS`K*~HGNYk!!cff<Z{O)rKALyP|%e>yG?-mCB7BBoQ{iWz%kVFM$00+{O%rNn`*
zw00BL>OWqlM(mmQ(cwI07spQbz;FRT8#fMU<Bn~Fw{h=|y6^&*XqxC#y4*LbFL<g-
z;hN_kNX7m5*b0Yj*?o?QJQSrVOjj3g1eXCyEFiYxTwe-d-`^DnF>#~;RkRJP<Qa)P
zu@aA*3j0sTS?$UXxUd9-v!t{=i0*sB4Ok!f5jvzYUpK`7M!sF{!nhDq1Zwhl1qb{y
zyAy<8aOH!KAGI@C+_$lf@wVUd{DO-U@a4hx|6XTwR27(mAHHePFz()yTnr5>0Ej9;
za9}8jF@o|RV5KR$Gg~k1X|(@9gmd7WGCGe37#p?+-b$$sKK@KF*YW?*!wZzcAlKx9
zPAA5Ep0NQf`?%^(J)Fh|&K(&E*#3<BpKKJyOE5>P{TQe+g6Z$$2gWWK_r4+{X7I0g
zkGTbhamSyb5Tt{Tf239uJ}7|19LxWh^B@BLk2!zK;s2QP|E4*M>GRC@Ya|fmW@cv6
zH$4<>_E2cog9sWLS1ui%c-O6K&lV5_fofp)NBK4fIbRs+ogf1U^-pRi;eC5G|K?wD
zMxdqMx~pNJMI5B1%6~y>w>Puh>c6R7u3Ny4{C_^oU%s*9Y2Pr_F7hXtz0FEtY899l
zB|q};(e&$A_H4VhJ5beMiHocDJ!C}6mD%=><K{CW=2}q;%gvg@h;8Mp$(Dpg-ThrK
z<=S{F-IdzDDVmt}3n_bKy3on=;>C+Mzwo6Mq%|45O%=o%$}9qi??v-5XW!XSu6K)X
zgu}s)kkOC>+*}cFfw>AXeAv;hbH@fwTUJf=QQDa?DT3oLAJW?EQa=6X;U@>CXd@GY
zYdx3t*Z`y$zC)JU$$8Ot*X`K3kiYli18Pg?UfI@`#bWVn<?vuteF@ie@xQWUNKN2A
zG^WtUYwR1#b?j*8@v%g92gj$z3g(u3iHbiT;t~g6eu&en3m*>HA1K2ST15{mCUU4P
zRqK6x>b5wrKCPkJm)9JDg%YrmyvWOYr#{4GRj#C?0Z;9+w@dmfrQ7gNQyKyTd|0^n
z%D!kik%<`9`ThORMn}e%zE`fSt^|-xRLxfVRF!T^Y<~Y&m32%AFpvv#qlWts8A2Z*
z=aP681y<h-evy2Mm*%*d5Q1N|=}L^Gwd*P2J$35T`9c0X{fP)_J9FzUP=^WCa$a+}
zu?_mP)r#6I5`>+_`6bO-`bOtJxvjUQFW-M$XYH-hI&-He<D(zSDfXeJYtq0<KWBQn
z#><OSiHk%ck=;4NxfV0?b3>?it(U{f0&P(}Q<l%V^US)E_X-vO;egv3;@_l*DOFsD
zu~wB#cS`QM1*`%phy?X+qPkg*oy`&S4@Z6XiFtbAv#WZS!B+9)EmNme{Se=X;<|B9
z+y<|kEe_>dGjiY77ETSk_*`IrhdFS)ainMXTUx8#2z8!c%B9ZJi&8(zB^ITMvPICm
zeSVKGbPY2X>y~wtG{$`8)=KQz#CiVZW)A)I%Pk2oWfrOwKlCEmNg6f$H--ym^-RMj
zzvqrywGEr7wem~4)K$J4w_`J2m*{%$!@c&!<9JFKAM5%DD)YC160>J{Py0=lJ{I0u
zDN_ta^bZc=vvGb=Y|oo$@6$?Qt7MmtNO&l9LnK<u6&0_sYIkwlmCs4aRs>6BZn=`5
zNA^-{p5j{5+n#SQ@oOjmy6szCH!Q@1nA81Q%to>g(OK)qX?-Lt+=i%b=mbvEvZsDA
zZg<WzEmtJoeo;M!bJUPo@`qT9U?bWx-Z9QuUOI0*Qp)D*U;)k>{^dw3=E%?)+x0?W
z#UA^-PHr#lXS#j@iAL{b<FE7!Z%nC~^A+C0-|`fDu`yzI`ee7m#op?Nhj8nrjh96F
zoNLqE)HI!E6F$vK92;tVe9|Q~pH#7%>M9kOg;(b^JUZ(k0pdrk`eC1DDy3ji;;2mG
z&Ef&W_r&d4IpO?<Eu)ahVetcsQCC;@!^Q-=8q^;gWK)u>QS#1SJwNm;Itgcv?fiwi
z@3{)*)s|Z(ybA|T&89lPu$9k=leojn)GHX)T|b@T2)ei?-ETkK+-y{e=3Ee1qdxwU
z0;OEW$<))HR+Q%|6eZYmHfdB2;%SkP)Y3P(kFMVlx%1S)x?;d>c4c$a&{U{q#?DqL
z*T?SS9ltL(c}p!2OLhT1rs}mfv8jhtg{!}X<fZkF*w@c3_FAm-)!gP0{+8iRHq+xl
zB$}gao49_*(EBiq%@ZX-Y>>m{go9zah(|?{8-x8>`lwWwNAwet&X)A3=^{Igt;hG5
zIM?Sw9+BmcpkFDG*uO&M*UfMW+8C7@J`i1_MB?9=*#b2`o1GgDPRx9+i)#!_VcFzl
z>vh4^e)FqJBxv;HfRd2E^YGUb9aA4nh3KPCAhB0-=By|f;=6K(lzh7Uyq2AbEAz3a
zBfp%PSM*uZy(T1jgW8XOrdR{j<vCzN=Q=;E@L?;M`Axh$fA@B|i<_8NsC@mhfU(ML
zU8;Kaq%q2*$*|icYWG~yavSq5j560q5u>RQ%VU$n*nhDA>IPQ^e9w2EPWgnkN3T=2
z4aG#UoMF3(77R-mt*xZsYny(#K7W4vg`F@BcDC7+@G2eQa+d?DUSy<rtt7KwQt+e1
z&sSQj{cjSAu!Q5XG{@9RbZucFM(9bPNt-`S(!$j%NRpIc*95)<I<&9>8G5E}d#$)f
zruG`6ur;xZ!?~#Z`eWB$N8}Bn$?%iH*;ltk+fE#oN-z8A&Va=po`A#P*?J<2Jh;zc
zw5a3f^R7vXP416TL?(vhkz5ZXP1TEs!zb|A$Rr}>H(zW@k<I$N^Ic97da&6&PepZN
zs<UA1bP{V{nk{$D%rH2MqHV5?vJ6M@e3@Wo&Gq6y|9%(Hn>~SdNM-0nd~~zw<l0wx
z?DIKf4X;{hW^TtXufA<ExESrQHZ~VuMIA!zEAr?@tbE2oS_8{5*bJ>TK#<$+C5#!c
z;4GlTQmQ|XHXakPSB}-4lD~h_Y&7<nrPk@oX~m9}Grg|H>Y44XYxAG*h`6tc-1s4R
z=c;oJLz!$vdz02up6qPOw#jFA=l9oA)|sq?MZ$hTYOU||=8M~h69bM5<gaWMFSd25
zB&WwaC0RwjbIiLk_M<ETrCXiUk!>(U)Ya?PDy$RacR^#}bE{i<=%lj)6<h9L--trQ
z7O~z9ju26^MUkq$8?J6I5cY#kZmrknZ1mSx>n+i&%&TRAn&WD1n&8mE-NjA34g_X_
z-wD1M1^zn91_VauLIw(@{`HDwcjk5dq7SBmfx&K6Ym+e>M#!nIJim#Ll@wa6k%E>t
zW<w_2UKTuiyFMUin|6z&tlQ6P<KcN%Q<}0hlrK4oA%CN`h^a<*u4p67r#eSBi)=a2
z;m&F_Si?E12<p6fv&%(!jjN&&w+UX@KhT{mF|k&Pw;E~{u0gW<Ojmy!>Kh5+EqxVb
zmT$W3@-0Jz6hYsI*r;}2{9Jvvgih@cy|178Lgx1tm5jx-UM{%5^`Dk7M9ldSy=cMR
ztrn@ah|upoCyr#1FTZ9!n{E6ot8P2M#c7Rg-O^EaKJioX@?@U*Py4uMNAO?jBW4{l
z(>F@8Wdnb#8sDDL%32HfwElRWJ&%_l+-RYD<-?YST}IjnbjBOx#?`KWMYWFx8wv1f
z47A7?+%Hj!YPszyO7|t9M@e%K6{vNH?x}9)y%UT@2+$MW0XpA5_Q`JQ6snk+Z{2q-
z+bHnfUbUS6;TNLiSm0`$Q*x%I)z~G4uMO^^Xi(T+Z%6$&w6~%=ODm>@n=_y6lPW%>
zgo|e8^A(*AotzUhr&8G1TH-4^zfjPKcg78?;2Ct}r`>A?L0ObMi+W_@Gn~hFfupz9
z+#iUOR>_A&Upn7l7r3G)E%H54Q-)}AVU7PX;K&DpLxX{MTinN)FNowW;d-y=NxiWZ
z3CVJ3o>;7sq9*xqF)ZgnMSNg^X}9p~GC8U)f8MvtxV@i@D@4;#=BB0>eeXxemn+*=
zL0GNjUo2_MbJT^`yfoMVJR|F<?}vB!^!Ka~zh`xQNXvj|jhQdYl@GWXc?0beQExi3
z?KbB`rq_GA%<U|lhV%!lXbfD|yd6t2n?4?)h*T9d%gNsQ=n)8cEj{fihe#Wzubxhl
z8X&%USXI-dE?<tDi969h`-HIBeJi!*+f1j^f-j~w8HwE3GLga_e65md7>L+D>0+{B
zVD6Y{KIF>3yK4g!p&;;J3kTlqJJG!%1Z&C_*qd%HS4;W{r<5tJjn7)StWC}Bsu`V&
z=YtGK7x}umrrTFmkE7p_L2<*@Etl<Y<~@OWtF7&>!QMVTjAgx9A6#9S?ABZ&!#mi4
zWttmxuQE=#&cjAFQucoCX(uaLZ3u$Zt31@X=2+lhef^*-_QRpWuQXl9K3mjzoiNQJ
z|0ql&ve7X4zI5tyX)D$4dGsJ4L#9IsPS%W?eV#W0S7@^(z527E!xqIz2WNe4*WEc0
z)EwFC)%l9t?G&xeEc2o>Dfok;{=XI@%oUap+fETn2DNQ`#xt^|<-p9!yDkKd7#|{;
zHS)NibW3S#Ypio-#Nv@YIZCPnoRiHiHWc^r<yFohr-5wNq{w0(uS}EIbl=ZCRbz^v
zY842xA_+Z#s{eA+*^$0)c%?-O&^{qBnD=;hb$V5<>RPaQpbJce6@rXhoKx;2*n&VR
z+lBdYU&%yb_wWPIFc4{t#V5Bqw3Tf|W}0W-r<uPo-DAgjMydUyZXY5pw@_@U7{_*H
z!)?UCgD_9jK8sSFY+2}6xeFoUW8eFyMj`?@11-4su-|sCv`$PMI-dFNI(F%6mE!D)
zwjMRnlJ;Jw_GPE@p>H-;y*JjEH>*$=oF5I0#-D6mf7LhES~}EaxaXdOQ-~n{+&AU^
zKC1WOq6h7h$ku(XoU%bn=%?hktoz=PT>F36d&{UOw?1z891aR50wO3WASfZC64EFV
zQW8T-2ui1PJI0Yl8mUp5p}QHRLqI^f6r@X<0fu?@V9jv2&;7h>z3ct*-d|h@bIrB)
zfB!pvdvQC~WdUMjgIqoG(kJnG(TH=Il|fIs`pfYdUQeAb=!J~Brq#JjMCL?%3rwK+
ztF(@ZQ@hN$=}qfMxE8*w*k|eV;|iz48VT+#<TS*tOVo|pmD5(d9$P)1vwbHF6DIas
ztO)D4r&f9Zi~`2hsfFWfDLRr4&IOi8?g6Y||37iL10Dxr?a8~=tjdkNZH{(L_8eM-
zOndUK*yBA{caI(a_a}nXvaLp4$%A#uD^slmI^I*x7!t3{2=0*0HS5gv>~ZxzP~G|<
z?rWMSHR(zT9HJ;>%`xFth0DBm2v9<Dklef3VnUzkXiq9=w<g4VPG%Y8R?tGW8`UP?
zrl-5|jCTcwzV)P|AyTEI#m#iUh#X64q=*3<e#w{RK=(e1<2Cw-lk3%o=uJe?f?Q~L
zet=iA3WATrLpyHa)w<RDJEw(GK9(BBy2Gu8=IPSMZd_8=$ku%*vDfdW)Sv0`?MpTO
z>Rs}zdwO+HQ5lqg+%QGJ9U}hn`wP?4v?{)r(ON}2LgXxSouVb?@<QvjD>1JsH9a(T
zPf<I}E3A*N$RYQDB`(SE$6|pL6|mHTSd#-eQ@1Pk_deCf#rrR&(B=$?;H!L9LaI(-
zu0h><l55;GS#2Hv+y_xy+A&jIQerc8*56^iPn$Qk?KvTv*QLEYTM(Zy3%f7AoX?)&
zW^!1C@s*_bx$|V0k&qXfx!ow)Z3*vL@;x?*xf9iW$iy(K!UuNKXzB*T=vF<CCM3$%
z)NIEtTI1OQn^kvrZ{hmL<Mj!&f!=&x_Z>Y=ci0lhSlDZ74mzSOf!fr3%zs7MVlY@<
zAoi>9&Ppocmf#!y<SolPm3u3w<)Q&rx0a%=-<LA}iPsGZB`G7yez?{PT-nnM8@P<_
ztc*Dw`WI_6Y>0O^`_A$1+605VZYI4>cjSsZnF{yip=f?juaCP^czSpLHdvpum>XC$
zPKIfx><nbNUh>+zDb4BS+LPR#qT??$t0X6s>MlUdkBLIgBv=ER-NW2G=(I;b#8-Tu
z&Aoe+?PXm*Owggep^&yA^^GxdSJM*3jRdi$G`(6}_vmf>{I9|a%gdLT&%yZtn#1vi
z<;+4-nKSKvQxg1p8Pc$xCJ#CNn!hE232hrY;{w>5?V~JQN-Sk57qClxN+4gu`S>;&
zPJ;Ij=pK2ahY17TX+9)yNOs}_Smf@736~JRKZ$7-R}t`%YPIQXTG@sF#R;WB@Qs2H
z9bEIfGxu0?fy(Yf&N_V#eGMEEes<Q+uoixHS<1^InTXciXay+e3}L42^C&N`iQN}=
z`B$REGRfr}=tUmJ=~PX%sN~QtG;20cP<sq<QbVXksfmXI6FJh$-}V%_T1l=6#*&>w
zHqFn+8Vp+anIrs^Zos_Sblm$Bn=EXmdg|kL7aRI&9jUU>JI5i>_5;Q*$G3_;1M8*4
zOAaL=o+jB0R}x?znRB!dKtx>;N)Gf`$~CM*Jmjp*P~_OmfDCG3=@#7;U_qHIrw*np
z&frbRn}20a<e$-H(;1x&rc8$I@w}93jff7A8VC#w)bKyH7NOhT8Ba;mZqGclR}>ru
zs35iFT9E@o7wo<Wg;*`GlE><7$%rbSCvD-hj$Y>)P>vPzZ<?0->ugfz5aENyEIneo
zyHUB^g?WB1^eOSXUawP_>u;nnY{v?+G8MLvE-A>ze`?KH2)8!*+Syb>;WGi_EfG2g
z`~~iQ$47R8-!_T3PQKp$@P@VCPj%O?4%NS9Fz6_UtZ19fa;99;a#e|smeX*4f>iDr
z*Iv-<I$DO63#|&lRFdD^KXO0>5JzI2O1F$(#1E(?RjLPQx;<gQy8^tinwRbRH{q<$
z*tOjj49y8nid8s_<`pVHZrCsSBX%Z>y(SF&yxu|y3B8UD&d9{a53;yCh;Nz{4~1by
zEiu7rh$@Y-GIyJui`mXY;8Wb>r-hLK;5$g`)c}52g-45=7T=<VJ$?PAgs@ZP#HfXe
z&|p2Bg*mpEkw4vaa60e8LZzm<KClkzJ7)hE>g&=O)?>Rh45Mj9PPwpwMi$<$pP%Or
z4;1b;`SG5Y9unT@6YjwyY-W|Ot+m*VL_rA_O}BhDZcijWSJOss#>W>pw@80$u+f`%
zhVjH_G8bv;znb<W5uU!Byp?}9-xP$;<^(T7=B5+Jr!Db|z6$dM6>w}{2%aYnIRhn%
zNw5f5c<ZO+I1CJTFvy1w>~tFmR3o}JIcEJ3!xRmUmgA#7PrPlc+4ua%kvSR-kAy~*
zGK>1H^RJBhZ}HEqp}b37ax7c7=LN7*3QD9DZw3|?nM8Eej#yMq6tV_A`noc^Exb_^
z3gbt6&dw^4e*g4GR=gPx9)YMmhZ>1A)Aqhl@V^HNT5cxvAJKR-Vqb}kIbvtfvD1HI
zK5onM+I==57ah<GAkpDj-(N_f4UMuy4(8l*LBsSVKm*ubUT9D1bv#)Ncp!c~_LW6g
zb`PtttD6l{)+c)$XHQ{m0GHc-Mz|j_){>MW8S7ZFzUb$tFplGU(1^gPHlE6J_!nU@
zxCkl89mwiNAMnl&dG4q*2t{@Ml1Ffr<6*0o1zWlawT}FeLB@LBf!|QDVT!O^vCao4
zoc{Tao0$CB{|JiZSRcku|DO`{+H*XN>+<N)ql8%CX)K&9tdBpo7F)GVK%0qns~x>Z
zh1Den%3GL@um9Myht0`VzM$D4g43Dk5U%{_24&YAWlJByI6U^~cd^*q1*O3hIpY6{
zKfEsx`yC<$z@)*~l@F8+us`yHSwH?;YYr~^{|6`W5NUE&2C^J*+SdRp&5e;<ZL+Op
z8xF=FC5rRm9D8H40|l46EHu!cYno(DEhtrc_v;G<pmedI!j(B>DvWZfDHPvfR<ax-
zUufP$ZH=RyI~URio=}NAC+&FExL?>1&J|*RP;9xdjR~mU4`;}8QMP|b^>&EwDvc~K
zzP_Xe(N}>8W=JHIl7Q4Gmzx6y24tXMHkKP138z|m!V2HxNqm6N$Kt<Ij%%GL2}j^R
zJ->{}vS<Y|GK8!47Uj@p?hYX(lvQDo-&qu@O)QBn`_jLLpcK;3a;eXh0sr&HXkp-4
zQBYFy(=XKB7+#dZCwt&9yxtV!Ff`H=e~wKpLSV0!v<c*PdDv)!YkS=%SeyPn6~J8{
zE9^8?v?wKHGwHpXy6rCGc@<sTv_4L-xA*Q*f2wqFM1I9?uJqg#<$^%zmt{=y)z~)G
zDs$Jjx^Cz_Cj9NmLLl6e)XUNe(}k^`#W+q1txn0_*V|3RKyH?N4eFL{xaJ{&57}MF
zC@SQNUAB1Ow9Zvv-P{|vpbAliEUD$E!8z05u^&w0%=tb3n%K!hz*dli>9^*(3`67t
z`2BM#kYSopds?CBut-6UwBp^NIv;sSOm_7V2x)j&6-QOLMp_5@{0+;{NuMaS-pgJ1
ztlW=om_rP*P@IA6Yd`2k;$mbNf;uff4Smc0Yjfz7u%>Yg3&Te-(E56a#<o9JTf3Ok
zK-FdcRBQ-YPZ<?FTDiWFdGCn}=P_g;5p_?`3+JJ8!Fimb{c;1KPGVm0O65-yh2CR6
z0kUJ^Uq}-p5?To!$|!Tw(siUi=niX*RjNZ0dfoyh63xs~V)2Lla#hm#tRsGyu<Idd
z8a%DpA$^|=e_Lq@oKN%5C#55n^~~{exL9uuzcSk>%!7BW(rJf>@~EWpt&s_PRg~qu
z5_e4D_NS1^U~1Mg>l-(*xC;CgBxW#i05|dtmyimDr;bc=n%bw;B?*aOwOe1}d{iIT
zU9iv(ed_vARK~U5&Dx`~l9#+U_pB%pC-DGFU4qHE^nJ7{Ou*}00Wvgp4|Y_tOh!gl
z7|jKC=6FUU#RMk`>sd$^5?I&=owVbxzd;7LueiRW?MSu?(3vy5f=AnvQO3hhRb>9?
z?2<^yVoFh{0>lo2@`rF4K)P>OoGEpr7kU}2Bgo|9u(IR<oXSxRp}NtBzBP}Ob~D2N
zV#IiYr&PI8oy%LyGgn4Ko(yA$k`eA0MQFL`g+&TL6VTMCcWj4kn(hJ(>1T)CVV(x|
zWMPN4=mBO<i{07v0=j1_3C2T|hy)#E$qBupFuhLKaUV+4%{mlv?ad9<PeQ$cuxy>8
zjab*fq#XrInIY|s2@W!MI~v%Y=f>UF5@Ga&blYlj9X)^!pODBC?X)}!l;&=qp*tpj
z9-VMrX@F=<&Y3$1pRm9rfm(NKUeWR`_Dr{+jCEEPiQir?H6JX_eH?%J3{0MI{K@be
zg$I@)aCqA64=xb5Z*8mFp?!an_*1a_a?u;2Cyh%D$tJmH&G)LCwLG$x<!YI2_1IRg
z2)PlrdxM0SH)36UNw!iZ9_46p>op4=;{`Xp_}OKPPqDnJb%-miv-VhbSwd$p-ES2m
zu?O0<w&gz8fi!nMGQUfXm5PVYQ};#0O?LT^25<ZvDvyM%yW4iXI^iMD8CKTs3MOaq
z#=EoNUC==B2|nYc*L~OV!bGJbh*bWAz3Jc++VMwD>n|`6uho3xv8atf9&TAB<SnHf
zv+dVR<kh(fR?_ifoJ`E@f+bcnB~v`-{Kwy#DQmLR^E3%9{=Ft9Q{9k&qH&p5FMa^g
zf*|xEe(I3*vmZ-czX|tbunK(HrnI0SrwidY<FT}S`q7oW9t6nV=G7Dy64MdG#+np&
z`8(J|=$n-VNBV762jP3NO})n0d8s#`zl+mmBNl7g4P&9UZ+{-OpTC@MvoQ~nPWD7&
z<P$mcqG4CJ$7YW)KgfH+nMy;Ns6LQCLnL~x-`Z&hN<^b9#I?Bft>*NVXiPqq%)iCl
zPv_&5$3vaVL+?c)VblUoI`0zQDxTiz(X=F=HF>10{qU{TokhA6aZPd%h-yhJ%SaBq
zJ{|6SJ<q~YXJ@AU1gzgv1nPwskh>B6WJT&FqBkos%{xD8?2Tb;PMmf*<f#}>ec9f(
zAvrR1(pPvMR*zcMNswfS`10pB#{)`W4$p%-jpFQbb^TZ~$wDEboJ7=##68YgsPa*7
zGZBY5724R>Yth^mly&Mh76wn$HJh_%!S7>jLGwtBD|(svgq?g{3cR#=T&0d*r8@!w
zk^i&8hk#O=wUMgCNI_HH2a&NmY6>6@-xFmhx^j<)1c&#iMtZG)$j!dG%GbizA<dq<
zY-Dyc#9;Fl_AuibX65cS^1o&(zUwu&OV`rQGFl_UIn0qwKH}6Lvi=}OoUxozolzIe
zGiYtI4>q6iJ_|`uqo$W0l(w53yzrRsjamDwS$;-yuEKEeEpkLHVs5cu-4%nVEiNu@
z;siskGNrF96#1}9=Wl;%6bl8X;64O*Zh&9NgU`Nc%xN~YG#gP)SrlX!x)jV&uKRE~
z?*_uLLQS>OY+mANZOK%$CgJNXPzI*mEQwul8>U!VxxsfUc6u~KZdL)Sw+Om;yga_F
zJ1ypbqdx5bRTB~p`w*b>Lc)6in2ZeeR9e^#&rfZJ=eRAMD^$4mm}fnkwwe-7QPRYG
zFee>RI$hpa#APw$vLwh{ju`fVs2A>(i%-yB8{;Q(E4r5C*IdA-%I!SrvT153-8Bd4
z4$Vr2|4=1Ko@6>(3zqImDV#!qofZT70mCQmI)n)I2O}tYud2IA1)<9<m__Jkr|TW3
z2Dw8~D~KyfsVx;)`c#<}pgfugb{|j|N9E|k0ud{-ruFNrOz+x3$3#JNhLBZP<X~jx
zbp`E=hYwx~+Qtp_tSD{=o0~wwg5CCjH!Ei!#b3m2!0E0e1-Y;<0I6#nWkvhOFI{VR
zWRe-F5Am1lobNAFarfGBSJkj%)KT4~%ymbh)|Fbq+;S(5lc;|IoTO5O4JPv+`b9+^
z<AE?g663rK%o3AAwqJ&le^Pm)R=KOxgz@&?8M${BSiK`4D(&xKVPn2?4%V%<=M_vj
z;*4>Na(8D<g{AB3>w|PG`v<bk>~rtM!)M{}*z|z@!XHcSDnR)lwpwPKmDzRapJfb4
z4PRKYkIguV<;|i%FKe7fgB<o9!+^i5@{d!2d{on9Ym`aw445G|sWxojsFA<rWSk2;
z(o-$$+OD_F>4lianS&`+1|*o%^39S5IZrS9pj^Fm<{J!8RSOG+2Th<x(Ic)oNjo;3
zWa999ke<+j)SreV9oChD>dtcS?{26?FeAHJ==)fnIrB+D0vwpzRj`?L57Te2GoE<h
zawy&UBYM|S^;z0FL>8W8gq7~A8RG+FFdMa^#gT1f#l}ck<>-P`@Ah-1l3>d@#x$e3
z!X}MEh*RcAqF7fxP;VoqTdw+RvjC<3yt<X2$RPX~qj-_Isd9RT4PaB+B8!Uex;_7h
zfY)tgRj8bBYp&bQMm6bZ#m?f(@!j{Ks#;1rn_nk2z0rS*-IsUbirjU}5vCs3a!<l`
zptp5E41f-JNAt@e`tJChC-ZC?Y1eUdXE%zYVzUNil3DXX0MIkH!#TqjDz)x>S8L#n
zpo{&xNds2Bv&SJ;A2S~(2Y?1A@)Jc5RuVbL{F!ZD)3z6*0sbui8xxaFWr%8J?95MX
zu|^kSF=UffaokYj2;0{a2vE;P)&SURU_Ew0AJ+-fS2@+<$kBlAG!@ycrCJ$ZhsuQw
ztenHNJaAu7w=6WUz``)<!da2-*(JUH9kvN(cng9Fy*DmzQ0Hv1vpBqYIe&&c%aVmk
zzTv%CSd0*w$Ffqr7?fE}&RVcghcwuX`*4Kb%lA-&XiYdL?NFzge1OA~QN$EFPu^F%
zonYoiQaUoA*yM#O3=w)-NK+(g+9CZ(P$JMZvTexulKwBn3o-$l#Yb;pbqI;*VCpzN
z4?86f7#3l?S2XsH?{ebfJ+@BPbV#tXM0-rmBp+|6u+3ho^w_d<=}D4};x;VnDm6E_
zmEmW!lD*>SzWL=<WQdttDKI4KA8LOX5>r(DrPH^z-d4Y~XV-rjfhp;)yO4v(#g-(*
zW_Z2#lC^vo2sVUEj9bn7A3hvBF|K9w8oME8`!-+!os+@h2ik((kQRf!!eCnA&D(>g
zKv$DXg_(?f8?4A-fw#~w#!U`20HUPWA-m0iZEJr14u1pEq=lhTi#KZ9!omtJpsO&#
zsvn&`k_>a^8#FHlcIDv&Y4niklCZC+N<xf0v+FqJ=m&3}p|FM<?(3tAjuxQ*kmQ^?
z9G>|^5K{h~y&oCGm`%0CC|!<4Q?fs3q!!b?gIp?z@gUf*I;)8?Nt3%-+Z7J>aMypE
z)U;p^K~*=O2*R}KeR)7-t6$zASbGeM^hd!^LT%Nl)YAtdUXvpu&T~ag5<<3W=8F98
zmxL6&n>MqC9q&{$HiSp3jRwSk;zyPhrc_{LswWsr8T_Hc-(xT*{=P)f>6PFz&KZ}v
zj8UWQl!!H9eiU2PM7Y*KzRZJ^&L`Cbp;z6%y?uVdFgBVlf?-bDo$3V7)M+_>)Y_0j
zP_1KOq+~$TBBtHTAP`XkFNM2*x2H`}1!Wk=yV}r7FY%R%M~i}klT0S6SvAN}I5Lr9
z$B`iSEL1!>+EvlMZ-e_;NTs_C=l!u4bq!2@&s^X%ONErFbXc0y4WmgdU&+;A$q+`9
zt{oTqqY9I&e@50Lyk+&}3#avkG{XIa{ggcaLVmUNE+6W9!af*ItozZ3?3tq+zC^8!
z<`KHHEE%8aK)onUs&<t_&Vvj_gx9!T(Z1^>m9Fv80$!avY<RciiOyI!@=GM_o4?d5
z#dEpsl`l0!)I4uuj(iGX&W~TDn2MNh%ewh`Jsw_Ky8b=32`(up6P%6EpSxS*(G8bA
zE=s_uz3e`PE^N^!NqbqlL#%&(Njhw7gw68`Klz{<F+JW*reGnDFUTekSF;V3I(NgX
zZN~MA>dU_AVmIrY45{Kj3g_WFnCG+AqGNJmU`N;11~`9SqJ_)qhDp1DcC7*>q)xQN
zQ_-)xB`a=SZdBlyn<#^~)xEpPm^2<<bVt$rNw|=ds!_NTJuRK?8@TCbXxPrtOZxue
z#LC3=erp*6^x{I%@vEfWF~hw^nh>pF*M{qPO_gYML>inqEvtJ25tGm8)n5PTPnQ1C
z2gu5;vesmZ;MOQ@4*WmsTtYm;S0?gMgnxUJT}%qfEZZx6q<O)Y`2G1nJ(pIl-b<KX
zv)cv3R7=&*sj!sywKD)dgu?UTCv3jQ1hj%swI^s0xfY<FM(BEg_PVBArEu;FW+pBV
zP>DYQ`@=|s*Wu!`GjamfQj0PU4*Een18;N`;yOslIfO3m_W}~oy55g(S+^O^PFEe#
zWB$;R=6JJo0)yW{<1yw1ZrM4<RXX(Tfs95tb1x;PPqEw|blv=Y7er`3-KxKh%%h`)
zEtkG7y7Uw(JaG-=-&>3_ui&>f+}MO2x$2vhfx6K#IcM3oj*Kn7@hk+iS_~H7gI`#(
zCgaCatW{M2J3;UB-^$qVQ-GmCMlI*7``3ta|Hm7k%GqI60D>vd$+)>##=IcsFCG&h
zxDim$u3Emgo%FSgNLU$N=h*W+LPpqlrl|?wr!t)^ZESYX2S^}WWA$Hwm+0_-lELxo
zU$g=#BZa%kycY@*HN*U3yQd%cwq7)*YY3JX6tp<0zYDrP6wK4dM=&4hh6s_1a<<4(
zr&TZ@Ty_?$)07|SmyEja^uQD{8Td2dnZH7p_$IUXQwUn>jEWW=X>@EJ<WgMbR(>5Q
z<;sl&`^(3lU6OMxytH>3)2dP3OrlWPg+Pn98`)k3-J|Xk-f9_-H`hiZpU|n0jSr`s
z!fsc+riRDxyqmh>qKIxO{_pxjEYJV5`UB|xlt`#>OhUWF?TgaKR4^XESCOplgdXmZ
zsdxIWTi>#Q+?xl#iV#oYIGT$8$wc!iEJl&qg6U%tfCI=smPmo6im)7HEVlhP3R0ol
zF1z_y@%Dds$Vds;tEl_lxH|l>4+HE!$v8xV{2Z><I}lf3A|@y|sImRuE_7*nY0^~i
zzzaX#);0B+yNVez1>iy-=1@!~zv0uNduM=`NIRYoio1K=Ts)>8Ce|q-EE|PMP3eBd
zceT(zz}^&i&=O->)dVN=NFo{RG1XuD5upUKZ}gWGG4|K3c~*HD^XF2@^3k_u)%yP)
zRQO%25itecREA#&h7v!wRV8!0_8u{7C)Io6enZm2MS*j4fwv`bm%sn%0Zh6(Gvo>O
zpCW{y$eDQh%X)Vsi6m`=?miX6m-C&J$8Ht*^`^H4AOY7S{%c-(fB$@7wwB1N%Ck{A
zQow4kZ4Qqy@{d~we7*e-(u0+g&J<&ZSkT22kD$akF*n|i(~FFGf|*Ux^Wm5e|9a(*
zA0ogccP&2eRcuCjD~(5xw4NzxgD?I;+J^s1^YPb45+;N#zP`Q!QT8s62+J~Cuy?x8
zJpQ28WLujEK;VD>iHZH1aK#NgYLx`!)0+-KDoHP43tx{uK8zD7IKVJWxz~-~4})3!
zd%6}H3i#q;+Si-z(Mm08-e__e#@^-6cO5oo$wJbI$Dqe=c-+oHc1er#<<9T{<hy-p
z9QI@qot3WhlJ`vs-P-b-s(~sAp}r~#fqaKiPm)BGWCRau$AmK4y6(=V_;=GKSN}B5
zyk2L>9h(6lS+U9cgYp#i;Mi*Rj!t7=yc=`;gRG?|=FIsjN?KP2JD-pjs;h8fzv1U0
z4uBc-4yF)2EQ+115IILdJa|j1M=iJqk=W9H|Dc3o#QYs5e`R|o6Z;lKTd-#h`@5LY
zaqY-thB_7!V#bSyESm0q4&YR8Q3%$s2!LAtAnTH?XDFn5)S2{8lK30n9t0f7#b6eB
z?Hf>UN8LT`u;4#{&QVF2kds*r;%;$B>l?6uq-!6t*_x|>JNicdK>hB8xHbgl)`xWh
zCkg!{f+yd|1tgs6yWZvZ&GnGSpR<6+?@Op4u+Gqk3Gk-X!|ywGVb|&~J=IC`{aIaJ
zd~Me+FOf^GQ~a9t8||a(i(kP%nPC%We+$q@AFvx|Yvp|G!E^YL$t1GOzBfcEr7Oqh
zeB|9etW62A%=^Q?zZmLH;t0~b115{-4Wq9}#<5>{`D;ba3P7WC_<M6>QT={sm3Mxe
z8t3iLqL8@R1I<|&l74K!SPaK+H?i_W(7yp;3{?|uJ!6=}MxnqGeGyra*DuJiCXAq>
zXCh$sW7Xez9;aIPYsVCze^8Ig3wxkx&8uoCKZezQ@~`cL)=2ED4u48!)k)Ag86oN#
zfK@?!YXc3}ah<7J%UnuylA3ZTI}}3eA*KcBLwwfKZ~opE`>cbW&<XNz*0)*tq$DgU
zE+KJ5Vy&sznCa*HeyMIy!2@jGVagCE`1=b8KjH6zgohxquH8LS0KIF|l;weHSN?Sd
z*gsr*48&83NqN8J;D^jXj_o#h>`JVp>Fg=3box*Rqt_98FgP4S^w0N$-<W{IDJR5w
z{o0EvVf1WxlX+3*j8~!2Z(JL!$DdyTWWLq_$@;yRwU{dO9=XSxA**p&0E<@^*rj_2
zlcO-O10MDFq<^c|ljT*g-6k00PQ_G3LHSyUJR@SOUp{yW=5ZCdo`rV$yp#DHYk5C4
z3!yD0A+qTwh|M8Vgu64aJ>w@IFTUzoLF~047}0BB$}Kh7{k5;Zzg!%5(XYp`f1s1X
zmvY2LMV@wo3VZaH1vS#{2@6G*?~eHd3^|OJ8m$J!S{5J04ZpvW<)acnY*EVSz=F{L
zknd-<KEEfZ2s(F*v$ZVI>2ahE4yp+jAB2HZ&>*>j&He$$YaMuc5|C9lmx3oXJIlFn
z&@z5g<N{z`qsB2ttmAQG%D!a2^wKyMHp$SnyKvJ|`cN<A4`?aSlYB3!u@35}*ysLy
zTGmbho>s#IWZ=!i#Y_^=>)7wJKSS{dT3|c{G^B;G_M1sn91xRVd%Bi@w?xtDKF5u<
z(wa-xBJCYo+XRG%wIe18V<W;RweO*I1|p26(1X%`o#%cjyD$#)CvS(!)fjg4&NN2b
zefgt9`sc!-Pz=_|>l(PyZ@Li5&}Cn$I44RH7$CU{3}sbq^v!nL?a|JoX7^SH-dK1}
z{XiP2VYd4A?iCFvNV7j@{99f;;1_Qmm8zQJK5Be(9qWQ!sN9iQSxdFR$r58BhSq=t
zrz9nO%fs9)LR(S5pyc-<SSm+E=XkoTCN=B5`LM}QV|T9B8-b@KX`O3j1p06WIDgRW
zB<6fXX&<7n`bgg@K|9v|<}wz#*6I=ZoiDoHWJa{Ta>BWo{`=uTAA&|0PBw-N7&cwR
zKZmX*o#+w}Ze>nH4jPYyO<E)eBoXn(4H79}+xZ{QKp$dku^B@qHtM5{%4e4uKfou#
z-}%JhhE_*wbN6AM9|Z=KU_50G`wkE#VhUMH?Wjr8u5$TE)g)y1P1P7ZE-x~OD*T{}
zjqyZk*nqx?kkA?Zbu^$u1YQ-E{|tu^ki--h3rJ|{KVT?90wo)R<FUa5E-Lsf`6>54
zhvvuOP$D(q)=aCaOd{UqVN#xrX=}QA!Uc<(zybX1Vtn^ECFHr?u2wA9HjT_5wiA4N
z(5=$<_#w^(B#;xnz#_}q;NO}L{>~RMNd+^fZ1^jregtl~9<evj7Tz@eSOQ4*ksZoz
zTxZ(psvC)BX)Q`{GL0ORTJHB-Dp0zA{->B=2_F7oxK^c?00PqTzTOD#+}9hcVl(kG
zbzG!mRyZ(<KRLq-)9^Sy&Vv2LrR--|#eiqIdlMEoDbYE^2FQ^e*MD~ki}1hfb%Yuq
zXsu8tHnBk*EZ#+sA-n2jJi^?{+O=yE*)kKmR!ck)j9nQ2^&Li-;ISZ(1p81TETHT&
ze~outAV@-Hb-GGN7A4)19+h?&i##-}A^-&Ct5U>)zPds8?cVl>-^}5^W)^wm-isH9
ze8F2;V1~_aU%__!p)_Z<v<Lns!zf|GXiv8L^mkulAJ`8O&u94NZ-4v>ZmLTVXvIQ<
zg|;E3Q(ZU)<p=9luz`A&HVw5omR`W+kY8_N0kW%bKGFNvFaFaHP;Jckc}sl!p*Tpt
zWd@KPl$@S1vcxMBV;}pW-}|uzeA3y;Hvcg0!F@VK258I2AuNX>IN|QiSsmkq2Ka+g
z_%GY?AASf0!j|Hzco&;B4t+?31E`1TiH;8L!(;_#Z*Q-I!wyw|AC8=e{ibP*cUB?5
zH-OC-xV!$j7-c5F!`JVT{r4?Z096<lE+H|9vnX5&eg6}*8AQ9v;;HoieM|pgEdJ-}
zuulK}8(@-}FGCKIf&*(<%LSkOACvy~6a62P{=d(pRs1YzQaEByp@)G`F??0LQz{4Y
z3p3}`_^)5jwJ)Web;6ceI?&4vqE(NR>sagz9XYdQWO?%rD-bMzoY#K(E(bP%7Z7O{
z@^2-6%~FuV5WjxA`54(>i^GTo6`A>eS9C1oKzH9tJ${(s#1T!XHYUyD6CWpwvz5b?
zqR0eBcQZqNr#uf=NFZ!KBzN#1KAZ9YXyl0mmP7I>2i9;{0zpKV5PyGu3AC{^)#*Hl
z0VzD+7HgqQ^i~OZq)BbTZp9p}Yq7C9Iiaoe+g+M^7i=uN{TEb#cr=cu;cgnXQoNRp
zmxWrJY67D`JpEwI=4-k<EYNkKp7O#5S6jn+fa`Sjqc7ENrhk&2I#I}bp0o!k;tg(G
zD6FI2PY&ZA+etXa6{l85VIP|a(Q&b=>OXf793@~VmfvKU($XyRh>TeF9enkZF5VDc
zeD{+(n*RWTt$G9$vy6BvcF+&#og<R|`3$R3AZP*lL*x%BF;V3^U%Q?iIT6f{u#;cG
zAUgmCcJ?3VMVR$7uhyCFAROJgif!buwDV7D8-Yo1G5&kaIDe`N!Ph(D)xuGhe;-^e
ztrcuGQho&qCS8J%s~cAz_>A+SK_A1V01HO}_42J3)ppn=xu0Legn@><ZnB7z=7AO-
zao-&}F|P936GDF#U@#28$3Y*h6liaw#h_7it014eBP?vpQtVi?X<5gfw*4Vw(;iTV
zH4pMNESUqW=B)l1On)VQEYBKsH8l_QtZw2yjcIOddiHXsP(cwVdH!R8ei-c2zB+Xr
zlb0g$IcG^Y(5&y9QAN^`6X%%Fz2}pA1Neu%AQ!=9#ra)>Oj_<3xE}!3!@iI8GSMO&
zTFWd3xYDN64zbY%>z%#aE7<MKJpA??PrWx?N8u9}EI1eUTtD}Qh^Za--DMBK8Hcwf
zE%vRU2Ys_3vDYt(a5q@W^zB2JJo#+p<ro<lzoFch2Sr4BxA}xisDoEC6o*KIKVt@o
zS3pOPFKZ=e4=RxNoWJ3rZ64?P02;$QrtTN(2Kw5W2<Fk1*076SgBVa3sZW%DGEJP_
zyz6Ey2)l}y@2s}DAb3NkG8jdOe`_aiiisBa@!_dKN;@|o2`0U9AF6E&0=%9{ICmEY
zN^!e`NvKKW+4sWzYHs6&gDc^Yi>l`RYob?wGQdv(lRe^U5r4(+1dhVFMh5LLA2bP`
zLh@m781}N6H}&-do-qu_aw_bV6^+Vam_uVESHHo3z#D(!*rqs7Z1z^)SImI)JbG`F
zyHtREN>35pr|&N{;;3&k*zS{yaGP6rv{zoyFx(|ynBy$wYtEk<vz$JV8)JXKYsM$^
zCC>(xdQ!umi`-w_TRiAg?5JAG<NjQE?r2_)vyoq(t5sa21$~qR7(^6CP}Y+L9Z<8k
z+Ug3}>h7H;{^KLdgeqh43f$C0^o%;DDVPg0RP~ZYC5wfI{Hk2d`%7sYSMVkG;dj8a
zS{A?9U=5Q%vpEM(7R-$Dh@>lOQZtw$-mF}Y66L>H8l#-}n7>`=Z(NOX#t7rd<@n^`
zlJG9HsIwb?W#;Xj)2*}{L+-ns9urgcZW;_s2%gGfPK?0TyU{bY31Zsa$Lg3r?c@Ly
zkad)oecXuJMS7Lk#w-$IRu0T?b1<P8n7i)0C?p@4Sj@~crJpMVqyJ1V>;xOtv7ha9
z?I_$FFF}%#&=Zb<c{772yVeb7XFc1KUr6K&4v?8&Np{a}9iTFA&7vcIe~nWchWNH?
zEh^NpL_kxVb&f4?c+^NU@p1fi%t1~c0CuaRGBgNhV;`X+uFvRU2Cb2y!t*64ySc@T
ztjIH@<KSAS;o{GpuJH^hU)IRVgc{ELc`8SvTI>qmDLq9&S}KLBh<(_R@5ni})FCjJ
z0psKXSKA0Nx`tOo97k){g3a@}V43CHk;fWXn-_~lE0LP@3#!JqGM_NxZ~`#<hZTSb
z^I5a?8#ZotXrB(E7%pV@k~erX6UUKBQ)D7y&yMheTv&k(_vIVg?5z}|h+MzDwVrBb
zJ}o@|x;k~V0;TfBvGnwwd4qp-yg_^HgV)l+{b7R_SYOK6U-B2whJ+#c77ilX24nIm
zw|E?ITtkr)0Eoj!l*DDRM8b#PU~$E!-I7gU_w{p4f*X%`TwR+oLus`Kis!m0`q$-(
zmXY4BEc}yMb~fntd#oPi+15{3H2@(>GB6#-Bx7(kR%73LxV!%kXw7s|E36{5&1Xp6
zPRGx4nfA<Yr~YU;eNQJn$O^xamNjhdG!f8(a5Zje_qqu$gPE<G`&HVKuyv&@^_Rfe
z^0u*u2Qi)rv<cJgS{}oX<GSeLK>@PE5hAgi(LH+uAxchB(z$R<Lue%$Gl2j`Knrd5
zZctNl3uu7$&KNiz2cLQS6=s<7R)}PAG*A>6a~)i^sIA$u@Tp(E5LqZbx-sI?ZeQA$
zD+38*r%gB@VRRoAfgO~lKY~LD-RpQrvU6j5)cp1`Ns-1ShDj=>5n*kzD;Jmh127%k
zL&L;u)|g@A3ATu@NnAx-T94ykW-aFI9@~$o#G{zuxn`@@|EOw{f)28XKN^1AP5ndB
zN0e8UIgD0V*>Dg@efVT@>d0Ff0W~0dUpr0(kgJ3kefofz(JgGQ1!Fq*v@y-mcek4g
zqs%j^bN`sbH5MS_6#{$^shkq5Vh*s98pq~yBse9<68$*xOB0zh!NpIv0iGK7%n)fz
zN;bHP-9aYTX*KC928-f>?K1qBsWyNG`3f4BnKTP4`?H6#2UU#w&-6***i0~CkO<xu
zCUzW0^8?pqpYzQ*p+cqRnqMAdQOy@@j;tr`&Z;8Pmj?SUeFM`4jF^@e=WmkuvKUS1
zK-O164jcd8Q0boAT2wFsy*e+`lY2r|;S#P#Nx=sq<~uxJ`LNs8p)<r0z&Jhuhz4hA
zHZaroyo;e2w3ED%kch8K-MaqH3@*CNOxwbswW#2&*OTm8x6RD7qHLI%VSB8WrNjJ9
zP2%|bDbJqUv$Hyeu;4Jm)2fe{#Nf8-A2_^I%53#DE`W>$tx-xM%5jvg++}ktS+o+p
z75vhkKSB-kE{-W(P;VxPTnk<R2h1>c+kD5Tmxs(hd0dyiWyZ165Ql7kKt+L0<eX+m
z_rO+)5u(t?$ycd)oc26M^Grjba#8lZ!=}Li9d2mGoV|tC?Ni)s&=e1V3+CSzRK0se
zt$q0>-}Wo{H1O8SovUnX54)0D0d@qRk-;sk_RRzL5M65ouKrOc+jX4eiy)oVw)c(W
z8C#(Lj)`m<)6E=|C#030c7OTo>B;uNvTw$(`Im|Xy`K8Ybpq(Ri(cGv5|R84a$h+4
z?aer-RIM?ybW9z|_DYqfPMl+tslKTw+)o4Ae5LXQr5%R${0dcsoVHVw^E5A5q~)5a
zl>}pN8E6L)39v4{F~tZRit~|qb~9crb%cB=oIne^Y+iV*3SstkPb6sQ((iNnHbZrc
z@k`&Ur<ePRqLQ8OzR<1GzrA|R==sCTbl1+r(Gg{>n4HCzeR>rCVS*&9*fH{H27Dut
z@=C%rbDDd>*9PuXGmLP!HPy%qE>4%OB3cL13rtkIM<AxE3vg7FzRZU6hjksBy~&aI
zu1t^C^%>GZxyzme>)_V2ezqXiQuQ{$%^}4t$wnh)1$u2-5~BCQEAMJ@h3ALVy*n~u
zZsi$<t4wdbdPQS4_t2dg<usSUL#gkb<G0}*67IhG#J*;|m#fCZq^Wb#-c07w;0c7Y
zRNm6^!0RZB(!>&-;lA>T_4#y;*kG+azbuG+=*C<=+mU}<<Y&tU?!nN%PL9J_BFT8Y
z9y<e__fA>6F$%JQsXYebi!|Ki((@9}ZZk@Vt-K#7*gPxm@ObAb(L8L}dTLg2UNXe<
z)#r?$OJfDJfg;&E(YNA-7&(q)7*D0#ZMex$SF`KGQF+tn(aZAMjk_~Yw4;tZ$+15;
z>nTjRRD|RSXuj?37W%a-$qN?b3x}G?^DS?6nvihrS+Qlp0|Q)^j;!XX*(D4szIt4?
z*?9nf@{AFCw&q-oKX$qoSPSPP7U+?T{-F|=Fp}eAU)-6qK6<KNEVsn?ergv7&ck#@
z`dBxv&^(i1r(u0?-8jm_Z8wNbn}GOlg%x)de%qyh9te@2v9J#N7cf!h>NLa=L=S%q
z@2h8_X0<H8!f&z6FLgQRp15_Q?`&UX-b#|c3g7vx$Lo98oyz-mYXcKMRECD(u<SKC
zsHH0^cYX@7YX|PEH01NncU-pigV1oB5A?14=_>JF+?a}JH9o+)UGAR1Wt~!6DduqB
zw1sEL)!Z@_B45^eNphI;fbkve;OmMzlDbZgD1G&E?Z?H}A!Y%n+PHcLy84@nUQ3NW
z94K!7t<TTJO~UMIp43wEVU>>dh2<n>P~o9*G;Z{7LFl^m?M_}wxVF7|;g|lYTo32P
z{;({z;%{+2d2XF^y#7M7jcg=%Ou1rcaHkuypDJ7VN^|`@bf@?6T(9th+1mni!h0`B
z^WNMr^pBvpUz#!*Gd(ppSonA|!-cNwVnrvT4usx<)a$YYjon&=>PX|%741-xEXw{8
z8^e}vl1y+l^}L|VeBcD@U0?3n)JI@^^VF%q+1&<*RSxv*+sSfrow^Q_-Qip_JB|ii
z_4@}j@Q8u0>i{NV%Ri^)G~TNEsNc6m6Gq+A@gA1Ji!NuVf0AhW{UPYcIZ3pIBOj{l
zOZ@u!lW)yyOMkP@`l!k$yjPy}V%*0)%fDzf;d}l@rcrzh6Bxs%`^bT|n0qRw^xeAY
zQb0p__OvR{{EZ$b-OcK}S7T`=?N5`YK&s}rO(xF%cWCoz2)Kf$g73!m@4HYA+UcLC
z^N9rrtcu+G13ShwdHZaqP4*hVt=@>&!Qs1~(frTv!w9}e2DqN)e+$LYfjD;L2dDi1
zh@uf}&;sE~;V4dh@x1y<Y)IjKPP=?uGU&2NA69S6f8f`o3~+OuF@M3)1LcZRj%=rv
zxz<ohJ+fD6nR^DCmb0f1@+p)PyoG`xy5+y~dg>)QDLs?c@DW@i@K31#mo1%r&B!Uv
z8;%nw9dg=#;weds1l4|u<f!=XR}R!)2JiQ^x{4FELf_$yB24LgoO{UIn+!fga3)*@
zrgVIlAwWoIZH(JL9kq<=cTgP`U<6as?zzO9<Ot^^zsu?>s?o*$RylIFCi47*%tuz7
zHQl_$JJ8=uA3JoYau~b#+SM7CjgOlZo9}GY_i4CUf=T%(Kb!ILyXN7&w?@0=D%PUH
zHQPK~nfZ`3knw-?U5*gHW?c4v$&TZjQ^bo1RQVC?7`lI16R#NG7}OAVUhkImTWw$$
zN(z+hSbRPz3HKE9R1$L2+XyAoxj^EA+I~f8z3;O~)_M~3XWY}WrnhIL_x+SyV7g?y
zW(=&hgj*x+=|H+OD54sbiNEKvSp9NBwY01?h7rzeLF9UE`mS|PkUW(=*P9py3M0cM
z|LAjTi{9T8y>>)xxj$D)QXgW>p6lYJ$r~hO8lk0={3omFvr42KX&kF|z#e^tqvvQm
z(yaLo@K;h9;JX>2ntH5uy*~grgD1h*RJ2=LipND-qFjbldXkF+R{}kkyOLw6I`cDm
ziFs+vByQg+bMt;Rw0x!<;#K>%{yFw$jZ1|2CbSKDzLu2*1-7M`yoqnMM!afYe+jw`
zFY@PX*rc1x@h7qN-W)N6z3k5@8jhs?21UJkk!4ev_TFJ}=uI7*A@JmN4X<UQ@LJA+
zg0_Rvy9Z#(FHyL<x!`zh%_RTggBa9qIHK(+0f97^KZwH~thxt2$~I^virne;n|(gd
z>+$6-IguB&bvXNu%=*ftJ2(a1T`rGwqrh<2a!boW?nmj?S2>o?2<ULp37><7Yd<k&
zn7JryKdEkLNR;J~ewJ0QfkJ=2CbV?yBspSne0d;5Pfv1DZMUs_tJ5+MbkHZ+&Pke4
zEO{U2B<jZZ+UXgFu}27J*=F^nx>Tm|c)HiZ85H!=IVXoc7qn{r{Q-H2oCr;wQeTKQ
zs`}m202Yb!Q!Q?emEyU`o|Q*el3zb?$zt7r)A35oYkYHPr$#YOjFHG}u+mL(Q0@G?
zEjs=SLp$+y{p+KZ_LB3SE|%VuQ)!9d%y{&GNssAu6Vt2z+mPpGJ-^|`d}l_ye1PDd
zqj9?FQI+t4T2`tRg0I%}L3I00VGc}9*@QfYLEBf5CR&x0VAflybmlVu=+^dQzgNf(
zn4VYV1Q9X~)*>hLuH)vmrmOiq#<mv_-yAhP$g5&`#-X#)A4JoZWO7=q2CbJ&f}|NG
z^EE`{7LhcW^2>tWUp*;Ib7%weiEU^Q8RcSn3cjK^xox19>Y0GTFtf<S&iwxYeI_FC
z!F=5c@iC#~Jkf4|@RyiSim}=(_lkE;LZc~}*E-bL^?L7Yl*_K)ps8-Svr}TTX%-7-
zmBaT{TON3IIcMd4Q6@@7Mb_UadT1SHb;}$%(|Tw5X<6~{>b!QLUIB8-<XC4DV??)H
zt?#RuI>wOFvHVgU9)A=nk}EO0SKC3W1wyqV&e;=zF0Z8;Dq4iP7A>?(UiIuv_<Cv5
zsu<tPNNLk`YLnevTu+8^>ufNC_msX%Q)go0oo?jSn0(xh1CTq#s6{avW}J-8TS~lF
zRIc~0%xhYjvoAET{FzfNrmdF<on`q8Su$%FD|V(~&by1H=cP`?qgsL;Cj`B9{MLY<
zA0;~C5%Cl{+s1GtefgGY&xcO;GJc>6H{HjLH#;r0uT~f^1mS~L^2Q~*POpY=DoaUL
zHe1E9N|>;l(`rx$2_t+ohHtXWX|=juXAgoby3gA^BmjWpA_sGpcQPzP|9PwK!U=HA
z-RQkvEn)liBt=R$|It$kT9-K6<k@D@#9)T`Ph`v%3R(+sk<*;Fd2;31oeVEMo#HNE
zg})GvQkU~~G`QpR*eg))TzfZJGDV)|ASFwhq3e7j!(b^Sy-&f`x0{iE`CSZ2Rx9sJ
zEoo%h(^@Wv3>pf~Tk({u!*V*B1*w@TnEbX%D;17`0m~UU)0g4L9f|9@K>d%5aV+~}
ziESlM#j<D6T~n;e&}?Cqo(E}61}@r-2U^x+N9)Mw^vIsss|YvpbK6X&yWSX#eXw#p
zF9^(y_aegX;xz#w3E?rG%gf|7A2y5j(;m*xIs3(p`on_IiI&ml9!`(PQ&!I$BLV7E
z?uzIbCXSi0yOel(VPK}-wWw6StU-?})KN=1g!<*u{jy$DY(<Qr<F0~8&<jg!>^pqI
zPfV|w#cR{fjB%hEG`P)O6K!X9Hb=AaM;GP5lHKdnI1A6;FvuVDQ!LvRb)fQ9l{}k4
zzi90fU|g<3uf238F{an|6Irr#%~kYNE6>Q~;fvY<ofdES9Rd`)VnTaEL*$ZTcs*t=
zg>wg=7<1)6M$(Z<xk_z4ceze1if_ydYs3hnuePOt|GsTp=ogCZ9%!9a+Zo@<8=m^m
z)V5naGk)*2=T#N7V&!%z)c%!%YP5=*Nf8l4fseHofNZ%FDV8h7EAIEmH)T}I&Ss-A
zK7h!W66l+*>yE7iK15skcm3s>)76*K8;N^SmAPY*Tq;``S}yXd-@rKAdAlQC<<{$E
z!L*wPgEkp+5HTpZ?5*KU%m`lmhAKOni?Puyl|vvdXUpQKTpKjAvbyGCz8V&0zWTh5
zU<R3!<Jv>Uyr^ZEKBg8H<9d7J+jhf+G>NkTszr$0F=;;t6UO)Gmqs|1IP;~kw!N;>
z68JW<x#vV4Pjrg<7-^tcr`$}BYmtqm`2p7qx_C@7XgW5d5!;uWJ^^jj)V54_yiaAe
zTjyThLq|eCW=HHK`1!9L@~Bf~g8UiT_a#zU<q9}_$Z2~iG<_}E3N9@5$+I<Mf?-Lf
z5)gByB}?xtzeOjI$~RV5XaI%nH<*DMMJ?)-k(Hk35%6JE5zCcgT(?!6ja`yk%)lOU
z$E@Xk7Vrn01@B_ZkI3k;-EmU+(0Zz4B%32UHHA8+_e&jn+tTj^)fO%cYI0Gos{ytX
zcWI64E!QccS(Lcm1dLDN8%JVRD_6q_+18y&%4I%(E>ri{OQ(_P7(#JTU1rLx<>kA=
z4-hf9JlbhoLN?O)F({2SHWPl2YaCBWq;>Op_sZA0k}nxXVKWw3W&{N|RnqbKtJvg=
zD8xgr4do@~XgT*kPDJI*e~2kFoXPFg@yPov7|T{3>0Xoz8-fFOb8Esmc(Vd;D#(Uy
zeIe?}r-lOw9<_S$H|9pjnR%n8<8}3x6$J&wQLWLp^73_t`whQT*S}MH7(eUKR7W1b
z`zn}ow0m#x_r$?>zhssiTrrMF^~7EqfC1;x_NcfyVy}~`P@0mfq;*lZCa)c$kzb?<
zyjV@Hp7;R44sB)=6S5`}V4})>xfJ3vd7Xs$P(y}aDifvmCPMuZQGxc_vRRB*!ZsIF
z{UHLX!~WI{EX+>eN|7(~^B{u-h#NhRr0Kj!aFE?J@EN5(RbR$M^Z#_kYE3~RtXj|t
zUHaWdc<n&+QEREpgA3y33#SF=zbU4h57uv72r3;5;p>`gyGTH*Y|@{ppFXrqL?qZ(
zZVz)iXAr~m)pc&b^0Bp+c28yn^UfkXYIV5NkmG|x>K$zG`~6`1u!U@^>Sj5u-g|C2
zwSKH<=!xk}<ZK%zeRHFougr;eZx+4daO&o!#K3;04xWbSH&RrMCRFjWYgi~M7)~xn
zAhx=1B)(edXy@&*0BI44JY#|R0HM1;Qf@dBP})p>xLR;^Bga;+SB{bU>=ZZEAZM}V
z@L%fbv4P>3Y+z;ohM{9d`ErutPFDJsB1ZXy``5|wOu976Qensc7%pUb0D_$t!DTo-
z97*9-I@GpS#v<|pNM&P0G3l|BhKZ_FLslrex*GN(dBKJJ&gB~jtL+q`uJMPPoId9s
zTUM+atPYfpiB;LO3l^Q{;f|AEV6?1dAq;H%1~8z)P!Fft41A{zseEiY3=&A1nC}+J
zv#Sr7X{$yXRGsFY{1B_<d`dEX<Jy24+-9W}ff{71q^t>*j3b;Y7kkzy#Y_WRvR`wW
zXFm6MR9#&zgx6x3Q$6i#Z0S^4yuS%{iXUTSZ0~~mdR5hqU`KEwXu{f>*)i6WV;rmF
z?>v^@ISAYgc=W7-{6o9m#8dlbaC3xhW6iw4ySLjS{CW~AcLnCJW^$j|1Z1!EhMZX}
zwy`tgmKG=va4EVMhOq^d=gQjO?5A0|vQjN-ON>Y@tYvdv=+_E;d%8(ZWVr8h3ER(l
z-(dW9nZRGeRwnQ6mJYbIBQfE5M3zryGZC^6ZbQQQvetp2UR@^Jb8h8p(B!F3@${p_
zP3QI5bt*rXoAu|mhk&Z(n2+?PfADbRQl}p_9{Rq7lCoqEz8Gn3#Ss$Sfn#8|j_ab!
z9H{Y!C@ZNy1Me%C3sc<__^^lSDZ0mc+4pSOpf&v-@V;qi6PLxuBtFH7#w)x+H?_(k
z*BZ%3fY0qmuvJq4XKk}uPHRAKZ(ZtNC>rjRx!)uRUx*uZ@+uk5Uk+95l-cq#ppat8
zxlrrag7HHO1urd$JrfVv0(Ui7KE`B}6{juQ9A?D-Aw9>4L5=;zwX$QFGyCbwBo&DW
zNM>ece>ABzjJ31h=o=3(l%TbHl-9)_P<Ll;tY$sT?>GS%Prka-7f8!Ng&a2kp^t{|
z=DsV!Me0%B(unr!6=2gUP3XU@&2J6jB%V!)K~MbPSG~ev?EJ_Vid{efJhRWv(*<|h
zWOn~W{b0EvsmNogr?8TzgOAoFHvi*tD+{?8EUO}OcOcv`rU``W4~*4EU5Sp(AJE-&
z*S>)H%LuC{JlGveRcmKGU-e@A-HqB{`Nzx6etIRK2OyV0*!|IXH@S8B7K^`L*_T3w
zE4uwn&;5EicircDE~Y7q>D4ZSdtnxU$JXkS?+sCn_N318b^IC#dxX&n{j6DLA83j_
zv}_>Hc1N5L25r%|7;`QL5L?qj8ML`_Y^K^S+IL*t9m#8;X@#(@Y#|M6QyAoEEZJbz
z=%OO?mPO4?5&JtA<d+MWmrZ;a0{Hk`bRuCUUQ4p&xtB6`_WedSVsi;f7cOn)9pv0i
z?=;m~2Zw-1TC!qZ%YF`({4-I7zt3v_&_o>Y4Q!dyQ}79896&~N#Px1iYjJs{_31sc
zI^-0!f{sAo_ru+X<NK9zHT+-7^(V{!;(e?irXkQ_=K_74)G*YT{@d8i^RFI)2X(LG
zpN{s8DrNp9JJ54r4o+Xbh<EV}NMgwVy?!?8+Ax+1)NMZISj97uB=ZU<Fnd~c26|+s
zu~3=7zMH%=`S#PQvuD4R`d#5QE<LDMaTZ+l;`qsgGOgFM$W$TN?4+{3hbSDR&6OlE
zZ;oWs!g}*RvxK^x_(wZq<VWo`kux@r;aQ2>w(u6Em|*zrry>C${F+`q)+vak6|gAt
z!-P4D>(Z?=%7--auXp6<@O2j{QA^qxV^$!D$(2hmix>U#A*|nkd&r@m(#l@V^iOpz
z6DSUc&BB$1BQWnL!Z@?<nm&^K>-&>lRIPk!A(xn*nYUfsRffsi*}%yYO6edk|A0!J
z0~wDd($5<QL<LuO$VfpM6tjwoI#!XXt<B0h((5zI;mLf=``>V;&zxj&2B&xw;g3ff
z<^TLT6Ij<;O4TIILb%1Rbmm%kRpHH{#MHg~=MOz@7WkF&bvr(8cwT0*eIGcOgct|&
z-8>D}dSqOnAgB@$Tp%!hiuG&E5sN@R&)9yhS03-a5EIs(cp}b1iYw^SQAM|ln5A7k
z?l>$?ZvFCKv%tCoCmsZfQ+S=$XJ74l8Te?~6&}cFEeb!O2m!aqJOf_&)wjnFMmIR@
zB{E8ACe5Iw-DN~1W37_3tpO)WDi!FymC6DFMn-VLOp*_=j`N^n1Ky$uP3~%>g*&ZD
zE0%YsTFBYabtht;_EiEL%KN7l=-vG#JpcRw%4j7Te%2tl7$&_ARpv=9W$7kLf`g{r
zqkxwBA~rZi>z@l@!HeqJ8xGaCTWXX4vt522sjMT(MRMa@0{9Amkih80{q81qRPxWI
zR9(hX^?g#=)<uw{%c|tY-c6vS6+0WP4A@fq4B#(3f9wf09NK;VvS|@r8<W9>Zbl6|
zLn*#uzV6o4(+Q<FF=u!VRDLwx^8S10JxIhq;H;mUEjF`1zEYx0D+xF}O%bJwk+Cx1
zfp4)K@=~mGcq;^Lz4FOt{UxPM0&=E#Rmn}Ln_RJiuKNf$g>4PpqDq>I_gE>>k2mmy
zk*{9mGQ)No?6+;4OwK}n<<C+Sbb&GHrpO>}MhwoLBl|w{<g4|$%66t%YyI6C@^fY>
zyBql4djO@>jcfQQ7S!KAX)6Ld!6r4X69d#1fudF<{PtT*u%We9Wy(WuR{t#@k$8Ds
zJyVKqbby$d_tu|-og@{2(=-;WIC?PEflD2z!jZ}3b5qINu5gY7=kJmr!w-0=%i`Xt
z|1toge~$N>R>}45UPZTS-4m&8Qjm++*ujEje2i}r{;QTE{B$*&@$Q4)8`ZrBv};6X
zSMuubP5qO5f%KGC&D*|ePuv!PN5KZa$!u(Z3v^IP79t>zS7yhM67lbk(_LdfGC69~
zPITd~9f0^Yn*02;5MvaNhv>$l1Hwh)bkEx)7$DmWPqO%bVZzK4U~pO3P$AxR#e=O0
z^k^-awO33&UUKd&D|NTzp}VGnk;hOQ>VJwb&TnqwyRQh-nz**Txxu`%)ez8jZXPwN
zSY4}aOSl$Y1zUR%VEbQA0Y53Bs?dBe*JE!A%|8eNvyCP6-jdRjlYD{|pw`b>G1WVL
z7%6{?#78@*n&?=czVI6qQs_k9FlgtR+qC%$Pal&ZSGm>uOPk}e&X0Y(Z9gK%`-L&9
zXL@z1N|~~f(JPf(fBRqg9GIfBTbRv`6ruO}V_jNXM%FVOWcB2SB1NWv4&dXlIf6r_
zf4q2GR#*DMH@GtG?$_k7@*d0QJR>s<AicZ&Au;eDAI91JTRG^$mA<OX?b|WXI{Its
z;B`#WBW}39$3fBj7=`DMY#~^jwqZcD?p;N3gi*?uxb5-3Gh2i>p0Kq3c}cDyhQdVn
znTRm(s-%hh3upg*YvN>mK^p1zxJVedlfhFPn5R%@De3<GsYtxRt{%*;R#Q&lxzPhd
zB+oQ(?f0(MN~>N8tso2us9hUVhKEY@8-_s^psOn76xT0Cn3nupeS$-~V9;Y*p1|I=
zgU}CEW{yvljG^CKTKqk>Q!5@DeIiS8C@(UGIH1&2Ks-AtR{{O4EvMO`81~6HjS5F^
z>u@LkEnn2F#_&@YfHwNc#e%6qwx|yKosJ9J4ueLw_p47;H_40NO4M)WeF}goGjP(Q
zMxDVxvJ^?>U;j?x6jj~p!Hk6o?|#vX?mjR=3RT(vYQ+D5S|6th%!CQIQN(Ch3Tj=;
zPOJR*f7*M`u&9#f4O9_SbP)taBufxcB&g)5l0gtuauO6IgXB1lxWEtvBuF$6B!eIz
zX;6kiC1;7FAUO;}&fGq(!mvNs{eQdnKF|8;sAtYOU0qdOUG=`zqg7oLBW&QM>sPwb
zyEQ4<QVNMeqO6exk|Q{*Qg^PQ<ZZBW@d3A&4^RA;)whdGfa%@x1DZ*6%MX*$erTwM
z+R(a1cNoNW`xJgbIQ9wv0vL15p4bftzGKy;%>_TTgMRvdt02E%w7J?PmXjmiS2xLC
z0rcdfv)B9heQ<G5)SkYvr2)HMR4frvCe~zA>H7|~Ii+N3@GwE)XdTc?vx6u94u9J5
z1b8`x?-TFN0jl|i=645DrDH9jK*wGVs7<87pZ^$%zu+QNOHv6M<fYMWcCfW%k+x6*
z%PwfR0G5}1Z?*r?#(|TMNLGo%eE3w5QgEPT>?oa13j2NnUJyXPAy(auZn~{yEArpG
zO!E&|1}#msa;gRRLZKA`@)5@|ncLR1%j=^;3682}Cnz~Mrd5WYYC+sdl{Q2be5V#v
zdQ^b|QjXHFcKXN2%E0Vstz2&~%14cuT)P<u2O0Vm&=X^X2dJbd-<jgSm$P<!gG9p-
z$;YUcRC<k(?+f{Kaun&R9xrWrKtm2uQ1yCsh)rtOwnJO9H6jQ%dyKlC>H}u!@e^pX
z1<LX~QfKA)|9Q|?;H1gI;?O#-tPDIB<mVW<tDs5BC2rCEZTGvnuCqFfp)9Yg;-`h7
zG~YWQqBr5Uxc~7d$uBD^uF!^^IX<EQ7ay%rp}Df_lkxq1qZ63C6{{~KJF%GfxBMz}
z&!vEse<RlE^*`<)Alvj{10uyH_dNPX*#Ox}z`&?R8eI6z{&85~WB&Wh|D?IYptlyA
zpBHl}6;|tl7JI7Z`UP$Q0cT0-b>&s{icdf-8<7N;RYx&RG=gxBJW$!hZ=bX6?C`Ci
z@f2hzhS4OUJ72xaR{?a0@Gqm;<$r(sl(|2FJ(Wipd*NpwcYik6v>p40C;j>_k2ApR
zxRN^=|IO_7!F$Q}e%uiPF3JK+2%1&VdP2a)%uzd=7<AeR1)X+!@jC77@GOd~`$^lA
zn=MAieF=VMJfZfid3AJ7S@rcxYcoUTB#?oF7Gl}mBS=Ah!#&I$BxPd?OXKUJcwT3^
zPUI%kmcu$E3Kpstm7T?Vf3@R^>I3tTytqca*Ulm8ApwB2#>OrG*^&p<Rts#tm)|<C
z`6~L4hiz?`*oPZ!$CRsi?o|JEh~tV37};hmXddx<UUo_b&dxSHmL5a>ncTz!7t7w^
zMEA@6xhjJnV(Sp}dqn?mQ?49<5$^o<&7j7$IxamADkR;r0o9`Wr#$9En|XepYzx}S
zu*lh;Pu`^m+FvqmyaT^1h7>7TcPlhr+<2fnD#ot^>wV@rFP%F3D>)C32T@%UMav6{
z-IW(g4uO<4+r8X0$y|}SicQU)cfT98jDXCaq>K*rc98lvNl>ucKnM-1LdQwbPEcx9
zs2=-@h=Ra!!sGtK_bwaPo@;|pfde{pi>CbOE(T13hf`Z!lBXo{Cn~Po0-)kbUPe!P
z`@4WiwLq;^WyhNqOrp^?iwq4>hV}g`{jq}sr~Os<(V|+lLb`^>DicRStgFY(`gKZX
zd(4rDCfaH{&mzH3NQKF0DF$zU-gxY?GkQo19O@2M5Gu3&oi#<gDQsjWurqF`j{tD1
zRDPt#a`=#^$kSQ|f@+hAVOIK3bq1<J*RQ879TP6I3C|u)F>&hg)b@0lot?3E&$P7y
zY@<9GdXG|<(xT&t6SkY6?8HT1-`{1p>DOIVK6FZIv;V^cdx99x>K8w*L7$j}5Ek<F
zfK^FkH+$1?h+&rgrVaBDWDAr=wX1D4Mqh?SIX)(8%;26hUF65;h}`LR^xSk8v&$>G
zT7oGN8Wx&5O)SRabGJDS1r1)TftfX=6&Leq_2xQBkUeHCda2fO;BvWtn`$*}z<i;~
zq{2jpU_xfUu=FDd4`3H#c_(&KgYZ1q$m5EPXXlzs5r^_{Pu+_Sp<POyb40XaN+;8^
zt-b_lyDN5oCSG=!^h96BI6tBzT?S*os*wi!cX(f)d*2(ygH8~ezsG|rDk$MimSr+c
zxlM7d>%FmvW!HLN+bFr*p=u7T)=M8uigHmR$mRC-h!nR`{-(EHuW2ouj*YEZwhAV^
z{-ePZ^c#bAAO~KN?WwBPhbMa8=iyGxPqK)i#yR{h$V}ule4GdpRyXnT@~T_uS3uT5
zi1X%eOba#_<eyPH=1}1LNH=E7OUo>^^SGL_NAzQB6f$lfCw-tD?tECs;U^A0VRNSA
zx}lo-_=A(#Ek+c)$=Hlib_i)fe7eQvV4OR4%<=tPs6w8s>!+IMCUJ41r5m}SGVa0s
zB^0ybs-sC5l<c~NLsppJo7qB@MfU>g7$cC=ya1f8o^lhOpm&%LJenweWAs*%uUmcZ
z>wNtlMB*dE{_8j$Tj2;aS9!f5u7BWdH9bs3cwn~1zwYe;u^iY!V77j{EXTQc4cm>#
zx0c<7{G?JbvWC7s^Ht=;lvRoT{R?lylpkCHNEaqOJ*K;NEAwcmJrEs%Cluzm!10iE
zHPP_4W#ie)hH4ZnQ|nE|6D!vGF%VWSX3~(^5Ts&A^91xc%EXdoDG@9YT>3V81)!v6
z*b!sohkArKH|dETiyvR2Kc!yd%i`OObTW4Y1>A6NI?U^+;i%1}AT<iuE8AWqLiNyD
zgOo5qDy%g#gHrG8^XhrIM-onuH|tQh-^0aA7|;^nz7;H~&xFw4^kD2e?_N%R-QiET
z$klJyjtq8P$4Q5dKq~&M3t~3GV!Z&<rW%ktm7zK7HAM9qgDGCn*5nm@MJ0@eb<MQI
z`1IeQ#&t|ok@NVouEew5KM{PYaKPQU4nQt&(@_O%hKk@Y=o`$4`-#UOQYdp=)_Tta
zOi8hByvM@(W-2Ao`POF7^th!BNdm<U?N8lv&DKoV77elP=U#?AxHZ19_y$9y1qEox
z4E7kkc_*LmzC0f$qe`iO?Agy|jhHQBL3<LV|Jk}LKNlA{n@N6NZ>6p#sqJikHrA-h
zx9JNgitD?!RgsKl&s1w0^7=X7m)7H48)IcYYyM-B>E#*vgTwa+&`x@VHv>;2qz|6R
z-nUP580rPUn(HSa%nEzdr_}wu>oyjX$rBhc$D^}Z?BJe{)#caO0AM>)0dQmp$7Eqi
zivkkixZ0DZn_|ZukCEmd%4>@Pc(fOuU?lS~ezJS*p<5YkROG47mCG}R5-7<djxdKW
zrB5$iSPuE({Y4)G128xlvp$hi>B8<1m&p?xgF+fveamxxoFu7+6tuQ)-jEfpDi<mI
z{@l0)LfyTmqnTuhc*aRJti+GL9VpmjL>-tIht+lX!=ZLQp^k%1N+j=P>08u;_4)>Y
z3uMCHN=cZky&8uMw5l~pF=_{U@LaGjrHYB!(b)k%yn=HcmTdm8h^77%B)SmRNz$RO
zUR<f0en{G#MCwYsrpp7JBRS^7ZTVj$b4#<m)Gtls<*coE!(5VR)2RyMCi{<&g%CE^
z`%${|0QSpZOy@#AlayY8Rd2L4pBURpI7KhjEgs`P(!vP6$fYA4yO#S-R^J3?9An)8
z^p5XG+l9$L-bZ>;OwJYFiAj@6=X2QLE9ObaT$uo!l;@95sKI29?;VgaAI$)31fLN)
zAcW>*{RV^`7IR;E`6sgx#(g%BU;b2~E2~WE)w?EBJ)%e4Gz;=(ioKdY^EpCryUz1!
z$s?#lm%Cku8%j?Yp>r3pNPSPUYhwP3*!HNQx^BB`Xw~5x#ox&<q@&FBKMKmb(-$s9
zq0=?`dD&FDT-xNh*3VMMO*O;(?8pkK8mwParDtJXBE2ti>?b%0j%>dzF|kKfw4b1i
z*#=bTO|mWfRJ9*V24obCU0aiavE6Uaa8k4O9rx7NeD^X;qsdX`E|ITNHeHqnuW{+w
zdrS)R8xB1s)ON3`TLXDok6)&RNZV&#_P<<zt}jrg!i+mR24U<c&QkzbJk_NrYSPwa
z(KK{gZp^jgjE(o9bL3BJIPc|KUR;JlEyUdbkn0`<K4|}Zo;0p^FgO#l+9%FXbN`+0
zEq4K3^+qeyM51+X5scr^@lvu-m!tU~06TmphIc#{)V}r2vd%T7A@wzJN$BtQYsA7J
zBv)m5*ZsFJip&+gj$EPP7xfwrfy#hv*+r2PD(R-AwMPsHaw<nS00^8<K;Y|J&w=qs
zUcKXulY|JWdaUPSHgAxb`%CFdr|Z+4MUbl##Cn2ENbB^5Vsz{Ih1+6kg*6bS)3Pg{
zr(~eMO*5nXlB#COLi_{-s^hbEDZ8Jiw{jzY;+w!R$8l&q3NrHLWR-Y90u0=e(e!^v
zAiq~7MFx1kSF`iQt8DkHgXofma{H^Czv#^l@p5I4f1mq_rsFJae%(1rN%K?j{k4@4
z*Q<D1c{|$R3Ap7!2+>{e-2H?c1xC~5);mq3Dg=PkHH!2Bhhv;loTD;qZNxN`ca-oN
zIpb51=vbo0i^lNH7UT(7bB6WY!qKY`9(Xc1f3{s)TOq}yK31~}YY%CBOr+#TX*yz(
zs;J{@^BowAJ|iYRzr}2GMd0MlJ9re`A(IbuwMe1id`-d=dbZsCgG*o{!t5=I6qb|h
zvMjlA)^Xx%XDL?F`ou8flqhh6JZid_S;T^kIKetpZPqvGE84?0B@&KI<k?`FKW%Pf
z-maYcg?a0!cXVL&gWOwOjkLwB!1sW1CvBm>_<3x7{B%o?D!=gayyic{idsk_mAokc
zmQKsJ^aR6%@(*jn>iW+Lp>OIxID68xX*jqy%)ZC{9~R9Q)r8QwA*#WiE3IKk>)#y>
z!+l`RBOiuFJr*>hAo@bgs!^xF${S{d$ame5%~IiUX0?Z=^wmw9dV9e~QMEv1VF%X%
zbiH1fYO!;uWAXRq(VGysu9>yFz|tD}wpS}(qE&s0OK-(_fweC!cWf!%$z|yy1taKr
z82Ti8C-@g{QXAC?LcZDnf&zcFJG8xlHh^{O-}xZa3MI@V;TODZE%vgBqn$9H<5Z7I
zSN0S~l(@C5KD5Dm*Xg_3w1~|re&3l)Z3lQNd5%U_V9VeLwrdt>zd${z7RVB$ROR)o
zkdqMwdN*dkk#U2OiYq1#di`!4Q>8!Rvg;jc?+9ah*H-!$c|=|-s}wKCL;)o6+CpH1
zBe@Qz8Ls<0(dhvthhym3?l<T(Be7}$4!|mEd<iz;$39&7JA860oJ%gRNKJ`Tqek&>
zE?DQul2K)$yhZ?s&UMya#6WBmH4wA9jE?QhQ^>yJ8_s4(<QMYg{cyat5ZDS0e|JFz
z`uu>pt#mS+&*pv;#AO(?z`Y(K!_W|<nSTzPL&C4HJ{rz*GE9|8b1*r^ihVw>h{DbV
zVjyvDqC5P2*gQ(6-Uq$+TMov4c!0^<ViJ>xy}M@$WSNF}UhGNX!{8`8DyA&5@ioUI
z&_#IgSwqB%W^s{s+?YT$7_FO_IaNG}w)3I<013;Dt+D;>0zS$*4UYV%gXpnCFZ#K@
zEb4J1Lt<~bf2Adjn3a5DJdmF|gN}JCOaI^wgo~TC5vfHk^(*B0hDCl2LO#=n&~-lj
z*-Kaey7Mf?ohG#!I0H++hbZD)$p;+c%Cq}#SD(5%3%CsBC|r?D&v;Q)^)t0EzIHC7
zfAYjV3sv<?my;xr6rc<f??2-fz&3Pg<1Mm7o_|OPO+|_G@Wo1Plzpj=kD&!@qS@=e
z2*~>D^{w+UzL?LTp;1ezI!aX71LKFO95Kr9CZ8<;Th_XQ-mh<hE>H2aW26g*@@NJq
z!}h_Q2p!!_T6XD|`YWyR0!9eAlg{M8>}T}JG7qn{hRCyAL5(wbU--p54namU)3+D8
z8o&VenD=@taE*bJ{bjS`e$~;Z@^g<5tU`c2SU3Y|OZD60Yg_^B^aU~x<yq{0u&PO)
z%L)P~E{QWAAG&a%{26uuWda7tpdnV6;w~iKymGnR4fhDCRXiUfFqx11?78H{TZfTk
zxfby34;(;$%g^de4m&T7uUXpLiB$_Lb$|#}3)Igub!qpk8LUWrTfp`T-8<>?-J33*
z3RT&?_Hx8#lCm}-viF^<K~YO3eQ=TZ=3ur$_Bd66?RQBQ0tkv{^CPZq9O+@HrU;Hs
zQykB%@(->NbNo^56FU*kBlS?8>ZJNJs^(66Ml=rEl^qjXdZCuWwyvRTN0%K0?Yg?@
zl{e`09A}6t^;$A9D39?ehWU~*K%u6d<x?eZ&Y{CjOX?y6i!60#JHL|wJ2VJ@4n_F~
z9wB`63>m4wz@1|dH5tOb(Y+nJUV8o;pda&?J(N^oj+leFbr(q2(x|?=R-PuAk2v%J
zu$Ju?%GVbz>NS528vly{ExW~l#<@N=L=Zk2P!`~c5wtVrYp$GHi++$d@#6#9{G2D!
zVf<-0%Z&4C(gteX=R(<~<dJHKxnz+p7Q#Ip33IsFk_2#p-_g99)#Fj)zQ=j#m#WRB
zft%}mI2fRWtn6L7f%<Y1*Bj(1HjfgIPy_D2Te40LjC#bHZdOobz>$Gqos;`DW`95e
z6zyh|;)X7~wLlLVl@zz#@e<dz-Efh~7aI6=G6(lNqGlvbywaxC(gTmzRHc^y7us*7
zAF)-CCnMPCZP&+mefaQ!x!D)irT>}_BuWmG9fqGy4Nx~6421Cu^id^^ZyHS-T~Lc%
zv>%P4BhV!W;4#h*NB+4k4Oz!r1aO&s(WKzKlD#$&zZZvM2=Jqj^Ks88aw`Q;1}LGg
z3Wu&+|IH`u$TI$XESwX<d68%2Z2fkx3khrJ&dlXTn!V!1t?z%K0Fo!ggcm^IyVuix
zZT%Xx!JV$=Vsn4*<@7tg`aO1#?hFNj`cI_)pB1TMS_PNqydt#uGG5=%JrLH#!2eeq
z-~bidZr$SeH)W7`VFI!pa}%v2|9)!DO{jb(#9Ot4L%6GKTp`#%gHmA7p1X=I9sPgh
zLji;mlG_4AUIJLeKT@H5Hv0X87AsANYXt&17uk$kO3N0^?L!x{3u(+`OQ67|rd)cn
znw&q&-}7X(C&&ZS+KG=B&=NFO9dM}Ejyu*}U~OGnt*I}Paz&ZPL|u2i4*j0<t)lbD
z_n|YJdIhW6w46$G$Vy@v+v@~`#ek6c$~>Q7&zyDHSu!~y+_z<B1|be8uUk0L2l4_P
z0;en~IeVN?l24qSX-FR`FV7)5)z#chWlJFvG^)$(!`g8Mi|Wc=!{%!fGKfR{P_L5+
zkH8I?9*_oh|Ky=f_X&HvLkj74AH=CK>!pK3G5#suy;<E4ztY@M`Z4gS>|y!?N{_U&
z$b8ody^hks#f(|ulj|6WDDB>3yJ{KUWYRf^S<)KNap#wbSxu8Fk>h=D>5g{F(He{L
z@;$xIFuE89<C?`7+GhECq}hr2+gegEa*Gl<#>7`%I=`nzN@z0DlQHByP+0)giZ5)^
zU;PUJ{h3#r8`k$!4OhVz%G`A^BzAf=Q#%jpWTL_ab?z{F=VNy1div2|ko;ZvxqdHI
zY-B3&2US(hKy2w#@9Y|iFQ$7?)p(W|W!UwNIr`r7S3?}n6zMNHZ3p{V)eu9L-U%ZX
zZ=a%-tQIn*nKUXD_Za(Z0g4SMt2~hNt$V=-kgV+x+P=NT+-6I4|8^n4X#<#k5#%iO
zBI6Si-{*tx|4j8R6j%oO)SuF`xAoMlX;?bCWcU~*w#s3lbE@OiK-GZ>fyhV=B7-8N
zcSASI#P*#J#D5MU45{`2Y2A!2qyi^>IWm)88V2}ZnyAl4Xp=byz|A;O!ZYC*7g5=l
zSVs|Zll(K$Bn!M%)Y?G^HLm4HOup=tCLj~?2L;B*5Mdi!@Jce*gTFxdxmOV^9ed9`
z1-4P6?=%;e;U-pcml+@k%Gf|lmcAGY(LGJujM8^-$^QZi>Odz5rY4`3)IJw2Syo>j
zj(1Zk0OWA*d_>y;wb;%2bY7<1Zw1)i=&E;Z<go8Bz>G46D4Ueo$9&%!GqN(@-k>hG
zeKnKd>o$5nl0*}9`+MhGj{TbZdika(Acl*B+)>iGrVhgy2@z+cb?^FhL$p*=#~UdA
z8I2ZD=Wx)X90+nK5hxEa{5fFBjQ(*gO2En}nJ>`x$uIz?_DPD)49M{5oem4;FAw$+
zFL^oW#BJSD*WftJxN>t{37zW(%g-9LX4+KZ6x_&Gkdt$XMJ&;w%T5pwCPzLBXG!jG
zrzY9ev4OR{@!GdelY|R&AoF@lVKvi{>GT=BK$ROJz9__6I9-VSbf!6yx4&}K*AB|>
z76Nok)5eT=sK8X&qR+*!(=!qZ5uA1WGzo1y=nrP0poyveWy9JcW90fmVDMdqd9i_9
z+J&=50wLL@H+9c2Cm@T5GnIUh`gzG$`pvUTtYjZc=3Wh8SKIic;Ld;r`_pn^(}dS`
zSM4)a;w&-@F3C6FWI0(?S`QM)b`}l|CYN(S;WD`lcy3eis)KtbP1gWTiu_}S=4FM|
z$tl2r7xh;+{xSG5TkleT<wU8j$dAB7pIkbNY;To!&iw3$6H)Ddh!pe>?6+F@$z@LW
z2y7$n(){r1L}HbaZp6iF!OJ&G9~%OmePB2@6MK?Y8l^+6w(c>m^`XHb(0mjt`xMc}
zBz=J`&e?rb*x|Z=xQevD%J6d25aZOHIG-gYwAt~=XCkKTU1|fZJPDI?S3wMv>;uLz
z$`dU8H|Fei$Q8giZF0Fr?s$X6xoi%ek4Z_lkSp`v%^PP91;^Ju)t^pf#b&Hc_jsGk
zR2pq$l=m^~Ayqiq%IRSr5mhZleOWaRYw6zTP+d5V@?&5QPm`jXRg0|j{&Jp;L3rj<
zh<CHdsagFsr7AP>5F4J;NpXU{o}w#XDUzlF=Y=~1mpL42kL@RD(E>2<{CGXDJ;6ZN
z42)Uj`e(9XmaXb~`JorG_8q@)J%9Gprc3O00+)_;gIt_T_&krlM<8Du%fTN!+8*uq
zJI^m@1l?I}IWOJxD$6Ck&nW|ws@`&hs%oZOMbAmqqNL&DOu7o7IX=uV?6$H}zvx}k
z(VhvCQqpek6jE*PrqIl49<~PiM^jD!ri@n3`M&2Gt*Pe0dv&dC9q^q$QzrY=f_mu-
zm2TTEK)y20^W_0SM}awxmkyMwdjf8CNb}-eeeEc!E_HEhf0$m(VLqxDbJdU1p$<&C
zbvaJj^hBoKDOIzZUm<$*N4<#2j8e5^`?rT2{btE}T{bsX15?$j1RUyyqlEfFxA){k
zFxBjWmO{Uay#EuO+B1=5pDh9>TYKw}lWH^oZggNYn}|E8+g5^;t#vc+%2v<|-JCR^
zpQkmNG}DbRD%;e^O4kZtm7b3-ruF-LG53qqU)f$Z1eEPf1=(JTrUD^Sqje><0Yynn
zuh%~Kze7%$4|4!!*H3@{TGV#~R8e`=o(q5shB2h-s;K@0lg$YFo>61{@tj!Mw^o|1
zlMuIgS@NyoQrTFvPjSDZz#|%R#zqP#EH|XKf4o<TCh9QUNIdskcfP5SBeZZG<tlbY
zX=efUw(E^*;!Y@1u_*kjVE--3yynHN5reo03c-n=9t5H;vxORd#PSMfj;K1Nx`~ZX
zB{+k<P&|<HKf3;64jc4vqzS~QGk$!X<p#t=zCJ~rJ)n^{bf|6sVk`Gd%^&KjD(4gK
z{WCCE%kkxfN^cG=d-Fc@*iA)RU##}8L@l<{D7e`(d$Kl-MGoq-p{N_{yG(nlT1WCx
z#WPS+<zY>h+u6HeYkLD4tXUmF9hibjeaxn>qB(Gt3>l_<u271#8z<qGLFy87wYZ4K
zygfs8?z<Z59B<m)6x|wXt2Rg9&ryYrbPGM^+06oJ+0N{7855=R?d{DWz|<lDSsE~>
zGw7om*ZW0Kf%>rZI-Xu6RZ0iU$B6ocKiC4L0r_Oj9NCkzp~wrDjqqh%n^ko`ti7(V
z4sxnY*6nr)V6axH%A24^S@VYEM8G}4<BJVgp3Ygm&`PnRi*+TPOB46v0S!6mHx2nz
zx3Hs<Rj8x`J)g*`&O3k0N%eub8Ej7Gep4WyCm^7Yx@pC~r%y?K{Ij{@*ieBb%>80T
zlMJ1v&<5x;!!fzoT>mq7Y69g>2La`rR=83#i1}W1<if{Nl3|-q9}b11Tc(`OtMLF9
z1igh`Ndv%$Lv>s`WScZFpUf`%Sq%qz!2j!wvQiIh$?A-<8iH&z4#>uoKk4As#{KX6
z>Dxq5ub@sS*q)!xSrvAgdJymL({OaC!F-~67?h}cMVz37E96?<W9p^n21?SctWrjc
zx@cDsQkrw3T!k1%1?}uZE@PilW)!qMfdjnc9C^&qsBi3{FUot&DJ>2=<}ptH$uK;u
zRA;G8VWw_q81&$~QfTx#PV%|G7K)wdbhVNLeS0>nXcE%^jKt(FeG+v_B+O^v+e3gE
z)g=eG6IPA8_*wME`*0%m4M5BKI=FgxyQ_?W)?uJIF`W<`V&IJV8qtRAU=pS@wiob|
z>&_-<z0C);LJ$#InQqo{#rCy(^%YrzmD6+W?qfZ-o9;IBq^;J)qY<hYe_<Ti%I{u@
zCrL>=vsxa?PIJ<~aqAni7nsj)k!Ri<!faSl&hqFWSp1gy23bSzDhc71+zXdomhSq1
z(G4J~8EE)a&Q3XfVNbZ|v8ZsWBmWkid4N%V;!_aliwGMxz2c~yRb6x+vh^Tm<X#8c
zJjG2xzH4~#cXDt=?3HIn0ghBPrQvYklP$+15lO_f-(XSDj{5TvbC^49)C%`hK<!Tf
zz%PyrN^l)ZO<G^7*#y0UbcHBMU70_;XiFovO^^-pT@8wObn}Q-rILsMSJv6%i^1Up
zexymWw%9TQPfAz_#wxY)ZLeEfQ<nCunolKQK3`d_{}K~j8E}%)P^^FTw&ECqFkYl7
zxl_Or<dBjr>L)s@t_MyEI1b+FxDqVWlh?9%r60705m)0wtU`S&Jd4Z|+H%o>Gla>8
z$bRPlaZh!qfmFVkbnJM$yR-!WZjWBf>7JvHZ^B>az)W%|zxEZ^)qZP!1!rO{lL+8Z
z0BXGz(i@R|3Oo6ekBou%$UeDkY9{WUE(14l*~`oy7|n1R^Tmk1V4okjeWLW2hFR4<
zpUZj{0urKt^9;6Q>=?RvyV8i)eJ{`ldt(c6Lhj3tXW!nS(Pw8(Lphn|V{frcpwjPn
zUr32t;O~TrJ<sovA;_3nuZsZ4M)TtRqM`vodZTqH0gI`et|93T?5$h2C?xGV&d5Da
z2sj_}LyFsHd;vE_3TJNShS-E=Ylvt<#FH1>Ssbc#2@V|8wW-j<C8L~-)IT!L{bNoC
z>OdESC+Y03swU}9ZbQgk(<r{O$>y0(IZy9@Xr!s3-;X?Vifq6cmxM8f4r5MlsWa-$
zu{fCUD6n`aljayiTt1Wj><^hxn9Qss{CgMZ(!^B)LiX35%20DCqYWAPBC08RBSFvg
z!t6RG;?!PpOhYi;GVV;>cyz-VI2~Y<b{zpnD|abn!tthun}~=qQB41-Sq3$ac$-=7
zW63)xv8~AgCs`UIHs9b3_#&n;e>HFHZzF`(7K{8t4a=6yL(IWziMSO%b-m6gs3!x5
zp6N{voXz4Ag;Fg<TsCZ$!bKMszD}Tt?|n)iA<mr`93nCUr9tzotJH1t$7BjQw0qOF
ztH+`Wtprg{TzX;TcJs;&qS{)TOd>+-L1<o_ncq@8+G#VDZ6h}yxa^JB>yqKJ*R&jG
z3|{LaF~ts_<jI$<O+Zj@x#sCJt`3r<Iu_N$WKo_3my<D11AO<v5oBA9BF9TQzBQ=D
z!upQSS5f>zKaHG(gT|04El3(MEq&O*Y{gBhqF3e4Vf3a-V;^R8=POiP?OcV#x#ek6
zetRw>@@Z@VPwtIQf6%-uST=5R^cmfwASl655k+L2cxlMrNw;VQjijNq4rrd=<XOr+
zd7<8|*uM4{$Vh7ZPny%<1blGRJ%g%gin@fHMS8zO^p=0vx~O;nf);6thda8$%oEdw
zT)U_YNHNAKT~_afd1)UM<~nYf7T!fZpsO}@RjF*-9e^XT<}eZ!Gq%YFL?xJ|3|85H
zm{H<t-tmH8PXPVyLRq|{1@H^SaNLnvx&0B?v_nD6Ul;5xS=7(ry>H7VS{Xt1<)Gx5
z?TrH&s1X{ttOO)_vz9DWui8o-$#E&Ys<Z9<w?mN%2H;DV&Tc&nTo||m3Up0m3iapX
zdABmt*Eoo@?x=IyZa?0hF(=8ZAR0;|OIRNX7z|G+6C^KVx|s)7(CDjw;;rg{7D1V)
zqW9E{McRHGX79VS?Uvx5$wu0dwroZmQ@_bC=Rkt^ob6ZqM0Q0EfnD?S!ICj}WkK37
zs+Ya?==>9Mywm@-EeZ7CkmURxwl$sLB9ka0r83tL722Ls@^H>COY-E71I7LlCSWmw
zy!0&Bqwjd>t47stzV`MmX(6;c!fgnSTtCzhqV%O3o?ZWr4n|Ia3jg}07WD5?Kq~qG
zkSn~7ss^HbKf52AO|ysX`o)|OjfNoYDc+<io`wsirqnpK9dLWm!Idml+IV2SkqBR<
ze$7;iDzq<)RrA8ja{N~E+<VU)DLhs-<@ietUs;cN{#G$E=Y{7cls^yTw4?&{(@pGg
z_OB=35uJFW2ESY{u!_X;T4zso2ApO_(=AW<M*h|9HjI&5piA@+&BZLL%+3eH`mW!X
zo1(AOBNvg_u(H)&tW|oZG~ro!@HvulCHP00hFzTg&<Y1q_~F|b*8BYK6iiWwev6E%
zSX5EAxREpE=6QuEAZ_kNMVymo_93^VpXXb0UnPhPUKC4L$F!;WDsZlg1G*AxQj;VU
zH_BQr;*a?iaIZ9+m^;HM%DW0#3^L2=Fzb<RDJQ3bP$5g>B9mI6fK7BzQ_i+(Z`%Qt
z7tm&&7w@+NiGA?+6TT?l!Bo!C&wZo2(&ECPeQ0xv1b(j_DxZo&E$;yFibb}TUWPVu
zx9UsdAz=M02B9P&Tk2b3Prg(LTP+kc6;V$Fl<j4Ri?scDK+FER^#MQwNNOum<EbY1
za{@rA+>9?<MvsGVbpv+4L431eSlL*==kHCEpvS;d0cg^2tUfM&+W-KM58CGzn6{uN
z*fwWhnu@C(*bNx}VikONvGoLg|51C!X+U!|;o2NZn)uAN$pZil+K1H5cIBvnX2XD+
zI5B`<>7ihmMglyJX_YVRlb+io>_#J9?{4KCxF^L@m?upR4o{+h`M5b*28&;xCuY0P
zmM8?!D}57*dU(S5EjLE)B#3UBl%hQRd(8p8H@M)Ui(MD|UBUUI_kjRhweIx4%P&S<
zZ!v!=y&I#cA`$qks4K4gcq|+P0k~7yxUOaf$MN~b%3}?Bn74v%Q=KH8vkjZGHjx6m
z?!ExA83;l?5uf=G#y$;rzQWyDk5&G$O^t`{3n16S2M}u0up1uHfd2Z>dKb??m>ge`
zpjgH^&a>qk_XB)Q&gxW&iN6>QA=9#SD$&(F%_*f=6tLLwZrakX*AR+3T=oFo(_L?W
z`_P&VbYFIU?lyz`mKpERNZ_r(B9>%}x9f+qGv!>Iw}YAnOvR1)-PTv!{ihNT%MMWq
zGEQ4xaZAU*Zfq0kCo!g<=xUUv4Rt-(();a;r*fgwtlNK;FepA!`t+b9L=G1fYb&|c
z8xIJ8|2s|yQq-O@z-O`jM#2?^Zy&Doys=Z&El%f@ODI#@K(@ZrU(iaK`*ngT2u;0?
z3H_+h%rmY+Mw+o(m*Q3;)b)Gw-$xic{`GO9tkbw)hV>>#p}DNhwS;cdWD+<r#7%zL
zV};jgwSwiSg~B4k*E^>Y8)Tz2;>X~r3)c{v43>A&NEfb|%>5#FjBvpl*6J`KarZBG
zxqfSkul-ixH``G1s;uBQ%<Y!kx3C1QO9J65>Dh#S1bT%ktvPs!CJAw33nj0>Cr?O|
zS5Bq&MU6$=W-H-Hm^fCn+tIS40ElH+T%Tc!XEKe5ileDGB53ZHZex`k+|t5S`gs|T
zo*h7Mt=&8150T@iE?c;7O(kGao}V@-HgJLFM6}IEHE!f#l_aKdeU}NHgB-7C)O{m7
ze`CNw(A_L`AeHlm1NOFh;)-D!g^F0D)msB5s~`C7IDV_g3ZzZqbp^S=HGJE&##%k3
z7W~M)ukhjmoB|cQPvGh&VkV`19Iq{=iH#o;c)dDTQ$bR6_1nREl3Ef2Wko%6@;YyZ
zfib?R)RaW)CnH&7X({rrcs+@J4G4aR$avH_zDt=dkyDj4m9x9wg&I$Bw}yT3$YHsB
zU(<7V8U`rR#^ENZldURa=i8)K*}do;d2)ERJ<#tF90tA0SyaaBwfXTLY<XD6<Y`!|
z(%2P;7_+>%LcyrqT?E+534Xasoa2f2+Agx92FA$L%2q40*kXn7g0erR-`kU|@A6)<
zB_>9e?<`y20WMzX!Zp3M*ADusj4?WdxXNaBi6sqeq{YqSMS5EX_AUL<Q<VBqeLVe<
zcwq@QJt(4JnG&R`o_eS2zR*Q<<1Qagc8-iJ^jt;Dj+T*FvZDGjw$!**(=onx7TRl_
zfwT9m9U1VXvL)_@qle{0u>B=l{{SvV<iCj>&`&;gt0dKSjB{R1xSoW~y7!0BZolUO
zzb~~I*p5-bO~sT^gZuq4WIXbJ&2?l~!uy=fW+}{W5Vda(`_CXcJaq73KNZD<$u5nW
zX2K57iseN+tY&UpMGW6_-*MdVUmsjSLvW4Udf$8eenD_jF#OBPs=}!)t(Ie(3%cbR
zI{Hu8ui#DXmLU7iFtXr|aTMY$hY|*L1dA?x_s6*3#ZaeAsbW&BR3DRH-A(u$7Z_P`
zGoGz(Jq}z<=Mv<JY>4oJv0JHjq^ij8HsJ=u@J!Yz+oL-qY7tR!rA2VnTK;uibaW@a
zGW}ANuR8mYa)x$`=vw?2<^)t&Jdf$wZKaiHIV>me+W>dGYsb?iP68p`vB;Ccm%^5E
z?zp%{UjM(V!r%Yp=AVzAN}lYt2*Fn>JZHE4#79q`T;2*U_Pn?aCP}4=PaFSq_}w23
ztniN=L;L%u{d~ur!-wT==hji;?LKzBj}Y7^@GtENz_9)k-}Z#=l;eNm+r{Vnr+vE!
z1v2OVtMUGkrjaB?z63VVVdBy^W}~_u@zKWKqpZGI{{w5hVc*{GOmv+DTRotkOmtx6
zuN{<_j=`m652Wc(H-lJ66`{A+>{>}jzfRUnpG_xpyJa1EAi-qo_QSV1zm-|)9;$Hb
zE>0Bv8O9b<L@9a-Pgu=41&PqE&DYasW5gby>%^65W;$yJ>_zA?NU^)>s~kCP!=Gb>
z;bVl}!E84!FU<vJxp6VP$X`9+aR1G+WifqLkFLzm@#hc|RJuGS_F~|>d!DZLy8xD?
znl7N^<I`Yda?9{Zp|RiL_YxEMlpAax+`6M*i2mHt6`%MT)u1Az@#EIz&zp<(+|x&{
z*B5#!X2+a#9c!l853_pBMsq)UcL#~*V<nygFa12B@854!CVax;`c@_R-~Ht?;=^*!
zmPhd->75Q?%Qw$SO31$Y?=$zXgkQ7tpEUn3x>?|QNx6kZ!r%-yRef~I^2LBGBJY;0
z1dx%1e%)AB(LdZ-x?0`3@uX_?`R~2tIr8Z~HB_O63D&Yk{{7Ful27Z~XA?>D&V=vl
zTJ!^F{`J*+X!e$h|9A1v+Wnt={*%vMf#ZL=@&8NRFh99;%Kc!!dx*37^L^ltoRpGe
J)-{92{|}e~1>67t

literal 0
HcmV?d00001

diff --git a/Access Control/tokens-in-oauth2.md b/Access Control/tokens-in-oauth2.md
new file mode 100644
index 0000000..2babd4e
--- /dev/null
+++ b/Access Control/tokens-in-oauth2.md	
@@ -0,0 +1,823 @@
+Token Lifetimes and Security in OAuth 2.0: Best Practices and Emerging
+Trends
+
+By Heather Flanagan (Spherical Cow Consulting)
+
+© 2024 IDPro, Heather Flanagan
+
+*To comment on this article, please visit our [<span
+class="underline">GitHub
+repository</span>](https://github.com/IDPros/bok) and [<span
+class="underline">submit an
+issue</span>](https://docs.github.com/en/github/managing-your-work-on-github/opening-an-issue-from-code).*
+
+Introduction
+============
+
+Identity systems and the use of tokens go hand in hand; their existence
+is ubiquitous, and the need to manage them carefully is at the core of
+identity security practice today. But what is a token?
+
+A token is a digital object that can represent a set of claims or
+attributes about an entity, such as a user, device, or process,
+typically used in authentication and authorization
+protocols.<a href="#fn1" id="fnref1" class="footnote-ref"><sup>1</sup></a>
+Tokens are often cryptographically signed and/or encrypted to ensure
+their integrity and confidentiality, preventing tampering and
+unauthorized access. Tokens are commonly employed in various identity
+and access management systems, enabling a secure mechanism for proving
+identity, delegating access, or asserting permissions across networked
+systems.
+
+Tokens may be differentiated based on whether they require the server to
+maintain session information. A token may be stateless and only carry
+encoded information (e.g., claims, user roles, and expiration times)
+within the token itself, such as JSON Web Tokens (JWTs). This enables a
+more scalable architecture by reducing demand on the server.
+Alternatively, a token may be stateful, at which point the contents are
+always opaque to the client and do not inherently “contain” information.
+(A stateless token can be opaque as well, if encrypted.) Instead, their
+meaning is tracked by the issuing server, which maintains the state
+(e.g., session data, user permissions) associated with the token.
+
+Tokens are also described by how they are used. Tokens can be classified
+as bearer tokens, which are usable by anyone in possession of them, or
+client-bound tokens (sometimes called sender-constrained tokens (e.g.,
+Demonstrating Proof of Possession
+(DPoP)),<a href="#fn2" id="fnref2" class="footnote-ref"><sup>2</sup></a>),
+which are bearer tokens cryptographically tied to a specific client. In
+the OAuth 2.0 Framework, both client-bound tokens and bearer tokens can
+be used for authorization. Tokens may also be short-lived (expiring
+within a few minutes or hours) to minimize the risk of misuse or
+long-lived (remaining valid for extended periods), with the former
+offering stronger protection against token replay attacks. However,
+while the OAuth 2.0 framework allows these options, implementation
+decisions have a meaningful impact on security – which is why various
+Working Groups have emerged to develop profiles of OAuth 2.0 that are
+appropriate for use cases requiring heightened
+security.<a href="#fn3" id="fnref3" class="footnote-ref"><sup>3</sup></a>
+
+One of the most effective strategies when issuing tokens is to narrowly
+scope their permissions. A narrowly scoped token is designed to grant
+access to only a specific resource or a limited set of actions rather
+than offering broad, unrestricted access. Narrowly scoped tokens limit
+access to specific resources or actions, reducing the risk of
+unauthorized access if a token is compromised. This limitation contrasts
+with broader scopes, which can provide access to multiple services or
+actions with a single token. Using narrowly scoped tokens, combined with
+short expiration times, ensures that even if a token is compromised, the
+damage is limited to a small portion of the system, reducing the risk of
+unauthorized access to critical resources.
+
+The term ‘credential’ is often used interchangeably with ‘token’;
+unfortunately, that’s technically incorrect. While tokens and
+credentials are often related, they serve distinct roles. Credentials
+are used to authenticate the identity of a user or system, while tokens
+in OAuth 2.0 are issued after authentication to authorize specific
+actions. Before the broad adoption of token-based protocols, you may
+recall that websites would simply ask for (and store) your credentials:
+they would log in on your behalf and access any data they deemed
+necessary. This is called ‘screen-scraping.’ By limiting the scope,
+context, and duration of the tokens they grant, authorization servers
+protect users (and their credentials) from unscrupulous actors on the
+internet.
+
+While tokens provide a convenient and flexible way to authorize users,
+they can also introduce significant security risks if not properly
+managed. Ideally, organizations are implementing real-time risk-based
+token
+revocation.<a href="#fn4" id="fnref4" class="footnote-ref"><sup>4</sup></a>
+However, considering the correct lifetime for a given token is necessary
+for organizations that do not have integrated security management tools.
+
+This brings us to this article and the complicated family of tokens in
+the OAuth 2.0 framework. OAuth 2.0 is a set of specifications, defined
+in the Internet Engineering Task Force (IETF) that allow a client to
+request a set of scoped tokens to enable access to resources such as
+APIs. Understanding the different types and uses of tokens will help
+developers and identity and access management professionals understand
+the implementation considerations they need to consider in their
+environments.
+
+![A high level swimlane diagram of the OAuth process, used with
+permission.](tokens-image1.png)
+
+Figure 1: "The OAuth process, at a high level" – reproduced with
+permission from OAuth 2 in
+Action<a href="#fn5" id="fnref5" class="footnote-ref"><sup>5</sup></a>
+by Justin Richer and Antonio Sanso.
+
+Terminology
+-----------
+
+-   Token: A digital object that can represent a set of claims or
+    attributes about an entity, such as a user, device, or process,
+    typically used in authorization protocols
+
+-   Credential: Credentials are used to authenticate the identity of a
+    user or system, while OAuth 2.0 tokens are issued after
+    authentication to authorize specific actions.
+
+-   Bearer Token: According to RFC 6750, “The OAuth 2.0 Authorization
+    Framework: Bearer Token Usage,” a bearer token is a security token
+    with the property that any party in possession of the token (a
+    "bearer") can use the token in any way that any other party in
+    possession of it
+    can.<a href="#fn6" id="fnref6" class="footnote-ref"><sup>6</sup></a>
+
+-   Client-bound Token: Tokens that are tied to a specific client or
+    device, ensuring that only the client to which the token was issued
+    can use it. This is not a formally defined term in the
+    specifications, but you can learn more in RFC 8705, “OAuth 2.0
+    Mutual-TLS Client Authentication and Certificate-Bound Access
+    Tokens”,<a href="#fn7" id="fnref7" class="footnote-ref"><sup>7</sup></a>
+    and RFC 9449, “OAuth 2.0 Demonstrating Proof of Possession (DPoP)”.
+
+-   Refresh Token: According to RFC 6749, “The OAuth 2.0 Authorization
+    Framework,” a refresh token is a credential used to obtain access
+    tokens without requiring the resource owner to
+    reauthenticate.<a href="#fn8" id="fnref8" class="footnote-ref"><sup>8</sup></a>
+
+-   Sender-constrained Token: Tokens that require the sender to prove
+    that they are the authorized holder of the token when making a
+    request.
+
+-   Token replay attack: A cybersecurity attack that occurs when an
+    attacker intercepts valid tokens—such as tokens or session
+    IDs—during transmission and reuses them to impersonate the
+    legitimate user or system.
+
+Defining “Short” versus “Long”
+==============================
+
+In OAuth 2.0, two types of tokens are issued during the authorization
+process. The access token tends to be short-lived and is scoped for the
+resources where it will be used. The refresh token tends to be
+longer-lived and is only used with the authorization server to obtain
+new short-lived access tokens. Access tokens are typically created
+during the authorization process after the user successfully
+authenticates. In contrast, refresh tokens are issued alongside access
+tokens and allow new short-lived access tokens to be generated without
+requiring the user to reauthenticate. Access tokens are meant for
+authorizing specific API calls, while refresh tokens are used only with
+the authorization server to obtain new access tokens. This mechanism
+ensures that users don’t need to log in again for subsequent access, but
+periodic reauthentication might still be necessary, depending on the
+security requirements.
+
+How you define “short” versus “long” token lifespans will vary depending
+on the sensitivity of your use case. For example, NIST SP 800-63B
+specifies that for Authenticator Assurance Level (AAL) 1,
+“reauthentication of the subscriber SHOULD be repeated at least once per
+30 days during an extended usage session, regardless of user activity.”
+This guideline suggests that even with mechanisms like refresh tokens,
+reauthentication should occur periodically to maintain the security of
+the
+session.”<a href="#fn9" id="fnref9" class="footnote-ref"><sup>9</sup></a>
+
+The Role of Short-Lived Tokens in Security
+==========================================
+
+Short-lived tokens are a fundamental tool in enhancing the security of
+modern authentication and authorization systems. These tokens are
+designed to expire after a brief period—usually minutes or hours—thereby
+minimizing the window of opportunity for attackers to exploit them if
+they are intercepted or compromised. By limiting their lifespan,
+short-lived tokens reduce the risk of token misuse and improve the
+overall security posture of a system. Short-lived tokens significantly
+mitigate risks associated with token replay attacks and unauthorized
+use, but they must be part of a broader security strategy, including
+token binding and revocation mechanisms.
+
+Although this article focuses on short-lived tokens as a security best
+practice, emerging standards like Continuous Access Evaluation Profile
+(CAEP) aim to extend token lifetimes in controlled ways, reflecting a
+shift toward risk-based token management.
+<a href="#fn10" id="fnref10" class="footnote-ref"><sup>10</sup></a>
+
+The use of short-lived tokens is recommended in numerous security
+standards and guidelines. For instance, NIST SP 800-63C emphasizes the
+importance of using short-lived, narrowly-scoped tokens for federated
+identity systems to minimize
+risks.<a href="#fn11" id="fnref11" class="footnote-ref"><sup>11</sup></a>
+Similarly, BCP 225 outlines best practices for JSON Web Tokens (JWTs),
+including the recommendation to limit the lifetime of tokens to reduce
+their exposure to attacks.
+
+The standards also encourage the combination of short-lived tokens with
+other security mechanisms, such as client-bound tokens or token binding,
+which ensures that tokens can only be used by specific clients, further
+enhancing their security, or sender-constrained tokens, which require
+the sender to prove that they are the authorized holder of the token
+when making a request.
+
+Reduced Attack Surface
+----------------------
+
+One of the big benefits of short-lived tokens is the reduction of the
+attack window (i.e., the length of time that an attacker could exploit
+endpoints). In traditional token-based systems, tokens with long
+expiration times are particularly vulnerable to token replay attacks,
+where an attacker captures a token and reuses it to impersonate the
+legitimate user. Short-lived tokens mitigate this threat by limiting the
+time in which a token can be used. Even if an attacker manages to steal
+a token, its utility is severely restricted because it will soon expire,
+rendering it invalid.
+
+For example, in the context of OAuth 2.0, access tokens should be issued
+with a short lifespan, after which the client must request a new token
+using a refresh
+token.<a href="#fn12" id="fnref12" class="footnote-ref"><sup>12</sup></a>
+This approach ensures that even if an attacker intercepts an access
+token, they cannot use it for long.
+
+### Enhanced Security Through Short-Lived Token Rotation
+
+Short-lived tokens play a crucial role in reducing the impact of token
+compromise by enforcing frequent token rotation. With short expiration
+times—typically ranging from minutes to hours—these tokens minimize the
+window of opportunity for attackers. If a short-lived access token is
+intercepted, its limited lifespan means that it will soon become
+invalid, rendering it useless to the attacker. This frequent renewal of
+access tokens forces attackers to be more persistent and repeatedly
+intercept new tokens, which increases the likelihood of detecting
+suspicious activity.
+
+In contrast, long-lived tokens remain valid for extended periods, such
+as days or even months. If compromised, they provide attackers with
+prolonged access to protected resources, increasing the risk of
+unauthorized activity. By reducing token lifespan, organizations can
+significantly limit the potential damage of compromised tokens, ensuring
+that access is tied to a shorter, more controlled time frame.
+
+However, it is important to consider the role of refresh tokens, which
+are used to obtain new access tokens without requiring the user to
+reauthenticate. While refresh tokens often have longer lifespans, they
+must be protected with robust security measures. If an attacker gains
+access to a refresh token, they can continue to generate new short-lived
+access tokens, potentially maintaining unauthorized access over time.
+There must be additional protections to prevent or mitigate refresh
+token replay, such as refresh token rotation upon every use, client
+binding, real-time risk-based token revocation, and secure storage of
+refresh tokens. Together, these protections prevent misuse and ensure
+that short-lived token strategies remain effective.
+
+### Security of Refresh Tokens
+
+While access tokens are short-lived and may be in API requests or during
+authentication flows, refresh tokens are stored securely on the client.
+This safe storage is critical because refresh tokens are valuable; if
+they are compromised, the attacker can maintain access far beyond the
+expiration of the original access token.
+
+Systems that use refresh tokens should implement several security
+measures to mitigate the risk:
+
+1.  Refresh Token Rotation: Upon each use, the refresh token should be
+    reissued to limit the threat of any one token being captured.
+
+2.  Client Binding: Refresh tokens should be cryptographically bound to
+    a specific client or device. This secure binding means that even if
+    an attacker steals both the access token and the refresh token, they
+    cannot use the refresh token from a different device or application.
+    The refresh token will only work on the client it was originally
+    issued to.
+
+3.  Reauthentication: Some systems require users to periodically
+    reauthenticate before issuing new refresh tokens. This action adds a
+    layer of security by forcing legitimate users to prove their
+    identity again, limiting the window during which a stolen refresh
+    token can be used.
+
+4.  Token Revocation: If suspicious activity is detected—such as refresh
+    tokens being used from an unfamiliar device or location—the system
+    can revoke both the refresh and access tokens. This revocation
+    forces a reauthentication and cuts off any further unauthorized
+    access.
+
+### Summarizing the Security Implications
+
+-   If only the access token is compromised and not client-bound, the
+    impact is limited to the token’s short lifespan. The attacker can
+    use the token for a limited time, after which it becomes useless.
+
+-   If both the access token and the refresh token are compromised, the
+    attacker can maintain long-term access by continuously refreshing
+    the access token. In this case, additional security measures such as
+    client binding, reauthentication, or token revocation become crucial
+    for mitigating the damage.
+
+Support for Scalable and Stateless Architectures
+------------------------------------------------
+
+Short-lived tokens are particularly well-suited for stateless
+architectures, such as RESTful APIs, because they reduce the need to
+maintain the server’s session state. When a token is short-lived, the
+server may not need to track session data over an extended period, which
+simplifies the architecture and reduces the potential attack vectors
+related to session management.
+
+In microservices architectures, where services communicate frequently
+over APIs, short-lived tokens play a critical role in authenticating and
+authorizing requests between services. Their limited lifespan ensures
+that, even if an attacker manages to access a token from one
+microservice, the time available for them to use it is minimal. The
+scope of the token is also critical to its security impact. A token
+representing only the client’s identity can expose a broader range of
+resources. However, if the token carries user-specific information with
+a narrowly defined scope, the potential attack surface is significantly
+reduced.
+
+Another option for microservices, currently under discussion within the
+IETF, is the use of transaction
+tokens.<a href="#fn13" id="fnref13" class="footnote-ref"><sup>13</sup></a>
+These tokens allow workloads in a trusted domain to maintain the user
+identity and authorization details of an external request, such as an
+API call, across all workloads involved in processing that request.
+
+Security Risks of Long-Lived Tokens
+===================================
+
+While short-lived tokens are not inherently more secure in stateless
+architectures, their design aligns with the scalability and efficiency
+needs of modern systems, reducing the attack surface by limiting token
+lifespans. The persistence and vulnerability of tokens can open doors
+for various attack vectors, particularly token compromise and replay.
+Let’s look at a few critical security drawbacks associated with tokens
+whose lifetimes are long enough to be more easily used by an attacker.
+
+Long-Lived Tokens
+-----------------
+
+Common types of long-lived tokens, such as API keys and session tokens
+used in mobile apps, often remain valid for extended periods—sometimes
+days, weeks, or even indefinitely. API keys are often used for backend
+services that need to authenticate to external services, while session
+tokens maintain user sessions across mobile app interactions. More to
+the point, API keys are used to authenticate programmatic requests,
+while session tokens help maintain user sessions across multiple
+interactions. These tokens reduce the burden on users or applications to
+re-authenticate or refresh their credentials frequently, offering
+convenience and stability.
+
+However, this also creates a significant security risk. If these
+long-lived tokens are compromised, attackers can use them to gain
+persistent unauthorized access to systems or resources without being
+detected for an extended period.
+
+In environments where tokens are not frequently reissued or refreshed,
+the chances of interception or theft increase. This possibility makes
+long-lived tokens particularly attractive targets for attackers, as they
+allow for sustained access once compromised. Without mechanisms like
+token revocation or detection of replayed tokens, such breaches can go
+unnoticed, giving attackers ample time to explore and exploit
+vulnerabilities within the system.
+
+Token Replay Vulnerabilities
+----------------------------
+
+One of the most concerning security drawbacks of some tokens is their
+susceptibility to token replay attacks. In a token replay attack, an
+attacker intercepts a token (through manipulator-in-the-middle attacks,
+session hijacking, or other methods) and reuses it to impersonate a
+legitimate
+user.<a href="#fn14" id="fnref14" class="footnote-ref"><sup>14</sup></a>
+Tokens that are not tied to a specific client or have long expiration
+times are easy targets for replay attacks.
+
+For example, in a system using long-lived tokens, an attacker who
+successfully intercepts an access token could reuse it repeatedly until
+it expires, giving them ongoing access to sensitive resources. Without
+mechanisms like token binding or short expiration times, little can
+prevent these replay attacks from succeeding. According to NIST SP
+800-63C, tokens not bound to a specific client or have inadequate
+expiration times are a critical weakness in federated identity systems.
+
+Challenges with Revocation
+--------------------------
+
+Revocation is another significant weakness of traditional long-lived
+tokens. Once issued, long-lived tokens, session cookies, or API keys are
+often difficult to revoke in real time. If a token is compromised,
+administrators must manually revoke it or wait for it to expire,
+creating a time window in which an attacker can continue to exploit the
+token.
+
+Many systems that rely on older OAuth token specifications do not have
+effective mechanisms for real-time token revocation or monitoring of
+credential usage, which can lead to prolonged security incidents. While
+traditional long-lived tokens pose revocation challenges, frameworks
+like CAEP are redefining how tokens can be managed dynamically, enabling
+longer lifespans under strict monitoring and policy enforcement.
+Organizations that are taking advantage of CAEP may extend token
+lifetimes, requiring a refresh only after an event that triggers policy
+enforcement.
+
+Increased Attack Surface
+------------------------
+
+Long-lived tokens can increase the attack window for an organization,
+especially when they are not tightly scoped or frequently refreshed.
+Because these tokens remain valid for extended periods and may be used
+across multiple devices or services, a compromised long-lived token can
+give attackers more time to explore and exploit vulnerabilities within a
+network. This is particularly true when the token allows access to
+multiple services or resources without requiring frequent revalidation.
+
+However, refresh tokens are typically not issued in most
+server-to-server interactions, and short-lived access tokens are
+preferred to minimize the time a token remains valid. This restriction
+limits the window of opportunity for attackers to misuse a compromised
+token. In contrast, long-lived tokens, like those used in user sessions
+or in environments where periodic reauthentication is not enforced,
+could be reused by an attacker until they are revoked or expire
+naturally.
+
+For instance, if an attacker gains access to a compromised long-lived
+token, they can use it to maintain access to specific services or
+potentially move laterally within a network to escalate privileges.
+While the token itself does not directly extend its own lifespan (unlike
+a refresh token), the extended time during which it remains valid
+provides the attacker with more opportunities to exploit the network
+before detection.
+
+In microservices environments, where APIs are constantly communicating,
+short-lived tokens are crucial for securing service-to-service
+interactions. These tokens ensure that access is limited in time and
+scope, making it harder for attackers to leverage a compromised token to
+pivot to other services. However, each location where tokens are stored
+or transmitted in such environments represents a potential attack
+vector, emphasizing the need for secure storage and transmission
+practices.
+
+Difficulty in Enforcing Least Privilege
+---------------------------------------
+
+While long-lived tokens can be scoped to enforce least privilege, their
+existence represents standing
+privilege;<a href="#fn15" id="fnref15" class="footnote-ref"><sup>15</sup></a>
+they still pose a higher risk if not carefully managed, as compromised
+tokens can grant attackers prolonged access to specific
+resources.<a href="#fn16" id="fnref16" class="footnote-ref"><sup>16</sup></a>
+If the scope is too broad at the time of issuance, long-lived tokens
+might unintentionally provide access to resources beyond what is
+necessary.
+
+In contrast, short-lived, narrowly scoped tokens allow administrators to
+enforce fine-grained access control, ensuring that tokens are only valid
+for specific operations or resources for a limited time. By applying
+narrow scopes, organizations can reduce the potential damage from a
+compromised token, as an attacker would only gain access to a limited
+subset of resources. This approach restricts unauthorized access to a
+small part of the infrastructure, making it an essential control for
+protecting sensitive systems.
+
+When Long-Lived Tokens May Make Sense
+=====================================
+
+There are scenarios where long-lived tokens do offer certain benefits,
+particularly in specific use cases where organizations have good reason
+to prioritize convenience and reduced token management overhead. For
+example:
+
+Reduced Overhead in Token Renewal
+---------------------------------
+
+Long-lived tokens minimize the need for frequent token refreshes,
+reducing the number of calls to the authentication server. This
+limitation is particularly useful in applications where users or
+services need continuous access over extended periods without
+interruptions.
+
+-   **Use case**: In systems where uptime and uninterrupted access are
+    critical (such as in background services, batch processing, or
+    long-running data analytics jobs), long-lived tokens can prevent
+    delays or failures caused by expired tokens.
+
+-   *Note: In cases where the application involves [workload
+    identities](https://learn.microsoft.com/en-us/entra/workload-id/workload-identities-overview),
+    then protocols like
+    [SPIFFE](https://spiffe.io/docs/latest/spiffe-about/overview/)
+    enable dynamic, instance-based
+    tokens.*<a href="#fn17" id="fnref17" class="footnote-ref"><sup>17</sup></a>
+    *Long-lived tokens are not necessary.*
+
+Improved Performance in Stateless Systems
+-----------------------------------------
+
+In stateless architectures, such as RESTful APIs, where the session
+state is not maintained on the server side, long-lived tokens eliminate
+the need to constantly issue new tokens. This option can enhance the
+system’s overall performance by reducing the load on authentication and
+authorization servers.
+
+-   **Use case**: For applications requiring minimal server-side
+    interaction for performance reasons, such as APIs serving high
+    requests, long-lived tokens can reduce the number of database or
+    server interactions needed to reissue tokens.
+
+Service-to-Service Communication
+--------------------------------
+
+In certain system-to-system communications where services need to
+interact with each other in a highly trusted environment (e.g., within
+the same enterprise or data center), long-lived tokens can reduce the
+need for frequent authentication and authorization exchanges. This makes
+service communication more efficient.
+
+-   **Use case**: Within microservice architectures in secure internal
+    networks, long-lived tokens can facilitate inter-service
+    communication without requiring frequent re-authentication.
+
+-   *Note: This use can also be solved by using short-lived tokens that
+    leverage client\_secret\_jwt or private\_key\_jwt as defined in the
+    OpenID Connect Core
+    specification*.<a href="#fn18" id="fnref18" class="footnote-ref"><sup>18</sup></a>
+
+Emerging Trends and Future Directions
+=====================================
+
+The field of token management is evolving rapidly as organizations seek
+to balance security, scalability, and usability. While this article
+focuses on the current best practices for short-lived tokens, ongoing
+advancements in standards and frameworks are introducing new approaches
+to token lifetimes and security.
+
+Continuous Access Evaluation Profile (CAEP)
+-------------------------------------------
+
+One of the most significant emerging developments is the Continuous
+Access Evaluation Profile (CAEP), a framework designed to dynamically
+assess and adjust access permissions in real time. CAEP enables access
+tokens to have longer lifespans without compromising security. This is
+achieved by combining periodic risk assessments with real-time
+revocation capabilities. For example, if a security event, such as a
+user’s location change or device compromise, is detected, access can be
+revoked immediately, even if the token has not yet expired. While still
+in draft form, CAEP is gaining traction among vendors as a promising
+solution for risk-based token management.
+
+Risk-Based Token Lifetimes
+--------------------------
+
+Traditional token lifetimes often rely on static durations, but future
+implementations are likely to adopt adaptive token lifetimes based on
+real-time risk analysis. By evaluating factors such as user behavior,
+device trust levels, and contextual signals, organizations could
+dynamically adjust token expiration times. This approach seeks to reduce
+unnecessary reauthentication while maintaining a high level of security.
+
+Proof of Possession and Sender-Constrained Tokens
+-------------------------------------------------
+
+The shift from bearer tokens to proof-of-possession (PoP) or
+sender-constrained tokens, mentioned earlier in the Introduction,
+represents another critical trend. These tokens require the client to
+demonstrate cryptographic proof that they are the legitimate holder of
+the token. Standards such as OAuth 2.0 DPoP (Demonstration of
+Proof-of-Possession) and Mutual TLS (mTLS) are advancing this concept,
+reducing the risk of token replay attacks and unauthorized use.
+
+Enhanced Revocation Mechanisms
+------------------------------
+
+Real-time token revocation remains a challenge, especially in
+distributed systems. One draft under discussion is
+draft-parecki-oauth-global-token-revocation,
+
+“Global Token
+Revocation”.<a href="#fn19" id="fnref19" class="footnote-ref"><sup>19</sup></a>
+At the time of publication of this article, the draft has not been
+accepted by an IETF working group, but it remains an interesting example
+of ongoing work in the revocation space.
+
+Conclusion
+==========
+
+While long-lived tokens can offer convenience, particularly in trusted
+environments, the risks they present—such as token replay, session
+hijacking, and unauthorized access—must be carefully managed. (Of
+course, if you are following zero-trust principles, there is no such
+thing as a trusted environment.) Short-lived, narrowly-scoped tokens,
+client-bound tokens, and strong cryptographic standards provide an
+effective framework for mitigating these risks. Several guides are
+available on best practices in different environments, including BCP
+225, “JSON Web Token Best Current Practices”; review them and consider
+how they can apply to your environment.
+
+Frameworks like OAuth 2.0 and emerging standards like WIMSE (Workload
+Identity in Multi-System Environments) are beginning to provide the
+necessary infrastructure for managing short-lived tokens, particularly
+in cloud-native and microservices
+architectures.<a href="#fn20" id="fnref20" class="footnote-ref"><sup>20</sup></a>
+WIMSE is an interesting standardization effort for applications and
+multi-cloud identities. And while short-lived tokens remain a
+cornerstone of secure token management today, the evolving landscape of
+token management frameworks, such as CAEP, suggests that risk tolerance
+for longer token lifetimes may shift as standards and implementations
+mature.
+
+Your organization’s risk posture will guide your definition of “short”
+and “long.” Regardless of whether you consider seconds, minutes, or
+months “short,” you need to implement strict scoping, use token binding,
+and ensure robust revocation and monitoring processes. You are aiming
+for a balance between security, usability, and performance, ensuring
+that both user and service interactions are protected against emerging
+threats.
+
+Author Bio
+==========
+
+![](image2.jpeg)Heather Flanagan, Principal at Spherical Cow Consulting,
+comes from a position that the Internet is led by people, powered by
+words, and inspired by technology. She has been involved in leadership
+roles with some of the most technical, volunteer-driven organizations on
+the Internet, including IDPro as Executive Director and Principal
+Editor; the OpenID Foundation as Lead Editor; the IETF,  IAB, and the
+IRTF as RFC Series Editor; ICANN as Technical Writer and Editor; and
+REFEDS as Coordinator, just to name a few. If there is work going on to
+develop new Internet standards, or discussions around the future of
+digital identity, she is interested in engaging in that work. You can
+learn more about her at
+&lt;<https://www.linkedin.com/in/hlflanagan/>&gt;
+
+<div class="section footnotes">
+
+------------------------------------------------------------------------
+
+1.  <div id="fn1">
+
+    Y., Hardt, D., and M. Jones, "JSON Web Token Best Current
+    Practices", BCP 225, RFC 8725, DOI 10.17487/RFC8725, February 2020,
+    &lt;[<span
+    class="underline">https://www.rfc-editor.org/info/rfc8725</span>](https://www.rfc-editor.org/info/rfc8725)&gt;.
+    *Note that some readers may find reference to RFC 8471, “The Token
+    Binding Protocol” in their search for more information on token
+    binding. That specification has been largely abandoned. See* *[<span
+    class="underline">https://groups.google.com/a/chromium.org/g/blink-dev/c/OkdLUyYmY1E/m/w2ESAeshBgAJ</span>](https://groups.google.com/a/chromium.org/g/blink-dev/c/OkdLUyYmY1E/m/w2ESAeshBgAJ)
+    for the thread that ultimately ended widescale adoption of the Token
+    Binding Protocol.*<a href="#fnref1" class="footnote-back">↩︎</a>
+
+    </div>
+
+2.  <div id="fn2">
+
+    Fett, D., Campbell, B., Bradley, J., Lodderstedt, T., Jones, M.,
+    and D. Waite, "OAuth 2.0 Demonstrating Proof of Possession (DPoP)",
+    RFC 9449, DOI 10.17487/RFC9449, September 2023,
+    &lt;<https://www.rfc-editor.org/info/rfc9449>&gt;.<a href="#fnref2" class="footnote-back">↩︎</a>
+
+    </div>
+
+3.  <div id="fn3">
+
+    For examples of how specific use cases are handled, see the profile
+    of OAuth 2.0 and OpenID Connect recommended by the OpenID
+    Foundation’s FAPI Working Group that focuses on use cases requiring
+    high security, like Open Banking: Fett, D. “FAPI 2.0 Security
+    Profile” Implementers Draft, December, 2022,
+    https://openid.net/specs/fapi-2\_0-security-profile-ID2.html<a href="#fnref3" class="footnote-back">↩︎</a>
+
+    </div>
+
+4.  <div id="fn4">
+
+    There is work underway in the IETF to standardized real-time token
+    revocation, but the work is still in draft form. See Parecki, A.,
+    “Global Token Revocation,”
+    draft-parecki-oauth-global-token-revocation, [<span
+    class="underline">https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/</span>](https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/).<a href="#fnref4" class="footnote-back">↩︎</a>
+
+    </div>
+
+5.  <div id="fn5">
+
+    Richer, Justin, and Antonio Sanso. 2017. *OAuth 2 in Action*.
+    Manning.<a href="#fnref5" class="footnote-back">↩︎</a>
+
+    </div>
+
+6.  <div id="fn6">
+
+    Jones, M. and D. Hardt, "The OAuth 2.0 Authorization Framework:
+    Bearer Token Usage", RFC 6750, DOI 10.17487/RFC6750, October 2012,
+    &lt;https://www.rfc-editor.org/info/rfc6750&gt;.<a href="#fnref6" class="footnote-back">↩︎</a>
+
+    </div>
+
+7.  <div id="fn7">
+
+    Campbell, B., Bradley, J., Sakimura, N., and T. Lodderstedt, "OAuth
+    2.0 Mutual-TLS Client Authentication and Certificate-Bound Access
+    Tokens", RFC 8705, DOI 10.17487/RFC8705, February 2020,
+    &lt;https://www.rfc-editor.org/info/rfc8705&gt;.<a href="#fnref7" class="footnote-back">↩︎</a>
+
+    </div>
+
+8.  <div id="fn8">
+
+    Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749,
+    DOI 10.17487/RFC6749, October 2012,
+    &lt;<https://www.rfc-editor.org/info/rfc6749>&gt;.<a href="#fnref8" class="footnote-back">↩︎</a>
+
+    </div>
+
+9.  <div id="fn9">
+
+    Grassi, Paul A, James L Fenton, Elaine M Newton, Ray A Perlner,
+    Andrew R Regenscheid, William E Burr, Justin P Richer, et al. 2017.
+    “Digital Identity Guidelines: Authentication and Lifecycle
+    Management.”
+    <https://doi.org/10.6028/nist.sp.800-63b>.<a href="#fnref9" class="footnote-back">↩︎</a>
+
+    </div>
+
+10. <div id="fn10">
+
+    Cappalli, T. and Tulshibagwale, A. “OpenID Continuous Access
+    Evaluation Profile 1.0 – Draft 03” 2024-06-19,
+    https://openid.net/specs/openid-caep-1\_0-ID2.html<a href="#fnref10" class="footnote-back">↩︎</a>
+
+    </div>
+
+11. <div id="fn11">
+
+    Grassi, Paul A, Justin P Richer, Sarah K Squire, James L Fenton,
+    Ellen M Nadeau, Naomi B Lefkovitz, Jamie M Danker, Yee-Yin Choong,
+    Kristen K Greene, and Mary F Theofanos. 2017. “Digital Identity
+    Guidelines: Federation and Assertions.” [<span
+    class="underline">https://doi.org/10.6028/nist.sp.800-63c</span>](https://doi.org/10.6028/nist.sp.800-63c).<a href="#fnref11" class="footnote-back">↩︎</a>
+
+    </div>
+
+12. <div id="fn12">
+
+    RFC 6749, "The OAuth 2.0 Authorization
+    Framework”.<a href="#fnref12" class="footnote-back">↩︎</a>
+
+    </div>
+
+13. <div id="fn13">
+
+    Fletcher, George, Pieter Kasselman, Atul Tulshibagwale, “Transaction
+    Tokens,” last updated 2024-07-03,
+    <https://datatracker.ietf.org/doc/draft-ietf-oauth-transaction-tokens/>.<a href="#fnref13" class="footnote-back">↩︎</a>
+
+    </div>
+
+14. <div id="fn14">
+
+    “Manipulator-in-the-middle Attack \| OWASP Foundation,” n.d.
+    https://owasp.org/www-community/attacks/Manipulator-in-the-middle\_attack.<a href="#fnref14" class="footnote-back">↩︎</a>
+
+    </div>
+
+15. <div id="fn15">
+
+    Trevino, Aranza, and Aranza Trevino. 2024. “What Are Zero Standing
+    Privileges?” Keeper Security Blog - Cybersecurity News & Product
+    Updates. April 29, 2024.
+    <https://www.keepersecurity.com/blog/2024/04/29/what-are-zero-standing-privileges/>.<a href="#fnref15" class="footnote-back">↩︎</a>
+
+    </div>
+
+16. <div id="fn16">
+
+    Carter, M. K., (2022) “Techniques To Approach Least Privilege”,
+    *IDPro Body of Knowledge* 1(9). doi: [<span
+    class="underline">https://doi.org/10.55621/idpro.88</span>](https://doi.org/10.55621/idpro.88)<a href="#fnref16" class="footnote-back">↩︎</a>
+
+    </div>
+
+17. <div id="fn17">
+
+    “SPIFFE – Secure Production Identity Framework for Everyone,” n.d.
+    https://spiffe.io/.<a href="#fnref17" class="footnote-back">↩︎</a>
+
+    </div>
+
+18. <div id="fn18">
+
+    Sakimura, Nat, John Bradley, Michael Jones, Breno De Medeiros, and
+    Chuck Mortimore. 2023. “OpenID Connect Core 1.0 incorporating errata
+    set 2.” OpenID Foundation.
+    <https://openid.net/specs/openid-connect-core-1_0.html>.<a href="#fnref18" class="footnote-back">↩︎</a>
+
+    </div>
+
+19. <div id="fn19">
+
+    Parecki, A. “Global Token Revocation,”
+    draft-parecki-oauth-global-token-revocation,
+    https://datatracker.ietf.org/doc/draft-parecki-oauth-global-token-revocation/.<a href="#fnref19" class="footnote-back">↩︎</a>
+
+    </div>
+
+20. <div id="fn20">
+
+    “Workload Identity in Multi System Environments (Wimse).” n.d.
+    <https://datatracker.ietf.org/group/wimse/about/>.<a href="#fnref20" class="footnote-back">↩︎</a>
+
+    </div>
+
+</div>
diff --git a/Laws Regulations Standards/An-Introduction-to-OIDC.md b/Laws Regulations Standards/An-Introduction-to-OIDC.md
new file mode 100644
index 0000000..9d5b700
--- /dev/null
+++ b/Laws Regulations Standards/An-Introduction-to-OIDC.md	
@@ -0,0 +1,501 @@
+By Anoop Gupta (Capital One)
+
+© 2024 IDPro, Anoop Gupta (Capital One)
+
+To comment on this article, please visit our [GitHub
+repository](https://github.com/IDPros/bok) and [submit an
+issue](https://docs.github.com/en/github/managing-your-work-on-github/opening-an-issue-from-code).
+
+About OpenID Connect
+====================
+
+OpenID Connect (OIDC) is a framework that facilitates the creation of a
+secure Internet identity
+ecosystem.<a href="#fn1" id="fnref1" class="footnote-ref"><sup>1</sup></a>
+It provides seamless integration and robust support while prioritizing
+security and privacy configurations. Additionally, it promotes
+interoperability and boasts widespread client and device support.
+
+Authorization Servers implementing the OpenID Connect (OIDC) protocol
+are called OpenID Providers (OP). A Relying Party (RP) connects to the
+OP to obtain an ID token as an assertion that the user has successfully
+authenticated and to receive a unique identifier representing the user.
+Additional purposes are ensuring the user is authorized for requested
+access and obtaining user attributes. The OP may authenticate users
+directly or delegate authentication to federated or non-federated
+Identity Providers (IDPs) to facilitate sign-in flows on web or mobile
+applications and share user profile information upon successful
+authentication. OpenID Connect does not define how OPs integrate with
+federated IDPs. Such integrations are left to the implementation details
+of the OP. The OP may act as a bridge in these cases, using proprietary
+or other non-standard protocols to authenticate users via the federated
+IDPs.
+
+RPs use the authenticated user claims found in the issued tokens to
+comprehend the user's authentication process and the level of assurance,
+allowing RPs to make well-informed decisions.
+
+For this article, the federated IDP flow is referenced. Note that OIDC
+does not mandate or standardize how federated IDPs are integrated. These
+integrations depend on the implementation details of the OP and may
+involve non-standard protocols or proprietary methods.
+
+Background
+----------
+
+The OAuth 2.0 specification defines a framework where clients or Relying
+Parties (RPs) connect with Resource Servers to access API resources on
+behalf of resource
+owners.<a href="#fn2" id="fnref2" class="footnote-ref"><sup>2</sup></a>
+The OP is pivotal in allowing this integration between the parties
+involved.
+
+Bertrand Carlier's article "[<span class="underline">An Introduction to
+OAuth 2.0</span>](https://bok.idpro.org/article/id/99/)" in the IDPro
+Body of Knowledge provides a comprehensive overview of OAuth 2.0 and
+touches on OIDC. It is a valuable starting point for understanding these
+widely used protocols and covers fundamental terminology and references
+to IETF RFC details that describe the protocols.
+
+OIDC emphasizes user authentication and introduces the concept of the ID
+Token. This token is exchanged between the OP and RP. It takes the form
+of a JSON Web Token (JWT) and communicates details about the
+authenticated user's identity through predefined [<span
+class="underline">standard
+claims</span>](https://openid.net/specs/openid-connect-core-1_0.html#StandardClaims)
+and information related to the authentication
+process.<a href="#fn3" id="fnref3" class="footnote-ref"><sup>3</sup></a><sup>,</sup>
+<a href="#fn4" id="fnref4" class="footnote-ref"><sup>4</sup></a><sup>,</sup>
+<a href="#fn5" id="fnref5" class="footnote-ref"><sup>5</sup></a>
+
+The OIDC specification allows RPs to access more detailed user
+information through the UserInfo endpoint, a protected resource in the
+OAuth 2.0 framework. During the authentication process, RPs can request
+user claims from this endpoint using the Access Token obtained from the
+OP. The user claims are returned as a JSON object containing name-value
+pairs, providing comprehensive user information to the RP.
+
+Terminology
+-----------
+
+Terminology is primarily derived from the [Terminology in the IDPro Body
+of Knowledge](https://bok.idpro.org/article/id/41/).
+
+|                           |                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |                                                                                                                                                                               |
+|---------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| Term                      | Definition                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | Source                                                                                                                                                                        |
+| Identity Provider (IdP)   | An IdP is a service that stores and manages digital identities. Companies use these services to allow their employees or users to connect with the resources they need. They provide a way to manage access, adding or removing privileges while security remains tight.                                                                                                                                                                                                                                                     | [<span class="underline">Identity Providers (IdPs): The key to secure digital access.</span>](https://www.okta.com/identity-101/why-your-company-needs-an-identity-provider/) |
+| OAuth 2.0                 | The OAuth 2.0 authorization framework enables a third-party application to obtain limited access to an HTTP service, either on behalf of a resource owner by orchestrating an approval interaction between the resource owner and the HTTP service or by allowing the third-party application to obtain access on its own behalf.                                                                                                                                                                                            | [<span class="underline">The OAuth 2.0 Authorization Framework</span>](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1)                                             |
+| Authorization Server (AS) | The Authorization Server is able to authorize a client, issue tokens, and potentially validate tokens. It is also responsible for authenticating users, either directly or through federation.                                                                                                                                                                                                                                                                                                                               | [An Introduction to OAuth2.0](https://bok.idpro.org/article/id/99/)                                                                                                           |
+| OpenID Connect            | OpenID Connect is a simple identity layer on top of the OAuth 2.0 protocol. It enables Clients to verify the identity of the End-User based on the authentication performed by an Authorization Server, as well as to obtain basic profile information about the End-User in an interoperable and REST-like manner.                                                                                                                                                                                                          | [Federation Simplified (v2)](https://bok.idpro.org/article/id/62/)                                                                                                            |
+| OpenID Provider (OP)      | An OpenID Provider (OP) is an entity that has implemented the OpenID Connect and OAuth 2.0 protocols, OP's can sometimes be referred to by the role it plays, such as: an identity provider (IDP), or an authorization server, or a security token service.                                                                                                                                                                                                                                                                  | [<span class="underline">What is OpenID Connect</span>](https://openid.net/developers/how-connect-works/)                                                                     |
+| Resource Server           | The server hosting the protected resources, capable of accepting and responding to protected resource requests using access tokens. Typically, exposed as an API.                                                                                                                                                                                                                                                                                                                                                            | [<span class="underline">The OAuth 2.0 Authorization Framework</span>](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1)                                             |
+| Relying Party (RP)        | A component, system, or application that uses the IDP to identify its users. The RP has its own resources and logic. Note that the term 'relying service' is used in the ISO/IEC standards to encompass all types of components that use identity services, including systems, sub-systems, and applications, independent of the domain or operator. We will use the more common Relying Party (or RP). An RP roughly corresponds to the Agency Endpoint in the FICAM model or to Identity Consumers in the Internet2 model. | [IAM Reference Architecture](https://bok.idpro.org/article/id/76/)                                                                                                            |
+| Client                    | An application making protected resource requests on behalf of the resource owner and with its authorization. The term "client" does not imply any particular implementation characteristics (e.g., whether the application executes on a server, a desktop, or other devices).                                                                                                                                                                                                                                              | [<span class="underline">The OAuth 2.0 Authorization Framework</span>](https://datatracker.ietf.org/doc/html/rfc6749#section-1.1)                                             |
+
+Tokens
+======
+
+The Authorization Code flow is the most commonly used method for RPs to
+obtain tokens in OIDC. This flow ensures secure communication between
+the RP and the Authorization Server through the following steps:
+
+1.  User Authentication: The RP redirects the user to the Authorization
+    Server, where the user logs in.
+
+2.  Authorization Code Issuance: After successful authentication, the
+    Authorization Server issues an Authorization Code to the RP.
+
+3.  Token Exchange: The RP exchanges the Authorization Code for tokens
+    via a secure back-channel server-to-server call. These tokens
+    typically include:
+
+    -   ID Token: Provides authenticated user identity claims.
+
+    -   Access Token: Grants access to protected resources.
+
+    -   Refresh Token (optional): Allows the RP to obtain new Access
+        Tokens without requiring the user to log in again.
+
+To enhance security, particularly for public clients, the Proof Key for
+Code Exchange (PKCE) extension is
+mandatory.<a href="#fn6" id="fnref6" class="footnote-ref"><sup>6</sup></a>
+While PKCE is mandatory for public clients, its use is also encouraged
+for confidential clients to provide additional protection against
+interception attacks. PKCE mitigates interception attacks by binding the
+authorization request to the token exchange
+process.<a href="#fn7" id="fnref7" class="footnote-ref"><sup>7</sup></a>
+
+ID Token
+--------
+
+The ID Token is a critical element of OpenID Connect, designed to
+securely communicate user authentication details. It is structured as a
+JWT and includes claims such as:
+
+-   sub: A unique identifier for the authenticated user.
+
+-   Optional Claims: Additional claims like name, profile, or email,
+    which must be explicitly requested using scopes (e.g., openid,
+    profile, email).
+
+To ensure integrity, the Authorization Server digitally signs the ID
+Token using JSON Web Signature
+(JWS).<a href="#fn8" id="fnref8" class="footnote-ref"><sup>8</sup></a>
+For enhanced confidentiality, the ID Token can also be encrypted with
+JSON Web Encryption (JWE) using symmetric or asymmetric
+algorithms.<a href="#fn9" id="fnref9" class="footnote-ref"><sup>9</sup></a>
+
+Both Access Tokens and ID Tokens have expiration times to ensure
+security. RPs should validate the expiration (exp) claim in tokens
+before processing them.
+
+Multiple Hops Omitted
+---------------------
+
+This explanation omits intermediate browser redirects for brevity,
+focusing instead on the core interactions between the RP and the
+Authorization Server.
+
+UserInfo Endpoint
+=================
+
+The UserInfo endpoint is a key feature of OIDC, enabling RPs to retrieve
+additional user claims beyond those provided in the ID Token. Common
+claims retrieved via the UserInfo endpoint include name, email,
+birthdate, and address, depending on the scopes requested by the RP.
+These claims, formatted as a JSON object, offer more detailed
+information about the user’s profile or authentication process.
+
+RPs should follow the principle of data minimization by requesting only
+the claims necessary for their application to function.
+
+Access and Authorization
+------------------------
+
+The UserInfo endpoint requires an Access Token, issued by the
+Authorization Server during the authorization process, to authenticate
+and authorize requests. The claims available from the UserInfo endpoint
+depend on:
+
+-   The scopes requested during the authorization process (e.g.,
+    profile, email).
+
+-   The OpenID Provider's (OP) configuration and policies.
+
+RPs may also explicitly request specific claims using the claims
+parameter in the authorization request. This allows for fine-grained
+control over the user information retrieved from the OP.
+
+Optional Claims and Provider Discretion
+---------------------------------------
+
+The OP determines which claims are included in the ID Token and which
+are provided through the UserInfo endpoint. Not all claims in the ID
+Token are guaranteed to be available via the UserInfo endpoint. This
+separation ensures flexibility while adhering to privacy and security
+considerations.
+
+Data Security
+-------------
+
+To ensure confidentiality, the response from the UserInfo endpoint can
+be encrypted using JWE. This encryption can be implemented using
+symmetric or asymmetric algorithms, depending on the RP’s requirements,
+to safeguard sensitive user information during transmission.
+
+Enhanced Decision-Making
+------------------------
+
+The detailed claims retrieved from the UserInfo endpoint empower RPs to
+make informed decisions about user access, authentication levels, and
+personalized experiences within their applications.
+
+By offering this additional layer of user information, the UserInfo
+endpoint complements the ID Token, allowing RPs to access a richer set
+of data while maintaining robust security and privacy standards.
+
+OIDC Flow
+=========
+
+OIDC provides a secure framework for authenticating users and exchanging
+identity information between RPs and OPs In some cases, the OP may
+delegate authentication to an external IDP. The typical sequence of the
+OIDC flow includes the following steps:
+
+1.  RP Initiates Authentication: The RP redirects the user to the OP's
+    Authorization Server, initiating the authentication process.
+
+2.  Authentication via Federated IDP (Optional): If the OP integrates
+    with a federated IDP, it forwards the authentication request to the
+    IDP. The IDP authenticates the user and may bypass the login screen
+    if the user is already authenticated.
+
+3.  Authorization Code Issuance: Once the user is authenticated, the
+    Authorization Server issues an Authorization Code to the RP via the
+    user's browser.
+
+<!-- -->
+
+1.  Token Exchange: The RP exchanges the Authorization Code for tokens
+    in a secure back-channel request to the Authorization Server. These
+    tokens include:
+
+    -   ID Token: Contains identity claims about the authenticated user.
+
+    -   Access Token: Used to access protected resources.
+
+    -   Refresh Token (optional): Enables the RP to obtain new Access
+        Tokens without reauthenticating the user.
+
+2.  Optional UserInfo Query: The RP may query the UserInfo endpoint
+    using the Access Token to retrieve additional claims that were not
+    included in the ID Token. These claims can offer more detailed
+    information about the user’s profile or authentication.
+
+3.  Access Protected Resources: The RP uses the Access Token to interact
+    with the Resource Server and access the requested protected
+    resources.
+
+Additional Notes
+
+-   Flexibility in Claims Sharing: The OP and, if applicable, the IDP
+    may provide claims through their respective UserInfo endpoints. This
+    flexibility allows RPs to access detailed user profiles tailored to
+    their needs.
+
+-   Simplified Representation: This explanation omits intermediate
+    browser redirects and technical details for brevity.
+
+-   Error Handling: If an error occurs at any step, such as invalid
+    credentials or an expired authorization code, the OP should return
+    an error response detailing the reason. RPs must handle these errors
+    gracefully to provide feedback to the user.
+
+By following this structured flow, OIDC ensures secure and reliable
+authentication while providing a flexible mechanism for retrieving
+identity and profile information. This enables RPs to create
+personalized and secure user experiences.
+
+![1. User Agent/Browser sends Authorize request 2. Auth Server redirects
+to IDP to render login screen 3. User authenticates and provides claims
+4. Auth Server returns authorization code 5. Fetch tokens using
+authorization code 6. (optionally) call UserInfo endpoint using Access
+Token 7. Present Access Token to access resource 8. Auth Server fetches
+protected resource from resource server 9. Auth Server returns protected
+resource](oidc-image1.png)
+
+Figure 1: OAuth 2.0 and OpenID Connect flow
+
+Logout
+======
+
+OIDC supports RP-initiated and back-channel logout mechanisms. However,
+the implementation of these protocols varies among OPs. RPs should
+consult the OP's metadata to determine the supported logout methods. The
+OP and IDP can provide logout endpoints for the RP to call during the
+user logout flow. Logout endpoints ensure no further calls can be made
+to the Resource Server using invalidated access tokens. In addition to
+invalidating tokens, RPs should ensure session cookies are cleared to
+fully terminate the user's session.
+
+RP-initiated and back-channel logout are two mechanisms for ending a
+user session on the Identity Provider and invalidating the associated
+tokens.
+
+-   RP-Initiated Logout ( [<span
+    class="underline">https://openid.net/specs/openid-connect-rpinitiated-1\_0.html</span>](https://openid.net/specs/openid-connect-rpinitiated-1_0.html)
+    )
+
+-   Back Channel Logout ( [<span
+    class="underline">https://openid.net/specs/openid-connect-backchannel-1\_0.html</span>](https://openid.net/specs/openid-connect-backchannel-1_0.html)
+    )
+
+Some OPs also support Single Logout (SLO), enabling simultaneous session
+termination across multiple RPs. RPs should review the OP's metadata to
+determine the supported logout methods and endpoints.
+
+In general, implementations of logout mechanisms may vary significantly
+across OPs. RPs should test these flows thoroughly to ensure
+compatibility.
+
+Discovery
+=========
+
+The OpenID Connect (OIDC) discovery mechanism simplifies the integration
+of Relying Parties (RPs) with OpenID Providers (OPs) by providing a
+standardized method for retrieving configuration metadata. This metadata
+is accessible at a well-known URL: /.well-known/openid-configuration.
+
+Metadata Overview
+-----------------
+
+The discovery document includes essential details about the OP's
+capabilities, such as:
+
+-   **Endpoints:** URLs for token issuance, user authentication, and the
+    UserInfo API.
+
+-   **Supported Grant Types:** Information on flows like authorization
+    code and implicit.
+
+-   **Cryptographic Algorithms:** Supported methods for signing and
+    encrypting tokens.
+
+-   **Scopes and Claims:** Available scopes and the claims that can be
+    requested by RPs.
+
+Dynamic Client Registration
+---------------------------
+
+The metadata also supports dynamic client registration, allowing RPs to
+programmatically register with the OP. This feature automates
+integration, reducing manual setup and ensuring consistency across
+different implementations. Dynamic client registration should be
+protected with appropriate measures, such as client authentication or
+pre-authorization by the OP, to prevent misuse.
+
+Interoperability and Security
+-----------------------------
+
+By centralizing these configuration details, the discovery mechanism:
+
+-   Streamlines the setup process for RPs.
+
+-   Enhances interoperability between systems.
+
+-   Improves security by ensuring that the RP operates with accurate,
+    up-to-date information.
+
+Best Practices
+--------------
+
+RPs should periodically validate the information retrieved from the
+discovery document to account for any updates or changes in the OP's
+configuration. This ensures seamless operation and adherence to the
+latest security standards.
+
+The discovery mechanism is a cornerstone of OIDC's flexibility, enabling
+a wide range of applications to integrate quickly and securely with
+OpenID Providers.
+
+Beyond The Introduction
+=======================
+
+In addition to what has been mentioned in this introduction, the OIDC
+specification covers a wide range of measures to ensure the secure
+transmission of user data. Several other topics are included that can
+enhance the authentication process.
+
+-   OAuth 2.0 Step Up Authentication Challenge Protocol ( [<span
+    class="underline">RFC
+    9470</span>](https://www.rfc-editor.org/info/rfc9470) )
+
+-   Vector of Trust ( [<span class="underline">RFC
+    8485</span>](https://www.rfc-editor.org/info/rfc8485) )
+
+-   Client Dynamic Registration ( [*RFC
+    7591*](https://www.rfc-editor.org/info/rfc7591) )
+
+-   Authorization Server Metadata ( [*RFC
+    8414*](https://www.rfc-editor.org/info/rfc8414) )
+
+Additional Reading
+------------------
+
+1.  Lodderstedt, T., Ed., McGloin, M., and P. Hunt, "OAuth 2.0 Threat
+    Model and Security Considerations", RFC 6819, DOI 10.17487/RFC6819,
+    January 2013, &lt;https://www.rfc-editor.org/info/rfc6819&gt;.
+
+2.  M. Jones, "JSON Web Key", RFC 7517, DOI 10.17487/RFC7517, May 2015,
+    &lt;https://www.rfc-editor.org/info/rfc7517 &gt;
+
+3.  Jones, M. and D. Hardt, "The OAuth 2.0 Authorization Framework:
+    Bearer Token Usage", RFC 6750, DOI 10.17487/RFC6750, October 2012,
+    &lt;https://www.rfc-editor.org/info/rfc6750&gt;.
+
+4.  Richer, J., Ed., "OAuth 2.0 Token Introspection", RFC 7662, DOI
+    10.17487/RFC7662, October 2015, &lt;[<span
+    class="underline">https://www.rfc-editor.org/info/rfc7662</span>](https://www.rfc-editor.org/info/rfc7662)&gt;.
+
+<div class="section footnotes">
+
+------------------------------------------------------------------------
+
+1.  <div id="fn1">
+
+    Sakimura, N., Bradley, J., Jones, M., de Medeiros, B., Mortimore, C.
+    “OpenID Connect Core 1.0 incorporating errata set 1,” OpenID
+    Foundation, November 2014,
+    <https://openid.net/specs/openid-connect-core-1_0.html>
+    .<a href="#fnref1" class="footnote-back">↩︎</a>
+
+    </div>
+
+2.  <div id="fn2">
+
+    Hardt, D., Ed., "The OAuth 2.0 Authorization Framework", RFC 6749,
+    DOI 10.17487/RFC6749, October 2012,
+    &lt;<https://www.rfc-editor.org/info/rfc6749>&gt;.<a href="#fnref2" class="footnote-back">↩︎</a>
+
+    </div>
+
+3.  <div id="fn3">
+
+    Y.Sheffer, D.Hardt, M.Jones, "JSON Web Token Best Current
+    Practices", RFC 8725, DOI 10.17487/RFC8725, February 2020,
+    &lt;<https://www.rfc-editor.org/info/rfc8725>&gt;.<a href="#fnref3" class="footnote-back">↩︎</a>
+
+    </div>
+
+4.  <div id="fn4">
+
+    Bertocci, V., "JSON Web Token (JWT) Profile for OAuth 2.0 Access
+    Tokens", RFC 9068, DOI 10.17487/RFC9068, October 2021,
+    &lt;https://www.rfc-editor.org/info/rfc9068&gt;.<a href="#fnref4" class="footnote-back">↩︎</a>
+
+    </div>
+
+5.  <div id="fn5">
+
+    Jones, M., Bradley, J., and N. Sakimura, "JSON Web Token (JWT)", RFC
+    7519, DOI 10.17487/RFC7519, May 2015,
+    &lt;<https://www.rfc-editor.org/info/rfc7519>&gt;.<a href="#fnref5" class="footnote-back">↩︎</a>
+
+    </div>
+
+6.  <div id="fn6">
+
+    Sakimura, N., Ed., Bradley, J., and N. Agarwal, "Proof Key for Code
+    Exchange by OAuth Public Clients", RFC 7636, DOI 10.17487/RFC7636,
+    September 2015,
+    &lt;https://www.rfc-editor.org/info/rfc7636&gt;.<a href="#fnref6" class="footnote-back">↩︎</a>
+
+    </div>
+
+7.  <div id="fn7">
+
+    Jones, M., Nadalin, A., Campbell, B., Ed., Bradley, J., and C.
+    Mortimore, "OAuth 2.0 Token Exchange", RFC 8693, DOI
+    10.17487/RFC8693, January 2020,
+    &lt;https://www.rfc-editor.org/info/rfc8693&gt;.<a href="#fnref7" class="footnote-back">↩︎</a>
+
+    </div>
+
+8.  <div id="fn8">
+
+    M. Jones, J.Bradley, N.Sakimura M, “JSON Web Signature”, RFC 7515,
+    DOI 10.17487/RFC7515, May 2015, &lt;
+    <https://www.rfc-editor.org/info/rfc7515> &gt;.<a href="#fnref8" class="footnote-back">↩︎</a>
+
+    </div>
+
+9.  <div id="fn9">
+
+    M. Jones, James Hilderbrand, “JSON Web Encryption (JWE)”, RFC 7516,
+    DOI 10.17487/RFC7516, May 2015,
+    &lt;<https://www.rfc-editor.org/info/rfc7516>&gt;.<a href="#fnref9" class="footnote-back">↩︎</a>
+
+    </div>
+
+</div>
diff --git a/Laws Regulations Standards/oidc-image1.png b/Laws Regulations Standards/oidc-image1.png
new file mode 100644
index 0000000000000000000000000000000000000000..f263f06d903374f4516889a242f4e2cdbc765c28
GIT binary patch
literal 79144
zcmeGEg<ll!{sxT0vcjS?igZXRAYCqvNT+lo-H5Psg91vZbeD8@r-U@pwWQS2-SC_B
zobx@;?|fd*fAHwQ?u(h7*}3ogUDtKJCsbKc3i~1HLlhJgY#C{Zw<suRc_=8L_Yid8
zFG0HU3&0Di(_1NVl#(IxE#%+Kv}DW`6i}Fe_Yjl^s01iz$U}htD5#_;5B|PKL6Joz
z`@i>ZQJ??&7!V3duoVjU-^b_xugHI2fgj-0|9(YFNB!>^(?S0^8Z9p!?LY59?~xz#
z_N}S_UNGNFYdfK!5YZ!lP-WiI9iX6yqR2>yskx!<z%i0{-+15Oi+SviE`y$_<2{y8
z5tVom5D;Q4H!}S_B=nB1n~uRUkzPfVnmUvEne-D0F|oS$Z@w;g)}JgSNguWjAKo|b
z>ARfo?ZGS0J<pmp4*7Lk%+|R|FNYG`hb_!ooNmk6qJ!`t{{Oqh{{$Ow1dk~l(cppp
zcT>icNM9HG=VvS*_(R4u9={Iz=dKXZL9TzEXyhRXKd<=tCu016Tm#QP(SjN*{y$s#
z6Yw)-T@@^jXaCqm4dNLVg#`WY#te~2ugN4fmiXr`uyyJ`ZX4pSffpib_lBc0<bOv5
z0^FP++W(FP9;lca&wuu_aR~lDcj4!`qyO(MP=j^Es6o|Fy6|ZKx$BwoG1fnB0a6tp
z3btncOe6WvUBE<;{ByMbzlr#tx%hvZ2%}UDEsoHzi&d(7t-C|2`|<&<;U&wBRL{M{
zxu=F+j`H<;IoBJBHYEX4_v{4M@Z)v9)_U9O2@SL5k5Bh}J@0V*Bk+|Ohxu2-IPGSu
zIKOW=^S^G`x+|X?W4K4#*R&8h$-s@7(9kWer)zzko(0C?U-J8~-+Uec4L2ysH98%>
zM--MCxXe5DRIGevjz~1Ihxi{-vwL5ieCT_T8-2as>YKB9C6ddPLcA<O=ziaJ_BAw1
z#@A)fVN~1q_O$<c@%|2f)N0=>urTjzcFv>U`9te9d_VT~Y_7EFWK^!Ww$={4AQ^ct
z^@xJPzMLd`QvcZ+P-5p<UL*3zzST$(1B3gkDW#QU7gig@J|<(ba?SjQe#rRHJH-Js
z2)Xl!*qWT-)mxJ7wtc@%kG)0Dz4}}|pUX9~C<We7(cSt{2c=IAjk`4;x}Io8hx5+n
zvD8c(?{XA<VX41dPwF4`y*q}Cvocj;a>blG%$UW!^gVp)%kj=iu_h>1%Q%!H{F4$d
zPVaChp_XOF$G)05dtDdcs8A)Z??2quVl)-MC)1I^C6;KZE~WVr=9qL#Tkozu9Q88R
z_T><dC4mi23p8VJy_V3bso+UqbGE6CG+&>~yYp5N&u>+K_KL)IMa8g^CujZX7+}%M
zeEDDa5+42k**y*5&TvA_Z5h#%M1*VNKWP51t2iO@FA}qR=YGG8>-!v6<mSEmUj0S^
z?0AsRFlCQ@zv*~rRA=wjrldZn1n$+ZyYN=Sz<o`7VKpE(&8I={Lofa5>>%G_lQb92
zzr7X%GwSZbYg{326E2Y?GS<ogPBZ@pMDZ{BEmB|_@Vc(qy3<Krha9J@%Z&t!)EALL
zXVdB1g2)TaqC3<re=_TfezEqX^rG_KFWgqg^xGTBD7_MF|5WOOPC}(|VJ?hs9+jJ!
zUx?(oZqi1YkuFoqg%|T`;k-q2>fP*#*w3o<M4MPPujNN(*)bZVlPlXLjU_iHxgsxJ
z7rkAdRMS4mYrVhSw^_CH*xfcbZ-9)yd$D2quVLXMbi2FU=pXhut2_#%x-pWJnrz#-
zzxKT^-FvpU6Y?VRslKzytF0eVeLccw<ue3%7HQrt3dc)<xIQEe*L#hnH&;`wta7aN
zrrNLxbqk1^T}Aj)!&`)A+<D7+Gg~7YhIslEW}XrPM+{*?6;I(ZozVoWQ`WN>=}ko-
zT&(KZlSW+vb6jIw4R6%su`IK#Iq7)B7X1@PpeW*@_i3TwOTi*OxU(vaWSoJ=*3s-#
zi%YlVH`%RIoV42=3kx?RxPvQqCQNqm*UnKtn_)@I6~cJjDg`!~PuuM}?<l41b=YOo
zWk2a>-R5qhZ=u%5GiojQH5}a#Se9#Na}I2UMHRAeF%`7d8S^CU%fys#e!Y29($Cit
z@hqwQ*BfbJb>3!NGcS*J!q@9*MXN0YcB@pMgrf(XPn$$mbd%bQpD8w8&Mn^6)Huk!
ztX8udbJP2no9a=p$7_AAJJq_*Q<@*x;0lLn)&tAn%Z%b3Z#oNhifL*4<r<r>wqe#g
zLgF)PK5XG6j?-VXk<qXz{o0x}1?~Fo920})<>a%}r!iV<p%V<p7gzV)WDZ5%=vG%E
zG+>X9ZF37}HR3-?n$Kp<ru1El8xQB6OY4_q-DE`y>n!4AMA((Jqj%Y8flvE)z?B#i
zj2#;K8o4L#&3oN88#i{rHs0G9R9<D%FQ%%Qi^{}zgSTntE)9jI_@3tScWz}V?f811
zKVq#*cS{*!HoWYcrJ7<qhp#qD`0BLIu{?wtaW7g#l^4+h%dvpcLm(j^yzro){Q7sK
zkD5HH2Vl|tN<K$XAAZpUkN2&;n?&)s>^CgIPVrQ4xEu3V&%3{Fy)O)(2b{C^!fA=C
zx<gU-?*850KEh=jxl5N!Z_HD{WE5hp+<FvKI=-4CA2Q}(W!H4r-8Ff~nCfO+EYXRm
z92V9kn+NXKBQ|w`$T(8wUy(vcTr_tKrMP{G%)Tz8#yz~}Bg$>9?{)1_q2X--<y7x@
z3uaL6*-^67Q2st&)#Kn_x25-2r60ysq$XyRW@S?pDF#|^=UQL75ZB0+T!g6X%f{XD
z&e^JBK|Px%YFkc=XJvSP72fi}wSv!V46k)|!E#gfjplE5tEUXi5aao4JtB9Gr)NIb
zbBn3?xVmSHzW0<bx=gvivMHw)2cM=rdju9#whN{v+{}_uDPdzM5zuUV-xb2N=f3yn
zzJ?Th2&#8^3-xzEAalD+YQ0RF-G_y1hat)nun{R&cY_W-m6MmdHFG7C0ytEqnzTkK
zs%hRB#NgxR!ztg}DYII*OQFlf!a<5j*%!YvA=)~nv?l!Qog;%40~}w2KO_B*yE*nL
zOU!pScO<skH8R|kYZra4p$%8PN<I}4O<uR#hNW3WX;<U9)@Fj|^G^L+xoHOSV^0z>
znq++I*J7D<9hzYja1KNk0SN`~>~Wm$WgN^j7!U4!4!3y#Q&e^jyTL2CKNh)Htu2|%
zOU(IkbieYn^*PnuL2#kbg8N3w_Ga;?Dep=`$PO}H-J>1xI{$&=YB&RH>>8}(oAuhP
zvUc#kc}Xe$HrOf6`z$}O3>v>+V=p?bCT^@ccd@19+u&gb5jTiGZ{GJlZ9vWm3{i$^
zNJ$vjx$k>_y&e6U!YZ&%P!K&NyQlwn@&0zP+HO7E3K2P@6>*&Bb~=GCMXoZp!q>En
z4NISCeCGZxboq&<Uilg7bTl5QSz0v3dqZGRyK4c6u{zs>-=rwDS(^?zn4V)QrOE}w
z<f*ak&KYYg2MeEMTz!63i93D_47_i#w`rhg&a~5AUZuI<K?OlPVnO6~Ok~3C<a)yH
z*17feK4I7^humW`<IR0M`)PBAaOE-8-7?j~o`}0s#~unzq0*+-Sp3aEfyHea%5fqQ
zRHpBJId6&E>2K_TaYtyc=?fhXa9L<6u@~S0wrNC>0L!#03+*!}B~;1BKYMGRs`aS%
z!4rj>DFe^luxsvV!JHK@U>O?ZUR8uXJ@?0;%<G5^*8IqGWcxDGjo{xoYkCsIk}Zi>
zbtA^LTKm{aw&ZM-x-6ShkiwkflDl0}wuvpauW3ucp+N4Pn*cWVaS*}RoXf*;`K{xV
z6I^qa1Sa|S55p<$YA7e%1N(1t_Yz-q{miUHx`HYX1#CP%x%cx)z@SR_y;oxk=`){9
zyRtrOZw1VJI7po8LTKMz>2fr#MeV`%hVXg)EER8_DO1@#inqfeT2o$URs!Kr{_52P
zq9VWUYCJ%gEBI@}P@}9Zub3W!p`7Wxu*~9H;WHgY3m4=2wz<N+b88^wf7fdRRtIHe
z24z@1SZ}?bFuYZt@!W6T)_HskSD<*yQN%V;SHE!Ms_L)6Tt@WiD-ZM!O>N8i7sDIl
z+xTv|n}=Y=<!xc{Y3^rZgdv(v=jw{8RGn7iA$YuSv95~VAe9A42|n7^mz|_h;zkjK
z%5h+9ZE;9YTQY5W@n}iHLVr|8QpPUVk}PEQe7R~&vCtr1RY|D2rgGMt>#MVl!W>V^
z2*<fqq5JC_2hvg(b&M#fsszd+{fSQvLyjq?hgPj!8O_y13KkO{P>OdhS1lvICnarG
zXBxVQbfa;74gz7S5;h0UzuZFzfB*~GtSulkC&fz)Vq$wyZfPXtJ#h{*XjTob*-KKl
z<n1i)q143@xj8USc~!c0*h6KQJE(iCz)mVpP>Wh%PFn6$>rvoqhsJZN=Q}Mre$sN9
zy|di8e8BO1jaFEZyppTPUwvw@<h|l8U!Iw4`99^M6rwS|t(p9pa!>sU55ujLNDo2t
zn;F&X$vEO{9uYVsU)Gen+Z^-$X82xD>O)u?gp^Gc(+wK_3-7CK8Ee-#YU4d=wF;`5
zTEOJV1F>N3k1FnDj``olrb$zTR>QcgyVO;}AyxwlB6zJ^?Ji`zA3Ms|-NN}r#MApR
z^KeNYQpmPPyJ0U#2Q(Ocl|dWh=3Kc1oT92gSI#cq!uM~T79JVcWS#kr<0L$OojFJs
z^P7-8d{}MH!E2R_%bX%%Z^PFv1%84JDr}uqJDr&2q>x^CJZ9(JnYByL-IW{FmsDV4
zYaZ2Z7%<lGmMfx2mHxSRYdr5SIU6<%JD$?8?cL7O!HI5bn;DZ~j7745K|EN^j4{PF
zDh9do^}`i8h`#}?QFG3j`YlhHscehS9x`u6#B<=8k&s2^ZoBb^ir<s5aH5I9SO5Hu
z(}?uKo&G(S`ZAf_oD=V>O>woxuH11BBG4uh+j<x9%{+?UR=eDXef}nWrB>(U;u|Th
z2Kx8bOTFho`(emacVS`Q-U43OH~-dsBhjj7Wq*QQb1}}8=qB7`%cdwSB7Tx<(x@tj
zBy<9wM?so4yMu>9l{VjH`1An5-6&}`R<}j|Xiud)Y=pRdVrBuz@~klumUxWmh;Q-J
z6yFoNNyGeRG8~D5Kk3jTS{J(JeO!7=Ri1wtv~W!<b-x;|&eNk!!vhhDiDspL`;DT#
zpG`Sa7j!N`!C}*`v-1rir}`O3@SqJUTj=y6&qUI-czIHpgoV_Ko&ALB{*Vgh9Q#!A
zc6`$gC_JiDzw~I<Lq*i$CocWZ!_ThPeZm`XZju&n*4LGNf<>h;<Dose9EnSpla6bc
zhqdYUTTO|MKj5@1yT7cgzPKon6&@E9bH5IalW5H2dX+sqmI+@WaSW^NYF@EgQ4>i@
zP?-Hdp=PI7`NhE`c&LJ&Z_qXTO!v;s{KuMb&yO{M&uwerF+*CQ{bHA?wyGH&Od57Z
zh$Wf(6NMNmg+(Qy@z%AX-<qc?nqDW76Jh}>-oH!LmBvjfDcqPQRB!EXEmd76oZ1~1
zQ3FsJ&hvj>U9NCh?liV@1gfo!56LMhN2W{}TsP+T?5N-8o_Je?jJ-PhGR9Lf6&V}(
z8~qtPOwz`%QRt+EdtbTNT{%h8yh!HYGx0YP;;;+u_Ql(KhlnI1Zg%294yer+Pl3eH
z#suq4o$&H4jKGinE+?%KqP%a59LLyoHwpq6gW61~(|;c*8dVZOBvj9^e&KyY4=7Th
zG3Rm9)Q724B&;ouNLyP@@SSsGM_8TmzNrVQOq=H4c-ywKw%Nc0eNJkpS|FpXBjx19
zZ*Q^T{tnH}AujJaVOYe@;Ur;yRuVpKZ5wJow^M0ITSzlLGjVy^dR1b=(u$t?r;8&+
z<Gf%SIz39W*(F0x96eUA1o5}0NiRMlzs4fM+QVU-9Ix~j!<fj$3@oN1E80C1TH;b0
zxjfY$2cH@w**~m!@o7|Lv4=@H$?aGG-0%$re{)Raq;w7uiMsADW~fWH$E8J$H|Rl3
zTm`%8xV`>4$P=`q{LV;d&zC|>m{euqexdiu6>N<m>*DeN;g<A+)9UdqizW1{Z2n;i
z+$dVBM=kqk&FDluOQbQw?#7%?q`p-E6Ay?vDw<;l5HX65+NQOa>R)H|+DXgIdlXYO
z_8E9Nt!JCQsR^9pJ4+<vt6)c~=r;Nwz7j+VW=MtwKWgF=-eYtQe>jH~pwQGJSb?ao
zn}BiAhsY(d5lg()obW_b%^@rw7Rq6paUYNN6`wuvImd64^yi?Kc*#>H(RPHUiXEy=
z`D`n}-g0+Hnc{Z&D8>oMYE5X3`ZAzas!vbH&tC(PMie4X1k_Ja*>u6Z!8nzd`-3^s
zKlPvms)8>KxT5etQ86e=&-XKDP@6JxhVhaGnR7M?90k7yF-4-I{z_W*ozk{354P!X
z(-<(PrVD+G2JNIr&8NhkYOk8iPQVl+C&+;2?p5!FPxE*NXihNTPUd=_Ri+hh|0)io
zWk{ls#Ad)>$l)L?mJC&}Izl{jbOWx1fA_T0!p2L$&yxZjy@}T#NsNVX@aK%Mc3Su!
zX7KuBRJ8UMU9Z1MhY=@1h$zLz+qGM+!~}L1(CYF>3Qt5m7x+%1Em~t`7z_1Tq-eE<
zt@R?hIWL=4&MGm=GYxmj2iqMA#~j76Uw1@!hFt?^9=Y8AQKyHvb6zXe->V|H?yJn_
zg<No|89wQE=3`U2@z1mgTiL^F1!%}ZB)6@w=(I89O!;hVI`_=h1haFV5)MjK95*#g
zw)D2T4Kz?2&pc-xyI2c^Q1KUAn-?A%{uet4OBDqpHWSt&fLJ1<*d`jaRbG?9DBK)2
zmnfe^haWtdiuZ9cYWAz2<~NJ6aqY%4{P$oAT$XPZFP|$F!ZLa7%LI5GT>+$F@^o(U
ztA|~ua(lFq@gysJGJSTsOY$X|LzCla#L=JG-%;3twWDbZwQ!+#HmeT|6m7=krFePb
z6<nZ#>+vRt9yLP)bx?9%bxy3eMBR0l6jsuT?aQM4W&?wvK<jYD%7lL9vkf;O7fFL~
z%V~Wg3!&)cStdb3vQY`ZJ@ChsNakAUb-zN8Qj|(onj}=Y2^UFK-pMh3C=%OH-B8n8
zEf<Crxzv?L-I({3%+CpcL*z0)$S$&aB4SRnTyE$(-DDNAPe~b8!oRBDhrF>-ey|b|
zU$xe3f_TEwL&&VyGj1~GVy9->jCkMPEkD`eksWp7t{N)qqD>`BmlV*C#`MxSJ|qTX
zWjtD+EaA{^cK)O2X)RB#fwzf%frkTWh22pxSM#6mas@IiCVyfeyw!31PeN=1+{P66
z!bOWEj<S*<+@<!MOSE}}h+>ilm1D6uJ#FWo^Uq!CG&a!DH=2#R+hRy?V^Qe<GZ~;n
zwTsP$A{tP&>@sV(GT;D!BA_gs@>r{;v&JVpR}!tTvd`%VSyQ>_z!-W6oK5XCTZe_O
z$4_lcLTS$d7fO>}i4d|-7<os}k_4Ma5B4fT<LR2zQH1^G@OPa^R2nmaLG9ks4Ve$R
zIJGK72d%eU4O5FC6E2-ayN~-iTRbV2Wc=D2)}Pt@nTi>N$@nfCFBOkmorZ1=Fjs|a
z74(K?cE7rgs~KjL!|V6GHUv)NTf4SumBb;=WT?Zn+Tewlya<m7>>an1s42Rw&IniK
z;iiJYwsE6&*ARd9eWfbQw_t=(^amEOq@v$(S9+nC9vQ0jFxF5a{kU&$|1Xn)7{WKy
zAXuh!q$*U>dxx^mDMQs7qZO!n?+f<z#>@Y#9Vl`y5R^uZjLfEgJnyo3DSzygd>+_#
z`s@RCb$*y+yzPm2QG+C!6(Z9!eBHVYp6hhe&DY{6zi&y(h!x5JhAO7x+bM_#hH|7#
zXFw~UNkP{4?8*b!@>%!QxA!iKMu+v?uds{5zoLI)XkI@z+Q1NylE<xKcJTGYXml{T
zxfB7<%8J5o5Spzzb0TBogVOBJVF&FPQ!_XQ8Kw<Q*gZS3yVY;e^LF$c(xr7RWBo}m
z1@@bq^pCx-wsNOzn)kXmQS9;)WXv_S8gG$!%udVo-h}F0+9TY^nn~6fiHe%qd>eCx
z1RaN0{#ABirjs8%iwyaaOtxEK8?l7(JnxLc82JHEFMWIla%Q7kYKOI{|A#Tf`7PYU
z|8>s}J(_rsZ6#mO*|_NU>yxzI7mn)*7L(9Hv~5^8BHLr50Wjh6A@dU<qov8}v(IG-
znfmv;*coYq<)-gtp$4yWu}{61ygK>;e6l6E*OqF_v_~P!3@n{H&G4L*(`KwGO}T5@
zrnDLH>+6<>6a`Gp?f{7|&no*M%W>?2p<F9J$tdp81=Ka2@FX6ql}Ws$hI6+2BQ_W`
z(@Kiz*zk73aH7xpWvW#$=D%<dnh`s2)!6LY-8`HZrJqmNJM$F(041OnAHEHGMp4fs
zKF^zTV5D5UKSpo0iCnbfBGi1wE){C|!WVI-p{XUb%GhAt)#8^7*46b32`tk6j+Jy+
z59<wdZI$Ekc%Q`MO_-AzO>W%+3qfVyEGz#OT6eTui)zMIfOPV*a4E6om2{Qh-H=j;
z!Xd&?!;6lm*3EBy$H`z?B5@(rp3VMDut;T|1Jn1vL<uZLfcer*fuiSNQ6_}GTNP71
zv175!5A(364jbDP0nmhP(J1}%Yzt}`!4@h414U}k>6*OxwlvqSUClF+_CeBW+6ewk
zMWv&qLTA#qs*vy>)?VRtr24SpK^6HoCoSSO%XgP)_w@!@{_4xzZW4@QeT0R}3?J+e
z#(~6Hl1(+>@)QYy`etv&2X~N>_3!_pj3{YDPZC}^0}O$N!$Y<&6g8NVT+vlYvr>(Y
z#}(6bJD<qx^SI)ig^T+aOd^E}TsxT)sv-gO*!;;4FdJ^6)yb?j<x{&dh2P-Yk4g3o
z`7Um-w<2fdkrNTlT)PHRn!#~e^d9bxxo5l2?7O43dI6+O69ILrWOOcpdBMID0t0y`
zAxc5VKarKQXmge!L_NUEoo<qoaU~OdR8`=REM)#7{;0Ghf0bO~YNljapJ(hV#$-An
zV+08yB4?@`zg>c3zsQWgg&FI4g16;siCgPa7sdU{(e({FQ1xIoSCAbk&)BWtJgIWy
z2c1W`zvq#4a^cIc3*t+T%-Nz+4r3EFDca4`r;=a6hch=HgQKNlEMcYBVGD_k`|uFS
zjIfKmJp6C3A1mSn|K;nPAE4T$DdxKTZreekdwlGp+E1#S%n2_qbdxMmv>L6;G#Y!I
zGVRt*tH3=CPBztD{Q|~;9Cp=JZtt9>yH<VsZ4+T@62-i+uIgkv$?azCI4eOFo>g##
z+#2mKcSr=qLt`esrv6!fBwijkL^5*}CF07`_krr=EA5>*BSf*yxEZC!sm6is?dZns
zc&@Pe_Isxx>ev@|=Hy2mPzTa7RQk-bSY7*ktNe|KM+nxQNF$WbS<+tlrB8a(MV={R
zba9>qQu1QU<p%sV81t5Y%?WR-qTAMm$c;sEe<ziG^3G$?hQX`I&T$t>u(%$p<rjUN
zc^6D!oz<;@U4%ZuBN@1(SU^CES+PFhNtMJSFuG%^{0%vm$SqwJT;<C9f=lifCy9-O
zyG*F+?q)Azn%=M#?jUOgZ!}})?Aua@l{fVlD_^!fxG9#*d%uK-`<!G^Jy}o-Y=>sf
za#KD{Ri)HSqCl{J86(vM&1@GAxK-#$>F#+LkS9?mws!^={Ip?wTSNMF9d-2SQnq7c
zRn_*^i3=iMrU@=7>N{f#p_D(Jf9#Q|>Kkj)qoZ=#z4RTG1{QNHd0TBB9UQYU<_?={
zi{7r?OTvEV(c0huuQjR(x+-cN43sT88c&=tlFYiRPRF%pK*u1AwC-2}!Yanb=xi2|
zd7&sNb2|gh<oAb6VW%9t0xQ_+Dj{YY>IB#o59aR96TjpbTMmTvdA$52o8@@cfcaz^
z5{Vw^r(UlRF8v?&)1G0(jjcL+R!!9oM*P5z4mEGrNik_QMEIG8fK9ONf?8^v_t}hv
zWKt2AH7(IXG~8vb*h4ql>_vo2+|qa~f;b5?Tj6xiG(~gFwYr*D*AX`|0)C3ALZO$c
zx}cS+6*vK%o3pFcZ=NjqVXjCI<Ow$kephy}0WB3<b;*2_0g2rXIRQT9Vzl0-Fr`~H
zwm}{CtoC)Qz3R^5Et~D9N&1`d?X;Qd>`5IglG`2Fwp+o4KM}=M6PiPm`{L)f#x)Wh
zBj9z!^-*}EwWV;D@M}@hcN5dFXO>mm@=VF;;#SmlUUbB}9GTW&Y1(y<CvQJ;rnKKH
z0DcZ`LT!*$S;F&qM<-^0)odZ|;v7JQVQ_^g4Z>l!d)^Pl98-0L^FURK59U_8-mNvX
z;~t=tCMH8IEh*3GX{00+H+lxyv?chKg{hEap`V{lnE!Gje>~zi=i((^?(D2NqBJ7k
zjD1#Z3<Y}=G0rO{H90P(>YtR&T@s@)hW;h${0(EBj8cy})E3W8qq?@KY44nm4E{3-
z5yKrGUc#5R!!_GxQwU$9slZefhYVnX(7lT0{(K`ZZJ}bz$!|tP`c&Sr<K|v%2()qB
z8tk@S<wZ0~>f3@}5FyGvrcQh(L>BQ8HuuntMlml$tH+K&o7ByUEnS>XO~cN$iC`c}
zRO}iBfRV0}?2?BvQ;s`!?=9O%>hu69Yf7*V{UHfUo}L0N^q@(WPtC|l^;@EiycB2k
zGC<~(8fyj?ao93hI_U#Q!M`akeBz=(o1Lld1ayA2kwZFJZ}dmd2I1SE?^nuY9P+p^
z<O=I^eMv6`z~V;cAn=dKyWO@W0nt{svX;a5-d2aiUrFU9uI;J)Fg~@n5TYAI-CHo=
z`9rxP9WP5sXh`CItsBwhK;sQeC8XI$$HLHEM~iwpN~6LET>o1=Aj>t$zjRlDq$$If
zwrA42Eb;$PP!NhODP6x%l8}|51xrf%{Q|1xf5jlYcw&&1E8{1px0wET#3cT1%2M4{
zYML|P_6Yq!b4XT$JBYQWZcb;Cmsi@hqAfWbSRB8>13m{g+OF{KHsM9)TRu~(s1!tL
zIQ{Gee3U`4+{_D8D{^b%<t-l;>EdH^wwfHabc3pL`|0{cb56S|yR%;#d-l(kE-S6R
z-8og_TPE#H-SKkKoo37t+kS^?BOHNBLgXE#4%^Kgfb8>I4h#m43H}K*;2vn7X-@MV
z%TXxYSET6QdsmrsC%rcn@5$kD%z5<g{U0?*7#S+;r+`nhaK|=f&?|MN-~z^Qw=)VZ
zJz~V&^4^xOy~|#$=Y>&{)Jdd>Z*ZF%!8Cx3Z*Nmbl5Ok=Zj6%l-j*E7V(upFKQ(T^
zq^)nQcPU$3g|+fd&0&0+HF7Mga$*5@C;3g$kvu<KSiXDLlzKd4H@w^P0ibxN6k?j5
z!hXEV+;uRB<9T~M>!EMJH8%NuD_!4nr(Eh1NfgX#xv(clP=ILIhrqTpz9+w>;%?6u
zeUnWToq@C}<=OiY0J1ob^VrCzc!PB54Us5^UdT+<HLai@Gll+OBco|3Cu&+(!l<yg
zhV<N(t@^nq2R)eKC2Fb+8zpj9Hz`5eMU{%)>bknQ4_t72wMaou5q?*VcURj}?K!V3
z-t7M%$F<&%hJ7IYUoA~B!^n_&OR?nSZMQ<2uy=Q(LZb*@uNdS6#~(>h&jb8nbJX%5
zZZHF?e=wy-p5WDHRxzC4k$_r}NIZQNTr}ac<d1<A3M?E}eHVR!pC@$jm>i(#s>^rU
zix~T9Mkc^WuAu?Fx{wQh^>um=BpGnEYnfkInS3vPQhBg!^x8w@DM5&RfX&usZQQBo
zjmjt5ptDid)#Fd$RAA)8Hp|^)SisvP_eb)efEt1#MUI*Su*Wa~RD-9biZ%v(Tzi;w
z9l+uSpmX2mZZj5#w#_=nD0V=UBcqj9**6LhXonS@1abq2iey}WJWCRPo=L5&rhV^y
zn*?<ZM!;10LA(rAp8H<Fq|TeYdJ3W$F$TU8lBFZkwJj&oedR9S&ma?(%Mum!ZzK9Y
zYudC1X$Q_ubn)@7D(q8iKl;)WYrOXmuq<3q4zato8xmeQ$8!TxKE&h2y>kB8PofYk
zNotroJ5$OlBL7*ElH!O{BwOwRvV&oE)!`8*w*efsAwXUXWBYJQy#`c4GD`qQ&e}ui
zY3mM@2|8AWVZa6Ac~DPX?{Cl9a+5#w6|oIHsZ;=pvKo9BL$DlMvvUHV#b_Kp&>{y3
zDH;K^Jlhwx7Pm-M>9g1AjSv=qeKKo*@RY@AkVn&%gwh7MiaDOL?^A8lZw;wl-R(EO
zIY2XX`6iZgWQTi=`>Bfdo?jSaKel}ZYiOIrRIEk_;J6Dj0_$~F%BXUXw=iWE;Nfb$
zySp-h@xjMe_T^jjI=21J{Y<CQSA|z5(fd>Ae-sY?&Rc-g#fThY`gxyUbf@Nd6ZZ{3
z3-0k&nm9mC1X1@@o0b9|d8EEZ2@>VQuiI<b?klcc(6KH14*0o|6!7>WQc^MRbG-{s
z@Mo=rf~xx;+6oQ`0hmS~p^_j6r3yU~TfwAz-$UUV4Ui=;kgEJ!z~Cz7mRwt}^^t;?
z3bgZ`fPq^Yb_~pEv3o#3!Hk|v09676SjS<yaUjR5l`m{HLnXwI0oxTs#r^}Fh3DqY
zD>C2<FoA%Q-WDnKIP$2~h>;D$1SkPZ#L?#d07Vx4SDw5qdS1+uRzNJ&ha|f>hXrS7
zZ3rG)RE)d^b4Mr%Uz!%T3Ptal@_-u>+kix0!*!?@&C=y)7m*ouC?vlW>3d_M5@#3t
zgO$-a77%z@Tr!;f@45qqnc&ysMf`w7`M4C9S*rvF{)C6z?pq|F^94_bR~yMr9t^F$
zmJoS#&}7<z^O(X6ofYR}^P`bUu<du}%eA;E>|qb04zRf(2nKprOP`MvNhqpXei16C
z1*XOnyaV<CtSx+JMehl4%MU^5F{~{YD@Va1HyKaP{%YWU1NJry-7Z3^d&2J4=Q*r_
zsFVdb6TYGbL;(!P`+S4$6~uqxS=osAqnIZeS{b#RDf6F1;|R4pwzB(y@ij0w{Onxc
z(DdBI2NyV5oVIyF#kBF4Q}&Oc{T`F)isajqKb!%6B6cm#Q21Fj4?V$a<X1}t%;4x^
zHB#zF1eRvWLqM44_UD@vf<fjBYlEePHM1<8WKi2CCQ{|J_FIao*n1;n{P!{0E(P%Q
zkTav%%lTaZ^C749<|~j3{)x=(ZhfZGr^a|c-l@IjnfBT*k2rFIMXCJ9*Frt9I2TP<
zv}zf$sqQa&CLWEE1{zBPcvuJox%$?kRTW8oSJyuW@^A_;Yu!>ngZ-dq*k4B;<#*)?
zu+uTfl`6nBVx}RL?xO7<9$YVSyQQ?<__&9*q!SP~vO9wJfLirKH;IM3UVzLCVC-u!
zk;<U8hV2q&{JhF=PW+%Ya@zDe1Lxmw)&S8)vI+0W+m7Rtx8_k(BKU5rWQ$rvdhgqp
zkfDGR#H%~wwi@0zfQTmpH7hKsmwKp|-#G(Ib<Ym3*Bj!@;SUU6Zc+85&RR^Vm)X;e
zOi%e?((%0)g^rcupRipX@2qu?LWOB;0=jq0WhDqj+j!4;Wp#{0=^3c2>5yNT5}fLR
z$ZxQpZ+kzRd`O+hFK)DgxydJddootNPtK^caS7aM>S5knH{hz)XuN<Y2uHN&2|_`w
zx4RBD!S4VsO9c<F_dxdtsG*vcDF?tgvPu%o;f+&a|8m1^vy7+oxmdm$V5uH|Yxm3A
z_Wyh>fR@S_?Rj5y{20)VGqb)r*;)haOZE~FUui8?Rss5%uvZw+F_Ft&C4@N>uJDDC
z`(fA9eibPSb)Vy;#b|X6?QAdL4a;_Es}JDn-gGB-OFLBMe-TXax!U@ee&~^eln?!=
zjl61LO!KPH^W3ej^uq30@Z8rwn|B(962G5*7aTLDC{T=)DwVLQ_H;FtRHz~jF6@Yq
zkvt|wLnoi5cK(CO5tiU#C*hjF;-%s%fMnl3+fBXx=5_|C2^Ql7_Uf{7>f1n%2H3~V
z>5xDMQhcW)A52kt@K>&cE7IhaYIr?66`@&`6|vFBT*@Lv?kF*1{N<&j_r4q4@1v&r
zi@?we91^xhLM6z+3lQMu^vZqaUCngSkJlf6`9TJP%Zets?v(dTwj*As<~ZB%HgxZ~
z)Co19Yi?lChX@~rDvftd(Qc*VT7<rkD0LsS>HGN9K&xiKW4mEtoB<mey8t)!ueAyg
z2GMkzZ1XwV(A3#<t-6^+nh29>>DpZn0C*YK5Ux3)*wtihOSNS>=0uF9LH+Eco=smS
ze>VIFo1zu2xs*xT;-Jgotz9diBm1n74rte!6T!M<*Gb%f3*E5}wEDi{2H!T&R0M|W
z=rGc^3GbxEZ{c#tmB<Db>ggi=bFt)UE-u;hKK~r1gNwjqnu4$W-f=5Ge81)HkY}pm
z3C2cHcLW35ox@(?Q>??Eu$^y{ZAUx4ih9_tQ;&{D{``C;Ca6#kC^H<M14@=TEV7j2
z2Ma$YI<+0hS1|Usk($D^NTkRNW+c|MVuT?)8q44r6X<ndp6YvdX%>jh`y9-~TH*;T
z8$GukcNOdqZg-+cY7vFY6E?1%>}3xst5<A7?e|Ebh{cT|?%D08p@BjRS^K<5ad%61
z#QL3oE17^^4-PMn%jZP_WsZ#(L>9+h{2TGt`unT#Hq#5yhJ=R4zP@BhN8d}>4_?6{
z-Mk$x>^V@<abB(KIW4vcuHEBp!a%r!2cpHn2wh}C;Yy(FyWe_$R{=Oym<4*n00J@|
z`<PfMDEzV8+a6lHCg|5eX9-Hy6xC<efO_pk50$Ui?w{=-*7`r+k@BvWz--u`;vJg9
zJ+_P0r;o;Mfh4V(cEE%ekg8V9S{F_z7Ca@|2ebz2bXaDUCvH4l3PlC;L<!rS+qQ%y
zqnz}rj8ljDE;HFKHM<&!WRsog1|?g$F(IG+NX643fqgx@y8V{x0@tlkIkuNbsVa@n
zeC=;ZvO)GpzoSGP175KWQnD?R_4DYKZyb8gJ8Z2tM@$BWfY>w+NOOv29dy_kkV3uF
z8xoS91B!h&sne1}14BU9y7rUm?tS<+5IjmKXOR*>Jj2$DF1F98XcXRP=qt}wV8%m0
zOltV}s`1BVO>J}WdZ1=JoM^+O&$DijckXdbolBW$h)l4nR?FJfYpN^dYWzmSyQ8=V
z%sqdlhP8l`G6O`W#h3Ian1WQs_sHB#Apqms?NL+5LuNI~B-;uZA&aHJ+*JOP2PFeY
z<sQwh6XBfxm*x*03N7v$k-}G-iJvT@Ty+g@Ug{4&7c2Cd9{5yzor*gg=yiXyAyPWb
zkD9I5`7-T@nRPgF<9B7&!aE0}z`SFuU%BnkaM#6VVc%f#57K5K=Nh_p>c`u`M=KNK
z@8M3vLe*Y(TWNRs!mSZxScmgvB!*TznI9zSZtw7dKh(5z^>B4725KTAZU{Dz?xW8<
z$xb89A*oc)`*fl@nF=U_b@t(MdZmEM@AQ-i@IxlI_ZA}8+H2W*(?!Bb+8G0a=je}a
zT=s$p74zI_y}U*8;}C!sPt{cvIvw{IsN9`)nX`+NY&3keK8&}i)aDwx?|~+XM2O)s
zqPO~hY}1BpHs#eOYav%x?VGhXc=)D4vw)6SST}a-JtB-yBp{+hF?T3;D^ld@cVr(U
z;HsH4Y!iQ=DO@BwkIGcjw$9l%sxP12?)$brM5pjJo*EbK5Vg>?NMWZ12Op(w&L7oq
zKa-a78048MN|~dL6s(v%LxOnSS*vn_$Db2i<euZv*$OZDp&{y#60FZ$pxxuNdoP7+
zBt)kg7fKF_IDiAlcpreZY8_9ss*0KtzH#svOEPyRf<OX-!<#-VIIbCtWpoA8`v=gA
zy;go@KFj&;{3#$!ju`}!M>x~>_Z3fG2_q%a);&R%&!&^3o~C$<2fOv)`ig&d4SP;d
zDhA%FM6+0Pbz9_CtywLV4~fbE7kDKceSYLGeiHg+37MYtarBU@Hg~&xq-SkLZ?6<X
z(Rb{6vIZ#79M<lE-=&{vKEAmKH5qQ%`kksNsNl{63vY(L+d0?0;>R&dyI^N*fJm-{
zvzw=hp{+^A6B<Vx+7r4;#5D;-(h%jKd-{CLSIyPnICJ$qcjfVMEL&Yqawu6L^;}Rs
z_iR}_ime^D2u}g$t{$Zq9h|pvV+wav-}?n0efO>Lw2uyN)z6K<p93E?pD*aXF+JYV
ze2sA_1|a}|MXwKo!-jWjh8h`tI55?jo884byETOy50^6Gi>1K+#>Lycqi>O3KW6h;
z20+R+5~X64!)X_XyaH{GW4DXPspo3L$0sfA9E*fInl<P;oxRKo<jku%j^?yDL!KHF
zp&2b`=)LARA4Qe$M@p>5g2|E*FQ|KMA<i_Yr&E5-F6<e{;1#i5!PQsa18{yQniJma
z#w*gH_LxY8ZE5kQYKX@uzYnYJt5&`0q}eAZeNl>)Q3gofHTU%i&)>Jg<;Dr%&<jCR
zXyeMa?$*2Q*2xnH)`FrHo?U135O+oo4u#zU4YtrX1k~j^lN#L(jEULN^{N#Eol@@b
z(6k~Kb7kuHls{grTgZZ>a>c6tzK7<Mm_ebOZv^3k%$|_+ZXyaV_d1}wD6p(t(43dZ
zW8;4o7f%C$U}SB(xZ6%XYE)`7NR1(L31SeFd>lrHS9;`EDF(VH<O(8Q9$;80c4wUy
zXE$EGq|On16p#0Zzx-RB)5}Bpy-)O!touxn<mH=p+7D9opXs>cJ2ov%n}jx2;7u?4
zX1rj#Z;br9L-j-9E7{Wfp<{DDzfA^e_nS@|ly}x?@$};%EQk1;=+Dr3MMv8eXK#N_
zdK>7PN#K3fg|mMZO(u*=HQ7n>S`yGx<~{1;9VXu|+dyXw6gV>ZDw<FiAvAi(LOP9q
z<I;Mpm4^!=`;$@rk@$(*Pi(A^excE4Arn%=nI?$DjbWaZW0qxRI8r6GjG33Ea7$+2
zW`CjeffvYY6$wUawi&l0t>g%yazLF`=_N%j@J-Yd|GO}>g0w2<b<tR!iS@~+&3N?@
zNJH?__~GOw<3pI1yNh!XtQ%AMFcHy1I1!?5!0fm=(5Peyoq`rI6|n1>FjIBr3m$Yx
z>jtMt$6#!mx*y5o{=uIhF;}G(%sIiV>PG7c%yx>1a!We7J#%a-59YUxFj?yF3>N(+
zLUH%0&{I#&k2{sah2VWoEi_lpxig#j`O_&vyH0G$qc=^jB0|~NIy$d3&``m3CT<sY
zSEU#3_6l2n-Y`fy-zlKQe)0#4e=Q!3mD;(UQ^6)(!ASa(#;7J7@_bCuy#rFwEg)mm
z_vIp+*~e^`vVAcEe`-fn1N~u$4AlxST$K@1i%sXM*PT@5+{qz_H~1S(iATK#<TI>7
zSYR_IAKRdHovF&G+av#{x@2>=XRVPN@jX!row15p-IDIV1R7(SkB(hc?>m=$hy527
z=1WW%hjaKtRL4dYqUe`GqywLfc1cqTQdK@2RmLDqdT;clZaT8}8W8*=Cf2NCEdtpt
zh#w!!Nu~UhnKkDO(S#q*W1>rj$e(__jadB?@0`rnMXo!R<{pQ1*pr^+ZK>gV$8*#G
zogCEGk4apm+Jj|$86kr#K7>KDLf#s74XE=$Lx3V<mt_&ZrzFe%bMA{4Xcp9)NpzKB
zw7z;S|AiMVejc>0DPr;v{|U4VTDQX66*(2GWer^w{4x3g*D*tEqJDyeS6!Js`|GAP
zI5gsA`%XhU2(@i2k5I|$5-*gAUnMun&gmIQVI#p#;?q!bQ_=_7rVvBDAQsOMDfgrE
z6JfR=+iu6slbFh&j!*K?Gya2+EkU`Yr3n?w05)>a_o+Rkta{hd<fUQIljWi9SqT4%
z{kE{<@U?UvKHX4b@BxhvY!cJ%uz|?NcJ1dPI#{01jL=^K(7&pwY+Ww->C*n{{3zs5
zo?qYhmbA|yZ^>u-rMnF#Z2*WWIrRBTMFIoDoeLJ1*YOxP)sRJq5m1N(=xocVT^r6k
zM?0*P((9ye844Y4Yf~0Wl;ASxOP*5HW-=T$p}kRf&=c1j6lL+cp2^Vah~;y?n$A}F
zBA24kGQDEYLCjODm3EC`?DD?A&H6tIYLbF^Id^@JlxW%5l!_v&6H>jOr4;uqiUzHw
znxP4$qV>H0PIL_sxg=#>Dk+)?Er$MFWi3sm2dVl9(ITpF*zB98CIbr^5f)s}mxOIo
zxWaW)yLRi3u_{$4Vw4W8+#I>m-+YzrPlsF!<px-c9WyzUI7ReK9&?Vnw!e2Ds>h4p
z0ara~@x(?!5+BZtsHd8S&vxfKqYW1Vp&ZE;37>I<ev9W}LYD@sbncJ+HbsxWhM6LM
zD2n)JIw=I<JAea+vauDN`}D^`&?tFm8%KY~69h5Q&}@>kh1Yd%QHqNuLwjDUYfu=R
z*ZIh%@u}s;wk=K2qd2dGqNbRqSc?aXj^bMcvw@~Qr`he`*#k{5){*=(GTaBs1fUXn
zX>yA!lai=UI6NwhaE6PHceEVT*fo938hw7v(Bq)Q3+F$uod=nr;e9xoXRp}GbOGxV
z?g>S|31JA(Odhoc7kqg3RgbMqN+&4X^H1+_J5CCPxbgF|Jx20rMukhY*i?#uF7Hvt
zmhwP;{L-rV*UqwE${5QqB^?P=j>00BNQap;;(uYx%`gsS1Z;OING#I{uk>=!2(QR%
z8;25p0@qiZCGj5>JsdSjYpRo~XMUZjaTz+yweR5Ku`q8!Ek1uF&>Z=373`&YulJME
zC6r7mU=V0kC`z`#&AEs_+kMp`t`qU9w1jx+pa|<pbh(8eMV*lxq>+j(RV7npCQs=o
z<k1|d%Jzj>oW4dW#}b_)n&I9#7L$PSTj4Uhq4F=`h+vz}joKzR7p$;%^xTfT!&w_u
zB=TfT4zDOd&9ZHN2@P2b1yg^MJSkDn+~G{6oc{x+B5Zb`8PN8hq2K*65qb@!TcQF=
zH(M9by(XN?Hhx$qg_9v;;EP;A9%!G$N4PQUE{R=30DYmy^Z6ole|1KTILyK1`h9Ep
zIZ0UaYKL37Ltp(p*T^(4(RFZR&#Rqm9?CPmL+oxD${+OnBBLYIB8i@oq~~qhiB;$(
zA_ueIZrECba;^j(8<H^`)(~do=-J2zd**zqRPh+X?e?wPu%>hG<)Im229Im+Zn@P6
zHFvOHV)^spOY5iBjfRM(@J|-Yg!Tjz+rBoj;v(7Rht;|7PxC0V)S~NQVfw$4Z=?Q_
zfI0Yhp?!dZ)-O0UH+iED`_zkF0H6gtKKdm<(4z+=q^~ELvs1kkc|qtl6J~Y=4ap<g
zpcGgnZ1SvASQ2E=Zj3M?1BqEDW^WNd;Z{v^%1q@M#b9~Wdt@KUyFspr84umDdRoQc
zH!)E(>@?t=&?Sn_oNLB^8`KmtUh`{VAnyUhM#FWm7sL-_{|^%Rf08-z<lqV&-w)BN
zc^}FF>~S)`Dy!keQvfP=4)TMg4(2GlE@rkPs3G}n-?%#oXkdY?U0<|~IZYn3Dw-at
zRT03<YXu7Q)38DIMy{uD6WC<Bi;{NNC=kqLB>gnINNr1DoP%(jE?%C*808dG;_oT{
zg(c&~s8ziz(l=8?Y@_Tn=a3n|D<wbT(^;bZ+S3K&eZAA!to8tft|m!F<h48@ZWOUo
z#ypJ?u90iy+`wOG((gPd;ApslBjkPiILH7(Jzpc)4Aha6=VCPzEz?gx&Ejo2MhgO0
z$d(PSqo}l^RMq_#cgW_o9EGH_3I%n0prz--#d7fZ!_+@qV1@_&$eM2L=6JYN^^)<;
zr|+S7n_{3?pr3Kp3Q0mB+UJ$LVk^;MD+$Agj~Q2PBb@}JH~<zV1cj{t?y7LSMk9nw
z)sf^x?p+JewZP=y_LHm+^oT{-wSMSik(FsWo)qK_9-rA!PLrYmH>8OojyhxB{Rg`Q
z3dtC3-syBCT2fs8;uA2V05@En55VJ2NO^4k>6D?N5F1eR*l7b`Q$MoXY7!`OMGTW$
z0iaw*p{+`ktO$uH(W7-1vlb9P1-&L<@0xP<CQE$@)Xc99;s{q?1Gv8zzl%Bxv>AiK
zd89uF*F~Md*cNhv;two?l6jz!M!l${Zsqge(jVE0gQ!}f{N+<Y{2xAOBoNHmRg3ZH
z7Jx&TeUJHkRf%*gGbjhVE671`v9{<o02OPIPk~nN0Q&K@>QZmJ8OyBjKA=O1%zu{R
z4KefUbb`7oL}5QL(uPe8)~W8JyL~43Ah`4rfGRzo(sNSq9t`_y7neCZEQ=c5J}aS&
zu}A?uvdz#s+na+4?2+R4>0qaFxP*%Wi;e;|u448Ro3BXKCsO3@;s{yEPvO(w(~R(d
zn<TBbvg1nZ?7`Mkk9D!I{SzR>?83;_BJ09p4U8mnXo7Ed3LsCcqqXx5V$!Z@bnt!E
z)v-Wl6!-&Zt*p`tzN#PgE<s`*T%vzLVqks~4t?(ctFjb9RXyEBNksAt&ETqDgWq|$
zDI@Mkj>o;bSZ*1pfLI=}HNA&xm%+Nb((yJqKoYr<!`y91`26k`KqBjG%e#o!l0FSr
z7E~7AF(7Ri1NC$++MA5tjBj!8d8HN!2o2B$&l(C`{-yZvZ~=h7hVzX3dofEa@kAh)
z+YMj{eJ|T_eUy>WtfHT_@p0oRYr|${;OI#G;Nw>EE|dQ}3!q)>_a7rjRjgl%=L9@t
zY?4R?>yf`U01qWK2=;$*YPThH>$2_n3TcS&J7*R?9aq)2aK*y$@0IqGhMPty^dXy_
z8szqsSJW0lXO4#i95{`oQ^k!&3ChYpPe~@Ae)|vM!d%)^;bx~Mz5z(iTv8pk-(CQH
zw1$+vH;0omPXdvBBgEfMui}9QgBJTt&cd5H|2YPkzcJ&r(QK6!EU>cZ^=>NXmuwpL
zuYOlHn%>WN0FMT&Iwac?pb3Cb!brCOa8u=-1ZHs9)Glk5i5=vG-(Ou*zq%!{<D~6x
zcNbmyoniuKHqs>i#r-7F!T!SPz{>PIokbejD!%>-FqQGtAeRGg00OnXO-ZMVk_Qr2
zTLL%0Ic(25j-A{6i%aqb+ge@#t&-!|-;q?`UcYFZHo5<-*#jacfD`*KSB0djDhPfl
zFPOfZd3SW0c7K_+mJv)zy8byC;NmQ4{Q*d!hTLt*-;Vnw??-^*6I%kffqa{(rp#ym
zajnQkLta3yvC>aEjtPS2n6ez48Pxo}t7k?Y`+zH0)R*j;#oKfQxh}X{z`?s+PYrh*
z33`1X&TOcs=Me&XzqoHPnK~f<`uL=_MM{%tox%eGU2&rzaFM6BNjQ(B8;libVzxx{
zM-nb90A;f^U6a9X{2CJW&F^#-ar9R1B~Lf;hdE1#DK^5=a&7j%F8n`HB?A8!>3Bqj
zokQn>e`3Dm?#nbSBG7C6zumo2O2V(kx5$w^Dh+C*gRaIgkVuz*ob37moaY<BAx^9n
z(Nkd-&$KdtU}q#Q`dCOP%N-!T8;ACY$wAGEO8^q{LW;`Uxzt4Z?sa-01nF4xkmLrg
z@5O7)8443%<nQD~Z;{<;{Xo`owh?$)Xo8G>pK6-%4FN6{peCEU2>Zp2q(KY0ZUFs+
z^&d8J2|$=%A{%7QS*uGeja49F@qP)xf88y>i%EGYv62h;1H`0@i@xWEqQI^i5x@hK
zREvBH7A+;v0uY#ffb|_KoKb3doz9GDTlHHK+0V~<JP^gIsYzrMhT|^`LYm18U_6M3
zdDKyNBu{!A7WG#~4;cG@w>Aip-h@yq)X3#1r5V`P{3S2-!Knb(097w*EQ+Y68JPo9
z0;t>yMK@dX$y<j&>AlzKUw|l#<Sxp8TmIMD_z&99`T@9W6xwL446Nh>uzkZ;&If?@
z!tqrZ0yyQW&wk<RNCwLG`*^|IP!1Y)D2P`E3Xn4W^l^He4P;KI@eot7&iFFexdMQM
z>yq~Ev36)JW`S)Teb3>p=azd>yLdn!H80=s=g)4+jg>dXFbH+}T_W~3Aw7n5cOY3J
z9x9eyQ%$>4)3(mf)-h8Bcu#<a{>!EVW=2`r!mbJ2e$}ToBy35fW#rEZa6i@EIm842
zZ3G1vb!3xq1<-yTvDd99!~l$(mHhMv)&Iws{cHT%+z5dMc*rpO;85Ea;jQ@Bjl5|i
zB~B_vs<54LQInE{u6HV7i4Nyl6mr0Fxgum&xX;f`Er8YEAKt)803tGFc^09C<k~jg
z{48e803v4~VI3fX>yK-_S!-8Xw*)TBj7bhKO>2LmloWevVzLRdknAEBCsHr8hCJ+-
z{V(-Oq}I9S0JbqWnKmSJJ`cC@D#G!nWH7=W06^%4pWyGO$kG=X6tv&BKj_zU8l3R%
z?pXoML00s(TI~DjAIua+_H$wHjN@LqkG%MQpJf0%I3fX?Y*y`gdA1ECe%%QG<)17J
zAekXvEt6fZ&;0_SyF)ftCHd!o5e$E&&_<I3!hkJ6zN?$BoNi`C#saIblm)=^t7&(B
z<V*9-zkdyPFB?mO0@VH^;0XZ4t%r(@^u}BU6dtzWJ|aMLjN$SO_1-et2SDE$<}d5X
z*X2}Jl<@wu!wTP=4$2<i=`HORKr_-0uuK~3X}))kVYf;u?z~87-uV229(W+bJk+&z
z!NUfwGFAycL)FyN)N|}=c(p8@mf^@2A^~I*?7CpDG@ETr9jojseO}#fYwOwszgSx;
zCAcqHrvWgU!7%507Sb_~<tni)*jPS}+5Fw^JJq<LE^v{><1bow)W=*{_lIQSH?Q9b
z@_`ynK)beALYp=qBKbVrCTgjW#9Pdp3OMRFLU!=E2~9(Nq!X+FfO)JYGrfD{ZT17#
z;kBRJUj%4SGk}17>GF~i_nVa8C9!hblWin`yB5lr`W#S`SbHBfB+&P*!b&~$wShjl
z&zgbB?>jJgygMGQYBnR(*RX+PuWTn|2KfvG7GM|xV<*b^ln!K!w}3RDX#bQp(*Q}*
zH9iPxZ6`o`o~keICfKJY#9g*DV}HF@2YhU=4ybW~JeyFi4P_mj%$B`8^z6O$VfvZT
z^0wag^QvZ*{q{_m*hW9U^Yp{L=Hrxo7U=(vtha!wYHRn0WwRxe?vU<Kx;q4E5Rs5Z
zKw5g!AV^7fgVIQcAdPfx1te4&Bt<#}zPUX2yzjmLZ;U<87)Kqj_F8j3&oh6uav+&F
zAmohsib@-o@oD01pLPQZP`rEFCh2ML8Q{HjQJeuO{#3>tm>80w_Lx8)<5e8eXQyZg
z03?g8GcX4UT0HaJ6nXGq0i{(F+!YOC>~Z?1;RgLz3k!$r>g(Z(^r}B3p`KaOH`Wk>
z;e#o<9473X6D@8tE;Q#X9Ar+|m<z~?uj<Y}0&cF7?{~33S}A*9Sw=0AKMTKlx&JXN
z)xbX-0V8?_do0<*v;ff}R|_gLUM(1<5c2$1wQ2C~Qbgt-Y+}du^Pjd-V#%2Jy?uSd
zih4$%)(ecrb2fIWroX{O-KX^B{)$B-OJTClj;gwP3fOQCz2)C4-t_fmy)FI#>7NWD
z**`;6`UCQG+IQ%Ez1Q09^SIFUKs{?h|DlOCx!da!-*YID%e=#!eBEfi;@vp`UY`s_
zFvq(F4<mC=Z<>v-cL9=}A+$UhDAzqz7Zql$aJ{#6gN19E?+XG=?yp61RF)vC&I%@~
z6LgUg)|q}eK1kFmZn3L{)wfHp+s<aTME_t#nKB_kZiGz*;lYkSGS3b>10sk8XmT3*
zLf_gW_rZ>jpvxPxL&a9bokmlQ5=fLv#+V#5>Ejw+n(nwht_7JVu_a6Xv!fz-K$RmM
zmKrx1^ws(6`41q^=wFqX)MtXZDSuUZrK_lmu3v1dc$pWBQ%2=UH3I}z?U7*++ZCAr
z&i*a)8uc?xW-HM`m8TIJ;_%mF5;Dw>RQj*t<Zw!<{IeaYtov`z_dtORcjD^CMBl3`
z@fYd^`+_DstzKuB%>YLbx$htW3-RrIN}rVGEd#E7+BcR1w=MT(E>J&gS6*r>MMN!J
zpEUA?z|1%#TO%rSuaAnqDr^o&1<7t;Psg*sFdhq<_Vay*e~Lx$)yexq+O3NYI}FTs
zTlby3R7P{hFoOh=6e%ck49<^)WL^jRgfsovqcwlYr}iV<mtlw^^Wui2|2C<iW{k+s
zGy{(iim_!dKA~G7ydpR$_f^4+SNoV*k=pBd^w1b`ygPpVCW>#2wRJuR`_(;CBz4SR
zmOt<ImmXuw-}*<Hq(`J3XAk{OdP>X1pDm~B#Hj}av7107%@$u+hxM1k2a@#XfSqu>
zuN^=Mcj=hDb)W{UsP+WbhvI|%Lhbv}-W_LOHKuVJ9lyITrwHv=N3f=lprNTGC5p2L
zSZ>e09NX7c7b(Q?U34<-7m+<|T8Vl8NW5dH>+lWFmx`>5bySm68s{E-fd}vAZv`C~
zfu&*nT5ugSC+5IF!T!_SW?Nd}w{_6STj%?Xyd~x}{vI^@eIfkJb4+&>{s}0Ynmu+D
zX(n=i({cv@pT=~khV^lUlb;<i0Z_2TzPFCOH5Jb+j+DCjv*kd4&7Tmx9vg1+3g;tR
zWAtac7{VS(hk7lwusolI%XwX~d3ZuhBN_q-lPhcpmqWS$)2sXXLF{KJdxgC|1>~Qw
zclOAbZYE_KsKN=JM>i&hf7M@j*^Rv&*4g9OWa?MJZ)9CocZQ*wKP^w9@f{s_I@q^X
zHQF)z;t@jy-^2H>1^N45(jp4G?naP)sr1E?#|sD<)<lWb?YQ`wjA<5xO(IYCoAQ|_
zI0Um3VGH9)^=R?k_o+s#<)WWLtYh?dA`548^SxKnE5sgDL4_ldm$S&JhM}D~Ag$q0
zp;v0hDD1uzp9f}LAr8J*n#FH^$ye+Fe@Klt2F3}Pz;D=|IW*|_sf#<cHuw|%f{FDJ
zU}zx!_{<;XG#44P^mthQz*v9?-3F|BUEvCl<|2?w){>)lYRE6+AJLNSIsftJp-{)U
zTK0YEG+g2y2NG20s0wiopD0XI`}U(kE}i&oeJh$N`1|!q{=L6JLe#areEE*c?+hiL
ziI<M=pF%&qnXoa426?M%Xspi)IX&gKz$V%S;SSsT|5gQ{-nqazo=XM?NidjL|7a!x
z7)g&PI2f4P!x2`H_+jgqk(yFQ@WYHUF}diLJeNiSPIc#-cXHwl$Zh70TcCVYRZ%@N
zk7Q{~w_Qc>?XBL6SB~Oeey{NPw3}z$y^PX%N%Ebvbr!lNZ8)U{U2JlUm>D}BH%zRT
zOWkAd&M|IfcWB(|9KCQv=@QIL`8nRL<>&7^?Mmb{3iv(tL<ygX9<C5$&}jP>ayZH3
zE<qB%sm-<nQA1Oq%YCPzzGFE1{IY8_0^`1Y7-30BeiIgqtZ9R*M<NVv!N8f!5Hyh#
zaga#bPw6BPU#NPIbkAO1D7FR#52n%#d*(hc^T5Gadd>D?a|dqulbm6-hD3@o*_E&4
zi?{|P#yJiZ45oy4Y<rPiqJN-Z)Z*%i=BW`e?0hxDyo)VN9yMcAoNX)Vt{}0pOjw^e
z)WzeQRM$l+p5d~@vu4x#naI|XPNQ{Viwn1{3l<>8qA}WzcksNktKpS3Gj#f*0%Hk6
zE&q3E$QU8OmBd%33iI$)!EuL70)<MMe%wtrTRDfxn1pJo=*xJz)UW!9G8RYSr7s1$
z#@M+wdE$=pWKQ@fonmF(wuD8@8~k;0ifQX%1Ni<RQYaaa>F+<5f6G7o#mCM6Do<q0
z<JI5Llur%#);$@W?`?*b!60C8V~rY{=o1d34^&gz>%bA-mw&zkn$q#4)b)zgQ!efx
z9>dS){qa<?6Y-w8Y-#Wi=`(_$=$EDFVP`>gXBnG$qn6{gyDZ}s$&8OOx79Lpl1m(y
zZT;&!7g@!`Dz0?e)09%f@o&munSMW}rS=x_Rl(Mui|Wp~yT;~k`Ma@|pXOb%Vr-ym
z)BvAO@_LT-WSjW5n%ENgi}7A1ay+Yi?3tEa3D|dWhBUlEEA+iZu}bPRv|-nsfMbV6
zT6scU?cW)~g$yP`dFL(6!aca>+Bou}u@!6!==WYq&w?iUeq;66n)EuP9p$$8%Ot_e
z$pvO%>*{dpi+q}^7p_f_lRtluw(q^ZxLPdujcZ9)t?R267YkKD54^p(uN{?*-DQJz
z4*_yEUrWVn4fMy}RF;mSmU6~vgkXZ=!(YVY`I=Dtuz$*+9TMB{70EZJz4)`rBBhV)
zSfTn|lD(Erzj+!PQ>8ZS546Qk-%3XjD2lFz^Z@~@F-W<fnJkU#nfGiz%obIf#Hnu;
zDIz7XnJU^EQU7&VPtYL$1IV>+bdVG^!yE<OI~f2qYwYXKx0#?_KphuY(^Q<Jkhg(g
zDR*pUE+$-Rr#Sbxsq1~}ZTmz2O-&0riEPh_1T}Pz$|b%wr~Bm%`SPck^G8MGuc~Px
z)2}DBq;{&i%UFhpo-JplzFAKSe2!lA)}|4NkbSmKXI1gB&iVs`&VF?J8*>KVo%(JN
zYbU`RGgWW?=513A{X9nVbxsA!7vxcudK98CY!(XPcpVl5Hx|^k+V9l&FPJuYK1!s&
zAhmpPklJB5{iycY$EAVczV{WJduA(8d=`5M);(7Ai4T|>cI;PGuDz5t7pI_O_HNzx
z<oZ%Rf`~BMK3^H^pA~(Q^UQMCV?s+!=ckR(%cWT|c06NjA0+e1GJ`bs0AAMu(0i5r
zYCUa@A0oF4rY-7jUZ~p^5m>ZP2oj}RDC%dYS$>)|RpI?Jqx9#L+kx!Rp(d4zmu~TX
zP3WX+B!}}3wWXEO`ye*$xP6|I#dG0Sqz{+WR+@GHk(W3IBIgBtrXL7#xY0s)#$p|y
z39|KoGv_!3lkO1ZqM&-kJN@}edJeITX?1X{lJgt~EBO(9JLZ5b*W+m3Yp)rfgLNU1
z9R^c3!{WU34@9hB<uEWTZa-$|&7AOcCm?NAjviRFtT{<|xh>V}T20i`^_^96S&QYz
z@4jcN0sH$;w;mA+3R*5L;Uj!h!x-J%PP~4(m0_Yf^Ut$)cm>W3STGpT^cQ|XI21fI
z-R3036aB8%zM83LjvmC=#_aFB&p#;iMOJ(`%qJY(nV^2xZk!@Y@y5cQdoAfDb6@yV
znJm%$CVei^q`eIqQj$v23|~V0gE#3Gu<yRBce}5RH7z+c7%+Do^lE6{hcYZZ{82sk
zF?30Dzg8=3z<p=uCaVcO_UCygwe|F1olmmQVTaEZ7e6&3N4kGzM?WqG1wCqZo&2Rq
z0ChCgD4!0)z2$!ClLy*X%S5r(WE`@eU4OhZZ*lb}>_$^lt+EIczH&@M2qwiIxEPX)
z{=5mD*36m>e7ipCT2`K<cGxQNJ8S*B{jFo!tX;FPL&@dTsy=^Yri)oe7sjuOE{wI6
zEbH$LTk!9hXFb91?R>NB?8#xyka17-7Ro|58h`Q8{fQS=glf{Y5}ERFTU?U1_(LdQ
zq`_>bYX@=%G{AxJ59KWmlr6z5ot1$p{oH%k%hOAsg=g;_;YI5S-1@J69)Hj1`BVZq
zyHzsd{|KT#@Oo$`MP<ZJCVm-G?J0p^eTA1^jr?)It&)zpH<?Mzkya%BL%r2u-P8)D
z$}T{|`@2JoA5=&PxhX$A#^6(%T>F=%?xFq{2>*|bhFcak%i$H0$2?&vIKKEAT5%f>
zV1mv(Mu4Az8cMlbwobJOsng!0%4{7&5gKs#wZ<sv5PVp-O8Z}`Mz7oI;>lmd9)2}l
z0+ltS4E`yOLiMyoz^AHItvK|Khy2Ny0VUnP<mt4P16m~Ee`M&drWK-|uMba=Qv-;#
zA9H4{{+UqZ=KedC6BdBJZQE-6nz9R9>b^84wCG<5>Y^|Z<9rtO7rX`{dC%XGW7K$r
z+Wz_w6Z<Ur&hJuPPX6ypjYCajgy4D^Q5c%$v&;Ts)FWQ7(e0P5DPcm%VQUsNmwK~6
z&~LpnV|S`i6>DR>!na-#a~s^fe5OVB$5$ps0^crOuQot}YD|o7CC<OrB8;F^eA=f~
zExXONH`kY`0E?~j)&YmiOLkQg4`-ZzurVwp0H{3TPdx2`AeLGXF7-7vUSr;n*_w{~
z97Au|14yAKPsu1pso43~5e|I>-dEQ(+?j-@N8Tb0JU3fEfRjNFLc?9aaUlg_CfZ$n
zLDmb$cl)|gtg5XngmHoufXHSr_i}Q44+f6~qMrf$V1{8Rn}MDi8D2T`Ffp<-T4+9P
z4$h(z!ORC(r6b?Wtj#o`>_g*0p96B(oNOLBnE_zJhGwmEjnqZfl3YMD{p$I#5(G@T
zH#;@1GI;>Z?N3A?IRQX)flxH~ISkwk^;@eSm}>U>D6NSa9bOao$eP08DL~BKtduaC
z0NI$oDM>4y0H?zP2;iIBUJ|JCQiF(}I;F>AZ#bU52D<W@ReO-(=&sNc?l|xefKPx_
zyKCb3zizP<J~#Gf&O!)~2UwGUC7>HP#CEFXW=(^!BaNh?B?dlLkQ-zwig}J0!df^g
z>K~^AP?^POKH)81+6WwB+3MsBA~bVGW>x290o1AI2{iesDNuqZC%Ct3Aj80w$6^!0
z)aJDTO}Fl8`K50IkJU;+{Lfyu`$QeUrp4t&RcU|A{Ni2|RQPS=0KzEsDAnGmfo0N-
zR~_>UhzQC4!N=1c!35=-cWQ@+rrS>%Tmbhor4|o3xZ(pSV(yr#bm~2X?A+0%Wd3&}
zc!KCVcMo~bpLs3iW4?*I>{ZS+Q|fv1g^<<lvk@F(9z^~AK~cFyF#kXSoX}|z3P#*U
zd-NO8FE#{ppnr+1bl#n0zNu)!x_^a=ZD6{sP4Rsd$pv$NCEduD4jdONmJv)TFA|k%
zn7~vHhfnEQMAw2)%GkvrLjYfXwt-D0L2S%d?Pfr9b*QEZZaRUqS9gm~;8b5FlJu8N
zRgk_qE@Ra`hBmO>|B$uE4cGOvcRJkB`trc6BZH}jdI&_`lLFkq#&N;mRuL)#X0>^I
z>6^CulvhjOU&4qBvL0}>l*|0(rw5PbTjgp5dhvnzp$CpJS#CkeQ)x&BqhgVE!(mY;
z&(q#c^k`h^jR%Fv0zPT-%c*F~6Kh`;UomeiBwy(Id_z&n0C;FB=LhUv$YF`$ozSsc
z^5z_=@$McI2iSF(_kibY4V-8>AXWA%(%yv(mY5WHahd(w7qS<zCGv;;8hQ%1Z5gtV
zEr(!EzOOH2AF;&ak(t1zTJP5m(63P1m;>HngB2x{`F?dLj7p6m9-^L80@De$YO_B=
zw**i%5OXvGgsdv_OOws!5i)e#DlkEFFQm^r-|)7J48UZ4FdzaAfa(&x_$sods_>mT
z^KQQ1!s;910Jxv@>Qe#*`2VG5;NV#836Ep`&IDzQPJL4SAgku@{i+in<_W1FI!cKp
zF)^YO%)?J1vxR*nZ~7epuT2q{pknh{%CjLbhktkV$|WR^k<KQZTz{D%XpaD3$$B-h
zk|bCS^>7HnI)D-s>l@cDz+)77v{+s@#!hOCFx!u8{7c~gVk*bEk9-Z#b=zZDZs}j~
zON^eHu9!J~Xr{r9j9`HO#0r{R5b2gE4ei{)d(@Uq<^53z{!K<&Lft4Qtrh^@5lcVH
zo<NzSwNnOmmMpdZIE(ZN5r6jkhru|iI|Xw1^i8rjz}GjB>9m`(udW^89e$2}^)%@b
zNY)0iWWCc*{G2}NfjCk{8kt=(V&H+(S{mvF%k2O8WYfp7wP(|RUq%G%zcERI+z!1Y
zef8k0bzuOfg9Ma38Js;-1O6a|08qyqL!e;l83XPm#el31sxJ=#xP3jTpaj5ekaGQ(
z91UlPVJ*7zcLkFMZB7)YLbz2+6vT6^zyU-56w;rAXSjltsa=?Zd`Q4{ZOsBGt-k-E
zw8~$n1Ha6-=a20nb1F)ZZtF6!`~B}24@Q~57r0NyjTAp5%Kdx4nerCOZ=gU)PbcQ)
zfddfc`|cA+hNA(1el39ci@WY|<wdZ-nZrB5*U^P6L$x3VMqM*fi5Wan4@_}DhW0Kd
zjOy?Ti?{H*24IYk!#sZLq+$z}LdMHDy0)<c2g@A@*H;KM(B}mVbtp@onIT9b4((vI
z2DpyFL&#WH^@)GEUZ<D9Le}&NFs9um(W4Dk&3`9&@`kV1b7!adWDJs*yAzez@!@sL
z<tbt!dPjhw`g{IIjSq4_a$yKW(`&&0!47a8Ur#IAr(oAis*ODWc(coPMPq0m9K?=i
z-x_dGSq9!KGcUlje6xDG15q!xQ8F2`fo!_2iM<$H&o}u+U}JmV5}=Uxq4bHl3Pw~+
zpjrYJo(WKY=eO|a#zsgNoyA~2^IWJ0Eo$24&Rq5zJsMb>V&}IBKt6Vy^5)zNlO`q9
zb7=TF1XzHSLIESgP#y`meM~*5d8uHhJm6*ylm>pjzn23}wPnO3j?e#Lc{|aRjPV-)
z67LrK1?V}vv!KoQxOWrCEDVHHww&)lG$vCJ08mRI8>uDOQ5;(?vepovoZ@5-2t_bs
z{qGMM9mrOuqAMA6n*~Kln;M{lgGq&}OmOd4fel=sG&^am3Z!EN4a#;l??WgjLhYYX
z3$Wj@fJuR3w|7SXpPMc4&raM0dWC14C+h#qavI|M@<0Lbta*4tj}pMKiy&X3bouE2
zP_EMiB2_*rpzvt!LYP4{a26z$OF0<T^yJ~CF`;Z57Xh5|KXnVD2rPl&2zfDaLZrlr
z8KecscMfB%(*Qldmnrx;Ig&|0UrD0w$NxXo{xb@sF+eGCh&|{+r{PSuojiFQ=|{Kc
z0-Nfb!RLpDP9F^M^VP&PXnX+eil(K116Y0OxCwzUnwPR=lf@0hO4+WHH$HgX4ID(`
zCo>imbsT6A8LhDh2|Iub<j)@Inms78?=fbctO0Mv=sa!(doq{?^BGKkrvThO1&kFg
zZbCn|c<@1{7U758_RUv!AFx7xM^9_|sW55WzZCi~(AIwm7STwN%k#mUnb`rBkCBnW
z-TR;Ps9_D)klnDi$Qo3JIJE>(NV3!lqE$y#LZ9if^RR-^#57swDcg6aj;nI65n`~h
zE9j~>i!xJQlNhjO5`HL>2Nt`ioWRkCkc$-BwK4y=3jtp^InaC)3f2%?3#LZ^4>P*N
zBR~t%v|#?Dvk0>KwF&WWRA~J}U@ggD7CgX>EM!2R7~aH~@=)B8P=_{IOLUYw_@!J7
zrnc9hte)1c06d=VvoTCi&<B*-H(g8r7IXtEi;24bVn%zvoB~>&)=rU=1cM3~%JlN;
zcsdmbKkR4hTzJ6)GJ>m1T^+dq(#bNhz=K$&94rC+YNc^7L>c&>wk-U$!3l!rEGp<|
z<d-^10oBvWF}Wz*AY(=#1K~>XKKStqPVIN}MfAQD^`s-$;LO4>=;(EHBqqN5#(mso
zUa`{I+>^hQHVAXi<bi;Y>6?WnSZR1<_(1~GhIJt8oQCW_hD6BCRSSG(NzjNwh1MGh
z?ui!gSuUJ>XiNs-pZ1fdKSRF|4lpa_Tc?OYP1V#8W9H=&*aPLxqk!vV$}GW(A!eYI
zQ)8s5Q}wP<6;G7Z(_sAFrQ-iHe`mSZbXt@0wZI9kyZ=wJ{?m^58KEbUR~_h~&CLCv
z9?9nE0*!%fRgznWZ^m+_TEYd&U@q|6Vr-0nM%J(f0rr2*aXtjr0=M^o2#5TD%3jb(
zvyleub%PFvqE$Z!4RA;A4a{vMCV6V7p+As11J)1|sF&F93g*bPBEePWX<hjLnML|P
zr3SWp8D#89o=cs7Dag_E9RpDL#l416V`M-0PKM>Z)SM;SIfTD2Qeq=;paO6Xp6D|u
zi}zqsTVwQ*@m$tdW~DR}FbdB;vO#P3gAe;fpBD}2;IK&Vod2S?C%_Tt0=(CafBnHA
zixyApV1VI$+GOc9NIm8q9vz0{RtLvb0e+gQ^1IME=U~|6y0$V=WUC~92+AgcCJORt
zl?g?~_JF;Pm1xppk#z(^#^udi7R_#B6Gq#$4G8uMF!c>N0{s1BXl%)_a?KWojEs|N
zRx_W*g1YvDY(5q#SyYP?ilSls_zqlc!zZBa;<B3>eXpk2k@Vmn$vDH<0jHnBd7(W+
z!Ua=7QN<Y?kID$2>ILk}YnzDo=iw6zSHU-PimJJgCJqdVKC=R-ATY)bf#oq@^Og*E
zB=zj#`_Av{8w<NzR@FhM(;@-jEd^82sz62ff&AwHh_%c}46d;q!#>W;UZx~t@qoDK
z^K)c?<b-rWvqL^3^2`)j>W0NC0SqF1JgF=v=lnJobMSyS$a83;jS+C?l^RKa3<J?j
zP4g;vEm{LQ4SZW;z2~TyT0WaI47kpL?LCK`6`b|1T>$5)gHjX>ohER+Vo6_fLAt1%
z1;F|a0YXb#5}X9452xDpf0lz|XalMbV9BP`Urx;WLGk<3y_@_h9kT<L(E?Mf9F<Mx
z+4E(I8jFrV=b=-*8K(hQr}Fx7<=}6Nd1rHqZkIm5D9trBX3*gZ&PpWbmV|UXZ5r_Q
zEuE?|E=iU}{y*cVU0r?$;7)v>YQ^_%Z+Qxut!;2=j_AqmSFcWMNWo?of|0I}MfiMK
zA39LV-o5|CvE%9_Bc(yU)n!b{7062}^8u`lq<_Q7t1W4?o#kR4#@4CkeXz`cTs8uh
zH#>tJ+G-xYi`^V3Vft98W#&bvrZMy;fxlKg-vQj%i~~CPp7ZAEwn~I!=-t+hGr|W@
ze*79o02EtqS%{S>-f_}URk7BU=?jL6sY595S>Nn6aT#`ZAw$(nU05`tNyAH-(xS?u
zGYS2Rm+H*&?B2*=YU+FyXstToguOf3>dQ^w<p8#SK=PDL8;OtC0oDob_)<g9XKUq!
zbA^GWE|Pt=OJ-zGuIutq<GKq7Fn>_xyT);;cvahx{HE2%|Mps`KP%1o0w}ugPmQwF
z;wrblDo*=ULNA$^ZuLT&F<T)<(yGHgKzX8VeSC#;KR@p8T=JXG6x~0tjo$u?r=AMg
ztb;U^&NF<?)UOSoIFq#(Zu?#+nc?7_Euu@MsU`fpb;?K%yTaUfv`u6J-bUe`QH8S$
zxa)5>38`0Vt*zU@wKMCCj&Yl2|4vWFjXT2K<1gLjt-+enuB<1b2;UzeC=9vVRSy}5
zWGoGqA-J`d?=7U*B!yWC2bEc<C*eE8mh!dLoA6LYSKwu1AAVi9*GE{|;1BLjpuCL5
zY55!unw);&9j#ZpkbjYwq}8wTYf$QgeQCy~pWtN-oWq=Ts%qcsHL~y89Cj+bA>+l)
z*uZa;4y;}R1ey*cNU#cjA_!Ucl5f*(8c+LPALepV+E>e1M%D2qTfft2S3OSB?Jw+o
z8dbgSkSXeJOS~VG-fT;Vvw5(45K71!J;S_*7Wvcm=;kI^lTL4jj;eLG4ZN7(t1!TW
ze<y>1zUht`GTXY#wG*dGMynl8Sfj{~L(2UJQXb~se)ZU&8;T*@T71=7yWot9eW0PY
z<N-?I6tC78n);p<I*OvbH;F_)IyJ)7k0e4lXuyJl(um>g5=a!PIwDk-rv=bZ#O<KB
zJTwGpG6zbKZp9ry?|-nJts8aa8eM{y@e+isPaXdB<|F-cl`-8~^lc?W;odZ=pVZ8|
z7%!aFS?M>{yI-sP-KjqB?T9ICT;gbYUbO){DH($C8^n|I#Vr=k4>>b#FP@)_Q2fvu
z8-gY!(?6IcsX!#sTfNY=l56|Bk1Xh0uw@4r_D)PI6W74I7*MEwD5MdniXyu)@r--l
zikG8`^}2BQ)0jV0G^Pmo2~3W<6JIfzYcYh(pQ4s`k0$m|%8%gninf8B{_NNTpRD`#
z=0{`e*8LHDLpUxjty9V(89orfV#w!=3DwAjM}#%u&uA3j<-i9Xk{Ue$Cw_<p)xlr)
zKCdqF1W7J{*57}WYF(NxJ4)HR@{k{o#3|tNyS4IN6Y6L4V&?gn2P<SwIqG+C<Q253
z#e;i@mlQPFabd{=DMB82c*4WDU1pyHb(2}mNWaL?3K&1JN6^e}`cM|@-=1zlnxa;*
zQO>H~s|EQjo)wk=(^-Ftza#8ybxWo_f@+xzxdaPs&D}YOF9vG9kKS*vUzu}JzuJMa
z)BTvmNqZQ@3>mPEWw*H`>_RMVP|(+IfTQnuX#X-qMhleQ@V(#;#JdU$I1BU6ZdLtF
zS<sow%Ge{}xqKk9kr!+$I(|a8A+dcBeECwwZz(&6*HYPX&3{cGtAseWR+rfd4-qqC
zw-+cauvj<9oH<#0V9y^^ayn-^?T8fn(&oNUj)81x-Z3~aEsLtz4hSIBfZ~^;a8Zs`
zE|a)<;Mac~gn2fZl1cEm%d)ldNQmTBH@sk?$D*a;38JU)xELEkH(Pg8_mJB;Jny3R
z$jQQ0V5OL%`@7R@r0Dx^<+jOWq+9peG2|o1s*#Xi@f(WM_)%tK?PiFIbyMD<+A2XH
zg_~>yw(Mccd5cp1`GS|K?*;nJA+^%8FvC`O_8+_-_6#H8J-B`waso8tOgkCk1XWjU
z&*TcfE~H!w;@yUOuGm<jIu(oKjY6)evKh<%Bgvr24$h0>udC64^pA^=BC>zBd5cen
zyxX32&<q@vFB8V*=3o1~@ZqP^@);y8ctvzq#(SKg*oOx{>on@jRB5%TukKapA8gXq
zXFrzh4pyC(4PWN$F<fN)5pj&>;rVt$4MJ@Na-NE-=`H}#q*b`~X>)(^jjP<A857Ri
zfb`)^-@(|{niUA#ZBrNDf?JJ0tpZZakK}95xG47IeDxxWYZgo~{I5_iFTR(w?|TrG
zVKX=%<L+z+#JUd28XQa&lp4+~igh2ZrzfEsJ5BsCN(FN>_cicVIMjPQ&P@NT4-425
za1)H~ndgPEWWAK7>UBuh2MIggk+(F$qqW0vjcJy(6`L`OB>lIvbIYi^ev<9?ck}Df
z3cI<e)iDwvR`?4<+lrhna*JbF5<V{t^8booA0Sfs6s||&=8effWdaLKjcuG*sJpYf
z^m;|c0yj4CGJ<D0`i#5q%M&H@GJF@&`Q`pDubisB??ZJvS;83h`{|;?d<w!_orDs=
z6PmNK!y;OJ+|kNEuNH7u{A<x<WGZP)qlV#5s&3SbtmYtYd&p;KUSDyKR;zruc5X?k
zK_<g!?DaBN`kqR##PZ4-(+8uf@^E8@!ycg)%s8OfZ~peK6;WT<^<Bu2cBY1B?#b*5
zi@(P}ajQV<8j^>8paCI-j4u5!WRn+8ktX<z2fPxBZ_D+3BKNu;C#Na4VtmiO#wZ;F
z!f>-Gc0P6nd*X>L&(_(R2IpCH1JSSE?=HFdYC;pjVqXF6{><a%U7g0&(Zj`b24=6C
z!Y*c+S?_B@3vZsw8McbIuUwuuir4L0hq=(>+&<qoJp0vJyVtro>HQ&zXR3!?OdNTz
zc<vFqy{1KOw%oX0GALD<c8Lg`u^Vb`-Io`#6id1SwjVkWqrCNg^Gfa)z2r%n>$)lY
z=X^02mIr-5GglBu#x(CE>KM!%Ugd;;Q<Lu3?@wurkNcZMa$9#L{mU%>l?Mp<$mKB@
zepBRXXY|c9$h0oFWHYm863PbXjc>vzDD~T>a+t9=@+{8w$XL2Rq0ijvb`bG2+t_^2
zK<C}V_1UXW<wY{hu|h+t*qa2mMW?1lYm^N8@42du^3fI6RjgDV{uULiHL;#^{`6T?
zFK7;aORQI=3ExxxBaWCB7gdh%34zg+&VfO?F`L7u^gQ<{4BpWcvK0weE*>NrENp<*
zu+Yq)3|C7!9ABpB_YkU6N-e<owYQGcJP61}CD5qDDNqTPSM>SGXmR0Dyc7HTjpBqK
zheE<rxlZxwinegpXOC3z#g;9K#rJoWkVIO>uIGZ9OSAMt;e01T=bv<Q{%D-xRm<Hz
z!B0X%ahq4=>&?OIYnV+Nyft#uKkpT&r1LzWMKg&}OBxSPo`~lyJ#Bd8Mh5rW2N*xI
zrm`kjwwfzZ+;yVL-<1SLDsv~s=e-IH4__@|#Dvj@`yWnS+qE9KrG0L^oI0w?DYkC@
z-KOKdRZ+I<y7fdF?Vv~!fxOVrbB*@c5)VkqMy!r5Vk&T0n$iY#kw?i!nQW!HnZB`3
z2+}=R^=j-Rx8i<z6(vfqwuSDsv=wDGZf5l=k-<3KOe32f)m<%nKV9+;%hsLX%!3J!
z61nkSggn|eTHo}p9#g_T0l$z77gV9@cesyZeYt3HuR>3cB)(NsB3@xy7D;hCET~z=
zu(VW01Y#sb-C7|3W3`vr;~6E}1Rq+B9$}(>fF<Nq2>ghDX2h6;Rp?ot;o}8~!+fs}
zWJ`Y%Q*!I=$u=*xSFT7<`Z615bhRP`(?V6I3zv3#jbo$Nb7HSzf7Bq+Cfp7_B6g{B
zv$I+~Ej?ZKvV4$!q+EzmBV6OVeXh=k7;A*{sFCOX5BF5+8_eD78%d^=pvwnp^MqW+
z8NF(;{41|#d=Y3OhLY;cr-qy>rWw1liw%pH);V5%I4L_h)_d{BdtRxzK9Y!7y9WW4
z{Vn}`UE4LA&bf;@5uQ?r*h^oJ>2S*L>cOW?xvWjC<`Zty!TXOAw|Dh-KiYMzFSmI*
z|2XWr5vNJY^|?b&3tJ+1>1TL#-*Bwp0jhv+U;J>_)y6}0ZcIiP_)Gf5+bH5G_TsM<
zk3e+72Wky2cxoK<=d`eR7Ftw+1Dzy)l=RS^$~S`^chv$am9^mVc?Iw^k3s&Yf>v61
zLG}cu&6Hd)?V@ZJ!A#zV0!~FIpTgOe28&)O>i7>b!RSqQ2#AWd`FbUr(%;U6$SqcV
zv{)*rdcyE1&-3@ZN3<&ZVd5k3+mtY>Yq0v=3ht2MIJ)LNL2k8U5QW{!yj|m%mKrs&
z3Kv;Pa(`!^Q~+Hv3(5u8C822ndx!?@x#YppdeyyJ>A-06nE`njxO^uUY{dITQsefE
zcb&{~jute6G|N#MSQxj#)84^1&1V)AOQ6eb6V)7}*L)1ynfugdpLJ7?CyAoAkDcqh
z>S8J+?O9~H8j>gtE(;U$<s_O|NbR;QcXef!k<9Gd)SG)oU5<skn!!m&#_(FXK&sO8
zZ^M()<fXHvsB7#nCZ^7!=R34xJMqt3{8IU8dT(e@$V+T7p_{tMgA!A*ct#L|zZ8xW
z!)EifELp<1d&OMI4IdBX?<eRU6S(W>969+Y&F<S)$+P!3+aoz)^8|~&T4R482>O>u
zM0Xf&<2r{6$qHTAJ#!PXQs^mvq3hJ|S4FNHKD}QRq2Bh00H5^^%2eJ#=J4<P);Js?
zD$;hE-D{MClZvs_4#14SPhJvVPKC(?i@+?`tNG-uGMvm|&8(jFqOIV_5(m4=sKsMB
zyqN(;A146YX&rSIS8dS+*SME>%SU`9ji<Z1BN%IPZ(9@1_AH7aRc<)tzS`?M#Plqw
zZ~_$kN2;dVQx#UfzBO3=Iol64lF>(>$df^B*-aXyB$Ahgzf;TuV5Zf{&g_)yw<;5<
zZts2I1^im?@LkaRlQKPcP$BTM>@@^AHX4h3(i9~?be?AUGxqV{PI~4qObmX)AG%Iv
zrIEmmFZp4=I)KF>)5ujBQ_~mvt9Oc>$7=qrUa>+t!98EzvnVmbN--867Sh;h3KN$m
zETje*xP&T$g(3~-Rleo41%9(7IPTocV8;VXpTY#|;65KYv3feFBH{mhq%kq<bze0_
zZm|V{e3^yn6t#br8DKkwG$f9bsM^3ceGl+bjh*HXz??JX_IrMAB%QCnGS-=zvO}50
z=3$;20h#d2JaQiM5Q*zjw-n7nf}nAYz?JU+z@us@FFHyUykwfBnB19`>0^=}EX-#E
zzx(WApg>8vwQEq_49G(>cLncaOp^&ln{9Bo$20L(4t=6PiI9qQS9-Gp<9U2%0+Y&4
zCq5qybc6peO5Yf@B5EWiW{?DDOby~C{$F(s3f6=p57vf@neH>ug9j@DyGK_C4miXE
zaSp$Eo|t&85&HxpkU0{gi(SFM!kKwT{QX_9w9=V6k1oBBw`}GNtZF!f@E>uYOl1o?
z{+O98)n=*KWUo1c*P{tYk{S_1YuE{s)1ZF97a&$e?%PvE%E|2WDRQsg{ChK3sljge
zsJm`8-|FSTuZteKZo2k<z?jgKbO9hPv(#KG?lO$67^`?FC%&xDK9pzARnK{3G^NPt
zRJ}`~hXE!wO#h=xp#*Q4L4$2!$@4Fqk?m~x`dn|7d-*#B?5098!U#yg3X}@^=(_$*
zjbc2v_AwC(KE|6{>m(W({DUuhGGBq`nhXD6KWi=|b_t?N{%{6bKekI`M6z>IE&Bt1
z%Een%^hbqsFmmQ<$2rj!ZKu#W9S?9Lm}slrHXpa}&{30tVuB)tS*=7snPYQeX0@e(
zW@{y^$es$`DA@DDTehG~{!_U0Ta0QMx%IK^yT|3!U{{2r1wpPFM^)BdL5gEKHu*eZ
z_(sQ0T$LYHq+Hd8b3Iza#z<@IK3HSl=itLhY%6~HPj2B4Fu@R}h?<<giw+ltFg|Ph
zdZ8_~rSdpZnjW?_95GOE(>#?|lxwr9-6O5@KZWF<asvJvRDvHDMA1Mo7$^?*bVC@n
zH7$oF9eDf-u$8`OKFBXgq5b4B_<Cl9i-ybXewP{1ltQ7|$>ZQQVnp1!It3O6ZUDm>
zKN4Y`r3Ft<hC<|^9jpgYZgIsegI-P}xE^Z$F<0Sxb)AfHjl9Q&%0;rT?|5W5ZE{s8
zv%(4!Z%rI+4zCTTa%JC+(krcxV>2gCz;uS{8`5G}-grn3E>G(R2M1vxSMd71VlJ6N
z(3|i?gMfi@lDz?%RX4oYP{CJuiSaq$dxM=dyKdz@bu?vnO4v6>8_IhZfBO~q2LJuU
z-G_mqasNPn#B*n+#^7$^!|Ndfc%+Ky+EB99c!5%HbR`1(YkgX7yD84PmrJtUIC)SR
z^(V-?8OsvU_Gx-va`8OR3d1d_c5|+!QNPYgElECs6a16cwA@bf;(Vr^fwJPIicrCk
zH3b#%C(xD(W(qmQL_SIYUnnmeJX;3E7=Dl_%VDl6VSEq9tNBK5^icTO2YVi%;wWA(
zj60)`^MMPaCSSjYngcG1IM+eWg|<n;6F33Brir>d^VM_%n!uGRLoU5G5ru&5^Pyx8
zQZId`JdE&86F7jINbAgd?@Tl~uXH@v%EkznF2MYAG@(&sKU-U*5KUp#@@the+|5!+
z82^!UAd2|~Z_C+uD)A?%#Td3L8$l)T|9tY|;QUFtk2DK6Yl2YGDa3jH-V%Jh+UF7E
zqHZN7vML7n1J1BS77ao0YQVOl^>u`p=KdA)9$2!O5rixhf)d&oxq+ZDkSjh2lk~fI
zkytSBH4;t`GztHS%ypUvXxt?37AAO<19)e^!263?$v}!aojsnGUh_E&c;##-SsfCd
zJa_4RLyOvg_|Y1p)8_472e2_8BQ#7d*vChvAbyVjYnje)@4NRS^o#d{K!Hh*B<9HA
zwH!h`L&JOk`=}mx-2!s+((e$nuZl)SC7IZ1^1Tu<NUt7fu^P?rm<WBL#B2k;cLM%Q
zy-lKihkx6zj=`J>32;>#czP`!6;wohn#u7L+1~Mt^qNGlEPol3c@UD0<)=?)2%h5K
zHX3mGODLE{K`JS}oEmgdOw8&xwA-c|9e?i_o~bQYN8`@w-^a>@a=|O+Y)4{#=3c_q
zzQh+}h!c#CJH@ON|DG5OVWpsojPEUVYfF`|fQzD+GX;{I(3Lq*Qh9agW#sb)z(Pu7
zRvTwlddRHXiUC$p|LC@!-{nce1X1gQkPy<KdyLg!1@pc5oOh4&BbXMh3DUUDUZsn=
zmtj2#c(0l8Ch%8>MSqL{07J81JP!=~nfd&d%Vg~fFn*ADDONmYjKv^&bt^1b$Z5V6
zPh$%oDjIk%el*pT8h)%Tx~)(s%NT}16ntyKJConW9C|ITdC$|NcLbj)Cf^Zo+(z0Z
z7ChFBV3$=VFim6}<F3?s|5QE2<TVKj4Q6%Co$aX^lqWt?XL`X2`tT^{Ovaj&toCxe
z2cVKH9q4TRchCO2e_u1^36#8s>ts;309(@t=vXS+@lQzb2QXn^Gx14y9}Ps*mc`L)
z8ejkpTI?rqsql>iYW_2wT%}4Ff~CJ^jUt|CV5ceZzS=EZ4D9i4Ex!L*%#DuO>0+Lh
z|1M_W_|Bg*eQojX-@aMMmCB(zhJ+!Q8?c`I?FoW*QzJ=SCX!T2Y}nx5U=frUG?dK(
zs-G_{zZMjBR<@vv<Lyj#ow6DC5+*g3{fE-fV5pX`G5igcp6?IX!+crEZ~h%8{%wWf
z(sy76!5J`3o7Oh_S>8jiiBkLCm8#NfmSI+-S%FGb*c`>4g^?r(+gWb$zw&Om`@)7J
zbBF=<Q8v)Xce-5PLePFDj^p8&t%zlw6>)$EZ@}?aT?dw7_1z&IP=cENv+0%<bj87y
zbK;SSd6cJ%d)3aidbyIg=%#?Xzey{7V;RgS$noUATbHZ-?9-o%?W*`h6&RR<7+I=q
zzq0dz7yho|ZdO8d1_K&zphj;$*DUbZMTrdj^iPDKcIHTY=QL`r--|zbUV{m?zj^+l
zka?ry99Cup>)(+k&#XK2Ct$#iRbD7@z(myZfEugFyf@Mcc#Z~~3E0~)&Qt=gzgHTG
zX;&Bs1l(PUU;V~7m_MYPT2d}$DO3ygc>#w~AvBqy!0cU-@9p)Y?_1q!ti=ne$Ll=&
z^!t~`cbjnogFtqC`~d=#<F%2X=|;<+dWy^}W6od`#h2n>(!*XegZYu;X*uiBp|>Vz
zKbP<s#?4d{|C(Tx*;EAraHZh%5!`K`&=YEXXNeGWP|1~nwLOrHY|HZb-;xG+GO>v|
zYvg}Q8X5nKIC2q}f^%R^r)Nln<Ab$90S+sfL@|^?l`rs*-D)si<mlB@pHpGtMuDMh
z`fUMH4faR+8q~s%`iNu$xHwbbsT-(qlRSJmQ@K4PC>SqCMnJ0^>5Hbk&4>yIJqg;o
zO@JOyJKp-5&z!Ofe#;}7Jm;0ZB9+t!Y&qi&;90QZzgTE*V>4-Q6?mM_nED*L5^)r?
z^ccyD7uto&$)6O*6MLES)Dj}2)$ze{{XcC$8a}QBjtdh?6N&X!V_BuBKuE+9!R9Re
zTKL~A0GJF+l{ibt$#^ee9?W*~S)G79eSYd^nn?W5X!JQi1XX9)o>x17SCg+><nc!^
z6B~&IDU>NNMqv=ebONQO9hB|*Nus<MDtj`EAgf#moNR=4K2<>7kOk!=kc`_j@EqKl
zD`-L+mOd{3G*0ITia(zVHD$I}*Q?u1f}tXwk@X0N`PPq*F!UzJ-q*iIteLyT8X2!6
zb8}CY6Bg2VEU?_;V*<+~wr(>y_C=A$FAQb#c4kbc+<!J6#AHcvkI1<6abXg26B?E_
z@Jz34KDw;Aogm!G<P*ZB!2`SRRZ~sOk$^R6Zgwa(4rx`(bl#KL(s4_2s{{I$iO*)d
zfM89)@51d6$eCt;waqU3>@9YMvT2vX`Zy=(QaSY#wzPilBEgoSaISg9W!yUB64_=v
zj+|uKnXt@@p^=h&i!y}cMaZnmokc~qc8jp+(iglO=p?FJb>Lfx7K1DJA8UG!HE3*O
zhJnKd9|+%w6I4<r)L>$O&C-Ik3_@E&W`TRMF5Yi!jSW>`z3fNY2Z!$&pb3T;xZv<o
zgOkTB@H(m3znCo7pP=~IU^gwux<M&u&z-LrJ9b*MJopL2sQ!gkyDrX3(6KjEX`vo3
z5V|+woK1QlV)14h2vY5?>9!EIJPC*xAICNnq-!?mdAz@UCu={VCqLA%6y_B-|Kp=;
z<32y(!eA#~61hIcK-Uu_7!AI;G}YRJgIdwUHzX;jwf7C1KBsW7qB<`T+10oFY0@~K
zRn9(rAa&5m&Hn79D!PM;=3u#(uWRKE87(cBu?#N5wAAGepWP39Wb(wCPLV44M6IPt
zaIutNCraPII?RTF&ljk%!eEvj$lgm0a`14i^zn0%58{}QYrT(cJqNGX(?MTK2fCCm
zlT{`QDH0pAChfi-kIM+8=7QQ^f*kx}G5taoFnH1jF{@>yfdJRhYwFOn=mZil2gl#K
zum`t9t<C#bcI2Uw7%adhb2suj)f)zWV2znP1TEevEN9&#d(FB9w4nua_ues*{{kGh
z6|m0=j%Erq_OF-<n`N0{Rp{6CRkx#~qO4#dw*YHmT`c1d#2r5Yx?B7Gk^u>n1!g#6
zJKS~ykiEJHTr`LpkKqAgv$q1QW5O#~@8w@&91gU~echfcwXj@QDFwY<a1_Fio>Usn
znsO#eJ&U1v*@-em_6r=3{m{;TuB%-_avtpdyNq|qBB9ZtkF1Z>CY~AX#m)8AD0nTr
zJv!mM@1dIA-&Y||Nq3(W?~ow|Jb`Rh-)r{z9>Xti2&f)Oi*XrOVo3*Kti65xcO&WU
za$(8o@vsl{>C^b`1+}3oj)Ql^TU5Li_BpXX1iodm);cJW;d&7b3BqzHr}Un8qE>CF
z3C%sv?JA+<eIBlcj+!7EBG6A+L$W>0)lu&<U82=J<Oh^7&pgQL%71rqL*eWP-&q}O
z4^{_1RC14VYsSAm5wIL0Is`uDnS;muJ#FAFjY7fkSZxBG`+F9TJ_Wk)ih|No{EdGf
zfT@A5!Q^C{Qx%zh9^feO)c+d_7SB`6`Y^y1PEo9=cE9Gq0&xw$3tWiSm=*TR_3O&B
z9!3;fLp@w^G1IBNW+Bs;<u>|xEla!$SPHD{DE=#7MnBgHAE^Cz90bQ`2Rn?{mU-{?
z_^?wCDfY`M!0gm>kNXigC|O3Uv}Tj>lRX5ds2qV^?x%Vyhd?8e1_tCb2rd9YG?G(~
z`t)8*6h#ZjA~eLYWUwAYi4__1WE1J{&r<<~%2f43$Ec@R_^n=K24vola#|oN6r0it
z+Z+oIixtZpOEOBgh=h<!r$py{3WP1&&zHCKm=^jLM9@W$l6dj(0-XzrPxKct@hEN?
z$%DQ?PZS*MZ1<G4Ak~65KgbNp43bEhFjuI8kHOV^=(}fQde0afFsAZ)gyql_uJ>~!
zf$HSkSm$7Q9<)8X;Wt{b_;*}kmQK0WS>1SYDO~PR99U1bU>;;wJ!VEsq5N+h=bAq_
zmTu?iCeWa55qBqAb3bRJ<QyQhpbAcDrsEn?7D;&hRxZpSIMGA7EtW!Hs5XQ{fj?Nd
zKye;Rm7DbwF5wXKkEL!`tR6g8LigzgJKaobWIXeHq8nRbQYH#9md)QzgW(Hio|BeX
za?;I<2YdOe36J5*xF~MYDKu{h2c@w)j4ks*k-{z_i*qg$Lfv>czsabDuvnr9qKL&)
znbJvuP=dPxQNqygYLF}3&e1BGG^fSqj@kE35ISFe+l|*R?TV65WPybwLy=>6QEm|u
zCmEW=N92VgcQ^RX3Q2bY{{VUlSv*-W85@};nG-@v`*sm~$H_Olsc<t11`wAJCSIUK
zuJndiq!$f!(!q_GGj;eqn1H6LKXvBYBhL56%*D-KYN5dt)`2kCZcJqTo_3A-!wFU-
z;`Jd2eX%`s-=srVc*{pW=N{#U#WWNs;}7fsvu>uJj+TLvc02`jp3JWv1y-vqiRCp!
zjFl8kdZ6h+%8I&X_6vPl2~{rX!$?vl8a9QVT(aBgH@hm?U$tSWe}Hm$I2DD9-)7~l
z8!G-JUl0mRyhk;b#p!_dGcylGL>S5&E#=HG6zx#TH6F{wVDCqYfijcRKa29Sl;z;c
zgedI+=hSOHG7u1^0Xs7BM}8?J`UD}y5W>6!?5;Hm8hWqHW_a2NEh%18$#K63|2(+w
z&y#Tv*%`?~sxS<Ck+ngiqeHZMYv;5{K%3eMpd#x+Wm^%e#Qbira`&S?2BL(}JzA9F
zI&ho*;Xdv%&E2~9@*sWAmB$b$%pYW;O=$U??mFx?t>9dWe4!D4eRXkM$E%(#`n70f
zTv3umjKOnHl{oy3;e)*#e$5!}H168$5wcSRKc;vv%LIAvgZ4`eQS}F&(ZU5minuHH
zx^u8AxXEV8-fUKoc?_tL2k-NIGMY8?9=v8CHGZ5%%VJ4qr2F(5eL)*p3R4g|{#gVg
z%ylbOEQ&-A2-zF4fFDL>j;mZCmU!CP?)FIqbCa%mxnOpEu;MCM!bRiZf|hFl257g?
zO>=@_Ws&ynFM6`&GhCg_9m=}(#51PTE=C1EL4)1#a89yMLWuIB-JW<vE@8#aI*noP
z;yS6NIO`q@3cb}3eO(`3FcB&`l30Ow`}XV)wBY21M8w{np}8;LZB&NzgBt31oA+dS
z;$d&Y%wBZ`hvBB{Ekp=Kvr&?bBP`OJmAnzw`#lLP+x$GO`;6v>t~+<;1+jRi{CIDt
zxb273V&ZAP&Mv;MMaQGO)WvToURn@#N+Pn?!}E{`^#;mcF;<!ytwl@J5|3iep~KGU
zu6u)?nwn{=lFn0d7S*46+>D^&85zJ0ra*E=?RzImop<5<<_i+-@fo;_D{xA#w|E5v
z+m6^?TNE1Xs05Su-BD>O`2<pZdb-G-x3Qot=E(%xOO_XB=QdiUx-g*cl*+C45WZ0)
z`$<+*)p6Y{KwpYJG$H9k!4r()+ZVVx3-F3>qcx8m&_ab$8k!M|Hc|shvoEwK>F(JG
zsopN~*E3P^aXwZdPgBO?`!)&Qer7uT=`qPr^wO9;Y=&<pK1MpA;07)F%B|o%KbS{9
zF-Ye!6<myBYrqOQ!PJEVfVRy%y(a#lRW|WbBkb2IDjHt0xAI?)TE3bvuz0A*(=Xha
z*WJWfCaYTask1YVkp>IBD1>0|m01%1Q08^`G@DLmVE1B|wAs-8zB}93dmc+QpMrZG
z+sJN{u?=iv!Nfy<bkD5nV<}*%!$PUhIPKu+uOh7D*|Jq<vDEW>N|r^@Fsb=+EHgMm
z@AL_U-e2o&>I#4OVAX!ATwnP$Je}tcH^CtKJc6DFfk3)hZM~ZFnpGoPA(F$@pVQ(?
zLTA7rAEa3!K5tS#=f=?IlaZk1Q(#1q!|KlTO%we!_1FdXDcK<F6SBI2PM;wq(WG?2
zr6`_dya7_+cV+N3Tb?o{$h~;$_yQFR{xbK2Ok3Q8ol?8vfq3*|rECTk>SqUxRMRBf
z4|qPAO|Vv}X)O#yL=~iSepb+@2^AtC4__&I%(oF}7WsCp-ufF2N;`MKoK}B5%Bt&e
zm{z1XcY)tZyqa#_b%_NU%HM-HZKo&Q0zTHKkH1N!7*mtLIW^{%_uY=GjTajNca{ji
zf$YJ;qoVnbuGZZ#b*$$#DBZAbBBo56Ce~k&?A!l|h0JCh#`B<Cs3bcVBSmWe;4*m~
zyeq*}pXOBQ|MNppkF#!dNh6BYvwv7#;YI{b<%PlphX$9A&G?1LHV}w+WK`x<bSQEu
zY=w>vCVO6O02Un(M`^90_&6%=xyA}(qU#(XxNy|6rcY+n=mi+~BQ6v-Gb;t2XDW2Q
zu!DcP54U9sjcO4muLD7F(s7jP{&QtU#Sd^~OOzoBV;sgRD+*dd8j1Q1gx>B2-_pL;
za!jXSW%wE^nwUh7rxIAGb7YyKR_MB^ZZCQ9M+$&Yu1!qUIZmB{C?0-vc58au{RRq+
zPx-^Xlx+MzfQmjXD9U#~*JZDP0n=8f*esuZoyVPWsA<%u_I~~W_%^JM0>3;H=Z28r
zuFPh@4B#ojb~Z+f+&R;oDbF50)&%$#eO%lv7SfmBP^_EkoZkUP6~I%5?eVI9%RLbu
z&G;=r)NY?;Jk%w$N$$9gSux&ad@E0@h*6!$FZP%NI`+#2UQx|34pM0?#jXN)Q@#^F
z@5aR&rtL@kpQeG5Uk}c&Q+Fp?Je_>TR)E0L0_ptREtNqO@e%K+ta*FCa=*1@H%G-i
z`tr4(;JoW*)bHn9${AhO#2r||_Tjp^uiF%0fB&ZItgu2|_#)II;_q6b>#WR0Xf`b6
zNx1_MjW*@hRqD#B@RkO6JQ>TB(7`_N@oyr}c_7K`g{161fqI>PuEkRbdK1R#^Av~(
z{NJBK2;v+!>A$T!VAfp|_L|Sq>}cc5&;5Ry#%C`~fXBjPf-xrFxz9c*#0}JX+I%>f
z=DVsP!bGi|Ayv4te5V@bBu+cir;-8sICq%p;X{_ECO94JACQM>?zmEvYj{jBT#2K&
zxe6hKsW4Tg);xa!5KqlgR5`WoheEL4oN^0jbG(o9p9Cc^Sz|(c+-~b!t>ti*Wgehf
zoZz8Y<mP%(#sGJL1$Vb6KRk$(t_0v*L02&P_xyPZ08_jt<9+H_Au~$0wedV;>7&g=
zQ4_4@y%X35s+T9fMyt)bM|4g6EHi|hD!;sIs&~_Z^Qr{$Y4SY&hkb(pM~8$}4R@u-
z_~9zIes8|IeYXI&zcBIo4X@?|lK+4W96qPuZN>ZWO5?U>NP7LtO;*h^T=CJgJnbRe
zcB<UQp#DYtc~o*fz>{h)Uyca}cVuLk*oQ>2!t_}>$D05Fl>s;&OQRG+Jb*^HzD?0l
z_{)+0huQ#pC9u<jdVm#wLe+Hl$44u`LfWY73<AU|M9maT16E(&Jv6h<KLWG-_#@Na
zNaCMB);o0`Ve`DKK%RC2KC=Uma!U_v+oHp<-apUtewtRCZhajtH*OO}SE;0b6Sx2;
zGu&F}=va6icSIj&0SCyUB{&>D7j&A>vS8A6ewcTJmv@6hBl&}RRL@(PcrM`uwyoPX
zGyk9!GN*!O=<^1<89qkrE$SzNHh%%iuv^BYF`lmdqh|~s89}Xh2{Ax@MsH<rdn(<?
zF@mis-=w8>k)ZN`$Ntq{vYRvrAU~Nv7(2}MmZ<_`RT#yicU^U#%JT<Lzf#E={UX4Z
ze}jB~3qXqOIMInG7-lkhJ<;DJNY<kLHIn%tLs=2dtGEcv2=(dCjx`YZMFXF7x+-B&
zVgtlz30E<FQu`&qAth7h3woX~`~%;-$jHk*W-fJ2y`@~CZSR`;O8Eionov_}%#dnG
zdi37*!0IFz$m<aM%L4-pGN57JQ8fM0<opv1nD>8ldn<!gPXPBm*|7n@s5RgU$uPYb
zL%@Ung84Zh7qN_a2u@tY61C<;>0m3-GaO2N0&1Od)b6V)g=AWE0Dl&NM=zr1LaYz}
z!&D8S`2gdmQ2YPL`s%2ty0&j}sG$*tkd8rW=o-4ELj~y)5Rg&?2^o-X7zLyo6p>a^
z8bpx15kaIukOn10eE0Ewo_DS9{nqjyYcaFWKG(kXudb1kHxxY0fCaL6{6arXY?8h~
z$K)^XCT!i33Gi3->%1foGWfg`D8~P0o%}C02cg~b+-?A6j7iX=Q3vp-D_DEr+ZhKn
zq37myd83X=?KpqY|Buqjk+{Zr$+<mBn;uN%YNYQ^Z%NDKq~fj#KJyi~?|!n#104x5
zG8ix=<?C>^^k`lrlaDb^9{9F+cpfM@fC~YFshhy?o39+npt3%nzTw0pAXyrjZFE;i
zz3C7aMl6FzMlXnpfRX#M{jdea5g%`5AX(b9+&~hLMF+~aW09aJC*%BvxU6aI#D}(@
zCUliycOL~lN}UC-NkY<#{h}A#CBz<T5bwSYu(i4M=Zc{2s%Lkuk7TbYB>G>`k)uY^
z0XS6E{`v<s@VMy{LV3g<Uk01Lwoxc1XTEqL4d7S^4sxHas{MTnYJx7<Ykb$Pn>Kk^
zw8}2|&%GB})Ow|JoqFaOPEsy_B^doDU*B%rYLfoJzXNc|va6LefNA|d{3DVAGnSNP
z&$J2dxb8q4$|~Qu2JOW|9~j@>t=Bf5fBaJGBVXKleeaLB+)}mZ#9;ky-w(ib&HSo8
z0AD01C|6^cU?L%L?{F!!?Nl${&lk4Rx><9uoW2LNb9Y$-SE+lbsT7}p(w6;mXU_el
z2irAWu{h<h&WTc8a^~v$-^Mt+Z+L+cP^1S@D?c-{z#D9Cco*yZ)B{xY0}?yinrAF~
z{D0Y<LdFWjBSbDprV57!XLJi`(3`SJd1N*Nh+rgwQqeW>0NT;U&%2#}1HsJm2nsoE
z*xe=XO@8VaIIch5Re)H+rv|5D2&e()1<*!EsL~PDW^MiDg4l4U^OL|;7w}x*zrkLJ
zO!ZMADg$_Q{R+DBfV&Phx({dt7kUvJma}EZM$6Qf7%Zft49@5Rz^Rt`@5~Z<eTxHI
z%ZUVKZrkkZEMG5Br+OU)pi7|2dAfP-J3;h7T!=u`G6KN&@16rXm#M518ZYEVEfp6V
z3?Q;Q>%&?8&-YR|)P@06Hv%D0{(u=m#<@E?JhyvwyAixoPVU;_vC6@C!LO?=-+To2
z2jK&@u^Zrr3{u<aP`8W$0f|!vtA>Fxq#{a5!!eMS;&+NLKCc6vf$EQfD1k@!P0GiY
zKSM#i`haF00ov|6pJII!;&4~YCKHOx#nW^M(rA&ls;w^NE>;b<AX34M*sRi|&+LVn
z4j2-8P2D#}S(Lbjl02jtumgQDuaFvmw`{EFO+$|oZvuOrJD4(#b9DGYBpV!FJb`jS
zZ@vN$=6mG(Jc1z$@OsM-&<ovm0t0f2m(_2ufX^;SeF`4g@bTv42!IFcxG{C003-Q9
z`Fuh`TZR9k#En1nE@-Vx#jhRG0=sRY8$gwFmqAKh3FiQ%JYIIy1^8+IJx}z)BzFP!
z=kwh3hA-Gg_B5T!fTr{UXak9bTfFihcq5|VGQ5GFd<^*9SJ`BHGm2eK7l7C$+bN!2
zXd?Cg?FktW)3S|SZQw3b2XC90W>~Ir@v(JUZMXmz^?qh2FbTRz>o`1n`mbQYoas}8
zo2jQ+X5m&khKa_N-U$5o1OHEoWm6M1S?3>EetJZM&GRX51?wq`eFqg=;+l2^_rd?@
zWeQO8VPdZT!Pcd;<d$Q&8lrWhUI6JrOu^@ytXxmsaJ@Rt%I449^Fw};hz@k~2ob*V
z&N;>st0&@Qb03&M&1p1FOBnQd76`uZ>V#%=vuy%)Yqh02{Sm;ZnafU(w?9t~=PAgq
zvY7G#j`U5o^M_}pp+<&KF^cO1ijfhZfuP~f0xUp`vM(O6sXRLalr<zbNmHt51uL1#
zqx>fXIBAAssJS==9NlR2z?*WHHhBPelN|Q*pxJMC0QAo|DCt9=^UsTU0@|bTtJE>q
zFyzcqnUQ1+nm5pp?u;tB6EKG(0IDAb>qNa#EezU%Q{}KrUE6g*v&el=ih<lKl;W06
zVCjz%kX;*p=knt0?34KKJHRp{4&(}>_nU?c!A5#Q@Z#pHyV7n*d$BlSu-#Sg$eAQi
z54NU6XSw+!#-2VUF3AG58Gzf9id1gv&ymeykJlsBrFDIO17M?ZpvtHav>l<TX}2M6
zxzMg5+*%-umpO7Ia{0<KuunF)a6Z_X{b%ZxrSw;>IV;CF9G8-1!e+49AXu|wBqZej
z)Kn^r6%UmT<+c7f=p_cjBAtP0RUG0E87lIf{2$Z>5z?H$BkR?n6B&Pyanm@#1)Tw1
zitN>&HaaO?>__PGI{pEyL=k@nWAUp5NPK}f{RO<96Bz|2fX^h(?cDn3<p^M%B>JT9
zPYglV;jqbV@Fk>x?Nm1)3%M4Im-?kIqwzV?zUs|$KsIlV6-HFveD(awqoehaJK#!s
zXLF*||CW{iz#Mq>w|@gk36m6c7k)g)TR_>)ZF;jD)VYpx_RQ)g%!7hDSJ`AWaO$Lw
zbelMRVOHs|x76&MyAIyeSAvMbL2nSgK|iB$1df9bqvH7<anjH*zj=wxrD!%O-~fyG
z{BR*ee4Qs0Ab}&09=&~%zjq3v!HB6drM>bXN)8&s$;tgx9U{v#7mr4j-n8@qeC@XK
zV{LlF6Y%;Kso`YXO;s4*$*}ep^_*);OtLFAOVehm$YGH3Ti5IPY){K)&=9o-9J3ze
zgP`PC6kp*=->g%MrjX2)dr;?+K*1z2$n>;o@^-C5<h&&13T4DowiqB!`0O_rMag!L
z{2#z@EhsA4b>e&<@BLdWJa0G_EYGuu-$}^zOS0Fq0ju=&&ZX>RvS=A-!riZ#RT!1r
zQI&na0!eTnUu=KqTd4iq??pnFDh(XNgkMRAy1wA#Zq^M`;6tDmS{}IX0%^HMryoG&
zSgb4W+<0U&JQ%~Kga1^-udL94+ZVM9<Xz;jYsCyulkv*(jg-*sh8j(JF2)=X%ap9d
zv<!u2LPrfuBk4~SCKu4fT}XF;O)CgyyAV;ZxT1_m0&EyWY&<@tKv|d5=4*03qW4oV
zY#CrTe_?9=;)ju#DP{2TvS)ggO|hL<Y6UoZ6rwXrZebrdd<RdoTYbMl1?rfj=FV>r
zwHVV;kOr}^`8X~3^(|vOe{XHvH6S_TIXKdpbL;>G8&iTg2Smk8Vk&Am^Cs}YqP`#W
z_Pm#)C_7#b>E(*czN$u(ERYCOOH)QO(QvW$Iuf;8Kb-%EDHV$9xD;+G@dNp-SwFsi
zvUJ2&b|BgUTm$n)k~6#GGwy@VwG7lLh=!J;Trcv=Lz<?=2T@7e*tL~s!2uha6N(fk
zu?mb;eonlv(0`H+RX`<z8QJ_UxBLGgJZl7N0*}@iEt59*N{@A}HtVOM&dqHffk};7
zU{Swzpd>z@(L2%<AAsLAeKpMs0SdX11V-`g9B->VL}rzEpZ5izm$%PNmhH^Ify?><
z;QQ-dH#?sTQ;heEV{XwGGwccVi<&+Td<SxDEYvdHgLxMpgaGT?Fa#YdyxDx2wr{$O
zmeQ9b&9C>R!rZ5|t4a9G0U;lkRCYKlxtK2Bf4h4-{2G<CXM@gVmz--VeXb56S47H&
z9rRivHb1WtkMe1{zYG063^?q2<TuM^#75qLYmfgUuh%y1+sQb^PxUsPM_h|F6RV=J
zBbdzVACT)he7Q~};;-l<b^td}pD(*Y9FckY&&ykHz8lD1kBW+=j(>wy&H=L_5t^FK
zyQXh}g>e{&yPQCk*+`#ByFuWahf}W$9p6V_#N8U243`SmmKa5xlr&N6IKa7gV@a2h
zr<@q;k2f3u4NiWQ{^2uKY5VYJLE93z8GHb^1iCxIjUY4gqLv>Z(<~##Uv1o%&X#n)
zb440m@pd_42_(dz+E7LoM9a$#DT<e;D?g1jr4J@ryaC6>XoL7@_0Z?7l9E@uK)=wW
z^JnDya%H|r?P^0wUJH%I#{{SMdT5IwTAC8~j$%O&YV1Gf=()(bIA|P$@#b#(ENx^o
zv4r<Kcofz4yX`B+=g>wL_%H?Yer=(i?y>>#IX@BEi}i|a@7TT4x!ZdFm7~}-X#$1d
zZ<^Z^amq=wc8j_CX=$5mvPs%~446S6sPNt9888My=T1uitxLT3v$Ga>ofhShP>~m~
z9LsaX@~_rJncaFp-h#^7B2M`ujh*A)9r=!A@xtLTOXM)ssk@^4okLS$YIYR3i?oXS
z5U8gTgH55q-kJ3=C%5X~ua#8mxT5K4@Xat6y3+G>PRRW1SvuAE??E}ilBR#dfIgK?
z&R=vrI+>#0cWp@ZwLl1HD0hx(H&;eV@nN>Lqa`citp&BFe!SCNX++l*g3aG;xZ9CW
z=E(ZB(d7HZXNcI|d)Th~W^sz2)V6F3I}%$&HB);5$S^%5sSCOu1Bo-0?-SRIF9Y7b
z!Cy%32B!`rfg0<9fx^S9mua;6HqPii9wUGv=#0!QtgOBe_Oo#Hd~CibFDwyfXB#>O
z0}X6f^|evk;m&GOF2VNNEn?+<aw7ek6~@I-Pch738*D#{(TM7P0?2WXdPX`Qqq}F+
zA%L9QK0vdK_lU|Pa4Ye&e%alpm$J)&T+Zf}5Bw;EUA}_fcP{#z1BPtdqA4<wp>adz
z_A1~yVxOCz9fGcB4zP#3f5g3JFxgT}{TZ^JyDwjNT)W9Ut2y{5o%W12L}c76AEblK
zxLTYI({WAL@sL7Vy5GM}4DVZhf*42TutxXyKl=y6wTDbV>wzGc%818(m1!*21beX5
z9l1VfsMP4-z+Ou`4UP2s#&x>`9LPstlI+}0u0??rP|UQ(-xK{{&CYZksmU}XVFNW*
z^Z~r%gb95>A!1?3yJ`07_CKsQOkds<Is!=?mKx99zqn77#431Qf$@;!yo@p)yrW;G
z%hld}iDLt113$AxJswIBC5^cG>b3<8fs=!4+3N54D+_JB{Mqh(V5le#e-OBI?xZSu
zNL<0<t6eQl`~FnmR?~rY@{v>S(#Ly)Ii}gyQs`NW#*4KqllGnP1^CDgD#;XE^$SuW
ze}-eCaR~)r<ZpMEIfw*PM?D=>X4?W_djdO&^ZC|`tZSS?TT)*&Z|_=M9-$9g=L=#7
z8rcQTpQLlSKB1y)wqt=?X(__gXFf}si=egUja+Ipe%f7j-FH}UG;cZ13GQ9%b6M34
z9qNuBJ<i6bkm=lY9dSAI^Gs`5|AJbzA8;SY4Gw(PQrOldMYXEdfgS(Bs5tp1;Ojpb
z0{DR`yqMtdod{f(S)5IRhhNJ^R_0|OZq<^5VvRF}{y^sIHJh+2b>oWRJ}IeUovHp$
zUxd7Eh>dtC^Ni?(pZTn&KER{EYH9>S#Oj({=yQ^q?@vnh>CYF1-w=ol$4wesX}$LI
z*ER8G0S3^m+y__^RKw=JUE9>Y<<`rWB8vZ1ywm7dv_ggg7P$pxmSzNk<g7y;wNzCL
zpd%=&1UIJ32XyLy7H&Z3Nzl;gVU-ieuu60eboz%rq^JW_%iE0v!3<>F8UW}HM~!&M
zm(xUii!K}j=rk+Umih`bsQC;(di5cFhZLd)Ai}Y}e^B$xsqlgQ)0=!CkaN9De22FA
z&(AmSEJ_uAW(DK}M8aZGY^^tdSLkC>BxBB1>5nOWJ#dE8B5ud+C61n>xLfHi{3pPQ
z>NHud_;%p&7HMBA0Ct-$?LSx~^>TFbP2<!{<2~NL=Lfqo$zmU;GTjjpWcn^N#2rWB
z&&AQrd)VOB0jhF1^2cCg>Qu27rMpCq-$&UdAp;=aew5(mhrj^}nED?Ba`O<JDT7U~
zgXT1p0cHI3w;sPlG=c}@IHW@c>Je~-%3An|=P>sMw59cD1r^@Ugjt<t7r;B~Hivr#
z)>>;iz+qOZRk6;JrHv8Ct_CLx`-yNvr97b~>^*QTyE-d>1x@_?kXFd}O%TQ46?7?r
zUM75-$RaxdW=Z@rgsFwA%@T+it-q{p8DbjG>3h%E%TlkNeF@wE@JYK$vQ=3yJ-~B;
zLwK#o)^TuL`b*NYhIo)TI@@G<F6u%$nUw1IZLH9reHom5jeDDp7XU$6;!&sXAgiE+
z$q*lJf)K;}GC-zFi74g+RYTKj<6HaT91G$A$;y1?o>!Qd#<p-}zf35Na_tn{7lr|J
z3um1Jg+hUi*^`h_rar5wU%3;MSdS0gI785l0YGgY&M!^NlY|&N1ug8TC=Hc%=$Zp+
zO=bFJ>NQ=(OLV@reR)V4g7?`iUd3_dhtjU`E@(z>t7UhTgTn$C2Rd?}=E;f;=>Q)_
z*vBOD;uOZe6`9KD=2?+utwv!h@IQO-8(SIU8HXEpz8x^ANBDeE!&Tc<vsX_Y=!vF@
z3m?UuL4+eGk*>&1WF;~PaRZTKwbEuvF|8r1)dh6I4_{$4n0kLb{<HVT!kMOz)tT9u
zm9W<RQ}s=1e@(BpyDF7^GWOT_<D_6QWLRd4=JkYoha2Jtam?BbYHWR139}CE5Dt2!
zqzHI4kj_Zia4#?JsBE%kxs=!;_TgecboKRF;_<<tUbfW8wTYTS;e#Am$`|58OJRj-
z?f18)-ZNdDy7EAm3BiHrUhTo!CghmGuJs%KLgOcjkhED}JiPvRp(8|S1K`}V4WgQe
zDP>JOe4>E;v(dn}2yz4-@;A6Ib$Bu$IP^HmJ5a%{YUp@ljn<xkFkE~DT+=((Khh_?
zDkMe8Z6ego6r0~gKg$vY6ExS-%XKKQ|7QFetyS=feUH`<ZLid-geb*E1GqDDHdaMr
zuCxj$|LQg2J2Z~jT{xd$)=XW0j`6qBrPKo#2c~YFgLt&T@eH8TW%v+{O9amctNDp3
z1CiOr$F77q9N!adYVN1=J(rA-$nk;`om2cy`V2cJ-+kjc-fiF(3i?vd-|W)CuHWIX
zROtw-U?n>&^`eH&Re662pfqa4C!XTMG(})QTGjTx9STo&kPM$ygukD8fx7yt={rOj
z7}XG|KkyqPzHqe!_ttqYi1~52*Z$+?hbXjx;+c~rQSj@o@x~h&n)^z>!&QjSne|eR
z!04u$wUuVjs`px@JVev|=suy167>wna3I*_6Hp2Bb~q6tsG>hzQI}fi^DF^dBN&9b
z5=V#qGSK>Cyg(LRYjOosLsBrh&m1Qle))n*7?Z$QL5E*VNJvUZmfQ&jhP&xTW5Rv?
zLCl6F57}DsXaI!~YE<sKpnN2iTDbd1$MA{Rx=03k=lzP}q`D!+*rEg<$~D>^vSN4y
z2_^j>W}v^nqLKhBJ1NX5?k!YbxuUw%<Eq;1(#!o%GHINn7+2r?fUZspf`^9$!H29H
z9ElfO66H_8#EEW{Il`R71Yo43N^x@eqIja6kQ!dW7r~7nLe6=wDT!=_v)K-W1qD1@
zO5BK2{@u+GxD<O3P2J}bkRr85OSsC(cIXENH2#SClzJ?hM?5(G^49B%li*6d9GUSi
z;P%_3pQ4m!p1?UYbTl~p7;Y$I#M(B3$RI$_qO_UT8rfhsh=Yxd*{ZjHIt;T7jbt#P
z1CziFk1ppu*~<1>hHcZRXlD3<dgnLJkYyNtJ+Vv&P7jrEP48IuVlm}B=((kY+rD`r
zY!Cslcrba-^v#x4jlfMM0w?c&A?HH235p!!Z?ia7;h4)vpYKT)ot<mCtZG-eszbhp
z;j^T$8A{|Cz|AJO4AF0o88cHE{@ANnq)H=F_SpWMMhgkRRv<iYa)}Wx+kuZjEd|Bw
zvEZ$hC|YN8?${NK92Bv1b>a~EEUINk67Asj&@@*XqH{_N=XzrF=#ld1GYUV?Um$g=
z{()w0n$m)c;Dbf+opePVg&wN@nywF{Cju~$o!DRAy!+_i5kGfkZN#$f17L?;f#B3&
zEeNwG`=k9Bb>kXmiW}ZVhxqA8XCrVhY`RP-uf>06)C_pBpGS=n-k(^~P)Y4EQpp-v
z!AwLh$A(97bbTPiDq)>na*DWVjGRQ}7#p3gapq@DM;mtrp-BUrvvy<a9)diXb%EUy
z%%ScjvKnF0t8+_PwqLuziiZT*r&7vzuS>!{hL2FQ)>KZE!hzgrnUld8jB(AfeuQYR
z`TnK3{uSF{nE@EB$dQs9lsAg*2|4t|UCXC1SX6wl@%2a+vG5hS%C>B8l@>+zQT)Bj
z?&Pk~ax}mj-kG0<7YZ%q_NMP8IA(TZMh8dZ7cY-kdtx?A;SNTMaC<l|I;(3VKnh_c
z@4Hq)5nwo<$_FFCh$u^S6bZq|?=g&)zIR#f%3C~Km#fOUnPBo{Afw~ywF31e$qsNg
z_XsZ2Yn9`yPR~DC#pU9oJqf=EjOvthg2R?mgvDgDbmHa6%DNN~Z_!^KX9$nN@;4M=
z``}9MEG-$1>l{sqK2roRN}{JgfShB*3L+?Xw5x4CWVX&-8p~FkQg<lm)?9ZWYZIJ7
z@h9+^M9Ko;R+5zJpS~UgCRCAax^!U5;~Lg41-Ls1HHMWu4Ew}VV6}X+mEySw0RMz>
zL&d+%b?uFL`<ZQlyUr%B@*j;)dXkGdyTN{v?Fmd3NOOc-03Hf1JeXbA@2Ui&`U;y~
zk=00yqB29AC8YI{l}_;oBV7n~<(*T5^mKd4BFiz0yVPuZ+aOWTz5H#Fnd0%7n!i3%
zp5Sh)#Mx+k1Bt|N&|dqeYlYAZln#)K;y-#M_$j4l-mh*Yv6ndE#%!$VjPh-+qq3#t
z+AbNb@qwVN1jY%K!oHrk@!ncG>_}wj@AE50CI^B`?cH|eiu>KoT{zS3b?eyUgK2x^
zS_|qQ(bQoR2^)!GOO0JfJAK~KpS$yO>yg6&L|LJ+(FrOfd3}ygIQm=?xHc4g>tKI+
z((k9FGmI8jiHFdg?dK_g$xhR*Ag7k^6;bMjPWFb;6l238BigS)?GQ@ts5%&t&@0n$
z2ymdIN_I!+1WX(}7j>o?6_}JAmES|lr@_e3Zq@oQXNnG&b6y*(S&{E*OWLefE^>Ta
zzExShlZ2+{c!!fVj5CWCGLCN-|IuP~vL6yKT}i!yA1Rp!7lY=zGzlLR6tWm!I$<tQ
zZx5Qp<{5jkC3~=mxFm;m@efv?h=h>+9PGJodPitX6E)2k<{&5G%%O0~g<qADzQMR}
zm&hZ6{yfG1U@$|;GyG6g;aOW&x86Gy#jWs1tBS*C!iB7&vzfoW!C1G?7@or@Nl*N|
zV_I`g`IA9>L%tCF&zbZibk2vXzlf_p{?hpqu3+O1lXLB9!1cemuF#M6%<e3puNx<_
zSCe0BjX>wzLN~F3iev%%m?^3nS`r8%p)4--ctU|*c!bd<$Nt@1O8%bo&~K1KW4V&q
zF?d3=pmwaX>XL>3iFqxsDa(fZVVNKi5vzmqxC?0Uk7*Wz5~-%#CbA<;Xu<iFjnndc
zZi8#P4IBFP#QCI+3Pwz)ij}8Rmts+|?~zgK8c>T>jXE4@QN*gCbK11ttE)JXb41Zx
z7yr(AuuGNsJX$pt7qdJtYeuI^XNQ%W;4!3Ill~geb1f2Cgmk%(DJUpx5M86xNODU+
zR_`2@y)Q&N9*+}e#YM0na6W#IF9I27f99A_2x(y>-URZp1<@PHqsYhr0rS?Flc>W3
z_=&NTv8Hh~zsPmr>yBeF_uU458J-#GEvd~SJLX#+)I0lY()4pWcRD_)WrTZ2M+Q9$
z8XN$MwQA&~p8Es&Toa;z+)8{K1SuB7pF}|CzlHN!@<6oi)bJ`hpN%f|$Gbnj_onTl
zq@6V=;6hue=T6snexwWT!@qjYk{<B0u~a;qWrWeW<7X)*g;UsOI(n@9=$%=Lr0xy*
z^fQH;i|Vx^jMB|ckDX5w-cP$0MRsOiH7<pcag&F~7%jZV)5QCYvqG*G_oHkI|C0{G
zN*ab}B1$Am^l<W?>%u)h(JeLus})7(@{x(lO7S5LD|A%J$m3c3!2RoV-!i5oLnuG$
zRl0;ls_<kQ-_pzN({`H1&9`npU=7UdHhkwmE_;y@d#=j5+qzjdsPS%De1YtuoP4rO
zJAaR2XfSAb{Mk2gIMP1H<kl3w=hNV~h8^ghhm<>vyogUz3=fDNc90Dctvr_sV?k@#
zAl^^$;|nz4ZbiAn;V7Z$gECuVE${xBGIFDQIPrM7s{l4aY@8B_@5|v>q-cOfaFThZ
z?oq)4QzC+b7mWP3%8c`dJyiSZ@6qFgB=41j%)|M0eFawEL5`*oJFKaHg4Zm|gUWv!
z_+V-3)7_g8p_37I?z_HKt(S-QyyNU8ZgbW|_iZgKn$BAD*!bMI!noIHvBDL76ZwLG
zPCid%Q$uux5hTE(=}hqA7)WJ@Sfhyg$)iYdBgxm&(ERi#qRP$5sZkEmMM>SUg^Py{
zxg0PaF}Y;M>q4Y#c^Y)`SP!Yht{#j_?1r_n54VlCKFg4R&tNnIZXeYiZQM(;-Y&;*
zEunz<dCC<f=3YB9=WFj!Lj@A)v;|)FEE7N1Hv;ES0Vo5M>Xjmmuohp|BQsJ#{QHP;
zxZGbzTqO*b6E-mxGN$quL+0w-laM0B?-9&5CeBdqFFSScI3$I^b<l>wi?}OS;K7wE
zgs}|!kM`pj_T{(_5lhs|ktc$P{lk4<Tu0EKKnc5Z{W5EcHZRSat<mV1HX6d!;rpEt
z!wu?;6<NIb%@+u4my9z`%+L1?wlHhDA}t&dl#MxT@04{ZNNoHBkJZk9`x%C*{Sj83
zGbIM+1AgX%uEiGklsfjlH9?U+j#gH7A2+__MaxhohAGszdlcgqA4@l|?`LRB5l}^|
zFR5oMe4Rg=z$ko~{M5;mcP%#)XEORTGHKkxAAJXh-(NX-W?0z%di%eSG=j=S^Gd|w
zUu+RrS;Yo>(>VS@ctUt96LvW!U&s!nq*ccuo!OuwF8WK=TtCuzUjF-#=*_c)jqFWz
z;TqQGiD`cq4_NG7kZ&MIstb^8IRNE`1#8A#kh~ahZiR;2tdI{e0S9ubt4HIw8(MIU
zGTBcL*6YwQo7C2$<az2XrN8f4xQyyTf>$;?y}iHkwrretlLvRC&a7X2yZ%~et<FlC
zW5@VugBi=Mt|%kugO77|5)0XwBoQnlxY|m$b4G%aRvm6F<tYSd0?!yE@4$8zs6=d2
z?0B44K;R{m2N9&~T^Fu;O2E0N;=Dp-)76QDxg*o{o1HgI{Fj`gZ9HMe3<^mBXP{1#
zyExYImQ{3#8s0JIYrU0u`rc_s{le+6)%xcA&6W2~Lc8rwXAIIKMg6*bE<-C50#z)#
zfy?wf9gYkMwlnC6(JRuSaz|RQj$bpFtob0>){OZN^VJ(Ffj?|OQ`tfwbBA2yg}e`Y
zOWJiYQ1aD*%p~V>>9|vUbo0?8V)d`eYvv4XFr>Q#T#DIlWEx~?rXTBR(aBHy6^{An
z>6t~CJ`v|(+YqY@5@r6@DJtc3n{|y%x0CL3ra-3Z`)a3Fa;*Bf$A`S#3yU}XvIB^U
z3*@17nSR>!301mV1Y(BD+1$=~&AxPi0PxP{CN%t|{gCzgo(Nv5w9x_U7cg~c8qp3J
zE5Q(`yI;Y9d?BuNU~c!;A?1*((-`&SFCFK*o1pTMc`a|QB<x6E_Tf`Mo%wSrO)Z&?
z7>4hiu1|6vGMUNEf3E25=_LF5i_HE0!jgU{08@$u3b?_sRzol|aS2*_aVQ-@7GUio
z;-l#F<H2k8;4fo%F<`hA&+~AdYhZO$Y3<g_r1%9Ts%exEf%s3!L-x<@(GKtlWt8G)
zB*AM{z&Z>ArOb{(!Wd{#2J#Z)?1$p{Ux7f^CPsxv4b32&cc(fNIBKQTqTr$cYe^0S
zNy$4Bi{O4brkAfc4`s;T>4_qb5;w{Kt{{+>NgBkq*9WE?iMYe-@pplf(NhgXd-~~G
zkz^T!9d?;b(uwKYoW&|T;K7?j$NEng7jCr&ois&bjzZQxn%vok_uOFS;aRVc=cJOv
ztFl&mY#;XJjml0%Ef&oQjOQ1cN5A5Cw{xsNr|~cxCbnT_K~91tCE^A_lGP&Ggiey~
z4a5ZA-<}!2_Y3XNOZ;*QnnLySGvKDOAxDJa2D4Y2{lh^g&uarRb^*(>rL{g@AS~l1
zBexK`+{2`MX*R$FO7)*(cgx9@f7k@u2Q+tFW7H(+vo$4P#A~n~Et?;#v!WidAvh%7
zZ|`25h0-BpD;)b1M4w)}AqL=;{M<M;7VYPf?#~pEIeUM_=}N@GASC;yt?PVC<45+B
z;vw!*VmkJ)_Wf}!w$G&zKr6-XZObsB%YF!ZAs}3wg!C0&bn8^R4Y;5S@mSQ&UnhHe
zthLwKY>e7!SjLrs37VC3x?F56Ljp`m{S@rQY5FL4DJla`EmPS>uO2+Oy<tkF3p<4t
z38Up-Qk-&b6Wjpk+nDj)Oa?4~KS@nLRz)0Z{_&P0RTZ#}oqf0xKJm(?eU?>)wyo?0
zsuaAPoo}Ud;{2}yb(6M6SXK^z`R4lRb*^Zg#2a>!;a`bJt84-2bp7PLvm&ijM~2%S
zr-Ak!MT@n#R9&xR+kv@gxI2<;1Yj~%7z==Fx9-vrQbj!5c$;iL6qICZ@5vA2KdYS+
zN~GaQb7a+~{B#N6wQa1O|J3owKaW8^_H9c2gX}~|#8ncH6JZCxFX|rgnJK`KmQX4L
zfK}E-b1gtKK&65w$XI0Cia8{XL#6_@*#tnnMMte6?k4E!IUerCNX$?Sp}S(%Bl!ng
zW|K{xmhS36WB3J?m{Iw5yE+mRdx8lo$L&cKCp?I$TR#T2BvGxa53p{)<T=kyvUe?x
z<6cl(1v0K=;1Tu2a-Tw5V@Y!1u!O_cBS9rO#mhx25Hri;A@x_kAdKf>H4XNeD$kn%
z)*yrpRC6z>lsEng6ti)XYJpIAc26~cJ0uH@zw<h<-i?lBrP^zuV>(kF0JOT;L!ia0
zl1{H|Ks*5vA0sEX9gOPy$s$rm(#?yncV_nD-!3<}>Tb8p*jLkQ?p$07^cUk$F2PTQ
z(M1*KT!FmX=!)R}pdm?rB3|JWRIsR>4w39zo3t>OCIA$#16E>mCh*m^I$S{RZ&-&C
z!D+{ee9RvAzlNWJo`Tkbe1cEdUmWcvKyem^BQ8+OGnV^V@CGns*#sCJ<Q&E^pm?*T
zJZ~@3D-nD&?@J$&o3iVCyLts)()WR|Y?2T^O7QjlsFZ%9w763+A|VsJaO1+q2ImF$
zz>@?*6+l=G0~N3b6g;c_p2r?MG8$ThV({A=uF2@b!ME-oXa}aQg8EfKWv9ubOOoaD
z-a{|an<T)#AS#~y#KdJpc=Fj_;SFbJ0);>Q-|QSn{0S>Q==|HM=!9K<(7S&1=vmfz
zI_5d!M-spH{S=)*e2|sfonwTY2Pbq4H;{_~ltwbGP6r8o)+xb$Q%!^Rhr7#1<2R`H
zF(8`*I0N6$_@db|pYRvMr%;=k5}rbbNv?g`g1{3T=1f$pOKGA$4oM*dX=i|HqD~M~
z2XHf>dYVr4JC9bqL+p`}<$=}35_^1kYiycWWX6%EK|rb#HnKPqX7KO1?NK#Y_uOM!
zc8QWl=NfqDl>a;kk)2I@MzQHs@GR+(pb7uXjX)sx(1<IJhBz$4MPTKV07J8Ne-fq=
zfXx-jyASfev%pLctq9#n-ZCN$_D2K=mQYY^c50uFr&k~AaN{=~|Km19<1<*()M6N`
zLm8vIO6(f+Yw$)aNRPl0$Xo>@hwExL)UPic1OGgTRvCM|`QgenGvw6KqY5V=M{jhx
zXiJy}p)VI)0d0a|Pv}9EQm2mvKrM&ICtl8gE&((B%5qLWP3G|L_X4h^1%Tb&^J6K^
z=Q&Wj%UBUQWqP}Gd#q6H_N1u;_}Ez-MxY|}{HJ>vc`kXRWeygAlPUwKp>}{W$7gTT
z;T#f&o@Z$)_JKEw>7%I`)KkZI0xkCNOs(U8d0k-jYsnIKNwQBD|CfOudt9!ceFva`
zdr(k;oEiSpv)S8zscjlg5#vxG(R8(SwiRj~2-IR&FhJDw9282Fudfa}c#^#YGhg6+
z&vO5!9YIMySCvBBvP2!D@(K6#wv5V8eRJLe&cgG}%}+nK4lMhD0(1m0?JEoL%`I@a
zKN!~2_IO%F{6r^=+N$H$f7D^)bQjaQl!xUXxhsi#xoX@ddC4XE@M*gn#R6?JA4jEB
z=MEi0o<$N`-b|pY`W`P!;<Vmq3zQ;JSLMX1p8;a`?o@^S;H`i646+4|s-=AcHKl9>
zVBKAsfRuA*^}E&sARq;TalhD(;X69pL$3f%I|eu7^RN2-U6JA8mX}+itrcrh{pJ4#
z27&JK@2@=qRqF^+mN)$qzc()QZFc>P|71*`W_f5s$37%W;;lEc0Z+~CZ%B{0LvM^k
zNeMT2Z^bn1z<>!z^$6rzrkzidK_-0|kCdQgjzW+>aizd}bG$<4idx1kzn>&+K(7e?
z)vtfp!Ki>i0<dx}FgU_!H6RYUHYwnN^RqTi=)2M1MT1se@-B9MfB0|45<SQH4O_R=
zCgWmFe~OUXG^U*3(=c)wRhsYsjct3vT6qHaG}jFZKnMw>Zub9a{@&CSD!#zL4gU!K
zBnzD4cesA#d=NjDtdP~3iog@GsOz1owzkxKLG*x!T7zAC5mJ=Zvw<%}+g1e~fz-U6
z2ERSh8h}Lly>_Cvf{p~FZ%S6W{Hx<_@dGIm=?X7`+#nYSIaP?R12_%OzK4aRTLVvk
zFs)s>j7`GoHL${`DmZ=53PQhYg@7ldtsd5~{qv*FaYA)@bXY^qvG?({r%;{?`HNeU
zy!IN4n*3RX|IGq;{BO)e(4N8)wE1H?!NwoK@|$j3RItVh8H195_cv`xGnw_3WCbp-
zeaBM_6YqRX*@$pQPU+tco&neY;3}xD{|)7s?UNp04vVwBMr>D57rzIp@pX;BA{%1Q
zG`b&5q$(Z%b+)I}r9t6N={VW18i1T^SP<I;io<gf2&41=&HvvAWdu0ONg$qVHBQUt
z+1I`MO6AAPjtNeo_%@5hS8N{|7R@+0Q$#_U#5=I>p?HLZwaUK_OVbXBSN;Dc0&Jf*
zrj?e>{QI~rDUY4+Z-Do}MeRw>kSXl0!HqYh0{@Rm1pLEso&w2=@mJYn+^s<LHUesb
zs;(^w*x66i!WupPT%Nq^(Xpxo2hJ1Kg2#U@*MZ5Sww_J(y>cw{X9i)Pbs?)8$P815
z@{b&W<%Y--m#ocV`>*(f0TMhSq^|!f%j^VuXZyft_buaN?u-)f!;^p{5j=c<h33|>
zKTA*s6zkkz8JN98<bE0K<gNwuy$*OlqazIpo9;!}E_91af@Je$A#9wt1ZcDg;xxk=
z%M+O-#lW~--Eq#XO$Ta__~Kx1%Kd*u-jLP^{MCKhAMEXCM;q>OuZezegYEhZ$21t|
z#8`qX^1&|P)C+UNZ0Eh^@1U;cj^)MU2Q~awmAO4s>y~xq4TwM@%x1wi3nr-9R(h5f
zE99fWzCi*>>fs0!`-Utr*rn=_c2C;&@$W`hRLBd7_t)@531(WIR|iu;l2=D;b8)gg
z75FHq3QhC~K$qR5yJ9}2_R?Yk2oTM=vVM2kEL(U%2{*<AB3v<OXxL|<m{aG$nu8^)
z1Rsb&*vfTOMgK?DZblAJa;J$O3rB(>U^6wJ<Dg<@OTZ+3&qMCv?smpl+D!uAoK7Gw
zbCc%%;xlm7FXssu@^lHV-TvRkx*#p{0%)R|rF0G}>Lz%$z>Ve3H&>9MqH`+^crw)4
z@j-4DB-)(2%*JeEBf-XHA|7)&Yj<Waf)0ttBo!hq)w@l5c?@D1)<1o3gR}z1Ea`{A
zzzJUl#295DXp2W|Or|E|7BI1p<tELsbL80%c7KOTG}sN#L6;T<iyL8rQvHA~OTK<1
zFKGQkl85dyLD8zG_TtfZ|9Ro8PjV;ss$fb)i?7m_-s?<o9cX_OcyveJ`EKh@nn>{_
zSnXG;qZy>5CI-{g`wOMn_htq)LkB;^pBwP-iLrl&Vm}~BVkV6y^DCo5)zGV@mLJVF
zM}Q@%y3uu}#=daX5X-t&r1%LO0^o!&{?<@Y91y}|tjN>+ab4}0%&7{*lIf&fXUY&8
zSB#qw4kw{uuyA9@qL|_e;hSmVC-RiHP&k<X2?nrRP)-2hIo7TAX+E)2E>6g^4qLhq
zj_<0vIN((DB;IERL0Fn|84qXdqdj*w)y_#)d+8Q{>MRoiM4<twKX0T(MV|Pa?k}wa
zDPaSw4-#eoHoOgcU8o;A`9~mEGSgaaF&(q(F-Uf4(&Tc#(M^g>15ICyMf;;hSs*7T
zL$-if5B2tm*Gv)5r97FQA#^6!baB*hOZ~yUN*aXF4L{Bc0-da+-}-Rv32HfwaGDGa
zI%oflNobe~WG`#T9!B+@0RzKz`bP5;kpFPY4`}c|TYohghBB56<Tkk{tF2qHo1(5`
z<%VqTST44HmOnjWC8ng<lTHvCa0jwRjqVE!AI0VsvZ5{!bo_eeAj*mnc)Mi5xS>~t
zHkmR!fv_Ggpq2g^Tn{+lH{3cri9nLQ@ElS!P^hv1%icQh^6H)kZ|h6l<_HDRe~w;}
z=UJfxo#Q~s=|OI`MZ}f07Y{<$J0(Eonf+z(21Fh-UG)pK5_6QY=WOA?W2FrMvfG`o
zYYQ&+6v{yf+C}lot0V;r?LdEV^JE(+zE{_NSa+Iu6$o244F`jnHGktQfT+?cc8iRM
z9DuV&KziJC{TJkX0Kz;+_a`XTxahD%Jpl7npNev_#<65)FJ=J?Y>RmH{`LL5M(0|;
zxr3WVFt|X%)!pL7apRbQ!EKRu7Y^WDOn;oL>PsG(O>K#``?wN*5WhtGiz}9)1W+r}
zu2(@|l2lF#?x=v6iDJTiI<tuweLh60?~x#k2Zl4me~=m*1YEG~hyoz-9+d7icOl|K
zSExACt0k(yszU&E+*L)>QN9hOt^6==yf;6qNR$C2s&glUDvDNWO(5*S!jLl1=pK5n
zrd&9c#2_GX(clX>C$fQG=JQ)f7nQ^I=o^RS9c&udcH&BGTTf1FoRl5FJUbMq*7YY#
z5#u9`5GEd_LN~)nv=fJxv2g;?>WytCjIRbYnN|FUROVZbks=S2v(<SIOIQdFyW@44
zc}2De87sVC7MV;2K~Jv0%F`p7Vu<n@+{zoS@X0$n&%=DeBh=8k?4AL>nF>2}jCK-0
z3#gVmzOEx;VaauM2v2KP=FgelBVktGv9ES&%~rO)Ux$HodwN~%Ho<B^B29jAR)xTF
zvsfp-p|qZB4;F(<`0&r;N{?SBVfYj%(Cx=>=1KcRo<Av-KW1)DNtJNpvnu~m{SM_C
zaZyut?|pPoa9J{kKuEMdaS-0`<VPw}TVztb9PEF93B^;EpJ7dpSKcS(54a{uL%L*e
zD%D32SCe<9?kUW&{QmfZVFop$aXzTlo<e!TFJ8yNCB_x)9^XKjX(}~~3K{#s;A9Mm
zM#r?iP5!;m(kx0}50Ulzachg*3=Wr`P2QmGi_I{dhzn<0i{tNxsEeU1K7kAJdo%P2
zc4%e-I$JD1T_a?)dz1)VBV0#d9%B}ej&wa5+|SDa<JNAftjvO&jmH8s=;16+7yA!%
zgim{`90Y^G8hRPR*26%Me(y>TuoUntti-8?f{`5NJaj8~TqF@VJanbUz}ENvB-|Rz
zv?~MGX(=TE??uY%fgYU!YWx~fQsztm&+0<)<wEe7En`w*bYVm}qZ;uVmLI!sN5|-R
zm5YrhL$13%DnYnlyQr<7Y%ueiP20wqi4Up#NyMJ<*dB;Nh~UdPK~91<ygm1>e*5x2
z{odV<kzcS3AZ><ov>0_18JW5d2BV5Ed{bd0xyId)3#CXriZq_i8q#kDH+3HYN_@7x
zwxgsUERIj?R#Vv`NUZ+s_fWn%xf%h9q@%`Lo%#t#l{}-*%U_wUgCg}DOr`$tXiOA5
zX@n3052z8|2$6Z-2erP5rNMThkOk-)->|yC_2Fa*JQGC<G+;m)qx+PY(P93di-D%6
zP|Rc52oA*|m)}6r)gyAMfCPkSH<LmMN%{xj)?p^wy^deijMDdVp62^btjA^}$87#e
zg@J`I3y3`zpsdlRi>dEGL*i<Y&L-%pgik~vajXM>xP`e?wiZv(u;fD_z5A}*n!$|)
z9<CWC9mLKt{w&V#T$e%Sn+Ov~oes|7$DE=&KY-qNR)uz==<(Rs3N{cm07g9CRGgKL
zK!N#C_0U9}s#*i))z<jS1S>H9FI7eO4lz3=Oo-J0(KN~&)<sqF_4MO1E50G{i@k2w
z%2oh?B>7i|4*3d~bMg9X%Y>^v=KWzM3U3vA7hy0_xBaXARnZ|oKM&M}tpWeASAHq_
zn0hN_?-kJfj6Wj>!Tmq#Jn@oNRltF)<mnswwG(Ft8>%@!AFz@rX0mc4rCQ@Tj<_o#
zz#jGYo@$8qjq{@EFuR;e5d%tYk&HeNsa*>}up!rxcaV<^-d_{ELuZLq#7Z#iXL?_a
zpev0(Hl8*f+{Y;-F6Lgjx+WW1ff}+>hGBc>?zN6E!H{mkcE=7gqC6RFQgn7@rA=;=
z{Y(PLi-5@Y+28N|W*Pbd(c$f)2#EkEqi*Z+Zc~YXeY*_(p+Cq%;MZt<%C<(QwhYAA
zHA5bpQ2}Vw;=Y~z+XI$3*)<MwgbgrD-)tWE9zM=|Q~S>Fa=Y7jQ6z>0A8#<xKG`R1
zDN2Q08qN(TfJ<OQ5)g2F^mVv|ky4jR@(kM805yY@{t>0(53ofGe4=6sM&b5jlke@l
z5nFhgmq1~6xBTh;TFj>%@W^Xmij#dSgtJspcz>X=T)&8I9+zdLDQWWj4&N*dSeCg(
zyC-xgeuV))T5jN*!?~Q^sUZ`B5`-7Uc)BB)5#hak=6wa4nzPJNOi_d|sR)^ihk2rW
z;xKB@b0`@p0)gl+(LnEVtUx-Wx$OA#Z%Qx*AISeV$D}y{dD#;UmQmV~;|oZyM+!d%
z!YF^}Ram~MzWSvrWnGp5m4>3I%m*O(<Rf{}(^Cq&&p4Z%q{VSvT&w!dIbudCmgT=w
z6#Kb;(@RZJE|7mIeuolz)<yy+o(JR4n&4B65ekSGh|6QX4%?K7&v@{Qv1vq3!8`l=
zVn<<e%dO!XXTr;^-+?5t311M-N%-y)OT^;ip$|CZ3p@l9VPu#GlMM_o4PrzdoX#i%
z+x6q|EbQ<gSL;`=EAPU)-#cE@Va{V=mAl7UHVuzq1mChjK48&~2;wIx=OQh}Y=KPi
zsYV@SF;~{Q-ju_0tNF=|U9kHcWEOMP0yR~F0MPSl33CfxN}|>sXdVI6L@y%!kq-js
z4$##5R^C_pavBCBlxLCA$V7z7ZfMn#0~^H!M;;j>1No1EFkFo;gzh#Tsqi5cvRs#0
zEk)nWs4ei>VRH~V-X!6WX*mA-lYmcelQ`oGW4mL^qkZKF^MBRiuF;lG@RxrXsL`zC
zp`0dIF;;o6DXZy23Cq*r)-C$pb=q~Z8k@R?2aC$SHdsIy#j2OWaAz=5FQ7>DxI!M!
zd4QOslXmZlb5Wk78YiRMLt(FkhcY~5dUNWShhm*MP0_)zcx$CQi}Q|?0#0ihb1K4L
zTN?|4f!0`0UPTH{jrTz7Yqj7Y4jW$G5#yPt7-Nn14qaKpjewTAS#8nBIV`;^8qAs$
z3~z0xs8)4?GhjRLQOS^upWn|3@d>*YhqkIYGQLk%=ePb;|7>*z&h^<!ysthTlrv$Z
zE3DHEqGe*~!rM7;gl9DxaToDV15v;mV7U+7OBkLzO~lYmbZYYnyLF{vuE1@EbmiG?
zXBE%J77%Tni2FAFx876^QSB-AyLop$X|qpi+m#RNy3+A_QM=$Ck|87=L#Wu3?P4|G
z{9qqT#>M*iih8Fs-qFz=y#3#rkIVD_!UbAk3y!dZ@yDmuro<VYe<UKkj|T5<A&(Ld
z+ju3eY3><MoECatXOFv*$DPn(h8xK;3eV#%t0+P)^Ar@y^`+h454K}3LOU205YRG|
zB6@IFmZ7k%!xTPEVbkr?Wb}oWThDil3!WE&Z}F3&fHc;Af>C>dF*hT0?s#}~lrd}D
zRm59l!D^y!^mwEeJ^ku?vf_A&7&a{aXqjmWKT$s-isyQ%<!Dw+mZ`)+Oe#Y^jqlP(
zKmL<9q@zqx<Z)G|dHm9&oJ4=@;k0;lZ%20-u}5at1?p%id2pR`k1N2u-dIf3r#P`f
zbw4&r${~V0ef0AHKa`oP{C>DXTL3-l#~Rhzb*8hz9Mc6XIb$V$=AmGI?5KEep<>{(
zU)bF5ScYPZyLa&}%0ru3P1;x)w>w~+@#BL0PQ#?fyfN#n!gfIF>lOW9UE+}*4YIqF
zp`sNj@txug4`*fa<P|61WpZ?yS)ZCvpbHxwCeY2YqW4=;DS{!5)mHLP9Mi)mSA4s&
zM$u}`2j(WbPPjeM4S`9DYC#dARk4P-OVoYewPq191k3CUIf1aiRA#QEN8YSztLipR
zPlP^Y(dd76)2h*<kD-)q+YhL9`=f{H3*Z(BJ+}IF-_3M^0R1E2<3Y}HF0bK`_OFsZ
zHK|wDI6d1I_RANHGXhNK;S|eb)u)&CMo}2PGJ~EN5Q*eF@pVZ(#Do_ws^nL7ICZ_2
z>)yT2X!qk{Ft%{mAery+R*s@pYY)POirQi`dr+I@)6alsEd?WhK=vXy4Yl*XvSSXR
zhfto>owI#;kjalR*;CO7bbLfUL`%v%#7vqhZe;w{$c${IN$X(1TP0Ava#cJE@fALu
zOB0Z6l3<d^hf_?^mo@&ljj>8v1Gk^bHD5a8sxu1@-5RSiWklG9@%ei)$H>M2<o4iD
zQq31FjHWR!+eW2^54WA3{TMqDOfU*>l$tGqnupR0o||xgo@041YAMkJ9qoZk`KT5{
zGfbzIa2>npge$d*xfSac?5%pIEoC)UMO$k_uC8#uC#;L0O|G{%2U!=ef|NcK|3SZk
z=NKlZA$n(w-T&OxNNS7CInXJuO9PFy-;h<KKkTU}{8Alals`yHX-;L8t>Sa16F>0n
zsLNKCgmG0W+0TGc`-EUb^p_PmmH@-Kl8=ZO_QzPCiIR?`Fs(QVQDLOCsj?`y>&y3W
zv$x~Z+LMh}hx#QiCqwzkd`$-$<PZDEV!H7C;8Lp|`JXi1^7UfNKU&o5v<w<rZpa;I
zlSNSFHRvW#Z#@$et?3S#B|tBdx@<9jL_`fPy*1LRDb6W*A5_hu`$Ad1E2XENgb2om
zQcfjn&Js>M(3D*yGd$<&XWU5%PRVGZ;9BkqKTM<8G>M*K%-?){%r~SK`ab-n?co!`
z-=xK4)nAI+YSc7$dwTv6H?3kk?M87^41cqoV#s%6{<v5cOmI5+M{B(?sJbgvs`J5+
z3i_P=&^x(ut`hHe%+Ii#V_ft>P059zt+!{`c`u^$w~3UD$tQSD&3%jtMF-niD26S9
zX;9<W>MzpfO0prcpu-hKF_1muMeuF3?XRAJx1b}Z`CK5qT$?V0)p~tZSJwck0EF7I
zK!yJ5<BXj;fkymh9YQsd1bKu=x)@MfT&{H&*ergVE_^2AoO<85C1yZjd0!Bh@M9q7
zX~JO)18yk=54j_`GlDCcfs}_-iBxj*08J`DD%LOUW0dng+ASC9Pe7--+?@FQEd>#}
zv+W_PVD-2l>U=-NC%LYO!0(tyelpGFg)$SWe0Y$+F+ogD=95J+Dchm)%^@;z7xPxR
z<v_Xz6P@P7QWjW?p{H8|Y@rBFg0fd~5%jEIR+P?6^GkHX#Opvrow_&WS%pAAu?+2^
z8l#;mi_4fdWphgMg;A5JTm{!qSl1JK90u(DQ~96ORweoci6#prkt~%%x-6^rcj(kG
z!7*ALHQZNc6ViJEtG@}X_8kqX&HL>^LqWb1oxug*g15A$*mkgoslubQ6)rAehgrUp
zyrMU)tS5L=A~qIv8PD|EQ56KH%Wo@-O45-=ciNr|YRVmlT$<j(#<rAfmuQ@&5EXx@
z<+DEYcOJ;xV4P(;q{{F34&!o_#%4WetJ>@3%0e0q^ztdp;&|piTC3MhKXxs*Qqy#L
z=o$VKpK^6TIf?@_IwihVtk9KzXv(*$)!|)efMoC_%?iwuAh9YZFDEU*r`;lG)=ozU
zj!JesJk48ac`35onITt_ydR=<xvCY?^G}G@7=3_oXkM`gJbWL0HX-u%H9MXnbwPgX
zLQ8k>!(V1n090&N#Zka(Ck&}Uy~}9s=Be^se}ZA6Z?kJbZg^0Ir$r5X+_}dT-2dqW
zfr3)!uJaDb%g4yA%zhHn*)5_5%=hb`fi`;RU4&yZtC8FR!ol28MpWa9njt7~|C_d3
za0)^K==0~LL=SE*rgkd#wLaP4dV%?oulLR`uiMObIkNkuPN!-3NsQRFRSMh<{$8@M
zPcKod#}fw8ipeLGB5YhQybB*cVcf44!w*-%`<EWA@d&q&(EISP-r*v}$^;<EGI$r$
z;^`@$b&s6^Ly0|?tXNw9CGY?)W!uK5r*Y@EwLQ660!<mcz^X7VjEAm?M>*eR_AYPF
zMcaecoFCWlCDW&#W<V2l+^f&3?b<=RnO1A&K|M&1n<EKeP^4Ef6^Qcwq<Uzr&^>A^
z3o^HCY^DSLGr*$bLvqQ#(j@a%&4s@LpbVTx^^oSw&@@<lKu%0nR47&7%-rzBzZ8oH
zyM)sqRckEs0In!m#O7pd8L4<*jQ)$6Ol|0Jpv3by?AsHnPo??csdSx_UxWQ2iCw`&
z#^-N(AHH;Z5!D%WyRbB~G{oDjzEH<oL*h=CHhO%X*yWsW4|;esZRz#dF?l9X`l}!j
z)>5B(c)Y*JAxJlD!3u81SpM~9ApryK++%B7`XrDK5b-zj8RfmG42Eq)tG-rA{2SJV
z6~ohGUS^s6o26tgvyf4r0&*2aTF=r1ga>N9?}@ma{mZ8;f&h*t=1NJoiQY%Xzf*2Q
z&w_vi72yV@keJJS#JNSB5rzgK=!s5SuiJk<pZAeT>jp&cpbB2X5D-UntOH0}3L4tL
zdP7R>5dfb?Kv2cu=$8lC+-vNdAR4EQ2PFRj2jTR&kC(d<NPenyiLck0XmFc+!i7)J
z5bp(J*WxEDBVW$7FTOHe)Z+F;Pr)HXuV_Ur(-$Fv(nt-c#gKD=c%IDs(0xTM-`?!9
zZ_}Up=JdiP>krC!O(~Lo#U!c)B6ZQ9V|wHiZ~5~vo7TjnYfDX&^~07s*;75LZpDxf
z_A_+{OtvG*>iWoHlSG#Shv+O>om8cq637QNa%Pl2+f#{9oUz+_uv47%J|hYYP_$uj
zDmHM$_en`?qGG1$Tauk+vKgFF{>^3C2ILh{cso%W=9b+8Hi54A2ZtDoHc9>l-62{L
zicwk-gdG%JUJnTulFASu)Y$&h4#1$NSU?s=lOUq*Uois!o(mP8bAH`>qEwnv!kID$
zX|Ql@p^!INYT?8O<q@iH6;Aaab^Rqu2}pmY1N=0}<9q=(_KJo@Kp^Tp5a`%;&ZwP1
zX%qS{Z@zLUHm4i|{0!r#F&Tj5?o9QW<3o{C>+=s6B*A~1<5j@^f`)(eW}9@~A23ur
z>s@C^cycgV>!{@iJm7>Pb0>P^c8<@@@janHU@);R9N<eKq`gbq?*Xw!hq^5jS_&{@
z7$G+zB@kR3A%uu<+3sQ<z@mf+w9CoN(jTAkJtOylvM=TJ1v4r4`2UpXq?2M@06ZuO
zWI$3N(m5&7;V*Uts9HLdx@f{8{Vzg2`7UiHrO*p0H=nCE<#~@@+~^FK7R7-)0xP}G
zTtIGxII!$!?ECy;b)*>Oa7iS@KluL7OPA`Ftrv@H7bg$~!A!npd-_fq5rm2v$)5uY
zejn4M894jK%PUD{IR>wav1Iep>-?<zhf}&9c0(7&T32t_6@*{@1ZfF~S%1{n!_2ZE
zpbsMg%K#BCAS$VYLwIxqBw}Bjy!+Gm;{m{hEvE@NH$klc*)|RCpFW04_cEgrtHx;b
z2-NMEK~I<zV5;;Lrt8WEh%kwUaXo|~?U2~l$^YT%y5p(t|2C&njtJ-2n`4)~_sFql
zL{?^^q7oIEC+mppku5D1A`&IZUKyoGvUkdg$mn^0>%M=_?|ELY`;YGX&N$!iXT0Cn
zb-l04+4&Ty!c>aGbzjRzaBx497W825PTSgqXpz6iUDtjvN|P&%J`2;mRlb`i?ZjUL
zK5z5MRqg!L`(j%e`X$kBKxNq&uB}oXP(5~YwfoT{$og1*8vGjUoz9&q*rC{$C*Q%n
z<kgA9(>UK%&P<94bLn|eI4I*@!_D40t;2>`9Fx06Z5K=3RV^nff|~;A>z7>cov;Nb
zSMrbkXOa#jT=ptBRL?7q%-*tnE*~-JsBnIBy;|292D!c!xfW9-k%u+MGTUn(k>{>`
zlhe%3zMNyhHHhW#7!kVBs8)Nk(wo^qO=^xT+@E;aWo3vhO0q@GTbRZF3RrCjj(DLa
zF1Fn69B9@Sq#hd7V($0=X-n*_YG3zK)QjiuAgV7gmwMXr8&Rwe#J?{^`0IcEDX0W9
zMLWB5@&+{!dr$uL)r3A3TqMLf>@7u~LL~cyk@|`H`)ex^lP2y%OQ7mwSGz5c1h2^f
z)kP|@xOYPdY-}dFb7I&Hm=TswhfEK%uLXoba$Psfp*5@$zkYGeVgburk6N-xa3c^>
zSn!Dz=;cS!Vmrv#SKbd8Zv1qnQMl^-H?|S0+Umbs*!i?^;j_8D)T7BaG|$sJ%kx$=
zfE$U-H}Jhe9KV?FTeqC=#)*&%#9^jb$nTT?1ml_SKVn>l;GA#lpC1e>?@)I6!=qu!
zPK8a=ugK@GJzxMK>!ob)|C?47<+OmjgZrCNJvK^+zySF;r<^T|_I9_kVYsC`2QsSn
z%NN~XKZbm&e;-yV@~{k#$lI0=hDG%`D0oYLs(68zhI5h2F90Qz_JznQVf3h8*M#G;
z_P=(HDp`}kF;_V<xCJ(Uf6Jw)w)&9yn)zMQVR=zf*nXo$HTgIJU7@qCF`4|zf-R>k
zTDqn(yNm_RjB|~z$;PxaU1t-xAvVY^jK^3orU{ztC%o{R$iMnFG^KHU<K@qq!2Gq+
zSz_Rl__^TGmmA6+zdt^|VQr|1GH$#rCS?EBfZra)J<KEZd9_Q80u2dQEoESO$6-@Q
zi7Psfs;zu#W9!x=a@U4GrX<!Fm#FE30rV9g$FA^w-{UCe)_r1WVdy!Y5TJb~k8_+k
zWu{5YQkxu3t7jHC#*%{OHy1_4g*Ye4Ab;dQdF3`AH4uI3njD6{VGy>_$rMb*EG~L~
z-~Ngro#cboE@y6aswyzqOBraQn(_6hLx9p<E06nVM|oU{2#k|z+4IWBq1IdB1>2E=
zn%imsx1K#&U)CEx-S0nJFjMI&YlOljhN1a+$SL(T;g6cnuop=eo_*M43jOrX6}Wn<
zxf*e!f<d%R0Wo;+@5ezhLVUhZFzLu3Kb2o|8-lTXZ0dpnq&S6deK^>E-O7e-1__Dx
zneLTcm8PZCF9<@P?z)8q6Ge+Ul$Zeu=P5<bWX%dTEwTL1Zrx?oFIdNv>AwS+9GfHP
z>ORU8-Y~pEbC%KS%EUr#z*@r}FQZ)%a!Q5>GHn0zk!z26KAydg<|iYsO2)Hl-DKG@
zLq#IL$kS5>b0Ci4{U(vscd)<kgU!JW1Q9h|H6`A$)h`%EgXsZ_`tH10#!H*dlrXfN
zrZWT!_|W##a4J{wFkgUIW0ykq?I&2MV4zO$Hj#OB-;3GcQP!i6$NoN`|2(TL!7+~h
zpaC<%k8nP<@z!M~%2`sLGI9nU#6Ftpw0&}oktXU4)&?xaY#?&SA29Xz9q)qpd5F^V
z1-qp-<#@>tEvahc`_FE~`JQM%Vxtw<x=)sPCZgE{CBX)7`O8ws^Kq(IM^U)8Lqq_N
z#i+T}Re{`<SCBtLLi6{^qAEur&RaxvrHS6;W#8j$9Zlkps8@5{LkI%A4URj_SB`!a
zFposv+J}T{9RA^uAz%)h()KGDxq&shiBE3tC0HorLlRW{m*MX1Fi33;W;QrXJL`}J
zMg<uWTx!>*Is|Vfg~6}X`~1S_MG%w92HidZOQnYQVwY5FL_DWT6wr0EErN&OZ)NF*
z(M%xbEIP?qQ6-;Fywta-=nJ^>zsu|I)4OX>&s%rqov6MeuynUlYN;$vWQh<hP_VSA
z5mTOd-q4IN^d(b7X5<1lx47x8wQKKGDf{)D;kR}Hy50rEyXz-sYEm)6=9VbiyIwF&
z&17TM%MVK=wti=8tr6Ceo#>rs)+j4eXNb%j2N;=>UEzH3CEN=M;smZ>H=b2Suy*g)
z*XGNGn&~PO&otB0(jS7~B^5+YnI2JDgOAfe2$RrP$>>0TcI8jRkyqWD12*(?*WIS~
zUi`gm=)uz<Jdz`R8!`Swf05?TYeXH2lj!_bB@>qSvZIfOvR^xlSC@4B1h$wW`2l~T
z4C?E^lZ4UdFm3NEFq-q>=8S$pIhw8rOae*XpZ52#8I^1eh?r;hbgKybyCMHsZ#+7v
zs9uW*+tgyNYjd~DfEF#h^*9%oSpQpS8EWuI@UYh9g6&Jhl$9M^`^ZA>^3RE(0xJno
zF1ae3OFm{S+W)vrwu@8xls>Xw*=#eT;gr!u0j*96{K^GZqe@}et@jXHPDW5UutZZ-
z$x1B2%dm?kYYfzj=U}~WocT`qz;WA$;>pL|8RK696?L_7`Ec>olj7<`;I5*;AdhJj
ztCpzAh#iDz5A6glHHV+KZ!9>RIFdm2wF<GmyA3vlX|oPAYL{rv(i{;umooUs6-q9v
zyQdEg?Fb}FlQSvW!%aU2aey64*|})`L`EW%a#0{sih`?6#G>N5R~@eHR{iMS#`Ah{
z7SY6hP`Jby$pr3y)bpPW`tP|mbv?}2-1pd_X}Jk-@Jo25IW6|#9c;sNoU>1q#_z2j
zv9~ST0<bM{&Mp;TWzwfq<bLY>F`RxjnXfrmYsM(%tA49}yA+OQDB?b4v7(2htkk!R
z3&NAKK{JUvuz(Kh<Uea|4Axo9k<b@6E~IH-UO0Ke7KIW@sm$iKNFYi)ITbnSFM_ru
zvO8C0wp;uVyrl&p#Fr@wFumfvSk)uslv6kA>xug&cPwXaXTk63it_~7Gom#`#pY!`
z6@p`Dk#)8dUHAZV+?xN-8O*Cm`yEV8zd0W^O*``tJ<&TN?>&Teyts7+Sp|AX5=?@3
z=2Z_SLuq#-xNpRqeBqt`=g>#~NYuqiMtsyaPxJfq90-asFd{X)WZ=Ya&WOHmn#&df
zo(U%+pD2qE4S6NK2Ft3eJHXBCaI?T}qUHx|!R`pS9=d>L$Z9t5oZ=!!|Hp!n4tG-+
z7Wja+ub~ljM7`yO#G^-&SHBO>3@@m`N<D(Lfp8ROfAwwQzn`*T_o=xHG!!@HHQy9l
z7cfCKjpWZZz63uSdp4f8+9-FyGI&N2U=Uf<b<Zvb4nQ0VpaS2dyXj;<94V*5$YOKW
zmqtf*k~@wwcWa5!d&a^Z{=Xmc7o{S_vk-O0fGco-(5#fSWqo*PD1>Y$h@h)AylVNI
z-~1RFA|!K>V8ZB4>*FO0#?P?MB#Fj#u-b9-E`5IE^}&AYHzO}1M=o`Wxqt<3$+?Jo
zaMYU!)*l!bt^RXUYmWhkM}^p%xm7D#-M@$1gqzCWjd&NdGeKiH6z`Ci_#<;hy%iKy
zkuaq&J7Rh$H4F_%LF+phpLnh|=LC<al(KefCVNF?KqvXqNfS09;x$UIky<5Dn=+p7
z9u7;9dB%}pC^^Qs=8h@I?x0o++z?Igvx5~BLB8)m1T;?s+@B*M2NvvYa2kN7n`Zx0
zJ4;yX7O*fu;V35VZ+&few1RgGZ}92j+smb*S9{K$g1LnDXSr-b<dj}UVHoOH)!#lp
zAKi!uh3mdXKr>rl<<&W4T^WV_^cczY?))@x+t<9pBj+U!glFu?0L<{Gds^_5chUZR
zU&>sxcbNmM;SyscpDA5&{rdBK=_4IC{$74mrPGklyYc?J*{`bGVRM=2TJNxngEmev
zzHT#bj);B~izpu(73x-QE?ly^AYgtG1?F_x)gZe<<u)Sw?-tq<@$T~W2NhoIf32J6
zFeyM|roZoQfPO(2nq}xSoDb3&XMNz8GQ#-HzY{?GD9*@<5$9gvJl#>$-%N%s9m%#}
zY=#@l>iAlfX~=iqd{|lDNt+qygIWbnuS3QmHc29)gbk{Y9d07MsUq*e<FoPG1bs*a
z^L!1Q|0SL_w~oB9Sbq1OLEQgYc2HXtV9^{CpE3GrSK7gcDTm7POxhz2E3Gl;b`QZi
zDL&|Q*#ebz)ET-D7jR7!FSQV1e8g>K5Z0W8R8E5fga2D9aPKWgBPHj5J!MX1KhJ-k
zG7-zC8v)itHK?nlXORajiz+Vo4OC^6L5iT<H{B=anV{&XC}Z3f{HY-ZTFh5}HVFfm
zGrw$pBvF#4>5cYmt(qQcyBpf2R5UO1HaPxC-LJEAqpw5f;C+1e{-8;zKemLnE_Gl<
zj8&ng+WZ;5CkQ83Ry}B~8DYAJ`3f9z5H#Ad|I$fYSh>oWoo^RHsVd#Ar|yeoKNTp@
ze4G9RsgV9XrT<o+e3XM}1Ah)72=HqJ&E4U4f#4*_;4JvL0h*@Le;!kq(m4=vUW2qj
z%X`&#xp76xu$)1q7XgxR>)fT1@iNpixuWNnGC|5r2{D-$+>gK!g!4R11mPMVWJ;--
zyn6c;wt+SOGW=U4csaJ~B-@qKh}xmV1nThyJ*sQQx1`+-jVf06bm`0s<WUy)PQC+g
z{Mk3h?d~m@S<yLjeFk$<C&s#kyXeD_WWFD5*4{K*9loc#eus^+H{?twypkf_pPk<;
ze9b%KYtQVLzKa-Wk0VF1!qa+`lOGgl-gdeICn_>r;f{3WO52Fcym+|KDdwAi)rT>v
zw{W0OmPzGNGLH%ioXC9rJ{$>K?1e(E!_WK)zc~?Y{lt+|BY&PleB!F*e(M-<gMxOn
zzaC7?|D1R!<NYaBjCkeK=?mZC1Jy-C-4t7x+VX~K0W68wz;|cqwEHWVgjj|T(Rwoq
zTeI^S4m~(u7ki6$p1z>OzNOH#tm|bKvtvL`!!}Q-)JP%j?oL@-7Ecz9vc2}YMh(6o
zD$+`TRk|mbL~ZCC1E&ApZ6mJ&2LevA36;gpM$@D?zPffV>0W?r5?N2AQ=Cb}%rvs)
zbj|E*Q1DVj=n8ye<{rKYV{n$o$5xGgNoMoO&8Wmde_#VO07D`MJ@a%Cnq(J{0$xbh
znOe_X3KHT8!m{n;$at7C)CR>ojgz15rHkqAqcaK&!U_{Ev!1oN76gM!QcoLqbB>re
zyoRE|KlojlNcg$-aMi8MoJmJ{Z9##fML!%=k9CH6<u{_FL$^Ae3NL_N%9Q*G7q>IE
z_cq+zF417kv&uNFG0pD+%QVK{sLAzU=O?nVW)0V7u6CTB*aaa3%PqGy2Lbev?3a_;
zAXu6Z^D}kUI}?&B1(#$Qgc#{qZ|WO*jbB)dzWUIKBU<F=fGV?0(X__*@qoLH=<%F>
zCkv+MiQIerLXXa!e(QTcZ}FjRPY$11-ovcfvy)mQo7y3R_Ma>CX@%u8R>#y=AAe;X
z3woQX+Q=cK@m=DrOn~~?zyoDBiw-`#e{<6~H|fNLuLV;q|4mL6`PJEx2(>MNP+yJK
z6yIT^kbWw6f!3P5?W_r3(Wc*U<qIN+gzFC1>~`@FnL>k1|8lrgAAvRBJ+Zaid3l*n
zCz`7a@!PASw`0)p$_quCku4c)6RTj3Mhgl?XL{eQ?P=M=Yy((54y<_1RC2Y=J5Ygg
z&|M|vNV&B%DV>)k6yAb1>X1i{k8al(h%*l^HtG+7p=hB$J}dmzHBfmKCXVUc${3>(
zujbjy(FhG;aH_qVvK&1(15;#35ziLQ<{KYy87znV2cgDj1PjwUif;ERp?PeQ`pv!7
zrpLyhHf7>>Yt^GCkMo;Z;SIuxEoZHq<wDa;upD+d)oG-$!FOOen<QN|wheycjnMo|
zDiH?GJji9*&-a*zkAEdRBZyEhq`nfv^5yyxxamG!pMGtYuP)VK5b{jmyTFCT2b1Kd
zkrTdpJc`}5ZdfK{XLB$!>?SlTpkAGnG%I}|?yrv2%y%9lhjXJA1t-JLPC^$?j_@Q{
zP{wb2xNd_ei=pOHPCR9v2*D#b#`7C!0hw4QeIZhyAzJ;%?ZE()f-+<BZLeBVE*Mvr
zi!XH2mm8sP5kf9TYs7dYuVD^HDD8B^T%}DYW*RO%F-N^%u$agjhmob25d4poSTr|5
zy$9XX0;=6Y8$OLZr98{LNEqPJZ5fWH?Qez=--T!S8(Oa<htsPJJ{N@e(`;r}q0g<3
zLT%YVPQgKE3*!;|z3D|VLsZ_EpfN7@NcY$SGn;sISB;)GAQfg%>dho9eFGmamanO=
z;@VR#LHar8i>pgq`A!=K?gaFXNFcOl_IK9$>H9W7AsX34Gw7`FEq@1r4qgB$J^qrE
zWM(p7Ycz1s7iqwchAo+mRCu-qIb}T+K&p^cZ=dhAiGpgS1mytM^YeI-+OD;Uj!vn<
zeZ=-ojcJ}1WP)sYB343|w<SZQRnIGCW@RGIUo(h@hR&0}Ftk>6t?;JJggfi8CMwAz
zc`GXTL%eTBi+POe2+CN0&@`z1Oj^#2ncHkPQm9JP4W7_>wi8|L4+&{^G!-GM!p+tp
z%DD;r?bH_^cr9Lk1O6(EPQBPx!dE(}n7KUV%V&R3ZL_NH)bFEhO2*<ajs(VyjM83`
z;!I@3<fg$Z-ng%Z7<AJ(<l8dsMkws%ff!9HbYTtz<FQv#W&zG9)aZ9frn5o3*cpzO
z-KmAAFMs0)#N&w#k?$k0xuS^?WKACGel=CHulYyc<qsO<()HbQ+*AvYZ>JSZjZ{2p
zv#K>>URWA%AL|mMKb3cPU-%lyIAm|DCp5l+zK*YI^XM#Q<NcfZ3hmud(9s{eW!a;u
zK$2OAX;LFSpJE-e<zERZJIuZ1tZ}(#N%hIPfd8^6BE3wQ9;0Zjru8w*u2;8l;lAR=
zmusv_@7G_SctwZPTp>qW)t6f%z|`R4{oIw5*@$!VwYNp%eSXu1EQilg?4<P3P2D8T
zOyBYVb78Gt>rX;ot=ByG9&kFK>hIh4zdh|Mx>akea20v=9a>=<My-;gJ@*$WS+w5f
z`J5G?JH&VC<2wS^R3r-@)`zbl98+)t<D+>uQP=@b&8pi$rHGHnuyw4%Dud!XXlFvF
z3~%T!r4H)sNi)X=tU95Y?m8ib6qI|hfl?|t+I%lMbTfLhFrJRUl1%#UOffApT2=0}
zK;ZgxfySpk$kglCW~&C5(~Fffk_AqHP&+1ZOmZ*y+c~FLe7rs$AC(b+@8sX%@!@oL
z0G;)*%7%S382LhrP1B=1bkqFO`mCUfjKd4$6;Ep@T5wTfjgPi*fIGy>)d&Xam{YzS
z#G7-P`n;-h$2UJb31L*<C{Kt40jB6LVv)eF&WjgU^%i+Pl5+Us6isDub(?ww#y9cR
zB}Z0ngYjT~%wn3L*Ur0)I)<+_>@M10@-KCW+{*|ayQ(bZFQ`8iThGV489-wS&U~Kq
zSNKE&Hb_y8J6$q8aXklm#HsyF>54dn4kq|d2Hc||kye`<WLkVXr2LcS2%0=XJ(AaP
z>Ksob#`$_guB>sasno3%V@-55`83P--L3|8Xv>u-CslTmjz6E`mH~T#@uJX$g`DwC
zzY%8@c~|D1{Z;SsglPjG>N$o5$j=)aENXgMa(O35kUg-B4E#i!DX;Hw;J2qtWdeW!
zA7`s(k-G*rrjpR}AWGdb>sCny6n^f2*G+$Ez2d+%cd&o;;&~qt>W5SA+bQ`wQ}O{T
z_zoj=iNzfw^t3$lhs}K}O})lZjPH6$L8}d>cnwF-03R{ND3XL@TmYre%F(W1{#DIh
z3wi9l*L&+vj#cC1=oo7~-PkF$vVW)_6O`!W|31w<t<VzfZ+Y`K%TSD_cG$}Ge9S(_
zz4nTJZnT*NQ{RKBeH8Kz3EmDpiF#<kn6FB@jyXcK)sjug8Nm_isIb?p>T$P@3ggly
z?rC6K<+{!<o9*Z?L_ZzR8ti^M7)GZz$6J7vaR^Vm*Il%)R1f2_FMtQFWOn$i3|G;t
z#_G7!+Xyo8leH9qO4d#jw#blu<Gl<=HXWwx^4Ox`Sf@eV3B?JP`!R<Mg7M!|gjLqt
zF8A|M=3}o6>$PgF=DhnP3Aqcxzs}g_AS1(W{5akOGQzSzk4IN=`tP#+#5m!mk5k;!
zzys~Aa18W*dUwI-<%DY8a*(+=Dp_CtThi-?&m+j|oUfjl_|)WtzVOyJhSMSc;vKJ5
z<98$WcqP@PoChZO;goYV2l7q+oYl!aLw>$;3edacpf|;*Prf<Mg$fPz6)_7)e`k#H
zts>OWkzt;^Yl@XkdOW%_qp(iHXYzf#Ip0$lD>O5N4c0PV#v2{qPYf@>cMwjIiXgEf
zf7dJS;L2(jm2@K&D^raB3+Ut~dI^OABs0fqrS2sR-f@%uSVx&zhb|A@LxHo6&q!W{
z(e36oj#=&bZq(lVSur;+3oIhJq?4)y^uY;ipkkC}<B1tFJci`(hI)lmHh%9n%%8-$
z^UAXRYID`WFhx=Garl?FGBLSK?B~{?Q!F!zdLUTL5^qFEUTx>rVAZvAYEY=|rPTUF
z-N?USto*gOqA-|X5<o+;#*g?jkqRxu8}gN!Pn^7L#gS)H)1@Tf+D38MHKIsKTRW!B
zg<ktCR%uGB|JLNXzyg|yAT-`4dC{Mzt$amDW6Pi`dUht={`?uqp@bgQbDK&1+;x^G
z2prBmi6{1EeqIRvYTu`;tXrMu(oC=nkPq4ZJlb+?tK&o+E*ixrx{|FgkYupn)t1OB
z)zG~b8#bk=e(VYLn(o;9H=69@0ZjwHaJ6OOp_R<lWAv9B>3j?8D{U9YG8+{ZooPgR
zWOFqKwbXhK%wcYa_?xa!MPZyu-<Z~Mtc(L#5ZAbThFg^n6P!o&eR_>2hD#`)IW;o4
zY;PqYlw++`H!86)ZA0tj%+>@O5D|&u<aK<kR!KqkA7sC*0T^JKr~W1R(!n@W8F#aK
zs~~9p4Jk=vOx{}5X@Z6NBr3dn?U>-Pd+*K}hRzNFYp<@`LzhX|@E@OTW^*CVY4Wc&
zbQ&oKtQL00N^3JfX2Hizoz78$Gd;00R!pLY`pNFEf!ADoCBu5MwAgE45v9}DoM?hq
ztCi(brPC*A5X2;wFt(0!H3`f?GmZEtz@>9au%9hLlSi>}B%KK6*y%B$*5#W;bd7=7
z;HhZLDSe5FOku`8=O*?>Z7d3u=Evrq3k)^KsvKn|C)}kaYEH$DTqKAE-AXZ>T6&+q
z=f@CXP<e3Ws4a;$D%s*dz(5+EFi9jxw+pX4cD<M2#XDFQPOBT`nGZwQ<)!0ouci`C
zmd$V<J6HHxau>dyVLuL^uFrXy%2Ju1u6$YZZo`dhB}c~DtN14<UGzN23geaU?d0z+
zdX#HV$mDMs7f1gJn%Q#3EP{bw>zoWeW0n{+W;Q|!&QofdfKe?@@4JWS1Uz^Tck}%i
zGjkl&3QiH4NLQZ8)J{Ccm83WGwBeVY#;;>RAD3fixv>U%`>!XGWT*SxH3s-DvRZT}
zIyMOzkH-%-s;}Pewh3VG?q}!RulhhWR`hygbtK~zi-DcHhopa|j@JTQ84#p<X28#X
zxzNaVSX)KQYfWKIuRY^R1ZTfmkMOr_kDRS`Rh3FxCXPnkJdr#XFTx<sWZFqPpZBsF
zHx~elXN5HNxbj)!Gz--bXm0|`!=f1$wq!lhYVrx^Suw3$@xAPLm3wyJ5p4BL);Wax
z_^^5Xv!S3(F*G35D2zd2o?qE5_)=H80=}CxN0cMyME?Mte46OA0yO8AP@cc*3WxBm
zW`u3JH3Q__f8z*6$5Gu{CH+|?trAh5(xUx;SOGHML6-DCxRrL8h_dk+pL#o=1!E%t
zbKrY2=Iz_<MC5w5uf6~rYJOFeaK1~)E&dKLRl-c<GuhI#ACT`6O}5r+E5T!{|3oqU
z+(XzFbow&|Pc;!}_uyYl*80k2xi`aBu?Gwav{1!A7Bk$!Z`A^7hOaO5EM^<+?HH?(
zwsV6I=8fqMu{BO*Tr&agfcx(kSMj;5pZv=J7Iz@-aZH__fX1ZJJAW3j#$Me&dN`EM
z?{zPrO^Z?Wru(35s@Ata$Rm_}0RQLPQ{9S(k^yyhE>a7ec`8P2-&eM46da=@xl^(G
zQLo(>*Tzgd_5IAr&(_nOb|nCfF5sQ*OJj|HwQ^2mtG^$fZOgm2n1CS0b{S-W88}-P
z+7V<i`Z#^~H6$2V`n2aE@;qpWFpr{8x~(}|hWx7_ut(dkE9Nr)^AIACRZWyIhELM_
z0!{Y-iPzkmV1CW=>*o@8>C5jgmK(YEB)f8yWcoLxJJpMj2|oJ)Pa{}3S%fi|{-gx^
zlY@(QJQ0l1AWSD2vL3iv;yLY&DGr{#ygS)`a3*d>KAw!e_RHz}KE<_$C|jI!+b94T
z+z7h|1NqDl>Ks>%-GoMy37VG5i!e_You?LfUXIxOcJ7TFLR<3Io9_Xi@Zznp&m&j`
z%j76Ow)g2quTwNGCQ(@M^=`bhw>Vpqd5jnH<NFsCFeq0ijz=Pp<2ohJ@c^PuF&ErI
z;}E`p0r)NsmF8$a^WdGM%9TYHB>Sh{)d2asENB49nIOFON&VF)Ypt=zJnTe>S?JBY
z)5K%SDU1*0=I{P~9?O5Pr&3Z0%$P;Wc3x2_Fx>But-OKZvB|vfYc2n`D$UQ`7KJ*j
z`uan&NX{#Rw{Hl~J^B~c{-6s?+6U`N`yHKB9O!!deVk40-`&YBHcjU-fcku;g^Mqt
z#nJxr<@Vis?n14bw%2N_w$G`|?9TTaoLiG9*@iT-A^ygIQE(*feQ5bW*c^d;5K_ZN
z_zYk^^_P(aNrs~C^oaZpbfDL6omkkXEMaoWR61wU5}4pjcnb0r2{=pt`hYpB>%5lp
z4U{q*cckm4W@^$aOYA6lG?@`>2qwIi0fTI@3VBjJaif~??OflTMx?h2S<4<heuQf`
zU2`0>^Zn}U*v7z5jnyFBiL7u62Z)YNCHnVrv_=ze9mst0^rZ!z(Q<C}0bO~#*QvQ>
z;Z<(&mLWhEa68fP0ir-`(u~FAZx7ElfTMfG2mP7bxX3^JIB)&%CF?~~-3^A;O9%;%
z1JDo{tCp%9jx~=f=(vK@t@6*6Du&gl$_G=jKZA$yVSIhv1IzoylmtD%cGzZbA!g#^
z1>rO|Vg=I*o&Eb@j=lj_tnIbIQTSCk=mFc+<zQ+n5>ScubvTwKNW6wY5c}SA?8A7?
zVv6I24;YF>h_dVmmuw<XpS=F33Cx9R@PZ<6^AiU@2a#v--<6cvB_oqPWI)h5{x1)x
zDTgyJuy!e_II{`!F)V?^N4>!((>2dyYJs>LM<5wc6&(ao%GolLr_n0_lQcqJcn&+a
zECGcp$|vLFw^=NPnRuV_yT6`nz&V?!hXOyB8<rOb&z^?V%K+K(La(9H!rHz}T`Y^d
zmkmN(-zi<kQ|j}mpr|V}z@~j7@k<NA#8!14?2F!Z^Z2HRp)G_Y0SsA&iUJ+AmW`a)
zK&>L#KRzWS*K6jYk5BSHv{_HP@eG*N*w5B?lQT2nqrVlbFQgI;>L09hX*{5k!A8~j
zl|PXl6_?6$-Oe|*IOo;_RwzOF;EV*Okn?%ixu$8ycSlh)E8e{I_z_b+U%5B<k2&)H
z4IdXgrBrNs{`Bi}>!ro!62@2xfy6*m<w<!eg+IGp^W}QrbH(+0_i#nAVcs?3((~LW
z3hwvF{!~&2H!GJ9kF08*TkeB*=uHVi1PC>#`j>(+&Qn$Dws%WnL^gu)U!1uqxFdF6
zs~lme9@klvUx5k@VS=E45rp4+3sXk10OP?Y{-brUUdWR@W8q9w^UsO71jh+GvL*ho
zvhawU8PlU`V3OD=h3T}x9pg2SWZ0P&*grq-^Y}*k>?s=ft~KCX{$8j|uKCJmR(fG(
z-_9h>A@op{H~STcuSS@$ySdM{J{+yrNj^)on2!c06mDdYs~1`@!>d+*cr73o==C&~
z8~)saTF&4wL(H&OzQypcxk#oYRnr7j{9Duh^mMRtj`1g0ZKpd2hW|egU66$4xbW@|
zLjNRW{qZ2xaRc@FSo9-eJ+k7&o)23bDqXmPJ{(mKG5{_hMmaw|adMJUpC_Ro-2^_>
z_7sv0^I_)N<ITsK-i(VS_QFo7)QreJZpN3LYEMRtZ5aQ#_mJHLaYK%SAW%$8=?$i2
z$RK;XSqG&3IN*$;rS$us4ucBjxb2zDYoLXT24&j4wA?LNVD9+(32H<}mT6eQ0xS3s
z3V7;-HM7j<vwv=t0zf5Q#_EYKaHfd=QPU{>rN-|ulcG)|e?=$Eq`|i64f7Y*57{5B
z708D~+xI6w+E(h_o}e!i%XmV=STyaHo1N_6?hV-b`NclE|ECY314#g*I>qSr$j=6t
zOty^7`}!1p!zAobLnxeh44)}WGBne$)xY<)8^K!s8{WXmdg+C|E!t*k5u~a#a0fmT
zZN0Q`b5hmUPRce*&U;AqwQvR6YXsLus_#fU(g-}EOve{5ShJ#-T9~SI0p$rW%=;bI
zQZ+L%Wo@if{LcWJHx{tIDs`~`aPe=qcqKtUka-+b8*ry&$ktpMc?C;v(8`A8Yv#FU
zkf^u}v_K@1gZX3eQ^lKyyu*zQ$?ux{lBb;JSF&C!xGzvni`rL-cF!*Y!vDCZ-8885
z+=8($lfl`830a~F5K3uXY=c$yo1+_ZL&^wKSd4bvWg<#Ix{6fR0tbjljm-C>5ov*-
zSsq6-cf(gc?k#-;+5Ng6)SaW`0+J7(G=HYmqxx5XrlV$)75)KMJKcd;$k!-22;`vA
zokDtyWYi}yr#e+?E>%ScioMfa+v(#9v{~Qxs7=|AOv?LVob_9^tEbzN$gB7yCO+Lb
z(jqwL^;<J9->cesiO}6G$op{<wi=YHIQ{mZm!j97myXB>eKeX~ZA+f%@P(Ces0aBY
z#Ct=gM;>eR{imT<v}2ai011{Z1^7q|Jq1P<EG!d-t|X3QpWX#m$1vcRp;BRgB1GFE
zVZ!0|1s&C%O!pc}5X-JuX~hhJl+n`TEtM_&d4o!U2!}Hb>ee+vJ|`_4FC7Y%IQhcw
zs~pDz2d{h}o>aSo?^T%#?t!+*GkdcA)nJ0A#48F%Gu0JB<!yN`QUJc~*|*0XK3)hT
zH|3b(K4G+)vKG@br56BSmk`S=QM#T>{_?9Uty9nuvHVNPujxM;*xtLc95^p?y<`}%
ziVGQ2oE4_3GZ^8JG2rn=sXD28R7zQH08g3yN2LH=SLBn>-LK!LQ(tBwVivP8z<n{`
zgyX+C5V||?OX5c{+D@O0ybolu^<}Fq)P469qn>Vj9gxTY0Q(pZ?_IF^p&JCf|9hw;
zY=$SOUHl<<EGi-7#~qjUWPz1T!ByqJjm0vE`D@*dd4VT5foM!Py*zSzFnoEE`?vp2
z4Tw4~LOxMzo4D(|)84d`Yt7{v)8m^ELlKi?;AIq5?+CNsQYgdzq#`MKH!9a}fFGS2
z1P-imb7is-h(6{u5AGG2ZbiOdzu;tv)Z-48oza<<*x*};Ilw22T?8p-Ok<K6ydqDP
z&u_;%o%U8Us=3e-b-*CsRAn(WnI*$c5NbI=4L#ngO?$JkL}?FZICSF&eV{^bdAhuX
zzzv1DBC56emdxt{1nzSdaU4q0G?P)h5~Cium#uRQ!<J__8ef*Lz|bzKH9)?|NIhXQ
z7&hWK{6>e6NaP>;*s+V7F&fLxBO_p%p$$0*jUZ;`WWJfD9(+x;btKvERDFgib~St#
zE_IH<=fNYj0pkdwyf}__%ga^U801q0D{5k!TGF+M1&9h^NEn!XKFi<Bfl^ID$V@~_
z6C|IV68%#)FAUq?Qt{~4ku8gY6aVx^63=QGviK7P$RnDO>H_dw?uezJSrw_QtAMpA
zJkpOCg`A59Ft}vni>Bc8GiP`K1|IqhLQ|b(?-Ak^#^crezJ3&2go4Heq;9l`9mOWp
zZ5&Qy<>bUGFu0FK4~aa;!9mDmm?DE>jMr)d=^~#-6C3_PT_xZ^2MA&f*m8Z_)W(A^
zyCgnCld%s^FLiAyNw3A_ElH+{i&J~B+uWl`8tY#85F`FwWpgZiG62n}jwMIj0t%}=
zxP-4W-oDYpkH3pK6(#IO;mT3o{fu<AN&R}FG<>_C!gScLJK^-Ibiv5Pa-2B+`!dxw
z!fVYjZ+(!HU}9h9eCf~azwqz@DyS@)`C^c^W@9=H1wlC|<`y1@t@2~y!LMk<_~XR5
z6wW);E`hT`LIB^yL!(tahZMS=LE6t#7x1NsfUPUx*BcswY(w_!zI<Ah#WEXp*Hq;K
z^>MUz-W`?i)ptI&T|yYRUKGmjU2lsg`@abIcSEF6vRMi$7-lU-6cqfLcgHRBf2GRu
zCyJ00$Wg0CPQNS|oJl-|39wa8giqrcuoWaOGz&grE0v&+<%`iAXGxNZplI0d5-WKm
z_i=|DMge`8@>t_#l5SKWZl0izGvJeGG7P5F(jnZ!a9vL(py|k)%@%pg(6o5kz78Xi
zS*#HZ19;U&2O*-m{Q?tl+hy!hdHmMfr|g9Z_=%fy{0;GLgy@)lL|W+rYWL5FN1S#1
z=%m_KXoKgp?e`0+&gUHcf$zm;)C%*Z_W(8{yhu7c!CYr9J|J{#u&MN2{*;y<`*_ce
zErC}%+<<h3AbdTksn*7(K37<XbKmAsR%(%%ikR6bPeJMwnnN9$%kMM8oG@Ov%Lm@`
zA5;Iy+k$<isy7(_qzv&Fn_O#>Qx(DlC?68${!BOF5F6YslRWj!jPkBlSdWbI$+<9T
z_kUHknhC;AY=4zo{!*vgatxq(9E;>W7HO_s#$$|V>%4Cm<DFC!NcuQDF+&ke>r0^b
ziI_VYCz;ALo<_|&;~yO3l1&gzj_}lyO>VpMV~JoaIPh_uKAUcoTCZ6mg0DfaCV#w~
zz?gDrvou0$zE)<F2USia<V{&+Ra0Q2dUXgXZAWai^1rr+6V#uTRAo=~$Vr}-5-xn;
zXW<hcx;(>8`4YbSl+zim_L_J3InjLUZ9V)e3LK@is~y7PH8g@4*TN!_$xZ_WdJZZs
z+}@<d9^cHd6vm$uDjM{rJMo^=9?8q$J=Fw$p`YU?R^xal#>2#R?yjM<;AdTaR&Ly}
z`~aP06y_1%jkOHGRPKIHKb}`8Dj<R0ls2vFU3E>l0yWejdSGTlYvVFOen*Z*`3hw!
z7&fhByxwu=IBWRh1|f9;!dq!!;|Fu#vi!2TKH=2(p0>qu^oX=>ao%pPJvt+Z3+8KB
ze>u7<uHH%*VJS68O~>%fw(Zl3)ij)OaBW5C^Vu9+yH2%qF=IB#aRiEHsT()K9xrVl
zdR?6m6r+o`jyZ+*B4MPTC+qXzsc(mq1T~`S8^XV`Trr-?ARP|nn+aWsbwXEN)Go$;
z(yrz0ucqyblyuvrC~P2byQ~5bC#&n^0ScNraDdT!(?TWLKs|#AUaSVc-oh~<?wQC-
zaWrHz(eZ=Q7t%ciw4JadKQhUiv!H?Vo@!rtVXdUgGeI99DVy<n%S$UFS)<P~ir><M
z5R^&L;ZyhlREsAWK2MpvqKk3&msvOQIB>Zm6&*F(u;20G&Nyu-%WvJ@)g8K(do(FZ
z9mB2WPSt|;>{yXH=-KXESdKW<b0GH{qF<^_7nau!$xMmkT$V#F<4U(7k29@?L+-am
ze`7CZXC4m1%{2qH5z6_R<?)}!&xLZ?;w{JHQK0Q2*R>jBwZfRC(3Ggi{lsKpo{xO$
zna^ViT)sO=Pklp_uRD{f+VU}6=?C{Wv7`2p8&AcmVhIjCy=F7+s}s@7DpQHtg$3gd
zt`x56E=45Xr~>@8ns}GnqM{LG6RHjOOPkF5&Xv{((j*8pv^khH(cv-W9cCR(p+VZ4
ziFEd)6A>J(*ho@2zf@~_O~!5&wf2naRx+I<$*k0!mv_d0g3nztf=Md&3rQ?$Pf(&R
zr}07)UNt%3o*zv;-Dr$!GPkNeb)-91I6|&LHpZ`^qze46V_Bt)<;!DSnlTpmw7Vbx
zP;?Am7ATCr#lH~e)GxGQ&eRy2Lh$3{a%j!5*)df9Fh{Bn*_2Yvy4{BH$;&=PlJ{Z}
z&!x`1pSQUfE^&o_%~B-cb`R+ULH$bOzLm4d&_2zP3f*p2y$!4su?GatYimaOCpfvR
zjR%fyJMI+p+#|9HkW=;>hB3=JwuAsoHE?Yt98TpgXj0eiZ0Mdx+#bFX=W^mF=X?(D
zB}3cd)7jK3CPE&*h;~>fjE0jb?9Tfe0gLy&pf^>pudC_G<+82InSb^dfzo7%;=N*U
z{J|eE(Jr4%+n@Dl$Fej2CBd;XiNs>bgqMrqPru{P303nuzIx&CDc?JF$Jpl6Y`!S5
zYL$HdH4ym!dX5_2F+=v6hc{MP8yYC$?)_<f@%1^<QCoj-SP(5qQ0bR%CjSfEeLf{c
z`{h5vGL+j~W-L;;L-Uj2FjMgNYxFmg+{?NDX?~qhs*CeppmIaW1-8^2A?mgq4)}YT
z+Stl|QYp7dKUac&ltK0_Jrw>kj}v<Chx-wJf`^-~;_~h}dvP;PWr}C2Ilfj0JIgB)
za$@<XAKA(3q7LDl6ZEStJ0GD!ehxLt>tzGVV{u>sZ-8{B#WbiztFDnYFSn+nr=e0f
zKfFgOd2m)RVt%4Ic2eH9(%rHOVB1fta##P)^WgD7vzSza_6HF;MT07?=~X-}lu65x
z5<$F3Gwt!wIztImprya!M-bVf&-<0bekVaB?}_p{^?P$Nfq97HW(JHz_(Miq0}KIP
z_cec9GPAC*gdS9mdKClq%-nnP`FkSBR>#1_?xqOV+>MBS);ntVU5FEq#*h&CqxPj0
zc0<JcNFiJHOq2KXFHF!T^;Krq+JPkPGRk+h`;eccK+MSKyHE~^-R#k?%GPWCwHG@>
zKU@m+4*7V>g8Mao_(JX;H*sj;QF-e-e?g?L29G!fFyAV>yc<1}ej#_}jw!o+=(Ce2
z)-s=(u30_+3myzo%TAtsMLn+u!77c=V=+f>ybH+(Xt_S518R=S&N_@y8#@ug+myPa
z+p|v&@xgL8D?p^8Q2x5WSS2E~CyqG5Ye{rM0rxd=^rbggB%jlmdj6==81<P>@q6{;
zL~XzQ`5J*?uud7jaio+)#qSM?&z~J;xj!LYmb`;+?hz_^z)|g!vc5t}H)T*FnXfy*
z*v;|*tEcuaP+$W9q(XYbURPAmD71kxG(8@DcVW&%A_tPzZ$le<8xTRU?osLmp#sg4
zd^4TAlMryX*ev(UBI(0pOGe``f$v+h2ZtFQ+Fw}vpgk*sMqgaN&}>ygW5q*+{^SoV
z81HQT)4h2Fe9R@GvGn}PBvahs-H{H98QGh`kQz5$T+w|n?%7|=2$2LU*8YU7JdyZ5
zyTio8LXuY&2U&bR!BUx&96j86dmGm#K!megqFch<tRIXTDGKj%@6PEp@<wyuR3dHp
z&j8qQtPF1ryhj-o5AsuXB|^819BvyEvpN_0gem(C!X(}zXPdD3SHct}<y1V`kx=Op
z1d%(~Kl~y7fRzflE~Du!NnXV7&IRTTT)@#drZIq4d9J{F=m=^ZCcZGx?_7<$Z>{pY
zc=trXX%ofhE$+a@av$4o99j1b;J{Kt`?tGWX(5}71BH1HTcVj{>{I;Fg7UaJdDVG7
z&kE@NFV>S&L_qK>o|;3k?Bmr__(x#1WafPP*#Gu~pwFp!j02Y84yMer5wXBk_rCe!
zO)T`&)<X4F=WB<b{(5juqw?BiPY^TXY+m@Can`>8E_in&-B<3s7!tNWP~uP{EiSoW
zSZ9wty%CF&lc_u{`p@jqU$OR75?NsGYQp|5hbB=cxyqAuU42=X=r(_b{{C5QrK8mG
zlo}2eHI$dw+Uwujujk!8P2mI1pjnP?Lf+qgT}^~G+M&}-eTu&TV_4sQ#;bhCARSN$
zN0GBpPPpBhH2aKm7iw2@!Aep4<O4NvkgcY|a07(KW?Ozm=Anvi)*}bYhB@IZqFa#y
zIcFw*maAy`p~n8R0gAJaQlW5B1O>6k3HdW|uxKU8XWGlGBLA`@AkdQWTN?SIlYGO{
z9aar3oVo!>LkCR6527!Zem;yNy!SX8|KE(&pS4d7td;kH%EHlxOG5z79)7_-Btd+{
zhoIZ_7yo&AAZDdSfRJL;Umz=N<0UA8tCK^d)P&Pv_R96ciNhZeW%^$N28PN0o$dH{
zDh%9oBV*`=UTkQmX;8dy@<J7Vk-jw5RxM^yt|k(-4&S2R@{x5syMj1f%s*pgdES75
ziy+c+*aP(q5mZc~Bq{+brGsBGG+q8k(z~+cj?}`Ik6gd49|aofq_al^>@~JO^|YA8
zSax)K!8?)0&J8?qss@Ajj^kO)P+y**Q-loRqww6dA)EVsTem8*jCf#5ZEGq885^;?
z{bS+CJDuc5Pr6|k!kP~fvrQPUJ?X>=i<8gP_r`YCdH*F@klikS`bo2^|J^iPktwQb
zdiBFg?V!$9Wd#ACmhAx*%O2{bqlDHsmR~L}?SvtZ1UgwKd6+^@LavY#=c!CS^aTD-
zuD$OPXnivrh)aOl)iEQ=S5#oZJn}uC)UFy<1C#UkeZZ@9O)W~K-5v)?G7XIMNEA_I
ziIKxHiAJW7essZ&+8X2Dqj*)IH@j1EKeFvaQN{SVgTu{_WJ=PIEO>2Xa{6?O9(W80
z)-$jVtpZVWa8bv{_(TEIgHnr%ABdnI5Pd^24H>wRJG7nQL_qKYF*BERJUQjvqsZXe
zu>vqg<xSh^g5y(IgM4U7PklA17qsrH%#M))FZ3-KtzU@$H%bmXX&WCoO#YQyOIOVU
zt$bPBxFznbBg&Qz!TX1!!NK>fCH$o*GAjC~-@`%7-Z<bOU`_+LH~6*5)B<ocEnK?L
z30%ZD-!eoUX^4Vk(6R>s|7N;#*})W=-X@?@K;)BMctC~8?)6zm%TCJ52tFz*QAgx7
z9SQ7ybJoQQKz6u~1{xe{Pr|P*M5N#jl2l#mlIcEqM98l*S+fJ}z%SxnaOl)5NB;pb
ztBEu6tlgJ1<eLx=@J4X!WKs}>j{b}G(_;a?{xD~vW(@Qh0zj079@(H}lP!AlHW}NF
z@!5zQ2BBw`r62E-ZJD#yj{vCHO`1cL4<PU(jmFOM>FL%&RBg^TFf&E)okQJ?XPH|3
z>DeQ%!j#q)tN#Odc~?*{3?A=m{w1(>aZbz}^$=Gec6D)3>VxXr;wva!^K-KneR>jr
zO(N>-t{_6MD#${|0h6cV{?!}p%6}Q2%3E<-;?}_HJ-H2adM%yJr(Hi`sIh9M9qwT>
zt1QwmGF8oU5&L*Bjer7#Fn4mwYVE@6gaeLzCg_sb^oJ^UGHneKlVCvFkmcIdQiC9y
ziqj^}o2Snhc1*B@2wmYHxYz^A*5@-x9Ql$iM}M$$8|_Z0y5on=r8g^egz?TAe$#UX
zeD@WR@l<=oX@)?cJbc=W=G6>BE*8o}1eP)8FBmywNb+g~iJC~ZhIl>9M8I4GNTnTY
zy*x+~yH}O*3pUbb;!bYro85acfe*iCU2c$DZfJS;)NskWeTlSV7BoRG*4_{Zn6xzg
zAN1!n?YEpGGXAkCnm2&Aevos?FzAVilzqjca6qAy>yNLFBdE0HPycp3eLAtp{dsfj
zsCAIcp0}<kc6b4-MnsCKvdA9da@q*8R##ThpTY3rbykRUg|$zDrjHQw77(qm+GCrM
z-yo<u2#P%FTH%X5`FlSeY;J@2k-1r-VFm#c2chz600HnmJgrn1i(oF4K`ubK(89X*
z-7(1fQCMF186Y+G{a+B)+eW<sO}qrUk_gc0R+;7_JtSmqek=n4A0c~lnQthlh1H{J
zZW)pBBK6o>z})TVqkyUJyL=Tut0)L7RhO<m(D8D)fok#<IB+JYDt0@#6&3{*e1{2I
z7YLso-`ieF7-$UB{{b3XuKiPmI<cr}-U+%SQhQJEcVDU1I43_0k}uQev9LaOCn0`^
zJ76jaDN9(&bp}H~u^xY9n0F3gq9sH3c37mQXF+3aClou?)D%PiT-V;?Z5E^V?f7M)
zureoiaY3}^bU*=p#Ea7y&Vfk<_gt`^MGBr9>u>hL`}uk(UghWi>VGg{mPZsn`641#
z{DrXY&U{yW3yfR||JsH@iTxcj0nQ)J<>e;?FS?CGtVF^Ub0=#1sNb_NM`xn}P>?-C
zyXq0bcEABp(k3*$V)_kg)BHadBY9mTa+{V@F6Y((M#k_t24y>nu<XRe5B&@n@N)Vw
zpE55QiHysc3VIw>YKYG8D}4CY1al;Uz5$Dk5+>;LB+@lvwBmWGv8So^bP{=*=(0$e
zKybCRNj0F#b?>f`_~J>ZaF=q7P6P*@g11SIq_Y^s{F65xTaL&OoX4q}HeoWE@lHtB
zA^sQ7K%d{NiWSLue1!KBR)a8sh}eb0lJ^%QB7#UsJS}e^MBnIz(%+8RL=x`*)OEoT
zKM}2TwALhZT^`J|6N7MCjR)Ri#F_-SpO!U+tP+;_OlzVuL}rv5=!vo1Bx&@y-+Q}v
zeq&yOAf31V(3`Hra}h&`_k|88C(6$-2Nc5P-?4dv<v<3tx{O|y($d6tU}H(f3lx1c
z+u-RrE2XiJ`yv<Y^%;6G9}zuO4$LJcQD{2{2$scoMAG1Pl;J*d%avAOvrgUb<TVvb
z;bK(D#l4c?vaqS&y8q}ckFYk8%T>@lwRq5|Z${<zlXE}<VQpKY{^5pO%7*7WxqCRg
z9-jEye+3<oY6wp<3c8XBSMmhb*^ilXI&Kl~=?cX%_HUmIZYnCe3YqUSbtc^Ng&8G&
zVhE1kv2J1}U9a5)2!(+peBIpEgq}XGSsT5K3v1)~Ry`SiOrOVw?xq2r8-1WKHe!rW
zEzqcfeMFKaw1U3{<Ju%gpL9ImGU+~VBAt7XC-2#qbYB0maAqvwSTN;y^yX1I-dp+@
zx`;#EVIW0*x+LHl8ze&I6cf@w_L21aLg@BqsYfL4otyQC*E4UwB&jdz$R;tn^O8i^
zk7Z*{Eb<&Yq!7V-G%X05agQ<tBdyF^7CtAJ<hhU|JtwR0HOA`MHEhtK)j!FOk_$Lb
zipM(uLOudNpqeHWn~5>pyvTK$U>m?i_mxDz;kO=W?4DWFFQ9pN!pkFGx`!$tc{6+V
zI!UD=L$!vf4<-`gF$+&dnQrTE4R6E#Q0n^hRCsV7tt#DC1IJ3&`k8Opy3u4kgCh3$
zj=yEhX3kW_&7Q)k?T0Ms=k6i$qJr?OF|sA$_#65~r+!)zvp7Ew&vY3DuHy63l4^&Y
zfciLAyW9}pd)NdiXc@?FV#S8_Dq}M)g&?a{>e4Ty(>=%(!T6hw4MT|*Mu{5Sdo9#T
z$G*eoL)-UhN;w3SvNG+RgiG<#bl&_SW{S8p?Jm3n9e-^iHK(#{5F&*JaFd(c|3@2d
znLf#TRcAR_nEQ5CYCc8)Ejo}yV!EViu$ktN&%vh=p^$VcLU6VwdJ=PCPxpra<tY7V
zvYTA!yEjCPo_;dz)(Y**F^XvZB!$Z--<M7W&6{oFH*p7YjFj2yetme-V$@C{pQ??{
zn*BDq_ifZQg1+yq`RCtzOTXjS?UYBEoN6S>`2r5KF@&Z}?%d=i=+jr_OkT@Nn^Nyy
znP@k=#d{h|G$({pYq*?nNhWz>CZz8cp>|pMKcN8nL_fBcwNyIg%eRda(?TJ$z27pb
zjD>1JwM4T5+Vk&*&Wa+~>SCP4FH*#*c!56QC^bQe--O2G@r>V_3BLymSV^y;!{@s}
zS9lYHin7AXvwUw~c50$Vk(yI&dMU=6qA452v0<30@y6)ZjBSG7&XkZwOy3s>!jT$=
zTlAPS-j786bV1aWY(-l(xi-c@9p?6vI0yPtbP2J-yxO5y0^#IJ%2ztku7P3+EF(X6
zl$I~8b}DuwRRJb4g_{D(d8K0#2orRs1S+K-Dg5=W=LCOz>RebDbEAKIwy=ym?&Mt#
z8)v??GvnH+iQ}&bAF<a#r%V1C?EE!Qsa&Dxk3At96(!n5tSwabQC$t}D=|;HEO)0R
zLRq7mTxGC2tIonwzTV~80d1EltrqWiDbnfaj=2i;c`9>~auUGCV#5J<=zd;##^mU)
zkI!9?=U|TfbbBviuPp1&#G2eG7gWA8r>Aj4I}N)#wH52MgZ~w|r0~VhGAM6M_ik#<
z<KcbmJJU7c`+FqT@?vt5e_pLy%T>I~vGUvL_qtR0`-qKZnI?0epeQ}Im|r{=7Z5B8
zk{$NlI^5t9|1W4|`8XMSq4`IlqV@Ans}s|@NzD(R92eE`@9V|Av9Z5T*q~D;#NxCp
zKVN>vsm(yAM(`?sW&AYJ<dRqbU%bDM2R17Tw}!#KBuOy|937LaW!m0+=RxEq&}*>9
z->@-4lcVUtNoI<}m0Buti9``0zQL<F-cWW3Ef&xxyO}{fuTzcRpi>Calrp0q52tmA
zHo=%)8(<mfxURA;)v`3Y`~9j^C<{HMPS}{xL|iSM-ZDRL$O<vS3B%K*qCT#T`*g4S
zR(9+rzee|33Za$!CvUB@g8%Xu%P|56-XBS%-}K^H#-24mXOa|rZOU)DJR3Y3ut^)(
zZFwNcxrtTY(gWk_&zI+N!`VaJ!`or(K;Y_xs_}fAK0!UmrkbRzeG6A|xAA)XK`)Q<
zg4*>fRKUYfOQTuYSub@CyEI+HG3uyJ%1kd)FMC~54>+(K9?H>p0XM-sZkC!;Bpa|w
zpI!4uL(O?`d2(yk!H&|tXte2h<*FR_A1zR&EiTs&IkBqI{wF40j#T9Ya~}RX|7)|t
zuyXt}$8iE#qwxddOdOvpNq;6~h~@ng-3XX~Sbr?sKks5@*>?9riP8*_%r$%K)uFc+
zy2DF`K<2c=O%52Y?7e;c-2(XsDH&48ID63|a}f{r4W)`f&vLp`A)`h{Bf;vt(f-4I
z+DvbG3!5%l;f)c%WwPu<^BMUMm<v&hINMW$MJPG;?zGe++6AnR#hN8|?LK4}0zTm!
z$M2FFgL?Mvoc-^^X=JE%;8<^}XbYQHJaPYP!+~0pXMJSgI){~b^<!CjC#8tX_ovOK
zAgf@u3dP|j9`&)E#K(ypqABb@h6NjIJCEN*8d)*^`k?hwyJ1YHr@ujka|Fv{qb)@L
z_0cVu)u$W%Gpo<E;ld^0yE}Ktb&zL`5?k8!;MB1{!fFjv*L!zIX{uo4rgf!rE>)L!
z9%pAb^P0KwQVC3i<50!qZ|s=juIr!sTFrkUG$b($wH|JKcn^cMwAOSl=cp64U5;k7
zWxYO?;n95JH4Re^85N=LH0QYa@{RtWfAP?>0`QyIl^@@DgA@;?XFCp8cFDN2Gg{Yx
zZZ{^)%HUZ^!%*+5oF^OG?2W>-1IGi^ray#Qi?mb$?5|7AijFEgg!4p`S1Iyc>sa{S
z{v%6wct!v|Y&@onB&@<;=BV#>rJyZoK2lbPXxDc3TxK8jH+Lr^Yra6JiW>k<X#|{#
z1<_~n6}5K;bQ-RlhsETL@~Zg(R_GTh>TQAR$cH;moV;qETZF~aFUBuwva_N2g4WY%
zB;RD3w?I=2F(zr?O84S!jB12A5h1q(y3e^~p;L?}9IzWupE`VcEQNStU<>GD)Glz|
zSfb}8PS64FkRQv>_~1q5anv)MGnbORPWgpbaPoH}Q%Agp&J#b8u|)tf<1hB<Fh_>&
z&4$u|Ku9d&8#3(;Z}?xR=J)}aoObVbOR06{P<y=bQ9dD+F*xSFX|}u=G9WY#GEo}Q
z4#WZg;QYs!^N{aXHTv<nE)~4o7P^AB$zc4^Yv<-4a1*_181~AX^$kJx1I+1ud-`@{
zcuju{DJlG6&h?z!&2JuxJscnA-#=&_f8Cw^kTH!y0Q%5HtDwo73hA#Ls9<emnS}*R
zB3fBLntzpd>OhLSbls9__A79<{+xTF?4VKOFqjUYH!O=KAb~-+l;H(P?gDQt?3-4i
zOiikXNRtL=r>$FXVupZ5ix2_C1pLN`_u6Z;T_)KZwkt0$9wMzCk3ju_?K=#Fav7ed
zpJ@}0lB^zZ)lOBFAg*Eup~Y?hP2kCY1#d)vf+R}kVa+k!k=;jG$p#|fz(kdAC8}0n
ze6V`4is8SXD)N9m!vGayCp#YVz@s~dmF2}BiJA@~$04dQBJ(Idn6iOQXmIz%=KR?z
zATtzqsFp1I8u=gLF`CJ?oH$)-C#w&H!YwG4SzszYd?0`b%ZeMtrx#BRUD$IsMGdP$
z0i35aIZ6ewUAv_ka4BVJJ?cK<;qpF{aW5X35&xg|&NZm%D-Gk2i3|xVF0jjeMWmn&
z*J^+ftSATq0tGREkV@!SBoPIIH+Bt>M(%aBQ)-cmfESt&3>1kVA~&JcQCwhC5bCf9
zf*?hU7j7!-bCQJ_+x@s7H=i<@$^1{wyyrb9&-=W;1AjW%Z}ipIikFxUshSL}3d3!-
z0YyM;@W}JSYs5hZ>J$yVO$7l!?;MU!YZ@+>%IMH-7!77FYlJ)t2k18Os2+qA{5)@s
zyEzRvACHG+=i(a!gL-|(#(o;Qddv%x=f@LTuJZN=X)nT&Wty89@&oYsX8kqXuQy7W
zJC@^*%#`>jF}Js_OZ_-dM?%tY7}d~fjIv)PEkRVEEUNxzIedKo8vDG<?vk?^i89~0
zd;7QO4Z!8g?z@CFvh@}fU>!YK<NVWf`&V?VMQ5t4X<<Gd(U$?B+v8=R&oqn%z3HT{
z>OIC#mVY|>*CS%r)$FCPyi=26@0(S&X7`S`>y4rPpB>gNaZHnWovP$RIfC9ycqgHo
zvR>3ZU+XjSs8G7g4reu@R4or@etOb`v~esC=kJ?F^N1yxI2a#3xMYq&{}YZ-;y*I*
z;Td0xj)ZBh!|TbZrPaB#P|sMYXUvxQTwRj{%UAFtC_C1f@_el152z1B2jLgHQ@nuX
zL*L551V_OX3EDzxefM^n!V|a!V#{<u5Z2pG9nVHt>BCkV-w<548A=4QpnE?BfPJv2
zM{J4Y_ClgrQgk>8S20kH5H)3C4~=aC{B67?t!xY@o^?4zuJm`t20wDz$UVbcMa%t`
zplh6K&wXgm-}&{{99mt6Uye?`kjmfIe2v}6LnO|HJt@1iLQDVTr$_tRSD5gFEsWO+
zf6(Ea`<s{BFZC0$Q#V?qcy`D-fJ(YMVPgi71<p`|nAh|!H5yZ-_LnvSGXjMmQ#$8l
zp%uraAb06;lF+xX<SAAO?)!E$%Nl-pFzWOKP2FoM!sU$GX>J}eud9$qew(4j%8Or#
zv50n3^sM|cU-lG=RK*KsHgxkJPn($mQPCxyxGDY|^JP06dizEkdUUHkYtMG?mv!li
zqbU`uk3+R#ZKMdkh0VL_#WXmJ><=XIj^DND&bq4i#3g}fKkVC>;`TIdj}EM-o=!i`
zfh*;Vvefrk`9Mo3+)GdaDn(niym0Ca1`|qwvBm@Dza8-l+`R|9Zx9{6KMn#+QA)o<
z`ED5|kzttg%^lK6jv|2A+creby+Un;(mM3(+oGfWKE?>CZJG|BNq}NdN<rj8*36$s
zsO0K$X0-bG)q{J+H>G@1j1rNc?D{{xilPIBGLy4m#__UH_rY0`;|Ci0{#;kvJ`|~Y
z+Yx{hb3fIptfR)>9g(_b%$_}c<dCm1GSS2Gwayw!aMyYY-~?K?GFHVY<a^Or@>rzg
zoZx1kB2oV7r=4^fGY2r6kBZ+yp*`61Za~3AdAe+>JX4DPzU0uUE1CI<ES|+6gLwbv
zBWTpH_G5@;y24lNClH5IG!@`~q+#<2wH5JQ24sb4dqTEo63w6#)y6poFKdL3mmcTY
zILzyPV-q(6k%0viVnD{~l}>D_NoK_esrmk?*S~|MoGw%EiaqIH4>FQ}E6d2B2`X?Y
z+U@UWNWOfk$bn1#?G$oG+jNBIp^0)T-Ct>=ToLJ#j%?P+l1#Du(8dvSSCb{$+~=lA
zdSxQM_-z<638u+JUD9ngH|pGEq;DI(n|o;dG?j6_8Nt#@OoQ1o!Po_Ts6;>e6=a~c
zgBKWg?7;_d)ZrA=ntP<5BrwkWhld;^i$wjrv53k+bidb!c}zU2-A7{<AX=gLOh*6f
zIdaC<IhxI<^-S%_&kNQQ)dSY<$g<l<5I=d^f4aw8!E0gItV|^CEs}(o)k==tm()Dh
zWYo!Wzu%ric6r|tlqRPx_Xq+be7oORcK#J2Cnz6UP*xHrjDkEZ0T#<<M1)$tzvLdD
z!*6}bb~WmAN?ACOF&o|16Ke_g9p3r$Hdvlnsh&Pd2yt)?m^6+ug#15x;{*2fYSVU>
zzzAmE6I7)Zd1CH`is}}tEc4(_X6tKu;r2p?g#&H|b4VE4?wT&G7&uZ}O>QIoi1-ry
zid^K?rgtUIIQ($i_i^<jb1S@5j%N;TJ&QsZwQmSNU>P_<4a=(nNG=Mo$_j9wA?P?1
z0S1m=ti$~9|1&?NnWIx0TDd$wq{+vwe(b`AvoS%K<efC)1x<)*C4fDqwGt(kr8apC
z#S7U`gw+BlVpg3=404@xso>3YLf@OseV1+V#do0AdDz=c_L9acQ8V_np_wbvS^bNR
zHM=NBbgFE7J+0mi-{0n6%zc)~uHKjBaf%<g(|Embl`d}W5^!3SetlC4#-?o(KME&-
zWTWjj@VJu|6ej1f!hrYd2wo^sM_SYfe0hGvxoNJWDyHi~LxDtq0j#8e1FXIH(rqz#
zSe$|mvm~o{6c5sX2x*g>y<q$FTM0EZtB&5q{a>rkV+Yrey*g}+1jr4v30wV#pptdB
zRefhVh9SC2f4h0}F_{+5p^fAmsxx@=-1Eqv`3DboyJ2)n$_{D08|%Be|JkGhgdI)<
zh17NHpdT;upsKugp<afv%t(DcGl23Mrw~FTD+Pt&_1-6U4r`(#%*C|B^Su)Tii_di
z=o7M~j!ph<uhhoR|L@<xiN-y30Oir8eN`31<G|sR-RffhW*6};Nh8Vs|Bp~@s+hC?
d<wOlGs&C0^H=*wyN>;<m$1`BN%$@VazX84So2LK(

literal 0
HcmV?d00001