From 12d467b9561405c54f2b8782e0f2f3631610d044 Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" Date: Wed, 10 Apr 2024 16:14:15 +0000 Subject: [PATCH] Deployed e20bfef to main with MkDocs 1.5.3 and mike 1.1.2 --- main/404.html | 78 +- .../index.html | 78 +- .../2023/11/23/bpfd-becomes-bpfman/index.html | 78 +- .../index.html | 78 +- .../index.html | 78 +- .../index.html | 78 +- .../index.html | 78 +- .../index.html | 78 +- .../index.html | 78 +- main/blog/archive/2023/index.html | 78 +- main/blog/archive/2024/index.html | 78 +- main/blog/category/2024/index.html | 78 +- .../category/community-meeting/index.html | 78 +- main/blog/index.html | 78 +- main/design/daemonless/index.html | 80 +- main/developer-guide/api-spec/index.html | 78 +- main/developer-guide/configuration/index.html | 144 +- main/developer-guide/debugging/index.html | 78 +- .../develop-operator/index.html | 535 +++-- main/developer-guide/documentation/index.html | 100 +- main/developer-guide/image-build/index.html | 78 +- .../linux-capabilities/index.html | 78 +- main/developer-guide/logging/index.html | 81 +- .../operator-quick-start/index.html | 147 +- main/developer-guide/release/index.html | 195 +- .../shipping-bytecode/index.html | 78 +- main/developer-guide/testing/index.html | 78 +- .../xdp-overview}/index.html | 1133 ++++------ .../building-bpfman/index.html | 198 +- main/getting-started/cli-guide/index.html | 983 +++++---- .../example-bpf-k8s/index.html | 655 +++--- .../example-bpf-local/index.html | 699 +++--- main/getting-started/example-bpf/index.html | 551 ++++- .../launching-bpfman/index.html | 1919 +++++++++++++++++ main/getting-started/overview/index.html | 1674 ++++++++++++++ .../running-release/index.html | 315 ++- main/getting-started/running-rpm/index.html | 174 +- .../troubleshooting/index.html | 80 +- main/governance/CODE_OF_CONDUCT/index.html | 78 +- main/governance/CONTRIBUTING/index.html | 133 +- main/governance/GOVERNANCE/index.html | 78 +- main/governance/MAINTAINERS/index.html | 78 +- main/governance/MEETINGS/index.html | 78 +- main/governance/REVIEWING/index.html | 78 +- main/governance/SECURITY/index.html | 78 +- main/img/bpfman-on-k8s.png | Bin 448013 -> 457253 bytes main/img/bpfman_container.png | Bin 0 -> 34089 bytes main/img/bpfman_library.png | Bin 0 -> 21913 bytes main/img/gocounter-on-host.png | Bin 73027 -> 86893 bytes main/img/gocounter-on-k8s.png | Bin 111137 -> 129043 bytes main/index.html | 88 +- main/search/search_index.json | 2 +- main/sitemap.xml.gz | Bin 127 -> 127 bytes 53 files changed, 8860 insertions(+), 3054 deletions(-) rename main/{getting-started/tutorial => developer-guide/xdp-overview}/index.html (57%) create mode 100644 main/getting-started/launching-bpfman/index.html create mode 100644 main/getting-started/overview/index.html create mode 100644 main/img/bpfman_container.png create mode 100644 main/img/bpfman_library.png diff --git a/main/404.html b/main/404.html index 6ef6a3e6f..f854cae2b 100644 --- a/main/404.html +++ b/main/404.html @@ -224,7 +224,7 @@
  • - + @@ -409,6 +409,8 @@ + + @@ -451,11 +453,11 @@
  • - + - Setup and Building + bpfman Overview @@ -471,11 +473,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -491,11 +493,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -511,11 +513,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -531,11 +533,11 @@
  • - + - CLI Guide + Setup and Building @@ -551,11 +553,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -571,11 +573,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -591,11 +593,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -665,6 +687,8 @@ + + @@ -981,6 +1005,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/index.html b/main/blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/index.html index b3ae37ceb..6df5606e5 100644 --- a/main/blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/index.html +++ b/main/blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/index.html @@ -231,7 +231,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2023/11/23/bpfd-becomes-bpfman/index.html b/main/blog/2023/11/23/bpfd-becomes-bpfman/index.html index 02a7f8269..db9985baf 100644 --- a/main/blog/2023/11/23/bpfd-becomes-bpfman/index.html +++ b/main/blog/2023/11/23/bpfd-becomes-bpfman/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2023/11/25/a-new-logo-using-generative-ai-of-course/index.html b/main/blog/2023/11/25/a-new-logo-using-generative-ai-of-course/index.html index bbbd8ffbf..f729bf8d9 100644 --- a/main/blog/2023/11/25/a-new-logo-using-generative-ai-of-course/index.html +++ b/main/blog/2023/11/25/a-new-logo-using-generative-ai-of-course/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2024/01/04/community-meeting-january-4-2024/index.html b/main/blog/2024/01/04/community-meeting-january-4-2024/index.html index eb0da8714..44afb6e24 100644 --- a/main/blog/2024/01/04/community-meeting-january-4-2024/index.html +++ b/main/blog/2024/01/04/community-meeting-january-4-2024/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/index.html b/main/blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/index.html index a109abead..b3488d3c1 100644 --- a/main/blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/index.html +++ b/main/blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2024/01/19/community-meeting-january-11-and-18-2024/index.html b/main/blog/2024/01/19/community-meeting-january-11-and-18-2024/index.html index 252dc5c2f..e4d127048 100644 --- a/main/blog/2024/01/19/community-meeting-january-11-and-18-2024/index.html +++ b/main/blog/2024/01/19/community-meeting-january-11-and-18-2024/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/index.html b/main/blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/index.html index e9ac18dd0..c4eb79172 100644 --- a/main/blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/index.html +++ b/main/blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/index.html @@ -233,7 +233,7 @@
  • - + @@ -422,6 +422,8 @@ + + @@ -464,11 +466,11 @@
  • - + - Setup and Building + bpfman Overview @@ -484,11 +486,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -504,11 +506,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -524,11 +526,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -544,11 +546,11 @@
  • - + - CLI Guide + Setup and Building @@ -564,11 +566,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -584,11 +586,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -604,11 +606,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -994,6 +1018,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/index.html b/main/blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/index.html index 6c99e1b5c..2886e5ecc 100644 --- a/main/blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/index.html +++ b/main/blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/index.html @@ -231,7 +231,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/archive/2023/index.html b/main/blog/archive/2023/index.html index f4e527d6f..857c0e039 100644 --- a/main/blog/archive/2023/index.html +++ b/main/blog/archive/2023/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/archive/2024/index.html b/main/blog/archive/2024/index.html index 0439b88e1..a88cdfca6 100644 --- a/main/blog/archive/2024/index.html +++ b/main/blog/archive/2024/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/category/2024/index.html b/main/blog/category/2024/index.html index a15621528..e21fe559a 100644 --- a/main/blog/category/2024/index.html +++ b/main/blog/category/2024/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/category/community-meeting/index.html b/main/blog/category/community-meeting/index.html index 27350a8ef..70d8ca7e5 100644 --- a/main/blog/category/community-meeting/index.html +++ b/main/blog/category/community-meeting/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/blog/index.html b/main/blog/index.html index aa551d0c5..f5bbfe3b2 100644 --- a/main/blog/index.html +++ b/main/blog/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/design/daemonless/index.html b/main/design/daemonless/index.html index b84b8787a..37454ea6d 100644 --- a/main/design/daemonless/index.html +++ b/main/design/daemonless/index.html @@ -9,7 +9,7 @@ - + @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -676,6 +698,8 @@ + + @@ -992,6 +1016,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/developer-guide/api-spec/index.html b/main/developer-guide/api-spec/index.html index a52d270b3..277c1bc4b 100644 --- a/main/developer-guide/api-spec/index.html +++ b/main/developer-guide/api-spec/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -1004,6 +1028,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/developer-guide/configuration/index.html b/main/developer-guide/configuration/index.html index 58c422029..ae1b6ee2d 100644 --- a/main/developer-guide/configuration/index.html +++ b/main/developer-guide/configuration/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -982,6 +1006,24 @@ +
    • + +
  • + + + Config Section: [signing] + + + +
    • + +
  • + + + Config Section: [database] + + +
    • @@ -1058,6 +1100,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + @@ -1582,6 +1644,24 @@ + + +
  • + + + Config Section: [signing] + + + +
    • + +
  • + + + Config Section: [database] + + +
    • @@ -1615,6 +1695,13 @@

    bpfman Configuration File

    [interfaces]
   [interface.eth0]
   xdp_mode = "hw" # Valid xdp modes are "hw", "skb" and "drv". Default: "skb".
+
+[signing]
+allow_unsigned = true
+
+[database]
+max_retries = 10
+millisec_delay = 1000

    Config Section: [interfaces]

    This section of the configuration file allows the XDP Mode for a given interface to be set. @@ -1632,6 +1719,29 @@

    Config Section: [interfaces]

    +

    Config Section: [signing]

    +

    This section of the configuration file allows control over whether OCI packaged eBPF +bytecode as container images are required to be signed via +cosign or not. +By default, unsigned images are allowed. +See eBPF Bytecode Image Specifications for more details on +building and shipping bytecode in a container image.

    +

    Valid fields:

    + +

    Config Section: [database]

    +

    bpfman uses an embedded database to store state and persistent data on disk which +can only be accessed synchronously by a single process at a time. +To avoid returning database lock errors and enhance the user experience, bpfman performs +retries when opening of the database. +The number of retries and the time between retries is configurable.

    +

    Valid fields:

    + diff --git a/main/developer-guide/debugging/index.html b/main/developer-guide/debugging/index.html index 62cacdb52..ff2e36109 100644 --- a/main/developer-guide/debugging/index.html +++ b/main/developer-guide/debugging/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -1004,6 +1028,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/developer-guide/develop-operator/index.html b/main/developer-guide/develop-operator/index.html index 7695686a9..c4b34391e 100644 --- a/main/developer-guide/develop-operator/index.html +++ b/main/developer-guide/develop-operator/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -837,34 +861,67 @@
  • - Building and deploying + Building and Deploying + + + + +
  • - + - Testing Locally + Running Locally in KIND
  • - + - Project Layout + Testing Locally @@ -1103,6 +1160,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + @@ -1622,34 +1699,67 @@
  • - Building and deploying + Building and Deploying + + + + +
  • - + - Testing Locally + Running Locally in KIND
  • - + - Project Layout + Testing Locally @@ -1706,8 +1816,8 @@

    High level design overview

    for BpfProgram and *Program Objects. The following diagram depicts how all these components work together to create a functioning operator.

    bpfman on K8s

    -

    Building and deploying

    -

    For building and deploying the bpfman-operator simply see the attached Make help +

    Building and Deploying

    +

    For building and deploying the bpfman-operator simply see the attached make help output.

    make help
 
@@ -1720,132 +1830,209 @@ 
    Building and deploying
    
 Local Dependencies
   kustomize        Download kustomize locally if necessary.
   controller-gen   Download controller-gen locally if necessary.
-  envtest          Download envtest-setup locally if necessary.
-  opm              Download opm locally if necessary.
-
-Development
-  manifests        Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
-  generate         Generate ALL auto-generated code.
-  generate-register  Generate register code see all `zz_generated.register.go` files.
-  generate-deepcopy  Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations see all `zz_generated.register.go` files.
-  generate-typed-clients  Generate typed client code
-  generate-typed-listers  Generate typed listers code
-  generate-typed-informers  Generate typed informers code
-  fmt              Run go fmt against code.
-  verify           Verify all the autogenerated code
-  test             Run Unit tests.
-  test-integration  Run Integration tests.
-  bundle           Generate bundle manifests and metadata, then validate generated files.
-  build-release-yamls  Generate the crd install bundle for a specific release version.
-
-Build
-  build            Build bpfman-operator and bpfman-agent binaries.
-  build-images     Build bpfman, bpfman-agent, and bpfman-operator images.
-  push-images      Push bpfman, bpfman-agent, bpfman-operator images.
-  load-images-kind  Load bpfman, bpfman-agent, and bpfman-operator images into the running local kind devel cluster.
-  bundle-build     Build the bundle image.
-  bundle-push      Push the bundle image.
-  catalog-build    Build a catalog image.
-  catalog-push     Push a catalog image.
-
-CRD Deployment
-  install          Install CRDs into the K8s cluster specified in ~/.kube/config.
-  uninstall        Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+  register-gen     Download register-gen locally if necessary.
+  informer-gen     Download informer-gen locally if necessary.
+  lister-gen       Download lister-gen locally if necessary.
+  client-gen       Download client-gen locally if necessary.
+  envtest          Download envtest-setup locally if necessary.
+  opm              Download opm locally if necessary.
+
+Development
+  manifests        Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.
+  generate         Generate ALL auto-generated code.
+  generate-register  Generate register code see all `zz_generated.register.go` files.
+  generate-deepcopy  Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations see all `zz_generated.register.go` files.
+  generate-typed-clients  Generate typed client code
+  generate-typed-listers  Generate typed listers code
+  generate-typed-informers  Generate typed informers code
+  fmt              Run go fmt against code.
+  verify           Verify all the autogenerated code
+  test             Run Unit tests.
+  test-integration  Run Integration tests.
+  bundle           Generate bundle manifests and metadata, then validate generated files.
+  build-release-yamls  Generate the crd install bundle for a specific release version.
+
+Build
+  build            Build bpfman-operator and bpfman-agent binaries.
+  build-images     Build bpfman, bpfman-agent, and bpfman-operator images.
+  push-images      Push bpfman, bpfman-agent, bpfman-operator images.
+  load-images-kind  Load bpfman, bpfman-agent, and bpfman-operator images into the running local kind devel cluster.
+  bundle-build     Build the bundle image.
+  bundle-push      Push the bundle image.
+  catalog-build    Build a catalog image.
+  catalog-push     Push a catalog image.
 
-Vanilla K8s Deployment
-  setup-kind       Setup Kind cluster
-  deploy           Deploy bpfman-operator to the K8s cluster specified in ~/.kube/config with the csi driver initialized.
-  undeploy         Undeploy bpfman-operator from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-  kind-reload-images  Reload locally build images into a kind cluster and restart the ds and deployment so they're picked up.
-  run-on-kind      Kind Deploy runs the bpfman-operator on a local kind cluster using local builds of bpfman, bpfman-agent, and bpfman-operator
-
-Openshift Deployment
-  deploy-openshift  Deploy bpfman-operator to the Openshift cluster specified in ~/.kube/config.
-  undeploy-openshift  Undeploy bpfman-operator from the Openshift cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
-
    -

    Running Locally in KIND

    -

    To run locally in a kind cluster with an up to date build simply run:

    -
    make run-on-kind
-
    -

    The container images used for bpfman,bpfman-agent, and bpfman-operator can also be manually configured, -by default local image builds will be used for the kind deployment.

    -
    BPFMAN_IMG=<your/image/url> BPFMAN_AGENT_IMG=<your/image/url> BPFMAN_OPERATOR_IMG=<your/image/url> make run-on-kind
+CRD Deployment
+  install          Install CRDs into the K8s cluster specified in ~/.kube/config.
+  uninstall        Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+
+Vanilla K8s Deployment
+  setup-kind       Setup Kind cluster
+  deploy           Deploy bpfman-operator to the K8s cluster specified in ~/.kube/config with the csi driver initialized.
+  undeploy         Undeploy bpfman-operator from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
+  kind-reload-images  Reload locally build images into a kind cluster and restart the ds and deployment so they're picked up.
+  run-on-kind      Kind Deploy runs the bpfman-operator on a local kind cluster using local builds of bpfman, bpfman-agent, and bpfman-operator
+
+Openshift Deployment
+  deploy-openshift  Deploy bpfman-operator to the Openshift cluster specified in ~/.kube/config.
+  undeploy-openshift  Undeploy bpfman-operator from the Openshift cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.
    -

    Then rebuild and load a fresh build run:

    -
    make kind-reload-images
-
    -

    Which will rebuild the bpfman-operator, bpfman-agent, and bpfman images and load them into the kind cluster.

    -

    Testing Locally

    -

    See Kubernetes Operator Tests.

    -

    Project Layout

    +

    Project Layout

    The bpfman-operator project layout is guided by the recommendations from both the operator-sdk framework and the standard golang project-layout. -The following is a brief description of the main directories and their contents.

    +The following is a brief description of the main directories under bpfman-operator/ and their contents.

    NOTE: Bolded directories contain auto-generated code

    @@ -1771,6 +1833,10 @@

    Development Environment Setup

    NOTE: If you have an older version of mkdocs installed, you may need to use the --upgrade option (e.g., pip install --upgrade mkdocs) to get it to work.

    +

    Document Images

    +

    Source of images used in the example documentation can be found in +bpfman Upstream Images. +Request access if required.

    diff --git a/main/developer-guide/image-build/index.html b/main/developer-guide/image-build/index.html index 17cfe7cdb..f8308dd99 100644 --- a/main/developer-guide/image-build/index.html +++ b/main/developer-guide/image-build/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -1082,6 +1106,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/developer-guide/linux-capabilities/index.html b/main/developer-guide/linux-capabilities/index.html index 1b30da04b..8814f5553 100644 --- a/main/developer-guide/linux-capabilities/index.html +++ b/main/developer-guide/linux-capabilities/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -1085,6 +1109,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + diff --git a/main/developer-guide/logging/index.html b/main/developer-guide/logging/index.html index 4406d36c5..14a6dd7d9 100644 --- a/main/developer-guide/logging/index.html +++ b/main/developer-guide/logging/index.html @@ -233,7 +233,7 @@
  • - + @@ -420,6 +420,8 @@ + + @@ -462,11 +464,11 @@
  • - + - Setup and Building + bpfman Overview @@ -482,11 +484,11 @@
  • - + - Run bpfman From Release Image + Launching bpfman @@ -502,11 +504,11 @@
  • - + - Run bpfman From RPM + Deploying Example eBPF Programs On Local Host @@ -522,11 +524,11 @@
  • - + - Bpfman on Linux Tutorial + Deploying Example eBPF Programs On Kubernetes @@ -542,11 +544,11 @@
  • - + - CLI Guide + Setup and Building @@ -562,11 +564,11 @@
  • - + - Example eBPF Programs + Run bpfman From Release Image @@ -582,11 +584,11 @@
  • - + - Deploying Example eBPF Programs On Local Host + Run bpfman From RPM @@ -602,11 +604,31 @@
  • - + - Deploying Example eBPF Programs On Kubernetes + CLI Guide + + + + +
    • + + + + + + + + + +
  • + + + + + Example eBPF Programs @@ -678,6 +700,8 @@ + + @@ -1133,6 +1157,26 @@ + + + + + +
  • + + + + + XDP Tutorial + + + + +
    • + + + + @@ -1798,7 +1842,8 @@

    Systemd Service

    CapabilityBoundingSet=CAP_BPF CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SYS_ADMIN CAP_SYS_RESOURCE

    Start the service:

    -
    sudo systemctl start bpfman.service
+
    sudo systemctl daemon-reload
+sudo systemctl start bpfman.service
 
    
 
    Check the logs:
    
 
    $ sudo journalctl -f -u bpfman
diff --git a/main/developer-guide/operator-quick-start/index.html b/main/developer-guide/operator-quick-start/index.html
index 13d3b7c7d..cf62bb5b2 100644
--- a/main/developer-guide/operator-quick-start/index.html
+++ b/main/developer-guide/operator-quick-start/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -806,6 +830,16 @@
     
+    
+  
 
    • 
       
         
  • 
@@ -1127,6 +1166,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1635,6 +1694,16 @@
     
+    
+  
 
       
         
  • 
@@ -1750,7 +1824,13 @@ 
    Deploying the bpfman-operator
    
 This operator was built utilizing some great tooling provided by the
     operator-sdk library.
 A great first step in understanding some of the functionality can be to just run make help.
    
-
    Deploy Locally via KIND
    
+
    Deploy bpfman Operation
    
+
    The bpfman-operator is running as a Deployment with a ReplicaSet of one.
+It runs on the control plane and is composed of the containers bpfman-operator and
+kube-rbac-proxy.
+The operator is responsible for launching the bpfman Daemonset, which runs on every node.
+The bpfman Daemonset is composed of the containers bpfman, bpfman-agent, and node-driver-registrar.
    
+
    Deploy Locally via KIND
    
 
    After reviewing the possible make targets it's quick and easy to get bpfman deployed locally on your system
 via a KIND cluster with:
    
 
    cd bpfman/bpfman-operator
@@ -1766,9 +1846,9 @@ 
    Deploy Locally via KIND
    
 It is recommended to install kind v0.20.0 or later.
    
 
 
-
    Deploy To Openshift Cluster
    
+
    Deploy To Openshift Cluster
    
 
    First deploy the operator with one of the following two options:
    
-
    1. Manually with Kustomize
    
+
    1. Manually with Kustomize
    
 
    To install manually with Kustomize and raw manifests simply run the following
 commands.
 The Openshift cluster needs to be up and running and specified in ~/.kube/config
@@ -1779,7 +1859,7 @@ 
    1. Manually with Kustomize
    
 
    Which can then be cleaned up at a later time with:
    
 
    make undeploy-openshift
 
    
-
    2. Via the OLM bundle
    
+
    2. Via the OLM bundle
    
 
    The other option for installing the bpfman-operator is to install it using
 OLM bundle.
    
 
    First setup the namespace and certificates for the operator with:
    
@@ -1800,10 +1880,8 @@ 
    Verify the Installation
    
 you will see the bpfman-daemon and bpfman-operator pods running without errors:
    
 
    kubectl get pods -n bpfman
 NAME                             READY   STATUS    RESTARTS   AGE
-bpfman-daemon-bt5xm                3/3     Running   0          130m
-bpfman-daemon-ts7dr                3/3     Running   0          129m
-bpfman-daemon-w24pr                3/3     Running   0          130m
-bpfman-operator-78cf9c44c6-rv7f2   2/2     Running   0          132m
+bpfman-daemon-w24pr                3/3     Running   0          130m
+bpfman-operator-78cf9c44c6-rv7f2   2/2     Running   0          132m
 
    
 
    Deploy an eBPF Program to the cluster
    
 
    To test the deployment simply deploy one of the sample xdpPrograms:
    
@@ -1864,7 +1942,16 @@ 
    Multiple Program CRDs
    
 
    The multiple *Program CRDs are the bpfman Kubernetes API objects most relevant to users and can be used to
 understand clusterwide state for an eBPF program.
 It's designed to express how, and where eBPF programs are to be deployed within a Kubernetes cluster.
-Currently bpfman supports the use of xdpProgram, tcProgram and tracepointProgram objects.
    
+Currently bpfman supports:
    
+
      
+
    • fentryProgram
      • 
+
    • fexitProgram
      • 
+
    • kprobeProgram
      • 
+
    • tcProgram
      • 
+
    • tracepointProgram
      • 
+
    • uprobeProgram
      • 
+
    • xdpProgram
      • 
+
    
 
    BpfProgram CRD
    
 
    The BpfProgram CRD is used internally by the bpfman-deployment to keep track of per node bpfman state
 such as map pin points, and to report node specific errors back to the user.
diff --git a/main/developer-guide/release/index.html b/main/developer-guide/release/index.html
index b45505249..ca3a98091 100644
--- a/main/developer-guide/release/index.html
+++ b/main/developer-guide/release/index.html
@@ -12,7 +12,7 @@
         
       
       
-        
+        
       
       
       
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -1115,6 +1139,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1722,49 +1766,76 @@
 
 
 
    Release Process
    
+
    This document describes how to cut a release for the bpfman project.
    
 
    Overview
    
 
    A release for the bpfman project is comprised of the following major components:
    
 
      
-
    • bpfman binaries
      • 
-
    • Core GRPC API protobuf definitions
      • 
-
    • Kubernetes Custom Resource Definitions (CRDs)
      • 
-
    • Corresponding go pkg in the form of github.com/bpfman/bpfman which includes the following:
      • 
+
    • bpfman (Core library) and bpfman-api (Core GRPC API protobuf definitions) library crates
      • 
+
    • bpfman (CLI), and bpfman-rpc ( gRPC server ) binary crates
      • 
+
    • bpf-metrics-exporter and bpf-log-exporter binary crates
      • 
+
    • Kubernetes User Facing Custom Resource Definitions (CRDs)
        
+
      • TcProgram
        • 
+
      • XdpProgram
        • 
+
      • TracepointProgram
        • 
+
      • UprobeProgram
        • 
+
      • KprobeProgram
        • 
+
      • FentryProgram
        • 
+
      • FexitProgram
        • 
+
      
+
      • 
+
    • Corresponding go pkgs in the form of github.com/bpfman/bpfman which includes the following:
        
 
      • github.com/bpfman/bpfman/clients/gobpfman/v1: The go client for the bpfman GRPC API
        • 
 
      • github.com/bpfman/bpfman/bpfman-operator/apis: The go bindings for the
-    bpfman CRD API
        • 
+  bpfman CRD API
 
      • github.com/bpfman/bpfman/bpfman-operator/pkg/client: The autogenerated
-    clientset for the bpfman CRD API
        • 
+  clientset for the bpfman CRD API
 
      • github.com/bpfman/bpfman/bpfman-operator/pkg/helpers: The provided bpfman CRD
-    API helpers.
        • 
-
      • Corresponding bpfman-api and bpfmanrust crates which house the rust client for the bpfman GRPC API
        • 
-
      • The following core component container images with tag :
        • 
+  API helpers.
+
      
+
      • 
+
    • The following core component container images with tag :
        
 
      • quay.io/bpfman/bpfman
        • 
 
      • quay.io/bpfman/bpfman-operator
        • 
 
      • quay.io/bpfman/bpfman-agent
        • 
 
      • quay.io/bpfman/bpfman-operator-bundle
        • 
 
      • quay.io/bpfman/xdp-dispatcher
        • 
 
      • quay.io/bpfman/tc-dispatcher
        • 
+
      
+
      • 
 
    • The relevant example bytecode container images with tag  from source
-  code located in the bpfman project:
      • 
-
    • quay.io/bpfman-bytecode/go_xdp_counter
      • 
-
    • quay.io/bpfman-bytecode/go_tc_counter
      • 
-
    • quay.io/bpfman-bytecode/go_tracepoint_counter
      • 
-
    • quay.io/bpfman-bytecode/xdp_pass
      • 
-
    • quay.io/bpfman-bytecode/tc_pass
      • 
+  code located in the bpfman project:
        
+
      • quay.io/bpfman-bytecode/go-xdp-counter
        • 
+
      • quay.io/bpfman-userspace/go-target
        • 
+
      • quay.io/bpfman-bytecode/go-tc-counter
        • 
+
      • quay.io/bpfman-bytecode/go-tracepoint-counter
        • 
+
      • quay.io/bpfman-bytecode/xdp-pass
        • 
+
      • quay.io/bpfman-bytecode/tc-pass
        • 
 
      • quay.io/bpfman-bytecode/tracepoint
        • 
-
      • quay.io/bpfman-bytecode/xdp_pass_private
        • 
+
      • quay.io/bpfman-bytecode/xdp-pass-private
        • 
+
      • quay.io/bpfman-bytecode/go-uprobe-counter
        • 
+
      • quay.io/bpfman-bytecode/go-kprobe-counter
        • 
 
      • quay.io/bpfman-bytecode/uprobe
        • 
 
      • quay.io/bpfman-bytecode/kprobe
        • 
 
      • quay.io/bpfman-bytecode/uretprobe
        • 
 
      • quay.io/bpfman-bytecode/kretprobe
        • 
+
      • quay.io/bpfman-bytecode/fentry
        • 
+
      • quay.io/bpfman-bytecode/fexit
        • 
+
      
+
 
    • The relevant example userspace container images with tag  from source
-  code located in the bpfman project:
      • 
-
    • quay.io/bpfman-userspace/go_xdp_counter
      • 
-
    • quay.io/bpfman-userspace/go_tc_counter
      • 
-
    • quay.io/bpfman-userspace/go_tracepoint_counter
      • 
-
    • The OLM (Operator Lifecycle Manager) for the Kubernetes Operator.
      • 
+  code located in the bpfman project:
        
+
      • quay.io/bpfman-userspace/go-xdp-counter
        • 
+
      • quay.io/bpfman-userspace/go-tc-counter
        • 
+
      • quay.io/bpfman-userspace/go-tracepoint-counter
        • 
+
      • quay.io/bpfman-userspace/go-uprobe-counter
        • 
+
      • quay.io/bpfman-userspace/go-kprobe-counter
        • 
+
      
+
+
    • The OLM (Operator Lifecycle Manager) for the Kubernetes Operator.
        
 
      • This includes a bundle directory on disk as well as the
-    quay.io/bpfman/bpfman-operator-bundle with the tag .
        • 
+  quay.io/bpfman/bpfman-operator-bundle with the tag .
+
      
+
      • 
 
    
 
    Versioning strategy
    
 
    Overview
    
@@ -1801,22 +1872,26 @@ 
    Release Steps
    
 
  • Create a branch from the major-minor tag of interest i.e:
   git checkout -b release-x.x.x <major.minor.patch>
    • 
 
  • Create a pull request of the <githubuser>/release-x.x.x branch into the release-x.x branch upstream.
-  Add a hold on this PR waiting for at least one maintainer/codeowner to provide a lgtm. This PR should:
    • 
+  Add a hold on this PR waiting for at least one maintainer/codeowner to provide a lgtm. This PR should:
      
 
    • Add a new changelog for the release
      • 
-
    • Update the cargo.toml versions for the bpfman-api and bpfman crates
      • 
+
    • Update the cargo.toml version for the workspace.
      • 
 
    • Update the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version.
-    This will generate a new /bpfman-operator/bundle directory which will ONLY be tracked in the
-    release-x.x branch not main.
      • 
+  This will generate a new /bpfman-operator/bundle directory which will ONLY be tracked in the
+  release-x.x branch not main.
+
    
+
    • 
 
  • Verify the CI tests pass and merge the PR into release-x.x.
    • 
 
  • Create a tag using the HEAD of the release-x.x.x branch. This can be done using the git CLI or
   Github's release page.
    • 
-
  • The Release will be automatically created, after that is complete do the following:
    • 
+
  • The Release will be automatically created, after that is complete do the following:
      
 
    • run make build-release-yamls and attach the yamls for the version to the release. These will include:
        
-
      • bpfman-crds-install-vx.x.x.yaml
        • 
-
      • bpfman-operator-install-vx.x.x.yaml
        • 
-
      • go-xdp-counter-install-vx.x.x.yaml
        • 
-
      • go-tc-counter-install-vx.x.x.yaml
        • 
-
      • go-tracepoint-counter-install-vx.x.x.yaml
        • 
+
      • bpfman-crds-install.yaml
        • 
+
      • bpfman-operator-install.yaml
        • 
+
      • go-xdp-counter-install.yaml
        • 
+
      • go-tc-counter-install.yaml
        • 
+
      • go-tracepoint-counter-install.yaml
        • 
+
      
+
      • 
 
    
 
    • 
 
  • Update the community-operator and
@@ -1829,24 +1904,28 @@ 
    Release Steps
    
 
 
    For a MAJOR or MINOR release:
    
 
      
-
    • Open an update PR that:
      • 
+
    • Open an update PR that:
        
 
      • Adds a new changelog for the release
        • 
-
      • Updates the cargo.toml versions for the bpfman-api and bpfman crates
        • 
+
      • Updates the cargo.toml version for the workspace.
        • 
 
      • Updates the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version
        • 
 
      • Add's a new examples config directory for the release version
        • 
+
      
+
      • 
 
    • Make sure CI is green and merge the update PR.
      • 
 
    • Create a tag using the HEAD of the main branch. This can be done using the git CLI or
   Github's release page.
      • 
 
    • Tag the release using the commit on main where the changelog update merged.
   This can  be done using the git CLI or Github's release
   page.
      • 
-
    • The Release will be automatically created, after that is complete do the following:
      • 
+
    • The Release will be automatically created, after that is complete do the following:
        
 
      • run make build-release-yamls and attach the yamls for the version to the release. These will include:
          
-
        • bpfman-crds-install-vx.x.x.yaml
          • 
-
        • bpfman-operator-install-vx.x.x.yaml
          • 
-
        • go-xdp-counter-install-vx.x.x.yaml
          • 
-
        • go-tc-counter-install-vx.x.x.yaml
          • 
-
        • go-tracepoint-counter-install-vx.x.x.yaml
          • 
+
        • bpfman-crds-install.yaml
          • 
+
        • bpfman-operator-install.yaml
          • 
+
        • go-xdp-counter-install.yaml
          • 
+
        • go-tc-counter-install.yaml
          • 
+
        • go-tracepoint-counter-install.yaml
          • 
+
        
+
        • 
 
      
 
      • 
 
    
diff --git a/main/developer-guide/shipping-bytecode/index.html b/main/developer-guide/shipping-bytecode/index.html
index 3a3ac385b..6944b2e82 100644
--- a/main/developer-guide/shipping-bytecode/index.html
+++ b/main/developer-guide/shipping-bytecode/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -1103,6 +1127,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/developer-guide/testing/index.html b/main/developer-guide/testing/index.html
index 914fca8f3..65d9404fb 100644
--- a/main/developer-guide/testing/index.html
+++ b/main/developer-guide/testing/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -1094,6 +1118,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/getting-started/tutorial/index.html b/main/developer-guide/xdp-overview/index.html
similarity index 57%
rename from main/getting-started/tutorial/index.html
rename to main/developer-guide/xdp-overview/index.html
index dda3a9ce3..9abff5559 100644
--- a/main/getting-started/tutorial/index.html
+++ b/main/developer-guide/xdp-overview/index.html
@@ -9,10 +9,10 @@
       
       
       
-        
+        
       
       
-        
+        
       
       
       
@@ -20,7 +20,7 @@
     
     
       
-        Bpfman on Linux Tutorial - bpfman
+        XDP Tutorial - bpfman
       
     
     
@@ -77,7 +77,7 @@
     
    
       
         
-        
+        
           Skip to content
         
       
@@ -116,7 +116,7 @@
         
    
           
             
-              Bpfman on Linux Tutorial
+              XDP Tutorial
             
           
         
    
@@ -229,13 +229,11 @@
         
   
   
-    
-  
   
     
     
-      
  • 
-        
+      
  • 
+        
           
   
     
@@ -251,10 +249,12 @@
         
   
   
+    
+  
   
     
     
-      
  • 
+      
  • 
         
           
   
@@ -401,8 +401,6 @@
       
   
   
-    
-  
   
     
     
@@ -422,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -432,12 +432,12 @@
       
       
     
-    
  • 
+    
  • 
       
         
         
         
-        
+        
         
           
           
         
-        
    • 
         
           
  • 
@@ -1794,22 +1994,21 @@ 
    Notes For This Guide
    
 
    Basic Syntax
    
 
    Below are the commands supported by bpfman.
    
 
    sudo bpfman --help
-A system daemon for loading BPF programs
+An eBPF manager focusing on simplifying the deployment and administration of eBPF programs.
 
 Usage: bpfman <COMMAND>
 
 Commands:
-  load           Load an eBPF program from a local .o file
-  unload         Unload an eBPF program using the program id
-  list           List all eBPF programs loaded via bpfman
-  get            Get an eBPF program using the program id
-  image          eBPF Bytecode Image related commands
-  system         Run bpfman as a service
-  help           Print this message or the help of the given subcommand(s)
-
-Options:
-  -h, --help     Print help
-  -V, --version  Print version
+  load    Load an eBPF program on the system
+  unload  Unload an eBPF program using the Program Id
+  list    List all eBPF programs loaded via bpfman
+  get     Get an eBPF program using the Program Id
+  image   eBPF Bytecode Image related commands
+  help    Print this message or the help of the given subcommand(s)
+
+Options:
+  -h, --help
+          Print help (see a summary with '-h')
 
    
 
    bpfman load
    
 
    The bpfman load file and bpfman load image commands are used to load eBPF programs.
@@ -1823,44 +2022,44 @@ 
    bpfman load
    
 Load an eBPF program from a local .o file
 
 Usage: bpfman load file [OPTIONS] --path <PATH> --name <NAME> <COMMAND>
-------
-
-Commands:
----------
-  xdp         Install an eBPF program on the XDP hook point for a given interface
-  tc          Install an eBPF program on the TC hook point for a given interface
-  tracepoint  Install an eBPF program on a Tracepoint
-  kprobe      Install an eBPF kprobe or kretprobe
-  uprobe      Install an eBPF uprobe or uretprobe
+
+Commands:
+  xdp         Install an eBPF program on the XDP hook point for a given interface
+  tc          Install an eBPF program on the TC hook point for a given interface
+  tracepoint  Install an eBPF program on a Tracepoint
+  kprobe      Install a kprobe or kretprobe eBPF probe
+  uprobe      Install a uprobe or uretprobe eBPF probe
+  fentry      Install a fentry eBPF probe
+  fexit       Install a fexit eBPF probe
   help        Print this message or the help of the given subcommand(s)
 
 Options:
---------
-  -p, --path <PATH>
-          Required: Location of local bytecode file as fully qualified file path.
-          Example: --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
-
-  -n, --name <NAME>
-          Required: The name of the function that is the entry point for the BPF program
-
-  -g, --global <GLOBAL>...
-          Optional: Global variables to be set when program is loaded.
-          Format: <NAME>=<Hex Value>
-
-          This is a very low level primitive. The caller is responsible for formatting
-          the byte string appropriately considering such things as size, endianness,
-          alignment and packing of data structures.
-
-  -m, --metadata <METADATA>
-          Optional: Specify Key/Value metadata to be attached to a program when it
-          is loaded by bpfman.
-          Format: <KEY>=<VALUE>
-
-          This can later be used to list a certain subset of programs which contain
-          the specified metadata.
+  -p, --path <PATH>
+          Required: Location of local bytecode file
+          Example: --path /run/bpfman/examples/go-xdp-counter/bpf_bpfel.o
+
+  -n, --name <NAME>
+          Required: The name of the function that is the entry point for the BPF program
+
+  -g, --global <GLOBAL>...
+          Optional: Global variables to be set when program is loaded.
+          Format: <NAME>=<Hex Value>
+
+          This is a very low level primitive. The caller is responsible for formatting
+          the byte string appropriately considering such things as size, endianness,
+          alignment and packing of data structures.
+
+  -m, --metadata <METADATA>
+          Optional: Specify Key/Value metadata to be attached to a program when it
+          is loaded by bpfman.
+          Format: <KEY>=<VALUE>
+
+          This can later be used to `list` a certain subset of programs which contain
+          the specified metadata.
+          Example: --metadata owner=acme
 
       --map-owner-id <MAP_OWNER_ID>
-          Optional: Program id of loaded eBPF program this eBPF program will share a map with.
+          Optional: Program Id of loaded eBPF program this eBPF program will share a map with.
           Only used when multiple eBPF programs need to share a map.
           Example: --map-owner-id 63178
 
@@ -1877,58 +2076,60 @@ 
    bpfman load
    
   xdp         Install an eBPF program on the XDP hook point for a given interface
   tc          Install an eBPF program on the TC hook point for a given interface
   tracepoint  Install an eBPF program on a Tracepoint
-  kprobe      Install an eBPF kprobe or kretprobe
-  uprobe      Install an eBPF uprobe or uretprobe
-  help        Print this message or the help of the given subcommand(s)
-
-Options:
-  -i, --image-url <IMAGE_URL>
-          Required: Container Image URL.
-          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest
-
-  -r, --registry-auth <REGISTRY_AUTH>
-          Optional: Registry auth for authenticating with the specified image registry.
-          This should be base64 encoded from the '<username>:<password>' string just like
-          it's stored in the docker/podman host config.
-          Example: --registry_auth "YnjrcKw63PhDcQodiU9hYxQ2"
-
-  -p, --pull-policy <PULL_POLICY>
-          Optional: Pull policy for remote images.
-
-          [possible values: Always, IfNotPresent, Never]
+  kprobe      Install a kprobe or kretprobe eBPF probe
+  uprobe      Install a uprobe or uretprobe eBPF probe
+  fentry      Install a fentry eBPF probe
+  fexit       Install a fexit eBPF probe
+  help        Print this message or the help of the given subcommand(s)
+
+Options:
+  -i, --image-url <IMAGE_URL>
+          Required: Container Image URL.
+          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest
+
+  -r, --registry-auth <REGISTRY_AUTH>
+          Optional: Registry auth for authenticating with the specified image registry.
+          This should be base64 encoded from the '<username>:<password>' string just like
+          it's stored in the docker/podman host config.
+          Example: --registry_auth "YnjrcKw63PhDcQodiU9hYxQ2"
+
+  -p, --pull-policy <PULL_POLICY>
+          Optional: Pull policy for remote images.
 
-          [default: IfNotPresent]
+          [possible values: Always, IfNotPresent, Never]
 
-  -n, --name <NAME>
-          Optional: The name of the function that is the entry point for the BPF program.
-          If not provided, the program name defined as part of the bytecode image will be used.
-
-          [default: ]
+          [default: IfNotPresent]
+
+  -n, --name <NAME>
+          Optional: The name of the function that is the entry point for the BPF program.
+          If not provided, the program name defined as part of the bytecode image will be used.
 
-  -g, --global <GLOBAL>...
-          Optional: Global variables to be set when program is loaded.
-          Format: <NAME>=<Hex Value>
-
-          This is a very low level primitive. The caller is responsible for formatting
-          the byte string appropriately considering such things as size, endianness,
-          alignment and packing of data structures.
-
-  -m, --metadata <METADATA>
-          Optional: Specify Key/Value metadata to be attached to a program when it
-          is loaded by bpfman.
-          Format: <KEY>=<VALUE>
-
-          This can later be used to list a certain subset of programs which contain
-          the specified metadata.
-          Example: --metadata owner=acme
-
-      --map-owner-id <MAP_OWNER_ID>
-          Optional: Program id of loaded eBPF program this eBPF program will share a map with.
-          Only used when multiple eBPF programs need to share a map.
-          Example: --map-owner-id 63178
-
-  -h, --help
-          Print help (see a summary with '-h')
+          [default: ]
+
+  -g, --global <GLOBAL>...
+          Optional: Global variables to be set when program is loaded.
+          Format: <NAME>=<Hex Value>
+
+          This is a very low level primitive. The caller is responsible for formatting
+          the byte string appropriately considering such things as size, endianness,
+          alignment and packing of data structures.
+
+  -m, --metadata <METADATA>
+          Optional: Specify Key/Value metadata to be attached to a program when it
+          is loaded by bpfman.
+          Format: <KEY>=<VALUE>
+
+          This can later be used to list a certain subset of programs which contain
+          the specified metadata.
+          Example: --metadata owner=acme
+
+      --map-owner-id <MAP_OWNER_ID>
+          Optional: Program Id of loaded eBPF program this eBPF program will share a map with.
+          Only used when multiple eBPF programs need to share a map.
+          Example: --map-owner-id 63178
+
+  -h, --help
+          Print help (see a summary with '-h')
 
    • 
 
    When using either load command, --path, --image-url, --registry-auth, --pull-policy, --name,
  --global, --metadata and --map-owner-id must be entered before the <COMMAND> (xdp, tc,
@@ -1939,27 +2140,25 @@ 
    bpfman load
    
 Install an eBPF program on the XDP hook point for a given interface
 
 Usage: bpfman load file --path <PATH> --name <NAME> xdp [OPTIONS] --iface <IFACE> --priority <PRIORITY>
-------
-
-Options:
---------
-  -i, --iface <IFACE>
-          Required: Interface to load program on
-
-  -p, --priority <PRIORITY>
-          Required: Priority to run program in chain. Lower value runs first
-
-      --proceed-on <PROCEED_ON>...
-          Optional: Proceed to call other programs in chain on this exit code.
-          Multiple values supported by repeating the parameter.
-          Example: --proceed-on "pass" --proceed-on "drop"
+
+Options:
+  -i, --iface <IFACE>
+          Required: Interface to load program on
+
+  -p, --priority <PRIORITY>
+          Required: Priority to run program in chain. Lower value runs first
+
+      --proceed-on <PROCEED_ON>...
+          Optional: Proceed to call other programs in chain on this exit code.
+          Multiple values supported by repeating the parameter.
+          Example: --proceed-on "pass" --proceed-on "drop"
+
+          [possible values: aborted, drop, pass, tx, redirect, dispatcher_return]
 
-          [possible values: aborted, drop, pass, tx, redirect, dispatcher_return]
+          [default: pass, dispatcher_return]
 
-          [default: pass, dispatcher_return]
-
-  -h, --help
-          Print help (see a summary with '-h')
+  -h, --help
+          Print help (see a summary with '-h')

    Example loading from local file (--path is the fully qualified path):

    sudo bpfman load file --path $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o --name "pass" xdp --iface vethb2795c7 --priority 100
@@ -1973,33 +2172,31 @@ 
    bpfman load
    
 Install an eBPF program on the TC hook point for a given interface
 
 Usage: bpfman load file --path <PATH> --name <NAME> tc [OPTIONS] --direction <DIRECTION> --iface <IFACE> --priority <PRIORITY>
-------
-
-Options:
---------
-  -d, --direction <DIRECTION>
-          Required: Direction to apply program.
+
+Options:
+  -d, --direction <DIRECTION>
+          Required: Direction to apply program.
+
+          [possible values: ingress, egress]
 
-          [possible values: ingress, egress]
-
-  -i, --iface <IFACE>
-          Required: Interface to load program on
-
-  -p, --priority <PRIORITY>
-          Required: Priority to run program in chain. Lower value runs first
-
-      --proceed-on <PROCEED_ON>...
-          Optional: Proceed to call other programs in chain on this exit code.
-          Multiple values supported by repeating the parameter.
-          Example: --proceed-on "ok" --proceed-on "pipe"
-
-          [possible values: unspec, ok, reclassify, shot, pipe, stolen, queued,
-                            repeat, redirect, trap, dispatcher_return]
+  -i, --iface <IFACE>
+          Required: Interface to load program on
+
+  -p, --priority <PRIORITY>
+          Required: Priority to run program in chain. Lower value runs first
+
+      --proceed-on <PROCEED_ON>...
+          Optional: Proceed to call other programs in chain on this exit code.
+          Multiple values supported by repeating the parameter.
+          Example: --proceed-on "ok" --proceed-on "pipe"
+
+          [possible values: unspec, ok, reclassify, shot, pipe, stolen, queued,
+                            repeat, redirect, trap, dispatcher_return]
+
+          [default: ok, pipe, dispatcher_return]
 
-          [default: ok, pipe, dispatcher_return]
-
-  -h, --help
-          Print help (see a summary with '-h')
+  -h, --help
+          Print help (see a summary with '-h')

    The following is an example of the tc command using short option names:

    sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -n "pass" tc -d ingress -i mynet1 -p 40
@@ -2009,37 +2206,45 @@ 
    bpfman load
    
 
    SEC("classifier/pass")
 int accept(struct __sk_buff *skb)
 {
+    :
+}
 
    
 
    Additional Load Examples
    
 
    Below are some additional examples of bpfman load commands:
    
-
    XDP
    
-
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o --name "xdp_stats" xdp --iface vethb2795c7 --priority 35
+
    Fentry
    
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/fentry:latest fentry -f do_unlinkat
 
    
-
    TC
    
-
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-tc-counter/bpf_bpfel.o --name "stats"" tc --direction ingress --iface vethb2795c7 --priority 110
+
    Fexit
    
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/fexit:latest fexit -f do_unlinkat
 
    
-
    Kprobe
    
+
    Kprobe
    
 
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/kprobe:latest kprobe -f try_to_wake_up
 
    
-
    Kretprobe
    
+
    Kretprobe
    
 
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/kretprobe:latest kprobe -f try_to_wake_up -r
 
    
-
    Uprobe
    
-
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe -f "malloc" -t "libc"
+
    TC
    
+
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-tc-counter/bpf_bpfel.o --name "stats"" tc --direction ingress --iface vethb2795c7 --priority 110
 
    
-
    Uretprobe
    
-
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/uretprobe:latest uprobe -f "malloc" -t "libc" -r
+
    Uprobe
    
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe -f "malloc" -t "libc"
+
    
+
    Uretprobe
    
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/uretprobe:latest uprobe -f "malloc" -t "libc" -r
+
    
+
    XDP
    
+
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o --name "xdp_stats" xdp --iface vethb2795c7 --priority 35
 
    
 
    Setting Global Variables in eBPF Programs
    
 
    Global variables can be set for any eBPF program type when loading as follows:
    
-
    sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -g GLOBAL_u8=01020304 GLOBAL_u32=0A0B0C0D -n "pass" tc -d ingress -i mynet1 -p 40
+
    sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -g GLOBAL_u8=01020304 GLOBAL_u32=0A0B0C0D -n "pass" tc -d ingress -i mynet1 -p 40
 
    
 
    Note, that when setting global variables, the eBPF program being loaded must
 have global variables named with the strings given, and the size of the value
 provided must match the size of the given variable.  For example, the above
 command can be used to update the following global variables in an eBPF program.
    
-
    volatile const __u32 GLOBAL_u8 = 0;
-volatile const __u32 GLOBAL_u32 = 0;
+
    volatile const __u32 GLOBAL_u8 = 0;
+volatile const __u32 GLOBAL_u32 = 0;
 
    
 
    Modifying the Proceed-On Behavior
    
 
    The proceed-on setting applies to xdp and tc programs. For both of these
@@ -2048,7 +2253,7 @@ 
    Modifying the Proceed-On Behavior
    proceed-on     configuration for
 an xdp program can be modified as follows:
    
-
    sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o -n "pass" xdp -i mynet1 -p 30 --proceed-on drop pass dispatcher_return
+
    sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o -n "pass" xdp -i mynet1 -p 30 --proceed-on drop pass dispatcher_return
 
    
 
    Sharing Maps Between eBPF Programs
    
 
    
@@ -2058,54 +2263,54 @@ 
    Sharing Maps Between eBPF ProgramsTo share maps between eBPF programs, first load the eBPF program that owns the
 maps.
 One eBPF program must own the maps.
    
-
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n "xdp_stats" xdp --iface vethb2795c7 --priority 100
-6371
+
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n "xdp_stats" xdp --iface vethb2795c7 --priority 100
+6371
 
    
 
    Next, load additional eBPF programs that will share the existing maps by passing
 the program id of the eBPF program that owns the maps using the --map-owner-id
 parameter:
    
-
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n "xdp_stats" --map-owner-id 6371 xdp --iface vethff657c7 --priority 100
-6373
+
    sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n "xdp_stats" --map-owner-id 6371 xdp --iface vethff657c7 --priority 100
+6373
 
    
-
    Use the bpfman get <ID> command to display the configuration:
    
-
    sudo bpfman list
- Program ID  Name       Type  Load Time
- 6371        xdp_stats  xdp   2023-07-18T16:50:46-0400
- 6373        xdp_stats  xdp   2023-07-18T16:51:06-0400
+
    Use the bpfman get <PROGRAM_ID> command to display the configuration:
    
+
    sudo bpfman list
+ Program ID  Name       Type  Load Time
+ 6371        xdp_stats  xdp   2023-07-18T16:50:46-0400
+ 6373        xdp_stats  xdp   2023-07-18T16:51:06-0400
 
    
-
    sudo bpfman get 6371
- Bpfman State
----------------
- Name:          xdp_stats
- Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
- Global:        None
- Metadata:      None
- Map Pin Path:  /run/bpfman/fs/maps/6371
- Map Owner ID:  None
- Map Used By:   6371
-                6373
- Priority:      50
- Iface:         vethff657c7
- Position:      1
- Proceed On:    pass, dispatcher_return
-:
+
    sudo bpfman get 6371
+ Bpfman State
+---------------
+ Name:          xdp_stats
+ Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
+ Global:        None
+ Metadata:      None
+ Map Pin Path:  /run/bpfman/fs/maps/6371
+ Map Owner ID:  None
+ Map Used By:   6371
+                6373
+ Priority:      50
+ Iface:         vethff657c7
+ Position:      1
+ Proceed On:    pass, dispatcher_return
+:
 
    
-
    sudo bpfman get 6373
- Bpfman State
----------------
- Name:          xdp_stats
- Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
- Global:        None
- Metadata:      None
- Map Pin Path:  /run/bpfman/fs/maps/6371
- Map Owner ID:  6371
- Map Used By:   6371
-                6373
- Priority:      50
- Iface:         vethff657c7
- Position:      0
- Proceed On:    pass, dispatcher_return
-:
+
    sudo bpfman get 6373
+ Bpfman State
+---------------
+ Name:          xdp_stats
+ Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
+ Global:        None
+ Metadata:      None
+ Map Pin Path:  /run/bpfman/fs/maps/6371
+ Map Owner ID:  6371
+ Map Used By:   6371
+                6373
+ Priority:      50
+ Iface:         vethff657c7
+ Position:      0
+ Proceed On:    pass, dispatcher_return
+:
 
    
 
    As the output shows, the first program (6371) owns the map, with Map Owner ID
 of None and the Map Pin Path (/run/bpfman/fs/maps/6371) that includes its own ID.
    
@@ -2116,179 +2321,183 @@ 
    Sharing Maps Between eBPF ProgramsMap Used By with values of 6371 and 6373.
    
 
    The eBPF programs can be unloaded any order, the Map Pin Path will not be deleted
 until all the programs referencing the maps are unloaded:
    
-
    sudo bpfman unload 6371
-sudo bpfman unload 6373
+
    sudo bpfman unload 6371
+sudo bpfman unload 6373
 
    
 
    bpfman list
    
 
    The bpfman list command lists all the bpfman loaded eBPF programs:
    
-
    sudo bpfman list
- Program ID  Name              Type        Load Time
- 6201        pass              xdp         2023-07-17T17:17:53-0400
- 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400
- 6204        stats             tc          2023-07-17T17:20:14-0400
+
    sudo bpfman list
+ Program ID  Name              Type        Load Time
+ 6201        pass              xdp         2023-07-17T17:17:53-0400
+ 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400
+ 6204        stats             tc          2023-07-17T17:20:14-0400
 
    
 
    To see all eBPF programs loaded on the system, include the --all option.
    
-
    sudo bpfman list --all
- Program ID  Name              Type           Load Time
- 52          restrict_filesy   lsm            2023-05-03T12:53:34-0400
- 166         dump_bpf_map      tracing        2023-05-03T12:53:52-0400
- 167         dump_bpf_prog     tracing        2023-05-03T12:53:52-0400
- 455                           cgroup_device  2023-05-03T12:58:26-0400
- :
- 6190                          cgroup_skb     2023-07-17T17:15:23-0400
- 6191                          cgroup_device  2023-07-17T17:15:23-0400
- 6192                          cgroup_skb     2023-07-17T17:15:23-0400
- 6193                          cgroup_skb     2023-07-17T17:15:23-0400
- 6194                          cgroup_device  2023-07-17T17:15:23-0400
- 6201        pass              xdp            2023-07-17T17:17:53-0400
- 6202        sys_enter_openat  tracepoint     2023-07-17T17:19:09-0400
- 6203        dispatcher        tc             2023-07-17T17:20:14-0400
- 6204        stats             tc             2023-07-17T17:20:14-0400
- 6207        xdp               xdp            2023-07-17T17:27:13-0400
+
    sudo bpfman list --all
+ Program ID  Name              Type           Load Time
+ 52          restrict_filesy   lsm            2023-05-03T12:53:34-0400
+ 166         dump_bpf_map      tracing        2023-05-03T12:53:52-0400
+ 167         dump_bpf_prog     tracing        2023-05-03T12:53:52-0400
+ 455                           cgroup_device  2023-05-03T12:58:26-0400
+ :
+ 6194                          cgroup_device  2023-07-17T17:15:23-0400
+ 6201        pass              xdp            2023-07-17T17:17:53-0400
+ 6202        sys_enter_openat  tracepoint     2023-07-17T17:19:09-0400
+ 6203        dispatcher        tc             2023-07-17T17:20:14-0400
+ 6204        stats             tc             2023-07-17T17:20:14-0400
+ 6207        xdp               xdp            2023-07-17T17:27:13-0400
+ 6210        test_fentry       tracing        2023-07-17T17:28:34-0400
+ 6212        test_fexit        tracing        2023-07-17T17:29:02-0400
+ 6223        my_uprobe         probe          2023-07-17T17:31:45-0400
+ 6225        my_kretprobe      probe          2023-07-17T17:32:27-0400
+ 6928        my_kprobe         probe          2023-07-17T17:33:49-0400
 
    
 
    To filter on a given program type, include the --program-type parameter:
    
-
    sudo bpfman list --all --program-type tc
- Program ID  Name        Type  Load Time
- 6203        dispatcher  tc    2023-07-17T17:20:14-0400
- 6204        stats       tc    2023-07-17T17:20:14-0400
+
    sudo bpfman list --all --program-type tc
+ Program ID  Name        Type  Load Time
+ 6203        dispatcher  tc    2023-07-17T17:20:14-0400
+ 6204        stats       tc    2023-07-17T17:20:14-0400
 
    
+
    Note: The list filters by the Kernel Program Type.
+kprobe, kretprobe, uprobe and uretprobe all map to the probe Kernel Program Type.
+fentry and fexit both map to the tracing Kernel Program Type.
    
 
    bpfman get
    
 
    To retrieve detailed information for a loaded eBPF program, use the
-bpfman get <ID> command.
+bpfman get <PROGRAM_ID> command.
 If the eBPF program was loaded via bpfman, then there will be a Bpfman State
 section with bpfman related attributes and a Kernel State section with
 kernel information.
 If the eBPF program was loaded outside of bpfman, then the Bpfman State
 section will be empty and Kernel State section will be populated.
    
-
    sudo bpfman get 6204
- Bpfman State
----------------
- Name:          stats
- Image URL:     quay.io/bpfman-bytecode/go-tc-counter:latest
- Pull Policy:   IfNotPresent
- Global:        None
- Metadata:      None
- Map Pin Path:  /run/bpfman/fs/maps/6204
- Map Owner ID:  None
- Map Used By:   6204
- Priority:      100
- Iface:         vethff657c7
- Position:      0
- Direction:     eg
- Proceed On:    pipe, dispatcher_return
-
- Kernel State
-----------------------------------
- ID:                               6204
- Name:                             stats
- Type:                             tc
- Loaded At:                        2023-07-17T17:20:14-0400
- Tag:                              ead94553702a3742
- GPL Compatible:                   true
- Map IDs:                          [2705]
- BTF ID:                           2821
- Size Translated (bytes):          176
- JITed:                            true
- Size JITed (bytes):               116
- Kernel Allocated Memory (bytes):  4096
- Verified Instruction Count:       24
+
    sudo bpfman get 6204
+ Bpfman State
+---------------
+ Name:          stats
+ Image URL:     quay.io/bpfman-bytecode/go-tc-counter:latest
+ Pull Policy:   IfNotPresent
+ Global:        None
+ Metadata:      None
+ Map Pin Path:  /run/bpfman/fs/maps/6204
+ Map Owner ID:  None
+ Map Used By:   6204
+ Priority:      100
+ Iface:         vethff657c7
+ Position:      0
+ Direction:     eg
+ Proceed On:    pipe, dispatcher_return
+
+ Kernel State
+----------------------------------
+ Program ID:                       6204
+ Name:                             stats
+ Type:                             tc
+ Loaded At:                        2023-07-17T17:20:14-0400
+ Tag:                              ead94553702a3742
+ GPL Compatible:                   true
+ Map IDs:                          [2705]
+ BTF ID:                           2821
+ Size Translated (bytes):          176
+ JITed:                            true
+ Size JITed (bytes):               116
+ Kernel Allocated Memory (bytes):  4096
+ Verified Instruction Count:       24
 
    
-
    sudo bpfman get 6190
- Bpfman State
----------------
-NONE
-
- Kernel State
-----------------------------------
-ID:                                6190
-Name:                              None
-Type:                              cgroup_skb
-Loaded At:                         2023-07-17T17:15:23-0400
-Tag:                               6deef7357e7b4530
-GPL Compatible:                    true
-Map IDs:                           []
-BTF ID:                            0
-Size Translated (bytes):           64
-JITed:                             true
-Size JITed (bytes):                55
-Kernel Allocated Memory (bytes):   4096
-Verified Instruction Count:        8
+
    sudo bpfman get 6190
+ Bpfman State
+---------------
+NONE
+
+ Kernel State
+----------------------------------
+Program ID:                        6190
+Name:                              None
+Type:                              cgroup_skb
+Loaded At:                         2023-07-17T17:15:23-0400
+Tag:                               6deef7357e7b4530
+GPL Compatible:                    true
+Map IDs:                           []
+BTF ID:                            0
+Size Translated (bytes):           64
+JITed:                             true
+Size JITed (bytes):                55
+Kernel Allocated Memory (bytes):   4096
+Verified Instruction Count:        8
 
    
 
    bpfman unload
    
 
    The bpfman unload command takes the program id from the load or list command as a parameter,
 and unloads the requested eBPF program:
    
-
    sudo bpfman unload 6204
+
    sudo bpfman unload 6204
 
    
-
    sudo bpfman list
- Program ID  Name              Type        Load Time
- 6201        pass              xdp         2023-07-17T17:17:53-0400
- 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400
+
    sudo bpfman list
+ Program ID  Name              Type        Load Time
+ 6201        pass              xdp         2023-07-17T17:17:53-0400
+ 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400
 
    
 
    bpfman image pull
    
 
    The bpfman image pull command pulls a given bytecode image for future use
 by a load command.
    
-
    sudo bpfman image pull --help
-Pull a bytecode image for future use by a load command
-
-Usage: bpfman image pull [OPTIONS] --image-url <IMAGE_URL>
-
-Options:
-  -i, --image-url <IMAGE_URL>
-          Required: Container Image URL.
-          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest
-
-  -r, --registry-auth <REGISTRY_AUTH>
-          Optional: Registry auth for authenticating with the specified image registry.
-          This should be base64 encoded from the '<username>:<password>' string just like
-          it's stored in the docker/podman host config.
-          Example: --registry_auth "YnjrcKw63PhDcQodiU9hYxQ2"
-
-  -p, --pull-policy <PULL_POLICY>
-          Optional: Pull policy for remote images.
-
-          [possible values: Always, IfNotPresent, Never]
-
-          [default: IfNotPresent]
-
-  -h, --help
-          Print help (see a summary with '-h')
+
    sudo bpfman image pull --help
+Pull an eBPF bytecode image from a remote registry
+
+Usage: bpfman image pull [OPTIONS] --image-url <IMAGE_URL>
+
+Options:
+  -i, --image-url <IMAGE_URL>
+          Required: Container Image URL.
+          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest
+
+  -r, --registry-auth <REGISTRY_AUTH>
+          Optional: Registry auth for authenticating with the specified image registry.
+          This should be base64 encoded from the '<username>:<password>' string just like
+          it's stored in the docker/podman host config.
+          Example: --registry_auth "YnjrcKw63PhDcQodiU9hYxQ2"
+
+  -p, --pull-policy <PULL_POLICY>
+          Optional: Pull policy for remote images.
+
+          [possible values: Always, IfNotPresent, Never]
+
+          [default: IfNotPresent]
+
+  -h, --help
+          Print help (see a summary with '-h')
 
    
 
    Example usage:
    
-
    sudo bpfman image pull --image-url quay.io/bpfman-bytecode/xdp_pass:latest
-Successfully downloaded bytecode
+
    sudo bpfman image pull --image-url quay.io/bpfman-bytecode/xdp_pass:latest
+Successfully downloaded bytecode
 
    
 
    Then when loaded, the local image will be used:
    
-
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest --pull-policy IfNotPresent xdp --iface vethff657c7 --priority 100
- Bpfman State                                           
- ---------------
-Name:          pass                                  
- Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest 
- Pull Policy:   IfNotPresent                          
- Global:        None                                  
- Metadata:      None                                  
- Map Pin Path:  /run/bpfman/fs/maps/406681              
- Map Owner ID:  None                                  
- Maps Used By:  None                                  
- Priority:      100                                   
- Iface:         vethff657c7                           
- Position:      2                                     
- Proceed On:    pass, dispatcher_return               
-
- Kernel State                                               
- ----------------------------------
-ID:                               406681                   
- Name:                             pass                     
- Type:                             xdp                      
- Loaded At:                        1917-01-27T01:37:06-0500 
- Tag:                              4b9d1b2c140e87ce         
- GPL Compatible:                   true                     
- Map IDs:                          [736646]                 
- BTF ID:                           555560                   
- Size Translated (bytes):          96                       
- JITted:                           true                     
- Size JITted:                      67                       
- Kernel Allocated Memory (bytes):  4096                     
- Verified Instruction Count:       9                        
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest --pull-policy IfNotPresent xdp --iface vethff657c7 --priority 100
+ Bpfman State                                           
+ ---------------
+ Name:          pass                                  
+ Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest 
+ Pull Policy:   IfNotPresent                          
+ Global:        None                                  
+ Metadata:      None                                  
+ Map Pin Path:  /run/bpfman/fs/maps/406681              
+ Map Owner ID:  None                                  
+ Maps Used By:  None                                  
+ Priority:      100                                   
+ Iface:         vethff657c7                           
+ Position:      2                                     
+ Proceed On:    pass, dispatcher_return               
+
+ Kernel State                                               
+ ----------------------------------
+ Program ID:                       406681                   
+ Name:                             pass                     
+ Type:                             xdp                      
+ Loaded At:                        1917-01-27T01:37:06-0500 
+ Tag:                              4b9d1b2c140e87ce         
+ GPL Compatible:                   true                     
+ Map IDs:                          [736646]                 
+ BTF ID:                           555560                   
+ Size Translated (bytes):          96                       
+ JITted:                           true                     
+ Size JITted:                      67                       
+ Kernel Allocated Memory (bytes):  4096                     
+ Verified Instruction Count:       9                        
 
    
 
 
diff --git a/main/getting-started/example-bpf-k8s/index.html b/main/getting-started/example-bpf-k8s/index.html
index 16a2391a6..d3f10bfde 100644
--- a/main/getting-started/example-bpf-k8s/index.html
+++ b/main/getting-started/example-bpf-k8s/index.html
@@ -12,7 +12,7 @@
         
       
       
-        
+        
       
       
       
@@ -235,7 +235,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -464,91 +466,11 @@
   
   
     
  • 
-      
-        
-  
-  
-    Setup and Building
-  
-  
-
-      
-    
    • 
-  
-
-              
-            
-              
-                
-  
-  
-  
-    
  • 
-      
-        
-  
-  
-    Run bpfman From Release Image
-  
-  
-
-      
-    
    • 
-  
-
-              
-            
-              
-                
-  
-  
-  
-    
  • 
-      
-        
-  
-  
-    Run bpfman From RPM
-  
-  
-
-      
-    
    • 
-  
-
-              
-            
-              
-                
-  
-  
-  
-    
  • 
-      
-        
-  
-  
-    Bpfman on Linux Tutorial
-  
-  
-
-      
-    
    • 
-  
-
-              
-            
-              
-                
-  
-  
-  
-    
  • 
-      
+      
         
   
   
-    CLI Guide
+    bpfman Overview
   
   
 
@@ -564,11 +486,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Launching bpfman
   
   
 
@@ -650,22 +572,22 @@
     
      
       
         
    • 
-  
+  
     
-      Loading eBPF Bytecode On Kubernetes
+      Loading eBPF Programs On Kubernetes
     
   
   
 
      • 
       
         
    • 
-  
+  
     
-      Loading Userspace Container On Kubernetes
+      Deploying an eBPF enabled application On Kubernetes
     
   
   
-    
    • 
-
    Loading A Userspace Container Image
    
+
    Loading A Userspace Container Image
    
 
    The userspace programs have been pre-built and can be found here:
    
 
 
    The example yaml files below are loading from these image.
    
 
 
    The userspace program in a Kubernetes Deployment doesn't interacts directly with bpfman like it
@@ -1901,9 +1937,10 @@ 
    Loading A Userspace Container Image
 can be created for each program type as follows:
    
 
    cd bpfman/
 kubectl create -f examples/config/base/go-xdp-counter/deployment.yaml
-kubectl create -f examples/config/base/go-tc-counter/deployment.yaml
-kubectl create -f examples/config/base/go-tracepoint-counter/deployment.yaml
 
    
+
    This creates the go-xdp-counter userspace pod, but the other examples operate in
+a similar fashion.
    
+
    go-xdp-counter On Kubernetes
    
 
    Following the diagram for the XDP example (Green numbers):
    
 
      
 
    1. The userspace program queries the KubeApiServer for a specific BpfProgram object.
      2. 
@@ -1911,107 +1948,92 @@ 
      Loading A Userspace Container Image
 periodically read the counter values.
 
    
 
    To see if the userspace programs are working, view the logs:
    
-
    NAMESPACE               NAME                              READY   STATUS    RESTARTS   AGE
-bpfman                    bpfman-daemon-jsgdh                 3/3     Running   0          11m
-bpfman                    bpfman-operator-6c5c8887f7-qk28x    2/2     Running   0          12m
-go-tc-counter           go-tc-counter-ds-9jv4g            1/1     Running   0          5m37s
-go-tracepoint-counter   go-tracepoint-counter-ds-2gzbt    1/1     Running   0          5m35s
-go-xdp-counter          go-xdp-counter-ds-2hs6g           1/1     Running   0          6m12s
-:
-
-kubectl logs -n go-xdp-counter go-xdp-counter-ds-2hs6g
-2023/11/06 20:27:16 2429 packets received
-2023/11/06 20:27:16 1328474 bytes received
-
-2023/11/06 20:27:19 2429 packets received
-2023/11/06 20:27:19 1328474 bytes received
-
-2023/11/06 20:27:22 2430 packets received
-2023/11/06 20:27:22 1328552 bytes received
-:
+
    kubectl get pods -A
+NAMESPACE               NAME                              READY   STATUS    RESTARTS   AGE
+bpfman                  bpfman-daemon-jsgdh               3/3     Running   0          11m
+bpfman                  bpfman-operator-6c5c8887f7-qk28x  2/2     Running   0          12m
+go-xdp-counter          go-xdp-counter-ds-2hs6g           1/1     Running   0          6m12s
+:
+
+kubectl logs -n go-xdp-counter go-xdp-counter-ds-2hs6g
+2023/11/06 20:27:16 2429 packets received
+2023/11/06 20:27:16 1328474 bytes received
+
+2023/11/06 20:27:19 2429 packets received
+2023/11/06 20:27:19 1328474 bytes received
+
+2023/11/06 20:27:22 2430 packets received
+2023/11/06 20:27:22 1328552 bytes received
+:
 
    
 
    To cleanup:
    
 
    kubectl delete -f examples/config/base/go-xdp-counter/deployment.yaml
 kubectl delete -f examples/config/base/go-xdp-counter/bytecode.yaml
-
-kubectl delete -f examples/config/base/go-tc-counter/deployment.yaml
-kubectl delete -f examples/config/base/go-tc-counter/bytecode.yaml
-
-kubectl delete -f examples/config/base/go-tracepoint-counter/deployment.yaml
-kubectl delete -f examples/config/base/go-tracepoint-counter/bytecode.yaml
 
    
-
    Automated Deployment
    
+
    Automated Deployment
    
 
    The steps above are automated in the Makefile in the examples directory.
 Run make deploy to load each of the example bytecode and userspace yaml files, then
 make undeploy to unload them.
    
 
    cd bpfman/examples/
 make deploy
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml
-  cd config/default/go-tc-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tc-counter | kubectl apply -f -
-  namespace/go-tc-counter created
-  serviceaccount/bpfman-app-go-tc-counter created
-  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-tc-counter created
-  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-tc created
-  daemonset.apps/go-tc-counter-ds created
-  tcprogram.bpfman.io/go-tc-counter-example created
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tracepoint-counter:latest@' config/default/go-tracepoint-counter/patch.yaml.env > config/default/go-tracepoint-counter/patch.yaml
-  cd config/default/go-tracepoint-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tracepoint-counter=quay.io/bpfman-userspace/go-tracepoint-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tracepoint-counter | kubectl apply -f -
-  namespace/go-tracepoint-counter created
-  serviceaccount/bpfman-app-go-tracepoint-counter created
-  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-tracepoint-counter created
-  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-tracepoint created
-  daemonset.apps/go-tracepoint-counter-ds created
-  tracepointprogram.bpfman.io/go-tracepoint-counter-example created
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter/patch.yaml.env > config/default/go-xdp-counter/patch.yaml
-  cd config/default/go-xdp-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter | kubectl apply -f -
-  namespace/go-xdp-counter unchanged
-  serviceaccount/bpfman-app-go-xdp-counter unchanged
-  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-xdp-counter unchanged
-  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-xdp unchanged
-  daemonset.apps/go-xdp-counter-ds configured
-  xdpprogram.bpfman.io/go-xdp-counter-example unchanged
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter-sharing-map/patch.yaml.env > config/default/go-xdp-counter-sharing-map/patch.yaml
-  cd config/default/go-xdp-counter-sharing-map && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter-sharing-map | kubectl apply -f -
-  xdpprogram.bpfman.io/go-xdp-counter-sharing-map-example created
+  for target in deploy-tc deploy-tracepoint deploy-xdp deploy-xdp-ms deploy-kprobe deploy-target deploy-uprobe ; do \
+      make $target  || true; \
+  done
+  make[1]: Entering directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'
+  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml
+  cd config/default/go-tc-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest
+  namespace/go-tc-counter created
+  serviceaccount/bpfman-app-go-tc-counter created
+  daemonset.apps/go-tc-counter-ds created
+  tcprogram.bpfman.io/go-tc-counter-example created
+  :
+  sed 's@URL_BC@quay.io/bpfman-bytecode/go-uprobe-counter:latest@' config/default/go-uprobe-counter/patch.yaml.env > config/default/go-uprobe-counter/patch.yaml
+  cd config/default/go-uprobe-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-uprobe-counter=quay.io/bpfman-userspace/go-uprobe-counter:latest
+  namespace/go-uprobe-counter created
+  serviceaccount/bpfman-app-go-uprobe-counter created
+  daemonset.apps/go-uprobe-counter-ds created
+  uprobeprogram.bpfman.io/go-uprobe-counter-example created
+  make[1]: Leaving directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'
+
+# Test Away ...
+
+kubectl get pods -A
+NAMESPACE               NAME                                                      READY   STATUS    RESTARTS   AGE
+bpfman                  bpfman-daemon-md2c5                                       3/3     Running   0          2d17h
+bpfman                  bpfman-operator-7f67bc7c57-95zf7                          2/2     Running   0          2d17h
+go-kprobe-counter       go-kprobe-counter-ds-8dkls                                1/1     Running   0          2m14s
+go-target               go-target-ds-nbdf5                                        1/1     Running   0          2m14s
+go-tc-counter           go-tc-counter-ds-7mtcw                                    1/1     Running   0          2m19s
+go-tracepoint-counter   go-tracepoint-counter-ds-bcbs7                            1/1     Running   0          2m18s
+go-uprobe-counter       go-uprobe-counter-ds-j26hc                                1/1     Running   0          2m13s
+go-xdp-counter          go-xdp-counter-ds-nls6s                                   1/1     Running   0          2m17s
 
-# Test Away ...
-
-make undeploy
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml
-  cd config/default/go-tc-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tc-counter | kubectl delete --ignore-not-found=false -f -
-  namespace "go-tc-counter" deleted
-  serviceaccount "bpfman-app-go-tc-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "bpfman-app-rolebinding-go-tc-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "privileged-scc-tc" deleted
-  daemonset.apps "go-tc-counter-ds" deleted
-  tcprogram.bpfman.io "go-tc-counter-example" deleted
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tracepoint-counter:latest@' config/default/go-tracepoint-counter/patch.yaml.env > config/default/go-tracepoint-counter/patch.yaml
-  cd config/default/go-tracepoint-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tracepoint-counter=quay.io/bpfman-userspace/go-tracepoint-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tracepoint-counter | kubectl delete --ignore-not-found=false -f -
-  namespace "go-tracepoint-counter" deleted
-  serviceaccount "bpfman-app-go-tracepoint-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "bpfman-app-rolebinding-go-tracepoint-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "privileged-scc-tracepoint" deleted
-  daemonset.apps "go-tracepoint-counter-ds" deleted
-  tracepointprogram.bpfman.io "go-tracepoint-counter-example" deleted
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter/patch.yaml.env > config/default/go-xdp-counter/patch.yaml
-  cd config/default/go-xdp-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter | kubectl delete --ignore-not-found=false -f -
-  namespace "go-xdp-counter" deleted
-  serviceaccount "bpfman-app-go-xdp-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "bpfman-app-rolebinding-go-xdp-counter" deleted
-  clusterrolebinding.rbac.authorization.k8s.io "privileged-scc-xdp" deleted
-  daemonset.apps "go-xdp-counter-ds" deleted
-  xdpprogram.bpfman.io "go-xdp-counter-example" deleted
-  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter-sharing-map/patch.yaml.env > config/default/go-xdp-counter-sharing-map/patch.yaml
-  cd config/default/go-xdp-counter-sharing-map && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest
-  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter-sharing-map | kubectl delete --ignore-not-found=false -f -
-  xdpprogram.bpfman.io "go-xdp-counter-sharing-map-example" deleted
+kubectl get bpfprograms
+NAME                                                                                                TYPE         STATUS         AGE
+go-kprobe-counter-example-bpfman-deployment-control-plane-try-to-wake-up                            kprobe       bpfmanLoaded   2m41s
+go-tc-counter-example-bpfman-deployment-control-plane-eth0                                          tc           bpfmanLoaded   2m46s
+go-tracepoint-counter-example-bpfman-deployment-control-plane-syscalls-sys-enter-kill               tracepoint   bpfmanLoaded   2m35s
+go-uprobe-counter-example-bpfman-deployment-control-plane--go-target-go-target-ds-nbdf5-go-target   uprobe       bpfmanLoaded   2m29s
+go-xdp-counter-example-bpfman-deployment-control-plane-eth0                                         xdp          bpfmanLoaded   2m24s
+go-xdp-counter-sharing-map-example-bpfman-deployment-control-plane-eth0                             xdp          bpfmanLoaded   2m21s
+
+make undeploy
+  for target in undeploy-tc undeploy-tracepoint undeploy-xdp undeploy-xdp-ms undeploy-kprobe undeploy-uprobe undeploy-target ; do \
+      make $target  || true; \
+  done
+  make[1]: Entering directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'
+  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml
+  cd config/default/go-tc-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest
+  namespace "go-tc-counter" deleted
+  serviceaccount "bpfman-app-go-tc-counter" deleted
+  daemonset.apps "go-tc-counter-ds" deleted
+  tcprogram.bpfman.io "go-tc-counter-example" deleted
+  :
+  kubectl delete -f config/base/go-target/deployment.yaml
+  namespace "go-target" deleted
+  serviceaccount "bpfman-app-go-target" deleted
+  daemonset.apps "go-target-ds" deleted
+  make[1]: Leaving directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'
 
    
 
    Individual examples can be loaded and unloaded as well, for example make deploy-xdp and
 make undeploy-xdp.
@@ -2039,7 +2061,7 @@ 
    Automated Deployment
    
   build-us-images  Build all example userspace images
   build-bc-images  Build bytecode example userspace images
   push-us-images   Push all example userspace images
-  push-bc-images   Push all example userspace images
+  push-bc-images   Push all example bytecode images
   load-us-images-kind  Build and load all example userspace images into kind
 
 Deployment Variables (not commands)
@@ -2050,56 +2072,83 @@ 
    Automated Deployment
    
   IMAGE_TP_US      Tracepoint Userspace image. Example: make deploy-tracepoint IMAGE_TP_US=quay.io/user1/go-tracepoint-counter-userspace:test
   IMAGE_XDP_BC     XDP Bytecode image. Example: make deploy-xdp IMAGE_XDP_BC=quay.io/user1/go-xdp-counter-bytecode:test
   IMAGE_XDP_US     XDP Userspace image. Example: make deploy-xdp IMAGE_XDP_US=quay.io/user1/go-xdp-counter-userspace:test
-  KIND_CLUSTER_NAME  Name of the deployed cluster to load example images to, defaults to `bpfman-deployment`
-  ignore-not-found  For any undeploy command, set to true to ignore resource not found errors during deletion. Example: make undeploy ignore-not-found=true
-
-Deployment
-  deploy-tc        Deploy go-tc-counter to the cluster specified in ~/.kube/config.
-  undeploy-tc      Undeploy go-tc-counter from the cluster specified in ~/.kube/config.
-  deploy-tracepoint  Deploy go-tracepoint-counter to the cluster specified in ~/.kube/config.
-  undeploy-tracepoint  Undeploy go-tracepoint-counter from the cluster specified in ~/.kube/config.
-  deploy-xdp       Deploy go-xdp-counter to the cluster specified in ~/.kube/config.
-  undeploy-xdp     Undeploy go-xdp-counter from the cluster specified in ~/.kube/config.
-  deploy-xdp-ms    Deploy go-xdp-counter-sharing-map (shares map with go-xdp-counter) to the cluster specified in ~/.kube/config.
-  undeploy-xdp-ms  Undeploy go-xdp-counter-sharing-map from the cluster specified in ~/.kube/config.
-  deploy           Deploy all examples to the cluster specified in ~/.kube/config.
-  undeploy         Undeploy all examples to the cluster specified in ~/.kube/config.
+  IMAGE_KP_BC      Kprobe Bytecode image. Example: make deploy-kprobe IMAGE_KP_BC=quay.io/user1/go-kprobe-counter-bytecode:test
+  IMAGE_KP_US      Kprobe Userspace image. Example: make deploy-kprobe IMAGE_KP_US=quay.io/user1/go-kprobe-counter-userspace:test
+  IMAGE_UP_BC      Uprobe Bytecode image. Example: make deploy-uprobe IMAGE_UP_BC=quay.io/user1/go-uprobe-counter-bytecode:test
+  IMAGE_UP_US      Uprobe Userspace image. Example: make deploy-uprobe IMAGE_UP_US=quay.io/user1/go-uprobe-counter-userspace:test
+  IMAGE_GT_US      Uprobe Userspace target. Example: make deploy-target IMAGE_GT_US=quay.io/user1/go-target-userspace:test
+  KIND_CLUSTER_NAME  Name of the deployed cluster to load example images to, defaults to `bpfman-deployment`
+  ignore-not-found  For any undeploy command, set to true to ignore resource not found errors during deletion. Example: make undeploy ignore-not-found=true
+
+Deployment
+  deploy-tc        Deploy go-tc-counter to the cluster specified in ~/.kube/config.
+  undeploy-tc      Undeploy go-tc-counter from the cluster specified in ~/.kube/config.
+  deploy-tracepoint  Deploy go-tracepoint-counter to the cluster specified in ~/.kube/config.
+  undeploy-tracepoint  Undeploy go-tracepoint-counter from the cluster specified in ~/.kube/config.
+  deploy-xdp       Deploy go-xdp-counter to the cluster specified in ~/.kube/config.
+  undeploy-xdp     Undeploy go-xdp-counter from the cluster specified in ~/.kube/config.
+  deploy-xdp-ms    Deploy go-xdp-counter-sharing-map (shares map with go-xdp-counter) to the cluster specified in ~/.kube/config.
+  undeploy-xdp-ms  Undeploy go-xdp-counter-sharing-map from the cluster specified in ~/.kube/config.
+  deploy-kprobe    Deploy go-kprobe-counter to the cluster specified in ~/.kube/config.
+  undeploy-kprobe  Undeploy go-kprobe-counter from the cluster specified in ~/.kube/config.
+  deploy-uprobe    Deploy go-uprobe-counter to the cluster specified in ~/.kube/config.
+  undeploy-uprobe  Undeploy go-uprobe-counter from the cluster specified in ~/.kube/config.
+  deploy-target    Deploy go-target to the cluster specified in ~/.kube/config.
+  undeploy-target  Undeploy go-target from the cluster specified in ~/.kube/config.
+  deploy           Deploy all examples to the cluster specified in ~/.kube/config.
+  undeploy         Undeploy all examples to the cluster specified in ~/.kube/config.
 
    
-
    Building A Userspace Container Image
    
+
    Building A Userspace Container Image
    
 
    To build the userspace examples in a container instead of using the pre-built ones,
-from the bpfman code source directory (quay.io/bpfman-userspace/), run the following build commands:
    
-
      cd bpfman/examples
-  make IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
-    IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
-    IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
-    build-us-images
+from the bpfman examples code source directory, run the following build command:
    
+
    cd bpfman/examples
+make \
+  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \
+  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
+  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
+  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \
+  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
+  build-us-images
 
    
 
    Then EITHER push images to a remote repository:
    
 
    docker login quay.io
 cd bpfman/examples
-make IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
-  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
-  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
-  push-us-images
+make \
+  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \
+  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
+  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
+  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \
+  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
+  push-us-images
 
    
 
    OR load the images directly to a specified kind cluster:
    
 
    cd bpfman/examples
-make IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
-  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
-  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
-  KIND_CLUSTER_NAME=bpfman-deployment \
-  load-us-images-kind
+make \
+  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \
+  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \
+  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \
+  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \
+  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \
+  KIND_CLUSTER_NAME=bpfman-deployment \
+  load-us-images-kind
 
    
 
    Lastly, update the yaml to use the private images or override the yaml files using the Makefile:
    
 
    cd bpfman/examples/
-make deploy-xdp IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest
-make undeploy-xdp
-
-make deploy-tc IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest
-make undeploy-tc
-
-make deploy-tracepoint IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest
-make undeploy-tracepoint
+
+make deploy-kprobe IMAGE_XDP_US=quay.io/$USER/go-kprobe-counter:latest
+make undeploy-kprobe
+
+make deploy-tc IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest
+make undeploy-tc
+
+make deploy-tracepoint IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest
+make undeploy-tracepoint
+
+make deploy-uprobe IMAGE_XDP_US=quay.io/$USER/go-uprobe-counter:latest
+make undeploy-uprobe
+
+make deploy-xdp IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest
+make undeploy-xdp
 
    
 
 
diff --git a/main/getting-started/example-bpf-local/index.html b/main/getting-started/example-bpf-local/index.html
index 89d92d9df..90c6e1823 100644
--- a/main/getting-started/example-bpf-local/index.html
+++ b/main/getting-started/example-bpf-local/index.html
@@ -9,7 +9,7 @@
       
       
       
-        
+        
       
       
         
@@ -235,7 +235,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -464,11 +466,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -484,11 +486,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,17 +504,84 @@
                 
   
   
+    
   
-    
  • 
-      
+  
+    
  • 
+      
+      
+      
+      
+        
+      
+      
+        
+      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
       
+      
+        
+
+
+      
     
    • 
   
 
@@ -524,11 +593,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -544,11 +613,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -564,11 +633,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,147 +651,37 @@
                 
   
   
-    
-  
   
-    
  • 
-      
-      
-      
-      
-        
-      
-      
-        
-      
-      
+    
  • 
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
       
-      
-        
-
-
-      
+
+      
     
    • 
   
 
@@ -734,11 +693,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    Example eBPF Programs
   
   
 
@@ -808,6 +767,8 @@
         
       
         
+      
+        
       
         
       
@@ -1124,6 +1085,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1632,93 +1613,30 @@
     
@@ -1740,256 +1658,157 @@
 
 
 
    Deploying Example eBPF Programs On Local Host
    
-
    This section describes running bpfman and the example eBPF programs on a local host.
-When running bpfman, it can be run as a process or run as a systemd service.
-Examples run the same, independent of how bpfman is deployed.
    
-
    Building
    
-
    To build directly on a system, make sure all the prerequisites are met, then build.
    
-
    Prerequisites
    
-
    This assumes bpfman is already installed and running on the system.
-If not, see Setup and Building bpfman.
    
-
      
-
    1. All requirements defined by the cilium/ebpf package
      2. 
-
    2. libbpf development package to get the required eBPF c headers
      3. 
-
    
-
    Fedora:
    
-
    sudo dnf install libbpf-devel
    
-
    Ubuntu:
    
-
    sudo apt-get install libbpf-dev
    
-
      
-
    1. Cilium's bpf2go binary
      2. 
-
    
-
    go install github.com/cilium/ebpf/cmd/bpf2go@master
    
-
    Building Locally
    
-
    To build all the C based eBPF counter bytecode, run:
    
-
    cd bpfman/examples/
-make generate
-
    
-
    To build all the Userspace GO Client examples, run:
    
-
    cd bpfman/examples/
-make build
-
    
-
    To build only a single example:
    
-
    cd bpfman/examples/go-tc-counter/
-go generate
-go build
-
    
-
    cd bpfman/examples/go-tracepoint-counter/
-go generate
-go build
-
    
-
    cd bpfman/examples/go-xdp-counter/
-go generate
-go build
+
    This section describes running bpfman and the example eBPF programs on a local host.
    
+
    Example Overview
    
+
    Assume the following command is run:
    
+
    cd bpfman/examples/go-xdp-counter/
+sudo ./go-xdp-counter -iface eno3
 
    
-
    Running On Host
    
-
    The most basic way to deploy this example is running directly on a host system.
-First, start or ensure bpfman is up and running.
-Tutorial will guide you through deploying bpfman.
-In all the examples of running on a host system, a bpfman-client certificate is used
-that is generated by bpfman to encrypt the application's connection to bpfman.
-The diagram below shows go-xdp-counter example, but the go-tc-counter and
-go-tracepoint-counter examples operate exactly the same way.
    
+
    The diagram below shows go-xdp-counter example, but the other examples operate in
+a similar fashion.
    
 
    go-xdp-counter On Host
    
 
    Following the diagram (Purple numbers):
    
 
      
-
    1. When go-xdp-counter userspace is started, it will send a gRPC request
-   over unix socket to bpfman requesting bpfman to load the go-xdp-counter eBPF bytecode located on disk
-   at bpfman/examples/go-xdp-counter/bpf_bpfel.o at a priority of 50 and on interface ens3.
+
    2. When go-xdp-counter userspace is started, it will send a gRPC request over unix
+   socket to bpfman-rpc requesting bpfman to load the go-xdp-counter eBPF bytecode located
+   on disk at bpfman/examples/go-xdp-counter/bpf_bpfel.o at a priority of 50 and on interface eno3.
    These values are configurable as we will see later, but for now we will use the defaults
    (except interface, which is required to be entered).
      3. 
 
    3. bpfman will load it's dispatcher eBPF program, which links to the go-xdp-counter eBPF program
-   and return a UUID referencing the running program.
      4. 
+   and return a kernel Program ID referencing the running program.
 
    4. bpfman list can be used to show that the eBPF program was loaded.
      5. 
 
    5. Once the go-xdp-counter eBPF bytecode is loaded, the eBPF program will write packet counts
    and byte counts to a shared map.
      6. 
 
    6. go-xdp-counter userspace program periodically reads counters from the shared map and logs
    the value.
      7. 
 
    
-
    Running Privileged
    
+
    Below are the steps to run the example program described above and then some additional examples
+that use the bpfman CLI to load and unload other eBPF programs.
+See Launching bpfman for more detailed instructions on
+building and loading bpfman.
+This tutorial assumes bpfman has been built, bpfman-rpc is running, and the bpfman CLI is in $PATH.
    
+
    Running Example Programs
    
+
    Example eBPF Programs describes how the example programs work,
+how to build them, and how to run the different examples.
+Build the go-xdp-counter program before continuing.
    
 
    To run the go-xdp-counter program, determine the host interface to attach the eBPF
-program to and then start the go program with:
    
-
    cd bpfman/examples/go-xdp-counter/
-sudo ./go-xdp-counter -iface <INTERNET INTERFACE NAME>
-
    
-
    or (NOTE: TC programs also require a direction, ingress or egress)
    
-
    cd bpfman/examples/go-tc-counter/
-sudo ./go-tc-counter -direction ingress -iface <INTERNET INTERFACE NAME>
-
    
-
    or
    
-
    cd bpfman/examples/go-tracepoint-counter/
-sudo ./go-tracepoint-counter
-
    
-
    The output should show the count and total bytes of packets as they pass through the
+program to and then start the go program.
+In this example, eno3 will be used, as shown in the diagram at the top of the page. 
+The output should show the count and total bytes of packets as they pass through the
 interface as shown below:
    
-
    sudo ./go-xdp-counter --iface vethff657c7
-2023/07/17 17:43:58 Using Input: Interface=vethff657c7 Priority=50 Source=/home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
-2023/07/17 17:43:58 Program registered with id 6211
-2023/07/17 17:44:01 4 packets received
-2023/07/17 17:44:01 580 bytes received
-
-2023/07/17 17:44:04 4 packets received
-2023/07/17 17:44:04 580 bytes received
-
-2023/07/17 17:44:07 8 packets received
-2023/07/17 17:44:07 1160 bytes received
-
-:
+
    sudo ./go-xdp-counter --iface eno3
+2023/07/17 17:43:58 Using Input: Interface=eno3 Priority=50 Source=/home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o
+2023/07/17 17:43:58 Program registered with id 6211
+2023/07/17 17:44:01 4 packets received
+2023/07/17 17:44:01 580 bytes received
+
+2023/07/17 17:44:04 4 packets received
+2023/07/17 17:44:04 580 bytes received
+
+2023/07/17 17:44:07 8 packets received
+2023/07/17 17:44:07 1160 bytes received
+
+:
 
    
-
    Use the CLI to show the go-xdp-counter eBPF bytecode was loaded.
    
-
    sudo bpfman list
- Program ID  Name       Type  Load Time
- 6211        xdp_stats  xdp   2023-07-17T17:43:58-0400
+
    In another terminal, use the CLI to show the go-xdp-counter eBPF bytecode was loaded.
    
+
    sudo bpfman list
+ Program ID  Name       Type  Load Time
+ 6211        xdp_stats  xdp   2023-07-17T17:43:58-0400
 
    
 
    Finally, press <CTRL>+c when finished with go-xdp-counter.
    
-
    :
-
-2023/07/17 17:44:34 28 packets received
-2023/07/17 17:44:34 4060 bytes received
-
-^C2023/07/17 17:44:35 Exiting...
-2023/07/17 17:44:35 Unloading Program: 6211
-
    
-
    Passing eBPF Bytecode In A Container Image
    
-
    bpfman can load eBPF bytecode from a container image built following the spec described in
-eBPF Bytecode Image Specifications.
-Pre-built eBPF container images for the examples can be loaded from:
    
-
      
-
    • quay.io/bpfman-bytecode/go-xdp-counter:latest
      • 
-
    • quay.io/bpfman-bytecode/go-tc-counter:latest
      • 
-
    • quay.io/bpfman-bytecode/go-tracepoint-counter:latest
      • 
-
    
-
    To use the container image, pass the URL to the userspace program:
    
-
    sudo ./go-xdp-counter -iface ens3 -image quay.io/bpfman-bytecode/go-xdp-counter:latest
-2022/12/02 16:28:32 Using Input: Interface=ens3 Priority=50 Source=quay.io/bpfman-bytecode/go-xdp-counter:latest
-2022/12/02 16:28:34 Program registered with id 6223
-2022/12/02 16:28:37 4 packets received
-2022/12/02 16:28:37 580 bytes received
-
-2022/12/02 16:28:40 4 packets received
-2022/12/02 16:28:40 580 bytes received
-
-^C2022/12/02 16:28:42 Exiting...
-2022/12/02 16:28:42 Unloading Program: 6223
-
    
-
    Building eBPF Bytecode Container Image
    
-
    eBPF Bytecode Image Specifications provides detailed
-instructions on building and shipping bytecode in a container image.
-To build go-xdp-counter and go-tc-counter eBPF bytecode container image, first make sure the
-bytecode has been built (i.e. bpf_bpfel.o has been built - see Building), then
-run the build commands below:
    
-
    cd bpfman/examples/go-xdp-counter/
-go generate
-
-docker build \
-  --build-arg PROGRAM_NAME=go-xdp-counter \
-  --build-arg BPF_FUNCTION_NAME=xdp_stats \
-  --build-arg PROGRAM_TYPE=xdp \
-  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \
-  --build-arg KERNEL_COMPILE_VER=$(uname -r) \
-  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-xdp-counter-bytecode:latest
-
    
-
    and
    
-
    cd bpfman/examples/go-tc-counter/
-go generate
-
-docker build \
-  --build-arg PROGRAM_NAME=go-tc-counter \
-  --build-arg BPF_FUNCTION_NAME=stats \
-  --build-arg PROGRAM_TYPE=tc \
-  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \
-  --build-arg KERNEL_COMPILE_VER=$(uname -r) \
-  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tc-counter-bytecode:latest
-
    
-
    and
    
-
    cd bpfman/examples/go-tracepoint-counter/
-go generate
-
-docker build \
-  --build-arg PROGRAM_NAME=go-tracepoint-counter \
-  --build-arg BPF_FUNCTION_NAME=tracepoint_kill_recorder \
-  --build-arg PROGRAM_TYPE=tracepoint \
-  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \
-  --build-arg KERNEL_COMPILE_VER=$(uname -r) \
-  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tracepoint-counter-bytecode:latest
-
    
-
    bpfman currently does not provide a method for pre-loading bytecode images
-(see issue #603), so push the bytecode image to a remote
-repository.
-For example:
    
-
    docker login quay.io
-docker push quay.io/$USER/go-xdp-counter-bytecode:latest
-docker push quay.io/$USER/go-tc-counter-bytecode:latest
+
    :
+
+2023/07/17 17:44:34 28 packets received
+2023/07/17 17:44:34 4060 bytes received
+
+^C2023/07/17 17:44:35 Exiting...
+2023/07/17 17:44:35 Unloading Program: 6211
 
    
-
    Then run with the privately built bytecode container image:
    
-
    sudo ./go-tc-counter -iface ens3 -direction ingress -location image://quay.io/$USER/go-tc-counter-bytecode:latest
-2022/12/02 16:38:44 Using Input: Interface=ens3 Priority=50 Source=quay.io/$USER/go-tc-counter-bytecode:latest
-2022/12/02 16:38:45 Program registered with id 6225
-2022/12/02 16:38:48 4 packets received
-2022/12/02 16:38:48 580 bytes received
-
-2022/12/02 16:38:51 4 packets received
-2022/12/02 16:38:51 580 bytes received
-
-^C2022/12/02 16:38:51 Exiting...
-2022/12/02 16:38:51 Unloading Program: 6225
+
    Using CLI to Manage eBPF Programs
    
+
    bpfman provides a CLI to interact with the bpfman Library.
+Find a deeper dive into CLI syntax in CLI Guide.
+We will load the simple xdp-pass program, which allows all traffic to pass through the attached
+interface, eno3 in this example.
+The source code,
+xdp_pass.bpf.c,
+is located in the integration-test
+directory and there is also a prebuilt image:
+quay.io/bpfman-bytecode/xdp_pass:latest.
    
+
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface eno3 --priority 100
+ Bpfman State
+---------------
+ Name:          pass
+ Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest
+ Pull Policy:   IfNotPresent
+ Global:        None
+ Metadata:      None
+ Map Pin Path:  /run/bpfman/fs/maps/6213
+ Map Owner ID:  None
+ Map Used By:   6213
+ Priority:      100
+ Iface:         eno3
+ Position:      0
+ Proceed On:    pass, dispatcher_return
+
+ Kernel State
+----------------------------------
+ Program ID:                       6213
+ Name:                             pass
+ Type:                             xdp
+ Loaded At:                        2023-07-17T17:48:10-0400
+ Tag:                              4b9d1b2c140e87ce
+ GPL Compatible:                   true
+ Map IDs:                          [2724]
+ BTF ID:                           2834
+ Size Translated (bytes):          96
+ JITed:                            true
+ Size JITed (bytes):               67
+ Kernel Allocated Memory (bytes):  4096
+ Verified Instruction Count:       9
 
    
-
    Preloading eBPF Bytecode
    
-
    Another way to load the eBPF bytecode is to pre-load the eBPF bytecode and
-pass the associated bpfman program id to the userspace program.
-This is similar to how eBPF programs will be loaded in Kubernetes, except kubectl commands will be
-used to create Kubernetes CRD objects instead of using the CLI, but that is covered in the next section.
-The userspace programs will skip the loading portion and use the program id to find the shared
-map and continue from there.
    
-
    Referring back to the diagram above, the load and unload are being done by the CLI and not
-go-xdp-counter userspace program.
    
-
    First, use the CLI to load the go-xdp-counter eBPF bytecode:
    
-
    sudo bpfman load image --image-url quay.io/bpfman-bytecode/go-xdp-counter:latest xdp --iface ens3 --priority 50
- Bpfman State
----------------
- Name:          xdp_stats
- Image URL:     quay.io/bpfman-bytecode/go-xdp-counter:latest
- Pull Policy:   IfNotPresent
- Global:        None
- Metadata:      None
- Map Pin Path:  /run/bpfman/fs/maps/6229
- Map Owner ID:  None
- Map Used By:   6229
- Priority:      50
- Iface:         ens3
- Position:      0
- Proceed On:    pass, dispatcher_return
-
- Kernel State
-----------------------------------
- ID:                               6229
- Name:                             xdp_stats
- Type:                             xdp
- Loaded At:                        2023-07-17T17:48:10-0400
- Tag:                              4b9d1b2c140e87ce
- GPL Compatible:                   true
- Map IDs:                          [2724]
- BTF ID:                           2834
- Size Translated (bytes):          168
- JITed:                            true
- Size JITed (bytes):               104
- Kernel Allocated Memory (bytes):  4096
- Verified Instruction Count:       21
+
    bpfman load image returns the same data as the bpfman get command.
+From the output, the Program Id of 6213 can be found in the Kernel State section.
+The Program Id can be used to perform a bpfman get to retrieve all relevant program
+data and a bpfman unload when the program needs to be unloaded.
    
+
    sudo bpfman list
+ Program ID  Name  Type  Load Time
+ 6213        pass  xdp   2023-07-17T17:48:10-0400
 
    
-
    Then run the go-xdp-counter userspace program, passing in the UUID:
    
-
    sudo ./go-xdp-counter -iface ens3 -id 6229
-2022/12/02 17:01:38 Using Input: Interface=ens3 Source=6229
-2022/12/02 17:01:41 180 packets received
-2022/12/02 17:01:41 26100 bytes received
-
-2022/12/02 17:01:44 184 packets received
-2022/12/02 17:01:44 26680 bytes received
-
-^C2022/12/02 17:01:46 Exiting...
-2022/12/02 17:01:46 Closing Connection for Program: 6229
+
    We can recheck the details about the loaded program with the bpfman get command:
    
+
    sudo bpfman get 6213
+ Bpfman State
+---------------
+ Name:          pass
+ Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest
+ Pull Policy:   IfNotPresent
+ Global:        None
+ Metadata:      None
+ Map Pin Path:  /run/bpfman/fs/maps/6213
+ Map Owner ID:  None
+ Map Used By:   6213
+ Priority:      100
+ Iface:         eno3
+ Position:      0
+ Proceed On:    pass, dispatcher_return
+
+ Kernel State
+----------------------------------
+ Program ID:                       6213
+ Name:                             pass
+ Type:                             xdp
+ Loaded At:                        2023-07-17T17:48:10-0400
+ Tag:                              4b9d1b2c140e87ce
+ GPL Compatible:                   true
+ Map IDs:                          [2724]
+ BTF ID:                           2834
+ Size Translated (bytes):          96
+ JITed:                            true
+ Size JITed (bytes):               67
+ Kernel Allocated Memory (bytes):  4096
+ Verified Instruction Count:       9
 
    
-
    Then use the CLI to unload the eBPF bytecode:
    
-
    sudo bpfman unload 6229
+
    Then unload the program:
    
+
    sudo bpfman unload 6213
 
    
 
 
diff --git a/main/getting-started/example-bpf/index.html b/main/getting-started/example-bpf/index.html
index e650b202e..9985abf18 100644
--- a/main/getting-started/example-bpf/index.html
+++ b/main/getting-started/example-bpf/index.html
@@ -12,7 +12,7 @@
         
       
       
-        
+        
       
       
       
@@ -235,7 +235,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -464,11 +466,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -484,11 +486,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -504,11 +506,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -524,11 +526,71 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Setup and Building
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Run bpfman From Release Image
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Run bpfman From RPM
   
   
 
@@ -610,58 +672,108 @@
     
-  
-
-      
-    
    • 
+    
   
+
+      
+        
  • 
+  
+    
+      Building Example Code
+    
+  
   
-    
  • 
-      
+    
   
-  
-    Deploying Example eBPF Programs On Kubernetes
-  
+
    • 
+      
+        
  • 
+  
+    
+      Running Examples
+    
+  
   
-
-      
+
    • 
+      
+    
+  
+
+      
     
   
 
@@ -727,6 +839,8 @@
         
       
         
+      
+        
       
         
       
@@ -1043,6 +1157,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1551,9 +1685,99 @@
     
      
       
         
    • 
-  
+  
     
-      Notes
+      Example Code Breakdown
+    
+  
+  
+    
+  
+
      • 
+      
+        
    • 
+  
+    
+      Building Example Code
+    
+  
+  
+    
+  
+
      • 
+      
+        
    • 
+  
+    
+      Running Examples
     
   
   
@@ -1582,42 +1806,237 @@ 
      Example eBPF Programs
      
 examples/ directory.
 Current examples include:
      
 
-
      These examples and the associated documentation is intended to provide the basics on how to deploy
+
      Example Code Breakdown
      
+
      These examples and the associated documentation are intended to provide the basics on how to deploy
 and manage an eBPF program using bpfman. Each of the examples contain an eBPF Program written in C
-(tc_counter.c,
-tracepoint_counter.c and
+(kprobe_counter.c,
+tc_counter.c,
+tracepoint_counter.c uprobe_counter.c,
+and
 xdp_counter.c)
-that is compiled into eBPF bytecode.
+that is compiled into eBPF bytecode (bpf_bpfel.o).
 Each time the eBPF program is called, it increments the packet and byte counts in a map that is accessible
 by the userspace portion.
      
 
      Each of the examples also have a userspace portion written in GO.
-When run locally, the userspace program makes gRPC calls to bpfman requesting bpfman to load the eBPF program
-at the requested hook point (XDP hook point, TC hook point or Tracepoint).
-When run in a Kubernetes deployment, the bpfman-agent makes gRPC calls to bpfman requesting bpfman to load
-the eBPF program based on a Custom Resource Definition (CRD), which is described in more detail in that section.
-Independent of the deployment, the userspace program then polls the eBPF map every 3 seconds and logs the
-current counts.
 The userspace code is leveraging the cilium/ebpf library
 to manage the maps shared with the eBPF program.
 The example eBPF programs are very similar in functionality, and only vary where in the Linux networking stack
 they are inserted.
-Read more about XDP and TC programs here.
      
-
      There are two ways to deploy these example applications:
      
+The userspace program then polls the eBPF map every 3 seconds and logs the current counts.
      
+
      The examples were written to either run locally on a host or run in a container in a Kubernetes
+deployment.
+The userspace code flow is slightly different depending on the deployment, so input parameters
+dictate the deployment method.
      
+
      Examples in Local Deployment
      
+
      When run locally, the userspace program makes gRPC calls to bpfman-rpc requesting bpfman to load
+the eBPF program at the requested hook point (XDP hook point, TC hook point, Tracepoint, etc).
+Data sent in the RPC request is either defaulted or passed in via input parameters.
+To make the examples as simple as possible to run, all input data is defaulted (except the interface
+TC and XDP programs need to attach to) but can be overwritten if desired. All example programs have
+the following common parameters (kprobe does not have any command specific parameters):
      
+
      cd bpfman/examples/go-kprobe-counter/
+
+./go-kprobe-counter --help
+Usage of ./go-kprobe-counter:
+  -crd
+        Flag to indicate all attributes should be pulled from the BpfProgram CRD.
+        Used in Kubernetes deployments and is mutually exclusive with all other
+        parameters.
+  -file string
+        File path of bytecode source. "file" and "image"/"id" are mutually exclusive.
+        Example: -file /home/$USER/src/bpfman/examples/go-kprobe-counter/bpf_bpfel.o
+  -id uint
+        Optional Program ID of bytecode that has already been loaded. "id" and
+        "file"/"image" are mutually exclusive.
+        Example: -id 28341
+  -image string
+        Image repository URL of bytecode source. "image" and "file"/"id" are
+        mutually exclusive.
+        Example: -image quay.io/bpfman-bytecode/go-kprobe-counter:latest
+  -map_owner_id int
+        Program Id of loaded eBPF program this eBPF program will share a map with.
+        Example: -map_owner_id 9785
+
      
+
      The location of the eBPF bytecode can be provided four different ways:
      
 
        
-
      • Run locally on one machine: Deploying Example eBPF Programs On Local Host
        • 
-
      • Deploy to multiple nodes in a Kubernetes cluster: Deploying Example eBPF Programs On Kubernetes
        • 
+
      • Defaulted: If nothing is passed in, the code scans the local directory for
+  a bpf_bpfel.o file. If found, that is used. If not, it errors out.
        • 
+
      • file: Fully qualified path of the bytecode object file.
        • 
+
      • image: Image repository URL of bytecode source.
        • 
+
      • id: Kernel program Id of a bytecode that has already been loaded. This
+  program could have been loaded using bpftool, or bpfman. 
        • 
 
      
-
      Notes
      
-
      Notes regarding this document:
      
+
      If two userspace programs need to share the same map, map_owner_id is the Program
+ID of the first loaded program that has the map the second program wants to share.
      
+
      The examples require sudo to run because they require access the Unix socket bpfman-rpc
+is listening on.
+Deploying Example eBPF Programs On Local Host steps through launching
+bpfman locally and running some of the examples. 
      
+
      Examples in Kubernetes Deployment
      
+
      When run in a Kubernetes deployment, all the input data is passed to Kubernetes through yaml files.
+To indicate to the userspace code that it is in a Kubernetes deployment and not to try to load
+the eBPF bytecode, the example is launched in the container with the crd flag.
+Example: ./go-kprobe-counter -crd
      
+
      For these examples, the bytecode is loaded via one yaml file which creates a *Program CRD Object
+(KprobeProgram, TcProgram, TracepointProgram, etc.) and the userspace pod is loaded via another yaml
+file.
+In a more realistic deployment, the userspace pod may have the logic to send the *Program CRD Object
+create request to the KubeAPI Server, but the two yaml files are load manually for simplicity in the
+example code.
+The examples directory contain yaml files to
+load each example, leveraging Kustomize to modify the yaml to load the latest
+images from Quay.io, to load custom images or released based images.
+It is recommended to use the commands built into the Makefile, which run kustomize, to apply and remove
+the yaml files to a Kubernetes cluster.
+Use make help to see all the make options.
+For example:
      
+
      cd bpfman/examples/
+
+# Deploy then undeploy all the examples
+make deploy
+make undeploy
+
+OR
+
+# Deploy then undeploy just the TC example
+make deploy-tc
+make undeploy-tc
+
      
+
      Deploying Example eBPF Programs On Kubernetes steps through deploying
+bpfman to multiple nodes in a Kubernetes cluster and loading the examples.
      
+
      Building Example Code
      
+
      All the examples can be built locally as well as packaged in a container for Kubernetes
+deployment.
      
+
      Building Locally
      
+
      To build directly on a system, make sure all the prerequisites are met, then build.
      
+
      Prerequisites
      
+
      This assumes bpfman is already installed and running on the system.
+If not, see Setup and Building bpfman.
      
+
        
+
      1. All requirements defined by the cilium/ebpf package
        2. 
+
      2. 
+
        libbpf development package to get the required eBPF c headers
        
+
        Fedora: sudo dnf install libbpf-devel
        
+
        Ubuntu: sudo apt-get install libbpf-dev
        
+
        3. 
+
      3. 
+
        Cilium's bpf2go binary
        
+
        go install github.com/cilium/ebpf/cmd/bpf2go@v0.11.0
        
+
        4. 
+
      
+
      Build
      
+
      To build all the C based eBPF counter bytecode, run:
      
+
      cd bpfman/examples/
+make generate
+
      
+
      To build all the Userspace GO Client examples, run:
      
+
      cd bpfman/examples/
+make build
+
      
+
      To build only a single example:
      
+
      cd bpfman/examples/go-tc-counter/
+go generate
+go build
+
      
+
      cd bpfman/examples/go-tracepoint-counter/
+go generate
+go build
+
      
+
      Other program types are the same.
      
+
      Building eBPF Bytecode Container Image
      
+
      eBPF Bytecode Image Specifications provides detailed
+instructions on building and shipping bytecode in a container image.
+Pre-built eBPF container images for the examples can be loaded from:
      
 
        
-
      • Source of images used in the example documentation can be found in
-  bpfman Upstream Images.
-  Request access if required.
        • 
+
      • quay.io/bpfman-bytecode/go-kprobe-counter:latest
        • 
+
      • quay.io/bpfman-bytecode/go-tc-counter:latest
        • 
+
      • quay.io/bpfman-bytecode/go-tracepoint-counter:latest
        • 
+
      • quay.io/bpfman-bytecode/go-uprobe-counter:latest
        • 
+
      • quay.io/bpfman-bytecode/go-xdp-counter:latest
        • 
 
      
+
      To build the example eBPF bytecode container images, run the build commands below (the go generate
+requires the Prerequisites described above):
      
+
      cd bpfman/examples/go-xdp-counter/
+go generate
+
+docker build \
+  --build-arg PROGRAM_NAME=go-xdp-counter \
+  --build-arg BPF_FUNCTION_NAME=xdp_stats \
+  --build-arg PROGRAM_TYPE=xdp \
+  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \
+  --build-arg KERNEL_COMPILE_VER=$(uname -r) \
+  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-xdp-counter-bytecode:latest
+
      
+
      and
      
+
      cd bpfman/examples/go-tc-counter/
+go generate
+
+docker build \
+  --build-arg PROGRAM_NAME=go-tc-counter \
+  --build-arg BPF_FUNCTION_NAME=stats \
+  --build-arg PROGRAM_TYPE=tc \
+  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \
+  --build-arg KERNEL_COMPILE_VER=$(uname -r) \
+  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tc-counter-bytecode:latest
+
      
+
      Other program types are the same.
      
+
      bpfman currently does not provide a method for pre-loading bytecode images
+(see issue #603), so push the bytecode image to a remote
+repository.
+For example:
      
+
      docker login quay.io
+docker push quay.io/$USER/go-xdp-counter-bytecode:latest
+docker push quay.io/$USER/go-tc-counter-bytecode:latest
+
      
+
      Then run with the privately built bytecode container image:
      
+
      sudo ./go-tc-counter -iface ens3 -direction ingress -image quay.io/$USER/go-tc-counter-bytecode:latest
+2022/12/02 16:38:44 Using Input: Interface=ens3 Priority=50 Source=quay.io/$USER/go-tc-counter-bytecode:latest
+2022/12/02 16:38:45 Program registered with id 6225
+2022/12/02 16:38:48 4 packets received
+2022/12/02 16:38:48 580 bytes received
+
+2022/12/02 16:38:51 4 packets received
+2022/12/02 16:38:51 580 bytes received
+
+^C2022/12/02 16:38:51 Exiting...
+2022/12/02 16:38:51 Unloading Program: 6225
+
      
+
      Running Examples
      
+
      cd bpfman/examples/go-xdp-counter/
+sudo ./go-xdp-counter -iface <INTERNET INTERFACE NAME>
+
      
+
      or (NOTE: TC programs also require a direction, ingress or egress)
      
+
      cd bpfman/examples/go-tc-counter/
+sudo ./go-tc-counter -direction ingress -iface <INTERNET INTERFACE NAME>
+
      
+
      or
      
+
      cd bpfman/examples/go-tracepoint-counter/
+sudo ./go-tracepoint-counter
+
      
+
      bpfman can load eBPF bytecode from a container image built following the spec described in
+eBPF Bytecode Image Specifications.
      
+
      To use the container image, pass the URL to the userspace program:
      
+
      sudo ./go-xdp-counter -iface ens3 -image quay.io/bpfman-bytecode/go-xdp-counter:latest
+2022/12/02 16:28:32 Using Input: Interface=ens3 Priority=50 Source=quay.io/bpfman-bytecode/go-xdp-counter:latest
+2022/12/02 16:28:34 Program registered with id 6223
+2022/12/02 16:28:37 4 packets received
+2022/12/02 16:28:37 580 bytes received
+
+2022/12/02 16:28:40 4 packets received
+2022/12/02 16:28:40 580 bytes received
+
+^C2022/12/02 16:28:42 Exiting...
+2022/12/02 16:28:42 Unloading Program: 6223
+
      
 
 
 
diff --git a/main/getting-started/launching-bpfman/index.html b/main/getting-started/launching-bpfman/index.html
new file mode 100644
index 000000000..258821f15
--- /dev/null
+++ b/main/getting-started/launching-bpfman/index.html
@@ -0,0 +1,1919 @@
+
+
+
+  
+    
+      
+      
+      
+      
+      
+      
+        
+      
+      
+        
+      
+      
+      
+      
+    
+    
+      
+        Launching bpfman - bpfman
+      
+    
+    
+      
+      
+        
+        
+      
+      
+
+
+    
+    
+      
+    
+    
+      
+        
+        
+        
+        
+        
+      
+    
+    
+      
+    
+    
+    
+      
+
+    
+    
+    
+  
+  
+  
+    
+    
+      
+    
+    
+    
+    
+    
+  
+    
+    
+      
+    
+    
+    
+    
+    
+    
      
+      
+    
      
+    
+      
+    
+    
+      
+
+  
+
+
      
+  
+  
+    
+      
+
+    
+  
+
      
+    
+    
      
+      
+      
+        
+      
+      
      
+        
      
+          
+            
+              
+              
      
+                
      
+                  
      
+                    
+
+
+  
+
+
+
+                  
      
+                
      
+              
      
+            
+            
+              
+              
      
+                
      
+                  
      
+                    
+
+
+                  
      
+                
      
+              
      
+            
+          
+          
+            
      
+              
      
+                
+                  
+
+  
+  
+
+
+
      Launching bpfman
      
+
      The most basic way to deploy bpfman is to run it directly on a host system.
+First bpfman needs to be built and then started.
      
+
      Build bpfman
      
+
      Perform the following steps to build bpfman.
+If this is your first time using bpfman, follow the instructions in
+Setup and Building bpfman to setup the prerequisites for building.
+To avoid installing the dependencies and having to build bpfman, consider running bpfman
+from a packaged release (see Run bpfman From Release Image) or
+installing the bpfman RPM (see Run bpfman From RPM).
      
+
      cd bpfman/
+cargo build
+
      
+
      Start bpfman-rpc
      
+
      When running bpfman, the RPC Server bpfman-rpc can be run as a long running process or a
+systemd service.
+Examples run the same, independent of how bpfman is deployed.
      
+
      Run as a Long Lived Process
      
+
      While learning and experimenting with bpfman, it may be useful to run bpfman in the foreground
+(which requires a second terminal to run the bpfman CLI commands).
+When run in this fashion, logs are dumped directly to the terminal.
+For more details on how logging is handled in bpfman, see Logging.
      
+
      sudo RUST_LOG=info ./target/debug/bpfman-rpc --timeout=0
+[INFO  bpfman::utils] Log using env_logger
+[INFO  bpfman::utils] Has CAP_BPF: true
+[INFO  bpfman::utils] Has CAP_SYS_ADMIN: true
+[WARN  bpfman::utils] Unable to read config file, using defaults
+[INFO  bpfman_rpc::serve] Using no inactivity timer
+[INFO  bpfman_rpc::serve] Using default Unix socket
+[INFO  bpfman_rpc::serve] Listening on /run/bpfman-sock/bpfman.sock
+
      
+
      When a build is run for bpfman, built binaries can be found in ./target/debug/.
+So when launching bpfman-rpc and calling bpfman CLI commands, the binary must be in the $PATH
+or referenced directly:
      
+
      sudo ./target/debug/bpfman list
+
      
+
      For readability, the remaining sample commands will assume the bpfman CLI binary is in the $PATH,
+so ./target/debug/ will be dropped.
      
+
      Run as a systemd Service
      
+
      Run the following command to copy the bpfman CLI and bpfman-rpc binaries to /usr/sbin/ and
+copy bpfman.socket and bpfman.service files to /usr/lib/systemd/system/.
+This option will also enable and start the systemd services:
      
+
      sudo ./scripts/setup.sh install
+
      
+
      bpfman CLI is now in $PATH, so ./targer/debug/ is not needed:
      
+
      sudo bpfman list
+
      
+
      To view logs, use journalctl:
      
+
      sudo journalctl -f -u bpfman.service -u bpfman.socket
+Mar 27 09:13:54 server-calvin systemd[1]: Listening on bpfman.socket - bpfman API Socket.
+  <RUN "sudo ./go-kprobe-counter">
+Mar 27 09:15:43 server-calvin systemd[1]: Started bpfman.service - Run bpfman as a service.
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Log using journald
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Has CAP_BPF: true
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Has CAP_SYS_ADMIN: true
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Using a Unix socket from systemd
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Using inactivity timer of 15 seconds
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Listening on /run/bpfman-sock/bpfman.sock
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults
+Mar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Starting Cosign Verifier, downloading data from Sigstore TUF repository
+Mar 27 09:15:45 server-calvin bpfman-rpc[2548091]: Loading program bytecode from file: /home/<USER>/src/bpfman/examples/go-kprobe-counter/bpf_bpfel.o
+Mar 27 09:15:45 server-calvin bpfman-rpc[2548091]: Added probe program with name: kprobe_counter and id: 7568
+Mar 27 09:15:48 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults
+Mar 27 09:15:48 server-calvin bpfman-rpc[2548091]: Removing program with id: 7568
+Mar 27 09:15:58 server-calvin bpfman-rpc[2548091]: Shutdown Unix Handler /run/bpfman-sock/bpfman.sock
+Mar 27 09:15:58 server-calvin systemd[1]: bpfman.service: Deactivated successfully.
+
      
+
      Additional Notes
      
+
      To update the configuration settings associated with running bpfman as a service, edit the
+service configuration files:
      
+
      sudo vi /usr/lib/systemd/system/bpfman.socket
+sudo vi /usr/lib/systemd/system/bpfman.service
+sudo systemctl daemon-reload
+
      
+
      If bpfman CLI or bpfman-rpc is rebuilt, the following command can be run to install the update
+binaries without tearing down bpfman.
+The services are automatically restarted.
      
+
      sudo ./scripts/setup.sh reinstall
+
      
+
      To unwind all the changes, stop bpfman and remove all related files from the system, run the
+following script:
      
+
      sudo ./scripts/setup.sh uninstall
+
      
+
      Preferred Method to Start bpfman
      
+
      In order to call into the bpfman Library, the calling process must be privileged.
+In order to load and unload eBPF, the kernel requires a set of powerful capabilities.
+Long lived privileged processes are more vulnerable to attack than short lived processes.
+When bpfman-rpc is run as a systemd service, it is leveraging
+socket activation.
+This means that it loads a bpfman.socket and bpfman.service file.
+The socket service is the long lived process, which doesn't have any special permissions.
+The service that runs bpfman-rpc is only started when there is a request on the socket,
+and then bpfman-rpc stops itself after an inactivity timeout.
      
+
      
+
      For security reasons, it is recommended to run bpfman-rpc as a systemd service when running
+on a local host.
+For local development, some may find it useful to run bpfman-rpc as a long lived process.
      
+
      
+
      When run as a systemd service, the set of linux capabilities are limited to only the required set.
+If permission errors are encountered, see Linux Capabilities
+for help debugging.
      
+
+
+
+
+
+                
+              
      
+            
      
+          
+          
+        
      
+        
+      
      
+      
+        
+      
+    
      
+    
      
+      
      
+    
      
+    
+    
+    
+    
+    
+      
+      
+    
+  
+
\ No newline at end of file
diff --git a/main/getting-started/overview/index.html b/main/getting-started/overview/index.html
new file mode 100644
index 000000000..804036c2d
--- /dev/null
+++ b/main/getting-started/overview/index.html
@@ -0,0 +1,1674 @@
+
+
+
+  
+    
+      
+      
+      
+      
+      
+      
+        
+      
+      
+        
+      
+      
+      
+      
+    
+    
+      
+        bpfman Overview - bpfman
+      
+    
+    
+      
+      
+        
+        
+      
+      
+
+
+    
+    
+      
+    
+    
+      
+        
+        
+        
+        
+        
+      
+    
+    
+      
+    
+    
+    
+      
+
+    
+    
+    
+  
+  
+  
+    
+    
+      
+    
+    
+    
+    
+    
+  
+    
+    
+      
+    
+    
+    
+    
+    
+    
      
+      
+    
      
+    
+      
+    
+    
+      
+
+  
+
+
      
+  
+  
+    
+      
+
+    
+  
+
      
+    
+    
      
+      
+      
+        
+      
+      
      
+        
      
+          
+            
+              
+              
      
+                
      
+                  
      
+                    
+
+
+  
+
+
+
+                  
      
+                
      
+              
      
+            
+            
+              
+              
      
+                
      
+                  
      
+                    
+
+
+                  
      
+                
      
+              
      
+            
+          
+          
+            
      
+              
      
+                
+                  
+
+  
+  
+
+
+
      bpfman Overview
      
+
      Core bpfman is a library written in Rust and published as a Crate via crates.io.
+The bpfman library leverages the aya library to manage eBPF programs.
+Applications written in Rust can import the bpfman library and call the
+bpfman APIs directly.
+An example of a Rust based application leveraging the bpfman library is the
+bpfman CLI, which is a Rust based binary used to provision bpfman from a
+Linux command prompt (see CLI Guide).
      
+
      For applications written in other languages, bpfman provides bpfman-rpc, a Rust
+based bpfman RPC server binary.
+Non-Rust applications can send a RPC message to the server, which translate the
+RPC request into a bpfman library call.
+The long term solution is to leverage the Rust Foreign Function Interface (FFI)
+feature, which enables a different (foreign) programming language to call Rust
+functions, but that is not supported at the moment.
      
+
      bpfman library
      
+
      The bpfman-rpc server can run in one of two modes.
+It can be run as a long running process or as a systemd service that uses
+socket activation
+to start bpfman-rpc only when there is a RPC message to process.
+More details are provided in Deploying Example eBPF Programs On Local Host.
      
+
      When deploying bpfman in a Kubernetes deployment, bpfman-agent, bpfman-rpc, and the
+bpfman library are packaged in a container.
+When the container starts, bpfman-rpc is started as a long running process.
+bpfman-agent listens to the KubeAPI Server and send RPC requests to bpfman-rpc, which
+in turn calls the bpfman library to manage eBPF programs on a given node.
      
+
      bpfman library
      
+
      More details provided in Deploying Example eBPF Programs On Kubernetes.
      
+
+
+
+
+
+                
+              
      
+            
      
+          
+          
+        
      
+        
+      
      
+      
+        
+      
+    
      
+    
      
+      
      
+    
      
+    
+    
+    
+    
+    
+      
+      
+    
+  
+
\ No newline at end of file
diff --git a/main/getting-started/running-release/index.html b/main/getting-started/running-release/index.html
index 0b7a734eb..b2a834d3e 100644
--- a/main/getting-started/running-release/index.html
+++ b/main/getting-started/running-release/index.html
@@ -235,7 +235,7 @@
     
     
       
    • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -463,6 +465,86 @@
   
   
   
+    
    • 
+      
+        
+  
+  
+    bpfman Overview
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
    • 
+      
+        
+  
+  
+    Launching bpfman
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
    • 
+      
+        
+  
+  
+    Deploying Example eBPF Programs On Local Host
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
    • 
+      
+        
+  
+  
+    Deploying Example eBPF Programs On Kubernetes
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
+              
+                
+  
+  
+  
     
    • 
       
         
@@ -530,18 +612,9 @@
     
         
       
@@ -1569,18 +1604,9 @@
     
        
       
         
      • 
-  
-    
-      Local Host
-    
-  
-  
-
        • 
-      
-        
      • 
-  
+  
     
-      Systemd Service
+      Run as a Long Lived Process
     
   
   
@@ -1617,109 +1643,80 @@ 
        Run bpfman From Release Image
        
 
        This section describes how to deploy bpfman from a given release.
 See Releases for the set of bpfman
 releases.
        
+
        
+
        Note: Instructions for interacting with bpfman change from release to release, so reference
+release specific documentation. For example:
        
+
        https://bpfman.io/v0.4.0/getting-started/running-release/
        
+
        
 
        Jump to the Setup and Building bpfman section
 for help building from the latest code or building from a release branch.
        
-
        Tutorial contains more details on the different
-modes to run bpfman in on the host and how to test.
-Use Local Host or Systemd Service
-below for deploying released version of bpfman and then use Tutorial
-for further information on how to test and interact with bpfman. 
        
+
        Start bpfman-rpc contains more details on the different
+modes to run bpfman in on the host.
+Use Run using an rpm
+for deploying a released version of bpfman from an rpm as a systemd service and then use
+Deploying Example eBPF Programs On Local Host
+for further information on how to test and interact with bpfman.
        
 
        Deploying the bpfman-operator contains
 more details on deploying bpfman in a Kubernetes deployment and
 Deploying Example eBPF Programs On Kubernetes contains
 more details on interacting with bpfman running in a Kubernetes deployment.
 Use Deploying Release Version of the bpfman-operator
 below for deploying released version of bpfman in Kubernetes and then use the
-links above for further information on how to test and interact with bpfman. 
        
-
        
-
        NOTE:
-The latest release, v0.3.1, was before the rename of bpfd to bpfman.
-So the commands below still refer to bpfd.
        
-
        
-
        Local Host
        
-
        To run bpfd in the foreground using sudo, download the release binary tar
-files and unpack them.
        
-
        export BPFMAN_REL=0.3.1
+links above for further information on how to test and interact with bpfman.
        
+
        Run as a Long Lived Process
        
+
        export BPFMAN_REL=0.4.0
 mkdir -p $HOME/src/bpfman-${BPFMAN_REL}/; cd $HOME/src/bpfman-${BPFMAN_REL}/
-wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-linux-x86_64.tar.gz
-tar -xzvf bpfd-linux-x86_64.tar.gz; rm bpfd-linux-x86_64.tar.gz
-wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfctl-linux-x86_64.tar.gz
-tar -xzvf bpfctl-linux-x86_64.tar.gz; rm bpfctl-linux-x86_64.tar.gz
-
-$ tree
-.
-└── target
-    └── x86_64-unknown-linux-musl
-        └── release
-            ├── bpfctl
-            └── bpfd
+wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-linux-x86_64.tar.gz
+tar -xzvf bpfman-linux-x86_64.tar.gz; rm bpfman-linux-x86_64.tar.gz
+
+$ tree
+.
+├── bpf-log-exporter
+├── bpfman
+├── bpfman-ns
+├── bpfman-rpc
+└── bpf-metrics-exporter
 
        
-
        To deploy bpfd:
        
-
        sudo RUST_LOG=info ./target/x86_64-unknown-linux-musl/release/bpfd
-[2023-10-13T15:53:25Z INFO  bpfd] Log using env_logger
-[2023-10-13T15:53:25Z INFO  bpfd] Has CAP_BPF: true
-[2023-10-13T15:53:25Z INFO  bpfd] Has CAP_SYS_ADMIN: true
-:
+
        To deploy bpfman-rpc:
        
+
        sudo RUST_LOG=info ./bpfman-rpc --timeout=0
+[INFO  bpfman::utils] Log using env_logger
+[INFO  bpfman::utils] Has CAP_BPF: true
+[INFO  bpfman::utils] Has CAP_SYS_ADMIN: true
+[WARN  bpfman::utils] Unable to read config file, using defaults
+[INFO  bpfman_rpc::serve] Using no inactivity timer
+[INFO  bpfman_rpc::serve] Using default Unix socket
+[INFO  bpfman_rpc::serve] Listening on /run/bpfman-sock/bpfman.sock
+:
 
        
 
        To use the CLI:
        
-
        sudo ./target/x86_64-unknown-linux-musl/release/bpfctl list
- Program ID  Name       Type  Load Time                
-
        
-
        Continue in Tutorial if desired.
-Use the bpfctl commands in place of the bpfman commands described in
-Tutorial.
        
-
        Systemd Service
        
-
        To run bpfd as a systemd service, the binaries will be placed in a well known location
-(/usr/sbin/.) and a service configuration file will be added
-(/usr/lib/systemd/system/bpfd.service).
-There is a script that is used to install the service properly, so the source code needs
-to be downloaded to retrieve the script.
-Download and unpack the source code, then download and unpack the binaries.
        
-
        export BPFMAN_REL=0.3.1
-mkdir -p $HOME/src/; cd $HOME/src/
-wget https://github.com/bpfman/bpfman/archive/refs/tags/v${BPFMAN_REL}.tar.gz
-tar -xzvf v${BPFMAN_REL}.tar.gz; rm v${BPFMAN_REL}.tar.gz
-cd bpfman-${BPFMAN_REL}
-
-wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-linux-x86_64.tar.gz
-tar -xzvf bpfd-linux-x86_64.tar.gz; rm bpfd-linux-x86_64.tar.gz
-wget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfctl-linux-x86_64.tar.gz
-tar -xzvf bpfctl-linux-x86_64.tar.gz; rm bpfctl-linux-x86_64.tar.gz
-
        
-
        Run the following command to copy the bpfd and bpfctl binaries to /usr/sbin/ and copy a
-default bpfd.service file to /usr/lib/systemd/system/.
-This option will also start the systemd service bpfd.service by default.
        
-
        sudo ./scripts/setup.sh install
+
        sudo ./bpfman list
+ Program ID  Name  Type  Load Time
 
        
-
        
-
        NOTE:
-If running a release older than v0.3.1, the install script is not coded to copy
-binaries from the release directory, so the binaries will need to be manually copied.
        
-
        
-
        Continue in Tutorial if desired.
        
+
        Continue in Deploying Example eBPF Programs On Local Host if desired.
        
 
        Deploying Release Version of the bpfman-operator
        
 
        The quickest solution for running bpfman in a Kubernetes deployment is to run a
 Kubernetes KIND Cluster:
        
-
        kind create cluster --name=test-bpfman
+
        kind create cluster --name=test-bpfman
 
        
 
        Next, deploy the bpfman CRDs:
        
-
        export BPFMAN_REL=0.3.1
-kubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-crds-install-v${BPFMAN_REL}.yaml
+
        export BPFMAN_REL=0.4.0
+kubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-crds-install.yaml
 
        
-
        Next, deploy the bpfman-operator, which will also deploy the bpfman-daemon, which contains bpfman and bpfman-agent:
        
-
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-operator-install-v${BPFMAN_REL}.yaml
+
        Next, deploy the bpfman-operator, which will also deploy the bpfman-daemon, which contains
+bpfman-rpc, bpfman Library and bpfman-agent:
        
+
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-operator-install-v${BPFMAN_REL}.yaml
 
        
 
        Finally, deploy an example eBPF program.
        
-
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/go-xdp-counter-install-v${BPFMAN_REL}.yaml
+
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/go-xdp-counter-install-v${BPFMAN_REL}.yaml
 
        
 
        There are other example programs in the Releases
 page.
        
 
        Continue in Deploying the bpfman-operator or
 Deploying Example eBPF Programs On Kubernetes if desired.
-Keep in mind that the documentation describes bpfman while Release v0.3.1 is still using
-bpfd.
        
+Keep in mind that prior to v0.4.0, bpfman was released as bpfd.
+So follow the release specific documentation.
        
 
        Use the following command to teardown the cluster:
        
-
        kind delete cluster -n test-bpfman
+
        kind delete cluster -n test-bpfman
 
        
 
 
diff --git a/main/getting-started/running-rpm/index.html b/main/getting-started/running-rpm/index.html
index e1b0f7426..60e5f3f12 100644
--- a/main/getting-started/running-rpm/index.html
+++ b/main/getting-started/running-rpm/index.html
@@ -12,7 +12,7 @@
         
       
       
-        
+        
       
       
       
@@ -235,7 +235,7 @@
     
     
       
      • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -463,6 +465,86 @@
   
   
   
+    
      • 
+      
+        
+  
+  
+    bpfman Overview
+  
+  
+
+      
+    
        • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
      • 
+      
+        
+  
+  
+    Launching bpfman
+  
+  
+
+      
+    
        • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
      • 
+      
+        
+  
+  
+    Deploying Example eBPF Programs On Local Host
+  
+  
+
+      
+    
        • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
      • 
+      
+        
+  
+  
+    Deploying Example eBPF Programs On Kubernetes
+  
+  
+
+      
+    
        • 
+  
+
+              
+            
+              
+                
+  
+  
+  
     
      • 
       
         
@@ -656,26 +738,6 @@
   
   
   
-    
      • 
-      
-        
-  
-  
-    Bpfman on Linux Tutorial
-  
-  
-
-      
-    
        • 
-  
-
-              
-            
-              
-                
-  
-  
-  
     
      • 
       
         
@@ -716,46 +778,6 @@
   
   
   
-    
      • 
-      
-        
-  
-  
-    Deploying Example eBPF Programs On Local Host
-  
-  
-
-      
-    
        • 
-  
-
-              
-            
-              
-                
-  
-  
-  
-    
      • 
-      
-        
-  
-  
-    Deploying Example eBPF Programs On Kubernetes
-  
-  
-
-      
-    
        • 
-  
-
-              
-            
-              
-                
-  
-  
-  
     
      • 
       
         
@@ -811,6 +833,8 @@
         
       
         
+      
+        
       
         
       
@@ -1127,6 +1151,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
      • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
        • 
+  
+
+              
+            
           
      
         
       
@@ -1748,11 +1792,11 @@
 
      Run bpfman From RPM
      
 
      This section describes how to deploy bpfman from an RPM.
 RPMs are generated each time a Pull Request is merged in github for Fedora 38, 39 and
-Rawhide (see Install Prebuilt RPM).
+Rawhide (see Install Prebuilt RPM below).
 RPMs can also be built locally from a Fedora server
-(see Build RPM Locally).
      
+(see Build RPM Locally below).
      
 
      Install Prebuilt RPM
      
-
      This section describes how to install an RPM built autmatically by the
+
      This section describes how to install an RPM built automatically by the
 Packit Service.
 The Packit Service builds RPMs for each Pull Request merged.
      
 
      Packit Service Prerequisites
      
diff --git a/main/getting-started/troubleshooting/index.html b/main/getting-started/troubleshooting/index.html
index 7eea060f1..fada2b9c8 100644
--- a/main/getting-started/troubleshooting/index.html
+++ b/main/getting-started/troubleshooting/index.html
@@ -9,7 +9,7 @@
       
       
       
-        
+        
       
       
         
@@ -235,7 +235,7 @@
     
     
       
    • 
-        
+        
           
   
     
@@ -422,6 +422,8 @@
         
       
         
+      
+        
       
         
       
@@ -464,11 +466,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -484,11 +486,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -504,11 +506,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -524,11 +526,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -544,11 +546,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -564,11 +566,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -584,11 +586,11 @@
   
   
     
    • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -604,11 +606,31 @@
   
   
     
    • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
    • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -742,6 +764,8 @@
         
       
         
+      
+        
       
         
       
@@ -1058,6 +1082,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
    • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
      • 
+  
+
+              
+            
           
    
         
       
diff --git a/main/governance/CODE_OF_CONDUCT/index.html b/main/governance/CODE_OF_CONDUCT/index.html
index 9b0f9ca67..ac15118b2 100644
--- a/main/governance/CODE_OF_CONDUCT/index.html
+++ b/main/governance/CODE_OF_CONDUCT/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -676,6 +698,8 @@
         
       
         
+      
+        
       
         
       
@@ -992,6 +1016,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/governance/CONTRIBUTING/index.html b/main/governance/CONTRIBUTING/index.html
index dd7c721e8..6750e3d30 100644
--- a/main/governance/CONTRIBUTING/index.html
+++ b/main/governance/CONTRIBUTING/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -1145,6 +1169,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1783,7 +1827,6 @@
 
 
    Contributing Guide
    
 
      
-
    • New Contributor Guide
      • 
 
    • Ways to Contribute
      • 
 
    • Find an Issue
      • 
 
    • Ask for Help
      • 
@@ -1854,7 +1897,7 @@ 
      Pull Request Lifecycle
      
 
 
      In some cases, other changes may conflict with your PR. If this happens, you will get notified by a comment in the issue that your PR requires a rebase, and the needs-rebase label will be applied. Once a rebase has been performed, this label will be automatically removed.
      
 
      Development Environment Setup
      
-
      Instructions
      
+
      See Setup and Building bpfman
      
 
      Signoff Your Commits
      
 
      DCO
      
 
      Licensing is important to open source projects. It provides some assurances that
@@ -1942,36 +1985,44 @@ 
      Pull Request Checklist
      
 
    • Verify that Go code has been formatted and linted
      • 
 
    • Verify that Yaml files have been formatted (see
   Install Yaml Formatter)
      • 
-
    • Verify that Bash scripts have been linted using shellcheck
      • 
-
    
-
    cd src/bpfman/
+
  • 
+
    Verify that Bash scripts have been linted using shellcheck
    
+
    cd bpfman/
 cargo xtask lint
 
    
-
      
-
    • Verify that unit tests are passing locally (see
-  Unit Testing):
      • 
-
    
-
    cd src/bpfman/
+
    • 
+
  • 
+
    Verify that unit tests are passing locally (see
+  Unit Testing):
    
+
    cd bpfman/
 cargo xtask unit-test
 
    
-
      
-
    • Verify any changes to the bpfman api have been "blessed"
      • 
-
    
-
    cd /src/bpfman/
-cargo +nightly xtask public-api --bless
+
    • 
+
  • 
+
    Verify any changes to the bpfman API have been "blessed".
+  After running the below command, any changes to any of the files in
+  bpfman/xtask/public-api/*.txt indicate changes to the bpfman API.
+  Verify that these changes were intentional.
+  CI uses the latest nightly Rust toolchain, so make sure the public-apis
+  are verified against latest.
    
+
    cd bpfman/
+rustup update nightly
+cargo +nightly xtask public-api --bless
 
    
-
-
    cd src/bpfman/
+
    • 
+
  • 
+
    Verify that integration tests are passing locally (see
+  Basic Integration Tests):
    
+
    cd bpfman/
 cargo xtask integration-test
 
    
-
      
-
    • If developing the bpfman-operator, verify that bpfman-operator unit and integration tests
-  are passing locally:
      • 
-
    
+
    • 
+
  • 
+
    If developing the bpfman-operator, verify that bpfman-operator unit and integration tests
+  are passing locally:
    
 
    See Kubernetes Operator Tests.
    
+
    • 
+
 
 
 
diff --git a/main/governance/GOVERNANCE/index.html b/main/governance/GOVERNANCE/index.html
index 21a792eac..8bc5759df 100644
--- a/main/governance/GOVERNANCE/index.html
+++ b/main/governance/GOVERNANCE/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -676,6 +698,8 @@
         
       
         
+      
+        
       
         
       
@@ -992,6 +1016,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/governance/MAINTAINERS/index.html b/main/governance/MAINTAINERS/index.html
index 608c7e21d..16ed0b60d 100644
--- a/main/governance/MAINTAINERS/index.html
+++ b/main/governance/MAINTAINERS/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -676,6 +698,8 @@
         
       
         
+      
+        
       
         
       
@@ -992,6 +1016,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/governance/MEETINGS/index.html b/main/governance/MEETINGS/index.html
index 533107e5b..5e23bd391 100644
--- a/main/governance/MEETINGS/index.html
+++ b/main/governance/MEETINGS/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -676,6 +698,8 @@
         
       
         
+      
+        
       
         
       
@@ -992,6 +1016,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/governance/REVIEWING/index.html b/main/governance/REVIEWING/index.html
index ad1eb4108..01719f979 100644
--- a/main/governance/REVIEWING/index.html
+++ b/main/governance/REVIEWING/index.html
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -420,6 +420,8 @@
         
       
         
+      
+        
       
         
       
@@ -462,11 +464,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -482,11 +484,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -502,11 +504,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -522,11 +524,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -542,11 +544,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -562,11 +564,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -582,11 +584,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -602,11 +604,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -678,6 +700,8 @@
         
       
         
+      
+        
       
         
       
@@ -1112,6 +1136,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/governance/SECURITY/index.html b/main/governance/SECURITY/index.html
index 36cdc001b..802dd8c75 100644
--- a/main/governance/SECURITY/index.html
+++ b/main/governance/SECURITY/index.html
@@ -231,7 +231,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -418,6 +418,8 @@
         
       
         
+      
+        
       
         
       
@@ -460,11 +462,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -480,11 +482,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -500,11 +502,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -520,11 +522,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -540,11 +542,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -560,11 +562,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -580,11 +582,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -600,11 +602,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -674,6 +696,8 @@
         
       
         
+      
+        
       
         
       
@@ -990,6 +1014,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
diff --git a/main/img/bpfman-on-k8s.png b/main/img/bpfman-on-k8s.png
index 7061fd33719838885ab76a3f08aee2f86a63b4ea..696586ff787daf17111c74051bd7427e3d4b44aa 100644
GIT binary patch
literal 457253
zcmb4LbzGF|ww4l52?J3YDJ7L|P`XvRQM!?o7Ev%LLAr)eknUyxQF>qi>6V6p0R{$P
zi2IIv?{m(*=l8pt{fDt-_BU^=c-FI?^}T(lu0V2u>cY8m=SY+kWgnkAcai_xx$|(M
z^Wa~IjJ9yVA2@E06&{=`>ZMr)|3U1csPA^}oWv{aFPx!*V)t|B7|tol-q(6=f|w#s
z7&1R?-$trdBvg=S-sb)Cib&u?h3(_9{k;z?@06I!K9cWrs6Tpj{PD(u8lQ_v)?$Hlu!gvkOBzn(`EK+H>6&GXD=6s6!4wNrb;Sw=CR3bQ(
z5UDSSrb{(vdT|c?%UORjM@sfyL;o4`-Ryu{p-6(5%o?qW-sVynbzP=aIEEEiI
zBPE_RurX-_0TF-uwD6A$)8yp=0=DUX2NzqcuHHU8^LD{H?~yaWY4Ef@%bvr**J_r6
zPoC~*2E8qn4$r$2ofdcNP#~qs+c)v3JYUrl!G6(N*c==P4*pqxyM&*Xy5(JKf}cbJ
zUwH{m&{t9UD^3DF2Vn_SH28c+Wg`AwQYH^U&~qQeF%)
z!ORVTjG{Q}+Q_9LJK$oA{JeVKUY2IKkBgsVPDsDbP=4C$g_{I
z=cEM$q=7Q^AL5Y#@E>m9X&TY8WC%>ahN$8Mk>gi}Zn4M%{slzv2pyS9r
zsbe>p9`O%M;2iEExOdbotYr#gEtAgO2d4EUKJKY_hEN9$=QkR=DKVa!*;8a%a7MHL)`g#>ORS%5ozSXJmRR>Sc$X)q=
zV3`Q8y$RxNfAHlD%3#wlhSc+ksEh9`wM;%N6mtt2GAK6^2`Ugr+x`Q48n_7TX;dL&(T}s6#@Z#mg(Ub9xRrn197^NdOq2sLC5j)Q@$q2e{eZvMBs8bgh+reA;WDKHb3l>7kvb#t!1FH$|-kzOd>i4zaM+$8CEO3sP(LUq1T*N9(M0wDZJt#7N*GUz^+l{#Qg9w9!x#B=YZflFMF{fh<0rKuGT?~O9t#Dn1{PVL|M17L-T_7O-`ph6`?#W%n*S=hK@20mrPJD&>F{b#~t5mn;zamL+^hIrG_{
zEQ>`MwLI6ES}%wFOJ533Q__1EGTBxgKLaOy8IKx&Y=U5AA{A1*M9
z!d0V02B=kgxABu>P}8FVXI@vV64dqPkxa?>16HaE1%Nm
z?gSu-jl_(dJx((CfJmNY-KmOQ=_lz1tW|nPwcvjx7F-tx)`KJW57O7uTj1bW3skYb
zf`8!~2iR)ji1jUU^^(Mg*9z$8u~7OysCANfPZxIvywn(SAms#Gi;(eci4gXpE%H6fUq6d<)pCD;z5ueVUk*F
z4}Kz3L&pVCBY;<3%k0O}q8^rWU8em9s|PW|icrrTdv>=jzp;djG53I5kDkaEH&+XW
zy-MQfOPt49)jGXNJ~@H&wmSo*KPAU%Sljjv#hGE(h%Hq=Z|iW#)x(
ziT7eibl2W4oq7Td8-eO4SxWC*@t)cq2+rb!|Gb_+gP5fBSWX6QMRx<1HIF2&rk
zv~#Q0pO2ZN+yK5WA8TdZba4elx3ixAf8uXhF}Q`gjU!I_#dPbaJPy0t8Y}W_Dr$#-4!B8
zJRV|KDe)eABacI7g+lY*nbb)VCwrTE>#U&R#S43Iuk}mpqeLJty9e2vPf8vxzS0~E
zQfQ;Rb3sX%6DVP`>`O$N%&cD*#-&aO$&~Tt$BI?ySP!$q_|JYD(*Gw?dO&J3bqFIA
zqC^5cwx8OXKqh;5gfq
zZ*=|&$i%|Zau@mAMLP;i#sNZ&E#Ez#kxExo(qzzRpCrBh-d
zP(=vP|F#
z5-T5+2dcD5yEVM*$+9}3-tApAFs%4mCK$s|8u&&(ywcW1T+idDVp?Knz^z27>*g|3
z={h#U%KywDfu)pxxps_=J46JTmu=LG6WR9$9^-lr*!Re5C<@&)5P#WYLMZTvdggP6
z6^W4jVAH;iGa9|E^Q0NkU@z#{5aJRJK6`?6_P^q=
z^rw-8@XQwDYJMU7#K!9sEO3M`oe)8CV{GB^%=9?dr_6uo>Tdy9y2|pK#(YHnMjL|7
zu8&5I7c^_`bRZE
z?uS3Zu}j#|%crXXKIRW1bF_Ux)VhAWR;BX@4`yO5^lHovW2LBLbx=R@kNrIXe3{^*
zOpw4B$O(e<@RJl49b-Ru%YjY((p*4yx>zRYYiRZ3!HQ~58G@`TO=~llj}*Quo;~X4
zYGL`8ArCh_Ks{zlGym&y%rH(w72MSQw?7ob*tU2oC>Z*j1dZI
zeIi*UhU-B~*Mo;;ZN28yuCn(~O*{0{Yl9uIFAWO;%zubXym@BcF*g^x_%)a-Hz1Ev
zv5OD!(EKDn)O-QcBNlOS~T&wAc6EMcEANY$75
zXAwyq#Di4w8Ei3;$xN;UskJ?3$Em+dye4nE&Y07=5yMDz-qUxm8JU|X#~9qi8e~;X
zkl46X^qdfj8u_+pLG=BJ&S^P0yTvsVfK3{^5If)i_X(A*`3ol{Q@<=|VMo;+2+9y7
z7vjR4NO*lyr?yBR+_ZgdRrt>kUID-uC@d!ih~Zb%|Bka`_C0M;6ruCan4O7)>Fniv
zNlt&K{SfyF3muhr7k+S^FMKQbA?x5lBLOZf;>IeLayk=klKzD4N7xpp1%rM>1Ho4k
zetQqA!U4q0B-PXKYJ28&?|f>^`J_E$Id8s-x@V!{=ZN)D+0co-l9oIV@KKU~1deey
zK#Xf318%{fjyv~<&z8tIlMAUElGUj?rH5tbnm9borbrg(C@AW@W`RzFQ6Mv%Ljc*%
z(XIv=TiEL-JUdncOM
z|N5*)20o_;^21UP_JE&VA!7TBh{Q*fU<0Z4>#IW*Nu@eAo`xtLgNQxo&&r4xw~8AT
zZA$yO`y_j;pdO<5hlcS0OUFC@@r7@!AY+AdL&A?Xjpc*CU%dE^1whW)7u6y5zXKjs
z_;m+b>xTJnZa?9DGHKJ@sQNsxie@^ycK-O}
z*Rhc6;1FfU=2U%H+q4Ucq4slMp}hb6nC<+bhwI+=DXw@Lp=U`J{KCR%6HmDSJ)YT|
zGbr_u5f3xk`|H7G{lMC{s;c9c9?$u_!o)G7c#Q3I)7gpO8`SmO*w!KT+^gKwCwi2w
z7~L7TDL1sttBfwv|L=QySSnE*|4)0t{|&iI>i>-KDW0@`Hw$}d3QI}`gTuNe)^1|U
zTbo>=$%52Wgow%d4cf1en9Y$N-^}Vt>K1-iFguK{g}nvZNimHi(2etn{BsoD=Bg(a
zK{UR8)Cvm5l~2DI{XktCgKjuyJ>xR0jMJS-W399sxwl5&r|uJ%MjKISgn6%iG+iNFi2(ZyeB
zdMn4YwIfDE=MYm)VI0$PQPSm`zKbDO>No07Fr`HN#Rrwr+>%+1*PM7UFJ30M_V@&W
zD0Ujg@$I}2<;k7F9Cc#vxZ?r4E)hzTM~uB|Z88bxlRS_b(5;XZ@99qwk@q1YQDM^M
z^VZ)$Q{?|I;1wT$+fsUN>u?hXKU%Zd_TLqSLuPP3)dhfNww(_0-&_9Zxz%4h$3Nwz
zW94BRqt9jW$qG4HYQmOsJQ3dCxKCw%J*+aBV-gwaL;bt{W^;S*3Gv2S;+ROPtPG45
zFgnEz$8UcW8INT9J~$+|Q77{KWVlEXEbVqMacZxUVHBWlts!R~
z6L;x}l>}jsRm?=TMmESQOcY@b4KdQ?Mef}Y49jvAW5jh9I8BEfWUT*cCg0!L2Qy&S
zmY5rbt3V;w$u`UXAC*skhBgVVeXfWJtm#%|QQ@4GfCkEqE+M?w>G8kXDH+^Er3<`
zPb5_Er*PfkHm}ppC0$)BG~Fxd^8VO?J6Jooj4LlZX$#Sh$2j!!49r48+BmM-kY?Y4
zI~@6~y!pFWs|31SB5!#j3qe+LB^D<6U0}_=ILVlhB?5#i!q>{VWW33zy!t}9_MTO}
zv>X5Mm$0CvN$Ab!*qb+=WAWGJJ^?#>c_w&++cIhGTvz#Gw|99sI#v}NJ$aB-mi;Hq
zSJ|MWHU11=
zSuk+E7T|n$-B(`y?fG(p^X=q`+5qRfLnKVhpEIHw>tlNdCv>nRPkU%i&;FYjB!8I^
zjzH+B;Z5~g2_R|L!nKy9-ISExPWrEV>`Z41g)zk3>nR{)f;+f3y1#n}=!91fV*CHXNKiJY<5RAUd}F-~8m8El{R@xi
zgfAYG+jxFXUV+zd3hGffgGipSWZ^icW5dnC5kp8g!|vR`+qJR+i?q8_+{CB3_Crl*
z4f$Ce6bD0g?NSq;e8P{J1q4bS_;dEw`A^K0S)y1EmeT{X)l=&p^BhZ$SJmwwz%
zF?@d#{qtw);~Xc6F|V1twt0l;Nn@p=Cvuv_W1ZIQ8hd4O-zLTe)1)1_JcM+k40A}nN$GMEgl1NI_swOKr@rlg
zqH@Og=3jFfza8i}hB%-t$*<9~8!DPVIDn@&;*l2cXrss4J&Qkh!e@L9-&ef}*pdrG
zh8|8)0`{acO`^;
z@+74p>iBWK)(5`cT45V_pDo0@JtA-+hK#kd9jOsL6TlT^s#82#Ulg)R>O7z->Ln&q
z=P6|f{yyo6WTg!-X*62uIg+(n_GdQjO{R5!Q{=DJtut`kb1_>Jebd!U9xvw0KKfuI
zerU(>gp#qH#_Oq0Ey^Z$XQ*GJd*lFRaWL>b6UV^u)PKoRJN4mE~knWE}cYs%er-LK8vu}7uQYVcYIQhC^G(@Hv6R-mU{5^60Lj8
zVomMLiP0to^J(bgc;)(d(I?uU+ww0RW&1=H3yt)TrbfzqhBOwZUpfc+r-ze@86^oy
z8F1I^+KDjcr}o!o4&8|cS>Av6t9Dfj8uSi^JU4SrPmb1S3M=f<6N)5*)SM@(h9N4a)b8WHI^$k#Oc%M(BY!9oNVA*)3Ev!yAE$?0)ma>*j_E$nI*r
z7diO%`+c3eUqE&BicoU}a+&s{0x`9crn~t+q*kI{d`ZDiVhaz{51H}ug~RPjByw88AI(nP*3(Jf4Z-^9t+$!beew9E%Ng~{z!<|ZJcnY!@v6d
zW{a&@=Gdcw^}}R|*hu?L)9zK5_G2bu{`IGLn^deq(>{@lb^WCL>&VZi(^85RbzU_a
z5x(>vPK`$TR)QHbhT${CWF$8qazmUe)48X5cl}E4a|kJLzzdqZcD-7&S~vNpL%kxY
z6r0>uvRr%RblX04`PO)S7yf@EE{Mm9CLm#V`g$Q~0B}=n=KohglcLUnyIjnzKKkYA
zBS$?ld#Z)c4^XFRA-1t=dJ>->I$LhUJ?>YAb&jT-PnrohW~tqepbn3qQcBRLyi3ej
z&jJ_sKzr?scQaZ3q&5$CI1&r@u`J6eD~|bWPg2`h9K(p?Uum%3NG8R#Z0r~77}duN
zpLCvWOk;07RDV$Ef(x^A`(A5ILrCF4Mx~Rob>g5fRMLc5;;3DU-fU~xeQ4b%xlFq1
zg=xIcv2Um6^9vqyc`E%RY_(51_c~JO=TxXpFcjGvz?lD9Or&CZrsnNnxMa<&g~=%t
zrxL)%ZyhRqMA+{qG4O%Ga8g+tof4P4!i!W@Tr~rqM{sno#W}IGPTUPOo+89IN5N
zwDYwu>L-qgRS!y|1pJ+1H6#-_*H88AeNtWoU`w61n#)SD{^-(F^YI^E*?~wE2TY=;
z@E3n;??qUoWxD@9mk@ItpduSDOF(qYp})e=PhR&Gs;UJJt0BKPr7J=7Wolk03x*i|
zJW}!TW+w}^>j&zj*jVp?HWM0=Ta#JmX>;hEZk%p9h~!yvWO)np_zey%cOTXAg&z{G
z|5zzeomiXl3|gX);`%ThpL)3;NjTHEO52niuaPT)FtlX&ySRf7^khBt*b?O@vl-Rz
z=2&yY&c%11Mpoc+kmodv)fyo-i&M{qaACdQ)nF-o4wAR3vD`vjAP-=m^7+}!`AGPk
zxsNoRY6c`7^3PLQ1^9QVY7q1)8t@V%F^S|LNB4K2RV3G-Te~jaYfUm)l?&6}bo6^k
zDgG^sjLVf5`P0X1ll>%pLpGqmBOKZI5qD>cp195z?(3m@O}7$_yiF)uZ^G)0chc7v
zTiQ)-3o-mY(hmS_xa!1TU5Fpz=y`U@*G^!~>$CqI?fkZ-^byver5yRlcpU%YlF8D|
zM|is}27r9iWv_
zs1`S24J>1@V42e+aB7Sfvy_L@xFLw|BgeS`h?SNVr*No@F07Ui{-pzw@rTc?Ol$Gg
zvpG>uV0y2a8mXbk57vwC?48EzPeBd@fUCl8Yo1I$w2i5@Ss{&%gVM;ygIV(xjr|oH
zld>iHT68pB+|Z~-haHwYyvd7u`
zE)UyH8w^b}{bm$X9AMy6KA+DM3Vgi72aN_m(OL9cnW^O^evS^j$cX4}pFQG|u}0tc
zl(-?);nULLQC*HArx|qhv(uPyuecG`Wr7XU%eb(6+g^jv<
z)Y!g*lRqDRk{rL0$XugHbW)PtAq^LX#SL;W`M&7mbp?7hEL0;|AL;zDKOG0)>0MXb
zNx*KUS2IJt=D!W)hU~la;b|xiGDXILA|NI+lWS)$9<>lu?<9CZCNj{uszPM-$BV`~
zM))L%bG4Goo~tefUSAB6=MFZOhj!-4W;zm<BJ`z+(R4!&r?vBvms6c5yTT%Ex5
zU#KIKxF>H=Eg@$&@`X*zYcq(!vgrl3}v8)rqBW;l`u5e0!
z6LaUwm&JhTD+lt>6e)$GI!ONF39`=lm67kf<9*D^bm-*th#$8GlEy&=6#k-jQ$fi3cQx0V-Ot?vhmD;E}1Q{Eic|?VI?kO>bh)
zUkv{uwyY!31{kf`v#5nk@{WOHZ9uS0c15=A@DaM)#=|`ygHj)_GFH&2wEKH;A32r+
zQ6#vDZEf7R0F3Pq%>^C@f4xA8-SgdCufYr7K)3vDz+Tlu@W}^l8N=IT{Pqt;Im+u6
zEJofP>bIso%-6>pz7o@5o`0#m2YSL(cIs8vVHaRNXt7X9_K_+6yX==(=X%Jjxvmuc
zvKvudI`r!=etZg%!ToFih{IikOTpBYG$b|!9PO{hFE$?%#;%(h7_if;duvu)C{en2
zon4ZrKAcm(p~Ll;cB6A#Ju*-=4^gfm-9&rp5FaFTtYD>%X?BeuHLmL(CDz0{d<6>p
zb0y~ss0Hmf6BYRPUuoB;`)B+vQkDZ{9TO0F#oFmL1NszZo#SPIZ?fKS?GuDVo4sd$tkIYlRdZ=wQlN3*vD>mGd6_4uDc9FiML+7VaQ8qV5s$Wz8uF&~J>DUhIJMzA4
zU#vxj?2eVr)7Lt~)v#28gLjD3UbNBkF#()o)#(J%feU>ybUy5}c-;1Z82!z9J_X5i
ziB?ataYj9ecW+PRVhBfHRpoQvHE~L$weib!!&1SfHBVlAFK2KXlS2bP0
zJa4yg&B!p>{*ZJFKc;bGBwbet-Kk&@F}U`fJ`f$Om9HaV(FA)P*k$XOJf_ofJQv@D
z_n=xG7gnh5z|j|;dV`-~vq=PSh35sVd5l;*);@=dC+k2YFcnuh!y}x$8yb?U??U=I
z+i5td9#`58F7te7P39*Xlaqnzn)=n*JRHbVdmb23;WQx$Q2{Mr*`^O{A!Hx!^_`6D
zAo!qqtl@mgAqdTqHMZ61lN;S4bOAeZwJSUJj)5V+Z+E!1vJ1JDF-$+5us`J--9J0q
zXh93Gj_ta5lL&z9+!K#FBZzZMjbURZ2
zu?@rXp9(0zGt8zEyZZKO$C+2~uG{9MTdEvcZQjs$t(AYh;6VkTKU?c~!cQOazj7E*
z#f5#2Z4xMGTpD>9)qOty$`NMV^po20;Yf5Xf-!ET`k`E6?9}AvdymN=-crI#*%Rm`qYSpy3EJ<}dSiKi==T&jx
zbh3`{uyXtKbtlM}Q%Y~(VdAo{q^#M1>eo}zz9ahKuArMFX!V0$!}*0xLtjJge!$N1
zV%CQqe^Q<$9P=aWO^#t3F&S_5tZ%`E(MC99%LHoIf{@ag^aC|%51UgQpHR_w?UFjj
z`Uosca@<$?ht6jFuhzh5c*tY_;EHGCPPLYC;Wi)NSaOZ*lH99za^oI*2oyqB>aLO`
z*n2pi%0mtUZ(*^9`1aBIayCJIC{Xz=|Q3ZaC2nqlC_~Gy_OuzCD-_Bx!`Dr1I6Q!!U6oU*F
zd76p-Zb%i5iw#0Q#uXY+$LvCnRQrXjhvcE+N_DBvrl+}CoqKj$2}Qqj651W%!LR`y
zT}WCv>2)f$854kq6exqI`ybPq4fzF9QmZNd{nSUZ1_*o_xByMPiFslCmzZX0_@Q0O
zC~n+#u{aGoe{$||t*vo&$lM=IfG>&oU0)^om^30|FLF1EPR>QE1}&XRqRLVNm3Xqs
z;}By^g^}WL-rc;burAX(BxDkke9ND#y~qoV?1wg?r}whoUdr?kY4B}o$1tH1|3-h$=%!*c`>WC0|Rzc2a>L*v~kA|Uh6QC@UtC;
z`<*&MjeeA;et1-(ZZNjLpjodtp(*Oa9zIf}$%Cl=lM1Q1qvn*}r0CAHs{zr3_
zj<|-B5;2w~;W6MZaPnp@e0RF4%Rxgsk)63ua(upXLnZ{7y5E2hEVJ0Y)$IW_+6n!k
zA_ceMVRfFCf;Y^f^as{6o#IgG1Eu-yD}HtTbSAW@Fw08oR9VNNguj<4z5@D65hIZ{
ztX`ay004Wnb;1+t_CGZwq`L2%_5;Q$!MKW!J6pI}l^LUP^~SxI^Ku@!)YBSHGnar8
zT4xiqt?-HuV)`gmVm@~@YTc6Yd9lXldJD}w$d7!g+ma2U(XO;kJ;%zGwPWXEbV
zA<93PASrap?R~>`*X^u>tRY*_OT*Djd?gkfj#B@)B2)&L^R%woLjfwT`sG?z^g+A|
z;2N`i_Ne+323#Xt@L>5moUv)NC&wZrLus^_Dt9T=%Mx6ep`degm4ZM?iYZ=0G1Sr6
zaV!wG@K-@>df~V?r726KB&KVcn~mPB1n}WET;B|u?e*oycdzEqIMx!LN~0>iAQexi
zobRwVPcKKDw$+z2uP>0MNw(8J60*DhC`K(UYDj$=R86kNAn>4|7&Trh
z8i%rP(~^MaF!Lp@lm?wAEbNm^+4-C$p)h`cNv~E8r^3W0vjY7W_4FI1A=4aBs%U>i
z?XyfILmU_AAZ*$Knu~YyyY&MnjeLzhy%JRus)Gc!A2fLc`P0WLEy}CIy@xW4l*R#t
z;ztYbBc2Z*88GBjI$DW*)*MOO`AJQW*cdEmk&HXmu$$30NlvkDh@7hT>g*5iI;HtV
zh9=|JpgJwPL^s<0Jlw_|bp7i9h&SN>{FL!In5e1EJC*cngRYD%-uO5qPloO&A02m4N8Q
zQYWZ??ux0p!Lx03TW>wJZpK55Ng&dmkC;9^VCi6Ia`dfw)f}<5eT}FVii|(`h|aYF
zC%D&~&5xP3F2xBR!~I{DYv^*i6zf_VQSl3u&O6r%(8BFCO`ce%D615sCE!9f<)^FO5E>sa|B7+T229Fh
zPy#8?84Z0f&Q7f?Lx+}k5e}=pe8n-0eAeKei3b}o9@fO7`)w%G%`Mow2iP*kRa5qg
zjb}G?KVIy|j~(_r5*(3}feOsB_uK6twMZ^61%H#&yPyjaK`*sQ;5}QE%(d@1XF2kG
zn0V-=w#_hEL`wWro2$twyqFk1WB7jIo7HNZv44IRC57V$K^R#DVrIVJ;$mX_G_QVu
zGd+pDy^WX_N^0UglS0Ql+0?vExT2V^l+l${@&D?kLCT1J5ymy%w|vx%rN-_1IM?Wr`sCBfrr&*S{ldxJKX^(NKF}7G
zRtvT}*(e+_`Ir&x#4DPolXYyfx$nBg7)rG_qTYXrU&GJ5;1Xcj7su0i4z<_l-4&(N
zwK?LH`$*djB98y+%3Je28<8$O|GttoP}aD6t+?$XwdW-^c!5_zY-nngEMXGiZsS+f
z@Xs-*;c+}7UI!}b#0=DQ4VQ^`cE0_k1u$)u5-OrRrrqvZ$;mwQoax3GMA(h7uZ>XH
zLTWAg=vMo;^$sle-j(cM=Y%()tJ6QJ=xBC}^wn-%@OH2$%JNVPDE8P0s1lcQdS^Xt
zT>ow{L1vJ1&QLbYhdNTg%JO?Q=0kTgOUOO=9+d!%e5iuDk07EvhCP1_@Msoj$
zEWVd-_*jilSV4=0j2w8k|!NsO;V}D65?E#K9d?{QrjP+ztgz>c^1PeJFehR3EKv!ar>G8`XW*I
zxVDY@ur#W~*Xe_h$xTb8ongZCu@5%`r4kBBBlzKn5TPrV?gvBPLk}J=E%wG;gjp~^RqH9He&{bo{@bfhkX)d=w(mC`s5`)kb34>|ENDDw
zQT$gb@y&4O^PlF_5O$26djU6ER4Ew3-}KWBSS0p
zS~Y_JZS&{Yh#8eG{v*(%7SeL?=~X;@eSsX)_a*43VB(OtFDfKe0mfNIBB|R3BOtD^4G0g4ARp!o#r|I)|elM!T6kF+-4jP&~sn^@)uAkY+X3g{H1oT
zO)5F~NPkY~N`Z4tG*ml9Gl_)6i>gf{q_s|Rf8uo|$Ai~a9;&-Q9dd-UPvb+GV^uogfuBv%cfM3Oj`UZZ
z0vZ{Jj;svPzKr|EA{)Eq4$Gp2j(ihcB_Jgy(+@qaFmP8^o(&Z~60*Kxv`2P(roTA8
zLCU*fQH1iePAyM6-^u>6Q|LP?n>3*G>o;rC<|FA1wa=edo&NrA&-VfMhYq1K>wTv&
zqhC3T+k8~`#R-@Ro_vX+E^EJ|BF7Mu_+t40~xr(8Mt*&%z(cQN+&wvQ}WcLQ!bj8lcsnmu~ONMw?dJF
z-?z`^G0xb8u8c1|?AT=O6TOX6h5NRbtCOdFx1
zsHch9hNSq}QBHUi)n?Z_x}X5jZvhB@bgzKzQ8({%h=-yJ;#Fj}O#GnZ2oL-Ctpn7u
z0lM36MENJ;7-*H!x|vt5Gn1CO|KVfY$5$!HH%nX#TdXiVC_NAxesKQA
zd`;4Kj$I`Ck-5t95J!Bc0Ofv3AufWxqSAl&JZ&b0&G09>KdI33`EkfA?C_(tm7IkS
z7-UIGUuP&gpkJk(>JI%Tjt_JV=}?Hk#kX^(`J*%rFWc0TIxG4DD+(cnL&p=9;@>>U
zPNaNUDe|!mrTLjuF6}(6($v$5*B7(5`bZcttEnq~|26c*UM8K*Xr*Cua2ni=AIGty
zGUxCY@RR;dxfPPiL@bgcNY5TU{fK`>Ri;@N%TEHi`JcBqco=m5iV*%owFmX3kc%GZ
zNy(c}bsvq@)1Th0@p346;hOufe2P}@b;fbK=$Nm#nt7>CuE-xl50$PnML-`%D|Yh1
zt*)x7@Ym|=wSf)Qe$X4H2oE$xy?1wVd$s6c7dwpYC;?H*`3>DN>qsL%D_^W0rK;~1
zs7KCU5U}}zQ}d7uIls@mY=B|UGdBq|6}3(;^`av2K?_%YTD&=6w}~WvM-OB)amP-Z
z{-vtvqTkEqN*2E{apGA<(1(lw)b_<2<#yj6ua3>>P1MqP`xF?teA$y&A*3o2FMiKyS~uzn
z)fDrJiJv*DF-kuoNcV0Vuf%pG8jHw|-5?Z=NILjL)mlT*RYWU3p7UX(pYWnuw_}1I
z(Of${G!|8Fso(1+Tb{Kr-xp9K#`}9L;XgvBG{Y)>1EW=rc0yy&B3{x7##EfCImKPK
zFXZ2dg@)*tjvFc40)klRy`pk?VAB9Q_T3C!{--Hma`xwKa?Zb~%<_waZRQi6L+{N&
zT@2n&ql<|gS!)Ks5D(Up)SEt7S+#5kMB$beCLj8@kHU{Qq%rDO3Lcd9-+HuS;eo!b
z>dY^fyPr*wBru9VUoQmx4fR3g4wI|(@Z=DjNU2-TAC8S^=UYP$(fnT?nK!vkVhi^P
zx1#7i>%O~nA&Pjgx;N(wOao9%wkc!$W-za5DmJf~@d-~JD%D=os{81v>a}SoRo%w(
zuX9zg_5xZG&(_4hl$sjAJydb4MYq-$le2X;L>HHGbAzlT79{YBC`l^DD>WodIn|P?
zh{iYm;`G!QiyQXdRv*FDgfOm^raTuqeGm_$5EX?Dm5N~3~cvL^Z!-t80Z{p=v4D#g;P{e
z@9r40bg_B5-yDeus$q8S7nZLFTvx?0x%!OZW*pE8!O;!>1$h{5f*JgKn*Jg;o#G_^
zJ$U*}vsq}N!S?(6HkGSRf}itBXo>lCNAnlWz)MpEgUtR7d-7Y@iQ6&aZ;RLw_T=Hx
zZZ(Y0PV?YYq-f`9$rkAHMsmlCn$4CbJCBAL&0Mj9FffNyeX;Ryrmx=n;^InNduT(|
z#kzD0Eo1%Q7Y2`ZSIjlG@DHvB?uR#sZ3`&$F;WFt89&79+z?G+ZBLD2v9%Sj>|T1%
z-}M>j>>Ml7*WEUw#5VnzA;|1)p6=Noe~0CV?^7nutF#aLbO6y+^v1+#+z>}V^l~~K
zH&s%ly}@g}*02-UrqkXewq=woIg249g=(8%MOM#p+!1TU1<4hd&7KcJZtbrSRCbZ9
zL*b1vXy~e^$bKfrr$_Uuee}m@lwIPEXHkRbl5GrES7ehT=%jS(dW-}CRRoG>l||RY
zH|EC|!#=+Dlgjmv7kAj!!V$l$>uKT-kfGKE2EoBpT~VQF(TKF=^IFy;d5wHIfegpK
zhPuy&&33~MR5s#VkB&j#M&QWTsamiqHp*Yfj>6`|Vb~qCz)th33~3)qE%evgYuG;P
z*-op@q)3ZDD(OI}tL4eB6Y}x%rzKJSYN^mwkYWM#Y3K*%Zk@tUuuj?qNHDdJBxHMj
zf2IS`5Si_wxkdJbAekSa>ye_TtK(I*k4owQcId)(0hyAjqbe$n7xychx*A0I7PdnP
zsr6M4e_iZDy8c(|vy<~-)zgHJj!7J!hY|$76;LF6fu{6S_fG#il>B5Vv0ZG+u*#XU
z$`fo~51A|{4YJywBoMoQF6aXHEHmgVY<)421C=)v$0Fy6+3CA))8z^0zk5hvUm)}n
zs_g9I4HWtsi`Fr5HX4KF$tf(8k}Y{!zo&ib8|BI$l&4h!kx>yeH`#CRyHQq_y^DH&
zl^vX4kNUWW33L>Lv?aq?y+-dC1X+c4$E_EUQZb9qHXq^)BBmQv)VuAhuKj#(L55uP
z=TfM2ptvh12Q+U_kSil9)9K=pS41aD_fNgDjRHJoAjhhCG#E06iK46q$;H9Oz?2Rl
zY|!swqgSsIfRi5fQqzs=QPKL;{FrQtbKst2o>}MT5(o^EPLb+{~g
z8;4bciygi&>3`xD(UW*ky6rdTc}ZK&Xqf|mj#Tv?{5rd8E#RuR!qW0!tF$aEjpotmDI3ZE
zYi?8ylWRqV~GdNqZIkN!$nkY0r%!&y^
zC!L@c|Cn5%(B-g)=sOM{pCqUBZwt>iC+pPHZco-gM*c)$>w2ac)&WBJNui{H@rnicZz=Hgr_cWN)1V8Sv&@qPK}#R;L@#J3
zb8H2Z11$>$CP0K149+ToLey`0h&KDlRP(87E%nPBeYHGqc7C?91Kn$$S4v2A!bg2S
zKZJgG6#;NoK)zE$@0owo0xc$9L52Cwgr9JcF!KEr1SjU_Z|-e93Km6-0Dj_5k}KhkC&UG?aHcywr2*
z)=5Avc-+zc@U7aTN%ge!2^%2~_=T1KLZZ?4rDb{^3+pP!Pn@3eYCTmCp|<>wacl~;
z+4Qf@3+b?#j?WZ4<8*5If>#}?ES0-R0iV7zJ_=qj#hmpb5ONSiEvnpD@$p3#{>Aw=
zOv77Jz)R`T`X$@m6&}??ich;8=-Li%RR!=2ECqVK_1u+;)b?0Y>~rFk{Mi1-VDZ%C
zQ{b0;WOWC2-p&KmZSCojfp5W7nz!_6Q`I%)NKHd|Es_1$YRS?<2O1^FL6T&3SH5|g
zpk#ia0^9uuwDwn^?q!K-)~3vnlKXks{`o>l7rD)FYar+pP5MoJ$5z|3z5TTP;^q8BEr+Tvr{jDMsdX;IGxy720})=TZKt+Cb9hCzzkg|N+eck}0m3MF;K}tpSkpy;d2^q1P1`6;X{C|-#_s|F^
zvp)FW0}^jaU&Pq;Xg!VCw!ACxSEK=bq!3(#+A;po0?jKI?kq_}c+Y
zbyi^X1PfKXe@#zh>a2=_IjI3;6(hDx2s8S+dJU``Oev|1#3W4w+-~KE7c66z@(*11
z9Y?x(@^xRiO}d&_tnJMbrhhyhNYN%5d5B`#pJ6Nx_wU`N^GWf@xD>d?;{Eg&x%YhR
zBgXa#f+PuNr#`xye`>^Ok*!|MmthgnK#NIvT$}lS-*-7{h4Zq<2}+CpkAC2b#24q2
zE5}|ZS3WJz_WJnI{bW7Us%&!u40bhowf2Hn0=^{vMVORM4Zkz{3cPl0z~23!>)YF>
zdV*h}%2u3cD@sLDiYs(~yee+YNvUs$JfW45@rqA1Kj9gsVilX8RC!rc31*^himg2ZdaUj$#?^`>
zO!uBhbvG7`Bws5#F2qQ7F6H&wp^lgrjrkx&WA>sFXM^*2XTi8-!wEf)DD4Lw6E&NjHcIy
zUwi6`K_)v!f!9N*7DY*t;$x}HdS__#5Jy~B8;CgR)FUeT`icCa2p3SlsggQQ%91*!
z+!@Lrak*>nUT+8So_pD6(R%1nwz)sUEWk2!HLoZT&ItMn;R`={r?RL9exQnvZ2yP7
zH;;A?gB1$M!W|Da*Q)W@gJd>H?n1>vP%ubP1$UILW^VBh9RvJtP5i%=NW|4V%
z_NBqmefNF7&tJcPet+Ee>-fZVuD$l!YrWT6@3nTo7rUkkOA=Y$i-yufZAP1GA1y?7d*^k`cPfU(>@C|82NOp;N~XKS7W8u5XkDZtKdJ$1
zy?NDlT%Mvil(vTKYra+ElYK7YSQFxzOYz(D3ab>FQZE7$vz=BWn$o%d32
z2(mw~J?*W#^q^&rqitD9Fn7;$p{>@1;N+aZm387q(XTg!O5lP*fbkyeUL0G)U47@|
z9=G07HPptX(VOx332!5x<*834<}KcWd!Q|>X4fjwL&(0=qn2fOdAXu|
zQMoNn9dE}~j3*Tdc%K?V>32%`tnWTed-3ANll!iRP!5#a36Si4Y@$}-ajT(xOd|@5)gK#__VmtBvWYr??5m>bA
zNH1#UMD7*fy@j93{m+K@kmJOrK`p@_F`zJj0l>uB>V9A7F%Eo;ZgfEbPqfhb`4T_~
zS%6g6s~F)_-4Z~=zvUlRjT}>Hlay{60^0=ZrbCsvvh&XDt{a2+6r
zb$gOn1iiDq^QW?Q*dangf5XXIBS2F0TJ14w4byxN`}?O4IPDtZSSJPc)Yk(i3seG)
z;Y(G7ptS|AJ$nYUw&>S^-o(Avute)qb*mCzJ@N%zzdET^?Q2fKD
zLXF97`#NE$!&m0}u1@ZJ-&;B@Ydth2K)Fyh^q0W?!mB@jWCu=Qf4;$=mtLf3H%4ie
zz~+<-dv_KdN}{$F9#J!ZF*eZTNq8o))${y|8sjGRU1pVXJ>Rbc8z9DRY1@_Z-uyH;
zRq^`G7^vX7GUonkxY;YCIW#x?{$O~t9vf5`S=(0mASwGDhVf6~KSWkX?
zNPwQ6I%zDkEYz?0Fla*eOAFcbN!1h~D#iB)f!5(qWO{Y^Y|CC#%x-L#XAYkbx)E+;
zGMg8=sI4JF5bO>f7XhvL1Z*lGGH~NB!vFHneH>~$H@RA5eh*BssP6pi=Qc=c5d?64
zCES083Vj!Vz__v~*)OFX7F_T253Ti2ga>e!EQhgXL<}965X%83#QxC%IxK9QxYIr~
z??b`#HOV_*Mi?D&5Kw<;nxk9b(Am}>cd1X$(b;hbEKoYPa(|xEk=kqNzwP<(o_0Vt
zYAV*wK4suIU**okXK3aS_@4jxKVn*}%Ip?AzRK6?5r54xxZ|Ohw*-bCcYM5J
zeYq-5r7LD-+qx{g2~7L_m~8w{wg>V8Suz_u)R3wlV_Y*`01m!D<=RUyB5lp?^Em)R
zd9a2hQ8aVqSPAzNd33V*^!(HZJrF}9_8e;qdYnR$Gxrk0=v#8#(Q|S1U|8>c@nGPx
z2DWWJQ~u}Lf67Dh1a4*%m9+i~jPE^yJc1>Kp7%HdCL6hO&k}&qEXg1)alNJ_lcmbf
z^i4L5DfxVGpFQVttT=}*2Bwh$9Pm@KTYTTnyZ>xOxpQhWe%D+15*mLUJwIvBWf
zwk@F{2u#7c_Moz{NJru_E#%S$&$*
zMq#o#P5bOI<>j
z9KN2+^P->hN!S)E=7=7|++e>qO9|_S%UBN?Ka^E}T?ut+9V-}7jPA9Spq~BL7??-Z
zJ`batBTo^YhrM8f&+h0z<&!_gNs7>yfIkC3@iQj{GF*JQ9|FSCokz`|z-jX-0EIHt
zY8HOV#7{C_WDd8OhURGQ#jXn(*0x|?MXB-CsarAYcp3GB@Z1kN2}wNg+?D+io`0Ty
z@J+-HNkCspE~9`rP+RklsWIXO6&>7N*6kZ!TQ8N{N7eI$N(=5w!fiZbsKKj#W;ce?
zROs_oL|trBKKvh*={2H33H=MsGyaBnqe6A3U1QEN78o#ic`
zC*jN-xWT`6?5%3D%{v}e191-H>nC|>-8!PL%#ZDTuB5m^nX?l-S{oD6{OX;892cVD
z)fuKJz5rq}dJ@0Trc4!CS+3NJa=t;8s&DDl*aDiak%a1HIK5GzD!cOHTx&!6IoK+Q
z(|Oxw&4*!aiJq>jD2bVsrR-jJG3%XfcQLqO0lc-$$mTGXIK!1Jg=QPDk-+Dtu$!Da
zfsGz&`c4HDUga8=3rJgs>qwz%h!)91ddGik)(77!*6=EW@%I{hfRS-%-MJyBl`=CQ
zb1Su7C{Y1Ff(PZOzJSaLac1ZV8@>E5y^yTCfSv!QrReT)Qa$F^7c$1qVp>>Z0p!zS
z)5e>M&R57&V0#06NZ8)1mu%pTM(9)k$wQ1-olA`^D$pUjY)-QDM_d>U>B|~|#m(u$
zL??6SQf;r~a@V|$zMlDtOO@F@ajk8u)~@cyjLwmpQM;^pFXdjp+}55@&XU-IaVQR)
z2lynVLuW59Qe-U9_Pb562l2;8`B7A
zyhOt(tOVr!hm5O8b|zjtA;9fF)n8b&>9vKl39jJMTPXItKI4eCiU^G{G8Zy1@-({j
z;kL4<=p4^nqwa1zYO#^6qe_c4Lys7?njvcaFC}_UszMKIuDOt5G7-x;A?KuU`VN@_
zKc*OcdSRW}oE0
zrFrdkrBTO!)bD7{t@`(?sXTX9T9QTBg+*tkg|xTs-Kuy+aL0YqBYC2{68@$IS%JHH
zz<@h^>h5zJ%PNLedCC&`WfH?}5^&zMysl+n!~7*A13`TA04v+)++8aPhM9|U*Yt0b
zXq#44gSlu!$H80DNn&3=&X>c3BH*t)55s?T?9reJrCCpvmZi0}nYqctHr{|=>>zIV
zToSuoVP&BMqL6BC4dK$dEJQBk#@5D?uJ+I7cpqBa0lyecbJ(#%cAdBhJHLYev=!HG
z9_XB@p=XEAEzR*WOzpYkeDay)uLc9e-mKJL(7t+`?7o({qo9W1w>i9*dFsbX3PunJ
z7(Q=KeMUmVN}mtjK>+~63PH=4lBv^-782lk-4_#ckgbM%TJ%*P6_mGKh$PBeUxy4>
z9|vLIWToNPNt-^bBQoS(z%%rxWhL7s5H>%XE{z?fRNOdvA
zCx-`)CWkW#zX&+xa+?)%nUZy{uzh1a;h-SkIoiMmgf5wa{SK)2J2a^k(KY{3Delxq
zr!~qW~md*(`1xjK%QNsy9K5hmp_psgbub!Qq;mxn!L+mJwd8CjF&xhIGeX
z{0x3uk!PGc6KU=S_H?uZyhS(Y%6Q)z_OF^hAxMDKO5*>jRz6JpvP-K>Q$#nTd#l#a
zjhI5IbHQ$vLWdwuGcj;|bcu^LWdiNlJvJ2bH}>M$YM9rkqe$-cU=k{R0odndPfnY
zeztGc_n;a
z%AM8BQ~!ORiCJoVP&{zp&a--N+kK}nhy3-yxu<)I6aO%FU$)EvAuz;+Y--0tmj
z7FsfNpQw_ba7+lm@S}g4EGHP(L{8l(rjf@`XrB~Zju^@d0POgm*NoQji-lANGu%xi
z%p^jC_m*Hd&ToAICsxcmDLMfB!WsFxVI(ABzgUAnl_`QM2V*iz!%B^!+`!F3pj}M@
zK)X}}vIzgNO36AIY_^tMDRe2L0N2&qGZ)q^@FEX`i8u0fI+;2M3rMZ;0VKc%f&h?U
zmxwRt&fD-O;Z0_Y@rf4wNSi4^W--YO&LIKd6vW=pfSdYcbBTiCkcJ(>q9vdj
z5>{z7oBxz|_FS!!M%jb|HOQl^ObCIigK+feo*`j~D^h5z+ON-sp7FqM8qvPPG)I`~
zBTmv_p!vom!7agg-PD%+@CFmN6B1i>yMs}hf;d1;@SjO0A4O+N@54O+oSRE`da;DX
z`p@dr8AR)JC4h*cVO;%REAsIj0YWTy*tV*fD)2BaC1%VNO
zSB8YmK{hNIA4j-7m+0KDfWmbM1UNYF?kfg@Np;SwI#&uGH{TCRYzhOIa`cP>(?54n
zoWg+|78EG|?6dH3@!=0(cyxtNcE7ZW9-!GTeLJ}qWQ&S#TWj34LS
zQjaUawADwjs(q$Aax3`ziMrBt5Y|K)K!@Y);!q&%se*f-%tFgQ-;hiGEmX6VCf=C8g>R0vFG-+J@~G)We
zz$}fABhsErOhCxr1Hdt{)|oF7NZ@rF0beI8TW!w1|H@-;4c3rt-ByQx6xP
z@Y$3k*9;Dt7QyUiy1gbzNQ@foaCoY)8%;QqSp(5>%*Il9cq)XZY@>5DWHgbGc`
zt7P%{z=`{}a~#e)9BlAeeF)qb`1!`1^fC!QgyKz@k}LRf?9ips2urQOShOf;5!`Tw
z4BJ_`x|>KCu5@OvN`e3I6Z)1}m)in|)`PK7DXBUgmkD5oe6P)&fgISum-{}z6sy28
zxUOcRe;iPOjajf#abtlwA+vJk-$W}$*>0gun%%rKbo><|Zw^_f(wJKrkMh5eBED}p
zaOAv$G1AintcR{Cdvoo#N6FxKkAh*NO_m(t3cvu?_f&#(N*E0Qz){7+6{U|eglCX
zk(Pn<7{Hwt2Vy6t!%77MAiod##r^{0SZcQ^jR;QI8L2{1w394oz6ytdna2NhE9=&=
zoy-Mxsa5GQw~)@5n^?&p_Bh}2F64=@NO>HSbx1S{&aj%v2`_w7$P|*~4mec?R76@K
z@?Y_rl)le=3%wUI92#5lM}Q{mBgOLY{Wyv*;W!f3X~2pHo{&m#R;)c2THPPpLKzWN
zVS@wG3T>0O#=d2VR{i%C071UF3BJk1sh0{0^8YMTf%#cTB*(d|#tQg#M2$rSoYX>K
zFv5`zq^+}kz$o~pKoykgFiqQxm0@K#2i2{2<45-q)Cr7d96SwtLM{>~i@@&<@Mav^
zJvia4!Jvjq-Oba^mKWP?=3SyY>3w{VI8yZOxvy?FU6&hwNuo4fO5G6Y1@AbSCdayp
z4S4}?RL<%E9i=vfLKf{s^xwc{Bu
z@fAjfU-CPf@X_9`!lpmTwtI#k3tmph`zxD3kDz({uM{K{2Y9+ne2c!QhI%*fmAeH(
z`Iw4%^)wG0G9Fjm^FE&iI;BYW2^&4_h0jm9$7%aZL(EeCZyG{Uc#1bCtTRE#V?HSi
zQ=&euxcjFT<<$T3kKs1oM4i4fk_+Sy*sQ1UL+3P
z=|b7d*K23VGC{f&Pc9Z*14lQD+X4{5&*=Yw3Tn>??qUKfsf6$YFEnE3;CNzuqT9v+
z+vl}^f$xF6r}MyF&9}=I@i5&M4tQiq{gMtRR(f@s1x%-uQmi|Hgqi*JA&ttJz25dP
z6O)Pkz~|w7%WfssKcUW3&S&6U-MTDjasB;!rkfx~e1}32@t432k3+GDM#jW;3UsQe
zvH{e}9HK&iLCForqd{JFMC>@fy~tt|I9}9_Yo>4S$MtYAfwWFIh{(!0f_YFR_Cc}#
zeYr=Fb;mR5Py~GaK>!%wPiN)(Emn8mv>2XVro-?fnCmh=k0oyvIyNWY(JJi%>(uAO
zI~*A46a2I!hE8CkK*$RtFw?9}md^xp(}^Ob1oh#_gM6WIIu#b*crxAlI>Yk3pEHD=UVC3gj1G-!=ai
z?ys}JULB0l^n}2wZp^2@oc{k05vdHBaUAAyE>ag`Q1vDUa#0mw~as+7~X6j(OCm2Axb1EYz{sdQZndko8bVW@h0WNCwtVbT%*vU^5@I;L73
ztjWix92c^N)P=Ao<)qY|ZwLG*oc{V%VXXa(VLu6^0IVbyL|HS>!EHDAW=IDDKK~^#
zRgr%P417%rgYj^JPM1MJXOIeOlJMbZ6UT$acsO0?vR6W;5<2BFxPGrmQ57WHe5;Ni
zC!WllQf3@dEce|KR*`|N0)SRuS$>fr9+aCl*9$8
zjx$hpKsAB;Snli^O!PNjszdb`
z0L=7|)j4s~G@4))g}vV%5TS3>(ocgtc_-AUf!1{VA8t*&&-SapsCyC|-)Y2OMJEuu
z?WccRX;V5t?14%#WPA*aEHAiGTwr<5QQ**7KO}Z+=Hv?A94_<*kmks2@8Rorc`Eij
z0(=)-IJf8$$OAxgnKp1Pw_7s@|5+@E}%xmKBn|WFK}ss
zr0Wr&*uRVI|9ua6%J&mtr@Lp0>m8VPH!E$IdbOjZdIHaX3So8|Hh*;6Bd@q=m8
z08=+(B&&hk5Y^7pnBe9^m-^QE)eUtiB8IPlNX&v=n2&PPjRnwSTENZ4y$WTGI+z=9
zNPUR$t9+(ga)tROPj$tB?6pAOJrcn
z&>cz${r2(h?ry7EZ`BU-%s{hT_%m+><dWBw&jdGh#wz(INZ#plqd{?C0xb50~U`_Ck{yqYbRw1kera@-oQ(Ouc&?@Ne
zv0stwf0v>pUGg8TI!75rSA-zN)_uSn2X3Q_zhW6wC9pzm+gr?;)PU&eW^sx;uPEH~
zadfKN6>Vol*Wb;-_9Mn228`J%w%=^yog5oXPims<91i>OG_0b&CEE;k^A6}Z<
zpD#!H90$%0%6G?`?-5(pJudEjBnjvF)CbhoUv8C^OYX6U*G9x4I~GW1A~)Z
z?ZGp7vaG*qc{k(oh~M2ls;&ebge6R$v_Uk2$;b=!ZgY)^yHbJXn+G!=J)MJDDiINN
z%v|%ub}DQN*?`~27XkS4#=tq6j#XePdF{ymK-ln&q2K?2oIHgcpW}
ziF6aDdp6>fhX!v`m_5T?I*R5#InCTA{{5Lo_2usK4q8c*r?An-$~l_;?1j`#sP6b&
zm>>EV+$f5Hz4v5N+$8D1$!|bTenClyKBk>2u1`cAdCV#zJ4U
zcI-fx_Lki{k<;V5LAD0@p0jUhFI&Cg=zWEVqPp^<($4U~E8T8S4VJ#JOXeR5V))!c
z5MT=i*ib`f>9Z5HhvXtPSt$|nnM$3~r#Bl2mBnr5gl#1>4D8Xn{tAj-!&BYUL~aO6
z?j73Mud7O3_4S4cY{NT?shtS9C^jZaiI~a8@5Mq%UK@E;Lhuxu!Senu3Y>An7sB3)
zGWYc4jXR=Gd&h^bbM2HYxOi-w%Gr6V^JMJFN*u!A5oK2a;}i3$izjD{CRGF3o_QJV
znN*ZB0nv=3NGOvRG;s{-@_qR;IuHCIR
zwUDwO>1
z=UjF_U7H%tdD0o{wQZI(FpxsWvfWgO<7(#kdauZKPX!fszM%St>QT{lZ}{TEdF#(Iu^_ljna}D09-yPrtUcCJ%5drtaU{$l+U9
zznOB;>Wz>1;04zXmNNLlyx27`&%iwj&hf$dUU3vbdhl6^L9>QF=MY@=4^64n!XgH1
z?H@-SZI|yabaN(gu89e>%!%3T+SI%iwAHXk$e-n+>Ak3`iX`L<-rMpxw==&%RRTXLfaZ5P*%QM-I#PUxx8Kb{_)=i@(8vce&&2jwmbyp
z^pD)|2iFULXxj!@A^*89xWm8AV-*o}4n*8H4)=UAhhpW^euj@fce%8hD=c$OKe!N%|+%XN->CR8PqW|RL$vl&x
zrSYaFfPlt&J{^62ztRe@$7sauVr@2z&gzT7Ma86h0{c28QPV#}&E`oHkOWaVL?e50
zVk7NE8(|yvjh-&UUyNb27NwqT8vf>pR{OHqPv>3{7WLa1hf6No;|1SLShv%)G~!I4
zr`9cV*x1eVb{Of}+o?aAy|r3ITl<5>2XLWh_P&i>J&-Xahy+&lcnmZqpFI4LB8{Ri
z@Ouv68-0-d}HmX*_HE_}N`GNF}Dkjb)
zP@owsf1h$E7X^~Bo%uT3E?F8y_Ys3nDB$A(6oz4b%@RFCrLgaOmThWYwXzUjzhR7itI&&=MAcD*-YoOHN%e*BsT7S)#$b?f6-g5
zD`QO7U?4DgQWXh8vitAuTx<=IMUh)3k#+O;2(;Viea;oU(ZG1hDfHz>vs~KAiHSyY
zYr$J0vN_M3Iw=W-`MfvKd)Z2T*U!b3?x@?<
zE*zgDQN~7pP}-*NIzOB$minfbwHc-(-M4XP?qQx|kMx6*B+bmN58+It=du=_&VnBL
zp(G~W50(qPz3|ELFZ2ORjTFNcGdmSuq_d1By}4gKIZ6pqX-(<|rOOW{gC#y`4#kMR
zx9lQ+ay|b^tukRuEng-WBFO(Xl^rkxNlu3y03HI6K<1NqUvRoBtJmTIxNpwR*A47j
zF%$;4mr#MbjSqhJ@TXdWZP#yv0lVd>QkkD@mwY?rF3$D$&ZjJsY`0Al2fXC(3{sgR
zC)C|*Lz>ycd(i60fg5u)#m)p;qe1Hzm(VhsI|J080kds-QGew{Wl4VZojr-S*0f_g
zuw^34t-7$j?tJXR)r5zgr5+4D272|DjcY5k7ujq3jCbZI99YCkccLF**zAPQ=V
zuEuwoYh0-qjGrk
zLHb7}y6#Kf(Q*9=CEN4J3HdYmdt%r80+yi0V&bnrg3{aAtbaG+9|#mlcl?%G*adr|
z&{FsP+Qi-2K0W&Ui0+7W+Rm^v`?a8o$8$%~$2}LK%1_G(i*-H4Z8mGj4Cr&2s#G6)
z94$w4e4pDX!TekOF`sBUzu~4Fn;As_Kvo5kcQ>GjMYS;83h|!3$Ht4#^)}rt7e!9
zmgf{e7*DdYZ%!+4^4O2atODVO0p23_u1&vn=}dH;
z_>PzEIy&?2_Nb}*NR{Z5AMVb%s~;!YCgeRjZzw4ODDUr*8+l&aNGGk*pvbNI$5|eI
z_ZLQO?$`bD3u=}gGvtlhIjSB-uhK92d3$TpxF&}+bCMcTaW6-D+}^3NZHB$H+prnb
z--3qan#)#3q7(AX`{~`sc!L|)Nt7!QDkU_cZVG}K*EGWQ^+v6dHpt9Uf;^K#xV!C(
z#FvbFh+aCa&QyHREL+Z@q;R5fp_q3rc%iAb5O?dR)F76JF(a4@-*W(i4#&`tfv+NI7~IOXx%EBvf;auk8NoKK=u2L&
zPD~H03-*e)Z?_c;M^RF~6*5>H*r-jjnTzam0YFAiW71IhVHpy(wK!o;m~nG*HA;9W
zaeKisz_MMde>W$cH%)qmoM=3EuuyZ}&7zRmOgI5$p&KeXAU)hG?ETy`x!2J~CS*-0
z0->94>0HqL<%%~FCdmIx;JadauVRm0rFst0r=g(d$6|wNl%vio612{8`Q%!u8NAdi
zv*C|NG?ktL_eHLUe5#z+&G;}S@k7&f;elrN!b8z+`4@riAN%j%jhCkueiYqJ
zdakzB0frNM(uL_~u@S`f-Ergp?v%q{SEgJ0dfl}`kADN^4hs>85p~WKl_(6JKL>PT
zLBi`xDX+uZF2#~bbLD$Fi5_W{GW_=doOm)k=>EuKWp1t8)25QAVB6|Jrd`d(=~BK!C$<@~yq40A!PW^FT(cu-c6%=wD~w$EOE7>_c#9dFSw_#9&tL%NOXcp6AbG
z)XaG+=j3!Xa}9~bEjx{@?=DZoiQQZ7)Gc3n+{9&#I>}d?z^9Pt`ISDnRTa?4ZRv#a
zwG?~HrtZunwmnU}&^hUCyt9?>QWB|5q2R3B+`l{&m2xM;V%QeI+WnZbqAShXS|dV^
zjQvW2J*7nrz$3XjqG)he9&>j4!mJ-{x9MEY_b6xl
z<%^AG@vsj`${jUr;yTc8l*H-g*+T)|c4JV6VysT(VkmA&_kA(k|??N|1i=3UUO?$VZ
zIX)XBkw?i_z#h7t+Yq=m=TPw_B2d`k%Pjy~Dto-?1V81>Ipxj9Q?Yv5R;>=oEMJsc
zQ?eBkwz!LpuB8@bKzyyV+@k6&2ZO}&7)tEt*zkyU>~=hc^iszIhSr4g#+Snv(%`iz
zeJ(OCc_CKXn%^_$-(2iH7ArE?s|KzlbT$b-vswM_c8E8v_(c)#Ax2h8?`LN0wH?@n
z8>eWuzRPF1nc1XRk1Ip{6>~;8*C}jw?8Rf*UET`bEl--;(E<@YvzK8`9Hkv{0$9M1
zAWuSJJM-NNLpCGBtFscy!wC%9Z#94Rto>S0QoY<~orC-LO)M3B9B}b3ILhhWW#nz-6s!vnNx_7JpYSwVJ|LWkc
zG>BMsWufdYK41Sr3}W-?33o(xRi#tUSZNam!sX~5oHE#^%hnr9@HW(|3%1~=L=pA5D_?_+uZdgZ^NWT`VYp-cb%@9>-1lz@O-7aDJG(|^=*x|_E}Cr)tl6%CzSg^kwR=qLq!z9
z!_olz?5+;F{K)N@et8pJ^U;D?D%Rz)`>h?LhHkny#I~Yk5EKHe;3{KHX*;__{lRs+
zy#7^6M!e=nuY-S!a{6lj{7`k}Ag4Sm2wsttJ=Zs}_L!h5=et92&`aQj?D8cbc_TV2
zX`M6YzJ}O7zmI->zLb7pHP0>tn2pGnC3;rl9C6DPKc>G5UzpFf1B28nR9F9yEn1+A
zZ=Z;m2WE^nP>s+ayg?&qJfl)~;_t4!$0*rmg2@o_gnnMaz*9
zdgi=@JI3pdNt^{OpM7lt#@kw7;g@F{Yy7&CBwoi!E;F`WXp#`GFwMQOIe(^{;YDbD
zBFKYYpPy1EzOS6fCwJ_})Qh;uHZX9;dzTF@BK}oHyYMJl&v~1p48e-us!X}|T$I->
zRBJNHk}_St*CKd<$D08;!4UTSzzgjAi69=F*bM|2%vMMSh8>q`x4k~VHix4ZK)98o
zW1k7<%h78mD|eR<(J46jj17TjHDi__&Un<2DuZw_n;Ym^j;mN@an!p`qp)T!_LMxK
z-GybdA91MSBuzZSu7I9SRd9y@0eMtSX>#++xtchw8ul{&%8$0JtH?eGci^fUh0M%!
zJKme$HtJpa9=me+&TB_YjoKiPMei8zs{uD&1F&w1N7P*BUn!qM9+>d(ttMyosQvEx
ze5XsA*>ardIE6hn+TB}(WkqkLeO2Xs4!I)aWGs?)tcS6nC`otHf=oc7cn1z@A+(Q9
zeUOA38Yb#@<|e~S=FEg_QgU+0I<_PjgEBoCEfeV`(QA=K#ipWyH3e`Cp(
zlq%a?np?B%yAwELK)Eksyzzw_I1w&^e}_1`3r=zo?yD+?be?Xv`mU&r8agbVpb&@MO4@Ri2q#vvXJ~3!qR>utCe{kF&(?UeR+>3C-#6~*)^`ot^=3sRPo&xIzBO~1B^k|V
zE?@SZk`uo-_9|DdH`7yKtjLf^#%gHYZK~gZR?Yj~&F9_6MQUpxsF0KWR&IJ%`lW~F
zV_14k((=U3bL)#cMArU*K0*J~(>g!X<*k=Tk!kF};ColeVJ|zsS6afOQbtZBtX3m~
zVf--%v8J&&z(GMSa>>0O3qs5w8-EHUy4>;K{l_dajO}R0QL=GWou3!eY@G)60I7uj
zve2+SG%49dt$Hv7hhUv+kKDFLJR#;%j4hqOTk{8#ERSi3A;n4b9u;za!f_v#Q{
zPTF3(Ho`jR$h^c0X4m53cTdWf)?6Z+2xaZv`HU0^oRZ56-)Q)__s3pWTd1%$Pzroi
zVQJEQWoP$wKDFu8Y!6~MOL7IW0~9l5XDTM1C`&Mm8oBBA^os1IIGhA5?{2~3sVtPb
zOEgFVDka3zyTg-)J@~ZeAK9yYOSp6pXwX%Gb&CuER`%j
z?U=p3v^2vTKc6Etzo0~OXYSja)%I?ZQe{4)*M{zGcB6SGw>M8l&4xmibB9kV
ze&bX(bRC*=HSqfe54MB%zN=`6(s+vZY2m?UbptJ!VZy0ygz&!DKUY<*EX+qS`sN-O
z^zu`q@EMWt7?E*M%;*dF**q;QeO$qPPsBisH_?8yr=`e5!wnJF6YviJ$%8q64X{E+$uo!hG^;1-oW-B9fwG8}~%@Rs$C_q&~
zGi@!eT`~G_;R;-aJ9|?xS;)A6mJ;~okDzozId>!TFXAAkAsi+A42W1Ize?nWWbmV`G{)tmt|l^SyJP1dUaZ2JYtxoz+#Xzvg42aq57-bFCr
z7$#!^NLpSqw?NkE1jv*07HUhIV1C`9Md6>-0x^L}!9&c!^q|21j0C*GJx!3mnpjC!
z0Z#@;3}*D?CC#BXKlG>x3J|~UicI((`ZAwd=&TZ)wpd-$`v9o##Xl)^hX;qg0&tlaA?k%e5g`AZ&tA7&@Xp9F
zf4^+I9V@gt^Yvk9`dRQzbxL6LcLC17-yi>sW?d9=BK1S3SpNMdl6LT)V|Hky8&R2_t>pgmdgKiZQIX+P3|bkPiS?F?LDKl~CthTupEEh~
zm#i>;yvGUD!&;c;5VahKxDf1pt~WKvwaowy?*Ag!HUcR}!4yXPxqk@iAd&1Mz%{)E
zpo#x~7q;WXR=*g%dRW$2Q0{ND2MGj3^ZyIz{|fj^i
z=fjQ5&?ML%`GiH=sLaU}+)6j_xa5%1W8rMm0VO+?$#Ix}<^Oph^sN8gPX9tXZ6D^>u}R8z93MJFV3U!
zhk09z!QlDT>|p3fm3b~Osr2A2gmAb5NJ$n$B)uNR96<$3>g*Go07+)UAZ}`iO2t{=
zAclpUl|DE@6XSomtwo6PSIq#7VU=bsI3D!St@9TO0-uwxgdVv%!EpD|Imlbm;oxXw
z#u&r#_0KS2Qn`GxfH{oYbQ6MRvmBUDFjWDJ)w04yW4W(<#@`?8ko%D+A47uC5h^z$KSWJmP7No;q^bL;ztlhDEpr4p5T;l}Wg
zh8Q4Pj4xUTmpP-9g>(+rbnx|{1C|5kBbL?@PytRj*a{*#fHnaQdLw0=-D>C}P9%Db
z$N}mytvi8z&R60a23BolO)431z*rA)
z!0?kL?fR}1ZExf>Q)@npA%-8}_RZT@A&-m6*sb2%++(vgs#0k2R2co?M>1lOS$M6n
zhZvnQh#jgNw(gkRbr*FjWeJ0EZ{J)^+v(rDxu!Iiwvs1EG5*~LJy^E)tZJ!Sf5r<6
zKLBe4$HrcOv=NOC+m$v7A*A5a6}lMYs%53`$;5{tF*;&w=+&bD&j`m*R}PrUJwR++
z4Q9__Ahy72ju8uu+l+0t)qEsWI$?|Cdb0CV{TIuRyoM!(y`;mGKHW%!4*}n)dwQmw
zwOnH2d?{rLuH&u+-HvN2m5IuYn~ME;>KB8l+1gIcjxLLN6pfVWIm^Y-94$!)MfUaE
zy*_#0r8@c@*Vp#0401Ctyg5&l?=o1TR<_FD@pa-MR5r)fiesi62Pwkz{Bq5>3Q)6x
zAiXk;84>1t;OIbx85^+hHvCN80be)~;OCKE6fbrSsY4H##fB;f*V%_PfF3@7AMIo<
z&}XZ93iA=ss?Z~}q{Z6x%f@%01cOY0m406AW!CRPQynQ0GRsFVf$mtk@LtSL1xR$=
zm0-|GoBR80V9FuUN{@uHkYEWyqlAElKPKRn(auHw>Og%#?m%V}#4;@TeEO-tO7Gu?
zMgclBJ0L+indC7GSQ6uVduIVTSKtk&3g)f0pgS9UD~ZMGyx3PT&w~dEPVi}c1{r+$
z-}~2z>WmQLFgi{I4F&Wq@u{>!tKPkH;ko`!;p&$~Ol|P-k-)(Q?Y39H4DW^6iAi-*
zQr;Zw>scSY^3JdmT%srPHLk(BKIvubEeO~g3r`z9cfU;Z~h*ICJvd@EM
zKVffJ#&|FexIYv%lqd;b9J=ld`ibd)iziybEfm8x#D7J=+ZoYIs6eyNALRixgj~j@
z4`0xZT+QE&g5@)N`FdJFFV+F@tdqn>67W%eYp|2Qq@KL-g@)SfWAO$5W!U6cLwk|B
z>FS%{;sv|f^dg&WQ^WQGuuts;KG+yfSkwh?lNcn4>M0;S1^Dur(A%s~rtLbMdG#u%
ztiEWfi7Ln*8#G@7Tjy|bBwLR+1vUh=)FYBsP8#WcKt?U
zb8}d+H*JwKXU){+l>jdFzKR=wHrOT9wim$(0zg)fC(iF3->ETRU>Mjlnx8KJbkzR>
z^W<~=wX$iotlNGJ{gV>O!p;j4_cYGG?F#+e6s0F|v3-`G8NBHqV@K=+nKX8g0s5gG
z3YJE93&{KdQ(F!GJ?3X|0!kd-yV>s1JSdk)(fx*2V?!{1W8%@$$qU)77RxlTVTV)X
zSmcXf`Z0DLcg?EH#*b$E5&|PnljI+BLmyMV8mXUZNNubBx^$sFahAQh!inWa8Z`~o
zg{@Q6C9QEHcf4;uZJZyRL8$yp^>iM8Z_t+qn~i`A$@xRaNIA2A$xBwuVQScI
zEL$4Bo7h%+`TC2CwFMClzp}+dOa@ia?7$d?zGJT;MwFGNx^=NR_E48KrM)#5BM?ji
zEQl4c&2P&HKwMGNlk=o$IoCI=;o#fM9r1NdrE@(W^a9dfsjGuH_Q35ZkN=j4H6
zSbzgf6zKk34kui4=sQ`rMCk(_-i2QSnOeaBndQG4?RLo)!EFg~am+{kgQHxc@;^Ox
z^)jY)W&bXeLG4*KKfqb$JiqXAvGI=oW4D?@)l^v-)r9D-XbF(523EavPkor>jdP&o
zs9`vL@QP#kY$UZr^I$dJ%>90pp1ADRnpAbXWMj!~{ri+dCa__nY+W4Mw0mSo7@R}#S
zJ}F&GOWaSbl>E3q4kE{yV#WV(Ya5-4DDn+9I$OkkFQuUAE17k1pvE^1gt;?6@M3z$
zs(6&vRzS|nQo{YTMXA9oNZ8BeS!XvY@5zNFt)*ESMQ~Gae(>5>Yl;YTW>LgV)s*aW
z=F2vc`5MO`x`P)i*Yut?p5{Xfa>D$Eawtf0wYTncR-`{ySn{848hqtRn@}|Ua1bzK
z(w(wGm+JG4itXAr+NcIgZh%1h-D|bHuEMzo6+~@pID_-66VEFIAc{-IRXCVLwzV^1
ziE-$$0T$9J01@&tds=r8A*VnQ^0Y9^F{~(T3YV2`PZ@KVA^Fcg5IudR*gYn`x#CAb
z3!3()we@TxHzvpQG9baI4#w9_fGX1zuSIe0t!hJe=Qo-3&nwPSAc|);!n?<9
zOWvzP8s#;1oHMI{?{cx_p7M>FOX}>*fU0(`JtI!qmHR?9XV@f1H@Fn@i<#?E$bD}W
z=e5M)vC{ltAzv%>d5czI&l_KLhq$NCG4qH0DO*bDRjO8qZ&t0sGeq>7KvCsFg@WZA
z>brLmcj|C_`p))%&(P(SuKVUowYMT(s#g49U*CqT?QVEcpVyw)PR2mz|FjRHp7Imib`JOc~Yu>oA31Edxlnj?7s5
ze7f+XUna@{)6@c^`y%0=6ibEE#v$-83JeP{|K%>0X1*G8FF
z4vlWc$m<>VrXSxo_Xhb#$GpcMQ_g>yb{3HFEdR1);3%_(Gq}-m);_*DE@^
zI**;ZE9YNn)_8bVtfB~>3_F?I=ZT;Q!WIT!NpV%?`qu9-S6wlj;M};jHJ}qUF+oim
zGPk$gC7f|ppL4@?@G_tof67ajLPJ?+&l}0TIYxpsf0)F;GP6MVY8F`MrSmUY!AJnm
zu7e`6L!Kvg;2hy-QE-6`LE$^J#*5GH-a~DJ|IMc~WDj27F~LNh!1Ui^9^q);?pw@A
z>%YT&6R3Uh_2FMRx=O`sX|IqIP!Xo2nLzkbKl$a`+fJ_V38@(wg9R(jB(CV(oaK5=
zBl$KYV{x0lpQ+}fwTktvvAUGulJXQP3%ieLDNoOCXF5l=sOyAQ>^K?ViiR!C2Awq<4?H1Ea==CE^#m5E6*9JgbI2!gCbV&;DmMQZ2lUV
zE!VzR6lQ>A9iPAQ>5-sm>vJ-{p@<%C223yJ<1-A!^p?l@w&pbNm;mfj0kBKzF!73C
zW!*c2Y6K3LaO_2Qa{M}3!qs*eIJR?ZtCf9gppxFntJE~bYmTti3drIhYl`BGj1fH5W9wSm
zo!8enY2@wttV%Sk)@~EB*|r8Wo#I=z%^48Qn=2~!V_GVeSfbsI*MPiobEY|Aq9!y1
zW@7t`U0w-gX_LXJlid>?DZQO~rkEM1*C6GTTYD5#(7c(mfQH-$tsO!)7j2&S;O&ny
zvCrDmrg1Agq5kW%jCfkqYiEF)O@XCF=m<=_g)C
z;At7$U-k#}w%f1Q*S|am#RZv($-l+3hA4iB(jNwcxSn#iowXG
zxyXd>1-u_q7aPNFSi&U?QHB)~s*AM&NrSbr&zr-YE4sPe*W~L
zZ5GHc%P02+b5qJQ`uG%qD3fx_E0e1V7jy#;t+h?<7r{KZ9k^y50WHxea|nnVUfa2m
zduX;bzAw_}XPMA!!G(Qnn!R9A7dke<6N=%0KQ262TPV5gx#Qp1R3LCGY0g=ha$|i^
zmaFYM;378c1lMMI(l#L{ra|3gk|?hj70#upW~Egrm!EgHWIJ!7%kj>GD^WzJ!9b;`
z_lhX5g84nC=^JG(!{+T4u6zH7ueT11a{Jzgj|fUAAtIubqM#t4^w27eh#*6UK}yOH
z(t;8qozf^EHRKS&5GqO!Al-<-jO0k?z`GyRbKvuSuiqc%TwLcU&(5{(b+3D^9m$)A
z7%a15pN(nn#SS@jXtGrD!$gt-bhxu}XggGn{P#wbDCu#<#)62!t-i
zFtHZCx4{zm>+OQE5?+PE&5r@G0VLx{24c*f
z)y0ENb8bTPn;8hkqx!-?N!3SEU>}3+DC!H|-f1Fz#lvvHgoi6@b;noP%ZsPsA}AoP
zmy!v9D>!4R(bt>z)5xR@`=zy0=M^-PzFoL4<$D0EfP*dv={>c8JYrTVkqwaDmkaLP
zjnU%Zu*|6WBMmH2qB2c&0Xjn{Q)xM}_E2xT?%!ILhVgUehE1_B
zZ-@fku-UTlJz$B6fj5-Pm^b7AVXIxdRwYu(qFJ0_yH|hS4M<)FV6cctgj%_2TxUi)poA}q
z(XD$|a^qvWkH+o>%YB{hsQTkS^AhXCG?jyM3mkNk=W7a1D2El*ktf6P?RiNQKED=v
zx13t;T68^5Eu-?r{-~i5KajMN{tlV@JPG9|BnzJXkYJkh4G7JjtNFLe$)4mJVhMVH
zSS*NNX#LXz7MQ$YGGoTkYhH|_NR_wB{CJ8(Q@`i1-~4xQ_l5ivaAqaGxj>5p6^BG~
zYF_Cy{d7Wr_fKJsrtM&i>SU#*rAS_FlYxgx-$M1EGqCCC6*oi846E+E_4>w7e2;#m
z$?`3IH8vuNr()bPcrrE!=d$>%=pn&-Tj%}N{jgwC;;#_g9KU%&@!u1H=`2FkgBfj?
z5-qdL2BsUHl~5_i8aM_c=3Qyq*ef^-)8mFeOf#uz?yY
zAJ7>x-6OTavt@jgw?6XEU;EDb*Q%|<4B}nX{vN9R;{k5?=`-e9)
zI5CsWVKUjlE8uQ}D4wUsmWQ-^(3!eTs~XHgxj`83BTvxBA~0(!QV-R
zUB@$_0R%n*8S`K2MEVg0FIv~8avz}1#hEP;xfgc~^XzkjOY#n1rl+6_Ud$~(eLQ@*U#M~tEd~KF%N&BQxqI+m%t!COf!>*v@
z^BsEZp&oZHvayx6OX{zdt}u$++O9B*U0eE;D9mW+f0@PWg2(aDZ<4C6i;4{VD`fLH
zK)N-9d~o2*duuUL0s6Isuj_wL0yq%O$0oE{sZ3n<2SzrD62DcV1izMfSk#1?-;o**lA>?T@~N=lJ=(zK|7y2iMu5vgu%6A9T{pw_u~+qi({
z-L=bum!dAeN}r?geR5AN;B!q;1bsl~PJjm9DH
zu=Qj&Jj{7v309!R+v?GVNX8Mwajm&=c!B}oo5DYne
zDH8;idtRN|ysbWObB`M3I*TIbOMv-_GKO3*J=Y0x3p-Gn&h|7HH_=JHT;z~bK6h4mi3P}>~@v0J7Iw7EyGa_vGzD@l1GLxb|mi43w_O+@#3=>(>
zBHtGI!1}M5gbXHiFcGKEf2OoU%*YzSY{7tZ6>vhByBhD
z@amT)@x^o9Hepzp$f?XTo?SbQGhs3Jh`r+hOS5;p(h%PLxbyKxa~J1@TO&3aU*{Pn
z{F=5~qXlbW~disjFElCk8uopI#g8W`6?
zJ8%x{fS&||OxOS-iZ}uFaO8vW90;vLss&dQ)y8+oB5*`Bbml?`;&aApbCDopVL}kX
ztz+m`Q)V0W3WK8ZI@vcUVShXJx|7ch@+seC+^ie%ljc8vxCH(>Zz>T+CzK1n)3(#3
zHmpu!DQq>$-k_QokrSP7=l7KM)TwvR3z#Dkj@w
zg}=Yf4J*mnt#TXltoTvfX|EC;7$K&W|9pF#_<#eT4qycEXR!2o?61JY)z>rO+SJBt
ziBg}iS)(*3B+-)%M9)ziTg&w5k!KXjgN>?3=C$x0@PcKDQYA_OA?q!Pt=_rd_
zn!*c>b64*a#!2`~Q$vKR^y}~UHR!Na6^sL5c_-CAnL1t)zVbkKp<~fu6W8z3HUBu{
zf;U!MM-jU}6l!iFj*y+J=(1J^s=lXcCQWLd4@yp?JUt9h2RK0(r?**gI0a74558Ec
z3?4wL&tvjqMd5z>=kSVv+a`4Pbv{i10~lygQ50vRzDUaL?i5q1TrR$CG|wkfuUi*!
zPU5`N^5vE1WAZvRm(E<9-;>e(!yQQ9gXZyQ;?lwOm;MNtthnI+=;ZyM9zdzTymy-`
zv2NEJ1EVHVFoXDgR}P>+xPe|#0e9|1vfAq0Mz(n
zV@J&7Z-)(Z1w244=3nSY9C1F~x8D{#0HO~U%YL*T%3vaazQ8Jj-QzG1y$A#yI_Ndx
zc69{jYT=jv?32B=Ot!G6gm$<&?0Gr`TL&>BX3t5^G
z$-#5UgqkGN#^@*O!DUyk|4GulQv${L8r<|R{uQA@wwx5`T^Juyd_GJyd0zptN~D1Z
z5$24QG5SSo^6e8B`;nDrXY54$w67afO0$}R>B{%1AEPx+F1*yELl}i`N}e)fyi=%y
zVe9=2dN8p)b>?G-mfKsKzQ4@1#553A;33tU*}8KGxgAjkzew-10>=TP3v>;`V1~Um
zV972FpPHVY=42J`x1yg_@4OTi*t)xw2j?m8R;s+7N}d81BzwtK9I^!=J(NO?;+{?6
zKi_=clV`wx0zKE%N(~sULFPm{2*e&C;l9S_4t|K*34G!q2hQi
ztYt1v$KzK07|p3e9w4YG+OOUK!d+N#tbn0UYjQ62&*dF(2h8Zd85YG!BaFvFgFx#E
zz;+3N+uMMx?3#ynyzMMKmHt{
zLFVk+A^igExeE8?;71^-i!kP~0tYfTcT7G|iMk!3HjXtvDMV`?5|z{-vcIf96v3Yo
z&l5r%+~gx%U^sf&ibjWLxdY8IU&7l|YW-FTahyaZjSRI-R^9m7Q?;STOqoN$m0`2&
zA>*4Zkf&~6&N=~o2)P~pZU0VvfjW+CXq%ZH%J}z!Z7Um%V*Z07p!tCV@C;JX7&wA@
zdFPv8`0xu3gtn4GE#oz3+T%1Y+4|?GqWc~L841Gpnh9jf-?ZSGS
zC8TlQyVre4Khs!+{G>Cn(*%d3?ADD9Nm9P!W|_%2!Ir5QUBwC&XS<)zDt8cbRnuz&
z-@>F3PFV<*-%|pd6eC{j`R0Gf44kn-$jU@dh#%Z_Fn=Uu(zd;&m-i$d2{z8TY#*n!
z()56gnz#~mfFRiaaieeI6^!b?ZCdCvF!gqMiT0lG;ne4~?-%;mVEv#O;|gErA0b!^
zbZ6ug}wo`c?#^+6;sXWYn5nK%`Sh>?+cWni3uV!;V7p3g!C{zhFn
zIdR-PDkS;==<2t{MbI^{5-|g^)AO#XG
zgq=;|e#Y)Uv+ZG~B3G^g{V
zvyyx&YH&CCu5ed1w>2o7_^g!qdk!1mD7GFu+@i+^GJ%Qb%?=x3Qgi6+Nc>>$NK8(a
zl#w}>P<^2{BfaSlz(ZwzkrDI3+$ajV^En+Xapb)t0u=0x;tv&bf{g4hJ2b0tN`i4q?)|hg)j7)%3
z{wwx-9*o}&Is>5ictBKH%$0n_C7)9$mn{*pc}_@ikKeBLyB_$BVt*KvKZo-Fy}V7*
z2v=9vkv*-)nqKjuKT0p67!vnQ5GJdW{S^45e+{|!u{f7rKO1HxDsRbl)#SUek!GK1
ztw2|k=4Sgphwl@x$CPcssKch72s5{D5Dxr{3;aq;y2qRyjCaCZfXQR1oeZFJ3vT`s^n$Y*i#9rL^ZHy9tF?y!=6bp3%`{VNe
zA<_hcC{v2?JTwUJ4Y2e`gS|JT(1PMsnEu+lQ8jzPKVW`x;GNwru_A=Jj?={*6{f^7
z+!SxO1`h(7Q{tKte>&dsfuW;l5C3wA**T7@*ZFS{`#@kYjR#vOs2CkR3^A8d~0?az)o1nv!J(3B&wJr3y0)fj|
zroBB0;BedPAm)`fQ9Np`H58rv2eyKgH7po1f*aWTPX<1i=PT11hdh`4b%WRk6J9MD
z)CSHeYB!&?v2`SZ2|B`aV!u!8XJG4LJ6Qey3KxLId2}26X^+`wTdfRD25WNbBsE4m
z$@&OK*=-($_CqT#Ed<%7AM&!$atMvyxT&v8GX5l{g}XGuK0zWO5M!EQZk7$E!Od~g
zRJmO1j>DNYU*;7NHG@kzS^f+P&B(WQ8|O
zDlr&S$fw{5_}SCEAdL`+mtFDU6FE48Ur-LWg*Mz9yRzayXI>4LnTa202l&ePa|Bzl
zjahsgwuB4?9#6gg0s-qHT4Xk-{B7Hi%CN7?y(>JgtNolvz%gwYHGC+yzvki4RxR}f
z&>Teh(#BxUWwr*u1e+-z+8b&Y=sZ}S0v#Ckj>jEO7!d*&KuJ~(*wpYM%Akw)S(A@q
ze3v;C9!V~b5ov_E>_o6xu@DavX+pOHRq^}Yk%Hh5`zrw9&BG!+muK@?it)6AE)e9ju7~Cmcl>bL@qW6UC5yu}rPdcuTC-
z6Gvd0QDK{Peote(cAO4ZaC}Kz%0<+`iAA!2OD+}GCVZ-EAK*8h0bd>X+$MVvfv_GU
z7C(v!;leco@q4=N6nO-{8Rhzk&=e6+=Qzld5lA0hoDq0jV7a6#b1F6oJ=wn)sh+)K
zqMr4@`+1vIu-C>SeMQ+rw{;f_bWONEy*{;_R6gyliUg+@(}w&Si}omQ_Tts
z`V~G4w(Um8jd6H%hQ05ls}awNP$>_HFlKFu(F8A+2#@W(GgF%RR#&eYA{FjU1UjHn
z*}p0tyf4&6(4HtyNPRQyQs0$oMBZxUY_*z6y_I$Keb$rH3e*dGv~2y1a4yDy7r_nE
zsJQF=J$N>^F}azat&;7*w;eFwV`6jg3lCyHhIvX%=917RjjY$m
z8_$V{OHrBX&%fJonTmd>+I%!GUa5~GCH5*x@+no?Ep-MRN#}^DD^9P*JMLyA#n4Q=
zZ`^6uYQ|cN3CwF;skDAw&$rUF5P|zVT+BMKARY|B(~RduS`8ber^=*&AOO&Y{kJp!ebys#6>CDbpc+m
zt06^IX3Zl}SrRd9V(Z|%Ncgcn8K2AL>bNzaMN`CAt3b)x_oGxhmcDTX*=Jrpq6m*vkAlT
zPo`-4%amK8<AlSwKa&DptPcvckcx9I#(xS}QDzf4
z(akN1G+aDxT~$@EfT9jyFxx7hGlvW9?G;&Ji%n}sk&
z3fi>3fJ_hxTt~TLo#M}KP{AHMSUyuxCW(u*<-Iba>X`L?y)x?l%LEUrf4th4NBrAg
zlMA6KLD+3Cd_xto5Z(%>0Mt{={iJvDj$qZRRYp)%bOpWX@-DN@ew+g4c8E~8LZrXHdsyx$zTke{yiZ>FiMn=Ki`CK)nt-O=KC
ztxZ<~JH}hHbOSdVvU>Vo09KB^NLsD+wAKzeI-fh3Oy1681ztT@uu-ppL&4Q+M
zEBV^_$kTVLw0DP>W3O%4m%gt(8(KBc+NZ@QQDZ^Ad_FU
zEXJ@os4*>N@8cFwaAKA%RHD0g6F;OYaj`|SzS;?Y7WyC*xs)u}<-f-g@6C
zGrvM*i3K~QJhs4oED3#Y0l$evV>&p{uX9Z2W;ezgj3x*D=0{XIojlkocs_g-NFx_0
z_b91dnd_9REUVSy;WGFLjDqX;w2z;AP#AX)p{>QS#e0Sq3-}(?E$tc%@%VOJPiIXvL!XHmF|^Z=FgJ_
zJu_&`H9w6eBse~$`US{v$n@iCQ`|PKUDm$7YOAfiUKqRLQIdup;drg3xO|-NMGgNL
z=-KwDcyw_viYmSDV=HIf@v>{-%H;HXGGu}s?rU=}7-9`MS#f=$iy}CrFVo{n6T!%?
z7D=C&-;?W6mE=#fd_sEy!HUa_uu_PLU^36RItN}z4cDmzzjEY0)d3uioKgL
zLGNRX&R6AqKim|ly!X^78=q3vFK3x~MBMU3rh>w7g6YuD&Pqd_Tme8$^rHQq?n7i5
z6aWS0h7$FMT1O0A4ioGUm(-aon_=+AO0Df&Hn9|Pq?+Am>xmF<_igi1-Tr=mdgseM
z+!$0b2yE1hP2UFt)y+p=h1z~F*dddiLG+pyLr_`#S}jCv|VZni9|Y!ciN^yCWa89mO3!k
zKgdB9wJxd1?
z^w~D-BH9W-Fk|la4Ja9*z4*UaIKU|A9L3m5@z^iJ89)}1ljr3~dt53spOgzibCk_|&=0+2>hLn)4qfi@PYfo;W+t?4MJkpV3LT;8ig8
z0j}X|+P63x9|{>uhlc8BQ@R%2W&YcO0I8=n+!bj^-yJI7vxRwJk=r}#Sndemdh#Mcua@;OoL7-L@VE_|_`7-W%_UlXB72^58)Ow(?n$Y#Xka2E
z8ze2C)zFO(({iXbi6PF2zUW4;GhG+#4OSkDeG<*}VW>^-!yR48D25+xy48cIIu@_d
ztMC~!P1`j(^U)GVbWrm3Is@;4vG2OWYN}Wj&u?ZZg&WJl^o9qYw)E}?WE;{zUXKV<
zlf$paFh?#=%`H^sG1+>{Hvw*9!$m1IE7d)2XS^d2aP-Jg;MC=R*xP0a*IpVkygp~^
zQ?#^gB*2rX7LC2#&^49v7zahW@AypjJ#-dCtgR|H9j5;p1Eegts*A5u(M8B7YYa2CfHt$%MfL@lipCO*|+yDx8pYJ
zN$ZwxpTy-nX~-!q9$-aTvH~C!7T?2#Zdjce;-6YHYxuC2Bsez@d)BVh2h7>Gg7&b?
z6c+k0kiYGVX*aFNru~vpb_-r4$jL1+v8JtHy%B;|o`zwillg_%Se^@Cc@(4cD|qZ`oaQzZD=Kv8
zoy9;$1}@ubUey!Kvz{YbshcTv^68E6@`|Aul6ZPtIa13^g?eMyv1^h~?-4R}MkzMfL|KshhvTH58E=V=5w+KS&`=Zj$~Mz@;!9
zxS10Zz@6da1m+&5Azm@(rs(n#hgvLydGhi=ti4fr=14)xmPhbpTeNa{L5df_fU~Ef
zj}UK|ssl%B!V7xTN)+C?qaVcUYgWFr@nUk5;KH}+{B*}GNTZ@nW2}h|N96(gOjB|p
zNqio;jS4Wl8Y01LLc~bYitVg^m1t~#KYJPGV(;HD7vE3?Z+|>=rv6UVY2OGht?4prU&4T8uq@_kRFG>g>dYs!LOg!~CKSpglwFZMqis{Y4jX;h`FH@V~F
z&m!73?<{f*=x#yje(#vsOVC8}hE3p!v#XUToch<-&H1Y-innh0EJU9v(B}#sT(g5#
z#1P=0;b&TA>$6_&VOh|HCaZIBzLB2N>5c3h|D7RGj}r`b<4tk9*}|^A+`dnD>9>$ts^nN+*Rnfmi5qe
z2djeT@K4RwY09%Fqoh&QE%d9^4ImB&{_X}-a&QdD2A)h$_MbUhJE_n;rYA>xJts#s
z6=oWn_-fx*%6tH~h17`E@6fwsG*=%urdELL;Zjezln73@)=6d4e(ih=#%(BMEPW|&
zy<&T))};vbt|%^TJ*;SHDFH8*FxrzE;?C!R9Ji=GR&%95W%DBeV0M@FnxpEKa(3C;Z@xX@9kBfRcLhV;hbGt#f=iwv6ZcbD3BmZ
ze>1I;1pw#LbOby;R&EV{f#53sz*N!VkVKURl6j)9#2kz7>gt*eY_xB8EWcRt`=YO>T67^w3rwcFYTWG9yjoWEgHXKbnhhfua1qUjF{IWu_{%HAgI@{~7zGMXV
zvZ6-U@2r+;pAb6l!3)tBo_oc?em>-w@Mp0%{$%MO7Tl7n+5JCg1`IDF;9KI2Qr6yH
zTKD=Sv2vNEil=-`y#=qKQ93$YVZUjW$tjgf-jP3%8#)#a{l_H
z=cAD?76dR+Adu-|8e${JHGg41j1;m&L_odH&(EUS!^4S@>rypLZodTUb&#PVVZG>`X9
z&zGa&DAF@Qmo$A^UB|?F`W|ujTdf?6vVL8{lBSS4;FIuz=l9zDf?DEn`yAw&Nr`#D
zDchVIK&Ypw9UrK&_D5XL@mZR@@gm*ggyHcTwe5*8F31$2K>w>C4A68LBAxW~%45m(3J6y5`cYB^+f@i$TT9kr
zm+^Os0?REv@J=`fz?ryx
z=A`=HnaM|>91(G?fCq6%s*WZ`f|nnkdalk>sb|V+VZz`WA52S|)r+60DFX20Ik1U#
zul9^gpBtR8(#myy-!cj@;j0_?{foSBy`x@yQws0NkAQ1PQ>zpN1UwIxt?k@o67v0L@_Tz
zjpw?n(=I5
z-^hZ%zCZf?FV-0-p%L3UBaNuUg%swTyW)+_LigRFdIm&6(*jpl0*j7asGy_tzrBZe
ze0wjYunJav-A*?m%%V>|IN`b_W?Aym@Y=ss@;GDo-1dH}=lYt1a3(?AtO
zECa1z&JnG}ZK2Yru{?!?ZN1)sj2+6U$%;xqkFI7=sM4X^TIiUS;l~Kh(ckzNUd6N*
zZ7w8rO1C~z`WkqB+R+rAF|b_t!>}b^;#B)hQ&mK6O}S}5l6r(f!s-I|YY9~c$l%;2N;75XIMY*^WU?I$6
z7i?SKOdx%BTG|W@y?>awIY+-$b?Tc}^7TVY2QS1i9%L5tyd@Wuz{zHm
zFtZxJWb1;n<}>|8%lEXNk>UD`qgetr*d{tOGvvl?b`Uh5`}JFNrTL_O@AF5)&h>90
z@3Auf7jss0?PuJ6uCi(uKa|r!=Z$Sd#~~TR=`JXzg(U`bBSaXvkc_+@U;Us>XrXU;
zi&oGawj3zh0%EnO$zvqN6P+|3D!DZcer^%2V_jqd{%&+1{*+=|B#s{-Ie74%OWP6Q
zBr(}AH2`qLcekr^QSXY$S@1)9<@#^LVxz7BzyrtfUFI!aQh&dtP8aS)AgB&34zbu@
zT73f{C@5vq6e}E>y}WuZ+tU+J-2>IOwfawWK#yi6*`_2et&ao(Vk4kyI#j|-v5gUy
zIHCR)KbP-p?631tB=LaR`iF=HWFK_UGG)gB)@r9Q57}_zNJ;R+o?PB#(|m*0xxe^Ym?@gNy3
zzdUop>0n&cco#}JWVauFMA*9@DlITj<~oX*P9FNw{EN{W+h0MpYWfJCI*>X8DnI&1
zC2zL#jDk^~ay{w#iCaXiy+bQY$2W-Mn#2#v^9d)VkBfGj>*=KhZh7sA%2O_Ebih1_
zFy0G9gTHf-)DY16h!Hs~FM~8z1IG^?5s-w1B>$Ycr_ArFs%k~Y!F^3JptdrQ`#g(>
zHl6tz%^4)lPDJyIKRZf*i#iuHuls8M^OUw@O5EznQiJsB@UMOA0;_Xs^7b!?+N9uN
zE*?tp5C!@AQ^-A3Wiq*-eAnCZnjBG7PUrrDmBa__Kh?>q3oY1e^9`Fr3kE5Q2C9kl
z50vPE?c7fo4LX)^c8G&KzncvW7nhuzZXvgjjeldDFZ`x*T29KvTd6Sn7_mokr&PVM
zj#n)@Egr2LH$)+pWwzD@a+A}>`Gm5vc%j2Y=`D@;py@OFJ2MS&QO^uLu!p#)w_s5y
zWkV12JrFE4&n
z0~_hk9Z>r!QbJ>*VNjMsUd%Msg*>6}|HK6A4h5ARNKQdobD=ba^S{^P7KHTTSjWi4`8`_ozmk^SubPGf`St7h7F@pdE$
zfPz1Zx?lzl-LVTWke#sUJS)kY436*_r{MRX^P60sQsq6sr#MNr8#HWOmUqB2qp@eK
zEv+=vQlt?lq#WY*TOUe)0RSZA!{vw42ggBu84M%M`0d$08IM2zk9r&$9mQ$;RG5TB
zb$-CLb$#dDT!*X>tl)t)b6i;$7jkVIqBAcm_HnrP`pkDlIY4G;NHcQCSE`4e=Kf}j&YZJu}-
z`$2s!%MOWFfu5fZ8e8Cn-U=+LjxrsRE)%Z2rSOv1Jphi5n|#4lGJRus4Fb0efo8Wo>rC<`v-
zC!{3qH!n<`2#(tKVUYt$ZE&`M+=cl7KKVCt*8B#3NAwZ6pfQ^0fuBJBzzt@%nQic+k0G{NTLl!QW26z+~6GXgBUc~pQ)W$to&ZOWM8r9T@coGqv~73
z15D8E5wK$vkL3kB%&7#17_J0$|1x3~Mn;3jISpQf4U_xVsquzA{U%ff
z4N+gj%jXhy*%LXmxl{DmUuK3Mvzkb5>aO#m-pNzyHJG#7N6?0z$@$D*i45qD6lZXV
zL?Hct3Z42-nU}GNo03%rxH|mX?;msH31T`jYJO5+=;1>LHe%Xh)Q|VY@2GN*
z#>!oQ(PTrWR{MtOR)D9sHU$WMVs1ODA!};q3^x^AM{}S5dYK_FLzouzVKC}VEegfm
zZ!Gx+s%mI^moIfNE@`Iz!F+eX6&3n=7=eJO0PJAG|0!OQ1w^6KOPmi`m`>5dThnY}
zJ|^FOrU&JX@&h__pkfhWbB!c^dD31X`xcquYx*`}xONd@?!@*nQAsxR1I}x1o>GO&
zC$DHqsUCHtC?Tx)zgEgiA0EwQ8lg7VD*5B3z5f9Q|2U}};?TMJz6WmM!2dqT``ah^
zfdV(4i;fcX^&!{c0>>Q1R76v=XDq%RTkG>rx&ZU)qnuj3z7PkndYa*t$5X@oGyxg^
z`tWdOYj3QAs~>|ztPdF|=6Yd(z=Yr>-ip(mV7hBX4|5iX%7^`x`tAU8Z~FSb><#qO
z|E-WBhMr?6Wqu1ne+l6?2ICdx6ar@Qj;4LOG6~V=%0VsFi<}hD`85CgnE-!~Z1dH7
zK}IoDnh~6={E0X`xJGzTEqpK^Uk9FDKbJVl5mDBc-_ptZCv)_Fn5qBUW=Kmz0_0g5
z2gt4(z)dyj;syN;ZswR%Oq-eoTz^w&;3Rcr4qRiqEa*fTuP0V`u2FnZPpxn-VysMc
z8rE~l*S{n&>mku_lqvI@Xg`g4Tbpnn-s?gO6N-r;tt!8hhV
z;Eo8Alm2t&@LPA@*Pz2hd1zGs0vyoooJ)pI<;aLaRtSTN;S*&)mocQB2;(a9S!##8
z1H~7mf1S2SdG4bcgIpWO4_X*6;6bya9o`}un@*Awi#uqs%*d=-wY$DyD5w>@-X;I>
z#Tgp(sQ&3z?bgJ{XU)M*z%xuK|D5qcSrB(|BOMOCdHEFTfkk;H?&?7u4ruTOSqfQ7
z@F?6ug`tz?(ct&b^K1XnJG)lVPZxo*oO2?HKY7a@$Tf8vugnSq4(Z#OC#6dj8S9K?
z@4V=q7^Xz9PsB1l#XEtX*MmPt&S?fU{ET^BRw|5a18>Bv+;_y3Crl~K+;HA*X^9Er
z;?g&r+2J>9Ykpgo{eEypusKC4bh0IZw9NjPR{-r{5|i7Uh_dUEIO;zm%{MQPmoRJ^egc(
zwXhAuuT|Ge?&{L46T&Bchp(;UTB*{nM4@E8Gg@d}C@Sv0+=hgz;2RN_eDS3(3iqvp
z&(T$1Qp?ZRzssqwCdV1W%VmwXzVSt2-lVrJB{~ZryWh?9<$worCPwN
zE33r2(5MnCLnEFKteMjY`6>a~V<+539Ndi7oi^<=E>9On*b^MJS`1WX6ynrl;}_QJ
zLSvM2?-K5mw-5dT36qSC4B2$6=^yGm*--)(&rrjf6X>QqBtr`BmDEZz7#HH+4KhrYa=tth5^SFNVqlThye*9HMANJN__WovlShc;
z(dB*oQ$SLT0#^n7X$)cL>j0vYi$LXZRst9Fxn45)_)V3jR@A7Kf>_p(4cOHgqWOKY
zf!Q0deecWVKuVsjcy4jhysM9I$Zj%>xpOvL=p_}#=Nk_@NpJqx#inW_Qjx~FS8shV
zh%qK^txM5DQ{7%ai5Xy~IoW02LOEWRDhzw-M%fyR_O+RJ-S8kg+<32cp2(tO)%(oS
z@JIP)T{5iZl7qm}lSbGaTD1je)kY%Zzr4f)g$&lKs1p_g7=&2BBm@UM)sY~Te>FR7
zz>~tSI5VnIH>2F~rxn)z@uh((L(!)J|2uy|b(5k}ww02WhW~;vy1~-Xu6pxe#LGbifyB)Vac(VR4U6Y76&m6(lRsQ;zGq
zn1Rl&AHo#Z;)UC~3C3or1Epb)<=0|3B8E2gwZy;++det2sLI_JObNNFhOf}oCQ~oT
z{(tob)T-bzPFR$(ndJkSm>Kt3vIBw!NUGbbbZm8KY-LYLz>Ozhq(>Um2Rl({GYwPB
z&3KoWadjZ&9#Kc=joXRLkVvYx1zh&l2Gyi(DXgzHt5~K0PFbVhEqx^UR+8R;?w#dj
zgDb$GirA8*nZ;U4=HDx-bn0FH{FFr&WYFzAKtE;cSQa6|MLMpi9u3JgdcfSTKZHfN
z-YKulHK2<(II8ujE^ij6kR2ggSF~DjjELsKug(w7liA({TTIGRT#=KVk9?=Tyt=>C
zRh9%@@>-mGwQ=CEg9kii{xeWy9DRn%d)WEbk+!a=pU&LLpis4)a;fuI10nv~M{R(V
z(0@JP?_={7@np}x%hz&%3($$CV)(0KnkKI6@7@vR$@$klX*6w^#EZ%ip835n7}rbdD9p8A
z0Wp|>f#33gRdk%r(7hoBK#(|sCt|U7XR8JsG;<4^TJ9^wuun6Xy9NN?(2B(N*0`YUK2s
zXMeT(GF{F`@D41&BGW-u^^pl#9B82W?_dof-*xH8anU`lwtZTnd64PHl{)9TA@M?
zn*$*vh=zP<116;rbwW+Wh&~(K7xrLg)}DeK))(Nd>epKN(NP9*QfBuac9F3q$G9bo
zng-Y{X~bXCt2R8tv#pDDU&~kMlUo
zw5|0hPc}nDsBE>%_W$Zt*VQg$2VF}MYcku|(ipU006EsyJ@*W&(X!hJ54u2`p?5_m
zJc`ki6&)Y4lzJn}<~LL{>_le6frfCP*ed4IrAx%+4}C-|KXvwWT6VmS=SStIxL(M%
zQY=VDU>h$;U2_?m4PMbXuWL~TWJNC1!OoLY!ef0&8G~kd34&p5*6~e(T3Rbl_>Ef=
zmf8|Y{FXJgCn7%kR<)t?bxk%O{Agq~h8=j<+q)5nA&~}Dz_2*^<62*iTr|nuq!{si
zocKxe!pVmImHdaeT~NYkkb7>kFL+HFk*rU772de*Zx;UR1i8a1Msgzf)@Oi$1dzXw
zxVNJ#YW!E1{bN6A__u9YsrB9S&s9xJMSK{udW1s>b_fb}d2ZFoW@yGZK21S5yol?X
zc&7qz$t1uh$0Yg|c~_$+ZSn+g+Y|!M9;v<>1?rz><1^b6!=;?@u}ornQL6NLOJeMF
z*d2=ztJ-<<=h7wQS8O|ELQdP#Q;6)jU`KUF@iLgJ)#
z+{k0Gth=VD(#A{kSiAxKo2536r3Xvb3uYk%wuaY7ictcRAwR^KP@&5F>{$SEqj}rS
zXX|UPt&}IHFD=EfN#(~hpeW&>Yz^c_MZ6U#1!D8R$!J_Qb-d%UspIl^i&3Zc+cu6a
zKQ0uAGNuPIN_k$A_Xy2ze7JgvPM`2cJ6k=NE2&{r6CySw0fG+%zk^~aR=?V4DrQ#
z-(OU`&QLMKlh5Q_Tog9CyQ)Li(C46$f!$K6=3?E>`Cugv6tzX$kJ%)eogg8c
zva^dbR2#R@dNX>ZV`r;`Dv9nRidm-)-=|s8S)nCP1!r(y`Dhrv9rnQZKZiv61_C0!
z-N_uc?Wi8;w*W$m08V>%^}b
z-PI#8**k&{%?9twIj9+8c`_z>B{0#ZRgZ1qDnMnn+Os{;&8%gLVS6rum)n?mot>_dK
z;F_cF({idPi-BA+@@dFz_!bn<-?{2f$rN5oMc@Jvp!4pJ
zRO46g)Zaa$!MQ)_`Ov)5V3p%268(NJsOq}2jY@|BTx4{qt6*s;U!skm@$<*)bgQ@@
z>f?dMovEX%es4FrGTR$tx%$NLuO-~58ppjtmA)>SWVrT_tFPuPwUw4Fe^@MQD|RBB
zDNwf3<-f0y1&c~sJ=zYcRF$hLMF{P>BNC5*AS_9TBI9wnS#|y5L^*0IM@iAps9Y3W
ztki|EQ*`HM?RU{`vLE4vw{>E*MPfmoA9)dR&^LR}Q3n8e6tr;Un>VS*c~rlL2I_N2
zl90aFNM<7nhiQ@Am7t=#X1#6h1H8P9n`YoAC*z_WZM-$bG#@^uyCWp(4zjP$-kUWfsO(?{W=c!mNsZvw
z_Y-2RJKy6}yIc1j
z=;-wZXUl96wzuP8CNC4k@ihTnO5JMt@;OMjgB45wvEea9J7?x!>?5p+ZRSz
z)~Bz8Z5|~cIdYzeX1i&@YSW4Egk!brS8MU#R`T++{p=m5>?K{~gOlE){bthX{Z=DtLY<=o$84Njuj$1tzUHjHZGc!ogenfX
zov$#`1U0-FSNX7|&K~)tgKoT`GxKyg!YJOI(t*OK3Hn+%&jM2qSEsO8zl3dVO`|^T
zDyuvcUlH!%=}RE!-03PijXO^-PL-y#0Ld&$(W}6rsx0qb=@f1_8J17=Y;UP&Z0qat
zEC_C0R^!ADAb8T37pYaev3UAgjy`<@HGXha->N6MnYcBxv=yxX99A+szd&e`pD~lm
zDU?p8Kx|K{!<{0xYroq>md&1Ta{NTH;AIA0D-k_u(l0-
zQ=FIWFw@p7n`
z&s2mwb7ddHFb0(Rj7a(gyDA?GeUrXDh&aj;zBHwzoX|#4F&d*wh4;APXE#dRt2MX3
zy{{47!nS1Z2Sx=Z@5jT!ZAI(8CpYx2vM6N)#wJXEHaic$py#`{H@Fx2e#8e>(CFBw
zu_oG=57M`zNg5e(eXBt^_ds@X_v!52Z2K3^{YG#WqZ(mJE}icVho8fcri
zwlVHR3q`<&NEcC25KyXg
zEQo?40-+a?-jUuTBB1mlARXx>^w6t_bVBGz3nIOj0D*+S*-`K3k$1e~8{awq9O%I0
zy7pdWt~uvY0&>LH-R?J*J^)t}{q*zynbLUQ_yrH%kOw9RWb#I`WViYytRVmJguOnl
zv>*`XwPGC~>~2adLQSyy^HO{#QbqnVO?vejdIbPJYz+9;a6B%n?#{#2+KKA8kfpdJfJz$I
zW%NAAg!AF!v;wOa+s2$_EhGo~2GAhQhMW}sK+$;0?gD5`RNkv11;cJ5mKfa2p*&5z
z+~-=ad6wlln>cH1MC}CA2~Q|KQ{^2jsIwaOr4lXX>b6w5iThzApYd3KO;3Fo*w^=|
z+9Y+43TGW^aM5Xp^;!S?v;b!9owu%?|9iCPeVcevTy2xB`KId+w?fn=l5U1d#h-nZ
zuTfi^t97?AE7h%WTkq6iv;>~IJ*l3$wLVAonuNsE$4HLnPePBSjnCN}*hQ=4IQZfx
zfM7(glZltg2Dz(JNeWb_uOR$fT*;%g3g^z9ODI78l8i)boOD4^^e!?v=8IbAYdm9F
za41NxJ~?%Va(iY@&vjHM*bOw_n+|pyjg_!}w$`e#=DMg@c7JVEQT`O>*_GM4u|Je3
z(L)KK|J<}(%g^+GRXRL&qGKAJA1md*+z-nMa=ES{ccJ>*)~6tbbEed>VbuSHXj2~(
z8EZu(R04;GPAP`-z(OUPGJN?e@L%f{_79#4Y$6WZ)Cdyg
zgDX!X$>l@eA8gGo
z$C>1%Q(mjQcTC>dvt)(5u@tOuAExt3f<8!M&7+dj1r*I7h7simyrEY~+EV&8j9$#>
z(m?OTlucJO%X8y{;s!)G{9Jx)a1NbrryJS=^vW#bnw9m_;GNI9C3(*_9%i;j39go2
z?Od+%g1a-cp6YwVKt1S9(idWj$SHwt;@AN|N5r-oit5^XfM`l?x31t74}bosEWGN2-l*|JDCt>DK@&O
zg7aJE&Srg2fn}l4JO+XJ_L3Co^odzAVlg)#Y?^vZ8&crh=cokayLJzPIh9~8J#X5;
z6!~d0`G4D<7q^ILyh|ovQ!Okw${1G8jremFGUj<3&m9^*7yUuojKHx_2#uL+-+jBn
z%Sejk^w7sik~w)L(8ZGUFq!f|Zrt0P-b7bTR>b6LKhyIzhEC|c-K+aCoCPy4AZg8C
zFJcH4RmuK-<7u8QmhPJq{a&08*BL8_`lzXn%Hbkjv4qKQ0;Tc`oDC!P$Xqbj!*f5=
zuzC^I@q@Irh4#Hh*No&NZ09+hDKf2mCcSDUwE9{9$JO
zVeCw`;m+0zJH5bBNBjV$%={k^pa?o*79dq3^0oOfY0`v5i&;mAmFwi#Yu#t;Aj`j<
zfUamSm*dJ}MHofA#O;Fw>iIErcE-43STM8qEVmSa6JldICHPI3raW9tRw_r#L5vj1
zC}bVEv^cirI8My5Wmuu&0KQo~TQ?I%zVrCs8u>5RiEaugSBsL88bn?G+gNE#9RVtz
zcb)m!saPF4rGX?!;eewdl>ij8pkmSuVdlJ*SfFh+H!*;+0Jw);GUDZe`HQ)nsRQ@;
z)}Yso3D5~ZzgDTvv+Cv={jL3ZpMpYlo%aE>2qUoMTF_1wuPgbaU-Ht%Q<_S`MZ#M~
zHx4j_>e6Zci%Itt5JNP$tVLV*CR(<#%WI8mo(XrH4Jpj8(!SkLYHP!z2YT6?BaNNy
z+)QjwSrvZs%13yEu8IG8?Lg>5r&Pf?t5qq=sc5M}KRjXIH&pq^pc9w-+BbsK^kbX)o2^a_OVpT(Q5$S(E(b-_Q7Q3{g9r4
zFTgyazM-IvlJ~hV({nHjnQ7C-%KLJ)xBFJwx1sB)MM;-fy-ND$n7Rn@dp#-ne#WH8
zc9`2h0FmNpdGOlbjB7}@z`euKZhrkN_5eH3P;Dc{v7$A8wp(zEpS)*k_>w5a63Ssh<{h!uxN3mqsKSS39jm
z3TL9ib67n%fz5zntDuyLmaWsk-gi0(AO#eHx+dj*g%yj-qX0e4hta&Bt`bu|
zH>PE^etJ(vEg2MRgBuP<$^jFEeh?AsHN>mUWIUPRIPQZ<9c}pkr5C#gjCO=
zKy$ua#;pg{?;Nt1qkAAkL}#K_aAw;i1B?|S!ooHPFUCnZ4Qt#(U;E;`Jy}1_os|4p
zZUd#d=uxB@hmP6sdzWpa$n
z-vU@gd+wfIYmWhkz)~^RAC=)!bj52ZKpLTUh2cN*A+m2_L~-4#ljlrT$-}EOp3|5J
zb}QaD3@?G^on|`8FdKOF6sqVQkW1#9{h6D}6w??WWG`#}7sf4*LeaT@E3L)BdDeKl
zmus>-Ra|zk2`?tpNXT)1xK2TS)}c=iYNO}INMlXz4x%RnPh(Gd8}n90a`a7m;9QCH
zZ2)^RiCzI{S4HFJN2>>594tY#046u@4fVKDg)L!`a`*d
z>~-_u_Gg~d`dAcY1^~GHtk7{g;SNiJW9yEz>*HYdgWm?w)#LCEYYgtQ#~}4Aih&Cm
z*Wa^Z-xDF&o1U>2YH%8qQTID-LRqgyaq8xiS681*^J-8moX+!`Qah$k`)yE6WoFu3
zm>!xt2f&Lq+9w%;SvVjsD3bhMR5>)`HCn0`0hp;dP>QoEr@eTJY>z5F^&-#?>`R%K?t+v28R&RbocC@V{&Er)13g}Ju
zKIZp-<0?rieN{VPAJPOCwzvF*@p1g8)dAchGJj%Rk`0Q#Li)(4CZ|?qBemFqV6rM4
z>CV8bTdB%Wx-xlCoCs>Qa1z?Z3TS=?rvP@jccj=zO-fjqHVeTbVt3V)LQvhQ=pQi(
zp>E6aShPStN8vU-uJ~z^$OK^%D4wV5s;#kN7GP7&2h;zOb9k2lSo#j@{g!?x=ez2myV@-S(~8m)m0ty!hjQRLPW&Z-vqFV{R!=
zm=J9+^_12s7YbO@O!9GcuY?Sj*BFeS?R!qB+(S=~QU>7q+8dX}^JZUoT&VH|
z7}y0+dhJYd*_ot`#N`763wNw3FE15z%;dIvbLWZP9Q?~h{T*m=;AyC8y<5;yI-n29
zDGeA)a^Y4-H+;1}c69BZS)euO!r-4ujd^GAZ1_ywX(&f~A9@PE4*w9Z1a&5d~cq^VPlz6?ZXY(9?bn%czRXBH}O;(bjq(k**hd
zYX6)uRW2%iKeeR7r%J`E=kIe-N<0_xCY;~)Cd6J0*x+iFt{lA8P+g5srx2*t)@Bpi
zwt-F>)2_k*O|AcFyOnDj+b6OPSsy{`ar(DQlJjgx*w#CkZUAMQKzgQ7x
z%*RHf0?}I(*T6JzsJ=AQV=w1W?~!=_lt`>NJEGU0Z0se4;M<(Ltz
zifT*m%u@P2`>C)kI@Zt_zwO}05*Q6MDg@MhtmEZ!n{$|a81wqP{@WXSJ?*
z6FoiWWAr*%7}_9LS#8By;MK*1Q?;AzKTKlYlp#30bWRZgJS@H`q&|_r<`MD@=!4NX
z7_0~8Cg3juhHkS7rbnO4qFqN^OWFEWDA7C&zP-JV_C)r*`z1o;32_oQGa#yW9rLyTST^8idOCgz!iF>d97;5yxHFR$)2z8^V3
ztV#6}1cQZJEa#eA0?D&r7cJ$)M=c9Ii@TQ9q{yar!H=Y;_&N70s1XBc
zdBq_+Uf^-zDfqnpP6e$z-Y#SU(6VW+N_gLS>z_HiG|{ItCoiF-jV^b+vxhf7K~|g*@qM(9C4AJ(DsiH~k&z>ofW*CmEhRUeDK+@LIH75P4bR
z?xE+oU)G-w8DDeJlG+dIJh(a)xzf+^IZtmZMCF#+;F{|Zr6U7zsG)|mOmVGz??RYR
zyxaH!&~8JTsQjKNmwi?>+(wdoyHQ3+z%)lg?!0FpDC~S#;XeUN5#y4faluXa3
z`v{B;MuC=pymA=J`$(GuM`3X4ys6iWujJ-;cB^N|p@DfYuH##&MH%j=(-6rk#}eT~
zce|xARD$qUVLfA&=pM18d0|yuSBa^qXA(5fW2?5u?NjF@93kixDlM$seJiOi>eu-#G#=Lb>Imp>X#kx5h8c1ru0U-Kx1I(DxF~
zt-k%XRNGwY(Qq}#U7kuAlO7JVCBUTkzjy>Ng-`g^+yE0eT8nZAwIPU7UYww<>U~N3
z*<6qM8IxFXjOtm^%(QPjzL1JFlg1S6
zg69=8_eP0?PjyKH0DU#|Djp*AVkQTP^Z;0=#vQ_mIOQ@AVA#VwIW+O&hiIdaM0I)e
zYhKBjavC*KJ(6EJ0|z4f$=D#CGag#Hlz
z`Y<}xUV#EOeJ$|zyaj3phDY)#8X`9f6lrKP)jqqSrpC*YBX{yv$x7X^d$4mGNwud0
z2~nIHDm*upT9+8yyk`|wfVsX*M?QyVm0
za2(HDlKLn|%S&UP^jx9D;$JSnhRZo1In#EWJ+c&7l?-GU4UvTt^4t4KP}~dp-LFfl
zF~nR;r&Z`s>aZa3^nBG$X&tdmwa4VTX{YTk0gZGC;O`ISr%e2rb}ny2DJQ9AfhcoF3x(Znqz9@$
zmfxzsG66&f=NS+Xlzh)!ea^Ec>wI^Ojm!DP4M?1)C##bF_h0p-GBa!i_`0Qj{g&T&
z42xMixIH-I<~BFF>iEevCTs;4o)dezQ|gi#=on%HPSH0s@^y57A%
z>|gL+lb^pOlY2A+hg|6tpvrz$1Fp18sl$!B
z6VHZ4u>1oLh$!iJgIHFx#j2!&Gqs?qH~RckJhZ>IxxNr#dFNF&I|=em$)~4(ak7pb
z|H^p=TtPcwA!oI#2QG`3%+T|yI`KqTBWj70B6`XYFDNJs$`fI>V=Fn6L>q;nB|zIy
z0%`mTl3_4h+lU`3x%tPguxfPT-&yvAMq}51h0(sckTXM$9(5kUV?B~-a%-e{YY`v;
z4Khzmvgd5}7phUgW#Ex2jz65Z89IP2S}qtC<*^z?T%?h2^&JgIR*o+{h0syAJkl=R
zagW`YB+;mw6%zsW7b0%U?`Dfzya;mrDC=Nqu1=NGIpF3P?yKju!moJH57t(E$X`hZ
z9qqB61SzO4v4)KW?kk%}KW^Qjib`Wa4GE~7v}f-hV=7|G{Fed?9I7GB9ZQF28g+m_
zi2YTx!eH>t1pTM1llMrFgWP5+TNl7t0t!->;rw6IN1BJem2;OLkYgB5#Cbx*oe~W)
zgDrAZ)fA~giI#v;gA0GYC*v8O7R#z^vMo4OBn1uyC_F!kf(<9SKa4oBQXz-N)p}R7
z%ES`6IWq!_qsGeSGv}S&@l=cYK0eG&OC96N>3>b0^HA=ioU@aEqQhvaihr2S>aca?
zXfbkvKkkl&ab9J9tcJxbLYJ4fC27ue5L1(EGMKQtI#HKy_SE$4i8w6b>@F{QJW^@k
zH6%*A7H;1nw2AICc@THlrQ@D%PH^(Gs%=aQJ5*4*PNLK~hNOGMF
z_9HBV1!{OvoO=r=
zNAfh^q3rmG(n2~#S>elwzcS}lumJ&~D)|#w36Lrsk2}8|{Q>34ZI`skL@n#&q1vgF
zd-)|W-y8@qi_mR2EMi^@*fUc2_H6T
zybZ`GK&p$>&Lq3~AVmbeVwL)}$8AW&MEK*39`bbCVoUN+YbAFTec5(?1%7j@(r&1h
z{q(3;EIy#b)Jx$D9#+5n96r`r`0N&OcmTg&;hoRotj(*FZ^26^WR**9LT5dCbAWNz
z-*ns{<5kMu@N53*hI=UdYZzeE2+6v8)_X(=Sk36sn_?E9XBbl*E(#Iflc2W80`n#^
zB3YoLvRsyq9^3iP__b!v?wXm<6(x8Ntryl~#<#()g*!2IMj_|mc$~6%wZ^Yq3I7_K
ze7X^44wQ%smniYek>I^E)mFYU2=FgHb;K<82Skf(N*rLm0jN6y8^s^Ib!gMG*Lz4U0L6
z?}FVHJILQi`;rQ))G&MPgiP-(#8a>u
zkI;YVyyWN#PG>E^!Me`CcXQ9|QK863{JW)u_d9-n#LAUV&p!5(M(CRMGMfDGac-aT
zaX+=CBt>xtlb}%iI&z2cT8)^M=Jtnvm
zlLCawt%(;^gfabm*j1}ZNC>%4oQIHtlYYDN7-oNS1f
z1`DIe3;vjVVcqNedan1KJ;A|cbp1rj66%s>IT9|7cqSZTc0?Tb6?7dO9+aQ{J)^(z
z(69@{mUZ;f?HbqRmX~noB-5Q6SSgcxfO9h
z+R~aHGj}|}9^CJCd0r3rbwdZe?UABG$uNtmt;o<>ZlQ!~9TH^ugh%kx#CdG8=-K-E
zptsvrS~{08XlC9F`4|d!OUJJKgE<1{y*URB+zDXG{|x@MkMJLoaH9BM
zCB*BmSV?@YXyQYiV@s8`&-T8>AIjow%rBTHtXhLoc~khK&_E^*d2_%-!q|A4{Uz|_
zg>`~Bh}UgX`Y=?RZ~C?-oN3*5KQ%9bsldGn@5=DO{jO)`c6(Uv)5P}i--06>oM4F;w937sd~DpLx$ZhC3nOFqW>b;R^y+9qUy18trP=0s*z05X
z96VKplx&w2*5Spy*%_&V=pNMb7*?q6d55)Ez=R8AMSaJ4_tmNwx|cA8tNYDCP#u;_
zyV_qW4~rc_63~TpnaK4Q%7(4yBOUQMi%qbAqMm`Z$vd0-ls5BqOxdD^i?$1b*w(kG
znE4$+;QEo>?i{lu*1E(S{4wGhpYZYi?eh~$rYI)|5
zIj)f*JxL*tg!sGn@i=7fMl;?KwL+CR+BRAcOpQxQ^(Jn#QaJH<=(v0)76^Y@$L5d1
zLYIFpy&$`2s(a&#Rc-avUw%Toc+76{SuH;E)j2v_D4w-bl5PIuWf
zs+T>)A0Q`H`9lQynN}rb+>#Yx&qimMD(1{wSjYt8%c9!A*x)mSR+q{t=VcBB{ZO_p
zM0I~N{ua(I)?*L3`DR=JrmkDIFZ!JGBX5?O^N$~Fdo9C>>9(U?FUy1Hw?V?US-PXH
z>y9yKbVYj1kXP<3mMN84nyJMDaHYNPFqUWPI*Oty`fvty5z;e)m-CfIXs+doU^14N
zNgabnO3h{|0`Pvd+YB}n8(CYfKW@en6!IrJ9L-Hy+t<+10krLmt1`J@<@%C^+bVtW
zRv>+q{T(pPxYaLwEE{9uV6{JEkfX!JK0loP|MEbca4add4>XLKzo>v*`7*I5gG8sz
zUX0EG9R4rERX-Qx4r8tEBg|c9RwhvV2a~>ZjP3pqNLkNS*wCW^B|DItIE;Z;g`}
zcvA#M2DYY!uzt?g@y(wY!@g)MHpoXO_FISMnF;nz4}w3?k|LeaBTsabZhzmZbvK-M
zp%fv!3x0xT3tUNM++-v2$U3`zUH
zp2jn#v#0+%e){#NPi$aF4mZ6tCcZ<{_F$l15TDAyd7Ji0MMn^+!R#f@!m{)qE~X;&
zKe{(2NZ)wmaWTBqA`B7Cm(~%6Nl)d?$wBD7jdsPEb
zo*OEc)FG5o4%v^1MRxXz0nPZe##7rABRr}g75CI2qYm_^xh-ZZ2PfU>PsI7~T>f?v
z7U43)$V*uyh};5`Vf#OBa({Tz-mTzgva^qP{{{)c-{pZ|kth4zd-kF4+%ix(Qu8wU
zPIh|OS3N*FQHgN;)CQ{{F~>*jZvm?pv3|>pmk8Yyk>Llqiz-cA{kf|dNu!S@E}xsH
z&%hZPu@n^2w+q9MQ{MN-TW?Ys`j1XfuLN^0cAztyKGn_4eR>MQF#!`$Y6s%qr*r1k
zLz%Iio*0cB_0Jw(JjaUc%e7rS^{ObkEcQUinp0pIyLMRp>``dNb4(RD%!gHZh#G-|qQW6oIe*eqG*8yN(hNr!S^av&
z(}kvz=`VY_IgsaAflJ>3)#RSj=^eMBPV?K2^2g2WdP)$VtHgd|c~Z<^i~v=e&!c9L
zodYCj?`o7
zo;FRg#%Fy*Vt|?O_}pE@2oBssyj(h
z9nGb7{ptj`s;%#{bR)73`6beK)POl_!83X`9Xpoj6Un?iEBv!<2fYQMP?!D}3-=q{
zJKb$+v{%g);%kgMljBn3QI+g
zx;?~3vN9y9K5v%bzdY>;!Gdt$YB8yh^E%E;W*Q47Yl&iIJqhFpVCR>*O{lGIODuPa
zUZh`OOSES=0o+SF$^Rw_9y@-8=o}QwSo>ch-LF6WHm&d`K`Kl%Mz*deKtP@I5HhWz
zFU+NOl`6&eEpxc#Wc7%*LG4M<=7p<k|05$Cy7vLoRfq-D0hy9(P(;pcNI*gNzdj`4A4v
z9Ggy!Kiwj!z8m$CTT3+6omE8Xma<6=Z)nJ;ORA-_fpLPbA#~OQKlk6S;w^yvjv$8`
z+7;@3OY0!eIH*(EqT|F|@=d~8twz6RzoT`a_2v}H!eLF&YV&qwo|bI=5a)n7H>Y%-
zv*(?)Yi6z+u52j6`egmIZwxx3ft`asBG_zMqHxW=KShr1-NyN{-)KO_
zmo>o&2{kHXWGt`F+HFY=@9Sw@+Knf-)4girHbZfx=`tAmj6O(ShDuJvivsUs3P2+}
zD{wTfhXXlwNN2F_k-PN|$?r8rJOcaVRxBTbL2+u$e(uSutK39fBmeOrPG0|aO(bKn&Fgc2nrvu$o8t(BpEgh;Gp(dk
zmalx=qpW)k0ecW2Mk>{+ehHcdnc6O129>kzgJ=Ca(h{|bw+@#I*z?2ibAd5!y{xKL
zZ+Co0o!UM>kWmt>E$+|u3NTcGUqQwt&4>nO84W&*&OlI80_3x7efGBC-!Z(f1VnIo
z8=A@{gPd>0)qB23JkhiOES};3Jakjf~qTWwyJ~^NU#*
z#kE|i{n^EO`5#ERlN|?cX0(?eW;?n%x&H~GvW}eMFcWzT+|{BP8GW$G*&-?Tm?cYHFjM4)#>W{JLJ1vuc!+$y559*W}XayKgzDe#Kn7IP$23?cS0+Git@N4
zUX!RmLJcdz@RvMUj=LE@>gD)Ier?m0zJ34IK(p-{*q0QL@Y;v$ZX$@mBQr`BR$2NT
zLz$;zw5+S-u-meJAu%rubOo2=UCpib9QWLR+Rh(LIPRPR@XKwY*UQbI(?^`gZUU!Z
zkrTp+*Zyvi{~@{a%j<K!SD#hPc68oQ2*%S|<||)&)*iJ3RpHo_h%BVSzxi&@yVb9?&?}9x$G(OSgA>R*
zR@#l0Bmtba#+=^eYCHb7NGf>DI_WcqCJ(Mx}
z2JFPk?0TH*ArKv;^46oD4vTn{-PRLzSY?jfrn@*TSE>yAW@vemXh=FnEJP@eUXB0H
zLIf}ZuaIV$w{L(YbQdvD?RV$C^G~rwwqk&py!f&@@Y!9TlT-3m1n*=a9K4h3fdb!u
zo3GW;p4LwcB5*gw*mrU0x_Ad29j?C+-fc=!S9wAOuJ&W=V2E*ujRv9IQtVi)l!o~Rf`43)*7`Q
z1_)`H!8)%s9Y4S=y%!fZObDVsbo<7I5-%+i7hXKJ-~d^A-;%-(TKh8~p3K@dnI6Ge
z$e2KI?R@gLGLm?;iTmtSUz{Iw5KVj_WB8u8gqEZppb2or6pB-JC+OZA5kGb9KNcNM
zcbQxp98L9Qy=_U5#vqzHQC$4@rlR^eaD-Q-wFxRH<}J{u=QAZ+B0c6NGw&jB(?<
zqsM$1ycP?q2NVKYY>KpSY5s;U>uAfiDw<;?;o!cBT`4nXR!Gs{?(77QSMd=sYst^M
zX->vkmIjB+2y0(8&r{tsPJNg+K3@l}Ss8mLN7xr{AOBzZy@Pes2or5p?Aem6^!dI>
zj@{;y2;Ge01f^|5v+pVS=@}Wvh|6cMJ_UwQU*{{2EXet;4W21dIBel)WV}ce8;z4q
zNMr7wHCw7yQzaubUwJI=IJ-U(RYXB`9Tx=PMH+B`VRj;F=P2GWnuf?k8QZ8%5Vr!Z
zQ;(M<(Wjz2+HB7n4^A|_NxtVEbG>m8aq@S1`APJR%^w>({Wn@30hA{8=d7;FAFZU%
z5k1}mlY705VF`YR3a8KPQ$cSRuzUb)kDN>IW--Kxgi2tV{jC%Gb;sBf;&q1RDt+U<
zbXFI7Yo64mjJHVei<`!qGFJG2og$4fPyH16^^K=If&CQS8m&m7=sxKKn%|#F2|Nk=
z0M>t^kDSD_M31#kAt6WJ=07CAOh;N8gu9pf#ken0$3Jqc$Scgxz8IF$Rg@i_IA2S4
zre75}THgn}a%J6*guF3{@O)LLjZUli?y05*|I_rTu{K`!!l$2dmNYT^lxS1;?2{26
z3ZI|T7aw9+tp#?xT#wv;e=rj85oX{0|BpMNVVnY5pCgKf*+%wDWl{&5XzQeJai&}s
z{bDjHZNJO-Ff{$F>1bIVS7)vlwhlxK^eZuc5V~D0W`x5g59#jK$fTPhqO!Wiezz}$
z#I>#R)|8P)@Onm~30A}PJ4ZGON`E;CLVRib!<6BZ{)6VqPn)F?`UB6y^?{GK7R!)1
z<5!Oeg%sC7pchWWfC0%BakYi15vneGsy^buX`BJQ7qOqcH!9Qnh1syn
zyr+4fR@=;9KV_H#HS>7z5=yejMYYNN;9aaw$I1P}W9~60S>OC|M!x(5tN@OE@Yk>(
zeCCH>Bc%wRu-nm8{bzly2N-FMl`F1wU#$XG=*CMmQ3hwviQ9kid&hnI@wFiU$e)Fn
z3IRO6>PxtrJO=;Jo`~wiq#df6iz<4UR?|@vVDtmqhtI2qqoRK
z_e8yg3-|YyAG#_g)YcCvf1jx<;C?fGVDLQJpq{Oj#(`pWr68Jz
zJ}bTYz&U*=M5lTN3Llj7QC@ny!ayHR%`O|t67_aF-Vnn&n#$54L0*a$tj~*)aL3Az
zYYt>6AQzR24L`h}do26=fBo~nU8W^6qMRi_c29+S16Q!FQNfGH?!iySF;n|{Mf8h~
zHatx|LnhoUz8X83>J{rsecQTk*{IR2AagF4wf`SHEX^JiiF_J0<#zXxtn
z_TL;Fj%>TWKxca@E>u+JA`hLbQ4f9ba+aP0M6|@3Cz02NUBbFjS1xLkH?G)xMYM7;
z8n5jsAAN&OipND+*Nq_I`ntJ#bE;i1=?>&B&M#zTI<^5Tzh`IkV8naD#`7v~my2wj
zcCmKfL3+TL!UR|p|$Uw9dT)r6})johNZ4dWg{5g&%#zq*jQP#Ox}U|-~K
zSr;W_NxSvbM+im>?=hV1OQCIL+LK
zkx2zKo+tAHCjsc
zy=%dtoy(?<*IDBBmGmZ_Bz&=U@AB9itAe@}uf2IhQ=Cw!)R@*uw6n=$Y|7aqmpJS+
zF_cti1M7W#;J39?eeU0Kw~8jPewS>0OT
zP>V=b%Ztj8%Kr#}u8I+l4YYhO-%`z+EU?lbpw3lY=;*!Ac%%
zbt!JeJ7fS4Du!%8GE`jP6yh}4QU2aA$e@8at
zLWd4bNSGNyYHRDzrCEKvz5RJeJSS;#!Vj~d0$FGJJw=-r4W`)b@l9GgK;K7X;?TTUQFplO&Vl^T5Ffw=2pX$OEsyq=Nd=$MbBRmWfjr`(ocQn1*DEBIxfK3%><{lT(mU
z=Yxw-i-S*ur7aly=RNSub%R#*U`}v_ok5EiZ2E}twX@5J6qur=V~w)sS>fbTrK_mR=j7q_a4*h8W=c_H
zDD=U_^_Cn*srX*^vsYo1Xrp**eyXA@SQVhUqGdJ(oMQeJOPo{3Ns;ej
z^X#L~Nkl4=BEwZog!o&RS5!)0#igs=_HqF5;?>*n^FBtlQ0&|#_X{pQZ~bCvaxdOQ
zTlDA{YyN%)--!f=+MU4RzdcmnI35StjApwn{Dlwhk-$B`ZwuARk7-LgwHP8u9NEurTI2-0gJ67q)F4W`I4@G`TGl2
z)RJfZb(Fq*6&x?NzvXMhR($>Zjf0eQ?Y->QHLcKk2c@P>K8!ENbh{JxRc_=i2lwI&
z+{rkpq&tIxA?VT_Y_OeXpoIi4cl=>h0(55~Nou0U=2MO65-BQSY#?^qTs@~))qZZK
zEg|$`#fTny=hfa;@OgdH?NY!F<5)Qu?%+SLnW*E<8q70l|8QfhPI+f}w1A!~&AduQ
zH0SNjDSon}SK<`$O6X89pv8AsD;|W>TCk*+SMHsViQvz<&4X7+5#i}%8~>K?J)3e*
zB%C<>r#nXy9C80LAdh7a#7=>Y&W{Ry;T(g|cP*IVgbSzG6ap0|6hG&0R8~(p$l}MZ
z|1gozH^y7t;Qtjf3Tr?F>99F_{_k{rERZ5w8uRh_!{(Z_#1sl4z3}n-ntJ{Hv;tkC
zYqxGfV1{2HyC>tIyUSD}<*(VtC5a|O6jYjSx_Db0rniXjLCQqOG5*$`zRW{&P?U5G
zvd&rH6kG{93ma=K5_(+dPpnQa#Zue4$^Y&w&OAO#{QAMv45q5cyffxtOL(Glwhk$>
z&&}wusxdu#tA0xWKYU$Mje`6*rGURuq6iu!lNIs{=1F1I{y!`!5@!t6&A*rk=+7E{
ze>M0^D)jOm_?;KWE@b}K0R;TK?2ICy1&6%fO1!bT7uu|>dTdV2dhsed>*5ORXRh_SOH2h7U02mpL=+uoAD)aIe@vtnfMB-)f}LaID;Iu9!?@>60XM~xLeCb}(xWG1
zcYj5^-mAJ2^1l(;%df%RI&XqXJi<{!lW+p3oGfKSv{LwUHJw|S%{n3Nj})YHP;nhj
zHQ4-6vvBu*%jTX^t!CAvI@)`7&R^>Cp|e_f{oK!wB_l|2f?bvNiYxbp6}}AlCsU7N
z<1z_;LE&>*HIukFw-u->;sJet(EsSa*Z>wYc;A=FRPumz<^v^I+d#eXuH|#=I0*=9
zQ?@rO-2$b(jnfu8Rl$Zy``@5S5bKOcB;~cSH~G)X`IpV$m+g{wqMF3QmL=ZnULGTe
zzbKfYV>-7jzEvCac6t?cXXhc;MS)I_m!*$4(1qBTfBme_5c@=1cFm&=nHvevuHZ}g
zMZGxiG)y07xCUG4CcJoAJN2&W@o3~P;1rXY=moP2CT#1xXOk~>Mj%k8DU^B+yM-Sm
zN`2=_%d>)_8AZ!5`+H;Z)or0%Llp-e&%1&*zedu?mU^Gh?22|j6}%Jl+M(~9$jA&@dG*se<{l~Fe!}^+z!nxOrd$0?aBPguj)qNA9qJ@4PFKmch7aK^
z=sbZEbe0-GGrx1fZhHwWda?j^9}n|J!T+OD{Mt+_e%rfD4o#qY^a>37pu_in2-BLk#n_W^f}M)aqZ$f9|jS!HKe%
z@Ysb3*tnI=p@gxnDrgt1@=&sv9{LeF9%rc%fRQ?U#Ixp9U=qYF)fve^4@qO_8`tnf
z(6CCT(!;ff`9K#!uH0;L=13Rvh5A>0c|kQr!_g4{N}&Xyhc*ZdWx!PvCH<#e_ih2w
zaqJDBM_11TelhA!NqGEgPGkDjL5|`W7$G}58greBtrh;P5G8O^P4h6ErNacFL-V$}
zx8{YQ5q60)H}`AXYKJhH)dd&T6;D0(?q#SZiC5Wqa3;=}de9frgRd7)S54i)zKS2EY6
z!Ziort|Qc}{4##x{KMOGk(|*nj`ETpIit8_EU`;#jOqG;OX7rNm-JBaUTnzw7R>7R
zn_2Z9VbzcM2O~+>qWsrt$3Je+AOHJRohkGIVSI(hm)TTx{QOyBDL@Cq3tiG+ZZq<74=jfV_o*Hek8jqV+Z?D4f^q2y5?zz&n)dk^-
z!*RalhNOFRIk0O>;{_GF*@nb)f?uE;x@2x$KL@?Bz`^LBemI6uQ^_!@-KgQP+qS}X
z$R=|ScCKvryLWuSubvjw`&$AAVt(5dqVGlIS>VKbMj^`{49*9{E)|h=fw4$*dCGxk
zC$#`x^~H82m;UUuqyk%k0&!^=KODa1FO2N*)#oe#kwaSMv#v0>SV_b=GqcSBXQ}p@ngR(=euXD7RPs_0y%}1
z&S7S(IXM04f>N>d)Wy9We6qxpC+H22#~FB%(I45%6hYkZ>cp4^JP|06FeSvQkum6X
z?3HQ`Pt)nErieUNHEUawH|V5^I=w;7Q$3f(
z$puz~BduNiYqwVm2}9*ZqjBZhyg-zKWVy}xyQ(D89Ytu4q#wX10eS6Z+L$|$KwWVF
zJg~s0S?olBe8HsT8!P2$kU*?-{j9w9ww+(F8A5bK`neQS_JBVW-|oVb&E<4@Hee+r
za`igHQGD!viiSH`DggOECn%VFQAB9mgODKG2&;lq3CAhhKm3Zy^43pO=|ZG|`X=gL
zBBxm@OmIo(Pj$-#OSf2JHdZ}m?D%ZgvV6&T+holqB;`KBb(D1;F(%fTy9!oTiaS60
z-8Ovz5t-lQ=%D2N)0c;0*NhfD!keT5Z{Y`APD6}b=Y1rm7kBcsqr$g&07{-T5IEg1
ziRuXCM{ihoJwezT?F6Q!t8Sa$qFeR}$43d_)AJ
zuE|G}-Cd25kM8gcmE`X5!pW5DfI7(TaC}_bAevWA=!g0cdgD!JBDOLUsT_*tAa$F#
z=wS7?$Pn}(5yZi#6Gs|A#wQaL=DH2)sd~h&8lM2VFpdr_MJTf|fK3v@^;-^7A15mF
z92X~P0}CAjPyecNWt-<%Xx1}FW|&olV5-cZd%BN;6`*HUmqwcjL2?5W!+(lp9Yi8N
zvDop28qxwVyH^t1+#`b(FoM`
zwp*#i<8e*F>HaD~Dxc2PW1wBc5AitpdIwUoMz29Nuhk#a-7_C*4a3AI@NlS!-n>$`
z0-TK@7DH`*NUfQI`VfFW4x~FFPn#*$D|DYhps9$M01QBoq;qR7yZW
zT6z_wq$H)~29^e4>2y`Vpu0o58>B-C>F!X0C6-XSdCvu?@Vw9G{r&O#@l08~fLokrf
zkXB5<_zLRLm}?%krarqna64mOP_(lB3UE_^XIsXCL`{6G5v)=S1yj1fsL^ej_~S7O
zeo%H}#5?+=F8dAv^_F)$P!TvCLk0s^ATwbQkjvs!6pi{SK4Q0>!+jKH4ZB9akHN}M
za!6v>XZqo7b4d(vScg8O5qHy6y!tgE7`_p!u|DJ&t%BF|77SZ>;^y5Or1he4%@O$D
zk1Mh&J0I?4F@v?5yV`1P^fyc|_Wexw*A4YNW|VJ(Pp_deo|zuB-ge?<)ju@WWnj@o
zJNRs_Cr!6lAV6ateMM-Ud=W-f0y)JS-92Dj!_cf%Jx$L%IqXRm^;e@?c=GNq=<>+%
zMJZ~ru3;xg#HwUg0as4B5MIGl6)R>*N1W920Q*XTwX#wlE>+o1YW0f$t6Q@mnu>|g
zoPzh>20Xn*PBc05(!G3#C>TPb;@nYD$jiszJJoclL(iYwzX53U=R%Pu_USxZFw`n|
z^lCS-$#%)zJgWod!mH9Sj+&C^K@@lGe}pQ)&Jg1$fC)-jum?PsuA^Su@8OwzSS?Ex
z1h}&|Wm5)kzlmsR5Oq$n(^_O~ohwOTwsnKARgG$`05hN;ViXXh($}lGW?S5iK=_cP
zNU_<=prNdHL%RBoW~DZKjTed19dhnFWJ??(XEuWjC@5R_C%jRDMh_K|YYYB;3H&v>LlK--
z#vT)^$15iI0b@mg``uckA?8U>F+=K$PhrzkuOYez2WF%`qW0&}cR^zbP|yCXR|VKgZ9;gnAtR9Y&28Q{gi
ze|_?zY#5Kdw^)m^Kd9X~cLPK`v)tFeIOX55JPW49ao-x4F2Dhdjr=9x?0&j?4FB9y
z1IIY{(eu>c?9^M&;jui5EzjsrY#X#k5Pv;WJmb)GfI*dxk8eccUJd^7O-+kRL>t8q
za2C_OUUuPhtb~7KRR(`YsRw?75t(_}xsex;sOr)h!5G^`+a_=4{ob(N6ma|7TV6k&
zdf^PrSmedi0?!6s^DF5*J=^a0oT_dx>O81>)>Ax%C;h?oS->w&884ZqB{U3GSy%%p
zTjbS$X&6c&~57hpC5><}u4;|YHY&=&;|EKAy7Cp&pB5Q<%g3~;8meXPnT$PnNQtPc}b
z$X_*mA??;2t`~fBz~puDi-ZU8jV_FHQ;&2*KYy2<_QXZ{o|EJ0$nc$05D&0SToXF~
z(V5Gm9GlBHr84&xQ+~!I37J1gcydKJn;T_WYhKlf4}
    fdkkSzv5D(>Ti%rOe0$Pd517XSKrs9mPzxmQCS(m)aWRZLt?fZ8Tp&OO(b7L-gl
zdHt?&(Nzx)F#PZ@UMUYgFQVz|^ON7=`w+7D2Kg$-{@wBK2!+8ZsgBrzHaF14Va@Ui
z!OFkIMb3NdPYzodN)BUyxB8erJSqj;oOr39e-1zWaWdhZmU2Xuyv;nWW|YcZFbVlF
zcbMU!V@Fd640Xbo=G9Xw#0u;nnXtP1$%MlhOu57Ellc<>xGT2djd~LNtgS}(`k0Pb5dm1I6nt~3%2lfyn4g_~Ixh5-w72RSln5V|$DPA7hWScwf8EuzH
zFd(KtUso^4Kut-YUGMxf@!kxjHEl4gV54Em_gvhr#bZx@0DQ59r`p
zY8#zAi|2-5(}Tw-=uT}9)_@4)+@)Uzq9{+*V-m3;`H=3$?c1WEJU7++1G#BC=BqLR
zS?k^i8oR_%*J*Jvfgkq{BR|rSPa#;4oN?BM*KUA;)Rr929EQ=V?bvzdNFUk3RTUA}
zcDix!{wNBZbdk
zNFcnUJuG2Gy}ZsyXAevBb@?q<7IHCX_qJ0Nb
zddAKu3#oX6HY)5bk?52zX}-_#p}=y0C6
z*e$RS@q(~Brz-J}={({V`E^@DV(G?9%NcbgTV)B)NIsk-a3N)#zO(^=^9tKZyAV37V!nK?wYU=ro7re@}~`YjKO$K&YNeC
zY$IV2FeEu&XAa@`KmUA!oG&z0Igf3nr`;lLe*&|iO;-8lDwVO6>?80ivnQd1CvNFr
zhygl!z8Un{E&xFjAUmbo%3-ys{MaK35XZ!6x&-&e=6SsjT3qsMK9xNjDj5GkAMrxC
ztQc$AGniBDgOtiGBwYU5F>r>=0pIUY_gLrDty~Ronn6_$?GdK@$x6`}8>uwKl@-0t
zGWiV72SD403FuB_5nd`n`(#@y2Yh|b>0G&15f8U-k&0s?s8;G@L65NI7I_HGp5!SY
zdU}+w+yB%UrhXeFD<6`2DivMEx(XjF8E4>If2J1pxrQkIZ+HuY24lI##ZIL^nfiGpLKtZe%9APz3B&MCY#J8LBVdh!N8kU61+dy^
zC!L7`BF^JB@sQy+N41B-?itiVTOm#P$Ab{2^b9T{Y&4P;Nm^^U7nvTW4Ywx3Xf3*b
zRq`@q1gO4(H_#8d=aHSlf6qzCh$Ry8`R91o4utZAw!9h|l>2!sy@DS)mo5Jv{>K
z)92LZM_jM3ka7g@Rhr*h2s8wO)r(-bNdHc=_z4*}@q3jk-01HMS~x42tiu9q}E
zrQogPy?AehRCR{P#Zpr!rky%aqtL!VbXC!$@(D<5RO2a6A4BL{yf$gg(`tV0By(fYf2*2B`N
zN`>!xvgL&tm2OjBZp|8XgqS;dI@4x6CClPazC~9-D#V}m$(x>-lN^(QL!=i)m<-;{teaqD3y&lyMm_r*ZX_OmYFaLP1}QcoakJ%nxx+@b%gh$*uOfCT?>
zUG)+SlSLAL|@x^e`oI(2?Iz|=0`)=2L%9>1k5WmZ|uiMe>a0F
zP-J8xnb}cJw?J0hV5m1W>}E)D#j|LNUDq?8b10pQo-I1g8!C_I-{AD!NcQqmS!xeS
zHFu!`nWjEZ`_Z7m<>k-@s|NY+16QLKI|{~&bVBAwZL3!bTeb_W`Hs&n|7Tq4ZB$u*|)NcO@k~Z0VN`q{Ax=gCw1u`P*^t)YPY|4
zh{iZPh<5zt<$Kj$SGdxQ_=gaVZDZ?(AS3Qo7VP`pI9%=avxZ-J5AKZGWLK@c8?jsh
zV|#7@Ld*BF4&wcqXYm>oko~kV<#e<3#!RsE_f^So4Wh1aCsOC-?Pn#o%G|WZJw&{N
zI$0zM3|kgIAV^
z*hVG$53^LzAL556o&5#}6PNw4DJ|j-Ge&E!te)hN9sBS6
z&1V7~POCFd4V_0vm#6%v!q25Kex8nTcE3VG(!3#*?XM@a_rqQT=
znC(LSNRlg(G~BWoY3@3I4_UNY
z^0LWv+Gb9)!ucxaoytHK<-VW);9cYC>uq;7Wf;i{)Ab8L!Swk>PtxwZ}Ub
zgc;rjj-T+;E_0$gJx-{Xczy)Z?QgIk`dhcd_5p3aBik{U#2P^g6rq#t-jO1>gSYXJ
zopiTe0x(;NfCEgyX|No2el75UJ*}wB9?ey<)S0Z;CW`xrrDJ!0_i@+O`hK*9f~*~2
zJcYkRPaN3SDPj*fkGev2?gQ@x7oo1Xia{ga4;H6VFYXO*w^}~la1{8iP3%6pyO&%V
z6klO$20Q|Fv}{OPZ28P6gSKe~D2?ARjNTpB7@b6+vjdxg7>%|`0A(m-%udEZVD-&3
zT0YudVR6pIv~fcv^5Atr={mE_ju@Ci9IDY*=rhT@-N)_`674LxI6ov_e(=twKGJ8Z
zuads44cM!uZ~L~SS>1rNY-R^?%WSJiijV6Z&Z+O%QbO|m#pr}xP?{i*@dTn%nh;vR^23Ok>yY%f4H6C!9J_B50K~siBH8gdw{My;Z6i1P4NDtqgDG
zW1%Ft>8NGi7R3Tg&dgTVabES@NSXmasMjf9xD_~`EvV#P%epm^rN_RtH2>}<HZ?BfyiqmBg2cO(__Dw2fJIV7dpD@v)h+M+U5fM&%)uv+@qmQ2xp<5jav`TEeO
z@0QJY%7#OL&Q#@eKx}C7oyTQjuS7pvfrol{Wi4?9E(YufW~6HYcr*(I12wneUd3d%
zyUDX{ixiDIPf+OsSGHPW0(ZAfYq2mI#dgq&?T%1JPOR1sf-zxdlp|y`DVdaYi#tr0
zz-@PCdkLXMa07pXV!oNSIZhf4iiz;iY|
z#3YC2$O&H|a-D`BaofbkM!qG4dwYkBJq1vUH^$OZ)-j^b9}&;(y@quhre-96y8)(u
zsE3vu58k~2&V&r>q)!T?VuKnpdH96g5{?d=R}IA(%{o}5mYSN9Ro;bifV5GIs~iVw
z=^F_(sn!?E`T>by@YB?$OfNYgIbL6NrQc4=24tX(Y>oM}_ZhZ4MjA6)%jIDcQ+Zq@
z=OT;3kf@KJJ@i1MgFIk&`W^7e_$Ny?x+s;KaI-6?wpYZ7o0~z#>ERRym~-l-vW8$@
zQCO%<7%Z^_YCShTW<8x<$-lf6qHA5_(2tHk4^@Uw&J?ZTaa>5-HF>iJxZSDtU@&P2
z#Nws%p`Za5k3(an2%ci%vcS%|v1VIJICGG68sXZ&#Xpf1z%#D{TUq$N2qfcDiHx`=
zObM%4Utvyx?ivm6%yYfR3qBEHKuKH_*_&hRzd^ih^5Iu4HQlz>Yjq09=h|?^Fcn1u
z?*@RWQZ$Vm=h>jjeQC^-0S0LE0mJ};H-cK!4)TlsiqtI
z97dxnk7>F*xO%zwza0VdhGk~F|7vo6DH77;FXbZwgpTixwlM>
z>}oWc#%F@<8?4;BFqz=~U3u1qWw9+QYI2J8wRQg-slopDeC|n*gMDaY!CjtVO!-w~
zH8V*I&@Q_w6%i$yujnjmc=RO#*ky1X)p`F4A=Pthum?lrc@X`|Kq=@DIP0^=J&KKn
zqlC~iY(z)Ei=C6_^Eedy1(SPAa8KR$e{g|k$5&O-2vZ<{j66O*B0Unn7Et$Ql0_eX
zGDQlT!+OTk;k1}IItjc}^$3e4at+;)iLFX3(^ZEGtJT)*Kvs$g;oP&kNa44I;KCq+Fp
zDW4{zwUJ^-nj+(qcb6MJ=YOc&(%i4M@9RvrfOuIQTON$Gs
z%=M*Z4Uchmka@pbdI=H2Nc78@vfH++iJJP$3^&kOzWwx`7wz{sPGC3HO^|w(>44^3
zst;pj*=tI^RGmAt{*s?5`8emFS-^=UrXNzpfj?`VCitDVUF14Q^1N0Ai^bW#K)|Or
zk+rD^w~>j4AqIxUE*y!?M}Rc`1x}7M8ulIs+NFunv%0{iQRnO4S_a+pdi1G>60ai!
zgVlEM*H`bVZWIPGD>l8zcv3b(4ZMGgisJpSWFvvwv4;6GzRW~Nk-2Zd>M~YO8Zi<_et5pdc*vD3KUzXWu!5sryr?M
zR0j#FcX=f{M0}Xk!LBlIzs%=i`f8d;a&ft)5=n+_A>}rV;QDg)yUICZxEo^aD*IxP
zisg8`Oqpg^IzBm8HQ!t39jX4tp6QFOVmbU=4j(<8_VwCd*g!NeWuu-Uc{f!>gGI+_
zsY_9~-NL**=!>kKM+k2)$(
z@&u?Tpj~V#0@=YtLL={nVY*dEOzfs99y0Iw4$*j8j9g%0$VkV5S&IDX=3iBGn~Ph&
z=OsoB$o8=1r*%ZW{QydGdrA&7T`)#~oJvoP>Mxvhp9wP|(+y-Dwm8GxlK-U+p%wfj
zJc@MPAGgoc|2&E9`f9{-OT4A>hOu=6)YGslr_MUMU(?o-A
zTzBjr8Y(oQJBSis)s2VYOQoj5q5xj6KgyZ*sUelsF7f}F$nyjAsX@Br7;6rm
z9wg&)jQ9JUo-jYkfbiWoc(>;)iqVQ4KV5(L6%33y&U+zwrh6gLy~(}h4|-Tmv5{hp%*4H5J@#&KB{lX84P9=FY+;WeyX2z6J
zQ_c%Uj(}-0RieFTy;A{jQ>!xlSQIDUxo|DJwYySo6C)}tVmnGI54;rICICg3wCIC=
zEZ`$~G!+a|mZG|Hou6z0diDd*tmK$1SKzq&eT?mACEx4y#FHJFe?efYqV)Thsok?Q
zJ!C$%GA|uL%>3bq!}F7)L;wTwwQ>ar0ZjKUtITxCIe=fme5^YtG8jP0h}Gt7x`khN`Ztj#=6u@6*ofc-acQ@k)wQfUdPhfL&-%%I$2&p*8az8vEHl?lO8}c
z@W@+1)APJxIwdW+?N+jikR
z&0|nWJUig}3=c}I#;
z!D25HY}m*Q{LxFl|8Kd|l!IKAc>lmzi{pDl4nq3goAEcFO4G?>W&rMqqBUvpR`QjM
z;YpQjoE%N-Sz60_L(r}9^G&9{UAhmIDk#Hv5(7a{D%ADuV_P(1t5MDeW`kSG1r-Ct
zMw*rX7Pf2|AnR9?&*e|fv)|a{X<$3VN0bMwzY;KUpew#bvQGxC1_)?5rnE1(XzPu~
zW*CiBO}BPUdUhwgXkgxg&&q%zq-~))17KG3&xwgiKrOrRdYs$DkHC_|zOrwlEn?R*
zuTAKQS;=?C_Wo9`9Y7ULT(h<{UK|F&oS}^wXp_b+ygon5lHRw^3|QNXJS5ge@J9DU
zO43U67SR2S-3nZn>Kpe{|Fthk5;o?kc;NgsLrZO)@;)GWZ#~d-RO7oqoTrq1p$t^j
zo~*$~K7x{ii?A*b*yTk^CvRtqD`u)}fRxeVu#DT}wpGd;3OeoB
z>wSD7ZrX-k{^ycP?x!^qAF@lRzsU*NJ7=i-jn-y+rO65y?WR8nbLa06b{E+Bm>dPz
zzfaM%u{yJyGr(aC1N6xDC%O0Jdy|&th15Z4e$mhyG(7cSOC1al{VJ4gNGTx?#+zLx
zIsv>Lmw787;e`c&-PtSRHr?~M4%ImJF3x=ty4-cYtiBHb&fX@>Wjep~
z;U=6&xy-A~y9uO-5N2kzw?%`k`#piwax-X^WMNaY{|+ncaLEQL9`x;T$iJ4$n
z=|O}0{mt#?9>B3^%8hx!B(LvG#h7D!<#|Q@Ed)mr_;7hSfzU6{o#>d|M1cxvK=zEIj&Jrv`8C>28cUcg+oz@$Y$I
zv?5ZixMf!HixIS{d>=FjP@2i{&j-{j?UBa!X%+WA?EqA|P`Mxow~clG{0zv&
zz0tjFuuzpberF=N&7S~K<=cA>jTbT2ksHO|x5NxeY~r5>M)zk|Oq>bhTS7?fBvVw#
zoL{ZHJIQMB_OH(ay8}Vb)&Z{u$Xp923Ciofb>hM;-L@b_(K!}bn7AFFFq_e
z6yrfIpsNB+(N(J%e3>Y`k1iJfc|>&2!OYzaBZartz1ir=4KKCHMn7t~DrqUh7e?f%
ziWRB`AFldU?eqS?iOhPYK~>lAuo{$7J(&HV
zY$~?_9mDcHt!UES!!%+>1(EQzLUuL$w^pgEzgsVzMFxEkHP&S4oME+4;Mo6_3p+_x
z0m5MbDTwA>T
zCj2uod-5KX+07kin6qWlsxuaOk66NKzk=qTr2`vKxEvTpdISm-UH+NbmO-Zl6t_tA
zY{02|9`iDkobBYR-aBpVCJ!^a4GH)hWg&A`ydD(I-09ERl}#|Q*c$4Cp6WnAetq==
zclrS`Ay+14y>-R=rFz~eT8rr$7WdMBa{-R8z)kJn&W68wbulkOwUzYI-j5T}2~-1!
zr2%fo8Kr^~AszJcJrI0l6pFutbHK%tW@UV}EQI`$_VpRpCem0>VHj-4&rI0^3sq0E?-SjOL42w{LtW1Yuwu24o
z?^4@Lsswb8T-9T#evSwHvc7=}@YA&h1K^4CZ7zWJ)q9WF0Uh&C4L(&8Mw>HJqTL!+
zt3XN@nY`usLqdnxnKNnZ$<=iEkB)@;NPLbnya?)(FT$u&A+u8)0(k6{wh&ne33dq~
zNSKrLk79Uc8F$NJ_mJvn477`bJpR1qQW$@4*g}a<%Z-zSk_^C09=x$redn~KLKM=z
zMJgn`EXDu@x=Z}&^6^C-mMwuObO>o=SYv*-RZ(*6zka2QRgMBB33&_PNT5?ab~BN7
zU_-r=xi(JAg8yMJYjeQtSW?l~15Iu~!kk?c^NcYr*(jT656e=zOMsbNrKN_kOyuB^
zodYC~+7>|aNIKQHN*pi;cnpjD-A>?3Ab!UNQCh|neMe-+L}TkE7?mGz7l=~ZD=uM4
z#oD!sSuARNH&m~*6i6LUFgA!X{B0fbEPojYx%o?t!_NPG1n4I!9B{r*zjdB!Eky`}
zcnd0y*RVKNP#`D?1Ya7Nr`BF;O7m@`Snj>DPe;oq)ru#Rfes-92E>v_Z$^H>0^-TK
zICAQ<{I!5?EHAM#omP$?hiy?M0T`IbF_K`-4R3-T{D%S`7I0f)v@&d5eO`k_^$l2)78O{vCdQlag+i^CtB0Sxj{&M4
z&D+RNzL$yHP9SQ1uTc5Z0!y|HYOkeruIc*lD1qvJg|qC@1-?m@P-(yhTdn4zTS18AK2Ftb<_3`nR-IkUx9({P*{L1zy
z+7h*)5i_2>lhQqW;qX?N1LBk17VLLY1pYxj1bi|what>x+}ZVfWpGD<`=G@QMkR#F
znBHe%Q!=sWG2H+kJWLG19^fim(dD{F*J$GM^R&IeN`Ri<$ocxADF3m4x37R*kE550
zEs-@7+j`+qe
zF>b2S8n7jlhEl?_qH$F9>!5wzVb1OT?$7cp@5$aR#J5WWG(m&oMI1FDn{K
zLiT>y9oooWGNw4vv#y)ZUo|7A+qDGqTvVREm~JF`nx1hy6(}3nOdT%E%CA`d<&H@d>oW4WK_iOEyo$!+(&^ATt3a1T2-S%WRP4
z#;ArXCT*h{d6v-EBOek`HL4rXx4E3&VX&3@6RA0Lm>;3wtB7X?>)JlMc%aRz_{AB3~3H9f&$yY4A5{Mh*C{1@Ba
zQq!_GJKdK~p8Vf0>4HA0q>q%_v`cyXuF~3E-H?8}NSbD*syb0%aIj&WmaFmB`zqaf
zqpla+3whn%7G9SO%CmGUAe58Sw7hI?;gfUYwef>b3J3eeB6q_VQdK#Pzi?Kn3=;?)
z7c(Oy-!SEQD17%)0fNtC+2Y{##<`MF)S0v-h}
z6py08Qk%47U8f^ih9rs~LWCW1FvC|?Kjz=XBus(o-={%tPSthHLvS7`9;HUbP7?}
zi=68#g~fs$7xIOe`m>}LRE?~wE9V9a1KMWo9)7Vvv8aCRF5M^`Be#8I%*5~5o|3#!
zhly>
zMWy$y`|jz~&pUU^O2x3!C+w{$Tld#ZM^UU?Q#1|5$zLPonyXM*S*>@ZG^|B08BJ-q
zhN!_;lDv9R->#PKB#jMO?3gl**5hVNb^mOL{xGx{cB$BSi4Kp6tN}A^*rvSEY-Luh
z-Qa82IEU5h{fezI(VP0EuK5+K^NquqIeY{s?#*97(C~Xf=-j>#cNYU|G6+aiIj=O=
zYnTY6w}CNV|3e#&L`V!$-OZAih|Q$Z_0qvPgEUHl%6-cy$E}wsXF1KDX|0So)#F?j
zb-)+QO&2_XYfIwJj!uw`IyU!CrR}!uSXQdq&M1Aq=0QGEi<2vYGbrt-ogi&s`>bRi
zm`0{+0zacWgR+*QkFVHI`D
zp*Z~kF*lNg35K$3QFK;LpM5<(7Hu6{HJpZLr6wge3I$uuRu(rstVMkGr)p*p?nzjjbrUBr3uQAO{5c&+tq$9p}XVgk{ponzUjO6>}%EecpFpvE(Fnd-se_jE1@Ux
zOQpFZ+ofwIkJ}~fs3%tfd`#0TA~?Eas&5i>)u&rY7
z!oH7QYp#)Yf6+W{nQ@5PM
zoejh0h_RjeXKm3Ui@D<4MNXp}V;+ye7#Gt~JVX|X74%jS!F#uLt8|otnA5gIX
zp32Q*z+{7H)YS8mAhs+P&`trSd@8UGdKxjJqiyT{aeOsiX(wN{s8Bre
zCcQtSyU)5P?ZwTc(j^KHn*yd8{F3hyqgK`gWiocLCG-6<^FLR?<`NtX*#
z#WXqtz@)dd@UXq$pb|w@rKE7qH04hRoiY^}>E}muiU&Wf>L@ZXd(X1bfev%87KB{c
z5=VGLnANgGGG+4nS@%23tk(@28VZTr4S#ZfJUDfg%Ha-Wp`Ovd*=X+x=wu5W7bGiETs#@bC8<*4lt-cK!9uUn_Er-{!
zXEwE>SQXz8EPbNACt%!ljeIOkucuImZIM{RVnU;DN9h7bNa_vs&Hz(T^%z=*$icmO
zkbqifD=G_3>vNpftPDpaum)T*s5FMLj1Hh{-#+0Y{w#C=k6T+r*6dlY(N5Rpa}NFW
z2d;p83##KYeTRB=)%5{h3^!(2Y)OatKRcpS_COy4^uLPzZ{YwEqFV;z0{kg(i{p{6
zSq05Vo4O`2&p25I)xYiI;qNG4Y*0y4%oq8B^41{86^dD}6^rUv%)#j|fSbN^+0jW{
z(*bTlL25yZnK{bYypJDkEYI1m(2mDngG7DCH;eO0_ADGFD1OdtW~x1QI%tuJ!yfKx?{I(vy*r6ZQrG7zKM_f;T)#!Yi8gADV?Zi(orQj
zkqLl2Mu!W_JRK(c(&2cQvdXt~a$BN{a?s6>>v;Ga{izyH(n(r9hqyjr
zEWc?0ou1{ry$06Pw?1%K_1rJRKn1(b+iOy`K7COH0xE-SA1e=jO^6$fKLc{hUFE7g<@qZJn}-6816_5OYgc3uRm%-&(+
zz9<1+33HNlC)SB;4@3pFR552;QA_LCd(>%_6~%rW$?vO(TdFE-2uLR`i7P8usFzZ|
zghAtnlP^W25;h{hj@i3Zn-HA%m_K`kgvQDK((?EQh`{w_=p7ZJc>K#xV(n*UEK0Q-
zg)Qz*Lhd$tf+A-J(*tpI3yt*@EDO9|bX0ilAz-%W&=bWy(}dezG*0gHud?%g>q9i!
zjk5A1xEBjtocj{{(Lt$8b%jaa>VYC_wnlJCe{$vJr5kR^7*yyr8;w(Id4Q@G6tdTe
zR3-1=Pco&a?kL}FHXJG$!@o35-9gsP+VOV-s9piplf44^!|ri`;3X8y+GvC-%2ce$
z?wm(P0+b}OyP@I7e>FvKpFkqvnzbz&MysIKm@#hSS7gzkm#3e9YMfyAVoicM38+Xx!K1ZM0$WKP&Fbv2g{zdM6i=*&^Q|#J_v050Yc%3Rbl6Y#HRfI<
z3hlw4;3(>oj{;&^>9T7lcRoR$PcIK}=qAE~2xhv4ZAa|%zDPM8Ovo)DCd1bGKp%Pm
zW0Ai#dSX7%Vd#Uy7zMw32g;9;831^QRBWjEm#`74XykErxPr5HIkL+3G{8bSPHswaB@KX{icMLz52%tM
z*JbrruH7GvKY1KKAe@LKr1!oGXy1*~O4KltE=^BKWbr_G#4d#5`o{Y`NKpLONDCU`
z$P1UVt1@{A%zNcPpV!nY=@~7ig{c``%g3_j=4tyoJZSUFIR6!&W1M}?aMZ2=%h(=h
zeV;9*r_ZOJ7?&*#F9P(nWpEaG(m@t~&w>q%hvZQJ6x@G{{r*4Bf=j26f05t0;(0D-
z7IsaW{T@Sasz$SB;P67{D0NI%wWEl~9S$()ntkw1|9J19fO*dJ!q}7oURhyG(YOuT
z(tvK0A29bFe!e5&0P&*r*mZg(tOy?@3d9St$<|B8OOEqDAC&%#?0!gAd0>&stK}30
z;?v8^JiwK9rR@6KM22byh>}M%HqhingFFD6j%Scc7*QF<)2uXDD@&;Q4di`XPrI8M
zP2*Elx8%=7Yw!K-yOG#X_d!j&e_zrIW_J-PZ6IXW-JJkQfXeC+w12k?xTO*2)TO_Y
zZ?-+>VhJofvLe3JzyX;MO3^(ZzT`ToqQSR$#_`gc&4{M5mSvXBupa&1C#$eArzPqz
ziQ4ZnyZ{bvnbS=}R)0BE
z+~Bc!vZgQJ>sYMO;wm`4Y*Hpgj#s&8x$`=)IXL|(`tJ9+DJ|*lwl$l#pMpPZk0m8*
zhW}fE1~IDu$7JcIYe2`}J&mOT^6Wvu2lmv3RDrf*u%xNV=UQ^?
zb&Od6xJL>a!yi(OLmIP#oiFrTW2lPHt*4;`)MNG4e-?e)tw}G_>2Ci5Ta!6%^Pg`|hC&k!;@U|G4kcvNdQVC0rzCZ}s
z)~-hNh|tHtrEeRq*c{1ZVc3U~hyxj#-G;rc$ywfw!qHcn@K8@!edaG
z2>pf84%OqmmcCaQ*W?j(fxuB6cpE(q8#5he04S6{nr-c2W^-3E`n*rMeSe(AtM$8THzKgflnBp5v2Mm8Z6Q!T-6BLRi=fhj#QL
z5b!BuXApo;;(_aqT;{$6bPr|kuFSU2R_{p)WOXDr>v7LbF)V$l5SE{Htn2SyaH-nM
zl`A9fsoCFdHy`ix9yTYnP|sg)h;i(7=r5k$x?y8n^=Uf!?4S4$rVXXv1vZ@aWv&-;
zd06#7{)D1?$(Q`TUuX=5AQz93Fbe-xE+a8lQj&+zi$e+1R#X5t81-R;b)5L#&6z=B
zE6*ziT;mV!9f;UC1iAqI7Qh}#mI6CJloE!8EQgXU8=@`ee>*+D-Jp=bIwAvU9O~Cc
zi0yL#0k=gr=gh?%tnT?dS!*_TO=+CU!^rX??F*s)u>WYh)PGGWWiTT@BSVtUq&RbK
zNlsbn#$r;YQEv-H%f;+33S;}cZmxZW!Z0TgK#CsAkbnF%;>@kIcOPH9z
zZ7~(nLtZrzkyu|$!7u?~4L-_{pTPvC!_w`NPTb%3Pd0jwg}R;uVNV@6Vzh3#*3T0{
zR~uCYuz=m@R+GOsB=`wdd3Xq5^yItIRXdEOQn+s6DRa>?|b2m_drIt_LYa3f!OJZBO%f(-kR$u;UiT#`PW|{?B
zL*X~JexM)-v-Li0M89KZ0>eAjZd_y!_*UsmmUwDes7wuaDq--DL3^meW#ARW#=L(a
z$nt&l*FCO&hEVJh>{Dw8y#^2QbN~zGsu9b?+Haz$esOAdtC#bX@9LhD=l0i?;N-$L
zMnor&P_L5G&mP=za!F6%qX~L!r@z1dQJE&p*K(66GtE*DiE5`^3tII`aJ?L#NOHpH
z#Xv@HWj2rdkI@qX_sw(zkCGkZ0Ho`4
z)$~Xm|H9@c{jMW4J>?Sc<(4E9uI8Q(kMiFSQlK~SZQ$|<%J#hZLS07gsq8qO|2{sc
zu^UY{^Cl~C+;n|zVW)ol>%y^dh`Eni~r?D;>gJ;TJ{VF3nw+Q%2~
z&k@-}uPpg|>cYEhkQMm$nC<+97QD*LeB)$o9gxaL(0m9SFr__roDnRlb%uy0>biEg
zp}$$kYA%h;zs<5b;zA-bYGjFQRt1LAA*-qb&3^t49?n-8I{0Pe(3t%)+?Z_8oR|1r
zNpIK~luC(+*QNe_EU+=45N*TpUiLbGftvL3=8=_T1woGYyLTeL{|wR(aM=Yx0QtFF
z9gzd(VUW%)=cc|STTo$`wH9ZmX$@W#CVRrG*0q_l{(**^yy05X?3n);0h(R0D^)w@
zF%E|ibE=emt&kO#US08Xdta_O4%o%zR;p#7D=h+GFRw
z^V+FHgHgSQuH8^4d=5U^66%rHT>dD9U$$Ziu$4XkEU$ZJ*5WMUY>K`*_Q6}}v{h3C
zJlUDC-HO0cOeygDF|vr_a6|}1RIE_>A|TygYEbXj(IVn7^E+iK67H|3}>R
z@pbMoS;WtKK4K2CUA0&`6@WNfusBO!hF;4yVoHSg3lPNyfK9V#-ARA$%r|CpgzEDq)y!A9pn?mP;;~;XkG%DQYcThhsUqte;d>zY23KgH5efjVVMmYhcP%AeaTdrWVNKJ|K4
zLJ6!n3bbK^1Qiwz3{o<7xZz3X93;@7w1h)7cq$jIu1;;+((Hr_X?E?@=MvlfS0y|r
z7H`hdh$oA)-TeM6rkhp@-^i&f0eOkH{hf6+&X6<1*EcDzDM8znmwIpKfmTKe=+{UP
zHbTWxB~A_*e-iSyFCruHILsOSb~Z{F_pA!|t0evS6XpD#ScXzoR_Cqdf8Nbr(jV7H
zke>!sDy!tvSYRv
zoYF~HG>}bvP{I!Cq-nk?=;FIbDoz-uzsU9)boHNm<7Lr;`nh@m+f&UHA+|*&zOZ|9
z`sY73o4!fTsRzRHQG@gJoA#Pr=dd%VgPFl`J^lE9AD8b3;_zm!#)?UD({PLYa#z>8
z#5^>~*sKwrc|vw%SPVN=Wri2Rsola_@8+ECU`9*dZ|SF_TCi#=lwlz*oM&q2!&_Oe
zJhV7^I)@K(9l|GW+9mzXv_m2NGE_=1gG4#T+7F<9=B751?cVV#2&s~Ma;v{=4VBh}
zptdrhGt|Cy)_rYINlsLpTg-?;yFA#xa^2M>E+JRjR4~Nq#pS+BhFE}(@=9-@1rkC}
zzWiIh=3pCF79I`$N&NY`Vw8Y}wkr+FL-z|k%3WP<5|eCUwAfr5)Up^Pdnya&46&=l
zoWp2eZ0rro
zvU}w4LV&WZ2MnP}P9Jf2!8T$5!B=^Kb?3N))v+mTJPTP4kI*F~D%@Y<*2wTQt%h&4
zbJjG$Rv$K+PhGAGYr@N~hkAY`lQ#36#Ug^Xg0RoVH=$;~{XMPe`+I!{b(bQ!Mq>i3
zTn6s@)dPi{sOh}J4LKO~Jh>8>c^c2ZIKS3&q1j%oT)!Gd$$vr{5+taGnK&GuC>eep
zcs-?3tZuo@beq)ER~8YwZ7JJ0xZ7o>L$>45KR|~8OR~b3W>^v3;
znqQoy-r~EYO32p;rdu(WAFFEGxA_UL6K};s@@|(y=9MQe)FlGtEd|=BpoIeb7BU6o1^Z?C_~w
zkS2gs>$)#XS|3BlBe6>yNbZ-;9#Qc|S%a%&s#+@)UfFC|!99-ufzTi;gEwDqs$jq0
zfnU#(vsAXOK`@MD<1IK)GU|v!5UmmFDWzg{?Q~Bm!bS-2i1Sd!Lc)pQTyZEd84_`p
zh8Hnt2?zDA*-Jy=M$LR;j9xz%?}<}-IPb^N5WQqh*VROD!A!Ih(~wj2wY35{oA?&N8qTK$kuLu%eN<vECin(0+BrT5O=
z;I%0DE_;{TrE48vQ&j`6v7f27Q^oj?eWaf{p7D#cvHI`M)^RUu)b*@L)hknifE6aK
zNq!+N`zb4r?od4Pa{Hv6lLMoXPYgRCOG*-T!FN$zRnQu;zVEfX-&Hz!1wOouP^VJu
zYG>+8a(K@4bB$RZfW^de`EEt_KV_6`BzXNQqv(gH+=Q4Ly?$n2@+PnREI$)^5!8(j
zF}FQQfFng%tMg+O+#kv(MqW6xeJFQ#tW9R9*baBSs>$AQLQRaoON*NR5_N%UX7c>e#1$78q5TrLHb@1}@8fomWQRmW_p
zK(j!t;WGMh9`J}svIG%%uHUzyK4Ii$1opxNA
z4z$Oxw)=zo|I3@~;6!h0Yz=V58)9{qQ89!zlVUZ-+tyKb6kNa~u@po#vQTX*CwPC@
zFQYt>Zh4O_3)WS^b?PDX#Sxq)x(Aa8GzG#X89QHsMibo;t#p>!{Hh1j>@dsj^{wfj
z2g*O@kELLgh>1TpjRfstZVh5Twirv(q4H`kNF-yzpheZ7_JNvSdYmR^505By&T8~u
z9CkQ2ISaVigHN3+Ej2@bs^5L|B;`wB>%jlkG!#F1g<1gsj}Wr0tCrjjj?#f{qo(MV
z+2u?)!(PDY5+R-Y&#kDZtir^4tl(^#d*vVYlwN(bRy#h{kz*u%0&-IG)l6L%bbLWM
z8bNX9&@@jyAQ^;wML53&n|FWI9hF8(SNAlRjp-*rw4D%;miODJpf
z+ZWw)4199;(oN^%oIKdB9~YXmhI>(I_MW>RuJa@|nAnh}?nNdERUoSs9)X@HEClOk
zel)HI|KEKvnh$^MH_*7++*|O+eg2Sg;PdL`EEg-gLc5&yaC4nIQK~b8G2Yj{u9rQE
zD&i|+SQt~2XGP|A*@Z)QTnZ)QB*St-oQ^`O0{MOOr+=@9f7tWZstsloxg%u=`bB4O
z?hqTYT0|HE=t7@4JXHF3md0X?VDnp0+o4dE*?z|H%5-h08l)(^6k4~nd&~b%;*bJ37`@HmL
zpb*!
z_;(R^E^8TpoeEKh9Qf}9+^p`C`xT%eAZMADSAX_i3uYN@-`cU`$6>K=dT@QrIzY1(kvr0I}=>)bn0WMD>$G0f{hrSdzbcqdN;N5OPki#!8!23)l^{!mx+{744
zuOFr;5@FZuH_GrlcbEesM0)HmTt8cN2jI2oxD(d3evq5%cdTIM)yr%fqLzO(f!P-0
zu_O%^M!R#hy`LkhZ0rl#68yfw7i|*CBL9d2}
zpOXHTZu>L+lFbs&20qxSrsl2O>zO}R8m!-_iyv$XFNh;FcRtPM4n8UpQHsr%!xmVr
zh{#wt&|q9>nq`|{*=!W+KzN3I6AO8NSgg#r`M7i5mPE^cdG_y0^SH7-5{b2lA^@Dlhl%?)eySF$DHr
z0}k0~sHqR&X+nVnBNhx0qR>|LcY;Fx^qvv&ej(Qq>TRrF79qYh*4+~b_MG@TFM4g-
z?Yu;%xnHl#;*&j&-eb@|;qW84iQ?cmJ`}pj0~z43i^dM4!P)4^0s-0>{Dsp0xZq?yrFriM>!qGHKPSPK
zEwV6*iC4s$OH1z}y_TRK)lNTB6qt7sZ!0Iwdt+_~Zq({hJxcG
z)QT~RhnX-55&Z!bxSNvlU1wkdj78n+nl6-s$Vmla-kr!Ha#U8{af-=uI=1xDrIM1>#(k$n1lzG`28-oS#GO1QA6q{_N5yi$x7FF0PzSuJd@J0ThD+Oh
z9m}4Tp?vdHk-K?d>>P8@Idtu^$RNY^)>)dq%eblsPi|_Tz}e0OwGN;>9!%uCLz7zz
zGPNo_vp(F{&lWi}OVf9SC&pMBtNwZ);L3J1;nujqW{~XiFbqI*5aK
zLO^jt;kR}MPmkt>AIvpxSZv^N%4NeocHmWLygx>Z-=@;z{Ju4|_mgS&$YQcq01We^O!R&xdr7p?<*2i9Yn%t)
zXRSK-sxbEtm-Wd^qpydv1}X4~HzKh5O~>tO_ucw2G=10Qw7WJr56yI>@^*h^^J$hA
z5CNap=d0Cz$QC~L9j_3`{Wi+fbT)j7;B`BBQZGE8{MNBbFs)k2(kJ?29*uolQo?MuWhZY*&C<5sIbm*Z5Pv{UD;&4Ku`6DdjwLu
zLnzPUN?aPd+55gMez~X$6h7^`TjO;^LJJtK2Sg%*PU1fT6QA|!Zu&gweG+G}&*$-J
z27cXnQA*jOYl541v-_AfgP?BVIsVEBVt|`PyHVoY_HNNT+qz=Fbg~XNDsXpM&&+3E
zOV8+C%Tvs1Xsn(;?sqloeT+}H@$4dFtAe`HR;wUC
zpRY)qm`!O8pN>~pn4`Yt>P+*j$$K+dzk?+H+BYl1^lL`m>;f5TDDfoOx;P;L1%IV=5n=L{j6
zP@P6I%n%Cm30RQzgH`E%Y4442T%=bkt28DATk@CTy$TvzCuzJQB@;e~FGUq3*aR};
zdt5>pk2fMGNu=t9OPtLwNZy3*6`UqEtM&U
z^Jq~9tJYb&8@L8i`D{S*b&G>*w8X+GghW>!BrAzN2AqYv`}KLFliMu~^DTYNly3;u
zGFJUJW)=ri5fD!q_a3)Of%Wv<-AS?BVp5jkHFG;V?0ET}1viHyHjO1w;Sx&WHYuqh
zwN0wU=({d6gkt$)s-|P9t|AEklslXcf9z$Xx@&9Ve`@zW-1D!>n;6ScuT-D>{<#Lbu~hdcM@dZI|%dHNi+wy!eK}(L1dE^
zj8%h0-sAk3S-v^;HGFkpK0{_;uy625ptlWw
zbv1wUR$#$|I_c$kaFx18zRvuCImGJHa8q}!x1E4G^LnoUTV^t+ncFwF1Ji|i^LGD#
z#|+@y=%Z6uFKFakCY3e7pPQpKM~|(tC27LZId6NWjQ3a0qfy4>A~l`BUs^00Q-qtY+d`7<((1x|JX--NU9k{mnx^9jfW6fZ`OEka!OWdB
zS+3!@5KchZk&5K}r~Vp6qjhdo%|EM84l9ckFz{g7I-Xdx?L4!>$d*a+E)_v7Ggl5;
zzSyj4Xqatg<^??c;bM;ZwD(lChuIPMapJp{wq9xZ90JN@PNLcqR{BD7_1d!}y^Y!3
zwx0$s&bCjltwinivS1Tag*CLRV>FZ{PHwcP#x4W8!kgC-$ZlD`1)mGu!Z(FV6|CH7
zCVl-;hd$Sp(Iy1oTTKe@5l`M#H#(`0rS9hpq<%U>YvPf19K-wu4yNtvB6UKmB$U(h
z@~4(yNLsBb)wOO9!nzYs4y^Sm@-8mQOn)RF%GXYf0W?SynPHAOwI{_uRl2w%L&q-$
ziUA|J86WLJr!xLXg9m?Q8{m%Ac+9Dh+l{bz$UABxlSB9P1})92FlO;SG*AIU{YPMWw7VVoAAlyS>K};kdk;-*zyCSZoYTz;x4GNzJGR9VI1YT+WaUltP&4FT=!KcYa}`@vd#zb
zR_zxr?VMe>Pfue(V|ycTd~@?`8hT>58Jy03IuRfS|5Ca*x_No({id=A0sVR~1`fnf
zrO)LLHXxnQsICaqG$i0Z_4<+u_xaxG(l}GKKgb)KLf!v;yqR$6LZg
zxcKowzNb03Zaa*)#`NppuuOAI8@;tLsBFL1O^zMpPl=%VBLk^!I}rYgjghR%)W3q<
zUw%C3#zPu_d2bZjZ-NM!4Au*=tEWYZQOyM2)reBa{_ivvz#I`NzFX5+zR~Q(xJhoP
zGBy(;0=iph#VoaIzeH^2W=S1Yb!>fMnX*mv#rac*gug1qzFK`SMBX!fFX}*P_nuw^Xb0kXzTJ6&qjB34ytDCaz8|lxVv(PJ?H-P0dRgn<-$R5$62U8>z58{-
z-lOoy-CaGmxs_@p?UbrwIxx`DUura4H8r>wx_b36W@PnJ>Xi|_hp>TjqkF{pvdsHb
z^$DqiaKX!j3Pzpn5qQL*bLF_a(9oo)Tj1SUStbUXmLCh8K&Hz+uzSpZ-FfSs{<>z{
zbduEf%~5C=LtXt#P&mL(`PR)OytzzRKMmb(*NY}Yhj|#BX=s#A6WX1
z-RHykS{O$_U?eqp^6iFw!KF~Xf13!;!?yQ;r}q0$FoEC_2q!T^eP%OO!X)ZIOZm0!
z|GtmmmxSg{?81$;2O+*ip?3H+3UhM^7AG;yj#F*m_$*gIXH4A`c{2ikZc3X@=w==76UEG
zk(jYZC-#aGi>D<4RT?{xPXDC6aNWG~hn)zn=emQ-Q>>L1)sM{jq2usS1VDBRxVYSj
zb_kzE0z(1g`~-xh<6o{zP!V-}`&r+s@FCMZ}stCALqSbfjF_UXw
zDC|$Z{Ok`#4C_x{9oSaJ?ysVg^m-zt<+e|HIUB7N{D7(q%v)A@}Q;QDgmd*~XW`D$$5)*Xt1+7k!-KCSu-vm5|8}?yT
zw4TK_I_ska}#QekH66TKn6`;T10)0OK?j-d}NN_7$V
z{wTg{!f$c*-V5i^X0`#h=$>E36CiH;q``yT&6&>$oo
zT4~2K3r|%U{a}cftlbnh&5AUXdD%}Mp~i)vmAq5!XukGimIOxV_xEEB;+jW;HS4N!
z$$`yatN#@4Dy6ssV5+hBNbQuu4JJ#phgL6W1CHUO%cLA2wT0@jPgA231s1QzLwfv}
zgfKBCN;DvqMQoV3&w(}mYo#EcI
z6-vIAzFs*dxNs0}6;~jR$P3f&KgQg&|B~usx%h#3lzQGh?HGt%oj2yMN``F@To+s}
z^|0-l>*wPCb9(3GfVFS+b@-0)*KcV;~7S|243)4LL
z$7}Qg$)GBM4WV{O6OipLF|eFsNkqmQ3#U}pMFPdyNyvHzc)<%6pXrGx9$gq8ggEFg
zKE{E_SdjH5HCyXeS(|#fnQ3haY*o9-un4N^p8(}|8M;bQc-rLzhTj>zd6(9$>-hEC
zYf^&8qm{(`M{~jNo$VW&4{AYYkVjwz$4tx_x`N#AygQpNDe|wxO10hne4Wr)=dj`6
z)Fid>Ri6TKaGt;Ad20G34E@7@lqyBP3jW%M?6H+zRW$@b(%
z`H!Z)f%f%8ztUvNOdOwJ1Fd$}DP|THRR`d`)#q$9PP3tTx?%K7#FK!Q8}a2BWEPX%
zuN>zAvS1H>^IZPvMC-$Nu~`$|3Cr-z)Vu$=i;O`AoX1>x@YLT}9|M?y0^I`n2ew5K
z=ZZHSQX6^2WVjo8D2x{X)HpQZ-LKq&_GbXeMSFv*@NPqD-Cgg<*5&;eBNxCl8Cg(J
zdnd4EdD%t*Hmyk(e0al~l+wldl~A_sC-8b(>PR9byC2h$`FFoddX`zjEwT8BVHtE^
zkw5EZ17pFyy3Kxl9-sajmQp~zl>azA0Cobia%$cn$C~M(kLy{h
z;K5ss`L^Ac!WN?|>O$Yh%?t4F^5-p3=|ZFl{}EY+XEuv%9qq0NnQ3*rTn`siA2g(h
zDHnK7$pRJtdU=*Zc_@NPIT*eW;m!5wecSyh^KzYhw}s(Uzs_&l3YW*wL3a)&P
zm3Zy}Kw1$Khhf_s^2Pe~>k_-_+F~r7K5XZc?qFvVnE>AY}*Gne(Vt&|uE0-I}hw7RCiXT#K
zTr-v=ElP*)L3q@5ZQnTOnO~0|z6E>>>b*e?1Z5LCI{rs8lnan!#OWloqHMaYX4I`{`%-LC%7DWjn7*Sbl}oG;yq-ZTvoYj5nXW
z18KJrR_wXYq>HTc!gq1Ru|`(w$gplE`Q&1kc9ok;a>59ko5%&V&Ga}0`}9-+HB()(
z7op$6n$UZA0SnPHD*Ng6;RgXv?W-ZMn0+p%d$~Ss#UUcd!{bTm
z{rs5REM<3$-@ZaoCI*K~60;UG}=K`9`t60HOvJPy0bz6a{Luhcvx?^e!nB+8Nn`W+U+GjwfX$<9}}J2pJYf83?#H#aZmcMU#xQ=
zzIzKHy7w%p>o40%u%q6No#6=Qm4Day-7er5=b%Batm(S+P!d!O919>FpN%kj45-y*
zOU7);)U&E{kH5fOy6EGj_M^L2r&u<}O?HZsSU2It^ZNB#Q&A>Sr(&H5)Oh#^R5vVr
z+~MoEVwiP8SE)XjdI_t;2UQ3(@jJDnt3{4XK?k!m{fI5b^tVmR
zE|B3oNLK(*T%cnkPF@t{(%ILedzDppPD}iCqVFCqG{lZdSnQVl6lWaE=TH7A=uH1wRk#dgje)f$4L=7x)&XlBOWp5U
znMf8rT~~PySa6LFPr%G)49pM(bd}#Y)2i_LfpKheMiyO9Vj&pK(l|EFjJ@0JI&0VZ
zPx@{l?odw~L+p6O2!DIxFcjUo%=smjF&@$;;RoA|B(*w74cs5GKh5W<<(Z+prJ81N1qH4ziHfH>it`pu
zetI7I4DA~GRqA<4(_sbiAfw%>3mPPTRz&wKs0JGYrEaH0{GgRC;sppSBtj+s3UWSA
zRs&}e9iYb<;sEy{b1z(OP~_Fhh(ecZuI+E;O>FpBb&DOJUzmRu1s7RMGAB<9S-c#>
ztPGs;tUxt7C@ejE`f&Vj1C51Yf91L~OKdTfw0(wR)UQ1an#A*b^Nf??{EH*&)Vc2B!jYw@!a;O?Sfi-J%x|)>RU@5zr$=9
zr?OT+fJAp+Pym49uD?_I)h~i6F1nbq0I>eCYY1?NrI7(ycCkaE^a
zW@z?0*71d){q(FdzelpeP15e_X*<$&NAvM~K9DvStmQ7WFyr3aCae%6sc(vwud5DI
z-?o`N$W>QvKLXuFz|RGWW{;h`T{>=Ul7XcOB_N2K0;SRu-uWg+^&ABg$Vvk9!zUIH
zdRs(Qafj5)0N8GPp0OqT$3gY6fzZ*Ny6giPN(lFekLB$%Yia@2K={5tRp6#N0jvkI
zP@?NE;~^upBh%F_+jLmYzpOh<+9UT4H7_=8M9%gwEx-K>G)X7DST38l_eG~*H
z$9)?UnaE|GvOWIQ)qez6A$l+8s^8hdEsGNiU6_chHyplmdMx)SC
z)UeFGu=IJivb=hu%Z6OguKPBwb=ZG)jT{&_Q^?B!H$u%|KOnvsLGPOJccliH&&hIg
zfpmhU6Xysf1uoVcQ8(r@S_n!pev|V;4FA93UI&aV7m!06d<{Oa@}^VwNulps@h;m`
zKaMrIb|DDGI^#m$GPfVNH)4SYQzu8G
zIe-pyKQ3EW78Qbi2AXlL_A&lpTjP(jl^GY0au@w~CZsPL3`(@v!i9P-YW8BQp`wdt
zPhar=IV8(ywiHA$O+cSN9N3G{tb%uEIvH6)gBb-;(T-X8-U+{9g)&YP7^XptSwauu
zzWN(I_*J0%|@d=j0mj2k-TJXrXnDn&E9W!b$SsuM%!M7=FBj75aH6+w{PX@VuL)5N!dOCk?&|~g+nY6QX
zDwdakKsoSioSKW^bFg3Po7+~`BEjfHbMPtJJt^ml8!rn>bar|hFN#D6*3E1$
z$0Dm%U!j;6S!Ko#_cvE~;rjU+UxT`VnbNw)-k47L9GRtctU;e#_@sy0_(2XLQz2HrN=T0deN_T
zcr%VMPv8B#wH(3Lg2b(3vGJ{3hjXHsP-ndWz%a_Aje$MiUV5CMwgH7dk~6
z?6Qp~IIIsUOJm~~mAld51GFGrqeAp`T>e6Ac)jAMYUc?T3lNe$zfpNerhNyiO!h6Z
zy<%pVvc`P2?dd+akt`?GseENqPm>@}3fSIpFM1Z)c-i!q&9fGA9s)#5H1#4$uV|}r
zh`#8aIR(Rm??tNUuB-bpDU8_+&@IMhz;(kH&{%z+oT)_K-i__<9JQfmBgqf`)E(k9
zXyLQe7#Jwbk#pSx0|kFjh*&+u8uk^pz>-~)65{5w{m)wHGv8rd?<)MoKBt7Kdu&TY+yVTyPjDFjT&SWIG-lqwMOz74aIs+E(Vd+M0q`{Rp~`v9YkQ5?Z^6wFML4DmYPSheKYznI
zZtwCip>*e|HIch~pddqo5oOWnIcYES(hNBs713+EKCK48=bkqvh--hs4#rR8w=ICR
z?D1nv0C&uH;@nlBiy_Lj_&&-4y=hgnazq*snon+AWVIe(e|7W^QC+<4Dl+O@x9H$W
zyH2NSMvd6s-K+%r@3k=vbGsi@9PQ?3#aYJJ`Sw$@=mO^o=mYa><|Y}cN93lS%1K9c
z&tB(}DM+EXWkEowGNH-ro;${q_h8hD7l%Mr=1A~Cc;45w{Vr8&SJDa(2~;wH!uUK$
z0X$s}SFt2}7Nm=?9j?-vkjN7d+&8UBFX1E*zA`I*TW|!aSTZL3I#KP=BRY~;7VWX7
z-nr2J2{2)2gt)IPmJ)u0R|c-7QYWI)^&jE!1acIEBF}y4VD)Q#cb>++)t}<@3MLo2
zmsU^l5$ye{Xlwu)dNhm?LVe}BI1L*Hv~YkzD-)MDk$KDU`>r||1QHt)6ojwzm{-G|
z{C4*>t`O$~jBORy*{>InbI(i)>7v_ko>MrbOwqtv@eYLwVP2UPMw@|8*F&NNKEu;X
zyv+!U&W5xy5t)~a^AR*h$hKeKubnD?-Qm}+6oKJI~sgK%k572Oxid~D4Fvu03
zvoU_OS>E~9VDSkUF`WR$)B4a$SCB4C(H4Q|egyao&W#T{Jg)~%W?H0Wp_lyEefp?b
zHO;@I=9jOcoY533-f2t1Wc!_dc%x%|(kNl@pF`SViw<{-ASEAB19|{
ze(*P8{#h;lNGPSyL%XCN8icl^bWGOu#l10bmVc4QG%ynw-T2RPqKHowvRI|Awk^DE
zk?d>;>bkJA1%11?mH^9F3XS?PK$CcJZ9GmMbzvA75aA_Z>SHH(rvFU8S+ip%e}#ey
zM&L=ggB;%K>d|PFZ=hVoS9f&L`jVs1W()0?xSH?z4wpwWzK`nJoL80QXRj(|+oqc#
z(cvHGAH_cz6&QgFCO$(5wCWKiFuTL{q-Zq3Lo9a5m4YG6AA+PfO)VPxNkL--4aEfn
zz{(O0T?c&nI}~UF81g~kREg0H<92~kfjZYELZE~S&aF9by!4v|4a`&l3pzB{V@%lk
z_Mi@2qZ?a~{Tap0#|ME4QV)B2?Ycy)
zu1B9Yo%bN`(A-I_jF>4+LkxXMf9Yt&S`lzzWArr8tf@k$
zt*(R+;RyEP;|ZHiR3hCHa$+wRt#qkZCDQuPsp$m&+2yar_($I00G>Ti5U}h~_0MmD
z^B@5hSm34E{X2dT9QBGQ2hwbmtR}dF@pZD?FPPu2;ATg*IO59q-Zo22!=wTvjL4$$
zD#}|vP|YQ6%=0D=y{;c@_40`P!}Z6B{1+A|4blbi7?@A0!$+9myoqIz7KB$fG(+8z
zz@Ya7X`2`ST8DF*p0O@yg^Kx})TwV^DJv9NMCS8MOjq#4M4S)3M=JTZwgJ{Q_IR8PxINj6
zGPi{ShZi)k*x{zC;2%)!gz2PUb0r4Vs+j!&9{}Tc)
zhh?wA=qH&s@WgomqE90Do2})>9C09yz@4j6nBR}q5zBX~uiM~C%^#$dsnF4QJ2rEF
zpslkWTDf(nbNM=3Y<`oK*DV0gmLpoaFJ|#xC#VYM@c-fhv_c*Rs+)gMa5x$v&hz>{
z=g-QUSfBf3$A)n+jBReTCSKi|H81zW+!Rer(R){<^3KI!MP1^sd>DR1eH`bHqOP?V
zVQ?FVn0OJae$J}TAgs_uzRQcDPml8jA7(tj&0eePR*69FnWAX&NO3TeWRCn%dC6=i
zOPGn=jJq4F_(R
z9ekQUKja5&CRLMN=I-4?N%Khu!|$W1&`LYx2ot@P_g6UMNLb;VK0nc@M8I3eRO99oOhYo9U)o>se9uxcjKI;;;D?bOapu^et9<}MsQ2{$UehsVk(
zsd))5y}Rw;BAaF6uraLqMMjKW21&`9%8I&$nLzJvBG^HJ!
z3YC7n`6(Wnn%_*pd-s2j>r*tiw5GdsZwO`wwl7UEcv{o#nGzllY$G<&Pn*=z-P-r-
z9RbxAos#X4`t=p@s^#sKf8Zjn5x2yHy
z1adJDcbaGRDhP!&rosCwth{g?E^d`XYBdy|Rt_q6X-2QlPuWLjc}
z750_L-H1JIMM{WEd^8Rmob@omN^5QD8eSxQo#219&u`N~XZIvkUJ41b@ktwB-G|EA
z*u4sxnB2ThCiLo6`@0m|G52b+#@sS(vhG!`Q`Vi>oDb>?AM!h;AvXN-5P1C3-<hyklfKfB|p@y=T}cmtSA{=Og>w1PpS5
z08rw0PB8xlCr{1U0n6kb#^=(&f0g7y
z)%VCGxI^+WDk?mNG`hmqxaTAe&S&bVUO14%MpvtvrTwUrI0wOKhB&e+`ee0Y?A*Io
zub2gkd{5hYQ$elzt`lJcf#UW{agv!`{MbQuiN*`*+o=0jog#fjNor1~UlkqP^^Wg#
zxpFh%imCvApF>`5+mm-=i{WY=ST{|T%f(a0><=ET#-8)eHE|l7HuK?IIx5=X$IHVXeT3PW!@lx}9oXR(7uKfFh
zBYedW2ibOACbEWxxXtH%*&|r!kfpSmvkA5&BGFYf~w6w8-rSDI8B{X+*
z?earv08I5Bf2qFOr4%Z~?}lTOO5ofhH(Gv#j-xCUDHA0ICJRqs6BDQOpD*{%x5T*u
zo;N1((MJJH0yZ^t?X!DC*`bmcM-K`>kLjP8nt#Wz9ZCKt`!IiluGrWm&FkoTj7z3kK4PNOc
zqN^azwl$&EQ0Tj>T)d2-KR7X
zZ|=WYdG4EgBLZ*oN}jBnnfyq=!hufT%|e_!l{@0^*)&fBDvSNQB8rn=Z=Z-ofbB{`
zdHp6kp<=&06*L-UE9pohtty}1Ai8_ZVL;QHpVrNtc!|2Lxke3^>AaP#D*m{xP1}A9DxWublo=
z@wy`N0&-#1FnqZiKYBX-CE{9tMVmemHQ%2NvW4Xrca-2_lx|%Ve>!S#_~k5Qh8klE
zZ0Ng}wENwt2Mo5?=+evZXoF!pp@q^gO=v=Z(S69n>mSFyjZi4uVa_i@EZH*hBrcTS
z$W?Ufh)9>GuQ_*+t%6?NGxt?hf5E3Ps3SYhLX$4;f@OMXw{NNLMgDi-LTiZ+Q^-h|
z`0#Yca}E`=>ym1jkn$l9ab0@ir^ZIHd2?hRwbf0OtVX^vhJSM*8j7PXn8rE37T#mc
z62^Sxx}SIuGCIL+OP1ykZ2H9%qX&;}3mtQZr0@)yKt>2{AJ0f)=^bl{gh=Q)NA(gJ(7I@wo4J)I=I$v~H=8AYeME3?kl#SiH-vYR#&GN^j#JdF2;@#xt_zzT
z`4xH^(pv0D#YQe@n#*vDzS%9h-Ez5E8gG(tu|%Ty0GtGs#z?Uoqcu+@@wdqIciiin
zk4wjo7gJI(*@fCeGX+#NPwx#EhWVy5vly>AVbXGDF2#;=4y
z{G-7As+iy|Y|Pgs_u*`bjSDWFlEByH31GW3-3bjexI6o#lzzgCs3NvkGm}$iiu=1@Pp#HTM}zKsxoT=u$0|N8}X;eJ#ixxc~e%
z?Xo;w_9=nv7s=X$c+XYg0kV<6qzh#wUW`xA8oyz&ur3bgQDC0Q(mJgQ5(n+ej;
zh0iXE=O>@k_V!o}uDQM!Px}nhuyk>h8V$uP`?+&6?6!BHNg|i2&pGkO_dbUv-V3t)
z_wcp6=&#lbp#P}-np6@&lqh{_(J$}h;~cVLbrVG9#hu#@5C0_I*QDsIyPnxcq0ycg
zObhbUYY^C!%}P0NG2i$`#7ggGHR;`FM@4y-;%WO-HZV18KDe;9y71C`c5699`|+MP
z@sHNWe?nsegWbM*nf|Bz&MwOZ(aMo}Wb1uCHM@fkX{+`dcu4c^K>8Phr@nlG3J+bF
zc!JHXA*_j9oN^rk&;$hgJ3JI0i2l>M^F>U&!En^@Zrr66D{r^Enf#E{9zski2uHu4
z;l&G|+XUWt#vBup?HbQ+@fQ@olOMW9UmhbwxAP7Qj!l>J8YDL5L>>aU3I1x)GlPS)
zjy1-I1iP$P><_+FlPylChCWA#Epxd%1bK@>sWwkf;dq?Q{^T3h7im1Cz{4b5q~Q~)
z0IK8^9_Nh#SIk@NhK24bEIevv1k;TYpSb=UxveDdvKYDXkSVFO=zWJnf{s?k^wl8|
z%+J_3J#_uX?z3Ds(pG%tf@Qv2q;EErUzKko;Vfo-xG51s_#V9Pe|Bp}Bj)SxR&4we
z-kZ309I;HhkSQvTlOvQL1$MV?WqP08PUBVhJZ4`XmB1@dR>oj@9Z8p>Z83aRQp1IT
zC$R<=?x<+E^EYrjq~r}UYDbdOTcNq1ulC(U
z!GlaETcpiy#aNu*b9`#-a(;;Gfr)*^N9=lZg8z%ucxgKl@M@Ay>EUeDBHM)Wv5ndU+=>
zJXJEX1&i1)594`yMpBqF6OZf5vOBlDP6+$An3ZwhQox#E;cUr!u$YpI7;X>QHd6b7lg7Hj*SZWb*-PhK4#2gll-
ztYKwlXJx!BrDIX8W3geS3Vw@|tjQ_x_D@YEOY;CED^`KPsfqKZBodS)215iP2rww@
z#2&_LY<}NldtgS@&s!g7@5kq}FS?W>4c92Spb6T^0#&uh?cbT-kIv4a8#bsuC5wtq
z^r})|4}f`Hvk76jDj6Q<@{CW%xFey5(m8mk4TzQxn`l*OIflc#;VV|+_f
zocR_dLTvn!yYJLY`^#s$gUqRl46##v9z3OR+W
z7YV)^7(P2#t-vdS0z_YJF&U`*3D)^my?K
z&d0GDCBud%pC)3*A
zg{l3$s!_DJ{_^Of;7ik&V$t=pE`g=16&pob@0IeuG$W@aGdhoXS*9;asEU>2;BPq#
zrgxWyvI>8UuSv5$xM=0LIl>g`j+JH0@y<2JCt%Y@qV;)d;y@ru{85|C*(dj0^>%$z;>l
zUVo}wUrbL0uo6+splwOvcuWuC0WF9JQf7!ai%}vXy4@IP@QfTI%+ha6bEk~FPX#{E
zv(jUwW;o_rjfnokkL2|p@`2fbL+>>DBa8%rlJr#ATFvxl5w
zGE*+MHQwGHD|WJGH1#JQ-zg*-I}obv|9GE=*?QUv-j!6Ye=p?djc}8Ec>`VNLpSNB
z)Tan7lGMn$ac$JyHE@7DDy4?V%ekRfDs4Q5eXQX;RueFk?weQxA6@(7EF0z7_pZ|_
zdL*Rg%-&WUyKs|(C#%_U0`{NaX_gaW{E~=>FiXDWG@N5u{~E2vBa$x_C=SAQ{^?>>
zy@{R4MNlJlJFSm)4t_#hsIk-Xdv1AK9j_A(d7tv#Z<%z3s(u?>#eZo!ZWZEwsTNxr
zpm#bHXgjklv%-2Zj)#0sSUCTJ7H&ILdRMB=%a~lV!U3zcUXvt&kW%DbSp9SfNxU@)
z>A>FE@+>9ZgfyJ5jAUZ}lHnfQxi_Kl@A^PU@91kIuLqvugkPLU#8QGs+F8FWmP#44
z?2QGlKeF3x`h38~>AIpNP0_sAAR|<3ypijlVQSJ<5I}S~VU?_gzN$Y@(NVM2E%iTPs7VT4k2HZd`Oi>I_y^8j&c0e$bCcV&w;bJTlOVpI7$#>`V-M?$Uo^@Lm
zD;?o*OR`kbj89)(9vSr>f=o|9a3a+Ov>>V^#Jnl5vwOTEYx
zBYLg>3W@jSW6I$wPrk`!3VqF2|K;o491I2BCKZ3ol&;h3zcFR%Z$YTX_`bB9^zX}y
zOgf&4w__GD35Z}rDLzSvI)4A;;e;X?xS3u|T2VE|ZHlWsW=(JX&gOgZ65_4JUCBIw
zQJ2JH%&VZ>NLhbHWY(^DtjB5A6*ocyA)Kgm5ea;DtlY@LUYsB{q*SoJ+g5vIjH
zru#hZ)p%dh_|fY@&W{W{Lb@Gs&Gnos6$U}<@6Kh6E(V}B+$5Cz?8yOb`&1<%rKAbc
z`_n$C6n<#LEk$*esS;=AVVeu&o>%H(YID0Gn`)0aD^D<9+xC9UP^3PifX~T8C-cKk
z`uslEkwrT<4i9bhLdc=4x-}|Av^9a0XN#kJqw*|ZR(}FS7y+dDWv`KpMHQ7DK9?-=1+ioGCDHA`?
zgGupwSVw7F+#0E1&xGM7#09-wcJ1Shqgjb$HExyVGU2jmbwA
zo>K+XO*%vbH_3|71@D@K6Hgo-?#m}lhP`33ub(5@Cz`JqJptj)G_iKK_o}Sfm?Ed_
z+md`TB{jY7j-E&AdLp&o^O!5?1t9|tUcG*;xkKvb*rSiIrtk8rsgooLdgGiNE-mpK
zKO;@}QqvV%-AYHG%aLwVNKO<|sJjXaEqSh_v_DlS=aW98#xYu`ul~G9^OWk_rJ%nrbH)AynY|-5`3Fu~#n(BxXCkF0cbJ!mfh4UijieJG?^joJVgo4->{eX*QCP
zEp@297hX-6+cEyYQ_A4$w~;WmW!br?yvVx}kw0YXUM`bLjBH{}IcquO_HUs(9nt@R
zZB)MR0fa0ukFueQOL?iTQ%j#Gx>~(O!&^baR$UUqi~3?3ECVyQ
zzBTEuZ0Pk2%LMbyTd1O~V*)Fv?EX%Bxz
z_ER&TgmuOw*CavxKx|q*;B60!TA%1(=gqHp5Z^`YShjbW4nBVXppnJVL>mprY
zL+zqS&fiZHp7H45;p7pC)!6O<&Xa7jRi3;G3-N<+-Km9j;-Dh1F75^D=(({&u3VKNPebW+_v=vT)g0JW)Et8m~R4B#@u)b%nRw{aPhLQAWOfnqI`H
zO-etx$XcWDdGB(2HwOFxUIogZa|T@IYeb`~~KKC+G;Y
zI}*8KxZ>7Td^O@SnbbzCMBJSSmZ~hJb${H7$gjDkMOLUOQKf1@G-pn(VUdW{|N4~D
zD1B~0?d~h~E;~DP4zCSV2`zNEdT0Sg&uHiu{7hb|>;b8e0^_UV{Kt~!M@a!pMI3$F
zH9QY%5*_12)A8py6Y_uXze)xj!q&-+sjzo6ZIhCeIWO8#pT1+K>}k`!x~i~w3TX~L
zD!p5+^T_QR<;O8w%cS=M+jC4N^3*Y-R^KATFA4pHQ@M~I3ZA`gzm8hmpBCGMf`|9$
zS@oiAi@xz^@3wcsB*K|M3L_ZiPPuJT|A3h!V=i@Mw|2(+t9NO-M#)6Yx5|?|EpBTV
z*ZtE1(6M>`Ad(%kFzi%Sy>)3e#w=~R!MLM|3GZwDMzq3uDQ2(VH6)&0V`BubNk|XO
z^t#xCNQ!`@FP_FQbV8yk}^FYW;wD=cwT2yyl@1l1=T=EHA#)!
zbxd}>n->=Hi5=d%_4z?c=11qdy#MeGzSFoM8|1FewrV*(PBTUjTU64BA}|xvPOH;_S%Og$?%9UvHkiQj#`?k@X05NEn?)|a7HsOhmN
zVUhSUWT$~*a`5<+?x8nY?6b?qlUt2c-MriRD#gRBsE||!nLyl`Gt}I!Hs@n;F>}EB
z^{lF;1a`3&aoiiWUD~~G;(>qD0{Id@Rr64=p!Ut@lN4~1`;cs>TQG5IcS}irxXrD~
zCAh-nRq=?#OPv~zju{A;bow1$!1E}aN8F~W%p-Oo-Udm-5fkA9yYNtj)hY^t50Uj?R&quZ<;Vv$Y2>j5o@_BXXj_36nS@KJax3k!R11)cSni9wnX
zLcyD`s&Ngz`C&gh2P_<41dC`n1SD!3M(feJujBy;3nh
z+CDMj0+cB(sCE1SJmG~mu#l)ZGA_)khCIYIO=|R>v#BA@EAtg<^36YaT@)9eO~cYz
zt(spX9Bv`*xbdwvrosj}GxGD~$QCnv0Vh#kl6A>+Na$c}3x%p>ET4MiWEa<7pQSYo
zWAW{x^cyvt%F9F!v;(Ue6_`_cp0FG6$6sR?a{fUt;*FXxR8H$Tki(`ofg-Kh+BP{z
zjtQY4nsfud>5mp5N<uqc6Lez&xn`~ekt;L2~LG;6JO#CRagU)0}Z-a-1(?M0nY
zRQpsSb&JaNU~w4qqaJ@5Yt%)NAni&f%9Ez(7y1uWdMZpt-OcAVl)Je>{>@&fDiE}u
z$>ne&m_ri>j8s-Jk9jaA@x#XIa=<;{3kj^M?m1iH3jAec0m?#)>HS|5H+ZsqW23jg#Njzdf+eeW2R`
z5y;Za@J(GLYqML=RC8L{!cs3DWVO+J3a`YQ#K6g(e~;xQM3^EVEOx4hf~0FQD!4*k
zdBw^kVHx?YWvz_GFS#X{s)OLbGQH*21O2B@PUAWanqE!oS=6LT--zJIMK;BoF}$BU
z&W!yG{Ye&og)V1?hG}}O6$SnV@3-YdHX`%@dL(bvC&VIhR39P2{)Vqi>KF+@&S(}O
z5-FPsQ=idOzLhTGN#0Q9PTm~c5~+ERkiCD>Y)Q4Gw8>-MLm-!4FKQ20x8R;T-yI~J
z_EO}O)HiD@StE%OhiRD_E4u8N49b2?VA*~r4l@w4ymWZ_{Eb3*mS;nX*YiR39~Vck
zP}kE?DFl7=x+H~`HvB_xfFpOx#iruylYAb24tFm+=yewAtyVr0Wc9L{tx@Nq3m+eC
zl!?%P1F0MlNc$j=Htmh=Kp+_~fIv!i39i46>3hz|kvd^JTa5{KKkPjyHE>!HoI_^#
zZ=iwSVQ)0y!Jri;7Ov-Re)Zc1mM2Xwp^;@a=
z;w41kaEg`d;Yz#|Vab0mE)8FJk~q#9Dq?cTc^r!svh$8~k{RcWTTve^>DdD+Pp5|@
z(dDQwwL}LYN&UUEESfh=P%@JM0w#@(hWn`2l?-wD$(tWl_sGQ#j^)Sff5QYPV!47t
zw3IZ|?gSoc=T>fRUY0?^jj#`WPUhFCwPx-0F(s=f7!EBLlWff<<-dP5!`$Ck`y948
zbnlkr+z!Ro>7~;e${FFI+DBli_NsUho<|cM-G$
zN^c(JmHpqWh-6cK15Vqqh^@;1W<|ozzD>-@&mF&7)b-$4)$VS-W7`@f+$Z9{G_je({5uO090!c+3bn*dk@2tQupR{s`j3~kngIhVNhgAX$;t_~OSvNH}LXmZn)7ScmB}Z5(AcL(0CkSUPtBz-XvEJ3Q>01fv(?H0k1fmAo
zwrKlZ>BMutf?m5zc@`MQ6#?cOp_D_lgV-z0|5S;3RVARz&^l2QFIx)ak
zIx5-X#A6~OYpCB30*_Bf#^d)Rz!5Wu8D7#$-g_^?60m2#sPR2sB=CLT0oH+#b`kHd
zD|Kf+1>%|%1PM{FR^o)=N-MMCGx1z*@n=mm7?I<mFO~TZ>RGtS
z4nqn=h+^e~uG48`DA07XrRm^Ylrgbgy5KrYzIY#lZk|mgIft}f}SeQlEYzJr9#
zJ#^IYe%7Kkh8oL_XR6sWR;?dsJxSv~NK=X6?FA3_ta6CF$vkgV$AHi7HkZEEs#8L;
z(r2Gi5Ok(vx_ak~sU>n;M1w>v>3#TB+gS##-+%$w3Z}Bw(*;=a`KTo}u~NB{%hq_c
zqW#rgjcG`^>WAg*E8)b5MpEI@wd40fE{0=$2ZUo5wQFHBXV^?-C(q0;7dChI+cNFL
z0EzOUZ3v=GUoRQ&_Pp5+I>Z(g0AXJPq?9orPs6}cs)wC#2)kLz&``~Wd}M9%K-kqQFocn&|a
zKh3r_9n(eZy_(vJk-a@bZ2j}Vx_4$NV?Rmtt!NTr>HlC474nI$RShAO)1~}j&u~ZR*jnKqUB9xa2p3^XbeL$w_X=~3syI4(X(m7=
z%b+FYKrtXNMbpsEi}dKlWy+J$e6bcch&
zX;x+CTjtj(+;H0C5;h5HSLMmV%M@#0)~~@Qu5L&B=1)ea&vGghW8^dIRWmFe-w=mb;TrPqfT;&cE4t99)n}
zVz-|PMY{wYKhx2!rALQ9I;t>s2dzs-HDDR%UBBJwsBYeD{U9{5Tcz_Xz5wMum&>{U
zGGpjmgAsU*SYvct&K>}1+F5Onz~Fa7B#c5hG)SW-KF|xo#KMU
zR{tJm3q25ce2y1~+4d3VfVvxi3rG#>Dor_VDpW>}V&mTKpJ5u4(->$F;G3q3S0ywaX(>Aini|antu7FaY#?6D%zll{>{=)2L#Y6*lp*|VQ
zs+?Gs-*vg9Ial{bvu`dFW&}H3N<`mcXgZW>!3dotGrriHR-AXs)YZB*4K+#H;1S-f
z+B`VCXPfgZbp=-~$Q|o$^utz7!?Df`@q_A3UgZ{rr_*&Q*~ztle{em9UovVoB`-7-
z^fY>HD#)etQ;JxRNAXieiq)E>vmNeN_cwj-#4?|=ETF*oa8}p}O)kUyP$QN~yv6*m
z^<2l@<2>qHZ3WlvFtH`?RbI%wQ}kHfI69ANbNYtXN1tq3L^0v*b1A+qd2scm{np82
zgO!h8>l(EP&ABE-a@XfSI+3wq;60-FIJq&c@wj?y{Bwrk_uP~)_nn(?i-b>-xSNji
z7jxIhW&T7R2wQ`ns!F}*4D-MRzl(RPJ=fo=>MDzvG?9Q&y&~>eJP1*QuE7wNpdaBOh+XU?hlswck)HyGZb!EaJ_aW5?@%g0!NOCIhFzbF7B=BMtP~2G)4^wGLv2
z*1e+VI@5|s1NgR>Blu&eaokr?Du8+Eto!iaI!rxR6RJh!7e>JK-kGuxj1D1vvQ4(G
z%gAtQR8_O>&#QXvU#e4Q6ePO3uFhL9B*ULyB;qFwWQTndihfyHe65sc;1B<=ZL4^J
zZ`*QKG4(1%;8fe3Xwzc2CaH*Ti&@hfOoMjbc;6Kj@3tu$RGQAYv=I#Q-2>=QBTLhf*g%w1%~})@}niA8x69Y#hk&@c!q8NWmRf9
z#7m#5MEQ7cIJFea&xckG#%oFXB_^_;mI
z!g@{GEjkxM5*gx=NlBBDOaK<2SXVaTLOq!{VQrT0-Y~Aj>)-tGji0FJ$7A%9<)x))
z09boxgazXHi`C0~T5BgY#;f1#pGIo09k00OeQ7V7L^+-g45Uzdc@!V-4_T
zV0h9SXD}^$s9PT-i&LYn%2$I;BeBhFzr1B)1^P6a;DamOPnNdwpW2p-XFeFLFWP2l
z%2k~vZLjsaCqK3sMQ`Obx_0Am2cvZK+&}5d@=bep@GX9PI>uLbDcHBWCBx2qiJ%=z
z8NIq;Nx{vF4i7!3xiGV?YAIJU-8|@%4#3>x|M#6keP~lsXkf;JzD0v_DHCJ)Z}$H=
zD{f!ABZ>wc<;
zMDU|>hhocHe87~@!QJoVsfJ;HGL9OULfW@XmkNEt_C!~XWftjKH6fyAP`p?mJ3l?s
z+Zu0HRI5^pH;|O34yf7W|5*0L5%3jMOY;mHHiKbB
z$~YwZE#jZv@Z0n0ZB1gET{inT;8dxWNDH4eZeWaA%d}z&{ba!@R
z|Hrw1EH3#QZtBKkSL<7emvv$Tr4Blpa^&o|V>Z)O#kddX*0XpBGw${2_=p+jF&aJZ
zo>?KQ*=z*U^R&6fPo#Y;5wpm+Gu&WQK
z_*-ie=!D%#_AL3v_Y@at8gx_M!c;bhebpfe%@TcC>JLO@Ig
zPXsye+u%tHR8opV6oe}0%35PmES+RtvM6|M5fm`P37`jy>kH8TlAm9o4`)Sv&wKWe
zsPa3kg>J8dOZ(FrOh`DqQc%rd*A1)9Ar%wnM@n(9A}%sxrKOyMyYP&uUWYG)xpEDd
zm0uY^1#3euocPY&$eg;ZtzgMM72~&NrY^3Lqh|ALfAdF=e!e)fCRT&%vDaah6Gu?I
zcGlblfA*y3Tc|NrAkcNeW2!vk6`w16d`EwBgBmFVcW)U6r&QhhoX9497jWunon)CD
z7aiRi`(s(ge4aakM&U#s!1P-zu+qikf{X`83zBy?I4b?4FKwqh$KhkA-F9nwqXVkj
zozL>#n$3SK+D>0*vi+bXnR;81ET@CP+ou-7p7Z`gp5ZMwJx
zPZ#64Ge>S4J#w8U$Kc9KzsqqKpIlfR6wAj1)gUp=T7{!rERmX!HPo;C4TeE)x;*{d
z58^`3V)4;AKLTB3D03gx!mL@={bQ=kk%{Z^SSf7jv*;JT^lapMw@yy4OK{x{?t0R$
zdJp?`{}#(v_AD>s9_^Y@&X6s6WV(45<%jz9$ZQo++CEA;Ah+=fjM}al&Hs>uG)(
zdwIwynyaS9qg*=iItMpZSJi?im%8ZUIHcfCni_P-+l%m2BoBG=<~0t39@K#1`-FaU
zqvUt4E9)qg5Z$>GGo*5D8aWe*OG`8nh)0OI-tMT+5QDT2By`4;x%R?^J#wGfGoy*_
z(IQ2oD_IjxXHek4Gk5$aza)&J&I~r`==kJYPibDy0W
z0cE?7cfGS~!>yZ~iE3wA(3sjz$K;->gGn{C6u;VYlj#oi3yiFJvQN7Ls71jwaESNY-1fXlPKEe$Twz2~>eF+e-#{%Z
z(Ym#-Y+2pFP{|BSLhIC5gN}Ld+>W#uJK|u${*T`PEXN+PuU!ljFdQeJyzAIYXiU()
z75lxd2jgFJuXyt=iP-&4DngdUhg(PXk#4yjr+l|oYf=MDWMY#FdRgP*kz_*P>TTtR
zQ;Nn6RW43XDntuP=ckidaAsS3=7Ihp6L2l9mW4*2G
zT-fO7$WbN;(*%z84*HJ_m3ILb`HEYas?<%
z4e!oATD^rZ;RkkZ1?QPF9UCuInw_40?i$~Fq9D1rl}0cEl?PPKZM9VR2o%=J>lu5^
zlOemYG^k8AUI(%?v)4m06kFlNm|5SL1JB`6;=XA6`D@?0wChyHkM
zekAF%@~V53I?HQ5*LBx9JO_NHX=>5J2@2V*+X{#f9I|n^|F^3A3fLGI1d5*ko{dIW
zR|>en-$0&P5uClIujcFi0m98vf2kr
zrD14cki{Wi>?>>zD`nv7Uaz$?w$tqDN;IAcwIYH_>hG&7k3N2u&5VIHd$Z7h-GyeU
zC0dw*cP=83JPXd$RKmcWYO=Cr0na-NDyfH8!s^V}XiihE_m7yz&+s0v*GEv1#qM`M
zH?eUi?oY9XB;`~->Jsm*v8Y6X3T)8kow?LZF>L-Xkdf80e4{44p?X*Uag#oc!xtaPpe-GP>VyaMZ}5(BXX45-6OwCT~SZ;CiBMzFV+i
zwxRizlSf|abc5PQ-RvHB_*ocuTFh)C$0JK6kg^a
zZJN~S7cVw)?HlGfmEZQ>eI89n<>bJmy=5k7P|Rm09&)L!~}
zxNBm57?{xGh3tH1r`f3TC&1g*6wErxoAF6=qwv8~Q8koimwclx-@>1Vy!1VsKOq!u
z%U|l?_<$$eqVp4Ligv~g`NA{25w{yv%bP!1v|t0*E@HX6e(dm*a6UkRN=Ki(*D@i>
ziA?G5sFixT8fepjL6nuk0n?u9P@u#8hU!7j4U2Q{q6~be2k!N|S-l7U1naM;MMfMu
zK6l`X4~38dK-aidASBSHqSz=E(Ul-auamt`r9_lEi{F>@{xo#`ml}OD>2SAHV6<6x
zDkD!9(sm{^#@U;cg&Uben5*7eP&F(Pm@jUKhS^ign&q{-o)8R<$w{o}>!YMF
zF{C^nlzgmF&rg%uY7>SM+54cPCnq)b=p@I7M;n_*&9Im0W5m|^Rxacj_x>iUwY>7*34ddF3sDJf
zvLRCCjox(++4r$MKbaI9?fILo+K7sVQY)4A&)f@HY4MtS@y
zt7{ybnT6B%%8~m1d0QwkG?++Q?uA-}$-*cOliX|3Wl}4N#|A%K9_Ettv8W5oMD%b;
z2=P$h9qKu|_nlL7xzn&5Q3~P%Z`Vr!eP>`|yNQFGelGOYyyM(3WRDN?YaIp#{A*pY
z&h5W7{8z0*MZj8mM+~^Hh<{ovs3Ot`gclcSKnhxzo-KBcRvchbM3fBAr+i3%e|ibs
z*B}83M2*O*U(AGJPgb+Z*~f3YVdp|Vt6tYs6>7Ooa!u3xi%JbI>-2mGi6||q$v~e0
zEluiM$XAlhtoxeRuj@@+U$bIHCc~;@FT;dEf^4jvQ}fa01oEYr8b4=lVAHp<=am$TFC$MI4VWp
zr|S<)p#Rjw-~aKR7{t|7Q#$wtnNNsI=c|OUViCAR@;`%M_j1m^K+vh!y`CoOe~Z*S
zCh`YH?nZoQptXmm0eaV`2&)g{kMX0Jxu4>HykeFA4vPzyA1f^um`c!#kt3?2GZS?=
zhJ~yjz11~3jTeYL{rp(duOiztvO0a%&E_)?&cSnmdd-4y-QK#OKU#nr?~~Ej4)a9B
zfAp>BbXf1>#np6)RmPSHNvu~kJ_+_i!4_lo2<|Q$r8uYO3g;*P9F|>F6q9m$gR&@I@!$?k!N01Q--xMqr&kfS#9YHL
zC2P2wXTic9{xvS5L>8_NA5?t)egaOzZ5CN!8FwSjO5%edS|*d;haKlniHfn8p88bG
zTJ$dnEBFO?hlr(&VC#AE%aCq9LvFLAG1POt!=#x_M-RHrjVolUjd`CrQ*nnoe2Obbw6aln3mNDuC@EnDt9kME
z`wc!;y~%{iO;(C^O|ujBOBOyIFnX<7R^vr$LC@vR%A0D0u{d7v`n@&14evhxb|N%v
z?IU6Th-+K1xi2oXSvCTpGXF*hx}Fn@#&)j?fPcNh>qY-3I0iWa;nSAwA%LPdZ1JIk
z3d{zEedH01ZE56qnLXs^X2!pbPD2vFJ@ex@_Rc>53b@L`hquc5SEks1rv`Y}+9e%}kjw=7_`2-Lxy!OTn+1@(=A{|`tgkFf?71?n!FFW~C
z)PYO6`RPl~hx(+lB7~yXZifs;^Ix4r^2SG;-_IVWs2=bZ9!uI9c8=o65o3Kwaia$W
z*7OTj_r~Z*R%I;`sU?Y?eBHl#)FU&RPirmXz2?$~L_?!14Nv^|dZ8)|b-T&|#ze-X
z&2`jXtWM2Yo95Sb!?QUtMKXv0DkSm+0d?j@kXvG)tM|2o0W3OCqN9!X!9?J9iT^tz
z0dtBN0tRJM&Q_iorIG-FIzaFUWOQ}MF=+a>QhZ8yM@N==(#L5uGt`XRcIt?7=NXlX
z^!Kh)ncO_DH@I8IaF691R_^c?@QKE8={<_n-sKJ2&x?W53a$cJ8_qZ}M(-GC;%M@W
z8dI#-`!0sLZ3Zt|8O>UwU)O15M0Fo7I1&RHo(5Z9(?J^s!swIR(UAbhfk4Y_rrlQ
zrGHux0_dLq(iu%mk_s#zkS?(OZ!f0P29dul$NM~4rMO{1R-Y!FB=n@zWv~}Gnl-B3QTeqA=k}{4c*GsgW*E7)c%$#!c}P!dy&uj-K66b%(kwbD!Jc(!N~cfei!3COJRF|gIy0p%
z#crKQLxx0)YwxWgA-sQ=i@oA*`N+gIp#JXoYyh4_m=18jocL4Ra5V{8czs*v2R(42
z2#@N&tk5s8s)XPk=ADH4K&l1rj~CpDgQ=+CUbpCDOWPz?)0O!t5k*PJ6yePZO)hn7
z?3QNJC;#1Ex_L$9sN9t=L#>BXRrPpKxXe0^^^?hL4MV5wpId`}FX|4^N-(kkaf==*F$LMngYHj*wQ%m35xPuBc?~zh)7zuqTq8df
zmPCD9MU`FReAiS$NbqI|^XpCSM;HJT*qYx-2F$P&ssjr*5Lrh6CgYTmEQtE2fv6Gk
z@h%;%IWqA>{SIpvmg38?0}T(91~SBf2Pzp7s9ZI)UpxfyQsSfXjaMsPKJ{sV
zht=t%?XO^U@!D1z!JevY{mFjdb$$Ka;cOBi$mq^7xP~~4zWlptZn+!IdaBuDh1P4*
zq@p=a`ZmtbODAr2anN
zTWoq?!a|wtK{gu=|R)i)i{>Q2YlgW1F|01ZE_ACxj?Tz@vhol6E&+*AX>qypCIq~?mQwBX!cBm)}ZT@
znUEzoWU?7=V$W21An>9=cyk`qhal)}P#>1!L~Y)#T>498&&|iy_xQET{Ev_W{)icU
z3jcDV(wCv3;;^R@|DG^4!anS921v8-_K7H`%B^HY9W!c!EotSd{b@AqoNTO2SPo;)&ne1lFoVVw0s7T-h@MTQKCi3UUE
zYh3@Qk>IjZ+K{^Z>$x=ao(;~mes{3?DQEq9a?1_)YDgWvIEmu>IT2KPSmB_W9XyKU
zFpxvzVvoW21jcbfFL8v?bSKWPG3}L`FmW|H;g5sH9W<&->K4D{w-|9FY>{?A?8L9*
zlDLUsik!v3#cMuvd&+r7naaEDF^k}_9LsA)y5Vhz5(-AE&x83BT!*DAIckn!>0f@*6upDiyHyvXLE0h^GGT>Fu)RlY(|Y!=i0?&
zf!U@6KOwZJc`y)X)M3mwvIQ=Z%kksd!Z6!vX8Zp2Dw|Fs@oivRQ_8gy`>0Xmle{*6
zeq17e=^$k;j2OW-y(Byy4LLS{II_~}e8F&ZSJ01{u=^D~^;6T0@xX+>%bi}8i%F?+
zUW4P7$Bf#iJg=K+SJT1{nyz*irRASW0o~Tj!aXD17B~3I%Z|$sm}ZHz;p>J{K3SrN
ziN#JK9@ylbUYiO`P8;NaOJ@MhxH)Xk3amtyjtSsLCeH@FGJ)Iw!kt;@~O^D6^h7v<_}+lJj|x1F4Bc
z{V2?ltjFz2zKPcuJE)cOacuXozWk?nI2r%6@0{~hpgpBm6p#wNE5_9URs}8LZ@56W
z@%byMzmp}PsdnX3Bm0QGf)_uVv962Q_364=?uDDr$h{ePHiKq3mz9%v`KXi#m;;R#
z%NzHA2E4-l>_N8>b;0r4^o<<-&Fhg*jDy#9jX#@DIQc9zI6YV)^J}$E<=>a*vQC~S
z-U1e?$Y*Ak+#O~5tHNABrC1(y`QE{XvdEn>(VHLL`}~j>|14T1E$J(Yn*s2|Ill^Z
zEgrRP593bV1HMG;10o}@P9FH)M!2r3q}zwu)y#^p{pQ;lpPq&)E*_#ktFRh*80JAL
z>?#6jx@eHGaUSh`(;5;jd__vxr@63qQleda1Im3$>E`qb1IRG;G2IaW?$1@>1m*S%
z49o@k0F@((P=)f(*?9J|o`YF-teZ(IO$HDMDwl}s^e>T=g`%c*S#@iIHAjcmd6z2F
z({p>f{A+!0u*R$x8vcoOeY`q1<~!cK8TrqD!!L$0a*!`b4ZF}l?);|Rbsh0{#b_4-
zPm7au!S3^o?plNTJspHL!ZJYYwn1l^XTexQBTa^aHFUAE3>8Lk?kpi0{%N#+te83PIY#|am_j9Ab?GcB-ae<8s
zMcq$CZHF3^ErFesg}asIYf3H7PZ7%Lf#c=X$;CyNpnC3E;y1v8Ly=(>G!PGYlxB1q
zkhM0|>_2k>m4B2h;jme=6@ENWwu&2Ek#2oP(vrsUrA+G`t{paCSE-1X;cSr3+L;A3}p-S!6i{GZh;==pK2=P|woVQ_7gw;&T)vMb9
zsx~vgF&z?rmBxAT-bd?p-w^N=3{YhyZd@E{$M;wHHwSDpPCR6Y7LQg?Y-lDz5W0U(
z(iQ;;RdV{b;7ki7fR20z0+64zhTVkN9@MFjXs6=wcX%Iz;ohizx+XQc{2h?1H`ky1
zQ_v0Q5Q|U1{}_%?_Qt0ICkyZQHe=SnmA!GPGC$OBEWW>`EgId51#=_-{U2JeqQ&}f
zf`+Ai)dL`qoe~B4C4xmk;P)m`W^!FsbiAM7IYS72v&;{%vyE^oP09{0cqib!&g_zC
zwhpsjXXPq8_UUG~Fxonx&^A7LJ@BCOw8$UYzh$#k9WGo`>{r6T)p*->sraG6R!kCs
z?qf}J=Nbt0h^^jbN_IHt*-6f|b|3sO_+A{w2TYU#=aLyu(Real*-bx?D4#TKT|_sM
zwGBs$!=&nf6#VxUeg71E;DmW#eR~zd7XbjncaR>jFNAI_6O!+a>BS10Laufo1))7P
zT!O%>_gvljX!n)T%m3aq{@y)b5#pZqktLH30@E8&VlO@9%kzQxfxF?|9qBB7tC~1W
zYF`f-suyPvFr?i$ocygba}!EOkr9mqlbbz$;<5mUa^a7*j&5g6A~nn7lB>y`2GFdY
zsx@+AC$PNkD1EJ3GEoI~uVhq`)w-@Uy5>2J&N+dHED+Rg>7j5Y^q0J9sJ1Xz%|Ihy
z*XFehAarEVF0+V{Q>b~$FcG&0P&sz)_f$(P?Bmk&V%K*?J
zZKM61u2lU^JwU036*UIh5(VKs7J`A()3qs;l|I%Y?X9bFNsK&bQ=ulpe{uZ$T_o*7
z{@+8~S%U;UV7Pih%!7j1T?pnyh_Wb`!G%4<5P9Hs@w1opyo7L-BROPJfUNk{krAYV
z`_SR`!M=Oh2EHUZ{Niy7>I7>2o2cC?2gV|Rrf358;q?!McES&iHf
zyl7MEIMmaf6j${m0@hWcZ!h6RYDziw?t!=$-)~3HPxUbv4TN#8eIK-YDrfn1(twR7
z%anHuxZl~$5K2n>B~b|}Nod*sa=aBwW})f^Jir{#ZLP
zTPuOD+eu3Nz>z}BaPmhMgUwKjP5=<^jd$QD6iNnKZ03P40GN|fb?vv&St*>`DyxtC
z?0CR6xib|}t1pGvp3&Vt`yt;kNlP4a|9J2ctIlqnN0i1P^1*vh99;l>ty`Y^mP|zZb_RH)t5j;2(j=jQdVAVO?Wwr&?$k<
zK79LAvVkFUS;uUwn)M3otCbIDrKUP5)pc$g!T2Z&&q|=PMtlcWX0a^+_H~8aF3Z8ITjBOn;P9vMf(A;p5Gh>doeh5pWTLX#<@_@hzI}P
zds7iXn7y-yB=l}~UU~Y={9d<{@~e~c*%GhT?Muun%flukVX1^9$+u?IBHFw#u5GI^
ze@$~D@r~(1zlSuQ;iOP9$EB+YJY|sZ6UL`N&o$8`re)JB4pxw+73e;M5U2
zYcl)nx<5@qp|Oj;eBANs5TwzTEU8y~(GAC7^xSj}DAv1&qqz#g55q;+J@s=fXggpA
zEPnb84)WA|#mlXhyJEwySe5NJXL!#R4_o>)%lPr3#9o3Q=wwr;KG5D%%Gu|19wHyF
zLLFIT(JT`g@x+w?n|~O%&fB+L!vC|y`-h0yD$pi;ycDAID6+jk0+VZ*OZFWN;?a|@{Rq-ro
zA>nI%OW?AqjPU*
z;fsf5b9FD)-4Wa3`0%7Y-UhFoC%o*BlRe@MSZpHkb{POhrMG$tgr>?JN2g!md0xNW
z?A}*c+e28idasZwSyNAwTS-l6!!*1lVzq%;pu&66D1U1Nr2eea@Xt9OEoM>3dQBdL
zwKFrrJ4d6tt?z-@^O=tK;`X|$%c(|~r7e~lUJhEbc|Ca5ilm1aV55l|yUoQY9oKfh
zl)ZerJNFDfL2e&8CYd`a^b8o>M17I>YtlK{F{Y0L}(!-FJgT
zSx85ab5uSpU%%!eiaXUgx%cWf8z;8(aI%_=ciT%;R5gf*FdK2(h*nR}XRAX(qf~mv
zGUXMmrs}2at!EaZ_s#v&D9K44c`?skxt3AX07QjDor(FPQLb>RspE_N-zc0%@Pe|S
zVQ3bXB}d5THb7?*e2N{UcWE(_l6s30&kYm3E#e@j%c>EJAk}}*fP?;TrR}a2W)jeMMD@FV&t;lva3E2t8!(rZz1c63~3>8J9_%9;^Z_A}~L8%JR@s(roIdnai83$>H=Gc^lOhszzy
zjiwLDYL%+Aj613w-r9DGG^+DU?nL%)nMbB?l~!j0QS7cB?Ar01E>^gDiCBJ8kanB!
zPy-WDpU2pDPq5I?@czgSry4h?Qp%OhlxP$!m^xcUTau;=0TVh3d1!sES;PC#mDvJjjqeX^B
z*$mW;?t4}z#T{;d9`ZoAJE{Mu;LBRiAl^;0$NU}Dz`)C~yr!@@){HVsd5DpnLo>79
z`!D$Tf8BfaOE3_gy2$R@g5Cq`pCS-@r2Y`Q;=b=c)poKBMue7!4x)6rzILMug!q5(
z(XO?jrlm#UwVmaqxg>3`vv%z4)_|4YE4*B5Uhp(4GL%Z_@UM1AI&k~q+;FGiDpp(Z
z$`#Ws(LWERzg_L<{{3oP0Ov>Em)$E$t<0@vttVMZJe9e!rrk;==8{3r^N_`3BYmjI
zP-Cf8@6d>g5xfhziF}{zETJ-1h}pC{bBhCm;PUFWmyCOS>eB4be-4`TJefXo_8tiL
z$)_&8iLcWyv|7g}8VLLR*(f246Z<=g>f=v4_=v7yi!iqkZ{zmluQW<3h*4nN&9C^8-!(5mJUu
z{pYc{j32Ev&{{Q<8Yx^On2>lKB`WxVU%#s4=Z`uh9yJNd;^s~>!!0o2tVsHGcD~pY
zk0i8ftg>jOqWTM;<*)6`H2NjOOg@V*cPHgTxh+*-5O{&jOoM8Tm1feHHdc*$baegc
zLhj}VEAW@|?~xvPUp9#~5Lxm&EM<~%TPXS8z*?JenR{ELR!q8N^;X-$g4y%?fYc47
z>AATK8ru7<;u90x)La5jaTmp|p;k##36|XH=#(k0OlJ2|eKBgpb4YwU0P>38a>SI1
zg5T@O|6%N{qpIAZ?qNYtLJ2_-lvF^v4j|ni-CYWD=#Z4|kW}eINjC_GZln}AbV?~m
zr*!k%$Lo#veZN1xF}Qbly$m?dv)5j0&bj8=dyW!5*Iiwf+34oL%M~*Dg1vm~Jr)9&
zTqrZebVG+p<#P*$BqH_sp;3WMb2F>Z)8hjRQd9cFFiE4Tz-9cH64=`{al)j;UJP#31q`NBik-r=$TskSE+MYnji);UD8EILPFdeMA3{oGnpL%713
zrb(TCl79KY9aPF2f4-_QM9hhX{RSg8(9uL%tuRH*kG_pIcrMB~b`7_~yA?K;vF~J)
zrnVc9hZqtA6;6Ix+qzV3JX*~E!dfvgK1D()rj!Bx6pHe9_<=Z74s88#U&V=^eF&0(
z3>^#vE`?C`Y=i4arNxMOcNCds&I_X3X~I4%JsB_CgCW+FY?d>%?BxQ*nkH*}LPBXm
z=bN10nrGcj`Si*itnV|Ze{|blR>_izyrYp4XW3Wbv^MN?dFI?s$`r^rO9^3AAl&!6
zfnn|^;yJ^Dg=@90{PZ#;DkC(*O@wp{>@m%Ja?a!t5#<@u6Os{*M+|9O$TnLO-bsf@|v7m%o431ysl?M9LwOt+|nL)
z*QmrZeO@s^@E>I*8hD^vSsU_3!+1Q$SU5_VyiQIm!scpc#ln``_VXe$=YG6&SrNVc
zZw|1J1$&-~7XuNM_9Wsa3f`a~3I?KHDT9UEcfBtv50e_cxM>~vsys=r1?pzaa-&>_
z>?-m8znlLN)pzSSC`}Nw6xuhISZDm&_|{h#BQY_H{-knetzs%4;iE_Lr~4~(Mn*;p
zSRMM9r{CKGDqVLBWo2bE&yRPKm1F7Ef;Ee^MX9K$g0Ez&udmLd>s_{FAM)h-9P;>d
zy85A_-?^V@d9bEd@3v2Sxj!IW>2vLUcD~bcH}hAPbhP}-rpu%0
zN~bl|o|x{V`BBy5HZe}lT9+--Kxo0>pi%-_g&9Hu-BGuh=GX4^Ox{EKg|T7hIvunv
z4%8@3i{%?xnI`m42`W{iQVDCUEhgWxx-<(_5p=E#+IeaVTGJ*dT=2r
zyO?|y0_1TPp=emb_5jP?UGm>s!R6EgD*~VX;^Z#1-%B!=Y
zB!5LQSA(ta@bYc3+aSrm%k>k_caSL?JwvB|P1FcPK{WM^jH#^Qf+@rkiAsVF&3f;f
z3lxwIG)j(!Wv4Ir$?3BV(gUj7b+l~7sQ;z{N=n(*Mp;f*ELe@yJ?5OiWjdv_!H=Q=
zPdPY-D_P{4JoO|b(7F(>N`|j3iDo(w`RlWvSr&w&<1h{@!?I&M#9lJ#pXy&ZDg?&(l4b
zyWN(;7zoA39cZMqFJcoB!m-J*BAnU#bcKSD9RV7`{}Yjmlp#+ueZ-h6vJgNr$dYuq%X
z6E@g~(s6Ndm#c)rIMj4>^f`>r^{u4-`IWX5t5%tHJ^1cr{*c2hF*RwacV%U`B^S<|
zP4mZ`;dRZV{Gqpwx2+v_(r6*w+fjK?vSCL3hde$n_8pAzXC{xxghZ*B8?-;YXMn(;
zG+Av?7b2})=y1Z>6_I4tRz$sm>g-8)tAI9EZ=ZB
za5?(3NyxuWXlr83KJ_EWguZ`$`Ranqhy7L7C5`k^t4vk#6hM6tI
zvNB=Q@QRy?qt`6ABlKN`H{rcl1=UWd;f}?y22FhDqkrlI_yY&#GqoHY%#0*P1|I9l
zcQ}upy$BU>T<(LI_7IZtIpx1%*S7BMO<>J4Y;wn!YnrL8*avk#|M`1r4ou7j;WxX!
zmJ_84d5WnVGi?ipzZSa-B;MY`8R#7=sQbXFWxcG~$Lje)?)L%Yc(FH-u&
zy7_)6f>g2emUwvdwB(PM3S?n-G+<<(gGD9KfXzP2PgRVQfL^bLndXThe(TF}hga9z
z9Tm&M#AU;~GLB4V4{qnvK=v60I~|h7
zxlgHjnr+_{T9@D|jLmDh9j!9|-Y8Va_xXKTWPscWF+PH3UfBJG671Q9NgJPI%XN|v
z$z{$DZu04Rx0?(U>S1BTjAF+W0@;u0`iB?dT6BNL=6J^M5B-C|L`0ZT@nAu(s31ko
z!)&Y=zP`(#K#zNdIZ;p+a>~h3NkA=9^oPQWxR0%%=aS=CFgg)}{Mi3>HtAD7h}f5Ip6lfMavx^H?6B4<6;PQ{Zb}GSLVL6Sle;H<;^>^#
zVOboR8~=Q<(cQ?lGJ4G`Als7uTtaduSI
zj%73Y<5f3VtPW^rz6tfeKjxj(i|$w%|0tB3U24_e8MtrrGeTU~N8fs%t;GhePMz4VB=6`d?2Tsr#%
zJ3cLFxo0UL|K+Ui!PYRB=JCbr373Pzj+e2#@UoB5iGu>p>S&QE90Tk6Wn%@38{UaB
z01#L8P7;8DAFFGXptF~nj9L#fLJe*L*0Sruyw*CT=CmO1uhFdHNH=(Ur@FFs9v=+o
zJJlp>JN@(aZ=fV0QLNPk#g*8@rjfAZZ3S2~m`N$7r)sI`k(bydqzBME`U
zcEnp8bkh4|a#R^_w)&~w81i9=!B?Jm&;KAG9Igm|AwJ7jnM(uj!m>qD51Y{0$F*Df
zGiB=4PMB>r1<@2EDLdYoN_1Y#SOwDE+z`8-JaxWoE`#fx+>g;J=8BCeuWIKf9aefo
zT?ZOZa^sbxd}NrQq|^RuS@{#UUpmp8^2O!T#6FAMPr7}tfj=!cB3V*eDXl8$OEoj8
z>NF4d2V9~cA~b#9GQ4?o##orb**k>D`!uN+r?-UPwLm0?*8k8_qv*NM<<-r@M;v~c
zkm^GPa}|uWD7>>d8KDG$wWYi_`e8
z%`^4;97#T5HmvKXrWWcY2=S3GfsN-mWY}SE`xIFSo_S4KkJxN*?_}3Bw498SnLHfb
z@FE>vxoLSklt)B?^;9+gM#%+~gR4MGI<})+ZDs8|eSBzq_Ixw#(sj;SzWv;Vim2?r
ziP8p{C<8&F^jcsO28j}iOqAA^P81IcIm7ebNiH+BE!iyd2vNmRn`|pzoT|^J-&Fc`
zqXVkcLwocO2>R%XTEj{^{9{SQ-)6FCcr$;{^Kf0GP&Ef@w%IFrZ)HG9I_goz2O2p`
z@*ii18wCo<+`-R04pv3OiCM>;`tV>}spM#8K_YGXLh6)x2Q|bI1IKQBx=j#hVO_T-#7t`js$`JcUOw=w~`!
z>t}W=r6~th_#rXip5xxMU@Y3%(?j-4$6sMo{SSF|l#e#O)hm@n8C0JN$FY!z@K%_q
zIq=pDbe><%Uu8KRerr)L*S83$O{S597QNOXfMMVNBCV93J9PD!?#`w^s+@8p!;)ZB
z0vyxi<@HQZZ!l*(mmHCMfdd?
z3vS5lJLEmA*?y3{d2Kt#eIej;m9qD3{R3eLRwwh_01A
z>Z95m#U+ZH7T!Z6w0dL|rW@*b=S
zBVfAPQpwy!?}he*f5A2(EvOtAgktc|x9^Mqu(cWj9_jL@tlfKB0JZ}+x5VJgNhH+p
zImP4fH(PHJ0B8@zz|9WocqQ)sTa@`IDQjfmkHt8(OiT6aIA~~SR9?KGB;$99a9HZe
zxydInU1OI=t6=Ck=Cs%qX)#@G1B-en2G1P{_#XPyV_aUH&5X9)C#U*Pof_TFyxbH#
zhESlDPtnhib3Oa5l5E8`(Sh4HBm0VOgY3F~V6ty02E-u`g1Z@0O&8^S{{Y1eqzX_G
ze}$F3;Sd;yeABHoU|AZ_;1kUL>wTYNr#~b$u+*}gals8;&7B%w>e;b~TaLdr#{c(c
zuwZ;C7~TvWyjYADR$b{&y~`AgLndqFeVW5kYya;0@|YqHa6(m8)u*o8GY7}>J`c04
zOSmx*x`;aq4hdhZ70Hb``!n@X!CgfO56<|JAN27k+buM3{Ve#%`{@6lA31n%vmPFT
z{KOC`@NHf97N~xFR6V!<@!U
zj^0N8LCOFx`^NwM`R6=#hJcXu6hK?2-S47>nkBIKYCE2I(STb+n^W++mkb((66NLP
zgm`!_TvPb@M9f`oI~QAo`|7`+(wJ{XD<@ge#PM_Eq#d3iAy~S@ejphKo%+(~0>Y$B
zL6Cb}68UC%rto01y%a?Of1~xg5i
zAk)^?=Cs^LGW)9zkmsP_U{x_Of2tz^x4j32@~*3cetXM^qJm41Io0_Z`5u&n^)1Wz
zO>T~LtB)_Y|ApRkOllp~otT0Gx!(!m+-wX7A9|;U$7Lh+_e1Uc|9&W(Le4z8Az+V|
zZD(~8$t_2>LhHz0rZXEDgvWaL-uic=P<}*3DQ7^4?vHC1KhZLWlGFmO=ybeo;C{YU
zW3lzEib106DmH<|Ad_d_GbV~c*j6{9bJ=y?YhqWe+*p#qu<@B`Z@j|g3+rNl@k&n0
zpW&}bzT#FQ>VQ5n@<3ZybWwSut>!Vyv@QL6nH-SIB+t*iWs272Q}vETUy)<$8=V?0
zjNk3q(wFVI72LTG!2qxig8N+1r@gXX8>|oJ*40q93jLF#8Uw-4c$o?28o#!6bA!KT
z0%^UgK>5RsLQZT8PCUd(Icsm91NgV3g&+&Uw`FT!HPHHK|s4);MZ4r_Z7^@nuxaY$j8*>i4e!N7|
zA4H4?u8?MZUXff4uEtULUe5G)diXm;-#h^1@pGV<`O&AFQCnc^JV%0PKE{JerB;1&
z7K0X)U(q$(EwCzdy=bN9Ii>q$8|1gK8>mEC3t2}o_u%#EUYG@h>APQ?e2@ir$6)b~%d^o&H^)Nd4Aj%}a{}x^O9(iMPPsFs
z8skkE0MpW-791O+Dd&)^h#~pb7U1I4_{*bIVEc6mb6;bBVNKOlt8E?oAJGeXjsd88K}HDE%#gJ
zD+o!lu5lOn_8z4#K|>K~uDltt@RcQXY<~a2;vgo)jTEpGV_^BysF2!axMY>X92>wm4an{Os0At_M&PMRLa$So}`J(4LIZhpKydjOPB
zwT?Q+mE86aTs39ocOwlz=z@sJzXi>G=;M`tyhH
z$b^i&kCQRQUv_ho6ivi8loGP|;He}fRc7joLa8h%My@KBm0v|VdU&p{`V3&ij?#`E
zuYcZEsN(rSZ@fP&B>D8omw`ZRG59yS+x!2NsW<#6ju}aAuZoA6w9K0wmavdC3l#O$
zlA5_pAo$G|;X4NXRt{(C9M?vagtfM4f^|GyQov
z@vpTkN7naU3V!vj(H-AJCE#dh-tJv8nGGI{j3(qY38u)acvteD%}70++^FP8Dh^r#l}djtYCdi@
zhsX7w4gWi%nnxnbgcLx(TY=Q%AY>Bo!7_7_U=eJ?6S*mYPs?Q5FdKlFipfxJtM9h!o
zFax0>LoX@cXWWCQg!TQxEU4V^ETnCb`AUWvcg}~>0d;*PQ^y4^o8*m8e2XE*sfhBQ
z-~LzG@V$o&M0zoE%?0(BIN&J_fNERZTWP_v8W`&0pGX=>T2lAGfaD#}$}LW4w1Qta
zGuPRvT2h-+2izei@sQ?JtyO2C%S#}1Qjk;3%#+c|!I2jJcY`6NguWmsxot5Ld^W!M
zWqh{Vj(b-HaFm$l^KJeld^eZlFJGRAg@&?OSAad&aqUtmYVH!7;u`HJ@hU1}Xx>py
z%T#CE>K0JW;z*Vz02f$Fa^Hvmv&dZglRW?XiJr=VID1DI2sIrbh9Y|__+Sh2$;L~G
zH&wm9|0}wD>939%7io#r=bn4|X`m)>Gk3+M*Y~$Uz
zA)y4*V;-yVh-&Mpgo6ZW>b^aLP{W}BiJ?1}oR88B>j3>fDe#>PXe&4#eP{S7{6c_NH6tlud#s3(_u4H6PvMUHF#9?;2$}Rw&7|129aC
z%jTpgIB>VZy^ZnNJ}6@Jc5{t{4<6)yFJ4odt$iH;bXQ4Sa)FPu3b4WP52m7
z5cFat-N$_Qds`(E<_u+`+f05E%}5Fw*}br9x#Sk~IErxpOIC4tLk8LbS^KMgcu7@p
zhIM6}BG%)YR~?zJvt=Ehn~R5qMGajo<7LQ!Cv(AsGNGc9i+{fe>V>#}e@of-g4`_e=xNWg@wO1iI_Obi_}>YOfbbqLSR)beqHd()~<0@c^~<`3fn>loO2
zE9VAhXd>iH8!DCXu`p!^(6!9KK)CsT19u(2_LB!ONHC@#p&!yIIpm9R4*WX#WddO0
zU7NYaDK^t8%dw~2-0@+A_}&jg;QR}+-9S9ZiWWKx^$!RjOJiYYf4@FnA}1pw1NyVH
z0TF^0A3lNGe`CxZXqOoZo`KHm-I`+kx(|FVo2$E(psY!)yuXS42ToZJ3^YA9sl4>l
zQj#SMN6egY^**-H!=(_;3sF)o*SW_;>?#%qCBAvwx&(Cn7pmnnHFzgG%Qox$d)Px&
zr#q*pr+dnNo^A!;U+Q^MrtQ&2o%O?JXq}MvUZ6W}x|r}q;~Z^$
zc6)LG5S}a-#||%;;7X|t9hD(Gq#>%&Q8t^~7X7Y_7JUbHYlb~Hi@YY7V2V4ZE!wQnK=TOITUbV9Yx7_$m<(PNN6$ae$qITt}kC0%wT
znBwOW!pQT?89ik%X|hM=MLf&D09AL+5099>z87_>juYsm30*m~;38yo)z#bovfCc~
zS}*qZIIPhe3aiC~eFQXgbZRlQ3abDu1-k)JQL*LfjIrrruQv?M8xVK#I1{2kxp*d-
zhdj2~z%j!oz@w$)z0-93l#6SOl1o}bVvyL#Q8r
zEDfa3|9AtuG!gw-x5QqJYw<0GAsYEhzj;2UX&O#ycG*lC0=Ua;c}%0he{hpwSX&ww
z?N(%}jGoIC4aVUF4d>HZdHRMQj!O$b$(`OxC~u#nYBGPmgR5^?&XsLSTz~!jJ$>wj
zo8w5D^Kf$kx)|IvtmX72*Wp7hgj4rQfN
z;exMnKKI!C@Jw5+J2AZ_Bll3;8s`;ez2<(u3*AK6;04e;(Z?+$C$1YT!cM#1+63b^
z|L%4A&Vkh+f`XyNIVH%#ZP4RP1j!ExTkw;x5s^}nN0u!5NlAWt-e#-kb|97L|;7zhiYQL{NEv&-PGUsOT0UEITVkFP%PRlj-Oo!3=
zw-z5CQf})+QG1u{OQ2*S**EOjYwGgR-V%`Q4tiNzlmTpitOo1y1S$o@{=0~HkcBPM
z$N~&-!;EE(3%iX>&y~`JQoEullt3TtmX7;uz4K_jvsK8-PjCuK>gT+Tw*MexaY<-F
zw*CmNG2H4|Q59Apq)2j{e>rGylgzD)B?sU9PX}W4kE_Uk7V{CXk*JoAK02Ph*OM|e
zu}v!L{DttvsbBw!*0CIn99YCgV(66USI4-Wc2kr8Mrk0FG*6Tm=M
zL7y^Dx0f*xI!$+Va4J!#eQf}md}9p5R|+b@6HL}s+W}qEB~ggQDr$(&^@!c5qrJPv
z`Ae^c!GodnH;e5kN5E+G-4B@&V;C;uRB;9FOx^?A$CUu!+}TrC=<)w7I-F|j-qz6T
z8+**ltdr6?KN9q-S-o$ntWPx6Gd(3{$p&|c$(wsS9NiI=t6LG{)5iL@?leaKZ8@s^
zwJa>HMoY0`bgR+lTF80p+Zg4ehYwps$Khs5>(e!?NEH(3Tvq!EoN0>-o#B=CKg7?45L=ud>LWSWmLMpQFtpuhj*CKXI6ga
z__7c3QsVds;<{(QM6}zQl+890Gw8{>gtA0G-%72fCM~JFIG8~1ada?&Ua0xh>O`3f
z_RMdtJ#X;y(oilxxNuo&OSj3ESgWa8a1FFp(Jt$&?IaE6tt8R0e{#)|s~0|7>M7{s
zF`T;FBO8*ZG?FiN$%bs|tiJ~BRE8g{OocyJFCP3(UE4?nJP~DO{;R#KRJjlmAU{Kz
z4gCKT~Kt
z>_2^+8)&1CU$8)U^y*-q9A=utDUE}UG@T>|LR>>Z83#T54TZN|yT8&Q2G8=vD@*U?e~e#wQP
z!D0+419{ZZ(Ze9uFHQ^jcwEeZocm2sDzfv+p)wK4k^U~t7vDU{U5_{zHG{i%$%
z@2-y}sj5+^?X~cjgU%tcHM)AsKxd3t49;N|k)EJoHLUV(#PM~D>eMhztWN7qv-dsn
zN@Dx-bOS?jWv+y;!k5(J)rYbPYCm|U%8puEkm3<)rzq}3#j7_N7Ki#sBGFbG%EJKJXTY#o$5DZc}D95xd6i2ANb{8n5xQ0XUf*XmDn4^>|JPF3+}`p(Th=$
zyt2bUsD90$_?I6&Q~YBY?Sc3Wi*YLT#f57D3)o_JG>^Kz_r*zhv2Ps~r`&)(^J%K<
zT=}_1eg!S@TAzbMnPJoF!P-bHjN#JGeNmlB1iss+k-gHFl%;*&A}u{=8MMeBqW!|U
z&w#X?rp%Uho)p!j4_%I~gbjpa=HS0$8LvF*&J{>$o}HD_XK8l%vv1m-)&m83UJ3;u&jfag>RDZS=^DUd)TD?@k)sM=
z-W`oJY~n9UIu*~ZQO@7R8{DC=Wv?dS*Lq0Km;-4_xocKRx7^yYc(N1wbA#up2e>!rj@@heBumh$PGnz!m#pXmL1>d-viqv<2e}t4{}m1J0XfTVp_0`S2*1@OH&Cj6b+i@BzVs9
z_xb&&<1a2AD!`hw?WZFKZh!E3FLuz`ND(UeCBo*QH4Wlo&x-xy*G!PyEg}*cLjuks`}N(BhHryG_SAToQEHmV2Bj3mCz(xv0?cU5>?beZ}m^V&uU
zn_$~bd}ux?7LH6hVlKH7jNi@?V4Iz-mK4|J@L*aRNS3~88$StkxA7QGKaWbx6sR>t
zA1l^vvmBkcYLdyY3EVU+HB9nO6OPlos!x(qI`48qkkZiu7glaW#7Eb8OJkT;_(aU8
zx{N7Q!JJ&U68A3Y`TY`IipS5)5TuP_j&!(rSf)3b#p-~gTbtSo77wj2)9rLP*!WO(
zCz=Ep%&^D_j0y?mFKT}oTK&QeD+#>{5W03~wkQRraP(-qF8+?vg3IJg`3Zm0=xHXl
z?#&sw4HK84vSb&G2c~H4(N(&bB+8>?1
zHvd}u+TW4kP~KiRJ_}o2R(SEze9+0^t)#KWRH5{zCzL4jtVff~T|R9G1Nj!0cteBQ
z@6z`U@97>UAKI~64CS*l8J6Kl9;{N5CN~M%O~a!N?XJrUrupr-b5}c!bnlGpO(~zb
zbJ$+BwM$nzjqN~|Hg-y`nio?XaQH%+WPk_A7MEum39<=*>Ls=d`h8A#$WD>(Ig%6k
z;2b~Fq>u|qIXhQ5Zkop}k9^&0P8Hemdf`2RG@9zp
zS(c1@4Zb=1v2uVLQ?4Jc!m#A5gV&otN1Q5CYmOgW)l-qzZ}1VPNm@6wZ<%1%y>~?+
zlN-^=*t~+oXlZ!~3tuOA49uaTQRwv%HhZDXko6dH|LI&Gc!W^u6T)=5I~(Hr@x}Mz
zu-w?NYkHfBG$o7U|n<@9ey_6)vR|VmKoUSXU0WlMMXJjl~?hs}XD9_LYu`G;I^itsNU-
zxx#U#uHf$U>v_JAqmSbs|FW#FnZ*b{`1BeabO0+$eZ%`!Hl&hhMj!BX(xcbJmh&Eg
zW6FquGNLj%`jjO$0s`2%i%0Yc-*n@mPiF5gw@Z^wee9w4jD*Cc46!kc3AmZtV3g(4
zTgT#H78k+SD|PeN^63%PvC27Y&-ogY!tT?XuNHPK9`&I!ntwUbQ59o9DDR5c@mRdP
zA}U@{AXmgsSE%8;1|DlQz~7&g*=>G_OR5utm;W-M5~dB~Di51fCDw>Z3*q!KcZzbJ8LBeAGV-<&WwK9(Szt9uw_XhPazrm~EC}2+RG1-m{+v
z2VoBdh{WLf{;RnElKVZ(S~>H03VNwpe*ieNlxh9HY?Ai78+GEBpGx&`HreUz|I&II
zui+A*GE`1@Z+*55yC-;A^d?YGq&N^ubkZ))*B9h|_C5C_0>p#H-ftlqJm)0Dmn8Oc
zt9>n4S(>j;qBJ`0WtG>dnQsr8WlP>yrU``3P5;4!xnA|)xcblYji^;s>;^)oGs^5d
zCMG1;--eh~<6rBf*EHbbtKXb&hN5s`mDo6Xv1jPWwgQTr)A7n%P=@4jNK)b;lj+@U
zM_{28m9%F^QCrt%7xpnx8Pa0T(6N*!IZqO{1wA`AmeMCJJJF^@6uzL@x7GP&Vm;^P
z!>2_NcH;{@jh%%&#Gb25;{{u>tV*^+OR?Z4^zFBKxm)MoreWW`r304(e9|+&F$=LF
z+M|gtYN^IYPf|-qk!fh*l9PD(aTPEL%3@uLvh*kCETb7t+cPap
zL?e&w@>s!XHIHYS@ulgeHH(uhxX|f*Td+`h#~|Etn6vwCu4vO7
z5A#c4zb_)x!eS9Oy(y=BWbIu^cg1#Dw-YLPq2I~v(36)t-N|4iH(NOhl$9ZbUDW^Ypcp|3C?y>n$eyM2nKr%?*3bp1Zxft8Mcg5hqbw7iPx{cKQz8HOD
zEZ#SxY
z{cQZc7-t!;%dT{6{80p-bVT*La-B~mLo6m9XAp(m9q!p%Ltr8Tt)@I*7jB6j?gj1N
zWUNKR4_<6eaRv|`AAfa(Y!?OHYF^&@9)I88IpTxXfTB%->q$e$aIxDWmld~<5v4sm
z)OAh7J!lc=B@Yu{S?kC)8M9BsgnKaC_Qui^oSvOw*qX^S+iq+Vc_oh)iCYm5d=#j2
z9IpJ50|8VcTxg(dyT+pp1R{6K+_<-Jz?^s1``M_a=>XI@E0?UKZ=|dtWm45D4r+81O~l5Aw4nMapy41
zsz&Rx%Z>UN&DSEXPjiy>GKPsEZ$GX7f<&RsR5q#F%v<4g=Xbzf(58LB{N3eIJ5!s@
z@c!_~=P+54=}_wj!*@DOZUvs?O-f+lcU2&WHGQ%u?X$BA!8
z9|JoW{a?eoaC7}Aa(te(kJo+g{?1WWN%V8Dv8QqJ&3?CSLA1qk^t6C0Fx@iu4|ZNY
z%zq`K(l+cV6<;zZ60^dTi=>kkIdYRt%aLS#Ex&vv_uI>b@1OYbn-QZ7Az{z8oC|l4j}e$ez9`DlSFfYW{XA{M~l0!UOGSzB&$0
zE%W|KBuul6qp!Oku}LQ4+S}K45*rVz0*7IwPtMf>*W&+jIYhTc(Z}40$r6LRM;vl+
z20{-xXe6P*Uy8|nlwe6lJKx94bjXvZ{YQ%p#~BHG89es#SGBP);|vv)j!++b)B#+N
zE16WsFR53FAowtYJwOPe{*t>)tZ#uq&S3d|BJse*3}x%<4Q~5K%m#-Il(&ei5a`tG
zFLjFx%f6w~YOxBPujuama-*8x)0)`Vnl!UkWk9Q0=Xl56v5g1BPDMh50i-3
ziNUes=p0zoo|JRj_1#;Nxz>~^KmF!JCJ(?k<~GOjJh+@
z*hfLQzY6bZIPHt0Gs*}ed8O;t+v(G)tTh$+0)3gR*e&BQ?K{SCsfcdI%UZ;~qqDnk3sWrc
z>lXdmyUpY&7l^UFVp;2Xi<6r@W9s6#HDyP0xOJfAUIb@Zu-(S%cP;3?KExz?=`1_L
zHAWGYToMODX5=G%-FrK1-ZKMl5T^REK`vI*6;-Y0kuWKyZPMu;yF6up980#+H@CrIc=5dyGYB~U22)m4cIo<=TM4zv-h
zo~L_rqJ*aG(I0LdrTv)Kw;4Sd+wQ`-&CSZ=dFj!0bn=yeL4C;?`}H9}HK_PnHYkq2
zq4)t^?%?)}LWbx4p!<$Gq|Gi);fTNnIrF*N3#)~&Qsb@phc$QNszFCeMC(K8NKVlN
z+UFcMXWg`R!yq-YpTYou$rG7nq;&2@Y+YQBl*;&QhgZdwVOUDHNdD+0psnD_y<~^wFD$K(kKR-{kJWT&wAbknupQfK
z%TjR_VJt6TtuMCdKCQLcd}j#RzP{GB0&|f4LbhfR(G;wjmqg-BF-A>CtVoTi;aFAP
zppSy*r2gjyrwIVQ6RfF{C9p9b=f$uiX5r^Pn@jvB0qhqjBp#7DqofM+d0BJ=uzHwQ
zdo@qUFK-Z4g)MV3cmb~!<0q%9&5;Aw7Wo1@=5qB%6kzzh9WvACUpv_-d#$LoXZ_Sm
z@RA&!tm~@xu{_~#F96vqKR@Bsp^X67e4PNTI~0oV7~k{5SdsIr_GzFHQi)?A`qSzA
zK%9J30|~?#_KYXk%W9Effx_f3hZYY{X@8#vEHZMwc#F^IgiAwq@BLnG+UQ{=E$73<
zqftRv_$nB(%Yj1vD-9hYD}8jy95i^a*t2W%YoD%He}Mqz8fQhvOqqpYd(Fu!>lZZr
zgX0@FnUJ_Km&xy>)_{U5;n3o?WN#6l<5#Qp8(#e7~}ow4^|sa`Y7iBYM1O6_zAs=1IE=+y&Om%GV6pJ;5aRoqJyaNAUWZ0QbH
zl+jHZc=z_V*p%6~45XQ|Yir
zC0#KCacUA0%&6>0W2vXGHoqpDb~mRi4`_&ATBNX(1x{X9cx^zD&3(&VOJ<$ugo+PA
z{UDKqA!lSeFfw%Bn*_-K3H$)ru^@*p&m~ep^!AR6=r0Z$zS)T}Xr$_FJxdiVkd;MP
zYW2m}Pvm%oDL+>}OCHCA<$MtTkMqbrr8Q`_A=C$USsUhQ?de>&$oL}L5E(o|YSn?z
z65$o~wBRk0lDB=!S*?f1I9Ov;p3W%GoeKryXi>iur$TlJ_=x8C~m=RG}2ppS9$pCHH
zSG+@$5%-;QSXgNx37~Z49e;@#KXedeCzehE0W>b5Q<{j-_{dq!Dzu@Lezaj(De2#o*h)qJEKuOWvTh=gji=euG+xDwu0^ej@9krz|++TR4{T@RtZv
zaMzamNL203+=ipe@(7^9=~&isQ|z27T2XvvH}YjXODH3z&G)op4Bcra6=$lGv#8mb
z%Ti@+G3~(=o};6f5(A1joLB!VSnKq=T%~!u^Cj7S>Da=ACU^0)`mQXl2(g~(YRh6F
zjVP^mkt{I-u*7z%jt^knzad%TL$^USLZstop{GwjgV#iDA0h31(+LR2iWEsF`vs%U
ze(oCCsW`jWwBMUxS|tvzY`Gk%>B!43a>!+Uh9vv-SAhckPeG!LY~2cf>-5GAoU&n2
zD^O1y2wfU^s6VRZq*@|yTg|(B&ny;53&5DydweU$8EZ<(8x-{?=OuYtUU202k`}+}$05McgMXiG4pC0O@anPIBH?
zk?waY41dI~EHMC7aIw1kYlH~(aUirI)YSER;gG)M0dPaKYZDQ$Qk;mZ3Ppy4^{*<_
zcv9-ln76j%?hp)=fIbS{@3^dqHQ?rPsdg~cR_ivL=d}h$VP&}8i_dmUE+AD_y-u6h
zt7~d*LRW%;0D?mba^%cC_T+V=ecMHFch;;2uFipD&fp`T)n`q6H}`u!51?CMXuBvu2T)8V?B&lzM%po_k4qQ^|Z;!PQBftkZRH_H1Y!LIG|Z6=VkmA~-h7W(m?
zC9S>a>nNxj33h^yiIRt6ALISzc(9(dU8g;hDHAr4c@VxE{61Z)ak1%OdRnTPMvSRd
zyU1ng_bCC%yX|<$dA=sqqCyKCdemI)psufv&xZ4r44=R4;=W8aJt#1tvqi03D!~TPP8nce^C1&`KeNLz>wCL$5JT
zRx&uVo%Q3OH`pfkfwA{hFl@Z$qUrJBXM0U^?o!92^zeg`GCkx0CTL?>h{f+%^KZ|+
z^Q^sfN`g=R@`KRiUwAHda5KDPjh?lkKjk-AgJ&!Qp^w{kR=mY#N>b0Ydt~X!Mwv`s
zvOvn2vz=W64Ik)N*Zu|&j$qnGI6xa8M9O3E-mRYC^I<&(mLAG)fZlIBbzc&9t{Oxd
zyYqN564v{=BEOwk>hQ9S5+as5UZ%DGHAke;PxwERLx8V}xoy2C&FQQDJ>%@MHyS!5
zBbi107`xc5z*(uF`}RU8RS%iBwcnBGydj-Pc9W`}|o3U=Up%{P$`hr_#Y)=Xc&
z=pDC_!+fiSRrxY<3xioG;oWrV7}Vd=g1lODb4o0NTjOtf`IW)Sul
zT~+!F9o&f+I1(zvKQDW95x`+a)J#OFspGZZ<2DM|ckqQa0b8`Sfefn#7SYe$a5v$>
zFZBCpHNQd_PRhUNj`$CHZhxl1!tv^+?kFj0rYU7hE&sLXj3mNm^@U>l1&+k|ssRVb
z1*ZWN=RA@sx$;qrMgY8$WC(c1%KB{ci}h+=v*@0lO&)2e=ZL)4XG;2i|{>3#^tt&e%#E0xb8Qf&n3AO@F{$fwu%NUE4s+E(MWc^
zwfwE|B^MGKDyIOz+4FZ;T*
z-lw1QKc{&FQ9YoD>^@$HM53o$7R~PAFQJHgUp8ajk_(F7*UGs^s6VA$#
zO2B9i+{D);)cV^J468tUR51MLceMzL(~OJ6f?FVs<0YmYH25uKSnZiA1;
zNuBvnfsCeDpA^gs!<_NLypd;1HJG_zc7@5*NY`9Rj4{M<9umal8!$s$w|QWoy(oj{
z(Is0}UD3XvQ3q;>!6R_GtEQh8Qk82xWq9#K6xKkNiB_0NmZrqDD1}4>``xJ3xwK_PauyGcoIt3czEVF2;0`2jq*Riw
zy^yo0jsK6azYdFX``&=@qoRVSl!SnU2uO>Rw1P+pNH<70G)On7fOPlJ-6h>B4Kpxw
zgAzl7bi;2C#_@c<@AZ4%>*9|&o+Ia(XYak%z3z3ddn4lrs@oqjsN+5I-Z^{+aS=cO
zY`bf3O_MT`a
zunm=2HGF=W+si$1E7Z_H9Ppq{dEKV4GF(N#jM$gdr<3s{CkO|M0d)E6=kpZ|QY{>j
zN<2I%UQD7#iJz`2Z+=eDm8AGaeEC9?7ROcK5;DMXM=O7ZK6KPY=7iK^2zBZ&ClINiv!18_32CtPu;H7
zpT3~FQdWAdk?v$BSe9J}n<2-1cUOHo==33ESnG?~1Pfq$Kjy{*p=6>177{)vw4I$3
z%5J-k`;4e)sPF}5W^igQerH&4@cguNYq!J=`0m&qyTUd2$QUT$8kr9}ZSXLy*PMfs
z%iT>Yzd>XSZySwz0S6OGqT#GA!23D9#&C}#^s2;wYk1YEg$JSZF1}rd=LKoWpJzUi
z^MUf9+>M{^3*bLsLWUDZ)C!N2A6j0W1TqI9-Wksg_z!RT!h3-!tD`43xj)f>Yy4Ik
z;-qz$;;_45R|J!uf%e#^b`#JPMhQss4u?JQo()D@@?mLBDlS98R|f29jR|
zW+pJ^PFh`8Mu#hh70LUmEe)m|^6=F2j-@VFO!#-*1wIqcL#eGH9%W}%wwru1G1We;
z-6|C5T~P?qdP|b}W1XW7L}J2NpS^a5`@^qOXAvg}g*&LW1P@@uzdGH{_);&Jyg%*e
zad5<8p;0XeY`;kKDcHw(MSzXk1d8Yn;rE2>Cy3;uRB#XwQYPd7NnpYP(y8JLl=1T5
zasqTPIC_s+*CA~nHWT8~-TcNP9~Y3avS1RzSu)41Q6&y%sbIJN@K(YZfKEhw1(nt0y;t-BYJS%=6h-hYX
z85c`*%G9-QFZAS`jgza1mAg!XDgRqrqhA_jd|Sg^^fB?7G@icI-uNzW_5nQAesG>v;gAQQQgPWajc
z>q^h1trp)4gY>d89F7YE#K(&tC(k@)vwHgLBd!xv6Y&?*N|BzGEZM1Frm=r~BSP1D
zlgEXB)L0E0$}LdRIaya3dRi;*|H5`D$zR#%Af1~4KReLb+6%$=OUUAB{Zq*DwR0~>
zL!%oVZedR@%RTjbHs*f+V2&kM3Jp1XsRN_PS#xznCIgjQ1DYMJ_a%>$8;V3v6>?HYPnpBiZtx*
zF;A^~q9pvJeKh(|3uU+B{g-@|BI#W<;^*`)iq&XCe`^aV>@%Gz+luch(G(}iNN4NKHlhVg~)s^;~37ps*P|iFgw4OfuF){)j{ufU|J(=5Pm&}iG8}pI{Jo!
zv94dR;3G>)xB8s0il+B?q2QMd5UIEzJ12F`#uHt4oQ`c$&Jwst#MT%X)-6qB?x)|3k4TE%kQB=}@D#n~JE}ChTeS;DHut`4?P&P8ev8dxvyOzY
zzX3`MrKl|0?rSNdY@c$=PW011899@dZ}1D1-N@yxHcAsrp{y6A(AFlG&Av5t=wr9R
zuaEBlOuG$HT*A72IRfTy{YJkq#Iz`fj(vMH
z$df5%_O>-aiK6l)9o-#B_^UBMXgZ5FEuR7aR`(7xS~5^&0zYp#brgAlqPGEaS3}}c
zjqe)T64Y%u=28CZg{fH&(;>ZBSz-(7h#4wao7R=t~_~Nq5$b
z>%`n|5{*<%$lqDcT?X|cEZE4Zf%sOsXw4T0r8M-%UjWAr&(1Og99kT2;}xR@8$Vqi0R48DRFe)1zGSG5t|1y
zt?Jq7rdq=C&Ma5B(Q3d|0y!Gx+vU+%S|0QA0$duJM}Xc0O5yw8r~t#HxciQDH6ptc2l4DBY;4FdS1Fi8Wn6Ahlt06v{N
z=FttvjUDVFVDl
zR2)!vRwEeaiKC7jegIHGuT)>XWEnxOUKM87z_)ZY>%o_bK02AhYXrf)$m0@D!K88y
zl8V080(Z4XtmJIj!^b<~JwXaJ`tKHPt_LNiM^B3has>*R^zU(C>RU)%bWfI$Yqjhf
z$4PW{_H~+f8b$l|EXl?iXPzq&TY`TL$}E{@g%9_F`HzETrT^zb*r0{wt^v&;I6ZG)E@K9
zkEOm&YaMT{*PIA7^Pf#Xd6b{a8%L)xQ*028H77+n>}URV5dmGDbPmVJ!mXqRo1eWOFbje&;p0a*6qN789jP&xW5k
zrloAJ{cO^xv)#?yw`C}mu;>Aaz|*e=NMr%;N9$LQ+y!ntRPyPJV3c;WS}40~?JYoM
zG-$z^Dd3)e0G%>4r5mlap6yP&#Zg4taINReI`pjGay-OCG+2(#*-nsNDkoL+nzeBlspR+jMKscU4{FIdNQRkGCV43{G5us|PUF1#<9T
z&5fbCpF(%d_7D!D1Y6WxTVbEqYY-(ho`0^BV^?GDY|`ZGI%
zSNrE@9+fE*=^#5=m%oU(GI18|S?ekz?Dh^b3y94434wgi90_4&HHeqTNEv;S6qQKA
z3sq+&``Hrum1eWxAkFqa_B%yQIY_=^h(Q7|AG_52)-xMm%sIERGP^oJ#;er@qj+7j
zKVtSvQc36Y%cO4omW0-9U|wf)eHT7&qQsTqVg6OWUkEo@f|?0fxYC^O{P0cdqF{>+GAZuCe1P?$Kr>4kxE#>g4QXve64`t&lpGLD$`ez7S
zoa4t8kWi04(48})JO?I*znP8@{iU0upaAASY(ZDi9||YGW+tZ(0UjSVg333O5{AKnt^MurW^t;_@l&sM>IQ8D1%W3hO9>erHZj2tx{MOg9t=#
zVlPpzM%^%qI4jKYtsQg8!T{gGyn4?~P}oIK|K@<9><`K)MMT=#i9NcHz_Y8ma|<{B
zY&!ITr;q5q!T;d7YX@q5klXsDMTsi`(eO2v4p|YP}WDA|o;lSs}oiibkA7~pimT=G5?Zj9d@lsH8
z_TQbpQvSd1CX~U9%UV5a&hy9d1z;}`-5bps%4M&Gh94@=S)r<(|4RAzz?{TSWNf#Vq_wF~z$Y-v!*<&T<<0Yi@ZTQQ?`D<6g*Pzhd-}?IaRXY)
z1~vM_+>fkCrew!^^GlUYS~atx5{c~&w)$K}sh*h*^yz6dfMv}%Az;bmPfQN0|^I=6eev$RV5<-(O9%Vx$I4_;J
zK0lpY-$;$QFB16?@x1tde!a!Enf|}E0Ka1T|G!u5j|ney*jDo8($d7qqPjk%seNb?
zFsS*s)Y5hP6eP&GJ33$#>Zd8iKjPZd?hWE3C3{dR7xO_+-?Cn{Bw7t#T3smGLJzo()n}zWZcB=
zO$)UI8S1FI$w}bP5kw12SM0sLcK_P!vmoB?RYm9uGe7uzA?kMQ-`a)+l+bTd>TtXz
zIlSwI1pLGRP>yj#g>hslC9+6jsI78y1oJvGNp-%J+KuJXyAMxbm1WO76K;Fej9@hn
z9##q%`rz*uG#C+KW`?Dvv%2@7>n3>Cm#-HuTps>&Kqw@@zrn@?-|69hzLPV6)u;!u
zZbf!-Swx1ol^-d7E-Vzt$lx+)nNnH!zg`dA0IWpn`Nq}-|MGsE?^;wlrJ>lqS$)Kv
zMMdkGl(n@jT)=V#l|8aKh!GCL|z>YOaO%|
zjzAP3q5ncN;4>B~n#Q~Yxz(ns1Rwl?BRGj&v-4~9^_qs=tK?4`T28LEeU7yFVc9}s
zFg;iel
zVdA%_XlYj4HRH#C%jrX?t}uzg@%`RJ+P)MPB9T+D3CL%au#ci=+pbabQC>RD<0c0@
z)sn9H|2#1E4>D9CUJXVM`3=Z^k=k+lr4Pwq3f}
zR-$?m2dxt)4^r}7HZG3He+EueP;kbUkyZW&dU~apf@w{0RlrBsQmizqX;zGc~kvIkAtuPU4b(tNG@Sx7|uHJKVO5F`tG+K0Dw8IZKiR&{L7`)rsC
z^Mm_>X>2?RvtF}!`$UxNZTwf!|MUuee{ew&ZR~;AP*=BZP)`
zuRaiO=(j2c(p`(s;uz!YgSvxf_Y0O@fUp6-n<#YGh(nO+X3A)L$AuI8ujN3XzL0?Q
z;?>K>Xak;*EN#3vc!1JX?b2=EwvwH$%WPcFo(8eAG_KD_B@Bv{#|>_`d=h2BfNu>C
z)L95(!s{9xB;X!LZ)A18SP8e8tnFC|pB5~ezJMUho%ioOWkc2*DiSp$0*8{Ket-DC
zb;vIZAU*I6BxOMiUR~6o1dmjSGCHaVsNzkez=U7)LHyPE1nSCDa~1ezhMYeYj3f=I
znMcNQYjMQZn(orqk05{>&F>fV^yzi5Z+R$EFwwKI4Wr_pN|8LA7P8+qk=*25J=$X2
zNE%CusxxgEJJ2rNjsO}OgFt(f|01Qg=5r5&mU+?m1
z96-QyBtQK?5Pk1#CsDtC49
z!7DKyg0c7$*OX(=C^klFjf_|e14k9Zld+gM2Z1yDg)-yVSoQS7e2D;MEg6$~V1{_iS|
zpwdC+l>IYGZdXZG!el4ehH-jdI+@50ExX9u1iMhTKhafSbQWvK6
zF8p}aFapV5HPkB3rpFbz!_XkFl7R3+9WU1S3goBOifHDMU
zfiStT3L6&ckoRC&6y)oY_P81*=;!S%wAPE%I1LK8FsawmyAkp!{grN#P$#t1Q$968y8an&X-wPoL!Apt#SPxp9MtUW^`DWg_%VB>oFwP$M_
z9QzDovftawaaZn_fGaq5!FLL5UGYSiM#5Gfw5jw2lC*+&AWVRL<$u@6AqhOQ(QRP#
zbpBHBI>^g3;IMIGFef*Cpl2VJHWTq>lBZS;-uJFlQi}20*BW5XQrTZ<$mC?LNj(I-o(RX#Xdlzh5n67<3Bz6j7jv&$BmL5Qlo^o(rs7IvzKy
zuaTyhu?FlyT6@+Odc|C@p@9gYzwG0Gr)891WQIPdHq}4_868#izL%=c0idYx3&94~
zPX5`eA+yVG8IP^UwRW@sN46U#^p}G05h^Tmn-k%iUcN{|U2)1ll$A@s7M!eL7_@&(
z?o{-&2t;2Q7V+vAUXZEjv9)=pexvN9=&HM8F`_)ehI?YE*qJ()@yHS+MOxy%&f?%sx@(V_I+1QI*D}u=esednuQ>Ivl!zrvQ{j@blz;ui@TG!87_L
zxvfd>fyWuK%f(ww-bP{2e2X
z-CQiG@ig8R^EJ(%2n{}9fN#@x@%kVI~Y@;jl>I>!$_1Ux{FB%`@8Aw|uC8NXZ
z42l-w8Q85eAS@h}T{V!IQaMu2(gwA&f`AUmg|1E&Ai5RDv#$1irc0cxCb9(7jL!3v9f^?%s@#uj2=b48J%gY*UF?f*(&
z&+wsmVI*=1J9al9p#pX6S4WyDcm*5-43uEe6^gOFvDw}~<)Oa+HKkNU>j7=%id6wO(Hbep77vUW{W&I2{TSJ&9c;CQ^#W|p9L-o26^2fDzNkwI
zW*le2!(UqNx2L2S_Zp6Ygga~VFHCt?ib7eAAgb=2T!@wkQ87GK-+>|`8T|i=381Q`
z1YDIa$p-u0Wt(^6($?TCk4uLHx|E8xK2u#0`pZGu0&oVafqaw_``BU@q1ouIOpQwE
z-g4c=cf8p14dQzRj2ns4so6!H1G`L2;BEW9^G3AKA@9ASwVd-@Rbx;+&(#(r#Bn$q
z5g$65K!8NHL|o(A_A$~UBLmp9sY7@X2V)Tj>OQ@F{hqb4ObefxoV?-Fq(lX$A1qGu
zYgkK9my*H+?(wGg?~^yKs$A28X-W(S60xXa30d2mU_;Z`gs}eIlEq;t7$b!aS4w1t
z0RrY59aud6$ik}YB>E}UcE$`6rm^%L@8bm82jx3P{H{D`hx0|tN5+-!Av3TP(n^%a
z^;-6DdE`DZjlBZHfB%+<$>HD^CnO_op`Fnr)3E1tRG42y4y@?woa=I0rKkqCGcG(#
z3f=(nU$*U*Fj|)Sv+fHB-nTrgMF17vXuOl3{OmO1YkY6Knj)pDiv6obMtVk-Lf!xs
zFG!^o;@0P^dz9?Q>?JrAib`72B%INRy@c8v*`{kY8gUB7PBv7U6t~F*gjW2xdJ_fr
zdNJB6QwAcC3VBhR!Ap`@XX3SX=g%1LY)_N6^#&4u)XmXUKlI8M`*M0XOnGDpw-_iB
zr;<2tEBRjNZb=*)uPHb}_z
zk3$$WAcJxRd*2*lq?2Hqf
zZr+>DjQnoW(dqDr@OM6W`Us@%DCFb;L&obw5|j(=XK%1ck00f5n$xud?K;ZiZVMTO
zWu0*LD4ZMI%?=KzDl<>s8eEb*^F{3g*#vH4%DBREsp7Zz@f$j>A53@|&=Suc%~yWiTE=6UFx3Hgc
z*>R95?9hakrf*o%O6YR68VR5AW!I7|=MK%;^J9yevs?k$*#HA?<*75Dbw`Jw2WXDw
zhtdL6Tdh`(-@~rvepk2T&zb*z0xMk_ZA(|IY~ywB@{PDV~A=vkdM#%BWt@q}9>5xO}*WQNt6)Z(AA;fExLJS7k-K2q}sB!+^*lZST
zH4+14v(IQhP5&_P7tk?J#OuT0Rw`L+$!ei{;?8awCel(UIZvt!P>OG#KDI5wi?brk7|YLMr8@;RUB!fy$3
zxn7=p^h2)WRPeMWQ3V+Z?tTydp%RrE$F8L0taUia64C2iOgX|vUKRdg>TTq5Of}|I
zvU;mPI`_2axJByzmVp05cDCS;OOto3QIefxMstu1m~YjarOt6ii72~PiCM+f-G3{w
zof+YJ`Yr^KKM3ak-zbJ^Oibq^G!zv@Xiv9q_=>@|k$kM7*RZOd%43PsjJtP)mw4=M`!j%)qCWI1K94AtR3nJ-fA?F0OIFfVt4LuUTqs$
zd$gp41q^>J!uuFhj-K&AkoH@CeGQg|<)SgU%1!Q!@Pg0)Z`5kF(z@z-k9r3eLk5VB
zHv+cp?@m9$l&@ERnUbwd;^NlNUwIiMV{~|{19z`FV-qNFy$4p&Y!Xb$jKZGou1HLC
zvM@5IQCbf&++U6#DlwOCtc(5ZqLp5dtREduKG=u)
zwqzqrA-BpO1d;M5z6gj?`eft!i65836B7KO^J$Fn<;=wIRw;*V9F4MVnAeu?60cip
zL1>TWY%}UiUKk?9D+{$G3e-rce82a9P_%J7*ZDYu%j3_$UNl|oB@L^4`54Q;;CP5R
zORYS;CuOK`nh4jUCGgGsJwdT~`D#QyZMz9`qmNen_S5DGAC)LQS3|%TJJ9U7bFHd(OSx)B9pW-~76_4JNX#zo&MMzXRPx
zV{AywCxD)xtY9Y$&C-k5Zi-oMj!wNgAmiXyJM_B3fBX!kYx?zrKy~#ZaDhlS>zXTg
z!!D@C0878|cqRqAa++c|baLlQVL$nVA6C4kP-!u3V>?WZyjUrUEV)T!#kBS#E9>tt
z{|`D^EI7CJZ?p?O(WXQ8=N^Ju_&!k)dI4$Gfn^V-U7TMy!Yx_Fk(%G({#ID%oAA2~6d=E3-$ni#)vP?U`%p(yKCa*c?3l7vu
zyqFVYvZCnVhPyH*ie8;ui3t*?PWvGN;h1ovw(`u|OXtaWK_~{?%Z}dZko?T_<12eShyuKM^912X6bp`%=mR|Rh)l*W<1eQJG0jm
z*N{0@Zjxv%0!Gc>MM*Y(^{jR4%tA^94^7B33T+2zI%m%>)!(ts>zFa-PU5m9opjM`
z^r-{)kqXv7jQ$uHtGld0RDj4gz~S{mdPCq@mRNLNHifCK636Ug#f~JK9JCf`=A>dW
zFUbmMT~Gq#-%BHp0&*o_;@vjj5jx13Sg4#y>EFF}NeJc3fPl$?BO`7cWFYde*6l-#
z;2k8^t5d{)fX2LQWP#Sa_nHpYzZmA51OP*m;RGD9sy?^ntWUO^FR1o9FagpNNF43Z
zKvTJmHoEIHy&O}nWlac(F{hj=_`g^ydZ4WdDK@Pm!66O$AZ&<1TD%i1nluv
zLgnquei`Yk0RlLH3b<-#^Yq00OO{S9eTFqU-!f9(PQ%roMc=O0#O1-PmL%YRmcV0&
zKB=XuDsD|!_iS{QEOf^t94gf4dPqP$SU}RCi4C==t6{lCVsq7UP}_0Vuft%k=Hu;%
zv%3xc3uAT0;s?`>W+N|`Vxt*awH&6ZcTNH@2C8%(!yUhK)U3RZ%^hhGvR)5+W7E>u
zCU#_`7*m*?ojzv9cE`Fi<24}s_J4GcY%ey?j`u0&xushl-&BNc!>?mDX$)Qt29@Yx
zAt`5+mNS?3ykkoGh@Mxu?wQ~
zKRopa>Im~|1a=dPLkN%`223Mz%TMEeaU8JvEw!E{ZKl4N`#~Pl3=bIvo{#dA;JK?R
z%iy*CAaqWc3RiN`IvjjZKtFoXkT}k0Q3n_NG?1l?!s?8|ZCvhLbEaHvZ=Z8y
z>%xzsra{>a=3Tq_x9D&;$LBet-cj!y=QC6zwws^lMk`PeW2Wt`kIT%@i)Od5N(poA
zHkjXG(o~{&zdhC;{Oa6YGx?v^88%GBOsis0^;iiah%_g;Pw+fFjf5irUBiso5`XTn
zs6m)(f>ZqQb>-p7ilZwM=5G}a_DC#}p7%6v1?e)CAW#{LPJgw5&@QVIDVRx|2F*WN
z6J_a(&8ooKS6-nalp3Ue*%;22aHMaf+!(BAcxHI0Z1a7P>cO#YPTkv%4?oPng=;jE
zE(;!E0#}arQlpdnw01{;_lH{Fz?N+J8i_DrJ^pZbq|kO*7C~P^cv8r!PBVhRXvjm3
zJBjyY(*FHPR?Cm+MH>2CXjc;c?PpQkKrQK0P&ak}G=m0|QOM7kQvp74JB1A@R`eh&IP+-D2I!7#?>7&+W-hcnBt4>q(x
zUm1#aSHs*@8MRb3PV=56^yg;GaUUMvJP$)abIfe1mAiShwABc%11ej2nRM-r%;7L>
ztoMN)n|1D`;EJG0@tHOR?bA4LAIg`1`^>OW2i!N>X_b4-#o9t_WdM$Wyc$yP2
z6qZotIDUKV@Hp|U;33q-yXwZ)m0&^9*(?ESaB!t%>g^-uI141&b%7m?9w_*-9gF%bDUOt
z1&f%mqc{9wekxEds0A26KcFPS_eQDDUN|MN
zC}?&An*4@^-IM_Q(Qb3w7JCsb05lcK#2BW;gE
z6b&Db@~37GJ&O#>H1lLLUOU+pHkPP~=)O8Svr{{|!NLL;ExO?C;M41ifSnABBOz5x
z3d+?!t)mAHAp)r_)Z^c0e`^5k}fV>0D#8T?Z1lVRr4CK1rm
z{nkE&qQK|x%grf@L4>`|xtqy(8_a9QK?gKcG+qcJB?MjAuTG{uQxmK-?%fG90?LLQ
z<4w^w5MF5tT^D+TXNJxw2kDoe5}>Cx12
z&K*`^+%MxJK!?Bhls3g>;Be#3iKe*vM4F+f$ZB})+m8+%pOrA+n|{-|3a#{yyJmlc
z0qOl{uKZl0;{X~=mg{ypEluzc{v0&*ytiZW`r>ll;L^~_bwoU!z1RBLc9HOa$?FOu
z40(;KhuR+Jk{b)|%&JOS)T&kT1;)iHhFW`v5;fmC)gM^f3e4)$YkYcI!Zao9fmcIs
z&T_iOrfaEeX!SlS<8`4alev77##4KK3VewKY$%sGUCJ!mk(jPgv>ju?DIeDZ->y8x
z;Cq(*{Osn>UoKEgd92|=12tq|pCwXM3*@SBx*5Nf`UL;wn`MU*n`GQb84Z&Eh?2GN
zp?aCLeREI>a5H1p2L|@i0dP*j!Dt45WU?;*Tk~A$dn;P`#6`RBokoq9dVZ*ulOg{?
zLfEf>wuUrG9>*U9!kamx)e{_&(#e^(A}pevmuwTmg{;eRJFLt}!QG;qRKg5X&MMk3
zP#mAKcXzk3{;|$xrz%1hSd>-Em6EITrN3tIL^?E^DV`M&#LiomjKIw7bDSCcg$*l~
z*{co6I8qJ^S1EUX@Kf1dtv<>sw^1rGvE3b9w&^dA?(Yv)QWi`+U*@%GG7D#4K*5(B
zCa8RU`h%nOg>swZ9T{=$l46%$4yvUlnZ}5T^TY8T+34;p2BgJ!4wo5SC;=l5CS0(H
zDO0|uQSNb&-e{e%uP$@>jn;`A<8iLA26F-^H)3iyFg2s=#sk)(qqjJx_FwgOMu+pL
zE6;a2ba^sd)&6%8%w%3XF-fqbvQ7q<1OG0f4N<|08nh~hZ~T|!E#>57${7t*%ujXw
zX1x5?=bGbu6I^9K$G(nW17P~>Pdo3XjQ-PUrFa2$y&jsOZWaFH(qhJR2p+~G*5{Ij
zdz~zsBd06RXNGH?hH#bDki#EQtjhv6*QUvf^&YEFufC`z3LUOUI#L_(v&KFl2&2?;
zgcr4Z?Ga+5?KI*Z$wn}`Gurb^sq{2Hn(}FfUByDqtzq86S2kE+p?urFErQ174+pI^
z9>w)oQE=U|^V}<_m3>7a#Xi6nQoK8_cIwl!J_(f!dDc7IP!{&V)=tiv7W*&1k@dOC
zMl0JmwIE4PYE8XRhp#P}iH`|CZ_sBw)*HJ98xggsAlC4264h_JjH&V$sy!mv{6DgK6GrVq99c!V7
z^9k_Vxd*2EENmUr#^IvyP#xpJ8qmFwgu9tbOMEQ>S39*DDK-T9z+OyY4IDenyePRV
zRH~TO#lPK5&%P~9T)vW-9idT@5d!*DH!aFU+O*2H_xZyt_opq{Chgnce$~=XDp~Ns
zU~RP~Ai>W^`q?*2vZ(j1=Zy+u7|cb^$Dgm&?8w7d2%roM40I(@A5(kcdSueNn0aKZ
zj$^Jv`qE^WLnc~3>^ozUMNdGY5huM{MT=kaM8$@P2O7Cb?wF@XMn?CuX6-4=DG9Vq
zh_?0?Ka+4%GeNN#kj8K_HF$Ub#|vOc$Sis#rEunjA(I`+X%Qg
zR8^VTv52|f6Vy`{+;6a2y3BLD6V9~YjqxuQ{QMAw1$9B&Fp**ha8f^Rfq!lg&!8fC
zk08BQ8a1#A=}_MArs=iUo@|0U57u61IC=)D_;4Tjy9fl;AnI1mil8@Tv8y4mUL2Gh
zqG{ygr^Z61ICLx(gL>pkC&*D1g*d1~ZY4e>n+`wf3<++^}jgJzT*9MvHhcw=fL>1UsiRbw^
zUW0RshivOtC1O45puY-)WOy7OJ4qtR{e+F-6?8fLa{51$w#
z`*x$~6k8;uN1HJ=IB(MJsI_0A)^0btxngYuKTH-Y;*4%-e+yh({d!s}YaMX(
zVq5n*S-+rcR!zQ_(1JJ$1~802S!_5SYjCZ*>IQ!wvW(
zL0^?2c4bdzxKD3ioWZAyOGQx;KR3dyTQ#dsb~n#m=byhWZOlj6;!A)!d64$zHt171
zd;|xrC%qH@y^!Hh^hchhwTG0dhj^Oi=e}C?QCnogNY{40p+vpE
zeu`1r>F!O;5wQyJ#pbzNuu1NL#vgqRM@BFA#Aecw{5Xm_vSN#mlp-3FQk
z?uEGx`GW3z`ydsWkn!nh?7b`+;6*6HORp>P&398;tO??Y3{7k6Pj=(igS2l45b+Bj
z9q&thi)d#I{?c9!Q;eIX;{+LT7rph36$9GK!WS?_-*4b|LPGz&+!Czf#_Uc(5aQmxIW7hVoZrEoX5e$?@W}|o;-PU
zzEiSvaj+WeE>A6B`!QD-3)@QH?2x@=Xgn6d{rcmJvS-Y_;TMOJ3C1OW?c6*p1XaD?
z(p9>|Jg;f?qf1U_k@k07=Y-gjT2NHMPTc7?qMD_eE>ur4?D%$MWIuz2t5~o=d5D{;
z^28QqU$`zJG+A%W?nm*>C&JTuo3k3X1x@tTnmKfCl@tWwkt_
zM^V5ql|C}jvDUX3AU`HsN)w3Ue2yF^o#>~kI3`#!9OZoxE?pzuhU*`=?raCtSW=Ym
zbtxv0yCbQc1kbG%LqNgDn~l-u;v6?{XQsUIbW<7b+3tlD+ZO3uu9D?KfVx1@rUY1k
zF4q`nvx`|<)Y+#D767j^w>+xIhr8U0*Tse;G4;fqWzew7hF;{b
zw7ynuYz=tSQ@y9LK
z;VIn-`}!3We{iEX8jR*au@*RkHVj|40t^WF*M;V?i#nOXE|-Gl1rEXdUBWiK{izlc
z=Xu*kCAS%BH#O&$PVKB^j+df(>AMc6P1irZsb
zEb$q3o*(k5P)?$@_Z|5D1OdF74w_{;(ETniB-fPo3!o&>GZp~2_ZNL#v!LgAkhia$
zJj4{)xNZ=QfPI-~R(+v-qCVZw#p#xlJ-{&aEtM+@ksOM5#~C>RYB!_jchzo1sCyv+
zY|Y-c9gM7{;wThoaG$&}$gHF(BM%Xf+2=daFMD-oKMxe-IH%39u0_z^{kY(PFeSQs
z?GJ1vLK!vP0QXJ4Z}KQay>GyQjA|d2Idg$5ic^>{=7+0J@9qR+AV0}jQ^Jl1+Dq|u
zfd$RePTWTMO)*=wAAZ>YXa
zypXEgmMfJswo@~#5QZRGtk_LnNp5=GF5mv5y;WR#-@1%#2?cvVzI5Dh%R_rPb!f7I
z?Duib#KnwoiUaedmivNx>{2ePOFr^Ho|tcy&k0$Jh)_@3P3y6*94d1x)E?Hj?ZEdN
zAJP+pHwG?k<`P7R3
z&EqLCR9>+}J$E1zZ8d>GRMAXfCw
zq2*|v&9XS{qMz`DIH-x1#=4f4L^oLZqVHW%QE>;Ck{X?UWCCq_X%LqcKfQdAGTOOf
zw00CYu+hr96m8oQwtMKZefJw%{f}Mhu;V$Q#shGHF1_K@S1!Z800SzwrFZ*n!^jLk
ztorx#1UPZ7wqN>}0YSe85Nscxu;K02>NaL@xD)_7Z7q3(x~CmSjl*>%y)w;n?xWwA
z5GZ`pX7*u0Qi;eL2p0sC^^ar+EfRp56}FA^b^<0RF?cV!NJFEl)nyK|WS2M%Yzw`(
z$KA=I-eoC^|;~33^wXt
z_@lVXs=$SU;Hs-KNcq6(!1?w3h}e3@$9eqSKL}|)l@g2acRJrz>Rp#xVF(A2(U0uj
zbF_+$38@t>^AsudN_kaP?tA_D7?yA5K|3Qy%2+}{Y2F*lTVIYqa{r`6kR6%dFYWgb
zLln9LsHvUVqDCD5R3<1_2CO>^l>ardvpxgwse3s@&Z!9E@o;go<=es+4=M_Dq5Wna
z?&HO=eQYezo-J}rU9*OJxZl{i3|693by2!J739Lo!=VZbccaBI#-nK(dKN*Uj$6y}
z{(4YZiEWyl;EDn|R@uXrHkILKhkvnQ2ug}feHqmE|0Cimr8A|B1#Xs(vq?FmkCjzr
zzfRB-;mce$RxGEN#6ke2)8}voWIch=2?NkKJ
zxmbNY(poN0gAu(;?PdWkl$&6aSZH3UK{I$Rdw<|yjS&sddoJp99NR8Hcs%4B@N&0Q
z0a6@JT^UI%P3!bGJ
z)%&M&M~83n2dmrzH*5!iu+fIoa6KCEm;y#>a;1dsz$W*qd(gnqXP^IbZ`1^eYO-~F
zn+9WC1p&I6FAFI5Z|)qeDArpgaqD)1sI(
zB^dmQf_jYQhd~cnD~n%On-LX+#DX$bOK>F~y*}6#T(#+6ZVbN8c#t5?wM)v_-*QK$
z&o!RoC))q96vcjYAv`Aagp|@^%mQ4;Cj*{#
zL4I-Z8u*SMYkz8#a$}mY$fKHHwAQAT3p~jE*&1-P*Yo)kNs5b-fhHd3;Mv6rBbg{ncbK=p216au!A+fmoMcfVnpaN#weBGbj^
zH03eC^IcO;Kxw%)Ai}cBM|4vq_s$eKTb#-dbV0#3!mG+6CA||YNtlI)9OQlUWJTY+wJ-=K&swp6FdamjvlB^
z;?<_><;xY}k7IjwM7F$P=e5u_lwg?c>x|S2l{E_v)i-5`dBW{YV1f=GRDByaV5$V1
zvq=wgA8$Dn|J1w>*v5hy(hDQu>E}|k`xtP81UuaN%~b`S1~Z19b*%UQSs0W}i4ikc
zm<7}OxZtIGqZWp!sx2A-F3rnef+RgAfT8JTY~GoC*-$}1Y(7QuUU)qKtc!1Zc^ER=
zQ1`G9S1)h)@X%E8rS9fPr}2Or
z&X^Zzc74#oGN^FUszpJu!Dix0C!9E(te_ucmsmg$N69Wq6?FXU^Y}#!4u|kjjXv+v
zgZ3_Em8H4wp3qX$&^S1I_>ld6xd6p|<^bX(A^H(u9=UBe
z^Th)JsuS1_zFSJijZ3QSk&(ySvn*mc^-&5B?T~b9zZxzxp*UV%bP8_@p9A;{?)wRGjsbsv~Ip
zT>SW7BKO@>1yJ^--Iud@s|G>-GvEoHxYat#-ZKh&ad6IBU=JRm*9}W~w
zRWM!rYrTIhe6k1XRHQF%xGcW&V@CbqHxckG^)clKE#P1|?SXJio=2%F(=&RPl8v{E
zB=1j_fA?+>EEfqCF;;9W6|8+#8c4bCd=WC{j1sJ`FZV>=*5h1B_-cJRLBZjlp+lu8
zH(%_<*FygSbNfgUa+|**KID1)|BtV?fQkZb!-f@6L6j7b?k;I*1q5m721OVerKLks
zx@G8YknT_kkr_IqyGvU7e+J!Gcfard&hhLS_N?qYb?0?mw~NzwS#>0sX0CPbdQKKZ
zh=Vf-1}7Y(ym(!4D*`|Q4^H9lfwh9~wA250_pe=N0EetZ+Bbdu6Y5ntH3jq#HU?V9
zDuABcp=VLlR48^N5hJbtpasTj&T=!iAA#Rs5EFyH$f2!>Cv-kh6d8}dw1lXX9Iz2T
z0dOC3ZX(gV0$Y%^<$I^5_(BR6^mRQ|`SYZ{NMtR2J}}~<^B~*tsMRc`OAea$|6x90
zkf~-pTyi&fql+Pr4+^^*G5Tz{aMfJJV(Qq&+i*6D^|&4S_#t2v{ZqUD{o!#cqH~o^
zBx;))D#8P#XUV~xB3S-}0+uFWLa?3ys48vOis?BGi#@fB?u22+Pg+wR2p6AS
zY>J~^wX6@vPuoch;T|Pei
z3Vb087(~CVS(0mP6nk)nje`a!Fg+0Ma=6fL($&Z)>SHxMI2O;r0Di5v>-SeVelMowC?e?4`Gl~V9u#eU2HG;p*L
zrQ;Nwd+!}k;E*NNakt*AB}gagV1?Ii(N5~uB3D`)zbx^h0E@*Nv4q<0lbv%MGF=mp
z<;|d)Ome}315RZp{%6~KCOflN{8YIl&mpC9D9l3K5WPR%ems7ViAUK~%6{eckE!@^
zn}E0fT~138!pw5sNEP8rss$oDu#IhW=o(3AsCiYGZ{>{=Tr|8N_D{@(ZRnsQG}iukWEu$f!LKNQ
zxI@8qgl1hXx<~=pyVgD2;*#QaSc%XO6spn$G1DGu679A_
z^YiHW%>Lu_?h|t};;VvyM35}GTAn5|=Q?gYT2PmX{FE?uF~P!DU1U3vt!OfGMm9h~
zbj-r&``=gi{lT-~>Yamu1_hyX-Uz-40?JNj>f!-xRrlg^IkP1UYd_e%DgTge#S%@a
z%^Tg{`fu3PnCJ?A{sjHs_Ja?2h{~dmNi__{1l9Z!&$bxyZXg3lH=`
z;fV!RKr|@xurB=D*}Nb^*y;+1_^ZkVW)KPn!>piAoaLe54&ej)ywPv^o8F0svCDRY
z0DCuhmS^H&KknUsumIYuMA{@oyA#hMZ~!jOfK$s3Ng@kKI&2g3dO^8!pE7evn&o~a
zPHIkYS#dA)9^6>sqU8Cn%eZ=bN*kcRZ*#Yl9=u{Aa4LYC)_`*ZTq#>sfl6GODp^%#
z!ol~N^1UM`Gg((}_{qToIvY>!KhLOz6_{D`uh59#pg3ym2JuEj!FHbW(eu(jNkh;%Ti{R#Q
zm%Ueb)f>!xspSb>g@V`EzBO33%z%zUO8t^)ScoYJAbHlk{W>pHo
zGk7<!BI)YCcEc(ud5YilVXPlBWN2|&ja_;r|It^Bpf@ng!
zwD{H9r)H3y588m}+(o^f+69Aw+VgKD?OMHOFOxX=*nB-{JOO2SGe#6^DS?tL%zx(m
ztYH`r_AX);E)EjPaAByF}*1Z8@I3;>e
z>a`?l=RMq@+sAYUMcv4Tkb*!1;XlXsh7A1Y-CZ!(JL#ye&FE6
z7@%r_fyA;nZ=Drc?-6l6wLP;PpzFPNgN<8AMDp&B?pO4$_H2sYWns`jU0wUU&c;Cbh
zF#ov{^!l3C$hjn!GH4p>W=mlfcf*GYIzcbk#k-=TlWh5BeC@Bo$=T0)+s2wHH%ee1
z5H-sF$mrSFSWJ@dOEH!;tlhkE?xIJ+yV2Ce`op;Xmte4pJ%iZe|6PDz9~cp9NCUMT
zBP1kpObu{_ZzMP?6M^jKP6Ew4AoC>y-}S@rGUzBccqu))rdp~11lIm>fZ&6U7&#z8
zHyA=Fjsd@k+Ya3TNC*S-t4UNJ+Z(Kpl>ZX1G(9&Bhvc&RtNDJz7N5q`dKtyE(G64F
zOvn?+lG7lm@ekox&CeGEIVZxz`CQt`GxGR)lG7JI%}w-B;IZ>-i_{a6Eoe2}S0L{`ypU~(TW7ZIyHk7~aIj>!k=&W1I;TH6>b#~e|+`;_x)zLe@J_(!`5a1limovx-rnuFPg2)
zihd8_?t4q4uw3W6-W6aQs3!J!z46+XVnqg0E;DsF0)n6oSUM~^*Oi^(J=f+LulPaN
zEdg&;rNIjvpNNFUY*=;_3sn@qrAq3*
zKt`~q#7?KGo1=&CpNB<8uJudNkt!Ul$DgYDe(?|Mts<#6SwGZO0mKQGP*Z6JI8-Ua
z@7~?EcisQFY)c@0jx7VZ^9A!uYOpUI;OE1)NF?ZFqUB#&sF-tTxaYr6xbZ0!d<8^8
zPjvj7NAGal7JAYC>~Dh%IpBaN7(#^EA%=66<6SHw7Ld8{+q3w2e38AujPP$6%TMzN
zwlV1Ua#fR#OLiH@%BuT!I}%gna}R%dcf_P7-`aF5P%~xKT;zZ5|LxoAKH9DRi1%x3
zLW07p=xb3!ECz|=j$7HRZm&^}G#}bx1Kw-h+J|c4pV6Q%E~Z~}qG;psWg#Qiyq#cw
z<>zHT!{)$UTXrTcef|Xpt!8T(lg3eu(6qh!#G<;x)8mu@0HyHTS`T*@Y`lP}NHq_z
z)j*{$&!Wr#O(?ovvbT49E9XX*hu=wslw4Z1{s;MvDk~{BzX{sWQ%_-`)wWTL=SlpP
z+()pv9U%-6DW;~A*!R3vG5Z3wx`dO$8(MWcYfW_@+)n39xJ*wt_YeKMR8Jj2b3Gj#aL97?nI1^*+JxOqYL;{;w0l#6(=&K)+t%@ONRB
zz(mu718UFvU6?*RTm;j#xx0vj$=}10M0@})OqRg(n;D5w!Q@d|U}FwS`Jdv+g1eFGNca51n
zepQ$O1u;=5IpfMUle<~OM^&eQ_`KW<6*hkZDIX*_2n8fob9@~qG?r6WBYMVI?Zw?<
z!HM5op!-cumvy+U-eom0WWutq$P%A&Cc87NSuOX}gcUdED-62Np+kI^s*;=sVk6hq
zE*cc3O0=|pjGb~Vh#dKDnf=1;srMJDG1+5jt+XoH0=7`AXlX+Tk^K#!M~7-d_S45E
zH+6aEralrE-CTrrv84kxnSg=sBAx!*kg^V;^q}?h(WuoicYMjs`rUec`i!F&Pn)R{
z&=}aUK&imL#ebL8QR^U|qRU(|Bh2l$INM=0*0{4{F2llDS{
zkLnK_Bbqdh-B#T3%=HuZJkz&HaEyERo!F$UntwFdiVX#M=&2Xxem`5<8(1j|>K=f%
zTZ--hcmRMh>+V}k-RUINFoQ_wSZanR41}7?tv9=BmyY~{P`43KZxY@cJlyZNP&%oY
zN%$BHPbzNU3ero`riu-^?S9$C&!4f(9a(##_dSU}^ODMrNIg&Q;0yH4O%oJ&T^K3<
zzrqPmQ^aPj0KT=bGy=mqg8-a1COg)_3Dy8wKZBjfB4vp;#oiYU(>V?%3j
zDiM@A(@%4&IAf~&v4%D4fq3u*dwQ8Z$Zo3clhj-yHrw=sw&wOjb9y(*8D6)I%(@i;
z6l9Y9m{i*Pu8^^zGmZ|w&yK4#Jlxw(w&Vij*4nQq@Y^|NSbHQMT(PkYYeX^+0E^|PjuJ&NdkA>!X@OG(SI+PPjXGg
z#9_28=*{0QQ4k?<$pxq>LiVm$h!NK@AX3tn8o0Ct>5XwHl@y$qJqRw!#4NnfEvG?@
ziw2wE_cw%Wu7MDq^n
z_{URC?J#m$M^A(>0Q~4C7z~<>40`sie4k0X-9M-voB)aSZ$(#-nnNph`l=uo!+ro}
zRGnYQ@6vILCkiTSzC2?eDpHp0SJz9b&7G0s-+3E9At%nZ#G17(5sVQAciU2|JDc0H
z-?5JBJp=rgJmn7bv>GztA%LyHT`GUQX_K#7aKiWX_}srQ=jPDyeQ0}wEk;9vgDj7a#r^fmPtGU_x3odosstDwh_LygavtbhJ`>$8>;(eiO42!$mg
zz>I!E=L11UQL?qy0`)llCN-~HlC=4TtN)DPX
z>+cj+cZnqYGsbqlNJjTJXtEq!Gc5vC4VuRO=
zf3ob))|0I_dC9ha6hVcnvi#ll^Lh3}lAL20aenQ2io32t&Or^MtBA}%2q91SKEC?<
z;mBk-@e@${$^BcX4s4hTqTwfm3bxPa|J=Us$IieixA9v~0-zksfV4f%|o%jGF#
ziPKPp7&K3Ka1zG2XAK)1bfT{E@**C?DS1X6eMmAZ<;;wrhB@(+<4%{5O#_3#}}{XQ_W$IOCS&5JubiQolm(bcmzh
zMfWc{LE;a0D}qx@xb6>$mFW_pbCiS2k(+7FzuTx7M@07XkH0w{ACbHC^cc9Pw0Y#mm3Cw`PFQ1ru};Nu1R
z^=4GKFJKlwZ%$@c*7}g307QEXlIg~ffm%!Q>&?SmlL0M<=J=lrL19+}(_wYKzOojU
z#AkBi_p^WTRUNfz2(yu{pQ4BZRo0<&65K-;(jW0d`HhYb%K2tgKDx171r8vF9`&{S
z{()hCKYil4;icfRtk%vFXCyt@+cQ2wkxH#c09G$bq~0WnirUYH2Ds)@fX9O#)}?<&
zt=r2jW?TIm&q$PPyO&Q>_q9gKM7UwqJYQFU{r*wE(apirI>of+Q{bznpqCnNMXIMo
zk|2WTN-NWVVk$YJKSZ~GB-z!Rj#fgNWsV*REd)fjI$>@8I4`1R6V%V7E`{@Lk{zt_JJ_va|+OK?wNApltk@V2bW62^-B6-cgeYLZIF97VJ}$po<(edabq^4dCKGn|m0y384&lG5_TfP_&_nHR0W+X(
zc}h!cc46!rZ9i0$=7F&?5QW#{^2l{s7Xy}=r@)GGj-Vf{_<6>yxj4D{)p$Ge{x!4gH*#nQuMe5WBHFDRWon9w
zQbpYj0S*^UboWQ+qqb5n&ra8Rrwcr^WQ-5$c!+ltQkb)q$8s1PemKoK?)P+EkTjhG
z{^LOBX7sraI-v2PPrg0Pd~;bAqOUZ`Z=W8y1H92sPPRVFBRP!i;~>Z6oRfn=vgM%`
zVvy}YxvVn31>f9r3bI-CRi6&|YPZ;b)9!GUPI58y--*CAr2luSHeWHZRJJDFE;_E#
zB)9we_rGjJkj
zVl`b>yc*mtb|1hff4yna*Ul-B+wGLx9q)=p-6RNa=Z&K0e;BYrI3;C=*t&{a@uOBJ
zYq(PsT;n~H>rAAAG-U+(%_=Bl^9Ef0J74U^cyX+EF214x`7NV&4(buRiZ!
zE685*NT^aAyHr&tT{`Ss-&<*b$wN&OIrg0DmS^e2j&itOOAEOFe5U>lh*h
z8FP`Im{!$-q0w274z0A~#)h8Up78O{dzQxzsFhan=|S(Njcm-_JFAAS%zR?8li|KnE#sz~lQP`GsU
z&V8#8>F>XF&UEA}G@IOWdtog@j79Hp*nhbvyts)6x_0ovwUoeWfu&%aNP1(9$`?Z~
zVUUcM(6yfRojNs{48a`rT_(?WFpD)5P5#_p$rqT8ytUrlfA2+E4JM|DgWruAL`%B<
zV(%z2ZznY3-yt#hOglLzQgE+MsmYD(x8X
zA)otOaqoDX_66B3xv5TLB4stUl)&D3t#
zI5;c0CkHS;Z|gr!22^V?A0SeLJdojj$OsDoS;JREh8zDo!`)eD3J_&x@xMI$P-sCT
zgqL!2HQv`)#i=Tib?KiDlReT~Vai4CWvZC9Rnxj1(}Ak+?&!&n
z&+~R~nOK3;O^r|pOkw0Z_3Q>^XXr<7-N8Y>x$gttvcH{
zDP)toR`Z)BC3-ZFv`+}Q~IhCM-}
zjWDUxzL$zJzfYoo{7SJ{1!kTl>o))A>F6iQ=sjA!C2Cdaa~9bCmao~=M?;~@#Wo$;9qiK
zGLhZtN-RTlr9y(IH|t!!Z9F$&-qW*lrvkxT_n*s%hzU>-QXc(2Any8p({mGC=|ND^4IX&m16&?e
zMd4=G=kVv&PEj|8V#7?o(>8d$BCL$H$gW)xuGA$Rcs`~-Wjx|l1byQ!^6}|GlkRCj
z$3}n6wDg!kX|Bu{c{TZv+TY0+K%V_@MedOlbo0Dyelf?J7Qe^-OJmMvaIoeHga^Ci
zt(aASZrI?4WW45AG0@sqX)Zp|UI9R&0ig4x*z-bA04O;tOb3aU=c61S#U2qCrcY+Y
zoLo=MF-0=dcL#6a-RiwpsaeP>CG(T(0X0hHXxcmNMRuQS-BhVu+}n`}orkipGA<6P
z?+vDDU%p8}z)KzRVX3qsM82<2fxs7_KnUt|@&O$ESk10beq5$Px7$Hdn90l!>)GS%
zX%B((qwIn_wW67hHu8wk_ZAX$cD^I6Y;{?@<+KPf<<5@nT
zJu5hRQ8b%?jgy1$#2T0OxxqGZ%o(G5_#ow5<$7&)?{=DPiPz}h&Vn7H7&l09PWGM;
z!N)h3oRA5c?nIk*d~?2Rr*iI$Ws8Wj}T`uF+$_!T#UF?6uLr>VeNsUg7a+=?DO
zptu}=c4r8^`O$OTz*a^tO*tjJuFgJjLt}>$58Nlgcrv{Xfjzo}s({~@c(8o?chb@z
zcdbWqe-Q)x!`eoMP2>(7#uGXCOFe8j;K5F}Z(n{taS4&nl1bt@GbfsHdzX@J1Au*!
z!*Ihwc!cIbUk&qUfGTt?zQ-JhI+qY?e}zdX=vV*>8>D#Ga%rOjFR(G=m>;`3m@9AM
zyQZGeckxF|K|^G0cY-i{A$vs1Q&DDF2mRRTH^yZ#?I6!ant1yW+9AwU#&C|n4~4jJ
z0D3p+BjQ$tB8ow7Y#Z_{%Fuzj10vI%dM7{t?fLPeHY_;f<-3#BDPpwRoTCOP;D->C
z4m>=j=g&Gvjs6ghS+|L(xoMY_#*y1OdO<-VY5HCvoFL1=;gHzW$cNZ^20)zv}}#coy?~z$pA~^
zeqFrpt~`l=PrfCuRkUnE^=7KEzH^X<4*nRTs-=uEO%fyGvy>aq`|sjE7ox-Mjg&Tsl|FtUIi5u=5bYTV>L_*J)LtuKrbk}jVHjsh
zERv^JHvt`jf?7?TU}`Qj(T8Z>4gS6MwxZZOn-ie=R9I*9GV$&7uC-a2CD+b}j*plO
zv9x?Vc*H}DFC}rHl}iax%?cDx?<6h|4I8{TAmHQ&06|3kvE(r8c6Bld3-;W4=u@L7
z^06|o!$>aSdh$nTloj}G#;QPv05MT3uF46`*7T>YGIgJ>wG@W)d3;_S<%L@h8Q0rE
zWUabFa&F6uvjTa8Sp3M8TAbbd5;_Vt|c}12ED!IKn
zL2deYzT1gs;<;hUpno=|Ab83VlDuDIg${JsOros0R}}P8B=3dhlNFig+Smix#`o@$
zJorim>4$r{xi}gB)}%y65H?LCfu!wB@2ep2*47X?s^PC3m1VO@4OI*?4!$hLjJv~J
z`o0@85x$H>^{W&xCk9^C+!x&j#^kU^DL0zY;N3Xf)pNg;W+!@QKr7-J4$-BP|mlBLJ$}v
zmzqfW)&{bF)>jYC3dY%i1T23nUZG*hzo@#>oso3Un
zCd}iribHcr(;Ux=x}cQsnmc(uVon=s0=*Cif+L3YAb5)hEL0MM>7mT@FM!d>
z_^K7|17Imx;^X%WeS2YhU)zjIeV9s2EDwcQfaHAGQwb+-h>&?8lUn`eM!uR2?#)`G
z*EHvN_zf3c*Ltp
zWG-SzM;idm+
z&Iiwct7ZVoS$ufTpNP=X_?)|Mntlyv30~{!tF6nEWERC*fbbe&mx9Wor>6(%%yEE+
zEz`!`9!c2Z1B5uSS{P8QM1-|mT$U0LM^NN4Ho40`F4H2TRIXvty*2uXnpracv4w9h
zb4d%cp_rvrspka9&)}_3^SM~?(hi<=Y5@uB;i)KGCkJ*WCxx%Dovz@q`6rp>7WSF0
z$;V?$VALUDo#@Tw&vRmF9Wr##{9f1)7|J5?H*5V@%>6?M5jNfjOrP_Jj$2@56`)Do
zK6;f2@w1foKldMA_MsKO38BjAb#sH?c^aND87Cut1$xn=^<1XX>(<*Soj(o`_5)}q
zYnycS)7W;8CKn)RPbd0?kRKHgNn#&VLSuUiY@KE5Q7IqFIC*cFRQFnl%i_tjG6hw(
zecC9LpkOtqieLn;DjiR@@_2%o3-qP-%RbtbApm5@iI~uv5d_%fS*t3tONNV(r#Ath
z?~oS%uSVmq;<#rJ0{uk`&|g95bfO6K7h;;4v6G7%H(2FeLR|kEY)%;%=7&ai8u3sM
zcvXoQiTkM5xxP@y;u7mUfz{Rb!oSa+oB}NF5vCc4cE!(i0D7tCfFoBQ4;PP__kQn{
zuG$9V*Re5yV++TTfzRc)8z`x%nD9_?p(&M3Sp?3j;Xp&W>F_cq8M!1Q0d^0he2qVQ
zdkm1w!ft4d#Hz}O8CJc|+;Q6Iw!DIj$wb~l^h7QGZ|8)-@$~PDnj9WjcPs&mLTy6(Y__4d>v<^{uc{ls*c4
zi*FsFU>2l7^$QJ_+uW#kCEccsDy93K!8|AVowq{sZ#j2My**)N
z2S8rF?y$?P7KpexH3R5pdN&=cjbxIZE2uW#64Es#eNxcCxF+29i4?5zx`R{+X8dMn
zTD<1wx6-vZe9(-O!fHpnjKBYQE+dXD8!$tcLmwgm)Y3-;6{6tTtyjrFXqWk(_32y-
zqTgSyiNX0r6
z-l3-|7hr+GIk|2nC4s8ES(S`4XBj8=u?90%c{H9f`d9|&H|qDxRa
zORPpZ-15-f+Sl?JP%i-0sb9KW`Bmagcin^P(arFw
z;0;EoD{~kdw6{=oR#Q-3X61g^=0k|B36VrQs%j#YstFH&iiWd8LNBqDfiKKrf$?L>
zYv&;GwuR55Rc5MRVQLW-?xX?>_HA(wfB{Z<1p7<%=hu^9ML=($_kp~>U?vJGaIyrT
zh>|qB5vS@+$+Zri79l4!q&acx=cZVRY^%XuslB%1c;?{Gn?W(ZoHH>MxQC%>?V{rM
zqY=k6X+LrMpey~e_oAQo?^6HWkSE5*C?64mM{4C_&I9$FfJND{h7~nrXi;iGHx<`V
zmh0Lxce=PIk^cZ*`hMhoSGpN!N;OX%FIa;DydSLa$fu(^MF*4)5ZaYlsy(klFhy+(
zkvEB6ci^l2W-@TCM5-QIB60q!r*?H4
zm0~+tPDH$Ey+!Thyan&XXnh2$`ilW4uZrcN*l_7>L?Zqi8x-Xd-@nEFak_^EKx=}!
z-zxu^ByoT6Yu~(S>&lK_duq8Y@&qHdIVxOMq9%-qG>8co1nNgGUxoo#VCHjfBddv&
z%TN%#1IRRnBH%>NmYN}@>i8`Qe}0rKsi7|86RKjQ#f07@6luqz;)Q2xy~gzvTjP?k
zBpv9jCf&KYE>7Od%;yE=33qRR_|Gsl3y0r7!u&`zoiDn#WiPIi_upy_B5tZi#7)W|
zJ*}1`Ap+ha0I06pa*5XH%OX04q}C`yAFNp(NqH7fi&{8DJ{m@3uwFlLTJ|D-E?>iX
zhWc~o7zN<5l6F6P<8tNdD~LS-8A^_CtrKFw<;a7`k`zb+jMZzSy3}c!3PXm+gv>wh
zc$WcERdxA&me+j?A}kSci*rDMO_Z{-#uTvOgazX?KI4TAK*LT0jI1uI2Zky$It!SA
zAa*dG2a?%Hz3%c&Rp@-m>x?jC2$h=KUHU8h!bbE1@YsOs{`=3&bwt@u%DZ>NODqTz
zT*?hZSBkXQJ!$AQ;&7XjRW3JVN}l^e
zi432?A+03hxb>A!^P=pAu$;GNaaDKnJJpK%`$O@Y-Ck42<6KhY#V}SYl6H$>fr&RF
z&)|L$qdYCF)=4+iz$Hh__W8fL1{Q>C7zD0iQ?a8R*!y(g8i+$MxA1X(1ohsvMp+&+
zN7kU8!^<#a#pB>-1`d*j|(+*9A1UH5KQJ>*T{
z;HW16lk>W9p5u`C(xTVv*t|{tC0|RFWeGpaz;JqpH41H`Plu
zFiQE{jX&jeydLWCj#S+lfAsedjNi?xk4fN>F&Lo0tH}76!2!*vfpeLJ5;(Rm-cCCX
zx>2wabUyallWgGQJ$n;3bdrIOl>$+oxkw7+S~21Qa4!+cYly#f9TAUvQB$-AAUB-2
zB8!%vqC5OXWu&!$FOR_ViM{F_bwbjqjLCu&L5%GcmK}p|i^wshlzb3AD5}V!y
z>yN`>q5_JOG;$t2xKgs`zk0{}yw@@F@lfQ^*ja1cJ}{8!5~KVWO?(
z*;O?4)DFepk~o>4-U0K1Trkim|BpBi4dGx#!LX1|X`d0(#-_j*A5CxyQXkaAg;J?L
z@%c(zGT>uhL_RaL7NE94VtW<5jv&732#4R>1MDCD2xI14zGl&UrE>G4Hti{(@+eC{
zc)=F)2_p|?N>W5#O*~N7eIBe(p}|dxtkU*Wk^JhZF0mr%cqKJgkR$GP70t8KAEa`r
zi+j-#YGE3lOU-@zIGBtt3RGX=L0)Dfh%%!RUH%tCSwgC0_+XZt%)e(s{(95@kG&s3
zWCfTCR&MC_Cidt+**uwUh9=_c-pA4_YT3hQ;NIUw5_9aq{_z>HtSv#k@*KHrK$|4G
z!}=#$n3uc;{O7=dBJ^+;ajgqB$)ajIR4lAEm?2Vd%
zftQn!H32Rj*_}xS6u8;rMauF=7=1P`4$l}#i9qo4H1OYz2*fo;MHnShV3YzuEdpVb
z0E!$mye^UkWJLFvnwupPzE$PXzANBx6v#{QzyZ%J_Azxtu1tpfVAji=mab;u@lU#q&W{!MsWAh)T$wD`uzipyMH9
zE=7h8t`QcNHGv|QdTYqjPXxCqis=b(+xliiqv@a6>DQM+kZv?cVL913$AbwjaU;k(?)W#QMGu
z&2l=8mf1ESL+;5%!Maa$?IPmmvsTU?fvm(W`wN+XNXIM*bR9y(x;RX?;Mao&T_B#r
zE@>b(z*VR=7g#So-FsqhqGrGegnPl5&d1k~Fg>qbef${;x@c9I-~|fIQ6pbRX_Wzq
znVwRxGI9esR{?84&+FtI?T0iRjtbi}mdXPR^vJGqsc)aAS>!VZeJxeaK<8Gn?U2}X
zOA_gP0)Fc=p6gpwoyFHq>%BaQwy99yR*wiy*cTR;o|$%vie1OM&l(OZv=Fm>kf?*?
zOrk4>wb+xJTPLuKqJfHFvzN69(wBuiA|9@GQ{mFl({6n;%si^=Dk+D=B89-SyGLC
zN29`7v^*(AAIyP&%OEbIc50Ekiuz)2hD~mQKIN&e
z4Z(2rQ#i*C3e5hfT-iiz2Uf=~SD&@kU6=_06M6rf8RFv)5-|ACQVI*|=GZEQf`l0m
z2Lg?T%m+CrHJT=&v>1Ic@#RE@NLEn+-a2SDVD;WlJWroJT$7D$N2ysA2K=@{2l-G|
z7KYe{i6+15OqueRhEgf1bfSLVjJnD+#{*1}q*T|x%RE+Bx;t(&)Gl;*t7Q!pr+2+-
z%57uJXC$P`Qxgm{6B3{{9>=bJ^O9-7sPPR@02y-cqH`Fu3hK3(&3nP{pKrZI2`E8D
zz{b{h)AfN>pksr)5VH!S%BGPOHs;lUic@v9*-tTGI
zL5EwJ5#3~blv?5=-eM-M@pB_&Cg4~Y82dDZ(n7zcS$$0#nHP_$csV;6qk6RRyxN3Q
zH!g(wWp%Hhxe3&8c+*w4_;TbpxD~GPpS55Dss}g$IpBC4B?7?-ya@m=Ni5Z^EM(kg
zsZw<@9gH;SgpE$#dNw|2ml95Q4~1GjwP`Eh-PnFyXvi2{6DkwpAW_J{J-g1#&yYYH
zzJa)BtNnZ&>}E-#`7Vu}>TmKnVxmCq*V)Wn
zJ}2jNnU`I0qxiJdQ-}kmr0suMTnhh548_MzJs8eYcpobHNX^@31vT*7+Vp%pk%C@e
zaB2Nvod{=D;eEv^35ekIAS*>
z!D!M?t}MgG*s_6vfq~=POPi)r6Gwgd@teOa#1=W?E`myjKsSvdI0z~5b0YEz=~O?9
zX!+W=1{2AJ6nqs9TZd{L3>;cJlt*IZT8^#C2`ThB*~u%im>Y=u*fJ09~Dd
zObX2pM(tR9KIvAlN-~40MXIPO?;A74p9$k0EzK2XcLk`aG_RG^3OrVk8
zw~$7<+L-C$uP2-;dk6E4-(wDHN@I>!_=xL$h%+N>Ao9uqD68ZkjQ5s^x-y+yI71Ze
z1N8m%dqaN94?mG0@7Fc@Q8N895))YTiXUiG$6s<=RH_mkeb7q??8aFcvl4-4%e%^B
zL6b^s8wAE!xC$Qq@?0Sm6fu%KbpgDP_9uYd*+9!B!gWqSU^|k*ZcWM6A>MlJ&olG7
z!~%Uz(wjaIVM0t#FyRo0+zJt>Wjy)UC@rT@k2x8wP;_hAMd=^1=0_nodHbIN!2wSH}n2|8_u{-jaX
zL$#8E5!Ff5G~Be&HEFHtWSoN$T&Su)WGFBGHj*&q40l@XB)hRx+forb6UY#7ux|YI
zbS@-;w{f|T2|YFeJLv^{4e|H>1Zlx|kpDT+*Nz%F@{uUy+;pf7a^u5vX~4}RPc9i92xm-o6jwT_V*w!(tb{3YQ}FhF
z`MaM1o^d`)Y;hh`9cS*Te(n;dT$=TEO<|0pjDNjic^q&>uq90#PLRvUz=jfnt6$9E
zONS%{uqkq+YY|g2b&e~Gs8-0R*V!5E3q$yBDCIP3c%oC_&mtQ?y*L+F^3G1JaowSVr_
z{7=+Dy40=wDLSL^!}jI}RJvlR=Jn^41^|&Q=M;$@fFoKiZE@ThItGSB%@-eS<(nPv
zcj5MzJ@llt@^7skQ>+>|o))TmLmhQM(fA-K5>kdpp
zjV9}IS9LX3I+AfQoQ^{hfyJQ3f=uO;Pd3ja&O&exw4=opagVFtV
zITJnMI0mS2m&1*ip17jI&Qi&dZq(&ED=}Z!`YIij+lzSc1cGl{n@fB~9dq
zr403fQ(p!CCQ1)U;b!>VG^e>bI;sa0oGxqMF$?`sR_rCj%?_VmN5w_L{1|fW2y48z
z>>)BG%6BI+(CP2?>gs|=^hf&oA$7ynsBZc`^;>%Q-3?ibS0+MDF5`09nQlSqNO4C^
zytHn$c&w&F8x_m)-t|T{;zu;)?flBo^iIf${5Q(|vZWx)5@X`vt<&(_K8rt|Gq*X)
zP%x#Jt#ga6P%x)DQgG9XrY5?W;4urBU_Z&vnX&cAdp}*O(eDa$N!H1Tyt{;DvLr0VnxFZ6qb?L-zC9%CLZd6@r
z+OgWypn2bPy1P$!%s;05W7qX~y!^6Im(6toRnjp^#S6?Q$*j0a7jETn>NX
zyW=A(hm2F-T-0-awys!)O$jZ&_wtCAVg31z%LLQOG3n<|i+IIUOVZszvFZ_5f|+iA
zh)H+jiR^w)XDm=94(XJZ+B}j^X0X)@y0|<_bUR_#J)IIV`iYA#=_<^^hK%;d_@Dvv
zZvK*zOZ#n&#vKsf;sK}idWdPXkDrB$EnkN*$boq%GX$2nq1iW64ujT5v5@@!HoerenS?2lF
z9?rh?NVJ6ayaMF&Uv68STc=ozN;yK#c|xm5samaOHoG~P)jHn=vX?PipMpjNW`zP#>e_0|IS
zbWs#*P9j<9(w@Qu(~TYxrX@YKd%ZZ&lJhR#vXgNRr}gtNyJ|(sjf5U~tTv7_MP1+V
z3wf8gEo*V(+OxR}n|Ys(bU(r4Eh3{pf;+5f@1@g1=Q5YMoX3n>?P*`LjAreHuG&!UN}Fkany&Wb
zgF$Dr$+s!EWU!ERPRwoR;CH{$NMJ)9u1v9nN!4j?$y)MgQj
zJl7MGUQdxefw7Bgl#=^)=Fdzp{m}&Y?b*kV$(@ilt^%l%WQaqyOgVwsMSN5rM^-jf
z;naNe<7F~vw^91|(*uujDoz3Q+X4>#IM6*~m1nDKi~>~vP1b86U@$=R=wRUOqhxZCuj;cd0d+r;Ev
z;_Y!|7)j%RsY2>V_Fx44Lbl>{>sqtF@dqf14=_T{Ub5SuX!zi
zpXJdVOSaZBdv%T!>IdRS3v&Ew8l@jAP!bMiH``eZP8Bd<0d4MU*S~=1^npY>GKz+D
z%NioL$XYCQW3S^H5B+{XM9y8`Bo4i{9wi?U->53nXi{G_&NjEW^=gDa67*TAKFC?l
zMfVnZ2d!L$_Ub5?pZGv%_VaUWmKCrL8egs$ajYH!ff5iQ#psM4d<+GC$mO`WP-n{d
z^3`N_&va~e0YL_-P@1N_&Be-6Bq$kyh?az|la!_Fkz71O^%O4)r5=qDnZ2R$
zvBRdb=I%B~A;O3`o|7g#%%0lYyq%_rx+u+zAry!LUq0AmDd}-n`LeN-qaXRQTKL7<
zvUpqEQz-gWHeO%6VF#b`xDOh9jdO6XCS&1;n1FPBRnfu#oBE2wL-l2s(a&*4&F4yH
zRNPEl1vjOadt#G24tfpURzHp})OuXV>}i4cVl`n>#@S9tw#s6hm8t1iZA!Ny^N=$P
z%&ahdMe?kV;nAdOqr$hUO?&-bal?Sex@om`axn`EB@Zk7Mn3_X
zPUomdk5rmw^$pi!rPC<8WAr|srEy7p2FKtgrNfO;ra1IwIX!6g<0z@iL<=X&;V)RD
z3~9h7l;G1KVVn$%_6t^;wtiS|my7IFXiRkis3ROia%HAhzyxJvuv;%XGW?Rw(!bMc
z%e|L9#i{0}>mH%w(sjPuS{P?OjkbN#;66_)C2}!R`6b1h!LifmhP(FbzQ~@%L>WnO
zl!?ANMgQSl@7_Y>`SO!Q<}S6O2zRH9%tD>hJ@vq%OI<;Q!|BTrwv<6SE)n->xXoe~
ze!!Zu+hT}gSK>Z3>jTPk0w124Oa?qIvg9jXp4!Q@!y}?7FDJxa
z^ZY9@$o-K)?(ap+DVg?pXlSex^&VxcMV;9^X`F<-#tyd0B=b`(?x71pxKsr9FhLM6M!Tj$OQ&rr6W41^
zhID@J+dunopaNu(tOa=I%1TP^=Stygj4pGdai;Vn1C0f)7u|bU3o3CV!z|i^GIp!@
zU5l9_3#RQ8mm^p<10T_qzp)B_L`_wkw^d
zd$k-cySm(${HuXTwbq|sLC^j4-6LdcjV;6zF?!yrSv@F;F%#>ztH_*S<+_}Y7+>5C
zy3`#O!WM}3f
z`^1}lK~GA`%ah3D5GSnGRxDTWZtdQAU$YS1$aLDdXiNIY1%)OZiLwA_=IW@sUVvaK
zy1=SIvOMJkyCpQH4Lb5!K(c^$@Pop%dsVhe#Z(5h9ZmEeaAChqE*l~~RSOzVjFV?8
z1rbUtC{tD4&)LQYVAdst`qPUC5vd(0%=*n5u|?X2fzB2us-#`sZzvFj4=Pajc)%th
z)?$UEh6qD8i=z+L<9?^1XaiZJ4>{BodZQS`t_zIP3=f4zKA6}IJfRG^BV`X!BY`>r
z)M?u2_(3_RGo9}ej5Wk?c*u0j&LK8PrMQ~2O~3woXs!0)7WcI2#Yg#7n{Ada7J+3$c-NVmePwgf3>fJL6r$6TT
z`8rprZw0S-yKd^UMw=c@sqDGy_Hi{3*-f&ROMex-aFmq()U{{yzBHjwRP?vkfCQ2b_g8ICX!
zY0m9#|K#W$452)y%}}D^NP)}COK}(29k|(4t7$p5=os5_1=MOrEv5WNs)M>}*97kr
z7R`3a_(!SX81-jPZIHa;3%)hu$4Tn;R$^hvV6LItx|{G2p-7P?bqI!qO8r!6Ga0o$
zvp()8`M~Anlu1eXb^8V@$pfDkoS-ZJyEgtv7QAXS;Q(zHKMsCE{m`+~P;Si56n&0?+!zI<&_@w7gHYMVr!DUhF1Ol@^nENVe5x>ENYS`L
z7HgeZ93GvtvzZI$)k1rYLUD)^*Y)1!SmDs0EcRyiFUu`Jo(zH!~M@t-dAN4=&l26a*-A*K|?RJdJ%|b0uZz?Nm|%{c7sR
zy|RwVr`ZAl89%!{PH`*69LN1U_N!K!aR#SDURmS0{m9g$$BX9UPK{rWB0ur#^yFcK
z{@7Np?cJdY!C#Oj1tob5+G19_dp18?omj-%)d;KHP9#RB%MD9w>3R3juPh~}UlTQD
zI=S}V|5WOga1RO(Ch?&#;(H^CU){x5Jjjjsc@a$+RXt|p#&>Py9>o(%=
zPB9>H(%`ew$s~^#Z)^t`G@7gN{xV{^2sNVvH&P6c-^P4+3=28J=gymZ&)v)Ft}e~d
zO&JqXI-Vor&Ne-o7AN{O;sln^O|b&z@6UL4Gw-FZQ*=J*M)tNOkOc3tVHx0P*+KT{
zZ0kAuH27d<$#2tg58vq9L9fZZXl|dZsI)^3IB%Q3v#;b75HBWGdS7sz|0-ARuA|_)
zIJOev@QePFU~-_Bf9bc(xww<$iak43DcwndR_^Q5SW!epYrhaHhnNeh_``wz*dq8lL!gVxanki%q)RT+XLr
zLW_pfCHI+$$%|}hCY2FRbDN}fX*OV8pe*#Ndz(HU
za)Q!A-{9AfDBWzvJqrWXkz2=8vOV&5?KZeBu
ze3#W##W6NiR<~{$snKxn*_MS1n^~g|@Di}7zp7xqXFhGBYNBoJc!Y&2xbD1zsh~0p
zg{0o$OZ*9pENnV=WLR@l`WGeQP_qf{c2b83CaBw*$g%@CD-)@zoSzkIaT;??5Jn7d)0U!hb|4nCi+AcIRAH}(k-jtbsOOJ+2V}VX-@vbvqG?^g2ytj<&3TKPyO*${ztSCphyp<_eTp81p?;9{Db`>+=&glAOm(WEzlLeo}#UY2yg{9Qd79fW$qp;_8h?#U9tKXq1qElVYQyMy^E
zF;h18#gIW7|Fyyo0uK597k%nsEEDuDx8&u1dSh&T0j;jtJCi@1MY=h**~!nTKtaYUA1YAfV2uq?gcYL6bDS2%w9Uq1
zwkV}K-L%2Q-jt@+8`o5R7@@uHqub+MEp_ij@yjZiY3xjirW41h2mfFYp>`47ie~t7
z-;Em`SeKQjrlRu30N2CgTa*3zvv25<6}A~hB~f=%H8L@R
z@!h^n(3d&oiRFllQ%x-dNV#oiYm2c;+t!;EYqjR+G?*QyCcg{H7BomM`dg5nQS
zjvI(+?86wO=Ng!Q{F3VIPyU`h7HnM18+6KLe`CoF$s3(;lHdVXv3&QoTuU4lVFi%Y
z9^10rnaHuv;V%4^40%*7J;@+L;z{ewB{%LBJ*S
zWCQ9lrs95eACS~8DDXo3RVZ)fwe{Z3esk>y?Ue;BZI&EChu^F3a&6n5S-yGrI$7Ld
zG;nw#p<)QPO<^?Y8gPjXkvWUQWlBsuwnS@POIhk|lRZm5$5{qxQ>1>uX2{6j{&j26
zdw-Wp;TNfp{HWGa+GI&tN-C4-8h^!PiJAE7)S?g@P+vI-F8jS%6R{py7W!3ACI{}{Q=JakOR)mt4jhWq
z9)Rxhq3|>Jgu|5qJIfDM$>}jEi*Hts-8=u}^C3xWP=6(y75EHIOecTT0Ttg*;kVaG7a|8MZufSV?v*Q*&V89J?G9qR
zfvGoaPA^bGChqW1*^^6{MAR})DeqI^`Lw}E+z$CpwMf+ObmO5AgKBa+BQ^^6r|oX9
zWLGPb#aI1g_E^hA`Sgm%e&({p1T2)-jw(eFMyqcO=`-#q0yE1#qt!RR9;oU-JDMuI
z$%^3dP){R>XC-dsFZ1?1cOj?q+Tka#^KWZ~q>%KnK0}lZrMjR?S4xe&+zG
z2rSa%-7%dY4xEB}-!12+ZMiuD3?NpBo>
zZyZjri2F+23~oWA^*@#BuP2Z?6caU<$G2WWS_t)LV2|j$-g3TOzCbokg7bMwXo03T6#>5$c9U-06Ebp9c+(|N_u7sL724>{NWcUS?99mQ0$i01W$lP
z*L)@S+67qXL*^%<8rEJO7(LG^Tuc~lYzrw(u36y6nu$O@p0JZe3t^Lz7I}5
z-7`j=52w{y;)M!vdIy3k7UupO>-SXGMzNs;ET5kWJl@8!lT=22lj9c$nbO?g>WH4{
z3|Y60_yxU*O6F57b~5DDPepg-^J^x&Mv&R+dn_S6M!)a+tt7BUJ!|-rJ2@lyP)STk
zVp;1G^|98AZJOpE-1N+F=^a*rWZJxI^~tI0ayD#9xg{BbYhLgy0?WlM+wx{6o4F@v
zpjU*lBT;+t+j=_46Aq%NO-OTTT)8GlDGNbZ)(qrZ8k7B36MrN)62Iku}dAj>&
z#GR__bNRh1cTV2!sdA6D%5VHhTSZ3m3fF>~l-D{!saA_ssg940rc|ANKe_?$)u%y`
zP0`B0zxgNjPe?fXp@KB|2#U;LP9yGMs9?)v2NQ6Sr;c?@^Ho7efas!44%f|xKKHN)
zH#rwWPqauQ({~mrWZ_?Gpbj_2L?MMNIo2epVMse^!bP+{1ozHG_3A~OeHU9guW|MmRMEji!CpiEwfro=jC&^D7-eMAWbGU-rwEG
zjVq+|N5w2X#FM9=`fhnIh3&mPlxfg*fKGCv)~;*gZbkg?b}??eln(XL
zcQwC5w0ml1?_OWM3mXpVA?dRp__*aL4t}cc
zf7T#}_SXD9{()^Y)Ud+tlg8%k?x*qWDT5GKC7ej25BjvbTPYf!uJP~i7uedmd9J5(
zvkB|`exb|rKzDvPXSiTyD>sGKW2&{4du*U~BXwgcFjB(c!MrsI->-fE5TaFK)sWi;
zUh>*B32VO+&+H<+;&NLrFd9BE-WeUBa7RshrX8_oindSq)p1P+gQPjL&
z=ufb9g~hLaEuS@R=XSH3*nYpFZa=qp%KU?LuD0$O^d;i~{_O{Y@+8h}#|f&{14-sT
zWf-<%ZF-HIY^htoz1531VpkJfyVWx^AU(GET4-h50eyYuW)_dN3TGMcq7%=ELKhhP
zm4vSZ82{uwcYEr`1n+3X<|0eZ#$4{Xg1Q+(5`N=nWJ86IaEfjs)binCXrTp;+9a$y
zsk*os;HFq4(2ujx~a3?X=UaQG*&{lM#(c;7#>tPq!
z<)+k@F429OCW=0FT+uh_TxQP-_~5#!7_t16WYImkGoo8+UPC21p+YW_bB(e2XRJ&Pl@=t$WfU4GTxoRK-7xS`?Fp&PGFSea$W3NfJv|HaH
zKff^~|58KzP0nh+^{}PIK;^`Zo^M}yxJ~QaEIySF7*YKhaQyp3$nFE%^$|ybpcAnB
zqG9)?mkZY=!0vnAnptGl)N_aRNNXt66$E(F1+#5{E!JfA!oUkRi&dhD-d>{J6rN2u
zhehatM9lK1zcxn1?ts*}2MV7l6xYp|JMqXjTJ^m4;
zIf2nd7)a0M!E+t&1O;5+r_AIB!jB^^6dF#t^Q1bwI~?bJ781ZS^T0~6$qlUf0eQNM
zXCN-7BEgZS;?+n#h(S4C-xAF#HHEs!AJ&xd>5cm9n1GwHJ3?ccB0}1o%{AV7)}#$Z
zTpGlJ=4VqhndP
zl0FAs|6%+)-tO_#b?Acd5$nc&xiBejk-vSDd5Bu|X=xRO%uA2r({ErKJl{*6;=QZw
zWT+9Qb7FGoj?{c-Fz9F=i(z2^kfA&c{~PeZ{u8*DD3GNCcSqE?JPv}g-)lriC`EO=
z=&ZPd*y&qn{J&D^Z3orj@7ZHP+B&gvQa_Sx*id^qfo7zWp648S0;!4Kic$vmU1q-{QkcH?I(dR7X7-2n!|V9iWWK4+^RWcp
z$yYo!=5srCyMx#5o6d1%+@E2u{yj9jQm`S?W5qkudc)o-j5g`Cujii?;RF4Az%D2}
z?w+fly;%>NL>-EZuV_euo#rl}i>uCsmu64D^^uFkUt;&I^!~1wDIS2ryBOU~jeq|z
zNyQMw&sZcm+;%Bf3%-eg3`>I)*>+1_Hxa~zFNygvW71qo(AeVRIu#AIX(CShWi&&=
z{%rKCL9mrWt+4#VpB_9H=qiAcngn2fp-$wDD*fr8F
zwJAiMCr9&xN4JkAPA@b9g}IhQHj;B4j?bP5{gKEqUcTtreP3ggNg}$94ta?iG|!BI
zSegB!_X@uso_h=Hd24%L42_P)&>QBqfAlMd+eeH8k+DqEaxt!Q6+sRDC{Qg{bPx}z
z-uxnli3!LR=zkCjFUn
zi}G=(hUR$KIau+~RpIk=QEcXjp!?;*WH2L!WrguKZXYeA7DVEj8QPr`tlFFcFOO{a
zs^@1@aNgOZRU84qvv`>PV#+v23SRWD>29*#Phz9^OCr9N;+z`X!fEp-${anS&4D8PBv?@^G8V#!ha!sb^JP=K&`|vVM-EOAe0ExV?V{^X;fMII
zeIYcSQ`RQL#Kk{28J(Z8vwnVO6^A0;8X(Ql3&)^Fer@R_Mh42Zw?*N0C$grKNu?eK
zx6fsA5HkPIQc^{P&Y$tox5#M`U8Wbp1O+eɭjFK#u4IM+$vs0agh6^V19@iGA@
z)ho#Rmis{MJz+cW%oA~J{J=+tpoz@TlbtStwF5dbGM>F|K6PFeIVXHLu{iF$kp1yE
zqRuE$@VsphdAPX$4iElQc-2^>^OC3m8XJ6U
zVO?#PzA2@f^y^LsA@P*9D;72^o)8xm}|;c1KXL$qASbek`Expc5neM3p#|
z{$VP(Ot`*Ro*l)|94$w5lb*w+B9L^@1
z3SS+SpMQR^sHgGCzu@K3Xt9@zF*}c
z@t0^YYD5?FSHPs)h&u?%Ys!ZYmvj!hJn=AJtD3cNa&)WUSGiNv-CJ~&bM)#WlY)hnj0UtJ4_M_Za~wt17~<=Ff*0#9`CfBXCP4lPIj@XrK`q4-!WvGLOo*O-a;f=;R1XCe{(M(eZZ|{+WifFGv5q(ZYAeF-
z8&Z8$#0>fZ)#MRvRl#($fce9l30!Y`FUWShczqq(pCJFum^^lI%y{NV${0}`k#LL9
zSMlGNM3-=Zukivg18?;SmtCf>$G_NF4iP#0vWfgA8KPD
z3>#+F6Z0donvyQTg(`>4r%QkD!pkF}a<;W}FbQKrQ!poYoE-A54`u(x^s;}Bn5ipR
zkEh;*-{tS19RnBGc4VjiYmBhz5EwK_fIhx?oyr^=ItRqeCdn>Qf6e%_-gyZr?!m*5
z0$p_Owl#E^&_0L-ve1fNIkmgpvr*$03oa<02x}m8l1eW;#mS_99~n11;K+Kko_;+z
z&^lvZ_RXJP|8xt1M$!5Cr!V8K^ils==!B?$KNIqJ_+kjCcuvc8YDq$@72l`60D=ZT
zjx;vkRjyUj(Ga!Ah4`;i#g?Cl52|TjaH55ai7e}JVaEz%%^DvcSma;h1YcqzY7-q-05x9t
zvfz3M19kQiEeup1&FrDz*@Q(_8uYfYM1g%URDp2Gv-1U5P-HZRLzPDJ`W)7GD#Q1P
z`UtmMgd+0rl(}UR*lTr~Gz!q;F``3RNytv0&NP~-B~_omkRzk^fsu?SwqTnS)4=iO
zDXb@=dusjpV=r4)!c5m9dQrC?r0`GwArcQ$(Lw~tz;0_2xQ
zG1I_YEpmFwUAUSxYJHXdsdzoUZ-oMb<%d~M4FdEzY7=(IIA{(54J#9Fniy5E4>8d0
zlZKSpJ&{H&ZS$6w-yNay7gL-BFie2Tskl$Q`d+x2%*}O+Ly-3gSztREX^N8c&bLT{
zmHur?^P%R
zN2#flCS31-Tn0W#UK~v#J%ivn{VUydU*swyD=Fbt#0U4#g#iy
zbO>Kxd`Cf+Vi@W(n(B<_Spg$Wriy~4vq1Zdk;{S7&LBDPN;y^@(#dgZgUsJl|0v68
z5VPP335DSk6T^9l+mWOC&xsX%lf5UDi8J?CTinUxnA-gi>?Ya&JHsE5)!0JCwW
z2L82a{I4^4W6D*
zI4h<0mgZ2or!|#TYn7#lrc!0N#eUBC2o!x#&D%$u16N7m;55N
zV5U7!fNK@&2@t%`T5lEodz-T(1@@<4B+$Kl7ug4lFp^$5FLo;+>ak+Mlk8`AuTso&N;81vv!Q
zZRR5hDn0?qBgp0_i9vNeBkYa}IR6xOxir-cGu)Z0)VA2a!^BvS3E#I+lwM#koI)V*
zNQsiPRl}|$=t^%r)vO(ehaXbEwR?anVxq@TYiQ!
zT+{g}JGs`Vqpo*tme(rQiIgeh#-o!xl_pPz_T}W{?Brhf{TIsrMqqF06J(S2jl-M8
z!?0VO)-hzHmoOVWY-tHGOgRLFcvjbB$-w(CkO5C>I}h&8(ZlG6SQaToMFH<3Ta?pK
zdxO?+0}1?Qj7+r;juvmA?d#4f8K_S`<6-4uMf*T`ECW@;cyvTwA@R;2htp^}hHXtI
zlC{$a%8B-~o}b2(@#Hh}s%dC?5Q-m4hb(crOQ+;Oc*Yx5PKET=lmTT_zfPA@OatEhB?q#9w^YF_dLyFpeh^lUO(jEL
zx34>FUdO)Jw1*$MZ3`nl)96e-JjU)c8|%4wf4
za6#$kyqn=rUipArZ1+ysMg1u1^u;HEtBH}C8Et7Kc1>Mkf3Y|68uh|RDpi8mJPpzj
z!uJTLjC*|Jw{y#RG;yVwiUZ4X&yUYIl$fOivg4fo-BvoW8_*K(xaabZ3+6h^x)mck#R(S
zLQOJ1QB`EGz1&fzqE=mws@w9L?5f?mqsTYg6Tg`_-5m@)e$4+_kYD-XwT8g>&|?9c
z2*R=K6Vwcw1h+#$
z8gE1Cnfblb!`a%{#>W6yIczgM6M{v+NOvOJP9WlowN^Z=X$4t#3V_dm$40uH=hS%Bl$t(tCTAC=Ht%@6Fr4?ET
zTgE3{pNAm8Lc+p`E^NA01OXN|7~d0+?cjN50x8WgOo1bsWX)TBz;o_Sd_}YvDo&bX
zc7|*BrYx^p0(BOk6W%XLDpq
z(|R}}!E{uFdM&5HgIoFKd-;KU8s5Kh97X)b&cw6g6CqpX5B>qJ7BJ&)V9kYstY&|HvHPX_xs
z1dEUWvYPV3=Z)hi%$8cfXH}byPT^^;mw@g6^RDpPZ1TR1zpfu<{kUiprSE>YE1k0eTivi3K=Mho=k_LScpFPM8l
zJRhDdH7u;-AbL_nD9itBn>j_oWsc(X2`|GTmWs`kt7zdPy}<`HGDN(fxUdmdKKY`=
zoW7v*fvlp)^3U=Qxi?^5?QEO>C(LppVKx)2irPQYE5meHz^o$9bnZ69XyUakEF8`e
z(_KBeqBEy`xArnTp1%`?OFk6|+{EkmvGNFE;(qVvg{Sdj+El{CCFb7kHYInv-{42k
zoy~vOkL4JK0lqTLD)2*&RdrzpdJU4Pr$R)xFthn@KV0t$W8mCZ+pFb@P}@Fk7;py@
z5$FXc{`Py^{QJ6Q+kAQf*RAQOuDF)W2AilD%i1u@5Txv1)_@mc$s+Ec8-EGm3jgE_
zzG4U)5lf!NA5M8Z63)Z(5KB9u&|m{{LyC_Xs5SlPD=!EXgZ<(5)6ctZ5Pu|Mf`C(d
z{m>@{2`LN&#M-p+QKqVJ36GKSq!U4^BT-tQmDJo*}U;+}4|waYBXUJ3Ku
zUYBcOG-z%ssH0u*oP-N;&y3>tE-!xD(hR&D5#IM)pLp4;&eT$=FtXMrgR^A0<
zuVuXUi%`R~L5K~;H7!?nhYXZbT-aCYa7WDL=JqtI&6S1%x|t|+RhVAlFZ4-npQFBk
z%4zTY4(O{JR5mXf1|Nx96Z=7&n3Fyo&5Z-T#o)Cga}&8FL(R|w!oxX3|)
z{YI&D8IE#s2rqo8(a~HFq>oHvK6T_AGS4L}_xw<8%0>7h@^|
z8B-1UJ{x!q(oQob(Sq99V$w!$FaM3zN1;jge+Spy!{AD{ERB1e=wHeUZ~M8sLI+X%3yYI1?!!l
zfe>O?JudjKRl%?Ad+22%e@?9G`#?oHPqO@WyO?fd#06ZRmk9m%N#8N-BR8D}+1gQM
zYu8W%Mkt_WPxtF?BpmX~8%YiGLehni}0>94;FIET;Z$JLGC
z7|Ydt7BI))Uc5@OIU=Pnj!s;Rk`QzbcbOC-xSrK^b*jzecxTLh)wmK!)~W(GHlTLy
zX%zMk)p#po!7_X29NJS--f%K9o
zWnVq^oG^9=&jp&+o;HpAh;+p|*^Lq4s>aLHL!(F3LD5h&blr4)A)A?t_vd|;`S{hX
z^;kr9p@%n12fE)YxpmA@8w#hwH&Yg=dIy%$qvJm=R$W5mQ9
zHkY4oWEC-VlXHEkL7>%xtt;>}QQF|9!v~Pp`~$3BCnCf?yLj;kW9S;3&;t+!ovqDv
zN#ZsAQ71SlK8lA(SUFF8qsKMUM}5*R-H!{^gCCbq0WR>+yFoy)TjA-uXizygLR
zNkrU}`7#q}(_M`!EFi3wm6e4vXL!vs{Wsa8%W+GbU0X
zJDq%&v6D@_*g%ok4bB6_)3EvZY`v(yP9P^OrQ$OWdoc@VrE7s$m^Rdg{_T18o8Td#
zqhf!HOtz!ts?-r?8tG^QEkDQxAzY}U1NCyf_p}$1g;YO?{xa4j(5C0w5Xujz-tKWU
z?|&17GVq%$Z>^{L&&s3tKW`V2qR_-F^8vbi}6vcH^(pgGQ-2OkP
zkJdZ+hzF`~KY36v&~us%+cs|Ntl?h#m^OHF35R8KI*!>wfY!VESKG^6-Kc$25&>5q
zvQIUZjq%x>Q_T;*zh7B+POnn2n)T8$0}uo6xwg22U5d1BmNTYajRu1lOM$4)fQ+`8
zF#Qk#?{x)R**zy0$?ARUX(4{P^qOhU|IQya9ip0u6$U9qCygLvA#x0`GR84otvp0=
zI;ejIc2EfVVVoHV`L6sD3%dhDFgW831|^Z~3k2*ooobWG-b4(g=F%TcKUd3(L?79f
zJmsK04`5m!Q)8D*dHZ8>h1U$pHC0I`%fFI|CLN9s?{63$M5<3hM#kmsd83kMp~q2#
zkJZ#Q+j6)qP2Tg4wSuU-XXe>tBKg<4il^)K!STz!gGQf&Mm>=m~e*mpPgD&(X+|(d>rZy~WMD^{K
zTCX}Hoj|XGwaGvXm-s$S*&itX+ymmY98{Si-{U@w7YOaRBE_Ns5+_w2fPbM~8I`0s7JXnHC_i
zyFug8{uZ!8m$*Zq1WTcI$ZW)3Zg21xtMOm#JQsXjGpI`*N6y0e5eYJY!q_)!o```^
z5g(*oR2YEfzsQiW2dD_naAov#$iX@6xat?vG
z@Jqw`3sD5Uc(KxHCGgw%Ct|^ukw_<;&N079I!f76s9r_Fu<^Ui)s#En!%orrPLSBA
zMbAsidDc;fE{AG1%tt{?o^
zCk{tz%}q0TP$rl}#uW7^03&;l>NQ`0sk1p92*^H>>w%-%T+ZmlWeRbJr28Z%|AiqB
zzFb3aB)$_v-&Y&j9IO458!fTP9!>+&P~uBEp!)v<4yBKgvfuop
z1%QF|AOqJRS6CLle_ewDAxlxKHY&bcP{~s!*MSH=Uhr|Yq+*Hpgtyv2BUO#uV>%Rf
z^Q$TBw87M==sZNxp^p#mg0*Zs6y?y3aQf>>%o-uUD6~VCdQd~`=D0SeID0?k*cH2x$iU=foU%Oo2-CF=-5_{N|1HmE@!L*=%_
z!?T@()T%B7&21fp8O)ri_dI5D5T(e##+AYf#||3-o_)N?nPwrDEPrEXoAboOhsJ=m
z?a!eS_8*h0!^Iqk^rT!M6n7vCcuWm(Mid@*yExz3#J@XFso!h>Rq`ZKYnVqV%b{2=
zpzp0y40}e(#O#H(7p+C*F6%kXWb*iF{0l0aaPjngevE=M9n{rdWOTi{t#HG(n+trP
zGfbV$+z*wAN7FV-C}uGUHYrtD@`yP~S%C@8QYKcLvNX&2uwJXNg*{#EmUelI&^0jE
zqiOtKPem$xJOtDU5hUhWMF*TgMK
zI;CSqkeA%Og`620_)F>CWS#!ofy7yKo0j(}KNk3Y1eoHm(q$h`tE_@#%ZOc<$)%s`
z79{c)9{M~M1I=J&Y9D~o2N-YDIHj{D8^v-%+jYFYz|HfM-HL$tubcAxoBu^t?G94a
z^&o^$VEpe;0G!(SQnXx<>=g?y+4~y%9$;44e(GJjI}TmXJo}sb%EpfAm;^F-2-Bj2
z^BYV~^
z9EP`kh=9Ln!8dT)cpPycaQsjFcSP!DX#kV1|GRF+hwvqpQH0a6m+r9Z+P{b@E*$cc
zOjDjR;r389Nhp+hC!KreC2RW(VtwXL&UTB73E%B1FVZjiPzvs!cNl54r<7aJo)U@V
z^F}IFlZ^?*54o}OVi61xIMbh$5MzDIClAy27~$(JhirTrPR4zztA!QI7&JK!oMEv(
zGavFO(jlVTOPWm@|2Hp%;UGrN`tzG?BpOLf{cws2fwFNh%0%H#H^jzgcuopxxokRR
zeBW-plQJ#Q3O6y$l}b~#dw7L?Ksa9d#B)D9o-;5L_^*S+!u==jXMB;d5-{A~Rv@=<
z%B_`s?>Sy}hXl#Vhg~|g2l+4r$K~j`@hCYvUD?}x#C&jG=C?ytFdW>eVs9%Oa9p{<
zQe-6z%j3u!qVa#uv3fz|X-k0G=^Uh2fh5TYlB5gA*EZoK?Ih;wy>9m@)CtE47dK2x
zu6)LPSaXfAvWi8T#|bOCJqZ*Ol_#XI5(ZV0SSB&x
z87Qt0QvZ+4ZRr>SSt5WEsCkmWVPwh8O*Rx-i1V6qHQRx{xFIBv?#NGB$fNU0Ev
zd(rz>KXyw?+QwXX^u3Avj72J!($J|4QsThx+ELe$Gba)%ApBl4a5k8j^u@g>4{P*Z
ze;&exJfvb0KeLunJ#Lzclw28V*7E(6J(~K9r+3tqisV2$J2_qmmiNd+!N(khe=j8b
zzhV$CPF3WEi`Ot8!}=wCNBkR1QWgX-zjDL^qiS5f?-~y$^YG|bZE{Qs8p9@NfSbDM8RXN2
z4#34sy8{LAL5^sae^Xr$79@o?>0<9SBW8*#*=}(xp1HV$c9l7ET$PYjPiSNIz$qi@?SZ%s>(2ji8CLPdk8m
zI_U3Wdy!#038H<40psh~u0b#{aXC_XAF-{5Yb7SZv21nyZgLMjGxF7J+BnZZ3+@iwV{6-o|o5eH7rzvnpV!50Jk%5&yXexOsMvHJU3KFW+@0NdWuPD
z5yW6kl=l9!7FI9G-D6DCpxinxfIm)cpLv^vg5y^d;1sn<6-v@GEF7kcu2w
zp2NJ>WIfyt^sxL9+kEiUBP#sg13>_R5{kZb+;QmRZG239
zn8vx1Cl$=2Y_SEA+YDX3SWXL22OUlAa^h0wY;2H^K7nn6O
zKn|8}5UFwgzeo+uVr)2dxJXZs{*p148*CxU%37v>?_aP
z(vjF#Fb<9oAByu~S=L#-dEHc|?mIsCURW4{qMQ%(`R?NfLMvl?wyd9zP9vY+q-0LB
zE-n0VNH^i;TyDXHUomS4KV$|BG;Jr#VMtAI3W1wMY6+mvC@v)fH#310EJ!iciC@hm4dZ2G=5y~)8g@K-+EYJ?>G*`W;c%{sEG}hY+DA|yH!AUy5
z$@oAP(yy_p!?E;@;s^2WD-#5gA$zF8%(xPsg%l8x(J`8Pc(eJT76-z?jguHO?-AkxKL9T4T|ePJX&ZFeDds1sVvN?!HRAcf{snZgQ!jV0jt&9
z*5@J+Pv_E&7^sQi*#w!qqY)aAy8GMLQv037(3_aVrN20Ry=ydSAT57&tMGRE4Y
z4w#yVOcKjTA0027#Ivd9hc9W5yd)+ySJh5EAq4<&Z@$d#_^+uma^|R
zf>$+a0{gcSOIo4gBY(Lc
z(yWLm#oS+b=@X<4cJ>1qkjnj42UK}fdQi`6BR?s
zVambWKKc=xkD3Fzt+M&|6SN1vNk56P43;^S`2KLEcAP4wgy?zx%k~uI(%6
z3~g)mm=nu(sG5HLytA#%O}c;NKWfpLPl8i%BOr>VbhK=bNcCH^?H3m4uxgWQTJPS`
z#eVh4!G6fT8kbghO~9$iV9@wQDFdNX-bYZ*#z>Lm}hCQh3V(x_Kb^k2;uZOGfJ
zAm7sU(k#8vGh7xU!6`t;UFT}iap~Z6hpVW7r7CkO^D>=nwmCQ-5uS?uo!B+NHZSd?
zSg>a3Vc0Plk%eA{(5jXufoCua4+p&o)rxIPploCcM)V0B<_}-_(((*HiF^Np?yFyO
zp7^)wCT;x3H@Z75n`J-1c|DDuqiSxcs|O
z!h?;F%C;2l`|){u`FZO#yBotwBFyfJv9EM#(-$8|ifHX5ppY|(17()-MPy69V|HNF
zz78oxuU%N&Dc){wa0v|+m|T!ajZ9#xec`sBPa4pgSuypqlf-kXVP!_=4EN%#nkfeU
zsrJ0UWqGq|u&;2N=-99{?p~6aaQt#xru7;v>p-%O%k|uNH*oFZbg8}Ru|>b>IvrO@
zJ+-^3TVeEdGtzTqIWjWxx!@$&8=CYd4NQ!->_b^>Ed?P72eVRDR2Nk}C~^f+KovIs
z4oJA}`yTcAEUM)RC8_{ZB@4@6J^rPlX(LT5*+Ao;Ua0XGj_QZ?qgPOXukU5A}GjJr2Eeh%rFERZf*7(LjSnC7Oj`<-5^^?K=t
zlF6PRWvjyK1xewH7V{3BLhAW-D}?+||96_r@v?cDO8KoTV_2r|f%dn(Y$chUq;l(C
z{EBnH1@w}xLv3gGT2+66Q%W%&fVxGQB6$;i`ALQmz{nBq~E%BOc~lD^l*c|
zR@sh;OgrhZdY_FCLTqTw0q#`vSjM9HVYg8VEAQI@iTWU*$2}yKLho{5^U-tU=C^~3
zZHsJ#Fg27fu{%;&Q(wK!wRtJ8p^+@TMnNAJQnj~l+-SgPF`BPrw&41`f`I1RcV3j-
z*wccK*q^?g$?-%yzfgF@aWlAjV-9!sYdK6m?A{KzlD+&q*S5c!(mHfT-d(xu6RpwC
zUKDS}y#Qx4ckP|RJFMi+Iq&_4aqX%8}-As-0nxATNwAdrX0D!u^PQ3j8~f8h~F(rrjwzuofD2
z34Zi;1s7$ma*tHU?RX@BNg&@O`rGl|i=4e(#g$!+O{Q&#r)zay?b+*2lVnJ=cM03-
zOh|iXbhdPBYQ3M*xw$)W;Z;QaJz@D{-di69X(dh8ylKxTE}0J1@V1nASFjtk>_4cH
z_Huc=p2URVwI);WVJKw-3HV6m7QntgM4*z5a#6UKtN+>0_f3{nQ~{G9CSK0Vs%?KpH@egWSMAjDjd_|^CfUu%
zl}NP1EiNmSU8B*s^FtN~rl)t;p>JCjTH>2Hdw*SG_O{7YoRUd(D}3?8C9l4>>xHd?
zL7c{^-F14fql%XAd_Q3EA}91)L5Dk^5kI}iz;0xFN5ekN#)yDWfB%um7b`%gylZfQ
zkpeEmT^P_#*q6>J6>%YXqRUwF^G2LTq?4!*zL2=*Z3SrLbQk=yoNyCs6wBQi>6JPj-lLWlh(k9@kwxnBjZn-h@7t-)11Ju?ubX&A{y
zZr$OsWytM+VDL#;Cq!MzQ+zeryZQ>Pt;cKqFE&5B$!3N8Mnw-g=S$bgz*tRvlvKo9
z2kc>9JA1re`#gsCgqN(NToWZi2bOnPliW499Wss!bfR;gvzcpVoh-bJcg#q@#;?Sq
zSC}+s)^;O5KrT*#0|5);4L#no&K??ie(Jp6ma;_BwC!$(jmAOao_hk~l6_TV`DPJp
z98XnL>#L1hPe0$08gR1~~+2XY$TtKgL6{r}a
ztNlJ=UjYrD+Qa^dS-!Kiyz=YmD$S_JbjzvnFjLbu-hDmhi@MjPHS#w_jDoe(4lLG0
z7*nZaz-vm)RJo*-FzDj7P2GcVn~JDiM{Bk%47PuNVw-p)x|@o+DFj-N+Y^`fZeH>T
zL5#yExrJ}Lxh=Q#%r8k;HgzyF#fnab^|z~XtnZjoL=lBe>#tTm@z|QH;F#+_#q}fl
z^>)Ypy~VsANqj?mdmeUW7XrR7klp`@5m0qL;JbTym1Tqku8T`t176nqr{}LNoWFYh
z%AL_JKL+Ds(!rmTD~aAi3!Or%?Jf*=No(C!+N2Y{FbZfBqWjo6Q4LVT&;`zLbLysZPWG|P6zEa){W+j0{yxhZ3_)fNjHZlBxb{}>M=E#IEXt$
z3B(X^Jiqu{Dg=|-*@aTz_65tgjc?8Flsy^W%2Gvsp$P{
zigRT4ZTT(o!87xTeK(ZHuE!Uez51q6#&hoa-TRsi-n0Ib7uIsqI+R4k)wFo62W&?q
zQi{&eeSgIl;G*O&Ux_9{pK`MFe>-w#y7OiO?(x^CHi{NL2lXJ6pwDh^6BdW@DE5QK
z-I$s=vI(mp*{HKvePG4iPvUp8gkXgXH99J8R|Ebc#qb|1iz6o
zUQEO5oD*vdB$&&1cb85K6aHIZ5KGgRPl9`Gl&Gd?F$lZQVw~R(EsD?FQB6CzVK085S0+5Q@WIt1}W(h
z1*B8y7`ht;q>+$rknW)yrDI5mp#=qLknVfNc)!1U*ZQyZzjrMbFY*pE=j^lN+0Wkl
ze8jV~XvuoG=j8nit90xgIRSDw2uF|BQYB~C@a}{4(3`85T8ubj&<0QW*c)~&5v{WFGWnCSxLu}~88^AbE><(o
znH4dRgd%*^;G1s8_1ESTd$XJBa^{3<7bjO%PBaazJP^@a1AJRi&u25G-C0t2zbrc_
zx`zxIP^4D#cdMEc?qXg{4vj^G#Bw~N8Q$n}q2|IU)LMM*jyigNG+P%;#8}(a5T_4j
zy?ITu=(xi|ho>ST&jL^lx@O1M*gMK~Y5R1Sk688B$}ESx7AZuH&^)j*SU~)$dWuQ{
zSBUr7D>32xrpKPVDQG)a3F;5TD-0-mS;8~KY=Pt=Z&jRU;N1De#GGtsQMb^d{8msN
zaVwChn7dp)=RgMkPQc9^*~%qb%c_3N?TIRsPmhF&3-rOl4()jeimV@s6L|drRg~We
z?r&{?d!8gG2}-x8eJKzbFCR0v56y|R)~hG?zWgZ`5Kg%hZ#md)7NgeLu^qkqMM&09
zyz1UJE2oVIl%h12MdHw{^whz>w}f{}{Y@2!Qwj5bUmJ=svF>H=kFqd@-R3&z%Gs!#r`ab!*Byf2R8Y*su`L^NrQ5&PVNX?Qkycyc~SDYvh#sQKJp
ziz`oRQ<_JKp`B8T^OG|Dla!%SwJa^!Q}J#-8*drKuEatN`l?)
zuVZ9pzU_CX*_~HGFYQh~8-*Nt?|#FBbM9ooBaK7wNXwYfV8Z^SMq7TiyLjvdEz-?{
z^mLVyT`uF62es+eR#&N4t@Dj*vV&T+Vw~HPU9nCCahSU%H!b;S?t&FAI&ud4Qtv_}
z+SE!k&JAT39wymauBmj?`{d-maq2~uOPw#y%W4rnZ$HMKAC`33k>xfiJQupdNQKt&uSdHoTohQrv#vJwaK|I&-9Ti
zEG2M-y%`kUU7(eop^0P>W0XLDJXQ^kW9T&l)73_o!h
zF49J(mR&{CN%AzENxnmz@>0~k1BEY5z$T9`Tt+Qf?Y?(v>Fhl^F2vR(&Qi#i-I;)l
z;*r(v#_DoiXFo4fIkMjw6Y#yTi&7J`_%dP_aCq!<0o%_=@z5QL_@aBka@&yWjLD{
za2M501wuGAt+Vv67hoWNuH>!6QXc*xZdKyW>F8~n|7QY!3hI}$=zzwW0au0^=E%VHdd^&jD=UgLxkWx8M=4
zgQ44>ST)sfTmCvUSD0!&fy#1Dl_0&E54&DdNJ*EKVDq5^jUC{!H4pb
za{i*;=i$Agrvuq7*DKhD-N80fEU{~4&l1E8erQ;gCi+s8qzcHZcu&m`v!cURCE<8&
zdXjHLRpb^9Yf9+24FnsJ)?ej+%uy{B?yNoM-KE_r+tQYYg9|THm;}mhpmGkr
z>y1j6U-xwgtnD3-N;t45swqW$LXF+~70&reb?#s=$lrKX3Q}XyA#4lRjtoR(m9O~8
z^Dc+{IKUbwQI*UmXClo7DbZmw3zViZ2&+@4axk+=4MUvrR}i5~-V8ocvED7
za?+I%FL(~-<4Ua(-Qc`zWt-zm0Xvtw;)aB*#+P<=3WJ9Fp@TyU%H6a`0|<8>kci9g
z@#|rzsx@1KE^vQM>MvqHYggJclA;^|&&)&#f1o~c^!TFZ-9aV5f&6N)eXx}bzgjUwz4h6LALQ7Wh1H;@Hq
zY|jVeJuN{m2eC4qLWyShij7{m0c)Vy_ub8iQpF^iav?t@__5&{RZ=XM*00HL5&SJV
zW(2~t7dlkF*etbmf6M?@k-J<04j`sx=Jn0!E9jM;kO{G+I?Ln2yKGDXyCQDS$ELvK
zjai#*icg=!t;aEs}sDBB5vYx{r@kijo$bkAEztU1A4Kee@5y}Vur`B+w_EhN;>A(>SeFi@0MNfyV%YuWgIl$y(x*DgPeWbo36mVMyJ<&Oa(A@_6S<&17tu}l77Tmh)W
zSrNHzjT|2YeswfOeQ5nRp_ox3yfA2Uejs>E9vC&H_+#~{+Q93H!BJk=8cUWI>X-7x
zOWGtZ%dfq`lzfq0Lg^wm7-&@q@kcmnc~!=;v<)I}R#gs(dF32R4f0os;f%d@iohrF
z7S%m3(8_B!2D
zj?pPe9K~VIJ7f3Zzwo}ukMyTvN+YYonG0H2>b2ax0HLkD%>%`g$Z>8;{kHvS`S&rwqjHC#Im
zq#EStu<AH^ak!xBB>_%=C0`eE6X9#t+_k=Th+cUFyV
zuEt}Nl#P$+yoVH#7lB@^S}4(E(yf)H3ZOd|$MZPdY)&i&XEc0*)Pu7##L1&EisM9@
zz8R1UF`g=VgE>esWw1Z;NbT)>^%G*X0r}#YWGq6O22QEnalJCA(l>P3Z|pI&
zkS*o9lZu~};m>J_SB)hgK?>a{3;_g`sgfm}i8#f~OT;ptr7
z)T2TDMt$63m$)%aVXN>i;Suo6kwc$6I+#Jd7r6lPX8+`hO_r8iyN!N1)9RfE(B2u4
z4|XsPb!FOf(H}Tljbr28b*)MC=XcE}t@T~lg0i;Yb*-;w?*a-$X~@VWS?38``*uMx<@?NK>I5pbG@oJLDfnIPN&S@k+5Mq89-c||UM9(_wKbq~;
z-I9TOg@HNZm68bT=5ohyge@UJ+sDNGIDKoML2=dpQza~yxQJzFSY
zFDnTnll2s2^!EG=x41v)59-qtUS$#im%D|=6chobl|uk2lXaf{1iE{nQOLKlIvMxeV737!D-7
zV|vB(m{ZWVjU*Z+RSX;;*Q57s#BYLLW~!#Sgks=jukUJn1Q!A`F>oagGj7e|IwOcwUoxG_-WCqj?xIPK$CctPj;#n=hB%0JAKLFNvD-YZ$mdMb%f>oXW(9&L7SRx5bIbW
zh;J_5(nhPx&QKmFOXUa7Me%P7Vnjf+hRix@+NUkhATUOgRNb4zHixS45Vtm_)eN#e
zT*l6o{9*gE8P?P$C&jVhm=U2rPP%W)Dn~a&e7aJI?(*t$KS4CYu08?jGv}T5$5poa7}op9pqZ;d
z2sd$|#lGLlCw^&uh99R*LfcCW?ns%=p2P~vwc{bI`(5Ml+U2hwVP)^iV^XbHJvA_3
z0IMd(6_);B*kS+UBBGqHP8NNmxn13pSW0&_%eA#i5;^*p@jbD~Ws(}jYClo0uWX7R
zT*Y5oAVe3#IJ_k76W5D}L{sz^%V%=KIng`wp|j7vr#tEU!3
z^o*S*qn+s?E#o&$VR?@7n#yle92#FKaiXHte*~YNuza+!l)Y@4)VK{pZ_W0wT8xB^
z*dB8CJ#A4lCk(?@bI%{tDXh0GHj5D3X38zyDU5n8ct~j#pQ3WhfGGJ6p0Zwpa?o4o
zM&GKRpn^G;r8e2P^ijOxilTT`!7cq}CH+Co>dCD$$kZpoy!*Q$ve7j1=a0}}ITy~)
z7L{MYx|sl?;$^)*srImLvYLuJ>|xOJ#E2|BQ=R7;%~(=grMGs$bAfy3K{~SR42NFW
zp+44CtO86Df4t=Rg<0)pk!aOlVKM@J8}rT?*-BeW)QY`@#{U-VkMY@I7B)!TKr@#r
zZiP4yrer3<-(;$R;9k?nH5i6cg7=5~dHU*@3W*0LV46j{*Y`%1Ycke5Ldq;!#w|MS
zXbh?u%NH`xZ6?;nho2;ThW>4iE;ACmzjL!!=?P5mfl`Z>YZ{%|+*qD`Bsk}l@%)#+
z*&Y3f)2QEYi5~Ne@*?k
z3MONWS9HHV+OWM(Du{=nVOyy=uWDEFD))ZTN6cs6yae>R2f6o-bWWV&G!#=BHYRvk
zXVB6Xd{6z9UlG1u-ZC+5_yLP10qpJDf<$s!5AME_;Tw;@!UGL4)qWADt?;gJ$y5>Y
zVv}_~O+K0p776pkxXAm5quzs&wv*0}2+L+@8ZrP%m=h+jv>zg3H=q`a
zeCKf?G{i#QF
z0dJ+UM~jcU-PrQ9$!6W=cNcFw13GMjN7$^dMw4Uu_uF<2FsYr&XPPmNW{$bS3)Rc`
zdD#-FlFYo#6L%CaPAEj8VeE9dg7J?|EdPYh1A`9Nb
zn>s*`gn{xET{1upfflvtLG&sX>}Zy4e~MHyOpBjf%4PBZw<5tWDy2mcqOM(Rp=LHJ
zV-=UyQaJ;yaip&g3mw!pvSzhiU_`>b1@cz>Y4N4eSTlb6W7lTS6QnZ-6RBj%7&vFR
z_bpVHDci-4w2KdW*H`!GF4;r^rW3jMPq2}hQ#g@6Zv)U!f3buELU;jyh+2l9URcb+
zJuij@b(`Gp`HEa%0Jb;K6;MnbhXu0fbkSw!#Zi47MxH0vw|xZMu@Hp(;QA|Cv-taj
zT`G>^2PbIDV!q$B@IQ8GZ&_IOETtK)G6y(zR
zEGgT*f>1Mxmx+HkZbVk%&Mn*SiT0Zx*=q5G4Yp)}%y4&6!c!wNA+hTe8C|VpJ7T~d
z=;aI*&`Yw5c9!3S*q`Y6bnOp0L-ls=w~pIB<_=n{8j1scR1;8YNivd{Kp2+hmF#E%
zwg7Tv?gD~ZasuR!DK${MvH=O%!EEO(jwsx!%_m%(
zXy%BWC_-+>{@y179&F)krGhN@kHA?G0xtyuxB2jt2qEwY@N%mFw?#xyOuq-DBMg!&
zoW9@SLLEqOa%1QTJ8s2afp0#C`=iV$`Z-iJg*3T{0D?l@(1q1Znh}W=2c&7a^RL+u
zcD$qy);vFu@;69CJ#zygRI9NAKe^)~WbGWRWe}M4U`G~$(BP?_PC)s>2R>H$H1G2S
z_+&SPS}Zhs4$e>g7566N`^~ARNYs2`gufO=Ytq>dZXY67y%q~eVtj|<6${>Fan7|Y
z8L>;0w;+zKOtu8wCC0fv5e*363M3xQ!NLB0j=upw0iu8v8V)X(r|m=n%l#I3D{yrW
z8oQ%)FVOVFZk2^@2@`Sn3l$8jvS2eQKpQVsTOB99`Ts#p-;5R;&=;xfK!M_+sK>3I
z>x+Eb677rPPwgdF!iMkZmTVB)S4=(l6C;5={r!4&3b-My#&RHsHG#Dvuv!Sv6!=})
zEkp3%q@cH;^7RrCEgcY2{Qng#OL0duZ1a}37Ra;PxAYfMBT$+VW@9_Yv-&5827mkS
zYX)E&twu%=bzP;C5L93aA`!#;X~&5Py8NNhx_3du_S1gbi}s2W1+mQf0Pt1`uT7M2
z!5#a*UFtlPH8lWbPW+j{XRYUioIdqBtA~MdkDgq7VRMY2Thax4O&f?E{i9(2``)gB
z@Hsm|z)HR8?dHLXz==y_{=Yf#2fHYmU0U;4817otk-~R3uC+4l{2Fg5#?^UM%T-;xQv`>I#D4+ov{V2r93z!)U7(fZUbkx`o
zd{!On%M2l@{Z#tFyO6I?>hs8-o6Tq>At#TQ1I4y$Y0-W7PXYf)sUBhWj{!kx
zBj}MD47AP)EYHeXraJ9Gpy}H7Fw}kENzsjY6_QbRXb5cr7Olhg-l3F_(R1=k+bMOY
zAPX=aBIYn!^1Z>J{E!Z0SNCPj7$Lh%g!>_=n2tl?mj2_TBdn>$LFE@$2{&D;NZezR
zPeaXvH$FCEA5|G%52CX4g9qa@NR$ZD^d4Ut=oJ0qq5u0%gmBe?q#`A_L=W-b10RZd
z1J)XJBkZz@{+L_vgXx5yWxdZ)W0&7}!gGmz&aO1R$FvO*?J!ZBY===M=$Sa-3$fQ{
z&+2}B>kk1|T{ak4`8yopfKw*V>Zzn#0=x^NPT}d&#xIB#V2130rVS&-NR;ij?1r)<
zL}v~>glXv(%E51^`rp#P54#9o(&!63^o0%~xcZQSv9Mt+P*xv|psxV{2Iqn1@RN7Am@h%vq
zpnlFq{U-t|)V>w_PpP~R-kNg3i!JT1U;oeSQW5o0djX
zOS%}+cg#h+^8fr=k_Su7b$ZO*^sAbK7aUn0LRyE%=4=A!ut;0Ei*E7?-zguh%#8d9
zvE5^De8y>aFGiKisJZ<&2eHSC|HF+x1s~&%
z{onci_rq^y;GVWcmV2oMGzT~!;MZw5p
z?>v38Vsi2-Um?O;ruHdsL(=F63ZX9@o)7j9`(Aa16W}RlONotrmy4#ez?BTgAEkFB
zz1QNs!fT_~7MSlV(y^)GODq5NQ7{e{Lkyk5{mPwAIlLyJpbwOy%a`j1Zijmu=|W!N
zb+!vM`tRIM*}l2T#;~A4*M{B(2CcNE(HP+=9~%$pz%urO_ez1PyDB9
zhzdCoqmT8h!8umclDX1;^3P=c#4^Q?p{a6tbD=U|hoNq^G=MZbd1y!&n}jZqq}jW%Ugw2P@jldZt2~umaUgdZPE9RA9jwUOYEP1GfFX1
zE7iN>??Vw#oKPnI-E1x(mCVJoT(MHb`!aw4Lxbk~8g>|RrOFd!VUNyF-yZ2Slqfo0
z+5dQ;%B-(9dGhlIZ7>NJ1L2^ipIi>ZEWW~`TrezlRWTr{L~$0jS*O$>YofM)nD%mB
zD8zg;2hKAY>knc}`e2+R;6S4M=n+;c@_$bk{*z2KVz;~}fm)C8hy~n5*mSQuXwpG0
zXk>RXDJcs){_77TUaMaS!qaMHV_yE?>>8;sy_4|0_cw*|#|JGv1|N|79aKp+=p6Kc
zntnhqd;6?=ML_1WZF)KP!n?;B28@xqVZ>pfJWQlz<(d`9wC9l@kMP8IM-^nSA3M-B
z#U_$*65+|bfLeKVmynD$ykxAlofG3+P|wm*4cwW5l3@jsL#=$SGRFuM-hBP2j4i~%
z;|N->%I`Um_~qR5sTBOc8pKO${k}S8A3yo6e&3l`+k8;yZLm`zd9X*BeMbjeaJOEd
zY0#eilmB55{^#I-b~G+6E&uBUKqUcptsz@hf5|d3V;M^PQ+L|xE@`$cDs6i3W`D*S
z+UaOE5bTqd?78@EF0oQr{2(vw9)kaoi`UcPd$t#4V>6ig>VJUSZxiTfJZIj>);U)X
z3D7Za#EPW(q;o8k&1-Fqz<9_9zb&LtwUC#(qLBd05F?BFoT9vSMA-sZ}sUxX8GU~cQ
zzN3?c_!npmp0J?_+=f(fF0gwnf_p$M+z`~?hvl{JbW7Mkzp=ipyap%t_sb3u(t~g~
z{m2l}0Bh^1_4#W+heBUh8g;cFgk4}iR*_6$+<3}Q+=O+>wBBa_+09t?z#qnONS;u-
z7ztP?*>23O8Qh~H_;K-vBF1W?XKqBv7^;wPKHEi-UeNtS7Q_du^2h%TFn;5}QyQ>}
zF}?het*~yfU2NO8{f-`9m{HisT&bGt)*N&k
z()@K@h1RuouJ$qRaYYyqa8rdnHb{{{8W(+)^J#d&BEM{+^J(Jm%;!%o
z;l_*zVvUZiNqiuVo?HPIOE#*8?%L-{og=ZphP6m{c7};>=bg1DmO^93Ld|`5s2P+e
zAj<&s%>5K`$~K<+h$B2&>8>|Xsmnvvi~-Br#CzB##J|pz8m{mULSPSpKp$`O2%vM9
z_J)UGd9&cuYtslkf#|md?}#%Hs#IE})S0rO6EZ()YIRxHzQ4mEX%96hzkD}sZ#0|Q
zdtk<{w9wXU=xmNdS0IDE!BZHvi|fM}a<(;WmMCCP7(Z-aW6x$Ke$cH(=A2!wqOj+U
zj53_=cNusvVB>rCON!C?WPN0+M7PE10QdXjC>f4gK>1=P`8U={luFlNGrO?JrGh|e
zXxyfZea2k#o|QCvvA5L}j+)dU{aO)zwIqP2R3+FXCyE4BcPFLmIAGbLS$Lu;Ih^CfR^jo|F32U^Mm(RkWKH>rT_4?;{4(Bf>157{r
zE^IXPCi3LK&qP5S!cu&?tTavCbtUK|##Xo~sA67w6ab|}I7&A}9d39RiHiye(MngF
z@bGW-;&*!Bh)55xWTf}+znwjypmBc76w~*ZTW29`lo|t3N2p4Z$3O09t*L@6C>h`-
zTi-SM3SgS>SN`|^Ku$Zt&BX7J0@^^R3sgL0+aH6-A$TWe7zK3y_!JWjX$IR%^bFjs
z-S~>GckawfR$=Y$5=v7_A2P)~4Q!m6O2)oxV=#8@rSy7eE<}6e?fgCL!&jbNt?>b?
zXX8Y#zf_<>?GX+k?}`kE)q^`_waxW{!ZQ9`*`7QF3nF>`eBH#p1P!M10U`xZPU+Ci
zN%7R9L}h&`o%=%0oA}vMVMW9Mu>pYcJLV-L(B^My?imj_!J=sUf5|Km34a_ASN^i`
z69N>;xLGpSop0Y(@?|p^=ws+#6c`>(m1z?tcg;vfBKTd{6m
zp?yR;^^p;zaOv#Q2s5JrTHRt^#T~^2sv#+RpkYLnP5Vw=*nSW>JdWL
zD6-p))smn#V{N!mFw*R@seeczAjPSXfu%SKS~dD=#MP3&g^aF!kEW6C%=Ndzp%zEc
zYh!JCkUfxT8z_b-jAi7rat3!8S{vPSk`6ncP!cVmoV30;)^ZO06oOsr!od0I?DJM~
zLJ4M9stFms)c0lq&YU+e^q*g|)75Z}Cl+n7`Ci%g36+vfbZ+Ht(ocyeybud){{r>8
zu6HIv^g!vh*v?BF`Ge
z*Ob}}Z^JXgwYUr=5)UOr#$S}{w~A*y|MlQXvd!jpQxv5e#1p
zYI4}`eG#jQi;Mg9M8m>kyff-HU8u|VW
z7Cuf3?{_2^wV%s1^GZrtDS*BR!iL|SWG6S-
z{HmSvtt^s^*U7wAYs!apKOip+>hEq}TtS!};GXXqoNcFDU!Hh8i5rh&NPbdZEJfnG
zy!GQJFWvO&L&cMkx%S*m@%>jlVo-1?HDp5Vg&FWzzbziO;sfy0k3nbEaT;wTAU{y=
zfv6MYujsUb3o1VT!qCM>EE#ROyafPim``VCO}tJ^aqUhYX@U9_j^}pQ((05(5)s6J
z)Rtw__5Ap;WCZENhTAxn+U=rm=M$ST1FHe6?&GVpZuOV`*;#n+v(-B&)rMK`enl-o
zqedsILs?{O&%*fi;BpWRre>w_`6sqTAhuN>M7IV9V9F?GJhd{Z8mnCCEI6qeqC`lA
zw2h#O(pp|K&}GJhwbyh`|JI>Do;elamL1*SCzxj=Z(y3aU=wM>XDD>K*k57%&NhCFsC=PAf`>~PDk~z9PL`6HE+%J{IW{))Fqh3Roo2vJ2cDz54;@VRy9E6#`1^QYvum&(1-Ks_)
z1D}DFK@>!?Kdf8H>5fB3glxMQs<%YuCV#A-V{XC;Z#UI`jDUNd^2<-5sSpgPXSrYZ
z!^}sm6IqTaW%y|HHt>s9jm`d9!CPB!Dhe-e2b#7%1snB3Y&>J$qlpmIU|k@)*X}`n
z54-jOmj}1$clJmLI)~uzlv@S>n&U@4FJ6F4c|lyk7Qy;I
zsN_Es+nf6PnW{<0Ye;D$%mtOkEj`1RSU2*DbW{Ctj{?XCB15=OlE5<NPPtwhXy)IPVc-`u&~
zW!aIY{k7x!H(~rF6DDmu4cj@6ISiI$N>7d9b};@i>iQKt2HZ1WB3ej}rjLjElNqye
z&konk#q|XC*=7nYL9$uIcF<&mCDUrQY8E{HlcLFV)LHR}MLU0(#CGYQQ!aQtR~k`W
zA6W(3oSBAdSHUIu%7Maa*Zra8X8Wz!^bW=k1s%oqd9qYV8s1zWA)*FdF1{RImXn_-
z)Ku0V1fFFuG==T*J>U(vkF<7&>f&$a>}Q3@OdJ4to$T0M0Q|WAGoa!`keK%>pGF`T
zriro92l&1IS_5V?__DntfMR4iwjQfR^T1rU;2nxvEYCE3>`wnZlS0gVQDVMs>?juH
zLt?P|t2Mb*Zbt5e1NIM|b-R7Pif2Dz8Fq(TjGrqCmTEU^D`PKuI}pX>$}+6myfCK_
za7QVcDlN10p*F=3o2^zhPp1(ZV|KSv(}e@53OqQXFHqg(oqLp@2f~AMt)TwX-Twi6
zAHysAO*T&aGHNZQkS{*dbuRJWlVh9&%`R_ML-w{0bR1)hBGBnMe3z*@!|=!qTje93
zDj4f93&Si_WnRyYz4S-bPN4T*sCk
z0PVt9Ualc4xO_!4FG9jcy|*A#d#8IVm7aSRDiR%5uxvep;#qmGyR@f5F7b(D;rC=W
z%<^ObQaL=|@}}$6ZPA}2zAT6?m379U8h*!a#b%f1?sEbSn2%%W;}7vB28qhy@1tYa
z-rO|8dDS#c15M%azW@RF8>{mp$|#Se(P1wH)bE4Qz@-S_XFONR+}X^45?0yHW|AWq
zCvU(0bPl7gPWFTkG}(PYZs$)JeT739CQ|ydv54m>k5VQy1ZJmpmjglujax7xCDf3`1l%a}4qJ
zps>&mi_7Bv5xuANgh}K1>XJojS#Zs3-nf?!tW(3X?>KB4n^N;^&c3W+GTi@IF1~h3
zqA=okYTTDB_@_uO}FA&mRJ;PVbJCtHcj%WjS&9ng$YY4
zcjtz3*<3wF?Y02Rx~s<&CrFvKpXAm&CmDSO7&H8V)R7X^ZB5Fx)wFxE@!vhuzC#MH
zz<6VywM>91^&wyJ#r9xEgWVl>&=k!P*2hMn>CZwkM!f1AKT=ZtV*DsX1Tnr?>x`Y<
zRJg@@cm8SX9nhB<7f!Uss+Il=7sntZ2iMBJb}auzVd4kuYM9(k-fd70npbi810AT4
znh>tZFlPiZ#j#9<3;HO4YjSj(mO3eYD_&(?LMiMPpyIADI|+ZQpFQR{+MXSXbG$tl
z1hVY@ort8TchxM_YON+=R<)V7J*_d7^5O^iA2OntO>CN0E6hgDTfhWwO0}Us(3*{G
z?2jxODihrJ$#M3D1i`9eQ_sw(IWeeT^$sr3m{{H-dqstG8)^T1l&`eyJ-F4ZioTBx
zzTHr~mZ|iNx?Bipd3gJ=Xi%?DpcqTuY`cy5XlsK;S(x0#-9IID?-gCUxc{K@4x<0i
zyQIZB@6Bh&CvMHvG>(5;nCm{a>0d>hCgo;~6ZU0b1o43yK*desIx&w)tMOUvduN%o
z_+Q!NHQGmC8m-^Nv}V7v&K>K|$g)y1FH>Q-l|po9bMlS0i8}iQn-*DUcUmi2cTMrf
z?hP%2J7)CM8g{6U5~q|#H4WgWpcfsrWM2JCi9+$+ME>fO@5zY@gBEjtT88bN5-$6B
z-Ua8{ia)v9{N*#Bkju(r3ofHnyQn=nT7RB(c0?J3%_Z&B_w^1FZ+FNdn|#@}p78Cr
zQU_#ZfNteI(VlDa$lDt9`Ao!(y1`z&b#*$&Mt3gq_Dx!Y{6tR!xV}wi9HeZj%o@5H
zpM_sQE_@W7J{Q5v7u2+Iw4Xa&B`9JW)W81!4@S=3^}Ig3llTPk&N_|!Cw-?e^&{q*
zk%-w*06pNP7Ge3>l5kuXSfkl2g_F&w6epOx^*Q=QfNpYr{<&Ikrhl6`iuNT|pDKWo
z>k4^UZb{2UV*qD_E0jL_gx+`$JP~cxpYi27)XjCq;||(`yn#ZwXX7Z@Kd!W$rP;Zy
z)F8(uS!avBH&WxIFuRTEsS}}b=`5{rb`FMne=6b>WdBF7`kQW~XQzRw^9BXJD3(I2
z&AX@+ztld?LocX`c%$X3#Ip%FOYMut^Bzn>;Is`ce=%kUkM(Cur=Ozg4)ZF3`iNjv
zJ6FH7xyb(M@AP2F`qlzLZxa3Oc)$=#liwvRBU2cWk1L-@Wu;ETIMZG1G`qLYnGmJg
z2}?Y_rz_CBFp_^U5`s+-6OkgKq2TBlHo{V*6UHg3pNBgxl6xvU
z`>{I;B;AUtuGb=BLMcWSwExNieyNDyfQJtAiUZN&lm(<=B27mwtYFaG8IlbZJ9|f9
zw|gwSnU*%PGF@YU0|-hjI!A)!9@xX6&@aF5j?cZqAtDlN+jqXFHaF9
zhtV)sAF;lO(=yA)p$pVk$P9j0&%|CPxj>1HDQMjn>yHz!vKk`E0fPZ&9E96M!0h4$H
z>9Y2WYPxFAZXKSr(DGZplQf
z3e$Pd@?PU`bswrd=WRxZ<&BjbrNtb}Mswrrq@(lbrgEDJG-6??likgWOOHc#1NLET
zPaPpR1Mm}Hxdy?(yL)|OBz)c+9ucSNdOA+Tqk^bcf_!|36W|1#fw6KImX*aHjTLr`
zR^(MD4(BiqJ7rfFpxP?vJh6Y0JQ;W6ox*Aa5BiU#wMUTG_w{Ti_*>0D|2YU5Y~Wnr
z^qL*kO6ai3Iv2N$Z<-BC+FIh_mcJW^l&+V)dZe*VL&mjix6-{Q#?;d@E+2`X=$awowrEfb*PEz7QFf`V0H%_&pl_d0Ox_WE6I}SjKAq%tFuyr
zcKPq#QG(^6{;7w-#vgsmW=5{sb`Pv3Y>
zE2nfPyLfo6pk~X2S-OuO2Ot!0XnNmM4r~Nt#$DIo)`8Fc
z5ltXPLpi1tHsLh|6ynlxNNF%3PblmF`aidMfIvl1(AwKv)g_Ba*brS}3D${0Z&5J(z3cgh!
zI40I=YKM%*e*!hq2W?+{pk*KwN~`&PNm?;8zDj^-hc{o>`l6aB*vNZ>YO})7u|4Pj
zo26~4&F6{M5)~}wYI30j<4vfK)GT-zmMkja34yCNrHw{w@wNu)@(CQ|yp)&6RnS&v
zl?H9wzvKUWJDiUHCF~=d2#a1IA71-Qqu~0s`B=&3>DNF}S&|JjcqZ!CrS!&2q-wO3
zohR#)inC|Hkiwu2^_A}o=0Q)6#~E(ulLgRIQ8`8wJBKH}vf|hTdB^Ab!?gM*@AEMY
z**K$fS8iQI5n$OQet1_t>kI(n3a9xx^Z}Zref1NGy7?+7UBS--cXBZxtdK5(Ni
z=9?kzc)z*PvcY5TZxI?U(BkVMNFx>csG+RWaV@m)kxp}FmceqW$$sZ2Vwgd~39U`4
z=6exu>Gw-(7GZRidXKpc8hpr-!mb`AmCGmHg6My0<*cviU>Z6Esbi%ZOr1rG**h(`
zlIXZp8c++Y@6Y!3Y17->=+|j|lDO@^piJhidH)MRpeG&>Hs3%~#=!rx2ZhxLW4@kT
zc=q_CvwSqu9hb{S^5xr@p0mXXZM?s6C{d#((X@SnXN`oj7GI3?q+XThKQfhsU^IkQw(Uz
z|8AH?{7LnWfbUKTKLt}~ETWI-^cfv$U$+5=-Otrn|D#
zcpNcN)lFPx4W^nWlKVy5TyjT*yq0zElk&Za(fE7&PMFm>V(Q7G6wF2<#(T?lTWJ|_
zGf;mFx)Iv}oQ82Y|z
z2nMC%^j}Uz+B^f*1J<3-7Y``0S!*tL+azngQ^qKSoh9D&xLk9bYq&vO_7<~#6>|f!
zeH7*WITf7>ORi+sIG-f3!?x=IhEIxdy4IvyFaL>lj}n;LSkCJ$_s)h-
zk`$D@qTpLStNiwd0VQF8y$2=EYU_~~lcJ#GsABD_jbw!7wb|;&U#CYS<>tywxm)U8
z8w5{mR{7!1peursuNVom(x~5VEbu3d*2+Kz?!=sncrqVNvv>@0zh~aCsu(=FGUKLe
zfXJ6x`_LRTgS{U(zS-3%$Kg`HFB!adly5n~J&q0oMOhrEU1&0PsJE!kWiY6z6^9xP
z6IHDm{>q2vhDkNGJeIVa=1I~`M(5FIiTMqMN>
zrg&z@;66+2iJ2HWMTmyYx!3RMN0-$XoP_^E+by(Ppy>y_1ZUcLN#kSj;%7s?@uKeT
zw7`NyCSMcyslHf*b6k`Z4vw-#gXOplsvyhN?5X`w9sC#?tZxSy)8!h=Vuxk)VLg|wboYB{9A
zhQDq$cNcuy`y&K7Y`SsD!$c!(Bpbgzc3Qa?nf4YZc2&+W2`}>RaI*aQDwtLRBqvW;
zC15a#$)V32+AsfQ5^{BS>rF>PZ@41DT;V;*V)lLM%zb`yl$
zn@?4{`w6oeo^^He@6Ss0P1i>Fenr~@EI>`K!S^=dt%5C<;3>oS`xeGVU0P{EuDLr3
z4-_}m-|{DPm)hrx1wVX@+c`6+#z;vhB*XA+mWG>I&5X#Atjz`T6tX4xPot?2$kl@i
zw1?k8a7>8n87{UaXKU=hjUAQ3^(VJXe#NP6Ra_+~T}G|mYf2=0fIg2Mn!fGvxLXT!
z%0a*P(lpe0T|0zt@ySn$nwBK;yIuRi9Qr|T-e|sm^;m#N0Z{6r#qw_%-)4ssNfcrqHtHuMOVFgiCJR|Anq>-dYmc8#m7@Zrx_Qo@lL05a<
zfmSXW;}8~X~sx;hNBa>?!QEZM4MIC9-Q+R1Zr
zS?P=7+fd)yHE#8$Y^>ek{u7l+Bfcq6@a58xHow%Uk__lhzPyqQ>S6KA{ljdK{nX!P
z6wPU=Ghvxwtj=v#d;8IB;HAedxxbd=Rb{ZQZGv9H!kXiarFFvNGXUx=Hmp(Z-aUz$
zM&f+3Qo~aDywuHmGf2VoB|%J(rIXjt1@@;v4IoJjb-t_aPt;p5ai+Hht=(Q56rCMv
z|IlPn%T*`UEVTA3+wuE|n|;uhf_VUDDTZMH()l}YEDDc9PcuD;{RCtehIO91+0pia
ztJp&Uni7V_aYqu4x7><`O^Qxo*Mx%xp>2=Mju%H8_{IFsbjRh==9?ZI()jFBFzZya
zFLuV{iR>)NMQ@$>bg!mY8sp;meB_kU8?jd>zMFGjvv=(;M!aZFTaB#vI)jEFOLthe1ZvaT?n|FSdNt49N+FKrSb-?4&3iH
z^UH4%LI9-?!oiA-PUvwV8LPhIl-HfnR5!s!ph9`;ztXS>As@n7eCY~#Q*Bp+pg$!%JEZ$lSxe?<
zN+Y=0YRk%5T{hMX;O5vNe?IA;;AW4!bGgJ5lXZo7>k+|5f6OQg3vps(19crWvdZ$4
z@cxVE;G&nNFN(IvKUYeCnu(V_PEBXz3&>pesVbNsqj?9LHal1w9~|!bY+fG^jrkrg
ztiTQZU7MLdDxs2WBuM<(Xt-fr_-oQ)<`F2=NS5_&*HlII!z{6W2IY&DZ#{3vrQM}!
zc%#Zx@MufS;7I{l_hZ`(K96i=hsTvWP1Z-;UVqGOhrjp_d$02s6KCrdWHT`A^?u1S
zSt^XuHrsq=KA2AF7kc_)_o^Nd&20z|Pz&fceumRnv)lHT^FBu@1chkpv2hElKIB}%
zQGlsvNKO6+Xt*ov2Bo97uMK7neNj?L6LZsc-s^tI?>6Y4jV$w>9d|c{aa+%R=DyJX
z5LWgnbK;cch>2e1ov1+0?b!lBw{|l~ZGJ>zz`Sc_?Y;`vw}is{mVt#U>0BmvRzVaJ(q_t7}zqd++Bz)bi95
z%lRn?vzqQj=QPl(>t&Ui#_t~m*wyd{yo^7m_58iFARV~xE1d`~k3laIPW$P^8?l|K
zR^-gm$^9>RuOFrr8*kx0Iy8Wy30-?^{EI`q(66BnV7(M7_R?l@i+*_EI}uE7|f
z(jl;W@O?h4xCR1nT2V|LYfD)_jNd$sevvh)oxLshPf*)L7I}xD3%Pq$E{GocTnNZE
z2vgYSk|zQ+MbgSMmc7FVZ1RP7HhmtE3X)U@sNb0MXK-x&s$_F_ObBQ<>|wkNm}a_6
zIr@2D)@;MTB1JADX#Ab@uR=E=BJ8fF2jGOTxr9*wv`XYE*4iUC2?xum!X*vYqXF25AKb<0Gh(BW$(>yKC$oKZkA
z*$)_tD7>7R-L>#xM?`icpl8*e}mBDEA#kyWI>^eD4WygD=_UAh?Jic5nj
zk%OG)m?)*<7kcNJQOE|39g;$zt==-LqFH!dk#op}gHfQ_lQT9|o$8@lW-kFBHH+#N
z%vYltmOYhi5~?T(9-Yl>^rhE3F2544ThC+Q3#AmlOUs{Xi-Zq_M?Et)ttbkH#to)m
z>I{K$HZ_@at&A8J9Lv^Wpi$G8n_`*6;9X;XMGuYKuuc5g-?=qZI%rkoV*wCnca^W)
z@p3k+s#%?V8i!`G{rP8aVA_KMA$6WVo?dAxK*n(Le`172r*ro;f%zd?3fHv{seTX?
zul%3!aOX7`&qjprF6DB4|5m|UoPoOZXaITFqog_`K80u}vX*8D#LO^^N~>e=32~
zVwdb!`M5VrF{!$>cIl&qfu>XnlJL4#z*~sibi8TrIT3sBN_4|xK5$2E@(}cR>%4Xz
zmKxsNhd)8Ifux4;ClLz-g*S2FseXO?uq0eJ)Y!(l`q8zd^sd+8ifkLh2V8y|&Dp`9
za$zPd_ddV}qTx%RR!tLY70=+6hWfFCT6L6@n-kra-oz2O>W~58s%iPA8@t6G9zTcE
zoF}>1m2|MT(EPcX^??UK^W+om>Ek%Q07`+_EDu*%EZ`=r(x$Y85m46CsYa+zm;FrZ
zi__xIBd{^M5CS=miWT38VsaZ1MLKi|-bW2!%wD0rrDVWUOE~b4VoU@rw0Fml
z@VP(9<`f}B_}Hs=~3W%~6hAGJRjsMcN3>q&Df{Pbefxl=96{Izs6
z1$wir;`h3ZUpCd*Hs$$LcBO{@^iAqH4vD<g8z9{j*)f#e~Y2hM;
zDqD?t;2WE)i@p(+?zB`Wk-ss>H)=sC)M0-2r$FOX1BQcb?T*a)9KCi?qXz&s14N0`
z=BHje2-RaSUVoB~+IKPculZ>;%fn~?Aw3`&?}S!EY>i1-519e2|K!W0w{o>VyzXFe@n-f?$m2p(_L!RSqadQU3h25V
zteGVF8>$w_%Cu)vn?|o3>6k1;2J`ISmpzrch8|;&XNr4a94KHloVJwSXXGjObl(uJ
z%gZV|tBkuDWVUrK%by@uWxXSr-Qu&wImW3Ux^k4H@5`cDphXJEhC#S7oht2AV*8j+
zqSKg{Mk;hrt9Hh;A8*wXv}V0dkgeQmXL=MGX3y>%!9^atgBEypjG?jNaS?CLY?NEa
z9$n2ZXf=0dbW2O_@KY}?x1_Xzkk4Jf*wXUdh16ISbQq%z|sY=3^
z3pztM7Hk361;6cHR;H#azp?$9_28G~tFlX(4=U6WuWxtnC-XotknAv0rh&!MrDsGr
zOTrqfCcl`^UEb`yZdQZ)V|Rp8DiAA(PCFRZ5=r^Iyv^2}*&2e2O}PmgZz%pz`zxos
z^YSl((HJ>L9(PaMV!Yc8EWtgEmOh_}M%<;vm4QEJjpY4#P{>kk9fm*3ZsCBScPFd-2OnPX$h9b%ssPkSq{2=HG
zF@1+KB@^X?UpW23RWg;cgh+$%sM?k!2;^cfcQGB_XF3tIfoPOut&i7Wa9Tw3YG<>v
zC?AixBs!swD`~e$-v%(--LgskPP1B&dJiAL3;TaTQT~IJ`K$TOLIeiD>Hqftm?AZw
zdA#v@JoARfLDE&&bAbl118j(G6#`F!c4Yt}g{UzyMMPF7PPO3r{7fa1RH&;M%idwY
zTWM>vke}1I{2oEb%YYhA+vs9l`1Ijm=ZCsX3BN8-hLn3I{$bi2`G!YC9k_-hGPRC2crA?%5_7EV-|@y$G|Zy#Q{$h9PLPJDiIekt(8sZ>(8QH0toTx(+6POcy}A
z!bQgNvXBl{?QY%lodQq$wA9$j;ItCQ_faP1Qy1>r5df<~!Z}@un(Z?EaOVy4cI;~d
zz+?|%Pos-)RJO{f_I(om@G<{oyywXpFUoSPw(sLX%SB-X1gS-4z8kzn%#5*pQ4gfd
zX_GK}XVeJ>;~AY3KDnL$<$hn5u*T=VZ+0!!l%{$Ly|XD;V#$3o;xzo!>^&c6mIzU>7lV-TYI4gYW(O>lOHpLID^;Yyk!L|3!pdnE;+X
z%Hn7_VToN!s0y>?C(Qxxfxq>q&aAGIfcIxCjtV=cF2of!3$M~A?38PWB;A8IiCmql
zTF5HnX)GeHOw;-Rg8Zp_k5HPhe-{+%9CIyHSLfhYClQ+w>jV5zuDP1VCmu`i$WDmuiIpAYI88Zul?
zcnqW{ZV39!u<(%kK;5B+a__%0{KmgmI`GR*oVodLoBH$8Gny19N+JbxoyE1X^w2%$
z0L#L{Cw#Z6#WYX2lDG4{L<3GJyjpwn!uoWCGHJh*TcDQ?85Fy!MW*r(tR^FQ^TjVK
zSz3~OA`O{5=+u|x1-5$0A1y1PuCDaY4r`Yw+N(7N(-9oL<-V_45W>?4*JDbwRn3>C
zRfOgB|6xBK34+$g#9pGy&PVg=1fB1-t*j6|30*`p&8eO{Kdz=qgK%NYr3zGT-3
z#LGY`SrojERyit}21~7E2Rduo^(p7N3uappx+mm^g#BhNx}eumLelyd9PJ0*_|{UV
z6)+3H9Q3&RKdtb80sdm&vVp=?8$d_5!wowHz(x0s2X>TcP=ia(7rcrqwU-zTTJu5r
zy{0d2YCLd3Daq
znO6UHcG`U@#_;kD(EjTw>dgsT{={re$Do*o+pGRWs{V&XoVbR!;f{~lehGOkEzjwt
z#~xsiF$F!Md|0v6Aqo3qjmu<2;Yd;0&b>e7xBWeA$Zn4VE0I!%O^eb}IgQ(oU9tdeJdv?Z@~AGwOs!avyYZ;zlckI=(cLkl
zI6)DtEnWk>?2|h~U{A#U`LLyi!TQszlCPG1{zliA7!pJUC~=liGBHDj}1mxU;ig;yrr`bhQ6
z>y&2MiLXpc{z=2BpZ7ialTvW~kYh8Is#JqKX6`c1Ffie?goUYeC|p$6$$BXiTiZ|j
z?`T#939M%MwH=Cbh16}hg(wVwn+^)&|N4?dzFVuEu|!pb41^#r*OI&t-M65xvcsPUj8hv
zzAO&;G`_f8aqrr_C_t5GF^!oQ3fW(1XA{RP9V%ulax5LGCvps8zI74CN_pC`D_R8x
z&L&|LKBr@bGmS1dI$XC=)e7T_KXTZ@3%!F@n=Mc2pv5GQ8f$zbRgAO^kbZm!jym+SPOb!dJ~HS|=e
zN8XO<4W>KoK9+4R0Wayqg8(Q>A3Ci~^4AzXm2(dpv11!9oy!PN6Ktlk=M#p!FM`UwhZ*Ka%X6oDtk_HTabtnR+`^5kYxR6t?8{=Q=
zt-fXlC&)e*_gId%Z{&XZNPrF^WzjbQKtaDk?hpykQyK_H5k)e7EQR32|I=9fR}+8V1DtUJ
z8_+G8_YhqJ-8K`XmXyOIF{ES5B08*?4w#P?z@FB_HouwjI^#U`Xn0uX(x+TiI6hT4
zu$f*IC*VhBXwN+%fi&Dd15>FTP^7JLi~ufYtNtuvetPP31q%@k?DnBVDl#
zM^q7i*Uc=d;sT&LcQ;kLC^41Dm*
ztsl-t48O&}(ad%yav<3i|NZrx2DpJ@1A8!Ft-2IO3d}tKt%ey~Z{X_3q}Z0t7^PlE
z{o*fqc&HHZaDAvTaP@AB-{s?ka7_RO94B=9^Fs^v%>1(o?hx1q@r*?!4B;3}>E!NN
z437Ud!#lL}o9~VP#sbW*ys6AxveA=)nkfKj0u*Q;eO9fQx;_;
ziAYCv!AEt3`$y!YCRsV$F8}RKuRn%%I-LM-o8fI#pk_p
za8n^z2Q&h_DYQxF+f~qia?wTz_|C2-2~4y&g_??0Z4)3ct?=?s{lR()_*X~_iad=f
z_>hl2C9I0R{N@IZsxg{T|F4G2e;L-h=SWSU`U^tX{d2xIy9~I$kyrZc;gB%6a3b%5
z-_$jEiwz2T(UvjPvXkHF#t;^02vKBJaaWx_WrtPwu+~5tbFF4OMQq{ivZTL>QT|{^
ze^0M^)(LGUwF-PjJjV3yIn!rB%sOo&Z*VS+;9PWebU(O~4qH>Q{va;?-1Ees=rxBc
z^$0?9Ufn7>iH7QZG#jIuPx=Q{R?`A62;7$cm+u$fqW5K(2z&DC_8RPIyX@Hh@4Xs~
zQj6v
z>3n=;uFGxKEe%4iYN7AT)c3szTS4y6)6ZodzC2>64JSNg;I*!r|Ke(z{o$>PM*16|$-nZaMR(zeX2?=M1qM
zQ#APE#(j}?$0GR#29Vr!-MBJ#LkBb+3b;B4DO{Kc@^L%KJZO5cr)HTk_UNXz)TX2Q
zbW``n&)hulgJF+{Wn1&~h9v!<=4VWBTHI>52SSdU-a&r{&Fi~{V&JV#lw=HegjX33k
zR$S54A`Wn)wU%_%GKkn-GJ_l*9n$zpslFC_fLSFf?gY8qqo
zEF2B5McsF`Ptv8#y}8`xz^2o;;m=lNgVL6WIm4-}bBsAVZ9>-M!t))JI(4g?EZrB1
zMo%HbZ!*OELVP!l*i0{@wj)@pi%7($>%8ej`1gv>{3jE0dXgExI{^RDDky)z)8jwAr0fu-N
zu>4%UaW-oZ0I3YZ8r(8Ivo@?qQob>ZrJhSEDn)%!gnii~kICngvHIvB49xJ8=!7Hs
ze{Gj)nKm-)2ft;jVqz7LtC4qJk_XZ|fg
zu`c?@bgiQryN{Eo*PjkT7^BZ)_6xr(EiHhw4B#{(T2s#CMX)$kc1$?GfzykI>?y2r
z27~-L#q_?RRidEBwisNFppnrf(e(NF-S7$QO92|0!sU=bWy)v4WI491EsmoFj4%(Y
z-SX>JkmFRI_pvNOIWynwVfs44OXn`Z`h!PF?~t;HcR}0O<*nl#i3pn{%@uqAcn6GB9Zj;)079rz2IY3ervlA~%^@d}
zBUWnfXCIRToe1v-bRL6aM5erOzDA#f3IERoXb$dBorwOf<2S)W?Di$I%?|
zQ{1mD#_JWE`IIO6;_Iy}4m5Jk;(}68xwL+7XTou*i_+%Q3!dBYVOxY%JBEy`8oiY+cgHtt7a#hN}xph`$G;r5wMwlbtoEZd88#P8{2
zgx=S);mw!p40E0AY{D9PMk=
z?aEyiOIct?q&CG;_ueT1<1#6eu>21Y?cav=SCRf@JW!-}e+)b{{=P79WPT34lCIwf
zVN!&x3L;7Uv6t>U?QNtHZ?=cHuPzUb8+Q`fb?_y$nS<}iVA4o-pmCDkCqKYJnwZMq
z6r>^r0uyUi-{w+96Z)7wIZFqRYc2|cT9<*uh}&fQxpbIGx|%kM3Z57u!n}0W-!)b1
zp`N~^%QA8S;4#J5!B2BGTQd#*m>io`Rq<{vtB4Q6MI-aSfQ`XdCLZ+kSkq&la@efQ
zY`Cod%mw(BM)Tw9lI?-Rr@Fww5gu6XrT=ubLpmnFO-?b@$WaP*^BJ=#EMk=3U2x7B
zC_zhau)@F~Wcgj*VBv0S_5d%s5qmTG>1#>-YHpWB#YifluFWITK7Xl<_g;jV65ji0
z66T!dMAMd@j+!OY3&*ba>7qW!<~y0^sOJH-Zs$gMRmg&9CbGl&#uARV~*g$WXANH5pX+1j~8oyRHF
z?rc43?Twn0s6`M>E
zW8@+C0;rZm0T~g8p(b%K#d{lY>-QjzKZZgm5`-XK4yQp{G1V_Gu!{ykccSat4}P{R
z&2#lI3VxmpF)uJcQ#M)XmnpNuW=eOzJAxXAj*1*^hYFm=Taf%kgVrF~*K@(L`QMwy0RTIcUU)@T
zV-t2FHeKMHF5=Dl1S`|(*s$W4OdP$6vhPRk^w+H!Vs4K<%IR5#Bt}ldbp|AnzM(Yr
zuOGO%QfRLSaRd#S38RARodLqk;Q0&
zSsDuR6~{jBvKzl(y%n1xXoveqs3>8%|DFiQXa?1o!TklXG3*mE4u~VihcR31Hb*1FC_d;ST6OOuwJ}?f
z6LZI;F%ANt7yr1}?h|MSA)TB4lL9SdPUZ;Vj&7$$6Z$bgp$_h738+JRkC?JFjs^-z
z<44DyDx9z<*Lad;%SL23bR+_;hY4t{IS!svO;1KUw!~9-3{AGkSBqZJLO6mwf_iCN1)0s8RcJYe)`F}
z{NIz%=Z@~yL7(Uwp!fw&qJUS@1=+ATT)V-%++RM>z}gT-0c?19qrr|(jT9J<*+Xj*
ze%MGJ&GGt_d!Cpgvy)O!*2&OD?Dgl9OBN$cv;KL(MIF-TJ$R
zdhYywOb}NbL-F#~6XcE91UiQ11L|1oBG3PZzEQg|pfJ<+%^?tE
zi)FI{eVVL+?qXAPFS1cW>L^p)e~&-3FWyYXL<|f-$P(OO+^<6luK%gZgqCyoed7M%dSbR!pgTC!sjh72H7BOe5-75+xBbB^95j}Rx>ybltj@Sd~;-P^)
zI16J@sh)54Xn}Ft^q8|r+TOIC^Yy}Nf}k5Z(qkp$H4AN%m~}2&k8ZBl7y(f}L~}!(
zR_TJTC*#>O$zY78)>WaV+ouDW;xT>1TuWn7(*PDNg8xL>>bE+G%F>r2u+hrdWBN2jenvN{-
zmg?UcCND820r_r_DuC2_?2i&qu8<1T5)gUic3X7tZqh1LwZNtmt?%m#DLY}5ybU_e
z(_oGda|hCm@68f{1fT#d#zIOK?hB*
zCny4O@PzzV=|U8f?fDmbr5Xz7P^sKkd|EHAER@`?Q}$8hWJ)hUnuo`!_1a
zJ$o;rkrkH$@NOsZ!TWKq!Jl!#i%(yEyN@iFs7Tby8&nC9!B1Bnl7eEAl0G>N`ak&f
zdRFe8zorRbhCjup(d_P>1VN4Izx?ekl$AW~2EOxi5;&UX4iaP|5UHyjs1SSn@|!q_
z7#Hq6N5oul0s)Moo_{(VfWGxb-9teU)u2@%??($6s0_b8Ju|>Hm96#f5wBB(0FjbA
zRzs!KtL)c@Cokj_ouP=g+}9#B#sloplILRRBxqMH*EpX_rpLm&I$osztbCzWG^nvs
z@Y(Zoq5jrGl9>`l>rIgLL(n56;n9e8Rp7L40qAV9b!>PRo;9@X&}Ns3;v0%|-#Snz
z3(~yHiYdA`qEI3yQ<}BR1$cmuk7^7xb4CU{^3^~0T&0(J;
zL67}Le9t==YKAy=>HchYa8LT>y+`O1_%Pl)mB5eB9_x>SS`D|L{SH|6Aq^%L4x|r}
z!51m+chgY0n?j6KdbcQI_#J_Ar3Jdm!D@Di5(>G{$KZ4Np)6zV2z!sb@yCD;mX=k9
zegQh0BtngtNH$(8`&}@&n2)AFrd1Kh3X)q@0NJ^U1)nK2jO6*f?{sgLmxX5n^7{o0
zgp40ahm+9i?rawP+s@TifSnhX>5UJUJ~M5^NijdRIRiE;3AVDu@<8Y`lAO#srLXEL
zX1Gym3M6T8gH~~<#pw*+y$bJ76O3_?UPN)KX972BM*15hOW5X<{F&`M84$1-R-!k9
z-$;H-9AZCuR_P^PX{lV6%o@D8#_rMfvXA5pVpJLB)xInVK~JO^DWdo0Nn*>t5L
z^0EB4q+h(f2I<}~F#PUBF>3Y?jL<11mu0SW+FX9g7p1Lab+ggkc6O4g>3OmJz+tXF
zrdr>m>Z!6yLhL+C`
z%pp)RX5&F_i$<6=iTTq7Ns;43CTE?`C)37((Op@50Epph_mw-KXY7hhfeA?3!Q*>m
zg;I`Jd6$cBf3Q!d&h=OXh_ywdIGNEqwbg|kxbYd%`(Ex+?#}oG0TDhL&3x4`q9xm5
zi7ctmvC+g@lxO%bu(=}~GpTGLb)*-MNjuU6`||n{N67u+UQ6`j2i6)-f{ma=r_eRGYJ(8uW(U6EC%#eUV@r14e-K|dlS1{S@5)$qx@#&s?r!gMbVA8#R39>4Hout4*9-PiryTw{$4nD)
z=`CLijxeA$Gz^+Op7uCc-oWgLqP!0lIJ$a@8~OS_
z7eGUJZm(PA4PPMBDf$)Tp4a5H=6|KTr6bkvk<#-0CkG}_<|BX!_LE2ObRMQ|N&sg#
zRAVrRP{?YUtZ?b%Q@Tz@JrJFgU5#1m%@|@oyl(!ePc%;247L#Sew?2puiaY!K&+6<
ztmO{`tflrgjaj$r^RWV2JethsU>)1pt5ec1L&ego7sd*+3T+s`SQv15fR75r@-W^3
zZ0NF5if*NQrC^=Km#fFg;4XJ*p22PE)U!D7LyvD2a3NJT~D5TP-YO&_%I
z%7HQQdW4n{)VbW!HsGWLQ6eM$EUNY}UO|mlGi(0221`d&$&HP7oS4AwMCgkp%Z0%&
zd0KH{f7ElW{6BFReaoG2+x?~Wsc3wF_7_J4lg)t9Mmab3-I}1)YdPiDJwcPENOrAo*
z1V-*jnYJv!SH1g2k#;=@$?xc~Ong`LpyTN9v+V!&Som!jhZ@
zIh`&lM`pM+^7+I;7h4ZTQn2)SweMJ
z-?8nTDp}`tjbChR(E9ONCG-jG;K8*MiA<4zV5dUJgch${{uuGb&7a`D+`YCC^!stU
z9+X1i6|Ed?rPp#w^Nh;4#H}OwZ^d`WrxPxNZ_AoLU0+X?i|CD&g@aXoW;2nUxy^QV
zO`hLpNG9_*%x@u&pSX9Dv@As9QiV&Prb|r61g#M
z_iIcd;pj{}xxT5LL8y;UX=u;x6W5(SXUQsZ`?8g2s|+p6`_x*GKM&qNwTzgkxj
zt1IsgeVBbbR~M^ukJo2F7_Ooeh~GUlOu?AYX`+PIR$9tbJJP_0^aF
z4I_u%k?;B1EkOn0kFzF;OJ5x6*mXE!>ZF!huPQEQ-S?7z;cwYbJ@d4SgnB=YcdTwq
zCEvK3f+t6%m3-Tdc624l}{v1Tn03;f1UVEhZ2xJRJEp{L&M-JqS^*ExzR<&
    {j_$_(oZQ9z=Q^3W%&u~d1JD1
zSHcx$lY~WObIk!UudtuJ2qNZ?0WkKwn!=D*?mBVLDH1^ZFM1Ugy(xUz3>#{)I;0t~
z``Hft2ymrcj`Ti@Mf(dx+&h=iUCA2}gqcc|W0d#12ULlEFsh==+AA;>K#Q;wo`z}+
zSNbaXg2m~C@s)aC==^W|j%qgjQ^d1FUrcdxS!~seHgSE;=s5}~PA`D1OgU#%#^{aR
zPSWsAvt~>&X{?o0;fEo*M;iUi>?Ue-;6qK`!^$JJ!*av*6r*|R395`duGw}!?8@o1
z#Kc-LU$^O6zAPInCQmGx&iw{Z+a`f;imE>qPLk=nQ$7u*)|DWiw;cScXSgH!;fj46
zPhW;AKbb$bcGQcfi_4%Iy;}cRU2|`$P@JLhxMQ-owvRe&Pscjw>nKTTKUozS$t{d&9L%8SG6U6{
zD*f*$$)kVGa+2(LzzC^hj(3cdzAl^LH`ZN+EU*2u@A;})=Mv><)`AS1>&?`Y{GOjp
zlR*#Cbaa9VB!AD4$sdzp4cJEW8JIEeX>b`niI_dD$RF}AUT45Bmj*r|sdTpCxS`{-
zO(_d2z7`SC3MxcL=uP3{$ug+*Exyc}oD;%a9taUD3eX5zCrbS4e3@HK6JN@<%7VY$
z_VUN=!?89!l}K~bgzd2b!fGr;{AjgW=-md`)_eh}ceU-;{EvAC_lxW{V8n9i<;4Ha9o@yMkV>8TMst*){LEc6z4
z0_#K8PG7kl_GF>w{98@tj9iA({@OLInNBEF{Eg&7s%iJ{L#fkfbXH|L=4D(D?-j|n!I@^z=oXX&k6Qr
z0kN}a9JDxFtPKI1KMc$p9{dq;IxMAsvo=QAuVJ&aZru6u&MRY>Zn-E@jvQ-+|^)6@?ol_Q|~~_6&7aW
zQ@9^0Fc2s&y~?OJ^&ZA^t|w_f{`HCMslDTcE{7Dnq`weov4I-jSl=Sy+H(t6GV~_?
z?gU^HvOH4?XUO%-N=(sy=(;oHEfwii!Q{}F;l029VY9`{6Z*`wJ977piZHoq#S7Hp
z*~;mH%|ywg;We&Uc1y_UF*}4Ar!5pS6flQ={jb42Ru;uB(sW$g=%^?9Ni#eNv^<2~c#sW}jHD-WlNM%nxUe(*9AG~TS
zxc7Wj0_;-_P1#ww;B!*7yfP>y0sRRAM%yYLL@kK>A-pWDc%X+O`~}hYh}*(5X@0yt
zbv325S`Q#2KCWdQeLK)Do}U*AD}UY2EWYMd8DK{#M)SL5t+yZo&%|^1{Z&S45-3$z
zs9LxK%DYIjCiRn%K?QrOKykFweG!=Wu9zw7!^o5c
z-1?^TY?|iAriC!XT|TXVH^7Na-O3H12ZzuhQ8Wd_Kb3b`#MN0mYT*5FR5KaWB;R
zQ&vSykj-?`Ooqt|
zy3M`PxTLd|5GM~pjme}r@W>%D^Kx|$wchI?rh9(vxAe%|cr;%ZACO9GU>d1L^xXcd
z_?>Guq>iIO(AU*2D|}Lk!xAwWA?A!V>^6`OhHh>47Dq(1o@2>#XCgL)f%_9OGIXD~
zbukd}er_Wp55gB-u5RUMgwnidng|)Z^*bgj@y6;-%h@7ws%A^-xi
zHG$308CII`>?ewe*FEPF6@GE1jt~KJ1*^nsvDYS+(r2uqPx|!=VK4kolEw3lOVUOs
zw$YR6e!1JI5rgHz+;5uPk2u|_g=~7&{0PO*+D{1tgyZA&=^dVhuFr|
z$J#_DC~iCN@FfOz5B$EYJT95CL3X{?XCJHz)XSgh2h(
z8aYSD;Rq4MYYtISGYE(}R^HKluehN>eq*I#m1qYCYp2@|v8R99?@Jfa>VQ&ete>j$
z=xb&2jb{d*;fU7zk)YL7IYBa>BXa5|@qX-(aEme^e9^o^X1?`W;@m!AUe|2WeUHSwSZV~RkK(+*_k@cP`q}8yw$2K
zd-lT)X5*-^yX}$#ZHFu<-sQi^Ad4?F^S69bS;EgB!-g5|Vk4V#WH56yWD6Xaxum&J--N`ZDz^fwTf
zpYZ!l0#c8{e2?uv4+4iwjTrjo#yUUJNG9pwosSuObqi|HM2u-4CJUk=;&aZnOIIGA
z|I(FyV$^J%XZnh+iX)A0=uZkq)+7(x0Z6dFyv%zMUK3Oh7JU+~*JV=OKagk-47O2Q
zxf{o;rTx!?qM@oI6OB5rT!+5xp+pE9wS-?OZrW&<-=7h$Wo9k8g9Nm%hI*{{iGx~Wu$807EBD5WAd@>@9r|@A#iCoe3OBXBy1r^ce9sZ}g_ZK@q
zSfAzlPq!pD+687y#E~%)6nMqijl?HRHR&EE^{2&W4L8ZVA4>@KtC@3`4L8)jaEG&d
z2d}F6O}$t)siym7(sovX9S^UlTeQ;y4DYt4mFm}fFw%z=I_A(gSX7R3!mngOBd?JD
zwcps1@T;4bT}Lln5{3IixNz!w(io(?q!R?cgO%#&YymiuUMp78bUjW5^t5kbOgxl$vu
z&t0tXVa*3*e9k|7UCEv*a|0G|p=sOa0qymXx%Vc%Z=|A*fYepFjae)$ym7^`)S~H%
zN_)WTes%br+knR)B}t!cMq=OoGim!A8mf{t+5T;k65W#-ML#`{KE!6H!&*=mxR|3uSnIp
z%zg>>uz(HlnbC+jixXEh&6>2Vs6eZ?p;{Y?GDlcN9j`V8j(l3~tmPBgu
z)hMkIpPNO->;R3P@ZO@LOHCPJv(G?-1w>NPN)i2V`&Cjg4n`~fp9Ux=>6g(aTe}jp
zlQ@o`X$LlYNb(TB^12yRV6#@?kx~e;I?8^+Cm~Gz)lx279c-lcO-Zmb&S@urtMc4sc9CRlDn7-L1sa8m?>49-noz7r0eY
z3D>X5dcqg8J^Ppv#zGxEanMa$q_~o}1|&&1?hYrC6bqF7(-aFYW0-C-@8jo+FA#L^
z%GSO-*$7S#qv9x})#M;3({s1Ro0ev+W%mw(_AWMCR=c@-%K3=bSq_6SH!AA#-FqzY
zSrDEp^1g}^%($It*AT(`J>>TySJs?6%k8F!zfU^%+u&f!_b1%9rNv3`%(k1WpZ_Eb
zDUnz(K3(I<*K9yDm5s@@mahzja_ZT7UcSqzDjs`#CEMc|ZT`HLeEf5m5UDP
zEU!Vsb?f&ihs&C!`gKZY+bWNzu^jb~tr^5w;L=;G+W>)BupO-!>n~jP7Fj<@jE@?^
z!PJto(k=1bE-Vek9^Gs
z)8_bU-1JXBPyhZPk#_%JI
zWcE~I!RER~jM-R)#rQ)cqk3W@9Z#+NY!{D(l^|b{{^V;d08pQAfb^u&!?SlIz$|Wj
z!(Y`G>IIx;A$qdSWzXDib~uJY@d_31m`-1pgD5Y)Mz*&CVBV_!oGqYKh-LA!>9nLf
zkyB2Xx6wtK9u+G@`j}8BO-UhZ^6E9JLe|f-^1v056onz1rGVR;z!yz|T=5GM?)~fD
zx#Y#V`jSVVOF2}(n6fmEo5@i|^ou%lnHHhaM;=S(CLOU(9@-OGf}fh(Z1szVA&gkR
z8uGV3k3RYGmo{>+)FrvVs#IZntEK@+|MGJUCK>MxsBZ9S=bJp2_~mz^9(X7Bwo4uk
z#b!8zQAoc*)7YkwT-v1Q=PXpZO-oAC0q^7w
z3!sjdJj#kXqJaeGfGUWb=dtChUP-TVuQ+wZnq^j>mpu5XNeiHQ=zE@{xU8H7vG-%o
zFiXegIvtwwv%4Ed{Q(2k)Shad}WqEyF8vj|Mc~kx=d2Q
zj&amT??)ku5c%9+HQbHG<`%6U&PBPXj{#{%|5`*urRyCqh=0lok+cXDQSU=6r4KOmHX4Qk(6m!
zCEDhO^;4#favSE^M}7R;Cv*gTLgM0?Fp-j0bHgN5eObj6OC76|G27TFDGt5C$}jU+
zeeU9b)zgd`V|D=J&~1XkZF1eg{3u_|Y79<*eEq+5K$yB5b#CzE0U-0}WJ*9+M&iNG
z`#XfdsPWxf(EJnrotQ>&LVwSD5A0^W{JH4D3PL1uznzO2vI+vbZJ{azmI2=xX-Ksg
z;e}os;}tC4wT|1a!||_6wfi#MjnnPt&d$Zy_LVl5VHZbWtDUqQ9u-FfEbZ*3>qQVY
zc^59AVhvJ`U4%8zLdRFMg8SM5^}diVN+SCMk<|A)7?j>@`y)<>mF8l(}B
zPU-G$knZm8Zs|rsIuwzV?oztDM7l#lQb0KOd%?hUD`YIp@^Pc@%Z
zhC1nVcp7j(h2YmCr%aka&B=v%MFF+3r;QG}xL^G|8zn^hr-uEJ<`q$F%Y(yG)OTJ(
z0gKmQXxs!*F{3MG?rL&yrJX5xT%2auhEob`$cykXBR8#1-yE(ZpcT8w6HeTSlv6z3
zOsi7^h2Pql!b!(r06n=4;C$Otu
z(}<;8+6d0qn6>($>{WV>rxp`5*Pxq9(}Z->M1Px1S#8C)II5Lyv8|fzu4z@VJv8HV
zLSCt&3q;_iLKn0r1W0^o9DL7QY@-AUqi@@HSK4o5CVzbHdDc_DITqXQXt-;mGb=&o
zR;Z(hkA2>@ezRsHlumJ`JAC3weUbJgITev}_0UpBp}3lllOGF9xAdJP?cdHmGQrV#
z3mK%orK-_$18Bm!mPZ*+ono^baJUX-7Q5-sIHA;F?Jz4FQkCoui^NR;*b2b<4BRT^=iGdfE;e)s+%p0*Ur*&oI)L*
z)#dX)(pfe}je
z1pwXqpdy(9)hj+nFm=GT_f6Su`e254{BPU5S+wF?`UmvoJw(bu)
z=ZwHCcJlzDIfJYj&7&TF43!tDrQ3T@rJIn`Y$*?_5^r`k30rP2?KBry>AWGM9@R%q
z)*OqC(xW)Gp#xZB4YVF;l#OUxpX1V}lKT~ZD55r2dN~CXZ$}qCDLybk;g#tdvkT!|
zh!b_04{CtMO8H)`jX3TVq}4rGT2UwQc(Fh#5p8eTqWyf8=VMPgoWI7)Vliw`i4b#5meb@T?d7
z8Tho(Bi%cyqD?L*_hJKVaVmo3l&vYbI&5Qn^mXYK;yu@Y6iq0$VpG2~e9kSA4Qnd^
z#VK6H&qIp<`f8ImLw~A&S8R=1j=(xgN`^tF@%BW|>m_af{rV+WZ!~Vt+0qw5Y2$Ad
z#WAOIJY(AR@bUa;v+kOdGV{kx;pMpJ0EuYjDJmm^daGikpQ=+%4$W_ackI>ve>@}S
zb~Z?cvY5a5^dcG&RK?c9?@9&+l|27xIau&uR{1oZEE5kjbfr!=)KIY+EO=`IFl)_a
z>~0r{z|?VxAiU^GJI`I^MX!%*vxx&N4_4OPNx*0}8(tPLCiM~zCr0fSRnd*JPd~-MT}*owMvsfyuQ+hd)mo*aoet$be9eva8<_4ggx35A)IzxJ!t+yV
zb%5;pcet@V9|CIct$Hzm?lmkuu#u3~UpY;}82^G=&0II|oz;+KnKuakCk|20?-Cik
zl&r{7#dePu1#SDj4Qwk9i&)NiTqwpVFJWDa27l1;p!X~O{zIRNW5Tc%t*ic?!i4a?
z)zz5k4Yj;EUU^pV?|^HCq>9?zV#P1X_`+_{o9yyBI*Qim$T!LkoaSy^>3v{_fn_Xd
zOk;i2`YIWRa&8kAsBfyqt!P>rG$=IvV?Q%^6=E~vVYn9x*=%&o#|B8rJMof={^_S6
zLN%SPl8d<>RTM0sJBdt7oc}zTxJS>&XB&(;F4ttNvlyzw|`es@iF7nfSf~q*Ebn$OnyQ0iWLC$
zJ}bbC5IeVJI?hu}&Xly}V)^!G`U
zfQ<*p#UTeDsI9I;wtE{4q%ip;h(sSU)i_LumZQ-;Ka6{ERYvB%|0F?|j2CuI!Zld>
zE9RbL^E=Cwb=c0@nUL7{d}{n1kaPgmt)||xo6s>eWu1d
z&-;JdGoBmESRU~1jtO}VM1+TBNW#B}s2Ba;Ny4Kox;M7^w9IY&K6P2oqo}?Xv}E;Dtgv
z{|$*~a(;GcRc6a1BNPQ+%$c>JL{2_uEBADXtjSz|i@X*@nl$WEuS=JAlypYAA-}Ti
zNn(glj&6ZXrB+Vf(?;52uAfZZadru3zFG=y6n}0+m9y`raa^tBg$L_LJ%+H)rPP=5
zuPD-^jV*Qb$vM6}2qJ0_24!Z~B+k`I6`7WbMF`6^{(QhC)DbM0YB$7HAf2A$s6a@}
zBQxB^(%iy1Z!;>fM10B2*sow@o}@7s)Ap~|dJnvo0TJ8#ufK?Bx|~uR{2r07BB4jW
zAi0k3aC_Q6p~>V5M3;K$iPgaZ;Uy%u3@4H0)mJrO5AXIw+MN1?9`IB&0smN=qX&~%
z-FI=~{>M?UV6zkckIyB?uT(qZaGTA7aclj1nz!h9O6M!tO{dl7V=q9b_2n-=`#@nE
zP*(P9e{mHk)lp`l5ws9b0-5OoYq+eGSs)X0w*tTy33a_C%>@>exM^ucxjqLeY8na>
zpe2BwK>-MCX!|>R+W|TMKq8^ebz&jlp~Qiikx-caPs-XJCNza%l=^2)iN?V!R+82B
zw2IL^1#-z>d+NAZ;#3d6bnP)6CAAgbQP5HNCMmke{sxZ
zE~tCrll?3m)9GBR^`?+}IO|vu+(Z?-7~{W5=8z^Rcd=B;hj$=c5Sfp&aXDKgkl8hE
z*kll^ixUhAk0|@{F2f@=z)@a1trhgA`WP0@6+?#06ePSejwgU(0H^t-pxZ`_SXl!N
z$MW!_{pwVwM_m%Pv}NQ%{xOvu!>+sIjcePRbltG)@pm~6bWiR6#RmceVZfYX-|H5b
zzM8vA?I7Z^$Im|UIo;OmjlH1iX^krv?_ve*-9qtCwooTnSq45_g5<{Vd#yilZjCiT
zn>t+78LS6r5q0Kx;a2z?@Vp}2>~%ovvwzX+bWKk-4WP;kfrI7(MA$bJCCH$z^|X$LV(_^^cSn
z1w@M|utA%t=NW`(0b$h}Y0V2>fT|2>m3Lt3Z&gP4
z2FeOJpEJldrW1JZ6O;iB?$~DYctQh~@A_q|s@juZaYuTQr1kuCLa+PN6&|4Yh+zu(
zjJtxJate0Xnl2Pcs{&Yq70^Mm%Ze740Z2fyE
zysIj^fA4LA^heS{N$d11jcm`pUsubOgscEz{2`
z_^AH^w4`Ul^T7ZdppzObM?&^q{(o22*rSI|IdD0CbXvTfPy->%_@@sU63Nf?#u8)AJ#LbcwY`^x&
ztyvSS3|Z@VLOeiLccq0xqVXAP^En60Qnm(^trx6tKqJf6%^_>H>g_9<2_1_Y2yD&%
z6*Y7*Wp|4cY3D$?E@N%jz>1hgR65elbodkp5G2p>7m2I%#m2n?x)Y!jopd#$2U*^Nn<2!u}69!hfb!
zIgje<>skl}m<$OH>lLOQ(04m4`x7-p+4!C^C&q#`NJjM+IGTV8b70n;k_>^;K
zIu>lr+BFN8{L!;-EC5mWo^$^;GuC?6BzT3J@pBCaUe-=LN@)rem-)5VC*V)t0ABJa
zvndI%`z{FdV@aPfdk5^Fb@n(4wmlDWbB<_wp&-x?vV#Vy?J}qN<-gDm{Y5TV{Df5v
z2141nK_BVA>Y01C&;v?Fug#?zQ{~3)lNEZ#4mBZ@AQi3oJbna?r@T=G0g*qEgDG|(
z>3qDcrbPYc>&A*(nV!UvSFawO*P4lMj<-`;?>l
z_8rWsA0)m7kB_M~YD0;0NnE`7q#YRc+|f{sYP9gS?zjY$-06jg{w2EHD$Ez2OjsOO
zIXPcP)NGJrTYk7tlGXe(Tl$8OUFu5g5g8SADQIk@hkY3na8&1N{#@OlhV8ckn&3)J
z?7m)&I=T8o4F({+nX+qs9JaPWDGTg!I55XyNE&ezmR8P{PI%*?z#9I`a$sLTQS(1s
z01#ku_`ZN#xH`#WpWilX&Zo?vh2vA=en=E%XYJD3-%7BKSKkfTeIgls#F1QJj
zCHpMj@{)o(fb|+so<}=GpgZON=_#!l*d^qEo)QuGzVAG&F`%UKAEg6i9q1H-YcLAq
zvhjj!D^&9^S7DIc@m+wtlSsWV`Gief~6DI7Ma^9HLwG5+oOCWIaY@Rt6d
z(llyE5NN#7O#FfD$0lBuf9`*I6FY^L+crRH$>^I;vHx6T6tnrekV8
z_I{r1S)_XMxqhoJ30RQXH=vyVoPeACqhjGf)@O^+TCGkx6&+0ay~q7@INdS?erlC*
z%WBaYs0@sCA6F!)F56zfmz*$a=Xii05j<)0dI|P$N&sR$ii_ERNDL*&_4m=o#Q;Zb
z8W1~jR(e}Ov=9Qk;5ucN`~d{e@!J|)B1iIOf)v3Ql-|NXI)2`eB6uJQMld?|Kgnk#
zUbZ-pUYdjyujgZV*ca&S=0Z-+j~kUc{LnK8^WsFHm%SP5pOcQ-UMpQ-rIqkqP#
zvm@GNW`R)
z2V|j1$-6JMF-MPkA=56J%&_5>EKBc+A=URiNO4WT&FBQ|gJStYI-mqyMFj>IT^&yC
z|H|X)gZ#MeNV}E_QfB$fUlHsOI|i9k_Y9g}qCB
zL=BKqVn?<3mx($fj)GJ8```jEDzh^xPTU`Sg_M0Gs3f-{#Ya7?OjHupkv9Dp)0mowGnDdSWfM
zDWOyU!Ou{wsyq%@h-8pcu&&|Nz&gVMFFVZ1d7fjPVS<+d=7l^8O_+!hg*prhn0XU`
zK>y`ic#;Um({7uT
z>o~v)luXR1gdsyZ*QSnod`n3~nP3WCM7EotFmo@uZBPrGm}V6*;NY$d5ksVzsv-FT
z*SBC>@B>AdxM}2}Js}Bf)H_Ie+YV8Db21=Eh=nEo*Z5e~q#z!J3*u2a0*M9x%efG<
zBfTXCpN04rKZFnw%&aG$-^c`kpF=@vzyoX4;P3MMU>-R|H65~^ChOS*wwL7ptBOo)
z4dwb8B(-@|466fna%KT}*gjW0*FgFN(hYJeIK>~&hkeKgZ}Q2=Y&;3J9g0u^B
z!nS93g8)$Dvj^2jw#-!(0`^e)-gNWwVL4-l1b+Cm^}Vv~)4W(DayU{L-z(5+WIp`b
zmemq)3Wb)>6PfLGvUNVQ=l!rvP$U%{w=IiB=9BUkKAP9#7v(CabwUJed+M`^cNxsj
zBX{0_ca_FN$I<5QSHlXNsS)JiXJ|5P56BhrZZ8DCB7<@w2bbbkx{DhzVF33XGvBAZK
z>ymE#`?gOYThRpdm*|naLm^ieG(QH=Upil3x)3k6!Ejd@^z|UzoNe~8OT@k)0W#Cl
zql+%dd=9=iwEECs)$Dn%`%+{!A~C=Jv$+vmm3mTMId#Uh=9esa!gb4bo0LNw(Gv?#
zopA$+q~9GFY<{Iikdkb(ft28I92QGot4oV
zNJ1=GEG!Fy6;yA=>f>kXG>1?F_{p0_4X9H{x%jW)4V>-ncNB9H#sq`Msx4`05RO@h&^lKE%AYkt<*49cBpy5fWT@3i;Av
zHrF3lJh#4k5d~X1wDQ`=LQxt+_OYL!gH!xZ4*0jU1+M>peLO%Ev36R)WY|Q&xDK!^
zYsgq23}wW7NO{ZhFM?Oyf{`knZqnjU4hQ$=tcT%efeWD$v7Ct5tn%WpZR$(f9p&KemisDQ2&3u`F~%K
z8ADtjGnmZ@7DUd0ETaQ|HPk;MUwztGXHJld^YrQK66E4Qc8_(o`x5&VKrW7{vi0iS
zy=}eity^_+e+&s8L(@a_+vpVdHl`r!^{Jlw!ECzZIrS7u`DhXZmhf8~?h3=u>oGfq
zesZ(r$34l}GVR5}Nk-g6egC)CM$%2Z8EOOQABGcsi2r|j|MJ#CE|+9w=|g*LIYVm2
zeJLJoU{4ZpM#Dilst?eLFVLksUhXgmX)>GmYCT=XZmUWAQPw)I&K~903r1VF=oh0|
zZy#5ddGy7AG7Ki`{}a~;IA~x7|NZe-2S%sm5?J>&t@9?ZY9K{~@Q)PH3p3g7E=ZJl
z$cDFq%uW8Ys`1d}I7A8fjwqnd@Xev++tS(X6ig(~E9vN%AfrdnqJtjRC<{@2w`Uh~
zwMXXkA`9$qiulH>rnj*caO?!ENuqA@!LCHedaf{I%));8BRp4?-idQ2ki?VdeTE9$
zhh1xh;SUKZXB3Qp@#Tz
zC&C;OfPGjX1(T8Tff@uph#$8Vb4$EdtoEN`%%*)uDUUR?n9ZxFL@Af^JYP7d|Bqjj
zi}RY}<`+x()Q*OI_$#--Lhk$qoJk-=sm6#A>@q8W1$qyFZJ6vEC;8QW$YFXUOOPAP
zPRHW2nw9qpG2>Q!>w-+o)>~_c4c7UF#Rj
zY!hJVHo0bwcN7teP|-kCv5!E1H)v%RdgnPgU)*U(uGGxDD0B}mi2_WqS+?z4v__TKpX
zXXl$VV((v@aEuLTsyN@I>b9|sN8X%n4sA(C;qW4-lqkeIZ+t_r%dt%}Xn4{WdR+$(
zg8Mt><-Y?XB88dvpu_w>d?Vy_H!dVt(Sgy}zA975S{fk`5qQ9)GK}
z+)!vhL?RgW5$ua)Z-V|81b_-=*{uz0z^1dtGXi#to+5BRSxqV1f+cL3Glf5lDU78T
z*|k|VoNfMAlguui{wRI(_~C5hk6(p88-iKn6|2Q1*x1B+P2BZ~FQO;tq%Xy1#^r8X
zRlm)3h@M*WxcResB`N*F=g8F3uBrOTln~#mTA#%>HwI=SzR1`;rSf?O?Trl)Tp`KSHBFz_0gCg=w-*M^+d_vk8-{(+&hxp2P@R*irm?{q=zW
zyT;}Za(R+F0b8MD8!7yY+QdloeN$YusyB-24=s&~N+;igvbaj$i2@2H?0_veIwi=x
z=HSx={G;g;MX7IhFj0|2WKk0cs|
zzb^u!BU)1UF2|n~2q2L!Y&qXh(9n>u!Gx+P#=FITE0CkqfHdf_Mr|qq_{1ga0rb;If_Kukg!!-@`>crZSzaRVt4$o{
zljFJszjJ@B`bosu#1I0Se&U6u#flz=0znbP2eWm$%eITPsL^dfH(b8%)-i&j*_`px
zuqRNjO2pXA_~`}txq52h*l|o64!NcC3$YdQm$0%%fUCVKf5C8gO~6LlKv-XW*a*H|
z`?X!lrW>a90;7>JuARI!;PWz3$L%NDU`Oy~rElKPllX~0sxpY*x%VF1m{oS_);gl6
zGru=U0#pVC9XI2{A9GRIEFsG`sTK$+J3cC>XqxtO@NZflCg6wk#xpEzK=9$aCa&NM
z1eIKA`>+cTuGc5c48T!XfrsfCL3s3kIJ>`&PaC-N3QDoUOe+Ap{)Tz9#bPhpO>m^&
z`sFCsGazRYh!pY;WXfkKz&k>6t>|Zvj$E(4b>OdER9iE=v3!1b^+^(a+gcdmWMO1aLbaAO>LPTXzoN;losg)Fun0f
zKXuI%YNFzZZU6CQ`Af{51-)j^`%;w3?~Deo>&RysY6g8{^!Yu0V3cbEUeM51q_uVj
z$9SI5i8YdXm(%ywSW(L+Mlgr5RBo%2>EOX^CuDJA+jL5I@kj+0A}EbjzIFEtep515
zpp9Tw0eUXE_Y?R*>_25>$>kV5K9&15%3bqLi0G?)XLPK~=m#LMf~HKSFfFl>9sKw3b=baOy$PU1eSB~{k}nwh{LB_6uY>vQdXgr
zrY|wK+|qtgxe`v?a#3ES)8vZD*H}@0%j{EDzu0;j>&*z^neQ
zlb+hW*i%ksHz4k_O3CF7{6?7-zDpj!Z*o1$>YKhu@A+6pGMIaV(6fc&wogk~)w7!)u(q2LD-Z9jqs4hXPdYq~IHfoR*;72FfciZGckV%bF5w
z1(A&vV5h(StE_hi9{T)59H&gT9wg-l%?B-m*0_U`@y|*Y{Y7i4)iSb83hZEtKOMDv
zvQ
zT=-&CC{{y!d%FQcNmM(l#vq$g%n=}9x~cDqKxCwG`Vf$Mt>)J<$sP~B)qRe6?yE0dh{BkqW@v<++fja)NwW*^A+rGZzuE(
z<_N|6@mn4NFaF;j>n0F9)D5}<-Y~WN;B-zQd7|I^H$16L+d`kA52(%O*YYpQL)X-$
zaz01R|Gy4n&QXrQMT-Pb>C
zR>CB9fGh{~FdyHgN}18{a6S-C^vN^+>L=1zi4t-DV8{yYRw^g0T20nL9SEq#4^e?J
z?>Uzfj4vY6vff(y75%QD%1-K1aZy{Q;Pi5s!N{Ix=rcv4)oH{6aqJU*J>r{Mk#7jgkBSZi{GU0PyqgK`0*mBLaOw1?D*1Zph!A-NY|{ijF`d
zA?%7jj+ViE)$H}_tMwmHB45O>M+bzsX#Sg*n~yy-w`Ut+rG3+q7assE?dyJs#uWx2
zdeA?%`ij>?enLAMSJ?6;V@ro1F#(z21qbwRmRiUVJ0S`cV@C&Fo&Tk%9iJxCeTvBQ
z3gb5ktP(^8%n4E^%r4%RfR6ju270$>YBq+~%4X5>+N=iMj}ta!tijSD9FRdpq?S%o
z*f%?WB8PyOT-`Y}lIcbmyd*|R+wxO;*>VU-N=8A)q_)=<&jmSpndNN*j(a?b0tq+l
zhsev?!-+Sk>CZa;E5j&nl+0SGzTo*5`6PF~0>JCJ+d+F7fnRJIed3UtCf#O997!Cj
zxF3TMgL(xAnDDX^%tsD)-d=yHnJ*u)J8AN*;96M{XKn7Wn93KO)atH6wBgNSlV2Of
z?vJqreBs(I>O!CC{SbKah1%KA3pgnUOSQy;&FGx;55`w5SptsA)|w-_jPWtuf&jA4
z33^}eGJpZ_)yv$r>r|#8eLm8gWvmD7su)xMiF{$ni&o*%st>Tb<8v$bfN6^}!UZm4
zDBC@xYyf8cGw(xSf5>+O0$f~p+2#+bon=+hyrqOi)(>r7zmys~15U{~ehMIJeF;jg
zX3G9M5(k8!hDfy)SwcW7e{1moCC1iE*T%OUW#@
z*BJOnZ4kT(Dq8D*WX=d`;jj>qpvQkC0v)v;G?K65MDt4t7R-33ozkCGPJSPW`GIZn
zOAM;V1IT4OlJ>Y?=W1vFDe|aRUYw2uk^L!6n_EVEW%lWbjeH`Djj+inU?`m`KO6}g
z{%0Gy#9Ks6+&L;erx`w6b+{>84??r6EQ<2rLO1tCQnap{m
zB^2FAz-A#XG6_eH23=WKjAN(uS(^^yx#DXc(T)D%g<#eF$$;R;t?rd&N)Zkc`^gFt
zHp>@J>lYx{E8x$)l;4$g3(4sW8(+mnErI2rk;{RNoDjyDUu%YiI}yv4(lB3GpIo|^
z$zmLhUMA(eS_^t2cdLCpxb_-@_r0OlkJO`D)=B$`2b3>IlrUo(#T%
zdH>z(XQXSI9ew}zc1ItKMSJ~zC4*o-RK2X6EwBaj>}-`p0L>>jDe}ho>KB~-TD@kY
z@SzM!fsSl`czF}KsF=@9755i$T+w9%Y35fBccb3~h8!}<)4&F;Kh(`}@_^OTGlg|EKqWht0phH__dodpM73CmF;pG(}7=rFH*^!R~BMy(+0
zn1jIDb9OFqu^Hd`#nFU_Tkr0x#BpGdn4f_mV$ybEqg8TFKAat4-*)~e)A}api0o}y
z`t$9u^I(O@_8YSOEMdcTbTIk|SFg$6YB9`kY(8}4@3dI|pax{jXdk)SijcdsLsgU#)8@x_L*
zm!kJxbkMbOTi=m6x&p9c9&}O`*_dSY#3wyezIbYP`PO_^iuGJ!b>22#VjY7T`v8B{
z9V1yM;ehvLDa4d&#N=w)2Yk5^VzedFd{KGyjo6hqqV=6boorfb@XoWkKECu&Nn#5zcY&pVSL<}-G
ze0|YYplw0ncK)3LZ#uFBCW#`mF=(qbR8s(<6nY+dY<8wl5k<8^ggJdK1UE`Sgq;Zn
zYOK}o1k6KB)$SoK&6yM|g}mc}7B?%}lWJdShm!HkVJni8`x
z7{7$8fQmZCM!FdWW>69Q6Z!R|eOts27zPYXWbF$9Q$&t09iA}q%m&G*0WE8!Nibgo
zW3VRMT_$87a$hwaCv^q>5qps+%!yheegn17X`I?QQKC#*D19%*-m-q*h+g0K6%ewnP_mZ_YVn+SW0#?A4h_H6NZc#Bubr^Ull2EG^mJ9JpBRE>z%
z)KT7->v`Huu7z{0+Rz+{Sv*?K-_sd@@$2rT=B(n-wAkl&Tz&s2WS4$#{JCkiVHli~
z)uT>_wq!4mRRGZOfl7e9h?;u;!=*MTZg>COz^_5FEo_Gi9>!a!?+AS{BDfhT;v
ziqPErS=JvI=#9C4y{@;FMDyL>hQ#$fWPJ6>`SM(*JDZRUC>C=*P3F`KvUkGRzhE|G9(1
zn;5#e@){S2B4AJNWT7hXF*-y2sF17VISN(;l4S_&Y+tY!?@!Vw#sAz
zQ0L)we(Q51dv|6w(^lV3UUfnFQZ*Svk0Nm_q@AvH6}pVQdBM*{q&$dK;PazC{LFSz
zOcPr^*wSx1HUAXr`7vF1B{r2(s96SS_Goqk!wX}XwS*MD2$4F$3+0)QTr&h9YL;>(
z_5tgJoMa9{)yHnYDtF!*4`}!O^I|B4QVKbdQU+f*Pg3pS?k5qD)1&LQdb(eGN}@IK
z|I;P>c-vFdNnBjZTkyLNsIYh*k%A!rm>Y@d3`C~P0YLb0-reNvO~gaUoGuP6&YH7d
zBFgq6!9n$*Fy{TWH*6`3FJ|ESqgXqI#!dQH*EfC7r~6Z3{mwvy{4W2#wal4P*O5=1
zVt|w%tL1dYc8OXf6(0(FzDZHqmQAg+a6>92H8_L!jZkG=QvEj&v12yufNOetp2X@v
zAAsNZYz(OReVfa^5n;Krl*=F9bYp9;r&VboP|8E`v$-4odIfm2l}j7BR1>tPU%>Lv
z38PLj>G|hTk0m=S1~Uz5Rq+l@n6)`=Zw@wG9#U+pQPMe^_TH_j~^Y~ab?*KhZ^Avf&ui4@?iTc5C=QjaIe
zO9N7#E_+a$eeq2Cv8Me|j&oFZ#IA-_+5Pf3q6Z4R7N;&8R-ulHB_kBO|{Ia3;
zdd{lh*!ij~qvyNN*4f1#3+1RT)}=p{mIBn6`CWbW5Y_F|@i;Qpbh_YC1I(+6I
zOD6y}DJ8H@;3%EIwt&-yGJ~M0oN5Uuzh`51hK@a9UrdCBd@avI{eDzeb}>dL9zkN%
zAKd0U9(*ma&?}hYn3E9r=<@GD#-t(OB5FhN(}R2EiIdT033pr&-0(Mmy+eOF<+?|@
zv_D9<6m)|GC8DC{X@4bt(}-$b?zrRyuk$!wD*OqS10lBq0a|${hAz_5wIm+%)u*i2
zk{*0Fgm0-U`N9IptYXK-`9iDuu4~jGypIv*_Wx@)Z^)oYQe!Hr{0RR$BUdI7&-R9{52y7U3;g?oj
zKd-~X=W*n^CgCFwrt1$c&sGq}?gy1dGxgh!Q#HCVLr-S4V?w7jIqaqRW?`bITJ~b2$>GbhlLO?h
z@vtct6Dfw}IIow{q0)go3idN+gF=04oi09j52tW{-0YYH)m)lA&y6pX(dPG`E?g&X
zc@Y5#u-{JZNcIS_#}{gyi@6P*RC?fXOXB5B3%8lO(NYcKYa))o#(nKNK8@EEO}^L}
z-90p_p9~jKQXA;gLZ6DFQ_hKbC(wumHA8d<)m!6P%$hvJBsE!nv7U
zF9t&YurCwvxyG8oyE7fHy^2wJ)#0o%UWf6Wt16ma=uNC
z{el0sX()rRAoCEDL;0-T<@Y0*Hl}66jz1f5WL1L!f@1Hk0fK~`>~EnWWxoyGA4LPs
zs@DArx_sKry7H>blJQt@T44_oEY-IT%QV}$CI@T9aNxHUH$Qx}Vm6tr4-b{{SJ1Z};bfj>pEFKeTv?#vLFR&LI~a5$`ls>?r8`uE$c6T{
zLLydxw-#{%e?^!3H468#?+Oa8^5Vx;`h`~8l<-VE
zzc08K>9Dn!>as(bLXmFeb6N|)7{~6pw@d(=2yKSUV~UdP++W
z!);6NJ-%Uuw=jc%Tn(*M1fr5stqK~}C&6IL)!h}*7a2XqaO(8N?Hzto-ae`vj)rNK
zErfsnb3*Ae;Y6O@R%i8!;1uY2AxM%m+q5tq5L4AF#L!e=zBF9+qENgp3-L#X;+qVS
z=`gF4n83j%cY+OwN^u;usF*)#}A7y
zUblDQz&7Gqce))B(!UsCCK{Pb`VxiJ=UPH=822M|1ZR};;AX!MgVIyE>~k(}K_;Q6
zqXvQ>G*|SU^-?E7`e;7&-RR_RZKlcNOn%fnAs@=<#Pt)CEvq7lOgW01Qz9*vLfcaP
zS|6G2b`t{bibP5&zN&EXx(?UFuN}*@dbD-NzP}xXqT1nhOuUOdiY8DY?k9harX&rO
zz`F4bk7GZ0Y?=(fxy((wh$E;N??gNU8YhOBwd~Jp+-n{dn;fes51rP!K6oB=Vht!1
zA7H+{I1YUnc`H|tOmZ1VHFUn5?MN9z5dvSC!rRj$uw0iH3v
ztPhWI#(-+|n;(yme&aQi`m~okK~K=ySjGaa|8AF&1!_HxpL*<6=y~!OUVd~KWr4w*
zrJ(vAT)gDj!vCdTSE<2%uujwyOsl^m*IO5~(8=U*O67h3puto-#@
zwxJQv1o_(^Vc`sCi`Q}_)M9I}T|7O`cQ-EskCNYvmVy|REE~x&7
zlz}kDkeJmUQ_?F*e;f&`ID>u^x7Cw5my0+}4llW~Y);U?F=5wqhNJ`!j<4Y}Ln-Oq
zE(y>kjJ?vk$@&>nCCo7~dZ0EkKeyTH;4fU__t7K}*2##vJ$2e^)}0)_b%3DLUpyaR
zI#;FnPt@`Y1tjH`a@{7b9-b4-5$_IkiY)%v-g$4|72_GvTJ0crTxvGkqV!qeZgE`_
z*ZW7@Qelc0=xF7S=Z-TSg&Y!{z?*m`8#F`1jBWN=6fA|m%PoNz*C$-#f=u>aEVyHU
zS8n^4+w0`(sLH>2=!Bf9t@qtyz#3rlTYJ-JovLF5CjXN83$3-Qz}3{QB4`4Y3^6FZ
zJn6WQ-L&%*vmMhK?01ez+tcmL>xe~?>>crk(PpC7Z_4W{a2)t=B-hAIt!V8+EWgBr
zJD>lc8{+vuGbY|a?NDJD^T)68Lx9==dI$s=?+VfYhK#-J+N(RSzOv#s?|U>0eghK0
zU
z(dPHiY5&~CrR_<`Gb2P9Ua0}dNC)62E(T03XB9ZcaLd%--A6Oa&9$Ww^@(YXU`tMH
z>gITTe$-exX=$|ptQ^Ut&n`&H1xxDw+nPl6E+L;|ibdEtPv$yV5vS)&^S0?bZLh64
z}Ai%z7je+H8a_61?TgQ=*|yDQCQNa8NJb&`W7U#U$?
z=}s%uf*EUVJ`APQvK2>o<9f4tN`szN4wdzaequY=vH|7%P>$>eRxh?j2F%FVRmltM
z&cJ)2TAZ5{_a^&0M4*Gx_v5vvu#%5tF#iraRG(ZQ2ygnE7pYE+hbaZ)UfdriTQv8u
zQFnF9D=S`A^Ro89SW_?f`-%>wxEhC{%i*L0My`kQ0--gv)jDzUkv#E{;#lUd&DCg!
z6gRc%#V|~uVEQ1{Fh2WLUw_;=C&coco^|s0
zxy}eH1g#q27#A!t*S6Z1TtjEYH~DxaW<%%c*tS(92(W5)>)^g#UCmv|%=Mt+b<_;T
zO;QWam*!#7hT2oDF^a*X4b4QE|0Za|rsJXn_fl$M{_5ozLrngIeY%cQ^J=<~f*9vfWC&3i3j?n4HET7riP4qiXoHvN=qWyN82Ut@Ty0
z;`ciS7!V8JUi-K-V$r1Av^SRy{#iB>PzN4q4k&)O8S;F9-WA~wO%M+HO%Y1G6TAyD
zDheR?h=rfBPWatYz$3=I`Dq`iYNfRV!53sMt_4{+of|vt%BpBpg!lV4+P$Ug@jJLrhEcRZP0SHs$)tCndD_^rivDmh
zAx$G8lEylzpyJtIPj}^0bJXpkqqXlx(}?WxJeJNm+x77Gh{_U`&p#C-l{$URIdW+u
zXp>61evyl#rqd+8APpTW%h0yRxEH8jtyqS}uO5dSWYQj30`Of~7$5kXi4e&+8EM81
zrM}XSN#;*!^J`703l>L^AefHrR(ElGR%C_56mPE>k?>B~LuDa-qrqRR9;}2iz#h(^
zeXAd21s~8PV*Klz9q%gXQyt70$X@$@T`faIHtG^i-B-s6x8hsp0^0^1|5l&-SmeFz
z4H4Y>uNFq+3f#At!>AHA-76`)yn2duet*1PrSzI!B(fIr-z1J%NbTHKzI!pA4Rb0S
zh*hAwCFc08#H$iV^n>o|Ol1eRYR(1CbBQ);Q>jqm&qFH<%}GaRAiEB6P4x76%?yBG
z_oZrp#7jGm6>zcYEaYNKh04Rv<4CfHM02Y$BKn9Y6#~r1lL!yqPz`_~i<{XPPYx)P`o;FF_Ik{#9*Q;ysI5km>_!jXF3uO@FkcIGo6uZE>Vibbz@*}r
z!@J2+9}Hs-E)MExBF%Ilv)rKOMDGQas9>gvSN$SxtvZ4GlNHp^UQTLp
zbgG+_p(C#2KYqh${cu|A+#IhwTI}*8vQ!{0TukVmsl1;!B-b>Mvt5qD0nVrp*m{gY3p-z
zj8?vF9L0pGh@G8SE7}zCyB&VfPAkUKGxZdU%TPr`)V+~wO?AQ0ot+&)}-|O5Z8TCoh&1{2r%_5V`H
zMpC!a=&Jc3Ip;18Z&@PoqJgRtbZV@3dWdw4db7_@HtGa|C{R>?U$JK8yvWt4ySLUa
zIQ>$|q4imr^{7Z4a&j{=c$U^>09R)X59Nlx1J!QSK4jt2>{lVe+w?iK8>f5x-wpkb
zPRK5a*kQosiw`*JZA-;y{-vB5QS^C-jIK-s3=ela|e-*pDsI|oPejw^V2H&MBALrc7C!loE}a;d@+L9zH@pXvs#v42qVU%!m>
z8R_w4q$InT+Yu26!i~Z4p^tsKZfRG}=XVbd-UV4;*sn5^G2|#bt=4-*(1?C*Hbtl^
z%wQESw)H(tB7X>E`*V+|7s=#`a$n=$>qp1O<}lP~mMm5Jp(oeKFv)tsdNbwm;Q-Yv
z%=e`XgE&u~|c>SFO;OE%cVNX^uX>
zZ_{Mv;@vanm2v+1@hd1%e4@{c8z{VZ`ms6}!@|kunnwpUmU{6QhKA^i2?5wD361lH
zc@=e)K2-du;WQE8y%_gPBMwaWmDh~0T&IWv$hxuDiX9>t1udI0Xk%-gK?49Luh+SL
zSRb}8OG-zz(}Zm)d6(x-GK~w84#Rb_g7f>Emxw-h`uKbOxdX;Krk7i;EZ3E(h~9Y}Ub@QGqLav>kIiuZfITZ`7mTKm!7~vTC`;
zOWBU_caa4iJ=G*5_3b4@YuTUfDngs48j=jl3bo^7&;Q6CP%*adPBkcN?Zf5B#ka{B
zBDeS(lkAhqOO6~h5`(>?vP|9$$!mRah605dn$Kf_Q)x5A7+nLXdn%T`)e{zuC{eVk
zUkDrFpbe6ex}nU`EF3ikNXr{y6eu|opG)`GmtOu!u5;fDd5SU37;z|bejG+s$ZEry
zdWwS|X5A8NaRK6Gw~pV#H6HoRjW${B#c$MOnrvH4K}qkx0CvoP|NkQGE#tD_y01Y&
z8bL%tx};mWK^g?<4r!#jyF*$)y1PZXK?J0`ySuyQTt3f#=6&CpZ}Um?cPrfI+Gp>z
z*IIj@v`tQsbK>t{Vb+Y7pRAb$dzeMqziT!S}e<=SO2jU2*nMu-_KZzDh0i
z%{R0UxFG$5u>p{LlZsO6V?g_5|2zbLs6%jiQBmN8!EtkB`Pf2`^ESYei#o30?6XdjwltfzX7HH|5=Au4=Y|p7zM*8y7LW4%
zfLTIj)qLY}c0(eyAz4z7h2efnQ-j9iq$Ly{Xiq^~PQdl)?Zn{ceP
zk_l&4{Lur?+fDKW=G=o@UYP7mSRS;yg5BhXvKbo7V6V8fs86*Pe`>1@<}D37CIPNM
zA?=+bRuf!5)Zibcl!b*lx)eXN&D`7aZr3KmL#$tW)LvW(Q#+@#X(4ZU=$J144c8s@|oQ&6+CMR
z`dncwI1>k5V(dMzJvIpz9dV69E+w_e;7tji+h
zptf&oPJTFlzGDWL7!qoKgs|*Nn&#BoIdfMCg4oT=F>L58$8OBr%?kz++ZPW;7P#bP
z@0);~(Hz9c2dO|EzmV8$pPkC8>Q?lTPeaoiK4rAJZJxr#9?ImAeK6v0MM`M_+m_uk
z(wEKb{wpty(2a(FyvTLw{_GOZ=|~_f9uFEO(Md7zNINZg8gt>K&vzjn8QkniWrN6a$Vk*>ThaM}w+PS_4y9aq~SOC>x$u48iv
z#=ZSTAGnZ&UAE}^akjITVCu4t?WFXDPYSJ>uQ55N+Vrzs8y}St-9Vre%E%`HkBz>a
zd_>dFkrO7?Em$(s>4McQ_J1(~tgU1sqVQf0YHTgf9R{CnXPgPBXyO)-UjjBrguc8V
zH0&BwfDOW;u_Ib7@=1M}gC9^tkw0y{+(B>tRZ@8`N)X#``s_IlWi(q;^b-4_6@yF6S3uDp`mJiLDm
z8iUlVK9af0UZ_FPpT;nG@p{&P4%si29;N>bhfJAkNh2;Zr+~gQ8c~1xtTioJuk(v7
zDpi9x9`xWf5uZ>p^rVPhG|yqHZ0ypK+^9d2IBkue9JKO{lY^QKyM!Q!;?2->3
z8Msiu<8UITS6hqj?*~YoklBY+6&nGotMH=4QFJJ8roP2?h*KdQfCC45cPG85jnuf8
z9oOY#bxTaW(F>-OL+T7M(H8~S1Us8AYF6rPDLIb$1@p6O$UWy-mLuTF5ULamHq(Oo
zw42ozX$rw?`vQ7ET7eXo5%tI?Mj9~ZDzoMy^JwnMAM?`jVj_@S4^P+odwClO%!rC%
z41ebW<97==5gU!C`)#_h_iPPVaqd;+Gw116$l&i^k4WzhcjPLO{ZYJ4yX7!xRMrXc9&eAM-`jh
zpM?Y%p?6S_TMQlV)qaH6qmSS>d*UE%JZVli-53&m`*A>aXQ6iN^zP~Tc^9c6N7Z~u
z(T-3KHHOxaYuK+7nINIL(s%)96Kwg04GC6qifL5r<6jYcFDmB);Cvh7^7**eOYOtwTV9qaGMT$i
zKO;B6I8yFS<71h!nvH-X=v=_xSD_7eJnunXkHae>QF1ifM%oy}sg)j1
zSQL84GYrey2@5p@VzTG~!aRd#+aGlv{)PL4
z(gm4ru2p2eQd20{KENcue4QbZrbXBThzey`eu$8O>Q<;rsL
zZNT23_p`S)$xhUY09)V}E5DbHMn^YLJ0o-l)|L(Y-+Yb5|FQrGOWd+(ZY-Vu(Us3@
zN?~;SPvk1tOC~mHobOypf)G>Qc3F}renq!C*;`&A+@6hUH|_a@SVt>Ghq&rJ7!`2+
z^ek(tR-N6q|9ycIcp6;o3_FCpiDK{?%XR68Dcumslv`=Cqx)b1RAyqZlkEhz5b-1V
zyUB#J^;JZX(6iuHWcS5!OQ_^c9pXyEp$l}VmH{CMjzu4_IMDjM&XC0YihfU(1({X1
z(Ft!Ur$AaqO`Zij?34}ugXX1)iiLi)|2Q4=7+Lr{pQNT-=a?AWpmKF;>`b+qVqc`-
zZN(?wpzJTW-@G$tKgLQY`3A~YLUEDjBTmWdQ0}zJlJD9{22D=oExZe4pgdJV&p~`+
zP8woC=?93cabDs}8GmA&3q%$EBgSsT2&8IU5IS)1ZC>5ymP9
z7%Wz_m?mI~%k;q-CIhw{q}!P+!HfMVq|X@vhf-NiG%%y6L;}c|#ZuaSukI@`P4iow
ztd~PZ{oOS%D526=uuJ0|DZHL8m}xNXHRJJ^E?I216eh|Z<|qHwU*Pa!!Gz*sJ=gS)
zw7HwdDd0j6DxJ>PRjBQ;Xxo_A=6)|zBQVInA(f5>r$%~x0I}-)$AaKSC+}hpwqg%T$7Z+!W#ZUoiT+gfWyqcP
zywluU)BKx*G(}c8sAFKG;7F;XpK}!7`?brg?=!(C4e}q&GhLr1{r-oM(!AsaY;cH$
z^1v0sMq^7Lt{{kdhrf`+Cgxh=F2K7{SRN7dPvo|l}(aAE@
zi|)_UW1fn)3&jsb=?~!QAGQ8<pD@fvCv~@ddfEkjMT)Y&}!*Nt^tha7p`@TeV^qJ%AVXw_x2^Bm37$9N`{W
zY!nXjGpbp~eE|z-4Mz-~08f`^)N>Qr_6M9c?UfCw4pMR^voYRW$;3D7LD$L-4E*l<
zHI+_E2pHE%Y(is;fZdf}lwOMYMtpuyq~HICII-<&h#F~Q)V~Q~<|kp|a7M?hV$Wr?
zK+6|F^NCt}T{+pIByPCzCjyGlmh1LW)8(?Z?AocVjO2%(sszB!nn!mHfuT~6p08om
z0;$)s4x)O$I-HyWZ>(~A!@{U6)}IS169L6Lnp_xH*^vNbpRz^7*bfXqhrEXG2*G6w
zlT$`D)nWI9NuI>y@ljX=bd#hOu0K1&3*V1Y-EVv#?RE#5vna1O4hKB7{4X!Tdq!@$GQHD!@tfrJY&`i^73<(-hW1l>;_uk*ONdbNcJ(U>+
z8EOf}4KD!@$E1L+me8$-J6d=>N~BdA@rHLO|J0cWx7!|cm&
zTrP3>X*u?UbMFN@t}nFHPPHDeKKZD|k9}M;UJTL?)b&}L*a^hA7C}7iA@W|4tGp2P
z0;(HVNX!2y##nw=JSgufkQ(z%a%thGk=wo|(_X9%f~ShA91c~q>fOc-9mB%c>^JQ!
z-T6l^vX$;v<;H<%n3dq~uLnpLRTYqURduuvx3LHXS*$P19~*6>N_}dOdOL*QYz{qK
zb-@E`os1KWe2!S4=7S5C%z4jn27>3gN|j9K%_$nanNs-OFV#)>&*>|BX-z)?hPM@u
z{DyPL<`8hx7c2yN5UO;cilUmLbAc*ndr?L
zujijqi41DwvE2TE3mg_QFK7;B`zmpAXdTE*`#eX*+SFx<%fk-8Lf)XyfO<8VaK42^
z96wpMxN2J&Tf@ChlLw)*^=jj^GQj05nbEQa?
zXcW%dqVZhu1(#FId+*bSBCm9g3T-Sc*Kv~pKQNJr@SH-btO4)|UaUWuP#Sk+
zQ=Rn+&^o~-!3E>cfgii25N~&SyO+3(IGv$qpT7}m$DaGU)pXrWhLeAYNU25BLCKv@
z!Bcg}e*g~Zm|?ic2uvFpAX7RGIy!Euk76yM@Ps)-$@^W=jryirB0ikW*S_`*{+tY>
zfUraoA}(VKkmyZq9@P)ZCQ~Hvs*PCct8UQ@93IlYP=gyxQk8MGBt0T_vaEDl_znb6
zrYg_`wDAmnp~7w}pvGJ%a@(EphE1X!8?Vy|+NUh#R07wGsVB6`(2K$G`d%p4AVC%`
z+c^6|J(838YB@r-f>62O1>XogXRdc~FBbJ-?MVz`G_qU!^3oRO2ICoZ+ejRrib=mb
zPR0w?lQTWv2P6nqPq|XSv(j>%qT&j`8<>PVw<_3aQ1a=vc+s}IZJ6P^Y~)J5J9*&O
zMMF4vwF!LXkXM;t&}duQGgHL-NL>T5Im}e(5bqBAfUcWdWVMsx+`FeP{y`S9)70HU
zK;9WtM`t2lvBr;+qL15sF|a^w`92_oI#+{bnqc2WFy8hS&I#GSU!|C?!jf_V%-z3Jc_Z|AKiq_x79mOPCBIBA>HzXrz_BAr|B-)>e3l;e
zs7by~d8WHydu!LsPacGO)U;?v`6)+s^KTs7b)}TFeL(Q4blnyzok1h!I;i9_qy#*O^sbHR
za=V7p>h(y9L*{hADG@EV*DHg$8{A9E72D69!>HAQ0=(>VY+ENsslHn$DycmNAXUL7
zbHS&|K-uXG=t{mCMrX3$zQGa+&rfTBg7R>G4QsHKT|;a-S&3G7dn6W3v-=A=xsRId
z;*w|d$40`BiN%NhB;Zb`w0(1x#ED>u7w$Xq)`T(VOZ-+gGcddcy@k?4Z2;AxA+bD#
zaVbUw(aO!61;JLI_Lz4a0R%o>?E&?oWbjn#)DqxCu2xZ4HB<1qDDS`gHY6JL`15*?
z#-}@Ib88X4SLs*n`(@C+f=`l6+V<4>bn>sOe*aJE;-R;BQZTIzMzrM6rg#%njP;te
z`#fS3pXeo;Tn4dz9bsNIL3iB1Y?e@KK-}I*fQP@m+q28um{V&NGC4p*!jf@KJf;JW
zj`o(m+Mx41I&-{%KS&fDop4!ddpX)##H#y>C%^49z3t&K_LrWm^t;#IV&TT@aAmY|
z>7$qFcK+>__JKNJf8A+VUKp|Qx1EoUz>Yq7`WhiX70+7o`VT`FxIVz)D_ZIxN^bC1
zJABuOq%j`{3y_O9yqR~_I)_O+!%`
zH5f1d452%UukdcBB-`CDk*yk`>;>zy(EZn0dqMQ(Rm*-mb972WvbkuPR9=7yy`AXv
zp+go0g-Jyh@W#S|A&;wXTQ}-ZD(z+_^-04RF*A2A>+IJk3tE{fQKExQ#=gDJIp3)Ydz9HfjzGQK@Rcju%B>|*g-;gn
zy!BHr@nm+GvZ#rrnmVUZ#p>dA63J&RvOMZf;^B0>MG9k!=bj%)jir?Fo9FpncVxHa
zI#1^0MOYPFyg*5tsRLD(A^y%(rGjtT5EftF*DTL|9dMGdBTrHZ(C(4CagJmeSI0~P
zNi;#24g?kgE>JiunonezWM(y71GS32kEzXAN*J8lx1)goSSCvVN3_{+}
z#tEMa;b#eo-}EsyJ2~jIihh|@4v}lb(%?ex6khuAK#%ZR-@-W@5Wz8xzW4qz_6|8KG+gzVX{0>JgLW%gUHy8#oH%xy+Tdad
z%&%8Gur)bXW?}zRLB>-NXejHoR3W>4Sz(JM^WF89aW{ICg(6ZX>!>WDci*U--I$d#+PVlvtxS#P&Pw`NN`4L%W0jT_dYpLnnAeAVL!
zRAcr&UdZ2c)RfM=9jlq|m2Ye{+-x|$p7;MKb{R3nE{|wi7Iej4XPX|xQUVeOA@mC^&wThgi{*yMK{-i;B)}PD%
z`QPvbWC%+dGkoE)>#ZsO*%NDIGY>sF?|&G;MX~pG6-dMBm?Jt+^mR_tG~8hHZ9FUK
z%N9)<_xcQ1m0|?F>st;dI*SYzJXpJp$~?RRtNp)%_TfVQRmMHCvzO|;X76#8N3W#K
zy$Egh6n*`j?O+d1c{>HG<0xT+iFPr6aGJfq8c3%q5e_V_8Ew_{&Xr7oT5j|1s_DnB
zG;b16VZ?ksDKLLb$?1(FPsIwh
z953c$-qvFP-0-3R{X#_6_fKFuouBL+YjNmzLP_!-L@FBjCIUc*ViLG}S_+{5W@*!I
zRuQbODk)|7p()M*)<$DcC<>vP=ELPQ^XS_|O?{j{bbp;=R?Q?KF`ZSVnGa-;`95o1
zX6+XP2&}XkIq@)=B?`6gYUwkKKd6YmNWLcI_O-jr8;S%-1Exc!(e7*k6Qhuh?LC5Z
z=Iq=8r~5AV8L(o3muDpGpJNoMwCns2l5qeJlVulYHS@+rNhz`Ywp%d>@)Bh%fB8ba
zKX5rB_~?Y+O;#H2G0oaK5%ESMp)~y%z_W{|aQJ)b)%QU5iSJfSun-!yRz`*TF;%iMt+)j8k&6unnWVAsgFax
zKmKU_Yu(DS-S`gFW6B>L7Io|0-m2X6b)5lv4x=KqgvZm1!zCPHX!6V>wyAt9nP{mQ
zfvej1cW_jOT$$@1HZ%4`28erOx~$6*1?@za~#a4M~`yp5Yu<|Whl
z+=SopsaihM7IT52_NoXcO{<2Ka(xJ4?yO2n@cOAa*4hGU&GX&z0S0s@_wWDwSj#*1_%pR-qoJOXn$b
z7yy)Aqi-rGX6@B-R*&|Dd=>JM3mg#X3JjLTRL2`YKu8m0JV1NXv0(_@Agm`Q_Xd>L
zt^8QKy>iw4d6=JjJ1{EYd2_olKrxcZZ16g6ooV)N!=fhLUH_dt*_%Wir+w#iA*+pJ
zdbKx-Jnz3zXOzZe^I~r5jrHfEZjICP5QrXB>SKg7v+o+0h6^j)QzO{Zv2X%LKj~eg1uT9|hAMUW?5^2ZO-R*CxH8FCF=NDJNh0
zUUh_5pIR_j0P7O+ZI4IlS{;N6R)H#WaNm3hXGE@XMs1P?bYP9C6cL%T?yN(
zgWiO0s#wN?S!tssBpDI=Mmw7pI*YQ2n1A&F2+Sp19J}3cZXF$!U>6wHBHXhVPW)Mx
zhU;fNlsJIoL2vZumX@Qc*EtSGjGQTLYFx<{E_0UYX@uh#rrqIc?2^>k$lS-6E71nG
zM3{wffIvV{pfq7yab-1*O7U}ZYoqTDF9$Dn#Iy`5a7{WxFGWb#e%cLiFBo&|dS{w{
z1ryG(&#uI-y_5b4_4rpmbi=kztC!|?Ylzfv?Xd2H5HhGEkb2#
zsPyt3k8&*2{Hj7-nqvWvSW}w1mx0U(vM0aSS@CWebA3j)5mEl2D2^Z3GL(iBSo&
z30vaA>nwj-V(e?Mj2yTDa%BL9b-rX{C>AzYg-&>aO8$T?pz8{#O;^%g!(?;jfBAj_
zf@$U)63jz9D(wxJH@D}M%}urKD&D#&6tNXwnCWzyUNYQt(Aeb;?}=`Ww#43>SC=QhnvtoL
zYq3WxXujAj;-)r;3%3p29brqvZD_q%+m`
zd0F6DQ_zFU`GN!~CfQ(;>D5O@N_@dc-T^s6L+ub8E8fuR@7aDe0KK;8mtTNr+6&jp
zn7_iIkJ%bJrI$$gEBp-c<#OSfFe>Xpn-{CAf?>UrPWJj6Yye}t?iHZ>mT(r>i%w5OOpqpRb5Ph+btuL_)Lw4o0uW
z0xz$IAd4qrLYbS)0tzB?k|x;L{4r0zJDNuQ16be;Z@tvkGkAYpb=fYY%*EwBBga}H
zudS@DTKpS?OiADWgp3{1%>Dm_%q<9+b@;n$(}+Q@lG5Z?9Rug87Gi*jDKk6Xi2&@#
z1?Jj~8q~BRz&6vGH;9AnzoXFRRMgw*+JzB5zsAb-
zB)MG(8euU0429d^vs`8C9Dv<|`zDg3xL`yUV)3>k;qzQgmW+1n9*8krQ&uPSXA?Y6
zb~TW1b91eZifp&CoKs1Lgyj2z|6Bc+p$n&z2FYc$FQEq%?Iw|$EoyY`Sl
zW)ke)M~;N@_z#rai;Y0dC?azsGgGRPjAa9epe4{LGX$HG9ZXYN%9o4P{sq*9D(L5X
zo#0M9K$j+10hw%ll|Y5|Mv$eu2Q7xYYH`2f-Us2=C+q1HH
zPG=b}_tpu*J~_J2g#FljewwLGP6UCtZ0tDQr9v-9EA7aCM^ZZukyW}*ndyE@x4siE
z$ZoJVSSIb)<|9=jObIs0oHa%?;sNr){m$Q(pI{wD=lZ`G<4|d5!yqnneNI0-(dH)#
zzB*Q6D`MSc$ufD4DO8)3{?*b{{6|&^bYYYlbg1!|Hg6!DTuk7%-{YBOhkZD+-_1#d
zj0lolNld1`q30RXs|U9Tbs+HCjlItmk+TAV&uG59jCyqUKRZ)YjT?A6Q#NwGhn==o
zx7CX$*_nuf%j@{JO0KNl+yE&cpU{26w3M*#tvW)e`D0z(Ax@ue{hnB_0!nyRYmE;$
zhGv4NZw?I9&Ng~U>sOM)<)`y??w{1!94iW=SejIm0<#pi%II+K0gtBF5<$`h7GZQb
zA00bN{f9GWF=rwSCTb&U+_m;*@HL9|M>@E6Gj@`|PuUXGN}BUvi>U2_0uFSE*F`#I*TS`p=&0(lq~{
z-N--iw=V)qdR426T4e#@SG8>2+Pz&u24O=Ms&|5j2G6l)D_6YfWSgoSX|d>B
zIf6b|Y@C)Dt@4I6r3<^;2eR;s|8_1DN0W5@(18s28pb_w+LCLbJHQJNVNfo2Ae^|-5xe%*c&$x>;0+qm%+^h$2HauX`PW~Ol;Q?-QARwh
zhRuE*@hMDId9Otu?Tj-Ya9eYF0ge>BctKCq^U3#SA}C$+&iSkFT)cFO#y8u(XX>%bW&}xfhbIx(Ry~V3;PU-3Y;kXL
zUaR;WI(W4yg$d}HWwW#MkjGz}>11`#tCyfjwBHzFNpCTyv3WkC*81y-1}#NkT;K?s}DaZ6T3ta|DC@k
zS_RYHAC;lM#x*vPGrhjQ{#E8HwlQp0^a)j6=nwQHu?pY^Q{5DZ(kMF1v;M1B~hmw
zT3Q^BNpu2RMF)P2#<1FwzL!iz`>NnZtTOP=bH$Hqf<awp{N_v@Uv
zS*N)@<(deM()iQEX8Jox^hOfr+EOabLNq&*K|dgF8+{G;z*Nsr
zw+~P_mt8sk@EkfUAXw>lQ-BK~feK)w+FZtRyeB~E&`m)&{$U})81OytMZotUFeFKR
z|1AWp2cZZGNqw)*`6*bHn0J+g{zIAb@Y6nah6dv1wFXz{UDf@-cq?AvU`ZnF`Vj)B)X|B!LZaEnpJIV
z(390we39t|S7#mkFk9U})n>B}w|9L+``1>Hpg@N33eKY-=yJ41o=n+RO(PTtEXv>Z
ztD(=30(j`80cYada9`s@%`uw{G_Zt(f$Mc)Cb)A$X}AEsO-K0}Zx5M7rh|{lLJr_nH6hrwEib`CYQmU5@%h<=bCfdo%uRbE|(B}-j);&c;9xZO|V7Fl-ZQ2
zmXOo*GS$v-AOvMRAHnLc8IolIyHm%hRky)Jy`LMzt
z9%X_)qV}@DT_nDk6!3oRtW>YYw4YpfaO1EJ5;~j@O&uy4^o^sGuksYPA2f<`HeWz^
z>-M~aHA)zmA%2iWbB&XP5fZZf1}>RQG3ZoF-M6<0oL`LnqU%(tpa`Ik>_v))4XUAs
zAgh#y>WuMiH^515^;QjCrINoKyi!WMuZ7$Kdinm-y$>UFI&Zo_#eq#5*IhQxM#f7X5GwF+!gv?J5
zin`lR>pi_%HI03fNizkB6p?i;6rX;lvYBJ{kYexLb_J0(3VEpHM$A%dNNAU6zQ*Tr
zpR&-l$ApL=e8?Wr45CPJ%HANwG8p{P-_0M~YGid!{X?715tW+`Jeor1-_7&GR2zP(
zu{(YH9dUO)U17>>!^D2PY|U=0h}m1_+V!g_`-uR@bZh%fNrxIQfD8NlpY5~(h{
zjw-~lz-DCsUfndEf_6m^66%8C9a&&I0VHB&D<$ytbAdX#CDCw@ESv0WEVH>W^xvqp
z_sIw0jP2`d3@;&t3R#CjDhAG+Ow8GYU^2$Xc1<^cmZo$};WU`L`1uL&L9OifH3U&pid7e^KR*=E*#T5K%@J@_-K!
z#r?`pt6B!r?&UJ8eItV3^yD$S6|cwC{a0pkNLq}$zZ$*X+!16Eh%)_oups$ffjAqY
zNkxkE{ZTZ6B`pG_RD3LO`)l?8Y)0dMJ&44a1*x#B;BAqZkB}qk{xI(t3rw=gI!6o8
z5S>ks4!-m+z>x9)L$<%)jD}!H4+w_zaBzy3$44=p+Wo89+9VZp%6pL4KH1YzkB&~a
zoBm}BvW&)DP3GRwF*E5m_fI>nGvj`W(LuoAa__Rby~4V;W^F*dzCQRkCK771wkGPr
zZvFM=(dHmt46u#JOkFP2>{Cq?R_(PSpq0zzQt_T|ie`D+k!s#uu)iFlt+f!HUnNuO
z$*k4yxw~Yl$*8k%WaBO&5Ld0R?#FsJsr;%!6PlGsz#EEOv-Sg*#Sxu)rFnDmc2(AJ@E&-M
z*X5ZkKMSfrGe*73C071TDLRTO@G7zvc5q?nn76M#sH}`{GwyJk0^E0LHt*{#DIhM%iTnSD4+b`7FZBzYuBiPaREtd^1@lL&CXCp2kpo9=J4V|
zg9e=BbFBpymw4Ob2^0>EGJ6vRj2!l0JTl^1cUJ+UuFc+<5r7{b@Xo6yX@$@#ZK)@V
z*&@?;tbcmWZS={POXzi!-FHUd8SlqoeMUXNhFSvFRL$3fnKtVb6pooLs0`YE??V^f
z+de;BBF~ynd}xYX#O3H*#`&te5@pa~+Ky
zvPBVGue54CF+YD+qEk`wraNAqjixkLsou{sf(70M1(~CMWel5KNGjJRFL5CR1vT^E
zHZDBy71|OwY5b+Ia~JR%hzt0C{iQx1+?nv{ctA)E*r#Jc46cxBiAidU*#aF2wzxz~
zp}isKPiQ9o>4vc}X$VUi0WHN4^4_PqV*sNXkdp?D&ceg_GBEEHRRJUowX>XG-Fk!%
z;(glQN`MqfsT>_i+1$$+^~)Un5n*w}Voy!GMy!
z(XS~5Z|^&8xEZ-L62lO9kdS%yxY==k#NYuY&T;ECUf32}vGm>npA$YxON-3Mc9~-3
z?#?$|qLzrV3?rE_eaz2?lW)`T*wMP%)<^Uv_LjN~n-=-c16}vSa5HZwQ#h!mel7q{fLW{
z-0gtx%aPj1L<%k=Y03v){cyL1sYwi*U;j>=zRQIloavWRkjqow{{K61R93~z*KPd1
z$NgntC4auKQ2r{R{qh$!W^0MbmM!;N`oONC4NxOqs6p#({%wiw=~a+H>fPI$qE{_x*KNWY#Tr6zg8~&UG&|_NCgW6`4KrT>9C%Q15E20^g)xl(Zl?n^ggX
zV?@A))xUWT$TF~hW}<(;glvGwrjvaEa{Vo0$G8bBX*HxUY)#gA9Dy9TZ`^$pl2E}|
zXX6FySAM(ReJ}p=tt95+OB8ff$2rO5mvREBuh{qhnseTYK0WR5x|L=Vj^DZG2)DS!
zu5+19syM`xzqlA}Z3%hW&Io&SW48`{i_Q3#kTIGJ-Yuy)x|K~ve@8i`{1O>DkNaoe%TU^6o;B!!dByceM9i{_i
z0-a24swl@oU{Yr+Yo#jhqlM;Q-Y4t}^8q^|Wtv($31zwm$7d^lvP7@rM2}+pF9wV`
zV`dWcoZ|+SnZu#6{NF@ct#_KngYC~xCeH$iM*?1S_1MGe)l=E;29*wmW`pz^50`i}Q~Ps;Zz!&I$?=~rHjx*?sCf7}3YFeS_k3gL+8UTF
zvEA`P?$?Jw5B;l}C5Cvz{@{Q9I{*nu_K>eSHNnAjY1$G(`po||79qcz
zhB(|#8|R*}-KGb~{$8eH!KK14x|Xkmwpp{ff^6sU80_905XVL;;*sjZ)mb
z{{QQoREWlSQ6O04LzKS8FB%sQM-!mq)@5Axh={6a3^A8;dOFZb&%RumW1R#
zh?NJU8c7U0;456d_Sb@{0;G>{@d%L|ns^yw(Pc?RLD?p|?j^8>!}&P6+KE6pnu$v$
zZrwp7;rZ$QHOH}l;7K4dr_(AlY8pTNLtP#@Xvym9M|GD=$9I_34%+0aQW#BSiwOPj
zllzL)%K`U*YVtUR7#x|=<`YY=NqyC1c}4e~UQ6P#ev1Zdz`X|jaZZyX8`r1yEaAe%
zmVyR33vNOtXH+R{I^w;qBwu6Tr=ljPuX;(d@@<$5;L;>Pb8?%~)w^4dfJbgP_pSNPEW{;=34_NZ-*
zq5R0)J~y^&2+!(m&bk&$ZMrHi4Q^(&J|_8@FD@>e*c@ABg%bp$=BR+z9u{$$BvSCE
z7i=MWcQWjV6_Y2zgm2+sGB;PUwmw$v-u&4emn(8%mM0oQg#cC=>W&Bk5hxQcK;+B{
z#fE@2ZNSC=;cpgmHzOfBj1UMZF1G*k+WpI4zaX%sDlGC^x&^Cb!1Eu<$%M24$|1j%
zFOce?fi(5Xe=v1sDAxzqrWX^ErFyGfrBmx&>PqCvp
zBS5O@vo(QFZi>KropI@9?8seXh4Ry+_e-sghzc?Mwr7t&vtA!MOd7Z4hwm??v2sQP
zxB|J~K(SgcV21>GwqP3Ywz^^38TFMWr2_S86AAmz)GQ08fkvwl@*E0Lk@|ogL0Jkf
z;-qvu27w)BW)kSjlerff(lBfSA<*LRJN^PaxL2ItKq&AGDA*7Ku@l^}Es5$0Uitrz
zynO)K%AxNHCU?ynZMQ+Vt@MJ6bjAn}|
zD=)`NK{$s%JPwSM5$-?0BJP+d;PoU@(ji=FHEqpd*zmzX(EC@3ra0%s*Nb;_SIdQJ
z*ZoO~#XUp7ZVj?IwWff1qXXxDoh+x*!Gh~|vq_Dri-)@p^@_@
zjVDWYU!{1zq|D`P%m~AJN~@~z`J$*$tGRyeD8LOQX0ff}Nz8eNfBeifdgSXQF66g~
zbjqdoF5bioYdwl=t?ss;o1bqaYpnoquCjm9TAcyBQB1kMQ8)ker(~bxJn4V=yGGFd
zELRfk?4UtE(cxiD%=>rP8)1d*l|IG7kyd~G`ThA?Vx3e@vrgsGx0Jx0u5@gMI`}7U
z8*mm1L3rk+KD7K%Oe3YXu{O?-*s+1cj*WCDR24J>L;_`K`^_u#e;g&m+1)7$?pgN-
zmJxi0uRUNKqSS{Ba-3x4Ve5Z30EUotv?qQu*`M&hF)?6My}nhvIK(MaVnE2Z41e*t$e~pCwc>q|efZyimFQj_|!)QcR<$hFpjJFrvkN1vDD%kpIn;Q2@wo3?yC$A@TF9hw|f-}UE`EdT2
zkjq_Uh{GgTb5n1T2okG6`EIH4v`P2z7FmSLQVVfiSXrM-IBAnn)&qNUZWCj
zWiRh}fIDNWji08SX7a(az{M2Lae#V4g%_UfSbu@Hqx6s3(0NbBhSU7YMZI8E`u$&z
z*U0nU&*x~DECzo9Zl^Vx_GY@VwU`#%M`0c7>MuKj1NyyPr6+9@37jp|oVzjMT6GOu
zF1zA}`891H7OID*oV_TMT-L&tr;&Y$8unjzE@@hFomjL8o=;L{U`(lbHME|Jr@N|f
z-W}MR9bNaOSRvSd!%xCJU+p0ZW@Kn^nB0z>Ul-TAmf%D945v{4teb&D{O`F#
zK7bKS@Q19`g7&JBX`%>dA@YKmTz|@cYbqu|4?b#}Qp}|Ck}cpL-$oSu6cZMf95iZ)
zaeeS=xtKH8D_2%2nf>$L#&sHYJ21&4wQ8@P)~bQr!f}LzZCia`a~VlB-Qi<5vnw(y
zXM-cI?U6o5PT4$ET7||V^8y)nVQKp
zQQ*d(4YLfMVIE2kgBa1f)~AE&;ZCiRax5J$ON+_V=?ph1HKQbJmB*)0lXMi_=chY1
zbN8oO-GZStIQJt0tNQ)&;$i&8b6LG-%etZ)&z6x>OOp)D1Z|5^UlViK~RM?rmn4k~dt4LQ&7^uEA-Yi?8{VP8;6;cxpFF3~De=DOpeRKVL~5{rbd(Z0
z3JM|wPP}IHp3;Xm;Mzl+NMhgFP2_?IsCg9pwCxxo|e8I
zR3TNx1mu4wBfW$~2lF9aiA-P|EOV)1I&nSNG&
zsXSc0My4;)h%%hb%;+(F(Bs7C`@T&5j8^h1Q*~X@zPy`#SBCl=wThSKdPX`IX5#Fw;@APc!MNdFl|3qzw)?K>3==@au7waE$;(~)PDe7A-
zJn=NV`q9p2gen%P{fTk1lwaK@!XtpKDk_deUJ3A
zg%h7wu1wxTV=tFqI800LfJWnU*T0SvK;z?Xp)=N>MC{k!Y}2Nvmx$j^7oKtK3Yibh
z_Y{R9=Gy4i_=#Zgxx8`=TldB+b|!Eq4)Mm^jR+2mh;VbVam%|d9vk~ogK)SBqs1Rv
zIc|Oy^CHEO&FNGW-&0<>Ht^1f)TjA}VTvn*HPA|~N5aYJ};
z>lwTB3pXcP%#%_>+HbA=$kIX#GWU+)W1gm24TBp#&$ilErcaeH`tC0lJAJb&#LFim
zH7{>~SiKxNWyi(HavD#b
z3gaeMt&A9@6?4(r_I#{`DT+3apRcx^+dPStZ%ly(XBLm6W)$sPR&Y57H%XY^NUS<>
z3oSxN8;)(sj@~X@8yROu4*k%p+(nM&?no7BucFM)ycF9_E^C{d$shGO-9*Co-?HyH
zc(>@A_10S{GZk>}fJh*1W=tb^5_LVCJ8t$|FENPO7;TqNSxG0ee2r}$XWrc55}!`V
zZj&h0#@ZCNd1PGO$B?PuwCvc$7_2V;-l0$5S-<)FYvZ?91trTH2a~xyJ!^5>`wCa8
zNq7BcI)ySMgWKXMo|8nQ1W$h3}~08Tb{|w%{7mg&i4*}r!nC&@qJ_I;Am0(*oWIy
z%$Htmke{i)uU1sn3BjX>g#Mh|cT_%@V=(RdrbsIb`Zz@SGTx2Ot
z^IXgi&t%beIeiwRQr$fnqb|>&9Hsn;a4BX{r103G<0SX(@f2_p3n$wN3S(%qN+Fs7
z1$~bz4Z1jm<*B;#4`(9o_HvnzE8nhDzU8{4eh^1C3CMEl5N>xRElaAn%`_42ZYlL;
zc{o3(Kw+pzsnC`dG#5Y2B{^BOeel>sRYu7d^O!nTLv3)4J3M(Te_Y+>6cnSh%Q^*(
zHC8*bg)hhuoaxex+IQNC13;0c>Vybtsk^}d=3#MnEmzb0Wo86Zdz@%Ow_2o<
zK4_Mlsz_cYNY#YVM#b}Jd+p|T6%;!r_GH`c5ADmEdTxu{M!_Dll@49G<}t$U*e-9j
zb_bc2JudVThR)?tMm-)gDgD?5nnmB?MqMdM@@S0$FT0L;VR()3ks8^q&Ih7Q!D{d`
zSS!k}T_WzVB|`1-W^Xxse%}RUermIooMfdA&C^#O^W%e)easu4by^w!vUV*MWn+jDhk8Bn4V3
z!}CX4vyHzJ3?rSa=F0XwxGdZ?;>)w?;Ar|KMJH2636?YClV=r`1e)$F$$r&Yqz%`_
zPHv+?&2M3~s8&zAd=9@4tmoE8^=tXX6#T`Kx6Qwl9wHMz|z*H+y7v9$2!NB$hbT
zov*9aqj*x5(;H4~^o!B*-tkd^i+5_f9PjDy2!t
zUGRD*?Q*?yi;Bc@!Ny%|7Jb>JE88ElVz(MZ+y3aI4Ae>E)K?Zs*H;{yd=Gj~C&k(M
zsA6vGd*psEt>(nAo)H!EDm^WdH6GXXsCYT0dydn~Rp+W@|10Zi$4}~B>;Vdt+kVEO
z;GUKilEnq*Mt)?}Fd&igM{`YGr{v<$9aZ{w{t3^Vtuj8
z7)#f?OX^9jq;tW7gd@BeZK*~*4O)zBEIYr}=TR1Bi%a)&7;g1+A8}z;Ak>#IddCc9
zs9(Jqo!00c*Qi>lj9-3aotn6?WNlZp)68%@U$V~-(t#4wa&Fxl=j{g_?aS1QesufH
zgcLm3IGSTj^6&DGP7sjwn2~I{3%*ZKc77=1O4AmL=%BJ1erE2Cm#i3TvF6;Ep-d52hq0GsclQu6^_
z>?4;x2J1rv_qng1$}qR8X`d67%a#YD#%BAX2N}5(R;t9i-o!_5vV+fxDh}{#$by=6PuBjxU(|Efa@
z?p6}rcA73czbS8plWno&G;iVKiW22o>3OCIGZU*KfwA`4ns_zJ9<7i2_PlAEjjEALdQl~h)gGgooj#3djpC*L_5g}{2d2Qf+moF64%Fi;%kwf8!l
z8U)SGCmSLmBihPp;UrH@4K&{>Ii90omgHwHTKe9LK#r%jgW6wEM7b9%QS{pyT2-^g
zuoLIK*5$QMPT&4==Z-=M`3H;8tXI?hAp4X;AsX_9VB%IY&V~8ng;mc1c_KSZ@R9wu(*s9rpZpu|2!R$WD)s-Ww?~J~b19
zeK}4oxmF8y1|uw@LI)YdoU7ZakR>$E!@FlTX~Dnxnuh97M55nL^;_sppz~zo;pwfP
zib1be+$=W!y&wE>?*x(q(&5NE)L!kPXZ>*>o>6bc=D$W`<#mLvP8G{DFnsT+N_>n2
z8Gb_0mah=_;btOTxbcu*I6dnpgjg!7*e!gu_u!lS=gO#TJTO@fk+dK*wvesI4Mn>N
zUS6-c(aFRZuq>nD)|blZ`{oPg#t$Y)Zd{pH>i6o*D$&t(yj0jrf6sc@KNtS0=6vmrl7>j9+Nkcyd1_ll4{}(iy2T=3
zEa<@fb+{2k49au&CDBW8yb7M4y&!D!M7D*ZpQUY(%=VCn>r|>l`P_-#_q)HF6yWWb
zS9YFQUCfUUw%y}!I8_dWw}GVrV$(v{b|%gYQnYMH(b)cHDH_7YLT@T$#NrYJz^dp#
zu(`;BQ^FVda3x?~IZ|I8Jw^Q<(MZzQLKp64&m?^ArzRbC*sUN*FVPpTbztwB6!8i3
z)efBkS#SWtKX-0kq5mMnSIcFne)%8k$!>!6@&#)n%P%FHp=ggF0nyzz62V~Z;~I{x
znS15
zgbc`O2bHpYN`lukkcr2jXm>$)fVuqn7>f2SsAToIud>u)xsL!3=21|@@1DFv(dY!&
zQ>9}iP6|>liDw(BR=jr#c7A+j-<@^10HB=n!^RJ^^q1j%oFu580>kicN=^`?O0aE#
zHUx$rHvrW_tZ32cO#&Ln;C)K6>V2q}tYw1_CGtUC0%A{t6-5-uN2E7?1BB;O=U!30
z%}Y3a6g{Yq2#EjG<~Cm39Oz`v;C(;p^@5aOJ%=Vx)|-9};8+EL^v}dX&9>smUo%_J
ztclGwHISO?!dbgfv}J(1ISGK;f)rv2A5)a5h2|Q<u?8P#efY|`_j^z>;{LSxy_=w`|>kj
zpdK8!@2#!eK^=Uq`4qe0npopiVVR>ea%#8GQ?Sez!dV>cCJ=1BoX}QQ>Lp$Gz=~!Z
z79$mhGxyP;4#PppYrU81;nNs{gePl<#APCS3*!6*nDe01Xpx^a2HwYA?!p%8^(OYg
zH%G$JSRVB^;S8*w5NTs8`+9y)tzNih8|?6l%~Wdp?k4i0v;a8+xkj>crm2|>HX4|0
zNEiOVrFz(J9c}{%0w?;22|zwAMpWLCFAWxP8IH_jV6_00F89Lz9x!(2VE2Q{lhh^_
z-wqG_!^Xy^aT@mh
zLiNnqGE_`DsRp*@vAaRALPsLbdIJ_;Qea131_M`~Dzw
z7krtq=_2QzHQxR7^mRkvO{IO<_oDeWz=}Kaf?{@osMj3~*}ArU5S-p=4?XL?JYdBa
z85=L!ZUk6P6FTsZ^>~0~b^2@;)jj()#c5E_fXU`1SHqRTM$}nxu31AWwcVi(FZzfN
zjc)^Tb+8k7{^lI~;fFvABQSX9a80g0c(Plt`}(s!Ot7vD6V(g%UV+z4i@GF5gYpMa
zl{#R`MT61?t7E>`lIOQ1APYayg$Fwzg|shbaZ<ycUUJpZhwI~Wh01H6)6#zc&b*8tdu$>LS(Ke1+4ifjFNAYbfICI~<61
zhfl_*Po1V-@6!v|B+nXzR`#QnAes*`j^}r%h~GzJEp=>PtUXGlwmm>PnXP~W0l9M9
zx*Peah2}8AWRL9@B4la8L2wt~N-*mxg21zw`BLF*xB|pzWMKyc(fA9n=b2Xz`O$m_
z;jd%?q9V09vps=+SQ51s{1@LS$J0%kP~UaH(e
z6|6CoFwB(htPvX6{NLky?c%PCY-?g&3otG=;uen(n$Hyu_Cxn28s!awEuyDldyjfa
zIq+L*8K7vrJ9M6`!|i~B82>owX$AHffh*PyiH6g++y`;~0jxMZn!dc{9tgN}QS|G7
ztmlFhy_{9?(t+_;iC}IK*Ek1y
ziM&W&8jAQ)w$JJGEi~dvnE7@d0pS@Eqq0gtTJV|$PHG+CbpWJlfBobJ?7kOv4|(bG
z4|9lt2OTJM;g!qs&2qSlu;hj0#0@~lI3X}`H)(OG+4}6@HLUP#*F6>JDssJq7v&?pbdttwuhGflqkr)$AfKW
zsiK`VNyG~wD>~uG(OilTw(_ywffbqbKdCdLi1Ym+=hoaZ>sdIx%oYfS^g*=AfFj~qxHnL}@ETl*I|I7K8FD0G9WEK3
z%6Kfnf>^EJg!~LKWaLOO8k3F)U0KTH&9sZ#`%O3cxi>gi~Fe#X$j&i1mgT0
zn8Q(6I-|rV5AQSQ`g{-d5qpu6WQQbA~saqzWz_VnOuF2Ldv;n;4WUI6z
z;Eb`1tB|FBPylv*
zByn;lnAP(j3C5X%U>W^j-xoiVncr{nZ@K3GUz3!3n%`JvNo?$fuDPjAPXS!)e&X(G
z)G$rH8iYOp1Y~Tz+V+n~;weJaZz!U^{H;)M8$2KyH(ek3o&%=T?v-5AMLrE>Fu1uO
z=(;Fn4d*(?A~vUv!Js0Aj)mU6wUKj?p50rz-Y<^!=UpJU8gZjcK{G^D;)jE&6*UUt
zY_-Kr63#OP&!X1h?!n&t7`3~v7$lUMx9z18pV}Z00LAkgKolOmGaGb|7fp|F&)aSj
zAXh7U>{Gky(}y}%yHK1C!QcwfVfiUZ&_P18>je@MZjN%sI>GCHCll1%{$J=R-xnIU!}D4Q-}v*BqGMf?O2rm?_Pix
zriZ93;$g%o)iYd)BPn`9Wf+EDC7{oLm{QtnNdD)n
zgqJ4QB_4$|0&(pZI!jbV{v!{=eT5UO0ttM_ab_4x9zFMrE)s?=T$ka<>}XPp-07zC
zbRgUa6vy}59<7r6f0L!RZnc;J#ypVRg&J|d=SBfzV$RHdVbAnsVEvH@nxvI0{1ZO<
zxfQMiBF1>#gMdW6z!(D}2=PR!Q19Y<5T@$?GB3vOK&5nkmAyGTjd~xoNrJ#>GD1=;
zTzK%sGM`UF1SH3Px(!1W2=LYJhYvH8(b#ykaF@T+qtjRLP~sofV4`A%D#9zADI}8I
zTP*tEHR!G|ZZPMzs6Oy1vRlm#CCS0!;ycBBDxdo%w*?@X|_+rXm;SY<_-mc$SZj1N*t
zWdYydI?cHa(mVRt^8^V-37H96Kg4$rt+aAei2-dM5*&vDK-gH3u^DnV&{3tP$FCW;
zS_I_D`B5cCcpu#o^yXi=8Te8&PB>6!Ea5qA=vGU7==hbvP0|4l?tAWGo{^!b=$
z<0{gQBkyb5YI_0jnCvq~RIgnRr*S$3*s?1A6TGx|xl?PsA|BZ}>W1V&>ev2^R18LP
z(AbvFb&Gq^e?jcpVq|d!7`ao}nCfNjf&2Xh<)2zzQ$nVP_A^jdFF?L+FZGJYk>Hgb
z2sw3MTmc9Px~|j~zK@a3BH*pCAC>d}jZuPJ45CgK04Z|^%Rk+wbw$9Df97v!yat@T
z-wDFGftzihzN;4Yg=sQ6L!6pGe+P5>ve8@YEZHqYW}aoqpzZ)Mqc&1|pZ`@v9Kf)x
zKh(^K9Kg-S#&!?E-9KmV^P`r_T(D$ng!6FuUg_%l-wBtAG#N~SQq1rwg1;*A=q(6)
zo3FU-(O|;u>G*o6R_~#>B?lEGyQUeeuMx>?1aDvTKlAozd?I=a#**F4=^eupNJ?|v
zqFYmCL4IHR#zkkV04f;9|4Di9x)0bYNu@Wg7^i<4L1?EXHm;sidzkOecFcIQ3
zxg+fStVm}g?JJ$&xoqbyYRkQE1e)2eEqXi$!H6E{_$C9@-Y7aE@q
z=k&Hs@uzwejZcCPEipK9Dv!bgs8$8TSI>9cD`to6$?fIIHGJEIht6}pwI_d-06UICEXZSg8qz^T;Mo1XKU2i#$`)o{
zT6^>~g5u~X4f`U(bRD7Rn;Lw_77HX++p^b~N{t|OfC36u=PW+A^ZvLT4ays`0TCN(
znYV`lAWsip17p_VMBu2-G%bLPnH*r96efb(%x*QIwTJ3iWLx9@HQx@(e*rv2d>i!p
zG>l&c%Y?K!kHk5xG;Ou0_F@^Pvhv!X^OdbGi-JLhxG=;xRgdOgl*S!`k2C5eIH)K^
z`x)72q!5jDA<@YQX&{)@S6*D)I@<7v?jzJ-<2~Rpzm?BLKpn2~l_50c#KZtH54xx~
z$KJ+Ay=Wc+KAC}G{`@8bl>9IVX?b(VO>6LQNR!B#F#oQop?T=8fmsIdN=TVVdmL%C
z+o_d7B_(LQ4Pur90Q(+hPB%o+u0kF@W^ky8FGoVxEF&%qJ~AHg(SdWG;fq7g8POm4
zhSm=`=Mqob?th$fwI%`QEKA4$wCMukKw3gA9>6)XB{xx@GXSKQ|0I&bU&}+znHGPx
z){&KeMKPQ<8C&-e=8mQ
z@dE-Dtd2H5movT^K}@5=$yg4+1SCvOg^zy{80jtkcXjfs5buqu_D(csd`{i5~>ghmvS30
zE&+ciyxDgfEeej#LZqbP&Bi|!f@Sj85)sC?^*=FZ*k%ZJWKJ$yan0gDA_)1cbjqRH
zcK=J}fU`XZjfc?Y3;W($E?etuRGAK%8-a4~0`^7kFbRPj`FZ57MZP~p(0o+KDnUC$
zT%!LJK_8=~Rtfs`{u_=zMNpI7wG{|KGkyd~)Bh=gGB`}E5;Te(S}p&OgleLqRs;H^
zkucvsMbPI+G6NFYt^7vlj}df#5U6KKm9|rv-k&l}7wFz1rat#|{D&fX2PFO%Pc{1o
z($NAYyp9`?jyBG}ifQS8*5-c2;r}JN!55T;q`Qpb<{jH7xBMZ~bejEBH^TTmF|2O<
ze~R%!w5_>_X=39(EQISuaO&c6r?YFW8)`8~t{(z@Qa1*YA@%ziR_<+m4iLGme+gBT
z@fvL4&^@I61Lw5L_=Wy-g+Il3hjaK4M3ZD1m?yXXA%dE+T6{+cdL)v`P2i6alrDUg
zputgMQh$n|>RvLJ>fOr;XvR0)i}~h^Dd(Gw1&lhJo3{RD@`J
z#6;sB4R;7|x@Vg=Q^6g4waoBg=36vYN-atffRvxv{wdujXl!Q6g&kD!sw3D%?kyz`YrDXD?eB%qV!0q=qv3Tp_p#%QUMne{9n#UezvaIY^x_
z!lDk1Y>2(r
zA~_^dj~sae(Pd2mF!X2J%D>=5ds$!+mmiOJ9c0LP1$CQRqz`dKTlYS76nT0T&ep=`
zev0qtq-T8%k?GK_e~BWu=HC*-4sl;Jl%pX?G_g&{;cS5T88;*#O-aioVBXsg046UV~IIac@>oci6Vha-cNN@`qh$kyc}(K
z;ck$0O>n!JDR!1UD5CHi7pg`A96h`zzs2pXzp$G9Z)t!6P|u{tt+ku1QGk95$w^tD
zy_Ex+y8h2-#K|dCNfpx4r3wVdRTe8{kU%<%1j4$g)&!r1)M$x&YKKn$kD%P&9hH9t
zBNW(Lbse<^CsD0?8Nz3^40;K-3(($xV9=Jjq_1UAs`zKsYYUhIrCQp(r-b>cxE$TK
zHNh`5gtxt$-1m3ZLbc}qbz7Uk&s(!OnVb$PZ~(g=eE_LOP;d8Ai3=Z~Hh|{_(}k;C
z|6%)R9qu!TjoO)i(XKZP^y1}>Tc%BfzlD;MPZO2CVUc1uRr3tU?f-QXi)bbgDYnfT
zyPK9EA+zDnB$C&*vYG`Xa9Z`h1hUE`SdY9#Fs!V}8CB{q$Od$&4z4M-M2luX`G_Cr
z!6kX{_C>l?;iRIK1;E7!^c4blaxSfE_D6Y;R~dTRx1dGUo%Ii?c*VMJwQ*?>^wphl
z2>LOgJ-}>ZEE3b3Wj>?|LHPvXqp-Z#(5tkai~H{Om3i(`ksjcyy#Y%*M>eDOB2bWa
zsqIs06T=N9F11o9`ToE^3tfksgBR!-y>Nc}rk@qKwW{ZD5G?fcyWuL+{!EVSK3(qdEj0
zI)UJ3DxdH-Co`ev$*9u!sC`T^Wt2mg8&}$#vq3alT*LjTNnwgqznwe1uvZ$T-WM^j
zURTTzuYCe
zLlRH)-w6{<6=-H+LSVc9=U$5o^f^&*gJR$FaC2o{j?p_ZH3y8iVY7{U4{=abM)c(yU~m}QMrA>8tA(~)PVH;=RW%buP{2VG^kw|
z7-Ycx0X(lSzj6b>5r~v>gY!N{=;Cv4%4PAdJ^H&PBP0A)+p{QUR0v)B*C7*D3#3`g
zQAV9QO1uS90tARZfp2MpbjuQP;cW|{N5O?}jqs&n={>M7(zgZo#m0lMj_fb~$PcW-
z_A*~IKuV4OQ59qTgveT+J|O?ci~OJu7U`@#B>6z$>3@P|e&F5p>Z@C|_+eShsfw^8
zU<`7rI-vOh&eis1k~-o2S@n;v0g-Y3Z`|#@YU8foy#PN$mEVPclQp0YNVTi)EXaej
zRp`YRP`e9=+rH@^%}1$-!5M~z+vyvcvNWh+aE62zT1Dm%zBgfI*7~$Hw!tesclatF
zzWurkHse~^(<_Lcfq)PYa4sO)oXS1{A`bADvF}+p^lS
z=Sj!UwhihASOC@$n@hNa&($bzGeZzxU@%k@>B6IEP}6jsi{I{ywV21Kie3K{v>Uk^
zZQyk~GH`BoarEasv}vMLNj}9>w1Cp(YxG!IaPuW~=_^-_D)yF6)u{zfavvx*{B|c$
zeqiuMQjF;N!!BV1jD{A|H)>XEC%8DE6g0!5X@IVJw**^HYJr%wU%@=sj<}+As+n|a
z5(!`^0GE-N+fbA7y~qHJM2;#o;-U}Ld1y0sCeRw}lsQ_JJCS(hsaucpEc?-SE~BMh
zOyyBto;h&MUbBO;x15KqsQBx-4l7^B7A$A#|3P)H%RX-AN$5#5Z3SVMJg#-=aW
zSNgb+!(I$atNzs90}!IgaF}ibHto#E)C?n$m;Q;Gr-OuVxnWA(`biLYeJk~>WC9#UT;}MiIXq4
zf%7gLIqy{NuJpFRKxT784^^_HU0&G$GBSg~kVo>sWUlHe+=1LL5OJnd=C~2WpS~HK
ziS!23pP?b4qzz(U`PFjqALVFsL@0}(rYvV?2A#FnK=kfKuo+pRh+B@HR=&XSDnRvs#eAD%>+8B_a7Q+T
z2g)x-UhjQoE?EzCG@meg@z-@YGVQfAVFJCC(LTA^2cuQK#QQ
zACOo5=fj&`SvIfJ>o@$F469+xI-zK)FENQmtEF-v;Fjtc+{)?~vy_lplvK
zQ|EX8MM0GF_e6tL8*&Q&5JxtuJjB`QF}j?{9qu;MQZn&E$(Kc8<=D`hc{8I<>Aosu
zsSs^-JPg}=8SwiW?qEnSTn^KLm>21v_z#bC3XCC_rSX%~)RAB$l3{Sd{iTfc$$AjP
zBJWWBmPwpJ;%RKI*1$!XytA1}H!Z`dLz)?Er!)v8x!_?n0oYcw81MR1PW~6&
ztzX#b!Wkqei_5bx{a`jfNOtn8b(%Me!oohL2uz;XwYjnMUicLQWC93W6)*EVzdY6x
zSSmBRl7Fp1{QT@kvGJhY>q*PQxqT%ul$F4-sRyDyeTFW3&r5#XW)!#6oQbhoPV1`Y
z)DN-m+b&5IEWRAc)znTIm=nS*oesk`YA1Qd?6|zZ6y@+WXsMqfJ3CR?#S*wIDZBVp
z1+MfO^ekzuXHI=ZtV?2ES!tlc79P)~w60fLhKyI5F^%K^1dKW+-4Si
zqpZk4Dm`nq#G*~W%5|eer`;xGTq3->+!o~ts)6GMXV<0lc{cXb=fVRlfJ&I
z_nU7H`%9I!jTUj5Ep>A&x&}qw`OdC;2&PdKs74WFi+S%~DXtu5S(0D+K1!iCChg)d
z@L2XA8)cEFH;i;ml&AE1=(%=zmpX^)Js)j9I;q_GUR`0?;kJ_CGdRF}ZR~oAY`@1v
z#ffMEucrlzoo-z!{AZ?8q{@@|OJNF18kw|v+G?SEQuMA+jN4IJ8S*ROvT?~J(IVDP
z%C|d3%l_dmWHI}=XA3Ki-g}?Y*Qv|c7WP|tQaU&C-X$&fKe|rh54@{o;8i%9>@gJ+
zxX2YeOHtuhnp%#!Iyl;K4lr**13OC}G%QP-GhY(<6{P&W6Zy*quNr_=2m*7-Sox7&
zrsgA1KMUkGoOIgTKmcbK8PX}PD1X}UV6lm8f9z
zVI&z`8+T3No?Ah#w+Gh9iR!u55t$V-THjXsFl*^cC+Afiaa`Z?AerEa48A#7z1*Hs
zyb12gE9P{E8hXE|KAtZcsXZ7xWlu^WY%Vpokk#lIi#tiL4dZegM{jU0Aq}{%wZ&gUcq&s(Nr~S@)#`b)x
z^I}iU`5x-3xUp!}D`yX;vYio4N0-(JtS>K;7U6PUnfEZyf24jbw=Is-*I!dVt9wkq
zM&9*~|AOZu!TI{de1ZAzfh#r7Cy5*)awFybPmGvw`@o~VuzB$Or_si7f!y`wxSSJO
z%V=()Pk{sPHv_cC;aCXNjh*2u`GZlj4L_SGoptaA`1vo^X`6MqZ(hIIYv*O1^Td=x
zS3=LFo53j0GA?1Es#7SM>oMoigC42Jy5@=^Jepb^2|i8dQJz}SH?Mufj}o#w<3=0X
zH06=$8)sJpV%&IFjIUZQavx9&9-4pRG0R+On`>H%`}BK;nTOG5ULH61W21S4yF|u8
zLYQTeDa(01!Pk2YgrYAy>t)d>5<qEP$_bCx<$5#x5Dgk1gWWW*;mr*5uT?R<|yrtbZm~5
zR3ugScUEX8OeuTr>}Ao?Rx7G{hq{uP!c-^RYr5lcg0D=j;^A(jE*L$n;
z1P(i#VEz>#J%S+dLA|QmKQfn5B$1mz5esD=XbPh7<-lAy47xg$!=hTd^hui|&J{-%
z5NkTO&i>7OA7im>Pv5G8$%%(iYlYeEdm?Xkofg*Cb83HM)UjRbtX!Kvdh#~5hP$kA
zGA%A;r0~b>>pl9;giI2rnu4(VEN8=dPa%DW8^^}#>vZh7D6u31_X|4;VW2}_;&uxI
zyN}xkJJa*|Xz)XE93ZE18Qsml$~(
z$j7^GGnT%Or(~wQ+8XG)GCEN|3_!5$BiCbnKs0GP{KU`P4fg{``ojAD?SDi*NG|Kp
z1_Q2K9&T6t87OM+3pL-2BTr1Vs_C-5hTd4)#+sN`%RAGh>N6ej-P>Rk+HmqSS|b=a
zr3xdb;<>}(IHBj)3Nzhecj)ceoXG<00r{1xu){_xS&bOS0fuN5%nwymSqR2FWxE9?
z{+2-U@`E}x+aG6|&ouR)!p{eS$1Hl&PrjmZ)p-8!k>Kh(gv
z9e$_oaFzVE541gxIqz}Ibsl$&u`@wWc*c}o`IwB4cB>XwG{=a8(8v>7W>
z5#9WtT8c!g+Btw%EZI(If80N=jtMq!e@`bAmT?J3)>*W6G>)Q|C|(}PHzI#8x{~#>
z*Qwh#wP4TmvUhRL?xC9>9;IMjbYshhigcTe3p57HDf8-v%?mKGxmUhqY6vD46YLuUKCCg_-M+H2G|B8u
z$~G_`9)n0a65k91{gj(AsTVT5^HR1MxDGcIQJl9n
ztDH<}koO%axHR|mp7w?!1BasdQY2I(7264>KWi5`-v2V#XCu!tw$5J%33OX(l}ncc
z<#n8kL)?QS%+0k|+9aD)F;|yox*zyzn}_d5z=bY#b@`pug)^;V6V}E_@>=`FBA74|
zwUJZf`6^!gOc9=WV+%Qil9XAJma`WJH`bx~ukWKrZLbdF)M&#M7Kbv#K0beu)EG9j
zI8Ew|Sny2nmtqcF8n(L?wlCKzc6Grtzj?i{qa2uG+izxFEANT4;e9)#
zj~tS6eS-|tD`iY8*!oyEbkHL@?>kw{iu~+S=|BgM=R2o1AH?ic9qVxLs41L;@N;I7
zmtKbF#wnun#arlEkgujSVi2Fe0;U#
z%h0Qd1EG(D7Wy|1k(|jJy&ktYH7$1qCi>|1MPaMQK1pi5ir!iH{)}X4g|dQI`WK&s
zqNToI^^);EL)HM<$>c;y&AeAqqN7T06PRb(W!kSd>0guC<(J8Ck8a}9PeX3CIt16ffAHx*b*K}<(b=MnE{Tu@sdrqo7Nyq!2ZRc)X}!*R`f?*_T^6Bq}bNcv?1Y(##}y3-pdHwark|naymAiKXB92_M4Yf
z-?FUCX+X+86-bO?g1E11GT@l|ZAk@~yej5;huM0Ab1+}Gs)CH%`QsG=337W0LN!I*
z=dRctRy|3oSsDnf7dO{;bZlO3?m5sZkXqp%U*Vq-BF{NosGb8eBQGzBFjxqlAdV{l
zprV_cWp-?^R`Ec!_UMu+_xYjA`1yzkTZ2h*=lc`$5JnylIMHJjQ>^Da{4V8NPoVT<
zVp0i9pj?raU3vSBws+3cClex4-?$!wxvq(gZz_rwy{+wvUkuDr=Dw@0mpUtSX8aF!|UkKFnW-#h?7A=$ji&-?Sd7|w(Jho
zEz#U~#WV2nMo-soG)8TXP0Dil{Y8sf%cg$4Pj`Vtj?MlxVPHxRygJk>
z{!#GQgme;PUZAnN1F}@%N&;NM#U8Z!?r{d6TTn=tETbKuI~S~L$O|w~B2BYNh``kX
zWD>M~`bE}k!1P*$OO_u9Nb!2Pgfv)fNHEM#{ZR(z(y3U%~9t9LKz`C6$;rSLRBM1Fs|}d}Xfpj~e>?;`nw8HOvP!
zOj+uTOMi7+>BBnJrrFgw)gEdK${%9^#kKyZn;!hW!oP!aG{bQ2d*SR+2X>L7@v`(~
zBc;nJ{qt>}+z8MzAXz-46J{OqxvRA|mNDS?5u40`1M6#=7$wRlJoTI=MN5zRp5IY5
zO8QjPX2ZRiWZD;Aekk{&YqVrzvdh8QIWI~*qeR+tikbd8ySdAItN!H0gG*?sYj{ruhsiTZq*S)P)7xsAGgwp$NO~^$_Z|qp;!6u4s8pt(iE$=f5kD1m$f;i2e0DiuCU^EZHO2HU-k`V&$u4&@
zc0CfJutSWJ7t}tYH!SX%BPVTFk()H7Z4&KLvi_-|4&kn7+FPrJ+7UI*WM0p=qw?#q
zz2BE#e}8Nf_f_=d<=cslY_3P-8H9v(e_v6D8wDx44;TA(WR;w|;&q=tmrfy<*=wvX
zXR?}Qbt?2?BvTjy8Y45HL-j0T)8|l(cSZdp$DEd|*cy%tx!LBPK4wMGw{FxJRqz#&
z8EH-*@jLjE48Za0lnvXFTNix(nZJe)@a=-&&_XAcmAaPEyL#_e9&UE)sQKuiB<~sab1p!
z6ePL~(EjE1B*r{|3x`I_rKH+qWtZmIw$Ek(1U=hvmh?%8;b~y!UoR3BS=vnd(n&{k
zS=3`6>Lt&)800m_f8EBl^2G%LTUt1wW$QoG?Z6hbv|
z`-LL*otM^5Zb*2rI)$8uIvt|__kNn{`)C+(zsN$_4YR;sj$i_Q6}+cluD-*F*<0)WD}2f_6Sa==mZc4+EUzpYmD!2tItEq-@^E`X#Ie2D
z%d9HwdM8XH#ir)Qk%yZd4SiTk=3qS=-N7?`XUNHtW=ox5$iU{+=c(RY3UW$W79yAj
z&NUK}Hn-RY`&q*XcB(Js2l3@_woxj6-
z+5Ks-VQ84?{J>^g;Ux;M{BOG$4tFgWwXwZ0>`7WQ>a%l{7x$!PkrWbuy@G7h&#Mf1AK(o4IPBu&p6B~cPM
zEO@ZxwjQxlIx%LDsp_#TPp26@BND2ff8WjEPMLbQzT~`km6(`ep`l;JwJrn+;>v1E
zO-O)#zaU8^1EAC7*My};>6xgSl4h^mDCuJE%hI@GbmSfKAB2fFvd>(3&rIC>A7TtO
z@JJ_^c1G5F2G{hskYpp>QtlA+z5C9ER(qp0ab)9aX(_H7WzVk6E|m-u;!a-AI+^U>
zKG0TNi&z2IjNw#HJ1({6K`*J7f;CU}))qi4<7aQZO
zHDI^L?z{-B$W-Xr7_O9(ei3GrR@`8x{O$$FIp4HHwgrK+kWv)R3*1*+0F1M^JiVwu
zL4IT5y)CIevMQ^2Y0^7iw15v8obAEsx$u#r6h+dFH|{(1?B-HiYOt3e%mJ_uR)Q;(
zP!ZmAHK6SoWAkO*JQphW5tw9_7R&PMkUci)Pb$Q?Z;dl>uSo3K+-kHKw6t?+zYgAI
ziPidT6X$52OmcCbf#dRHnhN3e2ckKDUA0-6FWsafveR=qpX3eG`*XVC*Hzfw3P>4w
zIZjKKRHpf-40z0smwP*E&Q-sgrQBTc9?NoUw0*5mffqpMA=Bhd+4UvdmtrV)RcAWV
zx-)uWyy=<@gk+~n9x$iX4ZZsfVQt`faJW{lfBCf|*3o|bI3ynRtRHi{3fa!M54K$?
z58y2sZeS)Z(+QgQwYH7YE97_kjg9rFOJtT?-P!!h4$peX%@A)GWpCHAvMzFEVMLlw
zJ$}xu>*^e-8LldvCLD(eH&Da>!CgJN0>arQ6GGKbgkEi4bC7~taL1#ppnVd#+o}J(
zdifeOqu9kVJ6uIj?Qzaj76{}LG23-{-OuJMJtbV`k{XS~`Y5I59+=ioK~MT5C3A_$
zF1*gOF8clB9LGm;kaI|o$A_n`cYAX*xRZS&Y}tzz
z{q63id6Bd_RQ;Y9;A!-LhtbRaysotiGJEaLU?#LN@ixyT`S%ShRwbK}MWebLiW8zqip=
z3`EygC3Kup7knSRxNIz5^RRNeoW4c&ldRT!joms@mbcHROVa(QE8-uPxpDH-wv!oL
zDz!;kPwJWiqYH1w=55q|ZT_Y+)54T~=3L~x&4;d{6AB+QEShWy_qMojm?M19VN`j=
zcQeCaXw}m|r~i+vs|<^(-P(dh3ewU@H#kE{=^))D4Fb|7-JsGSpwjJtbTfpsf`D{)
zN(|lI--GA8?>X=Ju4{e}Gqd+z>v`^V-z)a+O|coB{8Wq9%^rl6xujE-+jH47GaXI$
z95u`uS)`+w()K~Uu*&0tKTnx~-w(lx-ktT__xvh_<9Z)w_iVSKaXE5vQT&lgv!BtxKdH;no|!*j-`f)4@Haiy
z<$JLygc|FQ1kc_*sJb={ef7CzRH%miK90&XWxbl;*3cJ`@bww_qng;hE;)}q8h
zLYO1h$TFvaN(=91Fyg>62C_b)RB7PL^YV0W)|Vjvtw-fV3vHlsy-bW+?M40dEp3EV
z)sC|x+mbFn;9?%-5K{WkjfOc67^Jg{jVGTl)=sNw
zn8oW2b(Es|yj+{*(ow2jG}I8b(Ah(j7-{hBnQB}yK_D?i!bzLUDR_scLDB(=bV3p~UC
zOW6^)#f8Jpl?oe%s4b?RcZH(J!XS~No^!V>wKHnC2x9v>pjOY9i}h5oomX={sb$05
z$Jb;1O?%WlO*ctH$yj4cW?Pb~l>R(W`okk(Qek0-_@;m;U+W_$xcmM)KegiQ8r`ea
zsYmLj*&KT5^YV##4G-W6!Qvy>p2q_v#hR9)zQ0~sstvb|HG-vIXPe-i
zXHk?={lQv)eBhGNaiZMGr}?QC#0;}LIVB0#9=rB1Fxg(SDiZ@+Bg6ZM{<>
z@^Rzd($`V;_I=j22)Oo)iTXKdl{q(dBDd<{Vdqs6vtB4c*=U8oDN&);HwhFJMVedi
zan+Xt707oRT}2g?!T0V6rQ9lmdY)m_&R$SMYiAQ_jQ#;308!qEqv9qm<)gyK30;|u
zP{AKCfCm+RY;gNMGe3&Y{P}|X#k0u1F0sh1frJ`fTe`6KcRLgHY6e0uiPbZV+xL(~
z6a=er2Ctpj(7Sc39d_rTR_0=7c
zshuxu)TQsOZR*rGU!&-K^U+gh;1_LuKC$E@lb#g-85>#c
zk8<-K4z2FH*xfgi(Hha=S>Qc}WcZ3&D(7dV%f{M;@!F?z
z^!cqjLb12}O(XTRgXFMa2(glMRh-9PG|Z9A*@`irLl-;5bL;C?Iz+Ggij3Q!CepT$
z3Pn51O%0vra*=)3=06|XfJb((ZY{JqZEOgHCD>O_x2v-l
zQ66l49R1xhBTOJ{sit)euuQ8#L9NaoDO~fq!3$a-CfE_p%ia=7sTX?O>3iK@>bRVH
zeu54@&rU;|y3p)*|Mh+K4yc{9Z?b4{dwHfE`}{^b`h069O=i_iPd`_k2Y7TuvVG1qnVgkY2K?sM};9K*$7dw
z=}||}x<>+k4NOjZd(y+Z>NIJgI)b(>M&coe{LoOatqdByGe}M`G+)FDdwa+bh*DlU
z(<-^P{sw?yu{6dV+CT&C{8Vz{>(zoGZA}r`7wszed=zFr}vDEKCwB+ardBWlccG9C=F{
zixS3KX;Vc4(U`l$r*|OGJHD-4d6Z$+`^i=IP_DD)Jy-ruZoP@Rkk52dU(6fa_K7S7
zb-m2L*Et}|EmkiAoh$v{@>0*?0W;M8eB!2t`>SU|xih5w?b}J*XR)SLT6tU#nf#Gl
zrCsrK|BM;8(D;*qtptqFx*yCskbuzrUHv9#49D1ae*@o!tf6KZrJ0k0yUUGo3}q^d
z{eDeB4@KNM9?c5B346c4fpEP4)yjEQLNMYNO)rZbe?P>>5-$1k*bSQpI(cKo-8xx4OOO0w=P&E7TfI4+rk|G#gi1{
zzULEDno;Qs+SiqMn4@*Gl`j{n#!-s6=ec6ktmT?~AB}pbJ9_Kd0Q4DTc~v|
zZldqJQG#>N+&cokmu%hZ0SI$PhDm&44sCBe!j1$n#B^3}RIW;?QK--8_OxvH*#W{s
zX#bv<9w)ho8jZZ8um(Y*_-N2-GRL)J6ic~<)u3=svV6POsd@8a2mx&(Kg1PSj(lOY
z@jA;W+!tqeg6!!W+h%g1o|+H9<$6YWhS(!9ZH9vt1&Xy%)lFo}I$v~YXv4+=ZlYKX
zsX5gISW`hq7;YmcU`=VQhm5~{Tl)~KDOVlt-f&_VV!4Rj^xi+W;|&Dg;42vn0db{j
zy$OcQAUf(<3h0WE0CLj!0*xyg-5k9;dDE@8u3D`@-70@kGnSGVi%Leh>q$$Zg1W5v
z)~+YM%qKc@XG+LRK8gtE&hp%!TK*L>nz)JXSAZBRr)&v3?=OUc_@0hBj!U+5*9~OT)tOQ_
zmgDX{?E==k@5eWEgsoDq&K1p*(2aw&j{=g#TpS0O#Vt-aVaPIhU=*A5=McOPnfM1DhiP1`K$>daqcN92tQ%9H5;Oiq(O$LX6(fUt)K7G7Eo
z&Q;nl>sxPjeG|F@RG3NscY5Cbw+c^2df8~HlbTGq>|zBi7LnI$i^$HevRw_G1c8}!ygI|)H;2ceYQ5QsGMUFS;rb=1kX5DnfZf%`
zxP?=k0uheNjwYvmW7g|TpCWjU&;x#R?poJ=iSX5~CDx`RvB|28neL?AqwB5a`-yed
z0^!Mg2BS4(EW4@O({%zBd7HAO>5`+F9y*PY
zxOcpFWY)eAvgOD3$NJx0NR6v~N90aQrYEBgSr86!Yzp?ev8<*TP=Gw;O2l`{(MvA8c6wEvuG{fFP8LI=!=Xk$g8}TL
zO0O))Rd_&#)*dDbB-+h34qo9iu6A@Meb&6(-d`pF4+EA-q()i#75}LYlekQ#3^UBi
z>tI8m#_jT{UZbPr=Vsp!l20lO@-jg5Dp#mvGKsCJ89of_>^hy;oOHUlxNG5k(g>da
zEZ2_D$RI-f9p>6URqbS;;lbEaw%UDuyn41N=(IG#es(VL1?n@zq|9W0;dT>`SfUsB
zEWEC^OH@vL_D93X258m7PG9%k6AtoY6NeU
zdIkFO-XwKZ~|7};BDyk6-aG&@)sSM|U<
zc+aopv1ssExg4Ca?S>{%fR|32xFGJEdmzsAeAzfPrWQmj7jv7Up>DmnrIk2sQ6U6*
z38GbXQ9R-QMl1d(u=(k2zz3(^kzj(roe4CzOYYK}(^nvHU*OSv=aP9=+($04`)cAp
zbcq^h#1G-Ga8Rq#uD%?n`Hp3<9-!PfpXLT_Xe5Fkz@%=$9MMqH1^)MdZ*M&}e`$+~
z*8PnOsQ)H5aL$G;3QNB5P#VfpFO3o%Dn+kgM?Jq4KYWf76Tsq4g#U=YN<7lH4cB+PDe1(}S6I1+p(RdD2K
zr{B1|f33NDG<=Jd3H)@Bg(J-aNRm@$U_bjAy1t<%BI>
z&%PsWR*qS5F>BA3WS`-gPu&OZa`WANC4jYh+-g7X{6CzXO9$7(N_-E72(x|Ze;1W{
z&JA1-MekUY1Xxhg`61PAc<)dKvj+X?Wdl@6`)UYxMG5{gDGDyyI{0|dA;qi73mWKT
zD|R8U8!QOylAs62B|1
z@NvV`o3CuVTYw6Hfkijxe}dy2>}F;68GU=s^f6)j)hFD?;3Qdq&TK`#VL)+&3z+<<
zCSdoWGz)xN`j5-|bG1`9v}8#|tJaV4*F@;wF|V{{N#L;GN()#crio
z+Z0f8_@HALoV=YuD&z-Ybt{O4zXR`YdJ2}Xq4#}FzUwyC`-5%YJ6k0L$avHFnN_t$
z(JlWUz(%3h)wsrS6lmI#^H`o0M3?U?F-pGsJr!{4wW+HX^G|eC>M!D8ua$}>i-YZg
zkTNF!U&HSRq4wTh?%yZd|A3E~W{(@t$@OcA0Ruk16nh8d-7PdX7H~?bHDwVA#Qvsj
zZ^VoL_VvGhh@b}+DfJRAbOmp#OpnJw^OpxJi=1~<7;1XC(8_h@;~j6ma_5n@^815A
z7%jmEa8m!H`sZ%wN*FO)a#A5J$n=9#tOfXK%@=K$P7CZ|l)x?hkJH}a2Tl^Um8RgO
z`PKD6EGz;nUD&&uZH9Wl#lIN&rTM2;A~ro>Q_*E}Q(RK0s`vik#hWiHxk(gpa|3+d
zq8kD`WryVEJ58BWo;(=`i^GFS?h(w9
z=~>&y|94$9cYw3ysowXHn&CI>pkNR;`geBQPUK~j#hd=k*~stHshH#^LF
z<;?T3!TX#86QVuD6wR&2QtMyjVnhFdDrg{E+9Hmde7Jqmm1-qT@R)F#Q3f}z?lWDP
z`xup|PhZ;dRo1qs57XJN1fJX6zOqZrZHi96_prMy1NL55o#`7|=vIshP&V|&$NfZK
zP%it4ZnH_W2`r-<{5>H|W2MvAz~rI$8U5p>?oZ-J5FbUY2E+T_mq+qP`@s(%E78t&
z5YWKfh!bNRVJP^^ZytnY+&~)dCYs2e)sTApACo>K2Y#be1nzC)EY)K~gO3;S_XDW=
zD;E91+$gju0T2I^H2BZLMac`CyLaT!>#pSvt`K{XyI=meZ%ghi0xB7~(F1w5vGr^Y
zKwTLZ4K!#b@6!J4F=64z)E3HyE_XOfEC<^QafB<53@w8tkRQZcFqXV1pQW>65LK;C=b$ENSF
z9^n&MZR3Xyz|QT-4ffR49HmWmrmP2FKayE9Y6-c9|HCym5s~#qa(CqWjs3l6rc!Re
zI2gi1Ci8D$wI#w{^QUc4JzZ%0nH)v-lfkL1dIr`bZu1Y-wz>HJNz;g##pBo$Jl
z$^w$&5@TdkYlhl4pAtQFv;&~Bv|eSjpx|+_SiKQ+aq!_m_Zk|G4=6}(UvB61`=ULS
zJyxjX4J7_|K#&a#!|LX!W<$dOp#>iV+oPZA&QrcqZ_g*F_^QCF;Ptx9E{oxYC=0wBpl^9@(5)MEJ^zWGEGPbk_*H-%V*cSoSn
zYm$j!fJw2%QmyGctF48ep(Y+~KE(90$x6G9fG<>L2-Bu6zuR9q4R>#C_wVHoZZaWR
z{2T?S<>$`#Ux25CJ^=^@?7R&$nV3gJu@Ej<_x-ZJoo@CIu)o3T+u%A~-Uf60?cQh4
z0&ba^ndXiw@e4xCEF|njP+W-<6UMrf>vN~KD*|>l*rEH>8V`!IyH*E(wSr?_)RTRF
zNCUMRbmW0o_x@Uix*%1Czi64xRJjnfge}x{bp-;k6|^XWRbL4hKxBPwI2K&1!3eNf
zoBN)ob;&6S2q+nbKXT6b!E%CZgcgX6Z{L~#|FT11;jd8BP&o%Pa{a?VJc)nTS9VylSNhwqPkfj-|~
z519Zp}N(n$-H~3_NOy)oXKI6((hU9^r60We%(TB$p
z!BS}=zFGde^U6)%?3p!?a%%i$3LQ!8tf0Oy&7ffZ2N@0D-4Z3;84rsq%WVzAPXeEs
zvmf-`zY?CVxqfRq)2JAkDx7KXSmLHcq72H5LbgTmA5Bm}o(5iQ&`8SK8v4jDJx2&*
z)WI$XSayyL7(GRtbm4Cp@K;BjtrU-zPk}%kvrGw=@%r!*HF_yc99su3s>@W8HMvcq
z+Lg0F9e_uP`v+WDJ4&&7J~Yku>LOrE$W6|5OEg_p;~K7>c2GFG5|-WjYD
zqtzy8nWCrorP*`NRbGTti
z{LZ!T)Q0#o@K|Z{&b{Nk)n@B8h}X%ET9&y8264}&W8-u4kr~vY$IxEwveb!VvV2lD
z1KRt1UGNiou&3>TcgqfZ;;s7;cwpB!{O$*&8zpi#ny9u#L9M{-vdTWbYq2LCd
z6);E5SMv`s*CnFny1J6#zDmNcA)xw_9sB4_cO|EeY3FWh3
z!E_&AQC`$&NEVbAgS-?u8F2bejlu7&tz6u;Eq{}*q=ab5y`Vx7p(cd*KG#|*DJPCd
z6_%V~*J(%oyId?u^=t_Boe~``m!-e;K{;0
zfN8(=kU!Gdu}#S)t&9kzVC-8IsWUlUL6ynwi@cZm2?_G@=C=C9r0nthO3rezpGaLv
zzp^OX8Sn8Gnd?7~i8moH+eg2L>l`yVd^HHhVRNIGmf}vA#B3i?
zD)$Cyujz(ksk0=D8S(_?0nSFv;p==pyUg|L{pD*W^*uV3WE%EfgSyX0oZAaO(dShM
zexer`St`QEmDj&d#S0eONB{ctbv=4J&EB}pY0a}EyVqc4WcvOAa?{gd^MrCSSgyG)
z3+LKfrag+G(vtmfi++aHl}adf%iW8b+31CLh)V%s;$f?CE@fn=!@)Y=_E%@cM5cFJ
z@fByh8~Jv#4a%QipflOOcRT3h+!G7b-n4m`$lk5qyM7_!wSW|!_il0wCZ&G@n50Gx
zN7-vB{Q2V-`y}MM)#ANE%56{H{S{t9lM@mk&{|6%%JNwKzTL!@2oPH$byR{Bf9aa{
zjF&uYkxuCNy`U}l9i+g`2L?=_Mz%ZmsjberhNyJYe)~~cWen6&4O|f4zKKUs|02xmsgsg07Je+O)?Q9%(~o%SSA-z?z5ER``A=9ZN&Fs3*1U3l
zI44&M0#oJ<=DlHrC(wWWmLNMY>DuvvZl4kB3(;Xd>)bdC)KSuMfVGj=LW*w7WQM9-H5!%&JwZK4Fh&NeMaQlQ57y3Mq-B
znVQ_gX%mm|;HSUZ9igtL3{M?*L%CG>Wdj<|)!|vr`6>WK*BdN!8{OlO9J5l4J^CsI
z(y>?;xssECL*)wU7&dVC$p%`r3TeJ!_tGw}SC`h(JC$l@ACeV_IcAmA$c75(346|y
zN(4Hq3Oyp!>SBc~9=AM4lZEXA+GXC9yj1>rlUK`kig-IyMSM>MQKRmBExdaf6bUsv
za=_rXkL|f~R(BI!wECidh@n>O;VzHja8Y35G#4+#EeXo?=FJ!OpG#`4SD4p?jYv~!
zow`ZRrw1qLX_7D-iQLW`to7L*6(tM2*L=UU?))?Q?!lb>oA+cz*54xd1$|RzpXg}A
zR-GHJ;tD1ul3ecry>p!fHWAu3vvYn-2J$c;6K8>(-zD?`r66s^WSQXGqN#70D;Zwx
zu-16Z2HWA1EG`kxBEQvJYzGfW`GQ95W;u0rZZ{$i^He+U4Tlu#coK`e;I{9(F%X{6L-@)69VZ!%zK#M1uo|
zlP17U8E+cM7nc|0D_G)2lG9g6%~pNZ2c!oYc4r;q0~PhDC)=hBKY0m!^_`xC4n=Pi
zK1@8dL*Yp}rn5EH)=Zr#e^b}ee9NobX3G9qO=Uu(yL3`V7)uNXEJbG|N|+voi7Pu5
zg)I8oSUgLokJDe#TnD&zR?ToHdYTKj?~-Ya<8>*tE5{*g)3dU@NYfmZLg-RmcKD&x^76Vh}xylv7O)Bcl@oxdGf^c^G_|D8=m
z!@o(!g_u;X(@`l>$Wh(qBs+H!ho8Ur
zHMzC0+&g5_r8!>^8>q5VHJhVu<6dc}arH)}p
zOd^%J>DpF{)`*9G498n0#TG$1RDd`)Etj_@dxM)aK@-p;
zn){0JvTTWK>>20IUnp%zwYsKq8DDN{6&CL{>`Vhu|{6zND5-F3u(dzb<)+xR~
zg+H=V-YZwr+5J6EzZ(xrY&yMapgG3gR0PgF=nB^}rufjaB`d4`uRo&MRiFMAS}$Lf
zU9a3yt!o`WW$e|Frp;ngt21SRnz64kM!!$HsEDguFCQhq#iqE{Zwn%lBgsi9O`)HS
z6_)5L@@sRp5hl7iy|PZNNNX7_g~Y9``LXW8!w{Y?nbsyfDco)my=v>$mI1_ifPzZn
zAb(As)$Buw+vWOZwD`o?=9y02b;42GsQC9*ci5+B`n@urO@iiqZ&t}zEVW#?(8E9`
zg&A7aphKm4k)fj9$f`)y!>s8{F)r1X
zG`eBTVJ*h@FLZTu5_UYFPgh?0r=6C!BK`1g*H$VCGc6VLvU?N@3?WkgPBe@4^mJ(@
z>Q#UY$Z*Va-J1-Eh$}VI
z1oM@%pzKtT#K#hS$77^HoPkMLxS(?D9uq5SRPv`6GH;Kdm{oqYsbXENq~SugDCqvN
z>IHu+;?B1LA##eae2ngDuSJZEL5Duy#!pd}o-b`6r)yAwD2$g8ZJFCl^Be4$HE<-{oLEd2|l+K}IjuC6^u}M22
zVQf5D_r`;Vjc$9d=B=8QHfW%NMil%FaQx-|kJp!oOlYx2_zCmf-%SCC%<7_JZdnQh
z!A09hKxn}aOVIj?Ocv0x`+dH5Re@lZ?|2=`U^(h`NlIuwjGXoeq9!sFaIAH|Idivj
z%G1h~!u4Bk-K~?AlX14*+%q3+I=*B`xj(pvy?2|$!!Vj7F|v{);Wa@?3Q*h5#gZ->
zNs6_zR)Yr*g#!|{hy6`GeQf(XA01lLzOj+i*J?%+`GLM?z20A12+|p`oF0D)6tsZd
zjA4!7xm7z-?23v>>lN_tifS+w&opGh4#@^KgF4!l-gvQbA6p&?s`lTuy+viMpIOi#>a#~Ze)U7QmU@m^%
z5E@?CfyGREe%WnIz;3y7?5GVxRFooyytca@gyOSi732cJ_^7ecX=lvBDu{1{YOs;^
z(6%`Gofu1C!o5Y%8Ful#=Y|EU+s7Pl!Lc2KTcoW*LBFmLV=Nj@f$Ej~Dxh&{>87k!
zS?u|pkDPip^q+^|cZ}zvcWd8XeVAy2ez5ilJ9>3=s4R<9zaBnxnmHR~h&rdw%3@it~#dhlndF*|tb5Jj@7Up~1(=}P1gWg?<^)sQ1
zkDa{OJkKS3@=0rTJu92cx)x9|}lq{3=8Ctc?V_V+i
zc5L~(c4ipeifN4>Q(GSnlo_?Yu~bs6&ZfAmrvGZ6QO}Fg)7AAT5jy|^aSSxo-~j%0
zcg7_H$sEa>qOo%4YIM67Mx9(_)&t%MLPm9#j`1&_R9h>dQtR+$^W5u~h7~A4kL5fY;%LPXlGf;QsDEkZ@7QP{(e$sXvQ1p&)T<5-;&jmPW>sQ$J5uSxNh!g*fQLKvI@8apAU2^|@unYh=56?X&I|aI1UZ{(ncT_f@H6!njV20;*CLpBlqX!!
z`45>8$-~&g-!icMgHQE2VydT6rBAU*6bFe5)l>M)HkZ<4lv5xE1_E{O9=||SR3$FR
zvcMcQul#)*BM@uO-SIWN!qKPUKEDISo`xk`o$qdg-EkoWDK26n>^VRHsT4~)>BQ1POrBvnFV!UE5Z}}1j`LMV%XS3PfWpY=SXh3
zFxmhl_9Twd=F7cxmF>iYkp(dx=FjxJSHA|93(2(xWXHo!+lejH5GRgkX5q_C$Dt5n
zUzt%$FuFBL(w`yY{FFCeOiz0x?&^H{9ESi>&)+{?>l;Cect-YqTjPhOw^)@t*y=hv1GG0_R`#KPlh)a3%b|OIn7YI|W%%
zy+xBy0m61|1Z4(k$`T_H_P(xw3)b)+k(qy=QNPWUTVjR8X(!KDL<*&)f0uU!z)3+#Pb^Me&qT>WP@vYu$ehcb`tJ|CvxO-}#-lFxQuLiMC_P
zq#ifh`%l2PPD}CEKfo0BKK6x%S$nNmi1z-$=*-amT5HJ`slKoCRLOn(S-
z27lyRT7RU*C@Pan0ZFK|IXZ7;k0xs^8_jQ|;<
ztAwF|yS+nJ!fECe`CD+5Hj8!NT^(-fVC7Jp*&1
zIkkd`Oq@yginIp78>ZMU>2s(e8t!^2T
zB}<=#zi%}q&9)t~s8mnL&TAm*F=X{#dLVfVYGv=1)<7MuNzS!C{+-?K5|+S+6@G58mI3(|722UDkT%VE|0=3oz`II
z3QWH66VFbDGai$jI4d~D_m=yvl5qF6(3l}ll^xQWIh_=^>H6A>Ie9hbR-TDZzOEg1W7BFT0%^ICwEe~3hg(_WlQOm8CoDzQJEHjW!
zfDF-F=V*E{ZLJ*bG7b%B3`}(~mrfU_!Vib-D7$By_65Y|g(9Ge&AGj-rT4|!F%l>GC@KZBNC
z@UM&Ez??@XQ|ZfzVic30Nr=XG-tkUaaiuHrYwWMS4Z1#(dpCRov@_t0!9YdwU-?&N
zQFTk%#>z^8f6ob|3xsvCL4&^PR=bBejK+!*g`AU(gH){Dz*tt1sP`$1Z+kj!B1+_R%V3WaVPxM*jc%Gk
znH0L>Ukc0g_GQxgo5pq<)OpC;%`|3!#sHO#c^o@(9LnbD%~-r}jF$0@Q9%BR1)qU1DzU+HN_1t|(3B=}`MQ;X0?P#GKr)Mdt#pVq9V
zhJX<~`VYjBM&glMzi6b3`z}t#As!bO)lS`eA`w)K5l-8X>(2v}Kgz7n=0MXfNcyKs
zgc#{&zxiDt*v!(=C-i4(OZF04J#%7E=fmFe>-dU5`m@xrgKWU|_0$$C25^m~t{g2u?%
z&aQVPBMHX_-`@PrT=$!uJ=}OMX5e{M0!H7q#i}TUzJT#eX}!kl6Xl89U|I?OI%Lrx
zZ^FbdWeC03Z}#{!wRyB^=GfL}_WXF<@$6s;(h^A#gx4BoHF_KeMt`LWPPG?=lR=~J
zbm{o}9{tfOkP!n-b7h~+|Er~}^5Gm-HybY*#viH0)I&4Z14F#)3$Y2yeU-Wad!-G_
zF7$7Eu<|1L(Qr8^Mi0JzwB3I?4Lfx@hA*gY9bPTJpbZ6@#L!Fov1K;W*>R5q3$)ek4!yGCV2_FeNC%vTJn_Ph^ILYYzOtUY2$Y9+?B0~VTP8APvdz)ff
z$S8nryE0QyO;U=ilo>xe>#mJ1Hlj5oT2e`L+!*fNFkUeeC%{`MkUZ7kkFnTen*2Vo&$_smeMHwY$BF`Ff1~U7eB76v036Lx
zX{I62zlYJs4Thwije!6Q1}HqG%r4#5UY(J+jgQHjV|G{6IAu^sMn_WCRM~OThf;BV
z9i(@xjuAXKJjx<8mh3!h0Hdej29JHAV|^|*;YK}08Exic8v;&O6FkPXx!xYCR*iG2
zSI8e_8|CbCTsFc4&n9v1_e~yC5$rQZL+yGht#Fpf0GB5
z(_DoBjG+=4LYd7NxtPu0gJ$L}5flUKb~6pM*J44howdF#x?$5Bj1&yzRSNA_xi7Oh
z+KtslUf@vTnRX-3hGk;XCDgrt)haztGLequ9E>hzBD`8%K
zT{C@p+`l+ePxmk~6JAm4I=E=Uy0TWN6Y3tvsq25Q+(JBI;OnRQR)^6%3PFqUkwPcr
z9^u`|E{j1G+BBA-0#j^hj;gF3k+S8p#0X)lZf)suX!ITX1tl`kC7N4BgPvs<#QR6i
z>nc5Rk215mzyvi#xzjo?0O$ZCkMY6m>_8Fq9D8*tcwNsrues@)$_M(i`%RwBN=7fj
zSqc+g8Zz5l1%?ka)L!nuOIWs-(yJX+5u`jhu>Qw2KcDG`?Q8gL-@c$XS`Nha4g9aoUccCnUP!9O(s&Z)Hps1beaTlUWx>={V6`AYz%D~D?{_;1hx}{1
zY#h3P8@
zrO#`@M|{1-UZ2toeuBY>AOc`>4HID6&T?@f1D8bc+FPrJv0%JH*3F_%
zdS#>qaVjj+zC8Jhq~5gR_@IKp^P9>34E~_Ej9|tvf0uSeJi&UC9g5)hcG^cZzNg#F
z^4vUjdvuQ;vwur{Fd#{j)sGERi_KJvg^gsUZvU<3My=!ZL%ljYDXWWPw7Y^^ouu$_
zq4R8aHcPDxfk|#NVO~H#5s7LY^S0rknQF?>g@Z5oX9J?{DTB&lru9O*V<$q6?CJS=
z-_wpn=^UhiHz#MLp4d@_mb
z$1LVk8FSN+cyZnRCpkK@q!SqxAGxVo9|~8zEe@H#TXBtSMyIE|I+ye4T|73_?`>x6
z!8nItZOMUJ_T|_kS+r&E)j4fu)jI9pw}sjr)NwodkczrW_=zB!*AlyqW3%{QB^Q@dS_%3Lk%eZNtTUl}*Th!mumAvRxn*S;zE>fu$CnKsKv*o38<%p;0A+fw6esiM_7+?7ION_jV4`M`ao31l+tVc
zfG@*j=}0nJm`}H<74_R;7s(Danh}D_WweB5BC7rFOOI1@cP^TA=59yl)+jp~Tn+j)
zl0$8Np$>&^PTtI0=cQMiK4V*DBYFCh34iT@f3T*dwdmuMa)B`QINtl6?o%2I4VQG%
zzsl?QeLfUTH^^7iI*+zE=pNe+~lnVp%|2Z10>YrOV^$eq>XlTX=fYKO^OA-o%t*{lp=^r?bWMz2k2Av*f9?`xV3}yQI(l8eqt28+>7pe*aOZKZ-ipPh_eO!?n!B7s&CtX6zMB`!<2Qs
z$;uf1U59`X8)rSisX+RpO6O<;(tRs%KZw<>p!MUEdi3y>gMIF#^vmf+b=kGavb%>V
zLNQszc%oZf7Zb>1EaVQja{=iSMQkBuq_H1GkRfEpkt_N4VjX`^NuEs0GK3~>;
zc*NSi>>+cL^Kbw4yXlxjc=K?`5MJJ0@*BfluaJE^4asArRDilCs!%faG%Nq&lReU#
zf3IF{Q+v@*%&YNXNLRYR-erKOn@d@JaG{kLNS9ACQ9s%FRhjSuOd&QB?;Dnhg%Qczw@<_&EikL?e;2SH9z=ce
z1(r{<*G8M?+*G<#@qK*rkU%7w*Jsy=v`Q+0Lb6b}*R1EuyRv4T^csMCo2UA=q>a^m
zLkKcwaJ|5AM1WDHus6Ig7uDMbI3CDH-m?iV4|A
zGN~$_NbPX2ud9w5&EMXzo2h5)sq3`Q6Anyn<0XEHy*s9A-t(D;-9}639q8H49fN|}
z!D>d&;YOv4yyam0m1v__S;d=sYCYd9^!a0%o8KeQ);C2h((n9iDsorG_w%T;JwJ;)F50^bW!01LkPBQ-(aoN`Yq2-6~_LCuQ
z;wOg~-Ik*P>iE#yuJQbH7i$^I1cSpaWp>9LRsiF5*UoRSTZT`aIzd<8`e@EGRx``%
zZe{ktTpF@fkY~!V#9x0fuQS1Cu$}f~CT-XsX+dRx
z0*X=<5EMZmG^KZxA_CHTS84zuBE7~&7myC28G7%%WmSsQ&^w8=&-o5`j
z^UgR9Gw6)+6f3(Gec_c0&U
z{hh%v{7@t8o@8$%2$&Ut!ME6e?XDZh)@?meUmpwq$E>*8#|-BYVUzZb?yU#srJVnh
zUhgxJ-@dNNF|lR!Sc_(4%$6NcfWCKWjJ?i1xviOGjp55?E_j*WvA5)GxH6h{xd8dK
zI%LLF!uc_B*u1(b83@P+n~2f&{PweU)hz=JunbuxFFULu3j$S4u7ZQuwO+Cj?@s;7Lc70y|l+tMGiQRN&GJEkEGkux-MXG5`x@3ui
zWR#~w&f2u6GmqU!ZdcZ{`bX>ArRIHxKVBmIKG`m$bUv-4(FK$yj~X&p7ZZ6$c6>rD
zTJRHlc-)GuPFH|>Rdpf4eUNYQoIbJY65Mz5i{n_p(5=_cA!U0Ko0})B^YnMMF1CK#
z{?yc?-dq;p$jHq{8ut;dviicqB?B(Tp~qt-CVCoUgHves1vlK>^jIMTS~3}dM&9JN
z%;i03%9FJxomz>zYNulOJ=iE7*RH;7iBGyJpB)VaL>R9_|I{_pWh5hC3=l+ip=V++
z6W2)P>;H_rH_a~MZn&f7Qs$o}e53h!>WBz*?UpiwKS=>q;&Hc=>7D%wYM?X5OC%IN
zLC)5=$7?lcY{4NyNZ@{UmLEZF6aMYMA2(g+4E~<4F+wX{$`b(D&5|<^?F)ws4o+A!
zS@@US{F&PI;76z#QDgyb;Lk^%sC68)P|yFg(?6Gk!Mt#obq-FZH#+KX8=okTo74rk|#soNYWVRLdk3
zteM#mal%yN;LGgu*;*;)k!R7PFPe8JGNc*`9o&pX9~`{g-e*})Fxd(T629ysZe9aNBa?ozV4D;5WTPI6&-FiNRi2tf**2EL!K6r{SexD
z@7Sx7;Z|>6M)fKBnjr_?Rx8U=4|MzbK+QyHp6k*_sBaDDgn6paFbaPV)~Quj9fY-X
z8dJevNpTExMP5obT&N-$SG_!5sgV6_Pr6e13@g`M<6GPb{sk@xU5cE9aGUVpRoybp
zGWkqw2b2|xGfCSftGJEv+&2;Ms`h*vz{9?Io%&!a_4w;IW2t4T*_LRhtTz+x7H`sp
zRC{IkKmfC(_~Xk`dy_w7XN17H;@7gk2o5zf!lDYtz`y4bdMWLiMlrsb_
z$+0&*W5_=$j$17~@b(=0Yu{5SUW8BpBnG9B
z+()YH*oP|F5>?h03?`4ker^K0iFNN+u|#DZfMW|#1xytsjZJ;}@_12&gR&NCo&s-K
zgK!HheYO#JFj<%~W2T61?PWI*dg2n@;RxzzDrzlP0S5uxZ|6%vlBO|su7C4reOEea
zXY#|NeoIZ+P~NPFA{8*ob63KxUj1P41@LkK2Bk6R9E+&X&ovbWIKl|fRencQtqyQE
zN#{(fv2&(R>M~&!7nDPFIs#na7_^^{Nz^5_%I_c
zy~DvVfEyNzZ?n>L=$Zi<|L>hL@UL@{BfaQeEg*l@`gy(mC&3S-^;egQWXvs>&%Kwj8>j89Tcz?4!}2m
ztBTmQ@AnjhTxJjPaw7CvW|@`ReK|e7@WmH|Z)U%}+mY3Ic(m4P3Zx9WnH~aG$Y(d;
zjr)0W_1gEte@R0BU;i-0ATrsRi9_HA4jw3aPxVvE{vp`~1%S)K_XkJHO0ax$RMeR*5^qh=Sxh?Jkj`aL(nLWWmv_
zWPxEo{s}&?+e^OkO5JXIM|LdN3Th)dnC}BYvj)F%R0U(a(yxelWBM-|Qknw}9%&d?
zf4+zT@Q@W77Ss7M3Me7+Up@nZe7PAa(YGm;viJ8p*mTb^ox_{XQkk;B_DM@-Clk4~
zJ@M-7(|ODvJbokP9fAAJ4?G%G6B+mDC3oBL!YJ28%ZN>z{bh2HZNQ-R8}9zHH}K!I
zM56m(Zl6Mp?}D?dIj%f`(?ZGya{wqoL%}7J;BbUI|MX%7ILGsBS`UnAn*eS{y~mps
z9p{0Bh09WI3+#K}uj!bGy7Gt5%cyS7`LxwqB>p9A&=fLPzIIT
z)&>M7B2RoR%qEZX-mF9O8lTwc{BH9XaqH2A*GgpTsVw#nWiOVVm8tmHGKjYI=|*sb
zhhvQj&fEF!SxS1Y$FX|^AsTB<0;p@RY2{sFOVVkncx!(iFkP(!6iKZClA;F&i*Vda
z;)jL$10JzMYw~&%175Z$Xr(tn%0zcvxFbV_+A;jxa9q~s?eHZ~x^ThAZ@?;3(g5L!
zvAVb5&!#>)u9loHVovL~gNiO~f#2@^uN4r?wqOsPNJ;|z0-kcF?=%=eoPhyWfc9gX3_dbRjwHa
z^ycXWJG&vNTNMC!_p+(?8B1pr`2BxT|JZ+@9-G7|p*Z|d#My4$_Pe-K0{4WgGSgJu
z6;JSniu#0WPQFDV0=W_UGpP*yOhbxX-gErcXMp@TI_QdnB>u*IfbPr{90ogs2hT^o
z*In?f15)+Z2ArIe0iL}XYDf~#+a^TEX~maE+%djp|HQaN1T6pF&?V`-EpC%}S$|No
z&pNws*Rrm@BaAgsfV@;(E%So*%jSzR1x3@q>Vz0(g&>*Tz-@>JTK>BLV)9T#+V37!
zI{y975zkr9p0l~UET~{zKFiGGWHp9*(mDg*Wd5L)vR=OZ4ge2)Rhk9x`H>$6W}k)H
zE#Xb!R`jMq%A~+zy!rTNs3L=(Vql%K%wZGc?d_|ohcck4VEGy)dWjc?@fu4lg7@hi#
zU#7>xY&9dmm1{o@C)?)a{g}_GK!GHohHKC?L=3U0ykBLWs51zw}HOAzn=CQsgS~WSRGck
zOyYj!8CtgcDqi$mh7FmTTs8q8gZQBxuYf)}$AdAR;-$i#4}2wp%(A)?TstrMN7?&i
z#J%3o_9F71rKr2|MMQ6w%Ume~ir9SQij1@(7^Umq1YI<1?w8G83w~Sv>q+%fgZ8j}
zvOTz7L7_GC3L^o46t8bey9aJ_iXhp9QjFOt83odsSgC7X|2|t
zzZLVCcmv>(@HcnbvtF)`n#B>udlv`H3b)_llTiWS1&lz|D~KSVwKWb~v|O{9^*!Vs
z-zp_88mQOSAEOF6b@tC}zgNN)BvZRh+T0mM?|maa)MF9^I-wmeE1#|~nn;)`xC4nj
zFrhS+j?4b#0-f>AH{uHTP-+IK$sY`fp8m%)74eQb@nucXfHc9!aFhADfjSSHx0oHC
zVnf*E%<>lj;*mTUfukC%H_x*m4?g_G7tPP;kl{8#nxJ9D%XQ;|qDNaR$$H&Smx#Wd
z&VDQUvi>Kh8PW+k`9vPtx#)`NsCX{ko0GfF-mG$QH>G#m4D`o<^{y@1q?v)5-;yJ|
zKKmVDYZOoAM=9LLh)Pv^gtI@a7FBSctXcveo7&~u20`utLf*!bZ=DYsjWF^O7b!0hx>vFUSnraTs&YV|GH(?t2tn@zDj-X
zgql+!@0!ufm--rt#s?%oeTpychI*tD|>OaO6bOLCpo3(P1`g_Qe#$pNhOm#W_>
zF}Tz5?1J*wGGtY%9Mj$mOr$fnRdapK}1;i8oQyMTz`T=9RU
zR>3iXH1lB7q%`7<2kkl2l6zmENxF-l_b=ae!YTrHIyPC~=ax+%iiXXcgBBjgMPR~%
zB#`(&oHSTL+t^2MXlw^nxV+i?h2&2v7j1QAzOXLm)Gr7MPX-ErjSju!K?SsA+!6y6
z?3-zut}!Oizk$@N=j`;r3kN^Fu}&1l_e=!wn+<)dciDQPQF021W3!Vb>N!&0*}s@{
zmwUIR3-R|?1PcHpm5#zN|N8~npeE{E{uQQdalIsu=Uw9ioLm?bh)ngyS$c8UcDMVIoM<{v(Qk2`5lqH(^l}G
zvR9qVbOTygA06LQY5M{Fdp1Xd8Dk#rPbmHBs;Dx;Q(o@OM;bec3J#iE`2(l)Y;I(f
zu-Vw!T<{5#Fu#nq{e4jV3vCQJhfl>ks>ZCB!KH}KWh}**D#0R|aIBks(%VmQdp!|@a>?QDTB~>{+!X`7W({|0e!?ai3WiuJeQwkD@1<=ps2Nqo?LJl8YxM;q=Ol{(=#re8
zBX+d4Fq|+rgLeAy&`JwhZppdql5&|1)}!47Q~6-@FAET%@Yn)iAgf+E#;`Xh?|;v-
zaJSd_*yv^u`n$iX|EsWX8lxzD+5~H7I=RTko1~M;r}kmaD4Y
zUrXzi$yBQc;F6un*cMferT3`dRR&3ArXv6qX*YnsPeDn@51ve*_H?8lUcJIIdX{NH
zA!(ukW<^z9K6-Q7vhkSsnL>vF+Rj=ILFa>*4&cFG3YAN&t9>ikgUnSt
z*u0OAT>AW*@Wg-9=%hP9ac&89#s3w{yg$44HpG4qKq)T(zb}i%mv$bBxObTh%J70#
zkIQq-rcoh?FbWbRQZ7w)u_jEF-v1+B&skCnF|b>ibcpDbTK#YPZ@(4fRJ|ppSP)!?W~D
z5D041ebU2P*47r2tb>b~e)guo9Fh
z5Okn+KbOM+2T
zTJA0XAxwWfu0Xe{r$&s^wAVWvQGtxuPaKN@Wo(GG%u%}`srb&xTe`kEOegX2$DGfY
zVvXkE`oQmtwGX2Ip*!V%G&%@as@yw`0isOU$jO+q0H-|IRA04pMUn5YU&UJhCLzeQ
z8p$oRa#3$T2UuSti@uAzI=Xj^zTGv*7-*|PNq^cL6J~_{bYM|h5DJ^WJ{c}0K?8VU
zji9jWfEV`g!VCLl=Q)$>>iLz@fs=6K?aWlj2PO79kwSd^5-o+-2LKN{`-~D(q~^%N
z1+7F{v_!M#@Tm*&^{w%!ATu9gllHqCDjy##zkSdCb1^rsuMn+|&nY{+7RJ(jaRZ%<
z*pJ`gqo{ez2Lgnbb2+GHQJ;afM_y8tu?VIRPkBL3R3`_twK;Z94Ht7au*oU3TYRc{
zBHYsbXDFR6t@pP_A|-YmVpJgO?uzjW^Kgb6lR@UwbDo<;2Psw6C(720MsG2vA^Kp<
zm$BCRq+Y=PF4AH1?J_SDtuy>+?I`6I9w!v5>uiUOGr^8(;()5N{8
z*~Y^;&elt%za4q?KMd2-%G#A=M_83i-7`Qe~>5I8M2t!x3??=-5Umr-?k!HyPV|S5Ah_Om~qGd@KM;~K%
zjE+c6w~>@PwB&k>A39AsidFGo0`gVE|M_{)Shk^tg}+(}jr{O^8~Qws65LsEjY_g(
zIdMdvLqz)E!hq739^MH3y-qB4-x8V;ymTzqmp4eoW#?)
z@1F`)McoWRiv9-$&v%i^(>cnaiYcNFVp_1r@bb-k^O6aV<$jaM$qe9V;*9Q7j=yn-
z6Z%nM=I%ZrQUH({|EIm_744r%sU}Whbk_#NUe`9q0$Hnc`sA9W;zULxYTdc1DqBHC
zfXRBt1@}EX>>PvC3N1XHG(2(~xwWE4gC~@lqi%e@%LEwHCR8mxuWl%Zmj+xyhisD<
zdX=Dl@Ph^JZ_>m3V^W?kkqNy9GK_1x`FJ`}HQP>~XM$FGKoX78AYYLp*
zP}R7(L^V0*{rTDg{r2PuHqXyx1zo}n3Jw_}5<7W&O-HnZ6}Ow4YzpgRB$}Qbxc&qW
z!^$Fji|r)aeOLcn0U23wr<(GL)Z9USY%TQIl8?6MGn6a(vdNS?pIm{~ZtY*>s&X}d
z9PMOyDt|mkHkiMEzGP+N@cho}Ut<0D>Fus7+wySeJaFbQdjZ#|ei_GSM@_G)XLE?O&S?<_%zbx!+
zL^pkK^4V$H8&i}XsDTZe-99d9o^G2(@EQRo+j{HU>Q=8asTBb|l}5-Qu`Z5+F~Rbo
zn@an_CkXMDDD*St;cSvl&!V#3PxEG?pmJw8u6mXBcEUT8+83{-QW}*`0)NqhGH8h?
zIKO(4ezJe3Bndv!LB-Lbk{H**e`
z=gaeqHpfyak{Hk#EFif&Ch^4UPVwXj)%h$M^!nXm2_JJ#xTM?nfMzZ^)aDrb-B7!P
z1p230`#ubz8a#=H>P6L$06}e_s5wT%h__8@
z@*z!V;cMb?@;dN-Q;stAcDBrBjP&jNmt_
zIeO!V5jTdLXk2+`iI!K1(OpRzQDeH{G?AO-5OzNN)9QKzG7IN0kl%N1KQD`}b+vdM
z>^j`TM}t)06w&fo65SXFDlE+ClGlXyM=~=&}4B(5Eq>+w(;^cUXq*qUOCKC_)
zOGZGm?5}kIF-9`*&A8ekQczTbLj`1jpHKs%j?NnN;kCq25Y7jkD)$MMfv>W?Zl2+b
ze~C6I0k~(0-2)+zj{d1)d?vw+LuS8y3b$l!fOa@Y7RYghsAIcWQLD;+OL$kOk*zvv
zcYD;%HcBlK{Ij*Gxc&U3QN{l_e>_cGz3Y~0rC(4o&-H917zNdN^LH&9
zE8f|ed|`+CVs_zUD{ffb>Jhz%0>t*%cPsttiC2uKR@DeQE<0;FhaP(C@{f1%KUSms
z{jn>gL$&0=Vv|T$CK>~u2?FsL*D~k+ef4JEP_!UMjl`r-v*Gd~`v0QW->!d1Q_npg
z7^H`pym?M}?@x$=JHb$c2Q)&sv9A`p(x3Y2QA~h=u7qNd)2rF;H0?G5Ht|L$LMvU?
z`$MDY>bW5#8xePt`{Qq?8gtKy8h|=_xQVLr{EIoFvodIYrYV{_?+!2_=_S*XpnN_<
z&g(m8Meb`+-g(N@>Es766A3Rd$VYY@aC&IAk#C~hH@{b>Dvgh4ZIX}t%%?%mcWVWv
zST;mFD84aPnsc(QZ!s(P+}vRF4E?&?3h@ltDv{D|(yW`J;$3B>YP@pUWF}4ab;>gC
zD(gYf&LS7f{*wiudmFXlEH?ZQ$<4U`ngk_Qzwb>HcwqCx|06D>(9O=Fe0S@ON=#Pn
zX;}*;FY+B5G}vA)E=3Q*^3Jgi2ee{8Jd<}JeO
zNm{0EW`Ne*+i3n^vL+Zr9dPgmTIu(+u{|m1Si)qFXQzPUTeH#n(W;`QDtpG!g0^3I
zM#8~B+TF40&A#Z3h3u|HpKh@MbI4hvunDKcxB7jS)(E*p0YrpMmnDSAoD%SC+M;T|T4-7BH)j+fzqA
zqPZ6!OOn>#3+KpUGT6yIa$ku#-uv>5<1L8uaBD)9Wj`)mm
z`*c+oeG_@ok+v$go)H@GbibOdNPln9GKOAN2bJrb_2HTnSseNmkRO!mGXRg*0&9g%
z)#(im3v6`cLxy7|e&g$E8ZQUs%*W$O%>3%LuMemMSv*swpx33(e&M5G(H2KR{}tU-
z=Jd2dlRbPNFXjT?xaHPKJ$xeWipov7dc#f^Uf{t`0~^kW!l|(Nky@+;o
zd=aJjg5=ckmYE{>yOz9q$R195Kh&V4aQ-hNP8(nbge;;@X*Ihd%}2(hSe9`d2*MiL
z4iN0tbswJivmU-$6{xjqIDArOE($AAX%R2~ilk4TPit_lGzbqLD@{J^_Ky8)n?;L5
z1d@J!rRo;8%;juT(C=IPVbKHgY2S0L{bJtCr7%~o6j`AUnT`Twt%A*NcJr%QIs+{`
zx`Dl6nfVVE;W+%gEpPmHPv>x}LBm2{vqeUx|CPCe$Ql)djhwv1^c`=?`UA^UWsQ~m
zq4dhH*m=<}aYHOyG6BS9tUR3D*&zPL6}Smyvx$vQZxWpDQ>y`m{rXpB&T_GyL^1i4
zCo%a@fk38ALT{GK);ZFg
zBmip;HJkLaJm(i##EtgHs7)7`xW}BwPhV!j@am7^nE)yy4~MF`HehqAvQyK|a+sBp
zGdqF0qZ)z5hd3?zwj=aMdevBO7Qfqyn$GvxY?kaZww8GAg`ZlVFKzr~nE{^DuDZXu
zo%X(@EmBS%fAD&OT(L-}%{2O>cv}5-?&~G{Tak5YE`uGn$5z%$Tk$k7UlxWcECMUg
z{B}>sWv+SDS=38s91H=*D`=LBWXM}ts!7JF1;(v7dgZ9SkD(&X^GezleC2P>{hHhPk_o$~W9;-YmG>yzM!0
z`eb6QC_?=0t}zsHg3{STU;J+a0(TE>qIj%OGKWvgipwcRN!JGYb5XQ{+?cRbnLY63
zV%;j4dm6H;h;sDS(Sbf46j+;DGaP&bA73hncNkgEElr#4H_S*ix&fE0oLl0)5G!}n
zfaEbEcHs~4OGa_tqgCN1@=Wx6dLhN0`c^kIDO0jlY~4NW%STGRX;tOsXKM2u6{|s4
zxH}Jf2{vmv!MauPcH;|z5!gX}rqxjhBHkeD&=9UIaufZ;e`Cu;Du76KPcA6^W?nvx
zk?I`uq%w!1uF#Q31U=t;gR|fT_Uf6)YckPd{^Xq2l}1A4?ON-l=c>t`Sx7j{+aUH{
z*SJ{IM!vuLY^7xttndZcQX+`2&S`3BwVoEhv_KdqP7&vfi=|8FNQLvgxUdj6G^&)1
z)R>hCxF{%<=&bwYq-`0&MyJDLS${|5pKhY5+5nu!lld;bCcs5PN7SU;$$VEP>hSJCLXh?g$+DdN`t0qTRNeG0;u7*&;1S_hyM#Yy=M6>k|vqpEyVJhsUuIkK_=a=waUdY3i%G
zy5^fed-r70)BkC69Qypn1)$y1pvE77CYJOpi{0y>P&lakAPYV@M<@a9?)A)OT5vp4
zwx@%pm0_SpEeGJQvwXFPO>+;(Tg2-WgxQwLbPMF&w$LY^6n}U?_|&UKij*k}hSGyp
zK;u5OHAcSM13}2)LUF>2B)`28g#LZYv>$3802E|;veb)q7N}z95{rhy5q`F`-S6EuB`3|?E4EmQWh!&~FBLOrtaq_m+0>As
z9d-%r%|(9DQ^KbrhgGricHn1iaQXavl_QG{A(-*d|6Mi{++>@juRTR+fVG@=ofQO6
z<=QjETea#sgXnJHZ{`6hZBdTI)6EY;uo6ES**DjDDW-uw?BNV%wWB3T;6k~q$gf41@
zCCQ_;?r64NvRL4pw3=0|7UpCZSZ^C(s|^E^~r*@@4i@sgkt(@Wy9Lqx>g(RDa%
zKVlVyp;66W6?ge6vk@6H2`KawSo8IHBjDw&QE691iX^K?WZGN-iG;ob_IZ`M&4r_2
z;GeHr6!7T}H21gq3_1U#9q^da2*BBG;w>IoAA40~9va5%I3=&FaWywN;rs9EBc4wz
zeFJuRgbP|TDl>U-z-HH&RR1|9f3z@0K9(i_a4dw&iuI}bq`kq?%BQZIOi$0GUhvj)
z8{`Q6a-=H+5q$sr%u`N$PvD8$_$D;P{bZc8^e8%3S;9|
zIyGa}woI#k82{h3p-28g+$D!PinOz&pc5H#DH<8lC4TV4&c3`>-C^
z{=@F@%`!vPd+U$j+hXnnHYa34xvy3WR
z)F9}7e%?^)aZ5~i36;NC8IWmD1&q`;a5|W8d3ST`R$~$8*NJ8m#Z#v)aL?%D3D=qD
z)OEMf%PUwGt00kxnT9wLAwyRgf~)!jgznRWAW?9hnsM1OquNL1r)_)PNS4G2S>RoP
zdOtfk^*40Dyr^zyz1{x)QuTmQvFgnqr-5OlBT~rB{G&|n99lcSxqY<^7Bf=Od&-X`g_7Qe07R7cS;T*d<
zbA&@59xwA8jyC^ATI#)90i03mHYbbzI`dTc@cjuUn_B)`H)|ZK4Jn_SZ+-RicurMC8e?42Xcf&Ox
zC(Xaa6E|P$6@7SMH-OGUByijYu$38pv+yiK
znqsdv;}!ZR^|R(bHv@ynABwPS6V3OHVoi+E(7~`s;xwK6W~VxF0Q097Ed1qTXTpA4m_bDF~AX9L_&4909uLL`cV5#lDNX|;ln`CdT}dW?J1xEe|~
zf8+9tS+Votmbta=j4a~gK4R^6!Q<20#=U=_V4{}7q~Xi?v><*YEbaB&%X|zmhh*D1$Ip1i?Ml;T*jd*zJ`th#`#nR
zo7@P0S$+7+6vCCZJvdPS7a5+$?Qjzh9U`acURdhpDaYGXE5?))gR?2^&$?@vdQ==q
zuX*CfZ2X7k(Z9%d+Ke7qIdh5>WXNlAGWC|+1b5n@
z2s!ILk96TK2jv#}6_JN3!vKe`^SzL}(@`0i#}=e5WlRk>L0-J;h_R~6QFpl$Q3;Lf
z0FUi6Q4Nttlsu`?ZwbU&nykTZ!Fap7Mvj#?kY;T_q09khBruVe;MsdKRV1}5P)y|=
zm5~^RqI>WW4Xn*T&w%3h_dyF=gEi_hV@>6pyqK?J3Sh$)#1RebXa>OH_cp1!fPzWt
zq8Uaw4Gb@xgm9iWyAPbcu=u7`9+AzniyhSQ$F+?UV@iYmjEs}31ywcj@hnUDwjzw_
zYM-6_u)88E>5K5%bh*fWUQkfy&kPl)RAh)&#v@5hea}>BqW=m7eRa4A-+_11VGQH%C?`9oPOAf0$9OK<+S2+vOQpyx}UjO^m#-@lT
z59Z}ICRzM{*W#x>*XGRG&oUScV2a711Ja~y(}9-HwjVb`gOY!B$xtI#AvWK?2It3h
zM(XyY%&u2;9j(P)^=yskACzR08`tA@I}R-8*9bB?Wo|^cHQ^loJZ>`T5LdQmIXdge
ze1&1SNBI85R|L2qno_H0(({=J1we}ry`?e_BYCje-C~Oc;Z@&K3QCDZVF7b{@=1Lh
zxtDoV*6U(v+ae%H`OyeDmM340yUJ$P?!uLN4V=UUnmE5$H2S2vmT;eM7unZIJC4R=
zNp_TbKMKg^)~#6
zh&OU3GtpbQyGjIi+7jPNVcicVjd|Y-?VboS7kl}SXum=BOowV!z&uwWk%=NXPd{+H
zrUuqKpJ`z2OC`X)yVGHExX|w#;cJ(PZJkJS<-Mgkt@bPHuzUZc{b*$ILEq$?Y?aJ)
zUbE5P$<4zhf?oNPDw_GJR@{s%3u$Ee(S8{_Ut*3DUAqab6{k1uE*;b);J7JC*%8RW
z@a9&L1dKqO-1S&A;dr#FBd)Z<@GMrd)}?@mmL%Z=pCs}dDEOS5cHGm)hBMk?_fEYl
z3`yQ!a=Nufn6a90!S>khP02fvrNq>){AOYm>JmZwUzTc=JKj?RJLce@b^V{*`?p(;
zC0)V4(;ke8prjvOJ<2_;tI0Gk!bs%FnNK&M&1~p714se)PSw1bhH4(Vt>Ch~)w9&r
zSa91$mft=bLFhw)g$rNv`QSpKtr#CQ3CMh6|Cqj6!_sk5GAnL~I0>s*2gJ*0rPq|d
z{$&A}?<)}!VpcaPSl@Pb`gNvRRFgv1h8RuJOup-^h#qlB0Y
z@&kwKMjSZL%hao{7o|U~P1p0&<0QI?_-wX&1XV{F(wCI|oy}7cdU}k85j6K*gixH-4EYU^`PEuTeX|ShN&bCYyOLv^1O#q-au)C!9aM{Q`s`
zR;Ktx|0-txVG{;AD2fe8z*L}*B-Q4c^p3@h7^v!HXE)pyyVF{LejG&Zv!yQodobSb
zh9IM8Yi#4sz18`>Jr4)Gv6T11rB1mS^LM4d!Dr>rBO>TqCZ9lgNQQXK;hxEdxA@<6
zMn%sPr8z@yrb$H^CwbJXuokMzzf6)3`E_<5IAZ!?CPBbr-p1rII|?`@AXok*Hf(ss
z3wpKW?04RC&u|^xlAyX8ZrneY*b$ZKS)h5!@l?dgSeA(vY18by@a#k6N
z%(vZgX;Tc>CGNR5U@_-9*Q)yD2GdAq--w!ayQ`W|@er}EOXJX(4KH8q=ysOEv7NFV-&r@7_bm1f~~md@^^2PB9aban+g8s6E{
zvE8!%V&i)ELO{)5KdC2j{jtSs*thwcNdM3k2}{Dd@M__27acmIauEY=qX-H{{iH{q
zOxD(G-8-yNRkQ`+c=r!??Mbi7oT6p7AT~vWEXD3H-aJyG$6ra-Z9CBGW_NG(N=1u#QCx>s|53qS6A1~=i3ZiBvn4&i
z&w=zS|1jXIAbwuZUirW~3PCr;7&FPfUE{90)r(Mfm&sG3b8q!Q_?7hTAW!EB??e|x
z)9Oc1%b#lHSHhOc))cPX`;sP0d~fu?NTfgOnA$n(~*7R~=|i9}}JOR3~^@0t4Os^`x5>-G+U?(p5m4U{-6xLZp)ncX
zYHJu-5IL*8sh{?j2Q|DCxQo{vZlR}Y_ZtSHSu$lZFcL-wt9|OqIg~m*DcNJ+G(9hL
z&vA2wI2o#9oFB73^g@j4;1byhSf
zQ{muk5u``GD^2-~X-*Uf5KSPVuc#D2-1!M*1MDv>t$`ux3sMWI{9OdLg4CNr7B
z0Y7^-Xsumy?m5ys*&tB9&b4ewMb-hhVQk9z&_n$>jvPhHLX`zUB}x$!kQ7f^BRZ;8fE^?oAnoS%!*M50!ccm9dLNf^c$gv2BMy%|1<)p(C){q|H<*
z95~Ns=6r4sBueqiB7I}OaM8e&vwor;VK!z1E`RdpH7VuZK363fOP5?9@Y{j31*<^C
z(q2R#;zCjZ4NGT<(eFh*J@BodixoTQp48CPv&HUSo+q@OTRZ_JO%tjJzeI|0-={)R
zYds9@@45|idPM^Dy)?cy`*G5P?w42oT=Z*Ff%Qa7{%wNSa)&PmiB8G`{6%89UQC6F
z@|B$IfCtBfz&0fIX)xv^z1v3
z+-0GXWud%u%<U+9F?wj<5doly;w~VQr4*AI$F+o_a)f)u;@XXn*kJp%1LrGn$)hoz&_7nEHA^it
z8kC62LB040|KW6N0FzSe^=cZhiAh`Hy(;0z3f-
z-+=JwiO)a>miSp@7x!kn>ulF);_V04*TUoD@VK+al->mG^Qi$1C{guB=H{cjiW)}?
z58@w)hrO$_Lj5?0e`IfneujS)gt>Ukm=4;j5I}ojfkA
zS0|u51e|r&t6G-1Wki9A_@1dzw)~L7{_i_vUrlvG
z!si#mcZ|v{azJI7U#~0qC-dc3bJmct$FeMHU0MFqrfa133MJ42j$#)1dg|rVwaNkrR
zn4J0}2x)<6F+t+Us^#yS-I|%XQz~gCa!_T01CAQ4gV)WowIKryOOpH5IzUX@d~0my
zY)TAu7iK%gH4OMq5P;7chn}ff2Gj*ZjZI1R55UpWc%%*~yzNLV`NRPQUVVt5c}iop
z-*MQrEWN5yZyc?QEt+;Tq;=&hi)yJnx8kGVNLJ6J1}Jp5_z>daR?N
zMRN~hdOsV-4wbHYr;ao=ZW16x3hN`qx56{&_Wq**$1ROpZq{y%#u&bt0R9dR@fXAfs+u))d|&%<+;`5D|*4%hih%ID9DxE%L?iw6o(9M%}q
zMb1e6i_&n^Pd}txOT~;}nTO-mGXF+{PV14LlG0(WC%2+5T-~stfVcCei^(-BQ6&mb
z&QuER|Cd1d;}V?nt-I>Y9D$}ViNhQ@|!8>5%6(inlgAfH+g
zPZj-f@6HT*t8Dc5s=7G?$0(Nn`*F&eC@Yvavr5{!0tMYb?33=Cf)|Xcx53>M15_W7
zdU95Qb)yc*k$X|FU(Mmmu7IOPK6pngp}9UTvpd^Y`J)hSc5h%(zsOv2`hg)JW1ue1
z@$JW{1VT0!)h@vavXM#}H#*#3ds58@wV^JTNz
z?|L7oB9d;f##u0z!j5>{IGwBpeks(9wCgup9+__fcc0?1>cr(DhB*}vm%_iFeya`2
zTq-$k(bOJ}aS68q|95`?zUaFDH8tVsT|zZUI@r!W2{wEoPyhSt%f;l|s)J8!PyYgw
zl>#m-9@yw-1Qca}znF9}jkCJwM&FN{hk`T^L6~Eed`Udax
z=ez;@<0e-2%6%wkpUDI~A&s!7foWA(smJ1%*)!q_k>k)vMxI4aga%AJ%aZy0LuHIb
zuzkqh-tOyYS$6cZ(J**`@eh1ssHzf#Vq~f?a6^6i6{O~i(F83X)xRlf2-Inpb<2h6>TRI
z14KQsfoI=+tYar5oHsTMsyFT1kPu*jI<(k%xwxV8kQ4tUqxzRa(C~LDGBFNx
z?VvSZV_dV_MrOUu_dFZbpj&_WZjqNh_UQCwxw^)XE_Be()H^lwqFPAbvHn$d6~}+`
zLwy%RRGSj4pIuC~H7p(MuLPncZ~9)ny7&`cX@Eg>_u!l##=?Jc%lbAr|EfOPphX-y
znZK@l-g2xk9cEL=!mK_&BlB!vb3DEWa&FnAAYXAFg%L1OFdxtz+n6lWl-D{BV`pdo
zj4eqFNbsrrZM0XF^y7r9b&u)DiMK)^IW<+4P4G0t(hpMmW-6{TVq~I%K^M?Bd;HB+
zlX!dm#D@PLU+)1=b^HI1Bbk*I$~^YoE3;!~lPxQB%!q?BGD0@V$gv`OBsvkwsH}1h
zk}WNwLb7N4uQ!d;{ri6YkNZ5j&wY2^@9Vl=^Z6Rrbva@hDa^lL`0>VIwKJOLd<$Q
zm5tB6lM6`Y-D+S{3^KgyJZ@Y-Fwl5{Nmj+6MFD>8$ScwXDHa`c>-y1x2iTFd0ImDE^}&PcW2
zyk#*cE6gp~bc$`s(etz{$w849l;&|F-Ia{v*-n+Z*%*Cb7
zKlJq8>u2KaM87wEn9VtUC#W
zGV8NXav~HPKwS3OqpY{;n{Ta2skhDpOE*Qc3%Zk=^Mt1d+$@Lu6$K@{&OJ{g9X~(h
z|43QL$5kGtffmB2109x7_fq|WS=;kJSV|YlRK?zoGE|0P2o<7cVj#G*+b^m~ySqx6
z72zC11(`!QbTd|kXhEv>ua=V+oXw2KSne&mTyDBN_LE+5v@yQoS%WyMxw~S>OhVO-
z{8>EfX79R$GiWy?$XLDVL?6C#xFD$wfu3tzH7i~8Xulvx}_Rm*(*NxOCD}5Rb>U;dMV&0R!VC-e7>5H2uyu}uF
zK_0IzJ}K`EpW4WJO3CV0P+{a^08Lgdv8Y$+{I%`3vJNN{PB))@y0y7CGBoY!bz9eg
ztUhHqjHn;17_Nr28ZF9t5>ZRdUKP5#^3>ei>)rfHusP^&+BFQhBRjPL`n%4yBn33N
z(sb$R?>09Ej0k^n=Qf%``af$Bd;Y3p&wB34+Iu->Inu4AjnIXlit_-9+#^Uy@!k8R
zZq<7I$+QN?#^|PeDAZ3}!6%Z6=8m`2Ky?!hbF*W;Ggv*w*k7YLg-d
z!JkJsCxZtm@wT@5m|L!#@w0*RjZ%Yb==Sx&F#Nco$e+1)xf(l+xs5OjkAoBkSzmTd
zzzfgjssq=&BBQGnTKp=mSKp1LqxvMCc|}XJA=@^hL*%(I)ZcD>y}!9x)Z@(c+G))W
zsoKcybo$8&klFcCZccRVepn^Z?Q`?%RSYkEcJjE+mYwc>-PH~5lqz)&0kS1vO5|s-
z3|c6y_hlA#k5+6?8!LHv8jf==Hov{wpwduQ+i>;OeTSm-D1_}?N6&tR(w!V;OL05d
zIT}kT=h+?51XGv#@KodO6e{UeuQt|A1r0jKy*?UUemA+Zq$jlYM5&bbX%J(o*X@^g
zc#@|P?4Vnbx3wq7yMiif$mi3dDqXaqK&5>0#)cJ-_pCngoIOL&Xr*%~e^ArS2V!UK
zo@NFfGobW$H`xiXlDk~-fX#Z5(Z*#4o}6<=nL=?V=aU|X8(mM;{w5;Dfi@KQ)X
    kxcZX@2N0$y;4SRh2qjP)E$@7O0@t)&l972
zpZ}P7yNI*EK_PL}a)UPa4DzP!DLL!SZlBN_A1hvP?5wTux5##_m@hBUb>*-1mB!_R{43dG!uQg2v&or|vRRi<9#C
z*~}KO{jY_|P6i={Xx?fy<~JWMUK|NnOfKQcmNb({C`>*Lwxp~~qa@u{mU}|36Unpv
zNaT92zuUjmTr#+-)cSKvSkn(NG%+>+ZqLo;X!e^z8&5XO&ydg=eN(YlUDg}F;+NVgDoQE2Lr=4(s%6XG=29vpyg5g%3~hn%$IyRfR7VZjSFgcVW61NQaL8mtX%x6_w|XLy?dBN{?>(TMeT?uS2uL>EuUNxSen94GR7y_
zTu@{&q_%t*IQ4?G!f{qJl4o^6)s#QYT#8la0lIZ3?_G}Qvr?zQe1smuo`Y9~%^FMB
zXz+aHROcHIw_ienR*dhDt_`^bhI}#nXsxY+MqZ&SBT8iCDUT_CbS~qrh49?!sAC*0
zw~mx2e+taJFYmKeHp8`M>URZwEqBa(m1_N^Ch1OpUHJhoF8h-p+3#3i_!2QtR1$wSj8;Lr
z?C<`3bH1t2LTt=RVQaW)$MaLglv{S`)4r};>&G|Aru!cFlXQektj`xTvB*?iDPD1S
z{W|T(Yu_x<4f4Clr<0XDwbxJr&iW6o16AmG^YlG{nUX@5&7E^gg7=b6{~)UiTBVAM
ziTQDwKDjHXtJ%AFuf%VTEcrMhbY=F+;#Cdp&Y#;6OM?%?7xx>ymK<2O{oX9zcHG~3
zZxCm2vfnW@w9(@1+e4j0LTzd!=aFH@guYr#W
zoX;C33%sec^ScBVzhBh`T0}#I&<3@6I|AW-=~e%c4Kw4D
zv0k7uH?c8a9MP3DkO(Ruq3?oCo}QDOv}{pOpXr&E3Rd!8>9u(TAR^SuF|c+%3e*9-dif2
zYS69zW?2R^ZAHh8#FYk$l5{a)KFxjZVOEiie>5v>TSWc%y*^hwU9sFy1=aiR{B^V$
z*gk{In*cQ#SFoW$e$T0K^HqA~NzevnDr}d>-<5%k>2{kXBNk|$ZQskFHc<47Yq4vL
zGvo0rQ7td`UG~VDdQxn%|!zv*6C_L;~Dm8WvT!i+^zQdo|RzV>?us(*3HDExJ^Fr(%nJVrnEf$tKfv~
z4lj{U4O#_SxpJ$9Sca?|G;4^`9boQ^sP8<88&{&gc>BbiH*c5?1~=b(waO|*Z!s))
zCT5%Pmo!Xm*XrsfOl6hN*jz<9sJ{cAJ!(b;J3-yrKM&no7~o^eFLz^nXg!1`D!?q_
zTm)Oql{d%bg1I>|*{)P20TVw*GQn*eTOmmwyQr-GDR49rF9RI0@H;1e_+=OdtLV*X
z{(RhB@O!H%D4CeZ)t&;Nje`b&w(0py8RA`grKP}wFXeuP#m0!Pg^f=d|
z#dzB@D~L)uo<#+XrLKPCBauqY>u7hwsa{*C{)?o13GT5V!25tt|BbMrN(l)LaH7Ke
z$%KO&=lQ|CNoM$@HU#YU?fh7LAwuHAdt4%Op&Oh^@$gS&0s!Rg1Gsn3YC-nGtKFrTI$y`)^;+h_C$40Hy>X^H
zM#W<{v+;CrbKH^;Cdd?MEYHZ$D1m#6=b|NSGA}q1RB9%sC0HEv_hczTmc;Izj=HAd
zlkxMh*x*WddpM;_+uiMH8;_c02xk#re?FFkL(r`t(E
zfgox+(T7WCpm(vgm}v~n$RA3=eT5)z2(@xh$m1YjrPR#I1Fu7t)Eq<^a@n#GnuGXM
zqql-nr8y^$eX(FVX$#Qei=Ox2(9Rw%YAEO7hK!fu5<1v_l7NS^?&Pw+^9_>&sMI+b
z9diuK$^lH~f?xsBg`_fVBM^c1#BW+O!Oj5%Mqi3I
zG>oBSrB%uCfcU05SLR-mi=K(3`Euw^xR5AQBw~e|>UI&xdwESq_c;wb*Bkk%cRYhGWeI+GzFE#7lo~2|9#IH^XcyB#_U+^bivcY+(KxJb?FKPK$>I
z=b2{p3|AWLK0F^ElW;GljCbU=XAui}V7Z14k_Qrbu)vE3_ynS&_+aMu)`Cjr)}Kf5
zfpqk%Z28CG5tO}>Y?ApVE)nMVJLUd&unzelbyg8=xU=ov5%B7<8;
zpVOGS{_6eh9ISMVl?~E8wsiMihWA(YOSVmFx3cwe5rh-~_ftZ+AMDM$cn*BI+W%tG
z_D5E>MSAcDSQ*>6A9Tv$w1n^AA4Mxo2squEV02(*=$a53x#b}2J1K*
ztzj1qxS6uaV!~M+{aRHs_&+jh#?eNNG&x4K&*wHGOl|W-%|AU`T^y;_QIIASQa0p&
z!(EXwODNk)5RwoVNN$BVh7)Gt?@Kw!e}y7rY4K}Z;_-BTE7$nj5yl8cWl$wJ6$K=<
z(22nNR0{aAsImgK;+|J|uXK`%>SFsUTL~UXz8n&--@}Ilhz1YC!=f$Zm&-@bXkzc$
zT^%h+~jKm76%xpsm<=70%|FM=DZ6>N0pD1*+rkIhd=V}VjZlRSb11ymXuih5nR$ydGq+?XU~M=Prk%N
zWj*E!DG0}N(pp&zKmVF)u-gB`iU^^=Eh@Ml!rg<61UuYa_}ZMUVgU1hY9mOa8ga$2
zN31A!b335R6X@%Qw)xN5hv2ojPtW1Gwrtjva
zcazTof5+Pp`Hpwq#Gf(vY{Kmm!h$b;w?EGGGMYy@Y$ucG2xbmmgE%k36Rrl9rq55C
zIQJAjdV1|tH%0@Su$^i*xJ`GS4x$sU&rxJcFRf7hyE0y%fc$4sJPxBD{BNk;Gz}b8|GuB8SiI{U@9Vqhic`5L$(KR>t)7wY-
z!q}SI3C9y-Dy6`#$^p#Kzx59&7KiZ?G~SE3=Mb}L5LFUI;h=sfS`PjxsDRfXK`1wO
zMHCva46wseQDF60UYK(_f~EG^2exMvRj)~`Vla6HaF1bL*~6=Sckr}vHm1-=>4aEjNDG~bBx{j@^FXmr&C
zQifrwh%a5A4ePHG@xo}N9n_JiIeFvSH}cuN6~l=C%jZEFlJM?%*~Xy`L<+{E6!;o1
z66`kv*;P=H#tY8}km3Xx>xmO#ZDW`0s9N7%sMF6axBn`RpFsDPEieXik7UcC-XN7A
z?iqR%v!L;<_5)o^;h#J%MAtR~Lc`oK02SWhn~ikQ33xM9C1R!So45R#Bz!2SHth7+e)O16rywj0%=Ce&9pVL^9>ZwU^0
zic5&Fs7NSzL8HNW073l-5?wj}ZsPczi;>ZGQ=2Il5bjT-omFK>eL!v*gJtVTeug_;
zT{!R}dbcRBK9LIVFVsdG0kxS|
z^{C(23LC=ZdJJid(=V_KZv&TcBHX{n7P_L+LXMwDqaKo@#&pM)Ma&K}R|_Og++2p8
zErc(_)IS9orZljO>)lBCCEkEM2Oo?<8;l*zbIwjFCgp(ZU4ZMx0QT+2w2^_I=&Arn
ztwnw5nJDN!nb&dBSGbZcz1YgI9EWKc_%f#=JvE^I>Zxz6XHnMdYmS!TgbiE@!r`%P
zP#Mch8PRFGqyb(fwV}B!b+6F%^sse~x;bEbq`LXdOUf>tEF?Vm2MRvPc)kUo@#LkRp2^S`c4b70>+;OL|t=CL=_RLnP!n^
z@Tm^T`41mUXGj5;BCe!0>{lR=Zeq7YYEiQd0SdGZXu29PT%#1mMjBHg(WP(c)NMhP
zCI;kQT7yM}N`1Uo_Y-~A5(JT!kSBE`fpsZ}c8uU^gIvV-#Q&!}3+U&e4Ug*fFavU0
zCyQ}dc~>mu#3&Hd!zexJL78M7;t~}S*;3it9mfkS&kldg{OV%GU2GRI$aG@e
zZ8j29m5~;(qwFH>^}UK(wg^$_L_LSAOnBiiQnhqg+@oj;YT;UxfCMrMv4NQVhQZ*|
zW<@A?d7n8jpP-ydyLlVEZSZQ42?y9OFG2vw?s9=>tL8;l5
znO^M_=U?)B`wmBExI5qA#scZyJ_>PsRUANEN
zo1!p>k?bzxuNvRP>{LHq|Ht}>a)$rv^V0IDHKsc)Zbo=X5U?;YJ=st#)t@gFI0Xd)
z5a2z{iDYLd!4~Ali5+3PRa-#iU5D5pDwn0aeTL|tW$40T<|mCHOjq7NKOGTi<#7{J
z6|4{B?%C{76<~d9h=7*`h-A#%`yi*hVFvk!JLl1<-SaQ;9MEG|6+ZnbP5|aoQk^+y
zDQu>7dzY~pMMTg7NU*Nn&9KO-*Hg6Wek&_6O%FhUR~jyk;r&cjEvF{W60nyy`YxPK
z6KQG+JyIa^kCP4y6C)ix=d`XH#=y#X(gA%A(M$J}Qho5}P-c+YY#E5Dk1@RgK5rD_
z-OkKA7Xf-L?2w#a$&KQkb1HS{Zl>-iL4Ik*%cUGFxU{6g@5YSMKLZ75CP8H+)7=Ac
zxG8(1PAiQzPIJ_$*n&F}F^|td^??j4C>11q4y*Bs+TkA<4~=T!v|dzPI=Z`vy6@{^
zY+(5uicL-@l7Mb^d}tlNy4}SR`3cHtqKyKVJ+#Y8V;`lUFz@@z)e)*~tIAAtu
    @#Im^xsro$FG!KSu%rcS$lx&sE
zDfz(?8lhPI>R#2Up9iRc%)BxF)!E73rPA|LL
zk$Kr7T5Np}=D(FD7F9-P_Wnh(m;ZV7L0{Ffi0ZpULw~E
z1y-QyERq8Q00fC8{FpYOxU}RwjD$OXL{vm|c^9%9nAji;zps
z5!z;pE8D3IRUR#pi9}>`GV}n8KynsXgpYmr><#K+>N8(<$CyIn80;GKZM^fSH|&l+
z#3R{!dW(y_dOVoJ^k<8;v2;ofDsF)Bq0Qab|idMH?;rt
zBVFxQqH@bVH5J5gYJKeth*ztEVGOeP=dh!+xT}WQ+Y|7s0g{H#8YEJDDjN@8%AjDs
zjoMm7gH5&9DCy2ptDrk*5
zK!lTpgK_0^O3?qZUcdOe!g}a0Zf?;#+@l5V;^I9Qs)`H{=(uaqI7Z#T183QmkD&|B
zBY9mMb#d(srJ)wAg3!n*!NGYG#xGkjU(!juCG%NR?$Nzs54CCxhBoVUJ9v+yGen^<
zeeiXTkl{@?3Eb(#Vu>LVlFp~H&*%TH-QM)TDhM4HN1LMWzi$E$bd9@66x+Pw3@M1p
z!>f>p&Z|vv2Bu}3e
zPRxHZaZ^4i`OqvJcgJYlWl}-EmWbR0j|r**Aa&`yYgW`WHa+p)iZjQa@!%EWyq5B5
za!b$aStlv=kCj`#54M;7OM)7?-#+W5IGe-;#kuV&3Kg_cPNH1TFK)}GZG~f)w3}v5
zF{+?tmm_&&VN#Cte+3561%8TjI*vUqj_uRgqsNtES{j!=M}R|0{bi4cqvODxt5Cx6
zz$udhZ&;TfBQ{8FAG?*L@<}r_YwLNP+1A?=gmn%phM&R(AP{E7dGqV+!U2SA%FA)e
zw4frv6;MzvK!9=qhFU5Tfp+4T^e(aEkju)T%6cYN5dn|-^yxh^tV;=SYJz9P%!027
zA>c&ijtgu=nej6+3#UMbG%=}{bn_O>n)5@qe@v%Zob0IV2X_jZ}xi(V!qIuA40};5cXIGl^~d?RM4l%QBaeOh9{O!N5I|Iu{0`ZFO4q;ncXa4>#9gKj@`Qf_jMwq
z?Y*lvkh=JMPVQ$>T;YrN9ehIQc0uaQW_1_o#xXW`nZ`u7j&~Ib3m(?RsE+?cCqJUY
zfFnQ58T@cQwR#l)0i**FqTwK>Xy3<+C}9TvdAwF~=NyPq^OS=+Dayz40=g=2C;S|K
zs98=9o3M-B5pjI!!Iael3Gau}@WDpX+Q$9^#P$dV;3Ik5Db?dphpONfLvvv51AdI#
zu+X;`?gk21I)0dz&#v94hZ^zy{A&JEZ1$N_}
zc?dCnzH+JuQr+w`0n!xA=h0XhybO?y`;*Skr@&AChWVk4nT^QTMsFA&1!B+2m3c5L
z01%|ZSqRmJPy(&~7Rlv5vp6#OF(G=>!(-h;*{H6ZJasM|)$|#-MB>z6eQgVYAh&T0
zNI!;%)_l4Jd?}MpdkN~$=nGu~MxRMRRUi?hf3(LQy|;o%O^D1|h~dh15+UIb>SM&)
zPhQfjgr-^PeT*Q95>jH%50)JS;fuxHxw=4ug0XW~r=lvzkT4IL4ZC72aWz9lphSfv
z@og=pBe-kil(_Td?2YAiQ+ya@KeUM%o01jS2Do@l4RPyqB!-C-PR??oVC;rg-Pmm~
zAHk0n!npGZAykNj9OEkDhq7U@<<_I{{;KzyWC#GCYh;0fNWaIE6FOUM;r~+iV+&&+
zpP0OW_*~?(Mc0HYkMqDr5`ddxDpX
zpjJe=AB*dxfRKG4#+NBLtrWxh_H7fxOJXf0Z;2Xpi(Ot4ES-U91~EwMFhQX~DtV;_
zHS=lZs1;|Vkimnl_%oHFEA5E%%;p7B#l_+5HDcJz?JxHR)&_fC6S(D_|wLRMlYXRwoa9urB=MJ54^;XgvW!m
zOL>;6V4ol*tHEc|4~g5styrFfyP(j8GOif-^cG
z_Ug$`p(H&O^Tu0sFS68~*7z~uHwLyn6~P$>l@iGG|CqxwS9zmOR9_IN#N^0SlXa}J
z;=^J2j9}SK1=5phhqBQ^dNK*40qyL8{KhD~8P{QZHnmev#GuDef};(t1ZPplB=NkW
z{mekE6jS0G6%jQ~{IN9G8w|_`Jxz5$*uw;B{gR}2$3q=6R?N|=+{GqxUvgJJu_w;D
zd|D*tkG+mdaxwu~`eW4WsR#rm7B?NLJ*0pL-?mQ`I--JpNnL_$013dQGF{Mnj99%L
z#U?TLR7y{Z8SDfoCV#fA1=n)xrMJn|9?APS>+%I>BNBMCG&`hi7Mrl`86^{?bIY;W
z+rsUH;Jiv{<=d3(02E1q5VBr_C9#QYuS>MLf8HZljJDfRbXyv@n9dpQQsD8{7!<49
zf10~~6PbJ&+N|779A-a%$S@2&MpG34TJz7l`;
z(Cne;*^52a0qT#oL39WuFiXzjbCshwE|#M{|A%pS_%a06D3pNY{>X=j$g5XfzD8V$
zLR1eXWT@kT5by|OE`Ei8m*w;hy{73TPd~W@j}l#W8rc#2g0Y-{Hxh0pu4W}RXT%wo$d3~~1@S||
z&x^zapo(WW(?a;^tm1`VWgKQv`^3N81MkdFf}4=u>po>}2h3ZI>zIIv5-6(#WB@4J
zh!mrPW_*neui*3qM;c*+oP@cne|@!tK9LEt#Yqlx_iEZ~;`HpJS8}etTe=W#;%N3s
zvDDdUF*EB>R?T!oU&4;7N~sB2o3UqMy(i5V)S2ev7u8>t!La?;R{+VX
z!8`?#$ny?3qFy5j+XBijh&~vU(fCuxe3KP+dl0h%67^ZqowycElq)>*+wGc<5s||2
zfjcnDtj~>+{Y*_i6H_3R0tfj^32C)5k}FZHkj#R3`TWRN9#yGaCu?~VuNm@T;8f28
zK$>NGaXmdpwmI%RD9BWMg82PEXvv)hP;!^Lj{2vjVO|6OFj3eL>IPV>aS^F9uuqv#
zJ)MS!qJUTz?>w^Y%M}>J!?3OR7ahNQ0S@h9*bwQJONi?JUAqX1dzYUlet=|^F8j47
zBt5wY;wA^B$7oy_^=S@0hT=otZ*k<3mpZn>&Yh_gAr1<@%YBp}>pd^=(VZ`pbj>@G
zEs2{(BH@xG*l@!aVt)nA-j={R9i={lXsHUmhm^9vv@@709r8_zliw#nS$hVEDSB5DWTa)t*P%H>}m9Usujs
zF2q&O@EHOX^l<|x!PCDp2W=UI{+R4a3y6#$cjEE#XuPyEFy5WL6!(A_ib7%dOdp$B
z{&D;m?D&;--oMlb#XKI!riQ_p30Vl0Vz!$<1oO+VQn|4bs-Pvo1+GJj#{ZU9)>YsX
z1!Ks-kOb1l@Jg9zRnHUkWat%@Av78KF}D13sIK*73+?PdP79JQ@Cj2Vfl{p2s4Z*l
zI1lx*R~{*x7p|QK72q6e!Q-IhLJ3&S$bOvUIgAj5Eu2&&IAIGM7EI_1ZjhuWW}P0U
zX}T^Ybp6&ejm&jD=j;tO$qDWu3tkZQHGmAxiK|3avZ05j6I*wtrRJE4_>6Me_wE&q
zKFem=%m7ucGww!FsFCl)v9QTWX{AF;iQY;d<7MwKBUn(~!=>e9vF+893;&09320
z%RN~Pib2wBP(SgXP1i&mZM3K@E;n#s)EOs;_s8g@Kz9WMhYyn=lvV((sP@noX5R^u
zDMy)`9+prqzB|h9^H(;(oPKcHgIGXU41KrR#9UU
z+YyanpEGAx1-~)m{lB0FNd>GH$iG*flB^KV7PuRe@h2%7nE{H1{mUI+W_a*w$984g
zp?c4skI66S^6ePwbcObn0Z$Ma9O`RCe}dwHnQDT}6rckvvkkHLQXT
zx+2KprF12|r0NXom86`ZY|ATokP-NN+4=Kl!*iJL@o(f)tRE%W1U*)6GgOAPV=|hnf1UoF%`?FZmiw({Xy9t&vxJ;BmftsRAa;U
zINH)tjVfrgx74(~(?u4ZG_XtP(~bM@<`*@tyz}eol8r)ycKvu9TC=Y#R%&ikL7P1x
zC1mb0qy2BQPA3;$%2-3AveP&esUO!&Ab_M^8>pe9S6EmeK}-7#*u)uY2f~Rm){~03
z;tg*jA#4zrFn8H|@QipV@1(#c3^*bIsflJ~m-?L(ZQJ0-zMzT9Qf9Co#VaR%gKW01
z$-LWxzUF%@S^8V13eD)UNhe@fZmXRAOIT1msP4vy6#qUmI1>e2m4q`zEl4qEhC|<-
zNW~Zu!$3W(QVJO{>hTD}_D_~x{h-&u(c0?;aZ2jLEDC~xEwdyx$tffiBrm?8W^2jQ
zFP(MsK>VENPxd$4n$4@B2C
z##f+&VE@Vdfq75#+cL_9S*zv>hAS*=4bmGAGrvqwM5=ME#V6YE59y6*I
zo;ODm7H~si`)dRM4OJdMLMO%8iHbw4GWH!DEjoD>Zy2NqeqsB1tQv&8hZ(9AdLmAP
z#t7Z~2j8$CuldG|>y`NFgMqk`aSQ`xAOR&xweOU~DX9MHICInp_)7~Yw>dXWEkMc&
ztky@zWE3u2B_U`nerx!9xP}pt;<4ac=Y?-lW_cBWyuqq#6h5SLaAsguzMUz!BX@{o
z;s_KGRIR@YH8W4&JD7~;FgonpK)vbWO`32fCc;|zkTJM#E1}1g&iy#2DyG5;X?RQ?BIZ9eiP8s7lUytxObNi
zDivHBr<4S4Efzv0Mh__~_(-nQAv{~!5#L|;Fn}XKIVW@DLN2nc=_n&Wh02(k5$1P15!SI|J_BaVi3j!K_p+W3Hw2+veSv{
z!lDu0(D?eol%!DP1Ljqau&w2Hq_l6eyg!=r;ELZXdZFu>$6{vTynmMjQnLoYkaKkS
z|H2{uo@M#y5)%s7DyiL>m;0>4QBmJprtFx;X_JFH^{^TwSQZ2Y{dGhKmw
zYuGr(!|#i075n4h39FrQLQjvJ06AMT(k7`Sx`3rs&}&u*Mt^ehAZZgu4~$@~;v+D~
z7M-5_+Z3K{ig+kx(wHlH5R4qsdo(ZXEVaao8{I&F9NqCi1v@uHkOfFDF?ifBEP)UH
z;Vi+4f-MY#scH5WWjA(I4i^qJ0fRW-=3&mtxz(;`Q;#y@QI0|sB8a>p4N3w+)Ke_!
zK^~WskpFxO-8gf%=@WsTrMGSBwJVx=+^1|JT)Z_|D5QUz-tTMEoUa;ujVA2Ha3agm
zTfmFB@r%j7KI!&um`!3fw$ee>%0e8ph=FiQ9v`ByiVjc*mn{chN<;QG(`<=#t}-IR
zMoTGvUtE9mBl-~fj!^wjj@wo>7-=b3R!+*n!m0;7Mu-Z=s!?4{kUfU_impy)#@xkMyF;1Z2HC@zUgLRd;ax%|eHLPNsO*mTo^#<_%4DEH3o4v#|Ui8c|v{+6WB
zNA7nJ*5PO;I1rQOikbb4t)O`2nFI=8XKFgSJppsz-g!vmBr7v)5vW7czCJwEP=$vRc*{}>q@(+nC$UL;FN%4
zl=bxx16vL7NJJr&Mhvspg@SR)T+1o*&xnomGhEIjy`315dk1X+haU0;WlW0F5=UBZ
z_{CveHFoa_VQ{w&MP9W&$be{QCs)^k3DU}N1GiHn0bc6g+v4v&`wC-SFg6AiV2#ak
zMmz{euvrDZ$BI6OT4R3YJdSq%H|H@L8)j@ZBZaP+-`(GP)uWHNmAUXJsK)F*VB&Bb
zXXimRPz;*)X_$R5fqtXx$|{4;?jl}x5SKFx!9!#i%=^@D!v_>53eOxd1Mb(7+JrT_
z>Kn`fB;pH^_y91}0unn8*CK#C)j;w@H=mI$c?cM8l8^3_jDAg0Ai-wH=hngw$pHS$
zxV>LlF;Dt}k2i=6^GwAt9CZOSzcGj2qej-Kc|T=_tl;50@u3Fn;Z*4v0{qKRm(dv_
zGP5h|37y8*W;QGX>7>5L<7P?ieSYDG_^^J^9yu*9m;ZxJk~s1>F%)Tr?E_!F(|1g>
zoAeqP_Fk7K;fv#-@1%g|tXU5kHgDN~{JYIQxZgoj$29lnkx)EZa({KBnlQ!n8_n@z
zEgFeNj#_Gt9P6VOJZihBX%iS2YwwIYzMy{Mu*l345-
zXkh)E1O!;U^DaFeF5%~MKfLWfN2hu4a}r9}Ee_F%hngK8JuI?&?>{SN@$|n{qPVT^
ztY0cAGsV^aHo^2Uf`G7s9lVQn{U)RDGufs(OJlwx=yJ#KnE_AK`C-lc#z%Fp8Nuk_
zb^VzHd~G>5dhYK}WL7@nCm5oobg8axeN9T~5{w@{)A^v5R{Ad7y-oK1)4|d+GIvX8
zX?{=L+&(3@v(D0*Z-uDbG2qs~_gv`R0Vo)&^rN?ZH2Cc7-(YT@_;&i|jz8qS*M;xp97^3+B>p#l3OJV9zh03<8l$?$`09lFyv9fX=Ui2knOND1!Lx1
z;IH^Oft;{?A!0!s$cat)ez5wtx1`wONqBK}3jOH7u%_3aDHD?T+QRc2R}gt%32C(Q3aHL~!spV080zViSgIK*{i7zmGjUc<;Wv72@j`gR-
zl>Er*Z)$)sTsQ$AG%8B!C}D>2fS`32v`F?tEjjoVJm4ra`GFIu#8fWAi!zDtNGV~W
zDPeH*f~YJ(`sNC|rHE###O(RA@;|IaYF_$&$b0@-l;bQbxqoFL9C7j%prYsG#xjfmi``^)!4i^~
zXaVMG|2Qr_e*@|3j=rr<5&S?<04RWvd-1o`ZOyY8{+|Ll{!AUvjRij(aUtUWZ)pTr
zn#Gsvjk$=Ph@60}BbSx#MQqpvJ^z|~Y4b-$-HJHI{0^8kFA7ZdC2w|hp|3b{Titd}
zD!Bd2scXGu56=M6EwpDBn4)YxyC>@twf?a$G7^T%am{#zg}pXr9r;uBznVf}CC
z<=eJ#i0s0RA8_k##e#^x!RQ(`4_bGL7u=l-o?ii;GyVKv?wRw#YbgZE^SRfJ-b>*uy<5?PQBWMoZdw^ecIq>nn3^CR=bT;P40b5ss9HTc^?D9G)Aof
zV~2*gxO1W=1V>1-wBSJ1+{h&l7v`;kl(>GxN&uh06td#{p*9pPADAY`F|F2YW0Emo
zEswPu-G=5xYKrgQeutxaUlPDD&W|2(fd$TjRmpqJkm3wOGFTY~6d|1ktSTZ~k%GP7
z`oVj|j9wUg5}2kDo0o15&w-S31@^u5+qJ%#e2V!<-)YnOMpD4LdcZr$9>l%`NAdkM
z+%b90fV5fgEr4l=x&l6=&dl)rGiEjzGct};^6_LdHU}`R`mvYz3SgQinBZK!uW9bJ
zowFkB{R&NbisSp@_bWPHow5dc%I~0rqX)Xxz!OZ91?B-RM1cnvC~?P-jE2ULBL`!w
z07+FKT72Sv$0vj%t!~9f-}*gxPo_06N-t?WdS{#40>iP7S0-B9Le{Yjo2zrR*e&H+
zH=Nh;L;hRL?FbdDzX&Wy&+1wa_g`(v{|c-xcN&=D!n)UtLJUn-_V>#E8>EzF8G!h8
z({n+muPjFp
z36sQ_{?1LbS7%45U9wQ)lM^^P2@|aaBK;H6m}TIq?u?i({uvT{DWe4{OPYR*7-j!@
zK7cZO#%k-PI0b-9kpKCpW1Vpn(cE_8^t$OWmi0@Posf;1yGPt&K7L|9)XP$&=0WJH
zqh;p+AI?Guxq<1fXN8Dj3)Zl_{SC(+;uF-d!zjcHsDTs+W*tblzHw30!ZvG?QOAl?6UP)W<$W@opkACz@N@BZu{q)z+9`8DeJo(&4rdQiIEQ09(
zU(@nGea&r1zlOkaYXlDUO9zY&+_)+dou45z*HzhXY0iT(Nb#1Q%jq
zNPb^4#hhO2;pDJh9M-zssYTlMK~F=GrGgb$U10gT`a#=z=!B&CREJdKi9;!J-yM^g`t;^Om)VWUQ@Bd$
z!T}ho`acyaV
z?_O<|-)JRLz2y;wx-NwylZJYLT5jJMv+=?alwkfh`7dzbO3*TScf_ufaV#9IaBkr`
z_0cT%2iyp?KajVwq3WH))x=dEP41S5Dy`{R4vi7mAs}f}({satmjcMZt#vYt(KwU(g57R|hhr@jqoK0?5!7
z0Z@^;pFnu37q&B*@d=Itr2ZD(QB_dv)ZBjJAc`_>7WEV`D31U-B5A(T7pwd9zO7QD
zL9ejR#hH`;fk;_kkwb$r(f}d>IR5sSX}!i@BM)>)5JoYec=P)>+OdrNLU+VTQq#`}
z0FH#iK7uI#oHsL5?pJIs=bl_G*5hk4e(Zuy!3^!Tf3okVAJew+ESt6nddrXRdy`BB
zM5Xx>|LJ-ynf&+-GN!EuO7!Ct6?B`<3RSe6u<@=VB;nza0Lz4&)+W?a4R@8
z)|#bgONksHRCA;N2(GljB1~_1-M)ynb%_2IqHz;yds`u8fm1x`q#yOlhZ<2GE960q
z^S<3s2&RUEq5e+{Jc|dlZsN?ICQMFZ+{B1T{F2
z{&{IK(_3tLrM6B|56Sj-%rH10AR$;V?*m{)1Fo+fgoJmN(*!0xZkOX
z+^Q$qh&O2UmqTKM%XA}u(;N)31g0Q;C<|X22%pT}7_HJ(|V%pu`Lqj6~o<
zMqDm3_*z+t)c$sGXo2rv9?fWxN>V6XH7TMWwQ7DiEQqnL91<77(U;o*yj=gE;N>b5
zZ}9U{oL`ie4cY@f)zZ9@9iC4Fh~r+vdt9mbkAZSi9L$-?5*dAqf+L%&jWZjcolVR5
z8&BlpgBY7JKPCgI+;t-GfdhDje&NYm4}RIi=ox$SlN>-$zl31Q%G{HZJEsc=?DVgh+o
zpJ5F!X<0DoZ1i_CJzS3Vl66P;npKG}pieBN67#*Y&2PLWAOtXgs3l-TYRBwHt&`_?
zfFYdG3qJlU;X@r%HShRy$1i#BdTA1XhLlkR*fnY=&!M2LX(icPe3%?thkqm3OF$=n
zNhk?;ZK9#NJB|$vgKr)Erbux+(&|O)GVJqvku`B(o|{cxDF8?v1RiY?xi~3oKg?p|
znDMpg5h_$MD(ixs12ILGXn6o#Q)3NCUOF@
zUl>XwM(qXyc-2zC0{t=#XrGZTL%J4hj?2Hh<^j9ixdz=gF58~yy+<*k$Twc(cz>Q|Q@0<2X49%QD&rs0eZGgJpc#Q(`a@{z(h*KfctF=#eJu2&VT>_n_2FB-mx
zdZMwN%0XkNg1w}%v1}!4&w&#Z8&ZKE#)&dU0u%t{EIxg@AcyNkxs8Ckrv9kCnkkBm
zg>k6lH~MA-f^-X985m2(B09o{whqL3^87bjWt-?qMrx4VfdM}~F%74-wnlH-prdex
z0x85lGVTwhpi1cwD!AejNPUaAT)%EwS$j^n-`dIm%6`IttwLjs$O*ni&a6_)Fa3`A
ztuk#@dkaEazl#CPChHyq5E!FRGu`ieAmlS0AyDjp{eBW&_&4y?yp;%nV+`>QtXz5U
z5E#x23>Rpu2wd-BuBVJP+%m{F(XwQ203oM>{ao4GudG-Y`u_W6qRqqXjlQ$+-KIPo
zM)2MN%xQF51DHDeE?C?GA+DlOW|{ytX{BdBngszE_I^L`AH_055MB`nigP)^in=>6
zmRWqh@|41Sk5v|8vX5)dAf7~GQq|gf>wf7JR@dknRakyhB54cljOfCV;
zvlwKa(bZ-+)Wi$d2Fjdfeu1SZxCOi$H1UFWkAq1}P}cF@0(kYuTO+Yu?CZKSlT9e&
z;hwpxj-4IdeO<#?2HiAVTLh{8I!O2Z-!RG&f>Fk<0k@VL>eu;y!z_CcW}vYk-FF}b
z6MI&xZ5wXhO@3mfzj9kMn6K%EHcOBICmE4=h&!HMyJg!lvRUOY(+{#e6&)5~w%?L0tv@nDsS
zhCKv0ex~P5bz|eDpRQCFXR-uRNpTn^dK%0#HGI|xtoI}v(0sz%+<#XN8Jb4`AHFs@
z%J?cGt+Te!7UXNFeeQxeaZ!T=BUO>-EAIZ^nB|Tka_OzDZT#Z_oTxs08%htoA4kdJ
z6Rbfau=_S3vLhDnzqG6{TNDp{oiocjL)1DL)Ov9&`Fw
z?b|l+s>y$30tf>N{6@-a9{8$%K-Yi&{ss8TRzE$z$BhZ0
zV}~^LZ-HnZ)emDiDE-EEj?{~8XlwmkKYrJSeXRr@QU~_C<&=XQu;20Ev6*^R0c)0W
zxLNXhp!XUI^scrTCl|4XE|!
zCqcC)uC+JSatB8J>9dK)fZ5KF`fp#$HE92`SKNxB@Gh!2O3@?j(maSIf@Q%Y3ofH~
z%q0~$zOooq57;55**raK>?+d}u-4Mu1KZ$dod?);@Cx{eH;B>xrQY`ECLnQt2Ljh3
zpX;lujPdEVu780vS`Col^G@91x&}Z!->EkTSMg(8jRs!{9wm&-|44r{Y?4H;X|9oQ
zEn#r`d2N33F~wwaV3G*=?f^^#d;0rv!OOs5e9nrIz2Zg5QS|Vlg=^eWWC1EKaV>|_
zF70ny;edY@Po)reF8C1RtY!f`Ev_{pc<DBPmGy&2J@Y2=7ATN
z58$Q%a<&>+GMYjD8#!|xn>XS5hc@7YF(4U{5fJOS0k~mlnLpnz?ymrB3#5*7aX`mk
zJH+k+k+vX+w3|nqL#sz%51q|cK!`s)vvrqvc5^n&=0TBH!^e8{oO!{u7UCf!UE6;9
z3{$W@Qx?C+69L))4j*>W1-sLNb{B@br8+fsykJud!bip2JRz;8wfWcK<;(6td+z%Mi%^3%R7Zwn_Em5t6ihHYCFKrfch2E>y2{|i;|H*36t}HRwN$4LWuYpLhgM7l|hZuA1nc&&<Cb?o~!}Wg*Y=KfOTpHg>0vz>n~_H1tdBns?Y`815|uW-P|{?q3w5dI1Zv-
zp|fwMz{8tCI@2A!o^J7afNn+tuKl3$1(9&*+ty#4IauFS;N(p$wfZ5lB?8eETwB+J
z$R`Q}+9OXNR}AC>+HLjcJy-q}_wS^6ZV2vOm0S!8XNocq5OI4Q#lS&UP>Rkh^#b6&
z8~7Odj1#i&Yk6}L!bcyT_kygsHy~cYmS6vV7ElY6k
z{dXpy{E-N0_b(M5D77#Gb|oQywgc34s=-GA4N%-(y9#hg6}b2Dt?dAg+R_7sU~6F(
zh)0TfP~F*aBolylp-^m&=)3jnE!I(I4P&*oft!129n%3`;Vf7nXG(+huTcNIXxw`Mtm@5UAQtzM_gwfrQGcb9*Kr`v1|#Q;
z7`99pf#)Zs+fMy%ck4v(u$B;zANS7_F~5_a-!I}Zz*U_LAQ4l7Wb?N8?lt89AD`bA
z1$Jl_RreRrFI(_@|E#231Jq_RFmMeL93q9@&DkjgHoMbb+`NZ&>t!lM+FLP+O4Kn3x=oDr&qRT#kUgzX7
z#KB%=gW)i=-dD*NoGEU8H0jXlO{U8`MHFT~Qjed1JBJha{K`uy`5D6~!c7U`{SoP&
zw2YmxtwJ*QgYg?lfrRu}n|ON}Cm3C>uvVkjsqIF|96E6Hg0NSY#^#MA|0kUMZxstZ
zwM)(A&3oD$MP~BD6~0LPu7Mq*21Q>lF(HMUWz8bThsP!4g>z#*Hk|rN)w|_gIaXHX
zU&1a*hX)J^B)Y(Rq+)8s6EgI4T@CttElw8>z2z>D8~&DJ`N_W4yGtXv=mI#Fvfh4h
zL$Yw?)h0mVtN(i1HIf``%zo1AjcBGs;t*`uO!H!s)aVzZG7#>Q9w6}sk-_+g1@pj9
z3D!q<$j)@#iF+}EW|lprZ|k}N6QLa`8o#bov0>Nqqs<65bca7@O;JqWL9=2{dn=&JWRsWHx91Pp3B9LG
zT)>^?RQdWY(C49}5ax`nijTsAallGT$fa%Zoks8!$x&Vj)>j-NHlC;Dn>;Vg>=0$I
zezkACA|@vT8@>miH^ESfZLq!P%&)6W{=zV_Qxs**?bG9zQ!S2h%~J}-pJFflG)RzY
zM!1p=6nQpme}3_6uWMPvYih%DY-ebC21kskkB_X_%HYe*4cPfu`J@0McC07g5mzKf
znH$bo64n=Tm;!0hS^KrP@ei>-3B>-+|0MQ`FBCm?qP<8sIotb32LffvmX8dkas
z%R=o_uo9WU*8z|&3lDT7^KYZ)Rk#AjX)cipGC9S3EUjckEz}S
z+g*QSsqX8GoX_}P?^DeP>7x17QOn?aY;|=3pBe8AH-!*&bUFUP0Dd8j7Knelw}OaC
z@g8tq0$ZF9{;CIB*1>>OwH7o<8-yFao+DL}+|X&Z&lVA&8?gNOO=xCs|#xCTac-N2LJk+v{)DYJp;u^FMtI?T)4aN^^(qT?z^Gtp*MU+O9
zYG(-x6V^N55y&;E)(;E06Y>~`!E%4&G2Wg&lNOBcut%}PNN~Rk!091oC<4Rmn7-0K
z(*p<%2E%9{Tm(hAj74E}@j`vSZCR{sS(zZc7fo$Do_L|CW_h-*X?VPr_hF>`qNb`=
zz+_j>+1^Qys!5NzP)2t1)A+dTfxj|`YkA?105_yBmr=X}7U*}zJmx02cL^8!&czjy
z7Rwx^noXzB68>}ap?L#~PzsJ?A8(n$IX2Tp+ngTb%{z-x(&&|;yqS8I$SM>vpijHR
z6|*FrioB5;Yu(ZPva>JH@?Mlaa&q~#N+})b12}5&AW}K7%U#?5Z7;(v!9!?jJ$rv@
ztYz+kvNAJ@wuDa?t_AntK*ASPGIFN2wzyVY+9fYO+g~^o-f12oj9HXjrM9yRI@=}&
zM#Nf06j>G|d0Zs<;UmGDQ@uq!QB$b1%4HOdI-m2!{tfMX%k?twI>V(bQW;g;JZP}{
z;Cu^pW@HqZAK-erv}^xaSd)~Dn70FBp|My%=sCGB8q?1oAvc1EhQl2eE1$^QR+|GD
zT&ZCx%bG2=XzUqThQ-dsYiTisc_>|2Au^jz)vG^)tq1opKU<6Ns782D8mW~rmYp4C
z{jq0LOm+_h!Y;mY)9Ke1v`NeyedXOf+vhV7#6m(-y&YbjPW-()@TO9s`gb(sg5
z2jD&kzb`F+-A{
z`0m^IQHZx=&WRuM;k@owO_w6cvq^8ztqzX0Eqr?-mZ*Y#``_2kBC=}dX687N>~bzI
z?nmKZ66P=?F0W}GDV?k5KMS}PD`M#&>dezQ6CMX!3eJgZcmDCP04jP`fg5v|Yl
znz{G)=PW+0D=6~$cD|%mon9)7qPhBX2`&I97rocfc-RQVg-va+*vcHPE#IfeyyC{AcBAE9QZi?xwenS?n-gU(Y(qWkOVt?3u;)R>N;qb1OgE2f-$Nd{^*=GPSHa
z8b)n61?t@JP&OZT9Cjg;lN2_hZ<;?cu!}LC-Ow(_7wArpEb=x1@*(&|enbiG>aNi~
zRVtAv;eq5o(HuaR^QpQtnuHtl(LUsvIWO+iz0Hw%5fhC?klwYk~u)~h$f9m>=-@7mrdw~MRH3&=e
zN`tuV=?q2tiVMnlRXC6M(AIQs0?p=n0t^|jaxEjbsxOY%gjtF9U4E!+a=X0Rlz-Z<
zW65At&bjcZReqyH;z9pU@-o$#5@tH}`)dkSf@?9mIS%oE?Q5Bz)Ty*;;x3##V;H}z
za@nANMUl&`*~M$0-BdlUuG72G96das8S$W!(kqsQ9(u{u7!Zu#MwdIy)Ma%Ycgy!h
z@vFV_Uw36a^c%HEPMOWWE6d#L6LTea(lU#+r=LE}GGwq>|C3YD_&ntzJ*qcpcPW)5
z5qYB!_qb?bbEGVP5H;Ovs68gBsR((%u8bB9uQ8XQrN*Y=-*mCdY_Y!|l!EVl?qba9e
zakkaI-%+qrVw4-1--!e~SP
zr4Q3@do2kTS#d1i8YlP|6R>m(BkOQ48N~2`3r*qA=m9sciMb4P`^Dhe_ILc!`uROn
z%LNXX2mrS2x>rC_qttwV9d4n=cJflPRN@=IuAmZ|tYh~ov`=QtpR!K&o6qkgd5#G&
zPHDe6!#LDq0ZNjuc?7~~)uYH7CKH#v!t(UFW2D=TuCQa#rYB@R#7nE+zzd3-zSg1f
zrMQ-@y5dFhy_Gy{7tCKMl3jiJ1hu=)5x(pc9SE##m1+2z1aQDMxG!xIfD;f1SwqP(y#ML8`!s_fJ&swGM&uR`zV8V_;a*nE%W
zep0iQRVSK>hfV@}QubCJ)c)BEfD}E}n$}Is_6(iz=X64lN#om&+rvSd6wCNC69L2c`uVyTmt)J-eRlHm
zA1a6X@-)66`svQg36eC#4!*kRbIr18T${!FMDLr%a_$vmwG)~*Ov5N}Plwd&7|Mv~
z@2p-WM<`om6^(xOo1~IztBPstrzZZwTh?ZP77K_ySj4VOOyC2rZzZnP(lqwd(HYlE
zJRL~f%w-34)ZzkXr$JuFqRd^YtWx7Zd?f~Z!tyj1Fsf313iwKL1q(E&?+Zt6z6=X}2M`L?jE!403i_88SVRm{5sC*w#*}1La
z^g1dRF`keB`+CGLx-huys0gaKGFhSKh%(K31#P@t6!lqld1%|&x{SQSIH;#)sm6b>
z2xXZ!PmOt1O4O`yA--=OuYM+dQ;;!Uri60!fSvsH$Y8hOd={nUXAa%Vrqba)gy14R
zL?jOlW9V2^HZ#tba>D0h}j*AyXv+qyp7}1d#?=)quqcxbdUe#H&bY$*K2bV~x>`M&{r4(H||aocDhr{dQd=
zaPp{u{|}$JBd{6}*+20)U~3UzmQh$yGfavB*_#GG&X??Lb?<;dSQ;u$9Op-vKNv8P
z!+0mz2<6WPT3D+Mt!g8}oyE-rw3E*guD%#d(ctQHpBQ_tqkbT}Y%XABq$%VZqFj0=
zuM@X$<#bW~&S835?3u{`8e6EIfrSK!vRzB53lBa_4q?1La5^4umgR?KvjSPZJ@(m_
zUKtsAJjVQp4M9q|RAeaJcY2_5sI-D_G+({xl@1)Hrf?xa+`z&=hzrDWx5bva_t#ZT
z5S;e%Pf{0CD5L#4EI!&~W
zJ#gQgU8GU8ZjlPv$2uRU<%mzk;(fkhiv+(VI^8tH0&!?PxUdIQ7W*Ds=bvQQ;&2U^
zKelvBjbBnm#pF2#V4lZyzi`+(!Fud=9tfJ937Kg$ajg-HvFN&CIGqzC|0vEj&UvM(
zZl7J*2+r2>#U*yvJLHap>>3*d3x3jyhCKNt6b$G4rN)BtT}|S1*x8TB4ihnWL!8XeSWI=6L#>IM98@wW$uw9-B;mb;B{MxYsoYzoN>M!xEM5<
zU#HJ_At!35Xp9x<0E?Xl!NiJ)tZj-m7ROJ?xztT_Y
zb8pqh-lr&fEDu(VkDBxJmuSkBVNg8qV+G426O0(i!U1cNB2~yb^$zBezL3U3|^E57MiUkZsMW*z!>ag~yx~#8VGyt5o&vd@P
z7#!pS0Ep?OfD69{!ofRtvhEbsoDyy2PmmZOdnUMC<+gKyGt5=pNrd4ax=qZ4*a}&J
zG%OM*>DvZ$1PE*n5f+awgoQQ99Q80?x_u|jZ6{ZD!JKSd)9dnnooqN8geetSob*lj
z7{R~T-QzvPG~h=FKlpC;Pd`D85dn`scwVG?f+>G(O@cCf`@AX%urZR
zXv^qhwJx{db_iW~SVS;FLI%jM4A44W6(
z=W}qbR`T1Mg24~p*)NdTmY^}|41fJ@`dN11A%I{sm@M|gF@C#C=I_^23l$cX=FGmL
z&ddUdjq+=?EB5Kqy+q9s;}T!_fjx~E}e?ugzqT&n7N
zYB88LQ73HKFoJJ_IV?`cD1^q@B;~)3G|9r8TcB0CiclTp0wo5n)2RbKISaG2*$zxz
zF#dS7xx5g1YATu~j%>#7gkTsjGRQ8XzLye{%3lIW;m}*vrbyPC4LWM4
zZ$Wwgcu?76m$Sk6jB-j9j0oQG7FoTl_DrO<<17GKR)@%%!(mMdb>ogb_NXu@y21}&
z?Q5D8$QQZ1nx|%l$jf25u{U9o8N95O>BUgv;KB`A_X2G~kZ;F`0
zmhSo8dCRW_bU8(tE*u?OsBEKPgt94gjs2J^aJp4Iqq`@S2gG;ZGZ#<_ILMdecK$ro
z^R2hEnGBezLNcfk4l42s;r(`JVL8wgKCf`DSDhYBMz;
z;P7uq%$c1ayzire=+o*oa(<#MT74i~AS+itBX9L`&d@1GJff#RtxQ?;H$^&rXB}QPhHExvjQ{+wuDcB9vKfABWVJGBS?C=yujAFM+$&dbW
zandQdNY^U-y9?x_s}w%dnR(V!dQ!Z9)<=+UgvoFT^(?;Ef;%%MpLT9nJ%Yn9V?@zI
z8J4Y;yd-=lq~=6|tI1>fr#s$}0{4>=x=#%7ml8RVUSG~WS*CP
zfRMPkPd6gSq!JTjwo)j${8g^E&!T`1j@+nI3RikxZHdRKblJ-pFv&?wm5eSh-Kkr0
z=muG`04b8+S32;}C_v;6@o^Qw@sDd0{au`Lh!Mji=e*CxGgVg1YhTv^rc-TgAH|B}y`Uy<0TKA)^on-m_ljFsO5dFaKLDBEZ`zzh7u(><*>IJAwJr
zq)iho^1+;ia;H9L_CEfb-K%e_6+Lpk^XQ|1Ygl{77jZ|ildO+RNoj>IJ52+nEyEp!
zN)9vix^~ukm(XV3b&V#cm`sh3H7Qg6bL{|p4`Qr6#X3ZEN?wYSz&x-=)ydD4(2lJJ
zc4p4hp6}Ig-|juMI>FzJ5WcngRfKdIs#;~}0pfcq&AvpV8vRy3U>n0&4>n5YNG3i)
zYVd0s09ISjDe01Sq=DLZCaz;Qg?-wRfu_on7s5+;VVNmH!_kE7M}hQdoiPk8|L=TF
zY!!*M|4PXEpcN9x=J2@8q&1Seqxbso=ZV_NwZw*61FS$1Lc+!@GxU$(L!ccctKwzs
z{$E*g@(xtYk$!QGvAD+qf}qqoQ#=nm-9+p=qAPyyb~=l~&3?TLCK>>}4&CuGbrec6V@sL>7)Sk^
z5(}%6iQ)}TSRj^;ysOPE-u6Xstb%YP&1WF%O+mHj+Yv=_ig3{0yn1O^-8t>;zTJ$r
zpN(3L3C;&Wgsg*m4Kh9rW)v^qD_(xJ0Oy5-U^l2L3w-YZWY9SfvgHYvxdi-C2v`7>
z6M|^uD5xlLDpi)dU>xWkC`yHykl2`5^NU@2L=iIyhjOC)eFGKd;u^4H5lB9ogA*1I-J|sS(LYAP`;*}P%RFqf7y*LmYlBrs_dSheRjI~j}^=C
zgjL5FXI<#b(^L>z^>2L=M~sk}@9VPcMSg5F;v*HvKUd1-KW#Er406|MQ0j{7e#I4x
z2i2Q{gzQ|q5YU0AxB?Xl!i0-VGv3V}n)#yIRKs6ugUmIr164KioLObZ
znED(;xCnWT80nz078}1hU7#izIuQ@&2C6y{X#d&+5(Dgx!bq4lrD|{)#P&^+OK+g^
z0{7J5(y}0{s&KDDw6ROIp)D=kvcY<^DIgUvp{*jFH-Hz!$o!?*!qPGk@_%L5i`%Zy
zzARP?OEeY5XcU!^3pj_KlDE~eM9OsyF6SP46_}v$*kw22;+#27+8Q_kaCU&#aM4ZX
zJHmG^*m+fsF_8pcCeG0Hoq$0NVkaiTvs6!`19tZizK&rg;+=!O%~nzdYApj(`Io7u
z?{#8FPZIpUj{ATLRrdfUlZf>fUg@=uYqFqahZujHy_eM_Pm_dTW#7fslA}ch3jM{+
zd6|4)eHM>&{)&l#p3Wafx$^G;OaEWZnxHS`9B=?E2!VZetE<$rGkNk@8#bT6HOwV<
zm&M7yVx{4;`I=VC95(ebjk}uUITC2HG6%crgYhLUC1<^R2Rq|jpppW@w}z3?QNpHv
zEE?-XzIT#O-UvW`LgAY!ee!vjD18%|`{o|DIII($+8&crlS>|v6D$IfF4`$Nnvvf8
zuocer-g$*^Km8ms9axaRBWbZ&n(y_J#Dzzdkqu1G3xx^*nMaX<`vru=Z6mHNpAI6=
z!+Te#sU|DpkWc?k<|X33>_Wu5L@z-A8M{?P71oGizXiFXXL?j~1`ny)$ai+L#0!@#
zM;HR6og8$(mC`d&S8vibis}+>(Zvh`?@ceG798{@>|x~X_5YgXHm7nSlxPe!|EpHoSh#10Fu9A9cf=ebd1$hcT=901Ud
zYM95Y3*5}7)+%RFyY9fsGK3#V^M4baIsDV(130b=G$W9wR;dkn6fCH1ZsoMzwgjR5
zU9i#2b4UV^{zQhr_6FuEP=t%?ws?`#x;eX4A$5eB-OMcAVeDFYWfL_+fVTH*+c0xj
zov=I~c@@f-L5&h~UA=#Oe_}k;L{>E6oDWJL5W*C?cz<0SdH`ztyk!Q`_ZQ{kAHxJ&
z_D>{u7xPG!eCZ(iL{A`j?$x??*)eMRrxMDT_t-n1wiI2oz
zmo{iLYQaqaF(Kr#jgwSSaAeTOeQvAWDAtv&kZBp9TzRo~jJwd39X9pe8drn^pka$G
zu56eT$tfYkHWkI~&HZjL^(+8hM5x8|q+TnOv-p?NnB8z-*W)POy+L^&2n&2Ny0TGqFh2?mAU6;tE
zNaX7nle1Z?ofn3wW>#@a?h~#4dCfcK?bTK56R7Wx+#QPRyP=Z(Aay}?
z=wH317zHeRy6GR4>#-fsd82tNOBYBu=wJx%Xxzh6*!UNyRYhKiloDGO{4loonFb&P
zliM{QR5;~f3#B4%jS4OY;XgA&i<|7P{~)>p$&rH1M|dvZl-@M|5tFDt9cRNN$`=cp
zDm}i{xzOG`h1EuG`P-44t|8UJEeQ%d^EYGz=>2ZxJezkF<0x$=Esk08&ON67gO4Tg
z&1jjG6IW1;8dB}Lf~cU;US5C*M*zWMxl8gLtB%DCe01(;Y1z@1HuFx|9I9wuU-1w-
zU>7t$?7MW&)~duJJ4OdN*WDi!6G7;RQzYjbn6iefx{WeXKGq$jfA7o)D6s_fuYuX7
zE=SbBUkgaDR`;EKD6}7~o&HG%W#L?8hVZoM-Rlj2sJ3p%+!gftWyb=MnW=!|!ca)x
zV;a)<I{y`&>&Ga!ZlzW)#_zP$8blF&S$9
zT5Hjoq4N?AI*tNh*2ov|@y8kHwW-1P4j(>61JEIK`84YX$HW#0g73B=aJZtEj6=@1
zhh>)?)i<*07caqoMf*GgM#;D}v28LKf48XNgkv=nAiQwQy;{)}k=4KIYdGoA+#=Ng
zwE+?`KitGUvyqvQ7@)atiKk22^)7bqF|cNe
zF`dU|UBl`Z0C&osFL)Y^2buW+jHzum(}m#bw!jcG%EJp0^2br*+ejF8MsGU+^t8h7emUd(&K;jB~JpT|%@E-wLS6NSFTNs8}mqlgM%T&5>-?U
z)Xk#oFGM({oV)~DogS)h&CtsI!#>_;=Q!$J5J68h7=Kh#QUHXrOc
z?BY)-2_Ik{IKH$vB3;KS*BP(}TbhOO@U8FksrWply6xAUgUk>ZJPCcd%=;iSg!-rl
zhhh)?Dn%#35n1w<`m5XGv7Z2zjFcStaACN{QJCPV2QTXGaQkS{6q%MfVLsj6n3PmP
zNZMAd+h0-(8f>0nv%wFa)(QOx*)=)^ZSe;cqJMvt|%P^%aIWHLh19=S4#g$>ZK#9>YfeIWFY8wUTm;Ql>cMOZCXXMR4
zI>K(wS=e_|53;cJw%X;=jF~3cpiK}eR2FpIjCxt45njOa!I29TXBair%g7d;wdY~<
zpr@K2H62$7eg;*bz0zo|RCGgR0FIXw`8hbh29W{O>HUQfj5_~r=T4aGZT{H{@G~)d
z^B5%FWT*%LFpd|mMEoWPsY5;qnF-ya_d*&ZrQlYTO;B!uo=EUb(p3oGg?xWf_^HUrLtD_&>iI6O+d=|(zH462GK@BlD
zU*hZ1ev~2}v}!#JhojYTEDuH}+hwLerVx>8*hafbLIanpz%&5Y!uPqrzAlXwUSBZh
ze;@0E^FOK~vpW6qLULNR*@EO5ZyfnntXoZ7n7f1X+&ml;D&vZlHxHN^_g#&v9ggGU
z+u|@vDAdX*z~2HuRG`%qj$D9fM38hx6Q+Vru`P8!b*{m=77kQHg~_FLOInSY>12B;)U{DZI#f09Msc&V
zCsI3KIzC$%e*vYJ3pPNP-4jIUYF6`>VrL
zOm1NeTA8VhX7N=nopC5#od}!hsS~cMO@WG+Nn$pjdvdI>`Olm$6NIW28e7t_P}c2%
zt8sioz>PfsZKa%07-NI5kB-(FdJ5|Mju|EALr`*>t>x;|&Fo0{p-A~TlJD}2vSphx
z@B1z&+p$WGvwg@Kf$+$Z&uM+@Sba_)gA1!B;;eE}d(pE#wxuO-!v3XWXO{D_8p_c&
z@m=B}xw%Q$St=L$>ba1B#8=lrxk8o&a@UUnD4EgE?u-J*cDk(1J!jdNpj^nGdXlgx
zjg$?Z8;%I!{lJIwA8wC6v`T^xRGWGQ$$Hf{JHKDh*{d(R~*WBf^tO>-*jr3
z1<#T~@R0UlLJF3ldTYE)e-1R!;HT36_@D|`+%9|0%VG(fi}KBGkM*Kibiimt`i
zObLr{WcG4i{X?}*tK|=F)=8PuOwUs|*dv{2;PT$emLU^eSwo{#j(Tgay6uIyHghC(UN=^iW$<556T7
zI&2-Pa&+CTk~P3O2(PqKRcM<0COpL*P+{Azk8H~oXR
zAvpTGZ|z{KwY*A>1|)SXlEz;KQ^6pAsVgP8t^);Jp3KB3RCN93%F?^Q6EOU))9(#U
zgND&(vGsWx-WJk_&!hp-d3I`4YWn
zkpWMdxcC*TdAS;DevL5;&?u!eK47wy17|<1^7FS=K?i39GT!@#5XBB_?ErFm^&}^B
zqI~TF-#iC5fBh=_!YxHCG){rW_Q$WH4qdEe#Q=KPt)RNp!TG^$Gc6&cT4ml
zdN%y#r(kxaO$mg>9e`N8_x+9krpd;;C1*iK?5*hu)mw^kkP-8kum5FQ;%}u1kQK`2
zOofbSpsD4*56%9bv;R+se=kI9c>Mo_c%#T}{O12!A&xiy8p2x^*=Zhh#2hwq52|1c
zzo1SzoQ-=6qZr;CthSta9UTcZ$3&aj+>7-pNKz*;ZrmUA&6;88Sb)7tsHX}3GLr}B
z>6@qJAKZp5CnFVV=$GljNiYXrS<2k>_p=VGs+3fO!`m?t(h79;$*TK+engaki3}c*
zuIV}6`g%m+mzgL3nh#wly_BB13?Q-{P^kBAELv^d3Uzg_gJWPb{XPRVQ07SI@pkM3
z%^jdoRAvTA!9}=P)n4j!F-uX7aZ%Vut>kRp{(Tru00XTP5RW7C$sv3U#?ii(1Q;l#G_QPjv
zLFCjFmud52!*yrW8SZSRN&8Jc*5HzPRf&YZy?`WLJG}Q@2!N2WSvQTg>{WyoxBj26
zjbLC0$*D>P{3RF+A8M98@(8hI9zT^sN7{rRy%VE82Vc$3#Y#p_^TtX-0aN#pH(
z>z8&tbccV2c%F*y##05J(9O$|C*8a7@FR&-bC$euk+Z_;MsgXjtH)`aZR
z
zxnJ!OZAz*;`k%4_ZoStI&jS%M6%^sftmi#AHn2R_gCX_dQeWINX|JIN@;F-b0(^N;
za1R$#2#^0{g8ypds%cnVw7}W3Mm*U*jea@TH{9U|qYn1~VN~voIKvC5nGdAMme`Sd
zX2Zp?Ho*}K`ovyxFw-RUqFyc2_~bZ?M8iq>Bi9~2RPq1%1T|kzR?xmSqvU55;9g{k
zm4yjKZlKZM@(ywDyNdl!+!GZu$0i8VF9Z1YepY+?o17P`C+=iSnvQ%sFtHkfY<@Pd
zlI2d`Wql}tV}ly~Br8@J6e^b~w>S>pD(8Z;$)zpHRrdLMe=1S@Q>pvBw4hneRTUL}kD7<~
zHZ1z@=e7uek&Zn+50;MHD$js+=veUd-Ubt-_`SWA{Fv)W0Xc5ha(AW%Z`joT0pqsM%`c2O5Umrlq*DvcmogWox&wRj
z;RG3Y28s3=b8WEn&+2NvFGTMq4nDTf-#qDJ38ZraNAMv)=Rk%`&gj0%c6-Cc*Zyqo
zZb=nEMG&fjwg+LYAj^>GyKoXTQz(e!D4|^49^i&A%~b
zAPo?qKo2-`2`B+-dwksnDwZSm+1WcZSI}Udi{vKHxoP=C1syMJk4T>T^CwX$wMju5
z1HKE}uBtXY$Ew8oHTE4l&HCR@vjI~a@f>OU$@T7lAwMFqG*)m{?Z@F66LA-|PGkxPJ0YTf+!hkr1L
zn1j!c29(&=tJ)t7*G}9VX=Ow&4`t7dE0f;l48H9#F>#5%Q5_%t*0AInLEI%zIY7zs
zdFJi$4Gj3n|Nn(`6k&)-ZyJ9+uwse~SS&D3NNDSB@y7N@IG0!?6v`z>rFYu<`Mn+*
z8XA4XyzA0W$Fh!!HlVc)AD63B&jQ#~3b71x@ASrNU#cZ9f8?Mo#K5y7eK4;h7QE*d
zJo`l}6HAhsY0L^Qj;k6t+!)th3dp%uurn2Sk^ii!rrQQ#M68Dd6()urH#RHy3fSu~Ng8N*i49kEI94fibXtsgtbai+==jKo+vb
z^~kREZu^hmlPr?3iMv4y67bjkq|#FuxM79j*HjMqnTAp8h?hf`zBC~DvO77g)2~ba
z_l5xTx5O8114Iqx-w#aFrDoHu8)O{+s66hi)$+In{WT6ou)cTU$i2$Jgbs~lpg&B%
z)t`3|GfMr`xB+9pv>tq1zC}IThI_xX_zK=Ly_|qtVMkN&b%lwigYjbn$~F&v!-D^n
zTy2RTt=G@f+TbC-6EJoJ@}Nsw^JKT|eZT`^la@U8`i*gzO~|bsqI9C>Dl?keQKx;(
zz3x&=v#iWQyxxDyeEB3BpkE0krv1n*MOF}MMZ9dderf~N&j@U3)aC9Rpu^#5lmY)s
zFSN8?XpN~SZ)SeO=PnI
zjYvN5-M~ztmE)o
zMm20Mn7T7Y(y?%jTnWNBTZji+vzRhjxLRgqrgijYqu(6eCXbzVW@uoRTTqvqTa?Iu
z=b087%FchHhP~a<)_nspewdzeQ&vDZcArGCqqoZ6gSaY*&0A=r*AdYwC-D|kjC4ew
z5ED1mgIgf$9pT$0nS1r}^F;}ZPc|0^%uG6OZlK65#@1ge2#8`6HWIRMn%vELSaeDsjPW44b^X3VKrtQN29<{fQG(hvcN43_;x7^_V=}oP4_?IS~#rk3(7Q
zY3Tgw)xP(VaIcKFeaWF>obO9ZTY2oq<3b}fAJ-9+yziK(muFzo^DfBsCw6?yXdiLs
zKfDugGF*lMljcR8{^a;S_s}E5kHDc%CiJP*a;{}+0taa!5V^h
zL91OUN>4H4CT2RgIB4k%i^c6F<)`O6I6CW_sOCw_^f+0OGY`d(ywCF6k6%?+?_6Qr
zrKg+wsesGYX5{2i5fgh3BS2FfclR&vw;^OQRl*vPa<8#`5pQt5??t<{3VVsy%qwI$
z?aV>^$as$&^(4xpkhPR|gQ5DN5f6;PQm>VWsqF?<4N5w?3sN$+ZMb;qQZlMUmAwhs
zu_U7RR@$vgeqny$4JNx&Tznft5aZ@ejCX=f#DxZkV(JIG-gDH})O;BY)6sSheX67F
zjGf7iN{3X3?fGea2jiOlB!8s=c*T~u^oWVY!6vV{=AisSF%xF2H1Ve7^CxjBuLbne
zN-YyRoN-yX)*~$bff^fApC1~ah5}0-ZyW6aF%$~QaMOr3IUAJYrdjzG_sYS?TbHTM
z0(th9@@8IYwwm0XuXow%!Co5&6E@+~6vJkgSUEXSD<79m8R^>GX*ki0urPcDqg>3#|>FL5VGD^YMF?gOL=;4%WigTEp_EeRVjYs`{av3c4w9{<^{;Q)IP6#
z*!~-jd*%R;6O>Y%BP8EXw~KmkZWMG=*6sI{b}rH!z^Q;2{aC)piN0}`V)vz&dx%U-
za{^pUnpZffzcOy*o>AjoKZo
zm)Cp3*b5qnwK4NW0pq3jL+-oy6;-|Z>i{d8{iSMSxrI3o@qmW^b_rm;VUTF&KFa`W
ze+dFbk2cqREEm`BGv-PrayTSWi_gs8mC1rBkh|RC3?%1g0Mn7}&NC@(kPSIRFbh
zY|@QRuD|%%pJ#e}K_c!nCdRt^)ZXn~H5TN)yVggay!&(TLEvuXKMNB>u!GNm5>$>q
z$I45C%w)v9_?u_ZUrJ>QH%msmVUrk=H%O!2ENe0)Pv+|h%(?QSMp1ftQ94f7Zlx|Ywu{My4)ovs~k+X;FFrG4_Y8^r$a04WcO>7BY&IzUEv4Md7k6NL|U
ztWQPvwlkby<=nkRR8;a!Ma8DL@|&8G_VYyS*Xx*-%1Uub&fQxN>|Q*u8z+6(k!^gz
z_nRB++rpzQ(G7z$zO2J!esOX095=Vn@NgYdrI$~iK0Uz64(}A7_cHKIo%j&JgUj9w
zQ_yc137chR?q0e?e(-RHUr_FXA0rv~jmw$91wO5|HrC2r%tARU;cc4yVI`0u$&X3b
z3!KRivXDik-uD+1Z*#P}Sze%*@Rgi-`Lce&RkkSmr7!JoO)-~VTh~QBjnBGU^{OO^
znfG^6`%(``>ienPWTiiXjrc%R)8Wj&OKF|dURPpNOLsrXTJXXG178edvtiL@+H(64
z4^P{4^W$YIRkXP?eQHX>%gg&sVM$$?&F#kETkvnw35p(H3&>>OQXtK_kty^Af9D5M
z@<&?4_b1d=z4|8nG0&y2S6oa+JuDAvf1xGiyj|~50Bsase8My^bs}~lDA$B9g1hZr
z9?D5%M(vOd?Zm~>fc8U~Mwm+n9K}DebD|6_GQQpHbLW>3KgZ0x#~~Rra6it(BtD}8
zn9gF~h4(^w$UKn4
zQV0JpUu4`a8aeP-WW79{F=15O+abCXj~}VIpAOJJ8_rnjvVVJfOIBlq_&jC4=WFhs
zk6YF3d_QeP&`y*(9g4ef{@#Tf_bQLX*<2_4mfX1TSt!O-W0ZZ9HBhB!_400UNm%Ku
zKRR@#x+gi$ev8HxwdYOjwwwt%+E}M9kQAGxrHzZPIN_}D4m}}}JbfrRUUbUDE?eTE
z`W~CsGX%}1Pr4fB!Fxm#v}SHUy>#l7xzpzU!b2~#K5hLhBhzDj=qp%)=9g~^%d8fc~bTKfIiFhn}PTfk!4zD
zcc5+g_05f`xgLF&n(y1WA(zPrhwZsy_(s}Ovo^xh?UwzMi{xdr|J3KSW^W4vMf38nl
zH)SpT^Om&W4wLpJGOs3X$aBMb*WfYx$+EcOu_7o^9&8qU<}&EW|3`D>TMEv9a<~qD
zW55UlHv0x&!hd-7|M9}z3%jg%2T73V<6RF`t*fb1qq8ryb#&B{^(hucp+-iLWo2b#
zq~v6_*46_s9`fD2NoLF8KImj>zIUxYC+M#s)^@rnVl%iJ_lQ&c={7MjZac2DfhxbK
zYQw*Wq(6PF}(lyHYL}{mxn!?y0CWoqhM*sBYG+Zi7d>#
z`CpLdezUPvvXODq}O&)WAh)E`&XRz
zgbYgSN{;KT2|ZMb!wA@6A`RGH>E}%~;?Yq5zc&E`
z+$Jz>X15BLidtTs1XUAhUdU37H>SiTJ3y?K5
z#Ni+6GrKTx<1}V8IZ8AY#5|#I+iYxN(+l{gJ?TR`vQiuImKJY6;^Z`Jo)9D@B`qk2
z>jdHZQPbX04G1Xrb9g&tMwh*;uUh%?`&EUSR@#Rjm$9~uerLCHTZqVk3>pq#mFD#qDz8mJl|9=f@?P3+G*3HtWix%-HQefSVPPA`6P
zhhiZHwb8sFgg8}9oP@9vNsTiEQPWcowMw?U4Q!?BZ==~XY+Z6jjxFUZ-daLavIzvF
z-{$1h=$_{Rc#gH)Dc#iXwR7Dx#clPLlUIFxDv4w3GwBWhhjmMcmPp3VERf|(aVF@Y
z4Y_A6@_Q@k%k^GvI)`kz!A*grl-2!O@Jw?@s>8b*uPw{`vB3hu3Rgx69qBb>{|QV2a;2B$
z236Ic1fH=d9to5Iw2fdC=7h)4*a|m1>FdJQX
zR07=Yky@XG`u+O{t&+y>imy+7{m9_hm$tw_k@O&esirqw7%d0Gz@4ifH7hK$wacdq
zKyUJsJ&`M_%T6!J=1G&!c!lqma=2^+>7K2fjk=?w$H>eA)`qfDAgFyJL!q
z`I;>m#RR`ZMx@Vof;Od3$WujLHK~QTmgUClJofs{#uak=5af7y)ow
z{=wZA8jEvOwP&|8$D>!GNeOdPf35TYPHHtQF*Wsr-0{gbK_vwRM#rO#2gC`3E{U`RHXEJ@-gMq)|HVKoK~4&A=vN#L
zUE9KFUF>xYhAfL1xNx3L&ACp7OixS*=H}(HKYTd7X(n$QvO_`=r}IQ57#pS~7!U}$
z)VSDG+m7DwZi**uC|<2D*X`50N$B0aeOPzHgkT@E`NRR<1>;T8HW?m+hOnANf*SAp
z?8{kSN}dVU5j@h|N324~8QHuu)M;d53AdhrSNF40g&KEH3K8$P_Gu58#`i6zl|safK6H7qX8C=*mjnwN@l
zw8Z?$_o{j}Dk8F#L#4<qjFB=!UeXUCt*HqT
zDoC%Roy38nF7||B)~ea?ZpvC+pI1KOzB-}gzIkg{s}WTrkvgiz@v4-?ojn=L&?BDN
z-+nOC8Rh&lsnBoV9#||bvWf^8T@IGspJ7Wif^P9*MNBI@e@V93*Ef4^#?JU}Nc$ZR
zHpI9U`iPXDi3vJ~M@9#TtTT`brjh05Sv=ww)38~+yDwtf+j~%LY#0q1Yy00`l_5t4
zwwo;)EKw^}QM1F*_&zKcbv2Kf@OAyOZllu!@68j5$oe{N#=oA+doo<-TtVIoGG)V!+Dqgn5pE1!_SF29xN;CBlAfNh=M>4_FPdJ2d-{K4aLJDwfO!mq;mcHCU~FnY=ne_
zM#Yo!bg;?9ipdak>J*-Zxdr$)6j%#aW2gnwHpUL>nvk5|qF+>Eza>Yd8u_uTjo
zyo+ouQv0nYgU#%#oaAkjo637l+7WeL!9Ra?Yspx`NHNJLgM4)=BX{nsz&CoA`%_0S
zTxXNXebpw-DS6v7^u#ZI_Wp#qze0L}zbj@(yLT|aIZ%fqo!sRZw)_={4z`kPd=Ert
zfh>D=)N&DZ3}k17SVj=}pPTEO|9=d&;#*0k
zB0p$6;LwqmPne?Dh<+@qP%1iIs$1jGq+L3lsfB?QnNG`qvcBlvVE+bLU7eh#hWa5&
z+|fHu5Y03f-HCP*%u!uAzHx05wmPua)wiz=Al)h`e+I>+YD#;T4GP7}BXMlZKIqsL
z+plF~V)KL=YI8KN-sT*8`&oSnO*Q$Xia4gTE2`Qi<#!!wp~A@$tJiceH7_n%9|=1TEhz42>FCE93f$`yr^<#A9{taL7x*9w&`4Nes15KfF^&g
zSc`o3ZJCl%uLYzn85x|uMfXO~T6YW1s
zyyCkzvs>f8e`mV4>=n7UV2jH1>oe<gzbKfQaUdnT#&(l9VAVNKX>?(mt?=v1yTy=hwMuzXR_V3(N(muEIgv6#
z;y$k;JGLGPaktT{_?~!)9j$xBB}W$?9ulA)Q!ANOmm;?q;sZQic1TG9Y*lSyIXvWB
zgAOa|Pag#AxTeqQ7eK;f+Z-9y$+;)z3F?(NnAD
zG^tIVe5NIu`D~S`u^GrYeeolv{-T0KQ(ZUj=;6m(6bmWg4;2rEh=`6yhevY(A2X_H
zq>0G=Sk$CndOXQ)YXeoa@=1~D7@+XqW)(MSYrN0Fsh72v;=a;M#1Ll#wS1n?3hqmQ
zmMAN$wDiM|py_&M2Z2_!p?7y5=jP5Nvw{VB83Z7Kh+saQvDjETxtkMhNN6w
z=J?b_!&E-*GagBhOw2dCr__PdB>(IFBue2Fg8|DbO>hqk!BQH=^pF0j7$hnNlF#}`
zu|&}gMdN3z{%C6=34Uf&KV{8}t<<8d-HDQHxGjSRL8e=$sx#!0vGdeX`9D_lc(
zJ6f|wwr_HH|B(SqT_L`F1f521jlz$5#4Y5-lfYxLOm;blgaD74npP8NJl^%fqcf9V
zdZ_yCW@Q`Pc78nl59#S-++HSRz#^}xsBP
zqvq!+;^NY>E!cHXl2ta>1umM$xfAdZ03&e1dte4u%jjb3w)^&|qfcPSbKzpFrq9&I
zy#d9{BZsZKGk;okTJ>?lZGwAB&3z!Bftr)9?a%pVhu@k*()jyhhV2$hgWKx75b!_c
zI|-iVV!pF5vpwWDz`&s66#f1>3fg6#Ss+jOpTZ4ou34-2sHUC2_a-9DNgh^Lilgn4
zsGLLZR%=@1DuRwNAk)_aa}G48<{a-PN6X=PFUlBjIuHPK`Vyl{0^Uk
ziB7bgn;VI2dzkNcsPM8keB8ZZ+Fb%?S&%p!4#?jb#Vi5F(YbDOUsLVmT<$@Mli(NQ
zC&oc*=W~oS+T;YMkXA=S0mLGDRykh-7B@9leF3@M*+oUep3x7~Z5Btxa9Xmi*isL0
zb7fyE-GhHEc==I2!RF+Q93|-hQ0M#t#pYxH=VkEIUNPvV(J-{ht&0;ireA6OA&iP6
z8nqOE6ckrMhO1m%-sQi={|jk=Rfzrqs#RSrrsOWLd*S%j>aQ+pe_oXL{1?MH=Ax8*
z*3W=+ybRbT)|BR^rcR%6ywoqMNrBreGes3!n-r!xz^Tv3{Dy9i1omb29RzEQGkiK0
z&h4`l+HZc~xBuDnng3C{f9XrD!Z6YlO~X26cDC^u4Uv^t<02tl
z5^O5H5#klm(Su1?Zw+65_z@Jgl`_Zvx;xg8HXrO+B%pj-oSK30rQn3#S05+Bf)4W*
z4V47iNjwl7YwdBCyMX`KmcWSH60ECUvEf}&EC)Avb#EDTNB^yRD(1DSocCX7IX3N!
z0R6QX^oY@NiwX&PnlQyU8u)}6B9DXTk`=G;>5a5a(p66nxf9{HMQg;Y4_Lu3=XYLD
zdtwxmTrQ`iqxmVJ{OD>}jrW-hYByD)MXtNMFl_q>n%Jk$O-sUhiwr4CaSu}3H794j
z==CGj%lut0MnLppo`?*oZQvq4{Pjc{O#ddn)_G3Zsa(?trq$7v5~!&
zhL-?qn;dY_6ELF3b)np3U;tSW9qwAIN!eY5Hy8hOONoooF%D|vbqfb9FDcmsGdi8V
zO4eX)-5M?nv;fcm0SB1U*_ogFMemseAD=Y}+GJQRYFJJhnC!k2JHod_*{cKe%B4j#
zib;rndZq*2q?};an>FCWodyPHsFi~@5J$MPoRle?9P#{se8T
zijWZ1pL&q-Pl9v!#Zth40@tZNcz02%C!-a%(=yW+D->)-Rffz{smbXkvpjdg3cfQ8
z1~-45aUipHlvR~twE0m@X(YxznijLL$f7>VBJcDr?iZG=B~uc6JJ#CkJGGX>6cpc$
zKB|i_k%&m~(6v>ZjGUD1&Xvjig~4&zWedC_wBOwCgrITe>h=BF7VB~TOP0L7nC4nf
zz&HjR)}hR16B1)f-sPCn$n*Crt!!aJh}i>9YF8meWX6MDmQ&9a*G6M+)(GC&zVo^ovd0Vq?kFzcR3$)(;OTc?CfJj&S#bu=9Z{Dy@Vby
z8-0Rgiy*X+*AZyFN^t(PD6zegDf;rWGww0&1bhTfz{H&EPnw0{pIUb7XAS;XveH@K
zjI%R=_@_7=@p6-5=1;p)t3HlQ)A2}m17un(&N|}k%=xFG1~@8D^Dlmv@1cy&&+N3M7N3CT-Z6U
z2WZ(gFuTFo#xUBxzHiya>__@!GX_pSOG6Z?NP_KKU3c%SY{3~dC@MF%HflKPv&}Lc
zAB5XJ8xSBHhKWv=VD>sE_APh;ET5;Ku)jCT7n|I1I@KufP|Tpv=5E-B2rXdRCY4BW
zUyfDfo5(VU0wH)NTGxWaBmw0|S
z@6iRCWi;gA8|cn-8JaH8&mFZ!GWy@`R#jnR(^3R(UJE!DLQO*bxn{bfCBbN`f|j6|4FMpSpe^GO3Ku*vUm8kR{DGGXBRJGT>@a3S9f)W$Z$ATe6iwjk(T>%z_20gaD}iq|o|EGtm;x<_Q|YJ}98pOOUTd$G
zsCqRF+fKPde=NI7VfRvo1SetJhXi83e+*CVtqijz!dqcRDJRDmLfpPYan=xl{nKgl
zBn3y$Hn`6px#?KvWh5&
z*C%&InN{#{1dLsTmf88S5FN9Z@7a@!=JR^5PhQifO!t$nyF9vg8K3C_(s9~Ls|+{S
zO`ij1JmS6+dRa?=>^pM-W%8aGq4@9fCi&z!$uV-qNVerL0=T#DrL
zL;1LycA66;%i_1A$uD(^tP618tmw-VIx7xRmm&?uu947}g|7j7TRzG&8{M904<64B3&MGKq5xl`0
zq~X{{`B#g;7I<+caS`Qx1eX{Gnr}!5p<_Mtdws;@(GRdsH5h*U8PCcuwxF;Q0|vdR#;U!O21|sFRYgX^Df*-USx=E&ysi-Z9w0R(RjeD9H#Wi_x0y4
z7BABW2|kOzj~_UO-y)gp81#H)Tl?Vh857pYM|LJAnZu%A=fQbTpdC&6KKYBlIj%mF
z4Ai&`y+PI+F;V5vMu%~^RwPaKM6DnWo^x`x0b&_)GCvO;cF~ayH8ATK73Mc=5Y|HR
z+l+HZbXfFgBPFr0G;*7{`P>-y(hq{KAKj`xfa=**;Swsmzz+i~%G7I^bvt_w#JFB_
z5XI{{R5}wcdlzI%y9AlZaj-G;<-0;$>SwlDy7nv&-okFs;GUrPa)8b}i_mm9GNdpC
z?GHqBW_H}CXO?N9`NtlGXQLtNL9;hP2K)(-M$&jE4`}~h*&u(8>cYM}OM!_Q2O;wO
z&j0soW_FamP5&okMi=35bv?F(2Hn!b~ZQt7RXQv;|(`A2S*qousBK70#u|S1DeVuc5Xp3ys7-m#BV}
z0znVTSYRC~EF)Du-&D`dxyH(^6sAB+ERdpFMJx~{&OrYugm6)?NvCL%_huwy`N@`&
zVjM}rqe}Cp*z^;N24hv~l{mr^naM1ruSijbmAbhKSu$+0Q2x30a(PzZ>T=qUs
zDU9ART+{(h`uaFDG#}c+jCm&Hb(xJr&jcSKLhq^hG2wAWi9!UX5q-|r_51gy`UYWO
z&TE|UU4kF)c6f}SP-gfw!`#|hW#ic@VmQ=j-zvn<;n$wWeK*jO!jK~sF1eb7Tu9F+
zPDt631hU&CN*8qPHUR?9Wdc;fA(c@l@_Fy3v%g#P)OdFDOdtGOn5@IR_A)c=bVYZQ
z0P@1gNiY>wH@$jlD|MQf=YFP?$31iExJVE0a+AV_d~j&)LvU$27-rG?&+B=w>CI~V
zq}xQkAm$UHbrz;|eks-U4w5n(ahf)h5|>siaRR@1+J7;aF}qrNO8Z|;JFbUE7l5ZM
zRKNWg_mpw2^N|!6>A#+`{4c8jtj_W8CV>&-N&9kxnoIRGU5)cMISgK9{fyA7UTr3d
z{hXYK4za@}lh7fAH4uTKhAJt#jSX9NH8^(6<^p7ujUn*9?xjVRbW}H^?g?FtX{AFP$-QlgG2v5hkmJC
zn<=YZ^X_N}TF&!94)pCPa{)9teFIxg?=Q4&CpGjtlW*iA)a;h)?bRzy
zemxTBc=?hIj^giogZUxP49=_oF1oY^`r(}&{snZ{a~bMnr4An*t5BTPQOey;A;!Mf
z0h(A#=#tP=+J1Budgo*?KV#Gktdl!N>xpAezzP{AO9N&ZKn5Y$+0^{o8o3cm+Kwcl
zfcBz?MdF|NtzkCQ0CTRJOk+<|S9ieT{DAo(N*kTu0;Gt8APEgi%Se!vvzPiFbHf^9
zvK!tD&CRv4brq+m>-->`U}F%lQsHQe>I-FAi~Sdk)DoN^jeZ5odJN>#FFL@Hv%5*k
zEA`)8j-+uTUdshSVinsjJ_I~5u5(j1NvhKkOk%tWUcuNJhaSj=_fAUKN0os>Gg;TQ
z2@@?kkrH+)t{)PjId5jUG%TSq-xlbI@3UC3eNJUvdi=@xV{VC;x=h=iQx!3!E2^>o
zT>`>s%5#Y({oPw<-(!*0;aLSRZ`kfk&c#JOuX@d28Ya%P#8J&?L-V$IqgK3aFe6~q
z<~a$W%-cS{G<6TmkHJwkH@+A4d+M^;wCI}j{pb*@;bT#SPDNtAgI!mo%>hSyA2>N#xrL;G*1Vdu9FQ|=CjiXPEbuPgO%Zb*JVcLn*;vc5<2lQQ
z_b$ys`s@lZ-ldi^sSup)K~OIjsC{cIZB4@di>>brI;t5{{wWb^-aC!j?ZpN>HiAwi
z_DO)pi#>5Ve;cf;S+AJ_n=b$9rq{`rpx4A|ed^sXIz5`Z53@XxWy)8k9b7FkV+wdM
zgc6(MK;%&#A-67GN*rSY98t+l+~Ri^^dfL&Ub4n!%CNRTF^^lAong9bL;(i*`~~|DwUaW5FCJvoE}**
z%#J{ycs?&!S(A+#RdGDi_`+ySJvG06sfLDBld!M|TFELT{_uU#f${vYco|fmukkF4@a|DQkg_Wy5JqkddbCvn|HlLEGJC-*b`r$U
z^G>OY2hUzvi|!t--+AERXL^$*lhqDS_A*gA$H&$*kxKs0f3sBH$;a^Cdh>5W#L#gWbM!LTcR
zM2Bw+h*?1?1pXzzRT~GKMVnW_BKdzhi;SrWinvnM{0vHGy!S3Q9j!T10$!W%>hLd{
zXYaV1Uw(i1U?PK*^cpAu(2jl+xK8x0uXH6^A=fT9m{~uS`{tAVLz%Zd$_eJW5_H+2
zFSv{xjok&IiAap=gk%*lb;`X;x^qS$PTJ3X44?bfhUWCXpVY3M-J{bKac$Izkmb(IHCyE|-gnKgH?>vfhS*x;l!P
zk&d2Nhhdf@?O3r$gq`0oJ%lbLRYArF%m^)f3X;1kz@&1#7zDRZsjbsNhfvVXe1tVV|6(dCeUT
zK}RtF!)9D!?3bAZE;GKFT4*;_>h;-5?*lZZStXCu^{s2Gy0Z=`{!{OvC%6efeZLGpm
zZ8a@VL`lNq$CC3;n{&O+KL~u>R|iHAp+fzC#)1%8cWM+fvCfGB%l-+-^sxBWNTP683o$EWZd-C9zS|KRJk*%TjgI2aSUjM
z^~rQRvHu|z6a>o}BQT3%5Hn6m(o3f45^buj^#n_ujftrTGJswL-bG_T-(Z3Nt$erl
zF=_}p8LQ+pyX0KhQZDP~2h1BAT8@rz@aBvHd%pdn1J_Y*)Gu1HV29)M#CRl!h&wU_
zy|h%UCD`KGi*1~yu~N@G>f}$9@P1O-o~ML*Hy|-{wy#9`+vDSclVF@RKBD_L9R#0N
zj8woHu7(Da^35LnGJ_Dc5qe+%j4oaPG0T2Gt2L+CnH5MMe`^3^&tu>*f4-OF8tJbm%l!
zU9p5zxMv}5YKDtCNeuK<%K7S|WVzmSKM#bou46Rw#9N>+_fzAqSNP|Nqa_HJ}Lclm}JtfmOt{(>}B>~Y%Z%OY{+U_A9l
zf*(Y9Yw{uX?aULkmS?vCMLP<+D%-KLv8rt)n<9R(&eU{#Vzde!eGS|Qtk!s2X0*(F
zNog_pxIFw9)6(0wxGDk2+rjL6LRDwqB`Td1*)R!o@DT$-6Bu%7+Ba6LHGoz(<9{X%
zBtpma)Kliei?}>A&?0cuFz6?0OnS&r!Xh)=8u*Aj>4|D$I3NFt$Hfls*`|&}L$O~&
z97-P?sp!d&9RGWN%o0RFx%P&xN+cW^DvrFY|I$vFq*Qzuf;a#!?}hk$Acm{W{~Hp_
z21pQDTUT%M|xKaP!d@^pFQ7^9SF;jPrvWc_Hbr*pkm|
z44=)mb%lVxt?MxMSNu(VvWH%@^3Ec+9LW;avF328)tTrgE|py-sANRHq8@g%?dyyU
z@rtpPTttV7+b)@0L_$t|72qlnFg})t`Hxs1x;+>;JtYTmU?wB|64I<0%pIH8kp*0j
z_AVpLo;PJlh&paDXqs6?t#KNRe8=}0aou_2x|cel?opl)KG_dc&oaPC6ao@A>5Z9#
z;aqj!C_y}a;2T>m9Sq2w2>brx-8k9B2cG0`FT+)kKI-|Q3G4-NkJ+lCuFBtL2O>(L
z&1%?(?T91&yl5|LCrQVa{V#?-t46M+W!iKb9PW_*Q+n!WOTBk3*p2{;sELVM?len~rXbyOgKeDb0n1X<
zOn{4G#!0=v!w1Yr%eiiAaPUrj=WFYMnE>YA(*~onAYHv=^D#5s_AU{{6@TPU5)`NX
zzR8b`X}pkrPmTLD^*?|uV{dd5B7C*!6X^;UmWzitBDX@3e#rK^KfzR
z3sS$s85&sbQ9Ki~GO&l-E>Sff9(LxOWmEC}V!E)P^~;4#Vyy7;Yh}vsLM_(DkSvP~
zjh)F(%kGU&`moJcB+@y^xL4@9#=AOiBE*%UI@tc5jqO!V
zT9kMp5q*IChZo&2rSZ91|1UnOckN$8T!D?{V>MbM<9sI4K{h^LI4tw}9bMgrVQIPEnKd3y=?jUv$J&ywML(0k%+%
zSM};CaEZ)~1Box;z3Y1Z$&y%u%pL7N%j$J7qXJN7Q}I<`_{9Gh7V_Wi8W;^boHIE%
zQxv%m0V!Pt?~^^M(V-FRj_j;Y9}Z`pOwo70ORoBuLy5Z80Bu5ZJRWWI!fJiGp8b}f
ze8-P$=_FNtS1@)ZUX(0URC%>{a3M?e`SjD(mmaDuW#lW^KFs)Xt&vL9nk^@$_k&rHu(wn7D0#)CnBo-H&Kevq_B`0bbdVf0lVzSlFJI~${
z!qE-#7q;7RB4Wh8xty|+=
z4YNaFOpF6fik+RJvBU44aTmdd`3hkwpLwpv)>+qW2CS&rPgN?t>L&iF7@p9-q*`KQ
z>MjhWsUqePaa7Bh0{fN8qmt}t#-^ED1KXPeKWc=N7Y~0?4b3FvY(naYymv=Dn#=Q>
zv0_X8?CS1@&Gr*%C4-YwIrTjWuE6!MadL=nAnGGOot7pLtiysi*6^CSV^jhZcc=&k
zv>_Go<+^4x;Rc)sn#v1#cDUgrGXW=*X@$aNlk8NZ!_)R1d(6HUZXFBTw$k6JlR8&{
z9RN3hrJJ?TJpw43Q+D15h=g4WA$!-|a#P#$3h&CWIU^)r}kE12Q_^ZoMOs*7Wt1qW-$fyLbEWt_Gqo8hgE)7DIVo4N1yhe%?rG8)Up
z7@D&+x}sJ<;f8(pZ8S4ftGFE-Yl}J~w;Ru%{Y1PpYkS?AzML;Z_P^fHT>T+Wa!
zPCJmBF2LocwNP#5f1;a2%|L*Z)+Xl8guR_IB55b{H~ZW#2f?p=PHrvcGQ8^*Jn4Ud
zKl##Emq;(>iKQ
zx$;QvmrcO&KfOS1m9q7QShMAPsC;kds>Jvx2tGL4*Rf`%0RD;}1Gh#T
zBlZXRr2eyYxd`4;_t43ooYdWI=Q>wzIX{}6t^k6gcAior)TT~8p>!njgrS0CVkR+B
z#IN_<7ebIszIpQeMB+rQE6TSlri%=D`)oTB7`l^nG`|2$nTH#tfE4nAi#`M?9eM0u
zc=3870>?~XH!C3^=FbLpEVUXs#Xn~o1iqlO23BwdmuxVe2R7riAPp3Fq@^jv%IVM(
zB?M=J?>6yIu16z{m%r<30Vjq|xmuu&Du=F9mzN<83Ff(noNWEG<3`?swN1vtas}Ih
zc(VhpMd8Dcq2Zy}xVYT>jEk&v|8t_9@12wT#-R(hzyLG&q0-4GI&|MT2{73kY`;=%N^?H^)`aNk!^1?yO5la*B{!Bi>{{B6n
zgyr!Uq4!n9K%iQyLvcJNgWHiw)YfDKcts8BrR)iuD;wiRBO>K3p4hGEhHu;6X4L>I
zmd-Xx6>B@HdM$Z-iJIBjWsrgy=0pc;zs|+>$(4H<(i4AQc*=sT775A6YM1c^?{%74
zHD!l$4wV;~UX4S(^na1UmQ^@x*w|1)3a}wKm%&BTo+#!o+kyIJMNht8w
zIyjmTJfNa-_&8)l=6*Dn!7Sgy1~EfmTCuiR(&aE}lF3!jvEHtv3{#O)1_*bH#;`I1GR6jOy)esw
zX{WkrTnfrkI}+khr-Fevj<WNBYq7atuHx`_3-4@Z%i7AaeL0AKdT2{&o7^7P
zMzAfs*zjF>P1DT9$r@Kj)X8J1ka;w4t^%^8f6U?F
z;LA;(zsv^z;JJX(1<|lfN#X7*B%1-`rZp!k$8h@)&vzE)pL{FH2h)O_yTN;E
zDa3q47U$C=gRG-zah!B93j-oyM;FM3{sXphQN+P)X{t+~(DD_$=pb%Fmi0=5C3yn_
z4KWwxelMYmHZOtk)ui;YwX#JvD`+?|VUSWJ-t(JRq_6)J>MEt{tBDU!xyQ&z{As{(
zbWi`z?zTA!}%x^&0SGd=A!Isq`m#VNuL%~ji
zX>Io8#G5-Z04
zZ`}kQq9~~j;%B~i>`E*xweJQuIt;Qg+aadpq@_s)(<&pv#j(l3;(;)IA$
zV#mj#$fx;Apygw(Lh;LCFJWuCt;ymZ48jmKsz%*R)trxis%DJy;C
z28_AD055x4l)=HaS>P!c3r?9L>8dZv`btRnQ^~WwnP&gm+Pb;*^|xtFbVZDZW0}E@
zC?)-Mehmp|URCkcB89AZypYNmL4m29Oi%vH>^d=8UsFp?E$X#AAyNpP;0mn?XIJx=
zp;mg-7#oLz{N2;LpfW$T@}U6?O`=lX3x=$niO79pJEFB)S`a(fo9{d+ca{7jY^x$)
z$PI<&CkUj^h$kvC)2(Y|4TRLAgq_4DX1gXPCd>}zUsvsH?~S*8|1$3e^HktzhSMcj9ApUSh^Tg>T;p8z38?4=-{NYwf1A+9ztnvWV&$B#FDbL
zX*@(6Wrai{7cdNxPI7`=jsYJNU|R!Q#U$0m9wy8S(pUI0gxz1Zd=w~8P**eT{5|kX
zG5&nQW&Wmy>Q>M(ZK>|TP5<-2m~<{6{Au)%K9?l;`(tQ)iI}gYHHBS);?j+mFY#_#
z8@@bYth({{k_fb7H0Duy7m%`sDJXlqJh^mJQ^eZOfFqlUDT+XN3(;+CmK~HvZ#Z*!
ze1y4f`qKQ?++fA?@0}EsR8a|0T*`f%nvr)VW-aH{qds)1eI#2edcsTj@Qy=zTW)UH
zXbSAB?eOi->b$PlD#T-a1Y6D&@XBYX>1cdUTVqS6!PwXoj6a=&q4OAM3bYjV%sY_8
zZ%^Ag5c0E`f#*-}+zpJbqhh`|6eNO#w~e{^66PO=^Bq&Xx6i)9;p2>RR$`h=hkNW)dulsU_?09#
ziv2wGoeYEDYZdRp#%E0sou$Wq*!}Gk_-gUMPFgY>ovFCTaRC{+$V0BiqgZHGBGw4%
zd($hJ{S|zb@}|a6%~D6{VpY=AFz6$?n7^JOGS;*)b!2-D&(4(Z&{7X<71&xiI5aA_
zXat>y7xpJ0O~>X=kYp?@R`W6HFXX#3J*O?h#-U?d#lkPa2^o&f=c!E%;)7Y=&qp=7J;>f!G{FhLkUjFiw0x$Ima
zA?+IO`KTMi6x#4>Ei*9wHNIa_R^7bllyFqm4qn*?9C^By0-f3yR;zgZyt7l~?)4@r
zUoFO$lo0-ukt}Mnts0)Ffw8Fqnxr01qebsk>1n~~u_00WfuX+Jv~+F#G&jvk367rn
zBm}}Ztub$4%3pP@kR#Bqml}L(`ejnr*C%$@Xc~9d$nKjhxL(n(F)Yr~%?%|ataUx-
zo834I)3eZ7h1w0DWG9E`lU&SP%oh+^5)sMLnHx0uUu9i=_3hikIdBM~{tQ=*(VCdB
zvo)72*+zE#4s(qb{0TJ!RMOwmneF-(!}S9EGRNiG`8CRE8Y_~8v
zoK71%-$6uyLTM24jrjpavVi2h75dh7YI-4~;W-jQ!{XhD~yJ8~0PYsmJ$PU*=8)W#kE;F2e
z0F#%dY0GpgmW3;wuXYB2?p3mURpEctb(IvVo
z5NaD6hn&2%+oO~M1&>;k4eV>kIQRG5RqS%x-y4dHA6_O{?KE*ayi7Q_wWbnWN=~|O
z=qlpLEhvf?N0n87OKL-F$~$FZrxOMBvL`Z88+<1%qjJ|;d!w8==ELCN4Z5;*%tls2
zb{gP1CiRk6tnG4J;Gxaw^um+6){gcjo=&Qvc==cHPQ0J0)8>5B>y`_7e|=>$INn{*
zue_&
z&x1$@8&38n$<-s?k=a5EMYv^@%E|86_ty8nn06b%)QNPZI_|rf!AOK8Fj-T3{-k7I
z0}iZ?Rkt*)d{EU-l`dM1=~^4dpOoraF5BISF!QGWdDQ!13(SRE`6emZ(6n!R(UwEzJ@M4nCTi1=)-Dm^el98cgo1#rKUFbwEmQp
zb&0Mu1LNfCeE;5)cRyBMYM0E&nGD+E;c2;e{ic}pt{_Y<)&6)sAMDKndbQ8^KJIJG
z(7gu9GiaGq4Ntk@!Od0VQ9beOwBHVwfM|qd)p2T$)l#;2%bLPJPZ>>I4Ej>bbXtf;
zt)vh=<6OV${07aGKYsf7FV9_)ApIj)78zF?L^TPX8?%zgWqPr0)|b5cYlTP>(BD!u
zFfv^%c{xl=(yiXAXaC_JHg(u
zCG=x43jgWmVDt^blao64!goOp9?ly>mq7+4pVX>&e=zm*{&Z(@OpE@-0oK-1+b1)*
z+U<8^ag0HRe7PqTi%O^j_=GsZ2^tqsF^<|25?#
zSBrnJMi-gO{z&u-$5Ql{(?-8jSHaU!I*Eru915WwS`8TAi2T6;Q6m>0-GihFE0O8N
z^u*Msx|W>Z?F7_RtG&mf^uq%!_k7%@_>{jRFjMtj5xiY33!u*lzebLjoSVBk4)sk+
zFhpjd`k2h-onF6A+nvD`j&#Z!bh0l!AIvnLdwMC&kcl~dOhe1C^{!K0FX%Y0*nUAk
z7%E;Y+vDwu8WkdY(@ohT&&5hN(x@}H3
zcyVE)ThL^Y9v}b6;N(ya{&%);;b|vl_fEt#eo!%sj1E`0GX0&jDK#%k@5xL!-Eo5x
zPt<3F|6s?%W1?RR3~xw;i%cLXZilYs=81D{m%yMUSKbnm<3h^`;6|JNQIf2vWvtE5
ztJllyH|^TdePc?WQS{E|g?mCX^1AoG$v*ug;px?yc!MzH*D=SV;x}O^)mK+Z5rovb
z%x@7F)R2D@M21Jl
z)%-Vj#^t%xy*K$hirC#0YDk`ni)yxxjrB#=&={F4#Or)eQGCcFOjZMeO9lH|c_9sa
zQ%#6KF(W7AE#=P6PUd~<`xWOuR0E|h-rQ3ks+wrrBi$jDYcEL<1N{^O?s7~j)OCRvn$oR|>p&Svo0RKLbo
zd_6$b>5f{(w)ry0Fh}zZHEv;RVN?a^O4eL5n+pbz$j)4Bey!*EEw~+9orXqkODngL
zSr3e^@jNDjf+FF$r0SE%NadKBW3Z!bY|y#VR5pZC^>K0v3MrkhAL(LT54LyrAKvE)
zdAG=S795pW`)!poI^*M;EARj1bNiEIRpS*L`1l=800g1%%q8xBfg)eu6L|a7yJprk
zu9M_a^{qfq=jVomM8{SmL!vRclSrfrA8%+dhFM>Lyq^IdQDpP#a>0pr{i?0wuu==K
zTJe%-s_d;ZR1OJ$rClNSy8G2FEiRSs%I;`B+eN`WDE
zZ|LLt@k)7Ys&L3Lyj!i<*2Xx3K?<7^st>_$~&vd{DX|__N^k~x_LBz
zq+h_Bg;~0RtfMYcN=s$M?g7$aJ4jgK@{0yrU$(xqfSULj3ZUJ@KuxHIH|)-+pb*
z1s*qvAU&zU1X0BH-Siy)mZ__}<;dE&>hM&nLszfZe|x5_rr@DsO=rZC8m_!={c;n0
z`7+6wRPry^ic$m)Mw`(6qXo+JAgm0g3x~{>7H2h71(o&f3-wFYOcf23lJJTM3(sew
zL|CYkwNRC|O!Rbj2NAty*-R80&BNME62cr>zECTX!Dd=|yo%`S45Y+^+BeM@9~ghB
zKn~8e*=c1W%|o_d*P;mal)i3VSwHHN^yq*7vFiKIFaCWpvU;Tnh-hF%`^Fs&ZPR_S
zPSdR`0?H<}uc?bTSD74-`D;L^K^*M&
zwx1&-Kd^9e$2D4jQgi?fCBYU874-+(CNtbw$6|sl`E}2+Y+YnKQ0W-?CKeg!1GRDbRh{y`?DhZ*0PyI=x?WkL29Uv1+?S`&AjN0@
za_#NdHzXs49oDqj0MCJ86Y^ZCOFwg6Ml|C!47^+n(Z!Rxq=YoCK08e$7H(E?%wqwH
z)tI7|e#m0}+n;Mc6a&BLvtLg7lyd2*e`b3h1VW)ucd>oIrK}`B>6e2!4ZsxL#hvlOGlQlk^kXcGNS_IZUr*4@y5!~XOXf7v3#
z(uHCa-2{*z?bOL-P?A9r{%-5{=+gN>M2tGG=hB{s>mxnTIsW4glOk&G>MUr{Q|L}w
z&~J8%|EXs&GCumHy>Bhiw&3^Lnw#E_AKffM{1hr&84RcnE0K)CGCh(&OD;!-x6j&N
z$jLtx2@rb0diPz3^gM>)O+>^-EF+4g!k;?OlEsSZS;u|XfAsi6i$9$}Lv0N=H`fMa
zb*zZeHthKXrgL)()j|`sCIVnB3(P4o$LpX&uiA+4KyJ^JZ|`sWtc!qgzsSuJeU^V|
z81H|*1uApnE%#SrkMQn){a>uTWmuHqyFIE%NC*ld9SVYigmkwcl1fW=4c$2)0wMw;
z(k)1rba!_R-Ce`bHN<(?`}*&5o%7?{{(s}Wm{0HX-m%ub*8Nc5K2Vp7(mlW9x7eRV
z{C6a!K=ZmWF8Ak=3u16oQA(*rd+Kw%xuw;g%$kU~U1qQmrZy1kWetyCFu~cmPvNNq
zdkLQbO+Ki?$~+QZWlPxxjIu-=Oz|9@S~5KrTV~Pus`ZSHh62_ae<}`_9PagL$=h^W
z@QHsiBQ780GWgP@vtiz5yCuVOjz$^k?8-M)Vm`eM@z~b>(n8}XQ<6CA$JEF`JTp8Y
z@@|qd6f8K4j|)V{Af_aBH@cuq(s6ZlFS-6}1%WOLHoy2|=b(04n%wni{W!t*T1V(+
zW5Dxxa(-iXHzhOIp}R5Tb4i^aP3+`(?fGuut5=^xGBb&Co}WqwVwLCEnrO{%!s(~wD=0sng*q&+vu&UtGgD+W+6jGMIU&pC)~fcKrJr5MXYD5C(@94
z4H+yvA=m0-JD**QuDyhg@IiZ0xJm4jmV>LN1
zMWOm@`8hA{rzLt^DjQpuSTjr2*hP=N-VwRagy(ZPzM8Px?0ePU*hsBT_aU8%81uDx
z?a>sj0ha2}Dw$kegfNkN?{B;qy5WH|abkJz)CYZBbygP>rB3{Xwa3i=g1WLqN+U-6
z7ByhB5VjB{Xib!jvsZr?0(W?9CY?-&ijs?qYhq%m*m+r%!Yowb!^>B+IHso2n^C+7
zVZ=6k(eLJrNa%dw^hf9qRyH<)Rrb+1?b+EbUDaNXhBFGcp6^bUg?veluZUpXo`)C4
z%n5?o^8>)^pv*dB#HIgMSUJ~g{y|i}de3(l+54Ve(2oz*8G*%^smv->O
z`+Hx}#nm5wMH4q0lyE4)WfRutQd!ki_}$or&*RY5I5`~TyoL<)OG~pRkRRw8x9X8b
zVfKaL@(P=8C(k+OptuuY$G!8WQz$KCLAHFrEbvf;x~>$
zogJ22+VY~H;uf-3AXHR=!%`PNetjqLXU6^@_+jw37q575$_f=cZcmWg1+TW&^C1o{
zto^zE6Zhn+2PpeT2Tjw{M7lR3wY6Sry_X!o5tuZ}Uhj*gm#bX3iWoDEj{5GWLJ9(-iSCO&Ut!kGe$ba)g{BVKF(dX%lv^gZ=6-8b&X&gv
zDHsY|ycFVT2-_Qc{AU?oz03|fzPwIe#I`ftK{<5>2tq9wyC)mA9YVcolI@mbtoyuO
zzxqpUdK74t1j(^96!@hNSj4nd
zj#GS4s2nu_O{PR@0CMbc6@YSv(EHMd5>fe7!HVxOGFyd4it4i{Z!~eRwx-TzpOMTpTFNe&FLOj`aDU$}$?Iu8*
zmX?o3I64bz;KV5`bHv&otK!)k-FMcDAMCNdKMecky+@i0V)x4=WVp%ADeKhA%+Ps0fLW@bQ=o!AiPoD!ZHYHxpLN<>6)iSsC!nnU1|Fn6Kt%X;to)qS7Q
z?2=)w;Sc)o$Z}5fKu4oYQ-L)pCDH!#XF|qVRHCi%lv1$sj8@o{HtAl6o-6dRd5vbGeN{aFc%xUo2j%On(|xsFO(+H{x)B8S-s3
z3_(_5UpCOYD#ZR$kgnh;wvnR%uVoQ$VGm>C(W!wASFyzv9fg^^tXzjMt9qa{f+|OU
z!hmaJWVWqpS?U$9Q$oC&OqGf=Jp2{`8zS@+^FxPmmh-pvL-HZ)A*
zGxE&L_+Hp>`3=y6@*Z*@+@Ec8So^X#W4*|a}RZ1BExVl7t?}R4~=MO3VoOg8{~G2Uo@u~?42Bs
zWQN4#bA)`(ret$S>1!PdwNvgLGeDEyZM9u;Fspi?-M2!-Y}hiUCOyzc&-K==dvAYl
zkXnV?M$!8UE3;lWy`|4WnDRtzKy6Wva6(1OdJ*f3c=I}**?0bs&`?EPH5oZ$USPEM
z#j01}9%gfxtXx%LE5?3^`)FKr{NKDF!%D3U`FPCW<6F}ZkQXgs?A^wsj8{n
zbc%7RXn*q6x=i)ah>UTTZAr0O>Kb7#w_>HiqmM)T)qk}(f9L95%XWOi<(QtD+MFly
zzVDkidxixrrGZ(E`!+q#l01mT0pTbi-G9d@5rkvTZ8+xevuxjniKwFOLT2bYbpeNU9nw{NpY5!2_E%9uX`KU
zk@TctK!LxwhO$5OGaQFsr@Yu{7J@k1a9XCzviZV)ythyJAbBS?=ElfyGN-KeaQjBg
zS^r6rjt)<@?Hj#v`LA*DQu&@!Mn*2%Jaoa4cJG{yUug+`NnOL5sh77mKyiE5R=ui$
zmZlBiF>kpv!qmibs+=TM`996G5Ek04Iu5mZ4iI|K7Ke{PSM&<-$yn0
z)aBD*RyM=>Scs+P4O}M_3e}r3mFM7S5EJ{vw@XRsPLW6fcXV+Y9G@1qQ6QqQVsdmY
z-E^@rawR5ANO~w3wyC-nIN#ubSN5;04J=MzvC*Y4l7IhUM09OsR92wQYwzf&eXRc(
zA(mGZz}X{6Rl7sd`JKrwpiVe)S26R*{t?t}!k>_+{V@2)u>P9Lw$2|gVboIYoPk-j
zTTRMr9
z?EAT^O^Q_(e5$^)tGQ$Q?b8j^FKINn33E@TGdYzP>WXWB#2ZKRp3L5tr{L#+rvbG_
zXTPTWd-bolRAFIcRG1ttSC4IzPE3RoQpQ{hBPUs?zYP|>pH66YTk?5f7JyKOz
ztp$r@7U$uD6a1jqGl5I*rWfw))$<3;LBF?}Yz8Fm!ZYJHO?CDJ$3
zT7edWs*A>eK^U{1$q56~EH8mejkqlhnYV*^qk<>t
z)DlE=q1|z4)F?9VZ)eA5CC1s{-veskVPIT0iTMs9AXr+&pGbw>R%uzge)5V0=?v}O
z=$?c_c8*D<9CyEZg~u_%y8~(ljZ$~0Wp7eD(iO?
ztQx#y=1UUMK{=xADt^y4wteQDd61j|1pNC&r28iaMyu5!wbye4PG@8NbJyV_nHDUn
zO~!-^wT>qof7cZp{;rU#edrg$XIAl*!oa||<@CHdJd9SKE-e%JZ>uU}gMijuRW;J5%ji$_61oZ@
zH~5^rLn)_j-lyf25LDJQ1rYAdd+Qs!_4~=}?E1H4E_9N-Vq&*FUYo(J6X6{{dkK`sr4-8t>>rDhTb)dl$tt--0JO<_V
z4vk_O4YBOAbYAKmA?k9HJZ0D|;bBGF7VUE!&EHilC-$!k-}iO5wTxg(MNT9cWj$N2
zDdU{UE?63z)Ap=z;g)n72>cue`oam=`3-rML;vrF{-k
z(JYUMAOHfDvkSDx_@ts@_I&3(s`$w<--F}HrZGp1eZ9D$25Fs_(spu#|y(Q#Oxiq3~**VtR2i6l&le^ftU{Mi&GZtNej@4k(D%aho
zL<5PVkE&1cbZs6!`r_1+UwcDmB>el|Hkr?_T-$=Dp^5Ca#YVe~F7{tnc;3r=&EL+0
zXyctY69noWQ_`1bzGdE}xh7&6kv)tXGJfvN0WQooT_cvVoO$D<-+oF=gB1VYmJy0WmokQvf=~
z5z&JTYXWQ2-)+L8^&;OZDZ204>z{TlEZK*!;D`spljsOY#h)**dL2DW{u;#+EFI`sq_4uM
zm?1Vtna^q}%4b+-0+_DW{sGin0UfP?!LXNdGzpXHgrR9LF
zwzW3hyMqFOSpEC=FZT3w*Bm1bzO(bMtYqZA8lk*ues3slC|@NxB}qP67C{92w{Jh_
zs9#BNPcnZ^B@LC!u*>fu{VzCc6-3llyBF64JnG)?#kRK6YC9UtB?9W*b7B-;3n!D!q^79zJ%C$WvI$rSmu{=13SwZIg5C{5bIU~rhT)d2xf5I;}
z*qv*|Sma|tB%#~Fl0Z$y+MM^*S?7JJS+#`|2Mo7-t>pdn^OyYfca=OZbH=xrVKz!!
z@v@#3H*PfgpS6CRw7T?pGu223_aGMXa(SZFW(ob3C
z_t4~A`{3Y0*odaAuSv;d`uhCXm@Js0BnW#Yv|sRZaE%HcybPQ?Gc{UI3pHjOE3S2&
zEp0j?0!AjWmVy2`ZtHD)A6}jgCmRuw`s@Bc!t=)@7u2C`D29?|h%dt4
z1`90w`nJRY0qbMKc}ah;0##&6lJRz2H7Hb3E*nQEb|CcLLL);X7&q$(^y_7U4XUrc
zO;YQbak1PD7j&TK1|FTpan`0;t~WFRqoLi{vO
zyy;L-xu_I$1FObryzZ`4^r4>o%TifRIfKPbdTBSKf%z9B&j@!*D_jQUdYhi>qoU{1
zd`Oyy+rH`vxCF3WLHqsc;{VxYzeZ^CtJ$-sN)tj7gA(
zTrM{xyw$Y~N8Tk<0H^DT4NkZI-KzKP>9YERgI|T+A+QD?MYazX!|wGZVrTB$1#EtH
zAVObW$xpXmNdOp3mxx6dZU#Uf@g#w
zftllmnKs2@Z9cKzMcL{3
zMvEe+ZfrpKF@_X9g?mz=;@%H>!M-2{Gky-9M%XZZf6`^rZ8g)@PCeaNe5>oA(AT->
za&sv>QF?rQ{<;14=|6R4b!0g%B)3ke$dn$q6&$<^=AhgzIv(3zbLVX~9~adL7ZSV8
z{-MUfE@A7FWBru;nwnSZtu;FVnVA*d^DvLXxM-Dcnq?umr#f}Zr?}jB3ReZW3x}SM
z08bH}J|lHU(<`y??kULH!IinibU-kV_8MSXv??aH*LNfY^`9tdG%cRzo4V%*5e>tW
zlk#d(WDJ9@H=Qzp`P=zVR{>X#dah9ad+`a6`?JtQ|6jT29}47A6W1-XR88<)T&)Od
zuf9iSvF@FqVqg@-zLJD>D5vFOT+c(<_k?eFj(NdmYs2YjM0ir7l&$Mm+!sRDG5Ldh
z7OBR)&Gln;C#7-3oSH-bmPd5;CvGsz@=%u_qP=50Zxg;^XW)RZto*2pJA2x~!}T2y
zdMrYh*vY^E21K#%;II}C0{my9&U5zm*lLPJo}BwZuMgXKSChh8JPIvQ&ih(ZhsZycM)2dJnT?tz0u
zwMPuSr0P=Gi9Z}F7(xZpqE(1`5!$YEsK|vOPf(PLn!Ji~|
z#DAl~6Tq6U9pc?&g#jE6q(~+dW~%ue6&4F7oSt5tjY%!6)^Wm^QW&=OUrQx`Na3s5
zw;;ukAyt$sy5@d)Ts>3nb9Pg}o&0mADXcpcGS_fJMGf4Df&tZ!7A30&35Ujcv6~i^
z*RpE+8`V6u(8g?SVryN$e)QpAKq)xpv6BA^^kMimRP(QG@}~gKCkQ-+uQjUiS1D<~
zb7;{9f>El<_K}`=fboGUc=BROp_57dEp$P6M!L^fFC{E016}BP8!>slpPcCx5K)3n
zNtq${pgCM;&EaSs9|
z*{)=Vt-@L>t)hagr0a*pn78YjF_Drfhlt5mQ|Jwz(B(+O@X$~I)}%0bR&vPowoSu;
zN5dt3GfkS^>E0+)UqlG7Kd3gj5i;ZAU_IyK`Z%CpAP)cM4z&XH&DyNIrL9e+0kOMF
zSy|<=w6v9TBUgvqLY$mL6uK2SRNc6PP|eJkk-0lm32sBRJgu1WHdGmJL$!vJ?d@Hm
zYKy`!c-f^39iXSW^!2?K0yoZ4Vw&`qrcOe9>%BKN0_LG+3wTt%cAnSKd18J2@;~G5
zxsm*g&5KLR|BCKwVW%pb4C$pE)T-5Ix2eCe{KW16M!kcnt+64%HZH03A0l0
z^YhO>%te`KxP(JZXEW4H*k%BFI2eIP%70ij3KZKv~8~&6FP`Xaj^=@-Q&CWMQ2PWdwKv$uPnWy1$=%
ze}Qld_K&~rR)t38-0}-s{XNyU{KBn7G?}+bK=F?AdzRl=
zCsKmNlp|8YM`<0GXr3}@;SYp)#9szZnoW_nq8>|(UUA$5DMSA0pl2qqZt`b1&wU@0
z-xIyBDu&Y7fvu%YCpM4+(?~32%bfMv8&3qEy!#gXbKRz~_dySo_9Z(R3zcp{LZWGH
z#e8{~Ls6du{AcXN6Kq57{$_taVv7%{slW6TxIdNHcWRe^A>8H;|M`mxUS|`jopx#Q
zdR?A;^(efh`W^CG9}HE<^a&zH+}76{jQcK_s?nS?M0d>T@2TgjQW(K^cNY-Q%X!a(
z3TTHJIY_x&tE&YC)~?92@CwLZ+`^nF6PQ8nT1`yA=Nhc=+~xM;o?8_s**NoNl*zFT
zU4%4JmUE4Z9kX`xKfPW|e&65O42T+xj@MgB^i^&Cl$c08JPdhZ!60>)zxOlPlU3*j)wo-f8KHO{@(<{WVUN?f%;kS`9FOVPB%~!s{I*Nt@Pj-YKqU{U(=O=
z8Xp4QnRQ_U7#Oe7tKEU$d>+TOV80LhDGQc
zTi5fFsJfbOV;9n4@K1ns`-oOu&B)l8@~M#mY5*1Y=qh*ag2}N&*7+c&A1(n|h+b@U
zuXF#W-2#GC6WCzh^>iQXdjt*7L`x;6q-4sUF%ei|Hr4G8zd2+d0=)e8*_Oi~l)eh|
z-Wk#&+iItu5ljzo5^kQg1P!F7qM&=&l~=Tl^hjaE&R?|Iyn3VKm!A(e)C@*?cx-HM
zE;jBadhS;Uk4%mFU`+~<)8YnyGnmb=s14RPe4t*RP6Z(7m?{|XnUxc7m{F-&ws06)z$*p3wWGjK5W)+(S9k%U3kdNwG@upAu#1vA0SHc-Q6pt%5$jKwlWC+Z$3t
zkDI2uhNo%{FeZdNnwY*aH7vQP;Zu$;iHpGcoSU)nc6l@`Q6{Czu2rn%n}16MKab+b
z2gIfqai}+nl}nRBbGzQ){k5YR6z^+=8}3}L+OI$d;e4W0@k{|#MsDYPhvxbOdGpS2
z*6N3$hVR&g8reuGD3Os#$qn2grbdT((rzSVA
z9Gx6GIy#65x2$cfGBRr{`;|P$d`;5qaDc~y3cBYZbao0&t;n?0Y3{`m0|FUu3KPc%
z;28e*(|Gkf6vMPM@|jaKj8kuEU^jF@jBee7U(vjHI!vIik{W46M*Z6P0+u7WvTw)Z
ziG@qaZF@}jTdieq?`T|TfPD-y*UjH>&GedN($(E#d1FOjdGjb#bCaZ^czwp$IjL6U
zbTz{Eis#5hfi@SQU%Bor|-=(HVx!!@%+xBn$A8
z(f~xLC^y
zH#S}!yI7dpSSFoJZOXew`I;D~#%1&KO-&rON$p(hJOGSyM*PwbC^L|1EA?$kfL9-+
zzzjyK{|QlDo6vyJ{)(5#U1}%iMvX2b>qauE2;X~j&O00>}-b2jAHVL
z%_b3tlz9op!?@MG2rE^#Um3cQ))M7n#!NFgzBXZG6G#e2M+GSSP{0t@9zC&t2&Lv^
z$Dk61f+o{MfFgoW_8DXH?o^wu&}B^Ml>G(-{g7vZ_ns;-_phJ7do2;y3545Rj~_q%
zUQviB9jLUuK<&Wu5(n*(^4uGs8D96boS792`WE^QO}7GQRX*-t{MWnx5k^+!Q4=s-
zrs7$HkO6b90s&72DSCPVfjVj6wgvtf*rC0hL(8PwT7d%Jz+^%pX<>*Yji7eoe^*`>
zCFkQm)@GC>l*91Rk&wMkv*N?=prz3R)*vBVpG2M~xU+ftGCgHqoPFEulq#l%8eLTt(
zPV8N2>W%IFG`k<{^!4K%A(nqFyT&ihui&2VxlGZI>uG
zID|Hz_(gD@Br7}q47o7@KL0Rwpg8F$uYi7Vm#1vfUj$8cuPZ6ohoeF
zSUsiL#DU99xj=Z2j>eJe2?=@UMgFvgYHd_yx{+8jO{SOR`7xswFEmPKUEX28R~lR}
zOIaz&DV-a&*1F<2=Xn~PH(mOOjEu~ycbql84@|B%PUdb6svW>P3J`IY>U>u~NIuhv
z^NEB+Te0;a;~UL?0UHw%V$CnsEI&I`hnah7Rj{2NJC6*{y!V>5V(2MUQn3T}Dhso`
z!uXSGFqi?8v!B1?nz~_Rz+AE@FGt9!QjwMODt<^X!=tn0AxEyDvIj2*M<-x;D;;;A
za`zM{>Nukvw*{V)0#{Uteot1I_<*QD
zbREUYqW|?9gBHfZ@L1jV5HWlmp^*yud8MpZHSPJumI*>9g7jhD9gTahcz8r@amHeB
zh$$Nty`!i-uz@-O$o!;tiwSAd)8()=)HLOs&L8zt3OE0=IRz#BtdWz8tDJ|2=P_Y?
zBl2c%-t`<-@vp+Aac<6g%46UNmC%)fo0NovZLR_L5j#4SZ=0-zhcB8Z1K+HKks~?p
z`MW%w8+`cmPo0t}%VZD$t3R)9g$`pDgeJ*_KxWT%<(+f-T;PRC
z_p{rIE(Z(<4u=uBcaAZ2AmC6MCXkG|w=Q;(TWyI*{Bxx{q$j>;%zA9GSp~JyPHl3b
zlyd_^El6TAuc8nYv}hIP@>fLO=TW!Z`T8U40(RY*MD(oMN2V-Isg7lT{*M-5s07_&
zJGBtH$jO;$vRVWN(8@);oQy;_jVT?>!xsMr=jS^_bXoqc%WtEvcE@vr57l%OhVjMl
z`I{$}M&GSXxe})R5bueC%t?%h-k5^jpGIqhve=VDQ-7u{6v%}->l3L)6kSY*Et_fn
zoNpH1Fly=|F|Dn4D=VwzK#waZil!R|b@4Hrr%C}HBG5h=l6!crmPeGZ*L(W{C-cV1
zMl+!$7)-SF^kB3Ia7znY3o^vyt_kxDDk!)BMF~Mc8LXo6^XEUBkt#nm%D5D`0T=ks
z#deUXh4;Ltt3RG+G#XWzx^ksA$PJq#S9S3edIr>rk(F9@JUN{+C
zxCb^CaKOgxvR62w`;$!|5DD&b1z4lta^S4XQqT1KQizLp_B>jH4>dVOB3)ewAY{^z
z$+x|kwYPoQoxNEw6No7y52*3&unhZFbAWBeZp3g$gcUUc9SJtviivNc3VGOY2wR7G
zq(_eF-6JFGeE$VbmY>%fxWe-gGvRy*Jy2ioG4s4n#7o7`CMkLNeAOo2VWxH_TJ|}(
z?CXU2v<+s2AVY?E<(YdX+$Q&GH^1S-OsA}>nu;*r)aSjJXzGVt;))!VuFZ+t#G#&F
zrN*^i7%p{o_O1UNcmCO604tSI(jNh{%lhetc!ldDj9q0ld3U+@W~er`huB04!WT{L6FsIvXBJtk-5D&OGD+*sa&e&BB7+Y^Y8G*IJq5fH3%nm!7M)&bJ=2rv+x
zwGfyGOGEC}9hX&fy;gr~Bg^okuz4I@y;mJsRrXg}GfUCI#S}wZ8?N4KGU`3B?z&9h
zuwdG7T?pjSi(6~HiHWo6711JxGovpD1-ON)KHt$KNG!D7w$H(J4aI!7ybJ9u?@~&_
zMtDc>p}v5UP;422Oj}#sy-`p`9?`t1H^HotQ!P1s$Z&fO)jk)y%5AUol2S-G(gEB^}
z{KY$|y>jT=$3SO{WAAL2nu^T$obP16b$GiWE~Zy6=$OqjMiNd02+itEM}|j5EM?N>#tTAE%nK9y
zFmw8*nwrA7=g(gvZd#x;tUSsdlUX)0vTU~st<{@apiuw6kxbuFr?eDj*wxRSr&^m?
zTUn>q{9zkUXCmJu7U
zKW8J<5}?a)J>&?uf;Og}uvs%R(`NoXoU`%nxQMP$s6mDO$_=HN-&st9-l#EHYmLiI
zSs-?)z(N$h-dclWbg;f9NbY^o$y^DqsGx_V(O2NQ-rTd6Q{e>&V*~0jQ&d*g(gsuE
zCJU63+#YoD{KNpLFyQ#aCw&%V;gD1~G%_pgqDJpjrZTELI}C5h3GsaKb5;@xWdTjk
z58;)w%5@C1z^$r`bmNHFh(hsp3nrkd2HR*p>8kM~d`$?CPEPS!fh)A$?1<>uD8DgV
z$aZ4|R(kFg8HLv+Wxq3uP`$S+@}dNO>@u;xTj;1+fyJ&ss0ZQ^@|V6K0)*w|ip3pK
z_Slz56C_QRlk4s+(4suM70wb3nsh4Pp{vzt>s7OE{O5pP5GgLjeRSg2#%3oF1{h;Ms3Pk-%drwT
zJo(qpxB~HLhR(b%Nw;o{qthYSTzg3F-{)xCqzn8fC={UNoF#-t@1j%@2xBWXD+`TzKrxsC6&lVKcSP{z(P>QYfv!
z81nR4J{|O&q4*#wJSzN9nWRvgdGWx%1VmEL-(Mp~$Ijb7^RRk^th0`*tE&K#le3U4
zPcoJDWCM19tY@Ye9vC}E`hi%YjAUefz;O6r3u>VbyYYUwnqy)Hi}PYhD2$6$NpteB
zWVg!iQ~s^HzINPm>rbB>W3$?GFRtRxK{uzTr>K{gR?}ZYDL#x|-X`+#^RpmLdT5Y4
z5Q^m%oxm%q@{T0r*h#?&?^#b@n!(b?j*GtOiOcSIS9dpI=Pdvdru#qq-zkLOP{Dm#
z-Bn6bRnF%qsRlK6I^`MkKe?ObeN~mtS5Qb
ze-(>_qrWan5iq^H_)=-ZyY8TKd9oqxBL~}qMH>o~V0=G(&VSfM#4Gq9BfqK!FK&9l
zzRoXfpgD4zmGeRBpx^wVzSiO)Qu@8D!GN!L?RBEC!E!kTmmXPMY-&lqf4mh_>AYD+
zTE72vlJ$j$2XSnIfujKygUgfLDYVu2R0sj>U*BdCPCjnhxBJrcRx&UUjE)S78pg|6
z$*3HD;5=dl6VKLG9=cbS%>#IRve*tErFo}a;D+N#nXlh4)9`aAqe4;Sqqie6^wHuF
z%r$9iubp?izsJ>K?1cX&KdaMB5jpg$Pdyw^OL4RFuKo-VBp?{6?_+{S>A(N7LWgmq)=@7em3~U`g#8RQ~_`=D&X4^FHNz%Xn*>+3vCvgB%I>;Ckp@kuh8R!c`yo
z<3Wx7xJlOM2lDhhOKnwn9AYK=dJbL$mq;XTXrgcGM`ALJ!$e-$NyM@>WKOjtn#CKg
z37M!)Y)v=Hp!+haTh)7<8(ro7H)@PbuJ@f`ZyWhfgSc4sAh_!j=UP+}xBdC5nL{Sh
zf#oxJLt_~M>#&T5H}m{;6Li6UT!)@h&`;#U))(ip^#Q%laV&|vUB|g)IFF77YUp@*
zMSy}6GE*F}uHzn(iC15=AV}o!#axWb*I?xRWlx27Ye>d6m#l!Gpxm2sTcyLyWUIBL
zr|(mXvYrx9_V=*7;BIK-I;VS?*%}{TC!|&2N>FV6g=>H-f0Cxf4+jr-f@`gQj+t*t
za}#1y#Y7zi^rohx<102?9o)_1RVrfQPY(^qPSUk?f-x0PD*
zlglSTS7mDVx}&qTDuTY3Z9l`=V;roFX^>U?zi?iSUqz7~HExK+iMaOo^=2Nkk^lkIZUt3X`2(k2H~L
z{neY-##d4Ba;Ax|pG`9|AvA{~Heps56xi~QyIxWMQhE3ewx6bFb@~21x-JS&!eQpj
zXY3AWXbWnbhvqAJyuDQ$uQ2h#+7CLS;a+26Y4s=g^kJTz{z~*&g3z(u@k}WL1N^_M
zmf3Ta{%Sf%(t-N3EwKu%(bMqvU(IO6z#W@g1zIahRZ3bs4heHf%wp^#U#U_sCzp?x
zj$NhYrC+{$2@8mkGn?R0i$_5COM0%P35qda$FIk`jFyVU3&tfR=-C^5SvY&OyqqS{
z9F8{q2Z0WDM6S8fb!q_{tjadmrz&p(6&Ts;R}BA<#-tetuBT?#iQnxw0=%Iph0x_k
z^#>u`on3wOf`SCm$k4_ciWm?lTMA0PYi;|R7XNQF{ZC-2R{EgyF?#xy31Gh0+kE(H
z5D13F*u(#S!FM0?4gLKQBYrZh{S$?oSgNa$`Jq|2i0rPe0aP(L(Smt089Xno^5@~v#7;A0WkaXCBo7rxYBwQhl$Dom+O&U57H90-Pp;o=
zf}asOl`IQ^b7f87s&Fc5KcJ+-4I_$f@$I?)*18W?irGOuW=GNAfHy9`WL8Ksk63AA
zsq4R9*GaFnr)V=?#XjH!VC{O;u0Q!K#(_R;Xk_v&f|MO`*=#VTYPHa#i)3c0yMUn~
z&ROMS;u7>;@bm{6QXTA0+YGBiVdZoR3JMw+nk98O0hkMMlKKSYocdd%r8u|(NH&Zl
zub^MWSRZ;AAz2rvkI>?5He(tdWJZ7+kcQby&el%7&G4XNOI~%DK-WVwBB=05{BY^g
zvF!hwy#DKTGir+Xu0_^0d`?8AE&7W3)J#V#J~jJ)65RhBNmRIxc}<8!Gr91=eX6=s
zY>>(Tht#+tVLQi=fXf=&e+l6!B0CvxoP)nDw^qM25HDe6#kukuoWurv*&L>o_I@&d
zjlO4dQ!A~+pJ3=*-LBr0Tb&RUZgl*6oEJ%`FJ8w=pv3l|)t9a~Yb
z8C-5__#4K!N>iTOI+!W
zk6YY#d)%VRev>>ijB2fQ2#vwbKY8r_jVd<{x#kcqV8o>b&3gJXfuL@;x^-1?8ao
zc`h;A0bIN9s#YFDh#n&6^p73Zri@xG{?S_goq6JS{GCmoHEi3fr=dN8((&YaBPZIB
z>AJv7T%m!JS>&4}Ousox@QQ~OT_V}RE~T?N7c(34B$u3N`17B?KG^ce$dh9S2
z7r&Nh@c9ox#IIKj%*!EE*POaH{dkmfCNmw0vPurGp8l!(8#EPcYM#{~rYS=(o5*d&
zD#Rn?Oy%O{nHf`LZ~p;{BzE%Y(`QPG$`&mPFO3PyW2@33eS)V;Iwe|tz9v9%Y#;HP
zT<^GJo;pSdC?91lF{&(rRk5=_o=?QeF_47{3@P{#Hj|
z&z8urxqV1oz!4IJ=Dc2){oJwmibwf1G(KR?ZVwkO=}2n@h28xHWVz
zUR%?Te|aMRD6op>*`ft&v!V@msctYgN3sW%6jFs;p8oagY{;BO%UWX19HZ+~D{tyP&&adL5=
zt}gCD-`dsT#ih~u%KnyGeHXUw85X#Ld1d99dK2;yd%Oc|@bVtZthT($|GsrnZ!F!`
z5pemAZ5rxu-D?LlT;C*KaP3@f>Nhu^^D3&M4hRw2STMi-#?2isu+c(ER|*LovLhx5
zOw|Vxl&)-7vco)cGu);l9Ijpg?)658n%GH-5~jY28?RK{ei$EwcnbBeFad;1uD9wh
z4};6n%ppVlagDUXQFzqCOBkFQww%(48h3>|M#q~iYahOWlHAi&w*N3w>V+0DwuAYb
zW<4m2BS$M)+`uKn+}ICH4P+M!LqP#0pWb7k?(k9;MmJpx
zfn|t1ZfD|iUfc9DW?9J{mMCe~6@j&1#Js_-gh<5YezGv+8d*I*Gee#lYd+mQ0~o9A
z5OmT4?bKCCnyWf(&{4DV^9P$ddXu*VL})Y1`tSKD?d00R3IAs!K0fG+F|7hJUi?p0|35%Qy&WY(-^JC;Ck*c<
zpaOa^z`?0y$o2FEKIVXCWXpYPB3k;UU8^Efe)1WL<;J8l1l7s6*z&dMkiIA1B%YJ|
zsy{XGIln&Pt$;dDIIAB*PoVqBzECKY_d%%N8rQ~-?_lEj=S*xZ>jY!6{n|^fPp7r5
zQ+di`MyRi(Z9gTLHTTM6UE&Jh?(tE?j9EA!FZ8}Tr0p+Xn#K6~dT-P}!Q)7FCyQg5
z;+?^L?%|~a?u(Ni=rz#n(N(tKB^%t-BS`B
zhlYe&lk`0_#i13t?;|W=5*Xem&`FAoUF%+T03Z^nRplBL
zwT4b+Uq8*7-(lQVltFA!F4`AG{MUa!V@*QXwRWNi@re}Si7I>(;@302@L8#L_1wB8
zUQJ97LG&t%w{6K==y
zvN@-E-m3GU=lfLrQ{_p@?g(j~fq%m1l{&8Z0
zj+Tze5sAF^=0uH?;}LlKc9KgwK5Bbr2IV05!z-rT6!#XBZpNH_B*EVK)hXP0JqU{f
zYR%`7`hO#G{;7`!eDJ8LF{>JCoQ#k<-y63XnNf$1tHh2OCKKUbDt;st#)bQvp0;)N
zfBkJ_EBK{-t?e-t|APj>&4m>-9;f^5UtAhA4J`PoEOWA_%7fMFkNA+dMCV)bT{E;1n^rN{bo&|g2(ybvi!wowi3d5o2U;Z@
z3sOIA>k2FD{?2Z?*StOh$&Dhqcp*+|#FVujm7dvXacM&jOG-+5`{I6H;*2Ool$W{L
zrbL5f5@f#-i0urpFKls9R5B35$`vUZV1A!VsLS{1bgh>1CrN!flD3ztM&MS&z2ftJ
z(u>Oq(pZ}cHt4nF8vlAFDM}w8eLz(yGO^-}FNdcWyVIcgzvP;MG%tE5-#Boy&z~r#
zoQuv~4}(Xln)6M{>&h?ns}@o=gM0e!tgsUzd^pjh50zbZ}5F1I|i_=iS>kNN|UT
zq*z~#Hj}ha+b<5+n6V`fUmKan8NA>YfNRvuW=nR~iBuQp>uAn)d+O!oO-SZskFZws
zv^URHMrhJ~{TH*GQH(K_6i89~r}mB9BVYYzC;jV0ofHvcOPIO-?~5U!-HPIJ`0VT}
zkm9xvA08LKexQ!%p|t_h2oVamcMl2qV_?P-%zDBwpNpZ!$iaf42-T`rzd?G7uS42&
zH+L@Sg-3h@@|OTUuxDydBXz>O-;eHp%iImUn!Hnw!^FR-hPXDQoY%*Z9fP
zBQpI+QBU-hWj&UNx|KdTT7jP1Up$fCY_Cl1rx_IF3V+Zf*RNZb@YQp>BKJ8UriX=Q
zZr{^$B-y?ui(4cX^Q5NSokhw<@o)|LocIbxYswIoehtcdiP)-x-wW6*vv;kuvvaYW`?ZZD1!cZ*GVAf1}zgh#z
zs{RWgQNqDah^-7uHza~l{~goGoJjOBD}2jhMDB%I+|1?#+9o954f!mZGMOp6x1)1p
z5YL-E$q%=H-Mk*cMI^dnc%w~+)(&zry+s2H_04fX
z!SxdY=(eWgnZ>zXrD}E;{2UjdkG}A=gzs{hI^|b-&RH;AOi;(hro+C^=)UkXfv*ch(p9@l?
zKGOfpg{Abiz_*`(6S|+|T&=29(eln%$=aqgdSpR8qa6O&fJDmY52kUYKGea{=l2iu
zSv4GgBH@ZVSu-Ah+x>noYc?-HXe#oZ1_X_M=}d}XTJ5DvPS4-Bv#!fndmqlAhc9|&
z(5KCvg*5nDi6z?mYt&8=Mmx!z{xFGRuL88z2&K98QpAjm_OkWWdaeN2QTj{XHp+mf
z!-l!#_ihqQXh5jmX|$BVLRyD{m?am>nkMVH*wGwiL1bjof
zz-LEaQ^bS!1A$GK{Wg5>d|K=plbIcLlR<2dBj~;ieM#lnThUv1C~#W#32e>3!KpJ<
z>S%S$X$cj0mNF!sKh`zT{_3fL{(clkU!l?HMUfyG
zmtxdFDr}oN@IbZqZ8qj&!pS{VtXr#>lPn)>)mr}P(2IrHk|N*R0(H=e?W_@?^im~!
zDN$RN(&ar**Ja)2s?D(sE$o6&Xr-8qIbJ_$$gq-QOYG5_b;A
zeY^Z_(#|7$G5yP%ztasFd2&LcF*AC(h{#Dz5e?wfIV9ZY$x&&ZaF;OV?7DvQ%cIOg
z2W;#e>QT<$?n7;CYhXW
zEQ}Y0&Ta@kRh9Z{s_0)hSHTW8FRPJ8!~$N{u@9K9*VHYz_`m!OTOhIb+9BAQK6GaD
zTW~5g=mBWqOO%#5RB6)L0=i;6UHYA7#qtwCT3SZc)nU$(08v|ByGinKfA_Hwsb?&X
zONlNy%9~(-6?7~>`9J3mS#@>63{QN&5w<_+zJK|M`Iqu?ZDNizE-fuBxWvnK2~#P#
z(+0zMZ>RNbL{Ls%fpiAAKfS69NT;>Vk>M#bToRc-B!;1>mb0XOuF`8a1U&_xBo!4C
z8QWk<{Js{Zhj-y6OqE3>gkt$MCOP4KU+@(nDYQ2NCSNS~iQ)#S$aDh1uCedg*Bj#y
zzqtxUvKGw4;9o#C0RJkLmf~LESMOxO@YD(E)G$ux`wOAuZ=8W
zt`u5v5cehY^kW7!
z4%xr1=8jUSuO;HO>n%7TaE-_C&MsYn*!IiVglPBKc4ur#Eb(|t!eSf2&duhe2SWa0
zRlsqOEBI|s<=p$*$py3j%fXUoAFPjPL^k!gIX`@}
zYEy=3DT*D7Q`^pnbZl(q5(rreIm*V*?x0y8?5?)faPjbXCXZ@jL=!I|!x*)1kCHAd
zr!$s3Q8#M^=11N85Cox>qV^s>Oj{ZOtp;1uPnjZ694HhiD!dK0EP_d{Y!h)KcTa=*
z)rXdLzt|B!Ir7%7v@3HM8&kstge^z4mTWs>`g$v}qNlM-C9`;DZz*=xQ(E_MtZPCn
zO}3_7RxnX)__I=&QS&(K4*HdffCwQNc2w#iAEAuof#m}!5j@mN)KSRL^KX>Je;T6w
zY2dAko>01NfVY-84!m{J*PhO;t9cye5_qif^Jit5#L&9L&57CEO3czdrS_M~GBQRs
z$6h-Q1x60;Ru-pc*wTusCz-P#;Muf)dT8QVlR98wHa>8g7GTaP-B1Zl*DirVqoLZ=2^u0Z$<*6
zQJ%&uMf0{sw`E&yTIK9EI(o*Vvpa3K#An{WgX90bF!^S{G5_|G=I{&v^eX_AhrQSc
zd9&3?Kji^ATk1zzecouy%J?Pykr1cpP^EUYqdHECse8Eh#3Wrk@vGW?sY9w~T8<>5
zv_z!$Ojl0_jH2I~!(B%n{8?A@zbWDJ54b5I81ebdQGG?S6XfgEH#
z@Ik*r^)DS3Jq*XV+)Nw@C1`HWi-APMyGa%awSbu!S1Q@0p4CY8>CW2fWd8?CRS8&U
zUi7;K{_%(gNpL#cBfH&yIHMmiF5e`xsEp7J;Y-yHh*}=J9!HEuELSc(c%Wv}(J?0@
z31}G}pYC=8`5>=}2X3TlVnJDO7nTO1c=9Ffg?81=0JH=L`^Ip0~g1i*wWsy&soj{MGTO|DiCDKvaqxoG6e@Pz2(9}oUE+8xRiSQn86=>yOzI?RJD@NvwbOIXm=7mjyzG!*KV1!JKSgoPpmnz@5L=XLNFK>s*Ua|2iZcM*|+gC
ztpt(v&poMn0a4KiJ20WT?+dvUpq5Ik7G=Cw3VpcV
zR%LSWwA5`Wk1}76l>8FVm=^Cv%*oMO7%0LpbM%R?^0s&4L{sqiHuB@v?ZJ-*6-MSSD
zYFhYt6HY?azfv!Z&tvrQiC&jm8(Tn?#ohjjS}Wlc6qvcw)Z8%1qAkG%c;C@?B_y_k
zqH>fw6f|&oy75H{q&GWyI)i3c-c%0F8+q@!axk)IFG?II6j7tNup?IF#!B4OKsZ&{
zgZatVHbF&Q+v`#R_LR=&nX62PX{o}?x(##H+iY!o3$}_dLBsmR0g1XvG!|*y%ZU%3p|vG^vO0I((bUkD$2YOT
z8)gM_tF7T!uf%nab|;&Hp|5~U-%Fp_V;apRmhz0}Tm#egS6a%iK>o|UTowBY+-q1_
z|8^q`;_}Y!_m$RIT>aR+VZ+w64IC>c5w(%r5Gk-BDH*DB!e{c4&)ty0$4nY1xoMel
z>`+yme%^xOT7~suZ@y_}mWK?BkZ-NuNsQ-DC%l~;1tXYq9jfpObOdJUy&dh9=VoMQ
z2hX3zvGwp=$O2}SAJFp(&SUmhg8h>eQvJt45Pgyp2Ud3qwx)smnJGT@8sw-4NlCV5
zu(L8sRd*{QpI8awVRy@Ovs=PEg$Zevk1Bz3l1y#k6%a72Z!kT4Sh#o?j%ou+8Tbu(
zmgFU#zAHghoBs-0<4PiyPas7~1m4McVb(
z{l5La%N(<`#l;6cxxRj0#HEglz&-We40aCgkzuJtjIADSirDrPA>X6~R3^E@;cjkg
zFYNC$HSrLor9oG{5DJDPRYnO++aHb={1K(9Zef$$r)~DzMikX?&OK}D$mMER>
zZ)W(sWjmp&%to$gSa0{lwZ74%-(y1EO|n$n+H?6nn?B*MMUh%sT6(v!=7zQbi(_Z!
zdOAJGZPNWWiiWMsifg`%8LTNk_E60MS%tL?PRO_THuCM}gPRqD7Z^GjUJNmw7@r|f
zOvBb$##uQat?)9=+0MpeSqI!jQT3;QaY-+Xu1H%o~NCNH&_0VxyV+J*dAyGqyvZdSIog
zYK`M-&?6p-1zlq-wf{!o!Y`m=hgkgj&ixna2M#_;N=di$_WsUc-0OnUvbd^Icf~(7
zHa4K%)KmxpDQQ!4Wn%dfd*TL}4NR-*C;~^s`I96RGPmcYCZT$cd<2C;fl^Q!^=o{6
zh_Bj5P_g}ivUCU-A?O8FI(hv(nd_yKBItTyU*@VxDEnB99o!B-7q~ZlB)TIOiK6(Y-{kYy^|0eYz6eC~;||!bd+q!;ho<
zCow+2CdR+K&C~`PoX;l4zm-rNvbUV+p%Na)Q^9{M53Jz%rc>aI$PpXh$z)H+OF<<7
zYWUzzXtu%L<`#QP6_jBk6V=Hq~j
zHoxV^uaSHZ%~>G)ZI{p2+`lV($jZ!dQ5D=H{kNy>_(kxF4=dg}5P)u*&3<g}-BohB0e2vsQ5BN2ph(DWpr
zvM?FQVW5wnM`l$+bc&#k1x6Pb0PIrm3!q;X48DF?v1Vk`dD6e!Nh_`Jy`E9eR=xO#
zQM9v-;`8*!5fF->vO%0pA0OrPmQY;0wo^KCly@)RP+&ROGHG!YuN9>){Dt6(cw_0s
zvR7&WS$P9oso;XU5Jc3~JMdVT1+4FaXJ?;?eyvIEuoZk9jrGU&V=DEq03RR)(7;ia
zuiP%67vJ{LS++iJV+mwHV)?~?Pi}8=9y$crt*b;DJ7f+$W=pKrLO}w5vj@IBxZ>%4
zTtR&@
z5j6iPUjFph4;1^C_r37CdT`^Br)XkeY~msVREfPQV}Iv+wyt1qFgaHUr(jg%!J&M490t(Wpba%HXs0a)#4T7R{BRL={3>^Z}ARWU<
zjxfZxM}6LN-gADx_u={eP*GvezIUu^UF%xc{rsMq5*Y~{$(b`}$dsYCHO`zNWjk|*
zppS?E{ENVr%L@1d$4x`&)|uiSdhB0_ouPVeXU@nx!T!P-DlBn7bB6hh^6i@syp7i<
ziC+zwowRMDE~#>>iay{HdjEt-G$wu^w;Z)*lE}po)2?x=omEQsQufX4SiT2w)GBw0
z-doe&k$Ep-q4@s2<$=lcoP>m159%-wjk@O6lf2zj(kYs;Xl#O(Y27u<+)iK-!KZ{U
zE1xBhzV7E0%b0G)8hi$qi21a?nO=jr*^OMP@2Q>^F@72aeh`97LJ3uCzGK#T`cc5A
zCGbO-YX=Z|lsNbo6oMhH{u2)(ICgVKo_FJlRXpm>%#g!)w+L*O-S-Un2lHcle$L=RbpUy5E>dz!*8f9q~lW_eAjz
z@ep_dQnj}9*P_(#7bw2S9Z@@fM5i)d`Nr^gio4vQZR1{;Fu^H@{xyYW$V@VErq;3o
z^XQpKej;XA8u&b3)Kn`O3kLNd6fyRq`oi7f1_N{U)6Ew`HiT_k)2@{^L=TuY>Mim+t^fQ#SX3fPW>{Aac8kxQC1SgBi`M;4NjeMJ>I32BeRUcq%2A#t^!69X
zI4Rom?HUML%*}WtS^mMAP~j7?Z8Kw!kUUuDuzO;YJgm>w;nFShKTwghr$1U}aHPP`
zH&B3$ZN3)_DZd(TQll@baXYmAV5o9oJ_+g=SZ3pu6Nn!d`D*#eKez(_v1gN${tfss
zM_#IeqmwcNSN_35I$r>r&-Mv@9&#q+gqRX4=11~-vt))~q$GE`sh`~wc#Jsz*qrVk
z98O>G(8?$HXTbVtf-mQrC`XGT(Oquv-K0(34*v9
zc3V7=(p2-UMu?
z2r(BFZ+e0Ys`*bY=mlM{z_=!i21;i_I;f!45TTp%GpIWS92f5vPh`qz%b$M2KdAt`
z!M$30Kt$`okG%>r1gLCHsRvJ~PCLAyt}t(Ij~^GeIV>T3`c?f&N(o(5#m2)hTrCOM
zUCPlP=kZq*1tp~A6i**2A&y?G>9C}akZ|)*2SI~mgaxeB&*FTt-P>s(Te*q
z;<=m7`lZt!O%_gonXZXl01dPZvv|(N60<0w%fc?)J@(6MuV$#vslRTibn4Z^!GFyR
z#v^%m_c<6(Gm8fwjHk0PevbWBq13f86~S6prx!z~2Q+4SaKdMouT$gT$Eq;L;34p1
z%rFnYDICrm0uXY_$7HU<#+kLwb+B$v@h@Bl8z9ldm_-m*MF#M?vdlrsGvZj`vpFlj
z))C|V~!c3_wDT-Od*P7nO=eE<7~=zXx2qKZ*%
zdDIte>UyqE@4{)905A&>9O$W;LcxkA<9}y|(c4l=h{JCr7xT{cst8KVmcZ~%%_(6b
zV3Ki*`4U`!7w}T9VV~OBN$`5x#k*=I{>1a=(mkl8
za|P5wcge!ppP2G)R0+mZ{M2JI{{S#+Zj1*I#FXpaXo&ga_Ar__^T}Jp9K84YhbNUe
zKD(TLKeEcfNz_RcSp&TJBk2Qe=458qk8%kr5)iHy^IM1nSJ7*aPaEqY0|2kp>Ufu$
ziI^$#Ar}8Sht<0OI*0G%((~U26T|_`X0Pzc@5d2$;Lg)8kGYh7`m5di01%Y-myQ6;
zuAF_%02L!+y?9&gAkUgOtHs;_uY6S!_q>WH+iUD1o$^wC04!}CH=-CY%L&~6b8M+k
zVu)Ed(HLQwMjOH8d*$!Bz^9!SG@6yc{NgC5vEX;iNm&Fb*SriC_6O$;W?oeil9~v*
zejXBQ!O{2nLfPiVWT&6y?OPyLv0X~W1DJM;nJ#1=Ftl9dBioxtu3LB5z
z7dv4tKiT!+QR%(**0!ADr4g48px@<|Znd-OIFqMeq%$E90MHF2zX&JxS*RoP4T{w+
z@0(B$GMCG-wamX@@d4?K<@SS4v|@sJs|l|A>0>d@9Wc1`x!;2igqYW_wiksLicM$@
zA>ZCK&$Dgk$m4uZNT58&(tof$ac+-F%BppO0T
z>fV@@Yb!-*Q;sr8jD{k#wPK0cI2TGp$U$m(x?>Lc1TMSM%h>0XkgR;t+d{CygqW&Z
zKCF(hnxBWf`O9{FeOv+~cz<}lnI
z=J_(_dU$JM3gYUCt_#~Dh*`5K1WvwoUNal7yYv%JOQqVXO4miPylR0
ztO+HXjIt*fsZ>>msUo7s7o
z7sdXg3;DmE2730_ahQ4ad#i|7u0#UFdLsU6y;`!|i*YiidcCmjyr|l|X*ofKXclr>
zyHFtF-TAoFBMfASh8bqKi+XjDB^dGqpXEGsxT9VF>L{H35p!+%?wQq3!iL$9I{z4nU<&c$WKnm
zT!coAGbxCHEcleLJOKpDsPTe_X5b;6aAyf(tAxt6p?gl7bkHaZ%2B)cJzt2tyLcJ8A?zD^=~CjC
z?uT<%pRIp>#{)iT`;(@i#Gf7W_WS>UWez}}RpXaK!6!e1R^lQ+;Ef`k_9kKRyP2=g
zJc>5lyl~f8EZ?RXgOw_QqzH|QV7e=IYF!nA3!p_U_|BsUuwYEs1;c`~GiA}sLaJD^
zQK8g46;HHCf63->zAf|U8a>6sorXX%yba@jjLoJj;2PY1E(jPdcJ?J98q2Fu=78Oe#mZ@X?qIAFX(hd44eJr`xo#GVn9n2i?ZoBwktP6I4P
zig+^sEb~kd?kouVVE2DxG5O7L>p3tY+4dK|!DdGgGqYNZ;vlXKXJZ-{IYQQ~r`1cn
zN*@L2RVG;mo_?F&;er!g(9G_Nk5BoIKI9%ALZ4QTmkm?nO~huP^`(fuyHA^#`ffET
zTbmu_C@&>N$ozVt2(9UT?*9+u1)@qa`Zw`@LI+j*r4{27#A04fF`s?o*igSxh2GUacX#c^%K^CL{x%amA$`7OwQoY_ycyq@69UZ*Bv|BC}hghR@;6eccT12AiYdK!9q
zjV(ACB<8}LzSt;#LFKgG(dJI=B?r|*$W}#kB#d}Yaoo873EHwVyW60)=?ha6M&Gev
z)qk|sExiBRniCz14!ZvHJ0}azu~Nq(Ly!CF)8Di7Xt30bxF70q5JKqk)uu|=L_(g#fqZgKT
z_$ViP%DLRrvtp@3zipY4Al)7QmV;pM>DSMzM%Gv!n6~V&Tr|>|ODr(XXtvcxI=^f-
zUN5=Yv2bVM;}j=im@kMn(r&OiyBAY}_u70v;9D~yx^ib;2c5NB!HCA6mBXi4lI+fWHZ8YTdQg3m
zwk-Zbjn*F>`rKP&?#t2VVQ3aLLkPlRj_z=*wCwB9a0|Va8$rt
zKUJyDETOA4*P+iD-zXLNd<0Uy;rIDKC=c0ogw8n+H9oS-HgxypXi=J6yJkq{z^*lro*(M!zzg96CgjH!X8K8J?_`p
z=5cQy&L>SD=nf35rn*NfGvOkxKUA+%kV_X;JuvnRL)Iphj3>DBCwQ2OhnN?cOWVz=
zyw|d0(ivxk(YJ%b=g`I1e=E>26muD-8cXUdQIBH3i8^X1LwLkCJ|VotOJ%6llt
zkw3PxXJhp}m;Jznt1ki*AA7J`q}hqGwfs?S5Rw$6g}PyJfLQDvKpZ!a>Otx2|J%T-&RLh#gWD*}Bj
z&(7|KUg~jUke1oW3O}FAUtR#p@~DwTsqkYINUF7O+~QjMsclfL&q+P&aN?#tEaNk>
z=`|!bvf8fCE)ipp%fse0xs_z-b2IVU@g6U06ze!W?;J<(v$c-)sZdb4tJ9Et`m5mD
zEErx-#fNyq9nN|kvnmbVe6$qggG7l|`dl@osiZc6rP_8RI@~nvVIb>@O
zIX-{D+Y>9W*ey1u!}2s{7XqeHoS^m)uygW@f?c!O__4jUKS*eI*Kf=v5VH|#oQH}9
z%DUhF+vNvE>$K*iwqdaRu4gCk|A*dFLaXzGuc#`YbbM|Z9_YZTcAqOBSEfSBQ7Ls%
z+KL;(mZ5WHyi%}29Q(Kc2}kLdP9@cz}|oG?TSMN#FhDCh#;dcfI&
zIs^Vl92jB`2qcesv+93^HtngmN80)8!A1P)%%hVYsRZSd-L_Lwe|X4cSXan=dAU&S
zTB6;;q;koXn;efW>rp5&k1qSJTzU&`k|0hiJ)bLZ
zHx3X`o-WB=HxTEWn7hvSe}f75UuSlZ6j9NnV@oaAkc8h-$aVIwg5}!E#a&=`
z)2rVn)$2{}R{L@y=%9h$XZ_4~1}U!KgwZJ;n;oHqf;PHl>~eFVy~4doDWY}~8*|ZQ
zYv#vkhgnDYS|$8>nE^2t_j(F)=kx?BXayxdt#-7B&sU_$(brD0-WLeJFi}btIwZd|Vv+|CW
z4C3h2OkV$>%rOr(zM`f%{jqGJsb@oqJ87CzU2&hM1KA6-k9BAHe(sH+M|WWIZxjkx
z7Y^?f$Ib~!(WUchq<IB80-irr;$(GPYm5
zZGD=EZCoA%OKi^gNMB(L{-VSNrZZxb8N;Lh{M&mQZz*G56)B`l8j6s#xJ1{4x~K9w
z!xfdM^JTp<965>;HkD3ftZ+#Qx!k_-a8wg}=z)o2eGg#;_4DG{uXh&@?E6awmV-la
z-@0CeW{4cK)B2zs60@}mWNf`XzJ;oH;1G&=NIqUb>zwFw^-BA~8^nDY);8<*euQUK
zOIHk;tDyr29aA7P==V
zrX5$lST*hz6V7)ui9aXsniMN)kluKjry!r}nA(IOWMtrTh(=Mmztg5+azS@H<`wsu
zgr=kB1uD~Xgr=XJC|audnJ_k?#rkDFID}V8-#Re#ip$$_P7heCW7wz*x)EY-WZ#$0
zIv-}RQEem+N*qU%JDHfUXWAp=Rg;0ety@7O*`?v_F%2iJqOzA?QF|K7N)KFiVx7VIlLi{t^A(F;TW+Y%bL(9Np`sX3tV%fGfpPKV^YM(?wiBWKy
zf*}o*&oZ|J`ZX^@s5j6TaY9j>5B7(=E)+h!0M$|I%uw0`H;S2_#Qn)-ajBjkul
z2S__a$P)>r);vaQI)leI$_mp89xlbS5{7#O9SFab!)wvEfS*UnR?=-ZdYvQEFBgu!+za(80=0omzpbl2t1*795?dK%krdV}X460WH1#G_
z2lLxQ4~#e}Ebn>^
z+xdUXW`#gn+UCc8k37yG#5F>32+#5>R(O|4}zOajtPBQEMDSFul2fPRft
zNL*RO21yX9FOFerCC=oX`5|F3CaFS$nmEE~iO`UF=bja*y~)E8dc2TcIZ=&_!`>fI
zzFMn{Hdm8`iXQm2n`&Uv3b7DjI&?gM5%CYK(`d>jZi#
zPbl+uyI1(Jgwsb^(z33v`p05OSl1pQE<?aZT757KA_O>tROn4izVllm$ze8FgZb{XYxn0y`+{tyq|y6R-cH52xw-g-
z3zs;CDO|4oeCW_869~7?Htbvb^e$~$%BG$?eZGo26B`nlShn|`yHmN;4GLS9ET(Xfs(Jbidv=R1*n*e<{Vy1dpxa4
zM<7OAh~d$=04*MZ#Px)=*3~965JybPYXhb!Y|v3RJ#rai`+2a);8&)gS|H+qp(6UCY6yjPK+TLUpv7dSsM!)mk=7#IXdbeEts%8qNS54~EfzRoo
zvP&O%b9ZCf+GVTO+7CSJELQ8C5CR2>SFVfLO=-OCHMnr^;m{{}nm)e|nB%rLpJ$a+
ziu5s1mrcw4)d(NglXP*~r^#(_DTA?0XV+%qxvQ{=9oV^AevH_PzpeWFX;Zm<F_9}7mD56m14_l#n5x04ZB}LIc_x>LY^PL2Fn7~LbSO6XN5yGRr$-qBI$>N8CFKj
zgpBS#GWMA+`$jbEX+*JhDjU^x3JWx`V}?~pm+K!+>eue9YtrMrurhJ3l}?GH5j^fE
z+=vByplUKS!>p?SswnhRE2bDu#-=t;ax!23pAU<^7V7b4P3Kj-Ri5tbDP@5B
zPr`953!=*WS?5fA)HdLDrhP|iqclYm_I^!iZA>sL#>VOD-U6rI_={?ipEnynAZIvW
zhLtX%?sBu4X!=63Cd|!#!6GM8(O+r0L}Tam*YJq-6gs&~wA#H)hwB+VvVi^HfAh>Yv;8hyjQ&-)NC1V4
z)po~xQY9;zkctC>up>OgEU>=oY?-u)!{`wnEGyK7AKlnSoKtwe)q{FNmyPvAfE-}*
zGBfkhH0}Lu)fAXQj;r6jN!aX6J-h5s%8_&}yotRj*R>8ze4=u?hmHt+9)F(NTkGXz
zU;EVR&}Oqc6D@mWtf6T~fUE&Ju0)mmoi?7z>60xTi1o1QZ-r&F>>?lD)N!gX&`J7S
z_dX^7sl&Ig!shI^3N@LY;pKL*whpO%QoMsS@2?@RuWHtd1sq?HsPrkwG7^dRA5zGB
zPQZX1dxBnsf;fj;_v8vRYWIqd|GXgWc2|&nuk75m#lW>3g+AG*yg~69=~3nBbJ?86
zFj9f~FPm2F4un8>fh@^1yDGq|3h;OD~xl=$H6U`=K{
zURJxO<|jbYp#5e*tSdiA_bF2Q&7$|*vj_F4Qe?!O93|QLRFODHxy^zDnL){MmEdx@wwCWn
z{i4pwSaB^<`v~uQi)1Rkm{aXsV697EUoiJaGPbsZNa^Fgd$il@tkqGgB}=HO?Q0V6
zY=k?TrZ4&PTP(E5P4wq`T)|d0=51i#E}O!vRn4%V?0
zUG_Ic&->F7z$pluu-YNOwgVWlOHL+6+R~*zZ+$f+{)GOEh?cK45a-Q&oBlY>OeyeV
zPuL~48}2M@E*X=qWdQ&6`eMVhfIb(^j%0topC*Q)m3
zBX6L#Eacj0jmF3JD)LEeFF+lK8{RaCZ}Vcy2WYb+jsSz`3~=-0TY95BFt_7|cE9dp_LhmUPgzx#a*pX&)x_P_
zuN2utI2BlO?y`S$%+urbHPo5!O`3BD!qd8hTt2phm9Vp5cuuYKK?KK!aHaS~f_
zi-G_7CFt=V1@5|}-Dt7Vz{Zaw2l)cY{=&yp1M@TTGH%AM+E)D?WuC}l45O%iP+Jef
z>mhq&N`^x3{5Z%Z9Uliz)u!Vjw6A_Q^@E$uh;H?K(g|hkw&l-*y;FO;ly6iY6@zL;
zPdbhZ=q`)=TKjgd=}YZT8>Q%I^*jbT>NqndR3+2Ce%4%(Dl!g*Es|@yp+t`hRa$1J
zkOK073UhDaGB8ysbIx1>ekHCSa^vZL^w=u8-?^4q9pUunqFdFQ)otD_9azK4WjGUA
zgq`(7&3P!f|5c`-YTc9?YleYA#L8ZPv);k9Jc4k
z1o)=8KRGP#Fq-M}7N%xU-x!lO_RV?p=3yLU>rdG7s;b0-=1R{i_*d&5KU907_|_ME
zq#YHM5lCIXboOnf{J|}cdfc}{#8&!|+iI8A#LI!Gp3zZtAbNqX04?DFuoyeojV@tV<3PlQO?P?=0%Hf&BnLbxjzi{cG^Z0o0tBKC
z{C*fUJM6BgOwvdEoly^R3+q67X7?x#IFKlCJwf2XdXJ6_r14{maNm^eu)*w$nMyz;
zZvke_MZ)Ky8IC+`cCWTUR@nZMVmhW@UCzD|qpegKqs$b*sF5WYgNraZs=Nzd6Xsab&+z=@-(KCHy$WmpC)O?uYjEC6#p?EicqpoTYwwBWy
zbuoaj-yXobhdOIGMWTy}h7
zEI+3)+$=nH1p21UM=&u;dh@E~AH^IwLT4Vs9V
zXWpc2HH_tBTkf0Hy+p=0bv4g!lh|p{g#NZwv<9F5?P61lU*v#EgMf>5CA_{`9^sqG
zc86L(NOF;C#JuxIOiQb83kUZ6N85Qpt87EyYmd`a<)3@D+-4B>{PsK|M8(MB^c@SllJU)3G$Dbgi&%p00TcJb_8#
zua}-{H)HD7#}|g{8DXn_qv4O_8{0q%`#H!lR&z|W=BTgPp;b|3We-`5hlqe5sq~l{8Tn>gx&qLPgplwthp0me88WhYEbk@-hNaIBssRIdHSdb{c*T;#Ok0PW`%dA<<=PhmZTD`Z|bTzSZS^xaz*`Lzd|BXaSDN2DY*
zetRX;q;GtdxOBC!ZL{pcId9FahR7`PU%h<3dxeA=I`zx;r`-tIx`OIXn3GDYTq-8j
zIp&g)VzBT>_cm@-yQ4g+U4oFWfP7|QS6xq{GUc^&CRxz2vZ(D3@yu;#FeH~N4dbnM
zma?;0qp;LEmzIi;1B&|#zAL(fu_cX_HU46LVQT^5!ZT|N3gu3dl_Z)#mBMZWArDYE
zbxiyf8Jkdh&d;v3f#Tyyx0iyyak^j{q&$jAZo{V*5CD6$XUiKMzhUCxLLRm?Lb;x9
zTPLZKAnOtQ<&xM(5=|C$4m#7T^PfMbz6mHea=@S^w{d+AK8vd+P7f-z4%5|<4$0QpF6@95gau0?TQG8ZrU}0V7LEi0N&)wYMCc#u{fHh
zo?ZMYd$#`0Z6N$U_qJQ7#le5X0`3FWp4yyIiFJ%dSqz?We0Ouoc@If;a?mq-NpTNZ
zfEkwX9}h09ggySG9Wr%qiKLC~YnkK3Eu&VOG_76R-%0A5^<}T+_u>#!G6Fj(tkY#kCz3{N{jv(P9!i(@q|Tv?oQ+~NsCKDH%M#-`lv%Eh
zd@*FxO3c>Qd1X`d(5zLmfBL*YbfC~{Cp3^x=bwo=um&2<62x|TB4dq>q7p$Jkiy3a
z&?`~+(X~k-gKs@PduNk6b0mC9HMgOz5wQmzkK
zPwP9l9meZ@NqC})i$Dc!MbZc62I%UFTWM$sr$M$pQ7qjVpOd;QVVzeXu))2()KiI+
z^P5${(th`DF7zjlphsjFWk1<-t{n`*;Y}jV3+gAc>L0`EInF
z2aE7=Q$i6rIY?M3oIa7<46Tc3I=;0yAH>EKB&er-qHk?)F|?V>Ke>=l^Y*D|_|Oap
zGLlP6nSm@iM(+CUeibBaNtaHzk@`q0sXQlkv%$}*d%m+4Bkl6)4W(8ciIM2?^rn@o
zv|EUz#gO%Z0p!3U>_vh#c&aBIo5Ii2Y%6;L)K0lHCIjY5?X6Zdih`HvVGpfhY-%=46A)PMw0WAmX#ltB$J%-%{!5O7xMhVyZ5$4#D9OMC){--VM!1M&+o0g;GOl7K+N
zdU>p20Zlq`asS-2+st}-Ye5SVUzi4dOqT%ZOzx+PVFW=n+-$e?jLFf@@Xc@;_sPu?
zX-@RCXkX&`;#IWrUQz4b&WgXia2sZTXQhrQZf|hlv#Vu|nM3^nVXW%ouV$Qg6M80n
zQ|v>q9_jymT})Xii&on(xlC}YA(Ei!nQ1xnWTF!j|G9sw!jv>mE0_?P9yTJr_r7SN
zE@;YDInchZW+Nf})#h^26A*6Vehf$mfj&%*88O&|Z~JN=^^2Kzz=WjeEVlICzktGgQqvQZz+MbHhRF@ibDb|##bT90pQ)8|jI`441Kr}Bm_r}I&Ht$s?!KMHR
zlaJGu_joPMNu2`FSR{*?Y{T>EKskBVqTjU1NSLfC+_qru?$l?%Y#;NV?-VZw-ki|~
zJK@O9D`M5fx|nf+0_mZTR{lFtW<$;>T>Ymy1)GZH3OumGJF_G!{be3d18`r~ZgX6<
zDk7O!>mq$Q%m*Tsar*c-ZKILrpa99wAeC8X)zg%eKI@a`i9A+vT^Nu(db#HURAR(W
zm)`NcT?)37hE+}pWG<^i+qpWoClk({lZt*>|NU}+2bcONw>B~ry^jUcNZO|;%K|6c
zIIZt~ct!KC1`SF(95PM}L6XeLILm~6ojMO!s!D$}M9ArP`5xS&->o<2FZV?FJp0Po
zZ0G%{v_6^O1(LcvrS*#9aB!IuyG35GTWN5m(+7!f#_mjG4GC$jUx>|crA7qbdWe4I
znJE5UMXPk?W%KK`)(H7Ft|RZo)N`apmy2?`Q|Z20A6qZ%$}N7j=b^hqf6>m;fOe<#ClqhoY6j^?
z1o)?}o!wp<+v{BarZ=!E`mQf8pCI-x`mr|4^y1vGUV%w3FpzX~c0BI!(k&Qvwcggo
znWg|B*eU+#!fHmN^BelFmB~fh`Ba_rs}a5u+OxY99g?!Xq2$=Qx<<6Db5g@A%)6F+
zs(O4S=$`latxq{5hJj|y~$
zNaPp&mc>dT=oiRVwL?(n=;XMB_QZ~)=bB5HwTD^#i;pKpM-lE0L9dV=wh3Rkg`46l
zD-RNnIzT9o=vih1WVd5e4@il_kSqdr(Prwxg`k~cbCWs4&+b^^bEI$(eK+T3w=ri;
znT$MA665=L3TW7+4)D|iW46IOwKC-P1h3N_w6T@WG8Qm7aFm{2mU@`)zA-#F>~P52
zi#YNkt3ZCU?d+D@Qz-)vuTDt)K!TfLA
zf&zc*HY=CfYA4*EnKRes{#0LaJ0^)~(R7SaClASyko3;P6)YOS8Q4cRqOt-^vD^U8{
zRF92XpWJBPSih>a;;W0*LEH1M2&#cNDJU_8wS=xosPdloQ%$>NN4F@oC%BeXR#Ko{
z;=fR2qfsy{OZ7qAX^gAJ!h}1sJL91{8Q^&y=gFY(oiE{7HMu#(2`-_wQTL`~&R9g(
zu++X0c&SsaV>pnORzU{!2
z%}EFKu>B)+IE*4O3Zx5Qww0kM)baaDJ;aI|j#T5J?POwQ1TY`gh>_{I$SbMBjVozlhL<
zo6PZ)LPOCPXDvrr|Kg{?5DSu@Ve#VpK`q`k9}!<3XjQX;#sdJv9T_)Mw(E3uB5
zdR(yo$Y^M!CdGvf^bb)*htB@gu^4tP3EJK(JIJVUx`sDZM|hIoU(6_vFKK0&t73f8
z{Ne+s&1Xi}I5ZPJ%T1iqGcK#@JaB{U46q?pW0-Di(3SDY_E}R}K
z8^md;mH#73(b-3H3_Wd(+iTnulfV{gZ7R<7G9B%0^CWL+XEX>ca>wy?P{17$=tMQ}
z4pM*zxc)=5p-XopsG8vQ(qrBZ6;OVP9=bBRht`(hn9HPqf2;aJC=&CKLY7;vv6uK=
zRI!$um0FMq!CqC#>%x{r+U+DszJ&t}=o+{4MyD|%8FF1bi*asCiA5nB)&{-&Rx27h5Cb71=Q=(w~91HU5bzk^bYA4xC8!^=pLm
z-#%^QL}0r%ESG|~6s{D>-L?Q7Sqe4k+7kktVq5jA634302`9z-
zT8rJuSEFS_zP3LaP|EZRO!}`DD
z_ThWxz4CEqA+5ML)GW})nxvLK0e$Rsa4OKXTXTFrfwVjT?~`L|!!cDzqtzyv#JEvT
zaUS3J>(?d6wc_4sQWf64(^4`Kx_&7clPmPI{?qv?mD)Be5u$$Yzo&Th@Rm4?N)AX7jPu@;W?{W;yHnADQ`
z+p@=|^I~!Yt>j^)RGFa?7Z1--uCq+>3y=a??#wk%Vs#mbC;NA$D!HNnxj0)EX8AAq&
zbYTq@bqtC@|3dBGUwyyT>>z4>tKG%L!Tw*3(#$PqC&J=nwBiQqp(?&f_;M2C;-Ejo
z{`GC_YvmxfL9LUIPK%-x^xDTv9DaY5s`pfh*G&^-Ek^}cF$5{dk5i7Jy{iv3d?ez1
zSREY7d!Z#Oa+z9OQhIm@+loCn9I;{)b)CG>rfT$lZ&XFY+cy#L1h?`r1q_MIcAGr2
z51?5KfNq6mcul4G*Dl5y-{1aV_LJ2W85zpARI(Z}KRr^Mxb5ritkpQwt&ld*So6{c
z*%;i>JS7pxZFp5ivf5MlO{L`PNPj`Q`%kZz`LgOit?^pQF+$44_h>HpbMjHh3B_ku
zo4p1-&}S#{tB|+|$&oM*yM;7SPwLeey?1=ZvxV~-1;mX#jJXEu87~3|
zrm8Bbt*mib@TnnPGrF6K4h7za8BeaG|BRi_-Ur)Ijv5@jQfa^5$WQ&RmlnPIi0k+f
zxR=#NOCs)x){@8(od<7qszN0VUIiVY*c{c%a7ZuZE5%{2KUfV3@J5roTdvnqgA`1}
zacl}~o2P`&k}if_q#J&LXvt>}7j|Mhngfk>R)(OxELJJ9!!V{8wmv!kmt(cT3ix3K
zNAp*tB~2;~3h@vCulNO;jziX~&{Ne)0bbwjgv@7#&Mz$kEs|5vpwV}RP{q9rG@%X)
zA6L4Uf$*^Oj1Y(yKaUHYu%?XADT6<f0+EvU5uz#{_(r-&4v-#N2dsOs(
zvaEi{{1BYF<2{2u9deW#Ru~6lhF?YIet$3HxZis}mQ^4AYaSs+<$r^?dnoSK}J9-==P*{-ZQL@`}1)&IG2AFaG`kwS6PNkUzR=OXylxY21PY|HkW*E7R@&`UBS76)@)mGfwQ%{7HXViS~
zu6X&u&Q$l|opdFX=ln$hsD2}XqF3%3`G*7C{jKd<;1LEGa}zj#jVcNY?@lHE%$IiW
zEjnKy0)!VqTIV%EY-fccf42JzOJ<+7M0hTSxQJfv!9%Qg7jU%TU%NKEHlL)`DKFvp
z^t!%>FJSq=`!%VxJbVwhv?lqnrJY?y-*lglm;PG{SnGt((ZWR59H>@ih}YO9y$m>Z
z@j1-SE=JEv&6Fl8wa4YOMI0OU|7Wq}nHA3C_Dz4O^?x_D3FDA)*twB#+I==xMzL_O
z9FE9zo6ptI{M)bC4I)LXIfn^|)nBjz9dLJdGbdu&yU=qO!
zhOn^lVB{9owlcmgpm$V*ZJ@zgQyXByDu6O3rt93xpBVQnjoJFp2++C4+9!AtAje++0h<;7QY?
z>2lZNd%w$-2PMjb!ZzCkNjX$?dttF=7RyfO1sXg3t3SKUiY!75tfz`6_J*Xr4$8LO1eYoF6sK81x42P_5J?y&3yCBJhRAh
z-{)NC%HI{ogqjwoP=XTr88Tb)pCD3Rz)^-99NuQaF|A5@zpyhv@78}zUK6%
z`cCnkGsF!M*efRWwv`$1=a)O(Z$BeH(GP0lTHm)|z*~OUO|{d@aw|?>H8)?Sb)RIp
z*$3)X>!MaBzJlaBsz0ZWdZud*_lqUb{O)DmNZ*$fS3zdKaV2WcldiY0vdFDdvuLd{
zp(x+7OF?l_xWGiddAl>Mx0WKxJYOYaFu*HhI3+pI7`Z+aaH_0w(*m}Wv*)6?YJ{IN
zbGaiML;zv$PVlcvxk_N7!rEoXLFhQ
zVTcihb8%dMfq&e$)bv_mW%;3~!5qK!DE3W-&a6%Ov;|dN8ClunoQd_pk5CykThOkv
z@P6NBFa51X1*nkn0I;P;(fg{El~PdR)f{{8^sehbrQri}?@vgmaul0+&lXdvTBg=p
zrs&gX2mzRz`W|O?&-`&XC-r&9dC%4tQM+0?oLdoSHv1_vm=btxq0zAm)DkC8qRI+5
zhc8RbJKg7*^1PjQA`FzH&5Yka|DHF~(Q5sb$NC&TD<>OU1Q<%219{(D&r4)lnuF^^9{+xW@>su;!mnrBT{|nN<(f6T&
zZum7E1C}ALam~0i`)bDaJqj#Tntt8EYp|64x
z8Dhx2@AqwA-RR!*WL>l%)%2|!1Z52w`$8JYgHk1KtirXQn%(^#;?d4jfYDgfPph<`=q}uKMOG6k2&s;g4Aip}-`U+XHS)v;If&kE5Sm@vz_*C$hT1T;b0e
zRs1107e5uYzLqZcp>!3?xHf1}wVac+JX3iEpWdC7dfTg6dsU-y;*w7AT8u|^RVk-+
z&p_LnRoAv@OR42WU$abWe%lWaF#8K=-2XAi1{6kJJuHm+O~)#Ih%eH)170Bdadg9*
zAEa*ggS)SQH9dt~Jq<6vHFP5>+#tfcT=j)7c4YZ>cF@WVRmNcFF(XD_jlpD9(l`i|
z&GvD@G1YPWd|(?Sc4w~6;I3J^md|$m*xC?1EA%Jja=>dhu)}caC7%f24+G8Rr1Teo
z&#X$ah)*XfG`pNN1VcBAo@Kz<63uo4}9s8%vv^NR(rLZIpp#=
zBDiY*k>+{Qv`K!(0K
zTJFQA(npso#saytt_LQn48?z-1!EEJ!O{q&)OyVxn~9a@f=-CsMQ@CGtHhA>drbU#
zpp^$i0gm%Z@w5UQ8Z@q81}JlHsSsTD8p#oU^A{~3n0Vc);tTOk|F|sVaaYAs9oT
zgN9+%X!waWyJ8XySe#mi^q@1(CyV(dEIX$60TPKsgSn0_sDET8p0b^1s
z*f$CxFA6ca0KWIX{8e_`MQ
z4^uVe62~nUyHeI?f74AuV<=JG&+^(JtdUrEFWLBWdf6S
zBD>1Klo(?jQOm!xT1Q;?Iq8II=*XgSH<+M&^d(gdA0?=V9tUu?%1E4_fI-Miz}cdT
z7!U{30dxAzuc}CQK3A9M=4(}-(x!I>l@p-}gFK1+G&*DvZ#|nYMpWN1QwFmN!Axh_
z7PT~5$$*#Ue;vZ_A7PI#eB**{PNZnfyC(h|F|H);3iL`wuUrZxrirF7Z&@4%vkelc
z-vEJlikcdK7_(**tGoguV{ntgy0VkZ7WwXK<)@QuH&I*1-od4{R5i*Bw(2MZqoBb#
zFn(PzOg!49)kogk-?ae8_I~jD^Ow4J+i;lmMLt1mcD3{taB0!OB$(M5LYd%qS%?x`
zI>gFre&BZG_;}N}4jVJd9*lRc6%5x=(qPeI7C5h!&w?*GGFt&Nj2CT9GPHFviWhpx
zu{ROmr}}n0-{F-Y^lf;|-zM(2z)G=UWIh7}Y<4fJhF+YZ>R~^&QdMyp4K7p?1l|gL
zs48HhljsY9>gb<~6*~cYc;N%EZ+rPN&`fgXNbSZ$;N+p8-7G85r%$?LnwoL@46~xY>g%^}A9vpl
zzpVm&&n82MOL_ANks`tQxeGba?w%$7e4DKo>W+rw_!95+-E#eP#V&`9
zpP8PjEkm+`{n+th#y`kCILsT9yt4EyRHqic$I}E+Sa^2+flU7BBGjh_##dL2=7MGg
zC!bkWAYNZRrcUpx((s#>&+4?*&Mi$vQuG!*f1Ov+
zj~>r&#Ix+0|D4@k^%=95s3(%QOzH`_L{=X(_bF=%nsp5j$H1qzywT%CC_^yN2PT*}
z7G{9yEW{TV0q*fei$0uU_Jqv`J>Qxa^ULO`k8F^FJ=!4}z8?i^OsQC$2jt((ToS5{
z!fm-AVRN@KL#|S^XC$<6zJ6t_xZ$5O&_4wDq;Nr%WnR+pO6Aot3!FO6AsX^D?v{Q=
zrpA{9h?7RY^hT96ZwrP|7aRsSu~scc{$M$3m3c)8FFZ4f`QB
zZ`v82nD@F47l&4IDOp+Y*y66y4Ks&RM0KnE&}I+3^7I>Z1Oz(yyaxlE<<((X8qF8e
z?BO>>RzAorCehlyMP9EEIq4eXuuKNwU$37c3#=qPTz8d2-mrm^3+2)Y2wzTSz@Tt8*ggVQ0S2A+f39X{
zZvS-6w(BJ6Y<)=vFtH9c15p$8_A#jOfankY^&{aJX2PdBX=d}araIIB-#;8#bq4b>
zT+AU53obVDH4O}Zx`p9=5-Ag+aZMpj9XiCUDMV+PGHON|E7A4Tk2~I?T`9-;o-<_y
z7TnifLvj1`gE@oj?{i+~C~~BmT6PR@X7@#
zf(mBVt3E#B*fOBU{0!@3cs0=v{PFY=X2O2af;6nw)$T6x%c7%z*~z
zBL`yh)1sRKjUE5&4kz}6;pm6EdFPLlC0Yvj6Ly@yJlP3r0+ff1O$p4ogtuoAbB@)2
zF6kgkbk$%mqT(*sDSlM;@v$ArnS?<`&Fcn~Uz6fvcnPi7S~v^Rekx}ED3tqDXHqFV
z{V&(<5iNvN;6`u;+O+Q$W(bqO!*vN7frpV9V9Gx+2@b#>4UItDLN3fW7gf;LNNw=E
zP-*#bLpAr{m08N*E#39&Gt_vthNBM{myOqN#cIl?fFAWfyFC60MuYqC3~iUSfF=ta
zA6_d58#+rwYoqo)?+^A)p@|L39U(L!klbYrpm~D{sy}+g=WE-)M_jdRRKua25df+c
zZ;j{!)p6<_XD=Tl77lIf>}@7Ahv6yYb%3hqI#2LbhdM=ZuL^R8I4Fr(!DuDPkvTu8(5-Ju=xhpZEZ
zMl*x#jK}E@gX0m(aFoQ00N8~~Gy!$N#|0b-8ciT3GMzTnz05IpnZ9kb=-&N!?Kcl;
z9q{hmPjz?gLob2l{a5}CSE{;4D!@!H4<~;cVW&!U{GAwB8CM`oC8O(7G$o_XH^C#W
zF%V`za&tR=u@n)-Z4@$Yb_S#jJ=~-aNIQ0vdYp
zXAwX>kko01DBXF)#m#vdjZ#V~Rk}--I-8otvRp<
zK*CpEn4EOzd*pArz*T96c?we&Yaa|4b)
z*vAQbx#%p3cBfs+$qN#N^PUde$At|i!3P1tk!r`MveM@U8HhDOs$HA|{s4?gn#8^h
z@@Z+AfYS(&z03k?64#%ErVJ&ru}>ow3_OPeBmWd5AEzytNoVL-wSU{!k4rKB#<$0>w9Tw3
z0+v!vkFIDkxb!|A3`(~;R9fqHjE_Sbz1-XX6r-WpdK@f{VU8f3D>*Uk)&c^HUo?TU
zaZJ$!T)`+x8da;OU>nVTmmIa>mf8JUVlGnax#{;tbk8j;WMaN)VLIccuWg
z5#CON&v1Od0C2g0Q;bIs*ae@S=ME_9B1UnF$eG82AsNPWYC&Ps5&iyf-k^-6BMZ5k
zWNIisBSvcp#iM2~3Jm=~kGvU_y4U=oM20|)i2G}7X9V=oiaT?#d8x2F_5{tED|D}*%Rvq500C>AG~
zEO0$|u|I*?i3G?$E+BOg17FIrY?U^tCP^<)RoSc2{~RVs=!rRBN^AMwY!*(1572>1
zxg*~W^aAl|(Bx6()C3+ye*wpZMl(?Ez!bU?(DQpasy}V|B-VM}?00|z11=>p=i+9k
z02kvwgB+%-KyKs0;SAFFt>11RCo~vlngm(vJd14lYS(+E!m#vn@>_p9bq5Z4nx44z
z+p0jN--dyaFcBZM4^(D~k;Lp7Gg2_%d%or%gpnZ?a2_I10P~3cBHzJ}Iafo9Xg*H8
ze;oQ?Y+Qix_;;djK@fD7MMkwry6^&RC>uV2u^jv2h%m4)F9fK7U1#aC>wS%S>Y%;9
z0eqb+D@qX4k?)h2CZn`ew^G#XwQm}ZPL|zE``0YS9U{9f%96XaPJ0~H9)FAN;TD3$
zP{JLY45s!*+QjBv^?^VzL(kG#et!%6*m(=-;jIS2<8bO+EFg?tJBiGsh(eMoRpR1KG>oV{aB^1f&8F
zNCjIzH>k^py~4Qzw30s)M|eN*Z*B>&21cvD65q|`27b;9?0FHhFyKBmx}RV{cU_L{
z9p{-3V!rOVU>4rj-oLM?8Lsp}>E_uR*HOw&gA@z?;CrM1D22lkuR06rex!bx-4v8Y
zj)#+V5_MlM4X&-Gym3D)?#<)SO!w`$<3;Mn&uc@nN|!WdzOIZCjl&?L*oRJy-@PkK
z_-*tY^uo(uo)lwZBCnh>am6D15bUFgiDc0NdZ=7G7jX?03fJ8Ix$0H`*9{UZAffvRcJYxV(>F+GvX@gXw0@}|55eK4$
zM=S>K05A}w1XarJ`Wbj$f^V1TF3oYiKgKGA#279Ep_iR>NFvL7&`@?
z614@m98FJ(y00|YwNF3~NE9$WhG*`Z6u#G2dpDFgyYvciu6Gn*J~Lu=w~rqd+RKpI
zA;WJWq%l!{s;5x8hb!CXfNa>+)4JeBmDqLNx4?(uitz!HaAd;KB1c7Ou_ibvJ~1be(@MY0VdP^a=#8Q9;aTzjjQx&rn8q!i`8u^?@g_8DmBTb#C<{IC
zEsH2l!;I>6nNQz70aL<_7DkT|U-&=sck*Q#KJwb}e%P=9X#Ch4jw-g1)yA^_cn16!u~$j*UTi
z_Q#(7X9t9rF&!m?pSzEPyHx-DtARDFG4Q1jCD-61)X8XXQ;s_V=j9H}42N#U{vvCQ
z^s3Cf5X#A#3vb}ct^yAGO=6c{-ZJ09++DJNz0Lz{>-11K5t=N(?C^?b;1oj^F`wxR
z@m-j&^u2&U>&!GsK@`M5$PP1dVhpEYg3O@yFqS>
zCg)i9)v6A}s&>}05p^Y=KFkb{Ze|m>VD9zb6Ng@VX~uYY=hi+)xx)Vrtst{F#UR@|
z3Ya8*`!9v7i^1w5%@ATWupSu(a+)F7udjt*L#&Kma4yh?gVfHzUBkn<
z<3OXiY59v820tIVIw9CL%x=NoegjDcpXyp1UZ{Zi`DhRO{UerkRe?}$*3kQrQUlxS
zzX7)Mm+a;MzjNvSP;RBwxI3(U@els`8t9F#_E!?jFN(yO1Uxu%i@277FPXdjirwSO
zhyQF}`X#nLsaTW2R%tV@NYS{Sh7P#6bWzieEOhQqEboG=AmJtek_~XfU*eC#L%eGtV{grOqZYX5k_RcA4QOwoZT^RCQc
zB7jHCy#3f~Q41h6Ld6^b&N3XND2ayV69B-<&7mC>OB#}V01dX^J#gv05p%XEXRbRw
zv)C|j%Q$(cLsi^+{W=b<_R_e(zvwxP@HrLA3qTBVC!L9H%!cDBeIWe-EWbQ~I}TAs
zn8>@UTX)&O#b3%*GC)~n96HG>GJ?Rr+1&dEc0K9i2Iz0OGMps~O;t#FtsDS>s_0!72LtQrurf$d
zffhjH&XZw$stdI@RsY8(s;n@x20{xeBq+OLGUcZK3V?86K9*6Vzd*)E@wX8mL;r0n
z7i3X1q^h35jLNBQBST%Kfug91M^^%Wlr9F(nQxRmK}EOa(H0H_SqDK^OJ5kVp;rGX
z&y~;xaN-@gNDy3E;%V@P=-62vDyLF<{}FbEAPNHGHFTZ%$FqJd28?}+y`l;_y7*Yx
zVCD6=LcJx8rZ2MPIw+QDv%U*12fm|HH4QWR(xH^=EZ3m6PC@^7GF}Z+_-2dTk
z@JXeLH{@6RSM?W>0FOyX*&0*+4-1Hr1|p2E`8v0GaN=LSE}@5%z*qG>IB~W5J3{o5_29-b
zc7E}A@L+q;!hgOJ6D?RecE*6as+2LaV54utuS;8mn56PR(N)_Cj3F$YlgLBKKYI+S
z2CrCReRbj=>lL)~g!y3QqqO@k&3GL}A3NE0
zkduE0ro>x4vwVf~Kj?GifIbv}KK7Y^-A9Kbb%4HcfN=8Uk5NO^DaC;(y3v*MpSBm+
zh@VRza4lD4$oD?qYLs2!#Fw(;+ROBbUhz`cOxS&wd`
zZ4Zr40sx`etG`6@_TM-;5c+0IkQse?J5Cx3%TYjL(`uE{0ZTh=S#=*^D8_*Q)GBnF
z{t2A>KsK=Qg>s#xQJbwcZ3g(=F$3h&b09FIk8aWQ%<@Zkf?xV10!r*+Jvg2cM*ABe
zki|p*jUWE$`X+cL2^vccJZ6TpWE
zw8d&Ksr_Xp33XtznPl+z2t&5C0Tfg{e#_s8XNaKSiVtu@aOh&E1)0#L>bRPPy}$G!
z(}rG}GgqjzC!nPZ(yvSDaMz^9zcA-N$MQ5P*_(hW&xty#iQ8D-AXT;=-A~x$lp0qDjO0
zl}~vyeyDwkRZSO*G`zuRYBq(rmagvmz1@Z)*c=O&cQWK$Z7Y`gVe<9KS{*EVkrv2J
z5NB^|t?r3z{ls&%=~wCbV4v4!Xfx$eP`1A1(BcV6`xCn_vMAAo#KAf2@!RCn!C=9B
zbumM*L_V-Y6U6zyeTQRQL{s`lG~*W*x`%3$Z|~Lzom(iL5_H`z_;jKO(bw6OV;VPf
zYt5AUgSV%6y2jVydrcntLBSwRpx^kzo9zXgYN{Qvb!&>b;%YHGLFY
zo|;IXdlA8`t7S9aJ~(qh*9|{%GjaD~Zw87iSeKFwy&&UL
zI<;CdFvQI+?A^IT508p66@5^b+
z5EH^lw%8uHJhv{|C&~~)LGG@06wx*?d~m(%kODujRD2`AF4br!fpiX6GFak0Jv?!A
zFzom`35kAt%6HQbYGPnPVT_8%irJI7F8YNOqV~6&vedOLI;GASNpI(s)b2%6dk?at
zsAjS;ugQTbD=EIa7c3
zp7eBqaUX#I^k?*S8@ouAbgeHb6CN>dy@Z?>B0Rk*LfS5-OPBYWN+mxd@^Dolpb}(5
ztj&hSo%EmG<5kG!KtAoDzmgQL*z6B&P4M)t%SNnyoqC#rtekE?BO{MkpO2aoa;_KH
zPop*MydfMuCfU)84I7>3f7|O@H^DER(>3&?6agH~4tZq|VjLbCVR2OxuP5-QP}&g|
zn~S;v?Ei;9MPq?th{Lp5JnSUG#y}llObNg$o!pyXrwU!>;NCM^6)tL^K!oiQtK@kx{
z9uv-bCAr39_2-6|oS(1s4X}vX^jai#<#<|Z-WVY&YK{|(VC;z1VfLm(7I=#e4{DEg
zm{Knl?+w)|);Wy4`?{m3PC7#(*U7b#shb^YN;O40Rv*D$ShFf>1E2Tw>zzG}-4r-5yeAGtwi(>GeZn5)})=ZXik5#KF5`E>?rEUgzjf5rqg
zMo-x{^<@jQ;x}ih&u*S!*vU6WoON9z(kxhWuPzxzL^i(s`e4^hCdx8vv2?Jb=x3O<
zkaORJ9M$e)9Xp$6H+i?5G;{Aiw;EcCU9y5IJH;&aKWLqEn^5>MNZjSJQP<)Q
zBsIo*=qX}$;^JxrUPE)5!#lRv6}OypVPOWb!30E|NcQHYywTd*PaH#AF?(cPA%!!#
z=cPCzBXNJTx6jzG$^bumj=5mqlJgJ%M_@_qJ*eQ41J_0Mgm>M(`}@miKEMHU+&vC%scz9T&IEYq`FHq3aV{>jI&N^jk{wX>F$+tM6U-EA5R
zVKF14FIlxqboVDR=Abht6))jlMJR}5+n;4P)^{rJOf_6&MXX*Mx7v2A$S=<+
zGON{Be9-U##{Ir|PC=h~W95U6+wK6oz|%B`qr%aLO4#1-Cg1(I+Ja7wgexTa-`;kY
zJAMjUCy{RU_ahQ=G3d2k-Wk~yt}u0ascTv+M;XhJt(a)(xam~%&|Wu(GSS|{A5TPo
zvn95*^b7WvPRa~i@+#Z5f})%_zqVE3WK6cFT{IQaUpJ4DaqwG?4Zuxg>fB2TnuR%esN=n1`MXxw-
z&X#%ZOwo{WORlOyycI&vJ=ue6OuWb#f#)#&xt%YnuE(^47=NeKFVTB@{-Qu$%@h?G
z73DPrHScZTrQN~Z9tB-HPh7fez4bRb&eg&-64x(;*_px4)cjPd$%`>^0up#g=_O;b=Q|BTi-a`sVHn3U?*f%{1G&q3sJ&3B2A<
zgAxV%G&q}09MbB$Aj`F~72!=T=b+qeG=RV=3_yBsXVCrJQw?7E};6
z`-^RADX)qvy4)+aRajIrlxC^*#mXmv=q}A)?!zv4%rQ>paUwM}*I#*;=DTQIV>Ns2@H8Ne&V>ZmKheGb+d
zLn8d5qCQt?y(a
z>go#^{1TQDFgJh?N`&Fn+mo
z{|Z~8wSHBS@K|JobjwW_#_7C%d2ZiHB~2x3ai+N6E*@ZowZp70aK+o>2PZ
zQ90u~aKx^Z>U3=VxN0f-vt5?k<}2ICif^oFR9l+LTIwDg3-0tCaq4Y-p94wX`ZtAA
z@^EJgNrxBG$qpR+BFmQyoaTOR56(0r+2gaFwYM$rnb!L-;vu9LhN78M7}Xqvx^!t=
zTk&4VCJNd9oP2%Dvi3wty1e~BiYKN^j0zl*o8I$NJuwtvGp}Lfj!)lZ>*~8yaw@G>
zDwsUN~
zMBPp|`~(Ut=Qz_vp?w{zh<%&Tz^saahdb4&oYE+h2&j4rZrZ4SwMb;KIHxv=oi*-J
zx2$?rL_3w|^M(EO##*RaJWpV|W25!CucrDQ*84XL8tHS5)C@`Vx{z7%F}es$p(Yp5
z*sngdz->xAWiyLEm2T@D(iy+N`;IMc>6xR|P%oppK4S!3$WGO_3FFov*ERNh%e4hj
zw$L+U^(6zjve_TG_w$I>7V>!(vsU*X*HQXEpy}zOJWILxvW&~Hbho96viGZGTg@eR
zxjcYxe{;y5mwm6{ACnp>0;*r9T1=K7YEr2os
zNDGAyMNhIL&AbKUoOW3&m;yJgQM$cEW_yjpDC$#1aX6l*DX#}>b5}{j_eV4V_yiDVC
z+*MgeCiZXg>q$KKuHSPA3*TC9BXQ`D9MLFp*7AB~%8zVrb`eq+rCRzLD-or)szl;a
z4WR1Gm0ZS@q4f!=Mm#}MeSMEx7h`U2J-s^M>uJAsJ%tWtR7AXIqunUH&r(V
zXHKqKbg(Il<=|l(ev-|uWJhVN3T5C8ZCY0|Dp2OEI@EfDI((lp1RPk`@2@qE(#!$3
ze}e`pREdWXp9|c6Ai(SU;>xXK{=Km30&RO#UUqC;d*
z0$25sJfhq?nMxVRyTWzL2Kxn66KOxmlLNQ
z`KJ=JZ9x+jrCoSy1Uw(uY8dg?>1irkeuHB$m}Y6E-AvZJjg^2t4}&y&qZ
z9Cq}IhG9S(HCN>4p&Um~Tw9F$yIxOSk>yi_vcut>VTk5ttDN_(@Rl=fVphwK~-#Nz>z~e)|@PuhmfTbvfDekzxH0
z7O(0*%D)&5M202bzHg}1k~l4?7-NKk^(I7^(k%PGIfSs)?X*_tO%Pa*y)l2_At*)zoD9fP!h%S|OJ2Cq;Onv0%=I^G
zyR7PIGyl5SpBk8?UaK-qqVXaP_*VdwMZrMvCMkHRi+w>HQ
zk?VSeEtOlU8|+?<#6;d3jOAR%_v(DepXaT`U@Q|=xZj`LWe~I9Bf4+!NHoby(gV=1
zd{6EOc4VU+29qFsBLIxn7=
zs2XKUTuyJ=A<#DWeStiL!?s!1YQHH8l-xi&?DA5+cWR;t+PX4ygKE_yloEGzr#F)s)5-kEy
z>6C-I7@F8Np67U46+N&cjD~nMoyp1MILkC`K|dAZu{_Gmd@nosZo@A>WHP5%R%jK@
zJHy{wxlSK))5`AUP2n4jBW|Ypy*)U!6&vkh%XKH8#QT@yf-9~&owkMd9?5ykcy1G~
z5B6#fQmlmEGgupVN;}rcL3uM$i9Y%HjuTziUb)|UUOCF3^J$RW2iCorH%8*m&7Q)3
zx(TXn?Vmxx
zZs4O1`n7FszN`F{$b)@3gxmhoP%MFOykO>DQ;BUM|Y5AnF$CXu_B=hB~5G}ko%RY>Qk
zadBXH0SAVCed;U>jBYT=3Re(5-MikJ^(|dAVOpiWf;y^Obp1MokdS`I)_qOB38%zq
z4jbhgm`H5i{!N3@GMRQD0G-#K5fQ)#?eE24{x7LF#to6*Ui=>-{r*IM
zlw@KIQ*Nb8g-s}YPAIgS3)%S?PLe!Rpk5lk_sdhOaRL2BPRoAuJY%1{`Pp*E7o&zk
z3^|GX-n)1pl%_ics~Mj|P9i0P$7RM&SqGH^OjB1c;bz;OL%oUo*bH`CS!dEf1f|ef
z)20NbIZoTVR&%wAaf`hl`Qm_Ne#=fl{B(Q;ENM#Pp2j?x#zqqd@EFVM3uo#C9!kNR
z*k|`VwYw~h#vh*-AAcegQnvhtKiMe|?^*eXlKi)d^Y5;{E@#%HKPK#Tt^aoiH@7wrSs{=8h|`JYE0t
ziLLaQ3{epLx`&{}j`s2>-o^N@KS8EfxiZV+8mAb5B)JpxOQD%>*Cs7@JV0nz7arB-
zX@csnxvc9_dt%dQbNZ^g$am#WOWzB{N^TrQF{Kai)XqiLa+OSd~0v0@ss@zlpEM<0^GpzJ^y=qVU{;+
zo(O})VmL4r@~-Tc{)eeZ#ePI4Ma45k>1wpWTH^{Petq*SlA3$TYt$D!u#8;J4*Kw#
z_8GW>!c(HFU7-jC$bxtvs%V14d3kp#P+*NKA92lb)bjO!A!RKJntjy3`TPY{S&C$+
zq_)n(tbY48C#r>(f_nRpcN8h(bxB&kS%I-u@gfyzt6!i?oAPhf8jS>Yy6*Pm&Z%!s
z_fZ>d2M^7zSaiun>dwSB&lf|ufT1U5j{>-I0cZNhWrbAhx8HkK-+Gm60W8%P{K-P#
zhNYBNr3-(4-jd7Zq8pycNu2=MBuz9|w-$~axshpMOeQkwmD2pKj9-5qWL%bFI=jm6
zrM->QRrDH4WM2{0Hq@A+!>?^h_*vFhdjDF;Ecqy>Ps@q&Q&XN~1KVdK)=Ah_jnl5x
z4po)v2l5UACM&(ytmVlo9m^olcJ)|`(sz;eRnv{H
z=om2bB0#|M`>Z*_F8rB`e<1V{xjYV
zT>6q`6o5SC8&|z9VqHV`+c`dg(FQtRe^&tyBY@NoWk#b{dK?1nzgc%5r}z~7SF$o9
zdZMmH2V}OcyY3a3i+6rAn3AXLLq;2(1QBb=^5^yQcg%m+0=$2^CJ--_AMxVdb7tc8t4#-gqUq(&G9BloO}&{ccWUUw?8-s%tITAT4&2@s3yRTi3b?f
z$Tq-kchbZe_kjydCTd;C)}S-x$k+AcI@?}*)%NHP1GC;bleDC+u9ENPZ7-c4&T~H=
z_0v+#u!?ODu_w#868I&0nw!3f&8_g?5-GjRBf4>CesVv2mv!z_=0I`a<@wu-`kc`W
z?6JJ;^DQCX*#iv)>8>9aSLLu*WTANaDz%hz=~wyWB-E{F%H|X?{ydOeS<(TG(l!97i4LA
zHv1OfN@?Lb8w-A~4SS1k4DEC30(-w*uN}~664qF`1M(4D;w<5ujEzl}bO0PHY?nu6
zgXhb)=e$4!FAI_vD3NX%b{fz!y)&BOzP4+4j%mL_RB}%cs=}hiWSgC=H}?`M0lk06
z0@|-4B)cECD%w--l8DL-QITe;Z=X#RQjy#_ap^bnptcka7%q4j?=7n9q3SN`;_s9H
zHoG_*tc1Yhs&p!jUEm0z2y)Uq`P)PtBGEL(KyZC$kQS&%-vQK;3{PzQAN4shAl|#{
zYJCY5#(}^1{l92X&yt&(<$E8{8CC^6gVW=+ZO4B9=bHzgKEDPI!>=ZoW8cC;-4lA)
zmP;7$9(*NWIZxpDYtSEa7i2I5ShAnLMqlndR93yiNeOicEMYWwO4ZK8zbXQb^blCB
z#wAp=En;k{U$VSe5uzo(6UaLzOMKGXI;IL2WJu
zcQVu&y$K$3WL+Q5{TJs({W)0-FD7$p9~k2Bkd|7rPp+pgjguHv=?9;M!%>
zL3{^+ECrP*s?PO~HbnbWB?Fe5=@=UadX0~*IUo)kN?lJL59)wa06*OtGrD&C3+OqL
z`?tYr<#c%b(F-SUbASzvezrpK;A2Vfm4|UX=^xL~!{>>DXAplt}J1Z*heVjfCK5mJG#e783tL3kf+139$LoO78(p4CAfP#>
zX9zO^LEo&7zXw%&gmx(Gh7|@X*)Kf~!KJBfig!>3PXT<6ts6F#V3n*r#)kICji^7~
zTziiW{c^nkRA1@GJ}3{t0Iwwoc;SCO;0%~OdDmY4unT?I-^UM*%dm}6qk^_h8Z6WS
z`+S8Te-9dZZy*miu(M2E;fc?g?zN`8{bgg7_gY;dnfE&cm6I$eQzXw+tQb>{A8v9u
z9WtL3U(?<%h6t(@aWjj$;Wc3`{0LcL!Gqo}f>QzLIvksOl&Lu&Ct)C1&V!{+0U*p8
z%D@QFXGe&ADfZ#KHTo!IY060(7dArbZFmqF8YshNI+e
zb{PZyXhmP?#)i?ul(Dg%w_Q~!W24A>YtJP`S3>|ICh;&ZU}*pp`>5_AHc1e-vjLo&
z-d7l8e?ItFCn{tTC4Wtk5h%_50fj@e^2c5wn!@=V^D2j5u-+pJil(MfV
z@(GU~?iSTYjm6K%Fy+F*7>wmhMmttHIx+
z$KO+x`C7k9y9jiPTi*D)O$yXGnw_Py?cEYZ)v!^%w#nofU6$oI%OMk@
zmZwGI3Xp7aZh&ZfE!20Z-)UBp8jl*f@$~s&#g?$tGZ;IVg?%v60!7^e{ar;31ZL0d
z8VPD;IbdZM^$C)%4BrA2iOH%f<36Bz4qJ%3S;|h1L&4-imah_&t&$8q4|SWK@HuFP
z(Zq7sWyOYvg{7fTr(*h-OM6$RHotMDEClc5Dg$4Y+Df^yixwR~!=X{S57t2cZsZnN
z6zGZqaI6!ximwkRW(r@wni08fsAuQ{0+c?5u;DzMj+A2(Aht>5IYwR|$PHk119x0E
zID3kxNK!RvrT0`*BEwmT7S@S&*0#OeYlj(_SLsu?%-1F!(1SVO<(81rGGUjT?}dg)
zxst^p{BptZu^yxCrh#S2rbLi9d0LX;;D{
z`k`9MkML9<0q{9?MeqF?3`I;=ZAmF$poBc-Nn_T3`4pxYE=i-sU*+$JA^$4GhYjQ0
zVF|fuxpx6bBGw2YWnV$0J*{7{u*yu+dT(|4d`(2=%X&OT0w&^-scU4*YyIMDt|+LK
zYR0ALCcjM@K<5JyBl}Ex{iYFoCZ)C>kw1@h!VUgBmkgmbnxkCsCE~o
zIE-g>Ej;FBrPkxYP4YcCwt{o+;_2huu0KboPv4LQhRwO8DybW@2Ut
zNBODC^kqW!Z~J?bef!`C^^}I695wU2-n6Ypu&Rc1vU7xxB)Vy!lKLqlWgu(Ey_C65
zZ|VNM(p=iIe5sVx7*yIoQ3=_vwiS8V$qQY+>pvIGbs3H))_nE>3+(cb;G)>!2y*e!
z#^@V#eO*a$+R#Yvm;cod2DOYgqS;@p+pL67Agt3(BQxN6)2H(CKECe42A#`gV^KSZ)tNrG3_3NV6hak~BdxvLb}gWxS_P#ej>OJe#-+R8Yy<8iqJ#p&GbIq-YYz4VPSn
z=5<{y0NyR-IfrLCeJ`kK1|^E{2F;7&-khYeY8jyfMQi+CogX$_VtD99L
z%QiF}CC>0Bw`v%?^s
z>Xl)p;VdEONaqtu+M|gM&6o$xrX$}_(>?y4CqhqxqfX=cnf2aiYD@OzCl=l7nd%9V
zARoWOAwmip?UE2-*>!i~%w0bzmKY_?Gu|Vr_$wh?7f0MRKtJTQpSSCPU%gjs1+?!N
z#mf#QXn};fps?i^2vjcth(bg7mF9|R$IcOy
z$TAK>AFDw`5;y2-Ivfme`OtsZU<@f=VcmQ%p{{W5OIMlnPm;f&j8{gei71FuQVZn;
zd2(*w?ccolP#JNWTnbeWJqv*5RF$0Dp_wG?y7XN`s~?tJ_Y#~G9CUiz6CG+zaz}{>#KHogt
z(18QK0pju=QBD&SN4!IA{h+jZ7G*%k>28t6{MsZ8j(afkVfF?n3v!nIYk(Zi1}EV(
z1nSSK^|d?5<@qPKp+QxK@%5+~Ds#jlnNFbiS4D6F`hWv4e-<2hoFeRiBDUOAD5ctfDpEZdRPz2{I)%3AnFDtM
z@JzUpL0ejjf+Cnf{U0V7V;}oAnUu5obLXZGf>Kxz$QBhjl}nf?kbW=3n%iy$5Gbcy%Bp0T1a4;%{Rk+M&VR{5vl)RR4pH!M>(9;O0kxCzu5w`V%}>9psEhO=td
zWPSlfFJr9=~g8LPj-(4zmB
zlZCO5_36A6)sluj8NYF)8AM$YRVZXQ<*pF#zndxuhmEQaK2$$N;NHX3rA;I7|55hU
zVO6!wyGn?Hl!!{FAgv(X-JrmxJ74MU5EW3AE@|lwLAnH#4rys6r8bgVV#9eB>i5ET
z;`*I`ytasYtuP%U6~BpsM<3q41UOZ`Zz3X>D51hRMr)*vPM#?OxP_
zbEH5;n?Yct+bgpB4mIIq55bO?U!f&g3M+&Asbi)XqPp;#p9sUVjj0kmZorQrz;MSmtE5
zPf(?45j${v*@?cJuqeT!-mU$}1zT)$I*!Fc-#uh&eH%gF8575es8)}O<~lQKi2sqT
ze&uXNETmL;XZfbszWUJF+@M2cnRxuS(C~zv`9Cp1Fu~UkmLG<0Li>3BJ3aaac3-1*
zPM~YleZTdlUFuEL0D;9F;if-SgK1lzBIp$ZNv*>CQM{;
zg&t_PDIYC2)U40#n2j7Wv`y6uB+?E)`97pw42a6CojM;m&c9*+IF7q9nM1EQ8+yg7
zYp-M+POe1gy{3Ij`m17qjMrXV{ZDR|D6-#IvJjSRK&1L3vghdH5E@{u`$V?42F38)B;j|7GUbxDfLQ6@1=H@8g57yC(PC;huT|
z|Bn~T-uJ|Sx6yZNbi24+zuyRYb-!UX&!2nhn=~Sn@fy(dn$nlRJiXR6#S6v%2XDLr
z?OEsDrkkK3GCvv?>-`|*4>}7V>Y5)Or^=c?4^TxtSoA!w6v!MrF9-MuP;4On5JhPu1
zCdtgjmOk%6M?`JEP;~;f=^T28~dvg5C;RkOL0nD(+8L03YU=NiY
zl2`2C7-B@|$qyKog(hVjTvj9E51ZKUBS6CLGpZFa?Iq0I;J=h~^DM{ozklr?sJ9y(
zOlf-iZTvzPBQp&iT%@d};Q%f@coflsQ!~T2RQo*Clu~Og{-BxOQTjCJ&0rvIjX?^r
zd+OFsXH<>^YIXS%n**b8ENW-5s57=B+uH}~`LH76J4n!cqU*AQl%ii;$XqR(pA1kb
zwkD#N{@s8e1@(6!-`vjht|@D?n9u2rz(~Ebu}caFX~#CNpZ|+=zEuNQjx1YX83Zr*
zL76d=dGbLT4t1RzzQX>-v;#KnAGj*s4wvH${9VQcB0Jx<8Z}UH%
z+Mz^TrL{8Sp5d1eI$m(f=y+lh)CtI=yo3!FvlQ&B6;;8c3lMo1n}mB(cUa3
zo`Go%Ox^6S
z`c}d?xq_u-*_2*7EDjCgJzk+Z-C&SH^-i<1hlRcon41+kT_di;OT#N$R=E+*i^ZPI
zC#MX8#TBRJ5Zld8mm&Z+K)FNo;I(UI@F2x9%AIcNetenzjm>L4=U9&KGJ$f)GqyYF
zqXPy-2_8OjWYlOb`1Ev*ZEkL^@hJcrou^qzPZm9
zapk9Av~4MYsKXVss0OU$3H!t$w6k~iH?+so{kMta+hG~;`IDq+K&j%t0Lr(SvXhA+
zw$+Rc9*Y7`++77xk$?Es4H9wp0U{9TDsA+Z6HwAvegKZ--3n>poI^dVkw?3L6lCd5
zy5_&Ij_NnTFYQ<6?egA@FLP6mefxc*O0Dy=$r`A00FVu$77H5psz*ISNIGWQ!{kTz
z{Z4x2&>~-(SwPKVz#5+Y@fXJ?Lq8FIA+Ub>yrc1(0Kx6sh!1Q8&}ib%pmfAK)4|Ab
zj7@EI)dNhb^uimDgQn>kG@I(Fws!JL@Azm5nJR`B7^MB8m5!r&+yG;Tf+1Gu|3w`EaC!A1txuLL`?6o@_bH8MckT+#Omf!`*sg+qU
zurP`-s!&-y9#^@i!x(cn?PYMfifk7lw=9(zgWMGLT7`jpEc@x0$3rIzkCb=|^Arm>
zbLx)gUQ6;$(sB}lm*eDgD|uFzuAs@g-TsDrBT|%j8u{{Qi^Nhr&MdWl<)j=Fsou1e
z^6mAPm93?>77NXlRdp0AT!zsKNhkjM%QMNKxKHKd+&*3F6Q`@fRHw2tlX_crD|*M}
zC?B&A;YvZf(yalif-*<36M~qT=6+5y6D8)aFgveUzBw?P{mTWI&u(OExYF=#L=t9j
zV!TvcN=jXm+aLa5dwU^%0x$o@UWyAA4Utma{;Xer2Nr=v$5Z@ymv$9|$4*wx;wYWV
z^O?2bm7(n)Lu_4Z974NmlkZ%y;{~5Yf7syrLZ+Q^KRwmi>l^&t{NRNNpe;}gmqMc9
zarFhh#Qq-5+n!fqA5j3raf`C;7v5(~K8b*c5kGV7Tv5~62iNElACGQ2nU4jfpEz;C
zh_qlbe-~Ul6-3DwE6a~ww?vEFa4^46-;hzbT!7m7D(|K{ET}v*IDe_$XNU
zOAK2)ZdnfCyN*0x#-tPj_l%E1x3hQ)EyCvjEI8TmH{QU9%Ia_Ln`1l@U5FN|QRrtI
zq%7MExk{Iq?dG1Dkg{^Wtx6XJcEv$p^kKW_S7|vGOnQd0uP3t+vSTd{%UpS=z
z_p}GsY7Y7FUsJR2bU{_ap2qXn)vtIG`;?Nc}P?IVrMJ5cVxXsRg_h{aRnS?fFapxyYOUl01lJI1KOMDdBmDO&Gad;=N;YN0jSX
zXY(Tufjsav?aTY^CU{!P+6~!=e^kEi(vkj^JB1zD>B0Ntv1q2T6%spn!^Yn#@F@n=
z2dXDn=`Iv1AJ75I-^TS~;^!)^ss8>V}-;g5mtATrWLm
zcPfcWfFh8EnukCInO&hqp&$Ur0(-(vg9~DgF22jLKI`cIb(fs=;{0I2a(N7
z_Y&w*m8oGpU~)BhxeuV1yVO|5c>WPf4S)tA+omqqCp?)e;8LBX-F#Nge971+1%ZXW
zoFi>HW={wsGRDQQ%kULKm*Dm#nvfl{;&*fvO1lzKR4hcn#AsBX@*0!A9V8}T&TNvv
z(wWkPD?kE!Ql$l^^8EWAH6chsPO4do>CR%tsc;}+>4
za==%SvAbnm
z1&1li^1sxu&zlZ2QDaPo-hXC|7WF)B+r0&xlhBYNX7w*r3;~YuDGKT85;#}z+SWXD
z!QLoZ4F1akzX!QK-2+cn#BC;VUZ(%&JHac}0ivF6;T7=Z5nZ_UB&g!PBXiZ+B~3iU
z;}h?KZ(=dJ?uGZPo4
zk!Yp9=dXPg5?{5W?m09B3M;-r+!xV)@$@S|s!U0SWyG!D?XSyzDYDR#1qnCrVPdLq
ziMSe`7Sgivt`$&Zq18Rz3UWnEjI~u?f!OC@PNSk74cTwwU#b8e#4P$cn3wnO>y(8K
zYA09H;`y4?B@`}*Epm-3ClFH361L`rBtC~J?pSarr0uw`QcqeW-)jcLy7rUtrG7Ul
ze3Su1EQ<@r0q?3Zcqn&U-T&g8euIvQsFFk(^iXV&s&HN*j3QWg6}|vQ8d;xSrhIAL
z^nMKo=%hR|OaTl!Xee(<{%tw!!F??;|ErA9r|%Gfpg*MG_iy~i)Ye1R?BEsU%fcrA
z?`Y!^ruUi`c>Kg@4|cE7PP$!!9>U6e;Zec20>kaCA!@%=#{{C8SRu4X8zZwvzuyfC
zIG{^U|L0d*d1cR+EG}VMI=)ge<)}iJNfsMJMBl3)iH8K1{1aE%)hO`t6~zL+uq07#
z|N6kZu@`IJAi@Kz;A>=iIt6%EYvc*XABI6QkTwRvoWprN5fK3gpPl}qoJBrjf-|Ik
zPs-ssP(qU+V$%#`$6uqm@f?trJJG+iPR=5u2{`mDW~3{))oaM^Z_4kQ^59Q!3G^tQ
z;9`FM0^&*ua2H=Z;&?wn(oc#(-vY>wze
zu~fn3xFaKVb#L!@Q&s8lsU(=NMadhPyr}*AY5s;%=Zj~Tz}@oxr?=yelBz?lPi!Fj
zLCZDjFy-z@Z~$!*9vfqmScZofIvQ{IQ5Oe_IR2`W!{ha?)2wEHGv@Rd7PWC^V*;X@
zNzarb65>#lZSbu9XIuvK;{qUGox7bp{~iYLNyHHfgPM`_FG;5ruhDdH4TA&s3eH?Z
zg3=5W3WIxl<8k3TaTUx(b{{Ij2u0OJnfCko{We&@sP#qAd{jJ>Y9tiiL{eOeJ;#Os
zgY+QsSYjyF`B)5?P65c(d~vwS`BLG2-$XAK4e$@+6D)=wu7V3DV$i;{o?#^S3f%Iv
z^?=N?Knm&78T$us69{bH2P0ni+zb`n7`{J_&Rv-XWnlzRyIMh#X$4u@p?W$tBo~D&604VxlyJ3;~ub
z^lkX%-$(5#U_Ur^nCkw`fPP=`ALy=@DX;sv1W@tiT(uz}j?qAfs+flD#4|2=uDzZ0gR79215AVEe6BXWL#d5Jsb+BpjwE&?7s
zqdFcfBIBh^Yf;O!vR55vVNl@8eOeS>@Q?kGcoIvUMpBf+jK45KQzDS3^4;YZcTI-_52wU0V8IuD90Zk5+jt@4h$n7=IYTbxe4W9{+7(Xh$C=+TTisgEW5Ai+bO1&
zeOmiR1JcL2WJ2{bmx6Z$?%TvK?CphV_Mfr=YK9NWz;t=Cb@J8sD=fzt9b99f3w?p=pRqNaPzxWp)|mkS`L#;f!DrAh#6
z=(yWk1153*Yo%!e!4*MMrZTW|?jNs8hh!GFT0jbllWS94h~RP^~F4od;HK!LG_0(bGun2r1Xe8UPViVH&0g=fRj
zC@sJNUVg*xcHX*xU6!RB;r0AZP1fVJdd0QrkvBX1ib>W|{Z3*kNVsHYocbad303d9
z+3rY6_a*Vt5KX#v^i6wZ9p5#}>It~pGJ(d_TG4(gL}gh74Ym=eagxv4Ud)vFE@sp#
zujhPk?d9>dPGB_SV_lW*7>6*`%|4~=-r&>^!eM0lnY-SliXXl175HG_JlWy1zc0_q
zsHehOlj|%qlfwPdti1Gn&3PUO+LbtR5b)MIs5HgzUn>E%F|mQS}k_v
zsiaSQ0~*4NO!NEO_iI8%#^ZeixiRm8P;MmIO#e*$ub_}5!YvNWF8epcc$$o&jvi^z
z6VE2zt}qIQA*5B7fqK&cJCYwUOz~t^g)Wqsk|4*A5*Zj4Ln9q#6_%`#`?M$VBzU;#
zWc6vc+Pt#wGR=YOh<1rDSY%E-8XFh1|KK`3uE&$IdStVA$r^hl-2PN6#6k3Zx-X(B
z+mq1abT7hJ*o`l_Y_2`ktT}RVyV=5^Gf<8%!m_SX5FI(b2uF*cK~wnB-FszR
zAXfQ42<*fj#>H6sFBqefMXKDh|BNQ|3;!3|C}XO!nqi_jv*FU7E?cw$WxVR|2ufrZ
zsIT;F68||%@>In5swN>s3efZL{?UE;vD#Hv{Rx$6q4>2SXYpnXT#HT`q*T|s@(@aB
zk=WbmV6BHyt*-Yhj+Q_uQ5HenjF$tl~frwe(i
zgGHzJ;tywX0)1?s=t{FA$iiV(T>tpIVWdTnaH&f*EeTsR_^;`E#oVf9g_XHa#d|1e
zZmx6YtEx682oCI$4_p}EObx<%(rhD;^)fmKUL#wMi@#QOz#L)dn6&Akq$C`V(%Ib7
zvC3K1n%R>y75cWZ3X|H+PFG^MBwtacI}*fFSLrdnRv4BnPvWNF6DqiJ0yZ-8rlI4R
z`dx#POHuAvvkU6Cf#QlDSyJp7KU@d5jORsQvB<2AtKF}$Ub&%NVXEP^xraZvw4bey
z3_bM`%jdGBNf~(q`~2-ng_TU_9K-h7lJH%d70eQ=QD08^d|2_fJr0=5ubt1co=EGH
zbThbcLCtD_V}Y7N%)oQcgAIQ>O0C{J&lpUVJa694DEct#1E)HJpPt7*8wVRqtfrCB
zfGD%|#LXHC)$glqE+sM40a%@bn|{06O$AZoB4ye-pNC&B&avN?TRM4O<~^d_gxTX)
z_)86QL72O^M}S_Qa(qATn(g@m#sJKC_S<@X-sC$TZJ^%Hjc1vEszr<*N(>!HgIX8%d4>+=sDrce1l6y%@yA_q(z
zct|h5BFidq5N=#}F00)!Zta8~$^W4dR$FOzcTC?WU^YvqYBREqAK|3&P(5vNqd+*$
zsjqW>#LaEVm%+u11JSQ`)w2_$Ex
z%W~iP^u$XF(5K!D4BEXoYFE`KrNynPqxrFI^0~(?9iTt9Waqb2ybJ~*173V@V8k`*
zpsR_r)8Zhylv9dyG8$oz0_%u!`Phw2kwZ6`U#@!*0&K>@?A@3{KO=BcMV@9Rf7ZSA
zfY^`APV(Z6=8vi$Lq*E+pB}I5KA5mkN6XpFkXt^251t(Fxe3cXk4>(a
z<+ieK@P6QwR5u$s9j~&#x&#*%9&F4~AmtQs+fgr>yf-%G+;sFF%%GvJdRR7#$CL*@-p^|r@@o|9US1xpmG_J1u!|VYd7PZEJ+l5vH1*DV<0XDD23xc$
z6z81#m5>Cs?rM*DO9xtn_$9@;Vk$JSvzdO2_nON}C#WjwJd9iDFEAK+=Q!IWW+wmR
z1jLvTa79e%4^o6m*~Vqu-`fUmuOxV?gL&wr1MlaJ|6~jxFeJT2a{K(@zJy{dO{oQA
zC+Elv(?O&Y_nI9QD{S;X*=(Wu$H2TcqN-hx2~p95
zqg9X!%Xf;i?)sW72-gyva63i_Y28COll?e({}_xet&r>~dKC9!V8Ten
zY(aP#CR2g>gFWK|n{jEl72iHNqg{ir^3je*0A_UoO@U=|qayN06x+~Z>%r@aAnyW}
zwG|zr;%T>U;phP5$UMDHXI6;y=
zb(_Ni@hs$Y)erJmllIeCvA9teVRJgrk3Y;{qhx8@b@*$Rerl{Bf3T#1vwb76;>nXQ
z;>1|yo>6N4n}SFCUV_g0&CgV}pGCj3O25znrU_AsGP6`SPsdN(iejjE2&q+z%q@ke
z-dH<2rBC$|%B7V4DAgo)Mf*}lW^s^*Nw_Nf5a2lr{-r3)=#yex*&lpdN*w%fxQ
zxV3TW1s+~n73RLsa>NZmvFcw-?6{r373(1SP-&s^Fiuf<+dF^*r=WSX!
zaZD!h`(2&jyw&qeDf0ZOqzpHKH0}#VeyFwCRaRnAc7pCK`Ku_5;ZsI~<0WyyAHa4s
zTo)cvaq0$)G5SjINUg6Lny(b7Qs}SDRLcwte~MghHqBt{{GE*eOmZz`V7BdNl5(@bskR=a#og9BJzu97-3zFe>C0E@;+&?8|krm(y5n4OP(
z`0T-Q73e%Y1g@79?f2(Dr;Jj-U-LR`0b5BgEIZpvluUb;F-*uiYz2L(+bdKp?=5ku
z9~jeqnWn8fcgwD(UBhVAmP}i=f{`#&?bV#hyN@;Sb~t=knaj+2=wzKlM!&%}L)U2t
z32zkk-l`nVRUfyX8L_LE9<@2v^U`GtuXpO#uPL;Z2QxLRz24{$k430gP2Dq-kBc^z
zd@Tc?vS@ncxPlOt?az^_I~pgGsqE_6rFwTEUy{%R1{-f%WF(^K>c>2hc+9lHIfIYE
zk5V3g+z?I<#0jDiJjv4Z*8>x4W%NO*g0J3IG0U-Tzpcx`(?
z|AhxpGcoN!jq8mkJ8o@Vy&;xsq1<~7%8O}2{k0V39O2ek@mWDno6q0MM-^~;qC6o0
zJ%dT(Ji;Fv3^6bLaa9vvWpgI;K@N1
zw~#uhQQ0!St!JNqaThjk;-mcL1V@7~GR%8ZFE7I}x$%7?>C$gZR|GJ=WkQcwOfR4F
zm6YM)D1e&OSan1Rg{F#GlI4fnTOZ<>34t`~trv;&yxLpgHP-qk@1vVC3*l3tJ%dv5Crm^7%*ehH~y2)T~VdeT%fSo`&6G)5+TNc-L#g
zzOmRGXs#TVa<5h2V+dKD4BFm$cW>?X3!iq)(kpoiI`{E_((o-d
zQBwoIJhVt;ATJQXRFkKQx~Dxj|B9
z4U`C4>+QwgWJ%W~`T#
zY}x|RE`wPykQ9Dt!@5bWU+P}-u&E^Os1ayLH_3-s>_qktLMDN`5ug^mQY?#}Rxtf_
zbXvoO9b~e=RZBLon`Q5k3$(4ZE3WD>Va+BQS}LzxfXtz49L~2N&U_>!rwJ4`eEey0^%ue8E!3BzJ7;
zBVt;|`{Vb*j}Z(x#|JPSHcUoZor85l=HG_}%JrPs&nxRC|DR~aoZQfZfiV9sq0TO7|H?=gYSHvVL2vGU4lO4LAI;l
zV)yRm2i7nbOL{ikjf}eNzfsTLTc}+0_JGy0C(~_lD~-(yS^XzG%-)Z_Fyq}Y1nAMF
zP^BEFmoI<$gkk%eTHzR^hZ;-9m}Z10zI^D+L%QfCK2AfHL)MbVfKz$AW@&PX0!DDc8e9q)O2*~VvI^dabnXy@l!)K??`z)
zr`DFu!K6Inr8-%Vgplj-{flW);t_%abNMY~snq5lV&0cD8>@L$gu;ap8N^45Ll~Vy
z^^HEf0~|kyXs~Ys6pdCrR0XOV`4F(YwcbS>j1r13{_-!6;Z&muCuQn?_@~C#0m1?T
z4>v86^AOrs2E1ZMNL>+cN4VQ?oln9?Px$)AO*rw~P=Hv%JtrBV0IrZ)Y&}uvZj#I{@e`
z*6L9FT%FA6Zcy1PlfUb9Dth3%=NVu3aTDuV#R()p)1?|2lup-1vHM)-9%>03D2!4^
zzGS7@prZUXS<3Nas*tJ_rmCc9oG9v&ua@>wgJd|;t?nE~jRW{H3xCnaxBd&J*QnP7
zu?l}(l6FqfYjb;$|Bo^#zqnGPfBVKX8
zXdDE$g>AKKY4q5rwW|(<5A_c`Tt6F)A>H8POmQPND;j2B-F&M!^XM^f$YSj@iblxU
zF=-3(yNmetqCR)46S2P6Uc_{qTaX=(ey_Ne0YoND0Rn6=bXfgSK0vf$)7TVU5gfpf
z-R0;9qp5Ier~kK{1NHtIdL(%K8i!rU$K!^!ksK(l>I1I1VV*;HU!bQh%MUHgr#<3g
zO0nW~c^k?5a@~r&9|V49{~*>`EETYjHI^{
zd8gRR?XL3|oNV`%O=ZbPDYev+4wa3N+pCy`FgLGJmSMdKDC{dyh-Y9^@YaEx{f3i%
z8j9nl9(VVK;+lMv=a^iIK+SXZWRO3Y_aViEeyuYd*zS2Yy|>HN(u?)k&W7_q0Kv@j
z_8(UgRJ&s$LTzm0P6Wxr%{M%&pSMX-8M{1J%~9^oP;Ra>aCodM-qLHjBLgNke-rzQE49D^^|3QQyw!a-rAF|}@{8h%_PkYvZ^1p8CgEb@c*
zZ*#Px3!jQv>rQrg7Z@Vz>dCB
z#&FW2#SMOY8Q;k=*vUkVG=w8`>AL$zGr+{a*di;&7uI_MRU2Q6U@SAqHOj$+f(Djq
zbqZJ-L6b@;e0POUYb8m_&(nnjrnZ`t|4{;%Xz-!_w=P1~h;F9XeteqQP92+D>^Qg2
znWd*sS%Ce()`aX*z-(@~b+<=oyl4>*J*Whj^Us@8zao}VkBNWb5#9t&k{CDiL_Kt8NUV9Dlb8
z?(vh5kWmTiI7%m(et&cf(H4O=C&@nc(WMs-Y5G68zX-r&+*{IH;iaW|R>4&wWsfC~
zd=iDj8=CqDTtUh64o0;6Z#Q=p%s_E`Y3Tg#DhMdpJ^?9D&*O7pHxz)Mae_kAhgQ_i
z-bo2q6A?@kM`{8PWUl;L25M|z06iW5DU&Nl0WYrj5qlM@KdhglyfI?`bp>v^ySmiA
zULq!O!6>pRzlrf>J>z`l8)g3Wc0=iVTGPq_k@I;g8zpB31Z<$-O>vE?IfJVIZy7R(
z8*|*A{&3U;T4#{jMZ2Lj*+iH|dJ
ze|x70s5ILXR&d^iQhESyMZY;y?s!3|fN2GHm7tU}v~pxpP~b3uKU21C_<}zcv%08@
zhk=Ph=_S+4b^chUw^I!c5ihVAbckfQuGZko;2^^3e!6ttl&LH;_IVg8A%Gq^V&z;k
z?34v?k&V46z!D-G%__69*}4TZ0djA|{rBO&sbe3tz(te(JIe(>`(EQfc+SBB0X~I#
z`BDkK|A~#C8@q7!Nnp_`%XHt!DAj&PpN!df*Z4j!rauJt;^=?D`*~C5lZfMZdJV0g
z{%MBoq7yT5&OLR59YM0^4df&ZeUpUXj-NR_-2ZwnyfB}p;1N3^$S$#dXP1=YkdTh9
z86wZWJG^4xj_nt#&)8G{W}P2Z0sE!j;}1b&^TGRCVvEASAu%7%7XS-yP%fp^&E4r*
zIZ+S18zN>)JqV$1%e&e&egG~r2Bx}m%J-wXMqyYRPTQPSqusZ$9@0Ir7V~1PcAgoO
zPRkHa!VR!@wfso;_v8W*cVHJ=o#rpFwnQL~%)hsE_UVkfArveH@-fux)mT^b>O!8I
z=Iy17Z`M78>lkek^rB$MLIE})Z>UCz`33lCv>RYo9V1NvW@lsXYVe*bMXIKc-i|l+
z7}g+hjr)~=ks#UO3fBspD0azdHvNQ%jQnuj;;y2tvg=E~Cv%BRLDaL!B9poEk_&GI
z_w3}3S}l0tt%g&AANz0(t~m4gAVxzileWlZDrw%VJBE$?)W6s7!36fdHeR8sat>-8
zxF78?!2KQ_+~03gi!W2THe9Qp)8f&)cO7%`0HIZn9vLDeB1So0tlCrk`|9o>GhUMT
zj{!LQ;s1lwbCh(oL8OdqglFTr{kTuZ#&w#yC2}Q^KDbK|yKgi~=bSwcX-1tv^*z*h)z2z|Z)FhG)m1BB}>KN38o7QIzG!HKYWByXobk-a$DZbTrEbzRg
zqHB35zj|_D4!r8?y8?i-N~f>lq^#Vg~0Xzr^DU$b|e8qcoN`|b=~S+#IS3}kXWD6<8Q4^>zn+6diT2;&pz_#
zV;^p~Ceo8QUndudEf`ja<8trtk0Ta&37%gZErb7pSbnBLqB_ry2a^0(RFJdAvXZ{T
zNdCMMB+Z_%kq>j1u8_3$h3k}hNpHK~>{mGR+?~2LTn=bA7|wa_SpC*F`f)ASXx9P~
zH?*ykj;9Ga3&ap~l9|#`Ehplnv$Wfr5i)^Gf0#yiS3&1>Jk9@@;I#f7Sg+(pj8DZt
z(QnE0y;|)kZg|Pf#A(Nm(s?CK6s5C1zYZNBg;U@66tvEQ7HJRlsg*N7cF0tw2LRL@NUj24yIXgeuTF$jG|>Gu%#*^k^Oh}D;WL@`9jb02X{>4`8!5d#-l%}e
zuW8N!<0gY3J2cb*$=+wgp_&p
z`;NcoP*qA2xC>GC7GedRuf&N!
z)LW&uMW$5eUKwE1g#tfw3qNOQTtp)F7yL!?2+ur2I4PFseg5aRt^%kTq%!KwIFV$o
z)}~1z@%Q`}$|Rj+PwG#kCyJM2fCx12jx7f={?sY(ZhSg)|IqLy%rEZ6b~6Fz7(C?l
zuU_u2#MBO<0dmN+p4t0<;scgkk?(_NbvwAPjSgpwmZ~&bgOZCovKKeYYBM7Hkl2OM
zK{QzRaaO%r{jPDIT3XW7&?+5+7WLiq2Q_#6CGdYCW;xh>mMqwfwyh5wHcF^i3ML2%
zO+`{e2g@XBc$bp|vP;Oe=F~h^$Hx>9xVuxuk4~s%8#3SMdi4@I>g;$rI*el}hVfg#
zsh>=zHLaYako7aEiOA_`>UQa=$#vz##w;n?g_DpBN1`0``|e!sB?h*8l!yI7s~{~f
zpbHC=I}$ouUa8E{fL_t^j&6?&sVg?=rKQ#~c
zs8y9vgOtJ}*c3TNxQCTOR>z{Z*!E+(Voq-F4pz-1)05TVU{A0`<0O+;tEP|)$KVRS
zcy{X@SQ+!0lITJ|VIo_h0@1|?8WvgB0V>CArXiIg5L7sKcF6=IQ%m
zQ*H$zZ+kx+9p35e6DhNzX@9d$(@VTXc7!6UbDm
zM7{s_&4UsP)V@GJWJ|xK4JaKKng{%UfyB_8D|~%-ny;?F0iZ-1oyIOdSwGYT%}f@H
zlqI|p?O=gy=XIZK-3S?!SAUD5bHd@I%=K1kdpyxQcUIQY3&fnD{J|@#WuhoVzfO0}
zA>i3agJ21k+06I-5RkBb$B+R{lw|&?qbGDRjIlfU0;J60^=`AGyh$!MD0MNL&hZde0QTUi*Dsa5L(5knpYHH#lv;@bZ#fG)aE~
z^Zc)%3!jwVt6AY+!9_w;f3V#V4qQJ-m8f}cuM9D3RHDitv;P**5ouUcfxd~$Z+s(Z78-cfBa(%R^#D4VN^nuaWG*W6R$NX
zb3_Duh>IzqT=o+b3|uqWuFoMKW~*#Q)U;=OGag!bH$>;TM`?sV7Th2FIm2$(%+2m)
zo4|bH8KbL*WYgEV`;(R<-ji1+(}L-x~N%1gdlO-5kxMg)<47xGAek|t>P
zemV2u56CTRUUbV)?0$YD<_4w&-Vw9uIh
zx)9mGOn}>%R^r1vI+eC@1;x1wd%mwdQ;jwP6(bQzPMLC_hr^fLmwJdgzgCL7!e^Kk
z*%+A2SQQGNVS(dN^pM}3M;?N`_9=Lnmv8eb%jt(x-wn=^0cfE(AB~%{x318^w$(;L
znzD0*#i29iiYMPW2+6QYWDq0rZ}6@Ng7+69jz5&e`CHFf$Z^sBUDzX3b_b#JBd
z_owDU&NtR8U;!^+sxdENpoL3J?cP{=KPF8RUTFL4kO?)b`?*_ypc|_MB{`b!
z^lpw?V|EN&4aT{^O)tPQHd1J5$siwlLWzrTS7JYz`aafV_F8JYc`^gLeE^Hr?H{*-
z`n}r2Cdaf2h*j~*&f8FP>tMwfx4T?fFr7aalpr8)wy~|1O~2LMcKzVnyd=Bnf@!PO
zjK@50P1Rm+c6+7?sQ;TPT_9CZ;-!d`p+yGOKh&BzF>DOn{UXScX@J0hI7IAhHhG2G
z<;_@jUrca2zX>H{qh_pPxoaH%DreR#(}keg@lu9X+$QV18!8#vW<&hrb#U4)<+suf^ic#r5d_%Lq*@Zc9DxlZJQ^
z`pDruZq7m$P?aK3;i-`-Kl*^1=2bZ!B`v$hNZ88nZKPXav3WVq$4k0|2>}=W0b8K1
z&?TCVm?cLf4L8#Lta8yZ%NAR;>pPSPY}n3*s4D!al`IKef^IXkRoq3(h+oH&-I-%U
zZ0<+_lLCa7mFJq8|F6_R^Fu=1tIreuAaG~VAH;?~Gaf$^<4d(W>YfatH;XxOO^;fA
zwJ&%oWn$}zDBU^6lj+OT3qc;Wc~SEE=?6u#tQt6cgyX*a`o7%UU_L~wahl{dz6O}H
z;Okk^nXlr|J6wL*eB@0rEQ|=2k5Mgs|k2BG)9;)~349!peD9
z2VV0v9Hd#_l%!F=&+%)YEU)EJ{V@!n6rSIdYRd9Y6X$c3Qe&GcHzQ`Nj_>Z=V#em9
zCu}=5TU>vK{P9$z9y2$Xzk5a3KNnR@%UMyn=2Df>*N;oE{R(Q>=>BjBMjuaLwmt`YK%5l!0qfM@zsA1P5cI}Q&
zl^&f^{%Y^v$<&mKa2FKf<+20YKBW3XE}&k0=#h8Brw%&5voB89OxW)IaNqa&yfyS@
zcD`KoT?O9GN$mLZOj~k43NEtL>RXc-3o$g-uF7g~b@YLcg)|+>>
zQ<3m|$gnPayroE;ufnd#S~8-|b-Zf8`-xexM0%pDAS3nXDmiob@!qpemCeA9F!9Rc
z_j=?TN9jGMj#?k{l7vdB7fOaX>bMT6!iP{c{i+{LxbBu17BiywAx1uwG8N{^b%xmP
zm57k$&b
z{Bt9(&-FR@3Fro~?S2c5gZmFX=+jFP_A8NsD+RD($`Q5_O23UMnw9PbVS(d~990*l
z)x#^1@;8+uR$+`Xfb&kPoFY)R*uUXRHMiAzB!@VC_NDmf=*k6BZ&Q9P<6GTI=W9jU
zWd#k0!>do6yi`k~G8uQ&ZHA=;3RdzDICJ&H5r4rrrP4e#got6j=YYq^0j?z8|#}ZquS5u
zdMW4-DmxS+OT85W;S8mm1it0R&L@D-HKJ4pH`=Rq#i+)976=^NS-9~S^-q<6e%_p0
z?AprV6>IT>Ix0;b?k`q3@m7S@`Prno0qh1$T=(fuSurh60tq*iH*WIQFeOnDz!Nwu
z`T(uE$+Fo1#xSnHQzJS}>^Qa&vam!~u{b#V`dFb55DZ0eEy!Y+ifvdX-AsvV?G9IH
z@*bTSm$V~HSN-;8JeCQ6V%o!}-5xa_ukw#azSrZjnW4)$J&5oX6CaT
zbOTXT<}{|?D>ZJQUsJDEv+k#Y3=W1H?!O|)`OvS+c%dz
zc9ym<15yOO)7d@x%LVX|yOqf@wv@)Wk?)cBsFshwe}Y2Ct*dNvv}5T_)51sp*0Rly
zR0klzQ^_}VU{I}n5zPwI)ln`Yj*~CeJ)w9rK%%qJ`YP(MBw~4~dzny8gD`OHv`p*d
zYppoHvSh!oa+jX29HYLrQo_Uf(fh-`tHVzYR@Yz?JI3vO3cT(=UaI9kQYtP~f1IzU
zFFI+(Ke@;48ojAegsA&Gu~;q<5J~gIhWrko7HpUFIa!_}YArq$i)>GB`mk>B3(r?Y
zr)u=Xb~EK1BBxeG%4+>RPhyMRqga>IHdd%K(n3uQZhY4U&BUdz3okVOI*L)oqjpk&
zRb6n)6up&S1!hcH4r{h>n}6Jv6}RCpj7~P6AT_9J#MgAPtd7(jH%2sm?LCh1-h@vn
zs~7PeVXHCTtoPYl*5CAV2QjMTB$=>p8mtltnlAE&=BN;FSrSI#!g3li!HmEHRkJTU
zB~O|*oi~%&4+3)P;ew7+4~cjjpB-5=@K;3{A!|Jvgb!LLum_hSF2nKcrmadMON0}c
z0ebKa{|(ryJ%iS+=wslC&8O3=U1YX0#Xuz(Q}}QPyFhp}FS-8VuLn&Ca#+)o&E6rg
zpQ%a|CYFtVgSev2FZ8t?96o&UwV~(PB@*(Kd8nOGSC5oBVPpfbzv=0GTohHQ2uvtr
zPvY915Qv+x3v7eWSSD$GaVM{+@HYJyFz-68*}jna_vTUD}I$5NK-XSF#dce=TMnjk$Qi)@u2?JGBs%tKj2VuVG#5q5Le
zD}f(hurC=I_wrDqXnIs1?}T62
zzsgCnnBa*xa`CEP_Sv5M+5SwAe0MA0b<-Fl>Je84WvQP3f&rKLKNJE#ZKPs`H-P2w
za)Wc~X4kvyuNezYF1%Nk&B1_QUzH8A2DnJlSvSJJiMjyPpA|+jqv82WjamJf-ceZe
zn1y$)k-9>IrmxP@DYpFT`$C%b%%2|UsOcq>zv|SQw#eNm2%};CS{gfmnTgp^Y?$vE
zcF(S69U(>^LVhoKvrfKl{SSrIs>yEjo9BV?5)Z~Q(d^$SPm7paa;mOd04F=N?7N%ztB7Tz5(4*L?7q-GLWf_eq0_C$dmH5iE?Un0g%w0vgWNjJw7
z{p1#{w9%71Kg+Yla?bWe9v|!w?U%CyoNSBBZoK=aKI4zcIxl|2eEtpFqAMFNN3%W_
zCLV|oBS(um`VYZhJbR&<+vQnLgo*auMf*fd3FYMbJnxd1zozz_YQr~oon^i+$EyZ)
zPwXWw9KK3?bam4Pg~ib(4rFyCwsx!->tt1Ue}7
zscni66_-*PZJBDcY0c+VsTn-&xsG2Nmj9@z<){v^j#%YBeXg;PP>}yi&q@OnTl{OrK;513H{@OJ@fU}`ZYsOyaQm@3KHKEk1#=<`wF%C^zIO3%b$K9zr2`{*c9;$
zeVe4u0458D@{QY-5q~Mqcys5A;5Ti82jSKg@pdj&9HMsR7;i+%v=|QmRVk?1*A%Q?
zeb}PJi$52<8?HrYh-F5erbdiyrdxNk^o>Xk;7EB>Oz{WREi4=I8-U_uQR+3}1@VUIG=t2!_1P$Ty_@fwuGRVuM8*teO74%TTp=0T*^=6`
zB34Jkp$`|ZnZtYH;%Csx@C!JmJ2kfDL5doZI3Ftc?X2!mG;(MotQb)N)zwx-NA0a(
zwEEn$n~$k9D@Gr+bQF87PwfUo*Ot29tGfQR>N|@bEs|stS82*#&qb^9QPW|C88_FR
z4gh&Q&RS~lV~(8r+=oaE(F4P>X!gEiG&n*2S>IsZvdX1C3>3s?+`p}=uQycAkpG1v!l_1s_udygu|5~B3zdp@ok)-5?0L*Xs
zrN;8j%?7TrCg+WCy|>LA;Q~M22QAbz>P?U7&Ah9y{u-Tz)ar%xYH<>(s2iD$cr)?1
ztqZEnc>1O6zfCAF;42$45h^ChrSRD{tM%sbd%sUJYuW9&22E8;I$5SD3F?Yrh?(Cs
zc$0Y8xck2-d+Vqu+pcZ=7Eu%sL{L4j)P>;9m9B9>FHEKvMSs5rn3Be~
zJGhbcT}{95xJmotT*3B7S61#!(ECoV5oSQq34C_$6;!Y7vH6TbVyg~WMS+nI@5-N$
z#J?^lu=x-Of$7CQFvkvBnmxWT;&L+N#{Yg7No6IJT#q4=e>1>ho=NSP`UJGDFD}wx
zwU_IL4gRQLFELj8u01AHHKoD&WEn|crkOfC7#uLpT8~TTuh9OGNm)SNdC4AH3nRXS
zV)v;x3ch(>q^S
zOxVmGP(dvG{Z2C1B-W-X6zdOOeHxtk8Zf|>CS~JrAt4`Mk9sA9%IHY^I(O&4Z5}0TDa)0gax~Wf
z5=sZfY?vPPYeQ|}?MR*yvt*xN18q`h+Fda&a8->u#7?H5^Tvl+FiT|lL`;(FtykkE
zHhJ4s5X%c`s8!MK?5|sZ1q9`%KJcjvL#FkePAS@P`)&F&{;lw>-p?pugb52ufXQ=
zUpzG7Ha9TssFJ(%^X9
zur>ngGNJt2WdeIfnPR1QfYA7L>r>=Pm?nRhLx4rGGv5j!bBosvofUOH=@0+uCdG6S
zIK2tOUNu19uo8Sd|LwNsYS{f*#})FghJxn}Z1^5^4^wGn3w;<)eLDDIdzJe34_m%&
zhaqxHBWazqXbknLcFhu4R63_&KMr4CBvkc(p!F}3ER%$_Q1h*EAbr4=lGmQ<-a}<1
zjtZqBHF`i)w_i_8-X=~=L|C-~wyAM!+f|KDw186pia)stb7DMkS2k_^nYOk_Ruwzd
z!FLqC_3{H^IQ(hri~fN+YI)-$zO9#Bq2=sstzREJGHoohfb;YzmWoD<`>qRl9M3KU
zso&Add@0tuDUs
zk0xFu+;AsN?8ozL)5C=mVrgpMJt?kS_cyEHsWYvOmut0YppkHFvuu?v`bXo2LZ;1W
z!>3g9tSY1kyO5?bGhPbqM>1nJuva-w0ef16AETM8c3(dFHrECGq$Qu_Rpld7FbS~I
z?RpUq;aMm)^?oRlDBnK%5q(3;mMS84mnKK;-k|e|_TmjYh7sjbEU%1M>xizLOl4gX
zpn?nD$kweaya!a5A}$^OT|p%U?0-ta<;$d%fnZ3}_Ukv7X|dT3%>_b>WlKZScTU$C
zBE*2ZO7<6VP6X~xAkqJ=XyVib_lOvazu{OQWarBEHn+BmDeux-)Y|7K$3#UU5j1V}
zokBk*S{#l5D8Xmx=Q~IC`8npxKX+V=U+D1oMkYBa(^YmbnD1JBr2I>)85&fJoI}oyG2z
z{am8QyO%w-%XJL>9n&znWO4-_E@Y}pS|{24prPW}34xU92|VvL=!Hh#ql)c+%ZHm_#1%-5=`A!7O8B1eGKnDaf~1L+#Mmtbr(Qx(m68_
zi2k||Nj;E%(?oXbo=fb5;PBQkgLw4tjyQTUnBYp|bXw{Xvx-E5!K+p`2hsBg?65TY
zdj4!BU3r$Zz11A(EG9aArZ{_jF-!rY&k;Q)0QkNm)YU#)o47Im1QYbFfIzjP4;Z##
z&gGBpfZ~+}FM|SXBNyo&E_ygx{(#-%x#>x|(E9Yn$TYLeos*VrxcmWnkY~PB#wR*T
zGI8VWc%L@>Qt$XJFd!gKvr0X;Mxo+{#^`_{l!!hH;rmvOPb&DCRC@LCN#66j_ce)a3?vzPG2!sioGmFV{cU
zGf^0|R(Dc8j$ELG7j)&(cj((G&;!BUprB`-o~Vb1#*|-avcGA0N(h_aEEeE#n!no=<
zp%kpMf5HMr`QH5c52j)Oaz+G=oa@2pqf#o1&$yA%pYSu3fW!{NpJeXxgfmH48>&PE
z8mcD?Zrb%M%^^^KAXR;|3+_Lj7>()0rFfb1=A8N6^c_iN?Ig
zMZ_7|5w5$7n;v|JMWs&SYul`SYebkF0{A->xtX=R>1!+t)8P7bNBgZmg{xmeGjD98oQK
za%gb{*NM*xPcYOh@}e`W&asOHlgdfdV5lda*4L!sljS-Tt8R`{bW2#PY?9Y@t&2cZ
z_w$EuokSAW_vGVmSghztDc-CHJN>P`>=qlMN~&US!9TjGPtH5~cm4~rdauQH?s
z?GTCxiX;KKe#hhgubyprg&edVHYgSx=L1!$xE)vdjv01?Hz^cyl}GNY*Zw=_C#ENN
zzdozfWza&ctaZfRtn{<6ywQwcM`fyV^ysig>9f6}mN@jP{=y+@1m_BbEwhb#p;Rf{
ztTMj$;p*CcXx--Yi2b6C+M2G;-sH=VPCJAur#zzAz_{S+3$$@(hoH5YB0l(=0>7i<
zj7jd<`wYS*>a+NW9MynVQ4pbg&BbapUjEeC`{k{g#+`$`_-a%^KEC
z7XIc8ubm!};~;AEAi*}Q*xQJHaA^_9K6oTnidH`u>}t*Am=CCko6iP63*EV+Pt1!U
z0VT}?C*Vm`A&Qdd1#q{a9=r5|j6Vg){U)mywT{VS)e;Q6ubL0ECJNOwO7PtKHG)fx}#$
z$ORI$gq?8e@l>=QTuGcgBJMYx4ESMZ;#{`xp84M|+$phW
zmu|GN;kV>oOj;<%stDE^ggNxdcU?|-o~rp5@E6MT+BZGWzfO{AHZXrFi+mjB*01hZS(}HN^hXA@e08uVB$V8P9Ar_1g?gFYUDN;
zecz+y*uHttPCd?vHQ}KLi0jXU3(Q1++@u98
zbtsLX($a9YveLe_>-uhDAdx)Y8OX!|K*_Q{W#@WgwDDbn?m)8#9)Nf7>l(bq@3%}q
zkze|dVWi|%;??uaY7D{&^jC|mH*Z~@x(MUTllVfi{D7{2UvW+C+tE$pH2F4bvB7TG
zkg-}O@{qCku4tiUeOE%VN|8^B*UaE<>*CW`wEJru5LN7kp2gm~gL;u_18|sJkrX;z
z3)p{zxm_?&{n%rL1*G6^2nhQmf=h6T*sCT{Y#TM=E97Bv(9)Na^&*b{Nt01G;yRas
zN*IlJfhgPo=v1upVTRPoqE2(6c?Ku7c}E^mhh;m0I`!sh=Fj*f)4X1S;SPXEbmAo%
z9opEK3cmgHT*3B&Hi=uP483Na8<=ej=Q`6@vPINwjnQNA#?fl=^G5ILY+Hmw1>;W}
zkQr)O;*R%CbByM#8}~Fg9n0QN8IpQ1uq^+_gf9
zfx)Fr8IHGhW&Zb3%D^#Nz^O0o4_H!4a@I<({{mJ5Zu4F)lC}*SyOIwf6h0<%E$Ge2
z5yuzt1m{!W+EQRkb1ZYLXAN$oun-h?84@);r&{gT_^5t^xcWX=*^(7BhWfSi%tc0W9`;4r`b|oKt9)F=8m<=~~cyQ)`gyKem
z5!{Cl507I#_!^afT2px^OP??)1E}9$RG@BhTH*fucNWA9et&*6&z+Eo`l7N@id6m6
zLWIJ^gm+`JXY|W_A_7d;*y5Mc_x@ytpAKaE;MlpNv^QPDKWULnpV^rEIY^7xBk~$1
zi`GnN(;vkSIr_Zcbe^XMm+3*G8)|Ve_JYBZOmt%V4sCqRk?y#fkwnV2TF*U=;PZH;
z>Dr)!c4MPH+ilmC#~d|MxJ7-}6buS(#;jJsJeOl!n#mHyx$&=O0*dXhZ8N+*&0y_b
zxuI58AQ<_~cax0Th?S{0PKF(QQUF$8kA&bfPXk1X4||LD7ammSV!;ID-a^s`o1?jM(_<#9CzU}tE`5(*O7Ud-e8FvNleogsbD>^xc&9;Z4QM(
z>BV8NDl4OGSHkDSBry*#`I`BNV}Sxmt*(AL;sNZC@LSSszruM>jlo5#L9VEucjjwj
z2MRIg9X&EM;LN&KJJW|veK2*S6}m;}>{!A;l>BV_W9w=j$K}1tz@d!F19N`O{>d16
zf^~G}>*#97k=kOLx#0v%LvgT~TjMT#$B8Ud>)d|bd=jax5Z#$6q%V%xu7)U-IgQo_
z2!Z!?!g9`~VMllF1HZ)_Qj%l@lNv*H<5GM{Us{c)Gw!Wgh4lMKDM(~zm!dsU!`BJ9
z`2|r5WKZef%u@aYK6`1V<~DDhrLT2XE5bl?BIw1#@1URP*|_({a95%G(WqSSri=6}
z-Qrgq1m%)sG>{9^I;YaSD!jMcU#dV&iTM_Fzs14j65r6#^ThU0M7OoUnAlw@bKeh{
zqIN}Z;VBg5t35_@9oq#5KRv~gKm$`fB^oozCs;oTdY!T4&*^t_d2BrYNewQf$`-18vfSTD{r);oz72sX6w(
zY{V|ZmAb{IH3P60)vHyYKJ~>wbM-aTGLTTgyo6iP>_^;rE-W)Lz)|j=3@UfQXq(M}cM&M*)pxrZQ_*Z*V-3~Vwt@5tKWQH=(;#@z
z|6c{+)z=kLeHXB0^r=GB3mBC3N_f73!YwcUw*&cxvvX1G0ya%lSaKm!ho>vw_j(iQ
zc)VrIiKMx0nhPWPV|td;fSu^VKVO@mYW58I;#PcGO7z;EtCrkQ?t$$r-KcQPYVdoF
zQ(F@AcqwpmfPc7kHu{MDY4+vpMP`{0@|ciz!|WqB)saXwj*QpFJxKo3O!qe93s
zTjyOosXt2U{?8|DOvuU1@D9Bq4L8Zg%S^rk^JJ=C=9&2h@W%yppOWJXZf-xWkU}r?
zpU6!<8{Vh9a(WAyt{1-J3mGflmGc1N>iQZl&6OSRFW{U}d7;a~f#cSQk^MrA(Z{QG
zAi~W)fwA5p<>QUk<#@Ftz$Si{IUOPXZ(~o70W2VyxELAQ+Qiv;Fgp1oPV)|@)2u4$(jcwbj%S_0;y~ke5v0Edb*`{GJE~vQcIT}Wo
zdKgZf#f0>POSZkKr&*h#hw;y`$m%seJ9;wR`rU%W*`3VojK}phSpUCssZ^e1k?=%8
zrGi{lewGw9Hbsg3QYd!8>N>9q^Dc
zcQ1^o8iXTuz^A1xRCv=2fu=WII}Y?&606y#UOBS+TT~?1ELFmm#{Yvt
zWOPs{CxT`rjcx)X!>ed@I(p$OD1LF3JRA#DkB~pqPUkPgD&)RZ0g;LnS+K!y+`xxy0Um9=B3@tcM$@di3bynfP4kQ
z;0%WaPoG^Xk)jZ>et6WX2w=*PFS=*Yh{MAARWGNgQS^SW3FkePnEL>kv@4e?pSjkr
z76En_G+k?}o5w0lD#^tr&Q40>x2TN)bF0G&v)sdSr||6EzBBXH)O;^#6qa7k>F3>5
zk1m5qc>r}QaN~(1zt&LIfn7y&r@H82u_afq*MIwVzwI1O?mZHnddMKmHZR&@ckR~v
z9jxrS;~uUZjf=lK!5^lg`Y`FULGk3`JAAo$N-Auhl)BMBQM-&t$dxYZ9W94;M@!5nakP}#P+u$H(t)c|m4y<1
zJ(x#7W7zL~(cRAJCPDr+2aq3eNw%0B40GS=O9jSEozg9+)j*Nm_hEG)11A<aOC
z2J{%|iL8%G@T|VS8KkEOVenX?_ia1QR|#>S8(>{~-w?Z_7&E3m17x_1RU;f{Z;T(n
zU4BGXG4qT=EkGS&98*nFC3HTM@!8GswqH6L-2~VxQb4`)7~A~P94E(+F96%M8ZZgq
zhJ!JeXNnN@-RDyEADfD475h5#4#ovwtN^A?!F6SN{+Z@|5wiJMn6MK2C{XQ3k6-ae
zH4KMeCG+O9G5^%Leyk#~4I`}DzuE6$E+MGvxjU+N-($6f0F_QRoVWuyr$jaoIyC9M
zOS<6lX``@OV@3_A?~JX~8YTeb6|0vIJ<)VB?G2hXX8lfOD*_RhKY1g=rU6+Mrl4ms>CuO
zvsy1<;sSxG9z*rx6)c;Kew&Foih}8x>RuWC=?@H)KDx)2b>}j%i6zOYJ1OotL>V`k
z@f&@%Auv+lxM?gJfG8GYCCPFQzXuF{7F*dqD3;260VXnOJtlX%dh`lDVAdAs2NjM+
zo9Y_9+F*m9B!68Mv)qo{H9e8t_BJ|jX`(`icGO+7iE7?9LkJc=9%PHYl3Ht_l2b^v
z`8hR2X*jw~%CVBSFzT}k1(gH_*6xM)u;G?iu#{tA6l-H&h1}Y>KMO+(?6s<9ibiYtBb!f~g+6giNw(y~K(A3niQp6&#
z5YYHtmNrY#>p=k}U!QZ>x^)?wU&2^kBJebxaPBapNSV&1(fcI5A0Z*?x*VAp6!!kH
zO848EIgN{v(Xp!Tnw+i6)r7ec`h5>l;%{t7x?J<|jlVEc
zo8nOBy?)@Hqg^aL?v(50IR)LDRqPTgS08USqzBQwBCNyW`
z9*n6KfwGk34gV9f`N5kJwpp2*bMm{%Z?DPGeX>dr&p;=&biDnBTXN@5i(;CSlx#`e
z<9+1ipDZN>?rfJ?^{Ryoy5)E0tr%A~LhoJ40h8Hmaf%AM*dzMtqjX}gbjkM8>|1<}
z3j1M!?}`^}={w#FctramBAWrd
zE6Ew%8?F>f@1tw(;hICpL?4N4DHGY;)=Fhn39FuPfSNSJ83c)Gsa;kixs#aj%B|`8
z<|kEE5Jh+_)M4s_fe4r<{`W+1T;wt&(-Ow+8kyLw{w
z)ty@z-utceTyKL$PBK+_UbJ<*<`Ue2Yd440Ae=2>I0zM$R8B48I&M^TFB>Vgzx{lc
zN_ex5`pVk#HAB|6j(J(VhOA##!Pbg+y}$R)Fk$yh+!K^Na|dFf`b&Iw&ImD;hcy>T
zO<`25{-$nlGG3C8yw&P537IZVl>)V!1g7c?)yn)zj=8mx5qVuK$)8Z}xtCd~@m~Y+=WZ##}$xU1rMd$-z(6$As%B|CokB%Wb1D<0R1qk6A
z7DF0R-JP7Izy%$an2>2@S7C0C!5s$^2;aR}Y29x3O4%{mgbd%EERTQnK2UPFQSyXz
zKZU~nmoQ1LA~?l=5-m8zoc^X4Ui3ykn4OJxiWInDJM0H;>4V^f?L}jz5Wsta^-;xYSP5I3ZJ*CPe5-T_$pXB@!D7
zM&;q4KG-tMDd>Zw1TBsq#%}sHH9nAX@AjDI=wYOu_wH)qnr~RmumuYdDP$!fCJxBF
zzK`GdOXY=~T_XB#$$0wHkDF8RQY8gTjf1}IL|`T-X^&sczw|t5b?l}MNc8k)Httlm|Kb*D*7
zd$uQex|llo7rq6x{GrRif`pd9+iCl)-j0(xkhZCbGr`02$wImpdX)^lrj6BG#J%J*
z9#rDA_oUC>zu_!r#^CW)FoX%dH2a35-La$2jYVOYG>m9rK10e;M<-t288jCL-!*P%
z#A!j6CaaxdIgZRSGFB!k4LElvN4iUlK*Ym7yT|t5YW!{!3!NH!6Z;xUFzhvF`1eD613pvkc&B=%9LN5JPdF(+QN(r_BUj$4XgE2wUaS+>*|oj@
z05L+P*7d!fF~WBKN=H|92M*%+Nl8=y0@N&uM}Bf5DxwCTOv_oftDoj*4N)?sUXcbJ!gk2KMj%9zf*&sj@(*{VAsg=fN!~>J8rczTQB=8Y#
zhYd1k&e$Dw&+;5JP)i%S0Z{q}9<kaE9uML|X*!&Fxd$BuxBJ(Rg!Q?8rfVvEL$A;Ptvn<|^HAh{Yj*Q3^A
z^2cTyf-_qi!&Sm_P8KFa+niJ;SfTiKvDNh4cWHR%z9yQk`?aoTX>Q)=xA0zXb{C%g
zZepU_SYS{)`%=9yj9qS`UJuV>As!D^;gu4RmDMc(Rd#nD0!dA>!-*Tt9&401Zf|G_
zeacI@+Zqwq4G|Xwn81aZI%C?und}YHeL;1>#XL4b)YuI?-wzGNCo+z+X7%a!kH+Ix
zg_A#HO-6$LFVCqVuv(rDPDQLIs)H)!WggozSW!Y$Vt*qd9)BQSV}dDS8P#q(GYU>B
zTWFp%;;YiD$W2k#_e8W00tE!PTAbNRr5wMeUyC
z`{B>UG*AudYO5*c&nao6B(&U-SRk>NXBG9Rb(SKTaznTCNHhdrin?4yGLA7hOq6G?
zd~Nb5TugWtQf+}^>K7g~g)y!~P!phb5(^^Gv+am>-uYG;Eh2tsm%)RANX%-D#QMQ4
z6*1Pz$?Ym*U&xz-v`UtQF0<9
ztpnN3)BV{Po~;=6jH#cc-g6sezoBwaf}!uW2O1SOHWS}mw03hJYTDb~L{j)FwR&;A
zEl=3d*l5%1+VgvhUFFsziV1=?On7`qBN102Y0s2i9X5^Isate$Pq7{(c7IPX{_k=1
z2AlO^JSDIQnm#ZQH0z+tjB-b&A3Kyp!C1yfwnB#QZwuzv-04&5FZ=v(&Qx*dQXGga
zqJUf`ytP&%PT^!oRN?@3t4H~zABy$%JTJbv;(3sc1kz5r2IUU!GG=L@RKD|0-V2h9
zO9xg)YzRKw&zC;L#2~N;?_0GICIIgH!8Ss2=y^n^UWNQoO?3lX?mMcX=$UYFHRZ)o
z!vw+Srn&QToMWb#on*DjE+3LleI+G4BZZH(`XfNMDJ;ss8FBEA$6{5h0oKQ63k#)M
zGcwZUvteqX8PxPlniQUPa4)fOYTxrc9+@G?@jV<7ELpE@YWV1lIDnhZcNwU$R>ttz
zKG9kn&gEPgqy1SMf;Y$S(mpg290>Y%qI(Y7XSt|LLb{+VObZWg`Ww~h+?tA(LOYO9
zlKZg5=QS_9#7Ec>`sPF!fx9en!J&lqKK!AC47w9$2V@;Dd6$|&-<=xrm}v5;NFXAg
z>Y*msqQR^auQnzorbnd6RFh7$E
zpeg;POmzBM|2A}UfxvNq1W(xYh=cGPZV7fl%ueb}(X;(&{|<2RcZGt1p1=AF<1AAP
zQjVF@X^YoJNT%escsy_JMK3I-5!LBo!KlJk*Ih1AT;SX@NYnuX@0@G!D@tUL50Rfj
zdM*L+b~|2dLh)5(8kGL-!7(4;0Pe)u(%evSCGMT;LXD&!jAYsY!4m9);sb_GoLbkF
z7$>d<8P}ELmURTIZ)H>E-3P~6M#;vb^9M*ic^2h(s~Ys6!erDD^`OFLmpiCf+#mnH
z6yb)zAZPkf(t>qTJm|dMd`;ui6_3wi!4qM74S0<#`*(ZfN|ivOQBOY;(bmfOv~c|-
zzCG4t0UU2kfdRx0ATMAEwVvIXwee8N*E{j?t#R5r(TMJL?V(thL?+hkD(h{M2Pdwx
zL2M9S3LEp1V8V{~YL3@zA3@h$@1uXQUCUg#B?sL5B*-$MSqGba?*RLOBpzLsvu-oz
zVnK3t-9J|<{uh)A;S>*P1ziV}98FF_c#GKSfU}k%u)_q7f98c}fzQ({kcC9~lWl4XBF=HC(ynV0T
zJ3PV0?lkAZ2*0Sf`wrI!PZygkQ#%%H6dZ!OxSHVX*9MDau(h(2$@RZ*
ziJw%qpT&7ZJYgv8mfRzT_#!RTn0U;WWLo-b@pVSPXXh55lKMGlg2DyxWpndc)tH6j
zIKZ~>({@O3rJ`1zTbs+>T)ULE?Hs?2fS(3^5`}8|5Y%9mDXeSr$Z9PoA*K4%A%hRM
zkD~|>G+TG73=Dm3Qu0;kHm8($-2WMT|6In52lwh-(5vrgIvd#MaIaxcR~&WPnT`zh
zFGydgyDF#o=54{(F;{8+E)BfM%U<#D!G03?F0gWZWgO*0W|c7Xj`;pA{&y-lu}eMn)Ax_M`c
zO-TE{_&KIJ?sRQDI25+b-d$le^*$e`_+sSXab$iZjqP=tyCWPC`ge044iLZX`L5-nUGFOy9??yu#0i5
zd$x6^D+wOl4t4_~%ipN!5-5>Cmj{$cGN#%>9}>?aHe=T!0}#xv<5z~e-?u$+%slUw
z2@#a3u}aWH9W-wLx(MjjF$g#bqip}iWc-`%EliWua8u_e)9s_j(A3W>WOu>hEjtob
z0E{k~YCmlsS^-!_n8yyyj&4+G=g?A5^MowC@U##<`ViJPpR}r0{Om&ey;J+uWpEU1
zvsj$Y-a~$|K&j}pP&V?{_ELrjk#j0Q=lbLwFN7@e@=nvP`HLmtxS(;cgU{`LNuC>+
zFDvI41$Vl7`~_@~S=?TH*=?Fd>%!*ylu_L)!_zli43s4kvMGtLzwFS8&Vtn{rdWqu&qC5_up|eCLNW1(n_v&69{5sY-&&c@o`$LWprWS}
zbFTQyK=@L+)Rz^1lm}xU|9I!+PZJur#yMd$C!$P{PjE$KF)&LaNyyA;o93gy|4uEZ
zECW*c&^p-dh}z?tC|g<#fyFEb$=(>*yPl>|N-bLCMt-S4oF!!E2SbKJapHrqOY
z#dxN`R7&r3E9-xviU+%L^}!w>D=8GYNPu@q6W7OYK5SbSZtcz>a#~Pf*vRQzJ>p4y
zjzc0TMbh0dPk2Mrew!PK7vwCI7eBlHB7EFtgmr}I`1H#$Ph6E}3AOcE&Gbk0aWam@
zHv1ai_{|mhwSYwBb%;|0J^RJvw86pr=1h3j_ZBM#xaQ!+pd%>q94}ZVswPSKhn5<3
zYtNL%%SK)(xhfk|u9TzNr(ve>oZE;EWxABdTCBCWLjvA=lRw8BgRT(htR4O|P`jJM
z#J&@;DwDYw%+gmKuINjb=~TEO5ppIH7_gERyZ^CC_nIM6I;GP1{|MESzZ#1uwUwiohR5_?230=$*f5
zKk$eHS($)SWhp7`DKi(@ub$!%!n#>HqpMgpzR^Hr8c!yvL$b(=ld`8iGb;8*amD3V
ziDur@nR&WSA{5lKPP)JpMI=1H;xxXhz%sLv5TdC3vuQy}7reWy=)~Z&A@~nY0ol4K
z!^mZ9GeC4+e70H2@dE}}LkMeiTQbWaI0`rXA05aO3)*?4+b0kO^Oq*s9aGS^4;y*g
zj&Q#xI%X(2PzS3q`1_?wNF`!PM@&Ro(tnn+L6%rUZ8@p8Pl$h%^myX@X9M?3@T$1}
zwrBj`@%|3*6rS(o71>hMngR7(Qspx?X`kmohbhHZWdFeYbm_v!b{!OPE>`X7x#7-J
zaUPyUD_1B|pFW@?`lv|I$$VqU2CW!BXEx!-9drD0Y4u4TU&g
zKvJR`Kbw^pSLEM
zk!IvesXBiY2w(O^deKCkt0O0&mXJtDs^Uq}>tyndSAOsPnuy=MenJ}`^2hY_8}_%$
zG+{V#MQCuhh&=8s}cg+eY8LT|H-&9@*~W0SmU
zjE$b3nBW+}p;Kf$)`z8;POzuwq*#{L;z#u6qmLlmK9=A3s)5Zs=kQLCfnY1=5m$L$
z!{L6w+ANxS_5Dw>T+Vs#sjzd7Egu_HG4J9J1IERk*~+Doik8QQn=6(jrJmKyg6;^*
zDS9#n&Q)QSzkhX9IWe>XbaFKB3&L)R&Ua;4GjD)iAS{eV<*KkdQptM$HMoAty5}^K
zuWT}Y#Qp5E#v0ne{3n}Pf$Q!uDbKmTepihzt5WFQkeIgjtVT4SN0tV-`Z5R4H576h
z70Z(!7YSXRddD9@BWAqYMVoFG!oqVhcJc=Hon~Cq7n8D#{FpLr1)ExT;zeHZSlJ>K
zZM)B@*ILM~)jr-$@lr!EMQD*|!Og?IKk?rDOd)C@6Kj#%;^kQL41LWO+Ec
zWU5w14LvVwl!~!m<9=XY#j~gc3Z-5_#<4TC%9jf`1;k9bynQYPkXN+k&W7>W9hk0N
zwJm@ohq$P}id3Q+e4p$zt5y-|4i=khK3e^gZB>0)Ms)$65OMaNHjjT&b*DFnGT3hh
z_p@dZYv^*-=Ck{!u{nZW`7PT04)RyuYVHD1ToOYa0>p$?DUr<@gFpAzlw$*lZAprI
zyXSmaRm6@;t|$4%BzZWpK6pKak2v0!NIWW|naqTIJn>ESRVtuHOHHl8BGG{l9z6KA
zD6?Hh+SMS^qw*>tOU$#9&u0AYdby;$Kr5LbQ7rM>2Esh}Uanw<-Kr1C(pb4yW!Z|O
zkDM83B(!nYZ}{sAqI^_s05`rb+KqqqPGaE4Ndb)v5fCWRrVviy&t{B!zzCe5Lgc;9
z1aKUtawfeQn$+6V`t2S-u~9i;*!5Z}x!|^zN0@VxrgrMMFH`C{`T#GOfA0D27lh{D
z)T6WApyVtuGp?|Gbz&uWGx1&>z}OP?>*
zWz%WMDeu*sg6aRlCk|{k!4b4;1vi!5)`4Om$lj-Crc^va@y3X-+ns*)H~bMvaxSK#
zfvsPaU0_y`dJ|$Fu!vrR*(+fa_Ym2F&k}o8KFm=p#ux>-Soun!H9sAa-=U*}1!n}r
z@0ib?6~9}!;H;!NPXBY~5M_g$9Hn(F;y9ezf4NIZBiCg!sqM4>^GYut=d%WTUtPu(
z;aaIew_H!J}ou
z=AmnTdCF_LKR4LbD1dX~;(q-#aB}J4r606%4bug|X5#}|INg-Ihb+~rB~BTjt@L6E
z4==KljSR#3++pvIKdgCXm7eiDX6Lfl+KARs)6=$
zGar_}QM4NKRE|`M^neSr>NO!R4g?|uxh+f!PJ_q?6EE3{i;EE?P+xHaR#i;q2~-sHq|^DY$~wgcH5A7<>Q
z8C-shYaZ|Tcw4le=_LEXwUkuTrg
z@sa&vOi#(=!ZJi0Yd{pVkaB(yYj7x4WY}B$G?sLv_wImF>4q?dIF9xda0+3E8gGTa
zk~xbsrO2@_UQX42#aYuX?rZ>C2
zyK`JJE+Jmq&K^ZaxFx=paFb^#x%zTy^T}Itxv?P+{|$QzA2xCPi+INkb7Q+1s)03^
zySt^%9&f2HS8!6mJX>Ht5Mvbf7RUz2g-uca{tfR%h!FTMU
z4iQI|z*Zk7$W5JBk)66C5{dnuPw#kZ`?NzP^X`I#SC#Ui<3|-8>Sq^uYA>T6d5!z7
z?Uhq}@81EMYF$aNjq}+
zKI&=9DKTnCC(jk9!MGVRL-0dnB}uKEj*N-U!IASa(RDmY8|i6tN_tH*&!@Y(JRiN3
zR0}(~C+{q7-mRm2rw;v{_~hz7&1+B!85_3WMek%VX6PjqX$<|A`1)Ztt<7BACAZ8snN}pCL_|y~G%mqgwRM#_
z^7Bpw?^WQ(L%Rnb*|{TFWmgFZi7EGAiXEbykv1Nk)a__)3)T!w<4-fk?~f@i%IAstGu?!`LO9AdX^IXH8#hB>l
z&IlwaEtN|Wq(_POK#>2A&gCc(RR&!K;W}XK0DxnP<|mX!Jv_-hv$z03&#|+sb#D5?
z$;C>@)DPsh#>V3pFt}vvGClR-h~;$=uq4$(WZxs&R2Sa*#O>q!DnDcGP_t*=zkAR9
zg+O7}a#_~xucJF<OuHv2mq(F6O;Ie97jRJ7*JF^SpMza!~kgOGlQh!WwU9
zu3*dNU9zdkV%{>L5LlOfwOW&V<|pp6Z;Bzp^_&V`WOT(Tj}-U54)!fa8j)iOn1-xp
z$sO@=QfxR;G53GVnV2h{$yVS0!Vy8EPdkDD7X`1Sn&=~#Mrhv4j|b`KQenL{e|TT5
z4!_CC5}R$_x29uqI#U4xj@;wvLK3;KI!;x1C8=!JP$k9EY524<0tBJstj$4o`r`il
zhlV)<==w$vBWKxBQ=~iC!T-*jzKyuXTlxXOoq(kfiEIC9fHPp#@ZT$XRo!HHs{lh?duSFS3
zFV~R&%hGw6Ozt^M^x#FP5ax
zvw`D7v&@0#4pQ=K=c4{V2ER*y-S`WMGepEmfl*5M;ZAMYqPz0buSRfQC3Lt5)3ftm
z{Y|%j3OX4^q!EeV{*0_QNr^NLS0wU=HU(5>=*$H9!|g#coak2%?^Ongh9eU6$Z{6v
zSB>&#gKe?g6urAKUi49qSXT(-x)X(UYFx!eot62A=kmvx+~837NKf`=9D=*G^Hy_E
zo%6G-9dvK#o0z4H|IxpD4Bp(y;!=$S5Dih$%CZI6<3{p&tf-&Zf|0`WHN%nq6G|tu
zxW*{3TwYTQ>~F!c`U1aVyh@%Ce+|(fi-g=B$;js1Ma(A`*73&|rAIyt-KVa2!RM_N?;+0?%<(^;DtmyOw}`?@oE{
zKgHG{(PSLK$-It?)QyObz0r8lov>S&xy!IGG-5GQ=*hIwz0jRk?;*DV>Rr)FzWn=t
z_!_(NAmhKM9Q)HXQY>75lI3J(wIPpurosF(joAJco1A{GxeFLy7Kumyq*kkY=JK@o
zh-;0L^wETI)!sUo{Luhqo4$9K6_z03(ADMW?(`NkUH)@x2W=(~%zMUTMgqRrus!rX
z)?vj2^a~3Mmsqce=#*_~?SK5$E|vOk9X;*MR;It6YJ9UW$GUm{5#3KcBt0`VD!8c~
zRbOqicQEej1r(8Q4AlQptpTV3_CJa+ost2-PO)f&(i@aQ7uLd|9r!~Is4S2kyf3AZY
z*dD{Pvt;5wIBzav;hZs2aFRQ6gx=e>h5<6Wm-1Ch0ZHJ6rLvST7w{qpj6Bq0PAcT>
z>euc8nV45=9Lu}K_Vy^cEr@AYM*Zfrg=7EvJ%9NwS(7f|`ottJS;2+g`qIK0r?N~o
zNn-HFLJEX=F0rsyqo96E-)i8a-9UA-5>&>nYH2z`BFj}=dD8cVK8Ie~pG{4FU~L3e
zfp>B1w0YNq%-^(^tUb*_uJirqr=oxmax;CIX|N^6#Zq2*D8As_j{tbK8?fD8v*-hQ1SrRTt}fQKZGiSd&vduo)|f91E#$Z9D0u47&V-O@ZDWkK^#8e!fU
z);(ui$8)^K+AHA|0H41Bjuu7$b06QA!Q&J-UO(7z1f4mHt+0ujyn|fD9dD->tuBla
zN$=LUes5xoz!K!8E8n&M!W}{~ScE9LV*w1_O$_J$PD)pcuzG>({Te}$fw_=T-@J~v
z$Nr|+w8-n>IdWuM3Gm#4_Nzz&mgv_o)3pq9a)BM{m%i|O1WdtrVS{^9#ki5XZ*{$8
zG2gHnb%qgzHR+wxJtkAv!I@DOzC84oEOrE|iXBr9-9D?U{|BcFw6kbt^_>mCDq%>5
zX=98cU=B)nkyl;wU{4+2WIu6a?EIZ(Dj&|7g$m+gyPK>!SqUuFgPrWmteYcA?*y6Q
zX3VOeOb0bAwafRLM4`S!Le(+Z!-E!)2kQJlp0wwFqJ1(P2==)bdK62SKyG-<4DpN<
zDeVfA%5^onk=p!5O0M90kN5=S(VxXBJj~#GtE0sz&VG2+Ar`#vkWEEU+X_j|6|gti
zUAw|GKaUkU?F8W~=?W_Kzr8B^Mez$e=&_x!lskEY{o4tr@7vJ2*Qd3~Xavk)EYoM<
zv=h8_L-?)o-}({C#+s{aNXUfQwRNrxXlz{siP6v#uSDxKS7l+tq3v-I(O;QM0Q;3)
zpXL3JZIG@qvrkEUL$5)j|YmB1dtmpZ415R}3ony0Ui`~_-ErNN0Jj=EL+{)m_s7d-9tDH?$rJW?f>^r4`ogd3U!&U3qwaX&t2V)682M(_vA%
zsWO&A7K9hM50G)Pityjt;7)X
zo48Fdz$)}|^1fteDTh@vZL=E^Af7a>ug9VI>0mhKfsxG^#$Y8mD9nUqd~3ij3TgB*
z{`69t6%gfM77gYJC%ynt*narCi-GVraZrBge@)th4%c!J(F2CV1>Ws**N$9ql3$D#
zC$TG+{8k$X!coSeWDFwdKwnP(5@>`HMiia*fo~>Kh4oQ{optdxolp7|4AE)A(|O^$
zP(p1qit4;*c*6zJ&jdmL|44E{5%ud)Z%$mPUq7|oO{ocbc(d-*Od_{Y3=7@?)24fI
z>Hbhcc|h51A20qEBn^NBKhWHN!DE8`n>jye|jcqM&30o1u*}o8!_ed$ZaTyWS9Q$*JB%UEx4p
zHw6rkJG-7fXa=Z_4CMtP_6MS2tKmtWk#yARXAs6gHc*{fqf%|q}XeXB@C>iTHzJC>uRBB1=mWCGv|q_daC-sJ}$>O
zDRPKZ6r0ZDKn;B)PW%!}c%-;Mg3YK?Yk=@vu=7m@*o5(vHo(CAQ(r3qU`6PJY^oPQ
zZ8A`Z7^WuB2t#ssZFd??o%I7?67KIc3bG{pB=*Dx`Oi+YE(`KE6l{MJgAaG4?1<%gH^9j-2|Yf$x*)VI34!p{|?*;6JfekEOb=?wdruqf2HLB8dgj7DqE$=Xf)S>e}<4h^w9*Bb%K>soFJK
z-guq<(hd&=(2a(a?aB#t1%S4$lL!I=b18tsXv2bC<*
zR6o>CIQlzeo3K$iT$K6a;5j9j7kK_ZBpbkMg@TV>qn-Ig7*2V(Lp7bsC?KfaNl@+-
z65o-|ZSD*^86#Wx*xp6-TW)fqm7T0Q!Ae$Mzl1Uwp$1#2nWIfzkyr
zrwvWSTHs=4&rs^#E4BZw)SsufY)V^h{KAdJHv+8_J14W)osaTMW0AP$DI`@PYcV_u1c3
z00ZrM)KIWb%s41;M9(QvchfY;yP~P6i@4**SVpver6NXruKFT1+
zyaR$Iac#`!1eB;RIMuG=UES_eGab36=j>}6B$_EC&Y+eE-ZK*Q3$`g70
z1B`=?N>0Mfz~geIP|F2bjNG?AC$KRR7jQhQk&lqhi^bc|z|{{sqE{a11CZ_%y!wi5
z#*PfN!q>5{s33LPWuATSoFIckBgOB=ZoW|Owa(K(9!)>U&F~ibnIYPlZ_-~#)f34B
zo~Ff>b}_(g`-2U)B3G=M+NT`&O-6mXyT)9Z6`*;>$B%7*SZ8>0%>H5lfZft}9|#F-
z;fqNcbZ|E|%W-;wB+9c@+>U-hAxm`kET$Wyp)}!;t9e`}TL6+988&QV5wocuc@3JY$uA_HPnFmY}D_cS@
zJ5Cfepn*T`HsK7Gq^bv?5UabUAG0H~Wze-@1nloz!+y3&#G{4xYLQ4@hk{s)a><1WCyeN6Jz
zKDx5`8_%?>Bt2ci<#399v~(b!li#2_ov1eo#LA9F%7qRe^pni@mLb>v?j>>
z_+Xy#usb@Cbv;YERkqxsARVDqk#F?tDIPlugTtNWm@N>_4^BG@=ynYf1>S$6eW0)m
zyKPli(sSF*ZC22|`dOj{h5j=J09VkUMKqk@?!!rcX9o_lP@*P`KxeNvIMrz6+a0>0hB(THnXQOqxCsnG3d7kV%c3%%UNE>dA_e`jwp
zo9!xIn{AWlWo^Ut{lsEXin{Z0z|)(8fli1x1QNb9GVMieFa246;hP3_OO3Fl^-MODAAq9Y4j>%|#aO@$%JQk?;WNlh?+N7Q
zS#!=Yj`LKQRZ9Se2yfZz#P#__cD*ujmBh$JF8?$BOYO*x`JNP7%OizWbzf~~`QLIvqSS*zmzx_q9qZZqD2oTgsu@ZGgYi_O;UA6BHt
zc!|-&cke38z)%yDD%U8VgXNDQ>)gyXVQS`2&}&_&?+xE~9W^9w4SS%cX>Tcdo5N{r
z#uW55s3#zLq}dtY9w2WhPTPw)GVb@pdCHCJ%2OZ5ncDWr^k!2ZeO~#*?N+^dQEwY>
z;l-@CJw?7w-}2k{ZIi|K$OeU@Yo(Zv+z$uxm3N1?KDXHAG0x@5Ga`av@sj|}BD|Qq
zB$7B?kFpCz`h@v7Bu66mJZFoUrI*M}rCn(!foWO!^(Z=Iehq!s_)xX-L$iW$%OuX^
zG=`R7X>?yo#n(L%K?ogqVlR?B2jb>^6UAe{XBKbG&-+j7+)gE2?&
z1iLhS76E=0$V?rN1nhEoT;OX;34w^`4f*L4i~D~Mk%V&psnlyw{=CKj#J&AEzGO@;
zDayL2YvsPFzWLK1lP8!2Y~?a)ZngQ?
zcFmV1!kY#F680_NL+KpHa@Aw{SCYM`_WTM*ISf#cpJB)3`R7=A
z&cfe&Ye8G;6v?#95NHVUXA$PB3>d*4@}4sw-mK+-s~N*1QYY<9vErbwto%;?zT2dB
zOP5kXXsuK^NrFt_4W+cyAE^tu~4eJ2$HxQkSq@~lC<PlPi
z+N$9ZR^Aag0g>pIbi&(4S)vM6C_>4oFq{l{&eMk9?Xh$E|7k^GZyY
zvpnglKsA|Do->iKo0boMWFN$mu2~O{z0nx*^qg!GEGVw4FFO-{
zd@CBD(Zj+fe)akE3_sve1{8RE@x~Q<(KN=jrnN>j*idN3WxKWTy9AYVjet?oT4nS$)it;5HG9@w%%(Z(dW3vbz
zDL;pW#w&0rNA9|{@LoxLM=;iDOCFbTBd$7h;yUjjhNx7XgnW=mhl!^3AD7VWkoWOR
zj8^i&dHx)Wxz&b1hpoX<>%?L5bwL}DFMoYp7WD|?B`
zwsjHh-8e$(uDPJYwK+D!p8S9f2j9;M0Faw{qx-2l$agvqh(n)#LCmDa#cltaw8rxc
zv0??O@)AXvspRc;c|W&z3Eg*_F5BK>Trj*Vs)K|ba0k?Bp@oS9@~{`P@2lgFyncJ!Dr6grBSt?^j)F4uFuHxM#AU!
z=2F!C1GhDYaCFf|%2k%~B=Q+nY62gmdg4-NJXooZ2Y
zDIYs%WcWNIg5_%{ezV!`nIr^0JEZMuaonF-c%hTD)vF>8e*j4N14420HfdXAI5@5-
zpOMO(6JXxH=I^@_)SnPP$`*QlW;STIdYo2I%ur&dt-G=j)k_(ja?mrC8Ul{vDLG2T>&U3PsrO&84_lZGdr
zSK&CWOtNS|w~W8M;;na8-QJD+(OS<}Zxay`dk7Lf)MBeMsU`b#ktbwp*qfmV!&tSx
zLmsq}pwbF)t($@nt&cKT%VhyPJa@^P!%GV&!--{pdfVN4zsC_@$46t!&B&`Abwet)
zCnMg9w=kN(`p*-%>m(@v!6AxgbkD1eljtl<8{#Z20U}vaKkwQU-2jC?Nr@|~625N|
zfx;3062=8`Bml?9GhOm0jL7XcyBUkf;ut)RW{HE~(qb6Dg+p6(^2sUP1_7b)y%Su|
z-&c}TLPewjpQIaVrKPq>3)&1R#d#g+NVBuB4``ST!Qx@o2V&S$r
z?lxI4>P!Lv?~l|}OD{JX_8vT>&c-*q-Cy+wLd$N66#6#y`az0>Rn-<-p6>Cdq_;JZ
zp)Ri;vv3FOPv<}Chw_c*q00Mg;M>$_*akb>iEXRJEY2(sPe$cX;^iXw|IG;9v}}OSK?JA4gknA^6Y_}p`s}t4dDPG
z-uh4tVK=8<<-sTJgAOB*P8aXwko&38-Vl1w
z>XC11DS-G;8iV90wVae7Nj&hV7H9mi#fUVEl_~F<E0mBcKDNe9!A)m=dh*~})m){YMS!ub2Yd70XPZx!M*f()&3j<4=#SLF9Cbg1_>#$7S0M7&=r};(pSPKj{pm
zMpmo*i-!{vjgl?Ehh>l^xxD*wz6#5?NQTMpdoe91nv
znGJ?9iH&V43H&&00~MX4T+
zp1hfDgiL0XJz%@loMerlnp%POd;s2Mnwh!|TaLc|kGRUA84NG=vgS(x=}=SPv%NK)
z
z_~Isd%EeRmoP*o(=%>Vvvr+x*{Y8tauq1kE@$FHA1NqgCaj8;#o8RV{
zrhc$bCfhS70MMV;vIxMu;2#c<6FP1L&(qH@rezx6bvUw|80{EuL3*f>!)aERII;_
z)K2_tsyvwnUoe$7WDT75Ru6L^i8)c1|NGQT-+jR4QdK6cdZmDFx%|CrNNM(z
zJS=jVWeY>^n8mF@)|~@%6F88R_u}1MVS_@VzYa5MJLbDGI{*qxuqP>1khm+wmgHH6
z2578Y7Ud*R3Dse1Ce9{nMi|>&ZAEHqFJDV?+M9p}JSxrf_Hb(lI3*VSySw;zw$tPV
zmnsT0UqlV-;vbFB(yg`M;9$T~;47Fn?t_QGQQ8TC|~?1z~{QrW}XA_G5@1
z#%sH?aISS#Z}61bh6tiH1uEFLl8bac^^B*Iip9-c`YYqt^4$1yDKH5CiI6)W4;l5J
zN~zbMV|Zl*kN;R?1y!7Y$z`b∈a&0B}&T(4rd;q$&O*$s`%b=ipG8$m3w0xjmtm
zPphgJ5rOiZ!_baI8P&8?UoZ_J_B1
z8NWgX-6QpxQy=S{o%-UUkGN^}&}hTpZZnvkh5HBewcssVZv8?nT|X%I&SAYn8mU(1
zWm2j}T6Ssb7eYgETQI~^9aMvSGT*M>8odufhWcxqXDd7{+Z3O;m-Z}I<-?7t6yYC}
z-_a<00-$KJluy`meJE`~^hZgc(TQ!)68n(&_WN;fAt!XTO~vqqzKp?jGko3t_0}Jx
zd0(MK3e#Uy=>k??rG8@i&gxVEthvbX*N8VG{@H6G5i#}(I+z0y1XRE0RYtTWzsqU>
z2|wRnHFBsLP%cBJKU-Q~Kb)J}ymV-_+OD>DzPB|vnYco=ZO-NGEUL^zHXm&yTj)Kk?(-`26nBIkQY%!+E|o
ztcPF-#*w-AQff>*g=sJ^S&j&xp6%^^TVeW(db1xz0HcSq%{TwJx<$v#VH?tLb1P)@r`pOHr3BS
zilUYQ1dNZ;6HFP@`vc)&hxx>mS-aB5U==e#x4pa@E>;b#|0+h0uZE
zxqvDZT74&3o#v)p<#)rGe$P4)g2*ilRH(}BY`)Rm0}+~tI)bGxYjwHqkt4c?AysU~
zA$6$p&7@bS5YrZdvQLIJUG|1&^7Yph^nY2oYK|4FbW@x3#f%flp%`I}90EY>^YP!{
z7Z4sV5yInhyKyusk0bK;!2SjF)g>TFGZla*SXz}G$
zFL>Sy@&4lPP>WEViEqkzw$O=er(>d0B-;j$*hOI0Hi&6J_}%_d&{rIk`=6#S-&8=h
z`ldG9-w-mi;Z%M%BV)U=acYa4$_e^GiotXD4BjdOl42azg)J9f
z3H8RYz>eOkiko~18YX-UiEb5_$ND7l43{I)|EH=URX|kuI%QB4?lxhWH2}HcY$gXr
z0z2t#<6+Wq2Jf$Lmn}j9sxTr7oXT((!=se{$wuhY{{d4Xdn@Y0>~W?UYW(T@-xH8i
zWitE#SzPz}UOBvNoL#rIke@X31ct%Wg9+2){PKmDT1dr@d^wCepDzad{~cgkIBaMf
z&ZB_9*I~f5Z2LX9YRag*`1z)MU?8t3mVkoqhX$A|(~~4{sd{3(8zt0X=_)3h1bVa$
zC}}H-PujdbGzbqlR+c=TY?g!B)Ff)3bbRr<4dN_her`hNV-|02f~S;?-R?)aD31OE
z_6yo$_fBju{)Fle#F`Qp90wh;m4*yEnC0MzG%?0@NV0wrxNN)zla%$Fn?1En5~OT3yk0Aof3H7km%)lE~T
zc?JnQ1HcN$sMS-s=GJ%2ieI!4HVk!aVH*Dox8qMPUmK#)%y(BWT&u$k4Q
z*~rMW$Z}A=+5N9Ito65U7aK`VWctH-s{0Qq1&X=hDV`$VAu$65Da!#ErQeVWv^?Xl
zhOSZFG2f^~2T8|J@BJ=SF@~5;KWQG}@t+Q&Tq7HlYVx?SGJX)XX9_(*CkH3EY5&Cn
zoY6`(lz_K+zyu)?$IeKc-v=pGEH^cTVCWh}{W}r%;}^7Fzvua>V9q#EZN7|Kug2><
zVgKhQ2X-yxNo{$NUq=ASWTAptuO2*I2BK{qrNSw(6WU%8e$XFW-_*R40dCL#9
z27%}=bwZn&=nmse3YxdTj(-5``SpM+ClI!k(&{bAs^;C`*yb%s8nOp~$Pa9?UC(b_
zG#GHVTqDy3fH%n)9eBwIr>PBKZ+Z|SSomG5W0;Ba4qGfqC3oIG7WMdU_Gw-yU@2Fq
zWp=B7>3;nY>w=Vf!+!%DWAcB&4=>#AB?u$3H5QkrgM8ZzYU^biLsPcq_oh?Q;jJ#;7kTH;IsoFwS?n46^IyJs
z!v$Tyx>`S2lpSQ*Tt$zjE0d{CRmmN&0^Veq#qx=4sa8e$^|nFme)4nEQNF**1Y#F(
z32t3rtx_2bd8dV5KvF?>paIxxAvjPs7Eq!CczGt@E4DwRZXia-CkR9rro`6I=oe|w
z(j$@6-!{kz*>vjX;haD81_*iEZzh(0931$|ptmnTiC=-cCBVdtzTH6WrsUpeAS)-?
zmKv{<13h;Jd7o6fU=@hlh$T(WPt66D&6d1I$EC|>4{JyO7b`KhZiLLlz-T@oppS>ZUfd$
z>*q(?BYfM3(O$X8PV{c>wGds3x3qbiLT)OW*7-X>b{t&6UZ|5FX=I#x;!a&
zNZv(JD^FiUYQ6$lK!P$X9t<JS8K){&4u@wlS=cS-^$((Nh~J^T4G`z|sQKznjr{=-3$-jodZZhq=iH!s@0+HnlgN`}ileUR%R
z79w|d(KG*n@fVpJRXd&5gwTEaQ>
z+M@brtPf22W?D8YDx23WH(iHJmU+GTE!2#-p{4-ZF@T0z(yns}kaQ!}T$-vLKn|8w
zN9lor?*{AwWui|gX$Few8fqg3>+fXp*2;3lhGqV>A}
zhCduhFSbke=1lv0RsFdZ+wKy>?c&&(C+Bv2j-EuL!Lz%R6|E?;deaj5_7hN#jAhcM
zB?|x^C2$R^=ZqqZ)L*P-NBb;-?SI6Ic(c`SF9ud3ABShY0ilC0N^!
zu%0h4nrb)5Yu89E(~7>)da&%}tCG7fBA=lmM7M47Wv)9_;SWNBDC%|Iw^r4S`hlu+
zhf;O=v_NyA(f4w88N1FI3Ww!lj_k$>SIU;)A1IXn;bTYyf$Y;0CGCTd?$49~F$ZH!
z+JlZ;K($S)U!bkO`y_FN#AQ(rWeXSw#P5h1Tlq+y##JMOi;6F$cXUtm$e1>Nxxlbn
zO-77+QY_hUKiHVczP;F(iE|KNGSnb^+NZ#TU=%gG;e~V<>#dBDw8=YC=
zoI6dw)52-E(p@UV>|4Gf5#3uQ-QsCK=h
z7w{_%51n|9n#y)f`kQ11SqlFA%nYvc!An2b9!?(83gc+2*zo!~A*^l{A~o+USF%oE
zy-T68x=w94;1GdEgd3_9OTF*ig*}l!)!Od-
zO0VzQthT{mcbRJ4R(?6HlqtxyoTW!xELpa!lGSA<;(oa~>KpP)$-a%etk4iVc8493
zVTRHqRw?s^+M!rP-R1#?}Q%1h7dcpgi}n-CB)W!94t>d?yCQw%ID
zyRv^ZNh5khJf5@KYdEG~(M(|aZQ|u{oEIu18G5syBnPw8ZU57zxsX{Mf)lU^sVB$`DF?ntzyt8%JzV>|#Q1v(mynsD
z+AIgdyF{XB3rRK^c$^8HE~)BiNxWfIN`^;jrluQzYSB9IrKR5$uY#1-C1cf8p}aZ;
z_K5=5gAByS%C6kts=oG!XRH1<^-=(qh;-f4+mL~CMmyusIa;@hhh00$e#FCDvS@<;
zaY=s+YQgV`Q1M06ro23s*WddB+R>N#M&=gw+P!>tUmPaeG<4sZ>)jKjVN@Rp21%r*
z2#~M!wchJ#Eoj$pY+AH2{2`qt)~)rMPVo=i?cfWXPWdpNzIb6eV2_w?x8smEhTmdE
zJ1HjVP}8MMO_NU9WRz)n-88l;PKDJlNKtC(pWfC6%_1jh>4{XK^u=4C;nsOUSEet>
zDht>LBC|ho>vH)%XyMkKN74Q}wc8DlIXg=ykifr|!&7Q7kPunWiDsSNY7FKA<$0@T
z;b^*!jx5+(#>fIuByK!{4A*p+xO^~*IIy0E)f;$o76{bYacl6bZHSltX;NKmC$8L6
ziFU1fPdWjr;%(Kq)D+d6{H(!fYldHgmN)}iI8}%si9d)cU(eLeFOdfb>DZQ@7{>(@
zSJQ6=jyBviOFl-Nw0!H;#!Q!bstc?K+0<=kE|=1LtzCC)=lNWVPG6>KNqGg1siVtD
zj{e8?tyh%g2TtN_(-eou?U}9`#ew1XlCSN%fA`8gyS;bRHkvnjyMo>H6RT~xn>MCE
z%;t_=L4R^MtAG1UC+ODM`)81{-_hkyrlD0$xO3+oIzigMlO>l2Bqd`XP5@NpsdUb}
zgH!_f+`Tj{7YdQiY!j&3grmY#(2k@ZSxhpl$e|#W6#phM`$Wy4wLun{n6b-5l0e#E
zPUkG``ilela
z+)Qbd*rmx+fnCqincMM0snu)4c8Kp>H??3j{{|}_;-%n=3@^k_NNKvW3F>W
z{_ym1L@HnQr(Dd-S`(?FCc+@V(!)ocZgAkE;6KUn6(j>S0Oiv|gFo
zbm&eUd}t%G6nA+~{~Mj+_i~0S|6G<6qN?Y@8o%;+)i~aJE;VjOcu3AWzP&?Flc8W~n9C-p8--(Jeq5iyU}dUE$v@KMM-{yb
zopvhdG*N0g^1PyyOJzH`Y9pzwcn5FZ5c4rx%|x~JQX>1G_qbU~qm>-aU;O4qe(aVO
z_r<@hi(WJ@(r|vCNyNrD*HfijDq!pwr8~+VHO7g7am1
z8z-VTEcvSu38KLydb5Xlkc;#xgVDEn%I_wbydt)};<8Kc?KRJJm~4Q&mwrX&l*OdaiQQbNxBp-J~^vOYGik~P|o
zoi-AmNfC5$nLsB_)%Bh0IRMP6Nfm8dvT1F1+qyx%Xx5ENGkb|=`zImilt)ZYFW>$~
zT7>PQVLRV`d1tr&5!)KV31fSCbC+f8sIG6DH)1oal&Ft>PFeD{ZELKn=TMeu~kGi{C?zq7bWCOJzAx~i$tJqu-`ILay?7OeSet&;Y#Y=aoPG|N|WcS*v(cb-(
z>;61xgOo}
zoT&dZ)ajtCS;ea7=C?$A*!yd0@%7#T)iQosp7i^Q3DX5;DjV(ltw>zVPaL#N3=qG*
zFlY^|d{@o9(E_E`#SlED3pc7$nPpSYRY6eH*lOE0(y)RFbWYMf%>J+*tu~K
zot^jDgMe0j0v^@uN(eHkhX)_o3seuH$xNt0lZGgNzRs6aB1;OYJ+S5*JeKeViD%7gl*=lGL&&t7cejX;P`}z;7Z3sG{&UbfPzn-x?
zsSkSyIi7n2fZ@XXEzNW4=Y)Co7Jn{vPesqfJR)OR`^MaiuREFrc8~C0?rN;xepd|U
z#D_IkpEXh0MAqF6FU28uBH%IFP9OLVW&EH9JR3>k|&Q7x#(Z5=v
zCN)1Ygc570^i1?|I2b<l2n6$xTa
zm1=J5eNvH9qkNTyx;ppR-2%g5wX)uF)=z-#K%n@w@H>tWZJXn`y?3e
zF}Yw5<{|(8*kaVIjv20I(XYjr_OMQ?qvA{L6
zXbD3!(`?r6OuO-uKxBi79R5}x3V?)D+&*pu(XYm{<;SlJF>|^@HvV6`|KHERCpgr(
zFuZiCJ-UJ4qTNMs10?=?zRbk*h|AXbzb|#0Un!a(@(trE+?A7c%q*
zTt}Uo>ff7t%)YI#Z|({Bg@Us5b$s|h#b(<|^9=QU3>o>eDDbiNi>m?LXH+3y%O
z6Kc7|>EQ)OWH^l)C(%EzL=@CPP9i@^dVz=3_z*cAOM$O4qX)|k_X7OtFl
z#usCl_{3Hh>^
zACc&jt)E^S?hMO&Fd@vcj%wpBv~SbeL&U&BOW
zz1?)QyNzq{S>`~G@t|CRSTIw)ucKLn@bF_^Z3%xt&beXS?NBb)`&Y@C0=SPlv#iXP
z7vmOLH7gQ#H|IhIGH20-r?X{&JIb)d1FZLS>T_MV
zD#a`JYuZrVS^7gP{ELqEsW$!G0j`QhQYqy+IK9f>(|cCElT?cbPV0xafN`hXaH!#|
z7qhF$tpYsDTL|ucx5*Vt8{k1E`BcSq9kwK~nf9lKXH_J>m(~5Mo;K~U()M%3>aiXD
z75LGit@~Wz+)Luk@UFCxfgncgv
z!*eSJVys@W-u)WMZ4ko_SG<5$W>T)63gUJ<(qRl_ZyGt-djpjGn5C1uf4T7{-=46#
z)MNHZeliAbS!30u49Jy1`B>HSF{_GrwYm{Bh8HqLjB1r``8ATxZ_hg?4CKE~ind9Q
z=j%C4q-b{S;v%Nczubuv)!%#LcZl`WE0X@GZ4XQO;OhZb=`nxv?gdTA=LuUo=WSf2
zc?bN<_1@Ju#eDuX@0)xKSQ>27yu4b4i^e^FEcgdyEH&7FJ1yp}OKr{gauVoe9qiZI
z&P`4fc_+IQyR4NcvH}xBiMZfIt%Z-cjw$_3{)6003b@a}rpTX-%&Y-Mhb$J+2}_3o
zW(k4}fh?+UMCVk~WBF1sPN9zQ=RJ=MC4yPhJ3id&?Gx#cf2oxfoIh~XzY4Dt<0N_A
zLUCyMy%@Rn|75O%u6VCYKZkbu6>iXWAwu;|L=06Q{s=9T%9u0mKl;$3F;qBpHySk1uzamSYAH!AA{yf6vC}WEt
z-ZU~{kWwP2()G71`&^W)wypbeg{0v}of3fMUN^QigaFDdALx{qS)
z&$~cUvAW?Agx&jVtomI{@FQloO$@C%p#`I1qjoPmI~7xP)(tg6=elQu>wlvOoO{4Z
z?xcuce%Gu$>&@^wwxR`HoW5j>^Q*tYp<2hxeB#6HukF8*T$N`H2U>cqd!BWUN+^8p
zM~*D{dsvr{Euf(XTU~5{NR0&)&IT^2Vo^^1Fg)6n@@E!$FjH}+dHD?{zQ{U{u$j=+
z7YY2ih(I_Z&@uKwJ5ZaiDelFBCdQ2q<8?`qEi}NB+CsxFpLtQrP~l-(b7(*-rl{04
zvcMC!=>?RyZ4HexTgP^;`mF~HhCCZgU(kBCBvCM9A?j-=O`TJs))Ppz>ZA%
zz7o!L$$UmDV0r6hy+?#pk8y!zcsvvlCqZrRqivU>3*R;QYUr40i_!n+J
zKEhlG+_%+5D~r@PL7|RUXA_f9-}Kq&eq+9v5jI;=Rf67q?(KwxJTfO2_XJgPERkYG
z^^TixiH67fA9}ir%lX&z;KHK2DjlQ!>#5nDPFUd8S-~@)*}npK@GGA1e+e^^Rj^V_
z(+FecJECocA96GyZgrD@ROKwzE7yPP2cP(%6l9qvt=yw;CaoyA)k6XNZlJ@L1CJ+g=mMTnw&WJQ$ekh#?
zwkB{^YLysd=ZGINi%!0Np5)U2imhck_}~WKaopsyzwaT{Zc>!E#|+=sckWX&Bo8;Q
z37u^y&qneLqtzGf+Yu!UiARBN2X5$~^k_Xm!UZq~4zi|d%G(W4%1l{P0PSq&$MQUi
z!Mx-ud4L){#^sY0e1(kA8|IHLX0`Z9K7g+m>{*$>klFm0P%8`MLUxK_@>wm|$YbS5
zmluh*Z_Ge@?7E~_mF?tXR$
z98fv9o;dz`4X`&Pew;d3r-?ZC|9LRb9r9#}CLzNmXI^%?Jsv1f=%9g5i$*Zadf&Jm
zORX>5x1$3`ORFZ({lg0%L3f;%hf#SrV?PYo&rYbpQu80brVXYoO!_>y9LY~I4{RJg
z=j$A24-4$wwwrA;HF)PHvJ}S9pkU*q#H7
zU15#(7txWJ%wBdR5KMv;l42c1Vc2d7kY7Q~5J(ol4qmyQ)J1UjFN-y(xT)PF-}}JU
zTr{qTVB5bx8mrk{_R`Zy_2^TfNr;n>Om~FEUAe&c=}e2I{44^lMKX~^FN-dNfCAR^
zg*spkCRwBaU}#?pojP!ibHZ0>nz3ja--1oMS_cZEd2dD@ttnUS
zmBVXkQa;G~MRPWFCzPo<#*o+38&8=jHb-u|^IMDrMYta;&;&4J#Nxwe<%^zLgE`nv
zzx>!X1tE6f6b5_=+{k^DXz5QI0zT_(!B##A8bAQE_oVqJC_iyGg37hf>;wT=aGoeve8<1C7ZNkyW0EVrCV|G)0XDvG=lgJVbKVM92C<^=-H63A^2tGc=j-c#Ev9P&-H_lHZfa42)5zcmkf@({>HW>lL
zj9S`*nX{;?g)~VdC%NO%j*O}%A^B)&dm@r8?7x0A%snom$U7(~@C?S>O=Xhoh4({*
z{dg19*U7HhN^Uu%TdVC2C%oONO?(@{v3&;|Rtek!!iD|k#sb;JmY0->{_^Fqh-kn#
zrnUyrODdLcP2jvf>ko?dYQNR^XTiIaZtO35JEwh2D1366UEG1X&e}F$!;73*WQCQ#
zBk&L%EhzuNH>Vo)AT8z0xP*ysS1N&E&29&x`AcJ1IwXBr6JNz&)6R!vC_Q@QzkGT_
z2wG!|@xWGF0rl>NNs2)M{AYH_TM)3e6)9W}C&;~iZ%^F#z@!p=KEcQrea?@7Kol)~
zYPCVRB4wz)igHGZ&T?)T+?4FpB;zsV;T~uGKU8D?<5+0V1Q6C+T_~MCh4EWRY>1UE
zfk?_S`fLxHqfL3jCyZ%FxsK1-?en6$40Q$4p)5Q`3-@4J2eDY91K2M!^Js26vH42}
zS_$`Yf0_ok1+DRWA%u_^kC$4w15B4Nvu&kt%~g$B`ZA4aoKpzx@p2mPG;E+XR(`9>
z*AcsF&wfD9aX{#UDlGbd&&oGq%NhPBg4)BWz#{v20WMF1)_d`PD`;1x`m`4tSOK#Y6qbw%E|gI|A2x=
z)@@2cHCP$$=f5I>4oiwR+p*3`fW0IpqMOaQ*UKZ`(UqMu&5TKcrp8RMiHe^mA!7)e
zo{NVe`L~0&*Iw#k
zin7&AuFRXmlEl}iuWgs^xet75>xOlFxz-LH=XNY%D6sg#djTZk4rKaad}#TnR|6#6
zByN#AhLnGyW8M=*L3!f#n+d70hE&U42gUn<5T3ErFnxq9P&X}XHum_z0s+BeG@qPl
z%PWhuEsHdb9D7a{3;D6B8yZn9cPN}qz#tqd-D9ca#tn@w)I*sm{(HM8MhF}n1=V%7
z#!j|?d=>%5$9Bq{vpb3~R|FRkJGEZ9eUFtSky;yQlWXM~^a%4{PlaCJJwcsO;6UY0)g-ZMdZ`Kz6;}l35(L$ToLAg1w
zgaOyByUpac>9GuhyoP|1^yYo;277qvcTV#l^E`^p{*k%Ft_PNtMSIDzz>L2%-<+!29K^UD#@l9#VzF-x
zJ;m^)`mNrryu-|o9Vn2~hP0-n3)!44rP(ydxsuRct9}
zs$DW$Sbk;XJdKW~+W3OGhZqC!94T|1rZmkvH7Sx3x!WAKC2X#=%I2DY86@_FAb+aG
z3%BgeRNlS=L`*3>=jF+!Ab)cl<(1>bO@%;$6)q5*)0zrz3uO`QxP-;sCI<_o2!CTH
zlr>B-Op~ICLd0@u@+go+um|1SXEv2;77rF$$D*<;(V+xmsAoK6ge`mfa!Ge+J>qV@
zjm#tkHdYtxfl3+>3^8=BkrCcs#oIvRCUKqIG}6-h!?Ze0$uPyCLUEtw4H`4hn}4CI
z=pYY7z-BimY+OTD$;p*dr4>cenytAoLUCp)K$f
z3+8qo^zreoIEs?=J579Ys=4%=KcJ6$9-Y(M8@^bu@22hgqW=cN;Cz^)n@KCLA*y2M
z$H^t86!L~B3Sb!1KD;}4oLOkVg9N>5YRrMxp9=er>8K;jx*ozBcDmChAD<~TYds6ybv-xo*syUib$@eB#?9$Eh;vEDzQkU<`4?efxOa%6;
zu?Ed(&uHTBR(SJ6Zv?jrN&gUY=#k53eM^|0Hm1=QtnD+gh5{`X!FEX$S5eked6_-X
z59c^k3aFZY30lw)9*AZP4P@svfaA44!+W~zLrguoIkN%WCPC<$zlIT@xUoRa8yTij?r(fyg_KfQ7(vA`XLP3dK%di$&|GsLjEq=M|aV
z*Z&{7-U2Af?|mOuLP7~eP^4Qa6$DvY6j@r7kXBegX_w9g0YN}m7Nko>y1PSASyH-L
zV(C&4mgYU{$N2tc{_hNfjuOv#&N+8p*L6ee_kt_haNSg!$Mv$wEXh$D-RfLmhQu5T
z&9I-_7y6%Z%{oFMP8k0PpwGZ%npBgR`Z8IVE08b!N}30?FV<1VXZu%@2gjR)dF?3h
zY4BB&Jb2)aguk8%TLEIp!+eda-d9dzCD
z#lv0AT3B`PLK06^@Zrhqz+oDV)~^4<*RHm_g9F6
zJis4~Y^Jc)AD6(z$$ePMxQd@+uy-gz7GWSoO0H~occ`)zGUltR2uhb$UVL*Q?PG%P(H2;H6=
zWz)~52_RRm_0E$}qHq|y!zPTZ4mQ=NU?6Om=w%X|NUmuRcYL$nq-yk>#=r+2?x>N2
z4XV+dLtj)$;h}7CA46$*!`)&sPM1pKe7Z~Aj>hQtP@qZ)i~FSj&T5P=Pu-tu&@X?u
zVB~(czcaLYkw0nhATtx!xm9;2v~V3KnHEWVx!$ywW@pz=qI`(&(Z)dUoXiqHn^_KQ
zSgm=u7~&As)~zES=O=5;awZchpapffh-Ac^VcwC0SJuru{abx^m`0a(tX^dqO)#~8
z<{z(>2N22v(1c_WN{O@huIuH5t~zoYM*EfJWnwdYB&GJ~)_|5mzZ>9Prt5Ebs9bNj
zsQ_?*%tE%|6Dv6gjH%J#S+Ytp*%-#vIBPLpJ1+8+LlPZkc1BR89EGv|BeEwf0?KDkpoCOEoSS
zlk7Gny4J8Etud5xxa&~8(3G)yAk18A2*7W=E)BoSg80J{1p3}_6?hEtudEyL5E|wy
z8;=i2t4{I%Q!jgvFIx@#pNO*N?h`A>_yAYnhZ!c+T!hsEp{7&gCwTYe?o-{tF`7S*
z6;U-n;{NVe%9Mc{Rh-mo8%V}$$kiX2Q$Y~;y7Mzh<%~mmaCdnu?)=VY1MbR^rAmi3NtGB%o3hP?f%AT!?bK2-KUBMrxlIz8sEaN1#`>tF
zIt|Xw_V4+4eF(cf@zx_n;=N|;tzBP<0;YUE+xqU~#gdA2d5X93)XpbtLs8`Hfp)3*
zzVvZ~M1Sq`S$Ow_&Z6BR^@o#5F29;p-&S&^5(I}#3o4-*#<#?m>EqW%9)uXBSO)ZP
z7|P3kz5*Yxad+Hr*H{oM8#=$g7VfnFtS4qL_Q1B@p!rM^om1_HCSQ#WCPWLH`yAS%
zU4+GRPr%)EG-R+6ApUe4)Dwj`mL0e~rM7xdsm|ZcKCLr_ODW9P-H7?IyP33<4VuDP
zMJZl&noMER?Z<}z{`9na%ul9RB?vX7fBTebSUG6me9;dP^v@4!!qwFNJcuF;4?-i38v(VH<)%vw;
zZrFOQ;Lav#@c|zVn+K93DCgetDtt`Bv
z{!(kdsJ+0+51pDYFkjX0w#7^A+Ssk3f`+^v(0vU&F1fjK(@Cn(Fv~&kXqu;N**W;g
zEiJX^$LL1uv9=h-V7~6=hHmGT0pZyb;U|BU+W#vX%*+(w2fqB8Ewcfbn4EH86WK4u
z{SOf!j$nzL)6Q#8j@D~ClQCZmTs;$7$LjmU6CX}U*YCx;-OktU**a)n*sXz8PstW9
zy|woKPSEE}A)IUoV-!)loJ#eiYajf!k-xSE!E(;dPAQMY*oSge*5eI{S
z4#4tH<)1s_YcgKg2#@@})IN{)r{3|ePu%hBfStmXwGF%4RXIbMVr*?sz6up*II}d=
z^m;?<`rzU0^#iA6p^mJIoBrX=uO4xp3Mu5I93C~ay&kvM3s@an6Ie#Qr-VnZ%9Cv!!Ddj(?
zs@TDZFNbaaYhpY(beD<
zef_5ogDu0G%K$3JNL&FiTx^_n12FEgEEl{57sB44jA~{Icrte*Pa?`>d>_jA
z7xmNn+!y>(uh05gV&2Ak<$2Kq_5#$aBE8&G47*a_LOZ9UIKEebDxi6t);1Q^Af~=Q
zx0U(qN8YCA&HLFi$UOwt!P(IYGENUKxaRZRm!=DC8dlwDc6<@Q7^|gm|9&EHBqA}s
zu7qfOTvEZ(Q5fz#O4!q6Kr%yJ<^rL&Do6du{Tztb@1kk^H#tph2sMqW*d
zr3@Xj^N~%bxXAd)!taX-iPpo&d}+=|!MQJ&=ZpL;;ioVfB}#)VN=_h!)V%ziaY^djM)BIgT3@Eq?dhGcugM=a
zqVr0>Tn@(rZ@s86%#O_8Hi)FW?cj)DRrwQL6G?pTfj|4mHSpR?>Rztmht_<@yD2SD
zW4Z?_8EXFQ4*zlu&PS{QzF1X+W#7ptwEjft%D$
zb#CRwap?ldoJs8;JUWUeo@@|R3mD?+h;>QuqprGF?PVAdxaI`J=|Jh55*|K@zV+Xu
z>=G{`6RQg3z#Mf!5FXBsJX-a8b6Hpoj}+WK%F{7^pA$$?y0PZ;fF6-P%rDTth|uT+H%
zCr^)+M|053=ZD-*KBy1O_OJOaL4C1P)Z0x=V^#pUjXi74ZLPiaqZ21>68OTd!8|s<
z7It9t>Go5C4w<}t0jz07`$z6KN-i{NI|;%z^DE+3i%vU23ECZx-YgHW3$8q~Pd(a8
z=;K+=TsK_Zr~^5chhuTWZ>UdrxL7wHK$wT#X>`seM5iZj8BI>2A+C{s!-!|i#Z^M5
z=by!paa2HZ9W%^?CmkP)Hm$i5?4t7}w*IErBlu!iLeAGo5H7R)i~_NF*`tU%&{M2&(rgZwY)~#o6`Og6teC+v
zR8BCXM0un`3?VjiK+J3m`cn>Umq456ukG5yQ#%|mKH%a=Q7&b=Sd81Tto{f44cEtD
z0Eyvv1-O2d%l76PM{nw#4BX&{+5B*Tq?QIqYSAWrn#MQI
z#DS$Lh+VZLPfse3#SN=tO~0e?q6Wml2wHsR+uG^5?~s+!MRS)ZH7C}+(E6{>0IP?C
z*#R()N?nF%DpFQ{;k}Dbh?Te2lZ9&?>zeOwW##f&{cQ;T4{(gN092S4w5lNd1d90F
z@|GU=KbZn3QdW-uZ55qq54XxneZ{C|rx*xx2=I^ali-XgO%})@4t12
zK;xARao6LpyKLcQY*gqxVT{P}
z9^+WE0PhlHO!+%f6(rew%U+|hD*82j6J*z4JN)1T%!ix#eDc*ZY;>;dl
zN2@U#YC1LAogcbr$3-Lte6fHa5UDHNOY8LW!e1LkE5H&v_D-u}71hbDyi{
zPtJV&n9l!Knh{$KjJ!d?jfK0Xd~5Lyz1tt>Q%V1qQ1lyTaGK!xSxyW_4;};h4htp4
zt#^E}yxUqfQ#|m&QIXRb7UZDE5{F}DB1q{7ACD+}G_)&mD}9zR7w^XJ;R`uc8}j0W
zXz3L7q;Qs0d1Frt!Z_*`VvB99zWWrVD}qj1AC-Ka>}JzD#Vc_;J{GR5ZZlEzSDZVO
zb|mXD(r<$6%_rQ~29K{Ec!U4?p`+|Lb<<)Dr|P$PY{>4K4Ke
zFk!=~QN!ZC2*ua21!QC?!1WG(9btwV9nW63eDPh8O~HENeH>lgaT?IAqucUm{*5%j
zSMi6zN%}h9aupv|&f=49&)37O1iJVh3SV0b_n#!dx0Vj7%(}Ocq9yk3Bi3^Z4{SCQq
zV!f5FXmO`CTd7e9eImL2GI
z5=UY?@Vu^qB$mcF;AdxSrtD_Q%1Mvl0rOK9?DliqQfzb0eW}MubQ3=T;b6sE6ig?)
zZP#;$=UmiMHj_8tpN2D6EmZ%cjd}a`EimG%BOe0h9s}cs01j)bU_Mc-f|#x=_QwH|k2Vm5gpCBYuPS?OSv0?Jchn0>mHZHo2u
zYLSQ6QSBlvB&jRtv0bNb>W2fWvJJp!Y?k=xeb96+POvN@|Mp}`foV6REd~&p5*Xf+
zbwumf^wEzxdQ#RK2wLb>FLCoCt-G++!#&cy{}DvwYR-_@#bYT}D&#D$mfcMS%l8?h?+lpc3eX9&Qo&%`rvEr-tC+h4NvubSwo-1jd)fdp6_U{S;2HrFDkMbn
zXf(qVP!`}2qrflk@Veeh4`p_1
z7JCC~C}%TlYgD0Ms{z8$f=&WPp0?5auM?C?R?0hygI8Vm16Yx?GMk6XfJR
zfEadS-zb&plDDlC<~IqDjBjS9AbPRUv`bLL_(wrXD^Voi*n*e0GhT0jsCo1q@3AM_
z!|zMB0g)a``)6w;5t*WMnSy5J}9a$=OK{g}bhB6pHs0i(iSt$|`W5EH=^
z6Ij;Sy5rs8Vulff==t{8MN$t4=jj20275
z)4HBJEs@u4@D6JQxPKP5Qhflt4~lBl%h6VNd<(j4~TZQdddbU<}
z6vP&AjI;V)EJR(2T>Hc0v8H;9*#DyG^lXS1n+QPMOwOB6yh<0954Nn&aUuZfwoLLT
z?BE>tgOkl!9H3k-;|i
zO|vdca_vG*h}{!B>Y1#|S!|!*BbQ7}#=YA~e7g0nGHu_&){@^|h|@`Ace|sE(T^YP
zW^|G||HU><$6pr#{daIr_3~le0`oWDHRa<_6P50URc@)9vu~+Wtj}^@vYmVnVtUht
z$oYvIPxpZnD(x2ek6vRlo}uf{R<<&fwLrn2W>Dlb%otrI2gJWV
zoN-cgu8>yO3PZ56oq3@;BY^5I(W-xwgVnEjP~T9GvTKI#k?SZXBe*uWS0tr%1R&#O
z*vz6pMu}3SX+}AGaD{(h@)4zu2zn{ZYVV%(Jyu9Wd{#=xDfn_{XK?dj6G#&?zNToM
zZ*>HhaH-%MsA&v2lwhuvMSQjBC?`zgZXBEQDgXGz0FW#A`WYD0r1lH_etzlWnt0PG
zGQUnD;ym6wI237H_wZ7RN48ftk%tWEoNOQUQW<}f_E>xFb=3Xpq_mrjNB_=r<3Ir}
zLYrsi{d<#@IE4%aO5A;N&IE{>*uulQ{jOT1aIAxyq>%^JG)X7`O`3-4f(n!Wxs4Z4
z1t)8a9)(Lm0Z^pq#qoI;S0CkrbVLMSiC!7{T<})+y8#7f!rk!S#31aUK)gsfa0k)+
z6_~QA(>-8bIABJM@kkoA^}3Qw^3a@-&U1P8)oQDe-YZ-qhH?xu*A#(?1AiAG-R%Ck(M>3*
zK*BagH?&+4d}u90%8a2~GSRSVQW5}-R?xmNVoa^@AO`PRB^Hz+E>8a?b=l0Jq+Vi{bvi7R-X=yZ5hdI5=^*`1f0h`ll!i)-EeQCQy+#o*{`!Gvum%L
z5vQU0n@*5M0dF&}iZ_n`YQfZZQfra+?0#qg=NyBI5;Md_p4?a5p*G%{cJ>O`DKw4S
zy1z~Q>wo)#5(HPZ*wcu15>Z&Y(tu>7++tb5#S)@7+cZ98Wm8>Sl8)(U*Qvb!`Rte0
z8k1m8-so}e0P7vS3#pXYk85=jM=3-uZsoV1^|t%Ar>N~f=Ik%ER&BUe=^G(8^U(n2
zvbUq@ZA;Ml_O{CQxpXTyC{EwQVKv)Jm0
z$`*w25O$FI1m2NgatWg~7agM7GVV1}-60(bTynJ{_<#}6*R@2Dl-gwVG?QfEG$u67
zx&?QRisf323Uu&@10ye&WLj6z7&7vN{H}BdTYRI=du+|n31Rdz_{!~Zf$UDqiS4&J
z)00bO`Xz3KK!PH#N?mgP25@BADhto<=yzwUV;#>N=has#X-x+vCv8WoH9RZbP9#f8
z`0iGU7vCraE^KfuCVl*aw1R>i_UX7PZjEaGdikeu;8(w$4|I-pv+G*HDA-W0SPUI3
zp(`>^UMs}t4LWMtVoDGJ-7sd?-+bSLk&uG=33r|j5tHxqpi|Tuv~~PjfTX@+J;6n@
zU_ERQH_up8F40!+V*hn#e<~ml>r8Uu#_g!rH&-?Hj%O_C-B_7r{&h?e^H7}YKNLeM
zXcq|C;dKR(9N-c=q#+pzeMt$-oD?aUlY@M0xxu7BH=ao;?Ri{r{=HWzZa@B=kzxf_
z8xWr8V;WTD9SS1HwXlVsYG@ac)WhcvwmDbr2B&LBE
z8O22Tbav}ZYtm4!}
zWJ!(pDzmREKCAfw9YVLJ2_?reIgMpUV^5WDtg+4f0XW;l@Ai1S2!wzXiyw%>$anSY9e{-y6ht?Lf2J8#RbZ`Rzk_YuTMX-vVgDNfACrUZk3U5x
zAtU)}cXvViH2lD?HUFDz@ikTZt0Pb4YQxsv!5q3*A{=m(+3vk7a81m$brbg?M8S;u
z1`_x65=drIx%T$E5UdpfDn=c@v(eY3Hulc)>yE6`_u+>%=OpP#uO7fW8OwGe4^jiM
z<7OT@WtCKy=k5U1Jzd_gr>`ykRm?}9{XoXEAV&)!B!~b@*)mU4no6NK$p!WUb&KB1>*XhqDuifI`7$|
zJ@K86X}oj+1rU)DUmvDzFTe#PVJjevXG_7{uq*^Z
zSfQo_!~~$Cd<{2TS6@y`YqgfLa#tIV--#FAVuKJMxS>zt*s4&9^BhF
zaBn5~#J+aw`?j5VMPZ=Zgl+3G)_z=BdrHW#0#gI-F>Ms#>l)*r1hw
z08}&Kw;hiQQc>2gqUcr1&k&I$a(J>l{_3c-vxm*>eZ0QjH#c6U{Ap4X4A1_+FQUQf
zZ*2?nNEM|P5(U&b!TO$0U(t^!k|4t()V7rVaU~PuM3J5HVh}AmniW>07>MUzm%!4C
ziP?!!%_)Fp{%XBu37+G3{poN^y#~npBeW}LW*l;FxV~8~I=UFsvX1)8(*;T7Us(ch
zRq>h&ZcNmzRK9J_ij-I59u!v*G>}NE131!oVAqZp!xC9GAQ^v||7{oWj5e}STQ8@m
zVCjUbfn&6HW3VXO=7<{3gBpGkN~YeqVIqI8<0yO9pVsv*(V>(}+6EVHQIbh1P;i0p
z;||+$qrshqu_o-4hi@f3tqUCyY%Yg3PnaaA5?4j#%r*Mgj)Thhr^`Z$<<57*E{dzU
zOjQ;Skolwhn%hP$Yl7&>3`3Nx@SEwG)SW{M5;{fHRzYIkegvq~%aPp;JOJejy?6Q*s
z9RaH~4^>X`Kh@|~8}QDn42{)*fUFxBwhajn?$p>aN-cgj{iN~x6S&y|CFMCDp&;uW
z18s|iTEw+~N{Arl=O93%JoS&Yrv05C_Kbe>Da?|8oLQOnp-3i?p_d6lElNqw73id1
z4p5|tzBkh&i%(XjihR4VRMLT%v#Wf&hA*NVwaROl1EpvnQH;0lxXILyTv|+DEsU3`
z8O5;TP7i7C+i-!Bh@8jE*DjbeG8ar#C0XQ+M}n`yX3d0}u+}Tt)-TcNubK?AXQgED
zWy(!_nX)@N?w<_?M#$F_U-VTUn9l_PQXf7*s;*_E^riN_2LhzzThuC|4m$Hfz}b>S
z5FWgffSd6){}mOLT_=SBc5RTmwm@&Rf`p=$Wz?w{a#E6j*GKQLNXjq17ORCt4Qd+T
znE0Wcp(BpsqVMKqzu%_T%ZFYaanz?=j%Iw91Bc##eCH(&=Uds{bWtpSbSb9oYweE>%q(x4(WrRmL
zPMguFamOa^Rts|wyaidN0lif6|7CFfk1FE-WIi7nM|ieN#m_Ia%e!Dbvu-W?ySbNI
zOF@n!Z4(EEc_}9&4Yb(78`eLUpw@D{{&_yL>FG4o5JhO(Vd|`dmA!|@Up}G`FK4X3|F8ztnBVP=uA*z$Z
zIRiT-h#sWqJ3WF3a1^6lMp=jFfC;>wGSUdK;pvoSyiPUs%M-3DJWV
z$EO@pBjK!3j60st7+4i&Ac7_03(4~3@oOWA@}E%!>51E;Z5kPGH9w|f^V!_Wq4EjX
zgAIkf<0GYd8wReg(WsJG2=6%U2#=c~d~iZNU;FNywPPBih>L3Lm^^Eh^%oUV_5|w9
z!uEVE*3d-cCt<~2B7)O%WXGxSUOHY2lb7fvl!YM?C+L$!+halu|}(B%K4$PH9xWR-wKbGYY8u6B=(u-4%OzuVCDx1vWz
zy;5SCzD3)0=-qf@5zAJsf)Ac20+9u~DHqU{HJti3!OGp!-@#d)-?`Lo#34sInxCP}
z%Zsua%7-&KmVj3A^@iT$yv;*V_2lbc+7DI|9uAnGpI6I}7@oh|MwylQxJ$}CXR0u8
zF4L&su#8s>l=oqUj=;vT!Ac}vw$gfL2|sh?_Kzgvw)l3oNqZB|fd0!D{k!Li_@;`c
z5jQ@T_-|CeV6ML`H&6|WfdQ-1JNCusj~VjqpoW?Q9835|Uhe}sS})vt>=?hoKsFZ{
ztj~9NI)YJ~-SvQ$vDIl8<|HL*+L8M3Da_&euC4`ow~;naxwwj@(!z_0PN}?_!$ZmZ
zT3NXQ?`GS`_sd$4c}0Ynm@7?Df4^hUq`8y#4nHGz%2L`YoOn%Q(W*cp%+e!!YIp=b
zXhRznA7+*`{FNF?S*BzGm>QDl4Di(rJJC0{rm+A;w;Z|W&|7Tt68-$CMUNzYZ5aUz
z!~bW0W$}uTJeQ-E@UFuV0I$_zBv;sxM!p8?_}%?kub&GjeSEo&i}Lqly3;i68lqpTn>^Q@={o7QS=F&Oe!TMy6)Xi`
z6L~;9!K1jo{3D;b&w&V~9NWuukK3QIZzZ0_PlXloz5e5@EKy|NyRP^>e8z&|?Q;9S
z{t$~dSYdo6cmUKjJWB-*r@O~$N(3*%Utr;RT2qccZ$$P!87Dt-b<1+>y+!F-nZ~A#
zE(auM->-#R#oz)n<=T@~6yqeySbGR2que5hK4yJ!4j3%{F~9C(Y6sRz#zj|a3i4_T
zFP6b;Bdh3=&iM9`RmLg_<7*ZZ^QaQm>Fq6>J>}0El+hO3DriG_UO|+{2?KWB-s$1s
zSs5UvjCRaVvd5{C71-#~#N(5{M@q>NA#pC<23g)GDpyAg?jAK*a8f47v4((Mvv~1i
z_}`Ej{3apsk)UwqWox_&LuM$5ncEhB@Dq#(AVUmMOJRu<8=N(N!(`MoWDv;h*QiD%
z*R0)6cGEb6R?nq{5Kg@L0C@c*CK)_HD$l)^-4LakJ$xR>rLpF%cO2(vULD~G9O8@n
z(kW369-j@qHlY)yR}&~56Z+Csiuc$Z6)aP2ugu&nz@Z_j?@NK~o7=6Y%kJJR91O)uGt
zWc%`DI)w9&E&#gL{r{oafnQ&%4v1{_^xV2Yo(RE9rYtD6`BG;hWd)rSfeU`uEBv>H
z(JFyQW7X#|lqiDNI86Hd7T95i($iz$O
zE}EuXETV`lBk0}_p0o6<#ZK^IUTO6XHek0dwy~vn&TF_hWi5BX`$tv7#NS}Y>pmoI
z<02gbxq(0cE5uLys>R{hROALG1v~LQ2SmQ8l2NsXYxm*n-%90}lC}hpiEXJoY~7(J
zfmdg5$F|`Ho_y~zKjdpVQ-a6yMqlI&7{j;9tEbmV+6`a){C>xB%yI+%_2#d={qt$_
zE(l{!N?f?7graR2Pa1?R$^u|i5r!A!FKWDt3cmN6pO*Fln{G)Azu8&ZVoum=X&9e!
z@A;4H=OH_*E4mi*NBIj@36iz
zaSFWg+PRzGVKwEz6!C@h+-YNfSl{**G--<<6g}oMyqkN!#U%Elsa3kR;)rex>?vso
z&L3&Llxh9ijPI8IJ@cEG`%vwj(p;LGErj$BJ;^vrb;*{>+kDt4ZoIZ_rCZXaQe>fO
znZN1sfb!gs&wY`!CRcm5&;yGm$L$-i=Iz{3VsbB|MRLuT^_Dt|IZpl;V=y+nJ?xwz
z`K?U)GRx5lYCJ)e;tCc<)CjK61D%Vxq5N%UD@(pxuM5RoArl*RRYZ3r;^6X
zLeCiFM*MpzP*ypz2hgx@erCFyvIIQ}K63D%Nf5p;1A_A2qG+GhTsRvC)o?XOZqoxO
z<;tw-Cip7+2laU(|5R%}o-qW=dHGjv=O@Y0n`I7_kQxyc3unT8v696cFbjQE1xg1P
zj+}fLJ$aKl$g7(kVF6iYVa1L7Tp?of8)Xf_8FI2+f&S%Isn-vl#HJv{z4|^Awhn*4
zfNeiG<*Vix7cH<^z9=eSAAgF5mA3Zmi}0>T;<7bYA_O_lo_AaJ*MN>ziKM#R32Lp|
zr|{ivyF=j1&e{UI*^)&0Gc}g+*{4tzG|^Q~h0UdXZH55YMwQprgtlbgoK0ZB+qRe{
zjD&V(GVb!v)8-xe^EWDVhMZ%CsvB?#3g3d|`39e^Mpb18zuIvl?v|P0f0+%t_IvU8
z^;hA4?D|Nt&;?fCs~oaykT%N1x%=l%voVI)evK}G2&j;vr$@Qsgy3rGDJ$T_{&x-u
zR2$iO9zCSI^?c|@-FehpzZEp@m?$(O(kFI!wGkCHz%?>@ZKQmxNIv@QsU)|T@`Bpz
z!_JCyba`AskXjoOm^@7MBqk|0k+!XuOBY%tl&XAhCPY7#Pea0m?clk~EW!g>R89P(
z_SB+Daf_+W-KqXda;vlL?;7gf^~FW-bCP_>;g^TW7}~%35iDES0-Lle2n&b=hs;M#
z=(?X2IA4<(G7GulAV-sKy(mGA{wqIs#0Bg(J0O9oS2+nI%>_PSV>jjCq>
z8+V8xdL~CTOwSPYwra*KB1u4~IFD4oB$oB_#XBZ3hDh>gvXu`pcE^D~KT@z}q&yh1
zF@9^!
zNnEbXm^2Nhf=P;Q%zK2!UDg10E6w9}&?S<8KWR6z@$D>{ayp+gCq;LDSOzCT6%wm*
zXGG`a`j8thXGR{Qe`p>H!M;EL)8TT4qTw&vQ0@AP)~52_LS4>sH{*x%BTkCoU(kli
zO40r;)+OO{-Gg48D`td_pO-n_9l0P)wkk<3ycZVoUL>A17C!ATGI(o^8201UnsCpx
z(PuB~JtbPCil8Oc&>Kj-dQhX{dB_M1Wn5
z^>o0g0GJVxI;rD|%$XEHy{vd8HV8u?ADeD#tDF+u-5VGA%gzMA$kEB3bdbP*mPsxS
zSojChO!N2gN5qIa6}d{xug2wj>O$dLq}Q5{_4&{M`&=&88fD|w*3N1tm)inqlj>s!
z%FwxH*k7anKE{VS%4QCBuu;cmx|FH{8DX$oUvOvVv|t_$>!%Mt?H)p89kvn~mD?Wu
zhKpWTuJ|(DwUN};PPG7-S+-kJ#>3(spICQ4Y7Fe&p!8Ewl_69_eI_p}J)`i@MHKNP
zhVuqRu{6|}AEzAmlp!ra7r~hdrWJyxo{`7OMwl5OXh?rr_&zLdP!IjV9syPamDF-l
z)yX&f+SL4&nuR4Wn|4E1&NFdHKCl>RedBTwF5K^`){JNruTj5V0)PAP2~Hy@tb2ej
zMj^R{D14>C4cIADdc<;vSTjt{Z+9Al{rFl&hF3*FWp_Hm1PCf$85-yvG0zb&vB*ZVVBW)dcTF
zhCi4+eJab!bD>yXOmL_$;$haul^1I5baL=YM@4fNY+|zLP~@LGK@`$hw5HpTJbXzp
z4qkkshR#D;w>ECGaj|7&oEB$@(^*3CZz64oObyGQSTDV|RvZ|u8m|2|@0An9zf@v=
z_QxPELjvJ5aGK}chp&yq`ubl&ygc4wiVlCq`jZbYkNzuL+Z(L(1S$gll&_FY_@M!}|k0g@hmSr0;)$~poe&3w1dl0l=
zQJHHfM*Nl!c9JgHo-UW4hr7o^TGi`(SZXd9Om}T{*CqX=%k*32(r~R58BcfOqdMcf
zhi;M+hivE8w#YBg%t&SPWyrygq7CiWKXI)X-E@~a9^ENpU()+Bgt7f1VVa(~Nk3d7
zY~)q+c3U@6bmGNfzwX?@8QkQXFBHqE-QQnVdUMFT?KFD1n9e1V?QVktY0=P)fn>kQ
z)!>_i7<;{qCGY^>4}=SChKv|hr9Z~=Tn-sF#jN@AxlmR!dl
zeJI`@Y51x>+v8l2Gk@#3{dMUCG0p8&Tm$6?ts(Dhi*BjCs{j}4cJ643hX24hGW-6E
zp?U9H29K8W$7Z+&lB5woiV0aXK2Qg(eU0^%`hM8gdCQ9K)6UlvfiI!gqakx%#(9>{
zMi;$n_h*E!x_BstOOqtt`{x)qr{aMLnWV=1njmW6WjL^`y7wQSr)J-rD^s3U<$>v+
z9x>i5qARsuMs=*WK6P4)o#IaHQB$rZ-n8o)~~lOB##HZ&j42ID?fOCKF|S
zOn)ngh~OGmh|n%Q+00XTP9Zx88E|1aLsLIuMP0IZeV0rzO${k)#Eyk)n&
z;*a*&3_Heo@0u49qqxhfnk}XLnYv}{bO@m{au1wu!+AL`W%jqSu{6KtToh;+AZlC<
z;QQv)_*jcqj+KtR$n0Xyhzb|I)ttccKCb0j=e`9(>@k;^{$POtPD*^6c|AHVR_28(
zOYPp~R?utou}5_@l7EwWGygKptGbUt%{ZBnk@(^%@2PJZD>yy5&AFVR@1qj4g^t_z
zT@?I#Hfnuc+#Mgznd$!gwBq-D;5LKi&GLeM6*OAtp5OpO&c<*v)ns6&vW!OFSlI#<
zY16nf>CN5o&+Ws-rWNMNGx^6wX0Pw+nB;j(mp|AdvPgN`DS`U_On+gf%ImP3hvM$g
zLdxc|v9Xm>d+I~ujs7#jUnqV)lj4c^V?mIzX*8)w#wDJPePHk3zXH}Z6Jkjh-%eEf
z78&5f-(uQ6^dvpy!NKGc+l4-()v#3>Q9<@UAq%MnL39^-((!>{Kl{qbYMCcRPp=%W
zK#W|m^{0WM3v6>YPk4ctXO2HiBRDCFziJW1Uwtj1H>#_yH*es){@S%grAdk`C^7V=
zduxo^C&yz}p_9o|dmVI*QDloWB@)6C&`!9vg8ApB0kehlG%kx5<(;=VXnqJ>Vof(c
zK#CK(pke%o3tviBZu!F`iu7_G71I;KXwp32Mtn1CXm+0F@U{+)DAEVeuDZVAQYkXkv8>PNXjO)%+m|94Q5R;4sbg&d7nvn(
zAE*xqvn7%5^(VZrKY(}Uca-1!qzHA^@@RI)JsE3L*Loyvd`MyB<`H$f^+xfDl~UmI
z_HP$Z2aZ
z;{`q>!o4^*1o)6;u%Iwdm}|Pj$;t`qA=Y)gy8|QLt2Ai79~_jJVEQw6gu37X^J*Al
zTSoKvUl$Kol68Erqpg-6yP90h#|AMQRBk=AqUA)7JLxEII)R9~Rwd#k#dGB5#k&Su
z8bLJ`Qq(k5k7vZwuCI6>3?QaevLo+bBRb4>ZY{q=1j|;%I2qMHa>B8jTsaPd8cHHu9q8UCCvU}{lvR=+a
ze8K1lSJTIl1t8cvP!e2N=@k~T*MFnHRK1zbH1>M8Qf%Oidi~F6B_mq9W8h5I3mjsc
zjFc>|tY_k)#wb7S#K{0Bk{d74V|M2qKc|d6W@7gRPCD=~;HSr|c{U-{ESht%qd`O7
zkyX$G6B(Zrk#IXdymI*Q;o(Y3yh@}CB1Gt8FyDbC8JcfFMK&k@DA#SoS;c$pqs5Dv
zp9sMKEd5sWyRWHKx4O9y^^$5ekc~ZCHcO0_e3@XZ9K44;K*a6!KF-D{w~dcSZZr3X
z-?zNGR$8@+C3Mqk=OeYciE_-TCc^aw_?lrt(;FP<;W8W*-v4xbKqhV>qHhxX+vUe#
zW9JR=nSw7V8?bwFlqfU*i>K|X+4MPK8nU(_t>x5rtCWRmI0E~fEQJ1MS*N+D-X!v;
z!Gh6UR4s8x{)~*N>+c-b=(39iS23abXD8lEuH4?_P)V$MuwB3Sz7{qw7Ijtoo}0HY7p)XY
z_}5x4E6pu&$uWYn>0z45&&kjhI2+j?H3`qzkKkV}^XnCLWg%BpqHMQaX*%L0&k>)+
zewF#EHuaja?#1Hbi@?LR8d;LNP&yauJ&W0h+v@Lo>8m$9!jkIe`WiCfB3D$AbE^p5
zSV@nF=A*=)M#e$wJv(>Dy;i6`#AB?-yjY|2M$+P|XSS%=Dn}^UxC_RLX=c;A@|C32dvQK3NF=k&VwuyK*&J{NiAypmrFHWHLC6as_
zDezEe4z|r@&&`?Pb#S`3f#LL`$;FAO~G%fUX+eU62ae|l6h1WoRXj*2FzTQ
zM`O<5N$T=@zGC`8oL1=K&_w)jG*itF=-80f>z&nJx<_BnJ&@`{aRuDqYtbEhdVM1p
zH(KF-E+jqNnVds20Lv2H{pIeqmFdnW+C}LnxgsZlEVWb#G2ZVz?Jxnjshzn@gLnMr
zW;PPdmLdI~{Ld-cq6Oc%d(WDaD@|_2X7d#xlM9$e(>wY=>gK7x*EC4^sWA3r1N7_B
zdx!+*$GG#oYf(K%Z#M!C$3J$HYEizQ-DgB!K^86!T`O&V`*ia_i07DF-P%BubpE<`Ye@A!>vP
zLV77)|6f*3e433XB&NNgTPruLC3s*&WaONpGBjHF;R~B5kVa%Y7rh54thqWrEWQ|d
z$&F++Apgm=hH(~%F!A&D>QB2kC01^20j308_i_|}{R=iO<(tsOLYn;xB1b5lRKM11
z3lX9fxeKy(ZYu>@m&C>0&+6zhM{=5Hy~Hp$;lw1Hethu+Hgz9I!)>Qj-giJLd|M^o!=K#9r3Esus6!)Q$4So^1|~m
zP>mM-F*g4Z2ZXg8$OV`8HV{l-Cc8B1gV3T#8e|AfGdeW#4xVAh7LS7W$6NeG3n&{mPi!8#K^$A7sltM+eRHTTGv1j_nEM
zt1rEGN1Iga9ljg7fU1!`xhS1-t79S70QxVgj{p@SIA;>K6&r}^EkRWOVSiWGlakDp
zon610EilC2I)w9L4QGi2obtLr%-^)}9^+~C7MMoqVl?9#Q)HPxY!)r^!t|ah>rG?l
zAyf4`PC-e(`Ea4h-pPm*-sQ`l*+viZl^8vRy}apC7>yxdym8-UzUXEjAT&50lB<9z$EA+3wArJ-E#w
zC_1>WqAX-PQhHt+0m>}AS=c(tfCRO*SDcXJ!r0i$*>anc6e0HNZ`vLgyAviOY>;K?
z3wqMQA4?{6>Kp3R&L&DabnQ=GU%8a3)|vfnS#oX7X7_og!MO2)V20dgvB>|&)>lSF
zxkhaRf`A~Ml0!;~pwgW~NOua30@4iv(jgMV&{Be^NJ>kqfH2Y^UD6;8()HbA9DU#S
zTZwD0wo?p*B`8LBDqyTOaHN3v@K_Zz7c>K8dApV_vovrWfB_?$-
zovOi)?oNq4ZI4g+rc0~F_9sj;20~du-qTV~atGclM+f{^({rACgb*_%!gq0Q<_2?U
zd4!#@!F6|l{b7_f^=D3C_xA#M=gZcpp=hD
zu_Xn?W@BvE%n_o=wG7@PHX{LC6YD!PRrB}0JRan}`QC8(N_C_@hE&YNd?oH_1l
zVGHT$?obK$eOl#VhwL%S?s<#l{tb>~8JE4!_Raug4c5l{4Cm-<=Mbz!ZnWp9l&vq1
zzT$ZugM30^4XFVXV~XU1T+Z+bB7{6fkDIqKaf>*0&_HvqSKf{05HN4h9(h{VZ==l8{%1(J4}|YCyPtZtU8c-D0(PHZ2sq7aI|kvQ_?j`
zMM${xVryfN1TtliOM(i5A=|U&0+VrF)zAW!GOrFj<)pj4$#28!8wQ(ZN2U*Mx(>5L
z&4+0s_%3SgR0tM*SrV@ob#(V>DXXHh>(f+)j~xdmo)Xd7*tdPZI=v>(!Dt~QIIlnRvjN1)!uPS
zUNX*sm5!TSLGGKDwpvJ~F#%|`lST#=0*Pfn@C%`3>A<-jXiXN!BNZCOojX4Puub|n
z`-ijt+6ABD0^sqc?y50W4#<6(GT$?d;szhZq^IQGPmVHps9f>Hh#p;
zt}F7DDhW@2LdU_N8<_5V$A>|b!>~S%l}%-q&~TUA6~;_5Rvg|a6Cbd+viZ&Bi*Rm<
zKl$sIwgFV)j4NF{gjF>h`SKvFzE~yH6xXAOQI1ZWP6AFH_3L+f2
zYS{Tbsfr2uAti|L?G35&C7*k9Rar$yG9E1|s{_CAVn0R8Da4(87RS?aI`7>Sf6<7e
z4DqImP#=cXyywH;x7iG~kHVj0QRIEa8FtLgo4S<_4Ki~)80YD{74n`7(`>wS@fp&q
z%tkgA?Qz*OiYGE|X3L+AraruUxnXqhxX_^Mp^)bcV(+AZhGHi3T4E_|@3Pp%7~`sI
zpQ(`>FU8#Np2eyUSfLCct8845z2dpAcklA~82um%Tf@Lh(rZI?ZLi>K+$kf*^Y^G5
zYO9)2wU1-g_pg+;0uI_dXZ8ch@9T_M!<}v|@wTmAYI~dMFH|9T+>q(V0JznIb7vy=
z=bjp^-iIGg-g&RE=Udf*HDt#;b$OYgTH!DiOPL?$RS!vr{F_LPpG>SfP21y*RD1J1
z(koitu5o4h3yo#yv}AtTt$h9WX>JKpPvd>jx==p9B$!!5nUP6p$o7az4vb(j{))y1MpBr
z{?aQIvewdEM>>`{|JW>rqmwMHt|Gm+V*3~0PW@#WM9xX0&X-*Wp9{x_XRC<1(^}nL
zm$&5G{PK~(NdXVJMXiS%!1V7!K6KEkvgMgtSjlm?+ehxXR9
zAAtdN#qC%fNxE|LK@Ywh6N%R+&3h!nJQN8^PCnWF7b9enr7E6*=-{$AHTYh*fIRoT
zU7WOvauw(rDsr*h+vcYxzW4!a5hUn#B<0Hx4M~VCz}SAe=+M3B^N@=*ZMOqdzbXiwCmW9205B3u@h!B?`%;ls7`ojUB
zYsiZ3?|I`*LMI;O3b5Po&$!PB8gt@H)`?85)>->Q2NY&nhhlBniUvbR%tXlX!u^Cu
zU$XhXj=?@X)Yto>M$fCinE_I~VoGZBx%^1+_27?kNvTkJ)>S
zN$fl<_tNC$4Li{aIk)XbzqV=mV2KY=-W@u&R#7w&!=ja?5AvPb*UCN3tvNxW|z}2jYnLbld~qYmU|TrX0_GTl+lLAy2<^4qpkIl8S~&0qUeH(v!`+axG-rx6P=I}4NYT>v$~76ZD!za9tc$)+6@
z#}8m^1R1y9PM6_%tRFQ$kf9{Blb#8}y1i5{JTI%7Q7*S<2I!ws`-L}oCXfP-KN*x@
zwduJq#d_wWMK?#D89h~s3@>?oi-xJwU^g|U+dhrh0uCpJd&O{zH?e-$2o?*F0har%
zLYluzT|rvj>LWIAyIe(gFkFM@%63(DFw#?K-W3!*zNe%5M4#R*>v7joJezR@UBT`L
zn?C&({*dlQ$@j^h)*dQzW`3WbH1=52>mr>jKCm~6N}+1lI|4d~naR=tom~`XRYT*w
z%VIelD4Vxu?Gt_$#KTf@@r0e;zfTi?3UD#s2a5v%@w-ftAyLksG%Sy{%XE_tpVN&Jn_av~r=$36K}7z;q^Bb2i~fB7(*
zp6GXk2DRXQ9XGk5e97us09eYfDU-GTdiMuxjJ^?`Q8TET>HZD=#tWj}aktURbs;Ecf3`b
zmh|7|mt&t@71W|##5wwU@1}?wBL!(_K%MIzt-Oo7fSlsDSx-^QB$ed$b4b(Ys~fFB
zZ<%$o<*Lmg&&CKLJ!~y)7Ml#%cd7w?I6a7i>DU|=E>2xtoeWl9=wK8OxEvls-vL}LFHQ^Cg74uWPc9@PuiZ_*a4K3Cr;)4>H1m30!|4c_$Kx}{=c|5DuJDCAiPKDn
z`27K$P*e|PiOV;(78mEt4bVRJ3_1MozN9KpZGm;cfIU#w%He~nBX&&y$_LB|cX`m3
z1j%$v(cxz@wQh1R{MnL6-4;luCQp&L>t|!td#m%Wzd#>o>6N#nI*d3X){5M
zl~DPK2@=E^kHD3;ai($2vtRg-IE=le?%JSn{ykZFWN?C)ikhY6r&nHbW^Ie)wu)v5
zaiBA*Q}x8y+pj2T-ZBozWUB%hAiA>xOiG_MI_etN@ua<
zWn-v7s;bwwmE=i}E0n^|HpU#?o~R`@7QxqI64y_X&&Psfs;xcgt1}cKqcr*HDt`bx
zQ8cPhnR{FQ5U{!t0Br~}#U{#oOMlSS2idBFlgZ^HzhM*N#+c%}pCG2;3(Q#4eEJ@bA63Cs&j+TidOr8
z_hJFCEoJ2}WXSt5apHrPkQa-zkJ1*x;A`sCsdRd>>k52X){t*KJ*D?PGjK*ErIFIP
zYe5N$T#KjP^AOOA@eD>;d=#XiB}Vl1`)};UB?N7r)S0m5?XP8=-tlp3i>F*-YZi!vb@#Q
zwtZ?FobCayy8GU*pzWsLgy?kx#-@jKGPM*tmF3%Nv1%xAkY63l!}6@l^TGoyw!*Kg
zNNk-Ka#WCdzi)$MX|l;aPy@REo%s{;KL%VA3W@VD{&9	spPnF
z=;;1WGO=zbBQ>3Da&qOaAhX?jyK^=BJ{q|3@4KCrZKBl@QmyL1{A!P659iN3Q7~9t
zmU9>XGV?w(`kS04Cf!x~R(A=Qgh*`%JhJT`=tUZK07_
zchm3Y{9RPeT`dRQzYoY;ONG;$&x%DBUTl<)yT_=WY-mm-^IV&dTyLWyfvS$sGAB_dmU>?k&BGmwbY2cy?y9d-L#&
zI^SDHb@S{C-tv|m9x51qZ&-|8y?>Uht=kiF)1+E{KQ%(oe!;E-_EFZUl>+rV0nNvP(I_iZuW56
zg=tFxG+X>=cA+3L;>k=u`2y=9d3%=r3cuNF9cMD$$F|m#AJ+cndPaOe2NE>P-v5HS
zqZjf(LAEJhLF_a{Zs-JXT-?sA(_O}1Qv?U|?q$T^KK2G_L<&DLkZeZy
zS(D9PyZUtkVjxr26w+FIm0qhh&jpmQAr$ET9xAUBXpO8o?CRNpFvjPh37};DF+tSt
z-$01scf>*!OL91#*L3VHP_AJ~9=km{p1v$$pjX{`ZVSKu{MgatoS>7-qYcrPRmhu_~k=0|G}
zy7SY~lSl`oa*T|s#{dujg&hh^Ggdve_E1v0C?>>jQbYeyiUtGSc${IQFW5?7X(7ERnBN&bI70coHa5^n!c^HUmy83{fHgkKXHOz_8ElHI;y;N3wU^84$#
z7=u6zTIRU)QTOi?B!XhZfnvc7DnNfhC#W!esm13y3tl@Sw1Swgdh%(#>^>GrgRI@a
z;K2JMX&Y#%fJ_?)NQTbtNeMAI)
z+MpVSNqy;Tvk)uSCXQs)HOmn#gQ{I-fv}C^)KzVia*!T#@-mjLr`yE|dy!jjCd37O
z#ftslcCLSrQ=tp3!h6suXV)Md;o}xE@CbvIMO&eJ9k1m~i4jD)^@&InzsQPyely7Y
zCO;I8@>YH)hksP4zb=Ou$YEVV=(#&UUX74I#n#Qvmv1et_+37hJ%ETXQ*vtyJa;;5
z(DV010lOv!;!A(sIba%Bh%_Fr(i(63%7O(iOEWxhm3g(6OMxPP$ly-
zPJI7vEH~#yY{V>lWPyD-QqTPwvxbbz!mM!nIGgd8h(-oUeT0+)$%};av>!E|4xkkN
zpOoV7V8zIff-zC9Fmlw1(E$I18K?XqHHupfwml1U=HOszKup;kZ;AQGUBP7r29V)OCJY{AI>+AOk|wrQDP$TwK(^f)TiOkO>2-FbY;m^ZBo-_`5|Y
zH4m74+8V2lFW}HQQNS~=i*8-#7*35cDUekJUb#!RrH>+1_IE$tr2Px`FjJ(2l#!ry
zxjkZL!r;oA8*-XS3VIE%gytDa8ETCqz3G|5Zw&~l%Y07qEEm0!=BnkclEfWU0vq5l
zw6mj#XT`kEW=D^<+_h>ie_u1c!K-jgq5D{^lkYXt%u#f&
zzHiF|ra&UZSsxv$dz?4^4KmH>LXHcUf)c+-pw(*o2n#}Gdm=_xynk-vr*}nQpv?0d
z+z>delpCNOXz7+{@9JirdkOUuYT<6;T=Opl!3f7Jrd9v!h({@8
z7Y8VR<$ZeM_9DN?B371;6+!0)bB^|#9YvXPRX9k?VkaLU5w6ygX?!9n^~Jb19!EIq
zKC~_RV<=I|j7eNJGz9H8`h0$g}G}7#3j~3f-uhAh4I^L-$Iy
z_l-`@n*eTLhjG39>t?^wr&I+oII=x^_hWD{rX+C35#nQc+^Q-HHw>z{zud8F>261_
zCl+2uDFe~PXv6;LU!jrWuyYuyKq;8vV*4gbYb-Z
z;&)e_Dz*^q$F`xjmoRL+8%a$KU9OtDeIJI2l9~q;3fzY-Ue-d06tO^)?7Y|Y3BE(Ib>r?;4nu@x
z+}0_6%hdQaExRDk?U3hb9&|3>@1U_kw~rvKQ?q5Z+tI`i7~hz;Z{XYQN0-+^tga4Q
zmMsg|eL<97wdp0V!`|k3BkOk_}7dl1JQ$%|*Z&k611VWndUPg5f8
z;ai`Q>07UmLqJkgY-?3wA=<}0Wo0doe>`Fy8gT;{yBq`Wvwsr^>VX8lK;8E3uM-g{
z3LHZPeC*y4|Ko4C8VUqr_tib1d447A1GJ0pM9b7i-v9j2uXrbekjhg*f@WYlzk{k5
z?dN%hF4K^P54OCl&t9dz?WHUT3-O50=Jnytl@rWyeJG-u9K-C_>;*fop=wvvgx%v{
zL+4vagA|X7D$_1o(vozXTG8}N_+a*?EttK+bMat?Jxf_*WaV1Nb)tCY!AW|H{mNAG>A&_)a_5Yb?`W?tWFaV1<31+&F3VKpFr~rTw
z{(;Pw?VGB?PqyP3vlpiCPxJpM%DnN9uJ$9Nlii6xMDiIlE{&Fngw*DBd0UKIFe$aVE6tK=aW!X`sCv!`IQmXv`fd<1-@3XTdso)(
zY*<{PTnYy{)gA_Be&oTFlz4YCDa!eS0|YP9o%HzpQy}~sGAw%15MdJa#5?~dD{P^%
zzJ%+>PcVdz0vafNE)M2(W^DAbWMi*!l(wh=vvcL2LX8bmMpxN`l?AVYBdam0b299O`-ak|0ctocmYIEOELBkCCt?99^IVLbACs3_
zM%?G`P&@m5rIY#`y4KxHkv&>PT*}2~_?2^IkX$9KaAM#VW9xTFq8+B+5nJ!186{sU
z=cQvzMmB*0s{3s7U%75(juQ@)n%+FGBYwSmQugRsS3G$egRB50ixh9jSbA5UKy
zO|YN{X^>kg)GlL@K5Y|e5u*_{@OBtC9o1v1s^_q5r;d2rNB@+!%Ng3~WGAR4>CLD@
zq<590BVb=aRd1&>IX+a`9#b_n;Ny!^V#`R@VlU%*pdfXDujShCYSv~HKa-vkB$WAL
zKC!MdjvGjVXr=Fl$@UFa=r=)#%!R=za?;RV%`Zz_K#MYETyitHS3wo`UpW04M!um6
z1CyzVpPe)e1rSC)^zu8Q;nJ>;eug}*35#YlqpeZ-FmMA2IC?xgT)v@{3-jvSNq-wrn2ETEm$l>qnM`<*7CW>u<1Cb0w73z
zpFy?D`oGWIiz4Z6_kis)f1+5^}{DZUO1gc+3AgZDh=rTVPE3+4YjBAmMz
z*-WfHoGcxwEANFjq^T}M!Tg+W@S}0(k+CBKXq_1pX=z2=rbi284~g#ykB)(osw3rT
z#Vhf+qg7f)1&~lz@6_^em3En?Wkev8u2$5sk4FxAOlGxa4z(sprqpqq$Z4;!qOZJ-
zuob@KeBepSli?RB2N`9z`*|`n;F*`u5+Sar1DJg5zWdkUez_;(EUI3A&-_3d9IX!p
zPbxBf4+s6c*R>*&*Y8=)_lhZc{?y3b?uq_+#o)eBSH_5It%M9UstEPMvi0I*dFDHx
zmh60A)ik9z!+DB)M0a+d|4;Sy6_wB36}y8_0Xz|$9V$NBp0Dz&dVAC`!dG@B8ve)x
zB_RSD7Fg0h{DZ`wf<~_h|8>GzG@Ki8+f?jn8iNGpz*Puq+hg<6qy+Aqlq{7bg4U#V
zWkFb-!{?!mFG-SAjFU#hN7x&#sj=y)VLu!%GlBY?@dh7gnocU(R@zG#sgjukXRUFb`+PVP&QQ2nChFpq$zJ}q
zOhxx6ZokVhY78;_YFFz|qQSvG%LC
z`YIWBU&GfZqws-11)MGcafY8T6NEA}4QJO||K~skr~~a=8&ZJ-{Vu`j&GsH4+jD|G
z2Zx2|Lo^eLZkRuLW#spi;u{hW(JN42zgw1EcYe58QSFz=k0JCKtxPc8)I`MV5E1qZ
zu+oBZwl=fKcCgj6j2r#4+wv7%dCRs}z2pV6&P5w+TF~Dbr+JFNbY}i
zI)p(q9$u+MZV7ZcmsJIe!wpzf{~2gRHJJXxTiU;fSNeDBe&h&w85af4{^1zK<1j+>
z41B1Bn~Dd76|X~ItHpfxUFRK@jxXAyn5KQ#+6A|)N~lwBurb@)2vS{)VzjWQ40n7N
z8d_h^v|@k2%&gMg3gerWHu9htC?*@lObHnA5n(k~^P{uZ$GVZmVoWiQc$`i~o1UjZX3osQgk70{@Ycwc~KlS@#GK=xQnuGz9PK
z$yJp|MIbHT*}5!e@Z9>FYy+i8oY+{Cv-aITRCPUt+bMlmtHP*6#L*~?
zJ{aP^*B(;rB;O)_E@5dawqhLZpr;8Xz|p%5lHL|6x<3?&r)MWOd71EtgEegJN-
z&Z>o)g=howa&%e@pp46svIkbSRze`{@zzJuZM_A(_ikFQCoydIG_gA!H|-v7p0ZNm
zU$)KRq4y@D8?V4=Xh|jhYqxTIz&bR254kfy->?i7nG1KL5*}65GAG-P;LNrXU&D0a
zWE$6(<`cf%ooM(^2EB<2$2qcP%L%j*GlUSsc~+~}5WfL@m|Z%i@E!>fb1kcA1*V5-
z(Cd_RR&15tx6P^ijI0zgvmG5o+S`G&FXJ3d!dZ{$G$rhIqtd
zn2Z9FvyVKbOm;267|@QbpV3EUpKpRp83$RQ;LNO;{?Uu-mAAw-rkl}?h
zE^Y{Qpc4tA#H=n*nXu|}4PLT|)@wNJ!({l%f0;}U3uOw?B&jYBgFw`$y>wZb#`QF+eZ@8k;Araeu)aH~mM+%mlI8!^B8
z?f#Jd+j}-GLn|@w!%Ae8+ZlR~?Si$T1lJxpfVvC316Mc^;j>2*30?%ecoXji`~Pq$
zFj1D-wC2D3)%fg!&t@AG0vpwcqyHqOa!lX>#d+lyJ_Qem6JW2HFZT&Yb7J@H=HSM2
z(y}rF)7DT`^Bhde$YeL;?-kL*WW=LseJ@vd$l@E&KiB+&!m|Ga(7b$7{xUe?Oc;ZW
zWt@e>D)*DqH*Bi&3AE-WQATqK0%2ylGQLZQow?mAz7n$4}`;H)YDL
z4<*trx@!5|T}Jh79l8?kwXXnP=Dn|>2KkQwcV0)??42buP(~7v;IM%62Ih8*un=9t
z1kZ;4wu8v$yBP%-p8gqiTc8nq-MlJc&%4hU@1*|1)n4|R5T4`zT0xy{FN*CmKLhU~NgPr&F={g&!(
zZvc|}Ulf`SvQTHo&m!-)L>88kEKMzZn?NI(S2FkXXu?BoKRLqA{7&n9?|badp91G!
zU*Lk8Cr1U4<}59jVq9bm)@`Db*Ka<+RKtB28DX;5VDZwU@@|iZ7C3NLhC~@#+0gj5
z14qQ$_&8XWs34a>jK)k2K*hzi)#YD}@9(QFARktvvWI*Nt{M)lsPnZq-IZ?e~%HqTa
z)F_1uSSO)VVnXjtLMj%+<#N2b#h0SWrjxI6In;sU+xD17`m!1nj7;+roV%(DcZ@rb
zOWLiRw0GXVzT~VD=$oh0i0>w{>u9rmbN-g;)MvrzxBhT;n|0p_{etJ=#2A9>CCwL~
ztZ!#4BwoqCtClH@z3rW6v`r8zfj8@5R^wq>b2016m_p8(!Vro#71YmKw)w6kFzOeBG>h$Z|g({=3m|RC*)b!TIPm6Rlk7F1bwke_=kBi0Y!V~$^W_~=L#ztT`VA1
zlrN$b4fEEWiEku|lUIao4-VoaMA$X4x6W_Xh;}CY(XN6_boX1eJf0J)upxOBY?Bz8
zXCU5YtO@Pr`}B?wxWHO091AX`Ly{t3L53Q>a9vM8_$jo7(gTWX4L$dIh8CD$x*0KD
zXhAQtKUrqS7N(vOTGBKbBC81A&{Y7Wqe-2#ON@_<*l=cCR*M@9>b%4I&-B`3jF`c|
zqu1#ScJI>Q{`;nGQv&Vh6)Q1wZ@M{qXeN9FuLx-ZI&fb(a@N=By=DwJw
zSoN6|GZwH9vAK^elvulZd-FwmO_D{AnHc5i?!sN2bq*IYt7{Q_Zl~;rE(?!Y-J;B5
zd)Nr%m#U}Ar|>>nfBdR>T{~asc~dVb*#BDjdK;zvvD?RPPgBe&$#b3?$|`+0Cs1f~
z5xmzuw#56$etbt0e{Il^b;Nklw87(&yK#N)vE7vJf*Ke=CEip|3&%1q(Ou9kevRI;Kh9Ekv}>_|P|LeT)=z}Q3%Dd9=VQw8}_
z5eRV+$u~I2?$3=~&mfr4lhTvwOObLbU10Z*CyFkpd~2;=J(7gD(;uzSIBLv$
z6(_+@7ozyAFFxOUQz}|z6R6IPFYRlR{zz^5fXxC3yL5XVKDmkWQu4U-Z98YkUbM>V
zmq40CyIH`?yEX)oyu#cPKA#7dBz8C1r$v3@YcA^(+(f6Y-
z|0`RUQAo9->b{U^=@M85Mb~29r+ZX&?NN=v)_Q+2>v8Pyh>dSiPyB{wR)v~pr~VUt1gsCl_?zrZXC&PM7*0jW3PyK$2Gw$UIeA$H=K}K
z5PgMP=RZthDg4E#ff_8oxa9TgKb5TP!7?st%krO%K<0OjDGb8QNt9|Ex*J!aeP+8X
z{s01lL0Dbk0ZpJ9*ca?;f4cPSdOoY=6{bcUq~#0b
zq4W>dpV}{ecGiAgVqu-7KS93_#M#;+Lt_MxvU4!qR&9GGEUg0FXE}e@SYj#Hw2}W7
zwD8zV<=R%WhC1C-zITX|N(XVU_-JLFrKc%+FsfSy?Uh!`lo=SD6myO=I7qmOWZa2K
zg0I;;p-Jxi@bc=ah$^LNJ`no%4%`GWhmTVYNNrGsT3{Y();cIgZzpG7xROSa-N<{~V+N%#4MGj*
zlYdE4u#^$=U^xq8@Z5BbI8azxx(P;!hnBz!2N2DQYV_8e!34Q%=I3}Ny^p&)gSOZI
z?*Mrv+aGat;3re?)sK5N#$S-w`jI2B@^UM8ox#Qq&WBi>cXsk_Rf;c5Ope{}_wl>5
zgI=`>=N2HA*((>S~eG+?|O
zIv-#nib8uoZzF;c+y+xjocvFmg&KTftj4i+S9B1whB~|=?K=spizsv#l2O|jtqACF
zy_GIrRIkn_oKqtBx4{%~4`crqELvMdA>o>KLq&+NOE)4B@EgB#&{i?&8y>DcRzo+H
zMMgl&fY0$F;wTkWpf^l&t~Z)X;CUw1na15(tzMhec;67g!DbLLpKR`RZBkTXmGM=i
zuwqO`i+I;q!MslC^i%Osx-cMzfNDQ-k|aFlDYe0-`sB$9!P9OO)FJLY{OlRlcn;5pY<=TN;rY;JdX3{%%Y>zQY1X
zfp4M1*l+hIP?Ie>#R2)zV|gL7j*E9cX?KS^Sc
zBEJC9)M7t8xTwbj7dgw_dYbU{cKw+D?WAIl)2=JwPfP+MJrhblr|~&bKgK_ns(e$v
zF>pda`zb`7f=S{AMb_PULMYb!4&U|PsUZZl7|-HKfa*^*FE`3jZp>ds=b;9joHKut
zxa&;g+Bqp}7e38Es`^L3L&W(Xoajd?C4&`I*)C-@$=IRu6Zd;EP*7Qsk^MiYd=8-U
zs5uKWFNhG_m?n@}qtCzUFMD0`rsHQy)}yzLTgV)*;VVo)m83sn9GM0^&et}_roOX#
z*c0)zk85@9|4wl4|5=gJSiSkd2dwDODb~mW#z(?s$X?^S)&!Ni+NLA(BYxM
ztJSJ<3x2Q!!Bl^*YFUR{&andw)qAe?UMv4>)zQB~O?};UGoE0wA#{Q}_d&(I$MDOl65R#n0y9}
z$qpAJD^ZOkSqx3p7x!0RL&x4G9g4O73Z8ArZ3r^ns#`eM_4}~=;fR>mld`=yT|E`?|_
zA+gg=Fw2%SX6O-ukb?(wpyKQ7@tcC#(pqPWo-B*Lm1DI{
zuY9WgWM(&>b+@9XXuv`#=A(H-le#C(B3HCVlb?s(c)0
z?V?hIjQ8vg$0xU@#wQDVS|o#wJigC;xa(HGF_caITp%B{-0Vfb+HTjZ%4T*8(xPGV0UvvpA3tSugZ(Nmo5B9o6x*n5iLaSvOueN~w13Wvg9!UO7
ztza5DjC|9y@$uD5ZK~QL)IOq5#(%JG6zeG&KIEm`oO}l*E=w+)3Rp7l*dRDD=};_n
z8#?*&9O#h)isp|xjsoMxqtR8aM1k@{c5oQlFiyPAuG307_Jc*SYyqvC+}a
z;~XN2N;cdSrhf9C=HsP)gH~Se9C!xHxrU2hY9zAdTcM`jo{HNR^;B%Ezn2#0duL@8
zp0QfxgSTeDot}?nqKF8vrr_nH?~#*jHdHidxn7%GRo5
zzlttPUeLOae2kwhb{VhFW`zG-%nS39g8v$0r4Qoe`cgLt3PN$14Q6kyykSjgI{h?o
zXlGef?+>6}Lf+uSgKIh6RXl04U}EcK-&rNy{&w!=zca-V1gM*vOE(17xD*+xRKyCW
zwPY<5ExRC;`$^u2UNFqG#3(8DCpxq%DGr=vN#Q8urqBk3e@gfZ@jobHv{g9$b=clf;py2OKPl=hWpgBoS;F18h;BzT&?0<@~uM5Oh{h#6Y@sP-6+9
zAc%Yz6m)_1ZHLsm+uh3?V6s=H4DOO9K7C1YV`_<%+jwP|0cbhLj)*egp<Kl2D?u(I23sawFc}~0R5%Y;HBHb{{|JmuD-VxoFo4Jum(?f@HkZ+AfyEEEV!=94ss?`j)u|`j+c@<BWMcoQ4SCG67!uWWN-5dP&=02}>9ypB`g(mo$kDu?B5Lo+?BmAdM
z*f;#OCTosous1>A%o18FbviPt-`+T(R~nd|q8+Kl--i6yY{@>ShCTV6-idfXyjSc{
zDpx~|rvUM?@NBFQ?8;X}T*n50uJbUs_buji{
zb%6L$rQ*T}N}g?cQ4jp4^J6XnyO99Dll_@*AA{d}tUu>m8W}Or$=AU>m~bV0E?^&d
zytn#NCiIGQqF*Sj-;ZU@wUN?G(|!kZ`)i}Y%!)DB`zwapa3waSu@
zzIKPKW^9^ST%4|?@i?E!Dfzl4#=sl(g98dsXM%l0K&}GRUm{fwk)U(a&>domXi)f!
zb?s+ftE3WizX6umCcVTA!QsSgmcsYp8yqG;f)&ASgrWyRxkCP5pkUn)Ca4IFrb#mr
z1i`G{9YGD5vgHXbk;Ac=)1#di!0E+59|3~$#)47oB`mL;BzXPmxObj@UD%@~Aj5C>
zw2~dXb>a$cR+4Im?Q(tgMhjO^#72FNO3AuVy({Ymw`bizB#2b4h8yGl*A-bVPM>f%
zaKH)wz}V8)Q5&(Kg)sAV)b+Y)UFcrTd){G!2WM=IefGv~lU4XC;jli4m}4k5-3|%U
zdC=RJ2`4XytSM9DchVpK{RW^E|!3
z|JFN?U4p`?cURM@*=OccUDdqRXl|j2*H&~9JKp#YuSST0VD>9_z@-vEXrXz8J-dc)+Mo#EHVrT1^ZNHUGJPg@3c^&n0mjAcO
ze51r@;xP)~LL!F@fJ}xU1fKrjgS<^*KdWWf%UsTV>;Z5f)JSw1>^6ZuDPDMKAhPN=C}PF5vDZ8f=PlXw
zx7yK#?uP`waXsZ=xo};>myvVu6?%@?6``Zbt3u03;qA83y#>yI6q08
z$o9r^*GetWC;MUd{n)?$RSGTDd6e=W5FmxoNYrkV4D-K&%t?E<9L6njnf)TGVHYhn
z=lFOl5G`AuLzl4cxRf38a04U9+}^jt~~rY^~TB_cUFoV!wF#AHDcFY>a3
z1IU82FXsv>1#F319eR|Pi`IcXfaRj1C!#&^ijxfo6F$>Eo^!Bi@%vm#fN8f;6De&?wgc;;2Xeg>
zJ+z9BRgO0vuk|#YzgFHG6a6r#0##GG`>K%DRwydD;zX2l+l@Fm&39$m)@{+3zqD|b
zb81;KX?E!K#f4~fV*c%-gQo~E^%PMk*Eu9`IVx4bm7<75{2?!m3NCVDraznK(-?Q@
zPFmO3w>>90CROC28AYRZGG*niJh~i@&-+W3Cy8SaCA1K4r_CF;?d=}7ZYsw1=h<})
z(_&tDYb*5DO^$JjxcFxrhci8Tb|R+#R&0H;UR9I+_GNS;w4XmWCBe}ar|%aMVM;Md
z;YdLV;L-cr{G=~i{q3$B76@z;eiBBHXrB_MQ*N1WtA2xJ?ej+qu&FVYF+P<_rGWnD
z%fMH{S?-y$rqYDA7ADH8a6yhf24mlL`X&__9bFmIp>;!&f{yO4y7*o~;nBN*x_cin
zp5L^H}Y0y}?`{@#QAs%06i
zhBY&jMlqB^SI$7;AqO=&#v^c2Jz1Wc$JVSY!*-+bPbU2|FpD0%6#3CLyE4>9FX1a!
z(sV1R@qB9g2IFH~q?lLyjkA>#`#L$-`Jyq37{ueC<&wtoSvQQ?aR#~d
z>aH;3A;mUvo2Op&ZSIjJy>njW{kj(ImOWTjOwE9w6WAbPn7pD2E#C9h9itLVGZ2yR
zT_bDwS{5E0F;(&8?ym=-U)guomQ
z2CcN;y2n3m;otGO|3Ob$rRJkD>a=Bq3RHR|ZU_|odoAPwcr`9ZN
z87M*2^d$pUoB%Y`&vjNbh#?1G1vcvHf=L44cD>PjeHFR+%)@kd#^kuZdT+#jrvN|$h%
z$06s^Q*}2hCg@5`sIlZ%T=h`$}wn6N09yKJCX!pS2mG2udw(1>kC}Nh4x*HfP0J#CCfSW-tEo4&(11rB3>K4
zvvjxVW#lc$Xn*Q%M&04ONV9}MNmO>2yP4Bb&aE_f=QEx&OOL>(5v^YW@>H00JWy4
zU%l&vU4Wlo*zl;)(;`o9hu!zT&%S%34cAz&Ao@=ZI~=ZJjTULD$3oiuu*eO&aNDQu
zK?oo4mtw0Kn%E#D1#}#5d|--OSf6PZ(&k)V`G7!A0S?2W3Zc%Yt*k`B((0Y+Oup)-Hr>U+#
z#TF3SQ6T)A?NkvfrITok+xeLTJBz-{gQKh3L&}Xu>2&-Ev>e`I`tTH@n(}E!!wmWo
zL}%*kvptc}x^#aR$Qm2dMbXOp^d<3#$GtMZ7g#q)b{$Jks7#cXlk-~d#-Wl($&&mc
z7fr9q-Gxp%LGH3@iiw~W*m2zL8EYCA%(lzIoeP_`=y)9PjQK}%e#=OZ2nYx)`?kl{
zLt-M!qb@J6tEwT{oY+*o_AJJ{DAT^=Uk{`aFC&IHR2%x9~tdOX6)Bo3Ym-uSI40&(4;a
zZOSKqB_H@V{tSHMpQ=_=n274a|kH?4mhJri_YIrfOoN`3jilxS^(G>+ZYlQHQ1i
zuU#uFpH{d!$Ff@ZMxz@oQAc>+ya4$_OoG$G)qE~`38uT*Ic(r{=GwH?Ni2|n)L)^v
zP&=|dTC0!+wTv;V!ywxEnxsqWy}CIoX;t~Aj7=jo9-=t)qvFHV>Os`p&?#Z^5FDiR
zR~V^+_2ZDFs-uh
zSVD;(FW3n^Q2;H*-E6CKpFzC3Gp1NhBuZ$k-Fm46al`OK>^b
z{xGpM`0^!kBqXiKn5Vmg9u6d5fUvg`O-;l{lq2EBT>RB^!yycETS7PNL(()yg-Eez
zh%W}o-~?LC>Q07rq{~@ASOnw}|3z$a009I4*}?J{lqj7-R9rm$v#|6~_=3B9N!WMX
zGgHJ8!wvcblum}HJZH>3+S%8nMYY{gQH~bLUCHA#;;gOQD%ZS6{i>X{=k$9UsTylC
zdAPDZo_e!|%Uu;u6~5}a4ysiHPGc+IyM24QL74BRGIaaOKDjFjB@^|x&LhR}#81C?
z>6dSukM8fiKH15ZsWkm|XcNw_Q2y~PDw^vg=0hfwKWnuB2Ncr{-+JI{^#%((bHK;c
z5(I=}e&#&#i05QwAbme4gS>vvYf2|9Ayfe+F~{`z14)q|BZ%cwrd>{C=Ji-~r}16y^jug^{^S)8
zk4K2lDK_rl(Y^&AznK8MxbSp(9~Ad^MyY(@4FOEEvja2y>VWmPl!R2B^_OP}+`p3p
zTMFR+_Fq5E7|1k*umT~G<-86&I)#)#0!BGQLz*i9Vk2K=The{4naoOdJNE~mh?>Rm
zY$?WQs?yA7RuQ?=XZD#yh+nB*=No#m1HL68iA#pxk3^EZ>P)0BrZFRUQq77QZ_6i(
z45cb^j3$XoJ3p21)#-gc9KY_IA(GOtnF`<(@
zM$mf4{FW^xx&0S+)qS?YEZ*l->IwN6zND02Ov_4${`}W1STb^ys=;CPx^1ZI(=}yZ
zw@Kgm478KDo4&r^M`g3rg-55DhdWba?Q6BvB?v+nKf^fvz85ro`{D8u1lSz7TcHVp
znTYUD%T%uX4wR`U#;f-bK8b_hEKZ(*Kh8eb{Q2LFgNIn~f>#L-QSedOI)$E?66S;?
zG?Kn0C5_A#k@Y1WN)v;9tK|8WUACCWkE_V}^HWR9BHH2Ve4EG0y*q!(`}33scPSNN
zqsX0GlNIR|CgXBh5^;uejjo`(q~wWCRqy+B@4--kYMIw178X{y?S>Ma+Q{CyKots&
z2-xCx=~<3Y?`D#fR&Bc>GEG3HEaKnlW=W>h3{%l)VdPOjgz&!-{~JpHc`E*7*+3*!
zeHAH!_zz-Bxd$Sj^NpYw{P}i~z>CHd^KGWBeDVY1jgTj1+k$l}njc3+d<{s+znr{&
z9RZU+-eKKID`Ecgg<$S7-MygeJd3ZFy8J*Q=Dk>6&XT86LPpGG7X&)#wN`%|Uaj2y
z-=G;1U^N~|0nBKs_4ag)H(fs-
z==BR*M8v$I(T?5G4B}PhGigeNYJ;E&C~Vn0l6E}aRCPKURbJ}|Cm;K!B4Iw96}&4C
z>bcYTS~ji8Si!mUk2YjXm}>yZXPodRzmDTCNKAz771px+6dq0)4qEeiSF>H
zd6x$D$T8mn^uHha4GF>&wKOi}3(oi4dg$&#hp}>`9HgXgb6#Ao4w5_VG@KYN_r#q`
z%%Z8P9w##Ep)zPxhruEu1j+9sA<2S_!2@X4@6u2xMHHQ404g4xK#kQ>8bG{GIz9rJ
zum(@U&mx$+%J7!RxE0!Gd1PK2=6O$73n2$)I@@q`)CE?^>A_3he-`i`l#C?Gm1ES7&}S^LvS5
zE+%hm>>c%F=~J$@o$(j;caIfeq!ithzW-wD=P4o0d|dXJH!7Zb&}f+1yWFsPqhTuJ
z$@1JV-5)`Oa7Ms3;+0JC$cTbkr75B7ekV1Yy{UD(;>^s<)IaW}hQkxuP7-w4W$U)Yr1YnOjg$ru^yMO*-
zIgsf=MBg)MDp3P}g98@QbiViK+Yom8RDe(+mvK3UzD^M7tK}ZSxR$mm!h`npjzRQ&
z*&i-?JdX{5?RTYhh)tG~`}iwwV*-C|Y(&Tgnznahfaq4HGLco*vp($gyE
zDTwCa&(u3wJFVwtvn<^uRh3T=S@!f$6@*?;mc{m9%{;FvIQY2L7r{uKqFYL@;WmM+
z2)nYHddO!4D#sj|1mJM~)S%m6Ee5aGS(QeH!FTh#7|0QSeVw;|x*`*)
zJQHSz!3sKS_?eZ(D!t@L9T$ECj})lBO1&sI8aCYh_3d0@`i*Lh=RTl&rT8v)?`{1o
z`5Z#T!B3BRuy7392YcM;aCI<}$JtI&2`~~kK_c^>ZvZDpJ!Fg
zLd9wDV5&WZs%2D`l)rgh&t*(a3wUwZ9h8b<>&<64)v7;|ZcW!j0P@H%(XvRRX0`d#
zJzRYJJCzYB*DamQ=1dD_0<
z3COfwAk%*NDDPUH(Yjih77j|sR(jmy4?ln9g{S$qw$5SGK?oV@Rnb+qCws}L7#*`Q
z1*0BSzIe)C3Re98>`IS@upU*@d;OSx1(tTZ&!#!#t3#^T#ZSdjhc+)P0(@hwy)&FGv_X_}($%tJ`i`5jdsQ?)Jg}?k9MzLz&OO-mZnSD<{x27W
z^iMxnkxk9dj8+8-yUqThD4kaQ>qHJ~p|+r&iKVeZb%h2eTTaXQPU1It3c37n@?#NN
z0d^Y$$6*=e9W2!eM~~QopcqxPbg@!ZyP?M$AYBBxHq-yl-g?tK2cXsQ332NsJRAJF
zf%hb`1D=1vOyTb^L;ibrMbDXC>xqd-Fd<^6gI+%DQc)rV6)lUh0nI=9;QzV7K;ZQ~
zxek({jC*I~4c#6FJ8QDql3cGRHrx%cXij@=1V?ezB>GETgL++&sp2s&P|9w=Y+a6Q
zx=@}n0;wu1rws)*9VsN&ug8A*w}}n;Y-b0-Q&gr2f)Q7CsyvE|kOo3wpD@!Onr-p_
zzsI`(tKyu@A%qC8ewtttjUkydQ%VMzL)5HiWYh13eA@EN^jh@OF+l&;ItPWKv0Q(B
zZMPvg?|v>%^hHgBWyZIYV0Ex9@VXqa2k+kqxD0@YVMG;R?Z_z@)yn;5oi-Rgz3orp
zSu5-3J%BuOl4fILi%v^V_trT-TzhvpXMB&pRL$zsjC8PH4|b_+<4e=>na{DN<-~&)
zyrABbOugxTNXju_N3?NUssEb}T;ZSF7g7pG_a5W$1>>|DMt5)>Hl8ODUqnaGq)V)e
zH%}D9kL0MQ*XxPvp7iEhT?8)0hwgacTXARV6^oQRxM?{<-^TPl+Cqz9LH|jCm;<5B
zpO!3b$Z0z{J;2>DU_a#o<=N)y+?GzG`XwCiACAaNudzGwbtfbwNa*P3v@%`!gK6n)&T!1JxmM3|M(}AVIDp!6Pd#cXcfL@>qmPWxH20xKV>s{A%
z!>7yr=E;8x*c*EUP{GT5_{hP6$dkrVPvt8!f?SsRa_8>7`vU+X+h~7odie3;*bKgt
zK!J)#OG{flnRCy6NXVQM&kM)C2t_yo&>i!dCroFv_tI|UNSy7{9!uiEWt33B^F6^x
z>=6Y!p5p{B|3CcMUkhacFH2_gk8hKp4PZGzgMBxWjj6WKu)eqTlV=ZyP1bCuxuO|7NDTFzt#AxdQ(0JcMuq+MII0)#o|5F7I$-lbp3&>jG!yt`^
z^tqOL(utgc{X8c`B`#mcg&$2ex^gMzD@itWn#7(Bq`rfr4pemX(U&GpdHKr4a{kzq
ztFsNx3dLGH=X>oWilO&z7i|?8YocnZKuBVlP`d$*X`+g2#mNRd?7~=^yh1Rikk*ss
zWkFDc8jzp9gLhv4{qgVzi^#UOtZM|o*CznFt=?}{jpa8q8nNz$Qttcs$VK&ORy_Mr
zypQDVC6h%aC}*lvv48DOPtIe@5tv4*j;7#D2@1K@OpZeo_N1_=KvCCM&7E=)qFPEpNkJj=%@YYdaPM$!n8k45`6Qq>K*!+6W4}m5{*#LQ<4)7X;c=M%ch+J`u_%Xls?bf7)hMkd$3QmoEAKw7
zY5@Y+O{NLEx&PS9YI}k_r5ew9Rw7P2SXPfJ{rdP~RQw1a$J=VkS3j;NmmLllJFm`X
zLTq@?v}v9FeCy~
z5zY;w)$JZOMJWpE!Gkpri_g*u0C?NLQy~50AZnMv9vo=>Z8W?_?Ek`eK7^ai>9?RR
z75wg(*%HN3R1{ez%FWFkNfShytamI6E0xO>yX_$rL|oV(N-MWU`S6|oy61GURYl9q
ztzlc6kwF2^)@$=^fsv%|?!V1SdM&HLs%C5TC4|*vEJNG;x2tRkzxpdv2(|y9|>m{)=KZ{wQei
zJloQHOqgU%p$a$)?$FttPP5iZ(u%Ui3QCP{f3VX14zD{ZD<+Ljes+2-+30k5{}nFY
zTus)1{Mj1N8bO-wUE#E{dU%y+(-&|5yFHy&dOIOL^h1_cQLJW--Dgy#0!B4+?@}Eb
zsIyZEReDM6)r8oSS4TLtt}98yxrLgqqb6AjvmMsyIoO>Scx0R0cqWGv{NLfNl-j5?
zZab?rof(+iylvndMhlP9SQdBP^_V4Oi-WVq-FDz?<}5OA)SRR*(ZqX`BQPo}uy10c
zK!z*ZrXNE>c#ioI)T0N}(I&OO;4sKVgE%gq;(-;Saxg9fAJujAZfXuYc^DMB+(p7|
zul~z*O?^9wUnE)_b?e`B@P-S4y^mt>lb+?6R}yMx0u2X893WwY+e3(P_Ia-khYx$%
z=VU63=P|yG7R`g^nme#F-fx$Z}RTHY~1(gTj$K
zb!?-bbaizNn?3IGM`fl71`Z{=UyA~PTAoK6xifDtE{_~g*^^S4y3EDflZh;To%g5o
z6-3#7`kYSKfG%yqN2k{9od;4wr=6lm`$LyN&T>;46LjxnGm)4?v*WJwZsI{1*^&MSu
z6P(NXa4!98DvF((gV#LcU(2R6nF7LG_$Z_J^VxA4v^8%9F59cN_O*kU!7vPi8qI83
zFR1-W&ldl{Z7xOd0(kV!gdsf+z@wLNJn9~Lq>&xKR#QG
zkX~&#nZ=>wwvL1-hXCz_zn|}>e!ZUlHOTl;KSD{QL!a?rLsyPA#^n!|dlgp}Loi`H
z-&e*H%l@I;?$eQVQ!XXi0qv|swOAIAR*a>e!U;fv-h8FB=8EtS@qd3AHABN+K??K(
z90nl&taTi-D%2b5aJ(}d@_`guwJA>htkUC9EL4$Fasz`N5*CLf;+7`tswC52p;W9U
zGUE8%Z_E}$;+jx8XC8#utFy+QOw#c0ujDsoCVl2Df7X=hI-8Q4eo@C0Vl}rAL`G4^
zWnfMabRVAUF`vWtL5I+XIPhwj8X$#B=Ynz6;#=hWS7N)z;mOZWBadZ?^a-G|1|N#r
zx6jrg2X?tyUm^(}Fy}?mQ&RA~cJv(Do<1fceh4<#KPuxV;a|=BuWQ32p_&dYjN`IC
zLHpjq2Cdt(4dOr##PQM*{~9?}W+1&joQ*;Ko169@F94jM*k9}<_p2?kO5m{e0eeY4
zp4}oz@$n;6)HJC?P83h8j~~BMeW?VElG8yi``Yo=;mr+{)Nv?76qk@t)bU{1maA`}
zJ=DK#&1|Z25VTJ4WXVsWwXoP3Vbtn}Wo}(<0v?u_^nj;WNZ|N5#;sRa^9HXZfvE78
z1x`+E!A(*J;akb5MYnf9WDdiatcKEq|5RFD%3o-taReGwLKJ3K`#7kmU8_+???lEP
z9jv_~pxN}sAM?WN@)`VXmhZ(lNS1-pp|fnkZ`B*kvo=2SKoD*F*y+{!SP>yO5w-o?
zLB&6t*5J{Sz4SaI=I+KA+i4*7r8i3E-tKR5I^}#;N~**vJDxgw96U5Eg42?I=Zij`
zF3rlymXGp6g2Uacd9szJYwqH?Dn;e}+V`yb;^gcMG2ly}4@CKi0|=%@5{VM7gJ+Ptov{l
zOz6LOV^z3WOT_%E6}nzeq-fb)cJpZw9;d^U?ij{EEB(HNIN-7n8qHTGSX?9%43Gi7
zJz5S9RZK_wtx3wu=^AU{kx&SIu|^Hdcyy@Ib2L*tCP%eQzuaPuS4>>IETo$sj%Qa#
zm9_B}7ZH$9W%?30)~>HEYz~$sb^6>d_a3yhx6AYMdm1*rb!sY}N4i;N+r
zYg2sk+a#D;+yh5mItLBpql_ST%CfG@OxHRT_u+gd3|v0nV^5O>xZ2(wZ;hg;~5Iy9dgvPWVce
zDlGjvxM<2w^F}i+{S0QcHrUM4*(}h@`tl9hqYo!+PPFZ~fD?n~LhQkylZvi>+=L(L
zN&=zfY%C5Oyq&^%6m6OISolWyo7P1Si~L8fR0gp{Q*E4Kc+#L+)2Zb!y79Pl_e+>V
zvWh_TQ+mpi!kfh}r{;-FUzDzkXEM&W72xR$l5qN=Peb+GD-ZD6V(=5tGslUuyuYoH`X>!GK&##@;v
zGcZwVi#sR_(4oMfX0fl!MM2xiet6$?)*b{iYS#$Sr>UjE
zVa+DE+mzB;f3!@x(IpCwIZx!}yv7Ndc+Iry@^JDuS35UEjYVpD7Lhx%uQ|k(i)K>{
zAYKrsMDgD4{UnuID3juj31NVewaCTk_h*VD48_TLc-^YwnVDfkql@U1uD^0@&4t~y
z$m^AB(Q;3UvW`rK?8OagHt5c{o3b@U8u?cu7}4A#exIOrhi2pbSW0@8>pxTD9Qx=P
zk7&P;mwZve+Gv4133tksZzvjGQFqj%sH57Eeb*_sqD%XdbZV(#_mds@Oh0Da1j@j9
z*J`J$tmd2biZ7AW_EMkR!SD^Y8xL&~GABGp6F`tATim6(P3Dtu?i#)QO%LobLy@PV
z{mAN@*5_(v#a>Y73B`@z_upd3sjjoya~Z5kXLYSwzm`4gSL_C=WOLSLOwpUvrRt9V
zmIbNz7mNN%i0DcMSwYWSo^OOKfs|o%b$(Q?-}{8qW)<`5VyDUTYY$)aFN`X<6chzf
z&U!@5DRXhWMQbrzzb$8S&8=*pAI|yWMac2a9HZYzbXRBe*}le^FP{fQt(<1GP(8-!
zcr#ZV$w2G5vYz=!PPj~5jlH{}`jrbgl1?BOl&p8JgD>#oC-RR(~3@AT!$K`3V`>mk+
zyAM0NUnAvwYYwl%u||m1w=0oeu4(LpUyf#-{!#9YICM>IA2T@7Gp*IP
zIH_dy#5xJoZ%F{D(0kA&lIP;dr`L{Dd2kxmU*62CYW
zOlw(P$aWVak+>O&cihggr9AEZigeN>57z{HpNh=MRw|x+vpFr6
zC)-B(5CWcOk)$L%|T_-P$>RE?Yu<~=e8%Bg
zK@#z0c$e|yV$Ws6+J5_5nErgycZBog5|jEYsoVYL*GajkHE;IZ$+Kvpn0}XGWn;Or
z`xQCX8_IZv{X;5!9CaVpwDU&kuEd}3G|Y%P5cg@HN7+hTC!Vdf@1QkF3rqUr_3B*_
zyvh-L*M5-IcEN_xI(q2*=vszlnM-p@W~a!^@HB&?+>}8@y
ztccaj%*rB_0#{h9LZ{;go=t<
zD%N;RGO!{1%~3yzq(5S%oopA_BoLWigY$pkBuQ5ySJm#$?8C#=Z@Xb=kQKy3`!=q7z3Mb;>h`($czns|}A9PvAy~*`+OvbOz0`
z@LF_{o6Y8l1noSniMMpimGqHGQ+58#27MIkPFKqe>pU)~h1YDe3_kuX7X!PEGoU@T
zbFs%QRBIB9{IJ5FjKW+-se9z9&HinFSkqXV@QL6Pxi-Hz;(YhuaI;W?U
zDo*a_H9y76=k;VG_}E@xL0#0tXDjbE@iG#NxnDg#I$AWh
zhwzGRNE)ct}ox|Qv*{{903
zrc+zvr}TcMrkk7M59)6;cpBy|OFt=Qo$I)V(2eidFpyeLR!W
zX(<}eLjP$NOZYMGe7XZXcN}ln)E4x#=E~!N74a{Id@&3gc2qRfEyt)VJVstmdALqX
zwb83hd-6fPZS*PJ*5G&ir$c$3lHdV~*wQOO3=2@=HqpBTFvA;KCgy}?$*BMrN2|Ky
z%BU=G#t{8C7w066eugdvXrZ_4KYWK_5Q@6^`AXJEa6-Uw^xMJ|M5gSI(T9`iDLLIoA2CivD*~+(bdM6UyqMe6OuF%x4>?+Rl
zz(3#9s!qPHF?EPCu#>P0Vpjb<$4qg5@7*kxB9k2(3N2|ICBFeP^U7Xj82y8kk&RAG
zKFXd9&|aT0^tZcn^rxbhM268*lLR)CJlbL~&Z`L1xTvT~L@h2_&QTE2|IJYe|
z1l|J+5m4~AjYsA9t$<6{W?_tYkYR>_BZH2zpNP-zH2Nqy_N48}I@h{8tfdy4=EPh}
z2$Ubj^%Y6*g;#bf7jg8ci=7?`h-kgE#XVXdQez33M(vcWJz2S8O@z`H(wlb8{8a)Lsp8M3k{RC4~#adR92je&Ng7+DcR0Sl~-%M+Xlz$t?R%7bu8Sx|3YHoe>#dTA^o8Ew9^q
z)V*>(`^b$)AJ#v)*>pjxa5{1S(LB#h(XTn-)HZ&awQ0fgjS)WFrUi`D2dR>7T?v;a>GfZI^(B0^T)Hgm(d9s|Y_Z20yCp~KOP;nB53EmVbfQ~-qY
zE{Wwee7M*U3&e)+5AvP7pN)pQGVI1%N>*MlQif%3&gG9|z5PFeJeg-$(1-VM15o2i
zs!C%Jzb(}MF4hEbYO_mH+hWew_o~|Ujds+*G7PH8*5BcLv)F=zRo>7GLkqYuMY1&f
z$%_^(5&h29$-!irvpHb(GkVGt;Uhb@T`d2{l&I_IPe~QB!EPaIc%=Vm|EEcDqeOB)
zk+`GvN}BvlLS~lc{Q>{hS810n&KJbmjJQ0@=%h8WGX!h-{aJD$n-hl1*$~5l2f8&e
z)Q15257s~95le3m9o|8Fc`&@hVmePG`vq9~$?$JBKYPzTBy7FGSQZm$wA`qCKHaN%
zNXej9GfO%L*iYggI;3&qqgBpaPDe{IH1b)`W%;5n*UR0e-oh@Zbv{2oRh|FcBAn*N
zFiW)hT!0$*MHL~@*0C{HvD0tz5NNtT*Y7Ne`J#?$)vV{cZk~~bkR=Cyblkss3&N!V
zeRI_RG@%1UnSWn+=Omqzky|*5tZSg*W*e=z5YFZm*I^80zEdw)3qE(Us&LEf0p}1z
z2py)vz43)y_G^XTaESVt`xlB6wNVTPvB5z;=EdykH8{SqW54KI@jh*NOKvwgEWdUt
zbG07a-_(|m6X)LfdilU0$*-bP=f-KB_anFK-qL+vI}_e3k_tnGFH(uT;>Aag!J#qT
z#F5CImu|#b^&NFVqKkLY=uFZ7}Xjv
zb&TjKEf0uJ(ddsQs$mwJ^Q`5^b%i#UF}7A(N@HwdeQ}XtE^r&I#Ke$7s+2m`0h{E;
z;H0r>{iQq@wWjh7{Kf`N?O{TfrxQ+{zSV
zY2b7~H5IVpQwzZVnXa)0VH|{F>b|n@GF_*W_ZXhHD+9UuYa<5Ar+S+8yw~79BH#@o
z|Aq&v`5$u-->o?amd;=57Ia1V$_sjBCl(U)5KEQsTED9YOh4G%+beY48b_v8ZPH{^
zrU;y0{7c?K0K~{*^OUtcq%!8~`j}rv^4JT^+6m>mvuC{qo*k|5Eff8I&2TLN!}|vM
zHbjtP3K`8c{(5o`Pp>bb^L&@jfKeuQMg6tJ&d-nvg+>X{jfGiE8XWhVXt5|7x}do8
zUw3(qdLWPZD@M#V&8Qg_-^z*M+EtRsfvnI_#_fK%!itNfB{q_fDPfQ2ZNQ-M_FlXH
z(uQ`^RRX+mS{vw{b?8s6-EU;*ru2s9Qh*dbJ&lno{>8?!P_XK4IjNg(4wtgWve-b;
z_f??O#~+ubHQd=Yc9jD!eCTcWfg7*dxPY%QiQYuE1%AZC1#jD#>h$u-^NYOIWVcJ+
zh8Ygc<|r`e5q}!KWg;-7ztWg))HcrNSD89&5^UtS8PR0%8ZCF+>x$rc#<^I7!B6F?
ziWq+eM-Y%2TS<^->bk&mo%^oa$7(Lg%T8`IAu~@_oN_5(J3P47F9{$fY%^6tahK~%
zPjABuM%U{2uS3>U-~w-|s~49cWjBd!*q1riJgd7U@`sxc;)3C@y!nDrc*r@n)r*dl
zD3Wgwg(PxI;;olkzxi;(l?i$w{!zUtfOPPPQQ_lPFX7RXH6cci2nMePfFk(l5GTdu
z>O}fkDo}G(xt9OZrs<@iY0qxWj~x+wFV)C^$4*n(0Wf{N`%gtDmjvUKDt*EVCgKFi
z{#CtY`2QwxfgcftC8E+htf2n~enL!q0Jv5~F#@$6BwB;>9gca~79{xc1h%>s-E!yZ+foD!K^Q!T6c!BYaE?o~GU
zB{}*i4InP)qUf7S5DlKX-&7{46xiVdxFvkNAr%2GbVwMxic~l^UI;Be8DQc}zGO^n
za)^7O)ySWli{W+5ZZT(xS?oyS$d~B-jDH`P-f6Ux4jI{kV_9OZ3F-t`knm?`6sI&U
zm#RiS{K8?<>YS}{4mLcxtWvj=>1H3!2d7WZFzUNL=W2)y<96%dVzCSRAZTPDdbM-}
zjca47-L#Yo-%$aAqR&KZ@?M<;m-%3od>JGH57!3qI3@bXcYeJ97s7q;x3wU
zUVMVJG{5Jdp_~dlzl>6dzKyG4$NRq>=v1C3ukKN4o^vU9MnfpH>utOPl*~+fsTFyY
z`|chK0E6(w8TmTL!xk{gWnrK8gK<1%JqqI2xJzarRcRKP^oo{rf-L;x38z2)i<`;#
z+5NW2){Fy%^S0=*cE{@~DZeI%Z_>tljSQ3&2M#fh+T<$>zL9aWsvqOhSQPdvVPIii{wd6$3~m&v
zGF9+xROQxu?72i6okRbvD#PHD{aNi!uK3~OjfG0=vXR0W(BKP)_Y1w2;QD(6Xw~u}
z@4FLPWaUPMM22OyTe;(fMVjMP#Q}s)nRA5J2`F+6bB6D%sUP7e8ZDt@Wo8bxC$|n}
zOau~neXuv6)*pJgK6PcA-Ft`$+sgk2w{@19ftDuP$>w80j@i^QP`hmwqEEMdG$=1UO{dS%
z_TnmolZe%a42Fm2=0G!$D>h$cK9|Y8)M}sn{?iE<>v(aZ5*+4o{GF0cwlJ5bcq9f=
z{cXfi+z5IH9;;^!FsUXbnc?uWiA>U_H@K8sj?uz_7@rD
z(v)&xj8o!I>UqY^uL;wQg75NF8q3M94Ict(Vh&DJoLuYN_GIsYWsVF(lA7oE|1^lfF>Du`l;-Z{&5ZW^!pVm4ND8edc30UFQ
zQu}%`bKi_$H^>ET8eVWsDU)wxy}kJyl~b(6tqUs{-S8*Khz3A~-nP#n2uOT#
z3OIX?778bV=Q@J5n2bkBc2?u#3RxKonzEUT^S%Z+G&CJ&Ge)3uN4W?cIFPLKKb~=$
zji%n3TR5}i;Aif>qUV`ww3ZfW!?Qc9r;T#0DbD8KC%L%JAc$|E-AFjlD%R#s)bcB!
z$Zv?Z&hiZ_Sh}bLeMkXW-AIfPuTv8V`VNFwyRa66st-badUD$SVJ^Mko9ZHq@KdlJ
zeDJ2QpB;1fb{-TBEaq!8F;J86aTdBdG)O1d4lf6y_?n@)qr<<{m+jP3wDAn2R}9uH
z7-ETCYWz
zbCbr~CX4y!f~N`NX<$g@L;u1SntxkK
z^)IHah}Tazbt+f);PlwVz19`T(YJd~xNLbXk(@bxOL#;N6PN)H#AP7ZS~ru7J@{}h
zUIJ*agIZD}|JW7H6*=uQ>r?wI7_wNJnkq24M+aIQo?$}lEQVFL_|2;e!*{(&mNS(R(u8^))OffD2(8V%9tjBe$
zB-L!Rk{mglEHU#8E1&=qjshRDvbrOq8#T79n$?K~bx$K}0*yu@Rb+wQC}!Ag;=H?x
zk|);`QNa}0K~Die2hTm`Pt3ohR`Z*&m|8j(0D&IrtxNLgJdqpWSPJ)
zJ>}E(2+v^$j8fHnHwm=j$nP+06u)z@Fj+W$XgXnd7#uOk1FtV~W
zbl?Ht=t4owK2Gobt^juhHsis!KZzI$1!(eZb3v0ogqvl&V@7)RQ=xr|jTUL$g5;4f
zd&fK1r#TlbUSQ%((2|njVlVz5FM#v=CSQyQ#)0%ef~br)>i?$uJ9m)~>G`d$^dPh!
zvU;SQ?u#nhDu&@pUIpD5cl#Vxu$6_^9TQ%vXIYR(usRxEfgQeOAJ_&Bi9P)?X`Vr%
zw=wk`Ls0zE_19k&06epLCw%l)%<~qg3j6|mAkk}Q2K!8~N#v>$?Wx!sSRD{RC$7aZ
zTFjR$RQP1Pg7+ApRop7Oh@4))T&{xNvmn&9$&7$?ZAg2BO2&JUeeS{|y5L%>HErxb
z(WreKjW`6c`xm|Uln)=6p#63*c|?74qlZ#Nqgnmlt%mV|=Hx{3Z@}%O0qu|OnK&9a
zJ5NhG2~OscTsfi(dc|N{Ruv=kNQbP?eFhGm4`$Sq6zx*aq+DlBsk^i1MY|~C-{Kfn6B#>qRTmS{f2JI2n%)!l%0G++2s`uk
zm!wXn2VIYiRaTIyrmnz1FY#-ugfX-8&bP+PeFrz}0kdoC^}0<{cj3mLW=42q1e$%P
zxQz@R5ErUlE!0C~9w-zYZVN`Fj)C;a=ci15c;RUSaK(xegt5
z0XYAfFYygQMCLVb^Q|k7Umd|XkD?4dXG8W8e6&Xi4bgRSh2D$OF@@>&K9cz8jFd~7
zz+$*BJYpT2{O-hL>di7cd?aeD$y;_I>CIaWP^_scJJFx
zhK-86u<6DV5w)wrQ&&ynXSbYQd^G}{^lW0-bj^;T+TIaHnr&@fmQmBU0>v
z=%HPIYXMDy-pArRoPLn+lPg-cO~?CM0VBujow+f2mDOP@ZS43;aS2Z8Ol?!6UR5wG
zO*~r}z^vbs<3I#PtlS-V9J}C6F5?sHikSe$s%)UR2|DZCo&ur~?9h*4nHJD}+1S40
zUO8Cg=&IK6i#*1;5Of+|HQi%&IZ}1T*HGiRv{c*rr&Z?ijr)vTK|5k1Zl}9gQTe0s
z4kYxJb~{vb_;Mn9aTPWL;v$ucD;#`R)A<2;JW%^c`TA@O%^DUl!$1<9%H&G1D|VE~~qxzFNU3C6bv
zz@SAzchA!&Vv3yEbK59h!0L1jD#CXSFd87FTBjhG9eL$^Z*S={D`-Lhrvm@+
z82?9@Dp@tN#N2+YbgLK%YC!ZnHzAC^7#goxy>f$?D3uod{}>ibk@LnFHu&v?hs(h
za1a~oPOj7OEgq$rHErTod{903H5L^~D}Nr713ErWA*m3oiVuWgkn81+q+p=fzg1kf
zw|d+^#m_v~cs<$|f+ygvbwbN?qaldeH-CPm3L$lzE=M~2{m_yXS`>7)ldLXi9b54c
z30U=7K7HXLbp)j)p4q-6XAT%3;b&JXlxP@LrGd-4N?jF|yD6l%&V9sU=(EPfJM?Dn
ze#jb35X>(yn_qSl(VS$FWhMAeu=ETpG$jZhnFyj>X7(}jHC|j~Dim5FZ9D@d=@Q&V
zVKERHK8TAO8Ls437RPzyIH#kX9r{${^X%HDRnsVHXCXLCuej+(H1Z45jdqi!fSwpW
zb7cYWcCS)Ati2dHr2z|LHDclxX{-}&p=7KPMbG|OUlp!Nyhg8X`|{UCn~hyBCD?Yz%`_Nw~3E`slu8
zicbMrS#3!Da?7G9tmpp?TcGF~2!AbkHRNIVCYCYp*5l(Z
zK6*ooB7+8^-;9r;`#~rnD1W`*r?+q$_huPP(U^ha;3tsOBY#NWjOaYk(0Ns^f=tY5
zHtt227z*OC53J{gLF~CSUsO>
z#T!g=Gx9L6MIeA+?c`IQKD@lTaO#3_l)++hDhl!WO9!>3)m{S8{#B0w`S-QS;4e1Y
zX$zXVDn&PDpH-^usVJ;p@E#CV?Mz2Z4+9V)3m~)Rc9j}wT+_f_*T#<6^0F-v$92`P
zV+}Tp{HblKtM5(eGSB(J6X5L0T<=libflx0Vm4N5qS}j*115_U&}P7g*~?wWwI=JY
z*awNu>;?9}^`_B{Mc+?KdR6EREu5mXsosewSu>BE=)mQye>k+~fJ1wEtlCL;gb7pagUF}jl^jyCYZWSgW@GrW
zFmO4xRi{9|ub8cySau0wV|Zw2H4}Ic0k1Igg2QhAJI7j*eZV#W?unmOf<
z70yMTVX9pQ9CO%z2_x&pMirQ_;A^KL&p0m9iP4Ss
zqnDi{je@lTeP)^{okdoH;LeU^DY0Te+7*Je&PRwT9`%8D9|uGD6_()c5%Ip_hI8gZ
z^+N%HBZ_id*izpIg_~zAMgkA
zr!U;v@B^HrF%f&=sS5W2d*}i|2ag27}?aVuXmd|1~2icW;^+j|%sqoHaGrso5Kn~c6vZHo
zGqBk|BwQbGj?5X#DvPsoDr9PtB9wBp&c4~2t=#f`g^xWqG^@I6_WK6#j)&z{-q2?*
zC!f*}yEYnTx`x4NL)@W-TsS#zosF>i@#Wy&`9py;KTr$ep7v{><27*U226b>=-_7-
zKa=Jg|LKHZ4ci8m0hvA`X}a}16p-<#Vf99@1|zO!-IP2#dG1PIpj
ztk!_6UlJnbKT{doc1~L+qw@u=EA*t{=ItXoJj1E@GgvV@L*Jja!fL!y(r_oWiD>q~
z?1asH+jk^W632H7;8pR?tE43ILqHq6qyjnm$236?Dtu*d!AwuVW7RkI9%1ye*MB3$
zT}1$nX_$*93BvIo2JNR7fH5!$x#Jzh!24H!RulX(4RCxAIRe5Y)~{Rkf%mYUYRvq&
z>y;5D*+GYkW)Ta0R0Jtic0@#N*0O=LmQw~U<7D^qW>A_Wl(7HONP46}0ysNSSwoE}
zzDTMS2raQQ8L#Ip)Y=W-om(=l#8;f-E_G!s`FXNbrH(l96Pw}bXev-+?H_ag-8}cI
zmkP-ZF@OVf;@OUQbY;5~KOX%K)on~U;ftp>{!uyum~B)9JZ031U?E%W3=*XtJf0ul
zKPp793xqaIG;-{jEt#cHJlz@mQP|}7jH_bfDV=6%ta?4W#Y}3ylFK{3t;u%={n}~6
z2K`(Gt^f>-T3
z_dJufC^uQR(mJ+k$lT*Yc}i2R;y1-=H1Qtzlhzta){6Zxe2=r3?#=BR`VBEwW&o}^
zjmTbVD}!jFjJC^UWIRHtr)aKT5OCK1vGC*MuC8YYMyz*z|3AXsI;yJe{T@~<5S0c&
zq&uZWx*Mb$1P)zSQd%XHhC@k%bjzWn4eF56(n>ed4e#2hSMTTh8{-}0{DBVT?7h}{
zYCiLs3o59tuxcJtQd6BDFKA3}?|t04c4r}FDqQgNz^gr0ee%AVLtN2X#LT9@0AfGd
zFc?5l__MH!#uUE1S1K5ql`e5vXLYxGQliK?<16yEb&uqc6-Pfh>5cw6*Ob3x;6O
zglSGMc2wk&Zf8tnwJ5@N@$h>AKI!wL+KA4=tb8(hx9@}!(y=woOh6Ote@3d;(8eD|
ziQkBA*2Xcv?Gq4m=WfZVa2qPhW#Kg8uv^hWIT;b1uD7Q7Zp2fUzrR!U?wy*XS)P_+
z3=D$Sl}euD*Y0LZxhk-?SG?0O&#?F9$7NRLO}HqI{VD-;X5G3%tkS
zioXEJfwT`gk{M~$3y4J|&(A^Ed6({&_+%;VE^Xy|Cr}h?GO##w>1|8j5(H#^yAZlqYB3sxw)hF~E9~8V*eJib-?eH>
z<1t`pk3q&Lq4J_p_xb>ZAGGNvh8C7?q@TRVNsyJVVU{*EMny7wOuzTL*7>74_RdoQ
z4O~#Z3!I$OWjnZ=`zdqGqy}oG8hVn22`6d;d$?Xj`4OH;-x+r@w30e8QM=k*^_a@q)_J0dy
zo}DC<+NHMH
z=e^H)kp{(nV|c80TejrK&K2b{RAh?7gT7ZKd!#gu|94LI0@aVFF!_d!%1S)@?pb|F
zV7euFJ?LnHaT5NE*$Zz-QZLmeS|l5doY#vIlE84Gra8lJ
zZkZae&EY?NGGHOP1$VuPrk)x?;_fYN-2?u8uhNzIf1&PgJy2g{d);VVl9G&?YQ;;T
zkoJmFN!46u*F*)iA!!Xf((M+rKdd8ZqD!uO)N@dBdE+KfvKYG!N(f^F{M${W9zCIv
z9mt5f>KnE0|E!2BucC+m{hqss!vwIYh8ve!ZoK#aW@LHa?cFN?)6NgrfXkto)Vm*h
zo%|3@?dKGh*an870N%4u8Y+*OD~3vjDDFNF7@dPhqEDA%?(ioI9sMb}FQI0FP#w~L
z31t+ME`svPTu*#2dHm#X(`ctbl7A!BSd}+PiKq6^#BLT~-JxT-Zuk2(=I|z;CeO}h
zNu^{<`k;Xae#(@D1%6A}Z^UN{^bTTsZZe00vIxPpce(7+3t@=+_t=GK1&otFfPkdz
zDPsi!RPfNtX9gq5BP7y?L?P)KBe$+G5>mYg=|IBA8rLbk==ysxyo8co(WyEFr9V6dTMB
zGeI?5Sf@H1YaXyTM#hhW2Y*ha{W@on3Xpiju6YO+IRAa%Jz6X;zBURZB{uNToj&#p
z)sTFEi^fTE4?Q>occvZx=qK8nsAr7&k;jnOYk1e;q>)lj!+6JjvYI67Mv+lB&q0faQE?N9MwW9I&)%z>5Mf
zq8A@q$Q=}Lu^YepOEYFYdiToB4px<8{M#RILFpPN=>GtIy)>8@G}nS&|I}JX2~a1&n`)Z(S*XM7yO7?7)evj&Kf^{AP};R8AIbIu)sNtggH}0D
zabN|-T7mUr*Wm<7P?G@p)e-PM_S6^So0R3WAZx1ztiNBU-vB!OwN+Y#f869xZ0H#f
z#DLlNwP;<$SxRtz9)036vI0-YJxCym$Wc!UIePInXQgk;bbkGcF>@3AJE*#>|pDmyRj*lC8p|g1l8a}?v{V_cI5|{^~qw-_Nqh}c9YT#m?
zdaKd%MRYv$u8T$weSUjUbB)?r{s8BI3`?j2cd3c1+8i5)5
z@89|RmrFwReJ-D`+eP6h3bqjs1^vf7COnY+Ra{mGucNjS$^}U1{tCY;mTUP&kWSl>
z)#0&@k;wy_vuf1}^+REV=;jk?N%hx7
zeP4jY>k=0IML7LawSqsQin8Ci4DH0~$rNkmv5sXI0IrSG#>!4v#`|tW`OD
zGCV&psAn;PL(L^8O8VzeU%Cv5)XhA54hG47($QY=lmrg;q(}#|9=fwPlr_YzI0Z)#
zEePy=5(e~C5759lqZyHAWv2WB@G@xD
z-u81MX@eE{8quys&1CTzEE7ZXw`hZ7^Z(_>@qz8FFbR}@A@x6*FQGu4S65!Z4Z|G7
zL)+*F%TpMuhdZ_ruijEq*4VgyICpw|%>5=c3mE@&Welm)IyTSg3CNl3{48JG`7+mMaK#K~RiysRB2WW8midx1^WT#s2%`XlHHziLV4|=ct^t*q*d^yO2
zwE1G&aGzcMgnomUDd9qE!w1z~&t9ithX~XZyXf!093r5LsbipP=$&eBUUVm|RkF&5)WMF<0kV{ghTc&~uVBEWBp{m3(AD_c_|%<_G=!
zoF0I=+|As^7ky-5phT7!0SPskdJb5@j*n2Q8j_7p%pB
zgHHxlI!ZikyRb5T1h+Fu?-!-ErW+%M4hP;LHcSRsImdcbfdVi$EvrBuif=Km)~e}8
zO@#wl**yYs?V^xQ51?~&7U&njl!~VVN#gwX^AMx~ggF
zbGifW9OXx3gSjdQjg_(~9LkP1{^6hSx?btZ|AQ9ra}rSshQ^Q54Z2;C>bo`F<)}@1
zYhRP)Z5YXQ^U20!ktbi*&(Duv)_Nudf9^A6NY%(0SRC$)b(Ymv-F93k&cV`@<#qrh
z_U#%^a_Uz3L}AAqg~xtecKZAhgSi>G;k2Owk&$kCsK~7)5VSz*`A6X9H%^#zk?3Be
zs5DTDLv?Q{%M@^2(2)%XKh!&PyN-;{*2D5iNOA9}H&mJ%8Jd=ffMl43@|A_OoLmajxmYPOij}RH_g4NNom+^g
zI{J@z><3CrgNJQKy$y9V8Z}pR^u@-)SC-`(JiS_tSZ|Nb|3ghR7T#=I{gRok+x<5e
zfL*S;Ql+fSQS6`!?2=|
z!baRkvtXC-scrEjW2PX#!bl^}<4J>ef2D(8lEHtQz%sdngZ&F@^mJ1wyjrF)9H(MZ
z17<1oip^|vcfSh0!X_V4VdDiOv;A|{hjRvFA|cOQsp(O>hkQVyNG;W3ZYxj(@5I>$
zuj14&38EJ~vL4xMenau|3qVmr#mW2M=O=p(Z2Zo*uGT(qR6C)xr+QCyWAJKz1o6d$
zA1>ba-Q8CuIvUT|-@ad2ItqDD<65GWr`rkUeg3Bw`TDkNg1`_J1`x%Os3#%e-5stXh5{n`>zM8=P
zPAe{gIS$x=vr&aYAf-%}20ioQnr7WIu*_{>0#P1}2?Y^a4T`K_sE5-0a7PGc6iKY7
z02}Pd?_y
z8gWKyD#XAtibRlS(xCAC&0`Vy508ZwO1CVYKX(AF24CVwheu%|vKs00H7a&z!XV*z
z1PIe-m@3CzKT}1&MrkBlKh2kMOB`IIP+bBgJ$mhq=OKmE3eMF)_--b^;Dy8!Kb|5JIsW=bMx0Q>`~QGq;IF^eSH4JNBZ$&WfEm^;pSpGV+ouCT}(WQ
zEV`iAH^n~$q`f}EZAP(rN1hgNgMk6nP23XA&+I01#BAeU6JNEnUA%|6-C=UYB=&p?
zqNl2-v-Y!RnN*EX>y^*{$kD|~S
zWqd~@W8~CLTXNnLmdTUdxg!Z55SFgo)A3h^g67Xpnk1BZT|<3C`QZXVt#gx*c9{;Y
zGsXwCVRDYv&QSjAyBikr5m6&AZTAKtHmfvjd52JsCQQu&}85tRu
zzULTZ2KJjtW%eJh+LeEcG0%OPAudG^P^KFj0^thjtPQ6k>?5zrXjPY=uB~ZbD*F==
zpJRaBWKRUU^crLZKLxKk0SKU{z(~7+SsG2eF|SrZ%X30iKuA8a!p@#biHh9x<~H*B
z*MJ%!VYB^PCO$4W7DH**xfIlHBJB=d7Dv`6xG7n}1l>~8P?2@^JSX>FL=xxKm&`xC
z=v{c^X=8a0?(ule-fbu5ZP_c*4eaUGBBLBjQR%<|PabmT$`$bsxe=a#;8Ei>fU|SN
zM|$tAqwIp3&dHFPRr0{6$3Bce=vp^Do4EhHrFN;Gx`T>9!-p+gQ7A7;0R0L6zfXwy
z<1(;IL1~K0i=~%`7XAexiU=Ounua@bH19rME``^DMSwM@SMtg8m;!2ZW_pS<`?>_I
z@1qLp$r;}>D~CT<-^+blPL*KE_E+Cj_!}v(wx_tlABZnAlaJiq@DE*WLhg6e3Hq?b
zj_s^cNIa}_sfw;4kJOxe@8Bqz+R}86$CJWJyOFl+@lT49HFMEn$OHD#Rz^_=9a;SZ
zj>0TsT?1UW8;(Y%VMWp?JxcJx#z1~pFD34>xh8Q$q=J!a9T=f$#WJ}}iur(ns_ZrY
zPD*LE3;)5E_fAXs)9jWvODDszo(wD#1SANz6&Iohvm{8|3B?sr-r)I!cmancia~oTt06a$mZx@^F+wHkt7oy+tm%@s?|tzRG!WHAk2Z7}EuBZV8mY6C
z&$S)Z5pK=C9Z`6VT$@zD59TGg_#3kW)(5fwp@;qe`L|=LNVZYQ2>)5XSy=vHeuZCo
zqTp*T6`8MLCKPQ*e$7G#TI;ngInvk5rJ7?ik!y!)29MKtaEJd+ylz2m78AGT#Rs9Q
z1AenhBhArSDp+4bzZmZdYJaWOqKZXFN{YjH#ST3^^)cZ^odgPDbvtLe3gY{S2;!st
zIJ~L8+rE7nGDa4K`glS9!VhV}x-5b=I$IA5&%{}LC!4V$wSw5K4mJ1AJ25f6;NoW0@5S{yuF7cl
z)f-9fPrN6uP_UD^9hP6hqvvqi7U`f9cT5{|Ur;_L`D-9HwpBp!JuJY=(3UdasTV1o
zoOV;q+c*>u4d=+g>8?(amED&+65yCWx0p?CFO7UTrK=|2SbR)+f2^3R!a5mJ=YCMG
z33PfN&_8Mxl@6OfgxPA2X54gLOTX=wC`RE098jLOz!IzPSAgzc`F+XAj~n3NowZTA
zTx=60)%@Ys3y{TKlyM!2x`H90yRRZUMHHmFbyQ%rxrLQHtX_BX_ld=vVFIG>FVerC
zesvE5FfpV$v2USt5e=ke2dZO-zOSAWcxQnB-u*#v-lhc;w&O~yO5A~f1F%PBbu0XN
z^m>dQzPnXk&LkDoBo7rz^3)0WT&1d)s>eA$gsM0&`NP`U>>h>oX^~OY^6=QbwrTAa
z024QlW$4V4M*Sz_c_Zh24tNE&c7mg;EE8wlTch`OX2s&24x8)MtA4b21TW6Hk$!O%
zI?H^2RuZL@wsJ#XoYJnE=55kRzx|43Z(N7v$G0UGyCpsrZavGP`wt
zY>lq}%r<+r<|JubqSz|=t1x}NkD$+^`#v^&%_lAbsk3gm;I8eJ*aj&ewJ>$uxQ~q6
z`GBKJ&Bp)64QImT)HLDv?CGvO=h>mAsCvVkn<8)a?cJ4$sFqM7Nd+Pv2j?@)e~VAy
z6A-1sNIeR{WX2_wO324&6L4Qmr#*x&1==o
z<+Fpw8+DPzHDbC9_1}ZMIbD|@BE9!d^yNR3JcFNYZ({4;F?SJ&H}E-ox;*gx?qCC#
zP67Hm9h@@a)6}>WjTpG*iRHVIqhCbI2||1mrFU?u(s@~(L+{fM@jat`QES$XhU$zjZL?(ueNLuET`P7
zee_Q!aqZw}ZXqr3o{@Oa`dHUli&wj8F2~3+w=;;x9
zPM44DEOKx-S9M}@3-Pcn>#OhHyZxtrYl3o1{tI+O3CciZC``&j0j?7QU>(N_nA<(}
zvIvK*JI!=Bqa95%Vwz7m6#+%O@gT>gev3SJ(g-A$QmB7<;SUg|zBXssYGWMFTqMOR
zjdT&NunenIuu?gF)R($Gzh8GUIgHLcv=Q38p<2PPYM^i?{i!_J)mev@WvB
zA?ho~t*#q#S8ce+wOJp>N>mjdMK2E&7maWck;nU6BKY2hb!!6aPNn_WuGUSYL#PoR926IPwafODHM8!m&%pn
z2QyOgj*P4jBm;V>=^*(@dUj;|S4D}+4;=RTBNVF`E^_KxTB$r4w4f*BTPwnnbb*Zn
zR+&DWUb7p%Kw(r4>20l8Kjr!|DghUO(*RQ@O~Av_vYq-Y6_(x^X~INVihV=#^TMz@
z{D)-hUjgx}YKTyqtHMn3^?eo#fHL1$A*)^bW>i`4WMZhk2c^oasm4-E_NZr!=^ZwkQ=wUZW9U*CqzLHJ@Y0nH2;
zMe$pJ8EebN^6r)wQ)gXo*J+x6;CoE
z!Lfg$297;(Rfeg%5olgUUb7OWdI9%uMutx+j;Q)x$3@cqYVx8+FJ71wE#Q=x#zk~e2y|>R
zZ3d71NG!>gF*yrg9xTFff3{t@<}}hpiFaz?=5lMoVU7BQyF!!MzdKF=fpj=1P%smO
zKswsMkX~+Jg}y^@V1<`$>jW?Dw%>?mb04LPMM~St$1k;~-kgPKVuXMBP~i`R!09D_
zw{jVhW=A{#MPixS+S*j1$Ze~HTwHklmI3QfBT;6v1n~{I4qmq#^chMf)2w4emY?pP
z8QT@^XX2%T`vav{Gy~s5R~zifl~G(RSewX?wgI_^C<2I`pTS#|D*_K1PlW6|@A#L!
z_eibk0m3Vdb#EV*VKBdd7c?Tu$BLcd#zy#FU~rc-U#ru0D}-n9Y?D>`$n;KqP__V@
zESpPvp_|jx*9EF@B_Cs4(_1kb1rrqu_EwWSi?0*C&*rKYQ(Cj7kC@IExt5={(5JUL
zoR7=j_qe0d`4Mhe)nDUB>N8U>(F8B73-q7mT5%AI@trGTKX1%uGk7{i=YHN_LN%PN
z_&!zZDqccDMCTT*T$-rI_n1Sc{fr*j`D**G-y-OW2jAksp#a=fv!fx;T712pWnXEz
zZ$(yy6u-Wz$e>VHd6-!g;puy7U#F|==CMn#t>zEoSgkIJU%=U~l9PsV6(_UvM5^yr
z>VgJ`+oKV6Om=aGMx<70KfPU9rCx|AXykMc-viD&`ZK~5_Mo7v>MbA
z5n5D1XbNVA_4Z35LSjQaVIG1p1h`F`?%R$vL{;M9
zs)&4NVPNDVUe-}l$E@5})AeA)y>k=UB@>})&SY05=NGvA7)G_}}huCoCdWoyF2p?@o!OP3+m
z+@=7Q84O0QB8}WcYFnwiG&bV#+SCXSQk}M=BGk-vPl{Dx#hnBxN!NqWrq(Tv5?Z@b
zZ~KzU%N6f;wy;W8tfqN1Gv^pUOx0+5!gbvp@ow~uVo|<#*n~xJc>pO4Rz`tHN+f{x
zRZ_|4!Eqk4fN6AHfB!Z$6`fD0NNC?k+_-3m=9w|!H;HBr0$MfI)V^?VOs3Hq
zJX0q}TVbXsuIv8F*xoE
z*530vw2Sc@Us?q!8TMsVSMfEqpA1?vJ>MAf5$-E;S<`WHqMS2-=#hKz_NxAsTK4{&G;s
zHzE2$(%sJT`=~)8-{HuTP^4r^pf!V<@`Zdc_#I=A7wJ6%#7&LFAO-8?fR6F2R
zNWz1d6t}0v@${d(QoUi~xhPCk=H?ADl&u1+@lu}po<@rTCQG}ng0VYzpgJz9K6@&F
z%l6bChOaoMpwM^bdFE7;HXQ%G*b0nIPt^lSXkwi8?a%p!ONE!ksQX(*rOoL1D;7+l
zIu*87R6x)>*(irQ__j8A$ln29yCXhJobN#!=qRpk2UeNIMRNG{SXhrVHBD5j
zXzv80(08IW!LE?uBjJ-TN(G(rz75d6{r)I}Uq*bbjxIowk`lcGcs+{CG_Sa=ANwZI
zF!;lGPH#p`#v0R8t*A4{HVVyuZF-Bqi`U+?$GC@~JOrnhUhX7Z3f=i3?lr-MOihMxkjzZ1wUJ8
z4tm>0>Gpw=S#8}
z_8Ul*haKOi_fFm)=jOhTCQ0O%+dAmXk?OzCW3j-Te+4_^qaqq~`gP0|4D#OeFsAB0
z^_c!xYq9fsIcU_^t~ymv>%>{@>UsO&n=s2n;z8oS%mIQXPov~kA?1~Cz#49xTzWGO
zuCcIvqN9SiS0KIQ^~7pRi>}6F?laP2-_ogW=vCS)N1n$LmVv#NU;e(UhfEgys*I}^
zM(^*lBi=D(!qCy)JrI|Z-fL(5{_u1~czVB9atK@V(ft1Ogvv5@54qj+{^EG*oN@X~
z1i$~*{`Qt^yQDGVA0{fXx~&w$mAIf2CMw6b#>~`-c<{NBIfIzUuGekp3(hXei*8NL
z=GT!KWQcju@}Dz=#&e3Xt-lB%-|?w3kVDFJeIBM!OjO9AHIq3Cf+k-L#d&V|s5vAr
zxGjJG9&~u)PIa7Mw*iBj9t&0KuVPpx6~iD=K5kDyY3plBV{o2!+++|}<@we%>Iw@Y
z?{Ru^UY}M)E5{=V_^!5}8TqKZYT~Q8(LS$ZOR-5aq+0E;w}e8t%bA>}*)-4C@K1x9
z;Z`9(^w*s4p9mLZ9Ld&`HX~1M_Ix@MG@Gm%&JkkXjc$^s9n}(Wobl%_x<;r&?&@92
z2MLpbray5SZ0sGlK{1k?hKg3TNTUcZd7O@V`&Bfd7ZK2&wc%`SW+YXVER)JGsesK=
zj&0}FrF~fB{Et+@6X?P|ZedO~|Ky+BiG%j;D;EH5+4@2o&oU|mavGm^tlV^{?5$`z
z9rT-(&YRv}ci@dDov~^IS)_WiX^sz}42y^^zZDx{wgz(|#L8V=z?Y-vB_baQW=9ZW
zjdV8NusS`CJV~limJf(nUC;!gYi6$^I{R2V8mB8AHuWCO46tNhsaslawd}4Osa=nV^}u7cgbw25~4BVve>$ElgG2|aJ2%BU9Tin(XEEl8+4lo
zj#Mj-rc3v&8y+NMP~y3i5WP{{=uEPBW{003w|_rkr$o1ko6C~eFnvTp)S-`_fUbLH
z%EuEY{}u};*N7GiRpTQc@(K5;XK2=fC7yP@Khf`t1mPxFR*hVvTM)GVJ_7VA322&|
z$pNobDJ(X6bw0I<>xex6Y`wr8RCd#s2uBtJMTGu!rI@dw26XB7&Vq;Jl<2);vM$`=
zR-y>PyzY_39rLQ=)1uL!PaXyt)@Y)L$Mp~UJj}j#e6C|T*B(b8g2jB2&y=#%nTf2h
ziv@XS1VFGVK#quD!g&)*;Q$ecCei7zz%lq-PeXYRFVf$tO_Umzq37o<*$fkGJ!zac
zX6Rxu^6)`LR#NT``T=)2lj`A5;$@cY*HQ1Pr_>{u9qrJZ%m6w~iFgIM$Bl|_GnO^g
zsT$qCitVgRjlin|^afKQEDLG!s=Yn;l<*Xsv^j@LZCABGXr=S*te$=L8dk?FJl8XDIhl0yRLpN|H&
zj_0a>?K=KW`KY)ap(U4jrT(A*Z@~V?>(}Pqy@{$zZzlzA39;G{Z_?Forl>usVvxUQ
zFd*Ez!a-m9RA@!&yCe(?Ps+LWBn+HsF3vu)wd!=8uS$>WCyKTNFf
zYUf0^s-{Y^w^toL4(-k$p?g`bL_gX2L8gfa;;ic(0pf3%H+G>M?Y
zt%(P@N&~mtQULt&HifqDYAJT)9NS&IC^uqFg|M7Apxx3-xp;_N!=&@k+GR}UdXl?!
zHXEqyH1@3{S8;6=ZhZqIrgx0gTd}9}nXeYn*;Eil-se(VF)t9nf?E_KHN?#59Tx26
za_y2IeRoUoIb^O`D5VeLY6kOP9n6Z$V$@m3)Ti&K0j<^y&3$Z7^wIWoqJ_0cx-m<2
zgr3X611_P>sh~rxAH=Tb53JsNeQw~kBIbUY9FFH$bY@JF?5#qJoKXZBhB1fk)7tkv
zBRiwfQh{@Z8KKu!xX*zUjyL*@Td{2cfgFR-O4phOxf?){5+2%CQk`(rrpTAkgl0!Q
za!yO&irN3RRX@7vInB%Zp2imucSaX~)=jSYcqj_vaVQa&sJRVDxA1c3L>-i$(pT_h
zq)vBEf?9rO;PdA^xBd)j#~*Q58}ur{T|VwnT9T>TpR{T=+kUq-yxQN>4(KbGU6@ZJ?mLpF!H27loszt?qE7NUPxx9PWiT>F<;X0Lb
zj;*qi^ICOV60jmxbO2vt<+I%Ln=gk>0=KHNHlvhcN1IN`t01418CFynLF8aio4ffJ
zbYpfuSUuDA;~IUGIp+PajN!>M>B~|6gN`*oULs28OPIdLV)%HY1%QoZgn*j{_1fYn
zpA_RfVT3o!gx~=pLb&?L=I~Buu%kK-Eue;d{%UUcwl&pDrZKMG{-I=1c5}qB5a<~w5GUuo5_Xs<
z65T4~!T<8^MvB@5dTLzDZJf`;4cHN+hbnj0^S&sgrO<{C^qg3<-G
znP`xa1r{iCI99a4-H*A87C(Fx+i5*Ndpk93AKlgg_-^-YoqjF$3t=c5ea&eS1&mn)
z;yI#fSK5bz;nK1JIJ{m>JIIw$8VQ0fqc@92uq5Dr7GVV6S+GkB>cgISg(~nb(gPxc
z4MgeHND4w4(^H}ci^*2<7$M3Gv=
z;r$*2sputj8^hRepr14}XXeH`!
z7M46vKZU8f$?OJ{oAyU6gAS8%;a#i8zYqZ{_V%&z&__wmfy=v74c>8ztI@_mCA$8z
z09m6yEJwe+HW$ab&`+PNis!ZFF38+*7~fsJqajxMnlBFxiHC>hv~F6}yA{*;CI#qM
zS;FrA&iETZ$uP1{-*O$S)=R)db$HBf+apL$l{oVzB1yhNr$Xb_Rzft>)im5>nq
z?Qp-Ox2@itic;pi=%9&rPts>R)i_-Lvx1@btUPC?=@v6{TvtnZHAE4bFxZQFon6a|
z;R)Y?BskoJnTn5`639@4Yc71q#nwFiQl{=`h!62a+2KZ!Q>~aXe;r=Kri-6eYAnjp
z-MCkxU9TQot|dJ$DA&-DzEiN#r*KO%SihEBsZWW8YP;DD9l!ruCtJdHsn%%57(J)s
z`Y{}A1G_8T*V14unpjQuSk@2f&ICP)k^;5K`8AbMqU@{(?Yg9Wwv@Ds4g)xFx0mR}
z$TZLrl%4O(KPjwA)AfgiCH8zs#!ws>L*Zqna=gTZ<+DGdlu&xB@z5$^Zf&#{7e&;$ZK79Lp;+zs(NWz+-ztee)KbB37)XqAjd+!ps<#q;bi3{yfxeSB1_<7MPe+@tK*}S%RCwI~;gD
z=6bB@i>5;1f;{>H&&`BrC#r^s8c$0jp?2%(yCco%>VZ*L(gsoUoMe2qsc?l9iJ9y=
zrX`Mq!)(726<`D{0&=g%K|}b>vHAFE|)~NKM?PU)goF>>AZGHfl`!Cyt`E
z(Pz8Z%5Ke5aFek1aI$pgEXPo$GTuS{Ucye>xw5hh{e;8DLnId$x#9Q=)AM5zA4SdV
z1xFv5DFY{@|AKOV#xCPIU*wI>e{sieiXdy5h$j%g7>~$?I;EjZU#eu26?sp_&zIw01zE5x@se4~rO9?Y8d7P)jRK3lG
z0>f;6z`d~>V$M5!NtjS^C_MA|ph!50>u333brdCRN43Ob=3#5*`o?9Ks6Y!llZ(g;G-&CTAYh=upoDG3+lt4mm--S3|GcG_ihS4J%X+xJ1=i
zR<{T=2gOZ|Sc<1Rr_1l#wiSMQe9gqIOs+Gm9D{G#)%{KdD;5~ujD`D-uEODmTyYBy
z`6J+NdaTI$vzk`72b469=N1J(*}`Rc$HV~h2ki^cb6EP4{<$e86>7^1oNws{g|htW
zR-9dZuK#ni?&pSC0CGae=L_HXcWX!L#v^jxc&iGlqBl(#q%Pu8EwvdHg0s8`fz)>N
zn{~Bp;(w7?1feEgN@k6=B)$tO{fJ(%_7DKnw&q{$=ex)@x~t8pJdk_Ggtk3n)z$sA
z+z)1;sn9Yw7JN`MYzmtUCRzb~^v-55W8dk<-p`{$$ZG*mVcWtcfC`%_avgys=Ujfq
z0@`xJSD%6dZVCFJS8)GYV&O{=|Mf{g3Kg-Q?86f
z&8Az5SkFUNakV@Dnq%sQGADsyt+qBmt;n{Fq7~PFilc(q^yK-CiFyLjr#Z^Y
zkB1c3q`7eJF+4h$`)uGrSM3p79$mv}t|ccCksGqQUPu1ucVYhG31o8mXCUQv^n2;&
z@;S{(8rhrG`NM*lTwBh8i@#LvktE~XXz6Wy((0m4KJostU{Rk+4wfQ4(`=sXkR8d`
zN=%vTN=_r<842Xb+`4J0Tba;`w-DMY+
zFE9-;ZOCYTeDKRtL)iNqq)P_gUi6y@&+1@#luE=SdzIZ(1sK~z6
z=2{hmHX$K}gHw-SEo36SbC)yzPTzmJt$g5hT4Vr6^3vs0aKKli#9J)xfoHvz{3}(J
zUv97-z9G}!dnB@zd8zUASfAkZx-+H9fw^Q{*v5B>;s
z(H>sRQT?aC%8_QBu7jY(gkL6Y
zlWmEHpU*;zQ=TRKqo_a
z4fAk#zq?_H#^&H|VxY)#0I%)BfGM*{SK6SJ89RI*LxU44zCUOz#UNt*zoSRbpvlpm
z9L#&r>%3rqKqBl5kSHLwy1`j#BmXWW?;+{uHe~!c`$b7J*=Y<1({*n8%Dl5aEW_#Ck
z1Y%u^y!m$?fXiHF?4$_9Pi~
z;>@DB{h5qraVC}hD{q~-CWkkFPxE{r2WzqWag>>IJIL&sF(u;N2=Aba9qhiB@#Ol)
zPo$dCu~lS%M!sNi&46)a;bxPlx=GO{6BVcn(e>B&dOUh#++NYqZai5mm7XbDM@s8y
z?5$L?fug7NO>M@wZF&t2Nlqq=85lakT7?y@Ddf%g$s6mycG>Z2te^SrpKJ*vwBK~V
z^XMlMUA^!&^WY7+TNxMY$*K4}P=E?@o<_k?ki^R^qjzOaMP0?aFFJlQgP+){g#0~?
z@fs2tjx2@h#~`ygql~xjM%)Hn?463<6MwzSH2RyVaTw=*&`~O4q4P3d)k71avOovX6;_$TUbQRMa1i#vzhI)dwToY%8*9{7VuC6e~)|@DgJp
zd9ULq_zn#`bhwcAz>gO$S3zi9WFNd;?JPIt2VF{%MLrulXrp1BW8g*A#~L^NmH7NT
zKx`1h&MdbS6I$Sh5XG*{^OT#t93#uC3bJN|?`)$Ig2b@I$>YhJ#AL&EL}>}&$*);0
zV%}Ywv{KI_r@D9Es9&IhAfpr$=k6Yr6Sy6Wtjp{3e2p}aWibXq8h?9{OE2z19VN;y
zS{E)d2@;C1{B)K;D(bMhh5X4plSXzgJn4QHo1XeKrbFDf$DOeLzW=2u=l56xM2T@XT(s!%|^oT)QBU@7RnQr8(Gu*C;=-e5npe}pZS)?ng
zFT0X$6CZvxO61jaFWHcUqL|rhkCGB{HbNCd0d{RgT10W}
zic!}amUTyNfe5xHbvDYo|FZ!;P%0G8Z+tPJEexU=>aS?#<@Gxr<6J+?aazmJ<-&o%
zY6Fc0|NMr3NWs}Djf*_QT|~3CqNN7R*9G6`!t)b3V61Cb$>T-0SRwi-lefd%TpACc
zC<$v*KaGKLI$kX|n9-K(Cgu$&H?St7NSs;SozyvB#~&ro1Ox}dF1)Klc5N9rJ+-nN
zvGr5tm@93=`-|1J-p^Kx+)A!F*-+hEx*#uWeAVz#+2inwOMeOoyS?znXaOAcw#
zi=)Mpmuw8bNTY)>#NXxw6aKN+5BIOWWT9%UVMj#lf@#4z?#$V?9zNjo4-b@O18fXp
z98r;b=RSxNXM>2y#0zV%X2AC&w)eSH$DUz!?WoW5EgYr9=JW7VJ216!di^{V7OuNh
zr7E*@_QeDc$dbKnfF3A#+~1#RXzWaH)8r|%lJB6~gO9bY8_@uAQ3tq0(d;7HN~K2e
ze%1*PjEIJeHpttd^FKyQgd&0upP{BiM?%v@d5)O2{xBmpY2@fv&`&tQR^lq_+-Zr9
zoNOByake%G$_ChU345$mYxG5FpjY^!jpDM1EItgDBDv;#ogE?ZL69h$fjUDLQNVEm
zQh&~+=IZpjQ!~=u&R(w+P1<7Cj8O20xu%qgJ_kuDpAYB
zdFk&_$+d&T%M#4XZ*T<6K-T)`tcy%uZ)NH-8P%8vT}3|S3|EUmw?UFZfh_OZq;Qil
zd%_AZDi?iO%nQd2nc~Ig01g(|FdHusgmqMk%WBehjE9Og2t^UjE-s<+(u&zSMLLYx
zzR@-*??C+~Rk@(*cG;Vzk6-z386Q_1)VC3<*9qg5{I%&H0(SZ|1JZ@7Y^9*c+Ew0V
zt!tTIN0i;$UrJ`6Lxmj%GZh?Gu*x|q2dtvqL2<97goqHIT0~rFoVi#G%-$4$=v7<(
zK$GRqnGpU^09CtOj<4@Qe+dJBn2~-1F-vbTFC0PDt{$`Y`*}`mAVKomVwYTS>z@-7R9A
zU@l_#lMAOokq`Pe2}jpxz8aS=G)ll|ZK}6(nMFQ7|Nq$f3aG5Mu4_e95J5sfxs)#F$QPvv*(^`t-0p9G)0vI
zZNiY;n<<_i9?}LkRy>vqHWVGO*<EQ14jI=<}O=N?tTm^slXN!_PdjB&58rt++mq&8TgL*mQ^CF*rASKb#&}3T!lU4OE?~XS4o^%Lw
zE=fbW3B`2(y%B0U`nRB5^N*^Ccvc9Yt4FM&IU>-(#Dayn&%CYdgiJCPlfs?@o5=kMS)lem|G?}EI01Cn6gk>BQ?
zuPCle_<~WQ{p9$z0U>y+h@R$U6u8lvdvzhM`I;6nI%^@WneN2y|Ta7V$Utq`l5$@2pT^Ks2Q`=5fKl%
z-m0PFoD>Emr}Z?R^0FM|^nG9bN|p5rRK8Oi*`;`bl8M-vSgt`?q1VjH>#=sao`l;O
zFnAv1%JExDend!+%EdU{ca5
z=g5Hibj@d#Je+Ijh-3saSe!C2}7h)oY7uK5nE7oO?L|8s%tAozgR
zQpw5erPE8ZKImcCrXm$@J7
zvdZ2%Zs)->Bp|TdWTqr&zsUA5e9qq>O;B!P@g)94Lv9B(p>NFpfNhbQWmwDGeGxpt*Q&;$o`BIbuXvP210`!MnyGh01cmBi>HIkp=
za2Sy>jLnzMg0MT`$XbtA==>T-I^u`ru`eIq#;4+n~I&zdV?0P`Wd7KI6>p
zQKPTc?98|}^$yFcT(B=|!bIz-QJ>~eu^Ib9U%3-+K5F=4lI&`t#CH82OD5rnHnTtI
zj?66cT>Dn;-fJu7n|X$=T+`Uj+kI_S>BE^-
ziT(Ey59&}G7N1-nk6=k`+Ne2SEbnIx+^z2(Ox)fD^A3H87J`nR@$Fhv
zhb~jnvPOmJesC3Cza{YsAva6*D2(v6AxkJ6HA
zkNfWjH=^iF)VQLRn+(bKt1!5N4z}!{X;ua54iIaQ~l{4gkXLGGGOJFhVu~
zaf1&4v+QOU#y=*3Q0QG+y&d^)^_CKq@L?Pc-NkLuN|eK=3hA(+n>ccI`w{oX3y0W$
z36bl>o3;f@FjrORBV+=bIB6RwqP@FVsOC_M9)WfCkLP%5{f%)aJ7u&C<&1B_aw&ge
z3Og!1^Cg)FXPn#8*3(MvyFMw5K;-rH6ToPnWw=`saO;%i5xi|TO*uVyD*c!XgBpeP
zzMx|vWbGqV8i{(h&t`$7A?0Qbt$7`T`W^&M+Z#~)*S{r(`J!~fAb$zVl)UVR1?0KvHOs}6CoetaPOhG9!yU>j^#afy{lz^
z8MrgQ-R&Awh~F#P7iw^TV>gW?-Vr+ERGX^s@d4;OO~v@j!y7So7ayB`z{LXY{E>FqIw}RLKjN+f}Ig_)4u%o8QT#G
zI_Uu^uFnrtJDyt@&mSXMa7UxUEQH>_|C@S(4?K|j+kKcX>P^Ij02sW;)6`Jtn{GXV
ze{vhm3oM~%=)-{WLe~BW
z!6)S4M|@*6JkD4gd9IRHD>h!@o6P_=*ZoxR6o1@_kGg#m_#+t$C<6^v)^F4H*j
zn0`}qT>^x&l^e8t9d=?pJ)1n8eHqVreAzpXj1ii)+2}3+&M?g&u~iI8eJGaamBrBY
zHdSQ?eI6E08d$>9?_)jv6xc@(TIyXU9JxMgT<;JbS!iNSpRaGbOMzM}UJaXTbJs!h
zJ14($=z4|vDpMP?QYMlboNH@3O7Ppl$rcC8I!_hlYxwNNwLRjAB2-MLPbbhphl{b0
z`5_n30FwFsqX_~_;tA!uWyhMe!IHuOR&4uez{+(W6?W4^3W7KrArZFj2mg|hG%>HIV!-DpFU1Dcgcb
zGN!N^0)GOAga-TUa>kq)uGNJ`-gFm43}~leFO8ACP|7^3xn9lT&D}
z*}xiLI-Fk<U%@Dy
zwNMw6CV%|d5OTg}LEVA#5o2O%O##V9q=_B<5YwSy?$GhM_IhIDWyEZd1%(U_QYue@
zYHnoe(Aqf$G`slI;3HYAKFZ4hO>p16W=<{zB{)BScqB*Yp_Yf1
z%+%^);)}EW(10t=8Y@0lDJA9fVZR;OfP^9(u_754#eNT~S2o%5rE#U_KBtQQ+=f_2$CzQ
z_fLENL-xLs&9ak>eOzlR2ARMzwfF4NyEY+x67AYWu%8c!DeiBV_gQf(W8w=Z{O)f9
zb#thh^gT$mejjHnEd<%Qnka9CcDf?AHC6f_H?}}@Wg&gC1HnbtR0k@BbG7Eb@`57m
zFc;M~`@e-Ya_oMUE7vKg_}$;tv9q|%>+aVr!!3RMv|3#3>S}(Bq&jBe>dyTffq+sW
zFT=QmOv_Zjvv3X@cei?Vtg6z8KuZe)nEnc?zJp#md9_9bAP1CRy=|mZ^eMQI2+c+t
zD>B9XX~bEgLK1VQ&uij;-8Uehf~3Dhl$aV�Yt4ef?QGq$MO)A;HivZ%WA)Vs*<#
zn*h!h7x8z+X_3i_-S|P(SKY+qDooVI9yVAZx{)Q!r
zE)k`rZ^(6U*C!SoTs0KMk@>?%k;=VW9%1205@MHJtbsaw&B#SKGJQuqb#`0E;wA+8
zJ!$|#bxV3Cz?GT_6!4G77Xjp@Ju>3MJF^@6^?mT7*(-o{tJ~d`Wy<
zzV)lsNE%nV@{#fp23I}^)?_%A_pGmrW)g_9&}$7BWfa#`0`LK@h8k9i!vUHWI3
zzv18iEUHjDES~$5&4T_DxSrF;0FVM)F}5A*jIb2^pL&!#G__t9BiI7sNzlyS*+rgs
z0wJ-F{>e^1EIAdG#8r(G9xX~pkPUAXBiW`s4AVzLB6Xoc>+6<+C9JVlr-No%(NFKuA{Y=5cpu*@EA9p+%?QljpmMUky@oSD+=Y7L(zx9?ElWl(z-L9A37o+>FgB#vCoWvyR-EHllQOpZ*R2Pd@
zp=UTbwKE+mQR6@_wEu}2S}m+W;$rpcIqT*mH_!0|b4o_uePxx;74xTxYHH$Mmfe73
zmd0F(SutMl(8VC_FJB+vP*AZ}>T&*Cg9Xs60gCw9bDBi}{JjPA)3#UEyZTZH)Gj(L
z>RWU}iIIaBbzg*!TAU+Fc96cunJbwn@x8%HC?6wn>zIrKZI>K6uemIEvTug-UnT*j
zV^gFg3r((!T20>TgskXA8qFgIEJL
z>Nv!TSRiZud6iAMaH*c7y`w|>@CU!hFxkSzp&_!V+`vl{KYhk}We!;c+HADhpe4;Q
z&3<6*E!oa%wI|V5n&K8>S>t*Ox!#Db{;In*b?T8AUkqdd56Ca#Sr6g_23UieD&xo<$tPVf=v3Vu}2y-qC@R}G}d
z2N#`IerJ0P&R(X{46nJV$@kAba3$km`Bn?=fj(ZgGNQbspdiWBhT@*SynSr{tk?cO
z<%>4?tiw7wY00P1@dmSSSxr}vTO9rgMgc_b;DghiEQtemQ`c|+L6r^D?|i88#o2?j
zM@T>3T5qt9jmo&vQ6ojg2ziM_8F26FGW_{Rcdzttjo(FHYMW
zj872xok6;TiUMt^a#QM*VE4<{gttm5;*r|GT!hU~RQKpUmA9F_59PW%-k9
zF7+Teec6MpD|hhl`JEdm=Kq2?>q&lgG4Dz4>ThVclMt3zIyVva%&e?MLu84g>p=q#
z#>VS&hM
z-*p^7$$W``SY60Aa0$m9nslx%KN*a2*EBw|OoLui44OZ+Qaa
zpI0~O1``J{uEn=Iyi|Oy>{IOKU$!(sW8fe0;b(3v0*EI4{nca!yay5w~nS2S6fj-G2Ad}8Ga~Sl(b^l$;UQPb$>n
z_pOb_W07E7g84Cof}r?b_ZB$9=YUYXMX~%t62qiI~Y$Ut%dpGxy#kr
zl!d+uS_LpOB8D#0v`bFAgv)HXyH}k9=MIuo)$9j9u{|%>2)I^#QT$gdrz>7OPVX%Q
z-9klt*Bl@xa5YYQpb@>#oMg9J@XH3!Rz#(Hg|E`rlHcm};JM63i3$SsJ+8Esf5lXPHJOW<-`JUgtnb4=S>JUJKht-elDRZKqZGt>
z;y-k&Rb|O58pw=99_W^;>N-kjZjF7Bkn;buA;s{V_U6=hpCinAHmk~5^XY~}Xt!^nk|7zjcFNn<0k19;2O)5h*vRJL-!szI#(rK8
z{3WuqA0L(&J{`+6fR~fz7h-`Ajx&{oc`b)HsSbMt&O<*c357-m^t
zbcSTA`Qaq@_Ud5q_vdBx*4R)RSjU8-)`E}UoRgusFJ)`3#P)bJ?oCgrdH}oYtSY8Q#>x~7vg){O+d}{4d?k}r)5NQXR!l!
zIa0Z}r8v;g8(;otG(PRn`L;1mc@scVSJ?=!gIF5Fm1i-Q?O?lfAX`u3yqBl;=t3F^
z%L5Y@@At#QHpc4{4MQgtaQIw{O=JESS@doNHIE}_I5b}9n+Qt^E2Si#TAqrUj9hDM}?bztSleNMA=`#>yTX0Mgh3D+XV!+VXSP
zBI)q=<|nyA$J1&I-r$F#E%2Xm2y9`>exgFze}aYE(ofdY^ENHsI-iQ%tShEGLyUy=
zLE-}5ukw(rdwK?jDB&ClSzHyK+iG$z#!qJ3_yjgNmD=uaLDBM;b&4ve#f@f3M)!3c
zeCG^t9y
zB(B2KEiP_rWgYeQ3+l0gz0_#nzC^~%#qFz)1;2>-{%+1INeQgEUr(Ab<;Xq+lanVT
z$xiCvzauu~w$G=N#uFD=LIfoijd<*L`50o-5@8RQI@&IT@3OP~;*9Fcvf<#Vlx*#@
ze%vsK>Z-j=U~l1PaB3!J+;ewG$sqmBtY2}~)w#NQDFZwH+Ek^MXwQfG5ychPx0}BA
zx6CBT@DtVIH3wfPKLc#6}O6{_Tgzl?)PfJoyE$J@|xV4
zb~G=}PhLd2YI1Y2S@55nb?YY`}E~u0&WaQkZx#p-I)0+a-56)VZl)?=A
zDxJUg@5J^rXbWI#@sS=J1D^(d!0)73E9!+??60e^1M{TJSPPBaf$7<5f5Y;t5d|*V
z8k_P((03Gwab&Ol;kN{X
z88&2dYb~v17Q(D%>KNhD^o4ycpo*3n%Vs$)0kU4Apo2uBD_+ryy6GcpT3mWb39JI^
zasSzegzVR?47n}NlLvZ>)vRX_GKe4
z=-G{0Y}1PgDCa#DlBsw>5sP|re45~IPlm>NFU}QK5fxK$0tLsfC!2HwRH0cW5v>XF
z_XJC*H9tC8PGnHpl
zeg-yo^$S`F_!KFzP*rn~$8Nm61Vq?;2BHfs(P1rcOyI{^T^u2@9GEAE<#~>Q5VV>+
zjs0KPd{g~(hGqaiqI#4H>8QM+UnJgV25;2*0D1-yGaOSc(Yl?3La4DXaa+4(2e~eo
z+H>pnHT1%G+0kx1JSH2q1#K(1?6snc`6tm;5+!lbH>u;0B|6I~{{lKJre?
zXlzUDlxN>A0gqhYZRG)GB+xAQYcuNg0q+`UF2;YV<~L8|?Y#}%IUYg90#H8z$cW=d
zN==l?0^ef%0tvpP3HwLVqiJt6+|Yg1<^-E^QQCt9au*&EWwe5`7ZCA(^Wf#Er+rWp2V`G!8CAKAL
za3B;niU=P2CtvcLwKfTZ&8U5fg8*EcZ^5U5@Rt+U^(!6{iCVl}>D(g~K|@3wxRS;c
zZnMhEC*!j<7rEECCUjKC=7U3GDhD^a1vU&3yn(a)*=S(f&Z>c+C3zX?W@?!s?#=&<
zw@79&snzJJ-e>CDD7|^E#0^9vF+`Zzr
z-mN9}!{~bGRL6^0;$lmeOA7>pEsQ@~2&SGwYRgPOyG^(BeuqLiwX*is{@&we-U@`_$9y1fFinM<$eq@A?2c!u0hTYl{wWdiV
zMQuJuLui*tqBPrgG*xOnXo9RHL%({Dq8bCV8!A!|awv9|YK>0jV
zpZUY@YwH;8HIyhXSbEu_nErUsSD(=AC7p8KEt=@XW~O9S_@&duwB(Z-_h~WA1Q&+g
zc-=9D0zsx@cCHj26n4b+u<#GbJ10jG!1M+uE@j)14WZq!zs!k&DwiCoNCzf{q&$Yl
zVfg>=kTvAUUMPtOe7V5S2?e+s^H_tgJh5RUSMZ1WwR$t$k`?{ka~5R`*R6rKp(CXf
zF%{1K@}_~u5d%QN)XV27IB=egL_m(S#KJM-boN`kuYiP1#Oco@`tdpIy(B%+rULnr
z=&+yqzGj*>s+!cQbj`)q9SLDS|Iz}q0u|nr9IKw?WXd%@I9Q%MY*gFCkQ$pXk8-Eo
zz;Kr%SyWX;Qvajkq8crVCl8E;Uhxf<9Z-S>{aww`#e6XQp8u2DJKRB*S7*ZTR5WRw
zDMVsHZV1g%V$=0LU{>@01u4)Fv6;_Uco3vOc@%+8XZ!QRyfE{Z7XqvcE8Qp}31m%5
z4@f8z^!%r9klq18de?iG*o{Qn(0;Bb-e_XYKik|$W0$nyOy8!V7GOjvd-INwV
z3`8<^M_e!v`mNVc_b*vwuPD%%kl@Tc>aLhTe1hpCM?bb1_tG8u6Q87^G$(;2)od1Y
z{I<9)lGKNu6AYeh8hmbj&2NraB`txa!m3P0qPc8l`zxj>6G+UJII(m_;uWr{hEK$B
z(0=$1M-wUBJfteLpL~{^cL?S02V4(hOTE1b=|?;b7Rx!Y2csn#(g`G5-^cDbA*q
zQH**T|Y1`>b&WsiTk4#uSLv$
zA0*feT9l|kGu0Fxzr76!aGzHbQ8WXT0tO2V{!B?BR>-Y%H!0J#_{pQ^oSsGkMIE(T
z;qA2L0Za6%1|tWtK(q7LkNW3BlOJ>oKchwf602MA`G8ZH`>9*Eo(PC(15A&`HoLy#
z80>G6ZI`e$nD%C3mJ*lSiS>3pjUQ@+RuV7#jUtu=%Ge9+aNRDN4h1^AnRY!0E|@Hk#Gi?>puNoDq01NyF6Y-K)bm^pmqu5H-cGS2+lwVspyAF%Ji`^2GO~kD>WvL
z%n^FZFHk;Tx&2Mz1fugQbY*hOVgPRTd`t@T5`xibU6=5K8Nwu{H?{S?x6=GdJda6k
z=6JI>q0K&6xyZa@v(950OePRSOR|pm#e`r@UR~mau20-`h+(3)oR4||Zpkww=B||i
zj-SemL_btwjubt#z~BqI{}Y7%E2IP<^t0yhg_|^(k0Cf(?clW5|GCzI_z5B$1Ia7}
zS{p?h>OE))nnS>Csq2r6)Dq{7ee+tMh8ffGdF(mIv$@pe%&J15(S-+3OyNc*yBh?{
z%Qr3ma|Rcj7b*K|pkiWYF)GYYSj~5l?M3ZVQo>YMCU^r1N~|!IC4#iXx_7C;Z^QEM
zDKd}-?|+K9leet0I}RX)Mk3_@yH8{xz4Ln(5;16jdjWq@OF?s0#MprW3yeZph6)@onq2|@TXYY5(S8#_nT1O@m>cRo0hv7CHS
zcE%eHV>kg&$S~lO7d~RPk^<(pI4Bb2l7E9Q)Y^}7Q|z;$P%H;|Qh}XUGF?&Or=0Yb
zGQ6R{C3Z12ICES~u)tZfm)yW7_|>WEYlDpOG6hT+r$6MuuUrl0<^A7$^JcVf=3_jl
zT=_est1I_#6A)XX@!faw$gdH=3g@m|l>vF*@_V<^`J2e#qpx;(H|fSc2Ud7Y4G*UO
zY7D#%{@s-~iw}4JM=KVyTYxv-&Bbwi@dYY8{)IqJ2-!-Cm}x}6-JM;Gm;+f%;r_%m
zYdm4$=|9$2;7yf!<|)WK*-guAOK^z=nlKApa&k-J?SGy>qcK5p!=fSCpE>Pu?Gh(Z
zJ7fhj_OvCe|0@Fkhm;3GQ6q(bCWsq@(v~2Tj4uwHB{nQ3CO>VlB~P((@Xt#Zx0%L>
z;2iIrkcZ)lOZOHG`M!0V074_Q+dignmbKvC-EA|`%gd$t2pZg-Y;i0y
z{yyizWs{MRs-y_K{wY52w9$N#l$R|DC@pxc|0VwdPXv86IRT_SXUH4{B4vI#
z5XhmJE){G}bb*A!#k<_LVcQR{u83#Z5Zj0pi;-^LQA&t4qoB&6TMt|!002pryP20b
z=1H(^1QnXz8M>%
zKP(bQQBGCq@u~duwXLQy9QzGO$S0g>o?-rfXcY|5%4zXVAEcu8HUMZvpN_P^U-_Wj
zYWvI=(0r8zc%|?=E>guNm~iT(a)3^*#xGs|p3}+SbPue5@om!2fMByvLifQj+B#6G
zuigUYAR;3Q&ArZhyT%8&12zVv5D|AkaJ%ez;OdV7J>&u{(eEtf~<4K
zd8l|~xE_o)4tj;tbc$vb@`s~REHX&#pg5kBKdJfYYTemzPDBSXD?L-9&OA~7lS
z{V!109fi3M!2%nJOJ^$FoP@6_(_S^z!!#`9iF<4+qZ|lrKv*i%CePH_{zn6`1PW2j
zJj@{o3_i{?HxDv)gT7-@lIwlJsuCjmgg(DL%2^ffr2J0&0I3`4FvT;_jSON$Q)H$R
z23{3=xpP6Efu1oC7mLgWE$RzsV*NmbD;?(v&oCtW_6+HVAjV6*tJ?5lkt0m$lq!Vw
zT6R<$NSE^8=K;UefgUN(UY8lV?trF)vu%vM(Fss&y6c}ahsC-W;Gm~=ThxGWNJqwYEI(&w40vAA!UGr~>3HVFBd3baBzn^3%V9yW
z&U+pn_{54;en{j8o(sRqKbp<>C%ZrWzFVHI_8L^mA-RS{`;5Tpgi}AT=c90|vKoC2
zS<3a%`4mGa`_~r(c*3!kc7dDi_@n&m1xCM2D#F^@`4=v{(cwKWe%X>g03Z?It?ckE
z8M#)zM?~xEZ~wz4D6Vch`-6WLsgrAd^W+vywm-t<@(ER`)7FKa(j(TDpR
z3d*0|jozaCbR_&15I+uF7GHhQT@h9nOZ+v+K!>n+v*@r;XLf)@`4ErwLw)g2KN2#WP$85i}v0u9^I=_x!+<
z+^n51Ny90N!J@|PE!kW6+w7=;0q_g{9%T1!Uf*|M(>9={aqp+YH=E|Q1`R^#9b1+P5l)5qHUcb-Q3>Y4(0{&(UN&p9$C=aaU2GGX7;<6
zC;MRiT!T@9Pvx+3tr;m^-h(Tqnq?(9&6*h=Xk@6;#(wOpuk~`}ul)cUlMHRiz^c#=
zv`KP6`^F^m4hL=*3r2Ds+m3bi)|=NyRg(VhmJBf1LYZx>p7K-hr!@niQOXN5q7W_dWcn?DE0>}06(i+6!D1@O8K&`n=J#gB`P
z1n%JklbcrdB`r9}2`ZXkNS)4CbQ@;pv|#67PF@(6KTJ$k%k5;^m*e3=jMW3Ob6YQH
z0f|w{%Lld;+o}Beg~ZS*Z%A6EF4B61f58JnIb2%No0HwhBa5fSUtblz4k7+?
zaok)V8-TEkd47)l&0-f|RS1=jez=sVQ@C6nFq=EN@<7%fwu1_F{Ep*UyaWr;xr7meoj))sI3>Q)Mss6Zrbhl
zY@d}Bm5EtdI0bFo_vu9+jcimmWK90tuG8KoAz{c5MhPKs-%b|&=6R=Wh8|9aFBF79
zO6?0hCay0z2NJST+H)0{zBj@v2Iy1ph~RlpSw_|w)LtgM4kQhwAln|d<5#w#ML_#7
zn=yW}!&IXW@<$3fv~g9yK(`9(Lt!5BBa$(RYM8cyoE$OV^lkOL#IKll&1*$AvzTCAOP3tgq^_r0Twwa`E`wZ
zl=<{t0RBi?agI7}W~oQ3jM^9D92V2CH{zrWO3UO^759fdW8iGZ$u{eZ&W|=@3cSo2
z>#lQo*DMK@%Y*Q>X{Aj+6GST(uI-mww{MrMZ#OQEE{RH>+Advt<BK=9W~<(q|UB*|?Jg
z{tptF_cFYQmNF->(Mmi^G3Ld~*4<$#;?f7EwEOplyiVOEO0H
z{CKIBf?T$yutJ}Wh9n>trCmbGa8!gJF%w&pQ?YbLSc|J;HqWgiFd#XSeI|wCl>3^-
zwQ)jibJ4GL3$`{CQu~YcHs^70HPZ{Hin{&2<@oZJM>$%|(ysQKPb*PsH2Xt)JKD|I
z&0z!GjWxz+$RnDhNHKH~?<2CX>K&DeEcXt+JGBXMMl2lNw`JLFJfBnLEK;b=4q5WN
zE)8+tP>VaB@vA|pM_$j8Tt><2sQ-Q@+||c+!e;eYQq1%91=8LI?RHxUrdg28i``K}
z+v8rdOta|cdHY3ANcrfm%8fn8m<-6Re(0ZGB%JPzG8eTi+bv<&XTk5&x;aGDTGoh2
z#0>KdT<%RgSalzJE&ZcK?|ohBNesU1hXx_8vHVUPHd
zFjy@qhIJf;Yb4!0OCU7cbyL_S2AF!K&f&J3tuYuIizX3EKY
zWF58`r2{tKxjfHTyRuVyl&Q+X@*SxAxWW~Oh2*f_
z4L7#8e0%$zto|#+Cmsx765=yU#CCtL6_EEhzkA_$C2K1&Ld$Y~v@tBsW;sTg;>p^x
z!$a}m>R@%Ux@ykgQvK6jV8#PPM0G}cCX9eUA9PQEQdiKYwNtw;X*
zitg8@!(#i%Ysz`eliWnfPn@hMq#92~r)*^c*ld<_5gjxfqlebZdT2(D>*bQ2XNP@<
zC!SNshq>>%sM(IhW~C86e>3}=q5L+iQ-n=+nn_7Orje$)B
zEL#1ZQrDe4v0rQ{aUZG?{54~o-7^pp^Fw^%C&t5>>xDd?)zNgXZ^d9#l}vTXvI}C5
z5$W&a3_$aXAh?Gfunt22xydIzsq6mq^
zKPibIh9`c_@4bvxco$w?wCVjan1DDqG|vrDxy6Ap$k=_J1o
z?5B<2KOM}?&DdC#SGTjGWiv9)`c+I!#(sNpB&FAZgbf{rF=o~L
zL8Y^v{dhp?ur$p4C^-%jHgv_V<&?u?JMtkuJ;Zn6H{iX*<^gZK
zTu;1KhPF#XJiYS}B^fv+xZuL7!b26Kzg?RmiV9QEkS)y`pctbop6wEqI8u>D=8nDc
zdeGK(m7Dph?876*bhql$FG_{vz{UB2p=3Z61$o}A{nQ8=jDCo2IL%qGWbJXC&A##!
zRx7I&9iQi3?$#kpuq1xuVCAg;i+0V$=?FvIX-j2^{+Ps64STYy9K+gp@s0!75C_i!
zjb#L_R&CbCAw+upX)kQkqmB3>ndts?9tiu|kNH@jUIz_5FwxS)>j^f@w7o?uDt&>4}DDVH&$YMJ6kzS5Y?^Yd<`P_fF=
zaSe4mvv7=KsU#J7G2ZIM;{KED8hO5XF|}gXB=?KcO8=CcMVA4j<(DE%f+etos0B^;
zCzr+Exk_0_RGo;eEKzUY!ksQwV(x+280{sP_Y7!!AcS`Xo!2@!>&+WXew
zH$1_8b>!M|xXbz?Ephb|^F&z;^?n0$>vo5+B(n*SgnUFii(PjSi_Z>$$B~
zU(nfM&lu}ndd{_
zS&H&3J9F1da7EIxVJV>|{bK56jdElxPJET`>JEPzyIj`C^_R|U3cF!pe?H!34Ex#b
zv2dP(W!8-kV1miD*=wP9?|#Y)l|nT}=*nc@9upO5Q>w3NsT0t~hKWv%>)g{BQgGb3
zP$(p1lIOj!|HzQiq9YUa`NJA^J)yMN)ib&-DGzUImE?CNfHp_9|9#~Y)(Ks7MM@Xzr?C-n|XM5Uw@fFO<+K-~67
znQ1ly7p(|8x{wBm79`qf!h~y%K(NmtcAWHAY
zzBlokxs-y(0DR*lg`Wqgh)@cys8%)a73=Feto0+SueMc-jgC>nvC>4r$~wmRP-4Ss
zg=}prxg9bLb$sSfWGRCm&4Qj<%xWTN9}PU+GV*
zHu#kVb5vF8GBcGq-3t(_7D9QCn}SZ*sjqK3tpax-S`@U3PfO>3t=Vw>t_>-
z+T9d{~R~&{;oxi_*w-2$C#K}e5E|)$oqCA;S32g>m(tbO-
zS#2y>lpL4KWWDgO>+*Fg&fG(n8isla1QlIpeSpN$xWf_G9#@}5?Cb5DtX&p2Ls^_}
zZY<8_hFFl$Op37I#uMMF(6oOiz0qJ4PF7()!N8iU5{z?naW{A&qtwl8iO0E>xY~e!
zCT%1QvAu}rd9IxO#}HvjuNbUN#{Q(ronZD%m-+M{ZNBRulC&c_-Vk7|?Oe+E_dOK|
za5b*>f4Bt@_2l(w(NMPX6AQp0jr@!fHY+Ef_RrKwm^J-;v)xnxVK3C!(@+?0*Cqpq
zy>t?d49N$>ncgvgoSTbVL-<3S_oH151=F7+YgPc!$2+tJN7n&No=X7HeB=7E{s92;
zIONXG4A1iN)eTKrSYvnlV~d${K>Zeuqs-{GHEQflTnv9&=cxXY>vVgmVN6brz0H8H
zHnNxBX`l4Y>wHPeM3ryKdcCEQA%=arlYWD%&ha}XfV=vQwiz`Rr$a7_N{8~$aam-t
zS1hEt+HU(#U6vLrgO6~WX1db22pBbrMR1e$WU=*zgdJO9V}ASE$w#T0Y}US%-ES_>
z+jj5@qwm~Dxthsq>v?3h%i?>N#&wwb
z^;)*ud7e{Bgn|Y^k;`SpIaS*`4DG=>$Kx=w#X^$ni(?%!5|^Jz>}_G5F($(vdrHan
z8+|(a@m#V=cxI|-uqY{yuHN&P;+x8?uMYbcuO{w|diDghrf&@x>3C5wH=b1NTotL;
z3Je#{kkfdwR)EpDh*y`4jbae5G{yrr&eS?Gl5OU<)bZ|Ji&`xTou2bo@AQZ9WZU8_
zuFK%Pc4yP>KvNX+i7WpOXzznF#ICeZ>&&11}|@m(C;9
z4*dZXqeUXeXUN12U(jQ@tP+p-$OkAm^HqH6NKhZZ@r3%O{Ul!n!xwo#gn0gC$6ox%
zs1HAoE8W%P)fDW5e?pQvfmqjw1`Vg2_*)UZ8-_{6R8oX=as3s~<7#q4MkYXidpZp`
zSm$z=tid+Y-;g`TBYO?>lx7%?zcGwyNwOj*cjC^guiO7d7GG|p!z9Lgb%EDq7TlOf
zBaJsSQg^gJH={r55!xA$(*54eu^ka@l_NTA^19;wV!OB%CcP3|7CNU&zBUyyQ>|%5
z$c9r7nQZ4&D31kK@*L7pK}Q6WL7CQkaN~9BNB6N>r@G*)UdJ~)S9^Hvd1e7;vL8l8hE-0lPqC__v)sl|1##$|SA>+40jOq?2qJ`)-yg_={L3B|gau56~Kp{2j
zLjE+0Jd_yy%e)Ivx23RyV|t+Hd7%zp62J_NtkdWE1
z&netDOKY)}5Nr4Yedx&Ft*7IOcn{o0)D6t`z`(gvv_kS|#^oKpdV?nEKpdDC@)zsG0IW0Qqu&kd
z6b7tQ<8a571(Yo)YSD&sVGNt`4#!;RbMN?#5&ls4{V14(h_XBr@Hq134?_SqT!tx3
z5*3mB9J=9VH2T2(78z^qC>0k?8)s3bHU4w!t2?N%5Wu1$@huLLs$NAtZMRP5r^9g>
z0ZZ+ga9AYk#Oo^aOsHwaZrM@A78rVB+Bp?Y{LOZ>#*_l|hp5M>$mj%ZQ@%QNL{_Fb
zwOI6jNd~zEEr}QgdY$e|0hJe7z6%?9meG}b7j!ujB|KI&gFPHfIWH2m%|*o6)~;~wWo_%t)FsEpb1-CRcxEiPcXfGJetE{I^GBBkvZPj~t#A&Y
zvpL!YLFN<5MeCmu1H;@;TeKGaM7R4l`Ig$LZTH(+S&L?zB)zKV`BY4`CrX`)COKWx
zcp{mpQ`etJd&?L<2X^y+7MuSqcwsT%TRpBr`=U97Of;)igeb5K(89UsXm@+wB~8GA)nJmJn_P0@fpVW4=kW|FbP*{3#y8x;xXaDseqN31nXaDIUJ*h<
zn|JsFWpDawik2^*f}0_8j0%mUdLgmxo)gcB?y!38Th09+;?Iqq|3e+X;fOo`AL<|>#xV9lE_0xM=ygoV+!GLty@I2t
zMF*)Qz{_q92r6_yd}&}pPY}RVJ8(d@@dRV^y+(SvS3bbE&z;xOOOD4Sj2s71k>z!_
z>3!W;r=Ue8>=m6*@Szy
zf-BW;p(_@jSs%=|=ecJ%U8y1FxqG;3+w$RfMR2rOzao39t)nmEokUW*C+`&k0p_I@FiW
zZ+(aV3!;c$M*$M0WSjpEoQ2uv;JPNH4Q%~xBPsToyQGy7?w4OQe|w?tKcIw)5D7f6
z2@wUA+DQW8!6y)d9e)7npT>0~rvnj~{w{MEY?Gp}28ObtC_UI?{P+D_zo5{lG5@`D
zYNJNVNLX2)1mzTF&pkS{+~?5-Lrjb;kC2
zTr4+|Du!sLMF4|`rS1CMxxb)eq)7+TgahVk@@yc%Aj?w`=YHJxSh{s_-G7QvwlU+<
zzdpFeF%m@H&kWlHFkm0H9Li++u#an{r=1y9zJnKCjo#U+Uv)M9P*&75y|Bx4`mL;X
zgkAy>!S=ZEG&}4#;BcGl5pq^|7Gwc#I-oR*&Z1
zdfxZ^t2hQ_t@`RbR8Zmr9TwGJ>LRn}hm;JbjVYfZtj2Zx#r
zSA%fhx`<$j>;BS}$AZtqJ&8D`%*7!v$WQWYCUs&xyw)-@p|F<4@C0m;kw+Yr8usk4l-v>kTN%0LPynTY
zvK0f04~>UcR7@+m!HbE^GEpT4hh6}%MrOnVg3nBjYCuTztp^bToZm!=1G>qnOE!R6
zDSs10a2f6#pW1*KqW`+pIjO$|@LMC2@3XFc%@i~Q>~{u)t8>Q>(7i?xR6U?Wb1fbB
z%rGN_DE%^i^JNJxi@ondd@j=PoS(aBx5?C)v`-{H>o-%O=3&^j57i#whYd|Un6v75
zID@tm6qdiBK#|H+CklQLH&$^<(pq1AOrdmz8jx!-WBK*;`Cf&9N+68hOQ%}df9kl(
zQbylLL9k@pt3!i1qv!R!Wy`XoIqhM8XqcAQb~F_8Twm@bh-jk#Vb2r%k-B2@OTF6E
zhn}{bdW#9G>f)U7Vfjb$4oc}63j{ff(S9is<8PGow7Whbw&x97hPhI$wm7t0@{Jt8
zFg}`)+BIIQoy{0da&o;Q;e=zIZyWb7SKNNo_=^UIbHf$+8cIjJ3*gf{iC3Q}SKu}Q
zR3n4vmB!VDS$*8h1@RO^$Z^;lsaCY8E;`S#2dZ(Pj)HC>%YUTyEtgA#bcW
z^-!yJvp~aXAe>r`@!h#2OB`1u{)h)39pt>-B|#E&Ci-KOkVMlOl(Bxs@K6i(?v-e5
z$rnTN+FqXkX>9Wqu=X;yT1R&|MC0X$KyV3x9gtX=ly=a*7NmzJ>OIK
z+4|bp0}Q4HPn1iY-CydlNlgYwU`LoT1j%PIapurgniHy0Ye-$qm|ArE1yc9}S!1Ia
zRq+00Q&FgV%yjp)_v6+p*MME)6BNC6a#e%C`?6T(^g`tzUhHOVZd%^)M@owwsQ9kIo(lXZBz*RXQ(Q&GQ-!qk)cD_;d1lBDE31ky0{zSTh
zUb+Sr1|vR`XeMoI`t6yKZ%0CD_%UO7A1mLN$5|mwLC!IiB7cUy5-e+3Lt7M^y8_?A
zV}fCXXV6j0>hFWUO>?xrUVSd}hS}Sk+d{tA{GOle)(@tN&%BYk6}N`jY};jSWT)P>
z7h7N1q94y^TZKBn`g=w7>V&uG=(~c$l@c^~i7i=euEur0fvuMF(o@Eo&-jK91jg!f
znCE@XOmT>~A+CKxIVvi-#zxDlaqK0d2V_dF)OoeCPG6S0vc_zkT#}Z=7xob7=jpve
zTWbfU082`glCbm)J~ZW?V1Bn3O0}BV1q6wDU@lDj3Cu#&SIVT-s8@~Hh_t2
zuYavlbLs&jXD|2n{RAhU!qo<-AW%F2N}Q$n?#uWPftB%ppzs`5R7tcJHDaNIMRofz
zWINYy^c^P)r+K!Bq>MK-%?AhU;;=gqGqpJxNci@+LG2X4UiyoGmiN0c*t}C9Np&j+
z6N*m6#o+tFXbLC3EIcvzTMGC>>V#4_70m6
zQtLglAoMudFJ)wTRXe2;wiX6G5mf5H*g&ak?S~S3d5DhBBxj1?u&aTY$3lDEqJ;PbN{>9+*N<^2encs9m
ztLnGw`t&Oq<9VDi5qjcTKMh>7Tx{nmsZ?aRfw8eNpL8G&bV*bj5*if`9H0!M>5Rya
zTa#dL=&P`ZExL$Fs@yhMYXqQ51EAl`j&J3emcOW-ROU_)vODkn?Tm4!NWr-nh*0mK
zI^c{wYvnCNI~?Fq?9KJXNztl*&Xi^%>&2^{+N7EglHc;pe+I+E*{A7WiIs!9@
zqmF!NdFQ_OPM^g9X-==So>OwNeytoCbxR-!kLzwpD7Rq$Z9ldWTX_O!r2B_8gG-LZ
zYNyZTiaM!-Y$SfUsB092E6%BkvTS|pXi3t)gL)M-M*EmLlHoye#ilzD)Wb29pMm@D
z$Hz@jY!da;T`#a&8MRfNnTaXE$lY`Uat(YQDLNAmyb!)A=QF56+MNq!pHfM0Vm5~_
zbXvFCViwL;(LrvdtU4>8SISQtp*fTqDo%r&PA+^$g1OUOW{@NQOoJOs7aYey9K|9$
z2J&*}B8}~u&-*yY(5QI$c)QS0T(a4AGUZ?Q-4pKn;PrM*HQjQk#BF|^
zSXI5Rdk_2KW~^X&J{A>zlHx4u4OAgo@$7X)dGLC-k%}qV46j**zKEpmltWBYDJh&D
z&hWnHmnTm#*pUy^*}cz^rkUawbng79mX?qd7jYh!JTRBqOg)uaNOr6HSzWG=%_fGi
zfU?Ezu92dUWkK#>B=mK=sBR~Nd5r~KX9hU`|GMCC9Agz8PlXboe#TB>DjlS{W4^5L
zb;z*czP|fVg-FUPb1vwpV;&aE$$5$4eD=7Ob<&D)Z0R4!0&~$SGx!1bQ8mJ)ihg&2
zR~)?b^kG{ZEOB)gT3Q-5;;C;p0pyrd0jigInl%w}s9)47F@dTaUAGsisMyJ-)VHijB5
zDff=4$b0UA)?qotNog&|+90&!IbiEJnmFPx9NZMR@xRu*_6RoCQA-sj5J^zi09KlK
z6c3Fv`$xx|*{JNvtoJ{;@`)9m`f2KftFdJ+ckPG_Y1xiN)ro*bSz8beKxgHc--#G4
zO|$W?nkNX!hBMGM`e>Z?1T%F))YWw2C?qB~3N4R>*e9biAdH>R@2@uI@UdXObc&pe
zN(0{{7a=S7-sJa^2fsyr^kWur9Y~+o$QcjWP(a=mEW6THkf_`tKX$Zwtxm6lxo!Th
z#s8HhPf8*-uSX38)e!qrtFC4m4!r`G?2HI#F4@utioWRR%@CKE6HNGh7p@rkDYooY
zntl6OEr$2Jb-z>dVZ>XP{}i5CeKVLwvGZrJ(&%cX?ly5AqRA>~&!t3y&mL4%t4I+)
zsf1kS-IGUh1r2do*MXk&nZhyluAU}4J0((JNkgheRYc43-9)qpm<2c1yka(yqKR?Isaob@8
zWBMyl!7r&a;KKO{@M}Wv<0_mrpSwIqy;aM*Z2RkC4pncrVsHd6^)WHs-Xp9z
zNDhNICKu07Y<(gF_5dkJ>O9HBwJim`Zt7zuJ43x2hG@Ma9HVsNh;3))tXf}~N7!iW
ze2F?`BoO7DD~=X=LQyTl!R=n_PR2>oNqc-JTpD#Z2S1)&|4PmJKU*OKp0xjLq#Sa!
z?)t*6kcW(9Pz_Mw_s|P3m4I_>R6=B-J#8@oHz%j@Y8sTia;%ros9@hnSeyoqPeOGpH(jK0I`rWWC+?+`tiHWoeZL2Khqfw
z;!Qur3k)9m4K1;p$K0?K|FbsqS{N*7m`|+^+0Aq+@Q!xzY$K0w<^@_cFK+e>>RfCK
zfXtBN%Ad>Mr|-f`)1gfUaB4*;Xkn(R+pD%&Q$0)BshP0-+TW%Qd)n9pPsiF@0o;*)
zX$NYAF(z6?t?q6DLcK?dw60=<*Qb*EDBw8bb~Y%eR(#|%I-U*o3JsIrUE65|yFu@7=nZZl
z=3Is$uVz8vLUf@tM}Z#U5LyNE?1qcQSfyJr9pN(hj)VR8l|oa1x5FJxJPo4EUsZnjkL3$v7}c9wrN>0Z9fpFN4;X
z2@-!f8GjsJ@alDH_>R{gS!NSzc>9@qxj+y?*^CJWbBUu>^zTG**TA=t3}yH$wG?t}
zhoO!aLPkp{2z=SV^+=)!tA?XEh|2CbNxuy2XZiz8)bJY^6f~h_BP1Ur>9XNY`@u0$
z;iKLyygz&)4hxQ^_4qDc@~YLa2l47?PQS;~Sy@WehBX7+yXnePtWwuI)E`)*C_hu9
zWk+_5v(?@?{k1{!?wIp4q!iu4$>$^qU^UiwVgZLEn;O>oa+GRvJ+|^D+1hkTyJ*w
zBBy-eYCCY+FIRLi)hkj^n=D0!fHc5&o$v0R`HH~yIP7%NeBl~XYOq;oz1D?psiu2g
zF5^Bw)E?EVBv|?+o77pH4xqM>TEZahQqW|psv;XVZWgIu?+SnL7r|I<#z)4I@Gu~J
zt-S^LPD7`e^W@=7;+x}tco<(`Fy*Xw@W!3zmiV7TqY63;K*Y@d01?oe<1N>46ofvY
z8?Q__#I|(mpx&@^MbPHohOg|+xw|(dMx66|9YCod3Cz#ry;D=vs!$3OhwYB1_?&w|
ztBY?Y3-N>iy#JuNc)F(e&Z10j2(jd#@NrQI-77y!-b3lHn&?`jzZu6k$lA&zcAxCv
ze-BXt!GbiC%8=ic)PQJywu*G%t1X);p*ggtqZ>C?(6#Swqz1tqxnMcLec#JMaI>|g
zG^bFkKYpXM4!|9|EzUZkyW4E`EUR!(&Dya$riYKhaem6`7cDxZk-d3}@r`Dz!8hyP
zg#8G&AKShB$nkn1>k3rG?6A?)
zz^hl&TcaffIout^FKT%o7P}ndkge1f;Jbx-Ttl7TX{X5xm(6=+7UY7fly_ab%z)H>
zGHdjgWhhzgAKg1Osdrq=@LdFhtyDEoo>X16cj(o=iq}xU?TbAyt~JG_-!jN1Roze9
z?{DhI`d3QQxt~FbYFSs622$cD9SQ%we4s_4RO)Qs2O2)Uz6G#Ki??$duffAhjF-gr
zh342^L{2{c5*r|)h|k*0kPn>}3&zbl2!gAix*fjj#+>Wm6RatAC^`1A-lrxD5GPt1
z^Ay?D-I|^C4jEK%*CiQvrS3fPPGc}q8;TMxwF(~ogxNj{Nr)cx-Ei>NfA65LGOUJ)
z?0p5Y+yO4|CTH&Wq)k4;6{2Hi@r9N*ceBVJ5{l`8zMbgf_r+`Q@W`gdim3<%JsDMy
zR+9!8tpCA%qzhEfmXNNrjH|8{$F9ZtMcc84Yw%fw`LTakrw7DZHT+=?)fR
z)#%{Oa~zi`2CGQ<)>{1UP1B%5vdPFvbL5Jg0S8;baHFZxSzE*SxONEnUIw#IFaA%~
z5hk*a4JYJi!0)@;sd9h~IPJPPj^>zds%H;<2N6f&c7gM_r_Ntzn{ZZHy`||XMxexo
z4YtGY8Fj8fUUa5Wk2YZ^Dq!MKd+@_a?i^`M0VUY^MMx^`sTtq@y?d~cBS@9QEO_WD
z;%`oA!)+9Je!J8CyoP0!b+Le%jLAN8SL<7rlULl0!S{?X`dz#n#w-O8o76Vq0jsok
zJxpymM5v?OBX7XPh`JX_`eCz(|8x6rc-pa}nV|jv0o-ASi6f+uhu1!U-fVCx5-=~-
zabCP5ctU$nIxvUzMEGB<<}pX<
zRbCY9xn#xD>)c;$4nvO?QfX9xBD<1kC+2M484u`Ee?so9Wg}@`u;Z)vNKx-LjrV~V
z&P!^|fUUA-?o4z1Q-!c`(msBX(b~dS@4ECb601>quImTTnxZR*eybc4GR=NpqctAV
z)wrPARjE#IJG7RYd%@ehN@bp9^+DZF%Rd!Hr4i~zTSXCeB!*r)K>7X2dDqQ^dhFz7
zpSPI`(>K6f8%0UNjv#?jGB8gg_>r3Yv!T9lq&BqOCo
zof$9TomI1RdPDP@8m~)Y4JF`+Em<%c;=|n{cvi2myQ
zGef_TU1Ct~%u~6~nR~>|lO4iFlbKZ;!~vhsKN~mGtCm9aFIHR&J1w1+yn!`w`^g-Ee0Nq}=6^GNN;P2mYMR&bMr4tnP
zI6N6@;kemv=`<&RDjuSkjvQ$AGf@VzY;@I5kjWQ#nlu1xlf??ED^b^iMjKMpMT#75PcJMhV1*w&*;7BjC$Y-g`%2H-$DmOr!4cF^^X-n~uc
zDd&&X*`qe1|2TJWPghbP^0>McBJN-WsjgD_0w*78X5k7)RHE=Pr}K!K;Fhk0E50aE
zjeu7Ec@UX8fQsk1K$lS&|%%$BGAKuFyb^*CPIZnpvq%3QgEP!0S}
zQMcq;n(;;RXK8yV%~KKxgUnn<8#-MTjl~(_jf~RBfkS3j>*M2>+_mgvz=RJ|i)p0;
z{##%xa8|?}Pf`%#D31%3)NMstTfU1d&$?dQ)0O_ypwz10&2)3d2_ZP(8<$F6d4Mmf
z5kevT!M|ntUD}(!uel0F}7tkhqQXI`^q*bx~TzR5x!{E`tQm%k$g(0vIY6NB8
zPrIHJ_bl3+-v^|e+wC`f=6+p5kp9Q_Hl^0RravK_3bs3(+ANZ{pM0+mOiLE1RKR5<
zBsu>U?E1YJs$=w+l8}8{1W6tKj@#i7$=wbKp4@@m$bcT>HV>9sd)PqB!bt@
z>t0zI%}Z}MQBTy!6m!BJR&vTOXjzAAYypTR7~U7vwEM4gSm_W4bG6}4@TB~14T2p#
zc*vTalRF^dEtp`-F4z0aiM@d_Wwke#r@(m{otT-};AcpWLHfXhkui^Dm%15w&#V2G
z8U!Yhj>pYM=6y?bN(R+yJTRHn-dHf-I^5}1ea`O839U0i)#`=#$G~nJa2l3uhq6TI
zAF>L3#Z4rJHkM;{g1`y5vF2zoR2>N4#%E{}rt5dSC*7Fd0qaF8A=CpkMa`Db9svs^-NM#W6wI^za
z3Ox7)0U}dY$+*(vQD^MG@~JZpYl^A6iVp!PhSRAs{Dkn4ah;HAEFTA>6tr0REt=aEc42GC*IY^UOz}3gg
z!R^IE`|k)rLfQ;rLFQ3x81lPS$knwN@>Xbv36Rkfx>^-qx4IX~*}c&`WX~IDEL^Ef
zx*EDcylE#ZCM}_Uwo~oijNxQ1q59EqC)(6
zUG0S1WtKfA1C<9?63Wo26qRzBMOSV6=HR5ELB1pl3Ad!um6gh2?Ty)+;+|12_HSp5;A?FpO3uWrb
zYma>60T?8b<#FgGxh|V`xcAahhlw#{(?ZLuTmcP#`^Xm
zm_qeaWAGo@`RAQV_wh=ZJ}30
z%1wz>#r`bI%IvEiUYC9S<5AKNI!IJlTu)v%
zSUo>k6u;WQXePhS;?KsxZE@^B5Ug(w61(#mQ3zPsBn`K4X7*K8*9?s55O(KaUgVCS
z)u9|~KWx(RyoQR8W-if6yNHiLQyDVc6Kp3T)-bbOsYIXv^#j_+c{xXRNC4562QRaP
zN6*eIQp=(Y^;oGHq-Z#N>Tcsy1bC5ACEgO-i~CyaFIsXf7u<^9ZavaL)y>8L-mNm@
z$rHs^EOwga;^OjYTdxap{WSf{s}Ae;h9X4Q+gGiCOyaV!z1ertN$1m}JDp|P8uGVC
zeC-G7fb}(sDY|FG>)yh4XY2~ue}nxI_-dY#r3aCS91Rtdo(F{&oiB?&5q++Pb7R_$
zx=Da-X1y(DWq+=T
zc@iF|YKvd8bb8sh=+trlQ8Q1lg!_s)!LHX#D~8WXI(q2gd~{s4T^4bbTY(E`G$-AK
z!OL{lR}=F3YL>VnYEAB4&Ye5XB*F79Y66l7#6kwJn-!CgfdVmZw&>nnxf2Q$gb*tM
zxVHM0*pgw%QSE5O!V+Z@cBiF3dn#O1g_w^p;c1H~m%so@Xm1-Lz|%}Ox4aC++Bc+-
z?Fb2U7B0JX^|Y1-fKUopCV8^@vN9FdixM&jMQj$|)X|x1S@Z0Y6G4Q{J&;IrIAT9!
z2~TnDrabg!cNk3Tp@x4u&B^>}-`HhbKTFF;!77A~K0Cx_SZ(+=eHHR@E{TD4jiW^r-D42h9Uy}Sfow!(dVca07pa0AINVwfu?L>V44rP@)CM>=%GZd&^zCl4
z^!OnPhd=K_n@(s!s2lHkTW^r500prgAAAMMrSZ!)f8wn8A2<5Vy}6!*3_W21bwV<^
zbY#E~nfP7s_WBVaYL@arN$=*CqwUw+hD;`7U5G^N!-5w%gd5~7=;ynn9N&LDygl`9
zYi7~NNo{q;Wy!ciY(6^m4))gIfCr0SB*w1yl*&U~a$DF{!GCYYECxz;7Hu~KHNqK!
zbK`xxQ2Tm|kAwe1(xOS|^w(^EiVW(=Gt^P{-365yZp;2`&MR(tdlkbGxHuho8bzkr
z1c>frq@rcoIqvahg!*&tvgxHLb*&0I?xeG<=TM6iZLvdrOi`^AY^I_5t{VS>*Hex<
z9&6^J(p57qh;{fPypa>vZ4a08_epUWyiV?2@|HjG_Mlv8fFh0pYW^iz8e-DX)PYUJz!_6Lr`57GU{G)3
z5PB`tmr1m=buDh$b2Fyu;74}OT9Uqzpq)08!u?89ao6PvvcB?3m!f)`}I4d>I1bpi-~K
zyP;tfdGyzu;vI^AJL{@!-pSy1x`Rg(wi`{b5LFpDa0hnk`!p5`)Q)9FNObm#U^syq
zp+Zh70kmSwkrUENe^4@gv;N*7Rj`xUnGW;99FuVho?(R+fj_@x?@^16HmC<;H>y3Y
znwL*jw)o65VjSz@PKsw1o6Zq`HPE-h#Lf2!uTwMp9y1U1vB&^9Bm&p7UB}AfT1E=)
zX+5lQby-5}7Uq~SyaEM{X>3#K$KNmSO-)~}{H;x^)|%Bf$>Ay#`k!3E?+v&q?v9Wh
zXb>Kt1?`dXpXRsWRZq-q>L@w)c69D>QsEGV$R7|p^CA5{ht5R25(iHu&leBW6w)sE
z;x2B~*T>0eQ(-H7K3kRE+c1V@5`y(liZ9EaiYY4Y#4mMX$Oy7vHF0nDu37k)7!B87
zC}q-Rb2Vc}b`I{xpDSsR*+^hO5fGoEd#OS*D};^%IE7t6jz`oFp4J(|gk(YQt!QLy
zs;Iw0yRXzLQ*HTmW(T$Scy7&|6T$ueHf31UTUgY2bCPiA?6O{=
zhX`J)@#uQmDR{V9i;JDBpjt~$O^331%bicVF<60`5_DPz(JN5H3~-I8B6d;fNIDrX
z4woaLcK$ReQ6-0>OaWD=+*I6II~@cKz}wQ8BmqIgQq3zAdYya8h@|JPA^XnD`4ds!
zL;+;}r@BObc@0Q@6AzGeq5&=>`X24dI{k`+Lmih$9o2n;h>a7<=#0?3@XNsVUKYkl
z6DEx08~y!{kfM)L|0sn6MALU`l3m?Vy;xLx?(XkvflvSHxYsrwfeXuw`LK(CM7mti
zQcD#Tl$g5zs^;vD8b)cu`O=+cidY+U5GTfQ(3JJk_UHF4(4Q^^4#Tf?dOOqIsE?+Ea~IUqydKm0t$Gi?^kEf;3v}^dQ4a
z^$)_$5=yC#!ruEqrUaFSz|mOFN2piZ;2hh?UkgGb&LMJw5kYDlJM4iAz#&>%`{jD-
zF>S4mgldcEdLVD{Z7&RfTt{%G>$voSd?0l
zT|A-;sMG?j42NEm9ymDzrqeD}xoOab0#J5#Q|Hsxz|aZnUE+l3fXgl#|
zHR(Q8a4{tka}YEt+}JdLfAa66R}6vRl7p6QMk;`3$Q0l&_tm=?mz
zZ7-Elv8ClnyRbCiRne(vP&VJ^(nkBk{sj<6UB7v79IE{66)qcbTnrw3@`<|`$w(@*
zUyY7}=DO4J6>(G{&G(cPD{T|3e6uk>m1hb*5(cbp@`!j0Ir@AOS^v$J7v8c@+K6^p
z3|;}B^er4RrmDPwCfuPG`G-@sXF)VTX-X#H$VUG4$3Czfg$o235q6G~y|3(hvE`xo
zb2p9JpE#Gg7gvsJME}Tmmo7f6MNFgZYbyalsRT$IhJS1N`d8p*b7aKVkk@
zHi8i=Be3-~9!HH&seL%hm_lMGTDgyGn-eEtQ}JiV{EbUwn+ATjcwA3%vUAF~-#g{L
z!&DkO>`%Pwf0yOITMEr(z_OFkoD)0CB!y+N93?2T0nJ(X5gmiZ+=;2wohw?{_Cv^T
z^i@QNs1A+O&wNPSR>Nt42?OxlIe+4)>5}ZVdCIjrXF4(D1=cG_jv7%ZcU)w$eO>87
zpi!+FLZ1P9H&B3E=qrX=yG~|PC0%`US7ByWkD!;zl37m+@J$D3UgpcfQ#k)ws0I^Q
z`se49JH50DMAd=LW<&yx(BxWyC{CKQ>ny|BK1OG5YyNLG&f9iI2O=AH^$^Hm*Ra*!FG8(pJkM5)})=TP|(O;?CI+TQmX15wQ{f
zPq5j^4}5WLy2u@-q5}IO<;~Q#g>rzrKJVO(EuZJ&K4DW~><>!KzSQa6{4`^VJMM?A
zIjp94uAJ{Ep&*-FPf1AcV-4mjOB#!t?Z})RcV{xwEEKHK$-uBa
zbV53rvT!9j&_YS8X}&Y-RnX()U+*(P99`UWE8;2VlNz>ys}T$sn*ct57HNl>UAs*cG8yS(XSH*Qt35k9CMYD?6exGIxU2HV
zjTKqnz&IHKduRXB_1Mc*AzE1dmoE8Zx85v8Iy{@<8W)FacnVce@
zpaPXiErzL!7kP?_CC|sNaDL1;D9EpPSV9wf@bd59tGA@u0(3*14U#{9c`-K9`O2pv
z;nEjr)@J^vaEXV!>mZydvKm2f$%vZt;MguAdT_{NxNYK*856hC6SKDhNDNEq>3Oe2-kAD-K{&ff7%}TaD?f`ZjWUGI|jy7Z7Y`lfkFlSy~
zk`48?l`FBXutx588kO*!jC@!)D)*j4@ANO7W!bk&8eaGvHszR@)uRpA(4L__(+U=yN^E~*
z>D4Cm4{}mcex9jJU~W6LesD&N_Fu8pPZ3~d$_rAOzz9W)fp0ivGVC>vCQKwqRj03+
z6!iCL_7URiU%0CzhquV{ok0=b@MDchw7hJrk>GI~fN3YEI=~acSvoOy
zv5a;Tuasz+Ztbh^B8XZetfVWU1UDJ*)YSNj?G
z8+wP`8&iRA5Yfu^$JTjn4wlLJLQ_&iegZ+tp#cn?#4-9?;++^^x;U4;s7>5CwG6)G
z$U~&unOM3bgZQYt12-QkDF(NUH9tPu9W&7J)c-dirgH=Mde#wsBv$j$zpPOiX`d>?
zb`I66<`@;;&NaW?!61~iTGup0ek{11S;DW%cPK@a!;Gjbpn-k%5|dy>
z2!+>~n2Q>hu$}N6GfSZJt)mtYRi9WVRvp~y`j{ohCd0J6?=62
zK43Y5kwf)-t2uM$3YdS^{{!_3Fk`7%i6)u#g$BM`~)fC2GhasXAN
z7tb+&-_N$bD?{=7bPaTCU&xACSLGIuSTZ5ETuf25aEyQHLASkz6rahXp7rpBpicT|PX-RY7o-wCb+~T9@
zzl-;!iENHw-~~STGdX#AnF@@RavHKh9;Ew@Zdc67a1?ov>#8AYBbOTzC+@|F=$fRs;7XlER0z8y{-@;q(6f
z81_%vC~@INki(hsE?#lZp2{@cGwx>z;L_U_`w)7iVm^}Yh14l@s%mgg?eF}H3$S7{
z7<7V6kLnaZi4^rd&z)rO??{lxwsZNU#9c=}6VZ~qoCPg7{-}Z@1@-Dpgw8{0^b6fd
zL52w3a#@`9!9!FX$3AurXZ}G**6hP~1{^i}?fa@cZng!0H>namxtoSu;f4*Du`LBU
zIEmj;$UpShyjYmSaI>$|sYOwY>{pCQoOljZAoLa7X$0b;E+s`7sx|G
ztbJ+c$`3==jR9y??e87s#LQ~a`d_-F3hY$?k}x6Hr&%+LR9H=_-~feQQ8pPsPQ}9x
zxGxuQ;aQWytxh6tq5`gN1rzT{r6%!R!oCInVR9)Q5|O^EP4){1$@D^74v>kK3Kx@|
z%|-?-LJl_lR7KSZ>@(y7`oC|QKk+XmBi^_C`j7FJlWA7k9(9{Cz|V@MDcj|tRzdCF
zx4(rEDVduN!+IRfQFbsuU6jX}pvY>9aPzU9*X58yKp=h@)!6%NBeJ`P(9!EpJAfH^
z5nU*H_MJ;fYI3wBse}p<;p~3+@Gae26fW5p@NLy>d92SoW>`vZOf7W1Ft`swh()JR
zwN_1YGH$IQ;xpKp3MPaOVtcMKydcFUWyB1I75RG$;{Z6({uNoCc~*^y_fo~T0T7soR#dX_gmNsE%k|zK^2vf`F<#v=C-nm@$=imv_GbAUrG8KP3`fmQ4<{Q^1=!aXEE9IYfYz&C?w^nU9
zoH1YgS}QglPVRhqVY&K;dG*bf@<&TKb>hmY9_zP|5zCrYWH{YC@qYNBhI|`ysXifV
zhrtAFXTru-C!$t}?QmDnfAs!iPh(-$?^Vm
z1%{41!|L?hd+r43qG!j{u7AT@b(JrK-8uhjt((Hh?n%|o2Vtb1}JkN3RzQ@Pca6hpDOQ`H-hIoN6Pv}5%-@viN5Fs;avy)Jv~
z@&ITl5hIw^RfXw(*He2KY@Jme*P=UZlYiWi#Vd<4ap4&^2(ts~OEtfkBv&75K5~V@H$JI?Ud8rJM3yzelEIOiePx%1nFg0+5Btc0b-og^$DR;M0(F51}6p{xrrtykxYBq&A5JC>6
zXDciO4rjP&s~8XBa&+D=%Lt7I`p$rDTBtL(?lY?FL<9t&6Ch`|4cb{+LQ_706I&OR
z7Rx0f_@Z4xBM>b=W^bp`wvB~Xxsw9hPIgyqCR&bfe10!VOjW<$qe|f=6WbOpZ8P^s
z7r*UT6qMg%f9X#TgTPOtp~Ca-Np(L{SAJX9{~~Sy#fiI};nMFfY+DZ1mxq$&`RD7U
zK%{SR^t$^^C;sXdA#2XnBIrgIT2>k?EiT^|j^<{r5_cHT(>W(PQGY#+_oyf>Lx#hg
zBhRyZ&!qd^?Tar9OKAGCpY^Xk+Anr^GGE5jaPf5F+8B39>z($K+%Bn1QNWbX=)Cr`
z?B3-srl|~K=B;u3ITYWrYnxkv#+2@H3z3$%A0byz%Mz(6n0PvRpw}6hA9R^Q(z>jp
zva2U9SdC!%TRwDHA+X=<(ChY0CGTG<6@(
z5HbsUeZJ-_cYwsLB#SRb)oVd+5^0H|ML$+A{QL;QHXe&F`)8Hjz+f8^0Fk0qp6}RG
zBo7GM5fr(KOieMEwFSTn$B+p<(0w=yURVK1Xq=aWVj*&xJ=stLh$T@Kd!JtE^CIahO%b({%KV+=3aB!
z9&m7+MQ<6T*Kg0H>x&zXT&~@Yy)I*3IK{;ztiX9zxYP4;7v)CIK9`^3YD!LZa@`x8
z2{Gn~1}1iFq9`%$FB!~Wd&iCBrC&oFpPb}{Yk$%o@Xj2WH$uyuoTm2tLa~!vQf`D%sBb%H5<<9`
zqF&$08R+N|q)w2Tb+eKZ&IPM^XlA-VET35zbXvP(YEbL*F68rJ(70q`lHL3k-!uwc
zk;0&8$*y#2nlr?ti)#@wp!0G
zf0Xis97GYBS)@LnLeS}jNpD_@jiKY^sSN5pJ+3q2H293ce%gpzTsaleme9K5akmXCcN6AwY@wPWl#uJ8U)91f|
zK7-38z58x2uj^b@-Nu=|?6>7nLg3sG=g&=adu~n+jt4`m3J%VQ0=G
zUhI>1cl}tP6F}04Q1p|4<#T3H!<&k~w$+DuS65z|vXuS!WXpMN*ZALqJY{^zgWCGTiwA*RfzGrw2YPo}>a
z$75pQ%bF7I*LQ&$U6xPE$JghoyjCKqyJj}a4(vDU&iYkJS1=CYY5Zf(WoppFdzqf)
z1boobdCZ_<(e`_d6UlleT#ZVS>4$)1n#S4aB`!Ffqn~og%ca5onI7|U2+r%JluZlm
zkpaFKK4Y8+ZBEeiDRU>;JtbaMVRc%3x5b55_4tAPGuEzj6pQ=o@4xmG*6T#_Az?TPb9pAY^B
z<9z&Q@@4M+e7chOvujK>XfRyjihmv>#@dBg<@GG0YkTRe~_C&>IiyFh<2aDlgb
z2K7yAJ=9}%dNR8htsGeE+_x5?j}(70c;z6xIcuffLbt`C%;%~lb3Ae66QGVC(TvLug)zBIcpFHiz3FNr_(2Z0^SiYvU*9o()97-df66H95
z(y`q1UOP9@32(zg7=TjCfYAFfak56#zEB^j8>7=fPUTlJi
zKQZC57r)K&iQM-aOL_X*pfzz?ppquSeY;xwYqCr7#MXk3nSfwtjn2|n0*K)zluX>1
zHuZXdw+Rh>_S0K9`96VleQn9{^rt#j4kX$6y|JmQ8+eIxUnA&sBwo}G$@%C{L=nE*=OmClj
zMy+rV^`(hZ08v)!uSxm}9Q1Bd=PQka-*b-7#l9*qHR+3w&KjRZoqrW$}=H
zDmM0WSByi;+XW7by6PyZXVCH~-O}kZ
z&>newuq3K;vaPpH@_tuF7w63B_M1l(L`)xnzT;A&Dckysp5L*3jx#dViABLi;G-k!
zZ?>IJ9J8)Ft=BR2A^S(Uf*VnL+1lpDkV1L)&&BTAPFqVcn!w?-&G;8G>u=J-pGS5)
z*GirP%)k8?5^b34)%$skbWeTlrL+c-pXuZR>F+gCPL_9-{}>W6b0$_Z^@m)uakKAl
zP(~7P!Skbqqn;}aw=%nb3KDV3t%-v*HyTU=h#QV4S&>XVDvriN+ihCV!#xaTjM?sY
zpN)Qr^xg4{#TR@WGRrdX_U&(b-j4ikZv&_8
zevdFc46$s5TojS}uX}Es4dv2p^-Ubwt&Ri}zK)BqnRQRG@_H0x|q)r+z
zU`)k-r_E1-K;6E|Bhi=0EsK?JaFhydtjI~_Tc+ez6&)bxZBdrG{n;T3(gmT6E
zbLZ#tuX_-#x|oC-FJ=Equ@Dp)mAdx~B5_@TB9>
zj=s9(BYDdu;fZ3}ZjJhUtj7>n=<6#C@W)1}JqiI06an-}xb*+*7;!%SihOUebo-o~
z?#^FRQ8H$jZ2#!3TJh;lwyo>Q7_oqZ=lZnp0g_;w8T;
zyvi8|)%e2`>F_!7GG?VRGqqn6ivqxu#xE^oI*VIqg-)KjyY^aid%aiun?TA^1wz)I
zD9_jZI#u&Dk?{2DmdpBFlDn%mB;mF33BjFt)oNW6%_Vv`y*d2~7ve7W{=1b~M!Q|F
zPL%uQyDEAP9`>(nJd89fH^(m^d?ld>eA+?rtHb%SyyquIZ2B}byg`YJ2+B0mE7Nh-~DW?{MW=5z?bWAOplO>l-5UWG|5#|G=5UrBLH<>cIAPc4Jna?UiOLCzZE3
zDKfQmjPK+Y6YN;I$rmj7C``kk8B-&~R^SXuA?`UXE&X6>^%g9R>Xkt2k1k5e(;jR3
zy5Le$WL{=DT{)fZF<6M(+$J^?2f}Yfy|XsbFed*Cd(u7hekogf>oFz^o70253c{k`
zVMJdNxn|3ihfleQxf%BNY1o+GP4SYqX|UeVA5P{$P_S`K2
zw>ID=tWT>gL6EGiICBO6`n%;kh;O&X3Z9pQL_YP;HMy?IbZ1vjS4d2})}|QSXUc}X
z)qrrekUI-}c)e{(t=tw7F1ctiO$R1%OR+JK^liEI@I}gKxBsqs-DzF1$|~IE>(0iO
z;1nTUzRa6K^@^$9Yn1KGS|>~v@BaMR9w%a|9rf
zppQfB@umCx%>_p8{%BjF`azArh!KXE3s5X$VLO$LZ+9I&x{F`=@hK3#Xt2gyE7bye
zfEN3f!b%63bV%mS*TNN&URA=Bq1rgkyT{P;^Fl8NO$X$t1_pQjx^*XT;q$Csyq0DWXm*PE?Lp6eFOEz8#D~qD
z?2dhp@Qf~DZZ;|AB7hPA6EJJy!
z^xW8Qg-VOxmdhe#JkP+ZeZs9`6=Ty*@vS%{%*T=V)k7=jA{2go$$j7VmSugapiJ
z`l2*^QRc}c0a$ur)=%7|G_0f;(gTFLgZI$qG(u(5Y
zsC8P7ug#(Tu;J~mRGKq1Kx2DlPUc#+@Z-t_c~olF
zz3OW}2ywJZ=rc^|GNs?~j4o(RgO-r&u`k)xEs>n{y5-K%xXr~hiM7S?0**?aNDR9c
zQRB>bf&0(+yn}}=?&${NxNRcl3M8WY)`czW->uwNA5pj-JnNtyMnmCPto7EQ{K^W5
zM|y3A#FY$bR8Y|I9UXo9d?4?P^3(jPyUW?wqVIVAn(@T&j2t0W_q==fW+!Xih>Vjy
zuKP@A@CDJl53yUs#P`clrL|
z%;0ak_S)-HUvK$|ykSzPayurvej(~j%BkFgW@mEkK3SUUkZ~x&q5MJ)#rv=a8Jr%?
zDXJ&9w$LYmaHMiCB;!y6Nxqh(E%mlPT;OMmb>JxYO(Lp2rAg}-)Ok2Oe}#QpFQ-A<
ziuA?jd`}kmqn7(-QS#U%1*xfvqWt2p0#jqgFUq5l%6R!zF2Bq02Q8hEOjHazCim=a
zdx=o~wZ>!1e3&a55`-SDt|$Bl2&3n`2LrElC6D_}(vn?%Dl5goq({pg6za*H+4cO+
zOJ9*sA8p=XDbgt0?XG?vo@FK8Fp0UfqiiXuuu|030T6T?)TT;-LPFX
zQ6DZ}?q7MTBPW%yR2$2#{Pk!^zk=7|Az{k~wQQF>mmF^5l1iU;OUL$Nm)@Ho=Jso{
zo*?rt+W2Mj-BWRm$kUO1veEuTg?iC%A8JhTuD3iR-mEc%az^Zr35x+EQ*<#nHW(dt
z{o}M??o{u28tu@QTSd6p+_bar_L~0sJQ7iENP+fuD|Iot@ke^`Ve=2UTPCXVadobpSJ!%OSXCtN
zxfr@hM)^CG9<8Twa@^9mGkF$gdt8@4O$uMEyLV7cC(-7+o9EVuU8YX##R_@J0OGIi
z)+;^njSrW#8t-lWq3IkO>l#caI-Bl$_K{HcJ2s9s)6m}Z{wqE%H;q{2zMhUAPZZUc
z`doa0ChTUcI^O>$w(}rq-Icf5U)+h&#A=f`_isKQ)6HaS>!GNF|I>in*8R@&>aTLA
zbagZ}j&&aS-bGgbRa{hO@Y#I@t=?PQGM(QWm_9Vvwl_6*`x7^-%dWnzyF=CWvs$}1
zveI1HG)#+*5V-8zoM>gecevP+|3leZ096%rVZ(~3gwi1(ap98Eh)8#rfONM=NOvjS
zaOqY+kQR`XQfZJ*Nok}*I{tl7-}n9gnScKIX3j7dIQN`=)?RzXv!1ojRE?kDo;qSl
zz+6XgxL8@{w_IkEr*K-hxCtXN%K){e=ZCp33wg&C&%LI64xSUxeu(CyG+?f~_mCx-
zHYv=l744E<`|99CRxZ5>?c1$o3L}4%J9au2=ljb{M(0Z7R@UX_r?+UUda7Ml{!R4-
zG}Twc`~J{Wi-4&P!uz4no)c|F8+}g{$wmm8>N}Fl*w9qRK~v4d7`24`cdD_+-UNa7
z>6zokMo8wowYoCm&Gxn8qZT(g8%xEOZYBe(bJCB}IEl(Y!K^!tnRCYL*f-UMj4sgj
zQ#4~;W64yFN>w%D-26w`aLrrc-{q^bwY63aSof*GqV{0JC`w1&eweJfg7W2gaISDr
zwB`OvZ>az7{9NaLVvXnKlU}_#n&jntk#gU+G%KMi$e$V4R2F(KBx~IFZ73>)r_b>M
z7N4OyAopT_EsADVp}iu-{(2Qi;<80jH()d2CG}NrWB0g+z#k2tVaIL&yQbUME@dkj
zODbD3f-*Uk!3}3aOF;a0$x{(2g47UR@_nBH)1&UBj<7IZ?0ugm9^pdN&bAZEj6q9T
zz9!QFWO0kpgZ@#p&d5_Dlb-KdFwLTEu9pm_ktqy?#Wi<{26O$7ZQuMrVStBa@+Nx~
z$Zl2HS)V?pkLDC5ZVAOEt={JU8c@gu7j$WDP{l=v--G3#v*}s~W2y&ZYJw^d>h%#|
zG6VTU99vuvUQFjie{sBr*7*fFWir|q9jpJ*joRjzBudn1-yoc~(HrjqR?4Q|_|6*yWFrVe!fZ~!>|5o
z)7p+K@=LmUqx`C}CG{%$rB=
z@>QX9X5F%%-=Hq8BM}ZT!8SQ-%%;L6
zb1TbLujy2k)y`Hu>}X;5MJ74BnHRRtWFwL~9&Wgkr6UKCER?#j^YHw^{()w@QF5HaCUF;k|66uBk
z(&+s97x2nfY(c+p)JaNs*aLJm8<9=52Gu?mo=%UIp72fwb*W|WRiih@(c*;}-(Uj6
zZ=E#2?x=!ZuaPyq@V_OWaTh!J^ius%OL9mp^Ah+_Asxg8I{1@NXl0ikzK-0s2A^w#
z1I5)^?=WS632Zr?x>kt6ta)#SrtfF9)k7(c%C&KBh(
zlJ~}TH0n4}@?lm*_r*>E0zagv{31L8L=G0kLF
zLK16}7`Ys#vy1PPIK2B{y>e-6cQv5W8ZYwIYWgEF@d#ZI@~%<$vRqOn-sBP4m)=|L
zJsO2sOe{hZ9MEZswMLTnfMiAR1rBw7nKRQYsgGR4suI{lfJ1rb~iE{0~HNNz}`9ZbJKez7Hw8Mk=
zRL7Xz-c$~BursdJu_jlGPXau_K)YA{lw;`W&rGgY1LnsjJ$iM$8`JnMvgcEDDn&Qy
z9Za62TE0e;|G3>jKan=GNs{fevYgV}Dg9^RZ7Bk;ayFJk3%`l8g9YZCKd0ZBhbF*;
z_qE9b9NSw+?zbtpp0Y1^QYDHG2lbRur&o~r;99P0QQmjyp>-9B+J7wx$cuSkwrwPBo}@!ENiDd;1drol!5cZdB98@qY;j~_rCj|EoD
zW6*>V@&+ivK(3-#jp#P=fa4L?7AM^-3@tSb89zfPrD`?<|F@RtxB$;mu_G^3smMnG+%_<_A|)dDieTCHw+
z*N*QV7)IpJt`C3B`kV};Gs=}ok08M$!GM_`6U7AQxWBMtMy=tx*?<)7F*LUZZmW|F
zZmV8G=5XYQe0y58!0pN7)RXe6@
ziTlQY-)3$@L%2RbPI?O(!W<2Be`%QC+5oeZ3g9w%vo|s_|4*3$I|ALn
z>nS@LbWeXse_(n@i89b1yE(IFrF3{)q}g7qH1Wc8a~%(-qX(p#BO%M?JeBeenx5to
zFz88qTE7^fk2u!|kp0Jmpwt*&6)e`x94KH5_BqNij0<=0AQWQWMheVU;XBMBX|6!{
zE+V(F}~>#B(+h`|1Abm%W1Hpsz_w+P`);xy^bIk4OpBkw^RUu*N_9P*-}@@xLzy&yJkh+0OJ+?wwM3MVNVw=+Y_TO<@oZqKqe_9lMBCtAbz
zEgF9#3tgH*157RkLC=&w@ZBlzC0&7;lOJ?bJ^y+O~Pt+gJJZ;TMK4dZpeA|s-T;RKvS6j>9SaGU##ywWM}Ft
z4bA>D@fjdjEH@uc&I9WNT>pO#NhtDv@ikl#y2KYSbdYB`$6AAxs@Jhe;_}w|TUE*}
zx240cQ=ATu`&PtOD1gFn|7vE01SW(I2B1Y}hk^POvfsU$gl6K
zFz!XmIT<4G$6_sqyxwmg1-_XG*BxwzyMJFdRBN^h-w;$j^em6-{P?rkee#LA=Ed<(
zW4^j8l)g*>$wj)DU2Xr_Xz(7Z7DX&_!>@sM9T~a8+f(&^lUz0nCl!RQN6Sp!=vO3^
z;*sIUs0+eryn1h3G5UV4kCi@k*?UMP=>8@zDr4^38RoHm&lOB9O(QsyRe;^>yFaU;
z$a76GCcYw^yJM9NFJD(Ee%16
zaLaCjN5LPIC^hk;!u~rG6gj{;VXUFq`aoCs2wlz@X$@uwv`%fc{C3yRwh@wY3SPxc
zv3g`XyQ^NW<7MWOnoh*`uoyN=iAkK}SHIga$;+%}*o(9q$q4&&pGRmG>!}V~Xc2a*
z(17;Y!M(UL73%$fr&AwPsdU{MTn~}LRv5pusgm4hFR%R>KZ%ZSsU{SI5XYi^iTC{s
zWuQ(k;Pm)($#O0wIEK>bq{@=VU=DS|WSxFN
zH2)T_trt*m-KIdkn~)+t0N-2|{~H1f))MyW2&vA#EWhD~zS24@u7X5fs#!qLoA#6{
zRlQnM*Ku>K^%VJ1yVm?n?_hljQ;|$skoy(0?F55qzqtmvPJ<&prQi^3@ke@|^NX(a
z$+1@&k3HDVgHBTMedFJRY<<7gjv-Vw*!p7vUi?vaMxlcTw%Tfq;x+0Eor0?Pc_
zEkaGx;4O<~9Bo2UgTn2_B-KhhuPk(T!($bvcp_1-sWd8|zzKn|7GYQ4l85ZYGV}x&
zAUUM|gXD}Ab8=jV*4Gx}U##1;i>&r)CW6|sDrK4u-0`18>4JAOo(^KJ
zaU$>Mu|(f~z-IAOMvac>_&7^5jP>Ig1wg(Q$?6?%7=8<=w=m2fw9@!#Uy?<8bZzEFc|7QD())>6Zt_#l}SEk2$^m=?rBkB~OV!
z1IYn7|9zjR^N|-~OuxC*k0=3>!t7W+C;z)`^K4bXHJL3?Cnq{8Z6oUrv#|
z{lqH@g*Hlr@7hpKbHKE0Nb-MeqX;PDEn>0U#J%B9F|#2>_eu#a|w*aiEzn
zz8%Lu9*@Wl#yc5ffoJl$qh(qNgp%Cu!4&#JdAmr4(!k^fP2|0gFNOg4SCE793UBwvR@e>b051(|*2X<77
zLJTquO6OB)$W~A+P2>5uRCO(YC%{`-afsZpRRY?-sZs-q1>Z`~p0yg#Rx=A#gx3MWI`K$1aAq5A4$c)u35&N?yNn=pb
zzzHujj}ZH{*u+cBwD2EI@y7z10z=LK7!(KT@n>4Ep1({#E3h0MCnEd+s!}(_
ztCzwxIVh#e;m4cRv$ltenrVVwGaDy)Ea`!KxA%~HPgX_*S0}0ny)Tbc&7;T!+D5|E
zP1%qa;%KJhsl>uj2B>-E##vKbd57R2)#h00z0RDPp<=ET
z!pf3}D&USuWYK%)x-}meM6t0{KXcW8SyBR!fbzT7UuWF>e}=9hU~W@)+@_4sI!|RU
z7Y9_1P4;7$@YuJuhCbu*E;M>x;+$|0Je!hpd`>X^8UQf2B#hfyl0%0^{9g=plBipY
ztq=^B(r|dqq(z^fW{&M#QkBln2()^!+HTwsyV7^8kaXKWy-%!a6CSq0+_j7v<8~;s
zrv8zLRuczt`-(_5k4paZalx6-+3Ee_UzKf*>1TNB)!X$t>|6>t(M7)l?a3gS`SU?5
zQ~#Ek5Yi}!$E=vROa2pLQ{4P(zQX6pkP)u&EfR)?aA3gZ01T*Q)@w3MEY0Y4&7&TRMm)olH@Op8U`qSmjt
z)ru4%{yU*;bZ~94Zd7QvbC021NuE9l1$7nZm?jrH^R*5Cvz|Uf(os*lNALz&ta@R+
zdJ868KQ6WFVdRgBtL5^fml59Nadp$2Sx{A;yDWb{y!mOr(<;pDr
zAhT4$Q{yQ33~}$D<7N8n{^BI#^A06s(TBJ=!T3}>^Pu>a)lff)g#6$cZIbZ3^q)RWoXER&Fq+RoJj3GxlQHyi#hv|BMgOf|^N;TP
z5QkMkGvY&X{s=&bky>5^G^B`^38H>4O*uKr#KFsek6@wCEnyRdA6+oy$VasIG!kDg
zlo@@)=rr!myDtem>HR3wG9I6kw%2_C+`}a-ooQLDeS}1A`8@k!Zscl+A@0iC_UI6V
zhNW4Q#Dr1T>rVDe%9CPOil7L;)Zone={DO3`U-OAP(?Dr{N8a!0(
z!uztUdzZR$b+kYr@F040_^JNXeLKnUg^4iravq5YoKA|6JEVSfm14i`Tan1O`duCa
zPlJ2By*=X-m#)Z1-}}HZZl5W5z>Ak|Cied1QMUXxHe%(++pDn)CQis7o0-?0Du02bOf8$m)0Y;_*WyEv%c2tj%G}5$eHm+*2b;rq
zrlAb8sIo^&$bG|z>t3s~Lwh7rWxMk}_M+%Io
zuG+>IM_`8FM8JJ->RE*^cejZX2Xk*SCx0lxF|Pc}c*$~j!d0ZXor=Q0rHKiJHh!Vs
zvw=nc;2VG+kVc3{AUI9K26GhsRC(1??jJ7yCRvm&JV%elXyART)E!6=
zi!D-tmFkCK=|6YDdz7vDeYso%sA+z7-m}kEq!XS14SB#XKf^gOXt*^~7lz{|)0KOI
zcl7#dW49dQICLmc8gHL86r@MQ?>$>TsCPeN$hj2NWXOxQ%FhD81#k{&5MH{Z)sxPH
zIn<^Y%a`2EODiEiay4tWl3(SN%&7knse748<=j>+KlD8-pFxt-Yo?+)+hwGbF~p@X
zkMg3_xU0dfudAzCOVNvIaJm2!T6*N6f6tGz0|8|GRR>?3cRrmk5c8y@M1m|w+C+ZA
zL1npEY`?^h+97qU*k4-oeS~16&(-UnH|>ek*Pe+W(%I{SXugaRz%)_vh|pBybLL`M
zXq_3;;ci6|VPqQhW`&DoUWIv7`Xxny?KV@5QO{?Vm_})RwyYq2$b7v6Zz9D4IX!hB
z=!~DHa5^Mnn=rD1Mf8$Qjup+F{Q6DOBDX>n!s%^bzQJSru<*$ynx~FbZPtto72sGE
zD1Uelr^VPp0~KGSJXPz_``x3~)t}^c-RvY26o?9rr{2V;KKmU1oPiKgxvIf$II28y
zVHUpS7dYb6xg&A|lVRl%lbVP1gOvi*&XFzx&dFl;uWy-OObEFPipv4L>lv`G4xme0
zVsTp_D!#46dvwyx^{mj8B{{eVPko1gvL;2Y$@oeMFaK8_CpB{MyB{Jjy}TY3g~Nj^
zX+P@0`sE1jn7?7YP7;_wLS{0R>oiIQ!b8XpKyXzQM8Nu?-GDKz_F2`3_P1LfMm{98
z8d#H5wH`(c+T1l#`inJ$t&0cE(?(@i;)8M+5;iBEmH{I`ADR
z=Rb}371UM9ur{O3_+d^3TjYR~l+C!krE%ZGba&W)v0SywAovPP_pDT}oS1*|5K)Y+
zn=4*z@m?6FNob@1<+QJ{Kx(5&bhY~0nAP~}z0O#o3bPiF?~8uY`%-%X672q_^&3_i
zwZcx?l4zYlhh!oP1@a~ynT;-8{prcK0K%_*oghGdKnMvY3&O^Zy(9nWfE&C9J&v79
z?FZ{O22QwEKa78<5HrK?dzB`rN7HudL>>xK2+Ouan%3>7)t0E<6+2Debfl%8xEy)>vO!GSY5mCKZ-q+N*X^E?f{Y|L=te^
z;F2g`-c2qB70X=4$U*>-QQXOkE}|x9Gyhx9W}i+DSae7%q1xB~(L}HEuqe8k(3vUG
zMNZnf$WNAhI8s5~_?H^}drQS@X+a=>I)IKQMjmyXLk?n2
z5Sm{6>*-A&1!=}J3KijcpCi4h7e~pu!MH4utp?ho*1|zFr1&dL({*@6?0M=DyL%_H
zi+yyUw!Zzwjnz8j)8xBWvCGu{S~qhmod#)kU3sa)!p$K5$)&81(MkS2Cf|Xdq#b3{
zrP6l)wIzLiIQa?znUkvN$t(-)+Hqs%OkHi~cd8Ae<@6Qmy--XYDhmR46~mH0Xcs8?
zX(saqn7lPyl6YEv6+96p4dXV^t8UY!hX*nGY$-sK_vZkQbN8XVP(DY|t9N|k_5J$g
zzY|OKu>~y1GI)wlC8SPi48b&I1&kE(DNjCnZ)tQoLKH*YxXNYf
zW!>=xJdlk?Gt#RyP*-inUn$VO>SYWj=ORE>8AyM+s=?;;ZyLVG?rY;dGNAQIhTYk
zMEWIoPvF*kjn7IWW7Esu1(f!ntzI~#M~B@dKWnaG^H>com-Y-tMP7>Ru?Sxq8Jx
zz-Q`qJAP)&dNQp1cMfSyfKZd&p&abJDzvTZY
zO5HGjQ-h8#gO^Z*&vv^Sc3IJ1q(D8KuQNCwCFCqs6&#HFC(Yyw2CfK`;Yk!o>gQ&_
zync4^+VtW<>--V&q;vx5%z105QD~(Hge438OMWQX{klT_Jl@Aof5n%wg#ECTQXGEq
zOmxNON`+{gdoJcuAg8{M~{(xdyxWb>_vQ-9{&Hck;80;GyHl&&&QzetS=(m+I(rj`8|XLQ!U$x2f~tr1J6FagJ}&*JiReiZ1AF>42H6@Qi;19hYl6JCSr^fN{2BZo
zt$s`k36R!>es+C_cYg-VvUmJG7njAA2%85RSRD}cw!f6
z^1YS6JDSH9QR_pmG4N8i1s6FdpJY{E#-64P(tfAU#
zS-nLmKNDJBDS|aNXgEg9=jdbnlbRgbUcgAx5%
z+NDbIgkBtxaIEn7wziS$pk+b@f|=hL1r$wSOmbOCPD*UTE#v(cxk_g#6t!Lz9)2_%
zn3oTWrq`zFR0c0uH<%H_W7K*!_5{qN9VkXP3S)lhl)%ZzSyU
z6;?)eP&8nm0dK1-DF#zM?-l1Ni0`<;(|~KY&^~hY=A+T=0F&6e_qED6-*M_5Mdj@^pHf8LQDGeFa4epy}vKgg~#Mu=^!Cng*R{5P4*2Q6|pvU
zb2DW)?!EJ$0LN=eIY`Hx5OGn5*_y-M)JSbMKUcC-sDImKOHia-#}s}q9H&Bg#iGIK
z+nHM(#E=%baC{o_ATF^cK
zw(=67nsi2CpbUEV4S6ba_Jfus$PAVgn
zbNSV9DNVc;?*VB9n+l=KGE)ZMI0e=n(x}Wvp*Ka1h@hdIV^a0Q(&zkvyl9=3T8Cf1
zs-{}glZHFt2*)kj@77pU8>s9~)s#^a>GU|@!)oQTe?8!O8!Io@Y6N0PJL7i$RkDYU
z!I2AD`!#Dj*R4UPcLf&1Nf9i%p92nV7ml~62cL?(;UZlkacoIp@_5{8J@S@8;=m#Z
z<)_ckbK`jyOe-Bj|wr0a4}5L8GL{;pifsQ76p9Cj)CtSa6xRLsNl(h)?hN5;T``p6P`GKlU>iiVOxz&zqhTI4xY*5b9*9e;*hJ3
zrjo(nS8xV`*z4pJ-z!kD?PG|;WwKCP(t|Y5N=TMBbGbA3@D_qM~+xsjX*;!z4(NQEavz1U$-kVUjV-o#yf?|v{m-7#iPgfqF7I#qrgWlAy
zpuBd4WmbqL^ChBP_Sn^U;e5BCT`IMdvSgZu}LYnN~c;_wCCQGsq4vTLW@$}q;Q{Roegg=CS_72
zU~W@rw|z33XaKEDY(pm<%W({p7bk|yQqr0Afn$M#t^n3fD4vY`{u#q)<+bs%U#r$S
zE@thNCJKo^mbEzkxeZq|$Ve(%WW)j^xd|D`Gw`YuUp&P3h4X`5+b--{IMR$)wQKMHH%Rj`pf_ur+4kqLT+H!lLO-H?ZKH*v}O33RGuj
znOJx!V!v7LWczECe&XECa+%U&YoqRH>@$e2^o&kd*71E0w&#-Y6U0mwN;V=l9$be1
zN=A;WgQp@uyB~>Y`0+t=JY1L5t6zrgq;(Y2V?FzcM&fAmt^2(Jc{Rs)PEvKuBB&Is&3774
z;<6)oDT8o>==r$X%b@AjC=ZKIK8Pw{ktl2wGX01PqGkz-ym72zaDXYe#q|
zDw96-iJJ!I<3g2zjSNAb%a);)Qi@9p9;3Ekvnr|@UCgfreVnEy;?M@1~Xj=(7`TGyGL!QGSwswdH@xv{?I6I@f3H
zvc`Qa#pLB-+C=}m>hr{AJVYf{rFA6WI95$t=@+Yt5%8ArmT%S*y+)QpOSfO+N07<{KE8F$z7m3WB{|t@|dbfgXPjgu>49&`oqr8Z^j3o
zlt6BjCOkh~?I37&+}9jJMcdOj7aDht&cs{kA06^NB82Le?Q%(r0NI)wX(_
z3jv`7V&4OoudvPzc2$aWs|X4SO4~L`s#S-u%37;67azqD0$LSY@JvKu*VVZD=?wj?
zyBL4yg!P>N4et%0Ci2bh*nu8gjdJHl1zg*(@LbbqM9feTt(I6X=LoG6+G(?s|Ox@`-3ip4!Yp|%A5
z5+P0wZ5{J`-iJtFnV~}sm}sk?VZJnFk)rI-$C|vt>Y%aAYq(y2Y#&p
zPlIOSa2+604BL!om#1?$OJOh&qjNto{`nHClxPV1fV026ofWx9k0u$HHHSoNxbWez
zM!UB$g^AtJJ8`L!k#a(Uk{^tkv^-g3r8Jw%#m~FH#-|z{39oH~m${Qgl((WKFSonti`Y)huyh9V9aJ(Jf+^=!fosL5=(IQ>0g)A91G|%hdD3z
zi-6>9AcBl`;@DPDcC;0l#SroLxA4+WTR(`uPjXe%lKm^f*$p=e=;T*qYD~RT_jvqr
zM9M*6K2h;L17}N_-(K%+P&WZp=Kgv!^a(Nuv_8b0q{yM@J0
z@{7gVB^g^uMp4T6vWBkBtRsXMzo-k@YF4mXF+=j1aAphGoZB8u)wlzCUI2OCwPRlP
z$^5ThZf*pteKL_YJDGN;FSR;&SJJQ|Hm(khgwXTskW@2tI9fU(puXXrvQ=D1%smy5
zkovyEHS0dCb#rAxTwRvx6h7wp8@6W1#5~4U`~EPbXH7ZvyY?c%*3ncscNoom2~eH8
zN8V!%*j8rDdXG{Uq+lnYYex!^ol`Vvl})?^#Y!!aCxX%f^RG~O56Qo+((l7~7J7-s
zFr5nH*n1}GR#-hPKOuSu?enAM;w9>PT6aK8Y^Mqf%cfX3#VoT)+DErB;kXafiGoK(
zX`xdS9F*s;nk>9S8oZ9a^qX?6Vv)WoOkm1N5$!)I0UdGm)l8@;cy=E5l7nHF_9th5
zy8XT8*jm@c>hq`a^8=j5^qTkQ;(?(J{O(R@;7<^&_7PV)D_c2E_JZzfxzE3
z-A>t#U8odV_Qt2{7sJ-X@JS)4a$!(P1pCsOSIaDe#$BB5v2CGsiIHbnwtD{eNhAo2
z$6hb&AU=^%x*-&(Plv0u4~U4B;_hRoeqG&((;zf&vc(kG9e2iPFijN;>y#Yz8|4-pj|jA>D8sDBNhi?8bwrSeQC@5!tcV$Eu8r~S
z=QxNVbD5~&HD%-PgPg<#C4BDzAN$@Rxz*t}fD!M3%z92ek6Q1}iC@mB$==x_m!oFn
z!7O>Q{MdxH6v4K>d-e7$7+jm9C8*|yqjdyWb)5+nqI)dxKY``)6Z`xBh0s2LDtXT&
z_7pPc&<+AM-a?y4i-NG51relYQCU)|CwC13is*8F0@(g1K=aF&gn2s{S_$1k&f@}u
z$@yQ#HRp*X>NK4WV$@65%P?%EbD0zHxt~7d+U9!}z9|LMw0ipLL}J)_NYZXwS$yy3
zk=QPbr(3Vln}o1rD!QXPSJ@OyCL5nY3B0$5&8z>dmS*d?kz!f(8tWJ!L&v9fXw($E
z+yvVbkQ`6#%vdXB*OyMLKk_#L+bi84(!iHJHJI{M2;JX+!CAB#ZtLC&k8M@2%M;#C
z)`15HVS$av
z>(LHb)?M3T5Abd2IX$T9+${4KXrnH%x;n5>rmzfr99XjYuR*z#DaPX&
zY{F+5=hNEnSH=&O&e&VgDC9$DW9YnfL|3*s2ulsyvPR0!vfgKN1ejE?hzdww=U8)w
zzjCcrY)|Xcg{-HzZ$r}hP^paXqCi#$muAlMgl4dNu_Z1koHz$7+!0{
z)jFZ?auQ=|wVYBLw$bm5iqF_=%3>4t0H*)lH9k5MKc|tWegiEst%Ynfw4?2OoRqtU
zq1B5o#y5kxGuQLsAEO)b@`|*&eY$d3RYP8i;A+$7YO6t>ez7-^WQagfJc(l3YJ&+L
zMatLPFZ}}>6ed^-uJz8jCBj4wJmsH55#njZ7Lv1@6Oz6maat{{I{{Qln7^n)wp9a$
zMzwY6@-38;-I?8pV6x4`XGNbhJXtwo6`eHin!T^R;NcX_#E^$8-X{~pHgerkDHm7AohWK*i;nJn+^c--+)2@}N^L4o#jStQXtq$LbqZpou!H(sj?^
z`J+eHUHi+M9`HkkcMLX#twWS>LGM!})bf{!)yF=V{LTmO58!-gv6g?9hRGOhCt_O42k)%9y=eTT3G9wX&N*XX&=
zl4QgkPPj^S(c~LI=}h5oiY|0;UlB`lwXA}4e=|Px>l8gSZV1)Bi{pD=#wiMOsVP@x7?_gx`pAPoR5KFGliMeXC*+i?lmPK8?yvCM=qf
zKrZ7m5>ws%GS?M=29>=46}T584mGV~*=u*ezB%#8Ht+pF-A_aBFC%7$0(e0F5953c
z05J7{T2f|yS01eaTn?At=>YF#VsZBI;$_$w7M0n(&+%W=<|ykf+z1iQV%{h7_zZ;k
z;ee+=w`>q+=r4xHOBR+=1<+0@DOI?A(J~%i*tj|{+wP1xt46h+yUI&ZeIg=TT;(j@
zikF`kqe|u*z9A;U*y^{N^l!ejfy%9*N$47A&;UG%^2)`UNMt^!RjIGoODaRhaeW#P
zWf%kgwTG*uHW^U?EUl34QD{jA(=RoNE9URmm({b6+wpJ%H2A#Rj2`lM69g${sKgoH
zb=nt=db0P52G8E8RU+Lq-QU4X9usziv71San~zzX8UQxaA+oP`xWYy(G2kYZK5b7e
zyz-u_x-Pe$6rQxl{p9ce?&+$t+mp3!)!t}qdpO8hAqR?7Vzu+P
zm3phOj4oM-M_)|_vH$)dJ33tS>>)Z$0hbtdgu%S|Zv4o~TCH_3uI$At=2F0+JP0T(
zTc5L=^4LMH-r|oQX?As%4Y&aNMyXj%y#^fxAdaA|akwgD%>13JDa`$5xaR)B|^JCzHv5&a4etm9>rL1*u
z@31IsPlD4CflI0N0`UjkeE4ODzI6Fi^)oUnz131`uc^8-EL?Mz)`_sOdq-yjLo4O(
zDeK{vAXs1J@MJe*(KT0lPMB7ZKpzTRb~CS}nY0bS%bI&yEk7F1vW2-ciG+Mzomc1D
z;j~zb=CYZUWZ2#-x7eq>CsZ7&95SoSC~)1;1q@9I)X`a}9(@AMd9x3&?E4I>*Gvqx
z+1`tfpowN8Hj8AdCVAn2qUz}p=mhFWW>1{2zh><;>0CCrZc!HC6~APw;>2Y{?VL{x
z1Q6pJto%(*F_)#0&uUQ5PytL-ONt<5sZT>lRf1jqyrp;{7>n&q!w#}`S~LM-lb#a&
z1;84u)PqRep5D~{3{Rb}NW3=9%33%GZAYuuW}7LLpmV06T1%=bJ=LWR&?kXK_KNkV
zhG}+ms1V8v=XAvMG-e%cP6aJUYel6tQpaxFPp2{~Z6bQ|hR2
z`wS`e6CI6_df@H@6P&b@FAN@l0`!$|*EPG}_Z9@GQRoEH+~k5{8+r6~!*=(}J#v(v
z&rtH%vLr>@1eNDONGQ6Yz18S_5!gNUYGJ-I^$rma013@*Pes#>f$h+2*SBuzGDr
zEvMhb669*R3Tb*R9!5-ry3opYJ{3%^ezC2V@?;MFH;UOYfQ)I)F&__POd*D>-fzbP
z3p#i=YAUXO`}YT7lrr?I19ci`v%-6%izlMM
zP6~nqHg!j|jrlQERf$3L7rnnGI(E%5D!S8zr84-;(9VN2FXIFQOuV?7XDG|qT~_TE9C##k>11+Nvxq5H%7fM%)SrQSDYQ*)Q}0c(OuG}UVj+KdSN#DPFiy0RT5wa5>Z{#ly9J}f_->2
zX;~EjB?pL8?|O&0|CJ!cO%JF~2s1SNx-O#twPNGqeF;#08_mcvI+r2((Vz`!0(az>
zs(7ZM*F$Ap*r+SD`W6;rBU-)XRf*YAgY6+@LXVymR_rY3uY0N<%t76i$lCF}&89`h
zNZA`~_FHd@Sa!(ZcO&?A7TFBgt&dAP*V1w4b#8~@4KoT(H#v|u)`oQ-Ce?c0v0v#f
zc6-I9SSn7NqfvY-Ms
z-Dj+iECKkHoxu?2oSxj}=g=7Dh6?VbKdx>*!>
z3H()-o(Wv3hyQeUwmrm%0i9a$MU%_vVWzED-BhiRzoerQxdBb62m#o86>2dZbL
zt4zkTe2*Hhk`I7vi6)N+9v~xpy`FnuwZ4}2rPNQrSNh0>3}Cm=#S~z|N#eOtpueEC
zpJsh<)%b+OV5>~0Wodnw7@3gcp5-U1Wl?m_}l13?_c)s_I-2X~S
zrqTEH&*gZ50tB%c|NUaTDk&?wa{QEfh(CCNMh
zu>csJc}HDhy{_P_Mp(!@y0$MnJ_ehY9A{aERJ^@lL{Z`Rl`FBvAbF>mA+6E3Pq?UO
z{2vn;Yxy^Jbmv9NY{8A<<>!fiRO~sYi?I`*w-|N+?-mw~_O~7O8c-mLF|hIhWdI5M
zccA}22t(-L|NVLU1nS-LM?ori@c*zd>ts;@!Sa*pV|cat{sx=Jc@wPSPoLfX*zcNf
zVqW*fi_=|ZlCdj9b4hmiq)M%A@0N8z_$2
zV({<;5+aB6Y27go&7m}o0KhTm8CNb;!?+SXP2d9HrP}TJXHqk7zBjji$k;bZ=3-Wx
zoOL=v?KNE(B5C=pd(x-YVEYUWl;0tMf@o+4u$6u>|9G{pA!siGWM?Nzn9GpZejEU37RF~E%YVzpxL7zX
zd%m_J45Ctn{{y~B{v8p{Rc3A9s9st1Y5kxk1h4q!yL
zP}n#M1~5=Jr{?6>F?k>XMa7nNGiZn>p)mp6xmqd!N@ePWp(?Msg5p?_UR}5b++iiQ
zf9M~+yTC}FlUM_p5l@I}sEzzDt@$r|{yzquErCwNy{j3=m9uvI-G$}^iWc`94wy{b
z?2?yIXqKBlKl}~9DCkywYba_mtLV&3U3`WF)FR%r+2kY^*WNAGz={k2SaeusEn4lk
z;xTA80R%!E3Jppx3;wv!@K^4tc%e58DuuHZrxeZ{FyaZ=+wuSM{H#W=+!-z69{YNFjIMUX<;nj@T2$Cyf_
z1!uS7B}#8Db$r{Nr*85FfnD^UF260YW&^X3c>3V-(QY`A%4Vc_NTenpm;hFYFU
zq{i)qYdyM8hER#LHAOh33@#kdQdXnEh5zHp7dNav+2Q6ZPi?8Fjx$vj0*y4T6n5f?QtD?Zx5j6d#53+DzNV0ec+vo5{gBJYnlzp&Cf)F;zE?O953c868~TN
zuB4oQZCA6}m1eZHud%`kikvhv7UcJBOc6=xVE8{L6`lPSbayy`%lI
zm~O-5c+e)+vm2um?VB7qdpiVC5<4|){ntU%PyuQYM|k6+OzGOBXTULi+R%`CMso{5
zu+7~`?eqp{QGEcAr~p*LlD1yqzlp+g5Ld_V1SxC3jE(4S>;GYP{5$OXnN`(YUTqGhDqa@qWkIzNDb
zQ>N2OW)^K8TrPz3?t7Tp@Q33A?1S8d;OVa89TM24uC8S%P#$f3@Fdn(f=Rc&Szedm
z*5#lgnk)rWzkKpf?PCuP6_yoST(`1Q|9$b3X~0u8k{j|tZ$ridFB9}{EZPASMkSh4
znq4Sg`m%FZmC=nF^|54c?;|J!4{XmV{ZI_ki_%9ry6W1AWBKgBj?@LJ~iMS<~01n
z>N2ELR~uI+#~NJjN4NkH(>24oi%zGm*b)4+f6s$Szf)+^s>WW$hF6a(Dhh~ezsTuP
zBd4sCuz@RuTr|8w;GT=}kq~-w0McXE!ymw=U6y81UMLnvuF=etn~0igHwwSeDG@AZ
zC#{z&68ZJ5sClh9KQt|PUvO0`?kSa2=wJXVDPR=@mltD1;|!|%dd)p}2>_>mv+S3<
zGQ_-De0ko5#01%qmuT6ya#R^125G$c(3ev3m#F#12#M*b6fsmMXQ
zq!+c#?lx0a2k$7MSWnsnv!Zu%PNtZ$WI#?2)g;)t13bOQzfG+@9LY1QIc=;$dPIgm
zAbp?8PRb7SXA)a2i7+XpjrSXpH;-HvN8B$Nx^4`Z22gr$jCN@=)9V^oE}w~e$xuadotBhJz*QoHK6U}k^h|+-hl^CT?G{Zr9^-jYnrRa&%
zNzz%~_AAa2r_K}Xo=EoQ_G<7X!j%Hk1FJmZC)hTD${>x@OcOfngXZ>3kBF^)AsN4&(g?A*+*2O7@d9^tejKk?@XH|lnIwTZnke-
zIJ~gz2*MFPby4v(NHQPDWJ=_A3SVn#GhM5|1CXuwwbL@~mbNE!je5H$%?=E1fXcmx
z>qe9nNr3F3RQCWJYZu7lxq@5pAq7~+`={&9utg59D1~R47jIV?kfn&G2}|&m9Npx@
z|1;@^d;tjpE7X9Zj7+^n^9z9Yu6!Hv^e6!*rS+iGSnNv-QYb24dT3`{Jz-F9ar73d
zQaC9B3xdm7lpyf#qM)yHvBH5FJ(wLFOYLoHUqmK1A_RJih^1N${xRJ$ON$HvR!co7
zgT2D<=G_hO$=vbe4qZeADx75ZZ93%|<>+Ft2wBt>XIrfC^JP-IuIDbw-B<6=NmOXu
zlp0S~WX(y8E0LaM;M`=2e=n@FzlvYGl-Fu_*Ph%H%R)Z#PBO%p>EqA7PMSYglVY?P
zwFE}e8P*?YvLY{0qQ0*~nqm<+|7XKM&_Ry|+-dJH&J!A&ZzWQKK*zT$|Ip^wk+cEbbV(4d$(X;MW)K%l1NY@)c
zPkp_~j7-eqYSqsph>6zykM;#>TL_8yHO6cw7HFt^0sYO#dq|B=EC-GB8
z>N{r}%GQoKPN6
zrAyl8hi2qhS0qp&NiE=zR$;G&GF-rf70s*5e9i^bfD6dGq=8+#L!y_&R1sM*o*9q}
z%@5L_;v|h3<{+HclzUuOGcnmoL4>
z=sOv(izpbzEyf0-KB?CPN*vakeH%3z#vo5)_K(~e)v|UnO-~o3`dKj+vieH&SmehG
z9Vb)vAqhl&sZ6c1sJfe9L6kl{Q7uBnxZlyqofQovV-Nu?i@)kclut4a>-*F%Bh@pX
z-}Mu9eyJ!N$OI?q-2o{h^V}xvpSTh#oCMER7C_td%gnbM%nnsZ!
zqWwYmBCtAo;vG2!QP4VMcIe(j=|zcw{V3tulH`*YbGlA;3dCdyZr>rrh&DV(OL6!p
zI2!(VqI^R4z+23CG_#}-&2L2p9?AoRP#=GfT6qhO6)!X|d=lM(E=KYNq$Q6(``U0K
zK!B+IBWO05;z0D7lM(ij-p^o}-TE|8!H9uO;`?;G$>DmR_ub8RjV^dYK*DhE25IRX
zz1IT{fr@829B~r5@Q87E@(TpKXio*Cs_UA*FAI+J{P9Nx*tWARr*}{)X>K$+<2#?q
z7FzM-kLyvLLZdqOywqFHu>eqEU6K8|QyU@=KbiT#WQA$P3EiccyL;b!YoNR2g8VxF
z5h~)^Mo$YhSxOA(FJ7>jqVx_y_&xYz7qqH_;>E(8TX)&++9+r{;N5QQl5==%OQV2{wfm?f|1CWx6%Wq|t63
zV3gO8QSur^l*f2_Kt`G2r2pe9q^s;xKXaiHzEz$z~xw8TihRrpH}JyTyUt0u>3-
zdT;Sid+)z3zty+>1Bvjqq!KQKgb7sauKHp`@fl-)L+GcRT3TxMEXJ@&QT!cHEnyVl
zE6sB2j>vXATtg?FO2GFs*xr&P8pV=w
zmuxGd9bvn(t*^(QMo(<1`NW#YCyuARw!s7oPb1ooA*jxdPXnpZeCp#1b;n;*rBvf(
zvzfT$7r4AeO<7Jm3vQlS&HiuK*R-U=`lHFw{3UU{4PHhkpPQld=3Ax-O%Atnu;^qu
z-X3xGZ!$=ykmMz4k`dG+n*pc8C53H*9AN@Qv)THA5xu6IWF)&Abs4I5+C{|INjwQG
zrs6ct=hzbN>*rluuWdHd1z%{@HtRV=Em1z)2&To8CpVvD%-d}V#YF%C)8-|rGTZ?r
zW#)b_OBC1pd;PAz6{xy@&-J5I4tUfXg8O8}ivVI*&_~%8g2{TmD}!O!RM0
zqgUVm@fqdBAicziF9D|4T&w{8No6F10+1CXX_N5z-ZlwpFMo=&Wh#;)6mYJCWpl()
zd#{tZy9kq!P6#=74#_H#p72hy26+DXL9uRQ|!!nU4
z1CppOWa~U-E<-i|084Mie|xgkjJH&~!8EEsc;uNjnPftN;`0Iv_cuf6btGHnM^3&1
zHt0l{mPtt7q2O4NNU+sPAo4&x_9rke(nwEYj6Et+r;SS`<2lTMZx>|BzpMZiP(6efIhJ?G;3j51WF
zXQYelv}9f+1MHHyP`<_m;4jY$XfVgCFa!`1Z!^GyOGn52M!9z~$En%i{1i+%1%X?S
zWOUc;2*RF|T^;kdx$?Y-AX*+zd+-68#tMaaCo+8`a|r!~jI(3gDzpoBlAUd^NMBkL
zp)7TYj0o-TPZ?#@Hw^t-o~mqDqRU4
zi8L;zA!60-AM?aq&faJ$mba=pakNZiBFMWx*xoxt;|hnqW}UhiTu#{&uCwxQN6*@x
z9&GGMq`dc0=bldy&
z^4j^NHb|oCQ&beAJAu$S^T(fztC#&(Z}h>2obuWoaqZni+^$ffvAw42H+(xu7f&*v
zxJh!#A-cZZtsBE+zN9(&rm@=66Qel}d-eFFi~`0Bs?qP+BIOUGTJKIteA=zP+gKx%
zAwBpod-XUcf)>4u%0&Mr&2H?2fpTV
z9pNgTt^?>wO*sp3cj_kl_6=jz>{KzUQ8TJx%`e|jY|Hho9?$Vmpt<<~Wtl9CnB;~E
zqxg^2`%9}5jaC6i#y;xUykbe|L%!*esnlv@N4U%=_zqi@z9dbB@pQp}_9AfoeufhJ
zb&3Ptr$2SVSB1uEt<()ql03&!PWf^aY%ku(ypbfDo`X@Du|!3%Zgadn+xQ8V$XxhE
zXLMk2zO(Dxdsv|G_Ue);*;c#B`L2a?_?K|E0PKrG?NZ#X$G^NumyPsSV($f)*NowF
zM?J-OVmOBvqP*O9JQGi0V<;7ozWqEKxKDq-mG;&vFaG6sKY#5SVa*yItcbOUB$1sl
zeb$ihvoqHIuva&g*y!4y_I;4Lh1JSz@w0-obic?
z_B*`eurKPY^Z+5d
zZR+JtfHidt)3JG0lComIzw))v>I3(_a|I6;DBXTLE>BWInZxT2HPWexU4Am`el$e0
z+O5ulN*twAB_}-b>lU-Cv{<9G7X@g^T|I7}m3&O|T3h#*yHMk1FrmC^Nca{pd<7+@
z873sda8mZj%KqjkPbOgfB>I(=tWd%EAp*F~-Es#93Sj5adc4`gV55xFJ5aA9f*#EZ
z-!LPH<1G-48p=uh9wS6CZdPww6vEdfT|5p0*BI79)5?*^G&p94wr{2sr<9A_;z{z`
zO@zK#%zbKTci-8_q<}@>Pjv_$pDQQI4n^UM5os_7s|M^y~@IooSMBMbvuv*hwq8zCtEcu|R1}AlRJoO-e
zjCD2vvSMwmK_B`LlR1g~=6Rmn^Gdj^o2Zm+phO}1F#d!Ng;2@t=cg>{N3x+fS&p4Y
zKMUD;UH^C*o1hicsiVCMN5nYW*xbscwe6{|v(=+%3C?-8kc;_#D^$E*6=?yi^2pxI
z+;5PO!kxvoAv#t+EEQz5-GAOWQ2}WAIEguy&3X2N?`O-2?Wd1MxXsq;SJc%x?2%#a
zC6q?lY6<+5z3OH5??=(eDTh^D>Bugk2F1(gXG!J4nW_2D_wvqOC|AZ=HrYt;WK5T;
zf~6}-$DV*npNOQlS(q8d`A9a^rMGcg;z5N&)e9Yy`Tk=A)lK{A18VPuRhRHXW%%p0#WQ?=)u6k0?1r>HNlh%>Tkq&1|Z{Ndvamj&!+$m*b5yJ
zFw^t3%m79-6Lo*f_cnw-*pgf90%mp%#cd);!uCB>99S%A4&$J}4JVscpW~rQNx+}6
z7psPi`>&xO0rCDv>%(#P9*n=FF$876&;W%SQN~ml?)Q%`8X6Vg*PCYxf$24$D}TN?
z2j)S<_Kx!W>h+wJxwC-Hm4jRPFC#ZEC9|w%-r+Bf3kJ2W6iR`@%r%x|Aw2Arq7?jM
zaeZ498`S61PxY$DiFwUla-0xaoSA-kLZ^uBG^hjp!M2%lSJYs)6phNpc)s5QO*Ipj
zpz@Y$9E%uwSbg-p@%<42N3Y`Xl<_NSm|4)5akBLM;AifVO#dXp7%Ry!Mn+BQR
zH^ZxU|1j$z&1F5BK2<`QQ@^k_v~UcqcUtFpRy^wqh&Ba6)|+R8fU2ERfTqYlN1ZD<
z0S6^1-P{&RFS9gto&@&ErYI}*il~v_%5OB4Y{S#6U<-V(F!g8WW-p%j%`r;YX7Aar
zSZ)iy72o~k#i<1bS_YCH2}GPHrTmGEx?GenmyoI7l?jnx+l=6+6&3W8;`1YdOe$Ck
zRh&y=)7#NZXElX;PBN^3RY*B-cI!zXffW}NJ5O3cQg%MfUW-UieCRpPeum}Wc5Wh|
z_=r(Vnj8yspZD&Ky}k7%J{upbDq-lc;LQ&Vr|V5Hk(Hos7B(-=DFULr;X%qlm>o@W
z@CO_w0VJhk9Xe9A!WlZXN~Lm|DC1!40iUCS=%4$eMr@A1pF0q9nMRp<1AWaG@?J_E
zqPA#3kz5TrRCbnGvFf=3Wy-m-qTP~(gV*(rejig5xq|%FC-^i7g&0#p7nUUw18?d{5WvbGwebv8K53oyVSvv}c6lLsu{Z30@b>W^%8|PmxQpjrtlmWTI0Jrg*Nb#dG{???Us-J-NN-z!;MM-4_$>BbVkDK8F#!&ufXUN*zZxuG
z#pTowGUYB%uCv_1%@K?00Dk~ie`Z64#^>Hso^nub3u8?;86%>u302G)PprX)hPJN$=D48Tmdv_ZjcLg7FDjsUG)jcnWrcidXl*z=R
zucnRzQd0#O*C7m6zo(@}XXTqG&nbLKm)A2-178-_*V3kYM*FpVZ9Ls&a$l3T!{_23
zGdk@vd6CMSzj~OFM=vzNzpQix_EY&z$B8Eo`LBpdOgk#UiROz4Tl!N7lSXo1GsSKy
z`X2g-$}C+MYzM3INJNfS<-Z9l%C`G?S=cv)x!|bOqS8!Yv)ywa2E@ExCzM2LHoGzv
zC-M-eE9J@TsGBw@k75_+)p<-R2UXu&lMtv##b@7@H~I55o64c=Nw04E#;RY04Yjpu1qzAG%Y?gIV-EVRw|W3&SPz!piN
z%AwTaCQ~y92+%s5MwIc8XJah*~XlifNn!Y2R@MaPyGo
z(|W==#s@(SHzPhAvsTL2s7FTZvOfcI9aL`+R_bCJNN4
zS_bM$;nmbMGtyT38;^2^bc9*TEc}evACNIjzmWkVc@;SpopJ@SFPhA0sHcI*pU1^r
zr+yZB-!i2$RgNAOvWZ~(BJ~<%gR(VBGQ}oZ3M{vrwq-B-O1g~ZKkF1^`P83&Wh>RI
zF%*!=<=;rZOjJiJQeQsuU0FLWe0$zQOea`H&Cs9lO5~VXtiMJ|CbP=1OX#xFm0S=lzE|U2zrtS@TA}P>e@kkTl$N>QikFtgN16P0
zdDK1QA3q+sIWB(|%d9R*<#CbJ8NJddJM)fgvhH>dO{*8GU9XHnweow^Z&;MHsx3KHB>BH1*4sNZ
zP{VdF7T*6U6}RndBD)OylRepAG(m|lp?q)%)Sf8PEE9R3tpy%ALVdZ>hs5PL2DW
zlh@fsZ$U{NJbZ3%5`L`}yUx#Hj1p@TwyW`Kw4k}CKI$UEKIZUd@km<2-t^GXMkneb
z#J)fMC0+P?4TCdyk-$Z#pqV0r5L{SuMtoDm&!9J9Wzg8=YOSQed3|5O$ogVlaJJ>*
zjw3Nw+f41QqyqQFh2MsAG-{7Lidr(*)EQTvD^R1jB9+|OM3x%i7@lLQW
zU4o#61ZLL!LO)z*2o6}iqyoi1;V9w&+y4k?;ELK6jbS*OT|bMfEY(Al(#*(7(-L
z1HkO#B+K9r{|l_>D-yAXQAkZf&?q(cbKOJ8Y2reBK1SwF;pE(%aDOxMWUPwURi>tGXuq*i)gN?0kkUDRVoVBnV=Hq+(q9}@)%vCVe?
z!tj9x(Gos=ks^u}*FiO`aO*5uIUlE2F@hQEseB@2Np-
zbUpofA{P^Retp%7oWK^Lr`7B-1(x+f3rU1^vO%}leK?*eOyS~n=h@G@B2rqvxgfJ*w^dAG*tIcMf84tE_<))SCDr%;!wg9VH{qM-gs
zn|}}I1cew`qeSQC(!%OjoS$v=O};%dHgh491!F>XMBl3YEDb&ImV+Z_EBKWp31$Zs
ztJRD4olyrid&hhVsbIV}7sNtRhYJf&O>B0do;4V~G0gjDH@o{V#H>4FN14omT=;u+
z^}z(%mee26aqL;}j8a%DqTT=!a#Z=3+_C7np+2|9)Cw6>nX8{e6|gYQyP6qDt^uBM
z2tAHuMz?eOOfdhLI+aEO?eG4eG7$r)NncU+F4`LSy}A%!OO8=1Tp+6*f;!%`FHg{f
z5Cg)~1g=rVqu#s^m;7Vju9;ACv2}))Loa*p2@$uoX%jr0jFV%=RSBNXoyU;;qcC$?
zr2al(xyd?0=lXxbM}`SXuQT@hZb_X``nz4!YtQG4(!{=vnw6sVk_`m2naznDSw1Ns
zGM_QOCw4Zk0GCb
zUUWQz1>(;f%#GnYMsk%M&<1AGd@Kc`BZZ4?arp7q)_R>^nqy{C3lB^+>ZjA2%m|C)
zBWX9qvBhT`j!s{pYLg&w512B6T`l22uil(0qOUGWyrh
zZgFHPSMLNE9e)ygE)z>qI`_eeyMRXS!QpWZ6$~xroz{KblM(x8Tq!tGvd!=c!+oS!
z>eS(pZV(iWz&^3_-NHsY!juQqmWqV($8$-P4C?0d_ULFT7G3^?7m9*Fh)y9Va%%uZ
zpBSW6p1>a1Nk%uyrR3lzxa!i9i0-10^KryC_yWv;A6l5Vn|r>oYL>|3kW9u{Fga4~
z!P*gsH+PEoPAE&{3xq6Lk(I#40YIBQNES^SanKM%Nm`J}9Wo-lLeTgsrwYgJb2EF_
z5V|_=(~Vv(E^+cL*=}dj-B_`*Nn!I0tY3fI#`mKvFP79$P~JqDdPtpBmnJmV1SP3W
zAaSzhUmlK4{A6eTc{9f+npY{D_0%wlII{u=i#h)jbD#9>SnPn+i)VBGdVmWa+>(wN
zeRFksmq#X6qjPOJO}}s$sAvbk>ib^u)M6_Zz1|LH(KunVKRM#i;;cXbs09^Q3k^I@
z-AlGQC)Zb1dK-UdqFag&YrHQ&dKSg2@+?3<4EcW~bOUOja@$g8QmPJ*=c~8=$`(tf
z{6$xCMEB~%?b9T@-qFly#v%HlpXuU&A5Cz?dx9AQOz!H!=9K!Gp==5*eC+6q^qFP5
z&czUw_aye$)D4nC5D0@3OifT#-p{`29UG^^^;`MKqON=DmF+Mb)zm~f785S+kCsH^NkyhSOaQO10{_bNb7Me3qlW(p^@E?7WlUx^ooq-M%+wn&)c3f?lA*IE~
z@teKrk>(f7YR3nipKaQuJL_wnMZ3jK1@R7%y97lx6YRUq^(8VDChV}#jUAp|I}?C!
z_Pr$7l89hrU1yVI$fBIxNfL!6q8KY-j}@hw#>OBsLRHR=kEjxFhy`~-vE$V*5h3Iozjg}XbBM0sZmuHr9ybj#52w0&h=s8ZpU8cX@_ueAyd
z9uI%4Z@=8Xi~h=4QP?Aj$mMZbPTz%Bd#fPzta`1E@-W}mrYXWw$Af`;26W2ZBQin;
zpa*6G29%+rg|y9A2{%~=+cm)^$Au1ND6ut4?Ax9BaoK&jX!^%na>?x
zF5p|x;j)8W-JlTUfeOKlyB@*7zwjD{lt+6Sp+F5<{6|K&`pFZ}6g7=dG@8%&DI)}i
zV6S@Bbqqor7X%Q=N3nGW2B!hc#);B9=}W*9V)Qpz4NF^oK1ET~YI?Ou+$C{GVXJB
zXWhj6c{1rdJ!*`#-H?ktrJS1%8qft?Y3TOYQ5IvOFs=RyO|8t#H8@ZxTKbFd%ZdaJ
zO7Duw7K@m5HmQHCQlyoREWye-_+)P@0(ajZmT3C39;c`IXYVHgsvDHrr%`M=SX~jU
z^e3t9PtC4we$N@@>olqnsJL8l1G~9FU8r8JNcULm;_wpNfL2qGsq-j`cPT-~qdl5M
zgDyj&G$VCtSrQ)TV7oQb!5W<{{8y68Sx-P}lvl|MRF%j2k!zM${Jce2`m#m*mf$gD
zC@Vy9uN~RP>IBYg-YzX#=Gl^9)>T=S;Ae_$2OCeAxU^wTzpVS^Fn94U0GQN
zZCb81@fWZbk@<KXq?kE#5U}M5-$S?nB$?o^ix+`
zS=%2(wHB4ojCUVG?yd1I3AN4RaNJhrg|xtfxob^TA1U}B%ev-K(9eJ@3K^$xT9Zk-
zOUrAdF0bIB=4&Hx2ZLIpqAUEr8s7n8+{bMs({WU@Ij&VsYj~l38uZ0%YIIzW~HG_
zv1+Sed7kpvZ`Stp=15fbrsmt
zFHX$p-C2*ovdXyew0U*-$*PO&Pg6R@){o_u^SFvH_J8BS&0^MY=7QZW79{ND@2Op<
zvzZ=LcwcVQr84AibmEBWhq(frCoK3gmVL57i2Itu2*X6CfCl%ns4@Kz
zj?q&PxFkX{y$6_kYKVVfA?DP0xZoElATf7%3YUh$-D}|dq_g$9?@*91$HUcXN`MAG
zx^=(iph^plT($nfcS_Q;t3h(=BtfAXs|*jzXdK&jVr63Hi-}3UPDkxJ9p|4#59_p8
zp4Z#Xyz#ia^ZJwaxMkk4uK~u3iGeeepRIq|V0P{bE#>00STB_f^le8$!*^h=_FY~<
z+q%y1jlZHO&-n$OuqIjiJZC+jj!0-GROnZ?dS%>$FXwGNoA~(cbNIhm_l*SB>l$;9S?gR!=tyK-fPZr1b8MBJom=a;u>_e;G(
z*i8AZ40=n=cF)?qJk++DK|-+NZa$l2{YQgZhR2!fZG!bH=Ar3MqxrNf&`W4zR`E@3yviLx
zzǒtUp48v=#NK+lW(YZrcykkNWvtkx@P*Tl3k%o~GV5`U5z2#%4SI8YUbxN=9`
zTfpWHMT`ci7dkX^@Uvond>b7jAV4xxRcayDq%j|1wbbF=hUaT2SK67{M+;Ut8X4h563RUPhQ;R
zdI<~3B;>Zx9dt92PCx|;1V6a@K>(Dj0Il0Vco|qNL*v<@)9s^4zD}>zp0UnAQ;Ogs
za1iy>gG^@1-{J7^ppRc-Rl7NyOeg5l*o~6@<~?BxGS1L%&LnQYk+xj*2>E6>bFkLq
ztHU}lrrA#j3_Mr11>pTO2ziFm_+Yl3R9;P7#!&4m`1e5b+5r_qBkCSk`)
zP&nJwk_q48c3$8FT=mKFC)m#mb;cvvOZ*IUS|0SG$tH#T7;!D{z
zaR@Jirt+m*?X}W9I?{Tv5>#XPMzVv|fvph+=elH0JW*11*b!U&ZTAw|L_jR=PwWeD
z%eU~^FA}%iOVp75TkC;X5Rb^0?_loX{qsSR8@R~8tZq9^=&I5{At@8crZ7KwfO6*~
z=NUH-nD-ggn+AF24`~YlI8a)eK;=R;IesKe*L850ivl)-rfM)*d7%u{WEkTu!K+;k
z=eSz%)X8d&6C;s(|@>i5s-rHkkd-1_=zk51LijAYPg~0XjuI
zqrU_q5$vtvorAY8Qj?+QBmixq4&1Y5MDYb>5QJe7WYN-01-S(pc&7^ja{?Gq%R~1fYul_q`J5?JeC9?e35b)
zU@Gp_%-}Q=3~APVbb0-E06^H^2BEO`JBw;F0mh=iI`B^ngUY*@JH~TdbTD4G69NEF
zsi47-AsBhI?Hs1q0WMV{0086?eJ6p4%<~39V9kafAG^7?`A+q}Uaz7$PksRJ>@KTJ
zs7R$@7j=|2?^KCud5x718Yyv9wnqJ#YUQ(BPBUFBj1GJ_uGdbggU7RAKSvYyyK_A|
z!q@XZTYSGBn6%3^z40DxO8J+Um4E=m9K^pfYwqgaTn+gzSXDGs_|C)nfMXz9Vt
zOt(>W08;ldrNcO2#$r~!H|`Lv(Q45(vA<-zvwTpk0Z%H6-e?q#xu0bjH{uZCTLOcn
zvC`uP?EP%zOG$56;^m|l_;K!}A4z5+FxCXBORL`_6-0$@3xqeE?&?e;D=E1O{+Vzu
zO=-fJmxsz92P4R_-2SySIastgEN)gkKApI+#+j#q-iCtTLcyVm?qo-O@Y(nfVOTIl
zYh|Ozvh-a==3+(H_`czxD$w>6T>H#jL>6?ieZ-wSQRMx}B$f$Ie?8kM;OLA|({MzL
zhOxBGGNsWezmTQZD-ei57i>Af{U9O>ejJ~?aAR-D0AWIRIF^m*gu7d^>D=x+SOoE;
zCA0g8eixO2U%Pc9-O}m&
zA(nztV;0rPRv8>kR7>4qt5(+_=Ifn)&1SotA+EDKeijW2H7fk1$>t#qh6d>M{jX&Q
zo9z0
z0wqo32aDS~8ZVi@1fhW0MsN)#cvKT!@X-lMlrvfGv-fGK~5+Q4RSKZxB=sEq3s;oelZO?FW>=LQSzRPLz
ze63{i?dfVAgk}so=#*;_;s+(-lu`!~A*i0SKd`g^7eMZ@ZyW%y2t2C?i*KJmjTRT>
zRa(fZ7u|tv&JD-DiuSBUzMWnDYteXpgKDFy9$PI;WNq*oAJ)^^dLAzbgA5jHE?ur}
zqU%a@aAK?pAqEk?YEbwkRNQEPiXi0gdT^9f&}TaE>w6@LHZ4rz$Ud-xE*}v&S9${I
z%Y9!MPDEPOR2!LzqXKm((-mjRN1WchiRFACYAk9n9Q&*nvuM@gz4_sCcSN1*)id{-
zWyChW3xb8U-ghb;$0CwzEIGlSk&9V(X9fLVzl@}CqYhA#BkVjqAJhQYeEfvcxsGM3
zVRRyH9pD=VZB9Zww4s98
z2R?5iPsx9-*b9hP_}a662scfxey?y!lZP}X8FeE`rEGG<<0tJ-X1}k|YD55l4RziI
zfG+r-ny!cc-X0>Ih@RCjeDAo+D-heGLuwRn2S;bE>7H0a1RRVB1*DPPomd}
z>t*^XS5jEtOAV(Vw0Sl~k_~6K%mZM!vp+5|^w`)S&PGh;>34~KTlR#@ea0SE)
z_!kx6Lr%s980j&sB>$##-I7yaUBj1F=oh<}OwO2lqTrETF`0!XAtCyB0-_wFL$6ky
zz}v5VQo-W&^6WFTh4^X1QIY0$JUTlJO7T){*4x27QS52diczx_SVbj;i}Y~`8gD*r
z^lRvw!xrrko6?)YQ_=1tgQO858g6;J9Rjp%AL2rKiBQes^@S3IG*t8FvxMO5@L8|XE%~Z1I4h6Ahpb@$P&P8;&jmwVtxE8V1u81l;!XQ1
zMNX}2I4`33zM+497M(Wtx{S(5tXzi#3JE<^tMlMncn1SOYNohjAgcr^dj~Q*0t(VY
za1v#|n5W`HAIb(k^e%nwtSmal-!4|*;|I0ki2ULpHHf54pP}@Ug&Oc!KWzaB%?3J=
zmv=sxTmYG7{_Y^`yHt+!!cA;U&9RT@1re_W0f`69j67`m;oOkwoza<%1L#^{?mY+h
zUt5q69Ze4YIPkU2Q`q7&2vt!_+b4E=r|v@e#vST>7y`rJuQ4SN^phD}eU=FL9-p$-
z+hFKb;582{HtMZ0k?o;7!F`V(gO3sDAcS9r18KVDT^t6&wHm-K`!!vN0CtJ4d}iQ`
z(9$ODGYM4pZJctGL_FjR|x&sul7$V9~J=HIGw
z=`+cc4KWbl(TqGJx#Fk=YkdI01xOlYRDh(x2x-h&zazM1L-RmKRVJ^~$me6^R%LawG^9>T*rLzh9@5EI7&D|^Rtxozlv7hf!O=y5UgX(95BcQ(
z_2)6v-V6*RynQ^pkReBKor%YSyGHRe)CWl*12~2kN96C2p!a2hmM62!eUv{8f78e-
z)`?Ikjbw*Dez`*%yyhPWjr}QP`2YO_1~7nAnd-Ka2GBK`;150iWasSq3UJ`V6VW0)
z7tq0DIUDT4eF3)megjn{f!)h>|GR(gwU6dgHvz)iYwIpCx&|y`+;K_5#1>(_N5&vTZkS9
zjNWn{`k})e8h%%dT)FJ7C9q1dhxSpFx?wsc|rg1mQO#C@zWcsUXf*-E87#g2aNyc`(v_3l@
zllXA?D{HPElS(RFwS2ju1p{z>?*K!42p&Zf)LX6%vgQ8Yt^*TU65Q&$ugYez!EHhZ
zPnf`0?8(=7u<`K@Q9v}GCq#<7H+fPIrXXH-pb+aB-CKf02t6*)y93e%Kr+^r(b@R@
z<>Au%{KT~Zg*$`Om!4!4ee7cyX|5rB8KotkU4Kdn%d%{GMD*hfElvKs>)>PYt(egH
z3DKsN;BgUF=TE`b$?b{yb&{&BZ=*joxA+iGAm?=kd4M8YAOajF*4vqN2k-(A8Wt=->5>pwu;}gvX%G-;X=#v9Unuh=|`r{88ld&+hW1Kuwz15*8PovNS&G1koBL%P)5+kn>qv^e~GB?XkNDf_zb
z(s@EZ<+j-VKl=Rvx#pk?JzH|>*4i(YL*f&I*24>M%=fB!?;OeX@MDN383O!Tc2ySd
zzFoZM_&kH^NQY?7}slkQ!=fY@ZRXw{Bt<4e{~1q3;Hz@~rP;$m;(*^&#_WtaAcPz`UfYE(D*PjstmN(ln;S8-;m@SrTsPB7
z4ib;Jtn~hP9j_Wwa`p=<#h6uCXkBu}TH7RY>>@nsc^`10k={PNbFZwTrzxGYeYwSM
zjLNY2%z33x^tkeNz|Gkc4hHg;uDX;l&u)@b9Wvt
zlXy+c@A2m3#vqsOV{hX))7sirtW>S%2_IOowi7pYyFD(e-Ry$qE$AA)$!Z93+N}j%
z3MAm0D9@`a&
z=4sNqF2nuHrS|7I4^)iSx-D6+_^q$8;tD>rpC$uo{;8n-39b-2{yW^R2#Z8ThR=lg
z%RrPM>|ulMY(4kJ9|;qa{+;$HFRFR7)nm`QYux?$W?xh9y8xb}WeV%YQcNz(5BcZW
zle9UeZ!L5~PL}Q(T#hd>o5N3WW2h8DY?hjl6w@^Q<{a;5Ns`9>L5h<}v_h%z=<>MOEzxssAQ82PGaI8
zTQX#SK6rSk7Cqi}DPT1mksk0g>W)K|op|^XjM-Azpb#A+i`V^Ci*`y)WpAvUDMQ%3
zFo|8F(BaZ{(G2V}MiXXE4YH-U)}Y(&49mp00goKMwE1vuIQ4~q$Mcw{M5p=dHZ}-Y
zDg{#*sutYh$8qNAy@@J5x)lZp=Lb`fviO6Gx5=X^D=2uh0ll2t*)~VzR0w1BJwkcm
zM4=Z43#sSzM)Mp4yqZp%=2wlHdy>*=907%yzbo9XJa+#!;!%6^XK9#!uv4wJlUFGn
zeWIA%Ve=`o3!PMaFLZ(STJoBX4K2Ods;3U%b-Z=()W5sECk11*cN(8gonQ)Dovk;I
zNIZCr+!J$9MUS_puIyV}Vs|`5|{ZhRTzwa(}Gv
zx9H$ex5%8TXRmsJ-`nw>t^Hrh8$*yv3fp`ML6q(Nq>dxeKQZ-&
zm=f+4j<{jZ3_|Yq7n&k;bu>RN>=(c5pg=tTnwcj;r_BGU$=fUhH_U{#e%xvd65L8Fch^41caI_YtB1!=FFb5yEG!r(1z
zDW2(sl3?nQY;%s$&m}#rjpSrVV;?2wBo)UcK>d2n<3yG`8RMCEMtUx>na16tOS0UP&k1L
z%K!XKegd=NWYaJ3Dg_Z(Y2;ZZ06=%ZXMMq>GMbt5d9bywvc<0E7se3
zDeYD4|DyCvmg=@$oY9%7i95xq6eI{(&N2)XRx2Ub*bXSw$7j4A5VZQGi9@S6I0hz7
z<-%Q~AQPB&-$)I$%?%M#Ppzf~6Zq@4H%vuFho$s`M
zq*TcL>d$*Sx=wY4!|ODCsbAO(#5}QG=zl8J2yR`k{j+h*ycV)_oMXeSXTW5Hw@6bp
z`V22IO(DIdbH%jR&9gvrHs69i{=GH&``)oFTvwKhaqJjD*L&@^IldwQ%5ODLhv#hg
zJH-o61EkOYk+U=4Ia?U<3CJiIH1OQ;ma3@&7+%dU^{Yy^lKzvk^%cT_!37x)yc`^C
zw4d}9f#>Whn8)Gy>zCJO!BoNfo>E`UcbG_ga{%72)vYFN{l2)iFtj}SO)lXN>7K9)^3Wj;#tKpZTF|O+>c^b_%mWDU>Y+6+
zfe4TXkhtKPmvIF$!yK>*J6bWrLW06G@0)4<3()9be1N}QHKDrHMR@h_TT@!sa|z2N
z?OF``?+?n<_dlg&qFP^uz#6SqK2=(%iE%SU8)SC{=V~BNxD96*CLTGqK@*~gkuwO`
zjK#p!Is&Cq+WlS9{xv<t)CdCY|+2xP;so!3BZ6-4(cpV`gtCo)I2|&1~MNS{*!;k(p
zd1hxll(gf2Y|0nAar&l+y2eY$V!*aPU$+(qyFI+uSslt^4(cX}rIHO%*9th8`!6oQ
z!!OWrY?g0MIP;`b-HRMG@dvCf8`J3@r>VZhL(9?6HtiLtQ;{lBB6kj6b3O3@Aawpv
zrj#{%rx`_`4atKHcN}hp+3~;dyx|ng*QV~uW0|HSAEk855YeR
z*5C@vF91hc{n+QyeZFH2ah=MJs6AR|_UPR`!>JNDllMSZ=y<1#bsQGy?`>BsF
zq@DUr@rQ>yac&~`|9MG-AQW|})%l7U`Bthmego42;(DKHT6VhYDxXH=l=%kqBm!Ti
zgF&Q@j)lr16xh(meD3ksg7-SA+T_0?)2m;BN|4Qy+A}|#;0p+uX8YgXWhZP3-^Lym
zsRyY0PlAam#Qaz#!PR=9KJuArn3(Ld{eOqw4<~=xZ@Lq=EC!M!7OSi_hSDUj$fr0~
z;HBbABK{Y)%akmh-WP-NFE{_ZqkNY7JSw&Mi7_4B(|s-Ok}T5S}Nz0qzD2?2z#JW5GePk$8mi;ngghcd-D6nl5NppM8n*
zp&z1{5IxSprY<`=R+V=P8k%KSB|I0mhe98CY&byI6u3&Ov~psz!~prBRrN||hHLDl
zc~|KM465;V+}Ul!96$;yf9ryfZmu@+SV2!d{^O?w{ofS)BrdO4oiBH?HHXw363`?A
zR&~=;4cB6L3+p7@=4v;dG+&Z8E(4L-{5Q8`j}%<{u=qkB+7qEBaq7qUkwl?o?KgDm
zpbU6v!k}3?uh1dN<8ZC?N*rn3AnR-`R{q|-!YHSE0U(q|fBkxH*{3#SM9uRmdHPhsFee1fMVZaYWeV^a2
z6N0xt0ixfD0Lrw##MJ9RrJs6jQ5bJkD1Y%tUx#zYKyn;kDx|j_t#k5&(o-^zQ2(qmf?)BJ`
zASNJbc5D>8qjhCddly^}lFZ>pgN0g?)k7}-g?7N>`Yb%IJKsm_&(Db-|7wX^Sv*-u
zU>Tw8_B++vU?s%60d0g!a_iJgknQ@QeqZ5L_UfDaZr(=Xr-^XN8L;74JPCH^vBQHS
zG3psoKLS=Ur6To*P#vrEr@F2h4g}6gL%>Z|UcV1F$ff_3g~O`)M0IB3s|NomiGZ4Y
zzcBNC;E(+AiCv!1m&x}<;sU1IuV$Ma#r`l_{{6XmyYdnE#VH=usq|SXwq)fkYE;}`
zyyEy&nAM^PsRIbX<=tiehTMr!tVyYONO?Txg`L>~6Gx$<(ph@33*&eb%9?aZAzLwb
z4IrT>m#?do$tUv(avks+hl+`Borc8i9^=uxj82wV$19krcHHMhV&p%q^k{Uyk&GW^
z(3|))Ok6NRL!WndbI|gN_xtnpcgmSh3o4rqesgx%0VR9?2V0xPRe9-qtC{Axnc*Mr
zGzN%wg>7Hku6P&v?}f0R0c~$i$b-yC4Vt)YAh-AD((STh*ly1W_-LTuctx-Cf#YQY
zFV^v-TfIT0&XrMQhstL#`tD3Nbb>uVd@L7cDL}nXV!OR7VMMDr!)A4_tzq+V&eEB=
z{R$EG1~7zJ0FNx+nd&0c_OUmdnwCb=9{Ek`t8xqL-}}A?9E2a~H`q#)vczs8QyNnQ
z5MHrwgmBsNr-V$?2=REfOkL4B&jSQ36Xxu?>A8g(h;CYvP>+wu(`O*O_(n_Z|5LMq
z;x(uhJ}!|oD`Q4}!i1pynM3+ZA4~c997CTB(;>Ec3gr
z5dc%a9ttzS(P}EJStsM;DvcP}Q7<(3^rwVBG_fFu$fA9llFXpoiippNs&L%e(mASB
zx9RtQg}TkgIqGb)E2`;(K!ChOqQxLJcAc2?#0tAbkED25$sMV{z1y|8dfc4Tp#oI)
zXkkcLw#qO%9O!oY9&S#U+Jd6K8t5xXigP7!;z%H3708&qoGQPP$V9
z?DK|i-}#$rbSb{*Np^F2U^+IH$*KDddI*?c&As=Sm0CXW`QCgXp#?qE{rHyGV5Q`M
z7TOR7-2hF24S<=9z$}IIUqs+eJDaO%#+?5Ahat`NDHBpO*0{nkcOS$RWqjhV=b(m{d&y`wLsKl&bh7jWGy$oJy>A9(gYHGxY9;C
z-pF37(e1@{mFfdq3Y^6^$wumO1Pb8BG&?D9;Ql>@neVV_(2{OGT1Q(o9T{MBS}j#%
zu~Nm)USR<@`!nWW=Y3Ow+ndp$>#cvh=+q1=Y~thY0$mJ_Cn4v74`^>Dv`3?10^il87}5k~Se*vT
z8EM{s=Sk>K4ZIherfbG7sQ(zP#Dv_V&Yal=u*@>=A+7Xp?FC
zXFKZMX&mM2&cM;dIi0p3jS)AzDn)t?>|mJa_)6^ySd|$<-qwPDov5;5yNo07Cv64(
zb8JJ1@FEU~#lO>0n7qqG3Bme(HciEMLFxzCIW!Ym{LUP73Ack5tUL|F6M{kS>#f}-
zoUf9vfoBl8Y~UCY5m)$D12cu>o8Fvh=0RS~Fx;5en8&*pcJk06tzYHRz$eGn?Sjo8
z`9#lpO1hNUReQ6i_
z^P*jNj)ybRVoasjN|39l*e=CfBa+0)NkTI`|J=8gKWnVcYXS8%SJNRs!4X$ErHIVg
zT!$3iqI)=B_6q`dt`7!dz&c!|?M3tDX^>Y)H%;B)KK2?2)~0!O{YFL{!le2MfC1}SEvRCFh!
zH}MQk(b%H!cF+PN=mykWS!~D66Ktw}T@!)^o8>oSMVg(tbv!heNM^`A#$mW`BKx-v
zhx*iOolela<}0^qA|(ETXM*qUApXkI!F9AgS8ZF7R+;k=}s5-X*AYNQ#;UZ~NTQ
z{(u2=sGyr|6?<|iunhT`mhePC`d{VxRbpxl%kClT08&tRvhTKI3eW4iRPIvSYv;W>
zHlx8vIM&vmOAS5X^FRoRflg|ltO+y2I0M}2H!960U+cJ`vKBj^T;rl_4Uq
zL2f@I
zGi;Ze{nt!7O(8@z2g!vWslrL|Z4D&2Rb0;&yoDF7xZ1R`OE5%+1kdN
z#^-e?r+~1M7g`2f9^L?dPx(=Bl>72fB?eG32glQI(4&i8bVfP#=lD2F{QxJ0A2*V}
zgqk-se@K^Y?m2so3`v%Ik+KNUE)?s>ZBwJy4oPz)DUl2|mCg3`A5F=UA;5QC1cJ3Z
z_o&;sxR!RXW9VTyR`+`bM$B4Docl^_O9n(@#6OsnIzhJ1=BzpW+k4b;X3C@sVMiB*
zO3U}S|7KG?Zw@ztCyovgw!0c^CcrR2HrIvZjAA7ZBBHp*IpKub}WAmj}*8XQep56mP{A
zJua6bg2W>a6n~ti3x3TDDFYSjC5>-I4f;xddV9hqR*-^^W?Ao*S>?+xcmLzC=M#&xBX34b1ljJoIGkOa2S;1n?Swto?$s
zH3xJ9j0(_*AYYCiq^I)ina3TuOG={)(+~Qvis&0pT*;`iQj?a85k~hmuKae?+AsyXxJ?<
z_%6P`7c`h9-s}+SDq(~FM<=C1^!PM{g2hdmxnX87j+2_rbRd9%_n6GJm*czIHIb_K
zXAmg)l)>0IB5+*zE=Xr5f`tD8Nil0%_GU%$v^}ou0r_$Qm{P&7;o5FJAJ}m8FK>WW
zxDk*JWtXk5^qZWerPy`-@lKtTwy5B+Vj?xEcEUBdTcOUA|8mo7Iu|bOZUq)1aE<b-6)f$;!CI_wE!RID-lyW#C<@W8HJ?Q2QwREe
zRn_3QByrtxYXYVGR-h;0*l2V)dp3Pa?ECsg=Zu$XA4B!B<)Uw2{Vk@)3!B
zBhJxHGymx2)vS@f8gd2E4Kb-9byoDjWY0Zbq
z3~WQYe>~-v!Ajmy+;P{n*?2&+j16=e?e}$jxnKXBH~l5)9u2efkE!zKqxdDApcj=>
zwAN-p1L}?xz!NJdNk#dTa+-nPNSRP48(+?lKEOc1I~EnOT58EY(NoG4Bz2$K?FHd)={_*Xv+76
z@Jpt{f$Z+XrKWR#25s>c$#AndV~}0>>ZkkAh*y02kus7KpX^An_SsB97lWh2q|*=*
zQx*T<)qOp0Hn3kLz3u(H#%c=+==ak0b3lq_0En3%8jMS2&a15Lbb4j!>=qmy9_+e2
zXEI>gbq@MJG6Yfn&8l>?hb!%+nJy~MX1sqT%w4zCQ!(3&{rEtfo-#S^VQqV{;BfM6
zf8N_@IyTL|sc`7HrqtzE<7KloB~(7{P1(h)F=5huiA+gOp(}7oaLlCeI8|GB)(3Kz
zhB#KZYcp^&1ziwzI}(BdQqOI&0|miHJuD2KVjotmkS&$?KHOBk`|lElTyfQz+2eyzUDSXJTAOhg*U)S5XUK9&01K
zada?6_JoR>1v1MIUE{fx&t$9Svs~|sJ{rw|c~%6Vdu*2jtf#M)OTJLQYrQIzm#}6t
zxNfwIR;Z#xVD|@1n?*}$w!vK%H?w;R%vOFoOUTj}e%9l;dESdVSm=r-;ZkGWetq{f
zRI%Av3P54$1w@lf*&lTG9$1dLA%)4_oAclYxxk
zkwvo07eVrkQM{X#dnz3%-{|~;fI&fw#hf>=7RQ(xnKHQ#aV);ir0m|ZA;fgh;x63(
znb`o0GQ{+R~)BGo2
zo;uSob@<^>f3Tt5#|c{8-^ZHed;(v1VExO_;@jPzPP6>^R`Wpf+>cq_{CunV{`BO9
ze(bh`xu9``Y$)qiz?>d?BFx6q#_fd?RQdiS-JC3Dr12yUJwoJ${BqVw%*1dMXn-hk
zn6(FX8>OANQHqv(6VFRTtNXW}2v68qr*M&pcn<9T!J^gJ_ekNaM-P-wDWWkp8A!rw
zP?HCfmd^Xr#%IZc`dib*mlf@gko#`(xhQg-u`0s%G<CmsnTSy!oG
zyfFVG3Unr8s!WBAQE-sj@V)&c8CKC&V;-k^!?S3A1@aFI#PfWPAxoLK4wIK*~u+P{Xg3Q(@rURiL1SBrm!s>ps
zu6MfV521*4I@n&_Oj~i7Ehvza_jP0^qIaV1GTgNJ=uTRd!Q>3N;&WQ&gd+>(8v;W+
z9GbqKaWfh~G?-#537MzugSh)+8)vgG1k*czZXC+QmCOy!9tV(Qa_jpnQDTf5;Kay#
zOS+dkiV2UM-ig^Q49^m%t3X>t**>FDwLVGm3B&jZnUcU8c{lnq0467f?@g6n0i7`y
zsUxEL2=T=~AYEGITr!=yZPL2P1Bk1+_GgB4
z=KhaHyHVxP(s?&9R4(+MxL7UoGy9+;5**?vAbH0c|ZVS#Kv$dJg8BMVjT1
zjq`u*4O8ayk@fTaa4Z?6e%Zdt>i1;4PvuA8*2!a4F*D28YOfHsKB$#Qh*WK|m8^h$z>}fPfb>K)#G({lSlE#z!n72pa9vt1I6XLf)@-JlCAnNBbY}raqO9IA3NZU$IeX&{r$$8_Q
z6oZfWYTYefZcZzWh!??rOeAVs$_5yPGACMTypx_NM}v;Oo~eAJq9I_sZNo}SGjZ+-^B7Zg%k>$iDKLs^L@D0-=(jP
zrJF+j%L_1-s@SDJnxuoKR)3zU%@Z*gOgz~*xUK!5;1gi9LtyvhpF=AKKeUj9U*^yB
z=^+{*36=89ANFXso7Wz`N%m>L!0;wXub^n?>pc-j_HoBp+`zo}V49J8g8g&dRh$8u
zeZtZa-Y6c*_Cz7Q0!23@w)YFa=Q0Z)M`?sQ^P2GUI=fNGYLA}uFju4K@!xMvtfuvc
z%s**t&b6<8THXnXM={}YE;M=t_}=dw-E}$lT)LyZiij&1g?#L#2`BxdV3$^Ydrl(o
z?%2LpQnkuKSG&bd#;#uzl8mUv97~$We0PgeXl_21_4pbU+iQ8u<@PoiyWBFkC#m3t
zBAXtcOx{v**u+wlUA(FS5~JvGGPczF(oeSI01oN;wY9@6#x7ui88eh25L&OAlX)(m
z$x2^M(nvFtsWf5e{-URPRyl4fg-y3FzQXx)%6Yeo?h<%)5|MU+oNwAaju;+wEP5$}|
zgRv-695?^G_pN_Zkb+E`lG?joG$P8kf7NYP%PnI#WRHKC696yNdUQ;$XcOQedH8u!
z8haU>R*12X-Y?#(<%2ot&8woErZkw`hC`^43{*p`fOSuytY5P(9G!~^%S4bHH-=XC
zUb_Y2xs4;eyJn6-U$ZO3K=9(I#g6PfOhd2{7$01T3y9)HCA6Y)#jhovjb=BwrFrUSy{*1~4zBV#jQyqyw2|&f5%}3sS*fk#}9jEj~5}
zt5jmIwdO{tpD>8k{AydE7&)s3`u6TKEvn%IusNVPYQ>Z}pu`Wn$*G5+cWD+*{KK9R
z%{+vOSbD>hNjxz${&tn8H65Bx4WmYzX)|3s*GFY0ECfPJcVPF$KH+_~oj3pY<
zXB#nWU
zr(*%%OX(@2hDs}+*Qo(|H7w6~9PgekcZ5Y1tOUNg$4vZGMM!9*Ynv=+^|BLnhk_ri
zcTA2TRlctef9O3=Lrsp5OugynKxrd+FlRQ4r>CGA6d7=ne;OpJ+w`Vt(9wga+GR=IYAR|R6x7Tq0_@`i=gtU;888hJ|%8jg?;qyvT
zbUhcEDfLeVl}+Hz?bG&}3FRnIOUy%G;h$fDt=stk@K0oQav_~<@D!`^y6~b9joN8?
znAnTy#jkFTtbkcsv=L__vmmg77wxK0%a1_W6DedWY~k?P&*-v`xy46F!TWUVsUNZZ
z%HZQ}dZN+&xJ1D)IJ%O}^$bNK7I38mwTd*El$Lg}geOz2EVqp>gaI`y0BO()q=u~-Xh
zxk2>@>AX7$ax&z~yj-ygzE`6y*jetkx6{LZT?&d#8qP9Jbt^a7u1!Bn<3;kmVbY
z9>N93S{Sb#t(k(EsjqYdUj_GXDO*f;8a#`GIJA8&DYshlUwz@OwpbIs1*>wA|J7Uw
z3>+a9yM+<_iZ$|oGm~YMvbpjC{Ee`vX1I$3P$}~_ssI3mWM-`@|G_{R#GFs_4R^BPCT+c00;cU?h=RexjKXT
zr3~BCQ;GH}MQh9Ie%Oz=DyNQfRnYKH?rI7o$D{VG^CyW6)8XgzyZ>~
z#$#v+*4tJ!Q8vfcOqq>{&L_mFK0HK_h=~QQ%V#x)Lq1YnPm&&CvncpvO7*iZ6Uvd1
zBY(INAP0VHp2tYIp~hWZ=m(DJ)74^$FsAmQ79$qMCEOVA+e=?CbXl1|y;2A==}md<
z_+S|#9um8BRq>G_gN
zzK}xg2hTG+d(&`rZT{XvIi*jFC`#k({m_SmK8!OA-@#lH6`z=(?fz^B0}@aq_OK
zId$I^)$i?B^qM^+BgbrwHe3&91!0$#JAx9-PvV$hGHP$Q8@{sP{w9byoA-`0pPdf?
z3tX``?!mi+7Y9BK*klmpG|YG-qnKuLDYRIXh_vRr6ZC{9)|?*msp7_?1}U8JUhfR{
zrqcUfDphDhralmhSqXObe+bWL_eZ8C242~wZW+}dIr&a;g(|S4oVn2g-zm!IY6=Q6gS+kN=e(hBwO9TL%K*E#oA&1m%CYqVT{aT^W7#!Tzl>#X=|Ho?`eLMPVp>|)e?loz!)+{
z(~Nh93%hI(@Q$v;pIf=2+C70Jm#->KsPrNgsRa*Ya?<;*8uXr8UAOs~^YcQcW(A`S
zVv(#<5E7?1U4>|M{FwGNLUuJqg3zMb+F~ndnZVD=L+;s9qD(Xr$@AI@z{GOsAo$)P%I4Vw5%D;~KO53+
z4E0!h!0ESDSwIWK*AJICaCfW9n}Z(zOoLhOr{R+3?>G-nG(A&H`|VmKdXZlpVX<7A
z=Llua_%L0{KW++~fYnkrdO_PM3l7s%Zld}{57-U3K9sZ5tW69<-h8{bSXJe6B(!@X
zlJ;6dy^%N^B)jL3)*%YCatwi&RA1k;PH$lHLXzvJs~iQVxr+*jE^{1w4zDk41xCNHEp~>tf|XVl~#*!k2u1AzAySKOP}CF
zB~s5RzL6`N%QkthvgD?HjqZy)3t7n2g!^0hEbf}TeCkwTi4%${U{j{
zEgwhX1$PJ$4+}iH=tu3jHKgAIn-o2ZG(6)
zV}Xhgdq1Ga9aC6WyM3tofIk!k)jv7+xr0^6uQ@FXK2)xKf#5>>nbmjdGz=#dX_vBA%^r7wRa)mh;!Rx&dOqcGLaz5%3(a?i
zNLS}~&wJ)SykS6Zzetc=Dd;S=Gx;@%iIB7zmnP7$5`zhSQP
z;F6^cHB;o5owVA%$J-71HH2|{`gBt$-$5|DlzmuMu`>(cK>PX*%-D%2xhO=sTwev#
z7|Ie=6G`f&e#}?Ch+ERTrF=Hp3Zc4SE#h;C?PP#9^oX8tBtOEo@dR~z!#&{+uNWx5
z>@sDBwsjt9#NZCwqY#H7v-sLz!1^RVaDQV~a)Z8*;;?RmCs!M7#9M*oT8nlHLqs=$
zC>rD*ap#lz_|56+Z{uHysy2PR+NtO|%Os`qzMh!AYyJLfq@PvuxsdTbUED=6re?a3
z{NF}h31Z%#S{6thZcyIXT?Qs^obKSDi-Yf-phxrec!)$}{A74>9@7L_*PlFSoFAB-gk41jp1C36i2#GM5oTKSGLf??=9D-2}
zR9%%G4nNk{<$y;7GTo6B`c}x(int+m*6gt@wqBE$iP$k`)86Kzrf5S-8gqdGMn#x*
zk3gxx0HCt+fY#c2Sxi{pW+9aHQ?g6xk}|8?HTifUG@i3?EetG(gP1S-YqkYW*s4IL
zk~Gu=lEJ2sFa8{(b{m(HIWku#&LeimF=?}Mj_y%Ofr_JeCEaJjdg3?}
ze+!I`R5?C=?__LC3w9tl?Fv&}mN5nxVHtNMN9pO#Q}kH7-u6?1j$DO>sSGCIa%=gL
zPS*hQ+6uFx$?n;UP9lE~Ixs+LyVQ_n04#;bqHQpG55%0AtEt@uL~GVfE2XR0i4ELHyHi;aKcA=lMwoST{6%_{@^ONj;2Sn{CXt~1|p(gr1<#d+K}
z!S_`jNAHhxEP@hHdaMY?Tl*FD^%U6lq=rsp_6f(bbtuBOsN=2*yzAteK^e<%VHd16
zuM%Z6QY_ofb|>t4k0N6qVEj8VOu|CD!H$6Au;?R3=328Z*(4KyWWbIvOm-_w**wYu
zSqljZNr|DIYS5uF$8?|Bo^0}gjbZaYz+c^l1rvTd%Dz2Ap%huJD%jH
zdVk9iB+G}XL6U#}edd*GbH1urv69Qs9cx
zb>3z5yz8LPnJ##T;}8OnzMazex$`C{-29vfXx6?yoS!9<1Dl}J0A$^UNn5XlM
zh>bo44}cJH(d;qKUOlh81o%RvqsfuIn5dUS16JW{Td(T(G;1;~o4Pitk=az{Ju$*7
zp9Z)umF88kI$jP58=BBF^;VMksSx&RXFcA)2u5d;u<3mptk=_QOvpQ;QDrkhpSY<9&M;wmKfhYg8#@R&-iH>#7@SEb_>Sx-QS@()
z3%-q8*(#JyRHiOzh{%3(9{>x=Fy|;z61KlNdfi@5!lt}Cu3vvB^J>@)qXK8%ALoBL
z_%C`m%ja6RT(LjMUyyN;CJi7hE@fy1tLt4PpXy@{H-$sf}<^C|X75@dm`O5|-nBy3eEoZY6
zNhrRl8&vE?;0k%)`@6Dt8utGEWioR+b;}H+A*KjC7K~$i6-6-pf}aa)1us%NtM#a;hB*57*Oz1LRFSR4MCwK>VF5;lxuyyvhO>u4e=%zN
zcLjo?(BBMP54`jyxVxXzS{+DwGqV0WKL449hOD_}exv33W;_u(`OtwVM9W-(}A9DafF^O4`>L=U1R|I?SSCZXcLQd4Tx@660q34NAKwW
zwPD@F_2V@zR+Fg$5k&~E^|gUYfudeDbIk9G+;B>FIqQdMH-$fM06zjS3?>(k11fl&
zuU)?9C@>=p6INL+Jg%fRl_QRn$$tK}bG~?prE>qTY_yfjMP|aCaSMIMQkp29<1C_RA8SqKwSB4OjO4x?E1hFZq!H7@pPR_vgDBWlv*&xc(dpRT>Uv0v^X6r$mBc
zoLDk3pl*5-U*3Vq9eJDS9f7dwZxo|LJF{KaQkrcd>n$UB{DWZh3!8md#p$-IP>+sZ
z9GmIroylOiBO(<@MYpo$9%{uoM{ZfRW}6
zn8qZ%4$=$&)w<#N-{#?e?qOz~3+~JXSUjPS$j7^_##lrL9sL`###DNVg=?JmE}8*(
zxhu?X^7Dc$)RR%Pyz1ig^TVwlf}u(B-L=0hW1Q}%7%h6u4OJp1gI|U6CVEhJ_dB1d
zoe))`&JMx~*sj5g-cfxpfbvBC3EOS9Ak9dg5tCk5$PF?zu0_TEiHg8`MV(bn(Q`-Sc1F2Stl=__Ya;b(UbxvAV@UCV1*Aq?iDWXjuP(uw3xLpO$kW|Jw_
zWB+0z2J=_F06=cp3zL0+WHa)w8z;edkSQLT>+tP}BJY*WUvn;i9<1B!5m>6%{EAH~
zw-5Goi_Jt5T#{%eF{v`Cx#w`m;4anSGU|{|gs`)j^jKdy19dG1uboj**T#1Q65;x&
zll-Wa{XHU=i*wX0@eq^)APxL!Ce!ZauxhX)Xw2t~^(WiaMf%)h0XR08TzMepMaQmZ
zN$PBEgm>Vkn?IDncDqdwm2a@^-B-|4WSie1MXE4ewu8%C%Jw@vx?cBwy#<(IsdvXwQ7c
z_$dFP$NZ}I#UvPh#X86@XPZO*Fv|vVq|^xaR3IDiOz6yXp
zJ~BS#WYqLG%C($rQMWXLy^s&vx`L9#F_ws|yUeUyg2iww-fNQm+Bjy_4cFs+e)qJ>
zjgPYK9xTN2BF6lU3aJw%GQFDlKH_{*Wn$da8#?KUv4EvH5b1(}H__g=Gke9;3+-?A
zxGgqso^N{Gast=g`~lnpXb1+2Ub9y_U>}#+ZiwviIw;u{vquP8)e28@7Z*?K
zxCE?%yZ4J-mR82HuK(}b$KO8`BGJgQ;Q~1Gt!ViO&lnrDuPIK#mM)GiyzGvDrAE$N
zteu3{5kaB|r6mo3`4c-C_uFS$Kc*^)W-eZH3aA%^?BJjOcoWHR?7i_;<95<=KEkzc
z@`
zz|$?;c!1Cib)k^wE>EtbHlR&!pYU-)cP8n~6HD7pK*reC)_fRNq-cs`V>I_PV0jA=p=YwnwJb42_Hc)Q;GpI
zrk(SH^>0wd$pgckqn9AGM4w{Pt6AO>>ZM?&(#2frf|-e>$#GpDcYD5yYii`w{4WjQ
z;%K`c1)daCe(1IA2yP*)c6R2SQ$$iC%LC9W`1{ztrxs)TrH>uAt
z`6q^$Tfnd*F8XMEttpsLHOVaN-;=VhQLpLqzJZBW=njr9#C2#XmPV%`ovb8HB{xn-
zDGYWC5I~R1OO4^6ASspiF{o9dqObNSN9~MOJa7gR#SSaL&@W2^f9YVb1Fl{r8qS(|
zFT&reCZ`crOq*D`AW|LEwqOzCZzoQ#=5-XcF7Bq;j~+=L2>lSwAY
zdQ}LIuhYL0UDqoblm@&0N*(;xI^d4+lSBG=*)QqoUR7t6hhmK;FHUdj++h|Ut~~&m
zx5m7Q^ZK=Dkz_VT;vf5dVdw!fNW00eSOF&ndLMm05-+qo_&8^v#O#(VTMVDgTtwF;
z9Uk;bR|`}a7LaA6Su%k6p)o2}o_t?{Rai8$shR~7QMuLDEhR#{t{p~8Fqr%i{7B(c
zsu}|20Sv-4DUee{XRjf2=r8<^?7c07PA
zgV2;I1zH{(gjzmq8y3WP*|p9y`Zfkvj^9w3Si{L9i}I;f>Ijlx0_>o^L8E_YDKZZ&
zm*LWu3{WYk=YA@3Ej73;bM|wt6Z%i=?iJDTO9MTp!Xmqot2^0S0>P<^2lTP|!nAW~bD|Toquit5QbPEceLTo$7(l>di)AjhAnwKw9Vw1$P
zV#~l4aj;y;LjJDZNnJUAC#3+pzUajo!@u|;e$KFkn@9#)Yk*h18A+@a5U9ZIiKRlh
zD@)^$eqM#tWAH2C|6}hxqpDh#woySq5Ca*MAYqXtNd{3_1SJU~h-6TLAUQ`#A|glz
zksOsAB!h^ck$Bk?-?#L6WDZ$EU{wl%B|J-NmxULI8sl^`eHYs`~0
z8*Hbu-GVf=?+@)GxpVva>DUi-TXA~1UCnfh(h2I5of^XU^)(X`%r=y`6%
z9J|^#DO$7;L&m)T*{~G7+MqC(NmIqIMdV*Qw8a#IH$N<7?@GL!H{ucxK^YA^2zUmT
zpwrKm`_3Y}SWaFp<(<76&MZyO<@ogyPfX`Rx_c*+GeyZ*h7L-*S2+;m_ru6I5qPP_W$
z3d(WmBRxvltZMm-&6^n=EU0wAwaeuvt5{r}REwC2Eu`C3VK@A?AJAl)n7Y|6UYMG9
zA{f{@3`8Bt!Z@&IXM2}eQRkdJaHPiYM6X8nRvsxtv5n7W*L*a>EM-obOYhn^%YomV
z7fly!FfF?@G&SIS_ueVfP5C%A?gGOGyS;?VmHc<(UgxsmH_PvA*0z}69aOwdZnED=
zm!T{3gX=B3wi;l+2#S6q%pJm4^=r8J%{#fLrSvcf#qKP2jz#gh<(T!)JowT1TA%BM
zLO9LOy|t75oVs;E9Aav36~8}^Z)m7C{19kgsc^N9&uoYpzgeKZ^&JqBAqV>%-;w!(
z%{=D%8CJLEx6V~rQG72njRkZkB~wi1Fs4q5uWtD=V-IqF5t2y*Sc`#|B0EU$dp*kA
zYwD3Y=Mo31)v)!&H?EjV6oDoxN~1)OhjW{B8{M=1`h={VHiZlbHG2K92wADhUCApH&1a+iZ6f50x1QV&yQl|6XO*X=L-SK4$6r*5W?3FXt?#K2
zct3i7+4sg>@fxKN+{{v4fKq;U!)G&>UqV9Nb2G4lzC*FnV4i?4CwXbh*9E`XZn;~S
zee5aM{+Ri|ZUfK#4ja2O6s7%vqEIRIQD?Z&pipdwX}eOo_g(yQ&DFBU6O6LxbSArdSOh0B(pm`rYiQ&S^zDZ_-BLZgvRaP;lI9A9e#eToy$`yN
z;S{1h1+PA#o@B6vQ)Z1CWUdxiQ7c#Mhz#d(t8vi!X>Egb{c4~0<&^TvjY-35U2mk5
zpJ2gv@tw6-Og11KG~3w?io2GnVU8uSF!;7$g61AOsK!!>L!hab&iUpry1)ue!gFPw
z5LJ`aOlAR@cL76+2_PFoe$Z54dxAJmyUw!m7j{OGvA5%d6=WEiO`T{^F;f~}P5MC)Vy*JR4O>(^Ric0A<05~Zlz
z8rQySg?i>DfCq7?AAN6Y!;G08bWYscgwZ~F_3Jl`jNYUQ&H^e{*j_=!XD^X4jniO3
z(_s5q_4C9@W{(GD`^XGz`E%u!6h?#!tY#-wya-sBQL3gxCsBh+$=8ceq+z!fwoNZx
za{YEZol6JXjb2;Jf=1hSJyZG7ew1WU7{7+xyq~DLWzL(aR&1
zr7uSpjkWYWdL}X5)}Yz*bmA4(WkaN#Rhy{1m$ti=lt@R}g&8BBAtHHwbz}IUEm~gs
zit{qh@mnT2udgI7Q;7w9rpdCGUX_buU^iu3+8AyWlzt)gk`}f@M0`wPygz>PCS0#9
zC_N%Jyy<0d4N24W*_?Xvf!QRrpI_Qyv4a*B8x)(D`n2CntR{@stC$kXd-V)iw6q`A
zv#g&z{VT(o!FBO;L|&k5e-eo^TT5wj+p8N1)wkYQJb_}$8+xzf-dvx&Uw~N=!d^h0
zP<7&6N$eI%mzDs(d2au05U>D`3SYASK>2oG4%Io8ysOgL=Y|tKSlndDM9xK!>lT}^
zs;mBTSLKaRfkf=0CM9k8Y2{DCvc2_zBBxOc3hG0)KOzZ%6{v+uH>>Ria|}`I$h#1Z
zxEyaj?VSkqY+vN0?YO@56eipaV(!=vbf}VQ*7;BjZyL=rve~lx=qj|d-D2p5-r|N3
z=qtRFTC3cKcMU``a0Ek`n#j?LwPZ_oEYi1
zm{++ydIcndX=<~Cf(D@EP)duGhM3sO97#KE?yN2r6AlzF&}Q*1XXUQ`G>s+>E5Tu~
z-k!dl{Ko0qy!`ZDYC<1D;l>|yQVUJdvydEtJ7G`qXiktAyx?O-W!Jkp-OCnhQD*DI
zZH~YYcBU~`cdFNa^)lqToBg678K0osQ=lQEZ@Oib)rBfYdi+q3mrg5}v3>TueN1*L
zEhh(M8^fl@8eaIS)KX(utEh7dG;L+fqt24iB(o*S#JlL0^lg7e$169r;RW_=s0z~%
zElnfhus~a&B31_8{$!bD*FOEa&sR!1O%1sPVb%V9{=Q!kYQgymwx}z{$_QyOXKGTy
z2)}V%#P(+qlgIVn0IRv&q;;DxAtJmbXJsp17)fzUN}-9o%x!0nG;H>KI_tF0Wi~W@
z-u;^`v}T-1P=x#oB22BCjvZYnh0?x|m*Rylp|ZxcTzJ#&()7HJ1evuy9o_bRYPxZM
zIn&wR)vGZP&Bc!OV!1
z_|1Cn*%ToU#u`?{bmD6~x6p2e$)BF};)U>*v30+(s8}
z`uqqLCFXMOlp_vlg36YtzfXld1YyrQojen_M+SND2B4fHf_km3-ZacCD(&R+
z>(mb)^S8CW2R-Tebdc*-^{D@WUe%b`6TV>jO+$)WbOv}1UjTHt=dB$bTA$lC{5(+^T`AXO&YPg~IuuOclFk8emC
zL@5$Uw{V$MxWZ#5hcH8#k)5rqpsL&6c{^YtLzUyYOD|lyQ{aAVzHA}8oZLA0N5Zb4
z%&c35X=ir7WoR1OuzrEBUiSI<3b7#p4k+KHPH$^~WJCR+Tt8o8@U5Gt=_<6tHKMMh
zq(imG&Ir6lr^tThk%39^y^j`qy^aBst)wf-dspknR0&ij-qYDWKE#w$FP-^_1$`4~`o&Ad8ro32Qu$5>r_W%Uz+Fh2@8
zbVrq?(|XX2@%r6HAt(9oPj8$pNo{K4BXcARD)rbJoH=m+BO$lgOoj>Jqs1*nu@!eeN;md>saEe?$9m|U5
z(dxa`r)dHmYJPA#ffhdvFR_&cm?x2~oo}Bv7}0|yA}1+);Wd-2IC)wP$IL1FC4H29
z813OrHvv#c|H}RYVbQA6^V=I;1a
z+Ygmb%KJF=R@YukXPa6%B(MU=dg6Iu
z5OM@{n$>qMWks^(4M~0E^kyWYGklQN_Ccd1{ev!=yUz6))<+C&jT99L(YjU?)zRGg
znIGAtwc*CY=ADuuPMNojEmT^`rFv}`$G1(@$YiZ!-J}#!Z{-RUCXZrWc$bd-
zL#N#4=#p!2r*b(r;wlctWkXnx+Z_7dCk
z4Y7#_!l>l+a*H{RenncZr}?at3Nln5ly86EassR$_$Z;X2&gY+w7xKrrk}625bGU-Gu$ElHsUoo1^gFEW^#Wx2nWtzL%N4C|BjTB+JXd
z2cK{Mu1O53;KL+@gA~(GbdMUH6_dnkuKV1y%PX|H9Dqe`BI8!=u^!V_pXRJ_}k+BR}-H?QzgY9
zKmDEmEwj=K*{7fIcWLhzlH}o``PhI6fjYIY>ov)^(1Bv>J8x?OOi}ke(~wB%F_&-i
z{Cf2P7-1)51Xg7UbU(7lTth{F1^(#K8+X&Dw&%3_`O=Xny6zWWPqlYuvPKcByxzJ%
zk=~)pjoY$qd+%y@T}$;x<*?^WC+1C}xB-B5Xw_B!+&@OtML*BGu>P`qcR${7c37%fO3^lLn;m-hArQZUEUm@>)`4UrL&+_^bT$SO
z`lfNU!$JZbvH8RA-%iYVW=b085j$4lL{I6hOu5A0urq(T_-)<7BKeK5cz&)8mtTfV
zFGSST#rb(7Z;l2VccHmdjjQrA3tV@Xy(hHFowqRFy6pxH6zI_w^nX~u8C@&JtwSv;
z?ULt@Q7p$p5h%Zw$LE=|7xO>UP<8n%%kkZ~SpC-h$GtmJT&wTp(+aYq+s&FKF
zm`!VJT#^QmDe`_c??C-Zk$M`AFRyhLpOA$4rG;Td{6R^$)Hq+eUekaTapmcJ~v>$PGNDy$+I$;X5vfha~xIyZGV!-9ySJT
zxGQx-?(fiUZ(VDxZhi@W!|_U(aq(bat+V*sTS4uwf=lK-r_sCoLWj!
z8`EvLPSK{tn0PZ)F)waFPSTWk3E!7G7s%o!x-FJB4S>NJPbhy`pq~YFI(08NoQ%?gtre2zt`U_
zl=KVXyDM%W6N@wBPvT>AY34eMO?d7>07>G$)2?P|k~n6pUi6shTHmcnxZv)ywI&lS
zsX4CNdDQSd5~^o-M;_dm)4qe86mV>~{o~uej%2+}PZhPcbUGCmm6vTrxI(
zhL_tW?@f|snj)Q9%oYCP%NsH|JuT<3@$a+-d?{2JbK84jH^WAOrT$W>Ox&5B>PlOd
zp?PN!dEfF72W9GAL)|v&OVYM`{34E%A9UPE7Pu$`ur|)$=A*RSDwz7r?f!6brv>}#
z>U!O)Qy$4)mW+~qRD)*cCXbiVT&hX>!b?~#x2>FzX8vGx=IRzxpx8p*X685Gw0}a)
zS&a5;y~fbgEZe~g_QzXDL)|qZ&T7AQCO(=b-&iW)%l|D&=!Zs`_`cbo!Gi7^>!bFs
zHwYH3OKR@FspX+A&Q?7}J>TEYcS?>8QYkO%%C8WIFyC1@SQzI2abY5#j~Kq>NHl7W
z$u0P4JV36x@+*6;LDTe36U^W^{xnuC)Fdc_fH7UZdBGs+h_TAG4+rsEEHh-L
zGKo^M>Ea%jOzX+yh)FFkj0uUOQ<06+rOXgsvuYYHGakyXo^*Q6Z*hXi`B_Wjhs3TI
zmZD}u9<(F2EeUi-`xIjCG~LU2*~y%Itu6X#auH_nt>-<>VFDcYPM=L;`347jEJV$)
zX0fp|gZy|1ZhRS)qnG^oeM|R5oPf4cMLa@01Q=h
zLk*|wA
zq~~WCTR*`iLQB4!+FG2R|d{Vb;K84eB(GNIlylu(9NV;4a)rOsK?23
zUOo$gYNN~>s_d3DGI3vVn^9FCb(GnVBu5HiE#qL4sK*a~CbyltKwRB!_bX(~kLSBd
z@F~>C0LWdFii!eC;wMdr0*^XPed~$#j7368d9s-FW-O{FAj?z56qiVt#_wUN>DUxu
z&wY^vr`;C&UIWxoQ!Zq9;i~7#7ne}GeIZcKpJ!K39QXo6S=X+;dgRG~*UYzkOxL?$
zb>`k6tHB1RCwud8HJ;0Ptyo$yN18<={1mm6oKO;>Le5kg*V4E}yhF^|ap(zce?&Bg
zTD;;w^>*o}5_NY|M||hYuEb<}7P+r2=EJ1JBrVT~E9W}8;wsc~*SZlrpn!Ke$6H&7*q0
z7W1C>epf0%YIXlHI-SLVhgJ}+nK~}v80Ow)iwJc6(bJ6SH>y@W)pRqeib*k;HQBA|
zHN~e?S7UZ5@~~}Z$>)Z1v=)-IDM*gUA+^0h*$~r07F0-3+bKbS_z4v>
z7z50}gQH*9g(Y}aFtVZ6!;D}2R1z`9+w=vjZtVA<#h6cyg3K
zz;^hT$Q=59dnruSbBQ(2#)-o+!vnOqlJk{mt?lWe$tIe*>ziWvvkfl4XFw^3IMhDY
zckjH|yHQnbdW?u!+B5t)=eu-k<=)rN1#=``ld#$ia{Y?EPVzO3R7w9V-nQZW9%p@;%Jw3m>RctqqwQ-bL!PCtFi~DXWYHh1+E6_yI}sJ1DD(mXp`vMwlZn9yE(*D8FQv(8IJ4yVKhc
zKk#-X>P}v~W}iey&Y4lY{Yx?ncvu!=-W;xv@HF89zNf$qsGo~txPXBV8+;T~jZ^2D
zj{&*vodg=#;L8%QI9uwbm+#GI0NX1sBfIH8705n@Jx((Tjh2z^nM~DQR~o#}eiPr2xkKaSS#X(Dc~N!!%$8S3T4Rqvcq^We
zqt4MXvbR}#>_xs}*J4b_5p9$z=iXUC&MR))4?lY7HbiZ3@U>c-9
z$CXifV`?do#|QsRp&>Y{S~EAjZw5cFcqQekNWa|}$2iV!oYCUdV0&i*6D2#&dS)xw
zEjb9wl$%GuYeImj0Y1_h7B}9(#lKl}MzEODS{k9Gi>hwwvq4vI+aR_VR3_wMekAxO
zwJNs2XR*m)tLl%&7`EK`@;Njt4ahcgyqY2|mMmJ^K6K!%o{#Fv&wr823zynlN?BlSe-{_wnR*4m3@<4C
zecM5X_dxwjuho+RcixHATVC{rgNbrhexpboKy{VbNBEy=OQx&$w=1OlL|HEbO&jn@N1HXfnn@fQtop$v04O(c_?0
zL0i-264U|J=j5TRt_&4X(sZS;Hf-DOx`Aj;G
z9vRP?=SYjQ_$8OJYZQ|DrvIFEcaIv&4}S3lbUvg+mcKqkc7fKSGw0_K_D_W>+#UV}
z`ieh-m699rdo7>X_UASCrB~US4&SbOO0Bu+1b|NZ_Uh^Sw{`Sygy|}z^R%+)x$TP`
z_q9kmp2?BA`F9(VZmCqhw!iSM+SkN2EJvm^l5Nb7cw$q4Ro93R3_I$Q5l5LdDQ3{#
zrT1{-)*?^BF_4ig0I=CA#3EE7zRq%T1BPEY93oS)@;0jJ6UmicTsE>%3
zkxsjxCDUvdSH!4UaHc#{f{+$3diq?2IK2&^g*YCz!Y>cv#H9C&WDVQS@G06`X2|4}
z5{2DIiv&?!?L9@!F;r%Fob-LeedVukd|IuC^U|}GW5*~9k9|<9IDe^~bhycHhON}%
z>PPog^&D2kU(i?If$F)%nB@M&4Uz@>4Bd13m5%&WKi6mQFX6KpY2|4qUm`noE^TP8
zXQtJ9;hn_bMGq1d&-09Ok7$(P&4dakYKCNp6`Q5vF>=+JbY}uSQNnJjp!ZR!Qe{5_Ka;&xV1~D9&`h5(6(G(d8f-jRqSY9UC-f2Fcst&F
zbXo-EF^2MiLNZw`U$AkPL0@vS?MA!Wo2ls4K}qEH}YlR;gHkCj`Jwu
zNHBTU>p#?Mt7ncI%B8*6D-0AQ^zHZY6#mwzQb-^B-UbIQl}G9zGE?TyZczwgM0~lO
zH=rTy{$rWi=6i1sYFjDIsO39V=nPOxNU&u!IeC?;(uvTwBaVBo`X!@8Rz!I*Crhz<
z<=t9tQR8^MC@!NLrppg`P|9fr6=96#8gckq=0bLR@2^G}4_)V8p8fJs@wK8@`;VAx
zbTkuUdfc)PU}2
zxMo$N#H{(2Z@q!kp!ua!!kDvl=S-$#)kEdafC-ieqPYg|4du6t`vZCVZ!mAHO2rO!
z2b2zG@3P7kWH$s~?G0m8X(R|0=Q(NCyGd<4lAb?LAv0b@QA~z#^7j%pvnWkHn`PSNI+cIDEd4
z1p%7O;s8u~1qzO*{!O+n&%IQjrCiQ)}#zU5#70GJ$4@ReDG8A(%Xdf5hgA35>
zjT~<{C0-MK0N6w1>uM2!K!77%dPd_^8wd^)!7rwN^Ps=Jcp|C!K5zQQ1630`0_~{p
z5XKqf=Fy@kt&5@-B`Je_k8?~0v)#KYpzV^_AaA|e%~(Hb<=7~I+F0#=qxtwlf;WW2
z2b=~8a2g?0jt+Dczha9{_Vkb0s`LQM?k!w3z-~!;Gxr@YK>gK`V>c3SQn&15uid<0
zbV?!~vMv2fgHK&9?~yh-J=o?!VjRIZ7u;sV-lcs}CT%Qsnz~kemQS*byA@mGvO85)
z1UsG3^m$}U4cIMMSy2*N`5-Z$d9kn%JM5cNh%@t5KTd;7Y(}w1*=ZAsf9|f)gWVTRVP;4@_}hHD2!5x_bGM!Mub5uE1uM`-)D_QXac{EM;os)H1B0
zFl4+Vso&Yt`+Kq>D2wW5<&#}Fg;Aq}s0aD|WyI((AnL*OAE^i2eElt!*z3)tQ!Sf?
zje*SV8o%2CzVmROxXfOc>B)-$6n?^9rlhsGv6t{j{YiUAv;jvJK&)E7BYVaa(uVH4
z6GsbG)@q-I5VQy2lv(;Fw8!4h%P*PCtmaBpOKtG)^=7&uS+7@L{Ft|=@*Gvb^|vY{
z!**th=k#CO^HZ(-VXxH$oj&O}H9XCR436Fvr=Q=#%|?l~*YsU$uGbcf&wU6jeQ>ot
zimfqFtVHQ0-$v%ku-kNlP!@T~eN&4YMO|IYi3``5KJO8>n&)dNu}B@*+?fr0LMc)j
zIdQ%ZUM!p@>F-!_qIt3zu}_+hDHpESkRscx&pF&m2(*SO2+-B3GSnqnrtwt}slzto
zEFKVN2O+_4`@JX*`dE2q7T9*s&Qb(-EuE=UI-SRkqU>*u!gL>WRp&$kdvI~^!!Akcv(*>9|dm?i;rsh6KD@tlRRaKd@NjH#?
z8@F#Ed(pB>%OV__}Sfuxj?^L-qec9sGEYSKg_JaGd{o`U#@i&5jBYOTJ1f^e(t
zL3hA#L#f8>$SWhu5x692So??UGxU!$Ps!+<*VgYhMKJO6+*((OXR~H-pA=Wm^T^lK
zEm#`cw!JB&%2`Ckkvl#wUKn~zG+6C5Z~0ptEUh2Tk9-WO9F8|42S#opfGLBmc1jO3
z4`H?XwKWsY{M{2G)-3^1UuN^=UloK%v^7kShyU2&7~NpGnT8~7mYfaG(`L@{!6hL^
zRdSDYabZzo>Y(xAQ-~p_yzKP334q0LEdZhNRjM3f4n=z{?jw~xRzj_J3aDj8M9FODJ$=g(Y
z5o1-IS$#L~p!m@Dd#;In{p)I@4?*5f$)e)*iuRAbdeC~i-lg?guy`QPONrpQJatMq
z(-NAS2ux({ejt%>A>ezWtxn*8r9Ltxo44aNn=%DR%@Ea}-0ddO>2ksKq|K$yZ091Yvgf85Omj+ZM9%43
z3r}^Y>bQqjYSV8_^k?F;=ocsr@>-tqpYAXh+5>f@bE}ti+FPv9`|(Gv&%ZH$kA53*c}hROtT=zY2+@XBG6iar%%{Gm`S`K
ze|wykiGK$(hsZVv%cPJ^psB3c(L@dK)DR6Kv$q+P;_U
z-Jd&g_K9frt;n81*Gbg8-Adk&(dhA+0;}&A#56g0_Wl3^VwJAJ-ZyisiB&T9wv&%O
zp=7&lEFyQnya#5V7H~0v;4E&gdE^L=6d$>>u_W
z;RR#Ai9|$hLbhBW=tsy!e~w50%>{VkeHMeQahb*D!~uFcitzjxWbgbQ!{1sJus177
zbAUfhX}73X5=SPR?Hy?8E#U{RLuf0bkNMXH1Vzk3akF
zT=$Ng<>BMT4-Bj0>e4|;C!0qBZrl+>Jm5)wM>zXb^ApT@o2D1on}5~ebwp)pNQ7|^
zY1UvM19dV12ySn!?P_#D4G8X@xp+?Jjba3+)+%ig^r4(B^06by35GI>j>FXs4f_GFPJnbo^Q
zc)ayE78s7w)_lewN6ui`ms2?Lb9Y75`%%@x0Qcx?W{jQ1m|lN%=bt~ebV)M$j}!-Q
zu%NDlAK~DfAPi%@2J}Y(#1y^Bql0frn~4~Y=dLX!dZ5*xZcIwMhEt?Theh}ole9~fdveOhlr!r5G|RlHC@K??y3a|q;L%cBmC!xLfy6C7_p<1})x
zpZ_MTMtW$bpL;C$F(O6+q_)bJGG0@_fNpTF&{qm4C8J>xF~WjPEm~C1Ju|;bq#EE2
z?wgi4^jq+KhO)IF-WRfdNAbyJdD{I&ta0dsjkjoewpKD*jQ&W5Cv|MNZiRfzPcx|;
ziRPUepY(ZhmeHScPevAqU(c*d)Cob-CZmwlh28aXD6Y^V{E6G*p3hf12IDC>;p(V4u9OSFkyLU2H4MzidsdQ-3LpJtXcM()`u>YQ2W
zg;Mtx1Cr)=O>5lU8}Z`XedhcHwt{qnB*%fF7@}9u_Dhs{U-kf|986h;uvpHBrd%?u
zXE4OfLy)Yhy37F|_IJ6_>Ve`>73@_w9&AVpaCUtsUut4OVPv7v)Y{dnq$EBR<5QouM@8Ho8nSC%Weuc
zjS@-NZtah4?C7?)vkCTY=f-3$#sKZ0n5JKGz4J2j^*Zo0w}ela^^;X;@(H%KgdO+&
zkWe3@jv?f<6TsMRu&^U&>dzUtFS%E4&0oLs^$T&#=0dRi?rGyJE>*w6YsVC*f^Rju
zC#=o3Y@7DqOfzh?l52L;ERn44%S8ycCI?bD!ursjf}6+|vp-AWZhzb$OQc|M(kVj^
z9e~cSgQzLICJ$ZHn^DM($ZsQH`AYciQI_7bxjcYpm-52|f^j_$i5nFfVoKQ$Gu@d_NoD`zc}k
zT|cwacm9D%^fj^Qv-cnvo7@~hQ(~AFo;>SHizob2O6kRu$OuLQ^MP9J1t?63f^sOf
zQu87qUN%F$4Gta5rTIRweY5KOG!n@>C#{!<_y>1>d08J7{gY7w)cUhrA-M-Tc^&jZO4$x>YfvMNI^pr
zQ*l36T6}dpy2xsJL^xMoe1U&!P2$sSju7^n^iPMCypiMuq&oc<*vKOa>4QHHU~IUt
z(b>F^CfnGBB+_+_H&_gF9Un*Xp!6l`^GdK*G;e0<%~reX;yd6p{g)D}TzqaBwq!Qs
z-%R6+45VSy^et5QNR#-=xFF5Bt74#9o>HR0BG=V_dT!9m3s;T$Nw(uM%Vw>3A<0QZ
z=_3hsK4
z+xCyoxeC@k-`sOsBhz`~?mb7BPq4R#4Yy4BV^uduOk&|p%$zyb{N{}!-whhrx%j}U
ztAFB_dWGjTeEQtvyKq?lb=Ku$qVIq&7ZZhhCeI*s&Hz~H1Iq-votP!&4aShu@I;JX
zdko>)4bg_T#LU)eY$kGk$L9WEx-A0FgM{7F?8`@nFdzCt
zr;rs<_xD|Ea|K&P=%A0H3S41Nk{8{GXsv0m|!n~$XTw=x{X7K@NtyH95_g`wR
z8UAL*kuPXTKnB9}8McWB=86)*2{?+{LMZ&^Qgto;QgMIx>CrRUBHX0USffN*TU?%A
zX{f)8F*tADg7FKS*Sy088fA$LGFE1deceq^DIgoL05|T8o5A8cl#)(;w{vGjrP#RJfSc$HF0ljon|&`YDnwU0Nl7oueb3+~;o?4sa3
zM>(TE?}u$L{B5@BS4ZP9SRj+v_A_&Y3*Xg;Vtfqb{H)zzaB+cPNjpmQF6l6h?;-Qu
z=bt|FYuJaSL*)g{f?gfJgmW;VQ_!*xBZbljh9pcDTc7mGUaz@Pc#}Oi?AM&3_Fps@
zl!am01j1`;6{qVkj?Xd(P`z)%4t*3OlE!DugG}e)=Nx>QMF_|sf^$Yl7%qf|pc8{+
zDuXES6HVfeY$;GUH=VyP`O#t;stWAw{cNl~Gq&6wP{?h6T|FrC#gomoPof@?ZOi(T
zr+!nN_MjN=MNssJYYttnu!JEjBDmRAarO#4^a2v>tQ;Iw{+HqW-vv8RFwd;P&gPqi
z!oR7OT9eb`BU~_e3l;hFZp72T#_NpwJ7=CY+~(vIJeUQdPAFsvWXM|l9yf~@5_6E9
zhQ;@?0$4AsHBe3ntNORo9{<9ei6dY(_5jR|(QnrY4|IUoc=-UE{cgV(9A6pK
zSIoY3At#g^46-dXivg3`ABlbJdb!$;o_p^lJKz4
zi_un~+m+5AdgNsovo=)_gOT&
zL4d-@6vT*+-+G9)@rrqQ>yRv5V9=EWShx||AcI9}hbx%d#L!sx#x2QTqCe==i~cw+
zioC$ogb6x^DI4^sP{S}BiUSybkDvAiJkfdnu?C1w98D{XuVP9>+bNBv9sKco_|V*o
z52W!?u^0ygWJ3#6@Ma>(!19{L(DVW<-DsR@b8lG8M)u%M<>7&*LqHtfcSi%H?pig6gnvsB)kg?
zcW9mNgEZ2UjZcDrra|R|kIAzr;$b#pn?x!dQjX6c_eF6~I0ukHq2s_d?ldTzu*c<_
zgopaV@@Ij?uFK1eh9~eN3h>kc{vGb(iTwRYuSYp=t4Z&|7#`=LiVgSK}l3-*Y6qRF5)^$d;hBVO0w)AF%H
zt*~%kAX@l1g&(#<$WfRA6<;!%5ws;kUG|W2B>950@x?sRgP`NBV|V8mLPVkQ-iGAW
z-;;#JPJ!VPR;Iz#aJW5)0&olw5=dJ}wW=K&|0-yET)IVu&k-+nkZ6%&2@?ipAbc7<
zeW(>Kfiy@%_~cbM>Vu{|1_Kv17Wa|`ZBZv=+hu=@`p#f3h{AK&#P)Xq-Z^$
z@%DnB|KY8!C<()*caU#~;btHTpi#^Kwk0UC;L!M|W#EZ7MiucfFx5e#M#(1fm{@0F
zi7U??Y6XIV-EDK$zYp1`r(oc=osTe|fwm;wV}15}*}Z6B9GqAfn1Ned5!xd%l47_1Yux^8
z-2Q9a{&X+@MQi{6L~Du`UcTqbnca&Ax~WACx-gsllvlr;&JGf6e2gV~9z1z>!$q>g
zFzF&YfQ7qO!{E4S*#Jr87_?U8p>2eB=WqQ+23dfHwR|{57`z_fqQr*f`*g09eloAl
z^N8OeVGN1;9`|5fEOhUK0;PQx`6itrDfE+NHza%rn$m{k!saV|dz%@MMI(R(k!#xi
zfmmU3UDtenLk2||_)FQ+(PX^!STvC|%{NS|bn!Ch(
zn8hc*2Z&4X8Ts*8h&dAQC;-H96tB4C3b-l#xq|qgN{>!50Ysv*P`*a=S=Wm&ALW=&
zzi`At=V)^(PN-Cr!BSVXV9hdC7N97tz$+q*hvigA2B=eGU$eKX8;?_G$sxrJ6T$3Ic<_
z9^iEyM8bQwgav-N$OS9nyhgvm5~4M|oEiUDD|87!)a+4@bmq=;m?b(g%Q{j+$s=#D
z!YHvrrQ$@FingRYmH?$cLKkZOj((7*{Ab=4dfz~Lm(!RS**}FUBa&3;i0^aWO--ntXr9&{%|(pEqhCcLVPDP+
zFL)j+Y^-!owPZ%DFt#2uso!CgA`db#{vK;w62&Ag7`>=P)g8+ruj%54O)^XGo3P)!
zl4a_A2>S+K`tjfC0A={gG)WxzF^K|pXZ>eooh%aR4mswYLrR9Og#TLdKXbzqJ%oAx
zP1s0P+D(bK_p!r1o}drTP^A@K8aB9$xsA{XQs-_R`okk$DG)u8S9#Ba#A-Z1dfGn!
zQ?#q7?Ntn`%PB;^INXn3#a107WIpGnhypT2^nKHP6OE_nw@9edd%E}VG?FrqP-iLb
zHJH2${;&va|06?^#TK&3)_gUDM4D6ld5?6GBm8xhE$`F6mK6Em0@Ow&As81HKaiWu
z*}-IeFl)F&0>AAI?hD{;;x1-l;}Lv*i6+ZOZ52kerQn-1
zQI(If$LP>W^YBoWYK*0LUD}GvT&ahQbyF}r(A_1O2vdbTqnoW6X}8p&`xmQlXy%<~
zVEHo{z$3nA<;lJ_LQB%-4+%
zYa1@X6I@_%5anis0Gm^WLB#Ha*Yqi|;m5y)@mdBE
zEg${c_+I>Htil*p%bsi@+Gflm)&&
zG<*3-AqOsjv1U>LGQcvolhu#j@YL)T9+g~Z`yUp*w4-~Jq(kJYk{
z$S^<8QwHle8`!9UKGwM3>VSb+flxv!A|w*v{Kr5Gx5o1Pd9lN?2kec282qE9;wc!5
z&3YFrZiGtGiGxMnaJWeBwF8T6@xP*u60lpoA_GjYj2ik!7Ws2HI#gGN?Ao&Of;`hd
zvdC?iSKX0CZWH`C_zx_yKdoXNvdB-Zih88~kws3#_WzE^Fmc!d1JeigDW};2iNc?2
zhq!4iP@B0dYJadR=oQc#S4-9UXfRESuX%x&{-Y%e(0Mk(JD*9gvS<}wAVbWyVu%k#
zy8)M0_P=5-Sun4CE{
z382=}3MIW{4F8B)n_xPF?V_kKDeH8```_Cxf0mF&)iCU^r%vHL*Z&cI4vMTx4rhq4vY5c&mIR3a
zxP6IiOLJ3R;V85XQx4g0_=iq93bUX_mqO+$8gF_68DQIx>D_;3BeQoVBGy`UdsbNF
zAF$S4*gI>;08>8EY!Lq=YF&Z$coW7R5a+CEj!t?7lJGH)e}BlA(S{(AwN{A)H>~LA
zDlii(OIbq7v=#o^jz~h`4?HykPM%ZhT>L|HFZRw9GQ_M;7w4G&fkl3bW=7lzXKSwY
zDa=8zKt@w0D!(6$g?mdL%#R7RqYfsPEaG5?`tI3W@S47^#&O7VqmO}lhGj7Wd8c2KMhioa
ztzA;-wCHhB%y=i*DTC$==%i@qkeBY$;eFzXW&^?IvYbJDJSI$mJV{3Q{7qV6sdmNV
zfA$9*nHC7A59~mGqyuYLkA6Srt6<*9|T=*;vBN_GnpF#tO
zL%rA$F)E}=^wBE1!;-FU4d5MK=T1EMQGsO`aWuamn~h&7Eb2{OY6KwvG3k1E6kDHF
zBcme5L5I?LHP|+ie*{;?c!#A(0ATp}|1lUACTN;O3^o>VKmLc9&uNb?yFC%7_)(|_t9B9$zV%1x1U3nW8i@C}@Dp@@_xIvWwc>>2pW
zKPLho{z`5|0Hm%!1uk}SgNk68Qy!Xx5`F!h(5kq`f2cCrnLE!p91o0OAg|A>zV8tW|BF4UIhuG#f}!ZaKK
z1L)?A?2~qSbdn&fN!3kW-@ncI8dzxuW?0bwBeo%g*Xu3JIV7&=-g#fN7^o(GH;dt6
zFHbuMPZ72ZSw%b)q8r&t4UF*9@?o0bD&iVU=6d8k(IS{t$N(#-??U0iX9!RiuN(>(
z0lfWZ1pv3ik^~VEs!rS!V)#cqR0VuSW>^lFZe
z{4-NlO4>bGWwX$fe`3mZx5r0=eH$wiPpmAaIWTk{^TKPOX1I5j@7lTB7oHvQ`gd;$
zCU+hja3v+;NB*B_D>+Wu0IgM==ii-VXoc~Zb|FMS(9vdt!(mK|CIzdM-Dzk9>@yK4
z+B0KY6JHW(g}`p{-eEtSU<^D?$q2NJ|J
z400Z7d#D@;_ZGxT6+F2LGf9}unHMx3{Wi~De-4K1k9hC92lkt=#q$K81K?3c{}*fT
z9oE#gtq&`LhzKa4^rAEs0TJm{-BP5fC@3W;AT82+jo1+BAib#|C{mhME{Zf~E4+Am+et{P%Cgwute^lCguy(i8wH*_205Ptm;^&G_V4rB+m67Mq75Vd+&6$8EHsD?e!>i#(_)Yr
z{S=sB@Z-4`DjZ;tc6ZozL3i*qH}Fg*5FhZrfNBDOPlG_~n@q^6hyL#=DEPM}@lU`N
zeF7{G1_**d<{j8IrT?X3>t!iOvq{&E0y7%C>1ykTT8BEega6>rCm~eg;E)osC*V1-
zmO;*_p8{xZ^6b^#MT)<~fR#WB9d498wm$cMbn$Ctos03SZwE4jM`9*i6?4I2?&sPa
zkN(RVJ4AHE&7$nJEpYif!=@BzI2dTolU&_D{lKuc)gT2=5(}*H^p+xSxfKW+d(P~V1kAH_j0EF@e$Cm0gs(U
zX~PEQ{Z}-5d5c8L&+^_hdsq2B0tw6P_XVU@Gm8&0
zDQ7NFVg8>?x~2OO_r?BFH;A3as~jU+HqcWF*l_)0)f<78GqCO94OTkP9U>ZaM3att@2CIPh!;
z6pM>#z=YYFcK6>`q&)B!NPtw7JA7c;r2{@9C_#W1JUk7lMKN@_yTkEbiX*`65RAS8
z6>Cwd?$fMbgbz#Ub}fr{&^>i*Km9#IK`_F$$K9`wf<>BlwTNq%FmEpf8x;SZ!EL|@
zU9STJL=QAzGYC>xYhE9GKcsiGO$o3
zR5t%F@;U9v5w{5nDQ#2&t*3yjiy6lYC@I&sx}E=Xb1<;0;LS&Ur9fh=5(|9m_H3+!
z9Vn((zX$#C_MbsJ#l6iN@=0mX7Y11^>B37Q_(FA=#6PN9${irUos$Ap#!G(iv4D+5
zVA%19q2tzry9$rrn(j04;Gt=I&Q7}D070E=vh;QkSaF))wbcGJtiZsOfgy=}HMt-)
zMPvfIBqmOp0z+;ox?lYBEcc-J0=G(e526rX*=q}}7|0_h@$x>VP)vDkCAw=ODG!7I
zB;w8jp7DQCnH^IHE)MB?N!nnT+o}%Z6u=Q!%Dt}a3SAFW!oYo8z8`u6J-ZlqcE8T|
z!^Qyu1mZXmpV#!8Hm>nM6vH0BDW5MCuhmH_O%5H>@J=AFEayS^}ou@DV>4J
zBzb)5B$PLQNqTbtt)TK!h63YHvh&@UjFY70wwfz2AKJU`xl26khMe#Eg6F-y51u!<<{Qdn>gK#xnQvq{Vw0zSKe
z=gSs%0(n-wtDPFzD&ME>9S`ZkNow)`Sbe{1RWu72JMnV+(CLE!DgrKUss{Kvc*FS5
z3dVK;2P2ZK7ET^vxarKKV#)s4V
z*SuOOtP<^!o_Hkuy70~$>EUM;y~gkH-eMSEb1ix6tEWjOZcQl#pYT2_Ub#Vntje*5
zcRs}<@?_0}K0Pv@d2(!SIq}%f9OMO2I6i^jJ
zp`~t5NC9y=3X0P?uh@7%oHoDH%%py8WQ@Zh#1vm?+Ip0_U0hAUv-8O*d~Em|rLBqR
zTQ7QVaU6T$&bv_&XBzeimuKM7UTf-M=j(v9(Ys*Fe4fy}UqgNSqg`3(n`6c=
z#hT-PYTKQ`=7wb4+DXxUz`#}yY*AMLfUID&bN})JxU1g7Vu%#{d#Rs>_8u(Kj;sS{
z0&RFusGh6W0Ql?GeFln|12@DYsxYXm`bcc@AoEq;3Z>3)7Sl63uJxnhqwC|+Zs$RW
z8m2wJdFkmXp`s?tq?lIQmSD_LoxFj3nGzA-sAmLArU
z^UCWWKl$F5H{!&cqVtM4K3!$5N=~mE3TtIn9AVoVUzLNF=@m0(yn(`{BNZePADAkW
zI&cYD5e*#Vo6u_A0m1-)5q|ye$IAF0ShDY5X^WZEbzsfaNbC@myz*pp9beSLfy$$;_a(9;#a42483`AKFIF&Qx#
z;*j`Mym@J{W%UJAwZ`W1P;-8LC83swfY@@wsKL6s8*}w(8#x0jNw&oq{QC68d
zD$OK*;?kglT5YXH?l=RdjB`r3()M}0|4OHN8|mwZyNlhmWVD;KWwQ6|E$0BLF`uq(
za)Q@#`r2Bub28Of#F=nq(*2>0FX@Y$gAPsdWMAc|9bIu0zX`B_
z_Y4(F2-Q?#QLem5#86ybyym~+r>npd`>S_5-v3zL#IRTcz31cOMA@Cktj^83bk)a_
zeez^%drizcH~jk?jTu!^-1{ftVF@l%3FAS{f%Rm+Z8u}bdA9=cJH#`h()vrhH)_4k
zedxG8%sD90Jk@*j$t^@LTFpQ1@kI_lOOPZZO&K^nhCElk1)I+mG-k_AW|DR|eK>vY
zAM%@DeG11HqZ*y2!{qB}^J~~2^_t}4`=Fdu_rO*@ZuNIM#=p=vRp&1FNX>&_>=Las
zu48OdoOs!HC+6mCm@;2l179}SGPg9n}OlGH!LY?IkEtGlrPqh
z%rH#4_=6A2mNpu6dqcKMhqHxc2BxEv%|Ac!zv1zvmfKIJW^4An%;cEn*z|H61W>B*
zef7A76pxU1f@!`J@j^R0#J>5r=3_fTsc+>SUeh#&U-IZXE@kSIizF5ePYm+-o^)59
z>Wejra?4Dj{)q%Y5zk(HwpYviO|k@1XPz
z012JmF55qO8*Dd%x&aW31ese0#93F7))f_?cvvz_21R2l1*!>O;FD9Zy(U66ugY9n
zr^?YdDo?mUJles3N1^VZaJNF!eN2itcjZddEf*43B`nr%wFv)QxRH$-j~RCxu&^&|
z)GZyz?7pYULF~N55VGcMzw~uppPHLFZphW88E0R$X
zzJ{*7s%NRWp+Sx7_OdSuR|&sgc1c0e)wTnU&)I|ik`
zHJC;Ru@CJLo?&VpBCguHLEfn)2L~aFtgiAEEPt9IV*!=~7kmXEEQn>X5I+LSj|
z!E;Td-;(D_44Me-a+Np+`hg8&_c`%`&2yU4DbADg9`#{?Je>;+Z0sWEJi}ziVkLA5
zi`RXs7g2sYGxYMROWwYfX%imkerhgO+ID$@wO$;0%RmH^c1?((a(OM@H%enbq{)+l
zQWfg$3H(M{Ga#j9;cO&#VXp%>Zi0EsPVoTEzAK=JGDgN)dh>$Dua}4p@67C?;Ww_=*z$FkpFnCkSY^prXEhWG1m~_9i$B}V^TfHK+&xa1Ux892j
z)eKWAw7<1pQa1d&+rP-9%iw*IB;n<}Kao#w>4M5-tQ6We#C1U1HD9T*7)JSH(l
zYJga|ZB`^>5jfA$Mw%#UH_PR6w_Trge$OG4ua9w`ViR9p>FQ1S2H2FX#gCI^=$=`3
zz9xa%;8f(&^LWdzr*Li6%cE*$F?OYPKJ(Xv_>V6NhbxOVa-HQ}u4Zf&V2Q77QUZ0A
z{VS>iE4P8M+8_S{;(!By>N&6zbXWNNAH;IDlT_dlNEEJ}k!tk=!e^8R7(>B@`^6GS
zmAPflG4>S=U+#UQ=jU;sy6x1#ql1GdNMf;y5y_NJSw{97Pxr2h@gVLO7uorBd~zD@
z?#-}t|1=ud(5}zE{bXLOX7hCHzzU0>_mc{rNEEys^}apbAKXt*-kO7Udpxz$EGkGa
zTh@GiVYFaPM_!Hbq%JP{aa3B>)>5AGt+%T-%<6beI%Sw|LHTAqlkNU*7+-7(YZboT
zdzG5G#P$jdrG)#q&o-7chRbhKP&TO)Q)82r7WZAyWogWjXp>p0rQy%I2tPvM2WSaA
zQyS`5pa|#$kl*CsZlC*~_CFeW1)SN3LIqdo8vEZ4QS7;;m|S#-Ux=gHvx`oA`-Yy|
ze1awKMxCxwP``nRNXf_Xw{coCcBPV!|}fLk&A(vff>kN;j*Fg1Hn~ZhxmCaaH0huK=mk)sCr>6Mx2g!
zvPDs5gE_S@&N3{wWN#}V-tW7UpCF)o3NQAP9(Ezb!eFV+g{Tu7T;IQ1eJ3TiXl&N5
zHzs8s^VRK1_9*Qi8x1Bin}^9-8r%lGbJr%;f1#&edV{j08&|=!i!Y+6c&LF+L%7(!foUqT4%qVGcI!bOt5@ZL;ex
z^9nSctxqYF3HSP3@@oX~esf}yy&7$$&6Y_aTlODi_90=O+#uK?cLtAVrFE|6$FzT5
zZsVvM_7i$qy=*UBSJ}vXJff;6OkUF0hS;eohCgT!wm#=Grs1^Wg$2K13L8LsMQfXt
z68xq2)3Y9Ss3yXU5$%dj4R&SHuB5F3HPxrm(E<6@tNOl(5=r*91RLZGl;A>dTgEF5
zlc&ea0fJ4cVNZVS8~wq7s4EYOF1(Jkb@qC55dtp%MF~VdGY~X`no_rox_n;9)VOwq
zrl*j{5!=F+CSEa_K4K*!6b0+P%MJWYx}0f(z&Z!b@ZXDh^29Eqa94IY13b{V%N)tCF4w_=!fhF
zCN-ma+l$^Y%Iin1B_n)4!+hMS(2YDYAK+yE;`JtYerO84a^YP?jRPz1-se4Y
zYUK8rDA(VIGRmpcncK#hHWWYF@7B5v0_YfCjXQMJ9i98`(>?@}cPh=Lt+R37W9gLB
zge|DlPSZr^8){2Ie#w~@W+-Q8DsH#)dH
zo~20lm#cl);vsKY<&-zX(vjEiU~)@CCQOO#Q2nQAx7M7fq|pvwLmPMPBh^D%4^c&V
zg@$OB=(4STqzN&TWc6xQ+8P{7N-;NRx3J8Oy+YB2BBZD)YHg-cZmMl7>@L{{&KKnX4)g;WI%F;D#Dod^W%mfmv
z_4zS4v-!%QMBl>BM*jToZOdIHxToA|S|=~^Rz#XQhZQl%eZU4Ugs7a#j=%Sm&2T`7ra{@M;hu@u+1|}$r~b);Is!v}W$)X3
zUujx?p-(H+WY@b|GXCugE`^^;13B5T#$Gqk)ev&_Tz^fg_H?0=!5E-|u~-t%TX~P^
z(B7s)db;RwlB|KL1dL582cP_2M@9)MJT}|JYM5zr%KYon2-5bol2OP?1W1mt1Dk2S)+P7V5w{>MD!(>Rw
zi5P)u-_2}cP{&m1D|n(;XT87ET8GDf=uGvI^xY;s;mE^zAFU**@m7qkE(-*-fUGEy
zUIJulP@cSc4X~-trG^W3b3_q^VC8>(84Fgv3Iebf#5iAZ;!$-`OUw-u?EuSw3A-Ls
zv9Ljx@TW4h!{i6$3rHL;OasQH1LNUdv;itxiVQ^c(h}?0HW{~G1-~!%3dTp(zHj>v
zrseYhU{12e5Tzovf-!gw2u!25@iL^ATfPe;NQ_W^Yu;MYJiFYn;}O1JW~}~N${)7+
zBCgiN-YnX+y4s8JWlAEDDk0K9jYA0(=k>DGJPHHB4Sf3r^HGA;*~A%cb^pcH-bxD0
zsuBy2n?+8^ma|(ed2P_a9530M%`t@boi7>t?uU?f_AgRdB9soF_OF~gCP{?5Gt8m~
zEeb4Ot>Xnz>v0%gi7CVJEVuURg{tMoYHY8+NEIog6;Wnt>{=IUw;^?qUnqaG#;a*w
z+&<-jXW_M_0jH%|r(E4!WVAtLbZ;fjFY2S~68o}l?5z`1iT9?s>mbzcITI=k*U^R%
zQn!6DTpK1!r?+CMId6ER88}qSW~Q1wM`CI>+T_J?U&%Ccy_+HI{<@6^_gHBL4}xvM%_
zVu;wZYz{!XJ&AgzNUUc1V26^#N<;Zp&)|<_S*}W4uq%?^T0?s@W-#dvIac$xBtABT
z`>FZ~l-=gt_?;*d;nfSX@Wn?Zz3+@PmuwxEyd86Om*kw6t~gh>M;jO)b7?u>^(8;4
z!q|VPpkUyersVw1qTcK>jANaQZJCL8P8Wp3oh~k^9Sl_pz1UGgfnreDusBn;k)M<*
zz!vcsT*Ec;mf6C{E$d+~qx7
z;bj8T@JFqB18O^cZuM~84LdWy=FDFm)q`{<=-*m^jx>-#x8IpoRRi63uf$OUgO}H=
z#cA->{(~agk4jORZOcX4hSn_dt0pN>gJ^il(uhlM&N)w9bD9;1>*2gE9I@5Tpd2z2
zXId~r2=U(6W8&1%cc(kXeB<)5pa43U{SHchupS+*l-O@#6~>l#6TehDZ~~7Q3rZAXTb=9x)@bMP
z;cw)0X~{etnC7R$*}?m46II91_`s=gra;Gm0>wkdnTmH`Z~mT(ea#pCti<3}jZHO_
z<8wfun++2N>8ew+6ZJ{SZ{igz=tHT=j|ZmtGO`$Z_-&0wX^zL-txGhNR#8kYxXCCMz+!
ziLsi7pFH0XXBM#9lW+7j1)F>{xK-M;OSNXDkwcuA2=C^KBdRQ^rTMe#iB;c6Z$`6}
zU_j@lvj#CSlVzTg;t`rbu<=7u|BW2K86v0T$mQ6)c#GFT$eLz2@5Vdf{Ac~OM0Dh;
z^kzcxe5FKVmw`!tVZWUGJfrjwsWxpC&jeqszQ()p%{=V6WLz#HJgUS8@a7i@%C~&b
zH}JQ|Tz2jTLacFropo%CL6Bv>O<9Pc`N&&DRpg-~pfCEi;+J$?Uc!jUlQ=%Qh!=vX
z*=skSgtii@Q=niP;OD2yb%4P=42S%8Q)4F~=l;2g{sz?UeyB~Tiv-pG1FO>k^t2gA
z)nPWxxnsjkJJ*XguhoS^j(st=*EW^(yV0Wekxk4Q9s$-B80USa0U+OOcUQn`AMX{t10-btg
zt;&kKt|x7ui;8oE`{@IM2V%<9{JTM-IJ7zairQ@C!Cq~m;?|tY*aHv?r|Yi4zOY{{6aSfG9F=u@Zf_GF*iP(nuuiw4VDCcc~5C{vyzI!#R)eCIL{cI;15
zSrSU~JN78n7>QRBBD<%pugbxtbIbZQo4x4yl}X>4O-9F5(@0`l=4a0K8uJAXxnk1H
zbGbZhWv~YDd@fvG@x>P9UgO0S8X->E(ta)|kFA7&qmH|D@+)*1ook3&%ZY25oev5c
z*@XpD?>vmWw8XCNKQ$|C-os|ac^ga6k&_LRE8FRZs;Brld9v4PMZeWofw<=o!9Mi?
z>Q31!Z8Ip=;0P*9&&-r|dTYn>)VPBtM29^wX+EpS#Wb;X^D{C;1b+4JJV6f?x}3#m
zhs0}ATmC>~V73*o&nE<|a;A4EN^d}Q55eV_j1Diz{oJA60SCG=Vq#l;2n6@`mn!@O
z>OYI{(~w#xQdJ(bnI}OvUKA1DrSJ-pi1eI@$W=*KaV~UOTC!Q9uuX5*bf`Mwl3$^Z
zKCVV61vK>Nem;h+wh88tYmhzWIxEU>G%=btTi=hBdITifUU%l&2%
zK`KQm&P%gcK%Af*2`1rkayk|3QAl%9`L+04ehK92vqNVhw#FM+f}uhW!UIS+eZ^!C
zAo=}f{cBO|@0${+L%18~?07eXjO>^^lsB!>+pzLcWV}+#+%Cgn{z%K@QVd}>&#NuQpaImRhC~uRV1oY+
za%ieHPrj5yTeiC2Zv#+By`~70WgO6HKHN>;_*Ii!${~Kl!eUcF>xIDYifW9psrK0y0C7GvPvSwG@JICY(;-SL
zYZp?tE?ig&q*_%#t0YF-EB7Cem2VdNt#`~}8`0;Qe*b}!{QsL2iF
zV@F2apndk>uoMtmn7*!A8-Qst5g*@O$f&%G1u_Mn|A$Ngz%Gm6iOInUsv*O)-<2Aj
zu-DEee7v$tN8VWr%+@)_?*=iI4hx@}((0FLH{BG7OU-V?+@lfN`$73x1xnKTnM8)Kek}#mi4s#oonx#DO`J|mvQ`c2
z`>1=23ESaH&o_EN>kvNpo7~~U9s`|CnKtCtZ1K4i51gFfCvr@j@oPM>y=KL^gGu{Fx`&|RU1s!yTvMTK7ahY$0Mq(^H_#6O2^TIvz
z{s%(S0_0QIJc^COAf@Kf+lwOMES(gp6YP<<2uOc*O{Ss3trh7O=86Qv$2}>rRKcDixQVi
zb2tRKS9w=qo!nJ;Z?{Y1DEL#82?V_Gt^54Vr;rTnbCsuPyvVGp&i+kcZaLb3!v
zA)Ft0Kd8a#7G1p-hQrrn;fJo(&4c(PL~YwpsDD5z!3SFxUcXs6-?MO&V5p2i4e0vSSmc!BC#~S+wfEnMR;JE
zU$kcJQ@uUxQ&69oBzfqWveZOWyj9O_pBB4g>N_I=%Dr@h(%Wy$0S)^@N)-10&nz7|
zDyl%JD)_=M1*90sXSw~R5}xkuIO1Ykoi_w%>f3xYOrq5t4^56^ns(Oi4{cAUYk$%=
zwVcV@O1JWUdh&khenN!uYwOmPfB
z0LXYvl>6|IG;@k4_35wzgT04Drf;Om|&PZtS0DVfzdNU?96v_@WRllp$^iZ5DuUEPv@wu>l
zWwm`ZN>R}_F2!tdV=5RWl#qc7=Zs>>Aa8EbI(@IeN+px9v^%V{ZHm2LN*EN!TV&RY
zyEq26JQo|r;^5ooEt4%1*L$tfnl9-ocCX6$r0ZTEcj+~e7>EFI3hIdXBZr(Lw?@BY
zFd>AdlEz8eBug;4tzZczaj@;R`v#}x>6lf%+)eglD0r>XPwZdm^oIvBXy
z;lVN!?^SlNAiotC@=*g2aiB>1K*os<9o`BwxYaKVo74mSUom=d^i57G+6$*657`%T6yCS9V}jD7>pZS92#>!68clD+e;yc-YU`N1OeG9M--bY%N2
z=uF*t3a*~Rml!$V7Yp4Pms0(@yV+}^hMbS1_Yb=cyepXdOdBq>x?x}%%9B@Z->gXw
z+Q)evB@EzT6|gS>pOn_0PV33lp9^57GBC>!&+J+bq_wr*jX?jW9eqHnWWlDM$8xCc
zTtpQ~3~_|oq1FUlvj$@A8RW0v-#jtQEE1srnkAJmnLMHftQck%tu0Z2Tn*_me@DeK
zU9k4SV>tA()Ij;0mo~ze1@gy+-SD#FZGGlMR#-7W1dI#pgY$>W6xZ(vH`&{0EitZ-
z$I%55v}EqKE~e1)3t4S#*!vW(WV>imZxLSdJElzJH
z6Qo5I?>Eydt^##Z^NszC)_^yfdzf(wNSn_~=3agP&LRSJpFzud4&ZQ$qDuau@y!ND
zHW=sn%Zq^XYk)*g)X7CcCh;d37!j$WA22aa9N;U3<*&g%w^E>r{5%?2HwSQbX`Yh;
zanFLo<<5aV+EovGQ?Sx;Z{Odqwo_On)|Q!=GCFF*?pahxGWmHWC5}PFU
z-`zNAF6r3^{0oVcAvizx{`*}r_nWv>Nt^v~urMBn61TKVC{(|_%<4qEd&kSpwJ&hM
zcWnQl76EpDPMx*|AFO6|ySQY#U;?W3qBa?Gbcr07y3Roje<>DYGM0{@Egy)n++H0k
zS0uibpDg^Pdrc95hnYYm`P?Ih5GRhUVMF(2(~=?3$Wtn-r=Uba&ELo8f$TUrGqVJ6
z3kE>U49;;%ivjCMzp!W59)t%fCE$-CtsOY#svcxO0ek!XYE0^Fd%B}2&oP2R24>Z8
zbgU^@?3fX^<5iq8N80*Fb=GE-H{<3y_z^lYqRqexN5MF^_b1M<|^
z#UGp~*KUfi^Ys|8!KKPNZA{kG216OmKope$!F5q(eEd_AYp4-?9;sX#$L(?>r(&*<
z4&JvtZ9bk6ESfEAIqHQC^=VfwoAQ9Pc73xS_YEQ)N{(Im{6!6qY_`rf50_g5N{Lxy
zmcfv_Preoa?F?wAKvsB*I7gfA&K|QjBBeQ`rbB2Uu=_assNj*Gpg~;|$jWUr38NZvQ|Vb|ARf5-~G0hfhX=sR~N$4@m!YaLIMX^4TzX^G9fSEd_FM
z_I<-`YVN~Ch0R->t^+epWG3D7LvD+o9*xJNJ%Tr;*8S_8fTt6Nd^~)28dyvMzDbBy
zR*f10vCS6~_aLCL)mK6#Qm1YPCSFRaem3Cu4QelBnaJ_G%WuYK4gv|#tkV#8rNk_HascQjRwPc^nre$$nscxVWovw)qT`rdaWv
zt`UpehNwM+nK+YU)Z3%QPXoSMw3|o`o^dBnikSh0+4JLNL+nX-6Ef96HDddHA7apM
zHgyrwXe)-viZTX+@tMeh)dbaR&mnkz+I-_sX4AfB{*IToCci41}Z37fP9+hMtrWh_?Gapx2cFQBBZ=NMd
zlFm5Xa0^hd?D9NLHy~J@Yg}^6sq^x92Ul4*Pm7X|=6Li4^43CK9wsQu*jJ-YmI5Ub
z&946P6~OegQL!N5bww4^gHV42>;^DhY0=gk8KjO4A0?0p3>H?#6DzEUC8}?R!*aVb
zATKzypdCZjtlH_&=hKyIoX~8F4@O76k52RK^i!Ob^@_WPBP*x!y&jFLkV}A0HTl)Y
z5-gz#;)z7qx(-Q6VMuZv`9^WmexH^6&ZRRdr#hV5n?IDpADl|bW=x8E
zBGB7cn013m4%oLp1NH+OBM=)gp7@wJKCcVJgjbiwL5>c6mj${A@vh&XngU9o4L};2
zygBRzTL2{SSRRm%Qm1*J9`*x5PN3UF;tBOkT77PatYp`3>!ZY49#nAma*G^1q<`Wl
zrYdDM$)Prs#T22)jaaM5Lm>P{H`Z57(;8}P))j!RbSvKL>5Td2yUf{5lc+6vqdR#O
z$Q|Oaf7DBF#)k-KZ$v+k=3Bv7+1qP3Z9}9T?`TPGSePL0f0$-K9M*V=6hnAMBn!{<
ze(=BqmtlOwqWqe;&gvZEJZle0+0V$d519n`^H5N3f_;fY(#l2TpWBx91SrseEj+sD
zx0WJ6qcT^i_YaK=gM`@(M~MTTgb)+tB$Keqck7a~h3EhZ?w+5=G+fv!3=+9FLe|gvhPGphRG6Nga0L
z=NUpLp}naANm)NTJ6HFD?;boaJI?3L^Vgcz%CTy(J6U3z}ojzWHcrp}>*T!&$_s1G~`2sx7oBQx4dV!E3aa#^Rh0sFd
zrD%O|10+AayT$+55P4eUtSzrsOFuDKyr$MPPfMq2x`ul-xvII){QT(;|E~q6K;Z{%
zj^%qf^K;#*WP+O}EXDde0lZq)x0i<55G3Iz_NK3bd3LrgEY8zXhbq)D7df!$wUpj_
z)t&)_gS&FUbk0ZRz|fNhA~56NQctH-c>3To&11opm121O
zhjMx5+e5EZz`OYCb9E$y&bn??LWM+vMfCkbpSI-%U(;w|Yz?tZOKJm6JQp#y?ec~1
z4%O#J6mwCW+?M^zjbBs>v8^;#^#?ytu}hzj4yh1Gs}#zT4~?&tp0`r=Xu8=QAw+Ai6I+{Kr6kj7Q-H7@(r7
znSz1{c=dfKqX^!PI0Z&i#XFR{XCDf$pG-0b!~Qk;-!Hs#ryQ~Bv{eZI&k7%&QMn(#
zSoNA)vO`0Y;mcCOw+c_nYDzcE%G*e%b3aTba~s?y<%~6}Ls-DXS*1@33i=;u4pxyD
z_JW`MOUr(9;K&JH!xtxYrUQ~78~wh^M{z1vb$6|@1>@km6AKC?1$X_AK1c7wSrAg>
z9a@rs9g`*768=2R-`{M%K62gB{`SQ~{60Nfj#59y(Dw#Bjyvioo>n4)6CbyScK1v|
zM)k}E7WA3_{={$$STb>CNF2QRSY@xf27Q31arbem8vBql@8e#LIRy@kUilYS_&F=1
zdV2*TI8oT(CYn$5C~j$iR+xIicxU}j&MW-CQ9HqVAb*;o#FJsvk{!93th5)T)SKqT+bvOe#nMb2gtv?)4w<7dhu51O{^W7&CCu
zGcB)4jSF|o5WeN!!$Wu1kgG@J?_D7Zd{hMY{M(&>O~=RsihTS~<4i+vi)4C6Ye)vy
zez^`t0~!Wk7_c4_n!X%->_^onAUoGykQD;PuA4y9_UJ$O06}l0znfQ~lF>p(!3?SL
zmpae1)4sdB{o|RBnaqHb>D~kjQ8$IHy(KunqCJ_V+C$;SZ!JLE^MAYG3Rr9j2G10M
zneT@i8pnb^P`C-r(DwuyAFpi>ufsJaY!=+Nwp?3}DBCT6kiN=&1kC-v$BZs;q5hdD
z=SM#t{c#@fjljH};U4*Ys9`DdWU+tyQUv&mWx2E2d+NTZ#*8_GuZ_?h{GeGV-4aE_
zu49({c;hTiy>4iJ!n|SWP5$Uf`ENFbh9PPI9yd<2h3m(NMqtp&${!vc<^Z=5>_*?EO}u@TdP~r(1hHPX7)KL-&A7
z96k=a=8<{lZ9WtnzG}}HD?EfID6@WUIm{0;2|
zW~_Nc0-)B@DlxR42o)WM$;J*$F&j;jq!ma=gNmXFJh4NGx~91y
z-@t1;k#q`g8!d>_{8VwTE^LCYR#ovb6A1SA1Z5bY>v=-vUq7|>~jWXV!3buMAl=#>nZ
zEvuq;TS}ph6ZNu5lYddYt({BgO4_t#8wotAy#2Ocr(>+dy3;TI(zf-@MDapt!|z15
zx2>bm*jL1bcl6!e?^kBO!2*xlWC<}n+;6%=Vt0~=y;`E;va|VolJN1cYrsB4+QmrQ
z)*IR{PQIY7)YoCq=n~DZbi8?%-E}&DHp{z#@s=X|McsDS)PwZ|&4W0?EpfUx2eI9D
zq%Lgxg55W|Px1`5vCYwnOlx^G=P0G+6%N0Dp5)H?K=+YOcINC2;XnbsK$&z}dng)R
zycQs4S~C{Nj5r{%?o51p=$tSF_K=`kIS$Z(j?$9~
zcYwt~(guON$EvSl+^51zU^}k4bY{
zfW`L4(qFs@#!|SF`QS-h8C)<;LUaF|u`HdFf7oOx6$+eamEmryMhZ_pU*RTPS9XzR
zD{+=3Ypo&Fs|+mCW~{?vVyox+dcxdgx$4(;W)u7>T(n(w
zlnVX}rGVxI{FjNSmQjDIDlT=whD>@~Ko1@KK!b}^gjR}iU)e#nuFTlgCh*f?z4q$f
z7QDAj6?OMT`Ov3?MC!3v3u>QT3Om|$Sh|#y9QnqARh=Fc!|Lq@BCq0nb*>e7I*CRA
zX>&(DB#2e;MQau^gUH+JHFXW7Y84s12f$IKMvrsi1K(p8K}L5G1|MI&n%DMkiO&Ao
z$V${@Pd8F&MLx*kC$0>%*v}-%-`xf8cyokbQbyTSv7P2-z}2mNS$smpD|>gVyxhe%
zxGNy6RH7HKxb0~7V@5y6Qh<=$h;27*dG!26NJYBn=eww_pp=n&}#=vALa+F&`^k%uYHJ86;%#g7ugZgllXVf8>lw95U
z)Own6HW5)_Y2PJ<6>g=QH{(X;FGo|$ez&ZDcH~;&Rqnr@9scxcGxbIgn7{r7W?rv>
zt((?eJ{gvUuAy@<#eIuokB5noU>d*0*eS5=j|zn!9o8J!#~-cVYmaW|&Bs_2UJhfX
zsmC8ik3D(!fDwIVw*wmS;E+p$szEw@Pb7A2=s
z;OK$ygL7O`e@V@q*V7MFWAkj;4f@Kp0vrObJWP&y1Mo}<#YJTO~4}*7kZ-0Mx
zETYPJ>cIDfQ}^^9G{B|O{VP@ORw!dbFUJ(xTAdf+tCGL{-f2{qaj_
zk>m%@-<-jGn%#@S;CWo+>)%uHGkw%pD6Jev@FO8OrVv?h@F~Vv`
z^r5N47Z*?xU2+1RMl_$`p+NDgl_}nCx)V$to;HS!7mrwqYn
zDfE?G-|-8Dr4z`+y)5~|=O>RS+k+Mclh8A2iuy~8X-WvG5>2?G&1=eY>u9D27S*_v
z#(A2v=O*tmt7ooW$-JbSTK(5^i=Y&WYh9Ze@R6^f^6N8AJSrUYQ35)9&W$))f^FyA
z(gcN%Ngjkqc_Y=W^*RQ3N%HI}N7pKOaoj3nOQ7IXdqiUqOTHE^uE**1`eFqCHQ&nf
zZh{eW*_kF%;
z?FpyP>*~zPqW|tf5
znC;3jm*8CSB~l}^r@Q2V_B_f2+GvS$viv@_U{B>rnwwGMPkK6ikhkJ)_v!c}Z@2fokfvK$T*kf~$lIr5g5=j4>{nUpczK&u
z!8|iZ42h}VmW@^WGBvYNVVF@9Eok1dMOA1YCTjXTXXaZ45^kS%^Z*ltmIN~+sXzV6
zK-@VW5pmR`gGYn)ge&-%UbKwDsH$kx1)rVNX*Ba(UaP*6aoc?JwM|NPb}tuI)Vt#%
z)-l5z01C-T=9}ZiswhyDp?T;kwKt@`os@{vUX1tAF079l+doG#VQ<`XwnRM`p63A2
z$LW$I*S3G*ok_v_gFdV*c|*)dJ3XNZf3BYuZjEI*{9iKrrf(P%L)KGxK3d|1wniMg+%mXW$A>RfEJnF<
zMaui<<*?alznbww?qKtWp1CCv#|V1l5tPKL!&_I~cQ@Z0O8oxr^pI8&ZsgjWlIPI(
z;WQ)S*yk9I?3(6d%?@orBQsO0zE3t}UAS}Pd3mKBzaPpODAtoHyAitrzg~Gdu{-x5
z(msW&n8s`_q(R1glcLSEB8;Pq@E-Y+)Aq*cCvr8DSI?V@wz{pgzrjt*SwGD7U-s@E
zF?#jbrl@H_WBJ3KZoz)fnaz_CLL6IuSJFXcfV{+PGEUj*aO-Sav3-xjVBn{5tL7eY
z$y;Z2rMhZGMQ}40m)7>6C>2RkGyAj6xhR$MQzQliTXcJe5=Trj;Ylk7s);X9S6}^g
z!PQ#d$oqU!ulfIX|^inR+VM&l!Pf#aQgpa>#c*T?E3a^>5?v`kuGU)
z(@08pr!)x2ra?NC?uJcwcb7K>%N}f^V~DAeD6{vu*13-3_#EE_
znQeFWm8Y|I^|o`ks)rtWX^NmwOUV)bK;G>oCJ+?m1O%Tk!3QMZSaO2;BKShB&WfnX
zk&@v+iWiekQ@PS%Tk+@^{>ESp
zaS=Rb^!wSd9dwMS&S+xpGx|tz^yeb5D76q4N?5Vlm3(_{W@4k%%n`Z;CCxeI%jJNB
zjwp>^+P+Q|g6lCKo;mp8XPV4o>4wU7xQE{jOuxb3x}rgNx;~}ii+qD}C%`1pQKmiK
z7W|NhXRmTFow4|#-7N;RNpHnTW%b=}g$sTp;s3f0QJTI>F;E(9RK!>@i@}$59)x4Y
zLKSEgAK4q5N(mENjLt&W1;`#sODFR4ydX`A=5t?%H{^9{^=_CInQ*Yl$kKKA?ll%a
z@7({&VHE0|?m!*64*A{ya&N&};i_Y%WehHsl~gNWeOeb;)M&qNGXIkwI$9sqW94T!
zGAUnEu<3!YIW00CH&Ksgqr`0Dr7fR@wO{R^w@1AVJdtj$!d|Bz%4=$^>2bDZ0gHyE
z>+;3<>d&btMvLdO4)I0fDz#{yMyA$zN(r=C_vsvo^5o|Jni39snL`8G1r>WN{#Qqk
zIc7r>evGa{zg`MSk6ML#u;p|YW>6_lJ%eWbSueZK&sX|g8AOy-opy^IA4SxrQ1o>j
z`!D;C-+JS3Db<>>mMv9@U6M8bjl$INr^MYVTB${h{O{Ma5fYA3auYU>2^v3M<*
z+l$RpPFTO+$=@l>nbe=96?1+n78R>X@!BHaM#!&}s&H_a_=1SK>-HDVrB%QP1ZmLk
z)r|5aLDneptyN$H;(=i^SEAh8&*yiI(~%cKepSvo*VXRNwRTYzVeK~lffV$jfASx6
zOIr%>H5%l0m9h;y(~8H5Qa%)wZe3IQL5Qa_11+*uv)e=rwSmOg>K;z)FMgK
z@}4GJg&{Axdmg^ZkqTq{7WL|BrKb=%vrwmb^3i7D2joYt2}Z5yAwk_9NDtSJuwI^+
zC{G?`;=XxsMipk+BNgY3K+W-Wv$Gnm2f>u}wC+ucVx|4U&RC_Y>Tra@(cRK#M`K5r
z@AyrQc?c`Q!p0SfFG}m67NWU$yuYOL%~$s!)C(;8%}t&=E{I!l{raD!1?lt%GNsw*
zXG&t#L*Az?AysOVsMkfh3V8a2UFa{oLyq)cO54{F|E5LRJ4Z7(6!N&7<|uXiw%i>z
zx(op&Hg@~E0*_B37*Be}|0~grCI?KQ3R^U@;pi>c47=r>O}R(rghZA1lNP0j_=#c4
zg6#opN!dMRlAQG_-^EfT)K6stnQ<^f@1y1ji66KZt!SlzP`blq|2^Z(z7ZiZy|YZ$
z%94ZM$HxK6_$5&kCk(45BI!tcD!!+pIT22IaKLh_IW5kwFcUZWYy@gzg_CDA9QY3R
zQ)+ovMgM^Nh*UfK+JZ9+7Z%(Wh&2p!QvsE8XkH1U&g=(URIL`f(((7e<%ys|rk-h$v*|R~KeKh;
zDSZu7h(R8ceZ*j+28@FpVKzr8oGwFDG6$pY*p`F1*olv+dYg`ZfaP#4}wR
zl*@r5=Q<)aoWhN7rc;JM1zq_@%^{l9HqX8rsOL&VA6%bI(uIHN+spzrrBMnf+>lok4#VDpj7$wqXrD`dm!jS0#9ls
zYI$30(K9k%tLE&Eae;p#N#Xu{ic3G)7WBo46@yf~j$YZVr5y0^=btu#v*TlGb8BBx
zr6D%eD0zw9ch>{oVD(Z8g)%J#Md+lTq2lQ1E^dw`;K^$;{XUchPG-MtUXqOeH59v)
z5e6tz09_&-V^2H4kkaFYx&wSo@I+-WVPrRMUA_Z53wYFz=Gjs94wh2*wRC*zZO>hg>^31We{UT^ubMJ6RetUfoU)AHmc
zd2F&!4k2(9aBT_!1k^k2$TN)D!q7anZ@qJrl|J9PyF-nBkrA?@BLf@J2T))qq#MQ9eu*Q=Ug9(|Zc>Ao-+&h+`W~wC
z>t91FbZI$eW8%-SQ8J$6;JIKY8|Js5;$qx$Wk#MejKPe!8f(Q$tj89!B3rr@xf>HK%a%y-V(
zw}i|aWzSQCYm@UKo_r_!ySE@uq4-1g=mYDZX0K0xx986C-+|4ClK*EfI+L`3xuQ<=
z6fvb;)RK5Luc;(2EKBxuL^$xL{9jAFs;MysBb8~DM6)eNzk+fSRIrmezYjH={O%Vi
zoAeP=nrtk;S$`w}IA|b}rjW(H5ppNGF^G
zPHOf}xhmZw@TJ&mCt36s9O)U|GOj1b)}%#rD%G?Vcxu%S&sq3v%cpd65OOf}o0Egy
z(o`I?;bej+h!COOTr^{h$zc>PyQJBiujqat;
zYlw6>45x^2)XRHmeFy0F=`@#YNyl4fE2ojNq49#`jZZAhe&wUO^Bnoy%}A3_T%F9?
z9Y^Hm2Gz0l^_!IAvAUT{$$f6gi=qOKL!w#nesgEJ=jX%L>mMl^U(~JvE4~)3mJ5RM
z*q2LM)M=6-FUUL@AuLZK;p
z7tjUKYIP*sb0T~`Jv;d0{p&};)4MsyRgbE+JzOl5<(*jy*zImT$UT(+gBhH~{2
z5oAk{tA7uu8d&bF|L*AFi2inbYVx3AaP&@vT}DiqAH(846pUu>cO^Ps@ub`Fh
z4`1T2BE)Q@fe(D21zpXoC$WKGAO%H|Rz#L5(pDSUe>x917$1`A#x1C`d43t-8RaLI
zraig-)zDj#JqPQFJat*AM+A@Xbic(yP_`5p>1PrYtCTW?G&{I5>Az8QP#}RD&Et&f
zc)NH_mLndK_)*JxaO}v^1c9FjCf15f2LBcgibKcN-ODs{JQnmZ({L`LshWi@{w+eR
zReL_*!Fyt67CBMwSkKoP4*($dYOb2g$<6#5cC!wp9u4#dHd{BvbI*ShnpD~7t?z#{
zVWG%!`~2Y4_e*bql?xM-gi$6sA&zp;p8gSV(`||GG(T3uu0|!(i8zk$4X0umbqmaY
z{rX69{=wqCPFSK~FiQV&yYnkV7aJ>=d^);YNm3+B*jyQ-WipDCzEfa>lD~$rg8Q`f
z`KcvZz;=l~QJ4^iF8up_6eMf5ilLx7%-_h=KQ^D@RT|`N4!th3@Kz)ySLOFsOtM`0
z%9yz(lg_G#v$s7;wKWf}94tG^`zh-s?l&i=xH$y`_9EHbnNPFvHS96oFo(S-8OTRm
z9^ICLnY$PM+PU|GkX_FwKD(CL(DmOHX0&eFsJbE?<@qgu+HH{*5|1M2g*V3}Aj6A~jXIcIZk6TWO
ze#`O1Hi)KBWVG}pE*V@Eu9t9&YCw|i@Hoeqz`vN*YjE-9ema4(>_K0qdq}&U
zYTJ%+X&$(~8-3TrF$dR$*Nk%&=c
zU-d{)SWa83&kjG7n1GKBFbcW8U6H&_FA$osn(=)qGMw*UbLr8Q09IL4W~cAROE}ZX
zi?7Faze3Dzak$!svl}Cl0Be0z%MC6tyhZeXSb$isQ2gE!hjnuI^z4R0xK0QplXFX?
z5*^?x%GnxO8L$ZaHrjiF2WUSG<6T;~7{L5rC$F)9+pgU*(t$UjXi_+6oI
zpcpMs_3HG>7}t_o!l9F3&T}WQq--Kvhmq~egx2c5}u(y1?9G1xpy{l-RsFHvj6u6ybzONSOBbtoVT$X_A-mV=SZN6ByX2)Jn4+yu6+;}a1nhd&lJ|l5H
zQg*B_X6y%ts~l*r-dp&+l@B!rn`AZ|w1cXjnrOw3x+N>H1?hEAs$~xoF6@H@}Qdf)|YK-Y|-wt^JR9fkD0p7$s#i&aD8baddg$%nGhJ2CRFK}
z)@xjGS+;U#C9;&TX)K|DvSXxsj7;(By}e0E%YdQj&Y9v@Che!o{LOEHohp8F4L}hf
zL3v^H;x<8p?cV1YfI`Q&dy`|a{urk#`pgtW7JU#t$|6|-djGcxh@m>|k7C}%juQ40
zJF3dNNV~+1Eup_~7M(zp>iJ9(+=mrR&^)EQ`*2(BuxI)`SRQM&{Qmm%$mdyX0v-iRSb?PHu+8fk@OV4K
ze<5SbImc27U=h5@5xu!ZqI7(D_Cy>fd~+(y*23Y4oDu)1^!Oc4}8HE{pBWD
zU~J5BXVdu!w$Qf+%hb4ErvTbHb=*%IBcbc(8?6UTsh=gXR$N}rDBNG^Ck
zuLTspdBhUuqo=C#Gj!eBuCPeSW50C09;X`9$%~+=qdizQS_jg^nMb68ZP?}2{ClZ~
z57jY3>WtG#&yq6cwb;8GSJ5PNBK)pFoUO|L!K02ZR-#$!=?XuD8_uJOFRZ__uKi
zI&3$8rAPe&`EUWzs&|6AYz#AdOM^uMj(&jd9vrv!p~St=#~-M;GzXtKBAjP+ux=!Gm=@=Y)didS+UTHLdn
zWi?@-I%$sd$DFN+Xxp)n5Pc+hC95mh*uW;wb^Za*wL$br2FyW7_~D4QEmIvbs^f%%Rc12a|mcv`va>#N$$C9f>mzMp)0w<3%o~*
z-+PI9Q~HWu`-80nWA?8rq0gYVpyVC{VsGX=J-|p`)43UW=6;8^B3ktcFd`9VjW1{(u7yL@-s}Cp#8d}
zq0|~jz#4;}yI=f8^wQz8)8T=z`-C2kSuFL=;`)8$mzM3a`D(bK#xDuWnq|ZV`^;Va
zNI{O9bqR^f$NMnQI*8`+TnNJcELtVpUYYcfUXf;T&h8TptW!B|&M>xU>1Jf=liAQa
z{gPv1@DraiDlP#FfdN04R7bu{wmZ7;#-J(aNfl(&VuzU_Wb1JYf>;
z3mv3M_A4BtFt&2p?gbP#ZYwRq?9R8~C7&{(0#4U0xgzxr0it^iF~BwYQt=FkU{^As
zU%wMdt6a9bn1hNT^y4sHk3zVDS{z5j(GrE42*
z-#m@fGG7~rKspS7d?~72ws(u(1ET_74O`2M2^p)+d!G#XcdPR?%!po7D8NLaz<{iW
z$SAaTJBoix4ArMB1w);+P;*6U2=HY7*aB`mcRsy(ZNk?!$3BD{hw?$%#$!Y9pgttO
z?`ggkCuMR--?N;*M5$7+;h^Dxmb#sAL4;%TbT+t|KAOL@oaVE)aGkHI{~}q&d;!YE
z#Px=7{%=;2{vB^pISP7E?~}ojp?dI`Eiq!_p4T6f-gS)5mhg(VYGY}k%
z85~_SX#(4Y=mo7B7qq?l!$ND7c{-SD_!XvrifT6pZ-Ro0_36&kG}8FldO?vIrtP)e
z^Caoy{JP;wIY)yIaZ$X%G*W;=WCuO$cdzphb7}p#9rBSMI|5EpUoW@xqjS$oBKWy&
zhyfuc04T+2u0qP$tw3!Vl-aJjH9^seYZXiVznqd+l3{lpsm(x;_?i@Mx=>cduCh|A
zgU|^-S`LfNuWk_eVCgknYXjDne43SbA>tUfGIi$D^?_-i!}GZ6Bxf9?hbt2}Z(%ji
zIUfNY6~%q#Bq4s}{n8OWZJ|qf7W#)zj`6rZe-Gkf0-u5Mw=#c=k*1fI}4XN#taG*jD$;
zM>|QUR+nvzP+mJmCYe`lO7@*&Ga~3Wq~Re
zU^}gP)L_>Gqoi{x7%Bb!aJa`x!5DUVBDwuVBzPF6fIqW8VXh7tzfCznz(H9XFY28PLY#koLLMk}1!T0zFipxdJri8nsHlzRHTk_kDdYT_hTeB^rz6R~p;Iz#!UXNoS
zm;Y$_L3HgM2Yp;uE41A+Wv}rqhd6RdSRb#Ah>sTBp-Kwl;ew5SbB@c7&Msb7htJdT
zU#ZtA?6@X`S}t~r6WSh~&gH3D^@ZC5Ogbi)-x!Urx?oD|;_qz0D1q1@Se<
zH~G3!RV1;6M&}Z^QiABE+)pNTZ$1o+Ig7v*ctQ_E;hcX6dib>+%1LTX24l_;{G9iB%+XbSD%)Q@lxyIVurAuR}
zM9#KZ4cV-Z1g6^-WWph(PQqgg-(ory1gB|3bT)^KpOmU`!;3l>G07;r@&`*AuUM16
zw`q6q8@o@|MxHruS|DhyhV`@R1sdSeF6a<#U0cBo-9Zz{&CxYq2l)f9`hUsT{|5Hx
z{{i-NrGi5jR-2n?!%h}Ufb&s*P=APRrXOrZtmbNE&e&UC!0rA?RnN~;8lV!?t58w7
z+5rbzRe|XAyGn0OjWaNBrZo@zhL$}@K)Pp6iN_^`9B#*)wajjlz)n6lawjuJHb|E
z$=N%)oLb7QNM>)fuquRPHQM-O_B%(yU6T+gdOL%RFfTYqCQc{+5<
zpmq@sFQMYuT*3i~l^6;sJwDNFIhae#cutK9F53y^zA!N)^kzZTb_Us`?EN>*HVC$E
zO;u}(wNyVE1@C+Z&t^vWlpBgE*F(s)$P?e
zLA9n`A-2{%u>1awN%kUfBLQm8`smcS%wDFG-{Ro*eXB)NamF6~kBBAT0q;c`E`~w%
zAxd@d9tn9Jo>K&fb471C>dkm=O6nA>5Z&uNe++q>#RCnrB7sgKS1JRy4^zbUYbLiUKc=lvk(S$)Y%5S`@2BKDxy%wNl|p*hO|l>0l^IL*SdVU&
zaNdnK*C@f{^K;;bZk+crO?{@AXDSGZGX=g;#TS=QF&W|b_nM^c&?y6#|L695k8P3k
zXl_y%!!l(Pby-~tg~nZ%oxmeA`5(R;%vO_oe957{rseGOajbrF_k_QBK~dJdfJLE9
zpXGN#?^%pdFXmfdpp=5kq)8zWOTG0O;K~bG4E;uOnSEX_=K856>d7^ZqQY)kQOA$O
z!GFaWup)gYJtVz2!Yoz+(e&rF`dC?!Zn*Cd2rrEhLdKOj+h`|Rwv$LM39L6_Ka~hQ
z!VF?~BQ2!UBoTmH5zBcyz07Z4kv)tmd4~-HmE7A+Xl}GYTJI0ZWqb!4D>jj|vtna<
zRDO>KqQ*=W>ZxPz)?WKUF`seU{8zgGK31&cz8Zf>WYku94vu;Z2f_5+)$zE(TxaKNwLu851Dy5
z>eVJM@_E_WnZU6K14>{lrocSs+K%}n?hZluO1SUUI@QneHAmoSU35Lh=CsAm?O{`^
zuviR!v(n1aCubOF7cfmn{1zs*@jwV3oTe7c;y`X5`l`h5W;?S2wg%0`_bz-*EwSV?F0=Gl(yV|=Ff
z)WP4Le#IZDI<{q^_+{B1Ktkj3{!f47`;UNiFUCcv!`9dy(Sj=tY5WXFvHs0^BC?_>#tabg~Izo&7=WOx=U&Hd&BE@IsksYRng`s1hClK^nf6=
z{Tr+pyVpPaAVbY;IVM;JBZ}Sikgtx6Lyi05zSZ@e!NHtef;c?24UGtvN=Y8Twn-aD
z%U0k4wv42Pp>TF9Jt&H&LIYoWvJkF$5Yp*F3jbuc)QSoJfib{$`h5RcJf6JQhuVdl
zA0sZY=sD|zNuMZ#7%@3A^cf`iTD7)vwY}%4^SLh^zckP;j}!Jj8=ywF@Ls@deW@p&
zXV<^pk7`DoeyS?skGpgUoF!yaau{{^VFc`cCaWEf-#L?5*LIqHsyzA?vR&$#)VkUz
z_k=s*Q*5rOs$
zL+p8ltonV+Qc-de*Cc`^B~n<{*g
znb;Y1i2V84=Dy}qlP4x%3v_Sf%c`G?-L5V->nAtX`k79Yi9{YqC$do*JlqrcWD15M
z5c44O64#aNMx6?_@NceI!UGia($pv+AQw3O`Uoow`&TVSjqgJ7e{##u4)0X#vEBnT
zOu5apct$9G45Jm!q}SR^zt
z=KWfKYzh$d^}1&iFu$r-wgBY)w1=;QLByPPT*shlr1c$RYc`fnA^hNN2Y;9wc!{ry
z{6Y~GEJ^#_^uO9fS}?PWCohdk`guMMHG!iAg=XhC*cC+TV}Y-D`8GNoX$=rb*c;@H
zT8#e%{3@6OxBPBFqF(YD=f^CvGn;c>y!VK063mtP?c
z|N5y^Of=GwRq)lHjNzqc9HG=Ayw>sbE|ufn8L2t8R6YQliygsN{0!lSb!E}R4@V?r
zE`-Q@YQm8=z~{p8PGBDOvuQkfXX|I(@>jUg6Ty4*q}1*$KqHnnzkt3=f|SB6c9W5C
zCstWPZ=-z;U_CE$?9w`3D5a7g@JX@!%zi;RS@qWTzkZP616UV_SSk>Rc0=I37El4>
z(<8DwGCZxX+M(NRW7rtz7!SyDP5q}7A@@%iX@b=jmvVSaM$fxA@cjjY
zx}OMxX_wKqpyse!r@O(Msy0lt7jH~k({@Ki)P*V=3u{|x-GMnty$-_&HTytG?q#8^@Toot=cmp=G2
zHrm0*K({m85HW7ij1i#kIF+*21|0vo{=P6ye+z!u;HUufH^7XOkeOVx-R|&eAFYc}
z99^=Uv2rYBN3a0r+`PAbe)Q3T#4quQT(Lu^2s66I_DZ9Kp=;_J?=wckp!x4pv+|>fg$XJ&-J*LcZEp_Z@F1y
z0LOd0n#BEy2oe2_uQiPM{V?Lr{;=flSD=q2AkTf;8bYkOFWjfMZiD@s_NSXJ&^n;P9y2_*C8Tz)nWJ(
z+uN^}xKkGhUdsS+baT0j?c6J2@yIgktEK7EqOp>QuW){rxW0fcz77&R-%1s6Q6>@g
zf!Wk;P}3LYYTTeEXa6j&&g~E9!(^y@)k46`f^R*=i#5bkdc0b<73^YJ*;29lJqs$E
zbe{#K;uH2CcA>|5!?N^)?fV69EcBtZgGHzduKj6zCLeJZksA3A)LW_2K>w6(!Oq1FORY*(J%Nwy?@Q?n
z6>z)YLe;coBB$)VZFhmil=+>ovnJ7gQmd3L-wg41?|(Lt!Rw=d{<-RB`vXBIlEo{s
z?l_CHRXK5IqM3{Cw$r@`_=bxy&x(nyjEeF-Dj=aY9lmMY2~j6@ElCBgc_4PMo`sDF
zkh~VHZAlzP)!B@%m>V>$Uuv=99N1?fsD%a2M)9(DA3K`BVzweVQ)7I`*U$I9{MVht
zB-%*JaH`a@Up$JflDd;?zqEf{=)XD+1Q3ZBdcSXC0W*#R86sx^{faTn-+R-c9YM~_h^=?HT31(3Dem#eau!2#{4+Sp(on(ey~>Ude>5;9L!HSQ
z$xVP-57a9W#+zkdya9z5Z(zjzJg^K(nv!M8@RKuo$zq*4T%SVtN)~>)$zP@rbrxexKsi-bkeF4=hUmgG>Fb@5x$A<$X$6@2&oP
zV5zQolx}DN@U)Dd*cuGNQ#!jgl&ncT_D8TOnirEDXd6xTKU95%IeW01KdekJc`lx0
z14lj#G;W$mW?Q3h3mm_uNI7x@gqIW-sYMi(#Ym1;ZeK~fz1?DtCo6|X=M=CyUK59=
zZVvA8NL;slbKWZvF$UKdaHu?)d?$;3m|YJVNMMMwGt{}PKdU2@o@wz>1nkuaughgA
z|LbF^%gFW1W9EMp(7AR20+0tg%f>NjrY#9G!=sL&~f-33Oi=Xk;h
zhF$;8h*(w0t8#aDek+Kmn#7`+pjr{sc)UvGO?kIj
z_Pes>fLqaLrun?qpCI}m6c9(Sv5KtPftro>X|wonP#$|2z5lWT3mHT(pd0bb2rrxd
zzxx36G$Gwk!U24bvvH&E&4C6SBJzRy!VDNfV@${~(${wGiK>lzidiWCf
zCG|m=@Jb!-_XgZRb9XZ3*ufN4G@2&^OC)k(gMtM$U$#{_rUf%4aC~y3Q(IMEuq!1!
z2x_eL7VsHMu7Udg1IhkcVZPxD>LA{*MFn7%VIC~N`eme94T_|t
zA@^wngE{?5eK&yqlgVEUv>WEl@e)7s0`y~s-=07>#&S{0PDvbLx7qFX&-H3+eV3m9
zw3R|a_I24;x@ft5fzLGpKOLgT=iZX0X)D006Y#m764fN)Wx|&%9RTd!IDf!)yecg8
zKcL^~miQ=iAr|GIf_ggc3!;(tf@o~ixyh^WE)2TX5$rF|+JIfnb2h$ycvieU`c;E~
zX7p%!IxahMpgW&P5G@zImmfil#p?29`3OqmIDrFt{V8h*;_is`>Cd0yFLLmxs&8RS
zIUZ9bH6AYVhiI|J_{`CFqV5u=eMCZHM|M;twhZK|rk67ox%(|J0VacfvrJiav#4wv
zvFzZcD1L-~n<#H9{6`0tZHaa8TxO=MktS
ztZnQiv{WQ+(5Dre+iE**3^rL*EQtQhI44%2NZH!Fn_+oDF^(=zfrufGK~q#Ccu%OF
z4|U~EUdnd^hzo|&`)tc?_MgP<@*NS;#g}EQEs$S!22+`9Bwb1!`y5aIau@Mq!0W7g
z?>d@NzJN?=Z8GqiVocbqjo(|%WpxrZG~x?a^g;#T>S-L$QSO&~j(MlWDSD{%g*AG~
zZtm-Eop#9?9uOPuSj7_7y9rUWGG}11jXW&fGEYt%9xQN6C&@g(1=T-2>$L_iJ?*j1
zVz6ijroZJJEEq(NmZKxcqgU5Kn2$PIc)L+$OZ_4oeh7wl0;vC@7m};DoCkW7%=NH`@eRf
z5kh*_tCuw`3!u@s;@o3_fc3EGGoHQ05b0$K!%nyU2AjOCRA`=1knQc=VbQXT*H8RQTq2P(
zpwAlJoZMLURj=6qci(
zshrHA=ruu;kdU>Q^xPr26uutEJNugqVHI`#dSKl3yrNTWc_MXhx+3P*87QnUbnBVz
zuWdBTmax~^tDxZ`x#C;PWL50w0H4t1Bcl;uzx-t1Ykn|T
z>eShqD?^}G?XhrWkxC5TQ)Rs5fuAbYz>qD_=^zI(#w
z(3{=Dc(4iUr$5_-E>w13ZY`)iqIkZH^`XC5WUK$dxYW4Mua-T3$uSuW4dSBIZE?Je
zBye`hJ#m*NwbsYISjqU?Ee+v{0kI;+2B{v7vl^g|una}{nMOh01NXkX_{se*gE<@y
zn`q_!+4Us=giBNby2g@<{^o}S@y2_Me+Z<3HM^vbXwr~>Nccq|2%mc~huhspZ?!SM
zp!1mR>s9oq{Kpe)WF4CCg5nrMQ&BkHb_P9|P+TA3;64p%dOdMO*?CyrLzvjg<>r9Z
z(z`(wij#}0$io)9su}zpw4ZVbrGr^k9?x^3W&^Q2dv54
zepqT;wQom*_~!!As@5WA)w%WHnw^&1{ZT$W1Zo?QNf?1rm|sAZQTv1Jy1t`%woxQW
z!+XcHm%TueBrLyAA`8^+>NR9O#!VAM5MAaf&xG{#VhMz2Wpo>xyfO=(2MAGGUoJbp
zkBsdz^69U@5MCUezmAA6`2eu^fqYs20?RPVVBViB!chjjT8HUB-z^*Y(>Fe#(8Od?u`R`;7
zHaZ*GhUd{+ys2Sb#MK6XnuSi
zX%gY8pm|2$0EmQ__TyN)fJNf#57qKVZsiEnahxomDaIc4bCDBaTUaH;?g1bZrQ%|m
zfR!%S2XnK2?k3j3+F3gFvs6>90H!;v{+Z0mg|_SB!F$hMveaf$ZLq%i;|aYphsOIQ_}#wFsXW+zgbM_nsBu#(-^
zulUg2u^r=(l%FPea$t;L#{wOXiyh#A~^X)XzX-``mAD$j=(2bFeuBahNbz~
zM_WmG75+OjW@6006Iijcb}JEk^1Y)J3(~dbSC-T=ShGvK!}6oXaY2z+YCnVwE0QTK
zSoLn3dm;OgLqw{79?x-sUSd$$S3q0zF?vcfxJX|`hy3AsaWBqawwv?qfjCYzSm;0F
zg3#v;fg2h@b4R7wcg3rL_8MlrO8DQj7H>}-oGCO^2HR&!|zqAolsV&|-k(z-7RU3iZ{i&W}
z*|UrX%&+>7
zwSRm^F(1RN-Ky(awn+0lk(u5JwbDk#uCf`r)JwSsYH2ZfS`G>4WjjJPn1KA;k~gh1
z5Stf&Y1z^Ydx2Z+?W0lD9DoTu>NQ4??r=5|-pR!K|8)lxVgBQ=&(X|ZE&$9I<>BLb
zMkh9?rWaWhO&Y^WSnathvsRhj-bG#YH8sDOzAUkf)zre2(c(9xw%{Q
zzMilOX|tulc_Fxex^oL(YCKqoxl8dCogVMA)F66vviKumTI{)hcZ$zHO6lyge+Q1S
zAj@)YhR$!zHAc@1+F8R`|8~iWT&5BSv8rx7gAGNab5;tF7>|*onWvdzSqndHKT0V8
z_llbIa!sa78>8XaFAk6+oSXB4K9dW05CLJ|gkE8P1GD(imz3YfoFXm7
zcBUnqQPU?Ju~@0nNgZUGq>9{fZdV$O-OPXVt&<({c!NuisCNm0-)MN>;xqAReAFZo
z&zwGMTIIO00lFaP#D(v(?)49W!&d6yum?U#>+d3az`VD}S^Jf>lMu%iyPbEl=7JR3
zgK_B)U~pV0P+svDy0%1EwpTpVdI#6756DjLd#PSTVDf-J8>t7PI)m=-jgxP;3oO}_
ztxn{f-ZzTBZk|^!>h&6}{>~P49LDfUnZFDXak4+){9Lky_}cn@AzN5J@_q&YXeYM=
zh!SKdf%$Uu$-HUvYx96i<6_XOFWw@Fp;aHk7u&k%Tz~4Jn{z%%K6+G(?_?5g+|jpq
zfSCMGTPba_ZJ0Dga#*Cs#BsD9*e@tZ7=hW3AJU!ZFjAIcP-GJQUkdb~w%(I@N4Br2
z50)U7SuIT)D%jYFpYAp;2ja_Qf@TajV+|&W3-u!QB${^1k||qftosAmap`=AA;8iL
z@NM&qBKtei^S!{QkxZcL371a&{m4`WKrJXxNg3av-k$29muhtT&a5w&==@Esbsc@?{ylG&PRmgD*JG-2rU
z-hMClZ{5}(K)?-X7FHY__H|6Nl~?xeeqZ5&r4Bp#4uDURho}T}XjC?9N4Zkcy4kU1
zMKg|xJjn7|)UGty7F*#Wm)MDQ?(4H>iTg5pe|ob6e&Qnk&z{okJl+1G?A8CPbnOGU
zIhCex(*K>R)zyrO6)vY#<7`^ww$z;Q)rJG%Cv5amr>x`aoe8}Uz%A7<}yW^%@mW
zCaFZrytJN0?(wLPLB9m%8~#Xmzp=`sni~l~4E3XcNQtyFpl4EutOjZuQ-K5#4e}#f
zKpP|u|Jsxy1!vl^k%!MNW|DcDl*=v=rD7V*#==Z<7*4bgKAMlJj%RDmI*sCrr(J4+
z(R}9-nBkTy;T3ioj7>4G)bncR?uOsZZ&0ZhIr>Xo)NmMG_BWJft6<1>I3xE_OG-g?@MjB6vq7wbI8|Fcv>4fuDDptaZkD88>LfZ}hJTlhL&g#!$jBivu+)eB$t
zh!!o?$bJ0E9c^A&Tg4d&98M*TjmEL}Mg~F_1~Ndn81G|!PIJDb`7*;kU6BZew)aOC
zlZe}HuFFwq!*9;-t?t|}6Z8JeYB*yZFFML>bm810_+o&0
zjoXZU*FWRy(qsi7!6Nr@0)~gBsoDn*2>wGL@k;!T?t9KeFn7fP=0ORC@hb)r~Y1
zVCLl42-p=2YTnB2FyL9Sg4_UO4;*JB`29>_Uky!LeJ8zt#yF)wo}kgvM74m0=H5Gt
z%xYNwCG`Xz85>|e%nsjxP#l4cu?9j!pdrm|Fowr7z`Dj1TcYdFD(Av}rv+YlM1E5V
z7(Hs0_tBr;2+BWS(^3%ua|wi+yfIL>s?)pZHZN{=(eR3vq-UXOtUlnVm3nXsw0Vk8
z0H_pVO;u{UmaUqDK-~iZpUf=dx;pAb2TpVu)wuqva}_t;sb0KeoO)uIVp&
zUl0UDLJ*M_Zbovxuf=)6Yi9oC44Q;`bbTnFT4^`h%0TC_tS8DG_Y^}A3srK^(Z9_d(Lg!Q}l#!kMd9KPi
z_7}E&DbR0OXVcHepQnAE2Z|c7EpT`tW(kUKXBGXso5k7l*^8ly5Xfn(pT{H4bwx(M
zKHO|G(Cc#jaHoZpR1xNUBpm1OUG%&iARl7=Vc7RM#_Da<>`RXiBhP&{VS#K=+fXjB
zyE)mu`&2-Bw=|re%Zu)+`dG0L^E%a6cw1_lpjgp(*v&djbRWu1AvOsWx7kv!09z^N
z|GdS0`vUqkl$fi=!e5@4D}i#W%FT{S>qAW-rj3j`tK%z@XLB<43D5{7Bq}(~B&*cI
zbut!D#D|qRg%wh<{Nx_mkPo|6h1)zoaz|u&{abH+l1~k}3R_P(iY0Ay-9AMi;Ym|_D_mfq+r(^oY`0h73;6zEIF^m*!I||y*3b+Hd?K0hzI90ZLW9;Pr-d{L|XboAyJ+q>}
z`b%6^B60!@PXyarOI=-&FL?ZM;w7-deb{XhluCsHmbUnW&J3i4UFR4K`WjwyRf0CCUb~
z-1O_rZ}vXmmnqP?fdLC1bVkEbP=|X->U<2jm*>G9(NRLS
z!W|iX!f_Y$%vTMP3(<1lFZfqi0hJ}ET$aW4I~jku8vP~pjxV^@+?EU?)N^p)bmiOE
zIviI%aVB_z<2DEBCZfS<+zms7n)Q(NkJXiX)m-!-KPI}T)E8BU{i+F_vcMtzqLc>)u7h=vo6RSQxS?YH5caRlw#L+q>3cROEECReA`yicTR}K^hteqjm(Bvr$htk*mWpnu2`@
z*`C7oFJXJXIYKf}GT(X_1uc6PFG02s7SqES4fduoozYb+Ds1R-;laKS7X936EEhhO
zB?QR!zmq){>Rwz6GP3fuK5XqMhVPt|Q+M4rGe_Km)D<#E*^&u
zgLb(ZVHppZ*2GN`gN_SbgPyC4QgmmM*hTrg9l_r50DcpqP4?CRjCXB-pnvq~#zMP^
z)nvi&6kTe1?c*21EWQ1DhrP(tgzlljx(f_3BpTl6;R;evyr-L
zQd9nI7p;D#{h56&=6@bF4sksL&dQNl|RK#6+;~LAQ@(9yQ`tkZ%EvBgI`jwvaw{j%slx}j5+VaHb?1<9
z=2e`=s)i|QjG|Oj);73|=hQrLX7>u-CjaTyE=ER9yxRPO+|ROGLloQlhtj6tU^pIF
zn@;TIOF<~r8H3wW!6V+M(%({g#wn@gQj6ZxN+^PVOu5n5VurkH5tw-~?5Io>I`PHq
zK~?4@N|wj%I@M)&Simuk-#a5*u1VWQOxMO|gw#}i0Y?o$a%{<^!X0tVGLnT_Wlt(awb?
zs}FCEl;lBkZ_c`UPzR&MJiP4uq980`M&QFU^q$Z0JKS2A^8J@)ADk(C2(`L(Nnuh3
zp}XsmOxU15)5&+gRw=y*&PjZGE`t`F5{~AO^j;Zubvpe3#-Ip;_ht#t$Ua={l}XlM
zp|ceZiOVV%F1DjQgR~jF>7nnCQ0iDC{YI3-yBcxA{b6W3|NN`8etK&@e*2FmxjE;0
z3*OC1few;IZV@d|e4ndMrvD`Aa@XnWwjR#)vRff3mkBt%7aZ&@;$TW!p#4!RQ}F%%
z$EjxzR1em%VhWl9*PFJy@fR=Xr|YY2;%52N#{&bSxyu-Z8kAh
zXgiC4Q}vy1=4qZ-3MxUz$2I1qP#M{5RsFA1U-Vv9HoF~s9f$-vqFq9yXe=w8hONdO
z86|0nc!5Tra>Y{bzPq_s^=W>b&oqcKL>MZW1Qkz2tG@y4U0330W9tcm;FNXCP@Qn!
zfja47Or1|q!pHnW@q-~nJpsy3HD$wfSFRX0U#|WzWwghelf<0z;4Swp)AwF^>ZEO|
zrQPn71!ZkzA~m)VpyTrDmvw)}P6iU$a3hklR;S$$fo`|Zo&ptiv7QEZ>Of~!YmIla
zf4XF>O5#UT&~N-_#BO8b(*(*^>mF!N)o8bSOfBlc?W-0%^dIK7CIz&=81L&t_h00S
zmBcb465025#Q3lULms2So5hD27K)9JBPOTBMq)#F(^DQh;%KY1+H5~CiQf6Xa6@&2
zy(ZVUwnFC;8C4=C(7l58XONA$>fH6z!pNz(gr)J=m_NM$9WSPnjaR--T+Yq7Fq6Ik
zZ5^gL^oaAdu3k5BcDP@5tHpa$6KmnDqQ;1`@oS`0S)8Ab7Z$9#!fl`FOV29l$j(%X
zErd6PpN4PFcELw~4*onm#B#F8Kw~HI-65W6t`M=kPooeL
z)7DXU;j(T~#Q7YvLkk(VaMrD5DN3V?l>H4G~X2oJcvNE*Qu&m9X__O
z*!(_H?$f-)!QSdN2xBecnApNjOnr0u{w2w$f050{XtsXyoT!}l`lYr9f;;*FSe%Es
zk$JgvoyQ1tWANiotE>g+jeXud?|WppQ-{N9k&5z}{7wi?=Goo=r;k`BQD2n>HGIFi
zQI`v`iunB+BANPGCNIA^AupHhmY*IUFS$oBWqK~~3ZHn0D@@^wWesp?oCjkMnfI=X
zjxG?wSllbgRMgkzb*g9v=eYUEnK&`8p!y?6WSAkSDw=a*I_@mcD<+q;+O-d@F6(|<
zT-H5X`L+Ifxl?pX)VZB&U9>ynWO)26m0ooN70b}nvSLTegjf>tm74?H4I5VC*c8Tk
zRWn+0tsyudW-ga1|9-jBAj&DxVW?6KpY9PaZDl3o>{*^C6SDUFX3W9Nhx=6hg?5p3
zI=h?L%YFA4gv{@kv-qi^2Z6>K-q^UrH?Vq1w`jcI5}0!Q^bK+d
zttSyNGDz_CX_otLt9{v@F{r{{wuimPg3EOtY=c=YDomTweVg
zk$@lejhxzRZI{rs?s%EeGuV!>P8!}0T<5%kCg<9%l9mZb<|{PnUvo8j(!*deqOJ99
z`X=kn&10Lxu5YIBX(aK874+q)7@GYa=M41z3*2|l=|0`51RDd1hXVzCkJ)N`c3(pg
zu@>|0u4&?nc{91L0Vb}SM$Qe!bBB{JkqGRbzYe%L5LbxXK7f<1Dk3J{XyL?}q7A+AKr`<*9<4*1>+S~1lN4Nlf>@hr|QxR}g93VzMZSUA7hm0W_ur&HI
z@3PjGl;6I+w4T7fXQH>L%N3he!(;;qgej1cb19cC2{=hqsjUdq;Lc*>S>G-9jH3BQ
z4+h%!4C*(6nVjdUO!&g(8q;_EH$=R!=^j^B4IiQOoF}$z8QHVZu>|uGi9`){M@ODWd
zc?2gw_5Bzr9+NH9yQI}sFL@+|c23J)Zf41kNhQcY$NKhmjr!{aV&rAEgUVUE{<%-P
zpR1flHuLc(4(A`_-fVnw7)ro%1RjTv?Gm%jX-GRShKa%t5A&4=eV8S#_*_Vs4A
z$*Di+ek^F>Bv{o?2ZrbWEcZnPaN`+=cUmM&gfzZ}(~ef}I8ydJNqmSt6!rWVaXlri
z%0{|mBBMGr7nbJ@ihH|_;j-oMhfK8(MJImfA8dCdX6Xrt1sh#d={Q{N@V~%&-s`Q^
zM>%4oJDS#QMWZdUTE-ELtX{VmIo$pla3ze*t@*Q%cklZ}#I8$Em>Cp3a-6fxqwxM}0BErLmV@N%!Fy~Bo7^ulj{uEiE)F5cE2
zUFAE|ZZod(-*OXGk}gzp;oZ7>98E&Ee}{PB%97xk#|5HG+81b@gFq*wMNxdbRKX$D
zWfgFnTgY90)U#v6iVWcLy}JjujC}jrbR$nBOmaR9vP4%JlBJ~^bGdap($J@OcBzdi9aLNob_`{$1s
z=)w(gW6AAS=lvf}H>%rB*uC!7d(K%US)fmG$*ixmI)6>pmM}opEr#;7RU4a42?
zq9oQ!SK42dCrz3h?jDElhL58IHqoh0ajDEc)m0h3YqwW&Glvt`nSc5AIbvi1zK)kO
zS_5ZVy%@25XQX2g+P^qG3)tPhri4+FK)}!n?)?csg{rLj(@_Gp0Lpb1k`Ff+34Bk_
zq;$?-%hze}?)GBhs&;z^cWgd-qTJ4R<75GMO&PLOAN6V&kEfhPE?!eF4xPHa+ewJ;dA*>GwBX>J=_;^
zRFiPCQ(pMGj307*fpx6mf495QU3D0HTRzM>t>c$pU!)7N1uC^da#i1W>YgrAOcivhaGydDVm-K)99M+%+g0O(O5Cbu|D0?wF-(b;gr2>Xe
zgE?olHcgy{HE4l<_kS3+tB*8__ZV=fyq}D@_?){nsfjqqeKI%MgvaDi&XJt~eQ>ZV
zG;XJjsp>b;N?FNBbxhQbf$~h@DJi(HmhQ3_sHUY3XLjG}K6rp~mfjt-bN-}(9`)P1
zHel5dxVVawyY~m1;l`68(bUk5;i8;RpO{oecE-bmCVo!dxsmhGMg>PZXW2WtPgaF#
zLYY2xX0)Y>i%#*3=PpYVfW7k7NRZd}?-x52gmFbb5R=|EnX6lE*K>l_6!v=GxqBSR
z8G5(1HDK2cwb(G2veS$-IgPW<5MLl}nn=i%%=qJYab3ar`Xf@xP0EDyZ;V={uL39W3IaQTeYePY{zs0*?`X1P&0B
z#J3gFF;N$l84~VOZlbCGoqt1U5K#uNxrkSdc83?#i
zb|SuLXGi42Iq|D@e(RICj+&KAT`~zxO!Pd>_<*(JL(r2{T!%ANGnh|BIqvhdzk>OP
z^C9$%uY+281Zq_dcK0Zg%G0ICJ-cFxv{>EG-xOU~o5dlL(!JMJv2V;Ut3}mHi*^rH
zp*)!|=bXh-nY}igv&J2Wn&2w|$(Nt90KGHkP{y5nCGNPr!5}oXDpi!gn0zI!TDSww
zTDlU)!(@0nZk_EK^zD>~U&tAi_TFoLz02U*1aRf^HvdXMrljQLeyqU7JYGf7*nFSE
z78|V>p_dV<8*OKXDx8u5rW*V2R_^lGGh3rHrzP-~xWPoEUd=1JSs}FTP_e9Zz%qBX
zj737z&f!7Rb@6mNh*uY-U`y9b&IwJ#<7r0BceVN#C|QY?+nH
zCHNgB7rT4I!AeZ1_uOcu)8Os|jSG9cOVOTj%Vv*Tn>#r16S*)#`zD|W3q2_A)sj;&
zY%pQ-S7@(ZSVx)l(a_Q-QOQ_;J7*Px==kzP|}dp}un{CvOBWs@{d^Q?gWxru#G
zop4SDiP!~^#EkOyZ0uL@JJ>6_?>|%q2yA*Xshe;GJyok@oNF;eMKp|;&mBTLklU>E
zR7A#2*8M5{B?IdeE%Vj-?8zYE(@RoI#$?@%al7!#Xkdv1?pC$4a6V|5{azmR8=k57f&juNx
z?5j#WXv3}sv-h#dz2dv*Rkdkys5+N)PONv;r0&oud)%Prwk}KP<7F{p=Mr_9Rdv4dxr2P7FTm~L4)5n}bPaiW
zc;2}W^+Y!f&fN)_L(0oXcMSW)ywhG=N9>gUIG9RXl#h|d&~DEZAY9ktuR&uMJp44M
zxUg9BFWcHz)`u;=l6x&gk2ZIH4$+>s@9(>3vKljTz%o!-aeZp5?{GJBcyG4`W8;y7
z56m-aD&O^7>FnGKvbm2RFV#AT+Ve(<@-^)+1-rPe^0K~_5!+=qOx_T|aRux@9Zl?d
zqofz@<ZC`?A|D7~h+Lxfp`vtd3wLziL|%FoB4DV<+yp6avZ}_m7lunsPCF65u7?Ti
zk#X|r*q?uurx=hqL{&$lSvQu-H`+ZqPU+wOvbzL|))3yW#wrFVTQR4M&?b6jfCR)f
z-Cy$ZSE;={y?k^gng2v_B3=9MAn3e*8#lDvdiDq7{xh0t&Rr#^A5Z=F#&j%DU*ztP
zQnL@KkqbN9SkiS~UHQUYThf53!Ne!z9~OScl*6x=l8VIUgQPM`4L-1L?)D$>oupNn
zmIks0xbXm7rCXwV6Pck4l|uiVBd*#Y2wib?Jqu$
z+-1w_f7HU;aR7Iqz36p=>VuB%-Il?12Lk`lE86H!4LD0FoXY}~no;9A{qI^k!49;#
zA)U(6GAbJ^64%crb!VYVi|UfP8KCv`u4WQc)e8ZGOchEGg{Go}EjLedTJ}u0!CkkV
zt9%yaE6ipr!xEw;??}6K29+#XJ2N(~7Nu}|NH2L9RM*)(v`h{Lw)$ImkSLlM?}XZ#UNbWF_Mbdo@<@N86ZZau{G|Nx=i0n}(pbMN
zvR|2Q&WU&fox((dOynT7E{*TcjroyrOaha!uEa?ZT%hXFS$sGm>eF0wENYAFrRANp)#0B_T-Jt
z(PRdE{pCaBPge_esYa{s*Kc#%&FpPSY92>=@BQJF4+3WV%n^Q8!!NtKOV;JR_6sU8
zCDYSo9UKE0Qt^W3o7PcZEku@zJ_qnN0;aXR?z5jyi--m{?A7HM_51JpP_@Od3f<*l
zTjtw7_|bc;CZXEfP2JhUk{D@xGgU$`$kN4*-eiE08humg-iud=TRO8f4bM;lRW@B=
z^(M)b(>yQ;R7@~hQxKMHxk&woszE%79qCdOLYvSscC^_oC23NW
z)pu0ONtLC-VC_q!^IFx+lp7TlmH$+)Hs-s8zn#y)pIG0zDfCoolFZR-V=i&K+mF>p
zfU=U(8c}8b6!3DFqz6gu`(aVcH+s8zb3kgHU-Ti!61PxbR3Th90FwwdS(|b(7wxAW
z$~E$glPnvfP~L>C$PQ9eEe9cTsql7Tj#Q9&pa>1{%?98P>R3PZ8&`w@0wqxw?cQSS
z*`Hov^k~urLl5@fV(|wdhAWe)X#(Gz(@rF@6A~x<@F}j{I%ygIWGMIy|M$d>%+uI1
zqdRxZeN+X&EoNTM8w{gKGGbB-YbzB^a~%x0vW(Ww_Nki8rMWVhNas1Y-44F`Q>1Rk
z$%sXNvUr61y6DO-;*ir}PSiHwu)_&Cg<4wsiCJv+E_t=HD_O^rkje{#4Aj2jDpF}|
zW>&R^#9n#Sk?jD_E~h`&2qGnmaaJIIi~y48^10UkC;npp#ky>h<=1AGRNTssXO(k0cBWXjZ%*P*4%VOeDw37B
z7l(IGsAf<>Rb_f_Go);-7un!49#m3O-P>QvrnEpC3O{GxpLVaR9%qDZ+vaNH^6!rn
z6-7xp2IH#SgD^BVZdfkdIZP2u692PQAqPk`Ihz17I0
z)k*Ms~o=}q)lM8e1l
z?y`c3NAe*i*Lf9>hu0Z{R#%zB_R6Vm+-exz&HaJ7RzB3Sc1?r-d{#(zh6T7+0^B&!
z{AI=@_E2&&ZPIRz<robbq3Yc`0W^mp|yYu0(clM+mZ!8Nm;p1t%(Z(1N4
zSD3s5Ong2^`D#AjckCY}Ldwe+jeSGxK^)T@I}r8vsim-L
z53o-9pd!@lRd-k3gDwbTnz*)9QioX@Ttnc4ODJ{bavHw88?qXY$2n>u4cS0c*&x53
z-P6qt&3UZn9K$4d&*DEJHY85x0S939V7M!ceHQFL-qTA!q*t|
zfJ&OAp<2sU+uLXl3H^}JhX~;*Utk0?G%sRg*2~mW{R(Q=+a;KaUUTGtB;Ic2
zTLiB=S<1oHO%CX0OK*%{B_$UYvs1E`iP$m#5o)NSUlkZhNco!u2ATboJ**7nc|F@O
za3o2NhsRqD>A70G5x0koc;#+U`SEw|*{(MZu6h)v`ApqQYCP<^CD_F7Zj0ip|4+Ca
z9@02Wn*Z1mHS@69zw>pNL3CGj?OH$LtyD+M&iwxB5CZL_*T_O6b&)gd)J?tqS$bam
z8)y4*HAO$1YB}@t_5ynZYwxqA$&5Ph4U)#RHXQ6b%ybI8qYBuv7>q7Q23e+CPENNu
zqtgr&<*@_bp}A>SbOZeKH;sp`+b8x2Rv+age7QV;#H?3rB6IblyI`d!E+mAd<6mvB
zTHf;Vs+js#UnCV+V%lOc7Q80j`$^XlCM};fn{K7(_KbgTy)nxSmm^u2X{(u9u
z1r3fvJG<6T?ZR4nWy4zqk%}Q-QbLU&UZ^#vW}pl6mj*zU9i5k^6Yv_T%o6nhqxE_?
zR7C}{kY2Nx)nmYG=DUBPIMd*}J#4=*pU3sRCSoHRKFxMTWP8Kr+HVX~B%a)0RKgW-5T&{9&FGy+>
z8J2M0{E?}!9Md$@`c9^v4~rkz`dXcnY3yIcy0ZLuASrQUR}irr$|^bcBN0F9iTvga
zXgf4R>>>g?!Q#BD$8q}OIhjayPx}nt^^bY>qiNP)-`Qeww8@>Wo@#O|W
z$AcI^XMaaFO%Qqbu^>#~nM<(Nw`$IT&%WI`{j0F_OGOU4LR=){Sv(bf)lC`o{Itq6
zHzD5;KLg|_+GmZ@aS|H(5D=n!`ElJV*-MRTOcd1#=8TeGdvfFcC
zPluhAjEdxb?2p*uVMV!XDr
zp4c$APWnQz?P7_^`n@Z#N#DL_HqxR3a)wP|-?YX^?fPHOaL-^gKB7N=>*mAL1i5T~SQE3>f
z+tO#D+UmjQ4$usF35@jeLg`AsGTZb0kuJAy0q%Hd^H1uM6Xab2d!RBlu$<<|HoLh~
zy9E@s*kRD4)~ssMxU=gp@bTWY!|rb5l2NhUC^r6GRCENI@g4hlY>vZ<;lqLs$j+`>
zz;#WrSV2VI#)k%UXWc
zX1hyKoj|Kj9p_MmL&AaIF0%9Uy%L{KwI(v0EwQXBg)hZ#u0@`f0@~K+4^;$~{{uFb
zp*UozXva%SbQ%)N8Y@R?o8oR1Pu8y)_t~N#bC^DhzvS*8rgmhuka%KubevCmE&tuK
z0I~0BUJp4&Yz)$ijXPr1ET;VIfby{Wq;S&s#%iaH7kUr_2=t?WjHp;^L{Gih
zK)t&_KlSt}lHoI167bYlpEDz2&czQ^k};-zt&x2KhSf%A1qK$s_5PTPI|jC>nQ}@y
z^iK?QSAE^-pzujwbNzbnr}Tf4&QTz_5>)J=jCx3`LXDC_K0FP}3I{q*WH|eZ8W<3U
z)Y^wIpsyq#jn5yWu2cj4vh$Rq)pr*I7Ou65&7dFq+z3t{IPkFR_pRnqUg9xr{U0Iie$Yi%Wz+;1$pU}N
z7oa3M5tPJ8g^$bnb
zahDUsdL+|E0qIlW&ms~O5a+r8DzMg8$9%lRfJ^)lp3xu`S%G|pYM*tG9FyRQWnCg>
zuJx@EK>k)cot8f8G5?P#3Jg4{@H$pjci~SjfCPLo0VcF50shz6Ex@4VFH*Ov1qvX&
zN*>b@J{cGUrjY8&Ga@x0xamJ3$O#X&8rk_rf2+RqRPWEJkte{MJuuScla^aQ^vnh?
z_#kfsK_uEVl(i6~Gd#lCoW+mk-1Ry6r$x`
zxQtr#9!CQIzb!pnp&@N7p@ga^NBSK)#@o%@mp{&)m!Bxc?tRM}U+c2ikQM|xK~&A@
z;=={XIn;|%vdz~%mAAT0UDmI`WGJ#vdowq&TxhWCi*;etl
zWl1eak0@3abwY~TYGSAo?G?@JEvHqTv?Gu~?Tb5)LRu=|YX?>;}^v}|e^19QGQ
zpXm4kaAH#-&RXIpaUmuK0B4F`&q)+x<0U`2KRd-H@onv0sq{Z1rX^1e42>l_Mc*ZZ
z`;OAMu*1;x2yS$)%5~x19r(;Wvl{y9O?e2k?46YbFw+Wv29=5_9hzBI-S?G%26>m%a~
z%A&NSyfB0-^1Fu#MiRoe;)Mk>OZ1f>Ocvsko(wVh7RYi3#O75@E}jBxfMrEfK8*3M
zaxju~`LPi2t6O)2Y)pJKsI|O>+ny&IUSUjg)4ARM?OWvKM>|g$TSHc749+ee^t9d4
zXMRo{!|P{JEeW5!*?K^>hUevF_bVHAo#Vc9?UCtY%CCL$yrzswzd$|cm|4@<=w8$FE0IApx|o)|&F
zm3oH)1!(wp;2+n)6~}sGA5)9YQt>n?->T-4ptvB07~p8*KVMSN*Ozz`JqwR=<9rF6
z;1zHJfU(up)mJ10`1m4T9vjj)t5VOqwtKr;umZ$qwIu$8=Qtc(yC~iAN8uaGM~b9k
zCy6sCBm?@>S4LK*(5ssT=Xo2g+gBF6)mg6)qSQy->b{2%y%1#75;?6BwH7}GS6FUR
z4*sp(vi+Q)&=CB`=W=b!rJsB`g6ZoVzvNm%KnR3&lCYA*xwM5mfxfh7REn1Ku&gVf
z;3C6)Yx4%-!4}wcq!N1-CD{ixXW*q>5colg>Ot0kl1y^R!Tz)3C)57!N2Z`}=rVQ_u!BblNA;k$mM2>J*(_|gw
z)~n$b{uefm1qG9M)6gD$pY^9WG75{U+v{XB72%59QTeGnv4)*_(Fvzv5LGb1H+OLp
zc+n~~c;PGnJ-xlBer3dB!Oh52j+gf8UV7w&_x$y;fuw|3VYSXc&l}-?jW(Q;*85aP
z-O^{BIFG>_jis;2@o(XP7e$_?29rAe-r|<~QAW*6P3Ub%0ZaYoN#HjO_m~_lbh}z}
z1!6|QGvuaBD2>&sp8lFZ&P7)8FrSHtH^b74ds7%t~x_8Hrh}-AoD}3m60MHsH1Xu#t7scMTg+auyfE)YNttmxm1esK(S>s^*%xY}4*#5t{U>^qkJbGXOuj=Tf+oiE#1x=y>`t_nRok
z{}sI;Zvtt+S7B{hL%!bN!TvmxCfSUoVY452*!!iq+KU*uS1SwPgca~5ck*v$g(vf?
zw;y&nB7aF7yP|0%aoE)Bs`5Q2w2~8XvWcef+&%T^{}zb$7#Jg2mP+WAI2fGc>7&O?
z4mhK1lc+I@&ht=DQ5U#5DCs4Ne|PxZwPO2!_`MD|$#&q0q{^*e(3WsSIsPdVzO3_LMVBPkm^%1TtANkR0SqCz-TRC&N*h2jIo!+Op8gpt$NqE8r?kL_{5$j
zI~|v*fT$>^&V(~
zw|1GBFij>cQ-lBCo(q{E)(dWyMTRt^H0X8*EtS|X`zRX>PEng*O!sbM^D`iBPRQ60
zn5j4;Na2Q`aiW3k$Je$x)oTe;TL3JP?emMmgXMFTAwB({-QnKlcmF
zBXDcGdA!Ryv-(*9!dO4rOgIh>)&L4PP1$*VV2_yr4*E%+&OUa0P5g_TbP~cK)4yIq
zdz%P&N!GNixluwStGfR_D9SkI8}m9v&bBE*pzxX=@A#_}bzQ!R+12Q0kH8;Fj!(~@#
z8CnG*e_O$GgUg(;3rSq7n9Hz>P!lLYw*3?KA(q6)Ln9KEIce_Xo5J0dP}Il>&K7iB
zUl28tV;B0x9W-7_fL8~1ca;hU-4iq6ALNHVwoSIgC8c4>)o7t!qa+C~b@bwFe;@gt
z7rN`tGpQMd%)vYA{uwG^&{vHiT(THT8(uG3nGhs4X@m!xG;FPB-3yjn7BaAv
zNqdEsh(sM^Pxh+Z*)>Oy3WiH?JWT=t{1sYA-f=ot?9Ye1k7lAjkt5|gRFh}9JKr~u
zGqL;6%AMoOA}F1_(Lh>_GQ1oqqy~t&-ujZc=#iVBS|yo{wl~(Oy?;8$Qt)nyFgu|?
z^(fLjiC>Mwu>Lb{VhG@Z;V0tOJ485Dy=aR?0PG2aY$)}1*!v>$
z{b3(P1YOgjGArNC3r7XM@HBhaRp@-txs8}VEB-{=bRc*;+a%(R`2<&&;0fXZ@M#AHuIT>4h_(H9ROm
zGMw?VWzALRn|-(McyDp$jBwW%M#A7l!-l7bNP@2bhidMl>>tF*A&&wnZ}dg7xK%IO
zcNWf{jCmJM{8@hTyklmVVjUF15A-B-RKL{iKJtiZ@+c<#hwbL~BXWUvOHEm=u#%R^
z17ArXdyQe`fU^GiJkVr%NG`B~AwA9fjM+5EjH_hS(5PZL0*O%aAj?H!FtH7eU0P)+2OoIbK_VC+At3Vde
zu6TK?=^?=xqb4YTJ?Pg)x=dw*e-Jn+!RQ7tWmIJ|lu$eolRhzKPfdu-e}Ym_Ho5pI
zFxrwL%?ioz9#bJR%NY+D&`_wu8gY#HG(dRPWtN5p+$PTG!oE)3tLx#zd)CVN^g=Wl
z?az{NvSp=y3A2pn6Vkn$&-@u(AUM6?NgTS=lIJurva5#j7p@-=a6Q0J;C-KLA@P98yNXbD6!pJ)3>47oXqq#~1Q=^d}3detZ^A_}-IvXe`
zL<2D(POemgg!UrA$i_o|j70~Yh|Aka4nKGxw)RLN-`bffB(lY(gxpqk1
zgt+(UojGA?LvQr|P=rZvfxca@PCh83;=lOQU=>8vsL&FYo1Q2cUNZt{E?)4krWWn0
z+VZqq81AlO{S)Lp)9nPM_CK0NNvq(VE|N=;E*Vaz-X4({@|WPUp8QdBP@Tw0!71@|
zvbc=k9X>8)Opkq)@@CvoQ!pTgkB
zxsJT&ZXl49f-;Gj<=FJh4!bgB{g?7tjLur*=go1p@f#>?(v`){9r=duC)b;u6<xNCG+Rqz#Lu-
z20B9C_d(;Ak}9X?;~pW^y<%x9+>tHodp_m%3_!xt2*(prICfBvn$}s;&T>}~9BS3b
zDAjpo5X>;qN4v5%>EX&4O%_it*56rnZ6g5i@U5GMOXb~ut{`9pKS=pAP}=aahNGr&
zI6c72WcO?$h(n{ECzYI0AG
ztM;|He2i>uL%UPEs~4>tazF}PoFXuvDllZxKd*|}|
zEPoKuH0PL^r7)K6`@PdD)E4(#MiY))`VnyHTiDcAbZSaUFqj3XErUhfV*=7p{v8?l
z79_U!e2S#X(h9`&X8Ya^j@X69j?)4logD`)y{yqUUe#09EH?X?RDAhl#n?>>9c_C#
zETuQf)GuBz2p0v}oxy{@#59{ArszBcn3o;)Ia-Q9;h~RB1v*h9+&kX@mM%6wWeI(7
zf*5J`(Ryt|?jqD%)TZh0Xrxd6bXDe|fj7$7deK&MMGFk3ekSRfEbl(q#
z?_gl?oA}VxkCe{Rgu+IH@sN%{9!#!6wJDkT|S7eGsx7tO;#FfXee
z3<6=th(CiKN7ms%(g#!J^4@w$1`8gI-{hN@qnmT|UoAOS0p*gAM%8frD_N)jz)$gc
zbB+*>Upp>}9(7bI9T0=8csfAHCiD)7G8bE!t29olMjIjruKpQEU?4kj<9CBXIkvA%
z)e&AGhRoS1Lk0%?+HQl91_CeSS(1lbiya>B=17>yU!R1d`@_j%a@l26)M+?!L-?j^
zri^RM60P*kcSudz?SDG=-;-g#^Gh=Wz93BTy|ShKUwG?G5J(rTZ;OY(oX>n@eJ+(l
z$-SA!EEr;!8-9TN4`{$d2eFa>rV1kIBQ^2fx021>qC=}g3e6or_+KF|l_H^iqy?C_
zPtp%d!CQR@g-fkI)$?2H%dE=+&D9^XLSu!|+Wz$hg^wSWf4c?ZOzuA|rpJgQhzW^E
zZKbc*$(E&*(zjq|NippbfJS(3ZBV-5uRO^msJ>3kQo$->m0ny(2uv=g_PmOHS>F2N
zIYZAhoUv%4BuGY7#EWnK6Ch5WJ#t3RO%aUj$+OQjZvBvKZdu>K_jo1*ICE2Q)wnnb
zgKSa(2G)e+nIVRMhe3r}o)P1##t=|x=+_hKo7?PZ48TG}GjCDa`ganNVHkPyFAN9s
z0a50q8)eT&ptXH?wTM$ZYU>bZJa=2~lAn)+Oa|v0PT-O^%A>nAMHBPKF&Np4P*o2i
zpT8vkqDn(9Ovo#idigR5-#kiIb{I9&V;AZ*sAS^$l{RY8H%bz}}
zqjavn<%lp4fPyCTxN%Z}E*Bg!0S3>#IK&W;Cqgo-x-jnA8%
zRbfjYdiM9GUuCU(3o073_~dPjZlS6A02Gc@3=k
z7JSh_9?7g}{SQ?Lgarp4W%cY-E0Aw>62m`2Y{M);)oK>x$Uo2o$?{K)dxh@(d=dM)
zo+kwA{}|*SFQv^)jj<6EH#<$y58sd@+b$i0vk=MnSJ?iHwSLQ7Z|s1w&my4-YmHCw#9}4S5
z(MvsN1$Dx=>R?1;5)!fx9IND{{Tm~S*j5Lr-c-|Y$1dD`KKUmI1wA6SB?r5-7R%75
z%s?$ce6|LJj91u}B43ol6?
zgz43%Q`uNNu>PBr_GaO1!_MPkS=k4f^hQt5G=nIg2zeXHLB?Ell{S#v6#P$
ztUNmSSjc|*O2FAK_h=tM0G<%hg%Lc4l#s0)i_tzV2n3fUZp-6;C()7e)H$9z(zQN1
zE0CwhQCYz^X9IQV3=%InBt4YA|MBJ|adK4erHEEb0nqmP_pt9h}<
zbE8AU#4vrN(2=(L^34(H&sX=~Csw}_dXT1rHloBugI1M)c;YyHb1%c6yqSm42>gMW
zAgO-=;0KMmXQc&lY1MYcNQ=L5LQZhZoWL_uz%)h!t>XWj#zBs{D>E3D;J%x5>@a#>
zw@Hgj6X;}(xr_x=%}6ibwI^w_NlyHroqkVfjO0(C1ADAN0JRw`Y-Uzi)Rqv4-8JtT
z2iiXC;tpH_Q2lzKYfSV9GQ8w~T^)$JQGD{x2ag3^pghImqz9{KB1wND8NRCjU53G+
z1Aw|5WI&&h7}<{3j#dDZ2kRGNdC0^@d4O*G8{Lsq0$GT>f0X0x&HthIxjtn(d%zQKE99d5Mx%
zl{(=00LLF&2!x#_Vkbr-FGFbVOwU%h3e&({+uW7=qrS+3Z1I-W2C&gWu%PZw<8H>2
zeB4P^vGRJbIf@c8KMk(F3A1UuqF!NIG~uySk=;P{GW
z4NbB@T>FNGSAP=y-!*zB7|R!)pT`*m2%gppel
z7t1FmNods9+j#n)$Hd+?ZMYh@GL8<51*M;-d^B)pzg*i~%l}UlOG*f&2*O}Uu{Be`
ze^qKZA8WGE#mRj^I=aiE+;Vqksd9ZTfwK+#zCcp0nVD|BtEj6{C6r*+x>*4){cZN9
zFMs7#3rfIYO0GI*4n7Vocr^uyB?RLdLNH#^0nk%f|AWmiNd2`Xy6?AUJLVYs;%|Kp
zbfB67v-P@(k@Z#p(Fc%2Rjf5J@}n9gh5hNje$E>d$MCMZ(&OeP6j0C?(@D{3(<+kU
znbgP>0i9W8FI&i`!kie^JK9OtSq*1vMqKy3(|v0oHiH2iG+AzQv^oJ3@xit(d}f5aWZh$iAOCAyVZW(}G{|86^q!A2b{*0QIu05~Ncpi32K~N8-@&&5Z@#_kDl=Z`?5)
zT;1%o)?725Ip?$14wgKj4{iTbn(MWKE@+sKMIGix(1$%JOD^BeN?r_4U=n}h2~ixI
z+@B!7mlqOOLr;rAx~?usM@*Msz_jRvHnRp-|D92%y!&?UdCmj84Pkgkfz{KgByjTL
z>=kmZP3Me{pvDrX9rnp9W7T8u0XE65%et0MdVo(xnQ~e5hopBRd18|KU!d9}my8_R
z3Ol%MZGoqUjVF9}%1yoZjefra(lnetzu^Ek2`N4KJEW|$dK*Jo
zr4x7@E$wdH^SKU{#O4{lj_%2T6S}Xe`wF2Eem18B(tSs-&v05
zT!HID#zk!Q)GO?)ybP0%x)TBCKYpXKovFJj_b9er7Kl(h9@+^<<9>pIVh7T7RY&5d
zlN7ah(htwy_m&RogGF0D1NlJ&-1Jz;<1NhF)|E89@q423Em^R|rS@(f%_n}{cdop=
zE6&c@c26e#vZL?su24QBRK5yMXdZ{@q=(vFSBF5(0=x1x{;>GbD3bSm-`Z^qf6ar0
zG?@Is(`>~vEU!5+WBzyEH|6NklU0c;$f9z;Xa`UORQpk+Hg=zlk9?MS+S=u|k%6n6
zPE6?s8EY4n088EQPbaRHRxX~{6H6=1A`>7Tdm0q(_=ZmSMJ7_tQwF;2kiQK*)QR}V
zO5G1J-R-qAFf&J(*|Q=Fk~`;LK)&|O&hNsYfBQb8X5T8Yp|G)kB%1z6eK+q5WCl}m
zUJ~+OU+dL=Im>be8A`Moa@4@YhHg+APIw)d@tr+?qmFI%Y#5#6F@|J(Eb#3+oHpC7
z-vW!+2JJ+IE&*75*BSfA)mEMeL##4A?KV{YF%Th17<}Grm6gFA9z{0uCbF3TkqiMM
zAqX585;?yxuiO;sR#2x8ATRXN7dF;H
zM+<*%jijR*T=MYdGnb5G+8m(u#0qlv_nI#b#5PSy_2?4?$_COZQmD@6>YF?nYF4
zfO4f(7&x*U*AW)qp|@p0yFLS$4izWe5N&;B#7M`(x^fM&ZlX#MPYDgrpFRP__@kPR
zjy}cmT8vRr-;c=k6D9P$r3Jr`EU|Qs#4`eRcu=vN+87o-SA3?Q86nvCLo3wY(&c9r
zBLCd4+=Go3y%_4wbf7elR9MSyIz`nUzq{hBD)`ggiS<#x&yd^jke{UKqgQU-ck_K;HS>D|+3GIC
zKNA(DR(r}YEcs$-_Y~?Y0TU5{7(vHj(F8Bre+$pVdnVnbBDpb9Spn6K@2s!sfUy1q
z=VSQC3cip{7Eh*g4pi9tUm&^a=jV+fy3fTkGv3(|CYI}y;w+F$YTW-!CI|QziyUtSUz~tFCr_);xiY8_N
zkPWEr9o2%9|J8M6Akj)B1nNlIv|@j_-sT@D7Rv*d*O&&TJ?dKa_9~BWc}dqb8MC?i
z@X%l8M&*1#cCe4zaHXINlQ7#orZ+h6g1p0!G4Y%qK-zO-phz}GsB48X5)n!6<*Vo@
zwzPnB$|nsjpmk
zoepRJBMvJN9LjVIJ7)+aA&}>4#*xK1LNmy0>LS9SK#QhAV}uk$CyJxl=O+b-#9A#^9IxbtS8U
zEMQ&>TuNC&h7tMBO6dAq>zPFaLWx&CO2Q~vAp44R*2|p&V(g4BgPpM9golZVM+3@@
zB?+sh&i#gtBVmMG+_gW!L6!rvSBArdDg9e|PUPrHNhxKsQA0A25vqPmg1lvw~#lMoT+CLJb2G_~$M2r-QgKscJ{wzg>X25+4C+Z$8Gd2Gc9IxwyAN8k)Jsdj6^imX<0#mK1c>BEonrnR)M
zICs(=8Lh`pykwG8vPW2(>w)Q>=Cza*yQ@Njx4LCGIq1Gk6!hM51*g#rSD4`Dj)MD=
zc?de-os%PFo@`0@XWv!T4p%|Q>j@8SY`&9>#Kt}hr+bl?4k`wG^d#qJKPZvEe2eE1
z>JK=U3a^ShbRMhRFzvOJGVtX(W83byLfk|sF{zp%D+e3dFniTniw-B%;(xQ_&S<{q
zNquG57QiyP6-9R_&FtPSc132r!Jl}t1NJZTafUwZAJol|%ESD#A9#{L&EEFY2o?du
zKM#PFL?B^geZ>cNKlJtq$PU_jTzNan8{@%qaHj~kH&5<;G_YqLuzj>w-e2J*W1;>~
zQZ3f%I%8B~msb?rPms{s-}Li@I=spO^?L&w6j|=U2XXqC`Mei>{Ek-5_}9!U(di{B
zLgSihFVt?^LoSiqA0+p0Q?mQz&u08gl>AN&ct0P^zH=
zH{&WpyKvZnq@PsHa+9*X#<-3F2BJ(4f|_~Uof2iS&mzOE;6Im`b3SLC^qG#JW*
zbT83VNQ+`Q2_XbB{Y)-zjjKvtHgbpwr($rzwjbly#BP
zy^!!IClo=MsS3!7ILnHk@hdkZMFk7;{p~;k!GFoccZ@LrArpqm-8-W5=YkVtz#~y4
zj?e>|#Q7mbxNj@$->N|hKa?v}m4@Z2D%A6XZBvYYM!d!S0n)4Qi8Q;9A0#~N^wiY+
zQNKK#xt@pq!L-OvKaS{yngWjeeLKQ0nIo%xc|-=3(0aL$6M&QGW9cpH{^Kb44;2w*
zpY>Ygv(HQE3{jO}5y34fV(>K>JpMla@6O;lNX49kesVT)eaDw%=yzMXhW@^)Xy^NQy-+w;CvsuBL^8ET&IQ}?Y5bLVBJ%!{31g?+4`qdA@xls5&?HM6_=Ru^ff_^E
zu4*oI0yl{Db3)b~=th>V2|FMU3Vq7unN;pNOq(P3|3&Up1nNT#1aV!JKW-b;#Pb{I
z53k#fE2N5N|BW)k!$erJR?{?k6{!FaP;Aq$X(jDSVGa-&Rj->9z-{Ye}#%q<+4E}J$vNjh2Y
zz9TE-1}T8SkR0Rg{2^ECag1KjiZg?Ciw|t&oW^v5hN?S>UADq+54WzdKgc-i1w_v-
z1Pxl0Z>T@QBQh5$z>~aX^6ZNe7a2i}@zjcOc^=>>G;CdAfcLk%pskgak3UTmKsq;$
z8Eb)D6Pu*zX`pM^EFD{lS2(drdqkkwIi~g)DQSByBe8z4{OT{`SvMo#h*x^es6CNM
zCr&)IMz*cd%|A^Kwk-_S_VOd;Vo4Qi!zom5>7|CekA`X2u<;<%_~+MkH@*gw0uQ_N
zi_n4k-$D2Zq4aXU(bM{arx;OmpDv#wt7^poxx!CwrK}>*z$w{i`BtO5d@3LZ85F`(
zobYoYN1T}e-ZfyEq+`8phMUT*6Zw;YBUXI}cya9~7$_0f?}+3SK2HNSYe+Guh0^0oLyl-&>S)CX
z2;Kz*KhXA&;ZKx7Oy7bEUa!iIF)MiWG6KrdW92H010Z90q$GVNRJVs6abdBz_?OEh
zBa1XossGd?K~d9Sr4?#SNRspmPHgtaWSlZAujAml#N=$tz-ef~{A>2(owzgSGy=7R
zPB_+U8Cwj0H@FEE@ah0ZdM>V6)I3!LR1BBK!2K1h_%w@am&vP*dRoU8^{>uKTge_iiu)
z%_kqk)qBBUj4bnXy3|AHhRC(@R_Q&3%&BVT^#o2&mpj(8Jm1BHkf{_~PK)?FAh>?F~K&4|>M7OBg$V83pI4x9_F7%E#>
z!HSeMUYt58Xb8Znb}xL|)5D4ROzREkB?sm0H`N7dYOQ&->;_$=Dge{?(W8`k1~$)_
zOQQ3Kw2N%XcU2FGN?K?Yi8EDtJwzB2lsh*tCLR|o_Myv$oqqH)ff9e~Qno<=tIP`3
zA=8*~sW7jJ%BVu}kPWDXl-wVb+~xwJsNJy5v#r7H8}$#NdRBUcz()?~z7e>wp4L&&DZW&8%i_H;2nO2M=Znzv<-w>QgJpKdxAKPR#mOTqDEY{9&qV#5k$ialY2
zDCL=udgN~C?BtS2DF5k$Bl0HWl3_7OzWrU;YKYTGSUH*3PjF)tSzbG&Kq0d%V-Udr$6-^UAsthb=}gr^TeV+d)@CB*L5_=Gz%Ut(TKv`*p-I#Agj^zVQ%klsmxQsqv
z1b~Yi^ieK#h{d8k(EB3(r9R%@he4jV)hn(;Ir_Lf^v!SQ22im%&zEd$00Be=BrM9k
zixLq&1(I4l^aDP_2Jhlo40y6#RaP3Im()7vLMttWBZ-QXd^^n8?DloC{3Pf(yku>E
zCc@EhmAj6o)i3S4sgE9IfX^;@i`yMXh*Ib%-!`A)>H28iwoTYl2MJ;?%hEs&GC)c8
zw-N5$d~_0J23{nejy-_##I*YQA(m96l!u(|^gK&F?+^4nx|ph0Au$HJKAP_hq_YETGQgkoQ)N^iFO9Ltf&+Wt?<3ho%dxaeo_Cx~(*zx|s@1DDhe6wN
z!1H)8Hh$^XB=SA0wg!eyfGnb9$a%H96o|VXXR`l_*WtTW?G=aB7H2c{?)&iZ2UUe_
zP)pNylTOcpvfwPMpCFQdiG*s(O_L$<%#l%>LfP*aY4(tipV6ZMAf;)8&a4AOGRigxOP*i3gvURqIxZ
zZ8Y&8c!UlXS*#5k-@SMeIVSvPhjt<$G*|tpguI0w2QwT1d2N!q2liVF_WNT$b=kKc
znpXPmVmg*D`dYfSr-3VDgj<*Q`BL5|%ivS4<`y=+HcW@#*|;JE3LQU0Uj_C$dz
zv(gZpLe)noNbD>dRIpoNZ7<1PEUl3SW|N_?w1!D?-luHbP~u7m#SYO
zJbC_&gOQL1fH{S$?Pvwpy`fCJVLmV5tKg{N9l*SCa}R}E9SkmWy$3Nt8-%Q?JotzJ
z%@0r3s$3Q8?N1kfGyp*2K2wY(s=bd=1%Idaok@IR+C;%m7e-s>;}0h!e{1>9L-3k|
zTpZe9<7}W`2d?hf^QZHQJO>FR%LlEkQ>b%YL0I0qGUSt3(2Ma34b#nZa!-AF@qX*~e{
zY^eS@Vup-Nt_xw=cbh*Y^c|dS{ZT1uwrR3+8+{@Q%mApcSD=PO4rO?2OhTE~X0Q1TAlHfPeXNd{
z5h)a@HRQOH;jwT68{M~+m45=cK}HI1t^jP?4FntOj~8~fQ>Y={YwF7b
z|6aNnqS7pDZcL2f4t7ezb<7oZvc|fzL;Q^$|Mk8X&6r=;6(Sn8(-4MN#Y#DY8p&PN5b6cIK9_Fezk;e+
z1L*Ki48c_dP+B!Wfeome_ejVNGJ>g0kx?2r|AuwG9%HDGns?6g%hybUlXQCa)$T~!
zK=A;jO9G{<42pURjbRlS%JuHR$&J3xL#7fCJ$&Y?P&J@vEg(9CEcyapV+;8Xb!%fIUK~$Z($NfcM
z3Pthdjp%ck^rhHZz>EhG%=oEf>mBVMrR$67`fr+!r%T=A@LjJKb@jLXlS8|CD9C9I
z+Kz+*64{x`0D}o5WtBhf2s!x)gFUYyNFbraPz(-YZ63^4`==(v7@vkS^aJS#06(4{
znt21dwSQjpMG=AkKc_E})lI=XBT|?)FeBF=dRMMpk=1sBcnPXfs3D
zC$AEK<;m;^gX-D@L1D>ADr|N7gdHs`C8yj7D0J(&q|8Ia;@^fG?0CGc4Si{IhTO96
zF1Tl3`cYH6%$o;&6L-dv-^Vk4xQ1W;6&dg@?3cw~ID=FeR4*sycBGfY!=>0NIAAc_
z9l{L{%OeB6#vJTAx6WY5e&7#q%U%J_`M`lfS1Ki@AE_|+T$RWlDjnjXk0ZNvo#MJE
z_zW>vVhs1u1Do^l#~cuabe*P96HXm)dbHj7CKgtH5O#sdU-p6Rfj>$ij~=Vb8e3Ni
z;nvzejC6Rs3?A2ELSx}CKO(;wsg-egqcfB#rh`~JaRjWl;zZ{$;3-j0LP1{U3mYQ#
zZLu^@l8!K}RQi56b)?;~#bMsoqU?7gd)?pZz;o}DnYjV^Ttkr0xyUPrH|h6Ib{OEk
zx{rkXb+_CIC6p*551b0}l!yGu*LGn`h9d;i_4sl@?%M3dC-*xfUEESLFKA#1$I7j9
zI5xfO3!JPoXt*7^7X9d)hEA8Bupm#z~fp-zMdi2{LxA8TLJ5SsH@{>?vFM!RUHfd
z^FzEGau5o*S0$Ae^Cy2(BN1N_!U@CVhov3@tR4&w_fAUyeuEQ%M`EEOVWqJPfqPvD
z-0OT<3+<{H#PfB0dSHJOi5NZ1!6Hj||
zD1i(p%FfS0Zc&n&8`>=vip3KLZGY6ocNrhVc{ltxOceRd{`xe$^S7hk=?24mO*tVB
zw8C$Ia(J=QnwwGw@|TCeehNQ9HoUYAj6la73p+@PG)Z3ENNctr1r91CWo*@vzY4XF
ztDu6EYqL@OB%Y0+r?jq*+EIWG5Wdkfn&SRV&I-DF7|QcJ0*;t(JQ|85IBz)_VVmIX>RA=Ns(NvPF
zyh5yc=;ei8(Ix>Oj|_?5Bxi3tGNxE(E#|t$^~H5}9fI3IVp^Nf@0FylV}_!uer55r
z#2v*08`t#$ij60QfzR+?(3wmz6iP4{Z=YfM8#XGGc3X8k@MgBpL8fa*Ng_SrAb_E!oEF^PJQZ99u9|#o!2Ey3A6D#kKdTx
zE?zjAH}EauD#59DI;o&xp*L!CVOjntBI`=xs@hKZ!fu9ZNJDflXgBF)E};=m8C$ij
zp=)d=t2^F|-l%0@mUcfopwGKmin}3=@xIX_3IX?Z90+fw`4-QnCrCU4LC}?6It?lm
zo_(Y74IL16F2aUxNzgHCr6HYmKgTcUG%4e;qhRM!!vpGrlvlof=G`D0s@IR;y#m(_
zFTs0JkV>57L$v3QJ$iT)fgMZ+E8MG>g2^Z+i^7FluaPrKT%?Yh>V)fhh($WSqk3dQ
z@P<=JZ>N%`c5paleTbqhT{vGI+-}ol9L`
zssv!^v0Mf=n69TO#BdiL6Nx_uuYc{pd&DE`O{m-lGt>o85=X=DvvGUY6pRkITGcx^`-dCxYi-5|{UO;P6z)K|
zi-hvV=Yd-`h8$#VJFP*0r?GuZfDJw&j#|tsgK4vd!ejGKL7|F{QXGKIa7W}yV7TGF
zNsWqU`_ZBSu=l6)WP$RWA^`3rx~=6fz|Np!$T
zAnlVU!V9h?9~;~Zg#Z4Hzg{m7d)n7LGzvj#|!>XHC?xz|Mtfh
z2yCI*>m2zF>i&NW`DY1KM?vims$0+k|1ch`J7T|N)c>#9Q)wVxOY3Sq)S09ZmA1LW
zvEg#14YupKbGJyUyWcTeLCsHxsU(WrT4OD8CZ6GZOMpJiEO-^%WobXubYxK#dvJ2#bvwl
z0n*EH(}NA7iWVbLoR)6U$HKY^Q7S@p>{Jd%Q!N{mGn2IIzs6JI=G59ORB|GDBqU@H
zD?GOouiyUgQSPyfC>-~NATzFuZy(~WcWuUbKSX^8Ay2lgf
zhid{g+pUF%9vn!FH_c|L4o~s8@XRqIF44J7+pHpAdPv(YZ!m_0afk1CkF)mW^wpXea6I8&7!|NAL29aLsaV_=1QjEZ|`
zeRO?^4FvAq`&N78>-`18H7vx315Ur5!wm)~@l%uOQL(eLzg6-&V36mj?;1KW740H;
zN!QYH;-i_gQdpuEaepqe`0Z=@J68L2v*9BIxWhO8gKB?4qN?_xt%%EB1K%{D^hafX
z{Dcx9cVXTpXcFr)@jA37u;|)#$}_;8n$)AX0Tf9b1zM-!xJD4obV0g)XX&`*E{AT3Luz=&9-TCYePPMy|*+w
z_G!V!NK$NJB+_U%bEK&8*n`Z(8T)7>v*>Z+4cL@VpI$lc3(O*G6URjCA?S5HJ|Rw4
zMZxj(z#GPBw@T0cQof?L@kqin7siYuRLt^ebx=xQ;DWbhQM0&f6!GnLxZvl;jh+7r
zw5Trt{Z8^BSLOYvwZ-iH#k>18V;K*coNerUco#KM>%Mf!7^tALtOab{F_zd{;VYs(
zZ`ZmFf9GZkiRQL~aeac!NrK)`fz5mSZ@rh~Ss9l5RZveCiH%kG$bnV6Re7t_)oKR*&F
zkS$H=-?WIwxh(i+S#-ZBz@dj4Jzcppzn&Ac=q`VQi*G6?CT5znA7YlaZ%)A9pB@b4
zaaQiH574~-c=zSVMWsu+(ixAoEY01nDYp}I>ch0ecQq%QEj;GZN_t(wcIXn(EywwD
zesrg>Wpk8nr`^4s*i=v(K`-B(Z#
zaH1o7|sX
z7tHf5f1JulS37@o6o2qkKi_LI3Yx@g&t598-6?Czc*DdgHZRs9c8}xK
zKvC<_K4_0cI)NJ4NY64Ka7``*68?mLO51IuQ4MkZ?0WsIK&v{{8lP
z8==#(68OC$^?NISV^xe0S^N(6aNUA#oOk&Xrdzo8dVIu|%MC?Qww7g|&N{uj;M|$U
z>UKgl*|Jcwy#UrQ?3-oBaDcw|d+lJUn+8#f`0h^kG1pa9Y3?tBV<(**<{ue7my}bE
zyZOl`IWYW6mO2-ZWirZes*q+U>e7q
zJSuDv4acr#824udu%wKdT!ZKoQ2z8%k7ktpXMbuj-&MOP#Veh*
zE2}ShE>u047+HL{=suM>uBs?vGp`vvf{TfE+`U!sRAWW7n<~1C=+XA|D_pEUlz3{(
zJClWfItxNN@|OoFPsX%)EzP|>?Xy3t*KM!#h3AQ_iuQ!$;OI{&Max6SS698Gn`vAZ
zwGXP;crDV3&n+6>36W>5>LZ2HBy2Xul5{x6imJ5zEFi*
zT%cS^O=<6eYxuFw6Yh$;o;_nJSUN2=p3)%YP;-4uC14;yqu^XCL6^e6CMe~#xwa6y
zb2oW|5l{OKTp@K^7FPfL*C@vxdvml)IegPNzrBfwZ&bm%afY4^&$h5EpycW3x?$&T
zZ|}-Ke|pEljHGwxj{VtaEKcPP6CNl3F>XD8!
zB|a`{nf{2wZ#`WnQ9d+S^me
zc{}{k1Fj>_>KAX0oaxLcnrWrXTk{R-$iJRk>IxsLCR}#=$d4yX8YI%*oEV*DEtu>^
zb<$>PVs%vS%g%a!$=>RM4GG!1!yz$SZnRz}zkNibz+shXB~F{uucS{&JF6+Uw1Vq$
z?CoIF5R3LY)93c{`JpcouL_@ju)TE}OI9@}@jb*`#_9b?fkyUBU|S&dE8?>IgvzYx
zG=AqE7Hno>kmwUMgS?dUz`H2dmp-du{H1I)iIkxPI{FD=LN=cG5tlMN%10^Im2jyb
z>%p3YlCFjMz|Id@;T7Zob!%7wvySR<7WYNBw_6LRAIk|Ui?+A1xo4KN>io;+cz8rY
z80x0^-(l$cSya32yRqpK`mBFAY7J#|9|iMmsZ!ESmJ-T_PM2NsfukQfx*Lv
zy7KVmv_-=1J8yIo68V~Tb%!|6%NIhVVUWspF28(an)!rD36pxlx7(w~FlJ=6qBaBe
z9qsU+q;t{H>E5w05&PGABkgrf$(_CjBp3KvlA2KJHsAl;lk+P8kRv6tFG<{SaAS}F
z6xJiQzFlYRZwvt*tlQ=fVV14dr1meCQD(*A-t22(W8ymlSzVU=@vQ836REFwtMQ6bI#zIgp
zZ6r35!vAu{myn)4mE^UT^*XaHn(LIt#08x*qC|Zbo(%9^`5a!c_s@_MVoeH*PQlcF6YxPd_9n7Tc|w_Qab!6+2%v#a^qGuIMOe@=2lWLQrdzuDF272X}m7-ReK`
zg+b^BMj#-ZvhHnKBF?F0Ix+Xx>C52IW=+e|YmIICw6-RuQ73fK8MkVp%xXiPmCiU3
zSa?mXZ$95|@+m!1@d|qQo1=11d?M%hM472%9@8s?1iWFM|D02NGz6bl55H3ZL-_)I
z`SO>YIZ7_Aw!TrB1{c!fC8*go->RLh)9Ox=J?mrK8M^~M<@s8Uv@@2cGhQ{LwK_~N
zJcxJo0)2(A?TAI;mOaVh*PMGK<}Ni@z{UqVH1VvC)aatxm*0P&r|X(H-u5$>8lD?i
zaq8<14|sZ^t2c6d#2F5aO;=cEjfOs|6JKog;A_rtJP?}87a<+j@6OkVvy@2D?F?u;
zYQ<)6G%J8H8~L1SY-$>Lm}XE+m(40!WmWtV^F)qt6^d6#bG^^m
zj3!<$G4ko97T&Bw-@~`8X5nVq+v?ZQ_2Z13TmF@^qK*K#pftQH3Kw9$z7Njr-9xQ0V8@
zP=0{3S-NGH7hl-4vSWE!+%A6!y0H%HYEq=KaJIo#g+*Dh>ml_L-0pYDahgFsD;qo>
z(PhS>F6u|up=)!8_L_Xxm7>&22#-+ar$x!jV{(tvU%QCpb?3AdD*i>6K#{!QQT
z(?D~tZ+lm!l$WNZ#Bfwg)^UpA;@3lEYWW8HYKA?PlaoANpHde03wQO6F1+%lT1{Rkj#D=+MG&KtdQp`d<8-rS
zf3^OL)R+85X|mtjZTi#{YYo+TqsroInjKBe2$D+kl?bV9Hv+}kbLT|6vYn+B
zllNfp(Z|l1vDh-oXUTq2_Yq5)?0qe5D4Y2x7_Uda@#MjHkN2=tDP8@wUkby5bilZ
zclJrPuAKGdQp0dxE{Q`W{kRWsCFx)AlZprYMvS_pGE#IzBHlI$mcNURC=YTS@cGW$
zoBFM%#-3NjPTHYF4Jii_84oNjEG^C#w3+)&HczJ{wq0-yz}qm&&$eh03Ks63bCImH
z*RQ|pek+xFyD(O-YgUv#L_3Xm@1#NHH9VRjLh$-o`YuH#XW~5^+TwEfR$&ny*B_e>
zFA=)_9X>{Vxt~idUAH^(sbgE6IALtjzOrKR%Xn~Pt0iPP=jSwd^k3pEjr(kQH3=_=
zZSjQXQOeN;K{D0=P>6MvRndlfCsHe2`sDdx!nRRBHFqOt`@uyl`Bs
zjZ^uW*j{%?KH><(2L+4_yY?C5qlFwJoFr#0EBX>yPwJM{&FNQt@?8?rty+r^ZMnXK
z{tU}}8I||N+@`uao2e$q=F1|z2Km6y)6i?+gW~Rz>@(57wc@+G=ezCfabtbP0xrz*
z-8pO4>AXdnK75O&SuA;p$>zIQCMF~F#=|AL26!=JiJ6LVI!z~p`wdG9YqFU%uUrXf
zVjPT@6C3r5r#C08Nx4TV1g~%^cD=B^-l-ft&^yeY5U_VaaXDwdf`D!3$$<
zqh@Irf_W3pj-ON>C77dfAr9{sbqi|Q)!uGcQo@mHj%MJxbnI%|4gP_dc=|=hzT=@D
z2^prdJ=y_w;r0yjLI<0u-H&BPnsll33}+6qWE7w^+vE)LtU7hGvyx)!4zzZ3YrmWD
zP`o%dV)~tvVA5FJ=iYa1LY$@@qGA?}nf?m4tgJlYQrc~ANe=9=5^ABjs#nZz>Rzc%
zD8G^F>fQSRE8VvAdN`BN#lq#l))b{xInGC0#?1huMLSONNUoF|Q0}2b_cZV`S}Kni
z6uMNA+2t05)-=3Y==IbP#^16F$7*C?n^FsE&gUSm2|U;)7)d(qc54POCP9ROSI
zzI|fP<^&Un$PDs{GS-B)o~B-vqCS$|8h`-`t5Zui;^q&uVlPz)WttP556I8q=Y#Bm9G-NehZ0@pu^3A58_bNEuj
zMIssK26a?!lO)~n%Bh~bcfz{KN@!D@X`}EfyXoXeyxXq)W
zK%1!TN@jRxxQumE(6|6(xLMi}lbz&}D?_?jbKU#D=T11!pYL>5u^)XMTGZ)X%ZSCN
zK;4a9(ugc?Jq^?er>zA}eYZha85jg|C#Dy;oB3
zuJzkIo$2MXPCxYX$r#DJ*~t;g`x&XCVk5PaU(7-+Rk!e;?ydfD%eh+pmN_5$Blsj1
zJP=@IUpsfx=1O*U
z8N4}1DcvVOcAk{BZ!6|I_qJDe&Gu~8=#%jIC)C|xB-ljL+RE!r1!%g?gD~#ptzP(o
zSDY$LO`lo4wco26F+af9U7rA1S~L~D+DgZ2B%YjD->Sd;z^iaE+jQ4@b%-Y3eE@z&
zAeu7`I4;!D%?t(19<)~>s|s&T`DmVOB32u|x0_k;ThYjzLW9AaX{-6$k45zvZfG7)
zgQiCv5k@m}rv=fo1PiZr2`V7nYsjA>c^)p7Lvf>2nO1qbdy1sfs5N!>Nr|M$i%
z>l8!2N56G^vbIJe`(sjjy0~N}WateAQ(3FiW2VY&Q?N&xrsG|OSA_+w@f0&!`k~pB
zv>yxTq_AbvgG2A@&CTM55xl~RZY#(Zd`_(xo4>D%F&9Gx2YByXq8RKj>%
zps0^)#du)&yv=}`WLs~cDQ%jbq&|wmKa!$yFs0+wG6hX%Yc;TThcD`+-RAHfT!PY|
z;+Hn;&D3E<%e;HxHSnI?45JzA6uFs-=0_GihUhK%aNj()s#ZpjnU(OHSjD}`gKN_&
zx25}uzrcW-d7f2vf@b%41a@l(Vb65Mw&YHHP=cewzcv3ZLL|M@`usAGH})eui7jfe
ze>X3S=_mk*D0$1%S1LFfR_{)RYG;D{$A7rg-sNm#;7yP{`}io-NXMyN_sP3KhfMP0
zv|*enq~#EzT9b4V>V<{xjN0;SSu9+8lV?8~bH4Z7Fyx5oktGhH896v7N&A#oCHpav
za6JIZ4s$S8g_8E`1i_IUgWRQ{b6S}$kH+_EzHdro-Ma?&e9zs))dZm89WClVnR8uA
zdR&}pj)J;u>hD2u-BR*@X~ctvIFf(^=Xa?z_gk~7+FJN>uh
ztGwBz&ycQFirnhR%-bk(|GLrvKbl(BeLAktcsy7D4M@SaI#(+En9ti=Rz93OPpV}}
zRs{(_W2A6PTNcj&iKBjwFLKgGzonx^P2KMEgy=djf@DYYLb~^WG&#Cwjrtm>R%CX#A-F$j|IBgiFAj{Oug`Q6`T)1;|oiX
zo-i@YPCZ#eGSjT{RGmpsx@&njT#9vV`u!EdO3ZusDmQ*7(V4if^MqI7zT|Mr@v%D%
zwxLlc%wM|goqYqHPQt8<{gzs1Q!x?F2aPGl|NIB9@&XteOty#nWq>rI0V#WvLXhL%
zLjTSO?q;pE_w&b6lPhl?ntQsm9Bd~SKA_HHf_tFrLD1?B!i#6eLyOmp)qLH#qQ_h!
ztW$Ld)%iIJ#MqZ^q85-U<&Fm0g$c&Y!Ug;6e#B2d-6vXW-}Uy9jar-={b-afmEdFy
zqn@*-ip2Een#`>;uBtt*#Q58m?d#B_{`2P)!u8U8?2mIH0`%wIAXB25-!pmfu47lPIGmuwWLW(
z#U+k@n0&QpTECqqLij?tpds2=vw_3@1$ybA(Z8S()jhbOzYlX%kP=wN%?RHq8P)Kw
z(mHah_FD2~CvyLrH*ebBOsmb}lWU)PE@0OkrdA|^mA!jws$bieTYHvCx$SDUQ?3}^
zfOU+fUuLS-IAEr)6y1^c%TR+eeIDhS*#+3`xtpJtG5#TqjR=K1zl5{t_Yi-%1{=H^Or7j0Sv
zR!-Qxtf|P8n7Oy;di--!{Jwwlum0bPcp!Cm?m!l(*mbN&GPVv~n;?tJ&u$!!EEMt?
zYg_`HQI-0nSlZsASTQ}UsidR@Fhdy7EmYR^8N
z@YclB(Za*^FVF2{wA8sz`P%}r@3vnvV
zn}S)3dS}`ZMZTCo9T%Ig5Og$U9}SaxvDiq=)_HY-#2N1|!F>tA;
z$vTE+7}z=ZXr#<*Bjx^?ajnc1wNEw^vSqJ0YE|EGwJ;AX8qQD^ESjO?Oz&BvM5TC@
zg@qGG1Y|nj8H(>%T;$yMDlnLORH`vPvuOewiIYg0lUm^zKGC$0Wkvj^jAIJ-MBrPH
zu-!!igFs@$aN)|Zhp?bor5taOConO_#+*N>KeSm4oE&Liv50ey1iA&%*0x=%e$Jh6
zu~I6jBi2=J2a8m_J=QV9U2_i0Y)05uion5wIfHEFumzl}Lkk>1xK$IgC$na#@x5zR
z)ZDwKTw%{XsRrrw%G6TPG5WPDL1Q-K#;678T^bi_!?%%z@i_+sjEC~xDc_1sp4002@tw|l+-;R0?zT`4>C4Aaz^K<0L
zN2uLto&&DnInWk=nx^9Too~uv?`|iyb+2B5rn_QCS2TZ|)~T;Rc=%j+m8a9bQFARk
z#MZL3Lw)3PY*tNnBl$Jc7W21v??0}#T@z%M_gJzVDSBt?}3Vt4ME7C$C;N?ehI?j2DD%^?iTuw3Ml5QFLCht*!Fyk;KugjJe*C
z^T@6xcoAkOM%5D(?;8x>X(R2}zIyW`$MYlVLc^j(+t@9o5}uA~jJ_Aw7H_U_vBybH
z6j}iAs92ea)N`IVkxeKmcMaanvg?@uIQm~LytK$3Y*QL_Z8+MdBxFq#-^7fTeoH5%
z!t&A{N<0B}`J--<^Pl;-^j^NBo#;t?UbAP|D_h@wUp?z=@9t1(D*1e!l~WI>Q;LY)
zgVp+}siobVPY?9ZWGtR(2qwx#uUeQE|C>rh#SA79bJ%r^FL23?AQf6!`BuI{f3*B8&Wv^pTbeBxH#ej)ScW692M+FtDkyeH*Ke;U3Q
zdmPu@ty2?Jiyk#eQoPfIC-&L6&WzQpFg+*(0@0`wLxjDPop4IV5?~fLY=!Hh`L~9w
z3;QYQl?9n|m4b)&UFIB05#{f)SesiIRm&UOalUt%2P5&Nt~)C_g~D|9sQ&6*i-tis
z(YyR!#(SVer{1{jeH(<%;V<|?WA(V{aOE~0t?X=4D1#i9T-w
z8z@TH(*)n}&}Ez;6fUX()E%-;0DywjySYtU%{sCiy;`w)SSV46xZaxSD^kl)-eQ?u
z;qZ4tvyrX4!7ot@B`aTzKm!$Qr2RnF7j
z=^I8`+*n1oOFCRj32QmlU$vXX?;z$_^3`0mNXuEJ;~yRBwbL%Nrw^tkdr~iirKa$u
zAU?XjgD~e@72K&-P4ZTn!haCFJ=niUM7ABSQ^4SZgC7&*9N{Q**~?I!`p%5G@RQP-
z`Vbm>Z`@Rmzw%CQY1a1Qt6RxLd_xiEfv7#6ebF3s>d8(|{gZ9JE{ockX=~!LEGKPo
z&{>nF4HdFXhMKeMN!EbB>=n4ocOVC$^%b+;M!r*?5+pI~QTxx|W<8J4T-|*zQ4r}y
z@&vh?L!mC~A*ILdaipIYS+ox2@8%PW3?ZprF#Se99^nX$^2s(~2&bAFA94fb;e
zqbz>yIRt+o{`i+eZ`HX&b$O&r96yceW}QhMcN4O_lBliS`rRR=eruSkQpjYsLJ)88
zNN&i#bA`J|NP?q6aKY*(4*AAHMzP(x>BR&a~+&cg-LIp>?4-RS&G+QKrQI|tM=?rEz*ph%(ECE?G>5vKA+I}B3`Z`
z{7!!WT~9nHZVq$LV5ExLi;KG?n^ssl(?C>0G>!*Sg=2=-B$g7iTJ2b7m;|kSN182f
zM3#cYT1;A-Mi?&mFNB4yLKX24+pDhD%I)8UFcJXx1%Uw>XA_=jGf*8cRw(RgFnukh
zVxr|;Rj)*cdsO~{pu@a~Qs{ifIa*e;r6<(#;V*2z^+QH(KO&27DU6Xb4L_yJ;v|bS
zFlw-6{BGedf}JI;>mrBh_DL@-aw659Ue^G}s#@vqpv
z6G^%lv{jCn!l^#VD*yX7M432^EE~7QmLvF2CmbJ6K~*!s=CoVqB$9LGNp{x^uiB4)
zPRQE9-O)|>II1qWHX>d%@n%r#sBk7gB%&+PIP^ZRkm(xO>r-k^ao@B%0H$F3q
zG%B|{gLWv#342z%v2JfQN88(VkmkVYmauH=U>uK=t#m<8!3j3+VPdzW*__aLN+#Fk
z`c+*kyAa4hh6CpG=0rXi4>&Ck2hUt-V0_Ld$LkjXpJx(xKF1%c+_)&nooU~4DOqdP
z5|w2TI%U$8^pwSQ$`Lv`B_qCLNr_V_85#%;mqUB$J|}Bq-=wtYSVbqvV*Ply;Fn}Z
z;$UsOa>FgzsDTW0o2#GJ%?_c2zIPecP}bpiY6FGbugiYk%hzxN0F7s^87=WP$Ko8O
zTgT0#oo6R`!xl%c_?gb!@f(~m>7kQkDY771L;EUfeEwIjt-av>^sV?#yl}g(Fflr<
zcrpY3vrbgXKOk-ZeGl3qKR=(Q5Y--&FXAaV+b6S(dsHoFSq&(9;#BsfMBxcpc+Kj$
z3h1oY#E6VWx)t^KXk6)RH>_V=6pt3M^|BXQof!_;KXu;SRd|Nq&-7;Z$2jMr7;(b*
zz`LdVih%#1BX@y&Yuy+W_Ya;_vR8STiW9R=HUL0^nz>niUImZdfu9!LG%Bc&fk<$2=0*j=(f?u=bhW
zq-2(Du@i9V^1U)w3*>TrGcq4th<@@HH_&HhFvu|l#6aq#QOBC2sO!Mo7GW-+5f31k2`%)TlwVquxp2}I}0v|QSCwly1DtW^&v
zqdnBB%WHf3rqHEl#C*8g?nd1*wqH?zY}Brzqk7N!%To0joIOxu!&NqEgy^HYP)%A=+rqY1dOfm
zf)z=}>sht9CE7vleB_vdQ|HY7z<=d6Aj0~C_xU`)NdoagZ;->>!cfwMFd=RQ1k&kQ
z+&giPT*@*B!*rVMP_Ard$pw`Z;d<*yF*e=YwdXjWV<
zs2uPZoNyfok-M+FjP4&6%NG;p?$K{SrvwWDr=(-jqY3v^2JhCkNqz*3dkZLFmz!h_
zA@y;8+Lzxy?Gk{$T+1UJ13~tB2-t-?lAqvzH8a1tnxYGU5CfrRiiMs&2gDXz_wOLQ
z3V|nXAPg~{KmTdl1)d^;3@pN^NW$M+SwNP7q7mYt#<6b#V9)|7<~qf;zYWbn
zN+DPGd|I49jL>6lUF~+b{QnqI3#3i{g`M3O&;a!m6m}cl6d=^!E;;-^X0?j}5gIuJ
zXCO3CzttDN`GkLKvH!10j6jN+>!K?tKq*%N*ax9v63~PE|6aPk{Z&E|48bhF57ZuF
zDnj&DK{Cldox6Yi&K7a-U!K2pj=;Qxd_i+(@@)|Ie=Vas7{S-1Jy3Pxp9iLZ$;99F
zKTW|F6pkhkK&~MExvcE}c;nya^8aHw*xy$EKeCPp4OZZZtY{d}q#KYZhi9@H=os@~
z&p?Qx3>-%U<;E{e;5dqdFPp?l&HkU{=%M((xy?-vnBg~vUh
zxM@SAKs9nY>6YTMnK#&Mj?Fqx75Ga7!
zx+3y_V4(i4y?i%;qBuLRt)K^*|F`Z9j6@o@)TXZwwuFSlP{&&W$MZ3ytFtb}fir_Q
z$J=woSMD!2p10uz1O(ApOlJ;U#OtpeS!Bn$_0U4)eXp@>h<_pC=lT
z25fGtqV#8QR?Hyf{nD-pw|fp?%7Tnj7zs}vc%4P34Gz0!??Ybi>*UX=d=^d;P3PuQ
z)qZ4N-_(>!lr=y>tD=i2?5lrVWrze$f*uI_POnVVK;Hm<@OEF7NB`-i|CfmRQrqse
zxkBP!g(}SBD%2(vPn3z=?t+YB21G%5pML=)jVY?>}s#r1*>I93QE15r_r+>b<=qRyD`qy0z
zzbK;;NH>^G>cKi-du<^qv&7KyHUfbbZSjv>`lj#n?Tegr0*m^ncT!qA!pSCx)uYpP
zg9JCI_bs9sm|3sp+fmrC$HOJVFG1DQgR)nzzRhC#eQ{w^!HX9P>1ZMJd(fUGS*%Rz
zABf}+G0DkGB?%saw7?Z4k8#DhX9B_uo#)S7W9SvM@fcK8uEYk$vsR?(HM3m0FQ9IF
z0>8gc(*|tUWIc2d=(7R^F>t!iJH&3Ekrr5How__fgk!U=>Vd@LO;x~Qeaag5kb!2k
zy#1N^q)kSw69mSX`bI{5u_BRja+Es=|DppZY#V{L
z*V#cX69A|2KMLW`!}2F)y@SJTcbNxKHh_dI{vY*
zonEc3D1*&d9+Y(Wq{MFjy*cTBPDd-KVd6P8?|ltif>4M{fW-*XSHFx%#@gK@_6ZwV6cyu(QtO+Q;4EV1f7tVpB(R9tB
zivUEG0wStevX-~gXwYH{An)`hJbd))93O}ASWV*IjLRR@jn3R6XT6zFsJp9T2+lPV-8^Ct9T5eUj`
zUf2kL8Y4jlN=j|OqDL2YBIc}k)vaVPp#+j~F^}D4aBqpgpJ4D(6gY^fxUZ}Lv;PLn
z_V|YAgUBuTfyn6F7x!>u`SlVA{uFzW@kl+&m9}^D;pCbxL4WBe_mS9IF*2hghK|=k
zmo#?n)_(jk{wI(g%)xK_hCyh*229g)v*&L&Mf|>vEr179`SJuE4)WG~jfVF%tI}J7
z{ts>4fCKHo{q(iGk&%~rO}+HCb)y20{VIA(boo!$uKjK2DQdy-MtJGTLkc`SNUsA7
z)`Z(#V=yBsO(vbCFPw@%MQQ$Aef1`&Bt~cEQYXYscq
z>je??LF6`PAQ;}@r583R2%a4mhOoZPSq<=ies%+riN7s+J}aJoirIb58_?
z!dXC0c+x=8-Sg1IYUOdj-2uTxqtD53+_(SrkAo!$^zfDmoE{%|Pcvk{YB;xUH%x(6
z&;>DZqDS`e*U3Cev|;3vfWbk6K2pA2{F{!F%`fOx&dZWY$bdO0+xmOoxSt%U|00zJ
zhQ(>4Sr|EwK2by%?X)<{qt)Qj3Y9%qoZ@s~m7XOB3{mPd4Qz-sRMG;uVa5S(G&TjA>miki{P=BpZ0ib*z^o{)IgL4BJf3w&Y
zaMXX&d%q}Gp&`T~oeE(c&+8`ROU~Af1aJnVKk`5t4E#B~pFY8Y+YXi~n3=@^+L?z0
z*oq;|LVx+nJK(*p2*1FfKY#RHfP{2NoR)Ec$wmiHjzT3+|M|ziOc4NTQWUQ1YviT?
z(T>D0RGZ|A*h@5Gll%i(gGdH6xQyQ32S3aT^o4?0F&S?M)^a0XSZ~5GEypVeEfo@lTr{f&B#-
zc`?*0DQ~HytoXh-JYwP{ThM2i^60tkKZk2E5oN)Fgi`0O20el{KroT#YCsL^uNC;?
zV8KEwv^er|l7>U7og7RCAJEWre)qD3?xJx?-n~hQc)2s3W7Zrtx=(%JGzB==IU2kh
zfS;#WEleE)gb%=NWGP(dpKjUt+g|-w+bOh*44QdVzv>bXCmCslad*0&vlG5IBb2ULof+Lnu4bo00j(hboSLXdt!YC~h
zio?Y2uC39)do56tt@K&bwdjTnAAdFO!bIUG+5h=Gv{V66Xu{`s|KyHu1mHxFL>a9O
z-FkLGbm6)1D}8-^$LmX;?JsrD_^Pc&njY6z+U&@X@|L{_Lf@*XyVup#MMt^#CW~RB
zS*3)k+dp9-2K2Z15+8qq@gT|l=JNVG$lI{d%aw-|j2Gl4IuRA9zLuw#Eh}R)-XE0d
zxj6YTa$KAQtP=V*U=74EYs(rcis3P7%U6Bpl;0@F!^Mk{1C{&@8n?#x`@sbo0C@9>
z^7f#2hlB-?Ni(MY%UjQ4B0|#`dVK$6m%{C(7=%GO1PU9BgloauCq85bIc;_8rSRMJ
ze~-7E-1{=~Xca`BKiaRz0sE^|F2z&WXWMiM7sI6k1xnv^cpO%gfxB4hE_9Y3dE&~m!_+;^8u(0w6ptAO&Z=f
zSAlepXx%nEJly+^uA+RcJD-HdK`kZFrbt}@;x^~At;8_A)V9ez-Z*8V32tx>P-fC7
z!jmM}IQ`Hb8?%ub!oQ<`ov$^<2bIbUutC@xH&#f=*F
zzk4=3oS>AYiWEbqGK@?EN<08xP$^AU4?@dBW(f)k%I$Jy#5t%iUXd@>tdjtnFb??7
z#XiU5aU08;<&Hc`g=#OXX6DnUkBD>ou2mtC*IRlI{7wQA-QGy=2c3j5ae+Gb%LpNX
zH0}EPvkkZ)OQB*Z6#}YnO#-YZOV!e)H&raw0LgOw_*=lia|wyvXIzFas`2shb9Q$T
zjoySQ$1+a6TRwv?wAJ!
zE_t6*1q)AWYYiPtdJ+ewO+b9d(S7Y=JWp*?v2+0T-z2CR$p3NN^D=Nfz%C?A?WJ>%
z6LOu;&j%j#0K+}aePsViCY2XR{)zfrgi5h$2B2_R?7UCmbvsSNP^mx8XM1V_5$)n1
z?Nysx5N@DSo-OMNgRF#Fg>gk&Pg7mUGY^kseFJ@`{bg22$`w-U2m(ZmsiZSpoBP?4
z)qO^N??s-zjZusta&naHaxdCtC-`+Je~b*15whOdQOTezZA258sYINLTf;^Km-gxJ
zIs@FL&SH}@QLJ9_xV~nyI~}IZ_PT*tt8Sg39t{IS#Zd8`6v8)t*Zo4ET$I;OI_WtS
z>n!1b8tFB;V29d9A^5zxwV|NisQ(&LB?!rl1JKCp`TZS;^4uSloBq+8)SOn8OXNh9
z2a;R`^2ODI#~r{ezYPw+?^=!kF7;?+XgLQ`!vbajlcQ*f`>WJ6<4SCCCr4n~1Sl^p
zeZwUtws4x|xS8|UD%E^86yp!{C6Y=B_hWI@Ko-Cwe?r*ShHHG4^n{SjpN^kVQ*UvR
zjZ$lq_MR{nR^){D@iFhq;}Dtm+{OXcxi_5Jo5~L-H==2agh~W;0LNV}=DU+(l^7|I
zdKHKP16HCmU!god;q3L>x8ofsYfeA5)F9nJf-rtemQx=Try7W(Z>&eQvpH4O13z97
zNGqgw6Xn&Ssdtav(Vv=p{#LaO=}DxwO<$~9Eg^}2nGcG>=vVit
zExfNiK!2-ez)UJFW>7=OY)Yj{I!3)Jia_Z#eyv7&os^jJ*j*hsSED~jXDY2W#UN%4
z*s;-8m1l4{{JyusMGX2KeY8#g}yM?I9_fa?z~X%M%#lu!V(&j;{0(IGv49rwDq>
z5PVJc=S|~knIcE%J;DDxQAL}ptV#n%l`2F
zAVxn>e`mhgc{JT*6|H2TKx-1W5t7W~fX{%aRbhRM%}GNakRE7|
zzPq1^i-(sTl8{lHR=&}l#G%1y)cbDgdwlXE6>El~bR(fN)kRK+o8kgo=?0~jx
z=3kTNA)T-`QCBT}9TN`LdXip%7sMsM87&C?2J;d`U)V@9PPV4g
z0U^qK{=F8j^Kw}jDW9cUvVfEDUXIw_XA8wV3Dzrez7s;ywV2%3SNWPklxxW_PcV6~
z`V%r9$jdWSjp^l@FLg-q4v@S<4@b~o_i`iDmL!xxXw0y-Wr=L@MRk=pMg
zV-d%-7%#6JV%nA9rrm*iAOwXh>jV9_k1a)TcO~9);JwVc1E*Yn2d1a+3Tfd=;g_fG
zz}-2$+J)J5dra@MwdXQMQ{1U={7fn&e9_qfN8N_2P`A`y<>JCkQAjP(nL6#V7IRad
zP%_D0N-7zdLZhu6i;V2Ge-Ss^(|u4@Q)`>K#@G9%<{`O2P!cEYo3)xXNIh#MaEBL2bm
zWM5p(lpPy=vc;4=AJb)V8hgz8%bSsXB3!(&oy{(XVK<7KblsH7O7mS4YS#bYPi+Ue*Xq6iE^U}fVE9$usj2}L)sw1oYf
zPsdH7P=GgOT~R<|XeJ)Zxsv5B~S%iJ~+0
z6>Z&2%gEC3+{e;zAaUin0$t!=z6Bs}!1RYmNo
zfm+vMdW#!62AZy+=^dP-xzQ{61vu+v=
zo~cP3nsO%AA}wCu-jIiySmC8gBgQ97CrYN~-nQo*FJwn7^-mw)kd9Hp&`c+gyfs0@^_xPj5);fg7OxY!#KNFF+ClVH6
zVhQqZTP$lguF~(dZhtoy*7L0JTTiqJXtf;tF>+|`xq5rv&n_*mUg%U_v(HNh%b=1
z;v>uI;vup`G$7+A)JWXYBenNg=Fn#+X97yXlxOQ)Nu@*4Of5dX4y(ow2@TCV)=eGc
zvU$|ldMCOEHgmfF`?w*SNa>{DUNV~?l1L$qLHNn%LWJLBi;Ca+1ZS|7bd@=6bVG5|
zPSg+=NJ3{A^X;REp|=hVY4?plt$_#N^T!g*BGwlgq_s1Wvf;m
z+p+$ItjE`OG@uSj-l$VU2VNM5cR8yYXEGt7df?P6IA8p}M!GCSk;zek
zV~322ij$e;Ib``82@=ox{9APui@Q0q3)ANQk^>VvqVFq)@1sbr%jM
za~Rgu*s$AyQcq@z%9g>~8-MT(>__Tg##E!mxsq%%g3Nu~0EO~?N5ko`u*59Z#
zq%<4$-SMqQ??}$suo67Ko>43_CM|bB!9QT*=engce4zVOfkH8Aa7pHcd$8*W42@Ua
z*9M|n4=$)7&o+4BNr$S~UVW$5Y<4CD8u9M>j$Cm@1tE5Pg@4d}Mn-5XIXT4e5cz?+
zeLg%fb|O7=w5NI0QgAy`#z?aPEx7v1trN6p<6&EN20;iBSVIt4f
zdF4mgBHl;(9rjy_iaou5k4-%wk_Z2V(5s42G=gD|Oso-20bc$}7Xpozgq6n9Nn%C5
z^2+n)8s(^TBGsyGdPpcLJFaHuG2VUnWLN>g-4aJ6&n~Jx#26=Rc}ee*5edCeL12E*
z7XU07!KVBHZ)wBM@->>+s20};T!j@QB$d<@N=nLzhfdw@inGg}^kI5>i!VhM4iZ~%
z(4!u@A09boWL{Ofk!3&ju0nO?d@1k}GpYKAHd9Ui1+eA6DiYl=pl$}SLh6BOFH`~B
zGG2e&;PC5#SM`KWCH2A}CwC*Zs%zq(e_Gj-yn%FepSN{zOm#?#&X
z`H8+cQI!0M;sOgJKj!my6y-8DvZ1N!q3}eZ_(T2Qu)SI^j=W!LUq$4fT?veT-E!n+
zF-!8X(iet{pzZ8Z^l@;pz2o_KZhdE??qIrDJ(jwXf5ttjV=MNG8T%ebVo31oP;qOo
zNORbM?p`IR<#%JKR5@8~6zK|nSiHsfvGvqWp_
zx;KLYZWvu*ULREB66amV*K~E0$b7vm6xVeM$0>Me(1$}czM+8N^)~7nJnn3|ADz``7?1`e2Cyx-wm0~<>6r5>?}9suS*Ryd~6`F
zT9O8&+$cb~5<-+KD*kJQ+ndKIBn15t#`E#|&Soo@4q2y4s%LQPwKm@Rk=x@(scI&7
z`te&#;VZG9AHf_WtGpi^)+sOMxZJM&qI5L9;`89ULktr0BSn0WYRfcjU2C+IWN?=5>T5lX{BI
zl|(c&KFm3<@c3Y<-`MN~O>Uq`ZkYA^$0+Hxo*udl35n-onjRU*Grb27q`$WkLBNH0
z)36I%5JqFMRNPF&Ne=txLMBG&J*3yY%#^Hfdq~f|H`b|o;VfmEnp+CBcT}7ncjs~+
zw4d~a+I&5bmXPYyxlHm7O1=KpoOr_HLUHRP_&_sg0Qrw;Y-->`mZb;==K=vMIyd9i
znPGeal{)zrVsYC(lG|SQBWZFwU`I!DcJGi+ky#=K2+|M+2g4o0=RXKEP9qK6d-85_
zBE7-*aj(UuoSX)RgT#YFw?Tcfu*Iu?E-ZeBX~b`5i{9UmpW($x(NO&!nDba^wG`n3L}=giiq0Ky(6a@^4g(o
zRn*-*45Iq-=0jyF!W3$`qxs7ADar_EH4P6}P{^=lVk2IPDTnQAR8%WA=K5`P39$i4
z<^E`2^cH&d#d`qY3bLl+S8M=|xgj_vjA8KkEo-NW49y&eBD01Y=5bCL=5bA_u3?>#
zxy?CiJ?S}$0{gm(CGaT)6(>@#WQU<8Jjvpouk&*LGgIqi-=<$zqvm$Tc1>(Ur$T_`}k#1yGNV(rfB*8nu8jC6SfxS;{OA)z$Yvo!GM*Pi`0y
zGj=9>Bgp`x@eEG>Q8^|VS^jj9(E!z9_nsx3vOL9^ToiTz8WNI{bTiLcK=(sNvEe$l
z<>lfhnjX*qh~hUOGEheFYcv-nLmL{eP&|Gl&XFSNZoeQ27wF2z7SRuC-^t0yZUZ4z
zIItY0ub!?l$@@UJV(C)waEI}u+!8`vI%HVkj|MI$sW)WaE*Cp`Rbd9b0&vaqFXtVz
z2gY<+?%jKgV7Ee?*25(JLJ?m~SRX2v^zKH$>gmN$@&!rcqMkY5?sO9O>A6O5*xR5E
z?3~2MaU=28lFlEKZFy2`c}Z+}a}@8YsYmh6sM~G2-M8lAN^i_26oI*tG&_HiAgTQX
zi@pHJsY0o?g8XRuD8j35YziH7%Kfz2LpHu1b404XIMPaW(h!7Y`1PS+{0iV)C7k3t8)7u{j**
zu_eUaYZY-wEPtV|Z;9&pSj)72Jfu3-xN^QJpyXH?_3&8N(FJi-Z`H_7Bs{?oD0t*I
z&t+@$h^u$J$VTG(KUBghi%^_B*$WPSV7RiHS(XPozR8uZYj0@@ouRM4*2oQ66^b|P
zltKQ1_jst$j*?!cl{;r5)8?8Ow(GLDnzDbM`h96Ghj#D$!_r_wmWGMbCI%W;H6APt
zxRZ1E_Sws3+#QG`U+V3s;PyV}{+!AKRXXWD@0gnu`L>Ut?CK*ygpP8+&?m>kME%{p
zJoH@JO8Vr@4`I-8;m~OFA~RmnRskK^sud-;#4oqnVzn+X$p}BbqxU
zBj8yQ9*#jKI8-g$tHj){hlnM~f-o1$R3r+=Ms|YXNro;iR2c>aA6#d&8;+v|MTYCj
zjl5qlY{M%XP)zBvP>f-R`G2CqjZ-cVDra};YhL41R-jPJ90q_rzk1`-vZA5Unn7P!
zqiVAm!oAFlan8wBh^}$)G_DoAeNZ@%fL%;fPC5blg;4@1Zn(WY-P@}dh3~S))!g=a
zCoC=dBT|hGN9)?b9G8xy3wK6_fn2>A1A4VHM+c4+C7r#S
z=Mho|F~YlwU#&9diUbVIS;rwS^zCF5YF-zQo2RR{a;P8Ke841kkU;D=eiS11D1-)w
zooGOzetsN;XgXtrtlX5*_fg({a9VSqm$g7b0mq)xM1c~!rg4!S4FzA
zh|5BuGp~k{xnW5JVWTJEDh30h_URRi=6%Ww)ZZzN_ZOxdsOdkK&`^&q##vh5u
zEId7r4!7N(DOJi-YAfn$vBAocUbm*G!{-|a$(>b_hb;K(q468Mal&Shk$4bz<%;r#025-wf?z8U$h5&
z4UzgK@9+q)5(3z)JZR=@4OMQxzjocYj2GstjP)~$iix!wau%{AYYwj+wQU|0s36^u+$fM8&>-2igx(
z=N2%r@hU%VFE3TjO>)X}5XdRyiQwPHGe;6}9d}byEETu9!XF#6@l|e2O}%VN5$G~U
zrFt=6@6p-wh!lhuJrQ&|nqW%r(Q%N{(QSM`OBv9GY|<1z?QGC(fmR33sCF^K;6=_I
zxK&1gW|F~mSGSeV6yl}LP2Y`=$j&7ZII|p|1h@gZ`*3gu^PsTA&p$fTU}=n5L0b@B
z(`&Z!Y*($Bm{yG6)&(l467Hoo0&im4$9>YFUD7so0sn+h328|YF=yrpCB@7FuT11m
zgsAX%Lhs8ZUB*hZQ^M$6X353{_^&QDT%WZl9v__jz>tw#SG5_Mx2lP`Q;vGp$TJ3A
z!LuChJxM&~wTKmo_%>KEUH(i>*gc#Wd*b-4;V#+T78P=DpPi;lR4XQ~VY_;xsiKoi
zn!4&NXujiyG;l3ufQ8ci?Q#+?!C5j4erp2WY3t0)MmQ^`0n_@qkPjcQfM;CxVtTBQ
zf5*B;BcOj}9_TZ;(Uqy;jY|4Fx^%-SDoh6H#$nbE!LMJ7n>|G<_|AEcSwN0s;Jf4b
z(3C#SjHG5wqqA6qExb$nqIn=5~8OEn%;(ny*w&ufTTQU#s`p
zL??0CW_qWnTp0MJEEut>blF$SORz5I@-%BcbSIGiuI(Ai)?uqnO`D(*3^+=OskX_=X@rvwk_#DIHzBvXHVWWjrhMIsj;5!gr`&i}s8sbu2BV${lO_i9
zpiyKxEH}w2R4m$DFgAU1Lk|f<#aG@8F-H2D`9iFt^B(XVb0RR~rD*W9W1Uxo9w-$G
z=h%~-T^;6(ZzyH{*w_jG*8joAZsn3tv(ZuSw+&0wko7+zt^tq=rQ`|A`F>sOF
z?L8~=56B-X;-_sTL!}b&R1^AIGctSCIq3Cz(tF>;oYc^LgaGM>m-81|rAO8LIKb@+
z&D8P4-pW?rUyF|L)Ypf&%+Rer;=alj_w0W>r4omaB9zeH$Ka;D4Srn$!EOnPcxWdA
z2%`-?KP)}^W=Z#F$o8)T=71G%L!oy5y3tE_c3a$U{B5A!!_Q%^cCP$GGMjcEeLACC
zs&IxXwV|dP*dQ$jQSRZ?&!T}QtuNXSnD^;h8QW8;3`>}P6d0~w7=N0FVJ71%w
z2e$+LWp_x`i&teTie)%v%z-^MLApyE0*{A}<{tv%9j6k_154wO1~qBQ+0K~cA3c!%
zorC`#bmZ`d;NUmHsxGjg-e9~?^XA(|bgk_<74!S+Cjn7$7v24zMT`dE6(_AkrLXY2
z2mAE89ViC-#>S}XcxQ&khu?%v;8)gE>6SGU_+5G4B_#XQ-A$p%OyHrtBQp3|^M?YF
z>xx>Gt(TZG^P7p7%&a2h1fDaA=Q2uAQ@R-NQ82!SW+muVs)~I3O$0jP=IZbu@?=5^
ztuv0+^OEejoubuzEX&sP3HCAn4fY6Ixza@?|718ZD%GP1lC43`_aOfLpK$SSAIqX3
zQT=CyJ?`mu;P91z4SKq=(sO$s1{D_sF9&akns2t}+jdR{?v54BG@w0fI5&8wI6=X2
zA7wEz@?>Cg<-nkO@ySdUaq1zrZPp-E5NMAygW@=Mhc_whqZg4WKa{FCR5(t&HP?hG
z6&tE4M-)j@MNjk2rM5OjbDZ}n6cVNToKF|&X$|UGlBN1%isJ4>1Y+|Y60XK(x0v}e
z=(XJoN=k*y*5Dx)l(sf1M-p^N7g+rzoQU|SH>aPdK7H!E&&w>+XzrxW&Y>x`6eC&d
zag0mEoa~-saW~{`u92ahmKk2bq)l5VQ+-5qGtJ#xtp*2>u$n`U~4Zfe3_pWN&U
ze!H5#Ap${i^sX_H(UQF4t}ssoS!IPFfEYx(I_GM_M_0sdx)G-@g7)T$nUgIyI@gEN
zrdcL1LeTGsXtl_4EhIvFd=(6Q?F8Rq8aR)O?C%e?D%+w9k4htyi(x7DNS7T-JA9hG
zvBvj3e#;VazlaU$7ETHxm2sQRM?se2wn1iu1?R7igU;2in0E^f>c)+S%yq{$p`na2
zktoyC%Rro#on7h*V7YWrHY#BufIhhTYf2*gp1C;y0Y_wxU41z0!sqF9wi~)ae4p`
z%(YyBQL<%ufQD;z$5nxH<JNJw#rE6o_iDAd|=HwdSKLtkj_@>7#A@A&pSV+ag_XJzFq
z5FoxBO~n}vT}Nq(dY48lD_e;UXYuBP=LyP}4{LCDrE}C$Tt7hf?8Cu@iWMe~R!t)i
zPn&R5@$o$~sK0!;8&bF(mcE6#wYmX(5USj)rH?SB3mqz6ukvX5E8b#DOqiyPo2JPH
zCZ=(|9ejHI?1F}hW-0FGeE!>j_a4EE=@{?aziiQ88?GCJ41oJ{g7-Bb!PBn=l;+2z
zJ;d9<-5%?-{^n5SbhR&h7=Wp{6#6?ace=ZKI;KaE0dj8(+^)yOBlWv}Z+&>;oY|a<
z;CIz{mz=b;npR=m;^xOe8M@MBQrG#7JrU
z7F=v@F&o6n`xZwpy(VCo;?h5Q5}GzbS90D_w_5me$RVUneQ5?KBuulbD^fmBfJi9G
zqW-FLq_W7%%husZrq|k?WCb6C{qUK0c=5@1md9CQsq!#ix7=T!n&O%<&_6=5w?I~{9tvDKCGMF)_GP)7@KB2g6
zY_R!|_qh3#S86pvZLS?0+w2q`dR}}G%jxd!eQK`WS+vSFDkG3eAd{=WGfit%rbf#$
zH0kGitvwFUJm|$D?jo9H{?u!uD)n1v>J|3h-m{^Nqi|HXhY%rKw%dCR0`pym9I)dn7YNC`
zUbtMPIvoQ!77?oDKYxfcYaMrfuWd+I
z&|2H31+Y177eN%9*PGXLGJ;bdsjT-HuZy*Z!faMV%25>Y!==I3}
z4oBj+rtx&oeXj{SKw!{w$nIAa70nmj{I{Gj1Fe?$c`LPB6BUKH=~*bPa7xXF{oZl7Xj2MtYJ}sZ1$X?
z+<(2EcSey9#09-0uI*G;BQX5~o>H*!ig8ptzsSENG5-MJ$_TBFy(3j{=F7>U(MwGh
z^|m26cdJ)YD6V9=$Q?a-$xPL1fJ71ZPHAbO&?epZ%J|c#j{E%l_N|-Ms=mw3z%M2}
z-ontPP@51^_t@qnhDUHy;@jVdo?qO`H@Hi*t`ORTQ8$1mK0!lIgFig{!DT78`O~K0
zg@c5uBPV2gW6NxpS4&$Hzp+_PH4#)1SARC9fAk}hD2fz)Jc8e>;z`>{iWQToja6%C
zCxfYZ!z&O(aAVGn;Z-%5Z=KxD%%Dip$7j*o)JMsvGY5Lb7Xsd-0LV=>jeR-QE!zkjb!9@%pe%K2^4}?^YQ+Joy
z9~VD_iP))OP1%Ad*cqj+2J~v$R~!p=%U{^|3v%LJ`%9&j!FNa7+GQX1A
zC{9Y;kRIuJNfg0BgeS&n&Osl+_(Ts0yKvE7$l-v|c8PJw1-jN5I~Ma%TU%R1)fL75
zadSY#JH{3g_;pnJVG=}&`Ke2v_RXMy&8{piTkBkmGS^G<=+rrZh3gE%vmOkk6UKDG
zBYGqg9SRc94Mf``?jbwU^~Oe26^~WAhety8-Z~i8bEcmHDrooSCR6h{ZCsUC2$LKH&yFi-(yqPuv@%G`~hSSO>x)psWe{0!w1X&k4_Pwycl;rLedak2k0yD
z(K@GD8v>cl7HOkq=`lC4cK=`ngnS8s8CW%V0${mrECAwz*l+4@({*CgTXq-jh=~X7
z2G!hP1${je|FX?lt5p&t{9Zi;-K~*~C9nkt8$Gp>tWa#(@btdEZyqcK9kE0|tZ(6HZqyx8O!pa!Izb;+8Gp=Ssy3d#ER4c
zW5dHL=*D7I4fVjNH|BeK&P}5wj7;6w=CK3C!ad%oyzZA?+#Wuo
z#E7(#57fM3JxTU$b`A$$YOlO><|E1U+jX3UWhR3vNre`3^WAGTs{Qup1rH$5bQs0t
zmCS^MYP`&!n9OF$3jM;$kxise{l#sg%?za1hUWP;Hv$6HF^TZQYHMM~?3VPuYMk8Pt-lL2h@d^=gH2t(&3LkelulP_Xqb^
zPBmQmFZ5Xn8R*>)o%uKw|gn>l7MMR#hS|1Ze*pFmO(836Vw
zgX#w|fQOM
z>vtZf6_P$2o4);3K6IjRF?uY}ZcB4whJMO0naXb;_`wg0p~(-ZX9bvI*^E)Bd%avc
zS+W-V9PV!C)b=*^8M)h*b&Iu9y3RnP4vhE>p>6%08XN>|cbtcfM-ExWYm{sPNbs2(
z;Z}XV)&?AkgCE`z&!5%od?sIhdcED{NI`hl;ez%1zJa3loIuFzNdJSFnX#+^l~=FFoswh~n$@Z}u?slzrW6F>UzQMTJeNp?>
z770BFh774_&|YGlm6Z+-c)N1)a(-LM9(WS5v09C-X|Im4g=3Eu%wXaurJDeN6DWNV
zU@9&a$imC-KZxEO6h42Gk{B)d>H>qEnl?8lv%&l^03Z5SIaUQnPU!|8;iIxURHi);
z&fRu@2;Pu>y~=G)8m${xu1*Bh!6D6~wnL$K89zincq}(G#`29cudp!-
zObb;1$optSBt4hZI}A<2pVO`#fqHMYT(vu(FZWd^JABTyB~;(K1Bds
zJ+D#ike;yw1?FLHc!;Mxox(^$D05vN$0$4r7sPlWlm5~XniNE31+E^Smn6gUCi(b=
zooUr1EL5O_W
zD=XVQT}1exBO9+^PHnnz#q-f9*tPT#{`a>6Aws?}kWl?|ZLP1wa1SsQ!H)X%_C)`K
z(oXiNY<-US@l5PKAfm7~o$VWpNAWMQ1VCeb5OPMkB-VcAJZF5DaS`!@YJ~B`Jr2>g
zTe3{$!c{McBd8rMC!oc~<5AZ+d}PL%V6+8o2flX*I(@X&|AG=Xh*9H&npoK7Q`qIZ
z>M-=RDWs?Y8l-~_x(*ONYz7cukzwUeTXH1w(Iy6ccYIskPg!P49Fl@P|ANCBKi>y`{ULqM^0ozGy$;
z-aiws_1b1TcdOH_km+|r#zu`TZYak$QgR9od+oQ{BBqYc;`%bDHGxkZw4YtrK~h&}<)5hMMZ6GoI~R2j2-NKvP`CU#
zJY@fno+N`FG2{g_>&Qh)kFy?159iazsE0=dySbALSaa@yU++jf;9*61F!d_p8?WIq
z9%v1KW2Q%w6+jqiK0z^F^tASgpY3DaAyeHUXbiC+QfEccmkE)|bEN`TcL4u!Xk-=^NoJl88#`LAvIG^6
zgIKY)qBcvvH4K&NCQ|nOB*>mq(PV$ip7eSXr+qV3H0i{H5S0rDA=fmWo<^9L+thnX
zR?$3kl(2BoUQ{2CXfoJ=lF0MQX%*TR&UWR$mErKoo+lh)P)LR7_o#rh`t?6>aBfUlWR6Z!M@jy
zNp9_{mir_a_(dEAXlk#zrwQMLbj^Ala(mRW{ODK|;9?GShnXbW@LS!Sze9@-wInh$
zL%aJe-1`lI_a#o2u^}ZZwGziH^Tge)9g(hWd`%v2c-rPGqJha$eGkXO^xX}8tsArV
zlZNQNfB`ctH-Ea3YM|v>WsW(qarnZ42t#Xg`9x=_a8LjQfT=5MI1ThYGy|5X`EP3V
zSndK-hGyo$Tv#Nc_LK=iM0jlOR0lUdN{~v@MoZq{r@>X4S=gvlbpuo)V|_`bJcqQ+
zbT#qQ4kMJNReLn5KJ{n!%jb;S=dae9+vcyjn$>MZ%K76q5~d^u`&%LLu&akn=+RUB
z3`;SX5(3wADyP>;gLX$FuAqRSNc|H5FI%~NM2bc*6JKik`!$_F|L-P5AZMbO*ahOj
zzk-yqC`ih(r?Af*xGAqdOwwMK$Cd3@fRfe{gWOblE<
z$gasB-nS-`UQ_r;HBQ}r?KMcgLl}O8P5Y~Q4_dzwYWHBdUc
z#FbR9?L=M`L=F!Jzm*i-4lD-AK|CJU0D9B>$%p)!Ogm6WqT~XHoL{}yCfB!2J9ZaZ
zM4)CM#OFyXVW&B}U;DT^OY#q3<3UIzjPlswaNNR4KX}(UP<9927(#q?XD)j
zQUH35Iu+O=8f4ALUfcqO0BArGlhmcmJD_$1u>ewvu(I59J47t0u4|fx0dv&|D2pbi
zmrEx@qvPp`zSI$}^AS0QDd@(McjZS%A|q4$_5nFUS^2&+kyJ%_s!Qq|Iyo}{h+h3~
z6*9?YiC*5RW=&heXBYQ^nM(-ABF6Fa_lIpbTpipSNfHG1K(y+_oc)m^v*6yFM>`94
z^-5)xSI123T-r||sT1ct{yN@i2tcE&_k3@neIE2I(?(fF;5*lL%U1%gEa8Sh``Nmw
z;H1gYf}xeYOdWmGGM(a3|4wo)sw{0ydEam4&lMGm#h*GoZfmwUXpoH6vsdBC%Nd&Qh{%`H?myDuib
z%UDr0*KQKD*tQw8=yBy>6wW1rU+G6d9vOFGq)N%`HJtUtsfL<;A!C1^^
z4(-Mhr>t)pii-IbSaHU%H+2eq(R61BgaZSvQlPb?>tFpF!h50K^F*<%jjuO=EWg8Gsu5?7=9_Nz}b>$nN&lJO|}nPVkb^~eiUZ(8(TyvzEfZUaPltjJj^
z?CNS7PjX6HS|%SV22_A!j4R}iZ<8PgR!w`+1$$cm$@lFcHssLHB{Xe<@4q~3wcWNb
z+SnlHZF)A?a7A~~c!iuv&aN)1>7v7wgG?;le3tDW#jK-HTy4z;@){cuAfLNY@>#IF
z9H(xvNS4d_LlwE}%)RW$wS4Mk;?*d=pF6%YR^xCwnO0DStMWe$Ji+T<1SkTRo^ng)
z?&P!E*y468x5XgWaBExq&ehB(<#crCXNa?Hr=d)Tj5?25&wYK`r@$#l9%M7-6T7>0
zuN?y08*M?5AdH3ke$oDlGHamYw)iT2+$wF8>z0}IiJY1V(sHV94cJOTml~bk+~pMw
z?M7GJO?lF;n$fQDmxCt3#h!uwftn=_hr)YPx4y`On`^itDL&Jou~-rUw{35DVI;U{8O>wjz0c}
zey$8Baw#8HmltRnfOc>oRltWd+{^Ev$XP~qn%t`O5*_Eon7PVl4r(SSpjoD6K!^S2
zfD#g^rVa~4Vwo+f7j-T`!(rD?X)~hByURXdKoC$
zlmob^Xa!igf_)lExQN5y^hS-)6*r5(#7bOu31%8NFc>SB+-abiEyq#sFbnYe1HcI{
zdB6G%*AN0yn4q=9k`8qDh?urk6I?9&IZ!mA?|5C+>ptN!c!SBUPbuu|i_N&l@&fs?
zHBw)^%GkvzDI%
zx)mPKc^wCvy2{ya(EvM^(P#MI5Q1u^&iHf?<6<|wfG!s0DPOku^FjR`>}ezkAxHa>
zY)#pw>lK!Sm&IvK)r6|Mu#{=n`bsBfXi{2csz9i9dQw_d{{ikRRVEQJVbD+si@(3W
zh|Q4bOZVbg&nwSnzj8xe$EgPVmn85BgD|otX=Ya>>2?iRj&N5u=u7+mu2?qe@0M-gF{oq|K;
zn*$kn6|3zCfs9#ET^Xxl`}STyMppJ$+{R(!1L~spJ-78@t3In)5)J`mE{WyBGS
zd$#XLcnNaego3tYW5|?%>TPjrYqU2KM{6`
z@Yo#s=E&bQT@8-s`v_#IEvKqb2&)f8JU_6mU`LNF)(fN}Z=++JWo+-@X!Ch}fXky|
zxz)Egw@fMa{pkdxPl`}82{-*<@4=@m$MbS+BVB1_=-X+I9qUW{`=mU@L
zJcFi*eDByh)XS@0B)aT%Y*=}WpVASkDw17CV=T0YdtaI0e2wqi*01&3xjLHjgW1VqvNo#7dzq0F$WrVD<1
zKCm_3ox!kiXe;}O<~wP_88nn55*V+okyq=ZeeI)H{Gbt*IpzqqvC=yXTjSfBsS@EE
ztkF8N$ZNJ=*xtWj;~Z#awI%e>^MtFzs1Gfe;{#P!kadZhSUVOo-~W9B$#iC^Q!S1g
z@;$#!-t(H}Rt+#wsIm)OUS9CMq5U-pMU9P#hxTIQCh7$ODyqehAnF+g^u6fkMZv*r
zBe2yZKgm?5Ke1c7*+IHogQxf2*g6H-PI|Wj)yyfSLeuVG%+B+Cm|WZDw}1Krq*7pn
z@-Fx2paCO=jf^mi8t2`7tpn*qTnq(`4O%P3tJI#;*T8pkcv8>PAIwvs8-$ZX_NP4B
zMYn{(q)ADzGppEGDnjS6oZjgo%`GoiXbtWpcVP#T3TlX1|5poeqwA(u;|dRsh!<@z
zk*WE_tLiifI3B7c9aW8xv9mw=vIs!SA}1v$dcQ$T%b;1kENP)k#E8H|w
z`-YFJWXZvTO%sPFj+tw$V6gytF$;&?JaJcj0IlbQ&wY;RZrSDWvkT-@4|E8H33XYq
z?&%rzdFbrtT4Uu}iaHUwTi*%fYw&%Hu3NwQ_hl{fHQ6#!(mpbDIiA+C9ZT0;dp12g
zWjOSi1X|1g9`>bau=aFkIp?PGv;y^1=uz>)l>Yu8tfUZ}yAIRYh2!!>|E?+6*2)H?
zkcF9QOWSd26pgNAtH0u#H^I^pAHtf-I;f}(TCpOibx?WG6!G7PwHT*DTPMLK42q80
zBN-UZPhDnAmL6uQMa9L2Rs7ilinc7T@zvwz=+15Tq
z+bJ&oW@<6Sr%`vxiUViI<3l7T2eNuJLP7s!Mg?NG1e93k=LM*xD{eG79mEPsUZT&B
zUtVJD=_5m}jQW(A>X%@{?_&1mnJWUdPHq2eDWuO?!lDcn=>RMkJWZICoJoRyr#W(I
z8I^EymPvtACm)sgVYidQ!C$3#+e=E~S!
zu2+Bbf{3$jB!q+^<_OvW>3T*rD(^j;6q4IIMwqd$$grD=&vE&m;RK^fu0
z24GPt5-;
z>EC497XOigE|L6YHbiCIikk|jCBtJG_1f0;zImTsNDGE7nG=(PJJ^f4DZGKX;p
zlu@*?(QBFkIRt0RBSS-Wg;J)YQ-5|$iHCcdmqa&wmfEGI7R6$s~vo
zK7viq!O}q+8yZ_P#pJKK;Ur)Ga$TV`*^0Vy7E`2PbyROUKpUyOunRwHzd;#P@5;=
zOeoT6Ik$+nTbV7k-J4~8^C>l{y3G&4diI_##ba4zoFnB&bP$kjg>LGC2Sb~lf)~SV
z`$uqin7H!TpZ!0=b<;FS60O~!Pp2zLO>Bby((_AxccdQuulxaajI}|L`PBG1NdW8^
zp8-k_;yzIi_R{{-f9U^0zVZ~n;Ugg=7M527Ljvb&=Xt(qjT`ZNvenk^zN(KtQnY~C
zcTo{cToR}-Dl8`H7up+$zyB;p^0A8D`jkTHf5bN~hQX;kr!Cfqn7V>(Z>JIR{mNRe
zTZ|kbCp&FWtpR9s<^BS!v1nt}#PPhBQCX78(8VL60FfB8lYeQ9jcE)u67BPoFO7CF
z!YM!qf*bh)
zK1M*@!d(As8B!1&NahJF&k0|?C?qs(a8mMuq5xdKkJ|AGp`f_j!b?g@sx~9mLD!uQ
zL`p(bv2igXuviUtGQRh})#FvayvaO$C)V|f;w=Ios>bj*fB{OXBjV%VEFRDU#DM10
z6Z7dI`SSrhKN=!-0R8+A=+;b!1=u}RpS8}w5H9ZxfAi?%@A!WGJa6*j)}|G<&jW?t
z+H2OD|3nK3t|yd;%Qi$3iiil;cTLk{-`Aw+G{Fgmj8z^QC95oPy&=hEg1b08%CIMn
z#7BAOzv!K5WK1mAeDEwh6;3V*W8|R2r_gs!gvRs=M&ntCh6tjq2vh
zL#S0hx|sXce4CYK3!7JOnMr{KLY~{@0)Pa@`1QEGalNnh7gx_pGa?uJ$DkR>MKgLb
zH9hsNkC`KZJ-|_SZW_n+fU)f1ym;&G$h$emeb#W2>lcfV^IymfV7A1sv9o%TLw?xi3`z#RtcD&s4;mi&&N+NLINZE}TWsJ)c+UNxzuwN803cI>yvZ7z8v-=o@
z!Jjz6T#xv$>GsX2Do^HLY>#|RfGcNG1=_59*2(?4i~JfU*Eu(mb+0++TWZY&o29y9
z!8R8?Z{)i9qJ#yL(RYIRZl-Lm*OjTug?e{@BeusRc@A|wm;9t6bW?Tk{L0(2+2@Gw
zHhXZduBLhYqIf|1Z_!J=
zJF3WZRWC-VAkE2nR`Wv$!l4kkFK)mT`3=)lhJ)ZxP!)g(%uCKN`}0ELoVHgMOKrt$
z_ylMbw6~s@q=sPqC9#;P;n_f~pKakhtc@e9Cp@<8IX;_O1Ptfkufkdgb{?mtn99AF
za?v898A78=_kA4^`kZy6Pe!VDr~^&JFDI}!580y5>Q^fs&2YarE?E363&%GZt46Ws
zn
zGi#ByEQcqWskUzB&Cuj&w^EMD1{tR}+75?xTO6?mScS?;QB0N-T-@e6`8|#)!I3CB
zhKEiWob)XL{kWf=_5)hwwnhz*wd<7ZK1uv~xOr(v-2ystb(GY^^!Ndzp0=xU9VZwsbTt0K
z4W%`kKkbsT7qA{a?UH_dLR}5kB>$WD0ly(71Z`JVqb(;B8uk%P+?#_*?Hvw+OA}#Y
zY>U5fV{T)sl*7bO#&!903>Zw}*h<`yDrS2JPtmp|ht#XeDw_l81kL+C=Y1f1jUHK2
zrb_rb)`Qvmu)jx{(v@L$@qy$@zG*xyAMbk!Jape>xIzfr8#^SH7s{=*=ZsS!)y?aZ
zt^4*cF#AICZ`ryqpt>-~8Q-G(BAA|XIQq2by^i*-qg}v=?vkNpntpR&sr6Shm(w0?
zkzNg3MuU2G=BHQu6ezrxB<-in4dK79+S3X~J>_0m&5$-d@_Jqj*8zS>R85@s?g0U7
z4kO7`*6y{g>vb2MG9$S@Qptczu2A*pm+%YRB!Oc_rX=n!gp-6r!xPX*^nDk(cq6rb=fe7Oqd~Ct#K9DoV>Wu0->3~S80>Q<>-#<1e
z50j^UyAoXuC%T>&3ch!gnKMi^0B})V8DIEcWCu`PlRc@f)jusz0H*heyZ3ADj{a|k
z29{NspZ(W}&=IH$vGaP$%NuZ>syV1?K<#vMTl)sAo|Q%!jGNvS1o?jz75%L6784Jq
zT?`>1>Qi6;8HFH9w-f^F2k63X;4>mY@)9mk{ByM+G~~1q-mk4WW_3AmtvyCLMp>Dn
zs({4MqWUB4Cq|xqfiroxXS4V$GYI{qm!A(8-}_5ONJK+&ULk-m6OAtna@hKKL0yE$vFyv0;R<2{-#aIVXpFTsh5Qj83osX<4|mik@R
zRE+?TLY313*r+TWP2Y3FjJ62AEPo?_j3|QnZ04pvvU9_~{RL=lHh97`4x7Hg^k8kp
z#vK6l^x9gnuz?~HfS6QH&pjtE6-&Ut$bpZ#b5E&<3v8%#^@SGD>iPqFB&Q2XGzxdP
zlkrIt&&yfkiBTrw(n@k)0PwG+O6OJu`+gNb0S?3Kjem9KP{;)wAcAVMUr!-`?{z}~
ze6J19zn155pdn__=eJAFb<55*Ph#`Z;pf_ow(#)-shx$1VIWKSj=nkn!=Jg&B_PHj
z`1J&IQ~FjA{g5y4t)ehiJ>RaAt;HZCnOPE-H;hZ}r;mdJUJx~>_3g&TgNCfa!X$?{
z1rexEQSZ>J-V8WTGu8Ft)Yj(RCLQ3pgnA5m+b$;C-6jd()cWeIhr&>EeGdBq|4s}`
z3K5eGX+6oM)^NZ|8`ft8K0a&Fu@LLqM1n>Cp!P_B;R>NrdF6bGF&)QBM=2kYY!%M3beCpUiTVr_rirxh20ZN#MtY{{ObnN>exZZDw
z?=|
z=P1a0j4ru)8D5b=|Myjb37aHGV`!Mcqp$f3y2pf$%e&UMJSXBUE8p1=5+6TVGpR4M
zc33xEC=vEHB{lTN400yqm7nAsz2iv*e%){X#O2-Xv>9}uN
z$|Cv-N15TkxG0Io-G8(z-1fi-t}=GBgm*6*-tsgguB_gZ__{;7hn|+4i*hf0KMYwt
z&m}WIBaHL$#M||;U+`o3jAQPNE(I-@a`jf8>IzND{hONWj#0?MaMW`#u|NRUj*;)j
zZRBfPeCY2!*EY``mtENLs??-8NKk^4QSorJ^u&5%HmX~{t+!KAKF1*rnwdo4-*5nC
z{(_&=(lB3T7*^WJX!|Z~9tBH4`-vc;qf@c*eM?)4eQIkP*`%;#oB)Z$U_H2}&i%ZGsJxWw8^l;vl094$j5@8do^xv$ps1
z1Cba;QAAr6F1-h@CF*Q)XfBEt;kf}WKoeuR
zc)_V0sY87E@=Ym{(FQ|$rX^KACtvT+GZ3-4q5)@~8O>jH3X<&xvt0GZN=(g
zVPg8{K;jP{`{bc}93XI?p#O>&h@g)f1DVg7TYXI#8~E`hh}d*P3TxtD@%oI&@WN*l
zN1RK;&VLkV(e|dD6BPq(p~?{lUe#xLNoZUX^`Vi41IkZyXawFW*&+VJem7lkQYzdh
zIJvK9bKTK-9jv<>Cee%T8QF;At5fEv?`4P~z%?{);5yEr
zdK#aYcwOw2z42;IlvqL)YQ5;9sxIy&Cccb>DSlty`1_AHePiuQ1?#V4)H=)9RF2ou9z5D?(`O+XkgWa;^{(Z+6CN~G0#`XdK2x0KEy?aYu
z55f6?j+>W7+Ida%&t5Je3_q8{%@KBcP1zyrLaJ@$<0Xzt#QWBzBT`6RGZ&qP{%g7;
zQZ7RVvgn{wu859`DIXv7<1QM^<8|Qf;*Nz2@apQ-{!=!->nLh(ZGcpY^yTK_UX^C^
zWFpq7lktvDq*aL;e;vf5K+OXDxJ3yOkot$@F3({UwChnYV#|
zo`|<30wjXpwg+sLDw~Izc|k!mDaP{1(sAXGQ&s!87tt}_#6XtS*2u1hczVhN`4_Ws
z9Q6d*98ZT^De0DTai#+G)(7QU--%&pEZIedwZXM1*I7pD^lnLdd5;C4>7oT4wf>Kk5jNl^Iv5#;Yns~Tz=eB
z#W~%$Z&OjFos*M~eSWSLWd44j&+$V7hDDsP`KvRu<}7MgmmD9R+ve<(nyP6Oc(^pJ
zsJ@eAONJnoPvxn*1N8goTe~jouO1H=VVb=AaKut9*Kp!bwnmv1Djd0wC11k^1#XXu
z?aOI)CTSB@oodvD74sJ6elKW4BAN+YUb?kiMRu(I@S!ROO)G`6Iv3ca6nF#%i3bLm
z{#KBcUDrVOt`rZ79*4|r7atV2HqhDThyN_YdDqomhp|QSHY_a6zHl2W?3~@RY88f9
zJJlRC9UoUS8qvwT3g#B#o$HvCKSp@qBsAreM_V;u^^fd&@h`p#%t*zss
z_Ik8lPzulw6QeLLkGKAUj)Wr4&YC~5Rqu;6*3jVPd3<~UjrwBm_l{n@R?wZq=vRkr!F{O8VS=w9Ub)G^&Izk
z&rDcEx%DdUJO?oWv7b3?>HvtBW6T=SKTl)8(`gK-JuR~ar;*_4GED&z3H9|m8LqmfU6Nni
zP!z3leDiuIB$?=Hr~LKdwz&i(>Fkg89SrmtPc08G=wLFNisKs>ta)Z_hQ_Ch78^io
zqkJ@tqe(JZ*zMBj&1qxK_T%X6j1n|K2vMVN9UL*a={=BqTF7DH;SEn%(nXRn9Asod
zcfIoKY*XZ2ELYoy{oEVq92*n@^WRLv*w~P+U_}F@XuMXORjXz4FNgO8+=@@ANsKu_RK$60|9xUzL!-
zQAXC2RqNm~{?&|9MauM;M=KDsI)}P{4HQbvJ`!_h{e$&W!E_JfBo|6<4FXGAO
z4_h-}ZWYvI>38Wuu(cI9aG=5ewXwSoHEKCBZmo9mZN%q}zVq{%@MEOhJilJesfNMk
zgW^ML2UTIU@_0P@Nt=zX$1~A>RwP*!+pL!Z
zhh4S@7Avj3lCp#E0um?rZ@7-X^x%hf)*wKG=8V
zQ+qqr)=|kgkDVG>&F$>xlbC2P4`0pIe$};-VA_wXSWbo&$do3=o4~-zIxmhx(5tgE++`<-&(
zEpPacLVY9U+y>M>U*bpuS>bNW$6WIQbLdEoE#iK&S0yLcg8X-}Ask
zh)`$6hB|GAZ!hFcbLP}MEYCtTC-&LFcPULswP?0`l=<;pkO@B@{~@wb-i1C6pDNTJ
zCGiN`o2%yoszj@n9m934>2xKg9Eq=WH3zT<8)P5`1mp(KuWoMoi9ssm6{zPOM3^cSIL5Z#1
z?TOTg@PYJ|yV)EiL1sFkB2BMy`;(sD0mJJ&v;y@8;h^4}x40j{z%rQno?x2CzW|ul
zy#JKjpmumE69oIsgpPXi9|HwwP${91D48?o<0`*?M*JfQ=1Yf_=#YQRm-@m;QV2&bD7ekijCSZEbIJ4T=K|D)Q&9
z$+irOWTPBmXCC}eeYQW4gXQN}chC0tVNIBSr;I{8px!Ji4pUNQm00$>lX%^@0oy_9
zhUMJ(o&aG46&UBn?b7Wwv*c#5FV#kBFm;JbGGFLABc@SmjyBkE^S10X1Q8LnRhp`Z
zh9K|#)lQaJk+!A&;6TKc{iZYZSdvQxWxjOzDYAOgHPTlpwaA2&_pa}b3$$7OR|_z<
zXOR8dp2Nq;g)h_`PSt80Hv|s!o9PD6+uNxlQ(~oiMq)ER8Lh5v26e3LhtKxAqvMpR
z3NP%OnoL!j&}_=7ZDp@5q#V@w?v*!u(R8_#1&ElP)609cQJXe*~YBe`gR2gOEk3h1NDFM#l`V0%sEpG6do?CErt^pw4Ono1DCRKg$58uG8x2@8ee%kOZ4
zZz4yszE;|n#OEx*Ikmte;z!PbJi+L2vQw^LD=t>#jY&7qQaW1l_}xbo$05GlRe0i6
zch6_W-6Ts5j1-chHkLkxlO-0j_|qo+;YX@oBw4yF6;F;!jP+qG8}6
zJ-B}iOAHvImmYrskJHZyBJ6k}WtpUhTJx~;v9M7R49oq|AHVO#P~uk!L&M*L>+Td97u6AcjLskON*Y*u1{lfS@ngeACH1QRq#B2%9>DDyyn&r(dxaECFIkn63p9}BtpYpDsz*^HM06;WCtAWA;GGX0aPkMTw8xDc
zD_Mhrnj@-OL*%&>TegPCSbiAeNvXDMa|&`C9mttBLNRhS+lfOJn7?D9)e!?Trj%L{
zHMM}j$fb}D$FeP}zMoYgwxvZWtEB_0k;6)XAQHQH`TS_rT;r
zje$X|ptAgN{OjJQi;2_C1SHk$R2nuG(A*5wq!HP3zlT%KXV$dQBqFf@7exJk;Dh_2X0-|on42>
z?SmWSW92prC#WH;xY0mY8$Y=wyUe+n5&^;|kSp47y2F2YiZbM#7FkB?mqkDMEne^E
zq8(`Zcb~Ak@r?qQjRgVMg#H^0=*Ge4L|AgYKOJ#5am|}**rdEucO(CW;Cx2p^8^W3
z(9@v?gt!?)86;f6p|I#K+%_Q!WuFa|
zNc=QhJwHSt_%E3Hf8kXYVh~k%amj(_PjLi6J$duawSMl*YubF*ts3P$_Zuig;LgfJidUs3=<2?;8O2NX%S{-NPgr{b28z
zFb7;FLt3G58aTX?cB>t%o5L&Xh}|`p+fDG%ttq+%q?Bb)KdoE1u5_rWC#j`reK=$%
za^~HXQ?-3ihNB55N?SRC5)&7rw)&-$q}4piT;Dqqy9=nViF92T3>?%3bv0Spaqh;2
zx)8tH#_t!5V>~KbQ~E4B5jQNqBB+(QMn^{r5+gGVSAs)T#ZiBRoT?{9M|kUF8kbMP
zn0cjKKvQ!MZ`&@}^8ALJBjfE_a6ya&^$zD{`_8lL1|G=azS#)WBU7hxxd&r+X%`Nf
z$dicPr+nWH{u&O1t8wDh0$tIAO+Q7qE>EwYK3pW~t$cWAby$~QqwOVoPwr!mr`o@$
zF)iKQ+cSCSE~EX*n7JICzRrR#SjgV>-3tp2zRr_zLa;zj6>C8i1q1%)l
z!OttOak@VXY}4Pf)9~V4Fj7!4MpqJ6D*&Jm&={aC`V-(WV$szlX4W|IZnZZYI5gQ4hyW+sSg1O`MZm?^{yKnUjjTIJ-eN
zB6OUp#sZj0^J2l-(y;XO7Vbs0!=_Y0dHzQ_=7%%2T-$u)rG>t&AS?;h!D2{?EJ=#%
zcbS`vU7ZUG78doU!<`1T{w_NI!kNZ#kK%>n#2`JPG{~fi?X-?4bkD)J7`MNv74R<`
z833iOib%(JH-^er9zF&4d&F&5pDi;B>J9kZfOyOy{elcmO?
zk=ye%V-e-6wHFi_N9T%D-Y@6|2y(eLk?HCza#h!!dApip*B||k&g4Qwhb<=vE&BMu
zYtF*)vi0#+3+C}O;!?n5ddJDqYx$Es%GWR9@+{k`EFgoe&E
zJRF{DhNyMk82#rgZ=|+QV(-p49|Mv30SxDwhtSjo>|eo7UlPW`9m?UuHHKqlb^685
zK*N_W(rIa~1OUyY)u~FT2<(1Pr>7(NNO3qVBAjl)0V8G*Jdc
zC1o9`BqY&`4m>_d?@<^(!1~k~#ir|8WHy2_30nb1V;S+8Tfmlg9|SJiKSnGg`|ZHo0dfv?)d(&KheX`yXpUsOnlO!Bqa
zix>t9ZYp9MQoa3OA`5`QgoO**g4c)+LW`062Dt0ii$~Y
zp@6)e9)@!w@wlbe=2bfUxABzOJ&uLjS?}YG)Q9MS0cT~2hXJ8G%d=F-vWhNbpR=8Y
zdX*G2R|{Zd7_TA=d=Ke}hzM{*?ac!rfi>urT|4*ezv7JMBlmnFB8nl4_xCVIrx@*B
zlWN|w4YxZE@`F8-e3K?M=k6f?Dk*JX{UhZ9d(5YdY{N^p3ktETK6nGsuV5|xN3;Eh
z7YauLvU$FEJV4lFVw;xgmBWIGUe^S?vT|aM`<rJB+QZVm
z;OPZn)1-kTj+C14dJQ^GlJ`MYDuA5iOkMr0@lt@NwNM!{ED$tBmS+aD6OtHi_f|US
z3@k409_k)7J+2P8%;_AqIg)5X_lzojbNFZG#Lau+rFRDUY5}ZZ{KT9QMEAh`qq>&p
z!&w7kn=J*nZ{v0*qq~kUJ#sXmVQot+_0`x5v!Bwg;VYbc3GG7{_oIS(#(fJkqgH>C
zQ)B(4Afs!Ql!5h!^(l^^uPD%r9lxe~J2Q$=Z1eW$g64AJU_6mzRlN8fJ0$)E<_oN^
z9kU)Yhn;xDs(>)FGn*O!gxTu2_;ULu{!96`bN8Px_uT``nWo#wss)ShZdQ_BZx$8u
z$oJQb67gQKi(l-IGfq?kX+bWb#@jM`w_}>7kNr2|PAI#Meq%}k&z2l{oG>eMa-y5=
zkG)R^^d6hr+quAfW0&=Flamokkt|>1i^i6ffYwFRX#DgcGElP)*(X1v_5>A=ZcxGN
zA;wx#Rj+*7a%NMvO$TahuU-TK+T;9xwY?|
z7nBP)+bb#@N&yjN(ZWxPRj)9eH-MmHBMBJc1Sq%Pxky+^+GO$my9=KR1*8(Y?&oN-_Eh)E#nXGhCxKo0d(<
zQKPpkMAwK+$w31aux=jDM-3Juq?rJ`>^U*jS@Am%oM^{tCpf<=NOPRYX66In;
z0KKY}{(g3sBKa=3)`&PQ)$$4ZEN%iV!3K@mKasURHcz$W@IH3@%V)&jieM(NZjbr(
zk9g>(pa22NQ46p4vS0P1h>Hsiuma&C3ZGR?PDI*`|C*>
zWYVTKlT^!$%IlW^{yik1iDb#;x5O&*NP(M>a&rUSQMI9Z%v7))6{QBvDGrWr-q
z-vCZ-o;UD8$t(Q0bXYPmO69hE*tFG>W7pWq4|qTxMGANqtr~Dr=DWxcA2wa<)n9Ku
zW|lXEm6i_IK{)>y>+BG#?6-5fy*FYQhy}j=m^pS~u-|fgD0BWfi2))B0H0HZ@c|%u
zf1c*>w>Z(K{{lXjk#i%L!!Z_(H-l^(GR|wQeN}`(H|Ne8gTwWjS*68DLh^T0ytyO^
zzVCyus|!v2d8yBY^W@~g_nE>YF$!1ryM{L!UPb8R*##+*a9Ju!r&sL_HoWmd_NTdi
zyBX*gx(93Jog6ped#y+3yh9KiB92gaKXkH9+}M-o#XA>OD_2+`d%zgQ0WW&S2laarU1z^U`rsfBAsSi>Kv#GnnGPwzDyB2i6e({KR48s7buX}1M7k!(-2!CQrT!RnZ^hNKj0Q$<
zg+3fstHUW0sTnq!TDEBP=M>~>b&xtMDT1p
z6)j@dS=ot|=6U9^D-j$phpMi!VYCb1Et9M%&5os2SaQkY326qnvx39(K=JIxi(5X!
z{td?Zt5dyFuHw(lOZxQ;3!{)Ef&6IQ{Al8?fs*|pB=-R#-(DD&p;ald{N<7-GCUq~
zZPClgCnBUzCeR2`T3GGVNj(~#Egn_Z5}mBJs;t(1f%UR;Weys^`=vmJauO0J$Gs^d
zuW;CV{T3%l(81SGym4b{x%d#dc#+%0RGsUWnFdd2y>Xl2+6Lb0vf0Fb&!dDWyBzPH
zGclKHf45cPqweApa*mhnIoF(~|I=^<2^qa*)Y90}GSotiX?S>nXT4G>
z`G^Ikr&oks)Wx}~eATb|YO8@0TsxP#^E~I?3!o5*=5jPrWNvbv_W$a8f}8p90LaL<
zsIQR%+M?ShkWoPThvYv%#*Mn>t1JB5#;Fc)t+1J8ZhC1WeB%CvkiF6Od>pra)~jJv
z8n+)x`CDQiX~y(?XT+{nKKmr=iI@zIO+r#lfLaJ~@O}-?i1{@oB?FNSX{woEcs~+H
zP_&ESO>k5FHAiy1d0IZso+|hc$(6`Oru^toV!rnWj1KTCm$o(Cin-*nTO&ib@RS<=
zp){tK`!TKfvdZG_9!63^?me6usn-g3Tzqk={lJeD{Yp98b9;(-X7;0wB8+pp%{u$d
zBwbt-D4!OiPt40bn~;LkzOF$Go5St8firFsheq?Hl<(ius_Q~fVoh?3_(aERqHD?B
z9F5egMdjJSO6qG`T{-o4lzuQ?pl@3G=*3vrua;Bm*n24WN2sjKG`BFju`0puR=@->
zd#tQ{Z0m33E@8pfuV!w&Df#~-#)6ygaKYDqx1gu-1OXEQVsuYT=7-e3zW$o0#$l1@
zPKtDVQ(npI;f1P-m1iF!@-rMMuv{^j;_xA6lkSfFWp?NGPQZZm)d|bq)rgQ`^zLct
z@vq{0fdTa@cVaEQt2Z?P9q+n2RyRpm_PYR=lwF(?L_8~KG+SpgIzJ50L4O4+qyRfb
zot7Waz9lhXMFTTF%RdH^oJw%!&?ssb9w^oz6)F$KKlA>b!
z%9$HFYh|_GybQasoh+H%KXY{1xtIg^Rz^g6x^SnMxI$rVG+IWFe@+k$lH{*~**h)(
z%aL=l`vI#Y7ygN)jZ%%mTAZ4u;vmAper=0d882BXG^cUxh7pO=%Iw#h)vmWohu}T|
zXA*if8%h=~fBG;qHjc3o1vU0U?(Ev0HblyNeq|4CKEC#z)gbUovH&RjgOU^Oc@WCM
z%O{=K@-U4?Qnb9eCN)T6(Q<_%ONITDXOO*{D;?s{lwAeE!5tGy6UpZmoYukt8JoKx
zI-c_y8u9;_8G=9aJ{=eI_di5o-{}hjhQ&?TvYg?=KY};+DoxX7Fo~~oI$E6DZjXf~
zf>eGb1MvmNp8C9UnSNqPQlH0dh^KG>V-yQCGbYf3D+
z2}%Bk5doemST9(eJdR}pYV%IVRFgNmABwro&f`(TLw%;9hhK9ko#-23iuNo1)=6_sp@&SC#kSEFMR2J)M()JQx|;Q09a
zUEST~xGx>$6?{~{rFI!WPzCpG)}~@;dN_O@;*o#R&y5BTvxA6^M8QuVRPXy?!rC>o
zb!2_CVIPKHKEOt$`NrO`0ev~|$jZcna9)SFmcY%?(Wv(}Nc>$CV7!5}vOxC{(U=(p
zK=!s5YsaLZY28nsk*>_4yQ_Qbn+NNLyA!53VlI>FO>X%R!SP$n)JXe5Tzk+&$!Y^y
z@-#aCAJrKEGu2PP%;iJx4yZJ9v_SUC`LS2|AEkt45YCc=5O0^+w)6lRfQ$W;9xiVL
zoIMEhkV*2jcTZlq?z;iu7C8g{oo7yj!#dBHUSLKJK+@rvbo?HCyz8^q_U=Sf!3D9%
z)Fzw2v5dfJ@jVYQIz0Rh!QLTQBBH2m`TZcmj^@N3dL1a_NZ0;pNk+S1HVUoF8Ixy5
zR!oirE~`(y@>ntMMZ6r+^t7{RbqC4ZEq7g2L;ra;eY7riY9yetADEve_p9sc)zw|j
z^|`nF!fY!w99nt?pcE3jD43hd8ah{-V2Atg^PH~%9*&Hgydyr<@!s;$pkJHJAb9F
z2o?c>Ji^h#@z4DGiSza=hVp!aZu+W5wc7%b)$j$1q@#xT{lG0uO^978#Eu
zZ|MjW1!cIxGHYjcfnxf$hy%)P>Bw9h1>aK~cE53*O>w%Si%ve+bAKNUfw#I72twyPjy{}HbO1ZB6
z+N1^Cb8ptKk}Z92LA`^80bcJLel?~Ed3RYEOX$J+DoFQ>8I3GKw2yxgm8kdU+fUZAQ)H)*a&rd=zG%R{%FsEW
z8aD@&hrmz|(?h&p$dks$HB=1KH);lZaehhzu*_iS|b;
z#oecM1jpL&gMm9v3UDo%DD1Z4)T{_Vrn+==8kwK>X|opJujcJ~D|qv|`0h>*$U<5t
znV(@`L`dcUdUwa-VX~yS*2&r_*q|jw#ZXy$%$YkZ3fFs#TfzGH*N@R(9{zki-p%d5g2Cpr-TQ
z%880&kqj~1m&(G9X&#w;v5H}msO{*Q^w_M39PEvZcix>z3mUB7$SN@j!=MY0dBV}RT@t6XU(J!yfVwmW2N{ni(CDDQ!UN26<}k_
zYz^&4E-;^4U!GqKDX8^tV=vnNN>@b)Rxvzr42tjY?N||2mSF&Q&j3x1(fN%y@Ms=x
z+1apAnw~>!kTmYT`468x`)%sx`*a1xRYb8e3u5em1T
zUWeFNvy!YW(K1yN`
zf>VuJ9;XWHIZO^=WfRp}66#KAIMjvewVog|QW`ADh;xC^Wx0Uu(Y8+456J6amRWP_
z;o?8bF0jMeK{-%wikU1iDo=FKEP6c6bQu>fQPNWTVUFCmPHIKw=Y(yR7#7aHF~!_T
z4^`4iCdH|q24M=rRBH8|*EKUg!DgX@L#w#N~8lVkZv6SQnmy5wH1D_a53pqW5z!hrS7T=Bk65kePnfX
zOVct`t+aP_-7FtQKNXcl`Lf(3qrk19i=}Jw#HEKUJ9m^oL{JO+BIrK19&)@u9~T0S
z@5ZU1xZ>+u0QP6rD@n*_y^K2C)FzKnc?SMAGV=Qd07nJ$P(e9<`CApcc3y6BaslC`
zC>13NCS;!34gcZ21|bywu7Y%xYNYlS_(D`sSVBmng2%y*rThMUa-&+P@@75``iXlF
zy2npyqMpR`it3F5gx9YniH$p<%EguhH=Q8uOs+}(E4?bO0e?z9k-H=N6ZPTA(Q0rm
zX7#jn*3tR-*7tTf2>;&F$G0{esWU19I2@PK~(@A@1`SISMwdUe#0Rtet1q+Fkpvvvu9qgsr)?ia~%a_Kr_Jk=JPHrt`UjABcsCS4A
z1HFd$D|Hl;67zEh)a>EjKuj~Jt6i`UoH3@5Q=m`aG+7p`^YY;xv7YW&ZcTjjg#NTH
zhy{pmEAJmcj1V!%`1UzlaXh-u*y*zPUEYVx%}uIVL%a&P7L6JPW8?D}y>8IBc%Fe(
z;;iz;5yw}S?+?n*0^>e_5pnmu_V%KC*8-VpmF5O+2V)(=Y@o`OH@-cBs
zKO*6yM|&NGSKe|8{9fh_swWBNaoo1Sy+YICOVMH4^|sNTS9Oyt7`Lz<7AAeTOi5>E
z(vz?m@5s)G8$3~sJr0Q2AiF%bJ9dZ1gKU6z)1qQ#y1;EkPKBu;GxI)Rae^`r{4p0B
zn-Az)0sJYjoBAO)hkw$nBDr?Cy6a&TC}c*}9och}^S%SS9C~IO5WKv8f`#9Mlaq2#
ziCC*=YJ%&lTia>XxnW?=p-P{sccdw=%57UvFhOnZq-W8323mpULi(MwYM#c(&T#$&
zd9>{~h+Xj`STc>wssuq*bEg^=#4Bs0Z!gZk&)7umzv8q$d{PfGJO26;s2Uy8!&&j0
zn(k3hEM%kBf(rqlD{p^v9^X523k&_f6KrO(KH6<;F1o-;F
zkgBTf(tubV4xL&iB9aQbEq%|o0L4lSkrZt`cIO{f{jW)yuHGaq(;t?H;FGt17P_E=
z@L%Br$^fuk@@7!ybCjG%XFvQ5hg6{hQ{y(1obK*dX~rgD@zC#ZxuBAlM?MTIah(`B
ze(I?2RjGHkw{~pSUdH1f2L%Ss+sjXVaowmLF1a{I$0d#YhASpJNBJ~fU=gy8
zJ{<(x4JrxXE_3q)m18J!qjR9yKQd-kn%zIZ(_FZKid}7a6+`dpv
z`;vf7?F71$Wp1qI!T}QQ-9B7^j$mOOf;OT|ON#_7VegRPpDMUK0_?s3B_AlZmF#V!
zrDb`x6KU?001)%D9mb9q_cfWP`HwD{_|GnxoWr88i
zt^$+AME;G%A_rVTEXFMU(Wl%fL@Xl4*UootSx|cu+_WrjOHYYZ#)tv6LyENq6`z3+*Y)m$&*e6D9V$SizC
zYT%y;^lwWFmvv8ULF#x;3G{Zx#kRZ;w5{??onGxiP*V|AXxVwmI%EutF_<5}E;icx
zQPe`0RD#Y6PpZO>v2GYPd1Y?%v$~1^%?Aq$+iU9S$;Fff+Hj!7@%}gc{f2Fn>P)WV
zcZ!==$+)LTU+mxuD7l!HK>z|!^0JaH0Pgi5lj)UNUCZfMl-1KKDy))m+1IZst@eiV+oE|U
z*Z`UZ&|0^whW(#DD53q2M;M2;wzfoHtYNz03@-2
z-BwHj6%&9LX94ot4U4rp*H8&nkK$vHXN|1WnG{`6A@tev(YXSHvS+FSD%rMk(%h;T
z`CEO{u!gtn3po?MJ2i7gdeuv0KR@O)JLSylhSxx}z^FOXmyqwK!m^CdABn2-e|Wy3
zG3;uRipWaMjKT2&|JBRyIQa`W1p(ZZZ1eiNEe@~vksVr}#t8}cy{6+qZC;FwC~`e|
zizyvx#!s+ZGy1CTt@ruu;W)5q1KCAzX?>|>QvPUn_qz~f@acDaKnWP-2cucGCq9{V
zr;4P34eN2-j!{#SGwGld3id(z2L#N=-E+~bczrF^0Yb576%Xk$)540lBZo;J7(1W6
z1qcIgoZu9dr;+MItM8rj`N%)Om{<~!fXBGA4%^h9T&NiWK=vdc_LBb}0U(g@!35>h
zpW>f!sCOnyK3m8|5|eGV@;ubG*hW9Lxtg>;hT?cbKy&b+!^Z
zS*(ZqoMz5n!B@;1Hxdz%YL*DA&Xc(2=ibSa*%brI;nA!hBMNFML2=F2xFMX0YzkXN
zA*0N~d{mZ1UpOX~>50Kwr3gs0{1~$FA8WOT&aG?gP#P3W18BB0lGu@u_H|t7^32kj{t$KU*Fx*r@Nl!~`
zaOpGXMHy^7ZuGn|>)PLye_>!){|*7ry!`wE=xAA9_*UVCDmk#*g8fqhC-b@rRiHBr
zet&$?voKLegGZ*V=W&vg8Ben@Q~hm68OpP{ni;^<;O?;{`iqPO*OMXxph6x|7qki>
z*4h;Sxa*mVaHJOKSokwWbkj`4O^$;@G1dtpkr!HSfuxT|?>~3|w+I(UKD}rRWv1`&
zmKfn4SKrpfA|Q0+)=4&Sz`}ZVjZj+JbVU04j6~b~{kASK=^NCr3v`{Rt?FCZeOnj0=)Jqx+BDH@*7TpaLs4ODBp-{3{f^m+8Hc{-
zJh}6&3k`|ie+X-WXW9@nb;hqhxx`0*83k50Q#;UeJW
ztJ`)%RgbP^{vh$ZXsMlOYe8a8D88=DE
z5v6RtI#%T}@KCjYIRpD~+YcD+^8)J-SIOUPKUm%LnY#-m-Tz=N`M|gTsXg(yIp?f%
z$^G%BY^_jhclTwaxEzkvCncD?GX%0~a%~}g!~>t6M8F!Ea=++Pu)eS9MtMto>yQIC
z6{(#N`Lk<4+F8u*Q_skD;qG_wpLF?5&tZTVJ2>2rHoBpM-A*THSN14XWPmVbVct(l
zl7^Ey>`SREU|;$9DKzv7A?SH{xCLg8%Yq3qAV;#>Yyb}W3Ndos!g@i~Q{m1Xg_M^s
z&zh~TSar|WgsNjbG!HcL)mmD`9hmlya-o&B*$FpoVS46CsrlZ3T1QJus~FI6$8hy^
zQTqo>N_5{3cL9w{U;l~0-4MXGyhplYE*==@M@>mjEF^TTAv6N|w_M)7T~{+2=7^69
zZAm#~#{3isU_}4I!o;iTe|7vg{!HRrK6&Sh
zap{`OLD7M!?~om~&o(+bB@mbM_{_wxn0yoG>v-cD0$oy_$3a}|HDuLM?a1TYqrd|>
zant*bAOKNNy1Dc(dtCGSQE2b@ON~2Oxd${9%Q0i#rg`)|5yhH%Pms~ylBVTl!yp21
zL&GHb8HMDfb~(KcaoZ*R3R4+>+qmzOa--|Z2v1)XLhNi=7
zq28Z=A|vnJzLf-OUJ({hp0~41jvl8E0?LTC=T#5Ho;UC2ULSiLbo5>~PhAeiD3sCU
zilUCeMlb*|A-ga?t^AxHH25e2KmZKRPs^Vigg0U->>qM$jI33j(g18hN?M9qkU`9&
zfFwj!a=d8}50JO~#qo01-jo|sp@q7+y88JCKH?PkOpwc^2wJRfnC@Pp4!2J&`2o&4
z$<^loQkQ>#M1pubYjQ0xn9~2mYPQg
z`ukJyvUq+^Qvqf%G%m)oc|IVrnGIIKrvRn~&^+77xa(^rRj^uS_jOX-0?K8t`vx`i
zj>j#zVQ#NfN_w)IpHHIrpH5f$7o}pbvVO*~%W2UK^Yyio2fg2|qrDWYpSj|C2Z$8y_&Mg1{)KJgqRW7qN0+EXivd)FJFkr;;)=Ki4I&kk=)&
zD?YC2XayapTokQfbP8$Wb5{|zob0C~Mg
zqy6d~T%7np{AHC2H#Y#A7E7@pf>-#RBYAW;4PAsY7TV-Cib9LCPK5!;IuOkvx#~J>
z8j5q=g5g;ojGlB_Q+SwbrcbD4=V`*ZXnf6HB*cfNC@Vdref*tZmoSHZ
zHgaYsa&#rqj4Xky-c%@&L$_3Tf5D>5i0xC4xaH@KvDL3IdB~2s6R%M{7yI2H3j?ZT
zS=xL{+SEAb*NOLWGL;_$Vc@$MeQTqwB)=6!yO`8<#guFDz;z@iElpOe`4J;nENFjO
z@)mh#`oU299rqjs!7E9wi$V*_)1DIe@Vf5kTpJ%;d!%h^ukB#ABq^zH;tWX)6Xlbo
za9v7@^ie>!`Q+De_lR)lSi^~VfD?blUeR6b!=u$&3O7AE_p>kpy@@>QrWPCr`|Y9r
zLN^_B9CE!qPQ9VqUE(GjeQ$IGriivKoWM3s0@h)ao}jwD0vs}T(XCkCA-Ma(r^0qr
zTww%6ls|m)T%i)CJaf*nQ$WFWVnDq`Q~xC>K#ckw0@5wY|9sp1hG{flmafEbG*fBf
z1&i$Q$cuFw<$Nl5KExT@P!wG@tfW&`S|U18Es*(mBON>ctbB2WvshzofOAbcNHmj0
zGUJi6xp+*FRCHGu)cAc&!h0lATY=Yy*bd~pIe}Yz!_!4u*^}yQ!TbZ6+D)|CWy%w8
z)ivvtW3Z({f;om@nTBt*F%{av{oCVpgV**rJzwAr$gwcDp|}7s9tsy@5XGJ_#>N~vfp@OCT42NftL`0krA^aM}Jn*^ugq(nArXq5+gnR*WT8Rqj3#Ib$YxM
zw^Oq~PEX?lvToN1!^Q1jdAHNs7jM`&#xh+DseAVwa~)y6P02_K)BPyb0r@j%!N`mZ
zk1I+t3UnQgXkE2g>gy%zgd5!7*6M;~Nh3~W;t%gaSFbA3(9aJCDXtYM+)fXG;67w)
zjam<61j>^OUPZuh$TWTvT-3GX%a~S|LY@A#u${>hn{-1Rv2Yv;7iAsvpb5v#jEEzq
zTAGz##Q_AX7zyBkP0~16MUa@M6%SnQ$oljjVX>#sz9UnREUM%n56Sp8(432-v)aQ&
z9a|NwZOe50PWVaIako}km7VV~1y6whI?nixEYr?{VYYCwVX0nV1`f}}8>Z?Nm@%Jj
zC)Y!|<@7mSvr`}Z=r2tuUsk9GF7xn%r1y9j2t$@l(u_cFgIv}S2m0vH&_>X8YvTIJ
z^=dt5ivznC-90_8s6yJ%L%Y2$yIxoS*gr$wKX)zfA4PcyGb~;KOVVX9<>bfe
zgBm?aV~8nA@_SjEp6mp+!oUU1pB#j%Q}LIx8pZ9ZveI_3_Ibp?B-k0!%xB4dtCB$7)p-?UbAeUUIhsa&rEwj2O*{p|OeMD!T|w8a|1O
zC9AdI61NJa>KQfof?{0?PgulDS|@&{bi)0?OFjsbw|KhWBqVRM(ryYZLWs{YtRz#I
z(*gTj;d;wsZRXnddOv(B;l$5uFv*f6jQxJJxG}pBpX|F4j{TUHSH9FUuA8p7ZSDyc
zdg_v6l=&Dcu@N&Ww$WxMD^;uLClCWi!>BjilQF%%&vw3v6vC1mU4D%G;P*1+ltmDT
zXTzSbAzg=LFp)2lKi%Lmu)zDuf=O6-7|ObNw!G6a)@*nXG~F7`GJrf~yyq+t2IXvg8MY>uaR6pNzA!Tvhx0K`
zJqQupa#+>W6HMa28~UKLlEw7)F|o&s5SYZY+ibAo=2T(44*COc2!#)ab!##FZuhz+
zcRrr7S%7y&df!+3g*Y-g5Bgs9`cI?Qs{P9X`}Vce&=rH`0iJGCTWOPYBS@yKyyG(A
z{MquNi`T%Gh0?V%&)Xi!CjK{z?^#AE
zOzHfX-}v|=0#YtGA!k+Ms$2hclCv*`Y7h|c7^R*+Q~8(a=cny+JFB_cxpVbwMd(Tr
zZz1(l*N6JjkQpY_&uO7AvumESAueUS&CZt3DQwTK6VEA($YG=jlGv||^!V)iY*Ae{
zCOW)@HZ1{httF`mEmUG#YEIHU=Bw>Ps>jb-9l|5RbE_P@+;{F=tIu3*&FEcaaNqmI
z3I5Mpbz~%z(9s4_lh3y(zw(0D(AJRL|8j%>Qssu1o-!-FtBG|dqr4u+X(rzWKXv!!
zN40TK#|qn)#PeL3UBTYBi@CS&^j3hu{-Kk#+)0*`!4w=1V|%?(83-dEzF@$Q*!Gu>
zbRmOJvj)sW(q=~LS{WomuY`qJpn@3j(&_j?-3-yPEWG2TlrET<__qi*R<(B4$Fyb?
zMeRPv3wj89>lUIdD4ke}uQZvt@yGX{4$b>4hWa7GCdzfdeju~fjh&qQjgM%{>?Co$
z=C+MpaVcwYDbaBQCW)cxx{~=QNpF}a<2w}ixJ(AfZ8+Vn2hSGA
zc^LS^?$AiA96WB%_%h~7B(ta$5=m0#5MXXGla`|IC&0nanXScjfgcm6?wZp?6*fP9o?%a
zb(o>54?X$zG87ZWg7E$g9
z8;6TpdmL2QUv^tFml?YU{V{C%-Sp=%AR@I}tlN}mpx~$)t`q?Ge5EtR**%?Y~$xBE}iE*F)k$kFT5qN#akc^zY-ckOaXD$=fkY0z?!wT5z|F-QxoObd;Y_mse6^qN7Jz
zDcq8FuAB67FZRz&<&89hKVK>}uvTe@b}~5EhW0Y?JoqtXnX~M=}T&x7C
zK4g=_9p5;}hBcYM)>l<7GH~)|#**jfT}Ah|l4Bts-L^VV17=8vWu4ZuiSqNURbZm2
zHg24%
zqV;jbWPa#?EwGOkJ6F`a_M38L1v6POaJ0z?%NBAxNx`!^mIS{1X$vTatEptPtY)5Xe*xzZ*mlG<|H`UuzMOVPQ|E9veC
z3i1_XpEHwFkYD#oyv%h!t*sx9*WyZay6(s!som?Tus=PWglNN#oBrB!0lRY=j^JrD
zjRyR=el)Pkkr>Se|DB!ure9*&E1r)r|8(FfW*x0XP
zhud%aXUIn$gdsOIXSgi56Y3(a^w|u6IZlVJ4Ka=G9TgEmM(`P4+}u{izjr!ReRDqGukJdC~J5m
z@~~*N{LU0|dv28v-y*fC$!4k}msw5Sz
z@`9DXDShZY2T_DbY7WM^!)CnotC=~&k*wlngIF8+qBG~ohi=wJ>V{2k>}xMR73kC@
zt+h)vzdT5^h=5=Z5rnHwR657j9qrWRrdronoEV9W{6*sOucXma4+B?n8Fr(C5e(p%
zq7}(}emNxsq|SR!w%SbPuaqJMdGd3iEUzvZsI)644ZZ4UKh~ID8*ELV#E_6^sX%9F
zDq0P92!gshKe*8C1a+3;+?iU3dhBol1>Kk)`}$2e**M>f2R$0s-d&*E+{^;HaUL*H
zY8(r(oX8O=gnE1Hk_x+P-a6ZJiE5eOwU;F7i63aT%XHZDYz?(=#XGfWhOlJAc
z`oM;@o3hIZg|4jz+3!yJ7w?oOcH^`6vP(>X0g?u0r~V!(9o4U&Zcs*nvnGzB3tbek
z=$xu^T@+0E7_!T@Rc2+WKT0>w$
zOU`(k|2O3@NStNC{e*-8OBze9P`TT?+V*N734RoI+ffh}MOkWw!~!sj{Dv#xkXmcA
zHQw;>SPcWAP9{cG4b{|79VAshtg5EAS$}pd>_x#o*4b@jzzgG`3MY?9`x1yr-Ad*0
z=yiMOG0}#9j1)|?(4r!V?VtZV8?@!=?(JoOaAkrGRslgclav)UohBupSzwy+-3c3{
zu@1Yt8xtiv!R3~dX2@fIe|36+iY@2=Kd(*z=;U0zfZOiniTmt~^?kiBm^kAT9IH8E
zv66ti{-X-&fGwAkZ}HVr4==)jH{MZ@?Ch(R{J5ojmE{PUCHuJlKz7bM_O8rJcqj3)-a_+AJ1@VeLknKf8Jr
z;05DaPt+|ZL+a1sX9hi+T2(d6H
zGOkl-Lv&dE(4DJ2>*2|RY{Gjslj7Q{I=MM9Z$aFeQ&%J=_ZVjW%2HKIBU)OzqmCmD
zn>KS$Q!2tc=9-CGNlE@9X_^lF2xv^
z1;>)X-&K)hXCHJF>NOvGSJs)Hv(5|KUR7D?VcFty
z`i>SB;OQ*>|10v-U80>e7mouX68Lc8d?*_yq{957hXwYdxEt~?R{SO2JI+S^!B3Z}
z$PH(Nvw6kQt`@~G^q#bEc34N%rt+xyL?Eo`E5;fx86+##`hnvlXkG(jVdkRBGL#vB
zc3>*_atII%WJd1GwbRDAZkQwz)=@sMWjymGpW0zlAP3Z9&l?;2!oz|nLkS>|6eM$bs`*$(fL^KqB!Rv#-l
zc3U0863tO-6@Vahbc|-xt6vUm8kZ57zi;<*lJ#@a7WMiG=N!uf!8hEYMDK*Ig@Yhw
zNSh6;ZU#HOD~tjuhaRWCZLy7cd!R5KooiAyvy9$1rr
zI#dhTy8Hm3ZYjGWeyQA0xGHB(LH_7+;MPQyX+24d=F-8LaZK3#KY0A#9}pOHnVSe<
z;^S}WE|V~2G!f#To=;7=;e)YqJ1P$ujx#1E>`C;Vy{8IewhEh>XzLAH3GjEkg!0EX
zm(bc?9c;cMoA;xuvB$RWvmVd@=|*%kn&)Osc%lF!V6})+Qfm
zChoW|`K#1^kA@?_C3Lz|l7`RJxIwM>@c}nR5nQ%%o^e?`S;&k;
z>fP>caZB!TEWAqytgTVs4>(FQ9pf@csr5+96w+8{j
z|1zMQg%LEP&k#JJ^1!Y#ok))3{>|0<)m8uYI1TJK5i^!z6%D{*Nq|?^3s`Am`M>;^
lzd-8XZ9;y7lIP;}ou#-Z*lPEqh!Mb-l$iYU0ulZ9{|B<+8A|{F

diff --git a/main/img/bpfman_container.png b/main/img/bpfman_container.png
new file mode 100644
index 0000000000000000000000000000000000000000..cdf79638463c3339a05e6876cfaff8b78c9a0120
GIT binary patch
literal 34089
zcmdSBWmg_S(=H0+CRos5!6mr66WlGh6WrY$g1fs1cXxMp3GVK}ojp9S>~ns=`EbI@
zVrIIhy1S;Uy5uTCk$^5dEhICvg4on2w0xKV2Nmd5Bb{
    0=?FNPN$i%_HhLeuY+1Z)anTgig&X|sYgM)*Po{^4`kp}2NWAAF^pzA_oWl#KHME-}4
zkfFW4ovDq3skIfs2VGq~YexqjBBGCh{`cR1&C|iu=>LvnW&hvH0v1U3(L%>SOHcQ|
zw1HQ-Kb~^R+L;;xBY)86W#Il#&;Qr6{~m{%?ql%($7KF%rT=*fER`3Qo9=(v#tZvR
zdkYE-j1Np)h+okK{4@i~MNt?da2C!KiNFE69pk9|em#v`-Wwbe6*=aQD!6cHQ4x8t
z#82>Ih#B__piw}~`aSK7W|FjS?f10Sv|8EB@zta2@l)r?v2+f7{I6g2$?*C4kdQzi
z@LD7rda8u)D8MD~Bv_b_U2(vdfB+gAVxO1*$Bfr0R{lTzw&cEj`t1WWBuDw!6g@7A
zOZ^@EB!mQp4;sIH9-*OwQlm2RQ2#RkK>UNo|4)ds
zr)143%MbMRt%g5qhCQ#gI@3{8Q&UnNZ}kQ-Gtkr16A|?&FH@c&fyVf|mX?-AN5kS%
z7!B=gY=)u<{j#!jDm0tzc86lfWHZCRF{Q>8m*-Un@mu8644Xh%xZWI2_XZ(uG}-Rl
zovnO<_#E_fcX#JxXJ_Z&aC3P{ASx>>yE;6i{s$I|9}zbod1NF(fQ1xk7=|a4g9qHh4~9oMx1JejEy=62)e_J&Abot>fcV7fx)LYEJ}1#tzTty9jJH
zM)AocI{da_vi5dLOM^NICWk1n>t&5bE3FQX$K(0Zs$)sIcEw6<9)AUQclWiwYh$p>
z)Ip5T>^7TSf$-SToGFH=blNx&^;?n5weKV;1kq;D{{H@#CtSAMLN+!w#emoK3*SGYBn>TFgDC7&7kvll^_R4Mv73cwYxV)Mac#s;3n^DINH~Z
ztUw3xy4{%k+wRwBu%OUvvdNc7IQ(87u>BzpuLNDckB(*wb>$n{51m8w(*@`a((z`9cge7~-WR{YrZ44{b&u0f;9%1Z0^x7S+ZNvmo*g*Jkd{VCx3
z?O`X1{FT*YiqGhrf|vcfAU}Z;G9Rhoj`QCNtrssYr&E*sXY_@UoGAPsZ?E?oM?UKH
zW@uE()JpE^j2Ix0@0_5|##MoIn%u_uY+)1&ZLB&;&>zb8akdRqYSk){2rOD!+Ty>h
zv9*9useT4mlmO_CCVFmkc$P~tZH%zT&rf!~J(<5g-Abpi3M;KMwo~PQNF^jv7d@l|
z3%LM1HtSd@vv_%kAOi%Wmihr#q_s9_F~vodax<*W153$Uh9<
ztk62ai}MIBe?!w(zTaa(K>FXmL$g6;PtbHUrB!
zg!LUyW2^nkY&3>BC+4Wc&^vONA^7u`fMsTM&_!rZK{*VfPjIz~=m5qq3)r?bj1r>AMTM8MmW3
zCO&%JRfeO9%5HA_K^ZhkD4;S_UpNd}n>_cvVB`Q;v>A=B4sK+)3J+lzbg;h1mQ7-w
zAYW#FFi8vPROZL+FuDqz&P-A?u|IM=cI0Vd$&RKg4dr6l;y39a7>FZSa1&I)i7c-t
z3O4qmlC72=_=|8oH$Dv8pxHsrJdGXXn}_`CPp>aq*|;4Gp);zTM)(^`OPtkDH)uoe
zBVbeFdtCa;a7v2ejQpI4Ar`GU{--JIW{C7W6hkaW=1fwpF?ghIWt@P`Iom5s4!PoT
zf39`@U}!aTP9plndc7@#5c_+^L1Y(dnV*5-XNdQgYecNvPf!TV#Fn9C({Mq0;+MHm
zyd$YB<_VNau_oWAqm`Ub7k#G}I315|ZWL&}Wg%!`B+wx=FI$~2v`?!D(-$hVG#X(;
zhRx!oMfOo=+gz`ct7fE4*ZJCQ4zs-9LKx%{`QzB(qT0H&?4d6+xSa3q?`7>z^B`D5
zz}R~9Ff9O8v1&BruFlGOyEHn+PZ)vtbIH#aYg_s!sF9mw4L>=~?n2P(
zJhRDy&5Bll#+WZvk^KTuaCzE^_>EDhf=lKL(LY%w&`1(prAa()p(2eKBiko%<-DOM=_J|{d2qU#lKg=+gZ
zfSu03awC<9Jqm`)<+Mu^8nR?SQrA9o!(OSx(>U7O`^gk_^w_P!pru>`IG$9i27cA<
zA&X%n1UM(7SF2~K`YlOpe@8h;`WluE<&6NDt%!t$Wu|QiZ2kLX^UCRyLu?zq(Kaay
zVl)v%EHdH}VWaMZHKQjv6z4zD>Ff_u$@Kguj@nEnp1N#41Zbh?@N--#RY81Wv}R|_7=`L@poNy_BM5F4-h?L*R>GJe+3N->P-B!?bu|fvlajV3Lepmc{c
zmQ&^Hdf_$7<9Mh9anjCguMJ5r&3&6Woh?Lc$X`l5Txq0Zx7mYHhWLfEPEOuymze-v
z+4;t)c=cDu`}N--{)_S!sSKz#=igqEPEQUh2*3K%r!ZR;43Zvmxr1~Ldjb}(_0>UX
zHTqNFNUE-T=zM=g)VE5%P384;yI5~;v|LFfaGOJ?V!z~FsCDsWP~o$FEX?xKD_1UO
z0*-T^#F{Qf%VlPwT2S{e1E%tDry>{)Gl*HD@X92`D~sy
z61yoVVTmF2=eTu;1wBJGd(elFT!Bh6NHbO8aydBL7RjWirj&Am{{S|H5bB<&Zgr?y
zs^C&k_qyeb2u?C(jgln;w00E%`RCd~gC1c>Xo_Gvdg2Yr6^o@B!cfXIX!gU+kgsGt
zIl<}C#0IM0Nxg%kdYGT?R~;lE>(sv*+anD>qUXL#+b`-&6^)u2CPLtLEB3`A3<;=BITId
zmvJs1uW5VuS^KqQJ3^lCtP={KzDZ8*AxoJU%+TnvjECM8yWgD_vp|WDtgYdiO?lAI
z7Jf_MXAc0WUCZb>qS*a3MOHzkOnIb)=vOFD@2PD{$tGqZ+ASFx@{1-ot_xJKULTIG
z5A9<6GUTiW7Zc5u1crdcEY>etv1=(BXlCofNvuxvXco9>0vDyeUpBev_od=d&VE;i
z#D_|DS3x+NJCBXQ`)pi-BOrE7E#I3#)c2t@Uv0%fVv{W9@Ln8zy19F
z;G
z9T6*3G?cECa`dofnBW?L!`aVid=wI12j6Wyv=Jie&=#rp7>$(MEDrn6De>Dw3WmWj
z?0WL9G;BEOE7N!(lQ%!Sa>4v@hJunsTDqo+O2QLE>e*FYepaHJ7u&d%l7;;Q{D&>v
z%Fo(nY#V=YLSJ3?(_UO+t?%7_FES!L345>H?3%>`!PrD9OW6FU1X!m)@Cc#)K1Kt-A@X2&
z{D!M4&Tv8%G>|^yU*!uhax__V@EjGIoE#!Ns=_iy`ER{2pcB@q2txz#a%FUzOFKq4
z7WHg73L-V=D!YD%bw-@0u^W1|dMPUdAu`r52d^9Q<_IF*G(vUCyN;z=R!wyOgt~er
z2hS$SuumL;Lb>_UiGrpkShU1drJqhxELDR;xY6jxq5~id%n}IO2S`y`q)i}-+_B;YKo((uUfg(czqA
zaAEaohGKtV5n4xG87;si12LFDwu?!}=SprC0M0`7{Dd8$#V7=cb4%)9rNH7vW8*WF
zSGk)ARnAQ$wvy~qe!wa;Oy=%L`|=azR}wz1EILE86J)NM)TC)@=oo@~tIBjhYqT=&+p@JTA
z7|8UOjlnHBfSE4pO30NCpbFi53&OQ`s8Vegp~T^FV~+is%%DGo$yP?gwPrIiSFGUu
zumy#V!;#$|SRV=|m^0pMp~7>uzdLQi6Yq$4Ghe@oi7q5}0!IERhA@oRgt%L?3h%42
zVn$Ky^1CjrpIJ;II@D$y4v&JM>^S_7KVyivxtovkDmus!#Z#Nzek|HX_FwQ*{X$U^
zgmBRq;&#m}lVC63HgA0f=ASP*C)L3%B=uQ(1Cy7OL&4QU#%ib1m7;`*Y2@e+Sr!)b
zLIsiNKY@EuP=}<(&^L=yJ7=Mk?3{X;#K#B;BfCEEkRf+d{#J!C)J64^0uIC4P*}2`
z;;d6@@xQ``<;H#DAZnUp!jlxS6K|RSy*ANz^#6>YNBcOIIV220%iKahcx0e}9%imgSVB8oD8~+~wZO6MCCQDuR>9=Cyt-oK5)>zg&SQlz
z6KAgX_Cw#6+rLVzgNR=C)R%Y*Hnl0DU??X+NE6Vr-caY1Jcfb5Nf*>0tf15)3^(pX^OR*7`3{f2KoK9Us2r&a_=GdyI?>NrC6HSRF
zL|H5vp4jIPgL`KBhU7e}`fov3G|bc)vH3ey$9>J1-=wCY%;2rA;)g4<#MD+Do6Q8w
zoX+Q~DMa-NQXpSN0iPr8T%H6*l_m9HK|`YVRqb7ZuVwK>>OsK5i10@)L(oEDdEA8p
zpI$=xrF!shz05|J7QSzbMH56fK>u=NtLKHQwT;S4TEk>L4q806~~h}DfZDgc!NZ2B4=}u
zc&8z`KS4}-@E}KcN87K1^m3kqm`tLK^!$}~<4JTnGQ3g;KZCmB8P#l4@ycDSE(jR;
zakluzzq0QBatDG53?)$vsAY-Kf$
zC7m^Ib52inaX|Ubr*25#%_xzA#$WfO_x~nKY)=r$%w9)CGMHU1k`S`#{h1!#@+4l7
zS>5p`;TdDB_Jq+Pj;=xIf+YJ+NLXA2CSo*yDWiKP`v5%ZOXF%O|HKI%W5N-4H%
zA4b8E!1fo6!_$BckIruCh)_W&;2`8r0QKUtcK|MSpZK^O#T_qdH?sewm^zLLDifPZ
zah>&H6uiTCg)-k?pRoThZ_CZ-A^AVB4`tz0J=s3pm{xrL`8RmRb8LH_Bm+}w8an>_
zq6Sg?y@wkYUrsj_LI$x9r<|F65y}1)Q4p_ldiCkhao!&R)h`81HSeDT1IcD#`kM+z
zl-+;CaCcDRFgY0QVL}lGCDLdNRKgT9*E5wv2+fA4%hUE0)Hwb!xD!8<_!eXLLewXU
zBt`|oTnT?sq*)WND;m3vJr`!C|3y^BQmRFO-m}CdFHc64$0!MlEl?kNku0ZAMOV#@
zhE^h1F>lbSv$imdhn)G(b%7i|PqHa?slA0Dio})nR7$S)_ZsEMOha4vRg5SH-MDrXp!H1r}$Pq--v6(yq{9@Hkij>m(8~HYAKY(S(9?
zx1)ecTKYVo#AG<)4`a|U8WOS{qb}S(&i|S9+%_6p<3NtyJXKZi_2qgp2oZnc4W(87
z^r&_%cF^as{7WLY-#uh
zKS4S2uV`#-%uK9#@n4WM{b5@NsnqkfD^=a;nwU#<{L^-T6Hiz4l(}j*9y!VQ6@%v2
zEFmtQz*p=sBSh>`GJo0V&+?U;lBX2;+Gmy&#tz9y!UvOC)-(|U_Srg}UPsY<<@tVj
znTh;->~oClX^OCtS(9s*3>3s+LIUn;M_Oum%oIXMQxp)1s)+NZv$rZVcb0P;M6XIT
zzF5WWZy<<1NhC2@=wO`GOgD{XN+7sP5#eKFB0)^~2m|q(&rN`jotfvhp-u^i=E-A$
zZ%xIEC|&`PFy9-0pqtyVrD-V;ZOdZ@!uJ#rMZ07Gfg>28+s)j{jPgf-%@pJ>sDSlz
zSQa2K^A+fJRNR>~M+Z)Rf{c-z(!_~U`M$I5M+GB?-eP?y^?BO4R)unv6(zVYE+!%f%Bj1@
z`S#e#bPY2jlJ$_lK|_#XcNmtI@BCMVPVzgah~`g6+(-e;>%)`|uOd&jq}
z_ur1s&tp`xF4mfD_qI1Gw3_++ahk6kj~TKJQY0wt92DnzTz^<-H*!-m=LsZm!l%|}
zv6-uPcI($3j0yTjZw|ukd(=7)4qR4Ey#z?M&D@`@KEjsx&kl5|ROrEz86O1LdqaEN
z&^xa~RKjD%{Oz={k=x9R+K7ZkEVPPRZ~b90rt*!uO%df09W=uMapXq(zK*SBrQQ0)
zQ6N(Axk3Bt;45)nYh(Gd<9=R@UuzP%R*voH1Xp9((OUKXS=!(2sDxH$D_WhKlg)J+
z#M34D4m->3Hm;&;DZ
z<$}txG?TqWmPE7B4S6pT_YTWKqfGG;-aPTnrua(b
z^CmO*Ve!Us%39i1N~VJa^N&{;{JdJV9^LNv(xNq_b;j?`Pmblz2Mdm9_6yEmX)}J@
zj&7ephQ;?3if%NzJD1%)CbR8RujdeHcDNY5jeO#;f4)}T&o9Xhyj!eywCvr-HN9B&
zMprIhG8r0zp)Bx#gZK>w$QDPPdu6v75}!A&j#q~1voDWEg6x|>Kbr4VGKYBsC%lHG
zcB>R*|GU*<+gFawEEWwJMA?gxd2Dis{-BV{9d-@`BhBiwp5)0+mEoMZ?7=9TpwI8l
zVdA;y8EC%SIwhKh+uR7@5&AbdW&J0zUYvVudy`{Y!f*&);gbd4NiD{g7HdZ=XvfF<
zGPCh%7x3n9Ud47aK(wG{XsT^()C6m_%}co7mkpSZYKetm2RP4YMMaSXE-r6?{
zJzH6IT0P#5_pT#lsyB%h&5#+5M#`Eqw&!GW_5XxCicA`%dIz1q>Kw6AlXAK}_HYEJ
ztI%c;v-QfWs^5+#D(vW?)RYyIbb9S=CxjVKpUil~@9f`>n$|x9cRNLyq%hFDS
zx17Y-!c55jstRbmP_T`j)71V~`QItS(yG%elfo*3;8Zq%L4i1z=m`-Oq~6a38}j^z18uFX!94KCu2lr~XHCI+m_j
zB!|i0E6UD#ZNZ3((m)fWTroVrM~qa
zE|wAL2_K=K=?MQjjEi|)sy~R)qGPVJDUuDlon0m4aCfHcee6m{&Uf$rtnoW
zSI)N1TBd%z)m_pZH3;C44_`~7VD6t>PFC80o|oZVC{0bR&WAf$ODX#4Ooqo^L+{t^
z<9#QW_sEur6{pjG8x!H^;|`($C5{A#m1G^A#)F^lzu-MPSsCcBk>y@QlqN|{3iVTK
zRlsgDJ>`iaoZj4wG+F;0s6jKU%IKFMM~>F`k-`o2nrAeBmzNRR3j%z
zUi**>0EP=sLK2g12lsMaTG5o
z*{SGw>Yoyk>MW#lF!MNT(aL5zKR?QqyKt}eYWIi3zrko~r%U_Oy5B`zHlFADjLa!2
zxnjD<3mp2aK#(^*i72i2S+!Eo-;z0#A!315MEk$x+8sVL1czbu~pljzNKZrZN45(0Q_;8H%79rd-zTv_?;k>PXQVeJF0PqAiL^YA+7;x)WVY
zsMqhkqL%GwvQ9zE4#$R=>iI_0?N|H+EF)0;V8m-+XbPUSt@Aa#rGdOd&Bw@la?F>5
zo*b>peu*PN{R*;l_?@TCbq{n(CBs>FMI6U$mX*!6*%*eZRCHNVfoAf74E;3Fc^V(n
zShn%DA3MrLeqG0($-pI(DYM$BgEe*QTG^3GDPN(do?+%ENC1E!(qM}M!je?|51<~0
zi-648x~wGcAC9ZZjoOC9aBzhJz4-|s@pF&55R1CWs{e*Y4moIBm_-vJ?yoT(y)U|b2{E%uo&G(6uc
z{BXS{=*z*k-YqdhEIx
z1T{OJ)wi`YB4VPZDE}RiB5%Dp1dY-3+yketF6kb1J4$mK-x8d4|w
z2L$R-W(l4LG9+NP4y|tX(TL1;Vg^7WaW@~rKoUt6e|M
zhY2NL_a^0T93$hQ2WG_3@nSuV=P|h0;T_HXtdxDb!KI~Z_B>g3w|3H>M)&4*(Pno>
zf!Y^q+Vwlh+-}>G1a^WpDtL@wTm*rlQnnZj%XEk94s6_0y6s)sa4_6S%5o{r^)6K(
z|70caH&&AeGEK}NGUwjgW4T(T!M{yMLsfHt+!Ri#hY-ME5P!G(5meg!iXZ%E*0@sc
zbAAgmO&BieIYP7J&WLE7*VY^R)o?1!;8j3p$rtO5mJYoW*RsQ0tsl>=FgS682w-*Y
zr^%2YyW!P!`bU3B0e7zkdob`l;{uFrFX|?WfPHPV&0FP
zCTUqR!@vKcw0~)?EzqMkyoiKfrb$~Z%&Q>OCEBQYr7BGv^Ami3e7;w|)v#ICQu5=(
zS#FeW-qZNt84`HPC>b`N;jt>oP9zdL9MiyYjN|ZymsT&nbK_Po+Moxvx>ZA?b5)da
zS*BW>#Dw#U9AH3L2F$HbX!m=xdbdsvd}(ukHhLVX|1xQ-*DX5=Ta3=-P7P6}$=E3T
zY^;p^B`v!jvY-e-qmy-a;a;0ynh^eqzjMXRSs
z4xcd*hD+ruo7psj#@(u~FZhWH4H179{{``nJ9qoBKE$9Z(fDb$(bI2V)9TL6T#z$I
zl5m~sgi-+Eo;8s2w!7xic$`FiJpH7c$nZzDmCwhmh)acQxEiM-kZY
zY5bwybl0@pbP#(lOZq;N`H*>bQZ2&i^dgmeRWfhJt^4#crdC6!ZWqBtdKlvK`sigH
zxnI&c=EdQLh*eCYD-kJAiE$vERu6%qQ~jVaMmVY6)UFhixoAf#|HmS&P-VXKJ9WQ^
zsAx5P$sS)FF_d!-aXygo|JWBGK$gb&5m_}`Y#Q{$6Ef9mmr0_sa3xYxGmT#4NKniM
zl9fOUs?Qx9SZqXOE$Ql%<9f`;S;PaL<&UL9)%W~7Yo7A_>5yH0?FI6o2Y_oiU-nn3
zwL)f;ALqjX#{+cm{$`*-<7wqm`t8_>&SLsaan@(oTH_V7Mk{T@B}FRufY~43&sIG*
zkf~AZKm=eD5*Z1B1&U8u;OC@A%xwC8d}=!L>g?lw@Z`@5MuSIDMEo`;qZ;U(VQ~3v
zScpk}z9^g#d_+ICM@|shYQfdWQu+&Ms8gj?@~k!3-i7EF*Vb~KG6O4
z!Ml&w)YR%yYiL%u7os5O9P7UgzcIbt?*)<462>o5^^>V`l)KC!5$2
z3A9aYbGFQ)qf?E8iJ$CnoGXejp2_o^!XzuzS2$}GV|0S)t57Hd08S(a(c(+gP{DcZ
zOwL!EKhRcaXof$(=h5?bfk2pv2NM~iX>64+wj>fQe87s2kB(9R+!g?j%MZhg7Ewoo
z05SxIm@0!v;AI1xYp;0veWF?bm_ePU0n&o8D+5a`$mJ$74sfIZpBr7Tj
zjK@S)xARw07e1a;cCvrHT4faj@pnN$
z)1zWgtIE}z&G%8mt7jv~`y(JvQ3U-)Wh$tusybWAN=}|7bdt|^2|5so|>XqcNH1i-))
zF{Jlf98bKS&lB7dsry0Q^V8
zs&A<_#6}C`E0jw49SSWt&8q&rTucpgGm%r*0KhAR!_Z#=)R%#LR*ffJGY^I@fDB~3
zoT}4D;$^E563c=|n;FGmunj3+bK>di6Ev$F}j
z(2VqB_F=dl@Xt2i^U&J}(Y@R`#!C%W&^9AR)w~jyb0)Z5uK>I#ZlfientIYUv?@uE
z89DtnT8bI3^4XB>D^x4CsN&aT$tUMS>-q7R5jcn=aB!+AO9{j^0?QA>gbDyD&q;8}
zlzhZFfc?*|h_MEkn*U$5&?=RjA$zRu{M%9-R%b*5S)c-;M~xHJ3(-~yd`qpvQ>5O&
zN03E#ZP#NSt%g&$o92x{)}O*BPSI5sDXRZq6d}M*cMK)POTOC{fz=lbb?m5}S-JNT)%ku$bOpdjOIof|&Y5ovFPFDHro`^Lpj9Cha
z9uAms?XTK>Ar7mt8_z1zF_tLvMYQ?I6)&xd-EWbtmnm#Ge|izx>c;QiMyQ>WxNnL*
zE2dN;W1>Pc&ks;+4=i#hfIQX0>aG0!93S6;pu#65s-an4(iim#Hfuw7j)C>zi#v$Q
zuJ*u$j#y_Qu|T44pID#QQct{(h?6cg*lKUTTvk|Nimn3302l;OP{FJ&nD6?%rNqvX
zguw0%G$+=f($8L^<@G(yw}1Vz9jOP)sIAF|gW7wQ2UytwK&ll9#0(Nbn9r_47LE7g
zqOlD}V6=#G3%47}cCC3TUfr5lvRM=jGUp%ZCOR5Ft>n+<)}FYoK;Ixw1;p;?BU-G1
z4VGi|=5&W(fo=%Rn^R9S`|52QWJI3#$o+Q<)i#TxBQ)`3`DT%a3`k}D=Hmv~zr(M$
zhlfn-h1hN`;2JRbWx~r|IniBm8toQgb^PYVYM-@$m6nwAJz#nQ*}3B2MJHNRJj8y5q%X?_fiNv4D<`qyW
zSR(AkKczhnSE3)iiro2c9~Mh{99!Q!u3eZ!@mmkYo|B=KKUEwYdjG8?Mu^R#dI&Jy
z1aF)Q>&and*US^A3-qx$4BIOFJI8Pr3C>&p5T?@&_3dQk-~G)e8nZDMVt4C3Ph!!H
z!maA}PwkZdj1P%F_Ol%HkXunW2)F`}?;o*ykJIn@fUO4&obQaE|5Hdnj}LJCx;ic%
z_~1Z8&X6V#?nfPi4*+%|Yp5HX}Fm3Os`F9)B-S)Xu3L
z5IL~7PVedUGr;g=R)1XE!gQwW3`99OA^f#N2)3IzboWkh?m}oyF5k~3PmLsJQ|6;JS5sfeiHc2`Gs-kxN
z@xwI15NrnjApGTe+m5NOPr-%up8W58G81YRuI4*0SWnHE};
zy>S+VuXQkc^K;bB-#jTUhBTJkP@F)!Hf7hABnIGCU59cQG>S&a}?0V4J%=t{p!|=bAdiD41SL;|t95
zRHg+&e0~Dl57{x#_=3im7I?I{UR|p(NVH$C>DQyFZ+-s7*-fv7Vgc8gK=hm>|PJ;NAoKH{MU6#Z^OF~#p?HB%Cz7N
z;I0qH*pJ;Yid=u3?3_%`aF0zHg)%1JM|azjS-4}fy9w)$92IDiT8iu}%sLz@qIsvU=TjHeYY2wrpb0^mIxMs+Y48=tyfudln;+aqvD=fI=~VBcB;QaB4W;
zn((UTcTPh6G3|HeauD3g8`YpQ!NoXKTlf3(N^ayM#I@E_*=F-rVVK7t?#(xRt1;Id
z(Z(rBv25+AJOAdr=H!b{4g0z29!*Ze99O(5zINra^W43==%gCh+B2ChfXoi~^^NfS
z!D(+gXO}^wXdn@bOuCBfvE|qhW2ZgI`0=>IFqC_f?~zL|wV2&@AE))JO{jf6-0lCga*ngN#TkJuXZ+4cyo*N0ts_90qSvH9S=MH
z;0(K2+js+paxV6?^l~Hrnyt2dBr9>(CB&5$x$!KwmnfZ4lo6ky)!O)EAM;x<
zEUIF~hY$O!6ncofaXd4^=Bj>&ZXK!vjwzeF*Cua>{O|kX6g@eAW328D6#wc=|2+l(
zbs|NMK2uCPRW^+W6rbux&JqrsrvIbpLYfHJjB#s}5g)D~+(*umFgqU;(4tl1fL64u
z(a8V#;U#_KENMV>sKkIiW&Mb4NjsG?O8}~t`a`Y*d=m9O6e%g-7u642C5Qk?UY~#u
zwSzPz9}Wz;_#N0LtV`uHP{bL>uS=H;|!6o8EPP
z?{POkC5o!czhO%py6F7xXrLK9a1|Am#wOW?CfUd)*<}@~0JC3QI3FO^ox!Lq9(UI7
z-}8QT|9-sMqXM9)cc)87Kk)JK$;hZoiUG&KX)vlN(-N>hUt@{oi;_sN`3Y!{H_5)?
z;Dp=QZ}kKKNcc(s;9NbhvC(NT9P4_uD?XZ+81SE!lIt~D_nG;8;T((%L
z)7j>#f6*TO5ym?Nf!{aD0_`ytiV5c%ogc_-ph|>^Uuc0stEEm!j00xdbPWgA-D;&_
zytg;ka-{*N?x~4tj~Cztc$@7E^6>OL>Gzz-`q61Lp1M?PtWvIyRy~L1-2+tN03HG`
zHDi&fcK3U|{?H@OA+cA0*93$hpvLO*>7-Hz0M!F^L!yy5ri)dCk_9lrbCp?2c835)
zmeq0@vKY~$cCN7o|H1Tdc-9DM&lFbH9-*`7>lWUfOZfl~Q$`EgVGo9mP
zcL2a{IQECrxj|^<%qzP?G7%!p8R^Gf9=|=s1W-f`qCKVjwH*8fFO`zaM{)3U#3EqD
zGM|L9UH)xXw%=imI&)^tX@Cc1a=XS#=ka4xP_YeP!Y5K)Fx
zT}X#m;G^kb;95yYg~SCy^W_3%1O~`aaWbZ=5qV(?&mG)u+1PAW1{m54d~xSuXfuyM0F+jP{j3=A`I8(&8=;tw<#1;TnND>c~LAWTm8ot;Mg#C!a7
zQtrUTF#NdBIhcLzG#&GEyV)mt5(Dv!?Bt92c!9|*hVO=3VOhS
zDZad08D)?DBwr!dieOmh*Tl{sX#q3Gi0w;4qB)>wZl%sNchahD
z_7jD??(^meb>Q+KcQwWircKYk>ER)2B|RKXExNb!`kZFZUH#T%%x!j1rajNIf>5N0
z|1yVrlct&lRP(+WT1x$Aaqfm&AHFRGJg?FTz4oLzOAzjru7TzbA?l<&_=cu(`L<}f0JD*7P^*o#-nON^|LEKb
z4QuCc0);=mP#r&5HwWy^vE!e$Pz8F$fp>LS2<+r6%fS3!tbf(>oLubeRh`VbJ^nob
zaQZ*QtjFi*g7l;ep6||pqQ2T;L%E=-71{%%ZxNpXW-{ZiRvV>ndlFqWgk4dhOmb}Pjd3|fm2J~%oin|&_?
zg;shddpq9~`h!hpwPaU=~L^#QdpC&k*;j?=(=`Vj&&
zG+KL}aRF(k@I@KW2lot|Q65X!n_
zHr#E2MV@830PvBg0~23MWH9UI#1j-*
zZd&n1u0&@Gq#YrZC6ouchr@*%gEh
z#>I^yCUVbxpb18kIXe}Qh=8SFqHWraA37B;hZJr#j2cqjprssp-6WR}Ks(3(A^30l
z6U3M(2Uv^yy%mq*KotUKf*?atxHPGS?ze^cfmLMJWuoWrr9WBQ)W)6)2vL8gjPRN@
zbx%RD!6osIN{X}|@clB_iY>pRf44eC{U$7!=)iLy_qPmj@o_5F!pY^
zD;NJ~h=bc$GFQ%Z4iRF$L}{mN9Kgc2wYT3YP-WPWbLJ#asVo#y3Q9O?3oWRZjgv5B
zuu+mPGkNFfNE6FqyBLu1IJv(r$;OLTUdB5)+C6u%maTI}W=`pW
zy{oTvuB(kAB_DX}jKRrl{6v*QoAgFtq_{7k3+Z0XGKv1R^|3EpOVRW0YfPeIo2s#C&ooZ@4phLNcS7d_aNd58oPB-0Lyr1&Tm`|i
zLxzm6MF{4uSEZ(cQ!;ofcdo^sPXXXlTaMf2ioVRcD%1wpTsyO|)bugIg9i;Bcq%7e
zFE9R1@SWPWHb0gt$WK%?^#My1QQO;z`)o)ipNGeB1E>+q&YH83wqpdA4B0&M%zu$X
z3qEU6#%;S>{m8#4e9%5+p>*%@!qM=a_Fu>0$YX<>Y;)4IgW>SnKPs4pJ2?=;h@FkJ}|XtK>LFFhHMVOPFmu-a2`6&?pFmr7=4=2JJhqxqGGq5JctgT5d%iS%qjJA2<_-yajH
z_?=t@y??xpP$gD&K{x_}f{qHfTtG}zRaLd6#v$p(ftS&o#qWCU=^F=ydR#L3U#1QB
z%93d>1IZ~BIKTT^6<&9D8>8=UK>AVX2Y7P2mH!
zy9eho{6BvS08BWKPlO^q0FQ$?Ak|2Ei7y@oPZf4@1zAISVJ_BSA>orig)J+XAEg&=
z%t^?ee)uy_MLYe#I=G~>ST0`c+hBr(ETfYRYy~~X`H(WBWbEN@zGH&y!P}`h)8Yzy
zX$$A|z=-goHyaNd=+VsTZKnxi3y1y=j%}#`k%xKs$)zuWd&x#7!^oS06yYt7I}wy_ci5akv~XWHe{vLct;F^UR$&IS-Tc^NZWX=|RE=
z2@5&u$pJMjWDaIt`RzCn=gdgQ{)4T%D+P(4~6~ikW{VcL4`rX`8M?zAJUv
zaAx6=UX|?qdB)>#43z8<|nvCj^@dq8)WAo>C2S(E#7b7X~!4W
z^qUV0@K#a-H_7CfXCE)yGJxk0Q^83D*^(d&UE25a%Ps!y|I^+ze%IB+>jrIXG)@}Z
zwi?^EZJUj4r?G7|c4OOa?Bwpef5ctuu66V6B-wM$nZ0M`hX=iFL5ph=6L>~85!_Ar+-?GX`oqg5Zl0(U$oCXI$
z+>#i^HyO8!3B%bat8H$lS#^xNXo3aqMRKpY#PnCtxVSh(GaH2FWV$3N-Fq}=kZx-g
z!TUt3dfh^0C_;d^6AtS#Etm@xK$Ly(nT6rm#E(8BZV}c4mHMV~H4$RD(^GETMKyM%
zp)4Y0NqO-5i*?N^zwQeEBJz^>G}_C81REr91u%c2P=u7xG!_Dh-HHiT0a5|Lk72f2Y{2Nu-?-e?Jx8x}MO44b*(V
zS2MjUTqydyQ(qK#2EEp9CtQ&s>3c0lJNR@@HrjXF4MSw#7J`nDe|AI8oiQEVO?5F>
z``CK3be>pNGr@K}Tl>3nbcmJFK)~-?t=J6385&&=bz|GXl9-F%b98u2C#~v^h?{z91h3u$-PdPeo|q1o$c~O+Azo)JeI90i
zB4ZiYklgw2xN`diPp=GrK)-r);FLS<7{lNtmBaKx|$sHlLfU#rLb%yJqW^>(A1>
z4=XjeUgvFe-&sHYG-9W9bb2&esGJtoY5a*`vw6RLxb8EZYGvn8rP02=gSX}uhB%_&
z1QtS0w+GFePOH+DKklmW?KN@Gzy*cl2gXwAddIvaLMCTI??j{b8z=6`;*X=tC{6Ur
z&7j@GLMqkEB_92Mr%uAGx|`g~Z$4TbXFff@4c^@`zsXNe>%Mbd_6JL1c6NMowoolK
zVo=@+6!ou9`KW(cf|9r$-I8IuGoSslOmXk}JR6T@hNeWR{<_NdeY3@r&ax;Hd|H=M
z-(b_|=Vi>vjYV=KFXiO%m@4VVI|Rqx$iYK5e5E8Bb?&REFIz&b$JXAlb!aqWibu2Q
z!>{4tP1Uz{{VAW2+VXnG;GLhC*wFsIO_yt~J5I9}No130hewpDF6e^446
z1o$o@;C#$)VmJM(r_e0e8e;OrWPUFPcU<XDjsS|=#BIO)7s(e$87XVu{d
z(npVFG`Y*^MkObPv|_oHt5*=82R=W<)`#J1vM2%J$iOMv)$zZJqoLj(i1t!aQq2!T
zZ>=tY5b>?zz>|KJu4;w(-GXO~kin%z*LTD(1=T+PMtWyWx!B55R;O(LeODZsdS9onJkaSj
z{b2K@J>jwOil$BjRuhlw{7M(Ttl8VWXUDl-kC5r43vd#6i|z11Lz@�K{t@LyQ)7
zF5lbTGltCxCH1TL?8Yk#FERYs;@CQX6N>T`!hbW54+n
z;$pHp{|$AYdipZ+Ze8tqlgT8LZy^xCuvsmf)R=z=2#23_$&xGIH1mWG=RrMC{C--D
z5oIe;^506yV5wU5{rBDRK-$~1CVb-G^Go@Z+uL<2pJ}vyLbm{8rFs=C5mZ{OcIV13
ze@aqG!_7!H7<@cOqlxR0aa|os4dH#TtlIM$nQyDb>*M
za1&eTmb=#roi91?XN%>|j%y#Me~S!ax*`^AZM5#fV9Q4tUtR3%mKaXCe1fJK7NjvU};{rE9*U;iHSu=t<~!_B7R)H*O)D@(z&Y452sVi;_nXinysfZ
z3v&u_pKUbgueLQ_8%;I2JaoOEYqC|~aQQrDb~;!u?_KRjp!H59?k^^lr=fSu^RVI*
zw*dET&Hj;my_b@5@9vUKmmwB%2h8-xc(m`0^PStpN#iCjo?^FxJKpw%hWDmkhk2ZG
zW8midGUeWB6rYrk69LxRXocBz4I3ssCF+Rl%4>J-
zyH!`(zt$J}tt{0x|8H^f9fi)2TVPyG%5fiB?F_zEIO$%M+}78cdw+x48|^mM!ug>@
zyz~a&E~|Jn<}ReMDL@B`4Ff&?;(%$xusE@EaWr{xrclJQ-OG$FI9rrJb}T``!9pL@
z$|r>ny{FDLc%Y#LQIE9jq2OQ@c|EEq{=|vZ?&WSx)iD>i!mYHJ_rt$hY#4p&HJjG4
zo(6wP#D}U5&k~JxwosErB1bCed&X33#P3cfuEe>Y)~8MRxL%oCILx`WA?tF0>@*)q
zpR1IUK_U-Mrco&Iy2`hN3lZ34r6G`0&dH|9And4KZ)EE|*`K&5hD`iR__Pxua8A~j
z%U`ubl?8?eakXBpUEX(NYMJSF*egUvMn-z4k=?bi5zc=_k;;`4Q+(J*9O|De=U7Ai
zw_O_MZuqvua`)SKked({e!nIpDqG(-%%^_cZj0Zv^z3RAG68TWv$X?W(`vji<3N?F8z3
zO`M-^=b_jCvv-K}HZ8kYOxRM<#*9Qbu~L^zigBiyHw-ujxbh
z=rqP@Qa2xO3ALlrNzAhQTa~#_{F^Q6S^sV(`WXc`aB5>t0uu{r2Nn6WUtQh2rr(ap
zE{29gjchRvHi>{@3N63%dHQ|~5ql--2hK9vC0_{-Bg5hvN4<$YamiQw2}MVvEB89|
zuo%NN`hSrb{bn&5p_0P%KiDp6QLAgL_Ywa|as<4CW6;QpilAfKtaRtFwhS{qAA#DQncl
z&B-;*sv4pkZ28X`Wzn)2L8`B`oRrCV4G0mZ7+Fp(4)8EBJt#lqVg4ZDA(^w&!Ug6M
z_YL*0QI|Vo@M5tfqO+9MZY$>Vzt3~Ict77%YrOVL>C`FuAB3YvbrKZia9do*p@XXq
zjuzVI)cjgfF>^MFIurMM|M)4&sjEAn+mNB#;>$M7yi%@rGQVP`&CboJApTG$OfVl#
zYNDjn@U8Tq8VBCK!+a0(!+yUh>*M7%BLCezL#dKGSMQxM7)B=RfhMKsy!^@73-={8PFapFp
zuXl`TuqdnGAmEL89+D2EnPqV~aRhDKvoc3@jTTPypLD~9*GUH%T(;Sb`9$;>VPS)B
zcfZrtC09xqiAb5E(QSPYqCNUdBk%S47J27QXfN@^MEe{BzY#tqBvZhnSX&>5pv$9k
zrCrqz4cDb`K&og0v%pw>J3JxuAcqNz@
zK|~>Ba*(7S>F01%wz2wJV4EW=5Y0MiYRm?A)`iu>
z5>Jn*dM)hBroGp{O<}H|C#~mO+i;!;B^7E+0-9izj5LR~?`r*Zj4^rJ+c|HqRJV%+
zHqD|Dv04zb*x*9akH&@;vt5A_N>Vl|VFP40Q1!lwc^zEKoTez$y*C84r&kONKk{S;
zi47>yp@^jnq!zp=RPJ$J)}>q^)92mlT5{B+tp+zoOf=%_-~>bhoerwihyJa2-@5%S
zOL}g$EJW+AQwm%RtvmeXGt;=*Tnvl-8Ze8_ER|xryzv;NZ*}pTt#1y`Lg*p(j-_$1
z8qK;1?CbnVCq!Mm=g}?46zqj!_6dd;ckWcFWC}K%N4Y|n!I>5Rrmd6t)JDMa*Ftf@
zmtUe)hdu{%l!oT4S3q7KZa?z4!{T15hSY$XstAPcez4D}A_~3}U4e){-A`+R7*G4+
zB*OljIba%Q(pJu1PMjD^YPa}+8S8|Aa9xW17NJTq`QE$nydWfca_ftdG|w|6i#nNL
zy7u8gmWqvn)R3al#R6K`EGi)28Ixn7*i1?}PW^UsDn<{LA(@3Ww+}b5#wVa7L!Z>>
z2@N331FiH|SGj-@EVrMfrM$j5nSq634GN_MYir1mEK;f#DW79mM1(+=O!O7+hodXR
z#i^fQLXr-92bFmPo$|4~KH6Ms`B(+`AX47+e^nLQhqxW9n*(`X?7qwB@dkJKiT~abXqbsWn67a*DZv&MI%z
z^4uy`P$HkE7IpKF&{44z8kI(p8_Vn8b*c^ANy6{VXB8B0lrVi>J@D`AV3|~Hijek7
zLsa(T2kcBoP+vs!jc*F`gDq3&#;76C3T5CxWi{K}
zSNnSSAs@<{Hw*mHBEI)YgZE3J2kcZ&IUxJX-Bu})9&fMW+4D56E(0Am{l1ViozVjE
zgs!Ip?AcueEM_x>DKbjWqGComQpe`_EM45$=0m??54(eX!x1I5EDTQbl>_`@>@pO!
zI?z?NsPiq~{&*4#OAnB~lggXG%8f59odG
z+UPd15|N+OrSbmcjhs@Fk%>BmIgl{>OX!H8M^;ilv=ldj{D5hC?9MmP^6qnFjR8U{Fupj3SYC~>5_EJ=<~1o_FCLW58&r+!wRN=x!G$K%|k
zeFx@@IHN<+pddUUq({VuSfpDlo{MGRzvfva+nqaKTFxgm6Sq0Yj3_m9>(t0$nx3#+
zIMS9(ze6`%%-r-%(bpPUh{*2hcSP6Y%jRUi9?o%-xp)}-jgxZytW!NNrHY@x3}4iY{f
ziw1V8zo<%caCyQPp(fGoaXMLI>np`y1bjO4eTeXEgABtc
zgzVmK-hID+rfa#C$3C@!7!X8517%EMGbh$tYj@mzzKZ!~-x7r)oVwdDjDe{irG+`G
zoJQDea30c^jxn)Y0Ta4MFE{1S5zUkb8Q>gq=lNhfd1US85EhjBAwZQqocfoI(-A63
zx7{)24qR%-Fg&xK!N>kk_Hn>wsr_TCv_2ENRHH4ZZZ8OreQ28@AsR_RM!|l#S}RVl
z%mAo>jGXNbgz;Fs5B85_s)qS)2@go!*uKdwp#(wJYpR)raPEdWP`jBuOgb^34*C<)
zqM9ic#@Dg*Vd_SYIm$(ifVgZuzqcBO1b8u5%QabXQ
zR%`7yk18C%lH|_1qAz(XH2fgZ^dbYDdV|wQ@qYqEuLm)(?(z_TUGuqj0hA0$<
zzr*CgZqZ(P`~5_FOxHxKnXewnj(p<#Sl3g_Y}q9ua4_?diu8`oZvPU6g|(*L>U=oT
zqK;O4Ot;xK5VJir-4~U><4p?x;AJ-eDhMG$)%E1a5ZEGmGnn&wE7?2?^2~K0ZYXPRhVAo*N3=5HAZcaonRUE{E8L(8ogddERV`?j*8L}%=%HO`o*Y?F=
z@9W7L)5VF8AKJbm$eM7gA#69bEY0*0K{uXn>
zeQ0d48lV)r9jW~GNn-VEp^lC+eUwQpVW9^
zw|1^WT6j$XUD!{PgPkw3+HHTNVb`=mpkR~0T-i!3Oz*F3)LM~~?M3fTdO=I_#37}`
zw7Rh^%awR3g1<;a@i(?jo{Zy1-tRUW7!?0
zCsp+Rh$MSQh0mQ`GCtKcvq5_e&amfEXWGva&+@=VGxQFTDh3um
z#ucKsTEi^y=JMnWdga@g9o*s#|RjOCITyx33gbc4ZY*Oa52Ut
z^I2H&+olDxBDFtf9Xq}IU<(pDx+0>&7gp*U6KpWEsj3>SOyrD>Xhput!qaY?E*vmI
z?u++sWGtM+U!1R%s1nRMvchN*mL!cX20Br^KMAis#^Y*_({kYviCNy(e^iK21Wrsw
z%M1fumElMzE>aA;8ZKt1nZ>n#!HvZ6YPwu!N`r6BLO6B~PK;VY
za_=IWsau9+EqmottwwQU?7J!&C^ZAYXuRmMc`KBKk{DROJFpS;Iyoanv#DtGDW{vhvoW;q<0Xx4iMM`T`bUOssg}238J#~M*R+Rz+
z3Ejq3(o0OXI{iMpJZ;gwgz7?Estm(7)PbR{oZaEL%AXq*xY!HEE`RVx+?6ov!24?+
zBq1KK%kR@4XdIsocL!0!dIzhF1DbX*0y^4;rk*R!8%GDO5BGUKCKGMTlPSCG-b`d&
z*&Iw|nh%%4*vMq`Lldb)2o}qhddR`2^nfkmTF^d1^4skYfqP=Ox)yT!K)I4T!CN?~F4nckl>
zNC*~kcN}hvDhWK%H*KP@?a-t@WJwMFWz5eS%
zi0V*ywFhu$fc7dI&nkc#YB0Ondsb0YsMKn$6K{<#>Sv~dKkI8kR>W%@?1$-4>*`p`
zs@xAT*Ri^~Ue#-wj2c~Q3i9@pn!Q1x%;v+7ka$&^)NUXAwWm-&_3dtVhG8cE9-Pi_
zI2rq-vEuCP+@sk>#=e+V$7EAnn_SlHAQH1SI|3{(HOU7pCmpD&h)Y^YE%IIQeSJtayUVTBCD?&T$CKl}PR*0+
zc4;n+b8Z(jQ0N|yE6nLhry7ss`lT{y8m%A
zgQj+D$|XrftBhL|gVHwRB;hX$D3ix}uzbfJC)FSO=izzHcG{I;rC`-5^87DUeVE0f
zU1i?>EHXzm;AiLG&-qk-i$q0Y(i8|M)k!16
zORIB}uzmg&9`yd6YElax8paX;Z#u*ulUJRMot7{aPzLa~2@=q+_+0t_7Rb|odwFnm
zs8gY>Tkt3@&m)ZjI5ANEqDb=1LPXIzowXlJSAZ(C1N_qT^t1=I84S+J_I57?!|6F#
zMl}a+K`84e`?L_9T&PqU6Sc{=bs`#lAlmp@rFWb
z;A_>ee4=YBMGJX8(Y2pYTbi(@L=pg9+XT=bN-FP48bm+QwVzO1lIi5SPjv0VC!n?w
zFX{dhw@dN~wIyCrNd83EV*Llg{yl^DIr1meHd$D6^b^pl3AEk;T)5K8CvG?SvvnJ9
zCaM1UmX^Sww4xCs;rTgoJn%x}|KyihbyG(nl~U{SYF&nwW7kpM#HhaXI{j4pEn_sT0IrG2gLq8
zfK)CZ9oYpm%|%6ri1Wo`3391EnLf&{OESg*fq@BTQf6jmuYY4>V}TT%Oe|OA>UVyA
zq!+9s3?wAISLCHko6Xg3L<~VJIB++_{fGocM83GZ9Q}^T73BTYR0lNZ8>v&vn$4yS
z&Q}@%lHe5P116)45d*Noy?%f`
zc$NI`L4Pm^-nZLX6fzk=!Hh2$8V!rV0DSLsdz-;(iC&C}lk*wS%+K+<4r^{^W5&Y6
z<29f81k3J?rNqb`T>=O+fE!5QD?xm--tOuOprn;b6#ztGpvZ{VXd(pwtmN`~v@4QI
zQ_~}92E^gxKLEV0wzjr-`BK_jIe7XHodCZP;7Lt~O%i4X0WsN$P4DjJv&UvOlLMrj
z0Z!s8Ak*t&Z{Hg#&Ww5w2tV(BQXK2+nF6)}I$#|Bc00f@>~m#@goB0M%gB0GE>|%g
zPnB=g=XsP*u$Il{ZgsygA=ZV?Vlsu_gh8hsPG_Ntvs|o_4g+>3PPc!005=ohXa)iP
z6K(D7yH$Xf05Ao^TI|g5*iVf3pR);gibTfn1OJZdj|~1305c~oKLCyx%2E&zp&Ol^
zmZe)NUJDiKzn?HT%2cbXAW=U8zQSCucep#!$N;+=l7srs0n_K(V}MJm2tGFVmDQ^6%*wACApW`91y5<0|?D)Q~y*powM#r@yia1~$
z`%nau(7hh$g=_9|9b-=EaGiaDO+t)JYA-%hkc|ZkHG4JobZTH)tQy0LH9fc^p0krm~XDHJRg~V?dru?hOwIXNY
zMRLz}r*imm)|TSf=w!u7AX9$<={zYY$+VQ9pLYR33x>yGM;rnkp7CDk`%yTu=@P2-
z7W>}-0|1yHf7#V0>#=X0;_760VS#yPya03`4o!)5O3!L{-sr*lP+h~#&XnJw%D5M9?uXc=0B3iYfSdE74+hds;5klm`kRgzUfgM<3J5c%Pl
zg{RjKk~)xc{PdG>qz_L6e$DTQ$PXX2GRiEEFX1^*pm|$lGkFt{b{o}$X`0Dkxlmz~
zGSvkU2~$i4I;;;^3)xJrWDMs86mcL+jL+hv8juDO`3ZS{!zU9-J%A*DK%K@xOm9hn
z_)FLQI)f8wKR*1o%z8jlz4
zmz-MOr&%t*)&1GS33$g|C&APgyriJ-t;WL1hi>Ebiq=|nMk9cl{$RVrAgQ^CqtT(;
zx<~WavsDw1MfhzO_vAvr7Y#i}ynoXOt_RY4a#V?-gk)Jb7XgM1@rZ~N-BY|TI9~sH
z&Asw>07>BLSCQ~msVJW>08t^m|8Cj!JQUxDK*l1)fg7&x?eU8BrCpz-q`n;D4qe&mN3%uICnh48Y&)6>4?WY<>3lyyc
z8{+xCUP1pIlQ^uP&cVv@zF!8mr||TY37_RUV?esTQ$*fR&`E+4KFFuq7L^X^&X-hrv5TJ!<2d97aldu;AWl2Z(0Uf|0
z*Vvgg0!IYZVBd=s!eSXAeP#s_Q)`%E1Jv;wp*f=dP?0i`f+92OlOUZQSFGX34@NBC
zDJzo*9~YJ|LV(C6whaOqm!hbF+EB^g#vqBh0^Db!814YC+U$HOPQHgVN8lvr$@3`V
zCo9tVFqq@!Rh|O-IN2(q{WOcHEs!8K2SwiDC>PFxZ%MMVSi1F4!My~&i^5SD=Irt#
zGY$wsL~`}xZ3g{zhy%IVt43lw6uk8x-;p3kej)B0OfW^+_G{`*BqncGo3&y1SV$%O
zqGEu{Ul_%)jp}cqlm`D}CGh*(Kh+8~0pnJ{wV+h&yx;jW8f+3RAyN+uQafsjs;Y(X
ze0I7J=~qKl(k$`B4`ahr4oA|)FUEp)4n+lq-_}ICJjfYDEa_e=is9Q-Sp_$;7Ds&zGu~id^?bhd)$x-1n1qql&U}
z%LW+-ED{BH$54=nC$g>
z|B6f#3-@FN>8F&g%RXYcWFn3q=19WK<$jRmdrN#QCFT)d`0xV@BbdkH_}2q=M{FyR
zaMZKO4AEVSD(*eOvPd8ehzZKW-mYa!`JJNmd7q@cr_(oDF--VeS>dpOgLGkj+PpCL
z!==d%F{h^nwi<@t65wF92t6!4J8L29mWzJTWXQe2w@{MF!ejpnmAjat;}HhF{#!G%
z>^sOPx+hk8S{J?|wgbJQzEnxy$yKHvSttsA3U$rx5l-=mpdWO6qc&V&8!7$#i$lW>
z^4|wK$Fk;#cW;6%vMGkisqV|6Aoo#~Je53z#(4=HYHz<(T6xa3Q!$b-ftHrb_MzYe
z;ht{l?xYd@y2F))ArTqW?=o`GYBBozPTtmv0^B8~>Duij`l
zCp`QFmk0qn${nw%-cVdl0h)ggv*?%2E8GK>4!i9?nP0588y7d^
zrK3EYXEcbz!*f9VY!lQnN1U2iol}Een(ZbndZe@IHW=*BZwx6GLgOOB`IRyDk)eB^
z(TD)kWQ;T@oE=q-ga^AN;`K(qt{HbLj;c0TYSC}^j;0mU`q%eqzlF|tQvAMeptB$#
z*e87NkAXt8x+GUtONyZ2d{Q0mlN^VM=?JJaIIe5oHxq_|NEvucSQF#C*Ayug3Su^01ry8lA?85Zg-L>C6b
z7R*4mm|dP%2oISkYX;$8)+dw`OY|Ucb_zt|s|-c!%`Q%x(-%|_6vb|Bz!EcK7jb4%k;J
zKxjlpvw4wh3Zk=V*$$bN;gaSrR@2!3fkJx{z3#lIouciM_DVa+xz%-=7|wG)*$^us
z&j%!j5*b;*VNcibF94hbuqI0mRkBJO*Ps>Gb%aggL?7h4n^SBALY>S#$$z^sd|0FG
zq+5xRHKQO=#U_o8s?x&*oK*HYw<2=U=lKz|61&*K&Esaj=(LT!P*B)27fKK_G(U}V
z0Ee13#dk{TdgC#4Wj_U3=*>A4icNt3<1OxW&;HVthI_kBRh8T
z%qQR;7lKTvfPCY?8MBdXj_CI9u|tvzF15y?%zgugJRw5r^pMcvwVp~cPvqrK8>IGK
zuEclWi(}5-v5rgUJ{e5O)bd!zWHQm~RCXe^8OPxk9GRfr5sg(lwp(_s!9euQy)`(d^x
zcvD&A4!X%_X`#r5ZPTm%IYkHUq{TcjwlK9|eGdqE9ln&I9HPZvWDLnd7<5*(olp*x
zbV}yhuUa?%(6!jFTjeT3(gpMHMfxX+3L5SB4d3DqQdxo!hXoV~@&U_sCMTz!&{y2)
z62?}w@et;WFo5VRq_Nj#Ye!5-hG#IND=jLczk{OiQ>zZc15J(eOCobRq`}AA!w@`S
zMtq1s5cwZ%0A9`xy;!zi?kjJnvY(l10)Lp}+qJ5{9qs;X0Xlk4C=giAUjw*3HjAx`
z&3@Oi1Hoe9xhkc6s=+9_>ckuO-y;`BD^5t1t`l=49&*1qke5azmfj$SJ4Kf;c?W6{
zgWvZkFEG4O?!D30zM)f3;iO#HNM%W9=W+tI5bCkw`X@SuWv&q^rCDZuuPm?AQJX20
zUxEC30NiM?=_kNep$M4@SfFl`
ziu^VYfn*K&8PP~y6Ku*g+4K?QiueNU6tJj`G`d}xkRky>QaT1|btSQrL@kIcWR)bn
z_dvKSEi~e0@UoTKkgD;@(%0V|1&0^V1`KWIfeiA#S_`SNUbL4q{QmZ-i>DHQ5%peJ1I8z<++2}O!Opm
z9|YE|-bC#XARb|Z@Iin=g9&XCNge-@;79~F0y{;MPn;voteWt==u4ecOC0DUekiOD
z5(Ss|naU-5?Ds;+^Ci4FPv-lKpozF$M_$1!U3NUmimC!}Ep6i=W*v<8`_m!ttTTd2
z7b~&K?yeTh5--t_G0du);K0hTOY@MuW)Lf$9B{iC+!NBdA_%^0D_XJTa9wsJ9E}p(
zZv`SC=O@?-EuRl?^xG5A69Bs)2I=wDHyjJbl$alJ(g$^2FH4gNcSTOEsuE4(HHEQf
z=+tVlB9DNVW`gp1%o+usk4Y>ATs9XIIMUy<7R52Z@-{TF9w(*!j<+U|6@q0U0rJ>7
z?kmrkF3x5&-bCRQl;1&)l;)r*b8+XuR_CQMx8?l(dIwTGMsyrzN{0+%Av)IsyNM7{
zrUC%1EakH4e!Fjoty}e!qLBFts`&GZp;A*ETeHNz+{5pBA(#6wbs~-*{NR0>ww?3n
z8Dxm-ghHZS$#LPGKR1kR@uH=HteN7%lnkeJ$$um`?K26(@qit`3QWbgjqoPrc5z*>
z%LY>lSBgD*Q771s>X#DUAKfzaA{yh$7$j41OjakwXjxT1egBI1_xFjIpW
zcIwQ&x6?ZUR7uR(x7HxV=D9iB5$oa?6RCqQ--Ys)M+n8m#h$T+3c`G2n>kw-fX|$AftJp|2%YGE>1uqM>uf0;aL~6OTV(up`cp@j*Su9_{zB%@RqYp?w3%QF9O5|X
z-hW=yytI&k7{pr84^r^b2qIY;2CbsX!n=e-9q&VQM(*oageDNe^xO(;0on`wfd41C
zmF1S4Yh!)WdebWI-f_13L7I6p?=XSAH4sxYfPr`sD#hsk-r1k4Ns*;mtI-F$ytUG=
zc3ZY@2g({|n4ld_YQm3@DjiiGdvXzpmP8~G@tZEdGB|=glevhOD%?BA!JM`;0
z`L5txVfp}Ve4hBIU>5tBc~Ku<1H~hyoC^L?b6_a0zcn0ZM=3l*BA6=7IU3skS9Zy3
zCycD0ak+aej{;n*M>bBa5ppLnTYbs+;XI!N2p~luLE@Yl^%t<_YkM!-mdUsRX;cA~CkRFs;MMeIuE
zvt2jb9gLhJLdOLtNJIsRtpPND5Rr~BbKZbRD~Ht~=5dL%^HG;X1kOl^bn%WY@Bl;-
zf}Y{0<^^0|p#;pL!jsTT2ouK0i@q5h#}yEbj**YXj9QQWObi;eS~j&b=pD*d;29Cm
zq?Iy`xF%RDfX(P0{7i2m(Lvq(ehMeAk{Z2QK!!q~w%jc~(9BMzWQV
zq1MbgqsEaWDKd;tu*~8`tsqw$O}@3@1gbD3lt~dN2?skV=4xOvEFAXPvcM|y=kJ8v
zf}j?F3uidV5^wW-b9o|!R>H0$U;-b}&%EtN&HDKp`-Ufwt6IUJXyr;gQ>)n~3jll=
z2k6!riI;_*^+adijbup7yZP3?U<8}*z0v%^8}jcdA>el{W@S$<(S}P$DyKOV%NBU>
z7d#2?sE6McPB%;w*{?OVTdX4Ieki(-B;6FGR@QU_8X0K{WWLt7u)ycSLed-DqM^kT
z-)Y7wp0+>zcD{czPHdt|W(f3Xz{Rh38y9uB2y74Ha52LBvA{L@iKD^%4~YEWP@|O|
zi{-(gn@xZ#0uy_}_aTh_gg??#-1XHl1F?(%Aurry^wc+HRV`~B?awIy_Er8|r(BD~
zcU1HKT&QzlE0v&w-=$K)R4SR_k{Q!3WghbkU2KP~q&g82u1
zVIx&>Yh6e$0;A#0McR^^O~RMWb7YTBODSl{W`_sf$%TMmO#}2;L$%C;&|AuV7t~LzrZD*U0Z$mX0~fZK<@y#
z)GcZ1dObom*0{ir@|x-vjS*VJvb5;viTofguP}bXd;tBM0a(20F@6mK;n+9e-$7?z
z-#n3~;`ZcVwyt{4kAWI5`&B;*(1Ov_Qow-#X4vcpf$!fY>(#`s@hb*<9T=iXLbKh!
zJbZu-;-+PFC*%hJoL~5m9%lu{oy(Kk4ULvL-@vjYgu5mX$q=f^uw!8jXEK#N5ykBCp!`lY&m|($I
z!u={F0m07(Yt>Gz!eO8g**MbO9*mRzjx?XB3K>LJO4A3JipG|9&>?NjE$Et8l
zxqtZr1}!cupyUq;$)+%l<6PFY3-M`VoBZ(c-kkTu`tq%&5hop~wzrrJX!D%{ZJVNy
zEQG^XdDY&%`2hifzs%qmWG$mFVpfd=8~AiV4VWqcgf7_>fM$lK4A48hxmD8
z>j!Z72W_kQHNxRk-O8t}nR04k1qcku
zItCZ;Y9*TA&TKWuu7VDDF)B>J-XP^ypuli{4g{QsN$uTR%2ejUC`vn*9`>lffh
N{HKg?m7re0{{UtL-sk`T

literal 0
HcmV?d00001

diff --git a/main/img/bpfman_library.png b/main/img/bpfman_library.png
new file mode 100644
index 0000000000000000000000000000000000000000..a4109ab86c3ba6ac8c55948c1193e3ebadf27d26
GIT binary patch
literal 21913
zcmeFZV{~Of*9I8d?ARUKw!358bZpzUZKFH3-Lb8X?T&5DO}`&ze$HC+W7e8UR&q~O
z?NivNPSx}5z3YZ6$Vno?;lhD{fFMdsi7A1AfF1$=IAFklIivk=Jirf7M&pNu(J)s5I03$Y<1w_gX3#gXH85syv$p#b0O51v0bW`gJLwaCv%hkZOO**zlH@IAme8VBQpaNFM0pf4j}vAy}dE*0i^`^9t^=3beQ1HMh5;$Uqg9Z7$q7bjpcQNNxECg!;_WlJX{+LYL)MAow`P!S`bzzH&<
zk5P&YoG*E{z^S&-j9UDT1{NgbAmnG}>hMMU7#uiv{^9{A&z*IDX%|o~4j(uTv+*V3
zpFbzna|m$0dE?n1GXmwvp@B1(GE}iZ;B&fm0;j0v|GlP&Nw)AVT@FWBXUW_XXn~C;
zo(wB>-D3FjyoF}B`Y6luR?Dw{U8$7M|L#2x4k6Oldz+W~N4!XqN6*=)q08&N#^q@I
zM18V=g}G9pvNPKHU{3M@fsj{{?P8!l^dxo4#fwn&-X2%tH1$?n3r&i}lpJEuHVj
zzDNi>4kMltU4%;D2UcrvzEgvDS1%MyW<3i8>gQ`8sJIyu49X|Cs_@*0NQm%6Y?kkf
zd0RJ}-p_KGtiQc!EhC+jT(;d$Uo7r60tI4oLxO@e3R!IxdgjWVU{Tq<-V?6RgLS%I
zYEJ$v6OoV*2CwnVmz$edL@c$-=hAO9waeE_L^hw@x?hj;eLpr)rB$WZ_*QD?@rN9!
zZ1!*t@a(gtg4Y*UTMKqGLnEUGyFoLkT_UC1bZM56{41|+d
zjT%-POy0vqc~flo(g&Cir!Ft~R~NL}y`b(mY}R+R{XTxB8&>P^v0Kk@6w>@vOoaLE
z{-M9SZOBO|@cd3j9w6?84BK({cjTaN2*dp0igt0DeEK{rEUc(+=(+1#r8lhvv(`px0^)gi~G*JH~@H|jErY1xloR7!+xcCEXQ)Q(VhrMjJTgsxd!-luh(
z0wCEZ^Us86EVeiI`KeW>Y4^5phGc(&542m(68Y=3=V&k|wYuidbEWfn8^uQj7o}>C
zKUd%9n&?8Kic;@fL7mn!D~7|@u&TKh@5mpo^Z|YF-1>mjZ|MYTR@~MZD+nZwc+Hlo
z#gC^WqJ!_nRxAb=_s)#D{36^8?(mWaCg5!xT+T+Ekp=58ux@V_z2l9T<(z(9b?SW*
z^Kf)o+)yN>SFsnHYUjL`Ig@Cy%Z}|af9I}mYdefbJ;MRd^H^X_YHF54v21Kik2t9I
z`;#3l8CP2aW0ns@lSH%CF{U^LM}TID?DxLvO<%wg_e0b>f2?-v4^rQp(vJ3laRJvk
z4p!yF?76Q2J7ie7{s9xKM0~!|(>6iBUv8iN2Bd3PKmGU#&{40MmiI8z*+{ZMi-~*k+|-w>;spc8M8|aEl`I7g5nsU63D5f0CIK`M
z!?-n)L7!?+A=;#+7wh%@%G^=dXu$Pa{gxBBfBo2Fy@@R^(CG_*&aHN?ggfnh#4f65
z;yGly86dPXF+qR%H?2=vCfukgoj|8+r!jGk0n7y_Ns@cv-cO#tP<=5TKE*kQX?}Qm
znm<;y!+{V0ADB0kp~HN+HnHj{pX+%&`qBDvVk_vQck5^}LPw!+OU4vwJy`7HQ#)uf
z(Z6`WxCtRuyEnrG)^NT+wMDH|@c90gX^<@FQ|V!66=s)3K{FT<6tp$71b9M+$C7Lh
zA#ASFrc?U8w#8iEOw_Jk?_)U-CFuLE;)MYFE!AbK5+liH6QX#xcqRJc*zfUSU+iq`3-
z_w_d#P^Z_)#Nz$6d?Xc=7=ULc0x4(=|F-?aWN_-RIi$bYrh8?BP&G~Pm(B82`9nDz
zEL>c$l{TM&itU%
zCBy4EZ65qah@v7sws%NbT~5oP@(3-(W_1R;qkS#8b2I?+b^NuC2I7Sr;8n(GmC}_?Fylv
zXg$LI0-TJ7+-sdfHEG|iR@x4?a=vGHVA81k0q1i7t$*Ch1K
z^DYNG?hXkSkzT!EtC{H4QhRBj)I2#NjNj?q0ZKMj%Zz^
z(grgZ!`N$VCg6p%urVz4Du+i~rhwmT_qgZ;W&JW=>lXY=yxRx#0X)*4#7n76Xrqa}
z{6f$bl&@nM++%+PHJXB@)HJo3NO0Zr{5l}(+$*=WmB1i+
zqF@Y!z{HL~oNMU>Qd{)?PVY9C0omSMA!BHAo>6`IIu8xsR_;cU$X^U!^?PWA8Clu0~SkU@CKxF4}i6AP&&x+;%Sr-|n6PrM
zOCzibZVYw0;1gCb+98DK@)xd~H5Ownty+vKOb96n1=!cy#pkIJO)M1t6G`#fG#be8VN
zAuW345sM?yfB$MtzEZj2kI!1d-vA!Lljl=l87Z?5zwBgos!<3yko!I+nyA88o-3da
zV)d1ZB7|qzp!It{yK7-d0iTFNt^CW10((x92-QU{YFdle#4?`O?FllzzItQTZEC%o
za+L!))8*8%;b7IOFW@RAT1w%krLNh&nhZi?75fW<8r-+%U1h-!!bH=r9r!dPIY3Gh
zL#Yrh4Hd1}QjkO0#mn-t*0NTqika5S?ZU2ikzOp>u_?sUZmL<`U7d@r>|{h(!h^%^
zZmva25zc@mV`eYzGgIM9~DQpjCo8^2}km=c>p1u5-Fx=RDe?8JioU
z+4ej|K{X)4I?}CigL%$xgF0(gOiN7TDcg?iHjZHSQYBS6n`Fx}0!m-2dst%@~6c_HB&+8*nSV##302X>KOUv8!}=fSUu{
zjKh>n{VyHj7ietCY_42
zpWXc=Ac<`BWvXiU!iq>$X@OuO!7vOGqWrAq!Eh^Wk!?J?SjaZ&=lqV7
z7iXTHcqc14#(5PMo9Q=FzFTYJb1J2EMo~&uq@zK-f^;K49pTiE;d#X8yg=}fa=W0?
zGYa^;uHbBLyWcfDZW@L$u?T(kb}*MX!08#ZiFHxcO(ArCdqXD#VB4(wYY_2T(t6_I
z9l;?ZJm)F>jUC9&lcrr%4QCrAvnbZRBM~~Wan^r%Jqnb3un9!^1@o>(8J1|*=913DhNP`x#SUi}pNrb|C=(>bll!Spq(doLMS
zzaq5QJ)<-rBOQ&1Pog4)b{EI3lPlkC_hY>9VTppa
zYOMn~88$jJYQya>RYH%`^0;&67PtNWkKCjBm#H*tEUeD6N9r_D^dCB!u{nO#@B;L<
zf?gGZX5`~0q|5>!)}g!OLRVB6CKU*ymusv`C$96z4m*XpqqZ_Cvn
z%+@Oz+=NN><-Reo>AZA7-1IZdt}q@4775iThz)4qJM7pz-(J17Bjaz@h^s@Wm8ex)
zzs<7aHK0Bm6y9sBE=_3HBEy?{f!9!l*icIoan9-;@w@Kp6!SrD+iEp-7dj3dvspY0
ze(Vd*slgUf;joyj)H_F0(Qid>Zm`PdRl`-UjY1{@;lFC333{AoZl-$C_^vH`R-&bF
zT4TjxL%v&qt}4lv_d}=nN<+dkDn|R$uziKa_7ldJ$7^R0tQxY_=7@5h57&!Yoed^?
z41@yxt4@PO0esJ<@-ude?Yaf_^8LvSacV>B*jaQ>Cy_i^m!a(&EY1oQ9cEAjbRtbA
zTGdgE;gf}iGsmvQ0~7NaH(e$t5Ck|f3KiI#E_Y2Y^VwqdRenP>Fx}ri;C(}8(qAph
z`AsK<>s6~N?qNc&piL#Az3}?;4aE1_5Ni7Tjd!8PsL&{d
z(7I*YTdkm27n2l385V~=-~N}(-qdP~!xM6D7u`}_ew^$%W`3v)PrKnlCU>B7xR?8=
z)8B2y=}M6q5o-&z@A_61W|+d%@Bj+Z0;?V{CP`RjeMoPA)$*9G6mFn@dNRf?>UvPxFf|(AAhicB
za#QK7Z3u%gzOIi9N1KIBDMvAkT}f#N7xn7>20J!}AKQ8z@&F+TGGLQF+2j|Kbso3n
zYHgyA?WR7S;t*?w5;RkPA>E!L5m+rk@iWa_c|s-2l8+Y=aT~&<^qGWp>O?k3OcMlH
z6s3?i2jS1lDH>4;^LY5V_$}wX;bch}YQBdHEo{OX$r=Y&hv*_P1!`u(9`K&!g9hWC2Mf?EYX_@dF#;KZIg2A#5B7)W?&3pl>za!S4io}XQ4mzLNnJjx%WH7FGM%p&s?yJ!}-S1M8
zLX6m9z#^{8z$OvKYW;pCBZp|~B6$l?mQ*+d6eD)B>0Jonx$W||Ko}Ag>1sIP5s&;Zf4>AWN~T;$x1Zjem!)%
z@?^C`=>6lkjkXy(~tj0pWMdYpX-I7*g6FcSn;=uf3q@R77-RF1~(HGL_b6K6l*P
zH_zJN3~3??80@aQO>%b@2NUtywLnt{_y?{5d5sfmo_M05W}c)3r6jZ#?vM75IK!{2
zl|ym@H@?~H0`&&|y|FBo9!X%$-oXJ_7Lup6UV*4;(qH$Oy_Jfa2{56|x
z=yj@M23JhXvr)gDtxZ0$F7xIoDcAw{y5WG&+ST^0HU)G5pT{PrLlmjM*Nw0Lu1cGG
z_vIDU3DM;*Gv5IV9BD`kBX~X{Q`)rSw3w(US&hWEZ{J8p4fM>Cc%n6gA6S054#SV;
zP}hT3Ft4>b?{A!yGZoFbF8MM=93*rxxiKzqq-T-Ivx`4RrPo#H@HsC%J{{5LV;M8i
z2;OY=41;M%#7ls8VauIX=yr8N(L6h1rctV{C2{imPA2355>=>4*0On2%c#bnpb!Y{
z;tE9~_8k$CKg?5BFrZ@zA>sA5qXukKJsO3Rg!`>$i$kReV6xVHZXqh_NBG;hjOxU7
z(qe+_q43dYMq#dvh1WAST+jJ^_Mz)GY7CMh?C7Fz_V>sMb-@;`VlM4W^+4o2kUV*@
zB|}*kZ3Nu5BiWtXSLS=b?Z>j=6Y15lJQY)=kP_XuLgY_pG@c2y+PtB$W1yOC-f8`R
zyc4x;=fmHK(R<5E{e%)}p(N4R%V^T5Hv!tjr;ScrZFKCRef3?TkW*^=ySQ-&Ytg13OUTi0^M1Fw)4gXpXZh6qZ1B)#-9s6{%E^x
z9yzl9C?c9Y;4D06wdP=WXH#UdFOA{2)oql^R`bk`fT
z+YB*!x|S%5mfarFeo$7w;;Gywi45nfeVWrG+`57XqV;kbD4sUkl|No@XvdtKnC0t=V2HyzkfPc{D6fkm0$Hr0skCZe?A!%dw{I?f7l6de{d;>
z1<<7YbAqvx0!eW6meR~WB2)57WGui^A}E0VF%h9?n7{E}&FSelHrnN=vNSyAFnWFo
zYJL_D`8X}kl^JynKO)M-{UXJazK*r$TAh2zd}VpzVUcg(Y5MKJKWqBSxk7aTOYPo_j);1gnH@m?;`K8r-KZPDJPs71-w+Q87gF&m=Jva6pDa
zBB1}e^_LHra`p);@&A|X|MZL?NKyUAjh8J6wEj*aqq4_+4#@w@Ct(4Fh5YAd%e(pX
zs63JUf&zL}KuA!)fx}}a{t5C=FHVHO6px_TAEAFq17e{DUMO;m|9JW)$$)w}3=PAT
z`qZcp0#Io~enDWsuKA%%y8}}vuPBP(|CAr*4>EK9B~IZ#u0WnxptiG#NG*u}x%`-c
zkAmR;u|dWoaa^7m-yi%&YKqJdgZYaL)XSY|MgGH|2d34yXoAZKtY-scWWHIZA9=H)
z!=_F3Y^$mvkT0|Y(`3Nzm?3}~M$e039$|s$_ne-vrp%K5C>IHI)5Co+^Or%U9tRx2
z(Y->;8kb^-#*RSvhuLAhXX6x0e_fX@S_itEzCm*wtv|bkdc*4-X)nhcnUpSrH%$@v|dR%v_*ACQ`4Q|IUe;ZnJU>F-2Xbg
z5nb5&TD+Ai$ut*Lam%;Qc3WW$)T*T?gj3Ud`R>y02lGwV=~#XV$HCc%%;dqlx9X$i
zCPNzkkFj%lL!?GPa`x$vWYcOOWQT$31Mnd)E55DQoFp#CB9H$xp=;o!3wuM*7Zlal
zg1>j7t*^f3#eQ;v`h4K57;VdOxq^Th=~GXTcK*;0?ge9)eV^urKU(+qaGsr!>lq`j
z@^#&*Jwkn7$A|YW!h1?t*-S#HKXMY3UJ-#+
z`-)0U?FzRza_oND3PY1U^^2S_?}l*2>xJdSPuW&_{#*K2S`NnVD%cVJ
z@>|f0U8eV~epBJ&=<~Y+g8{~KvbfkKn_lG0xT!|@%@T(B(r$Fro6+)d{WoLx6j5jH
zZ72ds8Lzuso9!2l6A>@dkT_4-M`#eFtn|>6rDo38J|Tt;pzWS_LxG|`2y1e@JB~=C
z^TuQ$IG^Xi4gCRd@LfpPJ}2Bb)h;!puB_cYBi-*bN#y~xTf-?EK5GV4V$>gZ{NhV{
zz2E-X1YQia$_;rvHST=)^I}@*_at9=_f8dGZw8tLE_QI*uiEFsOE5m?h;1JRM8%7)
z*sM}bduF5GDt=whcDWG?ot(S*CDA1ojEvVUY*~$Z&oABiK6${^ZB)lxHYO|oey9Z4
z5Lr$xs)-L?tKSajxSTCAaA^b-g<3uyzrVAbPt65>Bt&uoU)x{~}6-6MNF{RGAL5ef*F
z4PA0b(cg}Fz*_L(7wY$-l-_bcl(rTrwQkYz*b9EMgg~2?GKjz5hYhs6xTTasBKKeI
z2F`aGCVQ2hwfrS9dw3cS=IfUqp+Et?Bd`#3=@dgN&{^n{eBs-6J3)dY{`j&OI1QRD
zB4mYb=e4v`AHyRspqJH{1W0H-$!ZRI->T~m8}Q(bn2JbvcK(F;{!YeUm~=g;j|5*X
z&-a>nbLdj~eVwn&E7xxS22H`cpd3?p*afuhzSzPj@{z>Rq52uY^ou8Dx$n(u*v-x^
z*+cy(yL}Ce7P4ytXSnqKLJp?g?r2ULn9B$EYBRELHQEcd+}FrQQ2|qJs#rJF$YXde$3N^H&GKdAo7g$Z7CQQ5V;Ej`g|fWzZQOb
z8EgYebFL^z3fu)5=}X$@X*E4T39jZ^D!o
z!jh2z?rbx_U6+6W*<%(2j3jp{k^Xem5>Z85wI3c7M&siNx4?k9CG2IN8QHIb6TvAg
zGbI9cxEl2n0HLNi*Q1rddDNvt3YeN8twrHD{oeK<$FG`N*Y3~bN9t`|K9*>21)tC3
zJI0cYe!*zeSonLu5RcspuKuAv9=Gj7paReTV@ii`kJ0@g;+s}r$WGZ}u^WBOyd9}h
zsd(wKRx1_v1eu@xRr(O)AFsA4+95kr+kVE0qNeD2dWCn_GW67A+WIhS`e9SB@sq7T
z@mYhP5W;@gxj$U*`i)DjKv=hCDEgug(g?^=Eu27LP;~dpSGG
zVJ?pNY^OB~A%j#1ocNt}5=C^wsZZm^@*MWx*ShW`%v&^6w7otRt6Pwu*(QnCg4VNg
z*fNM_<(Yf29fWtmdJDGGrhQfV+O!&)`HFfNH_Z|Jay6uRO+{BivUv9-aPuD8>ass(
zy50Q+vjWnyHk6i-rao@}V#+1?AhLbs(0xIr;E5GZ
zB>KIbD-GRd%_>NS1p$4nxcyYcv`PWtg^6p;&C4;y+ndmxxek9(T~sdh6D7*#{~T$8
z>FasvNQ>sJw=>o#yBz%~2lL$0BRC@HCul-9@;w*draNyDFJn6|4u)nYhy}gm6)HLe
zy#cS)CD~ZdNPQiz@E+pCg9}~O#gXTsU~7IU6GA1coh{k96G)8r|
zmun%Crz|PZ{Q8^MEY>of%=JCAQ)t-WC0B35a5)&1&J}NV!cJjYcsH`5Q$I>&PKGkPSwXJ0XDD~;0+(z_iecH84UxN!i@S9J-PP8j&xK
zZ?u2XmzM&g$i(@(k_ns9f5VjOiLS%Xn2vDX?(h3xJ7NfR438zgF%XBD@;-VXvLNK0
zR>#yjaceANY8m3YRp_O43v7?LWO*f}39B)%^F5A}&fWv!h?=RRlAXUnYx_xN*x`_K
z$!#LGNCGJK1sql+{T9|&h``SphzlXrw_w#^<%n&+Z5KxxW8I`AX>_Nr1B`^75Q6YV
z`F=tm1>sfQdZkn|a>^s@AoU_PxgA{dX*o=js9T{4J_QBAYDJULdFwEIb+ab*bPY}f
zA%RB-7ovKHLLHJJA`KKnB?n7ltD@moGwLlt>UCy+p;&D+H+3w
zH5fVi@~N^~&>4VZ7BADQ{uTTT>a=|tItJ3A3JMD~UxuXrOX={7gi83)8XJY&*B+YW
zI;V)o^<%KWFYn}wTTrQdfsYZT)(sCt`-dkJK3+SS_TmK7N)p#4c%ZT3R;JW8l=_A?
z3+Sd0uy>X#WVaq9-z=Cu1l=j2!Wl|$AmFKsqziH+i4WV_(eE4?*=@-N9^ev
zYb@lZRdH)gVl^NIzC4l@(?ihRIC7t(TQ9xfoi2=*sBHmpA0Th>5oGt^kBvN`9MK|`
zlhX;&jLkYOvIQbZ9ydhA8sN>6Zi`g#5(aSxn$Ttcu?>$wT{h(>m0(7QhCT!-Vhrci
zL`aX)RI(zcYedv8CBD6PCi@~He`UB?a}E-pb0$idShpW*C-((!2zVcaZ*TZ2&*g4s
zq0_z+8bWM*G8mg5NVcj4h*4R4JVLd|n0-K>?h8Vff~0PL|PPEDtA
zFG$;|#@vP3QGQ|5Fa?&MY|E-HX&2JPBC)2I+PO~H??Ac^XVlFp$jp^bXx1a)(Khs~yzY<7
z4_iidA>Pk>kb>iO>x>cl5#Lv&bhnJCgG9YU(Ss)=*<4Ft3)#
zL`9tx0cZb_KdB~hBW4;ZF^@>LQfVPJuc8AKYt>|}_?=MR&K&F>Yuxi*du!{d*t7uL
z&IW-1H59Lgb=^QZpHi4j{?;fDhirvD@#p)C%aWfxY~tQYmAuJ@p+WJwzVN9j%nQya
zm~Kt6=5i|K2zGGSUDUzICW;Klm00^eYm)BzZawZDQ1W&S=^`S~FdZz_S>4
za3gxanrmD+X{cPFAIr&dpC}rdSu*TU!T^77h^o(L+%10Z1n*ceRsmm2H}5vwL7`}A
zXJ8RWeEtdhmNz49x=MKRfj7sd(_o186Jvy3=$_r|#OkJSRwf
z9A;39IS^8elm43^aUVh;pu=RnE(?1Rp4bdy7mbYTt&0q0=S-m!5D}=d#hNwKDEu+P
zG2o@k1{}wR<4c7IX^D-bOO84P1|t?h%VFyuAfl0NDU0?(1dtwSw}|Cgx|-Fg78zC=VC&hs|o%Isu8Cdk)kWv^yB;!ZO7?1dP=`m;<+4-v49){1BP;5%p
zsZ;mW-tqU}tA<-}24$R$j?^HtSh2X#wezPd(kz@V+a6(PpF>ZeYZGRZH%Bk5ONS`j
zKuWFZv&84)Tz2spc+y_MKWuel;4>iiA{v?Hn3;H(m16Of|3SNyE>%k)B}V6#_Gf-~
z?{V<2A0LvL1e&D=1aniAXZdEXK}woEcG63*b)A!A&MrY27f!h~ekfq~j^t|rS7k$d
z!xPBLc0*C|hrSwu$>ji;=5yqv6iulcu`%$x!Q(r#_4QK2q3%3lb^~c~N<>iBdNyD@
zxbzR4vZ=SL-J!W+c~9NW+xPVsPB8XVGYgDodM)8LiHUjhJU2(jn_zfsi#$?-
zYLVDU8sV1WMw^1&-JeqvCtViGUhT-@6et&oD)Fz}ct*{lolIFLBCsRHFLagQta3Mp
z_@o?sd|qP*-zAZV>>bCINF=c`Mcii#zZNoI3CneuqcO?T|
zusk2%jVKff*d~t5?m)$U^{Z`e!LO>xJ?_`yxynq`gs($x1_Wll{<*ScU}Cac`BPfj
zD+=|e!pO$rx_J*n9>xq82nRAGvW{iR!CIzaq7{L5kyC{&Q=`$m;#E@y&$@8So%c#k
zn)m@)6L@&|%==AWmm=!lYimHyB1ZnOJj`F1PqVENaS4vE=+=&&T#J2u?Wt0g8s7Pw
zwo4hStZ~mQ&$Z-#(UQsPsja9kv4t-(shIGAC4qNCtU8lXCQ+3et0Z63d>LDQ>Xaym4wT<)C=`TBYp
z0V*liwD0a+8s}95xnM7l_NA&|P^QRRW2~-^Q^jpIa)||Pl)0>%0MA%<{siW|V7WI`
za+_qxU(g%Reclclt>1@_4N5}-U_iBniDOiws@P&zgki);LF&&r25=(vig{S{;UqzB
z^e7hp3mg+hYRnanpHTI|@zk%6IOTiHu=Ka>(gA^9vFHg;r`qg;KO5wVpmOK
z`)?$>{Bm-7Ur|zL$6wt4O|BXqVMno@-@WCRe{hM@Z7hnE&8NL#B@D{z_4aR}?EwM~
zKFa{p%&$g?BbNcD3(XH2PDgO?9(`fDZ1iSce`ijusuVg=#RFd!rIyvij@ItzM1RMG
zQo0*09B0SkVJ@ue@WR@~Qn^mIw?WP=YowQP9QwHvmA(>Yo*0m;c631@dWo3w6-S|+
z>#4PxR=s)`M5t(dE=!*sndwC>sI05AHGiO$5K$4Xm%gUPZpU>~e|mk~f8T7JKMWEZ
zGAD|{4Q*&;4H*?9xo!5W-8KDDcPHYM*W2cbLz@Y)sCqrE1uY@rXmR8Oa0$qfq|kTqO@4FJ3D{#
zf{#mO)`hm-4jIj)qGu_9;lvepSngO1VS<&Mfw(BXKtw%6RKBE~)9&s$)1(ay0%|jH
zJl!aGV2)PHK#^WqPr6^inqE6rbCBopdrB>w>Mv&Pix@kt(ekE$mDi
zU@a4wh_Vu}`cn>(?Hw5X1PmEj{-I&RWoM*UUi4A}fv0#kcm#%c+*_7rG
zXJA0Q!`XY^pRc9I$&8v^UK(O&T=pKo7=lZ>&BlwZC)q?#=N=)Wh6Z4iZN1UUIWSy<
zi`Qg;4d&zNri&f#T)^8Vp2PYf#CiROD-ur7=c&zM>RndARnc(ePtlj6`^FBXFE@+s
z%aa`_Hm*~VxA(PvpssmgtV%yoCwi37Q20F0a>X)o;5h)JhmG_PuK;FsFj9Jul~h
zWfT!|8XY9o$A5r9l%MA<;y5N)e`rL^_V)ILPHOKd4p*9_C)hVe_Zo`(J+9aGqHPLY
zLa#>UgpFvg&~N^XOfA2|4RfS48m#jGp59ph`hC;>l}%?6tkp3}v#so<;HWmm^XPtk
z-V^B$9uwGWq8E2P5tnP}@@4IWWYkTkXP3&m7o!ez!-pxF3E%b3cN;dN+XiR6`qkBB
z`aLKM_zl@&SY@%=#S1|#-%F`zfxs(+RGPSprxVVzk94oUy@deUH?%K7Soc{x=(^Z+
zAo2U@o0dU;h}cM(9`OV~P*G98heoe^?X?X1+-&d4tUnXBJIv?n`TypwqhD*wAE{w>
zyE35Hn)6qX3D!(naV)Oh#OL!A&cR<6VqQGuSE;{<>$csT&U(ld1fNyQAJX-`EKw|U
zxaZ*LD4NV@aL}%x=XZHJ{ynj}5}lnivO;5u^>POtna%}MYvop`j0Dfhq^Qi#}e7C@|STUnm6jUv)8RZM-1&OMaI
z&Wa3zGW){MLv%Wd?N;XG-OZHVD-AEEACwD^
z;#%3fF}V(ZdyPveA_gp0KHSjT1;UNXhq6{35d&~tA6E#ncoAuh|7hhq!B%esV%e^)
zSG$wV#33Bb*=Dd|B{cxU#R1U<+-nsU13Wp#bxS6E4kPW#9X~K5ub;pl{_dBrvwp>N
zIB4dn71yl4AZ`-&&b)G{F|g)y8h^@cX2#!22s9(i;UqwZRkX`X2K<&kUKZyQxc6>!
zSsMnP-?|L5l}Jb8XWA_2C!NUkWhU}qD+?t6PjIeMFPDjZ&&OgAB@$;irIe$~iKc*0
z@GmmN=F0b#|MmqnGWq@V!@7r3Qfd+y8{;lCRwM)-PQn$tq2D)CDNGRWb`y^dJOGt&
zk4_rrvm5BA?}etA(SkCZJgMUS6I;_w`qe%is$L_Ul_HOi%SvLLWG3
zCYh{>m0@8?T26+sj6VaJR$FucwyMm+XgS=%t{eANc$?i=vHpNVfE^j=ik;OqUHD%q
zjfMk%v90_&D|yKKF8tFKF|5<#krX#97xW;!WUS%r`nbqB)L`@JpH0{>&1UkzvvRc>
z+zwYV6%%6?mSixT29CU9a^SHg=5hS>1Ym;DP}{&zj||R_W~E;Pz~eD292`(LVl;EJ
zYg#BaK|;?=+3Cy0f^y*0`Fo%*h1%APS7B#*iKCb`H+`c*L3-Rks4rNAcn{&)ToG@w
zzPP1ViwCb}CLaiw^_~0xusgb63)}J%Wy#q6o5$&0DL>-J<61<_@N+7VKHv&SwttIw
zB4AnGq3EFjK+xm}`@gRk*Yr9_Gk5H9$|p)N(V`ky^$V7u&4dz_8&Xp|;>9sSK!dND
z{+88qCxhG5BnOFR;*=$$kVr?3=ivv=L`aSjj82^eNS?;kW8fDDI_jKjhfdT;bcB}Xx)v|u(#Iw@!#X?CY
zA@VM5D9dq(9zY@(MXYlhl@6;&6lt-)#$M5Pk0d352j91gh{lIp{vo#Rq;58pBXO`X
zC-cIj%YtwEudM!M+BGPs%Cbp;;fS#ptF8g^(SU*LT7m9mgoC|Ab+d_=5^h*Xs4lIq
zmM6M8YVB6(Gw`Xl{2mTsFKV80xsbc!3NF;3?mOXrE5*)yt0Z$kAG0q_6MiU%!gE$H
z*FbEXLXe?i#TPs@+@ePTDhYoK8iB!m=+%bzZd8=RYZ_HB==09^E8eJ_^bsd2>q(7K#}`*@EXs}=}p-$HbmEK=TdeItC8
zkZ*!Qpy^UQOX}`tQ&>w{bALuK#r!2_N5}+VSSCoE4H92hB606Fyzx?
zBq#}78^}V3g!Ge&#wuXT4I5%blFj8^Y|7JT8(LyEe%W+S@D(rU&>N@QiVAcg>hQu;
z@c{-cGNUU0diC
zvAvYlTC@g0%QzJblDc7s0_v@jzA)uN?+A1laVo<|fxa}8F$HDlXa0WfBQERRrCnEBwHg+4>0L%9
zgU;5zA5W1o>o0BXJiGk}xzU8tC)?vRGnnR-WX;)4ejmc@5sscI^{p~h!`M!fh^2U!
z48Z7iaF)1YwUzy(^JxNETd%Y3vLDPQB`9z*Y+z}IEy21?hEoZU*8+Dpp-cirpybju
z&uTkjlx=Xs5m~MF;Ss
zkf4&hZoCE)0it6en0&P?Ah8q+7s3^-R0^L_U^0H>Td1TsP*5SQbw(Q=r{o-I+9!)p
zXKLff=}b}tLY87U&9ChIGU54xyFYoH+s3
z*DVu#Z6?Rf<(rl?aO#fMz~>z)bO<(WTpt0A)p`W6C~>T-)pqm17Oo?}+s_n{Nx6ul
zZCyUE>1b%=TJ1|3?O!^rb+c!9VGMrifn_}^%|1(goWD)d?$PIyVT
z?KObxJA!bI?rUOB^a9!);
zAuW(Ap~+s{H(E*=to-V>*IwC;QmM7u9%_O$jwl71)mUE_j_6S!C!K|hwFraZ^wgmh
zyFxJePux7DvbwL5%
z)lE1sz|$=v&7J95>AQ|0{K!Bud%rq>V+{Qqd@%-^AE-vG{7$CAl9*6e#4#v0kT@G@lQwQrFz
z_AT3teT1mUma%0WL)JoL35ha9qAb0#W{XTxe2@3%@1OAg_?+uH=UmUZp7We@-}mQp
zXD@-*5`^WsIgC55<^1s#Sc(|Dv3poF>Fb*-{mAC+Gl2e5hvxxlWFN`Ewr>Fr0
zGXI-?L{jTz5LgGGFmxv?+FA`0jXN6Ca(J%r11p|%VEmm;PD#5uLzM2(>i0HRiZ(`W
z9;nFxdOirD>r{Ry%3A;xYJEJ3+%%4HP;oJWnK{EZT)e-au<#Eh_ncB%i5;HjDU{lq
z*J7K7n?}r%$2wI*hc8o#;kz1Y*uhQWh~8%QF7kLZK)OEw<)1yt*8aNy6Ts{U1)*>1F
zQSNF!K5MwhXA_XjmjwdYY3ezEnbaq972qPvRH^PQR3Q9FN9qLrguc_xmGoiq#KOv9
zfoNNw`yprC*_cwo+02Rn1fTR<$w8M*J3}&yR{LFuF5F+D*UY$sg6{cWv=c5cf;Za%
zJdooxZ&O4w}Is41lHHw7K63TM$nspE`&z$s0?^X%8e?R(tH~(s73gX_tcKWW6@JhcUc44G64JPhOUTM_$RGe1CC>jMX=<%@SEGzYC+1vfUhI9M!CaLG4q+B^BO(Mm79m064PyTEzW(ysvc@ca2to@z_LJW
z-UNU8U89{oJzPJ-xW1puaIY7x)n*Lz?kJqsB1-SvQomUKT=#~GE>a^(G58fv6yY5|
zEYyYk8jdpH-SeH$#JrkkHvAyo?9B2DyZz>>VHTUy=fDw*@DdmePy6wc-u>kh#<^YA
z_T^&AYVLu0D#dW(TdLZg^r>#wg16V-LNgfUbA9Hf(`6z6b?s-o@7r8TFs!_f(sFDG
zw;Mj#UrArmah&i^K~rjQWbI+9;|M@ims?WnrS_v2O{7v-uLX<|i0c;`UP#k68;P2agg%8tQNS8dQ+R)BV$NBVAK5%oC&{pukhqv0s|V
zAu&grH#=W=2qc{B8nb`@o1T-V0>q1_f=ij1$K=v()U^;YL!iX9#h!lCF0UbC*Ong7
z92_GhCEHp)?zgzM6BX@f-K-J+vA*V^3_3>IJ6TnEyh>>D^9+spHlR32i4%FYCVMs^
z@H91!0@|x?A+Si>*q(U8q`0i*3UgYMy}LIvZ%W*=ryik+Tmtp&L>D98Y?tSt(80W^
zydJe@gJIc6we|(ae-KkwEh1ND`3>|8$_WH`23|Y#*P9PP`v<9V1g#QQ3>!06c_2hU
z)n}AO%zL>_Rn6<+0~SU%Sm~#~OF5a>r&%7Mb=p%F-R{hv?U1;W=2mnX*c&Mh=k;_$
zXK#Z_?@zwNG6bYEtFd=#m9=o`?+5s=e_A)B>#{>`g$hp)J
zU>6#qAK{hsFzx<|2_dCjt1R_J_X}?g6h9e$&+hMudx7kqq?Eur_n!Y2lQr)bzG^L!
z!Rp3)OL0NEH2PJ=?qs@FTOcE>i^GOSr#*K`9WPT-QV*fPGI2)rC*(2=jkLOAhjBP}
zSo5XXk<^SzvF&eGJO&n+%&&%TT|wsbnybKH$QNt_v|%HS-`~%WO-PdMmgP^ezjy4<
z29p)TtTf|K#@09ChzMDIc2kOT>YO}F8iapgCKuSv7A$a1-ph!P5w1aM9hh0CqRgsY
zI%aK`)pS`%zrdAl;HK&1I*%5NGzXjMHShz@rZe9te4_)AO6p@rL!Mzmb*f1Wx#hJI
z43U}T^O3s6Eo&e|tz!n!12$v`qqhC&y~L@;G0~-1H~!;`=QF0aQ5c3Y(wNPiur~S_
zV17l-Pmt%{=`2b@l~CinwMLcVL<iflT!)NwV`4B1l1xffFooeFMs<((%)|87heXV+5zXl}Vu(x|OPR}c
zuFOK5_G1+}arZSGQ%r@(Ib1dY=mf$Mtt9Nc$yM*yBDSRV#}&Gh8ca4ekCBxY#ogl^
z56=DRapKJJQ0L|8Z-+jGQ4_?*sK~L+PpU|n+2gFO_q6H~w@VrIVwUSO9>A!sY3QxX
zF)*@VzT1E5336)q)z4S}5jf$u6L8>bTUOOy1#J&j>%3uct&ksb&+m(FAA3f71bTUC
z!DyWF;P%Qk+PET1B;YOy@G^#wObMgeMwWv1frZD)_f1?4=>ParTzr6-yzUstzYb=&
z(s0SfEKb%&yvg3FUEgy3jzbHc8x|UW&?D!RQ>p-0(h(s<_I(TOTz~Lb^&m}3334<=
z^Ib?I&Jhl+lUGzkd{Od@#Y)QV0I>!goIW#P-TnpjkCP~&g1t|SG6jSKhNR>HxwrDS
z2H4&IFqD~g>p?H+mAPGauU
z?M<7n!+(s(PkP(1ZHw5Mu;z20$RK+zjTWGV&JW}i#aH{PzhXBAzTSz5fY98}+;Mzq
z-kT)SI8}{td;O(Jz5ivZZiE!40O0L-+TkBb6<(neV(k1z(ZJl(H##*=%x`J$xZ~Ij
zGTRO3(W0RZBOvWt0+!x#pJ%edRAB4fxR)mvhXp!o&?LYnD&lv$uA&Vv`Qd8oTvhHp2_Ve`&4^I?=ah83g
zBe__9Zv)MJFj1brIV|gv6kY<+f-v*7qqv9eafk`OC!zRBb{moteIrLv6uJIs3cy)7o1Ov`!Mp!T)
z;E~C3yA9TCdA6I76I&mM{n^_{u2oTuk6u*%
j|GUwDkM931hI2aYppfZ*kk1Y-8lB!WFxSWHx}pCElK9dG

literal 0
HcmV?d00001

diff --git a/main/img/gocounter-on-host.png b/main/img/gocounter-on-host.png
index 182a91a4f4d73b4866dbcfe411b60cf8a715bbe8..d8e107df96da6d170f84a9cf5598b94177aa704f 100644
GIT binary patch
literal 86893
zcmce;Wmr^g8#PP}Fm!hfrAUKFcQ;5#cY}0yH&P0S(hbtm-3^k`4blzL@NT{JexB#}
zzW47t{+MCUo@-xu##-w%LP=9EGXDtw*dd3!YrXczdu7kJprZS=b^KB-~
z-)~_{GGYIIh9UoTBkoDF70`&LrK*OrhP)h)v7HT*p^2T5DU-X6{jVFK_}qDbk2a>x
zh7fm~x3*3^?);R$@8AJG|GLaf3Hg1Cvo$}ZhP)C))Xvcq!okGC#6l^61c5;K98Ju4
zl*J_e{2cg;pVGqF*`9})+0D(3$?YYRoufH3D>pYcGYcCt8yh2V2cwgRt+Sy!qpcIw
zKaKotN6gg8*wND7+0xDy@~d4#BRdyoeoD$;5Bm4@Pd}Y4&HnQwTclF=w+Pz8|qnE#zN
z0VG1bH3TRqAt-4vVO4kN16>52n0;d3Pej!i*%M<)npIcNUVc9CI7sn{8F7fgeylZ)
z9X3A3nG?5E>Q5^CFsA&pf4OnW;7?
z=n7Ur!8TUoURpZ3$H3jF{ST`heX-HC8>)NMj>4)-$$C
zjjte(O#g$Ku`!JFYnUnmEqIE!Ca_X?^QT0&Ct>TuyI!|yRZ@u8=cuH-o#U9o?b_z(ri5g|bTeln5wbLQ(m{f%UT
z0hW^S4B=}MgC-1ov&A@Nz3%IL#f(<3t0Pomj{CDZIx4F7A3t6XB?}`%KxZ((p7sc!
zdnf((oS5K3R}81|y3Nne#}K_j%Eew@v7F3Le4+B=WUWh+H1Gg;666kyfjBB)HWl>G
zp3l^vT;1A&OAKsiXo!f22nq_?jHt9(sJ+~s+@AiT-W7@(6i`(3ViWaSIzP5UV83Bs
z3@O)I7&|%eB{{z*yQA_+fk8`uK%MOp&o}|@Xef<#p#spMhA3do|7)6PKY?}X?Xz^7
zT%~4NZ5O%RtybFnRw|AAUYd`dEQxfj9vv-biH0RJ>r>`PPUg$UlJb5B*5LZu-PT_Z
z`tSXipVo%S{gB4L1_VHti(>G3{XB3xUN$6I7EuRwOFuGb$3RCf
zQ^pwU&uMu9T3=spH*#@t(bd(JO=5^>xjbHJ^SS%ETC=>oOe6C_XlVOe#%FfRv#S-q
z^RzA$2eLRj7#;*pPEHH&yUYFUgM;CWpGQl?y*s{-_a4igc(?$3ydh`^(h4HL4sg4cQNSKG(N#)vs>!-?Tv;_bV-
zx)ydBM$ng>7?Gs`G4hI*0
zM{d^N-T4egXMO=V>@O&zmb5fABfLgwKM)t%&r9;bv!D$}EcGBouer3kpROm;tA~T4
zDwIMn`gH-Txy_W$PV~}B(T0q`u#HsocY6rx}KzHI!3MPRf-9*p#FZTVCYbc&e>UlVS-P_)N**D((P}L
zms{#ZC>dO{kpBOd&p#;%FSQ04pGnO5W$?Ay>(|gBE)EXDEC|HJpUG`!mzP@s3n7IZ
zc48hLjfaU@Y1D(18?^k@9DN;nBYJ5#<)!)X$MGCVbQC6L=2+L%yddLxz`6*Mq@w&f
zhvvV|A))P5)Sq+cP65@%TzE2=Nbg{R%B%k74Vi%V_5IB`Hxd{MrJ*AC1YeAhvAz@P
z&|ui<$M9Ue!$z^%mob>U<9I4bB6f@RCSzJSxDeB!q|1XjY{op<z8pNHDHy|ik@
zs*SoBtf(17ankLgsb#{CoH2wi;nR2TGm_1yL1#qJXQ1s@o$LaC);C@RN^;JznVgn<
zqBl8?M4nCOlL_xM@I=TAW@eB>1KJBzslUeRw}Vw0!vtLL*a}8z?Eko6;Qsz%5~J%1
z!|@D(t=kKBgK-I{8*vAuT#Ms)SIPgh5rP>|l3>8Hni#{6w1H+h(uNT*u%PR^cEJAX
zpFaH)9RL>IF+4gh%k{7K`yGk|Q2sJfly_E^#(z8$w-8i^=hEV096BK(Q)g!<8xaL7
z>-gm4%bWts1!lcw4Zz*Z*H}~OOUxI{SrM`tf!G+$zaSF=ZdphRR7DpiweVi+&xrvC
zP=>ZY++6`Cr$8~|acc;_XcJ$VSNE&g2w1jm
z3H>tn6nSuGM!~_ss>P}=AP}e{Lu+emaq*sS8G>P92|u;{4Eh7;VGU@N3)NQ&(Mb##s&ruj?P_T
z5|Xz@M%ksMBgDiUZ^OMEPef;m)nwU+CS?L--Xs+8j(qEg51|$;$Z44PWkndDO^N(D
zt|XXHIW6{Uowt|!l{bZjg?rOq?rv@ZKr`j~Z9v}x0sT-_qeI1U$~DgHhX_
z9(fNaTnM-wbF;G6!qCa%P|Q{*aZbMrc%J6CFc_%t~B
z5V|_Ml~w@(0fY9;A<9o>SW
zJrQ+{`EAdc?WClok176B#eM@vmaL_`Md^>CKGA2WMm
zVq!34+qp+1+vk-_Q^r{tO}BfUX#i_X4y^8V7)CtwpPg7K1VyH=^v$`B&QV@d
zbGJ|i6BBdC<#7I0rSVV_qX%j8o3}Xht4(7H22A~onJf~#_k9Fn6Casj-x8Zax|^BV
zv9fbN5(}kMFv*c*&;ds>P8`_l=9si>e_}1#b+C}j$uu%1S(2mIvyULLSqssh&}Qpi)s%6VI2?}{|FM&D=9Dk
zwhtL`2NCh7scL-cL@J6@yH%=(MqC5~HqF@BBn9xiNZ+Im|z~D?}
zt-v9W3i|Sq1r)Ellc0U0n1Y=!yg%(DXDL+9i!{l7S?$z!*cpPnW*1sm2gH|YJTAal
zoN019X2DeGqyT}~(Z^7_@*OsMUG~3+$X){>Y>`d_8``&0?K%Y%1c%GLY1hN~Q<|+^
z+*}fe^)qKAqEw7)HE_RBow+*OXV*NsWz-1Q85POXq!LF@`%4Suv{=k>}3J^^Nh^pmCNn=cILRuJwR1
z$<1<~%btGhMZeKb(*?I}f}@K5Lg6-M*5l=s677|9PTOsFlD$6;CXNvVI9s>?=$LTR
zFY2Sw&*eVaZ}wyM<2rul_wxku9pselvjAvg-hK!wx$EOWloy1uW6q#jSlu_s_s>b>SJR+
zkReF=-DE?a+gYk=Zh5f}cIW1*XB}5hO{pd(Ue7xZekd!UqRuJ!b8?_SCvB&z9YOKq
zsHdHBa&q(x(&Pf>%{
z%S#U#eEfdrXk-Heg9--=ldZ2GD3Fr^`?KMqUDGB%;MLZ+_oWq#GA-5eQtnZ;_2jA`
zTo5j`ytEw;A2&mHY4+Yen)VV{%uJCVdG|FxQY?jY;y08LupTXxBk^u;st6XHhE1i}
z`-Y8=ubC?+Uec?t9Pb(q_7=MkQndvu07P*>ZXLf(D9k9td3bn;Ndp_tbY_v}tpQS(
zphoQ;xn5%kXXgZR8z87Z2hj*tKMz{>|1|~bN1ih*rH=C+AxVw%%P;YTym4_i)uYKr
zR-9EY3VO8NN>T(WeS#X(AJHWlb?4lElG_riYZDQX=(HO2?p@j=KJj}nq;@a*c4Zk~
z7Hg8;Sx00Cc79NMy0e~X)h!skw47{~os>ACQM|Pt8Gc2qbubIwkgaRU=PkF>opJ4L
zZ(Xe^Uunr`Fx$vx=LAW&Q!jA6eLI0lG5g%qu4%0`6y4qV5lrn+^&&y$y8=4vv4gb=W>Uqu4H^0Lk0
zBY+~uJGh!h69xx)A3y4jbZgY5{$%eHfHd8G)AhuUPlY3M4AB&YcYdp(_(r0)cjBNt
zqOIi#W7n|*_fweX_cuGpkCBlL!lsXD(E7(exF@Z(KWeJ85{-|L6~k-OJ6$Kdqf_hd
zKP3Jh;tI2lL~tkI3)6NcsM5O;S+uXADYvr#+Zln-@$FivK8e2c^7uZ*RgIAmg+9ot
zOU-+TS;$)k_is#@Spk8c%*t?yv
z3NoTow+tqEqDV#J?-ikiS9`h{n7W5O5(7y6>=zx)dES;3Zh58RgLW-r*V%BR#yWkM
zdoj$mgoLD|*9UohoO7aYn@>LAvlv^@x$8EFMN|*e7f1r
z=&w`Hmm}O9u%53js#gPvFW1?T8*NgMA`(%U`SUCSc*v#4`43?altVT#{4s-z!v*|z
zAFY9?m5humoW|(wTRy8PS`$W0NzrV9;qY;#00Dvq1!@&V1bBE#+E-;#L4i}x!($ls
zM#qsO9w7Z4t#J$(R=ZZy#SvY~d2y6V&3qlWgSn}}UC2S_xHE3#ls7{`<@n}H-S~(K
zIua_RlIz`gMUfv^)9L6DBQ`wZ6Xg@x9>-|vjwXL-a9v2|t|`1v8`WvLSz@`-zy3_4
zy&1xur8#I!ITy9}$CU;P2|)Z=Y#>$i>Sf)mT-}L5i+CxA-5wpW@$fK+Cu3*3lh4IG
zmw|*gPbQIpfdRu8t>~;>rGZtfk=OOWVy=n?t&9Tt)x;&>A5jg3u2nGR&`5b8ZioW$
z4#Q{-`$A2hIqe>Qj1W684Iowb6PVnbZE4`5DUtEIqHw>7I~J{mF4wKG!o@@R6eXI}
z--wVfk|8pQLc`8J0vXvFOboIG5qB3~tCV2Bc!*m*2EwumF-m?1xndkWP-OCRE``qX
zNH;ue`ruU6n^Bz`53T{X8=7Zj%}GKZCK;9Fa~INUG1rZQ3Ck?a&a`98)GnM$-=X@D
z@jIl}Nlmb6Z=+N5DyRL;x%$mPK;#SGiKN%>)7a6`v6{bI2JP^@UEXj2byZQE$Vy30
zQc}_u9pNO7LiA0EM!>=gm3$#N6gztFuG`z&6X>AMKc1llo@SjJEF-5JZ0O=jxB!QelaXvDMnJ^mBzMflSY4+MUZrRFLDJ7Jxd
z-MrWtlqYiwC-zQVgGRD3^jsq58n3t8+LEGOcP6S7Y}_*`@Ov%dFt^?1{zeHxV8DlF
zdP9{~*VN#uq1sOZAveoXj}Sw^Pp9qC4w~r5gaoW9Fc8UOy~D-DjW7MQ(kYC*j93cO
zPph^1DI|m7QGJ}?eKwln*ICLplvGq}<%d&6*yimPGn13B3rWK_C@>?0Ea|nDlkn*d2}BRrtlG
z!N5vju%C)Q)-0HgR3qMhCdM2&aayjiq&l@6r6T~5SxC1=p$vbHMQTfw@yK`L5V)lL
z3sIk82LM29*Ar6X3+@-xwFz}bq&kxm6Ig8UQV=1-EJdLUc4d$0f2aVhEGMxNeIlZoE$z
zDlxn;TwOqbMRa6fAdCQKgDO5EmnVR#60(Bn*;`lpl(;gRa$7WFV`3z9t<=_4^x~5h
zGk&hxlcB8UB~^1iy%Aesc|MW=ugZJ?&V5=^nsrM&x^3dH4hExejld(=pX_rU63q%{
zeNk^s%{_gjIj_s$a(ZahCq%tGJU6ec{)(AVTWE}(5r;Jl-CUd0P;{-Tt%A)6k7c=B
z^6uSOCtROjG*NcB%JOB*Ox{9zV)am2Doeh2+WglU8wr2IXnzZfiV|BRhL}*9CU_Uw
zVsKlo^6zl^ms3T;fdLTTF-EC0g&;ew9PvOMk*O#ct0=MOz#a}UCZI$(;!D~K|7u}>
zK^YE`_{{C}%)33D0Xl+ZyBv%Fjg?yVoS<)M3@|;aj)WDGg-EHx@88O4Z~IUr#W_+J
z)Z`{*2Me)McF6X{Y}%m>%(8ig;0}JkbTXHkliT}DX9p*8BSS>6|K@|0@a!ux4^%Vo
zr9YRoa@KdecVxYiLaInbtri*lCjOh(zW~gC_!}fJ45S7~BDxS?ras3e%?tk$cXWow
zs1+P!4K7w{_4cT@#C&`^mMP2yg&+@C7eu{#$Sg5N*LMi2Q3>M>NNj^(2?{0+5Yd@v
zUl^UPza?Zdh$0rAf}^EjSzT`N!X$!;CE~#8{Q3FQr_kVFhybhx^AsBR``wJbUsf7D
zxl+dqP875RRD_qQlU()i^E`%~Ah9z4AVL%Z$t{T(l9YHP5gjNPs2~Kp*$QY?f>sl*
z*tN1=LxE~+SiIMCo{2`Ah)kXUgedm6n}E@ZOEm&gN^k+xQ8-*X9P&03%tgK~O5g`Z
z06Xpogj>Xd2h#-5c4i}M>gtl_)Yz@0UxheB=O#5dj-Q@x^eMf_Tzz5E0sh3{d11j~
zW_z%@3U$Q@rk8+1MpzL?LBf~=Fse?dMSMmLYR=Kk$Xy`Y3t1%mhzXZu5rCi-t&u9N
z@2Tnz&`RnW?_CAM7wRThw~jF_QIWicCOIj%^39A5%OK3^vscRY-vxmT@UeiNYd+dz-nonJ%PBt+f;D5-22MvyU*lD1gfY5>*hdd~nK>nLn^DuKF;9;O~7)1%Ew}D9udPf`b8P&z0s)@0%PsHw<(Zi
zU0~jvvpf!iHxU&i${j<_u5SrxiHo91MVSNO#|3Xexb=0nwyMzgJiG{rICmWBmwL&c*h`^na3nxd
z*g6C&M5QTz-SBUAbhQA3)|HwIa&6h6_}YP4Ny=0*T49A7wI
zM-Pv+8f;?ZPWN|1%wv7`=SmOjUoh^^7Sa_A>b?IuUib%+{KLrl
zU#tcw+@C1UPG~r*HHZj*h3hCK?+Pf6yJWt6S(8O#;7UN(Yu1qwZ?OK_3z(PQ$+2*B
z85$glEJ42wj$VfrC;Wz;Vblv=PD|S7^zL)|p{=|QTk{JQCsm(_(ug<<3mG@RI&dFH
zz8ywjs@GCyy}h7;Z`hAxhCLkDZ%u9V%+WsYCCZceUQ;{o^|Nzqlypqt-+BE#@ensm
zS_#MSAbg$Ae&2Af)@^9J(OYAKTn3Xg8?0BNr-`WzbsKHmwA7d!Cr}=Z5kESto+mR(
zDt3Z*syv^vzFZyURC#YNlfC@0gp2}nmDc1tRLqYsMsR&E9`zb~xf%UsVWHDVU)|ER
zrM{6dX0>Uj%r<7!8-w7u3j1vzgxDspleyP(9(xSt-$txvK(ap$e}Qa&%q0U%e_*B6
zG#!K8?nE9Cw~wy#U`C^i`^6_7hV3p^aTzS9P{8Q|yzTNkMXDz{P-Oh`>m<8&JN_oe
z%o%b%tu`$+AQ^Vh{x*+P!nx*!)*HPnW~4mvWF}X|#unT$1~}ccImaeGZM!2$IsCqSOaWGev^7?sJPf3-4Ey8@=;Y!&nIv^uQ({1SW!G#phz{A^6s7dn>XRZ
z_K%N`{kX}tQdK3z9C4
ztQ}5cV!jF@A&jH7hmY1<9T50Hf`}{k!mp`7d
zCY`+E?(uMWPq#RmCH{Wl5xRf!^k8Jc3q9z77_rDrY0%O#&^0Vn@&~@h*5FjJucPI6`6E{O0&o}Oi;j~?(y(Y7E=ujP?{B=%XG4D+r
zb=I-5Og_rtv96ox=4es`%HAd_iC|`zBe|3MEEtu9D;tU
z^Dg{!DJJqdko|mjv6+@BK4Znk4#|rYl~xdQ`5Pr=`a>!JK>)y4MMQDC?0slx@Bp0e
zLbc^N0A5y;^Eg`ot`=Z@#UD*_4L2$w643-}M@MK+tZcmzKCc5ZVSG($u!cm$#Kzv68h}UTxc7t(jcwuZx+tf*6
zY{e$W%<-Mt7o!gi{OL!6ZirQ3;>Mw(hyLUgv`p8r?^XNKOFw0t)jJ&ZmZp~`)L^i*
zH}E@S>dq+Z?j-#+wbxtV_Km3AK7gZLml4t^*J*$;LQ1$@uxraAWjLR$G&acS_ic7N
z)~gr>n1nzcPOB-4`|H!Yt7H7TY?vo{DZo2_28fB{%}vlx6gTEG+?7TbAibOSNiXV1L*ysh8_fgq)3h=FBp0&qXKWYiENP
z0jVf5nDcw=H`C}K7)fT&tcS%0r!mXL7OyLSCHxrAjNTE=tWytZP%XxX{xwf!#-?bv
zAV2e*CO7!wZp7M$Z6-AB`d`2f#+lh8k1Q>1w8s5*`pfMC-tsnw6+3tJyWzvr>f*{Z
z%h=C-i~Oz`0#6H7YD!lU5(W1!BoCJJ%NUJh{4+UAUdz9|K=TYf!l9H01^>e7f9Y!A
zP@$FdOcauEE`Mnc2t(ud3Bm?e`%ux*`#!A^gl0n}0(k5z%Lx!tq#OrK#+RC!S19&o
z3TkS&ABbG;Dewz+R@2m!l%NPhoYXZn3BL|!2tEPS2|!u!dSBbelJU#Q%Nz1}U!TY%
z(nYACkZ@rv>&H2A1sR620v!7)F8l+oI6fd(5G^(@!QM^lX!ejWb&mo>2H*NRz`w)`
zmssnosxPL%I8<1RS%&;Gyn6RG!U*1Gml^$^95z~?4DMY06bRnA_MzFxUtB5$+&WpY!4@TEu#kK;}On&ZTlsKpvyq$?)wjT5q%t0`>4U_fQQ>^%Qer1
zeYKq?oAWfhcZBe`p!=rxcb9ZIS*Ig!>J11n2&vdUCu)6Wa39!1^Ob0VbOK>)EFFq{zBUxKn
zWn(tKNr;mDEEpP1f;XYfUHubI)FAlUZB8jJ$
z<>AC~3*
z3orvi!@|OX)Z8C#YwGjmKXV9!Qsd$(-p;Y53aY59_fdh+ds(?u`S|!U<16aE$thj~
z9MkDn+l5-2u2n9D=V&pJp`q~I-BI|=F%NidQbTScp4=g}^i3dIV
zN>HNHQ1B@FXM#`nK@!m!-x-#Yo-3xei=(E9H7XWW0?-%W?A%5BC*dPt&75ye8Mfz~eWA?tqpG%oGrj
ziQd}}=7dItt!Mjq3LuWFQlVUc%Ho|eDIkAfHR+E7R?Wzsq(D?3cuB7Xe`wh}1cW_W
zb$G!ss*zYQJyD>Ik+o{g08c;9t)VqpE9vRB-RL}`T@G9r&VtJ42*F8Z=>sI3)5g65
zpbA-^;M!p3l4ZeRYl^0qlJ%tbDFd=k$#m8D!Dl~-n%W{;xVqNcdgxvh4PEfC>`M>i
z{tTmE%xA*z`BGVu{?e-=r2!q=^TM}NhVZ_Ep78hii+c&Ok3Ikhi&RikLxUm4wGrlo
zaDt9Vm;VlG9KBF1eIz!<3(6(J(vlK@IfYJP#usUaXG|bMEPS`d7fP>})pcA#`$l*RP$eEAi)}|mR=5xYM?YilJ7Rzmak+A5^s
zu>i{%OpQBh^`B=XveD*s=BzXWf_~FsozJ
zEQaQ1A}G~ZUNQX^gXosXTRAb^WA^h_nGN<$QTu$Fp_YihT$XA^hn}uMGD0OD(*Oz=
z$NGYdEh0U%?)PdVGf}C-_VH|bz){}Qfvmjg2}fcU?Pv-46RpBh)r)EN>*8**O_l`q
zlcc`HyBJq70BeZIB*q+-^obNC6v)4gOlq>F62B@sO%RiIy1qX=IBm*^&RU`PA#7om
zm@~hGu|K@w88nJU77p)tYQRC{)-I;&lil}67<%ij*4}5|vdyS5to05aO=7Q*!X`cp
zRt%=W)ea(mhsBCEwn`Gw+4~S^dNN_6jRgCH5m&onIrhC`f5=@0l?y0=F{$7Qk>1it
z#NhnDG`tYrU%CS{EfZ}Vj5x#mppT9oKYy@!dFfvB%p}g~W7e}V>x-l)Tbc<-bJ-!N
z(`!_Hf_~3DKv#pa*^|Yox$3%hKX(~1{Ah(lX3(ys2G_=H#71kyGTCwP!x?_<>|7;q
z1)t`Y+sjwEkl@lpW*~kcL>s4{Oi5<%t4wKdq$;MdSi5NS3!y-l1+e7SvR7r8HfS1@
zi-Xpxoc5m}4gzA6T)ji^`|;-D0|qS{*tw-^stqBx>1DD9qd^wu>}1Yxh1VJ0+U=n?
zm6}i}QyrWi3-b>ukWWv}62k=^WmQ3@a;t!~U;IF#lx-245XRZFXBC;G1Jqmw#%F{A
zVs>#1Cpqm7-;@60+HgFW5G5@8808t_(j9B1TFir|CE=biy
z#Z}n}?OeMHQr&a&G9L7WxWK5rLO}+ryOo>_%z#%gS^te-d%E4BCwr111Ud(^(`d;x
z@EUq~W!63*i_(lxromGr(`bOQoVt({QWuV!5cQZT)JjtQUi=!F4W)#7_wF>lTt6K2
z1jXa|M;Rgn&Xri5iCg_xU*B%dOlOtMSo+8quD16Ice4rLa{-D=rkJ(>^+-D|S>9Tf
z9Jnu%^S+cFy9121Dl3v13!}!-cHjT|u*O0kz&)8k3Cb^VX#+RYvvQJvIKAc*&!?(s=
zYj%>4d2+k8t5p6{nD^}3&vvOZt)O5f7{bw#HI5D7Uxl>#B)R6#=$#|IJ$g8Hz5*
zH{ki~HQ`y&UWOjHF7Eyez>tZ=1}RAalrzM6f;f0IaHZsVvxjw9G80((^#Ze0F%b=Ibw_ER^X
z>$JaDb|gHzJe(`lG*;c*G*LgAZ}S`QzUxK3Pv=WpEPt+VfAvGY7huX8!|G!5vN}?;
zVhZmB&{}u*^}DK(NZR+!5R3v6)Q7rBRM
zG(?BqmccoVv6aa7p<(CS@w-}i+aWC4rt|Bz1q#WmuW#7h!A0*_9XCHI#U_nB5^#gw
znI&G5ZZnFAGguYVQ8l?}xt;9LhB57?Z-1^c+%KVky{*H3RMjnwe0{9hc4f1GMUNwy
zDPv2iWX}DCo3jf#{vM_i7Hs~St2DSNnb!!;&KBeDLIzymzi4NKqo={K@?2~!QAO?*
zLp2^)4xaoF!HD1@punBY>Yve$?$syaf
zx6j#M|4S}`18_i&??5wboEyQ4uZ6Q}Lv|k|W4RG+b-wasl-jBdU4}i%rrdaqO!WJ!
zzmiQX&c0*BWfaLzQk9pwj&!v*N_D)mu9F=*$G4~MavOSwO1F2itNP)C>W9Sjb(%mm
zA9BJcPXzc^Who3_{8yo|kfk6drY1?T#2$}7(tNg=_&jcIZ++T6nFUIYJUn-0fKuATK#LydG@!KaPY0%EqdS
z)eWy@w6D2qs}C)plY5di;?SrX`oTmI)o`O`JLGY1Z`L^0C@#9kj?MD?)wwXSgd7HFp4uA~ST;lwr0(R>yg5LI)c)0PHXbFC
z3x=!X`%fIvUgQ6oL8UkhsngEK&09#dYyI?+&_{b
zC`hl(<-DV`zn9W;U#wqRY$%>)z1&*EFpL*NhGfbjbyCdFWSy_rh))nah7{F{^2I9k
zfGo5RCv5q;xn^Vp<7Q1;w|9P4>hAL%elhqZ?86}LAZJ}^h>A1U)tja2!2^mIFnvJG
znd8}(jCF^@kfcBBPRXa@;!OzvpPy#q6c=JAX@CVR=>mq8dpcAeOwv
zd#*yFCc?)H68O0^v7t8KY~j`wz{o{AJJaB=n7?ENT-zcgSfLW;L&_l>Z^kEa&w2+~
zkb?$S_fL3?3H8unGunI>8l+)K+J=}+lXd*Y3p37t?gN7A@mblQuF%3P)I+(0BV<-4
z@<7Jv5d|eMxKL-8QRg(aqbadERix5$LB%$Nu~m~LhxfFz0%+g?k$zPT5yqPbw59U5
zdd8|nMzuT%4)MYUXRgWoUO#bC4#y;Z6CSiv;ME*&AoUFKL>9L^HSUehitX3G6LFHq
zzPGLu{`#j1?%yr1DG8Zj@31UTjZ1E7@DaV4z@eaE?muw6hd
zYd-SHWqXu#AYD&S5755Hy^SyNyS>;22!aI0giAocE$H=At}0|toFJf?rbC>7YhLRO
z#!l|`x6bC26)o5H$QHijL?#o_fBK_j@JqW8Ra$D}?taazZ)jj(08B3~4$fdQ^9q3L
z0$|b^O;1mcd^%qPP&h?cS^*U50P-9{ew)eskzhn@Hcy#Dag+dk(ZKjJ7-51=%A81o
zPt~N-pv{d8mkHUJrs3?2N|n--1q{3^;fc__KcNc%)n3c=&;+PRi0650Y;Z6z$a#MX
zirlm?avLB7stG?a4a7u8;~c)$tTYk_pi^M!epLwp^;exiLm7?r^&dZf-rw7c>^;$b
zPMw>Zh>D1aNuF0aRicRv4a)?uZ9g$csb8yYL)o0K_&_7D}DKq+I?iUrc6l(yM8Gb
z*^+-o&<29;hXRy#97f$>mVO}E@_W1|bTKwI21;`P6@ieKzuMfw!Uht4NtmP~jQV0=
zZMJUlVylm~Bfew|2_cs~grpjkh#k;E4+6@n8Fhz#Ry7dzv8?IBG~UhkjD*Fz`y953@TIr?LWMDqgr@2Jr<-W+CERsg83
zuWWMOg%Mc1B&jomvt+?3zfzQ;auT%07OrxRvety>i0xu=B=!{+8Ppt
z&o{fW(gw)fn@QR6Q3%H4*HC(+M@L6j*8z#!FKba#<1$^WM*PZZ3aDlRcufF_Bn>*(
z16Y??ueWbYA|sLbMm#+|m9=vgD1(G-6Aav#kLjH)jyv5T$kK(1n7FnS~r&mM|&U2+(>25vDM4lP|@vd%%hqI??&~!Z*S#;
zh`!5PO|Q~6c`P?=;X}cNGz9o=KSLEx3({}#z{blj&JB*)D=yak#8FbnnCmTD=Y4;F
z0}yTa6j@Sl$4fnobHDi${(q7gv==L5F-7Q2dcrjg@}<=|KDSswF4+%&!1`EFY;dqY
zz0HLf@%>$`4PkUl@*)s39n91wYDsrIATpo%*{bV@v`#9kcU|*ou=&a;>a`r5@36+8
za1@$7Fi;2EVaIF-;WM`($FgviEEYKgiCpaqYn8am>SU9A)$WM)WU1?5Smf+EI2HK0
z7uX)u5&AbD#6ba_P{8#fCLwM!)o)ap4y~e!2RPxJ!D1NITTYhYkY`#-+iSf%QD8Bs
z4tnf#Lsme+iq>{FL`6k?9ngn=q@iF#N=nLUGw%!-yqz5j_mB>ML#WaDW)COT3O)w4
zM=uU~3=4LVV(6Lj+FI9v1QB>9dn2VifK^;8DlVqer~%4m=6kZs%hBgiS6+HA13PkN
zVq!hEf*{W9x<@$kYZbGDP%#eA@0`l!4#clj>11~^p(V+z@9xhn0TJ>1yPd;F)+>+xg_HhRK*k&@K?$fR-g@8rH$)u?
zpmbKq)*ZTPHDSKkI;pYPAEkLZ64^l2Z$tFs`KHtKTKY96`@C<0%3B@p#xcKZf+e$q
z56GOyA0{XGoF2@Y98{=sLRjG5Kj}3&Uiq>oDJi8^?fDVMf;&;3o+}!X;1Nc^q3c#K
z9Qx~_lQFGS;vbSNxBkkXEcVfy!*FtsO9b;DzM@5OAM6RZ_RtXo2Zy{OWqs_J-0p2m
z^d{%GGf8h-lDm=!5j*7YJWff>F)F*x&yPfa4?P(K4sqvj0pZ
zDYrP&X=%8O5r!#2yD{n#i#bpwgcus7b%1;uBi-ZR4!22$3smfRL~E1O!s;d^KqMuH
z>Ko}8wDYH0yrgyVdb55pG-V!v!qB=&k7x+?Pp+j0@G(4o=dMFM98jjpE9pz0UP*{6
zD7bEwJ=`S^*V!#XrNlkI+8>}0)!J}qY0NoVJ2bYmU@1DT-N6}KnQwd9WqWXD@KaAjAI|5*n)8ht%}Y`pXAW83-|1N97-jnt6A~R_
zdIM0G1C-Di)7y_M0#(#gQ|wEt7OS6tQsMad%8-x{)geHN+l>ciw3?QAjH1uLjBO7U
z_Mou=M4!@e(f;r^V!L)X2&>{~NJz!HO&kZWp3PBVoYvc)SX!-J`IVWe;K;q{5wb|_j3?_9zxKcEmZoHPK8^%omQf`U;Z5)wm31PR*I
z0)>2B@~4=?xN!D!>lmNw<-D8M`#-71Q^vEvqq;abiH0ECH?WJ4fN-lz^je6jaW7#J
z(EPuOR4f1tnZLh3pm^&%j_OA@T7*ya?J6Dv`>=GkhT{aZac@A81ghIVXR2-n+~?ih
zaa+eK1w%RzM0bUuv$EB;&%_3~5kOy%zGu>`>YkZNW`>soina*_ES1)Pz|!%^*7~!Y
zpuxrl6*=*c&8}8GX8$WJ6v=XGtg)dp?bpkZ$08Mq(!_e|_hq{srO|KcV4b0Zf+=Ah
zGCz>cHw4Y<>TygvOEdU9Kou60bblm3z`r>aV##j!spgF$dg`6v)+
z8g+S$uJZ5&(s00jC*mI2+tquEAXu7RaCaBpk@sq<5}yHUA5#)@Un%Az;m%A=?YjQg
zFs{fp?(kmm0!sRC#fs)jN0pA3$~H)^gV9xSDUr-i=u`+NQU3|+g~+I&S{N3;n3tyc1#+k1q_x6UkIKNAfO?@D8YxHDbp2QMC9r`MQ;DdYK##_@NR36W^ezw
z-~Zw4tpe(5v}9e}J-EBO6WlF8aF?LL-QC@S2M-Y3-QC^Y-Ccs-nSbxy_jLEUFZYc%
zSio9yj8Roz1@xY5wClWxe%7be^@Rm%egJd_$WrkBAi6oWt#6M90T5vQx80&XLubIf
z!wCa^jeh+!LA}y;?Xk7mnt!6M8$?f)8g8b3tY~^<=<4U=8|>yCa+QB_qwsx+9x@ns
zcDvi%rohDrzumi%(vPc5-M%D~LM_O8$pFA%rU21%&Kbg(?9R{IwErNclCYvd)2n(Qn+
z#Sp9n#L^~FR~ruMg%Rmox~;>yX%y>dVk;c&PMM69p~1nm?AN%LYRjE=9PdZ_uTmg%zyl(ge!LNP
ziaLQ(-};lw)X8Hz3RdAS%+Rk<*|EdWL7TyJ8p5WbI_cf2p4iKez;f5NKz!~`lBCx9
zYwZmyzbyDZUg)M?8=%`E1o}qqn8s~^L;sMzD%Wn7$nH~Br1(IMOBeL@Q8N`UN?e#{
zV5{yEX6&14KRDMO?XlWE%KZuz2vNDRTVwj1@98g$vd)OhR#sAtN|amIf{WCC{W+D0
zRM4w*R09vs+!D6aK^OxxSZE(^ANZs6(0tDDEVa>s{0thDBqZt1^T(l}eyeGptP9&o
zO->c&3niwMvt?R3DKRe6hX2d6AnI%7=wNiuT*-(GVu|((gn-Z84TZ=DknICUU9&15
ztLNZYU1$`gZ3X<6h23wX7T<|G((}(iM@7gU&B&0T_?l9YlwihGXUD{f*wmE7`zuNy
zZIY7EZC{|g!lN@UmKsCSVDqt{FzA+4>-$Pj^blWIr;0(E9aDgf;m%&;YC2MVi4tj#
zfq)k*Uvo_=w<6>A;ZtC8VP`zr&oN^VhCC-s
zh`8a)7^?>aBGg(}hPF}BZ@FN>nHw;Sy$0)^Wvaw5n6zr6PG8gO-)H&?nV;_iV~5US
zrTJ@u{r;Y0VpHeo2t17~zyIeV(<{1XT52259`k+!$+F_|%7V8?xN)Q>e|rTF5=*Q|
z{un7Iw{cMer1R;|FJ@(3Owc`jNRz6|NK1JlRb6E;v>B2h*Z+NK0a!F%iMLLcn&(0;
zXfRvG9sd4Mh6UH03X@XcfyPNyL8_c3DEMagWUP33Kg>B%hO%0S@xT+zaUr&nCEOw&
zb_<=eISaevSo94IC0$Mv2TGbai_{FQV`@!XQRpXBugw49Yc)1};Kr+Gu
zw@i5B)I8v=*`M5V-9&|U7}M*$q{wT^pEmz9o3=qKt0D;MzoH9DWFVSV>DsLJ0rX9h
zu}yQ6#}#oTagA998FAnkjK*<$*ABVCMP}CG2;8EnBw#k%Jz9i@w8PTdkg`QVmkdUs
zCAE!y8McSFCBqrw4*G5__W+@Sfd)PL$DRs{uh_$9#2beLa#i}HV-gKq51*qy#fg7}mDv@)|+
zsQ!Vbn1DLHyr?NvN`j+WUUixHpX|d|Y?QC+3al*B$&kAl8HHwq7BcYQguy=1&7uK~
zudX$NQSO=$WPG$G7hUmh2lPu`cW#)i#)}B<)K*Zy-~ivqcgh_zRP=Hi*NBHqGqDR=i@mio9u7%5s(n+@`Avn=qe!cTih
zuoDYt{BK00Og|Sd7+`YJ%VT($D@;sp1gS_aWn1=}T0=u0-<*gPjX*_&6r(vb20!Z<
zS`6F&PFQ>}_{3{KL7-X=Ql6gtpTo!;N*sANIXvT;Ef*L6p9{SW^@~3$GmMc4T_Y4S
z#ON2@@G0@OJAg0UIPYjK-@mwHqn68-$#Y%QWxqFNO?!E{Y4g6q$lPb=XUM>WM
zD8;JRiOlPM|5+g^qk*>`ofyLDXVrzk*@KlZQv4mi6yh)V?BgL6_*oevScrmQBI1YEVPPz3i+V*5mur1oCD5*e1H)QXj<6&iAM2a*t
z3vycb=IyFiMC*2xWF(tPt0nI76_dmHbh|HJ51et01HLr
ztoh7~-}SayUxUYe@;bf>h7$w_lOY5^hEta{4&5PuHeCSEyi(H!-H{kZ5
zaHXS5@PcQ6uvL(e2_RIT30cJ0S8khTttm#Bf*gUPCY`EO-i7+XsQqUSH-kL+wK2SI
z_cnP2)3njWDr2UT3j&16AUtU<3skFEYN1!sV+i*ey<^%2%)
z`pt{}<^Gx5C)2s~d-nk=EVi&T*%Nq6KPrt@q*Bi4Wqp(LN!Xj{zD=X{PvgWZoCnP$k
zrn{OE<*7@GFd2!aUWO@jdFqG9L*8Z#Iq$yA+knc0TXxQ3T*L__M^iF~rEivM`iMNc
zNp534;S9sS7ou+Q9MkbixM2&JhrRH#m&f8)S4h|Ox*B$ve7A42d?R|IeS=5e;8PkK
zYI)qI5tn}e(^kj{h$wgY2J`D$fpEiHc2#LDJOC&@A)>Zkbt?y^VXs%^
zj7HX0`Q;Q-(64GHraAh}B7Y7V>g^(s4mV2D)zbL;P`^=3DeB30=$Mz641{<=V6STZ
zEG;g%(e{~Fp;H}QLw9Cg|7lA3H~fO{$&cXm&RGYT?ekh(LpbvyvMPQB@EMA+7ug_I
zRvEjN9KwMew!O7DpC;3Zz8RpjbvQVuDKcSR^a=>bu}Hjin}$@Op^)xf)A@KtuV-|B
zZeb~4rMdm6`fWpB#FLW)LW0?G`LEM%oEadNwE-|YcTO)B+^20(_ddy8yoGr=s~K`}
z;&^9t;QXGXKoqa3ugp?ARzjEqs5yVOQh-uom
z)X9oNIxxGG>CIK;t5ao{R
zJNsV?DlkP!wDmr{Au4iC%4b0A@6SrT6FDVT2XYLdDn1|g^1WK4P0w%wkt6dFurA-c
zk+DLL(vRpm$RQ~v3jb=ypoB1n;9x8|N4|w
z2-Jv#TTE*`d|fvY2^Q*&-|=J*h&YY{AAhQiBK0M|Pex>LOK6+hy>KgGNd5GMBeyEP
z%LV}lQlT5Gwe?nq>+3Hnuvk%$Gqg29LKOs2vb^a5ZENG_cy}Wy3NK+=z=S3a;*Y(O
zWhmEBh<4}`ZPI8~o!4;owyu-KFCC_-5WyZ&(AT2^`8761WpP{kp>H@zE@Q$HV#qt+GF|NjEs5e7|M_+T9moH2$BkS
z?Vn>Dk~miwA-%0FCgZ6%dV?;>Qy4357WtY#W+&eS=xO|q*~kB2vpSSHP(9q}jKC0H
z*o-FA*H_x`G-(FbSQID`e*I@A_ScUP5)%{q@@0%kSEOWES4YQYt%+oLZ-2j@#E4<)
zue9eg_O-nV0QUiNy>v{nBENH;!LQFa+bTJ$x5*G#N9D6S5#V5ecXm{?EErySL4KJL
zqRkbnHgFz?9j#dru)HQ|nQ%`H8o2!Ce^HMjO`8T@)o&naxj^^SkKeq
zsF|AIX82d6Er*!+3gDq>YXjc0tAHx(vhB0wT0lhgz1a(I%4%wA0u-l4%SCys_>#F&
zbtZ0ZjS|JSe`}t7t6yk~rJ3CW*!)Yj1fDs_v4`Wl0|-N>|6~QcL@U;*nI3g{Krrui
z6uaD$_`NOq>1HRQsWQy(TCKIYn0y{*trJ{KYUi7bdSQlCbunV~^dR>hotf86ZM-_V
z&XeSAuq9e4^KnPKzmqHe7tjS5&pVXt-Rwq+iV__Mnh@dPKV=`}kn;Ro(shu?50OhT
zmXwf)cqr-{82HS?vu&03^Cy74!|y#fH~`2-hGee`-1;ONKr%S&zAgz6ElK^m_D54@
z1%6mm*UQO&i*%6zvU~F1n#T#y+V(pW_)W(~cd~l(ew`rUFWXK8j7!FvRm*1mBne&n
z;p@78jL!a4DVY<5Y1t52&oiMyS3pmBOxOCs#ru6+PhZ}A%!lE**^ZWR{l`_f|N0J}
zUhjR`1#S0Uy>?5;mjbYto8)cZllhOblW*z?*mlp%iho_ndpKZmpzM|lR()Zp263m0
zl^?Hv*iHrp1~@r60f?g8>l2GWE%9sDInkjuyBfuBoYBh)FB$G`3
zB6+Q>ueU2vgn!KA1pa>rssSISp7$rtJAJTcHfKxKUJ?IyNmW)Cl@=Q`(0wN}VtX9FZe
zoSGK?rNo+)qQNsUHdB^>Wk#cjVm>$;&a?#~J&JkE9}PDpWy75!;Q2`Jr$Is}+~6rT
zieHVc70=d|YfV&Dr6A)O#peDpsN5q!mU0^#xd4kwrCsGj2G1=ZQ~UV%05}mXAm0vP
zz=XX3$f>D;0SIb9jC_O!ynET-C}Dj=1ctJ>WN;;xzfFV9`bx1f)pr+wy8xpEpK^YC
zI7wpKDY|s@JgJ8yN>g3`Ag~g;^0Vv`xW##3iYUL|Mig{|~TJ6ANDv_p|1INXjO%L9z~>RgL4Kl6FXI1WC8HA@Gqx3^WU
z-4^HTVlIa#$tDU#?Ee37nGThxesD9JsP6(13VUX#1F
zngphMYP<~@C*%7JfkF_w3(w_B?l)Zw3W{R;qlO}qoT3R_Yhwxiv=?TmW*Y}#r|tW*
zKhg_!;Iq~*?JT7q13pq1!KCXpSe~`W$U(EVIIvW4Q)JulFPBHt(+qe8z#{X{0Vi$|
zMhF&U0M_TfX{=8D5g5dMcC){A!E59SD7wwZyLh|(rjefEQ`op!q?m2Cg8}lg7$l*7
zlTo*yqN|hB8jzzoo-G8R%G(%F;1XoqmOz?Nakz-j?Mg^nyVY2l1RTp4IcE+?AAz^4
zsj5Pjs;Q_Xo)!I1ZB?QA-`XnMCYEtGDQpPoFH3dO?jImn0Uj0Zm%zv7fAg)vYyG*m
z+zCpW;LkkpZ}_#O-~^WPhL88@fdoxKzYQ^3Rw}j8C$cxHc~W#EMAGN%voj|<8fdqI
z(e5sQI{Fc4Yb}`gsDyUJ+w{%nb)>#BTz@k}lAMylkpD_S7D?p(SCmly!PvGy
zEiToQX+PRqK&H(gBX7+TOf>^t5*n`H#k3bwX=eyOKP5u8O*o=i1g`Wx`+WU84W?KN
zjN)H_+a5HS$tavWMW2G-rOWg$ah<&_0DmxP)8e3qy?aYo16oY_S*>4O_5^b)29Uq^
zV@DFD=))1$Fwb=okDbkigJlFXe#RO$hk~a86n&w1VGTg
zZm}ET;NWsbmC%ffV_t#fp#WZ%#A1v?f%&OubY`=g>AzW9K~etK%G%+*3pEtP*Q~FA
zr2IdftzeQ@-uPa#i$pj-wn6l`jL`V{z6bsHt+fS!z?rT;lT@-cZYu!k|H!-1)dSw`
z2D4F9PVkW28wyUB>12XaQ~3~E?8YP@JB+039@*PM~IT{D0
zNilaH(>MyU3jdtBhP)xR7W#8?egLrLzsd|ipR$KXz6S89a&mIBh%rzV&8FkH#RY%y
z2K7SybPYm{UrUp(G^2XV#2~G(6CbtH?fem`>DggXWW%E46cQPAwc3(OzFSyCd?CnM
z@9Ptr`YvBXaxVTg>|!0Vg9H;otQ6oCPHYQnlAHvR1PP%M^!~D6fm1RCDbFY04zH|S
zJDg;trQNid`Kcu9FDBH3_~3Y2YGMN=6TyOxfo`Fly5UPseWZxHST;fDT&m>(&A;P3
zTv`wh+Br|JS`uMX)23UVZy^$3cY*eQkuCw7>uYxVDM;kW(JydnUC?SSF?twMTBWij
z&&4IOpBhT+)qvBf`fXsT75Ksv>#WE?y$gy~u7FJDWAe5}i^Q-sk#1m_c!t+V+#0uV5PkKJQ*fzXq2I=&l{l
zM($lN1;2*CvDgGx>-|PObus6YEIPBzH{G_xs{(Lq=
zTtSF6CJ@Rz#L_2f&((qHHbry4{7WUocdZj=rt_bB%-&}(@d$MPFibQUfr1MlDT%_~
zFUedMdYBzSJ|c2A@MZN=^I`pg(7Ne}=bE9G%_3DE|@lfe32VO{EG)1NQlO%$(%ZCo-uh
z0m)w-dI=QoL8K;_XTAImi<^?{Na^{vt$NtI2*m3F1h2s;(%gYc=e?P4Ys$O6+mqq-
zNMD@F@v(g_9gxNZF4s9J{mI+_uNN4MfeF#b5;vg6Ahe>Q0_7kepO%-Y2noQnsRH@S
z?m*~X5}49N=zP9F8SF8PK#_2NR1zPd<$
zCgL@0m~ZA!I9xXPE4)reQ;oLzLz(e^<;yidz62OsQbeE&@PUBEi`{ku-`~y)R0xh!
zP*AYD)2e@2QzXDX60Kl(C+~p49D+UcllT!<+b7-)w1gjRS$`gE_D6W{Zm#$Dp}C0o
zQRy(zaV}I1rphH1Y^-(Fo9Q2;+zwXcmaGb;BnwySV{|%x{P+x0hv&aH$fTEt)ic&2
z9;rgB-BR67z?h4+;d~%+xiDT|UypuUGBjkIR}GWsWWaw}^8%mx_*&Py*AZl|xQ6Aa
zIa`11P+FjG61;HsOKd&iePFTlVX%pfHK5YYe9q#%>pVI^o4EVR(yh6`KX|S6pQ$WJ
z$cD_o#DqeA3dl}JJXsnWlZ#aCs31#K`Jp7`eEaI97KWJ3>k60xU9Tve4tG1+K6!h;
z0eBj}EW^T|Ih*&7kD*YzfS;}n5vdl%=9&SZ8=y~uIz0gKQK_8}iL#@a0$CIyvggSC
zE7K`AVsKnazon`v)C}#SJl>o7ZM4r3u%9S}3`y30lnY_DS*DQxlpxo@B;v4D#DR?o
z3nvh;wdche48-EM({i9IgrcFr|CZU}@HV8kPWmg4i-5n{a)Z8Li(0?LSXwy&!xOpQ
z-p1~5xE45Bi@N29K_C5i%x;~tUYiSXwwjIXdjcSNg$Dpr-_e-BF>2p;;Pk1$~qf~J$pN^gLU*@D;+a|tv%@5
zujy|?nx*Y&B4g7U+Ay9XT+F5^)LjeexVoYxbeAm&TP^;}{Res&NI@>BrzF2of(2t}
zp;v}Ab_|~fU$I5l!Q&zrNBHT0l4$RJ7uCV!(`cg87N+Hb@B@<9kUNZL(VwE&(mnut
zg24b)o{$0dtG3!2{gW_cjlnjW<_wB*!sD1Wb8dtONe)Wkn8V0Y_rv3oVrDvf%l(l#
z{NS_a`_Je&=FQVeMKXP8$U&d?o6Svle2aN8GSV7Br}LprNWqF%4jec}Alt6pS|UcY
zmglZ4=9v4;-}I#5&A(pTXtP+R^k*)DVzb`H|IK>p3F&AmV
zpGvTlAY|rD*KO<)8^eTg!C)27MqpfO>Zwb$R^)#7pHbDkM2a!Us7+%L8msclw2(Od
z6V9GP2i+qG?Bc>p5M{?Q_eO;c;R6rVCl+T3LQH$|kNO6XV9X{mhWjWJw8KTlvnH~S8rIyX$gT~F38K+yuj
zd=X2E;$+%jEWOx|I5Af1KIhDL!-l+>eKjL`ium)&ev|Z~HRbGcK*Im?~i!3WkOyTLnoIuCx~d|9I1cohmnyYN^MH>X<7tTtOh@)~7Q{#zP>
zf}|LlxhtzhlxSr(qgKl~0zb;?vHy5pO0)64a)KUDhJlu@dgg=PvJ_9Wc-Sp_NB-td
zHR6WGiMrRAb<&*24*c<}--S`5OhX{NZoZeWeF}>ZPD7Z`#+B)!+pqziHIl57)FZmAY@DF$SQg#&q<%Wl}vk;>b@G?4+)~BPU8IuYPktJF(X=!?Tov+)s
zDN<}!s<~b`j>9a>B{vE_aEM@9V-M=4(`jTSOU;ytQ+Q`zbq|<8x&CFyPrTXIQ`>GuehlvtZ+mPQ2E5DsPi
zRW|+kgoM5XnA_?Qf>iX7IK)F3B`=W__B7M(!{Kf|FK{HDhztbzc|k-mXbjelxx%;d
zWKoF8SlNLLoYNqf&;7JTbtvT-GYzjkGaj9LpsGh09d)Iw8-T24%hdd%hR|L#MCw;d
zRb9W;vtq(QtNx>1mf@eLeGx1e64LO{eFR@O^%R6Cj+N=}xG5F61O3!OMdp2!;6DTf
z^@o^XQnm|+;Z7m7v3h5A;4ZG5RB-QFRk;%*-(I>`>=hO%M~y4rIqOv(oCtU|QZ(;(
zIkyz!BSDY^xwtq;py;viE&l%U?*R)5_56Uu4+iYjvWt!J^{Zdc^lczxF9KedQ{w0q%c
zjLsN-UySKdj4`uu%X)0%bw0|WSbZcmZ`|Ro$MSJxY`fqAm1>0eK^0kq1enL578?3L=FGHgb
zejnVzN@$4SR1Bt&1RCFqd4ggC5E~_jn?BzKC)*A5dxk*;fKObZ)qnH0+ITTFR3Id*
z5D6%M{%s;45n-Xo6cz^5q$_pOyz)$yzlC;Yf
zZ9aSO@hYo1XLCTuAY^ecQRx8?9+kq)xD2lGfq>{Gc2<{pp*2hw-pp`On?DzhN*JT()pQ
zN`49oNLb_djdt6sGxs6%jT|*OCZbNFL&g9&&DZ3AQ%xaJi8ZSNgo@KO1;hf{vz~XX
zcrJC*gFhwBBclIACW(Utd#2DV<;O?vcz_RVNMR}-KKsLIFIjt|kTDV~Z&`iTzk>gz
zl^%k_Ygbobn=AiuK+7Imu5gn|PQMlvR6Rp25c8Fw%b&aTaB^ohVzH{IZfi3WV6F|~
z9FGD9t49klFGW;4kE_@H4oF87WQoxMvO%-T%>a#?{d+o;Bk|EV9{7p%mS|M_SHzvx
z_imEa_tY3im#2#`I0gOo?%vbC{L80gPl3t!Hhi85`*5*{@sQXR#|IH0uluJJ$Oi(?
zTE88bu-LJyn;C$wOZ$!XB-W31vw&^`xnjdtquQxhz*=i7176GtNzcyKSpVgUB9`eI
z7RcZhn=A4VbI+~62ngJwESjJ0xb1I%o2_b5RjeZb4*A2KAjhP~to9=!^tF6Ff^W(^
z0*!GruyAmE^8KH_d^PhjgbWSF*%phklV+`Ys2H-}4*mHHYC
zmQ+er{LQ*FV&eVZuLyN18TA7@(aJONpCC!SbM2~-E*Mwqi8{-PyB$(u9bMd@qFP@Y
z7B4E~fUhuLB^=4QX`#rQd{@<;JpW_MvJ0(t9g;AZ7oc?uH
z?m6WjlL-Y%Rh1NtG9?9jqGt;sR^k0qwfuSuT2d9@%weBI{ThuAHtX~B+W&*VbL3}A
z*Y3n6Tu7knEmn{^K7d#G8%fv2=i6KF8;?``)_!>J$TsSO^19Tkk<
zofhqtyOsN=_`NZ%1_#PTM%%_$?ZogI53M&gJa6drKe$#_v=Wjlb$y>w4FV%_PNi
zB*?FV#&LaYKW0kdk%L|of|&CCjb)O8e?~HCQDOe?EeuW6Ov_cBrt|yBEbvYS&5iBGaPPtiVb7Dr
z+BHRCRL|am_zuu_WAAoRrhgts)X{z#sQ$MJNf!zPH{hU2?FvsItDRTK5PqGPOA97L
zlZX75b@ncO5d(;4tEB~WK>Ndrlt*k~nyzj-pZk6+3`*z5M)}W=g-WgyfQl#f>U_Y=
zHD^Bu=~7259|&@_LbHoPB0(n7DcJ!FmnZ0bv($vvyIp23hsutVMbXQ_AZaV
zMg-*{?hItK9+fL?0$3h)wl02c`iQ{Cn1leYzMMA|{Fi2=?@QXp6e0{#^UK)ad@iHQ
z?HD18vCs=A^FS6MUk1kO*Mcb$1Es(Ma_Tw@V+}{5k{}oj1_Hec-(daI$pDk<`x0tj)>=002wjNcG?h+
zz?$Hi;&15=uu{T;O-u|AcA|owMdJzROgrv6uu|WTlYkuy_&e;3<|cDc)9`HtmiWt!
zOET%*kT2Ey=x#6wgjPxGxWJsP9N+XrUY^O7Phxx4b~zGWA}z7nLwE=8ci_H@OI=;l4Vb^C&+&LB
z-^`a3A1#+k-&vWDo&yK3u6P7CF2}Wle!A`czCR0xxc!Pgu$V~hVood@rsQ<)kF}IA
zzt%k(oYRJ^K*cPy0!^<4(=EbsFF>mFR4~wt?SCl<=ZoS1Hkp`onq$4xX=jtr;?hR+
ziX$xEt-RyN%6|X1siY^|PXqIdr0MsO574Ax5|ks1N=irF}iI-WFYT*T6H|$zUlsm#`f%7n;Iq>1YLCo1*T=}
zg6T`EN>wuYAS1Hr5T)W2yh|VHXc!!^#8bnrBz;k*m$zr1tzXE)5PAaW~G$BXdcok`E`Cs08iDN8!4+
zrZn{uUZf&3jfR&bdps?-d&@vTtbP{SkL@Oe{TFvVWcp!-mF0P-9ZqXMTMc?+EY1|P
z=Q@fA)Z@DEyF)>Z$qI*4$K}hb?h&+AZmCYg-G*bzFGE4`emlIe_+%pUSJbASjR%H7
z`S3SDNCkrDtccC>ciFGwC
zTZb?a#LZ=T_B<;x3<)s|Je$Y*c)y(z#Eg3L#PD&Or25bdlB?!wwr&2g4zqmwr5%|6
zB)57XA9iEQ%oHx_O-9>@vL#f|fp_@rUE&n2f4+&^*Toy_jhWow{EXa;oE6vYSD#xH6pUA}7!`$S!*@UE
z*X(cTvm)OA%*IY#s+DUHp7*vm*OX}ZH)6C-)<241^FUU+DQX7Aw*DHo6j>n}cG)ZT%fdRGhuN7rHkMQqjTS)JW
z4-8WG;xEnfvj5CnMR;J}z9DRWa=kq8DN)-m0(kgke2-}o;_WCXRAIox>Cw)GGbSNh
zmO0)PVoAts(52KUkcK_9AwtL=IniEeqeXEguZd?tvjh{h+2G6dZiTh=1G_h14dHe9fO`3fVVBop=X561GoJBapwqH6F~JLQp-;8wHUs|MHv4m4
ziz5Aq&`X@X|oH`6T!vK9tmBi?>YwU84!GZ%-DNiDfqXHi~
z?bf*KZ#rXX3E(mORRdLsT%%-5h}C%aWFu3xr0@5aZRh-LLN>^uX$3PVHI*Mz?e
za7YME{Unlz;h$RAVFadK8_CfxbeP{9@4%Bqt6o9-Sezb)X)_
zthGTh=g<-E^I`-BTZ<<3ipf3-4g)W3M7i$h+g$l5O$aoSv8g71rVuFDJY^gA
zT{3ghRBa?T-$%z^PmqC80oCne!*n8pk3bO-8r<{UL#=T}8C+kTsN&-!Y38=mH#?ee
zoKk+w)R3c3CORtWNwJ#-^$~I!ov|0)Z2yLmkbr=}?bAi1Lj4i9j?bmQ3dy@4QyMXE;@ogpB!w+zv>DVR<$Uy^QRSU*+>jng%i
zD+;`oeYUzli@<;)Q9dAt53rN*u(AD=0iKJA$^5DE@<-i2ObqZsqj2rbE|o^hQ1U%njEp81+cppXtsq}v#&cT?Vv
zZtq^A>L!EZe!OI}b=&@|ZKNb>g#8|CCVZ)wyY@-FP9C3oC@DJ~FOeyru7poMwzrzQ
zSu6k$ZurgKI)TNU5rMeyHySJ>!ey<9r5L^Yvr~wQ<^ISUA=)q9hO*Zs@}+GcY?R{y
zcr1_t>bLTQg@qNe_-NG1u&H-}N)ul|w*-Rmnp#?bfTczs3etbJ+1WX#LM!A*MjLh?
z;AFF0Q=r{wV^E;m;v_tVL9z-&XWKmPPXIvyXrjZ0WYu3|&~7*bs!fG7SUxcy042u4
z8&iM{5U8QK10??)b?>P5cK%BN;Kq^I4p7E}o!wk9(XF
zXU?M1p$!b-XAbkH#ZF%R4tRQm;ZfNXpU-CU3g6C^FoLAwP3iC;)9Vb4YNumQ3x=SW
zG#69N8o*m>HsH+Q>kxEXnEULI33b#P&NkEh{0wNZsWd2iDz;*PEVBqZI%M}Wg>14P
zN~8%?01*QNgC-jN8V2oFCeU06@n#Lw^Za#IFro&RM<@$*hHE~l%L4rb2g3lmi6Hi5y$)0_3UcsY+4EwB)2CH`H8hY@11Lmp(
zD#)!_sFG;Vwc9)R+y-t!S2nbMWl&~8d8!R0b=~WZ{6f|%^F(c@UZ-t0m~6q;cGGVl
zwTU~U?v;d;m6g&(Wi#uQ$Bx4T;b^ApI;$4Tqwafy!Q9Za?0dK33AYgsaF$rS^dNS?
z$0eM$8&V*^ZN+c)DzIHugPzcDX>fN24)w=WNC
z$Rmwa0rd~v9)*6B&jWgGcsM=t*NIgO{HVhhhZPKSur!Fr^YwJ$^^w`mJjvbKGmR2-
zR~NDyDq35CHSCZvdFWo#UF8#-qP%1+@d(e<>t
z0Oy=#{BVf*;74Hj^XxMknBnb27>A89FS#kQq&0zCUv9qFaI!QT7Cw+YD;B7~!;4Pk$OPZ1k6HZ}(FJ7$P65iMt$
zZ}{Qn#^deT+185+1>=aCm>vlkIg}dbgx8
z<1rb~FixZ;+++NHk-P0mjBF+z+9Dwq9l#`7!|&+M{f7n6LtA$+@nyoLn9YCrHRF5(
zcjfv|x~tMRgW}-1A{|%+?CAOujXD<#kZ@*&0O$r=-CTC8Jdrgn&I?CCY>o9b*m{W_
zrlEmhxRnR4=+ycVvVD*Xtxk)2aa&bI-;pmp;U#0Y5K-_Rkm0&>FA{q)po8@0@j?4J
z$nQ_=&4&En7b?mFI7rgL#OmUNgnB{B&jJ5Il{o@msyaHcaim{03OQ8dzH60<0P}Zh
zhtlSjmK(6OW~ESJHk3!3rQab>EZ^xk5B-6BHGDQUuJpLa!&!J3(+%fbuM*CTeiYQ>
z+it92P#7!eAP}k+y@3;mg{W(rLNsz+Z*#xxS_gQ>-3n;3U9X=$eTr8_JPiJhIVr$71Xe5rP8y;Frd!D
zUEf?Dq?soYdP#7DEBm}6*rsMjjn@lgQ{h}?Q<&jnW44*bJ53}#-Ve_2=JDbse}#w_
zXeF!KrEFrvL^Ow!$14v~GR~@1KHgln9`1(b9aq63yDB2w-+#l$!!lEA!`>9B4D$O-
z7T4S)A{k2J4c5fuz^0*53omk)9)7pzMp?5MFn)!&_03m4iI9OBa3bH#Uo5AK-03{phgY
zg^E%XM#l*-`kqoN9MEW!^qO>gmrvFk)F^dMD;6++!H^4Ujs~`j1eIbw^wZW%YvpI1
z2F7@OkhJ}o`Dowr%azpjMe7vuf@*%Fse)E@gT$N9zi
z^MjSUzNFKQ4j(`VCg<*(LQzRY-+dVWN&+!Q1lk;L!1p@%zzpF{^5?B&OLhEn94KNB
zNH94=J1z$hF96wsk38o}=NsU`3`9D%UcVwq;(y4zAQ
z)HL(v#pPuzH{%hFZ+I`g9lSW7YBxA-PAxPt;hr?Jn$z(NMNkClTfc)F+jl9~EAfvQhF8w^6suu=!;_%GdM%&xuE-pgFy6@h$cc=C(rP6@@&ZjXsxh}umPiQF@
zOOdVDORD6`&vn-BbGs{%jsE9&GB*_6dnN`bN}}J*L}_StvvL1X8u4Kzen96htT)Dv
z*4pnt^s=DR8h7E8L#`=~`MIb5
zXhQn6q;ldUJdqy%U)CWgnD7Xxjg!V;0LniQF*^zj)$+<#)4ujBM~Q)(I8TLU*pwST
zgG7off9!~L6X*laxU>b86Y53X3ha(x64}gf=I+1av9{c%FVDc|BNE()M0oaS*_Uw;
zfrPLbP1>Oi@$j(L!FSCRuwD0@s*HS>kk^+AnnvQN%BnC*0Nh3pB+$*VWS{(L}3*s^;s`*%&W1OOxf2*{pj!HATyUcZbjh`TZmV>4+pp?hUQ2
zHM0l9S#3_ZKkj9>A7yc=x(3rX0hRo3ntV04a8Mc75H>)t_c$2CS=NrIBUT$H$_6!R
z`hmenw*$esW5Ar5T}J%f-S#)d_v0HME8KV#YGN3^&0$90$|)^72ZzGjva;6RXQ3)@hD#r{FfTXEIDsiD^lw*9pAXfpvqE1!3;V2
zt+xOri;b#V)6{k-1C&hr%6+ocWLy>o0egv{<7|4OznYnO3+#p{IJrBufFd_19wv;e
zTM8vN-jW(3;WyWBl(ylzzBM6YfsA$iA;L=IVTT&i5uz!3!qNr(_i~YilasGllBN(4
zp<0Qf;r&XuRi(J{&M;Ac7fk$2-=
z@EnKGVBD;t*vaUqVCWXABxq%7w$O4C(Wq|TsRVUK>LIlX{>P@_lcb9bWsjn2u5hk?
z8CEpk2DONcSMKJ-F>x*a>da#(O&sy2R?~R$
zJ>A3ofQ^C~Ki&WouD)anx>l>5fE}k^3`7B+zp(1DF`ueXJ%FsE-q&d8PZ!oQ_+HM6
zrSFepnHZLY2cgA(G#z6R6#9kQnM{@#JAgkO{6ruxi})2Fq3X4V+o%&
zaLp)ba&CCPBbQv!Em`bVo|yB}VUrIzxz4mk8RUf*RLh2V9MvHdOcLxhH;U3V7E!hq
z;eRYvP%v#vz%|tb@Qswv}GW@+zJoJoW9t{*0Y=z<@{Z6O|1IYiPp(jcbpOMJQ8SZOSZ{BJnOI4RR8C_1G
z!oG({y}xOKABa6b^)ea*
zf=}OW+@>^t4l@t-SG)0_8Zlj5a>)k17v|AP$UNNW>j{S(PNHy$82uV{@eC@MXMm<%
z+LHVSj+y8M-B^@5+UZIZ+f(e$E4|sk_t0$aGduJ51@v_|jB3Gx0(3^r%u5erk@R$Y
z?n<-Qq1?WXpcc>EjaZV_Lc$Hm8r%-UYaEqJh2Ki!NzN_122
zFQ&ArH;_re$CSR?^*O^r)0@l1d#&oF!L?=!Jw(?8du8GEl!&Z2EBb92>03dWtBw(}
zfmN>3$ie=%sbTJ!NmV808AnbdWxXLQA+O@zdTG@1fLET4epv&xalFGEzn|??;RahLD~e_sUuNipzc{0wF#k3|TGX
z2BeYd7ovmBQqfPM{a@w4fl1$_){C=yBDt*4;^U>8H+
z-Si?acOk+5?#%pM-K`%(xv~UT@OZsN-K8hN~l^7_J<%
z>RdA}aEgl9-ezlMs98fm03dQC70oX%!8!N9LMTip;vc=50Ln_Mb5p9ci5hD7#u2=eB&&#%b
z70^Z6unF!+w9V?`qW1V$JEW&JFUJ+KAKliJ&K_vd-
z%)e$B?%9#?&769g#QohOF;K|jDeYsfwwy$%S|(vUb9UffX;7iwJ2h||d3s8zEOP+k
zEFFqP!9*QcO)93<>C@CIL@efibXWNVv7Hr#JzPYV}Lh|uh;bZU0&
zL*%i(^QgA>#f6|X$8_vLZ2T9#72zLq=Vu323=H{udzaT2ZosJ^>U*BRq>k)b3z`5x
zX_wV_xVSwrlnWJRq4`rlk81-sB1zs>07w%cknP{FKc34*4dqVxMn+P&x}{XPxD8);
zZV1|Q_st5I7|!WN_o^r&Y7(B+#~&~LEYQ!*8;n?L7c%GTcQX&
zr%dYuswQ*=0>-@xaf5ur{VEg5u-KrsLb;atcOD#pygxK}VelfX?`E{Gnp%C#?|d4Y
z??4u4KJo|7J14sKtlr>TxDLduK-n{`VIFs;;ipi}yKkVp0IW
zi-3Th#YQeCT;bvO0f4)^pUV3++30CN{LIWuG#NjD7QO~ln?D`eMH&i@&(FS0OPoeS
zQR4(jG&n6vp8hy5EG*pJ-32N%M0eH;BI-E;+t-H)R+|_5Fl@JY1EinptFNb1i^nad
zFUd7eqQHw>OKqH#=kOxR?((D=>9i)7v{OE5^LMy!&T&%t`Q+vM2VaTHi5Vz-*D8Z+
zW_pHCRx<2>3av(1+j!Q=w;VGdCzm6cxx&nW!&%l@9l=Tdl3H(o-|GGK{gZL?ni7I(
zqFak{v$!zWC{WcdfVNRdaD7=`Rsm!!sW~}jfOyoXWhK`F5Z!j$0*7>|Q7ii?%43;E
zjQ}bMPVrSRNu@$DB>Za?;%@_Oz=fJE+j|!*Ux9eqZCUA4J}xfcmkTd2lTH9)=li#^
zo&Z1_@&?m+;8CgJd$x;}{`kN}YF^%np`j>#Kr(uF0>|eE5U&Gy-f~7IrU3Q`H9Oh(
zK+D8b2qFdy%IV@KA9Calk^o#WliLE#=ow~u7S@s+&^&5xYC1hmZyNhtpPrTM?aQPQ
z>pk;g9pvPBi#J^vi;|Jlw&$@t94g{qxPH%gP21
zx6{f3-YEi!foK$rlRup1zEGOz7n1p3w;^MDfcM$W3uA3g;&Weap)
zt-}Hq&C}HZ0(mNCt&%=(S)$mlfMJeGAUZr72k+_mVPRDjj{{sPI
z5GMi%Lg3z-0z_$!8{m5#f(wJ)-AJ}EF){qSyy+rOoL2|Fn@=|tc9faoZhuv9hK2+T
zT1efeZ})uYbnqd5%+hj_Iq%|*I$EjK6?{xat7Nj4GS=Gd?!--{9-9C-NUh2(k@GZa
z)Km@lURT3DMIre+>z^$)FpupJx7;33BM&`5bfU;d+LjcX>WrrrxfgPi4@0fWr6*#K
z>F!chSve3+xtaD2YCK(flDYj}L8~Et%teAjgy75Z56j}kDuO6HR=jot$6gTgpeBt7
zT-RnnI89o*WJ%vud
ztD0~c^9EMc+DxJmWE&TOZq%=_nFJbQ&BpBrl$4nOH9$s2)(KaMqOu7>Ie{!v^YB`4
zi;G!YrI8vJ#2azEWrw_hCnXRLF&_SrtUfv9VVqmIucbzrkr)XA{R*n=lQT625&dFm
z)NnbstcqmxAjRR~L@l0}~CRg$;vZFoALnbNcmAf${O
z%b#4hQXFLTIzmDEa`gADpJaio}dEhmvjBcxn
z#l9$Aa3bS|q&=-8-h-Z&I!Q14c+V4>AXL&UgMX#hm~LRtWs
zcG&!IrdX@BYB-0qJN0_v7GczEyM)lPe>sal@r+^E;%l6xnUinyg^P+wto>=!G%U64
zVU%J|AxJ1?1ebgGy7j?W#7H?on%C!BWuuq}7{tg_?NC*8-_JM7Aazp>TDT~Hn`V=Vo^Xci3V=Tp`?Y7-QA~iDn<_9
z0>u>5UM6wSpJ66cyhgqwO_kU@^ZtV@xj(CBgdSJ#lXM6T88$+mKGTzM5($^M=yJ@S
zN2k~T)U*9m+gYBQ0n$RV$Hlk1Vzw|ER-h2ippH@BcA3vO9yUqZKJ0Emq0Dmbh$?5-
z2GY>^8IVj2Tu~Ay#>YRFn@9n5OQ&#uU~gh1U|N)=8>1lTR>G@+wi3bmseKyWm{v
zZVe;V0CEa68rZ8?;?u8#(H_}bWuJ9@uM{cd*6FV=D7lQ0K8)k@Jew`CQ+KZDaF$cBTnm}pv>Uc*uA*_q-YBSdy5-6^C|qLGj~leTPv
zOHP)BDyv8g0y$_2JykKsMK}Q#NTZ6d$X{p~;&;A1gSJp=%Qjw4mOj2Llk(cy9%O-y
zptFCVW@4egp=KMA|3J+o757i~%|7$+4)ooPO5rWwg!JCv%*?-OvZBAC<*9s@J>dPw
zhwe1v+rg{+;gH~vSd1vBYjnT#rOY4_
zaa^E;OjK5%wwN{ETNzB=^%V2Fz%n4bY{XNH0ThNN8}ZZjSUYn|U6X0Mh9|C(gl=yg
z78*4pU(1X^j=s^-cw`D*pLQ1qcS$qok=3#9M3Pv>a-fWl9e%&!YrHEnob)JHL~5BQ
zS4;}G+K1T$Th~VI*rURD%B`oWc~Yn1mgSeaosoQ*(Q=SwPGb`0xwLOTBI=9dkn`9v
z^>B@eN4p?5)_LF9K#+-O{8Mga{?_cg?k7sg3x!AT1
zYaW1&F3VKto_Ag!<=OjI@(%I@<*uv@yzC@;L3T6-V0|NVUF<+L(144$F4D;^Hp)cv=WD
zBm+~D7!5C%BDF^hFLG$ByN&zH5Q0)KPi-$`hf`h{)D(FtyDpqGWR&g}5=4Tn#$%S-
zZ08N0c4;yfM}WfeZlEgd{YaAQCS#`CdzbGUpWg@Kh#efCj%}>18rREab#B|0M@aBo
z-&45%2!M2m&sG~xn3GvtzGrrCFm8#pJ{14z{_XRt@eetd^+5}U6tTxSZwD=w--^XA
zL8E-wu#=rpI_^A-TcV4dcX4pjs>QMO{>gHr@$d8~{V{a+
zM-ku8{2e{#-UrJL%7?b0K5ZQC+~k3?=4?FiT9kbf=#;BIPq_q7xUD0iqNJf(%#(;I
zL0Kk!S(&apVXX2yK*#`?LllRXu5#NX!jn{_YX+wm7Z+z|)O15e%be(R0#dbiu5fcn
z;&Fmots(nIhlgEngg(QS-2nU0nK`P>Mg7XnS8Tu3ElY3&(AidwVYMf!5$Nf~FB;l8bO7C!vE
z-}*ha*E#VoQiV)EFIzMo2dD_mJ*3pXwE9Bn#{}|w(V}w9#Fi#Ix2{@3{CJDh$&Q=`
zwRY}$b8#P!AFhLCGvvoebtengm#J)6~s4ERn
z!ar#|!Qyy1-PS{T^hMhtD!tXbx4+8oN@RQMz92`+W6a2bmS-M7%Vz5<;oWafh-Bg0
zvx%mz-ao6W%M=l|SQY9@kvj(Jf>DOwV*)aED=g4il2@O667
zvb9#%=S;pB@`!ZZ5lqY|4qF4W1NWP-EqRT3c7$S@PQ?4
z@KLKkao`$vmfKIwW^nfJ3x_syd(2@;cUsmqgrU{vq=(ks9`k?EwJ+2u?)m<}GHo4_ZCG-LeD8{$Y1`M~h6`
zKuo5~@A~U^mwI2}od$LgCwmg(Z)t0Sv%E^e>0fNvuQ7H0wJE`eh@k251NCwomz
z^&2b-AR(7|ac8MiBhQ3F4+O279~rQZ)a$Ju`%FR0)u6Z95?kr$vYM5udWsoh2#7hY
zjAE*=W7ewGeI8AZh6ASb?U@;*rH>xp#*ZOBRf;Fy9DaC7jTmb+r7YF)%=+z&OTj#S
z7An|Q2Ic0nuQ*t@j2|_QXRTo>ytZAh
zmsdrSQ4ZxMm#@!li-ho*Yv@OZ&JIe8yQ&B8SjQM_c`9%4V;$jeDeT_5k|d=$sL-fl$;^xB3oq8uGCdT
zUA-8+WCKWi(cCqs22$`t^b5P~?7Ju72x
zoGnwNc4liY*%FtZyh>dGPpAcP}fZ)6a6o+7OrqOU<>-xrT&Zv{Jxh9i-|_x`1OvJ
zz9H;0QZ$U*Dlc)f1!IgA?ETL2E^)O|c&WAJ}Aj61C&zn?c2TW;#)3b!bCC%LRVNkH%`
zD1nu3EG>ed=pW4o4anw%!r1hKAKycA2m=D-11T@+0Uf!t6NfLh&p-P;BgG!
z1+Tz4eIkfl$TknVIxH-C5}sbRyB?xc!LqwBtF9*`wD*-XHV>XofS{qWlDYX|gDFae
zG5z2~h+aXkj7((EY_{_M59&SsRZ8|7de2mwvr<1xr
zSB*Ky{YDQl=r3Zb
zVknD=VnZHnbMxxq`E*~v<3^w^(&iIupd8sKUTOQDUm`WB)O+tvQLH2^b~j3z@iB*W
zi2ANB6g+3sXqD{XewvkAW*R=^8+ar+$8srN6&L;^zu%?Tld|h8}eW5uW
zDGH~rr6+Z17)lpE{8-jX7HF!i@6jLL7Tz5gc70(9xZ}dEj=lSBqBX3LG14&y3aG*&
zIXN%Eh3F^81!LQdYoAig#&Wa>uK8~2{lK_=kLB-oX39dzO%Cd|>%G3UKWKi3+BmSs
zcmLGtsB@h|wZZ-RL)0BIwt>X^n;?pw*!S0~sQMzK_F5DC7by>VIoj9fqi5Tg83
zAbzL7E9CREc=80Nil$9m#rtBPC-*dj>#$MGeT&ypoYF~-sBvyb?!ls-U6Gcq*yF&K
zQaa)AnR|so$Pd3?jI^@qPi?MO2#nD%^ATp$4QB|g#2^U>=XeyaDLxteM10TVQmj~(
z%@CPKo@(kINldeoPjYK-wB#Yt0{mVOp?RkGd1PtneQu8eb`LQm?lQq42Nop-MSl7f
z(PGiCLG&2jlvMTdBeo4S<*Kyyp!3IPQDb62AAo#HP_
zl}=n^ewgUw_GeWtA%PLORmPlpMDJl^gZS
zpq<)fZcZrgef{>V{Hst-=COEGhWk|2QFvUj@;Wm24``(1SX>+&TMxf2awIXmPk;yUz0MF_(+-j%3JB@UXrF71=Y3
zl>rg7I(0d@_+$?Hk)`>0Cj_IVP+BAHvi3ORKAR^SslpS3kj_-X#C=*@s+EOqHi!q3
zLlb>{nFe}Sqv;R!&AuxZca{}(sR3wV3n$)gL?hHK)*-+TJ=zDUL@550z4m>$$FRbY
zX4&A1=dmYJV{2>xu43XC`_L0=mi$6L)HeH?2uB7XEBt{;miE+ZmYOx!au#`qm@QHMu7^s4T(pM{f0zZF0z>>oNYsx1>bNT+-6fB&s+npDZf
z{r47a?FdQ$U=A+YIJ7)J*ETN&{Nu+{S@1|flgp3ka7zdsqyo~VBcAv7*G;|1
zd-SzDRZ7=LY^^E9BuxjN4Xa9b_RY3A3n5X$5t<3&Ohd)FKtiNxcm2}?Wf4a@;(Sy+SBqv!?rFB6
zdNt*yN76>g^g~6I01|%JpqE=jMmVt%olK`AgsUpMB`=kT|@xx`H6{%
z@WJW1>GA<@e+}W~H8ZOAZ@E6Aeh0(zTNxT=!yH>vC43%Vw9;4OT(oD8_vjm-7rR`x
zCzL!@{k3?}Th?OXZcbJlC*|{m+sC|wE5oLU^)ibDZq->79-xiCmLC^r^;_N
zm2fe7L>u(#G**&7F^2nFk|$N{Z|pyPtaqS9CSb;n^-RxYu^{K|(W3HB%oBa3dx|Yr
zdpH6MB_{Tl4Y(kqCBO8cAJ}z$4er(r?=UoAwmA_aa0{3|o+~0P-Q>*s7n5qiJ
zZl515-&0_jGHf^zm($A!bWkpS=Qv;cr^rP}zjI;Wi-_EQBPF#CV4CB8rx_NV?
z*ix6QzRgA|xo@9^jbjfcUmWC{yx;uz<+34E>gneAn^m#KlbG#Uw;oP@6Kf6jPsbgf
zfOA7nXv#=vO`H53JR5|jeX;%emRL02;^&a3^@~q>t92^AialLurKsCH$nYR~{PE~8
zQEXV&epkg~wTr7eI(iZEY-~rwZFpw1t)Vtrv-^AN(bjwH3E#`=@SqF++PbX|O^CNToNncy^IK#31ywAzYgK&jU&xf@GB(!($b}6_~l>x=wSphS(w(uaTaj~n0
zz4;656u9TEE$dqzp8Y|_Om|{!2id9>)rCnkDy`lhAOk1g|s^F5rbeS9gV}%@pUa_(kh=0
z2jd>&PU7Sf?Atr$gZvl3%Oy
zH-F64+GymvzuHWfu78+^CMDz{-rYT1D--0!Q2KdqAKP=E9Y(F!b$>9Ccj1nMC9StG
z*OWENes@d7i#NAVJRBs-tjc~+iuj$GohVbAEWtiVX2NX_xeOrJ*tokq9;?o{E6ZwW
z?Ri$puTSxA1Edw&2On*t<>imjwE8lP)R-ANq+!JI=3rNoP
ziTe%223R?GfwW!N$Xmnrq_5KW#y(74mEMm$4er9mQI$PMX1LOwD9y$j5+4{$V8ppa
z(dqGMp^qe9j<{aREP3NW=AI_}4hp-ztj{}ZocTTz+jXw
zoi6y4ls_`%V^y)Rx{SgJN^5NAo63eR^FyRn>Z=*`v
zIGqAOMo+h;mxcn}&I8Vn4K!=odYW$6&#AD5Q^w7>@vzuWTx%n2wH$v!7%st#iT$}JsM
zwiTu?9_a0}P2Bk90U7AS8ydIb%ds(T86&aHK_WcQ=iw&Ul$Bmb8lq6aAq03#s`k;=
z9v?-sr#i8nhC@27+ez~#I4H|g;ss8at%5j5jJ7Y2PVFXcW
zOeMCr)#6VVYS~cUU*e%fqva_@c)$XA(}>CX-{lehXJI78bs<0^aeHNDWobzj@OoNY
ztcChYN+R^_0)0Cq+^8hLRpziT{D^clNj92vXQm=w~vR!7RMf!J&z`n
zybV8x!p1?0lZ^B}WI`fEkk}l6OsR{z4Y}-0fiHtbvg!CvkpyXl^Mb@@yW{isooj4_
z@1Thhc}jQ6D>7QVIz8T|9bhy{(Iz*qvrC|0kTHg*VO<>cbTR}se;RnMZWaF`zT$~J
z$cu;ZKyhpvdaQjYZ>e_V3XJ$?d$#N^;*=>RRmx%1SHC1V9yxk6FX_WVMOSTuRCB6M
zpF!{ogiZySAcXHy1lo$~vT|~f93a#kJZPuU^*MNV87DqIzO%D4L{E~QnOU&_Juw8G
zC@>j4x!?v?1NcY*@?0xm8t4dBh1C^MoIX`i1rI8GYSQ%v+?Kh3pk
zN5Frg`vDHu&R&h2PLov-hN#ig1gR9_rQFvm3+H)rwbu;XoW^xq`499fPN+yJkTI)R
zjqG*mlqHE&KGU~egM>lTm2b*Hav<}Nsu01nGtE+2)bm59Mc;#Ads=EDL&1HI?8y4D
zvd2oJiophFJwWo!!+xxMwQoW1n!ENrhuOT4hxN`1Rc-Ryt*@JW_Y<8OP
zVZnd$72?o787eBOEQ`S;Xi1<%sa_qx^D_a;
zeq>_(pK7P#u~fH^DkiC=LR|r4?(d+vEs-Blt_u(cCB|9$*wxh)j>qu&IgTnw-R=2E
zF6vVc=4iR}g3;46i=)j+p9_#X@E~1)%lF)MUmUOkf14~OTKEpYf&k8x!=VLIxuK)0
z0B+_FJK37Xrl@%L{}VHJPi#$1yFe8UhoGyhSjZr*!2HdOpYZ{8$DOfioK2!>c05E#
zgpW-(ZY}|fi5dpk^r@b5ZO!iPOxSyyteBaa+qH5O4gKYmSk8ukt*dfv?Q;Izouc`<
zcUT|v^&cj%bn+`x2!)kF%X}X4F5xDek7Pc(PcA|w!i?5WpY^GY4H6#LFHw%8UFu*M
zq_p90w!F-ooEXJjZ7T<|qxzgeg$kM$SH{j)9Rj7gszTaBzvAsPvqPEdTwTTG^{g*J
za&^Kj6%2GXjsLFuK)Hej&i!<;9kGC-&1gS>?{92gwDJFr%@Yh#SJ%`4qrkCRB^iRY
zOxWcWLn+n*#?^lQokZ2gJSC#ohrxCW0BW!~Sq$=bB@@C_!CxVb;E|9akH2wwDhD{6
zR_9ekV0l4Y9twCqxvWw2WMqh;zk~7%2>)kL{y&^pAN8N0{KwHzmAyv->)s9Z^~O8<
z`}?7xq45k4O7(TUtl~KJu~^pD$|`)BL^E6t&hMaOS*{MOj?%knW5K_tY6k>q;Zl_1
zHX#NU%bJ0%Xw{n5agd`K_GzNdUO#m`uU(6`ug}NCbK`b8+u$DunnK!1#(idre$SijVIrI
zm6DwKfjk#I!(;mS;&_K;|MAFO0RM`r7l2mNY~jjk*S>!HN~cvch%|+x;BdRJ1iNws
z2Z5C8S=)K+9y%$q;TnsfJ(Ie+sA_6`1#GI5CP!;qP@vitCD$1*$#3)gKIoW>8j14k
zKU*-BY?ekLV4d?MsL1RgBGhw|-fPa}unlCXcg^8QyfE%|p}PhB)iE
zPm6@1#=ECWnmdR7F;D7kD$(>0+8Uc&{v?}hrQbUvl?wzm6#`$7o00K36qAgU-yV!i
z80B3rjVjCg!SWW3LAIq2YZQy-dt}dPFFH}|@dS;s^c)>y?Xs8Tq=jcV8Nc!4A(N@-
zSmRP9!APkyIr;gYX|;d;eAO0!Xf2nO%Fr%PkFs(dAg6$jC%2AX~!3Y>J;m6`8EZip7!Y-CL(8l@e{D#W-BB;o)@
zQYkea={Ip_0V5wr0fl!#{28~$u6|UA5W>3|xMwQ_J}{z(hOkwzwgcLO=tokxI;W?J
zGAbZXuVy@-xdpVCjRF9+$kWS|Obp%u`QRu{o&rvUp_}k?!Cs9?C$H7#&$zyh5Ai0Q
zN#JSP8!$K<{-{EMxw)w+cL0W-Ne#_noyi8-B*6_n_*#V)0lCAecZvaO
z7+_sPrC?fxyXyJMA^&eoqL^p*9zQ_XFY8+@Uk-w4O4}xb-&?`;Dc4Yx2rEqNw
zcC;tOK8((cDDcs7QhhIl@BAmbe#2@N0V}Vp#AVpHbLWoCC4r<~uyJ?ctyp9D3QdX5
ztkcD?>5Ttn=uDTa1LVP@>f0K4hmBWPSEI(z#s$Ze5XZ=Gldomaw`cI)zzccrElSWi
zNug^&x;eXg!>&vPn=pBA^)UsYQt`1K;ttP=qramyB4Zv^y_doXkBi>U%Fhg#VD3PS
z%K3MTFX{Mus56~mS@PxNDh1&`=gQBC?hglIQ}72VP<%cz7`0B?6OZ7`ZeF4rs!Q<~
zCm1}G$jPZv9#F1h+@?Ex4J=RjQoJe^C&m>Ui#?%8ajvBI7Yzin
z<8*+0zGXiV`S&CEGH_3NsrED{9-2S1W*cR2Kt
zXN(`eQMQB>*W@!{DV2a$iP7=fu1e!MvSeTKs>%2j*lb|5&_5mB0i|+7jObYVijgfT
zt1zAL6^Z-do&p)McGci5Rg~4%*YUQlJ!j#_m?lnHI8HY^_gFfG0XYm<1jzd
zzuNv4y_zMsNTB4QrY0`88
z4vueB|ECZb{0k&2=>5`pfQhmlePQ-*Z{tgelcTM_)UO)p(imI!
zZBAKu>^g=P7GhK`mKs!TOCt*cr8V3plP^8w(dsI~`E(U5ow^5p=$q%(27kLgmLDok
zI23P;fg%HmTl^IIY6T`JC9r|(T@l}nv^s=-bo*DF1axsg$8)%y=)o`7@Sy6*r^SdE
z?Zyjl1rH>f|K72)%4w-SlX;x5E8Sz=_Fp+Z4~MM7nT#4;=ji(_u)+3L+Hl+ex6=*J
z)vpr8^As_}e9kUkKJg}U7kBpl0m}C0tcDqhI{(Nqs-*HL{pAn;{l+#86(9|XBbk*^
z{qPh_0U5>T6xA@v{aIFx!at|)oBVq|7%bj+fG`~sE^$+mPKT*px+jn@(BVLAXqi^J
zuJE4$4fc1wi2+FmCUz=6u?5+6W<4jcYS^X4nANeVw!5#Y*zYl38I4AeNZvX;o(DwBR?4l#Vu}|vQA0viOS=|8L$>o{
zUm;>ecYbh^q}DBmld;zTyBWGB6C30k?Y8K}Mk1TX#2-V|=Leaqa{#~0>jTD5JXE@l
z8O_(yfmKK~351e+672xLQ}oX={C=|xZ&leHgPF&+XkG(rN+W6{>1zM&1pnFVeS`=z
zWchjYU(XidFAkaX3=85BZr+2VW5R2A2>pDUI>MqWCNF)I{`acOvV?+s-8Fb?qC_8=
zwomDk1=KGk)NmVJ7>umcvrrgtOD;dA#SsRctSF%dB|b~=`mag_@CX3)FZA@Xp7dUB
z`GWv_oF@ljS@NGT)U#y!MW)Dn5@pV~;vI~Z(Iy5Sas4+Vkw^l7ItJ0o>LXy=1FwH*
za~ps$^!`RB6PVb=hsPG&rOtdX|2kJ4r0)HmMZmKY=nt}b%oUXG)0;aZfvr`sBej7r
z&||GGI)LT3BG^wOA^rqnXP5HwWv-s5z`?%iXQU$)IPg50KOJAcK6<-ePe?gGL-(tK
zpRCBgR#&ipAe2ftI8rHfX^rtj)`WhyzdohoNU{~cW~}Q(&gI82uztNA0LjOv&Loll`8X}4%lpgjycx*3?;~>~qy?iAh5XxL
z^K&_<&_V_hOtiFKoYB#h3wumh+m{?_a{lH5NEIcZX-~bv8oT_*VpGxHSk%t~1TEvh
zjRn2k@ISTb2GBH43v?~&`v3PoE!qJXIP!_-f0R4)@aUco;!Bayj}7qMVDXhX;Qk?igl-Vz{dUi-mu1?rA;_1U^qy
zg;atxH?L9nx$t-EQ@>=v^{JD>4=99k(Fh{8&9GMY!-b_85tG(JZXW+tI~XoxyT@3UoAy*%27;2A
zUHxBSH~$8xFi_dIQ%CAZJNA7~nELsV|K4JTY$q-5e3V+nS1nS-0X!$pgT{YK4G2@r
zl13$9Nzz^)Nmu2!m!1d^P-vBb2=|A?+W+d2pA~2mLvUIyppj`p57R5>kEF_zhM=IP
zY2g0t9q|-ASluE_nw>@fVxp-2r$hZ=P#FZ8Kq**h*di>L=|1Y8ev_oaN1a*k*_kiS
z5XJ0vkvV@O1CcvdVnxLNQz{K=fa_O{H}?$9o?Pl=2U(zV!{f9|$TAT8X#hMmYzne{
z3x}JZUEmOO%d?CLfKh0M;eC{l9M0O1O`bx*!(+cl2rFlXXXRJD=5uji;JW2
z@BXc_Izk9q;pu+!u;)&ykO%v{ky|g7Z_@~H8{8*}{5v51s9j;%ib;pJa_W)1tDxqJ
z(vDOC3QoUA859`I0`G*5g>wly0FuK?1Nk#B0h}~cGy>A%kx(q0sIjm=Wl}*p!oa&&0ioVXZGJBbw5&jpyAPVZvWKtU7>c;tF*hAM?5GNhYBN|C
z{J)7bo7J4nydNR;v^f2ivcKIjiI6EVb8B7$n*${~L*uU@
zxTFS4?F!H*XA{FS(OF0)w-u3Yj@hiHs^%5vD!Mv
z!lYywvE7_SJkq8G_p-hc=ArW#gccXcw*{tOr|Szfit02?o`SEc%1$+NNL
zA7dZX!pxXIi%GJvtUrEcskIPM^qDl((BMj)%~!60(si2{YjluV$BX~|6HS+Bx6&HQ
zf>*vx_?&rM$UKqu-^6<(Dmnfv0!X-cI4*NfYtK+T!{p9K2^)GeZCspfULvv7NUtrw
zqJ}gZ&(XmNug6vI8pbR9DsT%2B3ajsKVeMqtLh0eb=e>46pbMe2>1J;Wg3}=e~}i{
z93L$D>^^x}Tl7vRG3~V)eqF@QmE`=~WBTtNs?o~2*WZ0@cHaHSImRl-?bEtfd#_I^
zR%Y^{?Hx6j8pRjdtKTdI89(wDv6dCwnpgQ+>^bWn^P@mOSg+rt=!kZ*Lu%E=VrQ4k
zyvE2U%*IFA!og;>zN>cZ(%U1Wh9&Kf5rApur(ZSB
zZHlgxHN6rNAJwKcPDCgs2@0CAX+AEDz!?z=j6@<^Tepi&Sa&;Gd2VWN)Kr}Wf3b4U
zHfrXr8GZS{Vv|IwpMZDY?Z2ZG>hCEH2~9Ga^?SeZ{H&7F4&j5D*PZ?CY%{%~r{if%
zUsMpf3+sp;kU#g_S$kB*UZ%PJw91`lqP(O*v~K(UM1bn%K3mNedRdSs@w!d6qEGQH
z!=vv{`o0^*MA}h4B-DSix|EiERA-AEvc{J-Z=hp^%Xq)J()DrP+2?ka>fY|?*2yN;
zH$~bVU&73uZ==KiHqa6@{?J=upNrRycO-0RZsrcT4H4y80soGhu~>|gvoW{+C?8E^
z!_HBWmu<3_qr%Jam&mGP->!3>-&4`%XG~hp8o={#+w&f5(OXd}Q=6NzEfP67R9rS{
z7pq;DzI_|+WUImUP0HQ4qH4))(U!M-HP!muDHXkIxJuNAU*1%IVj$-uPqn~9_`Uul
z1O4wR&h5@`&hii(7~$#5^HTPIgn5LiG`1zhwA;2ndwkTv{cRjZd9qzLW#3VPMiiFy
zm{Hj@31ZMRLQ2BaeaypV;yZn@DHa->U78KWt~5dH&!aHA0S*
zC@d%b?L8Vnsx0+{@-gBUy1AWpC(7Q*(=X|t6>mqsr3;!HYcI~iq70xat(=KCGrm3<
z#xLVO7xQ_}7RUC_M72hE$zAAr-6C>)sBv+E@-C!6Uqaf^+R&F`mPl?!Y)dbIl&@BU
zrMOtLrexOAPUZq-|C5f($hFBNedyfBG7A=JD%QH-YkPq&?0wnpM>Uqix*u8cFq;Jy
zO=sCY^$v6@HkSlWlMW9KuuKJ*eSw|dky9UxOpfNnZ*0}bUoW_eII(PM}9GyO<`llW8
z2<~;pFUg1)J(sa?81(~K(+}{Jj(_k>q{7z9J)M_YB61{VMjIbms~OaZGa8u|Q`{<3
zYkgb!bYp&{{Tr(-m+Hu=6(4KwOz7-)ceP!)i4O{!J?>kXvwM8Q)3b9@xmrKoKb%cb
zaKLD{v%e@AwL8WfSz~T3O4OV@dOX!&%Ag+NrF*b*wOcCk{2?{#P-yqN_FF7y++?cJ
z*gjSY2fjgX=Swi(hI>^0JwF9d`$G+@`-&0l+W}F~8|Mjj7O?-9iB*l3zo_I3{&=gK
zm7gY%o}=`;dpV?dHcUX4m8a3KTuHxs8OLspFw%;x@t$pGa8$44W@Uu5Z-UDX>|$iHV-(^nUP4{U19_1xZiw_q9(4=Ic^29Ev5t
z!o>8)tU=-PX~7ZBI$2uUakO56?YB_@OIZL3eyvC5!b6iq5($q}rxqNcamZncYO?>G
zOKy(T%8FDnXo)`-`W_6$n|&3S1tvh+QJhhMPZutETO=KgfPYqQ%D-(&5O49BdO_ml;-b!=
zEbvI|RgoS|;Hyn%d8^;&E^zXPStESNDIUvfwhiZ+NefwE!fAh66-WEeN5ZHeU2Fp7
zMBvnG9Io)>-+EJkV|qX{9Zevj(!GJd_Exg(D>Q*QPhY>u%WXU5olEamuMIm2uw&b4
zOP~Ke+d>1x@#JI0S4X~SZmlZSn8{`7h1n2DL*!~$*uVTe-P16@?}tGr+z4>U8THk4
z{-eMgPM@TT3lH|<`Ll;{7q-K+?+m4zCGO%Ln+j3`8i
zOQvXiEpXc7u5bt8{?42N$+lgbrRf(W4>F_)NUvhlrOU5X^s|8wpASE4(22aqwF##IIB
zX#|*!eE)eG_5>>8m3vDJWD69mkGz#IXm~wWcVgk%-~x`}NL8Sl+9TPe2*G^%)gv^h
z@R#JAhxW6kx<1!ua(8{t*PK@S57xLydvF5s}+q!Wlqi_?xALieX|umV(3%|}XG&Nne%F|bR|
zRXZ@^xnV^@p9@Vtlx6-?3u#M)X0K*yyYf@X8IIO4V_{5%eFr2`UyNuS~^_FZ8NJHmqFQQeV77JF9YZ^
z02cAMZBAg4^2)P3^;>eHZ-4>rToE8t2*^kbD$V-=y>0h%3Ski;n)RqL2$T#2a^F1}
zCxUXb3}eyH0Y;PUix*gsfM&$W&kjukL>ICIWU#PzY8p4w3g(HxI3GtV_eLohkT8io
z^~uC+^4v%8Z30aKjL^+NGV-;KG<$nXoq$wUzs08kkR|uOphwR)?0b~M9w6ufV%9Af
z*E3x7LNksynZ`kqxIZUh{%wCu&xrz6z!1>gvQdoi<^*KtfSB&iWbt%QG}-i9z4eJN
z;S;aEAUM6O*SWM_>X6y27+6e?^Di?AGV9Thj*Wc}jIEuDyyQ(a7bhTqg!&m~J%GzQ
zY}3E#1$jC4pPSA=y&PCsktAcp0Wl>=WVjyWXbt|%lxsn~NCcm05~SM3)rC3L112P9
zDBaHy8&-sSpngfdIbBBChILypVFNH*8kQTkgO?F?WFkV4;mNfDCes)28IM})&*39n
z!S+b_bjYd69mApSa5RlSn`cE=4s!l(KRjDSTC$CCS?LQPc>%?3xs^CnPTfXthDMt$
z(y`|1Oh|3aun6PRkuImedW6%CC2p?$vo%o=EOLQZ4x^T~;}Vd{01^;T?bw(oDNyaGF%TzmmUt9!%RiK%9oPops7>JI_Jttp^y}Lk7A$7Y$
z0ET)n4^nfUczK1MJz5QxY>V{ABJetKln}3S&2AC)~e*WFuuVo_FZ1Z0d$PF1AVJlds;E2QL1a)q^I@3@uivL>PMGpTDQ(qZY
zRn%=Qa8MBG5~aJl8|elK=?-a-?v@tm=12%icXxLx-Q6u6-_rNq`+k3YIH>!qJ=dIL
zj?hnF&gzW$(E=Kr0$(_j`@gk843#Y
zN~ybdZA7p^$SqF&&~@dDuc0f{9;>D^e?R;Y)=fmURPP~5l-uW?I}341L+)h|EsVM{
zNJBOFk@@ZoDvCc?=L@)<5OXt#eQg*|We>xMfUNUyf>+8<2MfI&CX3wkU$Gbw_v1RS
zdzIv}KgEzY**vawpaU1-)NJ@*vIaqY!%jUBMSu1R0iGY&sr0dBQVYc@3O%s(&`QxObP4T@T>V~`*o8lTQ@6*g90|+TQ)uasH?s9d0U@<5q&*rAaYe7Sx
z_Xh#kz;Ya!=D?~OP^Lma3bmgr77KmBp(^#Z``X>WBW%Ot2<)*P_ofZKT;w}XK|q^
zpuDcWKAmU%Y`?TTPwuoxMRJM?6=Fk0vp4w1B{oy~e{S_QCRlesn*b-mApo$p;z-3`
zlH>YBy(UnE3P#1$d0riP-Ku>!6OC>I9Nd#mGfI4)HlWia
zm$EINCRkpZ&Uq-?yni&(RdG$d0zuSs-n+VzebDam
z37r^Rjj%f8yV?I<0xEw{b8Qyt9Dp%Aid9FsOHb{x&wgdoMi7iYxpXYKd}@_c3@LEs
zS?!g6ovy5a{vJ{l?frPq^oHwlF^|vUeR>*K@yEsUEdgP=R>9-SR1Rn&T@ol}A4NlY
z9&XG}-yr`iM3*=WML;1N`}F4TMIqdWVc;JbURwLrMqTS1`V4avc&+aH;_EZN;a;9YTlC$fTM){i0<-wF#
zZF}H42F|dUq5D~v@@^`=3gxdmS}Ft*SR+IflCKky|NR|?h-j$EzIk_$X8;qZl!$^T
zLJJ7^bS!_lN#r(CDFVR$3-G<6YHlKCHFILeNSh*GO^4u@es{cl??Lf@{Q!c08TnVz
z;G`ekr=(huuM34{)5x05l#7K{g{~ktq~yl^yBPj`Rn!;;
z^>s_l>x-?&hlkAWpYTT{<*EYU8E)nq{um3U5CVHq{-I9mQoWxJ>uc6a*3GJRi?`D3
z#|2Z$v*}R3I#KQ?j#$F~LflzWD_w|5ib7FW*A7+iNJeTuPUuBoolm|Eu68CuJ0*z(
zhEspDB2Je)6zMhR``)8Rz$bnviA*8u9i;n^4dpY(!$iXMX$L-O2T*nbUWgbZ1m%N;
z+JD+gQ2W3D@M+V7#h@+cxFte1D8zJ-{^~g=edBPN5T4+I%JJDvCn{6w=(F|B&0L@MxYzrI1%Dg$sbJS^xi^nddMyO@AEi8tg?IBh*Qk8
zoyS@4Lr;>7R{i{n2@x@!anX0HA|Im_ej&>a3{pJji0FOeWH
z;J;iua=26PjV|<=XmQOSeI7je9br%Nc+nZky;nHW96~9T%>BbgO5k5V1&)DohHyG}
zsRr5?-^akd^c&Op8pV4iGD$KBOv-Cq62>^+jC2-@u45!$5I-Q)s{T+&-24A`i<^j{
z6x;(Koa8?X6MfhuU|suXPi-PsT31*1fr0wPe_FpVKgY0@yQ?GmRDqker9&qDCTi`h
z9=-(2Cw7OAon{1Q8%%jwkCmSL6XI+o`i)q0>Ibo=OWvgp^L3|QPdQ$v_dhj-BD>ma
zowu2s7bP=MdtU8ha_QZdG>3@0I=BOR+TQnb&ik9Yz&lqYYzCF$5y{JaPBV?;boZC0
zeevE)Lk@&TwX9|XkA~+8v!AwVlTK5X>YWK}CYrBLG2=^hYNtGjB&li!_76Mi<64I^
zJoc{JKaOW_GO6wbni0Iul_^AJND(?b@z>QyO|yKnP;PoShmADva`T30a}alAD4G90
z4yAcCoxkF~7Ahb>lslSSZBclXQn{ITUqnOZYOO14^s9}q{v6wOuHnUQz9QiyWfZ^9
z8MRG=+%bo3QmGQ+;&oWg9quE4`R{!Fq0GyN@8|i;?zK~rP^YPo4VAwK(16PRc&Qnk
zOoCpctZi{I!|O3Mfm%5mRP(^4R;7B)ZxX2z
z9KpSd#)H5e!`DR+J#QmO4^kG!xE^h@;Xe`w~w^RX9u*)K06
zG`?mrQn)@U#5ry~JaU5L{S_KQRzjN*xG|#Mn1Z^3)mHxX^MiS%=aBte12)`
zJ-rw;HC3W>p?P<8a9E^$v%diCaj{mX@Ni0k4VFEA^b|e6wX<0)o6zead3g9b+E7yf
zQu0I;qRI%*#P3ABwf0%Hr%FGn*KVYKKYyPmlf-T@5Zo$f`M&XbT-5VIIsRdQqVljf
zgU>tCf4SK)P3~&GR?3&_hvd_!mO&)UNO*UpHmBG2z;{RdX7Bx;&KFlw3w18LmsVKm
z4e~kR#-FbYlT#`-_&?bzrb%EYKJd!c`kv33YTaE9qPQvH^EDlh3Gq3%c>Sv?2M|5b
z<&R4eJ%A~(Pbc>T(A|Ln+NaBdSxWg-dY!s4z4sG;-(P(i{QT5dQ`{RlS7!0zRaN|KjRSVaRn8Xl^4^lYF|H@`neO
zx2q1%upjb+>)CpIt~yH*F)228a>wL@Hws9
zT1$muSe+XhUFqSXt^ZZI7qC`SMId9|Jep9TFc$X*W3S0_!d}V6*2Piu2JN
zbXy?1sKI_UfTk3a{Tj@^^2yArf1_vaH4>@p+sOV-W{?2C%KP}r{=
z5VCIJ@`pL6ROWyAt`H}Zrr@lw1gmG;n-}8+-+cek8RbnXWU()%aiz49D$NK&*;#zq
zF^ef3`@OBk@=Q4eIjzPV_ew|b9OsM>sqyAz!Ukq7IQ8U9b+b9Ry%A8qGp0=KLT+Ab
z1S=h=on9+zot?Jh&dq-8wgM3c&+B}7t^W+sP{^l^K9Mb8(TIda{gqmoRApswI&GGs
z90c2>Q=GhYad2?IJkWf+zxhz45#xtl>$VGc>_?bjvXhP>g>P*D5j%KbxB?m%L#Zw5
zxvL1KmNuvxP`w-+0ZX`ncp8vD^mx4Ft5nb%E&moi^zKHB1a_uelGNAUin6R@Bs
zR)EtZ`lj6Uv~p_-sZirhBvXc>3VW3($anA?VfWo^Jv5I!QMj59M(Abp4uS
zYxy#&P`=!xUnR!p=B&FgX-TAuQ0TJj)@tBuC;?STp!vIny3+%Aqn?T;V(w{zEA1^Y
z@~zQS;m6L9E90kH5tXacb;(@k5Au0}e8nmFo@)snrppvI2g@ioD2>qqM6sP32RBXC
zMGs58?l!4{BfcSKO!WV7m1mHG52au5+`uIQh6eGzHGD6S6s6x!><$>xkpxLm7LGqO
zh8h~km#{!oyk?8n4G{c%0kRYKbF(fM%-w@SKpGA?JKrAd-M$7HQQV~GjozJ~k*geU
zFLqG~cq8$7K7lx)2ASy+-IS;h-IV9$YDx5(7`xVX@)Pff-($?QczXg
z?}oyD?q7z9!<<7jFNfsIWn}*B{lKIh*F5BMIN%qTJQPu_#MPqnO6NQ0S2U{K-ia~Kf7tCRiabBvSC!cqXS0SIg7z+>6y#(_g!TUuxPdF~42+jXa0TTLb8jW2i9NOcb2)mX(_Pd;^P4mr(O&dXK{F{3-`(Um)>PgF{9zDrzUpKM>9Mmc#hzJ#-
z(Ah$@ce6!MGAbmLSV6P=J$4`YMhcJE+9-C!Sj(#vr>5%?FTGZeajcnI$2jR$mMrJ{
z!KB1f4XX?J{X`GJi$@Z1r3lxEymT((g|}(3u>UR;(PtUqB#FBYKu{w(w-(aYi8!q%
z$Dx?%#+0N6WEd*&4){Vo_mV|Ccf7fCVD_8`N{W}pEq^n`ICZtw(Xy!I64tsS(yBO}
z43&E>3c2V(i6-Z9-ovu(eeLbe$jmkxFG(@)D&O)SpcFt&^rXoxE=L^kwKotEvR_A+
z@`awxw+6=}!)C9V#(J4tE>;M|oZT*VNS3M|8rWMrZoKj{1EXMmV@-u2=CtI#KE;g9
zmy&m;oEXl06sn?;OgWWE*26a+Z?F1nd|HRDCup9B{x15@;lj@SET+`zE@nuH9xst6
zTk1Sk8P%T87^(XJdl2D#^&u04+8polPySGNp>nA-uxoWt(qrEa(NvK@kAjIinKAU{
zHhzfK${+k1Eb$V%a)_Mlxl{YiL7`k##eJ%lTny=-&8+znr_qGO+IOe=|8@J7JLKPZ<
z8Z59~29~jR+eG_#Q6Fx*BXAE}clx^E2(>9~_a9vYnb@3(_}vV`Pq%{b@8VVP*XpOQ
z7k8LvMNyQf?lEUoTjDn+AXWprCaOX=~$6ICsOpG0F>pY
zYrf-^=Uz({lJmEtnS#3)v&5fs7Y$R8IeoTd%$&S`KdiqDj^!xO+&Fp6c=#+=FnNNh
z9}?9-fp1qo;EbT1hjj6lpGJ@WLv{iS9O~d{kY*tUg|vbRyB1lfMxnw3{#<`TDMDr!
zks6a~y_;n=?zGL!yIvK?zio&>G_;&lq=Q^nYpOtl9R9taN7YV{XJ?1Jzg_Q0iRy!Q
zK$03mO3fvorf(Y8pY~ax!@A8@$
zZ5}SS3Z=}gwy*x^WJGnd?&0sQmW5N4AvU2WvE&>(RnJ3IK5@=IvS^7G0N5y*XKJ!KLsW=x?_(T(9Ro
z{7~}$fbX^Xu!pU1*d2~-HB*)qlNltM#o_hU341AsnW`Fq+8ma@sI{toEM8^24T^(>tAlr`Vg`?USUNq`-gJ)!Uu;jt6Vl>g>K%FhN{t@P~0p#tmOt0u@=F?~K_s7P2H^Br)MU>)`z2)%wA;EJjD
z9{;;K&~kAH3s!eh9j*wAD?0JfPZ@8oC~<#m99hGZJBIT61f3r(YEz
zBA7lQ*<%e$S|MUmihX=M_SI8oa|G6a6JKlT=A3;lcE+2?%a^V4$PtH15Nv&<8MSNZ
z!9pRqFr_MdVv{i6d#hkgTL}1d{-QN&-v~~@
znl3UXoK&(3Ge-?*=%_#0Dt;EeP6D&^*r8ks>*|$Ncj&65t%qWi#wE@Qd
z2PTOvv%!>UL4F9GgFO-!&1N)g9>0jY!;CXRpfE7M9a^}Fm`F`b!|%wo6vDMQXjk{=
zqA^g3cxEXkAlml^-WtU)VpD1S{br;VM~KwQL3`K*?6}-x4x0xGQ78GKQZT+}sQ%}a
zT44vzdv2{~=t8tRt;%ib!Lh%b+l-F?XLX0RLK337S^o$&MmtHxP3fD6;ZWGi6)=i4
z$6$0*2Z9924Tm4g-!1bE4ky&>lh6VyCwGRPs|L|5Iy@etmtNV$8Ih|0dd{oss7{vN$Rp?prn$
zymg>I=dtAUd0iHZVsheewjK~bUm+j6Z
z$${~E|L#>1G-}uxBNnIAgYEjh^+fw7$dT#yS6e-&&t&6zJQO#ddK$HsjL+1QaJy8y
zz6?4h%{u?;u->v-e1*q)vO(6sd~D-hJ&;?Q$e?ZXp_BUi;Q4(Hn??YTFUwSFlyL`_
z%1h^=A&9`b0RygTI%NpH%y@dh6`_V#^{%QpsUFLwks*gEK8D-l$KC#xQFmF^+J575Gf9DaGnG_zyx@aZAaY9T5F;$MxFVAhKQe8YXg?Nn1MAWTO`87KeR
z<2t%&3U%ZpK&MtXW};3JQs1EZ4_6m+f=%`^94CS
z9XMD&%;(I*-@fJ4^2F9%+E9vs{_N9jFMtjiUu9)6~@)+ITVc6_-6ol-8xKJqb~9`7-eREW*l
zyTsv**J*M6F+peuny^}KJoIY@(2?%xiTpTJo{u6!+1w;Efj?dgy=12&#QN1uI#|kA
z960+uQPj$%vXC%Uv=2exJd)@K`$)7Xo7WMFPe695y~4_ig8pelV_CDLgi%m$2(FB*
zmu{12%~xG%o}1mLjqeXR1K}0Xf9?wsd<9y-OaK7x<IUY0Uw>MA=XQtI6MX=|t-3G_B!OSR=hk^{3wa2)z`KIep}~JSiM-Wg
z7{KvdE1r7fH8+=492;Z(^_sB@g%ez>vGjVT2-y!uh2av-hIF~Z*1=~4BN%PEAv3JJ
zV?m?4fsw)Po=qp?pLDoJ*q_n&qNtxd%bcDzQrN&euzDi@2k(N-)n6EWRqELbeabi%
zJd})rMv;Z*{1CY$`|lJNrKcGbMCkqZ%&&grMT!Pc1WcFeD|W&0ubgtV(aLo_*L|)?
zz9!4eqHt{F-xJu8#apAXj?h(A3HEwxO+m0Opr_n@K7ied;E1J2zBO+F6P~`gh=ikg
znA{%E&Hu$7K94zb%xms&jGpMHXa#q2w)~)-9C5(-LqjsiAgFv6Cf?b^6%sx~v~qC$
z@U|7HCltTd*!2fS&?15zq8SBewsbtbwuRW!i0udOASzzdML`#C;I7x}l&>u4j%k9x>+aj@W#^#@e9d!`W5?f2;g>0TP8qw#BsK)eB}CT>E&D7ic7Nj(L=o~4
zTf+uD2f+wGio3B>bBIx%1scgVA*~Sps{1a$$H*t|)f}$FXczaZ&I61u_5gd}J~dYE
z5rw;BaWpxdHAQ(QLV|XLplQ*pZgDo=Ld`*d^n?!#;sP^Sx*1=_z`GhUEQerP
zXR-!Zv*aK}LHC0;!TCLp$7tOz|J`8ulePg4<72O*OLvvhW|Rwh7O&SQN8<8p
z^Wnl>aLL?M*OhY_wukwmffERqy6F^7f)kjEu1&-zKfmGBXoxXnwiF?T7``rK&TP4)
zF*QNKV+|_9n27|5C^Gji#0nm;F4;3NG+e?e-u2q=2|K(`3JuwCeECMi#fnFPVW{6J
z(jIe17X&nG@P5{2ewTvs3})GgH-`!d!zqA0?#0k9S`o^n-Oxr?I19Wz{pVNPn^cfi
zI;Cx}AWswwf5BEfPUmv^5KKZc!A;}c1D6)sZI3i7PMU+qSGfxs`Msrt~iH)`qj#8a4nF^<$^97<&>$*G+o&H`P7^_kUv;02sP~La@
zV86EW=n_RcQF}$VU93u)BS6>VEne}Fio|=Wix!Qi?HG;>}CynnPRH5H42T+
z`bEgYojXEt7)0TZKp*flTZxQnAlLeN8mwbJ*tVYZ=Bbz~5N6zTN}V0M)fH>DoHX{g
zmdtn@1xE8-9xfovA9irOV5vhP;F@laPW+u*KE5}_Pb669z0bP~&HrMgyOuD|STyIe
zIy*^K_*8a~im(qBjNlJ^{(Kp{K}wqVgcrvkyYSnm^`?lz7wlS{4^9My80I?Obc^;3
zW!`)H7Bzv9zS|^?(;G)Ct>jBVt>Ese7#>^_svAomtFJs(*G%&js}?-I{t{Ar
zI11shqFE?VX=Q5Q0ATWNpa0^~lCysOA^tXl#znD@Zd2zsEP5@oyDbjYc=`WZ8H3iV
zDYZB08793?+x0JuI=>$cO;^1kB#=>3`CtKm1b(W6gMKnRR`Xgit7Y$Jgh*i+R5lY8
z^FuUb^UnLD8=E9lISGU}Rlh^so+KQH%
z)njpB`FUijPw#roS)DFegSOst-<}1t;magbOLyiSN`tbpYNTrYry(jLfxhZ`wdzd>EWq*sI^>%CRY?7Eai!jF=&FG}g?;1om?0;_Do
z^~v`|cAvOO@^v5UqRntBha5tu1@^I;I{T}n)pfr?Rh~v)`#LAGk5r~-Pyv%qV{Z`K
zwa_&nLUq1OdiM|)oa-0+i&#G=Jr*vtydm{J*={J3*xhNb=D7~k@Fz?4cJbF~qp%Zq
zNWen#&98j<_U!MTJ{-L6;q0$Xd!u)71sWn4(F_-2i@kTB-J!Qv18-^*^ClaZt56{BZk`z42Zdoo-&yboV)z2jtWMEYBh#-d
z7hi36l!&=X^}n-itjLe=rKzK-o3MDbnwI2
zElSGy9@|+Qu`pqL!R^0%{+r9hWvfC{6Q5W}`>+3zP3`$)N6xb>P
z7H9FEF4hLPf9gGUy)s6B@xn5F83zGNg~LJxZ{lo70S_F
zS`Jv~?kw(hrkb*KhvFeU8Q@G4pAXvkzMg5sKE+>aq$KWJ4n;&F2&h;coUhrRwt3qe
z5y(3E$Fg}ka+5!F$q&%Y4Sz>UcLJh@&q9rP{lFAvw&5g-&096OB$C4Sr6(5|Ebio&
z>$Ds~+>UEfadX`%_g5FY>vp|EJ>6>&ByoS-bur1wX;)7WkxuyY;K{Eao9Exu?#XEV
zd+0H3Oa6PeIBNS$*nHA{9x>;b*jx!(Dw4nFOEAokl(5a|RDr9MQ7waJMb{C!KNIBi
z>2O?hm(vtsZj`sY$RpgAGKNAHM<>MDOQo5S4%LnHrZS!`0v$~jYG48!ot$b&?v|m{
z*90d-q4<9ip3T()wlMv3hrM4kTQekh-V9r8acbn3M~e~AX1!m-<}g(K?KXi3?f0n^
zGi7m3{pMVxWe7ceS~+@{MkyS2S3K<=u9;Ov+0GZQBNbsMCSN7&Ag`O3H0?Xg6G|E_
z64IRoc1nCJ-%J}_s`E*Sm7oLr1k;g<#Uop;un{XQsaSR%#?~PP(c(9VdOv&a?%8Yr
z`{=`ZqOL=maJMBDGRo@6U8{xf%Hp6Lcd>r|0f&KH$PpZ&z?tUwz{CG~0m$9V<=@0z
zHan9Mcz8`_i`t=HXP{w`zEfJ5h*+y?b~OWvZBZqM0GwycK`%&qd7M7qX~+AhV-Q}H}s}B
z>a4EBclecP`+(!7nQI9ayk_A7g|E;!iO`2q-_!q8E7cRon>t*mkIUa}9p=7!Qa83{o=V(RVy>a
zc?gk@FpLV_hY}rq??2eGhUih)F*b7!TVkq@DBS1H4jnD42tkr)dZKxDGl4hWeU>&0
zl)PtfR=DQ{LCbOX$@JPa)?jlC^3{eK22|VcLW$BB$nto(hzs$~pKk$=NBYjZ^>Vb4
z03Ip&TEG?;2*5x0OsHis$!?0tr)+_=vYm>owUC_ydV?7{+CBRB?3
zXQq7bSSp}u_fFypk$U;}ZR^T_xId*tz)%M?VX9ixDQfF7=as*V
zGw9@kLmoba0w`1U8tmv6>NHp7^&Tq!-am}QOIvBE
zWs91?Muc6>i*jh_7a$CveGEQ}&(eHQ!8EonH|id`!&_Qf!F2%C{QDTWUxs&QM9JTW
zt?)KjyP2P@Z~F;z+1XW?kA8vOqF=~$6Z?pZpwNEtY*OHJzrk=xB?V~{#muaqjPGBr
zYXGFANM*P1mdEz0)6x_7IOpfU4~(g`oiEyFq6<&=d@mX
z5O{pSOUB14I~Ci=pjTAs5J`@03hJ&g*^0GWZpjcG!O>m5m?Bwya&0R-p{uTF_@k14
z%9B7`DGE1b8}x{B%}Ut+@-{jU4a|J)Y`)cfUXyv|NDpEGs
zOFh$KjI;a2V8Qk_L2iM3tXfXBdmAQ=ePo~kUFEZG>#cr!oO3YplTn0s;=AzZ8vZ+&geg547`=9VzdhP<8}~GVY%n`-1-i
z_qMach~BE3{dwLM5o~&>+`_WWd`*gJ4*(I0@1o85KXC#c&EulF5DtmJMA7TWo%hD4Id@
zG=+rqCs)6cCB9;piyHNQpG^VmF$W0x1K$ca;p|o5v#e(~-5*hm-rG#(A;aL<2MKq)
zQR8*ol52T#!-~XX%L8$^xl!R9&hkdUf!5a67GnQe$cMjFN3KO-MQ>>Bi-u#0e~31G
zZGjI@U>scBwno8oZKmx%7S+S?G??eBC(2vf)U^zzUM<@W+)3U^Z&QRrF7fkaA`n~(
z21zo2O$G5g4B@6*OgvSPq&)!x#)R1ZYxZ(G)BS}Dwc`W&(L3!#FP=QJNAQ;#lSsc5T79mUdUl|
zqk#p;N58IDnQZ1?THvqIe^_1Z{f=l1yrL?~(f}+V)*I8Ad_|%F=4)%hjPQP(<>&Wj
zZtjxS&JTpxeRaj+a1qtBwfKJ9PrIo2SU@lXB;vT-N!S9I!l9`4Ua
zMHi8yV}E|io2f5cZplprPrsw9POr`>A&RG#zED3DEdvXPBUNU
zVC+d1wrz*H8~tYM#)ipnJZU&HP>@qm$+P7=|KSE@>?Uwo6J^<%i;kc4ewK8>wGCR{
zN8*cMAScdY^rhP?0)cW4E;yxbODR~|>|UqJ{QdYUC99+|bV!k-ksN=i-$2UD>}^`}
ztJ7aQVTn!4UguFLFfklf>X=)R9pLW!Ekf%gz6j&R89D!4==1D_GFDA}uzOtRGQ>P{
zo|bgx(e!K8U+MxeHN=QYU6KEu{rLxd!xSHt*5b^?4~}d<$uLz<+XuQ+RUe>-VU19k
zTcJ&pUK+&fa{>dijm*aa1I6xisVDI=P=e3qKFj3ux*iP`Vr(!uyneR{fw8Jm&XEw)
z>oiWDq3=48sCizrlqPE!q*rH8vbD{Hi`klgz2z4GYF{Wt^s=v}!poMv?pKSBle@gT?6)TT_z7H$tQaMKNEt&8n
z{k?Q8RJsN3ix}y#AfvEGz~Q(ueoy$czYFH4zAI;3MWYbr`4*h>6zL!Xeo{dG{;bcM
zsJlM6QE6h}XrI!?k>bkdU;H|8QydaPVZ-xRs2UUJXC+}Zr!sNh5;^klO-o(*J9U<2
zNsU*)ab^W&TlZ;}-%n|zDoj%@9e?>Bd7%jH&|~57HCl6|QWo9i>`VcrpE8Bq{a$#c
zSWhU|@5tYqr`Y?qe3>AWnwf^ZlzU36NV-TdV=Y9)J~;pQ)$t_2-b@lffDzaiwY0of
z{tJk$i2IqcmXv%*d0LO&cBZy~N#L$+Xp(qP7dx$Z8y(7O?6oa{)UIjUc_l%nVEc{m
zMuD5&w*_ui@csSd{O9Q3&1?m~sF&9vlBdUhn0o5F?>8t{=CL;W1dQ-9{(bYgh`EIa
zuJ_X)3wmhPs#;BNjA?=_eShdYr6jE_Voxc3BbX(nhIwj%t0DRB(_8Vf_rmm3tC~~`
z9H(k57HpP+FnxR07YzllixJMH`daiY97j}hkm9=L)2E`Kg6lRe=5LG)V_&S%pMI)!w!SgustR5
zvcG-Hvris>#pXaO9wql5rLh-A-%?lVtcyeND4E?z7LK!pNDYF#a0?vz?V0p;4lxjy
zE1zTo9v1*T+<})!LAX%i@L`dZx&IusBE#N9fHiumpVtf0i_N$ZNfGdyb5_KYNPsFA
zjTWNu62^6u!?`$^4Yp1>_Uu=7iFJ(M-yd!lk0%i$`1`{n)rm2GJGnhbII@!5lfH7l
z7RgQ2TT^Ojcgubp3xqyb;t3rYJgHnNApf7xH^Tb{p0=UPw+rfo;+Wg>z(3_oesT
zf9Uq9|9)nc6c6SGMXUmewlk~<@{Uq$?hAv}XgcpimD&}taf93AuK-O<59HTxH*j+Q
zBNLNGz}hQjol@84D|ir9yELQqR!d-x_%xhLsH1c>qFHXBI9fBMSW>A>(Z5fwn`j%v
z4E};3W+e*+gdkY|ujLS^fVb0hO>4lUfNO1yqV0z2)0dT7S
z`3f{#^#O|aH#*tiF)BY;LLQGU%+Y)p9<{L+I2a4ffxjP;gC#LWxbbyD<4Y&=P(SS8lFFngZ38>kNGW>T0d=-DIwSVv^y`InP4u
z9|zi>T7g)k-+afQ`~~0k^fP$;!ajlRgR~17P>%dC5e(5I^^Y48T1PZn%omTWG6diL
zs+C;_;uW`rmOt{P>iWnT6-N8@9DGd6&Fdu;$H}YSdiF4Mn-I6>0rsdXD41I0f%
zPfS{y@dwoLb_KUE#SGr>I(k`t#^k=cL5p#We;!vD@EfQfGUNLn3TzS-%gj3ODFzi!n09EzZUdaY7m&FdO9-)fVW<=
z2R4-g|Eo4zuBMmEr*$@#(*HEr#1M8EV^kdCRViUCd+v@T6(s*LGPI7w71u&8jqCHS
zPYIU!QVEHg4k1^^du;an(9`usvwmB7M?n|2<0G5>$-Gf~2Cb?Aj%6s1sY%N_3TEul
z%*WQTx4BjL6%b04{gZ>!xMwx9xzcgZ661})a{|s4PnaUTgM{}6&F{iD`(i|?gIQo&
zvFwMqSvHQfU+YJV@h#>$5q+ed=_+{jVOhhSBtei?V0e1W62^v62
zngBnKNu`i{S*lYH)CDmGYK5uz89=Af7JE9`m8sDOy{$wDn6kHinL8Jqq0-=r
zsw@qJr4(`x|0RgceAD#>4c@wy9FRr8cXTbYViC|-LIE{Gl}NwQYD-}Q#MUw(3g^1C
z2MSf7J~+`l04j~AZK$u;R*2pgpv5(QyQ&$TJfOO*wD}YHT(5!^1yDT&
z1XBXAqI~G`78&)u
zJFEp}3?!j(l=1^~Ukp2o5=gF&mq!IY_WbF_)dy7Y^hKuD`wH;pf*~vnn@$}NP?b9u
zuz*iQSBvNAnz*2R!ZXS;#XCop7iH))&;8LZ5pnYVRw7W^3Ltv>D`F^*?ZBR&fYn3_
zoN2IY)(2BJNIUudp;Qmh01g%#xsEj+++)IHECAdfrQL+}b+FcMSt38%kI#88C|e%r
zO%jVy1+SlNzM)b`2P`@u1!)AoF&)MK4t({gF+endwU6~SE))G_od7Y?*bDXml$DgI
zOfW{ERKNc&^BWjx0Ji_1!}+U@U?hMaz5BzP@S&XAz)_O|#(#G*-+U<90r)%TT1}Tk
zg?BSY$|o`1ND_IAQM&2?snt#W4l1L}r}Z6J--kaR0QIFl4akV5!63p44$nIHdb4Yo
zbQ`)d-k~sEfaC``mWc&Q1XF$rspz*{j3D^sQaf61Hb4#-&U_u07XP~g7QRM1QG3x?
zS9enN1-0VeRsk#juJC(4h}Cp5*69y?q7}R^$QJZ>puL&Bj?CYQztzhQgtld+crss-00
zY99ZwVO`ou=}I?3sZt+EW@s!dEL1qx3#Pr5Sh-}WCP()IZPfqyO$KqmIN3Mh_xn8F
zY_|u#*mpE0ns}MK$Zjz~EQ;RlMwY8^SWOwDugmUYlsTDP=O!zQB8W}E>m-c6wk6dK
z79ga)Jn%0yY6B0$yXqacnJ>=5f__JvZ_txsZ@;kaY#>L$sEPv-(G)6nO$0p?L$a#?
z2WonHy!(i7(Ay-lMSWQVOgi>O4B7HZMu5%1sBAoS7P4KF%46;KuTQ?Wkrv~Xg7Mfa
z?=r1}Y|y9STcDRmj(jt&&Z&)~bx8a8jnKe)E`rnv3U|?WuoO{zUvXM^_47}2+^$cu
z1oVj#MprOTM)}e1r{Ly0fV}nUXa;LW>%HE;cjPxh-9p&Yi3$6wTC`dA~z=ev8NkbBoD1m
znyX8Q?)}Dur%^XDc5)v@TlZ9U6qg9jZLff&t^0N4GC6j++N3sTJUg#;KFifwVAkZt
z%eyLtJ6f`X!xvPG1>*bL=Ia8kjwK<+_7ddIfzp0NAw4ixK#g$Uv7ylZEh4GR7SEjI
zC>R9hoSjGFQqD0D=6fx?z31W3H`bkqUzI)DSDX?H!w7?!QF=KW1gP@E^glt0dbx_*vQE9?&|WzL|1{-SA5
z+p`L5b**0LL$s$vz6(@vX`7ap
zyDM4Zf50LUi_@~B$gSAs_bHib!LH2#VK`-KUdewbq=|$*;VgoFKlAX)n
zfl4RCx4wqV?|x=NDtq!Z@BbC|RzY!uUE6MOcX!v|?jBr&2OS6&+}%BBaEIXTK?4l#
zF2UVBxbt`3e}A>V_h29IIhm@Ss-CHyex6?IUiZ2dH?o@Sx16c5Q;@V!J&qs?Z5^>MKHE*B
zimG-foip6lUy%I%20H*DMavDbuot#(v^y4btDiZbL1N(4{SkQ*+Z>#Rd!H0z|
z5z;&~!=H!uJP?e`p)a(XmNEAgh3`>jFLjm!Td#umXRAIt%X|Ez_vAWow^rUqJx9RP
zG_~e)$$dZ_{f@W$TKLULt^Iw<;dFk7&uzK&1;|y@vinHuRm6R)*6?9
z?9$NGTA*-Ubw=qVsq`K+N{}cGT(!ej+B4?^Rso$#%+SR?mAEDF`F{3GUFHo|;AM-V5mM9Zc3%&Km;731dxlm`<6Agz+N
zWHEXfonmkJ$65eP9B36dm1;G^DqVJ-FNdH>Hxxf&(cRg}a76-6c=huU+XK`7?;VzR
zUqhHEAAruQ-Y0*7eV{ogg|XRfFTcjy)`{&gMNj;D-60
z^riXgkDoy%ldeA#i1K}1Nou4f2>D;SCMyYC)v*uLKcwZCdzl=DN8qBAq_~LI6z4c4J|8A{D4HB{|8k)mJy9yb*swu`$@->!+O6!$U&!eO
z`CGOd)pqiS%M^S_nu^21sVDpR{;<(0fMRI2H>jDD9{0kABR
ztY*AdJAu8VGCitUyJqF#C~+{AHK$u<`%M_lpu?v~fZli}*_uc32jkg9)d_J%vcZ3X
z2Puln)3B&_Kkyqev?v_2A&H1%$Yn_iG3LARBPt&qgc_K_)j(nZQ_()5=+Y~9&uxeB
zxXBr5R8-oY-Q>%bjon%chnvSn@blY%MwW;=&&gDUHol9lvM$~Zr_ypXt*r`RDN(%G
z1`+e-RA>uiqy`O=n4I6RH`^JGrf{-C$OE2%IT$vDOliKT_7$aukCB_`5d?y?tdT*p
zLI2p=U@|~*DU;%^ltVRlZaq1!yEePG^P33ar14cUKD@O$nWynAJGRCdo`Zg=gA>(B
z++5lbtGT5yra}+Yag<=kH-g?qk8CG2p^#KfW={NqE!1!?sQJ0s?PC$5%d$sZ$=D0`@
z{btT^7cThU2)NJuhT4?#IIUK5(E+c5p$D@bW+SHRkH2GE82}*=xJsb988fY
zjQ7kbc9H905G0H9*Yw~Mha~VWv@&fu@~E%?u~W}lJYM(E>ILn4lljrhanbA_ro_kU
z!84IyTDGfLVYnEwr5d@jZN0071V
z2rFrbl~ld!2A6nL^rG&A0xntRP%WC56P;vocu=84lVpCdWQql~HA=r+USm8VcFlq=
zTsRGpQg8?e*JcM>rhfhMdM8Hd#T;C8^7sCo!G)Ig;j#qr@*7ISJ%YvU+K`7<3fXOJqZR#C
zD1Hi2GvW}vr~s)0t1m^sHVn)|zb6?25P3r2rLCyTF*f&X61;Ly5&4qV7cuieL-7=T
zp2#c1SX?n5EGjXKCy|4>?$}Z&jE7lr%It+mqOj3VC0LJM271Kl9RS0EBi3L`ikHNT
zaj|rSpcFd304RBLLw`)zYzYaj4nONhzWzszQn4XhEd}XybkWR9R`p`VpGuT&RP2$E
zVK^yM5tX{VK_oyDt7rl;t+`!+n7{*h-tV9)CwSN
za4}jV6XN33f3S=gp#i~=Zeey*L7qb}U35Tf+~u$(ak=vM7YuF(()=grTDUGR(zD@C
z==z+jnincFS^=~bx)T#0AkAH-fEYaqfPjj3AB@vW%+O&3DkS5TFFgrPd{B8Zj%-u(
zQw6Jhg^!PY_OdC6WCAYq_ZUchm%|BMOc|D1S#`6fkRQx779xI@0c8ye3tit{!vHSp
zDdPwdE=zQzp%_3b*rKOE;va$Jh2AX=N0sqC&$raws{_*9N=;>Lh5+5vja+=MIutA!
zeQj|!EEr<7YKtI{z4@LquEN0~KuyrShS;i5z#PCwP)2PJL55QnYx{W;wq!y7eUptS
zxQ1>dyGHiswwbRmb^3o2Y&tryBHv2@)HzJ|7cD>l0GJ@;w3InIl?~-EAJNQnKxt~P
z1Q!6oO?NIv<`1Aa)banF%Kz@yrjDc}XH6e~Ld4^MtEm2Urqb{s#TS?yaZclNB|jj8$Suf$uC5x1dJfz`%ExXw>vkiivpuNRm_8hR+c?$n2)uHcsfe
zELJgYd{bgN82g)cfreoUn2yT9ZdO;B+N%rMvhv&@a=7^cH^l@a`-71zQ`zA4Pye;t3Et
zW&oj2r~Ydsi~T!bq`^^$y8Z(7k*S7{ZE!hmd3NMebo6qT`oERVgcwbeda!A%iJ7wl+K(9;8JAV(@x~@+nHeq
z>}F;Jx5x1SFWNH=y@*fY4&`do1SU{|dZ~q?5}Ps5IUOEeJ8w854b-Ez13k(*;NDr=
z{;kJ@HI
    1v9TAIrOP;pbQZ#(g(HzMJBU
zbBJ!wBBU9g{gD8#v>u*s2el0j5Hic=7o;`p*?zN}q=>l^)64TxLxac2c>>53Qs_I$
zL({-rRxqlN%-E0E%%q?INv4!VqWhk{l_z_74<;X!cLnq>8R+Xp^VB~r$T6-L#1ppz
z24Rt?IeZM%I|!#;FZYo|aMpYFr-XuAM1tfnJ!v0~V=g$6h$-D#jR1+FO557hQ3|;Z
z04yBDZk~y{hlrB&qJ9s>5v*Y8eGS@SwYswE##cRKHnukxclv4uz%foAQLPH;8m3xc
zT;2fhh%QVvSC{?c)%%0aBk#P6ZC`q3{?C)yO&@vJvMHHe;pXsYv
zx*-=!SD@qjCK}8=-`Y;jwur>H9o(R@Orzz-h3%|cs!c!Z-E02GS}A2?N{{RtZy
zLtm}7%FkL)M|FP#ybZ{Xq`GW
z6Me?xg0(A?-?=#ZASc~(Kik5*xKx*7rwX=Rn@p#BV-w8IHUvxObdJG^sC=#n&ss(Q
zIQv1J$ab&fSYt2WC|7y3#?VCn^ILefU6rC#P#`$dKJ9L@>>@k|mgBqY_Xt2&-M{4V
zqScx)j>_Mtk6-RZ6IJAu{vaqQ7_H*6>mb#}?&Utyw;s&+LsyMSOeb{u1vDG9f2Bsk
zoJ}K4Lygag|3c)%=CmvOWTO!|pqTzR?`5(`*Blfa{IhF!Xb`_%ix=0jeiPRP5E*FL
zU=fEwWbwwb{0l~;>FK(qLTk*Z^})rQaf;ZMQc_ZVfH!Uk9B`-#(zybFgZ$tn4vt?b
zQl2y2U9Srl)DJ7Ad)B6%cg`nIyStwl!FpYLgvJj5LN72U!>
z!O3=|Iv>&p%4W`~(SSxbP#+b?Z6;|{LBO^}P*bj>y7Cn;iVlFn~ig
z%gPOJ$_BzG0w&v<*l5YA8J}+Z#FNkVsQ$4;vGjqDOu*mbkai4^*oUAfW@GmB%!)T2
zy$D;yfj*Y{VE(dqet#|RRD8>;bl+Gs**!OOaqp{TWbN`9D2ueLeLCAWYz1%p8)`8&
z{);B*%W?yl0SBts*g>lhBi`6X!X+dnN}ja>a_XZgqP&7aCL0J+M3(Tdso8FAq@KtW
z5tvKNq!p~osFGG^(yLQd%RkL6!SYYJ6&}V%Y8qK(7g-!Tv7javGl7-PM)m1lT|tBEp@2
z*4gVe#S;LfCsYw(*Tjre9WC8&7PCJt7H=%`iARO>HMBM@5A=04)03QubM3Od7Bc1@
za%S)7WNz-siqES>F3t1@#Ent|zCbk-Pb$?}H<7&WT^atFtB}pyS+I-L^Vcms^0mYv
z8wfAYx-@tw5+Nm4*~k5MjNTZx&J!4)QCME+VU=9K!ii|AphN3KHC7EEoPvU{AS>w2
zHx9E)x!dC5(Z<5^%(uo_$}*7|Vsem~rm@+R=1;RgA9`hF*_sULS-B%F56K?brlpF)
z5G5C^2sTf+q)OsGkx3LlL*ZiD^xfrOXfe4uxMX?UqWE7{O~O1Q%E+8QjGngMMpA=d
z0;R<^j~MJL?8++hcSYMbR@_cgbJ2VS%O;WAgg>*E(JPO|T5nYQ;>Deh$XKN7re$cR
z8R}|ooh-wc#@!97xt251@CF(-Trc%OK?ehZq5!N{7?|6Y@{y)>xb^Su%6x;&AnLrc
zZ4z4-*JN==OuOVS@mS;CZOemQM0VIbYJ#kN0NT
z*jpzQ^cSBEUSe&MMrWc)!uQ16$IGB)Yk+hi_Uf8l^N{4m_@(>ECrO1Ep5h-Wb*4_v
zam=mN*NDnocJ-+82-rkM_(nMJv|=T3UEM37h)5!c=V&;~UvS5)60nc;+PJ6*fC3TM
ziE3+9nWi;#WW|ik4*a-Tk2|0SUD|t;O!r0oh(rsFjNOi}FH>Y6KaSOUq!-S2I>_AVS}`6`KK>}aeq@tmDdIp6kNWcNXqZKeZIoH{2AX35DVLmW~NE16+fMv@P2iv)=GNoeM@9i)Kc>@7iZL@nkw)%=r6!WSdvi~janlSOrJiy3Bo3%
zY)2(&_qxgZT!HP3%6qO!I9%K1BZ@daJVHUBz=7E$17EQLI(W7SPOHlaxgqR#%tXI+2ZA9Fi~_XFjuY
z08Lo;nb$(goUd>1?|ZUP^NE~aE?oYS2%0>}q=?j$23H3QV|m6K3pD-S&Qewuu{P1F
zkt*I#j{FEebl;OTUz@XYAkkF|t8vHgbk
zhJZ0`iTA~6>5eyDQseEbd+(<1>q~gT+K4cjjqn|(8?9aUZ@RlqJEz=q^ljf^3^F@k
zl<@&|?T#W7-zI1FP;nQ&qKg;>o{so<90irctV}Ucr2w(GcyAWZ{QUCmBQo={OS<}<
zr02-tsKYFg)wTc@)itMI_h}37Dbs6o<)gp1ZAhZ3)mq7NE}cA1RRm+-N21wUu~YF-
z;qlqMPfdkJug;LtKWRE1aodx6sgQMb>%Y}rsOP&lU5$Sn)*_}H;>1Q;`o4C-sjm0|
z&)fZTX-(u8GZ%5+hPN;n7FA)FxW*MN0Q~V_C>v0a(m>i4aMU9uNI{?N#@TCeOXF;yR4KQ;Z-x~I_=01oq*?`uIAtQt7-9%
z1#8~U1F4NdvhqD~FMaU=?U!$kKh@(+t%|Gjxt@9R$s2$F{=@{cqhu<`rrBy7`1@Kh
z%po#6OL>7MtdPf&R?P^t+LT*Ax&oE(~^A^9g6Qxsp(if
zdWrSPAXRa&88;LyZZHT94J`$cZAEfT{2>HEh>b0tP^$eWtwjJ#D;o}C2i7XDfI!B#
zD8t-CK!cU+>1)aO+mLK#nPIFX6@-Lzm6c`9yQ8hCm6C+bFQADgc58aD|FyNvlRiIB
zI4TN>ggEP_hz~k&U*dx@uHUYV(_s1cRx_nB?HkQSOID=xFJBDnsr-8BR^BIz3W#7y
z-DPUBwiSsDgeBShXTqoDLOkwCNV!nQH=Z*OW+i8bVOrpdc5@;o1wLO#)|Rlm+%mLD
zb0A)mz(;<~aZy+mkiD$8wND`L80t5W=_b6VyLh^Io2;WS-~=~*IjkgWvGRZaDJ3&6
zV-ej3B_dG2vbPvUQHEbM6ePt)+STAl+K0_gh09PmA-K~kteokifs3CK5t{rYHex4G
z1rnz{qm8RMCmoOYiAG8)6ia_oX>aF&$$@fzcC=z7d?iR^(iTpLVBC4N;cEouit4+3C3o;!*7#=u6K}flL&ax)gcOx39rVs
zWfpkrJX)Gk7$eEuuT!t-4BO+oDO-3|WE2a)%jtJS`H;2Es
zWtjDrfDUG_$ZgOeHi|AvvKY;ttlGYE5gi5q@sB>hkvlo4eV8HZrO3M~<8H1c*^fOT^2I?Ht?6|S6+TS
zGJ~yW^00ZO=vazsX5NGbZqIWYtcSppajHT6-_Vw5{L0$kw&;8qzN{wu>6%G$aUPaJ
z)2!cLcdpUpPx}g;xrD>M{}%P6bJ0J#-RkTRG*aX@okjC$F%u83Yts4_JA0iN4rA~|
zLrb>XEf66MjTQnAF?fppQjVmc=b+x1tusty)|yK}8X;TZ
zET>-ge?oFI2UAwOs8O*|YF6A_272WmHT$u`=c}g5Nfi}$5g^>BX1Wz^$R7=;9IPxiHGY`v~|C-!j^dTZCs|u<+TDY^OX4hPcYZHopHgj
zwzg+&(4j)Y?;WHaid}tI_qaY!-9$EwWBhnKbOz5gFgAX6-rF9h>S%9!Qa&~^-p_%O
z<>Md5qq2AXASf?awEGu4@d!
zVx&IxL57e-Odw;v*v`>$Aug)h6WqDyV{OhxG#?>E>u#dPy<)&dqa5X885OyAhbzOM
z<$ckYX#P8eb3MOmsWB7l&fD>D{nLKnKI>bGY*niI^ICLDuwGiD=z3kmIZ9xkZSTc~
ziwlZxNpl04-MLBTFv}R5+8GN~at`PTywW;nWwJ`S`=jwS-gu
zVgK1Tcjn$S(EJzr2+9z|NubB>MZU%#?=W
zc|7ccQIy=ee%nta_`vDh(-*6}1vdcJ#0iF!+2B6TjmM#lz?VZk@){27-H;UM$nrf<
z*3aWY+mQDC&11gDt2SCi-Q6%CGQcRz@#J%068865-Ax(3J!SuV=PZi6yWrqta?UEpXs
zibp8a<>9-bKL?hELvy642DHe4B7x2o`_rbDo-n;ibjuUVj@+s|RfRA`_j1)f=!OQ>
zX4ofMq~(`tjulFS-ctha#uX}#K%rZ0V4jaLjH5&ofs>g`VmFr<83{zzUQ
z!WgLp*-CT6Qg&^+2-K&*%nli4HCPZMK<@FtEQoDr^n7U
zBQh2%p9WQ)DMK;_A|-dEJdn;VbW6KumTGo!37(jAn$wVJ=*cv1PGJNKc}oPHEI)_t
zA#x!d3gkSTv(O1zEb!l4leu};Sd}CGN%qs<7a!>D&Jo6eqQ#FrH|((b;t4jV>vqLy
z$9Zhv32+wphMQJYB)_VEt+n%%hfm8YT@{mg+FG)}N4+S)Z`Zm5Vbk`4Lc-6&%&i+P
z1@reh?xT^veR5Q$+=c&r7M+&g-Ffv{7YY&go2cm7USsRas?9@nRE3_Q-Q93uNZM;V
zuHOR*PA1l7EsOoj-hHud2?MJ5rVo|F`@=z=$&{{(Q>BsIgfQxbMkYC%QJHhe1;Xvo
zAWihybEyh1sX+`sRwA2(u#E&GeoUuR>AC!1)sZR%x7q^4++0FBn;6V&WCfdmyg}?;
z$=Q_aTEG87noN4OlwHI)>=v}Y;sXbcbxM0E_8jx=*x5?@*!r>a{@;pez8%{qBhJ5W
z`9W-uUw;vqvaRebAW!6UG6hr|#r2>~Ln1lqU>aWAA^q*OglAf8&8#ntUcwjS
zNO-x8kb|4KZyX~5p;7C|8Kk3@Gi?2;53wLjmnX@A;Pf|yErMv)i5j@S_;sRaIggrE
zW=(4(saam_Rl@Sr0V9Z2lk(1OUBr$)`EZHDS|i$mD3GHS4;i|LR_?n3Kb!U0AeXb>
z+8#Mi-r5YwJevMI1Kzl~dfuTzW`etbs~Rm>g_<%Z)4ZV2ZC$Rm!TJ}=RBqd;p`8}L27EDhD@6rmt;tWAZc09WZ+Ij}1
zQJ&qpb7~?=4WtFu2{)7lEyp1&#}w+6!ET+0)V&pGm6l#6my}l@dqYJXw}il%Viuc@
zvdA~DCl$?fV}`j}>`ZeXh9wWDza{7~wS#u^dWPH!r~=$l;%-E!NVqK%fdS|CYC@^nPcgR=Q|Oj6Z?CUYQg8DC|7
zgupbi9Rj{qC_n{@vgwgNMl#4#ox7WPY_b8CTgC#fJ@$^kiUA_9xEsQim5O<3cJ!bj
z4%ZIBsNv>>*$+be!N~oSJu2ks?wOvJ*2rgmUUw|Ci3tuR`cWBlOKE793s01jGToZ-
zC0tI}HSW557rwu6dPZhfKWK~`w2+za^`EGnBNV+%I0vw~C?7cboNeHKMvY(na_145
zT&0XMe_0EjxmF6p^3@g`2sI4liM7%~J+>>WeO#Im
zN?+3!izZD&V^-3~|3o`7x2Kn`x%ogz{5a6wnC!`De8HB5YAUjR+W5wwziKNFtt!&!
z0EAWfMe;-(Ws|p3;e?%ycVx)q
zN6rKWXlGtWH&OP3RqCck$3Ge^OX-wQOl^2@h0?vZ7clN)5L!8e+_-!H0ADRb)N{q%
z!cq6ewaL@@{DfknXA(9J|D#TmQ?Y1x#_Ee3-%2|MIi*OJGV#_(;X0?$m*=kNVK`TU
zal`LFB3D`}ZoddH+=caad;}#9Q?FH%tjHiEkq#7vZfp!ynDE8vNNm*bti+YrMk-xytvIM+0AwrJd5J(-{HR#DFnn
ze2xDY#Kdk>(Ko}@X`Rg+YPascO3okob7wV0sSPT>E_Wn>9s8D2821q-e+`6S9r?|h53b0
z?Ui@OvWsIqTw*4{f**lZl*K(6QT*xR+=6uETd#Xl?(wF?k43GgE4GRufqO=SLK4|M
zl?tyWhVWF@_sXEtU->-7YPRsmY0?OhL0=34o>KOs>gcI6oAR$TLce%hD7Lcj7W|#v
zd65`Fa5iHZU1{Y!@~^W-u!V8SDly-x(RGpKhjK0Dv39^vbiSYLJvUR~ieMc}6D7_X
zT*7P$WBb^u-^32>x3Ru-6_b|s%d-nb%l~&
z?sK}=iYp>9jJ0A1bL-hmd_w#N%92MM{dm&p*zjAi3|ogO=%}bMKg}0MC$HE!q;Na#
zHpzEtN_OhTnKZ=EQbItEe{h6Rp5G*xJ_5Ivf}mM=<|wakj~YoE4s8blYqiK!VI)RW
zm}td-uEIo(+Ks9w#_Bs0edH2|pnUfULU*PbSwSah=@dbUQ<(iF6E$Jaa`C%PEL6IA
zJFl0S0o$H2ZgTsgE7yv-p-vGPlb``i9jXE4zp!LU5wcYL$|zpHFc^gn^KHVVcF&c^
z-1AqA0^wGeEz1HAY1f`mKj6pL({3nUfp#4WVdP9!W)_*P3KuXB`a??gs$WbpTh3Ve
zFcK0iI?MO1ms<*{4YBqDnh0sR@j}cLa%p}#2DRMTXJIR7#>XB{lvClG{5rxwuEX}G
zGLtrU74JM*21Zkp!};NWyw;s$rKe69;mzlQfYg9`^H_%X<{Y=Qfsd1F8mFN0M
z71LoeC&Alb!=w*PL}vXsm|}z6E6>;0H^EZuiMvC`DLg;Dq}znZV=|MlW*Y|G{58JF
z1`i%`Mx{BPZ29T!S17j5cSkMgLZ@t;`~@8Fll(GYhH)tB_jOosVQM?UjvMO3+IRCC
z-kp&Fy=`1*Xb5pJboBputCY%f)=SEu6b$2yS*PYWyGzrWMxpxU%M&n-=982Z
zU`5&4j$(ClcHVj6EOn5Vm)FqH*y!}tZJbDPX2dDg1F&3o?6i^b@J&o>A%<5t?`wX1K{%Ini}|6_HT6(IV2kG6{sNCr-{R
z*n@wL+IM5!B#gen$+W07_0;>EneJ~AGjWo&{u{#?6*USDgkl!kIzNy7wJ7nSb-o-U
z-Yrk_-RJW|Q(%B)(8|CCy~;Eq`sU#rs~huD?(f8F3I2e_Ozp+K+9TiBu+n_z>MLi_
zak+7Y-MMWD1L;+cn+xK+k-z09sD2H+jtWk8kllP`9%A6j%<%PI<{3|mo$Db_;87S_
z3o+8}u#Y$)-rw;AMvP^q$@Y7bw8!UAAT!BQi*I9eI(plM*I_tFa;mphnxh0jBzE4}
z&XI!cu%z-alw!b!zx%N9ntQ=t7aEZT?|X9j?B#L4r6u)ZueZHGHY!xO$Y1git6s0f
za5dvP_XzzJr~{lU#0CgBE1n#lV-?@NH&n$Kj4QHok!khV0yoD%G(ifPkf7j7Z^50j
zBeP6WJ2L@<72FqN0B&>2l<}ORZ+)!C~G3RkyJXRZ>eNhu=v2k94`MJM=O)im+$&yOC5k6;)Scsegn=KVHjR6Z1Pe89N^)Yxf
zB!Ao5+Nunx(1Za=k@N7l0XRBoGRI~J=t2_9z%wu~ljskuA+u))EIF_|A@by~#q%iO
z`^<>@1ibGLTc>2UO>b@;5vCAs@5y+qPYcldYzO@wJqGg+cMZ_B=mZaRP06kuP75t*
zkRM*hS!GI2B?9v(>s>#Dq_yaq;}q5KU*hOL{`_coe7pqp<>hT(J3pbRCg#!W3Ebs_
z)tUv(KD+LGl;~hmIX&9Ux|&=ohX+0kXccjt*MklYVqLp~m3w^!NB}3L-21OCWM7aD
zZ%gg870-p8_2U>E^tUO)J@&(whUj982aN-@%Es|s{s47r2g%fpr`zp37TQIfF
z*a@V|#Zp6fHW`!X1JGHvM72F3c+p6#c-|xcTnJ#f%y%@}wtyEBjBQ5kMVw`bU?oV;
ze8`PollmTqI*N)208a%M6>Rb0!9sEuP#$-4x;vYi&`O@2WL8a=g@cI=gD#+D*E}dbJ(DtBYA3
z$(0$)d`Y`@niI5lnBlVNNJd%>eOUZvbTo2P03Xy0*_*bOmJ=Qk8?pzm$)Td6`nNFS
zRgnRU0r=xz?HyM%H0H}rD~)6rW@=OjPgy%3duFAo$ggoOV__IsPAVSBN$
zMhnUK^b`EwI}OX2rNu=L~q5|
zWpd8Ibi|@5G$4LZGO9mZ)IiW&(kJA
zX!@FK>}m~k@(r+^t&9qoQ<0AERF{_v43bGKL-_Gq!DSrWChJ?18#5zRW2g!Jd!+cm
zd+>RU6JFChI(_Givmkx*c&036%hy9H6SDw;57E&-fkhIXcZ_si#SFGy*MeI@Y4E$N
z>vsqx>!)H4F%Y%@Z8rbq2MH0>+@BaX0$4>i6=lPaQ2Yd8|FdAaYs{D<%P-M>lDgUK
z!30qHX?8L)g9!qxvsk(L`T4-Cho%L+?WH7mheEOyuPlYw8PtHBMyP`;
zM7dRIDKS|GsvrhA1jrP0oz{EFh42`(?Bla-dy82N1x6kXUT=lbcU$F51B~T;Y_s}2
zW}rfcL~wIO5YV$FbvOOT-|w`3s*J>zWN|VO#|f*anr5MI{SWiX-N5l7PC884Pmxz$
zoM!erI;67f+Z0Bk=TEg7sJu3$<8``BH+`ugicQU~#~uLD_cx-9M26yhZ!sbC8hT2sMM6HTq2DNQ4JG^kbq*3TffzVn4|17B-&d
z2Ha|d20&2F_lJG)4w>zwYLBrPI;9}X$#cw3b
zew+?~Q&1u7x_w{6zu~ZUFNz1bIvs}T)=LKsHlVhzc!#;Zb*NjgZY@SzhNH#;=@Ye3
zB>g}oVldzylHDc7PKI7wV;#XN$
z&?xl-?HOA1aX0agf%}@SyPUd?y#K|KEbO
zrDDrp@gP+tL7HjGZ3L-=qniMJ|D?bzL2Ao|UQJs<4Z0d(fOjhXD;8xDfh*>;8IDbfex(K}RR8
zriPWyl8>KXymb)?5?~|^ppXdMEL+#$z^*chS}QA~9@|#l0u5p^EkS<`@f{jo&=bnY
z9p2Evx!_~h`7ZorRh{{P{}Z@xo}VRMWWa~p(x0A6yRl%=XAjD!9U
D7K~n9

literal 73027
zcmeFZcRbbq|37S05>W~VAz6`~kzHgf94niwtb~xQMY4BxX0{yJ>y+YHWzRSj!m+Y9
zzsKqQ`Fy{h@9nx>x9j@ny8ilp{_&}IbzZOMcs%awaY8ijDxEz;e};g7;H--BZ6pD~
ziOU28!~&;@;CK9wgE$EY0tr-Z-_m(vx;R04Pj_&#&E@=g&ClnRPIMb+r&fOE3eLJ%
znOfT4NS}~zAZ}$%kz`{%_SWX>eG2iETkN)V`WhVB~v|NPK8FM$8~CMb{)exQX04msrOuw@!rTU7rhp7NqnuKyFmM0*g_NyzHbJyvYJaJAahmSm&OL~
zrPyJ8*TX9++*nf1GKeDdS$Y5cv`=^<=>*dKwhU-#6IYs#k8p!U)ek3xN)-+NHsgq}
zz}0(9*UdjTj-tFbajk|{ukaoG2j(;)QsHFS`}glB8-4co_bC}Agr%g6&FZZ?6S%bV
zjGO%ryT!0^l~12Oy{2EPQ}i`WQq1MoXKvlXI9?;YGiH99@j6ZGUnM0ym!+Qkd3#`$
zW+6-rc9Rb##o
zlTa*9)K{A|`}f^EiboxdHH7~6vk@uIbi|vOm`J+g2CAL0t}`7fUgK3x_Dc?BjlY+d
zP2mCS+!rDk#O_kbWy-xgMRDnBQ3RtTN9++5yQ(rVSJ)+SBzNdVuD&WKqtRyr$`4&U
zJhnDB{iedjR1)zSTzctHJk2p*HG1fNF7%?Yw+L8PbFZ*bUbRCQSe1Akx#c!M+JFHRrR$E83Lu3
zceJ-j-4aZhm|S91UHFBD*KnZNKs#Q<2>r;_)v(#W(J)T^O1SlNlz~BRA4B
z#7e_@M6pSucjeJq^`y6&{ZOe%(F7TSkB@J>+F9Shb7j&gLt~Bazs?8^DZ+hWsIn|c
z)G4`Z%5!Nf7yk7A)>8j)>*vomBqb^7g_U__E(xUjuBrIBbSChwt(9B0;Y948;~EOG
zl_L2}>U7N5*{U&PyX&(K+eC_O5sXU=I{BKJa1^#gyw2mX9Xk5F08{7*a`%qdyWMNE
zT}j!aYk^il@I>Qce>OLrCL3zGWiJVsKKXglPYe0l5!bIFJLu3F$;>aJrKM%Rx;#-2
z%bPCkvz4!vUH5n%nRT1gK+<_qYRMFhka(PbWXQ5In4@xGKe^#Q&L+e
zboV(DX5TBnzvZA%VpzG+a*>iGjMmIo%S?yRa`}6$ceo$=RalsgzI9Dqov7o8rt4Qs
zH0xQysd#$;GJzz2
z-!crIb8NWyUb&pj7Ve=Il|X80>aVG(%}QAN&5e!4zT8kl-_*d~ygMmb3ZbQjl{mN^
z_9b!FONnOw1@KXCFO!my`D_mA+kQ*u?Khi04nO4RI!8W>p2xZm&g7m`I3|Z$zzG!K-ukC+STM2}2qMz{mee^nyCGX!|
zbRl#&nY$l9ezY$+gNV5aOLRFD>$hzJx9pl;@squ-yB|FFHuG>6-1Ai6Kbhu?Sf4u2KeZ^L}^$A?18~SIIDG8^_mCtezpYbc7F+_9n@Nji@RvYwV&6lhw&*;vY)nt*VKf2`oU#N(UL#plFJYD(@5E)
zk$)Z}I(#G0!uV<1O*8?4b=Mogt$>7%vQpE=x<@}h!CI9WR&omp_SQ%wLiv=wapS-K
z)@j7(Q>bhmZ*M){U?BaiU!-5Q_2*C2#}826*PLMowpXyuj&TgjlZ}#(e%zc2ASGZR
zQWQ;=@~|WXDow)AAW#)hm9Jk%5I$Yb|)?%BS&hBOyg3GN#<_p}7=M
zpFF;O1yc~HHZd!{yPIYR*LZ2XdO_s6?boSY0sTLbU
zB}UqL>IG1TL#Wv8hf5ECr#Ry@Ue&qHMl?4cug!GMe#^kZy^Ud4Q>`$luo-Rk`1FDl
zijKRdXTYxzPN=>4SV09-pN+ZR>1nIR@-v97XjWQ5Cc=3Z^UIN$@+1UbZUt$D5HdJO~clh18fwK
z0w0kh02dr;oT>#pS|Y!hXw^0Izi%C7v9bP5HWB@&SBZIEWMQ~0F?kysU{+5n0HJ)@7*kC7PMf9NUJ6haV~J7=M0pA}2U7
zI>n|tS;YU~iRF@XIK9Z;-a=Wfz=NL4o1Y)z}nX!}9wt{q+W0taeg_tUEgSn-_oo*2`8r
zOVW<`X9H_FSXeS)5r#`mu9wy*Q6jdIh3!zzSQ&Zir*d!vUOy+#j=!ew;o`FD6;)K^
zFyEJ3=|h+e+q}geU0$qLVp!PVyX$JlZVDxz=s=)QJ;wp(~Bs=^I~iRpSfc-+AyL--cE|!gIO7d((cFVa@V5FMV@xi)t<7NUkw$5D*`8iF}vyU9%
z;^NY`E`gbUSNrT=@7Na3z)9SXvhLhS#$c4)n_{}+h%gh@`F
zQr%su#)>-bqMs5&k@AS@JWuz}slC%4!@j9>Qbm6sP=s{N(GeGNi%|Yq@J3ZICA0rq
zyIcR>OxWo4tt}5v&kQ&aTTA2YlsaXm6JNeqe@mAhTRBO-y3wzpmi0#1E~dc)`usQP
z?bO)V{=LlwYh6djV#m?`ez)IUNhl9!m-wm=SmpNZ7l%Xt_1Xn`C1ZuUMLM-mt#QV>
z-83xF;b`Cn+Mr*BghZ$BeXn)1FDJ;t-)EPg-u2mUo(n@I4|=m+I>Nzy_s~Co^pprQ
zb4G8r(s*^^#Z0U|4n79D8kO>ZgP)(@CW}U@xLcmv>{lvrtN4TQO!?qHe;)ZcE#LoJ
zxG*AV67I<|es$dNKJ|*>^f)?N=qT%JYk(G2ubaPk`BK_f3{CVBzwk;7iq4Y_bkx-D
zn>gL6*XmJP8m1|e73rmB&3q11zkY>XbEW>*ZYGI1B>2-7#Kpx~v;=uQd9t&!qf>m(
z1t5~4#5?8gRPhR>NT%&7t#iGZ#DPe3aIbOOKNs4e)TCZ7Pd(|)8$_ex;Y*Gw$=f1!
zeYcxkv(52qkQ+#uT^q4_8X6$0SU9t+|JrnW>)6K9Xob>5T=wN`_#-bZggyT$gVT9A
zIXO>>NjNw;8T4~3zt^}xbru?;5qLaD@Kzw~H(x93WobO&_z`0Y(kyJh`zr=r?=;5B1nTjnTb
z4|-76YFvQV$q@pVMMZ~3ex=*>=RslbzL(Mj8vsdx=
zs{<1yQ+%^oCjlfnGCeK8on!$OCV7cKK}Tl*F3Uq~li${&L4ml(;z*O<{=Vb1Rv55cqAsNYhrSzI3rm(1CCCfA@-BGiSK^R#007lXR~8y
zzJLGDCZ#McDq5wPDTjo!Pe(}^2}pFfK)Y>xydFA9Z*MPfiuKJ+UZW~UcwUk5c@5;l
z-Yh)CG^}#u>XqXrp=A1A=`egn;dKo_*!jLMgM*d+hkLOccVa4`-WM5Ex~Xs7p*l#Mb`3(MRm+)qM3Np+1yxt*dkMVO3MnO4I(sGUrvv_O_od7;QBr-Blfs_sIW$dSo`F;TC{Jgoo)0p$4JJ3C6mR{5H
zm(s(IL*?+BZ14gerwhfL?VED$2QJ;h0RXat%T5z@m2xl76sAtNF3y_u2=vSn<4@*>
zB*EM15djH{PcP8uo4TSW$PdYLVL3HYZ)jDJAsmK^xePzd9qg{tj+{7oQl+%Vk+9|H
z@^dDEIJognV;}6`exO#h-`#Cjgx$?5yQ8i?;J7lgvQj2`jb6llqm{uq|5S8z^qQRe
zd-nR7k#Eg!E#7`3`HNIM32wHRTL|B{aW8ExNBW|`hLP;%TyM)c0XD-Y-rf}NS$pLw
zPKKRlRm^!f#)q#IumMHTGYAO@QCy=>pw2nw0Oa(x%moYt;JXTo64oxVYMXwE`=RL3
zS)LJatL0_}<&B5vs0hUsej&@P#Ze$Dsn=~ITwbbNVP&=LdSg-C{W>RyZC;SM=`1#Z
z*U0Ky?!IZI{UE@nT$|NjU-G_du$pDzH*v~h;5HyCxDKJ*wle0JS9%RkT|&
z#&XOq`fto>+1lDR`c-xO=Od#p`-PW_GR7#rzQ}cj&>YTIt2;-u%w5KDKP&Hdj%Ho}
zu;A#weS3M{6zj9n_)TVCox9#+Ny2GNc;BX{cZDEO=t0k0z`~aNNoR-3%vPqRvOAg?
z1gv--j=Z;kHc$RY#9`=?fH@ifMUKlC&vYiLc^d$?joXw|f;+ePla*=omjBuo3kk=4
z*y}YF^t}q3@D0sYLv3qqeAn@+i3yA*++!rr1ay(T+!;4Pb>TuN^)(u5YIf_xTRw1u
zk(#s$531V!6s%KRxpIX~ZJ^A|tRv=
z_bjuK-015(d@lDK
zM--&qR{wbZO4=*+CZkGw5t}YVx5tTW(4BBEg$xq+ppnksXH(eO-8HFutU@!G?VEE8
zfC{wVw3wJH6#=6pNi}LS&rXs}FAbQP!I5WMaoyXPA22EJB@SYv87;13orIp8)8Msk
zGb(6ihMn(!=TJpaiboXsIR`(3nTHB>7XVzgx3>eB_1ZE20;M|#xuprXZ`drr1j-cg
zDe|aS?m%}($AKV-It+CkRi38fo4}YC
z#;eOt5VXtU=4F5W{E1{`xizFZu)8xAsoM#N%a+R=GsLFHYk*?w_#Mpbf7PnqHsi39
z>@r-D9>4viYWoI(t@u&%i8}Y7=-%Fj%^{;bE~8Og{Yq2H4VNr$E0TY2Ue8J$@80%`
zto^`MYJvOr@9S9KyZ1)@V`VT=D>NA0TBtsITEiez0C}7TmgUs
zyQ)AIyW5o)K_!C2Q{R+7dNS;8n#7%CVU@BB33vNo3dWrG_rIJOjdQF5;Dz#YZ#fHF
z1{bQ)CHjhj5VHWEX+!?k^tJL>KmGDqYJ7Wv=f_u8j@XG*asJcEye44?!C!zaTd4&|
zp}qg;A#A~7&CKFd4xqQ`qHlPu5zxVa)S2*yEe*0BA5zMltC&NHxSx7{+8`;jER+N)_=BOrN5NUDVXqNtX>U^-z)4ow$YXpcIS(#>U12q!E%Hi;p}#hs!=9q@KL*s+wu(
z$-BcK!urh@tvSn85L;~3x-vVfU;WSo9^Mk#Sgu;4jQ>GR9KOv07=`r*_;4S4
zte40bNiTw<#GC>_h}nN9^B}6i+h)Kv!;gdb5Qs4U45*fB1}5c6C2TGE4z~gl)pe{A
zDHtWJjH7*y&^I%-#i8bnqO6z3D*b$YrKF|daf(Nmudp){Ck6O;d8t@~N<&3O^`ZC#
zITs!c7~28bfHRb<*b$=(d;eK-r9r#+o?xXV?lISBIRFYuO3G13z%s27jMu^k-KVL7
zbD98!`0a1Gdw6_BqF+TsJOl;=WC;Xm9)`z%V$Ix6!M#Nr(`hI(#rmP6yp972i3f;D
zDs-V_T6Edp!_fn`)YFm;}7v(~M`|CCbth
zDau4`6P-F!bBlP-sH*D2!HuD{<^Z~YTmk}?^AwN%7*S<)F+lq<_+`8P|fp~?L
zYe7GpgM&kLG9O^PVO&UkvES}Y;@~f!FFA@ff55ni<-rS~TXwgVqoR^QIw(?T;X=ZH
zPKbIdtH{I6t?DY5BI*RsRY?41kc`;%
z<%H-gk5#HwEWHa34n8u}J_oDV1`p@;MmC_ST-2|^_FF<^?3wSQEJ8v^nHQ~N#mcIx
z$v0enfgTKa_+ZE7Fp$H47+bpBc&MbEp>
z$NdhtpYUSBMm9T8R3$tX=Rk?W*zElIX&C-A?kp@w6ov>gVgOl
z_|STdS3@NVD`vcI6Bg&QiDS2rukr=1P^tG@7PSSvSPvd<3glQ6uB3Vr8T$GIB`In2
zcJ~eQFld||bl(|X2R;>^i482b>83X`GqWryKyjI0E<*07EsXPGb%a~P($aVWjz@QV
zP7&M;5=xJ|ttA(E^au&4dj9y@FyB@Wnh<#!l@g9qz9*
z^NYY=h(&dIf%BMCMg`Qlv^Y(`;+bJw6f1-N4A_s#rydOCM;}s;;MHXVRL*p47;!6}
zlU=%Wskm&=F_JieF4|jBfRNbEbuN%as|lP*CMG60{AP8J3vB9rJKEZmWMtRIjk9it
z0J8_duGpyhE{%z?vDF|zM8gjc1VNJkkEUJe%H_*9WnNECP9j0hsFaX~8hikon$X>0
zTL!huXKS(7@ttzV5D_sk87&_Ows`@!-M0uWq4yy{w@YN~&$!qWaD2pZCmCZ(4Rw9%
zpp7{I`uJSa9oGyL716b`@C1FLBtokOjoN6pyX
zVaCp;#4tKb1r@c&7~*DIxWQMaNL3P`yoI~~wI8fOe8+P6b=yGwx_Q1s0eh6P8eLDz
zr%zxEnB=L`QQy@;N1Zn|y(&UR!xQzi3Ch0xTq0LfY;0_oBAXQEyA5cJIJRrjr1{z@
z)8QaCa)sg%1`h?3)D3QKZV3tR#gTH<)&0D~NiO7?2M7bv&bNrVU_ZWr$LziFz@W%X
z=q~zZ@+Ap#Ot3A03}k{Zzc%jGtJ9lrrFWg~g1ZVLheoo5UJWSjfDVgj^$L&*ILrI@
zt+@HQK7IS9Ay>tt+IWT-7-n3g68!nDBWva{kV4|udgH6L_5B>jKB!F202VB$zn@J)
zo>bgvGsx)yFNlPls#tteR#t`+vciJ0&Euj_;g{nuSm+K6e|mZvXr$C7fdqcD($Zfs
zezA<2)h&
    9<{u1ZN?XTtM2~Fe8Yz*J5om&~^wUw#7L~mc~GgNbi;LMvaPBsH}`P#7ImyT9E
z{tG45XL6|pgvZ%FLVK;eC={y|urc6xVH^561(?ES*D`+rGPExV+li6h(2Y^Iaz)m<
z&Oq%dIwhp0Wu#X@Bxu*imZVy+CDeuxy#GR-wR3PV
z^5G=$_E1{P8*pZsf90af@x`ffaoJ`!FQ%M{U@aNeKJv1lpjOti7iZ|+=JF7i(-&B$
zU$#CBxsbeMitKX*y*X&%lGU$L8zQ0lsLCK&Z~LkX8CDdRi`YKoC*xbFzOq7|#Qye*
z{&kW@8*t&*sO$>#JHBE-r`n(&)%DBE0dn2vk_1{KW_$f@;ypU8u%3bv&cCX*cHXmTP&K)Sm4
zGc%|~<}%mA0{TYx7Dl6;+|<+*Xm5hqYzZw-@|=WRY191)6DCr1od8;OddCbfoLr2Nr0gg))9u=QRCS?Hci<}YO|>h?$Ug&)J~bXoh9UQ$
zN`rE#6A%1fn=l*1@)%!`@+9>vkGEr_c(eUy`Fj&eN}$Asm$CnRTW)P5Wr*Hck>v>p
z_1Vyg%`-c4ocP_mj973#uGy93bU2)K9^%C`*L9JE9jjF_v3es2iEsKx0|L=MClK`x
zcve)1JK*;?2+#anUM@9zF8Jin4*-y0V}L?}`C!zk`k&14-S6!rN(2DLm~RKGQ*F7v
zzdnb6UG(C`3(Re7d%Ma6ncPu{UP*G@2TM@YV28Ch?=ff0wm6V=Vve!ilV?(P*_wqkR*zfOj2_=T%mu=E_!7{vib0vt9Q^Qq3;%*
zrHe)9s#t}uH}W@eYw4_`N^6@p`gY@H%$0=0L*C=2lrhr|2QO@BK|R~JKGGj`
zw?Efa!*eRl!+I;j+dF>A!Q||MCnud^^vcx(Mm6QyflB1*j0d~lu*@TJawCVl7*jv&
zV2tl4!{bNjoptt3vG@{^@${;LHQEIYA>7me{jTAXQ*DD(W$tU5pfW~A8
z$87wrolU2k0Q1)rTr=sE87|aS6CH#~>3$rH!Cm1Hq2y%3`xCj
zig0&v66tIfIbr@?B*^&I6q1D)zX-(ayqGX?N`V^wDZ8G?>uN
zvuD|eCZsLN5uV=+unIIFLn_2!i)lM#8&`>E%0AZ7^zQWoLhbP>Nah=g*%Je6PKQsr0As
zEUlEL#l^9mXBQVY;Dz|s*P~q-Ss=YFl1anXRoGo@Gp}q!HPhAi87Dfw8|Gn}kA_EX
z+%Y(d5Q>-GPnt2~8rm0{x3w>5Ik`pHa=%lSTO5;ffHohGpsr*KUP#f{?B`i1bar^R
z{QiKU`U_R#75Al8F(mfah(kiNX{A3SW4s}25l@u^HnG--c37|aJ9%ZgJauy$Dzj;`
z?Y`Ha(?N@o669-sw4DLRb|ysu&ry`e`-z*EO5|ILL)X^hTGynHc)wDK_83+S3>qes
z1#sjpBM7ENl9Hk>w^@0-4JLMjkjPsS@~PL)@VTIPZe4n5@5c`w%z-Y6*PWnH)1cZYT6UWlaLe28z1aFHIdk!In=Go*C;Mx
zV>{T$bhlmPf3dSETRMz`mCqp;
z8hy66wznZ-;n1W(JI1;pdAyr46a161>-S*s;rH2AGA42=iX73SdDf}I3O8;2iSN!P
zzBkMdHtp?+NvRS(5C!#QP}N-f@zi@l_MxF%1JlS-yfu$(L}hDWb8F6!vB4%^===Aktq#S27|}ZOTsuPVj|D6(#*M+a!R6*BA4uC*fOd_5pr7++
z$jEsKJiHnS#za07`WuhlhRx$F^dcOAj)8*PI@Xpj^OPxq6a4Utk0M7_zK_`X-G6RT
z+K`<+vmzG8>+Y=_#b*A#*$h|MY+TMKBZuCpwrQM`tBh_x#0E4qccfc|{i!bDG%k2f
zj$2TEUn%3hAIkI~z{|kC(NQyP08VcArCgFQCyiVhIUghceG&H(?|R*t5>6MoCW_{m
ze;yeVLD~+@54c07oE-E`T3$md$LI*qc!llytUf+Fxn+A>G7roYRT`lonJT4Ab3c{w
zMi)~fc31zkJ4J~`|KRZJn4xQ#{n@3hrp60S(GMe#14B&Eb`R~L-
z*ve=7p`+vC^O9onTfZQx;0IZdMTf=QBnf;t&h`HNte#9hi)L5*q~zJe#do1(
z7N*9;WXXoASESW|i+Q#`@`KdgP0HX~cZpnhj|Pzivu
zrPbu?rJ?Z+lS|8_&%Xhe#)I|X;_1l`QCaWggk@mP^g>q3c&}Ke
z09k3T>z>_tf%7h=6Y!}i#IwMRTLcmV!bC$#iV^gn856Lv1{|cus~*GiztWyZnhP
z2&X)I$LUhV(d2@Y|0P>r?OnrVi-~8hRyi&uzKs5xM>ILPM{(qb(Bd8R1i$BPH6MTQ
z9pzUjeC%QQqv-)EC{O8tI;J!fGRd`j=
z`TAw)>XabIvub;}%kRSK8FMVKu&^L0Krc!<1i>hOG{SsDmRnz|I$iehTvS{$Fl^}d
zM+fWQz`RW0#RtkbHPRbgXHHwJZ^J|G}~
zltrj0y4vA;O}Rue%M!ag<_KHkB2Q0w>Bb*W8%QWFMWNV|Amjl;v%dZ?hztdc-QHiAWLGq&a{+n$@iG%uVi3uC`;An=_H
za1X3iU-0DPQJzBDByGqZoO_t`EcomPnUecXA`8t(QK`ed&qhPpXGns-mqn9jm)_Hy
z)l;}zov_{bK>G3J?wp3|w!_((_Gy1-4TqWZWy*$q=VrtEVn$`#n$Cw#ybE0FR3?iP
zJCk*zm4hX4{S5d;1f!&*-=fN+-N{l?44fs4CdF1YaZHoaDPwDivPRYBC5vzN^1~&g
zhZ=QP_{ze4kB_p6sYe@^mK_*@<5Kw?o@SBgAE&Z690(F?46d|;tPq`i*8X9Z<_SuW5H<{_><8U{?q&$2HQj0e_
ziY~M;jwkc$MBS6sUl2#MPKmjqgVu~zym(DdokOnh;PVBIV#7++cve={+$4XBcrJB@
zxo96SlcOS&<_X8pN4I?Fc78mklyJvc6~FZATJ*F+m1gMW1eC0n%N)`ZXqtmq=5+#M
zfc$1n4e;oe0PYJ@0j6AEgM<<(0-*@sW_geqG=1Pj7;?}u?
z&le0G;mDFcfOPZ~iwyu@-`g7AZX<9Nk~0OWAs48e+2nwlWkcc|#i()%C>rJ2Yj9O_
zICK+iyz%Zvf=!J2Ko(cmrMYM|U^c?wDgPr?t#Rp!?}K6*Gsda@=Euwod-DR=aIs;0
z8O#QcU0kAdL2|Z(6qc{hOe|~j>e|y$aFeIqxgZ5(==Wz@8{+riC9{9;48HAWKE2Li
zL`F^?_pLA`C8gn|MZiWNXg(C1m?cQ1%B*)?hd4-#v>mqT5GsG}9mp`u%fVN{YI*XRSZvl%|^k8w5w`9p^S(!
zyTAFi5n}C_GFM+;U#Q&p=m1m$$h?>|YRb4HnZe@u`RU|efp*OraBI2Vaa-yt68p<+!HVQy9J
zIPVFJ#?kSCR9tye>CBdjr5eG_CLkZv=Z)(!W}t}Ve>h{Y={b#H6PX4)T<1D;hfVA+2reV0#-r4@v#n@_JpTQ
z;+_9;u)laLje#e1=f6Gd;jwc9kTb~d04KMXA2amrVHmjAg3@>)T{-5aun{^R=%YOs
zn0{b~7Vz8KoeYCqCdQ|oY^e;#0gJGR^YlOb;%&rsNTG#uP&vPlmbkb=O-6w61o|$O
z3~ducf!p!y<`^So?yGPlV2k+7nug1QDWU`!!NXT`D>Sm{jHvg;>0hGd^3gWsV-Hamg+&0Z+#<08f7z
z4WVIkK!o6eyG>#U%HgdN1xUf?5s3W%P)xSXDagp&+}#J6KnQrJYakPj%YQldS2T&4
zVlSoz_Z!q<4e3oC2xGx2yl);VbR0$Pk!X0`FlS?DZv+yJJGeHlG$1cQiWuef*-y*K
z9(relps;p)XtTSnfIkX&Vn5x>V_c(|^~~>%uWy6D85byER%@4Eg69GJ)W7}%hRuJj
zClewJb~1&ZCLtjV0rx!q4t14)S2YdBu5!uMEz!C#Rq=Ps2c!8{4*dpqIP4me#umsT
z=fP?|ID~i^XgBH^GA1X(VmUPmJ2oQB^L?ZoV7F>&Za@|X4oSiK$r%%RQOA5~Bsz++
z7RLoyJ2UTjcG3-cLe_n2pXT+9W}}r2dkjKtg2#4t?Y1}pCh_kcLat2gLC?(q#Fv(h
zz-T&dbA-cn3$Rr|^;s+HvWEbH{=2)3qk@*%O4L+TYjC~j9hi-(C^s0HY|IvBhkT5EU6LG1B+R3G8hSIEESsbXcha
zmP%)QcP=|JS;S$hKHxQ)wKLOywspHeqoCq=toP&E_Cjj{L7)`h6lpsv$bTuI4wY{)
zC5@{m3%B1(iGa(oS5(#{G-UG?;%XqO{aRUJ2Df0@&LKhH)Qep*{V-mhSQ-^8PeQJ;
z1-)x)b#--P10OfGsV98)`8i1Bs+STwAgv5;!2<(Q1oHHmGch%N5KMtbQVow|FOrf&
zM-}(wYq8qRFD;n>?Az=~g7>81H~l_1sC$y~4d3iuS^&24#g>Ro7jkRm_o>joobXJWi;D|(8gi2MS|`J%+9K6XH2<4w7h%VC1tCY%{=NW0_xlW5Eym&#
zE5=5)1_on@>su!bk5&@O+41nT>%|Fij&~&9R>c2pTt|}~ewDqzQ=bmj&pCdz?=<++
z$+U6$0+m&UF=Ec5N{U9{GuY|=+cak|ZLTHQ+CTBuwZVcmmk^G-GyH#-cLuy-3`ebK
zPm7cnzxmt1&TjwNvSFU_bWxiy5nW!fZ3ZJEf;9>bHVSqz67M%J0-s88B>wFpyYsA_
z|J6o#jt^xmEeUR#qF;Q@oL;+0c^!nWwi~yb-L}K5Em@~B!#3S{+JC}F5(KxwAGz`Q
zW@Ot`4IwKJkK@t7E<|p-AukNA0bESMQVjd3i|vC45&bI%d!g*US=Qz2#B`P_=hZ%2
zb(S3qik>34@&2!x5h2twC5R9Fq45C>OD74oaB$kKpjUtdD^}Wh_Wb$t&;rGVK9NTZ
zu6&oUG0<;$a@EpJJJe%xgo@xtK3s&$!Qw+VBb8z_h+1Laef|8xD{DE0g+G8U)N1(V
zv8W+dkX0QAIs-Bj*&M3kzkMn1BNIqD!vq#@io3geiB@(i3^e5kv9aB*
zqCp@apJX8>Cgw%fa`Z|=W;X{&391UrCg^2mFmhlcNsR-MEcONz*m)4%zqGcte)*!C
zuX(GAb>D6IyZDsepC^|-V0XQ$t=*|DyGACzu2tWF(-Zi-{fXSOOTXX3#rc#;90VK$
z;C4=f|DiW2F{~x-mJdGl^|xF(4;Bu-5wsK@KOgo#{2O34m+=P93akR^>ZY0R>PumW
znan_(UK@#oL^1DvPm`Zdf$@9urwwU!I6O{U<9nx(ad(0`1zrGej6sYSi3j<)AK^CU
z@bCw$exbDvh>4BGSGJI=^hyG#*r_ea;~}2?eTM6;Yg7qpYWS-c!8S!o>iT91DyVQU
z1p=DlAniD$k|85WEkJSU##?T7eb8L7~rq1aS5!F
z|KV$ZujPpgy>j*H1ALV8K18b6%~K&9v}FsPfR-qPtgj+-l;z}zpy=N4ZoW`4i9&@5
z+APjL+_jB?D~uNW=e%q@WlDkwlsw~E&HqbqtEi}GOA~z$yi@M#2fcEPmFNC5xfM&G
z3DWnwbnimokIB5|%Jf>i3gE1oY8iC;`QvBp#?BS|c4*(AsTjHby
z^+)}~;u!&(uqfArkvsTXND{RQ6@`bAd}BxY|F+jSey`DrXQsdpOgwz}5TGz*`1>4J
z`rcc}^IjmdgjgwH*nV1Y*4PQBfN!E?_ZaOiKs4dX6(kag|LAWUlC;fLJlg`TVZ_gQ
znh!?d)&B5PnqW3<^q5I`gP^HJJ-rcc?(!v&8IA3mQM&G(2>sldEE7gsd=-pvaYi@dFQkMl!6o^1UiYD1y67mC0}!2H7-r9Woaf*9r%bs0
z1ub03PGVrPf3WN4@LR%Xe41F7p!Jc9Jn{7c720PARZzaF*;-x6+s+vV_eGrVI<%@c
zQsO;Rw<4GX$nm3b(TDitI;6Yt%2pTNGXynR;t4#B{(hR-u_b9h8){_tX;^vAtC?xG
z1#VbJuNS1GC=FA_ISbBzRLDSZ&Jhl7_(j?5y8aCe9&j6WfK|2*V$OR30C4|~D$Ro@
z`OT3~Kl}Gd@Qvt{prGI$DQ)ewD_8CVGKa88(E10MtAijl&py2mG;m1g2nP4vvJ|7`Q|`%83ojpQvdmOSp2sYygtA1s8ZlF-m3>(ATLZ*GuG?>=RM
z$e8$U4mJeqU|{m)$PB?;GGKbaRZ##``xuperQtx&1re;92|u{=G-tJOm~7DytgTE
zy%7!-w`Az%$VBnUq627!Yqn}51eUG$Oh38WmE%!?q_q^wF8o{cuqqJX4mk%N{ZBYy
zxr-1wotYVgV*rMGx5qbc10!IBjFKL6{Bg=Zj-%j+PGUdg!H4h&2)qaT3%U+aFI`VG
zEkJb!5&Jktw}0R(fAawf6fIzo4g>j_*cn$mm+Xj-?ErMB_5{zzA(^Wh@cj>@c+*l-
z2SPN?(hK)Q+Q5vEV&5}gG6+n;huu|Het>Oi`~c&)zrZM-u4e$r*PhE|1_pbzX7J(}
zNRfk%oX;UCH|N0{L1NlL*F_^q&>0(Q{j_>QHvz8-3+dIxyk6sJ$aEKA(y6o|{KNYy-9&9X_EQ4_$A
ztiB)#xdc@|ssn}*sCf+^AMC6`G%%s$5K^Z0Q-JnR`mhUYdB`%^bhWiGU)q=ekXYFz
z@8BmbB%iUY+yhV$6%~bV-;hh$vxsF5IMDLoZ&z$Of5_F6*Xc~`_jJ03P@d?yZ(w-k
ze3UTsmuOJ-Fv0ybd}5e%Dd72#i5jVOvxQ9wuf!xCMp%)mTnq|hDUe5z5M17e;}LDl
z(*M}qjW#I`-&O%>X^9GXdU|-sK=>?~ko7v7IiU0TQ2vHL&tA{~iP>0>F4Qk;deD2N
z@eb7XSuj692?cu#7aya@W{w#!^N?4#7@eBR6AFUG=m$G(aL06VPf!=Y7$VA03X({l
zsh2)#=ipQBK-g4-umQ)7g}shOv2m`yK9e?bq)fLwZTiv9NoWabYEx5F>)3aBG)88(
z3S0YO#M?iP#pcD?_vtDp2{3m-l+Zy()z-&ZT3Y5B7a-Z0C55aY#KjgqBBl+`WP?>C
z3VLzI&*e=xjOxc2=~#m$zR0-;5XB3Iot{5`j)x14u5gs81acs#ScsM4=HO7=Qhf$P
zQ=QNyGPyzeyUZ|bmR~`M04^32*bDQ$Fhj8~igIb;G96{XQf!XuJr#B5-mEXs4LjqnaWZq0Zmg+nZEYpE
zLfCQetu+ve8mt_Ydq1GgkQ%nPNm
z#ess@GYFWU2R?bU^KdEHGC@qL3(c3X5F_E5-Jr=1C6oj?|iMUO>0|*n`zl#$nrnKC
zpu3GdC!DGrHjQl$dwn95hBro(*2yY{^#Vf@h2P=kFzP(DfXvPh;-m!STy@v-&cZxjTNO=74#{iaPBalV%@2GZ}{Y2d++>e>qf-AunbM~VW;mZ^ll9%pO
zW9vme2c2a&jj-cBcldR}ZRp(!9ffsqk)7XNW&*S$)B|!tR#DNdm$ar)1s>4Sxb;hm
znY;15MYyx?&<+%xCvXiw4Y``a4U^%-9-WsI
zKLwr$f%rwfLnS-Q1^`ExazcqDy`H1>7>1EtvR0(DhjagCB&_
ziid_)T3R|LPblAf%Lw*zV>AHDjt+XH!OIOFvnDq99~ggb`!&s4`M~U+>M24?=(~l;
zx)AW=96Si+_sB-Y4t1e8(}}z0*z6NOcgzGl9K)CM2huLs2Cx1j%v8t)PW)P4J^WgB
zT%MY0Wq_Op+%_^wbrj)F-3L9d8TvGQQ9x6)j;u}B8<^!iBHSH&Z_zU8yWXuKd#K~>
zp0rLEz!IpwFCTOvM!3BU0#~!-@j_~X0|$J5zaK$Y4m0zgYCY>NQiY%Lf!Rnsv$*-s
z@W(d40GOsrk6eWr?-8>K77zz{urK}Yv`Y3A>Rxm2=kDGzUxBfHnVL!AfUB2@{hEIN
zYcd2sQa)`*Eilk4&wI#<*h@oRER#gE8
z&1+4lw+-hdtAczDhy|3)GQJ@F3mw7LUhFuo@MJdEGWKCWXXlTooeO_`PkG=0xnej6
zjk0hEZ|j2Yg)+qpBH<1y_jlj3iIsm&elrrEb${jZeFX)DXRlPt@87b>J>w8YFFCva
zjVU!rnyeG)X)uYci2SxFZfirE^hn84Mo{dmpBHE5jfad~wXCC)Q6%Ivu_#
zL)Jg+1Vyb)gFG^SI$i$Z%i!Sgu`wj`^SWzL{Xtlq-7fE@aN>vBB}lHo0kduAPLj*q
z358+IIDfxe+y*4x*Q|R9v!N6p2=c*rTOoYwfz&BWOcaZqogIC69`FWyBvn+5a0+&9
zO+oLXXlhy-z5$7_n4cga86O!r0Cp+d2yt}7S6qaaeK{&0eEqN2z=i2=`T2P
zfdDW*FBF~Cbbc+Nf4{))Y6~V{lGl-a`KEI?kA(RLhvA66s_bn1CP=LAqXa@&&0#Exmt
zpKx2+DtXK%kD%Bx(Hgz?K_LQQ`0F(h`ykBMb6Iv}$im3t{x5pssIyayRG9c2HdUd3
z`ugMk@~K$oX1~jNDQ{me&6R}CoFeDr<>dwWep&iY;H}2j5Fa#y?_g?n;_GPuaq)fu
zDe%F!aJc>Bz9wED;3U=l5LrWQvFK^1<1#jH=Lp22x7NNBK=`wy2vQJ5)*kNAm_-MNs
zad0*dBOiPM<#xE|#E{Yzs8uIi@4Z}%F`%N90ke^d-
z8pU5pDK_-p?wlmQ`tv=u{c&$-N%57|u;;|1@+BjEbwEhr3qr)JBT>(&uHCq?10_)9
z?p>N;HUjF$%4dc!(UjAHt22p|UvQ~EZaSYlC-C;oM}MW&ZTH_RS8T%EH}4&omgiR1
zcyDsM)4WWnCq`5Q%k%W~{N6+pb~8A~90q;KTOJJY47Uh8dRt9&8ll-`-ki-jMHjjk
z?iEjKsra73$5q48xXaqgO8t!h3yilKa}v0&;pGm0|ivxLlSNmdBi5!ri_UAAOoCNpH*$Gbk`d;RX~
zcRjBAasTuAM8G|KEEEn$
z?BFmx9LIxsIbk#UhOEJ5clN&ygCcRiL0YcpRQjeMaykgan~R=eh!5C4b3DG)$;o1g
zL1FT~r{~=0ozs`?H=S<-gN)AtmpcvS>x@tweG{h{+QCmO#`gpsZ`7e$@qv8Nav
z4$sZ%;>$Ua+5=EO*bgAWdeM@43QM0a}E}PPG6WrB8Uf!VA$Eu;IPuh)+SP+r9C5YWyM3WJaA*)kW@V0)Nw$>?A
zxi2lt#^porlG*$V-a8IUaGJP=e&oYcOoZoUycBg^2VklZd21k>-N1sul=Fm7R4
z=#irLD|E=pYCxYr=iuNGNd`Rp={I0ZCrGq)Fzpn?d;DWjOW(<(uXv628fK!VA|iz-
z=DE4K7@+!@o+uU!3=9BQ=I85cEp)n&A~-N4gb^^T4{v`DSz&BE+8E_SBu1TG^cZUl
zI~zwaii}n)3E7p+h55tN6(*xkP87Xd`F?@+W$3%-M#Psvs=K-Auy#VzW)Qsn;7~Qm
zY6Fsu@ywY!J>V3PrAscCo}Lc4hr;dd$8~!21Q>;Z6Idb5O~2~nD6TN<2Dd$8RZeos)Tt{9om^c{HRX+XV
zRw#RiiZQYJ^MZncXU}3UK#hqo*r7mp38qaOT-Wx&5(P#(Iy&0l2n9TuVb@ML3}oEz
zg1p_z8qm)fr3#m|b6e-FNB~1vuP+0Mhd$4xLl8F){5(=tQORfmHwHd&aWB9|1~4Gj
zgKPS&UM}t)ABN)ymz9O(afF1exQTBZVBEc*J~@GA%l?MFz2J%%)QoB7Zh`?p(yG?G
z>r;)u^zmG(n`t`&^>3ug&C`C5Lk5tY6J?`vXv{MC?w?~z!z0n@`^rjF-mgI4cec4N
zEcL86TVm$=EbmORT>ipA;3_gs`&^=lo-i1c2%wtK%DWx+{0%5X>R?&9@H#Fb!4Lpp
zy)~e;w}2{2D-)<>(UfiR65o81s?U|9p56||Ltx2pvkOo(xmnQoj})2`Mq4H$w}Ig?f7d5((5)O7I&P(9CrZkfE-E-EbWO%uHp7juv=*=}FJW
z8I5x#uR`HJ8ESEqOV#@TPK@XaTfvi_#e2NAtw!Dl
zmuwG<*WThcL-uWLlyWx{6!kNs;_|;vu;R*aCj>o6@eI;^87bx-WenzqFNMhP8M5HU
zz`<#zrYPJB{hCEqQ#zc$ZPGC|G!l_+xzRJj{!_Q-+w!J^wf-Z?J)uBhz48p>?7I?w
zCXH6)NRHe@pfL`fsNI(EmfS8-hd&C13dv6(q?alP{Uuu7*qDNzJ
zqHQKB<7(2a18G5DKb0Znb+DzwMRkp>i4m4ht4l3d+*l31JvFHdx$q4GHf2yx$GQE0
zq=T{eoC&XA{uwiClv#
zx!+CD^71WEuzlzLZToj6CbH%zITx3Y4d{Y!eK@ahdR!g+2|X`ZkgX~%?^741w|yFD
z-(91#rn2!inp1n(v`UqIb??qZwDMl6&O<3&pKAmT*JG8yDpFd$@i)zw0XG!_;X^b+fm
z*V%}kUIywR%@>YO#q0{QEGRyQ)KEy-!1Fni7{F(;YZee4(NF?OnLN0)&WQp&z#144
z(g*`N@Osd82a@bmu>iNWMXVIFViGkobN8frVoK7JZHCh!ewQDNtXOGTqUTRqw*Z)X
z5wtU)Y--O?1|`J865B!#rS#FMN>O>p2XrY=-uvMjXtF^kn4k9p
zd6mED-EyPwd+0&ddMLiUAX6CVzJ0wsLQ(XP#*zl@w!NIiHjDNKS)G&I+XKx^M^-v;JSl57JP!;~_0sAy?R!1f8?;SV1^sIEX-50fYdOK&!2
z2B0Iv$8zw`^5tm3O2rc~lgq}d0DzJ?&6Fh*9}yDL1*pb5GSr)7?9}oyPtD3;Hk~hR
zF0A&?te5T%SV8rWeLNr!Pz!+Q;udX_`ksYj3jzBEh53dxDc7dfta}gSylS_57md!n
zhjbG}m}(Kj;GM+J0;yn>`mI-2Sz=$zw=ly6e6Tkw`p7)a*$?b|>&%0WyPcmg;}k9op}4<5LDOK^UQT?4A5eFO0jse&c*_p(x~{qmU{
z`0+j=+on)1z_s*<$P`%@Ene+?B-J;pO;%;8Va!V%BqVF+tqd#CbCf>PS3%nj
z*jACp{mB_D&SSvQPDEIEZ2=ZP!*{ddJtT9C!$Y>{&TN#Rfq}skHNOV%&twgmh9ch%
zgfFWjp%RW>fL@oj)=5)2jQ93gWt%uLR#S9qzyETtQCvU6=^Le;p4->+abXHR&!iyN
zc;>x6AbK3z0G2m$@k*eU@L>^sT>+;Da`yE5;R2q*v~DnsYufmXO6UO6b|?T?f-f}k
zja|i}J26+b7E9e3g_ZKW|MHfya{8?j(VlZ+VhPt~i&xC((K`vl1ogW&NKp_NL{2)b
zPI$IQal#xNqoA1crBQ;S{+Y`It49D_0$5bHx><|3i7C_q=j>lqC6*K#9GsT#2DS@_
zm(l2+h6b5zW}toPWhNJAV~v0f<>K!ZpOl@M%A?H60`(m%1NK{ER0i`6a(9t9>@0)x
z^iZC2Q*dDkMbPmR1{MvihG~80(tKAAR9{vnwN`SYnMDf8<&~gXT6CZ09t|3*-|`PD
z&NBNv1UdK02A1V{)4-w|J}hhdM~|lMHcq0KmzOhJ&gz82_pVB2D1H0;{Wq~vK)tVi
z{aW9Gfvukb<#Si;CT=PyBwq&FPw~c$-gsel8Z_J^J1c1jie6|U>*Yi2Sc?*KD=sR!
z_?!UXfaJ?`4uC#Zg19h5t_Um`^A3>-e$N@Mgpz_wUoqTG
zdxud^c0Lb5c{$*avnM&>U~*;fNs0bg&e4GOI=JNjcT|Ui3a|Tk$l`e9`{LoI()NyB
zVJ_};ciqsStbSk2oXu8HU*oW^34UnIm#qMY5ARR!^QnUiETeY?_(opKgBr8&npxaw
za4wuBUIn#-^Mq>#>_-5G+3muTu)UyXy4&p^c-K)!5v+_O?;icEIkKigClhpN)q*by
zvh^L`TN@xXnI4yYN|f)useTyA$$=5NKlTA`w_*;6%b?KnP96mc&n&sWJ`HlKXY
z`$R!O0TjnHFQ!T3r74**yn{bG+It7GAfprav`76Nc}d>7Z)7GiL36R$
zPmX8d#gKZ^8oR4RS<5XIQ%I{knG2V^Omc%`(5{&dD`A7lx7tSSYLvy?7de0s^(&{!
zuUrrGFeju$RrX7Y`GIytqdaW&c2<{BEihKXo@X36K|C-32RqPm%E0n8H_yS6|8x!`
zNn#<2F$*wh286@69&&<|^YS$4krLbN!2~n3xclwfXP85}5`-UFAd;3*P-S){Nf>$E
zvjU0xq5#7T#Pju$LLuIdVPR~hGknf0k!NJrnIhvngHECmSoTScpN-RO1(|`cAxX|>ed?<4mk+%^BVVf69qt2Z3B@Un3F+f`ufJZ_yBW)I5$!E?&*#tC$wd(2FlIq7UTn(jSzqsXW+H~!Y85msoMr?8{Q>;sN;~llrvV1Lv
z&3pwmh5CJ@Ky0c!oP3w=n$1gKWGMf-2VB?ZDMSQscA_Ru4VTH9C|w|*Ox|2m<&LrR
z*H?Fc8N{vDatQIbyqw&dH*W$@sY>=Z!*Gx)5F_Wh7Jf)t{xxogU8W_9;jlG2Mo2*gn%!#pD|pU5++-Z{^XQ6
zGu=L#B{lgk1hlm*V?UFUvs#L+xvtgirmN`rsczgR5~&H^9V%)Sc5Ax2ErTl!-@}+)
zL&&1Lnx8oM`*;!KKigF5*_v_o+W>)SNr~+*F?|>Iy+@Mbe_fGyU;W*u;08U3)be-o
ztQUvr3k5f90N+`yFa8!Sd{yb{Hot!HGl`&fd+>sNCNW$Z29A+B)n&PtkZ-S7f9uWp
zVwkag9#;dJg0bBVMfBIFBjoT&Fg#1XMQhR=KGm0Lo1%K_>|)UwJ%QCi
z2{ExMaFhWzpA+2noZzPqTfoFxoW=>M6wsEy?YWC&U7Zz?oN8cncAhvmOQVSC-`T71
z4A?C>>GL%F^JA~C)SGcXhic%azcT3&sRI1YBM`_y0_X;z4czR?Y#^Oxl?zTjQO^L3
zK3Jh2^)E6N9DsF;S_gQ@Ekel!s8cdZOG-+B4}NWZ7wvtx4HkfsI@J-QY_uL3Z`P&EdY>)lNw
z5dFPrQpex3+Fkf^^wayO6a-bk;d+37&t6v$1(Ix4io{XRel~(Fvs#n1^-nlWT35ur
zyeYJR>*4qCTt{r(vj>+pn0_tvLvclI#u4O+>g*z5-u?OWPsk1tprSzItT32=LnXUnEFZLYSZwJ?8im*lB6Zd5
z4&F_2Z*WKJ>FGgS>+X+T1-TO#n}T=~xRi`!Y39#xg2B4m@FfE&8z8v)gKX+R7t)X*
zhv;K}T3KJPN`%86T;R^}MtV(vcm5h+hi~~`!`Yu=CoSbGegMfDX0Zt1G0J|+FfpucF=6Tr
z=Xa)QR|aSal?=TX#qK$J*MBq3Sy%!?+29Lc`(}0Tp3?gPJrK5UL&0;_54cDNj(>j3
z7p@4AWm+Lf(5i3h-va$xW{V1LDi9|7Hed@TlBt^7+q0Pj(MbJqekirNnJ5}}ZOT>WT+bpTs~L)uCUmz9evFb3h2TE5Nm
zZY^+Pdg^zH)w&b+etKLJ6@7KOM^FO%3cS{+KZ7Wi1(PZ96HLv&B_a8G-?#Q8Em*sO
zCq*%!VA`Nx;8qiYP5`HQ!$vlwnb2T9qV%YZxlXP9b?|xqA_!MNLR45@2U~EEP6`|&
z<{|a#U&QmH?>2k@_Ycd)cQeJ8UIzfkNF2Us`gb#RrPd6MTr&wnueUF9e(4-*IRt?^
zVsdIoefqSb9%A$lOyuXqTgQcLhQdZF5BHYD#l`K5fQ8D}Eqo0G(}0GGf9u$gZGpOx(1Y>`py?GazL^+|61DiF6HuMg<0v70Wq>c81LnB`{M8==STY
zX^@=lNvMs);s14DM9e*xfOiD9#Q%K9!u+OV#{08|U^B$Z*ErVVwMc&iQZSFb1m}r3
zzzUNfMS1IS3JgUfGkxw`TE@P5b<+;IWUv}_&`?oH8SWx(K+x(0R&wPJ5Uz#ibB6Ysu*@SvFpdQ?pH0>u-1!{(pwQXf
z+e6ThpFmWX06Mpihla&0)m8^EBxLNB1#l#vyl^x5=mcOiJ3B61H*VZWIr0ZNT6<96
zVqO|xf1dz5FD_TA&#VKZzkJAQo;;c*t?)MD>Ad*+8~^xG1My^`iQoPFEaE?~8@4{&
zA=ovFmi2ll|Kv8$bXLK6I5A;QLDgex21I(G8{LF!;}^ubc_253_}9hN!2wot`fSjX
zOamhjzW{(j&LsNc+UCC9E=a?;!MqJrO;EAtI^+VI&starF3&uvbo|E8#DgTbz{uECFomv;pY-?thW6qlgDi15;vvSYaTr0v}j
zMT*fwmPv&^#Cmd{=yc|uxH=26sg9RJ1|jC&_)mgG^CW|Ec+SGa1-<6zR$hRHnE*b}
z+Rl!Dvgs0tPl0NLwVhFWwlsyWA|Zj1nV}2V1VvV`VV!bT`O3kidj3mk7NDqzIeHdu
z&8Zx1=WlGTBm;~YC+ah@mR7+Kx%wnumuwQ^_S?YjYPnmMm6Zkal~NBv^7UC&lA5Gw
z!3=G85Z-K2rh7$P@x1ZU6Y}mwcGKmN_d%pcM(QfVrH|Uq)rl``oA~XP3Y~!UdyBf+oB@zE5=uP%U`r-aEBa@H@Sl&!RNc79|uK
z3apE_ch$e|pJJ(^`&G@!o^*8W%?pmFvGUe2E>F9kno7`|-89Vc;e=PdbPohgW-o1+
z=k(AbaiAFiDQ;l;Tmh7#ASgU!JV@)LSY}a|2Vl9gNPQ_p4s3(jW5ln31{u_~g+k0k
zGu=YTZmLOzJZB7CQ0Mt3XjAds>nz+cz$}U{d0cPT;
zHJlZ=8Jb(r=%T65L$`c0aX%Y)GrNDHQrfe;5we{Y73I%l8lHz@2p=vJYow*8AAr`v
zBx`VC#PQme@*3CoeCG+O4W9-6hF_yEKScIg39SoleV!f7v38`4bDi>~TR({&P>Rfw
zSc3}=Hm8=B#n&ruBEd%b=0q6M@5I!!Vf9?qgDL6V(9zo_Cg;4RDRjWlkrmemU`Pm1
zWq7)>i!32{D=Fa-SSz{h`-gI?jX+V5KOZ&!TFAU^2V601D=MX2rH+_UGWS<5(Vej#
z-UibmaR9S}Dvun6#-3{gpaul@H~N9wEGaDoan_}peg_C~vPvLYg?ulfCvVj(4*3lG?6+uF0%^NXLs(={vy;gwICl)?LSOw-XqbPjRUzaYfn#-6lJZH2
z8zCNr1Cn+1Jy^>Aw+Q%#zXcPR)BX*B*Chiq2$i_6T`of48AuFGXnGdic4^2Ul5+vW
zm%uY{IQ1?vJ=Xw51@MpAv9Drcwjq63%dqV8@5^YVY)liCkszF94v~`?Zi7mV>}x(!
zNxJEZr4f9{m$BbPyM-k!q{pNl;w$Yv~GoR-b
za<6geMT7V(2RKT|nt_SGUG5M-r+zdI#n~%kWgAFPmhYYHjlfxD^F4yQ2Ts6@_>s{|Z#XS|vW2rL
zZc;A$0QyHYCGp(PJ%RoaVRQjVgWFP5EZ45-XNz#E!B>RZRQW~lo*y0>IwRu5(}6W6
zB}IY%;<`aQK8=2HIhMufIV1+GTd6JpF^EGF1+aUs1s|RIX*FW9kws!M)Q@&8oF`
z25Bb900E%-4BBo|Ce0xrvY_55LDV&(ToIDTb^IpIBvlHv>ZHLs6xou?saX^m6MDyV
z88q6~?;LRBw+lKdn6Xw*Uc$
zmXq^^t+x+l!;4Gnh6kw;S}9m)$)PH)>=_HyII4DjPo9Q^kTY+(LTm#(sT%bcTMl+r
zhPyYaPLMKHqQ%7z0WRya5`s(%+#m4y(`I|5L0)wYd<_Fn?yu%UAsk!}gNxr$7om>=
z5ZZSg87X$(agegmxa<^bNl!LiQ*B1yq-ZvBtq!80MD5?W3YY&tTMV(j>f4N4!sgH6
zN*vr{I6-t*qc*uq!)p`(EGWOWa>Ql5di4dJI?vkrdc>$|%@M3=5K1?LJc*MIR#G%^
zFx*gT_#=gxt8o=j@$c^LF3w0#f5S-YBhw%ED*Xej09dx~X~TwDhaAHy>xB4*^jK74|{qwUL8~svl&fJ!OfIH$Of*c>PFoK
z0Img|;%+DJ>+9pN10U!zV3;Un_&zH-n+tRA+eS~oITO~7c!KtW3X%TG{WCRYCLrz~
zm`cv0=Cy?S@AXMe&NfvgZU8r`gB)A6YFocOLJ#2jY_3iwm7EqQG6jhduuRFxx8lj(
zr|ft0O9?R&k})tafcko6BP8MIk`yBvM1d>I%bl!sFqq6P!UTxC_;m{;Q+s)gs$bF8
z1d?;O9GrgekG
z93Z1rYcmZ>`S?@#l;G-~y`uzP+DEJ=;777+bZypRz(1L5@k}e@@%sFwvjBJ;g6a{f
zq6R^97ayxy>T~VH0B6d5(yd6BDbNIFWt^kjC=iFRiC6c|
zvtVLNbBcouBI%*RQ~+tXx-rykvd7^n3=xkrRQ2=pAILMa(w4ML6@%Ihw=7Y>p}i5
zuj!V&9cih?uuW
zrButpVZBRk{477;4!|moFfu3}0}Ou_u@V7*8N?}&|3C=~nm=t74Y#_uvSAqHkQ>(7
zPhowbsnPAxrk=k9jf}SE!>{T%trtY5yr>iTei!Qcsu>9h$wtDg&w($_&N66RJcKSg
z!;;xrp$EYGiua+%Zf*)(XK!0=0Duu-0o};nCm}m#481
zlL39K0ld=P;cOj##k2dXu{6{Z;0+DneZsm=Rn-9?M#+OA$zank0?j^tuC*|0D0$s6
zfi+${1OMLxxHAVLB%TJHBUbLO1g-^PU_1=BU^UDLuxJC?vlM1tYxOyl_fBVDUt_bd
z;Pfpy3RIcwXbxx|d`ZCz$JzNOKsFn{hAh}QIkNz#^h;^I4g}b1Y+Z&m9Qh%A`P~&3
zU9cD8FW>kFI7cV3{~T&-``TYIn4fBdE@Ju>gwx~)|5}Ym_njFDvw!X&c|XnlL3^k*
z0@lzt+H*GLBK_qfGIXRrwU$k+vyM4p(J%>c+aorRF$w2+l5Bmla$7}#yD
z)g+h9QCocJIG($(C{1S+tp5pzE$q$348EPcKsuE^+}-K6%#SCEd6sS=?U?|GRABn2
zKS@=?kNZWg7ULrH$G=Udf_`&wF^iTVOA9nB*mJS8ZTp6eJjOeHhRjVl2SXA-h5%d`
zkZ$pHaZw+u();cvlIw8my!$X}lc@LeR&zbbxZ!^8#2TA6Ku4>;u{J8V7ayM-b%@$D
z@`TSSIeXGH6xL)yXx>Ko^Suc?f__Dq_Hy{ja_6TjVNMK7OBW$o9|{>4ZA}!TWw0a`
zq2F*@f%k;`+_~_NSc8MQo4JGc%`sN~@hvs77B3D}cntZ9>w+c+TVTNr9+qe0RV=3_
zLM%Dib!X0$6tNm;#2f0ethn1hO$c@^D+4md>h#|rL53SoX;%KX&+-Ciex*nvi6Mvd
z&QQ@t2dcvhN6wArxXW`}>$>|!)Y$|>Z7)8-%apyvYQzJlhA0V1
zJ?XelT)VRuNw{Kold9-tZf=8mu=ssSc#CqcgOU(si&_rDm(b0?D6ocw<38|S$vvX(
z^-kVrFA$$J>dt>|0u;kz=~|BOw+?th-nnF+>Iiu@+3{(>#5pf;R&d#@Gf#^fv@036
zYJ&cL09vj2s&LbQ+W5MXBQm?pq%?SPg)wKqV$J*rYF34>RbW@#*hiPL3L*t6!daPH
z!T0^-Eagqrn=AkUPAMHTSy~L>tZ)5~f4;W0EHFCX_+KQ4g|8ZJH7~;zi7*jwsJvxV
z#}EiH+$F4edyCfRx)cB4U!UU`s!6BwZb?PFu2uPm@y>i7-B#nU=DAbQAQ`8T+Rb#?cU{U&
z^<$(?k%#TZ$3*Creyo%NZeUkUTHDTG{lYaaMOQ|TJijq&D1G6%X^jfV7
zRh_<(j*dpU>X>93naRr+v^X~rjmc6vnSIc0Er={68!dsg^m0z*<`Y+BD%AoeJ46+^
zrA$VbY_uE&3{kiL9miifx!cVbOR@qSiprByY(7`?g+9ITF3K&!){d1HJ}!@s+@lJc
zVUUWyrBOn!2(x42kXca}>sOePqM+Wt73plJ;KMhF+wf(N!w<504uW8lyZ4l0ytH{{
z?i)oUE>_h%7dlubG0=+6&EhSYvXUtND8*wo)TSHkv;qg)(&wO>3mkIDLx1!Ncw5S|
z$-2ZC-)M>A+VT-3%ll{bz47!5{r6r*PA^pbt!C+9h78c=o(qz=
zB2|dA2lZWTB&h1Ap(<)5+Lxl&gR|oAiFb{OO!P4x>nG+(&MtmlHqWO0u-Ipfhx_-7
z`sJ@q+CxKOYHwxLVB{OHR7`biN2&KUO(g0`DF2kwccQGThoyW1Pfj3unm!l~;XJ-R
z@e38WsHZWK9RjeEeHCt2+TM$&N6(*P=0ALs`~f+)>K%UiIq1*{8|LKm69(M=`w`}5
zWJIp(l%vCXBQ0kRq)%@oFzVy+ww!Phj7gOtHb?oXeDZd9Vge#h9MY~L`Oea+2tLt{
zcQX=My6&OA%296kOAPbU^7z)+=B%WlgnM7{uEKGF!-ApFkOR6OY7ACxZf|0|jbiUO
zPd5^s;e8xqnknfd2*@K+RsKwyr$|99o-@y8Xw-cE0HH%-#e&>8(zFLoDTvlfx4e7LUnt`<+~Dv~fY5%K_zSFH
zPS)-^1&M5D`U_RsT6CiiiV5^XQ}$QQz#11KC(zTdYtslrCJR^4A@u2y*#CjA4D}}K
z>)^`*1$jv4k-0#KF_?wzuk(0@)(3!DgRcIu{R03u$Qc4_I63%`W%Qu&{%4UdtE(r4
z<;$aIcFpxD>oDcGFH@$|8HO$}e&+5zDrA=QgMCQv8sRK`;`rX})l>UMh^i%d7A5$Q
zJ+;?r#(FUyai#Ne2YnHA@MMv|m8lYn+dGL=qyaLZWqx7LYHJkYM|YsHJoca~(9&=b
zd(xc`52ipK8tv4F^=|~V=dLY;qag%jU%!5R2dP3~aWWg5wXF?P8$Ih~?R|5pLPUV%
z`{kon$=jC^e3ykt4-Th*C-ywa^vdC)>Sx|ik7Z&sA)egB=(>_(42ge}Nq=u;
z@l&3oT4N9PlT=i_FkJ|r_w)s%@*q>RE(a0$jmfX;ifS01Udfim5MgmGxX?BWV0n^0AJqvOnF8(nAv3rd7P-U;M@e?i1D
z0iD3IAr93X0{WAb63P_5&2E-?Jn_myRE`UP^FU2lvVsUsVj+&%K42GWd``K_9cWfK(?#PZj;~CJcnikU~{f)(+-*-l9NFOnl`(9!Q9^
zOtw;Cez%ev?J#BTzIa6KIa=heUuf(^{Uj~;;V}{!9j%pL_qVe%Y=|59M
zKiQ`GH2LF|ts?7l7cN*p4Kl#EGYzLM+^hZ)m>_Q>3Bf)`|5RaA-**9
z(@c@}h4w%Q4eIc}kSt33LTC?~MF#M`uGA&vg8m6mz{%-p?56aWeDNM-govq3^fLX1YqM`3!}c?5}O(&yYe{!hc+jJ-3DIoK*VI)sZRx;3~qZ
z{}Zkf%I3)I(W!D+p!Q}sbxQW3Y_@m608-oy1zI;OKo(f}6i7x@MG%)iy{)bQfR?2&
z=BnA&jAMZZa+W0L-Pgi=F-l|
z{5}s5;4i31aC-CzBpgY%ui6Zu9c#ZldGdsVT2*Krn!(!JfAs}B%QwDDSE4}I3o3NN
zU|7r$6lRSMjf{}Sx}5S;5vNzrQn#p0{yf|9b@ez8Gj!~vc~xUF)Xt??JG7}7{Mkp;
zs87-pFX`oS;st+G3CX;(7#imcubBJZwtH-`0}&(rx8+ciZBRb;|5E=&iGlP}bIDE;
zm8p!I3MD`5qu`DJ2$3wj2NV`nhM5G!#>S5M?HvI0)Dld85eh_=%L)LD5XE>vJD2rf
zfFw6_=T{({2ENYK*v#zwDFnx}NXW%zSp
zPR-3Fs9t8nxVSv4;s5hdBop^p4F}W6syMpu%g#JfwHP|@w7hgC^Z=*q2_VSQEf-JP
zotCoAWRsw~`*bZK_!=e*l+P6(KKu|sLH?fw^c5UNAWO*X0x%2U-c5^-B)a_yiLg43zpnvA1^`K-|;f
z9xgyyA-UsAT8>G(z!)eyk=ymJb^?+dyjkUa!6>|RbK@$eay+#n*317PgSY$}-uiafW&17^BfPwI#)(c0#$uOf+6BdbTO5(`76^{#CpR-qDk4v_n*V_
zA8P_yn6Z`8wFRg3BtC5T2`RH_-g-aKOw)`n7sFuz#+^~cjBkxMc`{AwvMH6!Nfz?p#95W@4(dD)s-NkBWB^FioeG>z}8%YGfV5$&z1YV
zZUWREU=WJlTyj}|s+INHEckf09oMlYLfB0+42%s`+?)$0k1lTS@SR%yUC3c;{_|wq
zs)72WY24|3^~>+qsEm_YBqw?T!P)cdLpGnUH<5VAOhlw;i#+XsDu)vW<70wk78krP=yUE7*xauU06I
z1xGVL@W#P?IIwFyT~!X~#e49@ewWSusAG}E5(k$(ipC0HushuN$NeEF*nQ;kY@$g`
zAbaNJrT6cu;%62XK=;onI)g%gw;qb%Dh0;(cfA_?BA_pS{UScu8kUMFkATeGJtlk{
z!%zTb*f?R7bYfe5vOV7x6}#<+#XkkcPKI;{V?^B>wWD0QD4hseDfPqQ3tq@GQ~e67
zo`wmXC~iKO%}qaTbNO3CoglJ$?xf2Ltdc605AD5l$k0Eh?d{9kvMB-K0;pG<
zxIQsorX7q93fQrtsi&ZW@~>~gGB<#sQk%gFcvn-S_qGR*5+0k&zzrxWyb}O3qVp+;
z+`c@B<{~eqhuX=}T@X5_0{j~&&w?FG)_SI$2Ca;qannb+97EB{QlO})6l-19WVe^&
z4)e)*P{`Mu*kyBD_&TIxf}e0E$;Vi+Hkqx*9`sv`C=>^iFOI#BHj93E<0Ud2+=lvA
zTpwz}SyEwB)d}oZJP5_@7d~;$nP;a3+2#)Q6Pqx=BW4cJhNo$n#Ef`!QsGIrps3Zj
zo?x2tF&_GfHj}=ul`QpVG!6mTaaLlozS4YZ^c;hjE>>0w-f7HblWufK_Xb_|+jk;5
zjhEk%m826YUFD&T51mVgXF*{W6m&r6THG~B0?cWBSF2O)wYhvO+{nu@g1x9Fp4{rh
z+evy|=pu~M8iIfHsp9J5h<4%Q>KB7H&Q}V15RK~Npy1#$;GGYaaV|V~tt7dZi`RR&
z(n{TMMUjs+fIGdc#|EyheB%|gzoRX*-sUPy(GEx9CVQ)KLI`Fph}-^
z0j3UAv`wZ|lDDkhr$o!^MdEBC%f_*`wKXj99lK@lj|YQ)P48PT{PT?
z5=kOthDOSTMNc%Gc%M-gv1P~M25Jkqm6pfKG(^wfnmyM>>DyY(_8P?DXr4gx1j4O?
ziyws*aLy|y;-Q1D_u`B3HG@e>n6Y~WHTgld@0=Gc=SCC71_Eb?Q(^`Z=LFMwt*RkN
zfnEq2qUUhUe6>&M8(Y1nLh6bM$b!xh1g9%SV|)AO4T+ruCwA$6pG$b@fyotq?=tGNEz(h02ipGO_1i^8gKe#&=T+D%mRDs%PG#bsq
zA|-lL>V`BoPA*ZgU=P=0kv?e%Z**xIuv1eh1i_TzC%EdUk)z_WVB(GLl(2qZd28BI
z0~=FZSjEVufI2FO1c07$M6T-R%o&H~VA!ycQ*RodngN5%eBo4bxRydvLy_Bs78#K_L#`;ovlBJSISh
zpg&TDM^Ky#UXcG&@#b;)7~FbFzKnG
z27eR$0uDIullk}Mt5WDPyr|)!x^yS;{p3=^GqP$BkC5FJF!V8kHj?`UWLte^iz=0n
ze1P0hD>`mIwdq{$He|B*peXMe2E272fX(9D3nS2V_sUjR5k
z@%SdICa^BvM~Bc?8aN#&TS06zKxHB$F%A+w*AB2M2BJvEV-G}Lt6*ZR?JV#DTrDt|
zv;6!Ipi^(RgbrS_ibTNs-)P~NGWRR#Q?&Nwx(5CSkvt{1I0e_5@rh)QEqZ83#9x5!
zz0TD*c@A
zMVuXJ?4Tx8e(ej?dg>eUCq1bH1_=?jg`0u~LvtRQ-Tsjc^b2_wg5-H`dHH2d0Q
z%5)X*a{OlZI}6>F|39-(-}N@wL?El+PPzQWN?CG0|%KFMaR$eN2xpO$g+M
z&|O>*?$4L1&>Lj51p52Lt7xdEKVzNEV=4;YaWxBFARFj7tDO+YCQ!2i3VtPFOL3Ln5DD8gXC
zRzNvy4%rIGXTSu=445(NC)Gs|3Pnbqv~%70VXXf_H1+2H!JRjM`lS7#F&hm-eHIxR
zAwa=IbMN{_WvVOq(Stm+?3nN7Mohu;1Fs89uoi+
zRe}Y^dCx(R+ijHoPZaiy=`GUea4bj~6l-4y%H|Mu0N$$lbv(pW+)1%q_ggK~81*Qe
zIsD-6vH)&Rz&bMf2v~l61sb0*$jPAMdj#qUIM~=^?dD#o))o{Nu5E1%E)rS(ud_j~
zfT)|E0h+&Q
zg0o|?;XGv+1wwG~uEx(QD7ao9CezW;xmyBeq~^Cyf}j>^S7E3ARl8;n&F%w9X^5bTbQsz0+6HeZP%{8`jemH^n)D_q6O>CdA%NU{
zf?C2rdVRwOuU93UmUW4V{XxsJ784}{KFH1dln~k80SL5$ws2F14-HO~H_2lKMhfuJnyi4oopP*=38g
zVg9da+ov8l1qMwow?cd}pP?FyI>G}<{I@H)eTz)Xo=B(HJv`I%n6Nj>(UIV83nv~6
zT#SkZOVu{AoNR{6OCc$AII4KF06^0SV`j8nTt57NpgH*!n(>>jOmg5hj2q?<9!J)d
z`T=8yww6v`(;m@sina|tJp6?K2FQMptLyPx3IS#ssTy!xL^?ba6rc-7YC$Li7YuvM
zOFuy}<}>O9;C0Xy57AzA6`WtlJY9F&3tO?uKJBI!n*KDv76(U>=pqprQrMi9hDaf!
zj3IjM#Ex9Gv7v$=U)AILfVirG*2iPMrPpgbiRh4%a+eNUDkV
z0?6S})JWuDT8p}*NCG-{m>?2lf?m|{6=`WjI~4W?i0vsMuMq)ZQ`8y!<`P@QTC09J
z2t*LejtEiD+LHI`eZD%bPD{l@L^#P$rQkP(iGquTw96eVV7C~T+69rMYl$_98LNAA~2r@4Y+{7_U1AUH#`U*Uy
z=d`fFqckD^Xo|u<{8b{f_k=jOFFjq2{`Uo_h)wR^XOZ*c|z@!J%-=(Lmxm!V2@%?j~0x1({{o${-DzA&RW4#>zC
zki|%Xn)G1(^n@NFTisLx%NIJXY=$!J5MtE(|VZpj~Kka-ouj8%2C$AISW{CQYpx8XbH+`@QQ1*PWQM`ATB>7Ty}qhO4R
zM2NBX7(R&SKFuymS2<7tMS+WhGcN-(QAUc=cms`Lj+0$3M!{cbpWiya!IO~|v|>Bd
z?~fd0JxF2)kQD`!CLRPvy2s~$j>PaX-5vJxg9#fPPPm8s85;ZN&klF}hex>RS;g_I1=KcI^jCwyIPc2y;yE
zIox0ln)HcA`(+^a8sjS@!NEZxAOZ{l8lEWD{@A9ymog7ukj9egA`%GfNFW2AA%L$p
z!-Bb)lt&QEBGah<=Rw+E)#i*-(}EHbhKkscS!%rzii>ZG4pawgoCgKe=rd>j{?mR5
zP8(Z8B#A0=zk+Na%#$N!)PVsupS!`*j7IDvpaND4%)1rt_g
zq#b|Wce6+Z&I6n`Z2}lcwRV}>v&&p(NV+b*234Kb}Qcc-5Dx)+VK13*^pDM6f5-?
zC}zS-1OE&5>-3Bnl4N8cC*Rqh$j>I?H;lF+VMK!R{1y2A&$C8D68_v>D@~|8EC04C*%}~gX4>btip?saAgt%PgFJObDV}Lq2+Xn
zzf(SR#E%T0<^=MTZtTPD9BTAio!IY&$7Lzu=hnx{+O@Sb`k=SKa<45iZ-4(~csPrg
zxynbFX_#W9YJhfbL8jz@95Bq`cbdzLxHzO#$dp*tp2a7EK26_m!rLL)It?CUNbTCv-he)
z$m)>nyj$h)a7UvMw=C)GrPR+WK_-Jn0&!a4_o1Z+q7&Dlg4#oqGWzkVy4POj@_vPz
zR)wTE$zjM#zz@dqbK|C}vw>u72#53(Oh=h@x4>#3z@GbD?qC)tBlPPc!z+XH+J?H}
zdZ%i1a@r$S4a&FE5hyUatd)}XCMj+9O^5N=m4mR{T-F%;KW7Y#^DG4gWXd0x3JKTY
z>aES;P*Qyz)=$Vr-p-)MRf~PtkYwwbkdSyGCSL6jpQxrPU&poZ49;2b4y8>`#%m5^
zfrwk&FvnNg7e0VC=tY5iH_;9vH-k+~gE_3eQ|p}S=3t;d=VM?}wmi{whVPTxerYkm
zo(?p{+F|z{?|87Zlv+%&@TFReoAl)Z)Aq6ZSws56?4uoVg(CqJcr`h&yfBH6`Q1Y=TCN`qr&7!`H9s_S3
z!|QFBU%vt`_AL!`tDC}%wKBt&R9D6I5wgiN3r;>;NJ~ly>qS^K$-SRj(ay#ERMxNi
zx9{T9(m=q07W4Ds#MWQCKx&|HldICnhqAFDiFHn3eWcS$XK<
z_(ipa$t4lp&bOT-5;YzB&%%0_Kb~4}^f0p^(F%8e*(v!xg{p#{!%!xDxTQqM5>yTP
z@WQJNDn83zNn&OEgY6P$J^eE%)9w}T7k?DDv;T+mEZ(p_g
z$SFmgE$9`umYTw|7o48-TawQ#pI=n5T3*ejq4pYi{5G>L&Pb5%R=DH^BS|*m;LORP
z#nXL_6L;E`^PGyK7567Tl2LA!Kf1JGpA{w$XNx9+MM;V*O3WXup<|Eq8$J+S!oY}iC=bHDR#JaKxdAMW(W=uRS<^Sau&K4<1*hb>entL%rX;yYXJ
ztj6bih5Lp^o75)Ui(`xZJl|#SXlfxmi!1)h)6=txNKhD)!@+j2WSVisrJ*8X;@evz
zT*Hf_aLoVa{G#y4P-|;&KfO0ULRC@IgWQKmvR9EjmTx-zSIg)mMn##y`GP-zBHk09
zBs1*;M?JTAe=PU}ke7e4&3xp2V*`WSwTurOw)DnXcPD9K#3BWISm^i7NdRqT&z+gcV3$nruiHFYe2mBO6#)5+iS
zAN-k;p43qrQ`7W&)o)*JW_b3m^$szmrxWY73jGq4ztta6CQ1-|;F(6fs%T?wZe9PA
zcbg|WBXPZ#?u>6B_Gemi)J=|yInGgUoGUpE$)ksN9?qpJFP%xtd;o^Y&L2v&^p1H7
zOxyua5&7YiBePq~2ZBZPM*;K4k57LbbgBKp6YmI!Y3l^kH}5hRppdpQI}Gi_`Y+C)
z-`s>?BMgc1QVx#Vm#=NmZM}WOX5ly&93_zXhWNKXRWeWQ+*bL=@ZYJMqGd
zg8Fd@5RsS%pnrC*&HohYBRA6#tugA~WsAG0&cf?|XT9v0xYf+sWL)Zn%J!nj$l+*5
zo_+7WAHlV_eY{qKK9!vI%M0PVG2)@;32sOTR*m=FKAkUZ*L}$18&_izmG5jKJ;yU8
zq3F}f>5Pjb8Bpp~MUB4ZaN@7Ao^nki@NP?ueB@g`x9HoNUl5=ef15Bks;AS^oWL_?
zc&D|Xv-$I7i6kTT|A(pfj^}#+-^a6eM#c-tObES}W<{A%
zq)1X^6hb9LQ<72AFtSU1uje`E^ZxzLf9G}_p3leg@p#Pxp3aW-rj+l
z51Dwj^W!F)Y%RHoGSAMNDQ1>7oB>w9#x;LMF80vKCRVUKvNN~Vl9gK2`PSjHXa4R|
zRdpLFW|xf2>sxnUr))mN-SB!Vt=Orj`%92S28|H(;ujbAiKb5uoO9bj%BZlfrSB?%^2u@Af($&M@`s@9lLyU41F>%iS3Ntb$$D=Vap4Ddw|P1>4*Xd#%;p4tf80
z%kYrf{K5{^ziWG4qKECKpIHi~H?205R*X4*Fjg>S;HrP%bcgM4w&Ln}{x~<1frUv{
z;)#TyD3>FLsaaU#6n4eO_{LNFA3i#{#R0rHH&Vy^{C7cdvVnlwu;SG?I{HVs7hkPz
z7IIfxEV0`3Bl9*HtHJ6a(AelsYcP0y&Z2|+R*NfXL$H@Yr5jCc;CB31a3nc6Ih9z&
zJq#w;_kVWj&?A1titCun%ieLJL62wi7-W1zPW~coEB|S8$K{=mXcD5d!lYPV1
zOy0cPY2YNg@21AvEuY=~eUs(oHpb-cES`Kb`@3eCAFQrBSH0!SYJ{&4FA47uzU8sN
z$)KR*Jjy>mzc)V7vcD`+T%y19MQR(zeI38uzeTRJ|NB(5v73_YT?OA&sjc#CA%1&Y
zUmgqJ{Ag>pi4Avuoo7P0*w0qHW^T!+Y4V!b8y%<0Cl$Zf?4UVEylR&@dsTeJ=F#`Z
zzNN9aX_D~wGhjP)&EFu6F=j)V$sv`@84WrmC4So
z$&Noh=GBUbNBi9-yEMsy@7G1??!&6=|85Z_uf$3$NErWg$r)_3@QwRoGPkRG
z477LXbl;Zx@29$2pX8VfUa!fEZgdZjJ_S?!Sw&&<=S4yQ+NlMPFnFDss)3bA~2PzBs
z7@9^4`B*c)L9*2oNIe9@LxX}=&M64agpQa(CgfcF$V$Tn&yj`0rEa?R*5x~#JJfyM
z@b1EG!c^Ud8c3nl*UIM{iCt%)dl@VZD2an}!_J-xZx;r7`l%4L-w(o9<}h)NdDgN$
z7e+sSF7r4~6VAD8IWsuI;!y2Q*Cf00%Y(FG!^Xx{(d7l(*f%H%Ojtj{SJ=+4l6JS+eWOl$7vXIp)q
ztuEA56%em{lz8P|!EZOe>`fBGQfA-8D0PGxAwXgZd0k_r{3q*hII
zV#mC#0YHoq+U~xu4VZCVZ94tSb8E5OrcIkL2bkV$f%|UPsSYj@miPQ4Y!R+!UCz~N
zhVLC@yj@8K!Emz+{PX*SYRG9mfcKX)PSp5$)zY~Dl^z>ElIgbR`9J5bosktgpo`c6
z31dI*+f9v59w(Obd<+^|yTX^v*E@Y^N1M&b$;k_Ue0g+r@%z@uVjQw9W|Lb|#VD;$
z!nUXqXOZ*wF;n{sa@fgPHqIJZScr^`AyWg=giBkUjz)b$!_t=*hR)yQRKS+BxYF+P
z96UP+WXKS|jYs!v6X*ZlWVk&ta_fQa_VT1G`>aX9qnq$NOh$B}PX#zQdT+WkL(&WU
z+69=@J?28|k>)qO_?wSANPFhye&4gK%5!#|!SPy;<8^}XaYM({#!&ApeBj)1T`m%s
zJ?4Bhm*Zn{a`;kPjgEz}(r0}8=adt>lvu{(qo?$-CmJsi|BI(S7YU#8P1EUy$}OX0
zn5taXmwEHizT|1%@Pkv2f7s@#T{CaJ?eVy$X8ZQ&ZPtIz?WM=xHO`&<+TAUyFy(Hl
zdiuC@oZHicX?K=n@I=woFnYP68Z(2Vq2%*I4h%FOqJO6-9*h}xyp}cT^X9xmE1yi{
zW62ooEs2(--8?rf@msR)M3nD%L_QeDO|vll;lr{Z1QNiis-H0#?mCANF-+Nw-^@_h
z(jVVqq+X&zNjGq=RxnP=-ZnS-+32xde(?|gG$lkj`fxsV`c=#)K>$FuBJnQR6u~V~
zRM<}zS04JLmX&=5jTfh0J~BU9Rl8@qch86IhyU;$7t~n3u&TbW^!I)Hg#DNPZNZ--
zzE3XK1b_aVBfnPI(;}h%p;VC~I{1e*gH#(56IOq3XZHP_7lsa^K>(ufe7{R9iLYp?+Umuv3l&kRMSw;Uu=7|sVfJ3G!Kx-7E|N!(Pb
zIT(>Ec%~9v0G_89Dc9@PMLs#OX!Z
z=Er2d+T==HNe2_N12~c*BW+dGJIa#=>$<0pLp$?PE?dy0+{wvFf@zKEIQ0&{z@Q*v
z_OdAlhUlFxq8?S@-hovwZ!Azhdb4tG+$UO8_p+$&>U{U*T}LDsW){|V9Z*?QPsx_^
za1J4NJvlC5V1py4q;I+-zP<3KN9Z}`5ovDzj>?ac9ea%GOfD(#k2|IaJcu$23{KiU
zsQjW_!bqAk0hn?D8I=$8!^TDSL)=7WcPKwOyu3YH{
zXTyEikK7fXZPra4qhN)NutU$$TtgA(*xyBJ+r1p}qg?f&wp^wzb6+LNxV#F>(wveF
zCH~#q4~p=P`Nwj$uW7T&zY2Iyq5Py-Y83~WN%&n!CDc~&u^Rm
zrX00vSp1T)<^IzP3tuQS6WRhleneW;CGnjQlm7qzqNAZU2*Td)$64{!w-OI{(dKQk
zq{O&m&bHZK9}rQ+qbhKNhoq0Kuabjy&z++aE)P!bVrNdgz;xYv-`c$Smls>j
z1ztPd{qfB8$EIDE&z}9Nq-C)uZ<(F{aY_b5q*B+J|GtXy(HQUa?zm{&D*o~lzG+0N
zrWALHq@-PJa;c9ayzFz&nwwXtOV7iOPoWhyf7Mji4mAC~r0@Z%l{c3ceQ&V(o%q>w
z-Tr5@d;9!`SMC*dvtD+&Q_^nddH(NXjnd!DI=vSmac2V;rn6=z~(Xa9it
zQ3z|u2)k-h%MFdZx<;gEBxwY>j&H^bd-s@VC*jF?KRTug|NZoREo8JU(%{^0?~f0g
z1BQB+k`tfcf7T5C^r2J9|LyKA`{r5#ZtD`CKAm=`>GZpY58ZJC&Qaao0(U*gEsymc#_M0-v*dSBlV(Ylh@y*=
zCKn1eMwEW@{V0V_SzE7~nVEr?&dU!ufV1k?>~BlX5$4NA8G#Ua%~N-8V{`*&<2#}j
zrgMHAxM!cUHWxDtex&Q`85%IcFBo?y&H<@pRrAiLp#}lWCY4HI37^pkyRu_g>Qk0rX70z
zW$mHC?(S}rx{F*JY~JosEPN2GAgOP=$AAK}AMD=hG8P$}#%bGdVf=Q|#br-5LqIXO}{0Or_i5*!ku
zSAB?LQEpy{74YiGyNCQuH;z@>xp8LztEi?>3LpN-B%Ccl7Z9x}E4Z@$#EBDy=~|{Q
zAty$Wp^gh*FY%0
zGwLd*ubs$!$U((Mu0N_{t{qYEk#GRI<~hWq`0Dz876VY4Yn?}nuC`bQa2&P!+pSZc
z^nPJsn=&?KwNGzbc|vlsUVZ{SUFZl@TlnN02(C1g3hc7wolH(3q+O#)!M59uZ70J?
zLV~O_@b&xmy$zUT0qK4N^%zF1%U1=JeK^cmT1XL}3`uO;#Z1y*!=O!}rt3Y3Jp2gw
z-crm|JA~$DXIld>6z$9BCH5(smi}1ZOmBd>xp@NDW^-#h>R@dM_oQ*3>16^zJ<1E)
zbSIztH8?vL@x8ziPAp>Pli%oOM^;jx76*f=L~7mJ-FBc!nKW4PNux&jT@0B%qXr+t
z=GCbRSn2iA+Do7Xw-HB)S4b%3FRPalr({q}v+lwpx!C)5SN5%_6A8nfM4cE(gJ-ZZ
zGv9Fk-o0xn7#`@(SKskg=p^*#VvL1+zBwje>+3hRifPe0b55!eAMel@)M;Z|CSTnY
z?k}Gm(z08uF}m0uFwxTu#t_4i9+YySLNWUW%l~@
zYlr|_dD7!3>BoT$J2}kEdd+^jknuGAO&6JlLltq(p5{8KPlzkWH}`%*I%#)=#-WEe
zYsQNR&qbfgE;=$M!x*GM;IT9)BfQOloIc`ERZxex7ZeR35J%0WzY!Ud?n?RVSC#fk
z;OxW0AWdjb`cS+({chGn5L&;ln9Mzg*s4R5ox*U8$QHZ62
zmGiDc4>7T(t07TO?iDO0ttx
zZ52a^4;688SZF?k|71(X)QpT}3F9%`fJglO^A$V{7PMNyH@7Y~r!ecCvW3W;@_t!z
zZmOQgXZJlR*=837Xgg59T2!p(SJd+_$-PW#fZLxKkI`g?Z$SdS?8?vV}
z6spR?McJl#O{*eG%JCalXE84cWLZn$UBRDNyOCE8;a(qjC01y8=g@uz28PfGN=3!i
z8e`LCA5C_ahrNoovNbV6{VmD?L3Ok9M2^laBM*h3rf^ZX0P+xTr@ok4#Ozz#k30q*o&-u
z;)PNKSwU#LN};3wnU2FJye_XCp9NnvgS|waqh{12(M3v=B$uzeoiP~!(yKG=BfOYw
z1W`Bm&)T@c151G4{PT4sbH9{cVVBqYd5T_euh&+ALxJEZZIMn$`XPv(-MMo|?W!RY
zZ*_ywcE8u=8|iSbR^z2o4;q}7yU2cBKZ&=VV_|4>Z-(V=XX9;?5lz?e!m#_TBT_6~?TI%V{t43A9t=%=xR9Ka@B^s1*Uz?ciF(OBO+0ZQuyN`ZLiUG-+n!R?Stb(
zIQ`IkMNCMxnhfD0;dF7U`nv0OChN<<757{nicJP?kAzJ&v_DWR{!EuB4&ID?K8-~9
zq6sZMHQ^)?IoGuXf|&XnhcJbRNjZl`9>Sdv;(A16^MPec#v
z{On-f8*M`sq`H4est^$vq)5gli#bfih**~>kape$p%zh~cu+O4Dt!ly&!)N0&!c69IOzZ~-Fz)XbO@SXf1(M&o4VMvRc1_=aJU?0Jj1}#_~lupb<#L;)9Vs>Z*>7e*KzM$I5iQgAUwg
zVlzq1_MD0L!Xy&orV#q$@J_paQgvH?q2MBd>A=3wMv;Mgu=wrkpO>&(H>J+Q#cXv~NWUq(Jn|SlU9WLRt`A2|zg62Wjn<}1VW*zb$I+|QunsJqj
zQmC|NRnOy-EGyL#jzwBahM^&}ydVx~%*hPu
znOW#0oO2*D4HJV)k_P5*hW-o9=bFJ@dAr8^JJ0J|v}Q6v-&9v`03%9Fq}Xl>
z*I8Y>9C={Y1mk|t&)jfw!mOF?hVugle}riU7S>PV#>v5=m4?fvO8j;toB5(1&iNN5
zJ>(Zx@9!2B+o(5Q{Uo01`Z_8eY8B3xFB<)e9*-cMMOvz_Kk@v^m59*I6iUIyFUT(Y
z#UAp;rTJpydCGp*SoGG>?BSujGx{L7!vu8CS*c3HWW$EQ76>>!y5Zv}|4>QKD*jsA
zz4DDl?q7ya&LV9ZIG*Hs1SEB+2aA~^57(bw13;{*s#=&>pc}u63AVGQy%xr<1$ls}
zEX`OR&1(?KHM$){PL;Xd~{~A
zy2J31Jd@Y&tO%xF{($|v9?NS=npsyI%Z%E>lLNQVT!;FxD;t+SxT~FSVfzzaP}#*<
zEU&_AaoO;n^ywp!9OHYer!GM4Vtj1i0`HMWB4gAsHvL+8g__teR~{Pi_&HK2xm^#*
zTaBMGslCU2go4aa_ZP>xo$BfpsYP16q^E}GNuLE2JsCHd>9zE}2FJNo*KBvf`4%Vu
z=-@`>IDu??O#6MEzhIG@#)Y6=Mp{Z@z26k$_lY=7y}V)C$C$}PeX?x=|4svgJE?~@
zEUfk35b)x>4R|)qh9{##{hI2jMcDxQXxhz4n%_Ns%pmFrrg>0R56Ai}c_%ec&LvbQ
zGZK5YVdA{y8SLA}u2Yb0=ss_mo|HOKjfwvGFE3`V0Oo$&Oea9&PXCuVws`(4`ShNA
zZP$?=(IbJ3t%8Z|Rd&Jla%7ktegFPFJrbo^y?0w}eK{iO&70f2RHFaASTi>^@q{W5
zL3Yolt*u$eR3{esVO(lxjO|~UcTLu84?0Wq@^XM^WX$yyBv`~q2~(&A!rC?rv}r{A
z4nwWLD8ymZx6iDDj^3Da!C!n!yD_&`8xIN5PM2hj;Mr$Eu;=Sja4q)*VEUDFDE`BM
zkNHmGRGcUarek0jYqbIe$HP%>m^m4qu
z$w}!&s9p{0*=I!*QTG~fkzhWRFgbzQRi{E7{JOKT&h8^2L(O4tsG;rcS=j%VL#NZc
z*nsWiojEYI(|0K<)}R~&tj)P)iuLYUjZDdHyk7-qVz1qbw`Bt>`=Puw^LHKch|bhy
z3#pBoW=mIjNhQIH(;v1S9ljsR!g=%L#j~-!|D1+gBu{_dQSR5)|>DbC|{iq`}eZw<&U@}eW0%LOyQV7
zlLt&ZRnOXhuwDmbwPC-iNxI(&0Ir0$*4JGEx5!zWjyG@KbagTDXhyFK
z{kvaJ^cH{vgV4Ah7~e>xLFXO-aVS;;*<{+**9%KakEQ2zw?&JV3|et=p&q=b;xAAY
zf19J<`1I*&bp+OpFs*@JR6j0I6v~ikIHY;K|KL+BA77}Up;VDkm40JLj*#D?h#$c^{%sJ-75;M&a%@1d}*sTNjp`
z4z_Z+Lmc}OxkQ+JQcSOnx3r+s!H_L&71wb^ORks0X2J7?vPd?esBCTWbR~#3ZeDX7
z8948e$TD*lR^IYRP}rae
zNb6}99^UhI`#XMhI%Vz6Osug3m|nLK9^}{gj_X03;|k0qPwsc=`~DeF2qZ-Ge&^$I
zndK5uROIsRb62FE>MP+TAz)d07i6s~&^51Lb*K-~)1&Q%b6VlN%DVCf8JxeT4-15u
zd1UlFltSVzyFv~lrdG=Wl}@X_R#k6E{~?NKNBCDRQ8GNk$~6-Od4&z-$jI^>uUkv6
zoI@!IyO4jkgFW!}Zif4SU9
zJz!Xd;wi^t)7$SE%^h&A2H$5Fs9oK2LCl&>6GOvq;4)P2|4yZxQ^7O((_rTP(HDND
z%1?S27?V*sR-{@oDQA>9xB^^Rw}ttduGU$JgXj1ChnI#I2<9Cf)GNlcaI5&0TR
zfcw)}_R3m*B}s)IIt5oRugwQ9JJtDJILRwLCBGfRAL)^>%)XT@u-(K?VxX)yk6Dbl
zjEB+Z4u8Je4W^6hY~{!tZ7z*r>53b7M{KMPLm$|8hrIIcOD9csT;w^94xm~L?{$k}
z`jYjb$4gXU1MhHV9@(d?d+HMQ>xRAdrtY6;XzAyQ?cO3|4S>o?BCnjuC_cnwiV2QG
zTW6>diycY|y#@nZTQ6!`?0^j6V2f1d=j9DlL$s4nxXfzB)g=?9f~LiH87G~
za^m=*mzAohDIFARpepZPv?T$6fp%2^?QDNB=H+>hJXRa4M53X4RKyNNi$3EfTi5aK
ztS2vD@6cyEnoxY$Uc&y0*}(dyz*LX3hqhzs)8z@PZ*rNubDPTDbc
zGcFHz0ngDuoJkW)NbtB5(qFrkJhL}b?tqH2GIuIxQyF3Jtjbk@E872UEhRdWy<`uh
zAf%t&2#{>NEBO1^0edeY6hx*n+x}z{A##fRTvC#4ZWwE{DA9jUM@I*F@GD5sqDT_tPLeX{%q*9beWRBffVMJT8E`r;!I1-#vwSEr*g?I7qpf()`Hdexe(a>#
zyv~h$XrLU>g!t|od-qU#po5C8D8@VW>0|%&PrVAF_&{Qxh^$y8<_Q8_w&YueE_-P3
zv12w%)7TR`uR2kvzN;f2
z$k%Q@-_oMXJ53!v)xMww5gb@%71og$ygK$z&Fr{lr&CEPSK661)hSpIKWg?ld9HLg
zOm9ekHqdD{iVJ{vmG!mrZ`~yuuL%BLN*#65G;peXTBPTaL9DKT!au7Uk)@Ks6;>83
z`jmt`jhg9BHAY8Kbl4uKrOvO~pm3*-oHkdEQ|3k6#YK~dIaTB~
zqy5nNtyk+}Ef0SkJl?6Tr2N8FB;V~VZTLn{dFyhHF42Wh(G#L~q|189;*^u^yhS`$o-FYa+9iu7xhNZc2db8aN1@4;zz_a2}|-K+=X
zyqMYp$C{3ryFi(V)hK#qW(H9SSv_#m)?tYM#Lg+#c;hxiI4xZgWL!P|{cWktp65{L
zl~LP!uc09lxrPx^;}_nBUFhmuR`g=-N8f@&P??^QuZYeElfEzoRhvvi%H3*O=r%d{
z8sR(W9wD;yi8^uxNhP~O}K$EN)DhFaSG%ne?fAZd+jqimbg{md%hv-XZlkXg#~#_&G!)w0@^
zG`k(~O@);?w@>{C_(zM^yT3%3baGA%vZ&q;
zdU`7%C^+~w8Hj|q@TrEyTl(Lq3a&-9*}Oes{Lni}fiodQ9`ap!n(=#}DDl_%bZ163
zlu=^6r`8Kd$HQeC&Ko9mlG~@hmI&(#@Q?y&I4v_;IL16UUcP(#c8Zl+cUQ1IS_8iO
z2V!aC?36-*cuSBuR@packOUq*BulpL&B;$dMyTc`K;IFSsqyTxL?ptvBQjeH?_BW<2kkbroq7*&z1O1i22NM`
z&r383M`QT*@!agk?9vo!IT<(Qu4)faaH-m9gcMHfj=+Ta$~(;m*6aJ)ZtOA2!`M7cRX
z?kqKSb%bQnG0dY{pe8|`ggN{33J|It9=;rMqLF&+_H)exnA0u=M@om9M)Bf7HiQ!{
z2kv+d$0z;$=i`DWS*>JsZ|MYA&>0Z=;7@d@j~zY?j>D@Wp_=My^kqsk;86J&-ZDVl
zM08;Iq`QdAW>h64&dUol98=ZMIOBYD*v@@r))%cZZ5TZrZ=Wu;W9M6Go6k~z?+`Se
zr%bV_hrefCGUcAQ6K=$DdheST=5H*`R=%GLmvY8d5T#JAN}wj~mk`F}ynT%)3^#AwtpxBs_z^9}i&Bnvfh(Y~(#JpC{JAURF_dNd
z%_RY&wuK@d?|Y@My3Fm~A;ZWe(CKE=_>L_=E~!-BY%vqbhKE_6;8njHCBKDa-i@_K
zrqpO&;R@2OdyH#<#6_x&%NZ~|1O+}c1PRv|2{J-vF9*g)Pax3(Qau%#-McYQ^R$4D
z7txX2V&?eZWN71tO_J)-O_wv3XG~>E_sC4u4r-gh7F+hji^0%{JorvqH
zo6oaiB|3~V5^tLW5rLWYKFLsU`0iP-BEQ)A-={4+NJlvfvCzwp!#rv&G??|41o&DXAgX{6nK
zc{DIZXOBJ#4?8QU=VW1H*Iv#t&AfWy5PzJ4t^B@$rCX6z8Q%@UYF+Ge3|GdQ{6OoF
zjHB(qu{L)yee$(P03Wy&P{;ta2eNw=6%`a#x}_;rf#vAsxjS6`%U^C;%IqLj%MIf!
zEnQu$vrYCLXMdsSD;tEtt6x1
z!q&-1j*Nz(mzURmh*{KXt3Aq$!WMee2PMW{`&x}asCfHKfJxOe(UnnVlr9!@>C$++
zU8(;laTj-uI)Ws(X=h+T4_P~Ml#YIMbA1B+SV=}KkSS({S6pLe7i&wLfaNv9I?TXX
zIin@*MprBc$=D1@KN>+&2cE6-2nbxhL~y{4WD_Sr1+cr{G3)5X&c(Kw)vTJ^pVSR(
zFSuA*)v8oGc|H!>mS|rSx6L)w45=vig-v
zilOYt+gfA0r&Quub=R&?b?Es_JElFuu2tT^&4fWO`IbTg!k+y(3F!_*KIOwNW!olk
zp41-Ysl7g9rIn{kspx)jlX4n>4lrVN0cE2`CB0Gfl))GyEFChLtasIjj>AK(Xw}dz
zY;(^=vKw_{s^r|g6F;v)
zNZKx=G4c47SZW#?qN}#%*<_HX+-2NAt?O+kPR*X^clrsapBfq(o`)5wmf&Gj;kV{9
zA|o#^Uo)s-)XVmpx6P8T>{l0Hc7-j!UrC+1)Y;Ltq1N_|g_Fv4g-4PGjLG12qS@YO
zdL7C&%EfU5`ib>uZvq$x*>0%9_9lwx7tuG=Vp^nZtMb%7qm3A-rnB*m!W-jT{VHop
zExC-}^I0tHVF4$-m%3Olfh&zIum~VX+6;un9dH-r<>yBNcSI7PyH4ZeJfq1vGm4hW
z(_&ququlb2VF30z>Ai=bpO6g3<~B4Nv8L55&INE;XRvE=<%_HV
z`b1;adWcjdFUio)DsFahyu=qwDy7+m)(q3`#HRolzJBh0@|hrRK0W(t^
zpR1)!hf~tu#3Jx;V&TiXIY|0?ddt6ld3UC{;aTtRr1n7SfU=yIzOu5iKoRb9~q&>LhN-
zG)^uZMpmCqvud0dd@Vfk-R5QY?qjBCvuqS+V@ii8t-T}s
zu6tq^dj=6``_zRtm7MG3tbgH`$3X%RAtIi)+3M;ZSXq+A$Za(b(T_5{qPd1IFG7w@
z=7+!+v|IHfcKV^3@?9V+v@GB~bX-x4Bt4Zngt`xD$B`FTQ(|Ih0``>M-xpPkW@za=
zc5>mFwtHAj!ZhmjU|ek805LD|&-=Q5#SKG!muN#NC{;bPiQpFzr0d%;KX$zR7%`Mk
z|G-go_JJQaiVbwDL6BBGIz9=;4U}!vLngKO2dD`tOQVWY5ia$CRM`Z!D^E*5%C(TE
zgso>lA1tWJx3AQ{Wm#z^?p612$Lh(o=L~b4510QvH>O;q8KEFXih8&<@(}>LqT;mo
zN=tF4Zb@NGM%8U0phiV4j)H;uQCC+&GUz^jL-p02?38qLUbslgucS~x)N+szPesJL
zuMw6o%sj;9wNv~LGewklTigRguS~F3<|@vls7Q>LT#X`_iJbv~{${eFvrh`_3=tqr
z7w?*H^2y3Qv1zwfT=ovYZ^(<2XZko&+D2iFm)
z2creLNMvHUDf%HvMfN4&MVsgn)qq21RJyUrdAfW35lOS&QT6vG_YPi8Ya#zZ&Y^Sa
zvjAL!?k8E}hHkshi;PP2J7uSHWlST?r4JuIyd2F*q0%<XFGR0G{Nv>0PF%H$W)SbHYKfX^;W_f5X>S9HeXuhV<@=~(8jLnmz1>}~M@A%D
zF!suR4OtNTP*PMxdYprBe^prI^~k;H9Nvx#>(>mU{BoAJ+PyJ1S7F8(Pp5@)#k*UV
z(DzqxxuKlIEmneo`s1kDPLIq1B79e&UNXY&R7=$6iG
zxp!%zx{y%&I5I-^f2*AD#``ChmfkE6l{j)!e}8}9kEVB8!sf=Am@6Ic%{|}!mz65!
zxALBF3=G)V*rc&_CRC)Un6nW4g4PW|9*Cxo5_*4cHp%SW>_8-H`=x}R8Fd=(rD9?2
z*pmyd4?R|=%2hNq=6Prm^PS#^EO_W#6QwwG0by(K%4wF`ZU}Kv?{3&$Q*`9#ElSYZy
zf2Kvsv3>^kJ2XsRA%CRZU*vgPtnhXFvQoj7Gj(whUd1u~DNL+bH4m}c<5i$%h#x95
z+Y41o+zHx_=R_g^__*uQ&bI(8{-{WZftJR8(X->2Pby+$j6)Ou-u?TFUtTbrGdA$~
z18QEphMSukm}zk|=zdtwm-X|jZ6(Cn&>2tLtUN!8486pg(MSXotgs3E%kGE9?*ui5#=PqO^XYnz#h1*p4J8c8Zlv4o
z;u#Tav0>Vt_qrXnk&juwT1t(Mydo_BS=4#0Eb`0+4iGU#DWV6SrDA`GKVMg`X7%@n
z*l)fGJ8uu_N5q{F?->MRL<2NZjOwmOwQ%I;3^UPo06_OVELLt+c8>Ik_JsJe@x^ql
zyI`i<)?K{(zuRm_K%m!s6DNs{QOK6ENh=Ei)MK;8o4?g+u8r>V+PmJ%D|`8Kz5$ce
z7E#O78#4Oo;?liER^uW@gRZ|yVflCAk;ek7ga2&c(hsMVmIJk%B(z*@$=qJXO)
z4gkMN${W)yWDooM=k!X{7vuliOnnX7uch0?J(BNZ>-^oy3qt7G)XFGXK_eP#gysRW5x!J{DOULlh-6fL90r3e3kpZ_t$iKHu-bmb$);Xp{d!c!Y-ZXed1(WCk3R9~
ziM9z>veTZwxQL@c28JBn#dV<5+j9v`D6Lwpji32CClk3lTNu+Hmh1l<9%ijwCI`x!
zkf{kObo%S|0pfrXTwo#*#r#dK^vNBJsztGza;|J47X7C4mh#Cj_l?fX7Y@fa8$F^{KPR?tRAIP{d@+65
zM7`^O`(nC8c;6gLG9>*V{B2m*#E#Ul7X8Z`dzcMPcVIZmBP62xj72w?-5p}9g8?&q
zzILuVU=8>cOdE;fS;@FQ*6X$C3T)CaT0J*9@#r#@f$2ZAZ3CN6Qe+H=6%23Q1X?05
zuOz=PdMrFV?bPD?F-QSWSxoCr@4I_oNouiu@xXgW)dMTGZ;sbkms5DNQ(5O=ob3IH855M=qwflv`ix2h%H7r~~D~$rC5My3S9azVY-Myq*OaI<8(p
zK>1t5+2_o%{(Hy)YF!`JvAwJwmZR5M@Clgy_v#*Cy`WeD7ux98^0H@7-U=QL$>yEA
zciGw4°f0#y3?zF|i{lqDbA-!jzGtMz+xp3Z=|^zqXBW)D2-#{B#3T%;0(rr_1}
zZlD2^uWoS;rQA52DnGa5afy8Iu_yazGPsuI{h5DY;u3mD
z?m(0S9CQE`8hR`HZ#oMt78Dd9iPpA78>|9ox-8jJ>O=dVUFUbex$67ryUxMy7N*`m
z8B&gGZf*`+x-4UCl&
z=oCs#ma*!smXVYl!tKL@_$>7ph86I6r@2Xx
zt#xURc;Gkq1(k5=Yz3DMUt>bOJeeE_R1^R(P%k$$n)%@itm@tt4{RmAx&}|}ayLMz
zG&Jt)B1%8CM;B?03TUCx2eO&8E(4o@r-#RFm=snw67)UIzrTZn?z?uTi7E@Gt)s&b
zoU^~%0Lq(wW=v_0rQ9ufJ32^0=k4Oz*?Vk00Iq{l9sR=Zpm=B#pQJ``yn6
zCRHeWdVb}|;loKJM#?EIt#x9jI%!^WR$}mAE5<&@Go=94W1ki>fH7bT-fCh-fjr*3
z8Z;1GJEAf=M%)4d%oFP#^r6d!`{8N6`m644tcI12E32Rit0?!HGpOl)nfEY;Jl-Zf
zuoEX%+f@Y9{;X}M3EZ@P6y>`4xz)i~RYq3qiavwXA2`mlq!+iT-mjlX_9l%|?c2r=
zo;%o4Ga(?
z%p2{Z94X|Pg@s+{*`o&?9TU@aZtEtska*e-m;yh^l-8ZzqXlPMV%FjdAZ&23Hx-`0
zpETfo<@8I89}~GdTWAnc$oq+Hmv^0NeDJ`l;>?*zOLt~Frx{6=#IMjrJ-5YiEp2&a
z<)bP$yGE3Clmt=qk0hcG+?Tl&cXkfvLY
zl~(+rkPm%%{A=&84Mz434h{zn=qj0i2szKpc!RllGgwh+@`otZK$xYj0MmU{VS5CX
zL%pN5^}v3bfPes86h+Fhw0exCgzYaZ9!!!V9Iv+AJ2E|879q6M{Oo|hkW|&-q54?@
zQ)XxK40gmz$uhB$&OirdR#bdG+>xR!0rO6ejl3k`hp|i>+5*KSOYvg3>rCJJw^){4
zesJ>o2iI`)ABuXk8=WD)NxMWA3+G#`*K!qEEmK~TXSqQ2-V(J+>>qpt$w4YgwR<}=
zsXYNfE#_cUOH_6}fF&r->S({lX)loC@JlC&i13tX51WhQQi#jDb?1(d(!pdYl{XDW
zXp}U4U2_w+U2%|ighJj
zRF__ynkM4xQ%?zw_uG#QJNk=`aQAQJ?${|y)}#d+#JeZ+M)C<9K;pF??zQ9tTt>s0
zfPQnWHb!Vlgk3g^kXM(c_xZ+ZLKIl52z41*v;uAWNI!0`CjyM91+>xroN$bBa$uVD8`R#l(!u`nk^oEXj
za-C*mrQL_T4zyAaw5ELnq*{^D0G3YQXwqZ
zVz1RH{5&q&u^|0*yqh+e8EABYBJXz6Pu$8Q!F7X#D+HK9*M>wVEngEL8n*|Aj5
zZcyIxZr`?ETlmF2Nb?%zpIf~Tl1q91W(rliCDKc#4U(P!HgFVu*k`^K*|D%7t#n9>
zg5oTL0F5%q#}}l8kJQW{^%I
zHur@w+f+C&slzQLJsXcDfKOnnYL
zB)_{0H*_qFo+{4AIa^or-MiC(jACn=3!Fzw4;>K^6=Zdb?R+jE&Rs*Mfc6Du*H0Ws
zu0pGgL&-hISm*xIf&TqJ~GFoz#eb1Xq-e0Ca0d7H(
zdIt{)BUL6j^7$n9K3vd1$tS@ykaNO3%qs1Fcs;FAD1TCQNfC9S
zh0+uT(YMokoAM3xh8O6ah
z?LNXqHtI-)?Lph=iE=48xC;Fthg}B#da-dQwY+mxa@1Zw&i|mIq4E1!zmn}uNyQ?#
zQWgK6H9N?Iu@h|2H;1AmGqiGL-iV8fKS$~ehnTQ3xj}lAkd3r)J>>0Sxb=}qWg#-a
zK>GZrA9jsl3blGDIg+@g6}`H-0Ran89w3l;Zne85LaU3W!UtQ|ktcCclx(dolnr39
zqF<1U*CFV_aO?&Mi}?VTrzSl<3I8sr79(q+e5aJHuyHGKoyAEX)JNnd#y~P|ZQ(oL
zG4fV@a0b&NJ`u|^A8QtLDQ1{|)d605hR(trEB*fc`}9BaFZRh^Bc~W
zCDZ?}=qw+ka^%R7X&|fJHZL~t^2Tu(%8I+<^nH4IWw%S6q);!(%t`Hk
z??|_$=t@8ab9uC^eT^(SyWYL8@o;}Y44vel?I1=_7@3(-X1l|xq}^eM1lh-+7fAa?
z94`4AmoIQ|kZKRQK#+X&DUeBRCG;5dy(a@a4j*R89~&Q+nA82OrIReY`!cU=GngWt
z^m6Bzcw*J<@lhwx?vpa(ONzi(Y4W{FEq;PPKl%Otfn|(23mno0{(GawmPzbmWG!A_
zfBnQbpT+WdqhV9nJ6WAQDR60hIOqGOY36^$GYN0YW(r0Eq>i!N+9x~`JDm_xu
z5`PxYkK<`ur}*}N=!?iT7RBztvxx}LC}9p`TofR-BmA3jg_M8(PNZ+lK(ZyS%Z!U!u5H)(iKZtQ8@o=-(UzHymni*SpV-ggBsvfn5(2M~Cj
zswSGb91m9|_g*Ao$w0XUj;XE@%8J+M5922N4wf9Eg|2|fx*x=R;7OBEdQ~UD-x4E^
zz-|6~yZyX?cH|NQy9~kzU=Bw~>~VyY@Uk-sRV{Xy8b!5Iz&6U9
zjH56T(sxE$9wbbLJ!m4LkWR-3Qdv2LUuJG$Dwq@ZsSO6ZSNKqyCc_AqSn9o%=BIftsfHM<;_NnQ7N$OR(q~iZ@qQ?8VSszJuV6%{x{l^Tk@YWk@sEjF*)M8~Q!?4(V
z)#(^>(AgMke`0R@0=8xVQ4WEddA_4hk{;M0dr(kldQ)-gN0S-*=TFdn{j00ll6x5x
z`-jKl59Jr~rD5>FPG9hP6SDOCuboP`K=BD_Hy2|}2Aj%4Adyetaz7VGN7!;<+F(aL
zHO*xow_IKnju-+k6lh66lZr!U>M2)X2JSwqKX@hgyKpSWa4x{Nt~Aj{NV!Af_&71j
z!nBak&;N%B$KmYQm;*@d!n;n^&WPtNV5|+yff0_7PEZppGV8Ms`taLh3gjub+|zbaBJ09LG!spmxEmlwVUUBU;nw}tX_2^i=8wv_%&z4
z(&C1{S2DL|PyQvfPzl4eBbc+Ha!VoIb0@4hf(yf%h3y9J&^Z=65A>G|5f^;Y#C0$Z8(#^<7
zIOO-^d;j0wXZv)Yd~?Ee!8MDu)~}xDzVGLL@NcxoZ;Nz25(?61dTICxdG86@1YbnE@_X8
z)H9!fGDZ+hf(a`b3=L5gAt|N9{38rmsjgpc`z^EO_sZDWl7-7HHkvxcI6S<&Zu7g%
zD{TS4m$vsMy@tX)FCU!yT(_*e=nwtb{DWLie4(aB^tQ8>ltnUu_SHgdji~>1pdWKO
zkPOQ->G*)i+AAbJx5pWvZy!lCRieAfK=}v8M@ZZF@yDudImDNe`eg%Gg&a{r2EFA^GSAVEdG~FvFC(Un#0HJ;S
z%u&1P{vzcE((0Or(hBb2yahR1enB9zoZ_`yn}$8he;kP7gCh(r#_&~`H?IhP$Xn#)
z_c~m-dxiLQJ&tq778#oUtR8=G1+N7e4p4*=B)#WD^f2Rt@GfzF<=`MTEl^CF0b83&
z-LOpHf-h2+S(%ba+Tt(xU@(AfP4^K88p)rG%Lzu0?=Ige3LW8Fh8(E?8u+sik&fTGuT5T`G{Rf}${L*(o3OvWW5^pK
z3K|D3?-nDQRDgnJr%1}?2b~{Fa$x+3GL(n4=jCg2GEoZKJ=F9GGIjJ*ROh?4PJW~L
z%S)85ky(e2N=jy&|9TSH-k(1i9(F%hk?-taCkYAtemjUOFn+Nfo13dr{xwy}6mUJ%uM>VCc}Nn`#?BR7*7*&kxY)$#sc;G_a^ITXHH36Z5=OWD8I9@$
zl%wDY>|5Ut~wI~gnP
zh(D!&D!R?*lKKQ!xZQJ=YDFoG8Pj4
zR|M4X%X6BA>0fSt(^hCM)V5o83gU<3uQjv0#4jqY%9fKlyfCQtN5TnAL<#9CW`F?M
zp;NYvpaA8Xpu*
z2TLU=aU-4qfkHU*TaY?gC;$D(qa#>^=jG$W!d7sjU!e+Fmg*(Vm%Zs_RtO-_olF{b
z5GC0G<$@M72pQtP`?7_3aqdHNFBSC-q}Lqw5QOdWtv~&kvV(4!Mb}pvGHj7)8+J`D
z{}T|$%X#*M<({G*M_Foonu{|b8r8WSDrisPlE2lNo2TJbL_(R;lot@lTWGBfC(e=Z
zCl$AcR#+2iQxK9=s2lZPA`N)2wHc|el=#;3H9uYaAYFWfhda?E>_T{l@IYW?R7-m!
zQ;s*6b#w4DbeSvS_N6hrU6kZk?kbZDBSZPqVdXZramri#K7BwDG&e^d3AV6EVb_Rb
z_!Y)hwfi5b=N7;;gV5WKtbS~43;?zDZ)Ri3Rd7}T-A?(VK2S!7C>lhWvf(5ug#uf|
zTNn@nI?dIA7K*Bp$J{IWpv067oD<=A=m@#n51;c%g@1^Qm{n1iC%#SR#i9)gWlpip
z-9SQM&1n??!eow!CLB5bwx~x|Ym?6M19mFK
zmo3*Z4q7=Vk9PmWB=lP_sq(0ZAk8)t1?d6mcw=#!AY4lsQp56P4Eb(MA`USpXQa5l
zb*0t?(MCJLm3k#fu5*Pp;hy|QgLEy^L_~{$mVddRj1M4nF$>db7hyZz-sMqOlcJMO
zl|OAB-19tKR@tcza#)LXT>LZm9Bg*Li{(}0zrDFu5`NQ*(U=wnc>09dL8pjhStI=8~{GD07a&dDv+0|QLR
zGmAb+R$`i0x*(eAeH`19q*Y7?4IaAR*{bBdYitEO?m>FcZgk^Zdw9QuYMEja(pjJXjrF@19(Cs$*4jdZwHK*d)(xlkf;f8yh3J*9;Oa3)`^sUJLH
zj#g#E@&lbxX9{8@A1FY(7%4*o^2LdqXyv!&i0*Y3|3%9rcF%;LLk8wWfq`n@FA!ch+dif)TJ!?pEomZ$Iqoh8Pvxq;CdQqkD=n<;p)A(v?dX1Sw{GV^#x8HYcUw-f$wQ*v???O$y+9ILL})Xrt;+uG`izn^gC
zHVMY-ir6=e|9-Ln)n4^H{Z@U@{0Vb(iEGv|6y~%W(j=37aoVYw;IKTP!V|U?GV26kQ6&u?~Iit#R8u@Jiwkj$~T
z0i`>7V>s$pm_Zshu(~-QpfUql08m?xTY?;+5tL67;!&l4P3xbIoo3T}-Cb)++BwMS
z)Qex=5(PeB*=w(4G4T?{iaBj3m*hhj7U8t
zPEk2Gfte!tP(MXz-(98Rhe9LJOik-=XuEf{vXr3>c@Ml!kWfK065-D$7j4Z-O09GO
ze);?lBB|)g-Wuj+zVrFuNr6PfzKK-J`zCWQm+C40^w4jIY)F0VIqEw{lgja%weWFR
zLXu<}+2XN6Zm2O_&I!^l!-gA9*b^?N<3D+F@Kw%7Xz?%+3+@F
z4JDnIs@8U)w{!#f@RJ9@fLfFjmSX|B+vUpIj)GFkTQ`|$KhcL9e)29I2hL3fkT6C^
zS|8Dgci-n^1@%=5$r5un7G0?C$$xRC(Q2ozpv_5EeYG*97GHuS8BdG^wE-0>I99bt
z8@fmP9+=Hur1hb{`$q2&+(pzLN8uVza1?)N7A|$p&5yI%rS2r=&hxu0N~UZqTiJ^5
z%J*YP8aV7!k5QKJfDb^OI8oa+=Ciib}_B}ivnM)5O_0AJUM$0SzjX^bR$5Jc)K
z=;c|?i|#KT1))|SdUNhV+!P*z3E;@C|AaQ-1V#KD@wyhoC-j;d9FBsL;;cs*1M%gf#r-)#N!$E$>q^TNkQ
ztj#<;Y)PLPz;;TLwk4
zX({)@peudCX;1wagZKRZBg+=FD=I
z%Ui@@a^c@gsG=Lwz809Cn0C1F+4C5v#0hhq&UH7ex5yv#cjq^c%2U+skbPpHt;rVb
z0yq%*$wP-$u_d7i1m$%ggyYYrz6X=%6Y5CkZZdXuc51%05dc+jUvI|&^UpCkifw6~
z+k9)W)>2EoEaiHM?<910zE(FPDw;o5RqcIQaGaF;3BOon0%#Spzl*mw=JFJ&*|l{$
z_$|JF1QDH;LHiRSkE21jSk9$`lKl`PY_y$5w0*ln(mVJqJI(z>G?rAL4|f
zq@}XRQ#Cv3k;pQYf$a|h4{!3YyW6$oYu>c)$p{Pw(Q}ys?IZ$GW=WywULR_{A5|Qs
zycb3AJOkubQXBM4OfHvMTh%pT%4vYlrh13Rg6sScX){nCW3@O+<}_3GIc7T6ms0K-
zqo73^S(JY%+7hKfmSc1|*v{9{ZdKQ-Pjy^iOP7_$f}GY4IaS8TuuoF9fWjZU@YprV
zb2fG%N%^!j;QIX*=8+$^Ro~%na#|!8EmMnsDu!aBGWe~D3qROPt`7#MO^G+2D1Q`Q
zrNbRFW!)zuV&wa=XY~%BY=Wxh9-s9-3V!V?FdWJj-g?mT1{?|0*dA!Ia%^Cn)_#ic
z1*K2yYHg)oK|u@^-&qKArVP^x1IzRxBJJSrNP&Md1h$#7n#1$jzPeec!F(#8koAvQ
z`r)y-PSNomPI>me;e36b&*?o+dcGnX@dG+6lq^Io>vtrXF(UMK)P(i&fi8Q?IA6f<
zsP1YXA>DKW^kZuvWWCcFMO)XCMGjfG-I1>mgpRTd}
zJ2;9g5vG=wLjwc+e>lAVv9&$V-MOh|10t8SoSXym1my?ti^ELEmI3iSHo7H`d7B&n
z#a(9o)(B6G_x(NTpu21!VTnN=b$!#vi9^tMf2aM*i}UZ=Ekyl5$iXXGcf_fz^=S(JPnq1a5VTKr-T
zlF2(w-48vqEZuwy(`T0pYXy#8gNtU8SI>kOe^_7?wn(EdZn^JMq$E`=H_66&y)#y_
zg6n-2Y4g)|8Q~mvrm>u-Rn(Wnn^&6%n=z~3#Fq1+_NQ~T9ThkgGH-9L>ohI^OV!=|
z?3<>T{NQsA2yCr0lZ$lYEMMjs4<553YXi>}wiO88;a7ihk2~BK!EEyI@Mv6g9RfhQ
zN3{gzpcOSTFmPkT2lgfN7cVM?n7n=k#X+x{+S(R<@vP?SU*9}kzs*>ha+{5IJcMI*R5prATq1*@||X*#?0pe4^+0Eqwzr#Znm4}
z$WtdoQXoWSz$I>=Klk%iD}5aqA>~DIEOH)aKE?+*)KQH5UQO+spGix*N^7UY5H&=XA?)Gi+
zI4sUdndvd6=ehMGSP^Uo{aD>8&xJjmE@rCbFF`b5=Ohk$ZUa}{Kc=vy4;dL};n0ix
zN7!-&-^{PjsV^Oy70ix*y`$K{3kFr~&8Uv^HO2>Eg#gjhNqK3`J>KFDic8gn<$3g_
zttxN*GeIR&IaS1Fh%a_)irTP`Iww*u?z<+LQt^v(9t~PoUODZ6vvAz$)^?}LHO_tU
z%Xf=x@7=xgCH*rnxWnYi&2Dv95oWS#qYd%2gDLH71*;z6&%+KAcNjXJ>#waCKw!b9
zr*Zo$_w;rCvS0TbM4dv*Q8+Kp!VseD>%+T?YJbz&BU1loWTXaL|EWq%sr++fGfuls
z>djMco1zSZFa|HSsn^w%zX*Qs>1dN5=NDh^zTH~TM>{~hO%OYE5al>EQLSR`v$u!s
z?VU+A?l){45ir^vVdJAmG^k&*%qzS|9Th1#5_7#+nkJ$HycG2I1YY7Qh;V
zX8FMb$H8mFSX+!!#<
zKnSO+qhl63fb?g6U{*4zA@=WGuv;+8+?pe`5Nr_6ak%K!|Ag!I={O5cRbvQJSwLQS
z13n1pi)sga1}zQE+xdD9DD=i}@W!D4$S2HD{YQ6la&TQHeY2lk>a^Y5D@tg>4v&RX2FmLGpI4aWMu9%Mom^{R<6Wq&zr2_tY=5y|%(;Jcr>5jY5gBUpl1FHJy|J}u
zcKK>r76DG`IX5at%n?r?x4WmO4{s;qu!$Qj(Jlz4{ZE%*mkBGWAQuM!3)IPcd0UiH
z_=}jsS#ggH7>O_UUTaeRd*id2QPrE!B{5NlZ4w=+$rLFl2=muVJ1G>1F-qpP(dOcM
z2c(zibj>dsi7Zbl=Xo3N9+*D;v?XNB)A*`+bU=KoqFuk$dSL6r^#%HT5BzHIa)>ci
z_5kZ$qanrEY5HexOMka&42~^BkNb0M|a@n+G4e>
zWK=zd>gvOR*tjkC>DL=T9dv!Ypp*HbTVK%M=I-h2_luqi(vn^S$94RVp>)&)(4f2*M4s+`FG_KsaIwTEvBZw?|V${TL{5OsUxauJT
zI&n5d>QQA~qje}tsEJe3Ok6yzDunlE=4wbIwOLxr@^EypUNh9@xUz+!wx;|nrp?eg
za>~>j9dUOYR-+LyQph@BBZ^8$dgr0Qf
zE;6N`sty&GXcfhaFRRDE+gfcR5UEfZm<~%m7qF?FC{nqSpkfyga0AtIh>mZQZp@A~
zpC(Jp3(RGoLcqE)wW^jS)e$dldrd?$P5VS#yc?IgK7MpgLOW_P_I*rjYi{iTBfgf$
zRZ)tf_KRjy0~OI!T6;+9*$aaP-Psx8S=A-=muD9PXRHudo6Jed>6)lFIHWYaJH3);
zJj&198aq+$y8XpxJCmL{e-+<+JeZO|>hS8DJaDZ2N$Gm(KVwogK|Ar?U#4wl$0`$89rwIsmk*_@kg2v}(=+w2Vgn8FL7d(ApZy-#a
z-^atz+X!CPBgt8m`2$xa(V^Kf)R*I*XE0)dfeMtSBN12#k!Rfr!sONSpOsVmT0H8E
zgYgnFGF})NZN<^ltgNg6Rh6}k4QT%fEU%qfXU-`>gO`R|q-X5m0YoZn5rNpu`GSJE
zm)5&%++{vV?-Ap3%baUEOCI~_Bp=X;jRu#st10mExs6cMyXY7K!}Ld9PCE1Jy6##*
z<$d`%chD#O2EFP1B(}}CPm1DUVPdvUBkqeq#Pqi~&aO00Loar_L;p?usM#WbFw5cR
z$FI5ECSWf-L4`zkt$#4Q$ZR15B8}_|$}97u#yoRZ@QURL>AH@0L45vt-IGz+uWs2c
zTDIehgyF%DGtXcRFCCAokeZ#kc&0MMep6vgYnI4Amf9Ir+&?p|QfT&H?wH6ypdJTJ
z0gITFvv~2;A-q#-EhmWZrU8&b2K+jBY^p7$nab<}aPzWOR=TBx&C;Txzm0$k1|YdI
z;n8)0VQ2u6G7cW;ua?hk?gx9r=>#LmGeXmQ;+NgKL+1BV&a?Es(uMk6Ufqdpl{!&Wl)xKVeQ`ez%E&4nq&9Xvk|m%mu`f=Rn2
zHB`y7RwsXO@dl#?zyO8?o_?DUjUOxAYbYA>MBb094F8*v)A16>n4+m(y;1
zerp(@6FG6(XK@Aq1wB3ezi;i|1%@@7`empZY)Nmlr!w^p!FYuhd>8X2!GzA>XS*vn
z*{t+}I~18U5uU4F-$>DppBVEqn7zCI(jK3*U;U9&^NuXf>9PCscCulAMcbC6yRO+X
zI!=Y?bH*yfZOnbPc+j_oL$~Cwfc$g7KE9~8OMt(j4LS!R4j|H6zE<#!4u}NPDl8D&
zBrZ04$=r__u8yI`%>Hn5ZL&edt}k*=Q|C?$nI+SG((XCDUDp#yyVJ8(Jy~
zKg$h%Uc@YyR&NXs4^d=se8}MDoilCjhVhr5ZM^ViGWG?zoc-svcM@~wAppRr(=scg
z5ErZU>U`eM_?wxcawK;w92^j{P^FY){rzNp5A|jLpcnn?!?5hdHb>-BOpd8p8A)Vb
zNy$TY_I1PBcdz;d09fPv_xG#o8J=K$W8?IUj3?0CYud}0t<=CGnJ%pO9|f8v@+_Ia
zV#dHA1*+n11sqDiF@Jb71fY~DO*k%zAOQD_olO#SPqkKrpkB_;&np7OnA^s4cv{3$
z08W6<&W`=ffB2A@$q7xraK1uPFBO{0POw^FDcguGx09<$=W3ao^D=u!8n5-|NF=P
geF^^`XF|p`!9$(GR>Bl~vztk&qM#vPBWn@-U#l|R#{d8T

diff --git a/main/img/gocounter-on-k8s.png b/main/img/gocounter-on-k8s.png
index 85db90ea13653abab35a63c6b593ee14d9a69283..94ca65ea81757f01dd456335fad01698a70858af 100644
GIT binary patch
literal 129043
zcmcG0cOcd68~1S>95RlT%`rmA&K}1olD)Gx*?X^JW<`|jQ8J1MQL@R(EQRb%$d>KB
z^*r_b-uM5v{y6LVy}$Rk?(6z|KG$`NQCC$Uz@x^4Kp+Hn6y-G`5Ev!|0{seyf^Wne
zn%uw(hKHttEaY`R?JD@7ZmoaEMnwg}0p7zQPz(|XxE_K5{zIbgLtww(Lm;f+6#~J`
z!}#ylJm{ZaVVHTCf8ImCUS5dxExrmga__#jzNfy5vY4fd6SujQi-k3}uaoQL1rP~e
zG4R&O+S45A>*VO{A?7Q|^!o}i@c!~^9wy}POFSJUne^T``_EaCrKtdPfu4d9v&YbA8sE3ZWni39zIb~Q664?9)A8C;EEd_e$Jle
zzBimbnEz?yPdoC~9+vL+T|Mu+I3q9HHMel_@|0v^x_r>zfB*E;^S;f0PjdG7cUWM6
zJeR-l@Nx6<{B0ZDDslO(n40^2Yw+aD_NDkFeqZ^2efRHkBzP_#{y&}hXQaQs1w)m>
zli>L~ZBlqtCbKvY2nupXUPjv&V?7%;E8*)!=Vn?D#=(ZlV-`f)92U6
z3N)3ENj9!OIev2OZY+E3gU8yk>^&Jh8BXzhspjV{5Bnv43dM;F{F*wF;3;2|u$9hT
zP7i205oQt<9eZ&X4#!|b!XiQu2&gOy4oA~QpH*Nc2WXrL3Z8JG!Ifc+;6Xq#RCsrZC~{Kofi}}aZ)ad8m%b|dRj?}4mm$!6B0_L
zqm>RmeV!=AZ+Knjf9UsaI8HLhG`gue2p1Sa&?q))CWb|js+_vzjjHS15QFA#*bU#R|Aixm!NyAso@EL{iA
zW%O=qt-Oh~tM`p%XQjPLS;{@QzABP~C&%+|b!R@VQ
zxXUxU#GdXa2OA^CK6H%B9?SjN;g1G~{#*uZXa)cm}
zcuu@?%M^BbZSdCq*U!l-5EfRAI+-o9SJmRBjvel
zYB^W9-_0aSpLe~yVMljqWB-~y>?Rmb*zvZV2i0u|h56k*wrkg@7MpV<0~W-x%oT5{
z|FwI#0BnH`VMCY}>e(>F)+^vVF@etbAEJq|s_Koe^?4NFcVJ8v73P=@k^nXwrz-QP{1$l$t
ztGqe?b`*~0l0%81xxx*u08{;M0B|%?7K|GqiSKmHhspGCO8SDRPt$+?J+Wk%?$w(A7akJiR
zZpb;6sCxm`bW=!(1=Z!w!2BY4Flu=ynYs4O(4}Fs@dViVQ?#F;{NIT}KzDw72Yx!V
z#mCr&?GBm(p$~JhoHfpqVou)$HIcwp#<`S9s&j*nOO(_3g<4mm2xz?5M`hOLKE~aB
z%s%wu?$fk1$}gfqLN&6Hc!lwpd*D&~lRnc=IQ5(l*2k8!eWpt9Rp~#I3C9M@TNHS>
zHG7x)eSzQZQla$wR5q22cH1hOzK8UZu?!#IFXx<$+2(#Nz30&pPxXXDr*1ZiW^}4I
zU0_x2Y7JPr9AiH3orUf)gSW?r^NB>XB7^yI(HuH2mD705frV-dIgSo0zgGJ@OUMO8
zk}7h6K3#}58E!^6{7SDpV6&mtWxBDv>Add6()H<}Uz1jnhLu*`TeEF_W5}PI^}GFy
za#4>tbnwC&gH8@o@3_*_8_*^<_-@ZF+*$cjq_#QLF!I{?uF~7`#^aZ_;;xGO{OrvX
z-jw_`VfmN{7Z;Zo*EHnprt+<(;Iq+QBI(m+N4aRi$S?YD?Y{zVr@>?7J!TCyRR;{$
z1WT5|But7(Vhdu_ah%9d%Hv!!IRmkc4`uDe2lIi*}Twod8jfWP+A-=dhrC4r>bVIVCTT!D-;q$b3h-Q=9h(>?T?gb6=et{VNuyYWTz(#
z1n8Z4>QFMr31*`&Nn1b8rok@d#A!e>VX*xfD@E(z6N4(!$44ZTPcE`ek)!L%b2XCk2
znW<*|-X!Iao|^EIp`w4|GX^6<7Ou#KkR`fnNMH_I>P?rkL$VzEVwoW$MjOE%N&23&
z6eYIom|9rm*Z^nGbY9v*tmtE;SB@7^JsizBHhQm_7Pu50W}8gPraH>lUujIS0Sj0g
zE+M7H^n|`69X;<3i1Af-7isnNaOc*b$Y4FK?<4e1~{S
zu8&zo!Hg&}0i7TUw+IMedWK2mCjR*B^NYLLOo8K_4j4}@Xdk%U6e>%jaT=>!1e2h!
zTVXfE)CQT+Yd+0s>r7-wylB45(-3i!xEJ%TI2HE5`Ag#e%!>Nbtd6(u?=pr$_5>Gh
zUKQzZWxzelbZHzbxI-EiYY`ESfBsPXr|;ox^u^gPQ~8~n_QSjit$Vq!?h%uKjiTJ(
z*r28h2~219nIu$&hD4OxsdZVVa~-Y^bTk~;KO$uM6HgOu2m~Hft1Or$AJ8a*o4_8_hNt&!)J{8>g(^MeK5M~Ym~oEFm@`Rfaa4jZZ><;RAS`oa;7(aUQfFQ*XC?cKJ;$(&ZwVS|stmYyN$mJmvJ#!_#d9LdB>WfnWWcVF{5cHQOcR6STv;>KY
zLQ|OdqPJvNt{B!hQkkRLLJ1TXd+q;o1*ZV%HS5fjW`qS_cR_;J&$plC^s5?pE_N6Jyro0?c&*A5?N?{RICf{{DTO
z$5ki`2C}qBbQi=8S4QND?Ne^!tzQj4>(+q(GSA>WV+#mvc)+9-sF{+vUNs<9wNLg^
z=arCIb11XI!!-25)ii!O3
zn@*q+er@!A2jB-JjJE`{%gBb17d)z=i2E`27Eu8Ujet%3eGdH!WMk_RaE)a37%jpo
zq%sjXA?JRYG3kaue~=vlDvARJExLSftsp-da=jUNKBxNV?yG_QqRaI=J)E~<$!1yF
zq0d-N8v|KzT*WD`_htZx`cj9};V6YukGmSSWdEg*;0Ui!CG!9TFa9K02XMe_iD~03
zb^i^gl^#6B{NjOEGvc-x2yU*>CCKjb0PxcdD%#4|(lNTEYy{552HtzE=~_gYxVB*R
zD;d7lE2n>c^@f3!{cF&bJ1MMVy5xTW3Ys=7^x1=@B%CtKD0=82tlYGz(R<^&%^C<*
zTzapwaxM2Z#(id*(S?|W@*_qbea1eMi?5`AL;_1r|8|9^e(TqCNGD0R9ZevCM#F!`
zVFS1Xyb9;#d;}46yw;`jB@QRjgT*ldpxsm2P2eN!Cf;rTocxgMx0DWE5@|(0m!Mo}
zy0rQD_zFRYO@2pPktKp5{MhpkRzlVjCwZy+N}FbLFA#^`7Pc)mto;d?K=yKei9#a%
z-Bd2VCpR6wIesp<)A^9DD5oxph~ek@I#*|BXSrc5p-yOtgxg#MLr#mR`hU;}nRV$y
zRMoU>aXDd1PdKm=RFOyz4yI@lLc6aobqMeeHT6?n)B|l`|7S*u#`R+H%
z(XuvRfrjz`$X`Qj2uDeV7?u{^+RH?%utvNlSpz85!?~4qO2^Kuh`8SYJu_7
z0w7ZWgKn-=z>XtEM@JFZcMU22TKVV1P!aT=Wg)RF@)ZK9KUnX#i_g}aL3x^_IRpGD
z%L~-%=NI`qPM*jI!Tb-$g3LE|f4nMB=3gI>z9`7yvaE?2d;M-Mwl(s~ICbjEV19Um
zj?CXZ-Ngu(*XLZIbvL6Eh(-{c9LB)1e4Y(EDR
z(usKv-J%FO*{CgG=r6d&?`1&Gew?6eESqu#;~(b@*So~ruhn#y@o-?gh#y~Hjfij7
zr}#xvN%{-6dp@YdNXLn@`QyZrND*M+RegKJEaA+9MQXWUU+LLSVQkU7)+$n6>MQ?`
z@1pZAxx%0nwUaVDOCHJ3pM02~9*uPrCE()T#|8Ui^e_QvB_ZBY(esA?2XgmbLT($z
zSC_P?%Mk{TjqPWt(i=Mcv#71)VEfG;TX}IaBF^Eb2jea#U#>@7bbHDE2})=bDj14J
zX?R>B|F`fYigeFU1-iUcUn;%b%2@yH0aE$W=vav~I~B#Dus-Dg+kJdhSS$sPs>uQf
zFPBtU#HZN!Pv_vlz#+pf1U?gD#)pzBoN1S^2$@V@0j<3E%84_H7~$)U2E
z$7YL${&fDI(IW+k!Lu_4R6eK@paJP(5clpaqqsTzLFb3=-z5j`jP%l-?Y@t`DB;w3
zS#AC4YOTll*{@5a?)_@G?C(AYvI8q%TJB38L>F4Mc0+St)TAYYPv1#$Sled^yEr@i
z4|a(_soq8cr9+f0*VLBC5;o;KpRh4r>$5)k#&N82yv8YMZ!V6;4#K7z$
z|Cu6D9Q5!mZZkI0uut^CN&zDpMSbfe>HOKb+#K3I%OBC}
z3cw@|q%k-CF98Jwx01Z%+w>k~?0=Wy_d_cgz{HJR;8$b*>A^qGNZJPuvCF^r?X&-x
zJ21ws%f+?25EvxEs`ug5E-bQTs|LWHT)gKZuLVlngjflRm5V*_?_kdJUqpEWbNB5MUM(pN11b
zcsidXB{ipHO9dT|yEGZU(k**c-dLxaEhb7yPG|g&QH4Rlw8(5zR>x$;L&7dV5V~=%
zvcUf9OO*`4>w2$^v>%`Iwk;>17@I%(^#gho$6W_cHEW9^031s-UpCVJVErDTep{k1
zRhj;o@cgJyIAN~Z`iIR%&U=+sfS?2(YzXn-S
zuiN({$WHRla&kYFh-zrU>hA6ae$IFG#nXD>ld?0Qf>54-{c*DKq@@G!T&a`wDjVJd
z7OuUYA2w}Vxd}e$!YU~Jj#rD8`!apLs0hDx8rOA1)kr0jnn-~0Z$WCOgT-0pKwm}r
z8SgbD_^P8PL*`$ds{w?bhtnY!
z*^InIX(ZW0g_%e>Boh;~Di`>4y%Nn!sGs=o;X##*fjM+&oq&qJz_ckC_|acq?y3AS
zFz7=NMMC9X;S%ru>QVu0b3BKQq{x#0Y>YkFbzcK4=n-`3S=u{SjWNidk;45@Ikz45}hPnCj9TZ
zv=FJ|mFHk(Nlq97$@L#oxk^(C+95P&0sr0ySh#61)o_8{jQG=fYsSsj0YBZGrq+K<
zP2Th@zS4w03OU5Ex9RsZ_D+AL!#Uzm{{FM<3rm8XUV(ubDrE?j^thDU9898lsV@`E
zf&YZ^*`Bsm1*7`ua3mWlFz|GtI|b-_zI``G4r|Z(&lN$eZ#FCST>aeQ&9tHL&jx8F
zM{DY$a6y^Bi#c(-7EH7nFAg(O4fL%5BE2kJ)|aP*s>vDJKLZgHh+ZV#YnwhJo<`qfhEU&E#wP`J%@fbJK0y|7LhUlItBn*Ryh$bRF1)EcXl>WEVwx
z8y@(hM;ms$@6ngLdAvyRRL*w35m`9HtWfv8+RZqmVQoIqSS7R0r{b6513m(^C+~7^
zI_Ls5+85*0@X6?X9k>mQyJ1gL0>^AgV-u;eRiy(XC_bMGxi|yFEt99<^uSBSt)yzVP
zS}4@8^~y6tqzQrxR$Es|f@YL6nhp*~Cf#bo9zC1k<+YA|rNuV#{cX+9c}n6=ii`&3-}p^xO-Dn43-ebz=FX9qjTAnHkHc2;I7@>gVk
z#y*s}PL{cK)S*SIVg`idvvr0i#2FZ5@M5MjPpyBqI2;{{L}rIdQ@V}bq6zJ7RLhl0
zvJ0;B$6KF-OQndyPh3h*)1#*YmL08dm?hX%u`2M=$lt#e3wW7z6HY7c&Ci6$Y8G8C
zaA_HL@yQNpbeKW?(x~v$_h6*)b`ja7Z{rPAlL4pYvDM2Q`E;Zd4BKCQ?W5L@{ghDc_PS7}$N7U|YPY;oGr
zqj)JM!wA1LJR_iw^%K^_KV^IrxqbtylF(dhxca`<#qExMMvmNTP*S$Km%3hW9iBeA
z@2i45WC+}{iq{AT0z^XHw_dcSqbjsY1R(u3%ApBMH-s+ba(wSuu*40sf
z%Crdh*KA4t8W|7{KI0zBb+@0fB=T^z04Iw}W#v!7t_~r`n3MFlE5R@j-`Wm&t0gz~
zC7%jyW5m5KclaVV?AH5vYF;x`0`<)bA|blGlbD7osq-yWDnoBxI9g%TM-2@^wY^t~c(J)M^n8dML0@fH>zqckzcKz)N(9dm9?_g=CJ#T!Kb)5G
z(r~FKKHt1JC&J7JGQI^pqzUbVArpOxGGP&pm?UUNOjTjb+815{sqj*RMI|Now|0-V
z@6-D&6#Uw{E?1F~vc(Qyjtf`&sdA5@Ji=d^ZkP-kjyPEZL3b-8DO)@)Xt!^Wkj}jg
zlGHSp>0;zs6nFJ~6oH5N3&nH19Rm?7taCQ4SAXzZE&y~}xCvG0Jrk?bmU4<(j33=U
zzJkmW6WSNpN9G&|_SS$v<#$TP>EX@wey_ikovElC
z>P|d38zm&?TwW5(c#&n2|S!-T0591Yyybv7#buqjpUGF@p{
zdpq0uJeD`~uEM_*LHQOSD^s(P>r>*K+n@E
z^4l@2xbC&_uHFM0Q#K#MrziY+8@|NRLP|R^lPTrrIRK?ZexdnDsIV1Lw|ix>VrH*8
zuC)DckRjXI4|8XD314yaeyiNx|m%zP`Qslc2dCtXHtK)HhVW1k
zj9iznOaujea~XDuGq(VJB6M777^&5t!ba2^UXEp9X*tApXm8D>3o|j?rm1<|=B-gK
zsguqJJ3n44_)sz8aO_DjgzopG`1O5Ar}nkO>ERcZu27A2-_7OX$lP|Uj~e+FluYXH
zT+L0L|$S3Lh|n0Qn~)SL7gfaO6Uvbe}V$)DiSb%F37#R5tPsf=N)p1
z$Bu|YqQHHfA8Z_^^g7L}&hV2jBveZ(laYQ(d#|QzE4?
zgV>#$p2xOD%TW<;{0pKhi7+0~jYT);5&|$expnRFwY!jlwWh`D+g}?OeIOQR
z_xU+dlBkiG6^qi;Y)@ib2GS|FDOWL%S>R&%)>qU0KWHxtn6K-z{7QsK4C)cn>!6c*
zxkujq^xn^0XTPK%M0zmiqfOsd&G?t6R&pSOcKd1lpoH7lVO3Br#;EP{&OY@
zOusM+$TUXR?iN1S6~M>A!&n-+2GhJ13eP8HeH?tc{Xjdwe`6-SsntPP=MTTyl1F8Q
zva!DGUWIEH&wQ_#b(Ar~Uh3|N^VOBFG^qD=!@jyP@xICs@(N#>q?s{dwr-UdGjfGOQ8P7zrtl09v~R2!L*n8l$Zv}+jzVK5f%cr{UBI4*0HHLHAmo*
zHlF=O@$Ih7|j7Ty*3W3PNhZ6~O)3CVQC71
z!_67n(u`DYW2OEC+OW2r#Yn@NJ)dtk9gHxs57$tc-KLL}*lyzBKwSXV0f<-QmF^8s
zH=uZB0d@wka+syV_ekKJLkB)5!gN
zuZpUJA9L4g{$u75*xWOvf!)`hsz=qZM$_GUwUHWpyvpXjoDCA^HBl?6h-)nM%(=#Z
z)xWt}sX{h4H`jQ&b9c{7zP;$?SEH+32~2SdJ_~ou;1iAjo%Tg6bf3>BN-Gxiu_+0e
zoB$*(o>CqJatKy4FEyS=tu_JS4KT4c7$gVAZXd}V2j0JN8n1c7w^VQrlq{RP`-?2HK#tfXy(F>CzIK)OREWGW+&B82BZ-uc+2FgIrJ&
zN4pdKa_VQDsYc1#@>BBOl*jU#9wS4~OO#i8!JO;ewB>}_LAt~eMY<#Km!2%Ch3h@^
zKgX-|axehOH#+MA%N276$SjZ_m$8zRX@y
zwt!|~@ud+23Mf}MpHBt-GFBw*dXRkWE@0tb9~`;7U%V>#(bHk*8P@fP{6iI6MXD}}
z6-wtzW(D}+`0$#57I8EFb5rS&-2vM`;@`_L^6`T|m?)o>L5xZ%4vx$0`{T|8n&k;1
zo*U)GWp|X6<|Z3=`^7=}RGwoEn}8aqj>0uwAOpX@He#!4kQ;PxZ^dRIqvmTBivOm`
zl0$jJL0RpT1)S+Pq@HYQAjF))q}9T>Iee5hv=F*^;>>
zL-1k##?e&3riK7WOB#1&Ktmpv>@nB<6z(HUqozGyp(M$n$Z5t821YEC;
zRfXVH#Q;bNWsDu~tzwoDsaa$MU!3{aSn6eqdHFA;+k*HfCEk7S>iOA->DHimn-Qm8
zo#qpW$gW=2Vz8iu7IEm@a)Y}KVSX-9h_LM)jEg^?@T
zDQY;6OrZpgBs(~TZC}Q%
zv;J&xjjIE>(hRW??QN+R&!1Sev8K2+`0uZD80?Ka8H0On_Lmw?p>
z77eIHA!-hkg-v^n7~h}37TgAc9wLDG70wfdGCDbqWq9rMTu*xMo69^Jo
zHRMt-XWE=B>L2DaE_JJ{gk6p(^i{0>EXmRHUTlG8)3rGLpExVAadBHunk>fnDY8Hc
zxsF;;(VEZpJXX8zrKlnCXuV(65Xtir0d8AIoU_cLk$W}HT5&*uOwt0G}*tWKCw7&S=Q(=sqJ+q?`_=
z$auXaUO(#6c(f#1q-nUF!%WdR|FQn-O5+SVf7lOGRC}u4ZGUTbJ&&Y#gL~eC(gpaWU4e1jfA8gmnyhbLy
zN&R$x!?Bo5JyXzr82)flH^(~Pb=C@p<9bTVx|yT?hnls=seCV{9J()KB#sU?E>u5d
zXaAuLwU7;EeY){Brc6-My81Z4ZAb-1AXIuvI5)m!6wkseZQzH&Oc$fX-q7KDwU#kj
z*hS8vAD|l*s3W#Wl0SM2kx|wTilrsU<{=+_?4|DMIFL!U3K4aDftMbEn(tt{e@sYc
zWEwatuvjtvdC+6emdvtht+f{)57UD>Vr=z0CVzm#(}8ASNISUmvBbpmSSy9Wl3rt?
zF&lE6wff~iU7Y-8xzI8F(bCG&`~3_9?{?=7{k`)EEtApuqZ(TvTR2kvY`q_Axi-t5
zH<`cBx3|0rO{U|R_^~)jiQjFT8)S2$)m%C4*sE>fGwXQkRNATwQH>*_nD@offRgQ8
z*3D)n5bVu!P{ZLAGRl!LI5|dLn&>F19!YXdb^SZ}YPvC{194!a+qYtqNw2M$?yvMg
zWM}aXgGe4u&X7n7^{}^iTAIFI&)2OJPX+Uwu6*mWHw7RlLiAE)+77j}v`lytL5I2T
zV#J#t;rhcXBlvSCzzA}#kkJ0-rOs1qGev?D^Ng%)MqO7SGueW)!0(ItbR|U%I*e7s
zp$lQqaFerB5508$lF}Nd%(V;$Rqq3(;uriPu6>|{4=eLS*ZnJr$Ag31C^x)8F5)ldj+fY=JRa9<|Z*OAP*WHWECWoQtSrQoSVK8F^f#*4tZx(0FwyBo7Zoj_1zm#c>Mf%kemNt=yD5DeDy2dqN1TfJ
zZ@@>JiRv9kb7uQY3zeygPLvE-H5e|{PZSEFc=VB=%X3x|xAKm%Kf<1xN;>+Z7?d9#
zyYN-d^y72kuk)7oA#`%eB>r>cq4=L)-KM;^3TmPv0w
zEh4Tkm*>kFr%eQSL8CI;p3;PjGzO_DIaU2?T_(qdjFZRDo8uzVs~FmB#TK`<#dI_$
zWOc-S9vUf^IOb>=}%tzImOPGD3f%^`~2Vx3ti^4PU-@_S;-hrO#Bdncuwf
z6ha$7`Jf@m{F5ki8Rh)ZuL$qVzSr(Tk#XE&hx;S9#JxRppKCl%!6@y$#flzxkv{T1
z>Zx6l4#6@tf+H(#wEIj1QBB&4LQ}`vmq?dL9}T{EYJw-7v`8})_8Wgc6+wH}!;-`i
zf?Y;8Cc{%89cR9@7S%KOZF3Hqv{(5~WTaxViEN1Ebz78Lss!2x`-G?CrC;1JG7~e~
z!MNGM4(c+xwPDC6!~tpj;+U3|}su4?oqhKG+pnzu`?v
z`4yo`Ve>?)Fw==?im-rfVjWa!IdLY$#ih`+@Qj^bZ;>$j9KM*i;exlmeg#UYht`q9@Sy)-ij&XRmohO&Hr7hE68>eDrMKenY
zmkDXU)b9SxxKov+S$4AS0}kOHgF&jj6WlTIXv)OBaI~6~d#svj!W5
z(V|t)fBus&L3V-^KawtycAkML%S^+pi-KhjKdLV5-J7OzA(CeTJS1dMe7vFZ;jUlqL1LMZBcvBK
zMO^aNkHQy2@%eBB%Y2s*2|(F4wYeb@2mxy7Lp}!ge#EHzV$b$__iRwc@D#vXuIQ1D
z>zxFfoF@aOEn4&N3J?5qkR2Gh4JA{fns0NMar63@#uDDX#m83z;SD=A5%Dzo#NnF{)i=%2#>S+4p~yEWdtfcR02M-&EZXt9Y8Y-RUG46
zY6&5>A;dH0fwVH4-y
zDtpeNGJ24P>o#Q_KzaI3CDN2aOqrkkTvIBxW{@Jf0odt6O`0ce+dP
zS4Yx_JZCM8RE}|#_q|YI@BN%RbX8>N!*)^+J=Ptb5Bg!CB9EE6R*<2Wqd=ma&xLGQ
zdXG;~_&Zy%Ve2aLig2q}I58J@0i&m=T-QAeI-;_8wYXaqKrrjt#N|*D^jrxL!BbY5
zFj{c3#k;Io%7Rey;;-?Q&2D0yFvLH|J9iRJ2`BmzViUy@IasT*Ld(?_pG9An>&%t#
zI@~g2^m(Dc7&g+$JoA2}s5ysbcslEx8wUIydZW4qta4U(CLc*BV-hOz8
z%#%3!Zt_R5V%z}-FLkPj(9V-Wv|`!~ItCyt{{=`}rc_`%d5FKgkW0^O%nliU~
zNDk?UbrV?TKzXOEKHYWK=+)u-TF-A|Da02`IO=OB(i6+%G_|h1k5Q7B#r-1x80(of
zad3}=n&F*#R;Fu$j-yFiJ%^>4{(>
zw}XdA$Wo>Bt}1M`gNFr&meYuBJFO|&xH0f_t-QQ$4)2GT>yOhFz(=^bH
z|3f5mx8Wcf1>+#0KuD&>y|XRwK~j9kH703H9o3cpAgcnDAHqc&u7?Cxjx5?_=8w|@SW!rQJhy9yaHS7jSM(2RBM?rb
zd`y+itTNwaqyEO?mM#7lK>`oY3{bZ>_AXp+13`Q=_l$qPhs8*9+w4u?orejz8u1UO
zR#Kbh;+JL`8G|xoNInVO(fbA5?MaWE0?sqaNApMbl6^mPJ(h^Hs{yrCVWQKZNcq8p
zQZTuuZYK4=^<^l?Wz7bP_omJ_M#Phfe8Vp^mClk3oU?2d_IHnsuzHm>-X}XeQI5bV
z*4%qgGUj0w&}h&}NS82>Ta=XewX!P1^?W+`8SrTQ{aQyOH
z+)%iJ{3k1ct}T{yVP2n!SlJ`7i$foD?)i0BlbH6qoE>_xeO-o+{lxLtd*!)fW5v!4
z!;AQju1y7>I8~~o$U_M+Iv2%%z6%$mSopA|O=m_SpDN7X^XA$qZ5Le&qH_3==^`*h
z>zr(HpJa-#asLP{ulI_dx;|C8FDi}VVkh4T-zp)JIz+~BDLN{AcTB#82u*7z2JANc
z%uFDDQ4;;>S|qI>uc9&rja-_Z=JzuFH(~98+TXR4(YJ0_{f<_Zmj&))=kRKDJQCsO
zDmTJv&=H-W68^eqe)k^8=-869$-H|`fOI{bsPPNDxG5XF4kmynYOZfRZ$a>gH}MC
zyOzK=_Z63v6=ZfW#NDkLx_r{@d(-$3_LOuj^b?+6RC-YaWD+EEY`K9XZ}^@~fC|Dl
zSG%JuEi6`=i-(>oY)&`jM)atAJ;-{*E_Wd_Ak*u$IhE~~2UmDVOI45+`bnqZa5nah
zLhbq|OZuNRnD3=cj6HuI&p*``8O>XlVS8#P7BOLKWJDVwK7QLKHz{cgsFZmNd>qs{
z%;lsi65`5Hi0*lM$eB~wdqq)&&vs&zI*@z0PO3grOc7^-lOVaPc$`2V3O#0^RD2f)
zk{WsDd6;s5``&IbDkW4=OJC^OddBMI32Kl0{Cv-pK_!7Q>ynt)53}TUw*7)qp>f`z
zz3aarfB=915o4HN-NFdbS9+Gmsu#i=YlYgFy4IGwY0uYc-!Z6sK{KD!A9PPC!HN-M
zHbi%ya!2+94YddeLWz7n138lSH%7`C_O(Cbthw5qf!YSYFNG>{QTS+NxMAp>W?Hx?
zr@0mK1Ww!*>4!Zmoorbg7&Q$}ERcZ{RWVi9$>_5nl?$MzMH*1&3Ig?nKz>od#RTCg
z_z}EJ$a`I%U1D7lA;C<~x}*&1B?)9MOSp9>Kz*naPE-cU#%>p@|PW-#}FgCUd
z$1(nR_TDAFbkvG!A&2uF!?@Y@ri=5q0)_x0NB3g+XNl|6zHt`uXg=X&Gp>3KY6M;(
zNQe*WE1C@PmYO!v4>b~x3tU~oAaxSKs7gAL-*Z@Kq4YBQB(n(Qbu($iv}VUkSQJJa
zF}!cSGm(f|5U$#W9}(ETk(P~fgH1iZ>(P&Egyko~-yKJT=_TpSjo{BXrq0)<6=qqS
zv>sf|>oUKX!S6fQSlY5<-(A|`&*O0yr|3B2b$5QU^v#Z(-BQ}d`e;IPi4OG!VrYlc
zO4EEd%`ih5!|Q4}XDqAyx%yFk(n0ya!5e{MK*xUrO|n~p>kMxQ(_X;km)vi@O!YA<
zVzS)iaWjmAR$!bzz1W@>#Ys5;^(iqe#iXGYZLls!5y7AvX_>{ls?mZ1OAm&lV5>gyS9(MY}
zutTpjzyiWsc+bktlHXeos9FqZV}D&H*O?D|FUTAvrCWSpNqQi8cs>=`M5ii7tWBfV
zX@i(*+a#vz(%zKf1SMn?GKy`YT|4sGC$%@h+Y{qabe*^R<4>l;4hac%jdg?zQPtwe9J#RkrH@)q$8g2aps=NHCzdxw
z-y56~B)k2{glc?)R80ac4RJpMrN=UTmc`gX1KPy}@T(Ex82)U&w`%pm2-zQ-NgGt#
zwPf}h#_nKDYIhvuX`AM%Xfe59b@9?AHVdaw~=LhcQ^l3OZp~+^&%5qrWr3#yK%9L8luKPM0>PT*l
z_Xl=rksfWvNN=Bqg{L&$4gI?As?o^*rer0f@>gime5#ix^;)L!tYp|NDKU)soV(YQ
zk>>U)ob_n7Bj*fP;x~n-K+r)xK;YrjcX!J<>PtCqbE0lE$F;AarDImrhLH~85x3Vy
zv?y{gML1?0oN39oL~9x`faY7+m)YW+-s6bM{XH*RpzsxSD5;grzJ{<_A+@0%SX+wd$|qP>*x933Azb!A1acMsA>ANkeFp8CLmbPBOKaI7_LEB
z=(sV`Ob)+;Je{H|u4Kd}26`5E!Z{6ZMV4LE^tq$tEUURRFFVueC!gt{PBv9|jxH(<
zUuKpupawI%3S}=EhIO{*gRXYm+H2~TVtLVV>4&-g&Sf)TpU$s
z7#>Wj+cjqYDJPIl6{#wXsMe|1-eO#u4E5k0>*2aED{PH!Z=_5;?i6j|URVziqWZZW
z!STD=H0&xyZqqlJ50;?d8Ab$MjI-Y2v6DOfaRaw0fPP`{O@t-e!=?TwQu|@c66mrP
zvSn~q@naTsI9~i_{yy$%`1CS3(}pA6Y>;HS5FN%{q`a;wr^r~wb~R}dcNHEV-tvH$
z*)D8{8HH$J(knB-x_JO<-t@B}OY`^>$OujN-H7?{%$^L56!Ok7k+T5JT@JHs=={GMt}%
z9;w42+~iChkZejW@4u&&xQ}&P2KGzPJP=u~V&}d5
zY8yS$pHGrTa^3`0I!K?7Tq}D*5b&ePHmUmdveZ!Z4#wx$7jDuPnExK5z6?1buzp=O
zP`8r-vVupZZPl&3X|SF9tLtxxj9`Twg2Xaehb$&1St^SF+a@?|kM){$CNI(#ew?Z!
zf6%15qur|OIt0TBE5T&^JXyCYbczshb=>?sxqFt&Dbj}X#@0xb@6&eE5%T^=jh4hu
z?n#cHooEtz7}}M)%090-y{p6!2~HB~r%#{B@qLzJ;0#J3t%_>)L3&iouVmw+3&w1?
zGN+uQBvzx%w#^&NM-1EJ<}Nz_7D^*T3{{bs$P6Q1XG~HOl6q`}va)iuqzb=Zz}l!%SoB;c+p4PkMa98TH*jIEkVR*%UTL5{qwf~e&UtrZ@9~U
zmvUpeR%&Ksl;u>3Reoj2KKz%)(y++~bWJv!l$4Y
zE%)gb-m86uT}4kk>h2pzQ1j|{wZ;??xenb@
zg1vC(-pC>9bC!k7=j5uP^&^Ej{L`Lbs1%RwtKSxusxkgX1-x)rJShs+|Mcb^
zhV);@YvpV?dG{b1!f2=p)i!=km{mZFV^lF=VY0{^3|2oAb_KqFnY2tB>`!VP>~4>L
zE>IR&wA+S4xCLY81n%4s7~CLrKLV$M%QRo$J&cJc4glHa)n+wlaKzd1J~IZv?Y8)v
zr`Su%p!|{TGp&&5=@f61hY&3TUj*;XtsAGkh_CJ5sE9-bX1?K)eC4$|uQhg3>`Yho
zchV&GlNnl7eytk2SL7w#RN*1c%WhXkYs}5MD%(2_MPUSaX_5goV=U6qmyC)oVvt=dyR9W9-N}LVp`svZf)}*nE;^_)w17AyZJ@t>Vw~X;_
zs;OV^KL?pwQnMf6P{Xa$0V0eyp@#>|{-rAREiQQ9F+I%ldx-GR4g_|G4>SFP<0}+C
z8ZV?8I`f55#`AW|EOGWlGW33B`Hj>pVbC^QWEEqp5BQ4(0sB9&^aD)|iA5e)>rC$4
zn*QM9(i?I3Fc=)0%x}s+1V^v%-^Z^9}h1cA!?+IFX&Cy#l$=m+u4vX;nJo?7+z4cwIg6MvmyS%)qdVF8N
zd9&f3T$|oBnNV3l#@l^
zvvlSGzKGgMZyJ2aB)krqqpV7p4TxcL`c}RE!)kHQ=e<1FGCV!JgKS8k0S_Hb-}q=4
zuoCqPw%s3lf1Gs<`iQvu#w+?Q>F$vxdiq}p0n~UGa^NufKR;r6pfLd7oc(juz=X#*=`%gk7wGqQ1Y@xiF#ZFH_
z5w{-yNDL1&m=fDQZ#9M^A%HuAs|S{b5%H@xoFBtIm2j{HM0DYfMi!2+LN>Vq5BhTJ
zdiWqF%1Mr@4bzOpa`?(AB`@YKFHHph;|40#vB6(klu4_qZz0LG<*c6K1=d&g)B$N6RV@e+P2{GorDB5f+AK$Ikd~Q
z^J$HqU`3n!HHS(3!%1_-^3-CJ=vSJT_3MZOc$U*T5+Xa3fXJ4YeqbVDEu>20nRzQ&
zL(wfyYKVS|27+mZzFm8l>M2AlO$mOlvBwF=6s!F-ttSw;leA9C*a@ya*N9^qGPmf`
zurTMsVn+f2G`QzCYL##aOB$Z089r8)fun
z)KzeeG?r3v#N}&R#pLRDJP?v(GxTD*O=S}kDe{!y%g^4p`#AhJnjYzE&Sp5~RZTjg
z$aPtU3dbPU%a;64j`5Mup=G+skUe#3HVI!A!o)DRp24p23pWF=E4VPXc@a~qhpXJ!`^#K<1vh4Oa3*FJbWl%4GHJvj2&Z1uFNiExBB
z+2r-fL*o16HD$yZz8iP0HC@-W3_ZX4m0goQf~WELmC5A{0Z|iHT-jnm5MNi$T
zPP|E2_@ajVyj^Ta_O@XL%M_Xe
zRYP!{1T2l6=fEmfy*_oI+MG>3pKE3^Jz!{w*?t09V;tgeL^w)
zoBn&?V71Mu==;H+y9pNPmZEg|!k*@>)2a8CNuJU-?;`?SxwwVIRpI|_gq<0|>3SIO
z!a=&2$2ycVo-2iw=ES2W7&@5b%XpU<9qyy9{JwxO%(K}94n8q@1+ieaY%m3i2ZZQA
zI~RJ=xkK)V6GDD;mX%uvbBubt?RBFY{F=q$osJql69o4Z8pdkum0yuaX*^&$On$7V9KDws3d^H6`UYs1Am=SRrZSsj+jASOAD^prmS1Or)+@8;c@Iru9LfVSVf7<&
z&~ccDTsin5Tlu;+O>iJpp+9wo0)mZDRo!;mGJzsaKdT_K^f$s2zSJ!~|IbRn;96lS
z!cT*uJ1gp38F9Tk#e+8@-Km?JyU0Edj4D@xrzC~2dfFGRZLF5X`8GdX;*W`S3ssAS
z<{Ok`UQ{+cuInCZCD)i95k_Sm4WwvITcW?RDC>Rp7o*y;j?AvID?J(ZpzFc0Lcfk`
zXrO5wFtG|vV>MM0`b6fBHoCj}e__@j!WdByFIdQi*HKQyujddH;m8JRS0w7iFQY9P?+P7sRinX
zJY&^Sq*#--lg~SBur5I?V8d^+rPqW;18w{oRa&#(b{}GKg>3`z*OzSlDxjp%&`?T^
zaj_1R)PUgiTd~
zrzg?77vn^BsqCw2rz%iHAn7srK6MQmf4OyPW$ZtQmWn$^nCbS6;k>J%SNXj
z!Gz2b61G+Cf1>O@CnWhNDpWF_xJV)Wnf&2{7~GsHOM3F|%YyzVes|?a@U&d59$p5v
z)jsrjdUtE_7CSb*d9hRw&Ws%UPQRKpc6y^unXmRHGk{u!#j6+
z_;lRafSG);Dftg`ZV<=bIxAu?;0rbK2Z&?@ejmwg&G?i#k$t?z_+L3sAXfsvHzcxU
zo6dTYzM14VvfGZAncEgGk&0-%?zF)?KXkXbZRkgQtoWFX-0aUc%INE!rN)eNq1?Jy
z``}3jwx)@Kzeij}PQUfZxRi9SOgHMT7htF;t@IenM4LLDERS09kEGHk6*4=1yS*ct
z;%2|zxXk7YG|z58b>9v!KLi9qss^koq59Vy8i;bFam_uKFaq3Yy}y<2Zu|0)L5|=0
zlhbJ>T5@akN~A)fN5?d7!{mC+O+#!tpybFxyXS%-+3X|$aU_s5fm|1U)YTo`c8e{f
zwRI|Z$(!cRR-kCWO?~g#7y>seCuwQSy1#5#`76S!;IbjCt{fPGhG6_tGixf}6g6bWpJ&PA{mtV>QoF-?_fJhK@iTph_VXEgsDwV(-EDb0To$4GU)N1yTe&t@swIyVa4?qC9d)UlKm4
zmaLL`R4X=VsNWpy27kb8!$3Dkb?LHML8uIC
zBx3zN8Bh3&Vs2ys50144lT>5-!#3PxsQ*@GA?@h({t7#4h%{%@V)5L0kb{vT;YPPO
z8-_E)Or$~`tW?7Qs>{#voD5VH(^n)dT3zHassB#ReNm!i@Cm;osVhL3Be^-V0zRKt
z@l)pY?(c2k_n`!`b__w7IDi?tq?M)Xh?pX#dPuu*uS3+SP<()yr`_on7`4}n6gDIN+m!D
z=8wWjd>d6<6bxD{Uv()SeWi
zHR*{xE`L>fm!5V3Z#z_HSX89BUu5(HGNcVN15239s5xJUf6uMZBa1;Um$Q*
z
zXLD*ERp~3h9!Q~TLEQ5Qks<7D`bVF45RPgS9
zXWPI*%_5ojd#;Yg++O6tLDxmId|P%f475nAV*hXqH{=%*k+IPkw9+Ml^n-uFz-eC|
zcLGTYb2S&^ZWV6M!n9QY3ju<)RarN2qRnkp)TrU8;*HFnK(H`yUQ-Hl6c60C*nim*
zgSl7DVVMYU$O`^ApmfcVb?>@42#Qb5MxG{FZsydrAQcscoaXh(s82ZjFJsk4=Gc-A
z8my5cKjf}GVj{}}60k?wdH49vofIi0LeP@bf|iWhPF#K(89;z+W?OcB;D4sk
zi?0=i?4-z~ak^~N@*Yc~0*DwRf0n-lEF6hKy7MZA$RAbihl7eiVh(T)yPs><>cj#g
zCMc#5Gi&wVeBXdAnX_+EyuRo4#?#H1afrSaNvI^ucZSks`0zVzH(ucC1tWlsTuFbn
zi=DyCRY=tT&9I|v&$5=0Al!0ZDcTQKTLDV0Sze<3xWlzertNJ+A)t1tYs_7CHzV67
zzrsBk24aWOzT37it#XcpO-e1I?~uCg*x3lPBX;z2a~8+@_qJ1KdS4ED$sNO!MPt)Q
z{LzOKu~&58;JVi7#Q~vxoTR`^#(|&MGiIR@Ym{AT3-
z&$Mm0V((t%&KVzQ_Cn#(%r4U{JI!ia%
z+o?&{pE9YX=8}s9jtg~@_I^9Tk{l@wun|bh>w$;S3^%BE5V>D3VvzZDG;uYjI$>^U
z{B{;(g#Yy(hDjlT*IV31;zV3UqD`F?iIS7K@Djisc>!dy;ybAnWULO8A^2e1e|$mQ
zEmO}%->2Ic00mbNLHrCDzJ*W_D|^4tE1*iRhA&%M-@=J9c%1wWa|YaTq~$qsv=@TD
z2o#kR3OI>}+qA?1uTF)ZO_4*n0{~h_N=6HGu1h6KsIxxXSQ7NQbmsgzwXOXSy
zOWuQ<*C4Zy
z2de7UqJ+o+XveiGZ4O!uTGPQb)Na%{>CQNIFekvxRPpJzbmm}h!uI3xikvT&#Z>kf
zv@Ej(%<6w!39#ZDKyFcvm%GBW`dn8f$*1#cul
zBJIp{J!~ROm_ZlP8&}a4wTWKGTch4eC6#EukfZ-#!}43^Qv}aT5nKLg%n>5oh!%7a
zMZ=|hNKd4G(o>lBF-vW%Gi(S3r@n(V&38n|lB0nI4@(-j&1V8N1@Q}m9VLy+szQyQ4VeY3zMg5UA
z^%}kQHL#x5~j*9pY;aQVR$vbm=P9`oYI5+h-xFA^Dkos*B8|D2nfP#6Z{r8hZDT&83%=5Auvbon6|#$!09W1OABzhmDqp
zD~Batx23EluBz4j4}L_tlxdm_Vh`7cg5tUE+n*G-sN$RpT{rwY*x)GFzzP5$A^+7ogoSlO71JS5q
zMrEVNuUR+7{=dB$@Ni~JlY+8EU0pf3nI3OVih}_w#MLv3
zsnzKRl?2rc;ln84`co(NN%-zj#r{B=p9aLo8?T{;FcLL?^_%jrlo6po;9$L|wRM4K
z!lR<{YL%F!6Tbss0Pxcc&kxlEL~TrQLiwl{W$aCVQti$Fj47!IzzEgAjNEM-&j&D~
z@GzmQK=)BxUyVKF0aC_iEZW#9Hbzqa{
zbkAWbAe$yI#Ylv^e}ssbmbLx%Ux<*@z8ud34x1+%&xzmS+W9hSlBC9OYYo0DTy~$%
zdK`AnTpTb&xDogn{|GmDsAIZO(Tz_Qt%+>nKl`)#$J=pb$M|#lyYB4QuNMhh|4GK}bmSxdzK-I?N~2&jPkXyhLC7r}%mUe{zv5TGAO
z&Wqv3mro<{tOq_NoP>M3fggYR5
z7|xTA-b(LlhxW~+$bs6`pPge0dXO|&FC2_jN%r^#WPy4AJgUB<+4=1UhpPy`A1=rr
z2o~>HI^y=eq#h*n6}9zx%sqotZsCdEJpEBou3h53fMQa)n^Wre<){oFP?c#zc
z2D5R4P+?)?%>)K90orI(h8U2^Vud#msl%XUUVlF3-iD3MK-1y=@lhb};@y2?9LMK=#eMXIQgx+KVyY@i1pTM8t|BlsufRrNXcoN|
z{B^vJb};c>xBIp=hG5?5(q^cFYq4`iySCwf7Qua5Nb;(%s9IABvG#%h}8LPG&JEw|tm5p3nqZvcrfk`wJP`~MynV(c{*%PD7O((bk%3q-l{`%_c?eX9I)U2e%t}`TWFJt9{yzm@v?^()OEkV3`DE*gJH>wr?kz76GBAzvwyB;b=V3a$rx?U^`Y3n+o=~H|kA5ZEoy(mnh
z59rLZoSngZ^0C&GhjFz!7)t!A-`G*di_^fQb_2m6U`y|JCu)h7duU3GW(PYLkUw`j
z^q;a1F%a5&iMdi&SN+GFjhJ;L{+%}yVb9876K{?xB?o0!96D>N|^`_OO`kkg|?
zvdOoLS+ySC*Bd$Cp@+X;`UbE(s!n>7!9i{#
zU2=^(pu#mZV#Z2(f(r*DxT=}>19tN5V9t4nUf!oYB}lfUQ|6Mzz+CEK^5x@~$a0*ARV1jgP@K?0&uDXc@e%rW1<@SVK#$mjf4o
z@8e?|1Q)PW{pIdgJbP01S*%&pPWs>70l=z3fb~%u)Q}3x
z2I-jlbe+}e&Dld^`XU`Sv$M;5H68E^Q6$lqyh1CQR%k&H98Z_CQ3mZh0ykD=izriy
zC*y8w4&A&6v^Y)DN0ACdbNJy+xab)_n~L5SN)I#m)nsg%*j$3Vs$-?i?N2%X9!dbj
zH_9jybSn_cMJYCFn=dI~!NR?O3>>%}@)_}YO&|Z(?YC9`h@Xy%$U{UGV$8;J|w2I(Ozy*Sg9DmB)w8Z~tWI*m8
zFt`3M_n%txQKNP@2U)fxbg8oJvo|`yQnh>yC?MCX1&-azItQn(ZI@XS(+-XHNAzo@
zirw;PHJGOV})M~9v2XA=?fLYXmh|*S+LloyM#jFIRRxH^d1r8cE
zmmRAAPgtsfuz>iTP5qmAuUX}@fL0`c1>(S>6rQzR5ll7}mLxPT3kXj}iW_X77J48o
z@Ubo=m_v6F93epSAqSrS9^<^zhgK9KB{{k+ki4?HoGtri-
zOo1KQGw
z;p6^%uS%>K>6bi`Hv}`dl5-3pQNS)hXTwFomerkyQk}k7ZFc$gBle1g?t=79silEf
z$XnE%#h`PUvbqR@QdkiR>J-j`%eWuX)rF{nQ38&EhL88?nL)CqLJZ-85Ae=`9?G8Jt3ZOrZy
zz)W`bOD|^)V^8!|!r%qn0eBmwdz3kvd6CMrF`)(-+Yh;y`@uX5=u~?_cE{UpF`nVW
zcx(>T`S>*3EY?%Nb!hjy7_PJ4l6pLU(=XB%`AZET{!lQ8Ej`#e4VD+fcV1Rk%K%?sMvU9Qz49~P6O&85dj?^eDwWNxFf&
zemP_rL$DqeporNfvSji-HSsm7L6IUBh1eAamIP~cQO^qn2Q+Mud6&|NWT>9byt(sX
z1HQ?tOs=n!jx9FJAp1(LpBsFobf%<#&qPLynN)exx`Q?LWbEHf|6E4^0^R3k>9jAhcQfQ;82j4(SC91(|0_&8z*fs~
zFgOZ0JHn*<YP(^98)#=E3qU={k(la2KWAq
z<59czeV1~Z%LcWW1NsaY;SZt{!I8}2m$xMId%&NU^DN$5KqNE{o8lUC&$9+Iw8j}f
z3VU7~=|&Y3TJHj^*$JI}nBEnTcYnfc2@1N5(1aRkP9MT({
zJlyYHQ~3~R`M&aEst4g_hY;kME+CX4*LCy;kMgnVO-S7yc-QF80uzjn`v+^;)(e46
z9E*Gf+o9d(IM~9GZ`jBqey^5;&}KL4L3pBJk)IP-p|v}k0Bm(eT;Rjj-lT!%AA}$y
z>3mVeg2zGLT7gicYn>}?H~}@%_U-nZN;~xv-|x07*w-u70HYm9t_Appl}~5!u;itR
z>-YEzIs2{Uf&Xp&Nd<{&PEi|-Pdy$-Wmb@sm}%-5e}IDKb{;lK@Rc09>nPVp3&$Hg
zKzp&jZj;$q{VN%7DF<>}OBA@VyQ2mvKWc@GAUtZ4*e(ZL3+K#Y8|&&6z)$`MU|8g8
z8OF@EhFs6Q-Di0oxN>r&C?R&CsQSY;?{qfIq_8IO)VdYM@dU5}bF{&iDWMm&-nT>J
zZqPHqI7C!+-yn)2`^|{h`e43Ttn&$apc8XF{gD=&`#CzKsnYFpxaxB~2-uw3?Al0r6w5*|6O$_l{YG){~ULcJFs?O{R?BhmBU
zVcW(#4k;Jn5TFU#l^NUw3L@51jCHgyEg)|AlIu9xV)Ewt!a#8k#&dzmu9H_ykgv)CO75h8^D|1q3kguun-)^f6(Jq~plLQCzt*Ax$AwVEVzt_(lFqa@4`_
z_M7yYieI+nfb$7)zd54Gw(Y>fPKD?ZRzj>HAwxLezj?
zGo=$7^G_EJpQPdzEyId&a%8`^trU2%&h2_yuA`*BC0{l5Zq;~L6pTydyuX{VcLeus
z*ZDpF-O+Yf#q9F>0~3Lg2EcgMDWoMoS7K|{7k>S7IO=v*Sfa$>IYLB*&$(<^s*F%N
zD?%7ke{4Pg$!DH?&PPTDrUc7Na0$*2k;3``tR7-$pJAT|&M`);rlx57N&4d1;HgK#
zzwoH)w`00BGX6ylDwA678&QNHOgtUPwQ$>Ki5*tkTgHY!ZCg$&gg>t>||iir_27%?a+
zW^<)J;OxTP#eUNfiqfMb#{MPrth*8(u=`W%au-Q4ffp|Y
z3N*JGYyYE*uJY;S&diJD#S-$NGf}mEu1bh2m8O@UKeSyBOa&;$L4mK3>=2s2@K#~<
zG^)qq&pMY&*3^gg$F^#A;&3$WOuh;tOrj?8NWCg4vrP;0RaYh)ALfA56T)+|M(K9T&s=Q6~%`nrq$0-7>2<
z!v>=US1i1bJy3Mf;JUTq$daG{?^yS`?GeXssNl+9bo%oPI!Mbv!rZRCfv8_eg5kAN
z68a#PywJ%Q?j`j*tr)~wm32Yz!0IZU}3jLi*pc#j?GyUY&vJmSnI0j!C~zszXSZ)py{EGgft
zS6)x6pQsV(J}x_cPEEq4KF=6*IseMQ;PZCPfFXIMx!XKV#0MY5qH3otherRFP5p6H
zqo~O1Te#I6<|0$#2wSdHbbl=t7zmjFP)XBh@N1*iMLp{Qn3dRit=`YykYd!>c-mbz
zLp&oT1n&=n=l$nL!1Ro)5XAQFW}ByakTsuUpy&CNfktt143#i4Y9%bGZ>9Ku-HAKeV9V8Z0JgBT0O1?n&@xhoN=zGW+Fyqn!plq)te+-8R4N2<
z65$Z1T8*MXKU}YB%ah{aC=X|=nV|{7@U}lcOMXou?Pu2%OP-}?YoXL_>8lpw``+kw
z{5{5JS{IzfbFnB8pEN9^^r#U*FVbmVn=vq`YbcjpZsT~agR`^+jzlE+%??{1mREw?
zUj=)3{V~K$%t`B8A;s)$QdfN(m^7P)NHl#~e@LGcN>|z}FjgyFbbY<*g2FRVcnqke
z@w;t*pti5suMxZ|&09P2JM@|&xbm5DnR?1$**^^Ar5NB>7TbSI_>L*6Hn0tv#K9i|
zxR}jK6;-_Xyr}Vnk^VnN_KI!jhrnpIMGMY{2vY4gEDvSa%<(ujDTGd@%k=QxYQqdL
zi4u;I1QqF+_MnS^ev864U;L&_7X@*)MD7?0{>kG*#Crccg}$*6k_@{b-|~(o3b&7U
z?D4*IG=6vAo3mQHs-9n-dWj;q8SA9PrOmb#dj9r%tIv;K(pfFY`rh1*2C#52j9IF2
z&U(m^kdd-SZI2TOqo(e~zqV**Jcqc)M#aSTm1rnI$7Uh6f#7*xq!A+30I&FfYTy;>
zyA&lm4ZGNUrQs0RP|)K+;BUy?v^*Q`(p}M!imvE=+66nEiH?V&UQyE(V!va#0O=eg
ze(E@ocBk_X#Z-8L)*CJ1xZaN#J+R?wi^T-)uSd#$jvQ9cfm>O8CZE^v#vvv{h4Jc#&^_vyoWi+Zlk~k%G?vJ#12n^0)_R^QX%rd1d^t95y@CkG
zd3xiLw%1w|B(~Kizt0q}!)1EDP!e}J9Cy6w!P=Q4OuJWnD6jaEF~!9uEKR(0So?3PoL^t`WDZvn7~
zq;`e?j%`a8G>~|5g9%Qc;f_5FSqCpl*zZ&Z7#sIhQmVyOPS)#p~qQg8%7Hu@CPBvH0G>S>&;p*TFb>
zlJ>=MXVR{kTJ=~gl@it+V7Rkwqm4YJ_ehxoO;M*ywLP9UCc2<$ut$?Z#T#WevWMT9&|}hfar(CZ1%7_)Q#R{NxX3
z#Dn_m-y@qVdbU9rVeewyI#HHqinEwADMXpyaReQ<>&FLenV^b2UHllzyuJE_)d4pR
zhO62S#32D$MIQmihUx6>S{=_lG0b>`^78Xk2mmTLuoe+}hzltT$$b2;OG=LU8;uHJ
zP%$m-1eo>!F&;uHg{;t0OAGe|99E3_;3w~dD4WqO(DoON{I^teS@fKv@-uM%gH7<}
zZ*HXCD8%P^f9>XoKsQzax$dl_3V$n(U7%X
z8e+88Fw5OOLJQO7>o(hbUvyPwC^huGc5K2D5*s5mvIqPLzItF&65TYg@oJQrL+80b
z$qf3X>*cx^kY3h0Qv28E^9WcJ<^UI?AMk#`O1{Q}PDeQw!keTywR_1DHkUkDe~7bQ
zb`_4Bhg5|y%fov}+8;Ar*Ee+eTgJ@(X{n>tewlTS$jmMZ-M;7Tur~_Ie!b1u0Y7KE
zT82Gs=U3P88{4pZWcLu^ff$kXCu}PqP?mRjApg(K%
zrV;50hT>44N|pUi=gZNlG^L#ngaU)Hz=U65E_*OQR+aF$aww0Ac<$n52FLvMp#ty
z18w^aM@gLnZF35_fQ0?_U#I){@1mb~sS(zRQz1Fw?X1K$JJp!wOsYytX+~_Fv1AxS
z!+s8?C@ETj)2N(+U^98uTK&6_MbS{y*G
z#P{(rnuKCJqn1=_+jI9R8hLE6gl?w5rs&%0^qg3O&U!vyj_j%N3q`x}y@*i0pLDmw
z2w3%p!lgsmZ*~7FfR4a{-cL+Uk7*?#(;`eukDX%2Ewsl179YmLKnT;XTAh|$s!pV0
zeAnJ>bp{yQ{Q}s%woJUxr$J!(37u3Lpfj*kr)O1cj%$Ss7cS=AKW0?9%?*k{a=e9e
zi@bU(bAQYg+Y!T2eZ!}77cRDHDO?}t={B|kvNjE^%9u4P$_S@Re3qRqqA+LxB!Jln
zq;%rF+JOcUy$sFtH{Sw+9zolu_hS)dAo*K(ZO1DbTiXXj*cxx5O{?nhNi9WT@C^)+I0t38&Q{QxWO^Yp=d1d2m+wsU=Uz40Nq%b5Zuap$CEc7{-L`c%uV1nkAfdx
zb`m~R^4^EeVxu;t3dH$e(UN*@Md=Lm3m@{CEcYUytKJ%|09&_&T})<5$A^1U{GjpDuEoGyAhyq=MVMU|mXq*PsG0
zC}`^D%x1|on`v`mPPOmoyhFKiSWOFzyNTl)=IaeFXo+e&Y%Z-rZ6A+P
zX*T5_>Zs=d7}4VY_W{O%=YjG!Ol?b!DB+9^_`Cn}wV@YTJ_c4R@Ckr+FIBlJR%Qv{
zzyYMN3a5d2>GelcY^>xUPU0YM42xDB$d%NQ8wjsaqrA|C%m+o~e_g66!+1o9!mFcK
zW%=SdBR-ad!fpT8dU*!&>F(@|+hGw6IY*$?egd25=y0JT<5+s3-3^UOK0T0`Yh%sc
zrY~aXE~ZJzT_RCCG-diIm;LA2C{;mxo)jI#Bdn0;Yj9l<<@mKNHi9P2e;)yC%~7Q<^=G~W&Yx{4nl@3AlbHHt41~&i;4%K
zB-sQWXLDF8hx+Tq(nexx#FL0f*McH+nUC_r$fYi8bS*RQ4Z2)8EKfmN&Q7yP_{9MB
z4k~#m97#_8J3E-ZO+#ajMtDTT$De7DJm1?W?)TryRz4JXQZCdKL%3{%4M!z=Dv@LW
z5M;3|csKBWKV43w&((GgDRkbLFofSA#CCYZNj5OdXk1*T6S?6LWbGmAi9y1huTFaf
z=sl$85CJ{#-Up9{F>Le^>4qRr0#1}V-boUZJRz4uL=QK=dh2BC(@~*la8aN<_$*db
zrZC)gJ@PMJB98;+@Q;(I^D69G)_HMPsf42QSWcI*u{6Gu^p;KG@I0O_
zIJ&@kB2?6CZbdME1I0V;JqZlpI-Sd<6Zo8x8F@Y$(^T!2Ch(qWI;b=0Prt?zx`w=kFw^rMg;0f{|hGM?>
zC{a=*kaSG>LK`uS^m%qK+4f(nb^KC%XGU}bl2WpY#(!593`S9w9$IL=`rj`Z|J};n
zwNP+Ymc2hB6nlXe4%AVEYZfn*wXP-}vPPAs-FV7h0Gz9ZdRJ#MG|^~j_zfTHoHl!q
z4)!a^CQ$arKCRh^WNF@)B&Q2s=xLOnxR_+m**!$F9`3B&65YA8_~MEKnq4`LAWra3
zBss@#Yh;TPT7rwz%Gt2ND*&!_viSAi7!|{6v1(k-%l592vsu!7qqIeot=>rzC3a%ZEGsmr{Bl2%m9#+C*T%i(P@fo
zGrqMNp675{?D*OBdRjS=BXC4o9873@Xc!m)5XEC0x_^!$9>zBqtB8k2A@$OY&Q^oz
z5PSb{C7K(y94t)OTPh6HtA&yAXA|%=W4NlaUXYQQpnqY4aFuR1JRbO358!M-AIXxj
zu@S(|lh5mxG8`Pe5Mx$y8^db!6~M(Nb09y57&|^*8=DC@SH@g`#m1OYZiq@-a8DwT
zmL7~H%QOKs1gV&&u~aUFWji=`5TslQX;C3b-w8kdTtU5ZZhaWQ2VNuv;l@B-k2mNB
zV^b?-rsV&jnHme~mdz$;P1dhWYse9Vl?oql*|u0-xTY~SAt07hH~aJLy&_|s;KB_F@kc0RSKGyj5;^Hq!D-hK#cAmI1xT4@b_GyRpTXg9E$FMl1~_6>6Wd8$8%qqRsakC6e!WPW6lz-iO1TsQ4|e=%9@MwJFQ*U9b626!tA8s1+<8HN#F6zI+;d^Xon=?_DpQHA
zPbXOJ9vjU>*V;9CoQs(S^?=^Q8arM6x&hB*Id^I!u)00K7mSyuM0ykAq&SX{9|ycC
z9dN4}fkf{1K_q_QlxWj$;GqBX2XHC!I9dW>XB-V;KIhO;S`ApE#KafA(UD3Rp&*Dv
zU~EMCTx-zv3`E|=|H_1IhvNE_r$hcE8K5hg;n7OVof+1#nl(8DuG{WVN?@m|Is-DV
z08ENf?@C_XYF;yMz8ey}r%*EVq0m(-JSw0FPULl3wU4NK&wWz*hVC*6LUICayCa1MHlCm)2^dFjPJ1AJN
zCDQ&aAVeS|)GajF7lRB`N)flNPNj^+^oLDPpUjmy(H2SvGWvLVMHMqp8k;G5cz7h$
zYzqu(N2P5GMT??v(0EZpye#o0;{O#IiYMPy7alPT6Hvp(=G_6%kqjaP2x3<
z9d5J);C(>c8R+{i@Cr&844zL#U=Q_fyAaIvg$2w0e-;2D@|TbK+LEc(aMG-~?vQ}$
zC~E{@`41RR`G_OTDA5;4J6&+|MBZBs3KKoei=7<
z5BjO7sQ6MgSo|9II+Y>uGh;+wiERrtOgDX0sVr5#xMX)2k*Ht&Gn%%=h;(7VpmgUU
zi0=I+?B`0reT+=>+k6~z@6+XFyVIU)@e9P@*BcYRc78WtSO034gz{;dJDk6FCr<6Q
zDR+lmhPc1$#@6g}-}lJoYhm)!K;%x@49PX^gg$`;dn+gtbiHu1^q}Lw1|~QT1K9;y
zWLo6G{(t9*e!_)fUL$6hns5Wpzl`HNLYlXn8J!JT0>8^htoz#>hq-K=TB1c-M6x@W
zqOA!zTbMt@&IK_2HzgvZU%XsOCde*DKH8w5E#^*!hlKT-R}&!Y7)tutuP2@z(MH~O
ze_W1eK9C4{t+csnc%O&n+YQ2QwAgto^=9*8fJ0+5&T!dPsF>u41c)c>$-0yPJ6(XS
z=JbQt<#2Lej!?wEQ#LNxI7mTJysGZTRT<
zaCrej{ZVqTe7%nJ<5tL=voh-y|0z;!&b^FZ4%?I~o*9rSxsk0xAa9?sU1u{M&#Aa`
z2VeXlAl$Zmi#)EnUFEKhezBO_lzmBibIBJQ!^~UyqjxF+oxpetUW1s7u9W#Se2Zw4FD?vmCDM_?VAN8>h
zRJzNNg4M|Ua~lb2=*Sl&CqNf)<5r{QVL5ItBckUal>Nknu^kNh*c|89F<`3X-6kaT
zWRfL4R0N-@*KS7mCq}6L$bZQnHW*tkyxSk@AbD?k7WUSEHJHvjLkpULe3!`L^mvXJ
z{>_jYinM$*G}f9Dh>;?`tCcWS8`w}hM^+2*2w_C)&x>icjDE|5?BLp4N+Q+?4E#CC
zYWHR$aR^04_mLqOGLQjU+(K~BCzfy5K(oPDMiky>9=p{h0LBG$SarG_AtRuXE9SE@
zi%O!+{HxB9q%8VU)F4DX=-#v`W=CIaqc3bOUR8M5#Dh%O
zb$dQBR1lvl9pF8F#RG{acSoH?=FM6!Mj0CaJJfW&V$yRNxXIdaSQhuuc8KjN~yq+c1C3Hb_RB1wOS4q+U7KP<|ii1^z+
z0pcY37OtMTY|q`fcJPr|@1rO;2;HA*#$eZ6r!xvDM8RcI9}*q|8Uuk>gh7>7{c=Y+
zpnl2h1KKa)O*viWMGS;x@He?&@K^Y;2KxV2o53JP>kXi}GRtsfXa4T!?JyKl#8Ve|
zj=l0Nlnh`W0Jr;}hb5o)`Py26fK4+NeL((9qH_DXlxg2=X9p;7H&ZYU5uCknN^oEx
z@J5jWoCeQ#KtMvkREx1>wIsCxMNPv7az_Q4O(9mq?*FyB~CN1
z3sJ#oa)XV*YpN1P=0Kc$qQP655^xwk{%ezVCGE>5@F*>7b`D|cK(%B0oxY^Q_a+Q^
zR9-|xKZCs;5M;T&o|2ntRj5%2T_zA2z!nu3lS*UD{sOo-Z@`;=F^a53;xi?u9BXPX
z$hkL}3`~^rlThYQaz10pZ?eyO22yx>8XO}!1#3V>HE9$g;%6-drX65HA{_4o>kKes
zA?}BRVjh%>5Me8Rm;6=A`aQi#+r%ftBSFqX#1k|jyI)oucT2K%ps!J2;DjQ2jP!M(
z3&V*tF5--*x(kj}*qQG%e#hO)Y-^>@u=(%Q$=97DxZW&5FU3EwE?_^QMp+XWGivPh
zyVyY*7D3?D{5W)lSwd@)T{#+>!1o7K7iMcx6a%{|CSKlUWmp$#b`ZzVYp?*evY1l?
zG;k;=0h%)zzSKb8M#jPeyGIxaIKpB`bL4SoUWI)6E+?#BEf^GHpr+U&@z+J%n}i=b*>89Q&C#FpSJu|Dnnm@Lj+?^~@fzGObX+)t
zLQ5onT{#k}9@!y3jAHiP4}sZHg9Ttw8lCR6(YVnOB&=&F*t(g&CTGbj;IE-B9Oe_s
zW)7MgnbuZ>2~obG`MGe{CsMeAMP@70X>*Hn=)q+8)duvGnK=%IoaPL+#$DZ6EwVfQy=C
z1YwN1bJ?adlZxWR&_JDrmX>mG=v^=o^P!@n1BbMp^VQ}U%0b}PTP(5exBfS>vtF(%
zP=&tU%Vakn@Ai8kr=Z{fy0~6FzJCPk@J`W`1@8O<%;IIv{ZNpxI2gxAWK5!&1e#ND
zwVhkV1iOVKWB13u$K2K#4eX{LcT82M
    ~co^K}KiGw9)ZdJ0LaD&lak
z#{c`GM!^yk6Ayu7P#(1se*PDyJ{p_`!muRKDaKFK>Jkaecx1rVBp2W}gG0dw&d58P
zhq}$;jl2Q1BY?9pE^-q%I3;fX1l%`)l2MU`##Ub|Li(vXWw(*pR}beNryvA
zSfbnji17HhCq4#WKD{iJb(}Tq4$vWQs%}|}S8&2P9yS0uhCJp!yl`g;6%y7WlTeF5
zwu?($n7diaut{S~icdG{}{@{Q6@6^`zBz$&nDQcIWs*s!=|2{bA=QGZs
z6HejD-J2JG*&V|6S=8&}0%OwS)V=e?(@iwqmp?P3=|wxTf_FL
z_VfGz9ysK{Y&ZtyJ3vO+VL#0o5l1NyQoq6K%^Y3TrH^qPMK;*2_T&EUTy}<8t`{Jn
z6`{iDu0o|+&ar1l0E|F_Ojtq-4XvXGPOK1_#sZ)@;tH^*)|F7kT0q`y0mram2m(v1
zDv&M{GQ@^z8B^DK>j!Hi|L^VuFz!>tgeLa4-nk@jMR~YPZ>Z2#zMLv`f@sum!u_^G
z?Y4U?am8nM2!dkbX++NN$;{fu@hOWsmz-1aw8Y)E?j_0daaTJ7YwyPJs5|3kbEe{#
zk*lBt#K27X)ASTzo%z-5v}o!%PJTeQ>QOO$r!i4x>gqe}3TZ
zA>oc4I0x%7G^zwop$x-zL!7O66v$92j?l;wcrm9y?$@0p;Hu3d2^5o8DQUfLZkC#o
za6?{DOJoPqMRu?H{zhrMY7*`%A4E96^J1-jZNUx#{1>s{>%9?rO7(3YK@a#r1!Gk8Fd@7
z_sy(z)ClfX_nwbwf^1hQJjj
zfy(VBx^X>_n^t@qe9u5W>_
z%u6MH4QC{0L@3;sukTy2!faYM7xoZ{GkE^;i}Bd?DE1dO*{7Jqr&+jxMm7D0i(Y%1
zbAQHce*E;kNoncC{=-
zyEA$T;({+VlrF3a>{1xDz@nURvNK0w!lH&>3GO8f0$RnilasipNmWRZg8Uv^x<9GS
z^}6DaOCcOKTXLi#8z0{0heEbuw`s?;cEA0m1&M5w^9~I^s`h%DSXO)KWt2apdWCEbUFoUe*R$k
zuGY+~(0XJfw&0<=3OH!Y*`Ncfr+`z4d7cFU`E(2zV!~R&FTyq`h4urD?fcK_Ez%(!o|Hs`%KM{qT>d+X`%&x
zt#QwtU${=QGdtQ1ZHjGiMSkch!lr9EP=odQ3zvM!^b@3L3_0kpy~M?L+S3yh14F*z
z)3|r>cN{fktf-M9$!m=D33yL%M*b>5_14sALGKyBV)R}LuAotrcpV>L<**>D*vu|8N
zfd&QeHyKbHK{0L|8KkQFFP5(+rUD3bx{3zzBQ;||JW~{l!}h*2&maFTp#za8qQlaB
ztv-=zMjn0v406Lc&3r{?MMUklQudg`aKblEO^$8UjVlR+G9Ws*((>
zt-qTB;m+k?MLg2j5^T&qzp#E~tRX}6=aCUI3w&P2i)jz45fYQ-NR|}0xcyZx;mVb)
ziO21cD%Zuzmn)$s=FagY&pqIp4Nc}f4;u)IMM(&{w|M(FpXJSPgDo1P%Ad)sjQLvL
z6<_~AyaUy8XFds*{?bTWs5Z;ZT~oR(qseb-VR8twonq?JPfrr-P{nx3O6tfJgyU=9
z$Ukw+1}l6s2E#w5dAz>f%oxs!zc?Jr5_T|}v?1Kb>}9&na&vyN%dAf8
z>^7b39yev_N{S7Yf38Sih8Oe8SH6~?ao%a+L#~)crnDr8`wAFjt|o4@-$nQuJ?0WY
zxa$2Uv>_&dss$yIjNMJElR>#rUD*D3*JL+Y2umwHD%AJATd6CC4P-!p2p_GbsHj1C&shw6^*J(*D#~cr=YMe`uJJQ87;;Xv=qEi&;CBoMceP
zv0#AOo-4polq-3_0EpKt^>YIyVFv6fNPfPQ?+{h+fUxGEsjD}_
z%;}vOIjuH#c7J`peEu#s4A`T3$qW$wt0UQ;oR_{KLf{*w+>E)M(~}h%sie`B%7NW*
zji}B)?Af_8rxTFE{=nO|o2|UVQg^paLOT>cZL4GB!k*1MthLjQCVlxnN6Jx}4b`HJ*jAE?r)`26igJo@tGd#-H)kvUKo3RDj$eney41G3#vtYd~>47>IxhIC9dSU|98
zv#J!u*N5)JZcrQ=3d$wW?jfxlzVeN{rfH)sQ5Ms~jwpW=y(_uLSCuvc1Q5LWBYH4V
zAD9%IMzVqaceH!^@ef@HI@KTEcaM`Vi~WAi@+$$5pD5|p+!zaIABd4ivj!_wH&3uBdv+&c9pD3NRR|nM35`!T
zXKNR`f*~a7$&)WWeE#?KDM=k$^R&@uSMY2Iy8jA~3MeuLU@UAp+!o~qVE;Vz?=h}}
zA#)DI4~NAL=`X>)=X>oKaGL%$=UcNcuGaT=x0jRFl0da_a{{%qi11}esh!zY$&SiD
zA*b_n-6ajZuM#A9D^4l>{ZCk{r~W?yn|eN^AggDM3C-X$OW>%Lp6VZ=p{BN%N*kbh
z^GFnYgwt$4{gjPn<}4U7ySvN
ze7V5IM=lvz(Wa)qM{PXNzooKrik*7m&f9lQb^Thkie6%gz+txF>T{z6xA@|Oc0UE9MjP_SF!c<@=KoVzZ3x*LY%3(S5IJ5zzVJrquK9k-&;#SC5Ue3
z*3ekeiqlN8?YQ*XTf1$5+hE(UY&ZkAwp_cxoS2;+&HE8m6<}0l>Fou~ka<{-*cTkX
zy?FzOx@gx1E`f-1MJvx_W<{VvW3ZEY>mHEy!RREW-s@EZ1Rm=inW0Ck`=-1uWd=H)
zgDW@2O>7-MN@GAkswxWD<iYcVUL8PC?=kUow}X%mY}o|n2U^U+7l8*g|kG*&MvEC99s{X
z`#;1o@xYgvI7JW)Hs}m&&(PKLbceAvjMbLP@+x)$JhBJA@30yg07~8ft-}|4u6dT*
zZ{{3tnX^ws_ij31p1kyYH_MFV-MAXdL@Y{qfO*UGpIVFRfm;^fCIaMG;ufoM{7dA%
zDm-5ZsQZ2<|#He{XIMdtNk92pO=#BI3ezRZ1XcAkW
z?DfxAc%0k=Cf#7-e}&>erm1lKDR*Qv2ugzkw+5ViesI!0c}T^+?O%7)6zBx&1ZU{x
z+0H_{F?L@01zGGiV;X~!p@V}U_D_tg_JVDs&DiLWHDd2_+K`-GsJ`kPOoy%YTB?S9F>vg
ze_jXGqCUw@3}oJQVDP+)PNh`0_MUL)q;(Y~U%rW0DJd#q91UKTH1c$Qho*Avkgzoa
zpUe>U16#2GpJK3eyfz$ZP-GX)nPQMea0x`i0DVFZ#@K(dL=Ai7R?;5p5K=pvBc3Lm
zigJ6i1{g|gL+)B#WFOngE5Ci`O?(&;T2tDr4Pwt>I(4H-*(H3&Vlh)|76iyvIUow5
zSS?JEMe`8~%V|!a)9;s`Jw*i-X@x1S%&RFhkHrG&*;(Z(LZ2-45-Rd8eV
zwsN0{oQ-O37E8a8#Ar~1O$A!4a$$u+JTc|d1z(SFq~UXrKFLxb9p`0*QL4+i%D=)}
zt!6d0PW=x`V?z}Ys3*UHz)T2QPYw)8`F)10sv5l48sf0ZZh+!FdI#hg9nZUE4?sbR
zCGBMVp`DhRXb>t>YK>c^CAtnO3`)?~+JfIeC~+v5{8{84R=^;Sf-
zszRKg@^u!SLAX~G*0UlZhBV*@J@{zVfDm__)|qhmNe?d0hW(06!}p>t(QIW-Jj|M{
z86xq6h$p1V^C=~U{|OrLi3e7UH9PcH8fl%mD!~eIb_9{Vc;5EQQaF_iY%kSUwq|OE
zxlDn@(W189e)T%hci(brBjfR@P3K+Nl1MKiNBk=#)k8
z51-2|Lt{v5;CC1!Dqx%o#3KJv`4vLC>rawC
z4zcW3a6K$>au&FCAT~|_edol{O{SYSKgxQm%JdDF>D>#x{U}<^1-XQaDbgRJsIJ(|
z8VnNU=t{4Jzy}qz141-^QM{a~8X*^?hM?)Ito_T^mdr_STP+gd
zp@;43d|_jsq<5&tiMyUe;XA|4xk!=zn+(SccIYru4LQbObl6wgl%0{6Uia>vHh%Sy
z>~B*rSGCkR;4hUrR%w4*G3a4K3HPw8C=eyg##j|c=)QLC2yslbKR{+$Ze1f_#5PX}
z=D_26@uBO~>;hvVl6sd3jR(4PT$zP7rpRur;lzU1f
zqg1Rd^HJmq`vmK^9L4N9^EtDT?>wUDA94hUxUZ{2EM2+;5`1W5D`Jc)R=d(s#{fCI
zHV+Uk=@UZ6Ce6`c3KP+~Rs2;>`5$T2g!-=~+=HCOyRKJA-lEvT3PAsw576r_F%Pkr
zpJstDL*Xj9B;@R9+U$uR(zxb9e(tx18c&|d<*_~Y&p&kT(ZLcUHnoU$I{&vvNrx1o
zTN-2ee&D2BjX4l~@G;pQ`9ataWyv%RN~Nn*Xic&QHCIx>vB3H<>8POlYld|gGutn7
zxDW(~R38MA(X%2_9r5xRtw2fpeW96$3BiQ-Eu-(@~4RVO_9sctd8G+`-=U#CUlnqADKdCd3}ghTRp80!FAz
zUNdZhPKH3)5i17CT9a13A79tcck>3a2A-vU=kmxA{^I%%3+sTwrBdKDuHP3;v5UXU
z4?i8jtp9!GW>kPIFrdEWESV>3cqBiCq-&($`(J)>SE||00DSR*g+OAF&~}#x{`gFR
zRQhZnIEsRZVo#ye2K}PXkc3elB&;OZ?$8|R+eL({BKO)TrpZ!oZbBSclqdAW%9!K(M(dQS*W-cB!kDyuw6CNi%aY&
z@U_WRe{I5srudb8FeugQGkQbLV`}k1gAHBv0*h#|!D=uiEX(9a6=0t;CwZ`lusQ0-
zN>D=87iBmfk8V@s54?Qw-IS3G_m2KMCAXZMT;APxnHNnGV$iOe4v+1OZu-IBkX0=H
zAk5PjEq{R;wAR*Ex%ZaxikY7`L8jgK^Y2c`wjV?5pa^`(EA
zYJ@>WGZo8TEGTO0ziSnFftIP0U5NLjYxfde*>>W!`NOIXJKu+TAzVaQvEi^7$u|w(R
zZTz<0^W`Pbh13ld<$k8sM=OxXM~!jnqz_nHAo7>3Lz_Z25S(iM4|l&QM#ua61ih5^IO8$hvFTU$M>dFw3q!<@lqA}L{LWv1dxF?CeB+A%E;58Lp!Vql
z-~$^5^lk8+Qk^j4aEL~M>{nucQ|`4Aw|eeYez2#)E2D7Jrl?eBq~$ETMuCBw5Gs55
z=vAKZ*4-`teq-QF8L-P!LH&PP#E@=*6!&%#xQ(osTNK;Ac@%S+GX@eJ2{`jq
zq{fVPr-)%~1*(jrRpEUp=8gSMb%h{8md4>HQm$)ucGkO(f{*#7u5he?*-mXle{W9%^~*LyoX#tQHy%w%4;o7U
zhXe4iPgNw*%@uXB%i?O8@da~m>Cgb7i;+06j191HHvlEA|6bP)XxRh8e44%KD`*EM
z;66>n#RS5dia=YE`lZ_RJK_+?FZ2%#Qw4-HT5g;$R##YC1X1#UPx0qkxOrD_D}Q;Al@_#y
z;8+>v84nO(XiBRDc?SZn8wtzraV2DB0|08K^^V{hfU>LscwR)olZHRQehX+2^XA^`
zR)rKwEFtka1Fk(2XvG%-&R+_c+z>@1201Oe%C
z-;(Ln$g%YQesN>(|4C0zpOhvO;5)Yq;9KT(I8*Xb;N1?jY{3RSQXu>Zy-MX^^-b3d
zlVLCeX~nfB)|vR6+hA0hn3Ji1f@6l@=pkUpws|?U6XlDuKAQihBS5khb1l{Q-yDES
z07bljs;=+GNX=kiG)IJs>+P?)ZX_9=d(k$aK;~=>he-3~rVg3Ko-Wlmb~q>kMuX#r
zuXprZZ8~8&9s<}6E(|GI37w|eWQaJQ&VGCe$Z;bpV+LTW!+`il!Sff;1qJvT8UT^K
z?Cl9j3YYc~5VH~u-I%N(a1#dR|N7i-PzHYlt(&IicoNf-EFPfP6qkaRG}c*E3c$}2
z0f^>csi))}&@%=MtK@6I#RT15u45%EXDkBS_CxBiybM4nOa2sP1?qt1-BCM)5-wko
zZ}D*kt{8%D>g#mJ!*u_42HgYqD(Wrp(+Q>z$prw0Azjj6Y^zJ}xFtTAd`TJIkadi#
zDL%ddYO>@#UU>mhrTyvZS)g-g34(*oER&$O`={APR2B282l%I200?Qj_fX23YWlKL
z&CwpPhCJXlI?;D^?f{JlWOR`<1BhruDqa{rDJLBBLrmUWFivk1O(d=);cbjAmm9K^
zT-b_>?|p_2@NSOsf>pwUy=|&;#(m)Cg>q;iovZBsbPL=ZVDBGLiw}!H6mi(g!GOFV
zB_K4Z4+W4X_|(D||8kv@P*d2gd*C=CJX`e@G=&?Sfn&_so3J5`aQv~(8ZAkA^#YS2sWBu^W|5bX5%fUJ`8X
zRwSEFi7=l4gq)9j@Z=~g?f@l-L?v~XY0{Q?!h9M&E&;=Qr_ZhHK)a-9nHM
zVJn`s3ifbdlRE=XBsu?cd{t6fEI(S;>pPG7Y1WUbt`*Ia6kC8C))4N=(hzhytsnKb
z7d&hes>wB4lUxj>*DCv)6Asz+r7O}dSSl59U%7=Pf{V?&L-P9FDm5P6COae}Z*OiS
zJa<&^1qC|u=7HbowJ^39OI{Er9wkCr0@8W(pjwjLZ|iXcBJ8{KBOu8b
zK#@x(glZH5vb}*mVM6-nB%|uKY?We-f)6yqFD?WSaW_$TtKFrDLv5=Vi%?J+d#tPC
zL|T$k(~aQq;SW~KHsg)q(m(cdNNi^iV>@wrZVtM#lsWaxwfsD6k|v)kJd<R|8
z%~Qn+yiy>c*x&J|va+nG|H-u`jl8070XG@&J68~4uf&i(MvGh{h8ZDtGBoC27<=Db
zENNI`mObB}UHSxGklA!pPprA<`l?YV_4Y-(X8cvn(+=ag2&>)(VGZ`=YWsSAWf4G8
zObAV5L;bgw=)v0PSv7yXcgU^JdLj6(H8YdK^yoK8#^p1QjXYfG7d|fTlkv>-hAzVv
z?%0qS>v;rYPwl@*hQKZjOmUE%DLT7tq?^*mb~3qUceX}Qv7sna8q2oMpebGkVQUYK
zvMt(ozgNUYTKpH*m?7ZR#*(hphVSOXz+Gin+GWYB8aHmVkE4BrGg7MuQFzpHy`h^W
zsOefMkhN%z>ER#)-NX3ndv{})ue3`oIxAWC=pU|3Sj7CZ5!$-@_T!GeWqX3l74cz4
za$H8}w=RC7XEWeGU8?xSFB+7LyZX}3v(EIY-q4BI>*k8S>7_9MA`V9TAEu*4Aw9_$
z23Q_;L%$lDt5e&FbvD}iWXo^dW(F;%ad0hVndckmt}{f=6k!m>)UI3&(PG)sBj
z{s$vE=G4cRxxVt16R-FKP|#@r@&{8{Nzoo5%>^qdRwt~aI_1U`{QOpam+$7jIP}sh
z8SxW8Ud{A}`#bCZZtSoN5E}Qr{;rp^P-E~!s%V&EEDzpRSa80#Ak$*wkTCDdGF^UL
zfkVdSCbsb};fDjDOVes_OsD;VRw;Y6U%+y|_cWP#+HacLyCPmGN4`Pa-+cX2sJ};k
z-+DN?!nP`A^XGPx$j2h%+1i&fW{tYx+xomabM;Gelk6C=X}r3^zfD=cQr&b!#oc%<
zp2eNL*Q2&M>&8&02i
znyFZ0yie!~JTL9PR1^-{>6Ozx09&3Hnxv|q*AWLjl3on+iwiHzIu!Xk
zQE20AHe~ZgZ21qBRM=90g#XO-u$`&00_UtB{us3i1?@BJiJ;%8z&&1{W;gi?*g7lAN72oTs
zEmW@c6V5pGYQ!6Rlt8vL3pH|?4uxpzxuv+vRJTXX@TQeNk6-m{+!2ix`uLXrZQSD%
zF#cIK7?E&U?)#U#LWB0I&5eaKx&_r~M&amF`knc;X6NBBSpCPE54uLudEAZuSPi-C
zj}VVw(Tq=nOTWo{sx10MM$eVY4}OuBI;W!($+a03XMFN6#&(uTkqrvm6~I5Sl=w#s
z36@OVrlvqDp+s5$IrlhAoUvZKkV{usf1S`9ja@~TExYolD_!fcYp7kNJ=x#-0!e;m}DsmF&0iUyXk@HtPsG|^aHic28U4AzZWqSfJgBpDkB0DkHr;Jj~~_bIi4#r{?=nUVc5aTtmbds4+fz?
zgI52Jolskv3-u~JNj^SPFJNtRs5O-lYpY$Lutg0F;?8VnIkW~Io)!pc*v}-!cxT@Z
zhdEW;sQ&oYq)gZw8F;r8%>o62O%;Ejv~(soums6d6KPKde>h|YWq10Vj&gmFaoFTl
zIEl7|4wXMSyzntoKI`F7lB)i3I$Qa{=ivOLiWUdaKX2%M{k7UYXx%w=@dc6J|VGYj0~8#Wt`%
zy;F?*#_+pyW#O+e?h6JBz73(By;iM&3*~qw>mKl}szNM5>qOZUXi#sP^a85RPpmEy
zHKFrPtvfzRaGw?#0T_xn$BDv}EdWC#mR^ePA$iFHia1%ffuLfiO&Z<@Z3J~$yL^`C
zN)b!4{xBdXQ;>(0(Rr=N%fHR@vhZ*WQ<)yiEeqKuJi
zsr5T(2f}#NXzJ8$c1d%;@%4Tk$e#@{cOie+569$zxQymB5FV=su~KOZ*+R
zjA(QI4{Wc7#@9FFt}=8WdcVa~8YW~0-rsups1r0rO@y5ty+YA+WlJzr01!;uE$>Cl
zgDb(b-Pa#Tq&#+2|8Z&Yvdw#Bmh8gCZFSdxfAfpBKR|Z@x*i^fqol6!=5s6sFMW
z#-#_?BBJx0SVhrCNS$dQSjB_>jP<$Cj&!?`kUW3=>dCwztHHn5K_YhR86vUk>Q!2`
zdzjN8=8-@TE^mb{gWgDjgYnsdI*ZQMJ0+qXs9uztd)_j%}F(A}Q2
zmHazy@ye>%lP3x`^D!JOK9;7Hx=n#g7S=6mI9S|IgM5~GIsXLx)X3X#Q(ydSS$p@_
zIA1b=+pK$I%DaT76MjR=p&L>ZeuEJkJJjX%l$=X%2`F`6_PpCC5wOO)xUvyzE}PQz
z?%a#a@60+|(JvwMz}iMX3$`dfojCZYn$o!W3%9oH%Vf|+(ImyZcJ#Qc`$?_EO68;d
zS;sg%^kGP2wCYstb2#$1h6Uj$HQ}=OtEHk~AQ272xoZ7K*Am9Q>9=xkeI(n5Q`mC3
zm1E3mP5EDpiaU_RJ+RCpC0F{#TGJ>fBF|YJzr&-$Nrri<555(rtFU$r!O4S(d%esj
z;T%i15hn!1)cag2eJfh%-1RsZup{vS1Qp25FyzsJi~>I6HZGL+16B?#4)&owu!Z*f
z4=JOQqN8%V-7%ws2Qj)4B6VH~@?qkcNu0Y%x^s39FkOXDnmx
zcE!Z%lf1WL%X(MD3YS{XLxmBLqhSYszs?ej95%iKdVdfl=?fyvxV4SGLh~r}{1uK4
zHCNF#cYbM>L!BPOsjJiN!Jcq8+1C!e)*TG~zb>{8x)Dmyzh=Cwug&ckmCIF))VXkJ
z-(s5u$(Z|Rz=wy!!M#A+N^MM!4%a=pJjk)_y(+WxZp5G{i!_BEZ*ccC#sdlR?+@U5*5Pw7-`n9E?QU9~kwf
z)fy!s00A-0R>KJN&FJl!(j=O)Hp
zg~sW>563nM;o<1R?@aE3ZMiFHr=)ytIPAZXL~798iyfsG{`_R4p+PUHS!#+~j2RWY
z|KdH9NN~@!m$qulx1n;k)y7IC^U#v7QOID@$2tyPJR9BEif8&5#x5Wq>iS#?wEi2c
z@jL}*-qF6tAZ2V@4B8;d$?w|(1|}
z;|{b-d<5I2szi2rF!b<6tN_yR-^n9Cq$3kM
z^)kgQ1%$y94nP&7fQRyloXkJLJtSjwx;0Ta{uQdav<8ecgBQmcZ&LQK_knRL4F4xWsSFJIx(IR4ZMqcruEJ}6g7c1x+
z@N9k&NT%phYcLqX@V`9s8S?6}j^|dU&X%xF#)L3kJM;4$XAVPPqyL%$43aHj
zCxl^s;+h-Sv>ncJ#g!BXn6x&|KbeS@#?db(Q!Jlv@!P^%vPy_mgwRMDtlcr&G}cN;
z>7|_Kn#X_;3f7wpZmNmeLT!_#9hZRyK>2@E|G0!C4Pq3E*mJ*B<;o};t{NnR=EXr0
z=@kbbS(p*f&nq))92O!p@ajD~QLE0?>BUVoX=^SWa_!wb$Npz>_}n0AXk0*r_uS5x
z8!aa1yKcDo_~h!FYS?|XQEQds5QPCZ>&2c8!;}K$H$lx7+iXX*jpPRXiiq>Q`4So<
z{4k<&#z@WaEg|~H+S;F7uN9+N%66-U&c?v6{wNeEO|i8{^YfHcBu^3w6~#IHd>bZ<
zO*O%~t$3&G^Gq%_BVsXGm%cZ~9r1`!r;JvfVb$Bj{eUhd-J1m4OLGU?W~_h=RZOZ0
z0SJ8Ilr0<^2HTnqV)@CgzYOeZnh~qIq;Q+1UZ^mJ1%cHF=(Q=Y9W&vr*c;dDgC34G
zDXDoyJ2WFv30v_igC%s5-Z_FVVF
zNsqTb);P#rZ~nA2`1HAu*cC~QB=x@hX7|e3`CLWrrmMT%*qJ0{a&O@*k=qhcq-Ku%
zP>gUsZXuFp2>20xveC1@UHh
z_4bKC8;X(;>%~kS7T;)+MNmit(<+kC_3lQOUQ_(YHfglFbQC`tf@P5PQc1z&T`x{lOL+?<2YHeq4L@%}A|qwY
z!tw|o>@fAA`A4xTySX@Lyw)
zpoEK6=Rrz}^mFnk4#bDvA|_IT)BxRb4>*!Q8oCQ7#KgozGf^7h?LUqhfInLPkXS~q
zFX;RY%o04nC0~F}oYRd5!NfzAF&ySAx~N$w`UkfFQNK@GNXfC6)3Mjdw7^C1)gQT;
zbCeApa4X8G9jT!z^}m+b=u(odV-%@#iyYEn4(6&y6p;*N@}P|?7G&EvHa-?47>
zjE&nZ8tZ2Stk2~#3wi=??N(*0PZ}8O
zC#JWAS!4_hWC_oe?}a;^X8*m}&K%OO(Yr~wtQ
z-F-u2{C)(3Vu7jh2~D$K-2&1&tgEi3Xc=^~Xg1nkNQrQBQplSEu+`
znv%}hSh8f%SRF$KUjcTE`t3V9`x&Rf%Vyh04E#OE7+bgYEzVTSJ1_rfrvwVNSjMmBHGZ_AIT+
z{cMUz7%ZHpA1@(#w|+%(|G`A%$ZE9)^M|Bv?H}4U#tEE=&D(3H67E1Qz3M`7V_v61
z_vN#GDlUDV{M(C(C*bV&z-d3T4nk{8D_+~uPRJDbN6{$I&8GY+3YGG_g*BKZ>>L((
z-j(GlU#n=rePoj}C?kVn|6@0ZyQAzvvI^q3vQToOw
z$HRTn0YAn_6eG~9<5SI3RATG&*fInqYl!Vr#+cOn9>}5q<&aba;huf_B6D!>4Gk8E
znaq?ZYwsr!%Y;~#RDzo~TRKEjKb
zBX+l3I4m4Tf~%R<8DtaD5NhdC&)I5imCtvuk{eJZymIxA9%7sKLXBG
zev#DYuU{M$WB3^txn+qfc<9hZaY1GFWTM)>k@Vxg*Aq4VA!rzJzKI}S79gSMU3MXw
zeWV)%U~H=(?1os1L?uFI-7Z+PE^GD}`1EFEJ$-BQhIaflaTg=1WU|nwGPbM@WUazJ
zp;Mur{4wQ1w1@}Z+3$=OtI`uqm6If5q7M`Xso=kT7uH*>cyl^y7M25KAQ!~FRJk;_
zOyv^-pn|Tqpx01t%uW8oRdBAx>LQptl+FKD{d3Fkt_Wl`*PsZXnr5yOWHbjzC)8px
zD(-2+YqU4P%8r24S|t!qT~yBX&7aR0nu#pJrx!ahkWY8NLzUxSCR+&zc;6&m`%KgT
zz-pc>6%|o3kBw=KSyJER`(PjgVGJyf0hH4bGh&n3F5G0_PJZBsiw0b+gd{e)0T!!B
z9Af^#MpguME*hX~SyHY?@QyN+PV6?DmVpGH~
zsspr;6kwnX04TK86C%qAVdO8CM-|rHJ}Dqz5d43C{3t{;G1145Uny!!AnFBb@*|*R
z2xh=kP3Z$Y_n&?kdo*~s+onKCifGu|r|k3@T|7-b%HhvB+Qm|o@M)6Ia&L5^?47}Q
zu86}6*D02w)~{cevspNkk5s?<0ABOAMBCxA1fC$m2G!ulS5anpv4o3}cvSLi&s=Sm
z-&*AjY)kwqp%b|b;)LCw^BRraJ%z^zdW#U^dkV16S{Hc%Y3V_{dq6t2Mg)@h+_^WVP+
zbiQ!!-T(_o()Fe}V>+MeOjUZ*@4t7LMg
zq(L)9m|U;~i&0N@%L)&tNnoZ{8b_iKR#v?iwSHbZq8z4`w>HxjHN*~5>$SL_NxAg8
zTNZ9|ykgp~FAjU8|CHYGWXWot>e4#HVYVV*GES6pqQ}UpvMJnC{52E)%YP%pmzcY}|*Y10Yh7qOt(j)@8y`;%-QsC5i
zE1H3Bby5g-VZH(_^+BMp-cYPQb3j+IK?6{%(WW91#6)Oi)W|GAKTzs{5{sUp!TGWO)Ufe8j@6@G-^gr%-3i`*TNc;xbTsTK
zob;Qf5w!(Kvx$X#8Yh!h(!-m}e;z@}fi1iJg%q4dS7Wm8{&5PGbfSJO-LoimeVdbo{_QaRpxXy4JR>oTXEN{p
zpvu(kg@&7XQ}?WJ%C1d5WdH7Ja#rzahOxx`YzBjSwLz0jYvuoEjRm}rjFrsl=0!w
zLZ*MlH;>4!ML;G%jEWt2uo)3a;KdQZWnnU7vj@pxF~*}oasXQ3ihx0ecBuf3QsM4SYtu-MirF{o>3A^E2%raaf(-!@
zI%qD|IqPyL6K16jXJ2@VW`#Oku=AB!{#9qFi}^}U`J>?%L<#_2UAo?nACty$tu-60
z4BMf-3YQtb$z^(ZZ+hbQNwlyCGLk3g`Lj8+s?GgwDzWssP$KXkbkr>AtXjVUQ-fZ1
zxo&Zi>rFE8+A#%Z;NHmuJ>3@hW5Z&d=I-#Aw7owy7&#D#*oRA@jTw9#hfKZ;U-L}C
zwQ3Qk>&+CO$-9ePC?~<*91i%=P}{lc*pk=&{LVthXzaj%GC@x!Pfoq_Oxbcdr|;!P
z59Db^K+yf(kMo|8$JNhVx}wFC*fp$vH)_EO&-YuSvcT*MwIoi@=g{*mmfqL&1w(9v
ztHL3q_T$@mTv{dQ@;88!1wDgfRQCJkHg3oNaCKHuRegW7heLNucS(cN-67K5-5t^$
z0@5Xjlypj$AR#G@bax}&d6&QcxcA}m;)CcIXP>qAUTc2m{LCNqo3e#G*`kC3P(LE<^McUF0WUx&^pE%}h&qZ+K0u%Z
zgN^i*!;+%1aNtf)UnM`6!v#{4Hj*Z5mjCW`Y^uEFn32D1r{{ga#o@i!NSpz}c-Q2R
z)oDp7F1Xq^H+h7!RfcN?VCpo*=ZauHnsM=K9tWm9TRq=Uo*$P*!(_B-)u7eSP?xM^
z>mJCy4MdGa&PS*1ll15+=~qKd3c8*j;Rnqz%k_lmu>*JPTY%SW!EU?>4mmY98)dn>
zpZ*C9M+Vg+Bf^$U6|c&H?}g;G&KuK_jDisE^Ju)+m=3hnN+Ea}bbPt?5W4w1MiBKM
zg(Xe&r7KQnE)Q9QLbxM2AeOmYpbw0c>a(TfLU^E2Rk@Nz4_j*8+|E*TZ}nSuU-46U
zVSj5rxKMN0$%H@VQy@#L@`!@V3hvXoLoK#H
z{g4xeamFsxtHWUu}o{oc8UoY+!o@Pc62M@qfF$sFpq{q9E
zKa`50C9vmTOQhz}d?yi&+wC!kd6(4lcYd*#ZLZ0*!_Tsj%}f)qrL<>AoeHF@aWnv31(!
z%fDIwK7Y8e|DDb!@bb;+@<^LJhwATRUW}#d$>?9yFL^Q8eWdCDn=M}eT)|-
z9xt`9pn`UNK=`g#ldG4LNOO81Wd5s~jbFWdl6m8&pKdL*
z_kJR49K;bWuxQwh;jfvITk>m;5x-msw~UpT{9Cd!ds_#^KRk9-NY9O@6$OQ%?2h2iU3VR+&7++BXP>7}(0U-!v^d
zbVmV3kIJG<2IHjo{a*_l@w%OX&`I<+-{r9p5?sosti$>f6$pCs1nI~=S88e<(kY^w
zk3NRHd^egUXA<$=aNUa3JKLBD5|2uzM{lwNV5?@CBE&eWe}JO3VkL)i)_=a@-@%;O
z*_1bqLwbk!et+(M@P`mVS=q}o#xukgJK%C3zG%#Kf1;$MRLT~tL3js?20WG^ci8kf
zI}`y!F{@0e#_HS$9DTgJnt#(V%ES_V0Pd}H-G-|wD?DeYSOfVs#%^HzDG>>k90>-1
zVxI2r$ghILvg!TR(~a{iKP|Lv1bu|ztF`Lz(#J0%
zK?Wy#(j~49^Esh?1I0hJ!*2iQM`P>7o^NyWrBO)ypL7qv;?U3Diloa|kKXEFhj0@A+@3D=6L^NP{+^4DmmF&D<&p}v(zRmJpA`F
zZnm&LNS+3PBvp~zg>C{d9pt>iY9vF$qb~#t3+wL>H?RwyH`jj+xEW`BUwNFk9p97y
z!Hb_X0-1>0I8I`TQK6HPESc)fH{Mg-grFQ`Y}wbs<=y}+1zgSZb-QyNLX72Un~ps#
z47<>0>0a8SKNSv-(5uox;1^I>;5d8+Qy73dH7^s0(E#2H(lX!!`AhR9_O?mK5(#)5
zC8$%jsyR6WJF1dLZZ-Hf*MAq?)Qtd0%e84NOF*lh${Pfr!|?b90-qnfbAWDXWN=3PTKEBaaX}`BaEO)P
z^EgHUBe87+8+9x
z{m}n7JpWX;&1fuAp_U?xuHWLkG54(CpxczfRd&ivA}T5DcgsF1f_O$!k3qtF+80aw
zFY}$ne+7c1iw$-WmmR=n3G&t($;k|AoaQWS7vSO%GH3C*SvsHCla^|NiKC6q!W-o9#2#;oJE#WFTe~BF(+L
zRmG*lMF6CH6y*3pmV=#x&jS9>VY&<-y@Ag1TStDOo*RZZDwtKnK?vP=Z+EQI=TN5}
z8=?$yR%tBRx^*`Ag{ay+zhFtih^j5m{*9c^)3KeuNOE(A<#)sO?#W5vqlPLS>%&<57YuM%|8N1GPvDRlaoXJp*VsR32rV%
z1>&VGWP3#dtX#dP0awAHf42yAJ8`zYGFBK
z(Y0k0sLF)#zd>}dJH@OAFcV>8puYZONeY@@O&H(hg>5WINqyx=h;?$Pp-a~5BCt>~
z%*K;lM1?fh>8iTCfpCP4sy|5=yUtboa`~G<=>FqrL-|Ne;>^JX`M@YG~NS
zl$sJHwl$b-^1XQzs-PV*B7LA4@{uX5SA$;)+c}ko)_s9Ic+(&>6O(2f@CAT-J>RkB
zW!_v0U(6T~*ZvG%S2`#k`5mqkb5MdJ$E-8~t9zOiFARinUe7{)Z
zJ-yQ)Z>raKrph^{wOY`874Z6&k9_X_?#>^uovgCG>6+${Z=D*!lE&M?2wx8X;Rt)>
z{ke&mV)U^9A$T4#7Qqry?=abfloWFk81ndN^md6KI8J$t^|B@=Cc64!{qguzwP8t|
z&NuWH;~H89g=u+WqvIfjl9%2&A={6-hTl`D0NZ!Q?QjqstoggfIQZ)Dr>mO~1V)}3
z!Crc>5(x`at}~2HO16w1HZB=9Q$;S<|KS?EFv#AR%LwLk(;Bs;5A5TI5R;W9t@MVJd?a*ZfUD1!2`n81dwFFG;
zkA`kn2?x$L7H&{&cD6r$$U88}|J7=mcEM81`Hed*u}~{_!1%wzsLbQZrK9
zZJt#0DBmv0cFN09-PpqWF3&xHobFA6I(Y`@knZNqo-u;PXFx2u{hiKX2Cw6BLf3Lf@0P0Vgx)@$e?$k=(Ck2U19g=`Mu|BEi$9wzJ$1}ExC>T
zohrqV$7;gF#0>fX@rH_^B}q=nl03;HUSFrJ)WdgJv}BzS9qp0{#?1xgmAc
zPhD?K_#rcZ=;ghv-UnIRwwGi&xr?cRr&t+!E<%GWoi{rLQc&bRQ(Lbc#U&)xucGFq
zgfNJz&v_5cU@7vNq}SHM-a0Pv&N=cPHLV5^e_yub*Ac5B?rf*_1#hCd{QJ-8oHp3P
zf`WfRmSVll&v)+qR8#c{0V^T~MJrYo`#mgWHC7+=j__$Gj5|6Buk+scxBA~a@3bLG
zE#Pe^<@yZ{<&`m#PMa4;sEx4_g*?L4;AZ2+-
zcUogwlg@W7)=eQyjV@+d^Zn`_Z%FtN?6imzo4V^54)q=?F_P6B)0ydVn>|Ey8xg=@
z7t#mFp`jG~EG_AvVfrLR3s$>yWLq!Q+q3`TnC}DkKj1W`O<%e;EP_vfc9}~9t;iYp><7WFhH)n0f=Z)L3KNIY
zgiLqSV`2RmaaYZ7jkYlb)-x}XeVJ|IFy!~yN9Fg0Wuo4G!%NgQMk9|NVcZB*)wC_l
z`n?OZB=Dngh&ABx34ap6T{)#-iLE(AKWK_|0`Lhz
zzAE0gMo~lt^3z}PlV$_f7stbsF2d{{vtY{OHxo;{4^9=Ddp;AM>(a9
ze$onqev)2l?TX&{aPjA?|HDc0;65z0SSLKRsvBc*;MZrImAqN{ClPMww$u__X@<};
zQk0svpqD0FxgO`c{yJ2}s~*M@8DCXGn8eBg&{
zkZxUSQNZ#-2NzTb>BwM|#Xk8%%(@+xIS-TR{wQE3as&J|81p=R)^jYSB9-)4rS;`Q
zgw71*fHrv|7xZGUS`lj7BJwub?iYgh6k|CaWYC?333Z
zi^k!wz}cq4<^9K*7}l$@O@H{l&DvbV@W&#F0y-7=VnTvy$~tQ;6rVLxXI1=Rw~9;d
zwSUXrh;!l<;PkTk1)4zy@f~;suHFQuj0ma
zR^iJm+Ex9Wp?w$ig;2w4;#Hz>XxKRz>qZM!mYT&G(Dw7QAat|7zOLZh6QR2+FR3pT
z&=dA;4(8&^*AEHOqcTo`rLmq1H>{C`uwK@NsXtJNHbzwTQ9$p8qoj#o2VAjDeD?*CwvHYe;w-BWC3CRfUY)#C`5}serx0OeG6A7mV;aLB(X~%hTdBTh?jdRVTH*)5d9t`Ocu;nbXUFl
zYn7j9)*x(hvh{2b-?yG*qhp$O+^1-^uZXNxuMXRZ9;sT&TMpV&Dk#7uRFt8p*;YeC
zuNtzoW>IBIqgeZn$Z4(or^XB%IW#*cToG7|j{Upf;EsK?J^9mQA;*{8+sxDAoqI%6
z+&|p#Y^KT@GEuQ%|1C{Zq*0xDua|zAM?FyM0&B&_cIlW-^ufZXht?S9%e@+iMqy(Z
zt+x5EBLoT@kT6&NCQ!5U$8op*8b#V6bAL_CC_0|$P
z@?}Dj%p1SJN)pvnTm1lIf?@T3tGNEXALDB)2iqwPD)`L$KyF75XCyr5UVO%+Af|S%
zZ!On|xM{c!^2;T={r&C}4mSVR7=^M7tSijMtjCw1jYCdyv5uyt1NBBRD6f3)Ppq#P
zq5DU!e@#tED;Yd9Q?x74$0d={&=?p-(hbjz=r#mjcBBl^2oeYbgmYHH
z2`xh78{+Q!k3aeU%I6h1l@+(N?np_;;)dDM#B?@*H8qPiGky00^LykPP1g
zu3RUaVN!y%3~UeAK%DWQYDlMCxM;8v&F+;*tw9d|+8+8sFIl@J+@9jJvT3M-)jl-_
z)umvCL%A~LZw*FRIer5?==@Mju&S;I=y8_8r+DwAH)>l$VE3uF-`#_s2Al!LMpznD
zrXtgU_RVV8<^?)txH4!%;h@EGXAsT9uPq$wo=({X6a&Diynno3@;L-*StZRa5_x(BND_zhNAS0
z1+INU9iG>sTVq-C=CIZgvqdbrP2!sCXKRM!rv}!_yvZ7tuf624m!H9Q@~H{A!w~{V;d!+AL=a?wyw(U;xBy6zKilhv)cW2$T
zjyB=iITUVw?rP{0cjva@h;@b`y8qSP+toU_XtavAQcXJjLgy#npGd>1-`_>aa~#|0
z@?Ff5ktODr00ToQAP7$7H+aK^hlevTFn~QZI1=1rp-X`?-uXE{D*+QVb$)YmdZMki
zu5Lzgu@#UwvI~jqdpss4CRWr#1)uY>&%Q}SF#5SailRhIfGQlkNLBVjeLP`)aHx%s
zSCW(r8?j9o$p<65z2~W^sgMweG}sXDkDjAB4-5})#cbQ%h{Fu2ZZthI?_$*uDS+Uc{rWI!y-3jCpIz(*cONXWAGhk8gSJ(qMvcUCl{I#I{
zh{_WnEA&L+AfS^Bc;*3{Y&r{R)A#BiH(Eva`N(g(lBe-3J_9kZKuDY
zS%2((Z#@o~?RdIgw3&QsIZUAK(STKM;M@h5rtgY`a(%M;0>~jb2QR1H7~uHwG%9d%
znj$j{;*Lc=>d$WAaLY?qbGz0R$_8lNcNe?m9Dt@u%xOIi`f7Tp1VfHQo^K_Ti~xi=
zOCK1&n%6%PH#)J!wn&cr`yVA(9#%Y8{bTyIkdd!Sjr`7}6hWV>VrUEBRZ`Q6ObI5>#I+H1aclT-89MU+P%To&SZExyg0N)=?JY(56*~_S)A;oqHih8
z@Kl}#1VMQDc(JKU?H;IgCNxS5;PpZAZ>dVliHgGwzlcj=v%d&nBmWKUjGIyj?=4(7
z+gqbE2`)6`yw>@NUT%yTbkm!>TTwR}5*2|ztLrzl+XGY0ohj4}x>tX(^V&RyfFJAE
z7~}*N1V)Zy0w;pE3m`ln2f*%&loB6d5fGR>a^T_%-sPqMg9fGA2ivq@-yk_zZf3z(q}E
z(xS2f8e4C7H_TE3A!Z4t)KmrmYy#6q407~DAN=XgkD~2Gz<}XAcNs;?!I`tZl;@bytUeQI*n5u&}EPBCR<{BgmeqLcf{
zioqn5U34}vYi2q$e{8&Qkx9?`xAmkeuj$C>=t&_-A_{^%z1x6hKgY9RvH5tepk9^f
zeC6W0l9I~@BDK(kM8)Y&xqWa)f=uyGLtAiE(rdI27WaGlK>wW=wCj}r=w;{t$-lDL
zo)FPm?>a6uoMR>BtKqj}dpZ@lWD}t}625oTpX%-BUHAVKDo3uO<4_t-RPFu=LKTih
z{;+^5FDt7YY4gT8<2-1G
z74X#kFw*SsU4MVNSgDj~G%IeO+Y0Mz&|=#=z5ygmURK#o*gFZXmOf?U>6x}F%S6J8
zsh0))+~P_0@0~3A&1a>yn=hf|LXINU9j8yPpJUDJL*l)|+DS@bq*~h}>7@m$=TWi^
z;kem*Wm%dqD@uBQ1+kKwg}1ZotR>_lvX3r+H34LX@cs#KT}GsNR=mvasx2)`Nn=w=
zJiOl_HjQ6SD#LU_i_k8BFBTys0&j@F+-RL5=YO9A4I+&|S;}U4KFi1ro!mh|IVOxq
z!ZNU&r9xDAU~)
z^82?3*EpjND{XvT@O>ucu&Uo*ek4Pz_!ThiZxX3xP7hR+D4Rh6X+2>Oji_>McDP%|
zg!8utKuu7C1e(lijFQv(TIU1^q54@LUfD2}sdtb`!@P|g!P*Pkq_6!Fgq(+k=sUg%
zip-D_`hJIrMu9DNR0OQrk5hqu+ril^m9+JWZeyA4X!I-;VD3t^eRG<(HS{V_e%Z|a
z6fSxO$x6kn*fF^hnqKu$>Vr}&kt}4@Un}E8Q5?<|*5C=_yQru3i{wCDNKii3+~*%P
z%>`39MK0YtUC-a*R%-4KaR@qj-fT{E;o!WN4Z3!G0c?U4B4RpUK-A=&+?+6cN{ywK
z!$9_}?19P*QI~sDDajL8k*6@lmd(dLZj1VS-*fe+)UgK2@9Ao`ELN5Lg?xj&*#b&s
zNcWlolI|z-C|R1=r}QiG&SLsliLo`2N|g{HDDupUpAzezG&SfIGSwry^r>Dg!DZy!
zK^z^778E);MKWQL51~g7W?^MFX~c3zW_*8C@lWyu240OFrZw?UJ!!3mq#P(ECZbD0
zRU(M#`@I!#Pdi{%{3iD+uljPsKn`;@KVG=Z@|%YDX&1tDnsfMJrb{1Ti7TU@B>jXY
zV~(B$OxZEd3_i|R(P?eIr_wpt%xC1VpnFkc`9a;EvEH@t3`xqr6Vh-Zd{cN%yI_CW
zs{SVQ8R446qzoEFh!u9JxmQsjwm$>hiSCg6Z}f(rS5dF2JQ}4BJ0~S*aIu%=ivs7K
z-i`_4?E3yhJn)0Z#Di*8YO6x_EUE!Iy?F55`g(s9vz+;>veTO=Osjw&&d9&gMT=A#
z*QN$7#dF#5yWn}R6U>o#=m*x6gCrbjkKlnt#v|NOC4<{6RI-ppGX$Q+y|j4rfaedL
zLz7IWh!aNdM?3f7X3}`Bf#v3wW&AtgnQ`xy0|aPyPQS0EKW~r4_jBb_oQH1Q3Xt^;Y~R_DkoCp+74yR
zmSA7HC47R+9uTfJ`%&9-B2Bo$wIQGI*u%BqJY-zg3J$OceQ!0?9E6d`aup$RvUjP4
z=TPVHRIm-*UOkep`U_>|YrQW){m2*~ox=EoNlXcRka0JA3>l`9cAa6}FZljqa!-n{
z;L0~qN;oP+2YHG~cTQxb;0R;SHO_TwP44R?ktcjLW?&G;CKyv&R_dDY8;=tkI${RPvd
ztL<`UAX+1?3)jvk_jY7W&*>+gm11hjm%3`iBq*c0-E7}uAc{H;Pv&ZVKT5W4AQM8y
zXJuAk3)ac~aF`+2ky^?8iL%nQayR5!iS-*<{%c`HCDEQJ)CI@A`}i
z1vQ)({a#$>1w%Y%g-*MED8TGeZB}|Le@oueW_?nB@o5n7*bkUe-_|jIN`V&<(eEQ$
zmJa-wZMaHAJcp1H)j6k=ZLvF>CLhm%Jsh7i0r#1F;N162K#S|l*1|OWcWoIQ_Rp-k
zdoJid)zpw@8PAUvkA?wVYe#rLCKpy-qS`fL>r0qW{HW~tqw<{Ecdz!QPE2mR)sF}h
zmiF#}vN{>}?xFPe%1v8ztu?+km#nQIKi`fnm(ZK5V#|ls3&yE^;>dQVUrST^!;MSsmuyXS`z$7s=cLh1M~5th
zl*t39s$ANcVHP0?FY2w-SP#JE#_N)s-K=xL-h)aoM3~JUuf^;s^f-G}Pi+b^QFcrV
zt0+&tEFe0`ZN18r{e~0bGB72=6ozb!(1(Lp2PKe~Ax04u71c$a%4Whz@#suJNkdQ1
zrc*14A1=B6YyK>+$K#y>LGAZ>lFEa{m7me|G@>P))h1L(>S*bc*+3fN+_Tv9kucUf
zfG?yr>9_pm65QUX!+RKuJwLFIn5*8sGE&71?;g;|CG_9pzxx;w*Gq=;-7|KoA089J
zZpB)T3)H7Om{=$7>k<#=>+`*olUkx|7m6L94j}Cic95Pm!S_U14LjBxN^#yZOms&=
z#l8PJV}J6sH#?wIMJt>%6TkIA>OCxj%4~|){rVoct2I*h@vY#2h
zJ;{0?CkM;<`BEo(qK!x|jS}lQ@^4fj1aE4_C##&tl=^|8bAMBG1dnkh*={k!(`4vH
zwDMR88GOch_+D>|a`@}W!~T%_lt=;pJD4kxYEYin$HxNA?4AON=sPOy+skMg!gh@hEftmY`{UoDe&Te8)3vb}eqv_68{kY!_+xEyu5gP8{>2IhUuuYtf8!6nh>#gBL5hR?-v2t2
zW{Hk7N|SAxN38kQ_JWG+MXXjiaf96}m@RIbH8AkUCv9&h)@&}ZHfn&ftTT_OVheV<
zuOAzqE(TuRzNaZd(Z~G&jt07(%*QeO4JtM|-Vzp4Jz=mEFPPI!1gkk{jVQH+DmRjp
zTZNi$q^53TVVi!?OB%BOH;!rKp}L$Sho02LF4-t~hh1VCG*5;V)@i|AHaHpj^Xrh{
z(>6mQnE+J~_Rpdus0zPuSQ6y@Wa2qt8at#H0_8QFhN^v1!u3$&)iYdGQ>dp1V)xM-
zyBHpkl^19k4{c_$2=Or$lm*xa?$rzU5GmEkMJyPCwZNW?oo17njnTtO^u2>$Mg#OB
zI%v05O3xkHn94qAw>FTP0rjFKh8jHO&se<(gXib&oz5LVH{gEaH+^?gTvT+x?I@`0
zHJ*Vh2{H4q=>tctywH<`>`0zO)B8kBL|xIqcz&aZFIX%^y?E}Ayy%qjujN9mIaJ|Q
zTBO*dV4A3Kl?ueEl!GH7SBM=HtPWJ{aaD@M?EsOM7fW1O>Y9k4S#c_Sqi@$7t#2uj
zJIw3IJs3tN*2#)U!tct?XP2WpI5b(Vpl(A@ZtyBi>YrpgjA)K5uF(^&6cP
z<(N}3YX$@K)EJOb@qOUEKX2XP7L<1xO7ThJ<=?WMBQstW
zsd_~j1?=C%yKpTqe$MSZPLo6KsYJ#H{ahS1+mn5P+T8YZgAV>wqD7=6hi8btcstuu
z%*FiUj*a-{a@%-zOh2a5*U#=Sj>&aLCu@J1PEl)*^-l`$iChi$ELNC$6C;k(+!mfJAC>o3?6|h
zNG!KU)iyB(&FOI0Utbpk!I4=W1qi_xSf{eluhnXD5;6z%L(^r?bLbvKI&nn@PQHIu
zBDEP`=~hKu&B5Y`B-qdtAV(Ws#&$N>Dfo
z7vYte6rDPGF7iy^0%Igt9;=TzN|xU`^B3ok-^9VzQktqA
zaoC?OSm%X3{YDRu|CRm=_P`H`Vb%k0ZFAMn>lGNqhLe>pzbH@W2@_oQO}fs*l}nIB
zx1f#$zHX%V#N9$%5_Myh&6u%!n9LS?PRKR0JE0^|#L?pl!>R+;&|x1&*?+;{ISt7nSmLNq_9zNCtgwWH1m($O
zBHCb!p^84}miLiCUI<@K3lZh6B`LakQelt06?Nn>F<}|SDTL0G=;X+|`?W5|8>`;T
zQuKvejM}-c$v>BFWt$`O6D+(~iiWw=P-V)Jsrw1aZe8O0WoFeo|kSlVu&0!{QJj}ln4abRKYdyd!IrDY%Bgr*vgX7ZV1
zS#Sv%=s-7lW!a2MhZtby
zdVpa!|C<4kgq&uLX#JNW^gC`m*d=V}`db}JD^9`7T_h!~a63#lllFKIYq2fXsL)SB
zezg)l~rOaG4ym?r(-3M;Rgu0J3
zQV}rv6cjRve-(4s$1@^kcK`Ub9hU}l6X58tGoxbZ-(v}jY+?QKMc5Xyc|S2ujk;I7
zO>8dEi(BoqD$Me8FV{q<8TnqTawC2wPZiIE>VMJ|!h6bS*mv@G;GDw~_zi;SuPVk76aVd!GHE0`2xN*`!~8TCVP
zOJ6_SX=NW_N7MI(A^$}xpcD_QR#{hj-B}%pz$bm>kZq)vDj<7P0VS2zn51I
z2h8_lV4&*g`Tq@63v_4x{@_H!8wU|0IO*83vUV8*?xdCmX;GSBT?u*|1CT8>qYbv6
zY=K`-j7szbUGhJA@KP;G3ZfxJ(oftAM5Y5J5Q(KZVyA?nadB>b$0&Ph^kLQ~CE>dQ
zlr~>V70g=TjBt3Q70X_JimrCzVMh
zG&NcLp&6>Tc_`!3g`XybHY*95!Y_ZDiLN8+ioge}sWU}`NK=qvDG{3Ou~W_yg1+)d+3azBr=Y}MP0AkhpG1u-qT>jqQ&zp-j(nv@$(H1
zs7a75$igGktpK9Ndswamwm{ZLWjU-TAT+4CW#dlKd{e`-I+`{LkO4Cb@F3wEu^L4+
zs-xTMgkCM6S?!Cx$j`sviKnvf;hu=@shzi!bJc7K?0Ai8v!;CcMro3|c>5{*i@zY9qSJzonlOHAsg{Ab_ZL*!jV?AB
zRnh^)FcdR4{mo@yuG6q&!6oa!
zR_&;{keL>73I;NT$Grf%kuNaaUDPlK!3cOKHTsn&9)47O>!VuqR7s9_sy=tC8pvSK
zN4z$%?XQMwV4Q~Xy;`)VZwd(_#q!$C+9}tPsnFYA
z1hwO(e5vR{*ST|(@nKIYr6MWhbl=6cIXFx(EQ57<5u*s!F12h>i41=(px`vekvQ`^
zh(jSpDu_O#F5v_}eQ9+)ubrBQ_z`hpFuBEZEC##4QmJ94Qri&Nl-qQ;uu8+bD&p|?
z4Y4$3x(+hHqLm+jQCwj=u8+a$*lQ@>)Zc!xSJVCbHBlfpn|*55eaGHK+g
zIa9(;-q8%N0iQO1Z)frflcN)rt;S_@V`oI(4Cee?aHax_w4TsVo)C=+DaC}6#Z&yB
z{fF59Q*ng%%hYd-SYiykO}6GW$R<;XO-J^SD)7q)c69-NaKDT-z(|6TaNuEO)6sMl
zPtr#UV^7$b?`Rp^ES7z!Rn^r8-~Cs-4M9Qj+3jZK#f8#oj<=(6#1hovF!TnIxosD`i$iG6rPL4;q^UE@*G^Oh&o6eg!;EoNq*b=CUi3&y9qh
zmMSysqeObVHQTT1tF~TLUkr(oO;c9baJsh+zCA*cPd8-EvVa15gNyiDW4sD&TGi(u5
zng;mHNr98vUmg970CoM)vd%%&_)~@)-ih;r^3RoecA{~S&|FaEh98L};ApIy4JoR+
z=%|pUpqL2{7!i;7nxAC5Or#tVjAWC?&G=+8Wqw9P$jHed<#5v|quvB$$fp#ETF
z$c3M(U$xX}`2YjU_y`J{-85Wa--IbiS_xYPC8zwadFOR
zlJy+@H|k&VY!3OWXuAY7;hh#Czd4|DeLmY{d9c++*Y1J3Xp>ZsD^`>W4yJ8snE`Tr
zvXJNBJj*zByzx`s78gj>J9;(xMHEPbc&D~5L1>UnYJ-$rgTx43;%rBCb@gNBM>Jx1
zSXfLlQ6%=w$&72_-FJ&Zm}?k)V`F1NqpBln_RB;;-3KkZnr>cj-F&*M0n?Lz7I;<+d
z{&BEay{vB!X^b5BNlZ~q>s=`<<@erd*+UaXZVhy&0RuWW?0CFFXHoKE#&w#Jn2$aw
z^s{jSw!srFS6<+BStK+JBRAsKwho!^u=qq<2xQ12O~=r?SCx_*3+uDvGV*6;r2Sd8
zx=)pLp}t#pTo*%&Oy9*ca<@{zccMuR=Kp%GgN0$VoKfn(F+}Wb7H8fq%o=GW01Gix
zaa)6}ZkhN>p!Z0?|O#mn>GMV6*jNB>?~2)8NJ7u@64v0Af;?MWs1UZ?>kBUkO7
zp!+~Ou7!zoVcCD9j;wryXqq+aFpH;qX=5#Eal>_$20Lp}$@k8a_eHr&0f6&c!*HqR
z80n4(>8ErC1VhV_4AR-{V;(sebL
zzTT)v$Dg!U#D`y!TsLr=;Dl9xx=6LGpD+(MI|0qKn-h9F{w9G#(D3sZNRb0?IX+#kD
zo+JwD(=+QpFAOls3vR}|9mG*nSHJv)!q)aKsf}NMi+DNs@1u63GEFcTL)V&-&Lo$P
z%KYmm_`#r?}(v@fSyj*z~}w
z#u(!&Kqj^}lik?x3!Jt&*b+w=jD1uN~2?MuJ{WOvDq{8RA(b_dtRg-aN%OYCl
z0jG|8oaig9XNwe0>PFEK>lgK$_q=O%-)GsfU^cp1z&*Gh
z+Y<`R3{ECflw{0KD(PJx<8kC>Sn~yHpR7nlIvgY^L+^IPzr4njTN9z#dRc}9liGa6
zf}c{M3I(>;scQ970BcHu+J<0bWB+G#CJg|t2{76(8Kuwm3Xy*I?j49goLzXI_2L8Q
zz~#oq#y^c8mJeXJwO?iOIIYx;2}gGZ&0%6==LyM;3SJDmZ1z!d_w@A4
z9nm&@4}qek^8uyc?NH%v`>P$EV=+d>IV+9Zk(4n0E(6s!csM$lNvfrx%9@|2W5WU`
zi}i$GmTKKg3xE0LGcbHE8UMph>5F6i`6{9PcDB*wQmWYF-v4h=RY!)`Jf4=M^w;|i
z&m`e4i0Q*pTMLBX;j(5B$_sh=lK)~jW3+nLE5v(zIpJU=J9@^p@*kPLI42+^9r!|O
zf#tvlEkNd<`Fqi^RpEw!*qY?l9|;|u+v9*+L=<>N9GHLW|Met1j0WCB1tcs|KI0Ar
z^FktO3Kt01$MY25Tb=sP_O@rLVhMJCTinBf<&9<0V3%Hoh>bs$pk$c^P=jH|RH`&3lv0YDd
zz{g8fiR?ZY%@Sbp^_h^uUzQoAYc>4m56%5NJbXDOSYUX>`lfRK`OvA)c!}7JgA9Y=QI6;9`sb(}@Wm-OI1)who{fhk-hO{K8ThpQ
zqt2(v;YhUi;!CmRaE{U0H>aP|;zi!>S&!XBP)=&2KQ#GWj-BqT+$%ZxJ2s{b+M3*=
zi?pux`9Q;DK74Et;b>U#3<{ezO4zb*RqqZ;6s&T(xK>3qT`2!GmnFOpQ*KxK6Jg&%
zIwVf-*F96Z+F#a9Tc0EsnE+D86wXtW=}jBI%Ly6aB|io0>!lM0W66C|At%ZHYA$@I
z1Snn7H!5W*1a|u8Fy{LGMaw^ZJp(Kvo$L0ihFD%f?_{8L3K`?2{;hReb~nzc+6n+c!(c+!|hAUS7WO>OHs>;h#7*Jqa)=9NME+TSs@Ne@q8BR8TROtPZAaZtf2m83
zBg$Fw-Iv{*rpHS)@M?VW&z_wxF4DZ8Qy`~6b+?&t-zP^=aBbf*FK@zl1BD)M?)S!U
zN~`Tmy4+;9pPXg6l{hE8BzCYU@a36zx>LH_>O$y!D|o*0dS`>%Z?V+hxGU0yA;;Q8
zdBpn9`tp8Li#>BaxEFt(^%1K~-+$s?swa1Z`0Ib$b>S;
z5d-2AkRzGCg7o0zN&AB%*Ez6#^g?Si5O!15pM`?vJK`CeX`?iyQbuL`OA^l6=k{!L
zD)rBJu!@nLjZ?8Hcxv6I;u+kihyv>=_as4+A|25GdK?yw{tjtzcaT(H@$;q+7+)be
z;0#i>y+mP4%T?_6q%StRnBB|Cm(d@ub{Jvg26I3oP@2Wp19#@L;BE4nQm-Ive(F+#
z-AyDDJby;PwSwAD!B4N4PZ`Off*2E>O`bLUS<;O*Y#8=1Jv0024;UOTE`NO|HG1~;
zxT#>y-^hJd>i3)m$^;Bw+-H;-ieJQwqoEkOy7eW2KWrPRna=^9-}yN>3Sq3D%s1vl
zo4Mw->A-~t*m!h5{e$VcxVQj=;n#_hXiKZx({=8zgp-1&k!&81-au7|{^#uy2{`I>
zzJ7fohcAuX47xq?;Z4&D<}|cbz?}Qx?RL}r3jGrrdmeOa;O=RU
zmLbRWbj8z#oA(P3&H7f17>#AFoqb*9SNqUJ+mFVi(m3!Ry3uBcI`>K)dZ0r1U!%m@
zZ7n*r1`*`4cXGft5~m{LZJ6Y)pG-t|SLD;l=*uvcU@|@rSrm*|;Nnd&xBtX~v8IMG
z_7i1SetK*g^Ar&KvG;t^vP;$jbr0HVkWhr}W|&iM<`6Jp_O@o%+b%}c>Za&bp&KQe
zJyLn&Dqw(J_FaDu2C^%hAP8ginM0P`oi4hUCDoE9v*R0+l<3^Su7sj&7?!D96O;~{V;
zs?T@gM`hq;4oe9-*-#iaQ(q7l9`KrgPYMxo5BnPwPi!|0i_Wskxpp=>249}mag~k)bIbUHOr-IIdktlcb|RE*?WIK8+fdu
zQ11`Vq;xRv77sTG<40o-KPCDJNl;@YyfF^56RmEu`U7-nqmqx7uoWXk2vOZZ6WC;C
zU!tAwh>5XR6_)$UbnWkQdTmGRREBMp+PrIP+D~=S(9bt~$$9Fs(O78zbKr$2LycKy
zbK%CRxY4Uuto+0KzjaEiy5r+{EI5Sb?0BRidT~2HsVAJO2c*k0s>chK3-)}|MST-$
zb&OkDBJ)|0e`hiDxZ#II0lf?KZxvxugd(b5u^!)Ie$in->UowJkESg3-A2_6?$O^5
z)k`mbnR%n7U7U?HzE-`BNaugkNu)do@TOctpNeXfx#WCPKLF8kD@oKiCJi6j-$x|{
z9=5nX*e<201m%#{xz1BSbBuq7I7bu5dHjNJBwJ~R_qJ{$Q`JR9OXa}|qK2R@h
z#XS@(QTaNm;Vv$_`7Yh3Q*iB;k@JjW0ABVg6u#4eUgl|BId@GApH7`-l!6>2@YEZ2
zOE4BIvQX~NH?J`?cdB5KM39$!w(1C5`{B^x&pxY2hMLB=b%=Pfyq=N#~v@+T0e>L&gqH7Poqw5yVF4xuFsDfO$dE6
z*#vM))R6=TKhx`M6Z*rG!b40^7LURj$^TUW@@T8zTECo!Ow1lelE|>F1
zU6tG#N*En_B6vMF}43hnv2OLI!X;x-s~WP3aH^WSwwIr!*fxDLf;VSRXsM
z+)|1EvlSOW_GdSGhh(ui@$v%Ky?pXu{%guzT8F_ud&w>a_!2L)qC0w$2xS7(c%Q1S
zhf`6FZ;X6O`0B@P_v>KHu$-%^mt3#TzmG+i{E)I<>@ul!<6~N&TssxEm8bAQGA%AE
zwOyk&D1J)6u`u~u*9GjQ1`y2+U)Um)HiEbiV?Z7c7iedY(&whlI=Md%X1>)cJhXa?#Mzd0)J~;eiJM)8b~2T_|1&h+2*;D@O$!o1oz=u
z<2M;MP(S)-!s^~_#m|~VQhaIwEv)HxYA!-PI~!S!IDB6chVAW3cwdT`4`#`q9i7F`
z-6-80P`K9-SQ1aS#47>Ar6N9w9fPQei%e*?Q?)q`Zf97IaY~Fx((1kiN=L*{n~hsd
z8AhI*BK<`(HeFMu#c$>)lw*u6egf0Cp5c1}R>O>CT_5zM%?Nlz$jYHmyS{tP)65&D$>gpenHp>VcKdIT%YyJETlw^xa=F@7{%J2Vf3#TGuWi}8P
zP>66Te9RU0Y!h8R#o-EZ@_j)1iUB&Iz!!_ZsReU!bNL#)wjyg@P%U7YX#w=idyxJ=ugvL5y1QQxQVU?~NS;n3tP#j>{Hw2X4D^lIJr)rIDdua`ISj;5lmL
zi|>rI{`@^KAz4>0-XK>m+L6FIQtysWcX+xGnAa7X$;YcK^AvCSUiJAaf+y%9b-q8<
z*2Gwk_WMtRk|W0?MqZLzyuF+1Pybd$^4kgad%{_
zJ%h9PU&@8gT?8>hbJ>QK5dB_PEb09!s9wKvX#Z=80ClCF5-Llq
zIh3O{8JBCtyn&Zeku|dz>9;kr{l&dlFZ8K@FXhsaUBcc-)#j$T9G3mOyQoY5S;|ZE
zhO7JRVpH*Y`+MvZ+~~Zpgj{vcUZ2}li-X6zpQarIB&gjy2UQnoWFxeUuDUqG(=|v!
z=SQwvQ~`wvv4&Aw$#+__uT9&E5|(U4VY-54q!%43(Agp?U6ar+DfS_XP!_0Hc@}^O{Fy^6DPEp;q+t>2HsK`_oDWZU6KG|`*opvFym8cen1Uy*c;eaDKEBU1BW7J82I@pP{_9EGE^(p|5rP%Y-UUOLHnlT4*yB{vWF<;mBZ{nW5Ssmt>#LteVe)AxfBPDU=YAGT7X)i7pNBO;z;S8w(
z9ldOD@>h1LVnPdbt-sRYt$D-t=ZH(hZTM8E;$^zkix+;M(pvAWkSaCZGg<8N4DzkE
zW}7%8!J18*{ru60caNwc>X`e11j0Xn;0|rlICdVk>#IgXArT3m0O5m}iQq85EF=?u
z9qy5lkjR(!5e^588aJ@9dOULDIq%pKRT!V_#8!7aXl!)2GH$_2wPLNAwomF!!E8MK
z$g?Wdy-bID^Dgy$@ujs-58wKBYgfO3`%vdMATpGv@^eY=89ey@HYfY*=i>L4>9`1l
zQU+8rtNSa0`zf9c#lVlT?l%+@pMqJZ&C)H%{C{2@FA@N@e@4JVwj~S2TOq6HVMihr
zO*QWK!eQhXyj}=X1>Tnokj@+GqlAO|(J7IsXmzFyrfIjqLXo;)g7*9UnKHEjQU}^}
zy-W5cr3}a3SGMJEtZxYDo15h3!CE-pWS4fWNQ3c~FoF+Gz&>
zIZPKwxL?_OrcL=&Vn*~slZWjeHn1R<2}fexY_%!gLz0*9_uLE$BapVJRr+MsV!01ClR)?|t7Sx(C;jS<`+N!M%quuy*4-6V&W%Yb*Q+;XMOr0jc#llIfKFT
zY6P+^pE~_m9(rmw^CdSg&*eO8n?Z&ug4$!CL-K-X?xU+m=u_gHzS)%2L4NkVoNmq+
zL?qR(UVn?5TjtAtxUMVo*vp~G`(0Y7it=xcljS}gTeu(`7akP({QjSBmkadSHTy!1
zX@j}@Y~c)yEWO8glMIvrx9T&z6Dl}&=^2#_d^@o(3nL5yVk~SDi{EN#?QRneRLFhl`r>u9vAjy0=2iYU@}bDLMk=Am^go+r
z2UNsPoA+}&@(rE0Et^J`)6WhQ-6MW46W$3^%P7eUk`HYk-BYEz5XMt7-5lKvXZYp|
zJ@>v?+|IvwRp)#>qTzY&x-9s4h=AsFDYEfurfRj@iq?voxY&KKT2i-Yb>M!3+Wu22
zXBMxcGmorLSGtCL>hRf9x9@9dGi1dEWHhv-B$T4-+u6jqeV1$1thb;4mKBzqTO51L
z$f_PTQCSS-`c5lR_Ofmlm44sgH@P^k+%L|Gmr^O8$h~4^
zO7$j}B452MfJX_i|^g-Gj5DonJJCG8WgtN
zFW!5zc>PovUMRiGcF(i9W82SP-f#vhH*`&&uRc%?n06ff$Y3
z=Y7*oL!b4Gq|YwcBhx`^TzPKJiWSkgKq_Tf2^zKuorH3kqEglm79*o$Sv#__b#|Ct
z4<`a&)bZr2B($sNIndHLzMo_k<@l3krbkb}@u>9C_SsG+A)uiwf1nD$K0UkQ2XIZBp(eGJ
z_-^b^>TP8NTkcrq7!ql;w4NH9(wGyzeLp@M*4r_h_I>?QwmqHD@?Sh1us(TIUw7g*-
zprK^x;>&_FN^LBrHF^xN5jezx8FB1wYloJGW2Ho@WwCJMRB*&m0~HikQ<$ZhM&`mUv|wm
zTMJD`O&1!ZS+9^tt8>CYH4Sz<3o_vg;?9|yBk7H@Vx*=mET-)635`Tv&e<8PJ;2Za
zR()+(?-5AtF&FA@Z>uGe6N<&ygfpi2&pkbLAP^t|y1VswZg8iNi8~(Sr`Tgxi{?F@
zux3)JJ3FrRHN>o@sq2fcr(fp9^MqNX4$jt3z5LlK&-YaJ_U&;}_|01!w7g6QHR~~q
zjM=Efhb9qrk3vvqhjR4v%mxOdk^|-ZAnZ@dR=E-<8L`;VmMZOI#||H+^zr*uhV&8C
zqLGlOv#F0$y$zK3uNk7E9gQ$Rjc3EY4@q%U#nt|&|`
zQyiTLO^`B4FM7`(eKWpzc=NgY;pTYdRiVY!Wz83-@HX2qp~zqseS-uh!wNHE6}Gt#
zlb=`n4cs3>$?mziv#V9YJv!u5uQ&fqr#TUQh0ff%&)@}udTOzxoWHent}19
zr_@{;iRWWB>w3*UJe97F_FSZIyr?>6xF{dRYsDxdy7)S2#iKIy3
z>ufhCam(BNp`qszOorv1?mvT#K>~q_hd~61T7ym9ur_FY0spgQoHZ7cVTLCsAq37T
zX^@1?jew@vp7(+KuZLgZdHAOIKlSk1hQf)_-Cp)tr@>6kiYVqS_b0!;P6T$xoOm3zw$ylW
zYvgmP=KGL_7s_=E3*>FDZZ4X$nYG_j3W--g4)T2cDpEEu@Njjyt8XmVafn4!tlybS
zf_RquS7ZL@mG|Y<3z0|jJ={i2KATg;L6Lnl0&7i4R`Hf%0z_<}>O~w5yYUY6$SwD(
z7if=+Gge7>#98Jm(I>wA8c!K)C&G`IwBr?;?%*h1_U|1lMk432;Hi^EpGDiMB|gjf
z->seGfBC&}Ph+am&TOMRnxT{TjeJ6x3#R;ou0(G)WqVU3$@f3^@b*I1riR4QKTZ{V
zSR)#LGrIh__~nl{HY!R1c9lZy^xAHdx2Su-N1&9TJ#A8opeD~$zk`j4RZ{`OvgS47
z4kz1We2vyN4VOS0Kj|O>2J?v}hY(__|4i79QAo%z%WV_{3){64ZW37nigX9wKFIX`
z8x`@@K<@W7kK!&P`bS!oiNy?$-u>`?PIzkAHEiNyU&FemsSED6|AQk2yejSaH
zF5|K7cR0KdEo6TPfDBFV5LGYw{kt2^^{WqRiDslf86vL}@jxM-ynF{RY(N&VDmo2_
zcfEk}tew{447892Db(w~wUIpr0r7;=4ynzmDs%6v!9>zd14CWrPARJIWfj+D`JqA6
zwJ>Nq(#MI%*y!z3`Ujxk_u6GjAcSB2>I8YK_~>Y}n8jbq%h$qjkXrka6PN~iSlfe)
zRZT|@PzPFVOji%(Je)ImGav_;4(Sb!&lq`mrHVB?d8*eat^-dL_7foMdYhEYPUB1b
zu~vfL&8tAa^Txkq!*9_u2$XHn*xS+{ym7U^1tlbmB|poxR3)dqmjfo|#d@4**<
z1yF2K{{svT$hXLxfJ&Y3%V-GZ<>lE+PlSu}>GL9xanmEn;Bj0Vrg~XNsN*@;;0e;-
zVy=52iu~iOi#7d;!tIkAH*OF}{6Rc-`UR>M8;29qy-wNg-%pF~sb7o`1G;t3k;W%o
zF+jpURfV-c_Gal_b{q5I#>DIYGBcD(3n6!lQ0(M_cI3n&GeDF7Ilks#)UYFh=F?=D
z)(^R3DG)Mw4rm4ib6e?zgqDKf?QGz0i{nG7JY$8
zI#4dm^nGOfbP(C
zFl&RLeQ4N+a0qo=G~#{a@7;o!-O-s>~tQ!s{71dQ4TwKb5r?Qzy}PB2&2{nPMhLkP#BE4vZ%`ioP^T4E@z&#H@0*ZwJ3OscnUIhc>Xy#-4si|^7v^u=h3%$<(1?*de2#)
zdL`sxQT0OhmD+>#$2`Ax8+8pg!^vh(=6@M99@U@xc#0W#%YDPzhUydKv1-b|dcc4h
zHon=fcADTfEV)*H8ZTz`8d9g%20s)k^+mnzJ9)EKY*Xh^!w-c2TK$n9Y3^Nuf}RWy
zucC%io4-hieB`ANF3J>@PvZiV$_d3UwEm(XIz4%kWs{L26k*m;US6J+#gyn?9~49U
z8|3|8|5nBF26%?+UX3qMjC_2t`cP&pZrZ=Vh@n6Y<3=-r`u4%+I$1J(dVGxJ(g2oQ$9Gt=U_2i)zArxUGSa663|ZG9uk{o6FtO#Iy6yllIbfyUpI0p|7i
z@MSt@wxdVxz0>vjZ7&b+4NRPejXC|>D`Y1A{R6=2_$AY2KYDxbnmuqkohfcmvQpoQ
zF1ET-7g-pY^Vsd|B-HRaHhA>=!OkC;h4a39RUg?qxs~x(kryLiWqwWvAKJEv)-kiHU4D3tyc(UC?
z$0d=wz0;B2CGyG-Bf!tt-DyiD`FLaT!u`Nhzc^wOM{xXIoT?#bf;`3z$v-U`XMdv_
zKSdgYey!gma}@~IYdO7}?Hl#B)`q(T`y6d-3erNUG#0On%!VVxrJ2y%LJ>ZZ3bakW
zip~XsMPdN!aB+FIO^6Y+r4xfu=dQ1xNUGPrOGZY%}EHj3hULQxv{=a~V`FEY-e@d`3=0LwdSrTzS!8=lZH$3T`oa;ESc{
zY|l3(#|LfBFTeL{uxEI$jw
z`N#Y9&U7VZ2eD6oRG*ZE)|NlVs})>}@saX@>|d5*X_6+yiQCWgH_X(u3RbKcTzGiy
z5Kfk44*m)Yi|+PE>>M7pm(oTem;A4QZRZZO{
z6sk6i**`iO>8uxeh2~n9aI_Wx_;I|<@@B0)Oiq%pEA=K}fZAiX)og(EylWn0
z2#3R)=F#HlEVJ9DVZ)QzGr1ZQym$5D+i%4=Ds@N06;siS1Mj}lpqq9D+C;@nu??=b
zFseSNr%q1xrf7y65*L;Oo;qT8kQv^^TR{+?ORr9h0=^0d#^aJWix`wk3t~hmvNFM0
z%b~PJC;hU)tC8b$JtAQi1gj=FD_l){M(|BvuaZR3%^$eda0!I}l6JvcjV7nluGMOF
zi0_)m^3f~;%*heLrogmeQLqCbz{6YO!cD;-ET>*eef^`^fDS7;XqNIlp}Hq1w64K*h4Cxvk~rx=a>7mi*?rdsdm0_tI<*@O~9s
zFebuR{03OzKH=Q>+($mxv>C7Gn|wg+OLn-C)PIObdTIO;KMs?+#Af~|rLDSs^`8`R
z9dWa55qKL64i2OCW}MQ230#$_t~oRb3E2hGpa{C4KicZ4%)Fx1)|T(+trteLqy#u*
zx|*H2$oY6Uzg<5D0kva!25NkrdW7>12LroMgWP_m>xnE02v7_~QW3Cg&}eJkK)&?e
zm#}_2>$%eK%Pf
zbF!&bw;5W4Ow2WNGUC}hGVA7hLVmCZXG9g*tL@?!AV^pF*`QMogrXj35{^}w?VDZ&
zurO~aChZK|@5(y*BGEnYc!hFbv=9RzRB)0P|OL`Ywk8P-HuTxv+)p!Qu4
z)+0%23g(F+{4He~S{j22dxFQ?mqMrvgPbwizv$b#DxAw2-l=@-Ix+cq%005~UXjvb
z>jfw~{pIETcrKEb%A$9!apk4X>-pFYx`MYsCb@5rZY~!UG(tw=rpFe2MjqQOw<2ym
zAJ6ox`!1{9W<)z9be{aV_DC9a7GLTI5%*}Ze}ZF4%&l%z`&`T^7~f$O2_iN=d+;dG
z742&8f^`F&BTl_>38O4-k9jLo+)4QGo#p4h$(U<)?7Q&%k941Im|@yrs1W*Twwcz7
z^9JB5o+4{ek9y_AOP=ez&I2&G)QG0g#+gbkKCNh;n(a*EltU*`C22Hro)$j8UMLQ+
zi@@aL@%kko`2OJa&2)+RBAzR+10@X0zzE~k%b110X{nk(a`e66TF<(ACA_S5Q=v|Y
z|&~%_ObnC-^c3tJIta%w=Ve`
zE>CT-?``#4p4bYpbUCb;lpW&`BH=!gOzgpn-dQqs70Wggq`)_{!+jAw|~q@a&1&M}`wCrT}eeI95CD&)}0>
zcYWE)g)^NLNbdVVsjnm&8itYrFCd1+xkE@nw0BM53?b{E=T0xSroH3)T-J4F81cYw
z=CMFqCDWafEobWn7yNL8m^9T^)`V4m!q(s!s>PD9ik!kRmcqY~1*2=huW-O=ScVWO
zSEHP^*l)~kcwU-PlwNBm^5f_o9=DEUzB*lvmvFH1dufv5;Dn{P&z29b#n6g*Xk*jD
zRR(k7JT`OQS!=i*k1kOZ5|UewJ#qX?8r^y#q7V^qp3wUxjX*;U&6Vz2mnQW2z$ufH
zMti;5F}>54mr`b}Ap`I;hpz#y!+i5LVgq!-H=HKQ1+SHE@nU9WzX(3#z2#LvJQxI<
z(X^1O0u&urjW?fl?U9BmLihCMq3|p^btOro@BYUwClw*LZ&ux`6QCb>jsWLDT94K2
z*voSTKL~NdLlfNM-!Up&ivmee;`B<0JVNN^qyfX#U5ZyLQI;(Ml)drIU!}mpHJQQk
zdX2&dCUedfLR~eXA~LPWNTv`B7tC
zGK*SDvL8FW3?h#aD*pv!aDKhw2ahaFX=X5o4`(7b@||pZQ_&Jq=64+$KtTL_2*->o
z8#9jm^S^i*lmZ-%&F_V2$|CxfO*BRc=KbRNw)`(HG>k>HX?hlcj+Qu5P1L|%Q4)>V
z`5d}^=x!%)yX-i_SOQ6m@Np`ijEsy>Ed1}ConY6~-DfLkwfw|NDIenQ>+$VC`mOIV
z-Gp&5<)nhNp9VbPmc0lpOwgw-)HuRpj8UHnGUjf@O4ZgiamE{&_32@(IKQCy^*
zYLr_RQ!C-c7!JoQTw>yN&gBYv64W0Qw)!Dix?F+?&_s!=N50bgfMB&1$BD~NMA<~
zqfp@)vCaSd@3-hs2GchP5b6zVkc|eYiDC{DR#=EiNF{JqDy=GNJmLQT8mSg8
z1U6Xx_kRzmr@gW=%7d&+yj$Aw42P{nk~qLaew8!rO%|w}aWd4^weD9xNH_t(93ZZn
z1Kkk-I8x6$enz3lq`t=K&(wP&15Ge`1-^fAN`2Oly6Ze(=240!t=PjVfGX3yJbdk!
z88}mf2l4|SA~z4>UUzj1JNx>I2Z}&ZVEutEz?eUFU3$l9Tr>Qv$P?S@=~HQMGqVq#
z3GYUxNqiPs0vo{realTWL70sB#vP7~BF{69TBmB*2&YokFu7CLm{SbG(4Gs;3hK3eb|EBbVoE33=!hzz;nF0hJ(5E=9ke0cOz%`#Hnzw|KzKdYc
zMuL+B#a?+l2qtQ(%s)xaB)r4UIhj_Ww9W7i#(x_`OH=)uK(NNdee-KpR+ixN$?Mu}
zFh;&HAY{q;sC)$!U!KifU1G1#0Wc{*AqnvE649K4;{6tMFfl85v^RfN2Ch*ML4=H6
z7YBMCjtmS8`t*W=hk!q>-{|G3s(NcyYwDt3z(9>mzLgpovwmQd?_w2PPW{y2EfYVhEsMC5sH|qFby)$ya*h}
zM+xBYmGM%>^}xWuPmun@&B{4YBhSjtz6Pp&x5tXp*XSg@#I3Xg@o;e|Mc>@1y;ekk
z3aA(3B@1|<7ID%#H$OU~H5z~@mAwHGtDn=|-O$@67eFB$&d<*Qax(!4shzf_DO886
zhh+~8w6*={{qJGO9(Vwq$TEfdfO8gBX4pufN&W~l@G)wSqeRt~XLerYHvj*IQFiv&hQsxQDW6471&`0jN_8c=!x
zq*6~vCqi6@!OdPDlJZd!r=aqmA|RF9WoJGnhUmx5-PDV+ZqDwmE}!GDuv_x4JhI-#
z#ocCRN76_De*T&f=zyXS<9c;*R2r4%c~H&&oFByPq71L`nV`7KzMJ*i1E8@I36(jM
zyT#pb!#V{50qmdjN~ECAX|sV-J`dC|W^7Hw9MP|-D1)$PfUcC7Mbpo}y~$Yx$f$sh
z3&ZZ&1SrEapa)~{wa)y~_-9ZhSN**kDAE0R1!BM33uk~us{I5rjp*JE=wmSOY^Fxw
z6QR;I`1o~b9!5u4StFpQg6(>X5D4&YWu%7&+ht99fY44xu-+r5#FyH8r_rU5qn;c9
zv4y_h*^(7Dg=u1zkf5eODQ*4>SJ;#ql^0ED2N-A2oKX1Sj<7I!`}@^rKUZ;X-jvxv
zsn2Ht7%gfk@|~}jx&tUD1|19utNkIJ+@Oy|nt7p^<60{ZA@^-zKSQJox7O#r21T}#
z%QanZd`kY6>+mcnZ70+lhnmSJu~5$d(jpKBW5M8*IRTnV!S8^;mLrhBkdmJp(|AkX
zcN{jo8D7)t8YTtS(yCtDcfM8pP|%K2`_JOi+n2YLUpTIBZx`1;vv-yZI=g$
zPe&rf5O}Rvj-g)=;h74bpEdy$GX>8)NMHb(XR`vl8LX8kyv5kIcjPFlBPM23&=mp0
zipjA#x@Ed$%QlAG6+~y(NPrf?wTDpk$;F)48J>XThOi#!Mi7rXdj2w-B=rV8HgtHJ
zR>CdsXMpC-GkoTP$F8IcpIaLW11y3^i!-}l4rX%>j
zE&$&*nJQmxwU)s#hG?qi^Q1R#O)Pu>cD8f&5yQPd_#ck?uY^?VrtK!5eo+#fcuAMW?YxzAI9uD5n)LdIX}LwZ
z>(rTD*Erv%^=Ky#@i#{o&{$V>s2bF1NItr|^DC7Jj(UWA`Op(eFPjWMyj$cMatfQ7v7MC%h8)&#>}1
zS%z$&a&V~Khxwa65B*lzc}w4KgDU3w*4$~Ujx8Nb1!6F)QM7WVI4e3AYEkc_9W~#2
z*abHXeNgi)r;l2ptHL6`f+hO$rbO1!jn`5^axTeN^omVpjLfYqD4OOuYRy`(>H-;y
z*+168HqBVViQj5rt_%XxJnnkrE-TjwsL8B3V!vfLz)nGFanUwB$W%5*c=v5$@?w{1
z@8{CaWzvHo2HabRin=l`V#A;G2r5nQvhKk`j|v&SNSPgw(qMHnixMkI3F1lDm}KKV
zg2Ze{&#Q)|W18ST1FVb#8J}R^b45{#LsGkY^~@W_OF?J_`1sdX&|vw4yWbg~pBga_
z!aTO3S%VhUUQeAbR)!;4n&~ZMd9x68m}%>P(p<{i%*o!sc+eFH|Gk=C7O*D
z=-iC;Y#6X3D+xFC@CQ%ohAl>Iq2R|Pe;6l6LlRR(9YZkk?_jnwqj4Rs
zzN+@^%3(n<%c(QedQ-bf%-e83Qc*-cL2IsoitqDQ8j-_2iuW_&&2Ly@((8!)R2>bM
zLbHAgSNVTej>;2$rl?jWjjl40ox|0O8JD7FD{*)3R6Fcp*TL1(Oxhw2auXZBsL^=<
zn`S6E7_Z^+#_pi_70YKa>r98^0OJ=qWrH#xs9^dutVTJOr`vAC$74j{*phmD7EbjU
zOvL<<+bKZvnbaEs6GB83H0`lBJBpP$B}O$=t;_P)_+Zjp(cJm@Y;JaUvyu>peNGKp
zhX0BprF&jLL$!81{InXFaH4gYqz&&h5tz
z*{fOy=$Ry=T(slJieXM^@ZecBt~cN`b01e=O9saM#_Zi#IE2_gRx{|Omd`pIg4#PM=_+fjP$1HX^opK^~6#REHTVV1G7RO(8dT
z7#@U~6BZRX`8I7ed50HsTkbz$Pvo>z+<7Hb@PLpI0U5(V>|k^0k1a8;F2Z&yBhFJ{
zbjz6w?osGle&TRGJDow;H(o7u52C18l*gdn)O}TSONIUtGct^TufN}zxyfA`l?ysM
z)jUGIVnAR*!Syh>);di>T-o{bB#&2;^9I>a<1V(xh+%q-Bu{kCJgH~UY`DUHq}<&sh7l9&fg
z4E8)L)4Tih#L-zwF(kbvlQr3X@F0{Oah~pHN}qE^8~^zWM)|P$9-knXQP;H~(P=Im
z??)+yOu#LN?4T!gQBA<*d?wDRFL7Ucz`&@P7saSo6vboQurXfF79Gx&7RacEOrt|5
zR}wezuS6_Hbaid(F*$~mAJ!^|qT#LVkl#+Jk=^u<7b^AuzgFm3KRVODrJiaA7;b@S
zSUKo2utFN=QAa$Fw~+M(v~=un*BFM((VGe(9+iG`Zl@t*e8++yiyH|Dg-MIx9IrD$
z$V!z|Vd64K&(l8~C)hBU-{&oWvEx{lJYC70u5sFY1S$qt)l)m!K7%6_EogHHvIbqt
zt)CCXGrQY@-O+i}+bkHjYbtuFdQ8rir_`
z>L$22=859gA>SrcsvjpPhoIqAav6XzpTuj)n{$4MJAS80W;ksKB=o~5_<(@>3(%|f
z>{SbZQVF0L4}X?L!TV%oIr){Thr^h+6DAN8heTmLSPplmXlo5i!m@&+h{
zo+LhSrVzFK9+!2GV$hCjr^dq~2{rsrh(2=kiD%>f*B88J+ncTX}X|
zBexGNU+7QB>+dkkFUij$i8fXcx>+b^Br)^@1
zjfE(ZYna#hfE3iDOnE$NtQ{&AZ_sl74h9TfU|6{|n5{xUE3Wt(oX9F(&b
zqM{FzZSsZbA9;durKDbfJP=okVH!62YBK^L8K8mXH86(1+~efcx$gu;lj^m;`^n+z
zP+*i4h#GXqFyFLkxo*1=fU({Ij+I{Es4UWwXbkPnfxFg4O?daGp%+${Bpq(23D}ap
zys;gS;H)#FQV82nZ=n(t7ABb4qgE`GiAZr!A`YVZVZ)3IJqqH?&1*&rc;+g8~IHN
zC2D_gl(w$8VGsJ%Hb7Xe-=2o}u54k1^gH(u(D16ee?5qHJs(#m5-yv7q5LeGAwt6a
zZMSjbmj0J^hpUT$&oX-ph$u%*Va+&_BiIHj&g~<;^ZqJtsErm(n$Yxa#_Q!DK>T#K
zecE&(eFf#DVg3WBVi@BScT&&sJ%OfQUt*i~B$JrJSekO0LF5PLkqwFVH(Q*
zqNl!{wrBYf%x+L8OnMPK_caF<;+@+{BgBkQC$$W}AGbpZRY*u7eF&sJ6PBb(Jcr1e
z6@-BKtPHp2Xh86ZFD6DUgvUDI_4iq?v*!gNO3dt3*f7vHB{CN~P
zRbgib>w&@W4|2iui;w7)m`$PLmOV|nh5EZ&wcE;gicJK(1CA2b4-^j8j^wkS`?zzM
zN5!xpFkRT!aG>X16Ex2x9~RcJ+UU>#Pm{)kc7SV11>cDrD!E97XjFWtsq@9?BjdvV
zfo2qs3wv9)n3P9$1n<Cn7Z`MMxFP$j8CaPtNHwI5
z{6Jh33qsA5=!oA3V=4f}b5(XawP@W`paBz?M;Egax7v&pTpTY(u3&aA-4J$=|q&q+Pep`-kCL$Hh
z@6&m*@}iJ<+|~TcNI)u#xuc%n`4H+E59UG`B#fd%sE?7K-U!!IGZ<4UbNqS$Br}52?Sg6as
z2Qfj)-22y<+Vy~>yls?Z2^p8*#IqXK`}g6Yrqq%&%13w!DVSnrrMiW&tR
z&P?q-&(ygRA3fgi{xN%z3T_4T^R@bsYQ~xi&MZJjArH`x&wqk-vXU4@T%yiDaAMBm
z{pfU)`gK4-vnLe7y7it3IfOhCDaeAi-i74E;B9-on5p>+fSnvaz*mHwuS}!oRA@Sn=k*q5Np84+&PBbcl8eg51
zFFl-!hJ>A|Rmw#rodolTVVWPo;o|R2DtC>|5-gMH$LdhhTg;Jaz+h~9e-cj
zBN#PO5D~{FgH>l0x!8*Hn6fUngI%p@NLDA^7FINOOVs{p0<)p`KZ`RO9`x5oRu<`K
zqmZq9^x`|1m7y!SSva!kNy;v7o6;Umy`06z;aEwhcmB<9AffeX4FLgr@#~M`IqVnv
ze7+TjTGK-&9gRQmP9>yU9n-ykpKFH>7}!;G(CQU1F=frA8OD+!ubf0x-)Y~x2mg%n
zeC+kowLU6R6e!E^M~Re&s+`{^ardEhCETdqVX1#YBIg;A0#WtNS~)HMe})(g#jmc#
zJDSKR8&XpEaS+dGMx2$WBLTpd<9=ApV85fJfr@6OrU+LZLe;#X&=`S~rp4vw9Ln;UIGtOWe$tZ`bvMs%=
znE!0!zEaZ`JGknm9x534zSyU7ANR2QZ)h94XO9|sE!|I^7(4WR`umP$HQ+}I+cbt>Aq3pIuy^)Q(R?l;dv^Ho6X#
zx_w=jW2TS><7DD5%nX*E!GUiMAts;-=C4~qePl#pejva905~I9-p>I>1fpt!U6UaY
zcvEuVP5(8~6yR*1G2S!=*8hyQCPWRI%atzdDbima#bEGV+CZiCscnJbKhr=K8BJW0
z&Qi
zbHmn;HN>>Qd>6E|Og0eX)}eHdj1+Em;6E8*|K}?WGU#!s!{?CqT%-%T(e{=TS#
z0Jz;xSxjUyP>9dfBZ1q!Cdn3Ug)0B^GO|q)P@PYrF{}h^l!$p@&&hflkMcNv2%YDS
zgXG5hisKKWO31B~PjdfG);QQ;_G|4t1TU{Sc9#zFk%mDss@z^_Tn*|>?d&vh2n$&T
z>q-ifj_SXI*c1#7)~VnJ&yJ>G}
zLFo>cIG7yYGCzt(62XN_+X@JVGMMm1aP-CF{yoSO8dZvMG)JXB9pet4IlXt*0PtgOC|GpK3<^%Ix
znAlUCVBuELfz&K*a
zPw=oHzAGUWs>#Q4asOGDfWt)MLSK;tK{Z#V24T|s{qL6HFxaK74vVwdO@E^QW_hUs
z7~=AAW#S-GPMlih`Mm=bu=^Dl1Sdr{7FLK}my-H_*6ax#`6LF8g=`I;wTsgtN1yim
zV?daCfvuy3+!_1QefbB?ko|0r|6q0xg5bSo?0*-zFOQVLQkb|hkDG4T)UO`wXs7F4
z0GDLp4z86qwVEeY(aez|#r>a0F;4;0-G~*e=3ugifx^$NZova@lR
z2C=D%TPFQu(TuH18R*9Y!)$}?w$8&<|6CvlO+a|(K`Y2ScDitxys?|zkgl0?dnWkhgRR7?H##)mcj
z^?)3IPxK>s67rQq-nM~Eg&nQdk%F1-qY3R-=`__?|BtD+4$3<0w!i5{O6l%y=~ARi
z1nKVXlnx0==?;;S?(XiA?w0PZ_u@I{`JH#h8OJ}oZ75z$&Fb=x!zVB~9jH{TA*?;%nyBgh(6{b|j83vX&hQ@WN8PD^iA44KvUO$j9GKQ*a;If9%
z9IExY+t8~S(uD>x8Lo%V_WgegQS!C+!(gfxpJzm!ht={9`=@VzWu*r!I@Upta}`D&
zYKBpM0{Uqdl9EbH?Em}1f0(!DG7`I^6HLDa{qzjZaU-uia-hIkk7l>a!+0feQlJjO
zR$)hdQmgy_-N8FB3pI{$kvsEZQZYQzaUt$Qh^=s-33f(g^Ur7o7%2IE
zsrGmBG5`0@WP&p6WN%fiwKE6
z!cro6AJ{$?c7k^UGZv5g`PQq`4Jf}=uENZTv3iG?{SG%u6$U+x&Ik8R#4~Iz{J9HW
zVZOXNYm2sBBsJGCjLcH3C$-FRrwD#P#X4GQa0D|auu4|Yexn$eI98egm-ioh*fg^f8I7Q2|G>^@$|25$X4BCKf!yiZjmMYd9MR->gEK=D0vIUt
z=VVzAM8e*lAccIf&KBTP4-`=XUw{liDYZp}!OOM$4iXJrk6W+Z7c!py>o>3lk)rHP
zix(ipfeK=^W#D_(Uo@rdia4CkkAqx_CUh&p4}DCo%zJ})>S6Hw__;^vx1CnQh9ooe
zU6b-}#K3R7znuNvu!1`Z%mka<&NkFU@6Rpz4s$l6bmmR}O`rKRyY>EJu`v`r+?#QwfLV~$k8GFmYayS2YLPdkC%ImK-R8DqELpka_^G;HDmH4*fe_j
z>b^i-`;MbyHdmg_QUqCdyd+?M6%8w_n&PjrfP;Am{T5g$jfWEcL4Z3G&`u;lqOGiU
z5sEMy-yv$+e$f;u8DAFd^$
z!v$3yY9ZQyBWQGG%!B#e0!*Ah3_2qyuv>KKJg%za!(!VvBbzHXq&^E
z`&+HaG&PhWW`SZCn|tNv)&P3P&Il1Ifw+3VDoiyEdJ9bp*mDaor46z{9gdmx35GPu
z+$bH?3S^W)OUdMW)q>CKfT-CLe1(VZs&*-}WI$ntiwSaLV+oW7_NR-=w41ns
z*t4yCN{^=2%g4~ifA5Q6RsdP3lpp!IpT;%~
zfzRn+l!@a~maZ~SCS!tzEl~I$7($$Nq7d;_n~r6Cf$KE=t%VUn?FXJV8o6(_+^G~o
z2&l@xC4UAJe?!ns4{@=yUt72GGvlJNN5c|96~Q~T%l#t{qeZ>8yNfHdG?5=gk&{Qy
zWp?A8xxgNeBBlqHITNZ%EkPGTX4fyZl=}xeY;Vd#>90q3-C=@pnn@lxN4DJ^trCoZ
zq#lSeEr3ir>tl<=D1_wno05+t);THg&9_%h@Wi1$kkG^YN+Kt`6{XeOx
zct9x%C~FBLq82XuhOiPfeQR%wXR!VNCN*LZ##umW14c-E0XI8wrcY{GpzBdUZ>L2t
z<{wN6xeoGCjWfUu`3eQ#rBIdee6^!+dNi3Va2}-n#o!X2*rs$pZr~5K`Mi#TAS&Ig
z+0}r-2TpV|;_Nb3;U_@;@D%H`LS}aaYH7C-Io&U?IsWYa`N;!n{R=r32iZz4@U}Js
z67MIYrns`!9XP5mFxuB(NS;EDQyxLa>xSuY>xV6aMuMW(7wE7%6d?y;QAxph61oT~
zuHZK(S&Pr=W#r>MHAiUb@M5=r5rn`}g-rV_FCbM?ygff6=qn>`-b7F=uKInhkS+_C
zh0%%*hB5|&=MN`s613R_;2S4s+B@`R*(m7xZfwAjaCoqPm?%lx(@_E6iMs4W=i$^)8@@SxngAvL=Xv!22`%%5eZZw)k1>V1R=UaoB!nS{u3(4c&
zoWN;9S}{KX)T980Z-rLi;~*BKD?<4f$HO_cOFuhg-DWp?@GJoz+3w#qJJ>ipZWtc4
zW5AXzpob7Fuvu*flYEg&#vJ`w2#CCkmYY(I_)LN1%c`+2Oj=1Be+z#nvoDvbU+fUr
zYB7AFr1TG=$_u=~0tMwWhe1^M)ZQ7U%W}fz3T9Sny?DnQ%kMLQ8Ba1C
zJ-}jpFFO#MkI;sI%Y
zD)8w`o~*RwH2GpGXkTBM)Y&T3I+^ptc2%37%+HkRW;PoSUFOSEv6aiGOV^qzR0=;!
z-c75j68k(hmSM@7ZKCb!(^QjnOZ()5Y_?)GHXH?v9fi?e@Q*T`SPt6>i>plL&%b3c
zHKUu<_A==sG@>CKZy({4l1R*~#l8QFDyalG6#&-`zuBz2gdA{)n}4ovfd
zZQ+tiMSuf!JXH
z^U;kZHf!X-Fv(t)ALc(Ht}thdThx;`y|opyCS1W`iYT5OiX6Ip2PZZ|oF
zpSF-8Lk#2>G%dhAHyZoO9qx)WV6wbY&N7K51utd?nA;YCNTB_tULjHq
z_6Xt2P++JWiBDXcr($G1(1#dQOSLKtVCg@^b-ot4iy?IN2D5+3m72XRl&4~tNxp4c
zjUwVd9_$ab9JO~Ym6R6$-zI(|#&-gS%UU{!Mx^IQ^6hM+^F1u`$49%-Ood7xpVPk;
zI)b~OX|MK|Nnd(V;WOau=k;sei2^Aq4HAI1ZD~Ex?=4k!2>@into?0myaJo(-uU_g
z%}YYHRWfV;Nsid0V4m
zq|b&q_9UX@--^BlJj26(;rKJ@}Zg&VvF)*hWscYxQj-qGftWw^h~
z(fsORPe$R?C;MM={~Q{nhhcss{PAaJHQukTG942ak`Kp|PGFP@zv%CAQvL5Qp41*q
zrrPL?jL&yDSZfX54ZQq@y*{W?P)B-{?)*o|PbR4H
zOt4CKw4SX;V9~B^Ha{T#0&S%nheGYk{<%SA(|qcsvE$k7cP1zjOF{SX1!MVt#e2Vc
zYQ0fZv(;yf(XSq#xaIgf~!R|e&RbqAhif*_Wo50
zv(EXAV~IvkE7txG+{M>M=kNOGhQ|NxsQui?%N!!(ap)+o!ja07LL?)S5XUobWRieA|<(+@NK(Xe9
z3zHCt!r8?0(?zOEVp(Gjc2B^#f&7+^
z;Eyl!CsHUVG3n(xqifp_A3hW+!E34oJw^L$OWTRSdHr_;=7I2A-Yb|Q@D9g45ed8b
z>3nFGJaIz%gogAW>+={brW{1UmVP}
zgYb(n5bxexZo41z`a$)tq9(14>+upD6Gjb
zx8ydx!v2+>1A(eNgm%Vwo75P(}gX+tQ!EbtRx1a=_Ep1K9g){n$#W2Z8JwP^HaMRRPj@pM$I4KGyyJ_
z(yzb4mw*r&FVI^79bg~?MVd+fKLTreDp29=uJ)Fi?J3-UD3?mph%|)ZjQNZ=bzKmB
zqvVlW>#pdc5IUasXx~+@G`XQaHJ>uxsyX|^T*&cSn3A`@fjCFS=PXYg1eo*;4`{df
zB|;Y|V5^)3Ks5RiB4FRde#X%$Y2>oPYBe}exqQl3$YlQVTM{TI1>H-zF@Qmfxd0Fa
z#=t#D_8Ez#L908})T}ncpjmaimIQb-Z~W4q2$*-Efr>@~XYlJjf(NGDR~fwB8JtC0
z#_vLr{ffRyGP@u=3V9#?;#C@lG06XRV<{KISttOx)R!Maz6J~P;~j%I3o8u0YAGRy
zLy?5ro6`zrsbWw>0-F;+0i+Tb=RqGcn7{;1f^d|yiG8~)0zJ9zP|h^Q$biqlnj_tr
z#AZ16W$pNKZwfdbj<{Fcy4>)=&c5p+U}Cyi_0e@({|>AddQVX~P-h_?;B)g8NT$f&
z>m^mYUzpH0d)~22!$uAiazfe80JztUL`el!1#+18Bn{x^rNVt0H(^?4d-~ggyP|tEf-;
zY+f}2r8E>ES!}^KFIt8=IL&0;er;#H6V%)8w)mJLQoIr2vYoGxfh%-6f|EMySvufl
z7}Vmbr`sOvrL)p#9`SWz_2R{|YASXFKhCW}Jwh?F+3Q+1Fxy-{gGYLPBJ;XxP^a1M
zILB3otdCK7wb^}hmPF`euJS`z@DSR!x}m+;J|-#5Otj;R*{w{~XO5GaL}IV~4t7CZ
zFO%g#Di^hcqPzIB!V)3-yE$7Id8b8XIS>ndAPc}Ox?fByB%9a(QGy1+S7+#
zrL<;e(H3|aDez+vR3})k({Z<$-%zK{%xrSCVJm5yI=WMd`bx|%@R!6;M)p5?zb^#x
zBNmPPBcOKJI+H=Y7^Kou(E)VBp{be@_*MZ{He{(R4
z_COL4cjOOG><01Oub~wdylO{*dFihxnqarKhJeco5LLJR4|{%SAR!O1{E3w(d+yg$z-}gkmB_Tq(KA63ey6IAq$fn>Ghm=
z(~c5NRGmlOX!WWOt!B2x(S3xeLguM>Q(tls8!I&QyG
zl9_|889gGG=)UCL?;R)ddxLKRM|}+*5lSkByFn6aHn0)vbk3twxxuEqoYK
zm}5|9H9fCq3BEjhbjo=At|_pJr}@ZijX##ezQVj2*E^D>dxH~Ds^k6JylBZCIg;pE
z=R{RA>FyQFv3!wji8x4@_BjpJa3;~IHR4(r-8V*-MNOSyHcWDngAnvft1^`*Z&#Rv
zUOm3-8FzKqX8L^As=<&rdT?)GxN|8_#G1G}nqhNu`6TT1zS^zuTrR^C@+n`UZ^w?+
z6*`I}yY|MzS*_LR4N})x4t!V1r{ve_MGt|s%2bNDZ5_0&QTXqXstBJyq7m`MiSa-D
zBn66OWk{}6EH&^%ihq?%;oJit^^lKtKj)i`gWoU_gx~%v35v*+O{Xr=9{xRBswLpK&k}NVw}u?s)txSO|DFLmo>trb
z)T8VjTkBK
z>_1)}?zK4|sULq&Tov#+9?tMBvArfR5eRC-y}!;5@aTQy%>Od2_l-#B;6{Hn(oo{E
zY_VLbgPclkWOpn*qtVPXZ`k{jEYf0v!)t*-$_Ocsxi;14Y$lff*E#Kje
z8Gb$zJCvAW4KU@mC2XojciJ)oWAM
zfH8<~2jSviS5L3^TO?Lp_!X(8rFr-&{2m6lWWYs(ptF@hl+-NJo-+qBp|XY{;spSB
zDz=qeu-V0Ab8(Fy4svyRrj936f!2ka%WBS74OD`Mt2yN(>b!He`W~AnC$DM(gR+D|WI9nP)W>dA9Ih1dFgIn#{-CLxq6p13e6
zOhQV5Jg>5!$yyS!!!f!d3>ZWhPh;Ca@rw`!rtKrDvNt9#V1+PO%*FJnm`zCZRE
zFM#BXWs6;PJZe-w8hLUg-&1WwEnk^n-!9^EtLIg+w)(-y=HYK#coY1D?sPTiVcWua
z*hOs2pmOk+sT!n5q$xFu`gf_6&N+i41Ri>G~Qwwh;`r**`vvV1da_4(ax(OC29
zo>IYQGLBh&af7n;!FYyinOrf_1O(O>@e(HW$}M1LSSi;ReKUW1Ii=v9$)>@<akaMt&WF*PQ`o=GKr#T61i&Om+ig$OcNvSjSV-WZqD8ncl<;yZ;M|dMzf4U|o52$K&#S-+40zgZ6Rjwf3q`+rI7dFbd(B
zj3mCK8inU-rKOZ7o|;j1dN@h>3mU5*Au8R6fyr2HW2(gnXYuUDg8UqI`%%nd
z?c~0}DBc%f)U)g1$HZT>ChJntWaYDd+}X&(=E4n(ydV~GWg3_Ws1LdO-|7>GhY1Wq
zpH=qj8^}HVLkpbTh$(|`Y`V)<(777|NbI%o{e>XHDYrA4xMMLm@!YfHxf8NECF<
zfSPF&xIdu7-;Ob$zRGF
z&5uF7TbK8-2o5mlTnOc6as^u0Ysu(_;~zzsRz$B0i)+QhaXU0e(&B4ebd+~4hh38c
zv-&jHx=7VcbvW{SHTywW?hf~;tJk^i
zocamQ7+({*bCqb0GA>nCtYgcpJ$75=S&YDq)$Um!YKHo7mlAWkNG^*<*)BF?6J(!F
zspLu#SVc%Us$H)(I>(AfoPNJBJ#Dm`c-)IQc)g`nQRc*-
z4kcjS8Bh(i@bgf5lO%dx>?M75ucnVH2c-}TRy&;Ub_+-b<=|a2%x-7SY}-&wxh9X=
zgIc`DcrsM3=_RC#5VA
zid6?1(C5V-gO~(rbgXX~jA3#*y1^83f18pm*qXrK`H)Ww!d2()z
z&gCV@BnfxwQ4*-MpLx=_iT#RHnXgXfxsU6BVntkQvB3N%K)j+y}SH
zv@3A)*E61ki&P#U9Zcl$6z0f_5K<9oA>xac6(T3BKYJjpz84`kot|`0Fp5LWkz8sd
zBK%Gfrpq;)_N>kmaQo-C+k-}xuB2cHTX@ZU!JO7>B!78Iy7-cNLh^hv=<;!}ARW7c#-}M$o3MGUtGV@o9
zVjk>pCT)LU03u9B*jys1zL6Tfk+&~%$6@AsWfiRXvb8x#4^&`B>_aSPmQSCNUH)rZ
z2Qm)6+XgE&$riGi7$!uWp_ElS<1~3z74`=0h8P33cp3syngZDWjpnkAI7I<`%A-|b5KmGTFnkw-8Hw???(ccipEjx5bDum4B
zsJZ@nW3~+T%B^8O_2kXiVWRb*?JDLs;MlkPW}Qg+G#5Mea=l4w08?Qu_I5z-~gYQ)-a|Cysky!2qyh*04O;<>sh2Ei4D1kU;2
zx@|(`u8B%dKeg~};cJCHC*V>~L?aLkvLTe+5O-hq+)uxZV>LeADp`{ke)|~Fg~FQQwq{Y3
zN+c%vnmUxp^`6s4{PI}*Yz$tTQqC5ujQ%!pDxpUR(@=3gZiiArjk~f|4vL)=UH(Fn
zFwfV~xULLCEr*H8LPFH}#-2K8!8EBiwR~oKDy>p#O-NeuDV&J!eP`@>^=`Tf4yyef
zMpdAN&}f->AhGfhNZTU%9P>!ig81y`J|rF~6k{TVBL7$wXIuy5<&t%O+b~Mpf}(`MNVHdGbjQ
zdz;*$5?f%~Z!PJv)GwJ!bWJ;r~rf`|TCOn2WUbXC-VNEBm_Zj;n
z!nEY8W?|*m^BtCO69X8v&omA{ooDGfGJ5}!m~M(#(Qh$lN5FaB3tB+zc?Yx(#!(&o
z)@|Kj2
zg_9GqmcPC8xX;p>gv0nu-rIFt6@_>359R-Z2ho`!izoW~2I8q)WZDTM^_eU54G&QI
zAo7-};gtvzc9Rohr;d;N=*=*T3pbs+YzTtw+CbLyZ~M2s#6csR7F~Ix%wyQePchZ8
z!6;2evK#Y8?f5jsdqm6a=5xd}aeF+qQal1lBk;qQXJh)1#L#4M?vuFpQ%Lkka*p#r
zn=69u&C7(;;GK|$7-Y8XMAy$S8lxOhI~_JT82d-L!(95|kc{UjnCG3-)0Y(AgJJ{i
zbLBO*PLLC{$yh|?NUN4mOs1r^v5kf&c(!p@^>BT7Ih2yl(MGO_bnxC{-)Lm)(PQR3
zKxKRG-xM}m*qj>emuAjq==y05SE)6Xp&;mB%rrjtaJ?)Od0QMi=}ixj?@8Ns%(&)n
z-^oB2=k@Vtwk~W!+hE+$*!q#va?NOqcX&%Kj<(z!FUWuJ$G1P|=+nT3i^hK3J*+1n
zHEIpPj*C2LstUPpK>+F>+%3{;%PqxQ>-LGYbeN*utY{vTNcqg#%+e#^4)IA5ykGuu-`$nuxWz^!LdDMkxF?DM!Ov_
zXs9>LD^N4)Nb5+SVg`tRv2j)om1lPddqhtD?|_RG$_7g>VGQQ25+3$wGAGs;5*nV$
zMnpV&hhtK$f&LgdABV?GgOpx$*Ot%{c4*;yy>^H{?8mn}V_@?&+o<(H7!9pi%Ki*I8-{UgjVb;HcgginP3|7Ji;q``QNfdI2F*f#y()v?%KOyD7MNM*xmfgH%;QTzhNRb%u#5725a
zi(b|PAYF*G<0>?(M_PEouedAp2sN2ANHh?_z&<@vf3v$fwGsxFI+MBpX1NOqqqi4|
zhyoWQ);maa7=kaT2x0+>2mt;Mx&B8=HU@Z8=>Bo$
zZ*K?R(Mto}bVR!uzaT=#en1EUC6rt`=Mt|BT)I_0Sm@c
zqOs*AKq;?};jNf1K?_gC-wh7FqD8gw*vq
z$FKXp=~}%kgv>ixOV;cTZU_!C#;@|3LJ{`D)Pl^jWFN|2T{8#7p?sA8`Rr(41WypO
z12Q49x_BNj)O!kd)yOtsq^RY8P$T5T`Z9}=LSnSr5DTvXmUfLUjEo=q2uz$J5}ys@
zqR=XqO-Xec*L8B-#1^Ae?8-0|;(^D3E=F;-ix+~$dEfc|?^&{vw|mRjS^@G>{8~R#
z=N1l~%1+6R|I6e*Lkym3AMOcBxz9`tQ__TUIHwO|hK5k6I4NXLx*j=WYi>7lD<0%}
zqxS=;XvKow$Ngtj5)LK@ek*{$D8Mdb$_@QtIyG8J*$I`AWzif{e*v|+v?Q8
zEPk&s{`I`U@;t!56eOJOho4Q+D8L|VA+tmENGH5F9gvre+dDN^P!sH8OdacbX
z>J$0nDgjNnml+D;rDh-N;_FZGV9xzX%2zK0%@A`8r$+}Zj*&v~1Yb<@=zaur*bud}<_mZh++wh*u+lJLEGlbqrhArQF
zf2?11QCQXeqqQyOnE&PUzQ!`3?H2X3_M$-Nwo=4k_^kx+}ELAn%UNl+L=17wD>=thTxCE|%4StPg(>ZUw|d
zRN^ZFMWr@^r?YFO1FkY%zpcMwki3q&MN?~vfZk3end2vc-(xZHtTwrs%xoGNO<=pF
z3x1GF7Wg{bw^FFntdp4uR?6I!(PKLZrLr!48GI${G;pup&VOW*m#IP#iqwccgcn>FqFvZ21-JL+f)nV2*9?fCZ0+QC8)7cV01JJxvF7
zCIbPR1<<>+G+-HEHaO+5b*T_0Y^VV$r>AZCpksw(bBKOVw-i*tC80Dr3sFd=;t}Gf
z(0*trFuP*V-CHSaFXra9oL|3b(DY7eJRcM8eX6nxGT-bz>v~CTG2b|p%N_cP$G&!j
znajXF0>FX!zheAM?@41;!ttJoW7p26R4IJ)PDXu?Qq@Rzmp1YpMZ?-ydWO#_m{`=rpa(Qd^VIQ?){K(
zg=K2}@y>m1eJ8CU$l#(Us;d6I`Ljy(8$wok<-+%ddqPORFua8M)T%0dTppW%@f-ct
zx%b;!XzKd{5iecKuT{sQQ`oSqn`62Kb89z^DdYtrU9BnX?j0_FAshz3{^{7Pn#G3S
zJK2evtM|FWA@T|Pgj(LHSfiHiSJKxk*gEyxz9vx|1a<4eZ(S_<)`7c@5U7ByY_;X`GSZc
z`47hJ!t!r{Un4<@pPp+UnE{8%@TtRl-w($9(SE31Ag7a313Fwr{|K=g_6XX;Mdgo6
z+cf6EKQMb8F6+Xo~%u9>PxJcl`10=Bnsxd6cpck%(W6YI0R-tAAbtn$)+Kf&qoBkz%C3$({yXtNU?_dHHm#~M6b&tc-;I<3`
zV+ME2NpQ}5AL$c#%HUwNm+NhK7v#^rypwHu`?5M__^nMC3G$+2#bkE|HOCu4#ZPU5
zy``hP|ZxMTx$)w*Zr-u$5#%UALgrBW~!jq+zRI8p7B05B?e9EB=4E;(%
z10GznOUse<+hkHu{oqNwf?(Pmw*X<^v7)_r8@!h{7#w{Gutc%v{0i<3$k<&HULzuG;xkifaaRAhHR;EkOiK>JUh}
z)w59vxPF@)`pkJ-ffP!R1yK?NprE0F9Kv-YE~KP0*Zsetq~R_PknFDw=Wud>&t5#O
z;x9lU5oSpLb>T!UA_h`32D(UFkH{MeK1;?!6gzRq-G}q{Z1#SjMjy+=lfDA6x)!sg
zPvfF!V8zrEz%AZ(;6^!y+(oMO+(7{tHKL^+92kyvWuY@-;TZf+q!?O
z54emhUlQb+6Lr3sgOt@*7Uv4EQOrttYi*mJt0zq-LXmhQNo;ZUfzwB~a-eQNepYL#
z^0%qkO1#QAK1iJQS@pphIecyim(63GXYFfqnwVEv`9r3>F-qikHxY8S*?J#Hb%FNa
zQv4-n#Ur3i(2*}1kBc|K^L1p4k4zX_@VQ|pYmDZRZJps6&`EhmMJ0<>Yj(<@Nt&8bd=uJk^R7-KlKBo&3B?*Wjc{CL-5%@)un?kA2n)=%?
za~KVNgvt-Gns?MNP_No;wtG%%sAdd{p^_QB8Hr&FjUU>HdMu!sQR$J6zqq(SW6*mi
zA*4QOgph?Y4!Oau{x!Zxi{js)F*9CqycD_ILUn-=Kw?A;D|Y+7-0zg6o+up7>=u%#
zPX-H+;t*JTxtgDDO7s@oRXY5x#YoNuTAwjY5y&+b!LT@StRzlz%qnaZn4^+7`mg(7
zy$S_<6KO3}l6bLhTgKNH&6g+fZ55yavk_KG>$87IxeMlm3=72!4QK~H@9p4QMzwML
zH&`~*Q(zBSS8-%}(-QfolMF$R&sAaX7-qn3IgrHK;Pr6b&6?W}Y@o?Yn#NMBi=)71
z8_$XXLXUU}-T-F_>xFl?LJRd?J1@;V(4(q`qq6ZOBx?>x0i^JfH9)
zh~#{2?1I>G=ej9gz+N&jtSo02$`y|j!P=|w$%)51aV2*EShYP}Yu3`uz1!l3XoH`d
z;@GtVgXq7EsN>Zwbvmz_GY%TLVM1}SnkEy5sSsWFY#1{4AN>QBkizoUreGpXeo
zWz`=KV^lzxTx_(7jfI09%^C~bg~PC4WAmNG+5#;8tv9=cmu^({=
zhBrQkr+zQ{h^2vJ6I~CEI|ETD7t6^?J{{lJe&%)9(x*3g2;aizTCBW`1F9?U>A99QeJmtFWWL`lsg_6!i=vE+Fp-BSmh#P8$rV*WpdR6v`
zt=~_y_OQX_WXT|OqT-PEqcQ~phn4>~J4v$#i%cL%+9!q-S*kFiFzm#|zSjij4xHC>
z(L~5;%3RfjZca4McPcRgeSUJAzYu)9uA6_G)sbhI?|hYlwHpqfZ+&-zxUCfPiP*%o
zew{5;d;SQM1WvHMM$>XaPU0Ro-a_bdR)>M=!yw62*~#h#{tY1yut9?QM(^KvHtr>b
zZ2FA4`D=>WDNIf>#Wg^`66vrGFG9urR7CvIen9?!(e;tn6n!^eVF*76ZU6DihZX9v
zdn~x)TRt`VeqGeGA(enkmfgf8{LNA2KBZ1Xg>PSx^Td*Q6sNVZ&C})8X9M^Oztimy
zNVNCn7!!vaUiY$$4je4`e+PYbthJgL>)m1~U%8!wdPT})ohsd4!nzHwnt-Qo!I#Ft
zkg3Tx9<^1BCjntgPsQ35^}9u5<5a^QY6}YSeAfHb9g8@Y2`t_9A>HA0n`k5pnspPK
zhZ~C4jh7tnl7&=%)kWfQ8REve9#8KO4WG?
z&(yQf$DmP7YXMPmO4S3%^XNRpA>$C4paDH8w{?jW5iNnZ1yths@*R?kFk<91{2Sr^
z$0nOQM%%VCtxPm=b&QXW+jO@^IqVUZTZZv15B#Egc$Rk!=Ws0Ti^54Ym-wgi00UEI
z$w>L`!?-tPI^4}5WY;~$xIbGKU1LA;c!!K_7?HL?(VE^{+^FN;7F@L3)7@tJ@>4mU
z&QWEEJ(v|FWecAVcWv*h4s-3t)(PX^aV%o=zok>W9{LHrA2)D2r7FtSEm3B6+aJ44
zKWn8?hpQhsN9eW}uR{&-k6{_!?o@s1n;3!eV5HFLsD$n>Afe}ed}pO~fkyn6nrKnjm1NcX;<|)h%%Wj=+|ikT
zboFt!hTwzEY?eQeAlb-#ze7|(s*v2-;WNlQ%hyzpiM+9Z;De@yf86i=lSKDjFoc5(
zv6x*0HjzbFexWFmyz)LT5Wy|lH@R5zoxyk8NyhfnZteKH$f=nYDqBnyI*vW|PLsSy
z2;J%s4K_Y#_L;YtoT-R;8tfJL22uVj?}bos>5@I0Q1(LZ#ZAc@ji<465!K;)VBMkM
zE6iH-uY}`^W_$cIeb#Fi>dj^HIQ;ANqP5l)|!;8Zx%}^~1LZf}nr{l_H;*(68
zqN*Q~9kS+Caig00U)y6Ejs0&#uYjjM#1P6V&44s;n~eqz7fV0?&F_|`y++4f`OW;0
zc#a*Iel3s&8Pg1?EdG;b4y!rV9ZnO}n6FZnxl@=*A7L>0AP?7p#Ca&gX0B-U-gi1_)ohCst5F@}8C$@}&CT58|yK$7CTz#$Vds;3wri!sK)_z-vS~dCh`*&pqXC)_g0QY{NCbis;$a4wcpSO
zkOYw7wt?9Eqk?^-$f9;BJ8&%cXCukm-R+
z*T?{J(Xp8ZV6c%Hu<%e;T2*h`)HZDhYNvsYJEWRrHuvZ@pzqP~X(}plrscPy=TCqL
zKhJ1;{HfoYJad$=$9Yr7REvy2&-Z83mM$jO?I1WY;YiJGZENKt?~m{Am@|qli?6b|
z96JYTB>>z4LN-gfKhLEhi`U4W@fw87T*J#UBq3H5WD5IuGlvod(y+0it0Ng3_-#_8
zKrn~HU>In&7b|V-^$P^dkNH8v7o_1*_nOZIc&U6PUqgin3Hz>#x^lrdP{pc1OFW8w
z3&`+cRS3B`r%GV;_2i$E+WdP2V(fl~ep_mCwe^n(B7%)|#y(-Y>QD_9goH_I(oBI4
z5_j7fhtY(eySxzNAV5%-A*JB7Yqg}kFgtupY4r~f>=r3mOtQ~lEd`CyKQ6ZK-nZ-U
zml1$(o5G_Ai1fpWmbxJDm6V{COH!&rHOF1t}bee32K~t^c4zzk{f6U6*U^)Np1E}QLBhL2bU~z?a$P}
zBz`8fHaU%~m_f~DvtE!c@$B{g5%tzlQHNXmH!*ZG(j8I?(j7xdcc^rChjdCy3Wy+$
zv@}Y0mmnb_-QAtvLt_o2E{fW7Sn`^;
zw3ni~9n2*wak;_eo_Cw}>HM^lb5d_cjhOFwM>V`4GDY%}?(wSasS0nU7+u65jvGFX
zPAimlnIY)hn$w`!Tl5oGPivOg=~u6=Gs{=wrC!$@D%QmAw0^s)j3f=SWd8>v3VO>B
zC{6Bza5?i%8OtQZ^!sM|X;({kQ~M5otW!^?h07;6WC?!AT4_6JoB14(HfN*2TiliM
zb~ZydjNa5{?jU~2vao+pApf13tQI#GS|vCNIHhc>a`i0t>ri5GyeVm{N$7taMVUa+lQ6})v5L1uQ)l-Pj#B8xo9&O
zmlqSYnDLH7&pChh0NQi1^#C6b@069{ojHT5$);|5khx)u82AscwZBgjeK{ElwHNj2
z#`Kxr<5E~>CL@IBQB|4o1pxj3H{*Z;|By1w4K(OpXWLW>KKP@#*QV|a-V9kDz0mnv
ztcyp2T84h@W3=~MxwG+qZan}w391A%xe)VQa=ZvC1ZmgL@|oPTjUq#(AqJCuuGvdm
zU3xoE^Wq?HJ-pBVYX1NJ#6jb;0^{1?NLz{UmXiYiTo`~0)Z4l{sdqN0KK!|V2}-j6
z@3}DAe>hM)F+D8S6+F)(6D~b}0g0KIa*e3!$>rDY2>u_>}DN6nA|BaRYN#yYW
zi{Ky5tT_S(8meBECKE)jc{8hB?g0#?^MK@LUK&|$y(<}{tNq{hK$QY-0FyFHdWCSJ
zxP0TC(dTx%G#@jOhEqN;V6t~r&hLMT>bJ^h?b5%+#wpwDYB<%5+KmuYuHWRa)G9*A
zqMb}h2U2AgTfX*{Xh?(O!&w>jE7Unw4=XBg2!g)B#Cw^%bd`zvrN;l1&o!Jv%mczh
zZTVSPfNP7{aJhBmz@H^OuYM?5P8EVr90Zu!(Zm9|K6Qur@;ecjj=t}U;IlBvTn+}^
z9rx33!JKQE6dWz(&YzM{yQu&&C4*`Q8gNi*ju*j)KvJ?0&xz}Jo@YbMLv5aqG5t9|
zR$le$pIIy=@cW16tJxyUf0N?nHAwJy7SCYda7gp6(hP`!r<a@#K;1Kk@SX0~j@BaFR
z={YK7G#Qwb{7N3{I5RvqGXkcF`d@b6e`!t;7zm#^afxDzV^C3Lu_EB2tHDqXRAf#F
z{+_$u_xQvj+sS0&)4BUyK&(oe0I&#Kv<;=Yw97+~PX(Afw@rhv&k7h6!!n>5LAaaA
zW|9SyvVlcS4qW)Wygcbs!vF>dw7=@R+{Iyjg2G^;iH`!dSLB+2&9f6291ryn^v!CH
zF%L6Bt2~@J^@86(>&@lY6rtvQt-;T0)cz-+wQx&5^Ld`MU8pO|hKq^OHWeKLFCjVL?yO
zXb+I#?dNLIFfq?Ff62@y%1#C{4avhGw2YPiii)+qzvciw!Rc|R=MyUjTus)X-(h@~
z4E^U~{zsSn@5`?ywO?RvwWyLf;dKD_)gyo#FonJ;)8PSDuu2o)om&8E@tOOXp#)M~
zA3Lbt$kwlnyUnkT$e6_J#+@N#d=6h89cQb}kC!_@O1)vVS>%9mz&^4%`O3U#|7ab?6h*m}EqP70B&ou#=Av$ma?hD8_
ziG%Z#Y)n(?Klc`DQ8cM)rrB@lu0ppX{$xuC4qO0~@dnK=Uaz8j;Ys~<2>4$urz`5wbx)H*BxHuS7E7CnF!P?R&U
z18h*e9$_-6Q2>)@=B9g@VcR3PxnewH`e!gZYk}(rjUh^(eU4fLF|jrfO9rBjA{0O0
z++gd}1G4o2h0uGa8xRC9e9{f|x!jja<=oh-Xp5C^PYHgg0v0`Bw2jZw#v_7)4q5EF
z!hy+i{KTw(SFV5V-=Gkg<#NvWfdNY+0Av6Lyzjv50d@w+B0C27rK|l}R}cW);(gJ%
zo(&3hyqLs|UXXCc*>-hxC1c6&cgvmVJ{kDN&@b8A4}7V2YrdPQmS0){0KO3v>)?Rh
z{hfz0!ZB2*%jpZ)>EAU@0S*tXCLi>7Ir&UJNj+B#`%<5+2^z((k_Hp#`p6uc69DO5
z)bADu8?ph*U-6-3Z~|rnlXCp%xETNraDWne0yqg0e?T?(GFT(szAO6b1~d~D7?$cm
zA(z7?(}^P2%KzF3*c)E8-E%G#fd2pu-LJz$2G;>TTkvnpFM6E`)Ig3M`7#`VUj0?3
zfX2||`1oVKxz3#GUmFXX)MRT5ozFF#BWh_i^FBwBh$s=9Na?VrSCk?x25kNH--pip
zul0WUT;8M8tV1ghd
z1S(76FfRY!%tGo!JoX{XnVA___4)|ele?tw(lN-G9PuOc4@=X-;~xxVVUojm;7h7Q?VBzI^h#j6UJ@zimMm
zIIj1s$eE}J9QUL8zJU*YfXZ=+^~V^w+zFjd-h4*Ji7d%7h&%ul-G
zxGX_!#QHb<9r?`uUz*Rt^I5$&XZ*w}T4{wUO}Itmd9!i;yh@GgJin6@0yEkLmDQeD
z4D&f&M8(GPZkDRwDA6Ivp~;TV{NVn7;gjP8@L!LEe;2yYbx!A5sed46BGAL+unyE>
z|3ueV&EX7e{_as^aA-b0KHHw%_o$B?(qoTs=Z;C{CcS~oco+Km`ZR{wnhYS0qqwY$
z6%6}OgB9JEcQEiO!c^P7s2lAb1HwceVf*K_Fe}zCtSI}C;V^l+>ppt9{8WN8^kiNI
z1(G`zg~lU{2a{if5om<8G^|WITDtsZ_DKN`x9&4`na`x|Jh6-1O@#VtR2y8(JvB8g
z2epu8D8BoBf(!opc52eSeqiMEKv`Ki7k!NB9Xkz915!s)`TxQ&IkDkq0?B;#@7m_Y
zs#=gL4>|&aaI^Za6BpOwnx0EaflR*nhre
z4D3&&bx&ea>)g*(W&ZN~6J>49Ou+YKgM+8JGC%B2%(s{mc8hqAC%^*Ki9yvwO^MEL
z=74{$b3NsIG4-bCr_)3LNSs^7b@B+3%La%#u41&KwC-`^9JOpLaQo%L6eePDmez6=
z)I5YV)&W)wevfRHJgqxwguCjlQ=<0&f;v+p+v#TEzQ>&W>1jqu^9P)~YdGo;(+n`Q
z!d9aW1jv0qNPE#M#ymg4y#^@$2q8$mgkuE#$_r`@Cog&f^jaZ&zmPm|ukEUP>plZ+
zo(S+On-P{kr?t@J5&oh*4Rs14{2?!ot{KvcGp0Bk!~FZRKe0(q6hZyVy>}hF+qE1)
zK2;~&`V&zkUv3}j-v7w$R%Fu8`9+w~6^zgLOw5ztOaiWo6?tNlNW))m-HW?E9}v!D
z8T3v-K~Uuc9uq4f+#{}p^=~ySzoYJeml^p0L)awDAp7Ywx3p>CRqd}@z>H;3ZKIGc
zh0CrrNUzRXXx7z?O(8hBZ2Vf0hPBA=1a|}j?LlbdG08JB_M!7U!
z@3rNm!M8`mSHxl5G-HhD@ciM+%SI85^+*LdYX~dKm8N~zzM&unBJzyG4Idps|NR=V
zsMw;|@SZk=q+k6F{Td_mQU-p~mPG83PKLgnNb!e%HRU_8Lao3H`Pg4lZU_Pgz3~_S
zNoS33!IO=~GSb4GNXz6!UdfTIfkd)Wq6C6(_$3KUjC8hO^LyMaBtjvsW5b9+;%INb
z*_cSj^c&WxM{-_aCx;=fuouVYD@$|5=d*eF;&APvge>ZxU@k
zIph#|c3w0+$q|M>0XoYxCY|V>dkn)#C}jf
z^(X8Q5&|TO+e#v1f@T>$730bVlSJqocwT8od4v-f)!-rA?2mI8*zad}oujr#UE0>1;vG!mJUYlUBV
zKpwQ_f=~N%Z4cOlB!O7*S6_O5|4PF4TCFY+gB4^axFRPri%!ha#79M34}9
z&Wh2_b5}Z89c!IBE;U-G%WIl-CkKA)O%K_rjJNHWE-$*@!^@ctMu>J_H8I`cWjg-E
zk$9f*x30g$mz>`E3tH7H4ZoRr+an&2xqJONUA;&lL+iH%^gQ;_jT5
zUG;Z`ry9pC=}`Q{tldUqd3IV`rVpwHF{K!@umh5r
zMHX6beLnbz%vRt3RJ!U~Og(>9_@C<#IBvMfjOMeatGVdIR3yARt0lix@pZ;khib6U
zvKBb&C2n?Neu1Mcd<~&)ihOP}ET@q6*1(RmpJAyH8thg@!$;#iU|eXwQ6E#rwAZ@%l9_Gky}V)|Ro$1TOuxh|EDwEeoZ__JE}
z@k!uOuZ?fS2AP(wb3UqZ;`r}u>F41rXA#={3f8Rv{VK=3UM+t{oV@qMVlHFX%x$cC
zuAV)-Pn{0ZPkQ_cWoKiH_8ME|nJu1w$5squ$ZtDitTfoPwGs{glNVi$ia^qiTsaP6
zdiV505)JsBrGfwSt6Ro7Q)s`@6MPNAP)Ju*-UKK=pqsk%G8~9%LT5t-ri2|6X@WGu
zY(5scHq!fA!(rxjH+=>c=V)BR1?1g-Lr=9OVa8qUcXxL+Equma|LS)*LlMDmV)+0I
zwfdW3@|C@N!YrgIRy9irF5#r+ML&qO+euBUTmq{U6AUEE7Yn#QB*6m15ajOyMMRAy
zst`_R))*pz(HqaKXiAaW{n?rjN{iBXs(}07^|}#<^dIR#>D7m!R%Y>GP;1XK>3pur
zob`KIlgy5v5Fdp=WvP73E!m&Pj`lT%r_(>-hDNAv`^TBU0ksqnOY3?jHuSZ2Uv+LM
z+-(ngL3k*MPpF4Y#DKm{eM;y4{o$pr@6&T(3W^M{8#2-{Di*zpy$@cWH`x9atcB=Q
zjs2Y98V+YT*UN?hQ*B-RXUTu{U(okRSZ^gfvyMJg_dhfydZRT$gl0?$ka=e8PdJpSADCrjJ?H9w#Bh#<;Eh1TX(DY#Ht69~!azK!Q
zV;t5t??wMMTZxk(oW!S#{VyGvAz$huKWPDOw*CW2S`veBXqt)PF-U{_`|DS1u{u1w
z7#SnosfzHg!#KqpXa6kSA~)J|fY;2nyFd>t_3jsPmh
zENk*l8#4F^`gyj0v0Du4l9%+nLaP7eF!B4Xb
zc4OJ%Ab*FKgh`mVrE%mCeT;1U0zBk&oqk
zY90@OozBAb25JX#Zgyd+1uw7@a`s<>Se{Tt?8|KJGSBBWK)le5`(9!j)_UAwu?4S)
zv@Jf1z-rh^P6ii6y~KeDyY1I~b_IMFI(1s;Z2+M27zRAJTM;R9_!wD#QQ01#=jz}zMsCfp8CbBy(VO$<+#Xxg@)lT+
z+p=HpS4VAUbQP<4&ihPk6vM4yZi%RoFyS7Mq&;bYDSZ^0&|RAlL1!zoTE2VSyo?D0
z6{u`Knrg^q4&d>Q{b_A&l{?3Li1A^I3oJoQad4!1#TdFKoh(i+_Pj>rJIb(Uk}f-!
zI8HkhLJ_wb`}{=>m0}n>u7n^QYxuG|kU8;7Q=2SHcX0hW_bl*?UFMrl7*%B
zK|skF920}p42d%~f%bp*U4d{S+=PwH`E%TkkZAN?`W$>H>OaOY2>2-<<4xdaOEayu
z`gB|wKRdxV-$FE6XkS=(cWKq=H$kdnymS=6mia~YxAWCuMzfba1^JqQ@_vF5`<%P?
z>kA-jbyN|4$n^*<5%Uv@MF&1rMYU0Nfp9vfjoW+`ZEQ~X9M7CjBh5nGXNN_^`ibL{
z8RddMyXnw%l_qO1aZQ|nb+%r2u*csCFmZML~O}LzDoHuCK?Z7&Tt($
zez+(gv@Mmsc|{-4kMJ7@kXo^J7-~hsb9u9gsfm^$xDlNpFd81KF}O~o$ZTgROd8Sq
zW65MhH092rAq>huJb`GQkpjFyPKflF83?cZU}y3PgYab_G?43Ey%UW>uPVGha@q$-
zS4XLlwm8(P7%Z-y0MWuphC7@pPzxp;8RS0R|0N@GFl6xN{a`?PJ5~7RcY)TKh2rz$
z%S5eEW->8RfAau=I(bQ*fD#vm`-fjQ@fs9wYFTs(Eue
zQH=}{mFbj8wS*+sDF14RPefrmVA|bYthf8SK8jAh>^n~$#m79&c2mY##bC#72M2|1
zAkjq`D70J}V^+4%FbcRz4iwD7?RM3cYLA^*tetg#RFa8?O@vm7-t+R=o8+}4Ix*U2
z65_z~;6`(dzB2PO!O{|iw4}iea_=WJdK~@w5QiVgi24K09T)fd=Ei=p`JH=D2#3}x
zH4N90IFn})x!JcUQUd3Id>1dU6G+Pf2im(BMS_M|2$ZQ?;ysww*VV6E-BrcIB@+Gh
zE_WitT?4L9m+I@a53)$lFW+Wn8PhSEP;k5M7GlT#@-v{s2jhW!49lV9s|Tz5XpW<+
zKDR=LJZ-xd7LHHxY{LwW26_lavTKF@qaxH5_M$(ca}V=RH|p}_9vI@>?X`XvSK8jl
zPu;cNF8==DqZx{xTpDow`Y2FgYv@h+vKT?n;9h^_4(Gt$IW2i^@tzL=H
zKpK_`ghKEAbxP9ibGGoiF68xJ$#)q)4L$k2Oe#`%-dL8^1XpU?!C{0rJpnw#3M3v|
z0*k)IOcqNEejJjs3svLb>*KlXr~J$O`mXQ!DNSbGrm_!e1lysr23nhkT0O#F+Hyg
z2y`-5HBAJFWn<27DPhT6_h_;SQuUEMO6QJLx>7(Mt>@=oYZQn3d!<=$}`uO
zIm$KrM}%!tLcc0(wQ>}qEb1@z)9fvu99EzKVrCx^8QzURbE#-`Q@e`EYZd2iVHMI_
z+u4H8tmXB!)(W&DyUpa-XX5ATnWzK%phOaSvz~FU;fpX=dfi@k(RCEM&Cc
z=dl{Wa{25FM1O-CrelfYaVG@XhnzdF;G#$YToe`=N}FqVe!@jecGl(ynXgrJG&K}#gt#an*K~I+2FFcd$ejp2
zcGS(*TyepjZ%pjh1(U?bXx+w2kH_XKt`p1tTN`4$aU;Pna-7vJ=elNhlxepzY57{A#?pJYS@9V
zY|vXlq|nYLYmI1kw)yJID95TrQDTe2j;lACPlIBA>r8wkm=j=yr6yIm=#M2W!
zx*i06j8Qi;vvX$@EzkU8!!ko#-Z5{gKj!#nzxh*^TQ>5bQoSqV&x4SLMJ*FKP^Fp4
zWr_W)ra-{W+!Wy}m3veW{4@fAm_8mP{z#Be9t?jta#)z8w`2QNJ#ugRB5`%7?odoJ
z+e2W!WT6icWCB(auHWO633v)ocX)o}2x{^UHo7K{JtO!jIk-*YfWivj8a?*>yV{a;
ziKr%CZEFHVZ9mE-2v!!@=%%{_xAwb{O1uOA@!cyob_9fzaJ!OK{X^QTV5@
zk_~ANUwNn$(uq})i`?XCl(inJkn7!{(iTEFLv#0!BA9{H4X|e)td2;Q-A;~DsFV+`
zI2R;Jy#FQau={-3%#c`%X7qcFpRs|7rbg*LK5gt8lPrbiOit@sD
zH6BjUSEaiNqbG*o;CSlgq{KCCR}4zOo|L(4u<5b45};sgbug-pH(>5hv^0OeK%^U_
zKs7|)7#aRkuKzKWM4szUd2zs@$bsR|NNOVzY~D08Tq>(D?k_Pf+>)Ui9-2=VCoU-k
zA)m2YiEBJU_F*8}?`9NCIC{~;PWI8FIe?%J$@;LHm8SSf>ny&r)+n;jmxd`{wopSP
z_1u<8FzCEX+nW&bohr!J>tM{b3+>pw&7W)jhtcn;KB98bpAkpoAGgTC@9iy+fN-dW0yMI
zz8kJ(HGLIwd(wavQ4d!o5vtC%fz12B&cJ4|e)?GQ*i%`<@?d;7;F}XL_lV>c$iiZ_
zHQumW6EpZzt#H~gY)5+xg+*k)>g4Oa_Mu=KJR;ib1~0xwoygk?Zm+B#!?OZtc?eU4
z<2i3Kf|3{3ux3-J9#a|0kv{6T5fq>@k9Lao%M%^m!FQpt@XrZMNXjP@*kqGmeB5Ho
z1X#|QK|1k1UFyhY(%OY#pGP)=na@(weQsHBOs5!+IthiqA_W92C3q^dk
z2z5=u84fO76nauAOhI@ziWzZu3^z;^21!*l!WBq8SA(PRHBH9~Bo_J59Q*h_e)8K2
z#B;tsh;3`5@~YD!Q;G6@X5L3*%j|x}tGDL|1;3fFyr;>A{~FyS7)~Onjhyt=0N&B7
zoauns2iDg-C8&()tubK>8m-0AcWr$Y%k%ra&A
zamb;~L7*lq<&!s5J*r1@bPlokWB0@exeVgvubImR`8>ttxU0qK1)}54j!v72o#bQb
zq|STptDOkud(m^4{7H|8YaNdqKJ}B*7(qC(j+~XV>xHdSdEb9nxxQe
zjvXH?Lrt>@S#`z;87{#DW9wbmgSHAhX65*|6~Q8TedGX04KED!4~j`2~oCdZ?b+>`x!yslDOjSVe`o#XJtl3H?xsaB1l|
z9FU377~?wvEjOK%bVS%TVX0p5-<|DHCzJ};L>3Y%=sb1(?ma|jWcPHF_T26c%k&@j
zwhr!lIohDPqFV?KD}0i&No;!9;`~%Dtw|eE*MH9JVkwSsbj3a>t|%CG&T_G@<_2u<
zgjmtM%c?booWmn(z0{_VC#?yxx18=o8(uu&p*UqOQ){I8c9sy>5g2q>b~s~H-TJ~$_f_htvM(TUNMt2z
z7m7z$Hui=bW4K~WR`Gtql2d_ULzNgGk}mTGxCoK
z50XhR*^W`80SaQ`h{B++U&%JnhoRNToJh77=9Nk3V*@XH_QQ3rOss^TJ|v5^;a1PL
z^dVe5ecfBaxH^qde5oR?xKA;>chuWsi*p{d7+r|=7!)3Q3-0(#df80)x7J_#GOh^SiZiM6@o
zaWJFux3&LoH*cyx>NG9lt~YO!Ghrw8>+v;H_Lqfe}yvm
zR-jW^jOkPzh{_NO374EV;n!K(!&z6vqdcVeU*}KGiOW0-JK!dnX5%$5^Hu9|1(##K
z{k70WSRxiSyx11jJ5B}sw1kzP-Qk(E-xr*0`Ye%61w2h1WPOdSB4T3ZK4X}Y&>4?B
z6pvgkcU28eJS4U!WE=~zlLHoWY;5PNK0oGeRDNSI-)3hGbuyi1mJpr{y$`dA2h;
zw-Ql1*FEFPP!I~0WxJN&%3n_zuutsST@j1#u`t`1Sg{`c!>5R!VtF1l9i5MQomFyz
zkaY&`N(q#czR#$5S(09;qn(hcxvi4GrMP5?2#{H)+C;p>jifeo;|~(U9zlFTzc>2F
zFL_h*+Uu&$7du8WesR4Hffvqt^{+j{apd#xR~(n!gL|=#TVsE+m^FeVQ#_QGI1jTD
z6?8uznTf`4n1Ozr2kv&0ecZjYHT^nD8NN2z>IGsoC*PNoE59
zlxd|DFB14!!gr?nM4p7X<9;nU@+CM#mOviAK#iW~mqnj52?)aruMRY>+{2IcOes9c&?e7x_HU<3<+J%#eYVSk{M2rThq5O
zd;=9>)x_qr&1A*O-{ufCf==aWwgtC`Vsq6+2kf3j>$6Z!_}jIyd7eHZRuOK-RG^<=
zI9h8RhP550M!j5gpfRM`@R&fVrJ!eU@TrL(h<6ON<>KKb$MXu
zw#Mkz)`G?t9G4i%9|i>kI|r6eVJ%dXCP^xIOV|G86dBF_kV8n>3t?juLn&)yDq&Re
zUh$Q3foOqmTGZ6Zk^F`!CC5Jo9Skfx(Y9;H`*$?(tqAzRUw@ooqO&E^`VD4ex!u$1
zYcOissrr@R>p-oBWeBoWR;mQfiXQBqc`a1Kx7j%Fil!xTK!@j2WSXy3U-18^KeGo^hf?VzU)r?WvOFGVDP&
zt8L*1`%C?q!Eh)d8KY3jFX5K*Vu!a(pwWHZ(Psy|}b1Drx
zIP3fgnLo;nCMUadCSL}!KZdLJs{EdjG_l_H*9sAigJ?)(8Qt5Jsuww}Uxo0K*WD@=
z;d+po^YHdJgm(Je8uaDhDx8uNWt`*`nQ5C3vZ;2HKHT-S{pKCr3;*
zDKwqvClz3I>aRVBCz;=2zIr|br(dR)$~y-Qoc=Yp_R-lnY-wyHQFa@wiH5q+=m|+M
zi5Ltpz6khTTebz?kRSV%tg6*%h5p*bQ~v%`L&J!R?n%H_F#}hUz_h0w`Q`=2u$wY<
zm9=G_?|ta7Ls0Z+i;Ji1(T`>6_P3RXJ0hx4w?xX+4NlG*4oi*9;1D?Z`^7%D$X6s
zOQ_;&m6b+H|*@hoc>DRoxa8N@3fRhA^3($Gj`Y@~1^3oVnDS
ztm9&CZIhTTow%pFZhX&ArD{QAC-)tW=fzYN`ilFW>@C8*VAwz4`+9d{%T~@v9TUK+o9h0JAW6f6mxLJJNtX!-Wew!U|2$Jg+t;oSBH)
z8T;cq9~0|DmjeYspW^x;RzE?lSF?ekk`d7D*O48l!z#a)38}i!;@^5ZUCu!jWXB*-
zA_Vj7yrXxP*}2Pk4qp>SX;_4uH`*^<1NcrH3cp9Q<6SbV=MRgJ&`%0%K2j>@??C$y
zpCMS$pf==55O(@3TV%hCG&U+qyq9b^EWWLJ>UBT%BXu-YHbz#(K6b}xa%R1eP@2Nw
zR9pA`I{Ljg1;$K8P0G|sg?A}8m0J{7=Cr9tF@hvJ<(|
z*TIO~A9wMrI|ov#`f@Q7f=HYxvvCx=IU@U!5ryLc)5g5>BUV@mzXXFeUkTr^``AL6
z*pKFDTj}25Xi>idRBaLNz9iI4h!Y6ua|Ls!7fol~5SgQEM11gVt$Jg}x}wUo
zT0-n3b5v8NJ8}{C`)DzTuTJ}e{`wPN#!5}+n&C#n(?bGO%b(F7!>Bb{HloYuGtePU
zB&)L0l6wxc|1Nf~s6JGd63KgODLNn)r>uc1-M}ih)Z8nz(o_A2pW@s&ya;>1k@!_!
z-x$+>UKCzmxU~}ZFk&8=mn>GEf()(}1r=$}=SO??XCrZMw|nn4P-AHcErwA3%ABTM
zleTKqWK6qrYd0V)MSRcqp^_SvIvqCQa&R-h`un5Ma!Np(0>a&L7ktxoW8KRqer?5>
znRZ^>HOI~+$2Uwm4}%vUErh1?h@peCL~Nmf(!34!f^QC#>T!xvUz<~QArK3ph~C#z
z3W`Li*w}q_BW(($*qS!w
zEe>~nFuG7LVQ}yfs~A3Y_cvD~hS;fmu_dlF`Qcr&hh#ch|
z3w_&Wz|1U>^u1Lv6hVI&DMc1Xtn#Rk(%aV$a9VS*=esEj4yUTIVL!sX_ckWBI+gn2
zDf8CwD$UL?a35|9QcHNe+gwd4AgR^S@hh_1;YrB}Z^rpY>Ezl3k0Z^OqIcDJD`7YW
zbK=FkhLe8yqRHor7`m&;P%wDbD=L5Ex*DydBPMafx=a+*2Je7>O}nT42^aG6W4ok0
z)6jc+^AS7q$;f0@jnAgy5Vj1l4tvuM>>8st-DeK^9E*ZpHA^hMZ-q4d!-~=%
z9m}T3j!vTI+`SUrf4+5c{V)uog5|0VryE`=O1{ZX`5@-J6xJ0#faisqrSCsNiUV_P
zTQuQba=#BNMkWhfGrIV6u@k=8&GOucsywRy-eqfWqQGRjeCkOC?^7EQDRvMEYAkwi
z0`+nn`bC+H3hm0C8d>!R6`>*VSYj`sbm~=hmU=P##&DP%8`6S-!+q?}N0r++~JR6$0{qIq&bh2c0RScy2H#AdrbLsJ~*G@kLnf3j|
zZ4iw@qQ~f->i8b8Fd(*qD=W1aYZQQE%IGxxiqAjA5*=P_l!#QK`@mfP1%9ML=$85s
z?hKrP{M&t|IJ%doUVa_%UDn6t5f6N?1)h`nD8G!6UCpedOY@Rw&6|3;s+#_|b(GQD
zgpe7c1;y+5CXkLcj(&|53|*EI-*I&}q_bn16x)Xnpr7dwc>%%ZOl?Tlfg(H|z#A)-
z%3tV2w7_2S){LAC-rj5(8hHDtQ~qA~iX_WP^_rTE?R{^^G}`O(H6LL;%78Ee&Z;T=
zP0LyG^mmbl1LsM7m1&Hep1HyCy+_(42g}moxQFkDm2wZ48%k3U^OZ$i+$2IxIJ>Xn
zMrvwNC?E8&#XJ}{dG8W_L&zw&KY>X=l#dQevNaVZu!8)L4}d$mnxh3JamIq3rsW1H@79;DbVrAQnAqj;DIm&K`c1
zMD>|J8NRz?>ouYaXS>QSr=H1fkyBcB-}h<@VwoCsl5Nwj*-CLyUcJ6|R|0r~TzJc0@
z8r(Ss%b`u0uR&UgaJ_)}$hY^(63goyF~8ODqs4=RgBZ?{
zfq_U0*A)~%^#<7*A#GS4SdoJz3{rZ{(O*-elSokeeWs>bFK`1mSx7G5>3Orf+*fAo(i)t~wX^;?C4&bw<40L&B
zf(WOS{pSkQ(0*%FRL1zh7mGm4K05xK@R40m_*|Z)Dc(Xm1n#vshGq2SOZ`t|T~VKt
za}*k!83iT#eAtP}(yN}2ec-yu%0bP>BIa}WXLU*AbIcSAcnmT9J2wY1Ap_1VoJZs%
zV%#_TecA;pO24yU(1E?Z`wE-e5SUE}?~fz-aSJJ>O0B$3mkX9GqKmak3xKGoF_Y%^
zo7s+OJLn~exy*Qo^!}b)X*a4zH2Ms5awcj)WR`aFi>YGY1DUO`(#sL$TszP23M3R7
zwBY2kyB(U(J(AibPlN~+rmgqyfRs3L3X0M<6`7D{`(xpY)RE}wNo9EPSFoS0zMNh!
zV6c10xEo#-BC|pB^LJG7QDAXgRMRurO%TA-Jw8F=JYF=#8@qADm%#^Ac9DjVe$SONyX*yesZ1{26
zJ&u_26G=)hTPJg#cS?S8Ps@^8`uuERljFXu9T0bRT4mnrK_3DCCDf1P+C2v%KMm@4Lh*
z#hml1R=$!eU4>=+#wEE9TSn6JwDM&zN=ci$2Jxu0LtNdTmkrghi%7*oj|9j
z4=L}vdwVeL1cfV
zEK`%bH<-74Z}jB0szIx;TpCIFukicHwWW@jbQ}@C-Cg4=iG1??bObukOBNGzpJ2=r
zQVKtOBjPC3^yl}l;-b91ss6wK<;N8&@7tKqS?#0rybjm{OSRTewoZ$f;Am7Z!v~tA
zp)YjS;J{l%e0MDJ&oQLiQTALxmKgykRiANiUF0C#sOBt-dY^BXUtmnXe9Uo6ML*1c
z(b(W4C`iDzyqv^WQI=})DcKJ|BjkOKju_5UZ
z*kh3$cl|k$LA)}F&m+Zui(DS~Gd*mv{^#w?5j&=&Zh%f>C0}y~Xr7C?d2OYweQeTx
zS{nc0x{Vw3&~DLXj5($NhCbFup{(8ry^!_02yBfaWGYVEKB-3UAG4@m2%}R(-w6;;
z(0N9Ond{V5Oy)Is$e{YonNXbnK7CWkAn1C)--tS;dzJQ}^Z7`TG}Cx6EbhLX;;*xV
z$RPaMTLJc#fTu^9!!EzwNoHEqi-W&>D66Im3ZJh6n^C^sVUNBpg(|n35Me~&n$pAq
zstE|C;aEORNDSwFEiEl0Bh%9x;aAz?^eZXW?sU_gX&WXB<>Px(p-!npHpQmNlo^#w
zM}V5-bSez>C3l%!DCQ0@*BfdQd^Ys;PPA_SP*Wal$o8`hgfY-sX|l|TANVF7i0Z5s>UCG)lpdtk9CW;9g>_wulh%7Uu@vV622jDWby*^TuaF)PNHrqDD_-(Orzgy9_h{eiE*E6FJDM^vp429#
z%)4H$h=(eSwBsuw+0}#7IWQ~lvg-R*eRBS1!LyNy&#)G~*EcCNk)i2&sCLRS*yUF5N0`;`sEO_3)m9V<3=yEvawHhADay^DmIg8gIxn&IECqEQ%N(m?8h4XEL
z@YB!F65#VH&@exM$_Q4C`_^rlk=#=E){SL#J7JVTjMM$wj`Djsr0}W+#=yR7(fik^
znXOg71O@3f^fF|e0d(EGQWf!8jyWT!QD;-6B
z%{PQbABKGKFR(9-mkGt^?VqHI7>(QjV8t;!{y}5w_^<
z9zn@-ieTu`3cQl&msa!n&`Pe57g`Gj*kW&*+@Rg@7s6k|UmHFr-e!A>xmSyV2B&6V
zeEKrdCEbIO{LPa70Xpp`i
z(6<6`a#|&ta{hkBsmiG2qQ3vkg~f+@i-@O`vKJ$CSgf%y2MXV=Rej4o>?{yy2^@_U
zp{Z-G^T0+5;2ZegIA09+nPKyv`2h_vP$=Um*D^?33+T7`KL87A3s6sz(_Y>I-($ed
zMoKO9XQjWiL}FyVr^@?fzP#`EF|%_I(_6ji*L$^a7*%rLSF;%?2|Y|F78&FQwb;XB
z+Fa?+MD;n*2&D}6*k&}o|B~yS$y!M&=yieH7z)&RWWTd-2C_eN@6s%*pfSEOj1!!z
z&a&wy>I@<_MDX?6IriOVwruJo`1m9s!SGM)vxfq9UOLE1D?&#x>tzJ8N2$J2Xrx(fi`U
zOm8!4wNQf7gr$I|2S849cXfrHbK=3T8Z9?>B=jn2f)g;3NG*&I!VPXxR!pnVPBdYN
z%qk9AF5kw*GH7lgR5UL6}I<>d@ss4&Le+o80V4YBWPEI_U}H;^O?
zWH>A~lZ>CGT4u`q)BpOT0-b0a#YY1mhd(Fl9P|d)@nn6~7rM%nFLYIqUxpw30Z}Pc
zpXfaic7!|*`#8+Dv$LtAfUEX(!fa|0gI#K|0-At4BL_}rG_7qRii;Z(enLV54Gj(b
zwil4uL+05(GbnQ9ONL{sL5~DYnX&#!ou6dg+(g|Y0KI(*God9RuTKPwo6Fv2l)Q%i
zfWXG|f5#s@D*5TD(uN*QZYU7d;Erph`P*w(_BF(nbe!KLD-hwaw@9JlU;(
zizQ>!FLN~(Gwrj^)Z3jLrvH(@|5M8j`T}Vz(aX2&AcD0-t5o7ty%yB;8;Iejw-YL2
zWqJ+O1Dt40y#Du|{U&bn#O<)3mmuLB1n_ATD0X}aGBjf?FE97(0XSBjI-qJh1X~NW
z&g1dk3v-*M8^kEimT0}u@A%SQy9s=_d3^iHsZ%IazGGFU&5o-;VGd%rF&NrgQR0t)
zzu3&y>@gWkXgia7#;QeZOyxsd}h^0COzsdUf61^Za6AfM&={+_nSdmR_N9ClFk+~EHO}={B
z2V9=lwVs}yaKQ4ay-b~UfCPnlS_qGbyse&`{r@$0=KoNC(I1~-Xhvbi$kNzl
z-^R|AC58$iAq*NujIAuA1(mIcY%wBPBTHm0A5sk=*|N0QlC7d9pQ#YCeDBn!uO8pO
z;OiGZc)aI*-8uK%bI-Z2=drrewYL%J%sZXZ%xK+-m-V`hH-DdfO|~S;FdkWY;*QkP
zD-j<#pG;%0iuAvP~Q5j>@x9UA;`57yg#&+X*ED2oet%f?Q
z)g71L*{7ReaTo+;vqqg7JrZI#XkB&Yi(BA2*6cjZuIqsUiNT_m-alWJ_MlVz&aBg{eERWfM+|2^
zOI%CLI?(n5Nra3u@>X;%D9!*x`AC$^2J;G~bY|(zYTR7evqa3Zd7uYxU(CdeCl!BN
z3g0UZFJg(*UvmA(9UEy|-z$CuDazD>ce0%GX0RJ(muMueU!MRSS;KY`dBK{lj!{Vw
zVmbOj8BJB(r}zE&jIYtGwX!|e*O^)|`Zp1zge
zgjpDc4OvSzw?h@Fp9<*jwXW%}m1bpd6;nD>#8W;vj7c_`A`FE?X}S)F*H$OReYN9h
zi28$Q0d^k=0YVc+&bei4^M^rNpLm;~uGdFWh1H*iv5+YWwpv
zfIbeBlCu_xL0xg-5q6-<2~zrb!^o^UO>OGDL;5#Ca1-=YwwAwjC@r>hVr}Vj>}Xq&
zm*r9C{8YoYCkl+%EZssJP
zPBrBTV>gzYb5Gkr>8bpnhiAUn-aPTPu}cmJ#3!zyjfE*(_%Zx2lZH7jjfEWQEh`&_
zd=u}bB9J-idhP6`YxrsNK6X8a(K+(F`2IJ_oT1Lskik0lcw6bmP|(bCXt&u7<;p>w
z^#a?Y-i#Ktc&o<^4Gs6ojvtA|8kq&Q*s9t^)v@6Cbi$VXT=HZkXe|E@)OlI)q8Rc@
zPWAo88C`FL&5VF#XpkE^foK-c9Xt)6cl<3Or@=t##R778kr%3Uvhz&{C-rHWnZUfC
zU2HgP3_cKorqYNV@80Es7M)K%gR%R%k#n(8Z(p#g%4>QJ7*-4=7&m1Qhv_0
zH9!veVcf>&PqM}M_kcHr98ug1xe2?)YFky<
zEq+EkT$SE3`K&0I?p3`R%VIyP>1nRBGVR-Kk(pcb6u4D+5~lqq`3h{~N{v&{ASLOp
zA!q}=^x^wI45LNN;qX^hv0Ct?^TQ$LlEC*j|B~5*GzikEKOp4pt23bIOtHPY#4&Hi8p@6Bx!P;PeoBR
zMItY2CaqGQmN$6-s$=#k+2?X!?}ABJ6ILQ>4DhCFGVjs`=h|#mI}ijdPC6n>s+&vv
z5#oQ-nPAt2u@s`u!G*}7elGQz-Nq*ygIW+os1?j=deCr=)M&{tJJ}E|wC9JtJ85R!
zEJai8YQl~F#`u79*3We?L`OV@6bs*)41;qW12
z*WApHe0>m|6`tL^u`Xn?5Mp?1rycta<<4s5bBLK+J8Jr1=|RzY7Z|plN9kS`FZ4ne
zX`at@>PIx#Hby2kyrL{b3w<~(x
zX2%kXK7_JUU&qC|1jw*^dW&@F(7A&2xv>Tn6W|(jdtj9bCf}wMu;FTgFKtSk&HOt(
z%Jhpx|72hd!CJhYY-l6FnEm0dsfijyujiJgdmfJ&!tR2cQGwOBR9yCl#&sAAhzbv}
zpEuys$3kKpvF5WVB3R>aI0@`gka0znew>+MmEuTD
za@+Ow(y$$5P2{G-*i>eY%mtoHtf}gB*gni0&W~W47a+GXY2^Aj+^2luiJskG@bBAU--9f&k~^9J$C;8uhyR~LGiou8kd$NPns5@JMGFLV!j{1DdDd0b;z
zviI-hen=QZxBFu-66gI~G_p3W9q&2!Z{W*Y9-nxRZVvkVx-#xl+Kj#Lpk2J>ZkY%p
zF_X%oAijeT{T=4&_YV^I^2#l&etS0Nq*m}iYq&z^Y9-Q4{qh84B2;&Y+@%*^?i9iZ
z6#dMsD$>R<`qyXM;*pb?ChLmlBLhkuBtQ3B&)pLf221k^$8Mv4|)4
zOG5{DIL+H_5A*uvhyWJumZGT7GHzmcf1}69iOmAfGMqRE(q_t5lWIC50$orw(#m=(
zERrz
z9Er1k=G1$jJEQooQh+`4cs+D?0Nm$wAIturual=2cILKe;;oz)c9%oZ^kfLZDxl=#R!Aquf8Yz|ri%f2>4^Du(pjap<+f05rA}%><^4F}
zmz4zVc=&p&h=bp>dFECkM%!rQ^BQu^qxMC_z)Ea@F*yE6U)-NFchhg7`%e4f?clws
zXyoL=w8)HQHzI+m`PX1GOqhc;k1owE&GGa1bxKiq1ESmEs2dx;a_-Sn;($#gfQ=CL
z_v*d51df>R8iQlk0Sjgc;Cuk)$97@#zCzf>bwOU3$k8=)?dy<+_f`Z;Q>=#ay*+}IG3JL9Z
zYlV%od-h~TeuRWVV2^+nQkUI;dGx)?gsLyj4ZPd}?SRXVSM}MqFjeBmei#-4s1U`s
zC$&CAl6K)TUtCyE(+#=1=-+UJU((=YU=*JBQlq1dyEBvkkBDS*MT$Ec`PpKT)laLZ
z49MjASbzTb*We62)9fw|pfUfU%=2(S<8Nws7pj3U%%7LNu3Pc#Cw(cmB{*#*@N8hR
zpsZ4VM?#7a2@@77=m1iMqE!0Jp9%uIfkhiAzKm%@@2Y!x&
z@@b4z27Bmk%Ap2RrAX!LF;sEdqc-983sM|Vg@?7ZLVw;PmMsD5A%*<+OcMBj(>Im8
z81-nN!RJ5X|9@ulU<+wGV+JaQd{A1j!@y#M2q#M4<|tKP3BHY
zJPNO_6<6uhEZ{e=z=r^fqj6DYp{vi}q?6#R}gaDp6C(^rI5v;sOB2zs(JE*AL%2fH)?;`i52
zE^UEm+4E~z*WzFQ)kiTgT;xG#-$Mfgc050{9V_6c?3(9>O12R&4|G1KFaJ#pZRxwc+96t*xz$rM-~|B-i8N
zWx%H?w9LVEowy2prnZUY(_JYVQbnRL$K~-wy
z5Wls8kLg*~LD`2N30(u#G%_pTL2uFPUVI=5c+CH0(I(8epN-%1eHT@SokAZ5i8e{L
z-XfnQJcNI0w}L&9w~akmmj|+4X%&NegfPR?k=?j}Ng9Ae`G6)I-YKxi!-8jY?`XNM
z_*wT>ssRA#DXLK2DaX=Z<<4Jk^iXF$_myoYCufd^_aLx?tDDd7xyhYU;jGvLJ%jR8
zKrC~fn@QB>;8*s0}Tm<-fhqH6BIg$Sp;ZU0q~)PqB=pda8Gf%Rzy5R
zJrD#47z_rEzo?{seet>=yse|7_1o8OKBP{3K8$#YtQ<;}x9ewJSzC)&vi5Z56Fm0E
zcEH)@*XW{N_|4F0G!VhB{rrhOs3t2LC)^gN@GCJyl~N~&5q*8T^?B&*y{zKpj<9oh6^56CH3ZcmT_K)=)bGN_A{}x%MG1y#!OAr0u
tzYxDLKkCbIhu1RO8^SLW`2YIEB(-fP%EJkS-+z78rztbax}MBm@K{l@6stX+h~mIt9rkB`%Q?L_|Od
z>6FfQEbnK(d++BtzCYjZ*W><_sS5
znKQUZ!n5!dztfPbXU+tiQIeI?^)Oo=CorTMX~RdA7_xn}T~>}7M^N6>%Bke|`Yl_l
zA}4^?0++~8tC9xKd%2nQnGL^?{IfbGU@wE-n*%3X~SyaVPTwf0w}UrrK;Lmao69(
z(!s5*t$~4ogovve>9YUpmyZv3%^TdfD1t*n2{5dv5~3@2bs78
zBwM??G$RbszW??!a{l9qs^$*)7n!OKs_~d2p2mIgrdi2zvaB(OpQ*Xe%`>-NmVJ_6T__NgW?jfO}<;JxSdXfb=Zwm`wGjE~4NsPE3^4}kn
zb&0)Z@uTejxQm)+LHgpaIRE={gY{$ji~6+FL?1sG%vF+>e&%tRhGuu;15@^{bEnEPx57ill#L`zg@7Ha2VzSr6hKX;-1kI&d$oAf_D-i4L9mQF%$ix`+Dz*f+N4&X*oI
z{QUV-v-J!{nrw&?Zreco%`F1!-eH$lv%zLNA=~r9W
zMHe*_6Z*J-^73+z?{$vmA}Hq2OmWQl^XG?)4JK>s;&X`*iiEwQ^Q&x#%*p6*W|X0!
zA+tf)g5lk}-X0!df`YhHI2Hj=7}H(P5
zggWClZD3zG+ZAz%M^jN%RTiBr;+k(8NVB=KLp__?_Fqkav#$RFh4J<%YN$}F_Q7yf
zO^r$2qqIU1{}Zu;)%n^;Y=?6}?;R|a&yoxDUdsDraa&2quRu!{JALrA=RYH@nMhlDQuj0Wopnl8m%8nfmg|iojLR&6)S~$_)X|
zJIh7`nJ%-KM)x&p>z=4&MG}ku?jC=4K}m?ZXO?s@pJ~Gl_thU$osp+oUo;Ad2?@J1
zB>lCu<7}(#zFZMOxvhNHW86JlYo!^zb4pJvg-1+&i&4TSZ1Xvt&`j3N2Sa;MbKYC?
zSxt}hKE33f4Paras(rHZ-J&z%BCR0a^#CKevKZX1U?Lh>Iy~b20t#&TvHo`jy@9>}
z8!_A=CN=d(!{ensiNk9wEWcpy!>>sA9o5_Zo}cF=h*D1E4*&H1%9SguxZRt-1
zU5SUsb&tlS#Ry4A%qmb)#|PVT$?yD6C7uQOp=}4UJE4T+L^wGKzlgc7rvB~BvfrVz
z{_{|b2+n7D{`t)y>P9vviC!72Q+auftIT+5anTr7MJ|&1m)*i(-fVytY`qr@x66#G
z@!4)Y`XT%|zR9{M;MeS|UX#ZL?e+U8(XU^>PVs)|>S9GPe^X5rCjY{vl?_*Lr|pei
z@z<}VcLfTya^&Fy#eMcF{^KgS>~SCOPLByzbr|gW7}chWYYE
zXYd@cRoq4BOb8@uXL)pBV8EgTwq|5;f03ByCLTZ3I?=nXkrDU3^h
zK3-IJx1zoMlIY{b8vBu64CVnQfoqXE|37{dQ*G0?I^I}N_PHh~DCkRp#^K&xP-tjz
z=qngq|23HYcKWN7e*rXhwEpV>T4n!RE0{?B=srNbI@#*KFvu}%{bu6TgQ+W_|9*8}
zp_9*2R>8<0d;2g2dOkdWyM~4}kH!yRnp9UZl9$^H8pr80_p>DE5bb0!eC3a_&M1Y?~nF>bX;)7)?0x;^9~B_$wSL66lRQzUQ%eCW;?ra&|NhQ9UGfL1Z)(ymNiu}i4Fflb%
zh(fSnEW4uK7?h{`jEF(;*g`w9wJl5#MG=OP`5tV=LJyHi4D3x8x4(CfWir*fJB9^@
zgw`!2%YS^J#L;>?z??`I*k~puCfcN@DcmS{07?AjegGG=jd5@v3>6AEPKaquymP&J
zCEct3BkF(m5id3>T3S2oUn0xVeWRV8p8h7~=puPG3=lmt9>WS$xmj~ZIJF&q6pV{#
zIwAFhSozJFk8CfR1png(gL*S0GlU$?_LDg~@JUIdhty6&2!BmY0RXCoTD^Sp0WsYz
zRYrl&0Rx#*xHdL6TI!05cjDgp?7J*p$$$Fqk2;1Bp`@fVWe3ygaC@o1A%JioPlZNO
zQj%+%MSG;&96;IL%*Xgno#TLwtpyzwl}~B6-6IO%%iZx;NwK4zycrh@p|IeinY_V$
zEj>6m*rzoT`>-xCKkmK=Yor7H;cnd{C9gSDiE%Brd5g~!Bh3L$`@}>Gw7|{82W+gY
z>(Zo561r~%F8#*?c<{C4o%@>E{z7*wTO<{ipxeBrfx!r1D;iEs)c)qIMGQBJ{p!`a
z2g5~Df%q`X3Kd9bGrz!igYt^wP)QedmVVS^`GF*TMh!}K4KUQdN;b7Cnu*^$Utid3
zt1u^rExRpQz;b4(r>*DJ^}uJ(s4nKw2|W_NeVc%QAZNnp9_-I(CQ1Fb^nzAlJ`y1x
z{|z#DO}nj4G+(&H-O<%mM1W9NRV6l?dLKxzh;!xHzpwhs;^N}^G&$;5621*SGQ>Ln
z7ZU%gZsmCd1U7!Wb6qrU7lG03lg0fXKk^@?ovuptZ^$d2OIcB|qPA9#-}_&PJmD^O
zta%B_;o#r^?q9Ulz;cDK|5^}@d=75zMf6kLCr_T-yLaz@e|sRKr|ny%Wph(gx`c0$
z**X@4H)A`^d^rPh2+JD6=1l>)KYIU{yeC}5e(!G~uwwABc%1n14NeIOvqV14K(D_X
zfz`_Z`}O*F@6Hhr6rYv1wVj8R|4Tsr^-<(xWXOl#YdSh)MNBirEW3z@ic=_H%MCQb
za5U-o^2HUpHwz0(Wo2bnR+b`7p_UNbDQmW>M^b=*MF-*R>|A)%Q=mXzYHBKX?gXTy
zj8)ugUr%Z^1?W#s`=b#r>g2M)Gz&)R*i(QL`>Sl|0IBZxHJ^{DsHDk_lMm+!!*yvBY?vJQH0PV)2};1AfHzzTQafg6;Y
z=>aE-!o$aZ^u5Lo8aZqafIM2|7vVYQhu}=}?(OZFG(J%?O~C=U^`U;Rm=R^Wv9aNi
z1)#H-VCL+7O61YeQ3#A+n_hZ2IHr5q`Wll&cgkE5glvfq!OxKDj}u426#~4M0w+
z%*n+?)N?bp;ZW&ad!9;C1xXZ>q=cxbakC#h&sT)_QBi{51GF047Rp;sj1y>)ss;`Y
z%dlyac<)lv)0eD1UfkH;Hm$Py*bz>-va({HA)+e(03CosLP7!nW9e(DjGrd|raN~iK0!h4=9kzHJ_{dgfkwI%aBCMGt4%k0mR!HyAN
zHQO%3)!w_0?!!bE)FMXE<}o3ELouMx0hCwOGXb2LxRISc;#CTxL~tMYv!Wa(nnv5(
zbJS99!SsFd`0?}baILqk-n(V-@jAu&rN(a^M4l{v3kxHh?S}^k=-z!{@SKeI?yB!h
zH@TAg0|K+Q!NDr%zMQF|k0Wr{#(uPCMo1g=ER|
z*{7mQNtm(PHneLi3YL2dQ2#O0^;%#_071Wxjaf<+Pl~+?E6~WWU<(LKj-_;n5eOk=
zVx*%hHnW7*5JiV8FaPE&egmOLMC+6t;EGQPTz}l{m0k-wvtItuN~6z+=Ybq&T@Ud@b>MiI@5D=LM}6k=H}+x7GHr9UIuuR
z{s%@$elQMOP6Cc)ThMtCb!SO=4+
z^3F-hv>fQ)TchgxZw?c^0Oio|o24cv7y6A^z2-A(61M0FgPl^CRFf{^`kUFmXoL>i
z&AI|&wOr75xbNVk`OWr6;SmELw#E&L0GN;&ppGAsP4I?3qN`90R31ziC0wTti8%0y
zf`S6!?g$*2?(_fwdwu2V`&@CkWg`@1>)e*M<6}R6wTH4PypT258Gobt5GaLWwJOd1
z-!QL0in>5dtjoVPgr!VAdrs+5Q1DlRV4Y;q6;)MjlYqss++E}b8xHQ9JEK1v*IHz(
zO-z2koYu4jzI-Ma*g%d8P+(glKn(zVc|Pb_pvkIOP$n%$i-iSy9*=zwZaq}C`?fwT
zrE_qWV408}CzXS%k81abFm
zuFr98gJ9s)v<@agNo!o>AqXjk^NTH350dyyFW+)V_7ONEC`rR-0?kyL-$UF`4`}r3
z2j^hB2&Jz)}*E8IHk`USkG!FBU*ZW}0E+Llb0u5hD)AZBo>g!j+%Fbgzz=MVtSZIUp
zW(CwWRGj3pn%W>Sov*G|S$BGf?b#9Azcyz-ExxdNaQn%!W?F;HZyRXej$&iCkw~YX
z=%*|!rvlx+2GCEcsQ&3E6w*LOxb;goNfM0fowD|PK}y;i%u@l7&!wFk#*G5yi7BlU
zI80{w`p2sohQ`Jin(RxVDx;&L;|-6Aq%7V)I|m@relRz@J_01Fg7vLP{+2u0=ugmC
zNj$L~*5U`03v)z?Y2z(+cG%02LBV-GTd@tBrR*GehDLcubCUkzoo$%z_q%_7fBv(v
zq1CD<$PW+J6huU?(So;*=CX<0(LB0)Y=3r5SwNqBfL&+*oMydZ{Ve>^JAz{HGX~KZ*2m2{R0Kf6Cua={q4iM`veya
z3=FgumX~`1V&z_5Q=+}CZ~7)7d5>GtZMCG#V6mTNcKuf?W?rXdV~-Od=_e*wa8MfO
z3B&(2bUd$7o+vsRouZ+PV*TUv{lhXCcGkG~QFUb0)cH-xq^txFWP`{+U420>!urA_
zB0T(ke^3x!0*D_kHX~{HvvYC=e!?iVo8Vi4o**G10oN*@BrUEQhdcmrTHuDTu;EQk
zLBYY15t>*wF0S+ZK?{YKXYh?KBOBcIZ_~|3K3B7wI2vZ*Ss)#DbLYQI~Hh4m1SyWyzHLHF6qn
zea4x_BqsDpo)(M22!v{Wa~S94;NU=Zc^E!S#lnJ>y2fjC>D$-`zk`L0kcPDjpjYky
z&buC)hl87Tt8~n~CoN^LdaihVy(@s6Ax-<;rui(uf75p^a^q=3?Q6z-PtTQ_?PO)8
z2u<>spZFW|q`!1qZ3IIrK^zOQtnAR7hU>$=$U*i+&=+0Ndu#qW*LY94NfF4O&)w04
z*68k=Tew}r#Urrr?E(L63Xm?Wu2kJX<^CZGiHQw(%7qer<`*icc2qV?aj?{$Dxz`w
z$&hftq1s^6-%EZA1O$7@Y-z5@AZYEXIA6%OZYS7Hx$`DzmXfltWYs=6euVyKt*+w#
zvsQzx5xUAW@WWP7=Lz?_91{m{HP4s;%BS1<7u5HaqFXKGw3xLtH>
zfwBMG$ywa4u_B}D-|N5HhiiXJ*Gj0SAF&>9^UBq!TO^J(8JY6yOt=R}ng0XQ0T+SN
zs-;hQg;kJ?81ZTw`Zx$BVqRN>v#fFvdxwX`mrD#QExMv;i!eQrQBfrZIbxalyo}aD96DW+@SQPE`ROFURmff7y8Xf=%F9oz8_zUNUG+?4L{pdnAEN
z2Q(ws#i2JK)T*V6dBXfzl!pl)h{IM*#@O|o?kcz&;3a_gn*Si-vS4_FavYf!GP_9d
zcp-{jWDukw)0Df`c4&`%!926(gdTdzXlH?Q`|3R+6v&EaSs5ZmmW`bgxh_|&+-9)333vTye|hc^O<9@eJ+W-b41jr2Oia!L&mAdD6Y)k
zfU3Tc%xheo)?JbrZ}87|?d@ao&-FR5Q=VvYBt&2i%VGrD4?=2*il^RAeL+1uNjo`r%#_wah=7NNCo{es~@BVa`yY5U(e3ZhqVDXQix_82SVnvznRFX
zWdZ%zq69?1L>_}O_;FA(j(?{(c0^OaH|TCZDFHbR0EVdhYLmmL-~d8A7u37ppdiJD
zRa7Fko~$@5e*o`Y?UoZ`(^t+28l4zxe>A$`d%1ZlppMM)sDk+f%NS6tt9(JpAFHur
z!w@1mBQDvGH{8^hF1c@!hgBbcAet8ejAS#)3{>5DdKTJ8V(4O{>l}%`Uz06J`N#_w
z41aa@pn>RUTH4rzVxlEa>fr{Ghe53G&f)2MpM2ehe=TULS2zqVNoekM+;j!wu
z-v8rL91-8i{FL^Dl-
zW5Sz)li9QzRbV%mhNW-8c<#)EhIPaC
zNBstXb#~JcdhuoWYNY?K(BR-pa76%ygd8V2zSP&(!~bR-1EIb2MdjSa8KpZfIFp|#
zUICeBa4FzvdUKdeA-$Lf@`2ychQfdu2?A8&`Hkt@9DW;(umG@g1Q>d7(-}qG2*-Up
z4&f%J7Xk@Lu{-CZ#Yx@>4sKTW@bIPmBj{&)k*@(>ha2E%XlM*&wqI>dF9xa~_ANRp
zh_nNPx$uX%nFOK8fHer!Q@eXaw2HP_(hkdlLRyq*uG_RkP{RsBmOX)~+1zu}X8|$^%{R?1%2)rq<8lwJ{aEx5jnw
zaK4;b_nL8y;^4U`03{J!^U_&1Pqr8J5&$9=h+Vs|0_$^4^7H2^Q51Ui6Bm=udI+7x
zyo`5LuybP7byViGy`^QKTP5^jPfd9MY>SvZfNuIx&+M|rK%!5Wom^!%W%mG2Zy+Vf
zUKezT#AA<&y1EatvNon}vscw#vy*n#;Z8Dp`ppD5Z%oP6P_P%t_<$42+oPFB_k
zP?yec(Ce2=m{HvXwV)uHwQ3JB35kN*c&`^%R9(KBxDSE~uOv_AgnL7QJ|F!*>uW9Jg`t^(l@X
zPBgu9fpwDy@SG?EN_3DGc+g>j`62y{S8BnhyToT=I5=y=bZ!<$5sC=(w7YK|ULo&E
zL$wRMzwN%NSdQBjPI-0a<=|3#jjRy~V*Y@QBGVbz(ng-}ljY>Si?W=?HMY+$-_*UX
z50D=`9aW&f^3jaEb)m1W+hl8}`he8+l>Lgt%j9H40^Q9Axv2>S1vWr1p#@%pWh@%n
zdZfD)_*DdPRlVuLr99<4-Qt}^eJ{@G@{{izoNJBJUBoKjTKLZQX8|y!#F0r2j1?cd
z!J1uyhP^m3F)^?EQ3GuGba5UGNKkj&)s&BkLVVKHL{J_c9zN^u38qpn+;POe2@*Vv
zTWQ@k;9~<10chVVP*0mtR&rnI#fty-E~O4*v>LAy2J4+Mf94jwd~E|?+LrU*#+8Te
z20-}vv-;#Jz%*G$kJSg$veT|=Fb;g8F+IA`+12#|As}tU*83T)JW*zP+qvQF$t~Od
zGw0v4K1Rp161KTd`i3gUG9}ERnC(a}-{{6*lvSC2`M|i2TUCf|HNSb&-rj!UF*^Cy
z!`D-CW@;Ci20-xP7^l@q780PFVpEP+v}Z+i&nZ}kJb;Dx)oN!Zx41Z*aO>fT*HGCp
zH|pnFk>29{XMfvfg1Kt~DB+QAPq(?pup1Bm11ywHZz`8rQ@zjjRlF$Z%~N)&s;Z!|
zfSH&l^tU>*3pnyC{7+9{3;+wVOBROj5o
zg%bE1m@MU!lM~G8f#s#n2ID;CORD~`%-Bi0X$#6N^&8v}VHu^bExv~^YBUnI9cw}z
zKZ89AjFLycB+R+aaqW6qtM+6
zz!U)xVwzd;i0SC)hN$2V16&NF9ZWgf1ueg%w3M82ohAnyY!#oTq5zhK7hd2OZviHn
zc?|%_pww7zfZgEJ@3f7TF)nb27P-ZB3i9#ra$%GgQTS`gUtAQRdRVj7*A>8`o&q@v
zTR?3s`@iV~=1-0fsmr6?DLN#V6LD~z4Lrrtg$ZO#%FhenT01+RrOm(MN6VNt+6NulYQHW#V%7v(BY>)gaJySUfmM-%Hakel4Zbj!#I$v7Bt_-dbxsOT*XH
zuzlg=f!2h(9LKe54jp0SP;X%o5!!thXrDVwLe1;@S$u$1d079_xWi553gIth9WBp^|GUrxW9nLwGq6P0W;4y
zp*V{B8YE+1^3`NioJ)R!O0BgzkP|9ANB0m!V4Dq5n&1a`QG0tHK2(ZV02}E~fPND2BKmQ1|BO
zX@ZN%3x_XZVZ_e>p)-nkKvqL-cBPJ(Bu!+iOF4lvOHBG0HUhvDO!4fDi+t7f3D1pF
z(LR3`#^aY)OV$ro`>4F-l?2vKEQ!h~7^6^92G^!S_b
zI3v?{=Q8|X+y~uAdqRc8bmti$Wo}(UOT8l9^ZY|q)+!strmx|bLT>F<)jSwhJ`xNF
za>%+}qXa!2)Po?qTMxfe$!xfRR=7Ejk;#SH=TLds!DI1^(;p;F7dI&?g^Lp)1zyC=
z--)zW3Vnb_?BwRw!JJEO&5>_sX=$0IA^~BYa};4NWmSAAbhg~a-_-%plMod^ItN12
zTyNT+KYwI=7x%MMt=O@B-W?rq?+obCj2IsO^R$sU>t#G*cX>)?`;AzofH
z5(JAy)?}8qG8lwrP!@0BZe;S?yVsX4?m{D}hB%mxmYk}E6%4Kw;^QNEN^qU6ERy+b
zmjpx2dy|j5R5VS^&51&<(T3OW_uN_Y2lnOiEbiV9*y1G6=sP>*JT)HSxin=zz?_{R
z!Vg}2l$7Q2yN4DOk0$DqDcppmoa}65#A3&mdrqqauadDh8$j~iNP+=1e&`Xhu3OTret2-*fagaF-VGV+H;zj%Q!WAGx*895$f-&SDs#mCm>g6zt8RM
zGM;plyr6J1AyH`P@V5YkM&Aa{20V{k*GfTGY_KOEQV~5tqj2l5e_
zss7m83pnMSeZYKOH(JNOd9bKYOb`7H+6zdOa#+g_5V!n&PQ9Wb@Cso!#P9*!1q-Q#
zTdycp%v1XkGV}4$S2p>mJHH^(Cp}nEQ{x6*;Tu+w?^cC;%4$c65tki
z30XuKFYM!{D}WAQyWVZ}^DVh#cnoW6eea%Dw(NOuzbn&ywucR%8FZ*nT{EnJ*#}@F
z!)Nn+e&E5i=IWvz&B&B6&O?EJ%4?&yt|@|wv0Y#CuIrxJYlUvaiaRf8e`$V!KP*Wk
zPLKWooh-7y^k}k$chd79Eh{?Aue9N-FiL7ols3zRXIU&qh^f()ce}QexHiuIUyo&@
zlg2#k52xSWF9LP~Pa`a#0O4CpOABzyqpu~j+0tP3L2HW@YHMqY5z@tJ9~r6B%#xn!
z%8`qpl6ooZGDGNfN{9&uWdPtPc^EbLU1
zO*qDGN5sco;c1+lk?e0qV@!Lgjc=BvieN1s!X%yl_EF>b=%}9vA|M=IFzqE|)ug4{
zV5=K1^`zZ4`0?eUX*)3pgv;&b@{$B1!x&Ejgskjm(+C&b^>xO?&P4T$bo7n-+9=)Z+PsL+EU#WLXak@U!!
z{>|ml>-+dCU^JJSyxRozgxwS!6Nslj4VM+^0#)+i1p^Pp2=l+TlC%8Tu7nls46RRP
z_yrsB!4U&~BmEy-0OQWW0|KGI4V0YuysV_jY&jxb7;p7}UI`vQ7%6*R5XYyInO9oM
z+YmjU4Qy=>BGB*Ozn}MF<%Jkkrgy0F4I)CqJ8MYCi6$tZmsH@qfnEjki^ZZHOLNAl
z6vpW#{pcCg+&BghrhOn8bar+^tOcsg2WBMXEpaX@HdyXzQIeBy9H=44$&n;!=SR%%
zuE%KfA%~R9YR&A1ZPFLX-hlI`qM~w5R*41)lJixq=*Q@`wzH8Mmyp2ZmUCQ>4<65Q
zt?CeFI5=BQ~CNMjwNIqvMKI)zvdkMty)t`;s3feRtD9U*uGflY_h9
z5fr2_-N#Ci%2exAfid)$B!2#rU2qn|`0^q4ohvN62taN#_WJyeUZLhacuLxf0hKPZ
z$^&Q47l7@>nYp|0^CvTRd|Vv#pr9^7#C%bNElV-v`L6WMcC&6CApP1Yk8di7HC*%9
zD2?>rt3E9nc~@8P&+2fa?f}IeA0Nl&zS5}@4b9e?chhrsi9#0XiD}P<7zVSCi@tj_
zF6v39Uj&NaXQ;CMYCY)WvjM*r7rD9TdR_&-dhb?&`DF*x8=F{KIE$ZMVv9XOvZep8
zGBlJ#x!v8f*g5gXlRMs-J3V=He-Q__`HmZo+&kzZE(PXy%u7M-!(0{vUUTDYNL3x!
zaOcU-0PS>`Y-xrElYAexTI`*5U1bL3%&B(H;WzMKlt!wr=@lgi2jL@M!bBiMOgVAU
znu#CBi@QWLN$lbOkd5irpuv2o|NIe$y!9l@Fm2-HKjRb=03P5|+gM0)kxP*y9UeX;
zzdg_jo#b}I+TiVT#0m-@KoMAm)Oy@1N~{FGyV!$wA6W#Hgo;~NQ4$5Bvv!H16NDLo
z5J6r+9vfZ7;9(~^U|oIusC#DN-h8L#oBVcLcxvLP%$!!oNeL|ocPs#OosqJ6-0vF|
z8A*AQGb}KT3@LHErSmS&4-J~S90X6u4f?mEqN5dz;U-fcH5W$d#36^iqu>OB`@IVg
zpeM(XdF(s}sNUPtlgmCT$i>%be(=JVR6=QUq>N)LKu&=s2K
zxb3Yisz5U2Yaz!M35M@ntf@L!y+Z?@+74vNgu;YnO`9tBF|7hdVo@vg2^xgO0XAf;
zO%Mgvn30hY#Ape5Y`|6*CBp)4UR%cWYrc!-
zeR&2S#;sHTdAx@7E=M{SrP1gIu5c4Sf1=(|WZeMkH=$DWUL__l0ooMDoFQ0&Q{b9!
zj-GmW0kBnaS4_|CK99}0s(kM1=zxK~2_z(Lb@R+rXgLg{?m6$w-{7ldMVPJfVGaItZa_1Eks8h>5LBHc7ZMT(7{1=AAC7LXHqkFE_$s`wcQ5f#;={L
z2$TS#dS*=?&d#Fc`e=l(6Y8DIY`%J0gX^67Oguah5+;cz@Vp>rNfEkGz=Z7o)lQt*
zTw3}No4kxrynTSf#?FrCI|{S2`(~F+twhiFlRJ_sxqs%Xes=!AJ?-9Gpfz4f)c1W!
zfg@vT&rHZ`m;;(z2x@v^!3aEZm`iWyXnEL1f%{?;go2d$wbyTL2ar=y1u2p-G4ZEo
zkGycG0J8udO7}y+Pt|4$6690Rnl~4k;#Q-~Hq2)rq2Y$p`J4~}5Mc|<8JXH92Flt$
zKGKP6?Pq*|0^9VQNsbry-a*Ok6I|$_z--dDL9NVaS~-B90T|KCqho;}Tu7qpp?Ztc
zoWb_@e1*TDOB)6*dNH@`W-7p>N)UyC<^e7}hG@Z1;PYg=hk)J_{vyt=z2Am#LvkA(
z(|m#&HdItqOZ19gW~~z2I)P=^Hom+4r=5;zoVtbZMs0wUv8p{__FPE&-EXUT(sjUq
zxk3BKePw55EW_{MO?_3t#$9*{U`7qq%FFos)>FCV>`v7klCuRau*!MUmFa1SwAEl`
zDdiAS1fZ}>p=zzMkRt;GH&pAm086tMd0hF`T3&D(ItS#J7r(m;LLSNO#j&{S@2L6@
zyuzZQQPa`8GcmXfk1E6f!c}Pqv*zx(Z+MwxAlOO3HE1S8mgj6<)clWuD{xX(;kz7@w*TQBNQSqMPsqIzI>-G7|j|=I&pvABma6y
zroVRS_@%^1AH_j*oiYvA_c5o^gH)H(lVeD=bZeBGHvWb~L6C}quKlrK5)HT6*`;IH
z>URvH(u`I@AkggGrZYnTq;%bt1-SETp**w&BLY|+JM^wOG^$OG(_7`A8c39sD1_R-f^(&X&
zL<>vHS;2|NuRpKbeVT>9P=q&c3ibcIn~<*uKYeG?{ZhNF8Waa6LhOg<5+r;Nmd6_n
z5(?B(^b0jvKpC6C>nX^~%k#;a0so`Uc0l@sydLfi_yNt;7i++IU@B#|0BVBv$7xi>
zzC&Zt0saNZpE?Q8WB%EQRY=qixczty3G$>m$1nL<14%Xz7IYpXcvd
zlCn&mSpvrJO(ua;>#X?Qc?>fUqyeDIp(^rO(b6=M^
zZ{o1~51yD4@5}-ElE6Wh^uFQLpK7mdFG?(7mQX<5jZmxPWD<5_2CWs+BnhG5jM39h
zL+ye%&RH%LlaLT(+6Trp02y?MmI&eYw;IgpOh7QKv0fzpSU$z!$k&q36cP)G{d_@LqpS42uSXO
zrM4m$ggi~5XvgZxb7_z2K!AMA#`%?{9y$O7DnD?x;>-6KX7SFQgLXwC
z?h%ByRUlvh8q2qPNt{~JkFe*fdQ#wi=x#a0EI|e|*f(*LK8l1vR5j(+#a9JD@G)QT
ztRty;+f=$8t3e`mv50lc2mr>}sLZmDqEfwx(+-xA6}RT<%6erKqquQG=ta8w_Vzra
zZ9UWN=ZT3sWM?AxAq1;Tf`D*E65Vv5oF6AZBuWMmRCgo_ss@yfa89f&SZ}1oTE{A?*zGV;e;gZIu
zM4mb*0_=H>W|>!l))m!g^C;{ChG3}x=jVW@4E>Ovlcl|VF6tSn$YaVJlrc!Sta;bY
zBc@vSumC~$0(F0_X{%o|XJbPH21kY}2&P@n>zhQTcin1d8FwHE4q1m6&uVLHef07O
zNEtKN(qm#`{Lp)VXaNj%hxvP>tDbLs=h;M
z0urE=HDGA#U5HY~WH(JxI?&p2((4?u3ivV0xVxNh%ZP+wV4UtS%06F-jw
zN)uza9KG|>%nX<`Y)bB^GRR{*;f8ZNSkr*$g|v^44?vL)$8%W?u1K)dImVxAz(SZn
zvIl#zQfkUe2PpHUF9!I;J;Z`%c2qZU)CHH%LH>t_WdGqvS(>mu;&Z=Qs!B5uY@$vP
zM7Nx?C})@}iy#7d78iFm8aM>~bv9|Ot7(OWg%G}umN8I8+dk
z*%lD1Gx05p>Tmn>m_BftSFPtZB^*%lC*D!jy&n}m7U#deeNocN7Avoft^t$#b{|87
zNCgKQ=6Rw)U3*uPVk|2-K?&L!fltS!0P9sQP)aT?5)eDck(=_F)HA0;8fq#y>JRnW
zKQIf^7JxJV!QhSdx!dO@C0pTSWtQXfvK7EHGXVpjU}N(KWhSFgjuSEv;ktYGZW7FL
ztB-MDnkuv!4X)sW(h+DX2P1qSl$yca3RjjYH|Yj0zSlQG-eig2_u%}vtrO_6nxGYw
zU%svbo;1*)NS!NWNF+lKyBW;_tL`o-a@hKT!VCIvgAqw%cTkeoT2EViS_sU#$HwTa
z!PF9HPZk_}L62PD|Ebqcj3Z;>bSn@C7mg_fz650#=l;aNfL2crfUNZw>&AOOmY0{|
z>0ZerL3l(%L44rcyRp7{MeTLaxu?xHapl!LEkm^x|1?t5`W~)UJ3Z!oRTWi2IxQr&
zuzX^28c}op^vHFlf!(?bQOlxq(7GiEC^ykc6^D(FuXk{86HwpO0=CX>V}lIBw%ia9
zhY|uADoc^PD89+@NBvXYQ;5Ii4dJkfi5)>83qeFD^UhgQlgv!fgs9`&{{`kUL=9~q
zZ`)1m(rh1$?P62twpl@|_4RyN%YY{_1>9jA$@QBgEm;i#Pm|jDlsy#)v4QYiI0*U4
z-F8q2+#F}6;;44w!utrEX+RksY}hkdUu{zN*b_6p0gRmW-{v)MF)^`FnS^H3`MmFQ
zoZU*)^}#G+H6B!ux++}XV*YW)EM(ba&YUdm=8~K4Ks&G*bt*M8BJT`=5n&6OjrcF8H&da|C
zGqF<>4rb0yPqXo{aPTRli~;l$W@AvUsI1hQKnZNUw=Ot7?pj&0jBuA`=QZpw>|eCb
zcy({_UcY;bO`kP#&e{qMaB
z;-QI#zcVE{ZM6vvvfBg*p>QCMB^)f8QmDTEOTuzzN4f!RsfM1UL9<*BkXxRa$u--t
z^PE;bnLE{f$#`h=O2CWvMeE6WYtenvGGd4GNfULH~bUp
zy^)j?{)MR_qS@J8U7#-*K9Qz{Z8ZD}_+z_LRn_yQMQNBd6om?8Yk10~ei
ziHweBx?!uiD5orIB}mMKOxS&|I0>>8$Yf<@zH~An#7cAO6Uy_&d7c}bqp+RcIsKA;
zypl2lO*74v4CEI$NMvWjKtK=*s0h;T{-BL6KCvQn9Nxt^I}#&Uvfius6f6`FiCIkL
z3_GT)euXLn=XE&JynU=}X3p{SyYIcCsLEeGt!5AYa{WU%s$gkTWR?v_H`+MQhWL;Y
z)?e8Teu-U&WyiG&&s>FxHveJ07F2wW0LNmE8f0+
znW5ZpT({X4X~8P!Tr6>Ec$UT*LnBQ$oQvlZ;$pPz_qlIur`bjS0B72`dw5@hay#c7
zV?60-(WJ<$5{Q0_ii(;wd+9af+j@j1ip{)t6sP&XbG=J&(*MCjtR#_g&p;3k2L=S3
z*`8u&6(l!8AXg`v4sNge1Vr9pzEinh$hct_S1+IChsOFeuK}bn%mPOSQQ`)4d(!%P7z42aTy
z?^h^{$9uP0j(6@3R0G{jwrR4aLQ2BM>Kc2aop&LBVP)m`-nQa;zFdUfD5n=PEJJBGB7UWp<3
z8V!>mW-k>SC#q^o{fVr##K6Jx2!m(*eIlazlEz^l+TtmP*HTp}-}1s$D|Bg=<9wfZ
z$kEDheCYm3+nV@q;aI1@Niv8jE^}49G2mBZW&IMXhwWyYaK=q`*HqVUYd}HrWG{!4
z->3@j*z_MlTW$S`T4^Lup`4)-N9wHaqk%OAAqL*g&($EAykNY3CGsGaO(7yhui%s@
z1dgu7U%{rYpP38*E+$7p2^qkQhZRE-^C^~v;j;m*
z*oOl#$rthHRCVx(-6moBMK7=oLlomeVD1nO?n+;(NT72kbB`xvcws=maX5}GWK05_
z(c@m=`xJ(#@ceT>f$oMa%F!`;&-rlYp-(a)U12KZTeUAr^nmROg6vPz$SzL*g9WVb
zk?2!IZPq3QsP7@<99rPWKZxHt2gjc3W
z;YESbs$Xtq+ETX!APimIqL{dx}0ruq=r#JIQ7f#E3%jpLsO9PxG=9hw&uozO2P?m-xW@j09*BN3FWynF-(jlLt6=(bh^#-B@a
z?1wlv*B522oV%c@9VxS+uCd?1E5)V+5@80t#0^oDb(zMVse$%cqIxo4j`o`#I6@imu}Vp38)cQHA$;aAG!U2ny8`Cyz!mGWhPo
z`OII#ogZhh(Jj_c#APNXM>{)s-^xBk4an25pxFtKP8Ia*E@4%0kh|9RF+TEa7XV#34qSO^&n;HW`^LVyKPjGRh91Yi
z5{0?&6ZucbU8nE$V=P@8dXBAruQ~%plN`!v&cA@T%73W(ZPHv)eO~gYJeBam1?it|
z@D8A&XV&AB%RY|Rbxp0ODv~QID!MCv3VO(Wzp>r7rF>F;dgR#lb>`&q*m{pf2E2oc
zBl2vB@W(^Y)#m*pQ&ciFt{t?1F#~#4EH3`R2atgk_CbAv6k8V~)$tw-Z1t2|YJ+Lt
z#^2~%b*|}yI99A-M_x=tF*SoVv5S+_on)o!D0uZrC8)dDXeI7G`x^MdJ&A;jFtFR*
zI?4%P9dPo&xO(y8h2m|_utSH;=ojnEy?OG|6`HAm12A}MqF%gsG>{!EOv4J4Wvv+)
z8YDsE_y|F%QkQ)LXobZCb%KkFTdeygn+XYd5$OH`H}23r&4r`2$pqmzY)cO%*S0?|
zN0Xj==)VuAVUv6PPxl_yt~HhYk!ao*mK9emXk|swH+uXGZJu1PIe+|NzFE91xapIB
zi`u8H(&%S0WySU%$#8J}j*n;0(A_;wIh%z)ru5hzj@{QK1!GIfJSbh@U<2NpGB3m?
zlIbo1adQ#W4H(rR9K(e|!ZNNe>5c*2v5RwJ0T^81L@PCXAqMiN1M)89@%&+ufL13r
z3&e{|tN)ie_-^W%?a#F!iBQ@UF$7y^as(o|9w2SWfoqv8XsrxhcIT}5hD#U+>^wDf
z^{yk!*B-aSgyz3|!pVVC9LY9Yd+;4zztwIOsDdMHA9{2lyO;B+H3lrW0^nTO_cR%l
zGyXPDEzc%K5Tf9M-_w1t*&DUVc+M!^0DGMR_M?moqGl?k!@ot7w4ajxapjlPXn!v^
zHSs&({^PIGH`dkpy;S@oFpK^<#Grni%4xr#jA&{nHA0h=8TTBq(~~D63rv{@_-Uf9
z6VQCe6R^FFRsvvP5~X)pE>?0@dGczLAL9{P`aD
zap|gD=jq9$l&WgfqU>F~C2-lF`-)CoMhm(r>Cx-WXlAo$>y4wdUGCY2`
zYFXG~aB%B@pKf*Z*!*LwcBsMsq3gZlvF`Uj@MN#-8QH6>tPlywNJ*&_a#=+b
zl2zuF8QBdZ6iP)|iOQBynU!6Llp=eJ-}Ac9xzG3a`{Q>%&f{^PN1fwxea7qkdOg=G
zZugGH!Bd~3f(q9L9(G*2`iq)2Km2tYh3B1*6VhL}dVM$OyYrbolQ+4Mk*B7xh#Z_4
z4BYQxH{<;yot&I%+u-jzi%g`zIajf@tzo`Um|LZ)L83)sC}w7Q3v5V0SN(TK!>IeK
zXUEGHL`#0ZG0Cw`_(b06DeV(GIUBS2cVv%)*qB#$IV0wQb`zFy4GohI$Gz2B4jDM+
zPTt_Ah~5`v=bMzYkNnvvaI}TR#Zqs+>rUIYtG(Ln;rKFe3B>+4m*wZb9+G~INU}P4
z^y;;BaG52uadHCa>&Lr^aH2mwg}Rz|k0}xccO4E~U(t7sy?y6T`U$3{E!|djC)Zk!
zcM&c$hm(5Pk9dn-iKx@<>hvP!?vN&tFHB)3+S(PY-v*(XN?ReEjjV7NOIH2?B3cr(|zjo4)TSx;#j-j~#Hm4ubl?$@z+;b)BWnf*F33;9CKP
ztLMD3mNV?W^SVc{FI%Z=EVR4*m5v{)`%zo@iNCcSx=^HUr6HH>LB~*FRXY
z84i9D5NOu45>YdH*V%cwmcmX=K_=?t>~WjT@mE7r(ZP+2)z+VIRz@g9lRlMmp&|sJ
z-Zt|-Sx7h5K<~x`;X6+`venm#dgBkQ7U0^UUr~?K3*wqC(xO8!G
z5wg|9M?CE8qu;)Dnw|&aGtSp~1#Jl09Zv`%aNgtPB=JtUTHrDPOPHjo29Li)Xi_V(
zM3WV5+c74~ORB1Jf5)4!4*QAEE!WBwsxLE`QQjTjhlaf2FVflMPk(r1sderHx3LWj
z5lHj7?BP+DeS5O}@x;)#!a6wynVA?qe*T$1Xv+H?-rsIMes{0;vqz64&TW7Gdw5u=
zn;tdkt&+c=A9(VztR@p1tQb%w;&}Z;hqIB1a246RascwG@JI0cWJEH_@7F+^bRz2@W5`-WDXcK3;SqsykX?wVzXk{cW3#BRCz4LG
zBkS_cR`BZe&~>8Mz(WugkV)y13pH2vcR)&aq))TvIC5(Hc0AC7vf0oSV;Gz-A^Z(h
zq(Fs^CPwSC)q)wfwwXYmYz-EHk3D7^i&m|_3$bMSqluP{6(1p0%5s4Em7hVn)jNCmW)U!?LqVp
zG9@Z7>;uJ3^EXW8%mW!}9%1bF_WAQ_uVeNs?pxm4K?(qg(+e3h7rn_`v)|3+MkZ&E
z(&=pC@c4Kn#mz5Ell|0*+J_H}7Q}=6xj9N6G8XYAGI75=to{a_L)|sUd0ul1`Wiji
z4AMTzb@dR*$d*1dI?682!eCGfpuad}lTMiX=+?{q)U0}A&uHJPOZs`1h^yRx`ZP+Z
zQlRNp@m%24t32zf9m$oPvzP}zBzOKB?aJ;c3@T+^{
zkee#s5!oSPO$T!l@3rxZzt={;>#Cfpz4iL6|H+rDo_fWubPZn~*{og*i&qlies(I>
z-#wB|_o?!evYt+#na7bjH3h2W(Ou^$M$llF{1&K$Z6-P44<@9_wqbHA9|E&|a{f%_Jjtu|zdM#LYpY59GTHLqyj%sU&hTn1d
zgtJxLuO4qVq^A^7lD-m}O2!cx{BRTR&Ozzl0#^>J#!SW}rvBWiQzL0vCf~x8Sf5E!
z{A|7HXh`;b|Fq19!op_0RWDT3!zoHq()aN?Mm%{;fQ~Gpa*gca;nafWHN3=EMAWZ-jH}Zt*d%p0`ADt2O>GGNPVi@2-}4VsAt#|3
zqhyK3Pwk+~9V|X?B1$-&f9A!5l`Wr3M5o?)<247nTr2E%^MJhIjuL-5_k0cA$M-Co
zo(5{A@)>ia)A*+*)t?%7(cBhZH|$n)ot{cx_vnR*&vvJ?OvW>MENMlxW=^c{p&YSW
zZQSwR)8LFGck3y>Tq|yVfg+nVl3R#N=1h`gefgG`p%MzN4ij31QO}M&F_RkRj|Mn&
zMhSy;6D=$7GEl;UPW!$?CG1RLi2?;c)X^RXPLC{07{rS-Qv{kHz1*O=Vq%W;bQ86w
z7Zym)iD%DbXCY#^0A!#Zvyl^}5HrJNk*z(x8gVD-XUFXV2JQc>KR@-CX(t1POUjNU
zgnRMTaPRX|EeRgG4&=QqW?C7+pRaL@)jq)E$6E9A(_=Q@=$!(19L_KQ@DCejiJ!JK
zURPXkGFsfESLMT%V5$9YNlEaaz8=R`v!C8EJo_;rBrH@~Q}ZU>L4gsB2{BEOtzE^l
zcO+dSaz5Tp|5ePTN{^{+MekreWLBrAB=69WLLy7v$$Z`w@=e5>;cFtTQu!DKThL`l
zxr3zXc%c2l%QF5A!ZMbNi9hZ{5ZZUA;9-V}_OMqv9o2ycxKQ&BOf<$|riGYjW}wH@
zgr71mOmQ&N5h~*FaD7~@-Tht0fr^ngt}vUsh7gB9Qf59u|5RaP
zVWyr!`A8?^`K9f6cLSV&xbkKM
z4~rKX{1Bokm}&HKe|n1_VH}Xe+^KN`21tuaKVOO(q>k)osr?N+Fs?g`2crqKn0bjK
zi|r+-DqOhY=aF7eS45Eo=&lD)<26Kj2CEpZnaMN1gEIRCUV%Uyhp-(L3fo>`t!ztH
zq?Y;p`?rXIjb>MloXpXhGM~v(H*u$NlYW+d2o$_s_|M+Y$|C0yuCu@Yxb+^QmsX2(
z!}q+n;NRZKIx^@r`IVddjjG4kGrpSYeIxJljz5ZlSm@@>7O4LV5?^~cd=;!c13b|g
zNuC&rX1FGW&7JX4KX}RT70+C7
zej_d`Urf*xOEfG3F+beQ7_J;DeYA7iN|r&Shd8&Rjp@nI8P*z_ZHy{=HIwNY#JN5q
zn+YdW%7Mhv(o%ELz%nYl%dsJ?Gse5H$
zmnBII&m?8A655Fg)jG-W>n&%#mku
z>34VR8}~mGe5aqDypm(&$|>tNHTidZ{No2#WpVMpwV~crRIX1>{+&mj&t%_Uy5a}d
z;In5}=ev#kG)O;58uIJ4+Y$}+XyBFVF~VmOxbW-{``fpx0<S
zvfP5Y(xv6|FQ=m!3XNt1rw5~DNw4v+!JH6QjO{05ejmdO#TFMqI-RJSYK%5
z$0p}Jvc)V80lE~|H9loC=;+inx){dYrW^B^was?RFZaOrJu+DQqd4#J!@67b4lq0#_nojrPHuA3c=$uN{Pj%%!&ke
zwaENnFsJoBt~;55Jw|DMwFq1V(u9$aCeY5-wnyJU?S`O=N>^JO6Wty_K1k^;{1H?)
zOoMJ=*e^9YI-1rZkp3E96Xz&*UKFQ7(Z*;*25d-`jG%L>O5e`UJVm=o5_
z&PZfyW#w6igoI^n%)Rl>FA`3>}zj~_eP+ly{z@kk=S(pp^|w3jMegj$xH??{X)*O)@vCE?Umy8_uW
znNe)wH!X%VV(1z+qPkq9Pj4yX^Kp)Qd&uct(<13MRs5|>QPz?Wqpj@XBRH=i9KpN$
z`Jnxt=V7C-2|+{pQ{fknu%@T*|JYcS9yzUiWQQ9X6*SJ`;^IZ7^7_fuyJ2i^%eeK;
z%^qE3T{BBYr`FAqPDY=h_nf0!@-VEDxMqX&EA;&06O&;r+Bdei
zd*OHB>^!?)zS_A@xv`1jVnwN^bj`Ho_m9poWxWje&b{5FYV~fbn212c&6~$Y%_V0xNdaU_=mF^urJ5n^RBd=i$O
zYFq7xY0m^$&M($^rwg`v7bB7Z+A@{d@1wN9hafSWkU{}sEhD(8mRGl4>yQ4TyAiOK
zA`?e;;laKx)^o4)_#S!{wmbM8ZMxH35d8G%Z=9o{YUK_X4DEU8VEvYplPfh>b}PSf
zs!!NHKt;Uk(sXZ|$+FB?%-blf81DEFe?rcXT=xi3D5Aa{D4LyP(w``-ad?gibnl{~
zMQoNaBI>vE^S2zV
zQ75iDgxi`&#r++(N$4w!oVNI&{P^*=+3#A^R8MA7xj{)KYhF{iMp!ZWHJHK3lug&h
z&Kcj_H6nQvNBYC;?1K2`=iDJu0jiO}qc`J<_6ieekI{nX!B^kGI>_Mj@#86h0unsMsP%&I6X!5d5_LrBHK}7Kg=qi}S
zKYcHDaYQ4j68fW?*(a!g&k$)a`Rt8`M`G7_hjPU;akL
zxUu#oe)pwcG5i8xWF5Tq{Nc{ka2wik&1`3NKNHXU*r<@0-8ScE6YJ%4dEJu28|WKA
zpfnrwDxHS_swvo&{=)a|mh!56r`>8$f-@u{O|P|CaQ8*?o$IK0eOhxpO6hW3+sRvQ
zN~7-wxWx4vP}gWgniS8svdf&AUtQQd+bn7Issv|lMTMsDAyKHX*~H7=nnIhU+5is~
z{N(0PP*hh}fF;>A2i8ji
z%+5}c-FY^1IkYs(1ErH%#QeuRw{PDD+Tjpuq`Z7Ly>MoJ*L}O_uPN*+>*RQ29L@CQ
zS=rdo^L)l*h;B&vV&4@gZJ-p*mJ}1y!;!4z09xcyf2mAB&C!NJwyWz*zOYNuN{(ibyBHD2rjB#0Pg?ZA!Z_Bh9j4d18o)l1opV
ztd4wM{${Fx9l!vvf(IU;TL8!-o(y~m0_h$&G*gtF;duOc!{B($ma?>|{+F?`PZZFz
zoq54<`lIzk{~amrzpD=W_>|AbsG2T5-R7I_=$~{uLG?8(s3NjG8Mi#slVm8fyyf14
zS8PwqIvm#_#QSh**w|=uo!~i5G<{RHJfgq2Cd$owj_zQ^)o(}cDX_JqMh#Xv{AS+g
z2mL_0P)~|FtW>WM6|)#;7JEIw6;E=HLWkTezeQx0D!w;7u)zY7V7*hYz9S?Jzs(I?
z(F2jJ)Aq-BIXFV~5Y`nxdcr9igWln8^ntqqUVw6Q+E!3p3?mp--(y$;E2`qBNRR%1
zPC0tkvs%hts|rhc%X2~4Khl=EC${o58MC&Eb62!%t(aT9xKl38vzlB>I3gzdt3ITX
z36X3g5Cg%uazs&RyG~8+*$Q>p%`2w2;>EZx{~-*Ni|ljPSwA})ep$1^xUt%{G&A(w
zEiGEyS_CJM&2U~b*co}KT}!8t+cEwp%g&LCYpqOK!o&`6ba;k$dvgFX0nnpwdYh0L
zQ&0k95N1XRr@Okayg*xVAmd3wLrV)|RUG{4(BflCjJcsog!RDtq)r>%;1^lqKzDGZr;n
zpTaPa@u1yH@?_Irn0~e375A2_vHHi|O)VF(7~!KVHPAk&1e`CadWd_rtj*>?OBGNb
z^7IN|P!vSbix_O*%Mfv(4oZro2x026l3nUGB~`y`FtS;54!0q8_$s?`RK6M*BjW0Mo}Q9hr+T0eFaQ<5bnXTza%w-N${sCJ@o6IB
zZOppjWp(=SWNlx+vH6wxpQe^4og~#@=SD((LKvZ^w|5e(5hm6vj#A9*?DIH(V6BTB
zD9VJLM35C7w=^qoZIR@wSFa*nh3n*T2YcEEVA@4vHG~~VntWC
zwlX(DVR4+vO@$>l=h4%_53GCa_C*iO-m){#@V(c1e)zcLPGN3*zNR@#$$WJ|BJ)Piu0ZCMM7#SGgjp@B^%C@6EkngqT
z>7U%rY1aPBqPk>i<@$OQc7S$|62TC4rcF<~&Av(eX+cEJcTgv4dB+2^P6+seorq!_
z;spg6BwNG0>oYx6qa-1K>HoiX$Fg))I>)PUZq}&OT>8kNLy9UYz;q=erQGjZVYdq_
zQae~H@6Yga^YFw!{6u-0$imCp_2BJ!Ev?0;@6{?RdDPXXC|o~1C4-S2CnH?mHcSWe
zeNtwfzGYae0gvg>nku)Gq~c(S2LINLkR$M?nEqy`r-PVq5)}aSf|i=u|ByUM+E0-s
zzh_V5D|iP25krQUx3sjhqwH*K*KY$VuW}zbn1rJ+A2$RZ2?j<+j?&xK|0{*2!b@jE
z=v}Srv-jCM8~Dt8qqGm=c~QDW7(aTf#jt9#HNaKvk@r-rb5}jxb~ASZ7h0UXzO$m&
zL@yY8dwRt`mHocmT|Q&~1-U?TBQiYtLGYMBe82%|*dZNA`fzL;v^W6g4rQH$Qvk
zz@+Weiv<@(GE9?}$ma#<&`e`W$)-lcm-NXx$djHvv2>fQHN7SG)D-y{W|iD`mOxej
z9HrQBg`C>-Qz<>fq2BPpU&`?L=c%`>Cv-h2uEXso01Nfc4v|tp>Y+W%zxVkq$H~M^
zgAY!E#JGrZh3?-X%je*}>yP>idb>w9?$2#|c&$lli(R{R9Y6jNeL#`W`I`MPgdn>{
zTd+fEt-_}=18(w;FD^1AcbRcw@BlOJ8K_{C68P2OuKGh-e!ETx;2vl6TumFuyg)Q<
z|G(FtT|q&i>ss>BngaTP4_$G=00jVszI5rm4D?K8@za%2dMfjRAY3FY1<>+j{hU0tYue>+mnnp4X^C3$5cdHEg3
zOl>H-BgONfCWq|0k7<_?M&F|{
z3T>~ftVFdX=$aiCk|2`ZmgRtuy0kD}?K|bH>6x5&KYZs{dv2ZBlBS)epVk898G?9t
zxVb?P^))u?-yHk3!Q$q%cy`_5C%0~X!d8LG^S`ASckL=%-)GJUF79#4^Y4*dD25
zAx#)4^PKFfcxJIjcbUtP)P`U9y!t7#rkISJv-s&_D$ENiyLShhq2^mvTvZkm3)TEi
z86h?g#6Vp}|#hWX`PUELRceRJ;a@w;WK!4>W2ph3EcRHRErIX6D1
z?-9#mCVwQPw?J7{0mu#0P1X2wQ8{q|VLO~g1v9c%%fi?99v$K~$f%r=voO4$hgh`F
zdo`v{s3POvrSexbrAXlal|aJ!1C3m(4<0;!e_h;Zab4v403DV7mzjz+U>!L98^2C5
zS{Q0mP@UVikkoJ5v~36b%ZsTi?MW9B8i|GW&8#T>u+O4%Q?u)M`0(M?YuAd)i?F^0
z5h1>a*+i6m>+SCe5KRqMT)We9g7^P!d~>+T)a^2p`$YHE+nV^~?XujIaoaoo0Xozh
zGJb3(EO^y>&&_0+>+7%k&*ch+S-!d3V#YFiO#T^eEg(QqNJjwxGPAMObv4-nea7Kq
z>*4Sbj4*~YXfq2b%VF$SL~*k7xD__ktRExX(cOK1OuDIB&_{`hi{B9Sn1qKC1I$+lOhk57`pj&db;En#_X%V}
zhUPU+US3{KPSQp%q=8@pNc_r5yKURz^z?qIe7OYk782%PR~MRW&ZV4OzLL4C{8iwr
z$msVa>rC!8SH{O$q)Qn(vp7=q@Yz)}d5u4OcFu02wUk-av&-KbY4;|C#@Gbt%>T)<
z}FZ>WlVWEI?
zx^yX~6ELsxr2%uyaxzTYRia(~0{kY0r-%S={ykWwWh^cubJ*INWb?>9jb;NsxYG)U
z?+R%CpAU{T7f)4X)==t_|8u{hi@jrUzb2k6Es8M3dr)&l6OAo@J(7BTJS3*DU1)OZ
zWk&DSatUFbfjpknbMS^zQ+>!6a!?)h9GYMsDLwIC43cPn;@GfLd8K18hW+0wB*ADESm2!JFzC`=vLFd
zg*2z$7;ags;!Nk&ryQyE=PIT8Vc}LIIh4JA?^1!*iJ#mDsgHg9x}Iz2(kra8+eVSr
zEsT=B{%}gf?@ugDJEQ~F@8<6x?>{v$)^KiYuP^6NN=nK$9)*x>o|;S(Nu-?lpiT(~
z6ZnvNi;jTwB#LNTTML{ON}vgw7ANOms0Bl9a!>sQd_qb)I61=(qSMwrWc|iRD8U7g
z_#GvB@RoZ6H~fwX!7{WfAywv`cw6Nr5#tIYY1+)27L@(3llXU}aFB{|E~#PfgI7B}2)ku)=+x0Baz#FlACut>HYU~juIDcscS@9=jdA*T
z&~HgL)zGoe%<^%h^rbO6-lCFMSyDpaKr)>`
zMN(FZpK+Uc;ICWL6R}@!Uy=JGVj*|l?0I_DxSYBdJJ(LpBS+57(E_=+y3q5%?>rv&
z$B!SoTzN==wzK5L3&Yh^Vj(y?DByjrUBk8toWVW_o`aD%mz13arssw|{XyUmNE^NR
z;;6t4Vgt4-Vzhy9RUTPcK;?aXeG&IU_VqG?7ZA>Y4Ig!9p_RU&#IN=X(#%e8jU=*4
z-}|F(>@@#)iQl%KKROy7Tf5KO-6NO_4>UFXZpq}M*2?pSbIxxhdBrU0P5)h27LJ7uo`sv5%7#TwkK?lz2XN(Mhu{eR0FU$V^b})U#90G)0W|_4N5al(s;bz;78AYS^JlwIAGY9pG(LQI
z{J|`MbB=vK-?OMEEqSLe)qBXn}O2^4#
zTbSQASi4WYUSZ~4g=N*3`If!h&fVww^oq|VXX!O>1qpP*4w(j`6m8_7JVLT+o`^Hw
zg?hMMN;T=m%a?n2l%ulT$_S2Ia8jfR2+uq(Q#(@kn1F7uwrj{<|6tf%oGmec
z4)1&UHSvcne@QsS$1ThR#{H(YQ%$LVu{ITE?yoFg9WYhp;W&qxdU;)KuHqtUBioMF
zlOm*VOSHGQM=&&V&84pzT=gu56SeK_)97Yg$n>@Ut>J^QEiV{9$x6$~erWP@OiQF6
z6WF-WKz=&ICN=SEz|i1DZHe{faF#B#6kWy7KYGZ!73L+sNld5*myq$ur1t^^C^NI$
zPftA;9{o~!aXTxF%PzPd6w9^ABGPGMy;XH?5f7+tL%;
zovqILFV8csd}v~Rc|mM(&Th_QTbCaF&W-gE6rpBknCu%y)QqZ|njB$zTTbv;v;TzS
z^F>Js#0v#~Rl@}C4q&$)LI=IaYw
z7XG)3-lp+QFZH*5@Q~{bkUjXup?j3w%r;T$@cP`YM)S*NqCcp*o2vtD6ZY}%liv92
zT`Kv5U{zAxL1@_J@lNADLGVw8yv^2Rx1*1-oDNA5$6PLX;VVm$lRjpN`PLPEpEY51
zwS@edW}Xjz7dkVvIU}EMw$#8xyS489sc}V@N?xMNGygNC_b4vh==|LJd|v?j@1GHx
zn!R*tWX?8UTwAkiOr2+qh*q4aK|-821)JGbeE&o`U0
zyx#VxT4eRdoJ+r%jn?j-jFk26Q^(r}A_7br(_e8d?UtAKD3M%Yvo*NBYEJ+AveNdq
zbPbpSuqK5RzXz?mC+zINeiA*YN3ePpgXh7+K+e!&k#;Gm6k!zh@R$R*F|pl9hylIH
z!yMt}Y=NV9Ae;PY1UlBs+?-oV0qN^qU9x9NBun)kiPx8stg)}XUH`$w5aQn~K^z_#
zxh}Ja9j`g&_mZn;z}Nvw(r5AVL~~HPFoB9HO!}
zo6ch^?hHQ8RL+*Jq0zf0<2)m!feZEYbM8#dU$Uvww$`S4XK<+nC>vBKeUWm1oMABj
zw=A}f(lsP?NAsso%Fgv)UPbDushkA6mG`#8hh35zS$k*}Yj
z5B64Tb@p)b7#p9FAKF2RI5B-dae(qk&^hn~dSf$!M93qKLt23s*UrPdzBSINy9SrM
zQ21nq%0=FoT$kP=q|QY|M`y1gVrCBNmZALxdRTpsuqpEITV5`rn`YzgPR0@KzmeL*
zn`UY2G4r%HB{U;Am6gqUF1bUkcW%S3;a#GzO*l`Lh}!DgMqmOBMyH*dMwZMSFlL5t
z`xZh`D&=&PTG=$?IP=j=f}kI;QRWIRmK{4t8>d_-M}U(Wye=z?OTmE?*Bf87XHG|L+M?qo2+(#2+AlTT~mm;kYYp^i>kvd`M#}9o@C_#s4wKms_
zB@f9%kT{LNykn%L52JDY(kLFGFQK1Li6&CQ3JbSBQ;txSz1G6Q!tvwBf#jw2?-?o%
z{rCR!54Vw54ph4Fa&GRtjh9NyRBoTqQ_2;72wghc4JfLl+FZC-^{83P*WX*mbE8Gq=(zJ@O
z4QJ$&pim)%3mK~)n7}*o^9;=Z-UnGfZfF`0<-&n>HTymffbw~9a;%^|I1Y7x^Mj-E
zKnQKbv7+<-tzcN_&oDdChJn_S0lc=q6{ok}>953hC1#@Wx$xpAHUiU<^y20GZ!ajp
z<=49W=Fgkm9MRXiPh1|8QMT{ec%J^~QN~DlazXNO`Cz7r#nnTv<_rR#4XnAoYPhyk
zU$vf~_Wo;;!?*W$HdEKOZVKPz8_i<(RHdZWqdjP5#=hcFDbLp7TS{aR5Ez7MPg+Ox
zil-;cXDqC&I^DvtJ392@M>(l?{)SkP50o>w5MA9m2rl#Cu#>bZb>Wd>r3-uhT;Kpa
zoLBt3_qOzsq0udmes3CtUtg{l-&``#3>Ogy-{qRU#x&RQ(r`tT+j*zLu{T#9m+3Qs
zAV~J`8L`feXKQW@+2tc?B#*h4*%#qL^on?H?&T9AL|d_9Z;_PR1h@SeR&0kbyun=N
z4USqxI6*@Uo!)&grIDhEOD|jpcP!YjkdS82Y7=1AXcmu_z{J;=#5``A9YWlV{x_Sn
zVU?Xh2eHfsMHy(jvVQLbHU3YhF7YTk@QC$yr~Q;82Gg>bi>?`N?D8jc1!>i~#X)Y=
zBq*Y*(J#BUMyPEoPxU*(aYO~bu^?~(j
zx&NAq5fJq#k_Jm?yQ7+#T5{6r@^a=CJZSc&lH3?`_2ZM1c}|OFR^pK=-DNG$DR(xy
zB(3m1##@Y@>Z*+`jE;7c`iW};SU^C-NAMf5CZ44JkF*a&wG*La{B{-Tj4g6b?5gJu={QPS=qn-!+TFwBx|84&U7tHi{pEvZ+e1W1
zPO>EONMxEGRDHXn>VcYD*oosS8S!0m_WbDmTGDbZscd0&^^~M)8jkmEE$YYEgc!82P2*BT^KpY<%>y=gW-7F>7@pm=6c^;2C@*mMOU1QQcjrd_Z6pR8ey1zGhzf;;V{X{B
zG)%{La|4NpGS6mkhb9)Rv)o_#+zAVkkULQHmX}WF6{b*LC<-Lczb2+kugsmtS{c5r
z#!~X~ahf_g!($%axhI~1jI%i@CrAC&Hg&|Fg^$l~sG6+o8(yA`ze~vDbrz=MiWUf`
zJ4p6#Z?{6V8Q@d=bDm-+ce=Mpfik<1pC2i_SVl&MVm#a->O(rttr9_
za#C85ONBK=1#q;ybp7mdHw*O&?2R8vysuX`v8a3U{?|nxr@*G>^DQhbReFopha?
    )r@g6{C5=Q^IiY@XMuR!?lHmg>d?EcqkJf=P{_dG
zdH(q{WhDJ65$1KZwAYQC?A&njuoP)sosXCl*a^fx3}=F^Ahwb(a?g@O-lTbn>Cx0x
z*-41#C_ma&UC+$Sgqa8IMNYQk#3!YllH8O$|6)%&WcN(wT1k6mtP1_rw9wU#yT*kF
z$nNQMXH+w5C|tgB`_?6
zlbE=~Q=1Q4J$MdNj$AI0z%PPRXyo0!$qM@1P^_=c-g+VU049fTM;06JX6+lA$4X#K
zz;VXRWOoQAn(Pi4RRA9xoSuFb?d8z4
zOY)7~KoNR+%vF}chyOcE7fF0?ImGsZ#Y}!{hEK6FJ4LNBB;1P%J2=Pw{D~R7gtKw+
z(VZ-9tSRBsy!xrVUA|x9VP0MyD&yP5yMB~kSoh_5>86E-gb6IXdfEPGT#$az%1tEo
zhs(tn%O(*&gnggi8?K(kP*c762hwC_LyX!jsAs*r3U@VpFQdTWY1Vx>f6@U#stjDV
z9)aBdHb~dD4fY(Fv~5w#YU3GqVbq(R9@Z5R5gB*8*#m5KPtTxLjQF=7KOUi*oaClC
z4As!3uWy6R0
z^!H<1PDFMj0eS&!0`Rli#dc7X6p9DPlEx#%-kBd4Xev`QHE9@9k&T7yM#Ay6xn?-}bCfnOz%i7x2e<<_whD
z0a-d;HwIl@-SM6;pFev7#>25~f6XL)uG>1WMz+ZRxB)-Qwo7~cPgzP@w60KL9x^XJ
z#~4uG6Z0TlQdb@sQC@)Gps`@!S1-Z*h*k&tu7Bgaig$8$jxshQu^VVP0g2!IfU)on
zWRV>uurBm$jFJ0Uqw|+UL+UMBluL$5{h`Hmc3wG>+Z}3(&KQ0Y;B?$+0~%
zxV+pK+9X6jDB)qn-oX3YI+-QzQaSnI5S3hYmE)lJx3_1c-YWgr%4Is`X?E04^l(_j
z`p&Y{-O#+uO{i9Nk?T&@IG#e1TfsPR3(W}9Y?~I-HAq>kL2M%p(^
zFEu4)q^P$%;vi%kr4!NB>ukpg1>!v3a+t-jdw33FkNcDWfzx8pNkN{ZEf1Eifa8;E
zXErS>sZDX{EXv6dGYfHHG0K8DY}d9{ag}cPATRGBU$Eit*#vBSzX-48KXj`=r+hN(
zr*Od{YLwI;+BddS|LT6e>7dVn4)h-qqHfl5zGrz4>1wClT21s|M<7b$iZh24a*v=a?{N5*Gw
zhVSl)pFP_e4>jylLA59>#J+Ebwwns&7}GF{e;XO;{qrC!`cw%4{vWb^`?-X;VcC!{
zB+ce0r!qcO$o&=Mj##_TDcsCjjlhsbgp2W>cOtXC
z)-2wCv-MIjp=PVo92w0%44aMw0>RmNJ1eWOpK5C2`5|Y0bK08r?(RVtW^w9XOHXRR
zm+8(sUAM@sd|;S3JUVIy-^DAM8f;o;H>|>-#iDkFpST<1rZeZEPb{E`hra&R6)7u{
zw((@6991@PbVy=r3*BI4E;e{VhK$kJJ;w1If&z01IJm>?btE$P9HrsszlU(lEPiul
z7KT|RE=dH$=0#?k!mNY|`$>&)(*vFVVV&O$-}ztQS{?}Wjmp0-=w<`ch~2X;h>3BO
z+6FqSQPN`N&G^d-7G~tH-<#C+4ULU8DQ&wXq#k@mu+_lW*q-Tnq5uxSx_Kbz*{|ag
zf=;x;Z*#TIi`P>ZUvqL2d)^ISN%HCa!i-ix#QDIjgJ$089v*G1AUGy!As_Nw9ZU`N
zHu4%I{?If>;%x$|<3G3x0vG>TT3Fy$JjYp6ZLS1?WSp#u5?8uPvkF~5Keg&$8mALBkdYKXSHbTD^2
zIzqgSBJ;7)(V|hz(fGeKzI`huArZ^Jw-ocfaPwa7T-~o_djTDhjHS-KMHJ*l`*#jW
zJU}@`8?RHd1^P5>;g+=Zj|hp3G=xI>__1Tt8C;j(_H}ac$3~1=Z~0upm0zDoVgTW0
zK~qq8x#XT7?h~p#NCeXv(|;R6Yo9o7p*Q|Bs(Pmr4Tt+g{`#?#98&>Zy@O|tXbY>V
z_I&sdJ;`HZ18TkH4o?#D?1U<`P#9F?<%hiP7gg`Z?VBAtEfw+xhj_W?q0@V=%~4@m
z|JnEADSB%|UHJl9b8VDHM9M7Uq>Mix&-|DaUyh@?c8{<)>;OH<-S>aOP4mgBZ!*|1W5J6kN0U7X--lGD{H2;TVV`0Z=0D
zN*lhVaZ{od-Tzwd+H&kYgF2wAm_LqMdwbxGiXifpG-YSbe#P3_b{pt^
zTNXvX7von0$sxa&6kQtd^zd74N9T(dThdg;+%YlFvz7kN<#@+TT8frSl$XGC6SGS!
zfrd(yA`qdRcBZDHDx%c-m)M;XcsX+YAMAHgdXmLL*Byb=O8_}0PN+*8o0!CIlWmo{i?%0o
zdx55i^aL_YNCmJzG3f(n3`9oYS}+c$BU6l)E~$TiNMa-2G3cU~S5|1-?j;~kB?T7`
zNYYy`!3Av|VtiWK0Pr$(o=_z-`O8~b7*zI9@81N)8y2Xkp#gTGA1wR?x5fB1cQ-fe
zbf!pMtNZuaNw$wrR5^PW4Ep{cF$>-MFc;T;{Fqo_6do!yBHU=Yx1F&kU5F>o3np+E
zlVb`!xuKzy#S)ki?zdfbGfT#qKRH;Hq2_NyS{)l<-McM&pXB(&
z^#^~V-spe&zoF?{8&5`edMeuXqwOlCVGodfeHHPI*CNM&#>C|l1kJ%4?8Gf-23Js^
z=W?ev5n4#BMl9OfVyX#!XOVw~J`bAUBgqP4fsd}Qvn;zlH~Lpw5%Iin`RHqT_Z{);
zW0V%U9gw;TDJdmY9Qg5)02u99VWOCOWvmM&IX~5xut~#rqo~p7qR%Z|uae5%H>8A}
zbMcyiMs^$PD+su8*>j9-cIoAvy6XS1aZ*41R@a^0p7!6#-Keuzpq#Y7l*PV>iKYRZ
zUg{p#*0C|}+_!)=={a_y(OmGKV!5F5pM97v&pP8iYWAdO8^fw!1v=JCA|Uh5<=Gvl
z{SA3Cp*<=q_+oH)sNzgc)5xHDi~@8bQa>#t_vugCroVUWsFDIeC;0ox<`=GVV5dnk
z7Pnhkc9X!IGgun-RP7AItS(UD&C?Cdw+OuY1rjB&(E8Gq6V1gsFJ^O
z?5*Z>JMaJ(>f3v%ARCh6=0*eIWjv(%>Y8X4Sp0c4Wv$V2WG9a9DpIum}a32YibRNW*
zu@1(-Ce+37$Pq7ZZ+-s>8AXN%FJF3NB>a**_oI#e5H0$8tg+A?$0QzVP1(7;vz_4R
zC}|X$B@}<15+H^uUqYnZyS_eN>zKmA-6!i0I_*WsM()JW5J`;LM>9P?{|0XzlzKT;
zH~54fT`SNuOh#|UWUc&~O{@Kons01gWi~^*1>7lhULwlDOBZel#|HjZeFx3SqoLV9
zA1xGL8k)(s4(zM#I?7x0Y<18-{yG7s2&$(d?6Nq7H}a1^+9rJM*bTw$YG~(4PEYtO
zF96E*Llww|1K`1#(}FkCNC?U7dpQz?u!7ZN3`|U}-Ou=2c=mcpe^Dn+U?^x8ZU@uE
z>t*+aw9Nvu&~5C49S6*J#nXxT@u%n38C`Ow59)DrI5|P@)_w*TH=YzJVFs;$F06t1
zZlg`{5UV>IZlm7p0`AJoq7yg@B!z@I8zk*Iwe3%ct}`;(zVKBK$CbP0=jDa0jAja|
zATZ)l^3m4_nd{6SdHorZguMtozmEkT?GOHU(NdIuC{9+P
ztp^GG*qQN;HJU`2sHzGH*}x;#6wDnVx_b%6r$QPb?K7e*4CZvA!;m?lq@`&ER^Arn
z%m8Z%-UeM~CR%#F%Xi4hl(zmwUQWVmVGM{sP9$@Tw$$u*hTaIhqQaTt7ccY%0OYN0
zdRftxSOdbQVJ##=Pym)Ys|Gw@9G$AMG&T>6U^o*tEMs!lS6byR{u*#0*X`W@dg0S$`
z9N^K=y}4lRR;`rTesOySVffH#i^$)KG4QD}Pa;t`@q?w%e;!Nwy$5A_8NFg}k;40?
zHFw$Vle?*Z()t+HPZ{i_uz4My61P;5A`SJf8K`S1*
zINgUH```p9mG$GK(N;6U)@TFHNCHh3i8x|ZD+*H=lM8{|s3Q$P=EaK_Q7%FV`<+4<
zp$4<%V4Y!tB1|gOY5x{L00-cSczAgGnHxiBAmbtF%~snoXbi2IL5eRmd1GkT&pYHG
z)pnWXZh0#lRS<=?hc@H=JDJO`sBy4F>QEhrK0f#4?RNnJ&?>3kcg!|URw$w7G@jNn
zUEUOyAXPNMDg9$71{>j=87du~@xc2hCJJ5Av^R?V%
zni;44#uz`fja8gFMd7e$*D7RVj)09N`oKyj(G;1aHV(_xV2Z~dJbk+B*AyIpN5zhl
zUqYU7&}DR$k~xiAYl6~foOL{pk_oAn?hpzZutztdkD2=J(a!4XEl&qtc^<+uJ8{2&
zv}ra6mNWx^-Z|({c36|A!t56XrWCDF=+ooEA|mdN;AWl!#6z!WC@#W%Q_SzQ{?^Jg
zybx7BGdiLy(db%kJ&xNodWES}LW)fd$3vk@z)^V&g){yj9lcQ+;lHtoqG$bS^|K!>
zuS>9{{k;QX@r_ny!J|)3c_iIj^%C8N=Jb)^Z1>)dbrKM{ta0VMvn0=d3ca>GbE9H1
z=5T%`$2k0Qph`k=(9Y?O;T=2BOH0cB480}9EutTj9R+E&PK_#}{V;JhDe*=WV~t`x
z%|T54RBM5g>Qs_>Fb1h5_X1uvYhDP0e`9Em|T7Tz1-nk`)&35FTO-i9O5g_nt%$hj<
z`*fszAuO4zXi0MSq|LAFysP2A%5Dw)xmf(uvn{47zxv}<*-3>c;vehi`&Q$%yBopz
z_wDVi7OK{SscQ&-SOxv`RTXS%Dexf3>uO=rrBm1+rkB8p3HbueuJ61N9@u5Etx*4kc4C52^tP*pp{5YqaOsFbZ|(^vFqnlNo4tD+f>an8MWi{9
z%G3Wq4Xwp3F;s(2>}-!}T1UVN1^_gFP-CRNSPYEg`qsQ_h?&9frE%!Lb)bn<1RQiJ
zM{tYr2m!4{6{)3zcgT@Va~KaOa1TA}oVM1Q?a0V4SjAz~)MLFRvcA3^TTS6GE;-mp
zR_AmEU?b$ocTXv|ryvt*r<_IU2jowo>Xk@hhgv>z8EmLAZxAeM!LzH%`n|cX`rnR{x)(mDP4PC*9eR`_zq00B7{81B
z_gFXx_^El4W~=*_*-y;0hnb7ok5QZe=rjcd-05|s(!e7aCq8AtMuLC%t|n^75NH&o
z(A<1ZNJ+}V#XyA>l~dU-&-|S}5XLt+H%$)B*7`$TVIclWb0ReQ*#4khcqtPa
zz%-Kf3EAtMZmzag^`7^li`F?byQ!lZ$LsGcY0<9GYgiJd62Jdt{ifU*vdvpVlh7s~
zq!ew6xrhM5q}n34EB2oA$3%|?)180_GGJrnyh1h^nRN>0%^Q$RJBc?%(y;vhy!qAc
zO7?qRMBO^ixX*v1zU%0||1>coa=vz+ta*^w;UVD^QixppM}VBTp?w8lWz&5-zP}NK
zxS8|K^j*Tu+rQdJKL)cFmp1T^Xh66aDBMT7dNSr4@p=k3KH-FJ7AC4pT!d1wxzKg6
zl0T<_UHv>|`5O9AbyF{5;kBhpqtaHdlEwt{#Uc+h3(tr_P*>!G3|g7UeZT?|`AWjl
z0G%f4$#UyN5UQ!0;OL&u^JC==9D)Gm$Ud+Eg)-b^^7hRD4^|uI-%%nPy*<5%v5RKD|
z>>c9lM7m{HJ?bDtx;1P=qehh0p(+u5$=Iy16P2~D&=Iynbq1G5An0}^%)D#Y>X0yf
z1&v&hI>rCP)_cce+4ukB_TIb5mXUEvLdo7LBeIfHsgMdSBI7he86ib73TYS#ML4yL
z3Z$>W`uHW}_|8YMa_aC>8^Elq)^?I%s?G`cRZQnY{K4nVdqF=fe
zx#h2={P*lJe%Z@>G|R-A%oI1Z@8BTw@6r+YjVZ2uQ_}-5|1w!{9q*{Rk2jAP6f)PR
z5Tm`$Jk&X%o0hoAdKGpRo;F4X`7(C5ocaB1k&E)#Y}-A4Hh6{^jGVh-5N??C;IVSD
z#7Scwas#y_WzfI?jtAhxJMQ`Kdvxw9U-Bp5z@-)tT$P@}sh<4pRUzlab=J-VuB!e_
z@-QXQ1*UC*sci;Ftk2dSTSh$|e8lmQKy!N)c7$_^gSu}mh6iX(uGVxhi`3N+&M3}1cp18F;1F#OQRoX3}-sb0*-sJ
z^`#LZl3zqbq@u3wvJ73&VYo|=m~yorYNs_{y`~)a$kjsb*qbTXzfYfy)-V5Dmm1MT
zIFTu;8UEp+#ER-YqFmapIq!4jHofN_@{ILtd_33c2$&{IKJ3PKv%VO9r6abwJOF)NVw||7N_gNIPwOhR{L(pRUQBHsxB9q
z>jhon2LJZG$xjsAq9tY~xpe4aML$hUaJm!J)o+39y4M}m!?A5&w3zr2#^hznl%K1B
zCYmFsA_2}yov%%xCWp1KI6MtKkP5^+wwfq+@xPx&9DZrF6RS<=r4|FJT%=0St2(?i
zKF9O~7f?6NTqF}i<_-O(FQULn*7~1___(*5i%b;VBpI3^JMqYn@R@fT9mvmHHyxtO
z`Prs}`NEl^ecy2B67~3+kD5C3ARGE4(mHRI&`0$A;xVtaS!YT3`TeWq8%aG`Bc9jN
zGYa131zu>eE>~7=Oc1L~m_?gmWvs;r0I(
zOjKpPp}cqFw+Rj(h*j%a9T;`Y*2)@)xgEGIno)l38?
z!|nS0Ud|O$%|L*@Nk^8dPjfjroR)DN1P3bkpIXU?@L704viSx#Zp3kfc{xe*O1-p&
zA(BSv-UM;bn$Q$HQ;Ln+v{`L%N_&AM@f;`oT{>EUcxjbI1d>se8wpUTFCg*#FBDxW
z6Id8l-5@3ocBsTfMMc%s>D;?0T<
zqhfwzGhlJv7yEMp|9|Tz%ouc2tn?jQ@y{J830js4Nj6sz=3^*u`t)gdP%R7BqnrTd
zWzYdI$cvl#2N@`X@jXGdX%qf{EH7j9bbf&
zZZM9GM<#{sqH%PCWc)O}6ef5HgCe>zdHU)R$uVh#Guq$sSfm{uY;wWpYrojc)VjdB
zN$Au&D8|LV<8~`dyaU>Dq#^&8VPp`oDs(6cjIFI4ay9
zMi1WI-;v17Knhtu?t}dg7GPI>$Y~!>OayXv+R-?&lTez55+ILe**GHhiLWO5LBs7t
zqWJYY!3+MIZZL2J)_QF1q4deNoScbZ50Ql?Vrmg>dIP}6nne9NVizW|_nQQZ(lxkXMN=W0y3HuKar
z&sWxqN0^O}_4l
z>1CusEcePE3?3
z#%CmXmLgPHdNoNrpDoDG&c~kD@n}k-=l~HFy0Yf8Tr=1J!p4mznSaCa1{c;jm3sh>
zqNIz2N+LTFAh#sO8>A;OuKy|aon=j;T|?+agD93{#w)lfj3@TPYa?74W+>-Yr+ss?
zghVc0Aqcen+e}SOMb>Q6y3Xthskyk5ZnE4U%zgf=0EpOmuWh4Z)Lh*
z^1JcYQNv1;Y!vt^E0TrYeXFCX;-A~oR445Fb+RVw=<;GD$S@Rb$$Mozyrq15UP{w|a;O;R~k
z!xRifb3}j>N;dDB0Br^nnxDV_dgpvsj&o-puyAlZF-f+H63~gr4_nc5>)-C-Eq;oT
z)ltept?t5N)CZ`sa2nd67Nnu@-pmk{e
zTX%xu2%&m^_n@gD!dIBQxXtMzbP^+b^?trfF1sfk-rfk+U{YDzH-scjTfc+}+
z^33tTazU2ny(&zRNc-}v7|QsyNA5CRHN?D%ZlMzpw%76i3kQ&aCi7QyF;b-HGtyiR=k&^*jijd8vP1~i$OmSFiF
zKZ`9a|JM#45YszPHvl0R2JI%*%1ntNz$re<&ufP2&-pSPqz=}0ayMegUjkNoDbV-j
z%f(y729wCwOrT{OH*v9<(Yt0T>jRPbsVK75Ug$HTXHOzk6c`}|&$x(v5P41Of=8M`(_|(9XifRXu-pmD-b@p6o%Wgg0qwia@Q2
zCZJj%C37B%b7YS!pw(@9NJhV3?F|Ij6YTcvdLKmNWc!)^>Ux8bq<~)TqyAr?OfoB{
zg_2BUy+;!c$|l+|9CwsqywJCnaRRvGG8f&sJonbk{4~Gm_8-Kcl=aDXgvUi!sGvi!
z?}-ptXoNy#N^B5Jn}5$xliHu|v1#J95uu4Ux4F5Qsr*a40QMJC%T&#UTf`hYO)>58
zz&>6QWs1f9STREYJfJs`yJ5bzg07xe!SQJs7e${&DInerym{N{@&UdFm75sWK_P&L
zo80jQ!h#sCup>l={QUf8p#49>X&H^&Sf5b96o<3ID_0(MH>)rwC}oySJS4o
z3Cw$iw|+m}%l@!8+e1le&$!V=t`tdL2Kh9LcloDz_pwVTDV*9*cw+ltrR1dM#EIP#
z*K1Gq)|AXFeP|2*wq@kQuWw_E!)`0gVO1Dly?OIyO}^C&00rIY?p9VtKWI?JrkI1)NoW`kaR`(e5`zmCK`<2GxDh(E
zi{nHRm#BwyGY@m2ezvNy4foqK>q$dgX_6`Vm*j=07K1Ndx|F9S1O&L__3NlB|+$VLew;}VtQOC;2AnF3cg^1(W}%NYoJz+!h!GR;^y0z4_!hr@Ra^
zCeHOK9%mw7iMM6s6~&Gjts?u!T5vbpZ2K#urtc}E?N>_rPYFxirH=a0(6ly{+!AeZ
zA;`DCKxQIh0dp`gy)-p?DHW9?P|i=DndJ5M@QA!}et2w*wU}x>l_X^X#s&vrHg|Y4
zaXE+O0%J=j)8?!`}XEe0;=ys9K*W=@Z(w8Yxm7(K*VPQx&Gl##3_yL$;COP&-WuSFwOmi=LUG
z>oNGWi&dHrHP6yT2)UsH3VDKb3UBeeGlOifN^pv`x3Rzgg7OKpiO
zU##9@PuQp*E*sEQN!Ju5f4`AIq1TRtVhex&@`8f3i?FdMfT3TDB
zEN?WyPIj?G^uQ{=%W_hV95(WjPm4I1m@unQ!g5^o|35pHg&3j2K&OHAl4SG_o?ERewZ_G6R4vb%aPE
zujUYxSCheqCmEreLlqa{BQDG>D+DPEa_qk1R^fn#5@;#@*@tG|5u}ZEDB>!dtSFRp
zxRIF>*z_HaMpbon2tn)!n8;9oTnaJ&Yfb+?8I;b6>Gojv*CORb6TFdJ_-#{-ONMWu
z@MQJ>2`B@j0mVK}P@4ehBJaQKlNZD0m6?GFnXl}V#1{wZSo!Kc9ApiMl53l*5~YXFaT(Bh_JIn
zkVxWRBMeTSJbBDX%wK)czX%;&aHhcEi5$sNsSSF~Zif$l!v?;nvbq;=hIDMej^yNj
zT~ICwAOO*Kc`l)Z?Yj+p4h1HW!}Hr02&*@p7-x#6QhkLS`lesGzUb}6Z(9$2{kjFl
zenfKX1whaf@diOGo7C0SH*H!y$SX}pBShMXwd*QPt}=UF;?~>MMX}ENIwCLW7)QI%
zb}9qG4ST`E;MzL9yr?CzZO0Cfs@dp&BdDVHLtPt28#1)(oVV1!_GQb{FRx1M?dClf
zmVfOjzt8h~*XP-SUDw*fVm#^_PcBsF#Q$5!iYf*YbJ!x(xG-{||#
z!pUf(7RGS_^=$`ira!UzQNZ6SD2R>{m|jLni2WKt4D-n`*dWE^dZD4p?D6Brxj(2T
z>2g6o#`okr<73kfV$|XL$g7FQL7JdVJ{kmWiY_Rem~$X4&)*1c)WJF3`0DMc+=?+p
ze93$5)`=yG)!R9&NDFy;FUD}Xr6|?WouoZO$|dRBY@|7yO+HcfB;HsJRjJlS)y4OjIReQeG{`R
zS>;F|9S%xS;-mG;*QsK-hl`@$)L32UH)s%p`>XxukKWKku}y4w!o0i#
zfH<9WLP$!d?o0!R(IX%+!A7D)k_;Ig%5}s)Mogntax@hb$smP)do!R)myeDaN{CuA
zRV@uO!>Joo1+XKaz$T`bM*sWe%LoXpxRV_#KCf|FlKH(EZTn9T&{eV??A5}_W?E^@
z_UP=-V@dgwk7T11Iq&~S#WAP3dfuW!(!B;>Q8V}TM@ZIa!O
z)N#v2W0vIt&I;UR!mmwCO>Yzz=V@qL2(Zm>&N+k1oE(B7dA^P|Nw3M@J%G5faYc&}RQr`*McXD>;AB;%7B6iWciOaL3YqrGKuG_X=OR
z_Gb%C_UVM~Jj~is-O;cV)U98;?=Z4p9vWK#2!We8lf!+)t+;UfuH8x%
z)dg}BF(e=_fek`+4p_Xu6m9s(X>$Us0nAEBC8ZC#>-CC3@mf)lnH>Sk5E5N51%Aw#
z|5*wtX>;W}Z&{IYi(A^7ir#Ht`^LaSZ%7}Jr=4Z#_vD28fX0g9R8V_$5P$%$e|!jLmTyptBNbFk^91Tzn5;gC<3F1>
z3-1I>`Dt`CF58)P8I!6pQUiR*9k8l{gC3#-+j@|^7vOB{?CiX2mxyy)Yioon(G(E%
zv7MzgSFVW77!QC&zz|uT9*=)tf;)GHEKW&bIS=o=>m~GiHJb-a6%ZdUG&>UV#2Av5
z_?WSp*9^*OPnk=!M%@0ZC^cr_5NQhTDkJT%wrX%JvCi?#GSirw^mw9|7XE{+P)Wf=(Et=0~hh5IJVS1>*;~Ic+NxK
zMNebt=U9oyN;3~-y|nl4zCJJ{lNH@@+x2yU`=6swe8v97`b2X_0*{y}HX)nebz#b5
zM+vfl&Kq9$vRhV4Dq>xt%K3@w1{z9E<&opMPK}hh`se#~$II`yd3!Pyx_`JgqtR`k
z{rg?4(iA_f{q%t5az=Ni*%EvJtJAe1CdUt4fB&Exl
zt#S~U9hc9F?*C*P_2;cd%?#EC`}C_)vp$&{*DR0v^uNCZDQiFQmSov&HrhFvSy@?4
z%jab%$7XK*gYt$Jtn|I##}&3d?E9y<&Kfc6d7E9XrKP>9?Nadtw_|Z
z&ok35N0Wd5xwCr**ZK$sJ$#e=Ixeodb6Z{8NUj_W7Zn$ShX)feu$^D3gsBu)!X&kw|TTR3sJtUH93j<^iO;TO)dKqe-=(ZVHN$CE@k39H{bI7kk|ZH@^H$U=
z!u}V*Ry*Uv|0(HwGak6V=~5Pv(nx;Il2G0Gyro4!LLz+e*0oM)GVZ}r1<~-_C@FtA0upQy>sk)NQs|4+dBQr+JkekyFZcB
zm1+(3N9xN4-+5jB`id;k2?5^|916F~pGX*cyH5SjVdSUT@jh*r=y}QD$p7&eHPo
zrk8CfmWEMCczDSW)cLnRL}B1oeqZvRyM{&9{PgN|wZZ+W5+g%<%cJ(p#Lssg8fr;P
zl1b97O1(tQw!%f_u{Agv-_RgcVb#5m_ytq@c07>!wU?A%J~&1%rJ>;fBOM??kEkro
zpzk*e3Wfo5_?m}=)IoO-drQ8(7A6Gw4Ylx>&#Fz1b)sG^ui)wGs(nmSJ$>rh|Bi}p
zHnz^?O6@ePPo}CLc(6v98jPNRP9Itg?V#@oi;u6#ZEpVp_~1X!WJkD4Pw5*K4G;L?|7_TLuZP
zGR?hD*h~zemf4N8wH`R-lEj5-%MWrFAl<;@%LOJjzU>bQ8*X;~xl0}knz2%LlbHZkNeQO&
z?gPi0!v(0PrMWqrGC8cN4-SCztSq)en@)aXyNfZ@XW?(@;a;x)CToE9d$L`-2e&yW
zkGDW=K|5pe3M}tjX;t2@TN)c_&S^n6g0VLAtO69#fP+I73J(k+D0&We52X~0LiI!!
z7#2>;g0SNLv9M8uo*brcDQ8Iw6nFSj$NkKQF
zoKa;2;wNsxlr*X>J?w@?tJ@mzE6;{NFht^jPL`CXK*evS!+6
zv&uf2lpR&rQjh{IqG#w-^=4}CX#a@ID)P4M|Mj-mteMQ}B-*0WV55L^VD{^K!EFxk
zBVEQ!Dwx5d90)m!rA$V`;2bpPAwLcvy-yl_bBhuVG3M><4d6DiUg7iEv^4(DWC&IR
zNQz>Q`oMy~(3c|u@nwtwfEm=+B~Evu13e0e4Ka;{6n)qsQd>h+m|OPvxR0+aL{g#y
zEDXVWz`;R3gW>fExt-c~ettec^T7d{zW9bKG-;v9;k3F$a##II>np
z9$ekVM_8H#cJ;+ycQG(%L?6{>dZkXl@JqOI^f`biYR5LMVjOZ0Y+u@ws=)qxUDwG8
ziE{!0(I)FMdLBGz_$kCt59YJ`_fOf`*+r3TR-qu>x^;3G1+>0%01dg}hZLeqe&T;t
zZ^H^)BO-!A;5&G-0fSO*W)fJ1*H_JXD>(9K3QtY+Y^k`Ip3ZQ;ab0M9C)!PnU}jr;
z6illf4Idw0*fqNWr_uTq<*aDc!08Kxf9`bUsoePoXM2Mcg+$+;OHtA^klCT(;P4i!
zE=$vo6ez50>=kx6>V+%B9mh6w|KKN2=eRV>+0*>q0CpyX_ReawmE==EI}?Q9p0|?|
zB1%2m&*bLjwqKZwEs3R8%ZBCdSY!VVEdbV8({@0r1>Hnd;r^aze
z3%QKi<@BaS!J`7JR#EzJp(7_Idf4|mo;tOO?Z{xFYSd=EANsNe4hAs>RR$vlg6AJ7
zGo&+qY%!I8d%cpV&C&ByGoW?us+@__`qYM$OMI@h)0b;HKHdmT;TMUalpkr_
zY_kT<7!qJsK4lc2mnUh~Lf)dl$5u4Q8=g_bP6=qYs@2-_C>Fb7l8(f^X3bd^eanmz
zGg2*r1eeej;)^mW!|Pm1N1put9o8bfF=XC_?RXHnqVo=G@wlH~f0|$dtgj7D=u-}(
zaV?6J&Cuc4oTnvgpI4exm@kzTot!ku*`4>hkcv{P{WX8(?u3Y
    ;s4w2N;{alv6A
z9PnsV-o1-3tqp2wzoHtQa(?CT=B~>%%yntbPH$2f=eS>Qr)qJ}@-BUTr}3H-_g0NX
zSl*VA%^SG-m{DzY%Hrv72RzRo58UEJ_M?<0)0WrhX)(Yy?)r84OA%!U+C&j0g^CJo
zlP9mJ=x%Fk>%$`|)TG?ox4#Vx(2jxddHM3Cg@wf@{2*}PnHd@4GMdP~uDBRu?HV5OQwoFp~#mvlzl?JaLuueb~!Ga$EdrsdXnbhuufaZI!T+bU=
zz9j5T-nE=E_*!Rj2qwj67RKf)+c8p
zOBwrr-M(ga=~bIC<#*Z2kOLq=$Cr_KefZ5yqykI)jr@8(3HIHwkBUsmCZlvR*2q@@
zZdjBhFNDxRMC*rH`FyA@gBRt(1wjRP@aXNSRtc$l+u=y<*ma0)itjqqAz4Uaz4cH7
zB4Acz#xt;ErZVRxGH)zzR{gbWlo{MO-J_jJF+#$^`R^Z&fBgz&FY~&bP3$CRG_yDS
zN5zQX+PYtN9%sJl)#d0(xHL4c5>@<*JLbx+%J4LU3HhQ${dwxH;C}V!{BM6_;3OM~
ze_&e#7{;ck(2zPXr762lGGg!}Dv@>{A0uz?(R)WnCikNk#i=w|AO}q6nU-(^>aWe*t(`eW?g9kfB;pN)
z=g?Sv!^}u613MbzJ$q%g{V6d;`sQjvcLr^HO5zS4q3I?a{Lf3aBP?&}UOx57zNn=}
zQ*5K#~D15-B_WhcGfa|-ZLwLa%}kXQO5h>CM&P-hnP44_D7&6
zAn|bKOW!b_{PClzs!G;!9it}OB@x?0CJ9{IA9g)(dHKIeg}U~(*wYhbFHU~@_35Ms
z>usB(wi**G5}%lTc09!#Py<)FFWXH5;B#w6n83r-XJlX-0o!|%@@+R?(w
zkhH3t_3PZry;M4Ug6>*I*J4HJ^M^~17Gim2sERdtGyHDLIsz9a;?uHslo5@3IK^Fj
zlP;aVZ*!HYHRAB|GcUbapVaV1m$p8%-n`3Sc638(Sise*(!35WGjq?I+PBgT
zWXX@mCO*;ntD&KfpufEvMQi(OC8ZV8S^wWHrSZtta^A}Lvmvay>B0DCxR|eJUb*6C
z$2U{?;7s5*(
z1D!0-gcFK71v6el0ZW->b@FMv3HSgj*`rirR-}zATMY|4jhA*`Wu4if`4=lvL@a%n
zp^8gv^T|4y8@j*yM84HOBA2?9D|f9|kyl#l;>*i?-DQq$pk|_O44~ScJ(5njwYXdx
zdRsa=l5bk?#!ikSXN&&+)hYpGw8rS^C8!?1b0XGujMfm`a)
z{~E2h);po)7Xr6FA|=lbDs+?Xn3;V{B1+53V%UM}1LyCPt4NWNbVYIT@p}a-Jv%-j
zIbmNq6-L~E$PVCrlN)KX!Wv(l-ZAC?@57|lj>fxjfRvCo;%p-N-{Os(M`BYDy
zJ}qSOp|*fr6XRo9*Ws?s);J<6{V6FYKQo^TO~jT{vl*~I;w-l@2Lr4xfoU%1HZrma
zg+)<|u_N%OytGtrh*dz5GGrAJ`o0}G#eh`aSDwCfR-px`DbgR#a=b*Dwz5Qdm;-=S&$}d9C@7Ph{rcZUoHdyklP9@5-vq0&zn|ag&jHBNvSW9_<9p1G
zgu{cZw2C9^CjDUd2&+v5=>psp8
zbmXw3P`6{J*o=s3BcxEf?xrG#P0*h!!_g0G9UfS~xp4uQfDFb;fTQ!p
z)JNn3P6o6^0txN<N$&vik>UZk+EBX?xR|j;RW>vD%ZXGVKzC5
zwB)b{z;9z(^dtMWB2AB(lKrK-I7!<>pAu5a*R;Gthn1o3DKpyv&}^kD?;`nqWs|O@
zPFI=TtEqXoDd2IT6wCex4;^5qHXu=toVmdSVvK_ww!3u63{4JM<|}ef{h9xdSI|}C
z0Br4Zd))sT4rA$=1y>)z(hq^@7L|RJcVM;&LwBPzB*LS4z&J?@$%z?*!(+FAJTgU6
zQV8aXr_U)f&aprSw$ai?07S?+-h@r_6@iDUhd*c@%jCTu&rC;KK|Mj^q+_>)5#Jc<
z5WgxcJR>86;4rDOGdXE|GsusT`7o(m%JKIu8$ui(|(uSXrAHv=xLbsKH`Omh0}3s$`Av6)wN@
z3x}$>a1Z8q_aHANng^Mn(n6@+pV;?FSn~)7q~lFs@jia8N5DAuIE^xjemI;8vt1^U
z{~Q058!zd{MGX&_`luMuctuYYYr+kBW!L
zB;1R@dm1?8Mq_ay->tQ+U{d=dDk>;RHtI;pgfayh3>&hZ)t7zSO-uznmNEWFS}1_y
zOij(^nRVh@Twt6-ISWr(|0{qWah#GR{(k@OLV)S+D&1xiv!-?Bmsp~0^#I}fet2F_
zt__~bncUb-`uo?LXs}9PB5X-PfdHm-(a~;qW-D4Z|_Q?iF&s=uWN^_evM^N
zFDFz@r-mbcqVCr@IWM4W_;8eQHE6YNfR7^}7=Vu~ui8d1_7xO3<-;c-)LsYi%KR5A
z&;U_tPB2JV1d_vEnXHaJX(Z!297(h@gXncJ8AKB2eNYo??_G$G_y;PBlMrfto1(Rn
z;q^CuN<80u9!O`%$^+6L@Y%S(ly!;y{bTYvmnQFPdIqBm-M&~g?X=#QTKN*zP9lZYhRq`u0ighOPL2UyWr#oRNI6x;Eop#1|=Ck)rEu}~yqW=!c^+L$uYy7u8fCF$CMXFB85H?2^@^-nd^{gEl1B=QDe7R@drL6d3Ta&^my-I5q%00_&
z=+CyWgz-*#3^=%GXj}c6q=l5|5=69YF`wa5?&e_IVi_Tvrs1>(1Awy{3n_&B%U#F(
za;8btTQ6-e-?r@*vO&P&(;aF^BpZ{cW#6E;pg>r-OOTuLmF67XSAF9gk@Y@B7=tF{
zPisJE*pee)(I?$s58C%oPwfJ>zz#azy1Cg|NKF{oSJP!eK8I$M=HO~v_*fdHCuHzz)x^|rsSFY$gjoLx+`&blYYGw$8H2ceEPWdY1acEc5O5Da<1
z1z7zwZ?v~t?=qmwerI$-qU+4jWMV@dM%P+LS#e_U9bNGqTqVP;V!-|~I3s8pcrkP0
z@c#V_EXk6Z2ZG6udV515r<$)+o#!PVAd4LU#5Dg#ags}OLFL7jXhU*$9;;%U^`G~F
znyZ>yEQLF8_M82W&O!f)y2$4>4l8ujX4@p)eq~(Z3;Hp7CdlDjzbg~DI+-h7bc}Ju
zI8$R_@tg7e4`z$U@`>KI8#?Q@EGUgn6P}5_;UBr%`%i7YJ~|rfDm;AfPp^}wch$p~
zRmCk}Ytz!^c%NKFJE`M_BfWWCe&veY{H8>oTqAsmczCO71Ipklb;>P*%VqWU>Xem@
zDy9HBHh?vn8*2`wO?S9QhaTky_q8~yyPI*t;XSZE#YN?*#XM)5$(mPH0FP#svc%wnbHhU^H>QM
zyvy_U{tA|KN@A2W!NhBF+F!2-o(2)Al>rje$_+_bqQ5PGlE*tJteVb`ONV)S9cIUB_iUz@fidlpl08g_L~x^4Yf%ZlTkI%ss)2^JQ^yEpM3^W;}(4Whr_;+$#w!m>{F3arW$4
z+zjz=A|fJQzkUr_56c)-<-jM2mCssR*C{GK%ETBb9y(fB{E)-H*7633Wt_T~E-lv9
zUZ{@yr*Ce$xS~_%I;JMf8hzxQd3n_OyqnjBjSEoHDfp!>0}S5(M)`1Za44Uz?C7!E
zD=C7z_p+*N<v8Zt~`JlZ&9)AeCHpxw2r#9j0$1f@?^ToVyhTZVqmCJ;rMqM~A71{%M0a&nHPM12rwP@}-1KZY!`ca)Jvs2r^+
zgI1GbAeuLHN7l;DbGU$^M>{qEdg8M7mMu1cU`M-Xf}_x0SRwWZ)5?JLqji7^d<%vj
z2G^j4&rOHT00*b4b1y6v;D-ZAnPe15h-I}2yzBMR8AtC^Q_VlMRntYwsu%7xrS~UW
zGk=sc3$(=Y6dva51_g8DkA>!2iLn?fVMy0OKZ=6%>jm
zSr}5q1j0QBK7VFn)b;yBXXPtwi$V}i6ZbWbhzRPKbfABL4wq(2_0bUytE8a_p$`v&
zG}P7kQwI=eevGW)^rKO`FxW!%je7u>-0olzIqi%isyk)onoYr5LZ>Tadq8-
zH-q84Y~n&V7y@{Msjf!JB9cMZ7B3F6{+Y-iiHZ5;*Rl-Yyu^~%A?wQEl`Zx5>q74Azw+{pit=6WskY0%ruiY2xWc^q%_KaJjz>U#a7SPk6bn7A
zPh>Y+|JYco4=pKNdA;~BYahDoT6%tOFE3TzB}fAx>_c9zRkrpj!54^CVr9r;t2V_k
z1YK;R1w}ktdB~;W+_y}Fv8@@T_V&I5
z2SP7JlbywFJQ&d(e+ZcCZMEP1s*D)fGbiC9r}D`bF}NB+dFMp5NE=a17Zn$eA|3Lz
ze?_wgTENfW+)I-o{l*|9d`OeHAwGe>cf
zns3ma0yRA5?QjASADEPL!D$i?FxudF!-I9m*kJSx<}g5AnR^_vXVA`htbF!Lg8KktKxT?W!tjm`L=ue-@i{$&tVY6O
zsC8kcYUIV~H+RRz_CIgQ&gWcFR}Fj+;MemwUZc5yC-8K^hdbG^Q9WYz>|Jaf5{70j
zMWdvzBsYFCRl(Mad%V5lhKT^+p+C@|Oy<%Md>0uLBgn^>`hLOkFJ$l6{CvYtEN*}X
zeHvK~y9tyoW6vH^Y9F|?_Th6>h}lFR=W*Zwz=VhTNyG-L*+kuCWWU56{zQY}64`%|
ze&_4^f7?mG%9odylME0sG;ba=!^mn-NRiSb$FGl79>DO+%Ms*tHItHA(PjQag)H(_5{pHBqCY$AenfmnUmr)pfY^Khz=p*iA>o`?
zedM6_^T!0|bJWPvAMWsk5wT7Sj*h(Wm4iJQprzdlzJ%J^THpc=vdBs80wRhOp|oE=
zf07i!*uv}}m3aH^-A`y86eK^?2J)^x`MJFxU&hmP-o*9(F=|ZX${~Y9*H;Um@gqHf
z`V!N?DT$rl%%XdId=d_G-uc^0ax-jH&vJOCy!dQpCTO2T-4JZL{n&JL*mS{~mya>M
ze~dy|Cp}o&MNXZ^wyL2)Psjm0`q$y%0&KajOJAr{?G+HE71e(LD#cjmMn`%n-UOCD
z=^~^1|66&Dar|1RPCbs{ypWonQWzKTs}jENP
zEuHp^BrCLegL?gAwXo2*lVgMUOe(EUNEaSH{d0B|AS8&bz{}MYWDx>Ve<;7&o2gXa?snGWQT}KCl?nDpDwN~Pj`v{iGcI>K@p#Q3MMgeu~l%y
zV6vst!q3sYK8jh^#3LD$nKPb|u^8fkEorsSt?d-iPl{z;YLsU|f(Q%A?Lx{$KM5v6H8$q#2X
z$#@ISE*E(}^pBms5yG8sP}A3HPk@jbWP8)g7R-23J2Bpcs``1BmfHX0=J527?R2Uz
zLmktY=d+sOSGZB~CYY6c&i^`@9`%$?QApmY!y|rm*kGrUvhr>G6}TSn0c(7lx))=D
zAmaj|5xo%%2Wl%^6biTeE6kJC|9)uo4Zu4+X^SvgHRi)kg>
z$BKyohxgaZ%TkgZwp#k+<*6O=0BFYB+fT-fui
zaHn@&#{Id^9eW?ea(j5aZsmsQ0EDn523{%S&X@@pE}g@9VUcuT@ud&2~$_r@z7y
zUAwRxgbL$Tq1zoUGd?HCrW+L)OMJ*D+y#FMJGt(KXK6ot&sv(SyYGE0ajOT@$^Gi?
z4d?API^sleABw-pUyyCy?ds`YoZQ@lXY8}p59(~aWM?Mo5GmP~Ji9D+UHnz;wWt4>G_DG
z78YB#K0|n6e-$!HXAic>w=mK@LwdpA|8#=dfx~dnJ#Q6^6;zp@8@ur6Nr?Me6O*fI
z4|FXQn&eaz6+RvL*n+si=laIJrq3(9f;BYCMO4ztSatZ>0+0TjJ@{c?Z>XDMJ|2Ua
z@)(+t?};^CVr9uUZ=1u4gDKM~B3bf$Q+f@0T}jE(mV?Sd^-JmX!CHYkV^2=Zr>8Gg
z9$GLl3HF@%uGCGn*Zb$;iJq9jT=SIPrS7aAvAH?3Eh^7i2V9({jvq5S6n5>zq2p5oTr!0MqJF(>#&Cd%YZ!zjeGP9hb--wgK%(U_FOpQnUrAOcd
zX=!Mh$QKQ`6YJ~i5mZBQ*?ps=T!-rD3_3}?xvgYrBwi>&$nn|tTA`eJ|H|@@fhP~d
zIh72~t=OIl?R+a`Ob(b&I{x8nNviz*iP-H(b=
zTqmy+<*4A4=>K-GS0`g!g5_-vN#8v}Sc~~D2sxmoRobPK5<`b^7|rAbHFOS?ARs4a
z{*6#WVzewDd9MeigXrztq1l8`$3M%IHo~^Kq`s+bWTJaV`nj9Cx9xNtLTEdIt)hh!FxF#`aV-LhC)4oGHQo
zU?*DN?x=o>%0l9=Jp|cPQW6(xr-KK_z+5d#ZrQNGLN{2vE$&Q|v6J%4f^FTGe|`#B
z$u7CQoUDD!_}R*F7NjHv61fUu-
z8cV7&HZ?``0k>@o?1F^M@Nhi|J5^SR2Vsr4?+Yk3-&0I%>P~3X61V$(9@N_z5X2Qx
zmpy;>j6(jUrlwxJXuhA_O@H9YzKQZAJ?GWEPh(1MxNLmy@^Sn$;P(v$MmO@V;l%XBP1
z!aT!glM^IX%@~s>XJ%;cB6i*`Bt++;yjjFVy$ZhuBklai6{~fu0;$)eKJC6hZTh*Z
zEJM2@1#))UdIkIyb`FlULGkQLW{JsCmXEd=7dzc4ALS;a^li!usY#gTz
z^t`rKQgRQ-VSm4b7N#ffs}^Y)=arn3Y{S#tAI>Ky4=O9_;fGC5^K5@O|84W{9~K>~
zxKP@0L_#1zt@)-7ttnYvNonb8RWCf*4IPGD4;j7|%yFcC1+AML
zti7wW04;pX5;Z02{`m3ZwalclgKw2ZYoC6AZZt?hc#k-x|-H6Ou{HguC`
zKUL_jL*{m!x`Vj~sh~a#U7TXUB)9$n-yV
z@6co)z?pbB&zA|C$7!l={^O?JdyWLC$YfnQ1KN!fP(Xj`@9yn&Gd8Ag8)3LW8KdCL
z$-%L6#|~B&mesOU6YH_aU_^znN%R@r#Qa!E{d)R*Fmo`rKF#Fgpze3yx9{=t5Nq9U
zYs{I1VON5@!l&cojtYnUjrWC}K6^I4UsF8^8c~qTn2emXBx`9zk4dEEF{fW&H#|kJ
zczkTy;bz}~ecVA!j5y3lX>f2oX^isFu+gOSBsZDrj#B?)X+52tV(#t>u`{Sq$h9|U
z%gV^8g9At7LOV58fC<=vqDQp%UkqSKVnUEqXcqQ0+HabeovP{7V)NQ
z4OUX}Ggc2neQM5>gfOb<4+^y7ukRmc7Rh~rg-Zz^Dqrzn=1F*Dv>eI2??-!lvGMt}
ziyv#Etf+Q~P@X<8PzCmA>X}*j?j3x$!P!gl{?|sD+EyF%;|27&^{f-%wcs%JyuXo&
z!7fd>;l>NJ+fcBWrrYv~qKLM%Y(2?SAlM}2M{?i4|2rm^tXD}|B_VNyjlF)-fXyc7
z^qu{POD<`8_*xnPk93!fzh6;YwZU_wk4(9(?bj{m8ZNFZO9ffzV}EKQVioSMZ`;4~
zMXke&HM^oQ;pVh^o}Tr|(EAa**y)^_Yg4bhU}Zihs`+b<#LdtD8gaz;>U%HP+KUT`
zON$el9NoG7D0zlALChwZhbwlM_8XS$4i-(+HuTeL&E8^p>(;>!5A&IFGDDW;9PqC6
z{QX;c9&m0x5iB*zUwUl3NjETMWlE}h8%vZOofI5!Dk_PJX^c?4P12TQ(7g~%#*n+a
zJKV0%c-BJXjONwj%K
    j-u}=w_|X0VJ&ojcG>dxj}V&>4&75z`u+0ExBR^2%rr^A
zkr!)(INQf28yMTO#wpSzpd}*DZjj&zLhQPeg^iCm8x%rx68a|0HL<*G*RSre-}kyW
z(Y0phXjxi&f#rplL#@5ZF-89$VQ&IXWxKYIM`n`QGL(4;u{20!o=Krhm1-H9m7y|(
zund`p3~4qNr7~4SSTd(VDpHvulF%SB{mw`G-QWKH-}nFh_VFIa-upf3Sl?!rcQY+Wp@O6jpgq*1zym{b8lui6tcaI2ZB3_jH
zN`c>2|Tg>?Oi2wQcGC$h|Gw8RwJ$zALOW1Z`8D9B#r5QC
za&v-jG8md?r`E>B-;Z>A!gaoM$DA-E?U?Qncl{%?)qP8=HP^@)t`|0aP7r+!@1XJa
zoM*t7btNEyOhIBX3KJU4Dh5`+ZO4vqH7H-g-@&hzss9J!-sOPCuQ1s&X23=|w
zDX6!*?}@C%b!6yHC6!RRBTfFnuqi}HNGL2kJkvApRd&-_QR{{gsc&Vd#G*E=IlHU0
zf6hgT)V4CDQ6O1`PXA&`N(xvH0pE7T(mxjA5ga}{^P-$0sk|xWYE+?)|D2-Yos|Kz
zsU)Eky#>0(uwSq5^wiZ^JrKtlc`dc!XZ_sF%P+4L1t!@lAD7QZH(8M
z&XwS=e|?1_ZUzA9NcSU^%l8Tp{hXZ#GBY#T?o)JT9JwRZ&@6MGfPKUS!y}2;;D)KG
z3A}mT(P0E0exO&Y$n?Qw|IemK?^9|n;^1d+c0+i>w@+J6CxgM2xo1LXTA)_~5ukSm
z=ouRI{2bG@06oC1BP@2nVt6Jyv7YhPZ}VmT+^1c3Pdr`u+2hFb>)X8q!gz`3mb5D}
zu2Wf!QAt^OjqF}a1sVin4h{||5iX7QX349zwrxvQ+6=#R(HlZCQKj##Jr#_sh@rgj(m;%
z`ybWE1z6p&?W#jM`$ieOx$9w}*?slRYe_)h23S`wu#aNduXp0&;?B@Atb3cGIr~g#=qeVJBKif`ZJK
z9U;bB(}r0MLIYZ1Pj&1tV-^uac#GiUQtS662h09$m8Q#x7-tYPlA~LB
z{A^4eeby=Lj*7NJM~>uz<#fM-g5f#zFW45myC0uXROn0DUUiO%5I3!3eC*swcC08X
zO_(>d@+V@i{)=Y~0;_ooDA`)EGJ7p6saX9;5l&+O3`H1yJYwcJxO>@Vr>`@~1woNb
z%vVFKG!Zc`AO95{N;@n&d$4<0vI|N{(svb)r%vHHvWDZEa8tIZ#kQ$G-npH49VzZ
zGkZN;KQIO{fv4Jn`G2aMq)8}8g)#TzYCV*!eYeoWQ7gFce-}Pcj0?n13&Xek9!xhY
z6L>^Kp1ly|7>?Ul9%|LlRdBnFh!V`uCF6_=S-Wi}YFeep;Z{k>PsCwZtzc3LOpefY
zssm~sm?5vxy1jLG>%mr!)_~T?DBmV(ub^t#hzidx)!jc*sH%rrNR63|I|mINl(+RAm{`EXB_
z_J*yehZEdin!$LBvlU*P>dEjE>QqrU%x1KIKjD|z%Znx93Yq%gU|2KyAG-WHOu!#s
zFF9sGdE4E~0aJdoYeNVJfR0k+KEV17M<k>M&O1LjWAwVrtb?XG}nJUVDAp>POTAjX_CLK8cOYnAc
zOH1f&Sc*Ob-M*j*R6hClh0f!Jy+f_r@RMe<-!=gVmEO{A_InPSNlD{|L1XVP9UakA=~R^NX%t
z)*-3CHd}NP0zX?7uJ_h`gkW%RG>7SQLqq)B*A97U6DFbA2B`+!&w7whhCh^Va?QLL
zjhPDNsLi0ELpDa`|Ctu3&bJ{v1hO~%3%73GM0}WT5DTnUmDqQ@`{CNJajWNE^1k=i
zrc^JJ4^E{BqOq$${k^)EZ@a!ef!U*zUm)cV;qwD;QitsnZq_+j2Uhi}a}BQEd>VnwUP_CM)d%9j$b!<}4C=afL5`np3)Bg>9xQ
zH7fH)dQP77ZVISm;Ey?m(~IKlteyyQn*nHCohaRXO1Lb{mCc_eU
zwPC|QUQ9{%PL)6!2xX}_tNxWtsw0IGsw>t+=0#$k)P?npeR4^r@TDo@BeK1!JVbb}Fm1Du&;eb$`-IAuw2l
zbRDxD0!BB3>29#Ee=Dy?y!xoUzH9y>#&eP(uDThPrKVwJN2BOj>JudN(_|XiTC3=!
zXyW^mVVm;^?XRpeRy4}TYt*6dnU{(pu#fdki53sal6S~o%D{&M$PuEUGlpnv$%9R@Fj0on4@X;MaPZOfhXp$B?(LiXZYH-~;peX>O|A!Qhy#kAExX_8+|%$H
zt|z`pUpGccqSdl9z-%T5{vr0{ID;|qy_WKPFER_Lsu($Pi1q4)sNS|s6)&lYNl8y#
zTR{Z^{7>8=m|1mKOvs?X$8Q5&;?kwf@P6W_bFX%M8V(?do2u&3Z&0B!@ybGbO$5cq
zujeYcuPoe%as1hT=Z|Bm*ad)>@AiP;u2XFAoCtI#s_3XEhVId&lJgv9I18^bH
zkcCZ(Ik8}`8agtDr@N}7>(Bp=5D>6mAX8O*Hwf=d_Qjb*D5fJy7k1a8iD|v2V
zcKpaLRmOpqOI!8NfA8o}u#9F}p>_Gvppn6Q@!3+4AJa`3MNK$4YuvA?7y93@;uBFI
zB_Bfq^H|eeNFZjwW6Fh{Ev)7spDmOSrzd7>d~V$G$dWrGNuy}xqnT)BW5cgKIdq(1
z02(dTb?a(uDqgPNFu}3UkT<5Jq-w>A`_Vv)VnqTAN?PLL?o9{yz9zh(6nb?YpW8<&
zIeQk(iSHkbtO(nc+ot^kCa!|dG-L;>nk9%2pqy1erQ1A@1p+D{C@7dL%5YTk$a1JT
zGH%`a44Mlsi#`fFEa;uPc3Fko=jJE~Lo+U8ld^W;!h5(q#&J9VT}&^Qe><5lvpH5N
z+fmav{GmS9qJKc@ZIir1FdI|O7QTyoZfxYIR1by3kHV%I@*-@C
zL=N!fSgo
zJxcxEOYOxNVa3aoW!JX)^?ib%_0hwJmrPC9S+NsnnKgx}y*5&h1|Ip(e|>pQR9OZ4
z^3}CxVBJu}h<&XdwT6^1iY}a>fB>4?tDz53S5Mm=%^;b?k*S}e%hszuy@N<6Bl3hV#W9~UX4Bl
zY3b12HS3b(RNC7WM%o8|1utLO7?(^(q`ARDCUJ3kG}6}8w!?gN_>4Kt{_^MC1~!SY
z*O&1fUb;&y+~oxtRoAw|I=z^lzP(8~S?FJXcas|%W0vF7qQh@@szXX+mJ-=G@pK8B
z?Qx546yReEo3*4_($}8Jj6sJfk*!5XVeMMKXREzpKDih@vf_iEV)E_Dg@M2~m8S|Q
zK0WHX#EvivM)8!mi)ieiT7-#90{=#S!g+6Ln{%7&y2Zx$^hMlmeJclIi5az?uy7Sj
z-M@Z+)$Dm93MJEfl&#rbryfc;gDu@D3%dOolo;W<{0wMO3-8x2}Fw7#j
zLi`5H^LDS#aIS6OP2n>P#S1N}IQRP{i~!-8Htv(SR-P}4M*{Vf17xzCGcPRZ9
zKIU|7{QYmSMJZx`$>`zy>#@d^AwYsrN_PbSPV~md?x~?{f;MBVyu7$#
zrygNW)>e_A*tqHT8ivf^PyLd7F^*3o%%UXq5I@)KuM7axt{@Q8$Pq}a1}kO2MV{t$
zo}QkU)lU2&#+YU9nZtCT3yk^-5Ck5FwE~Q+h}R);SBg9DzO8!X@piC9@yR9xp`BKQXLc%!_h$jy9Hp4osCUc>hPcl(t(lIjF6NR8&rzD
zX_oz?qq85pdorfJ5@v;ezX$0xpOpef_R#aNIPO*3-|XaDfz_=xQDk*&hJ_hfdgg5$*m=a|azd8W#4mEl(D~FiYRk>Ck
zv@@8Q&ttwkT7@0AZP+>Jtg}H?LLaHArGy*6E
zLJ?+UohIl>Pkgpyw&h2sTr()HJv;t+xPj{hus$6Ml99=&Tl!|F|9&$FB|8Xo3YH>#
z`}~)Q7b8^r!(R3FZG~J$h0t9#R#s&YO|mdmhA&%}o{>RkTkZT_5{wTi7eO6Y*L?JE
zp}0joT3TM7#RPN)qZO$s;1LnfCqF%E3dYZvb+R%xKE7d42aM3kZ%V|6FbMONkV`PL
z4#^)H98AplE+rvB*Fh2opty}ljIIsLS)T?GqGHHlsXLN2AFG|fkf@8uz
z`0%2O%8#@NMyZh|{-yP8g!R4CwC?tKq`?@sx(EHMr>J4l9-xB5vh(3}p!b);=q?7L
z|593k37-jvCP`Gt%{+&
zSGydMNu?GlQfP6jxcC**({shu3ffK-9uI;)ZBV{;bUmo!Jq-Ile>H8aR`*J
zFCIL3*sG^!?1k&LeCZqtWzdxv4GM&D6)(Vu`<5AcD_GG%cA?T%Kkwgg;vF$Rs-3UP
zWK{f1r1e0JsP545UjUHOZ`$2+;9g%8Ng!hVHhDV@P0CJ>T*$Uwr-fl};6|!$WG%Uj
zYCaZ2l{UwD@L^
zDA?wg!iPld0|xsply+bta=pj+_(Aj+F|SyLsJ#lcYVuAqI>S&M6YaL1o0~@eN;R77
zfxUP8Cqovxr}!6(ZaE6C;TJo3gEf3&y*u_F=A%h&PmG1b&UKTG$}QZ(_IC*DsaxFl
zw{8CpCZ77wOWYi^Z9?s9D}5#VxxC@%PSA66sC{3)fJtU)%KaK>P>z%q
zhzpj{lpvJ1P|io@ofW?uWnFx;UR6)8)Y<_y$9}DX3%HK$OmI|yCNAXSoI*Y56n_Fv?CuLZ}f9u
zu(HG6wnv|PFSjg^-t8&ZDV<$iL;wJ?`3gKIVs<#6Ob$ioTom7$n#V!UEcP&4S!DAI
zDu|6e_=D;cIGBir51CWBM1UuHgh$3K{mn+Vk5`{44MwX}>YPLY=VN1)my*7ZjT#cN
z@s4dCyrnvBS%`JigZ!X>a;EVRh~gy=AJ%VyJy7f(7jQ|Vem2S7sI~*w#a;;GL;#dX
zaoenV-3d#B98^2GSk$>KJ84J2m=3Jr>R++9+F0J^Hc{>a@#z5J7*)B=J%=tZBX68U
z6w3bu{}|L-oj=iSwXeDfr%q5|2f(~k(tKumM>1A8hZ{aq|GZv%@8-nrx=blA*2vSd
zRPpa@N9%6B(^q}64x~SD*$YPCH->4w>=}WmzqwLzAP7dXOkx`0u25T+8dzyz80Af~
zy=2)PS0jd>!=Rf^O!Dr~F)r-~XtoPvm|2humZRu1@(*t<09gfavsI24^8mbQZSL42
zgnVA(dEt$22k+6kux4YwyN5pbaUFKvndl3zK9;k{OQ%!(oX
zn7?e8b1uLIkgVlot9&VilGVw^>zVTI-sGBIZFERNw{BKf&z1Hj7t~=!O$~Z24wim1
zCz3!p`TCJ}{YN$)q%{Kk|Oys@tg!fpJZy|#&SJ}l9
zr(I(iY5R4jIWNLQhufkIlUIN0T&AXtposxPCk;kj{_&Z+JMVu&ndK^M1!l`5`%B=N
z2+Y)BY_vg3kyd#po20_SM!daj5B`3QQs(mbjGb=t5E<;eR!~&r)VB9w!hgKFa66sV
zmZz-0=yTj~fbW#yM)>dGR5MQ5WM^_sQ+R7{N+@*Ne3S=|yms|Ol9uEHkQA}DYFrSS
zYIjGmk#J37$Ld(Cx=tVS%-2qDkJ|9F~1RGKvJy2zsp-`W@EAt*4nAycHM9k
zcK$eJD($4dX5fOTu3DgrGDhU+ZhnuTq;pb-Ei~>OR}2jLC%X_jU#6+*=LmqEXi;o%
zBob$^N=RuSU^8Hqn0va>f~YnnNa#=vT+_7VD36L{7gPpg)+X07I0bDcNw1U-H
zoH=!Bmy94WpZ=>2+G7|X(15ShKwl_6dMeYd#9Dg&`dIjzOZ@Y6GR9+N`|>%jDIVfw
zNbEMKM
z(3dr`rr2qXH?+0=4$mPdVSPZbo@1s=_}>y-f?ZUQa5GyrZj>=gw#Qe2wH|oBK`8~s
z+3M}a*`12wzR&93A;0R??mQtSB?W{;x`^&_;bMXKLlN|k+a=guK$-j`fLtB7N*LBt
zMlCYQ%UPKc*{U?6`n?>Vl=nQD-s{9l75ChFlr{XxlK?PaNZee_%g;B_Xu2Bb{upd?
z$aP;QO^hBRd>-^pgpMNw4SKI9+^U_>^lnqiTh0}ONBLk*rb{Zqn}Veg)XvrKNac0i_#
zvbFj<
zU4wu+PfW6s-g#FyHb$)2le4o*6V4Fpn|>5?jPd8`E`Po~=IQx52R#WK#*&{`Uu}C|
zIq~iH@b6jTU4LJ8l(ili8CJ~9{j$(?G`bqc8X6C=Vpa<(T#Dz4$)~a#8Da1snp5O#
zNpbON8Z84;d0a)iOMJi*LQ=5HEHMrXNR&#uS$G=|w%p5?W+isnh0YtPeZAsCJZ!`k
zte*}2{e%8)8O4?JfNZKbi=3ix3za!A34%^$IBz}>?!7IY)pwfWBems
z>$h);p=abd@Pvn*%Pfc?q;+CyzI!*bQYpnXevcG!=P%O@$<;tEiRpo=d@P)7oZEGD
zf_z$j#!r=6HYHHxqfRUC9H_s11y2xF7Rn<|6W?&PVpZcfq|Wf|8Qj4DR?;rEC#F1pyuo!^D$@!rJ?#psjaO&R{ShM=VbN
z{-CWrF7}-9>F29gmY&SuF_jK#yK7gkrV9bMK%28`y7@~5N2Qnlj5>ol7iw2^`F@WJ
z(WeLW>h!1?^6hs`{HBgDWErxnUbLi_Ce;RtmKVl%*JW#JSN_>6Lp-8NMl^+to@NnR
zx{xKJNL(;zwizCKXMKv-xkpR&Vxt$HZY9J1$ssSt
zN55|^&g+lYOGi|2B0yN3j$}_^Wev}4&5_)GIh&iqoYyP_ODc3n=h(&}s>g8i$)(G$
zm+EFe2=ZOF%rCWmdYBQ(RY5oP-vz&t#Nd2^0!;k)LbLu!0;LErC;IsZ@=Pfc&tqi
zkMMFe9$~);`TLg2&zhzC<|+a^w8uX#<@8C|cS42@rIx{18f>c+FI>B3M6Qn)JQevh
zj6upG>(7rmgC3d#SgrxF&78t*
zxmrbpg}uIXuzDr79V|`-Q_*R$c>eXJeT@?msX4@iD#LW|<(LB&I
z4pX23D)*_yFV4%!O3N<2{_bH(5^CI8oV_AogrHQz`B$g}F)I*g-?L{4hxtZf3^1g@x=G3IFWL-}uL6k}pztvJHa&;VE&sT;xsc3uJ6cSw3ZUD*rmYwBGv
zNbC*-Z1kU=z=2zMde^R9$Z^rILmmtQ9I4oT?E$l8%@
zy%XX(`41MHCATOvDl(#{W{@PG*Zf2czNWfigDAL$MUe6oh@ctcvW+HR@B*o>I6GrO
zIEGgh6^AZO4rkpXKPQkX%ce9;uNW~W_qM|QWQfJbTgNWog8#<8uJrf{>Nu1FS
z=SWaqzvr;o9KN#d&OA#7*pBwKn6q=y;O9%mkl=aRpKI5y5q@+^41ZkRU_9Mm
zw~?6an~&Klcy=_-{XNuKljOO0c&JX$yB+F=?do8i4geiY4mWfXpI+DZfsy|Q`7rQdO)$h=dk=grCF54l!S
z4;N7Ipk4nq4U&Bw|M*CZFty&!>F3Wvl^A?_aUGqJAbVqo<9*W@%`E}NbP^c8TJH|R|_=pRL
z7cuh0RMb6?6U@d?-ilHpf1_F^-J^(;R`cU3}{vcP4lzl}9m0Lg{+zhgtH0<;9@(Zl)#c@x$fMTNH@4Bwk=g4*Y70sj|y5{A8@QYbjhmxq1*!z%kU
zAIDdBuyiK)9fi+^@E6T)Lj>i@U5h}+cgKoTVjoS%hJ%%rdl&0`f)!HqHWs7jmz|Uo
z*CtRt@q<8jmFikbDZRE^npkrQL6mtIy*u$;ss+pB?C)<+@cjW|KpPVX$3Pm5rWDOu
z57P|s<#u=_bI*(L_riBCi1JbQwXEK9n&p+rS7P+tGR4rs
zf)om~Q-_q9shbwIpDQXxf7@lMPB43h8CNF`T-ev;hX&}tj2)ZFX&&zPE2Qa;1uKy_
z_Z~w{NDjs_hC-zsaC!XqP?E`(RH$DAX3AB>4cj+T77?x^-B>S6>|6eDBYNIyD}cmO
za|)C!9DAe3F!#9XJa5)&8-X>`>SwpV9Nx<^dGPX;E77mz&nMiYaCu&^qWS!gEj(fs
z>s(tO#mF)vL2Fbr=+UklbE@!OY`C8*!l%piPUkDic`MbZ4mw$q*yLq3N#l@r>rnm{
z3J;jXHaGGp_5`n*8is5OSl@v@RoRlTBv8SlT-f^DgX}#-v>qg~>d?DhK&)Ks@FL;Cw
z(x{ABf-An#2kPBb{6F2pq@J^WQb|$kr!s<3Vl3co!>u}5fFC?
z$8~r;N5vmSM^=Ue&i=?D4kAfL>?91E;LS3jnuLJ+^br%{{&gn_N%349tq*_#zJHIm
zama-1xp}d|Z~ciLd1Vr^_*#@{TzQkgbujP_G0ccVnpKi9R}S&q=o&ZHZZJ{+|Em-w
z`*iM@_&s!qDOj?eaSp!+yi|Q(#s|*LmoMGI3Y4|!^Eod@J0kLg95KPml^4z-UtjYY
z>|kK_0Fv*-*u0rIUgCLUCfs8w)_IacJnQtSiC1Q3d$e!;S@D@#xOnlz(%UWB4Du(K
z@}zCD+`__ppp05O-rPzUv~1n7#mNcQXAo5J6-SEJfECww{y(n#$c=YfYKMCLgX2zg
zdOPr}>zP%?0lPeUJN+_ne>4$C+J|uFIoHQHs`TxML?`Q~%^NXhL5@~P{gEwynla#9
zw$TN|xZJh>bzP3u;#)@KH*FDWU2LpI_XYzO=N!v_%PEs|?E;ow;7B3H4gwmD;?DV_
z`5yT{u$Kcdf9hUiaiAM<4AY#OFRHAZq&Rn=A5dd~5C#?3B>D-=3=9Pa0funim&ZU`
z0RJ#U#5zUBd74*Bt_b-qW?o0y$QctSmewA!gTn@BOAFGrHL~JP>K6M2P6|#f$hv)8
zSi7{O;?dcGw+GBF*i{Gd#vD0a@iAV3f(~%*7uE(bT@SdcX_Bl&0C-r)#NlVh$;v83
zrc|TbE4+GjC0ayC9Hmxkp81jt`nkX-D#YWv5dKO|rg1ehoOud21LUnvubY+xd~|rI7VGU7^J+v&mOpKTB%=3LD6l2nu#Gp1V3ul^_mFNI3t~2nUjfe!iNC+
zq1_Q+o~&SV49Jy|Dh6H_LnoCGg_l!oV3}jauS^0&46_Gf*hX3Ccbdl{s)RbTq*vmo
z9L3g>#y`rWuF3L>I
zn*$dr?2md9l|_FRC(Tk)kRV}y@fc>etP
z4Mhg_UEp8iS3_2=8}0AknPs#h^m-T@KL&n$ibe({v>OCD)V8TC>cb)S>(IMMn+C&apGfnX`Y)y6V(r=c-OTRK&nWL
zf-&eHQ`9zWNPf=4#{7%c(ZP2{|G(~`)LmDKbnuyMWuS_H_$M6Kk0!sy8v}@Pr?FJ|
zIS}7F(F4u{AW6UQ^OGu7vM=Zb{N{9lAq(pc`w!Ndo+wu>@Zx_~S673bY>UbX%{&Y|
z*G$CnEBT8Naf<`2`MZ9^zlfH71XUv
z{?H>}$BSI4Nky<0J2I~o{OOu_gp#;~gd>i0G+PEG4#91P+o@ifm5IXzgdud!Uo&JJ
zOBfy;tn)iUrpRInu1PI}z~M+DHNXJ)5>ke}?LCK)uV1ew>RFF%NlgG~)CoieFOzcnVf4)^i=`YlPm
z7k~ou@7}c%t5vw*ymVncETve=&u_pTzT;53)9HSe?oo6YEs2-sRFm5_;?tIvmVy)b
zXLhz&=M)NORGuvOuy{ImclYn|8=PZEs(Qo5JLHoz{if{q?8%gkNRg7$Cvx32q>C!Y
z8M4eTt#p3N^Br;5uT&)P+1W=!Q+0#JZA)R-{1j9~nC143WN@9{%kkvNxGmzg(W0Ed
zq#Cm+($fAu&sKZK9El1qTFw*mKIHhY=t;qCaqptLaDwb+=zoSgYZsaPE{tKQNbXw#
zyb?{Q8D#u2Wr7k*DJ_jC3+2G>4$tsSOo&
z_IQK1r@1x>m^UzCXTQccBb5&h670Lfmga=
z&1tYkvPM%+pgo~IxRk=R%30jd+J^{_8oc7klaa{0_jGXsNT^W23n)9JZTX%E8F!j}fliCe&lRjjai43Rl1~c0`8dCNK|pcowzLKD=h2P@dWBP7p~5!4QMb1f
zkdEG3_(A(hysTilL{#aKuocETI*w>WJl^IjaCUD(DXct);Tm-`y)rli#l~c_XlvK6F2_
zu`Yv;?1NsaAIleC*{vinUaq1aIA&0muXQMOM++CHKCluXGCzL(GVBLXE+r{hJCT~e
z?Z2qbrY@i^sjl403d2nJH;u8|#UpdSTg|D0se%D+E=KmlJO^)2c~|vvzHG(l8R7I8!dmJarh&`b|i->*AV$_xy>Gm;#k!2nb!LH37>w~%pq_b*~
zUxm15zy!?1yR>Cx%H6$dfFvP->uTe=(u)=I-Htsb$|OG(pQQ>1Yj6dzCc+>zPBtPB
zwQ!$eB`zwp+5h>)?y#}z8TWfC2=H|2I3*AY@KQ!?V<{zWDnmSfaO{4bd|S16rGHZl
zdwuY;t^eFC2XV7{G@l6_DN-1_+`_Mm*a5s)BJn{7yxhyvzHIt>KX8%nUl(5g_rl9N
z@^GX&Hy~%Uz@{bdukt-uepp^GruVqtzb@>;fRB8Gr4HLec6Ek%P>Kf)twFqC27El{
zaYl=if}FEP3qPjZ{`G4ktI+eLzL-4=2#={zE}T8cFp!!=8$)H}Jy0dU&h;k56g8hZH)qq^&^hB)`gRq+0OYF)0T$*DIi;faZVFLafL
z)!pFt`!ki>SH+q*&xn7rd;i@xY3q*swUX87MfE^F`y+PjGyI1LqQnzOZWP}1=6$WY
zk7dij_hnKyxx}!uIeYuu3bC(CDGolQC1`>8v+a~QpIERvj<)wy%(RYmx34SQ^Pu*+
z=Ee~NS!_1C{H=qHV@_?{<)H?T1ODDchT`A0MzleSLfbP%kH&;r9+?dzyZ@Z4LLVW#
zJu<*Iq?>W!o|e{9jj{AALxax@^q(#oNFJzMsi|6OH&L~_xHcyuKAb^+1W^>#RafCr
zC$+ynkf@fJDE2ACgu6{XwCdMr9b+W%=i1);oHac=+duU~@!!w6x%~zInthV5s{&?g
zQ;4Sw&)n_ValO0lOY7!;U+wCN?h9w`wN9!im^rMRY(xCK_$)rNY@hx3H*b}N)PH~V
z7h-|ZZ*I%{(SIDcQY>mzLQ9y3BkV##T0!rGv@%I#hYHs}pDK@A`1Z)_yU)bfssa@6
zg-##A{%S5`KD^tfBblq{=
zQt-leHFyW9$5+OW?-ncnm^oZ+#Qv;%+}_zQ<049QOb#5#Gce|J&r?L
zbo^u0l{3{;_WG&Z*Z;g1J!a8Wh8InK#qS@u_5jZtx9d?z>Aucsj;O^SW&hk;Yq0k?
zPi&0AHIo_R`;#yBn2?j}kgZ;-4CD~xxN+*_zb|(9zYVj#=@N@96BJ!T16P0CERy
z?kKwR%bDxmzWohWSihZ!Am;~px*?;%!<2cA$`@oX=hy0+H=`x-vAcT~zm8dh@z88EiCm4<&}{l_tW5f5
zoEjLHdM==_n$rqti|7-
z_V(6B?Mk{jB%{Wp(&wexb@+%+$L>OdlM+CZF3u2RwBWjU1I)RRR|)2Yo`@>LEkKii
z8;7$;ky>u{qU-^bJ~cVXy`IIl3m%@LA>W+2zOQ#rKO)HVQ`k*2L6b`Np!4yWJ9&8{
zAlbk*wvJ`PxW|_M?AVtSWzv=Sy8_!j8Bv5wTVQ7jl8)?#4c7TGSm=)nQB8vR7p>|l
z40BNLx#>wX0(kH<9-xhSdkegPy%7)e!hqjK=Y>}ER>L`M*V3gIrlksP*Tzy>k5?3nUSb%46&5m}
z6)Y@VQq39`Cev+`ALq*`U)d(PwtZ6Vy#eh3d=WDna&W{mUR4IzB8N*)!jogq-o1Y>
zEuqF0FR$CEcVzfHEi3Ksg*P+cqN{);qo>d9Y$_>xXeQ&*d*z#B7*feAliHXB9P|16
z_jAC>oeoOk0H641Af7>TVNN6DoYf{CXb6V>P7k?}})zI90
z48sgiJfU!$j@+Q`KTZBXYxElCWJ-L3SlU@S$xKT}9NPScKL%7WFno%lOWZfB$9C75
z2SyK*zFfP&p&njVwpmjV?^=L?=6>c(*uDs@M0!Y^zJw%>S&DH;c5n7pE~MxZktoZU
z22RKvjC@C$a!b_xr-FV?h4nP8a$?n+&reQCA=s?7Ukm{<7;$lI+qMlOi`wLNlHERP
z2pcMNXIN$P#lbXtg5r4Z(=!!s5RM(ppU3tFMK##F4R0f30)|KGt^FVN*mF^yjXA|t
zrKD|_hU3m{%t>qSe1K!W*`kT@DaJ`7%4AwdH*|Mj`G}h=_)Y1Rk1$TQDJ%
zD?4j-(2;t3j(MP$76NE1Ym@Kct@wB-Li+oplMPmL$5iOY3C7?LNlDH{{NC5wF+Mo>
z00RQhaCBG(tHW$>FHfO*S^b6<5f=pHy2}er`;{@okXt<&`aOH-Aqm#jbxp<9XI82E
ze$T#isZ0N?(FO4czPV%#rac7|8n9%8J0?!(RbjD#gqWzT*SJ!dIf56soz&_bdZq>S
z;7Q&Xd-r7f%qHY2?apU^42=)e&wnWBEB`*o`=!HolmGOU;bFUWdV_~QcEt(AKoYsv
z-ri++-v@v2Sec?gfUhsi~`jm5VK+tAR*thcmMd?z!^tPudge8!YtEG5<~CqUA(n<%D^kB
zn9&(U1*lHkPoHiGG65E%Z-Oc<;trLZx;b&S6sqNW-yjW`XaXt{!7q6tGb;ABk!m6TjXHywU2p*5izwe|H-lou#gLT37*
zypg-0{-EpJO4p3-R~{XIyI}F>^Y|k3)>3$;?X8O%x4P-l#K3&M%KMxD*zmMnj+xj_
zHo+Y%>{+uUGYMw)dLSs+m1jgZE1-w-cG=ZQRKN=7m<{d?!KnuubL0B;r#w7ZK>|8%
zBuq&J=+d^GgDRe#%@+gj9k0hGXRVVO&mnGXf{0c0A|gZd`2r#1bt
zu*`h;Ffc19!?B+hvbcs>-TT|`{yOdVuZCZ5JCzmExc^*p85I`8(Fs-@9J|otsRv|!jdm<)PA3@qbl*C`ODK{n=g;d=VV>DyQo)VHz+cKqff*9X?*V(wp|4@q3dNj^6-NZ6G}
zNjS1m1c8!*cgv@}Dba2-47f%0FDeVQwY4F}#*1kSD2jpk1ByzR_~Ea5jmwWa90>Ro
z=S!XVJUmU4e{pU08j!}w`7(XI{e@@~EEID~`Xv@89?GHQBY^=MlY=#BU}OXrHYj4(
zTNdYd>==B{tP1P1DF8)bILz}ue!w_xP8C}bzI480@5a+KPY=gGKBFyfoS_%F$!%fb
znaUz7*xZ3^HvJQQ+V*d*Yoe~xd0})pg$m=RGhaJZRaYltsKAj!hm0(Yxbx^w0Nylx
z^zt_pZRlf4+G=58DDmXWlPJfb8;+!A(2&~U7owBJJfVQd)M2oUd5wir(ucvjfRB$8zch=a#RXdq
zgT|Pvh3pb5^F1(2S$lo)rr+boji~E3&XYBgGaMz&mlyBfzj$V7wdSAauWpI4Rm%^(
zn2(kL;ofUOwupVR$k9~RdPFX8UF40ZrUphvz*%33#6_I$0yYhAm0Gsst3WsX{QRPA
z62O53ol7r)SnG5R8#Lx@5+%jW#FF?v2#DW%GXWU<+aax
zjeUG``iVLL6Sp6$yFB$
zK(9FXEH(1K|1`E)82h4<-M0|ui7NjY9^*KFsg2C$@vGq=r}FyN-zo@LZ}Mk)2A_#tk1=bS`B9~^e@?Dhee2?x@6uEH
zjqq5Xf+iB53MNhw#Lo->+yMv5vrOo*L=znps%?JI%5e>W?*Vx4L{&)AXAem49ENsam}bI-`$K48SA2Hbx_I=}KLlr7QvBOK+=s
zN3I7y|yly6+7-(5e&{6)9l6U$C&gzP^-H7F1o6
z^hkFN&rZd)V075Hq+t}~God@4m93l+5zMgr{E_@Dr!YNr%u%M4Dy^
z5_-}87w(+bMb4&rPZdeM;QEO8L8Jz`YEIiP;Bh2a^qLw)m!E(k<9D*}cbB8YCDFDz
zfbJDeh&!MzzNfatMz?PARNJ|k;b~{5x|Us)>;mAw(p2*_vTlo|2L5!t;V=qDCnK*P
zD3+{63S~_biW8BWxwymyqxg#DJqI3X!pXyj?Z7_6BixpzLd~-eR%1#<03~mIxQ!G|Ect!tyQ90~AwwMKC{$}N6@#z<64ZH)(9lqpgK3mc&n~*bX_2tCK$HW{oUjgO
zxotYuV#LDA)f$b5BvyizkJ3Z<%0bAdJ-oepP)&L|%G%tv)}?!R7i}W={I5Rv=H9+%
z0weIS-%yW3{1wcTL2NNp1|`)Lt4EAZ81@xonA2Dn^S%x-Xi{}Xg-vSLtdDi%5|6CM1c8vu?kz$9q3epk=lisV5TZf7
zytA`-KT^R{m_4y>-R-@Pz9GxTCdr{Xo;dLYv_W(-U~iOxw}tu>&zcB1o3VlwE_R38`=LO^-H@(){>$5`!y*!wf6)LlnG0EfCK1C~E8
z+nM(qv*uuB(&aL3JQbNp?-;baMPm$;>jCLBm6
zcmPv!gt=tkK(jpfUxu$bAD+09mRL@L3ys#${i+3pLoQr69+bIbkP_nEKEWzMb32#`
zRK*pOs+{$xneFKq=F<$n#vNbwqDFlTjW(IV_4!xPY|EH~>1wCaJvKB~ku=)mS&Wvt
ziVF@^J9&78Tw$+AJD5#K9<{YCb(G;M^R06WTX)?qIB*3r*l7N#kyp%v;D)x8(4IfP
zs}oFbe+%ZvT8zrhoxbR$j!;V-CT$3=<{H$nPd6+$KgQWa?C8k`vGW{4)cY)3nQSa`
zWJz#Q2w#^G6dB1n#jwLkeB{>f*jVgt|BsNZS>N50^5MZ-vHyDE?vbX^;40!lg>SuC
zcd)tlXJ@7%`&2g20W;)pnQuhFy2wyMP2^^+M%pYVsd^B5U{Tnk(
z17D#mfW>!ERUoh?D)@;ccAzQ7tgHgy%7p{ML6U?vus$DV+qN7Ue_yr>dpJaz1}mAG
z4bs8P{Sg)1MsV;CzOO5eS(6unMrjBYZ}WFMr=Jr|Jy^)>J~RH?{xD=-92eM`4k1@)
zJmf(Oau%=stbLO8Yxkp-gN{-fVVY&1#>eBELyxQ$t{#v60Hxy}h8)MY68jjkz#8Qu
zrsPnuv4^MCxag7UbI_f
zJ1r=pprV0doizNhl*@aSx_i)yTaiQV=n3O|HerWEVT-u9&YnBF29W^OJX7TE6UX9I
z)L`suz^DZ7cbWlztQAO|l4ee$fN~-Nxmu2l$jcCf#1BbY67)!=1@kS1oeJY+1Af)u
z9w%spUlA~TC3QN(FLd&5_yVBd;Ugt>UBPDdc-#KvMZF42N*rY@S~+ETY)n&XgJ(;m
zaN@2YRI|lk6(b(lTqdG1J`H*O`lqm^C@HB1(-=Hh?}7RiM>F|Kl0ce!2&S>bIdr57
z`BUT4R@*Tiy=!P1!sku)QMP|{aupkn{au$E9n0lb=`pNu#h=3oc8DFc0Mn>DSFc@5
zY~24PI~rqdc27E3pU$SNQB&mS@UKQD3%YltAk%a^$Axp}ov9LYvbVHLI&w)oD6=lK
z{+2Q7Eq_s}u5xDiLdkWIuS6
z+b>8#rnEg{4##IsB!Y-6aW*K&vO8+l98kMJccdeiTja*Fw#|y}(-V#(KSFUl8yQ^p
zUnNXoWI^BHSlx0FwUcn7gb~pLd>rRHxA#0y&{M%1(y@#?3b&vOp*HLiA@3pwiR#}9Qmln
zI)o*YYblZH?!m$$PHddgcYsbR~`R0q*@GCbpFSU!66O}>yKE7z&jn>|Ah
z9yLb7F2b-pE@IppLmAp@VS0$Wn*LTkF3#HS5VU?PTe=fW)`Yg{n7@2xenV^3L5hm&
zCtV|`Co{PGZFBCO%5~gH(|M2}5Olyv69K?jUgg7^QjdXzZg71&w2%76Av6o{CI0~u
z$7H&3zaT9rVZtG3pJ5W^)lM44t^sTHQBo_MM3?`1E@pFqsJr$*R-4brF{*=d0Yu44
z6;=9GTTbgNI}JNui4Q$JJ>qLP+LcLPw+mN%78xLfvy$a)*LIS*)(hpj9X~E$nTObV
z=-|OHcCLGtEXL5dWS7}X5Xa`}qYg@zx(qS${a{_@e#(tyG9~umZZJs#in;TKe
zwIb`#O;=q}HA#B*eVrChBKqyGE?=+95mGvbPHzMQJQ-cnjTA^nuETw;3TZC(OnR3I
z_n)n%tnBPhU+9<=3?bx?cNH^BH~t{ef5ubY1|?FL9)cTDwJ
zh-n^0{LmdJmYWd^d1pBSpZ*`h-ZCJ{c554!9y*1gyTbuV>68#@X&FjFkq}V{VdxT&
zGH9fwLjk2*K>;ZdB$XCKK&1TE+?B*w)N^9O{AKVH(7j`(gOU9(Sx)0+$oha0x}gF(0YjB(%eR0-l&}Y;
zW2|^#aZ#A$Z!9rsos^PvQSR0tmE`&G{n1?(>8t&Kw-(0inDTV4nUxX~9?KecwDW&!
zDyt{JTOq*PSBW(yaHuA1$9II=I@+*CDJmrti66!h&9fI2L)~tMhrt!wiRPcG*n}bw
zxbNrl@NfkW&|!WZXd$jyk5nfH0(unyLcqh2ldR0ViY?gC3C`KnBP_Y|GaxsM65Z@x
z&RLz<%$t0B$^USNQ|LNG$_FH&j(+MP@Ga>ySU35D2`lFjFF`ugV}cJ7)CnM%g7(f{
za0)Ta6g*V`)ji^OVc6atXnQ%D(BMDxMA?Uio&7IVLtNdu8+?THeP_QiM9T`O;*OOy
z5Co7_-`}o)M-o*C<$OMHKA{^5R88~$Z5XLvckPyoOWz$%O6`T$Ojyq`OAC^W2ozd<
zl>bGwPrdgmPdMe-T|}EkrFMIka6i{jly2CDjy#kaysqE9OT5$tN-ho^6n5{+kto@=
z6bR4hKqmHtPgj+<-QCF6P-?{L@R5)Wr(s*+>oR!Rj!7rff>Y8T&3N|%sj__+(H}Wi
zNAIERzm?1Y2X)g8E3t$qsi2@hmaN6EvFDlOYo68daPNVYRm9Rbx~d=u^%Sk`=%03^m7_Y{as8QuGsneEdi-Lj
z9iY%&b_SVoq7>Q%3fITiiW2~k1c&;p*(j$h0}J8w9}0^)_yMDK;r4V2ei3MG84@tr
zB})!fEJdrBD*aiewa*z@2a%?rt%4c!a80Tx)Ad~T;^R0SN{NNlTI!^y=y?ZpE?aQe
zlVAXNKw%0gfk$!FIF~kw#0LDRTZeAD+>vr>k)QHfBAe*ADugVNJb7DXEG*$}W`(yT
zW?9?K@n@;7`@R7-JWpBNpbA?WPvy#Hg;F4!Zt4qaV$ZqBTp+y=Ms
zc;LC%8*4SF62fsGFVLjW*f81H+Jg2T1V7$vT2vgTFUv^WZjkz(CTpBgr5XV
zO!hAp`L7_r^>0i=*HMPkX_=9(g_0NdGV%7ZvR(r!E!li
z>51On@4r4OyPO(O9diDV(N>z0B<)3Fg|i}>b%7)uR6nAs%{i*)1PelqV0H9Bw)^lm
zB7%P^X0ptL&r_v97b(GkeA#7xQJaP=)6d8}DRe0a8Y@u#)>RS&QhiAUYZVp(s_S)@
z6UZs#vIT6Hy35%pdyo6w<&92XK-a^K3UW6w7z~8aYuBzlb)FS9j(B7d;XiOK8o|b1
z01={mg`Js&RX7Ig3rJ+gcLRjppKCY2YD3uZo}F$B4u)FQ@^r!o1oBPS<2ls3*fyY%weUMtbhr3N>T+C8K
znBCFz(s~^-y~ap*RE`&h3?X>n=V>oDbyKaW6@Qz#-2902i6cHCz`3K{kOP>2BG{Sd
z^X;8Zj?m?ECJpXp_SO1=h+ELzg|`zL$>%pfLGkO&19E0*x=S6k%yh7S@oH3n}Z`F9FfKX?)%!6$th5WCCz{PjLZh3izPwa
zQO&8RBnl*#S3Nl%5KDxzOP{MWMNxGF08oPq*j;oFOjO?AFzIZr(2eqSe6a}gMUz5`
zBuH|k6x?~Mj5^2QrF0>+_CQtmt6c-SL-3B!~lar6X745@Kr*!YD5_MT{~Me32|
zk@{MF2wEL&gu^m;-D3u}gMo=FhwF_hSG2M}7u&{YAt}hEZo*iL=b*ax_gwHtJZTKr
zXyAKV;I*w`S3ZOlw0^KCgJfq&fxiJpLx|VLBw8T5*G&^5U{q_bCS
z{{F}7xrg%ho#CLtaKQGwn|(G1NV(VCPw`$^K<$4EvA{cF1KUbzX=yEVL8Qh>d25Go
zBJYG7AMa-5AQ=+X{_b5FR1#Bv0EeluDMhynPu)2_Ot1b30EmcT?m5%&Hc3m;e|4(m
z8B&sXqjKPa0&eoig8P5NfB@}8{ND{Tr!NKzE3z`1+t|#&sf98i`0URLAfVDGWWlpi
zERJv`Af~CG%tDO`h)$7IYl1H86Byg-MO8L|CO`Ckd5T~kOz@2e`9f4~LRSswionOO
zH-_-LKzlYmz7M|H>Nw$Nop?-wn0k&#Snv80B%OnO0|POi36#bF(t&hS@DbZrp3AUq
z@o&)exCSsqhp`vGKnIk2A2a2`Y^2li0{W&k2du}i&iIy#b!eDjzU@Qc<0XeV|2%L1
z5#*T#RZ)I-?sQEbCVuxK1Dp?*K-h11Ne2$rN4};3obfwN$GO8w?^{$elO;xYwB_o4
zuZAJMEobqFUwilT^_fGO0uK3!cmdSu;0g|sa)}43avUAn
z406nZ#DsZ<|LF{K_2SjAfg5gE1Dq&$&0uzfUEl@%+C@W3SHXC19!ehM8kY+yT88cgA^B#D;PU(e|c>%m>viC
z9w9z{rgHH0!G2ghd-9kE3HP-tlq^IDkN$2%6iH9LJ~a`M_@a_+Q$xAE}U
z!3aDp_@1?OJIUFgA}QI$zL%Q9H-vBDgHLkHM&kzd?VRhFs&yu{4tova_ne19H;S>?
z$**tkU&Cr^00pBTJjk$n_@@v+)lnmA{P|(PW2sCo_5*E4!c7nkbv#8V_3_@s)PC5J
z7|M#Fesw0Rn!ikzN9k1b$4Sei
z_kWUn;tMEy58$zXzHrH5#{#gnI4Qc~7v>`hLl7Z8IW-M)&w`lfwZ~6=6ux6gJ+Key
zjqwgIf&f6;(0#C^vwMzUQ+^oldluOWZsTDE=ASR#o@wM1O-csjyO70>@i?9!q8ltB
zs*^2(u^Hqt&kHOXyhhynYWVK#iqtRCx%8wYj_;*^R<<(6iL(6V8s7TKSPjBx_44Cq
zdhyxl(2lPQyb8PxFonYiR^lCLWiYwI9N?_sdxknCG)gmj9XR^%rp
zQra<72z^*n5Mcw=2@K9m*E4u5?m!-dm>Qw6ibIpgDt`?Uz^#{XLm)OeR^4E^c;gB%
z>0==_6lha-{{}Oj-ca}jpyXFz{&OGl3vl*f86IrN9fBygvcCTARYTw(pFszYoWNb;
z16u!F<2YS_<&v<10+G(^A40b#%FN4B=|{e0b`BoEZ++*MG_)T)G#;1NuOO?59RglEAZ5GS%0bBWkQ7{z=JD+9?SbFk&bxpu;`6YZsX?$@Voa)qEfsA$_ORGugQNMvA}qgf
zqP%H81mS@_r$r$
zKg<$`InD(6Sq}mkI4bF1*AlbiI-ILIT3i6mtlnI3Kq^d8P-sTd-Ur0SE5f+cGX%_p
zxS#xu?!8WVG9)usE%PKIDhhJTPe2k=zJ4>rb<0YR$<%u#SqT~Q%hVK_OFa~GpLIwh
z^5Li@Zl~VY_HP;=w90%tAdy{E^TXat82)^OB8lz}C4x}RJ{?I-jZ>x4pUv5!vV1yj
zZijWZIjVijbu8d<(6HVCqG
zlX^BQ9LUb&_s6Pkb&EJu%T6-*^J{8x$H_Y_0hl%ARx4j6f*Bm$(x%
zLTiJ1Tm*aE?gtI9^5hmh*3;#ojnaLb
za-z7poT*gxvSMeh%iO_BYO#Uci`hL{uH_)Vzk5eZ*((8_<+QNXDDL*o5&b*hG2_u=jU|E3?25Leqb-0CP`yfj+n
z?$*5dq76%}h(RIE`DU_1^}NB|H!StBsX=;Bj`M99wEz?k1q@uOj_a;S`jfnHtUYpM&ND$|K)JA?&G1m5mxzyjiD6Uzo~LdRZv(6jr8SMG2t!k)%g;6
zNb^_RLw_F3e!;|j$!dCNqdgg6Dc@J6w8~RNga4See~?$pz^emm%LJOSLla{_ZPChv
z#EIJCuz+vPIcw%0`T71FKcSSz3qHbmM
z-`Bgnrq9U!Q;DB!ufk23j8@}f{pBd-WWPo)QI8b~A;D!t_0;i{9n94BIgqFiP}SEe
z-SJukxEgwriMcr}Ti}Fn4~C7FX%Xlhmsqb@mj){TX2_N{lpI1O9h;1zgz^30o86&U
zCbIqM6D-y7JFbG<3=NyePbiaJ*`~w}a_-G{`2itKiUy$Nm-q#-_JOh~kJQ))ISU{&PiO+EFZ$iYnJwnTxk24j1~>=zYC^-|gpU
zme`+JtKv4=W7KfHq2>uXICc~d<3RMJU?b@~n3(0fqe3o}g_CN)Sj=1KS|Jq~NOvJ|
zBTEFKX;r|V1V6NS_q6&Sl)!Ul;H~@SJYc2$z>3f3(yokHJ?lYxlhB%rt`fZ~;4Ys%
zOQUC->bbSl#==qY1ouH9=(xs$APi1*1k@yY*UTNzOvl8=F2-TC2f^m|N#hoCc>#HM
zi7`ZoArY9vEe$#)D5Wy8WjwD#DgxKSb`nbtq6qBZ^o{qz$_hVuER}oFrTB*HK*WGM
zYdB6w$u?MI$xa4a<HoSe%ij#ZDGJR^o1GpVoXVn{Wvq
zPm1iT1bBX=9jO+9&q}9n9({BLtc|9Q=B6$Vc*Sho5h92FRL;(pe`gciAXzrTFzyA$
zb2?0j5a3V3$p9)blD%%8{w;(NNyGN=5ZZG7Jw|t=ZPb6nf%r={|67SNqh-
z<`7XXPqZ#GG0^;YKFl0~`s{l!XPlQiWKvgCgMKNTFf7ZobbA49utROSMjWZ@p+6;D
z?^2%wc42iCW`YEc(9KMlx#>n?TP|aSmYQ1V&)RLrhl;}bgH#)#^rF-9`d4@nYCoO6
z)4bp>2<@n}iPrP_DP)w7zv0V&J|1d22PPLZ^mozG2%BVJ=;m>i2V_98(Vtd+*7iwu
zwu58u(aEE@zkcP$q>++bm*>y+C+%L2g~EitgJ#5n$``g*xl@x#3QM!HvE6ocjXop^
z?T{iI(Zk~S4hB2!XwKmy2j^ZC83*+oS(_l{
zQLWwkbAE}Zgpsp1loM5X=Cxe|ri5h`TNx$sB>C%c?vv_*&{Xe@nF`NTO7|2F3*uFj
z1^=5YEaxsy`BG}k@0>sXls|N#-Wxy1IrUmoikwpC{+iy+{&YCh790n;SReyiv4)$X
zykdL55f>jps#qxRC($Nwgh}DkbfrH-KQ8|IO|6RZ`jeC(R|mVj=u|d4O;SVt;aS0D
zRYeW^-KWRBS5E*z4k(13G@Q#&Lx6;!fF8Tf=*FiVd<0=W2O<&{!s>zhPm*6&1lqLB
zG=`Xvz5Y8)Q*2Q8UC`x39c+t*04e2(FDf&{Lv*c`(5?b^k_>u$yl;gL+>}6RDkLQw
z!zD^o3{RntPBh}|9=nCh*|6tUs6bj7VVITb`Ei&P006!S^rmc+_vf?EqjVIR_TMlM
z!fdC1`A|<^r@B<(wFB5>r45dh>`HIJ9R>=wl_x?lQF}7G
zh_(b?SXeAagfe}P)?+4d2mB2+e`qib#s#)KkUqU);R^k8jX*r&3DUsYm5J+YH>`q@
z?H$VQpMXM%h@()|8Zk7kq*nN0kCe)cqt42Ot4vYz=b)Hcxge%aAJG36PzmTq9Agk$
z#w3L0T`If%M}Wlu^jJ7*iCU!=v>l_hC>EWy(lLCjarV
zTT=(kU&e|p`4x|J4;Cfn`ok}viHV6A+a&+(vs*)JLL6!+{p@Y`DxNBK{WHoM
za=p@O1o$Cw6#y5Fvm785(jsqaH_#kGNBem;06}nt;J35j2
zFP8F8_@Q2mLV{#np(&-`h14(1vIPk2T)tqhK@UgiAjD4g)}
zy$3msCHUwEctq&3cA(Q+;?uyzRVQvGHi{&!7ZRtQxnJ&
z8CBa>RIxDf*E{q4esM+lN-}Tfjk?co+g!30T-t!ndF6ZRc9z@<89o-u#4dIN?-$7m
zuQJmQ6cLI+3=Zs@c10$cn%oiw7h-0ceV_P3lfba00jLs&-`(I
ztMA31BVJxy47FNYS-Cggj+1$=Ha0%q^u4;rZ1eb+FV>wf7}PwUj#@v19!S{a&Q^?~
zu-gF@l84BlP~({ial9wd+b54d+DS4WZxzqJJM|XbN@b|be0g!%@kJWd;*@L<12=A$
z>s^J-wKr79NxW$<;V-OB4fa<-mvrb+65w`KGr17{*$)2uvPe$#EApC8z?EEUn2tS~
z80^bVOT`V76}YCGDwoz?GX3IYHsIcV`q*GJ%Ws{@TE&%SCT`=#JKI;sv(Lw0Q;T+7
z+Os7iARG{?E%3<#GblKFu;WZZs{qZ80iL`y=qzB?H}3>i=5^3LI>uhs6f+DG|C~Kl
zmu!rtBI?nNktn7?QU-;ID>_Jy^<3zBY1?#LytgofB`I-47vX&?vo$WSox@V|npq_j
zg)cq1iV2NMqtptCYWjm+
zFq%S}zd1_cwuyr7@7$V^d+&BjVnJT2ALkFUBAlu((l$N}Z7>%xMRZM!zw3WJKJ9IJ
zP-ltdbd9~GX-cv)C)f#!8
zTt?e1hXlq`|Nnoyb1w(u6pK#XQ8!pN<5;k7v#U$2S5<@75+Cb-b{7
zGoB;diD;@v7U3rSp2xcD|N0W#sP_73qYA#UvyI;KjvALZc;SZ}@i}=i+OeOj3VsR0
z|Mg3PFgU$cEMvZdGEdIpWwZ)#-I8e59#MxUZQ{K_5_Ra-U8xl;x49bmKL?`D41@Ds
z!{DgsZ-8peol)!aB!1mo)zaH1^|8s3zEYMVHnZ%}nAKiw?nZn>TgfQdWU65EH
zdiC)t-aqfJS?Ay9_zFfhS>w(5%;5PtuJtE+{rGzcvJ9(l9u;Doh?tDgNi1qzL^+pzppE>ZJZqI$HrcFy
z^YSOGp)jBVl2%#Kdt(HzGpn7;?C!x_9!demif(#CbW$cR0U^*5*@8D@8%kfe#S5Ag
zz5Vq;UhAe63=3KTGz16^r6r3pWsnPeZ`yVnFk5iL9<~Nt14|of(Tt9bg%$3PMs!D`
zaKo1A1WCrJH
z(0)PJhIwxc17~Q}f&6j^MD1#riIl;=f_`v5Q!W>u{l<0
zdkpF4C3x6nJ{0d121xtMN=|UXp2HYvJb2K7xXHxlDSTC6UYySTJ$nsaAwZf8Cn(0p
z`~=((lwZJtD*&Nd{|YSci7?@PL#jOoAW4g6iP_5uu#kN;aV2a$G(%7mo!bb0qZGVe
zpf#jACs2=qx7Gk|pn$BegRM#o4KH?!BKMdkSO=L3`U8j@78*(=VB5U+vZ{3*66xL)
zsqPXG$ok&`Be%q`u5F-vSgFo_W9mN8RW0Wm>f5!YJfQ(Nr~Tg
z3U2f}o1B#Bs5&rT83*r>w9)qW7usyfOa)glNl8hQ*8}uVcuL}+>;m1JqO2_PI<-wc
zNOslaR6GMgC-LsNU_+mlkY>k&lXadM(Z@#kY6~vY#QN!o91jt1#@%-?64f
z!t0~qmIVAoN`#W)@ex4QUePjhfpu^sa@=w$us;2rFz3;vpg9B9t22WG!T)?^51Fvu
zkoFLsqGh57Hk1C9?tCmMh%m=6RU
zt-&}=Nz{)8Tf=f;btebC%%1)7v^$-o7ho`F*$E;JD3@excu%QH@682a;~(^z>d5s)
zI7&Wrcrb9X0XL|Tqi$MvZJiq`@NGR7C&$YzX?bnzv|(~&NMVK{N+Lh_9|j5qI6|5ToKBMjBGIo$QkChEw8m
z&#<}@mP8Z%zRJe659YVv4@31_wYMnFG~}k4SOl0gsWz_?XsM{2OEmz(%h~U?zxq#6
zI8l1q+Eb+?SnKQtcO9e}E|*3p%=5NKUPOhD%T^Ay_cZ9gS5+=L^StvOlW}+#jEPsj
zw!CRgQjspEM^beWVsKv2Ab~mK5T0!yiVBaXe9Scg6^U
z&DbF)lrf2I4+*9W67IoXD5_oo9>ab>{TLjM(G|As+g
ze=-bUVhu5L9j#N&fLbNz!bJmk?+Gd-UiH;_aXuVjw@R@zMngxh6#bJ+bko3~hP4{^
z;bZ|L`44;)H24eq!q5eJp^274z)ndwsW@du3e1OyYoFPSiKL}r}FV;9X6Q4b3ZaG0LD?w4#cTz
z;9mqVK2Tk-l!K;~Y}yELtS|)n1u!lGpwnwRJz(AhVBV_-u5oC}Sk_~8l}8;z1=dA=
zAZ^AXv)&Pz(TRx++`3o{+Gvxr(`*29OQqxXc-i@~1psnEi*S47yKTE(Dt-y8yPqtb
z9ylbx-5mSDh~KyW^QX9#4t&r5+_qb8Wu$T6&%qE-5BssN)19Q5guch^mq
zbM0W41ieBTl=|E()YKS@RocuZ-FZWJhj%R6D7fZ6&<}#)Fjpfz>iE8Nzi2Ehz^iJcXyG1kW-F^7nRyf^`hoaH33j`
zN@wY!xPXi$D?7ClEvkq5=dpJ!nTy^3a7{QxL11;PQ>-xodE2#w?KYCr`Ce(E5QrC{_;Me8=Mcw
znrUb5Tk^8@!MTzzw@@&Ir
z3wZE=vEmu!k;b0G_tcLF3m1rSP^3v&c@Rlzz2GC)aI6mUV`6Lb$)m{=VysBSG3|i;
zt)jO%B@dwdJA;X}9vyx!pf#e?R8L{n1@p%1K^t25*b-QDx^^VG;#$S?K*ftt&M#*K
zE%E~Og7vxTiAsroW6`i2lrY9?oDVrT!Jd=b;N?PGr&L;^qZ+}&6)fZ@xG?8%Z-0a`
zz~N)_S}v}7>vz|YR$G!Gs!TPwDc6Hf@5Ws#gH1C5prM`N2T*242&vEa2@DhScOQI9
zGascxN`#Oc;VgjjUnjl_GV9DD|EQU~`ZYMj8To?0A_kW7UGjN(BpdGy#8
z1cKOtNRxRyF*qUZQ?)2`X%s@JhldM9#4l94Sx>L@K?UbBLL&a-Hr&m#UparV>ngSJ
z9N{OIU+m%16bqs>)N;$YxmwB#DJuRc)h3rUF+jY8)aG6BDDNE<-_Cte*j57RNvCY?p8)H=!Gm{*i=>PxzK)
z?}FD5yzl2pNub2i+~mqm(F~x7otd}IyI2M#FX$#ktzKah+cw@uEjBC5`n-jm^zM@0
zTLpxF;Ir7Ac0V%+Oad%?+Dcx;(A;Gh7`PnZpvN)k#8Ba
zQnFV-0E$`+#I8(ZW)>FowgpQH;rLY@@Ig%SNeVu9yBk7qp7@lKJo$w1Bn(ZU@F#tJ
z2DS9pIu`?|QS9z75HyZKF17}m6|^VdTx|*#zTtWJhC$Z@wxk3L>GiL61=qQT8U9n$
zyxCSG&b_U)KW5_DvY$TSq?R@S(iQ)UZf$?QGqe1D=8|pM_OL~wh#mr)ZbHQe}t8RO$W(l%G9=-cyrN;=H
zwi!@$wwk=7=r~X?PW`^IfmIiWJKqv*M(!iA6#Jdnc^!^BvKBx?=-+ygsHBFRK36kk
zyNu5wxCd^hoG|JM{pfUcB`Zu74UVAsBVp~lqr88u(JEgCbClVm0-*XTd>^J6S%4=X
zY$JF{DzglX@^KIO+wZ_o3z)_)=b6s~S}sO0Qx1h91uQk^Ujw9E=?8WC#m6@o|5Bx7
z40t87MX?skh)No?`fnIG;tvF}SvAc|#265G>_7`qR^_Tb-Uj7tI#HB%AwSB{cifZ<
z5f3KQ+Q?W2rt6)A9Pvhnc}e@dW4L%y)B{(u6$Ej+W@lS62>swgDu*X2)!>+>0I5pX
zADE3NB9;%22w8fcILioA2(GJIwJ;R*5#hQ8jz{a!43|y#Og^{vTOrULqj#{
zK6uXx-xYadZ!kA7LO>WxU=uuJD>>szFASRr0WEl7#H&eVwF4W%RAV&m1CAoFu{%mW
zv_ZQz*ip@e!iv=^wX;1J_YMuM#%&#IEy7cK~9$g2s5Cef)Iv
zjl-FlYLPz3)!D%zUwq$@>TQ6SPxh;kKBT>!n5`mv^SzN;+q!t_YfU-#tLDo5*8ipi
zInxXvCf*JEZ#rK;LQ-u
z_2)BlfpR&#RY#N>@Ao1!=^DA74+*UxAvcSrRutkD)kA;|W1@mndD
z$#H=Pa0Uzvk?Eys2*X$}9{8Igx;iLLo`E`Pa%gA^>TNJRiu@I&L=j;BT`(ycwDxR~
za(+igHwQe!u7p}^Kt|{c>3(3_5mX4Jtsaa~fQ0BcVs$;-`9g>;ER}MfIR@MYv~TB5
zaZ-ifMaB24tzae?FP)bQ-svFHO-~x^f)iwdE@)7tL7FHNQgES$M;0X`FZ)VqS$s?V
zCUD?mZSlL{TR#|~g3+Mk71d0{hAmkj#~z1&oWjFooZ)LKuenGcTGSJzOc8|Q2jSyu
zq0wlV{x|b5Zsp<=2HxAFUcWQ%bzwNo!kCXX-{sHIMiuq7kMa@FFTQhs`Y*k@5UxZk
z?(8#J@mLs;uHB=<1X-GF__YzVf@5SFXN*cF6JSH^U}9La*P6lhDd
z=HV>!qn3<)&JmIs-?Ch!Ur4;N+w0m2c)dd#tVsX2+;ZKvE$DoD04#BK-fr6J&5}}E
zr2kX?Bk;#Noj-C8`Z7ETax6z^p(w|L?=`X?+gU$7qQ3U*&0U29lBpjq@%>y7R5U(W
zNt&~Ldxt8a-0$H)-GH5d_9gdtQLyIWj<}U1CXcTVHlY^@VyRA)29ym|000RrxT~Pu
zF$>?m?H_#cv>tsP_S29|y#T*4VMpPm*-O4oy!rg)LV-%tB41&{M2)ZWc37r=P-?u@
znDwUm^EAm6FAdB>NbWBc28a6O!R~+FlSn!3-$}-rnbv?i2kFb%WLfpT3-jM+nWHZB
zvbNM4Ske(sE>hY~)%`u8c)za~S#lin`{RlCiA5)d`Cg?p19EkfvU~f|gFjvlqj**N
zXUz`?{FZ|^e&{=QGxFKI+39TGP?TLdvNC~;gb-j?i%+><;k_TTN`c-NM!9ooQp$V$8D9Lxh&&HA1d)sE1j>p%
z|6G-};?wX?Il|^*KOLuEdnR&IAWdw^3o
zoSU}WXPo*IBYMX_?|l61u}k~qz=RpCDylW*VPv~XK7K8?=tX)@)k>ZKwu%=Q$M00X*iX^YGTaKO&HWs%
zSr)AO%g1~==}_4~kEw~Ija=P3n~DsvG-FD~M3uP`(e|NC;cr6oJyOA9Po{(xj;qPP
zn-6|pKle8?jKR;5*6fCi#Puep*wE)KV8y}pz*qsCM)tKRT3e4w&Xo)H)ISHYQ8b>zk{5+@5Pw=HTD}R{2q(=jq7_
zki;ZvU}N|XD&7tYN)>4v-~`fn%=I`Ca}cl
zw9%4Jt`NynaZlqmEADy>D}S}nZO-O98qW-RpVoWZ2&D{cM74+FBPeaRB6gCh6Sf#m
zTdM9g7B|wZ3%JV%eB)_eVS8^ap!eH(NQTX}!sl$sUv0f*=kK$o2lYD4X$uVn)VQ)3
zo-HegV`c;X1h21sG-Pr+UIyx8FbaUQP=`x5SAf$QoxM
z8p#4Me3A_G(hV9WOnXRr66!6zRJj1`J-$x5YkKp_vnzazf~^1?Lz^r_*#)xzxa&zc
z{X%?vTJg}xj$F{nCt{#sW%Z~pN<_rRO#5e@BhjdMvAVr&2Msr%FE3y3L7)EDNm?i~
z8)}<(s0!%M)o-;Y+=*l;nJL1;+(V1~vTIWBOD>m47)4#tmtU1i3
z%H+Hs?>9wUBfX7+Qd#w51=y)}j!iAT-(swiSbJ42D02L9JA~r#-e~ARBq6O|6Upg!
z#wiZLKS8$|-Jj`CSBux*5L%ft@Q~b$=q2()JcTehi}#R*8&}WoaKp^7Xg5*F9Pp=w
zRQ0}mjl9i2hldvR;+SDPU`EOUHSMGXkOmbw?hxId2q?B-drR$6ho*MCZ2^65aw{||
z`Mqt2i=+ZLn_|DpZ}FlyZor7+y0(JI4;y1I6MSbIu3_i7DaC3CgI$G4@-QB9&{ajDi1`Q<7OV*Ba|YJFze0_BCen?%MhT
zY9!y#pZ4o7e-oYF{S}Kif5@_)?9DX#Esi;y+){r|QjM73hJfa`P4S0DZjxhUgX+Ph*ef!zkf`=iLx&R|n`fDKiq5
zEkIuhw0*ojR-BRZhIAL+?%ibPyzr{Y@!us=5hE*#bS<&tp1+>UFA8x5`(K4`$;&r+b
z84_JCU!&0bOZ9qw_D)~?D4wjjqo)N+m1|RY@&DIHdOkkj?shipq8|S)J3H
z%d}4@ISVu6>n|Qs^6*kVe~upYC9u-G<#YbmYkgz+8$uJp44DC8R6wcV(`6zlcqsT6
zng}pyAnqYEy8-!Vr_IQjW2`4AF*lUpfKd#v2lurK7-9F}
zyB%;T8oRHy$|AMI!U9sX-rzlAkA9wdB%x!DQc&ud(I9vU>0hBFAqhR}kWynU?IWSz
zniWjW8|5s6v81k1zs4c}J!PrSbp6vLFIGpjw+DYhEvHg#qJ@{x2TrIgcP^d%#HZ&@P&
z>cGyq*?Xng;#JPH*UDE9maEMwQc5_pbvOR}tjY+6XBxg`D`HgB$EE+=@bN|Q!H&j&
zzZ8{~ON(}6$YRMTA=c(j&3f;_Q>$NsUtSBnKre9isvzTV#>Gd
zcC{-$s6KMOL^PJAbNqTE%Ia}>XEP)gJNYl
zOF0w8w>fBH+NC|~0|r^~m1p^pY?k%ox6qkT;wt+`x@X~U>3!`>U2qTd
z53>gVYJepm37?X3yk@ve%AyPOp_PB|Pim)DLnMVF|q*SKWAt*5IH^U!QF+uC~rHLTvf
z50Y-%?4~b>JkGsuTx}I1ns4Iy!@P4@jB!#nav8P8<`t50uTn4IaB@hPks7%!h-YP<
zauBKUkO{wc=#5N4leC*C@$A~TGtEj
zX66Cm+l}(|m1$p{@yW8S>8&;=0kxIf-lhDb+?4ds1gr9%b8mQA%g##epX1^Mz0zUE
z%ay^kxH3S?Ot|qVOl{VF=E03RS@Ki!)4!vK*YLFh-w_n?qlQnbW-hYROR?gfh1-`H
zYvD)wjvoDCme|0%ZRn1{3GUp>ZKn#3!0n>G&%zFw@qxP{uOf6=(tP7E-wUd=X@U*N
z@ze?3Pe8#mW@7O9@6Bo`GTgIDD)lm+CbM6N`8!~aeiVpLlAd~k{Vgp(8Lvb9>eKr_lXv%GtEsV*{R-n
z$#3i`pPY-w)Kj*w_9XLRZeP74T$?Pxrmfgv=8G|Xr8b{&Wtoo%DCs^NSt$Jba05-h
z=P~;M6%h}VTRpuN$-cmdWAsR_hIe_zhVgWQ_0TW4Hre9s`_Y1ZQl8oy-eTm@!cyOK~c7=
zDhFyGMq_W-pmTX2=jcqYKM)c*Dm$+I{*DW-)%xm8PO(#Ts+BP=&dD6Q{^M`;Ez728
z)@oxNj|4^h-Xu=-<)!s-rzCK*`kxR{K#!E!wuxH0srxfq)6*AGLiFU){ogh@<5^Lc
zebW|t@aiAqc|BhU_Ec!Lx{1Iy5yl=!Y*1pO=vqcC-JSKaObdZH(TOc@0I6+@=v7oAGN1O6ePGOUcEA{XIgK2YW{551uoHBtDjb*
zh?OSSW4d}?p2e{KLGy0Hz
zgFIMbnsD0KcL>ab&!zOz=lFQSRBZn%4>z=H>plzJWZN<6Y#@zvcGsUK^ZcVV4oP9W
znrpA2#k^j8Ezs4s#622ygkqde^?x>9XMR;T_yV)U=X+wH(P
z?3da9{#=nSe#L4|Fi!J^270C?_;OqF=9+TCLh4wUL5j4!_;>@$;)6p=7s8Y&WD<7H;jX{f(vysIN-JY1<$;b)8k7fyFM)g+cLw1YB?nln^YMmQ9dlj3^+$mn(dm!VHx8!UPi}v0ddTr`vhrfa_=;!5m*2Np
zn~|@#PZE?pttyL;BI$PJ@`Bob^k!}B>I-)nC&rpUJzqi2UaU8&q)vVB_VL+a*3m73
z%u&ckHL9@%fASP{io^^RLp0`>zjf^ri$1%FVO{vFPR(i{TOt|Hw%0n4Q>y!?(Jc8@
zd!=8ETi^>4R^>g)xAdoNV>=kp0mHT;9tneCrG;V1ND@zvI7s@*!@X
z5ZS*hm*UGlZ9*@};7V1!_R^`d;XdNL+f3@nIg0S-39p3r54kLcDOg$?W$qSg)kVJA
zTP-}DQXHb((y6tc9$30Ho}eAswWjAAg9!%J+QcD_<#I)
zviX&jNst*YHPGyG2=E99^^T^HKrN~k&8-f18C|y-_%AkM!2vB2l!37A!47t8{q!N$
zu?MZr|LZ3>cz6oH-v`SJye`g3{~mNcMhb@7@!$AF|M{|(Fvno{KKSetpvT|^Dp?;}
zBgJW{sxJNhD$&2#v+m{?`-vL?;G4JrbJ^ZFJ~?JOV!HUK4_ntD%Pb32&bIomt>fAC
zykZWXJ?V1gl1qb+`RC{e*qJ{4Nt`g@!TP+yv4z?HB@j!Rn@=Yim=_1$cAY|0uPf^8FkO~4c;V2Fg|Ylw<><_&_+>q7yZg`{YC-K|LxM-9HZ
zGwr8+i#dIle_zx}Vj=DhD=v0{j13;7lSNz#3U5Kj1{9?-9PCSSGOio+6C}mbSS3o6
zi*)D_WOYU2mwZ>-YmD)8k-4Z7?z{Fy?foo89(x1H34!}(94sI|zh#KqtwGxpfBE%QTdxH`tKb+8O}05X`|}ovw}B7k^_S&mD7X5n
zz8?K*{=q#X>;HU-o`#loKWFahqoeO)-WH(L0J4-zDjg*aJw0foY5%|Wt}~G8|81A8
zBrBPbc|@h7LWu0htfVxAlqe3erIQhb5G9lu+R-5M{3M|=QxY-~A@kUNd9JViFP{JF
z=k4R=apvc9f9}scuIsv6A{$uUxm;Qlo*#1;A?(oRU{hqwDTX(XKF*B*!G`<@D2d1=
z#-3r|T5?d2Can-mX*ox`n@~A7JM?oM>S?G+XwUrGFxETpvYe>b-SY$t-*09uMTd6o
zWQUw^Nn?b>;B-f_{EUJCU)xGAm*4AKbU1ll_7Cs0F52w;szLqrzZqg&W&TU1aXV>U
z1zlEg*IhrPz5lZH0dJw_j^k=nG45|c2~M64^`AuNP(-pF&MQ%^GvK^Rd;758u`)Vd
zbm57oMgYatsApiCv%jyxpTm}%oRcay-Lx{?JgtA8zjH}Rm*%`TQ(A4Y*+bXxvpf2G
z0KDE)B^%YF>D=DYanPRF6rT^+lsLv$#%qtApgL@I(}|imm7e|6;ATeQ?$YXV
zq3{Wq9C@lxr%M~%Kki{`=zsLUmwP5$BO;$>tL`}Ol@om}_qF9ro9jU}_FkSJ8xcbT
z3kj9tbDwzcYXxnCmT=31?O8N8jt$QbI~G@ZMX2x|R!|IqV}c(8N=MMNAJay_hGi(9
z1cVh}IK`c|QpMEdaGMC>tKY6BU$co6j{5d*gX;yG{%!vGBAoN4o~}*Imr;L}m62I%
z7!%#D>=@(ePUN#~9%asLikFDn_Y0d>N@obkv%l41mplDwasBy(R#-sB_X}%h$8lxs
zZSx66g;Lz4q3-q|>5XKOQF-+7p!w|XY)?GDEY4*p;>@q$zVx37!nYc)_4a4mJIB2^
zox1+dE_pSH(px`8x+>!=cTK!x4VIps?bG2Y9zPRe9p2jjh!3EDf>V{jgwBcs`3{6Y
zc98i5I4kUTzIVCRx`q36#YUzuhCA;-1IJ9i?qC4qo}fE4_>!|GyGy3Wswb@HRnN~J
ze&Nx1$;Pp9zkHFp>Kz>>ZM-VxudRv*uo92*q(WtUu-$)?{K_;urj#ruIptGAnJ
z{2nR?GR_lei7x`FgMX^IZXzrA&`Gx1DQK!l`Xrinhha!EVAd|hDD|iH>0i|gPsufA
zBFBQrS`!@K*C%F0xmP(=zdolT)Oq@p4Jx@$%#40jn;qR9A4h4LIObtH{!Q_~;qc(D
zo}PT@7G-8NghONvgcKNY`WC<=PmeiIY3{WePy9&!Ce8azx<^;#CQV!_Sl!X==9@fp
zuulaSc;@D(8=Nus_#sC}EL7j?cwXI7^%
zw1~-`dL&tXr{`db*;h)&&NK#5UpvblB)AAvwMW;TlM32DFY5a#J>gm8wULJkm3z)K
zW!0eH8`-A)2KYXz!TMc7%I94?FGO_gH8i9}DRwpnG5qJ-0nO&JS7#N64Voq)=t9>N
zcB77HwQC}#P>*fjQDrTDbyfeq5Z!xUV@I!lcWTlX&Ux)tn`Z7^`J`3J?6CF>OX7x1
zNzKW36xDXv$&D8;kFuP(v1dy3b&}2P#6%TsfAb=TE9Hb;0J=i&w9R5|DsXD98u-mq
zOvu)UYxRl-O2H<2n24{!&Ro^YRcJqtABRe=VWHPa^t!NR1t$)yElo>^RuA~jb7NX-
zys2eYURlAJQ{hJLb~Sg;o1NWv6*F|AR7HyVbm>2)bR?#?CbVvD%RNPZs$_3)PF;xm
zg-5pf^MD`GBK%CdSUzh8Y#Tutv|GQrLSa6-1SyLOb;_VZ-%0)r&AaBoT1H-Z`e4gY
zx`!f%cp${LBRjX`si9+vf_lMt^dH{VEqTWz>Oy!|MFJ~q3gyGcQC0J&*8{2*{7|3Q
zHPX$Jq`2X>jkhbDW{j!DPI^x)>rL5vLPL*6tCvcgV)YI=>|eb#`)h2l<`Y?tmU;J=
zQ^y;t-2aWM3>#Tv&dBntrf2i@_E<@U=541uYz`c&-
zqdWm1Nm`@PfZtG1wNCbV1T!rZ*xkKk6c
zeKKA3ISn6~x&1n;9@%PfvD2(1NAtGSIU3`|yQS{h7pv|lz3-#tFAQ7hN*^`8$WIbg
zC4cuK%MiV~(@A23645jSMyT^nHjLVmV)79~0nJ19E3PbqpmN*Wx6B3gJ_bu0U2d^a
zgh-0Rgm^r~k5Aw_J9uQ`_ht9<7&ul%3Z9XQGLjHQcXM=T$eHdH(IKdOKBZh!cI_e~
zOfcu&69!2Y6(8`*fH7|`x*%Txgq$TBZjZG;;jV68m`EDt;pR?P7&vBY5qudUkui)4
zepK#t>(&8Ix59mTa?%C}n>Gy-H={Gsv1Ig8T;D|#0tbKmPF~s$>V&yw9|ssCXFiL1
zgP_{F`cRJ7FW~!4U4ih~BtNX;{8>S&`8{JwghTYmP7=xR>zXdRQwG5_8Wkf-BXWU-
zRWE$^z546mbpcV)&B||OrdwOBPt|aMq``91;BG0RBP*CIhQPY=@!l6ua>QV`LjeIL
zjo+lFnL7l}3!YCIKORRvS*)9~L5-cGF!_7njHr4Sfx^3=b9Ww!s$5}1E}zwZ!F~LM
z<~^hvKw9yKxol*KTyS3O*Ibf=?(uB?m>mk|#~=i$QcK`uV3IG&JJ?yKSe$?F&=5Jk~|C-cY1s3Tuts`C96F)y*Yknh*!FWgA
zlT|1Z(-lGMi7>usUsRb*Lo-y5)pCTFSt8#
z^#Vjn2mj&x*Zj9u)2!DW?TOWlWgb0c%}~RS8F_-7LolaiVR>e?HUP!d#MHb#;H;^+
z&(obeeG3m4o~kM~d{lvpUBin<0HPEAAUObu=J@%z)#A{JB};}(G}`LbCnI%H^L~Pb
z8H@aqy+cp9Q%T*?=Qmpr`VVaHZ5Ze}ZvW`1(zvf=G_2+b8ESbbyXyzQ+o22=qr7w`
zCMGR*@s;ZKQs<#weK9N~1kr<}#}CP;Rz+UFuX5lxoV}Px(<%fr9M~GJLu}%_9TlW1D`1)YAYm!v~lEcjw1Vl;qr)=>co8t7^xTk(3pCJo7$
zULCG1)$n^>c~(}ZrAsVY@sFOlxde~PsrmyXMK+2Zz`UW^Pccsl<1hfS9|6Lup{{Fd
z#hF2@um+}HloeNRN*jWViF)9?C*8BqB*1$Q+uo=28EX
z$2#WJ4P`!%m5SG^M|Yu;VvxknD-%B63-Ui;PzQuO)%~azK=VR^!H|!WHKzosew*?b
z{`jE-^vT29XAzjzfqJ3~M>OeDa^nHB|7T&e+!f106MR6iGM5Wa0-bbj4|V0{SXr|T
zrAY+sg+S7IT&2;b9*{ItQv2`vo8D)8E+eIDE52%}36ejCuL^%aq=3$HcTZE7`uI`^
zo8UIPkdMD_vjQhVGXImW*0R;PCT(U7l4|kAp5{~SOzqSZsk?k$OG4Ipiy+0MV0g>iM9j{Xx%_WU}
zws9rcEoA*v)x`jgkZF-GN7
zv%#Xs)2U`ZQ<&eRB1Sb{cvVOWXRUN
z$g^8BLKOGI!~Fcm8aK`uQunZJ4B_gDL4AmJJ8WnU+$%X_H@9bOgnEOlrAE#b8ia+*
zKu+tN^-88Sf&J4>h`4l-BykCx_Sd`Pk-v^gmZ^B>ZccY~mC
zefPX!s-@55M`b0F;*X4Yn$O7V{sRa67znL70KtcDT?JVuf@WP7@cM@$q~0&QQUUVW
zu=2rS30ow~Mz)DBZ;X$P&B9D3oW%Jrn|Qw!tNyl5Bo{|*HmGc(R(@V}=2iY_uqi^g
zv{6!s&|qTmfl~_tP<5&q^k^oQl*XL9ezh$v2le!Hb>V4>kto+@(7>7GJh7qIUSx4vbi{OM}f4)Ys=;PN3dt
z*EyQ#mC&1vB^1RE#mMr7RzK+K>Vl%-E)$cNSj&L9iI+~zEGLh0KQaE}L~LPU0?D;X
z!tn2JUXjcm2|*^CIXcxR1iv}M+~@~#H2^5hYwP51X8RX`
z!$q_W9v5_4+TR13d$#A=)>?Bh(iJeX{v{C4R&#iS&cNu4v1?^`(0m8{_CCMn?2m2s
zv#^j=a?pGa*22YA$+?#?k7~bB%%^^^bS0lQsz0d>pF2Z&*Q%*6Tv^3|0bXFIS2><*
z+oj8Fx&TXfx76R^{XL=P>)Le!F_vgBzu7Wd-hE=zq0Ks3^V7et@m2-#`1WXHr0M=0
zz1q~|(AGo8ef36!&T~Dvhl?2OpPhL*uQ?MR)AGzaBlThkQw~vCv6Gj$bAk^j`dyX_
z=ZGYwvL6$B)>B0|MnqO%Bw;3mMw`Gx=P64+b}T+4&!izlW
z=<>_ozbvm5#m!}_;*;a0U?KAe2|e&$^BvbF!cJoWhTh)=->oc&Ao6(WJW8NY)qE03
zP9+8|LlbA-i~^5mz#fTD@B5hSjlg`4ua?mn;eB|Y2Zl|>Epr);?vB
z)bUHJ=jsn*$`83QNGDiDnxsk6BN
z06_-HOi)=*QX;8>*QU%b_xF`Fhawo@b^-!5_;i#zZUbpE@sz3x-M?Q)*dOgP)W07-
ze3&$8628vd)clAF`6_V~rPSvN
z%LHfTbq)nA5cUJEaUzT(yK7f0KRq-rjd)k+
zZ0LVx<5Vr(2YEMEiWo(iVn#Vl38LJhJf*y&d{-4;UX;q3
zYCmdvKQ#H^GcXrd1b5$+D_4?}ZNR+}jvM9}5g(Bpkr|O2Q5e}el0RO>yZq^=|H)%w
zS$4Y{rEEaoU0!^)Ji-5jnju`td;b4H?f+kpWy}6Q8^d@|Qqr#NCVhMTR^V^1o~iB=
IZQINL14!s7LI3~&

diff --git a/main/index.html b/main/index.html
index 1d3c665a0..e7bb774f2 100644
--- a/main/index.html
+++ b/main/index.html
@@ -10,7 +10,7 @@
       
       
       
-        
+        
       
       
       
@@ -233,7 +233,7 @@
     
     
       
  • 
-        
+        
           
   
     
@@ -494,6 +494,8 @@
         
       
         
+      
+        
       
         
       
@@ -536,11 +538,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Setup and Building
+    bpfman Overview
   
   
 
@@ -556,11 +558,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From Release Image
+    Launching bpfman
   
   
 
@@ -576,11 +578,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Run bpfman From RPM
+    Deploying Example eBPF Programs On Local Host
   
   
 
@@ -596,11 +598,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Bpfman on Linux Tutorial
+    Deploying Example eBPF Programs On Kubernetes
   
   
 
@@ -616,11 +618,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    CLI Guide
+    Setup and Building
   
   
 
@@ -636,11 +638,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Example eBPF Programs
+    Run bpfman From Release Image
   
   
 
@@ -656,11 +658,11 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Local Host
+    Run bpfman From RPM
   
   
 
@@ -676,11 +678,31 @@
   
   
     
  • 
-      
+      
         
   
   
-    Deploying Example eBPF Programs On Kubernetes
+    CLI Guide
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    Example eBPF Programs
   
   
 
@@ -750,6 +772,8 @@
         
       
         
+      
+        
       
         
       
@@ -1066,6 +1090,26 @@
 
               
             
+              
+                
+  
+  
+  
+    
  • 
+      
+        
+  
+  
+    XDP Tutorial
+  
+  
+
+      
+    
    • 
+  
+
+              
+            
           
         
       
@@ -1750,10 +1794,14 @@ 
    What is bpfman?
    
 
 
    For more details, please see the following:
    
 
      
+
    • bpfman Overview for an overview of bpfman.
      • 
+
    • Deploying Example eBPF Programs On Local Host
+  for some examples of running bpfman on local host and using the CLI to install
+  eBPF programs on the host.
      • 
+
    • Deploying Example eBPF Programs On Kubernetes
+  for some examples of deploying eBPF programs through bpfman in a Kubernetes deployment.
      • 
 
    • Setup and Building bpfman for instructions
   on setting up your development environment and building bpfman.
      • 
-
    • Tutorial for some examples of starting
-  bpfman, managing logs, and using the CLI.
      • 
 
    • Example eBPF Programs for some examples of
   eBPF programs written in Go, interacting with bpfman.
      • 
 
    • Deploying the bpfman-operator for
diff --git a/main/search/search_index.json b/main/search/search_index.json
index 3fe06008b..8276cda3c 100644
--- a/main/search/search_index.json
+++ b/main/search/search_index.json
@@ -1 +1 @@
-{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":"
      Formerly know as bpfd
      "},{"location":"#bpfman-an-ebpf-manager","title":"bpfman: An eBPF Manager","text":"
      bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. Its notable features encompass:
       
         
      • System Overview: Provides insights into how eBPF is utilized in your system.
        •  
      • eBPF Program Loader: Includes a built-in program loader that supports program cooperation for XDP and TC programs, as well as deployment of eBPF programs from OCI images.
        •  
      • eBPF Filesystem Management: Manages the eBPF filesystem, facilitating the deployment of eBPF applications without requiring additional privileges.
        •  
       
      Our program loader and eBPF filesystem manager ensure the secure deployment of eBPF applications. Furthermore, bpfman includes a Kubernetes operator, extending these capabilities to Kubernetes. This allows users to confidently deploy eBPF through custom resource definitions across nodes in a cluster.
      "},{"location":"#why-ebpf","title":"Why eBPF?","text":"
      eBPF is a powerful general-purpose framework that allows running sandboxed programs in the kernel. It can be used for many purposes, including networking, monitoring, tracing and security.
      "},{"location":"#why-ebpf-in-kubernetes","title":"Why eBPF in Kubernetes?","text":"
      Demand is increasing from both Kubernetes developers and users. Examples of eBPF in Kubernetes include:
       
         
      • Cilium and Calico   CNIs
        •  
      • Pixie: Open source observability
        •  
      • KubeArmor: Container-aware runtime security   enforcement system
        •  
      • Blixt: Gateway API L4 conformance   implementation
        •  
      • NetObserv: Open source operator for network   observability
        •  
      "},{"location":"#challenges-for-ebpf-in-kubernetes","title":"Challenges for eBPF in Kubernetes","text":"
         
      • Requires privileged pods.
        •  
      • eBPF-enabled apps require at least CAP_BPF permissions and potentially     more depending on the type of program that is being attached.
        •  
      • Since the Linux capabilities are very broad it is challenging to constrain     a pod to the minimum set of privileges required. This can allow them to do     damage (either unintentionally or intentionally).
        •  
      • Handling multiple eBPF programs on the same eBPF hooks.
        •  
      • Not all eBPF hooks are designed to support multiple programs.
        •  
      • Some software using eBPF assumes exclusive use of an eBPF hook and can     unintentionally eject existing programs when being attached. This can     result in silent failures and non-deterministic failures.
        •  
      • Debugging problems with deployments is hard.
        •  
      • The cluster administrator may not be aware that eBPF programs are being     used in a cluster.
        •  
      • It is possible for some eBPF programs to interfere with others in     unpredictable ways.
        •  
      • SSH access or a privileged pod is necessary to determine the state of eBPF     programs on each node in the cluster.
        •  
      • Lifecycle management of eBPF programs.
        •  
      • While there are libraries for the basic loading and unloading of eBPF     programs, a lot of code is often needed around them for lifecycle     management.
        •  
      • Deployment on Kubernetes is not simple.
        •  
      • It is an involved process that requires first writing a daemon that loads     your eBPF bytecode and deploying it using a DaemonSet.
        •  
      • This requires careful design and intricate knowledge of the eBPF program     lifecycle to ensure your program stays loaded and that you can easily     tolerate pod restarts and upgrades.
        •  
      • In eBPF enabled K8s deployments today, the eBPF Program is often embedded     into the userspace binary that loads and interacts with it. This means     there's no easy way to have fine-grained versioning control of the     bpfProgram in relation to it's accompanying userspace counterpart.
        •  
      "},{"location":"#what-is-bpfman","title":"What is bpfman?","text":"
      bpfman is a software stack that aims to make it easy to load, unload, modify and monitor eBPF programs whether on a single host, or in a Kubernetes cluster. bpfman includes the following core components:
       
         
      • bpfman: A system daemon that supports loading, unloading, modifying and   monitoring of eBPF programs exposed over a gRPC API.
        •  
      • eBPF CRDS: bpfman provides a set of CRDs (XdpProgram, TcProgram, etc.) that   provide a way to express intent to load eBPF programs as well as a bpfman   generated CRD (BpfProgram) used to represent the runtime state of loaded   programs.
        •  
      • bpfman-agent: The agent runs in a container in the bpfman daemonset and ensures   that the requested eBPF programs for a given node are in the desired state.
        •  
      • bpfman-operator: An operator, built using Operator   SDK, that manages the installation and   lifecycle of bpfman-agent and the CRDs in a Kubernetes cluster.
        •  
       
      bpfman is developed in Rust and built on top of Aya, a Rust eBPF library.
       
      The benefits of this solution include the following:
       
         
      • Security
        •  
      • Improved security because only the bpfman daemon, which can be tightly     controlled, has the privileges needed to load eBPF programs, while access     to the API can be controlled via standard RBAC methods. Within bpfman, only     a single thread keeps these capabilities while the other threads (serving     RPCs) do not.
        •  
      • Gives the administrators control over who can load programs.
        •  
      • Allows administrators to define rules for the ordering of networking eBPF     programs. (ROADMAP)
        •  
      • Visibility/Debuggability
        •  
      • Improved visibility into what eBPF programs are running on a system, which     enhances the debuggability for developers, administrators, and customer     support.
        •  
      • The greatest benefit is achieved when all apps use bpfman, but even if they     don't, bpfman can provide visibility into all the eBPF programs loaded on     the nodes in a cluster.
        •  
      • Multi-program Support
        •  
      • Support for the coexistence of multiple eBPF programs from multiple users.
        •  
      • Uses the libxdp multiprog     protocol     to allow multiple XDP programs on single interface
        •  
      • This same protocol is also supported for TC programs to provide a common     multi-program user experience across both TC and XDP.
        •  
      • Productivity
        •  
      • Simplifies the deployment and lifecycle management of eBPF programs in a     Kubernetes cluster.
        •  
      • developers can stop worrying about program lifecycle (loading, attaching,     pin management, etc.) and use existing eBPF libraries to interact with     their program maps using well defined pin points which are managed by     bpfman.
        •  
      • Developers can still use Cilium/libbpf/Aya/etc libraries for eBPF     development, and load/unload with bpfman.
        •  
      • Provides eBPF Bytecode Image Specifications that allows fine-grained     separate versioning control for userspace and kernelspace programs. This     also allows for signing these container images to verify bytecode     ownership.
        •  
       
      For more details, please see the following:
       
         
      • Setup and Building bpfman for instructions   on setting up your development environment and building bpfman.
        •  
      • Tutorial for some examples of starting   bpfman, managing logs, and using the CLI.
        •  
      • Example eBPF Programs for some examples of   eBPF programs written in Go, interacting with bpfman.
        •  
      • Deploying the bpfman-operator for   details on launching bpfman in a Kubernetes cluster.
        •  
      • Meet the Community for details on community   meeting details.
        •  
      "},{"location":"blog/","title":"Bpfman Blog","text":""},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/","title":"A New Logo: Using Generative AI, of course","text":"
      Since we renamed the project to bpfman we are in need of a new logo. Given that the tech buzz around Generative AI is infectious, we decided to explore using generative AI to create our new logo. What we found was that it was a great way to generate ideas, but a human (me) was still needed to create the final design.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-brief","title":"The Brief","text":"
      I have a love of open source projects with animal mascots, so bpfman should be no different. The \"bee\" is used a lot for eBPF related projects. One such example is Crabby, the crab/bee hybrid, that I created for the Aya project.
       
      The logo should be cute and playful, but not too childish. As a nod to Podman, we'd like to use the same typeface and split color-scheme as they do, replacing purple with yellow.
       
      One bee is not enough! Since we're an eBPF manager, we need a more bees!
       
      via GIPHY
       
      And since those bees are bee-ing (sorry) managed, they should be organized. Maybe in a pyramid shape?
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-process","title":"The Process","text":"
      We used Bing Image Creator, which is backed by DALL-E 3.
       
      Initially we tried to use the following prompt:
       
      Logo for open source software project called \"bpfman\". \"bpf\" should be yellow and \"man\" should be black or grey. an illustration of some organized bees above the text. cute. playful
       
      Our AI overlords came up with:
       
       
      Not bad, but not quite what we were looking for. It's clear that as smart as AI is, it struggles with text, so whatever we need will need some manual post-processing. There are bees, if you squint a bit, but they're not very organized. Let's refine our prompt a bit:
       
      Logo for open source software project called \"bpfman\" as one word. The \"bpf\" should be yellow and \"man\" should be black or grey. an illustration of some organized bees above the text. cute. playful.
       
       
      That... is worse.
       
      Let's try again:
       
      Logo for a project called \"bpfman\". In the text \"bpfman\", \"bpf\" should be yellow and \"man\" should be black or grey. add an illustration of some organized bees above the text. cute and playful style.
       
       
      The bottom left one is pretty good! So I shared it with the rest of the maintainers to see what they thought.
       
      At this point the feedback that I got was the bees were too cute! We're a manager, and managers are serious business, so we need serious bees.
       
      Prompting the AI for the whole logo was far too ambitious, so I decided I would just use the AI to generate the bees and then I would add the text myself.
       
      I tried a few different prompts, but the one that worked best was:
       
      3 bees guarding a hive. stern expressions. simple vector style.
       
       
      The bottom right was exactly what I had in mind! With a little bit of post-processing, I ended up with this:
       
       
      Now it was time to solicit some feedback.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#gathering-feedback","title":"Gathering Feedback","text":"
      After showing the logo to a few others, we decided that the bees were infact too stern. At this point we had a few options, like reverting back to our cute bees, however, this section in the [Bing Image Creator Terms of Service] was pointed out to me:
       
      Use of Creations. Subject to your compliance with this Agreement, the Microsoft Services Agreement, and our Content Policy, you may use Creations outside of the Online Services for any legal personal, non-commercial purpose.
       
      This means that we can't use the AI generated images for our logo.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#was-it-all-for-nothing","title":"Was it all for nothing?","text":"
      Was it all for nothing? No! We learnt a lot from this process.
       
      Generative AI is great for generating ideas. Some of the logo compositions produced were great!
       
      It was also very useful to adjust the prompt based on feedback from team members so we could incorporate their ideas into the design.
       
      We also learnt that the AI is not great at text, so we should avoid using it for that.
       
      And finally, we learnt that we can't use the AI generated images for our logo. Well, not with the generator we used anyway.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-semi-final-design-process","title":"The (Semi) Final Design Process","text":"
      I started from scratch, taking inspiration from the AI generated images. The bees were drawn first and composed around a hive - as our AI overlords suggested. I then added the text, and colours, but it still felt like it was missing something.
       
      What if we added a force field around the hive? That might be cool! And so, I added a force field around the hive and played around with the colours until I was happy.
       
      Here's what we ended up with:
       
       
      We consulted a few more people and got some feedback. The general consensus was that the logo was too busy... However, the reception to the force field was that the favicon I'd mocked would work better as the logo.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-final-design","title":"The Final Design","text":"
      Here's the final design:
       
       
      Pretty cool, right? Even if I do say so myself.
       
      Our mascot is a queen bee, because she's the manager of the hive.
       
      The force field, is now no longer a force field - It's a pheramone cloud that represents the Queen Mandibular Pheromone (QMP) that the queen bee produces to keep the hive organized.
      "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#conclusion","title":"Conclusion","text":"
      I'm really happy with the result! I'm not a designer, so I'm sure there are things that could be improved, but I think it's a good start.
       
      What do you think? Join us on Slack and let us know!
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/","title":"bpfman's Integration with the AF_XDP Device Plugin and CNI for Kubernetes","text":"
      AF_XDP is an address/socket family that is optimized for high performance packet processing. It takes advantage of XDP (an in Kernel fastpath), which essentially runs an eBPF program as early as possible on a network driver's receive path, and redirects the packet to an AF_XDP socket.
       
       
      AF_XDP sockets (XSKs) are created in Userspace and have a 1:1 mapping with netdev queues. An XSKMAP is an eBPF map of AF_XDP sockets for a particular netdev. It's a simple key:value map where the key is the netdev's queue-id and the value is the AF_XDP socket that's attached to that queue. The eBPF program (at the XDP hook) will leverage the XSKMAP and the XDP_REDIRECT action to redirect packets to an AF_XDP socket. In the image below the XDP program is redirecting an incoming packet to the XSK attached to Queue 2.
       
      NOTE: If no XSK is attached to a queue, the XDP program will simply pass the packet to the Kernel Network Stack.
       
      +---------------------------------------------------+\n|     XSK A      |     XSK B       |      XSK C     |<---+  Userspace\n=========================================================|==========\n|    Queue 0     |     Queue 1     |     Queue 2    |    |  Kernel space\n+---------------------------------------------------+    |\n|                  Netdev eth0                      |    |\n+---------------------------------------------------+    |\n|                            +=============+        |    |\n|                            | key |  xsk  |        |    |\n|  +---------+               +=============+        |    |\n|  |         |               |  0  | xsk A |        |    |\n|  |         |               +-------------+        |    |\n|  |         |               |  1  | xsk B |        |    |\n|  | BPF     |               +-------------+        |    |\n|  | prog    |-- redirect -->|  2  | xsk C |-------------+\n|  | (XDP    |               +-------------+        |\n|  |  HOOK)  |                   xskmap             |\n|  |         |                                      |\n|  +---------+                                      |\n|                                                   |\n+---------------------------------------------------+\n
       
      The AF_XDP Device Plugin and CNI project provides the Kubernetes components to provision, advertise and manage AF_XDP networking devices for Kubernetes pods. These networking devices are typically used as a Secondary networking interface for a pod. A key goal of this project is to enable pods to run without any special privileges, without it pods that wish to use AF_XDP will need to run with elevated privileges in order to manage the eBPF program on the interface. The infrastructure will have little to no control over what these pods can load. Therefore it's ideal to leverage a central/infrastructure centric eBPF program management approach.  This blog will discuss the eBPF program management journey for the AF_XDP Device Plugin and CNI.
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#what-does-the-af_xdp-device-plugin-and-cni-do","title":"What does the AF_XDP Device Plugin and CNI do?","text":"
      For pods to create and use AF_XDP sockets on their interfaces, they can either:
       
         
      1. Create the AF_XDP socket on an interface already plumbed to the Pod (via SR-IOV    Device Plugin and the Host CNI) --> But this requires CAP_BPF or CAP_SYS_ADMIN    privileges in order to load the BPF program on the netdev.
        2.  
       
      OR
       
         
      1.  
        Use the AF_XDP Device Plugin (DP) and CNI in order to support a Pod without the    aforementioned root like privileges.
         
        NOTE: Prior to kernel 5.19, all BPF sys calls required CAP_BPF, which are used to access maps shared between the BPF program and the userspace program. In kernel 5.19, a change went in that only requires CAP_BPF for map creation (BPF_MAP_CREATE) and loading programs (BPF_PROG_LOAD).
         
        In this scenario, the AF_XDP DP, will advertise resource pools (of netdevs) to Kubelet. When a Pod requests a resource from these pools, Kubelet will Allocate() one of these devices through the AF_XDP DP. The AF_XDP DP will load the eBPF program (to redirect packets to an AF_XDP socket) on the allocated device.
         
        The default behaviour of the AF_XDP DP (unless otherwise configured) is to take note of the XSKMAP File Descriptor (FD) for that netdev. It will also mount a Unix Domain Socket (UDS), as a hostpath mount, in the Pod. This UDS will be used by the AF_XDP application to perform a handshake with the AF_XDP DP to retrieve the XSKMAP FD. The application needs the XSKMAP FD to \"attach\" AF_XDP sockets it creates to the netdev queues.
         
        NOTE: Newer versions of the AF_XDP DP support eBPF map pinning which eliminate the need to perform this (non trivial) handshake with AF_XDP pods. It now mounts the pinned XSKMAP into the Pod using a hostpath mount. The downside of this approach is that the AF_XDP DP now needs to manage several eBPF File Systems (BPFFS), one per pod.
         
        The AF_XDP CNI (like any CNI) has the task of moving the netdev (with the loaded eBPF program) into the Pod namespace. It also does a few other important things:
         
           
        • It does not rename the netdev (to allow the DP to avoid IF_INDEX clashes as it manages      the AF_XDP resource pools).
          •  
        • The CNI is also capable of configuring hardware filters on the NIC.
          •  
        • Finally, the CNI also unloads the eBPF program from the netdev and clear any hardware     filters when the Pod is terminated.
          •  
         
        NOTE 1: The AF_XDP CNI manages the unloading of the eBPF program due to the AF_XDP DP not being aware of when a pod terminates (it's only invoked by Kubelet during pod creation).
         
        NOTE 2: Prior to bpfman integration, the CNI was extended to signal the AF_XDP DP on pod termination (via gRPC) in an effort to support eBPF map pinning directly in the AF_XDP DP. The AF_XDP DP was managing BPFFS(es) for map pinning and needed to be signalled to clean them up.
         
        2.  
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#bpfman-integration","title":"bpfman Integration","text":"
      Prior to bpfman integration the AF_XDP Device Plugin and CNI managed the eBPF program for redirecting incoming packets to AF_XDP sockets, its associated map (XSKMAP), and/or several BPFFS.
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#integration-benefits","title":"Integration benefits","text":"
      So what are the benefits of bpfman integration for the AF_XDP DP and CNI?
       
         
      •  
        Removes code for loading and managing eBPF from the AF_XDP DP and CNI codebase.
         
        •  
      •  
        This presented a difficulty particularly when trying to find/update appropriate     base container images to use for the AF_XDP device plugin. Different images     supported different versions of eBPF management libraries (i.e libbpf or libxdp) which     forced multiple changes around the loading and attaching of the base eBPF program.
         
        •  
      •  
        Additionally the CNI runs as a binary on the Kubernetes node so we would need to     statically compile libbpf/libxdp as part of the CNI.
         
        •  
      •  
        More diverse XDP program support through bpfman's eBPF Bytecode Image Specification. Not   only do the AF_XDP eBPF programs no longer need to be stored in the Device Plugin   itself, but it's now configurable on a per pool basis.
         
        •  
      •  
        No longer required to leverage Hostpath volume mounts to mount the AF_XDP maps inside   a Pod. But rather take advantage of the bpfman CSI support to ensure that maps are   pinned in the context of the Pod itself and not in a BPFFS on the host (then shared   to the Pod).
         
        •  
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-device-plugin-ebpf-programmap-management","title":"AF_XDP Device Plugin eBPF program/map management","text":"
      The role of the AF_XDP DP in eBPF program/map management prior to bpfman integration:
       
         
      •  
        Loads the default AF_XDP BPF prog onto the netdev at Pod creation and manages info regarding the XSKMAP for that netdev.
         
        •  
      •  
        Mounts a UDS as a hostpath volume in the Pod OR creates a BPFFS per netdev and pins the   XSKMAP to it, then mounts this BPFFS as a hostpath volume in the Pod.
         
        •  
      •  
        Shares the XSKMAP file descriptor via UDS (involves a handshake with the Pod).
         
        •  
       
      The role of the AF_XDP DP in eBPF program/map management after bpfman integration:
       
         
      •  
        Uses bpfman's client APIs to load the BPF prog.
         
        •  
      •  
        Shares the XSKMAP (that bpfman pinned ) with the Pod as a hostpath volume.
         
        •  
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-cni-ebpf-programmap-management","title":"AF_XDP CNI eBPF program/map management","text":"
      The role of the AF_XDP CNI in eBPF program/map management prior to bpfman integration:
       
         
      • Unloads the eBPF program when a device is returned to the Host network namespace.
        •  
       
      The role of the AF_XDP CNI in eBPF program/map management after bpfman integration:
       
         
      • Uses gRPC to signal to the Device Plugin to request bpfman to unload the eBPF program   using the client APIs.
        •  
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#is-there-a-working-example","title":"Is there a working example?","text":"
      The bpfman integration with the AF_XDP Device Plugin and CNI was demo'ed as part of a series of demos that show the migration of a DPDK application to AF_XDP (without) any application modification. The demo can be watched below:
       
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cnis-integration-with-bpfman-in-images","title":"AF_XDP DP and CNI's integration with bpfman in images","text":"
      The following sections will present the evolution of the AF_XDP DP and CNI from independent eBPF program management to leveraging bpfman to manage eBPF programs on their behalf.
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-managing-ebpf-programs-independently","title":"AF_XDP DP and CNI managing eBPF programs independently","text":"
      The following diagram details how the AF_XDP DP and CNI worked prior to bpfman integration.
       
       
         
      1.  
        Setup Subfunctions on the network devices (if the are supported/being used).
         
        2.  
      2.  
        Create an AF_XDP DP and CNI configuration file to setup the device resource pools and    deploy the DP and CNI.
         
        3.  
      3.  
        When the AF_XDP DP runs it will discover the netdevs on the host and create the resource pools.
         
        4.  
      4.  
        The AF_XDP DP registers the resource pools with Kubelet.
         
        5.  
      5.  
        When a pod (that requests an AF_XDP resource) is started, Kubelet will send an Allocate()    request to the AF_XDP DP. The AF_XDP DP loads the eBPF program on the interface and mounts the    UDS in the pod and sets some environment variables in the pod using the Downward API.
         
        6.  
       
      NOTE: In the case where eBPF map pinning is used rather than the UDS, the AF_XDP    DP will create a BPFFS where it pins the XSKMAP and mounts the BPFFS as a hostpath volume    in the pod.
       
         
      1.  
        The AF_XDP DP signals success to the Kubelet so that the device is added to the pod.
         
        2.  
      2.  
        Kubelet triggers multus, which in turn triggers the AF_XDP CNI. The CNI does the relevant network    configuration and moves the netdev into the pod network namespace.
         
        3.  
      3.  
        The application in the pod start and initiates a handshake with the AF_XDP DP over the mounted UDS    to retrieve the XSKMAP FD.
         
        4.  
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-integrated-with-bpfman-no-csi","title":"AF_XDP DP and CNI integrated with bpfman (no csi)","text":"
      The following diagram details how the AF_XDP DP and CNI worked after bpfman integration.
       
       
      The main difference here is that when the Allocate() request comes in from Kubelet, the AF_XDP DP uses the bpfman client API to load the eBPF program on the relevant netdev. It takes note of where bpfman pins the XSKMAP and mounts this directory as a hostpath volume in the pod.
      "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-integrated-with-bpfman-with-csi","title":"AF_XDP DP and CNI integrated with bpfman (with csi)","text":"
      The following diagram details how the AF_XDP DP and CNI will work with bpfman leveraging the new CSI implementation.
       
       
      The pod will include a volume definition as follows:
       
         volumes:\n   - name: bpf-maps\n     csi:\n       driver: csi.bpfman.dev\n       volumeAttributes:\n         csi.bpfman.dev/thru-annotations: true\n
       
      The idea here is when the Allocate() request comes in from Kubelet, the AF_XDP DP uses the bpfman client API to load the eBPF program on the relevant netdev. The AF_XDP DP will annotate the pod with the XdpProgram name, map and mountpath. When the bpfman CSI plugin is triggered by Kubelet, it will retrieve the information it needs from the pod annotations in order to pin the map inside the Pod.
      "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/","title":"bpfd becomes bpfman","text":"
      Bpfd is now bpfman! We've renamed the project to better reflect the direction we're taking. We're still the same project, just with a new name.
      "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#why-the-name-change","title":"Why the name change?","text":"
      We've been using the name bpfd for a while now, but we were not the first to use it. There were projects before us that used the name bpfd, but since most were inactive, originally we didn't see this as an issue.
       
      More recently though the folks at Meta have started using the name systemd-bpfd for their proposed addition to systemd.
       
      In addition, we've been thinking about the future of the project, and particularly about security and whether it's wise to keep something with CAP_BPF capabilities running as a daemon - even if we've been very careful. This is similar to the issues faced by docker which eventually lead to the creation of podman.
       
      This issue led us down the path of redesigning the project to be daemonless. We'll be implementing these changes in the coming months and plan to perform our first release as bpfman in Q1 of 2024.
       
      The 'd' in bpfd stood for daemon, so with our new design and the confusion surrounding the name bpfd we though it was time for a change.
       
      Since we're a BPF manager, we're now bpfman! It's also a nice homage to podman, which we're big fans of.
      "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#what-does-this-mean-for-me","title":"What does this mean for me?","text":"
      If you're a developer of bpfman you will need to update your Git remotes to point at our new organization and repository name. Github will redirect these for a while, but we recommend updating your remotes as soon as possible.
       
      If you're a user of bpfd or the bpfd-operator then version 0.3.1 will be the last release under the bpfd name. We will continue to support you as best we can, but we recommend upgrading to bpfman as soon as our first release is available.
      "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#whats-next","title":"What's next?","text":"
      We've hinted at some of the changes we're planning, and of course, our roadmap is always available in Github. It's worth mentioning that we're also planning to expand our release packages to include RPMs and DEBs, making it even easier to install bpfman on your favorite Linux distribution.
      "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#thanks","title":"Thanks!","text":"
      We'd like to thank everyone who has contributed to bpfd over the years. We're excited about the future of bpfman and we hope you are too! Please bear with us as we make this transition, and if you have any questions or concerns, please reach out to us on Slack. We're in the '#bpfd' channel, but we'll be changing that to '#bpfman' soon.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/","title":"Technical Challenges for Attaching eBPF Programs in Containers","text":"
      We recently added support for attaching uprobes inside containers. The purpose of this blog is to give a brief overview of the feature, to document the technical challenges encountered, and describe our solutions for those challenges. In particular, how to attach an eBPF program inside of a container, and how to find the host Process ID (PID) on the node for the container?
       
      The solutions seem relatively straightforward now that they are done, but we found limited information elsewhere, so we thought it would be helpful to document them here.
       
      The uprobe implementation will be used as the example in this blog, but the concepts can (and will eventually) be applied to other program types.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#introduction","title":"Introduction","text":"
      A \"uprobe\" (user probe) is a type of eBPF program that can be attached to a specific location in a user-space application. This allows developers and system administrators to dynamically instrument a user-space binary to inspect its behavior, measure performance, or debug issues without modifying the application's source code or binary. When the program execution reaches the location to which the uprobe is attached, the eBPF program associated with the uprobe is executed.
       
      bpfman support for uprobes has existed for some time.  We recently extended this support to allow users to attach uprobes inside of containers both in the general case of a container running on a Linux server and also for containers running in a Kubernetes cluster.
       
      The following is a bpfman command line example for loading a uprobe inside a container:
       
      bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe --fn-name \"malloc\" --target \"libc\" --container-pid 102745\n
       
      The above command instructs bpfman to attach a uprobe to the malloc function in the libc library for the container with PID 102745. The main addition here is the ability to specify a container-pid, which is the PID of the container as it is known to the host server.
       
      The term \"target\" as used in the above bpfman command (and the CRD below) describes the library or executable that we want to attach the uprobe to.  The fn-name (the name of the function within that target) and/or an explicit \"offset\" can be used to identify a specific offset from the beginning of the target.  We also use the term \"target\" more generally to describe the intended location of the uprobe.
       
      For Kubernetes, the CRD has been extended to include a \"container selector\" to describe one or more containers as shown in the following example.
       
      apiVersion: bpfman.io/v1alpha1\nkind: UprobeProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: uprobeprogram\n  name: uprobe-example-containers\nspec:\n  # Select all nodes\n  nodeselector: {}\n  bpffunctionname: my_uprobe\n  func_name: malloc\n  # offset: 0 # optional offset w/in function\n  target: libc\n  retprobe: false\n  # pid: 0 # optional pid to execute uprobe for\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/uprobe:latest\n  containers:      <=== New section for specifying containers to attach uprobe to\n    namespace: bpfman\n    pods:\n      matchLabels:\n        name: bpfman-daemon\n    containernames:\n      - bpfman\n      - bpfman-agent\n
       
      In the Kubernetes case, the container selector (containers) is used to identify one or more containers in which to attach the uprobe. If containers identifies any containers on a given node, the bpfman agent on that node will determine their host PIDs and make the calls to bpfman to attach the uprobes.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#attaching-uprobes-in-containers","title":"Attaching uprobes in containers","text":"
      A Linux \"mount namespace\" is a feature that isolates the mount points seen by a group of processes. This means that processes in different mount namespaces can have different views of the filesystem.  A container typically has its own mount namespace that is isolated both from those of other containers and its parent. Because of this, files that are visible in one container are likely not visible to other containers or even to the parent host (at least not directly). To attach a uprobe to a file in a container, we need to have access to that container's mount namespace so we can see the file to which the uprobe needs to be attached.
       
      From a high level, attaching a uprobe to an executable or library in a container is relatively straight forward. bpfman needs to change to the mount namespace of the container, attach the uprobe to the target in that container, and then return to our own mount namespace so that we can save the needed state and continue processing other requests.
       
      The main challenges are:
       
         
      1. Changing to the mount namespace of the target container.
        2.  
      2. Returning to the bpfman mount namespace.
        3.  
      3. setns (at least for the mount namespace) can't be called from a    multi-threaded application, and bpfman is currently multithreaded.
        4.  
      4. How to find the right PID for the target container.
        5.  
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#the-mount-namespace","title":"The Mount Namespace","text":"
      To enter the container namespace, bpfman uses the sched::setns function from the Rust nix crate. The setns function requires the file descriptor for the mount namespace of the target container.
       
      For a given container PID, the namespace file needed by the setns function can be found in the /proc/<PID>/ns/ directory. An example listing for the PID 102745 directory is shown below:
       
      sudo ls -l /proc/102745/ns/\ntotal 0\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 cgroup -> 'cgroup:[4026531835]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 ipc -> 'ipc:[4026532858]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 mnt -> 'mnt:[4026532856]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:07 net -> 'net:[4026532860]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 pid -> 'pid:[4026532859]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 pid_for_children -> 'pid:[4026532859]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 time -> 'time:[4026531834]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 time_for_children -> 'time:[4026531834]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 user -> 'user:[4026531837]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 uts -> 'uts:[4026532857]'\n
       
      In this case, the mount namespace file is /proc/102745/ns/mnt. 
       
      NOTE: How to find the PID and the relationship between parent and child PIDs is described in the \"Finding The PID\" section below.
       
      When running directly on a Linux server, bpfman has access to the host /proc directory and can access the mount namespace file for any PID.  However, on Kubernetes, bpfman runs in a container, so it doesn't have access to the namespace files of other containers or the /proc directory of the host by default. Therefore, in the Kubernetes implementation, /proc is mounted in the bpfman container so it has access to the ns directories of other containers. 
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#returning-to-the-bpfman-mount-namespace","title":"Returning to the bpfman Mount Namespace","text":"
      After bpfman does a setns to the target container mount namespace, it has access to the target binary in that container.  However, it only has access to that container's view of the filesystem, and in most cases, this does not include access to bpfman's filesystem or the host filesystem.  As a result, bpfman loses the ability to access its own mount namespace file.
       
      However, before calling setns, bpfman has access to it's own mount namespace file.  Therefore, to avoid getting stranded in a different mount namespace, bpfman also opens its own mount namespace file prior to calling setns so it already has the file descriptor that will allow it to call setns to return to its own mount namespace.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#running-setns-from-a-multi-threaded-process","title":"Running setns From a Multi-threaded Process","text":"
      Calling setns to a mount namespace doesn't work from a multi-threaded process.
       
      To work around this issue, the logic was moved to a standalone single-threaded executable called bpfman-ns that does the job of entering the namespace, attaching the uprobe, and then returning to the bpfman namespace to save the needed info.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#finding-the-pid","title":"Finding the PID","text":""},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#finding-a-host-container-pid-on-a-linux-server","title":"Finding a Host Container PID on a Linux Server","text":"
      This section provides an overview of PID namespaces and shows several ways to find the host PID for a container.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#tldr","title":"tl;dr","text":"
      If you used Podman or Docker to run your container, and you gave the container a unique name, the following commands can be used to find the host PID of a container.
       
      podman inspect -f '{{.State.Pid}}' <CONTAINER_NAME>\n
       
      or, similarly,
       
      docker inspect -f '{{.State.Pid}}'  <CONTAINER_NAME>\n
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#overview-of-pid-namespaces-and-container-host-pids","title":"Overview of PID namespaces and Container Host PIDs","text":"
      Each container has a PID namespace. Each PID namespace (other than the root) is contained within a parent PID namespace. In general, this relationship is hierarchical and PID namespaces can be nested within other PID namespaces. In this section, we will just cover the case of a root PID namepsace on a Linux server that has containers with PID namespaces that are direct children of the root. The multi-level case is described in the section on Nested Containers with kind below.
       
      The PID namespaces can be listed using the lsns -t pid command. Before we start any containers, we just have the one root pid namespace as shown below.
       
      sudo lsns -t pid\n        NS TYPE NPROCS PID USER COMMAND\n4026531836 pid     325   1 root /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n
       
      Now lets start a container with the following command in a new shell:
       
      podman run -it --name=container_1 fedora:latest /bin/bash\n
       
      NOTE: In this section, we are using podman to run containers. However, all of the same commands can also be used with docker.
       
      Now back on the host we have:
       
      sudo lsns -t pid\n        NS TYPE NPROCS    PID USER      COMMAND\n4026531836 pid     337      1 root      /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n4026532948 pid       1 150342 user_abcd /bin/bash\n
       
      We can see that the host PID for the container we just started is 150342.
       
      Now let's start another container in a new shell with the same command (except with a different name), and run the lsns command again on the host.
       
      podman run -it --name=container_2 fedora:latest /bin/bash\n
       
      On the host:
       
      sudo lsns -t pid\n        NS TYPE NPROCS    PID USER      COMMAND\n4026531836 pid     339      1 root      /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n4026532948 pid       1 150342 user_abcd /bin/bash\n4026533041 pid       1 150545 user_abcd /bin/bash\n
       
      We now have 3 pid namespaces -- one for root and two for the containers. Since we already know that the first container had PID 150342 we can conclude that the second container has PID 150545. However, what would we do if we didn't already know the PID for one of the containers?  
       
      If the container we were interested in was running a unique command, we could use that to disambiguate. However, in this case, both are running the same /bin/bash command.
       
      If something unique is running inside of the container, we can use the ps -e -o pidns,pid,args command to get some info.
       
      For example, run sleep 1111 in container_1, then
       
      sudo ps -e -o pidns,pid,args | grep 'sleep 1111'\n4026532948  150778 sleep 1111\n4026531836  151002 grep --color=auto sleep 1111\n
       
      This tells us that the sleep 1111 command is running in PID namespace 4026532948. And,
       
      sudo lsns -t pid | grep 4026532948\n4026532948 pid       2 150342 user_abcd /bin/bash\n
       
      Tells us that the container's host PID is 150342.
       
      Alternatively, we could run lsns inside of container_1.
       
      dnf install -y util-linux\nlsns -t pid\n        NS TYPE NPROCS PID USER COMMAND\n4026532948 pid       2   1 root /bin/bash\n
       
      This tells us a few interesting things. 
       
         
      1. Inside the container, the PID is 1,
        2.  
      2. We can't see any of the other PID namespaces inside the container.
        3.  
      3. The container PID namespace is 4026532948.
        4.  
       
      With the container PID namespace, we can run the lsns -t pid | grep 4026532948 command as we did above to find the container's host PID
       
      Finally, the container runtime knows the pid mapping. As mentioned at the beginning of this section, if the unique name of the container is known, the following command can be used to get the host PID.
       
      podman inspect -f '{{.State.Pid}}' container_1\n150342\n
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#how-bpfman-agent-finds-the-pid-on-kubernetes","title":"How bpfman Agent Finds the PID on Kubernetes","text":"
      When running on Kubernetes, the \"containers\" field in the UprobeProgram CRD can be used to identify one or more containers using the following information:
       
         
      • Namespace
        •  
      • Pod Label
        •  
      • Container Name
        •  
       
      If the container selector matches any containers on a given node, the bpfman-agent determines the host PID for those containers and then calls bpfman to attach the uprobe in the container with the given PID.
       
      From what we can tell, there is no way to find the host PID for a container running in a Kubernetes pod from the Kubernetes interface. However, the container runtime does know this mapping. 
       
      The bpfman-agent implementation uses multiple steps to find the set of PIDs on a given node (if any) for the containers that are identified by the container selector.
       
         
      1. It uses the Kubernetes interface to get a list of pods on the local node that    match the container selector.
        2.  
      2. It uses use crictl with the names of the pods found to get the pod IDs
        3.  
      3. It uses crictl with the pod ID to find the containers in those pods and    then checks whether any match the container selector.
        4.  
      4. Finally, it uses crictl with the pod IDs found to get the host PIDs for the    containers.
        5.  
       
      As an example, the bpfman.io_v1alpha1_uprobe_uprobeprogram_containers.yaml file can be used with the kubectl apply -f command to install uprobes on two of the containers in the bpfman-agent pod. The bpfman code does this programmatically, but we will step through the process of finding the host PIDs for the two containers here using cli commands to demonstrate how it works.
       
      We will use a kind deployment with bpfman for this demo. See Deploy Locally via KIND for instructions on how to get this running.
       
      The container selector in the above yaml file is the following.
       
        containers:\n    namespace: bpfman\n    pods:\n      matchLabels:\n        name: bpfman-daemon\n    containernames:\n      - bpfman\n      - bpfman-agent\n
       
      bpfman accesses the Kubernetes API and uses crictl from the bpfman-agent container. However, the bpfman-agent container doesn't have a shell by default, so we will run the examples from the bpfman-deployment-control-plane node, which will yield the same results. bpfman-deployment-control-plane is a docker container in our kind cluster, so enter the container.
       
      docker exec -it c84cae77f800 /bin/bash\n
       Install crictl.
       
      apt update\napt install wget\nVERSION=\"v1.28.0\"\nwget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz\ntar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin\nrm -f crictl-$VERSION-linux-amd64.tar.gz\n
       
      First use kubectl to get the list of pods that match our container selector.
       
      kubectl get pods -n bpfman -l name=bpfman-daemon\nNAME                  READY   STATUS    RESTARTS   AGE\nbpfman-daemon-cv9fm   3/3     Running   0          6m54s\n
       
      NOTE: The bpfman code also filters on the local node, but we only have one node in this deployment, so we'll ignore that here.
       
      Now, use crictl with the name of the pod found to get the pod ID.
       
      crictl pods --name bpfman-daemon-cv9fm\nPOD ID              CREATED             STATE               NAME                  NAMESPACE           ATTEMPT             RUNTIME\ne359900d3eca5       46 minutes ago      Ready               bpfman-daemon-cv9fm   bpfman              0                   (default)\n
       
      Now, use the pod ID to get the list of containers in the pod.
       
      crictl ps --pod e359900d3eca5\nCONTAINER           IMAGE               CREATED             STATE               NAME                    ATTEMPT             POD ID              POD\n5eb3b4e5b45f8       50013f94a28d1       48 minutes ago      Running             node-driver-registrar   0                   e359900d3eca5       bpfman-daemon-cv9fm\n629172270a384       e507ecf33b1f8       48 minutes ago      Running             bpfman-agent            0                   e359900d3eca5       bpfman-daemon-cv9fm\n6d2420b80ddf0       86a517196f329       48 minutes ago      Running             bpfman                  0                   e359900d3eca5       bpfman-daemon-cv9fm\n
       
      Now use the container IDs for the containers identified in the container selector to get the PIDs of the containers.
       
      # Get PIDs for bpfman-agent container\ncrictl inspect 629172270a384 | grep pid\n    \"pid\": 2158,\n            \"pid\": 1\n            \"type\": \"pid\"\n\n# Get PIDs for bpfman container\ncrictl inspect 6d2420b80ddf0 | grep pid\n    \"pid\": 2108,\n            \"pid\": 1\n            \"type\": \"pid\"\n
       
      From the above output, we can tell that the host PID for the bpfman-agent container is 2158, and the host PID for the bpfman container is 2108. So, now bpfman-agent would have the information needed to call bpfman with a request to install a uprobe in the containers.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#nested-containers-with-kind","title":"Nested Containers with kind","text":"
      kind is a tool for running local Kubernetes clusters using Docker container \u201cnodes\u201d. The kind cluster we used for the previous section had a single node.
       
      $ kubectl get nodes\nNAME                              STATUS   ROLES           AGE   VERSION\nbpfman-deployment-control-plane   Ready    control-plane   24h   v1.27.3\n
       
      We can see the container for that node on the base server from Docker as follows.
       
      docker ps\nCONTAINER ID   IMAGE                  COMMAND                  CREATED        STATUS        PORTS                       NAMES\nc84cae77f800   kindest/node:v1.27.3   \"/usr/local/bin/entr\u2026\"   25 hours ago   Up 25 hours   127.0.0.1:36795->6443/tcp   bpfman-deployment-control-plane\n
       
      Our cluster has a number of pods as shown below.
       
      kubectl get pods -A\nNAMESPACE            NAME                                                      READY   STATUS    RESTARTS   AGE\nbpfman               bpfman-daemon-cv9fm                                       3/3     Running   0          24h\nbpfman               bpfman-operator-7f67bc7c57-bpw9v                          2/2     Running   0          24h\nkube-system          coredns-5d78c9869d-7tw9b                                  1/1     Running   0          24h\nkube-system          coredns-5d78c9869d-wxwfn                                  1/1     Running   0          24h\nkube-system          etcd-bpfman-deployment-control-plane                      1/1     Running   0          24h\nkube-system          kindnet-lbzw4                                             1/1     Running   0          24h\nkube-system          kube-apiserver-bpfman-deployment-control-plane            1/1     Running   0          24h\nkube-system          kube-controller-manager-bpfman-deployment-control-plane   1/1     Running   0          24h\nkube-system          kube-proxy-sz8v9                                          1/1     Running   0          24h\nkube-system          kube-scheduler-bpfman-deployment-control-plane            1/1     Running   0          24h\nlocal-path-storage   local-path-provisioner-6bc4bddd6b-22glj                   1/1     Running   0          24h\n
       
      Using the lsns command in the node's docker container, we can see that it has a number of PID namespaces (1 for each container that is running in the pods in the cluster), and all of these containers are nested inside of the docker \"node\" container shown above.
       
      lsns -t pid\n        NS TYPE NPROCS   PID USER  COMMAND\n# Note: 12 rows have been deleted below to save space\n4026532861 pid      17     1 root  /sbin/init\n4026532963 pid       1   509 root  kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-addre\n4026532965 pid       1   535 root  kube-controller-manager --allocate-node-cidrs=true --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfi\n4026532967 pid       1   606 root  kube-apiserver --advertise-address=172.18.0.2 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt\n4026532969 pid       1   670 root  etcd --advertise-client-urls=https://172.18.0.2:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib\n4026532972 pid       1  1558 root  local-path-provisioner --debug start --helper-image docker.io/kindest/local-path-helper:v20230510-486859a6 --config /etc/config/config.json\n4026533071 pid       1   957 root  /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=bpfman-deployment-control-plane\n4026533073 pid       1  1047 root  /bin/kindnetd\n4026533229 pid       1  1382 root  /coredns -conf /etc/coredns/Corefile\n4026533312 pid       1  1896 65532 /usr/local/bin/kube-rbac-proxy --secure-listen-address=0.0.0.0:8443 --upstream=http://127.0.0.1:8174/ --logtostderr=true --v=0\n4026533314 pid       1  1943 65532 /bpfman-operator --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174 --leader-elect\n4026533319 pid       1  2108 root  ./bpfman system service --timeout=0 --csi-support\n4026533321 pid       1  2158 root  /bpfman-agent --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174\n4026533323 pid       1  2243 root  /csi-node-driver-registrar --v=5 --csi-address=/csi/csi.sock --kubelet-registration-path=/var/lib/kubelet/plugins/csi-bpfman/csi.sock\n
       We can see the bpfman containers we were looking at earlier in the output above. Let's take a deeper look at the bpfman-agent container that has a PID of 2158 on the Kubernetes node container and a PID namespace of 4026533321. If we go back to the base server, we can find the container's PID there.
       
      sudo lsns -t pid | grep 4026533321\n4026533321 pid       1 222225 root  /bpfman-agent --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174\n
       
      This command tells us that the PID of our bpfman-agent is 222225 on the base server. The information for this PID is contained in /proc/222225.  The following command will show the PID mappings for that one container at each level.
       
      sudo grep NSpid /proc/222225/status\nNSpid:  222225  2158    1\n
       
      The output above tells us that the PIDs for the bpfman-agent container are 222225 on the base server, 2158 in the Docker \"node\" container, and 1 inside the container itself.
      "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#moving-forward","title":"Moving Forward","text":"
      As always, there is more work to do. The highest priority goals are to support additional eBPF program types and to use the Container Runtime Interface directly.
       
      We chose uprobes first because we had a user with a specific need. However, there are use cases for other eBPF program types.
       
      We used crictl in this first implementation because it already exists, supports multiple container runtimes, handles the corner cases, and is maintained. This allowed us to focus on the bpfman implementation and get the feature done more quickly. However, it would be better to access the container runtime interface directly rather than using an external executable.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/","title":"bpfman: A Novel Way to Manage eBPF","text":"
      In today's cloud ecosystem, there's a demand for low-level system access to enable high-performance observability, security, and networking functionality for applications. Historically these features have been implemented in user space, however, the ability to program such functionality into the kernel itself can provide many benefits including (but not limited to) performance. Regardless, many Linux users still opt away from in-tree or kernel module development due to the slow rate of iteration and ensuing large management burden.  eBPF has emerged as a technology in the Linux Kernel looking to change all that.
       
      eBPF is a simple and efficient way to dynamically load programs into the kernel at runtime, with safety and performance provided by the kernel itself using a Just-In-Time (JIT) compiler and verification process. There are a wide variety of program types one can create with eBPF, which include everything from networking applications to security systems.
       
      However, eBPF is still a fairly nascent technology and it's not all kittens and rainbows. The process of developing, testing, deploying, and maintaining eBPF programs is not a road well traveled yet, and the story gets even more complicated when you want to deploy your programs in a multi-node system, such as a Kubernetes cluster. It was these kinds of problems that motivated the creation of bpfman, a system daemon for loading and managing eBPF programs in both traditional systems and Kubernetes clusters. In this blog post, we'll discuss the problems bpfman can help solve, and how to deploy and use it.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#current-challenges-with-developing-and-deploying-ebpf-programs","title":"Current Challenges with Developing and Deploying eBPF Programs","text":"
      While some organizations have had success developing, deploying, and maintaining production software which includes eBPF programs, the barrier to entry is still very high.
       
      Following the basic eBPF development workflow, which often involves many hours trying to interpret and fix mind-bending eBPF verifier errors, the process of deploying a program in testing and staging environments often results in a lot of custom program loading and management functionality specific to the application. When moving to production systems in environments like Kubernetes clusters the operational considerations continue to compound.
       
      Security is another significant challenge, which we will cover in more depth in a follow-on blog.  However, at a high level, applications that use eBPF typically load their own eBPF programs, which requires at least CAP_BPF.  Many BPF programs and attach points require additional capabilities from CAP_SYS_PTRACE, CAP_NET_ADMIN and even including CAP_SYS_ADMIN.  These privileges include capabilities that aren\u2019t strictly necessary for eBPF and are too coarsely grained to be useful.  Since the processes that load eBPF are usually long-lived and often don\u2019t drop privileges it leaves a wide attack surface.
       
      While it doesn't solve all the ergonomic and maintenance problems associated with adopting eBPF, bpfman does try to address several of these issues -- particularly as it pertains to security and the lifecycle management of eBPF programs. In the coming sections, we will go into more depth about what eBPF does, and how it can help reduce the costs associated with deploying and managing eBPF-powered workloads.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-overview","title":"bpfman Overview","text":"
      The bpfman project provides a software stack that makes it easy to manage the full lifecycle of eBPF programs.  In particular, it can load, unload, modify, and monitor eBPF programs on a single host, or across a full Kubernetes cluster. The key components of bpfman include the bpfman daemon itself which can run independently on any Linux box, an accompanying Kubernetes Operator designed to bring first-class support to clusters via Custom Resource Definitions (CRDs), and eBPF program packaging.
       
      These components will be covered in more detail in the following sections.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-daemon","title":"bpfman Daemon","text":"
      The bpfman daemon works directly with the operating system to manage eBPF programs.  It loads, updates, and unloads eBPF programs, pins maps, and provides visibility into the eBPF programs loaded on a system.  Currently, bpfman fully supports XDP, TC, Tracepoint, uProbe, and kProbe eBPF programs. In addition, bpfman can display information about all types of eBPF programs loaded on a system whether they were loaded by bpfman or some other mechanism. bpfman is developed in the Rust programming language and uses Aya, an eBPF library which is also developed in Rust.
       
      When used on an individual server, bpfman runs as a system daemon, and applications communicate with it using a gRPC API.  bpfman can also be used via a command line which in turn uses the gRPC API. The following is an example of using bpfman to load and attach an xdp program.
       
      bpfman load-from-image -g GLOBAL_u8=01 -i quay.io/bpfman-bytecode/xdp_pass:latest xdp -i eth0 -p 100\n
       
      This architecture is depicted in the following diagram.
       
       
      Using bpfman in this manner significantly improves security because the API is secured using mTLS, and only bpfman needs the privileges required to load and manage eBPF programs and maps.
       
      Writing eBPF code is tough enough as it is.  Typically, an eBPF-based application would need to also implement support for the lifecycle management of the required eBPF programs.  bpfman does that for you and allows you to focus on developing your application.
       
      Another key functional advantage that bpfman offers over libbpf or the Cilium ebpf-go library is support for multiple XDP programs. Standard XDP only allows a single XDP program on a given interface, while bpfman supports loading multiple XDP programs on each interface using the multi-prog protocol defined in libxdp. This allows the user to add, delete, update, prioritize, and re-prioritize the multiple programs on each interface. There is also support to configure whether the flow of execution should terminate and return or continue to the next program in the list based on the return value.
       
      While TC natively supports multiple programs on each attach point, it lacks the controls and flexibility enabled by the multi-prog protocol. bpfman therefore also supports the same XDP multi-prog solution for TC programs which has the added benefit of a consistent user experience for both XDP and TC programs.
       
      eBPF programs are also difficult to debug on a system.  The visibility provided by bpfman can be a key tool in understanding what is deployed and how they may interact.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-kubernetes-support","title":"bpfman Kubernetes Support","text":"
      The benefits of bpfman are brought to Kubernetes by the bpfman operator.  The bpfman operator is developed in Go using the Operator SDK framework, so it should be familiar to most Kubernetes application developers. The bpfman operator deploys a daemonset, containing both bpfman and the bpfman agent processes on each node. Rather than making requests directly to bpfman with the gRPC API or CLI as described above, Kubernetes applications use bpfman custom resource definitions (CRDs) to make requests to bpfman to load and attach eBPF programs.  bpfman uses two types of CRDs; Program CRDs for each eBPF program type (referred to as *Program CRDs, where * = Xdp, Tc, etc.) created by the application to express the desired state of an eBPF program on the cluster, and per node BpfProgram CRDs created by the bpfman agent to report the current state of the eBPF program on each node.
       
      Using XDP as an example, the application can request that an XDP program be loaded on multiple nodes using the XdpProgram CRD, which includes the necessary information such as the bytecode image to load, interface to attach it to, and priority.  An XdpProgram CRD that would do the same thing as the CLI command shown above on every node in a cluster is shown below.
       
      apiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 0\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8:\n      - 0x01\n
       
      The bpfman agent on each node watches for the *Program CRDs, and makes calls to the local instance of bpfman as necessary to ensure that the state on the local node reflects the state requested in the *Program CRD.  The bpfman agent on each node in turn creates and updates a BpfProgram object for the *Program CRD that reflects the state of the program on that node and reports the eBPF map information for the program.  The following is the BpfProgram CRD on one node for the above XdpProgram CRD.
       
      kubectl get bpfprograms.bpfman.io xdp-pass-all-nodes-bpfman-deployment-control-plane-eth0 -o yaml\n
       
      apiVersion: bpfman.io/v1alpha1\nkind: BpfProgram\nmetadata:\n  annotations:\n    bpfman.io.xdpprogramcontroller/interface: eth0\n  creationTimestamp: \"2023-08-29T22:08:12Z\"\n  finalizers:\n  - bpfman.io.xdpprogramcontroller/finalizer\n  generation: 1\n  labels:\n    bpfman.io/ownedByProgram: xdp-pass-all-nodes\n    kubernetes.io/hostname: bpfman-deployment-control-plane\n  name: xdp-pass-all-nodes-bpfman-deployment-control-plane-eth0\n  ownerReferences:\n  - apiVersion: bpfman.io/v1alpha1\n    blockOwnerDeletion: true\n    controller: true\n    kind: XdpProgram\n    name: xdp-pass-all-nodes\n    uid: 838dc2f8-a348-427e-9dc4-f6a6ea621930\n  resourceVersion: \"2690\"\n  uid: 5a622961-e5b0-44fe-98af-30756b2d0b62\nspec:\n  type: xdp\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-08-29T22:08:14Z\"\n    message: Successfully loaded bpfProgram\n    reason: bpfmanLoaded\n    status: \"True\"\n    type: Loaded\n
       
      Finally, the bpfman operator watches for updates to the BpfProgram objects and reports the global state of each eBPF program.  If the program was successfully loaded on every selected node, it will report success, otherwise, it will identify the node(s) that had a problem.  The following is the XdpProgram CRD as updated by the operator.
       
      kubectl get xdpprograms.bpfman.io xdp-pass-all-nodes -o yaml\n
       
      apiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"xdp-pass-all-nodes\"},\"spec\":{\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/xdp_pass:latest\"}},\"globaldata\":{\"GLOBAL_u8\":[1]},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":0,\"bpffunctionname\":\"pass\"}}\n  creationTimestamp: \"2023-08-29T22:08:12Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\n  resourceVersion: \"2685\"\n  uid: 838dc2f8-a348-427e-9dc4-f6a6ea621930\nspec:\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8: 0x01\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 0\n  proceedon:\n  - pass\n  - dispatcher_return\n  name: pass\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-08-29T22:08:12Z\"\n    message: Waiting for Program Object to be reconciled to all nodes\n    reason: ProgramsNotYetLoaded\n    status: \"True\"\n    type: NotYetLoaded\n  - lastTransitionTime: \"2023-08-29T22:08:12Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
       
      More details about this process can be seen here
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#ebpf-program-packaging","title":"eBPF program packaging","text":"
      The eBPF Bytecode Image specification was created as part of the bpfman project to define a way to package eBPF bytecode as OCI container images.  Its use was illustrated in the CLI and XdpProgram CRD examples above in which the XDP program was loaded from quay.io/bpfman-bytecode/xdp_pass:latest. The initial motivation for this image spec was to facilitate the deployment of eBPF programs in container orchestration systems such as Kubernetes, where it is necessary to provide a portable way to distribute bytecode to all nodes that need it. However, bytecode images have proven useful on standalone Linux systems as well.  When coupled with BPF CO-RE (Compile Once \u2013 Run Everywhere), portability is further enhanced in that applications can use the same bytecode images across different kernel versions without the need to recompile them for each version. Another benefit of bytecode containers is image signing.  There is currently no way to sign and validate raw eBPF bytecode.  However, the bytecode containers can be signed and validated by bpfman using sigstore to improve supply chain security.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#key-benefits-of-bpfman","title":"Key benefits of bpfman","text":"
      This section reviews some of the key benefits of bpfman.  These benefits mostly apply to both standalone and Kubernetes deployments, but we will focus on the benefits for Kubernetes here.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#security","title":"Security","text":"
      Probably the most compelling benefit of using bpfman is enhanced security. When using bpfman, only the bpfman daemon, which can be tightly controlled, needs the privileges required to load eBPF programs, while access to the API can be controlled via standard RBAC methods on a per-application and per-CRD basis. Additionally, the signing and validating of bytecode images enables supply chain security.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#visibility-and-debuggability","title":"Visibility and Debuggability","text":"
      eBPF programs can interact with each other in unexpected ways.  The multi-program support described above helps control these interactions by providing a common mechanism to prioritize and control the flow between the programs.  However, there can still be problems, and there may be eBPF programs running on nodes that were loaded by other mechanisms that you don\u2019t even know about.  bpfman helps here too by reporting all of the eBPF programs running on all of the nodes in a Kubernetes cluster.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#productivity","title":"Productivity","text":"
      As described above, managing the lifecycle of eBPF programs is something that each application currently needs to do on its own.  It is even more complicated to manage the lifecycle of eBPF programs across a Kubernetes cluster.  bpfman does this for you so you don't have to.  eBPF bytecode images help here as well by simplifying the distribution of eBPF bytecode to multiple nodes in a cluster, and also allowing separate fine-grained versioning control for user space and kernel space code.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#demonstration","title":"Demonstration","text":"
      This demonstration is adapted from the instructions documented by Andrew Stoycos here.
       
      These instructions use kind and bpfman release v0.2.1. It should also be possible to run this demo on other environments such as minikube or an actual cluster.
       
      Another option is to build the code yourself and use make run-on-kind
       
      to create the cluster as is described in the given links.  Then, start with step 5.
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#run-the-demo","title":"Run the demo","text":"
      1. Create Kind Cluster
       
      kind create cluster --name=test-bpfman\n
       
      2. Deploy Cert manager
       
      kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml\n
       
      3. Deploy bpfman Crds
       
      kubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v0.2.1/bpfman-crds-install-v0.2.1.yaml\n
       
      4. Deploy bpfman-operator
       
      kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v0.2.1/bpfman-operator-install-v0.2.1.yaml\n
       
      5. Verify the deployment
       
      kubectl get pods -A\n
       
      NAMESPACE            NAME                                              READY   STATUS    RESTARTS   AGE\nbpfman                 bpfman-daemon-nkzpf                                 2/2     Running   0          28s\nbpfman                 bpfman-operator-77d697fdd4-clrf7                    2/2     Running   0          33s\ncert-manager         cert-manager-99bb69456-x8n84                      1/1     Running   0          57s\ncert-manager         cert-manager-cainjector-ffb4747bb-pt4hr           1/1     Running   0          57s\ncert-manager         cert-manager-webhook-545bd5d7d8-z5brw             1/1     Running   0          57s\nkube-system          coredns-565d847f94-gjjft                          1/1     Running   0          61s\nkube-system          coredns-565d847f94-mf2cq                          1/1     Running   0          61s\nkube-system          etcd-test-bpfman-control-plane                      1/1     Running   0          76s\nkube-system          kindnet-lv6f9                                     1/1     Running   0          61s\nkube-system          kube-apiserver-test-bpfman-control-plane            1/1     Running   0          76s\nkube-system          kube-controller-manager-test-bpfman-control-plane   1/1     Running   0          77s\nkube-system          kube-proxy-dtmvb                                  1/1     Running   0          61s\nkube-system          kube-scheduler-test-bpfman-control-plane            1/1     Running   0          78s\nlocal-path-storage   local-path-provisioner-684f458cdd-8gxxv           1/1     Running   0          61s\n
       
      Note that we have the bpfman-operator, bpf-daemon and cert-manager pods running.
       
      6. Deploy the XDP counter program and user space application
       
      kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v0.2.1/go-xdp-counter-install-v0.2.1.yaml\n
       
      7. Confirm that the programs are loaded
       
      Userspace program:
       
      kubectl get pods -n go-xdp-counter\n
       
      NAME                      READY   STATUS              RESTARTS   AGE\ngo-xdp-counter-ds-9lpgp   0/1     ContainerCreating   0          5s\n
       
      XDP program:
       
      kubectl get xdpprograms.bpfman.io -o wide\n
       
      NAME                     BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\ngo-xdp-counter-example   stats             {}             55         {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\n
       
      8. Confirm that the counter program is counting packets.
       
      Notes:
       
         
      • The counters are updated every 5 seconds, and stats are being collected for the pod's primary node interface, which may not have a lot of traffic. However, running the kubectl command below generates traffic on that interface, so run the command a few times and give it a few seconds in between to confirm whether the counters are incrementing.
        •  
      • Replace \"go-xdp-counter-ds-9lpgp\" with the go-xdp-counter pod name for your deployment.
        •  
       
      kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
       
      2023/09/05 16:58:21 1204 packets received\n2023/09/05 16:58:21 13741238 bytes received\n\n2023/09/05 16:58:24 1220 packets received\n2023/09/05 16:58:24 13744258 bytes received\n\n2023/09/05 16:58:27 1253 packets received\n2023/09/05 16:58:27 13750364 bytes received\n
       
      9. Deploy the xdp-pass-all-nodes program with priority set to 50 and   proceedon set to drop as shown below
       
      kubectl apply -f - <<EOF\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 50\n  proceedon:\n    - drop\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\nEOF\n
       
      10. Verify both XDP programs are loaded.
       
      kubectl get xdpprograms.bpfman.io -o wide\n
       
      NAME                     BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\ngo-xdp-counter-example   stats             {}             55         {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\nxdp-pass-all-nodes       pass              {}             50         {\"primarynodeinterface\":true}   [\"drop\"]\n
       
      The priority setting determines the order in which programs attached to the same interface are executed by the dispatcher with a lower number being a higher priority.  The go-xdp-counter-example program was loaded at priority 55, so the xdp-pass-all-nodes program will execute before the go-xdp-counter-example program.
       
      The proceedon setting tells the dispatcher whether to \"proceed\" to execute the next lower priority program attached to the same interface depending on the program's return value.  When we set proceedon to drop, execution will proceed only if the program returns XDP_DROP.  However, the xdp-pass-all-nodes program only returns XDP_PASS, so execution will terminate after it runs.
       
      Therefore, by loading the xdp-pass-all-nodes program in this way, we should have effectively stopped the go-xdp-counter-example program from running.  Let's confirm that.
       
      11. Verify that packet counts are not being updated anymore
       
      Run the following command several times
       
      kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
       
      2023/09/05 17:10:27 1395 packets received\n2023/09/05 17:10:27 13799730 bytes received\n\n2023/09/05 17:10:30 1395 packets received\n2023/09/05 17:10:30 13799730 bytes received\n\n2023/09/05 17:10:33 1395 packets received\n2023/09/05 17:10:33 13799730 bytes received\n
       
      12. Now, change the priority of the xdp-pass program to 60
       
      kubectl apply -f - <<EOF\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 60\n  proceedon:\n    - drop\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\nEOF\n
       
      13. Confirm that packets are being counted again
       
      Run the following command several times
       
      kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
       
      2023/09/05 17:12:21 1435 packets received\n2023/09/05 17:12:21 13806214 bytes received\n\n2023/09/05 17:12:24 1505 packets received\n2023/09/05 17:12:24 13815359 bytes received\n\n2023/09/05 17:12:27 1558 packets received\n2023/09/05 17:12:27 13823065 bytes received\n
       
      We can see that the counters are incrementing again.
       
      14. Clean everything up
       
      Delete the programs
       
      kubectl delete xdpprogram xdp-pass-all-nodes\nkubectl delete -f https://github.com/bpfman/bpfman/releases/download/v0.2.0/go-xdp-counter-install-v0.2.0.yaml\n
       
      And/or, delete the whole kind cluster
       
      kind delete clusters test-bpfman\n
      "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#joining-the-bpfman-community","title":"Joining the bpfman community","text":"
      If you're interested in bpfman and want to get involved, you can connect with the community in multiple ways. If you have some simple questions or need some help feel free to start a discussion. If you find an issue, or you want to request a new feature, please create an issue. If you want something a little more synchronous, the project maintains a #bpfman channel on Kubernetes Slack and we have a weekly community meeting where everyone can join and bring topics to discuss about the project. We hope to see you there!
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/","title":"bpfman's Shift Towards a Daemonless Design and Using Sled: a High Performance Embedded Database","text":"
      As part of issue #860 the community has steadily been converting all of the internal state management to go through a sled database instance which is part of the larger effort to make bpfman completely damonless.
       
      This article will go over the reasons behind the change and dive into some of the details of the actual implementation.
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#why","title":"Why?","text":"
      State management in bpfman has always been a headache, not because there's a huge amount of disparate data but there's multiple representations of the same data. Additionally the delicate filesystem interactions and layout previously used to ensure persistence across restarts often led to issues.
       
      Understanding the existing flow of data in bpfman can help make this a bit clearer:
       
       
      With this design there was a lot of data wrangling required to convert the tonic generated rust bindings for the protocol buffer API into data structures that were useful for bpfman. Specifically, data would arrive via GRPC server as specified in bpfman.v1.rs where rust types are inferred from the protobuf definition. In rpc.rs data was then converted to an internal set of structures defined in command.rs.  Prior to pull request #683 there was an explosion of types, with each bpfman command having it's own set of internal structures and enums.  Now, most of the data for a program that bpfman needs internally for all commands to manage an eBPF program is stored in the ProgramData structure, which we'll take a deeper look at a bit later. Additionally, there is extra complexity for XDP and TC program types which rely on an eBPF dispatcher program to provide multi-program support on a single network interface, however this article will try to instead focus on the simpler examples.
       
      The tree of data stored by bpfman is quite complex and this is made even more complicated since bpfman has to be persistent across restarts. To support this, raw data was often flushed to disk in the form of JSON files (all types in command.rs needed to implement serde's Serialize and Deserialize). Specific significance would also be encoded to bpfman's directory structure, i.e all program related information was encoded in /run/bpfd/programs/<ID>. The extra infrastructure and failure modes introduced by this process was a constant headache, pushing the community to find a better solution.
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#why-sled","title":"Why Sled?","text":"
      Sled is an open source project described in github as \"the champagne of beta embedded databases\". The \"reasons\" for choosing an embedded database from the project website are pretty much spot on:
       
      Embedded databases are useful in several cases:\n\n- you want to store data on disk, without facing the complexity of files\n- you want to be simple, without operating an external database\n- you want to be fast, without paying network costs\n- using disk storage as a building block in your system\n
       
      As discussed in the previous section, persistence across restarts, is one of bpfman's core design constraints, and with sled we almost get it for free! Additionally due to the pervasive nature of data management to bpfman's core workflow the data-store needed to be kept as simple and light weight as possible, ruling out heavier production-ready external database systems such as MySQL or Redis.
       
      Now this mostly focused on why embedded dbs in general, but why did we choose sled...well because it's written in :crab: Rust :crab: of course! Apart from the obvious we took a small dive into the project before rewriting everything by transitioning the OCI bytecode image library to use the db rather than the filesystem.  Overall the experience was extremely positive due to the following:
       
         
      • No more dealing directly with the filesystem, the sled instance is flushed to   the fs automatically every 500 ms by default and for good measure we manually   flush it before shutting down.
        •  
      • The API is extremely simple, traditional get and insert operations function   as expected.
        •  
      • Error handling with sled:Error is relatively simple and easy to map explicitly   to a bpfmanError
        •  
      • The db \"tree\" concept makes it easy to have separate key-spaces within the same   instance.
        •  
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#transitioning-to-sled","title":"Transitioning to Sled","text":"
      Using the new embedded database started with the creation of a sled instance which could be easily shared across all of the modules in bpfman. To do this we utilized a globally available [lazy_static] variable called ROOT_DB in main.rs:
       
      #[cfg(not(test))]\nlazy_static! {\n    pub static ref ROOT_DB: Db = Config::default()\n        .path(STDIR_DB)\n        .open()\n        .expect(\"Unable to open root database\");\n}\n\n#[cfg(test)]\nlazy_static! {\n    pub static ref ROOT_DB: Db = Config::default()\n        .temporary(true)\n        .open()\n        .expect(\"Unable to open temporary root database\");\n}\n
       
      This block creates OR opens the filesystem backed database at /var/lib/bpfman/db database only when the ROOT_DB variable is first accessed, and also allows for the creation of a temporary db instance if running in unit tests. With this setup all of the modules within bpfman can now easily access the database instance by simply using it i.e use crate::ROOT_DB.
       
      Next the existing bpfman structures needed to be flattened in order to work with the db, the central ProgramData can be used to demonstrate how this was completed. Prior to the recent sled conversion that structure looked like:
       
      /// ProgramInfo stores information about bpf programs that are loaded and managed\n/// by bpfd.\n#[derive(Debug, Serialize, Deserialize, Clone, Default)]\npub(crate) struct ProgramData {\n    // known at load time, set by user\n    name: String,\n    location: Location,\n    metadata: HashMap<String, String>,\n    global_data: HashMap<String, Vec<u8>>,\n    map_owner_id: Option<u32>,\n\n    // populated after load\n    kernel_info: Option<KernelProgramInfo>,\n    map_pin_path: Option<PathBuf>,\n    maps_used_by: Option<Vec<u32>>,\n\n    // program_bytes is used to temporarily cache the raw program data during\n    // the loading process.  It MUST be cleared following a load so that there\n    // is not a long lived copy of the program data living on the heap.\n    #[serde(skip_serializing, skip_deserializing)]\n    program_bytes: Vec<u8>,\n}\n
       
      This worked well enough, but as mentioned before the process of flushing the data to disk involved manual serialization to JSON, which needed to occur at a specific point in time (following program load) which made disaster recovery almost impossible and could sometimes result in lost or partially reconstructed state.
       
      With sled the first idea was to completely flatten ALL of bpfman's data into a single key-space, so that program.name now simply turns into a db.get(\"program_<ID>_name\"), however removing all of the core structures would have resulted in a complex diff which would have been hard to review and merge.  Therefore a more staged approach was taken, the ProgramData structure was kept around, and now looks like:
       
      /// ProgramInfo stores information about bpf programs that are loaded and managed\n/// by bpfman.\n#[derive(Debug, Clone)]\npub(crate) struct ProgramData {\n    // Prior to load this will be a temporary Tree with a random ID, following\n    // load it will be replaced with the main program database tree.\n    db_tree: sled::Tree,\n\n    // populated after load, randomly generated prior to load.\n    id: u32,\n\n    // program_bytes is used to temporarily cache the raw program data during\n    // the loading process.  It MUST be cleared following a load so that there\n    // is not a long lived copy of the program data living on the heap.\n    program_bytes: Vec<u8>,\n}\n
       
      All of the fields are now removed in favor of a private reference to the unique [sled::Tree] instance for this ProgramData which is named using the unique kernel id for the program. Each sled::Tree represents a single logical key-space / namespace / bucket which allows key generation to be kept simple, i.e db.get(\"program_<ID>_name\") now can be db_tree_prog_0000.get(\"program_name). Additionally getters and setters are now built for each existing field so that access to the db can be controlled and the serialization/deserialization process can be hidden from the caller:
       
      ...\npub(crate) fn set_name(&mut self, name: &str) -> Result<(), BpfmanError> {\n    self.insert(\"name\", name.as_bytes())\n}\n\npub(crate) fn get_name(&self) -> Result<String, BpfmanError> {\n    self.get(\"name\").map(|v| bytes_to_string(&v))\n}\n...\n
       
      Therefore, ProgramData is now less of a container for program data and more of a wrapper for accessing program data.  The getters/setters act as a bridge between standard Rust types and the raw bytes stored in the database, i.e the [sled::IVec type].
       
      Once this was completed for all the relevant fields on all the relevant types, see pull request #874, the data bpfman needed for it's managed eBPF programs was now automatically synced to disk :partying_face:
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#tradeoffs","title":"Tradeoffs","text":"
      All design changes come with some tradeoffs: for bpfman's conversion to using sled the main negative ended up being with the complexity introduced with the [sled::IVec type]. It is basically just a thread-safe reference-counting pointer to a raw byte slice, and the only type raw database operations can be performed with. Previously when using serde_json all serialization/deserialization was automatically handled, however with sled the conversion is manual handled internally. Therefore, instead of a library handling the conversion of a rust string (std::string::String) to raw bytes &[u8] bpfman has to handle it internally, using [std::string::String::as_bytes] and bpfman::utils::bytes_to_string:
       
      pub(crate) fn bytes_to_string(bytes: &[u8]) -> String {\n    String::from_utf8(bytes.to_vec()).expect(\"failed to convert &[u8] to string\")\n}\n
       
      For strings, conversion was simple enough, but when working with more complex rust data types like HashMaps and Vectors this became a bit more of an issue. For Vectors, we simply flatten the structure into a group of key/values with indexes encoded into the key:
       
          pub(crate) fn set_kernel_map_ids(&mut self, map_ids: Vec<u32>) -> Result<(), BpfmanError> {\n        let map_ids = map_ids.iter().map(|i| i.to_ne_bytes()).collect::<Vec<_>>();\n\n        map_ids.iter().enumerate().try_for_each(|(i, v)| {\n            sled_insert(&self.db_tree, format!(\"kernel_map_ids_{i}\").as_str(), v)\n        })\n    }\n
       
      The sled scan_prefix(<K>) api then allows for easy fetching and rebuilding of the vector:
       
          pub(crate) fn get_kernel_map_ids(&self) -> Result<Vec<u32>, BpfmanError> {\n        self.db_tree\n            .scan_prefix(\"kernel_map_ids_\".as_bytes())\n            .map(|n| n.map(|(_, v)| bytes_to_u32(v.to_vec())))\n            .map(|n| {\n                n.map_err(|e| {\n                    BpfmanError::DatabaseError(\"Failed to get map ids\".to_string(), e.to_string())\n                })\n            })\n            .collect()\n    }\n
       
      For HashMaps, we follow a similar paradigm, except the map key is encoded in the database key:
       
          pub(crate) fn set_metadata(\n        &mut self,\n        data: HashMap<String, String>,\n    ) -> Result<(), BpfmanError> {\n        data.iter().try_for_each(|(k, v)| {\n            sled_insert(\n                &self.db_tree,\n                format!(\"metadata_{k}\").as_str(),\n                v.as_bytes(),\n            )\n        })\n    }\n\n    pub(crate) fn get_metadata(&self) -> Result<HashMap<String, String>, BpfmanError> {\n    self.db_tree\n        .scan_prefix(\"metadata_\")\n        .map(|n| {\n            n.map(|(k, v)| {\n                (\n                    bytes_to_string(&k)\n                        .strip_prefix(\"metadata_\")\n                        .unwrap()\n                        .to_string(),\n                    bytes_to_string(&v).to_string(),\n                )\n            })\n        })\n        .map(|n| {\n            n.map_err(|e| {\n                BpfmanError::DatabaseError(\"Failed to get metadata\".to_string(), e.to_string())\n            })\n        })\n        .collect()\n    }\n
       
      The same result could be achieved by creating individual database trees for each Vector/HashMap instance, however our goal was to keep the layout as flat as possible. Although this resulted in some extra complexity within the data layer, the overall benefits still outweighed the extra code once the conversion was complete.
      "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#moving-forward-and-getting-involved","title":"Moving forward and Getting Involved","text":"
      Once the conversion to sled is fully complete, see issue #860, the project will be able to completely transition to becoming a library without having to worry about data and state management.
       
      If you are interested in in memory databases, eBPF, Rust, or any of the technologies discussed today please don't hesitate to reach out at kubernetes slack on channel #bpfman or join one of the community meetings to get involved.
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/","title":"Community Meeting: January 4, 2024","text":""},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#welcome-to-2024","title":"Welcome to 2024!","text":"
      Welcome to the first bpfman Community Meeting of 2024. We are happy to start off a new year and excited for all the changes in store for bpfman in 2024!
       
      Below were some of the discussion points from this weeks Community Meeting.
       
         
      • bpfman-csi Needs To Become Its Own Binary
        •  
      • Kubernetes Support For Attaching uprobes In Containers
        •  
      • Building The Community
        •  
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#bpfman-csi-needs-to-become-its-own-binary","title":"bpfman-csi Needs To Become Its Own Binary","text":"
      Some of the next work items for bpfman revolve around removing the async code from the code base, make bpfman-core a rust library, and removing all the gRPC logic. Dave (@dave-tucker) is currently investigating this. One area to help out is to take the bpfman-csi thread and making it it's own binary. This may require making bpfman a bin and lib crate (which is fine, just needs a lib.rs and to be very careful about what we\u2019re exporting). Andrew (@astoycos) is starting to take a look at this.
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#kubernetes-support-for-attaching-uprobes-in-containers","title":"Kubernetes Support For Attaching uprobes In Containers","text":"
      Base support for attaching uprobes in containers is currently merged. Andre (@anfredette) pushed PR#875 for the integration with Kubernetes. The hard problems are solved, like getting the Container PID, but the current PR has some shortcuts to get the functionality working before the holiday break. So the PR#875 is not ready for review, but Dave (@dave-tucker) and Andre (@anfredette) may have a quick review to verify the design principles.
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#building-the-community","title":"Building The Community","text":"
      Short discussion on building the Community. In a previous meeting, Dave (@dave-tucker) suggested capturing the meeting minutes in blogs. By placing in a blog, they become searchable from search engines. Billy (@billy99) re-raised this topic and volunteered to start capturing the content. In future meetings, we may use the transcript feature from Google Meet to capture the content and try generating the blog via ChatGTP.
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#light-hearted-moments-and-casual-conversations","title":"Light-hearted Moments and Casual Conversations","text":"
      Amidst the technical discussions, the community members took a moment to share some light-hearted moments and casual conversations. Topics ranged from the challenges of post-holiday credit card bills to the complexities of managing family schedules during exam week. The discussion touched on the quirks of public school rules and the unique challenges of parenting during exam periods.
       
      The meeting ended on a friendly note, with plans for further collaboration and individual tasks assigned for the upcoming days. Participants expressed their commitment to pushing updates and improvements, with a promise to reconvene in the near future.
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#attendees","title":"Attendees","text":"
         
      • Andre Fredette (Red Hat)
        •  
      • Andrew Stoycos (Red Hat)
        •  
      • Billy McFall (Red Hat)
        •  
      • Dave Tucker (Red Hat)
        •  
      "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#bpfman-community-info","title":"bpfman Community Info","text":"
      A friendly reminder that the Community Meetings are every Thursday 10am-11am Eastern US Time and all are welcome!
       
      Google Meet joining info:
       
         
      • Google Meet
        •  
      • Or dial: (US) +1 984-221-0859 PIN: 613 588 790#
        •  
      • Agenda Document
        •  
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/","title":"Community Meeting: January 11 and 18, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#hit-the-ground-running","title":"Hit the Ground Running","text":"
      Another set of bpfman Community Meetings for 2024. There is a lot going on with bpfman in Q1 of 2024. Spending a lot of time making bpfman daemonless. I bailed for a ski trip after the Jan 11 meeting, so the notes didn't get written up. So this summary will include two weeks of meetings.
       
      Below were some of the discussion points from the last two weeks Community Meetings.
       
         
      • Manpage/CLI TAB Completion Questions (Jan 11)
        •  
      • Kubernetes Support for Attaching uprobes in Containers (Jan 11)
        •  
      • netify Preview in Github Removed (Jan 11)
        •  
      • RPM Builds and Socket Activation (Jan 18)
        •  
      • KubeCon EU Discussion (Jan 18)
        •  
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#january-11-2024","title":"January 11, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#manpagecli-tab-completion-questions-jan-11","title":"Manpage/CLI TAB Completion Questions (Jan 11)","text":"
      The bpfman CLI now has TAB Completion and man pages. However, a couple nits need to be cleaned up Issue#913 and Billy (@billy99) wanted to clarify a few issues encountered. The current implementation for both features  is using an environment variable to set the destination directory for the generated files. Other features don't work this way and there was a discussion on the proper location for the generated files. The decision was to use .output/..
       
      There was another discussion around clap (Rust CLI crate) and passing variables to clap from the Cargo.toml file. In the CLI code, #[command(author, version, about, long_about = None)] implies to pull the values from the Config.toml file, but we aren\u2019t setting any of those variables. Also, for cargo xtask build-man-page and cargo xtask build-completion they pull from the xtask Cargo.toml file. The decision was to set the variables implicitly in code and not pull from Cargo.toml.
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#kubernetes-support-for-attaching-uprobes-in-containers-jan-11","title":"Kubernetes Support for Attaching uprobes in Containers (Jan 11)","text":"
      Andre (@anfredette) is working on a feature to enable attaching uprobes in other Containers. Currently, bpfman only supports attaching uprobes within the bpfman container. There was a discussion on proper way to format a query to the KubeAPI server to match on NodeName on a Pod list. The discussion included so code walk through. Andrew (@astoycos) found a possible solution client-go:Issue#410 and Dave (@dave-tucker) suggested kubernetes-api:podspec-v1-core.
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#netify-preview-in-github-removed-jan-11","title":"netify Preview in Github Removed (Jan 11)","text":"
      Lastly, there was a discussion on the netify preview being removed from github and a reminder why. Dave (@dave-tucker) explained that with the docs release history now in place, \"current\" is from a branch and it is not easy to preview. So for now, document developers need to run mkdocs locally (See generate-documention).
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#attendees-jan-11","title":"Attendees (Jan 11)","text":"
         
      • Andre Fredette (Red Hat)
        •  
      • Andrew Stoycos (Red Hat)
        •  
      • Billy McFall (Red Hat)
        •  
      • Dave Tucker (Red Hat)
        •  
      • Shane Utt (Kong)
        •  
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#january-18-2024","title":"January 18, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#rpm-builds-and-socket-activation-jan-18","title":"RPM Builds and Socket Activation (Jan 18)","text":"
      RPM Builds for bpfman went in fairly recently and Billy (@billy99) had some questions around their implementation. RPM and Socket Activation were developed and merged around the same time and the RPM builds are not installing socket activation properly. Just verifying that RPMs should be installing the bpfman.socket file. And they should. There were also some questions on how to build RPMs locally. Verified that packit build locally is the way forward.
       
      Note: Socket activation was added to RPM Builds along with documentation on building and using RPMs in PR#922
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#kubecon-eu-discussion-jan-18","title":"KubeCon EU Discussion (Jan 18)","text":"
      With KubeCon EU just around the corner (March 19-22, 2024 in Paris), discussion around bpfman talks and who was attending. Dave (@dave-tucker) is probably attending and Shane (@shaneutt) might attend. So if you are planning on attending KubeCon EU and are interested in bpfman or just eBPF, keep an eye out for these guys for some lively discussions!
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#attendees-jan-18","title":"Attendees (Jan 18)","text":"
         
      • Billy McFall (Red Hat)
        •  
      • Dave Tucker (Red Hat)
        •  
      • Shane Utt (Kong)
        •  
      "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#bpfman-community-info","title":"bpfman Community Info","text":"
      A friendly reminder that the Community Meetings are every Thursday 10am-11am Eastern US Time and all are welcome!
       
      Google Meet joining info:
       
         
      • Google Meet
        •  
      • Or dial: (US) +1 984-221-0859 PIN: 613 588 790#
        •  
      • Agenda Document
        •  
      "},{"location":"design/daemonless/","title":"Daemonless bpfd","text":""},{"location":"design/daemonless/#introduction","title":"Introduction","text":"
      The bpfd daemon is a userspace daemon that runs on the host and responds to gRPC API requests over a unix socket, to load, unload and list the eBPF programs on a host.
       
      The rationale behind running as a daemon was because something needs to be listening on the unix socket for API requests, and that we also maintain some state in-memory about the programs that have been loaded. However, since this daemon requires root privileges to load and unload eBPF programs it is a security risk for this to be a long-running - even with the mitigations we have in place to drop privileges and run as a non-root user. This risk is equivalent to that of something like Docker.
       
      This document describes the design of a daemonless bpfd, which is a bpfd that runs only runs when required, for example, to load or unload an eBPF program.
      "},{"location":"design/daemonless/#design","title":"Design","text":"
      The daemonless bpfd is a single binary that collects some of the functionality from both bpfd and bpfctl.
       
      :note: Daemonless, not rootless. Since CAP_BPF (and more) is required to load and unload eBPF programs, we will still need to run as root. But at least we can run as root for a shorter period of time.
      "},{"location":"design/daemonless/#command-bpfd-system-service","title":"Command: bpfd system service","text":"
      This command will run the bpfd gRPC API server - for one or more of the gRPC API services we support.
       
      It will listen on a unix socket (or tcp socket) for API requests - provided via a positional argument, defaulting to unix:///var/run/bpfd.sock. It will shutdown after a timeout of inactivity - provided by a --timeout flag defaulting to 5 seconds.
       
      It will support being run as a systemd service, via socket activation, which will allow it to be started on demand when a request is made to the unix socket. When in this mode it will not create the unix socket itself, but will instead use LISTEN_FDS to determine the file descriptor of the unix socket to use.
       
      Usage in local development (or packaged in a container) is still possible by running as follows:
       
      sudo bpfd --timeout=0 unix:///var/run/bpfd.sock\n
       
      :note: The bpfd user and group will be deprecated. We will also remove some of the unit-file complexity (i.e directories) and handle this in bpfd itself.
      "},{"location":"design/daemonless/#command-bpfd-load-file","title":"Command: bpfd load file","text":"
      As the name suggests, this command will load an eBPF program from a file. This was formerly bpfctl load-from-file.
      "},{"location":"design/daemonless/#command-bpfd-load-image","title":"Command: bpfd load image","text":"
      As the name suggests, this command will load an eBPF program from a container image. This was formerly bpfctl load-from-image.
      "},{"location":"design/daemonless/#command-bpfd-unload","title":"Command: bpfd unload","text":"
      This command will unload an eBPF program. This was formerly bpfctl unload.
      "},{"location":"design/daemonless/#command-bpfd-list","title":"Command: bpfd list","text":"
      This command will list the eBPF programs that are currently loaded. This was formerly bpfctl list.
      "},{"location":"design/daemonless/#command-bpfd-pull","title":"Command: bpfd pull","text":"
      This command will pull the bpfd container image from a registry. This was formerly bpfctl pull.
      "},{"location":"design/daemonless/#command-bpfd-images","title":"Command: bpfd images","text":"
      This command will list the bpfd container images that are available. This command didn't exist, but makes sense to add.
      "},{"location":"design/daemonless/#command-bpfd-version","title":"Command: bpfd version","text":"
      This command will print the version of bpfd. This command didn't exist, but makes sense to add.
      "},{"location":"design/daemonless/#state-management","title":"State Management","text":"
      This is perhaps the most significant change from how bpfd currently works.
       
      Currently bpfd maintains state in-memory about the programs that have been loaded (by bpfd, and the kernel). Some of this state is flushed to disk, so if bpfd is restarted it can reconstruct it.
       
      Flushing to disk and state reconstruction is cumbersome at present and having to move all state management out of in-memory stores is a forcing function to improve this. We will replace the existing state management with sled, which gives us a familiar API to work with while also being fast, reliable and persistent.
      "},{"location":"design/daemonless/#metrics-and-monitoring","title":"Metrics and Monitoring","text":"
      While adding metrics and monitoring is not a goal of this design, it should nevertheless be a consideration. In order to provide metrics to Prometheus or OpenTelemetry we will require an additional exporter process.
       
      We can either:
       
         
      1. Use the bpfd socket and retrieve metrics via the gRPC API
        2.  
      2. Place state access + metrics gathering functions in a library, such that    they could be used directly by the exporter process without requiring the    bpfd socket.
        3.  
       
      The latter would be more inline with how podman-prometheus-exporter works. The benefit here is that, the metrics exporter process can be long running with less privileges - whereas if it were to hit the API over the socket it would effectively negate the point of being daemonless in the first place since collection will likley occur more frequently than the timeout on the socket.
      "},{"location":"design/daemonless/#benefits","title":"Benefits","text":"
      The benefits of this design are:
       
         
      • No long-running daemon with root privileges
        •  
      • No need to run as a non-root user, this is important since the number of   capabilities required is only getting larger.
        •  
      • We only need to ship a single binary.
        •  
      • We can use systemd socket activation to start bpfd on demand + timeout   after a period of inactivity.
        •  
      • Forcs us to fix state management, since we can never rely on in-memory state.
        •  
      • Bpfd becomes more modular - if we wish to add programs for runtime enforcement,   metrics, or any other purpose then it's design is decoupled from that of   bpfd. It could be another binary, or a subcommand on the CLI etc...
        •  
      "},{"location":"design/daemonless/#drawbacks","title":"Drawbacks","text":"
      None yet.
      "},{"location":"design/daemonless/#backwards-compatibility","title":"Backwards Compatibility","text":"
         
      • The bpfctl command will be removed and all functionality folded into bpfd
        •  
      • The bpfd command will be renamed to bpfd system service
        •  
      "},{"location":"developer-guide/api-spec/","title":"API Specification","text":"
      Packages:
       
         
      •  bpfman.io/v1alpha1 
        •  
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1","title":"bpfman.io/v1alpha1","text":"
       
      Package v1alpha1 contains API Schema definitions for the bpfman.io API group.
       
       
      Resource Types:
       
      •  BpfProgram 
      •  FentryProgram 
      •  FexitProgram 
      •  KprobeProgram 
      •  TcProgram 
      •  TracepointProgram 
      •  UprobeProgram 
      •  XdpProgram 
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgram","title":"BpfProgram","text":"
       
      BpfProgram is the Schema for the Bpfprograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  BpfProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  BpfProgramSpec  type  string  (Optional) 
      Type specifies the bpf program type
       status  BpfProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgram","title":"FentryProgram","text":"
       
      FentryProgram is the Schema for the FentryPrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  FentryProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  FentryProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Function to attach the fentry to.
       status  FentryProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgram","title":"FexitProgram","text":"
       
      FexitProgram is the Schema for the FexitPrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  FexitProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  FexitProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Function to attach the fexit to.
       status  FexitProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgram","title":"KprobeProgram","text":"
       
      KprobeProgram is the Schema for the KprobePrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  KprobeProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  KprobeProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Functions to attach the kprobe to.
       offset  uint64  (Optional) 
      Offset added to the address of the function for kprobe. Not allowed for kretprobes.
       retprobe  bool  (Optional) 
      Whether the program is a kretprobe.  Default is false
       status  KprobeProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgram","title":"TcProgram","text":"
       
      TcProgram is the Schema for the TcProgram API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  TcProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  TcProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       interfaceselector  InterfaceSelector  
      Selector to determine the network interface (or interfaces)
       priority  int32  
      Priority specifies the priority of the tc program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
       direction  string  
      Direction specifies the direction of traffic the tc program should attach to for a given network device.
       proceedon  []TcProceedOnValue  (Optional) 
      ProceedOn allows the user to call other tc programs in chain on this exit code. Multiple values are supported by repeating the parameter.
       status  TcProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgram","title":"TracepointProgram","text":"
       
      TracepointProgram is the Schema for the TracepointPrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  TracepointProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  TracepointProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       names  []string  
      Names refers to the names of kernel tracepoints to attach the bpf program to.
       status  TracepointProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgram","title":"UprobeProgram","text":"
       
      UprobeProgram is the Schema for the UprobePrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  UprobeProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  UprobeProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  (Optional) 
      Function to attach the uprobe to.
       offset  uint64  (Optional) 
      Offset added to the address of the function for uprobe.
       target  string  
      Library name or the absolute path to a binary or library.
       retprobe  bool  (Optional) 
      Whether the program is a uretprobe.  Default is false
       pid  int32  (Optional) 
      Only execute uprobe for given process identification number (PID). If PID is not provided, uprobe executes for all PIDs.
       containers  ContainerSelector  (Optional) 
      Containers identifes the set of containers in which to attach the uprobe. If Containers is not specified, the uprobe will be attached in the bpfman-agent container.  The ContainerSelector is very flexible and even allows the selection of all containers in a cluster.  If an attempt is made to attach uprobes to too many containers, it can have a negative impact on on the cluster.
       status  UprobeProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgram","title":"XdpProgram","text":"
       
      XdpProgram is the Schema for the XdpPrograms API
       
       Field Description apiVersion string  bpfman.io/v1alpha1  kind string  XdpProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  XdpProgramSpec  BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       interfaceselector  InterfaceSelector  
      Selector to determine the network interface (or interfaces)
       priority  int32  
      Priority specifies the priority of the bpf program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
       proceedon  []XdpProceedOnValue  status  XdpProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramCommon","title":"BpfProgramCommon","text":"
       (Appears on: FentryProgramSpec,  FexitProgramSpec,  KprobeProgramSpec,  TcProgramSpec,  TracepointProgramSpec,  UprobeProgramSpec,  XdpProgramSpec) 
       
       
      BpfProgramCommon defines the common attributes for all BPF programs
       
       Field Description bpffunctionname  string  
      BpfFunctionName is the name of the function that is the entry point for the BPF program
       nodeselector  Kubernetes meta/v1.LabelSelector  
      NodeSelector allows the user to specify which nodes to deploy the bpf program to.  This field must be specified, to select all nodes use standard metav1.LabelSelector semantics and make it empty.
       bytecode  BytecodeSelector  
      Bytecode configures where the bpf program\u2019s bytecode should be loaded from.
       globaldata  map[string][]byte  (Optional) 
      GlobalData allows the user to to set global variables when the program is loaded with an array of raw bytes. This is a very low level primitive. The caller is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures.
       mapownerselector  Kubernetes meta/v1.LabelSelector  (Optional) 
      MapOwnerSelector is used to select the loaded eBPF program this eBPF program will share a map with. The value is a label applied to the BpfProgram to select. The selector must resolve to exactly one instance of a BpfProgram on a given node or the eBPF program will not load.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramConditionType","title":"BpfProgramConditionType (string alias)","text":"
       
      BpfProgramConditionType is a condition type to indicate the status of a BPF program at the individual node level.
       
       Value Description 
      \"BytecodeSelectorError\"
       
      BpfProgCondByteCodeError indicates that an error occured when trying to process the bytecode selector.
       
      \"Loaded\"
       
      BpfProgCondLoaded indicates that the eBPF program was successfully loaded into the kernel on a specific node.
       
      \"MapOwnerNotFound\"
       
      BpfProgCondMapOwnerNotFound indicates that the eBPF program sharing a map with another eBPF program and that program does not exist.
       
      \"MapOwnerNotLoaded\"
       
      BpfProgCondMapOwnerNotLoaded indicates that the eBPF program sharing a map with another eBPF program and that program is not loaded.
       
      \"NoContainersOnNode\"
       
      BpfProgCondNoContainersOnNode indicates that there are no containers on the node that match the container selector.
       
      \"None\"
       
      None of the above conditions apply
       
      \"NotLoaded\"
       
      BpfProgCondNotLoaded indicates that the eBPF program has not yet been loaded into the kernel on a specific node.
       
      \"NotSelected\"
       
      BpfProgCondNotSelected indicates that the eBPF program is not scheduled to be loaded on a specific node.
       
      \"NotUnLoaded\"
       
      BpfProgCondUnloaded indicates that in the midst of trying to remove the eBPF program from the kernel on the node, that program has not yet been removed.
       
      \"Unloaded\"
       
      BpfProgCondUnloaded indicates that the eBPF program has been unloaded from the kernel on a specific node.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramSpec","title":"BpfProgramSpec","text":"
       (Appears on: BpfProgram) 
       
       
      BpfProgramSpec defines the desired state of BpfProgram
       
       Field Description type  string  (Optional) 
      Type specifies the bpf program type
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramStatus","title":"BpfProgramStatus","text":"
       (Appears on: BpfProgram) 
       
       
      BpfProgramStatus defines the observed state of BpfProgram TODO Make these a fixed set of metav1.Condition.types and metav1.Condition.reasons
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the updates regarding the actual implementation of the bpf program on the node Known .status.conditions.type are: \u201cAvailable\u201d, \u201cProgressing\u201d, and \u201cDegraded\u201d
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BytecodeImage","title":"BytecodeImage","text":"
       (Appears on: BytecodeSelector) 
       
       
      BytecodeImage defines how to specify a bytecode container image.
       
       Field Description url  string  
      Valid container image URL used to reference a remote bytecode image.
       imagepullpolicy  PullPolicy  (Optional) 
      PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent.
       imagepullsecret  ImagePullSecretSelector  (Optional) 
      ImagePullSecret is the name of the secret bpfman should use to get remote image repository secrets.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BytecodeSelector","title":"BytecodeSelector","text":"
       (Appears on: BpfProgramCommon) 
       
       
      BytecodeSelector defines the various ways to reference bpf bytecode objects.
       
       Field Description image  BytecodeImage  
      Image used to specify a bytecode container image.
       path  string  
      Path is used to specify a bytecode object via filepath.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ContainerSelector","title":"ContainerSelector","text":"
       (Appears on: UprobeProgramSpec) 
       
       
      ContainerSelector identifies a set of containers. For example, this can be used to identify a set of containers in which to attach uprobes.
       
       Field Description namespace  string  (Optional) 
      Target namespaces.
       pods  Kubernetes meta/v1.LabelSelector  
      Target pods. This field must be specified, to select all pods use standard metav1.LabelSelector semantics and make it empty.
       containernames  []string  (Optional) 
      Name(s) of container(s).  If none are specified, all containers in the pod are selected.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgramSpec","title":"FentryProgramSpec","text":"
       (Appears on: FentryProgram) 
       
       
      FentryProgramSpec defines the desired state of FentryProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Function to attach the fentry to.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgramStatus","title":"FentryProgramStatus","text":"
       (Appears on: FentryProgram) 
       
       
      FentryProgramStatus defines the observed state of FentryProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the FentryProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgramSpec","title":"FexitProgramSpec","text":"
       (Appears on: FexitProgram) 
       
       
      FexitProgramSpec defines the desired state of FexitProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Function to attach the fexit to.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgramStatus","title":"FexitProgramStatus","text":"
       (Appears on: FexitProgram) 
       
       
      FexitProgramStatus defines the observed state of FexitProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the FexitProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ImagePullSecretSelector","title":"ImagePullSecretSelector","text":"
       (Appears on: BytecodeImage) 
       
       
      ImagePullSecretSelector defines the name and namespace of an image pull secret.
       
       Field Description name  string  
      Name of the secret which contains the credentials to access the image repository.
       namespace  string  
      Namespace of the secret which contains the credentials to access the image repository.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.InterfaceSelector","title":"InterfaceSelector","text":"
       (Appears on: TcProgramSpec,  XdpProgramSpec) 
       
       
      InterfaceSelector defines interface to attach to.
       
       Field Description interfaces  []string  (Optional) 
      Interfaces refers to a list of network interfaces to attach the BPF program to.
       primarynodeinterface  bool  (Optional) 
      Attach BPF program to the primary interface on the node. Only \u2018true\u2019 accepted.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgramSpec","title":"KprobeProgramSpec","text":"
       (Appears on: KprobeProgram) 
       
       
      KprobeProgramSpec defines the desired state of KprobeProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  
      Functions to attach the kprobe to.
       offset  uint64  (Optional) 
      Offset added to the address of the function for kprobe. Not allowed for kretprobes.
       retprobe  bool  (Optional) 
      Whether the program is a kretprobe.  Default is false
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgramStatus","title":"KprobeProgramStatus","text":"
       (Appears on: KprobeProgram) 
       
       
      KprobeProgramStatus defines the observed state of KprobeProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the KprobeProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ProgramConditionType","title":"ProgramConditionType (string alias)","text":"
       
      ProgramConditionType is a condition type to indicate the status of a BPF program at the cluster level.
       
       Value Description 
      \"DeleteError\"
       
      ProgramDeleteError indicates that the BPF program was marked for deletion, but deletion was unsuccessful.
       
      \"NotYetLoaded\"
       
      ProgramNotYetLoaded indicates that the program in question has not yet been loaded on all nodes in the cluster.
       
      \"ReconcileError\"
       
      ProgramReconcileError indicates that an unforseen situation has occurred in the controller logic, and the controller will retry.
       
      \"ReconcileSuccess\"
       
      BpfmanProgConfigReconcileSuccess indicates that the BPF program has been successfully reconciled.
       
      TODO: we should consider removing \u201creconciled\u201d type logic from the public API as it\u2019s an implementation detail of our use of controller runtime, but not necessarily relevant to human users or integrations.
       
      See: https://github.com/bpfman/bpfman/issues/430
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.PullPolicy","title":"PullPolicy (string alias)","text":"
       (Appears on: BytecodeImage) 
       
       
      PullPolicy describes a policy for if/when to pull a container image
       
       Value Description 
      \"Always\"
       
      PullAlways means that bpfman always attempts to pull the latest bytecode image. Container will fail If the pull fails.
       
      \"IfNotPresent\"
       
      PullIfNotPresent means that bpfman pulls if the image isn\u2019t present on disk. Container will fail if the image isn\u2019t present and the pull fails.
       
      \"Never\"
       
      PullNever means that bpfman never pulls an image, but only uses a local image. Container will fail if the image isn\u2019t present
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProceedOnValue","title":"TcProceedOnValue (string alias)","text":"
       (Appears on: TcProgramSpec) 
       
       
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgramSpec","title":"TcProgramSpec","text":"
       (Appears on: TcProgram) 
       
       
      TcProgramSpec defines the desired state of TcProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       interfaceselector  InterfaceSelector  
      Selector to determine the network interface (or interfaces)
       priority  int32  
      Priority specifies the priority of the tc program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
       direction  string  
      Direction specifies the direction of traffic the tc program should attach to for a given network device.
       proceedon  []TcProceedOnValue  (Optional) 
      ProceedOn allows the user to call other tc programs in chain on this exit code. Multiple values are supported by repeating the parameter.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgramStatus","title":"TcProgramStatus","text":"
       (Appears on: TcProgram) 
       
       
      TcProgramStatus defines the observed state of TcProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the TcProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgramSpec","title":"TracepointProgramSpec","text":"
       (Appears on: TracepointProgram) 
       
       
      TracepointProgramSpec defines the desired state of TracepointProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       names  []string  
      Names refers to the names of kernel tracepoints to attach the bpf program to.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgramStatus","title":"TracepointProgramStatus","text":"
       (Appears on: TracepointProgram) 
       
       
      TracepointProgramStatus defines the observed state of TracepointProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the TracepointProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgramSpec","title":"UprobeProgramSpec","text":"
       (Appears on: UprobeProgram) 
       
       
      UprobeProgramSpec defines the desired state of UprobeProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       func_name  string  (Optional) 
      Function to attach the uprobe to.
       offset  uint64  (Optional) 
      Offset added to the address of the function for uprobe.
       target  string  
      Library name or the absolute path to a binary or library.
       retprobe  bool  (Optional) 
      Whether the program is a uretprobe.  Default is false
       pid  int32  (Optional) 
      Only execute uprobe for given process identification number (PID). If PID is not provided, uprobe executes for all PIDs.
       containers  ContainerSelector  (Optional) 
      Containers identifes the set of containers in which to attach the uprobe. If Containers is not specified, the uprobe will be attached in the bpfman-agent container.  The ContainerSelector is very flexible and even allows the selection of all containers in a cluster.  If an attempt is made to attach uprobes to too many containers, it can have a negative impact on on the cluster.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgramStatus","title":"UprobeProgramStatus","text":"
       (Appears on: UprobeProgram) 
       
       
      UprobeProgramStatus defines the observed state of UprobeProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the UprobeProgram. The explicit condition types are defined internally.
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProceedOnValue","title":"XdpProceedOnValue (string alias)","text":"
       (Appears on: XdpProgramSpec) 
       
       
      "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgramSpec","title":"XdpProgramSpec","text":"
       (Appears on: XdpProgram) 
       
       
      XdpProgramSpec defines the desired state of XdpProgram
       
       Field Description BpfProgramCommon  BpfProgramCommon  
       (Members of BpfProgramCommon are embedded into this type.) 
       interfaceselector  InterfaceSelector  
      Selector to determine the network interface (or interfaces)
       priority  int32  
      Priority specifies the priority of the bpf program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
       proceedon  []XdpProceedOnValue"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgramStatus","title":"XdpProgramStatus","text":"
       (Appears on: XdpProgram) 
       
       
      XdpProgramStatus defines the observed state of XdpProgram
       
       Field Description conditions  []Kubernetes meta/v1.Condition  
      Conditions houses the global cluster state for the XdpProgram. The explicit condition types are defined internally.
       
       Generated with gen-crd-api-reference-docs. 
      "},{"location":"developer-guide/configuration/","title":"Configuration","text":""},{"location":"developer-guide/configuration/#bpfman-configuration-file","title":"bpfman Configuration File","text":"
      bpfman looks for a configuration file to be present at /etc/bpfman/bpfman.toml. If no file is found, defaults are assumed. There is an example at scripts/bpfman.toml, similar to:
       
      [interfaces]\n  [interface.eth0]\n  xdp_mode = \"hw\" # Valid xdp modes are \"hw\", \"skb\" and \"drv\". Default: \"skb\".\n
      "},{"location":"developer-guide/configuration/#config-section-interfaces","title":"Config Section: [interfaces]","text":"
      This section of the configuration file allows the XDP Mode for a given interface to be set. If not set, the default value of skb will be used. Multiple interfaces can be configured.
       
      [interfaces]\n  [interfaces.eth0]\n  xdp_mode = \"drv\"\n  [interfaces.eth1]\n  xdp_mode = \"hw\"\n  [interfaces.eth2]\n  xdp_mode = \"skb\"\n
       
      Valid fields:
       
         
      • xdp_mode: XDP Mode for a given interface. Valid values: [\"drv\"|\"hw\"|\"skb\"]
        •  
      "},{"location":"developer-guide/debugging/","title":"Debugging using VSCode and lldb on a remote machine or VM","text":"
         
      1. Install code-lldb vscode extension
        2.  
      2.  
        Add a configuration to .vscode/launch.json like the following (customizing for a given system using the comment in the configuration file):
         
            {\n        \"name\": \"Remote debug bpfman\",\n        \"type\": \"lldb\",\n        \"request\": \"launch\",\n        \"program\": \"<ABSOLUTE_PATH>/github.com/bpfman/bpfman/target/debug/bpfman\", // Local path to latest debug binary.\n        \"initCommands\": [\n            \"platform select remote-linux\", // Execute `platform list` for a list of available remote platform plugins.\n            \"platform connect connect://<IP_ADDRESS_OF_VM>:8175\", // replace <IP_ADDRESS_OF_VM>\n            \"settings set target.inherit-env false\",\n        ],\n        \"env\": {\n            \"RUST_LOG\": \"debug\"\n        },\n        \"cargo\": {\n            \"args\": [\n                \"build\",\n                \"--bin=bpfman\",\n                \"--package=bpfman\"\n            ],\n            \"filter\": {\n                \"name\": \"bpfman\",\n                \"kind\": \"bin\"\n            }\n        },\n        \"cwd\": \"${workspaceFolder}\",\n    },\n
         
        3.  
      3.  
        On the VM or Server install lldb-server:
         
        dnf based OS: 
            sudo dnf install lldb\n
         
        apt based OS:
         
            sudo apt install lldb\n
         
        4.  
      4.  
        Start lldb-server on the VM or Server (make sure to do this in the ~/home directory)
         
            cd ~\n    sudo lldb-server platform --server --listen 0.0.0.0:8081\n
         
        5.  
      5.  
        Add breakpoints as needed via the vscode GUI and then hit F5 to start debugging!
         
        6.  
      "},{"location":"developer-guide/develop-operator/","title":"Developing the bpfman-operator","text":"
      This section is intended to give developer level details regarding the layout and design of the bpfman-operator. At its core the operator was implemented using the operator-sdk framework which make those docs another good resource if anything is missed here.
      "},{"location":"developer-guide/develop-operator/#high-level-design-overview","title":"High level design overview","text":"
      This repository houses two main processes, the bpfman-agent and the bpfman-operator along with CRD api definitions for BpfProgram and *Program Objects. The following diagram depicts how all these components work together to create a functioning operator.
       
      "},{"location":"developer-guide/develop-operator/#building-and-deploying","title":"Building and deploying","text":"
      For building and deploying the bpfman-operator simply see the attached Make help output.
       
      make help\n\nUsage:\n  make <target>\n\nGeneral\n  help             Display this help.\n\nLocal Dependencies\n  kustomize        Download kustomize locally if necessary.\n  controller-gen   Download controller-gen locally if necessary.\n  envtest          Download envtest-setup locally if necessary.\n  opm              Download opm locally if necessary.\n\nDevelopment\n  manifests        Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.\n  generate         Generate ALL auto-generated code.\n  generate-register  Generate register code see all `zz_generated.register.go` files.\n  generate-deepcopy  Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations see all `zz_generated.register.go` files.\n  generate-typed-clients  Generate typed client code\n  generate-typed-listers  Generate typed listers code\n  generate-typed-informers  Generate typed informers code\n  fmt              Run go fmt against code.\n  verify           Verify all the autogenerated code\n  test             Run Unit tests.\n  test-integration  Run Integration tests.\n  bundle           Generate bundle manifests and metadata, then validate generated files.\n  build-release-yamls  Generate the crd install bundle for a specific release version.\n\nBuild\n  build            Build bpfman-operator and bpfman-agent binaries.\n  build-images     Build bpfman, bpfman-agent, and bpfman-operator images.\n  push-images      Push bpfman, bpfman-agent, bpfman-operator images.\n  load-images-kind  Load bpfman, bpfman-agent, and bpfman-operator images into the running local kind devel cluster.\n  bundle-build     Build the bundle image.\n  bundle-push      Push the bundle image.\n  catalog-build    Build a catalog image.\n  catalog-push     Push a catalog image.\n\nCRD Deployment\n  install          Install CRDs into the K8s cluster specified in ~/.kube/config.\n  uninstall        Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n\nVanilla K8s Deployment\n  setup-kind       Setup Kind cluster\n  deploy           Deploy bpfman-operator to the K8s cluster specified in ~/.kube/config with the csi driver initialized.\n  undeploy         Undeploy bpfman-operator from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n  kind-reload-images  Reload locally build images into a kind cluster and restart the ds and deployment so they're picked up.\n  run-on-kind      Kind Deploy runs the bpfman-operator on a local kind cluster using local builds of bpfman, bpfman-agent, and bpfman-operator\n\nOpenshift Deployment\n  deploy-openshift  Deploy bpfman-operator to the Openshift cluster specified in ~/.kube/config.\n  undeploy-openshift  Undeploy bpfman-operator from the Openshift cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n
      "},{"location":"developer-guide/develop-operator/#running-locally-in-kind","title":"Running Locally in KIND","text":"
      To run locally in a kind cluster with an up to date build simply run:
       
      make run-on-kind\n
       
      The container images used for bpfman,bpfman-agent, and bpfman-operator can also be manually configured, by default local image builds will be used for the kind deployment.
       
      BPFMAN_IMG=<your/image/url> BPFMAN_AGENT_IMG=<your/image/url> BPFMAN_OPERATOR_IMG=<your/image/url> make run-on-kind\n
       
      Then rebuild and load a fresh build run:
       
      make kind-reload-images\n
       
      Which will rebuild the bpfman-operator, bpfman-agent, and bpfman images and load them into the kind cluster.
      "},{"location":"developer-guide/develop-operator/#testing-locally","title":"Testing Locally","text":"
      See Kubernetes Operator Tests. 
      "},{"location":"developer-guide/develop-operator/#project-layout","title":"Project Layout","text":"
      The bpfman-operator project layout is guided by the recommendations from both the operator-sdk framework and the standard golang project-layout. The following is a brief description of the main directories and their contents.
       
      NOTE: Bolded directories contain auto-generated code
       
         
      • /apis: Contains the K8s CRD api definitions(*_types.go) for each version along with the   auto-generated register and deepcopy methods(zz_generated.deepcopy.go and zz_generate_register.go).
        •  
      • /bundle: Contains the OLM bundle manifests and metadata for the operator.   More details can be found in the operator-sdk documentation.
        •  
      • /cmd: Contains the main entry-points for the bpfman-operator and bpfman-agent processes.
        •  
      • /config: Contains the configuration files for launching the bpfman-operator on a cluster.
           
        • /bpfman-deployment: Contains static deployment yamls for the bpfman-daemon, this includes two containers,   one for bpfman and the other for the bpfman-agent.   This DaemonSet yaml is NOT deployed statically by kustomize, instead it's statically copied into the operator   image which is then responsible for deploying and configuring the bpfman-daemon DaemonSet.   Lastly, this directory also contains the default config used to configure the bpfman-daemon, along with the   cert-manager certificates used to encrypt communication between the bpfman-agent and bpfman.
          •  
        • /bpfman-operator-deployment: Contains the static deployment yaml for the bpfman-operator. This is deployed   statically by kustomize.
          •  
        • /crd: Contains the CRD manifests for all of the bpfman-operator APIs.
             
          • /bases: Is where the actual CRD definitions are stored. These definitions are auto-generated by controller-gen.
            •  
           
          •  
        • /default: Contains the default deployment configuration for the bpfman-operator.
          •  
        • /manifests: Contains the bases for generating OLM manifests.
          •  
        • /openshift: Contains the Openshift specific deployment configuration for the bpfman-operator.
          •  
        • /prometheus: Contains the prometheus manifests used to deploy Prometheus to a cluster.   At the time of writing this the bpfman-operator is NOT exposing any metrics to prometheus, but this is a future goal.
          •  
        • /rbac: Contains rbac yamls for getting bpfman and the bpfman-operator up and running on Kubernetes.     /bpfman-agent: Contains the rbac yamls for the bpfman-agent.     They are automatically generated by kubebuilder via build tags in the bpfman-agent controller code.     /bpfman-operator: Contains the rbac yamls for the bpfman-operator.     They are automatically generated by kubebuilder via build tags in the bpfman-operator controller code.
          •  
        • /samples: Contains sample CR definitions that can be deployed by users for each of our supported APIs.
          •  
        • /scorecard: Contains the scorecard manifests used to deploy scorecard to a cluster. At the time of writing   this the bpfman-operator is NOT running any scorecard tests.
          •  
        • /test: Contains the test manifests used to deploy the bpfman-operator to a kind cluster for integration testing.
          •  
         
        •  
      • /controllers: Contains the controller implementations for all of the bpfman-operator APIs.   Each controller is responsible for reconciling the state of the cluster with the desired state defined by the user.   This is where the source of truth for the auto-generated RBAC can be found, keep an eye out for   //+kubebuilder:rbac:groups=bpfman.io comment tags.
           
        • /bpfmanagent: Contains the controller implementations which reconcile user created *Program types to multiple   BpfProgram objects.
          •  
        • /bpfmanoperator: Contains the controller implementations which reconcile global BpfProgram object state back to   the user by ensuring the user created *Program objects are reporting the correct status.
          •  
         
        •  
      • /hack: Contains any scripts+static files used by the bpfman-operator to facilitate development.
        •  
      • /internal: Contains all private library code and is used by the bpfman-operator and bpfman-agent controllers.
        •  
      • /pkg: Contains all public library code this is consumed externally and internally.
           
        • /client: Contains the autogenerated clientset, informers and listers for all of the bpfman-operator APIs.   These are autogenerated by the k8s.io/code-generator project,   and can be consumed by users wishing to programmatically interact with bpfman specific APIs.
          •  
        • /helpers: Contains helper functions which can be consumed by users wishing to programmatically interact with   bpfman specific APIs.
          •  
         
        •  
      • /test/integration: Contains integration tests for the bpfman-operator.   These tests are run against a kind cluster and are responsible for testing the bpfman-operator in a real cluster   environment.   It uses the kubernetes-testing-framework project to   programmatically spin-up all of the required infrastructure for our unit tests.
        •  
      • Makefile: Contains all of the make targets used to build, test, and generate code used by the bpfman-operator.
        •  
      "},{"location":"developer-guide/develop-operator/#troubleshooting","title":"Troubleshooting","text":""},{"location":"developer-guide/develop-operator/#metricshealth-port-issues","title":"Metrics/Health port issues","text":"
      In some scenarios, the health and metric ports may are already in use by other services on the system. When this happens the bpfman-agent container fails to deploy. The ports currently default to 8175 and 8174.
       
      The ports are passed in through the daemonset.yaml for the bpfman-daemon and deployment.yaml and manager_auth_proxy_patch.yaml for the bpfman-operator. The easiest way to change which ports are used is to update these yaml files and rebuild the container images. The container images need to be rebuilt because the bpfman-daemon is deployed from the bpfman-operator and the associated yaml files are copied into the bpfman-operator image.
       
      If rebuild the container images is not desirable, then the ports can be changed on the fly. For the bpfman-operator, the ports can be updated by editing the bpfman-operator Deployment.
       
      kubectl edit deployment -n bpfman bpfman-operator\n\napiVersion: apps/v1\nkind: Deployment\n:\nspec:\n  template:\n  :\n  spec:\n    containers:\n    -args:\n      - --secure-listen-address=0.0.0.0:8443\n      - --upstream=http://127.0.0.1:8174/        <-- UPDATE\n      - --logtostderr=true\n      - --v=0\n      name: kube-rbac-proxy\n      :\n    - args:\n      - --health-probe-bind-address=:8175        <-- UPDATE\n      - --metrics-bind-address=127.0.0.1:8174    <-- UPDATE\n      - --leader-elect\n      :\n      livenessProbe:\n          failureThreshold: 3\n          httpGet:\n            path: /healthz\n            port: 8175                           <-- UPDATE\n            scheme: HTTP\n            :\n      name: bpfman-operator\n      readinessProbe:\n          failureThreshold: 3\n          httpGet:\n            path: /readyz\n            port: 8175                           <-- UPDATE\n            scheme: HTTP\n      :\n
       
      For the bpfman-daemon, the ports could be updated by editing the bpfman-daemon DaemonSet. However, if bpfman-daemon is restarted for any reason by the bpfman-operator, the changes will be lost. So it is recommended to update the ports for the bpfman-daemon via the bpfman bpfman-config ConfigMap.
       
      kubectl edit configmap -n bpfman bpfman-config\n\napiVersion: v1\ndata:\n  bpfman.agent.healthprobe.addr: :8175                    <-- UPDATE\n  bpfman.agent.image: quay.io/bpfman/bpfman-agent:latest\n  bpfman.agent.log.level: info\n  bpfman.agent.metric.addr: 127.0.0.1:8174                <-- UPDATE\n  bpfman.image: quay.io/bpfman/bpfman:latest\n  bpfman.log.level: debug\nkind: ConfigMap\n:\n
      "},{"location":"developer-guide/documentation/","title":"Documentation","text":"
      This section describes how to modify the related documentation around bpfman. All bpfman's documentation is written in Markdown, and leverages mkdocs to generate a static site, which is hosted on netlify.
       
      If this is the first time building using mkdocs, jump to the Development Environment Setup section for help installing the tooling.
      "},{"location":"developer-guide/documentation/#documentation-notes","title":"Documentation Notes","text":"
      This section describes some notes on the dos and don'ts when writing documentation.
      "},{"location":"developer-guide/documentation/#website-management","title":"Website Management","text":"
      The headings and layout of the website, as well as other configuration settings, are managed from the mkdocs.yml file in the project root directory.
      "},{"location":"developer-guide/documentation/#markdown-style","title":"Markdown Style","text":"
      When writing documentation via a Markdown file, the following format has been followed:
       
         
      • Text on a given line should not exceed 100 characters, unless it's example syntax or a link   that should be broken up.
        •  
      • Each new sentence should start on a new line.   That way, if text needs to be inserted, whole paragraphs don't need to be adjusted.
        •  
      • Links to other markdown files are relative to the file the link is placed in.
        •  
      "},{"location":"developer-guide/documentation/#governance-files","title":"Governance Files","text":"
      There are a set of well known governance files that are typically placed in the root directory of most projects, like README.md, MAINTAINERS.md, CONTRIBUTING.md, etc. mkdocs expects all files used in the static website to be located under a common directory, docs/ for bpfman. To reference the governance files from the static website, a directory (docs/governance/) was created with a file for each governance file, the only contains --8<-- and the file name. This indicates to mkdocs to pull the additional file from the project root directory.
       
      For example: docs/governance/MEETINGS.md
       
      NOTE: This works for the website generation, but if a Markdown file is viewed through   Github (not the website), the link is broken.   So these files should only be linked from docs/index.md and mkdocs.yml.
      "},{"location":"developer-guide/documentation/#docsdeveloper-guideapi-specmd","title":"docs/developer-guide/api-spec.md","text":"
      The file docs/developer-guide/api-spec.md documents the CRDs used in a Kubernetes deployment. The contents are auto-generated when PRs are pushed to Github.
       
      The contents can be generated locally by running the command make -C bpfman-operator apidocs.html from the root bpfman directory.
      "},{"location":"developer-guide/documentation/#generate-documentation","title":"Generate Documentation","text":"
      If you would like to test locally, build and preview the generated documentation, from the bpfman root directory, use mkdocs to build:
       
      cd bpfman/\nmkdocs build\n
       
      NOTE: If mkdocs build gives you an error, make sure you have the mkdocs packages listed below installed.
       
      To preview from a build on a local machine, start the mkdocs dev-server with the command below, then open up http://127.0.0.1:8000/ in your browser, and you'll see the default home page being displayed:
       
      mkdocs serve\n
       
      To preview from a build on a remote machine, start the mkdocs dev-server with the command below, then open up http://<ServerIP>:8000/ in your browser, and you'll see the default home page being displayed:
       
      mkdocs serve -a 0.0.0.0:8000\n
      "},{"location":"developer-guide/documentation/#development-environment-setup","title":"Development Environment Setup","text":"
      The recommended installation method is using pip.
       
      pip install -r requirements.txt \n
       
      Once installed, ensure the mkdocs is in your PATH:
       
      mkdocs -V\nmkdocs, version 1.4.3 from /home/$USER/.local/lib/python3.11/site-packages/mkdocs (Python 3.11)\n
       
      NOTE: If you have an older version of mkdocs installed, you may need to use the --upgrade option (e.g., pip install --upgrade mkdocs) to get it to work.
      "},{"location":"developer-guide/image-build/","title":"bpfman Container Images","text":"
      Container images for the bpfman binaries are automatically built and pushed to quay.io/bpfman whenever code is merged into the main branch of the github.com/bpfman/bpfman repository under the :latest tag.
      "},{"location":"developer-guide/image-build/#building-the-images-locally","title":"Building the images locally","text":""},{"location":"developer-guide/image-build/#bpfman","title":"bpfman","text":"
      docker build -f /Containerfile.bpfman . -t bpfman:local\n
      "},{"location":"developer-guide/image-build/#running-locally-in-container","title":"Running locally in container","text":""},{"location":"developer-guide/image-build/#bpfman_1","title":"bpfman","text":"
      sudo docker run --init --privileged --net=host -v /etc/bpfman/certs/:/etc/bpfman/certs/ -v /sys/fs/bpf:/sys/fs/bpf quay.io/bpfman/bpfman:latest\n
      "},{"location":"developer-guide/linux-capabilities/","title":"Linux Capabilities","text":"
      Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute. See capabilities man-page.
       
      When bpfman is run as a systemd service, the set of linux capabilities are restricted to only the required set of capabilities via the bpfman.service file using the AmbientCapabilities and CapabilityBoundingSet fields (see bpfman.service). All spawned threads are stripped of all capabilities, removing all sudo privileges (see drop_linux_capabilities() usage), leaving only the main thread with only the needed set of capabilities.
      "},{"location":"developer-guide/linux-capabilities/#current-bpfman-linux-capabilities","title":"Current bpfman Linux Capabilities","text":"
      Below are the current set of Linux capabilities required by bpfman to operate:
       
         
      • CAP_BPF:
           
        • Required to load BPF programs and create BPF maps.
          •  
         
        •  
      • CAP_DAC_READ_SEARCH:
           
        • Required by Tracepoint programs, needed by aya to check the tracefs mount point.   For example, trying to read \"/sys/kernel/tracing\" and \"/sys/kernel/debug/tracing\".
          •  
         
        •  
      • CAP_NET_ADMIN:
           
        • Required for TC programs to attach/detach to/from a qdisc.
          •  
         
        •  
      • CAP_SETPCAP:
           
        • Required to allow bpfman to drop Linux Capabilities on spawned threads.
          •  
         
        •  
      • CAP_SYS_ADMIN: 
           
        • Kprobe (Kprobe and Uprobe) and Tracepoint programs are considered perfmon programs and require CAP_PERFMON and CAP_SYS_ADMIN to load.
          •  
        • TC and XDP programs are considered admin programs and require CAP_NET_ADMIN and CAP_SYS_ADMIN to load.
          •  
         
        •  
      • CAP_SYS_RESOURCE:
           
        • Required by bpfman to call setrlimit() on RLIMIT_MEMLOCK.
          •  
         
        •  
      "},{"location":"developer-guide/linux-capabilities/#debugging-linux-capabilities","title":"Debugging Linux Capabilities","text":"
      As new features are added, the set of Linux capabilities required by bpfman may change over time. The following describes the steps to determine the set of capabilities required by bpfman. If there are any Permission denied (os error 13) type errors when starting or running bpfman as a systemd service, adjusting the linux capabilities is a good place to start.
      "},{"location":"developer-guide/linux-capabilities/#determine-required-capabilities","title":"Determine Required Capabilities","text":"
      The first step is to turn all capabilities on and see if that fixes the problem. This can be done without recompiling the code by editing bpfman.service. Comment out the finite list of granted capabilities and set to ~,  which indicates all capabilities.
       
      sudo vi /usr/lib/systemd/system/bpfman.service\n:\n[Service]\n:\nAmbientCapabilities=~\nCapabilityBoundingSet=~\n#AmbientCapabilities=CAP_BPF CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_RESOURCE\n#CapabilityBoundingSet=CAP_BPF CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_RESOURCE\n
       
      Reload the service file and start/restart bpfman and watch the bpfman logs and see if the problem is resolved:
       
      sudo systemctl daemon-reload\nsudo systemctl start bpfman\n
       
      If so, then the next step is to watch the set of capabilities being requested by bpfman. Run the bcc capable tool to watch capabilities being requested real-time and restart bpfman:
       
      $ sudo /usr/share/bcc/tools/capable\nTIME      UID    PID    COMM             CAP  NAME                 AUDIT\n:\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  0      616    systemd-journal  19   CAP_SYS_PTRACE       1\n16:36:00  0      616    systemd-journal  19   CAP_SYS_PTRACE       1\n16:36:00  979    75550  bpfman             24   CAP_SYS_RESOURCE     1\n16:36:00  979    75550  bpfman             1    CAP_DAC_OVERRIDE     1\n16:36:00  979    75550  bpfman             21   CAP_SYS_ADMIN        1\n16:36:00  979    75550  bpfman             21   CAP_SYS_ADMIN        1\n16:36:00  0      75555  modprobe         16   CAP_SYS_MODULE       1\n16:36:00  0      628    systemd-udevd    2    CAP_DAC_READ_SEARCH  1\n16:36:00  0      75556  bpf_preload      24   CAP_SYS_RESOURCE     1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n:\n
       
      Compare the output to list in bpfman.service and determine the delta.
      "},{"location":"developer-guide/linux-capabilities/#determine-capabilities-per-thread","title":"Determine Capabilities Per Thread","text":"
      For additional debugging, it may be helpful to know the granted capabilities on a per thread basis. As mentioned above, all spawned threads are stripped of all Linux capabilities, so if a thread is requesting a capability, that functionality should be moved off the spawned thread and onto the main thread.
       
      First, determine the bpfman process id, then determine the set of threads:
       
      $ ps -ef | grep bpfman\n:\nbpfman       75550       1  0 16:36 ?        00:00:00 /usr/sbin/bpfman\n:\n\n$ ps -T -p 75550\n    PID    SPID TTY          TIME CMD\n  75550   75550 ?        00:00:00 bpfman\n  75550   75551 ?        00:00:00 tokio-runtime-w\n  75550   75552 ?        00:00:00 tokio-runtime-w\n  75550   75553 ?        00:00:00 tokio-runtime-w\n  75550   75554 ?        00:00:00 tokio-runtime-w\n
       
      Then dump the capabilities of each thread:
       
      $ grep Cap /proc/75550/status\nCapInh: 000000c001201106\nCapPrm: 000000c001201106\nCapEff: 000000c001201106\nCapBnd: 000000c001201106\nCapAmb: 000000c001201106\n\n$ grep Cap /proc/75551/status\nCapInh: 0000000000000000\nCapPrm: 0000000000000000\nCapEff: 0000000000000000\nCapBnd: 0000000000000000\nCapAmb: 0000000000000000\n\n$ grep Cap /proc/75552/status\nCapInh: 0000000000000000\nCapPrm: 0000000000000000\nCapEff: 0000000000000000\nCapBnd: 0000000000000000\nCapAmb: 0000000000000000\n\n:\n\n$ capsh --decode=000000c001201106\n0x000000c001201106=cap_dac_override,cap_dac_read_search,cap_setpcap,cap_net_admin,cap_sys_admin,cap_sys_resource,cap_perfmon,cap_bpf\n
      "},{"location":"developer-guide/linux-capabilities/#removing-cap_bpf-from-bpfman-clients","title":"Removing CAP_BPF from bpfman Clients","text":"
      One of the advantages of using bpfman is that it is doing all the loading and unloading of eBPF programs, so it requires CAP_BPF, but clients of bpfman are just making gRPC calls to bpfman, so they do not need to be privileged or require CAP_BPF. It must be noted that this is only true for kernels 5.19 or higher. Prior to kernel 5.19, all eBPF sys calls required CAP_BPF, which are used to access maps shared between the BFP program and the userspace program. In kernel 5.19, a change went in that only requires CAP_BPF for map creation (BPF_MAP_CREATE) and loading programs (BPF_PROG_LOAD). See bpf: refine kernel.unprivileged_bpf_disabled behaviour.
      "},{"location":"developer-guide/logging/","title":"Logging","text":"
      This section describes how to enable logging in different bpfman deployments.
      "},{"location":"developer-guide/logging/#local-privileged-bpfman-process","title":"Local Privileged Bpfman Process","text":"
      bpfman uses the env_logger crate to log messages to the terminal. By default, only error messages are logged, but that can be overwritten by setting the RUST_LOG environment variable. Valid values:
       
         
      • error
        •  
      • warn
        •  
      • info
        •  
      • debug
        •  
      • trace
        •  
       
      Example:
       
      $ sudo RUST_LOG=info /usr/local/bin/bpfman\n[2022-08-08T20:29:31Z INFO  bpfman] Log using env_logger\n[2022-08-08T20:29:31Z INFO  bpfman::server] Loading static programs from /etc/bpfman/programs.d\n[2022-08-08T20:29:31Z INFO  bpfman::server::bpf] Map veth12fa8e3 to 13\n[2022-08-08T20:29:31Z INFO  bpfman::server] Listening on [::1]:50051\n[2022-08-08T20:29:31Z INFO  bpfman::server::bpf] Program added: 1 programs attached to veth12fa8e3\n[2022-08-08T20:29:31Z INFO  bpfman::server] Loaded static program pass with UUID d9fd88df-d039-4e64-9f63-19f3e08915ce\n
      "},{"location":"developer-guide/logging/#systemd-service","title":"Systemd Service","text":"
      If bpfman is running as a systemd service, then bpfman will log to journald. As with env_logger, by default, info and higher messages are logged, but that can be overwritten by setting the RUST_LOG environment variable.
       
      Example:
       
      sudo vi /usr/lib/systemd/system/bpfman.service\n[Unit]\nDescription=Run bpfman as a service\nDefaultDependencies=no\nAfter=network.target\n\n[Service]\nEnvironment=\"RUST_LOG=Info\"    <==== Set Log Level Here\nExecStart=/usr/sbin/bpfman system service\nAmbientCapabilities=CAP_BPF CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SYS_ADMIN CAP_SYS_RESOURCE\nCapabilityBoundingSet=CAP_BPF CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SYS_ADMIN CAP_SYS_RESOURCE\n
       
      Start the service:
       
      sudo systemctl start bpfman.service\n
       
      Check the logs:
       
      $ sudo journalctl -f -u bpfman\nAug 08 16:25:04 ebpf03 systemd[1]: Started bpfman.service - Run bpfman as a service.\nAug 08 16:25:04 ebpf03 bpfman[180118]: Log using journald\nAug 08 16:25:04 ebpf03 bpfman[180118]: Loading static programs from /etc/bpfman/programs.d\nAug 08 16:25:04 ebpf03 bpfman[180118]: Map veth12fa8e3 to 13\nAug 08 16:25:04 ebpf03 bpfman[180118]: Listening on [::1]:50051\nAug 08 16:25:04 ebpf03 bpfman[180118]: Program added: 1 programs attached to veth12fa8e3\nAug 08 16:25:04 ebpf03 bpfman[180118]: Loaded static program pass with UUID a3ffa14a-786d-48ad-b0cd-a4802f0f10b6\n
       
      Stop the service:
       
      sudo systemctl stop bpfman.service\n
      "},{"location":"developer-guide/logging/#kubernetes-deployment","title":"Kubernetes Deployment","text":"
      When bpfman is run in a Kubernetes deployment, there is the bpfman Daemonset that runs on every node and the bpd Operator that runs on the control plane:
       
      kubectl get pods -A\nNAMESPACE            NAME                                                    READY   STATUS    RESTARTS   AGE\nbpfman                 bpfman-daemon-dgqzw                                       2/2     Running   0          3d22h\nbpfman                 bpfman-daemon-gqsgd                                       2/2     Running   0          3d22h\nbpfman                 bpfman-daemon-zx9xr                                       2/2     Running   0          3d22h\nbpfman                 bpfman-operator-7fbf4888c4-z8w76                          2/2     Running   0          3d22h\n:\n
      "},{"location":"developer-guide/logging/#bpfman-daemonset","title":"bpfman Daemonset","text":"
      bpfman and bpfman-agent are running in the bpfman daemonset.
      "},{"location":"developer-guide/logging/#view-logs","title":"View Logs","text":"
      To view the bpfman logs:
       
      kubectl logs -n bpfman bpfman-daemon-dgqzw -c bpfman\n[2023-05-05T14:41:26Z INFO  bpfman] Log using env_logger\n[2023-05-05T14:41:26Z INFO  bpfman] Has CAP_BPF: false\n[2023-05-05T14:41:26Z INFO  bpfman] Has CAP_SYS_ADMIN: true\n:\n
       
      To view the bpfman-agent logs:
       
      kubectl logs -n bpfman bpfman-daemon-dgqzw -c bpfman-agent\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"controller-runtime.metrics\",\"msg\":\"Metrics server is starting to listen\",\"addr\":\":8174\"}\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"setup\",\"msg\":\"Waiting for active connection to bpfman\"}\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"setup\",\"msg\":\"starting Bpfman-Agent\"}\n:\n
      "},{"location":"developer-guide/logging/#change-log-level","title":"Change Log Level","text":"
      To change the log level of the agent or daemon, edit the bpfman-config ConfigMap. The bpfman-operator will detect the change and restart the bpfman daemonset with the updated values.
       
      kubectl edit configmaps -n bpfman bpfman-config\napiVersion: v1\ndata:\n  bpfman.agent.image: quay.io/bpfman/bpfman-agent:latest\n  bpfman.image: quay.io/bpfman/bpfman:latest\n  bpfman.log.level: info                     <==== Set bpfman Log Level Here\n  bpfman.agent.log.level: info               <==== Set bpfman agent Log Level Here\nkind: ConfigMap\nmetadata:\n  creationTimestamp: \"2023-05-05T14:41:19Z\"\n  name: bpfman-config\n  namespace: bpfman\n  resourceVersion: \"700803\"\n  uid: 0cc04af4-032c-4712-b824-748b321d319b\n
       
      Valid values for the daemon (bpfman.log.level) are:
       
         
      • error
        •  
      • warn
        •  
      • info
        •  
      • debug
        •  
      • trace
        •  
       
      trace can be very verbose. More information can be found regarding Rust's env_logger here.
       
      Valid values for the agent (bpfman.agent.log.level) are:
       
         
      • info
        •  
      • debug
        •  
      • trace
        •  
      "},{"location":"developer-guide/logging/#bpfman-operator","title":"bpfman Operator","text":"
      The bpfman Operator is running as a Deployment with a ReplicaSet of one. It runs with the containers bpfman-operator and kube-rbac-proxy.
      "},{"location":"developer-guide/logging/#view-logs_1","title":"View Logs","text":"
      To view the bpfman-operator logs:
       
      kubectl logs -n bpfman bpfman-operator-7fbf4888c4-z8w76 -c bpfman-operator\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"logger\":\"controller-runtime.metrics\",\"msg\":\"Metrics server is starting to listen\",\"addr\":\"127.0.0.1:8174\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"logger\":\"setup\",\"msg\":\"starting manager\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting server\",\"kind\":\"health probe\",\"addr\":\"[::]:8175\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting server\",\"path\":\"/metrics\",\"kind\":\"metrics\",\"addr\":\"127.0.0.1:8174\"}\nI0509 18:37:11.262885       1 leaderelection.go:248] attempting to acquire leader lease bpfman/8730d955.bpfman.io...\nI0509 18:37:11.268918       1 leaderelection.go:258] successfully acquired lease bpfman/8730d955.bpfman.io\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting EventSource\",\"controller\":\"configmap\",\"controllerGroup\":\"\",\"controllerKind\":\"ConfigMap\",\"source\":\"kind source: *v1.ConfigMap\"}\n:\n
       
      To view the kube-rbac-proxy logs:
       
      kubectl logs -n bpfman bpfman-operator-7fbf4888c4-z8w76 -c kube-rbac-proxy\nI0509 18:37:11.063386       1 main.go:186] Valid token audiences: \nI0509 18:37:11.063485       1 main.go:316] Generating self signed cert as no cert is provided\nI0509 18:37:11.955256       1 main.go:366] Starting TCP socket on 0.0.0.0:8443\nI0509 18:37:11.955849       1 main.go:373] Listening securely on 0.0.0.0:8443\n
      "},{"location":"developer-guide/logging/#change-log-level_1","title":"Change Log Level","text":"
      To change the log level, edit the bpfman-operator Deployment. The change will get detected and the bpfman operator pod will get restarted with the updated log level.
       
      kubectl edit deployment -n bpfman bpfman-operator\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  annotations:\n    deployment.kubernetes.io/revision: \"1\"\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/component\":\"manager\",\"app.kubernetes.io/create>\n  creationTimestamp: \"2023-05-09T18:37:08Z\"\n  generation: 1\n:\nspec:\n:\n  template:\n    metadata:\n:\n    spec:\n      containers:\n      - args:\n:\n      - args:\n        - --health-probe-bind-address=:8175\n        - --metrics-bind-address=127.0.0.1:8174\n        - --leader-elect\n        command:\n        - /bpfman-operator\n        env:\n        - name: GO_LOG\n          value: info                   <==== Set Log Level Here\n        image: quay.io/bpfman/bpfman-operator:latest\n        imagePullPolicy: IfNotPresent\n:\n
       
      Valid values are:
       
         
      • error
        •  
      • info
        •  
      • debug
        •  
      • trace
        •  
      "},{"location":"developer-guide/operator-quick-start/","title":"Deploying the bpfman-operator","text":"
      The bpfman-operator repository exists in order to deploy and manage bpfman within a Kubernetes cluster. This operator was built utilizing some great tooling provided by the operator-sdk library. A great first step in understanding some of the functionality can be to just run make help.
      "},{"location":"developer-guide/operator-quick-start/#deploy-locally-via-kind","title":"Deploy Locally via KIND","text":"
      After reviewing the possible make targets it's quick and easy to get bpfman deployed locally on your system via a KIND cluster with:
       
      cd bpfman/bpfman-operator\nmake run-on-kind\n
       
      NOTE: By default, bpfman-operator deploys bpfman with CSI enabled. CSI requires Kubernetes v1.26 due to a PR (kubernetes/kubernetes#112597) that addresses a gRPC Protocol Error that was seen in the CSI client code and it doesn't appear to have been backported. It is recommended to install kind v0.20.0 or later.
      "},{"location":"developer-guide/operator-quick-start/#deploy-to-openshift-cluster","title":"Deploy To Openshift Cluster","text":"
      First deploy the operator with one of the following two options:
      "},{"location":"developer-guide/operator-quick-start/#1-manually-with-kustomize","title":"1. Manually with Kustomize","text":"
      To install manually with Kustomize and raw manifests simply run the following commands. The Openshift cluster needs to be up and running and specified in ~/.kube/config file.
       
      cd bpfman/bpfman-operator\nmake deploy-openshift\n
       
      Which can then be cleaned up at a later time with:
       
      make undeploy-openshift\n
      "},{"location":"developer-guide/operator-quick-start/#2-via-the-olm-bundle","title":"2. Via the OLM bundle","text":"
      The other option for installing the bpfman-operator is to install it using OLM bundle.
       
      First setup the namespace and certificates for the operator with:
       
      cd bpfman/bpfman-operator\noc apply -f ./hack/ocp-scc-hacks.yaml\n
       
      Then use operator-sdk to install the bundle like so:
       
      operator-sdk run bundle quay.io/bpfman/bpfman-operator-bundle:latest --namespace openshift-bpfman\n
       
      Which can then be cleaned up at a later time with:
       
      operator-sdk cleanup bpfman-operator\n
       
      followed by
       
      oc delete -f ./hack/ocp-scc-hacks.yaml\n
      "},{"location":"developer-guide/operator-quick-start/#verify-the-installation","title":"Verify the Installation","text":"
      Independent of the method used to deploy, if the bpfman-operator came up successfully you will see the bpfman-daemon and bpfman-operator pods running without errors:
       
      kubectl get pods -n bpfman\nNAME                             READY   STATUS    RESTARTS   AGE\nbpfman-daemon-bt5xm                3/3     Running   0          130m\nbpfman-daemon-ts7dr                3/3     Running   0          129m\nbpfman-daemon-w24pr                3/3     Running   0          130m\nbpfman-operator-78cf9c44c6-rv7f2   2/2     Running   0          132m\n
      "},{"location":"developer-guide/operator-quick-start/#deploy-an-ebpf-program-to-the-cluster","title":"Deploy an eBPF Program to the cluster","text":"
      To test the deployment simply deploy one of the sample xdpPrograms:
       
      cd bpfman/bpfman-operator/\nkubectl apply -f config/samples/bpfman.io_v1alpha1_xdp_pass_xdpprogram.yaml\n
       
      If loading of the XDP Program to the selected nodes was successful it will be reported back to the user via the xdpProgram's status field:
       
      kubectl get xdpprogram xdp-pass-all-nodes -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"xdp-pass-all-nodes\"},\"spec\":{\"bpffunctionname\":\"pass\",\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/xdp_pass:latest\"}},\"globaldata\":{\"GLOBAL_u32\":[13,12,11,10],\"GLOBAL_u8\":[1]},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":0}}\n  creationTimestamp: \"2023-11-07T19:16:39Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\n  resourceVersion: \"157187\"\n  uid: 21c71a61-4e73-44eb-9b49-07af2866d25b\nspec:\n  bpffunctionname: pass\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8: AQ==\n    GLOBAL_u32: DQwLCg==\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 0\n  proceedon:\n  - pass\n  - dispatcher_return\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-07T19:16:42Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
       
      To see information in listing form simply run:
       
      kubectl get xdpprogram -o wide\nNAME                 BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\nxdp-pass-all-nodes   pass              {}             0          {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\n
      "},{"location":"developer-guide/operator-quick-start/#api-types-overview","title":"API Types Overview","text":"
      See api-spec.md for a more detailed description of all the bpfman Kubernetes API types.
      "},{"location":"developer-guide/operator-quick-start/#multiple-program-crds","title":"Multiple Program CRDs","text":"
      The multiple *Program CRDs are the bpfman Kubernetes API objects most relevant to users and can be used to understand clusterwide state for an eBPF program. It's designed to express how, and where eBPF programs are to be deployed within a Kubernetes cluster. Currently bpfman supports the use of xdpProgram, tcProgram and tracepointProgram objects.
      "},{"location":"developer-guide/operator-quick-start/#bpfprogram-crd","title":"BpfProgram CRD","text":"
      The BpfProgram CRD is used internally by the bpfman-deployment to keep track of per node bpfman state such as map pin points, and to report node specific errors back to the user. Kubernetes users/controllers are only allowed to view these objects, NOT create or edit them.
       
      Applications wishing to use bpfman to deploy/manage their eBPF programs in Kubernetes will make use of this object to find references to the bpfMap pin points (spec.maps) in order to configure their eBPF programs.
      "},{"location":"developer-guide/release/","title":"Release Process","text":""},{"location":"developer-guide/release/#overview","title":"Overview","text":"
      A release for the bpfman project is comprised of the following major components:
       
         
      • bpfman binaries
        •  
      • Core GRPC API protobuf definitions
        •  
      • Kubernetes Custom Resource Definitions (CRDs)
        •  
      • Corresponding go pkg in the form of github.com/bpfman/bpfman which includes the following:
        •  
      • github.com/bpfman/bpfman/clients/gobpfman/v1: The go client for the bpfman GRPC API
        •  
      • github.com/bpfman/bpfman/bpfman-operator/apis: The go bindings for the     bpfman CRD API
        •  
      • github.com/bpfman/bpfman/bpfman-operator/pkg/client: The autogenerated     clientset for the bpfman CRD API
        •  
      • github.com/bpfman/bpfman/bpfman-operator/pkg/helpers: The provided bpfman CRD     API helpers.
        •  
      • Corresponding bpfman-api and bpfmanrust crates which house the rust client for the bpfman GRPC API
        •  
      • The following core component container images with tag : 
      • quay.io/bpfman/bpfman
        •  
      • quay.io/bpfman/bpfman-operator
        •  
      • quay.io/bpfman/bpfman-agent
        •  
      • quay.io/bpfman/bpfman-operator-bundle
        •  
      • quay.io/bpfman/xdp-dispatcher
        •  
      • quay.io/bpfman/tc-dispatcher
        •  
      • The relevant example bytecode container images with tag  from source   code located in the bpfman project: 
      • quay.io/bpfman-bytecode/go_xdp_counter
        •  
      • quay.io/bpfman-bytecode/go_tc_counter
        •  
      • quay.io/bpfman-bytecode/go_tracepoint_counter
        •  
      • quay.io/bpfman-bytecode/xdp_pass
        •  
      • quay.io/bpfman-bytecode/tc_pass
        •  
      • quay.io/bpfman-bytecode/tracepoint
        •  
      • quay.io/bpfman-bytecode/xdp_pass_private
        •  
      • quay.io/bpfman-bytecode/uprobe
        •  
      • quay.io/bpfman-bytecode/kprobe
        •  
      • quay.io/bpfman-bytecode/uretprobe
        •  
      • quay.io/bpfman-bytecode/kretprobe
        •  
      • The relevant example userspace container images with tag  from source   code located in the bpfman project: 
      • quay.io/bpfman-userspace/go_xdp_counter
        •  
      • quay.io/bpfman-userspace/go_tc_counter
        •  
      • quay.io/bpfman-userspace/go_tracepoint_counter
        •  
      • The OLM (Operator Lifecycle Manager) for the Kubernetes Operator.
        •  
      • This includes a bundle directory on disk as well as the     quay.io/bpfman/bpfman-operator-bundle with the tag ."},{"location":"developer-guide/release/#versioning-strategy","title":"Versioning strategy","text":""},{"location":"developer-guide/release/#overview_1","title":"Overview","text":"
        Each new release of bpfman is defined with a \"bundle version\" that represents the Git tag of a release, such as v0.4.0. This contains the components described above
        "},{"location":"developer-guide/release/#kubernetes-api-versions-eg-v1alpha2-v1beta1","title":"Kubernetes API Versions (e.g. v1alpha2, v1beta1)","text":"
        Within the bpfman-operator, API versions are primarily used to indicate the stability of a resource. For example, if a resource has not yet graduated to beta, it is still possible that it could either be removed from the API or changed in backwards incompatible ways. For more information on API versions, refer to the full Kubernetes API versioning documentation.
        "},{"location":"developer-guide/release/#releasing-a-new-version","title":"Releasing a new version","text":""},{"location":"developer-guide/release/#writing-a-changelog","title":"Writing a Changelog","text":"
        To simplify release notes generation, we recommend using the Kubernetes release notes generator:
         
        go install k8s.io/release/cmd/release-notes@latest\nexport GITHUB_TOKEN=your_token_here\nrelease-notes --start-sha EXAMPLE_COMMIT --end-sha EXAMPLE_COMMIT --branch main --repo bpfman --org bpfman\n
         
        This output will likely need to be reorganized and cleaned up a bit, but it provides a good starting point. Once you're satisfied with the changelog, create a PR. This must go through the regular PR review process and get merged into the main branch. Approval of the PR indicates community consensus for a new release.
        "},{"location":"developer-guide/release/#release-steps","title":"Release Steps","text":"
        The following steps must be done by one of the bpfman maintainers:
         
        For a PATCH release:
         
           
        • Create a new branch in your fork named something like <githubuser>/release-x.x.x. Use the new branch   in the upcoming steps.
          •  
        • Use git to cherry-pick all relevant PRs into your branch.
          •  
        • Create a branch from the major-minor tag of interest i.e:   git checkout -b release-x.x.x <major.minor.patch>
          •  
        • Create a pull request of the <githubuser>/release-x.x.x branch into the release-x.x branch upstream.   Add a hold on this PR waiting for at least one maintainer/codeowner to provide a lgtm. This PR should:
          •  
        • Add a new changelog for the release
          •  
        • Update the cargo.toml versions for the bpfman-api and bpfman crates
          •  
        • Update the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version.     This will generate a new /bpfman-operator/bundle directory which will ONLY be tracked in the     release-x.x branch not main.
          •  
        • Verify the CI tests pass and merge the PR into release-x.x.
          •  
        • Create a tag using the HEAD of the release-x.x.x branch. This can be done using the git CLI or   Github's release page.
          •  
        • The Release will be automatically created, after that is complete do the following:
          •  
        • run make build-release-yamls and attach the yamls for the version to the release. These will include:
             
          • bpfman-crds-install-vx.x.x.yaml
            •  
          • bpfman-operator-install-vx.x.x.yaml
            •  
          • go-xdp-counter-install-vx.x.x.yaml
            •  
          • go-tc-counter-install-vx.x.x.yaml
            •  
          • go-tracepoint-counter-install-vx.x.x.yaml
            •  
           
          •  
        • Update the community-operator and   community-operators-prod repositories with   the latest bundle manifests. See the following PRs as examples:
             
          • https://github.com/redhat-openshift-ecosystem/community-operators-prod/pull/2696
            •  
          • https://github.com/k8s-operatorhub/community-operators/pull/2790
            •  
           
          •  
         
        For a MAJOR or MINOR release:
         
           
        • Open an update PR that:
          •  
        • Adds a new changelog for the release
          •  
        • Updates the cargo.toml versions for the bpfman-api and bpfman crates
          •  
        • Updates the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version
          •  
        • Add's a new examples config directory for the release version
          •  
        • Make sure CI is green and merge the update PR.
          •  
        • Create a tag using the HEAD of the main branch. This can be done using the git CLI or   Github's release page.
          •  
        • Tag the release using the commit on main where the changelog update merged.   This can  be done using the git CLI or Github's release   page.
          •  
        • The Release will be automatically created, after that is complete do the following:
          •  
        • run make build-release-yamls and attach the yamls for the version to the release. These will include:
             
          • bpfman-crds-install-vx.x.x.yaml
            •  
          • bpfman-operator-install-vx.x.x.yaml
            •  
          • go-xdp-counter-install-vx.x.x.yaml
            •  
          • go-tc-counter-install-vx.x.x.yaml
            •  
          • go-tracepoint-counter-install-vx.x.x.yaml
            •  
           
          •  
        "},{"location":"developer-guide/shipping-bytecode/","title":"eBPF Bytecode Image Specifications","text":""},{"location":"developer-guide/shipping-bytecode/#introduction","title":"Introduction","text":"
        The eBPF Bytecode Image specification defines how to package eBPF bytecode as container images. The initial primary use case focuses on the containerization and deployment of eBPF programs within container orchestration systems such as Kubernetes, where it is necessary to provide a portable way to distribute bytecode to all nodes which need it.
        "},{"location":"developer-guide/shipping-bytecode/#specifications","title":"Specifications","text":"
        We provide two distinct spec variants here to ensure interoperatiblity with existing registries and packages which do no support the new custom media types defined here.
         
           
        • custom-data-type-spec
          •  
        • backwards-compatable-spec
          •  
        "},{"location":"developer-guide/shipping-bytecode/#backwards-compatible-oci-compliant-spec","title":"Backwards compatible OCI compliant spec","text":"
        This variant makes use of existing OCI conventions to represent eBPF Bytecode as container images.
        "},{"location":"developer-guide/shipping-bytecode/#image-layers","title":"Image Layers","text":"
        The container images following this variant must contain exactly one layer who's media type is one of the following:
         
           
        • application/vnd.oci.image.layer.v1.tar+gzip or the compliant application/vnd.docker.image.rootfs.diff.tar.gzip
          •  
         
        Additionally the image layer must contain a valid eBPF object file (generally containing a .o extension) placed at the root of the layer ./.
        "},{"location":"developer-guide/shipping-bytecode/#image-labels","title":"Image Labels","text":"
        To provide relevant metadata regarding the bytecode to any consumers, some relevant labels MUST be defined on the image.
         
        These labels are defined as follows:
         
           
        •  
          io.ebpf.program_type: The eBPF program type (i.e xdp,tc, sockops, ...).
           
          •  
        •  
          io.ebpf.filename: The Filename of the bytecode stored in the image.
           
          •  
        •  
          io.ebpf.program_name: The name of the eBPF Program represented in the bytecode.
           
          •  
        •  
          io.ebpf.bpf_function_name: The name of the function that is the entry point for the BPF program.
           
          •  
        "},{"location":"developer-guide/shipping-bytecode/#building-a-backwards-compatible-oci-compliant-image","title":"Building a Backwards compatible OCI compliant image","text":"
        An Example Containerfile can be found at /packaging/container/deployment/Containerfile.bytecode
         
        To use the provided templated Containerfile simply run a docker build command like the following:
         
        docker build \\\n --build-arg PROGRAM_NAME=xdp_pass \\\n --build-arg BPF_FUNCTION_NAME=pass \\\n --build-arg PROGRAM_TYPE=xdp \\\n --build-arg BYTECODE_FILENAME=pass.bpf.o \\\n --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n -f Containerfile.bytecode \\\n /home/<USER>/bytecode -t quay.io/<USER>/xdp_pass:latest\n
         
        Where /home/<USER>/bytecode is the directory the bytecode object file is located.
         
        Users can also use skopeo to ensure the image follows the backwards compatible version of the spec:
         
           
        • skopeo inspect will show the correctly configured labels stored in the   configuration layer (application/vnd.oci.image.config.v1+json) of the image.
          •  
         
        skopeo inspect docker://quay.io/astoycos/xdp_pass:latest\n{\n    \"Name\": \"quay.io/<USER>/xdp_pass\",\n    \"Digest\": \"sha256:db1f7dd03f9fba0913e07493238fcfaf0bf08de37b8e992cc5902775dfb9086a\",\n    \"RepoTags\": [\n        \"latest\"\n    ],\n    \"Created\": \"2022-08-14T14:27:20.147468277Z\",\n    \"DockerVersion\": \"\",\n    \"Labels\": {\n        \"io.buildah.version\": \"1.26.1\",\n        \"io.ebpf.filename\": \"pass.bpf.o\",\n        \"io.ebpf.program_name\": \"xdp_counter\",\n        \"io.ebpf.program_type\": \"xdp\",\n        \"io.ebpf.bpf_function_name\": \"pass\"\n    },\n    \"Architecture\": \"amd64\",\n    \"Os\": \"linux\",\n    \"Layers\": [\n        \"sha256:5f6dae6f567601fdad15a936d844baac1f30c31bd3df8df0c5b5429f3e048000\"\n    ],\n    \"Env\": [\n        \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\n    ]\n}\n
         
           
        • skopeo inspect --raw will show the correct layer type is used in the image.
          •  
         
        skopeo inspect --raw  docker://quay.io/astoycos/xdp_pass:latest\n{\"schemaVersion\":2,\"mediaType\":\"application/vnd.oci.image.manifest.v1+json\",\"config\":{\"mediaType\":\"application/vnd.oci.image.config.v1+json\",\"digest\":\"sha256:ff4108b8405a877b2df3e06f9287c509b9d62d6c241c9a5213d81a9abee80361\",\"size\":2385},\"layers\":[{\"mediaType\":\"application/vnd.oci.image.layer.v1.tar+gzip\",\"digest\":\"sha256:5f6dae6f567601fdad15a936d844baac1f30c31bd3df8df0c5b5429f3e048000\",\"size\":1539}],\"annotations\":{\"org.opencontainers.image.base.digest\":\"sha256:86b59a6cf7046c624c47e40a5618b383d763be712df2c0e7aaf9391c2c9ef559\",\"org.opencontainers.image.base.name\":\"\"}}\n
        "},{"location":"developer-guide/shipping-bytecode/#custom-oci-compatible-spec","title":"Custom OCI compatible spec","text":"
        This variant of the eBPF bytecode image spec uses custom OCI medium types to represent eBPF bytecode as container images. Many toolchains and registries may not support this yet.
         
        TODO(astoycos)
        "},{"location":"developer-guide/testing/","title":"Testing","text":"
        This document describes the automated testing that is done for each pull request submitted to bpfman, and also provides instructions for running them locally when doing development.
        "},{"location":"developer-guide/testing/#unit-testing","title":"Unit Testing","text":"
        Unit testing is executed as part of the build job by running the following command in the top-level bpfman directory.
         
         cargo test\n
        "},{"location":"developer-guide/testing/#go-example-tests","title":"Go Example Tests","text":"
        Tests are run for each of the example programs found in directory examples
         
        Detailed description TBD
        "},{"location":"developer-guide/testing/#basic-integration-tests","title":"Basic Integration Tests","text":"
        The full set of basic integration tests are executed by running the following command in the top-level bpfman directory.
         
        cargo xtask integration-test\n
         
        Optionally, a subset of the integration tests can be run by adding the \"--\" and a list of one or more names at the end of the command as shown below.
         
        cargo xtask integration-test -- test_load_unload_xdp test_proceed_on_xdp\n
         
        The integration tests start a bpfman daemon process, and issue CLI commands to verify a range of functionality.  For XDP and TC programs that are installed on network interfaces, the integration test code creates a test network namespace connected to the host by a veth pair on which the programs are attached. The test code uses the IP subnet 172.37.37.1/24 for the namespace. If that address conflicts with an existing network on the host, it can be changed by setting the BPFMAN_IP_PREFIX environment variable to one that is available as shown below.
         
        export BPFMAN_IP_PREFIX=\"192.168.50\"\n
         
        If bpfman logs are needed to help debug an integration test, set RUST_LOG either globally or for a given test.
         
        export RUST_LOG=info\n
         OR 
        RUST_LOG=info cargo xtask integration-test -- test_load_unload_xdp test_proceed_on_xdp\n
         
        There are two categories of integration tests: basic and e2e.  The basic tests verify basic CLI functionality such as loading, listing, and unloading programs.  The e2e tests verify more advanced functionality such as the setting of global variables, priority, and proceed-on by installing the programs, creating traffic if needed, and examining logs to confirm that things are running as expected.
         
        Most eBPF test programs are loaded from container images stored on quay.io. The source code for the eBPF test programs can be found in the tests/integration-test/bpf directory.  These programs are compiled by executing cargo xtask build-ebpf --libbpf-dir <libbpf dir>
         
        We also load some tests from local files to test the load-from-file option.
         
        The bpf directory also contains a script called build_push_images.sh that can be used to build and push new images to quay if the code is changed. Images get pushed automatically when code gets merged, however, it's still useful to be able to push them manually sometimes. For example, when a new test case requires that both the eBPF and integration code be changed together.  It is also a useful template for new eBPF test code that needs to be pushed. However, as a word of caution, be aware that existing integration tests will start using the new programs immediately, so this should only be done if the modified program is backward compatible.
        "},{"location":"developer-guide/testing/#kubernetes-operator-tests","title":"Kubernetes Operator Tests","text":""},{"location":"developer-guide/testing/#kubernetes-operator-unit-tests","title":"Kubernetes Operator Unit Tests","text":"
        To run all of the unit tests defined in the bpfman-operator controller code run make test in the bpfman-operator directory.
        "},{"location":"developer-guide/testing/#kubernetes-operator-integration-tests","title":"Kubernetes Operator Integration Tests","text":"
        To run the Kubernetes Operator integration tests locally:
         
           
        1. Build the example test code images.
          2.  
         
            # in bpfman/examples\n    make build-us-images\n    make build-bc-images\n
         
           
        1. Build the bpfman images locally with the int-test tag.
          2.  
         
            # in bpfman/bpfman-operator\n    BPFMAN_AGENT_IMG=quay.io/bpfman/bpfman-agent:int-test BPFMAN_IMG=quay.io/bpfman/bpfman:int-test BPFMAN_OPERATOR_IMG=quay.io/bpfman/bpfman-operator:int-test make build-images\n
         
           
        1. Run the integration test suite.
          2.  
         
            # in bpfman/bpfman-operator\n    BPFMAN_AGENT_IMG=quay.io/bpfman/bpfman-agent:int-test BPFMAN_IMG=quay.io/bpfman/bpfman:int-test BPFMAN_OPERATOR_IMG=quay.io/bpfman/bpfman-operator:int-test make test-integration\n
         
        Additionally the integration test can be configured with the following environment variables:
         
           
        • KEEP_TEST_CLUSTER: If set to true the test cluster will not be torn down   after the integration test suite completes.
          •  
        • USE_EXISTING_KIND_CLUSTER: If this is set to the name of the existing kind   cluster the integration test suite will use that cluster instead of creating a   new one.
          •  
        "},{"location":"getting-started/building-bpfman/","title":"Setup and Building bpfman","text":"
        This section describes how to build bpfman. If this is the first time building bpfman, jump to the Development Environment Setup section for help installing the tooling.
         
        There is also an option to run images from a given release, or from an RPM, as opposed to building locally. Jump to the Run bpfman From Release Image section for installing from a fixed release or jump to the Run bpfman From RPM section for installing from an RPM.
        "},{"location":"getting-started/building-bpfman/#kernel-versions","title":"Kernel Versions","text":"
        eBPF is still a relatively new technology and being actively developed. To take advantage of this constantly evolving technology, it is best to use the newest kernel version possible. If bpfman needs to be run on an older kernel, this section describes some of the kernel features bpfman relies on to work and which kernel the feature was first introduced.
         
        Major kernel features leveraged by bpfman:
         
           
        • Program Extensions: Program Extensions allows bpfman to load multiple XDP or TC eBPF programs   on an interface, which is not natively supported in the kernel.   A dispatcher program is loaded as the one program on a given interface, and the user's XDP or TC   programs are loaded as extensions to the dispatcher program.   Introduced in Kernel 5.6.
          •  
        • Pinning: Pinning allows the eBPF program to remain loaded when the loading process (bpfman) is   stopped or restarted.   Introduced in Kernel 4.11.
          •  
        • BPF Perf Link: Support BPF perf link for tracing programs (Tracepoint, Uprobe and Kprobe)   which enables pinning for these program types.   Introduced in Kernel 5.15.
          •  
         
        Tested kernel versions:
         
           
        • Fedora 34: Kernel 5.17.6-100.fc34.x86_64
             
          • XDP, TC, Tracepoint, Uprobe and Kprobe programs all loaded with bpfman running on localhost   and running as systemd service.
            •  
           
          •  
        • Fedora 33: Kernel 5.14.18-100.fc33.x86_64
             
          • XDP and TC programs loaded with bpfman running on localhost and running as systemd service   once SELinux was disabled (see https://github.com/fedora-selinux/selinux-policy/pull/806).
            •  
          • Tracepoint, Uprobe and Kprobe programs failed to load because they require the BPF Perf Link   support.
            •  
           
          •  
        • Fedora 32: Kernel 5.11.22-100.fc32.x86_64
             
          • XDP and TC programs loaded with bpfman running on localhost once SELinux was disabled   (see https://github.com/fedora-selinux/selinux-policy/pull/806).
            •  
          • bpfman fails to run as a systemd service because of some capabilities issues in the   bpfman.service file.
            •  
          • Tracepoint, Uprobe and Kprobe programs failed to load because they require the BPF Perf Link   support.
            •  
           
          •  
        • Fedora 31: Kernel 5.8.18-100.fc31.x86_64
             
          • bpfman was able to start on localhost, but XDP and TC programs wouldn't load because   BPF_LINK_CREATE call was updated in newer kernels.
            •  
          • bpfman fails to run as a systemd service because of some capabilities issues in the   bpfman.service file.
            •  
           
          •  
        "},{"location":"getting-started/building-bpfman/#clone-the-bpfman-repo","title":"Clone the bpfman Repo","text":"
        You can build and run bpfman from anywhere. However, if you plan to make changes to the bpfman operator, it will need to be under your GOPATH because Kubernetes Code-generator does not work outside of GOPATH issue 86753.  Assuming your GOPATH is set to the typical $HOME/go, your repo should live in $HOME/go/src/github.com/bpfman/bpfman
         
        mkdir -p $HOME/go/src/github.com/bpfman\ncd $HOME/go/src/github.com/bpfman\ngit clone git@github.com:bpfman/bpfman.git\n
        "},{"location":"getting-started/building-bpfman/#building-bpfman","title":"Building bpfman","text":"
        To just test with the latest bpfman, containerized image are stored in quay.io/bpfman (see bpfman Container Images). To build with local changes, use the following commands.
         
        If you are building bpfman for the first time OR the eBPF code has changed:
         
        cargo xtask build-ebpf --libbpf-dir /path/to/libbpf\n
         
        If protobuf files have changed:
         
        cargo xtask build-proto\n
         
        To build bpfman:
         
        cargo build\n
        "},{"location":"getting-started/building-bpfman/#building-cli-tab-completion-files","title":"Building CLI TAB completion files","text":"
        Optionally, to build the CLI TAB completion files, run the following command:
         
        cargo xtask build-completion\n
         
        Files are generated for different shells:
         
        ls .output/completions/\n_bpfman  bpfman.bash  bpfman.elv  bpfman.fish  _bpfman.ps1\n
        "},{"location":"getting-started/building-bpfman/#bash","title":"bash","text":"
        For bash, this generates a file that can be used by the linux bash-completion utility (see Install bash-completion for installation instructions).
         
        If the files are generated, they are installed automatically when running bpfman as a systemd service and using the sudo ./scripts/setup.sh install install script (see Systemd Service). To install the files manually, copy the file associated with a given shell to /usr/share/bash-completion/completions/. For example:
         
        sudo cp .output/completions/bpfman.bash /usr/share/bash-completion/completions/.\n\nbpfman g<TAB>\n
        "},{"location":"getting-started/building-bpfman/#other-shells","title":"Other shells","text":"
        Files are generated other shells (Elvish, Fish, PowerShell and zsh). For these shells, generated file must be manually installed.
        "},{"location":"getting-started/building-bpfman/#building-cli-manpages","title":"Building CLI Manpages","text":"
        Optionally, to build the CLI Manpage files, run the following command:
         
        cargo xtask build-man-page\n
         
        If the files are generated, they are installed automatically when running bpfman as a systemd service and using the sudo ./scripts/setup.sh install install script (see Systemd Service). To install the files manually, copy the generated files to /usr/local/share/man/man1/. For example:
         
        sudo cp .output/manpage/bpfman*.1 /usr/local/share/man/man1/.\n
         
        Once installed, use man to view the pages.
         
        man bpfman list\n
         
        NOTE: bpfman commands with subcommands (specifically bpfman load) have - in the manpage subcommand generation. So use bpfman load-file, bpfman load-image, bpfman load-image-xdp, etc. to display the subcommand manpage files.
        "},{"location":"getting-started/building-bpfman/#development-environment-setup","title":"Development Environment Setup","text":"
        To build bpfman, the following packages must be installed.
        "},{"location":"getting-started/building-bpfman/#install-rust-toolchain","title":"Install Rust Toolchain","text":"
        For further detailed instructions, see Rust Stable & Rust Nightly.
         
        curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\nrustup toolchain install nightly -c rustfmt,clippy,rust-src\n
        "},{"location":"getting-started/building-bpfman/#install-llvm","title":"Install LLVM","text":"
        LLVM 11 or later must be installed. Linux package managers should provide a recent enough release.
         
        dnf based OS:
         
        sudo dnf install llvm-devel clang-devel elfutils-libelf-devel\n
         
        apt based OS:
         
        sudo apt install clang lldb lld libelf-dev gcc-multilib\n
        "},{"location":"getting-started/building-bpfman/#install-protobuf-compiler","title":"Install Protobuf Compiler","text":"
        For further detailed instructions, see protoc.
         
        dnf based OS:
         
        sudo dnf install protobuf-compiler\n
         
        apt based OS:
         
        sudo apt install protobuf-compiler\n
        "},{"location":"getting-started/building-bpfman/#install-go-protobuf-compiler-extensions","title":"Install GO protobuf Compiler Extensions","text":"
        See Quick Start Guide for gRPC in Go for installation instructions.
        "},{"location":"getting-started/building-bpfman/#local-libbpf","title":"Local libbpf","text":"
        Checkout a local copy of libbpf.
         
        git clone https://github.com/libbpf/libbpf --branch v0.8.0\n
        "},{"location":"getting-started/building-bpfman/#install-perl","title":"Install perl","text":"
        Install perl:
         
        dnf based OS:
         
        sudo dnf install perl\n
         
        apt based OS:
         
        sudo apt install perl\n
        "},{"location":"getting-started/building-bpfman/#install-docker","title":"Install docker","text":"
        To build the bpfman-agent and bpfman-operator using the provided Makefile and the make build-images command, docker needs to be installed. There are several existing guides:
         
           
        • Fedora: https://developer.fedoraproject.org/tools/docker/docker-installation.html
          •  
        • Linux: https://docs.docker.com/engine/install/
          •  
        "},{"location":"getting-started/building-bpfman/#install-kind","title":"Install Kind","text":"
        Optionally, to test bpfman running in Kubernetes, the easiest method and the one documented throughout the bpfman documentation is to run a Kubernetes Kind cluster. See kind for documentation and installation instructions. kind also requires docker to be installed.
         
        NOTE: By default, bpfman-operator deploys bpfman with CSI enabled. CSI requires Kubernetes v1.26 due to a PR (kubernetes/kubernetes#112597) that addresses a gRPC Protocol Error that was seen in the CSI client code and it doesn't appear to have been backported. It is recommended to install kind v0.20.0 or later.
         
        If the following error is seen, it means there is an older version of Kubernetes running and it needs to be upgraded.
         
        kubectl get pods -A\nNAMESPACE   NAME                               READY   STATUS             RESTARTS      AGE\nbpfman      bpfman-daemon-2hnhx                2/3     CrashLoopBackOff   4 (38s ago)   2m20s\nbpfman      bpfman-operator-6b6cf97857-jbvv4   2/2     Running            0             2m22s\n:\n\nkubectl logs -n bpfman bpfman-daemon-2hnhx -c node-driver-registrar\n:\nE0202 15:33:12.342704       1 main.go:101] Received NotifyRegistrationStatus call: &RegistrationStatus{PluginRegistered:false,Error:RegisterPlugin error -- plugin registration failed with err: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR,}\nE0202 15:33:12.342723       1 main.go:103] Registration process failed with error: RegisterPlugin error -- plugin registration failed with err: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR, restarting registration container.\n
        "},{"location":"getting-started/building-bpfman/#install-bash-completion","title":"Install bash-completion","text":"
        bpfman uses the Rust crate clap for the CLI implementation. clap has an optional Rust crate clap_complete. For bash shell, it leverages bash-completion for CLI Command  completion. So in order for CLI  completion to work in a bash shell, bash-completion must be installed. This feature is optional. 
        For the CLI  completion to work after installation, /etc/profile.d/bash_completion.sh must be sourced in the running sessions. New login sessions should pick it up automatically. 
        dnf based OS:
         
        sudo dnf install bash-completion\nsource /etc/profile.d/bash_completion.sh\n
         
        apt based OS:
         
        sudo apt install bash-completion\nsource /etc/profile.d/bash_completion.sh\n
        "},{"location":"getting-started/building-bpfman/#install-yaml-formatter","title":"Install Yaml Formatter","text":"
        As part of CI, the Yaml files are validated with a Yaml formatter. Optionally, to verify locally, install the YAML Language Support by Red Hat VsCode Extension, or to format in bulk, install prettier.
         
        To install prettier:
         
        npm install -g prettier\n
         
        Then to flag which files are violating the formatting guide, run:
         
        prettier -l \"*.yaml\"\n
         
        And to write changes in place, run:
         
         prettier -f \"*.yaml\"\n
        "},{"location":"getting-started/building-bpfman/#install-toml-formatter","title":"Install toml Formatter","text":"
        As part of CI, the toml files are validated with a toml formatter. Optionally, to verify locally, install taplo.
         
        cargo install taplo-cli\n
         
        And to verify locally:
         
        taplo fmt --check\n
        "},{"location":"getting-started/cli-guide/","title":"CLI Guide","text":"
        bpfman offers several CLI commands to interact with the bpfman daemon. The CLI allows you to load, unload, get and list eBPF programs.
        "},{"location":"getting-started/cli-guide/#notes-for-this-guide","title":"Notes For This Guide","text":"
        As described in other sections, bpfman can be run as either a privileged process or a systemd service. If run as a privileged process, bpfman will most likely be run from your local development branch and will require sudo. Example:
         
        sudo ./target/debug/bpfman list\n
         
        If run as a systemd service, bpfman will most likely be installed in your $PATH, and will also require sudo. Example:
         
        sudo bpfman list\n
         
        The examples here use sudo bpfman in place of sudo ./target/debug/bpfman for readability, use as your system is deployed.
         
        eBPF object files used in the examples are taken from the examples and integration-test directories from the bpfman repository.
        "},{"location":"getting-started/cli-guide/#basic-syntax","title":"Basic Syntax","text":"
        Below are the commands supported by bpfman.
         
        sudo bpfman --help\nA system daemon for loading BPF programs\n\nUsage: bpfman <COMMAND>\n\nCommands:\n  load           Load an eBPF program from a local .o file\n  unload         Unload an eBPF program using the program id\n  list           List all eBPF programs loaded via bpfman\n  get            Get an eBPF program using the program id\n  image          eBPF Bytecode Image related commands\n  system         Run bpfman as a service\n  help           Print this message or the help of the given subcommand(s)\n\nOptions:\n  -h, --help     Print help\n  -V, --version  Print version\n
        "},{"location":"getting-started/cli-guide/#bpfman-load","title":"bpfman load","text":"
        The bpfman load file and bpfman load image commands are used to load eBPF programs. The bpfman load file command is used to load a locally built eBPF program. The bpfman load image command is used to load an eBPF program packaged in a OCI container image from a given registry. Each program type (i.e. <COMMAND>) has it's own set of attributes specific to the program type, and those attributes MUST come after the program type is entered. There are a common set of attributes, and those MUST come before the program type is entered.
         
        sudo bpfman load file --help\nLoad an eBPF program from a local .o file\n\nUsage: bpfman load file [OPTIONS] --path <PATH> --name <NAME> <COMMAND>\n------\n\nCommands:\n---------\n  xdp         Install an eBPF program on the XDP hook point for a given interface\n  tc          Install an eBPF program on the TC hook point for a given interface\n  tracepoint  Install an eBPF program on a Tracepoint\n  kprobe      Install an eBPF kprobe or kretprobe\n  uprobe      Install an eBPF uprobe or uretprobe\n  help        Print this message or the help of the given subcommand(s)\n\nOptions:\n--------\n  -p, --path <PATH>\n          Required: Location of local bytecode file as fully qualified file path.\n          Example: --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n\n  -n, --name <NAME>\n          Required: The name of the function that is the entry point for the BPF program\n\n  -g, --global <GLOBAL>...\n          Optional: Global variables to be set when program is loaded.\n          Format: <NAME>=<Hex Value>\n\n          This is a very low level primitive. The caller is responsible for formatting\n          the byte string appropriately considering such things as size, endianness,\n          alignment and packing of data structures.\n\n  -m, --metadata <METADATA>\n          Optional: Specify Key/Value metadata to be attached to a program when it\n          is loaded by bpfman.\n          Format: <KEY>=<VALUE>\n\n          This can later be used to list a certain subset of programs which contain\n          the specified metadata.\n\n      --map-owner-id <MAP_OWNER_ID>\n          Optional: Program id of loaded eBPF program this eBPF program will share a map with.\n          Only used when multiple eBPF programs need to share a map.\n          Example: --map-owner-id 63178\n\n  -h, --help\n          Print help (see a summary with '-h')\n
         
        and
         
        sudo bpfman load image --help\nLoad an eBPF program packaged in a OCI container image from a given registry\n\nUsage: bpfman load image [OPTIONS] --image-url <IMAGE_URL> <COMMAND>\n\nCommands:\n  xdp         Install an eBPF program on the XDP hook point for a given interface\n  tc          Install an eBPF program on the TC hook point for a given interface\n  tracepoint  Install an eBPF program on a Tracepoint\n  kprobe      Install an eBPF kprobe or kretprobe\n  uprobe      Install an eBPF uprobe or uretprobe\n  help        Print this message or the help of the given subcommand(s)\n\nOptions:\n  -i, --image-url <IMAGE_URL>\n          Required: Container Image URL.\n          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest\n\n  -r, --registry-auth <REGISTRY_AUTH>\n          Optional: Registry auth for authenticating with the specified image registry.\n          This should be base64 encoded from the '<username>:<password>' string just like\n          it's stored in the docker/podman host config.\n          Example: --registry_auth \"YnjrcKw63PhDcQodiU9hYxQ2\"\n\n  -p, --pull-policy <PULL_POLICY>\n          Optional: Pull policy for remote images.\n\n          [possible values: Always, IfNotPresent, Never]\n\n          [default: IfNotPresent]\n\n  -n, --name <NAME>\n          Optional: The name of the function that is the entry point for the BPF program.\n          If not provided, the program name defined as part of the bytecode image will be used.\n\n          [default: ]\n\n  -g, --global <GLOBAL>...\n          Optional: Global variables to be set when program is loaded.\n          Format: <NAME>=<Hex Value>\n\n          This is a very low level primitive. The caller is responsible for formatting\n          the byte string appropriately considering such things as size, endianness,\n          alignment and packing of data structures.\n\n  -m, --metadata <METADATA>\n          Optional: Specify Key/Value metadata to be attached to a program when it\n          is loaded by bpfman.\n          Format: <KEY>=<VALUE>\n\n          This can later be used to list a certain subset of programs which contain\n          the specified metadata.\n          Example: --metadata owner=acme\n\n      --map-owner-id <MAP_OWNER_ID>\n          Optional: Program id of loaded eBPF program this eBPF program will share a map with.\n          Only used when multiple eBPF programs need to share a map.\n          Example: --map-owner-id 63178\n\n  -h, --help\n          Print help (see a summary with '-h')\n
         
        When using either load command, --path, --image-url, --registry-auth, --pull-policy, --name,  --global, --metadata and --map-owner-id must be entered before the <COMMAND> (xdp, tc,  tracepoint, etc) is entered. Then each <COMMAND> has its own custom parameters (same for both bpfman load file and bpfman load image):
         
        sudo bpfman load file xdp --help\nInstall an eBPF program on the XDP hook point for a given interface\n\nUsage: bpfman load file --path <PATH> --name <NAME> xdp [OPTIONS] --iface <IFACE> --priority <PRIORITY>\n------\n\nOptions:\n--------\n  -i, --iface <IFACE>\n          Required: Interface to load program on\n\n  -p, --priority <PRIORITY>\n          Required: Priority to run program in chain. Lower value runs first\n\n      --proceed-on <PROCEED_ON>...\n          Optional: Proceed to call other programs in chain on this exit code.\n          Multiple values supported by repeating the parameter.\n          Example: --proceed-on \"pass\" --proceed-on \"drop\"\n\n          [possible values: aborted, drop, pass, tx, redirect, dispatcher_return]\n\n          [default: pass, dispatcher_return]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
         
        Example loading from local file (--path is the fully qualified path):
         
        sudo bpfman load file --path $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o --name \"pass\" xdp --iface vethb2795c7 --priority 100\n
         
        Example from image in remote repository (Note: --name is built into the image and is not required):
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethb2795c7 --priority 100\n
         
        The tc command is similar to xdp, but it also requires the direction option and the proceed-on values are different.
         
        sudo bpfman load file tc -h\nInstall an eBPF program on the TC hook point for a given interface\n\nUsage: bpfman load file --path <PATH> --name <NAME> tc [OPTIONS] --direction <DIRECTION> --iface <IFACE> --priority <PRIORITY>\n------\n\nOptions:\n--------\n  -d, --direction <DIRECTION>\n          Required: Direction to apply program.\n\n          [possible values: ingress, egress]\n\n  -i, --iface <IFACE>\n          Required: Interface to load program on\n\n  -p, --priority <PRIORITY>\n          Required: Priority to run program in chain. Lower value runs first\n\n      --proceed-on <PROCEED_ON>...\n          Optional: Proceed to call other programs in chain on this exit code.\n          Multiple values supported by repeating the parameter.\n          Example: --proceed-on \"ok\" --proceed-on \"pipe\"\n\n          [possible values: unspec, ok, reclassify, shot, pipe, stolen, queued,\n                            repeat, redirect, trap, dispatcher_return]\n\n          [default: ok, pipe, dispatcher_return]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
         
        The following is an example of the tc command using short option names:
         
        sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -n \"pass\" tc -d ingress -i mynet1 -p 40\n
         
        For the tc_pass.bpf.o program loaded with the command above, the name would be set as shown in the following snippet:
         
        SEC(\"classifier/pass\")\nint accept(struct __sk_buff *skb)\n{\n
        "},{"location":"getting-started/cli-guide/#additional-load-examples","title":"Additional Load Examples","text":"
        Below are some additional examples of bpfman load commands:
         
        XDP
         
        sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o --name \"xdp_stats\" xdp --iface vethb2795c7 --priority 35\n
         
        TC
         
        sudo bpfman load file --path $HOME/src/bpfman/examples/go-tc-counter/bpf_bpfel.o --name \"stats\"\" tc --direction ingress --iface vethb2795c7 --priority 110\n
         
        Kprobe
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/kprobe:latest kprobe -f try_to_wake_up\n
         
        Kretprobe
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/kretprobe:latest kprobe -f try_to_wake_up -r\n
         
        Uprobe
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe -f \"malloc\" -t \"libc\"\n
         
        Uretprobe
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/uretprobe:latest uprobe -f \"malloc\" -t \"libc\" -r\n
        "},{"location":"getting-started/cli-guide/#setting-global-variables-in-ebpf-programs","title":"Setting Global Variables in eBPF Programs","text":"
        Global variables can be set for any eBPF program type when loading as follows:
         
        sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -g GLOBAL_u8=01020304 GLOBAL_u32=0A0B0C0D -n \"pass\" tc -d ingress -i mynet1 -p 40\n
         
        Note, that when setting global variables, the eBPF program being loaded must have global variables named with the strings given, and the size of the value provided must match the size of the given variable.  For example, the above command can be used to update the following global variables in an eBPF program.
         
        volatile const __u32 GLOBAL_u8 = 0;\nvolatile const __u32 GLOBAL_u32 = 0;\n
        "},{"location":"getting-started/cli-guide/#modifying-the-proceed-on-behavior","title":"Modifying the Proceed-On Behavior","text":"
        The proceed-on setting applies to xdp and tc programs. For both of these program types, an ordered list of eBPF programs is maintained per attach point. The proceed-on setting determines whether processing will \"proceed\" to the next eBPF program in the list, or terminate processing and return, based on the program's return value. For example, the default proceed-on configuration for an xdp program can be modified as follows:
         
        sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o -n \"pass\" xdp -i mynet1 -p 30 --proceed-on drop pass dispatcher_return\n
        "},{"location":"getting-started/cli-guide/#sharing-maps-between-ebpf-programs","title":"Sharing Maps Between eBPF Programs","text":"
        WARNING Currently for the map sharing feature to work the LIBBPF_PIN_BY_NAME flag MUST be set in the shared bpf map definitions. Please see this aya issue for future work that will change this requirement.
         
        To share maps between eBPF programs, first load the eBPF program that owns the maps. One eBPF program must own the maps.
         
        sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n \"xdp_stats\" xdp --iface vethb2795c7 --priority 100\n6371\n
         
        Next, load additional eBPF programs that will share the existing maps by passing the program id of the eBPF program that owns the maps using the --map-owner-id parameter:
         
        sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n \"xdp_stats\" --map-owner-id 6371 xdp --iface vethff657c7 --priority 100\n6373\n
         
        Use the bpfman get <ID> command to display the configuration:
         
        sudo bpfman list\n Program ID  Name       Type  Load Time\n 6371        xdp_stats  xdp   2023-07-18T16:50:46-0400\n 6373        xdp_stats  xdp   2023-07-18T16:51:06-0400\n
         
        sudo bpfman get 6371\n Bpfman State\n---------------\n Name:          xdp_stats\n Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6371\n Map Owner ID:  None\n Map Used By:   6371\n                6373\n Priority:      50\n Iface:         vethff657c7\n Position:      1\n Proceed On:    pass, dispatcher_return\n:\n
         
        sudo bpfman get 6373\n Bpfman State\n---------------\n Name:          xdp_stats\n Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6371\n Map Owner ID:  6371\n Map Used By:   6371\n                6373\n Priority:      50\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n:\n
         
        As the output shows, the first program (6371) owns the map, with Map Owner ID of None and the Map Pin Path (/run/bpfman/fs/maps/6371) that includes its own ID.
         
        The second program (6373) references the first program via the Map Owner ID set to 6371 and the Map Pin Path (/run/bpfman/fs/maps/6371) set to same directory as the first program, which includes the first program's ID. The output for both commands shows the map is being used by both programs via the Map Used By with values of 6371 and 6373.
         
        The eBPF programs can be unloaded any order, the Map Pin Path will not be deleted until all the programs referencing the maps are unloaded:
         
        sudo bpfman unload 6371\nsudo bpfman unload 6373\n
        "},{"location":"getting-started/cli-guide/#bpfman-list","title":"bpfman list","text":"
        The bpfman list command lists all the bpfman loaded eBPF programs:
         
        sudo bpfman list\n Program ID  Name              Type        Load Time\n 6201        pass              xdp         2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400\n 6204        stats             tc          2023-07-17T17:20:14-0400\n
         
        To see all eBPF programs loaded on the system, include the --all option.
         
        sudo bpfman list --all\n Program ID  Name              Type           Load Time\n 52          restrict_filesy   lsm            2023-05-03T12:53:34-0400\n 166         dump_bpf_map      tracing        2023-05-03T12:53:52-0400\n 167         dump_bpf_prog     tracing        2023-05-03T12:53:52-0400\n 455                           cgroup_device  2023-05-03T12:58:26-0400\n :\n 6190                          cgroup_skb     2023-07-17T17:15:23-0400\n 6191                          cgroup_device  2023-07-17T17:15:23-0400\n 6192                          cgroup_skb     2023-07-17T17:15:23-0400\n 6193                          cgroup_skb     2023-07-17T17:15:23-0400\n 6194                          cgroup_device  2023-07-17T17:15:23-0400\n 6201        pass              xdp            2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint     2023-07-17T17:19:09-0400\n 6203        dispatcher        tc             2023-07-17T17:20:14-0400\n 6204        stats             tc             2023-07-17T17:20:14-0400\n 6207        xdp               xdp            2023-07-17T17:27:13-0400\n
         
        To filter on a given program type, include the --program-type parameter:
         
        sudo bpfman list --all --program-type tc\n Program ID  Name        Type  Load Time\n 6203        dispatcher  tc    2023-07-17T17:20:14-0400\n 6204        stats       tc    2023-07-17T17:20:14-0400\n
        "},{"location":"getting-started/cli-guide/#bpfman-get","title":"bpfman get","text":"
        To retrieve detailed information for a loaded eBPF program, use the bpfman get <ID> command. If the eBPF program was loaded via bpfman, then there will be a Bpfman State section with bpfman related attributes and a Kernel State section with kernel information. If the eBPF program was loaded outside of bpfman, then the Bpfman State section will be empty and Kernel State section will be populated.
         
        sudo bpfman get 6204\n Bpfman State\n---------------\n Name:          stats\n Image URL:     quay.io/bpfman-bytecode/go-tc-counter:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6204\n Map Owner ID:  None\n Map Used By:   6204\n Priority:      100\n Iface:         vethff657c7\n Position:      0\n Direction:     eg\n Proceed On:    pipe, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6204\n Name:                             stats\n Type:                             tc\n Loaded At:                        2023-07-17T17:20:14-0400\n Tag:                              ead94553702a3742\n GPL Compatible:                   true\n Map IDs:                          [2705]\n BTF ID:                           2821\n Size Translated (bytes):          176\n JITed:                            true\n Size JITed (bytes):               116\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       24\n
         
        sudo bpfman get 6190\n Bpfman State\n---------------\nNONE\n\n Kernel State\n----------------------------------\nID:                                6190\nName:                              None\nType:                              cgroup_skb\nLoaded At:                         2023-07-17T17:15:23-0400\nTag:                               6deef7357e7b4530\nGPL Compatible:                    true\nMap IDs:                           []\nBTF ID:                            0\nSize Translated (bytes):           64\nJITed:                             true\nSize JITed (bytes):                55\nKernel Allocated Memory (bytes):   4096\nVerified Instruction Count:        8\n
        "},{"location":"getting-started/cli-guide/#bpfman-unload","title":"bpfman unload","text":"
        The bpfman unload command takes the program id from the load or list command as a parameter, and unloads the requested eBPF program:
         
        sudo bpfman unload 6204\n
         
        sudo bpfman list\n Program ID  Name              Type        Load Time\n 6201        pass              xdp         2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400\n
        "},{"location":"getting-started/cli-guide/#bpfman-image-pull","title":"bpfman image pull","text":"
        The bpfman image pull command pulls a given bytecode image for future use by a load command.
         
        sudo bpfman image pull --help\nPull a bytecode image for future use by a load command\n\nUsage: bpfman image pull [OPTIONS] --image-url <IMAGE_URL>\n\nOptions:\n  -i, --image-url <IMAGE_URL>\n          Required: Container Image URL.\n          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest\n\n  -r, --registry-auth <REGISTRY_AUTH>\n          Optional: Registry auth for authenticating with the specified image registry.\n          This should be base64 encoded from the '<username>:<password>' string just like\n          it's stored in the docker/podman host config.\n          Example: --registry_auth \"YnjrcKw63PhDcQodiU9hYxQ2\"\n\n  -p, --pull-policy <PULL_POLICY>\n          Optional: Pull policy for remote images.\n\n          [possible values: Always, IfNotPresent, Never]\n\n          [default: IfNotPresent]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
         
        Example usage:
         
        sudo bpfman image pull --image-url quay.io/bpfman-bytecode/xdp_pass:latest\nSuccessfully downloaded bytecode\n
         
        Then when loaded, the local image will be used:
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest --pull-policy IfNotPresent xdp --iface vethff657c7 --priority 100\n Bpfman State                                           \n ---------------\nName:          pass                                  \n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest \n Pull Policy:   IfNotPresent                          \n Global:        None                                  \n Metadata:      None                                  \n Map Pin Path:  /run/bpfman/fs/maps/406681              \n Map Owner ID:  None                                  \n Maps Used By:  None                                  \n Priority:      100                                   \n Iface:         vethff657c7                           \n Position:      2                                     \n Proceed On:    pass, dispatcher_return               \n\n Kernel State                                               \n ----------------------------------\nID:                               406681                   \n Name:                             pass                     \n Type:                             xdp                      \n Loaded At:                        1917-01-27T01:37:06-0500 \n Tag:                              4b9d1b2c140e87ce         \n GPL Compatible:                   true                     \n Map IDs:                          [736646]                 \n BTF ID:                           555560                   \n Size Translated (bytes):          96                       \n JITted:                           true                     \n Size JITted:                      67                       \n Kernel Allocated Memory (bytes):  4096                     \n Verified Instruction Count:       9                        \n
        "},{"location":"getting-started/example-bpf-k8s/","title":"Deploying Example eBPF Programs On Kubernetes","text":"
        This section will describe loading bytecode on a Kubernetes cluster and launching the userspace program. The approach is slightly different when running on a Kubernetes cluster. The eBPF bytecode should be loaded by an administrator, not the userspace program itself.
         
        This section assumes there is already a Kubernetes cluster running and bpfman is running in the cluster. See Deploying the bpfman-operator for details on deploying bpfman on a Kubernetes cluster, but the quickest solution is to run a Kubernetes KIND Cluster:
         
        cd bpfman/bpfman-operator/\nmake run-on-kind\n
        "},{"location":"getting-started/example-bpf-k8s/#loading-ebpf-bytecode-on-kubernetes","title":"Loading eBPF Bytecode On Kubernetes","text":"
        Instead of using the userspace program or CLI to load the eBPF bytecode as done in previous sections, the bytecode will be loaded by creating a Kubernetes CRD object. There is a CRD object for each eBPF program type bpfman supports. Edit the sample yaml files to customize any configuration values:
         
           
        • TcProgram CRD: go-tc-counter/bytecode.yaml
          •  
        • TracepointProgram CRD: go-tracepoint-counter/bytecode.yaml
          •  
        • XdpProgram CRD: go-xdp-counter/bytecode.yaml
          •  
        • KprobeProgram CRD: bpfman-operator/config/samples/bpfman.io_v1alpha1_kprobe_kprobeprogram.yaml
          •  
        • UprobeProgram CRD: bpfman-operator/config/samples/bpfman.io_v1alpha1_uprobe_uprobeprogram.yaml
          •  
         
        Sample bytecode yaml with XdpProgram CRD: 
        cat examples/config/base/go-xdp-counter/bytecode.yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: go-xdp-counter-example\nspec:\n  name: xdp_stats\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 55\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/go-xdp-counter:latest\n
         
        Note that all the sample yaml files are configured with the bytecode running on all nodes (nodeselector: {}). This can be change to run on specific nodes, but the DaemonSet yaml for the userspace program, which is described below, should have an equivalent change. Make any changes to the go-xdp-counter-bytecode.yaml, then repeat for go-tc-counter-bytecode.yaml and go-tracepoint-counter-bytecode.yaml and then apply the updated yamls:
         
        kubectl apply -f examples/config/base/go-xdp-counter/bytecode.yaml\n  xdpprogram.bpfman.io/go-xdp-counter-example created\n\nkubectl apply -f examples/config/base/go-tc-counter/bytecode.yaml\n  tcprogram.bpfman.io/go-tc-counter-example created\n\nkubectl apply -f examples/config/base/go-tracepoint-counter/bytecode.yaml\n  tracepointprogram.bpfman.io/go-tracepoint-counter-example created\n
         
        Following the diagram for XDP example (Blue numbers):
         
           
        1. The user creates a XdpProgram object with the parameters associated with the eBPF bytecode, like interface, priority and BFP bytecode image. The name of the XdpProgram object in this example is go-xdp-counter-example. The XdpProgram is applied using kubectl, but in a more practical deployment, the XdpProgram would be applied by the application or a controller.
          2.  
        2. bpfman-agent, running on each node, is watching for all changes to XdpProgram objects. When it sees a XdpProgram object created or modified, it makes sure a BpfProgram object for that node exists. The name of the BpfProgram object is the XdpProgram object name with the node name and interface or attach point appended.
          3.  
        3. bpfman-agent then determines if it should be running on the given node, loads or unloads as needed by making gRPC calls the bpfman. bpfman behaves the same as described in the running locally example.
          4.  
        4. bpfman-agent finally updates the status of the BpfProgram object.
          5.  
        5. bpfman-operator watches all BpfProgram objects, and updates the status of the XdpProgram object indicating if the eBPF program has been applied to all the desired nodes or not.
          6.  
         
        To retrieve information on the XdpProgram objects:
         
        kubectl get xdpprograms\nNAME                     PRIORITY   DIRECTION\ngo-xdp-counter-example   55\n\n\nkubectl get xdpprograms go-xdp-counter-example -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"go-xdp-counter-example\"},\"spec\":{\"bpffunctionname\":\"xdp_stats\",\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/go-xdp-counter:latest\"}},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":55}}\n  creationTimestamp: \"2023-11-06T21:05:15Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: go-xdp-counter-example\n  resourceVersion: \"3103\"\n  uid: edd45e2e-a40b-4668-ac76-c1f1eb63a23b\nspec:\n  bpffunctionname: xdp_stats\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/go-xdp-counter:latest\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 55\n  proceedon:\n  - pass\n  - dispatcher_return\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-06T21:05:21Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
         
        To retrieve information on the BpfProgram objects:
         
        kubectl get bpfprograms\nNAME                                                                                  AGE\n:\n4822-bpfman-deployment-control-plane                                                    60m\n4825-bpfman-deployment-control-plane                                                    60m\ngo-tc-counter-example-bpfman-deployment-control-plane-eth0                              61m\ngo-tracepoint-counter-example-bpfman-deployment-control-plane-syscalls-sys-enter-kill   61m\ngo-xdp-counter-example-bpfman-deployment-control-plane-eth0                             61m\ngo-xdp-counter-sharing-map-example-bpfman-deployment-control-plane-eth0                 60m\ntc-dispatcher-4805-bpfman-deployment-control-plane                                      60m\nxdp-dispatcher-4816-bpfman-deployment-control-plane                                     60m\n\n\nkubectl get go-xdp-counter-example-bpfman-deployment-control-plane-eth0 -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: BpfProgram\nmetadata:\n  annotations:\n    bpfman.io.xdpprogramcontroller/interface: eth0\n    bpfman.io/ProgramId: \"4801\"\n  creationTimestamp: \"2023-11-06T21:05:15Z\"\n  finalizers:\n  - bpfman.io.xdpprogramcontroller/finalizer\n  generation: 1\n  labels:\n    bpfman.io/ownedByProgram: go-xdp-counter-example\n    kubernetes.io/hostname: bpfman-deployment-control-plane\n  name: go-xdp-counter-example-bpfman-deployment-control-plane-eth0\n  ownerReferences:\n  - apiVersion: bpfman.io/v1alpha1\n    blockOwnerDeletion: true\n    controller: true\n    kind: XdpProgram\n    name: go-xdp-counter-example\n    uid: edd45e2e-a40b-4668-ac76-c1f1eb63a23b\n  resourceVersion: \"3102\"\n  uid: f7ffd156-168b-4dc8-be38-18c42626a631\nspec:\n  type: xdp\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-06T21:05:21Z\"\n    message: Successfully loaded bpfProgram\n    reason: bpfmanLoaded\n    status: \"True\"\n    type: Loaded\n
        "},{"location":"getting-started/example-bpf-k8s/#loading-userspace-container-on-kubernetes","title":"Loading Userspace Container On Kubernetes","text":"
        Here, a userspace container is deployed to consume the map data generated by the eBPF counter program. bpfman provides a Container Storage Interface (CSI) driver for exposing eBPF maps into a userspace container. To avoid having to mount a host directory that contains the map pinned file into the container and forcing the container to have permissions to access that host directory, the CSI driver mounts the map at a specified location in the container. All the examples use CSI, here is go-xdp-counter/deployment.yaml for reference:
         
        cd bpfman/examples/\ncat config/base/go-xdp-counter/deployment.yaml\n:\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n  name: go-xdp-counter-ds\n  namespace: go-xdp-counter\n  labels:\n    k8s-app: go-xdp-counter\nspec:\n  :\n  template:\n    :\n    spec:\n       :\n      containers:\n      - name: go-xdp-counter\n        :\n        volumeMounts:\n        - name: go-xdp-counter-maps                        <==== 2) VolumeMount in container\n          mountPath: /run/xdp/maps                         <==== 2a) Mount path in the container\n          readOnly: true\n      volumes:\n      - name: go-xdp-counter-maps                          <==== 1) Volume describing the map\n        csi:\n          driver: csi.bpfman.io                             <==== 1a) bpfman CSI Driver\n          volumeAttributes:\n            csi.bpfman.io/program: go-xdp-counter-example   <==== 1b) eBPF Program owning the map\n            csi.bpfman.io/maps: xdp_stats_map               <==== 1c) Map to be exposed to the container\n
        "},{"location":"getting-started/example-bpf-k8s/#loading-a-userspace-container-image","title":"Loading A Userspace Container Image","text":"
        The userspace programs have been pre-built and can be found here:
         
           
        • quay.io/bpfman-userspace/go-tc-counter:latest
          •  
        • quay.io/bpfman-userspace/go-tracepoint-counter:latest
          •  
        • quay.io/bpfman-userspace/go-xdp-counter:latest
          •  
         
        The example yaml files below are loading from these image.
         
           
        • go-tc-counter/deployment.yaml
          •  
        • go-tracepoint-counter/deployment.yaml
          •  
        • go-xdp-counter/deployment.yaml
          •  
         
        The userspace program in a Kubernetes Deployment doesn't interacts directly with bpfman like it did in the local host deployment. Instead, the userspace program running on each node, if needed, reads the BpfProgram object from the KubeApiServer to gather additional information about the loaded eBPF program. To interact with the KubeApiServer, RBAC must be setup properly to access the BpfProgram object. The bpfman-operator defined the yaml for several ClusterRoles that can be used to access the different bpfman related CRD objects with different access rights. The example userspace containers will use the bpfprogram-viewer-role, which allows Read-Only access to the BpfProgram object. This ClusterRole is created automatically by the bpfman-operator.
         
        The remaining objects (NameSpace, ServiceAccount, ClusterRoleBinding and examples DaemonSet) can be created for each program type as follows:
         
        cd bpfman/\nkubectl create -f examples/config/base/go-xdp-counter/deployment.yaml\nkubectl create -f examples/config/base/go-tc-counter/deployment.yaml\nkubectl create -f examples/config/base/go-tracepoint-counter/deployment.yaml\n
         
        Following the diagram for the XDP example (Green numbers):
         
           
        1. The userspace program queries the KubeApiServer for a specific BpfProgram object.
          2.  
        2. The userspace program verifies the BpfProgram has been loaded and uses the map to periodically read the counter values.
          3.  
         
        To see if the userspace programs are working, view the logs:
         
        NAMESPACE               NAME                              READY   STATUS    RESTARTS   AGE\nbpfman                    bpfman-daemon-jsgdh                 3/3     Running   0          11m\nbpfman                    bpfman-operator-6c5c8887f7-qk28x    2/2     Running   0          12m\ngo-tc-counter           go-tc-counter-ds-9jv4g            1/1     Running   0          5m37s\ngo-tracepoint-counter   go-tracepoint-counter-ds-2gzbt    1/1     Running   0          5m35s\ngo-xdp-counter          go-xdp-counter-ds-2hs6g           1/1     Running   0          6m12s\n:\n\nkubectl logs -n go-xdp-counter go-xdp-counter-ds-2hs6g\n2023/11/06 20:27:16 2429 packets received\n2023/11/06 20:27:16 1328474 bytes received\n\n2023/11/06 20:27:19 2429 packets received\n2023/11/06 20:27:19 1328474 bytes received\n\n2023/11/06 20:27:22 2430 packets received\n2023/11/06 20:27:22 1328552 bytes received\n:\n
         
        To cleanup:
         
        kubectl delete -f examples/config/base/go-xdp-counter/deployment.yaml\nkubectl delete -f examples/config/base/go-xdp-counter/bytecode.yaml\n\nkubectl delete -f examples/config/base/go-tc-counter/deployment.yaml\nkubectl delete -f examples/config/base/go-tc-counter/bytecode.yaml\n\nkubectl delete -f examples/config/base/go-tracepoint-counter/deployment.yaml\nkubectl delete -f examples/config/base/go-tracepoint-counter/bytecode.yaml\n
        "},{"location":"getting-started/example-bpf-k8s/#automated-deployment","title":"Automated Deployment","text":"
        The steps above are automated in the Makefile in the examples directory. Run make deploy to load each of the example bytecode and userspace yaml files, then make undeploy to unload them.
         
        cd bpfman/examples/\nmake deploy\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml\n  cd config/default/go-tc-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tc-counter | kubectl apply -f -\n  namespace/go-tc-counter created\n  serviceaccount/bpfman-app-go-tc-counter created\n  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-tc-counter created\n  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-tc created\n  daemonset.apps/go-tc-counter-ds created\n  tcprogram.bpfman.io/go-tc-counter-example created\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tracepoint-counter:latest@' config/default/go-tracepoint-counter/patch.yaml.env > config/default/go-tracepoint-counter/patch.yaml\n  cd config/default/go-tracepoint-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tracepoint-counter=quay.io/bpfman-userspace/go-tracepoint-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tracepoint-counter | kubectl apply -f -\n  namespace/go-tracepoint-counter created\n  serviceaccount/bpfman-app-go-tracepoint-counter created\n  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-tracepoint-counter created\n  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-tracepoint created\n  daemonset.apps/go-tracepoint-counter-ds created\n  tracepointprogram.bpfman.io/go-tracepoint-counter-example created\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter/patch.yaml.env > config/default/go-xdp-counter/patch.yaml\n  cd config/default/go-xdp-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter | kubectl apply -f -\n  namespace/go-xdp-counter unchanged\n  serviceaccount/bpfman-app-go-xdp-counter unchanged\n  clusterrolebinding.rbac.authorization.k8s.io/bpfman-app-rolebinding-go-xdp-counter unchanged\n  clusterrolebinding.rbac.authorization.k8s.io/privileged-scc-xdp unchanged\n  daemonset.apps/go-xdp-counter-ds configured\n  xdpprogram.bpfman.io/go-xdp-counter-example unchanged\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter-sharing-map/patch.yaml.env > config/default/go-xdp-counter-sharing-map/patch.yaml\n  cd config/default/go-xdp-counter-sharing-map && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter-sharing-map | kubectl apply -f -\n  xdpprogram.bpfman.io/go-xdp-counter-sharing-map-example created\n\n# Test Away ...\n\nmake undeploy\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml\n  cd config/default/go-tc-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tc-counter | kubectl delete --ignore-not-found=false -f -\n  namespace \"go-tc-counter\" deleted\n  serviceaccount \"bpfman-app-go-tc-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"bpfman-app-rolebinding-go-tc-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"privileged-scc-tc\" deleted\n  daemonset.apps \"go-tc-counter-ds\" deleted\n  tcprogram.bpfman.io \"go-tc-counter-example\" deleted\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tracepoint-counter:latest@' config/default/go-tracepoint-counter/patch.yaml.env > config/default/go-tracepoint-counter/patch.yaml\n  cd config/default/go-tracepoint-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tracepoint-counter=quay.io/bpfman-userspace/go-tracepoint-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-tracepoint-counter | kubectl delete --ignore-not-found=false -f -\n  namespace \"go-tracepoint-counter\" deleted\n  serviceaccount \"bpfman-app-go-tracepoint-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"bpfman-app-rolebinding-go-tracepoint-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"privileged-scc-tracepoint\" deleted\n  daemonset.apps \"go-tracepoint-counter-ds\" deleted\n  tracepointprogram.bpfman.io \"go-tracepoint-counter-example\" deleted\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter/patch.yaml.env > config/default/go-xdp-counter/patch.yaml\n  cd config/default/go-xdp-counter && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter | kubectl delete --ignore-not-found=false -f -\n  namespace \"go-xdp-counter\" deleted\n  serviceaccount \"bpfman-app-go-xdp-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"bpfman-app-rolebinding-go-xdp-counter\" deleted\n  clusterrolebinding.rbac.authorization.k8s.io \"privileged-scc-xdp\" deleted\n  daemonset.apps \"go-xdp-counter-ds\" deleted\n  xdpprogram.bpfman.io \"go-xdp-counter-example\" deleted\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-xdp-counter:latest@' config/default/go-xdp-counter-sharing-map/patch.yaml.env > config/default/go-xdp-counter-sharing-map/patch.yaml\n  cd config/default/go-xdp-counter-sharing-map && /home/bmcfall/src/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-xdp-counter=quay.io/bpfman-userspace/go-xdp-counter:latest\n  /home/bmcfall/src/bpfman/examples/bin/kustomize build config/default/go-xdp-counter-sharing-map | kubectl delete --ignore-not-found=false -f -\n  xdpprogram.bpfman.io \"go-xdp-counter-sharing-map-example\" deleted\n
         
        Individual examples can be loaded and unloaded as well, for example make deploy-xdp and make undeploy-xdp. To see the full set of available commands, run make help:
         
        make help\n\nUsage:\n  make <target>\n  make deploy TAG=v0.2.0\n  make deploy-xdp IMAGE_XDP_US=quay.io/user1/go-xdp-counter-userspace:test\n\nGeneral\n  help             Display this help.\n\nLocal Dependencies\n  kustomize        Download kustomize locally if necessary.\n\nDevelopment\n  fmt              Run go fmt against code.\n  verify           Verify all the autogenerated code\n\nBuild\n  build            Build all the userspace example code.\n  generate         Run `go generate` to build the bytecode for each of the examples.\n  build-us-images  Build all example userspace images\n  build-bc-images  Build bytecode example userspace images\n  push-us-images   Push all example userspace images\n  push-bc-images   Push all example userspace images\n  load-us-images-kind  Build and load all example userspace images into kind\n\nDeployment Variables (not commands)\n  TAG              Used to set all images to a fixed tag. Example: make deploy TAG=v0.2.0\n  IMAGE_TC_BC      TC Bytecode image. Example: make deploy-tc IMAGE_TC_BC=quay.io/user1/go-tc-counter-bytecode:test\n  IMAGE_TC_US      TC Userspace image. Example: make deploy-tc IMAGE_TC_US=quay.io/user1/go-tc-counter-userspace:test\n  IMAGE_TP_BC      Tracepoint Bytecode image. Example: make deploy-tracepoint IMAGE_TP_BC=quay.io/user1/go-tracepoint-counter-bytecode:test\n  IMAGE_TP_US      Tracepoint Userspace image. Example: make deploy-tracepoint IMAGE_TP_US=quay.io/user1/go-tracepoint-counter-userspace:test\n  IMAGE_XDP_BC     XDP Bytecode image. Example: make deploy-xdp IMAGE_XDP_BC=quay.io/user1/go-xdp-counter-bytecode:test\n  IMAGE_XDP_US     XDP Userspace image. Example: make deploy-xdp IMAGE_XDP_US=quay.io/user1/go-xdp-counter-userspace:test\n  KIND_CLUSTER_NAME  Name of the deployed cluster to load example images to, defaults to `bpfman-deployment`\n  ignore-not-found  For any undeploy command, set to true to ignore resource not found errors during deletion. Example: make undeploy ignore-not-found=true\n\nDeployment\n  deploy-tc        Deploy go-tc-counter to the cluster specified in ~/.kube/config.\n  undeploy-tc      Undeploy go-tc-counter from the cluster specified in ~/.kube/config.\n  deploy-tracepoint  Deploy go-tracepoint-counter to the cluster specified in ~/.kube/config.\n  undeploy-tracepoint  Undeploy go-tracepoint-counter from the cluster specified in ~/.kube/config.\n  deploy-xdp       Deploy go-xdp-counter to the cluster specified in ~/.kube/config.\n  undeploy-xdp     Undeploy go-xdp-counter from the cluster specified in ~/.kube/config.\n  deploy-xdp-ms    Deploy go-xdp-counter-sharing-map (shares map with go-xdp-counter) to the cluster specified in ~/.kube/config.\n  undeploy-xdp-ms  Undeploy go-xdp-counter-sharing-map from the cluster specified in ~/.kube/config.\n  deploy           Deploy all examples to the cluster specified in ~/.kube/config.\n  undeploy         Undeploy all examples to the cluster specified in ~/.kube/config.\n
        "},{"location":"getting-started/example-bpf-k8s/#building-a-userspace-container-image","title":"Building A Userspace Container Image","text":"
        To build the userspace examples in a container instead of using the pre-built ones, from the bpfman code source directory (quay.io/bpfman-userspace/), run the following build commands:
         
          cd bpfman/examples\n  make IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n    IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n    IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n    build-us-images\n
         
        Then EITHER push images to a remote repository:
         
        docker login quay.io\ncd bpfman/examples\nmake IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n  push-us-images\n
         
        OR load the images directly to a specified kind cluster:
         
        cd bpfman/examples\nmake IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n  KIND_CLUSTER_NAME=bpfman-deployment \\\n  load-us-images-kind\n
         
        Lastly, update the yaml to use the private images or override the yaml files using the Makefile:
         
        cd bpfman/examples/\nmake deploy-xdp IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest\nmake undeploy-xdp\n\nmake deploy-tc IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest\nmake undeploy-tc\n\nmake deploy-tracepoint IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest\nmake undeploy-tracepoint\n
        "},{"location":"getting-started/example-bpf-local/","title":"Deploying Example eBPF Programs On Local Host","text":"
        This section describes running bpfman and the example eBPF programs on a local host. When running bpfman, it can be run as a process or run as a systemd service. Examples run the same, independent of how bpfman is deployed.
        "},{"location":"getting-started/example-bpf-local/#building","title":"Building","text":"
        To build directly on a system, make sure all the prerequisites are met, then build.
        "},{"location":"getting-started/example-bpf-local/#prerequisites","title":"Prerequisites","text":"
        This assumes bpfman is already installed and running on the system. If not, see Setup and Building bpfman.
         
           
        1. All requirements defined by the cilium/ebpf package
          2.  
        2. libbpf development package to get the required eBPF c headers
          3.  
         
        Fedora:
         
        sudo dnf install libbpf-devel
         
        Ubuntu:
         
        sudo apt-get install libbpf-dev
         
           
        1. Cilium's bpf2go binary
          2.  
         
        go install github.com/cilium/ebpf/cmd/bpf2go@master
        "},{"location":"getting-started/example-bpf-local/#building-locally","title":"Building Locally","text":"
        To build all the C based eBPF counter bytecode, run:
         
        cd bpfman/examples/\nmake generate\n
         
        To build all the Userspace GO Client examples, run:
         
        cd bpfman/examples/\nmake build\n
         
        To build only a single example:
         
        cd bpfman/examples/go-tc-counter/\ngo generate\ngo build\n
         
        cd bpfman/examples/go-tracepoint-counter/\ngo generate\ngo build\n
         
        cd bpfman/examples/go-xdp-counter/\ngo generate\ngo build\n
        "},{"location":"getting-started/example-bpf-local/#running-on-host","title":"Running On Host","text":"
        The most basic way to deploy this example is running directly on a host system. First, start or ensure bpfman is up and running. Tutorial will guide you through deploying bpfman. In all the examples of running on a host system, a bpfman-client certificate is used that is generated by bpfman to encrypt the application's connection to bpfman. The diagram below shows go-xdp-counter example, but the go-tc-counter and go-tracepoint-counter examples operate exactly the same way.
         
         
        Following the diagram (Purple numbers):
         
           
        1. When go-xdp-counter userspace is started, it will send a gRPC request    over unix socket to bpfman requesting bpfman to load the go-xdp-counter eBPF bytecode located on disk    at bpfman/examples/go-xdp-counter/bpf_bpfel.o at a priority of 50 and on interface ens3.    These values are configurable as we will see later, but for now we will use the defaults    (except interface, which is required to be entered).
          2.  
        2. bpfman will load it's dispatcher eBPF program, which links to the go-xdp-counter eBPF program    and return a UUID referencing the running program.
          3.  
        3. bpfman list can be used to show that the eBPF program was loaded.
          4.  
        4. Once the go-xdp-counter eBPF bytecode is loaded, the eBPF program will write packet counts    and byte counts to a shared map.
          5.  
        5. go-xdp-counter userspace program periodically reads counters from the shared map and logs    the value.
          6.  
        "},{"location":"getting-started/example-bpf-local/#running-privileged","title":"Running Privileged","text":"
        To run the go-xdp-counter program, determine the host interface to attach the eBPF program to and then start the go program with:
         
        cd bpfman/examples/go-xdp-counter/\nsudo ./go-xdp-counter -iface <INTERNET INTERFACE NAME>\n
         
        or (NOTE: TC programs also require a direction, ingress or egress)
         
        cd bpfman/examples/go-tc-counter/\nsudo ./go-tc-counter -direction ingress -iface <INTERNET INTERFACE NAME>\n
         
        or
         
        cd bpfman/examples/go-tracepoint-counter/\nsudo ./go-tracepoint-counter\n
         
        The output should show the count and total bytes of packets as they pass through the interface as shown below:
         
        sudo ./go-xdp-counter --iface vethff657c7\n2023/07/17 17:43:58 Using Input: Interface=vethff657c7 Priority=50 Source=/home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n2023/07/17 17:43:58 Program registered with id 6211\n2023/07/17 17:44:01 4 packets received\n2023/07/17 17:44:01 580 bytes received\n\n2023/07/17 17:44:04 4 packets received\n2023/07/17 17:44:04 580 bytes received\n\n2023/07/17 17:44:07 8 packets received\n2023/07/17 17:44:07 1160 bytes received\n\n:\n
         
        Use the CLI to show the go-xdp-counter eBPF bytecode was loaded.
         
        sudo bpfman list\n Program ID  Name       Type  Load Time\n 6211        xdp_stats  xdp   2023-07-17T17:43:58-0400\n
         
        Finally, press <CTRL>+c when finished with go-xdp-counter.
         
        :\n\n2023/07/17 17:44:34 28 packets received\n2023/07/17 17:44:34 4060 bytes received\n\n^C2023/07/17 17:44:35 Exiting...\n2023/07/17 17:44:35 Unloading Program: 6211\n
        "},{"location":"getting-started/example-bpf-local/#passing-ebpf-bytecode-in-a-container-image","title":"Passing eBPF Bytecode In A Container Image","text":"
        bpfman can load eBPF bytecode from a container image built following the spec described in eBPF Bytecode Image Specifications. Pre-built eBPF container images for the examples can be loaded from:
         
           
        • quay.io/bpfman-bytecode/go-xdp-counter:latest
          •  
        • quay.io/bpfman-bytecode/go-tc-counter:latest
          •  
        • quay.io/bpfman-bytecode/go-tracepoint-counter:latest
          •  
         
        To use the container image, pass the URL to the userspace program:
         
        sudo ./go-xdp-counter -iface ens3 -image quay.io/bpfman-bytecode/go-xdp-counter:latest\n2022/12/02 16:28:32 Using Input: Interface=ens3 Priority=50 Source=quay.io/bpfman-bytecode/go-xdp-counter:latest\n2022/12/02 16:28:34 Program registered with id 6223\n2022/12/02 16:28:37 4 packets received\n2022/12/02 16:28:37 580 bytes received\n\n2022/12/02 16:28:40 4 packets received\n2022/12/02 16:28:40 580 bytes received\n\n^C2022/12/02 16:28:42 Exiting...\n2022/12/02 16:28:42 Unloading Program: 6223\n
        "},{"location":"getting-started/example-bpf-local/#building-ebpf-bytecode-container-image","title":"Building eBPF Bytecode Container Image","text":"
        eBPF Bytecode Image Specifications provides detailed instructions on building and shipping bytecode in a container image. To build go-xdp-counter and go-tc-counter eBPF bytecode container image, first make sure the bytecode has been built (i.e. bpf_bpfel.o has been built - see Building), then run the build commands below:
         
        cd bpfman/examples/go-xdp-counter/\ngo generate\n\ndocker build \\\n  --build-arg PROGRAM_NAME=go-xdp-counter \\\n  --build-arg BPF_FUNCTION_NAME=xdp_stats \\\n  --build-arg PROGRAM_TYPE=xdp \\\n  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \\\n  --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-xdp-counter-bytecode:latest\n
         
        and
         
        cd bpfman/examples/go-tc-counter/\ngo generate\n\ndocker build \\\n  --build-arg PROGRAM_NAME=go-tc-counter \\\n  --build-arg BPF_FUNCTION_NAME=stats \\\n  --build-arg PROGRAM_TYPE=tc \\\n  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \\\n  --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tc-counter-bytecode:latest\n
         
        and
         
        cd bpfman/examples/go-tracepoint-counter/\ngo generate\n\ndocker build \\\n  --build-arg PROGRAM_NAME=go-tracepoint-counter \\\n  --build-arg BPF_FUNCTION_NAME=tracepoint_kill_recorder \\\n  --build-arg PROGRAM_TYPE=tracepoint \\\n  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \\\n  --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tracepoint-counter-bytecode:latest\n
         
        bpfman currently does not provide a method for pre-loading bytecode images (see issue #603), so push the bytecode image to a remote repository. For example:
         
        docker login quay.io\ndocker push quay.io/$USER/go-xdp-counter-bytecode:latest\ndocker push quay.io/$USER/go-tc-counter-bytecode:latest\n
         
        Then run with the privately built bytecode container image:
         
        sudo ./go-tc-counter -iface ens3 -direction ingress -location image://quay.io/$USER/go-tc-counter-bytecode:latest\n2022/12/02 16:38:44 Using Input: Interface=ens3 Priority=50 Source=quay.io/$USER/go-tc-counter-bytecode:latest\n2022/12/02 16:38:45 Program registered with id 6225\n2022/12/02 16:38:48 4 packets received\n2022/12/02 16:38:48 580 bytes received\n\n2022/12/02 16:38:51 4 packets received\n2022/12/02 16:38:51 580 bytes received\n\n^C2022/12/02 16:38:51 Exiting...\n2022/12/02 16:38:51 Unloading Program: 6225\n
        "},{"location":"getting-started/example-bpf-local/#preloading-ebpf-bytecode","title":"Preloading eBPF Bytecode","text":"
        Another way to load the eBPF bytecode is to pre-load the eBPF bytecode and pass the associated bpfman program id to the userspace program. This is similar to how eBPF programs will be loaded in Kubernetes, except kubectl commands will be used to create Kubernetes CRD objects instead of using the CLI, but that is covered in the next section. The userspace programs will skip the loading portion and use the program id to find the shared map and continue from there.
         
        Referring back to the diagram above, the load and unload are being done by the CLI and not go-xdp-counter userspace program.
         
        First, use the CLI to load the go-xdp-counter eBPF bytecode:
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/go-xdp-counter:latest xdp --iface ens3 --priority 50\n Bpfman State\n---------------\n Name:          xdp_stats\n Image URL:     quay.io/bpfman-bytecode/go-xdp-counter:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6229\n Map Owner ID:  None\n Map Used By:   6229\n Priority:      50\n Iface:         ens3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6229\n Name:                             xdp_stats\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          168\n JITed:                            true\n Size JITed (bytes):               104\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       21\n
         
        Then run the go-xdp-counter userspace program, passing in the UUID:
         
        sudo ./go-xdp-counter -iface ens3 -id 6229\n2022/12/02 17:01:38 Using Input: Interface=ens3 Source=6229\n2022/12/02 17:01:41 180 packets received\n2022/12/02 17:01:41 26100 bytes received\n\n2022/12/02 17:01:44 184 packets received\n2022/12/02 17:01:44 26680 bytes received\n\n^C2022/12/02 17:01:46 Exiting...\n2022/12/02 17:01:46 Closing Connection for Program: 6229\n
         
        Then use the CLI to unload the eBPF bytecode:
         
        sudo bpfman unload 6229\n
        "},{"location":"getting-started/example-bpf/","title":"Example eBPF Programs","text":"
        Example applications that use the bpfman-go bindings can be found in the examples/ directory. Current examples include:
         
           
        • examples/go-tc-counter/
          •  
        • examples/go-tracepoint-counter/
          •  
        • examples/go-xdp-counter/
          •  
         
        These examples and the associated documentation is intended to provide the basics on how to deploy and manage an eBPF program using bpfman. Each of the examples contain an eBPF Program written in C (tc_counter.c, tracepoint_counter.c and xdp_counter.c) that is compiled into eBPF bytecode. Each time the eBPF program is called, it increments the packet and byte counts in a map that is accessible by the userspace portion.
         
        Each of the examples also have a userspace portion written in GO. When run locally, the userspace program makes gRPC calls to bpfman requesting bpfman to load the eBPF program at the requested hook point (XDP hook point, TC hook point or Tracepoint). When run in a Kubernetes deployment, the bpfman-agent makes gRPC calls to bpfman requesting bpfman to load the eBPF program based on a Custom Resource Definition (CRD), which is described in more detail in that section. Independent of the deployment, the userspace program then polls the eBPF map every 3 seconds and logs the current counts. The userspace code is leveraging the cilium/ebpf library to manage the maps shared with the eBPF program. The example eBPF programs are very similar in functionality, and only vary where in the Linux networking stack they are inserted. Read more about XDP and TC programs here.
         
        There are two ways to deploy these example applications:
         
           
        • Run locally on one machine: Deploying Example eBPF Programs On Local Host
          •  
        • Deploy to multiple nodes in a Kubernetes cluster: Deploying Example eBPF Programs On Kubernetes
          •  
        "},{"location":"getting-started/example-bpf/#notes","title":"Notes","text":"
        Notes regarding this document:
         
           
        • Source of images used in the example documentation can be found in   bpfman Upstream Images.   Request access if required.
          •  
        "},{"location":"getting-started/running-release/","title":"Run bpfman From Release Image","text":"
        This section describes how to deploy bpfman from a given release. See Releases for the set of bpfman releases.
         
        Jump to the Setup and Building bpfman section for help building from the latest code or building from a release branch.
         
        Tutorial contains more details on the different modes to run bpfman in on the host and how to test. Use Local Host or Systemd Service below for deploying released version of bpfman and then use Tutorial for further information on how to test and interact with bpfman. 
         
        Deploying the bpfman-operator contains more details on deploying bpfman in a Kubernetes deployment and Deploying Example eBPF Programs On Kubernetes contains more details on interacting with bpfman running in a Kubernetes deployment. Use Deploying Release Version of the bpfman-operator below for deploying released version of bpfman in Kubernetes and then use the links above for further information on how to test and interact with bpfman. 
         
        NOTE: The latest release, v0.3.1, was before the rename of bpfd to bpfman. So the commands below still refer to bpfd.
        "},{"location":"getting-started/running-release/#local-host","title":"Local Host","text":"
        To run bpfd in the foreground using sudo, download the release binary tar files and unpack them.
         
        export BPFMAN_REL=0.3.1\nmkdir -p $HOME/src/bpfman-${BPFMAN_REL}/; cd $HOME/src/bpfman-${BPFMAN_REL}/\nwget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-linux-x86_64.tar.gz\ntar -xzvf bpfd-linux-x86_64.tar.gz; rm bpfd-linux-x86_64.tar.gz\nwget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfctl-linux-x86_64.tar.gz\ntar -xzvf bpfctl-linux-x86_64.tar.gz; rm bpfctl-linux-x86_64.tar.gz\n\n$ tree\n.\n\u2514\u2500\u2500 target\n    \u2514\u2500\u2500 x86_64-unknown-linux-musl\n        \u2514\u2500\u2500 release\n            \u251c\u2500\u2500 bpfctl\n            \u2514\u2500\u2500 bpfd\n
         
        To deploy bpfd:
         
        sudo RUST_LOG=info ./target/x86_64-unknown-linux-musl/release/bpfd\n[2023-10-13T15:53:25Z INFO  bpfd] Log using env_logger\n[2023-10-13T15:53:25Z INFO  bpfd] Has CAP_BPF: true\n[2023-10-13T15:53:25Z INFO  bpfd] Has CAP_SYS_ADMIN: true\n:\n
         
        To use the CLI:
         
        sudo ./target/x86_64-unknown-linux-musl/release/bpfctl list\n Program ID  Name       Type  Load Time                \n
         
        Continue in Tutorial if desired. Use the bpfctl commands in place of the bpfman commands described in Tutorial.
        "},{"location":"getting-started/running-release/#systemd-service","title":"Systemd Service","text":"
        To run bpfd as a systemd service, the binaries will be placed in a well known location (/usr/sbin/.) and a service configuration file will be added (/usr/lib/systemd/system/bpfd.service). There is a script that is used to install the service properly, so the source code needs to be downloaded to retrieve the script. Download and unpack the source code, then download and unpack the binaries.
         
        export BPFMAN_REL=0.3.1\nmkdir -p $HOME/src/; cd $HOME/src/\nwget https://github.com/bpfman/bpfman/archive/refs/tags/v${BPFMAN_REL}.tar.gz\ntar -xzvf v${BPFMAN_REL}.tar.gz; rm v${BPFMAN_REL}.tar.gz\ncd bpfman-${BPFMAN_REL}\n\nwget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-linux-x86_64.tar.gz\ntar -xzvf bpfd-linux-x86_64.tar.gz; rm bpfd-linux-x86_64.tar.gz\nwget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfctl-linux-x86_64.tar.gz\ntar -xzvf bpfctl-linux-x86_64.tar.gz; rm bpfctl-linux-x86_64.tar.gz\n
         
        Run the following command to copy the bpfd and bpfctl binaries to /usr/sbin/ and copy a default bpfd.service file to /usr/lib/systemd/system/. This option will also start the systemd service bpfd.service by default.
         
        sudo ./scripts/setup.sh install\n
         
        NOTE: If running a release older than v0.3.1, the install script is not coded to copy binaries from the release directory, so the binaries will need to be manually copied.
         
        Continue in Tutorial if desired.
        "},{"location":"getting-started/running-release/#deploying-release-version-of-the-bpfman-operator","title":"Deploying Release Version of the bpfman-operator","text":"
        The quickest solution for running bpfman in a Kubernetes deployment is to run a Kubernetes KIND Cluster:
         
        kind create cluster --name=test-bpfman\n
         
        Next, deploy the bpfman CRDs:
         
        export BPFMAN_REL=0.3.1\nkubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-crds-install-v${BPFMAN_REL}.yaml\n
         
        Next, deploy the bpfman-operator, which will also deploy the bpfman-daemon, which contains bpfman and bpfman-agent:
         
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfd-operator-install-v${BPFMAN_REL}.yaml\n
         
        Finally, deploy an example eBPF program.
         
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/go-xdp-counter-install-v${BPFMAN_REL}.yaml\n
         
        There are other example programs in the Releases page.
         
        Continue in Deploying the bpfman-operator or Deploying Example eBPF Programs On Kubernetes if desired. Keep in mind that the documentation describes bpfman while Release v0.3.1 is still using bpfd.
         
        Use the following command to teardown the cluster:
         
        kind delete cluster -n test-bpfman\n
        "},{"location":"getting-started/running-rpm/","title":"Run bpfman From RPM","text":"
        This section describes how to deploy bpfman from an RPM. RPMs are generated each time a Pull Request is merged in github for Fedora 38, 39 and Rawhide (see Install Prebuilt RPM). RPMs can also be built locally from a Fedora server (see Build RPM Locally).
        "},{"location":"getting-started/running-rpm/#install-prebuilt-rpm","title":"Install Prebuilt RPM","text":"
        This section describes how to install an RPM built autmatically by the Packit Service. The Packit Service builds RPMs for each Pull Request merged.
        "},{"location":"getting-started/running-rpm/#packit-service-prerequisites","title":"Packit Service Prerequisites","text":"
        To install an RPM generated by the Packit Service, the following packages need to be installed:
         
        dnf based OS:
         
        sudo dnf install -y dnf-plugins-core\nsudo dnf copr enable @ebpf-sig/bpfman-next\n
        "},{"location":"getting-started/running-rpm/#install-rpm-from-packit-service","title":"Install RPM From Packit Service","text":"
        To load an RPM from a specific commit, find the commit from bpfman commits, and click on the green check showing a given Pull Request was verified. At the bottom of the list of checks are the RPM builds, click on the details, and follow the Packit Dashboard link to the Copr Build Results. Then install the given RPM:
         
        sudo dnf install -y bpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc38.x86_64\n
         
        bpfman is now installed but not running. To start bpfman:
         
        sudo systemctl daemon-reload\nsudo systemctl enable bpfman.socket\nsudo systemctl start bpfman.socket\n
         
        Verify bpfman is installed and running:
         
        $ sudo systemctl status bpfman.socket\n\u25cf bpfman.socket - bpfman API Socket\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.socket; enabled; preset: disabled)\n     Active: active (listening) since Thu 2024-01-18 21:19:29 EST; 5s ago\n   Triggers: \u25cf bpfman.service\n     Listen: /run/bpfman-sock/bpfman.sock (Stream)\n     CGroup: /system.slice/bpfman.socket\n:\n\n$ sudo systemctl status bpfman.service\n\u25cb bpfman.service - Run bpfman as a service\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.service; static)\n    Drop-In: /usr/lib/systemd/system/service.d\n             \u2514\u250010-timeout-abort.conf\n     Active: inactive (dead)\nTriggeredBy: \u25cf bpfman.socket\n:\n\n$ sudo bpfman list\n Program ID  Name  Type  Load Time\n
        "},{"location":"getting-started/running-rpm/#uninstall-given-rpm","title":"Uninstall Given RPM","text":"
        To determine the RPM that is currently loaded:
         
        $ sudo rpm -qa | grep bpfman\nbpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc39.x86_64\n
         
        To uninstall the RPM:
         
        sudo dnf erase -y bpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc39.x86_64\n\nsudo systemctl daemon-reload\n
        "},{"location":"getting-started/running-rpm/#build-rpm-locally","title":"Build RPM Locally","text":"
        This section describes how to build and install an RPM locally.
        "},{"location":"getting-started/running-rpm/#local-build-prerequisites","title":"Local Build Prerequisites","text":"
        To build locally, the following packages need to be installed:
         
        dnf based OS:
         
        sudo dnf install packit\nsudo dnf install cargo-rpm-macros\n
         
        NOTE: cargo-rpm-macros needs to be version 25 or higher. It appears this is only available on Fedora 37, 38, 39 and Rawhide at the moment.
        "},{"location":"getting-started/running-rpm/#build-locally","title":"Build Locally","text":"
        To build locally, run the following command:
         
        packit build locally\n
         
        This will generate several RPMs in a x86_64/ directory:
         
        $ ls x86_64/\nbpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\nbpfman-debuginfo-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\nbpfman-debugsource-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\n
        "},{"location":"getting-started/running-rpm/#install-local-build","title":"Install Local Build","text":"
        Install the RPM:
         
        sudo rpm -i x86_64/bpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\n
         
        bpfman is now installed but not running. To start bpfman:
         
        sudo systemctl daemon-reload\nsudo systemctl enable bpfman.socket\nsudo systemctl start bpfman.socket\n
         
        Verify bpfman is installed and running:
         
        $ sudo systemctl status bpfman.socket\n\u25cf bpfman.socket - bpfman API Socket\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.socket; enabled; preset: disabled)\n     Active: active (listening) since Thu 2024-01-18 21:19:29 EST; 5s ago\n   Triggers: \u25cf bpfman.service\n     Listen: /run/bpfman-sock/bpfman.sock (Stream)\n     CGroup: /system.slice/bpfman.socket\n:\n\n$ sudo systemctl status bpfman.service\n\u25cb bpfman.service - Run bpfman as a service\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.service; static)\n    Drop-In: /usr/lib/systemd/system/service.d\n             \u2514\u250010-timeout-abort.conf\n     Active: inactive (dead)\nTriggeredBy: \u25cf bpfman.socket\n:\n\n$ sudo bpfman list\n Program ID  Name  Type  Load Time\n
        "},{"location":"getting-started/running-rpm/#uninstall-local-build","title":"Uninstall Local Build","text":"
        To determine the RPM that is currently loaded:
         
        $ sudo rpm -qa | grep bpfman\nbpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64\n
         
        To uninstall the RPM:
         
        sudo rpm -e bpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64\n\nsudo systemctl daemon-reload\n
        "},{"location":"getting-started/troubleshooting/","title":"Troubleshooting","text":"
        This section provides a list of common issues and solutions when working with bpfman.
        "},{"location":"getting-started/troubleshooting/#xdp","title":"XDP","text":""},{"location":"getting-started/troubleshooting/#xdp-program-fails-to-load","title":"XDP Program Fails to Load","text":"
        When attempting to load an XDP program and the program fails to load:
         
        $ sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface veth92cd99b --priority 100\nError: status: Aborted, message: \"An error occurred. dispatcher attach failed on interface veth92cd99b: `bpf_link_create` failed\", details: [], metadata: MetadataMap { headers: {\"content-type\": \"application/grpc\", \"date\": \"Tue, 28 Nov 2023 13:37:02 GMT\", \"content-length\": \"0\"} }\n
         
        The log may look something like this:
         
        Nov 28 08:36:58 ebpf03 bpfman[2081732]: The bytecode image: quay.io/bpfman-bytecode/xdp_pass:latest is signed\nNov 28 08:36:59 ebpf03 bpfman[2081732]: Loading program bytecode from container image: quay.io/bpfman-bytecode/xdp_pass:latest\nNov 28 08:37:01 ebpf03 bpfman[2081732]: The bytecode image: quay.io/bpfman/xdp-dispatcher:v2 is signed\nNov 28 08:37:02 ebpf03 bpfman[2081732]: BPFMAN load error: Error(\n                                            \"dispatcher attach failed on interface veth92cd99b: `bpf_link_create` failed\",\n                                        )\n
         
        The issue may be the there is already an external XDP program loaded on the given interface. bpfman allows multiple XDP programs on an interface by loading a dispatcher program which is the XDP program and additional programs are loaded as extensions to the dispatcher. Use bpftool to determine if any programs are already loaded on an interface:
         
        $ sudo bpftool net list dev veth92cd99b\nxdp:\nveth92cd99b(32) generic id 8733\n\ntc:\nveth92cd99b(32) clsact/ingress tc_dispatcher id 8922\n\nflow_dissector:\n
        "},{"location":"getting-started/tutorial/","title":"Tutorial","text":"
        This tutorial will show you how to use bpfman. There are several ways to launch and interact with bpfman and bpfman:
         
           
        • Local Host - Run bpfman as a privileged process straight from build directory.   See Local Host.
          •  
        • Systemd Service - Run bpfman as a systemd service.   See Systemd Service.
          •  
        "},{"location":"getting-started/tutorial/#local-host","title":"Local Host","text":""},{"location":"getting-started/tutorial/#step-1-build-bpfman","title":"Step 1: Build bpfman","text":"
        Perform the following steps to build bpfman. If this is your first time using bpfman, follow the instructions in Setup and Building bpfman to setup the prerequisites for building.
         
        cd $HOME/src/bpfman/\ncargo xtask build-ebpf --libbpf-dir $HOME/src/libbpf\ncargo build\n
        "},{"location":"getting-started/tutorial/#step-2-setup-bpfman-environment","title":"Step 2: Setup bpfman environment","text":"
        bpfman supports both communication over a Unix socket. All examples, both using bpfman and the gRPC API use this socket.
        "},{"location":"getting-started/tutorial/#step-3-start-bpfman","title":"Step 3: Start bpfman","text":"
        While learning and experimenting with bpfman, it may be useful to run bpfman in the foreground (which requires a second terminal to run the bpfman commands below). For more details on how logging is handled in bpfman, see Logging.
         
        sudo RUST_LOG=info ./target/debug/bpfman system service --timeout=0\n
        "},{"location":"getting-started/tutorial/#step-4-load-your-first-program","title":"Step 4: Load your first program","text":"
        We will load the simple xdp-pass program, which permits all traffic to the attached interface, vethff657c7 in this example. The section in the object file that contains the program is \"pass\". Finally, we will use the priority of 100. Find a deeper dive into CLI syntax in CLI Guide.
         
        sudo ./target/debug/bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethff657c7 --priority 100\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
         
        bpfman load image returns the same data as a bpfman get command. From the output, the id of 6213 can be found in the Kernel State section. This id can be used to perform a bpfman get to retrieve all relevant program data and a bpfman unload when the program needs to be unloaded.
         
        sudo ./target/debug/bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n
         
        We can recheck the details about the loaded program with the bpfman get command:
         
        sudo ./target/debug/bpfman get 6213\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
         
        From the output above you can see the program was loaded to position 0 on our interface and thus will be executed first.
        "},{"location":"getting-started/tutorial/#step-5-loading-more-programs","title":"Step 5: Loading more programs","text":"
        We will now load 2 more programs with different priorities to demonstrate how bpfman will ensure they are ordered correctly:
         
        sudo ./target/debug/bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethff657c7 --priority 50\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6215\n Map Owner ID:  None\n Map Used By:   6215\n Priority:      50\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6215\n Name:                             pass\n Type:                             xdp\n:\n
         
        sudo ./target/debug/bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethff657c7 --priority 200\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6217\n Map Owner ID:  None\n Map Used By:   6217\n Priority:      200\n Iface:         vethff657c7\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6217\n Name:                             pass\n Type:                             xdp\n:\n
         
        Using bpfman list we can see all the programs that were loaded.
         
        sudo ./target/debug/bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n
         
        The lowest priority program is executed first, while the highest is executed last. As can be seen from the detailed output for each command below:
         
           
        • Program 6215 is at position 0 with a priority of 50
          •  
        • Program 6213 is at position 1 with a priority of 100
          •  
        • Program 6217 is at position 2 with a priority of 200
          •  
         
        sudo ./target/debug/bpfman get 6213\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      100\n Iface:         vethff657c7\n Position:      1\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6213\n Name:                             pass\n Type:                             xdp\n:\n
         
        sudo ./target/debug/bpfman get 6215\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      50\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6215\n Name:                             pass\n Type:                             xdp\n:\n
         
        sudo ./target/debug/bpfman get 6217\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      200\n Iface:         vethff657c7\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6217\n Name:                             pass\n Type:                             xdp\n:\n
         
        By default, the next program in the chain will only be executed if a given program returns pass (see proceed-on field in the bpfman get output above). If the next program in the chain should be called even if a different value is returned, then the program can be loaded with those additional return values using the proceed-on parameter (see bpfman load image xdp --help for list of valid values):
         
        sudo ./target/debug/bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethff657c7 --priority 150 --proceed-on \"pass\" --proceed-on \"dispatcher_return\"\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6219\n Map Owner ID:  None\n Map Used By:   6219\n Priority:      150\n Iface:         vethff657c7\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6219\n Name:                             pass\n Type:                             xdp\n:\n
         
        Which results in being loaded in position 2 because it was loaded at priority 150, which is lower than the previous program at that position with a priority of 200.
        "},{"location":"getting-started/tutorial/#step-6-delete-a-program","title":"Step 6: Delete a program","text":"
        Let's remove the program at position 1.
         
        sudo ./target/debug/bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n 6219        pass  xdp   2023-07-17T17:59:41-0400\n
         
        sudo ./target/debug/bpfman unload 6213\n
         
        And we can verify that it has been removed and the other programs re-ordered:
         
        sudo ./target/debug/bpfman list\n Program ID  Name  Type  Load Time\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n 6219        pass  xdp   2023-07-17T17:59:41-0400\n
         
        ./target/debug/bpfman get 6215\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6215\n Map Owner ID:  None\n Map Used By:   6215\n Priority:      50\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6215\n Name:                             pass\n Type:                             xdp\n:\n
         
        ./target/debug/bpfman get 6217\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6217\n Map Owner ID:  None\n Map Used By:   6217\n Priority:      200\n Iface:         vethff657c7\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6217\n Name:                             pass\n Type:                             xdp\n:\n
         
        ./target/debug/bpfman get 6219\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6219\n Map Owner ID:  None\n Map Used By:   6219\n Priority:      150\n Iface:         vethff657c7\n Position:      1\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n ID:                               6219\n Name:                             pass\n Type:                             xdp\n:\n
         
        When bpfman is stopped, all remaining programs will be unloaded automatically.
        "},{"location":"getting-started/tutorial/#step-7-clean-up","title":"Step 7: Clean-up","text":"
        To unwind all the changes, stop bpfman and then run the following script:
         
        sudo ./scripts/setup.sh uninstall\n
         
        WARNING: setup.sh uninstall cleans everything up, so /etc/bpfman/programs.d/ and /run/bpfman/bytecode/ are deleted. Save any changes or files that were created if needed.
        "},{"location":"getting-started/tutorial/#systemd-service","title":"Systemd Service","text":"
        To run bpfman as a systemd service, the binaries will be placed in a well known location (/usr/sbin/.) and a service configuration file will be added (/usr/lib/systemd/system/bpfman.service). When run as a systemd service, the set of linux capabilities are limited to only the needed set. If permission errors are encountered, see Linux Capabilities for help debugging.
        "},{"location":"getting-started/tutorial/#step-1","title":"Step 1","text":"
        Same as Step 1 above, build bpfman if needed:
         
        cd $HOME/src/bpfman/\ncargo xtask build-ebpf --libbpf-dir $HOME/src/libbpf\ncargo build\n
        "},{"location":"getting-started/tutorial/#step-2-setup-bpfman-environment_1","title":"Step 2: Setup bpfman environment","text":"
        Run the following command to copy the bpfman and bpfman binaries to /usr/sbin/ and copy a default bpfman.service file to /usr/lib/systemd/system/. This option will also start the systemd service bpfman.service by default:
         
        sudo ./scripts/setup.sh install\n
         
        NOTE: Prior to kernel 5.19, all eBPF sys calls required CAP_BPF, which are used to access maps shared between the BFP program and the userspace program. So userspace programs that are accessing maps and running on kernels older than 5.19 will require either sudo or the CAP_BPF capability (sudo /sbin/setcap cap_bpf=ep ./<USERSPACE-PROGRAM>).
         
        To update the configuration settings associated with running bpfman as a service, edit the service configuration file:
         
        sudo vi /usr/lib/systemd/system/bpfman.service\nsudo systemctl daemon-reload\n
         
        If bpfman or bpfman is rebuilt, the following command can be run to install the update binaries without regenerating the certifications. The bpfman service will is automatically restarted.
         
        sudo ./scripts/setup.sh reinstall\n
        "},{"location":"getting-started/tutorial/#step-3-start-bpfman_1","title":"Step 3: Start bpfman","text":"
        To manage bpfman as a systemd service, use systemctl. sudo ./scripts/setup.sh install will start the service, but the service can be manually stopped and started:
         
        sudo systemctl stop bpfman.service\n...\nsudo systemctl start bpfman.service\n
        "},{"location":"getting-started/tutorial/#step-4-6","title":"Step 4-6","text":"
        Same as above except bpfman is now in $PATH:
         
        sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethff657c7 --priority 100\n:\n\n\nsudo bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n\n\nsudo bpfman unload 6213\n
        "},{"location":"getting-started/tutorial/#step-7-clean-up_1","title":"Step 7: Clean-up","text":"
        To unwind all the changes performed while running bpfman as a systemd service, run the following script. This command cleans up everything, including stopping the bpfman service if it is still running.
         
        sudo ./scripts/setup.sh uninstall\n
         
        WARNING: setup.sh uninstall cleans everything up, so /etc/bpfman/programs.d/ and /run/bpfman/bytecode/ are deleted. Save any changes or files that were created if needed.
        "},{"location":"getting-started/tutorial/#build-and-run-local-ebpf-programs","title":"Build and Run Local eBPF Programs","text":"
        In the examples above, all the eBPF programs were pulled from pre-built images. This tutorial uses examples from the xdp-tutorial. The pre-built container images can be found here: https://quay.io/organization/bpfman-bytecode
         
        To build these examples locally, check out the xdp-tutorial git repository and compile the examples. eBPF Bytecode Image Specifications describes how eBPF bytecode ispackaged in container images.
         
        To load these programs locally, use the bpfman load file command in place of the bpfman load image command. For example:
         
        sudo ./target/debug/bpfman load file --path /$HOME/src/xdp-tutorial/basic01-xdp-pass/xdp_pass_kern.o --name \"pass\" xdp --iface vethff657c7 --priority 100\n
        "},{"location":"governance/CODE_OF_CONDUCT/","title":"Contributor Covenant Code of Conduct","text":""},{"location":"governance/CODE_OF_CONDUCT/#our-pledge","title":"Our Pledge","text":"
        We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
         
        We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
        "},{"location":"governance/CODE_OF_CONDUCT/#our-standards","title":"Our Standards","text":"
        Examples of behavior that contributes to a positive environment for our community include:
         
           
        • Demonstrating empathy and kindness toward other people
          •  
        • Being respectful of differing opinions, viewpoints, and experiences
          •  
        • Giving and gracefully accepting constructive feedback
          •  
        • Accepting responsibility and apologizing to those affected by our mistakes,   and learning from the experience
          •  
        • Focusing on what is best not just for us as individuals, but for the overall   community
          •  
         
        Examples of unacceptable behavior include:
         
           
        • The use of sexualized language or imagery, and sexual attention or advances of   any kind
          •  
        • Trolling, insulting or derogatory comments, and personal or political attacks
          •  
        • Public or private harassment
          •  
        • Publishing others' private information, such as a physical or email address,   without their explicit permission
          •  
        • Other conduct which could reasonably be considered inappropriate in a   professional setting
          •  
        "},{"location":"governance/CODE_OF_CONDUCT/#enforcement-responsibilities","title":"Enforcement Responsibilities","text":"
        Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
         
        Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
        "},{"location":"governance/CODE_OF_CONDUCT/#scope","title":"Scope","text":"
        This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
        "},{"location":"governance/CODE_OF_CONDUCT/#enforcement","title":"Enforcement","text":"
        Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement directly. Maintainers are identified in the MAINTAINERS.md file and their contact information is on their GitHub profile page. All complaints will be reviewed and investigated promptly and fairly.
         
        All community leaders are obligated to respect the privacy and security of the reporter of any incident.
        "},{"location":"governance/CODE_OF_CONDUCT/#enforcement-guidelines","title":"Enforcement Guidelines","text":"
        Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
        "},{"location":"governance/CODE_OF_CONDUCT/#1-correction","title":"1. Correction","text":"
        Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
         
        Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
        "},{"location":"governance/CODE_OF_CONDUCT/#2-warning","title":"2. Warning","text":"
        Community Impact: A violation through a single incident or series of actions.
         
        Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
        "},{"location":"governance/CODE_OF_CONDUCT/#3-temporary-ban","title":"3. Temporary Ban","text":"
        Community Impact: A serious violation of community standards, including sustained inappropriate behavior.
         
        Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
        "},{"location":"governance/CODE_OF_CONDUCT/#4-permanent-ban","title":"4. Permanent Ban","text":"
        Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
         
        Consequence: A permanent ban from any sort of public interaction within the community.
        "},{"location":"governance/CODE_OF_CONDUCT/#attribution","title":"Attribution","text":"
        This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
         
        Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder.
         
        For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
        "},{"location":"governance/CONTRIBUTING/","title":"Contributing Guide","text":"
           
        • New Contributor Guide
          •  
        • Ways to Contribute
          •  
        • Find an Issue
          •  
        • Ask for Help
          •  
        • Pull Request Lifecycle
          •  
        • Development Environment Setup
          •  
        • Signoff Your Commits
          •  
        • Pull Request Checklist
          •  
         
        Welcome! We are glad that you want to contribute to our project! \ud83d\udc96
         
        As you get started, you are in the best position to give us feedback on areas of our project that we need help with including:
         
           
        • Problems found during setting up a new developer environment
          •  
        • Gaps in our Quickstart Guide or documentation
          •  
        • Bugs in our automation scripts
          •  
         
        If anything doesn't make sense, or doesn't work when you run it, please open a bug report and let us know!
        "},{"location":"governance/CONTRIBUTING/#ways-to-contribute","title":"Ways to Contribute","text":"
        We welcome many different types of contributions including:
         
           
        • New features
          •  
        • Builds, CI/CD
          •  
        • Bug fixes
          •  
        • Documentation
          •  
        • Issue Triage
          •  
        • Answering questions on Slack/Mailing List
          •  
        • Web design
          •  
        • Communications / Social Media / Blog Posts
          •  
        • Release management
          •  
         
        Not everything happens through a GitHub pull request. Please come to our meetings or contact us and let's discuss how we can work together.
        "},{"location":"governance/CONTRIBUTING/#come-to-meetings","title":"Come to Meetings","text":"
        Absolutely everyone is welcome to come to any of our meetings. You never need an invite to join us. In fact, we want you to join us, even if you don\u2019t have anything you feel like you want to contribute. Just being there is enough!
         
        You can find out more about our meetings here. You don\u2019t have to turn on your video. The first time you come, introducing yourself is more than enough. Over time, we hope that you feel comfortable voicing your opinions, giving feedback on others\u2019 ideas, and even sharing your own ideas, and experiences.
        "},{"location":"governance/CONTRIBUTING/#find-an-issue","title":"Find an Issue","text":"
        We have good first issues for new contributors and help wanted issues suitable for any contributor. good first issue has extra information to help you make your first contribution. help wanted are issues suitable for someone who isn't a core maintainer and is good to move onto after your first pull request.
         
        Sometimes there won\u2019t be any issues with these labels. That\u2019s ok! There is likely still something for you to work on. If you want to contribute but you don\u2019t know where to start or can't find a suitable issue, you can reach out to us on Slack and we will be happy to help.
         
        Once you see an issue that you'd like to work on, please post a comment saying that you want to work on it. Something like \"I want to work on this\" is fine.
        "},{"location":"governance/CONTRIBUTING/#ask-for-help","title":"Ask for Help","text":"
        The best way to reach us with a question when contributing is to ask on:
         
           
        • The original github issue
          •  
        • Our Slack channel
          •  
        "},{"location":"governance/CONTRIBUTING/#pull-request-lifecycle","title":"Pull Request Lifecycle","text":"
        Pull requests are managed by Mergify.
         
        Our process is currently as follows:
         
           
        1. When you open a PR a maintainer will automatically be assigned for review
          2.  
        2. Make sure that your PR is passing CI - if you need help with failing checks please feel free to ask!
          3.  
        3. Once it is passing all CI checks, a maintainer will review your PR and you may be asked to make changes.
          4.  
        4. When you have received at least one approval from a maintainer, your PR will be merged automatically.
          5.  
         
        In some cases, other changes may conflict with your PR. If this happens, you will get notified by a comment in the issue that your PR requires a rebase, and the needs-rebase label will be applied. Once a rebase has been performed, this label will be automatically removed.
        "},{"location":"governance/CONTRIBUTING/#development-environment-setup","title":"Development Environment Setup","text":"
        Instructions
        "},{"location":"governance/CONTRIBUTING/#signoff-your-commits","title":"Signoff Your Commits","text":""},{"location":"governance/CONTRIBUTING/#dco","title":"DCO","text":"
        Licensing is important to open source projects. It provides some assurances that the software will continue to be available based under the terms that the author(s) desired. We require that contributors sign off on commits submitted to our project's repositories. The Developer Certificate of Origin (DCO) is a way to certify that you wrote and have the right to contribute the code you are submitting to the project.
         
        You sign-off by adding the following to your commit messages. Your sign-off must match the git user and email associated with the commit.
         
        This is my commit message\n\nSigned-off-by: Your Name <your.name@example.com>\n
         
        Git has a -s command line option to do this automatically:
         
        git commit -s -m 'This is my commit message'\n
         
        If you forgot to do this and have not yet pushed your changes to the remote repository, you can amend your commit with the sign-off by running
         
        git commit --amend -s\n
        "},{"location":"governance/CONTRIBUTING/#logical-grouping-of-commits","title":"Logical Grouping of Commits","text":"
        It is a recommended best practice to keep your changes as logically grouped as possible within individual commits. If while you're developing you prefer doing a number of commits that are \"checkpoints\" and don't represent a single logical change, please squash those together before asking for a review. When addressing review comments, please perform an interactive rebase and edit commits directly rather than adding new commits with messages like \"Fix review comments\".
        "},{"location":"governance/CONTRIBUTING/#commit-message-guidelines","title":"Commit message guidelines","text":"
        A good commit message should describe what changed and why.
         
           
        1.  
          The first line should:
           
          2.  
        2.  
          contain a short description of the change (preferably 50 characters or less,     and no more than 72 characters)
           
          3.  
        3. be entirely in lowercase with the exception of proper nouns, acronyms, and     the words that refer to code, like function/variable names
          4.  
        4. be prefixed with the name of the sub crate being changed
          5.  
         
        Examples:
         
           
        • bpfman: validate program section names
          •  
        •  
          bpf: add dispatcher program test slot
           
          •  
        •  
          Keep the second line blank.
           
          •  
        • Wrap all other lines at 72 columns (except for long URLs).
          •  
        • If your patch fixes an open issue, you can add a reference to it at the end    of the log. Use the Fixes: # prefix and the issue number. For other    references use Refs: #. Refs may include multiple issues, separated by a    comma.
          •  
         
        Examples:
         
           
        • Fixes: #1337
          •  
        • Refs: #1234
          •  
         
        Sample complete commit message:
         
        subcrate: explain the commit in one line\n\nBody of commit message is a few lines of text, explaining things\nin more detail, possibly giving some background about the issue\nbeing fixed, etc.\n\nThe body of the commit message can be several paragraphs, and\nplease do proper word-wrap and keep columns shorter than about\n72 characters or so. That way, `git log` will show things\nnicely even when it is indented.\n\nFixes: #1337\nRefs: #453, #154\n
        "},{"location":"governance/CONTRIBUTING/#pull-request-checklist","title":"Pull Request Checklist","text":"
        When you submit your pull request, or you push new commits to it, our automated systems will run some checks on your new code. We require that your pull request passes these checks, but we also have more criteria than just that before we can accept and merge it. We recommend that you check the following things locally before you submit your code:
         
           
        • Verify that Rust code has been formatted and that all clippy lints have been fixed:
          •  
        • Verify that Go code has been formatted and linted
          •  
        • Verify that Yaml files have been formatted (see   Install Yaml Formatter)
          •  
        • Verify that Bash scripts have been linted using shellcheck
          •  
         
        cd src/bpfman/\ncargo xtask lint\n
         
           
        • Verify that unit tests are passing locally (see   Unit Testing):
          •  
         
        cd src/bpfman/\ncargo xtask unit-test\n
         
           
        • Verify any changes to the bpfman api have been \"blessed\"
          •  
         
        cd /src/bpfman/\ncargo +nightly xtask public-api --bless\n
         
           
        • Verify that integration tests are passing locally (see   Basic Integration Tests):
          •  
         
        cd src/bpfman/\ncargo xtask integration-test\n
         
           
        • If developing the bpfman-operator, verify that bpfman-operator unit and integration tests   are passing locally:
          •  
         
        See Kubernetes Operator Tests.
        "},{"location":"governance/GOVERNANCE/","title":"bpfman Project Governance","text":"
        The bpfman project is dedicated to creating an easy way to run eBPF programs on a single host and in clusters. This governance explains how the project is run.
         
           
        • Values
          •  
        • Maintainers
          •  
        • Becoming a Maintainer
          •  
        • Meetings
          •  
        • Code of Conduct Enforcement
          •  
        • Security Response Team
          •  
        • Voting
          •  
        • Modifications
          •  
        "},{"location":"governance/GOVERNANCE/#values","title":"Values","text":"
        The bpfman project and its leadership embrace the following values:
         
           
        •  
          Openness: Communication and decision-making happens in the open and is discoverable for future   reference. As much as possible, all discussions and work take place in public   forums and open repositories.
           
          •  
        •  
          Fairness: All stakeholders have the opportunity to provide feedback and submit   contributions, which will be considered on their merits.
           
          •  
        •  
          Community over Product or Company: Sustaining and growing our community takes   priority over shipping code or sponsors' organizational goals.  Each   contributor participates in the project as an individual.
           
          •  
        •  
          Inclusivity: We innovate through different perspectives and skill sets, which   can only be accomplished in a welcoming and respectful environment.
           
          •  
        •  
          Participation: Responsibilities within the project are earned through   participation, and there is a clear path up the contributor ladder into leadership   positions.
           
          •  
        "},{"location":"governance/GOVERNANCE/#maintainers","title":"Maintainers","text":"
        bpfman Maintainers have write access to the project GitHub repository. They can merge their patches or patches from others. The list of current maintainers can be found at MAINTAINERS.md.  Maintainers collectively manage the project's resources and contributors.
         
        This privilege is granted with some expectation of responsibility: maintainers are people who care about the bpfman project and want to help it grow and improve. A maintainer is not just someone who can make changes, but someone who has demonstrated their ability to collaborate with the team, get the most knowledgeable people to review code and docs, contribute high-quality code, and follow through to fix issues (in code or tests).
         
        A maintainer is a contributor to the project's success and a citizen helping the project succeed.
         
        The collective team of all Maintainers is known as the Maintainer Council, which is the governing body for the project.
        "},{"location":"governance/GOVERNANCE/#becoming-a-maintainer","title":"Becoming a Maintainer","text":"
        To become a Maintainer you need to demonstrate the following:
         
           
        • commitment to the project:
          •  
        • participate in discussions, contributions, code and documentation reviews, for 6 months or more,
          •  
        • perform reviews for 10 non-trivial pull requests,
          •  
        • contribute 10 non-trivial pull requests and have them merged,
          •  
        • ability to write quality code and/or documentation,
          •  
        • ability to collaborate with the team,
          •  
        • understanding of how the team works (policies, processes for testing and code review, etc),
          •  
        • understanding of the project's code base and coding and documentation style.
          •  
         
        A new Maintainer must be proposed by an existing maintainer by opening a Pull Request on GitHub to update the MAINTAINERS.md file. A simple majority vote of existing Maintainers approves the application. Maintainer nominations will be evaluated without prejudice to employers or demographics.
         
        Maintainers who are selected will be granted the necessary GitHub rights.
        "},{"location":"governance/GOVERNANCE/#removing-a-maintainer","title":"Removing a Maintainer","text":"
        Maintainers may resign at any time if they feel that they will not be able to continue fulfilling their project duties.
         
        Maintainers may also be removed after being inactive, failing to fulfill their Maintainer responsibilities, violating the Code of Conduct, or for other reasons. Inactivity is defined as a period of very low or no activity in the project for a year or more, with no definite schedule to return to full Maintainer activity.
         
        A Maintainer may be removed at any time by a 2/3 vote of the remaining maintainers.
         
        Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers will still be consulted on some project matters and can be rapidly returned to Maintainer status if their availability changes.
        "},{"location":"governance/GOVERNANCE/#meetings","title":"Meetings","text":"
        Time zones permitting, Maintainers are expected to participate in the public developer meeting, detailed in the meetings document.
         
        Maintainers will also have closed meetings to discuss security reports or Code of Conduct violations. Such meetings should be scheduled by any Maintainer on receipt of a security issue or CoC report. All current Maintainers must be invited to such closed meetings, except for any Maintainer who is accused of a CoC violation.
        "},{"location":"governance/GOVERNANCE/#code-of-conduct","title":"Code of Conduct","text":"
        Code of Conduct violations by community members will be discussed and resolved on the private maintainer Slack channel.
        "},{"location":"governance/GOVERNANCE/#security-response-team","title":"Security Response Team","text":"
        The Maintainers will appoint a Security Response Team to handle security reports. This committee may simply consist of the Maintainer Council themselves.  If this responsibility is delegated, the Maintainers will appoint a team of at least two contributors to handle it.  The Maintainers will review who is assigned to this at least once a year.
         
        The Security Response Team is responsible for handling all reports of security holes and breaches according to the security policy.
        "},{"location":"governance/GOVERNANCE/#voting","title":"Voting","text":"
        While most business in bpfman is conducted by \"lazy consensus\", periodically the Maintainers may need to vote on specific actions or changes. A vote can be taken on the private developer slack channel for security or conduct matters. Votes may also be taken at the developer meeting.  Any Maintainer may demand a vote be taken.
         
        Most votes require a simple majority of all Maintainers to succeed, except where otherwise noted.  Two-thirds majority votes mean at least two-thirds of all existing maintainers.
        "},{"location":"governance/GOVERNANCE/#modifying-this-charter","title":"Modifying this Charter","text":"
        Changes to this Governance and its supporting documents may be approved by a 2/3 vote of the Maintainers.
        "},{"location":"governance/MAINTAINERS/","title":"Maintainers","text":"
        See CONTRIBUTING.md for general contribution guidelines. See GOVERNANCE.md for governance guidelines and maintainer responsibilities. See CODEOWNERS for a detailed list of owners for the various source directories.
         Name Employer Responsibilities Dave Tucker Red Hat Catch all Andrew Stoycos Red Hat bpfman-operator, bpfman-agent Andre Fredette Red Hat All things tc-bpf Billy McFall Red Hat All things systemd"},{"location":"governance/MEETINGS/","title":"bpfman Community Meetings","text":""},{"location":"governance/MEETINGS/#meeting-time","title":"Meeting time","text":"
        We meet every Thursday at 10:00 AM Eastern Time. The meetings last up to 1 hour.
        "},{"location":"governance/MEETINGS/#meeting-location","title":"Meeting location","text":"
        Video call link: https://meet.google.com/ggz-zkmp-pxx Or dial: (US) +1 98ttp4-221-0859 PIN: 613 588 790# More phone numbers: https://tel.meet/ggz-zkmp-pxx?pin=3270510926446
        "},{"location":"governance/MEETINGS/#meeting-agenda-and-minutes","title":"Meeting agenda and minutes","text":"
        Meeting agenda
        "},{"location":"governance/REVIEWING/","title":"Reviewing Guide","text":"
        This document covers who may review pull requests for this project, and guides how to perform code reviews that meet our community standards and code of conduct. All reviewers must read this document and agree to follow the project review guidelines. Reviewers who do not follow these guidelines may have their privileges revoked.
        "},{"location":"governance/REVIEWING/#the-reviewer-role","title":"The Reviewer Role","text":"
        Only maintainers are REQUIRED to review pull requests. Other contributors may opt to review pull requests, but any LGTM from a non-maintainer won't count towards the required number of Approved Reviews in the Mergify policy.
        "},{"location":"governance/REVIEWING/#values","title":"Values","text":"
        All reviewers must abide by the Code of Conduct and are also protected by it. A reviewer should not tolerate poor behavior and is encouraged to report any behavior that violates the Code of Conduct. All of our values listed above are distilled from our Code of Conduct.
         
        Below are concrete examples of how it applies to code review specifically:
        "},{"location":"governance/REVIEWING/#inclusion","title":"Inclusion","text":"
        Be welcoming and inclusive. You should proactively ensure that the author is successful. While any particular pull request may not ultimately be merged, overall we want people to have a great experience and be willing to contribute again. Answer the questions they didn't know to ask or offer concrete help when they appear stuck.
        "},{"location":"governance/REVIEWING/#sustainability","title":"Sustainability","text":"
        Avoid burnout by enforcing healthy boundaries. Here are some examples of how a reviewer is encouraged to act to take care of themselves:
         
           
        • Authors should meet baseline expectations when submitting a pull request, such as writing tests.
          •  
        • If your availability changes, you can step down from a pull request and have someone else assigned.
          •  
        • If interactions with an author are not following the code of conduct, close the PR and raise it with your Code of Conduct committee or point of contact. It's not your job to coax people into behaving.
          •  
        "},{"location":"governance/REVIEWING/#trust","title":"Trust","text":"
        Be trustworthy. During a review, your actions both build and help maintain the trust that the community has placed in this project. Below are examples of ways that we build trust:
         
           
        • Transparency - If a pull request won't be merged, clearly say why and close it. If a pull request won't be reviewed for a while, let the author know so they can set expectations and understand why it's blocked.
          •  
        • Integrity - Put the project's best interests ahead of personal relationships or company affiliations when deciding if a change should be merged.
          •  
        • Stability - Only merge when the change won't negatively impact project stability. It can be tempting to merge a pull request that doesn't meet our quality standards, for example when the review has been delayed, or because we are trying to deliver new features quickly, but regressions can significantly hurt trust in our project.
          •  
        "},{"location":"governance/REVIEWING/#process","title":"Process","text":"
           
        • Reviewers are automatically assigned based on the CODEOWNERS file.
          •  
        • Reviewers should wait for automated checks to pass before reviewing
          •  
        • At least 1 approved review is required from a maintainer before a pull request can be merged
          •  
        • All CI checks must pass
          •  
        • If a PR is stuck for some reason it is down to the reviewer to determine the best course of action:
          •  
        • PRs may be closed if they are no longer relevant
          •  
        • A maintainer may choose to carry a PR forward on their own, but they should ALWAYS include the original author's commits
          •  
        • A maintainer may choose to open additional PRs to help lay a foundation on which the stuck PR can be unstuck. They may either rebase the stuck PR themselves or leave this to the author
          •  
        • Maintainers should not merge their pull requests without a review
          •  
        • Maintainers should let the Mergify bot merge PRs and not merge PRs directly
          •  
        • In times of need, i.e. to fix pressing security issues, the Maintainers may, at their discretion, merge PRs without review. They should at least add a comment to the PR explaining why they did so.
          •  
        "},{"location":"governance/REVIEWING/#checklist","title":"Checklist","text":"
        Below are a set of common questions that apply to all pull requests:
         
           
        • [ ] Is this PR targeting the correct branch?
          •  
        • [ ] Does the commit message provide an adequate description of the change?
          •  
        • [ ] Does the affected code have corresponding tests?
          •  
        • [ ] Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
          •  
        • [ ] Does this introduce breaking changes that would require an announcement or bumping of the major version?
          •  
        • [ ] Does this PR introduce any new dependencies?
          •  
        "},{"location":"governance/REVIEWING/#reading-list","title":"Reading List","text":"
        Reviewers are encouraged to read the following articles for help with common reviewer tasks:
         
           
        • The Art of Closing: How to close an unfinished or rejected pull request
          •  
        • Kindness and Code Reviews: Improving the Way We Give Feedback
          •  
        • Code Review Guidelines for Humans: Examples of good and back feedback
          •  
        "},{"location":"governance/SECURITY/","title":"Security Policy","text":""},{"location":"governance/SECURITY/#supported-versions","title":"Supported Versions","text":"
        No released versions of bpfman and bpfman-agent or bpfman-operator will receive regular security updates until a mainline release has been performed. A reported and fixed vulnerability will be included in the next minor release, which depending on the severity of the vulnerability may be immediate.
        "},{"location":"governance/SECURITY/#reporting-a-vulnerability","title":"Reporting a Vulnerability","text":"
        To report a vulnerability, please use the Private Vulnerability Reporting Feature on GitHub. We will endevour to respond within 48hrs of reporting. If a vulnerability is reported but considered low priority it may be converted into an issue and handled on the public issue tracker. Should a vulnerability be considered severe we will endeavour to patch it within 48hrs of acceptance, and may ask for you to collaborate with us on a temporary private fork of the repository.
        "},{"location":"blog/archive/2024/","title":"2024","text":""},{"location":"blog/archive/2023/","title":"2023","text":""},{"location":"blog/category/community-meeting/","title":"Community Meeting","text":""},{"location":"blog/category/2024/","title":"2024","text":""}]}
\ No newline at end of file
+{"config":{"lang":["en"],"separator":"[\\s\\-]+","pipeline":["stopWordFilter"]},"docs":[{"location":"","title":"Introduction","text":"
        Formerly know as bpfd
        "},{"location":"#bpfman-an-ebpf-manager","title":"bpfman: An eBPF Manager","text":"
        bpfman operates as an eBPF manager, focusing on simplifying the deployment and administration of eBPF programs. Its notable features encompass:
         
           
        • System Overview: Provides insights into how eBPF is utilized in your system.
          •  
        • eBPF Program Loader: Includes a built-in program loader that supports program cooperation for XDP and TC programs, as well as deployment of eBPF programs from OCI images.
          •  
        • eBPF Filesystem Management: Manages the eBPF filesystem, facilitating the deployment of eBPF applications without requiring additional privileges.
          •  
         
        Our program loader and eBPF filesystem manager ensure the secure deployment of eBPF applications. Furthermore, bpfman includes a Kubernetes operator, extending these capabilities to Kubernetes. This allows users to confidently deploy eBPF through custom resource definitions across nodes in a cluster.
        "},{"location":"#why-ebpf","title":"Why eBPF?","text":"
        eBPF is a powerful general-purpose framework that allows running sandboxed programs in the kernel. It can be used for many purposes, including networking, monitoring, tracing and security.
        "},{"location":"#why-ebpf-in-kubernetes","title":"Why eBPF in Kubernetes?","text":"
        Demand is increasing from both Kubernetes developers and users. Examples of eBPF in Kubernetes include:
         
           
        • Cilium and Calico   CNIs
          •  
        • Pixie: Open source observability
          •  
        • KubeArmor: Container-aware runtime security   enforcement system
          •  
        • Blixt: Gateway API L4 conformance   implementation
          •  
        • NetObserv: Open source operator for network   observability
          •  
        "},{"location":"#challenges-for-ebpf-in-kubernetes","title":"Challenges for eBPF in Kubernetes","text":"
           
        • Requires privileged pods.
          •  
        • eBPF-enabled apps require at least CAP_BPF permissions and potentially     more depending on the type of program that is being attached.
          •  
        • Since the Linux capabilities are very broad it is challenging to constrain     a pod to the minimum set of privileges required. This can allow them to do     damage (either unintentionally or intentionally).
          •  
        • Handling multiple eBPF programs on the same eBPF hooks.
          •  
        • Not all eBPF hooks are designed to support multiple programs.
          •  
        • Some software using eBPF assumes exclusive use of an eBPF hook and can     unintentionally eject existing programs when being attached. This can     result in silent failures and non-deterministic failures.
          •  
        • Debugging problems with deployments is hard.
          •  
        • The cluster administrator may not be aware that eBPF programs are being     used in a cluster.
          •  
        • It is possible for some eBPF programs to interfere with others in     unpredictable ways.
          •  
        • SSH access or a privileged pod is necessary to determine the state of eBPF     programs on each node in the cluster.
          •  
        • Lifecycle management of eBPF programs.
          •  
        • While there are libraries for the basic loading and unloading of eBPF     programs, a lot of code is often needed around them for lifecycle     management.
          •  
        • Deployment on Kubernetes is not simple.
          •  
        • It is an involved process that requires first writing a daemon that loads     your eBPF bytecode and deploying it using a DaemonSet.
          •  
        • This requires careful design and intricate knowledge of the eBPF program     lifecycle to ensure your program stays loaded and that you can easily     tolerate pod restarts and upgrades.
          •  
        • In eBPF enabled K8s deployments today, the eBPF Program is often embedded     into the userspace binary that loads and interacts with it. This means     there's no easy way to have fine-grained versioning control of the     bpfProgram in relation to it's accompanying userspace counterpart.
          •  
        "},{"location":"#what-is-bpfman","title":"What is bpfman?","text":"
        bpfman is a software stack that aims to make it easy to load, unload, modify and monitor eBPF programs whether on a single host, or in a Kubernetes cluster. bpfman includes the following core components:
         
           
        • bpfman: A system daemon that supports loading, unloading, modifying and   monitoring of eBPF programs exposed over a gRPC API.
          •  
        • eBPF CRDS: bpfman provides a set of CRDs (XdpProgram, TcProgram, etc.) that   provide a way to express intent to load eBPF programs as well as a bpfman   generated CRD (BpfProgram) used to represent the runtime state of loaded   programs.
          •  
        • bpfman-agent: The agent runs in a container in the bpfman daemonset and ensures   that the requested eBPF programs for a given node are in the desired state.
          •  
        • bpfman-operator: An operator, built using Operator   SDK, that manages the installation and   lifecycle of bpfman-agent and the CRDs in a Kubernetes cluster.
          •  
         
        bpfman is developed in Rust and built on top of Aya, a Rust eBPF library.
         
        The benefits of this solution include the following:
         
           
        • Security
          •  
        • Improved security because only the bpfman daemon, which can be tightly     controlled, has the privileges needed to load eBPF programs, while access     to the API can be controlled via standard RBAC methods. Within bpfman, only     a single thread keeps these capabilities while the other threads (serving     RPCs) do not.
          •  
        • Gives the administrators control over who can load programs.
          •  
        • Allows administrators to define rules for the ordering of networking eBPF     programs. (ROADMAP)
          •  
        • Visibility/Debuggability
          •  
        • Improved visibility into what eBPF programs are running on a system, which     enhances the debuggability for developers, administrators, and customer     support.
          •  
        • The greatest benefit is achieved when all apps use bpfman, but even if they     don't, bpfman can provide visibility into all the eBPF programs loaded on     the nodes in a cluster.
          •  
        • Multi-program Support
          •  
        • Support for the coexistence of multiple eBPF programs from multiple users.
          •  
        • Uses the libxdp multiprog     protocol     to allow multiple XDP programs on single interface
          •  
        • This same protocol is also supported for TC programs to provide a common     multi-program user experience across both TC and XDP.
          •  
        • Productivity
          •  
        • Simplifies the deployment and lifecycle management of eBPF programs in a     Kubernetes cluster.
          •  
        • developers can stop worrying about program lifecycle (loading, attaching,     pin management, etc.) and use existing eBPF libraries to interact with     their program maps using well defined pin points which are managed by     bpfman.
          •  
        • Developers can still use Cilium/libbpf/Aya/etc libraries for eBPF     development, and load/unload with bpfman.
          •  
        • Provides eBPF Bytecode Image Specifications that allows fine-grained     separate versioning control for userspace and kernelspace programs. This     also allows for signing these container images to verify bytecode     ownership.
          •  
         
        For more details, please see the following:
         
           
        • bpfman Overview for an overview of bpfman.
          •  
        • Deploying Example eBPF Programs On Local Host   for some examples of running bpfman on local host and using the CLI to install   eBPF programs on the host.
          •  
        • Deploying Example eBPF Programs On Kubernetes   for some examples of deploying eBPF programs through bpfman in a Kubernetes deployment.
          •  
        • Setup and Building bpfman for instructions   on setting up your development environment and building bpfman.
          •  
        • Example eBPF Programs for some examples of   eBPF programs written in Go, interacting with bpfman.
          •  
        • Deploying the bpfman-operator for   details on launching bpfman in a Kubernetes cluster.
          •  
        • Meet the Community for details on community   meeting details.
          •  
        "},{"location":"blog/","title":"Bpfman Blog","text":""},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/","title":"A New Logo: Using Generative AI, of course","text":"
        Since we renamed the project to bpfman we are in need of a new logo. Given that the tech buzz around Generative AI is infectious, we decided to explore using generative AI to create our new logo. What we found was that it was a great way to generate ideas, but a human (me) was still needed to create the final design.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-brief","title":"The Brief","text":"
        I have a love of open source projects with animal mascots, so bpfman should be no different. The \"bee\" is used a lot for eBPF related projects. One such example is Crabby, the crab/bee hybrid, that I created for the Aya project.
         
        The logo should be cute and playful, but not too childish. As a nod to Podman, we'd like to use the same typeface and split color-scheme as they do, replacing purple with yellow.
         
        One bee is not enough! Since we're an eBPF manager, we need a more bees!
         
        via GIPHY
         
        And since those bees are bee-ing (sorry) managed, they should be organized. Maybe in a pyramid shape?
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-process","title":"The Process","text":"
        We used Bing Image Creator, which is backed by DALL-E 3.
         
        Initially we tried to use the following prompt:
         
        Logo for open source software project called \"bpfman\". \"bpf\" should be yellow and \"man\" should be black or grey. an illustration of some organized bees above the text. cute. playful
         
        Our AI overlords came up with:
         
         
        Not bad, but not quite what we were looking for. It's clear that as smart as AI is, it struggles with text, so whatever we need will need some manual post-processing. There are bees, if you squint a bit, but they're not very organized. Let's refine our prompt a bit:
         
        Logo for open source software project called \"bpfman\" as one word. The \"bpf\" should be yellow and \"man\" should be black or grey. an illustration of some organized bees above the text. cute. playful.
         
         
        That... is worse.
         
        Let's try again:
         
        Logo for a project called \"bpfman\". In the text \"bpfman\", \"bpf\" should be yellow and \"man\" should be black or grey. add an illustration of some organized bees above the text. cute and playful style.
         
         
        The bottom left one is pretty good! So I shared it with the rest of the maintainers to see what they thought.
         
        At this point the feedback that I got was the bees were too cute! We're a manager, and managers are serious business, so we need serious bees.
         
        Prompting the AI for the whole logo was far too ambitious, so I decided I would just use the AI to generate the bees and then I would add the text myself.
         
        I tried a few different prompts, but the one that worked best was:
         
        3 bees guarding a hive. stern expressions. simple vector style.
         
         
        The bottom right was exactly what I had in mind! With a little bit of post-processing, I ended up with this:
         
         
        Now it was time to solicit some feedback.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#gathering-feedback","title":"Gathering Feedback","text":"
        After showing the logo to a few others, we decided that the bees were infact too stern. At this point we had a few options, like reverting back to our cute bees, however, this section in the [Bing Image Creator Terms of Service] was pointed out to me:
         
        Use of Creations. Subject to your compliance with this Agreement, the Microsoft Services Agreement, and our Content Policy, you may use Creations outside of the Online Services for any legal personal, non-commercial purpose.
         
        This means that we can't use the AI generated images for our logo.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#was-it-all-for-nothing","title":"Was it all for nothing?","text":"
        Was it all for nothing? No! We learnt a lot from this process.
         
        Generative AI is great for generating ideas. Some of the logo compositions produced were great!
         
        It was also very useful to adjust the prompt based on feedback from team members so we could incorporate their ideas into the design.
         
        We also learnt that the AI is not great at text, so we should avoid using it for that.
         
        And finally, we learnt that we can't use the AI generated images for our logo. Well, not with the generator we used anyway.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-semi-final-design-process","title":"The (Semi) Final Design Process","text":"
        I started from scratch, taking inspiration from the AI generated images. The bees were drawn first and composed around a hive - as our AI overlords suggested. I then added the text, and colours, but it still felt like it was missing something.
         
        What if we added a force field around the hive? That might be cool! And so, I added a force field around the hive and played around with the colours until I was happy.
         
        Here's what we ended up with:
         
         
        We consulted a few more people and got some feedback. The general consensus was that the logo was too busy... However, the reception to the force field was that the favicon I'd mocked would work better as the logo.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#the-final-design","title":"The Final Design","text":"
        Here's the final design:
         
         
        Pretty cool, right? Even if I do say so myself.
         
        Our mascot is a queen bee, because she's the manager of the hive.
         
        The force field, is now no longer a force field - It's a pheramone cloud that represents the Queen Mandibular Pheromone (QMP) that the queen bee produces to keep the hive organized.
        "},{"location":"blog/2023/11/25/a-new-logo-using-generative-ai-of-course/#conclusion","title":"Conclusion","text":"
        I'm really happy with the result! I'm not a designer, so I'm sure there are things that could be improved, but I think it's a good start.
         
        What do you think? Join us on Slack and let us know!
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/","title":"bpfman's Integration with the AF_XDP Device Plugin and CNI for Kubernetes","text":"
        AF_XDP is an address/socket family that is optimized for high performance packet processing. It takes advantage of XDP (an in Kernel fastpath), which essentially runs an eBPF program as early as possible on a network driver's receive path, and redirects the packet to an AF_XDP socket.
         
         
        AF_XDP sockets (XSKs) are created in Userspace and have a 1:1 mapping with netdev queues. An XSKMAP is an eBPF map of AF_XDP sockets for a particular netdev. It's a simple key:value map where the key is the netdev's queue-id and the value is the AF_XDP socket that's attached to that queue. The eBPF program (at the XDP hook) will leverage the XSKMAP and the XDP_REDIRECT action to redirect packets to an AF_XDP socket. In the image below the XDP program is redirecting an incoming packet to the XSK attached to Queue 2.
         
        NOTE: If no XSK is attached to a queue, the XDP program will simply pass the packet to the Kernel Network Stack.
         
        +---------------------------------------------------+\n|     XSK A      |     XSK B       |      XSK C     |<---+  Userspace\n=========================================================|==========\n|    Queue 0     |     Queue 1     |     Queue 2    |    |  Kernel space\n+---------------------------------------------------+    |\n|                  Netdev eth0                      |    |\n+---------------------------------------------------+    |\n|                            +=============+        |    |\n|                            | key |  xsk  |        |    |\n|  +---------+               +=============+        |    |\n|  |         |               |  0  | xsk A |        |    |\n|  |         |               +-------------+        |    |\n|  |         |               |  1  | xsk B |        |    |\n|  | BPF     |               +-------------+        |    |\n|  | prog    |-- redirect -->|  2  | xsk C |-------------+\n|  | (XDP    |               +-------------+        |\n|  |  HOOK)  |                   xskmap             |\n|  |         |                                      |\n|  +---------+                                      |\n|                                                   |\n+---------------------------------------------------+\n
         
        The AF_XDP Device Plugin and CNI project provides the Kubernetes components to provision, advertise and manage AF_XDP networking devices for Kubernetes pods. These networking devices are typically used as a Secondary networking interface for a pod. A key goal of this project is to enable pods to run without any special privileges, without it pods that wish to use AF_XDP will need to run with elevated privileges in order to manage the eBPF program on the interface. The infrastructure will have little to no control over what these pods can load. Therefore it's ideal to leverage a central/infrastructure centric eBPF program management approach.  This blog will discuss the eBPF program management journey for the AF_XDP Device Plugin and CNI.
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#what-does-the-af_xdp-device-plugin-and-cni-do","title":"What does the AF_XDP Device Plugin and CNI do?","text":"
        For pods to create and use AF_XDP sockets on their interfaces, they can either:
         
           
        1. Create the AF_XDP socket on an interface already plumbed to the Pod (via SR-IOV    Device Plugin and the Host CNI) --> But this requires CAP_BPF or CAP_SYS_ADMIN    privileges in order to load the BPF program on the netdev.
          2.  
         
        OR
         
           
        1.  
          Use the AF_XDP Device Plugin (DP) and CNI in order to support a Pod without the    aforementioned root like privileges.
           
          NOTE: Prior to kernel 5.19, all BPF sys calls required CAP_BPF, which are used to access maps shared between the BPF program and the userspace program. In kernel 5.19, a change went in that only requires CAP_BPF for map creation (BPF_MAP_CREATE) and loading programs (BPF_PROG_LOAD).
           
          In this scenario, the AF_XDP DP, will advertise resource pools (of netdevs) to Kubelet. When a Pod requests a resource from these pools, Kubelet will Allocate() one of these devices through the AF_XDP DP. The AF_XDP DP will load the eBPF program (to redirect packets to an AF_XDP socket) on the allocated device.
           
          The default behaviour of the AF_XDP DP (unless otherwise configured) is to take note of the XSKMAP File Descriptor (FD) for that netdev. It will also mount a Unix Domain Socket (UDS), as a hostpath mount, in the Pod. This UDS will be used by the AF_XDP application to perform a handshake with the AF_XDP DP to retrieve the XSKMAP FD. The application needs the XSKMAP FD to \"attach\" AF_XDP sockets it creates to the netdev queues.
           
          NOTE: Newer versions of the AF_XDP DP support eBPF map pinning which eliminate the need to perform this (non trivial) handshake with AF_XDP pods. It now mounts the pinned XSKMAP into the Pod using a hostpath mount. The downside of this approach is that the AF_XDP DP now needs to manage several eBPF File Systems (BPFFS), one per pod.
           
          The AF_XDP CNI (like any CNI) has the task of moving the netdev (with the loaded eBPF program) into the Pod namespace. It also does a few other important things:
           
             
          • It does not rename the netdev (to allow the DP to avoid IF_INDEX clashes as it manages      the AF_XDP resource pools).
            •  
          • The CNI is also capable of configuring hardware filters on the NIC.
            •  
          • Finally, the CNI also unloads the eBPF program from the netdev and clear any hardware     filters when the Pod is terminated.
            •  
           
          NOTE 1: The AF_XDP CNI manages the unloading of the eBPF program due to the AF_XDP DP not being aware of when a pod terminates (it's only invoked by Kubelet during pod creation).
           
          NOTE 2: Prior to bpfman integration, the CNI was extended to signal the AF_XDP DP on pod termination (via gRPC) in an effort to support eBPF map pinning directly in the AF_XDP DP. The AF_XDP DP was managing BPFFS(es) for map pinning and needed to be signalled to clean them up.
           
          2.  
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#bpfman-integration","title":"bpfman Integration","text":"
        Prior to bpfman integration the AF_XDP Device Plugin and CNI managed the eBPF program for redirecting incoming packets to AF_XDP sockets, its associated map (XSKMAP), and/or several BPFFS.
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#integration-benefits","title":"Integration benefits","text":"
        So what are the benefits of bpfman integration for the AF_XDP DP and CNI?
         
           
        •  
          Removes code for loading and managing eBPF from the AF_XDP DP and CNI codebase.
           
          •  
        •  
          This presented a difficulty particularly when trying to find/update appropriate     base container images to use for the AF_XDP device plugin. Different images     supported different versions of eBPF management libraries (i.e libbpf or libxdp) which     forced multiple changes around the loading and attaching of the base eBPF program.
           
          •  
        •  
          Additionally the CNI runs as a binary on the Kubernetes node so we would need to     statically compile libbpf/libxdp as part of the CNI.
           
          •  
        •  
          More diverse XDP program support through bpfman's eBPF Bytecode Image Specification. Not   only do the AF_XDP eBPF programs no longer need to be stored in the Device Plugin   itself, but it's now configurable on a per pool basis.
           
          •  
        •  
          No longer required to leverage Hostpath volume mounts to mount the AF_XDP maps inside   a Pod. But rather take advantage of the bpfman CSI support to ensure that maps are   pinned in the context of the Pod itself and not in a BPFFS on the host (then shared   to the Pod).
           
          •  
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-device-plugin-ebpf-programmap-management","title":"AF_XDP Device Plugin eBPF program/map management","text":"
        The role of the AF_XDP DP in eBPF program/map management prior to bpfman integration:
         
           
        •  
          Loads the default AF_XDP BPF prog onto the netdev at Pod creation and manages info regarding the XSKMAP for that netdev.
           
          •  
        •  
          Mounts a UDS as a hostpath volume in the Pod OR creates a BPFFS per netdev and pins the   XSKMAP to it, then mounts this BPFFS as a hostpath volume in the Pod.
           
          •  
        •  
          Shares the XSKMAP file descriptor via UDS (involves a handshake with the Pod).
           
          •  
         
        The role of the AF_XDP DP in eBPF program/map management after bpfman integration:
         
           
        •  
          Uses bpfman's client APIs to load the BPF prog.
           
          •  
        •  
          Shares the XSKMAP (that bpfman pinned ) with the Pod as a hostpath volume.
           
          •  
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-cni-ebpf-programmap-management","title":"AF_XDP CNI eBPF program/map management","text":"
        The role of the AF_XDP CNI in eBPF program/map management prior to bpfman integration:
         
           
        • Unloads the eBPF program when a device is returned to the Host network namespace.
          •  
         
        The role of the AF_XDP CNI in eBPF program/map management after bpfman integration:
         
           
        • Uses gRPC to signal to the Device Plugin to request bpfman to unload the eBPF program   using the client APIs.
          •  
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#is-there-a-working-example","title":"Is there a working example?","text":"
        The bpfman integration with the AF_XDP Device Plugin and CNI was demo'ed as part of a series of demos that show the migration of a DPDK application to AF_XDP (without) any application modification. The demo can be watched below:
         
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cnis-integration-with-bpfman-in-images","title":"AF_XDP DP and CNI's integration with bpfman in images","text":"
        The following sections will present the evolution of the AF_XDP DP and CNI from independent eBPF program management to leveraging bpfman to manage eBPF programs on their behalf.
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-managing-ebpf-programs-independently","title":"AF_XDP DP and CNI managing eBPF programs independently","text":"
        The following diagram details how the AF_XDP DP and CNI worked prior to bpfman integration.
         
         
           
        1.  
          Setup Subfunctions on the network devices (if the are supported/being used).
           
          2.  
        2.  
          Create an AF_XDP DP and CNI configuration file to setup the device resource pools and    deploy the DP and CNI.
           
          3.  
        3.  
          When the AF_XDP DP runs it will discover the netdevs on the host and create the resource pools.
           
          4.  
        4.  
          The AF_XDP DP registers the resource pools with Kubelet.
           
          5.  
        5.  
          When a pod (that requests an AF_XDP resource) is started, Kubelet will send an Allocate()    request to the AF_XDP DP. The AF_XDP DP loads the eBPF program on the interface and mounts the    UDS in the pod and sets some environment variables in the pod using the Downward API.
           
          6.  
         
        NOTE: In the case where eBPF map pinning is used rather than the UDS, the AF_XDP    DP will create a BPFFS where it pins the XSKMAP and mounts the BPFFS as a hostpath volume    in the pod.
         
           
        1.  
          The AF_XDP DP signals success to the Kubelet so that the device is added to the pod.
           
          2.  
        2.  
          Kubelet triggers multus, which in turn triggers the AF_XDP CNI. The CNI does the relevant network    configuration and moves the netdev into the pod network namespace.
           
          3.  
        3.  
          The application in the pod start and initiates a handshake with the AF_XDP DP over the mounted UDS    to retrieve the XSKMAP FD.
           
          4.  
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-integrated-with-bpfman-no-csi","title":"AF_XDP DP and CNI integrated with bpfman (no csi)","text":"
        The following diagram details how the AF_XDP DP and CNI worked after bpfman integration.
         
         
        The main difference here is that when the Allocate() request comes in from Kubelet, the AF_XDP DP uses the bpfman client API to load the eBPF program on the relevant netdev. It takes note of where bpfman pins the XSKMAP and mounts this directory as a hostpath volume in the pod.
        "},{"location":"blog/2024/02/27/bpfmans-integration-with-the-af_xdp-device-plugin-and-cni-for-kubernetes/#af_xdp-dp-and-cni-integrated-with-bpfman-with-csi","title":"AF_XDP DP and CNI integrated with bpfman (with csi)","text":"
        The following diagram details how the AF_XDP DP and CNI will work with bpfman leveraging the new CSI implementation.
         
         
        The pod will include a volume definition as follows:
         
           volumes:\n   - name: bpf-maps\n     csi:\n       driver: csi.bpfman.dev\n       volumeAttributes:\n         csi.bpfman.dev/thru-annotations: true\n
         
        The idea here is when the Allocate() request comes in from Kubelet, the AF_XDP DP uses the bpfman client API to load the eBPF program on the relevant netdev. The AF_XDP DP will annotate the pod with the XdpProgram name, map and mountpath. When the bpfman CSI plugin is triggered by Kubelet, it will retrieve the information it needs from the pod annotations in order to pin the map inside the Pod.
        "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/","title":"bpfd becomes bpfman","text":"
        Bpfd is now bpfman! We've renamed the project to better reflect the direction we're taking. We're still the same project, just with a new name.
        "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#why-the-name-change","title":"Why the name change?","text":"
        We've been using the name bpfd for a while now, but we were not the first to use it. There were projects before us that used the name bpfd, but since most were inactive, originally we didn't see this as an issue.
         
        More recently though the folks at Meta have started using the name systemd-bpfd for their proposed addition to systemd.
         
        In addition, we've been thinking about the future of the project, and particularly about security and whether it's wise to keep something with CAP_BPF capabilities running as a daemon - even if we've been very careful. This is similar to the issues faced by docker which eventually lead to the creation of podman.
         
        This issue led us down the path of redesigning the project to be daemonless. We'll be implementing these changes in the coming months and plan to perform our first release as bpfman in Q1 of 2024.
         
        The 'd' in bpfd stood for daemon, so with our new design and the confusion surrounding the name bpfd we though it was time for a change.
         
        Since we're a BPF manager, we're now bpfman! It's also a nice homage to podman, which we're big fans of.
        "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#what-does-this-mean-for-me","title":"What does this mean for me?","text":"
        If you're a developer of bpfman you will need to update your Git remotes to point at our new organization and repository name. Github will redirect these for a while, but we recommend updating your remotes as soon as possible.
         
        If you're a user of bpfd or the bpfd-operator then version 0.3.1 will be the last release under the bpfd name. We will continue to support you as best we can, but we recommend upgrading to bpfman as soon as our first release is available.
        "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#whats-next","title":"What's next?","text":"
        We've hinted at some of the changes we're planning, and of course, our roadmap is always available in Github. It's worth mentioning that we're also planning to expand our release packages to include RPMs and DEBs, making it even easier to install bpfman on your favorite Linux distribution.
        "},{"location":"blog/2023/11/23/bpfd-becomes-bpfman/#thanks","title":"Thanks!","text":"
        We'd like to thank everyone who has contributed to bpfd over the years. We're excited about the future of bpfman and we hope you are too! Please bear with us as we make this transition, and if you have any questions or concerns, please reach out to us on Slack. We're in the '#bpfd' channel, but we'll be changing that to '#bpfman' soon.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/","title":"Technical Challenges for Attaching eBPF Programs in Containers","text":"
        We recently added support for attaching uprobes inside containers. The purpose of this blog is to give a brief overview of the feature, to document the technical challenges encountered, and describe our solutions for those challenges. In particular, how to attach an eBPF program inside of a container, and how to find the host Process ID (PID) on the node for the container?
         
        The solutions seem relatively straightforward now that they are done, but we found limited information elsewhere, so we thought it would be helpful to document them here.
         
        The uprobe implementation will be used as the example in this blog, but the concepts can (and will eventually) be applied to other program types.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#introduction","title":"Introduction","text":"
        A \"uprobe\" (user probe) is a type of eBPF program that can be attached to a specific location in a user-space application. This allows developers and system administrators to dynamically instrument a user-space binary to inspect its behavior, measure performance, or debug issues without modifying the application's source code or binary. When the program execution reaches the location to which the uprobe is attached, the eBPF program associated with the uprobe is executed.
         
        bpfman support for uprobes has existed for some time.  We recently extended this support to allow users to attach uprobes inside of containers both in the general case of a container running on a Linux server and also for containers running in a Kubernetes cluster.
         
        The following is a bpfman command line example for loading a uprobe inside a container:
         
        bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe --fn-name \"malloc\" --target \"libc\" --container-pid 102745\n
         
        The above command instructs bpfman to attach a uprobe to the malloc function in the libc library for the container with PID 102745. The main addition here is the ability to specify a container-pid, which is the PID of the container as it is known to the host server.
         
        The term \"target\" as used in the above bpfman command (and the CRD below) describes the library or executable that we want to attach the uprobe to.  The fn-name (the name of the function within that target) and/or an explicit \"offset\" can be used to identify a specific offset from the beginning of the target.  We also use the term \"target\" more generally to describe the intended location of the uprobe.
         
        For Kubernetes, the CRD has been extended to include a \"container selector\" to describe one or more containers as shown in the following example.
         
        apiVersion: bpfman.io/v1alpha1\nkind: UprobeProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: uprobeprogram\n  name: uprobe-example-containers\nspec:\n  # Select all nodes\n  nodeselector: {}\n  bpffunctionname: my_uprobe\n  func_name: malloc\n  # offset: 0 # optional offset w/in function\n  target: libc\n  retprobe: false\n  # pid: 0 # optional pid to execute uprobe for\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/uprobe:latest\n  containers:      <=== New section for specifying containers to attach uprobe to\n    namespace: bpfman\n    pods:\n      matchLabels:\n        name: bpfman-daemon\n    containernames:\n      - bpfman\n      - bpfman-agent\n
         
        In the Kubernetes case, the container selector (containers) is used to identify one or more containers in which to attach the uprobe. If containers identifies any containers on a given node, the bpfman agent on that node will determine their host PIDs and make the calls to bpfman to attach the uprobes.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#attaching-uprobes-in-containers","title":"Attaching uprobes in containers","text":"
        A Linux \"mount namespace\" is a feature that isolates the mount points seen by a group of processes. This means that processes in different mount namespaces can have different views of the filesystem.  A container typically has its own mount namespace that is isolated both from those of other containers and its parent. Because of this, files that are visible in one container are likely not visible to other containers or even to the parent host (at least not directly). To attach a uprobe to a file in a container, we need to have access to that container's mount namespace so we can see the file to which the uprobe needs to be attached.
         
        From a high level, attaching a uprobe to an executable or library in a container is relatively straight forward. bpfman needs to change to the mount namespace of the container, attach the uprobe to the target in that container, and then return to our own mount namespace so that we can save the needed state and continue processing other requests.
         
        The main challenges are:
         
           
        1. Changing to the mount namespace of the target container.
          2.  
        2. Returning to the bpfman mount namespace.
          3.  
        3. setns (at least for the mount namespace) can't be called from a    multi-threaded application, and bpfman is currently multithreaded.
          4.  
        4. How to find the right PID for the target container.
          5.  
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#the-mount-namespace","title":"The Mount Namespace","text":"
        To enter the container namespace, bpfman uses the sched::setns function from the Rust nix crate. The setns function requires the file descriptor for the mount namespace of the target container.
         
        For a given container PID, the namespace file needed by the setns function can be found in the /proc/<PID>/ns/ directory. An example listing for the PID 102745 directory is shown below:
         
        sudo ls -l /proc/102745/ns/\ntotal 0\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 cgroup -> 'cgroup:[4026531835]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 ipc -> 'ipc:[4026532858]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 mnt -> 'mnt:[4026532856]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:07 net -> 'net:[4026532860]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 pid -> 'pid:[4026532859]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 pid_for_children -> 'pid:[4026532859]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 time -> 'time:[4026531834]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 time_for_children -> 'time:[4026531834]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 user -> 'user:[4026531837]'\nlrwxrwxrwx 1 root root 0 Feb 15 12:10 uts -> 'uts:[4026532857]'\n
         
        In this case, the mount namespace file is /proc/102745/ns/mnt. 
         
        NOTE: How to find the PID and the relationship between parent and child PIDs is described in the \"Finding The PID\" section below.
         
        When running directly on a Linux server, bpfman has access to the host /proc directory and can access the mount namespace file for any PID.  However, on Kubernetes, bpfman runs in a container, so it doesn't have access to the namespace files of other containers or the /proc directory of the host by default. Therefore, in the Kubernetes implementation, /proc is mounted in the bpfman container so it has access to the ns directories of other containers. 
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#returning-to-the-bpfman-mount-namespace","title":"Returning to the bpfman Mount Namespace","text":"
        After bpfman does a setns to the target container mount namespace, it has access to the target binary in that container.  However, it only has access to that container's view of the filesystem, and in most cases, this does not include access to bpfman's filesystem or the host filesystem.  As a result, bpfman loses the ability to access its own mount namespace file.
         
        However, before calling setns, bpfman has access to it's own mount namespace file.  Therefore, to avoid getting stranded in a different mount namespace, bpfman also opens its own mount namespace file prior to calling setns so it already has the file descriptor that will allow it to call setns to return to its own mount namespace.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#running-setns-from-a-multi-threaded-process","title":"Running setns From a Multi-threaded Process","text":"
        Calling setns to a mount namespace doesn't work from a multi-threaded process.
         
        To work around this issue, the logic was moved to a standalone single-threaded executable called bpfman-ns that does the job of entering the namespace, attaching the uprobe, and then returning to the bpfman namespace to save the needed info.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#finding-the-pid","title":"Finding the PID","text":""},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#finding-a-host-container-pid-on-a-linux-server","title":"Finding a Host Container PID on a Linux Server","text":"
        This section provides an overview of PID namespaces and shows several ways to find the host PID for a container.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#tldr","title":"tl;dr","text":"
        If you used Podman or Docker to run your container, and you gave the container a unique name, the following commands can be used to find the host PID of a container.
         
        podman inspect -f '{{.State.Pid}}' <CONTAINER_NAME>\n
         
        or, similarly,
         
        docker inspect -f '{{.State.Pid}}'  <CONTAINER_NAME>\n
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#overview-of-pid-namespaces-and-container-host-pids","title":"Overview of PID namespaces and Container Host PIDs","text":"
        Each container has a PID namespace. Each PID namespace (other than the root) is contained within a parent PID namespace. In general, this relationship is hierarchical and PID namespaces can be nested within other PID namespaces. In this section, we will just cover the case of a root PID namepsace on a Linux server that has containers with PID namespaces that are direct children of the root. The multi-level case is described in the section on Nested Containers with kind below.
         
        The PID namespaces can be listed using the lsns -t pid command. Before we start any containers, we just have the one root pid namespace as shown below.
         
        sudo lsns -t pid\n        NS TYPE NPROCS PID USER COMMAND\n4026531836 pid     325   1 root /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n
         
        Now lets start a container with the following command in a new shell:
         
        podman run -it --name=container_1 fedora:latest /bin/bash\n
         
        NOTE: In this section, we are using podman to run containers. However, all of the same commands can also be used with docker.
         
        Now back on the host we have:
         
        sudo lsns -t pid\n        NS TYPE NPROCS    PID USER      COMMAND\n4026531836 pid     337      1 root      /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n4026532948 pid       1 150342 user_abcd /bin/bash\n
         
        We can see that the host PID for the container we just started is 150342.
         
        Now let's start another container in a new shell with the same command (except with a different name), and run the lsns command again on the host.
         
        podman run -it --name=container_2 fedora:latest /bin/bash\n
         
        On the host:
         
        sudo lsns -t pid\n        NS TYPE NPROCS    PID USER      COMMAND\n4026531836 pid     339      1 root      /usr/lib/systemd/systemd rhgb --switched-root --system --deserialize 30\n4026532948 pid       1 150342 user_abcd /bin/bash\n4026533041 pid       1 150545 user_abcd /bin/bash\n
         
        We now have 3 pid namespaces -- one for root and two for the containers. Since we already know that the first container had PID 150342 we can conclude that the second container has PID 150545. However, what would we do if we didn't already know the PID for one of the containers?  
         
        If the container we were interested in was running a unique command, we could use that to disambiguate. However, in this case, both are running the same /bin/bash command.
         
        If something unique is running inside of the container, we can use the ps -e -o pidns,pid,args command to get some info.
         
        For example, run sleep 1111 in container_1, then
         
        sudo ps -e -o pidns,pid,args | grep 'sleep 1111'\n4026532948  150778 sleep 1111\n4026531836  151002 grep --color=auto sleep 1111\n
         
        This tells us that the sleep 1111 command is running in PID namespace 4026532948. And,
         
        sudo lsns -t pid | grep 4026532948\n4026532948 pid       2 150342 user_abcd /bin/bash\n
         
        Tells us that the container's host PID is 150342.
         
        Alternatively, we could run lsns inside of container_1.
         
        dnf install -y util-linux\nlsns -t pid\n        NS TYPE NPROCS PID USER COMMAND\n4026532948 pid       2   1 root /bin/bash\n
         
        This tells us a few interesting things. 
         
           
        1. Inside the container, the PID is 1,
          2.  
        2. We can't see any of the other PID namespaces inside the container.
          3.  
        3. The container PID namespace is 4026532948.
          4.  
         
        With the container PID namespace, we can run the lsns -t pid | grep 4026532948 command as we did above to find the container's host PID
         
        Finally, the container runtime knows the pid mapping. As mentioned at the beginning of this section, if the unique name of the container is known, the following command can be used to get the host PID.
         
        podman inspect -f '{{.State.Pid}}' container_1\n150342\n
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#how-bpfman-agent-finds-the-pid-on-kubernetes","title":"How bpfman Agent Finds the PID on Kubernetes","text":"
        When running on Kubernetes, the \"containers\" field in the UprobeProgram CRD can be used to identify one or more containers using the following information:
         
           
        • Namespace
          •  
        • Pod Label
          •  
        • Container Name
          •  
         
        If the container selector matches any containers on a given node, the bpfman-agent determines the host PID for those containers and then calls bpfman to attach the uprobe in the container with the given PID.
         
        From what we can tell, there is no way to find the host PID for a container running in a Kubernetes pod from the Kubernetes interface. However, the container runtime does know this mapping. 
         
        The bpfman-agent implementation uses multiple steps to find the set of PIDs on a given node (if any) for the containers that are identified by the container selector.
         
           
        1. It uses the Kubernetes interface to get a list of pods on the local node that    match the container selector.
          2.  
        2. It uses use crictl with the names of the pods found to get the pod IDs
          3.  
        3. It uses crictl with the pod ID to find the containers in those pods and    then checks whether any match the container selector.
          4.  
        4. Finally, it uses crictl with the pod IDs found to get the host PIDs for the    containers.
          5.  
         
        As an example, the bpfman.io_v1alpha1_uprobe_uprobeprogram_containers.yaml file can be used with the kubectl apply -f command to install uprobes on two of the containers in the bpfman-agent pod. The bpfman code does this programmatically, but we will step through the process of finding the host PIDs for the two containers here using cli commands to demonstrate how it works.
         
        We will use a kind deployment with bpfman for this demo. See Deploy Locally via KIND for instructions on how to get this running.
         
        The container selector in the above yaml file is the following.
         
          containers:\n    namespace: bpfman\n    pods:\n      matchLabels:\n        name: bpfman-daemon\n    containernames:\n      - bpfman\n      - bpfman-agent\n
         
        bpfman accesses the Kubernetes API and uses crictl from the bpfman-agent container. However, the bpfman-agent container doesn't have a shell by default, so we will run the examples from the bpfman-deployment-control-plane node, which will yield the same results. bpfman-deployment-control-plane is a docker container in our kind cluster, so enter the container.
         
        docker exec -it c84cae77f800 /bin/bash\n
         Install crictl.
         
        apt update\napt install wget\nVERSION=\"v1.28.0\"\nwget https://github.com/kubernetes-sigs/cri-tools/releases/download/$VERSION/crictl-$VERSION-linux-amd64.tar.gz\ntar zxvf crictl-$VERSION-linux-amd64.tar.gz -C /usr/local/bin\nrm -f crictl-$VERSION-linux-amd64.tar.gz\n
         
        First use kubectl to get the list of pods that match our container selector.
         
        kubectl get pods -n bpfman -l name=bpfman-daemon\nNAME                  READY   STATUS    RESTARTS   AGE\nbpfman-daemon-cv9fm   3/3     Running   0          6m54s\n
         
        NOTE: The bpfman code also filters on the local node, but we only have one node in this deployment, so we'll ignore that here.
         
        Now, use crictl with the name of the pod found to get the pod ID.
         
        crictl pods --name bpfman-daemon-cv9fm\nPOD ID              CREATED             STATE               NAME                  NAMESPACE           ATTEMPT             RUNTIME\ne359900d3eca5       46 minutes ago      Ready               bpfman-daemon-cv9fm   bpfman              0                   (default)\n
         
        Now, use the pod ID to get the list of containers in the pod.
         
        crictl ps --pod e359900d3eca5\nCONTAINER           IMAGE               CREATED             STATE               NAME                    ATTEMPT             POD ID              POD\n5eb3b4e5b45f8       50013f94a28d1       48 minutes ago      Running             node-driver-registrar   0                   e359900d3eca5       bpfman-daemon-cv9fm\n629172270a384       e507ecf33b1f8       48 minutes ago      Running             bpfman-agent            0                   e359900d3eca5       bpfman-daemon-cv9fm\n6d2420b80ddf0       86a517196f329       48 minutes ago      Running             bpfman                  0                   e359900d3eca5       bpfman-daemon-cv9fm\n
         
        Now use the container IDs for the containers identified in the container selector to get the PIDs of the containers.
         
        # Get PIDs for bpfman-agent container\ncrictl inspect 629172270a384 | grep pid\n    \"pid\": 2158,\n            \"pid\": 1\n            \"type\": \"pid\"\n\n# Get PIDs for bpfman container\ncrictl inspect 6d2420b80ddf0 | grep pid\n    \"pid\": 2108,\n            \"pid\": 1\n            \"type\": \"pid\"\n
         
        From the above output, we can tell that the host PID for the bpfman-agent container is 2158, and the host PID for the bpfman container is 2108. So, now bpfman-agent would have the information needed to call bpfman with a request to install a uprobe in the containers.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#nested-containers-with-kind","title":"Nested Containers with kind","text":"
        kind is a tool for running local Kubernetes clusters using Docker container \u201cnodes\u201d. The kind cluster we used for the previous section had a single node.
         
        $ kubectl get nodes\nNAME                              STATUS   ROLES           AGE   VERSION\nbpfman-deployment-control-plane   Ready    control-plane   24h   v1.27.3\n
         
        We can see the container for that node on the base server from Docker as follows.
         
        docker ps\nCONTAINER ID   IMAGE                  COMMAND                  CREATED        STATUS        PORTS                       NAMES\nc84cae77f800   kindest/node:v1.27.3   \"/usr/local/bin/entr\u2026\"   25 hours ago   Up 25 hours   127.0.0.1:36795->6443/tcp   bpfman-deployment-control-plane\n
         
        Our cluster has a number of pods as shown below.
         
        kubectl get pods -A\nNAMESPACE            NAME                                                      READY   STATUS    RESTARTS   AGE\nbpfman               bpfman-daemon-cv9fm                                       3/3     Running   0          24h\nbpfman               bpfman-operator-7f67bc7c57-bpw9v                          2/2     Running   0          24h\nkube-system          coredns-5d78c9869d-7tw9b                                  1/1     Running   0          24h\nkube-system          coredns-5d78c9869d-wxwfn                                  1/1     Running   0          24h\nkube-system          etcd-bpfman-deployment-control-plane                      1/1     Running   0          24h\nkube-system          kindnet-lbzw4                                             1/1     Running   0          24h\nkube-system          kube-apiserver-bpfman-deployment-control-plane            1/1     Running   0          24h\nkube-system          kube-controller-manager-bpfman-deployment-control-plane   1/1     Running   0          24h\nkube-system          kube-proxy-sz8v9                                          1/1     Running   0          24h\nkube-system          kube-scheduler-bpfman-deployment-control-plane            1/1     Running   0          24h\nlocal-path-storage   local-path-provisioner-6bc4bddd6b-22glj                   1/1     Running   0          24h\n
         
        Using the lsns command in the node's docker container, we can see that it has a number of PID namespaces (1 for each container that is running in the pods in the cluster), and all of these containers are nested inside of the docker \"node\" container shown above.
         
        lsns -t pid\n        NS TYPE NPROCS   PID USER  COMMAND\n# Note: 12 rows have been deleted below to save space\n4026532861 pid      17     1 root  /sbin/init\n4026532963 pid       1   509 root  kube-scheduler --authentication-kubeconfig=/etc/kubernetes/scheduler.conf --authorization-kubeconfig=/etc/kubernetes/scheduler.conf --bind-addre\n4026532965 pid       1   535 root  kube-controller-manager --allocate-node-cidrs=true --authentication-kubeconfig=/etc/kubernetes/controller-manager.conf --authorization-kubeconfi\n4026532967 pid       1   606 root  kube-apiserver --advertise-address=172.18.0.2 --allow-privileged=true --authorization-mode=Node,RBAC --client-ca-file=/etc/kubernetes/pki/ca.crt\n4026532969 pid       1   670 root  etcd --advertise-client-urls=https://172.18.0.2:2379 --cert-file=/etc/kubernetes/pki/etcd/server.crt --client-cert-auth=true --data-dir=/var/lib\n4026532972 pid       1  1558 root  local-path-provisioner --debug start --helper-image docker.io/kindest/local-path-helper:v20230510-486859a6 --config /etc/config/config.json\n4026533071 pid       1   957 root  /usr/local/bin/kube-proxy --config=/var/lib/kube-proxy/config.conf --hostname-override=bpfman-deployment-control-plane\n4026533073 pid       1  1047 root  /bin/kindnetd\n4026533229 pid       1  1382 root  /coredns -conf /etc/coredns/Corefile\n4026533312 pid       1  1896 65532 /usr/local/bin/kube-rbac-proxy --secure-listen-address=0.0.0.0:8443 --upstream=http://127.0.0.1:8174/ --logtostderr=true --v=0\n4026533314 pid       1  1943 65532 /bpfman-operator --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174 --leader-elect\n4026533319 pid       1  2108 root  ./bpfman system service --timeout=0 --csi-support\n4026533321 pid       1  2158 root  /bpfman-agent --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174\n4026533323 pid       1  2243 root  /csi-node-driver-registrar --v=5 --csi-address=/csi/csi.sock --kubelet-registration-path=/var/lib/kubelet/plugins/csi-bpfman/csi.sock\n
         We can see the bpfman containers we were looking at earlier in the output above. Let's take a deeper look at the bpfman-agent container that has a PID of 2158 on the Kubernetes node container and a PID namespace of 4026533321. If we go back to the base server, we can find the container's PID there.
         
        sudo lsns -t pid | grep 4026533321\n4026533321 pid       1 222225 root  /bpfman-agent --health-probe-bind-address=:8175 --metrics-bind-address=127.0.0.1:8174\n
         
        This command tells us that the PID of our bpfman-agent is 222225 on the base server. The information for this PID is contained in /proc/222225.  The following command will show the PID mappings for that one container at each level.
         
        sudo grep NSpid /proc/222225/status\nNSpid:  222225  2158    1\n
         
        The output above tells us that the PIDs for the bpfman-agent container are 222225 on the base server, 2158 in the Docker \"node\" container, and 1 inside the container itself.
        "},{"location":"blog/2024/02/26/technical-challenges-for-attaching-ebpf-programs-in-containers/#moving-forward","title":"Moving Forward","text":"
        As always, there is more work to do. The highest priority goals are to support additional eBPF program types and to use the Container Runtime Interface directly.
         
        We chose uprobes first because we had a user with a specific need. However, there are use cases for other eBPF program types.
         
        We used crictl in this first implementation because it already exists, supports multiple container runtimes, handles the corner cases, and is maintained. This allowed us to focus on the bpfman implementation and get the feature done more quickly. However, it would be better to access the container runtime interface directly rather than using an external executable.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/","title":"bpfman: A Novel Way to Manage eBPF","text":"
        In today's cloud ecosystem, there's a demand for low-level system access to enable high-performance observability, security, and networking functionality for applications. Historically these features have been implemented in user space, however, the ability to program such functionality into the kernel itself can provide many benefits including (but not limited to) performance. Regardless, many Linux users still opt away from in-tree or kernel module development due to the slow rate of iteration and ensuing large management burden.  eBPF has emerged as a technology in the Linux Kernel looking to change all that.
         
        eBPF is a simple and efficient way to dynamically load programs into the kernel at runtime, with safety and performance provided by the kernel itself using a Just-In-Time (JIT) compiler and verification process. There are a wide variety of program types one can create with eBPF, which include everything from networking applications to security systems.
         
        However, eBPF is still a fairly nascent technology and it's not all kittens and rainbows. The process of developing, testing, deploying, and maintaining eBPF programs is not a road well traveled yet, and the story gets even more complicated when you want to deploy your programs in a multi-node system, such as a Kubernetes cluster. It was these kinds of problems that motivated the creation of bpfman, a system daemon for loading and managing eBPF programs in both traditional systems and Kubernetes clusters. In this blog post, we'll discuss the problems bpfman can help solve, and how to deploy and use it.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#current-challenges-with-developing-and-deploying-ebpf-programs","title":"Current Challenges with Developing and Deploying eBPF Programs","text":"
        While some organizations have had success developing, deploying, and maintaining production software which includes eBPF programs, the barrier to entry is still very high.
         
        Following the basic eBPF development workflow, which often involves many hours trying to interpret and fix mind-bending eBPF verifier errors, the process of deploying a program in testing and staging environments often results in a lot of custom program loading and management functionality specific to the application. When moving to production systems in environments like Kubernetes clusters the operational considerations continue to compound.
         
        Security is another significant challenge, which we will cover in more depth in a follow-on blog.  However, at a high level, applications that use eBPF typically load their own eBPF programs, which requires at least CAP_BPF.  Many BPF programs and attach points require additional capabilities from CAP_SYS_PTRACE, CAP_NET_ADMIN and even including CAP_SYS_ADMIN.  These privileges include capabilities that aren\u2019t strictly necessary for eBPF and are too coarsely grained to be useful.  Since the processes that load eBPF are usually long-lived and often don\u2019t drop privileges it leaves a wide attack surface.
         
        While it doesn't solve all the ergonomic and maintenance problems associated with adopting eBPF, bpfman does try to address several of these issues -- particularly as it pertains to security and the lifecycle management of eBPF programs. In the coming sections, we will go into more depth about what eBPF does, and how it can help reduce the costs associated with deploying and managing eBPF-powered workloads.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-overview","title":"bpfman Overview","text":"
        The bpfman project provides a software stack that makes it easy to manage the full lifecycle of eBPF programs.  In particular, it can load, unload, modify, and monitor eBPF programs on a single host, or across a full Kubernetes cluster. The key components of bpfman include the bpfman daemon itself which can run independently on any Linux box, an accompanying Kubernetes Operator designed to bring first-class support to clusters via Custom Resource Definitions (CRDs), and eBPF program packaging.
         
        These components will be covered in more detail in the following sections.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-daemon","title":"bpfman Daemon","text":"
        The bpfman daemon works directly with the operating system to manage eBPF programs.  It loads, updates, and unloads eBPF programs, pins maps, and provides visibility into the eBPF programs loaded on a system.  Currently, bpfman fully supports XDP, TC, Tracepoint, uProbe, and kProbe eBPF programs. In addition, bpfman can display information about all types of eBPF programs loaded on a system whether they were loaded by bpfman or some other mechanism. bpfman is developed in the Rust programming language and uses Aya, an eBPF library which is also developed in Rust.
         
        When used on an individual server, bpfman runs as a system daemon, and applications communicate with it using a gRPC API.  bpfman can also be used via a command line which in turn uses the gRPC API. The following is an example of using bpfman to load and attach an xdp program.
         
        bpfman load-from-image -g GLOBAL_u8=01 -i quay.io/bpfman-bytecode/xdp_pass:latest xdp -i eth0 -p 100\n
         
        This architecture is depicted in the following diagram.
         
         
        Using bpfman in this manner significantly improves security because the API is secured using mTLS, and only bpfman needs the privileges required to load and manage eBPF programs and maps.
         
        Writing eBPF code is tough enough as it is.  Typically, an eBPF-based application would need to also implement support for the lifecycle management of the required eBPF programs.  bpfman does that for you and allows you to focus on developing your application.
         
        Another key functional advantage that bpfman offers over libbpf or the Cilium ebpf-go library is support for multiple XDP programs. Standard XDP only allows a single XDP program on a given interface, while bpfman supports loading multiple XDP programs on each interface using the multi-prog protocol defined in libxdp. This allows the user to add, delete, update, prioritize, and re-prioritize the multiple programs on each interface. There is also support to configure whether the flow of execution should terminate and return or continue to the next program in the list based on the return value.
         
        While TC natively supports multiple programs on each attach point, it lacks the controls and flexibility enabled by the multi-prog protocol. bpfman therefore also supports the same XDP multi-prog solution for TC programs which has the added benefit of a consistent user experience for both XDP and TC programs.
         
        eBPF programs are also difficult to debug on a system.  The visibility provided by bpfman can be a key tool in understanding what is deployed and how they may interact.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#bpfman-kubernetes-support","title":"bpfman Kubernetes Support","text":"
        The benefits of bpfman are brought to Kubernetes by the bpfman operator.  The bpfman operator is developed in Go using the Operator SDK framework, so it should be familiar to most Kubernetes application developers. The bpfman operator deploys a daemonset, containing both bpfman and the bpfman agent processes on each node. Rather than making requests directly to bpfman with the gRPC API or CLI as described above, Kubernetes applications use bpfman custom resource definitions (CRDs) to make requests to bpfman to load and attach eBPF programs.  bpfman uses two types of CRDs; Program CRDs for each eBPF program type (referred to as *Program CRDs, where * = Xdp, Tc, etc.) created by the application to express the desired state of an eBPF program on the cluster, and per node BpfProgram CRDs created by the bpfman agent to report the current state of the eBPF program on each node.
         
        Using XDP as an example, the application can request that an XDP program be loaded on multiple nodes using the XdpProgram CRD, which includes the necessary information such as the bytecode image to load, interface to attach it to, and priority.  An XdpProgram CRD that would do the same thing as the CLI command shown above on every node in a cluster is shown below.
         
        apiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 0\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8:\n      - 0x01\n
         
        The bpfman agent on each node watches for the *Program CRDs, and makes calls to the local instance of bpfman as necessary to ensure that the state on the local node reflects the state requested in the *Program CRD.  The bpfman agent on each node in turn creates and updates a BpfProgram object for the *Program CRD that reflects the state of the program on that node and reports the eBPF map information for the program.  The following is the BpfProgram CRD on one node for the above XdpProgram CRD.
         
        kubectl get bpfprograms.bpfman.io xdp-pass-all-nodes-bpfman-deployment-control-plane-eth0 -o yaml\n
         
        apiVersion: bpfman.io/v1alpha1\nkind: BpfProgram\nmetadata:\n  annotations:\n    bpfman.io.xdpprogramcontroller/interface: eth0\n  creationTimestamp: \"2023-08-29T22:08:12Z\"\n  finalizers:\n  - bpfman.io.xdpprogramcontroller/finalizer\n  generation: 1\n  labels:\n    bpfman.io/ownedByProgram: xdp-pass-all-nodes\n    kubernetes.io/hostname: bpfman-deployment-control-plane\n  name: xdp-pass-all-nodes-bpfman-deployment-control-plane-eth0\n  ownerReferences:\n  - apiVersion: bpfman.io/v1alpha1\n    blockOwnerDeletion: true\n    controller: true\n    kind: XdpProgram\n    name: xdp-pass-all-nodes\n    uid: 838dc2f8-a348-427e-9dc4-f6a6ea621930\n  resourceVersion: \"2690\"\n  uid: 5a622961-e5b0-44fe-98af-30756b2d0b62\nspec:\n  type: xdp\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-08-29T22:08:14Z\"\n    message: Successfully loaded bpfProgram\n    reason: bpfmanLoaded\n    status: \"True\"\n    type: Loaded\n
         
        Finally, the bpfman operator watches for updates to the BpfProgram objects and reports the global state of each eBPF program.  If the program was successfully loaded on every selected node, it will report success, otherwise, it will identify the node(s) that had a problem.  The following is the XdpProgram CRD as updated by the operator.
         
        kubectl get xdpprograms.bpfman.io xdp-pass-all-nodes -o yaml\n
         
        apiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"xdp-pass-all-nodes\"},\"spec\":{\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/xdp_pass:latest\"}},\"globaldata\":{\"GLOBAL_u8\":[1]},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":0,\"bpffunctionname\":\"pass\"}}\n  creationTimestamp: \"2023-08-29T22:08:12Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\n  resourceVersion: \"2685\"\n  uid: 838dc2f8-a348-427e-9dc4-f6a6ea621930\nspec:\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8: 0x01\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 0\n  proceedon:\n  - pass\n  - dispatcher_return\n  name: pass\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-08-29T22:08:12Z\"\n    message: Waiting for Program Object to be reconciled to all nodes\n    reason: ProgramsNotYetLoaded\n    status: \"True\"\n    type: NotYetLoaded\n  - lastTransitionTime: \"2023-08-29T22:08:12Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
         
        More details about this process can be seen here
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#ebpf-program-packaging","title":"eBPF program packaging","text":"
        The eBPF Bytecode Image specification was created as part of the bpfman project to define a way to package eBPF bytecode as OCI container images.  Its use was illustrated in the CLI and XdpProgram CRD examples above in which the XDP program was loaded from quay.io/bpfman-bytecode/xdp_pass:latest. The initial motivation for this image spec was to facilitate the deployment of eBPF programs in container orchestration systems such as Kubernetes, where it is necessary to provide a portable way to distribute bytecode to all nodes that need it. However, bytecode images have proven useful on standalone Linux systems as well.  When coupled with BPF CO-RE (Compile Once \u2013 Run Everywhere), portability is further enhanced in that applications can use the same bytecode images across different kernel versions without the need to recompile them for each version. Another benefit of bytecode containers is image signing.  There is currently no way to sign and validate raw eBPF bytecode.  However, the bytecode containers can be signed and validated by bpfman using sigstore to improve supply chain security.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#key-benefits-of-bpfman","title":"Key benefits of bpfman","text":"
        This section reviews some of the key benefits of bpfman.  These benefits mostly apply to both standalone and Kubernetes deployments, but we will focus on the benefits for Kubernetes here.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#security","title":"Security","text":"
        Probably the most compelling benefit of using bpfman is enhanced security. When using bpfman, only the bpfman daemon, which can be tightly controlled, needs the privileges required to load eBPF programs, while access to the API can be controlled via standard RBAC methods on a per-application and per-CRD basis. Additionally, the signing and validating of bytecode images enables supply chain security.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#visibility-and-debuggability","title":"Visibility and Debuggability","text":"
        eBPF programs can interact with each other in unexpected ways.  The multi-program support described above helps control these interactions by providing a common mechanism to prioritize and control the flow between the programs.  However, there can still be problems, and there may be eBPF programs running on nodes that were loaded by other mechanisms that you don\u2019t even know about.  bpfman helps here too by reporting all of the eBPF programs running on all of the nodes in a Kubernetes cluster.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#productivity","title":"Productivity","text":"
        As described above, managing the lifecycle of eBPF programs is something that each application currently needs to do on its own.  It is even more complicated to manage the lifecycle of eBPF programs across a Kubernetes cluster.  bpfman does this for you so you don't have to.  eBPF bytecode images help here as well by simplifying the distribution of eBPF bytecode to multiple nodes in a cluster, and also allowing separate fine-grained versioning control for user space and kernel space code.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#demonstration","title":"Demonstration","text":"
        This demonstration is adapted from the instructions documented by Andrew Stoycos here.
         
        These instructions use kind and bpfman release v0.2.1. It should also be possible to run this demo on other environments such as minikube or an actual cluster.
         
        Another option is to build the code yourself and use make run-on-kind
         
        to create the cluster as is described in the given links.  Then, start with step 5.
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#run-the-demo","title":"Run the demo","text":"
        1. Create Kind Cluster
         
        kind create cluster --name=test-bpfman\n
         
        2. Deploy Cert manager
         
        kubectl apply -f https://github.com/cert-manager/cert-manager/releases/download/v1.11.0/cert-manager.yaml\n
         
        3. Deploy bpfman Crds
         
        kubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v0.2.1/bpfman-crds-install-v0.2.1.yaml\n
         
        4. Deploy bpfman-operator
         
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v0.2.1/bpfman-operator-install-v0.2.1.yaml\n
         
        5. Verify the deployment
         
        kubectl get pods -A\n
         
        NAMESPACE            NAME                                              READY   STATUS    RESTARTS   AGE\nbpfman                 bpfman-daemon-nkzpf                                 2/2     Running   0          28s\nbpfman                 bpfman-operator-77d697fdd4-clrf7                    2/2     Running   0          33s\ncert-manager         cert-manager-99bb69456-x8n84                      1/1     Running   0          57s\ncert-manager         cert-manager-cainjector-ffb4747bb-pt4hr           1/1     Running   0          57s\ncert-manager         cert-manager-webhook-545bd5d7d8-z5brw             1/1     Running   0          57s\nkube-system          coredns-565d847f94-gjjft                          1/1     Running   0          61s\nkube-system          coredns-565d847f94-mf2cq                          1/1     Running   0          61s\nkube-system          etcd-test-bpfman-control-plane                      1/1     Running   0          76s\nkube-system          kindnet-lv6f9                                     1/1     Running   0          61s\nkube-system          kube-apiserver-test-bpfman-control-plane            1/1     Running   0          76s\nkube-system          kube-controller-manager-test-bpfman-control-plane   1/1     Running   0          77s\nkube-system          kube-proxy-dtmvb                                  1/1     Running   0          61s\nkube-system          kube-scheduler-test-bpfman-control-plane            1/1     Running   0          78s\nlocal-path-storage   local-path-provisioner-684f458cdd-8gxxv           1/1     Running   0          61s\n
         
        Note that we have the bpfman-operator, bpf-daemon and cert-manager pods running.
         
        6. Deploy the XDP counter program and user space application
         
        kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v0.2.1/go-xdp-counter-install-v0.2.1.yaml\n
         
        7. Confirm that the programs are loaded
         
        Userspace program:
         
        kubectl get pods -n go-xdp-counter\n
         
        NAME                      READY   STATUS              RESTARTS   AGE\ngo-xdp-counter-ds-9lpgp   0/1     ContainerCreating   0          5s\n
         
        XDP program:
         
        kubectl get xdpprograms.bpfman.io -o wide\n
         
        NAME                     BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\ngo-xdp-counter-example   stats             {}             55         {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\n
         
        8. Confirm that the counter program is counting packets.
         
        Notes:
         
           
        • The counters are updated every 5 seconds, and stats are being collected for the pod's primary node interface, which may not have a lot of traffic. However, running the kubectl command below generates traffic on that interface, so run the command a few times and give it a few seconds in between to confirm whether the counters are incrementing.
          •  
        • Replace \"go-xdp-counter-ds-9lpgp\" with the go-xdp-counter pod name for your deployment.
          •  
         
        kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
         
        2023/09/05 16:58:21 1204 packets received\n2023/09/05 16:58:21 13741238 bytes received\n\n2023/09/05 16:58:24 1220 packets received\n2023/09/05 16:58:24 13744258 bytes received\n\n2023/09/05 16:58:27 1253 packets received\n2023/09/05 16:58:27 13750364 bytes received\n
         
        9. Deploy the xdp-pass-all-nodes program with priority set to 50 and   proceedon set to drop as shown below
         
        kubectl apply -f - <<EOF\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 50\n  proceedon:\n    - drop\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\nEOF\n
         
        10. Verify both XDP programs are loaded.
         
        kubectl get xdpprograms.bpfman.io -o wide\n
         
        NAME                     BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\ngo-xdp-counter-example   stats             {}             55         {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\nxdp-pass-all-nodes       pass              {}             50         {\"primarynodeinterface\":true}   [\"drop\"]\n
         
        The priority setting determines the order in which programs attached to the same interface are executed by the dispatcher with a lower number being a higher priority.  The go-xdp-counter-example program was loaded at priority 55, so the xdp-pass-all-nodes program will execute before the go-xdp-counter-example program.
         
        The proceedon setting tells the dispatcher whether to \"proceed\" to execute the next lower priority program attached to the same interface depending on the program's return value.  When we set proceedon to drop, execution will proceed only if the program returns XDP_DROP.  However, the xdp-pass-all-nodes program only returns XDP_PASS, so execution will terminate after it runs.
         
        Therefore, by loading the xdp-pass-all-nodes program in this way, we should have effectively stopped the go-xdp-counter-example program from running.  Let's confirm that.
         
        11. Verify that packet counts are not being updated anymore
         
        Run the following command several times
         
        kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
         
        2023/09/05 17:10:27 1395 packets received\n2023/09/05 17:10:27 13799730 bytes received\n\n2023/09/05 17:10:30 1395 packets received\n2023/09/05 17:10:30 13799730 bytes received\n\n2023/09/05 17:10:33 1395 packets received\n2023/09/05 17:10:33 13799730 bytes received\n
         
        12. Now, change the priority of the xdp-pass program to 60
         
        kubectl apply -f - <<EOF\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\nspec:\n  name: pass\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 60\n  proceedon:\n    - drop\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\nEOF\n
         
        13. Confirm that packets are being counted again
         
        Run the following command several times
         
        kubectl logs go-xdp-counter-ds-9lpgp -n go-xdp-counter | tail\n
         
        2023/09/05 17:12:21 1435 packets received\n2023/09/05 17:12:21 13806214 bytes received\n\n2023/09/05 17:12:24 1505 packets received\n2023/09/05 17:12:24 13815359 bytes received\n\n2023/09/05 17:12:27 1558 packets received\n2023/09/05 17:12:27 13823065 bytes received\n
         
        We can see that the counters are incrementing again.
         
        14. Clean everything up
         
        Delete the programs
         
        kubectl delete xdpprogram xdp-pass-all-nodes\nkubectl delete -f https://github.com/bpfman/bpfman/releases/download/v0.2.0/go-xdp-counter-install-v0.2.0.yaml\n
         
        And/or, delete the whole kind cluster
         
        kind delete clusters test-bpfman\n
        "},{"location":"blog/2023/09/07/bpfman-a-novel-way-to-manage-ebpf/#joining-the-bpfman-community","title":"Joining the bpfman community","text":"
        If you're interested in bpfman and want to get involved, you can connect with the community in multiple ways. If you have some simple questions or need some help feel free to start a discussion. If you find an issue, or you want to request a new feature, please create an issue. If you want something a little more synchronous, the project maintains a #bpfman channel on Kubernetes Slack and we have a weekly community meeting where everyone can join and bring topics to discuss about the project. We hope to see you there!
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/","title":"bpfman's Shift Towards a Daemonless Design and Using Sled: a High Performance Embedded Database","text":"
        As part of issue #860 the community has steadily been converting all of the internal state management to go through a sled database instance which is part of the larger effort to make bpfman completely damonless.
         
        This article will go over the reasons behind the change and dive into some of the details of the actual implementation.
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#why","title":"Why?","text":"
        State management in bpfman has always been a headache, not because there's a huge amount of disparate data but there's multiple representations of the same data. Additionally the delicate filesystem interactions and layout previously used to ensure persistence across restarts often led to issues.
         
        Understanding the existing flow of data in bpfman can help make this a bit clearer:
         
         
        With this design there was a lot of data wrangling required to convert the tonic generated rust bindings for the protocol buffer API into data structures that were useful for bpfman. Specifically, data would arrive via GRPC server as specified in bpfman.v1.rs where rust types are inferred from the protobuf definition. In rpc.rs data was then converted to an internal set of structures defined in command.rs.  Prior to pull request #683 there was an explosion of types, with each bpfman command having it's own set of internal structures and enums.  Now, most of the data for a program that bpfman needs internally for all commands to manage an eBPF program is stored in the ProgramData structure, which we'll take a deeper look at a bit later. Additionally, there is extra complexity for XDP and TC program types which rely on an eBPF dispatcher program to provide multi-program support on a single network interface, however this article will try to instead focus on the simpler examples.
         
        The tree of data stored by bpfman is quite complex and this is made even more complicated since bpfman has to be persistent across restarts. To support this, raw data was often flushed to disk in the form of JSON files (all types in command.rs needed to implement serde's Serialize and Deserialize). Specific significance would also be encoded to bpfman's directory structure, i.e all program related information was encoded in /run/bpfd/programs/<ID>. The extra infrastructure and failure modes introduced by this process was a constant headache, pushing the community to find a better solution.
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#why-sled","title":"Why Sled?","text":"
        Sled is an open source project described in github as \"the champagne of beta embedded databases\". The \"reasons\" for choosing an embedded database from the project website are pretty much spot on:
         
        Embedded databases are useful in several cases:\n\n- you want to store data on disk, without facing the complexity of files\n- you want to be simple, without operating an external database\n- you want to be fast, without paying network costs\n- using disk storage as a building block in your system\n
         
        As discussed in the previous section, persistence across restarts, is one of bpfman's core design constraints, and with sled we almost get it for free! Additionally due to the pervasive nature of data management to bpfman's core workflow the data-store needed to be kept as simple and light weight as possible, ruling out heavier production-ready external database systems such as MySQL or Redis.
         
        Now this mostly focused on why embedded dbs in general, but why did we choose sled...well because it's written in :crab: Rust :crab: of course! Apart from the obvious we took a small dive into the project before rewriting everything by transitioning the OCI bytecode image library to use the db rather than the filesystem.  Overall the experience was extremely positive due to the following:
         
           
        • No more dealing directly with the filesystem, the sled instance is flushed to   the fs automatically every 500 ms by default and for good measure we manually   flush it before shutting down.
          •  
        • The API is extremely simple, traditional get and insert operations function   as expected.
          •  
        • Error handling with sled:Error is relatively simple and easy to map explicitly   to a bpfmanError
          •  
        • The db \"tree\" concept makes it easy to have separate key-spaces within the same   instance.
          •  
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#transitioning-to-sled","title":"Transitioning to Sled","text":"
        Using the new embedded database started with the creation of a sled instance which could be easily shared across all of the modules in bpfman. To do this we utilized a globally available [lazy_static] variable called ROOT_DB in main.rs:
         
        #[cfg(not(test))]\nlazy_static! {\n    pub static ref ROOT_DB: Db = Config::default()\n        .path(STDIR_DB)\n        .open()\n        .expect(\"Unable to open root database\");\n}\n\n#[cfg(test)]\nlazy_static! {\n    pub static ref ROOT_DB: Db = Config::default()\n        .temporary(true)\n        .open()\n        .expect(\"Unable to open temporary root database\");\n}\n
         
        This block creates OR opens the filesystem backed database at /var/lib/bpfman/db database only when the ROOT_DB variable is first accessed, and also allows for the creation of a temporary db instance if running in unit tests. With this setup all of the modules within bpfman can now easily access the database instance by simply using it i.e use crate::ROOT_DB.
         
        Next the existing bpfman structures needed to be flattened in order to work with the db, the central ProgramData can be used to demonstrate how this was completed. Prior to the recent sled conversion that structure looked like:
         
        /// ProgramInfo stores information about bpf programs that are loaded and managed\n/// by bpfd.\n#[derive(Debug, Serialize, Deserialize, Clone, Default)]\npub(crate) struct ProgramData {\n    // known at load time, set by user\n    name: String,\n    location: Location,\n    metadata: HashMap<String, String>,\n    global_data: HashMap<String, Vec<u8>>,\n    map_owner_id: Option<u32>,\n\n    // populated after load\n    kernel_info: Option<KernelProgramInfo>,\n    map_pin_path: Option<PathBuf>,\n    maps_used_by: Option<Vec<u32>>,\n\n    // program_bytes is used to temporarily cache the raw program data during\n    // the loading process.  It MUST be cleared following a load so that there\n    // is not a long lived copy of the program data living on the heap.\n    #[serde(skip_serializing, skip_deserializing)]\n    program_bytes: Vec<u8>,\n}\n
         
        This worked well enough, but as mentioned before the process of flushing the data to disk involved manual serialization to JSON, which needed to occur at a specific point in time (following program load) which made disaster recovery almost impossible and could sometimes result in lost or partially reconstructed state.
         
        With sled the first idea was to completely flatten ALL of bpfman's data into a single key-space, so that program.name now simply turns into a db.get(\"program_<ID>_name\"), however removing all of the core structures would have resulted in a complex diff which would have been hard to review and merge.  Therefore a more staged approach was taken, the ProgramData structure was kept around, and now looks like:
         
        /// ProgramInfo stores information about bpf programs that are loaded and managed\n/// by bpfman.\n#[derive(Debug, Clone)]\npub(crate) struct ProgramData {\n    // Prior to load this will be a temporary Tree with a random ID, following\n    // load it will be replaced with the main program database tree.\n    db_tree: sled::Tree,\n\n    // populated after load, randomly generated prior to load.\n    id: u32,\n\n    // program_bytes is used to temporarily cache the raw program data during\n    // the loading process.  It MUST be cleared following a load so that there\n    // is not a long lived copy of the program data living on the heap.\n    program_bytes: Vec<u8>,\n}\n
         
        All of the fields are now removed in favor of a private reference to the unique [sled::Tree] instance for this ProgramData which is named using the unique kernel id for the program. Each sled::Tree represents a single logical key-space / namespace / bucket which allows key generation to be kept simple, i.e db.get(\"program_<ID>_name\") now can be db_tree_prog_0000.get(\"program_name). Additionally getters and setters are now built for each existing field so that access to the db can be controlled and the serialization/deserialization process can be hidden from the caller:
         
        ...\npub(crate) fn set_name(&mut self, name: &str) -> Result<(), BpfmanError> {\n    self.insert(\"name\", name.as_bytes())\n}\n\npub(crate) fn get_name(&self) -> Result<String, BpfmanError> {\n    self.get(\"name\").map(|v| bytes_to_string(&v))\n}\n...\n
         
        Therefore, ProgramData is now less of a container for program data and more of a wrapper for accessing program data.  The getters/setters act as a bridge between standard Rust types and the raw bytes stored in the database, i.e the [sled::IVec type].
         
        Once this was completed for all the relevant fields on all the relevant types, see pull request #874, the data bpfman needed for it's managed eBPF programs was now automatically synced to disk :partying_face:
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#tradeoffs","title":"Tradeoffs","text":"
        All design changes come with some tradeoffs: for bpfman's conversion to using sled the main negative ended up being with the complexity introduced with the [sled::IVec type]. It is basically just a thread-safe reference-counting pointer to a raw byte slice, and the only type raw database operations can be performed with. Previously when using serde_json all serialization/deserialization was automatically handled, however with sled the conversion is manual handled internally. Therefore, instead of a library handling the conversion of a rust string (std::string::String) to raw bytes &[u8] bpfman has to handle it internally, using [std::string::String::as_bytes] and bpfman::utils::bytes_to_string:
         
        pub(crate) fn bytes_to_string(bytes: &[u8]) -> String {\n    String::from_utf8(bytes.to_vec()).expect(\"failed to convert &[u8] to string\")\n}\n
         
        For strings, conversion was simple enough, but when working with more complex rust data types like HashMaps and Vectors this became a bit more of an issue. For Vectors, we simply flatten the structure into a group of key/values with indexes encoded into the key:
         
            pub(crate) fn set_kernel_map_ids(&mut self, map_ids: Vec<u32>) -> Result<(), BpfmanError> {\n        let map_ids = map_ids.iter().map(|i| i.to_ne_bytes()).collect::<Vec<_>>();\n\n        map_ids.iter().enumerate().try_for_each(|(i, v)| {\n            sled_insert(&self.db_tree, format!(\"kernel_map_ids_{i}\").as_str(), v)\n        })\n    }\n
         
        The sled scan_prefix(<K>) api then allows for easy fetching and rebuilding of the vector:
         
            pub(crate) fn get_kernel_map_ids(&self) -> Result<Vec<u32>, BpfmanError> {\n        self.db_tree\n            .scan_prefix(\"kernel_map_ids_\".as_bytes())\n            .map(|n| n.map(|(_, v)| bytes_to_u32(v.to_vec())))\n            .map(|n| {\n                n.map_err(|e| {\n                    BpfmanError::DatabaseError(\"Failed to get map ids\".to_string(), e.to_string())\n                })\n            })\n            .collect()\n    }\n
         
        For HashMaps, we follow a similar paradigm, except the map key is encoded in the database key:
         
            pub(crate) fn set_metadata(\n        &mut self,\n        data: HashMap<String, String>,\n    ) -> Result<(), BpfmanError> {\n        data.iter().try_for_each(|(k, v)| {\n            sled_insert(\n                &self.db_tree,\n                format!(\"metadata_{k}\").as_str(),\n                v.as_bytes(),\n            )\n        })\n    }\n\n    pub(crate) fn get_metadata(&self) -> Result<HashMap<String, String>, BpfmanError> {\n    self.db_tree\n        .scan_prefix(\"metadata_\")\n        .map(|n| {\n            n.map(|(k, v)| {\n                (\n                    bytes_to_string(&k)\n                        .strip_prefix(\"metadata_\")\n                        .unwrap()\n                        .to_string(),\n                    bytes_to_string(&v).to_string(),\n                )\n            })\n        })\n        .map(|n| {\n            n.map_err(|e| {\n                BpfmanError::DatabaseError(\"Failed to get metadata\".to_string(), e.to_string())\n            })\n        })\n        .collect()\n    }\n
         
        The same result could be achieved by creating individual database trees for each Vector/HashMap instance, however our goal was to keep the layout as flat as possible. Although this resulted in some extra complexity within the data layer, the overall benefits still outweighed the extra code once the conversion was complete.
        "},{"location":"blog/2024/01/15/bpfmans-shift-towards-a-daemonless-design-and-using-sled-a-high-performance-embedded-database/#moving-forward-and-getting-involved","title":"Moving forward and Getting Involved","text":"
        Once the conversion to sled is fully complete, see issue #860, the project will be able to completely transition to becoming a library without having to worry about data and state management.
         
        If you are interested in in memory databases, eBPF, Rust, or any of the technologies discussed today please don't hesitate to reach out at kubernetes slack on channel #bpfman or join one of the community meetings to get involved.
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/","title":"Community Meeting: January 4, 2024","text":""},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#welcome-to-2024","title":"Welcome to 2024!","text":"
        Welcome to the first bpfman Community Meeting of 2024. We are happy to start off a new year and excited for all the changes in store for bpfman in 2024!
         
        Below were some of the discussion points from this weeks Community Meeting.
         
           
        • bpfman-csi Needs To Become Its Own Binary
          •  
        • Kubernetes Support For Attaching uprobes In Containers
          •  
        • Building The Community
          •  
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#bpfman-csi-needs-to-become-its-own-binary","title":"bpfman-csi Needs To Become Its Own Binary","text":"
        Some of the next work items for bpfman revolve around removing the async code from the code base, make bpfman-core a rust library, and removing all the gRPC logic. Dave (@dave-tucker) is currently investigating this. One area to help out is to take the bpfman-csi thread and making it it's own binary. This may require making bpfman a bin and lib crate (which is fine, just needs a lib.rs and to be very careful about what we\u2019re exporting). Andrew (@astoycos) is starting to take a look at this.
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#kubernetes-support-for-attaching-uprobes-in-containers","title":"Kubernetes Support For Attaching uprobes In Containers","text":"
        Base support for attaching uprobes in containers is currently merged. Andre (@anfredette) pushed PR#875 for the integration with Kubernetes. The hard problems are solved, like getting the Container PID, but the current PR has some shortcuts to get the functionality working before the holiday break. So the PR#875 is not ready for review, but Dave (@dave-tucker) and Andre (@anfredette) may have a quick review to verify the design principles.
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#building-the-community","title":"Building The Community","text":"
        Short discussion on building the Community. In a previous meeting, Dave (@dave-tucker) suggested capturing the meeting minutes in blogs. By placing in a blog, they become searchable from search engines. Billy (@billy99) re-raised this topic and volunteered to start capturing the content. In future meetings, we may use the transcript feature from Google Meet to capture the content and try generating the blog via ChatGTP.
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#light-hearted-moments-and-casual-conversations","title":"Light-hearted Moments and Casual Conversations","text":"
        Amidst the technical discussions, the community members took a moment to share some light-hearted moments and casual conversations. Topics ranged from the challenges of post-holiday credit card bills to the complexities of managing family schedules during exam week. The discussion touched on the quirks of public school rules and the unique challenges of parenting during exam periods.
         
        The meeting ended on a friendly note, with plans for further collaboration and individual tasks assigned for the upcoming days. Participants expressed their commitment to pushing updates and improvements, with a promise to reconvene in the near future.
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#attendees","title":"Attendees","text":"
           
        • Andre Fredette (Red Hat)
          •  
        • Andrew Stoycos (Red Hat)
          •  
        • Billy McFall (Red Hat)
          •  
        • Dave Tucker (Red Hat)
          •  
        "},{"location":"blog/2024/01/04/community-meeting-january-4-2024/#bpfman-community-info","title":"bpfman Community Info","text":"
        A friendly reminder that the Community Meetings are every Thursday 10am-11am Eastern US Time and all are welcome!
         
        Google Meet joining info:
         
           
        • Google Meet
          •  
        • Or dial: (US) +1 984-221-0859 PIN: 613 588 790#
          •  
        • Agenda Document
          •  
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/","title":"Community Meeting: January 11 and 18, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#hit-the-ground-running","title":"Hit the Ground Running","text":"
        Another set of bpfman Community Meetings for 2024. There is a lot going on with bpfman in Q1 of 2024. Spending a lot of time making bpfman daemonless. I bailed for a ski trip after the Jan 11 meeting, so the notes didn't get written up. So this summary will include two weeks of meetings.
         
        Below were some of the discussion points from the last two weeks Community Meetings.
         
           
        • Manpage/CLI TAB Completion Questions (Jan 11)
          •  
        • Kubernetes Support for Attaching uprobes in Containers (Jan 11)
          •  
        • netify Preview in Github Removed (Jan 11)
          •  
        • RPM Builds and Socket Activation (Jan 18)
          •  
        • KubeCon EU Discussion (Jan 18)
          •  
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#january-11-2024","title":"January 11, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#manpagecli-tab-completion-questions-jan-11","title":"Manpage/CLI TAB Completion Questions (Jan 11)","text":"
        The bpfman CLI now has TAB Completion and man pages. However, a couple nits need to be cleaned up Issue#913 and Billy (@billy99) wanted to clarify a few issues encountered. The current implementation for both features  is using an environment variable to set the destination directory for the generated files. Other features don't work this way and there was a discussion on the proper location for the generated files. The decision was to use .output/..
         
        There was another discussion around clap (Rust CLI crate) and passing variables to clap from the Cargo.toml file. In the CLI code, #[command(author, version, about, long_about = None)] implies to pull the values from the Config.toml file, but we aren\u2019t setting any of those variables. Also, for cargo xtask build-man-page and cargo xtask build-completion they pull from the xtask Cargo.toml file. The decision was to set the variables implicitly in code and not pull from Cargo.toml.
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#kubernetes-support-for-attaching-uprobes-in-containers-jan-11","title":"Kubernetes Support for Attaching uprobes in Containers (Jan 11)","text":"
        Andre (@anfredette) is working on a feature to enable attaching uprobes in other Containers. Currently, bpfman only supports attaching uprobes within the bpfman container. There was a discussion on proper way to format a query to the KubeAPI server to match on NodeName on a Pod list. The discussion included so code walk through. Andrew (@astoycos) found a possible solution client-go:Issue#410 and Dave (@dave-tucker) suggested kubernetes-api:podspec-v1-core.
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#netify-preview-in-github-removed-jan-11","title":"netify Preview in Github Removed (Jan 11)","text":"
        Lastly, there was a discussion on the netify preview being removed from github and a reminder why. Dave (@dave-tucker) explained that with the docs release history now in place, \"current\" is from a branch and it is not easy to preview. So for now, document developers need to run mkdocs locally (See generate-documention).
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#attendees-jan-11","title":"Attendees (Jan 11)","text":"
           
        • Andre Fredette (Red Hat)
          •  
        • Andrew Stoycos (Red Hat)
          •  
        • Billy McFall (Red Hat)
          •  
        • Dave Tucker (Red Hat)
          •  
        • Shane Utt (Kong)
          •  
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#january-18-2024","title":"January 18, 2024","text":""},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#rpm-builds-and-socket-activation-jan-18","title":"RPM Builds and Socket Activation (Jan 18)","text":"
        RPM Builds for bpfman went in fairly recently and Billy (@billy99) had some questions around their implementation. RPM and Socket Activation were developed and merged around the same time and the RPM builds are not installing socket activation properly. Just verifying that RPMs should be installing the bpfman.socket file. And they should. There were also some questions on how to build RPMs locally. Verified that packit build locally is the way forward.
         
        Note: Socket activation was added to RPM Builds along with documentation on building and using RPMs in PR#922
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#kubecon-eu-discussion-jan-18","title":"KubeCon EU Discussion (Jan 18)","text":"
        With KubeCon EU just around the corner (March 19-22, 2024 in Paris), discussion around bpfman talks and who was attending. Dave (@dave-tucker) is probably attending and Shane (@shaneutt) might attend. So if you are planning on attending KubeCon EU and are interested in bpfman or just eBPF, keep an eye out for these guys for some lively discussions!
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#attendees-jan-18","title":"Attendees (Jan 18)","text":"
           
        • Billy McFall (Red Hat)
          •  
        • Dave Tucker (Red Hat)
          •  
        • Shane Utt (Kong)
          •  
        "},{"location":"blog/2024/01/19/community-meeting-january-11-and-18-2024/#bpfman-community-info","title":"bpfman Community Info","text":"
        A friendly reminder that the Community Meetings are every Thursday 10am-11am Eastern US Time and all are welcome!
         
        Google Meet joining info:
         
           
        • Google Meet
          •  
        • Or dial: (US) +1 984-221-0859 PIN: 613 588 790#
          •  
        • Agenda Document
          •  
        "},{"location":"design/daemonless/","title":"Daemonless bpfd","text":""},{"location":"design/daemonless/#introduction","title":"Introduction","text":"
        The bpfd daemon is a userspace daemon that runs on the host and responds to gRPC API requests over a unix socket, to load, unload and list the eBPF programs on a host.
         
        The rationale behind running as a daemon was because something needs to be listening on the unix socket for API requests, and that we also maintain some state in-memory about the programs that have been loaded. However, since this daemon requires root privileges to load and unload eBPF programs it is a security risk for this to be a long-running - even with the mitigations we have in place to drop privileges and run as a non-root user. This risk is equivalent to that of something like Docker.
         
        This document describes the design of a daemonless bpfd, which is a bpfd that runs only runs when required, for example, to load or unload an eBPF program.
        "},{"location":"design/daemonless/#design","title":"Design","text":"
        The daemonless bpfd is a single binary that collects some of the functionality from both bpfd and bpfctl.
         
        :note: Daemonless, not rootless. Since CAP_BPF (and more) is required to load and unload eBPF programs, we will still need to run as root. But at least we can run as root for a shorter period of time.
        "},{"location":"design/daemonless/#command-bpfd-system-service","title":"Command: bpfd system service","text":"
        This command will run the bpfd gRPC API server - for one or more of the gRPC API services we support.
         
        It will listen on a unix socket (or tcp socket) for API requests - provided via a positional argument, defaulting to unix:///var/run/bpfd.sock. It will shutdown after a timeout of inactivity - provided by a --timeout flag defaulting to 5 seconds.
         
        It will support being run as a systemd service, via socket activation, which will allow it to be started on demand when a request is made to the unix socket. When in this mode it will not create the unix socket itself, but will instead use LISTEN_FDS to determine the file descriptor of the unix socket to use.
         
        Usage in local development (or packaged in a container) is still possible by running as follows:
         
        sudo bpfd --timeout=0 unix:///var/run/bpfd.sock\n
         
        :note: The bpfd user and group will be deprecated. We will also remove some of the unit-file complexity (i.e directories) and handle this in bpfd itself.
        "},{"location":"design/daemonless/#command-bpfd-load-file","title":"Command: bpfd load file","text":"
        As the name suggests, this command will load an eBPF program from a file. This was formerly bpfctl load-from-file.
        "},{"location":"design/daemonless/#command-bpfd-load-image","title":"Command: bpfd load image","text":"
        As the name suggests, this command will load an eBPF program from a container image. This was formerly bpfctl load-from-image.
        "},{"location":"design/daemonless/#command-bpfd-unload","title":"Command: bpfd unload","text":"
        This command will unload an eBPF program. This was formerly bpfctl unload.
        "},{"location":"design/daemonless/#command-bpfd-list","title":"Command: bpfd list","text":"
        This command will list the eBPF programs that are currently loaded. This was formerly bpfctl list.
        "},{"location":"design/daemonless/#command-bpfd-pull","title":"Command: bpfd pull","text":"
        This command will pull the bpfd container image from a registry. This was formerly bpfctl pull.
        "},{"location":"design/daemonless/#command-bpfd-images","title":"Command: bpfd images","text":"
        This command will list the bpfd container images that are available. This command didn't exist, but makes sense to add.
        "},{"location":"design/daemonless/#command-bpfd-version","title":"Command: bpfd version","text":"
        This command will print the version of bpfd. This command didn't exist, but makes sense to add.
        "},{"location":"design/daemonless/#state-management","title":"State Management","text":"
        This is perhaps the most significant change from how bpfd currently works.
         
        Currently bpfd maintains state in-memory about the programs that have been loaded (by bpfd, and the kernel). Some of this state is flushed to disk, so if bpfd is restarted it can reconstruct it.
         
        Flushing to disk and state reconstruction is cumbersome at present and having to move all state management out of in-memory stores is a forcing function to improve this. We will replace the existing state management with sled, which gives us a familiar API to work with while also being fast, reliable and persistent.
        "},{"location":"design/daemonless/#metrics-and-monitoring","title":"Metrics and Monitoring","text":"
        While adding metrics and monitoring is not a goal of this design, it should nevertheless be a consideration. In order to provide metrics to Prometheus or OpenTelemetry we will require an additional exporter process.
         
        We can either:
         
           
        1. Use the bpfd socket and retrieve metrics via the gRPC API
          2.  
        2. Place state access + metrics gathering functions in a library, such that    they could be used directly by the exporter process without requiring the    bpfd socket.
          3.  
         
        The latter would be more inline with how podman-prometheus-exporter works. The benefit here is that, the metrics exporter process can be long running with less privileges - whereas if it were to hit the API over the socket it would effectively negate the point of being daemonless in the first place since collection will likley occur more frequently than the timeout on the socket.
        "},{"location":"design/daemonless/#benefits","title":"Benefits","text":"
        The benefits of this design are:
         
           
        • No long-running daemon with root privileges
          •  
        • No need to run as a non-root user, this is important since the number of   capabilities required is only getting larger.
          •  
        • We only need to ship a single binary.
          •  
        • We can use systemd socket activation to start bpfd on demand + timeout   after a period of inactivity.
          •  
        • Forcs us to fix state management, since we can never rely on in-memory state.
          •  
        • Bpfd becomes more modular - if we wish to add programs for runtime enforcement,   metrics, or any other purpose then it's design is decoupled from that of   bpfd. It could be another binary, or a subcommand on the CLI etc...
          •  
        "},{"location":"design/daemonless/#drawbacks","title":"Drawbacks","text":"
        None yet.
        "},{"location":"design/daemonless/#backwards-compatibility","title":"Backwards Compatibility","text":"
           
        • The bpfctl command will be removed and all functionality folded into bpfd
          •  
        • The bpfd command will be renamed to bpfd system service
          •  
        "},{"location":"developer-guide/api-spec/","title":"API Specification","text":"
        Packages:
         
           
        •  bpfman.io/v1alpha1 
          •  
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1","title":"bpfman.io/v1alpha1","text":"
         
        Package v1alpha1 contains API Schema definitions for the bpfman.io API group.
         
         
        Resource Types:
         
        •  BpfProgram 
        •  FentryProgram 
        •  FexitProgram 
        •  KprobeProgram 
        •  TcProgram 
        •  TracepointProgram 
        •  UprobeProgram 
        •  XdpProgram 
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgram","title":"BpfProgram","text":"
         
        BpfProgram is the Schema for the Bpfprograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  BpfProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  BpfProgramSpec  type  string  (Optional) 
        Type specifies the bpf program type
         status  BpfProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgram","title":"FentryProgram","text":"
         
        FentryProgram is the Schema for the FentryPrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  FentryProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  FentryProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Function to attach the fentry to.
         status  FentryProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgram","title":"FexitProgram","text":"
         
        FexitProgram is the Schema for the FexitPrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  FexitProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  FexitProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Function to attach the fexit to.
         status  FexitProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgram","title":"KprobeProgram","text":"
         
        KprobeProgram is the Schema for the KprobePrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  KprobeProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  KprobeProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Functions to attach the kprobe to.
         offset  uint64  (Optional) 
        Offset added to the address of the function for kprobe. Not allowed for kretprobes.
         retprobe  bool  (Optional) 
        Whether the program is a kretprobe.  Default is false
         status  KprobeProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgram","title":"TcProgram","text":"
         
        TcProgram is the Schema for the TcProgram API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  TcProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  TcProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         interfaceselector  InterfaceSelector  
        Selector to determine the network interface (or interfaces)
         priority  int32  
        Priority specifies the priority of the tc program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
         direction  string  
        Direction specifies the direction of traffic the tc program should attach to for a given network device.
         proceedon  []TcProceedOnValue  (Optional) 
        ProceedOn allows the user to call other tc programs in chain on this exit code. Multiple values are supported by repeating the parameter.
         status  TcProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgram","title":"TracepointProgram","text":"
         
        TracepointProgram is the Schema for the TracepointPrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  TracepointProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  TracepointProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         names  []string  
        Names refers to the names of kernel tracepoints to attach the bpf program to.
         status  TracepointProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgram","title":"UprobeProgram","text":"
         
        UprobeProgram is the Schema for the UprobePrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  UprobeProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  UprobeProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  (Optional) 
        Function to attach the uprobe to.
         offset  uint64  (Optional) 
        Offset added to the address of the function for uprobe.
         target  string  
        Library name or the absolute path to a binary or library.
         retprobe  bool  (Optional) 
        Whether the program is a uretprobe.  Default is false
         pid  int32  (Optional) 
        Only execute uprobe for given process identification number (PID). If PID is not provided, uprobe executes for all PIDs.
         containers  ContainerSelector  (Optional) 
        Containers identifes the set of containers in which to attach the uprobe. If Containers is not specified, the uprobe will be attached in the bpfman-agent container.  The ContainerSelector is very flexible and even allows the selection of all containers in a cluster.  If an attempt is made to attach uprobes to too many containers, it can have a negative impact on on the cluster.
         status  UprobeProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgram","title":"XdpProgram","text":"
         
        XdpProgram is the Schema for the XdpPrograms API
         
         Field Description apiVersion string  bpfman.io/v1alpha1  kind string  XdpProgram metadata  Kubernetes meta/v1.ObjectMeta   Refer to the Kubernetes API documentation for the fields of the metadata field.  spec  XdpProgramSpec  BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         interfaceselector  InterfaceSelector  
        Selector to determine the network interface (or interfaces)
         priority  int32  
        Priority specifies the priority of the bpf program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
         proceedon  []XdpProceedOnValue  status  XdpProgramStatus  (Optional)"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramCommon","title":"BpfProgramCommon","text":"
         (Appears on: FentryProgramSpec,  FexitProgramSpec,  KprobeProgramSpec,  TcProgramSpec,  TracepointProgramSpec,  UprobeProgramSpec,  XdpProgramSpec) 
         
         
        BpfProgramCommon defines the common attributes for all BPF programs
         
         Field Description bpffunctionname  string  
        BpfFunctionName is the name of the function that is the entry point for the BPF program
         nodeselector  Kubernetes meta/v1.LabelSelector  
        NodeSelector allows the user to specify which nodes to deploy the bpf program to.  This field must be specified, to select all nodes use standard metav1.LabelSelector semantics and make it empty.
         bytecode  BytecodeSelector  
        Bytecode configures where the bpf program\u2019s bytecode should be loaded from.
         globaldata  map[string][]byte  (Optional) 
        GlobalData allows the user to to set global variables when the program is loaded with an array of raw bytes. This is a very low level primitive. The caller is responsible for formatting the byte string appropriately considering such things as size, endianness, alignment and packing of data structures.
         mapownerselector  Kubernetes meta/v1.LabelSelector  (Optional) 
        MapOwnerSelector is used to select the loaded eBPF program this eBPF program will share a map with. The value is a label applied to the BpfProgram to select. The selector must resolve to exactly one instance of a BpfProgram on a given node or the eBPF program will not load.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramConditionType","title":"BpfProgramConditionType (string alias)","text":"
         
        BpfProgramConditionType is a condition type to indicate the status of a BPF program at the individual node level.
         
         Value Description 
        \"BytecodeSelectorError\"
         
        BpfProgCondByteCodeError indicates that an error occured when trying to process the bytecode selector.
         
        \"Loaded\"
         
        BpfProgCondLoaded indicates that the eBPF program was successfully loaded into the kernel on a specific node.
         
        \"MapOwnerNotFound\"
         
        BpfProgCondMapOwnerNotFound indicates that the eBPF program sharing a map with another eBPF program and that program does not exist.
         
        \"MapOwnerNotLoaded\"
         
        BpfProgCondMapOwnerNotLoaded indicates that the eBPF program sharing a map with another eBPF program and that program is not loaded.
         
        \"NoContainersOnNode\"
         
        BpfProgCondNoContainersOnNode indicates that there are no containers on the node that match the container selector.
         
        \"None\"
         
        None of the above conditions apply
         
        \"NotLoaded\"
         
        BpfProgCondNotLoaded indicates that the eBPF program has not yet been loaded into the kernel on a specific node.
         
        \"NotSelected\"
         
        BpfProgCondNotSelected indicates that the eBPF program is not scheduled to be loaded on a specific node.
         
        \"NotUnLoaded\"
         
        BpfProgCondUnloaded indicates that in the midst of trying to remove the eBPF program from the kernel on the node, that program has not yet been removed.
         
        \"Unloaded\"
         
        BpfProgCondUnloaded indicates that the eBPF program has been unloaded from the kernel on a specific node.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramSpec","title":"BpfProgramSpec","text":"
         (Appears on: BpfProgram) 
         
         
        BpfProgramSpec defines the desired state of BpfProgram
         
         Field Description type  string  (Optional) 
        Type specifies the bpf program type
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BpfProgramStatus","title":"BpfProgramStatus","text":"
         (Appears on: BpfProgram) 
         
         
        BpfProgramStatus defines the observed state of BpfProgram TODO Make these a fixed set of metav1.Condition.types and metav1.Condition.reasons
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the updates regarding the actual implementation of the bpf program on the node Known .status.conditions.type are: \u201cAvailable\u201d, \u201cProgressing\u201d, and \u201cDegraded\u201d
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BytecodeImage","title":"BytecodeImage","text":"
         (Appears on: BytecodeSelector) 
         
         
        BytecodeImage defines how to specify a bytecode container image.
         
         Field Description url  string  
        Valid container image URL used to reference a remote bytecode image.
         imagepullpolicy  PullPolicy  (Optional) 
        PullPolicy describes a policy for if/when to pull a bytecode image. Defaults to IfNotPresent.
         imagepullsecret  ImagePullSecretSelector  (Optional) 
        ImagePullSecret is the name of the secret bpfman should use to get remote image repository secrets.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.BytecodeSelector","title":"BytecodeSelector","text":"
         (Appears on: BpfProgramCommon) 
         
         
        BytecodeSelector defines the various ways to reference bpf bytecode objects.
         
         Field Description image  BytecodeImage  
        Image used to specify a bytecode container image.
         path  string  
        Path is used to specify a bytecode object via filepath.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ContainerSelector","title":"ContainerSelector","text":"
         (Appears on: UprobeProgramSpec) 
         
         
        ContainerSelector identifies a set of containers. For example, this can be used to identify a set of containers in which to attach uprobes.
         
         Field Description namespace  string  (Optional) 
        Target namespaces.
         pods  Kubernetes meta/v1.LabelSelector  
        Target pods. This field must be specified, to select all pods use standard metav1.LabelSelector semantics and make it empty.
         containernames  []string  (Optional) 
        Name(s) of container(s).  If none are specified, all containers in the pod are selected.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgramSpec","title":"FentryProgramSpec","text":"
         (Appears on: FentryProgram) 
         
         
        FentryProgramSpec defines the desired state of FentryProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Function to attach the fentry to.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FentryProgramStatus","title":"FentryProgramStatus","text":"
         (Appears on: FentryProgram) 
         
         
        FentryProgramStatus defines the observed state of FentryProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the FentryProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgramSpec","title":"FexitProgramSpec","text":"
         (Appears on: FexitProgram) 
         
         
        FexitProgramSpec defines the desired state of FexitProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Function to attach the fexit to.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.FexitProgramStatus","title":"FexitProgramStatus","text":"
         (Appears on: FexitProgram) 
         
         
        FexitProgramStatus defines the observed state of FexitProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the FexitProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ImagePullSecretSelector","title":"ImagePullSecretSelector","text":"
         (Appears on: BytecodeImage) 
         
         
        ImagePullSecretSelector defines the name and namespace of an image pull secret.
         
         Field Description name  string  
        Name of the secret which contains the credentials to access the image repository.
         namespace  string  
        Namespace of the secret which contains the credentials to access the image repository.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.InterfaceSelector","title":"InterfaceSelector","text":"
         (Appears on: TcProgramSpec,  XdpProgramSpec) 
         
         
        InterfaceSelector defines interface to attach to.
         
         Field Description interfaces  []string  (Optional) 
        Interfaces refers to a list of network interfaces to attach the BPF program to.
         primarynodeinterface  bool  (Optional) 
        Attach BPF program to the primary interface on the node. Only \u2018true\u2019 accepted.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgramSpec","title":"KprobeProgramSpec","text":"
         (Appears on: KprobeProgram) 
         
         
        KprobeProgramSpec defines the desired state of KprobeProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  
        Functions to attach the kprobe to.
         offset  uint64  (Optional) 
        Offset added to the address of the function for kprobe. Not allowed for kretprobes.
         retprobe  bool  (Optional) 
        Whether the program is a kretprobe.  Default is false
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.KprobeProgramStatus","title":"KprobeProgramStatus","text":"
         (Appears on: KprobeProgram) 
         
         
        KprobeProgramStatus defines the observed state of KprobeProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the KprobeProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.ProgramConditionType","title":"ProgramConditionType (string alias)","text":"
         
        ProgramConditionType is a condition type to indicate the status of a BPF program at the cluster level.
         
         Value Description 
        \"DeleteError\"
         
        ProgramDeleteError indicates that the BPF program was marked for deletion, but deletion was unsuccessful.
         
        \"NotYetLoaded\"
         
        ProgramNotYetLoaded indicates that the program in question has not yet been loaded on all nodes in the cluster.
         
        \"ReconcileError\"
         
        ProgramReconcileError indicates that an unforseen situation has occurred in the controller logic, and the controller will retry.
         
        \"ReconcileSuccess\"
         
        BpfmanProgConfigReconcileSuccess indicates that the BPF program has been successfully reconciled.
         
        TODO: we should consider removing \u201creconciled\u201d type logic from the public API as it\u2019s an implementation detail of our use of controller runtime, but not necessarily relevant to human users or integrations.
         
        See: https://github.com/bpfman/bpfman/issues/430
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.PullPolicy","title":"PullPolicy (string alias)","text":"
         (Appears on: BytecodeImage) 
         
         
        PullPolicy describes a policy for if/when to pull a container image
         
         Value Description 
        \"Always\"
         
        PullAlways means that bpfman always attempts to pull the latest bytecode image. Container will fail If the pull fails.
         
        \"IfNotPresent\"
         
        PullIfNotPresent means that bpfman pulls if the image isn\u2019t present on disk. Container will fail if the image isn\u2019t present and the pull fails.
         
        \"Never\"
         
        PullNever means that bpfman never pulls an image, but only uses a local image. Container will fail if the image isn\u2019t present
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProceedOnValue","title":"TcProceedOnValue (string alias)","text":"
         (Appears on: TcProgramSpec) 
         
         
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgramSpec","title":"TcProgramSpec","text":"
         (Appears on: TcProgram) 
         
         
        TcProgramSpec defines the desired state of TcProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         interfaceselector  InterfaceSelector  
        Selector to determine the network interface (or interfaces)
         priority  int32  
        Priority specifies the priority of the tc program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
         direction  string  
        Direction specifies the direction of traffic the tc program should attach to for a given network device.
         proceedon  []TcProceedOnValue  (Optional) 
        ProceedOn allows the user to call other tc programs in chain on this exit code. Multiple values are supported by repeating the parameter.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TcProgramStatus","title":"TcProgramStatus","text":"
         (Appears on: TcProgram) 
         
         
        TcProgramStatus defines the observed state of TcProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the TcProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgramSpec","title":"TracepointProgramSpec","text":"
         (Appears on: TracepointProgram) 
         
         
        TracepointProgramSpec defines the desired state of TracepointProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         names  []string  
        Names refers to the names of kernel tracepoints to attach the bpf program to.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.TracepointProgramStatus","title":"TracepointProgramStatus","text":"
         (Appears on: TracepointProgram) 
         
         
        TracepointProgramStatus defines the observed state of TracepointProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the TracepointProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgramSpec","title":"UprobeProgramSpec","text":"
         (Appears on: UprobeProgram) 
         
         
        UprobeProgramSpec defines the desired state of UprobeProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         func_name  string  (Optional) 
        Function to attach the uprobe to.
         offset  uint64  (Optional) 
        Offset added to the address of the function for uprobe.
         target  string  
        Library name or the absolute path to a binary or library.
         retprobe  bool  (Optional) 
        Whether the program is a uretprobe.  Default is false
         pid  int32  (Optional) 
        Only execute uprobe for given process identification number (PID). If PID is not provided, uprobe executes for all PIDs.
         containers  ContainerSelector  (Optional) 
        Containers identifes the set of containers in which to attach the uprobe. If Containers is not specified, the uprobe will be attached in the bpfman-agent container.  The ContainerSelector is very flexible and even allows the selection of all containers in a cluster.  If an attempt is made to attach uprobes to too many containers, it can have a negative impact on on the cluster.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.UprobeProgramStatus","title":"UprobeProgramStatus","text":"
         (Appears on: UprobeProgram) 
         
         
        UprobeProgramStatus defines the observed state of UprobeProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the UprobeProgram. The explicit condition types are defined internally.
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProceedOnValue","title":"XdpProceedOnValue (string alias)","text":"
         (Appears on: XdpProgramSpec) 
         
         
        "},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgramSpec","title":"XdpProgramSpec","text":"
         (Appears on: XdpProgram) 
         
         
        XdpProgramSpec defines the desired state of XdpProgram
         
         Field Description BpfProgramCommon  BpfProgramCommon  
         (Members of BpfProgramCommon are embedded into this type.) 
         interfaceselector  InterfaceSelector  
        Selector to determine the network interface (or interfaces)
         priority  int32  
        Priority specifies the priority of the bpf program in relation to other programs of the same type with the same attach point. It is a value from 0 to 1000 where lower values have higher precedence.
         proceedon  []XdpProceedOnValue"},{"location":"developer-guide/api-spec/#bpfman.io/v1alpha1.XdpProgramStatus","title":"XdpProgramStatus","text":"
         (Appears on: XdpProgram) 
         
         
        XdpProgramStatus defines the observed state of XdpProgram
         
         Field Description conditions  []Kubernetes meta/v1.Condition  
        Conditions houses the global cluster state for the XdpProgram. The explicit condition types are defined internally.
         
         Generated with gen-crd-api-reference-docs. 
        "},{"location":"developer-guide/configuration/","title":"Configuration","text":""},{"location":"developer-guide/configuration/#bpfman-configuration-file","title":"bpfman Configuration File","text":"
        bpfman looks for a configuration file to be present at /etc/bpfman/bpfman.toml. If no file is found, defaults are assumed. There is an example at scripts/bpfman.toml, similar to:
         
        [interfaces]\n  [interface.eth0]\n  xdp_mode = \"hw\" # Valid xdp modes are \"hw\", \"skb\" and \"drv\". Default: \"skb\".\n\n[signing]\nallow_unsigned = true\n\n[database]\nmax_retries = 10\nmillisec_delay = 1000\n
        "},{"location":"developer-guide/configuration/#config-section-interfaces","title":"Config Section: [interfaces]","text":"
        This section of the configuration file allows the XDP Mode for a given interface to be set. If not set, the default value of skb will be used. Multiple interfaces can be configured.
         
        [interfaces]\n  [interfaces.eth0]\n  xdp_mode = \"drv\"\n  [interfaces.eth1]\n  xdp_mode = \"hw\"\n  [interfaces.eth2]\n  xdp_mode = \"skb\"\n
         
        Valid fields:
         
           
        • xdp_mode: XDP Mode for a given interface. Valid values: [\"drv\"|\"hw\"|\"skb\"]
          •  
        "},{"location":"developer-guide/configuration/#config-section-signing","title":"Config Section: [signing]","text":"
        This section of the configuration file allows control over whether OCI packaged eBPF bytecode as container images are required to be signed via cosign or not. By default, unsigned images are allowed. See eBPF Bytecode Image Specifications for more details on building and shipping bytecode in a container image.
         
        Valid fields:
         
           
        • allow_unsigned: Flag indicating whether unsigned images are allowed or not.   Valid values: [\"true\"|\"false\"]
          •  
        "},{"location":"developer-guide/configuration/#config-section-database","title":"Config Section: [database]","text":"
        bpfman uses an embedded database to store state and persistent data on disk which can only be accessed synchronously by a single process at a time. To avoid returning database lock errors and enhance the user experience, bpfman performs retries when opening of the database. The number of retries and the time between retries is configurable.
         
        Valid fields:
         
           
        • max_retries: The number of times to retry opening the database on a given request.
          •  
        • millisec_delay: Time in milliseconds to wait between retry attempts.
          •  
        "},{"location":"developer-guide/debugging/","title":"Debugging using VSCode and lldb on a remote machine or VM","text":"
           
        1. Install code-lldb vscode extension
          2.  
        2.  
          Add a configuration to .vscode/launch.json like the following (customizing for a given system using the comment in the configuration file):
           
              {\n        \"name\": \"Remote debug bpfman\",\n        \"type\": \"lldb\",\n        \"request\": \"launch\",\n        \"program\": \"<ABSOLUTE_PATH>/github.com/bpfman/bpfman/target/debug/bpfman\", // Local path to latest debug binary.\n        \"initCommands\": [\n            \"platform select remote-linux\", // Execute `platform list` for a list of available remote platform plugins.\n            \"platform connect connect://<IP_ADDRESS_OF_VM>:8175\", // replace <IP_ADDRESS_OF_VM>\n            \"settings set target.inherit-env false\",\n        ],\n        \"env\": {\n            \"RUST_LOG\": \"debug\"\n        },\n        \"cargo\": {\n            \"args\": [\n                \"build\",\n                \"--bin=bpfman\",\n                \"--package=bpfman\"\n            ],\n            \"filter\": {\n                \"name\": \"bpfman\",\n                \"kind\": \"bin\"\n            }\n        },\n        \"cwd\": \"${workspaceFolder}\",\n    },\n
           
          3.  
        3.  
          On the VM or Server install lldb-server:
           
          dnf based OS: 
              sudo dnf install lldb\n
           
          apt based OS:
           
              sudo apt install lldb\n
           
          4.  
        4.  
          Start lldb-server on the VM or Server (make sure to do this in the ~/home directory)
           
              cd ~\n    sudo lldb-server platform --server --listen 0.0.0.0:8081\n
           
          5.  
        5.  
          Add breakpoints as needed via the vscode GUI and then hit F5 to start debugging!
           
          6.  
        "},{"location":"developer-guide/develop-operator/","title":"Developing the bpfman-operator","text":"
        This section is intended to give developer level details regarding the layout and design of the bpfman-operator. At its core the operator was implemented using the operator-sdk framework which make those docs another good resource if anything is missed here.
        "},{"location":"developer-guide/develop-operator/#high-level-design-overview","title":"High level design overview","text":"
        This repository houses two main processes, the bpfman-agent and the bpfman-operator along with CRD api definitions for BpfProgram and *Program Objects. The following diagram depicts how all these components work together to create a functioning operator.
         
        "},{"location":"developer-guide/develop-operator/#building-and-deploying","title":"Building and Deploying","text":"
        For building and deploying the bpfman-operator simply see the attached make help output.
         
        make help\n\nUsage:\n  make <target>\n\nGeneral\n  help             Display this help.\n\nLocal Dependencies\n  kustomize        Download kustomize locally if necessary.\n  controller-gen   Download controller-gen locally if necessary.\n  register-gen     Download register-gen locally if necessary.\n  informer-gen     Download informer-gen locally if necessary.\n  lister-gen       Download lister-gen locally if necessary.\n  client-gen       Download client-gen locally if necessary.\n  envtest          Download envtest-setup locally if necessary.\n  opm              Download opm locally if necessary.\n\nDevelopment\n  manifests        Generate WebhookConfiguration, ClusterRole and CustomResourceDefinition objects.\n  generate         Generate ALL auto-generated code.\n  generate-register  Generate register code see all `zz_generated.register.go` files.\n  generate-deepcopy  Generate code containing DeepCopy, DeepCopyInto, and DeepCopyObject method implementations see all `zz_generated.register.go` files.\n  generate-typed-clients  Generate typed client code\n  generate-typed-listers  Generate typed listers code\n  generate-typed-informers  Generate typed informers code\n  fmt              Run go fmt against code.\n  verify           Verify all the autogenerated code\n  test             Run Unit tests.\n  test-integration  Run Integration tests.\n  bundle           Generate bundle manifests and metadata, then validate generated files.\n  build-release-yamls  Generate the crd install bundle for a specific release version.\n\nBuild\n  build            Build bpfman-operator and bpfman-agent binaries.\n  build-images     Build bpfman, bpfman-agent, and bpfman-operator images.\n  push-images      Push bpfman, bpfman-agent, bpfman-operator images.\n  load-images-kind  Load bpfman, bpfman-agent, and bpfman-operator images into the running local kind devel cluster.\n  bundle-build     Build the bundle image.\n  bundle-push      Push the bundle image.\n  catalog-build    Build a catalog image.\n  catalog-push     Push a catalog image.\n\nCRD Deployment\n  install          Install CRDs into the K8s cluster specified in ~/.kube/config.\n  uninstall        Uninstall CRDs from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n\nVanilla K8s Deployment\n  setup-kind       Setup Kind cluster\n  deploy           Deploy bpfman-operator to the K8s cluster specified in ~/.kube/config with the csi driver initialized.\n  undeploy         Undeploy bpfman-operator from the K8s cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n  kind-reload-images  Reload locally build images into a kind cluster and restart the ds and deployment so they're picked up.\n  run-on-kind      Kind Deploy runs the bpfman-operator on a local kind cluster using local builds of bpfman, bpfman-agent, and bpfman-operator\n\nOpenshift Deployment\n  deploy-openshift  Deploy bpfman-operator to the Openshift cluster specified in ~/.kube/config.\n  undeploy-openshift  Undeploy bpfman-operator from the Openshift cluster specified in ~/.kube/config. Call with ignore-not-found=true to ignore resource not found errors during deletion.\n
        "},{"location":"developer-guide/develop-operator/#project-layout","title":"Project Layout","text":"
        The bpfman-operator project layout is guided by the recommendations from both the operator-sdk framework and the standard golang project-layout. The following is a brief description of the main directories under bpfman-operator/ and their contents.
         
        NOTE: Bolded directories contain auto-generated code
         
           
        • apis/v1alpha1/*_types.go: Contains the K8s CRD api definitions (*_types.go) for each version.
          •  
        • apis/v1alpha1/zz_generated.*.go: Contains the auto-generated register (zz_generate.register.go)   and deepcopy (zz_generated.deepcopy.go) methods.
          •  
        • bundle/: Contains the OLM bundle manifests and metadata for the operator.   More details can be found in the operator-sdk documentation.
          •  
        • cmd/: Contains the main entry-points for the bpfman-operator and bpfman-agent processes.
          •  
        • config/: Contains the configuration files for launching the bpfman-operator on a cluster.
             
          • bpfman-deployment/: Contains static deployment yamls for the bpfman-daemon, this includes two containers,   one for bpfman and the other for the bpfman-agent.   This DaemonSet yaml is NOT deployed statically by kustomize, instead it's statically copied into the operator   image which is then responsible for deploying and configuring the bpfman-daemon DaemonSet.   Lastly, this directory also contains the default config used to configure the bpfman-daemon, along with the   cert-manager certificates used to encrypt communication between the bpfman-agent and bpfman.
            •  
          • bpfman-operator-deployment/: Contains the static deployment yaml for the bpfman-operator.   This is deployed statically by kustomize.
            •  
          • crd/: Contains the CRD manifests for all of the bpfman-operator APIs.
               
            • bases/: Is where the actual CRD definitions are stored. These definitions are auto-generated by controller-gen.
              •  
            • patches/: Contains kustomize patch files for each Program Type, which enables a conversion webhook for    the CRD and adds a directive for certmanager to inject CA into the CRD.
              •  
             
            •  
          • default/: Contains the default deployment configuration for the bpfman-operator.
            •  
          • manifests/: Contains the bases for generating OLM manifests.
            •  
          • openshift/: Contains the Openshift specific deployment configuration for the bpfman-operator.
            •  
          • prometheus/: Contains the prometheus manifests used to deploy Prometheus to a cluster.   At the time of writing this the bpfman-operator is NOT exposing any metrics to prometheus, but this is a future goal.
            •  
          • rbac/: Contains rbac yamls for getting bpfman and the bpfman-operator up and running on Kubernetes.
               
            • bpfman-agent/: Contains the rbac yamls for the bpfman-agent. They are automatically generated by kubebuilder via build tags in the bpfman-agent controller code.
              •  
            • bpfman-operator/: Contains the rbac yamls for the bpfman-operator. They are automatically generated by kubebuilder via build tags in the bpfman-operator controller code.
              •  
             
            •  
          • samples/: Contains sample CR definitions that can be deployed by users for each of our supported APIs.
            •  
          • scorecard/: Contains the scorecard manifests used to deploy scorecard to a cluster. At the time of writing   this the bpfman-operator is NOT running any scorecard tests.
            •  
          • test/: Contains the test manifests used to deploy the bpfman-operator to a kind cluster for integration testing.
            •  
           
          •  
        • controllers/: Contains the controller implementations for all of the bpfman-operator APIs.   Each controller is responsible for reconciling the state of the cluster with the desired state defined by the user.   This is where the source of truth for the auto-generated RBAC can be found, keep an eye out for   //+kubebuilder:rbac:groups=bpfman.io comment tags.
             
          • bpfmanagent/: Contains the controller implementations which reconcile user created *Program types to multiple   BpfProgram objects.
            •  
          • bpfmanoperator/: Contains the controller implementations which reconcile global BpfProgram object state back to   the user by ensuring the user created *Program objects are reporting the correct status.
            •  
           
          •  
        • hack/: Contains any scripts+static files used by the bpfman-operator to facilitate development.
          •  
        • internal/: Contains all private library code and is used by the bpfman-operator and bpfman-agent controllers.
          •  
        • pkg/: Contains all public library code this is consumed externally and internally.
             
          • client/: Contains the autogenerated clientset, informers and listers for all of the bpfman-operator APIs.   These are autogenerated by the k8s.io/code-generator project,   and can be consumed by users wishing to programmatically interact with bpfman specific APIs.
            •  
          • helpers/: Contains helper functions which can be consumed by users wishing to programmatically interact with   bpfman specific APIs.
            •  
           
          •  
        • test/integration/: Contains integration tests for the bpfman-operator.   These tests are run against a kind cluster and are responsible for testing the bpfman-operator in a real cluster   environment.   It uses the kubernetes-testing-framework project to   programmatically spin-up all of the required infrastructure for our unit tests.
          •  
        • Makefile: Contains all of the make targets used to build, test, and generate code used by the bpfman-operator.
          •  
        "},{"location":"developer-guide/develop-operator/#rpc-protobuf-generation","title":"RPC Protobuf Generation","text":"
        Technically part of the bpfman API, the RPC Protobufs are usually not coded until a bpfman feature is integrated into the bpfman-operator and bpfman-agent code. To modify the RPC Protobuf definition, edit proto/bpfman.proto. Then to generate the protobufs from the updated RPC Protobuf definitions:
         
        cd bpfman/\ncargo xtask build-proto\n
         
        This will generate:
         
           
        • bpfman-api/src/bpfman.v1.rs: Generated Rust Protobuf source code.
          •  
        • clients/gobpfman/v1/: Directory that contains the generated Go Client code for interacting   with bpfman over RPC from a Go application.
          •  
         
        When editing  proto/bpfman.proto, follow best practices describe in Proto Best Practices.
         
        Note: cargo xtask build-proto also pulls in  proto/csi.proto (which is in the same directory as proto/bpfman.proto). proto/csi.proto is taken from container-storage-interface/spec/csi.proto. See container-storage-interface/spec/spec.md for more details.
        "},{"location":"developer-guide/develop-operator/#generated-files","title":"Generated Files","text":"
        The operator-sdk framework will generate multiple categories of files (Custom Resource Definitions (CRD), RBAC ClusterRole, Webhook Configuration, typed client, listeners and informers code, etc). If any of the bpfman-operator/apis/v1alpha1/*Program_types.go files are modified, then regenerate these files using:
         
        cd bpfman/bpfman-operator/\nmake generate\n
         
        This command will generate all auto-generated code. There are commands to generate each sub-category if needed. See make help to list all the generate commands.
        "},{"location":"developer-guide/develop-operator/#building","title":"Building","text":"
        To run in Kubernetes, bpfman components need to be containerized. However, building container images can take longer than just building the code. During development, it may be quicker to find and fix build errors by just building the code. To build the code:
         
        cd bpfman/bpfman-operator/\nmake build\n
         
        To build the container images, run the following command:
         
        cd bpfman/bpfman-operator/\nmake build-images\n
         
        If the make build command is skipped above, the code will be built in the build-images command. If the make build command is run, the built code will be leveraged in this step. This command generates the following images:
         
        docker images\nREPOSITORY                       TAG      IMAGE ID       CREATED          SIZE\nquay.io/bpfman/bpfman            latest   69df038ccea3   43 seconds ago   515MB\nquay.io/bpfman/bpfman-agent      latest   f6af33c5925b   2 minutes ago    464MB\nquay.io/bpfman/bpfman-operator   latest   4fe444b7abf1   2 minutes ago    141MB\n:\n
        "},{"location":"developer-guide/develop-operator/#running-locally-in-kind","title":"Running Locally in KIND","text":"
        Deploying the bpfman-operator goes into more detail on ways to launch bpfman in a Kubernetes cluster. To run locally in a Kind cluster with an up to date build simply run:
         
        cd bpfman/bpfman-operator/\nmake run-on-kind\n
         
        The make run-on-kind will run the make build-images if the images do not exist or need updating.
         
        Then rebuild and load a fresh build run:
         
        cd bpfman/bpfman-operator/\nmake build-images\nmake kind-reload-images\n
         
        Which will rebuild the bpfman-operator, bpfman-agent, and bpfman images and load them into the kind cluster.
         
        By default, the make run-on-kind uses the quay.io/bpfman/bpfman* images described above. The container images used for bpfman, bpfman-agent, and bpfman-operator can also be manually configured:
         
        BPFMAN_IMG=<your/image/url> BPFMAN_AGENT_IMG=<your/image/url> BPFMAN_OPERATOR_IMG=<your/image/url> make run-on-kind\n
        "},{"location":"developer-guide/develop-operator/#testing-locally","title":"Testing Locally","text":"
        See Kubernetes Operator Tests. 
        "},{"location":"developer-guide/develop-operator/#troubleshooting","title":"Troubleshooting","text":""},{"location":"developer-guide/develop-operator/#metricshealth-port-issues","title":"Metrics/Health port issues","text":"
        In some scenarios, the health and metric ports may are already in use by other services on the system. When this happens the bpfman-agent container fails to deploy. The ports currently default to 8175 and 8174.
         
        The ports are passed in through the daemonset.yaml for the bpfman-daemon and deployment.yaml and manager_auth_proxy_patch.yaml for the bpfman-operator. The easiest way to change which ports are used is to update these yaml files and rebuild the container images. The container images need to be rebuilt because the bpfman-daemon is deployed from the bpfman-operator and the associated yaml files are copied into the bpfman-operator image.
         
        If rebuild the container images is not desirable, then the ports can be changed on the fly. For the bpfman-operator, the ports can be updated by editing the bpfman-operator Deployment.
         
        kubectl edit deployment -n bpfman bpfman-operator\n\napiVersion: apps/v1\nkind: Deployment\n:\nspec:\n  template:\n  :\n  spec:\n    containers:\n    -args:\n      - --secure-listen-address=0.0.0.0:8443\n      - --upstream=http://127.0.0.1:8174/        <-- UPDATE\n      - --logtostderr=true\n      - --v=0\n      name: kube-rbac-proxy\n      :\n    - args:\n      - --health-probe-bind-address=:8175        <-- UPDATE\n      - --metrics-bind-address=127.0.0.1:8174    <-- UPDATE\n      - --leader-elect\n      :\n      livenessProbe:\n          failureThreshold: 3\n          httpGet:\n            path: /healthz\n            port: 8175                           <-- UPDATE\n            scheme: HTTP\n            :\n      name: bpfman-operator\n      readinessProbe:\n          failureThreshold: 3\n          httpGet:\n            path: /readyz\n            port: 8175                           <-- UPDATE\n            scheme: HTTP\n      :\n
         
        For the bpfman-daemon, the ports could be updated by editing the bpfman-daemon DaemonSet. However, if bpfman-daemon is restarted for any reason by the bpfman-operator, the changes will be lost. So it is recommended to update the ports for the bpfman-daemon via the bpfman bpfman-config ConfigMap.
         
        kubectl edit configmap -n bpfman bpfman-config\n\napiVersion: v1\ndata:\n  bpfman.agent.healthprobe.addr: :8175                    <-- UPDATE\n  bpfman.agent.image: quay.io/bpfman/bpfman-agent:latest\n  bpfman.agent.log.level: info\n  bpfman.agent.metric.addr: 127.0.0.1:8174                <-- UPDATE\n  bpfman.image: quay.io/bpfman/bpfman:latest\n  bpfman.log.level: debug\nkind: ConfigMap\n:\n
        "},{"location":"developer-guide/documentation/","title":"Documentation","text":"
        This section describes how to modify the related documentation around bpfman. All bpfman's documentation is written in Markdown, and leverages mkdocs to generate a static site, which is hosted on netlify.
         
        If this is the first time building using mkdocs, jump to the Development Environment Setup section for help installing the tooling.
        "},{"location":"developer-guide/documentation/#documentation-notes","title":"Documentation Notes","text":"
        This section describes some notes on the dos and don'ts when writing documentation.
        "},{"location":"developer-guide/documentation/#website-management","title":"Website Management","text":"
        The headings and layout of the website, as well as other configuration settings, are managed from the mkdocs.yml file in the project root directory.
        "},{"location":"developer-guide/documentation/#markdown-style","title":"Markdown Style","text":"
        When writing documentation via a Markdown file, the following format has been followed:
         
           
        • Text on a given line should not exceed 100 characters, unless it's example syntax or a link   that should be broken up.
          •  
        • Each new sentence should start on a new line.   That way, if text needs to be inserted, whole paragraphs don't need to be adjusted.
          •  
        • Links to other markdown files are relative to the file the link is placed in.
          •  
        "},{"location":"developer-guide/documentation/#governance-files","title":"Governance Files","text":"
        There are a set of well known governance files that are typically placed in the root directory of most projects, like README.md, MAINTAINERS.md, CONTRIBUTING.md, etc. mkdocs expects all files used in the static website to be located under a common directory, docs/ for bpfman. To reference the governance files from the static website, a directory (docs/governance/) was created with a file for each governance file, the only contains --8<-- and the file name. This indicates to mkdocs to pull the additional file from the project root directory.
         
        For example: docs/governance/MEETINGS.md
         
        NOTE: This works for the website generation, but if a Markdown file is viewed through   Github (not the website), the link is broken.   So these files should only be linked from docs/index.md and mkdocs.yml.
        "},{"location":"developer-guide/documentation/#docsdeveloper-guideapi-specmd","title":"docs/developer-guide/api-spec.md","text":"
        The file docs/developer-guide/api-spec.md documents the CRDs used in a Kubernetes deployment. The contents are auto-generated when PRs are pushed to Github.
         
        The contents can be generated locally by running the command make -C bpfman-operator apidocs.html from the root bpfman directory.
        "},{"location":"developer-guide/documentation/#generate-documentation","title":"Generate Documentation","text":"
        If you would like to test locally, build and preview the generated documentation, from the bpfman root directory, use mkdocs to build:
         
        cd bpfman/\nmkdocs build\n
         
        NOTE: If mkdocs build gives you an error, make sure you have the mkdocs packages listed below installed.
         
        To preview from a build on a local machine, start the mkdocs dev-server with the command below, then open up http://127.0.0.1:8000/ in your browser, and you'll see the default home page being displayed:
         
        mkdocs serve\n
         
        To preview from a build on a remote machine, start the mkdocs dev-server with the command below, then open up http://<ServerIP>:8000/ in your browser, and you'll see the default home page being displayed:
         
        mkdocs serve -a 0.0.0.0:8000\n
        "},{"location":"developer-guide/documentation/#development-environment-setup","title":"Development Environment Setup","text":"
        The recommended installation method is using pip.
         
        pip install -r requirements.txt \n
         
        Once installed, ensure the mkdocs is in your PATH:
         
        mkdocs -V\nmkdocs, version 1.4.3 from /home/$USER/.local/lib/python3.11/site-packages/mkdocs (Python 3.11)\n
         
        NOTE: If you have an older version of mkdocs installed, you may need to use the --upgrade option (e.g., pip install --upgrade mkdocs) to get it to work.
        "},{"location":"developer-guide/documentation/#document-images","title":"Document Images","text":"
        Source of images used in the example documentation can be found in bpfman Upstream Images. Request access if required.
        "},{"location":"developer-guide/image-build/","title":"bpfman Container Images","text":"
        Container images for the bpfman binaries are automatically built and pushed to quay.io/bpfman whenever code is merged into the main branch of the github.com/bpfman/bpfman repository under the :latest tag.
        "},{"location":"developer-guide/image-build/#building-the-images-locally","title":"Building the images locally","text":""},{"location":"developer-guide/image-build/#bpfman","title":"bpfman","text":"
        docker build -f /Containerfile.bpfman . -t bpfman:local\n
        "},{"location":"developer-guide/image-build/#running-locally-in-container","title":"Running locally in container","text":""},{"location":"developer-guide/image-build/#bpfman_1","title":"bpfman","text":"
        sudo docker run --init --privileged --net=host -v /etc/bpfman/certs/:/etc/bpfman/certs/ -v /sys/fs/bpf:/sys/fs/bpf quay.io/bpfman/bpfman:latest\n
        "},{"location":"developer-guide/linux-capabilities/","title":"Linux Capabilities","text":"
        Linux divides the privileges traditionally associated with superuser into distinct units, known as capabilities, which can be independently enabled and disabled. Capabilities are a per-thread attribute. See capabilities man-page.
         
        When bpfman is run as a systemd service, the set of linux capabilities are restricted to only the required set of capabilities via the bpfman.service file using the AmbientCapabilities and CapabilityBoundingSet fields (see bpfman.service). All spawned threads are stripped of all capabilities, removing all sudo privileges (see drop_linux_capabilities() usage), leaving only the main thread with only the needed set of capabilities.
        "},{"location":"developer-guide/linux-capabilities/#current-bpfman-linux-capabilities","title":"Current bpfman Linux Capabilities","text":"
        Below are the current set of Linux capabilities required by bpfman to operate:
         
           
        • CAP_BPF:
             
          • Required to load BPF programs and create BPF maps.
            •  
           
          •  
        • CAP_DAC_READ_SEARCH:
             
          • Required by Tracepoint programs, needed by aya to check the tracefs mount point.   For example, trying to read \"/sys/kernel/tracing\" and \"/sys/kernel/debug/tracing\".
            •  
           
          •  
        • CAP_NET_ADMIN:
             
          • Required for TC programs to attach/detach to/from a qdisc.
            •  
           
          •  
        • CAP_SETPCAP:
             
          • Required to allow bpfman to drop Linux Capabilities on spawned threads.
            •  
           
          •  
        • CAP_SYS_ADMIN: 
             
          • Kprobe (Kprobe and Uprobe) and Tracepoint programs are considered perfmon programs and require CAP_PERFMON and CAP_SYS_ADMIN to load.
            •  
          • TC and XDP programs are considered admin programs and require CAP_NET_ADMIN and CAP_SYS_ADMIN to load.
            •  
           
          •  
        • CAP_SYS_RESOURCE:
             
          • Required by bpfman to call setrlimit() on RLIMIT_MEMLOCK.
            •  
           
          •  
        "},{"location":"developer-guide/linux-capabilities/#debugging-linux-capabilities","title":"Debugging Linux Capabilities","text":"
        As new features are added, the set of Linux capabilities required by bpfman may change over time. The following describes the steps to determine the set of capabilities required by bpfman. If there are any Permission denied (os error 13) type errors when starting or running bpfman as a systemd service, adjusting the linux capabilities is a good place to start.
        "},{"location":"developer-guide/linux-capabilities/#determine-required-capabilities","title":"Determine Required Capabilities","text":"
        The first step is to turn all capabilities on and see if that fixes the problem. This can be done without recompiling the code by editing bpfman.service. Comment out the finite list of granted capabilities and set to ~,  which indicates all capabilities.
         
        sudo vi /usr/lib/systemd/system/bpfman.service\n:\n[Service]\n:\nAmbientCapabilities=~\nCapabilityBoundingSet=~\n#AmbientCapabilities=CAP_BPF CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_RESOURCE\n#CapabilityBoundingSet=CAP_BPF CAP_DAC_OVERRIDE CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SETPCAP CAP_SYS_ADMIN CAP_SYS_RESOURCE\n
         
        Reload the service file and start/restart bpfman and watch the bpfman logs and see if the problem is resolved:
         
        sudo systemctl daemon-reload\nsudo systemctl start bpfman\n
         
        If so, then the next step is to watch the set of capabilities being requested by bpfman. Run the bcc capable tool to watch capabilities being requested real-time and restart bpfman:
         
        $ sudo /usr/share/bcc/tools/capable\nTIME      UID    PID    COMM             CAP  NAME                 AUDIT\n:\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  979    75553  tokio-runtime-w  8    CAP_SETPCAP          1\n16:36:00  0      616    systemd-journal  19   CAP_SYS_PTRACE       1\n16:36:00  0      616    systemd-journal  19   CAP_SYS_PTRACE       1\n16:36:00  979    75550  bpfman             24   CAP_SYS_RESOURCE     1\n16:36:00  979    75550  bpfman             1    CAP_DAC_OVERRIDE     1\n16:36:00  979    75550  bpfman             21   CAP_SYS_ADMIN        1\n16:36:00  979    75550  bpfman             21   CAP_SYS_ADMIN        1\n16:36:00  0      75555  modprobe         16   CAP_SYS_MODULE       1\n16:36:00  0      628    systemd-udevd    2    CAP_DAC_READ_SEARCH  1\n16:36:00  0      75556  bpf_preload      24   CAP_SYS_RESOURCE     1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      39   CAP_BPF              1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n16:36:00  0      75556  bpf_preload      38   CAP_PERFMON          1\n:\n
         
        Compare the output to list in bpfman.service and determine the delta.
        "},{"location":"developer-guide/linux-capabilities/#determine-capabilities-per-thread","title":"Determine Capabilities Per Thread","text":"
        For additional debugging, it may be helpful to know the granted capabilities on a per thread basis. As mentioned above, all spawned threads are stripped of all Linux capabilities, so if a thread is requesting a capability, that functionality should be moved off the spawned thread and onto the main thread.
         
        First, determine the bpfman process id, then determine the set of threads:
         
        $ ps -ef | grep bpfman\n:\nbpfman       75550       1  0 16:36 ?        00:00:00 /usr/sbin/bpfman\n:\n\n$ ps -T -p 75550\n    PID    SPID TTY          TIME CMD\n  75550   75550 ?        00:00:00 bpfman\n  75550   75551 ?        00:00:00 tokio-runtime-w\n  75550   75552 ?        00:00:00 tokio-runtime-w\n  75550   75553 ?        00:00:00 tokio-runtime-w\n  75550   75554 ?        00:00:00 tokio-runtime-w\n
         
        Then dump the capabilities of each thread:
         
        $ grep Cap /proc/75550/status\nCapInh: 000000c001201106\nCapPrm: 000000c001201106\nCapEff: 000000c001201106\nCapBnd: 000000c001201106\nCapAmb: 000000c001201106\n\n$ grep Cap /proc/75551/status\nCapInh: 0000000000000000\nCapPrm: 0000000000000000\nCapEff: 0000000000000000\nCapBnd: 0000000000000000\nCapAmb: 0000000000000000\n\n$ grep Cap /proc/75552/status\nCapInh: 0000000000000000\nCapPrm: 0000000000000000\nCapEff: 0000000000000000\nCapBnd: 0000000000000000\nCapAmb: 0000000000000000\n\n:\n\n$ capsh --decode=000000c001201106\n0x000000c001201106=cap_dac_override,cap_dac_read_search,cap_setpcap,cap_net_admin,cap_sys_admin,cap_sys_resource,cap_perfmon,cap_bpf\n
        "},{"location":"developer-guide/linux-capabilities/#removing-cap_bpf-from-bpfman-clients","title":"Removing CAP_BPF from bpfman Clients","text":"
        One of the advantages of using bpfman is that it is doing all the loading and unloading of eBPF programs, so it requires CAP_BPF, but clients of bpfman are just making gRPC calls to bpfman, so they do not need to be privileged or require CAP_BPF. It must be noted that this is only true for kernels 5.19 or higher. Prior to kernel 5.19, all eBPF sys calls required CAP_BPF, which are used to access maps shared between the BFP program and the userspace program. In kernel 5.19, a change went in that only requires CAP_BPF for map creation (BPF_MAP_CREATE) and loading programs (BPF_PROG_LOAD). See bpf: refine kernel.unprivileged_bpf_disabled behaviour.
        "},{"location":"developer-guide/logging/","title":"Logging","text":"
        This section describes how to enable logging in different bpfman deployments.
        "},{"location":"developer-guide/logging/#local-privileged-bpfman-process","title":"Local Privileged Bpfman Process","text":"
        bpfman uses the env_logger crate to log messages to the terminal. By default, only error messages are logged, but that can be overwritten by setting the RUST_LOG environment variable. Valid values:
         
           
        • error
          •  
        • warn
          •  
        • info
          •  
        • debug
          •  
        • trace
          •  
         
        Example:
         
        $ sudo RUST_LOG=info /usr/local/bin/bpfman\n[2022-08-08T20:29:31Z INFO  bpfman] Log using env_logger\n[2022-08-08T20:29:31Z INFO  bpfman::server] Loading static programs from /etc/bpfman/programs.d\n[2022-08-08T20:29:31Z INFO  bpfman::server::bpf] Map veth12fa8e3 to 13\n[2022-08-08T20:29:31Z INFO  bpfman::server] Listening on [::1]:50051\n[2022-08-08T20:29:31Z INFO  bpfman::server::bpf] Program added: 1 programs attached to veth12fa8e3\n[2022-08-08T20:29:31Z INFO  bpfman::server] Loaded static program pass with UUID d9fd88df-d039-4e64-9f63-19f3e08915ce\n
        "},{"location":"developer-guide/logging/#systemd-service","title":"Systemd Service","text":"
        If bpfman is running as a systemd service, then bpfman will log to journald. As with env_logger, by default, info and higher messages are logged, but that can be overwritten by setting the RUST_LOG environment variable.
         
        Example:
         
        sudo vi /usr/lib/systemd/system/bpfman.service\n[Unit]\nDescription=Run bpfman as a service\nDefaultDependencies=no\nAfter=network.target\n\n[Service]\nEnvironment=\"RUST_LOG=Info\"    <==== Set Log Level Here\nExecStart=/usr/sbin/bpfman system service\nAmbientCapabilities=CAP_BPF CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SYS_ADMIN CAP_SYS_RESOURCE\nCapabilityBoundingSet=CAP_BPF CAP_DAC_READ_SEARCH CAP_NET_ADMIN CAP_PERFMON CAP_SYS_ADMIN CAP_SYS_RESOURCE\n
         
        Start the service:
         
        sudo systemctl daemon-reload\nsudo systemctl start bpfman.service\n
         
        Check the logs:
         
        $ sudo journalctl -f -u bpfman\nAug 08 16:25:04 ebpf03 systemd[1]: Started bpfman.service - Run bpfman as a service.\nAug 08 16:25:04 ebpf03 bpfman[180118]: Log using journald\nAug 08 16:25:04 ebpf03 bpfman[180118]: Loading static programs from /etc/bpfman/programs.d\nAug 08 16:25:04 ebpf03 bpfman[180118]: Map veth12fa8e3 to 13\nAug 08 16:25:04 ebpf03 bpfman[180118]: Listening on [::1]:50051\nAug 08 16:25:04 ebpf03 bpfman[180118]: Program added: 1 programs attached to veth12fa8e3\nAug 08 16:25:04 ebpf03 bpfman[180118]: Loaded static program pass with UUID a3ffa14a-786d-48ad-b0cd-a4802f0f10b6\n
         
        Stop the service:
         
        sudo systemctl stop bpfman.service\n
        "},{"location":"developer-guide/logging/#kubernetes-deployment","title":"Kubernetes Deployment","text":"
        When bpfman is run in a Kubernetes deployment, there is the bpfman Daemonset that runs on every node and the bpd Operator that runs on the control plane:
         
        kubectl get pods -A\nNAMESPACE            NAME                                                    READY   STATUS    RESTARTS   AGE\nbpfman                 bpfman-daemon-dgqzw                                       2/2     Running   0          3d22h\nbpfman                 bpfman-daemon-gqsgd                                       2/2     Running   0          3d22h\nbpfman                 bpfman-daemon-zx9xr                                       2/2     Running   0          3d22h\nbpfman                 bpfman-operator-7fbf4888c4-z8w76                          2/2     Running   0          3d22h\n:\n
        "},{"location":"developer-guide/logging/#bpfman-daemonset","title":"bpfman Daemonset","text":"
        bpfman and bpfman-agent are running in the bpfman daemonset.
        "},{"location":"developer-guide/logging/#view-logs","title":"View Logs","text":"
        To view the bpfman logs:
         
        kubectl logs -n bpfman bpfman-daemon-dgqzw -c bpfman\n[2023-05-05T14:41:26Z INFO  bpfman] Log using env_logger\n[2023-05-05T14:41:26Z INFO  bpfman] Has CAP_BPF: false\n[2023-05-05T14:41:26Z INFO  bpfman] Has CAP_SYS_ADMIN: true\n:\n
         
        To view the bpfman-agent logs:
         
        kubectl logs -n bpfman bpfman-daemon-dgqzw -c bpfman-agent\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"controller-runtime.metrics\",\"msg\":\"Metrics server is starting to listen\",\"addr\":\":8174\"}\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"setup\",\"msg\":\"Waiting for active connection to bpfman\"}\n{\"level\":\"info\",\"ts\":\"2023-12-20T20:15:34Z\",\"logger\":\"setup\",\"msg\":\"starting Bpfman-Agent\"}\n:\n
        "},{"location":"developer-guide/logging/#change-log-level","title":"Change Log Level","text":"
        To change the log level of the agent or daemon, edit the bpfman-config ConfigMap. The bpfman-operator will detect the change and restart the bpfman daemonset with the updated values.
         
        kubectl edit configmaps -n bpfman bpfman-config\napiVersion: v1\ndata:\n  bpfman.agent.image: quay.io/bpfman/bpfman-agent:latest\n  bpfman.image: quay.io/bpfman/bpfman:latest\n  bpfman.log.level: info                     <==== Set bpfman Log Level Here\n  bpfman.agent.log.level: info               <==== Set bpfman agent Log Level Here\nkind: ConfigMap\nmetadata:\n  creationTimestamp: \"2023-05-05T14:41:19Z\"\n  name: bpfman-config\n  namespace: bpfman\n  resourceVersion: \"700803\"\n  uid: 0cc04af4-032c-4712-b824-748b321d319b\n
         
        Valid values for the daemon (bpfman.log.level) are:
         
           
        • error
          •  
        • warn
          •  
        • info
          •  
        • debug
          •  
        • trace
          •  
         
        trace can be very verbose. More information can be found regarding Rust's env_logger here.
         
        Valid values for the agent (bpfman.agent.log.level) are:
         
           
        • info
          •  
        • debug
          •  
        • trace
          •  
        "},{"location":"developer-guide/logging/#bpfman-operator","title":"bpfman Operator","text":"
        The bpfman Operator is running as a Deployment with a ReplicaSet of one. It runs with the containers bpfman-operator and kube-rbac-proxy.
        "},{"location":"developer-guide/logging/#view-logs_1","title":"View Logs","text":"
        To view the bpfman-operator logs:
         
        kubectl logs -n bpfman bpfman-operator-7fbf4888c4-z8w76 -c bpfman-operator\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"logger\":\"controller-runtime.metrics\",\"msg\":\"Metrics server is starting to listen\",\"addr\":\"127.0.0.1:8174\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"logger\":\"setup\",\"msg\":\"starting manager\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting server\",\"kind\":\"health probe\",\"addr\":\"[::]:8175\"}\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting server\",\"path\":\"/metrics\",\"kind\":\"metrics\",\"addr\":\"127.0.0.1:8174\"}\nI0509 18:37:11.262885       1 leaderelection.go:248] attempting to acquire leader lease bpfman/8730d955.bpfman.io...\nI0509 18:37:11.268918       1 leaderelection.go:258] successfully acquired lease bpfman/8730d955.bpfman.io\n{\"level\":\"info\",\"ts\":\"2023-05-09T18:37:11Z\",\"msg\":\"Starting EventSource\",\"controller\":\"configmap\",\"controllerGroup\":\"\",\"controllerKind\":\"ConfigMap\",\"source\":\"kind source: *v1.ConfigMap\"}\n:\n
         
        To view the kube-rbac-proxy logs:
         
        kubectl logs -n bpfman bpfman-operator-7fbf4888c4-z8w76 -c kube-rbac-proxy\nI0509 18:37:11.063386       1 main.go:186] Valid token audiences: \nI0509 18:37:11.063485       1 main.go:316] Generating self signed cert as no cert is provided\nI0509 18:37:11.955256       1 main.go:366] Starting TCP socket on 0.0.0.0:8443\nI0509 18:37:11.955849       1 main.go:373] Listening securely on 0.0.0.0:8443\n
        "},{"location":"developer-guide/logging/#change-log-level_1","title":"Change Log Level","text":"
        To change the log level, edit the bpfman-operator Deployment. The change will get detected and the bpfman operator pod will get restarted with the updated log level.
         
        kubectl edit deployment -n bpfman bpfman-operator\napiVersion: apps/v1\nkind: Deployment\nmetadata:\n  annotations:\n    deployment.kubernetes.io/revision: \"1\"\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"apps/v1\",\"kind\":\"Deployment\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/component\":\"manager\",\"app.kubernetes.io/create>\n  creationTimestamp: \"2023-05-09T18:37:08Z\"\n  generation: 1\n:\nspec:\n:\n  template:\n    metadata:\n:\n    spec:\n      containers:\n      - args:\n:\n      - args:\n        - --health-probe-bind-address=:8175\n        - --metrics-bind-address=127.0.0.1:8174\n        - --leader-elect\n        command:\n        - /bpfman-operator\n        env:\n        - name: GO_LOG\n          value: info                   <==== Set Log Level Here\n        image: quay.io/bpfman/bpfman-operator:latest\n        imagePullPolicy: IfNotPresent\n:\n
         
        Valid values are:
         
           
        • error
          •  
        • info
          •  
        • debug
          •  
        • trace
          •  
        "},{"location":"developer-guide/operator-quick-start/","title":"Deploying the bpfman-operator","text":"
        The bpfman-operator repository exists in order to deploy and manage bpfman within a Kubernetes cluster. This operator was built utilizing some great tooling provided by the operator-sdk library. A great first step in understanding some of the functionality can be to just run make help.
        "},{"location":"developer-guide/operator-quick-start/#deploy-bpfman-operation","title":"Deploy bpfman Operation","text":"
        The bpfman-operator is running as a Deployment with a ReplicaSet of one. It runs on the control plane and is composed of the containers bpfman-operator and kube-rbac-proxy. The operator is responsible for launching the bpfman Daemonset, which runs on every node. The bpfman Daemonset is composed of the containers bpfman, bpfman-agent, and node-driver-registrar.
        "},{"location":"developer-guide/operator-quick-start/#deploy-locally-via-kind","title":"Deploy Locally via KIND","text":"
        After reviewing the possible make targets it's quick and easy to get bpfman deployed locally on your system via a KIND cluster with:
         
        cd bpfman/bpfman-operator\nmake run-on-kind\n
         
        NOTE: By default, bpfman-operator deploys bpfman with CSI enabled. CSI requires Kubernetes v1.26 due to a PR (kubernetes/kubernetes#112597) that addresses a gRPC Protocol Error that was seen in the CSI client code and it doesn't appear to have been backported. It is recommended to install kind v0.20.0 or later.
        "},{"location":"developer-guide/operator-quick-start/#deploy-to-openshift-cluster","title":"Deploy To Openshift Cluster","text":"
        First deploy the operator with one of the following two options:
        "},{"location":"developer-guide/operator-quick-start/#1-manually-with-kustomize","title":"1. Manually with Kustomize","text":"
        To install manually with Kustomize and raw manifests simply run the following commands. The Openshift cluster needs to be up and running and specified in ~/.kube/config file.
         
        cd bpfman/bpfman-operator\nmake deploy-openshift\n
         
        Which can then be cleaned up at a later time with:
         
        make undeploy-openshift\n
        "},{"location":"developer-guide/operator-quick-start/#2-via-the-olm-bundle","title":"2. Via the OLM bundle","text":"
        The other option for installing the bpfman-operator is to install it using OLM bundle.
         
        First setup the namespace and certificates for the operator with:
         
        cd bpfman/bpfman-operator\noc apply -f ./hack/ocp-scc-hacks.yaml\n
         
        Then use operator-sdk to install the bundle like so:
         
        operator-sdk run bundle quay.io/bpfman/bpfman-operator-bundle:latest --namespace openshift-bpfman\n
         
        Which can then be cleaned up at a later time with:
         
        operator-sdk cleanup bpfman-operator\n
         
        followed by
         
        oc delete -f ./hack/ocp-scc-hacks.yaml\n
        "},{"location":"developer-guide/operator-quick-start/#verify-the-installation","title":"Verify the Installation","text":"
        Independent of the method used to deploy, if the bpfman-operator came up successfully you will see the bpfman-daemon and bpfman-operator pods running without errors:
         
        kubectl get pods -n bpfman\nNAME                             READY   STATUS    RESTARTS   AGE\nbpfman-daemon-w24pr                3/3     Running   0          130m\nbpfman-operator-78cf9c44c6-rv7f2   2/2     Running   0          132m\n
        "},{"location":"developer-guide/operator-quick-start/#deploy-an-ebpf-program-to-the-cluster","title":"Deploy an eBPF Program to the cluster","text":"
        To test the deployment simply deploy one of the sample xdpPrograms:
         
        cd bpfman/bpfman-operator/\nkubectl apply -f config/samples/bpfman.io_v1alpha1_xdp_pass_xdpprogram.yaml\n
         
        If loading of the XDP Program to the selected nodes was successful it will be reported back to the user via the xdpProgram's status field:
         
        kubectl get xdpprogram xdp-pass-all-nodes -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"xdp-pass-all-nodes\"},\"spec\":{\"bpffunctionname\":\"pass\",\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/xdp_pass:latest\"}},\"globaldata\":{\"GLOBAL_u32\":[13,12,11,10],\"GLOBAL_u8\":[1]},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":0}}\n  creationTimestamp: \"2023-11-07T19:16:39Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: xdp-pass-all-nodes\n  resourceVersion: \"157187\"\n  uid: 21c71a61-4e73-44eb-9b49-07af2866d25b\nspec:\n  bpffunctionname: pass\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/xdp_pass:latest\n  globaldata:\n    GLOBAL_u8: AQ==\n    GLOBAL_u32: DQwLCg==\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 0\n  proceedon:\n  - pass\n  - dispatcher_return\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-07T19:16:42Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
         
        To see information in listing form simply run:
         
        kubectl get xdpprogram -o wide\nNAME                 BPFFUNCTIONNAME   NODESELECTOR   PRIORITY   INTERFACESELECTOR               PROCEEDON\nxdp-pass-all-nodes   pass              {}             0          {\"primarynodeinterface\":true}   [\"pass\",\"dispatcher_return\"]\n
        "},{"location":"developer-guide/operator-quick-start/#api-types-overview","title":"API Types Overview","text":"
        See api-spec.md for a more detailed description of all the bpfman Kubernetes API types.
        "},{"location":"developer-guide/operator-quick-start/#multiple-program-crds","title":"Multiple Program CRDs","text":"
        The multiple *Program CRDs are the bpfman Kubernetes API objects most relevant to users and can be used to understand clusterwide state for an eBPF program. It's designed to express how, and where eBPF programs are to be deployed within a Kubernetes cluster. Currently bpfman supports:
         
           
        • fentryProgram
          •  
        • fexitProgram
          •  
        • kprobeProgram
          •  
        • tcProgram
          •  
        • tracepointProgram
          •  
        • uprobeProgram
          •  
        • xdpProgram
          •  
        "},{"location":"developer-guide/operator-quick-start/#bpfprogram-crd","title":"BpfProgram CRD","text":"
        The BpfProgram CRD is used internally by the bpfman-deployment to keep track of per node bpfman state such as map pin points, and to report node specific errors back to the user. Kubernetes users/controllers are only allowed to view these objects, NOT create or edit them.
         
        Applications wishing to use bpfman to deploy/manage their eBPF programs in Kubernetes will make use of this object to find references to the bpfMap pin points (spec.maps) in order to configure their eBPF programs.
        "},{"location":"developer-guide/release/","title":"Release Process","text":"
        This document describes how to cut a release for the bpfman project.
        "},{"location":"developer-guide/release/#overview","title":"Overview","text":"
        A release for the bpfman project is comprised of the following major components:
         
           
        • bpfman (Core library) and bpfman-api (Core GRPC API protobuf definitions) library crates
          •  
        • bpfman (CLI), and bpfman-rpc ( gRPC server ) binary crates
          •  
        • bpf-metrics-exporter and bpf-log-exporter binary crates
          •  
        • Kubernetes User Facing Custom Resource Definitions (CRDs)
             
          • TcProgram
            •  
          • XdpProgram
            •  
          • TracepointProgram
            •  
          • UprobeProgram
            •  
          • KprobeProgram
            •  
          • FentryProgram
            •  
          • FexitProgram
            •  
           
          •  
        • Corresponding go pkgs in the form of github.com/bpfman/bpfman which includes the following:
             
          • github.com/bpfman/bpfman/clients/gobpfman/v1: The go client for the bpfman GRPC API
            •  
          • github.com/bpfman/bpfman/bpfman-operator/apis: The go bindings for the   bpfman CRD API
            •  
          • github.com/bpfman/bpfman/bpfman-operator/pkg/client: The autogenerated   clientset for the bpfman CRD API
            •  
          • github.com/bpfman/bpfman/bpfman-operator/pkg/helpers: The provided bpfman CRD   API helpers.
            •  
           
          •  
        • The following core component container images with tag :
             
          • quay.io/bpfman/bpfman
            •  
          • quay.io/bpfman/bpfman-operator
            •  
          • quay.io/bpfman/bpfman-agent
            •  
          • quay.io/bpfman/bpfman-operator-bundle
            •  
          • quay.io/bpfman/xdp-dispatcher
            •  
          • quay.io/bpfman/tc-dispatcher
            •  
           
        • The relevant example bytecode container images with tag  from source   code located in the bpfman project:
             
          • quay.io/bpfman-bytecode/go-xdp-counter
            •  
          • quay.io/bpfman-userspace/go-target
            •  
          • quay.io/bpfman-bytecode/go-tc-counter
            •  
          • quay.io/bpfman-bytecode/go-tracepoint-counter
            •  
          • quay.io/bpfman-bytecode/xdp-pass
            •  
          • quay.io/bpfman-bytecode/tc-pass
            •  
          • quay.io/bpfman-bytecode/tracepoint
            •  
          • quay.io/bpfman-bytecode/xdp-pass-private
            •  
          • quay.io/bpfman-bytecode/go-uprobe-counter
            •  
          • quay.io/bpfman-bytecode/go-kprobe-counter
            •  
          • quay.io/bpfman-bytecode/uprobe
            •  
          • quay.io/bpfman-bytecode/kprobe
            •  
          • quay.io/bpfman-bytecode/uretprobe
            •  
          • quay.io/bpfman-bytecode/kretprobe
            •  
          • quay.io/bpfman-bytecode/fentry
            •  
          • quay.io/bpfman-bytecode/fexit
            •  
           
        • The relevant example userspace container images with tag  from source   code located in the bpfman project:
             
          • quay.io/bpfman-userspace/go-xdp-counter
            •  
          • quay.io/bpfman-userspace/go-tc-counter
            •  
          • quay.io/bpfman-userspace/go-tracepoint-counter
            •  
          • quay.io/bpfman-userspace/go-uprobe-counter
            •  
          • quay.io/bpfman-userspace/go-kprobe-counter
            •  
           
        • The OLM (Operator Lifecycle Manager) for the Kubernetes Operator.
             
          • This includes a bundle directory on disk as well as the   quay.io/bpfman/bpfman-operator-bundle with the tag ."},{"location":"developer-guide/release/#versioning-strategy","title":"Versioning strategy","text":""},{"location":"developer-guide/release/#overview_1","title":"Overview","text":"
            Each new release of bpfman is defined with a \"bundle version\" that represents the Git tag of a release, such as v0.4.0. This contains the components described above
            "},{"location":"developer-guide/release/#kubernetes-api-versions-eg-v1alpha2-v1beta1","title":"Kubernetes API Versions (e.g. v1alpha2, v1beta1)","text":"
            Within the bpfman-operator, API versions are primarily used to indicate the stability of a resource. For example, if a resource has not yet graduated to beta, it is still possible that it could either be removed from the API or changed in backwards incompatible ways. For more information on API versions, refer to the full Kubernetes API versioning documentation.
            "},{"location":"developer-guide/release/#releasing-a-new-version","title":"Releasing a new version","text":""},{"location":"developer-guide/release/#writing-a-changelog","title":"Writing a Changelog","text":"
            To simplify release notes generation, we recommend using the Kubernetes release notes generator:
             
            go install k8s.io/release/cmd/release-notes@latest\nexport GITHUB_TOKEN=your_token_here\nrelease-notes --start-sha EXAMPLE_COMMIT --end-sha EXAMPLE_COMMIT --branch main --repo bpfman --org bpfman\n
             
            This output will likely need to be reorganized and cleaned up a bit, but it provides a good starting point. Once you're satisfied with the changelog, create a PR. This must go through the regular PR review process and get merged into the main branch. Approval of the PR indicates community consensus for a new release.
            "},{"location":"developer-guide/release/#release-steps","title":"Release Steps","text":"
            The following steps must be done by one of the bpfman maintainers:
             
            For a PATCH release:
             
               
            • Create a new branch in your fork named something like <githubuser>/release-x.x.x. Use the new branch   in the upcoming steps.
              •  
            • Use git to cherry-pick all relevant PRs into your branch.
              •  
            • Create a branch from the major-minor tag of interest i.e:   git checkout -b release-x.x.x <major.minor.patch>
              •  
            • Create a pull request of the <githubuser>/release-x.x.x branch into the release-x.x branch upstream.   Add a hold on this PR waiting for at least one maintainer/codeowner to provide a lgtm. This PR should:
                 
              • Add a new changelog for the release
                •  
              • Update the cargo.toml version for the workspace.
                •  
              • Update the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version.   This will generate a new /bpfman-operator/bundle directory which will ONLY be tracked in the   release-x.x branch not main.
                •  
               
              •  
            • Verify the CI tests pass and merge the PR into release-x.x.
              •  
            • Create a tag using the HEAD of the release-x.x.x branch. This can be done using the git CLI or   Github's release page.
              •  
            • The Release will be automatically created, after that is complete do the following:
                 
              • run make build-release-yamls and attach the yamls for the version to the release. These will include:
                   
                • bpfman-crds-install.yaml
                  •  
                • bpfman-operator-install.yaml
                  •  
                • go-xdp-counter-install.yaml
                  •  
                • go-tc-counter-install.yaml
                  •  
                • go-tracepoint-counter-install.yaml
                  •  
                 
                •  
               
              •  
            • Update the community-operator and   community-operators-prod repositories with   the latest bundle manifests. See the following PRs as examples:
                 
              • https://github.com/redhat-openshift-ecosystem/community-operators-prod/pull/2696
                •  
              • https://github.com/k8s-operatorhub/community-operators/pull/2790
                •  
               
              •  
             
            For a MAJOR or MINOR release:
             
               
            • Open an update PR that:
                 
              • Adds a new changelog for the release
                •  
              • Updates the cargo.toml version for the workspace.
                •  
              • Updates the bpfman-operator version in it's MAKEFILE and run make bundle to update the bundle version
                •  
              • Add's a new examples config directory for the release version
                •  
               
              •  
            • Make sure CI is green and merge the update PR.
              •  
            • Create a tag using the HEAD of the main branch. This can be done using the git CLI or   Github's release page.
              •  
            • Tag the release using the commit on main where the changelog update merged.   This can  be done using the git CLI or Github's release   page.
              •  
            • The Release will be automatically created, after that is complete do the following:
                 
              • run make build-release-yamls and attach the yamls for the version to the release. These will include:
                   
                • bpfman-crds-install.yaml
                  •  
                • bpfman-operator-install.yaml
                  •  
                • go-xdp-counter-install.yaml
                  •  
                • go-tc-counter-install.yaml
                  •  
                • go-tracepoint-counter-install.yaml
                  •  
                 
                •  
               
              •  
            "},{"location":"developer-guide/shipping-bytecode/","title":"eBPF Bytecode Image Specifications","text":""},{"location":"developer-guide/shipping-bytecode/#introduction","title":"Introduction","text":"
            The eBPF Bytecode Image specification defines how to package eBPF bytecode as container images. The initial primary use case focuses on the containerization and deployment of eBPF programs within container orchestration systems such as Kubernetes, where it is necessary to provide a portable way to distribute bytecode to all nodes which need it.
            "},{"location":"developer-guide/shipping-bytecode/#specifications","title":"Specifications","text":"
            We provide two distinct spec variants here to ensure interoperatiblity with existing registries and packages which do no support the new custom media types defined here.
             
               
            • custom-data-type-spec
              •  
            • backwards-compatable-spec
              •  
            "},{"location":"developer-guide/shipping-bytecode/#backwards-compatible-oci-compliant-spec","title":"Backwards compatible OCI compliant spec","text":"
            This variant makes use of existing OCI conventions to represent eBPF Bytecode as container images.
            "},{"location":"developer-guide/shipping-bytecode/#image-layers","title":"Image Layers","text":"
            The container images following this variant must contain exactly one layer who's media type is one of the following:
             
               
            • application/vnd.oci.image.layer.v1.tar+gzip or the compliant application/vnd.docker.image.rootfs.diff.tar.gzip
              •  
             
            Additionally the image layer must contain a valid eBPF object file (generally containing a .o extension) placed at the root of the layer ./.
            "},{"location":"developer-guide/shipping-bytecode/#image-labels","title":"Image Labels","text":"
            To provide relevant metadata regarding the bytecode to any consumers, some relevant labels MUST be defined on the image.
             
            These labels are defined as follows:
             
               
            •  
              io.ebpf.program_type: The eBPF program type (i.e xdp,tc, sockops, ...).
               
              •  
            •  
              io.ebpf.filename: The Filename of the bytecode stored in the image.
               
              •  
            •  
              io.ebpf.program_name: The name of the eBPF Program represented in the bytecode.
               
              •  
            •  
              io.ebpf.bpf_function_name: The name of the function that is the entry point for the BPF program.
               
              •  
            "},{"location":"developer-guide/shipping-bytecode/#building-a-backwards-compatible-oci-compliant-image","title":"Building a Backwards compatible OCI compliant image","text":"
            An Example Containerfile can be found at /packaging/container/deployment/Containerfile.bytecode
             
            To use the provided templated Containerfile simply run a docker build command like the following:
             
            docker build \\\n --build-arg PROGRAM_NAME=xdp_pass \\\n --build-arg BPF_FUNCTION_NAME=pass \\\n --build-arg PROGRAM_TYPE=xdp \\\n --build-arg BYTECODE_FILENAME=pass.bpf.o \\\n --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n -f Containerfile.bytecode \\\n /home/<USER>/bytecode -t quay.io/<USER>/xdp_pass:latest\n
             
            Where /home/<USER>/bytecode is the directory the bytecode object file is located.
             
            Users can also use skopeo to ensure the image follows the backwards compatible version of the spec:
             
               
            • skopeo inspect will show the correctly configured labels stored in the   configuration layer (application/vnd.oci.image.config.v1+json) of the image.
              •  
             
            skopeo inspect docker://quay.io/astoycos/xdp_pass:latest\n{\n    \"Name\": \"quay.io/<USER>/xdp_pass\",\n    \"Digest\": \"sha256:db1f7dd03f9fba0913e07493238fcfaf0bf08de37b8e992cc5902775dfb9086a\",\n    \"RepoTags\": [\n        \"latest\"\n    ],\n    \"Created\": \"2022-08-14T14:27:20.147468277Z\",\n    \"DockerVersion\": \"\",\n    \"Labels\": {\n        \"io.buildah.version\": \"1.26.1\",\n        \"io.ebpf.filename\": \"pass.bpf.o\",\n        \"io.ebpf.program_name\": \"xdp_counter\",\n        \"io.ebpf.program_type\": \"xdp\",\n        \"io.ebpf.bpf_function_name\": \"pass\"\n    },\n    \"Architecture\": \"amd64\",\n    \"Os\": \"linux\",\n    \"Layers\": [\n        \"sha256:5f6dae6f567601fdad15a936d844baac1f30c31bd3df8df0c5b5429f3e048000\"\n    ],\n    \"Env\": [\n        \"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin\"\n    ]\n}\n
             
               
            • skopeo inspect --raw will show the correct layer type is used in the image.
              •  
             
            skopeo inspect --raw  docker://quay.io/astoycos/xdp_pass:latest\n{\"schemaVersion\":2,\"mediaType\":\"application/vnd.oci.image.manifest.v1+json\",\"config\":{\"mediaType\":\"application/vnd.oci.image.config.v1+json\",\"digest\":\"sha256:ff4108b8405a877b2df3e06f9287c509b9d62d6c241c9a5213d81a9abee80361\",\"size\":2385},\"layers\":[{\"mediaType\":\"application/vnd.oci.image.layer.v1.tar+gzip\",\"digest\":\"sha256:5f6dae6f567601fdad15a936d844baac1f30c31bd3df8df0c5b5429f3e048000\",\"size\":1539}],\"annotations\":{\"org.opencontainers.image.base.digest\":\"sha256:86b59a6cf7046c624c47e40a5618b383d763be712df2c0e7aaf9391c2c9ef559\",\"org.opencontainers.image.base.name\":\"\"}}\n
            "},{"location":"developer-guide/shipping-bytecode/#custom-oci-compatible-spec","title":"Custom OCI compatible spec","text":"
            This variant of the eBPF bytecode image spec uses custom OCI medium types to represent eBPF bytecode as container images. Many toolchains and registries may not support this yet.
             
            TODO(astoycos)
            "},{"location":"developer-guide/testing/","title":"Testing","text":"
            This document describes the automated testing that is done for each pull request submitted to bpfman, and also provides instructions for running them locally when doing development.
            "},{"location":"developer-guide/testing/#unit-testing","title":"Unit Testing","text":"
            Unit testing is executed as part of the build job by running the following command in the top-level bpfman directory.
             
             cargo test\n
            "},{"location":"developer-guide/testing/#go-example-tests","title":"Go Example Tests","text":"
            Tests are run for each of the example programs found in directory examples
             
            Detailed description TBD
            "},{"location":"developer-guide/testing/#basic-integration-tests","title":"Basic Integration Tests","text":"
            The full set of basic integration tests are executed by running the following command in the top-level bpfman directory.
             
            cargo xtask integration-test\n
             
            Optionally, a subset of the integration tests can be run by adding the \"--\" and a list of one or more names at the end of the command as shown below.
             
            cargo xtask integration-test -- test_load_unload_xdp test_proceed_on_xdp\n
             
            The integration tests start a bpfman daemon process, and issue CLI commands to verify a range of functionality.  For XDP and TC programs that are installed on network interfaces, the integration test code creates a test network namespace connected to the host by a veth pair on which the programs are attached. The test code uses the IP subnet 172.37.37.1/24 for the namespace. If that address conflicts with an existing network on the host, it can be changed by setting the BPFMAN_IP_PREFIX environment variable to one that is available as shown below.
             
            export BPFMAN_IP_PREFIX=\"192.168.50\"\n
             
            If bpfman logs are needed to help debug an integration test, set RUST_LOG either globally or for a given test.
             
            export RUST_LOG=info\n
             OR 
            RUST_LOG=info cargo xtask integration-test -- test_load_unload_xdp test_proceed_on_xdp\n
             
            There are two categories of integration tests: basic and e2e.  The basic tests verify basic CLI functionality such as loading, listing, and unloading programs.  The e2e tests verify more advanced functionality such as the setting of global variables, priority, and proceed-on by installing the programs, creating traffic if needed, and examining logs to confirm that things are running as expected.
             
            Most eBPF test programs are loaded from container images stored on quay.io. The source code for the eBPF test programs can be found in the tests/integration-test/bpf directory.  These programs are compiled by executing cargo xtask build-ebpf --libbpf-dir <libbpf dir>
             
            We also load some tests from local files to test the load-from-file option.
             
            The bpf directory also contains a script called build_push_images.sh that can be used to build and push new images to quay if the code is changed. Images get pushed automatically when code gets merged, however, it's still useful to be able to push them manually sometimes. For example, when a new test case requires that both the eBPF and integration code be changed together.  It is also a useful template for new eBPF test code that needs to be pushed. However, as a word of caution, be aware that existing integration tests will start using the new programs immediately, so this should only be done if the modified program is backward compatible.
            "},{"location":"developer-guide/testing/#kubernetes-operator-tests","title":"Kubernetes Operator Tests","text":""},{"location":"developer-guide/testing/#kubernetes-operator-unit-tests","title":"Kubernetes Operator Unit Tests","text":"
            To run all of the unit tests defined in the bpfman-operator controller code run make test in the bpfman-operator directory.
            "},{"location":"developer-guide/testing/#kubernetes-operator-integration-tests","title":"Kubernetes Operator Integration Tests","text":"
            To run the Kubernetes Operator integration tests locally:
             
               
            1. Build the example test code images.
              2.  
             
                # in bpfman/examples\n    make build-us-images\n    make build-bc-images\n
             
               
            1. Build the bpfman images locally with the int-test tag.
              2.  
             
                # in bpfman/bpfman-operator\n    BPFMAN_AGENT_IMG=quay.io/bpfman/bpfman-agent:int-test BPFMAN_IMG=quay.io/bpfman/bpfman:int-test BPFMAN_OPERATOR_IMG=quay.io/bpfman/bpfman-operator:int-test make build-images\n
             
               
            1. Run the integration test suite.
              2.  
             
                # in bpfman/bpfman-operator\n    BPFMAN_AGENT_IMG=quay.io/bpfman/bpfman-agent:int-test BPFMAN_IMG=quay.io/bpfman/bpfman:int-test BPFMAN_OPERATOR_IMG=quay.io/bpfman/bpfman-operator:int-test make test-integration\n
             
            Additionally the integration test can be configured with the following environment variables:
             
               
            • KEEP_TEST_CLUSTER: If set to true the test cluster will not be torn down   after the integration test suite completes.
              •  
            • USE_EXISTING_KIND_CLUSTER: If this is set to the name of the existing kind   cluster the integration test suite will use that cluster instead of creating a   new one.
              •  
            "},{"location":"developer-guide/xdp-overview/","title":"XDP Tutorial","text":"
            The XDP hook point is unique in that the associated eBPF program attaches to an interface and only one eBPF program is allowed to attach to the XDP hook point for a given interface. Due to this limitation, the libxdp protocol was written. The one program that is attached to the XDP hook point is an eBPF dispatcher program. The dispatcher program contains a list of 10 stub functions. When XDP programs wish to be loaded, they are loaded as extension programs which are then called in place of one of the stub functions.
             
            bpfman is leveraging the libxdp protocol to allow it's users to load up to 10 XDP programs on a given interface. This tutorial will show you how to use bpfman to load multiple XDP programs on an interface.
             
            Note: The TC hook point is also associated with an interface. Within bpfman, TC is implemented in a similar fashion to XDP in that it uses a dispatcher with stub functions. TCX is a fairly new kernel feature that improves how the kernel handles multiple TC programs on a given interface. bpfman is on the process of integrating TCX support, which will replace the dispatcher logic for TC. Until then, assume TC behaves in a similar fashion to XDP.
             
            See Launching bpfman for more detailed instructions on building and loading bpfman. This tutorial assumes bpfman has been built and the bpfman CLI is in $PATH.
            "},{"location":"developer-guide/xdp-overview/#load-xdp-program","title":"Load XDP program","text":"
            We will load the simple xdp-pass program, which permits all traffic to the attached interface, eno3 in this example. We will use the priority of 100. Find a deeper dive into CLI syntax in CLI Guide.
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp \\\n  --iface eno3 --priority 100\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
             
            bpfman load image returns the same data as a bpfman get command. From the output, the Program Id of 6213 can be found in the Kernel State section. This id can be used to perform a bpfman get to retrieve all relevant program data and a bpfman unload when the program needs to be unloaded.
             
            sudo bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n
             
            We can recheck the details about the loaded program with the bpfman get command:
             
            sudo bpfman get 6213\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
             
            From the output above you can see the program was loaded to position 0 on our interface and thus will be executed first.
            "},{"location":"developer-guide/xdp-overview/#loading-additional-xdp-programs","title":"Loading Additional XDP Programs","text":"
            We will now load 2 more programs with different priorities to demonstrate how bpfman will ensure they are ordered correctly:
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp \\\n  --iface eno3 --priority 50\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6215\n Map Owner ID:  None\n Map Used By:   6215\n Priority:      50\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6215\n Name:                             pass\n Type:                             xdp\n:\n
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp \\\n  --iface eno3 --priority 200\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6217\n Map Owner ID:  None\n Map Used By:   6217\n Priority:      200\n Iface:         eno3\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6217\n Name:                             pass\n Type:                             xdp\n:\n
             
            Using bpfman list we can see all the programs that were loaded.
             
            sudo bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n
             
            The lowest priority program is executed first, while the highest is executed last. As can be seen from the detailed output for each command below:
             
               
            • Program 6215 is at position 0 with a priority of 50
              •  
            • Program 6213 is at position 1 with a priority of 100
              •  
            • Program 6217 is at position 2 with a priority of 200
              •  
             
            sudo bpfman get 6213\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      100\n Iface:         eno3\n Position:      1\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6213\n Name:                             pass\n Type:                             xdp\n:\n
             
            sudo bpfman get 6215\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      50\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6215\n Name:                             pass\n Type:                             xdp\n:\n
             
            sudo bpfman get 6217\n Bpfman State\n---------------\n Name:          pass\n:\n Priority:      200\n Iface:         eno3\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6217\n Name:                             pass\n Type:                             xdp\n:\n
             
            By default, the next program in the chain will only be executed if a given program returns pass (see proceed-on field in the bpfman get output above). If the next program in the chain should be called even if a different value is returned, then the program can be loaded with those additional return values using the proceed-on parameter (see bpfman load image xdp --help for list of valid values):
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp \\\n  --iface eno3 --priority 150 --proceed-on \"pass\" --proceed-on \"dispatcher_return\"\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6219\n Map Owner ID:  None\n Map Used By:   6219\n Priority:      150\n Iface:         eno3\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6219\n Name:                             pass\n Type:                             xdp\n:\n
             
            Which results in being loaded in position 2 because it was loaded at priority 150, which is lower than the previous program at that position with a priority of 200.
            "},{"location":"developer-guide/xdp-overview/#delete-xdp-program","title":"Delete XDP Program","text":"
            Let's remove the program at position 1.
             
            sudo bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n 6219        pass  xdp   2023-07-17T17:59:41-0400\n
             
            sudo bpfman unload 6213\n
             
            And we can verify that it has been removed and the other programs re-ordered:
             
            sudo bpfman list\n Program ID  Name  Type  Load Time\n 6215        pass  xdp   2023-07-17T17:52:46-0400\n 6217        pass  xdp   2023-07-17T17:53:57-0400\n 6219        pass  xdp   2023-07-17T17:59:41-0400\n
             
            bpfman get 6215\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6215\n Map Owner ID:  None\n Map Used By:   6215\n Priority:      50\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6215\n Name:                             pass\n Type:                             xdp\n:\n
             
            bpfman get 6217\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6217\n Map Owner ID:  None\n Map Used By:   6217\n Priority:      200\n Iface:         eno3\n Position:      2\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6217\n Name:                             pass\n Type:                             xdp\n:\n
             
            bpfman get 6219\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6219\n Map Owner ID:  None\n Map Used By:   6219\n Priority:      150\n Iface:         eno3\n Position:      1\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6219\n Name:                             pass\n Type:                             xdp\n:\n
            "},{"location":"getting-started/building-bpfman/","title":"Setup and Building bpfman","text":"
            This section describes how to build bpfman. If this is the first time building bpfman, jump to the Development Environment Setup section for help installing the tooling.
             
            There is also an option to run images from a given release, or from an RPM, as opposed to building locally. Jump to the Run bpfman From Release Image section for installing from a fixed release or jump to the Run bpfman From RPM section for installing from an RPM.
            "},{"location":"getting-started/building-bpfman/#kernel-versions","title":"Kernel Versions","text":"
            eBPF is still a relatively new technology and being actively developed. To take advantage of this constantly evolving technology, it is best to use the newest kernel version possible. If bpfman needs to be run on an older kernel, this section describes some of the kernel features bpfman relies on to work and which kernel the feature was first introduced.
             
            Major kernel features leveraged by bpfman:
             
               
            • Program Extensions: Program Extensions allows bpfman to load multiple XDP or TC eBPF programs   on an interface, which is not natively supported in the kernel.   A dispatcher program is loaded as the one program on a given interface, and the user's XDP or TC   programs are loaded as extensions to the dispatcher program.   Introduced in Kernel 5.6.
              •  
            • Pinning: Pinning allows the eBPF program to remain loaded when the loading process (bpfman) is   stopped or restarted.   Introduced in Kernel 4.11.
              •  
            • BPF Perf Link: Support BPF perf link for tracing programs (Tracepoint, Uprobe and Kprobe)   which enables pinning for these program types.   Introduced in Kernel 5.15.
              •  
            • Relaxed CAP_BPF Requirement: Prior to Kernel 5.19, all eBPF system calls required CAP_BPF.   This required userspace programs that wanted to access eBPF maps to have the CAP_BPF Linux capability.   With the kernel 5.19 change, CAP_BPF is only required for load and unload requests.
              •  
             
            bpfman tested on older kernel versions:
             
               
            • Fedora 34: Kernel 5.17.6-100.fc34.x86_64
                 
              • XDP, TC, Tracepoint, Uprobe and Kprobe programs all loaded with bpfman running on localhost   and running as systemd service.
                •  
               
              •  
            • Fedora 33: Kernel 5.14.18-100.fc33.x86_64
                 
              • XDP and TC programs loaded with bpfman running on localhost and running as systemd service   once SELinux was disabled (see https://github.com/fedora-selinux/selinux-policy/pull/806).
                •  
              • Tracepoint, Uprobe and Kprobe programs failed to load because they require the BPF Perf Link   support.
                •  
               
              •  
            • Fedora 32: Kernel 5.11.22-100.fc32.x86_64
                 
              • XDP and TC programs loaded with bpfman running on localhost once SELinux was disabled   (see https://github.com/fedora-selinux/selinux-policy/pull/806).
                •  
              • bpfman fails to run as a systemd service because of some capabilities issues in the   bpfman.service file.
                •  
              • Tracepoint, Uprobe and Kprobe programs failed to load because they require the BPF Perf Link   support.
                •  
               
              •  
            • Fedora 31: Kernel 5.8.18-100.fc31.x86_64
                 
              • bpfman was able to start on localhost, but XDP and TC programs wouldn't load because   BPF_LINK_CREATE call was updated in newer kernels.
                •  
              • bpfman fails to run as a systemd service because of some capabilities issues in the   bpfman.service file.
                •  
               
              •  
            "},{"location":"getting-started/building-bpfman/#clone-the-bpfman-repo","title":"Clone the bpfman Repo","text":"
            You can build and run bpfman from anywhere. However, if you plan to make changes to the bpfman operator, specifically run make generate, it will need to be under your GOPATH because Kubernetes Code-generator does not work outside of GOPATH Issue 86753. Assuming your GOPATH is set to the typical $HOME/go, your repo should live in $HOME/go/src/github.com/bpfman/bpfman
             
            mkdir -p $HOME/go/src/github.com/bpfman\ncd $HOME/go/src/github.com/bpfman\ngit clone git@github.com:bpfman/bpfman.git\n
            "},{"location":"getting-started/building-bpfman/#building-bpfman","title":"Building bpfman","text":"
            To just test with the latest bpfman, containerized image are stored in quay.io/bpfman (see bpfman Container Images). To build with local changes, use the following commands.
             
            If you are building bpfman for the first time OR the eBPF code has changed:
             
            cargo xtask build-ebpf --libbpf-dir /path/to/libbpf\n
             
            If protobuf files have changed (see RPC Protobuf Generation):
             
            cargo xtask build-proto\n
             
            To build bpfman:
             
            cargo build\n
            "},{"location":"getting-started/building-bpfman/#building-cli-tab-completion-files","title":"Building CLI TAB completion files","text":"
            Optionally, to build the CLI TAB completion files, run the following command:
             
            cargo xtask build-completion\n
             
            Files are generated for different shells:
             
            ls .output/completions/\n_bpfman  bpfman.bash  bpfman.elv  bpfman.fish  _bpfman.ps1\n
            "},{"location":"getting-started/building-bpfman/#bash","title":"bash","text":"
            For bash, this generates a file that can be used by the linux bash-completion utility (see Install bash-completion for installation instructions).
             
            If the files are generated, they are installed automatically when using the install script (i.e. sudo ./scripts/setup.sh install - See Run as a systemd Service). To install the files manually, copy the file associated with a given shell to /usr/share/bash-completion/completions/. For example:
             
            sudo cp .output/completions/bpfman.bash /usr/share/bash-completion/completions/.\n\nbpfman g<TAB>\n
            "},{"location":"getting-started/building-bpfman/#other-shells","title":"Other shells","text":"
            Files are generated other shells (Elvish, Fish, PowerShell and zsh). For these shells, generated file must be manually installed.
            "},{"location":"getting-started/building-bpfman/#building-cli-manpages","title":"Building CLI Manpages","text":"
            Optionally, to build the CLI Manpage files, run the following command:
             
            cargo xtask build-man-page\n
             
            If the files are generated, they are installed automatically when using the install script (i.e. sudo ./scripts/setup.sh install - See Run as a systemd Service). To install the files manually, copy the generated files to /usr/local/share/man/man1/. For example:
             
            sudo cp .output/manpage/bpfman*.1 /usr/local/share/man/man1/.\n
             
            Once installed, use man to view the pages.
             
            man bpfman list\n
             
            NOTE: bpfman commands with subcommands (specifically bpfman load) have - in the manpage subcommand generation. So use bpfman load-file, bpfman load-image, bpfman load-image-xdp, etc. to display the subcommand manpage files.
            "},{"location":"getting-started/building-bpfman/#development-environment-setup","title":"Development Environment Setup","text":"
            To build bpfman, the following packages must be installed.
            "},{"location":"getting-started/building-bpfman/#install-rust-toolchain","title":"Install Rust Toolchain","text":"
            For further detailed instructions, see Rust Stable & Rust Nightly.
             
            curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh\nsource \"$HOME/.cargo/env\"\nrustup toolchain install nightly -c rustfmt,clippy,rust-src\n
            "},{"location":"getting-started/building-bpfman/#install-llvm","title":"Install LLVM","text":"
            LLVM 11 or later must be installed. Linux package managers should provide a recent enough release.
             
            dnf based OS:
             
            sudo dnf install llvm-devel clang-devel elfutils-libelf-devel\n
             
            apt based OS:
             
            sudo apt install clang lldb lld libelf-dev gcc-multilib\n
            "},{"location":"getting-started/building-bpfman/#install-protobuf-compiler","title":"Install Protobuf Compiler","text":"
            For further detailed instructions, see protoc.
             
            dnf based OS:
             
            sudo dnf install protobuf-compiler\n
             
            apt based OS:
             
            sudo apt install protobuf-compiler\n
            "},{"location":"getting-started/building-bpfman/#install-go-protobuf-compiler-extensions","title":"Install GO protobuf Compiler Extensions","text":"
            See Quick Start Guide for gRPC in Go for installation instructions.
            "},{"location":"getting-started/building-bpfman/#local-libbpf","title":"Local libbpf","text":"
            Checkout a local copy of libbpf.
             
            git clone https://github.com/libbpf/libbpf --branch v0.8.0\n
            "},{"location":"getting-started/building-bpfman/#install-perl","title":"Install perl","text":"
            Install perl:
             
            dnf based OS:
             
            sudo dnf install perl\n
             
            apt based OS:
             
            sudo apt install perl\n
            "},{"location":"getting-started/building-bpfman/#install-docker","title":"Install docker","text":"
            To build the bpfman-agent and bpfman-operator using the provided Makefile and the make build-images command, docker needs to be installed. There are several existing guides:
             
               
            • Fedora: https://developer.fedoraproject.org/tools/docker/docker-installation.html
              •  
            • Linux: https://docs.docker.com/engine/install/
              •  
            "},{"location":"getting-started/building-bpfman/#install-kind","title":"Install Kind","text":"
            Optionally, to test bpfman running in Kubernetes, the easiest method and the one documented throughout the bpfman documentation is to run a Kubernetes Kind cluster. See kind for documentation and installation instructions. kind also requires docker to be installed.
             
            NOTE: By default, bpfman-operator deploys bpfman with CSI enabled. CSI requires Kubernetes v1.26 due to a PR (kubernetes/kubernetes#112597) that addresses a gRPC Protocol Error that was seen in the CSI client code and it doesn't appear to have been backported. It is recommended to install kind v0.20.0 or later.
             
            If the following error is seen, it means there is an older version of Kubernetes running and it needs to be upgraded.
             
            kubectl get pods -A\nNAMESPACE   NAME                               READY   STATUS             RESTARTS      AGE\nbpfman      bpfman-daemon-2hnhx                2/3     CrashLoopBackOff   4 (38s ago)   2m20s\nbpfman      bpfman-operator-6b6cf97857-jbvv4   2/2     Running            0             2m22s\n:\n\nkubectl logs -n bpfman bpfman-daemon-2hnhx -c node-driver-registrar\n:\nE0202 15:33:12.342704       1 main.go:101] Received NotifyRegistrationStatus call: &RegistrationStatus{PluginRegistered:false,Error:RegisterPlugin error -- plugin registration failed with err: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR,}\nE0202 15:33:12.342723       1 main.go:103] Registration process failed with error: RegisterPlugin error -- plugin registration failed with err: rpc error: code = Internal desc = stream terminated by RST_STREAM with error code: PROTOCOL_ERROR, restarting registration container.\n
            "},{"location":"getting-started/building-bpfman/#install-bash-completion","title":"Install bash-completion","text":"
            bpfman uses the Rust crate clap for the CLI implementation. clap has an optional Rust crate clap_complete. For bash shell, it leverages bash-completion for CLI Command  completion. So in order for CLI  completion to work in a bash shell, bash-completion must be installed. This feature is optional. 
            For the CLI  completion to work after installation, /etc/profile.d/bash_completion.sh must be sourced in the running sessions. New login sessions should pick it up automatically. 
            dnf based OS:
             
            sudo dnf install bash-completion\nsource /etc/profile.d/bash_completion.sh\n
             
            apt based OS:
             
            sudo apt install bash-completion\nsource /etc/profile.d/bash_completion.sh\n
            "},{"location":"getting-started/building-bpfman/#install-yaml-formatter","title":"Install Yaml Formatter","text":"
            As part of CI, the Yaml files are validated with a Yaml formatter. Optionally, to verify locally, install the YAML Language Support by Red Hat VsCode Extension, or to format in bulk, install prettier.
             
            To install prettier:
             
            npm install -g prettier\n
             
            Then to flag which files are violating the formatting guide, run:
             
            prettier -l \"*.yaml\"\n
             
            And to write changes in place, run:
             
             prettier -f \"*.yaml\"\n
            "},{"location":"getting-started/building-bpfman/#install-toml-formatter","title":"Install toml Formatter","text":"
            As part of CI, the toml files are validated with a toml formatter. Optionally, to verify locally, install taplo.
             
            cargo install taplo-cli\n
             
            And to verify locally:
             
            taplo fmt --check\n
            "},{"location":"getting-started/cli-guide/","title":"CLI Guide","text":"
            bpfman offers several CLI commands to interact with the bpfman daemon. The CLI allows you to load, unload, get and list eBPF programs.
            "},{"location":"getting-started/cli-guide/#notes-for-this-guide","title":"Notes For This Guide","text":"
            As described in other sections, bpfman can be run as either a privileged process or a systemd service. If run as a privileged process, bpfman will most likely be run from your local development branch and will require sudo. Example:
             
            sudo ./target/debug/bpfman list\n
             
            If run as a systemd service, bpfman will most likely be installed in your $PATH, and will also require sudo. Example:
             
            sudo bpfman list\n
             
            The examples here use sudo bpfman in place of sudo ./target/debug/bpfman for readability, use as your system is deployed.
             
            eBPF object files used in the examples are taken from the examples and integration-test directories from the bpfman repository.
            "},{"location":"getting-started/cli-guide/#basic-syntax","title":"Basic Syntax","text":"
            Below are the commands supported by bpfman.
             
            sudo bpfman --help\nAn eBPF manager focusing on simplifying the deployment and administration of eBPF programs.\n\nUsage: bpfman <COMMAND>\n\nCommands:\n  load    Load an eBPF program on the system\n  unload  Unload an eBPF program using the Program Id\n  list    List all eBPF programs loaded via bpfman\n  get     Get an eBPF program using the Program Id\n  image   eBPF Bytecode Image related commands\n  help    Print this message or the help of the given subcommand(s)\n\nOptions:\n  -h, --help\n          Print help (see a summary with '-h')\n
            "},{"location":"getting-started/cli-guide/#bpfman-load","title":"bpfman load","text":"
            The bpfman load file and bpfman load image commands are used to load eBPF programs. The bpfman load file command is used to load a locally built eBPF program. The bpfman load image command is used to load an eBPF program packaged in a OCI container image from a given registry. Each program type (i.e. <COMMAND>) has it's own set of attributes specific to the program type, and those attributes MUST come after the program type is entered. There are a common set of attributes, and those MUST come before the program type is entered.
             
            sudo bpfman load file --help\nLoad an eBPF program from a local .o file\n\nUsage: bpfman load file [OPTIONS] --path <PATH> --name <NAME> <COMMAND>\n\nCommands:\n  xdp         Install an eBPF program on the XDP hook point for a given interface\n  tc          Install an eBPF program on the TC hook point for a given interface\n  tracepoint  Install an eBPF program on a Tracepoint\n  kprobe      Install a kprobe or kretprobe eBPF probe\n  uprobe      Install a uprobe or uretprobe eBPF probe\n  fentry      Install a fentry eBPF probe\n  fexit       Install a fexit eBPF probe\n  help        Print this message or the help of the given subcommand(s)\n\nOptions:\n  -p, --path <PATH>\n          Required: Location of local bytecode file\n          Example: --path /run/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n\n  -n, --name <NAME>\n          Required: The name of the function that is the entry point for the BPF program\n\n  -g, --global <GLOBAL>...\n          Optional: Global variables to be set when program is loaded.\n          Format: <NAME>=<Hex Value>\n\n          This is a very low level primitive. The caller is responsible for formatting\n          the byte string appropriately considering such things as size, endianness,\n          alignment and packing of data structures.\n\n  -m, --metadata <METADATA>\n          Optional: Specify Key/Value metadata to be attached to a program when it\n          is loaded by bpfman.\n          Format: <KEY>=<VALUE>\n\n          This can later be used to `list` a certain subset of programs which contain\n          the specified metadata.\n          Example: --metadata owner=acme\n\n      --map-owner-id <MAP_OWNER_ID>\n          Optional: Program Id of loaded eBPF program this eBPF program will share a map with.\n          Only used when multiple eBPF programs need to share a map.\n          Example: --map-owner-id 63178\n\n  -h, --help\n          Print help (see a summary with '-h')\n
             
            and
             
            sudo bpfman load image --help\nLoad an eBPF program packaged in a OCI container image from a given registry\n\nUsage: bpfman load image [OPTIONS] --image-url <IMAGE_URL> <COMMAND>\n\nCommands:\n  xdp         Install an eBPF program on the XDP hook point for a given interface\n  tc          Install an eBPF program on the TC hook point for a given interface\n  tracepoint  Install an eBPF program on a Tracepoint\n  kprobe      Install a kprobe or kretprobe eBPF probe\n  uprobe      Install a uprobe or uretprobe eBPF probe\n  fentry      Install a fentry eBPF probe\n  fexit       Install a fexit eBPF probe\n  help        Print this message or the help of the given subcommand(s)\n\nOptions:\n  -i, --image-url <IMAGE_URL>\n          Required: Container Image URL.\n          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest\n\n  -r, --registry-auth <REGISTRY_AUTH>\n          Optional: Registry auth for authenticating with the specified image registry.\n          This should be base64 encoded from the '<username>:<password>' string just like\n          it's stored in the docker/podman host config.\n          Example: --registry_auth \"YnjrcKw63PhDcQodiU9hYxQ2\"\n\n  -p, --pull-policy <PULL_POLICY>\n          Optional: Pull policy for remote images.\n\n          [possible values: Always, IfNotPresent, Never]\n\n          [default: IfNotPresent]\n\n  -n, --name <NAME>\n          Optional: The name of the function that is the entry point for the BPF program.\n          If not provided, the program name defined as part of the bytecode image will be used.\n\n          [default: ]\n\n  -g, --global <GLOBAL>...\n          Optional: Global variables to be set when program is loaded.\n          Format: <NAME>=<Hex Value>\n\n          This is a very low level primitive. The caller is responsible for formatting\n          the byte string appropriately considering such things as size, endianness,\n          alignment and packing of data structures.\n\n  -m, --metadata <METADATA>\n          Optional: Specify Key/Value metadata to be attached to a program when it\n          is loaded by bpfman.\n          Format: <KEY>=<VALUE>\n\n          This can later be used to list a certain subset of programs which contain\n          the specified metadata.\n          Example: --metadata owner=acme\n\n      --map-owner-id <MAP_OWNER_ID>\n          Optional: Program Id of loaded eBPF program this eBPF program will share a map with.\n          Only used when multiple eBPF programs need to share a map.\n          Example: --map-owner-id 63178\n\n  -h, --help\n          Print help (see a summary with '-h')\n
             
            When using either load command, --path, --image-url, --registry-auth, --pull-policy, --name,  --global, --metadata and --map-owner-id must be entered before the <COMMAND> (xdp, tc,  tracepoint, etc) is entered. Then each <COMMAND> has its own custom parameters (same for both bpfman load file and bpfman load image):
             
            sudo bpfman load file xdp --help\nInstall an eBPF program on the XDP hook point for a given interface\n\nUsage: bpfman load file --path <PATH> --name <NAME> xdp [OPTIONS] --iface <IFACE> --priority <PRIORITY>\n\nOptions:\n  -i, --iface <IFACE>\n          Required: Interface to load program on\n\n  -p, --priority <PRIORITY>\n          Required: Priority to run program in chain. Lower value runs first\n\n      --proceed-on <PROCEED_ON>...\n          Optional: Proceed to call other programs in chain on this exit code.\n          Multiple values supported by repeating the parameter.\n          Example: --proceed-on \"pass\" --proceed-on \"drop\"\n\n          [possible values: aborted, drop, pass, tx, redirect, dispatcher_return]\n\n          [default: pass, dispatcher_return]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
             
            Example loading from local file (--path is the fully qualified path):
             
            sudo bpfman load file --path $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o --name \"pass\" xdp --iface vethb2795c7 --priority 100\n
             
            Example from image in remote repository (Note: --name is built into the image and is not required):
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface vethb2795c7 --priority 100\n
             
            The tc command is similar to xdp, but it also requires the direction option and the proceed-on values are different.
             
            sudo bpfman load file tc -h\nInstall an eBPF program on the TC hook point for a given interface\n\nUsage: bpfman load file --path <PATH> --name <NAME> tc [OPTIONS] --direction <DIRECTION> --iface <IFACE> --priority <PRIORITY>\n\nOptions:\n  -d, --direction <DIRECTION>\n          Required: Direction to apply program.\n\n          [possible values: ingress, egress]\n\n  -i, --iface <IFACE>\n          Required: Interface to load program on\n\n  -p, --priority <PRIORITY>\n          Required: Priority to run program in chain. Lower value runs first\n\n      --proceed-on <PROCEED_ON>...\n          Optional: Proceed to call other programs in chain on this exit code.\n          Multiple values supported by repeating the parameter.\n          Example: --proceed-on \"ok\" --proceed-on \"pipe\"\n\n          [possible values: unspec, ok, reclassify, shot, pipe, stolen, queued,\n                            repeat, redirect, trap, dispatcher_return]\n\n          [default: ok, pipe, dispatcher_return]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
             
            The following is an example of the tc command using short option names:
             
            sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -n \"pass\" tc -d ingress -i mynet1 -p 40\n
             
            For the tc_pass.bpf.o program loaded with the command above, the name would be set as shown in the following snippet:
             
            SEC(\"classifier/pass\")\nint accept(struct __sk_buff *skb)\n{\n    :\n}\n
            "},{"location":"getting-started/cli-guide/#additional-load-examples","title":"Additional Load Examples","text":"
            Below are some additional examples of bpfman load commands:
            "},{"location":"getting-started/cli-guide/#fentry","title":"Fentry","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/fentry:latest fentry -f do_unlinkat\n
            "},{"location":"getting-started/cli-guide/#fexit","title":"Fexit","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/fexit:latest fexit -f do_unlinkat\n
            "},{"location":"getting-started/cli-guide/#kprobe","title":"Kprobe","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/kprobe:latest kprobe -f try_to_wake_up\n
            "},{"location":"getting-started/cli-guide/#kretprobe","title":"Kretprobe","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/kretprobe:latest kprobe -f try_to_wake_up -r\n
            "},{"location":"getting-started/cli-guide/#tc","title":"TC","text":"
            sudo bpfman load file --path $HOME/src/bpfman/examples/go-tc-counter/bpf_bpfel.o --name \"stats\"\" tc --direction ingress --iface vethb2795c7 --priority 110\n
            "},{"location":"getting-started/cli-guide/#uprobe","title":"Uprobe","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/uprobe:latest uprobe -f \"malloc\" -t \"libc\"\n
            "},{"location":"getting-started/cli-guide/#uretprobe","title":"Uretprobe","text":"
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/uretprobe:latest uprobe -f \"malloc\" -t \"libc\" -r\n
            "},{"location":"getting-started/cli-guide/#xdp","title":"XDP","text":"
            sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o --name \"xdp_stats\" xdp --iface vethb2795c7 --priority 35\n
            "},{"location":"getting-started/cli-guide/#setting-global-variables-in-ebpf-programs","title":"Setting Global Variables in eBPF Programs","text":"
            Global variables can be set for any eBPF program type when loading as follows:
             
            sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/tc_pass.bpf.o -g GLOBAL_u8=01020304 GLOBAL_u32=0A0B0C0D -n \"pass\" tc -d ingress -i mynet1 -p 40\n
             
            Note, that when setting global variables, the eBPF program being loaded must have global variables named with the strings given, and the size of the value provided must match the size of the given variable.  For example, the above command can be used to update the following global variables in an eBPF program.
             
            volatile const __u32 GLOBAL_u8 = 0;\nvolatile const __u32 GLOBAL_u32 = 0;\n
            "},{"location":"getting-started/cli-guide/#modifying-the-proceed-on-behavior","title":"Modifying the Proceed-On Behavior","text":"
            The proceed-on setting applies to xdp and tc programs. For both of these program types, an ordered list of eBPF programs is maintained per attach point. The proceed-on setting determines whether processing will \"proceed\" to the next eBPF program in the list, or terminate processing and return, based on the program's return value. For example, the default proceed-on configuration for an xdp program can be modified as follows:
             
            sudo bpfman load file -p $HOME/src/bpfman/tests/integration-test/bpf/.output/xdp_pass.bpf.o -n \"pass\" xdp -i mynet1 -p 30 --proceed-on drop pass dispatcher_return\n
            "},{"location":"getting-started/cli-guide/#sharing-maps-between-ebpf-programs","title":"Sharing Maps Between eBPF Programs","text":"
            WARNING Currently for the map sharing feature to work the LIBBPF_PIN_BY_NAME flag MUST be set in the shared bpf map definitions. Please see this aya issue for future work that will change this requirement.
             
            To share maps between eBPF programs, first load the eBPF program that owns the maps. One eBPF program must own the maps.
             
            sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n \"xdp_stats\" xdp --iface vethb2795c7 --priority 100\n6371\n
             
            Next, load additional eBPF programs that will share the existing maps by passing the program id of the eBPF program that owns the maps using the --map-owner-id parameter:
             
            sudo bpfman load file --path $HOME/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o -n \"xdp_stats\" --map-owner-id 6371 xdp --iface vethff657c7 --priority 100\n6373\n
             
            Use the bpfman get <PROGRAM_ID> command to display the configuration:
             
            sudo bpfman list\n Program ID  Name       Type  Load Time\n 6371        xdp_stats  xdp   2023-07-18T16:50:46-0400\n 6373        xdp_stats  xdp   2023-07-18T16:51:06-0400\n
             
            sudo bpfman get 6371\n Bpfman State\n---------------\n Name:          xdp_stats\n Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6371\n Map Owner ID:  None\n Map Used By:   6371\n                6373\n Priority:      50\n Iface:         vethff657c7\n Position:      1\n Proceed On:    pass, dispatcher_return\n:\n
             
            sudo bpfman get 6373\n Bpfman State\n---------------\n Name:          xdp_stats\n Path:          /home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6371\n Map Owner ID:  6371\n Map Used By:   6371\n                6373\n Priority:      50\n Iface:         vethff657c7\n Position:      0\n Proceed On:    pass, dispatcher_return\n:\n
             
            As the output shows, the first program (6371) owns the map, with Map Owner ID of None and the Map Pin Path (/run/bpfman/fs/maps/6371) that includes its own ID.
             
            The second program (6373) references the first program via the Map Owner ID set to 6371 and the Map Pin Path (/run/bpfman/fs/maps/6371) set to same directory as the first program, which includes the first program's ID. The output for both commands shows the map is being used by both programs via the Map Used By with values of 6371 and 6373.
             
            The eBPF programs can be unloaded any order, the Map Pin Path will not be deleted until all the programs referencing the maps are unloaded:
             
            sudo bpfman unload 6371\nsudo bpfman unload 6373\n
            "},{"location":"getting-started/cli-guide/#bpfman-list","title":"bpfman list","text":"
            The bpfman list command lists all the bpfman loaded eBPF programs:
             
            sudo bpfman list\n Program ID  Name              Type        Load Time\n 6201        pass              xdp         2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400\n 6204        stats             tc          2023-07-17T17:20:14-0400\n
             
            To see all eBPF programs loaded on the system, include the --all option.
             
            sudo bpfman list --all\n Program ID  Name              Type           Load Time\n 52          restrict_filesy   lsm            2023-05-03T12:53:34-0400\n 166         dump_bpf_map      tracing        2023-05-03T12:53:52-0400\n 167         dump_bpf_prog     tracing        2023-05-03T12:53:52-0400\n 455                           cgroup_device  2023-05-03T12:58:26-0400\n :\n 6194                          cgroup_device  2023-07-17T17:15:23-0400\n 6201        pass              xdp            2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint     2023-07-17T17:19:09-0400\n 6203        dispatcher        tc             2023-07-17T17:20:14-0400\n 6204        stats             tc             2023-07-17T17:20:14-0400\n 6207        xdp               xdp            2023-07-17T17:27:13-0400\n 6210        test_fentry       tracing        2023-07-17T17:28:34-0400\n 6212        test_fexit        tracing        2023-07-17T17:29:02-0400\n 6223        my_uprobe         probe          2023-07-17T17:31:45-0400\n 6225        my_kretprobe      probe          2023-07-17T17:32:27-0400\n 6928        my_kprobe         probe          2023-07-17T17:33:49-0400\n
             
            To filter on a given program type, include the --program-type parameter:
             
            sudo bpfman list --all --program-type tc\n Program ID  Name        Type  Load Time\n 6203        dispatcher  tc    2023-07-17T17:20:14-0400\n 6204        stats       tc    2023-07-17T17:20:14-0400\n
             
            Note: The list filters by the Kernel Program Type. kprobe, kretprobe, uprobe and uretprobe all map to the probe Kernel Program Type. fentry and fexit both map to the tracing Kernel Program Type.
            "},{"location":"getting-started/cli-guide/#bpfman-get","title":"bpfman get","text":"
            To retrieve detailed information for a loaded eBPF program, use the bpfman get <PROGRAM_ID> command. If the eBPF program was loaded via bpfman, then there will be a Bpfman State section with bpfman related attributes and a Kernel State section with kernel information. If the eBPF program was loaded outside of bpfman, then the Bpfman State section will be empty and Kernel State section will be populated.
             
            sudo bpfman get 6204\n Bpfman State\n---------------\n Name:          stats\n Image URL:     quay.io/bpfman-bytecode/go-tc-counter:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6204\n Map Owner ID:  None\n Map Used By:   6204\n Priority:      100\n Iface:         vethff657c7\n Position:      0\n Direction:     eg\n Proceed On:    pipe, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6204\n Name:                             stats\n Type:                             tc\n Loaded At:                        2023-07-17T17:20:14-0400\n Tag:                              ead94553702a3742\n GPL Compatible:                   true\n Map IDs:                          [2705]\n BTF ID:                           2821\n Size Translated (bytes):          176\n JITed:                            true\n Size JITed (bytes):               116\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       24\n
             
            sudo bpfman get 6190\n Bpfman State\n---------------\nNONE\n\n Kernel State\n----------------------------------\nProgram ID:                        6190\nName:                              None\nType:                              cgroup_skb\nLoaded At:                         2023-07-17T17:15:23-0400\nTag:                               6deef7357e7b4530\nGPL Compatible:                    true\nMap IDs:                           []\nBTF ID:                            0\nSize Translated (bytes):           64\nJITed:                             true\nSize JITed (bytes):                55\nKernel Allocated Memory (bytes):   4096\nVerified Instruction Count:        8\n
            "},{"location":"getting-started/cli-guide/#bpfman-unload","title":"bpfman unload","text":"
            The bpfman unload command takes the program id from the load or list command as a parameter, and unloads the requested eBPF program:
             
            sudo bpfman unload 6204\n
             
            sudo bpfman list\n Program ID  Name              Type        Load Time\n 6201        pass              xdp         2023-07-17T17:17:53-0400\n 6202        sys_enter_openat  tracepoint  2023-07-17T17:19:09-0400\n
            "},{"location":"getting-started/cli-guide/#bpfman-image-pull","title":"bpfman image pull","text":"
            The bpfman image pull command pulls a given bytecode image for future use by a load command.
             
            sudo bpfman image pull --help\nPull an eBPF bytecode image from a remote registry\n\nUsage: bpfman image pull [OPTIONS] --image-url <IMAGE_URL>\n\nOptions:\n  -i, --image-url <IMAGE_URL>\n          Required: Container Image URL.\n          Example: --image-url quay.io/bpfman-bytecode/xdp_pass:latest\n\n  -r, --registry-auth <REGISTRY_AUTH>\n          Optional: Registry auth for authenticating with the specified image registry.\n          This should be base64 encoded from the '<username>:<password>' string just like\n          it's stored in the docker/podman host config.\n          Example: --registry_auth \"YnjrcKw63PhDcQodiU9hYxQ2\"\n\n  -p, --pull-policy <PULL_POLICY>\n          Optional: Pull policy for remote images.\n\n          [possible values: Always, IfNotPresent, Never]\n\n          [default: IfNotPresent]\n\n  -h, --help\n          Print help (see a summary with '-h')\n
             
            Example usage:
             
            sudo bpfman image pull --image-url quay.io/bpfman-bytecode/xdp_pass:latest\nSuccessfully downloaded bytecode\n
             
            Then when loaded, the local image will be used:
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest --pull-policy IfNotPresent xdp --iface vethff657c7 --priority 100\n Bpfman State                                           \n ---------------\n Name:          pass                                  \n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest \n Pull Policy:   IfNotPresent                          \n Global:        None                                  \n Metadata:      None                                  \n Map Pin Path:  /run/bpfman/fs/maps/406681              \n Map Owner ID:  None                                  \n Maps Used By:  None                                  \n Priority:      100                                   \n Iface:         vethff657c7                           \n Position:      2                                     \n Proceed On:    pass, dispatcher_return               \n\n Kernel State                                               \n ----------------------------------\n Program ID:                       406681                   \n Name:                             pass                     \n Type:                             xdp                      \n Loaded At:                        1917-01-27T01:37:06-0500 \n Tag:                              4b9d1b2c140e87ce         \n GPL Compatible:                   true                     \n Map IDs:                          [736646]                 \n BTF ID:                           555560                   \n Size Translated (bytes):          96                       \n JITted:                           true                     \n Size JITted:                      67                       \n Kernel Allocated Memory (bytes):  4096                     \n Verified Instruction Count:       9                        \n
            "},{"location":"getting-started/example-bpf-k8s/","title":"Deploying Example eBPF Programs On Kubernetes","text":"
            This section will describe launching eBPF enabled applications on a Kubernetes cluster. The approach is slightly different when running on a Kubernetes cluster.
             
            This section assumes there is already a Kubernetes cluster running and bpfman is running in the cluster. See Deploying the bpfman-operator for details on deploying bpfman on a Kubernetes cluster, but the quickest solution is to run a Kubernetes KIND Cluster:
             
            cd bpfman/bpfman-operator/\nmake run-on-kind\n
            "},{"location":"getting-started/example-bpf-k8s/#loading-ebpf-programs-on-kubernetes","title":"Loading eBPF Programs On Kubernetes","text":"
            Instead of using the userspace program or CLI to load the eBPF bytecode as done in previous sections, the bytecode will be loaded by creating a Kubernetes CRD object. There is a CRD object for each eBPF program type bpfman supports.
             
               
            • FentryProgram CRD: Fentry Sample yaml
              •  
            • FexitProgram CRD: Fexit Sample yaml
              •  
            • KprobeProgram CRD: Kprobe Examples yaml
              •  
            • TcProgram CRD: TcProgram Examples yaml
              •  
            • TracepointProgram CRD: Tracepoint Examples yaml
              •  
            • UprobeProgram CRD: Uprobe Examples yaml
              •  
            • XdpProgram CRD: XdpProgram Examples yaml
              •  
             
            Sample bytecode yaml with XdpProgram CRD: 
            cat examples/config/base/go-xdp-counter/bytecode.yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: go-xdp-counter-example\nspec:\n  name: xdp_stats\n  # Select all nodes\n  nodeselector: {}\n  interfaceselector:\n    primarynodeinterface: true\n  priority: 55\n  bytecode:\n    image:\n      url: quay.io/bpfman-bytecode/go-xdp-counter:latest\n
             
            Note that all the sample yaml files are configured with the bytecode running on all nodes (nodeselector: {}). This can be configured to run on specific nodes, but the DaemonSet yaml for the userspace program, which is described below, should have an equivalent change.
             
            Assume the following command is run:
             
            kubectl apply -f examples/config/base/go-xdp-counter/bytecode.yaml\n  xdpprogram.bpfman.io/go-xdp-counter-example created\n
             
            The diagram below shows go-xdp-counter example, but the other examples operate in a similar fashion.
             
             
            Following the diagram for XDP example (Blue numbers):
             
               
            1. The user creates a XdpProgram object with the parameters associated with the eBPF bytecode, like interface, priority and BFP bytecode image. The name of the XdpProgram object in this example is go-xdp-counter-example. The XdpProgram is applied using kubectl, but in a more practical deployment, the XdpProgram would be applied by the application or a controller.
              2.  
            2. bpfman-agent, running on each node, is watching for all changes to XdpProgram objects. When it sees a XdpProgram object created or modified, it makes sure a BpfProgram object for that node exists. The name of the BpfProgram object is the XdpProgram object name with the node name and interface or attach point appended. On a KIND Cluster, it would be similar to go-xdp-counter-example-bpfman-deployment-control-plane-eth0.
              3.  
            3. bpfman-agent then determines if it should be running on the given node, loads or unloads as needed by making gRPC calls the bpfman-rpc, which calls into the bpfman Library. bpfman behaves the same as described in the running locally example.
              4.  
            4. bpfman-agent finally updates the status of the BpfProgram object.
              5.  
            5. bpfman-operator watches all BpfProgram objects, and updates the status of the XdpProgram object indicating if the eBPF program has been applied to all the desired nodes or not.
              6.  
             
            To retrieve information on the XdpProgram objects:
             
            kubectl get xdpprograms\nNAME                     BPFFUNCTIONNAME   NODESELECTOR   STATUS\ngo-xdp-counter-example   xdp_stats         {}             ReconcileSuccess\n\n\nkubectl get xdpprograms go-xdp-counter-example -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: XdpProgram\nmetadata:\n  annotations:\n    kubectl.kubernetes.io/last-applied-configuration: |\n      {\"apiVersion\":\"bpfman.io/v1alpha1\",\"kind\":\"XdpProgram\",\"metadata\":{\"annotations\":{},\"labels\":{\"app.kubernetes.io/name\":\"xdpprogram\"},\"name\":\"go-xdp-counter-example\"},\"spec\":{\"bpffunctionname\":\"xdp_stats\",\"bytecode\":{\"image\":{\"url\":\"quay.io/bpfman-bytecode/go-xdp-counter:latest\"}},\"interfaceselector\":{\"primarynodeinterface\":true},\"nodeselector\":{},\"priority\":55}}\n  creationTimestamp: \"2023-11-06T21:05:15Z\"\n  finalizers:\n  - bpfman.io.operator/finalizer\n  generation: 2\n  labels:\n    app.kubernetes.io/name: xdpprogram\n  name: go-xdp-counter-example\n  resourceVersion: \"3103\"\n  uid: edd45e2e-a40b-4668-ac76-c1f1eb63a23b\nspec:\n  bpffunctionname: xdp_stats\n  bytecode:\n    image:\n      imagepullpolicy: IfNotPresent\n      url: quay.io/bpfman-bytecode/go-xdp-counter:latest\n  interfaceselector:\n    primarynodeinterface: true\n  mapownerselector: {}\n  nodeselector: {}\n  priority: 55\n  proceedon:\n  - pass\n  - dispatcher_return\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-06T21:05:21Z\"\n    message: bpfProgramReconciliation Succeeded on all nodes\n    reason: ReconcileSuccess\n    status: \"True\"\n    type: ReconcileSuccess\n
             
            To retrieve information on the BpfProgram objects:
             
            kubectl get bpfprograms\nNAME                                                          TYPE      STATUS         AGE\n:\ngo-xdp-counter-example-bpfman-deployment-control-plane-eth0   xdp       bpfmanLoaded   11m\n\n\nkubectl get bpfprograms go-xdp-counter-example-bpfman-deployment-control-plane-eth0 -o yaml\napiVersion: bpfman.io/v1alpha1\nkind: BpfProgram\nmetadata:\n  annotations:\n    bpfman.io.xdpprogramcontroller/interface: eth0\n    bpfman.io/ProgramId: \"4801\"\n  creationTimestamp: \"2023-11-06T21:05:15Z\"\n  finalizers:\n  - bpfman.io.xdpprogramcontroller/finalizer\n  generation: 1\n  labels:\n    bpfman.io/ownedByProgram: go-xdp-counter-example\n    kubernetes.io/hostname: bpfman-deployment-control-plane\n  name: go-xdp-counter-example-bpfman-deployment-control-plane-eth0\n  ownerReferences:\n  - apiVersion: bpfman.io/v1alpha1\n    blockOwnerDeletion: true\n    controller: true\n    kind: XdpProgram\n    name: go-xdp-counter-example\n    uid: edd45e2e-a40b-4668-ac76-c1f1eb63a23b\n  resourceVersion: \"3102\"\n  uid: f7ffd156-168b-4dc8-be38-18c42626a631\nspec:\n  type: xdp\nstatus:\n  conditions:\n  - lastTransitionTime: \"2023-11-06T21:05:21Z\"\n    message: Successfully loaded bpfProgram\n    reason: bpfmanLoaded\n    status: \"True\"\n    type: Loaded\n
            "},{"location":"getting-started/example-bpf-k8s/#deploying-an-ebpf-enabled-application-on-kubernetes","title":"Deploying an eBPF enabled application On Kubernetes","text":"
            Here, a userspace container is deployed to consume the map data generated by the eBPF counter program. bpfman provides a Container Storage Interface (CSI) driver for exposing eBPF maps into a userspace container. To avoid having to mount a host directory that contains the map pinned file into the container and forcing the container to have permissions to access that host directory, the CSI driver mounts the map at a specified location in the container. All the examples use CSI, here is go-xdp-counter/deployment.yaml for reference:
             
            cd bpfman/examples/\ncat config/base/go-xdp-counter/deployment.yaml\n:\n---\napiVersion: apps/v1\nkind: DaemonSet\nmetadata:\n  name: go-xdp-counter-ds\n  namespace: go-xdp-counter\n  labels:\n    k8s-app: go-xdp-counter\nspec:\n  :\n  template:\n    :\n    spec:\n       :\n      containers:\n      - name: go-xdp-counter\n        :\n        volumeMounts:\n        - name: go-xdp-counter-maps                        <==== 2) VolumeMount in container\n          mountPath: /run/xdp/maps                         <==== 2a) Mount path in the container\n          readOnly: true\n      volumes:\n      - name: go-xdp-counter-maps                          <==== 1) Volume describing the map\n        csi:\n          driver: csi.bpfman.io                             <==== 1a) bpfman CSI Driver\n          volumeAttributes:\n            csi.bpfman.io/program: go-xdp-counter-example   <==== 1b) eBPF Program owning the map\n            csi.bpfman.io/maps: xdp_stats_map               <==== 1c) Map to be exposed to the container\n
            "},{"location":"getting-started/example-bpf-k8s/#loading-a-userspace-container-image","title":"Loading A Userspace Container Image","text":"
            The userspace programs have been pre-built and can be found here:
             
               
            • quay.io/bpfman-userspace/go-kprobe-counter:latest
              •  
            • quay.io/bpfman-userspace/go-tc-counter:latest
              •  
            • quay.io/bpfman-userspace/go-tracepoint-counter:latest
              •  
            • quay.io/bpfman-userspace/go-uprobe-counter:latest
              •  
            • quay.io/bpfman-userspace/go-xdp-counter:latest
              •  
             
            The example yaml files below are loading from these image.
             
               
            • go-kprobe-counter/deployment.yaml
              •  
            • go-tc-counter/deployment.yaml
              •  
            • go-tracepoint-counter/deployment.yaml
              •  
            • go-uprobe-counter/deployment.yaml
              •  
            • go-xdp-counter/deployment.yaml
              •  
             
            The userspace program in a Kubernetes Deployment doesn't interacts directly with bpfman like it did in the local host deployment. Instead, the userspace program running on each node, if needed, reads the BpfProgram object from the KubeApiServer to gather additional information about the loaded eBPF program. To interact with the KubeApiServer, RBAC must be setup properly to access the BpfProgram object. The bpfman-operator defined the yaml for several ClusterRoles that can be used to access the different bpfman related CRD objects with different access rights. The example userspace containers will use the bpfprogram-viewer-role, which allows Read-Only access to the BpfProgram object. This ClusterRole is created automatically by the bpfman-operator.
             
            The remaining objects (NameSpace, ServiceAccount, ClusterRoleBinding and examples DaemonSet) can be created for each program type as follows:
             
            cd bpfman/\nkubectl create -f examples/config/base/go-xdp-counter/deployment.yaml\n
             
            This creates the go-xdp-counter userspace pod, but the other examples operate in a similar fashion.
             
             
            Following the diagram for the XDP example (Green numbers):
             
               
            1. The userspace program queries the KubeApiServer for a specific BpfProgram object.
              2.  
            2. The userspace program verifies the BpfProgram has been loaded and uses the map to periodically read the counter values.
              3.  
             
            To see if the userspace programs are working, view the logs:
             
            kubectl get pods -A\nNAMESPACE               NAME                              READY   STATUS    RESTARTS   AGE\nbpfman                  bpfman-daemon-jsgdh               3/3     Running   0          11m\nbpfman                  bpfman-operator-6c5c8887f7-qk28x  2/2     Running   0          12m\ngo-xdp-counter          go-xdp-counter-ds-2hs6g           1/1     Running   0          6m12s\n:\n\nkubectl logs -n go-xdp-counter go-xdp-counter-ds-2hs6g\n2023/11/06 20:27:16 2429 packets received\n2023/11/06 20:27:16 1328474 bytes received\n\n2023/11/06 20:27:19 2429 packets received\n2023/11/06 20:27:19 1328474 bytes received\n\n2023/11/06 20:27:22 2430 packets received\n2023/11/06 20:27:22 1328552 bytes received\n:\n
             
            To cleanup:
             
            kubectl delete -f examples/config/base/go-xdp-counter/deployment.yaml\nkubectl delete -f examples/config/base/go-xdp-counter/bytecode.yaml\n
            "},{"location":"getting-started/example-bpf-k8s/#automated-deployment","title":"Automated Deployment","text":"
            The steps above are automated in the Makefile in the examples directory. Run make deploy to load each of the example bytecode and userspace yaml files, then make undeploy to unload them.
             
            cd bpfman/examples/\nmake deploy\n  for target in deploy-tc deploy-tracepoint deploy-xdp deploy-xdp-ms deploy-kprobe deploy-target deploy-uprobe ; do \\\n      make $target  || true; \\\n  done\n  make[1]: Entering directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml\n  cd config/default/go-tc-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest\n  namespace/go-tc-counter created\n  serviceaccount/bpfman-app-go-tc-counter created\n  daemonset.apps/go-tc-counter-ds created\n  tcprogram.bpfman.io/go-tc-counter-example created\n  :\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-uprobe-counter:latest@' config/default/go-uprobe-counter/patch.yaml.env > config/default/go-uprobe-counter/patch.yaml\n  cd config/default/go-uprobe-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-uprobe-counter=quay.io/bpfman-userspace/go-uprobe-counter:latest\n  namespace/go-uprobe-counter created\n  serviceaccount/bpfman-app-go-uprobe-counter created\n  daemonset.apps/go-uprobe-counter-ds created\n  uprobeprogram.bpfman.io/go-uprobe-counter-example created\n  make[1]: Leaving directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'\n\n# Test Away ...\n\nkubectl get pods -A\nNAMESPACE               NAME                                                      READY   STATUS    RESTARTS   AGE\nbpfman                  bpfman-daemon-md2c5                                       3/3     Running   0          2d17h\nbpfman                  bpfman-operator-7f67bc7c57-95zf7                          2/2     Running   0          2d17h\ngo-kprobe-counter       go-kprobe-counter-ds-8dkls                                1/1     Running   0          2m14s\ngo-target               go-target-ds-nbdf5                                        1/1     Running   0          2m14s\ngo-tc-counter           go-tc-counter-ds-7mtcw                                    1/1     Running   0          2m19s\ngo-tracepoint-counter   go-tracepoint-counter-ds-bcbs7                            1/1     Running   0          2m18s\ngo-uprobe-counter       go-uprobe-counter-ds-j26hc                                1/1     Running   0          2m13s\ngo-xdp-counter          go-xdp-counter-ds-nls6s                                   1/1     Running   0          2m17s\n\nkubectl get bpfprograms\nNAME                                                                                                TYPE         STATUS         AGE\ngo-kprobe-counter-example-bpfman-deployment-control-plane-try-to-wake-up                            kprobe       bpfmanLoaded   2m41s\ngo-tc-counter-example-bpfman-deployment-control-plane-eth0                                          tc           bpfmanLoaded   2m46s\ngo-tracepoint-counter-example-bpfman-deployment-control-plane-syscalls-sys-enter-kill               tracepoint   bpfmanLoaded   2m35s\ngo-uprobe-counter-example-bpfman-deployment-control-plane--go-target-go-target-ds-nbdf5-go-target   uprobe       bpfmanLoaded   2m29s\ngo-xdp-counter-example-bpfman-deployment-control-plane-eth0                                         xdp          bpfmanLoaded   2m24s\ngo-xdp-counter-sharing-map-example-bpfman-deployment-control-plane-eth0                             xdp          bpfmanLoaded   2m21s\n\nmake undeploy\n  for target in undeploy-tc undeploy-tracepoint undeploy-xdp undeploy-xdp-ms undeploy-kprobe undeploy-uprobe undeploy-target ; do \\\n      make $target  || true; \\\n  done\n  make[1]: Entering directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'\n  sed 's@URL_BC@quay.io/bpfman-bytecode/go-tc-counter:latest@' config/default/go-tc-counter/patch.yaml.env > config/default/go-tc-counter/patch.yaml\n  cd config/default/go-tc-counter && /home/bmcfall/go/src/github.com/bpfman/bpfman/examples/bin/kustomize edit set image quay.io/bpfman-userspace/go-tc-counter=quay.io/bpfman-userspace/go-tc-counter:latest\n  namespace \"go-tc-counter\" deleted\n  serviceaccount \"bpfman-app-go-tc-counter\" deleted\n  daemonset.apps \"go-tc-counter-ds\" deleted\n  tcprogram.bpfman.io \"go-tc-counter-example\" deleted\n  :\n  kubectl delete -f config/base/go-target/deployment.yaml\n  namespace \"go-target\" deleted\n  serviceaccount \"bpfman-app-go-target\" deleted\n  daemonset.apps \"go-target-ds\" deleted\n  make[1]: Leaving directory '/home/bmcfall/go/src/github.com/bpfman/bpfman/examples'\n
             
            Individual examples can be loaded and unloaded as well, for example make deploy-xdp and make undeploy-xdp. To see the full set of available commands, run make help:
             
            make help\n\nUsage:\n  make <target>\n  make deploy TAG=v0.2.0\n  make deploy-xdp IMAGE_XDP_US=quay.io/user1/go-xdp-counter-userspace:test\n\nGeneral\n  help             Display this help.\n\nLocal Dependencies\n  kustomize        Download kustomize locally if necessary.\n\nDevelopment\n  fmt              Run go fmt against code.\n  verify           Verify all the autogenerated code\n\nBuild\n  build            Build all the userspace example code.\n  generate         Run `go generate` to build the bytecode for each of the examples.\n  build-us-images  Build all example userspace images\n  build-bc-images  Build bytecode example userspace images\n  push-us-images   Push all example userspace images\n  push-bc-images   Push all example bytecode images\n  load-us-images-kind  Build and load all example userspace images into kind\n\nDeployment Variables (not commands)\n  TAG              Used to set all images to a fixed tag. Example: make deploy TAG=v0.2.0\n  IMAGE_TC_BC      TC Bytecode image. Example: make deploy-tc IMAGE_TC_BC=quay.io/user1/go-tc-counter-bytecode:test\n  IMAGE_TC_US      TC Userspace image. Example: make deploy-tc IMAGE_TC_US=quay.io/user1/go-tc-counter-userspace:test\n  IMAGE_TP_BC      Tracepoint Bytecode image. Example: make deploy-tracepoint IMAGE_TP_BC=quay.io/user1/go-tracepoint-counter-bytecode:test\n  IMAGE_TP_US      Tracepoint Userspace image. Example: make deploy-tracepoint IMAGE_TP_US=quay.io/user1/go-tracepoint-counter-userspace:test\n  IMAGE_XDP_BC     XDP Bytecode image. Example: make deploy-xdp IMAGE_XDP_BC=quay.io/user1/go-xdp-counter-bytecode:test\n  IMAGE_XDP_US     XDP Userspace image. Example: make deploy-xdp IMAGE_XDP_US=quay.io/user1/go-xdp-counter-userspace:test\n  IMAGE_KP_BC      Kprobe Bytecode image. Example: make deploy-kprobe IMAGE_KP_BC=quay.io/user1/go-kprobe-counter-bytecode:test\n  IMAGE_KP_US      Kprobe Userspace image. Example: make deploy-kprobe IMAGE_KP_US=quay.io/user1/go-kprobe-counter-userspace:test\n  IMAGE_UP_BC      Uprobe Bytecode image. Example: make deploy-uprobe IMAGE_UP_BC=quay.io/user1/go-uprobe-counter-bytecode:test\n  IMAGE_UP_US      Uprobe Userspace image. Example: make deploy-uprobe IMAGE_UP_US=quay.io/user1/go-uprobe-counter-userspace:test\n  IMAGE_GT_US      Uprobe Userspace target. Example: make deploy-target IMAGE_GT_US=quay.io/user1/go-target-userspace:test\n  KIND_CLUSTER_NAME  Name of the deployed cluster to load example images to, defaults to `bpfman-deployment`\n  ignore-not-found  For any undeploy command, set to true to ignore resource not found errors during deletion. Example: make undeploy ignore-not-found=true\n\nDeployment\n  deploy-tc        Deploy go-tc-counter to the cluster specified in ~/.kube/config.\n  undeploy-tc      Undeploy go-tc-counter from the cluster specified in ~/.kube/config.\n  deploy-tracepoint  Deploy go-tracepoint-counter to the cluster specified in ~/.kube/config.\n  undeploy-tracepoint  Undeploy go-tracepoint-counter from the cluster specified in ~/.kube/config.\n  deploy-xdp       Deploy go-xdp-counter to the cluster specified in ~/.kube/config.\n  undeploy-xdp     Undeploy go-xdp-counter from the cluster specified in ~/.kube/config.\n  deploy-xdp-ms    Deploy go-xdp-counter-sharing-map (shares map with go-xdp-counter) to the cluster specified in ~/.kube/config.\n  undeploy-xdp-ms  Undeploy go-xdp-counter-sharing-map from the cluster specified in ~/.kube/config.\n  deploy-kprobe    Deploy go-kprobe-counter to the cluster specified in ~/.kube/config.\n  undeploy-kprobe  Undeploy go-kprobe-counter from the cluster specified in ~/.kube/config.\n  deploy-uprobe    Deploy go-uprobe-counter to the cluster specified in ~/.kube/config.\n  undeploy-uprobe  Undeploy go-uprobe-counter from the cluster specified in ~/.kube/config.\n  deploy-target    Deploy go-target to the cluster specified in ~/.kube/config.\n  undeploy-target  Undeploy go-target from the cluster specified in ~/.kube/config.\n  deploy           Deploy all examples to the cluster specified in ~/.kube/config.\n  undeploy         Undeploy all examples to the cluster specified in ~/.kube/config.\n
            "},{"location":"getting-started/example-bpf-k8s/#building-a-userspace-container-image","title":"Building A Userspace Container Image","text":"
            To build the userspace examples in a container instead of using the pre-built ones, from the bpfman examples code source directory, run the following build command:
             
            cd bpfman/examples\nmake \\\n  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \\\n  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \\\n  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n  build-us-images\n
             
            Then EITHER push images to a remote repository:
             
            docker login quay.io\ncd bpfman/examples\nmake \\\n  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \\\n  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \\\n  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n  push-us-images\n
             
            OR load the images directly to a specified kind cluster:
             
            cd bpfman/examples\nmake \\\n  IMAGE_KP_US=quay.io/$USER/go-kprobe-counter:latest \\\n  IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest \\\n  IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest \\\n  IMAGE_UP_US=quay.io/$USER/go-uprobe-counter:latest \\\n  IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest \\\n  KIND_CLUSTER_NAME=bpfman-deployment \\\n  load-us-images-kind\n
             
            Lastly, update the yaml to use the private images or override the yaml files using the Makefile:
             
            cd bpfman/examples/\n\nmake deploy-kprobe IMAGE_XDP_US=quay.io/$USER/go-kprobe-counter:latest\nmake undeploy-kprobe\n\nmake deploy-tc IMAGE_TC_US=quay.io/$USER/go-tc-counter:latest\nmake undeploy-tc\n\nmake deploy-tracepoint IMAGE_TP_US=quay.io/$USER/go-tracepoint-counter:latest\nmake undeploy-tracepoint\n\nmake deploy-uprobe IMAGE_XDP_US=quay.io/$USER/go-uprobe-counter:latest\nmake undeploy-uprobe\n\nmake deploy-xdp IMAGE_XDP_US=quay.io/$USER/go-xdp-counter:latest\nmake undeploy-xdp\n
            "},{"location":"getting-started/example-bpf-local/","title":"Deploying Example eBPF Programs On Local Host","text":"
            This section describes running bpfman and the example eBPF programs on a local host.
            "},{"location":"getting-started/example-bpf-local/#example-overview","title":"Example Overview","text":"
            Assume the following command is run:
             
            cd bpfman/examples/go-xdp-counter/\nsudo ./go-xdp-counter -iface eno3\n
             
            The diagram below shows go-xdp-counter example, but the other examples operate in a similar fashion.
             
             
            Following the diagram (Purple numbers):
             
               
            1. When go-xdp-counter userspace is started, it will send a gRPC request over unix    socket to bpfman-rpc requesting bpfman to load the go-xdp-counter eBPF bytecode located    on disk at bpfman/examples/go-xdp-counter/bpf_bpfel.o at a priority of 50 and on interface eno3.    These values are configurable as we will see later, but for now we will use the defaults    (except interface, which is required to be entered).
              2.  
            2. bpfman will load it's dispatcher eBPF program, which links to the go-xdp-counter eBPF program    and return a kernel Program ID referencing the running program.
              3.  
            3. bpfman list can be used to show that the eBPF program was loaded.
              4.  
            4. Once the go-xdp-counter eBPF bytecode is loaded, the eBPF program will write packet counts    and byte counts to a shared map.
              5.  
            5. go-xdp-counter userspace program periodically reads counters from the shared map and logs    the value.
              6.  
             
            Below are the steps to run the example program described above and then some additional examples that use the bpfman CLI to load and unload other eBPF programs. See Launching bpfman for more detailed instructions on building and loading bpfman. This tutorial assumes bpfman has been built, bpfman-rpc is running, and the bpfman CLI is in $PATH.
            "},{"location":"getting-started/example-bpf-local/#running-example-programs","title":"Running Example Programs","text":"
            Example eBPF Programs describes how the example programs work, how to build them, and how to run the different examples. Build the go-xdp-counter program before continuing.
             
            To run the go-xdp-counter program, determine the host interface to attach the eBPF program to and then start the go program. In this example, eno3 will be used, as shown in the diagram at the top of the page.  The output should show the count and total bytes of packets as they pass through the interface as shown below:
             
            sudo ./go-xdp-counter --iface eno3\n2023/07/17 17:43:58 Using Input: Interface=eno3 Priority=50 Source=/home/<$USER>/src/bpfman/examples/go-xdp-counter/bpf_bpfel.o\n2023/07/17 17:43:58 Program registered with id 6211\n2023/07/17 17:44:01 4 packets received\n2023/07/17 17:44:01 580 bytes received\n\n2023/07/17 17:44:04 4 packets received\n2023/07/17 17:44:04 580 bytes received\n\n2023/07/17 17:44:07 8 packets received\n2023/07/17 17:44:07 1160 bytes received\n\n:\n
             
            In another terminal, use the CLI to show the go-xdp-counter eBPF bytecode was loaded.
             
            sudo bpfman list\n Program ID  Name       Type  Load Time\n 6211        xdp_stats  xdp   2023-07-17T17:43:58-0400\n
             
            Finally, press <CTRL>+c when finished with go-xdp-counter.
             
            :\n\n2023/07/17 17:44:34 28 packets received\n2023/07/17 17:44:34 4060 bytes received\n\n^C2023/07/17 17:44:35 Exiting...\n2023/07/17 17:44:35 Unloading Program: 6211\n
            "},{"location":"getting-started/example-bpf-local/#using-cli-to-manage-ebpf-programs","title":"Using CLI to Manage eBPF Programs","text":"
            bpfman provides a CLI to interact with the bpfman Library. Find a deeper dive into CLI syntax in CLI Guide. We will load the simple xdp-pass program, which allows all traffic to pass through the attached interface, eno3 in this example. The source code, xdp_pass.bpf.c, is located in the integration-test directory and there is also a prebuilt image: quay.io/bpfman-bytecode/xdp_pass:latest.
             
            sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface eno3 --priority 100\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
             
            bpfman load image returns the same data as the bpfman get command. From the output, the Program Id of 6213 can be found in the Kernel State section. The Program Id can be used to perform a bpfman get to retrieve all relevant program data and a bpfman unload when the program needs to be unloaded.
             
            sudo bpfman list\n Program ID  Name  Type  Load Time\n 6213        pass  xdp   2023-07-17T17:48:10-0400\n
             
            We can recheck the details about the loaded program with the bpfman get command:
             
            sudo bpfman get 6213\n Bpfman State\n---------------\n Name:          pass\n Image URL:     quay.io/bpfman-bytecode/xdp_pass:latest\n Pull Policy:   IfNotPresent\n Global:        None\n Metadata:      None\n Map Pin Path:  /run/bpfman/fs/maps/6213\n Map Owner ID:  None\n Map Used By:   6213\n Priority:      100\n Iface:         eno3\n Position:      0\n Proceed On:    pass, dispatcher_return\n\n Kernel State\n----------------------------------\n Program ID:                       6213\n Name:                             pass\n Type:                             xdp\n Loaded At:                        2023-07-17T17:48:10-0400\n Tag:                              4b9d1b2c140e87ce\n GPL Compatible:                   true\n Map IDs:                          [2724]\n BTF ID:                           2834\n Size Translated (bytes):          96\n JITed:                            true\n Size JITed (bytes):               67\n Kernel Allocated Memory (bytes):  4096\n Verified Instruction Count:       9\n
             
            Then unload the program:
             
            sudo bpfman unload 6213\n
            "},{"location":"getting-started/example-bpf/","title":"Example eBPF Programs","text":"
            Example applications that use the bpfman-go bindings can be found in the examples/ directory. Current examples include:
             
               
            • examples/go-kprobe-counter/
              •  
            • examples/go-tc-counter/
              •  
            • examples/go-tracepoint-counter/
              •  
            • examples/go-uprobe-counter/
                 
              • examples/go-target/
                •  
               
              •  
            • examples/go-xdp-counter/
              •  
            "},{"location":"getting-started/example-bpf/#example-code-breakdown","title":"Example Code Breakdown","text":"
            These examples and the associated documentation are intended to provide the basics on how to deploy and manage an eBPF program using bpfman. Each of the examples contain an eBPF Program written in C (kprobe_counter.c, tc_counter.c, tracepoint_counter.c uprobe_counter.c, and xdp_counter.c) that is compiled into eBPF bytecode (bpf_bpfel.o). Each time the eBPF program is called, it increments the packet and byte counts in a map that is accessible by the userspace portion.
             
            Each of the examples also have a userspace portion written in GO. The userspace code is leveraging the cilium/ebpf library to manage the maps shared with the eBPF program. The example eBPF programs are very similar in functionality, and only vary where in the Linux networking stack they are inserted. The userspace program then polls the eBPF map every 3 seconds and logs the current counts.
             
            The examples were written to either run locally on a host or run in a container in a Kubernetes deployment. The userspace code flow is slightly different depending on the deployment, so input parameters dictate the deployment method.
            "},{"location":"getting-started/example-bpf/#examples-in-local-deployment","title":"Examples in Local Deployment","text":"
            When run locally, the userspace program makes gRPC calls to bpfman-rpc requesting bpfman to load the eBPF program at the requested hook point (XDP hook point, TC hook point, Tracepoint, etc). Data sent in the RPC request is either defaulted or passed in via input parameters. To make the examples as simple as possible to run, all input data is defaulted (except the interface TC and XDP programs need to attach to) but can be overwritten if desired. All example programs have the following common parameters (kprobe does not have any command specific parameters):
             
            cd bpfman/examples/go-kprobe-counter/\n\n./go-kprobe-counter --help\nUsage of ./go-kprobe-counter:\n  -crd\n        Flag to indicate all attributes should be pulled from the BpfProgram CRD.\n        Used in Kubernetes deployments and is mutually exclusive with all other\n        parameters.\n  -file string\n        File path of bytecode source. \"file\" and \"image\"/\"id\" are mutually exclusive.\n        Example: -file /home/$USER/src/bpfman/examples/go-kprobe-counter/bpf_bpfel.o\n  -id uint\n        Optional Program ID of bytecode that has already been loaded. \"id\" and\n        \"file\"/\"image\" are mutually exclusive.\n        Example: -id 28341\n  -image string\n        Image repository URL of bytecode source. \"image\" and \"file\"/\"id\" are\n        mutually exclusive.\n        Example: -image quay.io/bpfman-bytecode/go-kprobe-counter:latest\n  -map_owner_id int\n        Program Id of loaded eBPF program this eBPF program will share a map with.\n        Example: -map_owner_id 9785\n
             
            The location of the eBPF bytecode can be provided four different ways:
             
               
            • Defaulted: If nothing is passed in, the code scans the local directory for   a bpf_bpfel.o file. If found, that is used. If not, it errors out.
              •  
            • file: Fully qualified path of the bytecode object file.
              •  
            • image: Image repository URL of bytecode source.
              •  
            • id: Kernel program Id of a bytecode that has already been loaded. This   program could have been loaded using bpftool, or bpfman. 
              •  
             
            If two userspace programs need to share the same map, map_owner_id is the Program ID of the first loaded program that has the map the second program wants to share.
             
            The examples require sudo to run because they require access the Unix socket bpfman-rpc is listening on. Deploying Example eBPF Programs On Local Host steps through launching bpfman locally and running some of the examples. 
            "},{"location":"getting-started/example-bpf/#examples-in-kubernetes-deployment","title":"Examples in Kubernetes Deployment","text":"
            When run in a Kubernetes deployment, all the input data is passed to Kubernetes through yaml files. To indicate to the userspace code that it is in a Kubernetes deployment and not to try to load the eBPF bytecode, the example is launched in the container with the crd flag. Example: ./go-kprobe-counter -crd
             
            For these examples, the bytecode is loaded via one yaml file which creates a *Program CRD Object (KprobeProgram, TcProgram, TracepointProgram, etc.) and the userspace pod is loaded via another yaml file. In a more realistic deployment, the userspace pod may have the logic to send the *Program CRD Object create request to the KubeAPI Server, but the two yaml files are load manually for simplicity in the example code. The examples directory contain yaml files to load each example, leveraging Kustomize to modify the yaml to load the latest images from Quay.io, to load custom images or released based images. It is recommended to use the commands built into the Makefile, which run kustomize, to apply and remove the yaml files to a Kubernetes cluster. Use make help to see all the make options. For example:
             
            cd bpfman/examples/\n\n# Deploy then undeploy all the examples\nmake deploy\nmake undeploy\n\nOR\n\n# Deploy then undeploy just the TC example\nmake deploy-tc\nmake undeploy-tc\n
             
            Deploying Example eBPF Programs On Kubernetes steps through deploying bpfman to multiple nodes in a Kubernetes cluster and loading the examples.
            "},{"location":"getting-started/example-bpf/#building-example-code","title":"Building Example Code","text":"
            All the examples can be built locally as well as packaged in a container for Kubernetes deployment.
            "},{"location":"getting-started/example-bpf/#building-locally","title":"Building Locally","text":"
            To build directly on a system, make sure all the prerequisites are met, then build.
            "},{"location":"getting-started/example-bpf/#prerequisites","title":"Prerequisites","text":"
            This assumes bpfman is already installed and running on the system. If not, see Setup and Building bpfman.
             
               
            1. All requirements defined by the cilium/ebpf package
              2.  
            2.  
              libbpf development package to get the required eBPF c headers
               
              Fedora: sudo dnf install libbpf-devel
               
              Ubuntu: sudo apt-get install libbpf-dev
               
              3.  
            3.  
              Cilium's bpf2go binary
               
              go install github.com/cilium/ebpf/cmd/bpf2go@v0.11.0
               
              4.  
            "},{"location":"getting-started/example-bpf/#build","title":"Build","text":"
            To build all the C based eBPF counter bytecode, run:
             
            cd bpfman/examples/\nmake generate\n
             
            To build all the Userspace GO Client examples, run:
             
            cd bpfman/examples/\nmake build\n
             
            To build only a single example:
             
            cd bpfman/examples/go-tc-counter/\ngo generate\ngo build\n
             
            cd bpfman/examples/go-tracepoint-counter/\ngo generate\ngo build\n
             
            Other program types are the same.
            "},{"location":"getting-started/example-bpf/#building-ebpf-bytecode-container-image","title":"Building eBPF Bytecode Container Image","text":"
            eBPF Bytecode Image Specifications provides detailed instructions on building and shipping bytecode in a container image. Pre-built eBPF container images for the examples can be loaded from:
             
               
            • quay.io/bpfman-bytecode/go-kprobe-counter:latest
              •  
            • quay.io/bpfman-bytecode/go-tc-counter:latest
              •  
            • quay.io/bpfman-bytecode/go-tracepoint-counter:latest
              •  
            • quay.io/bpfman-bytecode/go-uprobe-counter:latest
              •  
            • quay.io/bpfman-bytecode/go-xdp-counter:latest
              •  
             
            To build the example eBPF bytecode container images, run the build commands below (the go generate requires the Prerequisites described above):
             
            cd bpfman/examples/go-xdp-counter/\ngo generate\n\ndocker build \\\n  --build-arg PROGRAM_NAME=go-xdp-counter \\\n  --build-arg BPF_FUNCTION_NAME=xdp_stats \\\n  --build-arg PROGRAM_TYPE=xdp \\\n  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \\\n  --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-xdp-counter-bytecode:latest\n
             
            and
             
            cd bpfman/examples/go-tc-counter/\ngo generate\n\ndocker build \\\n  --build-arg PROGRAM_NAME=go-tc-counter \\\n  --build-arg BPF_FUNCTION_NAME=stats \\\n  --build-arg PROGRAM_TYPE=tc \\\n  --build-arg BYTECODE_FILENAME=bpf_bpfel.o \\\n  --build-arg KERNEL_COMPILE_VER=$(uname -r) \\\n  -f ../../Containerfile.bytecode . -t quay.io/$USER/go-tc-counter-bytecode:latest\n
             
            Other program types are the same.
             
            bpfman currently does not provide a method for pre-loading bytecode images (see issue #603), so push the bytecode image to a remote repository. For example:
             
            docker login quay.io\ndocker push quay.io/$USER/go-xdp-counter-bytecode:latest\ndocker push quay.io/$USER/go-tc-counter-bytecode:latest\n
             
            Then run with the privately built bytecode container image:
             
            sudo ./go-tc-counter -iface ens3 -direction ingress -image quay.io/$USER/go-tc-counter-bytecode:latest\n2022/12/02 16:38:44 Using Input: Interface=ens3 Priority=50 Source=quay.io/$USER/go-tc-counter-bytecode:latest\n2022/12/02 16:38:45 Program registered with id 6225\n2022/12/02 16:38:48 4 packets received\n2022/12/02 16:38:48 580 bytes received\n\n2022/12/02 16:38:51 4 packets received\n2022/12/02 16:38:51 580 bytes received\n\n^C2022/12/02 16:38:51 Exiting...\n2022/12/02 16:38:51 Unloading Program: 6225\n
            "},{"location":"getting-started/example-bpf/#running-examples","title":"Running Examples","text":"
            cd bpfman/examples/go-xdp-counter/\nsudo ./go-xdp-counter -iface <INTERNET INTERFACE NAME>\n
             
            or (NOTE: TC programs also require a direction, ingress or egress)
             
            cd bpfman/examples/go-tc-counter/\nsudo ./go-tc-counter -direction ingress -iface <INTERNET INTERFACE NAME>\n
             
            or
             
            cd bpfman/examples/go-tracepoint-counter/\nsudo ./go-tracepoint-counter\n
             
            bpfman can load eBPF bytecode from a container image built following the spec described in eBPF Bytecode Image Specifications.
             
            To use the container image, pass the URL to the userspace program:
             
            sudo ./go-xdp-counter -iface ens3 -image quay.io/bpfman-bytecode/go-xdp-counter:latest\n2022/12/02 16:28:32 Using Input: Interface=ens3 Priority=50 Source=quay.io/bpfman-bytecode/go-xdp-counter:latest\n2022/12/02 16:28:34 Program registered with id 6223\n2022/12/02 16:28:37 4 packets received\n2022/12/02 16:28:37 580 bytes received\n\n2022/12/02 16:28:40 4 packets received\n2022/12/02 16:28:40 580 bytes received\n\n^C2022/12/02 16:28:42 Exiting...\n2022/12/02 16:28:42 Unloading Program: 6223\n
            "},{"location":"getting-started/launching-bpfman/","title":"Launching bpfman","text":"
            The most basic way to deploy bpfman is to run it directly on a host system. First bpfman needs to be built and then started.
            "},{"location":"getting-started/launching-bpfman/#build-bpfman","title":"Build bpfman","text":"
            Perform the following steps to build bpfman. If this is your first time using bpfman, follow the instructions in Setup and Building bpfman to setup the prerequisites for building. To avoid installing the dependencies and having to build bpfman, consider running bpfman from a packaged release (see Run bpfman From Release Image) or installing the bpfman RPM (see Run bpfman From RPM).
             
            cd bpfman/\ncargo build\n
            "},{"location":"getting-started/launching-bpfman/#start-bpfman-rpc","title":"Start bpfman-rpc","text":"
            When running bpfman, the RPC Server bpfman-rpc can be run as a long running process or a systemd service. Examples run the same, independent of how bpfman is deployed.
            "},{"location":"getting-started/launching-bpfman/#run-as-a-long-lived-process","title":"Run as a Long Lived Process","text":"
            While learning and experimenting with bpfman, it may be useful to run bpfman in the foreground (which requires a second terminal to run the bpfman CLI commands). When run in this fashion, logs are dumped directly to the terminal. For more details on how logging is handled in bpfman, see Logging.
             
            sudo RUST_LOG=info ./target/debug/bpfman-rpc --timeout=0\n[INFO  bpfman::utils] Log using env_logger\n[INFO  bpfman::utils] Has CAP_BPF: true\n[INFO  bpfman::utils] Has CAP_SYS_ADMIN: true\n[WARN  bpfman::utils] Unable to read config file, using defaults\n[INFO  bpfman_rpc::serve] Using no inactivity timer\n[INFO  bpfman_rpc::serve] Using default Unix socket\n[INFO  bpfman_rpc::serve] Listening on /run/bpfman-sock/bpfman.sock\n
             
            When a build is run for bpfman, built binaries can be found in ./target/debug/. So when launching bpfman-rpc and calling bpfman CLI commands, the binary must be in the $PATH or referenced directly:
             
            sudo ./target/debug/bpfman list\n
             
            For readability, the remaining sample commands will assume the bpfman CLI binary is in the $PATH, so ./target/debug/ will be dropped.
            "},{"location":"getting-started/launching-bpfman/#run-as-a-systemd-service","title":"Run as a systemd Service","text":"
            Run the following command to copy the bpfman CLI and bpfman-rpc binaries to /usr/sbin/ and copy bpfman.socket and bpfman.service files to /usr/lib/systemd/system/. This option will also enable and start the systemd services:
             
            sudo ./scripts/setup.sh install\n
             
            bpfman CLI is now in $PATH, so ./targer/debug/ is not needed:
             
            sudo bpfman list\n
             
            To view logs, use journalctl:
             
            sudo journalctl -f -u bpfman.service -u bpfman.socket\nMar 27 09:13:54 server-calvin systemd[1]: Listening on bpfman.socket - bpfman API Socket.\n  <RUN \"sudo ./go-kprobe-counter\">\nMar 27 09:15:43 server-calvin systemd[1]: Started bpfman.service - Run bpfman as a service.\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Log using journald\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Has CAP_BPF: true\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Has CAP_SYS_ADMIN: true\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Using a Unix socket from systemd\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Using inactivity timer of 15 seconds\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Listening on /run/bpfman-sock/bpfman.sock\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults\nMar 27 09:15:43 server-calvin bpfman-rpc[2548091]: Starting Cosign Verifier, downloading data from Sigstore TUF repository\nMar 27 09:15:45 server-calvin bpfman-rpc[2548091]: Loading program bytecode from file: /home/<USER>/src/bpfman/examples/go-kprobe-counter/bpf_bpfel.o\nMar 27 09:15:45 server-calvin bpfman-rpc[2548091]: Added probe program with name: kprobe_counter and id: 7568\nMar 27 09:15:48 server-calvin bpfman-rpc[2548091]: Unable to read config file, using defaults\nMar 27 09:15:48 server-calvin bpfman-rpc[2548091]: Removing program with id: 7568\nMar 27 09:15:58 server-calvin bpfman-rpc[2548091]: Shutdown Unix Handler /run/bpfman-sock/bpfman.sock\nMar 27 09:15:58 server-calvin systemd[1]: bpfman.service: Deactivated successfully.\n
            "},{"location":"getting-started/launching-bpfman/#additional-notes","title":"Additional Notes","text":"
            To update the configuration settings associated with running bpfman as a service, edit the service configuration files:
             
            sudo vi /usr/lib/systemd/system/bpfman.socket\nsudo vi /usr/lib/systemd/system/bpfman.service\nsudo systemctl daemon-reload\n
             
            If bpfman CLI or bpfman-rpc is rebuilt, the following command can be run to install the update binaries without tearing down bpfman. The services are automatically restarted.
             
            sudo ./scripts/setup.sh reinstall\n
             
            To unwind all the changes, stop bpfman and remove all related files from the system, run the following script:
             
            sudo ./scripts/setup.sh uninstall\n
            "},{"location":"getting-started/launching-bpfman/#preferred-method-to-start-bpfman","title":"Preferred Method to Start bpfman","text":"
            In order to call into the bpfman Library, the calling process must be privileged. In order to load and unload eBPF, the kernel requires a set of powerful capabilities. Long lived privileged processes are more vulnerable to attack than short lived processes. When bpfman-rpc is run as a systemd service, it is leveraging socket activation. This means that it loads a bpfman.socket and bpfman.service file. The socket service is the long lived process, which doesn't have any special permissions. The service that runs bpfman-rpc is only started when there is a request on the socket, and then bpfman-rpc stops itself after an inactivity timeout.
             
            For security reasons, it is recommended to run bpfman-rpc as a systemd service when running on a local host. For local development, some may find it useful to run bpfman-rpc as a long lived process.
             
            When run as a systemd service, the set of linux capabilities are limited to only the required set. If permission errors are encountered, see Linux Capabilities for help debugging.
            "},{"location":"getting-started/overview/","title":"bpfman Overview","text":"
            Core bpfman is a library written in Rust and published as a Crate via crates.io. The bpfman library leverages the aya library to manage eBPF programs. Applications written in Rust can import the bpfman library and call the bpfman APIs directly. An example of a Rust based application leveraging the bpfman library is the bpfman CLI, which is a Rust based binary used to provision bpfman from a Linux command prompt (see CLI Guide).
             
            For applications written in other languages, bpfman provides bpfman-rpc, a Rust based bpfman RPC server binary. Non-Rust applications can send a RPC message to the server, which translate the RPC request into a bpfman library call. The long term solution is to leverage the Rust Foreign Function Interface (FFI) feature, which enables a different (foreign) programming language to call Rust functions, but that is not supported at the moment.
             
             
            The bpfman-rpc server can run in one of two modes. It can be run as a long running process or as a systemd service that uses socket activation to start bpfman-rpc only when there is a RPC message to process. More details are provided in Deploying Example eBPF Programs On Local Host.
             
            When deploying bpfman in a Kubernetes deployment, bpfman-agent, bpfman-rpc, and the bpfman library are packaged in a container. When the container starts, bpfman-rpc is started as a long running process. bpfman-agent listens to the KubeAPI Server and send RPC requests to bpfman-rpc, which in turn calls the bpfman library to manage eBPF programs on a given node.
             
             
            More details provided in Deploying Example eBPF Programs On Kubernetes.
            "},{"location":"getting-started/running-release/","title":"Run bpfman From Release Image","text":"
            This section describes how to deploy bpfman from a given release. See Releases for the set of bpfman releases.
             
            Note: Instructions for interacting with bpfman change from release to release, so reference release specific documentation. For example:
             
            https://bpfman.io/v0.4.0/getting-started/running-release/
             
            Jump to the Setup and Building bpfman section for help building from the latest code or building from a release branch.
             
            Start bpfman-rpc contains more details on the different modes to run bpfman in on the host. Use Run using an rpm for deploying a released version of bpfman from an rpm as a systemd service and then use Deploying Example eBPF Programs On Local Host for further information on how to test and interact with bpfman.
             
            Deploying the bpfman-operator contains more details on deploying bpfman in a Kubernetes deployment and Deploying Example eBPF Programs On Kubernetes contains more details on interacting with bpfman running in a Kubernetes deployment. Use Deploying Release Version of the bpfman-operator below for deploying released version of bpfman in Kubernetes and then use the links above for further information on how to test and interact with bpfman.
            "},{"location":"getting-started/running-release/#run-as-a-long-lived-process","title":"Run as a Long Lived Process","text":"
            export BPFMAN_REL=0.4.0\nmkdir -p $HOME/src/bpfman-${BPFMAN_REL}/; cd $HOME/src/bpfman-${BPFMAN_REL}/\nwget https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-linux-x86_64.tar.gz\ntar -xzvf bpfman-linux-x86_64.tar.gz; rm bpfman-linux-x86_64.tar.gz\n\n$ tree\n.\n\u251c\u2500\u2500 bpf-log-exporter\n\u251c\u2500\u2500 bpfman\n\u251c\u2500\u2500 bpfman-ns\n\u251c\u2500\u2500 bpfman-rpc\n\u2514\u2500\u2500 bpf-metrics-exporter\n
             
            To deploy bpfman-rpc:
             
            sudo RUST_LOG=info ./bpfman-rpc --timeout=0\n[INFO  bpfman::utils] Log using env_logger\n[INFO  bpfman::utils] Has CAP_BPF: true\n[INFO  bpfman::utils] Has CAP_SYS_ADMIN: true\n[WARN  bpfman::utils] Unable to read config file, using defaults\n[INFO  bpfman_rpc::serve] Using no inactivity timer\n[INFO  bpfman_rpc::serve] Using default Unix socket\n[INFO  bpfman_rpc::serve] Listening on /run/bpfman-sock/bpfman.sock\n:\n
             
            To use the CLI:
             
            sudo ./bpfman list\n Program ID  Name  Type  Load Time\n
             
            Continue in Deploying Example eBPF Programs On Local Host if desired.
            "},{"location":"getting-started/running-release/#deploying-release-version-of-the-bpfman-operator","title":"Deploying Release Version of the bpfman-operator","text":"
            The quickest solution for running bpfman in a Kubernetes deployment is to run a Kubernetes KIND Cluster:
             
            kind create cluster --name=test-bpfman\n
             
            Next, deploy the bpfman CRDs:
             
            export BPFMAN_REL=0.4.0\nkubectl apply -f  https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-crds-install.yaml\n
             
            Next, deploy the bpfman-operator, which will also deploy the bpfman-daemon, which contains bpfman-rpc, bpfman Library and bpfman-agent:
             
            kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/bpfman-operator-install-v${BPFMAN_REL}.yaml\n
             
            Finally, deploy an example eBPF program.
             
            kubectl apply -f https://github.com/bpfman/bpfman/releases/download/v${BPFMAN_REL}/go-xdp-counter-install-v${BPFMAN_REL}.yaml\n
             
            There are other example programs in the Releases page.
             
            Continue in Deploying the bpfman-operator or Deploying Example eBPF Programs On Kubernetes if desired. Keep in mind that prior to v0.4.0, bpfman was released as bpfd. So follow the release specific documentation.
             
            Use the following command to teardown the cluster:
             
            kind delete cluster -n test-bpfman\n
            "},{"location":"getting-started/running-rpm/","title":"Run bpfman From RPM","text":"
            This section describes how to deploy bpfman from an RPM. RPMs are generated each time a Pull Request is merged in github for Fedora 38, 39 and Rawhide (see Install Prebuilt RPM below). RPMs can also be built locally from a Fedora server (see Build RPM Locally below).
            "},{"location":"getting-started/running-rpm/#install-prebuilt-rpm","title":"Install Prebuilt RPM","text":"
            This section describes how to install an RPM built automatically by the Packit Service. The Packit Service builds RPMs for each Pull Request merged.
            "},{"location":"getting-started/running-rpm/#packit-service-prerequisites","title":"Packit Service Prerequisites","text":"
            To install an RPM generated by the Packit Service, the following packages need to be installed:
             
            dnf based OS:
             
            sudo dnf install -y dnf-plugins-core\nsudo dnf copr enable @ebpf-sig/bpfman-next\n
            "},{"location":"getting-started/running-rpm/#install-rpm-from-packit-service","title":"Install RPM From Packit Service","text":"
            To load an RPM from a specific commit, find the commit from bpfman commits, and click on the green check showing a given Pull Request was verified. At the bottom of the list of checks are the RPM builds, click on the details, and follow the Packit Dashboard link to the Copr Build Results. Then install the given RPM:
             
            sudo dnf install -y bpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc38.x86_64\n
             
            bpfman is now installed but not running. To start bpfman:
             
            sudo systemctl daemon-reload\nsudo systemctl enable bpfman.socket\nsudo systemctl start bpfman.socket\n
             
            Verify bpfman is installed and running:
             
            $ sudo systemctl status bpfman.socket\n\u25cf bpfman.socket - bpfman API Socket\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.socket; enabled; preset: disabled)\n     Active: active (listening) since Thu 2024-01-18 21:19:29 EST; 5s ago\n   Triggers: \u25cf bpfman.service\n     Listen: /run/bpfman-sock/bpfman.sock (Stream)\n     CGroup: /system.slice/bpfman.socket\n:\n\n$ sudo systemctl status bpfman.service\n\u25cb bpfman.service - Run bpfman as a service\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.service; static)\n    Drop-In: /usr/lib/systemd/system/service.d\n             \u2514\u250010-timeout-abort.conf\n     Active: inactive (dead)\nTriggeredBy: \u25cf bpfman.socket\n:\n\n$ sudo bpfman list\n Program ID  Name  Type  Load Time\n
            "},{"location":"getting-started/running-rpm/#uninstall-given-rpm","title":"Uninstall Given RPM","text":"
            To determine the RPM that is currently loaded:
             
            $ sudo rpm -qa | grep bpfman\nbpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc39.x86_64\n
             
            To uninstall the RPM:
             
            sudo dnf erase -y bpfman-0.4.0~dev-1.20240117143006587102.main.191.gda44a71.fc39.x86_64\n\nsudo systemctl daemon-reload\n
            "},{"location":"getting-started/running-rpm/#build-rpm-locally","title":"Build RPM Locally","text":"
            This section describes how to build and install an RPM locally.
            "},{"location":"getting-started/running-rpm/#local-build-prerequisites","title":"Local Build Prerequisites","text":"
            To build locally, the following packages need to be installed:
             
            dnf based OS:
             
            sudo dnf install packit\nsudo dnf install cargo-rpm-macros\n
             
            NOTE: cargo-rpm-macros needs to be version 25 or higher. It appears this is only available on Fedora 37, 38, 39 and Rawhide at the moment.
            "},{"location":"getting-started/running-rpm/#build-locally","title":"Build Locally","text":"
            To build locally, run the following command:
             
            packit build locally\n
             
            This will generate several RPMs in a x86_64/ directory:
             
            $ ls x86_64/\nbpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\nbpfman-debuginfo-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\nbpfman-debugsource-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\n
            "},{"location":"getting-started/running-rpm/#install-local-build","title":"Install Local Build","text":"
            Install the RPM:
             
            sudo rpm -i x86_64/bpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64.rpm\n
             
            bpfman is now installed but not running. To start bpfman:
             
            sudo systemctl daemon-reload\nsudo systemctl enable bpfman.socket\nsudo systemctl start bpfman.socket\n
             
            Verify bpfman is installed and running:
             
            $ sudo systemctl status bpfman.socket\n\u25cf bpfman.socket - bpfman API Socket\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.socket; enabled; preset: disabled)\n     Active: active (listening) since Thu 2024-01-18 21:19:29 EST; 5s ago\n   Triggers: \u25cf bpfman.service\n     Listen: /run/bpfman-sock/bpfman.sock (Stream)\n     CGroup: /system.slice/bpfman.socket\n:\n\n$ sudo systemctl status bpfman.service\n\u25cb bpfman.service - Run bpfman as a service\n     Loaded: loaded (/usr/lib/systemd/system/bpfman.service; static)\n    Drop-In: /usr/lib/systemd/system/service.d\n             \u2514\u250010-timeout-abort.conf\n     Active: inactive (dead)\nTriggeredBy: \u25cf bpfman.socket\n:\n\n$ sudo bpfman list\n Program ID  Name  Type  Load Time\n
            "},{"location":"getting-started/running-rpm/#uninstall-local-build","title":"Uninstall Local Build","text":"
            To determine the RPM that is currently loaded:
             
            $ sudo rpm -qa | grep bpfman\nbpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64\n
             
            To uninstall the RPM:
             
            sudo rpm -e bpfman-0.4.0~dev-1.20240118212420167308.<USERNAME>.rpm.socket.192.gb2ea1b9.fc39.x86_64\n\nsudo systemctl daemon-reload\n
            "},{"location":"getting-started/troubleshooting/","title":"Troubleshooting","text":"
            This section provides a list of common issues and solutions when working with bpfman.
            "},{"location":"getting-started/troubleshooting/#xdp","title":"XDP","text":""},{"location":"getting-started/troubleshooting/#xdp-program-fails-to-load","title":"XDP Program Fails to Load","text":"
            When attempting to load an XDP program and the program fails to load:
             
            $ sudo bpfman load image --image-url quay.io/bpfman-bytecode/xdp_pass:latest xdp --iface veth92cd99b --priority 100\nError: status: Aborted, message: \"An error occurred. dispatcher attach failed on interface veth92cd99b: `bpf_link_create` failed\", details: [], metadata: MetadataMap { headers: {\"content-type\": \"application/grpc\", \"date\": \"Tue, 28 Nov 2023 13:37:02 GMT\", \"content-length\": \"0\"} }\n
             
            The log may look something like this:
             
            Nov 28 08:36:58 ebpf03 bpfman[2081732]: The bytecode image: quay.io/bpfman-bytecode/xdp_pass:latest is signed\nNov 28 08:36:59 ebpf03 bpfman[2081732]: Loading program bytecode from container image: quay.io/bpfman-bytecode/xdp_pass:latest\nNov 28 08:37:01 ebpf03 bpfman[2081732]: The bytecode image: quay.io/bpfman/xdp-dispatcher:v2 is signed\nNov 28 08:37:02 ebpf03 bpfman[2081732]: BPFMAN load error: Error(\n                                            \"dispatcher attach failed on interface veth92cd99b: `bpf_link_create` failed\",\n                                        )\n
             
            The issue may be the there is already an external XDP program loaded on the given interface. bpfman allows multiple XDP programs on an interface by loading a dispatcher program which is the XDP program and additional programs are loaded as extensions to the dispatcher. Use bpftool to determine if any programs are already loaded on an interface:
             
            $ sudo bpftool net list dev veth92cd99b\nxdp:\nveth92cd99b(32) generic id 8733\n\ntc:\nveth92cd99b(32) clsact/ingress tc_dispatcher id 8922\n\nflow_dissector:\n
            "},{"location":"governance/CODE_OF_CONDUCT/","title":"Contributor Covenant Code of Conduct","text":""},{"location":"governance/CODE_OF_CONDUCT/#our-pledge","title":"Our Pledge","text":"
            We as members, contributors, and leaders pledge to make participation in our community a harassment-free experience for everyone, regardless of age, body size, visible or invisible disability, ethnicity, sex characteristics, gender identity and expression, level of experience, education, socio-economic status, nationality, personal appearance, race, caste, color, religion, or sexual identity and orientation.
             
            We pledge to act and interact in ways that contribute to an open, welcoming, diverse, inclusive, and healthy community.
            "},{"location":"governance/CODE_OF_CONDUCT/#our-standards","title":"Our Standards","text":"
            Examples of behavior that contributes to a positive environment for our community include:
             
               
            • Demonstrating empathy and kindness toward other people
              •  
            • Being respectful of differing opinions, viewpoints, and experiences
              •  
            • Giving and gracefully accepting constructive feedback
              •  
            • Accepting responsibility and apologizing to those affected by our mistakes,   and learning from the experience
              •  
            • Focusing on what is best not just for us as individuals, but for the overall   community
              •  
             
            Examples of unacceptable behavior include:
             
               
            • The use of sexualized language or imagery, and sexual attention or advances of   any kind
              •  
            • Trolling, insulting or derogatory comments, and personal or political attacks
              •  
            • Public or private harassment
              •  
            • Publishing others' private information, such as a physical or email address,   without their explicit permission
              •  
            • Other conduct which could reasonably be considered inappropriate in a   professional setting
              •  
            "},{"location":"governance/CODE_OF_CONDUCT/#enforcement-responsibilities","title":"Enforcement Responsibilities","text":"
            Community leaders are responsible for clarifying and enforcing our standards of acceptable behavior and will take appropriate and fair corrective action in response to any behavior that they deem inappropriate, threatening, offensive, or harmful.
             
            Community leaders have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, and will communicate reasons for moderation decisions when appropriate.
            "},{"location":"governance/CODE_OF_CONDUCT/#scope","title":"Scope","text":"
            This Code of Conduct applies within all community spaces, and also applies when an individual is officially representing the community in public spaces. Examples of representing our community include using an official e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event.
            "},{"location":"governance/CODE_OF_CONDUCT/#enforcement","title":"Enforcement","text":"
            Instances of abusive, harassing, or otherwise unacceptable behavior may be reported to the community leaders responsible for enforcement directly. Maintainers are identified in the MAINTAINERS.md file and their contact information is on their GitHub profile page. All complaints will be reviewed and investigated promptly and fairly.
             
            All community leaders are obligated to respect the privacy and security of the reporter of any incident.
            "},{"location":"governance/CODE_OF_CONDUCT/#enforcement-guidelines","title":"Enforcement Guidelines","text":"
            Community leaders will follow these Community Impact Guidelines in determining the consequences for any action they deem in violation of this Code of Conduct:
            "},{"location":"governance/CODE_OF_CONDUCT/#1-correction","title":"1. Correction","text":"
            Community Impact: Use of inappropriate language or other behavior deemed unprofessional or unwelcome in the community.
             
            Consequence: A private, written warning from community leaders, providing clarity around the nature of the violation and an explanation of why the behavior was inappropriate. A public apology may be requested.
            "},{"location":"governance/CODE_OF_CONDUCT/#2-warning","title":"2. Warning","text":"
            Community Impact: A violation through a single incident or series of actions.
             
            Consequence: A warning with consequences for continued behavior. No interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, for a specified period of time. This includes avoiding interactions in community spaces as well as external channels like social media. Violating these terms may lead to a temporary or permanent ban.
            "},{"location":"governance/CODE_OF_CONDUCT/#3-temporary-ban","title":"3. Temporary Ban","text":"
            Community Impact: A serious violation of community standards, including sustained inappropriate behavior.
             
            Consequence: A temporary ban from any sort of interaction or public communication with the community for a specified period of time. No public or private interaction with the people involved, including unsolicited interaction with those enforcing the Code of Conduct, is allowed during this period. Violating these terms may lead to a permanent ban.
            "},{"location":"governance/CODE_OF_CONDUCT/#4-permanent-ban","title":"4. Permanent Ban","text":"
            Community Impact: Demonstrating a pattern of violation of community standards, including sustained inappropriate behavior, harassment of an individual, or aggression toward or disparagement of classes of individuals.
             
            Consequence: A permanent ban from any sort of public interaction within the community.
            "},{"location":"governance/CODE_OF_CONDUCT/#attribution","title":"Attribution","text":"
            This Code of Conduct is adapted from the Contributor Covenant, version 2.1, available at https://www.contributor-covenant.org/version/2/1/code_of_conduct.html.
             
            Community Impact Guidelines were inspired by Mozilla's code of conduct enforcement ladder.
             
            For answers to common questions about this code of conduct, see the FAQ at https://www.contributor-covenant.org/faq. Translations are available at https://www.contributor-covenant.org/translations.
            "},{"location":"governance/CONTRIBUTING/","title":"Contributing Guide","text":"
               
            • Ways to Contribute
              •  
            • Find an Issue
              •  
            • Ask for Help
              •  
            • Pull Request Lifecycle
              •  
            • Development Environment Setup
              •  
            • Signoff Your Commits
              •  
            • Pull Request Checklist
              •  
             
            Welcome! We are glad that you want to contribute to our project! \ud83d\udc96
             
            As you get started, you are in the best position to give us feedback on areas of our project that we need help with including:
             
               
            • Problems found during setting up a new developer environment
              •  
            • Gaps in our Quickstart Guide or documentation
              •  
            • Bugs in our automation scripts
              •  
             
            If anything doesn't make sense, or doesn't work when you run it, please open a bug report and let us know!
            "},{"location":"governance/CONTRIBUTING/#ways-to-contribute","title":"Ways to Contribute","text":"
            We welcome many different types of contributions including:
             
               
            • New features
              •  
            • Builds, CI/CD
              •  
            • Bug fixes
              •  
            • Documentation
              •  
            • Issue Triage
              •  
            • Answering questions on Slack/Mailing List
              •  
            • Web design
              •  
            • Communications / Social Media / Blog Posts
              •  
            • Release management
              •  
             
            Not everything happens through a GitHub pull request. Please come to our meetings or contact us and let's discuss how we can work together.
            "},{"location":"governance/CONTRIBUTING/#come-to-meetings","title":"Come to Meetings","text":"
            Absolutely everyone is welcome to come to any of our meetings. You never need an invite to join us. In fact, we want you to join us, even if you don\u2019t have anything you feel like you want to contribute. Just being there is enough!
             
            You can find out more about our meetings here. You don\u2019t have to turn on your video. The first time you come, introducing yourself is more than enough. Over time, we hope that you feel comfortable voicing your opinions, giving feedback on others\u2019 ideas, and even sharing your own ideas, and experiences.
            "},{"location":"governance/CONTRIBUTING/#find-an-issue","title":"Find an Issue","text":"
            We have good first issues for new contributors and help wanted issues suitable for any contributor. good first issue has extra information to help you make your first contribution. help wanted are issues suitable for someone who isn't a core maintainer and is good to move onto after your first pull request.
             
            Sometimes there won\u2019t be any issues with these labels. That\u2019s ok! There is likely still something for you to work on. If you want to contribute but you don\u2019t know where to start or can't find a suitable issue, you can reach out to us on Slack and we will be happy to help.
             
            Once you see an issue that you'd like to work on, please post a comment saying that you want to work on it. Something like \"I want to work on this\" is fine.
            "},{"location":"governance/CONTRIBUTING/#ask-for-help","title":"Ask for Help","text":"
            The best way to reach us with a question when contributing is to ask on:
             
               
            • The original github issue
              •  
            • Our Slack channel
              •  
            "},{"location":"governance/CONTRIBUTING/#pull-request-lifecycle","title":"Pull Request Lifecycle","text":"
            Pull requests are managed by Mergify.
             
            Our process is currently as follows:
             
               
            1. When you open a PR a maintainer will automatically be assigned for review
              2.  
            2. Make sure that your PR is passing CI - if you need help with failing checks please feel free to ask!
              3.  
            3. Once it is passing all CI checks, a maintainer will review your PR and you may be asked to make changes.
              4.  
            4. When you have received at least one approval from a maintainer, your PR will be merged automatically.
              5.  
             
            In some cases, other changes may conflict with your PR. If this happens, you will get notified by a comment in the issue that your PR requires a rebase, and the needs-rebase label will be applied. Once a rebase has been performed, this label will be automatically removed.
            "},{"location":"governance/CONTRIBUTING/#development-environment-setup","title":"Development Environment Setup","text":"
            See Setup and Building bpfman
            "},{"location":"governance/CONTRIBUTING/#signoff-your-commits","title":"Signoff Your Commits","text":""},{"location":"governance/CONTRIBUTING/#dco","title":"DCO","text":"
            Licensing is important to open source projects. It provides some assurances that the software will continue to be available based under the terms that the author(s) desired. We require that contributors sign off on commits submitted to our project's repositories. The Developer Certificate of Origin (DCO) is a way to certify that you wrote and have the right to contribute the code you are submitting to the project.
             
            You sign-off by adding the following to your commit messages. Your sign-off must match the git user and email associated with the commit.
             
            This is my commit message\n\nSigned-off-by: Your Name <your.name@example.com>\n
             
            Git has a -s command line option to do this automatically:
             
            git commit -s -m 'This is my commit message'\n
             
            If you forgot to do this and have not yet pushed your changes to the remote repository, you can amend your commit with the sign-off by running
             
            git commit --amend -s\n
            "},{"location":"governance/CONTRIBUTING/#logical-grouping-of-commits","title":"Logical Grouping of Commits","text":"
            It is a recommended best practice to keep your changes as logically grouped as possible within individual commits. If while you're developing you prefer doing a number of commits that are \"checkpoints\" and don't represent a single logical change, please squash those together before asking for a review. When addressing review comments, please perform an interactive rebase and edit commits directly rather than adding new commits with messages like \"Fix review comments\".
            "},{"location":"governance/CONTRIBUTING/#commit-message-guidelines","title":"Commit message guidelines","text":"
            A good commit message should describe what changed and why.
             
               
            1.  
              The first line should:
               
              2.  
            2.  
              contain a short description of the change (preferably 50 characters or less,     and no more than 72 characters)
               
              3.  
            3. be entirely in lowercase with the exception of proper nouns, acronyms, and     the words that refer to code, like function/variable names
              4.  
            4. be prefixed with the name of the sub crate being changed
              5.  
             
            Examples:
             
               
            • bpfman: validate program section names
              •  
            •  
              bpf: add dispatcher program test slot
               
              •  
            •  
              Keep the second line blank.
               
              •  
            • Wrap all other lines at 72 columns (except for long URLs).
              •  
            • If your patch fixes an open issue, you can add a reference to it at the end    of the log. Use the Fixes: # prefix and the issue number. For other    references use Refs: #. Refs may include multiple issues, separated by a    comma.
              •  
             
            Examples:
             
               
            • Fixes: #1337
              •  
            • Refs: #1234
              •  
             
            Sample complete commit message:
             
            subcrate: explain the commit in one line\n\nBody of commit message is a few lines of text, explaining things\nin more detail, possibly giving some background about the issue\nbeing fixed, etc.\n\nThe body of the commit message can be several paragraphs, and\nplease do proper word-wrap and keep columns shorter than about\n72 characters or so. That way, `git log` will show things\nnicely even when it is indented.\n\nFixes: #1337\nRefs: #453, #154\n
            "},{"location":"governance/CONTRIBUTING/#pull-request-checklist","title":"Pull Request Checklist","text":"
            When you submit your pull request, or you push new commits to it, our automated systems will run some checks on your new code. We require that your pull request passes these checks, but we also have more criteria than just that before we can accept and merge it. We recommend that you check the following things locally before you submit your code:
             
               
            • Verify that Rust code has been formatted and that all clippy lints have been fixed:
              •  
            • Verify that Go code has been formatted and linted
              •  
            • Verify that Yaml files have been formatted (see   Install Yaml Formatter)
              •  
            •  
              Verify that Bash scripts have been linted using shellcheck
               
              cd bpfman/\ncargo xtask lint\n
               
              •  
            •  
              Verify that unit tests are passing locally (see   Unit Testing):
               
              cd bpfman/\ncargo xtask unit-test\n
               
              •  
            •  
              Verify any changes to the bpfman API have been \"blessed\".   After running the below command, any changes to any of the files in   bpfman/xtask/public-api/*.txt indicate changes to the bpfman API.   Verify that these changes were intentional.   CI uses the latest nightly Rust toolchain, so make sure the public-apis   are verified against latest.
               
              cd bpfman/\nrustup update nightly\ncargo +nightly xtask public-api --bless\n
               
              •  
            •  
              Verify that integration tests are passing locally (see   Basic Integration Tests):
               
              cd bpfman/\ncargo xtask integration-test\n
               
              •  
            •  
              If developing the bpfman-operator, verify that bpfman-operator unit and integration tests   are passing locally:
               
              See Kubernetes Operator Tests.
               
              •  
            "},{"location":"governance/GOVERNANCE/","title":"bpfman Project Governance","text":"
            The bpfman project is dedicated to creating an easy way to run eBPF programs on a single host and in clusters. This governance explains how the project is run.
             
               
            • Values
              •  
            • Maintainers
              •  
            • Becoming a Maintainer
              •  
            • Meetings
              •  
            • Code of Conduct Enforcement
              •  
            • Security Response Team
              •  
            • Voting
              •  
            • Modifications
              •  
            "},{"location":"governance/GOVERNANCE/#values","title":"Values","text":"
            The bpfman project and its leadership embrace the following values:
             
               
            •  
              Openness: Communication and decision-making happens in the open and is discoverable for future   reference. As much as possible, all discussions and work take place in public   forums and open repositories.
               
              •  
            •  
              Fairness: All stakeholders have the opportunity to provide feedback and submit   contributions, which will be considered on their merits.
               
              •  
            •  
              Community over Product or Company: Sustaining and growing our community takes   priority over shipping code or sponsors' organizational goals.  Each   contributor participates in the project as an individual.
               
              •  
            •  
              Inclusivity: We innovate through different perspectives and skill sets, which   can only be accomplished in a welcoming and respectful environment.
               
              •  
            •  
              Participation: Responsibilities within the project are earned through   participation, and there is a clear path up the contributor ladder into leadership   positions.
               
              •  
            "},{"location":"governance/GOVERNANCE/#maintainers","title":"Maintainers","text":"
            bpfman Maintainers have write access to the project GitHub repository. They can merge their patches or patches from others. The list of current maintainers can be found at MAINTAINERS.md.  Maintainers collectively manage the project's resources and contributors.
             
            This privilege is granted with some expectation of responsibility: maintainers are people who care about the bpfman project and want to help it grow and improve. A maintainer is not just someone who can make changes, but someone who has demonstrated their ability to collaborate with the team, get the most knowledgeable people to review code and docs, contribute high-quality code, and follow through to fix issues (in code or tests).
             
            A maintainer is a contributor to the project's success and a citizen helping the project succeed.
             
            The collective team of all Maintainers is known as the Maintainer Council, which is the governing body for the project.
            "},{"location":"governance/GOVERNANCE/#becoming-a-maintainer","title":"Becoming a Maintainer","text":"
            To become a Maintainer you need to demonstrate the following:
             
               
            • commitment to the project:
              •  
            • participate in discussions, contributions, code and documentation reviews, for 6 months or more,
              •  
            • perform reviews for 10 non-trivial pull requests,
              •  
            • contribute 10 non-trivial pull requests and have them merged,
              •  
            • ability to write quality code and/or documentation,
              •  
            • ability to collaborate with the team,
              •  
            • understanding of how the team works (policies, processes for testing and code review, etc),
              •  
            • understanding of the project's code base and coding and documentation style.
              •  
             
            A new Maintainer must be proposed by an existing maintainer by opening a Pull Request on GitHub to update the MAINTAINERS.md file. A simple majority vote of existing Maintainers approves the application. Maintainer nominations will be evaluated without prejudice to employers or demographics.
             
            Maintainers who are selected will be granted the necessary GitHub rights.
            "},{"location":"governance/GOVERNANCE/#removing-a-maintainer","title":"Removing a Maintainer","text":"
            Maintainers may resign at any time if they feel that they will not be able to continue fulfilling their project duties.
             
            Maintainers may also be removed after being inactive, failing to fulfill their Maintainer responsibilities, violating the Code of Conduct, or for other reasons. Inactivity is defined as a period of very low or no activity in the project for a year or more, with no definite schedule to return to full Maintainer activity.
             
            A Maintainer may be removed at any time by a 2/3 vote of the remaining maintainers.
             
            Depending on the reason for removal, a Maintainer may be converted to Emeritus status. Emeritus Maintainers will still be consulted on some project matters and can be rapidly returned to Maintainer status if their availability changes.
            "},{"location":"governance/GOVERNANCE/#meetings","title":"Meetings","text":"
            Time zones permitting, Maintainers are expected to participate in the public developer meeting, detailed in the meetings document.
             
            Maintainers will also have closed meetings to discuss security reports or Code of Conduct violations. Such meetings should be scheduled by any Maintainer on receipt of a security issue or CoC report. All current Maintainers must be invited to such closed meetings, except for any Maintainer who is accused of a CoC violation.
            "},{"location":"governance/GOVERNANCE/#code-of-conduct","title":"Code of Conduct","text":"
            Code of Conduct violations by community members will be discussed and resolved on the private maintainer Slack channel.
            "},{"location":"governance/GOVERNANCE/#security-response-team","title":"Security Response Team","text":"
            The Maintainers will appoint a Security Response Team to handle security reports. This committee may simply consist of the Maintainer Council themselves.  If this responsibility is delegated, the Maintainers will appoint a team of at least two contributors to handle it.  The Maintainers will review who is assigned to this at least once a year.
             
            The Security Response Team is responsible for handling all reports of security holes and breaches according to the security policy.
            "},{"location":"governance/GOVERNANCE/#voting","title":"Voting","text":"
            While most business in bpfman is conducted by \"lazy consensus\", periodically the Maintainers may need to vote on specific actions or changes. A vote can be taken on the private developer slack channel for security or conduct matters. Votes may also be taken at the developer meeting.  Any Maintainer may demand a vote be taken.
             
            Most votes require a simple majority of all Maintainers to succeed, except where otherwise noted.  Two-thirds majority votes mean at least two-thirds of all existing maintainers.
            "},{"location":"governance/GOVERNANCE/#modifying-this-charter","title":"Modifying this Charter","text":"
            Changes to this Governance and its supporting documents may be approved by a 2/3 vote of the Maintainers.
            "},{"location":"governance/MAINTAINERS/","title":"Maintainers","text":"
            See CONTRIBUTING.md for general contribution guidelines. See GOVERNANCE.md for governance guidelines and maintainer responsibilities. See CODEOWNERS for a detailed list of owners for the various source directories.
             Name Employer Responsibilities Dave Tucker Red Hat Catch all Andrew Stoycos Red Hat bpfman-operator, bpfman-agent Andre Fredette Red Hat All things tc-bpf Billy McFall Red Hat All things systemd"},{"location":"governance/MEETINGS/","title":"bpfman Community Meetings","text":""},{"location":"governance/MEETINGS/#meeting-time","title":"Meeting time","text":"
            We meet every Thursday at 10:00 AM Eastern Time. The meetings last up to 1 hour.
            "},{"location":"governance/MEETINGS/#meeting-location","title":"Meeting location","text":"
            Video call link: https://meet.google.com/ggz-zkmp-pxx Or dial: (US) +1 98ttp4-221-0859 PIN: 613 588 790# More phone numbers: https://tel.meet/ggz-zkmp-pxx?pin=3270510926446
            "},{"location":"governance/MEETINGS/#meeting-agenda-and-minutes","title":"Meeting agenda and minutes","text":"
            Meeting agenda
            "},{"location":"governance/REVIEWING/","title":"Reviewing Guide","text":"
            This document covers who may review pull requests for this project, and guides how to perform code reviews that meet our community standards and code of conduct. All reviewers must read this document and agree to follow the project review guidelines. Reviewers who do not follow these guidelines may have their privileges revoked.
            "},{"location":"governance/REVIEWING/#the-reviewer-role","title":"The Reviewer Role","text":"
            Only maintainers are REQUIRED to review pull requests. Other contributors may opt to review pull requests, but any LGTM from a non-maintainer won't count towards the required number of Approved Reviews in the Mergify policy.
            "},{"location":"governance/REVIEWING/#values","title":"Values","text":"
            All reviewers must abide by the Code of Conduct and are also protected by it. A reviewer should not tolerate poor behavior and is encouraged to report any behavior that violates the Code of Conduct. All of our values listed above are distilled from our Code of Conduct.
             
            Below are concrete examples of how it applies to code review specifically:
            "},{"location":"governance/REVIEWING/#inclusion","title":"Inclusion","text":"
            Be welcoming and inclusive. You should proactively ensure that the author is successful. While any particular pull request may not ultimately be merged, overall we want people to have a great experience and be willing to contribute again. Answer the questions they didn't know to ask or offer concrete help when they appear stuck.
            "},{"location":"governance/REVIEWING/#sustainability","title":"Sustainability","text":"
            Avoid burnout by enforcing healthy boundaries. Here are some examples of how a reviewer is encouraged to act to take care of themselves:
             
               
            • Authors should meet baseline expectations when submitting a pull request, such as writing tests.
              •  
            • If your availability changes, you can step down from a pull request and have someone else assigned.
              •  
            • If interactions with an author are not following the code of conduct, close the PR and raise it with your Code of Conduct committee or point of contact. It's not your job to coax people into behaving.
              •  
            "},{"location":"governance/REVIEWING/#trust","title":"Trust","text":"
            Be trustworthy. During a review, your actions both build and help maintain the trust that the community has placed in this project. Below are examples of ways that we build trust:
             
               
            • Transparency - If a pull request won't be merged, clearly say why and close it. If a pull request won't be reviewed for a while, let the author know so they can set expectations and understand why it's blocked.
              •  
            • Integrity - Put the project's best interests ahead of personal relationships or company affiliations when deciding if a change should be merged.
              •  
            • Stability - Only merge when the change won't negatively impact project stability. It can be tempting to merge a pull request that doesn't meet our quality standards, for example when the review has been delayed, or because we are trying to deliver new features quickly, but regressions can significantly hurt trust in our project.
              •  
            "},{"location":"governance/REVIEWING/#process","title":"Process","text":"
               
            • Reviewers are automatically assigned based on the CODEOWNERS file.
              •  
            • Reviewers should wait for automated checks to pass before reviewing
              •  
            • At least 1 approved review is required from a maintainer before a pull request can be merged
              •  
            • All CI checks must pass
              •  
            • If a PR is stuck for some reason it is down to the reviewer to determine the best course of action:
              •  
            • PRs may be closed if they are no longer relevant
              •  
            • A maintainer may choose to carry a PR forward on their own, but they should ALWAYS include the original author's commits
              •  
            • A maintainer may choose to open additional PRs to help lay a foundation on which the stuck PR can be unstuck. They may either rebase the stuck PR themselves or leave this to the author
              •  
            • Maintainers should not merge their pull requests without a review
              •  
            • Maintainers should let the Mergify bot merge PRs and not merge PRs directly
              •  
            • In times of need, i.e. to fix pressing security issues, the Maintainers may, at their discretion, merge PRs without review. They should at least add a comment to the PR explaining why they did so.
              •  
            "},{"location":"governance/REVIEWING/#checklist","title":"Checklist","text":"
            Below are a set of common questions that apply to all pull requests:
             
               
            • [ ] Is this PR targeting the correct branch?
              •  
            • [ ] Does the commit message provide an adequate description of the change?
              •  
            • [ ] Does the affected code have corresponding tests?
              •  
            • [ ] Are the changes documented, not just with inline documentation, but also with conceptual documentation such as an overview of a new feature, or task-based documentation like a tutorial? Consider if this change should be announced on your project blog.
              •  
            • [ ] Does this introduce breaking changes that would require an announcement or bumping of the major version?
              •  
            • [ ] Does this PR introduce any new dependencies?
              •  
            "},{"location":"governance/REVIEWING/#reading-list","title":"Reading List","text":"
            Reviewers are encouraged to read the following articles for help with common reviewer tasks:
             
               
            • The Art of Closing: How to close an unfinished or rejected pull request
              •  
            • Kindness and Code Reviews: Improving the Way We Give Feedback
              •  
            • Code Review Guidelines for Humans: Examples of good and back feedback
              •  
            "},{"location":"governance/SECURITY/","title":"Security Policy","text":""},{"location":"governance/SECURITY/#supported-versions","title":"Supported Versions","text":"
            No released versions of bpfman and bpfman-agent or bpfman-operator will receive regular security updates until a mainline release has been performed. A reported and fixed vulnerability will be included in the next minor release, which depending on the severity of the vulnerability may be immediate.
            "},{"location":"governance/SECURITY/#reporting-a-vulnerability","title":"Reporting a Vulnerability","text":"
            To report a vulnerability, please use the Private Vulnerability Reporting Feature on GitHub. We will endevour to respond within 48hrs of reporting. If a vulnerability is reported but considered low priority it may be converted into an issue and handled on the public issue tracker. Should a vulnerability be considered severe we will endeavour to patch it within 48hrs of acceptance, and may ask for you to collaborate with us on a temporary private fork of the repository.
            "},{"location":"blog/archive/2024/","title":"2024","text":""},{"location":"blog/archive/2023/","title":"2023","text":""},{"location":"blog/category/community-meeting/","title":"Community Meeting","text":""},{"location":"blog/category/2024/","title":"2024","text":""}]}
\ No newline at end of file
diff --git a/main/sitemap.xml.gz b/main/sitemap.xml.gz
index 563c0058352879d7682a6f5723e2928558baf222..19b2c1e8c22f0c213ac0a1e78f3f749690269147 100644
GIT binary patch
delta 13
Ucmb=gXP58h;JCI+Y$AIF03L}1b^rhX

delta 13
Ucmb=gXP58h;Lx{bnaExN02kZ?J^%m!